From a1796c2f147e6a3d395e015600b51b67136292eb Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 30 Apr 2020 16:15:20 -0600 Subject: [PATCH 0001/1498] caddytls: Adjust DNS challenge structure; clarify some docs --- caddyconfig/httpcaddyfile/builtins.go | 3 ++- caddyconfig/httpcaddyfile/tlsapp.go | 4 ++- modules/caddytls/acmeissuer.go | 10 ++++--- modules/caddytls/automation.go | 39 ++++++++++++++++++++------- 4 files changed, 41 insertions(+), 15 deletions(-) diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index 1efe5acc..8137ce2a 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -211,12 +211,13 @@ func parseTLS(h Helper) ([]ConfigValue, error) { provName := h.Val() if acmeIssuer.Challenges == nil { acmeIssuer.Challenges = new(caddytls.ChallengesConfig) + acmeIssuer.Challenges.DNS = new(caddytls.DNSChallengeConfig) } dnsProvModule, err := caddy.GetModule("tls.dns." + provName) if err != nil { return nil, h.Errf("getting DNS provider module named '%s': %v", provName, err) } - acmeIssuer.Challenges.DNSRaw = caddyconfig.JSONModuleObject(dnsProvModule.New(), "provider", provName, h.warnings) + acmeIssuer.Challenges.DNS.ProviderRaw = caddyconfig.JSONModuleObject(dnsProvModule.New(), "name", provName, h.warnings) case "ca_root": arg := h.RemainingArgs() diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index f66fcae7..88c12607 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -388,7 +388,9 @@ func newBaseAutomationPolicy(options map[string]interface{}, warnings []caddycon return nil, fmt.Errorf("getting DNS provider module named '%s': %v", provName, err) } mgr.Challenges = &caddytls.ChallengesConfig{ - DNSRaw: caddyconfig.JSONModuleObject(dnsProvModule.New(), "provider", provName, &warnings), + DNS: &caddytls.DNSChallengeConfig{ + ProviderRaw: caddyconfig.JSONModuleObject(dnsProvModule.New(), "name", provName, &warnings), + }, } } if acmeCARoot != nil { diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go index 854e6d50..7296d28f 100644 --- a/modules/caddytls/acmeissuer.go +++ b/modules/caddytls/acmeissuer.go @@ -86,8 +86,8 @@ func (ACMEIssuer) CaddyModule() caddy.ModuleInfo { // Provision sets up m. func (m *ACMEIssuer) Provision(ctx caddy.Context) error { // DNS providers - if m.Challenges != nil && m.Challenges.DNSRaw != nil { - val, err := ctx.LoadModule(m.Challenges, "DNSRaw") + if m.Challenges != nil && m.Challenges.DNS != nil && m.Challenges.DNS.ProviderRaw != nil { + val, err := ctx.LoadModule(m.Challenges.DNS, "ProviderRaw") if err != nil { return fmt.Errorf("loading DNS provider module: %v", err) } @@ -95,7 +95,7 @@ func (m *ACMEIssuer) Provision(ctx caddy.Context) error { if err != nil { return fmt.Errorf("making DNS provider: %v", err) } - m.Challenges.DNS = prov + m.Challenges.DNS.provider = prov } // add any custom CAs to trust store @@ -152,7 +152,9 @@ func (m *ACMEIssuer) makeIssuerTemplate() (certmagic.ACMEManager, error) { template.DisableTLSALPNChallenge = m.Challenges.TLSALPN.Disabled template.AltTLSALPNPort = m.Challenges.TLSALPN.AlternatePort } - template.DNSProvider = m.Challenges.DNS + if m.Challenges.DNS != nil { + template.DNSProvider = m.Challenges.DNS.provider + } template.ListenHost = m.Challenges.BindHost } diff --git a/modules/caddytls/automation.go b/modules/caddytls/automation.go index df76fd92..5d96c4f8 100644 --- a/modules/caddytls/automation.go +++ b/modules/caddytls/automation.go @@ -35,8 +35,15 @@ type AutomationConfig struct { // On-Demand TLS defers certificate operations to the // moment they are needed, e.g. during a TLS handshake. - // Useful when you don't know all the hostnames up front. - // Caddy was the first web server to deploy this technology. + // Useful when you don't know all the hostnames at + // config-time, or when you are not in control of the + // domain names you are managing certificates for. + // In 2015, Caddy became the first web server to + // implement this experimental technology. + // + // Note that this field does not enable on-demand TLS, + // it only configures it for when it is used. To enable + // it, create an automation policy with `on_demand`. OnDemand *OnDemandConfig `json:"on_demand,omitempty"` // Caddy staples OCSP (and caches the response) for all @@ -239,13 +246,14 @@ type ChallengesConfig struct { // not enabled by default. This is the only challenge // type which does not require a direct connection // to Caddy from an external server. - DNSRaw json.RawMessage `json:"dns,omitempty" caddy:"namespace=tls.dns inline_key=provider"` + // NOTE: DNS providers are currently being upgraded, + // and this API is subject to change, but should be + // stabilized soon. + DNS *DNSChallengeConfig `json:"dns,omitempty"` // Optionally customize the host to which a listener // is bound if required for solving a challenge. BindHost string `json:"bind_host,omitempty"` - - DNS challenge.Provider `json:"-"` } // HTTPChallengeConfig configures the ACME HTTP challenge. @@ -274,12 +282,25 @@ type TLSALPNChallengeConfig struct { AlternatePort int `json:"alternate_port,omitempty"` } +// DNSChallengeConfig configures the ACME DNS challenge. +// NOTE: This API is still experimental and is subject to change. +type DNSChallengeConfig struct { + // The DNS provider module to use which will manage + // the DNS records relevant to the ACME challenge. + ProviderRaw json.RawMessage `json:"provider,omitempty" caddy:"namespace=tls.dns inline_key=name"` + + // The TTL of the TXT record used for the DNS challenge. + TTL caddy.Duration `json:"ttl,omitempty"` + + provider challenge.Provider +} + // OnDemandConfig configures on-demand TLS, for obtaining // needed certificates at handshake-time. Because this -// feature can easily be abused, you should set up rate -// limits and/or an internal endpoint that Caddy can -// "ask" if it should be allowed to manage certificates -// for a given hostname. +// feature can easily be abused, you should use this to +// establish rate limits and/or an internal endpoint that +// Caddy can "ask" if it should be allowed to manage +// certificates for a given hostname. type OnDemandConfig struct { // An optional rate limit to throttle the // issuance of certificates from handshakes. From 1fa8c185a893381c06960142d35a557787f61bdc Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 30 Apr 2020 18:17:39 -0600 Subject: [PATCH 0002/1498] go.mod: Remove DNSProviderMaker interface; update to lego 3.6 --- go.mod | 2 +- go.sum | 69 +++++++++++++++++++++++++++++++++- modules/caddytls/acmeissuer.go | 12 +----- 3 files changed, 69 insertions(+), 14 deletions(-) diff --git a/go.mod b/go.mod index f7d7af5f..a005267a 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( github.com/caddyserver/certmagic v0.10.12 github.com/cenkalti/backoff/v4 v4.0.2 // indirect github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac - github.com/go-acme/lego/v3 v3.5.0 + github.com/go-acme/lego/v3 v3.6.0 github.com/gogo/protobuf v1.3.1 github.com/google/cel-go v0.4.1 github.com/imdario/mergo v0.3.9 // indirect diff --git a/go.sum b/go.sum index bd5e30c6..8bc9d3eb 100644 --- a/go.sum +++ b/go.sum @@ -25,6 +25,7 @@ cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIA cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= +contrib.go.opencensus.io/exporter/ocagent v0.4.12 h1:jGFvw3l57ViIVEPKKEUXPcLYIXJmQxLUh6ey1eJhwyc= contrib.go.opencensus.io/exporter/ocagent v0.4.12/go.mod h1:450APlNTSR6FrvC3CTRqYosuDstRB9un7SOx2k/9ckA= contrib.go.opencensus.io/exporter/stackdriver v0.12.1/go.mod h1:iwB6wGarfphGGe/e5CWqyUk/cLzKnWsOKPVW3no6OTw= contrib.go.opencensus.io/resource v0.1.1/go.mod h1:F361eGI91LCmW1I/Saf+rX0+OFcigGlFvXwEGEnkRLA= @@ -36,18 +37,29 @@ dmitri.shuralyov.com/state v0.0.0-20180228185332-28bcc343414c/go.mod h1:0PRwlb0D git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg= github.com/AndreasBriese/bbloom v0.0.0-20190306092124-e2d15f34fcf9 h1:HD8gA2tkByhMAwYaFAX9w2l7vxvBQ5NMoxDrkhqhtn4= github.com/AndreasBriese/bbloom v0.0.0-20190306092124-e2d15f34fcf9/go.mod h1:bOvUY6CB00SOBii9/FifXqc0awNKxLFCL/+pkDPuyl8= +github.com/Azure/azure-sdk-for-go v32.4.0+incompatible h1:1JP8SKfroEakYiQU2ZyPDosh8w2Tg9UopKt88VyQPt4= github.com/Azure/azure-sdk-for-go v32.4.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/go-autorest/autorest v0.1.0/go.mod h1:AKyIcETwSUFxIcs/Wnq/C+kwCtlEYGUVd7FPNb2slmg= +github.com/Azure/go-autorest/autorest v0.5.0 h1:Mlm9qy2fpQ9MvfyI41G2Zf5B4CsgjjNbLOWszfK6KrY= github.com/Azure/go-autorest/autorest v0.5.0/go.mod h1:9HLKlQjVBH6U3oDfsXOeVc56THsLPw1L03yban4xThw= github.com/Azure/go-autorest/autorest/adal v0.1.0/go.mod h1:MeS4XhScH55IST095THyTxElntu7WqB7pNbZo8Q5G3E= +github.com/Azure/go-autorest/autorest/adal v0.2.0 h1:7IBDu1jgh+ADHXnEYExkV9RE/ztOOlxdACkkPRthGKw= github.com/Azure/go-autorest/autorest/adal v0.2.0/go.mod h1:MeS4XhScH55IST095THyTxElntu7WqB7pNbZo8Q5G3E= +github.com/Azure/go-autorest/autorest/azure/auth v0.1.0 h1:YgO/vSnJEc76NLw2ecIXvXa8bDWiqf1pOJzARAoZsYU= github.com/Azure/go-autorest/autorest/azure/auth v0.1.0/go.mod h1:Gf7/i2FUpyb/sGBLIFxTBzrNzBo7aPXXE3ZVeDRwdpM= +github.com/Azure/go-autorest/autorest/azure/cli v0.1.0 h1:YTtBrcb6mhA+PoSW8WxFDoIIyjp13XqJeX80ssQtri4= github.com/Azure/go-autorest/autorest/azure/cli v0.1.0/go.mod h1:Dk8CUAt/b/PzkfeRsWzVG9Yj3ps8mS8ECztu43rdU8U= +github.com/Azure/go-autorest/autorest/date v0.1.0 h1:YGrhWfrgtFs84+h0o46rJrlmsZtyZRg470CqAXTZaGM= github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA= +github.com/Azure/go-autorest/autorest/mocks v0.1.0 h1:Kx+AUU2Te+A3JIyYn6Dfs+cFgx5XorQKuIXrZGoq/SI= github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0= +github.com/Azure/go-autorest/autorest/to v0.2.0 h1:nQOZzFCudTh+TvquAtCRjM01VEYx85e9qbwt5ncW4L8= github.com/Azure/go-autorest/autorest/to v0.2.0/go.mod h1:GunWKJp1AEqgMaGLV+iocmRAJWqST1wQYhyyjXJ3SJc= +github.com/Azure/go-autorest/autorest/validation v0.1.0 h1:ISSNzGUh+ZSzizJWOWzs8bwpXIePbGLW4z/AmUFGH5A= github.com/Azure/go-autorest/autorest/validation v0.1.0/go.mod h1:Ha3z/SqBeaalWQvokg3NZAlQTalVMtOIAs1aGK7G6u8= +github.com/Azure/go-autorest/logger v0.1.0 h1:ruG4BSDXONFRrZZJ2GUXDiUyVpayPmb1GnWeHDdaNKY= github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc= +github.com/Azure/go-autorest/tracing v0.1.0 h1:TRBxC5Pj/fIuh4Qob0ZpkggbfT8RC0SubHbpV3p4/Vc= github.com/Azure/go-autorest/tracing v0.1.0/go.mod h1:ROEEAFwXycQw7Sn3DXNtEedEvdeRAgDr0izn4z5Ij88= github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= @@ -70,6 +82,7 @@ github.com/Masterminds/sprig/v3 v3.0.2/go.mod h1:oesJ8kPONMONaZgtiHNzUShJbksypC5 github.com/Masterminds/vcs v1.13.0/go.mod h1:N09YCmOQr6RLxC6UNHzuVwAdodYbbnycGHSmwVJjcKA= github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= +github.com/OpenDNS/vegadns2client v0.0.0-20180418235048-a3fa4a771d87 h1:xPMsUicZ3iosVPSIP7bW5EcGUzjiiMl1OYTe14y/R24= github.com/OpenDNS/vegadns2client v0.0.0-20180418235048-a3fa4a771d87/go.mod h1:iGLljf5n9GjT6kc0HBvyI1nOKnGQbNB66VzSNbK5iks= github.com/OpenPeeDeeP/depguard v1.0.0/go.mod h1:7/4sitnI9YlQgTLLk734QlzXT8DuHVnAyztLplQjk+o= github.com/OpenPeeDeeP/depguard v1.0.1/go.mod h1:xsIw86fROiiwelg+jB2uM9PiKihMMmUx/1V+TNhjQvM= @@ -78,6 +91,7 @@ github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMx github.com/StackExchange/wmi v0.0.0-20180116203802-5d049714c4a6/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg= github.com/ThomasRooney/gexpect v0.0.0-20161231170123-5482f0350944/go.mod h1:sPML5WwI6oxLRLPuuqbtoOKhtmpVDCYtwsps+I+vjIY= github.com/akamai/AkamaiOPEN-edgegrid-golang v0.9.0/go.mod h1:zpDJeKyp9ScW4NNrbdr+Eyxvry3ilGPewKoXw3XGN1k= +github.com/akamai/AkamaiOPEN-edgegrid-golang v0.9.8 h1:6rJvj+NXjjauunLeS7uGy891F1cuAwsWKa9iGzTjz1s= github.com/akamai/AkamaiOPEN-edgegrid-golang v0.9.8/go.mod h1:aVvklgKsPENRkl29bNwrHISa1F+YLGTHArMxZMBqWM8= github.com/akavel/rsrc v0.8.0/go.mod h1:uLoCtb9J+EyAqh+26kdrTgmzRBFPGOolLWKpdxkKq+c= github.com/alangpierce/go-forceexport v0.0.0-20160317203124-8f1d6941cd75 h1:3ILjVyslFbc4jl1w5TWuvvslFD/nDfR2H8tVaMVLrEY= @@ -101,6 +115,8 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/aliyun/alibaba-cloud-sdk-go v0.0.0-20190808125512-07798873deee h1:NYqDBPkhVYt68W3yoGoRRi32i3MLx2ey7SFkJ1v/UI0= github.com/aliyun/alibaba-cloud-sdk-go v0.0.0-20190808125512-07798873deee/go.mod h1:myCDvQSzCW+wB1WAlocEru4wMGJxy+vlxHdhegi1CDQ= +github.com/aliyun/alibaba-cloud-sdk-go v1.61.112 h1:E273ePcLllLIBGg5BHr3T0Fp1BJTvUyh5Y57ziSy81w= +github.com/aliyun/alibaba-cloud-sdk-go v1.61.112/go.mod h1:pUKYbK5JQ+1Dfxk80P0qxGqe5dkxDoabbZS7zOcouyA= github.com/aliyun/aliyun-oss-go-sdk v0.0.0-20190307165228-86c17b95fcd5/go.mod h1:T/Aws4fEfogEE9v+HPhhw+CntffsBHJ8nXQCwKr0/g8= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= @@ -112,6 +128,7 @@ github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a h1:pv34s756C4pEXnjg github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A= github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/aws/aws-sdk-go v1.19.18/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= +github.com/aws/aws-sdk-go v1.23.0 h1:ilfJN/vJtFo1XDFxB2YMBYGeOvGZl6Qow17oyD4+Z9A= github.com/aws/aws-sdk-go v1.23.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f/go.mod h1:AuiFmCCPBSrqvVMvuqFuk0qogytodnVFVSN5CeJB8Gc= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= @@ -129,6 +146,7 @@ github.com/cenkalti/backoff/v4 v4.0.0/go.mod h1:eEew/i+1Q6OrCDZh3WiXYv3+nJwBASZ8 github.com/cenkalti/backoff/v4 v4.0.2 h1:JIufpQLbh4DkbQoii76ItQIUFzevQSqOLZca4eamEDs= github.com/cenkalti/backoff/v4 v4.0.2/go.mod h1:eEew/i+1Q6OrCDZh3WiXYv3+nJwBASZ8Bog/87DQnVg= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= +github.com/census-instrumentation/opencensus-proto v0.2.1 h1:glEXhBS5PSLLv4IXzLA5yPRVX4bilULVyxxbrfOtDAk= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= @@ -159,6 +177,8 @@ github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7 github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/corpix/uarand v0.1.1/go.mod h1:SFKZvkcRoLqVRFZ4u25xPmp6m9ktANfbpXZ7SJ0/FNU= github.com/cpu/goacmedns v0.0.1/go.mod h1:sesf/pNnCYwUevQEQfEwY0Y3DydlQWSGZbaMElOWxok= +github.com/cpu/goacmedns v0.0.2 h1:hYAgjnPu7HogTgb8trqQouR/RrBgXq1TPBgmxbK9eRA= +github.com/cpu/goacmedns v0.0.2/go.mod h1:4MipLkI+qScwqtVxcNO6okBhbgRrr7/tKXUSgSL0teQ= github.com/cpuguy83/go-md2man v1.0.10 h1:BSKMNlYxDvnunlTymqtgONjNnaRV1sTpcovwwjF22jk= github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSYgptZMwQh2aRr3LuazLJIa+Pg3Kc1ylSYVY= @@ -174,16 +194,20 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/dgraph-io/badger v1.5.3 h1:5oWIuRvwn93cie+OSt1zSnkaIQ1JFQM8bGlIv6O6Sts= github.com/dgraph-io/badger v1.5.3/go.mod h1:VZxzAIRPHRVNRKRo6AXrX9BJegn6il06VMTZVJYCIjQ= +github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2 h1:tdlZCpZ/P9DhczCTSixgIKmwPv6+wP5DGjqLYw5SUiA= github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= +github.com/dimchansky/utfbom v1.1.0 h1:FcM3g+nofKgUteL8dm/UpdRXNC9KmADgTpLKsu0TRo4= github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8= github.com/dlclark/regexp2 v1.1.6 h1:CqB4MjHw0MFCDj+PHHjiESmHX+N7t0tJzKvC6M97BRg= github.com/dlclark/regexp2 v1.1.6/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc= github.com/dlclark/regexp2 v1.2.0 h1:8sAhBGEM0dRWogWqWyQeIJnxjWO6oIjl8FKqREDsGfk= github.com/dlclark/regexp2 v1.2.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc= +github.com/dnaeon/go-vcr v0.0.0-20180814043457-aafff18a5cc2 h1:G9/PqfhOrt8JXnw0DGTfVoOkKHDhOlEZqhE/cu+NvQM= github.com/dnaeon/go-vcr v0.0.0-20180814043457-aafff18a5cc2/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E= +github.com/dnsimple/dnsimple-go v0.30.0 h1:IBIrn9jMKRMwporIRwdFyKdnHXVmwy6obnguB+ZMDIY= github.com/dnsimple/dnsimple-go v0.30.0/go.mod h1:O5TJ0/U6r7AfT8niYNlmohpLbCSG+c71tQlGr9SeGrg= github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= @@ -194,10 +218,12 @@ github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1 github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= +github.com/exoscale/egoscale v0.18.1 h1:1FNZVk8jHUx0AvWhOZxLEDNlacTU0chMXUUNkm9EZaI= github.com/exoscale/egoscale v0.18.1/go.mod h1:Z7OOdzzTOz1Q1PjQXumlz9Wn/CddH0zSYdCF3rnBKXE= github.com/fatih/color v1.6.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.8.0/go.mod h1:3l45GVGkyrnYNl9HoIjnp2NnNWvh6hLAqD8yTfGjnw8= +github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo= github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/francoispqt/gojay v1.2.13 h1:d2m3sFjloqoIUQU3TsHBgj6qg/BVGlTBeHDUmyJnXKk= @@ -208,12 +234,13 @@ github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeME github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= github.com/go-acme/lego/v3 v3.4.0 h1:deB9NkelA+TfjGHVw8J7iKl/rMtffcGMWSMmptvMv0A= github.com/go-acme/lego/v3 v3.4.0/go.mod h1:xYbLDuxq3Hy4bMUT1t9JIuz6GWIWb3m5X+TeTHYaT7M= -github.com/go-acme/lego/v3 v3.5.0 h1:/0+NJQK+hNwRznhCi+19lbEa4xufhe7wJZOVd5j486s= -github.com/go-acme/lego/v3 v3.5.0/go.mod h1:TXodhTGOiWEqXDdgrzBoCtJ5R4L9lfOE68CTM0KGkT0= +github.com/go-acme/lego/v3 v3.6.0 h1:Rv0MrX3DpVp9Xg77yR7x+PCksLLph3Ut/69/9Kim8ac= +github.com/go-acme/lego/v3 v3.6.0/go.mod h1:sB/T7hfyz0HYIBvPmz/C8jIaxF6scbbiGKTzbQ22V6A= github.com/go-chi/chi v4.0.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= github.com/go-cmd/cmd v1.0.5/go.mod h1:y8q8qlK5wQibcw63djSl/ntiHUHXHGdCkPk0j4QeW4s= github.com/go-critic/go-critic v0.3.5-0.20190526074819-1df300866540/go.mod h1:+sE8vrLDS2M0pZkBk0wy6+nLdKexVDrl/jBqQOTDThA= github.com/go-critic/go-critic v0.4.0/go.mod h1:7/14rZGnZbY6E38VEGk2kVhoq6itzc1E68facVDK23g= +github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w= github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= @@ -243,6 +270,7 @@ github.com/go-toolsmith/strparse v1.0.0/go.mod h1:YI2nUKP9YGZnL/L1/DLFBfixrcjslW github.com/go-toolsmith/typep v1.0.0/go.mod h1:JSQCQMUPdRlMZFswiq3TGpNp1GMktqkR2Ns5AIQkATU= github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= github.com/gofrs/flock v0.0.0-20190320160742-5135e617513b/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU= +github.com/gofrs/uuid v3.2.0+incompatible h1:y12jRkkFxsd7GpqdSZ+/KCs/fJbqpEXSGd4+jfEaewE= github.com/gofrs/uuid v3.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= @@ -312,6 +340,7 @@ github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ= +github.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= @@ -334,7 +363,9 @@ github.com/googleapis/gax-go/v2 v2.0.3/go.mod h1:LLvjysVCY1JZeum8Z6l8qUty8fiNwE0 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5 h1:sjZBwGj9Jlw33ImPtvFviGYvseOtDM7hkSKB7+Tv3SM= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= +github.com/gophercloud/gophercloud v0.3.0 h1:6sjpKIpVwRIIwmcEGp+WwNovNsem+c+2vm6oxshRpL8= github.com/gophercloud/gophercloud v0.3.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8= +github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= github.com/gorilla/csrf v1.6.0/go.mod h1:7tSf8kmjNYr7IWDCYhd3U8Ck34iQ/Yw5CJu7bAkHEGI= @@ -355,7 +386,9 @@ github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgf github.com/grpc-ecosystem/grpc-gateway v1.5.0/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw= github.com/grpc-ecosystem/grpc-gateway v1.8.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= +github.com/grpc-ecosystem/grpc-gateway v1.12.1 h1:zCy2xE9ablevUOrUZc3Dl72Dt+ya2FNAvC2yLYMHzi4= github.com/grpc-ecosystem/grpc-gateway v1.12.1/go.mod h1:8XEsbTttt/W+VvjtQhLACqCisSPWTxCZ7sBRjU6iH9c= +github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542 h1:2VTzZjLZBgl62/EtslCrtky5vbi9dd7HrQPQIx6wqiw= github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542/go.mod h1:Ow0tF8D4Kplbc8s8sSb3V2oUCygFHVp8gC3Dn6U4MNI= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= @@ -368,6 +401,7 @@ github.com/huandu/xstrings v1.2.0 h1:yPeWdRnmynF7p+lLYz0H2tthW9lqhMJrQV/U7yy4wX0 github.com/huandu/xstrings v1.2.0/go.mod h1:DvyZB1rfVYsBIigL8HwpZgxHwXozlTgGqn63UyNX5k4= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/icrowley/fake v0.0.0-20180203215853-4178557ae428/go.mod h1:uhpZMVGznybq1itEKXj6RYw9I71qK4kH+OGMjRC4KEo= +github.com/iij/doapi v0.0.0-20190504054126-0bbf12d6d7df h1:MZf03xP9WdakyXhOWuAD5uPK3wHh96wCsqe3hCMKh8E= github.com/iij/doapi v0.0.0-20190504054126-0bbf12d6d7df/go.mod h1:QMZY7/J/KSQEhKWFeDesPjMj+wCHReeknARU3wqlyN4= github.com/imdario/mergo v0.3.7/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.9 h1:UauaLniWCFHWd+Jp9oCEkTBj8VO/9DKg3PV3VCNMDIg= @@ -388,6 +422,7 @@ github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/jsternberg/zap-logfmt v1.2.0 h1:1v+PK4/B48cy8cfQbxL4FmmNZrjnIMr2BsnyEmXqv2o= github.com/jsternberg/zap-logfmt v1.2.0/go.mod h1:kz+1CUmCutPWABnNkOu9hOHKdT2q3TDYCcsFy9hpqb0= +github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/juju/ansiterm v0.0.0-20180109212912-720a0952cc2a h1:FaWFmfWdAUKbSCtOU2QjDaorUexogfaMgbipgYATUMU= github.com/juju/ansiterm v0.0.0-20180109212912-720a0952cc2a/go.mod h1:UJSiEoRfvx3hP73CvoARgeLjaIOjybY9vj8PUPPFGeU= @@ -406,6 +441,7 @@ github.com/klauspost/cpuid v0.0.0-20180405133222-e7e905edc00e/go.mod h1:Pj4uuM52 github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/klauspost/cpuid v1.2.3 h1:CCtW0xUnWGVINKvE/WWOYKdsPV6mawAtvQuSl8guwQs= github.com/klauspost/cpuid v1.2.3/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= +github.com/kolo/xmlrpc v0.0.0-20190717152603-07c4ee3fd181 h1:TrxPzApUukas24OMMVDUMlCs1XCExJtnGaDEiIAR4oQ= github.com/kolo/xmlrpc v0.0.0-20190717152603-07c4ee3fd181/go.mod h1:o03bZfuBwAXHetKXuInt4S7omeXUu62/A845kiycsSQ= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s= @@ -420,12 +456,16 @@ github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= +github.com/labbsr0x/bindman-dns-webhook v1.0.2 h1:I7ITbmQPAVwrDdhd6dHKi+MYJTJqPCK0jE6YNBAevnk= github.com/labbsr0x/bindman-dns-webhook v1.0.2/go.mod h1:p6b+VCXIR8NYKpDr8/dg1HKfQoRHCdcsROXKvmoehKA= +github.com/labbsr0x/goh v1.0.1 h1:97aBJkDjpyBZGPbQuOK5/gHcSFbcr5aRsq3RSRJFpPk= github.com/labbsr0x/goh v1.0.1/go.mod h1:8K2UhVoaWXcCU7Lxoa2omWnC8gyW8px7/lmO61c027w= github.com/letsencrypt/pkcs11key v2.0.1-0.20170608213348-396559074696+incompatible/go.mod h1:iGYXKqDXt0cpBthCHdr9ZdsQwyGlYFh/+8xa4WzIQ34= github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= +github.com/linode/linodego v0.10.0 h1:AMdb82HVgY8o3mjBXJcUv9B+fnJjfDMn2rNRGbX+jvM= github.com/linode/linodego v0.10.0/go.mod h1:cziNP7pbvE3mXIPneHj0oRY8L1WtGEIKlZ8LANE4eXA= +github.com/liquidweb/liquidweb-go v1.6.0 h1:vIj1I/Wf97fUnyirD+bi6Y63c0GiXk9nKI1+sFFl3G0= github.com/liquidweb/liquidweb-go v1.6.0/go.mod h1:UDcVnAMDkZxpw4Y7NOHkqoeiGacVLEIG/i5J9cyixzQ= github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= github.com/lucas-clemente/quic-go v0.15.3 h1:i6n4Jr7673z9TlurAjc87+GlE/BN10++r9XZIPS9j6I= @@ -478,11 +518,13 @@ github.com/miekg/pkcs11 v1.0.2/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WT github.com/mitchellh/copystructure v1.0.0 h1:Laisrj+bAB6b/yJwB5Bt3ITZhGJdqmxquMKeZ+mmkFQ= github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= +github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-ps v0.0.0-20170309133038-4fdf99ab2936/go.mod h1:r1VsdOzOPt1ZSrGZWFoNhsAedKnEd6r9Np1+5blZCWk= github.com/mitchellh/go-ps v0.0.0-20190716172923-621e5597135b/go.mod h1:r1VsdOzOPt1ZSrGZWFoNhsAedKnEd6r9Np1+5blZCWk= github.com/mitchellh/go-vnc v0.0.0-20150629162542-723ed9867aed/go.mod h1:3rdaFaCv4AyBgu5ALFM0+tSuHrBh6v692nyQe3ikrq0= github.com/mitchellh/mapstructure v0.0.0-20180220230111-00c29f56e238/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= +github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/reflectwalk v1.0.0 h1:9D+8oIskB4VJBN5SFlmc27fSlIBZaov1Wpk/IfikLNY= github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= @@ -497,11 +539,13 @@ github.com/mozilla/tls-observatory v0.0.0-20180409132520-8791a200eb40/go.mod h1: github.com/mozilla/tls-observatory v0.0.0-20190404164649-a3c1b6cfecfd/go.mod h1:SrKMQvPiws7F7iqYp8/TX+IhxCYhzr6N/1yb8cwHsGk= github.com/mreiferson/go-httpclient v0.0.0-20160630210159-31f0106b4474/go.mod h1:OQA4XLvDbMgS8P0CevmM4m9Q3Jq4phKUzcocxuGJ5m8= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= +github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04 h1:o6uBwrhM5C8Ll3MAAxrQxRHEu7FkapwTuI2WmL1rw4g= github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04/go.mod h1:5sN+Lt1CaY4wsPvgQH/jsuJi4XO2ssZbdsIizr4CVC8= github.com/naoina/go-stringutil v0.1.0 h1:rCUeRUHjBjGTSHl0VC00jUPLz8/F9dDzYI70Hzifhks= github.com/naoina/go-stringutil v0.1.0/go.mod h1:XJ2SJL9jCtBh+P9q5btrd/Ylo8XwT/h1USek5+NqSA0= github.com/naoina/toml v0.1.1 h1:PT/lllxVVN0gzzSqSlHEmP8MJB4MY2U7STGxiouV4X8= github.com/naoina/toml v0.1.1/go.mod h1:NBIhNtsFMo3G2szEBne+bO4gS192HuIYRqfvOWb4i1E= +github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32 h1:W6apQkHrMkS0Muv8G/TipAy/FJl/rCYT0+EuS8+Z0z4= github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32/go.mod h1:9wM+0iRr9ahx58uYLpLIr5fm8diHn0JbqRycJi6w0Ms= github.com/nbutton23/zxcvbn-go v0.0.0-20160627004424-a22cb81b2ecd/go.mod h1:o96djdrsSGy3AWPyBgZMAGfxZNfgntdJG+11KU4QvbU= github.com/nbutton23/zxcvbn-go v0.0.0-20171102151520-eafdab6b0663/go.mod h1:o96djdrsSGy3AWPyBgZMAGfxZNfgntdJG+11KU4QvbU= @@ -512,9 +556,13 @@ github.com/newrelic/go-agent v2.15.0+incompatible/go.mod h1:a8Fv1b/fYhFSReoTU6HD github.com/ngdinhtoan/glide-cleanup v0.2.0/go.mod h1:UQzsmiDOb8YV3nOsCxK/c9zPpCZVNoHScRE3EO9pVMM= github.com/nkovacs/streamquote v0.0.0-20170412213628-49af9bddb229/go.mod h1:0aYXnNPJ8l7uZxf45rWW1a/uME32OF0rhiYGNQ2oF2E= github.com/nrdcg/auroradns v1.0.0/go.mod h1:6JPXKzIRzZzMqtTDgueIhTi6rFf1QvYE/HzqidhOhjw= +github.com/nrdcg/auroradns v1.0.1 h1:m/kBq83Xvy3cU261MOknd8BdnOk12q4lAWM+kOdsC2Y= github.com/nrdcg/auroradns v1.0.1/go.mod h1:y4pc0i9QXYlFCWrhWrUSIETnZgrf4KuwjDIWmmXo3JI= +github.com/nrdcg/dnspod-go v0.4.0 h1:c/jn1mLZNKF3/osJ6mz3QPxTudvPArXTjpkmYj0uK6U= github.com/nrdcg/dnspod-go v0.4.0/go.mod h1:vZSoFSFeQVm2gWLMkyX61LZ8HI3BaqtHZWgPTGKr6KQ= +github.com/nrdcg/goinwx v0.6.1 h1:AJnjoWPELyCtofhGcmzzcEMFd9YdF2JB/LgutWsWt/s= github.com/nrdcg/goinwx v0.6.1/go.mod h1:XPiut7enlbEdntAqalBIqcYcTEVhpv/dKWgDCX2SwKQ= +github.com/nrdcg/namesilo v0.2.1 h1:kLjCjsufdW/IlC+iSfAqj0iQGgKjlbUUeDJio5Y6eMg= github.com/nrdcg/namesilo v0.2.1/go.mod h1:lwMvfQTyYq+BbjJd30ylEG4GPSS6PII0Tia4rRpRiyw= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/olekukonko/tablewriter v0.0.1/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= @@ -537,7 +585,9 @@ github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWEr github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8= github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw= +github.com/oracle/oci-go-sdk v7.0.0+incompatible h1:oj5ESjXwwkFRdhZSnPlShvLWYdt/IZ65RQxveYM3maA= github.com/oracle/oci-go-sdk v7.0.0+incompatible/go.mod h1:VQb79nF8Z2cwLkLS35ukwStZIg5F66tcBccjip/j888= +github.com/ovh/go-ovh v0.0.0-20181109152953-ba5adb4cf014 h1:37VE5TYj2m/FLA9SNr4z0+A0JefvTmR60Zwf8XSEV7c= github.com/ovh/go-ovh v0.0.0-20181109152953-ba5adb4cf014/go.mod h1:joRatxRJaZBsY3JAOEMcoOp05CnZzsx4scTxi95DHyQ= github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= github.com/pelletier/go-toml v1.1.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= @@ -593,6 +643,7 @@ github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ryanuber/go-glob v0.0.0-20170128012129-256dc444b735/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= +github.com/sacloud/libsacloud v1.26.1 h1:td3Kd7lvpSAxxHEVpnaZ9goHmmhi0D/RfP0Rqqf/kek= github.com/sacloud/libsacloud v1.26.1/go.mod h1:79ZwATmHLIFZIMd7sxA3LwzVy/B77uj3LDoToVTxDoQ= github.com/samfoo/ansi v0.0.0-20160124022901-b6bd2ded7189 h1:CmSpbxmewNQbzqztaY0bke1qzHhyNyC29wYgh17Gxfo= github.com/samfoo/ansi v0.0.0-20160124022901-b6bd2ded7189/go.mod h1:UUwuHEJ9zkkPDxspIHOa59PUeSkGFljESGzbxntLmIg= @@ -650,8 +701,10 @@ github.com/smallstep/truststore v0.9.5 h1:KQ6bFXUadu3PG57sFSIBsu2pb/35NqO+MyS2Pv github.com/smallstep/truststore v0.9.5/go.mod h1:HwHKRcBi0RUxxw1LYDpTRhYC4jZUuxPpkHdVonlkoDM= github.com/smallstep/zcrypto v0.0.0-20200203191936-fbc32cf76bce/go.mod h1:+F24VU3UCxfVFvvqgm5jNUFQOm/L6ed13ImwWGFgg/g= github.com/smallstep/zlint v0.0.0-20180727184541-d84eaafe274f/go.mod h1:GeHHT7sJDI9ti3oEaFnvx1F4N8n3ZSw2YM1+sbEoxc4= +github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= +github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d/go.mod h1:UdhH50NIW0fCiwBSr0co2m7BnFLdv4fQTgdqdJTHFeE= @@ -679,6 +732,7 @@ github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DM github.com/spf13/viper v1.6.1/go.mod h1:t3iDnF5Jlj76alVNuyFBk5oUMCvsrkbvZK0WQdfDi5k= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.2.0 h1:Hbg2NidpLE8veEBkEZTL3CvlkUIVzuU9jDplZO54c48= github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= @@ -690,11 +744,16 @@ github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69 github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cbyO7IOYJZWg1U88JhDg3PB6klq9Hg2pA= github.com/timakin/bodyclose v0.0.0-20190721030226-87058b9bfcec/go.mod h1:Qimiffbc6q9tBWlVV6x0P9sat/ao1xEkREYPPj9hphk= github.com/timakin/bodyclose v0.0.0-20190930140734-f7f2e9bca95e/go.mod h1:Qimiffbc6q9tBWlVV6x0P9sat/ao1xEkREYPPj9hphk= +github.com/timewasted/linode v0.0.0-20160829202747-37e84520dcf7 h1:CpHxIaZzVy26GqJn8ptRyto8fuoYOd1v0fXm9bG3wQ8= github.com/timewasted/linode v0.0.0-20160829202747-37e84520dcf7/go.mod h1:imsgLplxEC/etjIhdr3dNzV3JeT27LbVu5pYWm0JCBY= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce/go.mod h1:o8v6yHRoik09Xen7gje4m9ERNah1d1PPsVq1VEx9vE4= github.com/tommy-muehle/go-mnd v1.1.1/go.mod h1:dSUh0FtTP8VhvkL1S+gUR1OKd9ZnSaozuI6r3m6wOig= +github.com/transip/gotransip v0.0.0-20190812104329-6d8d9179b66f h1:clyOmELPZd2LuFEyuo1mP6RXpbAW75PwD+RfDj4kBm0= github.com/transip/gotransip v0.0.0-20190812104329-6d8d9179b66f/go.mod h1:i0f4R4o2HM0m3DZYQWsj6/MEowD57VzoH0v3d7igeFY= +github.com/transip/gotransip/v6 v6.0.2 h1:rOCMY607PYF+YvMHHtJt7eZRd0mx/uhyz6dsXWPmn+4= +github.com/transip/gotransip/v6 v6.0.2/go.mod h1:pQZ36hWWRahCUXkFWlx9Hs711gLd8J4qdgLdRzmtY+g= +github.com/uber-go/atomic v1.3.2 h1:Azu9lPBWRNKzYXSIwRfgRuDuS0YKsK4NFhiQv98gkxo= github.com/uber-go/atomic v1.3.2/go.mod h1:/Ct5t2lcmbJ4OSe/waGBoaVvVqtO0bmtfVNex1PFV8g= github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= @@ -718,6 +777,7 @@ github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMI github.com/vulcand/oxy v1.1.0 h1:DbBijGo1+6cFqR9jarkMxasdj0lgWwrrFtue6ijek4Q= github.com/vulcand/oxy v1.1.0/go.mod h1:ADiMYHi8gkGl2987yQIzDRoXZilANF4WtKaQ92OppKY= github.com/vulcand/predicate v1.1.0/go.mod h1:mlccC5IRBoc2cIFmCB8ZM62I3VDb6p2GXESMHa3CnZg= +github.com/vultr/govultr v0.1.4 h1:UnNMixYFVO0p80itc8PcweoVENyo1PasfvwKhoasR9U= github.com/vultr/govultr v0.1.4/go.mod h1:9H008Uxr/C4vFNGLqKx232C206GL0PBHzOP0809bGNA= github.com/weppos/publicsuffix-go v0.4.0/go.mod h1:z3LCPQ38eedDQSwmsSRW4Y7t2L8Ln16JPQ02lHAdn5k= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= @@ -764,6 +824,7 @@ go.uber.org/multierr v1.4.0 h1:f3WCSC2KzAcBXGATIxAB1E2XuCpNU255wNKZ505qi3E= go.uber.org/multierr v1.4.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= go.uber.org/multierr v1.5.0 h1:KCa4XfM8CWFCpxXRGok+Q0SS/0XBhMDbHHGABQLvD2A= go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU= +go.uber.org/ratelimit v0.0.0-20180316092928-c15da0234277 h1:d9qaMM+ODpCq+9We41//fu/sHsTnXcrqd1en3x+GKy4= go.uber.org/ratelimit v0.0.0-20180316092928-c15da0234277/go.mod h1:2X8KaoNd1J0lZV+PxJk/5+DGbO/tpwLR1m++a7FnB/Y= go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee h1:0mgffUl7nfd+FpvXMVz4IDEaUSmT1ysygQC7qYo7sG4= go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= @@ -950,6 +1011,7 @@ golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxb golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190921001708-c4c64cad1fd0 h1:xQwXv67TxFo9nC1GJFyab5eq/5B590r6RlnL/G8Sz7w= golang.org/x/time v0.0.0-20190921001708-c4c64cad1fd0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20191024005414-555d28b269f0 h1:/5xXl8Y5W96D+TtHSlonuFqGHIWVuyCkGJLwGh9JJFs= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20170915040203-e531a2a1c15f/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -1094,17 +1156,20 @@ gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo= +gopkg.in/h2non/gock.v1 v1.0.15 h1:SzLqcIlb/fDfg7UvukMpNcWsu7sI5tWwL+KCATZqks0= gopkg.in/h2non/gock.v1 v1.0.15/go.mod h1:sX4zAkdYX1TRGJ2JY156cFspQn4yRWn6p9EMdODlynE= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.42.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.44.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= +gopkg.in/ini.v1 v1.51.1 h1:GyboHr4UqMiLUybYjd22ZjQIKEJEpgtLXtuGbR21Oho= gopkg.in/ini.v1 v1.51.1/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/natefinch/lumberjack.v2 v2.0.0 h1:1Lc07Kr7qY4U2YPouBjpCLxpiyxIVoxqXgkXLknAOE8= gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= gopkg.in/ns1/ns1-go.v2 v2.0.0-20190730140822-b51389932cbc h1:GAcf+t0o8gdJAdSFYdE9wChu4bIyguMVqz0RHiFL5VY= gopkg.in/ns1/ns1-go.v2 v2.0.0-20190730140822-b51389932cbc/go.mod h1:VV+3haRsgDiVLxyifmMBrBIuCWFBPYKbRssXB9z67Hw= gopkg.in/resty.v1 v1.9.1/go.mod h1:vo52Hzryw9PnPHcJfPsBiFW62XhNx5OczbV9y+IMpgc= +gopkg.in/resty.v1 v1.12.0 h1:CuXP0Pjfw9rOuY6EP+UvtNvt5DSqHpIxILZKT/quCZI= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= gopkg.in/square/go-jose.v2 v2.3.1 h1:SK5KegNXmKmqE342YYN2qPHEnUYeoMiXXl1poUlI+o4= gopkg.in/square/go-jose.v2 v2.3.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go index 7296d28f..dcdfc13f 100644 --- a/modules/caddytls/acmeissuer.go +++ b/modules/caddytls/acmeissuer.go @@ -91,11 +91,7 @@ func (m *ACMEIssuer) Provision(ctx caddy.Context) error { if err != nil { return fmt.Errorf("loading DNS provider module: %v", err) } - prov, err := val.(DNSProviderMaker).NewDNSProvider() - if err != nil { - return fmt.Errorf("making DNS provider: %v", err) - } - m.Challenges.DNS.provider = prov + m.Challenges.DNS.provider = val.(challenge.Provider) } // add any custom CAs to trust store @@ -221,12 +217,6 @@ func onDemandAskRequest(ask string, name string) error { return nil } -// DNSProviderMaker is a type that can create a new DNS provider. -// Modules in the tls.dns namespace should implement this interface. -type DNSProviderMaker interface { - NewDNSProvider() (challenge.Provider, error) -} - // ExternalAccountBinding contains information for // binding an external account to an ACME account. type ExternalAccountBinding struct { From bca610fbde82c4b45526dd526d7ddfa6e3bdac70 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 1 May 2020 09:34:32 -0600 Subject: [PATCH 0003/1498] httpcaddyfile: Minor fixes to parsing storage options --- caddyconfig/httpcaddyfile/options.go | 7 +++---- modules/filestorage/filestorage.go | 29 ++++++++++++++++++++++------ 2 files changed, 26 insertions(+), 10 deletions(-) diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go index 072d8f49..2ab73b24 100644 --- a/caddyconfig/httpcaddyfile/options.go +++ b/caddyconfig/httpcaddyfile/options.go @@ -136,14 +136,13 @@ func parseOptOrder(d *caddyfile.Dispenser) ([]string, error) { } func parseOptStorage(d *caddyfile.Dispenser) (caddy.StorageConverter, error) { - if !d.Next() { + if !d.Next() { // consume option name return nil, d.ArgErr() } - args := d.RemainingArgs() - if len(args) != 1 { + if !d.Next() { // get storage module name return nil, d.ArgErr() } - modName := args[0] + modName := d.Val() mod, err := caddy.GetModule("caddy.storage." + modName) if err != nil { return nil, d.Errf("getting storage module '%s': %v", modName, err) diff --git a/modules/filestorage/filestorage.go b/modules/filestorage/filestorage.go index 6e688ef0..629dc27e 100644 --- a/modules/filestorage/filestorage.go +++ b/modules/filestorage/filestorage.go @@ -48,15 +48,32 @@ func (s *FileStorage) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { if !d.Next() { return d.Err("expected tokens") } - for nesting := d.Nesting(); d.NextBlock(nesting); { - if !d.NextArg() { - return d.ArgErr() - } + if d.NextArg() { s.Root = d.Val() - if d.NextArg() { - return d.ArgErr() + } + if d.NextArg() { + return d.ArgErr() + } + for nesting := d.Nesting(); d.NextBlock(nesting); { + switch d.Val() { + case "root": + if !d.NextArg() { + return d.ArgErr() + } + if s.Root != "" { + return d.Err("root already set") + } + s.Root = d.Val() + if d.NextArg() { + return d.ArgErr() + } + default: + return d.Errf("unrecognized parameter '%s'", d.Val()) } } + if s.Root == "" { + return d.Err("missing root path (to use default, omit storage config entirely)") + } return nil } From a77bd1d8877fbbc8828e464a8c600e5a8aeb9aee Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 1 May 2020 10:41:08 -0600 Subject: [PATCH 0004/1498] httpcaddyfile: Update tls parsing for DNS providers --- caddyconfig/httpcaddyfile/builtins.go | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index 8137ce2a..b5a9341a 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -205,19 +205,26 @@ func parseTLS(h Helper) ([]ConfigValue, error) { if !h.Next() { return nil, h.ArgErr() } + provName := h.Val() if acmeIssuer == nil { acmeIssuer = new(caddytls.ACMEIssuer) } - provName := h.Val() if acmeIssuer.Challenges == nil { acmeIssuer.Challenges = new(caddytls.ChallengesConfig) acmeIssuer.Challenges.DNS = new(caddytls.DNSChallengeConfig) } - dnsProvModule, err := caddy.GetModule("tls.dns." + provName) + dnsProvModule, err := caddy.GetModule("dns.providers." + provName) if err != nil { return nil, h.Errf("getting DNS provider module named '%s': %v", provName, err) } - acmeIssuer.Challenges.DNS.ProviderRaw = caddyconfig.JSONModuleObject(dnsProvModule.New(), "name", provName, h.warnings) + dnsProvModuleInstance := dnsProvModule.New() + if unm, ok := dnsProvModuleInstance.(caddyfile.Unmarshaler); ok { + err = unm.UnmarshalCaddyfile(h.NewFromNextSegment()) + if err != nil { + return nil, err + } + } + acmeIssuer.Challenges.DNS.ProviderRaw = caddyconfig.JSONModuleObject(dnsProvModuleInstance, "name", provName, h.warnings) case "ca_root": arg := h.RemainingArgs() From d0770dbbb3222413bde1013a13e0020c49ba2e30 Mon Sep 17 00:00:00 2001 From: Mark Sargent <99003+sarge@users.noreply.github.com> Date: Sat, 2 May 2020 10:24:35 +1200 Subject: [PATCH 0005/1498] expose caddytest timeouts (#3329) --- caddytest/caddytest.go | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/caddytest/caddytest.go b/caddytest/caddytest.go index b0f23d0e..48dd3fac 100644 --- a/caddytest/caddytest.go +++ b/caddytest/caddytest.go @@ -34,12 +34,18 @@ type Defaults struct { AdminPort int // Certificates we expect to be loaded before attempting to run the tests Certifcates []string + // TestRequestTimeout is the time to wait for a http request to + TestRequestTimeout time.Duration + // LoadRequestTimeout is the time to wait for the config to be loaded against the caddy server + LoadRequestTimeout time.Duration } // Default testing values var Default = Defaults{ - AdminPort: 2019, - Certifcates: []string{"/caddy.localhost.crt", "/caddy.localhost.key"}, + AdminPort: 2019, + Certifcates: []string{"/caddy.localhost.crt", "/caddy.localhost.key"}, + TestRequestTimeout: 5 * time.Second, + LoadRequestTimeout: 5 * time.Second, } var ( @@ -65,7 +71,7 @@ func NewTester(t *testing.T) *Tester { Client: &http.Client{ Transport: CreateTestingTransport(), Jar: jar, - Timeout: 5 * time.Second, + Timeout: Default.TestRequestTimeout, }, t: t, } @@ -125,7 +131,7 @@ func (tc *Tester) initServer(rawConfig string, configType string) error { rawConfig = prependCaddyFilePath(rawConfig) client := &http.Client{ - Timeout: time.Second * 2, + Timeout: Default.LoadRequestTimeout, } start := time.Now() req, err := http.NewRequest("POST", fmt.Sprintf("http://localhost:%d/load", Default.AdminPort), strings.NewReader(rawConfig)) @@ -209,7 +215,7 @@ func validateTestPrerequisites() error { func isCaddyAdminRunning() error { // assert that caddy is running client := &http.Client{ - Timeout: time.Second * 2, + Timeout: Default.LoadRequestTimeout, } _, err := client.Get(fmt.Sprintf("http://localhost:%d/config/", Default.AdminPort)) if err != nil { From a507a5bbc72b70cba4e252b8ec7cbffdc09b4a86 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 1 May 2020 19:47:41 -0600 Subject: [PATCH 0006/1498] reverseproxy: Remove circuitbreaker module (see #3331) Moving to https://github.com/caddyserver/circuitbreaker Nobody was using it anyway -- it works well, but something got fumbled in a refactoring *months* ago. Turns out that we forgot the interface guards AND botched a method name (my bad) - Ok() should have been OK(). So it would always have thrown a runtime panic if it tried to be loaded. The module itself works well, but obviously nobody used it because nobody reported the error. Fixing this while we move it to the new repo. Removing this removes the last Bazaar/Launchpad dependency (I think). --- go.mod | 1 - go.sum | 13 -- .../caddyhttp/reverseproxy/circuitbreaker.go | 157 ------------------ .../caddyhttp/reverseproxy/healthchecks.go | 3 +- 4 files changed, 2 insertions(+), 172 deletions(-) delete mode 100644 modules/caddyhttp/reverseproxy/circuitbreaker.go diff --git a/go.mod b/go.mod index a005267a..3907161c 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,6 @@ require ( github.com/smallstep/certificates v0.14.2 github.com/smallstep/cli v0.14.2 github.com/smallstep/truststore v0.9.5 - github.com/vulcand/oxy v1.1.0 github.com/yuin/goldmark v1.1.28 github.com/yuin/goldmark-highlighting v0.0.0-20200307114337-60d527fdb691 go.uber.org/zap v1.14.1 diff --git a/go.sum b/go.sum index 8bc9d3eb..4e21c9d7 100644 --- a/go.sum +++ b/go.sum @@ -161,8 +161,6 @@ github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMn github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudflare/cloudflare-go v0.10.2 h1:VBodKICVPnwmDxstcW3biKcDSpFIfS/RELUXsZSBYK4= github.com/cloudflare/cloudflare-go v0.10.2/go.mod h1:qhVI5MKwBGhdNU89ZRz2plgYutcJ5PCekLxXn56w6SY= -github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd h1:qMd81Ts1T2OTKmB4acZcyKaMtRnY5Y44NuXGX2GFJ1w= -github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI= github.com/codegangsta/cli v1.20.0/go.mod h1:/qJNoX69yVSKu5o4jLyXAENLRyk1uhi7zkbQ3slBdOA= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/bbolt v1.3.3/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= @@ -375,10 +373,8 @@ github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2z github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4= github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= -github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gostaticanalysis/analysisutil v0.0.0-20190318220348-4088753ea4d3/go.mod h1:eEOZF4jCKGi+aprrirO9e7WKB3beBRtWgqGunKl6pKE= github.com/gostaticanalysis/analysisutil v0.0.3/go.mod h1:eEOZF4jCKGi+aprrirO9e7WKB3beBRtWgqGunKl6pKE= -github.com/gravitational/trace v0.0.0-20190726142706-a535a178675f/go.mod h1:RvdOUHE4SHqR3oXlFFKnGzms8a5dugHygGw1bqDstYI= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-middleware v1.1.0/go.mod h1:f5nM7jw/oeRSadq3xCzHAvxcr8HZnzsqU6ILg/0NiiE= @@ -477,11 +473,6 @@ github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm github.com/magiconair/properties v1.7.6/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= -github.com/mailgun/minheap v0.0.0-20170619185613-3dbe6c6bf55f/go.mod h1:V3EvCedtJTvUYzJF2GZMRB0JMlai+6cBu3VCTQz33GQ= -github.com/mailgun/multibuf v0.0.0-20150714184110-565402cd71fb/go.mod h1:E0vRBBIQUHcRtmL/oR6w/jehh4FJqJFxe86gBnw9gXc= -github.com/mailgun/timetools v0.0.0-20141028012446-7e6055773c51 h1:Kg/NPZLLC3aAFr1YToMs98dbCdhootQ1hZIvZU28hAQ= -github.com/mailgun/timetools v0.0.0-20141028012446-7e6055773c51/go.mod h1:RYmqHbhWwIz3z9eVmQ2rx82rulEMG0t+Q1bzfc9DYN4= -github.com/mailgun/ttlmap v0.0.0-20170619185759-c1c17f74874f/go.mod h1:8heskWJ5c0v5J9WH89ADhyal1DOZcayll8fSbhB+/9A= github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/manifoldco/promptui v0.3.1/go.mod h1:zoCNXiJnyM03LlBgTsWv8mq28s7aTC71UgKasqRJHww= github.com/manifoldco/promptui v0.7.0 h1:3l11YT8tm9MnwGFQ4kETwkzpAwY2Jt9lCrumCUW4+z4= @@ -774,9 +765,6 @@ github.com/valyala/quicktemplate v1.2.0/go.mod h1:EH+4AkTd43SvgIbQHYu59/cJyxDoOV github.com/valyala/tcplisten v0.0.0-20161114210144-ceec8f93295a/go.mod h1:v3UYOV9WzVtRmSR+PDvWpU/qWl4Wa5LApYYX4ZtKbio= github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU= github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM= -github.com/vulcand/oxy v1.1.0 h1:DbBijGo1+6cFqR9jarkMxasdj0lgWwrrFtue6ijek4Q= -github.com/vulcand/oxy v1.1.0/go.mod h1:ADiMYHi8gkGl2987yQIzDRoXZilANF4WtKaQ92OppKY= -github.com/vulcand/predicate v1.1.0/go.mod h1:mlccC5IRBoc2cIFmCB8ZM62I3VDb6p2GXESMHa3CnZg= github.com/vultr/govultr v0.1.4 h1:UnNMixYFVO0p80itc8PcweoVENyo1PasfvwKhoasR9U= github.com/vultr/govultr v0.1.4/go.mod h1:9H008Uxr/C4vFNGLqKx232C206GL0PBHzOP0809bGNA= github.com/weppos/publicsuffix-go v0.4.0/go.mod h1:z3LCPQ38eedDQSwmsSRW4Y7t2L8Ln16JPQ02lHAdn5k= @@ -1203,7 +1191,6 @@ howett.net/plist v0.0.0-20181124034731-591f970eefbb h1:jhnBjNi9UFpfpl8YZhA9CrOqp howett.net/plist v0.0.0-20181124034731-591f970eefbb/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0= howett.net/plist v0.0.0-20200225050739-77e249a2e2ba h1:HiEs/6jQFMHpFqsdPBAk3ieVcsSS8IV+D93f43UuDPo= howett.net/plist v0.0.0-20200225050739-77e249a2e2ba/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0= -launchpad.net/gocheck v0.0.0-20140225173054-000000000087/go.mod h1:hj7XX3B/0A+80Vse0e+BUHsHMTEhd0O4cpUHr/e/BUM= mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed/go.mod h1:Xkxe497xwlCKkIaQYRfC7CSLworTXY9RMqwhhCm+8Nc= mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b/go.mod h1:2odslEg/xrtNQqCYg2/jCoyKnw3vv5biOc3JnIcYfL4= mvdan.cc/unparam v0.0.0-20190209190245-fbb59629db34/go.mod h1:H6SUd1XjIs+qQCyskXg5OFSrilMRUkD8ePJpHKDPaeY= diff --git a/modules/caddyhttp/reverseproxy/circuitbreaker.go b/modules/caddyhttp/reverseproxy/circuitbreaker.go deleted file mode 100644 index 830ab439..00000000 --- a/modules/caddyhttp/reverseproxy/circuitbreaker.go +++ /dev/null @@ -1,157 +0,0 @@ -// Copyright 2015 Matthew Holt and The Caddy Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package reverseproxy - -import ( - "fmt" - "sync/atomic" - "time" - - "github.com/caddyserver/caddy/v2" - "github.com/vulcand/oxy/memmetrics" -) - -func init() { - caddy.RegisterModule(internalCircuitBreaker{}) -} - -// internalCircuitBreaker implements circuit breaking functionality -// for requests within this process over a sliding time window. -type internalCircuitBreaker struct { - tripped int32 - cbFactor int32 - threshold float64 - metrics *memmetrics.RTMetrics - tripTime time.Duration - Config -} - -// CaddyModule returns the Caddy module information. -func (internalCircuitBreaker) CaddyModule() caddy.ModuleInfo { - return caddy.ModuleInfo{ - ID: "http.reverse_proxy.circuit_breakers.internal", - New: func() caddy.Module { return new(internalCircuitBreaker) }, - } -} - -// Provision sets up a configured circuit breaker. -func (c *internalCircuitBreaker) Provision(ctx caddy.Context) error { - f, ok := typeCB[c.Factor] - if !ok { - return fmt.Errorf("type is not defined") - } - - if c.TripTime == "" { - c.TripTime = defaultTripTime - } - - tw, err := time.ParseDuration(c.TripTime) - if err != nil { - return fmt.Errorf("cannot parse trip_time duration, %v", err.Error()) - } - - mt, err := memmetrics.NewRTMetrics() - if err != nil { - return fmt.Errorf("cannot create new metrics: %v", err.Error()) - } - - c.cbFactor = f - c.tripTime = tw - c.threshold = c.Threshold - c.metrics = mt - c.tripped = 0 - - return nil -} - -// Ok returns whether the circuit breaker is tripped or not. -func (c *internalCircuitBreaker) Ok() bool { - tripped := atomic.LoadInt32(&c.tripped) - return tripped == 0 -} - -// RecordMetric records a response status code and execution time of a request. This function should be run in a separate goroutine. -func (c *internalCircuitBreaker) RecordMetric(statusCode int, latency time.Duration) { - c.metrics.Record(statusCode, latency) - c.checkAndSet() -} - -// Ok checks our metrics to see if we should trip our circuit breaker, or if the fallback duration has completed. -func (c *internalCircuitBreaker) checkAndSet() { - var isTripped bool - - switch c.cbFactor { - case factorErrorRatio: - // check if amount of network errors exceed threshold over sliding window, threshold for comparison should be < 1.0 i.e. .5 = 50th percentile - if c.metrics.NetworkErrorRatio() > c.threshold { - isTripped = true - } - case factorLatency: - // check if threshold in milliseconds is reached and trip - hist, err := c.metrics.LatencyHistogram() - if err != nil { - return - } - - l := hist.LatencyAtQuantile(c.threshold) - if l.Nanoseconds()/int64(time.Millisecond) > int64(c.threshold) { - isTripped = true - } - case factorStatusCodeRatio: - // check ratio of error status codes of sliding window, threshold for comparison should be < 1.0 i.e. .5 = 50th percentile - if c.metrics.ResponseCodeRatio(500, 600, 0, 600) > c.threshold { - isTripped = true - } - } - - if isTripped { - c.metrics.Reset() - atomic.AddInt32(&c.tripped, 1) - - // wait tripTime amount before allowing operations to resume. - t := time.NewTimer(c.tripTime) - <-t.C - - atomic.AddInt32(&c.tripped, -1) - } -} - -// Config represents the configuration of a circuit breaker. -type Config struct { - // The threshold over sliding window that would trip the circuit breaker - Threshold float64 `json:"threshold"` - // Possible values: latency, error_ratio, and status_ratio. It - // defaults to latency. - Factor string `json:"factor"` - // How long to wait after the circuit is tripped before allowing operations to resume. - // The default is 5s. - TripTime string `json:"trip_time"` -} - -const ( - factorLatency = iota + 1 - factorErrorRatio - factorStatusCodeRatio - defaultTripTime = "5s" -) - -var ( - // typeCB handles converting a Config Factor value to the internal circuit breaker types. - typeCB = map[string]int32{ - "latency": factorLatency, - "error_ratio": factorErrorRatio, - "status_ratio": factorStatusCodeRatio, - } -) diff --git a/modules/caddyhttp/reverseproxy/healthchecks.go b/modules/caddyhttp/reverseproxy/healthchecks.go index 85274c6b..02d84387 100644 --- a/modules/caddyhttp/reverseproxy/healthchecks.go +++ b/modules/caddyhttp/reverseproxy/healthchecks.go @@ -113,7 +113,8 @@ type PassiveHealthChecks struct { // CircuitBreaker is a type that can act as an early-warning // system for the health checker when backends are getting -// overloaded. +// overloaded. This interface is still experimental and is +// subject to change. type CircuitBreaker interface { OK() bool RecordMetric(statusCode int, latency time.Duration) From 86a4f2c9f4e7f85f2d59e2f1713aacf98ab8bc1a Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Sat, 2 May 2020 16:28:10 -0600 Subject: [PATCH 0007/1498] caddytls: Fix namespace tls.dns -> dns.providers Coulda sworn I did this already but I think I messed up my git commands --- caddyconfig/httpcaddyfile/tlsapp.go | 2 +- modules/caddytls/automation.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index 88c12607..80f39af3 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -383,7 +383,7 @@ func newBaseAutomationPolicy(options map[string]interface{}, warnings []caddycon } if acmeDNS != nil { provName := acmeDNS.(string) - dnsProvModule, err := caddy.GetModule("tls.dns." + provName) + dnsProvModule, err := caddy.GetModule("dns.providers." + provName) if err != nil { return nil, fmt.Errorf("getting DNS provider module named '%s': %v", provName, err) } diff --git a/modules/caddytls/automation.go b/modules/caddytls/automation.go index 5d96c4f8..bc095fff 100644 --- a/modules/caddytls/automation.go +++ b/modules/caddytls/automation.go @@ -287,7 +287,7 @@ type TLSALPNChallengeConfig struct { type DNSChallengeConfig struct { // The DNS provider module to use which will manage // the DNS records relevant to the ACME challenge. - ProviderRaw json.RawMessage `json:"provider,omitempty" caddy:"namespace=tls.dns inline_key=name"` + ProviderRaw json.RawMessage `json:"provider,omitempty" caddy:"namespace=dns.providers inline_key=name"` // The TTL of the TXT record used for the DNS challenge. TTL caddy.Duration `json:"ttl,omitempty"` From 8e4266106034819fa0f4be8f0efbd628eb3e1634 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Sat, 2 May 2020 17:23:36 -0600 Subject: [PATCH 0008/1498] caddytls: Finish upgrading to libdns DNS providers for ACME challenges Until we finish the migration to the new acme library, we have to bring the solver type in-house. It's small and temporary. --- caddyconfig/httpcaddyfile/builtins.go | 2 +- go.mod | 11 +-- go.sum | 28 +++---- modules/caddytls/acmeissuer.go | 16 +++- modules/caddytls/dnssolver.go | 113 ++++++++++++++++++++++++++ 5 files changed, 142 insertions(+), 28 deletions(-) create mode 100644 modules/caddytls/dnssolver.go diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index b5a9341a..4cc453e9 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -202,7 +202,7 @@ func parseTLS(h Helper) ([]ConfigValue, error) { acmeIssuer.CA = arg[0] case "dns": - if !h.Next() { + if !h.NextArg() { return nil, h.ArgErr() } provName := h.Val() diff --git a/go.mod b/go.mod index 3907161c..340cd32d 100644 --- a/go.mod +++ b/go.mod @@ -7,18 +7,15 @@ require ( github.com/alecthomas/chroma v0.7.2 github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a github.com/caddyserver/certmagic v0.10.12 - github.com/cenkalti/backoff/v4 v4.0.2 // indirect github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-acme/lego/v3 v3.6.0 github.com/gogo/protobuf v1.3.1 github.com/google/cel-go v0.4.1 - github.com/imdario/mergo v0.3.9 // indirect github.com/jsternberg/zap-logfmt v1.2.0 github.com/klauspost/compress v1.10.4 github.com/klauspost/cpuid v1.2.3 + github.com/libdns/libdns v0.0.0-20200501023120-186724ffc821 github.com/lucas-clemente/quic-go v0.15.3 - github.com/manifoldco/promptui v0.7.0 // indirect - github.com/miekg/dns v1.1.29 // indirect github.com/naoina/go-stringutil v0.1.0 // indirect github.com/naoina/toml v0.1.1 github.com/smallstep/certificates v0.14.2 @@ -27,11 +24,9 @@ require ( github.com/yuin/goldmark v1.1.28 github.com/yuin/goldmark-highlighting v0.0.0-20200307114337-60d527fdb691 go.uber.org/zap v1.14.1 - golang.org/x/crypto v0.0.0-20200414155820-4f8f47aa7992 - golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e - golang.org/x/sys v0.0.0-20200413165638-669c56c373c4 // indirect + golang.org/x/crypto v0.0.0-20200427165652-729f1e841bcc + golang.org/x/net v0.0.0-20200425230154-ff2c4b7c35a0 google.golang.org/genproto v0.0.0-20200413115906-b5235f65be36 gopkg.in/natefinch/lumberjack.v2 v2.0.0 - gopkg.in/square/go-jose.v2 v2.5.0 // indirect gopkg.in/yaml.v2 v2.2.8 ) diff --git a/go.sum b/go.sum index 4e21c9d7..1417405c 100644 --- a/go.sum +++ b/go.sum @@ -143,8 +143,6 @@ github.com/caddyserver/certmagic v0.10.12 h1:aZtgzcIssiMSlP0jDdpDBbBzQ5INf5eKL9T github.com/caddyserver/certmagic v0.10.12/go.mod h1:Y8jcUBctgk/IhpAzlHKfimZNyXCkfGgRTC0orl8gROQ= github.com/cenkalti/backoff/v4 v4.0.0 h1:6VeaLF9aI+MAUQ95106HwWzYZgJJpZ4stumjj6RFYAU= github.com/cenkalti/backoff/v4 v4.0.0/go.mod h1:eEew/i+1Q6OrCDZh3WiXYv3+nJwBASZ8Bog/87DQnVg= -github.com/cenkalti/backoff/v4 v4.0.2 h1:JIufpQLbh4DkbQoii76ItQIUFzevQSqOLZca4eamEDs= -github.com/cenkalti/backoff/v4 v4.0.2/go.mod h1:eEew/i+1Q6OrCDZh3WiXYv3+nJwBASZ8Bog/87DQnVg= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.2.1 h1:glEXhBS5PSLLv4IXzLA5yPRVX4bilULVyxxbrfOtDAk= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= @@ -399,9 +397,8 @@ github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1: github.com/icrowley/fake v0.0.0-20180203215853-4178557ae428/go.mod h1:uhpZMVGznybq1itEKXj6RYw9I71qK4kH+OGMjRC4KEo= github.com/iij/doapi v0.0.0-20190504054126-0bbf12d6d7df h1:MZf03xP9WdakyXhOWuAD5uPK3wHh96wCsqe3hCMKh8E= github.com/iij/doapi v0.0.0-20190504054126-0bbf12d6d7df/go.mod h1:QMZY7/J/KSQEhKWFeDesPjMj+wCHReeknARU3wqlyN4= +github.com/imdario/mergo v0.3.7 h1:Y+UAYTZ7gDEuOfhxKWy+dvb5dRQ6rJjFSdX2HZY1/gI= github.com/imdario/mergo v0.3.7/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/imdario/mergo v0.3.9 h1:UauaLniWCFHWd+Jp9oCEkTBj8VO/9DKg3PV3VCNMDIg= -github.com/imdario/mergo v0.3.9/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0B/fFc00Y+Rasa88328GlI/XbtyysCtTHZS8h7IrBU= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= @@ -459,6 +456,8 @@ github.com/labbsr0x/goh v1.0.1/go.mod h1:8K2UhVoaWXcCU7Lxoa2omWnC8gyW8px7/lmO61c github.com/letsencrypt/pkcs11key v2.0.1-0.20170608213348-396559074696+incompatible/go.mod h1:iGYXKqDXt0cpBthCHdr9ZdsQwyGlYFh/+8xa4WzIQ34= github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= +github.com/libdns/libdns v0.0.0-20200501023120-186724ffc821 h1:663opx/RKxiISi1ozf0WbvweQpYBgf34dx8hKSIau3w= +github.com/libdns/libdns v0.0.0-20200501023120-186724ffc821/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40= github.com/linode/linodego v0.10.0 h1:AMdb82HVgY8o3mjBXJcUv9B+fnJjfDMn2rNRGbX+jvM= github.com/linode/linodego v0.10.0/go.mod h1:cziNP7pbvE3mXIPneHj0oRY8L1WtGEIKlZ8LANE4eXA= github.com/liquidweb/liquidweb-go v1.6.0 h1:vIj1I/Wf97fUnyirD+bi6Y63c0GiXk9nKI1+sFFl3G0= @@ -466,17 +465,14 @@ github.com/liquidweb/liquidweb-go v1.6.0/go.mod h1:UDcVnAMDkZxpw4Y7NOHkqoeiGacVL github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= github.com/lucas-clemente/quic-go v0.15.3 h1:i6n4Jr7673z9TlurAjc87+GlE/BN10++r9XZIPS9j6I= github.com/lucas-clemente/quic-go v0.15.3/go.mod h1:oj40DjNLuNugvtXWg4PwaYgv7tAbzAabrT57CC69EhI= -github.com/lunixbochs/vtclean v0.0.0-20180621232353-2d01aacdc34a h1:weJVJJRzAJBFRlAiJQROKQs8oC9vOxvm4rZmBBk0ONw= -github.com/lunixbochs/vtclean v0.0.0-20180621232353-2d01aacdc34a/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/lunixbochs/vtclean v1.0.0 h1:xu2sLAri4lGiovBDQKxl5mrXyESr3gUr5m5SM5+LVb8= github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/magiconair/properties v1.7.6/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= +github.com/manifoldco/promptui v0.3.1 h1:BxqNa7q1hVHXIXy3iupJMkXYS3aHhbubJWv2Jmg6x64= github.com/manifoldco/promptui v0.3.1/go.mod h1:zoCNXiJnyM03LlBgTsWv8mq28s7aTC71UgKasqRJHww= -github.com/manifoldco/promptui v0.7.0 h1:3l11YT8tm9MnwGFQ4kETwkzpAwY2Jt9lCrumCUW4+z4= -github.com/manifoldco/promptui v0.7.0/go.mod h1:n4zTdgP0vr0S3w7/O/g98U+e0gwLScEXGwov2nIKuGQ= github.com/marten-seemann/qpack v0.1.0 h1:/0M7lkda/6mus9B8u34Asqm8ZhHAAt9Ho0vniNuVSVg= github.com/marten-seemann/qpack v0.1.0/go.mod h1:LFt1NU/Ptjip0C2CPkhimBz5CGE3WGDAUWqna+CNTrI= github.com/marten-seemann/qtls v0.9.0 h1:8Zguhc72eS+DH5EAb0BpAPIy3HDXYcihQi4xoDZOnjQ= @@ -502,9 +498,8 @@ github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5 github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4= github.com/miekg/dns v1.1.15 h1:CSSIDtllwGLMoA6zjdKnaE6Tx6eVUxQ29LUgGetiDCI= github.com/miekg/dns v1.1.15/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= +github.com/miekg/dns v1.1.27 h1:aEH/kqUzUxGJ/UHcEKdJY+ugH6WEzsEBBSPa8zuy1aM= github.com/miekg/dns v1.1.27/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM= -github.com/miekg/dns v1.1.29 h1:xHBEhR+t5RzcFJjBLJlax2daXOrTYtr9z4WdKEfWFzg= -github.com/miekg/dns v1.1.29/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM= github.com/miekg/pkcs11 v1.0.2/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/mitchellh/copystructure v1.0.0 h1:Laisrj+bAB6b/yJwB5Bt3ITZhGJdqmxquMKeZ+mmkFQ= github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= @@ -845,8 +840,8 @@ golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073 h1:xMPOj6Pz6UipU1wXLkrtqp golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59 h1:3zb4D3T4G8jdExgVU/95+vQXfpEPiMdCaZgmGVxjNHM= golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20200414155820-4f8f47aa7992 h1:B4Wjn2mWOWzjcWfyRYlf00lQ1/9h5vRKmQnhIKhMFR0= -golang.org/x/crypto v0.0.0-20200414155820-4f8f47aa7992/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20200427165652-729f1e841bcc h1:ZGI/fILM2+ueot/UixBSoj9188jCAxVHEZEGhqq67I4= +golang.org/x/crypto v0.0.0-20200427165652-729f1e841bcc/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -918,8 +913,8 @@ golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200301022130-244492dfa37a h1:GuSPYbZzB5/dcLNCwLQLsg3obCJtX9IJhpXkvY7kzk0= golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e h1:3G+cUijn7XD+S4eJFddp53Pv7+slrESplyjG25HgL+k= -golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200425230154-ff2c4b7c35a0 h1:Jcxah/M+oLZ/R4/z5RzfPzGbPXnVDPkEDtf2JnuxN+U= +golang.org/x/net v0.0.0-20200425230154-ff2c4b7c35a0/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -986,8 +981,6 @@ golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527 h1:uYVVQ9WP/Ds2ROhcaGPeIdVq0 golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd h1:xhmwyvizuTgC2qz7ZlMluP20uW+C3Rm0FD/WLDX8884= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200413165638-669c56c373c4 h1:opSr2sbRXk5X5/givKrrKj9HXxFpW2sdCiP8MJSKLQY= -golang.org/x/sys v0.0.0-20200413165638-669c56c373c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.0.0-20170915090833-1cbadb444a80/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1161,9 +1154,8 @@ gopkg.in/resty.v1 v1.12.0 h1:CuXP0Pjfw9rOuY6EP+UvtNvt5DSqHpIxILZKT/quCZI= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= gopkg.in/square/go-jose.v2 v2.3.1 h1:SK5KegNXmKmqE342YYN2qPHEnUYeoMiXXl1poUlI+o4= gopkg.in/square/go-jose.v2 v2.3.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= +gopkg.in/square/go-jose.v2 v2.4.0 h1:0kXPskUMGAXXWJlP05ktEMOV0vmzFQUWw6d+aZJQU8A= gopkg.in/square/go-jose.v2 v2.4.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= -gopkg.in/square/go-jose.v2 v2.5.0 h1:OZ4sdq+Y+SHfYB7vfthi1Ei8b0vkP8ZPQgUfUwdUSqo= -gopkg.in/square/go-jose.v2 v2.5.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go index dcdfc13f..4295cda1 100644 --- a/modules/caddytls/acmeissuer.go +++ b/modules/caddytls/acmeissuer.go @@ -91,7 +91,21 @@ func (m *ACMEIssuer) Provision(ctx caddy.Context) error { if err != nil { return fmt.Errorf("loading DNS provider module: %v", err) } - m.Challenges.DNS.provider = val.(challenge.Provider) + // TODO: For a temporary amount of time, we are allowing the use of + // DNS providers from go-acme/lego since there are so many implemented + // for it -- they are adapted as Caddy modules in this repository: + // https://github.com/caddy-dns/lego-deprecated - that module is + // a challenge.Provider value, so we use it directly. The user must set + // environment variables to configure it. Remove this shim once a sufficient + // number of DNS providers are implemented for the libdns APIs instead. + if grandfatheredProvider, ok := val.(challenge.Provider); ok { + m.Challenges.DNS.provider = grandfatheredProvider + } else { + m.Challenges.DNS.provider = &solver{ + recordManager: val.(recordManager), + TTL: time.Duration(m.Challenges.DNS.TTL), + } + } } // add any custom CAs to trust store diff --git a/modules/caddytls/dnssolver.go b/modules/caddytls/dnssolver.go new file mode 100644 index 00000000..c8a9c3ac --- /dev/null +++ b/modules/caddytls/dnssolver.go @@ -0,0 +1,113 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package caddytls + +import ( + "context" + "fmt" + "sync" + "time" + + "github.com/go-acme/lego/v3/challenge" + "github.com/go-acme/lego/v3/challenge/dns01" + "github.com/libdns/libdns" +) + +// TODO: this is borrowed from https://github.com/mholt/acme - once we +// switch to that acme library, this file will go away + +// solver is a type that makes libdns providers usable as ACME challenge solvers. +type solver struct { + recordManager + + TTL time.Duration + + txtRecords map[string]libdns.Record // keyed by challenge token + txtRecordsMu sync.Mutex +} + +func (s *solver) Present(domain, token, keyAuth string) error { + fqdn, value := dns01.GetRecord(domain, keyAuth) + + rec := libdns.Record{ + Type: "TXT", + Name: fqdn, + Value: value, + TTL: s.TTL, + } + + zone, err := dns01.FindZoneByFqdn(fqdn) + if err != nil { + return fmt.Errorf("could not determine zone for domain %q: %v", fqdn, err) + } + + results, err := s.recordManager.AppendRecords(context.TODO(), zone, []libdns.Record{rec}) + if err != nil { + return err + } + if len(results) != 1 { + return fmt.Errorf("expected one record, got %d: %v", len(results), results) + } + + // keep this record handy so we can clean it up more efficiently + s.txtRecordsMu.Lock() + if s.txtRecords == nil { + s.txtRecords = make(map[string]libdns.Record) + } + s.txtRecords[keyAuth] = results[0] + s.txtRecordsMu.Unlock() + + // TODO: check for record propagation before continuing (accordig to config) + + return nil +} + +func (s *solver) CleanUp(domain, token, keyAuth string) error { + fqdn, _ := dns01.GetRecord(domain, keyAuth) + authZone, err := dns01.FindZoneByFqdn(fqdn) + if err != nil { + return err + } + + // retrieve the record we created + s.txtRecordsMu.Lock() + txtRec, ok := s.txtRecords[keyAuth] + if !ok { + s.txtRecordsMu.Unlock() + return fmt.Errorf("no memory of presenting a DNS record for %v", domain) + } + s.txtRecordsMu.Unlock() + + // clean up the record + _, err = s.recordManager.DeleteRecords(context.TODO(), authZone, []libdns.Record{txtRec}) + if err != nil { + return err + } + + // once it has been successfully cleaned up, we can forget about it + s.txtRecordsMu.Lock() + delete(s.txtRecords, keyAuth) + s.txtRecordsMu.Unlock() + + return nil +} + +// recordManager defines the set of operations required for ACME challenges. +type recordManager interface { + libdns.RecordAppender + libdns.RecordDeleter +} + +var _ challenge.Provider = (*solver)(nil) From e051e119d1dff75972ed9b07cf97bbb989ba8daa Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Sun, 3 May 2020 02:24:54 +0300 Subject: [PATCH 0009/1498] ci: add tests on s390x and ppc64le (#3328) * ci: add tests on s390x and ppc64le * ci: use Travis as CI for ppc64le and s390x * ci: cache Go builds on Travis * ci: avoid Travis duplicate builds --- .travis.yml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 .travis.yml diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 00000000..d5dc3036 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,24 @@ +branches: + only: + - master +language: go +go: + - 1.14.x +dist: bionic +arch: + - ppc64le + - s390x +env: + - GO111MODULE=on CGO_ENABLED=0 +cache: + directories: + - $GOPATH/pkg/mod + - /home/travis/.cache/go-build +git: + depth: 1 + +install: + - go get -v -t -d ./... +script: + - go test -v -short ./... + - go build -trimpath -ldflags="-w -s" -v -o cmd/caddy/caddy cmd/caddy/main.go From 52305618dfc4289e5a3cfcf848450500ef8fa21c Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Tue, 5 May 2020 12:27:49 -0600 Subject: [PATCH 0010/1498] caddyfile: Support backticks as quotes (closes #2591) (#3242) --- caddyconfig/caddyfile/lexer.go | 17 ++++++++++----- caddyconfig/caddyfile/lexer_test.go | 32 +++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+), 5 deletions(-) diff --git a/caddyconfig/caddyfile/lexer.go b/caddyconfig/caddyfile/lexer.go index 687ff90e..d9968ff8 100755 --- a/caddyconfig/caddyfile/lexer.go +++ b/caddyconfig/caddyfile/lexer.go @@ -73,7 +73,7 @@ func (l *lexer) load(input io.Reader) error { // a token was loaded; false otherwise. func (l *lexer) next() bool { var val []rune - var comment, quoted, escaped bool + var comment, quoted, btQuoted, escaped bool makeToken := func() bool { l.token.Text = string(val) @@ -92,13 +92,13 @@ func (l *lexer) next() bool { panic(err) } - if !escaped && ch == '\\' { + if !escaped && !btQuoted && ch == '\\' { escaped = true continue } - if quoted { - if escaped { + if quoted || btQuoted { + if quoted && escaped { // all is literal in quoted area, // so only escape quotes if ch != '"' { @@ -106,7 +106,10 @@ func (l *lexer) next() bool { } escaped = false } else { - if ch == '"' { + if quoted && ch == '"' { + return makeToken() + } + if btQuoted && ch == '`' { return makeToken() } } @@ -151,6 +154,10 @@ func (l *lexer) next() bool { quoted = true continue } + if ch == '`' { + btQuoted = true + continue + } } if escaped { diff --git a/caddyconfig/caddyfile/lexer_test.go b/caddyconfig/caddyfile/lexer_test.go index 9105eb57..734006e3 100755 --- a/caddyconfig/caddyfile/lexer_test.go +++ b/caddyconfig/caddyfile/lexer_test.go @@ -199,6 +199,38 @@ func TestLexer(t *testing.T) { {Line: 1, Text: ":8080"}, }, }, + { + input: "simple `backtick quoted` string", + expected: []Token{ + {Line: 1, Text: `simple`}, + {Line: 1, Text: `backtick quoted`}, + {Line: 1, Text: `string`}, + }, + }, + { + input: "multiline `backtick\nquoted\n` string", + expected: []Token{ + {Line: 1, Text: `multiline`}, + {Line: 1, Text: "backtick\nquoted\n"}, + {Line: 3, Text: `string`}, + }, + }, + { + input: "nested `\"quotes inside\" backticks` string", + expected: []Token{ + {Line: 1, Text: `nested`}, + {Line: 1, Text: `"quotes inside" backticks`}, + {Line: 1, Text: `string`}, + }, + }, + { + input: "reverse-nested \"`backticks` inside\" quotes", + expected: []Token{ + {Line: 1, Text: `reverse-nested`}, + {Line: 1, Text: "`backticks` inside"}, + {Line: 1, Text: `quotes`}, + }, + }, } for i, testCase := range testCases { From 26e559662d677062874afed9775f660f1f5f9c1e Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 5 May 2020 14:29:21 -0400 Subject: [PATCH 0011/1498] httpcaddyfile: Support single-line matchers (#3263) * httpcaddyfile: Support single-line matchers * httpcaddyfile: Add single-line matcher test * httpcaddyfile: Add a matcher syntax adapt test --- caddyconfig/httpcaddyfile/httptype.go | 2 +- caddyconfig/httpcaddyfile/httptype_test.go | 7 ++ caddytest/integration/caddyfile_adapt_test.go | 80 +++++++++++++++++++ 3 files changed, 88 insertions(+), 1 deletion(-) diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index eb067bcd..775c0623 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -1001,7 +1001,7 @@ func parseMatcherDefinitions(d *caddyfile.Dispenser, matchers map[string]caddy.M // handle more than one segment); otherwise, we'd overwrite other // instances of the matcher in this set tokensByMatcherName := make(map[string][]caddyfile.Token) - for nesting := d.Nesting(); d.NextBlock(nesting); { + for nesting := d.Nesting(); d.NextArg() || d.NextBlock(nesting); { matcherName := d.Val() tokensByMatcherName[matcherName] = append(tokensByMatcherName[matcherName], d.NextSegment()...) } diff --git a/caddyconfig/httpcaddyfile/httptype_test.go b/caddyconfig/httpcaddyfile/httptype_test.go index 64f0f82a..1bc2ddf8 100644 --- a/caddyconfig/httpcaddyfile/httptype_test.go +++ b/caddyconfig/httpcaddyfile/httptype_test.go @@ -50,6 +50,13 @@ func TestMatcherSyntax(t *testing.T) { expectWarn: false, expectError: false, }, + { + input: `http://localhost + @debug not path /somepath* + `, + expectWarn: false, + expectError: false, + }, } { adapter := caddyfile.Adapter{ diff --git a/caddytest/integration/caddyfile_adapt_test.go b/caddytest/integration/caddyfile_adapt_test.go index bff325be..f6120aef 100644 --- a/caddytest/integration/caddyfile_adapt_test.go +++ b/caddytest/integration/caddyfile_adapt_test.go @@ -283,3 +283,83 @@ func TestHttpOnlyOnNonStandardPort(t *testing.T) { } }`) } + +func TestMatcherSyntax(t *testing.T) { + caddytest.AssertAdapt(t, ` + :80 { + @matcher { + method GET + } + respond @matcher "get" + + @matcher2 method POST + respond @matcher2 "post" + + @matcher3 not method PUT + respond @matcher3 "not put" + } + `, "caddyfile", `{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":80" + ], + "routes": [ + { + "match": [ + { + "method": [ + "GET" + ] + } + ], + "handle": [ + { + "body": "get", + "handler": "static_response" + } + ] + }, + { + "match": [ + { + "method": [ + "POST" + ] + } + ], + "handle": [ + { + "body": "post", + "handler": "static_response" + } + ] + }, + { + "match": [ + { + "not": [ + { + "method": [ + "PUT" + ] + } + ] + } + ], + "handle": [ + { + "body": "not put", + "handler": "static_response" + } + ] + } + ] + } + } + } + } +}`) +} \ No newline at end of file From 96d6d277a453a602b9ec49131d8e332ce7aefcad Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 5 May 2020 14:32:12 -0400 Subject: [PATCH 0012/1498] caddyconfig: Don't start comments in middle of tokens (#3267) * caddyconfig: Only parse # as start of comment if preceded by space * caddyconfig: Simplify # logic using len(val), add a test --- caddyconfig/caddyfile/formatter.go | 3 --- caddyconfig/caddyfile/formatter_test.go | 9 +++++++-- caddyconfig/caddyfile/lexer.go | 2 +- caddyconfig/caddyfile/lexer_test.go | 20 ++++++++++++++++++++ 4 files changed, 28 insertions(+), 6 deletions(-) diff --git a/caddyconfig/caddyfile/formatter.go b/caddyconfig/caddyfile/formatter.go index 2c97f3b0..62705416 100644 --- a/caddyconfig/caddyfile/formatter.go +++ b/caddyconfig/caddyfile/formatter.go @@ -131,9 +131,6 @@ func Format(input []byte) []byte { ////////////////////////////////////////////////////////// if ch == '#' { - if !spacePrior && !beginningOfLine { - write(' ') - } comment = true } diff --git a/caddyconfig/caddyfile/formatter_test.go b/caddyconfig/caddyfile/formatter_test.go index 25bd7fa8..6751ecaa 100644 --- a/caddyconfig/caddyfile/formatter_test.go +++ b/caddyconfig/caddyfile/formatter_test.go @@ -201,7 +201,7 @@ c } d { - e #f + e#f # g } @@ -229,7 +229,7 @@ bar" j { "\"k\" l m" }`, - expect: `"a \"b\" " #c + expect: `"a \"b\" "#c d e { @@ -305,6 +305,11 @@ bar "{\"key\":34}"`, baz`, }, + { + description: "hash within string is not a comment", + input: `redir / /some/#/path`, + expect: `redir / /some/#/path`, + }, } { // the formatter should output a trailing newline, // even if the tests aren't written to expect that diff --git a/caddyconfig/caddyfile/lexer.go b/caddyconfig/caddyfile/lexer.go index d9968ff8..568d15cb 100755 --- a/caddyconfig/caddyfile/lexer.go +++ b/caddyconfig/caddyfile/lexer.go @@ -141,7 +141,7 @@ func (l *lexer) next() bool { continue } - if ch == '#' { + if ch == '#' && len(val) == 0 { comment = true } if comment { diff --git a/caddyconfig/caddyfile/lexer_test.go b/caddyconfig/caddyfile/lexer_test.go index 734006e3..c8c941a9 100755 --- a/caddyconfig/caddyfile/lexer_test.go +++ b/caddyconfig/caddyfile/lexer_test.go @@ -77,6 +77,26 @@ func TestLexer(t *testing.T) { {Line: 6, Text: "}"}, }, }, + { + input: `host:123 { + # hash inside string is not a comment + redir / /some/#/path + }`, + expected: []Token{ + {Line: 1, Text: "host:123"}, + {Line: 1, Text: "{"}, + {Line: 3, Text: "redir"}, + {Line: 3, Text: "/"}, + {Line: 3, Text: "/some/#/path"}, + {Line: 4, Text: "}"}, + }, + }, + { + input: "# comment at beginning of file\n# comment at beginning of line\nhost:123", + expected: []Token{ + {Line: 3, Text: "host:123"}, + }, + }, { input: `a "quoted value" b foobar`, From 41c7bd27b495ab9b5edca7afb0cf99d5e1b52944 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Tue, 5 May 2020 12:33:21 -0600 Subject: [PATCH 0013/1498] httpserver: Add experimental H2C support (#3289) * reverse_proxy: Initial attempt at H2C transport/client support (#3218) I have not tested this yet * Experimentally enabling H2C server support (closes #3227) See also #3218 I have not tested this * reverseproxy: Clean up H2C transport a bit * caddyhttp: Update godoc for h2c server; clarify experimental status * caddyhttp: Fix trailers when recording responses (fixes #3236) * caddyhttp: Tweak h2c config settings and docs --- modules/caddyhttp/app.go | 10 ++++++ modules/caddyhttp/reverseproxy/caddyfile.go | 7 ++++ .../caddyhttp/reverseproxy/httptransport.go | 36 ++++++++++++++++++- modules/caddyhttp/server.go | 11 ++++++ 4 files changed, 63 insertions(+), 1 deletion(-) diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go index 8e7f3eaa..f695276a 100644 --- a/modules/caddyhttp/app.go +++ b/modules/caddyhttp/app.go @@ -27,6 +27,8 @@ import ( "github.com/caddyserver/caddy/v2/modules/caddytls" "github.com/lucas-clemente/quic-go/http3" "go.uber.org/zap" + "golang.org/x/net/http2" + "golang.org/x/net/http2/h2c" ) func init() { @@ -282,6 +284,14 @@ func (app *App) Start() error { Handler: srv, } + // enable h2c if configured + if srv.AllowH2C { + h2server := &http2.Server{ + IdleTimeout: time.Duration(srv.IdleTimeout), + } + s.Handler = h2c.NewHandler(srv, h2server) + } + for _, lnAddr := range srv.Listen { listenAddr, err := caddy.ParseNetworkAddress(lnAddr) if err != nil { diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index 9636936d..56e2698e 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -584,6 +584,7 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { // tls_trusted_ca_certs // keepalive [off|] // keepalive_idle_conns +// versions // } // func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { @@ -701,6 +702,12 @@ func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { h.KeepAlive.MaxIdleConns = num h.KeepAlive.MaxIdleConnsPerHost = num + case "versions": + h.Versions = d.RemainingArgs() + if len(h.Versions) == 0 { + return d.ArgErr() + } + default: return d.Errf("unrecognized subdirective %s", d.Val()) } diff --git a/modules/caddyhttp/reverseproxy/httptransport.go b/modules/caddyhttp/reverseproxy/httptransport.go index 4b5111c0..f0fbbd6e 100644 --- a/modules/caddyhttp/reverseproxy/httptransport.go +++ b/modules/caddyhttp/reverseproxy/httptransport.go @@ -82,11 +82,16 @@ type HTTPTransport struct { // The size of the read buffer in bytes. ReadBufferSize int `json:"read_buffer_size,omitempty"` - // The versions of HTTP to support. Default: ["1.1", "2"] + // The versions of HTTP to support. As a special case, "h2c" + // can be specified to use H2C (HTTP/2 over Cleartext) to the + // upstream (this feature is experimental and subject to + // change or removal). Default: ["1.1", "2"] Versions []string `json:"versions,omitempty"` // The pre-configured underlying HTTP transport. Transport *http.Transport `json:"-"` + + h2cTransport *http2.Transport } // CaddyModule returns the Caddy module information. @@ -110,6 +115,28 @@ func (h *HTTPTransport) Provision(ctx caddy.Context) error { } h.Transport = rt + // if h2c is enabled, configure its transport (std lib http.Transport + // does not "HTTP/2 over cleartext TCP") + if sliceContains(h.Versions, "h2c") { + // crafting our own http2.Transport doesn't allow us to utilize + // most of the customizations/preferences on the http.Transport, + // because, for some reason, only http2.ConfigureTransport() + // is allowed to set the unexported field that refers to a base + // http.Transport config; oh well + h2t := &http2.Transport{ + // kind of a hack, but for plaintext/H2C requests, pretend to dial TLS + DialTLS: func(network, addr string, _ *tls.Config) (net.Conn, error) { + // TODO: no context, thus potentially wrong dial info + return net.Dial(network, addr) + }, + AllowHTTP: true, + } + if h.Compression != nil { + h2t.DisableCompression = !*h.Compression + } + h.h2cTransport = h2t + } + return nil } @@ -182,6 +209,13 @@ func (h *HTTPTransport) NewTransport(_ caddy.Context) (*http.Transport, error) { // RoundTrip implements http.RoundTripper. func (h *HTTPTransport) RoundTrip(req *http.Request) (*http.Response, error) { h.SetScheme(req) + + // if H2C ("HTTP/2 over cleartext") is enabled and the upstream request is + // HTTP/2 without TLS, use the alternate H2C-capable transport instead + if req.ProtoMajor == 2 && req.URL.Scheme == "http" && h.h2cTransport != nil { + return h.h2cTransport.RoundTrip(req) + } + return h.Transport.RoundTrip(req) } diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index 36e70422..a4fda28c 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -111,6 +111,17 @@ type Server struct { // This field is not subject to compatibility promises. ExperimentalHTTP3 bool `json:"experimental_http3,omitempty"` + // Enables H2C ("Cleartext HTTP/2" or "H2 over TCP") support, + // which will serve HTTP/2 over plaintext TCP connections if + // a client support it. Because this is not implemented by the + // Go standard library, using H2C is incompatible with most + // of the other options for this server. Do not enable this + // only to achieve maximum client compatibility. In practice, + // very few clients implement H2C, and even fewer require it. + // This setting applies only to unencrypted HTTP listeners. + // ⚠️ Experimental feature; subject to change or removal. + AllowH2C bool `json:"allow_h2c,omitempty"` + primaryHandlerChain Handler errorHandlerChain Handler listenerWrappers []caddy.ListenerWrapper From 1e8c9764df94c7b6549dc9f5be618cddc4573d1b Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Tue, 5 May 2020 12:34:58 -0600 Subject: [PATCH 0014/1498] file_server: Accept files args in one-liner of Caddyfile matcher (#3298) Previously, matching by trying files other than the actual path of the URI was: file { try_files } Now, the same can be done in one line: file As before, an empty file matcher: file still matches if the request URI exists as a file in the site root. --- modules/caddyhttp/fileserver/matcher.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/caddyhttp/fileserver/matcher.go b/modules/caddyhttp/fileserver/matcher.go index 1beb8bac..9144ca4d 100644 --- a/modules/caddyhttp/fileserver/matcher.go +++ b/modules/caddyhttp/fileserver/matcher.go @@ -91,7 +91,7 @@ func (MatchFile) CaddyModule() caddy.ModuleInfo { // UnmarshalCaddyfile sets up the matcher from Caddyfile tokens. Syntax: // -// file { +// file { // root // try_files // try_policy first_exist|smallest_size|largest_size|most_recently_modified @@ -99,6 +99,7 @@ func (MatchFile) CaddyModule() caddy.ModuleInfo { // func (m *MatchFile) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { for d.Next() { + m.TryFiles = append(m.TryFiles, d.RemainingArgs()...) for d.NextBlock(0) { switch d.Val() { case "root": @@ -107,7 +108,7 @@ func (m *MatchFile) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { } m.Root = d.Val() case "try_files": - m.TryFiles = d.RemainingArgs() + m.TryFiles = append(m.TryFiles, d.RemainingArgs()...) if len(m.TryFiles) == 0 { return d.ArgErr() } From 184e8e9f713bf39e82f4677452998bb003de6e6d Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Tue, 5 May 2020 12:35:32 -0600 Subject: [PATCH 0015/1498] pki: Embedded ACME server (#3198) * pki: Initial commit of embedded ACME server (#3021) * reverseproxy: Support auto-managed TLS client certificates (#3021) * A little cleanup after today's review session --- go.mod | 2 + go.sum | 124 +------------ .../caddyhttp/reverseproxy/httptransport.go | 37 +++- modules/caddypki/acmeserver/acmeserver.go | 165 ++++++++++++++++++ modules/caddypki/ca.go | 63 ++++++- modules/caddypki/command.go | 4 +- modules/caddypki/pki.go | 2 +- modules/caddytls/internalissuer.go | 50 ++---- modules/standard/import.go | 1 + 9 files changed, 281 insertions(+), 167 deletions(-) create mode 100644 modules/caddypki/acmeserver/acmeserver.go diff --git a/go.mod b/go.mod index 340cd32d..112df91c 100644 --- a/go.mod +++ b/go.mod @@ -9,6 +9,7 @@ require ( github.com/caddyserver/certmagic v0.10.12 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-acme/lego/v3 v3.6.0 + github.com/go-chi/chi v4.0.2+incompatible github.com/gogo/protobuf v1.3.1 github.com/google/cel-go v0.4.1 github.com/jsternberg/zap-logfmt v1.2.0 @@ -20,6 +21,7 @@ require ( github.com/naoina/toml v0.1.1 github.com/smallstep/certificates v0.14.2 github.com/smallstep/cli v0.14.2 + github.com/smallstep/nosql v0.2.0 github.com/smallstep/truststore v0.9.5 github.com/yuin/goldmark v1.1.28 github.com/yuin/goldmark-highlighting v0.0.0-20200307114337-60d527fdb691 diff --git a/go.sum b/go.sum index 1417405c..6bc620c9 100644 --- a/go.sum +++ b/go.sum @@ -8,7 +8,6 @@ cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxK cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= -cloud.google.com/go v0.51.0 h1:PvKAVQWCtlGUSlZkGW3QLelKaWq7KYv/MW1EboG8bfM= cloud.google.com/go v0.51.0/go.mod h1:hWtGJ6gnXH+KgDv+V0zFGDvpi07n3z8ZNj3T1RW0Gcw= cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= @@ -25,7 +24,6 @@ cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIA cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= -contrib.go.opencensus.io/exporter/ocagent v0.4.12 h1:jGFvw3l57ViIVEPKKEUXPcLYIXJmQxLUh6ey1eJhwyc= contrib.go.opencensus.io/exporter/ocagent v0.4.12/go.mod h1:450APlNTSR6FrvC3CTRqYosuDstRB9un7SOx2k/9ckA= contrib.go.opencensus.io/exporter/stackdriver v0.12.1/go.mod h1:iwB6wGarfphGGe/e5CWqyUk/cLzKnWsOKPVW3no6OTw= contrib.go.opencensus.io/resource v0.1.1/go.mod h1:F361eGI91LCmW1I/Saf+rX0+OFcigGlFvXwEGEnkRLA= @@ -37,29 +35,18 @@ dmitri.shuralyov.com/state v0.0.0-20180228185332-28bcc343414c/go.mod h1:0PRwlb0D git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg= github.com/AndreasBriese/bbloom v0.0.0-20190306092124-e2d15f34fcf9 h1:HD8gA2tkByhMAwYaFAX9w2l7vxvBQ5NMoxDrkhqhtn4= github.com/AndreasBriese/bbloom v0.0.0-20190306092124-e2d15f34fcf9/go.mod h1:bOvUY6CB00SOBii9/FifXqc0awNKxLFCL/+pkDPuyl8= -github.com/Azure/azure-sdk-for-go v32.4.0+incompatible h1:1JP8SKfroEakYiQU2ZyPDosh8w2Tg9UopKt88VyQPt4= github.com/Azure/azure-sdk-for-go v32.4.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/go-autorest/autorest v0.1.0/go.mod h1:AKyIcETwSUFxIcs/Wnq/C+kwCtlEYGUVd7FPNb2slmg= -github.com/Azure/go-autorest/autorest v0.5.0 h1:Mlm9qy2fpQ9MvfyI41G2Zf5B4CsgjjNbLOWszfK6KrY= github.com/Azure/go-autorest/autorest v0.5.0/go.mod h1:9HLKlQjVBH6U3oDfsXOeVc56THsLPw1L03yban4xThw= github.com/Azure/go-autorest/autorest/adal v0.1.0/go.mod h1:MeS4XhScH55IST095THyTxElntu7WqB7pNbZo8Q5G3E= -github.com/Azure/go-autorest/autorest/adal v0.2.0 h1:7IBDu1jgh+ADHXnEYExkV9RE/ztOOlxdACkkPRthGKw= github.com/Azure/go-autorest/autorest/adal v0.2.0/go.mod h1:MeS4XhScH55IST095THyTxElntu7WqB7pNbZo8Q5G3E= -github.com/Azure/go-autorest/autorest/azure/auth v0.1.0 h1:YgO/vSnJEc76NLw2ecIXvXa8bDWiqf1pOJzARAoZsYU= github.com/Azure/go-autorest/autorest/azure/auth v0.1.0/go.mod h1:Gf7/i2FUpyb/sGBLIFxTBzrNzBo7aPXXE3ZVeDRwdpM= -github.com/Azure/go-autorest/autorest/azure/cli v0.1.0 h1:YTtBrcb6mhA+PoSW8WxFDoIIyjp13XqJeX80ssQtri4= github.com/Azure/go-autorest/autorest/azure/cli v0.1.0/go.mod h1:Dk8CUAt/b/PzkfeRsWzVG9Yj3ps8mS8ECztu43rdU8U= -github.com/Azure/go-autorest/autorest/date v0.1.0 h1:YGrhWfrgtFs84+h0o46rJrlmsZtyZRg470CqAXTZaGM= github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA= -github.com/Azure/go-autorest/autorest/mocks v0.1.0 h1:Kx+AUU2Te+A3JIyYn6Dfs+cFgx5XorQKuIXrZGoq/SI= github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0= -github.com/Azure/go-autorest/autorest/to v0.2.0 h1:nQOZzFCudTh+TvquAtCRjM01VEYx85e9qbwt5ncW4L8= github.com/Azure/go-autorest/autorest/to v0.2.0/go.mod h1:GunWKJp1AEqgMaGLV+iocmRAJWqST1wQYhyyjXJ3SJc= -github.com/Azure/go-autorest/autorest/validation v0.1.0 h1:ISSNzGUh+ZSzizJWOWzs8bwpXIePbGLW4z/AmUFGH5A= github.com/Azure/go-autorest/autorest/validation v0.1.0/go.mod h1:Ha3z/SqBeaalWQvokg3NZAlQTalVMtOIAs1aGK7G6u8= -github.com/Azure/go-autorest/logger v0.1.0 h1:ruG4BSDXONFRrZZJ2GUXDiUyVpayPmb1GnWeHDdaNKY= github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc= -github.com/Azure/go-autorest/tracing v0.1.0 h1:TRBxC5Pj/fIuh4Qob0ZpkggbfT8RC0SubHbpV3p4/Vc= github.com/Azure/go-autorest/tracing v0.1.0/go.mod h1:ROEEAFwXycQw7Sn3DXNtEedEvdeRAgDr0izn4z5Ij88= github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= @@ -71,18 +58,15 @@ github.com/Masterminds/goutils v1.1.0 h1:zukEsf/1JZwCMgHiK3GZftabmxiCw4apj3a28RP github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= github.com/Masterminds/semver v1.4.2 h1:WBLTQ37jOCzSLtXNdoo8bNM8876KhNqOKvrlGITgsTc= github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= -github.com/Masterminds/semver/v3 v3.0.1 h1:2kKm5lb7dKVrt5TYUiAavE6oFc1cFT0057UVGT+JqLk= github.com/Masterminds/semver/v3 v3.0.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= github.com/Masterminds/semver/v3 v3.0.3 h1:znjIyLfpXEDQjOIEWh+ehwpTU14UzUPub3c3sm36u14= github.com/Masterminds/semver/v3 v3.0.3/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= -github.com/Masterminds/sprig/v3 v3.0.0 h1:KSQz7Nb08/3VU9E4ns29dDxcczhOD1q7O1UfM4G3t3g= github.com/Masterminds/sprig/v3 v3.0.0/go.mod h1:NEUY/Qq8Gdm2xgYA+NwJM6wmfdRV9xkh8h/Rld20R0U= github.com/Masterminds/sprig/v3 v3.0.2 h1:wz22D0CiSctrliXiI9ZO3HoNApweeRGftyDN+BQa3B8= github.com/Masterminds/sprig/v3 v3.0.2/go.mod h1:oesJ8kPONMONaZgtiHNzUShJbksypC5kWczhZAf6+aU= github.com/Masterminds/vcs v1.13.0/go.mod h1:N09YCmOQr6RLxC6UNHzuVwAdodYbbnycGHSmwVJjcKA= github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= -github.com/OpenDNS/vegadns2client v0.0.0-20180418235048-a3fa4a771d87 h1:xPMsUicZ3iosVPSIP7bW5EcGUzjiiMl1OYTe14y/R24= github.com/OpenDNS/vegadns2client v0.0.0-20180418235048-a3fa4a771d87/go.mod h1:iGLljf5n9GjT6kc0HBvyI1nOKnGQbNB66VzSNbK5iks= github.com/OpenPeeDeeP/depguard v1.0.0/go.mod h1:7/4sitnI9YlQgTLLk734QlzXT8DuHVnAyztLplQjk+o= github.com/OpenPeeDeeP/depguard v1.0.1/go.mod h1:xsIw86fROiiwelg+jB2uM9PiKihMMmUx/1V+TNhjQvM= @@ -91,14 +75,12 @@ github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMx github.com/StackExchange/wmi v0.0.0-20180116203802-5d049714c4a6/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg= github.com/ThomasRooney/gexpect v0.0.0-20161231170123-5482f0350944/go.mod h1:sPML5WwI6oxLRLPuuqbtoOKhtmpVDCYtwsps+I+vjIY= github.com/akamai/AkamaiOPEN-edgegrid-golang v0.9.0/go.mod h1:zpDJeKyp9ScW4NNrbdr+Eyxvry3ilGPewKoXw3XGN1k= -github.com/akamai/AkamaiOPEN-edgegrid-golang v0.9.8 h1:6rJvj+NXjjauunLeS7uGy891F1cuAwsWKa9iGzTjz1s= github.com/akamai/AkamaiOPEN-edgegrid-golang v0.9.8/go.mod h1:aVvklgKsPENRkl29bNwrHISa1F+YLGTHArMxZMBqWM8= github.com/akavel/rsrc v0.8.0/go.mod h1:uLoCtb9J+EyAqh+26kdrTgmzRBFPGOolLWKpdxkKq+c= github.com/alangpierce/go-forceexport v0.0.0-20160317203124-8f1d6941cd75 h1:3ILjVyslFbc4jl1w5TWuvvslFD/nDfR2H8tVaMVLrEY= github.com/alangpierce/go-forceexport v0.0.0-20160317203124-8f1d6941cd75/go.mod h1:uAXEEpARkRhCZfEvy/y0Jcc888f9tHCc1W7/UeEtreE= github.com/alecthomas/assert v0.0.0-20170929043011-405dbfeb8e38 h1:smF2tmSOzy2Mm+0dGI2AIUHY+w0BUc+4tn40djz7+6U= github.com/alecthomas/assert v0.0.0-20170929043011-405dbfeb8e38/go.mod h1:r7bzyVFMNntcxPZXK3/+KdruV1H5KSlyVY0gc+NgInI= -github.com/alecthomas/chroma v0.7.2-0.20200305040604-4f3623dce67a h1:3v1NrYWWqp2S72e4HLgxKt83B3l0lnORDholH/ihoMM= github.com/alecthomas/chroma v0.7.2-0.20200305040604-4f3623dce67a/go.mod h1:fv5SzZPFJbwp2NXJWpFIX7DZS4HgV1K4ew4Pc2OZD9s= github.com/alecthomas/chroma v0.7.2 h1:B76NU/zbQYIUhUowbi4fmvREmDUJLsUzKWTZmQd3ABY= github.com/alecthomas/chroma v0.7.2/go.mod h1:fv5SzZPFJbwp2NXJWpFIX7DZS4HgV1K4ew4Pc2OZD9s= @@ -113,9 +95,7 @@ github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuy github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/aliyun/alibaba-cloud-sdk-go v0.0.0-20190808125512-07798873deee h1:NYqDBPkhVYt68W3yoGoRRi32i3MLx2ey7SFkJ1v/UI0= github.com/aliyun/alibaba-cloud-sdk-go v0.0.0-20190808125512-07798873deee/go.mod h1:myCDvQSzCW+wB1WAlocEru4wMGJxy+vlxHdhegi1CDQ= -github.com/aliyun/alibaba-cloud-sdk-go v1.61.112 h1:E273ePcLllLIBGg5BHr3T0Fp1BJTvUyh5Y57ziSy81w= github.com/aliyun/alibaba-cloud-sdk-go v1.61.112/go.mod h1:pUKYbK5JQ+1Dfxk80P0qxGqe5dkxDoabbZS7zOcouyA= github.com/aliyun/aliyun-oss-go-sdk v0.0.0-20190307165228-86c17b95fcd5/go.mod h1:T/Aws4fEfogEE9v+HPhhw+CntffsBHJ8nXQCwKr0/g8= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= @@ -128,7 +108,6 @@ github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a h1:pv34s756C4pEXnjg github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A= github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/aws/aws-sdk-go v1.19.18/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.23.0 h1:ilfJN/vJtFo1XDFxB2YMBYGeOvGZl6Qow17oyD4+Z9A= github.com/aws/aws-sdk-go v1.23.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f/go.mod h1:AuiFmCCPBSrqvVMvuqFuk0qogytodnVFVSN5CeJB8Gc= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= @@ -144,7 +123,6 @@ github.com/caddyserver/certmagic v0.10.12/go.mod h1:Y8jcUBctgk/IhpAzlHKfimZNyXCk github.com/cenkalti/backoff/v4 v4.0.0 h1:6VeaLF9aI+MAUQ95106HwWzYZgJJpZ4stumjj6RFYAU= github.com/cenkalti/backoff/v4 v4.0.0/go.mod h1:eEew/i+1Q6OrCDZh3WiXYv3+nJwBASZ8Bog/87DQnVg= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/census-instrumentation/opencensus-proto v0.2.1 h1:glEXhBS5PSLLv4IXzLA5yPRVX4bilULVyxxbrfOtDAk= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= @@ -157,7 +135,6 @@ github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5P github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1 h1:q763qf9huN11kDQavWsoZXJNW3xEE4JJyHa5Q25/sd8= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cloudflare/cloudflare-go v0.10.2 h1:VBodKICVPnwmDxstcW3biKcDSpFIfS/RELUXsZSBYK4= github.com/cloudflare/cloudflare-go v0.10.2/go.mod h1:qhVI5MKwBGhdNU89ZRz2plgYutcJ5PCekLxXn56w6SY= github.com/codegangsta/cli v1.20.0/go.mod h1:/qJNoX69yVSKu5o4jLyXAENLRyk1uhi7zkbQ3slBdOA= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= @@ -173,11 +150,9 @@ github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7 github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/corpix/uarand v0.1.1/go.mod h1:SFKZvkcRoLqVRFZ4u25xPmp6m9ktANfbpXZ7SJ0/FNU= github.com/cpu/goacmedns v0.0.1/go.mod h1:sesf/pNnCYwUevQEQfEwY0Y3DydlQWSGZbaMElOWxok= -github.com/cpu/goacmedns v0.0.2 h1:hYAgjnPu7HogTgb8trqQouR/RrBgXq1TPBgmxbK9eRA= github.com/cpu/goacmedns v0.0.2/go.mod h1:4MipLkI+qScwqtVxcNO6okBhbgRrr7/tKXUSgSL0teQ= github.com/cpuguy83/go-md2man v1.0.10 h1:BSKMNlYxDvnunlTymqtgONjNnaRV1sTpcovwwjF22jk= github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= -github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSYgptZMwQh2aRr3LuazLJIa+Pg3Kc1ylSYVY= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.0 h1:EoUDS0afbrsXAZ9YQ9jdu/mZ2sXgT1/2yyNng4PGlyM= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= @@ -190,22 +165,16 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/dgraph-io/badger v1.5.3 h1:5oWIuRvwn93cie+OSt1zSnkaIQ1JFQM8bGlIv6O6Sts= github.com/dgraph-io/badger v1.5.3/go.mod h1:VZxzAIRPHRVNRKRo6AXrX9BJegn6il06VMTZVJYCIjQ= -github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2 h1:tdlZCpZ/P9DhczCTSixgIKmwPv6+wP5DGjqLYw5SUiA= github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= -github.com/dimchansky/utfbom v1.1.0 h1:FcM3g+nofKgUteL8dm/UpdRXNC9KmADgTpLKsu0TRo4= github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8= -github.com/dlclark/regexp2 v1.1.6 h1:CqB4MjHw0MFCDj+PHHjiESmHX+N7t0tJzKvC6M97BRg= github.com/dlclark/regexp2 v1.1.6/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc= github.com/dlclark/regexp2 v1.2.0 h1:8sAhBGEM0dRWogWqWyQeIJnxjWO6oIjl8FKqREDsGfk= github.com/dlclark/regexp2 v1.2.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc= -github.com/dnaeon/go-vcr v0.0.0-20180814043457-aafff18a5cc2 h1:G9/PqfhOrt8JXnw0DGTfVoOkKHDhOlEZqhE/cu+NvQM= github.com/dnaeon/go-vcr v0.0.0-20180814043457-aafff18a5cc2/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E= -github.com/dnsimple/dnsimple-go v0.30.0 h1:IBIrn9jMKRMwporIRwdFyKdnHXVmwy6obnguB+ZMDIY= github.com/dnsimple/dnsimple-go v0.30.0/go.mod h1:O5TJ0/U6r7AfT8niYNlmohpLbCSG+c71tQlGr9SeGrg= -github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac h1:opbrjaN/L8gg6Xh5D04Tem+8xVcz6ajZlGCs49mQgyg= github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= @@ -214,12 +183,10 @@ github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1 github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/exoscale/egoscale v0.18.1 h1:1FNZVk8jHUx0AvWhOZxLEDNlacTU0chMXUUNkm9EZaI= github.com/exoscale/egoscale v0.18.1/go.mod h1:Z7OOdzzTOz1Q1PjQXumlz9Wn/CddH0zSYdCF3rnBKXE= github.com/fatih/color v1.6.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.8.0/go.mod h1:3l45GVGkyrnYNl9HoIjnp2NnNWvh6hLAqD8yTfGjnw8= -github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo= github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/francoispqt/gojay v1.2.13 h1:d2m3sFjloqoIUQU3TsHBgj6qg/BVGlTBeHDUmyJnXKk= @@ -228,15 +195,14 @@ github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= -github.com/go-acme/lego/v3 v3.4.0 h1:deB9NkelA+TfjGHVw8J7iKl/rMtffcGMWSMmptvMv0A= github.com/go-acme/lego/v3 v3.4.0/go.mod h1:xYbLDuxq3Hy4bMUT1t9JIuz6GWIWb3m5X+TeTHYaT7M= github.com/go-acme/lego/v3 v3.6.0 h1:Rv0MrX3DpVp9Xg77yR7x+PCksLLph3Ut/69/9Kim8ac= github.com/go-acme/lego/v3 v3.6.0/go.mod h1:sB/T7hfyz0HYIBvPmz/C8jIaxF6scbbiGKTzbQ22V6A= +github.com/go-chi/chi v4.0.2+incompatible h1:maB6vn6FqCxrpz4FqWdh4+lwpyZIQS7YEAUcHlgXVRs= github.com/go-chi/chi v4.0.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= github.com/go-cmd/cmd v1.0.5/go.mod h1:y8q8qlK5wQibcw63djSl/ntiHUHXHGdCkPk0j4QeW4s= github.com/go-critic/go-critic v0.3.5-0.20190526074819-1df300866540/go.mod h1:+sE8vrLDS2M0pZkBk0wy6+nLdKexVDrl/jBqQOTDThA= github.com/go-critic/go-critic v0.4.0/go.mod h1:7/14rZGnZbY6E38VEGk2kVhoq6itzc1E68facVDK23g= -github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w= github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= @@ -266,7 +232,6 @@ github.com/go-toolsmith/strparse v1.0.0/go.mod h1:YI2nUKP9YGZnL/L1/DLFBfixrcjslW github.com/go-toolsmith/typep v1.0.0/go.mod h1:JSQCQMUPdRlMZFswiq3TGpNp1GMktqkR2Ns5AIQkATU= github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= github.com/gofrs/flock v0.0.0-20190320160742-5135e617513b/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU= -github.com/gofrs/uuid v3.2.0+incompatible h1:y12jRkkFxsd7GpqdSZ+/KCs/fJbqpEXSGd4+jfEaewE= github.com/gofrs/uuid v3.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= @@ -278,24 +243,19 @@ github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekf github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7 h1:5ZkaAPbicIKTF2I64qf5Fh8Aa83Q/dnOafMYV0OMwjA= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e h1:1r7pUrabqp18hOBcwBwiTsbnFeTZHV9eER/QT5JVZxY= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E= github.com/golang/mock v1.0.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.2.0 h1:28o5sBqPkBsMGnC6b4MvE2TzSr5/AT4c/1fLqVGIwlk= github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.3.1 h1:qGJ6qTW+x6xX/my+8YUVl4WNpX9B7+/l2tRsHGZ7f2s= github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= -github.com/golang/mock v1.4.0 h1:Rd1kQnQu0Hq3qvJppYSG0HtP+f5LPPUiDswTLiEegLg= github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.1 h1:ocYkMQY5RrXTYgXl7ICpV0IXwlEQGwKIsery4gyXa1U= github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= github.com/golang/protobuf v1.3.4 h1:87PNWwrRvUSnqS4dlcBU/ftvOIBep4sYuBLlh6rX2wk= @@ -330,13 +290,11 @@ github.com/google/cel-go v0.4.1/go.mod h1:F0UncVAXNlNjl/4C8hqGdoV6APmuFpetoMJSLI github.com/google/cel-spec v0.3.0/go.mod h1:MjQm800JAGhOZXI7vatnVpmIaFTR6L8FHcKk+piiKpI= github.com/google/certificate-transparency-go v1.1.0/go.mod h1:i+Q7XY+ArBveOUT36jiHGfuSK1fHICIg6sUkRxPAbCs= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ= -github.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= @@ -359,9 +317,7 @@ github.com/googleapis/gax-go/v2 v2.0.3/go.mod h1:LLvjysVCY1JZeum8Z6l8qUty8fiNwE0 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5 h1:sjZBwGj9Jlw33ImPtvFviGYvseOtDM7hkSKB7+Tv3SM= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/gophercloud/gophercloud v0.3.0 h1:6sjpKIpVwRIIwmcEGp+WwNovNsem+c+2vm6oxshRpL8= github.com/gophercloud/gophercloud v0.3.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8= -github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= github.com/gorilla/csrf v1.6.0/go.mod h1:7tSf8kmjNYr7IWDCYhd3U8Ck34iQ/Yw5CJu7bAkHEGI= @@ -380,9 +336,7 @@ github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgf github.com/grpc-ecosystem/grpc-gateway v1.5.0/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw= github.com/grpc-ecosystem/grpc-gateway v1.8.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= -github.com/grpc-ecosystem/grpc-gateway v1.12.1 h1:zCy2xE9ablevUOrUZc3Dl72Dt+ya2FNAvC2yLYMHzi4= github.com/grpc-ecosystem/grpc-gateway v1.12.1/go.mod h1:8XEsbTttt/W+VvjtQhLACqCisSPWTxCZ7sBRjU6iH9c= -github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542 h1:2VTzZjLZBgl62/EtslCrtky5vbi9dd7HrQPQIx6wqiw= github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542/go.mod h1:Ow0tF8D4Kplbc8s8sSb3V2oUCygFHVp8gC3Dn6U4MNI= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= @@ -395,27 +349,23 @@ github.com/huandu/xstrings v1.2.0 h1:yPeWdRnmynF7p+lLYz0H2tthW9lqhMJrQV/U7yy4wX0 github.com/huandu/xstrings v1.2.0/go.mod h1:DvyZB1rfVYsBIigL8HwpZgxHwXozlTgGqn63UyNX5k4= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/icrowley/fake v0.0.0-20180203215853-4178557ae428/go.mod h1:uhpZMVGznybq1itEKXj6RYw9I71qK4kH+OGMjRC4KEo= -github.com/iij/doapi v0.0.0-20190504054126-0bbf12d6d7df h1:MZf03xP9WdakyXhOWuAD5uPK3wHh96wCsqe3hCMKh8E= github.com/iij/doapi v0.0.0-20190504054126-0bbf12d6d7df/go.mod h1:QMZY7/J/KSQEhKWFeDesPjMj+wCHReeknARU3wqlyN4= github.com/imdario/mergo v0.3.7 h1:Y+UAYTZ7gDEuOfhxKWy+dvb5dRQ6rJjFSdX2HZY1/gI= github.com/imdario/mergo v0.3.7/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0B/fFc00Y+Rasa88328GlI/XbtyysCtTHZS8h7IrBU= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= -github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af h1:pmfjZENx5imkbgOkpRUYLnmbU7UEFbjtDA2hxJ1ichM= github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= github.com/json-iterator/go v1.1.5/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.9 h1:9yzud/Ht36ygwatGx56VwCZtlI/2AD15T1X2sjSuGns= github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/jsternberg/zap-logfmt v1.2.0 h1:1v+PK4/B48cy8cfQbxL4FmmNZrjnIMr2BsnyEmXqv2o= github.com/jsternberg/zap-logfmt v1.2.0/go.mod h1:kz+1CUmCutPWABnNkOu9hOHKdT2q3TDYCcsFy9hpqb0= -github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/juju/ansiterm v0.0.0-20180109212912-720a0952cc2a h1:FaWFmfWdAUKbSCtOU2QjDaorUexogfaMgbipgYATUMU= github.com/juju/ansiterm v0.0.0-20180109212912-720a0952cc2a/go.mod h1:UJSiEoRfvx3hP73CvoARgeLjaIOjybY9vj8PUPPFGeU= @@ -434,7 +384,6 @@ github.com/klauspost/cpuid v0.0.0-20180405133222-e7e905edc00e/go.mod h1:Pj4uuM52 github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/klauspost/cpuid v1.2.3 h1:CCtW0xUnWGVINKvE/WWOYKdsPV6mawAtvQuSl8guwQs= github.com/klauspost/cpuid v1.2.3/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= -github.com/kolo/xmlrpc v0.0.0-20190717152603-07c4ee3fd181 h1:TrxPzApUukas24OMMVDUMlCs1XCExJtnGaDEiIAR4oQ= github.com/kolo/xmlrpc v0.0.0-20190717152603-07c4ee3fd181/go.mod h1:o03bZfuBwAXHetKXuInt4S7omeXUu62/A845kiycsSQ= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s= @@ -449,18 +398,14 @@ github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= -github.com/labbsr0x/bindman-dns-webhook v1.0.2 h1:I7ITbmQPAVwrDdhd6dHKi+MYJTJqPCK0jE6YNBAevnk= github.com/labbsr0x/bindman-dns-webhook v1.0.2/go.mod h1:p6b+VCXIR8NYKpDr8/dg1HKfQoRHCdcsROXKvmoehKA= -github.com/labbsr0x/goh v1.0.1 h1:97aBJkDjpyBZGPbQuOK5/gHcSFbcr5aRsq3RSRJFpPk= github.com/labbsr0x/goh v1.0.1/go.mod h1:8K2UhVoaWXcCU7Lxoa2omWnC8gyW8px7/lmO61c027w= github.com/letsencrypt/pkcs11key v2.0.1-0.20170608213348-396559074696+incompatible/go.mod h1:iGYXKqDXt0cpBthCHdr9ZdsQwyGlYFh/+8xa4WzIQ34= github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/libdns/libdns v0.0.0-20200501023120-186724ffc821 h1:663opx/RKxiISi1ozf0WbvweQpYBgf34dx8hKSIau3w= github.com/libdns/libdns v0.0.0-20200501023120-186724ffc821/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40= -github.com/linode/linodego v0.10.0 h1:AMdb82HVgY8o3mjBXJcUv9B+fnJjfDMn2rNRGbX+jvM= github.com/linode/linodego v0.10.0/go.mod h1:cziNP7pbvE3mXIPneHj0oRY8L1WtGEIKlZ8LANE4eXA= -github.com/liquidweb/liquidweb-go v1.6.0 h1:vIj1I/Wf97fUnyirD+bi6Y63c0GiXk9nKI1+sFFl3G0= github.com/liquidweb/liquidweb-go v1.6.0/go.mod h1:UDcVnAMDkZxpw4Y7NOHkqoeiGacVLEIG/i5J9cyixzQ= github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= github.com/lucas-clemente/quic-go v0.15.3 h1:i6n4Jr7673z9TlurAjc87+GlE/BN10++r9XZIPS9j6I= @@ -478,12 +423,10 @@ github.com/marten-seemann/qpack v0.1.0/go.mod h1:LFt1NU/Ptjip0C2CPkhimBz5CGE3WGD github.com/marten-seemann/qtls v0.9.0 h1:8Zguhc72eS+DH5EAb0BpAPIy3HDXYcihQi4xoDZOnjQ= github.com/marten-seemann/qtls v0.9.0/go.mod h1:T1MmAdDPyISzxlK6kjRr0pcZFBVd1OZbBb/j3cvzHhk= github.com/matoous/godox v0.0.0-20190911065817-5d6d842e92eb/go.mod h1:1BELzlh859Sh1c6+90blK8lbYy0kwQf1bYlBhBysy1s= -github.com/mattn/go-colorable v0.0.9 h1:UVL0vNpWh04HeJXV0KLcaT7r06gOH2l4OW6ddYRUIY4= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.4 h1:snbPLB8fVfU9iwbbo30TPtbLRzwWu6aJS6Xh4eaaviA= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= -github.com/mattn/go-isatty v0.0.4 h1:bnP0vzxcAdeI1zdubAl5PjU6zsERjGZb7raWodagDYs= github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.11 h1:FxPOTFNqGkuDUGi3H/qkUbQO4ZiBa2brKq5r0l8TGeM= @@ -496,7 +439,6 @@ github.com/mattn/go-tty v0.0.0-20180219170247-931426f7535a/go.mod h1:XPvLUNfbS4f github.com/mattn/goveralls v0.0.2/go.mod h1:8d1ZMHsd7fW6IRPKQh46F2WRpyib5/X4FOpevwGNQEw= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4= -github.com/miekg/dns v1.1.15 h1:CSSIDtllwGLMoA6zjdKnaE6Tx6eVUxQ29LUgGetiDCI= github.com/miekg/dns v1.1.15/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/dns v1.1.27 h1:aEH/kqUzUxGJ/UHcEKdJY+ugH6WEzsEBBSPa8zuy1aM= github.com/miekg/dns v1.1.27/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM= @@ -504,34 +446,28 @@ github.com/miekg/pkcs11 v1.0.2/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WT github.com/mitchellh/copystructure v1.0.0 h1:Laisrj+bAB6b/yJwB5Bt3ITZhGJdqmxquMKeZ+mmkFQ= github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= -github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-ps v0.0.0-20170309133038-4fdf99ab2936/go.mod h1:r1VsdOzOPt1ZSrGZWFoNhsAedKnEd6r9Np1+5blZCWk= github.com/mitchellh/go-ps v0.0.0-20190716172923-621e5597135b/go.mod h1:r1VsdOzOPt1ZSrGZWFoNhsAedKnEd6r9Np1+5blZCWk= github.com/mitchellh/go-vnc v0.0.0-20150629162542-723ed9867aed/go.mod h1:3rdaFaCv4AyBgu5ALFM0+tSuHrBh6v692nyQe3ikrq0= github.com/mitchellh/mapstructure v0.0.0-20180220230111-00c29f56e238/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/reflectwalk v1.0.0 h1:9D+8oIskB4VJBN5SFlmc27fSlIBZaov1Wpk/IfikLNY= github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8= github.com/mozilla/tls-observatory v0.0.0-20180409132520-8791a200eb40/go.mod h1:SrKMQvPiws7F7iqYp8/TX+IhxCYhzr6N/1yb8cwHsGk= github.com/mozilla/tls-observatory v0.0.0-20190404164649-a3c1b6cfecfd/go.mod h1:SrKMQvPiws7F7iqYp8/TX+IhxCYhzr6N/1yb8cwHsGk= github.com/mreiferson/go-httpclient v0.0.0-20160630210159-31f0106b4474/go.mod h1:OQA4XLvDbMgS8P0CevmM4m9Q3Jq4phKUzcocxuGJ5m8= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= -github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04 h1:o6uBwrhM5C8Ll3MAAxrQxRHEu7FkapwTuI2WmL1rw4g= github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04/go.mod h1:5sN+Lt1CaY4wsPvgQH/jsuJi4XO2ssZbdsIizr4CVC8= github.com/naoina/go-stringutil v0.1.0 h1:rCUeRUHjBjGTSHl0VC00jUPLz8/F9dDzYI70Hzifhks= github.com/naoina/go-stringutil v0.1.0/go.mod h1:XJ2SJL9jCtBh+P9q5btrd/Ylo8XwT/h1USek5+NqSA0= github.com/naoina/toml v0.1.1 h1:PT/lllxVVN0gzzSqSlHEmP8MJB4MY2U7STGxiouV4X8= github.com/naoina/toml v0.1.1/go.mod h1:NBIhNtsFMo3G2szEBne+bO4gS192HuIYRqfvOWb4i1E= -github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32 h1:W6apQkHrMkS0Muv8G/TipAy/FJl/rCYT0+EuS8+Z0z4= github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32/go.mod h1:9wM+0iRr9ahx58uYLpLIr5fm8diHn0JbqRycJi6w0Ms= github.com/nbutton23/zxcvbn-go v0.0.0-20160627004424-a22cb81b2ecd/go.mod h1:o96djdrsSGy3AWPyBgZMAGfxZNfgntdJG+11KU4QvbU= github.com/nbutton23/zxcvbn-go v0.0.0-20171102151520-eafdab6b0663/go.mod h1:o96djdrsSGy3AWPyBgZMAGfxZNfgntdJG+11KU4QvbU= @@ -542,27 +478,21 @@ github.com/newrelic/go-agent v2.15.0+incompatible/go.mod h1:a8Fv1b/fYhFSReoTU6HD github.com/ngdinhtoan/glide-cleanup v0.2.0/go.mod h1:UQzsmiDOb8YV3nOsCxK/c9zPpCZVNoHScRE3EO9pVMM= github.com/nkovacs/streamquote v0.0.0-20170412213628-49af9bddb229/go.mod h1:0aYXnNPJ8l7uZxf45rWW1a/uME32OF0rhiYGNQ2oF2E= github.com/nrdcg/auroradns v1.0.0/go.mod h1:6JPXKzIRzZzMqtTDgueIhTi6rFf1QvYE/HzqidhOhjw= -github.com/nrdcg/auroradns v1.0.1 h1:m/kBq83Xvy3cU261MOknd8BdnOk12q4lAWM+kOdsC2Y= github.com/nrdcg/auroradns v1.0.1/go.mod h1:y4pc0i9QXYlFCWrhWrUSIETnZgrf4KuwjDIWmmXo3JI= -github.com/nrdcg/dnspod-go v0.4.0 h1:c/jn1mLZNKF3/osJ6mz3QPxTudvPArXTjpkmYj0uK6U= github.com/nrdcg/dnspod-go v0.4.0/go.mod h1:vZSoFSFeQVm2gWLMkyX61LZ8HI3BaqtHZWgPTGKr6KQ= -github.com/nrdcg/goinwx v0.6.1 h1:AJnjoWPELyCtofhGcmzzcEMFd9YdF2JB/LgutWsWt/s= github.com/nrdcg/goinwx v0.6.1/go.mod h1:XPiut7enlbEdntAqalBIqcYcTEVhpv/dKWgDCX2SwKQ= -github.com/nrdcg/namesilo v0.2.1 h1:kLjCjsufdW/IlC+iSfAqj0iQGgKjlbUUeDJio5Y6eMg= github.com/nrdcg/namesilo v0.2.1/go.mod h1:lwMvfQTyYq+BbjJd30ylEG4GPSS6PII0Tia4rRpRiyw= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/olekukonko/tablewriter v0.0.1/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= github.com/olekukonko/tablewriter v0.0.4/go.mod h1:zq6QwlOf5SlnkVbMSr5EoBv3636FWnp+qbPhuoO21uA= github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.7.0 h1:WSHQ+IS43OoUrWtD1/bbclrwK8TTH5hzp+umCiuxHgs= github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.11.0 h1:JAKSXpt1YjtLA7YpPiqO9ss6sNXEsPfSGdwN0UHqzrw= github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.4.2/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= -github.com/onsi/gomega v1.4.3 h1:RE1xgDvH7imwFD45h+u2SgIfERHlS2yNG4DObb5BSKU= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.8.1 h1:C5Dqfs/LeauYDX0jJXIe2SWmwCbGzx9yF8C8xy3Lh34= @@ -571,9 +501,7 @@ github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWEr github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8= github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw= -github.com/oracle/oci-go-sdk v7.0.0+incompatible h1:oj5ESjXwwkFRdhZSnPlShvLWYdt/IZ65RQxveYM3maA= github.com/oracle/oci-go-sdk v7.0.0+incompatible/go.mod h1:VQb79nF8Z2cwLkLS35ukwStZIg5F66tcBccjip/j888= -github.com/ovh/go-ovh v0.0.0-20181109152953-ba5adb4cf014 h1:37VE5TYj2m/FLA9SNr4z0+A0JefvTmR60Zwf8XSEV7c= github.com/ovh/go-ovh v0.0.0-20181109152953-ba5adb4cf014/go.mod h1:joRatxRJaZBsY3JAOEMcoOp05CnZzsx4scTxi95DHyQ= github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= github.com/pelletier/go-toml v1.1.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= @@ -623,13 +551,13 @@ github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.3.2/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rs/cors v1.6.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= +github.com/rs/xid v1.2.1 h1:mhH9Nq+C1fY2l1XIpgxIiUOfNpRBYH1kKcr+qfKgjRc= github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ= github.com/russross/blackfriday v1.5.2 h1:HyvC0ARfnZBqnXwABFeSZHpKvJHJJfPz81GNueLj0oo= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ryanuber/go-glob v0.0.0-20170128012129-256dc444b735/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= -github.com/sacloud/libsacloud v1.26.1 h1:td3Kd7lvpSAxxHEVpnaZ9goHmmhi0D/RfP0Rqqf/kek= github.com/sacloud/libsacloud v1.26.1/go.mod h1:79ZwATmHLIFZIMd7sxA3LwzVy/B77uj3LDoToVTxDoQ= github.com/samfoo/ansi v0.0.0-20160124022901-b6bd2ded7189 h1:CmSpbxmewNQbzqztaY0bke1qzHhyNyC29wYgh17Gxfo= github.com/samfoo/ansi v0.0.0-20160124022901-b6bd2ded7189/go.mod h1:UUwuHEJ9zkkPDxspIHOa59PUeSkGFljESGzbxntLmIg= @@ -687,10 +615,8 @@ github.com/smallstep/truststore v0.9.5 h1:KQ6bFXUadu3PG57sFSIBsu2pb/35NqO+MyS2Pv github.com/smallstep/truststore v0.9.5/go.mod h1:HwHKRcBi0RUxxw1LYDpTRhYC4jZUuxPpkHdVonlkoDM= github.com/smallstep/zcrypto v0.0.0-20200203191936-fbc32cf76bce/go.mod h1:+F24VU3UCxfVFvvqgm5jNUFQOm/L6ed13ImwWGFgg/g= github.com/smallstep/zlint v0.0.0-20180727184541-d84eaafe274f/go.mod h1:GeHHT7sJDI9ti3oEaFnvx1F4N8n3ZSw2YM1+sbEoxc4= -github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= -github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d/go.mod h1:UdhH50NIW0fCiwBSr0co2m7BnFLdv4fQTgdqdJTHFeE= @@ -701,7 +627,6 @@ github.com/spf13/afero v1.1.0/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= github.com/spf13/cast v1.2.0/go.mod h1:r2rcYCSwa1IExKTDiTfzaxqT2FNHs8hODu4LnUfgKEg= -github.com/spf13/cast v1.3.0 h1:oget//CVOEoFewqQxwr0Ej5yjygnqGkvggSE/gB35Q8= github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cast v1.3.1 h1:nFm6S0SMdyzrzcmThSipiEubIDy8WEXKNZ0UOgiRpng= github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= @@ -718,11 +643,9 @@ github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DM github.com/spf13/viper v1.6.1/go.mod h1:t3iDnF5Jlj76alVNuyFBk5oUMCvsrkbvZK0WQdfDi5k= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.2.0 h1:Hbg2NidpLE8veEBkEZTL3CvlkUIVzuU9jDplZO54c48= github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= @@ -730,16 +653,12 @@ github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69 github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cbyO7IOYJZWg1U88JhDg3PB6klq9Hg2pA= github.com/timakin/bodyclose v0.0.0-20190721030226-87058b9bfcec/go.mod h1:Qimiffbc6q9tBWlVV6x0P9sat/ao1xEkREYPPj9hphk= github.com/timakin/bodyclose v0.0.0-20190930140734-f7f2e9bca95e/go.mod h1:Qimiffbc6q9tBWlVV6x0P9sat/ao1xEkREYPPj9hphk= -github.com/timewasted/linode v0.0.0-20160829202747-37e84520dcf7 h1:CpHxIaZzVy26GqJn8ptRyto8fuoYOd1v0fXm9bG3wQ8= github.com/timewasted/linode v0.0.0-20160829202747-37e84520dcf7/go.mod h1:imsgLplxEC/etjIhdr3dNzV3JeT27LbVu5pYWm0JCBY= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce/go.mod h1:o8v6yHRoik09Xen7gje4m9ERNah1d1PPsVq1VEx9vE4= github.com/tommy-muehle/go-mnd v1.1.1/go.mod h1:dSUh0FtTP8VhvkL1S+gUR1OKd9ZnSaozuI6r3m6wOig= -github.com/transip/gotransip v0.0.0-20190812104329-6d8d9179b66f h1:clyOmELPZd2LuFEyuo1mP6RXpbAW75PwD+RfDj4kBm0= github.com/transip/gotransip v0.0.0-20190812104329-6d8d9179b66f/go.mod h1:i0f4R4o2HM0m3DZYQWsj6/MEowD57VzoH0v3d7igeFY= -github.com/transip/gotransip/v6 v6.0.2 h1:rOCMY607PYF+YvMHHtJt7eZRd0mx/uhyz6dsXWPmn+4= github.com/transip/gotransip/v6 v6.0.2/go.mod h1:pQZ36hWWRahCUXkFWlx9Hs711gLd8J4qdgLdRzmtY+g= -github.com/uber-go/atomic v1.3.2 h1:Azu9lPBWRNKzYXSIwRfgRuDuS0YKsK4NFhiQv98gkxo= github.com/uber-go/atomic v1.3.2/go.mod h1:/Ct5t2lcmbJ4OSe/waGBoaVvVqtO0bmtfVNex1PFV8g= github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= @@ -747,7 +666,6 @@ github.com/ultraware/funlen v0.0.1/go.mod h1:Dp4UiAus7Wdb9KUZsYWZEWiRzGuM2kXM1lP github.com/ultraware/funlen v0.0.2/go.mod h1:Dp4UiAus7Wdb9KUZsYWZEWiRzGuM2kXM1lPbfaF6xhA= github.com/ultraware/whitespace v0.0.4/go.mod h1:aVMh/gQve5Maj9hQ/hg+F75lr/X5A89uZnzAmWSineA= github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= -github.com/urfave/cli v1.22.1 h1:+mkCCcOFKPnCmVYVcURKps1Xe+3zP90gSYGNfRkjoIY= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli v1.22.2 h1:gsqYFH8bb9ekPA12kRo0hfjngWQjkJPlN9R0N78BoUo= github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= @@ -760,7 +678,6 @@ github.com/valyala/quicktemplate v1.2.0/go.mod h1:EH+4AkTd43SvgIbQHYu59/cJyxDoOV github.com/valyala/tcplisten v0.0.0-20161114210144-ceec8f93295a/go.mod h1:v3UYOV9WzVtRmSR+PDvWpU/qWl4Wa5LApYYX4ZtKbio= github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU= github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM= -github.com/vultr/govultr v0.1.4 h1:UnNMixYFVO0p80itc8PcweoVENyo1PasfvwKhoasR9U= github.com/vultr/govultr v0.1.4/go.mod h1:9H008Uxr/C4vFNGLqKx232C206GL0PBHzOP0809bGNA= github.com/weppos/publicsuffix-go v0.4.0/go.mod h1:z3LCPQ38eedDQSwmsSRW4Y7t2L8Ln16JPQ02lHAdn5k= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= @@ -789,32 +706,25 @@ go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= -go.opencensus.io v0.22.2 h1:75k/FF0Q2YM8QYo07VPddOLBslDt1MZOdEslOHvmzAs= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.3 h1:8sGtKOrtQqkN1bp2AtX+misvLIlOmsEsNd+9NIcPEm8= go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.uber.org/atomic v1.3.2 h1:2Oa65PReHzfn29GpvgsYwloV9AVFHPDk8tYxt2c2tr4= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= -go.uber.org/atomic v1.5.1 h1:rsqfU5vBkVknbhUGbAUwQKR2H4ItV8tjJ+6kJX4cxHM= go.uber.org/atomic v1.5.1/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.6.0 h1:Ezj3JGmsOnG1MoRWQkPBsKLe9DwWD9QeXzTRzzldNVk= go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= -go.uber.org/multierr v1.4.0 h1:f3WCSC2KzAcBXGATIxAB1E2XuCpNU255wNKZ505qi3E= go.uber.org/multierr v1.4.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= go.uber.org/multierr v1.5.0 h1:KCa4XfM8CWFCpxXRGok+Q0SS/0XBhMDbHHGABQLvD2A= go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU= -go.uber.org/ratelimit v0.0.0-20180316092928-c15da0234277 h1:d9qaMM+ODpCq+9We41//fu/sHsTnXcrqd1en3x+GKy4= go.uber.org/ratelimit v0.0.0-20180316092928-c15da0234277/go.mod h1:2X8KaoNd1J0lZV+PxJk/5+DGbO/tpwLR1m++a7FnB/Y= go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee h1:0mgffUl7nfd+FpvXMVz4IDEaUSmT1ysygQC7qYo7sG4= go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= -go.uber.org/zap v1.10.0 h1:ORx85nbTijNz8ljznvCMR1ZBIPKFn3jQrag10X2AsuM= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= -go.uber.org/zap v1.13.0 h1:nR6NoDBgAf67s68NhaXbsojM+2gxp3S1hWkHDl27pVU= go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= go.uber.org/zap v1.14.1 h1:nYDKopTbvAPq/NrUVZwT15y2lpROBiLLyoRTbXOYWOo= go.uber.org/zap v1.14.1/go.mod h1:Mb2vm2krFEG5DV0W9qcHBYFtp/Wku1cvYaqPsS/WYfc= @@ -833,12 +743,9 @@ golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20191227163750-53104e6ec876 h1:sKJQZMuxjOAR/Uo2LBfU90onWEf1dF4C+0hPJCc9Mpc= golang.org/x/crypto v0.0.0-20191227163750-53104e6ec876/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200221231518-2aa609cf4a9d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073 h1:xMPOj6Pz6UipU1wXLkrtqpHbR0AVFnyPEQq/wRWz9lM= golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59 h1:3zb4D3T4G8jdExgVU/95+vQXfpEPiMdCaZgmGVxjNHM= golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200427165652-729f1e841bcc h1:ZGI/fILM2+ueot/UixBSoj9188jCAxVHEZEGhqq67I4= golang.org/x/crypto v0.0.0-20200427165652-729f1e841bcc/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -862,7 +769,6 @@ golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHl golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f h1:J5lckAjkw6qYlOZNj90mLYNTEKDvWeuc1yieZ8qUzUE= golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/lint v0.0.0-20200302205851-738671d3881b h1:Wh+f8QHJXR411sJR8/vRBTZ7YapZaRvUcLFFJhusH0k= @@ -905,13 +811,11 @@ golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20190930134127-c5a3c61f89f3/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191002035440-2ec189313ef0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191027093000-83d349e8ac1a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553 h1:efeOvDhwQ29Dj3SdAV/MJf8oukgn+8D8WgaCaRMchF8= golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200301022130-244492dfa37a h1:GuSPYbZzB5/dcLNCwLQLsg3obCJtX9IJhpXkvY7kzk0= golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200425230154-ff2c4b7c35a0 h1:Jcxah/M+oLZ/R4/z5RzfPzGbPXnVDPkEDtf2JnuxN+U= golang.org/x/net v0.0.0-20200425230154-ff2c4b7c35a0/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= @@ -921,7 +825,6 @@ golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAG golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6 h1:pE8b58s1HRDMi8RDc79m0HISf9D4TzseP40cEA6IGfs= golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d h1:TzXSXBo42m9gQenoE3b9BGiEpg5IG2JkU5FkPIawgtw= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -930,7 +833,6 @@ golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190423024810-112230192c58 h1:8gQV6CLnAEikrhgkHFbMAEhagSSnXWGV915qUMm9mrU= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e h1:vcxGaoTs7kV8m5Np9uUNQin4BrLOthgV7252N8V+FwY= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -960,7 +862,6 @@ golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3 h1:4y9KwBHBgBNwDbtu44R5o1fdOCQUEXhbk/P4A9WmJq0= golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -969,15 +870,12 @@ golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191220142924-d4481acd189f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e h1:LwyF2AFISC9nVbS6MgzsaQNSUsRXI49GS+YQ5KX/QH0= golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae h1:/WDfKMnPU+m5M4xB+6x4kaepxRw6jWvR5iDRdvjHgy8= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527 h1:uYVVQ9WP/Ds2ROhcaGPeIdVq0RIXVLwsHlnvJ+cT1So= golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd h1:xhmwyvizuTgC2qz7ZlMluP20uW+C3Rm0FD/WLDX8884= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -990,9 +888,7 @@ golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20190921001708-c4c64cad1fd0 h1:xQwXv67TxFo9nC1GJFyab5eq/5B590r6RlnL/G8Sz7w= golang.org/x/time v0.0.0-20190921001708-c4c64cad1fd0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20191024005414-555d28b269f0 h1:/5xXl8Y5W96D+TtHSlonuFqGHIWVuyCkGJLwGh9JJFs= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20170915040203-e531a2a1c15f/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -1040,7 +936,6 @@ golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapK golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200106190116-7be0a674c9fc h1:MR2F33ipDGog0C4eMhU6u9o3q6c3dvYis2aG6Jl12Wg= golang.org/x/tools v0.0.0-20200106190116-7be0a674c9fc/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= @@ -1052,7 +947,6 @@ golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapK golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb h1:iKlO7ROJc6SttHKlxzwGytRtBUqX4VARrNTgP2YLX5M= golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898 h1:/atklqdjdhuosWIl6AIbOeHJjicWYPqR9bpxqxYG2pA= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1068,7 +962,6 @@ google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEn google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.15.0 h1:yzlyyDW/J0w8yNFJIhiAJy4kq74S+1DOLdawELNxFMA= google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= @@ -1099,14 +992,12 @@ google.golang.org/genproto v0.0.0-20190927181202-20e1ac93f88c/go.mod h1:IbNlFCBr google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb h1:ADPHZzpzM4tk4V4S5cnCrr5SwzvlrPRmqqCuJDB8UTs= google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200305110556-506484158171 h1:xes2Q2k+d/+YNXVw0FpZkIDJiaux4OVrRKXRAzH6A0U= google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200413115906-b5235f65be36 h1:j7CmVRD4Kec0+f8VuBAc2Ak2MFfXm5Q2/RxuJLL+76E= google.golang.org/genproto v0.0.0-20200413115906-b5235f65be36/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= @@ -1120,7 +1011,6 @@ google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ij google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.24.0/go.mod h1:XDChyiUovWa60DnaeDeZmSW86xtLtjtZbwvSiRnRtcA= -google.golang.org/grpc v1.26.0 h1:2dTRdpdFEEhJYQD8EMLB61nnrzSCTbG38PhqdhvOltg= google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.1 h1:zvIju4sqAGvwKspUQOhwnpcqSbzi7/H6QomNNjTL4sk= @@ -1128,7 +1018,6 @@ google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8 gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -1137,22 +1026,17 @@ gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo= -gopkg.in/h2non/gock.v1 v1.0.15 h1:SzLqcIlb/fDfg7UvukMpNcWsu7sI5tWwL+KCATZqks0= gopkg.in/h2non/gock.v1 v1.0.15/go.mod h1:sX4zAkdYX1TRGJ2JY156cFspQn4yRWn6p9EMdODlynE= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.42.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.44.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/ini.v1 v1.51.1 h1:GyboHr4UqMiLUybYjd22ZjQIKEJEpgtLXtuGbR21Oho= gopkg.in/ini.v1 v1.51.1/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/natefinch/lumberjack.v2 v2.0.0 h1:1Lc07Kr7qY4U2YPouBjpCLxpiyxIVoxqXgkXLknAOE8= gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= -gopkg.in/ns1/ns1-go.v2 v2.0.0-20190730140822-b51389932cbc h1:GAcf+t0o8gdJAdSFYdE9wChu4bIyguMVqz0RHiFL5VY= gopkg.in/ns1/ns1-go.v2 v2.0.0-20190730140822-b51389932cbc/go.mod h1:VV+3haRsgDiVLxyifmMBrBIuCWFBPYKbRssXB9z67Hw= gopkg.in/resty.v1 v1.9.1/go.mod h1:vo52Hzryw9PnPHcJfPsBiFW62XhNx5OczbV9y+IMpgc= -gopkg.in/resty.v1 v1.12.0 h1:CuXP0Pjfw9rOuY6EP+UvtNvt5DSqHpIxILZKT/quCZI= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= -gopkg.in/square/go-jose.v2 v2.3.1 h1:SK5KegNXmKmqE342YYN2qPHEnUYeoMiXXl1poUlI+o4= gopkg.in/square/go-jose.v2 v2.3.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/square/go-jose.v2 v2.4.0 h1:0kXPskUMGAXXWJlP05ktEMOV0vmzFQUWw6d+aZJQU8A= gopkg.in/square/go-jose.v2 v2.4.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= @@ -1160,12 +1044,10 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkep gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.7 h1:VUgggvou5XRW9mHwD/yXxIYSMtY0zoKQf/v226p2nyo= gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= @@ -1175,11 +1057,9 @@ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.1-2019.2.3 h1:3JgtbtFHMiCmsznwGVTUWbgGov+pVqnlf1dEJTNAXeM= honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3 h1:sXmLre5bzIR6ypkjXCDI3jHPssRhc8KD/Ome589sc3U= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -howett.net/plist v0.0.0-20181124034731-591f970eefbb h1:jhnBjNi9UFpfpl8YZhA9CrOqpnJdvzuiHsl/dnxl11M= howett.net/plist v0.0.0-20181124034731-591f970eefbb/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0= howett.net/plist v0.0.0-20200225050739-77e249a2e2ba h1:HiEs/6jQFMHpFqsdPBAk3ieVcsSS8IV+D93f43UuDPo= howett.net/plist v0.0.0-20200225050739-77e249a2e2ba/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0= diff --git a/modules/caddyhttp/reverseproxy/httptransport.go b/modules/caddyhttp/reverseproxy/httptransport.go index f0fbbd6e..327cc89b 100644 --- a/modules/caddyhttp/reverseproxy/httptransport.go +++ b/modules/caddyhttp/reverseproxy/httptransport.go @@ -27,6 +27,7 @@ import ( "time" "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/caddy/v2/modules/caddytls" "golang.org/x/net/http2" ) @@ -140,9 +141,8 @@ func (h *HTTPTransport) Provision(ctx caddy.Context) error { return nil } -// NewTransport builds a standard-lib-compatible -// http.Transport value from h. -func (h *HTTPTransport) NewTransport(_ caddy.Context) (*http.Transport, error) { +// NewTransport builds a standard-lib-compatible http.Transport value from h. +func (h *HTTPTransport) NewTransport(ctx caddy.Context) (*http.Transport, error) { dialer := &net.Dialer{ Timeout: time.Duration(h.DialTimeout), FallbackDelay: time.Duration(h.FallbackDelay), @@ -175,9 +175,8 @@ func (h *HTTPTransport) NewTransport(_ caddy.Context) (*http.Transport, error) { if h.TLS != nil { rt.TLSHandshakeTimeout = time.Duration(h.TLS.HandshakeTimeout) - var err error - rt.TLSClientConfig, err = h.TLS.MakeTLSClientConfig() + rt.TLSClientConfig, err = h.TLS.MakeTLSClientConfig(ctx) if err != nil { return nil, fmt.Errorf("making TLS client config: %v", err) } @@ -267,6 +266,10 @@ type TLSConfig struct { // PEM-encoded key to use with the client certificate. ClientCertificateKeyFile string `json:"client_certificate_key_file,omitempty"` + // If specified, Caddy will use and automate a client certificate + // with this subject name. + ClientCertificateAutomate string `json:"client_certificate_automate,omitempty"` + // If true, TLS verification of server certificates will be disabled. // This is insecure and may be removed in the future. Do not use this // option except in testing or local development environments. @@ -281,7 +284,7 @@ type TLSConfig struct { // MakeTLSClientConfig returns a tls.Config usable by a client to a backend. // If there is no custom TLS configuration, a nil config may be returned. -func (t TLSConfig) MakeTLSClientConfig() (*tls.Config, error) { +func (t TLSConfig) MakeTLSClientConfig(ctx caddy.Context) (*tls.Config, error) { cfg := new(tls.Config) // client auth @@ -298,6 +301,28 @@ func (t TLSConfig) MakeTLSClientConfig() (*tls.Config, error) { } cfg.Certificates = []tls.Certificate{cert} } + if t.ClientCertificateAutomate != "" { + tlsAppIface, err := ctx.App("tls") + if err != nil { + return nil, fmt.Errorf("getting tls app: %v", err) + } + tlsApp := tlsAppIface.(*caddytls.TLS) + err = tlsApp.Manage([]string{t.ClientCertificateAutomate}) + if err != nil { + return nil, fmt.Errorf("managing client certificate: %v", err) + } + cfg.GetClientCertificate = func(cri *tls.CertificateRequestInfo) (*tls.Certificate, error) { + certs := tlsApp.AllMatchingCertificates(t.ClientCertificateAutomate) + var err error + for _, cert := range certs { + err = cri.SupportsCertificate(&cert.Certificate) + if err == nil { + return &cert.Certificate, nil + } + } + return nil, err + } + } // trusted root CAs if len(t.RootCAPool) > 0 || len(t.RootCAPEMFiles) > 0 { diff --git a/modules/caddypki/acmeserver/acmeserver.go b/modules/caddypki/acmeserver/acmeserver.go new file mode 100644 index 00000000..8dc0f01b --- /dev/null +++ b/modules/caddypki/acmeserver/acmeserver.go @@ -0,0 +1,165 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package acmeserver + +import ( + "fmt" + "net/http" + "os" + "path/filepath" + "strings" + "time" + + "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/caddy/v2/modules/caddyhttp" + "github.com/caddyserver/caddy/v2/modules/caddypki" + "github.com/go-chi/chi" + "github.com/smallstep/certificates/acme" + acmeAPI "github.com/smallstep/certificates/acme/api" + "github.com/smallstep/certificates/authority" + "github.com/smallstep/certificates/authority/provisioner" + "github.com/smallstep/certificates/db" + "github.com/smallstep/nosql" +) + +func init() { + caddy.RegisterModule(Handler{}) +} + +// Handler is an ACME server handler. +type Handler struct { + // The ID of the CA to use for signing. This refers to + // the ID given to the CA in the `pki` app. If omitted, + // the default ID is "local". + CA string `json:"ca,omitempty"` + + // The hostname or IP address by which ACME clients + // will access the server. This is used to populate + // the ACME directory endpoint. Default: localhost. + // TODO: this is probably not needed - check with smallstep + Host string `json:"host,omitempty"` + + // The path prefix under which to serve all ACME + // endpoints. All other requests will not be served + // by this handler and will be passed through to + // the next one. Default: "/acme/" + PathPrefix string `json:"path_prefix,omitempty"` + + acmeEndpoints http.Handler +} + +// CaddyModule returns the Caddy module information. +func (Handler) CaddyModule() caddy.ModuleInfo { + return caddy.ModuleInfo{ + ID: "http.handlers.acme_server", + New: func() caddy.Module { return new(Handler) }, + } +} + +// Provision sets up the ACME server handler. +func (ash *Handler) Provision(ctx caddy.Context) error { + // set some defaults + if ash.CA == "" { + ash.CA = caddypki.DefaultCAID + } + if ash.Host == "" { + ash.Host = defaultHost + } + if ash.PathPrefix == "" { + ash.PathPrefix = defaultPathPrefix + } + + // get a reference to the configured CA + appModule, err := ctx.App("pki") + if err != nil { + return err + } + pkiApp := appModule.(*caddypki.PKI) + ca, ok := pkiApp.CAs[ash.CA] + if !ok { + return fmt.Errorf("no certificate authority configured with id: %s", ash.CA) + } + + dbFolder := filepath.Join(caddy.AppDataDir(), "acme_server", "db") + + // TODO: See https://github.com/smallstep/nosql/issues/7 + err = os.MkdirAll(dbFolder, 0755) + if err != nil { + return fmt.Errorf("making folder for ACME server database: %v", err) + } + + authorityConfig := caddypki.AuthorityConfig{ + AuthConfig: &authority.AuthConfig{ + Provisioners: provisioner.List{ + &provisioner.ACME{ + Name: ash.CA, + Type: provisioner.TypeACME.String(), + Claims: &provisioner.Claims{ + MinTLSDur: &provisioner.Duration{Duration: 5 * time.Minute}, + MaxTLSDur: &provisioner.Duration{Duration: 24 * time.Hour * 365}, + DefaultTLSDur: &provisioner.Duration{Duration: 12 * time.Hour}, + }, + }, + }, + }, + DB: &db.Config{ + Type: "badger", + DataSource: dbFolder, + }, + } + + auth, err := ca.NewAuthority(authorityConfig) + if err != nil { + return err + } + + acmeAuth, err := acme.NewAuthority( + auth.GetDatabase().(nosql.DB), // stores all the server state + ash.Host, // used for directory links; TODO: not needed + strings.Trim(ash.PathPrefix, "/"), // used for directory links + auth) // configures the signing authority + if err != nil { + return err + } + + // create the router for the ACME endpoints + acmeRouterHandler := acmeAPI.New(acmeAuth) + r := chi.NewRouter() + r.Route(ash.PathPrefix, func(r chi.Router) { + acmeRouterHandler.Route(r) + }) + ash.acmeEndpoints = r + + return nil +} + +func (ash Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhttp.Handler) error { + if strings.HasPrefix(r.URL.Path, ash.PathPrefix) { + ash.acmeEndpoints.ServeHTTP(w, r) + return nil + } + return next.ServeHTTP(w, r) +} + +const ( + defaultHost = "localhost" + defaultPathPrefix = "/acme/" +) + +// Interface guards +var ( + _ caddyhttp.MiddlewareHandler = (*Handler)(nil) + _ caddy.Provisioner = (*Handler)(nil) +) diff --git a/modules/caddypki/ca.go b/modules/caddypki/ca.go index 21a8bd50..610e7f63 100644 --- a/modules/caddypki/ca.go +++ b/modules/caddypki/ca.go @@ -15,6 +15,7 @@ package caddypki import ( + "crypto" "crypto/x509" "encoding/json" "fmt" @@ -24,6 +25,8 @@ import ( "github.com/caddyserver/caddy/v2" "github.com/caddyserver/certmagic" + "github.com/smallstep/certificates/authority" + "github.com/smallstep/certificates/db" "github.com/smallstep/truststore" "go.uber.org/zap" ) @@ -171,6 +174,52 @@ func (ca CA) IntermediateKey() interface{} { return ca.interKey } +// NewAuthority returns a new Smallstep-powered signing authority for this CA. +func (ca CA) NewAuthority(authorityConfig AuthorityConfig) (*authority.Authority, error) { + cfg := &authority.Config{ + // TODO: eliminate these placeholders / needless values + // see https://github.com/smallstep/certificates/issues/218 + Address: "placeholder_Address:1", + Root: []string{"placeholder_Root"}, + IntermediateCert: "placeholder_IntermediateCert", + IntermediateKey: "placeholder_IntermediateKey", + DNSNames: []string{"placeholder_DNSNames"}, + + AuthorityConfig: authorityConfig.AuthConfig, + DB: authorityConfig.DB, + } + // TODO: this also seems unnecessary, see above issue + if cfg.AuthorityConfig == nil { + cfg.AuthorityConfig = new(authority.AuthConfig) + } + + // get the root certificate and the issuer cert+key + rootCert := ca.RootCertificate() + var issuerCert *x509.Certificate + var issuerKey interface{} + if authorityConfig.SignWithRoot { + issuerCert = rootCert + var err error + issuerKey, err = ca.RootKey() + if err != nil { + return nil, fmt.Errorf("loading signing key: %v", err) + } + } else { + issuerCert = ca.IntermediateCertificate() + issuerKey = ca.IntermediateKey() + } + + auth, err := authority.New(cfg, + authority.WithX509Signer(issuerCert, issuerKey.(crypto.Signer)), + authority.WithX509RootCerts(rootCert), + ) + if err != nil { + return nil, fmt.Errorf("initializing certificate authority: %v", err) + } + + return auth, nil +} + func (ca CA) loadOrGenRoot() (rootCert *x509.Certificate, rootKey interface{}, err error) { rootCertPEM, err := ca.storage.Load(ca.storageKeyRootCert()) if err != nil { @@ -345,8 +394,20 @@ func (ca CA) installRoot() error { ) } +// AuthorityConfig is used to help a CA configure +// the underlying signing authority. +type AuthorityConfig struct { + SignWithRoot bool + + // TODO: should we just embed the underlying authority.Config struct type? + DB *db.Config + AuthConfig *authority.AuthConfig +} + const ( - defaultCAID = "local" + // DefaultCAID is the default CA ID. + DefaultCAID = "local" + defaultCAName = "Caddy Local Authority" defaultRootCommonName = "{pki.ca.name} - {time.now.year} ECC Root" defaultIntermediateCommonName = "{pki.ca.name} - ECC Intermediate" diff --git a/modules/caddypki/command.go b/modules/caddypki/command.go index 9117f3f0..34daefaa 100644 --- a/modules/caddypki/command.go +++ b/modules/caddypki/command.go @@ -88,7 +88,7 @@ func cmdTrust(fs caddycmd.Flags) (int, error) { ca := CA{ storage: caddy.DefaultStorage, } - err := ca.Provision(ctx, defaultCAID, caddy.Log()) + err := ca.Provision(ctx, DefaultCAID, caddy.Log()) if err != nil { return caddy.ExitCodeFailedStartup, err } @@ -109,7 +109,7 @@ func cmdUntrust(fs caddycmd.Flags) (int, error) { return caddy.ExitCodeFailedStartup, fmt.Errorf("conflicting command line arguments") } if ca == "" && cert == "" { - ca = defaultCAID + ca = DefaultCAID } if ca != "" { cert = filepath.Join(caddy.AppDataDir(), "pki", "authorities", ca, "root.crt") diff --git a/modules/caddypki/pki.go b/modules/caddypki/pki.go index f9aa372d..77370797 100644 --- a/modules/caddypki/pki.go +++ b/modules/caddypki/pki.go @@ -52,7 +52,7 @@ func (p *PKI) Provision(ctx caddy.Context) error { // if this app is initialized at all, ensure there's // at least a default CA that can be used if len(p.CAs) == 0 { - p.CAs = map[string]*CA{defaultCAID: new(CA)} + p.CAs = map[string]*CA{DefaultCAID: new(CA)} } for caID, ca := range p.CAs { diff --git a/modules/caddytls/internalissuer.go b/modules/caddytls/internalissuer.go index 53a1d004..ca43bf8f 100644 --- a/modules/caddytls/internalissuer.go +++ b/modules/caddytls/internalissuer.go @@ -17,7 +17,6 @@ package caddytls import ( "bytes" "context" - "crypto" "crypto/x509" "encoding/pem" "fmt" @@ -26,7 +25,6 @@ import ( "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/modules/caddypki" "github.com/caddyserver/certmagic" - "github.com/smallstep/certificates/authority" "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/cli/crypto/x509util" ) @@ -73,7 +71,7 @@ func (li *InternalIssuer) Provision(ctx caddy.Context) error { } pkiApp := appModule.(*caddypki.PKI) if li.CA == "" { - li.CA = defaultInternalCAName + li.CA = caddypki.DefaultCAID } ca, ok := pkiApp.CAs[li.CA] if !ok { @@ -98,40 +96,20 @@ func (li InternalIssuer) IssuerKey() string { // Issue issues a certificate to satisfy the CSR. func (li InternalIssuer) Issue(ctx context.Context, csr *x509.CertificateRequest) (*certmagic.IssuedCertificate, error) { // prepare the signing authority - // TODO: eliminate placeholders / needless values - cfg := &authority.Config{ - Address: "placeholder_Address:1", - Root: []string{"placeholder_Root"}, - IntermediateCert: "placeholder_IntermediateCert", - IntermediateKey: "placeholder_IntermediateKey", - DNSNames: []string{"placeholder_DNSNames"}, - AuthorityConfig: &authority.AuthConfig{ - Provisioners: provisioner.List{}, - }, + authCfg := caddypki.AuthorityConfig{ + SignWithRoot: li.SignWithRoot, + } + auth, err := li.ca.NewAuthority(authCfg) + if err != nil { + return nil, err } - // get the root certificate and the issuer cert+key - rootCert := li.ca.RootCertificate() + // get the cert (public key) that will be used for signing var issuerCert *x509.Certificate - var issuerKey interface{} if li.SignWithRoot { - issuerCert = rootCert - var err error - issuerKey, err = li.ca.RootKey() - if err != nil { - return nil, fmt.Errorf("loading signing key: %v", err) - } + issuerCert = li.ca.RootCertificate() } else { issuerCert = li.ca.IntermediateCertificate() - issuerKey = li.ca.IntermediateKey() - } - - auth, err := authority.New(cfg, - authority.WithX509Signer(issuerCert, issuerKey.(crypto.Signer)), - authority.WithX509RootCerts(rootCert), - ) - if err != nil { - return nil, fmt.Errorf("initializing certificate authority: %v", err) } // ensure issued certificate does not expire later than its issuer @@ -161,13 +139,16 @@ func (li InternalIssuer) Issue(ctx context.Context, csr *x509.CertificateRequest }, nil } -// TODO: borrowing from https://github.com/smallstep/certificates/blob/806abb6232a5691198b891d76b9898ea7f269da0/authority/provisioner/sign_options.go#L191-L211 -// as per https://github.com/smallstep/certificates/issues/198. // profileDefaultDuration is a wrapper against x509util.WithOption to conform // the SignOption interface. +// +// This type is borrowed from the smallstep libraries: +// https://github.com/smallstep/certificates/blob/806abb6232a5691198b891d76b9898ea7f269da0/authority/provisioner/sign_options.go#L191-L211 +// as per https://github.com/smallstep/certificates/issues/198. +// +// TODO: In the future, this approach to custom cert lifetimes may not be necessary type profileDefaultDuration time.Duration -// TODO: is there a better way to set cert lifetimes than copying from the smallstep libs? func (d profileDefaultDuration) Option(so provisioner.Options) x509util.WithOption { var backdate time.Duration notBefore := so.NotBefore.Time() @@ -188,7 +169,6 @@ func (d profileDefaultDuration) Option(so provisioner.Options) x509util.WithOpti } const ( - defaultInternalCAName = "local" defaultInternalCertLifetime = 12 * time.Hour ) diff --git a/modules/standard/import.go b/modules/standard/import.go index dddf712b..b8ea7a8f 100644 --- a/modules/standard/import.go +++ b/modules/standard/import.go @@ -5,6 +5,7 @@ import ( _ "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" _ "github.com/caddyserver/caddy/v2/modules/caddyhttp/standard" _ "github.com/caddyserver/caddy/v2/modules/caddypki" + _ "github.com/caddyserver/caddy/v2/modules/caddypki/acmeserver" _ "github.com/caddyserver/caddy/v2/modules/caddytls" _ "github.com/caddyserver/caddy/v2/modules/caddytls/distributedstek" _ "github.com/caddyserver/caddy/v2/modules/caddytls/standardstek" From 2f59467ac3b8f31b0f2ad9af346bb52a045a3db2 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Tue, 5 May 2020 12:37:52 -0600 Subject: [PATCH 0016/1498] httpcaddyfile: Only append TLS conn policy if it's non-empty (#3319) This can lead to nicer, smaller JSON output for Caddyfiles like this: a { tls internal } b { tls foo@bar.com } i.e. where the tls directive only configures automation policies, and is merely meant to enable TLS on a server block (if it wasn't implied). This helps keeps implicit config implicit. Needs a little more testing to ensure it doesn't break anything important. --- caddyconfig/httpcaddyfile/httptype.go | 5 ++++- modules/caddytls/connpolicy.go | 13 +++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 775c0623..aacaf913 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -416,7 +416,10 @@ func (st *ServerType) serversFromPairings( hasCatchAllTLSConnPolicy = true } - srv.TLSConnPolicies = append(srv.TLSConnPolicies, cp) + // only append this policy if it actually changes something + if !cp.SettingsEmpty() { + srv.TLSConnPolicies = append(srv.TLSConnPolicies, cp) + } } } diff --git a/modules/caddytls/connpolicy.go b/modules/caddytls/connpolicy.go index 30f72900..1de7c2e4 100644 --- a/modules/caddytls/connpolicy.go +++ b/modules/caddytls/connpolicy.go @@ -264,6 +264,19 @@ func (p *ConnectionPolicy) buildStandardTLSConfig(ctx caddy.Context) error { return nil } +// SettingsEmpty returns true if p's settings (fields +// except the matchers) are all empty/unset. +func (p ConnectionPolicy) SettingsEmpty() bool { + return p.CertSelection == nil && + p.CipherSuites == nil && + p.Curves == nil && + p.ALPN == nil && + p.ProtocolMin == "" && + p.ProtocolMax == "" && + p.ClientAuthentication == nil && + p.DefaultSNI == "" +} + // ClientAuthentication configures TLS client auth. type ClientAuthentication struct { // A list of base64 DER-encoded CA certificates From afecd90a6ca1551057631d21d940af86385ac535 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 5 May 2020 14:39:39 -0400 Subject: [PATCH 0017/1498] reverseproxy: Add tls_server_name option to Caddyfile (#3322) --- modules/caddyhttp/reverseproxy/caddyfile.go | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index 56e2698e..e1c9724c 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -670,6 +670,16 @@ func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { h.TLS.RootCAPEMFiles = args + case "tls_server_name": + if !d.NextArg() { + return d.ArgErr() + } + if h.TLS == nil { + h.TLS = new(TLSConfig) + } + + h.TLS.ServerName = d.Val() + case "keepalive": if !d.NextArg() { return d.ArgErr() From 12cfc19487d99e0add1e86f21156502545121e23 Mon Sep 17 00:00:00 2001 From: Daniel Black Date: Wed, 6 May 2020 04:41:08 +1000 Subject: [PATCH 0018/1498] ci: add s390x and ppc64le builds for linux (#3325) --- .goreleaser.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.goreleaser.yml b/.goreleaser.yml index c1e162f4..5822b886 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -26,12 +26,21 @@ builds: - amd64 - arm - arm64 + - s390x + - ppc64le goarm: - 6 - 7 ignore: - goos: darwin goarch: arm + - goarch: + - ppc64le + - s390x + goos: + - darwin + - windows + - freebsd flags: - -trimpath ldflags: From 9408dacc272e60759aa90ab4766d95bfde3d5fb1 Mon Sep 17 00:00:00 2001 From: Dave Henderson Date: Tue, 5 May 2020 20:50:30 -0400 Subject: [PATCH 0019/1498] Fixing goreleaser syntax error (#3355) Signed-off-by: Dave Henderson --- .github/workflows/ci.yml | 16 ++++++++++++++-- .goreleaser.yml | 19 ++++++++++++------- 2 files changed, 26 insertions(+), 9 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d8d1cf7b..c096fbd1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -4,10 +4,10 @@ name: Cross-Platform on: push: - branches: + branches: - master pull_request: - branches: + branches: - master jobs: @@ -133,3 +133,15 @@ jobs: # uses: docker://reviewdog/action-golangci-lint:v1 # pre-build docker image with: github_token: ${{ secrets.github_token }} + + goreleaser-check: + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v2 + - uses: goreleaser/goreleaser-action@v1 + with: + version: latest + args: check + env: + TAG: ${{ steps.vars.outputs.version_tag }} diff --git a/.goreleaser.yml b/.goreleaser.yml index 5822b886..9dcfab12 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -34,13 +34,18 @@ builds: ignore: - goos: darwin goarch: arm - - goarch: - - ppc64le - - s390x - goos: - - darwin - - windows - - freebsd + - goos: darwin + goarch: ppc64le + - goos: darwin + goarch: s390x + - goos: windows + goarch: ppc64le + - goos: windows + goarch: s390x + - goos: freebsd + goarch: ppc64le + - goos: freebsd + goarch: s390x flags: - -trimpath ldflags: From 9e5d9e2530109c72a406979fabe9ac5352171423 Mon Sep 17 00:00:00 2001 From: Dave Henderson Date: Tue, 5 May 2020 21:13:56 -0400 Subject: [PATCH 0020/1498] ci: Add linux-armv5 builds (#3356) Signed-off-by: Dave Henderson --- .goreleaser.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.goreleaser.yml b/.goreleaser.yml index 9dcfab12..e6627997 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -29,6 +29,7 @@ builds: - s390x - ppc64le goarm: + - 5 - 6 - 7 ignore: @@ -46,6 +47,9 @@ builds: goarch: ppc64le - goos: freebsd goarch: s390x + - goos: freebsd + goarch: arm + goarm: 5 flags: - -trimpath ldflags: From b814c0af9c2c20a92f86e4db9836fd6b127dcf5b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karol=20B=C4=99dkowski?= Date: Wed, 6 May 2020 16:07:13 +0000 Subject: [PATCH 0021/1498] tls/client auth: verify first certificates in client request (#3344) When client certificate is enabled Caddy check only last certificate from request. When this cert is not in list of trusted leaf certificates, connection is rejected. According to RFC TLS1.x the sender's certificate must come first in the list. Each following certificate must directly certify the one preceding it. This patch fix this problem - first certificate is checked instead of last. --- modules/caddytls/connpolicy.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/caddytls/connpolicy.go b/modules/caddytls/connpolicy.go index 1de7c2e4..3a180619 100644 --- a/modules/caddytls/connpolicy.go +++ b/modules/caddytls/connpolicy.go @@ -395,7 +395,7 @@ func (clientauth ClientAuthentication) verifyPeerCertificate(rawCerts [][]byte, return fmt.Errorf("no client certificate provided") } - remoteLeafCert, err := x509.ParseCertificate(rawCerts[len(rawCerts)-1]) + remoteLeafCert, err := x509.ParseCertificate(rawCerts[0]) if err != nil { return fmt.Errorf("can't parse the given certificate: %s", err.Error()) } From 1c17e6c6bb30f730581708d9725aab7ca0a8c560 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 6 May 2020 12:37:44 -0600 Subject: [PATCH 0022/1498] reverseproxy: Allow using TLS for port 80 upstreams (see #3361) An upstream like https://localhost:80 is still forbidden, but an addr of localhost:80 can be used while explicitly enabling TLS as an override; we just don't allow the implicit behavior to be ambiguous. --- modules/caddyhttp/reverseproxy/caddyfile.go | 9 --------- 1 file changed, 9 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index e1c9724c..0a14f098 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -151,15 +151,6 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { } } - // if scheme is not set, we may be able to infer it from a known port - if scheme == "" { - if port == "80" { - scheme = "http" - } else if port == "443" { - scheme = "https" - } - } - // the underlying JSON does not yet support different // transports (protocols or schemes) to each backend, // so we remember the last one we see and compare them From 28ab0bfb13cb17ff1380ee9a2d688a1962591988 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 6 May 2020 13:18:56 -0600 Subject: [PATCH 0023/1498] core: Support loading modules from [][]json.RawMessage fields --- context.go | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/context.go b/context.go index 5c8df51b..c574be7d 100644 --- a/context.go +++ b/context.go @@ -92,6 +92,7 @@ func (ctx *Context) OnCancel(f func()) { // // json.RawMessage => interface{} // []json.RawMessage => []interface{} +// [][]json.RawMessage => [][]interface{} // map[string]json.RawMessage => map[string]interface{} // []map[string]json.RawMessage => []map[string]interface{} // @@ -179,6 +180,27 @@ func (ctx Context) LoadModule(structPointer interface{}, fieldName string) (inte } result = all + } else if typ.Elem().Kind() == reflect.Slice && isJSONRawMessage(typ.Elem().Elem()) { + // val is `[][]json.RawMessage` + + if inlineModuleKey == "" { + panic("unable to determine module name without inline_key because type is not a ModuleMap") + } + var all [][]interface{} + for i := 0; i < val.Len(); i++ { + innerVal := val.Index(i) + var allInner []interface{} + for j := 0; j < innerVal.Len(); j++ { + innerInnerVal, err := ctx.loadModuleInline(inlineModuleKey, moduleNamespace, innerVal.Index(j).Interface().(json.RawMessage)) + if err != nil { + return nil, fmt.Errorf("position %d: %v", j, err) + } + allInner = append(allInner, innerInnerVal) + } + all = append(all, allInner) + } + result = all + } else if isModuleMapType(typ.Elem()) { // val is `[]map[string]json.RawMessage` From 07c6076ea0b3acf30be5ca200b9ee5b84b1a2e0d Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 6 May 2020 16:42:55 -0400 Subject: [PATCH 0024/1498] ci: Add release tagged event triggers to sister repos (#3321) --- .github/workflows/release.yml | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a58a793e..5f6af502 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -65,4 +65,23 @@ jobs: run: | for filename in dist/*.deb; do curl -F package=@"$filename" https://${GEMFURY_PUSH_TOKEN}:@push.fury.io/caddy/ - done \ No newline at end of file + done + + # See https://github.com/peter-evans/repository-dispatch + - name: Trigger event on caddyserver/dist + uses: peter-evans/repository-dispatch@v1 + with: + token: ${{ secrets.REPO_DISPATCH_TOKEN }} + repository: caddyserver/dist + event-type: release-tagged + client-payload: '{"tag": "${{ steps.vars.outputs.version_tag }}"}' + + - name: Trigger event on caddyserver/caddy-docker + uses: peter-evans/repository-dispatch@v1 + with: + token: ${{ secrets.REPO_DISPATCH_TOKEN }} + repository: caddyserver/caddy-docker + event-type: release-tagged + client-payload: '{"tag": "${{ steps.vars.outputs.version_tag }}"}' + + From 8dbc5f70a51aa17fa1ec9c2a34361d0b5d3ccae5 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 6 May 2020 16:02:21 -0600 Subject: [PATCH 0025/1498] Update dependencies and get rid of placeholder hacks in CA code With the latest commit on smallstep/certificates, placeholders in config are no longer needed. --- go.mod | 23 ++++++------ go.sum | 85 +++++++++++++++++++++++++----------------- modules/caddypki/ca.go | 23 +++--------- 3 files changed, 67 insertions(+), 64 deletions(-) diff --git a/go.mod b/go.mod index 112df91c..ced45d69 100644 --- a/go.mod +++ b/go.mod @@ -3,32 +3,33 @@ module github.com/caddyserver/caddy/v2 go 1.14 require ( - github.com/Masterminds/sprig/v3 v3.0.2 + github.com/Masterminds/sprig/v3 v3.1.0 github.com/alecthomas/chroma v0.7.2 github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a github.com/caddyserver/certmagic v0.10.12 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-acme/lego/v3 v3.6.0 - github.com/go-chi/chi v4.0.2+incompatible + github.com/go-chi/chi v4.1.1+incompatible github.com/gogo/protobuf v1.3.1 - github.com/google/cel-go v0.4.1 + github.com/google/cel-go v0.4.2 github.com/jsternberg/zap-logfmt v1.2.0 - github.com/klauspost/compress v1.10.4 - github.com/klauspost/cpuid v1.2.3 + github.com/klauspost/compress v1.10.5 + github.com/klauspost/cpuid v1.2.4 github.com/libdns/libdns v0.0.0-20200501023120-186724ffc821 - github.com/lucas-clemente/quic-go v0.15.3 + github.com/lucas-clemente/quic-go v0.15.7 github.com/naoina/go-stringutil v0.1.0 // indirect github.com/naoina/toml v0.1.1 - github.com/smallstep/certificates v0.14.2 - github.com/smallstep/cli v0.14.2 - github.com/smallstep/nosql v0.2.0 + github.com/smallstep/certificates v0.15.0-rc.1.0.20200506212953-e855707dc274 + github.com/smallstep/cli v0.14.3 + github.com/smallstep/nosql v0.3.0 github.com/smallstep/truststore v0.9.5 - github.com/yuin/goldmark v1.1.28 + github.com/yuin/goldmark v1.1.30 github.com/yuin/goldmark-highlighting v0.0.0-20200307114337-60d527fdb691 - go.uber.org/zap v1.14.1 + go.uber.org/zap v1.15.0 golang.org/x/crypto v0.0.0-20200427165652-729f1e841bcc golang.org/x/net v0.0.0-20200425230154-ff2c4b7c35a0 google.golang.org/genproto v0.0.0-20200413115906-b5235f65be36 gopkg.in/natefinch/lumberjack.v2 v2.0.0 gopkg.in/yaml.v2 v2.2.8 + howett.net/plist v0.0.0-20200225050739-77e249a2e2ba // indirect ) diff --git a/go.sum b/go.sum index 6bc620c9..efde76be 100644 --- a/go.sum +++ b/go.sum @@ -51,21 +51,20 @@ github.com/Azure/go-autorest/tracing v0.1.0/go.mod h1:ROEEAFwXycQw7Sn3DXNtEedEvd github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= +github.com/DataDog/zstd v1.4.1 h1:3oxKN3wbHibqx897utPC2LTQU4J+IHWWJO+glkAkpFM= +github.com/DataDog/zstd v1.4.1/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo= github.com/GeertJohan/go.incremental v1.0.0/go.mod h1:6fAjUhbVuX1KcMD3c8TEgVUqmo4seqhv0i0kdATSkM0= github.com/GeertJohan/go.rice v1.0.0/go.mod h1:eH6gbSOAUv07dQuZVnBmoDP8mgsM1rtixis4Tib9if0= -github.com/Masterminds/glide v0.13.2/go.mod h1:STyF5vcenH/rUqTEv+/hBXlSTo7KYwg2oc2f4tzPWic= github.com/Masterminds/goutils v1.1.0 h1:zukEsf/1JZwCMgHiK3GZftabmxiCw4apj3a28RPBiVg= github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= -github.com/Masterminds/semver v1.4.2 h1:WBLTQ37jOCzSLtXNdoo8bNM8876KhNqOKvrlGITgsTc= -github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= github.com/Masterminds/semver/v3 v3.0.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= -github.com/Masterminds/semver/v3 v3.0.3 h1:znjIyLfpXEDQjOIEWh+ehwpTU14UzUPub3c3sm36u14= -github.com/Masterminds/semver/v3 v3.0.3/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= +github.com/Masterminds/semver/v3 v3.1.0 h1:Y2lUDsFKVRSYGojLJ1yLxSXdMmMYTYls0rCvoqmMUQk= +github.com/Masterminds/semver/v3 v3.1.0/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= github.com/Masterminds/sprig/v3 v3.0.0/go.mod h1:NEUY/Qq8Gdm2xgYA+NwJM6wmfdRV9xkh8h/Rld20R0U= -github.com/Masterminds/sprig/v3 v3.0.2 h1:wz22D0CiSctrliXiI9ZO3HoNApweeRGftyDN+BQa3B8= -github.com/Masterminds/sprig/v3 v3.0.2/go.mod h1:oesJ8kPONMONaZgtiHNzUShJbksypC5kWczhZAf6+aU= -github.com/Masterminds/vcs v1.13.0/go.mod h1:N09YCmOQr6RLxC6UNHzuVwAdodYbbnycGHSmwVJjcKA= +github.com/Masterminds/sprig/v3 v3.1.0 h1:j7GpgZ7PdFqNsmncycTHsLmVPf5/3wJtlgW9TNDYD9Y= +github.com/Masterminds/sprig/v3 v3.1.0/go.mod h1:ONGMf7UfYGAbMXCZmQLy8x3lCDIPrEZE/rU8pmrbihA= github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA= +github.com/OneOfOne/xxhash v1.2.2 h1:KMrpdQIwFcEqXDklaen+P1axHaj9BSKzvpUUfnHldSE= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/OpenDNS/vegadns2client v0.0.0-20180418235048-a3fa4a771d87/go.mod h1:iGLljf5n9GjT6kc0HBvyI1nOKnGQbNB66VzSNbK5iks= github.com/OpenPeeDeeP/depguard v1.0.0/go.mod h1:7/4sitnI9YlQgTLLk734QlzXT8DuHVnAyztLplQjk+o= @@ -115,7 +114,6 @@ github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+Ce github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= github.com/bombsimon/wsl/v2 v2.0.0/go.mod h1:mf25kr/SqFEPhhcxW1+7pxzGlW+hIl/hYTKY95VwV8U= -github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= github.com/caddyserver/certmagic v0.10.12 h1:aZtgzcIssiMSlP0jDdpDBbBzQ5INf5eKL9T6Nf3YzKM= @@ -124,6 +122,7 @@ github.com/cenkalti/backoff/v4 v4.0.0 h1:6VeaLF9aI+MAUQ95106HwWzYZgJJpZ4stumjj6R github.com/cenkalti/backoff/v4 v4.0.0/go.mod h1:eEew/i+1Q6OrCDZh3WiXYv3+nJwBASZ8Bog/87DQnVg= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= +github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cheekybits/genny v1.0.0 h1:uGGa4nei+j20rOSeDeP5Of12XVm7TGUd4dJA9RDitfE= @@ -136,7 +135,6 @@ github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1 h1:q763qf9huN11kDQavWs github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudflare/cloudflare-go v0.10.2/go.mod h1:qhVI5MKwBGhdNU89ZRz2plgYutcJ5PCekLxXn56w6SY= -github.com/codegangsta/cli v1.20.0/go.mod h1:/qJNoX69yVSKu5o4jLyXAENLRyk1uhi7zkbQ3slBdOA= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/bbolt v1.3.3/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= @@ -148,7 +146,6 @@ github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3Ee github.com/coreos/go-systemd v0.0.0-20181012123002-c6f51f82210d/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= -github.com/corpix/uarand v0.1.1/go.mod h1:SFKZvkcRoLqVRFZ4u25xPmp6m9ktANfbpXZ7SJ0/FNU= github.com/cpu/goacmedns v0.0.1/go.mod h1:sesf/pNnCYwUevQEQfEwY0Y3DydlQWSGZbaMElOWxok= github.com/cpu/goacmedns v0.0.2/go.mod h1:4MipLkI+qScwqtVxcNO6okBhbgRrr7/tKXUSgSL0teQ= github.com/cpuguy83/go-md2man v1.0.10 h1:BSKMNlYxDvnunlTymqtgONjNnaRV1sTpcovwwjF22jk= @@ -165,6 +162,10 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/dgraph-io/badger v1.5.3 h1:5oWIuRvwn93cie+OSt1zSnkaIQ1JFQM8bGlIv6O6Sts= github.com/dgraph-io/badger v1.5.3/go.mod h1:VZxzAIRPHRVNRKRo6AXrX9BJegn6il06VMTZVJYCIjQ= +github.com/dgraph-io/badger/v2 v2.0.1-rc1.0.20200413122845-09dd2e1a4195 h1:n8KbImHW5qZCXv1y3tHjz5yz418/eTxeRJZ2ZuDm1ZU= +github.com/dgraph-io/badger/v2 v2.0.1-rc1.0.20200413122845-09dd2e1a4195/go.mod h1:3KY8+bsP8wI0OEnQJAKpd4wIJW/Mm32yw2j/9FUVnIM= +github.com/dgraph-io/ristretto v0.0.2-0.20200115201040-8f368f2f2ab3 h1:MQLRM35Pp0yAyBYksjbj1nZI/w6eyRY/mWoM1sFf4kU= +github.com/dgraph-io/ristretto v0.0.2-0.20200115201040-8f368f2f2ab3/go.mod h1:KPxhHT9ZxKefz+PCeOGsrHpl1qZ7i70dGTu2u+Ahh6E= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2 h1:tdlZCpZ/P9DhczCTSixgIKmwPv6+wP5DGjqLYw5SUiA= github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= @@ -200,6 +201,8 @@ github.com/go-acme/lego/v3 v3.6.0 h1:Rv0MrX3DpVp9Xg77yR7x+PCksLLph3Ut/69/9Kim8ac github.com/go-acme/lego/v3 v3.6.0/go.mod h1:sB/T7hfyz0HYIBvPmz/C8jIaxF6scbbiGKTzbQ22V6A= github.com/go-chi/chi v4.0.2+incompatible h1:maB6vn6FqCxrpz4FqWdh4+lwpyZIQS7YEAUcHlgXVRs= github.com/go-chi/chi v4.0.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= +github.com/go-chi/chi v4.1.1+incompatible h1:MmTgB0R8Bt/jccxp+t6S/1VGIKdJw5J74CK/c9tTfA4= +github.com/go-chi/chi v4.1.1+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= github.com/go-cmd/cmd v1.0.5/go.mod h1:y8q8qlK5wQibcw63djSl/ntiHUHXHGdCkPk0j4QeW4s= github.com/go-critic/go-critic v0.3.5-0.20190526074819-1df300866540/go.mod h1:+sE8vrLDS2M0pZkBk0wy6+nLdKexVDrl/jBqQOTDThA= github.com/go-critic/go-critic v0.4.0/go.mod h1:7/14rZGnZbY6E38VEGk2kVhoq6itzc1E68facVDK23g= @@ -261,6 +264,8 @@ github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaW github.com/golang/protobuf v1.3.4 h1:87PNWwrRvUSnqS4dlcBU/ftvOIBep4sYuBLlh6rX2wk= github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= +github.com/golang/snappy v0.0.1 h1:Qgr9rKW7uDUkrbSmQeiDsGa8SjGyCOGtuasMWwvp2P4= +github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golangci/check v0.0.0-20180506172741-cfe4005ccda2/go.mod h1:k9Qvh+8juN+UKMCS/3jFtGICgW8O96FVaZsaxdzDkR4= github.com/golangci/dupl v0.0.0-20180902072040-3e9179ac440a/go.mod h1:ryS0uhF+x9jgbj/N71xsEqODy9BN81/GonCZiOzirOk= github.com/golangci/errcheck v0.0.0-20181223084120-ef45e06d44b6/go.mod h1:DbHgvLiFKX1Sh2T1w8Q/h4NAI8MHIpzCdnBUDTXU3I0= @@ -285,9 +290,9 @@ github.com/golangci/revgrep v0.0.0-20180812185044-276a5c0a1039/go.mod h1:qOQCunE github.com/golangci/unconvert v0.0.0-20180507085042-28b1c447d1f4/go.mod h1:Izgrg8RkN3rCIMLGE9CyYmU9pY2Jer6DgANEnZ/L/cQ= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/cel-go v0.4.1 h1:2kqc5arTucvtLJzXVUbmiUh7n2xjizwZijPrpEsagAE= -github.com/google/cel-go v0.4.1/go.mod h1:F0UncVAXNlNjl/4C8hqGdoV6APmuFpetoMJSLIQLBPU= -github.com/google/cel-spec v0.3.0/go.mod h1:MjQm800JAGhOZXI7vatnVpmIaFTR6L8FHcKk+piiKpI= +github.com/google/cel-go v0.4.2 h1:Fx1DQPo05qFcDst4TwiGgFfmTjjHsLLbLYQGX67QYUk= +github.com/google/cel-go v0.4.2/go.mod h1:0pIisECLUDurNyQcYRcNjhGp0j/yM6v617EmXsBJE3A= +github.com/google/cel-spec v0.4.0/go.mod h1:2pBM5cU4UKjbPDXBgwWkiwBsVgnxknuEJ7C5TDWwORQ= github.com/google/certificate-transparency-go v1.1.0/go.mod h1:i+Q7XY+ArBveOUT36jiHGfuSK1fHICIg6sUkRxPAbCs= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= @@ -347,11 +352,15 @@ github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/huandu/xstrings v1.2.0 h1:yPeWdRnmynF7p+lLYz0H2tthW9lqhMJrQV/U7yy4wX0= github.com/huandu/xstrings v1.2.0/go.mod h1:DvyZB1rfVYsBIigL8HwpZgxHwXozlTgGqn63UyNX5k4= +github.com/huandu/xstrings v1.3.1 h1:4jgBlKK6tLKFvO8u5pmYjG91cqytmDCDvGh7ECVFfFs= +github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/icrowley/fake v0.0.0-20180203215853-4178557ae428/go.mod h1:uhpZMVGznybq1itEKXj6RYw9I71qK4kH+OGMjRC4KEo= github.com/iij/doapi v0.0.0-20190504054126-0bbf12d6d7df/go.mod h1:QMZY7/J/KSQEhKWFeDesPjMj+wCHReeknARU3wqlyN4= github.com/imdario/mergo v0.3.7 h1:Y+UAYTZ7gDEuOfhxKWy+dvb5dRQ6rJjFSdX2HZY1/gI= github.com/imdario/mergo v0.3.7/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= +github.com/imdario/mergo v0.3.8 h1:CGgOkSJeqMRmt0D9XLWExdT4m4F1vd3FV3VPt+0VxkQ= +github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0B/fFc00Y+Rasa88328GlI/XbtyysCtTHZS8h7IrBU= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= @@ -371,19 +380,20 @@ github.com/juju/ansiterm v0.0.0-20180109212912-720a0952cc2a h1:FaWFmfWdAUKbSCtOU github.com/juju/ansiterm v0.0.0-20180109212912-720a0952cc2a/go.mod h1:UJSiEoRfvx3hP73CvoARgeLjaIOjybY9vj8PUPPFGeU= github.com/juju/ratelimit v1.0.1/go.mod h1:qapgC/Gy+xNh9UxzV13HGGl/6UXNN+ct+vwSgWNm/qk= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= -github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/gotool v0.0.0-20161130080628-0de1eaf82fa3/go.mod h1:jxZFDH7ILpTPQTk+E2s+z4CUas9lVNjIuKR4c5/zKgM= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.4.0/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= -github.com/klauspost/compress v1.10.4 h1:jFzIFaf586tquEB5EhzQG0HwGNSlgAJpG53G6Ss11wc= -github.com/klauspost/compress v1.10.4/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= +github.com/klauspost/compress v1.10.5 h1:7q6vHIqubShURwQz8cQK6yIe/xC3IF0Vm7TGfqjewrc= +github.com/klauspost/compress v1.10.5/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/cpuid v0.0.0-20180405133222-e7e905edc00e/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/klauspost/cpuid v1.2.3 h1:CCtW0xUnWGVINKvE/WWOYKdsPV6mawAtvQuSl8guwQs= github.com/klauspost/cpuid v1.2.3/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= +github.com/klauspost/cpuid v1.2.4 h1:EBfaK0SWSwk+fgk6efYFWdzl8MwRWoOO1gkmiaTXPW4= +github.com/klauspost/cpuid v1.2.4/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/kolo/xmlrpc v0.0.0-20190717152603-07c4ee3fd181/go.mod h1:o03bZfuBwAXHetKXuInt4S7omeXUu62/A845kiycsSQ= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s= @@ -408,8 +418,8 @@ github.com/libdns/libdns v0.0.0-20200501023120-186724ffc821/go.mod h1:yQCXzk1lEZ github.com/linode/linodego v0.10.0/go.mod h1:cziNP7pbvE3mXIPneHj0oRY8L1WtGEIKlZ8LANE4eXA= github.com/liquidweb/liquidweb-go v1.6.0/go.mod h1:UDcVnAMDkZxpw4Y7NOHkqoeiGacVLEIG/i5J9cyixzQ= github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= -github.com/lucas-clemente/quic-go v0.15.3 h1:i6n4Jr7673z9TlurAjc87+GlE/BN10++r9XZIPS9j6I= -github.com/lucas-clemente/quic-go v0.15.3/go.mod h1:oj40DjNLuNugvtXWg4PwaYgv7tAbzAabrT57CC69EhI= +github.com/lucas-clemente/quic-go v0.15.7 h1:Pu7To5/G9JoP1mwlrcIvfV8ByPBlCzif3MCl8+1W83I= +github.com/lucas-clemente/quic-go v0.15.7/go.mod h1:Myi1OyS0FOjL3not4BxT7KN29bRkcMUV5JVVFLKtDp8= github.com/lunixbochs/vtclean v1.0.0 h1:xu2sLAri4lGiovBDQKxl5mrXyESr3gUr5m5SM5+LVb8= github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/magiconair/properties v1.7.6/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= @@ -420,8 +430,8 @@ github.com/manifoldco/promptui v0.3.1 h1:BxqNa7q1hVHXIXy3iupJMkXYS3aHhbubJWv2Jmg github.com/manifoldco/promptui v0.3.1/go.mod h1:zoCNXiJnyM03LlBgTsWv8mq28s7aTC71UgKasqRJHww= github.com/marten-seemann/qpack v0.1.0 h1:/0M7lkda/6mus9B8u34Asqm8ZhHAAt9Ho0vniNuVSVg= github.com/marten-seemann/qpack v0.1.0/go.mod h1:LFt1NU/Ptjip0C2CPkhimBz5CGE3WGDAUWqna+CNTrI= -github.com/marten-seemann/qtls v0.9.0 h1:8Zguhc72eS+DH5EAb0BpAPIy3HDXYcihQi4xoDZOnjQ= -github.com/marten-seemann/qtls v0.9.0/go.mod h1:T1MmAdDPyISzxlK6kjRr0pcZFBVd1OZbBb/j3cvzHhk= +github.com/marten-seemann/qtls v0.9.1 h1:O0YKQxNVPaiFgMng0suWEOY2Sb4LT2sRn9Qimq3Z1IQ= +github.com/marten-seemann/qtls v0.9.1/go.mod h1:T1MmAdDPyISzxlK6kjRr0pcZFBVd1OZbBb/j3cvzHhk= github.com/matoous/godox v0.0.0-20190911065817-5d6d842e92eb/go.mod h1:1BELzlh859Sh1c6+90blK8lbYy0kwQf1bYlBhBysy1s= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.4 h1:snbPLB8fVfU9iwbbo30TPtbLRzwWu6aJS6Xh4eaaviA= @@ -475,7 +485,6 @@ github.com/nbutton23/zxcvbn-go v0.0.0-20180912185939-ae427f1e4c1d/go.mod h1:o96d github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo= github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM= github.com/newrelic/go-agent v2.15.0+incompatible/go.mod h1:a8Fv1b/fYhFSReoTU6HDkTYIMZeSVNffmoS726Y0LzQ= -github.com/ngdinhtoan/glide-cleanup v0.2.0/go.mod h1:UQzsmiDOb8YV3nOsCxK/c9zPpCZVNoHScRE3EO9pVMM= github.com/nkovacs/streamquote v0.0.0-20170412213628-49af9bddb229/go.mod h1:0aYXnNPJ8l7uZxf45rWW1a/uME32OF0rhiYGNQ2oF2E= github.com/nrdcg/auroradns v1.0.0/go.mod h1:6JPXKzIRzZzMqtTDgueIhTi6rFf1QvYE/HzqidhOhjw= github.com/nrdcg/auroradns v1.0.1/go.mod h1:y4pc0i9QXYlFCWrhWrUSIETnZgrf4KuwjDIWmmXo3JI= @@ -603,13 +612,16 @@ github.com/skratchdot/open-golang v0.0.0-20160302144031-75fb7ed4208c/go.mod h1:s github.com/smallstep/assert v0.0.0-20180720014142-de77670473b5/go.mod h1:TC9A4+RjIOS+HyTH7wG17/gSqVv95uDw2J64dQZx7RE= github.com/smallstep/assert v0.0.0-20200103212524-b99dc1097b15 h1:kSImCuenAkXtCaBeQ1UhmzzJGRhSm8sVH7I3sHE2Qdg= github.com/smallstep/assert v0.0.0-20200103212524-b99dc1097b15/go.mod h1:MyOHs9Po2fbM1LHej6sBUT8ozbxmMOFG+E+rx/GSGuc= -github.com/smallstep/certificates v0.14.2 h1:EEGmyHNawWIw+QFMztFxegSa6NMnInhC/dRfpz38n6o= -github.com/smallstep/certificates v0.14.2/go.mod h1:eleWnbKTXDdV9GxWNOtbdjBiitdK5SuO4FCXOvcdLEY= -github.com/smallstep/certinfo v1.2.0/go.mod h1:1gQJekdPwPvUwFWGTi7bZELmQT09cxC9wJ0VBkBNiwU= -github.com/smallstep/cli v0.14.2 h1:0Z1MtcgJfVS9RstNokWSNqE20xPwdiEhZgNuZxYRWRI= -github.com/smallstep/cli v0.14.2/go.mod h1:JOTzEzQ4/l863KUqs9qlAqPagWPOqu6lc3C59S1nYzU= -github.com/smallstep/nosql v0.2.0 h1:IscXK9m9hRyl5GoYgn+Iml//5Bpad3LyIj6R0dZosKM= -github.com/smallstep/nosql v0.2.0/go.mod h1:qyxCqeyGwkuM6bfJSY3sg+aiXEiD0GbQOPzIF8/ZD8Q= +github.com/smallstep/certificates v0.14.4 h1:oMxSrsjMKfEDqzBooMuwsBtk0QgYEXrb6fr8YPcP1WI= +github.com/smallstep/certificates v0.14.4/go.mod h1:Y9ug0+ZTB0k22BBV/2K+LAZIVDCMjAAtbQ0XWS+E870= +github.com/smallstep/certificates v0.15.0-rc.1.0.20200506212953-e855707dc274 h1:3rzfukPUfHp5K4gscalOzpCDAfnZJKETfZpmGLprFt4= +github.com/smallstep/certificates v0.15.0-rc.1.0.20200506212953-e855707dc274/go.mod h1:tARNIrrKV9x+uiTVESAONGfS3GA2GdE3pGfNscMPvDc= +github.com/smallstep/certinfo v1.2.1/go.mod h1:1gQJekdPwPvUwFWGTi7bZELmQT09cxC9wJ0VBkBNiwU= +github.com/smallstep/certinfo v1.3.0/go.mod h1:1gQJekdPwPvUwFWGTi7bZELmQT09cxC9wJ0VBkBNiwU= +github.com/smallstep/cli v0.14.3 h1:GghXS0NBoj7psz10Cds86vvcrz6Pmww8aMGKEiD04AI= +github.com/smallstep/cli v0.14.3/go.mod h1:U3WVQBS6udgpyHg+d0FQxodNGXBwikoXbERyfgcAhs8= +github.com/smallstep/nosql v0.3.0 h1:V1X5vfDsDt89499h3jZFUlR4VnnsYYs5tXaQZ0w8z5U= +github.com/smallstep/nosql v0.3.0/go.mod h1:QG7gNOpidifn99MjZaiNbm7HPesIyBd97F/OfacNz8Q= github.com/smallstep/truststore v0.9.3/go.mod h1:PRSkpRIhAYBK/KLWkHNgRdYgzWMEy45bN7PSJCfKKGE= github.com/smallstep/truststore v0.9.5 h1:KQ6bFXUadu3PG57sFSIBsu2pb/35NqO+MyS2Pvi62bA= github.com/smallstep/truststore v0.9.5/go.mod h1:HwHKRcBi0RUxxw1LYDpTRhYC4jZUuxPpkHdVonlkoDM= @@ -623,6 +635,8 @@ github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d/go.mod h1:Udh github.com/sourcegraph/go-diff v0.5.1/go.mod h1:j2dHj3m8aZgQO8lMTcTnBcXkRRRqi34cd2MNlA9u1mE= github.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e/go.mod h1:HuIsMU8RRBOtsCgI77wP899iHVBQpCmg4ErYMZB+2IA= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= +github.com/spaolacci/murmur3 v1.1.0 h1:7c1g84S4BPRrfL5Xrdp6fOJ206sU9y293DDHaoy0bLI= +github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/afero v1.1.0/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= @@ -687,8 +701,8 @@ github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQ github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= github.com/yuin/goldmark v1.1.22/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.1.28 h1:3Ksz4BbKZVlaGbkXzHxoazZzASQKsfUuOZPr5CNxnC4= -github.com/yuin/goldmark v1.1.28/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.1.30 h1:j4d4Lw3zqZelDhBksEo3BnWg9xhXRQGJPPSL6OApZjI= +github.com/yuin/goldmark v1.1.30/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark-highlighting v0.0.0-20200307114337-60d527fdb691 h1:VWSxtAiQNh3zgHJpdpkpVYjTPqRE3P6UZCOPa1nRDio= github.com/yuin/goldmark-highlighting v0.0.0-20200307114337-60d527fdb691/go.mod h1:YLF3kDffRfUH/bTxOxHhV6lxwIB3Vfj91rEwNMS9MXo= github.com/zmap/rc2 v0.0.0-20131011165748-24b9757f5521/go.mod h1:3YZ9o3WnatTIZhuOtot4IcUfzoKVjUHqu6WALIyI0nE= @@ -726,8 +740,8 @@ go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9E go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= -go.uber.org/zap v1.14.1 h1:nYDKopTbvAPq/NrUVZwT15y2lpROBiLLyoRTbXOYWOo= -go.uber.org/zap v1.14.1/go.mod h1:Mb2vm2krFEG5DV0W9qcHBYFtp/Wku1cvYaqPsS/WYfc= +go.uber.org/zap v1.15.0 h1:ZZCA22JRF2gQE5FoNmhmrf7jeJJ2uhqDUNRYKm8dvmM= +go.uber.org/zap v1.15.0/go.mod h1:Mb2vm2krFEG5DV0W9qcHBYFtp/Wku1cvYaqPsS/WYfc= go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE= golang.org/x/build v0.0.0-20190111050920-041ab4dc3f9d/go.mod h1:OWs+y06UdEOHN4y+MfF/py+xQ/tYqIWW03b70/CG9Rw= golang.org/x/crypto v0.0.0-20180621125126-a49355c7e3f8/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= @@ -747,6 +761,8 @@ golang.org/x/crypto v0.0.0-20191227163750-53104e6ec876/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20200221231518-2aa609cf4a9d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200427165652-729f1e841bcc h1:ZGI/fILM2+ueot/UixBSoj9188jCAxVHEZEGhqq67I4= golang.org/x/crypto v0.0.0-20200427165652-729f1e841bcc/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -799,7 +815,6 @@ golang.org/x/net v0.0.0-20190301231341-16b79f2e4e95/go.mod h1:mL1N/T3taQHkDXs73r golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190313220215-9f648a60d977/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190424112056-4829fb13d2c6/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= @@ -856,11 +871,11 @@ golang.org/x/sys v0.0.0-20190316082340-a2f829d7f35f/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190424175732-18eb32c0e2f0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190626221950-04f50cda93cb/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= diff --git a/modules/caddypki/ca.go b/modules/caddypki/ca.go index 610e7f63..641f006e 100644 --- a/modules/caddypki/ca.go +++ b/modules/caddypki/ca.go @@ -176,23 +176,6 @@ func (ca CA) IntermediateKey() interface{} { // NewAuthority returns a new Smallstep-powered signing authority for this CA. func (ca CA) NewAuthority(authorityConfig AuthorityConfig) (*authority.Authority, error) { - cfg := &authority.Config{ - // TODO: eliminate these placeholders / needless values - // see https://github.com/smallstep/certificates/issues/218 - Address: "placeholder_Address:1", - Root: []string{"placeholder_Root"}, - IntermediateCert: "placeholder_IntermediateCert", - IntermediateKey: "placeholder_IntermediateKey", - DNSNames: []string{"placeholder_DNSNames"}, - - AuthorityConfig: authorityConfig.AuthConfig, - DB: authorityConfig.DB, - } - // TODO: this also seems unnecessary, see above issue - if cfg.AuthorityConfig == nil { - cfg.AuthorityConfig = new(authority.AuthConfig) - } - // get the root certificate and the issuer cert+key rootCert := ca.RootCertificate() var issuerCert *x509.Certificate @@ -209,7 +192,11 @@ func (ca CA) NewAuthority(authorityConfig AuthorityConfig) (*authority.Authority issuerKey = ca.IntermediateKey() } - auth, err := authority.New(cfg, + auth, err := authority.NewEmbedded( + authority.WithConfig(&authority.Config{ + AuthorityConfig: authorityConfig.AuthConfig, + DB: authorityConfig.DB, + }), authority.WithX509Signer(issuerCert, issuerKey.(crypto.Signer)), authority.WithX509RootCerts(rootCert), ) From cd9317e5df6210c0530dd30ffc817dc07f9c7c0c Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 6 May 2020 19:41:37 -0600 Subject: [PATCH 0026/1498] httpcaddyfile: Fix route ordering bug https://caddy.community/t/cant-get-simple-alias-to-work/7911/8?u=matt This removes an optimization where we amortized path matcher decoding. The decoded matchers were index by... position... which obviously changes during sorting. Duh. Anyway, sorting is sliiightly slower now but the Caddyfile is not really CPU-sensitive, so this is fine. --- caddyconfig/httpcaddyfile/directives.go | 78 +++++++++++-------------- 1 file changed, 35 insertions(+), 43 deletions(-) diff --git a/caddyconfig/httpcaddyfile/directives.go b/caddyconfig/httpcaddyfile/directives.go index ff248bfe..ac401e1f 100644 --- a/caddyconfig/httpcaddyfile/directives.go +++ b/caddyconfig/httpcaddyfile/directives.go @@ -276,53 +276,45 @@ func sortRoutes(routes []ConfigValue) { dirPositions[dir] = i } - // while we are sorting, we will need to decode a route's path matcher - // in order to sub-sort by path length; we can amortize this operation - // for efficiency by storing the decoded matchers in a slice - decodedMatchers := make([]caddyhttp.MatchPath, len(routes)) - sort.SliceStable(routes, func(i, j int) bool { + // if the directives are different, just use the established directive order iDir, jDir := routes[i].directive, routes[j].directive - if iDir == jDir { - // directives are the same; sub-sort by path matcher length - // if there's only one matcher set and one path (common case) - iRoute, ok := routes[i].Value.(caddyhttp.Route) - if !ok { - return false - } - jRoute, ok := routes[j].Value.(caddyhttp.Route) - if !ok { - return false - } - - // use already-decoded matcher, or decode if it's the first time seeing it - iPM, jPM := decodedMatchers[i], decodedMatchers[j] - if iPM == nil && len(iRoute.MatcherSetsRaw) == 1 { - var pathMatcher caddyhttp.MatchPath - _ = json.Unmarshal(iRoute.MatcherSetsRaw[0]["path"], &pathMatcher) - decodedMatchers[i] = pathMatcher - iPM = pathMatcher - } - if jPM == nil && len(jRoute.MatcherSetsRaw) == 1 { - var pathMatcher caddyhttp.MatchPath - _ = json.Unmarshal(jRoute.MatcherSetsRaw[0]["path"], &pathMatcher) - decodedMatchers[j] = pathMatcher - jPM = pathMatcher - } - - // sort by longer path (more specific) first; missing - // path matchers are treated as zero-length paths - var iPathLen, jPathLen int - if iPM != nil { - iPathLen = len(iPM[0]) - } - if jPM != nil { - jPathLen = len(jPM[0]) - } - return iPathLen > jPathLen + if iDir != jDir { + return dirPositions[iDir] < dirPositions[jDir] } - return dirPositions[iDir] < dirPositions[jDir] + // directives are the same; sub-sort by path matcher length if there's + // only one matcher set and one path (this is a very common case and + // usually -- but not always -- helpful/expected, oh well; user can + // always take manual control of order using handler or route blocks) + iRoute, ok := routes[i].Value.(caddyhttp.Route) + if !ok { + return false + } + jRoute, ok := routes[j].Value.(caddyhttp.Route) + if !ok { + return false + } + + // decode the path matchers, if there is just one of them + var iPM, jPM caddyhttp.MatchPath + if len(iRoute.MatcherSetsRaw) == 1 { + _ = json.Unmarshal(iRoute.MatcherSetsRaw[0]["path"], &iPM) + } + if len(jRoute.MatcherSetsRaw) == 1 { + _ = json.Unmarshal(jRoute.MatcherSetsRaw[0]["path"], &jPM) + } + + // sort by longer path (more specific) first; missing path + // matchers or multi-matchers are treated as zero-length paths + var iPathLen, jPathLen int + if len(iPM) > 0 { + iPathLen = len(iPM[0]) + } + if len(jPM) > 0 { + jPathLen = len(jPM[0]) + } + return iPathLen > jPathLen }) } From 43fba378d67632084f06d26f15c5ffd6f3168540 Mon Sep 17 00:00:00 2001 From: Jose Donizetti Date: Thu, 7 May 2020 12:31:58 -0300 Subject: [PATCH 0027/1498] docs: Fix command.Func documentation (#3371) --- cmd/commands.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/commands.go b/cmd/commands.go index 43aba01b..e02f6a08 100644 --- a/cmd/commands.go +++ b/cmd/commands.go @@ -27,7 +27,7 @@ type Command struct { // Required. Name string - // Run is a function that executes a subcommand using + // Func is a function that executes a subcommand using // the parsed flags. It returns an exit code and any // associated error. // Required. From c8da8ca6739f34b8302c377de66605724512a994 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 7 May 2020 13:01:33 -0600 Subject: [PATCH 0028/1498] Update readme --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 8be07eff..a0c324e4 100644 --- a/README.md +++ b/README.md @@ -64,7 +64,6 @@ Requirements: - [Go 1.14 or newer](https://golang.org/dl/) -- Do NOT disable [Go modules](https://github.com/golang/go/wiki/Modules) (`export GO111MODULE=on`) ### For development @@ -81,7 +80,7 @@ _**Note:** These steps [will not embed proper version information](https://githu Using [our builder tool](https://github.com/caddyserver/xcaddy)... ``` -$ xcaddy build +$ xcaddy build ``` ...the following steps are automated: @@ -90,8 +89,9 @@ $ xcaddy build 2. Change into it: `cd caddy` 3. Copy [Caddy's main.go](https://github.com/caddyserver/caddy/blob/master/cmd/caddy/main.go) into the empty folder. Add imports for any custom plugins you want to add. 4. Initialize a Go module: `go mod init caddy` -5. Pin Caddy version: `go get github.com/caddyserver/caddy/v2@TAG` replacing `TAG` with a git tag or commit. You can also pin any plugin versions similarly. -6. Compile: `go build` +5. (Optional) Pin Caddy version: `go get github.com/caddyserver/caddy/v2@TAG` replacing `TAG` with a git tag or commit. +6. (Optional) Add plugins by adding their import: `_ "IMPORT_PATH"` +7. Compile: `go build` From bf8c3c25c1631360133137e8e9d30ca158c6cb73 Mon Sep 17 00:00:00 2001 From: Jeremy Lin Date: Thu, 7 May 2020 12:06:00 -0700 Subject: [PATCH 0029/1498] log: improve rounding logic for log rolling directives (#3367) * For `roll_size` and `roll_keep_for` directives, round up instead of down. For example, if a user wants to be able to look back on 36 hours of logs, but you must round to a 24-hour multiple, then it's better to round up to 48 hours (which includes the desired 36 hours) instead of down to 24 hours. * `roll_size` had an off-by-one error that caused the size to be as much as 1 MB larger than requested. For example, requests of `1MB` and `1.1MB` both became 2 MB. Now `1MB` means 1 MB, and `1.1MB` is rounded up to 2 MB. --- modules/logging/filewriter.go | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/modules/logging/filewriter.go b/modules/logging/filewriter.go index 4d306180..59f5b2ae 100644 --- a/modules/logging/filewriter.go +++ b/modules/logging/filewriter.go @@ -17,6 +17,7 @@ package logging import ( "fmt" "io" + "math" "os" "path/filepath" "strconv" @@ -138,8 +139,15 @@ func (fw FileWriter) OpenWriter() (io.WriteCloser, error) { // roll_keep_for // } // -// The roll_size value will be rounded down to number of megabytes (MiB). -// The roll_keep_for duration will be rounded down to number of days. +// The roll_size value has megabyte resolution. +// Fractional values are rounded up to the next whole megabyte (MiB). +// +// The roll_keep_for duration has day resolution. +// Fractional values are rounded up to the next whole number of days. +// +// If any of the roll_size, roll_keep, or roll_keep_for subdirectives are +// omitted or set to a zero value, then Caddy's default value for that +// subdirective is used. func (fw *FileWriter) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { for d.Next() { if !d.NextArg() { @@ -168,7 +176,7 @@ func (fw *FileWriter) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { if err != nil { return d.Errf("parsing size: %v", err) } - fw.RollSizeMB = int(size)/1024/1024 + 1 + fw.RollSizeMB = int(math.Ceil(float64(size) / humanize.MiByte)) case "roll_keep": var keepStr string @@ -190,7 +198,10 @@ func (fw *FileWriter) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { if err != nil { return d.Errf("parsing roll_keep_for duration: %v", err) } - fw.RollKeepDays = int(keepFor.Hours()) / 24 + if keepFor < 0 { + return d.Errf("negative roll_keep_for duration: %v", keepFor) + } + fw.RollKeepDays = int(math.Ceil(keepFor.Hours() / 24)) } } } From 513e0240fd25ef51a8c2f9c87f2bc79d0fd9c91e Mon Sep 17 00:00:00 2001 From: Chandler Swift Date: Fri, 8 May 2020 18:46:40 -0500 Subject: [PATCH 0030/1498] docs: Fix TOC/section header mismatch (#3380) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a0c324e4..32f3d2fe 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,7 @@ - [Build from source](#build-from-source) - [For development](#for-development) - [With version information and/or plugins](#with-version-information-andor-plugins) -- [Getting started](#getting-started) +- [Quick start](#quick-start) - [Overview](#overview) - [Full documentation](#full-documentation) - [Getting help](#getting-help) From 2c91688f39a80afc48e232e989f13aafbc782cf5 Mon Sep 17 00:00:00 2001 From: Mark Sargent <99003+sarge@users.noreply.github.com> Date: Sun, 10 May 2020 08:11:35 +1200 Subject: [PATCH 0031/1498] fix testharness, dumps the current config, only if the config was successfully loaded (#3385) --- caddytest/caddytest.go | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/caddytest/caddytest.go b/caddytest/caddytest.go index 48dd3fac..059b3e17 100644 --- a/caddytest/caddytest.go +++ b/caddytest/caddytest.go @@ -55,8 +55,9 @@ var ( // Tester represents an instance of a test client. type Tester struct { - Client *http.Client - t *testing.T + Client *http.Client + configLoaded bool + t *testing.T } // NewTester will create a new testing client with an attached cookie jar @@ -73,7 +74,8 @@ func NewTester(t *testing.T) *Tester { Jar: jar, Timeout: Default.TestRequestTimeout, }, - t: t, + configLoaded: false, + t: t, } } @@ -114,7 +116,8 @@ func (tc *Tester) initServer(rawConfig string, configType string) error { } tc.t.Cleanup(func() { - if tc.t.Failed() { + if tc.t.Failed() && tc.configLoaded { + res, err := http.Get(fmt.Sprintf("http://localhost:%d/config/", Default.AdminPort)) if err != nil { tc.t.Log("unable to read the current config") @@ -164,6 +167,7 @@ func (tc *Tester) initServer(rawConfig string, configType string) error { return configLoadError{Response: string(body)} } + tc.configLoaded = true return nil } From 7960b4259d976810691f1085332d4761abab9928 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 11 May 2020 12:14:47 -0600 Subject: [PATCH 0032/1498] caddyhttp: Minor refactoring for preparing requests While building a layer4 app for Caddy, I discovered that we need the ability to fill a request's context just like the HTTP server does, hence this exported function PrepareRequest(). --- modules/caddyhttp/routes.go | 4 ++-- modules/caddyhttp/server.go | 32 ++++++++++++++++++++------------ 2 files changed, 22 insertions(+), 14 deletions(-) diff --git a/modules/caddyhttp/routes.go b/modules/caddyhttp/routes.go index 27d49225..10e0c9de 100644 --- a/modules/caddyhttp/routes.go +++ b/modules/caddyhttp/routes.go @@ -113,7 +113,7 @@ func (r Route) Empty() bool { // create a middleware chain. type RouteList []Route -// Provision sets up both the matchers and handlers in the route. +// Provision sets up both the matchers and handlers in the routes. func (routes RouteList) Provision(ctx caddy.Context) error { err := routes.ProvisionMatchers(ctx) if err != nil { @@ -284,7 +284,7 @@ type RawMatcherSets []caddy.ModuleMap type MatcherSets []MatcherSet // AnyMatch returns true if req matches any of the -// matcher sets in mss or if there are no matchers, +// matcher sets in ms or if there are no matchers, // in which case the request always matches. func (ms MatcherSets) AnyMatch(req *http.Request) bool { for _, m := range ms { diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index a4fda28c..55da2530 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -145,19 +145,8 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { } } - // set up the context for the request repl := caddy.NewReplacer() - ctx := context.WithValue(r.Context(), caddy.ReplacerCtxKey, repl) - ctx = context.WithValue(ctx, ServerCtxKey, s) - ctx = context.WithValue(ctx, VarsCtxKey, make(map[string]interface{})) - ctx = context.WithValue(ctx, routeGroupCtxKey, make(map[string]struct{})) - var url2 url.URL // avoid letting this escape to the heap - ctx = context.WithValue(ctx, OriginalRequestCtxKey, originalRequest(r, &url2)) - r = r.WithContext(ctx) - - // once the pointer to the request won't change - // anymore, finish setting up the replacer - addHTTPVarsToReplacer(repl, r, w) + r = PrepareRequest(r, repl, w, s) // encode the request for logging purposes before // it enters any handler chain; this is necessary @@ -470,6 +459,25 @@ func (slc ServerLogConfig) getLoggerName(host string) string { return slc.DefaultLoggerName } +// PrepareRequest fills the request r for use in a Caddy HTTP handler chain. w and s can +// be nil, but the handlers will lose response placeholders and access to the server. +func PrepareRequest(r *http.Request, repl *caddy.Replacer, w http.ResponseWriter, s *Server) *http.Request { + // set up the context for the request + ctx := context.WithValue(r.Context(), caddy.ReplacerCtxKey, repl) + ctx = context.WithValue(ctx, ServerCtxKey, s) + ctx = context.WithValue(ctx, VarsCtxKey, make(map[string]interface{})) + ctx = context.WithValue(ctx, routeGroupCtxKey, make(map[string]struct{})) + var url2 url.URL // avoid letting this escape to the heap + ctx = context.WithValue(ctx, OriginalRequestCtxKey, originalRequest(r, &url2)) + r = r.WithContext(ctx) + + // once the pointer to the request won't change + // anymore, finish setting up the replacer + addHTTPVarsToReplacer(repl, r, w) + + return r +} + // errLogValues inspects err and returns the status code // to use, the error log message, and any extra fields. // If err is a HandlerError, the returned values will From 5bde8d705b9c9cae6751ccf95b7b8acfc1bbb7f5 Mon Sep 17 00:00:00 2001 From: Andrew Zhou Date: Mon, 11 May 2020 15:10:47 -0500 Subject: [PATCH 0033/1498] cmd: hash-password: Support reading from stdin (#3373) Closes #3365 * http: Add support in hash-password for reading from terminals/stdin * FIXUP: Run gofmt -s * FIXUP * FIXUP: Apply suggestions from code review Co-authored-by: Matt Holt * FIXUP Co-authored-by: Matt Holt --- modules/caddyhttp/caddyauth/command.go | 45 ++++++++++++++++++++++++-- 1 file changed, 42 insertions(+), 3 deletions(-) diff --git a/modules/caddyhttp/caddyauth/command.go b/modules/caddyhttp/caddyauth/command.go index 24f6c5a1..2c088157 100644 --- a/modules/caddyhttp/caddyauth/command.go +++ b/modules/caddyhttp/caddyauth/command.go @@ -15,26 +15,34 @@ package caddyauth import ( + "bufio" + "bytes" "encoding/base64" "flag" "fmt" + "os" "github.com/caddyserver/caddy/v2" caddycmd "github.com/caddyserver/caddy/v2/cmd" "golang.org/x/crypto/bcrypt" "golang.org/x/crypto/scrypt" + "golang.org/x/crypto/ssh/terminal" ) func init() { caddycmd.RegisterCommand(caddycmd.Command{ Name: "hash-password", Func: cmdHashPassword, - Usage: "--plaintext [--salt ] [--algorithm ]", + Usage: "[--algorithm ] [--salt ] [--plaintext ]", Short: "Hashes a password and writes base64", Long: ` Convenient way to hash a plaintext password. The resulting hash is written to stdout as a base64 string. +--plaintext, when omitted, will be read from stdin. If +Caddy is attached to a controlling tty, the plaintext will +not be echoed. + --algorithm may be bcrypt or scrypt. If script, the default parameters are used. @@ -52,16 +60,47 @@ be provided (scrypt). } func cmdHashPassword(fs caddycmd.Flags) (int, error) { + var err error + algorithm := fs.String("algorithm") plaintext := []byte(fs.String("plaintext")) salt := []byte(fs.String("salt")) if len(plaintext) == 0 { - return caddy.ExitCodeFailedStartup, fmt.Errorf("password is required") + if terminal.IsTerminal(int(os.Stdin.Fd())) { + fmt.Print("Enter password: ") + plaintext, err = terminal.ReadPassword(int(os.Stdin.Fd())) + fmt.Println() + if err != nil { + return caddy.ExitCodeFailedStartup, err + } + + fmt.Print("Confirm password: ") + confirmation, err := terminal.ReadPassword(int(os.Stdin.Fd())) + fmt.Println() + if err != nil { + return caddy.ExitCodeFailedStartup, err + } + + if !bytes.Equal(plaintext, confirmation) { + return caddy.ExitCodeFailedStartup, fmt.Errorf("password does not match") + } + } else { + rd := bufio.NewReader(os.Stdin) + plaintext, err = rd.ReadBytes('\n') + if err != nil { + return caddy.ExitCodeFailedStartup, err + } + + plaintext = plaintext[:len(plaintext)-1] // Trailing newline + } + + if len(plaintext) == 0 { + return caddy.ExitCodeFailedStartup, fmt.Errorf("plaintext is required") + } } var hash []byte - var err error switch algorithm { case "bcrypt": hash, err = bcrypt.GenerateFromPassword(plaintext, bcrypt.DefaultCost) From d5341625561bf67c40241a4fb649b0a4991e71b2 Mon Sep 17 00:00:00 2001 From: Gregory Dosh <6432753+GregoryDosh@users.noreply.github.com> Date: Mon, 11 May 2020 15:17:59 -0500 Subject: [PATCH 0034/1498] caddyhttp: Match hostnames with wildcards to loggers (#3378) * adding wildcard matching of logger names * reordering precedence for more specific loggers to match first * removing dependence on certmagic and extra loop Co-authored-by: GregoryDosh --- modules/caddyhttp/server.go | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index 55da2530..38555e74 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -456,6 +456,20 @@ func (slc ServerLogConfig) getLoggerName(host string) string { if loggerName, ok := slc.LoggerNames[host]; ok { return loggerName } + + // Try matching wildcard domains if other non-specific loggers exist + labels := strings.Split(host, ".") + for i := range labels { + if labels[i] == "" { + continue + } + labels[i] = "*" + wildcardHost := strings.Join(labels, ".") + if loggerName, ok := slc.LoggerNames[wildcardHost]; ok { + return loggerName + } + } + return slc.DefaultLoggerName } From 4c55d26f11329243591d04ca5a52298b38bca9a8 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 11 May 2020 16:38:33 -0400 Subject: [PATCH 0035/1498] caddyhttp: Fix merging of Caddyfile matchers in not blocks (#3379) --- caddytest/integration/caddyfile_adapt_test.go | 54 ++++++++++++++++++- modules/caddyhttp/matchers.go | 18 +++++-- 2 files changed, 68 insertions(+), 4 deletions(-) diff --git a/caddytest/integration/caddyfile_adapt_test.go b/caddytest/integration/caddyfile_adapt_test.go index f6120aef..514a5064 100644 --- a/caddytest/integration/caddyfile_adapt_test.go +++ b/caddytest/integration/caddyfile_adapt_test.go @@ -362,4 +362,56 @@ func TestMatcherSyntax(t *testing.T) { } } }`) -} \ No newline at end of file +} + +func TestNotBlockMerging(t *testing.T) { + caddytest.AssertAdapt(t, ` + :80 + + @test { + not { + header Abc "123" + header Bcd "123" + } + } + respond @test 403 + `, "caddyfile", `{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":80" + ], + "routes": [ + { + "match": [ + { + "not": [ + { + "header": { + "Abc": [ + "123" + ], + "Bcd": [ + "123" + ] + } + } + ] + } + ], + "handle": [ + { + "handler": "static_response", + "status_code": 403 + } + ] + } + ] + } + } + } + } +}`) +} diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index 95100d58..08607803 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -592,8 +592,17 @@ func (m *MatchNot) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { for d.Next() { var mp matcherPair matcherMap := make(map[string]RequestMatcher) - for d.NextArg() || d.NextBlock(0) { + + // in case there are multiple instances of the same matcher, concatenate + // their tokens (we expect that UnmarshalCaddyfile should be able to + // handle more than one segment); otherwise, we'd overwrite other + // instances of the matcher in this set + tokensByMatcherName := make(map[string][]caddyfile.Token) + for nesting := d.Nesting(); d.NextArg() || d.NextBlock(nesting); { matcherName := d.Val() + tokensByMatcherName[matcherName] = append(tokensByMatcherName[matcherName], d.NextSegment()...) + } + for matcherName, tokens := range tokensByMatcherName { mod, err := caddy.GetModule("http.matchers." + matcherName) if err != nil { return d.Errf("getting matcher module '%s': %v", matcherName, err) @@ -602,11 +611,14 @@ func (m *MatchNot) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { if !ok { return d.Errf("matcher module '%s' is not a Caddyfile unmarshaler", matcherName) } - err = unm.UnmarshalCaddyfile(d.NewFromNextSegment()) + err = unm.UnmarshalCaddyfile(caddyfile.NewDispenser(tokens)) if err != nil { return err } - rm := unm.(RequestMatcher) + rm, ok := unm.(RequestMatcher) + if !ok { + return fmt.Errorf("matcher module '%s' is not a request matcher", matcherName) + } matcherMap[matcherName] = rm mp.decoded = append(mp.decoded, rm) } From dc9f4f13fc1cc102c713c69ded295b3fcf685e96 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 11 May 2020 17:00:35 -0400 Subject: [PATCH 0036/1498] httpcaddyfile: Make global options pluggable (#3265) * httpcaddyfile: Make global options pluggable * httpcaddyfile: Add a global options adapt test * httpcaddyfile: Wrap err Co-Authored-By: Dave Henderson * httpcaddyfile: Revert wrap err Co-authored-by: Dave Henderson --- caddyconfig/httpcaddyfile/directives.go | 18 +++++ caddyconfig/httpcaddyfile/httptype.go | 39 +++------- caddyconfig/httpcaddyfile/options.go | 40 +++++++--- caddytest/integration/caddyfile_adapt_test.go | 74 +++++++++++++++++++ 4 files changed, 130 insertions(+), 41 deletions(-) diff --git a/caddyconfig/httpcaddyfile/directives.go b/caddyconfig/httpcaddyfile/directives.go index ac401e1f..15787724 100644 --- a/caddyconfig/httpcaddyfile/directives.go +++ b/caddyconfig/httpcaddyfile/directives.go @@ -120,6 +120,17 @@ func RegisterHandlerDirective(dir string, setupFunc UnmarshalHandlerFunc) { }) } +// RegisterGlobalOption registers a unique global option opt with +// an associated unmarshaling (setup) function. When the global +// option opt is encountered in a Caddyfile, setupFunc will be +// called to unmarshal its tokens. +func RegisterGlobalOption(opt string, setupFunc UnmarshalGlobalFunc) { + if _, ok := registeredGlobalOptions[opt]; ok { + panic("global option " + opt + " already registered") + } + registeredGlobalOptions[opt] = setupFunc +} + // Helper is a type which helps setup a value from // Caddyfile tokens. type Helper struct { @@ -454,6 +465,13 @@ type ( // for you. These are passed to a call to // RegisterHandlerDirective. UnmarshalHandlerFunc func(h Helper) (caddyhttp.MiddlewareHandler, error) + + // UnmarshalGlobalFunc is a function which can unmarshal Caddyfile + // tokens into a global option config value using a Helper type. + // These are passed in a call to RegisterGlobalOption. + UnmarshalGlobalFunc func(d *caddyfile.Dispenser) (interface{}, error) ) var registeredDirectives = make(map[string]UnmarshalFunc) + +var registeredGlobalOptions = make(map[string]UnmarshalGlobalFunc) diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index aacaf913..378289c3 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -284,39 +284,18 @@ func (ServerType) evaluateGlobalOptionsBlock(serverBlocks []serverBlock, options var val interface{} var err error disp := caddyfile.NewDispenser(segment) - switch dir { - case "debug": - val = true - case "http_port": - val, err = parseOptHTTPPort(disp) - case "https_port": - val, err = parseOptHTTPSPort(disp) - case "default_sni": - val, err = parseOptSingleString(disp) - case "order": - val, err = parseOptOrder(disp) - case "experimental_http3": - val, err = parseOptExperimentalHTTP3(disp) - case "storage": - val, err = parseOptStorage(disp) - case "acme_ca", "acme_dns", "acme_ca_root": - val, err = parseOptSingleString(disp) - case "email": - val, err = parseOptSingleString(disp) - case "admin": - val, err = parseOptAdmin(disp) - case "on_demand_tls": - val, err = parseOptOnDemand(disp) - case "local_certs": - val = true - case "key_type": - val, err = parseOptSingleString(disp) - default: - return nil, fmt.Errorf("unrecognized parameter name: %s", dir) + + dirFunc, ok := registeredGlobalOptions[dir] + if !ok { + tkn := segment[0] + return nil, fmt.Errorf("%s:%d: unrecognized global option: %s", tkn.File, tkn.Line, dir) } + + val, err = dirFunc(disp) if err != nil { - return nil, fmt.Errorf("%s: %v", dir, err) + return nil, fmt.Errorf("parsing caddyfile tokens for '%s': %v", dir, err) } + options[dir] = val } diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go index 2ab73b24..de288db9 100644 --- a/caddyconfig/httpcaddyfile/options.go +++ b/caddyconfig/httpcaddyfile/options.go @@ -23,7 +23,29 @@ import ( "github.com/caddyserver/caddy/v2/modules/caddytls" ) -func parseOptHTTPPort(d *caddyfile.Dispenser) (int, error) { +func init() { + RegisterGlobalOption("debug", parseOptTrue) + RegisterGlobalOption("http_port", parseOptHTTPPort) + RegisterGlobalOption("https_port", parseOptHTTPSPort) + RegisterGlobalOption("default_sni", parseOptSingleString) + RegisterGlobalOption("order", parseOptOrder) + RegisterGlobalOption("experimental_http3", parseOptTrue) + RegisterGlobalOption("storage", parseOptStorage) + RegisterGlobalOption("acme_ca", parseOptSingleString) + RegisterGlobalOption("acme_dns", parseOptSingleString) + RegisterGlobalOption("acme_ca_root", parseOptSingleString) + RegisterGlobalOption("email", parseOptSingleString) + RegisterGlobalOption("admin", parseOptAdmin) + RegisterGlobalOption("on_demand_tls", parseOptOnDemand) + RegisterGlobalOption("local_certs", parseOptTrue) + RegisterGlobalOption("key_type", parseOptSingleString) +} + +func parseOptTrue(d *caddyfile.Dispenser) (interface{}, error) { + return true, nil +} + +func parseOptHTTPPort(d *caddyfile.Dispenser) (interface{}, error) { var httpPort int for d.Next() { var httpPortStr string @@ -39,7 +61,7 @@ func parseOptHTTPPort(d *caddyfile.Dispenser) (int, error) { return httpPort, nil } -func parseOptHTTPSPort(d *caddyfile.Dispenser) (int, error) { +func parseOptHTTPSPort(d *caddyfile.Dispenser) (interface{}, error) { var httpsPort int for d.Next() { var httpsPortStr string @@ -55,11 +77,7 @@ func parseOptHTTPSPort(d *caddyfile.Dispenser) (int, error) { return httpsPort, nil } -func parseOptExperimentalHTTP3(d *caddyfile.Dispenser) (bool, error) { - return true, nil -} - -func parseOptOrder(d *caddyfile.Dispenser) ([]string, error) { +func parseOptOrder(d *caddyfile.Dispenser) (interface{}, error) { newOrder := directiveOrder for d.Next() { @@ -135,7 +153,7 @@ func parseOptOrder(d *caddyfile.Dispenser) ([]string, error) { return newOrder, nil } -func parseOptStorage(d *caddyfile.Dispenser) (caddy.StorageConverter, error) { +func parseOptStorage(d *caddyfile.Dispenser) (interface{}, error) { if !d.Next() { // consume option name return nil, d.ArgErr() } @@ -162,7 +180,7 @@ func parseOptStorage(d *caddyfile.Dispenser) (caddy.StorageConverter, error) { return storage, nil } -func parseOptSingleString(d *caddyfile.Dispenser) (string, error) { +func parseOptSingleString(d *caddyfile.Dispenser) (interface{}, error) { d.Next() // consume parameter name if !d.Next() { return "", d.ArgErr() @@ -174,7 +192,7 @@ func parseOptSingleString(d *caddyfile.Dispenser) (string, error) { return val, nil } -func parseOptAdmin(d *caddyfile.Dispenser) (string, error) { +func parseOptAdmin(d *caddyfile.Dispenser) (interface{}, error) { if d.Next() { var listenAddress string if !d.AllArgs(&listenAddress) { @@ -188,7 +206,7 @@ func parseOptAdmin(d *caddyfile.Dispenser) (string, error) { return "", nil } -func parseOptOnDemand(d *caddyfile.Dispenser) (*caddytls.OnDemandConfig, error) { +func parseOptOnDemand(d *caddyfile.Dispenser) (interface{}, error) { var ond *caddytls.OnDemandConfig for d.Next() { if d.NextArg() { diff --git a/caddytest/integration/caddyfile_adapt_test.go b/caddytest/integration/caddyfile_adapt_test.go index 514a5064..c2ad892d 100644 --- a/caddytest/integration/caddyfile_adapt_test.go +++ b/caddytest/integration/caddyfile_adapt_test.go @@ -415,3 +415,77 @@ func TestNotBlockMerging(t *testing.T) { } }`) } + +func TestGlobalOptions(t *testing.T) { + caddytest.AssertAdapt(t, ` + { + debug + http_port 8080 + https_port 8443 + default_sni localhost + order root first + storage file_system { + root /data + } + acme_ca https://example.com + acme_ca_root /path/to/ca.crt + email test@example.com + admin off + on_demand_tls { + ask https://example.com + interval 30s + burst 20 + } + local_certs + key_type ed25519 + } + + :80 + `, "caddyfile", `{ + "admin": { + "disabled": true + }, + "logging": { + "logs": { + "default": { + "level": "DEBUG" + } + } + }, + "storage": { + "module": "file_system", + "root": "/data" + }, + "apps": { + "http": { + "http_port": 8080, + "https_port": 8443, + "servers": { + "srv0": { + "listen": [ + ":80" + ] + } + } + }, + "tls": { + "automation": { + "policies": [ + { + "issuer": { + "module": "internal" + } + } + ], + "on_demand": { + "rate_limit": { + "interval": 30000000000, + "burst": 20 + }, + "ask": "https://example.com" + } + } + } + } +}`) +} From 35e1d92d588fadc8e5d619ffb81319dd8f7ba43a Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 11 May 2020 17:07:02 -0400 Subject: [PATCH 0037/1498] ci: Delete .travis.yml (#3396) Too flaky. We'll explore different avenues to testing s390x and ppc64le. See discussion here: https://github.com/caddyserver/caddy/pull/3355 /cc @grooverdan, @Mohammed90 said he'll reach out to Elizabeth as you suggested. --- .travis.yml | 24 ------------------------ 1 file changed, 24 deletions(-) delete mode 100644 .travis.yml diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index d5dc3036..00000000 --- a/.travis.yml +++ /dev/null @@ -1,24 +0,0 @@ -branches: - only: - - master -language: go -go: - - 1.14.x -dist: bionic -arch: - - ppc64le - - s390x -env: - - GO111MODULE=on CGO_ENABLED=0 -cache: - directories: - - $GOPATH/pkg/mod - - /home/travis/.cache/go-build -git: - depth: 1 - -install: - - go get -v -t -d ./... -script: - - go test -v -short ./... - - go build -trimpath -ldflags="-w -s" -v -o cmd/caddy/caddy cmd/caddy/main.go From ef6e53bb5f521e4d400849b79bc72e89fe2a7484 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 11 May 2020 18:41:11 -0400 Subject: [PATCH 0038/1498] core: Add support for `d` duration unit (#3323) * caddy: Add support for `d` duration unit * Improvements to ParseDuration; add unit tests Co-authored-by: Matthew Holt --- caddy.go | 32 +++++++- caddy_test.go | 74 +++++++++++++++++++ caddyconfig/httpcaddyfile/options.go | 3 +- caddytest/integration/caddyfile_adapt_test.go | 50 +++++++++++++ cmd/main.go | 2 +- modules/caddyhttp/reverseproxy/caddyfile.go | 21 +++--- modules/logging/filewriter.go | 3 +- 7 files changed, 167 insertions(+), 18 deletions(-) create mode 100644 caddy_test.go diff --git a/caddy.go b/caddy.go index 00a56e74..1184bc97 100644 --- a/caddy.go +++ b/caddy.go @@ -486,7 +486,7 @@ func Validate(cfg *Config) error { // Duration can be an integer or a string. An integer is // interpreted as nanoseconds. If a string, it is a Go // time.Duration value such as `300ms`, `1.5h`, or `2h45m`; -// valid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, and `h`. +// valid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. type Duration time.Duration // UnmarshalJSON satisfies json.Unmarshaler. @@ -497,7 +497,7 @@ func (d *Duration) UnmarshalJSON(b []byte) error { var dur time.Duration var err error if b[0] == byte('"') && b[len(b)-1] == byte('"') { - dur, err = time.ParseDuration(strings.Trim(string(b), `"`)) + dur, err = ParseDuration(strings.Trim(string(b), `"`)) } else { err = json.Unmarshal(b, &dur) } @@ -505,6 +505,34 @@ func (d *Duration) UnmarshalJSON(b []byte) error { return err } +// ParseDuration parses a duration string, adding +// support for the "d" unit meaning number of days, +// where a day is assumed to be 24h. +func ParseDuration(s string) (time.Duration, error) { + var inNumber bool + var numStart int + for i := 0; i < len(s); i++ { + ch := s[i] + if ch == 'd' { + daysStr := s[numStart:i] + days, err := strconv.ParseFloat(daysStr, 64) + if err != nil { + return 0, err + } + hours := days * 24.0 + hoursStr := strconv.FormatFloat(hours, 'f', -1, 64) + s = s[:numStart] + hoursStr + "h" + s[i+1:] + i-- + continue + } + if !inNumber { + numStart = i + } + inNumber = (ch >= '0' && ch <= '9') || ch == '.' || ch == '-' || ch == '+' + } + return time.ParseDuration(s) +} + // GoModule returns the build info of this Caddy // build from debug.BuildInfo (requires Go modules). // If no version information is available, a non-nil diff --git a/caddy_test.go b/caddy_test.go new file mode 100644 index 00000000..adf14350 --- /dev/null +++ b/caddy_test.go @@ -0,0 +1,74 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package caddy + +import ( + "testing" + "time" +) + +func TestParseDuration(t *testing.T) { + const day = 24 * time.Hour + for i, tc := range []struct { + input string + expect time.Duration + }{ + { + input: "3h", + expect: 3 * time.Hour, + }, + { + input: "1d", + expect: day, + }, + { + input: "1d30m", + expect: day + 30*time.Minute, + }, + { + input: "1m2d", + expect: time.Minute + day*2, + }, + { + input: "1m2d30s", + expect: time.Minute + day*2 + 30*time.Second, + }, + { + input: "1d2d", + expect: 3 * day, + }, + { + input: "1.5d", + expect: time.Duration(1.5 * float64(day)), + }, + { + input: "4m1.25d", + expect: 4*time.Minute + time.Duration(1.25*float64(day)), + }, + { + input: "-1.25d12h", + expect: time.Duration(-1.25*float64(day)) - 12*time.Hour, + }, + } { + actual, err := ParseDuration(tc.input) + if err != nil { + t.Errorf("Test %d ('%s'): Got error: %v", i, tc.input, err) + continue + } + if actual != tc.expect { + t.Errorf("Test %d ('%s'): Expected=%s Actual=%s", i, tc.input, tc.expect, actual) + } + } +} diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go index de288db9..49a11f6e 100644 --- a/caddyconfig/httpcaddyfile/options.go +++ b/caddyconfig/httpcaddyfile/options.go @@ -16,7 +16,6 @@ package httpcaddyfile import ( "strconv" - "time" "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" @@ -227,7 +226,7 @@ func parseOptOnDemand(d *caddyfile.Dispenser) (interface{}, error) { if !d.NextArg() { return nil, d.ArgErr() } - dur, err := time.ParseDuration(d.Val()) + dur, err := caddy.ParseDuration(d.Val()) if err != nil { return nil, err } diff --git a/caddytest/integration/caddyfile_adapt_test.go b/caddytest/integration/caddyfile_adapt_test.go index c2ad892d..98c81da3 100644 --- a/caddytest/integration/caddyfile_adapt_test.go +++ b/caddytest/integration/caddyfile_adapt_test.go @@ -489,3 +489,53 @@ func TestGlobalOptions(t *testing.T) { } }`) } + +func TestLogRollDays(t *testing.T) { + caddytest.AssertAdapt(t, ` + :80 + + log { + output file /var/log/access.log { + roll_size 1gb + roll_keep 5 + roll_keep_for 90d + } + } + `, "caddyfile", `{ + "logging": { + "logs": { + "default": { + "exclude": [ + "http.log.access.log0" + ] + }, + "log0": { + "writer": { + "filename": "/var/log/access.log", + "output": "file", + "roll_keep": 5, + "roll_keep_days": 90, + "roll_size_mb": 954 + }, + "include": [ + "http.log.access.log0" + ] + } + } + }, + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":80" + ], + "logs": { + "default_logger_name": "log0" + } + } + } + } + } +}`) +} diff --git a/cmd/main.go b/cmd/main.go index bdc95a45..fd82b969 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -311,7 +311,7 @@ func (f Flags) Float64(name string) float64 { // is not a duration type. It panics if the flag is // not in the flag set. func (f Flags) Duration(name string) time.Duration { - val, _ := time.ParseDuration(f.String(name)) + val, _ := caddy.ParseDuration(f.String(name)) return val } diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index 0a14f098..491b0674 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -21,7 +21,6 @@ import ( "reflect" "strconv" "strings" - "time" "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/caddyconfig" @@ -250,7 +249,7 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { if h.LoadBalancing == nil { h.LoadBalancing = new(LoadBalancing) } - dur, err := time.ParseDuration(d.Val()) + dur, err := caddy.ParseDuration(d.Val()) if err != nil { return d.Errf("bad duration value %s: %v", d.Val(), err) } @@ -263,7 +262,7 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { if h.LoadBalancing == nil { h.LoadBalancing = new(LoadBalancing) } - dur, err := time.ParseDuration(d.Val()) + dur, err := caddy.ParseDuration(d.Val()) if err != nil { return d.Errf("bad interval value '%s': %v", d.Val(), err) } @@ -307,7 +306,7 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { if h.HealthChecks.Active == nil { h.HealthChecks.Active = new(ActiveHealthChecks) } - dur, err := time.ParseDuration(d.Val()) + dur, err := caddy.ParseDuration(d.Val()) if err != nil { return d.Errf("bad interval value %s: %v", d.Val(), err) } @@ -323,7 +322,7 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { if h.HealthChecks.Active == nil { h.HealthChecks.Active = new(ActiveHealthChecks) } - dur, err := time.ParseDuration(d.Val()) + dur, err := caddy.ParseDuration(d.Val()) if err != nil { return d.Errf("bad timeout value %s: %v", d.Val(), err) } @@ -387,7 +386,7 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { if h.HealthChecks.Passive == nil { h.HealthChecks.Passive = new(PassiveHealthChecks) } - dur, err := time.ParseDuration(d.Val()) + dur, err := caddy.ParseDuration(d.Val()) if err != nil { return d.Errf("bad duration value '%s': %v", d.Val(), err) } @@ -441,7 +440,7 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { if h.HealthChecks.Passive == nil { h.HealthChecks.Passive = new(PassiveHealthChecks) } - dur, err := time.ParseDuration(d.Val()) + dur, err := caddy.ParseDuration(d.Val()) if err != nil { return d.Errf("bad duration value '%s': %v", d.Val(), err) } @@ -454,7 +453,7 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { if fi, err := strconv.Atoi(d.Val()); err == nil { h.FlushInterval = caddy.Duration(fi) } else { - dur, err := time.ParseDuration(d.Val()) + dur, err := caddy.ParseDuration(d.Val()) if err != nil { return d.Errf("bad duration value '%s': %v", d.Val(), err) } @@ -606,7 +605,7 @@ func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { if !d.NextArg() { return d.ArgErr() } - dur, err := time.ParseDuration(d.Val()) + dur, err := caddy.ParseDuration(d.Val()) if err != nil { return d.Errf("bad timeout value '%s': %v", d.Val(), err) } @@ -641,7 +640,7 @@ func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { if !d.NextArg() { return d.ArgErr() } - dur, err := time.ParseDuration(d.Val()) + dur, err := caddy.ParseDuration(d.Val()) if err != nil { return d.Errf("bad timeout value '%s': %v", d.Val(), err) } @@ -683,7 +682,7 @@ func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { h.KeepAlive.Enabled = &disable break } - dur, err := time.ParseDuration(d.Val()) + dur, err := caddy.ParseDuration(d.Val()) if err != nil { return d.Errf("bad duration value '%s': %v", d.Val(), err) } diff --git a/modules/logging/filewriter.go b/modules/logging/filewriter.go index 59f5b2ae..376deeb2 100644 --- a/modules/logging/filewriter.go +++ b/modules/logging/filewriter.go @@ -21,7 +21,6 @@ import ( "os" "path/filepath" "strconv" - "time" "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" @@ -194,7 +193,7 @@ func (fw *FileWriter) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { if !d.AllArgs(&keepForStr) { return d.ArgErr() } - keepFor, err := time.ParseDuration(keepForStr) + keepFor, err := caddy.ParseDuration(keepForStr) if err != nil { return d.Errf("parsing roll_keep_for duration: %v", err) } From ea7e4b4024f34fd53f8b8f7b5effb353b36cf8e8 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 11 May 2020 18:50:49 -0400 Subject: [PATCH 0039/1498] httpcaddyfile: Shorthands for parameterized placeholders (#3305) * httpcaddyfile: Add shorthands for parameterized placeholders httpcaddyfile: Now with regexp instead httpcaddyfile: Allow dashes, gofmt httpcaddyfile: Compile regexp only once httpcaddyfile: Cleanup struct httpcaddyfile: Optimize the replacers, pull out of the loop httpcaddyfile: Add `{port}` shorthand * httpcaddyfile: Switch `r.` to `re.` --- caddyconfig/httpcaddyfile/httptype.go | 70 ++++++++++++------- caddytest/integration/caddyfile_adapt_test.go | 46 ++++++++++++ 2 files changed, 92 insertions(+), 24 deletions(-) diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 378289c3..8e1ca74d 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -18,6 +18,7 @@ import ( "encoding/json" "fmt" "reflect" + "regexp" "sort" "strconv" "strings" @@ -71,34 +72,55 @@ func (st ServerType) Setup(inputServerBlocks []caddyfile.ServerBlock, return nil, warnings, err } + // replace shorthand placeholders (which are + // convenient when writing a Caddyfile) with + // their actual placeholder identifiers or + // variable names + replacer := strings.NewReplacer( + "{dir}", "{http.request.uri.path.dir}", + "{file}", "{http.request.uri.path.file}", + "{host}", "{http.request.host}", + "{hostport}", "{http.request.hostport}", + "{port}", "{http.request.port}", + "{method}", "{http.request.method}", + "{path}", "{http.request.uri.path}", + "{query}", "{http.request.uri.query}", + "{remote}", "{http.request.remote}", + "{remote_host}", "{http.request.remote.host}", + "{remote_port}", "{http.request.remote.port}", + "{scheme}", "{http.request.scheme}", + "{uri}", "{http.request.uri}", + "{tls_cipher}", "{http.request.tls.cipher_suite}", + "{tls_version}", "{http.request.tls.version}", + "{tls_client_fingerprint}", "{http.request.tls.client.fingerprint}", + "{tls_client_issuer}", "{http.request.tls.client.issuer}", + "{tls_client_serial}", "{http.request.tls.client.serial}", + "{tls_client_subject}", "{http.request.tls.client.subject}", + ) + + // these are placeholders that allow a user-defined final + // parameters, but we still want to provide a shorthand + // for those, so we use a regexp to replace + regexpReplacements := []struct { + search *regexp.Regexp + replace string + }{ + {regexp.MustCompile(`{query\.([\w-]*)}`), "{http.request.uri.query.$1}"}, + {regexp.MustCompile(`{labels\.([\w-]*)}`), "{http.request.host.labels.$1}"}, + {regexp.MustCompile(`{header\.([\w-]*)}`), "{http.request.header.$1}"}, + {regexp.MustCompile(`{path\.([\w-]*)}`), "{http.request.uri.path.$1}"}, + {regexp.MustCompile(`{re\.([\w-]*)\.([\w-]*)}`), "{http.regexp.$1.$2}"}, + } + for _, sb := range originalServerBlocks { - // replace shorthand placeholders (which are - // convenient when writing a Caddyfile) with - // their actual placeholder identifiers or - // variable names - replacer := strings.NewReplacer( - "{dir}", "{http.request.uri.path.dir}", - "{file}", "{http.request.uri.path.file}", - "{host}", "{http.request.host}", - "{hostport}", "{http.request.hostport}", - "{method}", "{http.request.method}", - "{path}", "{http.request.uri.path}", - "{query}", "{http.request.uri.query}", - "{remote}", "{http.request.remote}", - "{remote_host}", "{http.request.remote.host}", - "{remote_port}", "{http.request.remote.port}", - "{scheme}", "{http.request.scheme}", - "{uri}", "{http.request.uri}", - "{tls_cipher}", "{http.request.tls.cipher_suite}", - "{tls_version}", "{http.request.tls.version}", - "{tls_client_fingerprint}", "{http.request.tls.client.fingerprint}", - "{tls_client_issuer}", "{http.request.tls.client.issuer}", - "{tls_client_serial}", "{http.request.tls.client.serial}", - "{tls_client_subject}", "{http.request.tls.client.subject}", - ) for _, segment := range sb.block.Segments { for i := 0; i < len(segment); i++ { + // simple string replacements segment[i].Text = replacer.Replace(segment[i].Text) + // complex regexp replacements + for _, r := range regexpReplacements { + segment[i].Text = r.search.ReplaceAllString(segment[i].Text, r.replace) + } } } diff --git a/caddytest/integration/caddyfile_adapt_test.go b/caddytest/integration/caddyfile_adapt_test.go index 98c81da3..280e22ea 100644 --- a/caddytest/integration/caddyfile_adapt_test.go +++ b/caddytest/integration/caddyfile_adapt_test.go @@ -539,3 +539,49 @@ func TestLogRollDays(t *testing.T) { } }`) } + +func TestShorthandParameterizedPlaceholders(t *testing.T) { + caddytest.AssertAdapt(t, ` + localhost:80 + respond * "{header.content-type} {labels.0} {query.p} {path.0} {re.name.0}" + `, "caddyfile", `{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":80" + ], + "routes": [ + { + "match": [ + { + "host": [ + "localhost" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "body": "{http.request.header.content-type} {http.request.host.labels.0} {http.request.uri.query.p} {http.request.uri.path.0} {http.regexp.name.0}", + "handler": "static_response" + } + ] + } + ] + } + ], + "terminal": true + } + ] + } + } + } + } +}`) +} From 44536a7594f060dfca54a3cfb36135c93cba8e59 Mon Sep 17 00:00:00 2001 From: linquize Date: Wed, 13 May 2020 00:43:18 +0800 Subject: [PATCH 0040/1498] cmd: reverse-proxy: add --insecure flag (with warning) (#3389) --- modules/caddyhttp/reverseproxy/command.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/caddyhttp/reverseproxy/command.go b/modules/caddyhttp/reverseproxy/command.go index 31a591c9..6de052e7 100644 --- a/modules/caddyhttp/reverseproxy/command.go +++ b/modules/caddyhttp/reverseproxy/command.go @@ -59,6 +59,7 @@ default, all incoming headers are passed through unmodified.) fs.String("from", "localhost", "Address on which to receive traffic") fs.String("to", "", "Upstream address to which to to proxy traffic") fs.Bool("change-host-header", false, "Set upstream Host header to address of upstream") + fs.Bool("insecure", false, "Disable TLS verification (WARNING: DISABLES SECURITY, WHY ARE YOU EVEN USING TLS?)") return fs }(), }) @@ -68,6 +69,7 @@ func cmdReverseProxy(fs caddycmd.Flags) (int, error) { from := fs.String("from") to := fs.String("to") changeHost := fs.Bool("change-host-header") + insecure := fs.Bool("insecure") httpPort := strconv.Itoa(caddyhttp.DefaultHTTPPort) httpsPort := strconv.Itoa(caddyhttp.DefaultHTTPSPort) @@ -127,6 +129,9 @@ func cmdReverseProxy(fs caddycmd.Flags) (int, error) { ht := HTTPTransport{} if toAddr.Scheme == "https" { ht.TLS = new(TLSConfig) + if insecure { + ht.TLS.InsecureSkipVerify = true + } } handler := Handler{ From aef560c7fc52092a412d9e97112b8cb879c5eda5 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 12 May 2020 11:36:20 -0600 Subject: [PATCH 0041/1498] all: Recover from panics in goroutines --- admin.go | 23 +++++++------ cmd/main.go | 8 +++++ go.mod | 4 +-- go.sum | 32 +++++++------------ .../caddyhttp/reverseproxy/healthchecks.go | 17 ++++++++++ modules/caddypki/maintain.go | 8 +++++ .../distributedstek/distributedstek.go | 6 ++++ modules/caddytls/sessiontickets.go | 8 +++++ modules/caddytls/standardstek/stek.go | 6 ++++ modules/caddytls/tls.go | 7 ++++ 10 files changed, 86 insertions(+), 33 deletions(-) diff --git a/admin.go b/admin.go index 6831686a..1d190667 100644 --- a/admin.go +++ b/admin.go @@ -520,16 +520,19 @@ func handleStop(w http.ResponseWriter, r *http.Request) error { if err != nil { Log().Named("admin.api").Error("unload error", zap.Error(err)) } - go func() { - err := stopAdminServer(adminServer) - var exitCode int - if err != nil { - exitCode = ExitCodeFailedQuit - Log().Named("admin.api").Error("failed to stop admin server gracefully", zap.Error(err)) - } - Log().Named("admin.api").Info("stopping now, bye!! 👋") - os.Exit(exitCode) - }() + if adminServer != nil { + // use goroutine so that we can finish responding to API request + go func() { + err := stopAdminServer(adminServer) + var exitCode int + if err != nil { + exitCode = ExitCodeFailedQuit + Log().Named("admin.api").Error("failed to stop admin server gracefully", zap.Error(err)) + } + Log().Named("admin.api").Info("stopping now, bye!! 👋") + os.Exit(exitCode) + }() + } return nil } diff --git a/cmd/main.go b/cmd/main.go index fd82b969..7e8d9b73 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -20,10 +20,12 @@ import ( "fmt" "io" "io/ioutil" + "log" "net" "os" "path/filepath" "runtime" + "runtime/debug" "strconv" "strings" "time" @@ -194,6 +196,12 @@ func loadConfig(configFile, adapterName string) ([]byte, string, error) { // long enough time. The filename passed in must be the actual // config file used, not one to be discovered. func watchConfigFile(filename, adapterName string) { + defer func() { + if err := recover(); err != nil { + log.Printf("[PANIC] watching config file: %v\n%s", err, debug.Stack()) + } + }() + // make our logger; since config reloads can change the // default logger, we need to get it dynamically each time logger := func() *zap.Logger { diff --git a/go.mod b/go.mod index ced45d69..ced106f0 100644 --- a/go.mod +++ b/go.mod @@ -6,9 +6,9 @@ require ( github.com/Masterminds/sprig/v3 v3.1.0 github.com/alecthomas/chroma v0.7.2 github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a - github.com/caddyserver/certmagic v0.10.12 + github.com/caddyserver/certmagic v0.10.13 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac - github.com/go-acme/lego/v3 v3.6.0 + github.com/go-acme/lego/v3 v3.7.0 github.com/go-chi/chi v4.1.1+incompatible github.com/gogo/protobuf v1.3.1 github.com/google/cel-go v0.4.2 diff --git a/go.sum b/go.sum index efde76be..97618efa 100644 --- a/go.sum +++ b/go.sum @@ -73,7 +73,6 @@ github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWX github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= github.com/StackExchange/wmi v0.0.0-20180116203802-5d049714c4a6/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg= github.com/ThomasRooney/gexpect v0.0.0-20161231170123-5482f0350944/go.mod h1:sPML5WwI6oxLRLPuuqbtoOKhtmpVDCYtwsps+I+vjIY= -github.com/akamai/AkamaiOPEN-edgegrid-golang v0.9.0/go.mod h1:zpDJeKyp9ScW4NNrbdr+Eyxvry3ilGPewKoXw3XGN1k= github.com/akamai/AkamaiOPEN-edgegrid-golang v0.9.8/go.mod h1:aVvklgKsPENRkl29bNwrHISa1F+YLGTHArMxZMBqWM8= github.com/akavel/rsrc v0.8.0/go.mod h1:uLoCtb9J+EyAqh+26kdrTgmzRBFPGOolLWKpdxkKq+c= github.com/alangpierce/go-forceexport v0.0.0-20160317203124-8f1d6941cd75 h1:3ILjVyslFbc4jl1w5TWuvvslFD/nDfR2H8tVaMVLrEY= @@ -94,9 +93,7 @@ github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuy github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/aliyun/alibaba-cloud-sdk-go v0.0.0-20190808125512-07798873deee/go.mod h1:myCDvQSzCW+wB1WAlocEru4wMGJxy+vlxHdhegi1CDQ= github.com/aliyun/alibaba-cloud-sdk-go v1.61.112/go.mod h1:pUKYbK5JQ+1Dfxk80P0qxGqe5dkxDoabbZS7zOcouyA= -github.com/aliyun/aliyun-oss-go-sdk v0.0.0-20190307165228-86c17b95fcd5/go.mod h1:T/Aws4fEfogEE9v+HPhhw+CntffsBHJ8nXQCwKr0/g8= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/antlr/antlr4 v0.0.0-20190819145818-b43a4c3a8015 h1:StuiJFxQUsxSCzcby6NFZRdEhPkXD5vxN7TZ4MD6T84= @@ -107,8 +104,7 @@ github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a h1:pv34s756C4pEXnjg github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A= github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/aws/aws-sdk-go v1.19.18/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.23.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f/go.mod h1:AuiFmCCPBSrqvVMvuqFuk0qogytodnVFVSN5CeJB8Gc= +github.com/aws/aws-sdk-go v1.30.20/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= @@ -116,8 +112,8 @@ github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kB github.com/bombsimon/wsl/v2 v2.0.0/go.mod h1:mf25kr/SqFEPhhcxW1+7pxzGlW+hIl/hYTKY95VwV8U= github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= -github.com/caddyserver/certmagic v0.10.12 h1:aZtgzcIssiMSlP0jDdpDBbBzQ5INf5eKL9T6Nf3YzKM= -github.com/caddyserver/certmagic v0.10.12/go.mod h1:Y8jcUBctgk/IhpAzlHKfimZNyXCkfGgRTC0orl8gROQ= +github.com/caddyserver/certmagic v0.10.13 h1:wfyYpXVXSSYMS1ZFpSr7HptwsC+j7elda5PUERrHtRc= +github.com/caddyserver/certmagic v0.10.13/go.mod h1:Yz6cSRUdddGy6Ut5JfrvcqBwrm1BqXxJRqJq2TwjPnA= github.com/cenkalti/backoff/v4 v4.0.0 h1:6VeaLF9aI+MAUQ95106HwWzYZgJJpZ4stumjj6RFYAU= github.com/cenkalti/backoff/v4 v4.0.0/go.mod h1:eEew/i+1Q6OrCDZh3WiXYv3+nJwBASZ8Bog/87DQnVg= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= @@ -146,7 +142,6 @@ github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3Ee github.com/coreos/go-systemd v0.0.0-20181012123002-c6f51f82210d/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= -github.com/cpu/goacmedns v0.0.1/go.mod h1:sesf/pNnCYwUevQEQfEwY0Y3DydlQWSGZbaMElOWxok= github.com/cpu/goacmedns v0.0.2/go.mod h1:4MipLkI+qScwqtVxcNO6okBhbgRrr7/tKXUSgSL0teQ= github.com/cpuguy83/go-md2man v1.0.10 h1:BSKMNlYxDvnunlTymqtgONjNnaRV1sTpcovwwjF22jk= github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= @@ -175,7 +170,7 @@ github.com/dlclark/regexp2 v1.1.6/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55k github.com/dlclark/regexp2 v1.2.0 h1:8sAhBGEM0dRWogWqWyQeIJnxjWO6oIjl8FKqREDsGfk= github.com/dlclark/regexp2 v1.2.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc= github.com/dnaeon/go-vcr v0.0.0-20180814043457-aafff18a5cc2/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E= -github.com/dnsimple/dnsimple-go v0.30.0/go.mod h1:O5TJ0/U6r7AfT8niYNlmohpLbCSG+c71tQlGr9SeGrg= +github.com/dnsimple/dnsimple-go v0.60.0/go.mod h1:O5TJ0/U6r7AfT8niYNlmohpLbCSG+c71tQlGr9SeGrg= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac h1:opbrjaN/L8gg6Xh5D04Tem+8xVcz6ajZlGCs49mQgyg= github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= @@ -196,9 +191,8 @@ github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= -github.com/go-acme/lego/v3 v3.4.0/go.mod h1:xYbLDuxq3Hy4bMUT1t9JIuz6GWIWb3m5X+TeTHYaT7M= -github.com/go-acme/lego/v3 v3.6.0 h1:Rv0MrX3DpVp9Xg77yR7x+PCksLLph3Ut/69/9Kim8ac= -github.com/go-acme/lego/v3 v3.6.0/go.mod h1:sB/T7hfyz0HYIBvPmz/C8jIaxF6scbbiGKTzbQ22V6A= +github.com/go-acme/lego/v3 v3.7.0 h1:qC5/8/CbltyAE8fGLE6bGlqucj7pXc/vBxiLwLOsmAQ= +github.com/go-acme/lego/v3 v3.7.0/go.mod h1:4eDjjYkAsDXyNcwN8IhhZAwxz9Ltiks1Zmpv0q20J7A= github.com/go-chi/chi v4.0.2+incompatible h1:maB6vn6FqCxrpz4FqWdh4+lwpyZIQS7YEAUcHlgXVRs= github.com/go-chi/chi v4.0.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= github.com/go-chi/chi v4.1.1+incompatible h1:MmTgB0R8Bt/jccxp+t6S/1VGIKdJw5J74CK/c9tTfA4= @@ -210,7 +204,6 @@ github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-ini/ini v1.44.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-lintpack/lintpack v0.5.2/go.mod h1:NwZuYi2nUHho8XEIZ6SIxihrnPoqBTDqfpXvXAN0sXM= @@ -219,6 +212,8 @@ github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V github.com/go-ole/go-ole v1.2.1/go.mod h1:7FAglXiTm7HKlQRDeOQ6ZNUHidzCWXuZWq/1dTyBNF8= github.com/go-sql-driver/mysql v1.4.1 h1:g24URVg0OFbNUTx9qqY1IRZ9D9z3iPyi5zKhQZpNwpA= github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= +github.com/go-sql-driver/mysql v1.5.0 h1:ozyZYNQW3x3HtqT1jira07DN2PArx2v7/mN66gGcHOs= +github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-toolsmith/astcast v1.0.0/go.mod h1:mt2OdQTeAQcY4DQgPSArJjHCcOwlX+Wl/kwN+LbLGQ4= github.com/go-toolsmith/astcopy v1.0.0/go.mod h1:vrgyG+5Bxrnz4MZWPF+pI4R8h3qKRjjyvV/DSez4WVQ= @@ -345,7 +340,6 @@ github.com/grpc-ecosystem/grpc-gateway v1.12.1/go.mod h1:8XEsbTttt/W+VvjtQhLACqC github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542/go.mod h1:Ow0tF8D4Kplbc8s8sSb3V2oUCygFHVp8gC3Dn6U4MNI= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/golang-lru v0.5.3/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= github.com/hashicorp/hcl v0.0.0-20180404174102-ef8a98b0bbce/go.mod h1:oZtUIOe8dh44I2q6ScRibXws4Ajl+d+nod3AaR9vL5w= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI= @@ -365,6 +359,7 @@ github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANyt github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0B/fFc00Y+Rasa88328GlI/XbtyysCtTHZS8h7IrBU= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= +github.com/jmespath/go-jmespath v0.3.0/go.mod h1:9QtRXoHjLGCJ5IBSaohpXITPlowMeeYCZ7fLUTSywik= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= github.com/json-iterator/go v1.1.5/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= @@ -449,7 +444,6 @@ github.com/mattn/go-tty v0.0.0-20180219170247-931426f7535a/go.mod h1:XPvLUNfbS4f github.com/mattn/goveralls v0.0.2/go.mod h1:8d1ZMHsd7fW6IRPKQh46F2WRpyib5/X4FOpevwGNQEw= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4= -github.com/miekg/dns v1.1.15/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/dns v1.1.27 h1:aEH/kqUzUxGJ/UHcEKdJY+ugH6WEzsEBBSPa8zuy1aM= github.com/miekg/dns v1.1.27/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM= github.com/miekg/pkcs11 v1.0.2/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= @@ -486,7 +480,6 @@ github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJE github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM= github.com/newrelic/go-agent v2.15.0+incompatible/go.mod h1:a8Fv1b/fYhFSReoTU6HDkTYIMZeSVNffmoS726Y0LzQ= github.com/nkovacs/streamquote v0.0.0-20170412213628-49af9bddb229/go.mod h1:0aYXnNPJ8l7uZxf45rWW1a/uME32OF0rhiYGNQ2oF2E= -github.com/nrdcg/auroradns v1.0.0/go.mod h1:6JPXKzIRzZzMqtTDgueIhTi6rFf1QvYE/HzqidhOhjw= github.com/nrdcg/auroradns v1.0.1/go.mod h1:y4pc0i9QXYlFCWrhWrUSIETnZgrf4KuwjDIWmmXo3JI= github.com/nrdcg/dnspod-go v0.4.0/go.mod h1:vZSoFSFeQVm2gWLMkyX61LZ8HI3BaqtHZWgPTGKr6KQ= github.com/nrdcg/goinwx v0.6.1/go.mod h1:XPiut7enlbEdntAqalBIqcYcTEVhpv/dKWgDCX2SwKQ= @@ -520,6 +513,8 @@ github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pquerna/otp v1.0.0/go.mod h1:Zad1CMQfSQZI5KLpahDiSUX4tMMREnXw98IvL1nhgMk= @@ -570,7 +565,6 @@ github.com/ryanuber/go-glob v0.0.0-20170128012129-256dc444b735/go.mod h1:807d1WS github.com/sacloud/libsacloud v1.26.1/go.mod h1:79ZwATmHLIFZIMd7sxA3LwzVy/B77uj3LDoToVTxDoQ= github.com/samfoo/ansi v0.0.0-20160124022901-b6bd2ded7189 h1:CmSpbxmewNQbzqztaY0bke1qzHhyNyC29wYgh17Gxfo= github.com/samfoo/ansi v0.0.0-20160124022901-b6bd2ded7189/go.mod h1:UUwuHEJ9zkkPDxspIHOa59PUeSkGFljESGzbxntLmIg= -github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= github.com/securego/gosec v0.0.0-20191002120514-e680875ea14d/go.mod h1:w5+eXa0mYznDkHaMCXA4XYffjlH+cy1oyKbfzJXa2Do= github.com/securego/gosec v0.0.0-20200106085552-9cb83e10afad/go.mod h1:7fJLcv5NlMd4t9waQEDLgpZeE3nv4D5DMz5JuZZGufg= github.com/sergi/go-diff v1.0.0 h1:Kpca3qRNrduNnOQeazBd0ysaKrUJiIuISHxogkT9RPQ= @@ -671,7 +665,6 @@ github.com/timewasted/linode v0.0.0-20160829202747-37e84520dcf7/go.mod h1:imsgLp github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce/go.mod h1:o8v6yHRoik09Xen7gje4m9ERNah1d1PPsVq1VEx9vE4= github.com/tommy-muehle/go-mnd v1.1.1/go.mod h1:dSUh0FtTP8VhvkL1S+gUR1OKd9ZnSaozuI6r3m6wOig= -github.com/transip/gotransip v0.0.0-20190812104329-6d8d9179b66f/go.mod h1:i0f4R4o2HM0m3DZYQWsj6/MEowD57VzoH0v3d7igeFY= github.com/transip/gotransip/v6 v6.0.2/go.mod h1:pQZ36hWWRahCUXkFWlx9Hs711gLd8J4qdgLdRzmtY+g= github.com/uber-go/atomic v1.3.2/go.mod h1:/Ct5t2lcmbJ4OSe/waGBoaVvVqtO0bmtfVNex1PFV8g= github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= @@ -696,7 +689,6 @@ github.com/vultr/govultr v0.1.4/go.mod h1:9H008Uxr/C4vFNGLqKx232C206GL0PBHzOP080 github.com/weppos/publicsuffix-go v0.4.0/go.mod h1:z3LCPQ38eedDQSwmsSRW4Y7t2L8Ln16JPQ02lHAdn5k= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= -github.com/xeipuuv/gojsonschema v1.1.0/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs= github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= @@ -825,7 +817,6 @@ golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190930134127-c5a3c61f89f3/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191002035440-2ec189313ef0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191027093000-83d349e8ac1a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -1044,7 +1035,6 @@ gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKW gopkg.in/h2non/gock.v1 v1.0.15/go.mod h1:sX4zAkdYX1TRGJ2JY156cFspQn4yRWn6p9EMdODlynE= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.42.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/ini.v1 v1.44.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.51.1/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/natefinch/lumberjack.v2 v2.0.0 h1:1Lc07Kr7qY4U2YPouBjpCLxpiyxIVoxqXgkXLknAOE8= diff --git a/modules/caddyhttp/reverseproxy/healthchecks.go b/modules/caddyhttp/reverseproxy/healthchecks.go index 02d84387..96c9be25 100644 --- a/modules/caddyhttp/reverseproxy/healthchecks.go +++ b/modules/caddyhttp/reverseproxy/healthchecks.go @@ -19,10 +19,12 @@ import ( "fmt" "io" "io/ioutil" + "log" "net" "net/http" "net/url" "regexp" + "runtime/debug" "strconv" "time" @@ -124,6 +126,11 @@ type CircuitBreaker interface { // regular basis and blocks until // h.HealthChecks.Active.stopChan is closed. func (h *Handler) activeHealthChecker() { + defer func() { + if err := recover(); err != nil { + log.Printf("[PANIC] active health checks: %v\n%s", err, debug.Stack()) + } + }() ticker := time.NewTicker(time.Duration(h.HealthChecks.Active.Interval)) h.doActiveHealthCheckForAllHosts() for { @@ -143,6 +150,11 @@ func (h *Handler) activeHealthChecker() { func (h *Handler) doActiveHealthCheckForAllHosts() { for _, upstream := range h.Upstreams { go func(upstream *Upstream) { + defer func() { + if err := recover(); err != nil { + log.Printf("[PANIC] active health check: %v\n%s", err, debug.Stack()) + } + }() networkAddr := upstream.Dial addr, err := caddy.ParseNetworkAddress(networkAddr) if err != nil { @@ -335,6 +347,11 @@ func (h *Handler) countFailure(upstream *Upstream) { // forget it later go func(host Host, failDuration time.Duration) { + defer func() { + if err := recover(); err != nil { + log.Printf("[PANIC] health check failure forgetter: %v\n%s", err, debug.Stack()) + } + }() time.Sleep(failDuration) err := host.CountFail(-1) if err != nil { diff --git a/modules/caddypki/maintain.go b/modules/caddypki/maintain.go index 2fce0d92..c0b277d4 100644 --- a/modules/caddypki/maintain.go +++ b/modules/caddypki/maintain.go @@ -17,12 +17,20 @@ package caddypki import ( "crypto/x509" "fmt" + "log" + "runtime/debug" "time" "go.uber.org/zap" ) func (p *PKI) maintenance() { + defer func() { + if err := recover(); err != nil { + log.Printf("[PANIC] PKI maintenance: %v\n%s", err, debug.Stack()) + } + }() + ticker := time.NewTicker(10 * time.Minute) // TODO: make configurable defer ticker.Stop() diff --git a/modules/caddytls/distributedstek/distributedstek.go b/modules/caddytls/distributedstek/distributedstek.go index 6fc48a27..807f2bb2 100644 --- a/modules/caddytls/distributedstek/distributedstek.go +++ b/modules/caddytls/distributedstek/distributedstek.go @@ -28,6 +28,7 @@ import ( "encoding/json" "fmt" "log" + "runtime/debug" "time" "github.com/caddyserver/caddy/v2" @@ -193,6 +194,11 @@ func (s *Provider) rotateKeys(oldSTEK distributedSTEK) (distributedSTEK, error) // rotate rotates keys on a regular basis, sending each updated set of // keys down keysChan, until doneChan is closed. func (s *Provider) rotate(doneChan <-chan struct{}, keysChan chan<- [][32]byte) { + defer func() { + if err := recover(); err != nil { + log.Printf("[PANIC] distributed STEK rotation: %v\n%s", err, debug.Stack()) + } + }() for { select { case <-s.timer.C: diff --git a/modules/caddytls/sessiontickets.go b/modules/caddytls/sessiontickets.go index 258c1357..bfc5628a 100644 --- a/modules/caddytls/sessiontickets.go +++ b/modules/caddytls/sessiontickets.go @@ -20,6 +20,8 @@ import ( "encoding/json" "fmt" "io" + "log" + "runtime/debug" "sync" "time" @@ -118,6 +120,12 @@ func (s *SessionTicketService) start() error { // the keys whenever new ones are sent. It reads // from keysChan until s.stop() is called. func (s *SessionTicketService) stayUpdated() { + defer func() { + if err := recover(); err != nil { + log.Printf("[PANIC] session ticket service: %v\n%s", err, debug.Stack()) + } + }() + // this call is essential when Initialize() // returns without error, because the stop // channel is the only way the key source diff --git a/modules/caddytls/standardstek/stek.go b/modules/caddytls/standardstek/stek.go index eb609ca9..61cab0ee 100644 --- a/modules/caddytls/standardstek/stek.go +++ b/modules/caddytls/standardstek/stek.go @@ -16,6 +16,7 @@ package standardstek import ( "log" + "runtime/debug" "sync" "time" @@ -81,6 +82,11 @@ func (s *standardSTEKProvider) Next(doneChan <-chan struct{}) <-chan [][32]byte // rotate rotates keys on a regular basis, sending each updated set of // keys down keysChan, until doneChan is closed. func (s *standardSTEKProvider) rotate(doneChan <-chan struct{}, keysChan chan<- [][32]byte) { + defer func() { + if err := recover(); err != nil { + log.Printf("[PANIC] standard STEK rotation: %v\n%s", err, debug.Stack()) + } + }() for { select { case now := <-s.timer.C: diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go index 0e92f05a..7f2d23e8 100644 --- a/modules/caddytls/tls.go +++ b/modules/caddytls/tls.go @@ -19,9 +19,11 @@ import ( "encoding/json" "fmt" "io/ioutil" + "log" "net/http" "os" "path/filepath" + "runtime/debug" "strings" "sync" "time" @@ -367,6 +369,11 @@ func (t *TLS) keepStorageClean() { t.storageCleanTicker = time.NewTicker(storageCleanInterval) t.storageCleanStop = make(chan struct{}) go func() { + defer func() { + if err := recover(); err != nil { + log.Printf("[PANIC] storage cleaner: %v\n%s", err, debug.Stack()) + } + }() for { select { case <-t.storageCleanStop: From 90c7b4b0a1589b3b070b6268fd412d8f95f36eca Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Wed, 13 May 2020 09:52:20 -0600 Subject: [PATCH 0042/1498] reverseproxy: Apply response header ops before copying it (fix #3382) (#3401) --- modules/caddyhttp/reverseproxy/reverseproxy.go | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 9e0f6362..0b4bcdfb 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -510,6 +510,15 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, di Dia res.Header.Del(h) } + // apply any response header operations + if h.Headers != nil && h.Headers.Response != nil { + if h.Headers.Response.Require == nil || + h.Headers.Response.Require.Match(res.StatusCode, res.Header) { + repl := req.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) + h.Headers.Response.ApplyTo(res.Header, repl) + } + } + copyHeader(rw.Header(), res.Header) // The "Trailer" header isn't included in the Transport's response, @@ -523,15 +532,6 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, di Dia rw.Header().Add("Trailer", strings.Join(trailerKeys, ", ")) } - // apply any response header operations - if h.Headers != nil && h.Headers.Response != nil { - if h.Headers.Response.Require == nil || - h.Headers.Response.Require.Match(res.StatusCode, rw.Header()) { - repl := req.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) - h.Headers.Response.ApplyTo(rw.Header(), repl) - } - } - // TODO: there should be an option to return an error if the response // matches some criteria; would solve https://github.com/caddyserver/caddy/issues/1447 // by allowing the backend to determine whether this server should treat From cee5589b9856de299ea6960d60541d851498b7c3 Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Wed, 13 May 2020 20:11:31 +0300 Subject: [PATCH 0043/1498] docs: link to CEL standard definitions (#3407) * docs: link to CEL standard definitions * Rephrase the anchor to CEL standard definitions Co-authored-by: Matt Holt Co-authored-by: Matt Holt --- modules/caddyhttp/celmatcher.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/caddyhttp/celmatcher.go b/modules/caddyhttp/celmatcher.go index 19c7bca3..bede78f6 100644 --- a/modules/caddyhttp/celmatcher.go +++ b/modules/caddyhttp/celmatcher.go @@ -42,7 +42,8 @@ func init() { // MatchExpression matches requests by evaluating a // [CEL](https://github.com/google/cel-spec) expression. // This enables complex logic to be expressed using a comfortable, -// familiar syntax. +// familiar syntax. Please refer to +// [the standard definitions of CEL functions and operators](https://github.com/google/cel-spec/blob/master/doc/langdef.md#standard-definitions). // // This matcher's JSON interface is actually a string, not a struct. // The generated docs are not correct because this type has custom From 4df56c77e380cdfec5e23862f7faa8bd843022e6 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 13 May 2020 11:28:15 -0600 Subject: [PATCH 0044/1498] cmd: Add pidfile support (closes #3235) --- admin.go | 23 ++++++++++++++++------- caddy.go | 3 +++ cmd/commandfuncs.go | 15 +++++++++++++++ cmd/commands.go | 6 ++++-- 4 files changed, 38 insertions(+), 9 deletions(-) diff --git a/admin.go b/admin.go index 1d190667..e584a3bb 100644 --- a/admin.go +++ b/admin.go @@ -21,6 +21,7 @@ import ( "expvar" "fmt" "io" + "io/ioutil" "net" "net/http" "net/http/pprof" @@ -546,13 +547,6 @@ func handleUnload(w http.ResponseWriter, r *http.Request) error { Err: fmt.Errorf("method not allowed"), } } - currentCfgMu.RLock() - hasCfg := currentCfg != nil - currentCfgMu.RUnlock() - if !hasCfg { - Log().Named("admin.api").Info("nothing to unload") - return nil - } Log().Named("admin.api").Info("unloading") if err := stopAndCleanup(); err != nil { Log().Named("admin.api").Error("error unloading", zap.Error(err)) @@ -801,12 +795,27 @@ var ( } ) +// PIDFile writes a pidfile to the file at filename. It +// will get deleted before the process gracefully exits. +func PIDFile(filename string) error { + pid := []byte(strconv.Itoa(os.Getpid()) + "\n") + err := ioutil.WriteFile(filename, pid, 0644) + if err != nil { + return err + } + pidfile = filename + return nil +} + // idRegexp is used to match ID fields and their associated values // in the config. It also matches adjacent commas so that syntax // can be preserved no matter where in the object the field appears. // It supports string and most numeric values. var idRegexp = regexp.MustCompile(`(?m),?\s*"` + idKey + `"\s*:\s*(-?[0-9]+(\.[0-9]+)?|(?U)".*")\s*,?`) +// pidfile is the name of the pidfile, if any. +var pidfile string + const ( rawConfigKey = "config" idKey = "@id" diff --git a/caddy.go b/caddy.go index 1184bc97..00926410 100644 --- a/caddy.go +++ b/caddy.go @@ -470,6 +470,9 @@ func stopAndCleanup() error { return err } certmagic.CleanUpOwnLocks() + if pidfile != "" { + os.Remove(pidfile) + } return nil } diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go index efdcfdca..f9e10331 100644 --- a/cmd/commandfuncs.go +++ b/cmd/commandfuncs.go @@ -41,6 +41,7 @@ import ( func cmdStart(fl Flags) (int, error) { startCmdConfigFlag := fl.String("config") startCmdConfigAdapterFlag := fl.String("adapter") + startCmdPidfileFlag := fl.String("pidfile") startCmdWatchFlag := fl.Bool("watch") // open a listener to which the child process will connect when @@ -71,6 +72,9 @@ func cmdStart(fl Flags) (int, error) { if startCmdWatchFlag { cmd.Args = append(cmd.Args, "--watch") } + if startCmdPidfileFlag != "" { + cmd.Args = append(cmd.Args, "--pidfile", startCmdPidfileFlag) + } stdinpipe, err := cmd.StdinPipe() if err != nil { return caddy.ExitCodeFailedStartup, @@ -149,6 +153,7 @@ func cmdRun(fl Flags) (int, error) { runCmdResumeFlag := fl.Bool("resume") runCmdPrintEnvFlag := fl.Bool("environ") runCmdWatchFlag := fl.Bool("watch") + runCmdPidfileFlag := fl.String("pidfile") runCmdPingbackFlag := fl.String("pingback") // if we are supposed to print the environment, do that first @@ -225,6 +230,16 @@ func cmdRun(fl Flags) (int, error) { go watchConfigFile(configFile, runCmdConfigAdapterFlag) } + // create pidfile + if runCmdPidfileFlag != "" { + err := caddy.PIDFile(runCmdPidfileFlag) + if err != nil { + caddy.Log().Error("unable to write PID file", + zap.String("pidfile", runCmdPidfileFlag), + zap.Error(err)) + } + } + // warn if the environment does not provide enough information about the disk hasXDG := os.Getenv("XDG_DATA_HOME") != "" && os.Getenv("XDG_CONFIG_HOME") != "" && diff --git a/cmd/commands.go b/cmd/commands.go index e02f6a08..5a40b1d9 100644 --- a/cmd/commands.go +++ b/cmd/commands.go @@ -74,7 +74,7 @@ func init() { RegisterCommand(Command{ Name: "start", Func: cmdStart, - Usage: "[--config [--adapter ]] [--watch]", + Usage: "[--config [--adapter ]] [--watch] [--pidfile ]", Short: "Starts the Caddy process in the background and then returns", Long: ` Starts the Caddy process, optionally bootstrapped with an initial config file. @@ -87,6 +87,7 @@ using 'caddy run' instead to keep it in the foreground.`, fs := flag.NewFlagSet("start", flag.ExitOnError) fs.String("config", "", "Configuration file") fs.String("adapter", "", "Name of config adapter to apply") + fs.String("pidfile", "", "Path of file to which to write process ID") fs.Bool("watch", false, "Reload changed config file automatically") return fs }(), @@ -95,7 +96,7 @@ using 'caddy run' instead to keep it in the foreground.`, RegisterCommand(Command{ Name: "run", Func: cmdRun, - Usage: "[--config [--adapter ]] [--environ] [--watch]", + Usage: "[--config [--adapter ]] [--environ] [--resume] [--watch] [--pidfile ]", Short: `Starts the Caddy process and blocks indefinitely`, Long: ` Starts the Caddy process, optionally bootstrapped with an initial config file, @@ -132,6 +133,7 @@ development environment.`, fs.Bool("environ", false, "Print environment") fs.Bool("resume", false, "Use saved config, if any (and prefer over --config file)") fs.Bool("watch", false, "Watch config file for changes and reload it automatically") + fs.String("pidfile", "", "Path of file to which to write process ID") fs.String("pingback", "", "Echo confirmation bytes to this address on success") return fs }(), From bde3823b76b457a933e684cd096ca84fc6378997 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Thu, 14 May 2020 17:53:28 -0400 Subject: [PATCH 0045/1498] caddytest: Refactor Caddyfile adapt tests to separate files (#3398) --- caddytest/caddytest.go | 21 +- .../caddyfile_adapt/global_options.txt | 71 ++ .../http_only_on_any_address.txt | 37 ++ .../caddyfile_adapt/http_only_on_domain.txt | 59 ++ .../http_only_on_localhost.txt | 54 ++ .../http_only_on_non_standard_port.txt | 59 ++ .../caddyfile_adapt/https_on_domain.txt | 54 ++ .../caddyfile_adapt/log_roll_days.txt | 47 ++ .../caddyfile_adapt/matcher_syntax.txt | 77 +++ .../caddyfile_adapt/not_block_merging.txt | 49 ++ .../shorthand_parameterized_placeholders.txt | 43 ++ caddytest/integration/caddyfile_adapt_test.go | 612 ++---------------- 12 files changed, 601 insertions(+), 582 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/global_options.txt create mode 100644 caddytest/integration/caddyfile_adapt/http_only_on_any_address.txt create mode 100644 caddytest/integration/caddyfile_adapt/http_only_on_domain.txt create mode 100644 caddytest/integration/caddyfile_adapt/http_only_on_localhost.txt create mode 100644 caddytest/integration/caddyfile_adapt/http_only_on_non_standard_port.txt create mode 100644 caddytest/integration/caddyfile_adapt/https_on_domain.txt create mode 100644 caddytest/integration/caddyfile_adapt/log_roll_days.txt create mode 100644 caddytest/integration/caddyfile_adapt/matcher_syntax.txt create mode 100644 caddytest/integration/caddyfile_adapt/not_block_merging.txt create mode 100644 caddytest/integration/caddyfile_adapt/shorthand_parameterized_placeholders.txt diff --git a/caddytest/caddytest.go b/caddytest/caddytest.go index 059b3e17..1dda345f 100644 --- a/caddytest/caddytest.go +++ b/caddytest/caddytest.go @@ -321,13 +321,13 @@ func (tc *Tester) AssertRedirect(requestURI string, expectedToLocation string, e return resp } -// AssertAdapt adapts a config and then tests it against an expected result -func AssertAdapt(t *testing.T, rawConfig string, adapterName string, expectedResponse string) { +// CompareAdapt adapts a config and then compares it against an expected result +func CompareAdapt(t *testing.T, rawConfig string, adapterName string, expectedResponse string) bool { cfgAdapter := caddyconfig.GetAdapter(adapterName) if cfgAdapter == nil { - t.Errorf("unrecognized config adapter '%s'", adapterName) - return + t.Logf("unrecognized config adapter '%s'", adapterName) + return false } options := make(map[string]interface{}) @@ -335,8 +335,8 @@ func AssertAdapt(t *testing.T, rawConfig string, adapterName string, expectedRes result, warnings, err := cfgAdapter.Adapt([]byte(rawConfig), options) if err != nil { - t.Errorf("adapting config using %s adapter: %v", adapterName, err) - return + t.Logf("adapting config using %s adapter: %v", adapterName, err) + return false } if len(warnings) > 0 { @@ -369,6 +369,15 @@ func AssertAdapt(t *testing.T, rawConfig string, adapterName string, expectedRes fmt.Printf(" + %s\n", d.Payload) } } + return false + } + return true +} + +// AssertAdapt adapts a config and then tests it against an expected result +func AssertAdapt(t *testing.T, rawConfig string, adapterName string, expectedResponse string) { + ok := CompareAdapt(t, rawConfig, adapterName, expectedResponse) + if !ok { t.Fail() } } diff --git a/caddytest/integration/caddyfile_adapt/global_options.txt b/caddytest/integration/caddyfile_adapt/global_options.txt new file mode 100644 index 00000000..33836ff7 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/global_options.txt @@ -0,0 +1,71 @@ +{ + debug + http_port 8080 + https_port 8443 + default_sni localhost + order root first + storage file_system { + root /data + } + acme_ca https://example.com + acme_ca_root /path/to/ca.crt + email test@example.com + admin off + on_demand_tls { + ask https://example.com + interval 30s + burst 20 + } + local_certs + key_type ed25519 +} + +:80 +---------- +{ + "admin": { + "disabled": true + }, + "logging": { + "logs": { + "default": { + "level": "DEBUG" + } + } + }, + "storage": { + "module": "file_system", + "root": "/data" + }, + "apps": { + "http": { + "http_port": 8080, + "https_port": 8443, + "servers": { + "srv0": { + "listen": [ + ":80" + ] + } + } + }, + "tls": { + "automation": { + "policies": [ + { + "issuer": { + "module": "internal" + } + } + ], + "on_demand": { + "rate_limit": { + "interval": 30000000000, + "burst": 20 + }, + "ask": "https://example.com" + } + } + } + } +} \ No newline at end of file diff --git a/caddytest/integration/caddyfile_adapt/http_only_on_any_address.txt b/caddytest/integration/caddyfile_adapt/http_only_on_any_address.txt new file mode 100644 index 00000000..8af2c333 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/http_only_on_any_address.txt @@ -0,0 +1,37 @@ +:80 { + respond /version 200 { + body "hello from localhost" + } +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":80" + ], + "routes": [ + { + "match": [ + { + "path": [ + "/version" + ] + } + ], + "handle": [ + { + "body": "hello from localhost", + "handler": "static_response", + "status_code": 200 + } + ] + } + ] + } + } + } + } +} \ No newline at end of file diff --git a/caddytest/integration/caddyfile_adapt/http_only_on_domain.txt b/caddytest/integration/caddyfile_adapt/http_only_on_domain.txt new file mode 100644 index 00000000..83e77598 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/http_only_on_domain.txt @@ -0,0 +1,59 @@ +http://a.caddy.localhost { + respond /version 200 { + body "hello from localhost" + } +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":80" + ], + "routes": [ + { + "match": [ + { + "host": [ + "a.caddy.localhost" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "body": "hello from localhost", + "handler": "static_response", + "status_code": 200 + } + ], + "match": [ + { + "path": [ + "/version" + ] + } + ] + } + ] + } + ], + "terminal": true + } + ], + "automatic_https": { + "skip": [ + "a.caddy.localhost" + ] + } + } + } + } + } +} \ No newline at end of file diff --git a/caddytest/integration/caddyfile_adapt/http_only_on_localhost.txt b/caddytest/integration/caddyfile_adapt/http_only_on_localhost.txt new file mode 100644 index 00000000..13326f65 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/http_only_on_localhost.txt @@ -0,0 +1,54 @@ +localhost:80 { + respond /version 200 { + body "hello from localhost" + } +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":80" + ], + "routes": [ + { + "match": [ + { + "host": [ + "localhost" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "body": "hello from localhost", + "handler": "static_response", + "status_code": 200 + } + ], + "match": [ + { + "path": [ + "/version" + ] + } + ] + } + ] + } + ], + "terminal": true + } + ] + } + } + } + } +} \ No newline at end of file diff --git a/caddytest/integration/caddyfile_adapt/http_only_on_non_standard_port.txt b/caddytest/integration/caddyfile_adapt/http_only_on_non_standard_port.txt new file mode 100644 index 00000000..65d86bbe --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/http_only_on_non_standard_port.txt @@ -0,0 +1,59 @@ +http://a.caddy.localhost:81 { + respond /version 200 { + body "hello from localhost" + } +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":81" + ], + "routes": [ + { + "match": [ + { + "host": [ + "a.caddy.localhost" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "body": "hello from localhost", + "handler": "static_response", + "status_code": 200 + } + ], + "match": [ + { + "path": [ + "/version" + ] + } + ] + } + ] + } + ], + "terminal": true + } + ], + "automatic_https": { + "skip": [ + "a.caddy.localhost" + ] + } + } + } + } + } +} \ No newline at end of file diff --git a/caddytest/integration/caddyfile_adapt/https_on_domain.txt b/caddytest/integration/caddyfile_adapt/https_on_domain.txt new file mode 100644 index 00000000..fc584c53 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/https_on_domain.txt @@ -0,0 +1,54 @@ +a.caddy.localhost { + respond /version 200 { + body "hello from localhost" + } +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "a.caddy.localhost" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "body": "hello from localhost", + "handler": "static_response", + "status_code": 200 + } + ], + "match": [ + { + "path": [ + "/version" + ] + } + ] + } + ] + } + ], + "terminal": true + } + ] + } + } + } + } +} \ No newline at end of file diff --git a/caddytest/integration/caddyfile_adapt/log_roll_days.txt b/caddytest/integration/caddyfile_adapt/log_roll_days.txt new file mode 100644 index 00000000..2d146f9c --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/log_roll_days.txt @@ -0,0 +1,47 @@ +:80 + +log { + output file /var/log/access.log { + roll_size 1gb + roll_keep 5 + roll_keep_for 90d + } +} +---------- +{ + "logging": { + "logs": { + "default": { + "exclude": [ + "http.log.access.log0" + ] + }, + "log0": { + "writer": { + "filename": "/var/log/access.log", + "output": "file", + "roll_keep": 5, + "roll_keep_days": 90, + "roll_size_mb": 954 + }, + "include": [ + "http.log.access.log0" + ] + } + } + }, + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":80" + ], + "logs": { + "default_logger_name": "log0" + } + } + } + } + } +} \ No newline at end of file diff --git a/caddytest/integration/caddyfile_adapt/matcher_syntax.txt b/caddytest/integration/caddyfile_adapt/matcher_syntax.txt new file mode 100644 index 00000000..8cabc582 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/matcher_syntax.txt @@ -0,0 +1,77 @@ +:80 { + @matcher { + method GET + } + respond @matcher "get" + + @matcher2 method POST + respond @matcher2 "post" + + @matcher3 not method PUT + respond @matcher3 "not put" +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":80" + ], + "routes": [ + { + "match": [ + { + "method": [ + "GET" + ] + } + ], + "handle": [ + { + "body": "get", + "handler": "static_response" + } + ] + }, + { + "match": [ + { + "method": [ + "POST" + ] + } + ], + "handle": [ + { + "body": "post", + "handler": "static_response" + } + ] + }, + { + "match": [ + { + "not": [ + { + "method": [ + "PUT" + ] + } + ] + } + ], + "handle": [ + { + "body": "not put", + "handler": "static_response" + } + ] + } + ] + } + } + } + } +} \ No newline at end of file diff --git a/caddytest/integration/caddyfile_adapt/not_block_merging.txt b/caddytest/integration/caddyfile_adapt/not_block_merging.txt new file mode 100644 index 00000000..c41a7496 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/not_block_merging.txt @@ -0,0 +1,49 @@ +:80 + +@test { + not { + header Abc "123" + header Bcd "123" + } +} +respond @test 403 +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":80" + ], + "routes": [ + { + "match": [ + { + "not": [ + { + "header": { + "Abc": [ + "123" + ], + "Bcd": [ + "123" + ] + } + } + ] + } + ], + "handle": [ + { + "handler": "static_response", + "status_code": 403 + } + ] + } + ] + } + } + } + } +} \ No newline at end of file diff --git a/caddytest/integration/caddyfile_adapt/shorthand_parameterized_placeholders.txt b/caddytest/integration/caddyfile_adapt/shorthand_parameterized_placeholders.txt new file mode 100644 index 00000000..d5c35b3c --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/shorthand_parameterized_placeholders.txt @@ -0,0 +1,43 @@ +localhost:80 +respond * "{header.content-type} {labels.0} {query.p} {path.0} {re.name.0}" +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":80" + ], + "routes": [ + { + "match": [ + { + "host": [ + "localhost" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "body": "{http.request.header.content-type} {http.request.host.labels.0} {http.request.uri.query.p} {http.request.uri.path.0} {http.regexp.name.0}", + "handler": "static_response" + } + ] + } + ] + } + ], + "terminal": true + } + ] + } + } + } + } +} \ No newline at end of file diff --git a/caddytest/integration/caddyfile_adapt_test.go b/caddytest/integration/caddyfile_adapt_test.go index 280e22ea..bfe22ada 100644 --- a/caddytest/integration/caddyfile_adapt_test.go +++ b/caddytest/integration/caddyfile_adapt_test.go @@ -1,587 +1,47 @@ package integration import ( + "io/ioutil" + "regexp" + "strings" "testing" "github.com/caddyserver/caddy/v2/caddytest" ) -func TestHttpOnlyOnLocalhost(t *testing.T) { - caddytest.AssertAdapt(t, ` - localhost:80 { - respond /version 200 { - body "hello from localhost" +func TestCaddyfileAdaptToJSON(t *testing.T) { + // load the list of test files from the dir + files, err := ioutil.ReadDir("./caddyfile_adapt") + if err != nil { + t.Errorf("failed to read caddyfile_adapt dir: %s", err) + } + + // prep a regexp to fix strings on windows + winNewlines := regexp.MustCompile(`\r?\n`) + + for _, f := range files { + if f.IsDir() { + continue + } + + // read the test file + filename := f.Name() + data, err := ioutil.ReadFile("./caddyfile_adapt/" + filename) + if err != nil { + t.Errorf("failed to read %s dir: %s", filename, err) + } + + // split the Caddyfile (first) and JSON (second) parts + parts := strings.Split(string(data), "----------") + caddyfile, json := strings.TrimSpace(parts[0]), strings.TrimSpace(parts[1]) + + // replace windows newlines in the json with unix newlines + json = winNewlines.ReplaceAllString(json, "\n") + + // run the test + ok := caddytest.CompareAdapt(t, caddyfile, "caddyfile", json) + if !ok { + t.Errorf("failed to adapt %s", filename) } } - `, "caddyfile", `{ - "apps": { - "http": { - "servers": { - "srv0": { - "listen": [ - ":80" - ], - "routes": [ - { - "match": [ - { - "host": [ - "localhost" - ] - } - ], - "handle": [ - { - "handler": "subroute", - "routes": [ - { - "handle": [ - { - "body": "hello from localhost", - "handler": "static_response", - "status_code": 200 - } - ], - "match": [ - { - "path": [ - "/version" - ] - } - ] - } - ] - } - ], - "terminal": true - } - ] - } - } - } - } -}`) -} - -func TestHttpOnlyOnAnyAddress(t *testing.T) { - caddytest.AssertAdapt(t, ` - :80 { - respond /version 200 { - body "hello from localhost" - } - } - `, "caddyfile", `{ - "apps": { - "http": { - "servers": { - "srv0": { - "listen": [ - ":80" - ], - "routes": [ - { - "match": [ - { - "path": [ - "/version" - ] - } - ], - "handle": [ - { - "body": "hello from localhost", - "handler": "static_response", - "status_code": 200 - } - ] - } - ] - } - } - } - } -}`) -} - -func TestHttpsOnDomain(t *testing.T) { - caddytest.AssertAdapt(t, ` - a.caddy.localhost { - respond /version 200 { - body "hello from localhost" - } - } - `, "caddyfile", `{ - "apps": { - "http": { - "servers": { - "srv0": { - "listen": [ - ":443" - ], - "routes": [ - { - "match": [ - { - "host": [ - "a.caddy.localhost" - ] - } - ], - "handle": [ - { - "handler": "subroute", - "routes": [ - { - "handle": [ - { - "body": "hello from localhost", - "handler": "static_response", - "status_code": 200 - } - ], - "match": [ - { - "path": [ - "/version" - ] - } - ] - } - ] - } - ], - "terminal": true - } - ] - } - } - } - } -}`) -} - -func TestHttpOnlyOnDomain(t *testing.T) { - caddytest.AssertAdapt(t, ` - http://a.caddy.localhost { - respond /version 200 { - body "hello from localhost" - } - } - `, "caddyfile", `{ - "apps": { - "http": { - "servers": { - "srv0": { - "listen": [ - ":80" - ], - "routes": [ - { - "match": [ - { - "host": [ - "a.caddy.localhost" - ] - } - ], - "handle": [ - { - "handler": "subroute", - "routes": [ - { - "handle": [ - { - "body": "hello from localhost", - "handler": "static_response", - "status_code": 200 - } - ], - "match": [ - { - "path": [ - "/version" - ] - } - ] - } - ] - } - ], - "terminal": true - } - ], - "automatic_https": { - "skip": [ - "a.caddy.localhost" - ] - } - } - } - } - } -}`) -} - -func TestHttpOnlyOnNonStandardPort(t *testing.T) { - caddytest.AssertAdapt(t, ` - http://a.caddy.localhost:81 { - respond /version 200 { - body "hello from localhost" - } - } - `, "caddyfile", `{ - "apps": { - "http": { - "servers": { - "srv0": { - "listen": [ - ":81" - ], - "routes": [ - { - "match": [ - { - "host": [ - "a.caddy.localhost" - ] - } - ], - "handle": [ - { - "handler": "subroute", - "routes": [ - { - "handle": [ - { - "body": "hello from localhost", - "handler": "static_response", - "status_code": 200 - } - ], - "match": [ - { - "path": [ - "/version" - ] - } - ] - } - ] - } - ], - "terminal": true - } - ], - "automatic_https": { - "skip": [ - "a.caddy.localhost" - ] - } - } - } - } - } -}`) -} - -func TestMatcherSyntax(t *testing.T) { - caddytest.AssertAdapt(t, ` - :80 { - @matcher { - method GET - } - respond @matcher "get" - - @matcher2 method POST - respond @matcher2 "post" - - @matcher3 not method PUT - respond @matcher3 "not put" - } - `, "caddyfile", `{ - "apps": { - "http": { - "servers": { - "srv0": { - "listen": [ - ":80" - ], - "routes": [ - { - "match": [ - { - "method": [ - "GET" - ] - } - ], - "handle": [ - { - "body": "get", - "handler": "static_response" - } - ] - }, - { - "match": [ - { - "method": [ - "POST" - ] - } - ], - "handle": [ - { - "body": "post", - "handler": "static_response" - } - ] - }, - { - "match": [ - { - "not": [ - { - "method": [ - "PUT" - ] - } - ] - } - ], - "handle": [ - { - "body": "not put", - "handler": "static_response" - } - ] - } - ] - } - } - } - } -}`) -} - -func TestNotBlockMerging(t *testing.T) { - caddytest.AssertAdapt(t, ` - :80 - - @test { - not { - header Abc "123" - header Bcd "123" - } - } - respond @test 403 - `, "caddyfile", `{ - "apps": { - "http": { - "servers": { - "srv0": { - "listen": [ - ":80" - ], - "routes": [ - { - "match": [ - { - "not": [ - { - "header": { - "Abc": [ - "123" - ], - "Bcd": [ - "123" - ] - } - } - ] - } - ], - "handle": [ - { - "handler": "static_response", - "status_code": 403 - } - ] - } - ] - } - } - } - } -}`) -} - -func TestGlobalOptions(t *testing.T) { - caddytest.AssertAdapt(t, ` - { - debug - http_port 8080 - https_port 8443 - default_sni localhost - order root first - storage file_system { - root /data - } - acme_ca https://example.com - acme_ca_root /path/to/ca.crt - email test@example.com - admin off - on_demand_tls { - ask https://example.com - interval 30s - burst 20 - } - local_certs - key_type ed25519 - } - - :80 - `, "caddyfile", `{ - "admin": { - "disabled": true - }, - "logging": { - "logs": { - "default": { - "level": "DEBUG" - } - } - }, - "storage": { - "module": "file_system", - "root": "/data" - }, - "apps": { - "http": { - "http_port": 8080, - "https_port": 8443, - "servers": { - "srv0": { - "listen": [ - ":80" - ] - } - } - }, - "tls": { - "automation": { - "policies": [ - { - "issuer": { - "module": "internal" - } - } - ], - "on_demand": { - "rate_limit": { - "interval": 30000000000, - "burst": 20 - }, - "ask": "https://example.com" - } - } - } - } -}`) -} - -func TestLogRollDays(t *testing.T) { - caddytest.AssertAdapt(t, ` - :80 - - log { - output file /var/log/access.log { - roll_size 1gb - roll_keep 5 - roll_keep_for 90d - } - } - `, "caddyfile", `{ - "logging": { - "logs": { - "default": { - "exclude": [ - "http.log.access.log0" - ] - }, - "log0": { - "writer": { - "filename": "/var/log/access.log", - "output": "file", - "roll_keep": 5, - "roll_keep_days": 90, - "roll_size_mb": 954 - }, - "include": [ - "http.log.access.log0" - ] - } - } - }, - "apps": { - "http": { - "servers": { - "srv0": { - "listen": [ - ":80" - ], - "logs": { - "default_logger_name": "log0" - } - } - } - } - } -}`) -} - -func TestShorthandParameterizedPlaceholders(t *testing.T) { - caddytest.AssertAdapt(t, ` - localhost:80 - respond * "{header.content-type} {labels.0} {query.p} {path.0} {re.name.0}" - `, "caddyfile", `{ - "apps": { - "http": { - "servers": { - "srv0": { - "listen": [ - ":80" - ], - "routes": [ - { - "match": [ - { - "host": [ - "localhost" - ] - } - ], - "handle": [ - { - "handler": "subroute", - "routes": [ - { - "handle": [ - { - "body": "{http.request.header.content-type} {http.request.host.labels.0} {http.request.uri.query.p} {http.request.uri.path.0} {http.regexp.name.0}", - "handler": "static_response" - } - ] - } - ] - } - ], - "terminal": true - } - ] - } - } - } - } -}`) } From 62c9f2cf3e86f8aaea7a1583f09adb6b8007cfe6 Mon Sep 17 00:00:00 2001 From: elcore Date: Fri, 15 May 2020 23:49:51 +0200 Subject: [PATCH 0046/1498] cmd: Add --envfile flag to run command (#3278) * run: Add the possibility to load an env file * run: change envfile flag var * run: do not ignore err values * Apply suggestions from code review Co-authored-by: Matt Holt Co-authored-by: Matt Holt --- cmd/commandfuncs.go | 9 ++++++ cmd/commands.go | 6 +++- cmd/main.go | 68 +++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 82 insertions(+), 1 deletion(-) diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go index f9e10331..a8247895 100644 --- a/cmd/commandfuncs.go +++ b/cmd/commandfuncs.go @@ -151,11 +151,20 @@ func cmdRun(fl Flags) (int, error) { runCmdConfigFlag := fl.String("config") runCmdConfigAdapterFlag := fl.String("adapter") runCmdResumeFlag := fl.Bool("resume") + runCmdLoadEnvfileFlag := fl.String("envfile") runCmdPrintEnvFlag := fl.Bool("environ") runCmdWatchFlag := fl.Bool("watch") runCmdPidfileFlag := fl.String("pidfile") runCmdPingbackFlag := fl.String("pingback") + // load all additional envs as soon as possible + if runCmdLoadEnvfileFlag != "" { + if err := loadEnvFromFile(runCmdLoadEnvfileFlag); err != nil { + return caddy.ExitCodeFailedStartup, + fmt.Errorf("loading additional environment variables: %v", err) + } + } + // if we are supposed to print the environment, do that first if runCmdPrintEnvFlag { printEnvironment() diff --git a/cmd/commands.go b/cmd/commands.go index 5a40b1d9..99d5245c 100644 --- a/cmd/commands.go +++ b/cmd/commands.go @@ -96,7 +96,7 @@ using 'caddy run' instead to keep it in the foreground.`, RegisterCommand(Command{ Name: "run", Func: cmdRun, - Usage: "[--config [--adapter ]] [--environ] [--resume] [--watch] [--pidfile ]", + Usage: "[--config [--adapter ]] [--envfile ] [--environ] [--resume] [--watch] [--pidfile ]", Short: `Starts the Caddy process and blocks indefinitely`, Long: ` Starts the Caddy process, optionally bootstrapped with an initial config file, @@ -116,6 +116,9 @@ As a special case, if the current working directory has a file called that file will be loaded and used to configure Caddy, even without any command line flags. +If --envfile is specified, an environment file with environment variables in +the KEY=VALUE format will be loaded into the Caddy process. + If --environ is specified, the environment as seen by the Caddy process will be printed before starting. This is the same as the environ command but does not quit after printing, and can be useful for troubleshooting. @@ -130,6 +133,7 @@ development environment.`, fs := flag.NewFlagSet("run", flag.ExitOnError) fs.String("config", "", "Configuration file") fs.String("adapter", "", "Name of config adapter to apply") + fs.String("envfile", "", "Environment file to load") fs.Bool("environ", false, "Print environment") fs.Bool("resume", false, "Use saved config, if any (and prefer over --config file)") fs.Bool("watch", false, "Watch config file for changes and reload it automatically") diff --git a/cmd/main.go b/cmd/main.go index 7e8d9b73..4fd8d681 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -15,6 +15,7 @@ package caddycmd import ( + "bufio" "bytes" "flag" "fmt" @@ -339,6 +340,73 @@ func flagHelp(fs *flag.FlagSet) string { return buf.String() } +func loadEnvFromFile(envFile string) error { + file, err := os.Open(envFile) + if err != nil { + return fmt.Errorf("reading environment file: %v", err) + } + defer file.Close() + + envMap, err := parseEnvFile(file) + if err != nil { + return fmt.Errorf("parsing environment file: %v", err) + } + + for k, v := range envMap { + if err := os.Setenv(k, v); err != nil { + return fmt.Errorf("setting environment variables: %v", err) + } + } + + return nil +} + +func parseEnvFile(envInput io.Reader) (map[string]string, error) { + envMap := make(map[string]string) + + scanner := bufio.NewScanner(envInput) + var line string + lineNumber := 0 + + for scanner.Scan() { + line = strings.TrimSpace(scanner.Text()) + lineNumber++ + + // skip lines starting with comment + if strings.HasPrefix(line, "#") { + continue + } + + // skip empty line + if len(line) == 0 { + continue + } + + fields := strings.SplitN(line, "=", 2) + if len(fields) != 2 { + return nil, fmt.Errorf("can't parse line %d; line should be in KEY=VALUE format", lineNumber) + } + + if strings.Contains(fields[0], " ") { + return nil, fmt.Errorf("bad key on line %d: contains whitespace", lineNumber) + } + + key := fields[0] + val := fields[1] + + if key == "" { + return nil, fmt.Errorf("missing or empty key on line %d", lineNumber) + } + envMap[key] = val + } + + if err := scanner.Err(); err != nil { + return nil, err + } + + return envMap, nil +} + func printEnvironment() { fmt.Printf("caddy.HomeDir=%s\n", caddy.HomeDir()) fmt.Printf("caddy.AppDataDir=%s\n", caddy.AppDataDir()) From 21de227fe94508d0e259dfd803b482055b214640 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Fri, 15 May 2020 17:57:16 -0400 Subject: [PATCH 0047/1498] httpcaddyfile: Be stricter about `log` syntax (#3419) --- caddyconfig/httpcaddyfile/builtins.go | 5 ++ caddyconfig/httpcaddyfile/builtins_test.go | 62 ++++++++++++++++++++++ 2 files changed, 67 insertions(+) create mode 100644 caddyconfig/httpcaddyfile/builtins_test.go diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index 4cc453e9..2bb9b907 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -469,6 +469,11 @@ func parseHandleErrors(h Helper) ([]ConfigValue, error) { func parseLog(h Helper) ([]ConfigValue, error) { var configValues []ConfigValue for h.Next() { + // log does not currently support any arguments + if h.NextArg() { + return nil, h.ArgErr() + } + cl := new(caddy.CustomLog) for h.NextBlock(0) { diff --git a/caddyconfig/httpcaddyfile/builtins_test.go b/caddyconfig/httpcaddyfile/builtins_test.go new file mode 100644 index 00000000..a255538c --- /dev/null +++ b/caddyconfig/httpcaddyfile/builtins_test.go @@ -0,0 +1,62 @@ +package httpcaddyfile + +import ( + "testing" + + "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" + _ "github.com/caddyserver/caddy/v2/modules/logging" +) + +func TestLogDirectiveSyntax(t *testing.T) { + for i, tc := range []struct { + input string + expectWarn bool + expectError bool + }{ + { + input: `:8080 { + log + } + `, + expectWarn: false, + expectError: false, + }, + { + input: `:8080 { + log { + output file foo.log + } + } + `, + expectWarn: false, + expectError: false, + }, + { + input: `:8080 { + log /foo { + output file foo.log + } + } + `, + expectWarn: false, + expectError: true, + }, + } { + + adapter := caddyfile.Adapter{ + ServerType: ServerType{}, + } + + _, warnings, err := adapter.Adapt([]byte(tc.input), nil) + + if len(warnings) > 0 != tc.expectWarn { + t.Errorf("Test %d warning expectation failed Expected: %v, got %v", i, tc.expectWarn, warnings) + continue + } + + if err != nil != tc.expectError { + t.Errorf("Test %d error expectation failed Expected: %v, got %s", i, tc.expectError, err) + continue + } + } +} From 3fb2c394d130318b893509389f49554067dcdfec Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Sun, 17 May 2020 17:12:34 -0600 Subject: [PATCH 0048/1498] go.mod: Update dependencies Notably, this adds Caddyfile syntax highlighting in markdown rendering --- go.mod | 6 +++--- go.sum | 22 ++++++++++++++++------ 2 files changed, 19 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index ced106f0..c1e47a3e 100644 --- a/go.mod +++ b/go.mod @@ -4,14 +4,14 @@ go 1.14 require ( github.com/Masterminds/sprig/v3 v3.1.0 - github.com/alecthomas/chroma v0.7.2 + github.com/alecthomas/chroma v0.7.4-0.20200517063913-500529fd43c1 github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a github.com/caddyserver/certmagic v0.10.13 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-acme/lego/v3 v3.7.0 github.com/go-chi/chi v4.1.1+incompatible github.com/gogo/protobuf v1.3.1 - github.com/google/cel-go v0.4.2 + github.com/google/cel-go v0.5.0 github.com/jsternberg/zap-logfmt v1.2.0 github.com/klauspost/compress v1.10.5 github.com/klauspost/cpuid v1.2.4 @@ -30,6 +30,6 @@ require ( golang.org/x/net v0.0.0-20200425230154-ff2c4b7c35a0 google.golang.org/genproto v0.0.0-20200413115906-b5235f65be36 gopkg.in/natefinch/lumberjack.v2 v2.0.0 - gopkg.in/yaml.v2 v2.2.8 + gopkg.in/yaml.v2 v2.3.0 howett.net/plist v0.0.0-20200225050739-77e249a2e2ba // indirect ) diff --git a/go.sum b/go.sum index 97618efa..a6d8624e 100644 --- a/go.sum +++ b/go.sum @@ -80,12 +80,13 @@ github.com/alangpierce/go-forceexport v0.0.0-20160317203124-8f1d6941cd75/go.mod github.com/alecthomas/assert v0.0.0-20170929043011-405dbfeb8e38 h1:smF2tmSOzy2Mm+0dGI2AIUHY+w0BUc+4tn40djz7+6U= github.com/alecthomas/assert v0.0.0-20170929043011-405dbfeb8e38/go.mod h1:r7bzyVFMNntcxPZXK3/+KdruV1H5KSlyVY0gc+NgInI= github.com/alecthomas/chroma v0.7.2-0.20200305040604-4f3623dce67a/go.mod h1:fv5SzZPFJbwp2NXJWpFIX7DZS4HgV1K4ew4Pc2OZD9s= -github.com/alecthomas/chroma v0.7.2 h1:B76NU/zbQYIUhUowbi4fmvREmDUJLsUzKWTZmQd3ABY= -github.com/alecthomas/chroma v0.7.2/go.mod h1:fv5SzZPFJbwp2NXJWpFIX7DZS4HgV1K4ew4Pc2OZD9s= +github.com/alecthomas/chroma v0.7.4-0.20200517063913-500529fd43c1 h1:9jsf8ot7rz1BywS9yYLkSiIeqU8LQw1D8gXVgdqsbvs= +github.com/alecthomas/chroma v0.7.4-0.20200517063913-500529fd43c1/go.mod h1:sko8vR34/90zvl5QdcUdvzL3J8NKjAUx9va9jPuFNoM= github.com/alecthomas/colour v0.0.0-20160524082231-60882d9e2721 h1:JHZL0hZKJ1VENNfmXvHbgYlbUOvpzYzvy2aZU5gXVeo= github.com/alecthomas/colour v0.0.0-20160524082231-60882d9e2721/go.mod h1:QO9JBoKquHd+jz9nshCh40fOfO+JzsoXy8qTHF68zU0= github.com/alecthomas/kong v0.1.17-0.20190424132513-439c674f7ae0/go.mod h1:+inYUSluD+p4L8KdviBSgzcqEjUQOfC5fQDRFuc36lI= github.com/alecthomas/kong v0.2.1-0.20190708041108-0548c6b1afae/go.mod h1:+inYUSluD+p4L8KdviBSgzcqEjUQOfC5fQDRFuc36lI= +github.com/alecthomas/kong v0.2.4/go.mod h1:kQOmtJgV+Lb4aj+I2LEn40cbtawdWJ9Y8QLq+lElKxE= github.com/alecthomas/kong-hcl v0.1.8-0.20190615233001-b21fea9723c8/go.mod h1:MRgZdU3vrFd05IQ89AxUZ0aYdF39BYoNFa324SodPCA= github.com/alecthomas/repr v0.0.0-20180818092828-117648cd9897 h1:p9Sln00KOTlrYkxI1zYWl1QLnEqAqEARBEYa8FQnQcY= github.com/alecthomas/repr v0.0.0-20180818092828-117648cd9897/go.mod h1:xTS7Pm1pD1mvyM075QCDSRqH6qRLXylzS24ZTpRiSzQ= @@ -96,8 +97,8 @@ github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRF github.com/aliyun/alibaba-cloud-sdk-go v1.61.112/go.mod h1:pUKYbK5JQ+1Dfxk80P0qxGqe5dkxDoabbZS7zOcouyA= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= -github.com/antlr/antlr4 v0.0.0-20190819145818-b43a4c3a8015 h1:StuiJFxQUsxSCzcby6NFZRdEhPkXD5vxN7TZ4MD6T84= -github.com/antlr/antlr4 v0.0.0-20190819145818-b43a4c3a8015/go.mod h1:T7PbCXFs94rrTttyxjbyT5+/1V8T2TYDejxUfHJjw1Y= +github.com/antlr/antlr4 v0.0.0-20200503195918-621b933c7a7f h1:0cEys61Sr2hUBEXfNV8eyQP01oZuBgoMeHunebPirK8= +github.com/antlr/antlr4 v0.0.0-20200503195918-621b933c7a7f/go.mod h1:T7PbCXFs94rrTttyxjbyT5+/1V8T2TYDejxUfHJjw1Y= github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a h1:pv34s756C4pEXnjgPfGYgdhg/ZdajGhyOvzx8k+23nw= @@ -285,8 +286,8 @@ github.com/golangci/revgrep v0.0.0-20180812185044-276a5c0a1039/go.mod h1:qOQCunE github.com/golangci/unconvert v0.0.0-20180507085042-28b1c447d1f4/go.mod h1:Izgrg8RkN3rCIMLGE9CyYmU9pY2Jer6DgANEnZ/L/cQ= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/cel-go v0.4.2 h1:Fx1DQPo05qFcDst4TwiGgFfmTjjHsLLbLYQGX67QYUk= -github.com/google/cel-go v0.4.2/go.mod h1:0pIisECLUDurNyQcYRcNjhGp0j/yM6v617EmXsBJE3A= +github.com/google/cel-go v0.5.0 h1:mKsiw/KmT+VlDZnYFd2SE5ULrbe8RPlb0rHBem2Bv7I= +github.com/google/cel-go v0.5.0/go.mod h1:9SvtVVTtZV4DTB1/RuAD1D2HhuqEIdmZEE/r/lrFyKE= github.com/google/cel-spec v0.4.0/go.mod h1:2pBM5cU4UKjbPDXBgwWkiwBsVgnxknuEJ7C5TDWwORQ= github.com/google/certificate-transparency-go v1.1.0/go.mod h1:i+Q7XY+ArBveOUT36jiHGfuSK1fHICIg6sUkRxPAbCs= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= @@ -431,11 +432,15 @@ github.com/matoous/godox v0.0.0-20190911065817-5d6d842e92eb/go.mod h1:1BELzlh859 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.4 h1:snbPLB8fVfU9iwbbo30TPtbLRzwWu6aJS6Xh4eaaviA= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= +github.com/mattn/go-colorable v0.1.6 h1:6Su7aK7lXmJ/U79bYtBjLNaha4Fs1Rg9plHpcH+vvnE= +github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.11 h1:FxPOTFNqGkuDUGi3H/qkUbQO4ZiBa2brKq5r0l8TGeM= github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= +github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY= +github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= @@ -878,6 +883,7 @@ golang.org/x/sys v0.0.0-20191220142924-d4481acd189f/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -885,6 +891,8 @@ golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd h1:xhmwyvizuTgC2qz7ZlMluP20uW+C3Rm0FD/WLDX8884= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200413165638-669c56c373c4 h1:opSr2sbRXk5X5/givKrrKj9HXxFpW2sdCiP8MJSKLQY= +golang.org/x/sys v0.0.0-20200413165638-669c56c373c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.0.0-20170915090833-1cbadb444a80/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1056,6 +1064,8 @@ gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU= +gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= grpc.go4.org v0.0.0-20170609214715-11d0a25b4919/go.mod h1:77eQGdRu53HpSqPFJFmuJdjuHRquDANNeA4x7B8WQ9o= honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= From 7243454a96d6dcbe504af7287de1e68ab4b80c83 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 18 May 2020 14:15:38 -0400 Subject: [PATCH 0049/1498] fastcgi: `php_fastcgi` subdirectives to override shortcut behaviour (#3255) * fastcgi: Add new php_fastcgi subdirectives to override the shortcut * fastcgi: Support "index off" to disable redir and try_files * fastcgi: Remove whitespace to satisfy linter * fastcgi: Run gofmt * fastcgi: Make a new dispenser instead of using rewind * fastcgi: Some fmt * fastcgi: Add a couple adapt tests * fastcgi: Clean up for loops * fastcgi: Move adapt tests to separate files --- .../caddyfile_adapt/php_fastcgi_index_off.txt | 66 +++++++ .../php_fastcgi_subdirectives.txt | 118 +++++++++++++ .../reverseproxy/fastcgi/caddyfile.go | 161 +++++++++++++----- 3 files changed, 306 insertions(+), 39 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/php_fastcgi_index_off.txt create mode 100644 caddytest/integration/caddyfile_adapt/php_fastcgi_subdirectives.txt diff --git a/caddytest/integration/caddyfile_adapt/php_fastcgi_index_off.txt b/caddytest/integration/caddyfile_adapt/php_fastcgi_index_off.txt new file mode 100644 index 00000000..6d939b4d --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/php_fastcgi_index_off.txt @@ -0,0 +1,66 @@ +:8884 + +php_fastcgi localhost:9000 { + # some php_fastcgi-specific subdirectives + split .php .php5 + env VAR1 value1 + env VAR2 value2 + root /var/www + index off + + # passed through to reverse_proxy (directive order doesn't matter!) + lb_policy random +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":8884" + ], + "routes": [ + { + "match": [ + { + "path": [ + "*.php", + "*.php5" + ] + } + ], + "handle": [ + { + "handler": "reverse_proxy", + "load_balancing": { + "selection_policy": { + "policy": "random" + } + }, + "transport": { + "env": { + "VAR1": "value1", + "VAR2": "value2" + }, + "protocol": "fastcgi", + "root": "/var/www", + "split_path": [ + ".php", + ".php5" + ] + }, + "upstreams": [ + { + "dial": "localhost:9000" + } + ] + } + ] + } + ] + } + } + } + } +} \ No newline at end of file diff --git a/caddytest/integration/caddyfile_adapt/php_fastcgi_subdirectives.txt b/caddytest/integration/caddyfile_adapt/php_fastcgi_subdirectives.txt new file mode 100644 index 00000000..6733a9e2 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/php_fastcgi_subdirectives.txt @@ -0,0 +1,118 @@ +:8884 + +php_fastcgi localhost:9000 { + # some php_fastcgi-specific subdirectives + split .php .php5 + env VAR1 value1 + env VAR2 value2 + root /var/www + index index.php5 + + # passed through to reverse_proxy (directive order doesn't matter!) + lb_policy random +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":8884" + ], + "routes": [ + { + "match": [ + { + "file": { + "try_files": [ + "{http.request.uri.path}/index.php5" + ] + }, + "not": [ + { + "path": [ + "*/" + ] + } + ] + } + ], + "handle": [ + { + "handler": "static_response", + "headers": { + "Location": [ + "{http.request.uri.path}/" + ] + }, + "status_code": 308 + } + ] + }, + { + "match": [ + { + "file": { + "try_files": [ + "{http.request.uri.path}", + "{http.request.uri.path}/index.php5", + "index.php5" + ], + "split_path": [ + ".php", + ".php5" + ] + } + } + ], + "handle": [ + { + "handler": "rewrite", + "uri": "{http.matchers.file.relative}" + } + ] + }, + { + "match": [ + { + "path": [ + "*.php", + "*.php5" + ] + } + ], + "handle": [ + { + "handler": "reverse_proxy", + "load_balancing": { + "selection_policy": { + "policy": "random" + } + }, + "transport": { + "env": { + "VAR1": "value1", + "VAR2": "value2" + }, + "protocol": "fastcgi", + "root": "/var/www", + "split_path": [ + ".php", + ".php5" + ] + }, + "upstreams": [ + { + "dial": "localhost:9000" + } + ] + } + ] + } + ] + } + } + } + } +} \ No newline at end of file diff --git a/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go b/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go index 8a5e27ee..7c06adcf 100644 --- a/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go @@ -123,47 +123,133 @@ func parsePHPFastCGI(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error return nil, h.ArgErr() } - // route to redirect to canonical path if index PHP file - redirMatcherSet := caddy.ModuleMap{ - "file": h.JSON(fileserver.MatchFile{ - TryFiles: []string{"{http.request.uri.path}/index.php"}, - }), - "not": h.JSON(caddyhttp.MatchNot{ - MatcherSetsRaw: []caddy.ModuleMap{ - { - "path": h.JSON(caddyhttp.MatchPath{"*/"}), - }, - }, - }), - } - redirHandler := caddyhttp.StaticResponse{ - StatusCode: caddyhttp.WeakString(strconv.Itoa(http.StatusPermanentRedirect)), - Headers: http.Header{"Location": []string{"{http.request.uri.path}/"}}, - } - redirRoute := caddyhttp.Route{ - MatcherSetsRaw: []caddy.ModuleMap{redirMatcherSet}, - HandlersRaw: []json.RawMessage{caddyconfig.JSONModuleObject(redirHandler, "handler", "static_response", nil)}, + // set up the transport for FastCGI, and specifically PHP + fcgiTransport := Transport{} + + // set up the set of file extensions allowed to execute PHP code + extensions := []string{".php"} + + // set the default index file for the try_files rewrites + indexFile := "index.php" + + // make a new dispenser from the remaining tokens so that we + // can reset the dispenser back to this point for the + // reverse_proxy unmarshaler to read from it as well + dispenser := h.NewFromNextSegment() + + // read the subdirectives that we allow as overrides to + // the php_fastcgi shortcut + // NOTE: we delete the tokens as we go so that the reverse_proxy + // unmarshal doesn't see these subdirectives which it cannot handle + for dispenser.Next() { + for dispenser.NextBlock(0) { + switch dispenser.Val() { + case "root": + if !dispenser.NextArg() { + return nil, dispenser.ArgErr() + } + fcgiTransport.Root = dispenser.Val() + dispenser.Delete() + dispenser.Delete() + + case "split": + extensions = dispenser.RemainingArgs() + dispenser.Delete() + for range extensions { + dispenser.Delete() + } + if len(extensions) == 0 { + return nil, dispenser.ArgErr() + } + + case "env": + args := dispenser.RemainingArgs() + dispenser.Delete() + for range args { + dispenser.Delete() + } + if len(args) != 2 { + return nil, dispenser.ArgErr() + } + if fcgiTransport.EnvVars == nil { + fcgiTransport.EnvVars = make(map[string]string) + } + fcgiTransport.EnvVars[args[0]] = args[1] + + case "index": + args := dispenser.RemainingArgs() + dispenser.Delete() + for range args { + dispenser.Delete() + } + if len(args) != 1 { + return nil, dispenser.ArgErr() + } + indexFile = args[0] + } + } } - // route to rewrite to PHP index file - rewriteMatcherSet := caddy.ModuleMap{ - "file": h.JSON(fileserver.MatchFile{ - TryFiles: []string{"{http.request.uri.path}", "{http.request.uri.path}/index.php", "index.php"}, - SplitPath: []string{".php"}, - }), - } - rewriteHandler := rewrite.Rewrite{ - URI: "{http.matchers.file.relative}", - } - rewriteRoute := caddyhttp.Route{ - MatcherSetsRaw: []caddy.ModuleMap{rewriteMatcherSet}, - HandlersRaw: []json.RawMessage{caddyconfig.JSONModuleObject(rewriteHandler, "handler", "rewrite", nil)}, + // reset the dispenser after we're done so that the reverse_proxy + // unmarshaler can read it from the start + dispenser.Reset() + + // set up a route list that we'll append to + routes := caddyhttp.RouteList{} + + // set the list of allowed path segments on which to split + fcgiTransport.SplitPath = extensions + + // if the index is turned off, we skip the redirect and try_files + if indexFile != "off" { + // route to redirect to canonical path if index PHP file + redirMatcherSet := caddy.ModuleMap{ + "file": h.JSON(fileserver.MatchFile{ + TryFiles: []string{"{http.request.uri.path}/" + indexFile}, + }), + "not": h.JSON(caddyhttp.MatchNot{ + MatcherSetsRaw: []caddy.ModuleMap{ + { + "path": h.JSON(caddyhttp.MatchPath{"*/"}), + }, + }, + }), + } + redirHandler := caddyhttp.StaticResponse{ + StatusCode: caddyhttp.WeakString(strconv.Itoa(http.StatusPermanentRedirect)), + Headers: http.Header{"Location": []string{"{http.request.uri.path}/"}}, + } + redirRoute := caddyhttp.Route{ + MatcherSetsRaw: []caddy.ModuleMap{redirMatcherSet}, + HandlersRaw: []json.RawMessage{caddyconfig.JSONModuleObject(redirHandler, "handler", "static_response", nil)}, + } + + // route to rewrite to PHP index file + rewriteMatcherSet := caddy.ModuleMap{ + "file": h.JSON(fileserver.MatchFile{ + TryFiles: []string{"{http.request.uri.path}", "{http.request.uri.path}/" + indexFile, indexFile}, + SplitPath: extensions, + }), + } + rewriteHandler := rewrite.Rewrite{ + URI: "{http.matchers.file.relative}", + } + rewriteRoute := caddyhttp.Route{ + MatcherSetsRaw: []caddy.ModuleMap{rewriteMatcherSet}, + HandlersRaw: []json.RawMessage{caddyconfig.JSONModuleObject(rewriteHandler, "handler", "rewrite", nil)}, + } + + routes = append(routes, redirRoute, rewriteRoute) } // route to actually reverse proxy requests to PHP files; // match only requests that are for PHP files + pathList := []string{} + for _, ext := range extensions { + pathList = append(pathList, "*"+ext) + } rpMatcherSet := caddy.ModuleMap{ - "path": h.JSON([]string{"*.php"}), + "path": h.JSON(pathList), } // if the user specified a matcher token, use that @@ -176,9 +262,6 @@ func parsePHPFastCGI(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error return nil, err } - // set up the transport for FastCGI, and specifically PHP - fcgiTransport := Transport{SplitPath: []string{".php"}} - // create the reverse proxy handler which uses our FastCGI transport rpHandler := &reverseproxy.Handler{ TransportRaw: caddyconfig.JSONModuleObject(fcgiTransport, "protocol", "fastcgi", nil), @@ -188,7 +271,7 @@ func parsePHPFastCGI(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error // using the reverse_proxy directive syntax // TODO: this can overwrite our fcgiTransport that we encoded and // set on the rpHandler... even with a non-fastcgi transport! - err = rpHandler.UnmarshalCaddyfile(h.Dispenser) + err = rpHandler.UnmarshalCaddyfile(dispenser) if err != nil { return nil, err } @@ -201,7 +284,7 @@ func parsePHPFastCGI(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error } subroute := caddyhttp.Subroute{ - Routes: caddyhttp.RouteList{redirRoute, rewriteRoute, rpRoute}, + Routes: append(routes, rpRoute), } // the user's matcher is a prerequisite for ours, so From 41a682ddde15f333b11ac35677ab781ec40e0021 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 18 May 2020 14:19:28 -0400 Subject: [PATCH 0050/1498] caddyauth: Add realm to basicauth Caddyfile directive (#3315) --- modules/caddyhttp/caddyauth/caddyfile.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/caddyhttp/caddyauth/caddyfile.go b/modules/caddyhttp/caddyauth/caddyfile.go index 31acd61e..9fe8a80e 100644 --- a/modules/caddyhttp/caddyauth/caddyfile.go +++ b/modules/caddyhttp/caddyauth/caddyfile.go @@ -46,6 +46,9 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) hashName = "bcrypt" case 1: hashName = args[0] + case 2: + hashName = args[0] + ba.Realm = args[1] default: return nil, h.ArgErr() } From 483e31b9788f57b0a1adc153574878d0c7c4feb0 Mon Sep 17 00:00:00 2001 From: Thorkild Gregersen Date: Mon, 18 May 2020 21:01:04 +0200 Subject: [PATCH 0051/1498] templates: trim windows whitespace in SplitFrontMatter; fix #3386 (#3387) * add test case for SplitFrontMatter showing issue with windows newline * fix issue with windows newline when using SplitFrontMatter * Update modules/caddyhttp/templates/frontmatter.go Co-authored-by: Francis Lavoie * make it mere explicit what is trimmed from firstLine * Update modules/caddyhttp/templates/frontmatter.go Co-authored-by: Francis Lavoie Co-authored-by: Matt Holt --- modules/caddyhttp/templates/frontmatter.go | 3 ++ .../caddyhttp/templates/tplcontext_test.go | 45 +++++++++++++++++++ 2 files changed, 48 insertions(+) diff --git a/modules/caddyhttp/templates/frontmatter.go b/modules/caddyhttp/templates/frontmatter.go index d6b6d0e9..d781c7bb 100644 --- a/modules/caddyhttp/templates/frontmatter.go +++ b/modules/caddyhttp/templates/frontmatter.go @@ -30,6 +30,9 @@ func extractFrontMatter(input string) (map[string]interface{}, string, error) { } firstLine := input[firstLineStart:firstLineEnd] + // ensure residue windows carriage return byte is removed + firstLine = strings.TrimSpace(firstLine) + // see what kind of front matter there is, if any var closingFence string var fmParser func([]byte) (map[string]interface{}, error) diff --git a/modules/caddyhttp/templates/tplcontext_test.go b/modules/caddyhttp/templates/tplcontext_test.go index dbf2172e..4c3da033 100644 --- a/modules/caddyhttp/templates/tplcontext_test.go +++ b/modules/caddyhttp/templates/tplcontext_test.go @@ -284,6 +284,51 @@ func TestFileListing(t *testing.T) { } } +func TestSplitFrontMatter(t *testing.T) { + context := getContextOrFail(t) + + for i, test := range []struct { + input string + expect string + }{ + { + // yaml with windows newline + input: "---\r\ntitle: Welcome\r\n---\r\n# Test\\r\\n", + expect: `Welcome`, + }, + { + // yaml + input: `--- +title: Welcome +--- +### Test`, + expect: `Welcome`, + }, + { + // toml + input: `+++ +title = "Welcome" ++++ +### Test`, + expect: `Welcome`, + }, + { + // json + input: `{ + "title": "Welcome" +} +### Test`, + expect: `Welcome`, + }, + } { + result, _ := context.funcSplitFrontMatter(test.input) + if result.Meta["title"] != test.expect { + t.Errorf("Test %d: Expected %s, found %s. Input was SplitFrontMatter(%s)", i, test.expect, result.Meta["title"], test.input) + } + } + +} + func getContextOrFail(t *testing.T) templateContext { context, err := initTestContext() if err != nil { From c47ddbeffb0457d4ac7f65d89f77abae817df239 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 18 May 2020 13:50:09 -0600 Subject: [PATCH 0052/1498] pki: Add docs to some struct fields --- modules/caddypki/ca.go | 5 ++++- modules/caddypki/crypto.go | 12 ++++++++++-- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/modules/caddypki/ca.go b/modules/caddypki/ca.go index 641f006e..c0a00963 100644 --- a/modules/caddypki/ca.go +++ b/modules/caddypki/ca.go @@ -51,7 +51,10 @@ type CA struct { // and Mozilla Firefox trust stores. Default: true. InstallTrust *bool `json:"install_trust,omitempty"` - Root *KeyPair `json:"root,omitempty"` + // The root certificate to use; if empty, one will be generated. + Root *KeyPair `json:"root,omitempty"` + + // The intermediate (signing) certificate; if empty, one will be generated. Intermediate *KeyPair `json:"intermediate,omitempty"` // Optionally configure a separate storage module associated with this diff --git a/modules/caddypki/crypto.go b/modules/caddypki/crypto.go index e701c40d..e1a0e354 100644 --- a/modules/caddypki/crypto.go +++ b/modules/caddypki/crypto.go @@ -120,9 +120,17 @@ func trusted(cert *x509.Certificate) bool { // KeyPair represents a public-private key pair, where the // public key is also called a certificate. type KeyPair struct { + // The certificate. By default, this should be the path to + // a PEM file unless format is something else. Certificate string `json:"certificate,omitempty"` - PrivateKey string `json:"private_key,omitempty"` - Format string `json:"format,omitempty"` + + // The private key. By default, this should be the path to + // a PEM file unless format is something else. + PrivateKey string `json:"private_key,omitempty"` + + // The format in which the certificate and private + // key are provided. Default: pem_file + Format string `json:"format,omitempty"` } // Load loads the certificate and key. From 812278acd8a5c46b44fdf92ea5df4d6a51eff7be Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 18 May 2020 13:50:40 -0600 Subject: [PATCH 0053/1498] reverseproxy: Emit debug log before checking error (#3425) This way the upstream request will always be available even if it failed --- modules/caddyhttp/reverseproxy/reverseproxy.go | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 0b4bcdfb..52d230c7 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -465,10 +465,6 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, di Dia start := time.Now() res, err := h.Transport.RoundTrip(req) duration := time.Since(start) - if err != nil { - return err - } - h.logger.Debug("upstream roundtrip", zap.String("upstream", di.Upstream.String()), zap.Object("request", caddyhttp.LoggableHTTPRequest{Request: req}), @@ -476,6 +472,9 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, di Dia zap.Duration("duration", duration), zap.Int("status", res.StatusCode), ) + if err != nil { + return err + } // update circuit breaker on current conditions if di.Upstream.cb != nil { From 9ee01dceac0a3e9f71c3b37dfbe3ae04e2f54986 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 18 May 2020 14:08:11 -0600 Subject: [PATCH 0054/1498] reverseproxy: Make debug log safe if error occurs --- modules/caddyhttp/reverseproxy/reverseproxy.go | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 52d230c7..3bf881e4 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -461,20 +461,24 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, di Dia // point the request to this upstream h.directRequest(req, di) - // do the round-trip + // do the round-trip; emit debug log with values we know are + // safe, or if there is no error, emit fuller log entry start := time.Now() res, err := h.Transport.RoundTrip(req) duration := time.Since(start) - h.logger.Debug("upstream roundtrip", + logger := h.logger.With( zap.String("upstream", di.Upstream.String()), zap.Object("request", caddyhttp.LoggableHTTPRequest{Request: req}), - zap.Object("headers", caddyhttp.LoggableHTTPHeader(res.Header)), zap.Duration("duration", duration), - zap.Int("status", res.StatusCode), ) if err != nil { + logger.Debug("upstream roundtrip", zap.Error(err)) return err } + logger.Debug("upstream roundtrip", + zap.Object("headers", caddyhttp.LoggableHTTPHeader(res.Header)), + zap.Int("status", res.StatusCode), + ) // update circuit breaker on current conditions if di.Upstream.cb != nil { From fae064262d9c40393d634660b94d36ce6703aa1c Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 19 May 2020 18:59:51 -0400 Subject: [PATCH 0055/1498] httpcaddyfile: Add `auto_https` global option (#3284) --- caddyconfig/httpcaddyfile/httptype.go | 17 ++++++++- caddyconfig/httpcaddyfile/options.go | 16 ++++++++ .../auto_https_disable_redirects.txt | 34 +++++++++++++++++ .../caddyfile_adapt/auto_https_off.txt | 37 +++++++++++++++++++ 4 files changed, 103 insertions(+), 1 deletion(-) create mode 100644 caddytest/integration/caddyfile_adapt/auto_https_disable_redirects.txt create mode 100644 caddytest/integration/caddyfile_adapt/auto_https_off.txt diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 8e1ca74d..fddb0952 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -343,12 +343,27 @@ func (st *ServerType) serversFromPairings( if hsp, ok := options["https_port"].(int); ok { httpsPort = strconv.Itoa(hsp) } + autoHTTPS := "on" + if ah, ok := options["auto_https"].(string); ok { + autoHTTPS = ah + } for i, p := range pairings { srv := &caddyhttp.Server{ Listen: p.addresses, } + // handle the auto_https global option + if autoHTTPS != "on" { + srv.AutoHTTPS = new(caddyhttp.AutoHTTPSConfig) + if autoHTTPS == "off" { + srv.AutoHTTPS.Disabled = true + } + if autoHTTPS == "disable_redirects" { + srv.AutoHTTPS.DisableRedir = true + } + } + // sort server blocks by their keys; this is important because // only the first matching site should be evaluated, and we should // attempt to match most specific site first (host and path), in @@ -382,7 +397,7 @@ func (st *ServerType) serversFromPairings( }) var hasCatchAllTLSConnPolicy, addressQualifiesForTLS bool - autoHTTPSWillAddConnPolicy := true + autoHTTPSWillAddConnPolicy := autoHTTPS != "off" // create a subroute for each site in the server block for _, sblock := range p.serverBlocks { diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go index 49a11f6e..cecb3d4b 100644 --- a/caddyconfig/httpcaddyfile/options.go +++ b/caddyconfig/httpcaddyfile/options.go @@ -38,6 +38,7 @@ func init() { RegisterGlobalOption("on_demand_tls", parseOptOnDemand) RegisterGlobalOption("local_certs", parseOptTrue) RegisterGlobalOption("key_type", parseOptSingleString) + RegisterGlobalOption("auto_https", parseOptAutoHTTPS) } func parseOptTrue(d *caddyfile.Dispenser) (interface{}, error) { @@ -264,3 +265,18 @@ func parseOptOnDemand(d *caddyfile.Dispenser) (interface{}, error) { } return ond, nil } + +func parseOptAutoHTTPS(d *caddyfile.Dispenser) (interface{}, error) { + d.Next() // consume parameter name + if !d.Next() { + return "", d.ArgErr() + } + val := d.Val() + if d.Next() { + return "", d.ArgErr() + } + if val != "off" && val != "disable_redirects" { + return "", d.Errf("auto_https must be either 'off' or 'disable_redirects'") + } + return val, nil +} diff --git a/caddytest/integration/caddyfile_adapt/auto_https_disable_redirects.txt b/caddytest/integration/caddyfile_adapt/auto_https_disable_redirects.txt new file mode 100644 index 00000000..61637bba --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/auto_https_disable_redirects.txt @@ -0,0 +1,34 @@ +{ + auto_https disable_redirects +} + +localhost +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "localhost" + ] + } + ], + "terminal": true + } + ], + "automatic_https": { + "disable_redirects": true + } + } + } + } + } +} \ No newline at end of file diff --git a/caddytest/integration/caddyfile_adapt/auto_https_off.txt b/caddytest/integration/caddyfile_adapt/auto_https_off.txt new file mode 100644 index 00000000..d4014d2a --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/auto_https_off.txt @@ -0,0 +1,37 @@ +{ + auto_https off +} + +localhost +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "localhost" + ] + } + ], + "terminal": true + } + ], + "tls_connection_policies": [ + {} + ], + "automatic_https": { + "disable": true + } + } + } + } + } +} \ No newline at end of file From cc8fb488d360f609d7e3aae773ec80c661505367 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 20 May 2020 12:37:48 -0400 Subject: [PATCH 0056/1498] httpcaddyfile: Improve error on matcher declared outside site block (#3431) --- caddyconfig/httpcaddyfile/httptype.go | 3 +++ caddyconfig/httpcaddyfile/httptype_test.go | 9 +++++++++ 2 files changed, 12 insertions(+) diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index fddb0952..42fee71f 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -54,6 +54,9 @@ func (st ServerType) Setup(inputServerBlocks []caddyfile.ServerBlock, originalServerBlocks := make([]serverBlock, 0, len(inputServerBlocks)) for i, sblock := range inputServerBlocks { for j, k := range sblock.Keys { + if j == 0 && strings.HasPrefix(k, "@") { + return nil, warnings, fmt.Errorf("cannot define a matcher outside of a site block: '%s'", k) + } if _, ok := sbKeys[k]; ok { return nil, warnings, fmt.Errorf("duplicate site address not allowed: '%s' in %v (site block %d, key %d)", k, sblock.Keys, i, j) } diff --git a/caddyconfig/httpcaddyfile/httptype_test.go b/caddyconfig/httpcaddyfile/httptype_test.go index 1bc2ddf8..b0ee3ac0 100644 --- a/caddyconfig/httpcaddyfile/httptype_test.go +++ b/caddyconfig/httpcaddyfile/httptype_test.go @@ -57,6 +57,15 @@ func TestMatcherSyntax(t *testing.T) { expectWarn: false, expectError: false, }, + { + input: `@matcher { + path /matcher-not-allowed/outside-of-site-block/* + } + http://localhost + `, + expectWarn: false, + expectError: true, + }, } { adapter := caddyfile.Adapter{ From 2a8a19856858dcaaf8d3233a2fc701e8a10c84a4 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 20 May 2020 11:33:17 -0600 Subject: [PATCH 0057/1498] reverseproxy: Don't overwrite existing X-Forwarded-Proto header Correct behavior is not well defined because this is a non-standard header field. This could be a "hop-by-hop" field much like X-Forwarded-For is, but even our X-Forwarded-For implementation preserves prior entries. Or, it could be best to preserve the original value from the first hop, representing the protocol as facing the client. Let's try it the other way for a bit and see how it goes. See https://caddy.community/t/caddy2-w-wordpress-behind-nginx-reverse-proxy/8174/3?u=matt --- modules/caddyhttp/reverseproxy/reverseproxy.go | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 3bf881e4..8137237a 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -441,12 +441,14 @@ func (h Handler) prepareRequest(req *http.Request) error { req.Header.Set("X-Forwarded-For", clientIP) } - // set X-Forwarded-Proto; many backend apps expect this too - proto := "https" - if req.TLS == nil { - proto = "http" + if req.Header.Get("X-Forwarded-Proto") == "" { + // set X-Forwarded-Proto; many backend apps expect this too + proto := "https" + if req.TLS == nil { + proto = "http" + } + req.Header.Set("X-Forwarded-Proto", proto) } - req.Header.Set("X-Forwarded-Proto", proto) return nil } From 452d4726f7d006d22a3835c4011a847c70068754 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Wed, 20 May 2020 14:24:47 -0600 Subject: [PATCH 0058/1498] Update SECURITY.md --- .github/SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/SECURITY.md b/.github/SECURITY.md index e9f016c4..ba681716 100644 --- a/.github/SECURITY.md +++ b/.github/SECURITY.md @@ -16,7 +16,7 @@ Please note that we consider publicly-registered domain names to be public infor ## Reporting a Vulnerability -Please email Matt Holt (the author) directly: Matthew dot Holt at Gmail. +Please email Matt Holt (the author) directly: matt [at] lightcodelabs [dot com]. We'll need enough information to verify the bug and make a patch. It will speed things up if you suggest a working patch, such as a code diff, and explain why and how it works. Reports that are not actionable, do not contain enough information, are too pushy/demanding, or are not able to convince us that it is a viable and practical attack on the web server itself may be deferred to a later time or possibly ignored, resources permitting. Priority will be given to credible, responsible reports that are constructive, specific, and actionable. Thank you for understanding. From 1dc4ec2d77f6f239f4c17e8ba754e71655796a4d Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 21 May 2020 12:29:19 -0600 Subject: [PATCH 0059/1498] admin: Disallow websockets No currently-known exploit here, just being conservative --- admin.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/admin.go b/admin.go index e584a3bb..237af3ca 100644 --- a/admin.go +++ b/admin.go @@ -299,6 +299,14 @@ func (h adminHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { // be called more than once per request, for example if a request // is rewritten (i.e. internal redirect). func (h adminHandler) serveHTTP(w http.ResponseWriter, r *http.Request) { + if strings.Contains(r.Header.Get("Upgrade"), "websocket") { + // I've never been able demonstrate a vulnerability myself, but apparently + // WebSocket connections originating from browsers aren't subject to CORS + // restrictions, so we'll just be on the safe side + h.handleError(w, r, fmt.Errorf("websocket connections aren't allowed")) + return + } + if h.enforceHost { // DNS rebinding mitigation err := h.checkHost(r) From bb67e19d7bacd70a13647538c8e9820eb42090b2 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Thu, 21 May 2020 15:09:49 -0400 Subject: [PATCH 0060/1498] cmd: hash-password: Fix broken terminal state on SIGINT (#3416) * caddyauth: Fix hash-password broken terminal state on SIGINT * caddycmd: Move TrapSignals calls to only subcommands that run long --- cmd/commandfuncs.go | 2 ++ cmd/main.go | 2 -- modules/caddyhttp/caddyauth/command.go | 27 +++++++++++++++++------ modules/caddyhttp/fileserver/command.go | 2 ++ modules/caddyhttp/reverseproxy/command.go | 2 ++ 5 files changed, 26 insertions(+), 9 deletions(-) diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go index a8247895..875fb5a9 100644 --- a/cmd/commandfuncs.go +++ b/cmd/commandfuncs.go @@ -148,6 +148,8 @@ func cmdStart(fl Flags) (int, error) { } func cmdRun(fl Flags) (int, error) { + caddy.TrapSignals() + runCmdConfigFlag := fl.String("config") runCmdConfigAdapterFlag := fl.String("adapter") runCmdResumeFlag := fl.Bool("resume") diff --git a/cmd/main.go b/cmd/main.go index 4fd8d681..00d5d138 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -51,8 +51,6 @@ func init() { // Main implements the main function of the caddy command. // Call this if Caddy is to be the main() if your program. func Main() { - caddy.TrapSignals() - switch len(os.Args) { case 0: fmt.Printf("[FATAL] no arguments provided by OS; args[0] must be command\n") diff --git a/modules/caddyhttp/caddyauth/command.go b/modules/caddyhttp/caddyauth/command.go index 2c088157..f3e1809d 100644 --- a/modules/caddyhttp/caddyauth/command.go +++ b/modules/caddyhttp/caddyauth/command.go @@ -21,6 +21,7 @@ import ( "flag" "fmt" "os" + "os/signal" "github.com/caddyserver/caddy/v2" caddycmd "github.com/caddyserver/caddy/v2/cmd" @@ -67,17 +68,29 @@ func cmdHashPassword(fs caddycmd.Flags) (int, error) { salt := []byte(fs.String("salt")) if len(plaintext) == 0 { - if terminal.IsTerminal(int(os.Stdin.Fd())) { - fmt.Print("Enter password: ") - plaintext, err = terminal.ReadPassword(int(os.Stdin.Fd())) - fmt.Println() + fd := int(os.Stdin.Fd()) + if terminal.IsTerminal(fd) { + // ensure the terminal state is restored on SIGINT + state, _ := terminal.GetState(fd) + c := make(chan os.Signal) + signal.Notify(c, os.Interrupt) + go func() { + <-c + _ = terminal.Restore(fd, state) + os.Exit(caddy.ExitCodeFailedStartup) + }() + defer signal.Stop(c) + + fmt.Fprint(os.Stderr, "Enter password: ") + plaintext, err = terminal.ReadPassword(fd) + fmt.Fprintln(os.Stderr) if err != nil { return caddy.ExitCodeFailedStartup, err } - fmt.Print("Confirm password: ") - confirmation, err := terminal.ReadPassword(int(os.Stdin.Fd())) - fmt.Println() + fmt.Fprint(os.Stderr, "Confirm password: ") + confirmation, err := terminal.ReadPassword(fd) + fmt.Fprintln(os.Stderr) if err != nil { return caddy.ExitCodeFailedStartup, err } diff --git a/modules/caddyhttp/fileserver/command.go b/modules/caddyhttp/fileserver/command.go index 53aa7aa5..6a44b3ca 100644 --- a/modules/caddyhttp/fileserver/command.go +++ b/modules/caddyhttp/fileserver/command.go @@ -61,6 +61,8 @@ respond with a file listing.`, } func cmdFileServer(fs caddycmd.Flags) (int, error) { + caddy.TrapSignals() + domain := fs.String("domain") root := fs.String("root") listen := fs.String("listen") diff --git a/modules/caddyhttp/reverseproxy/command.go b/modules/caddyhttp/reverseproxy/command.go index 6de052e7..a5939a2a 100644 --- a/modules/caddyhttp/reverseproxy/command.go +++ b/modules/caddyhttp/reverseproxy/command.go @@ -66,6 +66,8 @@ default, all incoming headers are passed through unmodified.) } func cmdReverseProxy(fs caddycmd.Flags) (int, error) { + caddy.TrapSignals() + from := fs.String("from") to := fs.String("to") changeHost := fs.Bool("change-host-header") From 0cbf467b3fbde471e5ee67680fb98a9af2a9b16e Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 21 May 2020 18:19:01 -0600 Subject: [PATCH 0061/1498] caddyhttp: Add time.now placeholder and update cel-go (closes #2594) --- go.mod | 3 ++- go.sum | 4 ++-- modules/caddyhttp/celmatcher.go | 5 +++++ replacer.go | 2 ++ 4 files changed, 11 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index c1e47a3e..621426b6 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,8 @@ require ( github.com/go-acme/lego/v3 v3.7.0 github.com/go-chi/chi v4.1.1+incompatible github.com/gogo/protobuf v1.3.1 - github.com/google/cel-go v0.5.0 + github.com/golang/protobuf v1.3.4 + github.com/google/cel-go v0.5.1 github.com/jsternberg/zap-logfmt v1.2.0 github.com/klauspost/compress v1.10.5 github.com/klauspost/cpuid v1.2.4 diff --git a/go.sum b/go.sum index a6d8624e..50236292 100644 --- a/go.sum +++ b/go.sum @@ -286,8 +286,8 @@ github.com/golangci/revgrep v0.0.0-20180812185044-276a5c0a1039/go.mod h1:qOQCunE github.com/golangci/unconvert v0.0.0-20180507085042-28b1c447d1f4/go.mod h1:Izgrg8RkN3rCIMLGE9CyYmU9pY2Jer6DgANEnZ/L/cQ= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/cel-go v0.5.0 h1:mKsiw/KmT+VlDZnYFd2SE5ULrbe8RPlb0rHBem2Bv7I= -github.com/google/cel-go v0.5.0/go.mod h1:9SvtVVTtZV4DTB1/RuAD1D2HhuqEIdmZEE/r/lrFyKE= +github.com/google/cel-go v0.5.1 h1:oDsbtAwlwFPEcC8dMoRWNuVzWJUDeDZeHjoet9rXjTs= +github.com/google/cel-go v0.5.1/go.mod h1:9SvtVVTtZV4DTB1/RuAD1D2HhuqEIdmZEE/r/lrFyKE= github.com/google/cel-spec v0.4.0/go.mod h1:2pBM5cU4UKjbPDXBgwWkiwBsVgnxknuEJ7C5TDWwORQ= github.com/google/certificate-transparency-go v1.1.0/go.mod h1:i+Q7XY+ArBveOUT36jiHGfuSK1fHICIg6sUkRxPAbCs= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= diff --git a/modules/caddyhttp/celmatcher.go b/modules/caddyhttp/celmatcher.go index bede78f6..a2263529 100644 --- a/modules/caddyhttp/celmatcher.go +++ b/modules/caddyhttp/celmatcher.go @@ -21,10 +21,12 @@ import ( "reflect" "regexp" "strings" + "time" "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" "github.com/gogo/protobuf/proto" + "github.com/golang/protobuf/ptypes/timestamp" "github.com/google/cel-go/cel" "github.com/google/cel-go/checker/decls" "github.com/google/cel-go/common/types" @@ -204,6 +206,9 @@ func (celTypeAdapter) NativeToValue(value interface{}) ref.Val { switch v := value.(type) { case celHTTPRequest: return v + case time.Time: + // TODO: eliminate direct protobuf dependency, sigh -- just wrap stdlib time.Time instead... + return types.Timestamp{Timestamp: ×tamp.Timestamp{Seconds: v.Unix(), Nanos: int32(v.Nanosecond())}} case error: types.NewErr(v.Error()) } diff --git a/replacer.go b/replacer.go index eac20808..86cd7298 100644 --- a/replacer.go +++ b/replacer.go @@ -276,6 +276,8 @@ func globalDefaultReplacements(key string) (interface{}, bool) { return runtime.GOOS, true case "system.arch": return runtime.GOARCH, true + case "time.now": + return nowFunc(), true case "time.now.common_log": return nowFunc().Format("02/Jan/2006:15:04:05 -0700"), true case "time.now.year": From 7a365af5df3fd6fec2e1e9013e493fa7769260ce Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Fri, 22 May 2020 22:13:31 +0300 Subject: [PATCH 0062/1498] chore: simplify goreleaser flow, add bash completions to .deb (#3436) --- .goreleaser.yml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/.goreleaser.yml b/.goreleaser.yml index e6627997..325baf22 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -1,12 +1,10 @@ before: hooks: - - mkdir -p caddy-build - - cp cmd/caddy/main.go caddy-build/main.go - - cp ./go.mod caddy-build/go.mod - - sed -i.bkp 's|github.com/caddyserver/caddy/v2|caddy|g' ./caddy-build/go.mod + - cp ./go.mod ./cmd/caddy/go.mod + - sed -i.bkp 's|github.com/caddyserver/caddy/v2|caddy|g' ./cmd/caddy/go.mod # GoReleaser doesn't seem to offer {{.Tag}} at this stage, so we have to embed it into the env # so we run: TAG=$(git describe --abbrev=0) goreleaser release --rm-dist --skip-publish --skip-validate - - go mod edit -require=github.com/caddyserver/caddy/v2@{{.Env.TAG}} ./caddy-build/go.mod + - go mod edit -require=github.com/caddyserver/caddy/v2@{{.Env.TAG}} ./cmd/caddy/go.mod - git clone --depth 1 https://github.com/caddyserver/dist caddy-dist - go mod download @@ -15,7 +13,7 @@ builds: - CGO_ENABLED=0 - GO111MODULE=on main: main.go - dir: ./caddy-build + dir: ./cmd/caddy binary: caddy goos: - darwin @@ -84,6 +82,7 @@ nfpms: ./caddy-dist/init/caddy.service: /lib/systemd/system/caddy.service ./caddy-dist/init/caddy-api.service: /lib/systemd/system/caddy-api.service ./caddy-dist/welcome/index.html: /usr/share/caddy/index.html + ./caddy-dist/scripts/completions/bash-completion: /etc/bash_completion.d/caddy config_files: ./caddy-dist/config/Caddyfile: /etc/caddy/Caddyfile From dfe802aed3d6f463bde3c7dde00497c1277eb35c Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Mon, 25 May 2020 06:59:38 +0300 Subject: [PATCH 0063/1498] chore: forego the use of deprecated cel func NewIdent in favor of NewVar (#3444) --- modules/caddyhttp/celmatcher.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/caddyhttp/celmatcher.go b/modules/caddyhttp/celmatcher.go index a2263529..6c9cc967 100644 --- a/modules/caddyhttp/celmatcher.go +++ b/modules/caddyhttp/celmatcher.go @@ -94,7 +94,7 @@ func (m *MatchExpression) Provision(_ caddy.Context) error { // create the CEL environment env, err := cel.NewEnv( cel.Declarations( - decls.NewIdent("request", httpRequestObjectType, nil), + decls.NewVar("request", httpRequestObjectType), decls.NewFunction(placeholderFuncName, decls.NewOverload(placeholderFuncName+"_httpRequest_string", []*exprpb.Type{httpRequestObjectType, decls.String}, From 22055c5e0f07cf8865c148b8139d221123988aad Mon Sep 17 00:00:00 2001 From: AndyBan Date: Tue, 26 May 2020 19:40:57 +0100 Subject: [PATCH 0064/1498] reverseproxy: Fix https active health checks #3450 (#3451) --- modules/caddyhttp/reverseproxy/healthchecks.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/caddyhttp/reverseproxy/healthchecks.go b/modules/caddyhttp/reverseproxy/healthchecks.go index 96c9be25..ee56f33f 100644 --- a/modules/caddyhttp/reverseproxy/healthchecks.go +++ b/modules/caddyhttp/reverseproxy/healthchecks.go @@ -198,7 +198,7 @@ func (h *Handler) doActiveHealthCheckForAllHosts() { func (h *Handler) doActiveHealthCheck(dialInfo DialInfo, hostAddr string, host Host) error { // create the URL for the request that acts as a health check scheme := "http" - if ht, ok := h.Transport.(*http.Transport); ok && ht.TLSClientConfig != nil { + if ht, ok := h.Transport.(TLSTransport); ok && ht.TLSEnabled() { // this is kind of a hacky way to know if we should use HTTPS, but whatever scheme = "https" } From ffc125d6f5606ab4370ea244e66dfb05cd78eb28 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 26 May 2020 15:45:22 -0400 Subject: [PATCH 0065/1498] caddyfile: Move NewTestDispenser into non-test file (#3439) --- caddyconfig/caddyfile/dispenser.go | 12 ++++++++++++ caddyconfig/caddyfile/dispenser_test.go | 12 ------------ 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/caddyconfig/caddyfile/dispenser.go b/caddyconfig/caddyfile/dispenser.go index 932ab613..22cd3dc5 100755 --- a/caddyconfig/caddyfile/dispenser.go +++ b/caddyconfig/caddyfile/dispenser.go @@ -17,6 +17,8 @@ package caddyfile import ( "errors" "fmt" + "io" + "log" "strings" ) @@ -37,6 +39,16 @@ func NewDispenser(tokens []Token) *Dispenser { } } +// NewTestDispenser parses input into tokens and creates a new +// Disenser for test purposes only; any errors are fatal. +func NewTestDispenser(input string) *Dispenser { + tokens, err := allTokens("Testfile", []byte(input)) + if err != nil && err != io.EOF { + log.Fatalf("getting all tokens from input: %v", err) + } + return NewDispenser(tokens) +} + // Next loads the next token. Returns true if a token // was loaded; false otherwise. If false, all tokens // have been consumed. diff --git a/caddyconfig/caddyfile/dispenser_test.go b/caddyconfig/caddyfile/dispenser_test.go index 4970f9d3..577872fc 100755 --- a/caddyconfig/caddyfile/dispenser_test.go +++ b/caddyconfig/caddyfile/dispenser_test.go @@ -15,8 +15,6 @@ package caddyfile import ( - "io" - "log" "reflect" "strings" "testing" @@ -306,13 +304,3 @@ func TestDispenser_ArgErr_Err(t *testing.T) { t.Errorf("Expected error message with custom message in it ('foobar'); got '%v'", err) } } - -// NewTestDispenser parses input into tokens and creates a new -// Disenser for test purposes only; any errors are fatal. -func NewTestDispenser(input string) *Dispenser { - tokens, err := allTokens("Testfile", []byte(input)) - if err != nil && err != io.EOF { - log.Fatalf("getting all tokens from input: %v", err) - } - return NewDispenser(tokens) -} From c1e5c09294abdb01bb404aafced7c9092b202070 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 26 May 2020 16:13:15 -0400 Subject: [PATCH 0066/1498] reverseproxy: Improve error message when using scheme+placeholder (#3393) * reverseproxy: Improve error message when using scheme+placeholder * reverseproxy: Simplify error message Co-authored-by: Matt Holt Co-authored-by: Matt Holt --- modules/caddyhttp/reverseproxy/caddyfile.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index 491b0674..47896a7d 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -103,6 +103,13 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { var network, scheme, host, port string if strings.Contains(upstreamAddr, "://") { + // we get a parsing error if a placeholder is specified + // so we return a more user-friendly error message instead + // to explain what to do instead + if strings.Contains(upstreamAddr, "{") { + return "", d.Err("due to parsing difficulties, placeholders are not allowed when an upstream address contains a scheme") + } + toURL, err := url.Parse(upstreamAddr) if err != nil { return "", d.Errf("parsing upstream URL: %v", err) From aa20878887c592fd79bef2a9943b1013ead8bac2 Mon Sep 17 00:00:00 2001 From: Rui Lopes Date: Tue, 26 May 2020 22:04:04 +0100 Subject: [PATCH 0067/1498] cmd: file-server: add --access-log flag (#3454) --- modules/caddyhttp/fileserver/command.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/modules/caddyhttp/fileserver/command.go b/modules/caddyhttp/fileserver/command.go index 6a44b3ca..654c9b83 100644 --- a/modules/caddyhttp/fileserver/command.go +++ b/modules/caddyhttp/fileserver/command.go @@ -33,7 +33,7 @@ func init() { caddycmd.RegisterCommand(caddycmd.Command{ Name: "file-server", Func: cmdFileServer, - Usage: "[--domain ] [--root ] [--listen ] [--browse]", + Usage: "[--domain ] [--root ] [--listen ] [--browse] [--access-log]", Short: "Spins up a production-ready file server", Long: ` A simple but production-ready file server. Useful for quick deployments, @@ -55,6 +55,7 @@ respond with a file listing.`, fs.String("listen", "", "The address to which to bind the listener") fs.Bool("browse", false, "Enable directory browsing") fs.Bool("templates", false, "Enable template rendering") + fs.Bool("access-log", false, "Enable the access log") return fs }(), }) @@ -68,6 +69,7 @@ func cmdFileServer(fs caddycmd.Flags) (int, error) { listen := fs.String("listen") browse := fs.Bool("browse") templates := fs.Bool("templates") + accessLog := fs.Bool("access-log") var handlers []json.RawMessage @@ -107,6 +109,9 @@ func cmdFileServer(fs caddycmd.Flags) (int, error) { } } server.Listen = []string{listen} + if accessLog { + server.Logs = &caddyhttp.ServerLogConfig{} + } httpApp := caddyhttp.App{ Servers: map[string]*caddyhttp.Server{"static": server}, From 8c5d00b2bc815c182e1a510be6dddc128949bf23 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 26 May 2020 17:27:51 -0400 Subject: [PATCH 0068/1498] httpcaddyfile: New `handle_path` directive (#3281) * caddyconfig: WIP implementation of handle_path * caddyconfig: Complete the implementation - h.NewRoute was key * caddyconfig: Add handle_path integration test * caddyhttp: Use the path matcher as-is, strip the trailing *, update test --- caddyconfig/httpcaddyfile/builtins.go | 4 +- caddyconfig/httpcaddyfile/directives.go | 115 +++++++++--------- .../caddyfile_adapt/handle_path.txt | 52 ++++++++ modules/caddyhttp/rewrite/caddyfile.go | 74 +++++++++++ 4 files changed, 186 insertions(+), 59 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/handle_path.txt diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index 2bb9b907..7026dfe9 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -442,11 +442,11 @@ func parseRoute(h Helper) (caddyhttp.MiddlewareHandler, error) { } func parseHandle(h Helper) (caddyhttp.MiddlewareHandler, error) { - return parseSegmentAsSubroute(h) + return ParseSegmentAsSubroute(h) } func parseHandleErrors(h Helper) ([]ConfigValue, error) { - subroute, err := parseSegmentAsSubroute(h) + subroute, err := ParseSegmentAsSubroute(h) if err != nil { return nil, err } diff --git a/caddyconfig/httpcaddyfile/directives.go b/caddyconfig/httpcaddyfile/directives.go index 15787724..cde97438 100644 --- a/caddyconfig/httpcaddyfile/directives.go +++ b/caddyconfig/httpcaddyfile/directives.go @@ -57,6 +57,7 @@ var directiveOrder = []string{ // special routing directives "handle", "route", + "handle_path", // handlers that typically respond to requests "respond", @@ -261,6 +262,63 @@ func (h Helper) NewBindAddresses(addrs []string) []ConfigValue { return []ConfigValue{{Class: "bind", Value: addrs}} } +// ParseSegmentAsSubroute parses the segment such that its subdirectives +// are themselves treated as directives, from which a subroute is built +// and returned. +func ParseSegmentAsSubroute(h Helper) (caddyhttp.MiddlewareHandler, error) { + var allResults []ConfigValue + + for h.Next() { + // slice the linear list of tokens into top-level segments + var segments []caddyfile.Segment + for nesting := h.Nesting(); h.NextBlock(nesting); { + segments = append(segments, h.NextSegment()) + } + + // copy existing matcher definitions so we can augment + // new ones that are defined only in this scope + matcherDefs := make(map[string]caddy.ModuleMap, len(h.matcherDefs)) + for key, val := range h.matcherDefs { + matcherDefs[key] = val + } + + // find and extract any embedded matcher definitions in this scope + for i, seg := range segments { + if strings.HasPrefix(seg.Directive(), matcherPrefix) { + err := parseMatcherDefinitions(caddyfile.NewDispenser(seg), matcherDefs) + if err != nil { + return nil, err + } + segments = append(segments[:i], segments[i+1:]...) + } + } + + // with matchers ready to go, evaluate each directive's segment + for _, seg := range segments { + dir := seg.Directive() + dirFunc, ok := registeredDirectives[dir] + if !ok { + return nil, h.Errf("unrecognized directive: %s", dir) + } + + subHelper := h + subHelper.Dispenser = caddyfile.NewDispenser(seg) + subHelper.matcherDefs = matcherDefs + + results, err := dirFunc(subHelper) + if err != nil { + return nil, h.Errf("parsing caddyfile tokens for '%s': %v", dir, err) + } + for _, result := range results { + result.directive = dir + allResults = append(allResults, result) + } + } + } + + return buildSubroute(allResults, h.groupCounter) +} + // ConfigValue represents a value to be added to the final // configuration, or a value to be consulted when building // the final configuration. @@ -329,63 +387,6 @@ func sortRoutes(routes []ConfigValue) { }) } -// parseSegmentAsSubroute parses the segment such that its subdirectives -// are themselves treated as directives, from which a subroute is built -// and returned. -func parseSegmentAsSubroute(h Helper) (caddyhttp.MiddlewareHandler, error) { - var allResults []ConfigValue - - for h.Next() { - // slice the linear list of tokens into top-level segments - var segments []caddyfile.Segment - for nesting := h.Nesting(); h.NextBlock(nesting); { - segments = append(segments, h.NextSegment()) - } - - // copy existing matcher definitions so we can augment - // new ones that are defined only in this scope - matcherDefs := make(map[string]caddy.ModuleMap, len(h.matcherDefs)) - for key, val := range h.matcherDefs { - matcherDefs[key] = val - } - - // find and extract any embedded matcher definitions in this scope - for i, seg := range segments { - if strings.HasPrefix(seg.Directive(), matcherPrefix) { - err := parseMatcherDefinitions(caddyfile.NewDispenser(seg), matcherDefs) - if err != nil { - return nil, err - } - segments = append(segments[:i], segments[i+1:]...) - } - } - - // with matchers ready to go, evaluate each directive's segment - for _, seg := range segments { - dir := seg.Directive() - dirFunc, ok := registeredDirectives[dir] - if !ok { - return nil, h.Errf("unrecognized directive: %s", dir) - } - - subHelper := h - subHelper.Dispenser = caddyfile.NewDispenser(seg) - subHelper.matcherDefs = matcherDefs - - results, err := dirFunc(subHelper) - if err != nil { - return nil, h.Errf("parsing caddyfile tokens for '%s': %v", dir, err) - } - for _, result := range results { - result.directive = dir - allResults = append(allResults, result) - } - } - } - - return buildSubroute(allResults, h.groupCounter) -} - // serverBlock pairs a Caddyfile server block with // a "pile" of config values, keyed by class name, // as well as its parsed keys for convenience. diff --git a/caddytest/integration/caddyfile_adapt/handle_path.txt b/caddytest/integration/caddyfile_adapt/handle_path.txt new file mode 100644 index 00000000..7f40fcf2 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/handle_path.txt @@ -0,0 +1,52 @@ +:80 +handle_path /api/v1/* { + respond "API v1" +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":80" + ], + "routes": [ + { + "match": [ + { + "path": [ + "/api/v1/*" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "handler": "rewrite", + "strip_path_prefix": "/api/v1" + } + ] + }, + { + "handle": [ + { + "body": "API v1", + "handler": "static_response" + } + ] + } + ] + } + ] + } + ] + } + } + } + } +} \ No newline at end of file diff --git a/modules/caddyhttp/rewrite/caddyfile.go b/modules/caddyhttp/rewrite/caddyfile.go index ee7dd23d..950119d6 100644 --- a/modules/caddyhttp/rewrite/caddyfile.go +++ b/modules/caddyhttp/rewrite/caddyfile.go @@ -15,9 +15,12 @@ package rewrite import ( + "encoding/json" "strconv" "strings" + "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/caddy/v2/caddyconfig" "github.com/caddyserver/caddy/v2/caddyconfig/httpcaddyfile" "github.com/caddyserver/caddy/v2/modules/caddyhttp" ) @@ -25,6 +28,7 @@ import ( func init() { httpcaddyfile.RegisterHandlerDirective("rewrite", parseCaddyfileRewrite) httpcaddyfile.RegisterHandlerDirective("uri", parseCaddyfileURI) + httpcaddyfile.RegisterDirective("handle_path", parseCaddyfileHandlePath) } // parseCaddyfileRewrite sets up a basic rewrite handler from Caddyfile tokens. Syntax: @@ -110,3 +114,73 @@ func parseCaddyfileURI(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, err } return rewr, nil } + +// parseCaddyfileHandlePath parses the handle_path directive. Syntax: +// +// handle_path [] { +// +// } +// +// Only path matchers (with a `/` prefix) are supported as this is a shortcut +// for the handle directive with a strip_prefix rewrite. +func parseCaddyfileHandlePath(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error) { + if !h.Next() { + return nil, h.ArgErr() + } + if !h.NextArg() { + return nil, h.ArgErr() + } + + // read the prefix to strip + path := h.Val() + if !strings.HasPrefix(path, "/") { + return nil, h.Errf("path matcher must begin with '/', got %s", path) + } + + // we only want to strip what comes before the '/' if + // the user specified it (e.g. /api/* should only strip /api) + var stripPath string + if strings.HasSuffix(path, "/*") { + stripPath = path[:len(path)-2] + } else if strings.HasSuffix(path, "*") { + stripPath = path[:len(path)-1] + } else { + stripPath = path + } + + // the ParseSegmentAsSubroute function expects the cursor + // to be at the token just before the block opening, + // so we need to rewind because we already read past it + h.Reset() + h.Next() + + // parse the block contents as a subroute handler + handler, err := httpcaddyfile.ParseSegmentAsSubroute(h) + if err != nil { + return nil, err + } + subroute, ok := handler.(*caddyhttp.Subroute) + if !ok { + return nil, h.Errf("segment was not parsed as a subroute") + } + + // make a matcher on the path and everything below it + pathMatcher := caddy.ModuleMap{ + "path": h.JSON(caddyhttp.MatchPath{path}), + } + + // build a route with a rewrite handler to strip the path prefix + route := caddyhttp.Route{ + HandlersRaw: []json.RawMessage{ + caddyconfig.JSONModuleObject(Rewrite{ + StripPathPrefix: stripPath, + }, "handler", "rewrite", nil), + }, + } + + // prepend the route to the subroute + subroute.Routes = append([]caddyhttp.Route{route}, subroute.Routes...) + + // build and return a route from the subroute + return h.NewRoute(pathMatcher, subroute), nil +} From 294910c68c315af41f4f47ec6c767fbe318c0e43 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 26 May 2020 15:52:32 -0600 Subject: [PATCH 0069/1498] caddyhttp: Add client.public_key(_sha256) placeholders --- modules/caddyhttp/replacer.go | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/modules/caddyhttp/replacer.go b/modules/caddyhttp/replacer.go index 670b2e3e..37b53d27 100644 --- a/modules/caddyhttp/replacer.go +++ b/modules/caddyhttp/replacer.go @@ -16,9 +16,14 @@ package caddyhttp import ( "context" + "crypto/ecdsa" + "crypto/ed25519" + "crypto/elliptic" + "crypto/rsa" "crypto/sha256" "crypto/tls" "crypto/x509" + "encoding/asn1" "fmt" "net" "net/http" @@ -243,6 +248,18 @@ func getReqTLSReplacement(req *http.Request, key string) (interface{}, bool) { switch field { case "client.fingerprint": return fmt.Sprintf("%x", sha256.Sum256(cert.Raw)), true + case "client.public_key", "client.public_key_sha256": + if cert.PublicKey == nil { + return nil, true + } + pubKeyBytes, err := marshalPublicKey(cert.PublicKey) + if err != nil { + return nil, true + } + if strings.HasSuffix(field, "_sha256") { + return fmt.Sprintf("%x", sha256.Sum256(pubKeyBytes)), true + } + return fmt.Sprintf("%x", pubKeyBytes), true case "client.issuer": return cert.Issuer, true case "client.serial": @@ -271,6 +288,19 @@ func getReqTLSReplacement(req *http.Request, key string) (interface{}, bool) { return nil, false } +// marshalPublicKey returns the byte encoding of pubKey. +func marshalPublicKey(pubKey interface{}) ([]byte, error) { + switch key := pubKey.(type) { + case *rsa.PublicKey: + return asn1.Marshal(key) + case *ecdsa.PublicKey: + return elliptic.Marshal(key.Curve, key.X, key.Y), nil + case ed25519.PublicKey: + return key, nil + } + return nil, fmt.Errorf("unrecognized public key type: %T", pubKey) +} + // getTLSPeerCert retrieves the first peer certificate from a TLS session. // Returns nil if no peer cert is in use. func getTLSPeerCert(cs *tls.ConnectionState) *x509.Certificate { From e5bbed10461f8baa3c75e4614edb8d44d3252bb5 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 26 May 2020 17:35:27 -0600 Subject: [PATCH 0070/1498] caddyhttp: Refactor header matching This allows response matchers to benefit from the same matching logic as the request header matchers (mainly prefix/suffix wildcards). --- modules/caddyhttp/matchers.go | 75 ++++++++++++------------------ modules/caddyhttp/matchers_test.go | 33 +++++++++++++ 2 files changed, 62 insertions(+), 46 deletions(-) diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index 08607803..5dddb71e 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -17,7 +17,6 @@ package caddyhttp import ( "encoding/json" "fmt" - "log" "net" "net/http" "net/textproto" @@ -28,6 +27,7 @@ import ( "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" + "go.uber.org/zap" ) type ( @@ -105,7 +105,8 @@ type ( MatchRemoteIP struct { Ranges []string `json:"ranges,omitempty"` - cidrs []*net.IPNet + cidrs []*net.IPNet + logger *zap.Logger } // MatchNot matches requests by negating the results of its matcher @@ -410,23 +411,28 @@ func (m *MatchHeader) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return nil } -// Like req.Header.Get(), but that works with Host header. -// go's http module swallows "Host" header. -func getHeader(r *http.Request, field string) []string { - field = textproto.CanonicalMIMEHeaderKey(field) - - if field == "Host" { - return []string{r.Host} - } - - return r.Header[field] -} - // Match returns true if r matches m. func (m MatchHeader) Match(r *http.Request) bool { - for field, allowedFieldVals := range m { - actualFieldVals := getHeader(r, field) + return matchHeaders(r.Header, http.Header(m), r.Host) +} +// getHeaderFieldVals returns the field values for the given fieldName from input. +// The host parameter should be obtained from the http.Request.Host field since +// net/http removes it from the header map. +func getHeaderFieldVals(input http.Header, fieldName, host string) []string { + fieldName = textproto.CanonicalMIMEHeaderKey(fieldName) + if fieldName == "Host" && host != "" { + return []string{host} + } + return input[fieldName] +} + +// matchHeaders returns true if input matches the criteria in against without regex. +// The host parameter should be obtained from the http.Request.Host field since +// net/http removes it from the header map. +func matchHeaders(input, against http.Header, host string) bool { + for field, allowedFieldVals := range against { + actualFieldVals := getHeaderFieldVals(input, field, host) if allowedFieldVals != nil && len(allowedFieldVals) == 0 && actualFieldVals != nil { // a non-nil but empty list of allowed values means // match if the header field exists at all @@ -501,8 +507,7 @@ func (m *MatchHeaderRE) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { // Match returns true if r matches m. func (m MatchHeaderRE) Match(r *http.Request) bool { for field, rm := range m { - actualFieldVals := getHeader(r, field) - + actualFieldVals := getHeaderFieldVals(r.Header, field, r.Host) match := false fieldVal: for _, actualFieldVal := range actualFieldVals { @@ -700,6 +705,7 @@ func (m *MatchRemoteIP) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { // Provision parses m's IP ranges, either from IP or CIDR expressions. func (m *MatchRemoteIP) Provision(ctx caddy.Context) error { + m.logger = ctx.Logger(m) for _, str := range m.Ranges { if strings.Contains(str, "/") { _, ipNet, err := net.ParseCIDR(str) @@ -748,7 +754,7 @@ func (m MatchRemoteIP) getClientIP(r *http.Request) (net.IP, error) { func (m MatchRemoteIP) Match(r *http.Request) bool { clientIP, err := m.getClientIP(r) if err != nil { - log.Printf("[ERROR] remote_ip matcher: %v", err) + m.logger.Error("getting client IP", zap.Error(err)) return false } for _, ipRange := range m.cidrs { @@ -859,7 +865,9 @@ type ResponseMatcher struct { // in that class (e.g. 3 for all 3xx codes). StatusCode []int `json:"status_code,omitempty"` - // If set, each header specified must be one of the specified values. + // If set, each header specified must be one of the + // specified values, with the same logic used by the + // request header matcher. Headers http.Header `json:"headers,omitempty"` } @@ -868,7 +876,7 @@ func (rm ResponseMatcher) Match(statusCode int, hdr http.Header) bool { if !rm.matchStatusCode(statusCode) { return false } - return rm.matchHeaders(hdr) + return matchHeaders(hdr, rm.Headers, "") } func (rm ResponseMatcher) matchStatusCode(statusCode int) bool { @@ -883,31 +891,6 @@ func (rm ResponseMatcher) matchStatusCode(statusCode int) bool { return false } -func (rm ResponseMatcher) matchHeaders(hdr http.Header) bool { - for field, allowedFieldVals := range rm.Headers { - actualFieldVals, fieldExists := hdr[textproto.CanonicalMIMEHeaderKey(field)] - if allowedFieldVals != nil && len(allowedFieldVals) == 0 && fieldExists { - // a non-nil but empty list of allowed values means - // match if the header field exists at all - continue - } - var match bool - fieldVals: - for _, actualFieldVal := range actualFieldVals { - for _, allowedFieldVal := range allowedFieldVals { - if actualFieldVal == allowedFieldVal { - match = true - break fieldVals - } - } - } - if !match { - return false - } - } - return true -} - var wordRE = regexp.MustCompile(`\w+`) const regexpPlaceholderPrefix = "http.regexp" diff --git a/modules/caddyhttp/matchers_test.go b/modules/caddyhttp/matchers_test.go index 021bb983..9b3a9a85 100644 --- a/modules/caddyhttp/matchers_test.go +++ b/modules/caddyhttp/matchers_test.go @@ -448,6 +448,21 @@ func TestHeaderMatcher(t *testing.T) { input: http.Header{"Field2": []string{"foo"}}, expect: false, }, + { + match: MatchHeader{"Field1": []string{"foo*"}}, + input: http.Header{"Field1": []string{"foo"}}, + expect: true, + }, + { + match: MatchHeader{"Field1": []string{"foo*"}}, + input: http.Header{"Field1": []string{"asdf", "foobar"}}, + expect: true, + }, + { + match: MatchHeader{"Field1": []string{"*bar"}}, + input: http.Header{"Field1": []string{"asdf", "foobar"}}, + expect: true, + }, { match: MatchHeader{"host": []string{"localhost"}}, input: http.Header{}, @@ -814,6 +829,24 @@ func TestResponseMatcher(t *testing.T) { hdr: http.Header{"Foo": []string{"bar"}, "Foo2": []string{"baz"}}, expect: true, }, + { + require: ResponseMatcher{ + Headers: http.Header{ + "Foo": []string{"foo*"}, + }, + }, + hdr: http.Header{"Foo": []string{"foobar"}}, + expect: true, + }, + { + require: ResponseMatcher{ + Headers: http.Header{ + "Foo": []string{"foo*"}, + }, + }, + hdr: http.Header{"Foo": []string{"foobar"}}, + expect: true, + }, } { actual := tc.require.Match(tc.status, tc.hdr) if actual != tc.expect { From 69b5643130d78f5852e28fe961d8fb2138f16307 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 27 May 2020 10:13:57 -0400 Subject: [PATCH 0071/1498] chore: Fix typo in dispenser.go (#3456) --- caddyconfig/caddyfile/dispenser.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/caddyconfig/caddyfile/dispenser.go b/caddyconfig/caddyfile/dispenser.go index 22cd3dc5..fe8c2353 100755 --- a/caddyconfig/caddyfile/dispenser.go +++ b/caddyconfig/caddyfile/dispenser.go @@ -40,7 +40,7 @@ func NewDispenser(tokens []Token) *Dispenser { } // NewTestDispenser parses input into tokens and creates a new -// Disenser for test purposes only; any errors are fatal. +// Dispenser for test purposes only; any errors are fatal. func NewTestDispenser(input string) *Dispenser { tokens, err := allTokens("Testfile", []byte(input)) if err != nil && err != io.EOF { From 538ddb85876001976fa0c76f10b912c0870fe6d7 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 27 May 2020 10:15:20 -0600 Subject: [PATCH 0072/1498] reverseproxy: Enable response interception (#1447, #2920) It's a raw, low-level implementation for now, but it's very flexible. More sugar-coating can be added after error handling is more developed. --- .../caddyhttp/reverseproxy/reverseproxy.go | 72 +++++++++++++++---- modules/caddyhttp/subroute.go | 30 ++++++++ 2 files changed, 87 insertions(+), 15 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 8137237a..507995f0 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -94,6 +94,20 @@ type Handler struct { // be avoided if at all possible for performance reasons. BufferRequests bool `json:"buffer_requests,omitempty"` + // List of handlers and their associated matchers to evaluate + // after successful roundtrips. The first handler that matches + // the response from a backend will be invoked. The response + // body from the backend will not be written to the client; + // it is up to the handler to finish handling the response. + // If passive health checks are enabled, any errors from the + // handler chain will not affect the health status of the + // backend. + // + // Two new placeholders are available in this handler chain: + // - `{http.reverse_proxy.status_code}` The status code + // - `{http.reverse_proxy.status_text}` The status text + HandleResponse []caddyhttp.ResponseHandler `json:"handle_response,omitempty"` + Transport http.RoundTripper `json:"-"` CB CircuitBreaker `json:"-"` @@ -252,6 +266,14 @@ func (h *Handler) Provision(ctx caddy.Context) error { go h.activeHealthChecker() } + // set up any response routes + for i, rh := range h.HandleResponse { + err := rh.Provision(ctx) + if err != nil { + return fmt.Errorf("provisioning response handler %d: %v", i, err) + } + } + return nil } @@ -361,13 +383,21 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyht } // proxy the request to that upstream - proxyErr = h.reverseProxy(w, r, dialInfo) + proxyErr = h.reverseProxy(w, r, dialInfo, next) if proxyErr == nil || proxyErr == context.Canceled { // context.Canceled happens when the downstream client // cancels the request, which is not our failure return nil } + // if the roundtrip was successful, don't retry the request or + // ding the health status of the upstream (an error can still + // occur after the roundtrip if, for example, a response handler + // after the roundtrip returns an error) + if succ, ok := proxyErr.(roundtripSucceeded); ok { + return succ.error + } + // remember this failure (if enabled) h.countFailure(upstream) @@ -456,7 +486,7 @@ func (h Handler) prepareRequest(req *http.Request) error { // reverseProxy performs a round-trip to the given backend and processes the response with the client. // (This method is mostly the beginning of what was borrowed from the net/http/httputil package in the // Go standard library which was used as the foundation.) -func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, di DialInfo) error { +func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, di DialInfo, next caddyhttp.Handler) error { di.Upstream.Host.CountRequest(1) defer di.Upstream.Host.CountRequest(-1) @@ -471,16 +501,14 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, di Dia logger := h.logger.With( zap.String("upstream", di.Upstream.String()), zap.Object("request", caddyhttp.LoggableHTTPRequest{Request: req}), - zap.Duration("duration", duration), - ) + zap.Duration("duration", duration)) if err != nil { logger.Debug("upstream roundtrip", zap.Error(err)) return err } logger.Debug("upstream roundtrip", zap.Object("headers", caddyhttp.LoggableHTTPHeader(res.Header)), - zap.Int("status", res.StatusCode), - ) + zap.Int("status", res.StatusCode)) // update circuit breaker on current conditions if di.Upstream.cb != nil { @@ -503,6 +531,25 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, di Dia } } + for i, rh := range h.HandleResponse { + if len(rh.Routes) == 0 { + continue + } + if rh.Match != nil && !rh.Match.Match(res.StatusCode, res.Header) { + continue + } + res.Body.Close() + repl := req.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) + repl.Set("http.reverse_proxy.status_code", res.StatusCode) + repl.Set("http.reverse_proxy.status_text", res.Status) + h.logger.Debug("handling response", zap.Int("handler", i)) + if routeErr := rh.Routes.Compile(next).ServeHTTP(rw, req); routeErr != nil { + // wrap error in roundtripSucceeded so caller knows that + // the roundtrip was successful and to not retry + return roundtripSucceeded{routeErr} + } + } + // Deal with 101 Switching Protocols responses: (WebSocket, h2c, etc) if res.StatusCode == http.StatusSwitchingProtocols { h.handleUpgradeResponse(rw, req, res) @@ -537,15 +584,6 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, di Dia rw.Header().Add("Trailer", strings.Join(trailerKeys, ", ")) } - // TODO: there should be an option to return an error if the response - // matches some criteria; would solve https://github.com/caddyserver/caddy/issues/1447 - // by allowing the backend to determine whether this server should treat - // a 400+ status code as an error -- but we might need to be careful that - // we do not affect the health status of the backend... still looking into - // that; if we need to avoid that, we should return a particular error type - // that the caller of this function checks for and only applies health - // status changes if the error is not this special type - rw.WriteHeader(res.StatusCode) err = h.copyResponse(rw, res.Body, h.flushInterval(req, res)) @@ -782,6 +820,10 @@ type TLSTransport interface { EnableTLS(base *TLSConfig) error } +// roundtripSucceeded is an error type that is returned if the +// roundtrip succeeded, but an error occurred after-the-fact. +type roundtripSucceeded struct{ error } + var bufPool = sync.Pool{ New: func() interface{} { return new(bytes.Buffer) diff --git a/modules/caddyhttp/subroute.go b/modules/caddyhttp/subroute.go index 2e80d88d..b1700f5b 100644 --- a/modules/caddyhttp/subroute.go +++ b/modules/caddyhttp/subroute.go @@ -80,6 +80,36 @@ func (sr *Subroute) ServeHTTP(w http.ResponseWriter, r *http.Request, next Handl return err } +// ResponseHandler pairs a response matcher with a route list. +// It is useful for executing handler routes based on the +// properties of an HTTP response that has not been written +// out to the client yet. +// +// To use this type, provision it at module load time, then +// when ready to use, match the response against its matcher; +// if it matches (or doesn't have a matcher), invoke the routes +// by calling `rh.Routes.Compile(next).ServeHTTP(rw, req)` (or +// similar). +type ResponseHandler struct { + // The response matcher for this handler. If empty/nil, + // it always matches. + Match *ResponseMatcher `json:"match,omitempty"` + + // The list of HTTP routes to execute. + Routes RouteList `json:"routes,omitempty"` +} + +// Provision sets up the routse in rh. +func (rh *ResponseHandler) Provision(ctx caddy.Context) error { + if rh.Routes != nil { + err := rh.Routes.Provision(ctx) + if err != nil { + return err + } + } + return nil +} + // Interface guards var ( _ caddy.Provisioner = (*Subroute)(nil) From 881b826fb59a25102fd14ae3b420639479f2d6bf Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 27 May 2020 11:42:19 -0600 Subject: [PATCH 0073/1498] reverseproxy: Pool copy buffers (minor optimization) --- .../caddyhttp/reverseproxy/reverseproxy.go | 42 ++++--------------- modules/caddyhttp/reverseproxy/streaming.go | 28 ++++++------- 2 files changed, 21 insertions(+), 49 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 507995f0..06802a01 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -587,20 +587,15 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, di Dia rw.WriteHeader(res.StatusCode) err = h.copyResponse(rw, res.Body, h.flushInterval(req, res)) - if err != nil { - defer res.Body.Close() - // Since we're streaming the response, if we run into an error all we can do - // is abort the request. Issue golang/go#23643: ReverseProxy should use ErrAbortHandler - // on read error while copying body. - // TODO: Look into whether we want to panic at all in our case... - if !shouldPanicOnCopyError(req) { - // p.logf("suppressing panic for copyResponse error in test; copy error: %v", err) - return err - } - - panic(http.ErrAbortHandler) - } res.Body.Close() // close now, instead of defer, to populate res.Trailer + if err != nil { + // we're streaming the response and we've already written headers, so + // there's nothing an error handler can do to recover at this point; + // the standard lib's proxy panics at this point, but we'll just log + // the error and abort the stream here + h.logger.Error("aborting with incomplete response", zap.Error(err)) + return nil + } if len(res.Trailer) > 0 { // Force chunking if we saw a response trailer. @@ -679,27 +674,6 @@ func (h Handler) directRequest(req *http.Request, di DialInfo) { req.URL.Host = reqHost } -// shouldPanicOnCopyError reports whether the reverse proxy should -// panic with http.ErrAbortHandler. This is the right thing to do by -// default, but Go 1.10 and earlier did not, so existing unit tests -// weren't expecting panics. Only panic in our own tests, or when -// running under the HTTP server. -// TODO: I don't know if we want this at all... -func shouldPanicOnCopyError(req *http.Request) bool { - // if inOurTests { - // // Our tests know to handle this panic. - // return true - // } - if req.Context().Value(http.ServerContextKey) != nil { - // We seem to be running under an HTTP server, so - // it'll recover the panic. - return true - } - // Otherwise act like Go 1.10 and earlier to not break - // existing tests. - return false -} - func copyHeader(dst, src http.Header) { for k, vv := range src { for _, v := range vv { diff --git a/modules/caddyhttp/reverseproxy/streaming.go b/modules/caddyhttp/reverseproxy/streaming.go index 0c8e3380..170afe8e 100644 --- a/modules/caddyhttp/reverseproxy/streaming.go +++ b/modules/caddyhttp/reverseproxy/streaming.go @@ -13,8 +13,8 @@ // limitations under the License. // Most of the code in this file was initially borrowed from the Go -// standard library, which has this copyright notice: -// Copyright 2011 The Go Authors. +// standard library and modified; It had this copyright notice: +// Copyright 2011 The Go Authors package reverseproxy @@ -24,6 +24,8 @@ import ( "net/http" "sync" "time" + + "go.uber.org/zap" ) func (h Handler) handleUpgradeResponse(rw http.ResponseWriter, req *http.Request, res *http.Response) { @@ -97,19 +99,8 @@ func (h Handler) copyResponse(dst io.Writer, src io.Reader, flushInterval time.D } } - // TODO: Figure out how we want to do this... using custom buffer pool type seems unnecessary - // or maybe it is, depending on how we want to handle errors, - // see: https://github.com/golang/go/issues/21814 - // buf := bufPool.Get().(*bytes.Buffer) - // buf.Reset() - // defer bufPool.Put(buf) - // _, err := io.CopyBuffer(dst, src, ) - var buf []byte - // if h.BufferPool != nil { - // buf = h.BufferPool.Get() - // defer h.BufferPool.Put(buf) - // } - // // we could also see about a pool that returns values like this: make([]byte, 32*1024) + buf := streamingBufPool.Get().([]byte) + defer streamingBufPool.Put(buf) _, err := h.copyBuffer(dst, src, buf) return err } @@ -131,6 +122,7 @@ func (h Handler) copyBuffer(dst io.Writer, src io.Reader, buf []byte) (int64, er // something we need to report to the client, but read errors are a problem on our // end for sure. so we need to decide what we want.) // p.logf("copyBuffer: ReverseProxy read error during body copy: %v", rerr) + h.logger.Error("reading from backend", zap.Error(rerr)) } if nr > 0 { nw, werr := dst.Write(buf[:nr]) @@ -221,3 +213,9 @@ func (c switchProtocolCopier) copyToBackend(errc chan<- error) { _, err := io.Copy(c.backend, c.user) errc <- err } + +var streamingBufPool = sync.Pool{ + New: func() interface{} { + return make([]byte, 32*1024) + }, +} From 9415feca7cf0fe14b9d881c7318be2da20b2985f Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Thu, 28 May 2020 10:40:14 -0600 Subject: [PATCH 0074/1498] logging: Net writer redials if write fails (#3453) * logging: Net writer redials if write fails https://caddy.community/t/v2-log-output-net-does-not-reconnect-after-lost-connection/8386?u=matt * Only replace connection if redial succeeds * Fix error handling --- modules/logging/netwriter.go | 56 +++++++++++++++++++++++++++++++++++- 1 file changed, 55 insertions(+), 1 deletion(-) diff --git a/modules/logging/netwriter.go b/modules/logging/netwriter.go index 427bb751..a25ede71 100644 --- a/modules/logging/netwriter.go +++ b/modules/logging/netwriter.go @@ -18,6 +18,7 @@ import ( "fmt" "io" "net" + "sync" "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" @@ -73,7 +74,15 @@ func (nw NetWriter) WriterKey() string { // OpenWriter opens a new network connection. func (nw NetWriter) OpenWriter() (io.WriteCloser, error) { - return net.Dial(nw.addr.Network, nw.addr.JoinHostPort(0)) + reconn := &redialerConn{nw: nw} + conn, err := reconn.dial() + if err != nil { + return nil, err + } + reconn.connMu.Lock() + reconn.Conn = conn + reconn.connMu.Unlock() + return reconn, nil } // UnmarshalCaddyfile sets up the handler from Caddyfile tokens. Syntax: @@ -93,6 +102,51 @@ func (nw *NetWriter) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return nil } +// redialerConn wraps an underlying Conn so that if any +// writes fail, the connection is redialed and the write +// is retried. +type redialerConn struct { + net.Conn + connMu sync.RWMutex + nw NetWriter +} + +// Write wraps the underlying Conn.Write method, but if that fails, +// it will re-dial the connection anew and try writing again. +func (reconn *redialerConn) Write(b []byte) (n int, err error) { + reconn.connMu.RLock() + conn := reconn.Conn + reconn.connMu.RUnlock() + if n, err = conn.Write(b); err == nil { + return + } + + // problem with the connection - lock it and try to fix it + reconn.connMu.Lock() + defer reconn.connMu.Unlock() + + // if multiple concurrent writes failed on the same broken conn, then + // one of them might have already re-dialed by now; try writing again + if n, err = reconn.Conn.Write(b); err == nil { + return + } + + // we're the lucky first goroutine to re-dial the connection + conn2, err2 := reconn.dial() + if err2 != nil { + return + } + if n, err = conn2.Write(b); err == nil { + reconn.Conn.Close() + reconn.Conn = conn2 + } + return +} + +func (reconn *redialerConn) dial() (net.Conn, error) { + return net.Dial(reconn.nw.addr.Network, reconn.nw.addr.JoinHostPort(0)) +} + // Interface guards var ( _ caddy.Provisioner = (*NetWriter)(nil) From 6c051cd27d3b0c61b103a58dce9f779481fa993b Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 29 May 2020 11:49:21 -0600 Subject: [PATCH 0075/1498] caddyconfig: Minor internal and godoc tweaks --- caddyconfig/configadapters.go | 15 +++++++-------- caddyconfig/httpcaddyfile/builtins.go | 4 ++-- caddyconfig/httpcaddyfile/tlsapp.go | 2 +- modules/logging/filters.go | 4 +--- 4 files changed, 11 insertions(+), 14 deletions(-) diff --git a/caddyconfig/configadapters.go b/caddyconfig/configadapters.go index 2c466c42..1918fa75 100644 --- a/caddyconfig/configadapters.go +++ b/caddyconfig/configadapters.go @@ -51,14 +51,13 @@ func JSON(val interface{}, warnings *[]Warning) json.RawMessage { return b } -// JSONModuleObject is like JSON, except it marshals val into a JSON object -// and then adds a key to that object named fieldName with the value fieldVal. -// This is useful for JSON-encoding module values where the module name has to -// be described within the object by a certain key; for example, -// "responder": "file_server" for a file server HTTP responder. The val must -// encode into a map[string]interface{} (i.e. it must be a struct or map), -// and any errors are converted into warnings, so this can be conveniently -// used when filling a struct. For correct code, there should be no errors. +// JSONModuleObject is like JSON(), except it marshals val into a JSON object +// with an added key named fieldName with the value fieldVal. This is useful +// for encoding module values where the module name has to be described within +// the object by a certain key; for example, `"handler": "file_server"` for a +// file server HTTP handler (fieldName="handler" and fieldVal="file_server"). +// The val parameter must encode into a map[string]interface{} (i.e. it must be +// a struct or map). Any errors are converted into warnings. func JSONModuleObject(val interface{}, fieldName, fieldVal string, warnings *[]Warning) json.RawMessage { // encode to a JSON object first enc, err := json.Marshal(val) diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index 7026dfe9..90ce3a46 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -259,13 +259,13 @@ func parseTLS(h Helper) ([]ConfigValue, error) { // certificate loaders if len(fileLoader) > 0 { configVals = append(configVals, ConfigValue{ - Class: "tls.certificate_loader", + Class: "tls.cert_loader", Value: fileLoader, }) } if len(folderLoader) > 0 { configVals = append(configVals, ConfigValue{ - Class: "tls.certificate_loader", + Class: "tls.cert_loader", Value: folderLoader, }) } diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index 80f39af3..90b4e71c 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -233,7 +233,7 @@ func (st ServerType) buildTLSApp( } // certificate loaders - if clVals, ok := sblock.pile["tls.certificate_loader"]; ok { + if clVals, ok := sblock.pile["tls.cert_loader"]; ok { for _, clVal := range clVals { certLoaders = append(certLoaders, clVal.Value.(caddytls.CertificateLoader)) } diff --git a/modules/logging/filters.go b/modules/logging/filters.go index 52db2fec..cd3bbb13 100644 --- a/modules/logging/filters.go +++ b/modules/logging/filters.go @@ -27,9 +27,7 @@ func init() { } // LogFieldFilter can filter (or manipulate) -// a field in a log entry. If delete is true, -// out will be ignored and the field will be -// removed from the output. +// a field in a log entry. type LogFieldFilter interface { Filter(zapcore.Field) zapcore.Field } From 996af0915dfc597fc6aad82e99578fed58d0f87d Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Fri, 29 May 2020 14:21:55 -0600 Subject: [PATCH 0076/1498] cmd: Support admin endpoint on unix socket (#3320) --- cmd/commandfuncs.go | 94 +++++++++++++++++++++++++++++---------------- 1 file changed, 61 insertions(+), 33 deletions(-) diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go index 875fb5a9..a10bc191 100644 --- a/cmd/commandfuncs.go +++ b/cmd/commandfuncs.go @@ -16,6 +16,7 @@ package caddycmd import ( "bytes" + "context" "crypto/rand" "encoding/json" "fmt" @@ -276,24 +277,9 @@ func cmdRun(fl Flags) (int, error) { func cmdStop(fl Flags) (int, error) { stopCmdAddrFlag := fl.String("address") - adminAddr := caddy.DefaultAdminListen - if stopCmdAddrFlag != "" { - adminAddr = stopCmdAddrFlag - } - stopEndpoint := fmt.Sprintf("http://%s/stop", adminAddr) - - req, err := http.NewRequest(http.MethodPost, stopEndpoint, nil) + err := apiRequest(stopCmdAddrFlag, http.MethodPost, "/stop", nil) if err != nil { - return caddy.ExitCodeFailedStartup, fmt.Errorf("making request: %v", err) - } - req.Header.Set("Origin", adminAddr) - - err = apiRequest(req) - if err != nil { - caddy.Log().Warn("failed using API to stop instance", - zap.String("endpoint", stopEndpoint), - zap.Error(err), - ) + caddy.Log().Warn("failed using API to stop instance", zap.Error(err)) return caddy.ExitCodeFailedStartup, err } @@ -314,7 +300,7 @@ func cmdReload(fl Flags) (int, error) { return caddy.ExitCodeFailedStartup, fmt.Errorf("no config file to load") } - // get the address of the admin listener and craft endpoint URL + // get the address of the admin listener; use flag if specified adminAddr := reloadCmdAddrFlag if adminAddr == "" && len(config) > 0 { var tmpStruct struct { @@ -327,20 +313,8 @@ func cmdReload(fl Flags) (int, error) { } adminAddr = tmpStruct.Admin.Listen } - if adminAddr == "" { - adminAddr = caddy.DefaultAdminListen - } - loadEndpoint := fmt.Sprintf("http://%s/load", adminAddr) - // prepare the request to update the configuration - req, err := http.NewRequest(http.MethodPost, loadEndpoint, bytes.NewReader(config)) - if err != nil { - return caddy.ExitCodeFailedStartup, fmt.Errorf("making request: %v", err) - } - req.Header.Set("Content-Type", "application/json") - req.Header.Set("Origin", adminAddr) - - err = apiRequest(req) + err = apiRequest(adminAddr, http.MethodPost, "/load", bytes.NewReader(config)) if err != nil { return caddy.ExitCodeFailedStartup, fmt.Errorf("sending configuration to instance: %v", err) } @@ -645,8 +619,62 @@ commands: return caddy.ExitCodeSuccess, nil } -func apiRequest(req *http.Request) error { - resp, err := http.DefaultClient.Do(req) +// apiRequest makes an API request to the endpoint adminAddr with the +// given HTTP method and request URI. If body is non-nil, it will be +// assumed to be Content-Type application/json. +func apiRequest(adminAddr, method, uri string, body io.Reader) error { + // parse the admin address + if adminAddr == "" { + adminAddr = caddy.DefaultAdminListen + } + parsedAddr, err := caddy.ParseNetworkAddress(adminAddr) + if err != nil || parsedAddr.PortRangeSize() > 1 { + return fmt.Errorf("invalid admin address %s: %v", adminAddr, err) + } + origin := parsedAddr.JoinHostPort(0) + if parsedAddr.IsUnixNetwork() { + origin = "unixsocket" // hack so that http.NewRequest() is happy + } + + // form the request + req, err := http.NewRequest(method, "http://"+origin+uri, body) + if err != nil { + return fmt.Errorf("making request: %v", err) + } + if parsedAddr.IsUnixNetwork() { + // When listening on a unix socket, the admin endpoint doesn't + // accept any Host header because there is no host:port for + // a unix socket's address. The server's host check is fairly + // strict for security reasons, so we don't allow just any + // Host header. For unix sockets, the Host header must be + // empty. Unfortunately, Go makes it impossible to make HTTP + // requests with an empty Host header... except with this one + // weird trick. (Hopefully they don't fix it. It's already + // hard enough to use HTTP over unix sockets.) + // + // An equivalent curl command would be something like: + // $ curl --unix-socket caddy.sock http:/:$REQUEST_URI + req.URL.Host = " " + req.Host = "" + } else { + req.Header.Set("Origin", origin) + } + if body != nil { + req.Header.Set("Content-Type", "application/json") + } + + // make an HTTP client that dials our network type, since admin + // endpoints aren't always TCP, which is what the default transport + // expects; reuse is not of particular concern here + client := http.Client{ + Transport: &http.Transport{ + DialContext: func(_ context.Context, _, _ string) (net.Conn, error) { + return net.Dial(parsedAddr.Network, parsedAddr.JoinHostPort(0)) + }, + }, + } + + resp, err := client.Do(req) if err != nil { return fmt.Errorf("performing request: %v", err) } From d5d7fb5954f38ed5f4c4bbb8a8b3df66809a32b7 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 1 Jun 2020 09:31:08 -0600 Subject: [PATCH 0077/1498] go.mod: Update dependencies --- go.mod | 10 +++--- go.sum | 31 +++++++++++++------ .../distributedstek/distributedstek.go | 5 ++- 3 files changed, 30 insertions(+), 16 deletions(-) diff --git a/go.mod b/go.mod index 621426b6..2b2e4ace 100644 --- a/go.mod +++ b/go.mod @@ -6,25 +6,25 @@ require ( github.com/Masterminds/sprig/v3 v3.1.0 github.com/alecthomas/chroma v0.7.4-0.20200517063913-500529fd43c1 github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a - github.com/caddyserver/certmagic v0.10.13 + github.com/caddyserver/certmagic v0.11.0 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-acme/lego/v3 v3.7.0 github.com/go-chi/chi v4.1.1+incompatible github.com/gogo/protobuf v1.3.1 - github.com/golang/protobuf v1.3.4 + github.com/golang/protobuf v1.4.0 github.com/google/cel-go v0.5.1 github.com/jsternberg/zap-logfmt v1.2.0 - github.com/klauspost/compress v1.10.5 + github.com/klauspost/compress v1.10.6 github.com/klauspost/cpuid v1.2.4 github.com/libdns/libdns v0.0.0-20200501023120-186724ffc821 - github.com/lucas-clemente/quic-go v0.15.7 + github.com/lucas-clemente/quic-go v0.16.0 github.com/naoina/go-stringutil v0.1.0 // indirect github.com/naoina/toml v0.1.1 github.com/smallstep/certificates v0.15.0-rc.1.0.20200506212953-e855707dc274 github.com/smallstep/cli v0.14.3 github.com/smallstep/nosql v0.3.0 github.com/smallstep/truststore v0.9.5 - github.com/yuin/goldmark v1.1.30 + github.com/yuin/goldmark v1.1.31 github.com/yuin/goldmark-highlighting v0.0.0-20200307114337-60d527fdb691 go.uber.org/zap v1.15.0 golang.org/x/crypto v0.0.0-20200427165652-729f1e841bcc diff --git a/go.sum b/go.sum index 50236292..abc1bc1b 100644 --- a/go.sum +++ b/go.sum @@ -75,8 +75,6 @@ github.com/StackExchange/wmi v0.0.0-20180116203802-5d049714c4a6/go.mod h1:3eOhrU github.com/ThomasRooney/gexpect v0.0.0-20161231170123-5482f0350944/go.mod h1:sPML5WwI6oxLRLPuuqbtoOKhtmpVDCYtwsps+I+vjIY= github.com/akamai/AkamaiOPEN-edgegrid-golang v0.9.8/go.mod h1:aVvklgKsPENRkl29bNwrHISa1F+YLGTHArMxZMBqWM8= github.com/akavel/rsrc v0.8.0/go.mod h1:uLoCtb9J+EyAqh+26kdrTgmzRBFPGOolLWKpdxkKq+c= -github.com/alangpierce/go-forceexport v0.0.0-20160317203124-8f1d6941cd75 h1:3ILjVyslFbc4jl1w5TWuvvslFD/nDfR2H8tVaMVLrEY= -github.com/alangpierce/go-forceexport v0.0.0-20160317203124-8f1d6941cd75/go.mod h1:uAXEEpARkRhCZfEvy/y0Jcc888f9tHCc1W7/UeEtreE= github.com/alecthomas/assert v0.0.0-20170929043011-405dbfeb8e38 h1:smF2tmSOzy2Mm+0dGI2AIUHY+w0BUc+4tn40djz7+6U= github.com/alecthomas/assert v0.0.0-20170929043011-405dbfeb8e38/go.mod h1:r7bzyVFMNntcxPZXK3/+KdruV1H5KSlyVY0gc+NgInI= github.com/alecthomas/chroma v0.7.2-0.20200305040604-4f3623dce67a/go.mod h1:fv5SzZPFJbwp2NXJWpFIX7DZS4HgV1K4ew4Pc2OZD9s= @@ -113,8 +111,8 @@ github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kB github.com/bombsimon/wsl/v2 v2.0.0/go.mod h1:mf25kr/SqFEPhhcxW1+7pxzGlW+hIl/hYTKY95VwV8U= github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= -github.com/caddyserver/certmagic v0.10.13 h1:wfyYpXVXSSYMS1ZFpSr7HptwsC+j7elda5PUERrHtRc= -github.com/caddyserver/certmagic v0.10.13/go.mod h1:Yz6cSRUdddGy6Ut5JfrvcqBwrm1BqXxJRqJq2TwjPnA= +github.com/caddyserver/certmagic v0.11.0 h1:b7moj2Z/+iMa6x42V2L1AqbvHGti0aWGx2l7PkoERdQ= +github.com/caddyserver/certmagic v0.11.0/go.mod h1:fqY1IZk5iqhsj5FU3Vw20Sjq66tEKaanTFYNZ74soMY= github.com/cenkalti/backoff/v4 v4.0.0 h1:6VeaLF9aI+MAUQ95106HwWzYZgJJpZ4stumjj6RFYAU= github.com/cenkalti/backoff/v4 v4.0.0/go.mod h1:eEew/i+1Q6OrCDZh3WiXYv3+nJwBASZ8Bog/87DQnVg= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= @@ -259,6 +257,12 @@ github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5y github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= github.com/golang/protobuf v1.3.4 h1:87PNWwrRvUSnqS4dlcBU/ftvOIBep4sYuBLlh6rX2wk= github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= +github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= +github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= +github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= +github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= +github.com/golang/protobuf v1.4.0 h1:oOuy+ugB+P/kBdUnG5QaMXSIyJ1q38wWSojYCb3z5VQ= +github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.1 h1:Qgr9rKW7uDUkrbSmQeiDsGa8SjGyCOGtuasMWwvp2P4= github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= @@ -382,8 +386,8 @@ github.com/kisielk/gotool v0.0.0-20161130080628-0de1eaf82fa3/go.mod h1:jxZFDH7IL github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.4.0/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= -github.com/klauspost/compress v1.10.5 h1:7q6vHIqubShURwQz8cQK6yIe/xC3IF0Vm7TGfqjewrc= -github.com/klauspost/compress v1.10.5/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= +github.com/klauspost/compress v1.10.6 h1:SP6zavvTG3YjOosWePXFDlExpKIWMTO4SE/Y8MZB2vI= +github.com/klauspost/compress v1.10.6/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/cpuid v0.0.0-20180405133222-e7e905edc00e/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/klauspost/cpuid v1.2.3 h1:CCtW0xUnWGVINKvE/WWOYKdsPV6mawAtvQuSl8guwQs= @@ -414,8 +418,8 @@ github.com/libdns/libdns v0.0.0-20200501023120-186724ffc821/go.mod h1:yQCXzk1lEZ github.com/linode/linodego v0.10.0/go.mod h1:cziNP7pbvE3mXIPneHj0oRY8L1WtGEIKlZ8LANE4eXA= github.com/liquidweb/liquidweb-go v1.6.0/go.mod h1:UDcVnAMDkZxpw4Y7NOHkqoeiGacVLEIG/i5J9cyixzQ= github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= -github.com/lucas-clemente/quic-go v0.15.7 h1:Pu7To5/G9JoP1mwlrcIvfV8ByPBlCzif3MCl8+1W83I= -github.com/lucas-clemente/quic-go v0.15.7/go.mod h1:Myi1OyS0FOjL3not4BxT7KN29bRkcMUV5JVVFLKtDp8= +github.com/lucas-clemente/quic-go v0.16.0 h1:jJw36wfzGJhmOhAOaOC2lS36WgeqXQszH47A7spo1LI= +github.com/lucas-clemente/quic-go v0.16.0/go.mod h1:I0+fcNTdb9eS1ZcjQZbDVPGchJ86chcIxPALn9lEJqE= github.com/lunixbochs/vtclean v1.0.0 h1:xu2sLAri4lGiovBDQKxl5mrXyESr3gUr5m5SM5+LVb8= github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/magiconair/properties v1.7.6/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= @@ -698,8 +702,8 @@ github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQ github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= github.com/yuin/goldmark v1.1.22/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.1.30 h1:j4d4Lw3zqZelDhBksEo3BnWg9xhXRQGJPPSL6OApZjI= -github.com/yuin/goldmark v1.1.30/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.1.31 h1:nKIhaVknZ0wOBBg0Uu6px+t218SfkLh2i/JwwOXYXqs= +github.com/yuin/goldmark v1.1.31/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark-highlighting v0.0.0-20200307114337-60d527fdb691 h1:VWSxtAiQNh3zgHJpdpkpVYjTPqRE3P6UZCOPa1nRDio= github.com/yuin/goldmark-highlighting v0.0.0-20200307114337-60d527fdb691/go.mod h1:YLF3kDffRfUH/bTxOxHhV6lxwIB3Vfj91rEwNMS9MXo= github.com/zmap/rc2 v0.0.0-20131011165748-24b9757f5521/go.mod h1:3YZ9o3WnatTIZhuOtot4IcUfzoKVjUHqu6WALIyI0nE= @@ -1029,6 +1033,13 @@ google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.1 h1:zvIju4sqAGvwKspUQOhwnpcqSbzi7/H6QomNNjTL4sk= google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= +google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= +google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= +google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= +google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= +google.golang.org/protobuf v1.23.0 h1:4MY060fB1DLGMB/7MBTLnwQUY6+F09GEiz6SsrNqyzM= +google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/modules/caddytls/distributedstek/distributedstek.go b/modules/caddytls/distributedstek/distributedstek.go index 807f2bb2..f29db291 100644 --- a/modules/caddytls/distributedstek/distributedstek.go +++ b/modules/caddytls/distributedstek/distributedstek.go @@ -53,6 +53,7 @@ type Provider struct { storage certmagic.Storage stekConfig *caddytls.SessionTicketService timer *time.Timer + ctx caddy.Context } // CaddyModule returns the Caddy module information. @@ -65,6 +66,8 @@ func (Provider) CaddyModule() caddy.ModuleInfo { // Provision provisions s. func (s *Provider) Provision(ctx caddy.Context) error { + s.ctx = ctx + // unpack the storage module to use, if different from the default if s.Storage != nil { val, err := ctx.LoadModule(s, "Storage") @@ -142,7 +145,7 @@ func (s *Provider) storeSTEK(dstek distributedSTEK) error { // current STEK is outdated (NextRotation time is in the past), // then it is rotated and persisted. The resulting STEK is returned. func (s *Provider) getSTEK() (distributedSTEK, error) { - s.storage.Lock(stekLockName) + s.storage.Lock(s.ctx, stekLockName) defer s.storage.Unlock(stekLockName) // load the current STEKs from storage From a496308f6eb57f8dd2e1598bfb624a3e567aa4e1 Mon Sep 17 00:00:00 2001 From: Georges Haidar Date: Mon, 1 Jun 2020 16:50:00 +0100 Subject: [PATCH 0078/1498] httpcaddyfile: Let modules add listener wrappers (#3397) * httpcaddyfile: allow modules to customize listener wrappers * Update caddyconfig/httpcaddyfile/httptype.go Co-authored-by: Matt Holt * Update caddyconfig/httpcaddyfile/httptype.go Co-authored-by: Matt Holt * Update caddyconfig/httpcaddyfile/httptype.go Co-authored-by: Matt Holt * Update caddyconfig/httpcaddyfile/httptype.go Co-authored-by: Matt Holt Co-authored-by: Matt Holt --- caddyconfig/httpcaddyfile/httptype.go | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 42fee71f..7bb7c561 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -465,6 +465,20 @@ func (st *ServerType) serversFromPairings( (addr.Port == httpsPort || (addr.Port != httpPort && addr.Host != "")) } + // Look for any config values that provide listener wrappers on the server block + for _, listenerConfig := range sblock.pile["listener_wrapper"] { + listenerWrapper, ok := listenerConfig.Value.(caddy.ListenerWrapper) + if !ok { + return nil, fmt.Errorf("config for a listener wrapper did not provide a value that implements caddy.ListenerWrapper") + } + jsonListenerWrapper := caddyconfig.JSONModuleObject( + listenerWrapper, + "wrapper", + listenerWrapper.(caddy.Module).CaddyModule().ID.Name(), + warnings) + srv.ListenerWrappersRaw = append(srv.ListenerWrappersRaw, jsonListenerWrapper) + } + // set up each handler directive, making sure to honor directive order dirRoutes := sblock.pile["route"] siteSubroute, err := buildSubroute(dirRoutes, groupCounter) From fdf2a77feb53cb9dd6de772f811e96a5f6b2d2c4 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 1 Jun 2020 12:43:06 -0400 Subject: [PATCH 0079/1498] caddyfile: Add args on imports (#3423) * caddyfile: Add support for args on imports * caddyfile: Add more import args tests --- caddyconfig/caddyfile/parse.go | 33 ++++++-- caddyconfig/caddyfile/parse_test.go | 8 +- .../caddyfile/testdata/import_args0.txt | 1 + .../caddyfile/testdata/import_args1.txt | 1 + .../caddyfile_adapt/import_args_file.txt | 49 +++++++++++ .../caddyfile_adapt/import_args_snippet.txt | 83 +++++++++++++++++++ .../integration/testdata/import_respond.txt | 1 + 7 files changed, 168 insertions(+), 8 deletions(-) create mode 100644 caddyconfig/caddyfile/testdata/import_args0.txt create mode 100644 caddyconfig/caddyfile/testdata/import_args1.txt create mode 100644 caddytest/integration/caddyfile_adapt/import_args_file.txt create mode 100644 caddytest/integration/caddyfile_adapt/import_args_snippet.txt create mode 100644 caddytest/integration/testdata/import_respond.txt diff --git a/caddyconfig/caddyfile/parse.go b/caddyconfig/caddyfile/parse.go index cdcac268..5cb5b686 100755 --- a/caddyconfig/caddyfile/parse.go +++ b/caddyconfig/caddyfile/parse.go @@ -20,7 +20,10 @@ import ( "log" "os" "path/filepath" + "strconv" "strings" + + "github.com/caddyserver/caddy/v2" ) // Parse parses the input just enough to group tokens, in @@ -292,11 +295,19 @@ func (p *parser) doImport() error { if importPattern == "" { return p.Err("Import requires a non-empty filepath") } - if p.NextArg() { - return p.Err("Import takes only one argument (glob pattern or file)") + + // grab remaining args as placeholder replacements + args := p.RemainingArgs() + + // add args to the replacer + repl := caddy.NewReplacer() + for index, arg := range args { + repl.Set("args."+strconv.Itoa(index), arg) } - // splice out the import directive and its argument (2 tokens total) - tokensBefore := p.tokens[:p.cursor-1] + + // splice out the import directive and its arguments + // (2 tokens, plus the length of args) + tokensBefore := p.tokens[:p.cursor-1-len(args)] tokensAfter := p.tokens[p.cursor+1:] var importedTokens []Token @@ -348,10 +359,20 @@ func (p *parser) doImport() error { } } + // copy the tokens so we don't overwrite p.definedSnippets + tokensCopy := make([]Token, len(importedTokens)) + copy(tokensCopy, importedTokens) + + // run the argument replacer on the tokens + for index, token := range tokensCopy { + token.Text = repl.ReplaceKnown(token.Text, "") + tokensCopy[index] = token + } + // splice the imported tokens in the place of the import statement // and rewind cursor so Next() will land on first imported token - p.tokens = append(tokensBefore, append(importedTokens, tokensAfter...)...) - p.cursor-- + p.tokens = append(tokensBefore, append(tokensCopy, tokensAfter...)...) + p.cursor -= len(args) + 1 return nil } diff --git a/caddyconfig/caddyfile/parse_test.go b/caddyconfig/caddyfile/parse_test.go index ed153674..12c30c86 100755 --- a/caddyconfig/caddyfile/parse_test.go +++ b/caddyconfig/caddyfile/parse_test.go @@ -182,14 +182,17 @@ func TestParseOneAndImport(t *testing.T) { "host1", }, []int{1, 2}}, - {`import testdata/import_test1.txt testdata/import_test2.txt`, true, []string{}, []int{}}, - {`import testdata/not_found.txt`, true, []string{}, []int{}}, {`""`, false, []string{}, []int{}}, {``, false, []string{}, []int{}}, + // import with args + {`import testdata/import_args0.txt a`, false, []string{"a"}, []int{}}, + {`import testdata/import_args1.txt a b`, false, []string{"a", "b"}, []int{}}, + {`import testdata/import_args*.txt a b`, false, []string{"a"}, []int{2}}, + // test cases found by fuzzing! {`import }{$"`, true, []string{}, []int{}}, {`import /*/*.txt`, true, []string{}, []int{}}, @@ -210,6 +213,7 @@ func TestParseOneAndImport(t *testing.T) { t.Errorf("Test %d: Expected no error, but got: %v", i, err) } + // t.Logf("%+v\n", result) if len(result.Keys) != len(test.keys) { t.Errorf("Test %d: Expected %d keys, got %d", i, len(test.keys), len(result.Keys)) diff --git a/caddyconfig/caddyfile/testdata/import_args0.txt b/caddyconfig/caddyfile/testdata/import_args0.txt new file mode 100644 index 00000000..af946fef --- /dev/null +++ b/caddyconfig/caddyfile/testdata/import_args0.txt @@ -0,0 +1 @@ +{args.0} \ No newline at end of file diff --git a/caddyconfig/caddyfile/testdata/import_args1.txt b/caddyconfig/caddyfile/testdata/import_args1.txt new file mode 100644 index 00000000..519a92d6 --- /dev/null +++ b/caddyconfig/caddyfile/testdata/import_args1.txt @@ -0,0 +1 @@ +{args.0} {args.1} \ No newline at end of file diff --git a/caddytest/integration/caddyfile_adapt/import_args_file.txt b/caddytest/integration/caddyfile_adapt/import_args_file.txt new file mode 100644 index 00000000..6947f681 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/import_args_file.txt @@ -0,0 +1,49 @@ +example.com + +import testdata/import_respond.txt Groot Rocket +import testdata/import_respond.txt you "the confused man" +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "example.com" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "body": "'I am Groot', hears Rocket", + "handler": "static_response" + }, + { + "body": "'I am you', hears the confused man", + "handler": "static_response" + } + ] + } + ] + } + ], + "terminal": true + } + ] + } + } + } + } +} \ No newline at end of file diff --git a/caddytest/integration/caddyfile_adapt/import_args_snippet.txt b/caddytest/integration/caddyfile_adapt/import_args_snippet.txt new file mode 100644 index 00000000..8d2ff34a --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/import_args_snippet.txt @@ -0,0 +1,83 @@ +(logging) { + log { + output file /var/log/caddy/{args.0}.access.log + } +} + +a.example.com { + import logging a.example.com +} + +b.example.com { + import logging b.example.com +} +---------- +{ + "logging": { + "logs": { + "default": { + "exclude": [ + "http.log.access.log0", + "http.log.access.log1" + ] + }, + "log0": { + "writer": { + "filename": "/var/log/caddy/a.example.com.access.log", + "output": "file" + }, + "include": [ + "http.log.access.log0" + ] + }, + "log1": { + "writer": { + "filename": "/var/log/caddy/b.example.com.access.log", + "output": "file" + }, + "include": [ + "http.log.access.log1" + ] + } + } + }, + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "a.example.com" + ] + } + ], + "terminal": true + }, + { + "match": [ + { + "host": [ + "b.example.com" + ] + } + ], + "terminal": true + } + ], + "logs": { + "logger_names": { + "a.example.com": "log0", + "b.example.com": "log1" + } + } + } + } + } + } +} \ No newline at end of file diff --git a/caddytest/integration/testdata/import_respond.txt b/caddytest/integration/testdata/import_respond.txt new file mode 100644 index 00000000..0907fbeb --- /dev/null +++ b/caddytest/integration/testdata/import_respond.txt @@ -0,0 +1 @@ +respond "'I am {args.0}', hears {args.1}" \ No newline at end of file From 9a7756c6e4b4ddb945bede3ddb2dfbf241208915 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Mon, 1 Jun 2020 23:56:47 -0600 Subject: [PATCH 0080/1498] caddyauth: Cache basicauth results (fixes #3462) (#3465) Cache capacity is currently hard-coded at 1000 with random eviction. It is enabled by default from Caddyfile configurations because I assume this is the most common preference. --- modules/caddyhttp/caddyauth/basicauth.go | 104 ++++++++++++++++++++++- modules/caddyhttp/caddyauth/caddyfile.go | 1 + 2 files changed, 102 insertions(+), 3 deletions(-) diff --git a/modules/caddyhttp/caddyauth/basicauth.go b/modules/caddyhttp/caddyauth/basicauth.go index d709f94e..92e1683a 100644 --- a/modules/caddyhttp/caddyauth/basicauth.go +++ b/modules/caddyhttp/caddyauth/basicauth.go @@ -16,15 +16,21 @@ package caddyauth import ( "encoding/base64" + "encoding/hex" "encoding/json" "fmt" + weakrand "math/rand" "net/http" + "sync" + "time" "github.com/caddyserver/caddy/v2" ) func init() { caddy.RegisterModule(HTTPBasicAuth{}) + + weakrand.Seed(time.Now().UnixNano()) } // HTTPBasicAuth facilitates HTTP basic authentication. @@ -38,6 +44,17 @@ type HTTPBasicAuth struct { // The name of the realm. Default: restricted Realm string `json:"realm,omitempty"` + // If non-nil, a mapping of plaintext passwords to their + // hashes will be cached in memory (with random eviction). + // This can greatly improve the performance of traffic-heavy + // servers that use secure password hashing algorithms, with + // the downside that plaintext passwords will be stored in + // memory for a longer time (this should not be a problem + // as long as your machine is not compromised, at which point + // all bets are off, since basicauth necessitates plaintext + // passwords being received over the wire anyway). + HashCache *Cache `json:"hash_cache,omitempty"` + Accounts map[string]Account `json:"-"` Hash Comparer `json:"-"` } @@ -99,6 +116,11 @@ func (hba *HTTPBasicAuth) Provision(ctx caddy.Context) error { } hba.AccountList = nil // allow GC to deallocate + if hba.HashCache != nil { + hba.HashCache.cache = make(map[string]bool) + hba.HashCache.mu = new(sync.Mutex) + } + return nil } @@ -109,13 +131,11 @@ func (hba HTTPBasicAuth) Authenticate(w http.ResponseWriter, req *http.Request) return hba.promptForCredentials(w, nil) } - plaintextPassword := []byte(plaintextPasswordStr) - account, accountExists := hba.Accounts[username] // don't return early if account does not exist; we want // to try to avoid side-channels that leak existence - same, err := hba.Hash.Compare(account.password, plaintextPassword, account.salt) + same, err := hba.correctPassword(account, []byte(plaintextPasswordStr)) if err != nil { return hba.promptForCredentials(w, err) } @@ -126,6 +146,43 @@ func (hba HTTPBasicAuth) Authenticate(w http.ResponseWriter, req *http.Request) return User{ID: username}, true, nil } +func (hba HTTPBasicAuth) correctPassword(account Account, plaintextPassword []byte) (bool, error) { + compare := func() (bool, error) { + return hba.Hash.Compare(account.password, plaintextPassword, account.salt) + } + + // if no caching is enabled, simply return the result of hashing + comparing + if hba.HashCache == nil { + return compare() + } + + // compute a cache key that is unique for these input parameters + cacheKey := hex.EncodeToString(append(append(account.password, account.salt...), plaintextPassword...)) + + // fast track: if the result of the input is already cached, use it + hba.HashCache.mu.Lock() + same, ok := hba.HashCache.cache[cacheKey] + if ok { + hba.HashCache.mu.Unlock() + return same, nil + } + hba.HashCache.mu.Unlock() + + // slow track: do the expensive op, then add it to the cache + same, err := compare() + if err != nil { + return false, err + } + hba.HashCache.mu.Lock() + if len(hba.HashCache.cache) >= 1000 { + hba.HashCache.makeRoom() // keep cache size under control + } + hba.HashCache.cache[cacheKey] = same + hba.HashCache.mu.Unlock() + + return same, nil +} + func (hba HTTPBasicAuth) promptForCredentials(w http.ResponseWriter, err error) (User, bool, error) { // browsers show a message that says something like: // "The website says: " @@ -138,6 +195,47 @@ func (hba HTTPBasicAuth) promptForCredentials(w http.ResponseWriter, err error) return User{}, false, err } +// Cache enables caching of basic auth results. This is especially +// helpful for secure password hashes which can be expensive to +// compute on every HTTP request. +type Cache struct { + mu *sync.Mutex + + // map of concatenated hashed password + plaintext password + salt, to result + cache map[string]bool +} + +// makeRoom deletes about 1/10 of the items in the cache +// in order to keep its size under control. It must not be +// called without a lock on c.mu. +func (c *Cache) makeRoom() { + // we delete more than just 1 entry so that we don't have + // to do this on every request; assuming the capacity of + // the cache is on a long tail, we can save a lot of CPU + // time by doing a whole bunch of deletions now and then + // we won't have to do them again for a while + numToDelete := len(c.cache) / 10 + if numToDelete < 1 { + numToDelete = 1 + } + for deleted := 0; deleted <= numToDelete; deleted++ { + // Go maps are "nondeterministic" not actually random, + // so although we could just chop off the "front" of the + // map with less code, this is a heavily skewed eviction + // strategy; generating random numbers is cheap and + // ensures a much better distribution. + rnd := weakrand.Intn(len(c.cache)) + i := 0 + for key := range c.cache { + if i == rnd { + delete(c.cache, key) + break + } + i++ + } + } +} + // Comparer is a type that can securely compare // a plaintext password with a hashed password // in constant-time. Comparers should hash the diff --git a/modules/caddyhttp/caddyauth/caddyfile.go b/modules/caddyhttp/caddyauth/caddyfile.go index 9fe8a80e..13e78fc0 100644 --- a/modules/caddyhttp/caddyauth/caddyfile.go +++ b/modules/caddyhttp/caddyauth/caddyfile.go @@ -35,6 +35,7 @@ func init() { // If no hash algorithm is supplied, bcrypt will be assumed. func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) { var ba HTTPBasicAuth + ba.HashCache = new(Cache) for h.Next() { var cmp Comparer From e18c37306448c5604bb50618c19d7e247fb8805f Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 2 Jun 2020 11:13:44 -0600 Subject: [PATCH 0081/1498] caddytls: Actually use configured test CA --- modules/caddytls/acmeissuer.go | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go index 4295cda1..d6109460 100644 --- a/modules/caddytls/acmeissuer.go +++ b/modules/caddytls/acmeissuer.go @@ -134,6 +134,7 @@ func (m *ACMEIssuer) Provision(ctx caddy.Context) error { func (m *ACMEIssuer) makeIssuerTemplate() (certmagic.ACMEManager, error) { template := certmagic.ACMEManager{ CA: m.CA, + TestCA: m.TestCA, Email: m.Email, CertObtainTimeout: time.Duration(m.ACMETimeout), TrustedRoots: m.rootPool, From 83551edf3e050b5dd094fc1cff20a3f78c4d621f Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 3 Jun 2020 07:31:31 -0600 Subject: [PATCH 0082/1498] cmd: Only stop admin server on signal if it exists (fix #3470) --- sigtrap.go | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/sigtrap.go b/sigtrap.go index 08f03aa7..4ad94c15 100644 --- a/sigtrap.go +++ b/sigtrap.go @@ -69,12 +69,14 @@ func gracefulStop(sigName string) { exitCode = ExitCodeFailedQuit } - err = stopAdminServer(adminServer) - if err != nil { - Log().Error("stopping admin endpoint", - zap.String("signal", sigName), - zap.Error(err)) - exitCode = ExitCodeFailedQuit + if adminServer != nil { + err = stopAdminServer(adminServer) + if err != nil { + Log().Error("stopping admin endpoint", + zap.String("signal", sigName), + zap.Error(err)) + exitCode = ExitCodeFailedQuit + } } } From 97e61c16a3a0e74be0810b4714de1dab345fba8b Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 3 Jun 2020 09:35:13 -0600 Subject: [PATCH 0083/1498] httpcaddyfile: Sort site blocks with wildcards last (fix #3410) --- caddyconfig/httpcaddyfile/httptype.go | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 7bb7c561..7be932fd 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -377,7 +377,11 @@ func (st *ServerType) serversFromPairings( // but I don't expect many blocks will have THAT many keys... var iLongestPath, jLongestPath string var iLongestHost, jLongestHost string + var iWildcardHost, jWildcardHost bool for _, addr := range p.serverBlocks[i].keys { + if strings.Contains(addr.Host, "*.") { + iWildcardHost = true + } if specificity(addr.Host) > specificity(iLongestHost) { iLongestHost = addr.Host } @@ -386,6 +390,9 @@ func (st *ServerType) serversFromPairings( } } for _, addr := range p.serverBlocks[j].keys { + if strings.Contains(addr.Host, "*.") { + jWildcardHost = true + } if specificity(addr.Host) > specificity(jLongestHost) { jLongestHost = addr.Host } @@ -393,6 +400,12 @@ func (st *ServerType) serversFromPairings( jLongestPath = addr.Path } } + if iWildcardHost != jWildcardHost { + // site blocks that have a key with a wildcard in the hostname + // must always be less specific than blocks without one; see + // https://github.com/caddyserver/caddy/issues/3410 + return jWildcardHost && !iWildcardHost + } if specificity(iLongestHost) == specificity(jLongestHost) { return len(iLongestPath) > len(jLongestPath) } From a285fe41296cf786b21f637ebe9e5f265eddaa8a Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 3 Jun 2020 09:59:36 -0600 Subject: [PATCH 0084/1498] caddypki: Add 'acme_server' Caddyfile directive --- caddyconfig/httpcaddyfile/directives.go | 3 +- modules/caddypki/acmeserver/acmeserver.go | 9 +++++- modules/caddypki/acmeserver/caddyfile.go | 38 +++++++++++++++++++++++ 3 files changed, 48 insertions(+), 2 deletions(-) create mode 100644 modules/caddypki/acmeserver/caddyfile.go diff --git a/caddyconfig/httpcaddyfile/directives.go b/caddyconfig/httpcaddyfile/directives.go index cde97438..c9f4ad96 100644 --- a/caddyconfig/httpcaddyfile/directives.go +++ b/caddyconfig/httpcaddyfile/directives.go @@ -56,14 +56,15 @@ var directiveOrder = []string{ // special routing directives "handle", - "route", "handle_path", + "route", // handlers that typically respond to requests "respond", "reverse_proxy", "php_fastcgi", "file_server", + "acme_server", } // directiveIsOrdered returns true if dir is diff --git a/modules/caddypki/acmeserver/acmeserver.go b/modules/caddypki/acmeserver/acmeserver.go index 8dc0f01b..6023e064 100644 --- a/modules/caddypki/acmeserver/acmeserver.go +++ b/modules/caddypki/acmeserver/acmeserver.go @@ -48,13 +48,20 @@ type Handler struct { // The hostname or IP address by which ACME clients // will access the server. This is used to populate // the ACME directory endpoint. Default: localhost. - // TODO: this is probably not needed - check with smallstep + // COMPATIBILITY NOTE / TODO: This property may go away in the + // future, as it is currently only required due to + // limitations in the underlying library. Do not rely + // on this property long-term; check release notes. Host string `json:"host,omitempty"` // The path prefix under which to serve all ACME // endpoints. All other requests will not be served // by this handler and will be passed through to // the next one. Default: "/acme/" + // COMPATIBILITY NOTE / TODO: This property may go away in the + // future, as it is currently only required due to + // limitations in the underlying library. Do not rely + // on this property long-term; check release notes. PathPrefix string `json:"path_prefix,omitempty"` acmeEndpoints http.Handler diff --git a/modules/caddypki/acmeserver/caddyfile.go b/modules/caddypki/acmeserver/caddyfile.go new file mode 100644 index 00000000..66874604 --- /dev/null +++ b/modules/caddypki/acmeserver/caddyfile.go @@ -0,0 +1,38 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package acmeserver + +import ( + "github.com/caddyserver/caddy/v2/caddyconfig/httpcaddyfile" + "github.com/caddyserver/caddy/v2/modules/caddyhttp" +) + +func init() { + httpcaddyfile.RegisterHandlerDirective("acme_server", parseACMEServer) +} + +// parseACMEServer sets up an ACME server handler from Caddyfile tokens. +// +// acme_server [] +// +func parseACMEServer(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) { + var as Handler + for h.Next() { + if h.NextArg() { + return nil, h.ArgErr() + } + } + return as, nil +} From 2d1f7b9da8ec23be10639e557536e029dedf83f6 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 3 Jun 2020 10:56:26 -0600 Subject: [PATCH 0085/1498] caddyhttp: Auto-redirects from all bind addresses (fix #3443) --- modules/caddyhttp/autohttps.go | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/modules/caddyhttp/autohttps.go b/modules/caddyhttp/autohttps.go index f62543be..97cbed3a 100644 --- a/modules/caddyhttp/autohttps.go +++ b/modules/caddyhttp/autohttps.go @@ -81,8 +81,10 @@ func (app *App) automaticHTTPSPhase1(ctx caddy.Context, repl *caddy.Replacer) er uniqueDomainsForCerts := make(map[string]struct{}) // this maps domain names for automatic HTTP->HTTPS - // redirects to their destination server address - redirDomains := make(map[string]caddy.NetworkAddress) + // redirects to their destination server addresses + // (there might be more than 1 if bind is used; see + // https://github.com/caddyserver/caddy/issues/3443) + redirDomains := make(map[string][]caddy.NetworkAddress) for srvName, srv := range app.Servers { // as a prerequisite, provision route matchers; this is @@ -220,7 +222,7 @@ func (app *App) automaticHTTPSPhase1(ctx caddy.Context, repl *caddy.Replacer) er // an empty string to indicate a catch-all, which we have to // treat special later if len(serverDomainSet) == 0 { - redirDomains[""] = addr + redirDomains[""] = append(redirDomains[""], addr) continue } @@ -230,7 +232,7 @@ func (app *App) automaticHTTPSPhase1(ctx caddy.Context, repl *caddy.Replacer) er // port, we'll have to choose one, so prefer the HTTPS port if _, ok := redirDomains[d]; !ok || addr.StartPort == uint(app.httpsPort()) { - redirDomains[d] = addr + redirDomains[d] = append(redirDomains[d], addr) } } } @@ -278,9 +280,11 @@ uniqueDomainsLoop: // we need to reduce the mapping, i.e. group domains by address // since new routes are appended to servers by their address domainsByAddr := make(map[string][]string) - for domain, addr := range redirDomains { - addrStr := addr.String() - domainsByAddr[addrStr] = append(domainsByAddr[addrStr], domain) + for domain, addrs := range redirDomains { + for _, addr := range addrs { + addrStr := addr.String() + domainsByAddr[addrStr] = append(domainsByAddr[addrStr], domain) + } } // these keep track of the redirect server address(es) From 7b0962ba4df7e1dd7ab3f193fba394a4b899c431 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 4 Jun 2020 10:32:01 -0600 Subject: [PATCH 0086/1498] caddyhttp: Default to error status if found in context This is just a convenience if using a static_response handler in an error route, by setting the default status code to the same one as the error status. --- modules/caddyhttp/staticresp.go | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/modules/caddyhttp/staticresp.go b/modules/caddyhttp/staticresp.go index 3841a26f..0a568fc1 100644 --- a/modules/caddyhttp/staticresp.go +++ b/modules/caddyhttp/staticresp.go @@ -121,8 +121,16 @@ func (s StaticResponse) ServeHTTP(w http.ResponseWriter, r *http.Request, _ Hand w.Header()["Content-Type"] = nil } - // get the status code + // get the status code; if this handler exists in an error route, + // use the recommended status code as the default; otherwise 200 statusCode := http.StatusOK + if reqErr, ok := r.Context().Value(ErrorCtxKey).(error); ok { + if handlerErr, ok := reqErr.(HandlerError); ok { + if handlerErr.StatusCode > 0 { + statusCode = handlerErr.StatusCode + } + } + } if codeStr := s.StatusCode.String(); codeStr != "" { intVal, err := strconv.Atoi(repl.ReplaceAll(codeStr, "")) if err != nil { From 7a99835dab64f7864186185761bbf5194216f8b6 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 4 Jun 2020 12:06:38 -0600 Subject: [PATCH 0087/1498] reverseproxy: Enable changing only the status code (close #2920) --- modules/caddyhttp/caddyhttp.go | 39 +++++++++++++++++++ .../caddyhttp/reverseproxy/reverseproxy.go | 26 +++++++++++-- modules/caddyhttp/subroute.go | 30 -------------- 3 files changed, 61 insertions(+), 34 deletions(-) diff --git a/modules/caddyhttp/caddyhttp.go b/modules/caddyhttp/caddyhttp.go index fda7a929..a7ac8890 100644 --- a/modules/caddyhttp/caddyhttp.go +++ b/modules/caddyhttp/caddyhttp.go @@ -92,6 +92,45 @@ var errorEmptyHandler Handler = HandlerFunc(func(w http.ResponseWriter, r *http. return nil }) +// ResponseHandler pairs a response matcher with custom handling +// logic. Either the status code can be changed to something else +// while using the original response body, or, if a status code +// is not set, it can execute a custom route list; this is useful +// for executing handler routes based on the properties of an HTTP +// response that has not been written out to the client yet. +// +// To use this type, provision it at module load time, then when +// ready to use, match the response against its matcher; if it +// matches (or doesn't have a matcher), change the status code on +// the response if configured; otherwise invoke the routes by +// calling `rh.Routes.Compile(next).ServeHTTP(rw, req)` (or similar). +type ResponseHandler struct { + // The response matcher for this handler. If empty/nil, + // it always matches. + Match *ResponseMatcher `json:"match,omitempty"` + + // To write the original response body but with a different + // status code, set this field to the desired status code. + // If set, this takes priority over routes. + StatusCode WeakString `json:"status_code,omitempty"` + + // The list of HTTP routes to execute if no status code is + // specified. If evaluated, the original response body + // will not be written. + Routes RouteList `json:"routes,omitempty"` +} + +// Provision sets up the routse in rh. +func (rh *ResponseHandler) Provision(ctx caddy.Context) error { + if rh.Routes != nil { + err := rh.Routes.Provision(ctx) + if err != nil { + return err + } + } + return nil +} + // WeakString is a type that unmarshals any JSON value // as a string literal, with the following exceptions: // diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 06802a01..79713484 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -24,6 +24,7 @@ import ( "net" "net/http" "regexp" + "strconv" "strings" "sync" "time" @@ -531,15 +532,32 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, di Dia } } + // see if any response handler is configured for this response from the backend for i, rh := range h.HandleResponse { - if len(rh.Routes) == 0 { - continue - } if rh.Match != nil && !rh.Match.Match(res.StatusCode, res.Header) { continue } - res.Body.Close() + repl := req.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) + + // if configured to only change the status code, do that then continue regular proxy response + if statusCodeStr := rh.StatusCode.String(); statusCodeStr != "" { + statusCode, err := strconv.Atoi(repl.ReplaceAll(statusCodeStr, "")) + if err != nil { + return caddyhttp.Error(http.StatusInternalServerError, err) + } + if statusCode != 0 { + res.StatusCode = statusCode + } + break + } + + // otherwise, if there are any routes configured, execute those as the + // actual response instead of what we got from the proxy backend + if len(rh.Routes) == 0 { + continue + } + res.Body.Close() repl.Set("http.reverse_proxy.status_code", res.StatusCode) repl.Set("http.reverse_proxy.status_text", res.Status) h.logger.Debug("handling response", zap.Int("handler", i)) diff --git a/modules/caddyhttp/subroute.go b/modules/caddyhttp/subroute.go index b1700f5b..2e80d88d 100644 --- a/modules/caddyhttp/subroute.go +++ b/modules/caddyhttp/subroute.go @@ -80,36 +80,6 @@ func (sr *Subroute) ServeHTTP(w http.ResponseWriter, r *http.Request, next Handl return err } -// ResponseHandler pairs a response matcher with a route list. -// It is useful for executing handler routes based on the -// properties of an HTTP response that has not been written -// out to the client yet. -// -// To use this type, provision it at module load time, then -// when ready to use, match the response against its matcher; -// if it matches (or doesn't have a matcher), invoke the routes -// by calling `rh.Routes.Compile(next).ServeHTTP(rw, req)` (or -// similar). -type ResponseHandler struct { - // The response matcher for this handler. If empty/nil, - // it always matches. - Match *ResponseMatcher `json:"match,omitempty"` - - // The list of HTTP routes to execute. - Routes RouteList `json:"routes,omitempty"` -} - -// Provision sets up the routse in rh. -func (rh *ResponseHandler) Provision(ctx caddy.Context) error { - if rh.Routes != nil { - err := rh.Routes.Provision(ctx) - if err != nil { - return err - } - } - return nil -} - // Interface guards var ( _ caddy.Provisioner = (*Subroute)(nil) From 21c1da101cf9a8dc586fc8cf20e1769e79e49eea Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Fri, 5 Jun 2020 12:23:15 -0400 Subject: [PATCH 0088/1498] ci: Disable publishing .deb on beta tags (#3473) --- .github/workflows/release.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5f6af502..f9474723 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -41,6 +41,18 @@ jobs: echo "::set-output name=short_sha::$(git rev-parse --short HEAD)" echo "::set-output name=go_cache::$(go env GOCACHE)" + # Parse semver + TAG=${GITHUB_REF/refs\/tags\//} + SEMVER_RE='[^0-9]*\([0-9]*\)[.]\([0-9]*\)[.]\([0-9]*\)\([0-9A-Za-z\.-]*\)' + TAG_MAJOR=`echo ${TAG#v} | sed -e "s#$SEMVER_RE#\1#"` + TAG_MINOR=`echo ${TAG#v} | sed -e "s#$SEMVER_RE#\2#"` + TAG_PATCH=`echo ${TAG#v} | sed -e "s#$SEMVER_RE#\3#"` + TAG_SPECIAL=`echo ${TAG#v} | sed -e "s#$SEMVER_RE#\4#"` + echo "::set-output name=tag_major::${TAG_MAJOR}" + echo "::set-output name=tag_minor::${TAG_MINOR}" + echo "::set-output name=tag_patch::${TAG_PATCH}" + echo "::set-output name=tag_special::${TAG_SPECIAL}" + - name: Cache the build cache uses: actions/cache@v1 with: @@ -59,7 +71,9 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} TAG: ${{ steps.vars.outputs.version_tag }} + # Only publish on non-special tags (e.g. non-beta) - name: Publish .deb to Gemfury + if: ${{ steps.vars.outputs.tag_special }} == "" env: GEMFURY_PUSH_TOKEN: ${{ secrets.GEMFURY_PUSH_TOKEN }} run: | From 9dafa63933ea2b5e777c787069e579626d4330e6 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 5 Jun 2020 11:14:09 -0600 Subject: [PATCH 0089/1498] go.mod: Update dependencies --- go.mod | 19 +++++++++---------- go.sum | 45 +++++++++++++++++++++++++++++---------------- 2 files changed, 38 insertions(+), 26 deletions(-) diff --git a/go.mod b/go.mod index 2b2e4ace..c0bfd25d 100644 --- a/go.mod +++ b/go.mod @@ -6,31 +6,30 @@ require ( github.com/Masterminds/sprig/v3 v3.1.0 github.com/alecthomas/chroma v0.7.4-0.20200517063913-500529fd43c1 github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a - github.com/caddyserver/certmagic v0.11.0 + github.com/caddyserver/certmagic v0.11.1 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-acme/lego/v3 v3.7.0 - github.com/go-chi/chi v4.1.1+incompatible + github.com/go-chi/chi v4.1.2+incompatible github.com/gogo/protobuf v1.3.1 - github.com/golang/protobuf v1.4.0 + github.com/golang/protobuf v1.4.2 github.com/google/cel-go v0.5.1 github.com/jsternberg/zap-logfmt v1.2.0 - github.com/klauspost/compress v1.10.6 - github.com/klauspost/cpuid v1.2.4 + github.com/klauspost/compress v1.10.8 + github.com/klauspost/cpuid v1.3.0 github.com/libdns/libdns v0.0.0-20200501023120-186724ffc821 - github.com/lucas-clemente/quic-go v0.16.0 + github.com/lucas-clemente/quic-go v0.16.1 github.com/naoina/go-stringutil v0.1.0 // indirect github.com/naoina/toml v0.1.1 github.com/smallstep/certificates v0.15.0-rc.1.0.20200506212953-e855707dc274 - github.com/smallstep/cli v0.14.3 + github.com/smallstep/cli v0.14.4 github.com/smallstep/nosql v0.3.0 github.com/smallstep/truststore v0.9.5 - github.com/yuin/goldmark v1.1.31 + github.com/yuin/goldmark v1.1.32 github.com/yuin/goldmark-highlighting v0.0.0-20200307114337-60d527fdb691 go.uber.org/zap v1.15.0 golang.org/x/crypto v0.0.0-20200427165652-729f1e841bcc - golang.org/x/net v0.0.0-20200425230154-ff2c4b7c35a0 + golang.org/x/net v0.0.0-20200528225125-3c3fba18258b google.golang.org/genproto v0.0.0-20200413115906-b5235f65be36 gopkg.in/natefinch/lumberjack.v2 v2.0.0 gopkg.in/yaml.v2 v2.3.0 - howett.net/plist v0.0.0-20200225050739-77e249a2e2ba // indirect ) diff --git a/go.sum b/go.sum index abc1bc1b..a82bf53d 100644 --- a/go.sum +++ b/go.sum @@ -55,14 +55,18 @@ github.com/DataDog/zstd v1.4.1 h1:3oxKN3wbHibqx897utPC2LTQU4J+IHWWJO+glkAkpFM= github.com/DataDog/zstd v1.4.1/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo= github.com/GeertJohan/go.incremental v1.0.0/go.mod h1:6fAjUhbVuX1KcMD3c8TEgVUqmo4seqhv0i0kdATSkM0= github.com/GeertJohan/go.rice v1.0.0/go.mod h1:eH6gbSOAUv07dQuZVnBmoDP8mgsM1rtixis4Tib9if0= +github.com/Masterminds/glide v0.13.2/go.mod h1:STyF5vcenH/rUqTEv+/hBXlSTo7KYwg2oc2f4tzPWic= github.com/Masterminds/goutils v1.1.0 h1:zukEsf/1JZwCMgHiK3GZftabmxiCw4apj3a28RPBiVg= github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= +github.com/Masterminds/semver v1.4.2 h1:WBLTQ37jOCzSLtXNdoo8bNM8876KhNqOKvrlGITgsTc= +github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= github.com/Masterminds/semver/v3 v3.0.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= github.com/Masterminds/semver/v3 v3.1.0 h1:Y2lUDsFKVRSYGojLJ1yLxSXdMmMYTYls0rCvoqmMUQk= github.com/Masterminds/semver/v3 v3.1.0/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= github.com/Masterminds/sprig/v3 v3.0.0/go.mod h1:NEUY/Qq8Gdm2xgYA+NwJM6wmfdRV9xkh8h/Rld20R0U= github.com/Masterminds/sprig/v3 v3.1.0 h1:j7GpgZ7PdFqNsmncycTHsLmVPf5/3wJtlgW9TNDYD9Y= github.com/Masterminds/sprig/v3 v3.1.0/go.mod h1:ONGMf7UfYGAbMXCZmQLy8x3lCDIPrEZE/rU8pmrbihA= +github.com/Masterminds/vcs v1.13.0/go.mod h1:N09YCmOQr6RLxC6UNHzuVwAdodYbbnycGHSmwVJjcKA= github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA= github.com/OneOfOne/xxhash v1.2.2 h1:KMrpdQIwFcEqXDklaen+P1axHaj9BSKzvpUUfnHldSE= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= @@ -109,10 +113,11 @@ github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+Ce github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= github.com/bombsimon/wsl/v2 v2.0.0/go.mod h1:mf25kr/SqFEPhhcxW1+7pxzGlW+hIl/hYTKY95VwV8U= +github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= -github.com/caddyserver/certmagic v0.11.0 h1:b7moj2Z/+iMa6x42V2L1AqbvHGti0aWGx2l7PkoERdQ= -github.com/caddyserver/certmagic v0.11.0/go.mod h1:fqY1IZk5iqhsj5FU3Vw20Sjq66tEKaanTFYNZ74soMY= +github.com/caddyserver/certmagic v0.11.1 h1:rVbT7DIBH3tv2IQHsIyjFXUpCgrMb5KwganVbnJYsrY= +github.com/caddyserver/certmagic v0.11.1/go.mod h1:fqY1IZk5iqhsj5FU3Vw20Sjq66tEKaanTFYNZ74soMY= github.com/cenkalti/backoff/v4 v4.0.0 h1:6VeaLF9aI+MAUQ95106HwWzYZgJJpZ4stumjj6RFYAU= github.com/cenkalti/backoff/v4 v4.0.0/go.mod h1:eEew/i+1Q6OrCDZh3WiXYv3+nJwBASZ8Bog/87DQnVg= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= @@ -130,6 +135,7 @@ github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1 h1:q763qf9huN11kDQavWs github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudflare/cloudflare-go v0.10.2/go.mod h1:qhVI5MKwBGhdNU89ZRz2plgYutcJ5PCekLxXn56w6SY= +github.com/codegangsta/cli v1.20.0/go.mod h1:/qJNoX69yVSKu5o4jLyXAENLRyk1uhi7zkbQ3slBdOA= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/bbolt v1.3.3/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= @@ -141,6 +147,7 @@ github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3Ee github.com/coreos/go-systemd v0.0.0-20181012123002-c6f51f82210d/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= +github.com/corpix/uarand v0.1.1/go.mod h1:SFKZvkcRoLqVRFZ4u25xPmp6m9ktANfbpXZ7SJ0/FNU= github.com/cpu/goacmedns v0.0.2/go.mod h1:4MipLkI+qScwqtVxcNO6okBhbgRrr7/tKXUSgSL0teQ= github.com/cpuguy83/go-md2man v1.0.10 h1:BSKMNlYxDvnunlTymqtgONjNnaRV1sTpcovwwjF22jk= github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= @@ -194,8 +201,8 @@ github.com/go-acme/lego/v3 v3.7.0 h1:qC5/8/CbltyAE8fGLE6bGlqucj7pXc/vBxiLwLOsmAQ github.com/go-acme/lego/v3 v3.7.0/go.mod h1:4eDjjYkAsDXyNcwN8IhhZAwxz9Ltiks1Zmpv0q20J7A= github.com/go-chi/chi v4.0.2+incompatible h1:maB6vn6FqCxrpz4FqWdh4+lwpyZIQS7YEAUcHlgXVRs= github.com/go-chi/chi v4.0.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= -github.com/go-chi/chi v4.1.1+incompatible h1:MmTgB0R8Bt/jccxp+t6S/1VGIKdJw5J74CK/c9tTfA4= -github.com/go-chi/chi v4.1.1+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= +github.com/go-chi/chi v4.1.2+incompatible h1:fGFk2Gmi/YKXk0OmGfBh0WgmN3XB8lVnEyNz34tQRec= +github.com/go-chi/chi v4.1.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= github.com/go-cmd/cmd v1.0.5/go.mod h1:y8q8qlK5wQibcw63djSl/ntiHUHXHGdCkPk0j4QeW4s= github.com/go-critic/go-critic v0.3.5-0.20190526074819-1df300866540/go.mod h1:+sE8vrLDS2M0pZkBk0wy6+nLdKexVDrl/jBqQOTDThA= github.com/go-critic/go-critic v0.4.0/go.mod h1:7/14rZGnZbY6E38VEGk2kVhoq6itzc1E68facVDK23g= @@ -263,6 +270,8 @@ github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrU github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= github.com/golang/protobuf v1.4.0 h1:oOuy+ugB+P/kBdUnG5QaMXSIyJ1q38wWSojYCb3z5VQ= github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= +github.com/golang/protobuf v1.4.2 h1:+Z5KGCizgyZCbGh1KZqA0fcLLkwbsjIzS4aV2v7wJX0= +github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.1 h1:Qgr9rKW7uDUkrbSmQeiDsGa8SjGyCOGtuasMWwvp2P4= github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= @@ -380,20 +389,21 @@ github.com/juju/ansiterm v0.0.0-20180109212912-720a0952cc2a h1:FaWFmfWdAUKbSCtOU github.com/juju/ansiterm v0.0.0-20180109212912-720a0952cc2a/go.mod h1:UJSiEoRfvx3hP73CvoARgeLjaIOjybY9vj8PUPPFGeU= github.com/juju/ratelimit v1.0.1/go.mod h1:qapgC/Gy+xNh9UxzV13HGGl/6UXNN+ct+vwSgWNm/qk= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= +github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/gotool v0.0.0-20161130080628-0de1eaf82fa3/go.mod h1:jxZFDH7ILpTPQTk+E2s+z4CUas9lVNjIuKR4c5/zKgM= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.4.0/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= -github.com/klauspost/compress v1.10.6 h1:SP6zavvTG3YjOosWePXFDlExpKIWMTO4SE/Y8MZB2vI= -github.com/klauspost/compress v1.10.6/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= +github.com/klauspost/compress v1.10.8 h1:eLeJ3dr/Y9+XRfJT4l+8ZjmtB5RPJhucH2HeCV5+IZY= +github.com/klauspost/compress v1.10.8/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/cpuid v0.0.0-20180405133222-e7e905edc00e/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/klauspost/cpuid v1.2.3 h1:CCtW0xUnWGVINKvE/WWOYKdsPV6mawAtvQuSl8guwQs= github.com/klauspost/cpuid v1.2.3/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= -github.com/klauspost/cpuid v1.2.4 h1:EBfaK0SWSwk+fgk6efYFWdzl8MwRWoOO1gkmiaTXPW4= -github.com/klauspost/cpuid v1.2.4/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= +github.com/klauspost/cpuid v1.3.0 h1:2JqaNE1hGdABW2YbA3TenkO7RiPFRvSWnEnGqWh9sHE= +github.com/klauspost/cpuid v1.3.0/go.mod h1:bYW4mA6ZgKPob1/Dlai2LviZJO7KGI3uoWLd42rAQw4= github.com/kolo/xmlrpc v0.0.0-20190717152603-07c4ee3fd181/go.mod h1:o03bZfuBwAXHetKXuInt4S7omeXUu62/A845kiycsSQ= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s= @@ -418,8 +428,8 @@ github.com/libdns/libdns v0.0.0-20200501023120-186724ffc821/go.mod h1:yQCXzk1lEZ github.com/linode/linodego v0.10.0/go.mod h1:cziNP7pbvE3mXIPneHj0oRY8L1WtGEIKlZ8LANE4eXA= github.com/liquidweb/liquidweb-go v1.6.0/go.mod h1:UDcVnAMDkZxpw4Y7NOHkqoeiGacVLEIG/i5J9cyixzQ= github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= -github.com/lucas-clemente/quic-go v0.16.0 h1:jJw36wfzGJhmOhAOaOC2lS36WgeqXQszH47A7spo1LI= -github.com/lucas-clemente/quic-go v0.16.0/go.mod h1:I0+fcNTdb9eS1ZcjQZbDVPGchJ86chcIxPALn9lEJqE= +github.com/lucas-clemente/quic-go v0.16.1 h1:hleW5QcJCNjGS10ggod6tQQy7XjVtagS6UIdzBMAWpg= +github.com/lucas-clemente/quic-go v0.16.1/go.mod h1:I0+fcNTdb9eS1ZcjQZbDVPGchJ86chcIxPALn9lEJqE= github.com/lunixbochs/vtclean v1.0.0 h1:xu2sLAri4lGiovBDQKxl5mrXyESr3gUr5m5SM5+LVb8= github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/magiconair/properties v1.7.6/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= @@ -488,6 +498,7 @@ github.com/nbutton23/zxcvbn-go v0.0.0-20180912185939-ae427f1e4c1d/go.mod h1:o96d github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo= github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM= github.com/newrelic/go-agent v2.15.0+incompatible/go.mod h1:a8Fv1b/fYhFSReoTU6HDkTYIMZeSVNffmoS726Y0LzQ= +github.com/ngdinhtoan/glide-cleanup v0.2.0/go.mod h1:UQzsmiDOb8YV3nOsCxK/c9zPpCZVNoHScRE3EO9pVMM= github.com/nkovacs/streamquote v0.0.0-20170412213628-49af9bddb229/go.mod h1:0aYXnNPJ8l7uZxf45rWW1a/uME32OF0rhiYGNQ2oF2E= github.com/nrdcg/auroradns v1.0.1/go.mod h1:y4pc0i9QXYlFCWrhWrUSIETnZgrf4KuwjDIWmmXo3JI= github.com/nrdcg/dnspod-go v0.4.0/go.mod h1:vZSoFSFeQVm2gWLMkyX61LZ8HI3BaqtHZWgPTGKr6KQ= @@ -623,6 +634,8 @@ github.com/smallstep/certinfo v1.2.1/go.mod h1:1gQJekdPwPvUwFWGTi7bZELmQT09cxC9w github.com/smallstep/certinfo v1.3.0/go.mod h1:1gQJekdPwPvUwFWGTi7bZELmQT09cxC9wJ0VBkBNiwU= github.com/smallstep/cli v0.14.3 h1:GghXS0NBoj7psz10Cds86vvcrz6Pmww8aMGKEiD04AI= github.com/smallstep/cli v0.14.3/go.mod h1:U3WVQBS6udgpyHg+d0FQxodNGXBwikoXbERyfgcAhs8= +github.com/smallstep/cli v0.14.4 h1:oaaGwY1iNSHmIC6baiJhdZoLGmXJ0rXyRcxl3Q73SDE= +github.com/smallstep/cli v0.14.4/go.mod h1:cI1F2o1ugIcP1qklLPBECfeR7v7mFxVE6pVNQIMNWpA= github.com/smallstep/nosql v0.3.0 h1:V1X5vfDsDt89499h3jZFUlR4VnnsYYs5tXaQZ0w8z5U= github.com/smallstep/nosql v0.3.0/go.mod h1:QG7gNOpidifn99MjZaiNbm7HPesIyBd97F/OfacNz8Q= github.com/smallstep/truststore v0.9.3/go.mod h1:PRSkpRIhAYBK/KLWkHNgRdYgzWMEy45bN7PSJCfKKGE= @@ -702,8 +715,8 @@ github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQ github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= github.com/yuin/goldmark v1.1.22/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.1.31 h1:nKIhaVknZ0wOBBg0Uu6px+t218SfkLh2i/JwwOXYXqs= -github.com/yuin/goldmark v1.1.31/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.1.32 h1:5tjfNdR2ki3yYQ842+eX2sQHeiwpKJ0RnHO4IYOc4V8= +github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark-highlighting v0.0.0-20200307114337-60d527fdb691 h1:VWSxtAiQNh3zgHJpdpkpVYjTPqRE3P6UZCOPa1nRDio= github.com/yuin/goldmark-highlighting v0.0.0-20200307114337-60d527fdb691/go.mod h1:YLF3kDffRfUH/bTxOxHhV6lxwIB3Vfj91rEwNMS9MXo= github.com/zmap/rc2 v0.0.0-20131011165748-24b9757f5521/go.mod h1:3YZ9o3WnatTIZhuOtot4IcUfzoKVjUHqu6WALIyI0nE= @@ -832,8 +845,8 @@ golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200425230154-ff2c4b7c35a0 h1:Jcxah/M+oLZ/R4/z5RzfPzGbPXnVDPkEDtf2JnuxN+U= -golang.org/x/net v0.0.0-20200425230154-ff2c4b7c35a0/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200528225125-3c3fba18258b h1:IYiJPiJfzktmDAO1HQiwjMjwjlYKHAL7KzeD544RJPs= +golang.org/x/net v0.0.0-20200528225125-3c3fba18258b/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -1087,8 +1100,8 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt honnef.co/go/tools v0.0.1-2020.1.3 h1:sXmLre5bzIR6ypkjXCDI3jHPssRhc8KD/Ome589sc3U= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= howett.net/plist v0.0.0-20181124034731-591f970eefbb/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0= -howett.net/plist v0.0.0-20200225050739-77e249a2e2ba h1:HiEs/6jQFMHpFqsdPBAk3ieVcsSS8IV+D93f43UuDPo= -howett.net/plist v0.0.0-20200225050739-77e249a2e2ba/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0= +howett.net/plist v0.0.0-20200419221736-3b63eb3a43b5 h1:AQkaJpH+/FmqRjmXZPELom5zIERYZfwTjnHpfoVMQEc= +howett.net/plist v0.0.0-20200419221736-3b63eb3a43b5/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0= mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed/go.mod h1:Xkxe497xwlCKkIaQYRfC7CSLworTXY9RMqwhhCm+8Nc= mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b/go.mod h1:2odslEg/xrtNQqCYg2/jCoyKnw3vv5biOc3JnIcYfL4= mvdan.cc/unparam v0.0.0-20190209190245-fbb59629db34/go.mod h1:H6SUd1XjIs+qQCyskXg5OFSrilMRUkD8ePJpHKDPaeY= From 11a132d48b574ef113e411aa22c0801a5a3190bd Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 5 Jun 2020 11:14:39 -0600 Subject: [PATCH 0090/1498] caddytls: Configurable cache size limit --- modules/caddytls/automation.go | 6 ++---- modules/caddytls/tls.go | 20 ++++++++++++++++++++ 2 files changed, 22 insertions(+), 4 deletions(-) diff --git a/modules/caddytls/automation.go b/modules/caddytls/automation.go index bc095fff..37d5010c 100644 --- a/modules/caddytls/automation.go +++ b/modules/caddytls/automation.go @@ -49,15 +49,13 @@ type AutomationConfig struct { // Caddy staples OCSP (and caches the response) for all // qualifying certificates by default. This setting // changes how often it scans responses for freshness, - // and updates them if they are getting stale. + // and updates them if they are getting stale. Default: 1h OCSPCheckInterval caddy.Duration `json:"ocsp_interval,omitempty"` // Every so often, Caddy will scan all loaded, managed // certificates for expiration. This setting changes how // frequently the scan for expiring certificates is - // performed. If your certificate lifetimes are very - // short (less than ~24 hours), you should set this to - // a low value. + // performed. Default: 10m RenewCheckInterval caddy.Duration `json:"renew_interval,omitempty"` defaultPublicAutomationPolicy *AutomationPolicy diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go index 7f2d23e8..cc89ef51 100644 --- a/modules/caddytls/tls.go +++ b/modules/caddytls/tls.go @@ -57,6 +57,9 @@ type TLS struct { // Configures session ticket ephemeral keys (STEKs). SessionTickets *SessionTicketService `json:"session_tickets,omitempty"` + // Configures the in-memory certificate cache. + Cache *CertCacheOptions `json:"cache,omitempty"` + certificateLoaders []CertificateLoader automateNames []string certCache *certmagic.Cache @@ -89,6 +92,9 @@ func (t *TLS) Provision(ctx caddy.Context) error { cacheOpts.OCSPCheckInterval = time.Duration(t.Automation.OCSPCheckInterval) cacheOpts.RenewCheckInterval = time.Duration(t.Automation.RenewCheckInterval) } + if t.Cache != nil { + cacheOpts.Capacity = t.Cache.Capacity + } t.certCache = certmagic.NewCache(cacheOpts) // certificate loaders @@ -215,6 +221,11 @@ func (t *TLS) Validate() error { } } } + if t.Cache != nil { + if t.Cache.Capacity < 0 { + return fmt.Errorf("cache capacity must be >= 0") + } + } return nil } @@ -445,6 +456,15 @@ func (AutomateLoader) CaddyModule() caddy.ModuleInfo { } } +// CertCacheOptions configures the certificate cache. +type CertCacheOptions struct { + // Maximum number of certificates to allow in the + // cache. If reached, certificates will be randomly + // evicted to make room for new ones. Default: 0 + // (no limit). + Capacity int `json:"capacity,omitempty"` +} + // Variables related to storage cleaning. var ( storageCleanInterval = 12 * time.Hour From 1dfb11486eacc32af1003242023ddc4544823a31 Mon Sep 17 00:00:00 2001 From: NWHirschfeld Date: Fri, 5 Jun 2020 20:19:36 +0200 Subject: [PATCH 0091/1498] httpcaddyfile: Add client_auth options to tls directive (#3335) * reading client certificate config from Caddyfile Signed-off-by: NWHirschfeld * Update caddyconfig/httpcaddyfile/builtins.go Co-authored-by: Francis Lavoie * added adapt test for parsing client certificate configuration from Caddyfile Signed-off-by: NWHirschfeld * read client ca and leaf certificates from file https://github.com/caddyserver/caddy/pull/3335#discussion_r421633844 Signed-off-by: NWHirschfeld * Update modules/caddytls/connpolicy.go * Make review adjustments Co-authored-by: Francis Lavoie Co-authored-by: Matt Holt --- caddyconfig/httpcaddyfile/builtins.go | 63 +++++++++++++++++- caddytest/caddy.ca.cer | 20 ++++++ .../tls_client_auth_cert_file.txt | 66 +++++++++++++++++++ .../tls_client_auth_inline_cert.txt | 66 +++++++++++++++++++ modules/caddytls/connpolicy.go | 8 +-- 5 files changed, 215 insertions(+), 8 deletions(-) create mode 100644 caddytest/caddy.ca.cer create mode 100644 caddytest/integration/caddyfile_adapt/tls_client_auth_cert_file.txt create mode 100644 caddytest/integration/caddyfile_adapt/tls_client_auth_inline_cert.txt diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index 90ce3a46..fde56016 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -15,8 +15,11 @@ package httpcaddyfile import ( + "encoding/base64" + "encoding/pem" "fmt" "html" + "io/ioutil" "net/http" "reflect" "strings" @@ -59,6 +62,13 @@ func parseBind(h Helper) ([]ConfigValue, error) { // protocols [] // ciphers // curves +// client_auth { +// mode [request|require|verify_if_given|require_and_verify] +// trusted_ca_cert +// trusted_ca_cert_file +// trusted_leaf_cert +// trusted_leaf_cert_file +// } // alpn // load // ca @@ -143,7 +153,7 @@ func parseTLS(h Helper) ([]ConfigValue, error) { } var hasBlock bool - for h.NextBlock(0) { + for nesting := h.Nesting(); h.NextBlock(nesting); { hasBlock = true switch h.Val() { @@ -181,6 +191,57 @@ func parseTLS(h Helper) ([]ConfigValue, error) { cp.Curves = append(cp.Curves, h.Val()) } + case "client_auth": + cp.ClientAuthentication = &caddytls.ClientAuthentication{} + for nesting := h.Nesting(); h.NextBlock(nesting); { + subdir := h.Val() + switch subdir { + case "mode": + if !h.Args(&cp.ClientAuthentication.Mode) { + return nil, h.ArgErr() + } + if h.NextArg() { + return nil, h.ArgErr() + } + + case "trusted_ca_cert", + "trusted_leaf_cert": + if !h.NextArg() { + return nil, h.ArgErr() + } + if subdir == "trusted_ca_cert" { + cp.ClientAuthentication.TrustedCACerts = append(cp.ClientAuthentication.TrustedCACerts, h.Val()) + } else { + cp.ClientAuthentication.TrustedLeafCerts = append(cp.ClientAuthentication.TrustedLeafCerts, h.Val()) + } + + case "trusted_ca_cert_file", + "trusted_leaf_cert_file": + if !h.NextArg() { + return nil, h.ArgErr() + } + filename := h.Val() + certDataPEM, err := ioutil.ReadFile(filename) + if err != nil { + return nil, err + } + block, _ := pem.Decode(certDataPEM) + if block == nil || block.Type != "CERTIFICATE" { + return nil, h.Errf("no CERTIFICATE pem block found in %s", h.Val()) + } + if subdir == "trusted_ca_cert_file" { + cp.ClientAuthentication.TrustedCACerts = append(cp.ClientAuthentication.TrustedCACerts, + base64.StdEncoding.EncodeToString(block.Bytes)) + } else { + cp.ClientAuthentication.TrustedLeafCerts = append(cp.ClientAuthentication.TrustedLeafCerts, + base64.StdEncoding.EncodeToString(block.Bytes)) + } + + default: + return nil, h.Errf("unknown subdirective for client_auth: %s", subdir) + } + } + case "alpn": args := h.RemainingArgs() if len(args) == 0 { diff --git a/caddytest/caddy.ca.cer b/caddytest/caddy.ca.cer new file mode 100644 index 00000000..00a9a1c1 --- /dev/null +++ b/caddytest/caddy.ca.cer @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDSzCCAjOgAwIBAgIUfIRObjWNUA4jxQ/0x8BOCvE2Vw4wDQYJKoZIhvcNAQEL +BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMTkwODI4MTYyNTU5WhcNMjkw +ODI1MTYyNTU5WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAK5m5elxhQfMp/3aVJ4JnpN9PUSz6LlP6LePAPFU +7gqohVVFVtDkChJAG3FNkNQNlieVTja/bgH9IcC6oKbROwdY1h0MvNV8AHHigvl0 +3WuJD8g2ReVFXXwsnrPmKXCFzQyMI6TYk3m2gYrXsZOU1GLnfMRC3KAMRgE2F45t +wOs9hqG169YJ6mM2eQjzjCHWI6S2/iUYvYxRkCOlYUbLsMD/AhgAf1plzg6LPqNx +tdlwxZnA0ytgkmhK67HtzJu0+ovUCsMv0RwcMhsEo9T8nyFAGt9XLZ63X5WpBCTU +ApaAUhnG0XnerjmUWb6eUWw4zev54sEfY5F3x002iQaW6cECAwEAAaOBkDCBjTAd +BgNVHQ4EFgQU4CBUbZsS2GaNIkGRz/cBsD5ivjswUQYDVR0jBEowSIAU4CBUbZsS +2GaNIkGRz/cBsD5ivjuhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghR8hE5u +NY1QDiPFD/THwE4K8TZXDjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq +hkiG9w0BAQsFAAOCAQEAKB3V4HIzoiO/Ch6WMj9bLJ2FGbpkMrcb/Eq01hT5zcfK +D66lVS1MlK+cRL446Z2b2KDP1oFyVs+qmrmtdwrWgD+nfe2sBmmIHo9m9KygMkEO +fG3MghGTEcS+0cTKEcoHYWYyOqQh6jnedXY8Cdm4GM1hAc9MiL3/sqV8YCVSLNnk +oNysmr06/rZ0MCUZPGUtRmfd0heWhrfzAKw2HLgX+RAmpOE2MZqWcjvqKGyaRiaZ +ks4nJkP6521aC2Lgp0HhCz1j8/uQ5ldoDszCnu/iro0NAsNtudTMD+YoLQxLqdle +Ih6CW+illc2VdXwj7mn6J04yns9jfE2jRjW/yTLFuQ== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/caddytest/integration/caddyfile_adapt/tls_client_auth_cert_file.txt b/caddytest/integration/caddyfile_adapt/tls_client_auth_cert_file.txt new file mode 100644 index 00000000..1e68a4df --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/tls_client_auth_cert_file.txt @@ -0,0 +1,66 @@ +localhost + +respond "hello from localhost" +tls { + client_auth { + mode request + trusted_ca_cert_file ../caddy.ca.cer + } +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "localhost" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "body": "hello from localhost", + "handler": "static_response" + } + ] + } + ] + } + ], + "terminal": true + } + ], + "tls_connection_policies": [ + { + "match": { + "sni": [ + "localhost" + ] + }, + "client_authentication": { + "trusted_ca_certs": [ + "MIIDSzCCAjOgAwIBAgIUfIRObjWNUA4jxQ/0x8BOCvE2Vw4wDQYJKoZIhvcNAQELBQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMTkwODI4MTYyNTU5WhcNMjkwODI1MTYyNTU5WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK5m5elxhQfMp/3aVJ4JnpN9PUSz6LlP6LePAPFU7gqohVVFVtDkChJAG3FNkNQNlieVTja/bgH9IcC6oKbROwdY1h0MvNV8AHHigvl03WuJD8g2ReVFXXwsnrPmKXCFzQyMI6TYk3m2gYrXsZOU1GLnfMRC3KAMRgE2F45twOs9hqG169YJ6mM2eQjzjCHWI6S2/iUYvYxRkCOlYUbLsMD/AhgAf1plzg6LPqNxtdlwxZnA0ytgkmhK67HtzJu0+ovUCsMv0RwcMhsEo9T8nyFAGt9XLZ63X5WpBCTUApaAUhnG0XnerjmUWb6eUWw4zev54sEfY5F3x002iQaW6cECAwEAAaOBkDCBjTAdBgNVHQ4EFgQU4CBUbZsS2GaNIkGRz/cBsD5ivjswUQYDVR0jBEowSIAU4CBUbZsS2GaNIkGRz/cBsD5ivjuhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghR8hE5uNY1QDiPFD/THwE4K8TZXDjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAKB3V4HIzoiO/Ch6WMj9bLJ2FGbpkMrcb/Eq01hT5zcfKD66lVS1MlK+cRL446Z2b2KDP1oFyVs+qmrmtdwrWgD+nfe2sBmmIHo9m9KygMkEOfG3MghGTEcS+0cTKEcoHYWYyOqQh6jnedXY8Cdm4GM1hAc9MiL3/sqV8YCVSLNnkoNysmr06/rZ0MCUZPGUtRmfd0heWhrfzAKw2HLgX+RAmpOE2MZqWcjvqKGyaRiaZks4nJkP6521aC2Lgp0HhCz1j8/uQ5ldoDszCnu/iro0NAsNtudTMD+YoLQxLqdleIh6CW+illc2VdXwj7mn6J04yns9jfE2jRjW/yTLFuQ==" + ], + "mode": "request" + } + }, + {} + ] + } + } + } + } +} \ No newline at end of file diff --git a/caddytest/integration/caddyfile_adapt/tls_client_auth_inline_cert.txt b/caddytest/integration/caddyfile_adapt/tls_client_auth_inline_cert.txt new file mode 100644 index 00000000..028d3b19 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/tls_client_auth_inline_cert.txt @@ -0,0 +1,66 @@ +localhost + +respond "hello from localhost" +tls { + client_auth { + mode request + trusted_ca_cert MIIDSzCCAjOgAwIBAgIUfIRObjWNUA4jxQ/0x8BOCvE2Vw4wDQYJKoZIhvcNAQELBQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMTkwODI4MTYyNTU5WhcNMjkwODI1MTYyNTU5WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK5m5elxhQfMp/3aVJ4JnpN9PUSz6LlP6LePAPFU7gqohVVFVtDkChJAG3FNkNQNlieVTja/bgH9IcC6oKbROwdY1h0MvNV8AHHigvl03WuJD8g2ReVFXXwsnrPmKXCFzQyMI6TYk3m2gYrXsZOU1GLnfMRC3KAMRgE2F45twOs9hqG169YJ6mM2eQjzjCHWI6S2/iUYvYxRkCOlYUbLsMD/AhgAf1plzg6LPqNxtdlwxZnA0ytgkmhK67HtzJu0+ovUCsMv0RwcMhsEo9T8nyFAGt9XLZ63X5WpBCTUApaAUhnG0XnerjmUWb6eUWw4zev54sEfY5F3x002iQaW6cECAwEAAaOBkDCBjTAdBgNVHQ4EFgQU4CBUbZsS2GaNIkGRz/cBsD5ivjswUQYDVR0jBEowSIAU4CBUbZsS2GaNIkGRz/cBsD5ivjuhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghR8hE5uNY1QDiPFD/THwE4K8TZXDjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAKB3V4HIzoiO/Ch6WMj9bLJ2FGbpkMrcb/Eq01hT5zcfKD66lVS1MlK+cRL446Z2b2KDP1oFyVs+qmrmtdwrWgD+nfe2sBmmIHo9m9KygMkEOfG3MghGTEcS+0cTKEcoHYWYyOqQh6jnedXY8Cdm4GM1hAc9MiL3/sqV8YCVSLNnkoNysmr06/rZ0MCUZPGUtRmfd0heWhrfzAKw2HLgX+RAmpOE2MZqWcjvqKGyaRiaZks4nJkP6521aC2Lgp0HhCz1j8/uQ5ldoDszCnu/iro0NAsNtudTMD+YoLQxLqdleIh6CW+illc2VdXwj7mn6J04yns9jfE2jRjW/yTLFuQ== + } +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "localhost" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "body": "hello from localhost", + "handler": "static_response" + } + ] + } + ] + } + ], + "terminal": true + } + ], + "tls_connection_policies": [ + { + "match": { + "sni": [ + "localhost" + ] + }, + "client_authentication": { + "trusted_ca_certs": [ + "MIIDSzCCAjOgAwIBAgIUfIRObjWNUA4jxQ/0x8BOCvE2Vw4wDQYJKoZIhvcNAQELBQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMTkwODI4MTYyNTU5WhcNMjkwODI1MTYyNTU5WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK5m5elxhQfMp/3aVJ4JnpN9PUSz6LlP6LePAPFU7gqohVVFVtDkChJAG3FNkNQNlieVTja/bgH9IcC6oKbROwdY1h0MvNV8AHHigvl03WuJD8g2ReVFXXwsnrPmKXCFzQyMI6TYk3m2gYrXsZOU1GLnfMRC3KAMRgE2F45twOs9hqG169YJ6mM2eQjzjCHWI6S2/iUYvYxRkCOlYUbLsMD/AhgAf1plzg6LPqNxtdlwxZnA0ytgkmhK67HtzJu0+ovUCsMv0RwcMhsEo9T8nyFAGt9XLZ63X5WpBCTUApaAUhnG0XnerjmUWb6eUWw4zev54sEfY5F3x002iQaW6cECAwEAAaOBkDCBjTAdBgNVHQ4EFgQU4CBUbZsS2GaNIkGRz/cBsD5ivjswUQYDVR0jBEowSIAU4CBUbZsS2GaNIkGRz/cBsD5ivjuhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghR8hE5uNY1QDiPFD/THwE4K8TZXDjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAKB3V4HIzoiO/Ch6WMj9bLJ2FGbpkMrcb/Eq01hT5zcfKD66lVS1MlK+cRL446Z2b2KDP1oFyVs+qmrmtdwrWgD+nfe2sBmmIHo9m9KygMkEOfG3MghGTEcS+0cTKEcoHYWYyOqQh6jnedXY8Cdm4GM1hAc9MiL3/sqV8YCVSLNnkoNysmr06/rZ0MCUZPGUtRmfd0heWhrfzAKw2HLgX+RAmpOE2MZqWcjvqKGyaRiaZks4nJkP6521aC2Lgp0HhCz1j8/uQ5ldoDszCnu/iro0NAsNtudTMD+YoLQxLqdleIh6CW+illc2VdXwj7mn6J04yns9jfE2jRjW/yTLFuQ==" + ], + "mode": "request" + } + }, + {} + ] + } + } + } + } +} \ No newline at end of file diff --git a/modules/caddytls/connpolicy.go b/modules/caddytls/connpolicy.go index 3a180619..fec1fe26 100644 --- a/modules/caddytls/connpolicy.go +++ b/modules/caddytls/connpolicy.go @@ -334,7 +334,7 @@ func (clientauth *ClientAuthentication) ConfigureTLSConfig(cfg *tls.Config) erro case "require_and_verify": cfg.ClientAuth = tls.RequireAndVerifyClientCert default: - return fmt.Errorf("client auth mode %s not allowed", clientauth.Mode) + return fmt.Errorf("client auth mode not recognized: %s", clientauth.Mode) } } else { // otherwise, set a safe default mode @@ -361,7 +361,6 @@ func (clientauth *ClientAuthentication) ConfigureTLSConfig(cfg *tls.Config) erro // enforce leaf verification by writing our own verify function if len(clientauth.TrustedLeafCerts) > 0 { clientauth.trustedLeafCerts = []*x509.Certificate{} - for _, clientCertString := range clientauth.TrustedLeafCerts { clientCert, err := decodeBase64DERCert(clientCertString) if err != nil { @@ -369,10 +368,8 @@ func (clientauth *ClientAuthentication) ConfigureTLSConfig(cfg *tls.Config) erro } clientauth.trustedLeafCerts = append(clientauth.trustedLeafCerts, clientCert) } - // if a custom verification function already exists, wrap it clientauth.existingVerifyPeerCert = cfg.VerifyPeerCertificate - cfg.VerifyPeerCertificate = clientauth.verifyPeerCertificate } @@ -411,13 +408,10 @@ func (clientauth ClientAuthentication) verifyPeerCertificate(rawCerts [][]byte, // decodeBase64DERCert base64-decodes, then DER-decodes, certStr. func decodeBase64DERCert(certStr string) (*x509.Certificate, error) { - // decode base64 derBytes, err := base64.StdEncoding.DecodeString(certStr) if err != nil { return nil, err } - - // parse the DER-encoded certificate return x509.ParseCertificate(derBytes) } From 4b10ae5ce6c930b5acd46cb5c569481f349e336c Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 8 Jun 2020 10:30:26 -0600 Subject: [PATCH 0092/1498] reverseproxy: Add Caddyfile support for ClientCertificateAutomate --- modules/caddyhttp/reverseproxy/caddyfile.go | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index 47896a7d..4ffedf22 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -619,15 +619,19 @@ func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { h.DialTimeout = caddy.Duration(dur) case "tls_client_auth": - args := d.RemainingArgs() - if len(args) != 2 { - return d.ArgErr() - } if h.TLS == nil { h.TLS = new(TLSConfig) } - h.TLS.ClientCertificateFile = args[0] - h.TLS.ClientCertificateKeyFile = args[1] + args := d.RemainingArgs() + switch len(args) { + case 1: + h.TLS.ClientCertificateAutomate = args[0] + case 2: + h.TLS.ClientCertificateFile = args[0] + h.TLS.ClientCertificateKeyFile = args[1] + default: + return d.ArgErr() + } case "tls": if h.TLS == nil { @@ -664,7 +668,6 @@ func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { if h.TLS == nil { h.TLS = new(TLSConfig) } - h.TLS.RootCAPEMFiles = args case "tls_server_name": @@ -674,7 +677,6 @@ func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { if h.TLS == nil { h.TLS = new(TLSConfig) } - h.TLS.ServerName = d.Val() case "keepalive": From 90dba172cbfb2527395f7c52af2987d81cab0a99 Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Mon, 8 Jun 2020 20:10:28 +0300 Subject: [PATCH 0093/1498] ci: fix an oopsie in the release script (#3482) --- .goreleaser.yml | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/.goreleaser.yml b/.goreleaser.yml index 325baf22..db9760a1 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -1,10 +1,16 @@ before: hooks: - - cp ./go.mod ./cmd/caddy/go.mod - - sed -i.bkp 's|github.com/caddyserver/caddy/v2|caddy|g' ./cmd/caddy/go.mod + # The build is done in this particular way to build Caddy in a designated directory named in .gitignore. + # This is so we can run goreleaser on tag without Git complaining of being dirty. The main.go in cmd/caddy directory + # cannot be built within that directory due to changes necessary for the build causing Git to be dirty, which + # subsequently causes gorleaser to refuse running. + - mkdir -p caddy-build + - cp cmd/caddy/main.go caddy-build/main.go + - cp ./go.mod caddy-build/go.mod + - sed -i.bkp 's|github.com/caddyserver/caddy/v2|caddy|g' ./caddy-build/go.mod # GoReleaser doesn't seem to offer {{.Tag}} at this stage, so we have to embed it into the env # so we run: TAG=$(git describe --abbrev=0) goreleaser release --rm-dist --skip-publish --skip-validate - - go mod edit -require=github.com/caddyserver/caddy/v2@{{.Env.TAG}} ./cmd/caddy/go.mod + - go mod edit -require=github.com/caddyserver/caddy/v2@{{.Env.TAG}} ./caddy-build/go.mod - git clone --depth 1 https://github.com/caddyserver/dist caddy-dist - go mod download @@ -13,7 +19,7 @@ builds: - CGO_ENABLED=0 - GO111MODULE=on main: main.go - dir: ./cmd/caddy + dir: ./caddy-build binary: caddy goos: - darwin From 7211101c528dfaf483d1dc826f836a98008a4c9b Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 8 Jun 2020 14:21:20 -0400 Subject: [PATCH 0094/1498] ci: Fix gemfury upload condition, move triggers to publish event (#3483) --- .github/workflows/release.yml | 20 +-------------- .github/workflows/release_published.yml | 34 +++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 19 deletions(-) create mode 100644 .github/workflows/release_published.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f9474723..081bcfa7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -73,7 +73,7 @@ jobs: # Only publish on non-special tags (e.g. non-beta) - name: Publish .deb to Gemfury - if: ${{ steps.vars.outputs.tag_special }} == "" + if: ${{ steps.vars.outputs.tag_special == "" }} env: GEMFURY_PUSH_TOKEN: ${{ secrets.GEMFURY_PUSH_TOKEN }} run: | @@ -81,21 +81,3 @@ jobs: curl -F package=@"$filename" https://${GEMFURY_PUSH_TOKEN}:@push.fury.io/caddy/ done - # See https://github.com/peter-evans/repository-dispatch - - name: Trigger event on caddyserver/dist - uses: peter-evans/repository-dispatch@v1 - with: - token: ${{ secrets.REPO_DISPATCH_TOKEN }} - repository: caddyserver/dist - event-type: release-tagged - client-payload: '{"tag": "${{ steps.vars.outputs.version_tag }}"}' - - - name: Trigger event on caddyserver/caddy-docker - uses: peter-evans/repository-dispatch@v1 - with: - token: ${{ secrets.REPO_DISPATCH_TOKEN }} - repository: caddyserver/caddy-docker - event-type: release-tagged - client-payload: '{"tag": "${{ steps.vars.outputs.version_tag }}"}' - - diff --git a/.github/workflows/release_published.yml b/.github/workflows/release_published.yml new file mode 100644 index 00000000..cf47e73d --- /dev/null +++ b/.github/workflows/release_published.yml @@ -0,0 +1,34 @@ +name: Release Published + +# Event payload: https://developer.github.com/webhooks/event-payloads/#release +on: + release: + types: [published] + +jobs: + release: + name: Release Published + strategy: + matrix: + os: [ ubuntu-latest ] + runs-on: ${{ matrix.os }} + + steps: + + # See https://github.com/peter-evans/repository-dispatch + - name: Trigger event on caddyserver/dist + uses: peter-evans/repository-dispatch@v1 + with: + token: ${{ secrets.REPO_DISPATCH_TOKEN }} + repository: caddyserver/dist + event-type: release-tagged + client-payload: '{"tag": "${{ github.release.tag_name }}"}' + + - name: Trigger event on caddyserver/caddy-docker + uses: peter-evans/repository-dispatch@v1 + with: + token: ${{ secrets.REPO_DISPATCH_TOKEN }} + repository: caddyserver/caddy-docker + event-type: release-tagged + client-payload: '{"tag": "${{ github.release.tag_name }}"}' + From b3bff13f7d3635c5c51f71b9e4598d71deab4585 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 11 Jun 2020 15:25:26 -0600 Subject: [PATCH 0095/1498] reverseproxy: Close websocket conn if req context cancels This is a recent patch in the Go standard library --- modules/caddyhttp/reverseproxy/streaming.go | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/modules/caddyhttp/reverseproxy/streaming.go b/modules/caddyhttp/reverseproxy/streaming.go index 170afe8e..8a7c6f74 100644 --- a/modules/caddyhttp/reverseproxy/streaming.go +++ b/modules/caddyhttp/reverseproxy/streaming.go @@ -49,7 +49,20 @@ func (h Handler) handleUpgradeResponse(rw http.ResponseWriter, req *http.Request // p.getErrorHandler()(rw, req, fmt.Errorf("internal error: 101 switching protocols response with non-writable body")) return } - defer backConn.Close() + + // adopted from https://github.com/golang/go/commit/8bcf2834afdf6a1f7937390903a41518715ef6f5 + backConnCloseCh := make(chan struct{}) + go func() { + // Ensure that the cancelation of a request closes the backend. + // See issue https://golang.org/issue/35559. + select { + case <-req.Context().Done(): + case <-backConnCloseCh: + } + backConn.Close() + }() + defer close(backConnCloseCh) + conn, brw, err := hj.Hijack() if err != nil { // p.getErrorHandler()(rw, req, fmt.Errorf("Hijack failed on protocol switch: %v", err)) From 6d03fb48f9189d286733913f189117d3cced3df5 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 11 Jun 2020 15:33:27 -0600 Subject: [PATCH 0096/1498] caddytls: Don't decode HMAC https://caddy.community/t/trouble-with-external-account-hmac/8600?u=matt --- go.mod | 2 +- go.sum | 4 ++-- modules/caddytls/acmeissuer.go | 13 ++++--------- 3 files changed, 7 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index c0bfd25d..be94561a 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/Masterminds/sprig/v3 v3.1.0 github.com/alecthomas/chroma v0.7.4-0.20200517063913-500529fd43c1 github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a - github.com/caddyserver/certmagic v0.11.1 + github.com/caddyserver/certmagic v0.11.2-0.20200611213056-77f91b9bbeea github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-acme/lego/v3 v3.7.0 github.com/go-chi/chi v4.1.2+incompatible diff --git a/go.sum b/go.sum index a82bf53d..fac10e39 100644 --- a/go.sum +++ b/go.sum @@ -116,8 +116,8 @@ github.com/bombsimon/wsl/v2 v2.0.0/go.mod h1:mf25kr/SqFEPhhcxW1+7pxzGlW+hIl/hYTK github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= -github.com/caddyserver/certmagic v0.11.1 h1:rVbT7DIBH3tv2IQHsIyjFXUpCgrMb5KwganVbnJYsrY= -github.com/caddyserver/certmagic v0.11.1/go.mod h1:fqY1IZk5iqhsj5FU3Vw20Sjq66tEKaanTFYNZ74soMY= +github.com/caddyserver/certmagic v0.11.2-0.20200611213056-77f91b9bbeea h1:JTDqzB3+xUJrUoDkA5iHOnuvy4K/s8ibcZV1YpPYfSI= +github.com/caddyserver/certmagic v0.11.2-0.20200611213056-77f91b9bbeea/go.mod h1:fqY1IZk5iqhsj5FU3Vw20Sjq66tEKaanTFYNZ74soMY= github.com/cenkalti/backoff/v4 v4.0.0 h1:6VeaLF9aI+MAUQ95106HwWzYZgJJpZ4stumjj6RFYAU= github.com/cenkalti/backoff/v4 v4.0.0/go.mod h1:eEew/i+1Q6OrCDZh3WiXYv3+nJwBASZ8Bog/87DQnVg= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go index d6109460..195ddeb3 100644 --- a/modules/caddytls/acmeissuer.go +++ b/modules/caddytls/acmeissuer.go @@ -17,7 +17,6 @@ package caddytls import ( "context" "crypto/x509" - "encoding/base64" "fmt" "io/ioutil" "net/url" @@ -141,16 +140,12 @@ func (m *ACMEIssuer) makeIssuerTemplate() (certmagic.ACMEManager, error) { } if m.ExternalAccount != nil { - hmac, err := base64.StdEncoding.DecodeString(m.ExternalAccount.EncodedHMAC) - if err != nil { - return template, err - } - if m.ExternalAccount.KeyID == "" || len(hmac) == 0 { + if m.ExternalAccount.KeyID == "" || m.ExternalAccount.HMAC == "" { return template, fmt.Errorf("when an external account binding is specified, both key ID and HMAC are required") } template.ExternalAccount = &certmagic.ExternalAccountBinding{ KeyID: m.ExternalAccount.KeyID, - HMAC: hmac, + HMAC: m.ExternalAccount.HMAC, } } @@ -238,8 +233,8 @@ type ExternalAccountBinding struct { // The key identifier. KeyID string `json:"key_id,omitempty"` - // The base64-encoded HMAC. - EncodedHMAC string `json:"hmac,omitempty"` + // The HMAC. + HMAC string `json:"hmac,omitempty"` } // Interface guards From d55c3b31ebb77df65cc052dbddc137cbe07b297e Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 11 Jun 2020 16:19:07 -0600 Subject: [PATCH 0097/1498] caddyhttp: Add client cert SAN placeholders --- modules/caddyhttp/app.go | 6 +++ modules/caddyhttp/caddyauth/caddyfile.go | 2 +- modules/caddyhttp/replacer.go | 64 ++++++++++++++++++++++-- modules/caddyhttp/replacer_test.go | 20 ++++++++ 4 files changed, 87 insertions(+), 5 deletions(-) diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go index f695276a..45845ea1 100644 --- a/modules/caddyhttp/app.go +++ b/modules/caddyhttp/app.go @@ -72,9 +72,15 @@ func init() { // `{http.request.tls.proto_mutual}` | The negotiated next protocol was advertised by the server // `{http.request.tls.server_name}` | The server name requested by the client, if any // `{http.request.tls.client.fingerprint}` | The SHA256 checksum of the client certificate +// `{http.request.tls.client.public_key}` | The public key of the client certificate. +// `{http.request.tls.client.public_key_sha256}` | The SHA256 checksum of the client's public key. // `{http.request.tls.client.issuer}` | The issuer DN of the client certificate // `{http.request.tls.client.serial}` | The serial number of the client certificate // `{http.request.tls.client.subject}` | The subject DN of the client certificate +// `{http.request.tls.client.san.dns_names.*}` | SAN DNS names(index optional) +// `{http.request.tls.client.san.emails.*}` | SAN email addresses (index optional) +// `{http.request.tls.client.san.ips.*}` | SAN IP addresses (index optional) +// `{http.request.tls.client.san.uris.*}` | SAN URIs (index optional) // `{http.request.uri.path.*}` | Parts of the path, split by `/` (0-based from left) // `{http.request.uri.path.dir}` | The directory, excluding leaf filename // `{http.request.uri.path.file}` | The filename of the path, excluding directory diff --git a/modules/caddyhttp/caddyauth/caddyfile.go b/modules/caddyhttp/caddyauth/caddyfile.go index 13e78fc0..afa38087 100644 --- a/modules/caddyhttp/caddyauth/caddyfile.go +++ b/modules/caddyhttp/caddyauth/caddyfile.go @@ -27,7 +27,7 @@ func init() { // parseCaddyfile sets up the handler from Caddyfile tokens. Syntax: // -// basicauth [] [] { +// basicauth [] [ []] { // [] // ... // } diff --git a/modules/caddyhttp/replacer.go b/modules/caddyhttp/replacer.go index 37b53d27..b3c7b5dc 100644 --- a/modules/caddyhttp/replacer.go +++ b/modules/caddyhttp/replacer.go @@ -28,6 +28,7 @@ import ( "net" "net/http" "net/textproto" + "net/url" "path" "strconv" "strings" @@ -163,7 +164,7 @@ func addHTTPVarsToReplacer(repl *caddy.Replacer, req *http.Request, w http.Respo if strings.HasPrefix(key, reqHostLabelsReplPrefix) { idxStr := key[len(reqHostLabelsReplPrefix):] idx, err := strconv.Atoi(idxStr) - if err != nil { + if err != nil || idx < 0 { return "", false } reqHost, _, err := net.SplitHostPort(req.Host) @@ -171,9 +172,6 @@ func addHTTPVarsToReplacer(repl *caddy.Replacer, req *http.Request, w http.Respo reqHost = req.Host // OK; assume there was no port } hostLabels := strings.Split(reqHost, ".") - if idx < 0 { - return "", false - } if idx > len(hostLabels) { return "", true } @@ -245,6 +243,64 @@ func getReqTLSReplacement(req *http.Request, key string) (interface{}, bool) { return nil, false } + // subject alternate names (SANs) + if strings.HasPrefix(field, "client.san.") { + field = field[len("client.san."):] + var fieldName string + var fieldValue interface{} + switch { + case strings.HasPrefix(field, "dns_names"): + fieldName = "dns_names" + fieldValue = cert.DNSNames + case strings.HasPrefix(field, "emails"): + fieldName = "emails" + fieldValue = cert.EmailAddresses + case strings.HasPrefix(field, "ips"): + fieldName = "ips" + fieldValue = cert.IPAddresses + case strings.HasPrefix(field, "uris"): + fieldName = "uris" + fieldValue = cert.URIs + default: + return nil, false + } + field = field[len(fieldName):] + + // if no index was specified, return the whole list + if field == "" { + return fieldValue, true + } + if len(field) < 2 || field[0] != '.' { + return nil, false + } + field = field[1:] // trim '.' between field name and index + + // get the numeric index + idx, err := strconv.Atoi(field) + if err != nil || idx < 0 { + return nil, false + } + + // access the indexed element and return it + switch v := fieldValue.(type) { + case []string: + if idx >= len(v) { + return nil, true + } + return v[idx], true + case []net.IP: + if idx >= len(v) { + return nil, true + } + return v[idx], true + case []*url.URL: + if idx >= len(v) { + return nil, true + } + return v[idx], true + } + } + switch field { case "client.fingerprint": return fmt.Sprintf("%x", sha256.Sum256(cert.Raw)), true diff --git a/modules/caddyhttp/replacer_test.go b/modules/caddyhttp/replacer_test.go index ea9fa656..bc18c5a0 100644 --- a/modules/caddyhttp/replacer_test.go +++ b/modules/caddyhttp/replacer_test.go @@ -147,6 +147,26 @@ eqp31wM9il1n+guTNyxJd+FzVAH+hCZE5K+tCgVDdVFUlDEHHbS/wqb2PSIoouLV input: "{http.request.tls.client.subject}", expect: "CN=client.localdomain", }, + { + input: "{http.request.tls.client.san.dns_names}", + expect: "[localhost]", + }, + { + input: "{http.request.tls.client.san.dns_names.0}", + expect: "localhost", + }, + { + input: "{http.request.tls.client.san.dns_names.1}", + expect: "", + }, + { + input: "{http.request.tls.client.san.ips}", + expect: "[127.0.0.1]", + }, + { + input: "{http.request.tls.client.san.ips.0}", + expect: "127.0.0.1", + }, } { actual := repl.ReplaceAll(tc.input, "") if actual != tc.expect { From fa4cdde7d8195f2e1ec5c937f00cbf9ce0d6537b Mon Sep 17 00:00:00 2001 From: Wynn Wolf Arbor Date: Fri, 12 Jun 2020 18:07:59 +0200 Subject: [PATCH 0098/1498] fastcgi: Make sure splitPos handles empty SplitPath correctly (#3491) In commit f2ce81c, support for multiple path splitters was added. The type of SplitPath changed from string to []string, and splitPos was changed to loop through all values in SplitPath. Before that commit, if SplitPath was empty, strings.Index returned 0 and PATH_INFO was set correctly in buildEnv. Currently, however, splitPos returns -1 for empty values of SplitPath, behaving as if a split position could not be found at all. PATH_INFO is then never set in buildEnv and remains empty. Restore the old behaviour by explicitly checking whether SplitPath is empty and returning 0 in splitPos. Closes #3490 --- modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go b/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go index 6ad5047e..4a8c6d7a 100644 --- a/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go +++ b/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go @@ -303,6 +303,10 @@ func (t Transport) splitPos(path string) int { // if httpserver.CaseSensitivePath { // return strings.Index(path, r.SplitPath) // } + if len(t.SplitPath) == 0 { + return 0 + } + lowerPath := strings.ToLower(path) for _, split := range t.SplitPath { if idx := strings.Index(lowerPath, strings.ToLower(split)); idx > -1 { From 99dcc10f3183e7c4871e54a73de1d403ece183fd Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Fri, 12 Jun 2020 20:11:46 +0300 Subject: [PATCH 0099/1498] ci: add CI on s390x (#3463) * ci: lay out foundation for s390x tests * ci: uncomment the s390x test script & replace placeholders with real values * ci: amend the s390x test job name to be more consistent with others --- .github/workflows/ci.yml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c096fbd1..e7506fdd 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -120,6 +120,32 @@ jobs: # echo "step_test ${{ steps.step_test.outputs.status }}\n" # exit 1 + s390x-test: + name: test (s390x on IBM Z) + runs-on: ubuntu-latest + steps: + - name: Checkout code into the Go module directory + uses: actions/checkout@v2 + - name: Run Tests + run: | + mkdir -p ~/.ssh && echo -e "${SSH_KEY//_/\\n}" > ~/.ssh/id_ecdsa && chmod og-rwx ~/.ssh/id_ecdsa + + # short sha is enough? + short_sha=$(git rev-parse --short HEAD) + + # The environment is fresh, so there's no point in keeping accepting and adding the key. + rsync -arz -e "ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" --progress --delete --exclude '.git' . caddy-ci@ci-s390x.caddyserver.com:/var/tmp/"$short_sha" + ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -t caddy-ci@ci-s390x.caddyserver.com "cd /var/tmp/$short_sha; CGO_ENABLED=0 /usr/local/go/bin/go test -v ./..." + test_result=$? + + # There's no need leaving the files around + ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null caddy-ci@ci-s390x.caddyserver.com "rm -rf /var/tmp/'$short_sha'" + + echo "Test exit code: $test_result" + exit $test_result + env: + SSH_KEY: ${{ secrets.S390X_SSH_KEY }} + # From https://github.com/reviewdog/action-golangci-lint golangci-lint: name: runner / golangci-lint From cb0d9838cbc95fc17d79d7678b40a698f832e5dd Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 12 Jun 2020 11:52:12 -0600 Subject: [PATCH 0100/1498] go.mod: Update quic-go to 0.17.1 (draft 29) and certmagic 0.11.2 (eab) --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index be94561a..3a623c7d 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/Masterminds/sprig/v3 v3.1.0 github.com/alecthomas/chroma v0.7.4-0.20200517063913-500529fd43c1 github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a - github.com/caddyserver/certmagic v0.11.2-0.20200611213056-77f91b9bbeea + github.com/caddyserver/certmagic v0.11.2 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-acme/lego/v3 v3.7.0 github.com/go-chi/chi v4.1.2+incompatible @@ -17,7 +17,7 @@ require ( github.com/klauspost/compress v1.10.8 github.com/klauspost/cpuid v1.3.0 github.com/libdns/libdns v0.0.0-20200501023120-186724ffc821 - github.com/lucas-clemente/quic-go v0.16.1 + github.com/lucas-clemente/quic-go v0.17.1 github.com/naoina/go-stringutil v0.1.0 // indirect github.com/naoina/toml v0.1.1 github.com/smallstep/certificates v0.15.0-rc.1.0.20200506212953-e855707dc274 diff --git a/go.sum b/go.sum index fac10e39..1677a18b 100644 --- a/go.sum +++ b/go.sum @@ -116,8 +116,8 @@ github.com/bombsimon/wsl/v2 v2.0.0/go.mod h1:mf25kr/SqFEPhhcxW1+7pxzGlW+hIl/hYTK github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= -github.com/caddyserver/certmagic v0.11.2-0.20200611213056-77f91b9bbeea h1:JTDqzB3+xUJrUoDkA5iHOnuvy4K/s8ibcZV1YpPYfSI= -github.com/caddyserver/certmagic v0.11.2-0.20200611213056-77f91b9bbeea/go.mod h1:fqY1IZk5iqhsj5FU3Vw20Sjq66tEKaanTFYNZ74soMY= +github.com/caddyserver/certmagic v0.11.2 h1:nPBqyuFNHJEf2FwC1ixJjArtTKWyPqpaH6k4jl7gxYI= +github.com/caddyserver/certmagic v0.11.2/go.mod h1:fqY1IZk5iqhsj5FU3Vw20Sjq66tEKaanTFYNZ74soMY= github.com/cenkalti/backoff/v4 v4.0.0 h1:6VeaLF9aI+MAUQ95106HwWzYZgJJpZ4stumjj6RFYAU= github.com/cenkalti/backoff/v4 v4.0.0/go.mod h1:eEew/i+1Q6OrCDZh3WiXYv3+nJwBASZ8Bog/87DQnVg= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= @@ -428,8 +428,8 @@ github.com/libdns/libdns v0.0.0-20200501023120-186724ffc821/go.mod h1:yQCXzk1lEZ github.com/linode/linodego v0.10.0/go.mod h1:cziNP7pbvE3mXIPneHj0oRY8L1WtGEIKlZ8LANE4eXA= github.com/liquidweb/liquidweb-go v1.6.0/go.mod h1:UDcVnAMDkZxpw4Y7NOHkqoeiGacVLEIG/i5J9cyixzQ= github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= -github.com/lucas-clemente/quic-go v0.16.1 h1:hleW5QcJCNjGS10ggod6tQQy7XjVtagS6UIdzBMAWpg= -github.com/lucas-clemente/quic-go v0.16.1/go.mod h1:I0+fcNTdb9eS1ZcjQZbDVPGchJ86chcIxPALn9lEJqE= +github.com/lucas-clemente/quic-go v0.17.1 h1:ezsH76xpn6hKugfsXUy6voIJBFmAOwnM/Oy9F4b/n+M= +github.com/lucas-clemente/quic-go v0.17.1/go.mod h1:I0+fcNTdb9eS1ZcjQZbDVPGchJ86chcIxPALn9lEJqE= github.com/lunixbochs/vtclean v1.0.0 h1:xu2sLAri4lGiovBDQKxl5mrXyESr3gUr5m5SM5+LVb8= github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/magiconair/properties v1.7.6/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= From 7da32f493a41e7cd62e8eeb3976914e54340cc9b Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Fri, 12 Jun 2020 21:03:29 +0300 Subject: [PATCH 0101/1498] ci: skip s390x tests on forks (#3493) --- .github/workflows/ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e7506fdd..f0f32615 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -123,6 +123,7 @@ jobs: s390x-test: name: test (s390x on IBM Z) runs-on: ubuntu-latest + if: ${{ github.repository == 'caddyserver/caddy' }} steps: - name: Checkout code into the Go module directory uses: actions/checkout@v2 From d84a5d84278686d7400b3754b0422f85f5541326 Mon Sep 17 00:00:00 2001 From: Chris Ortman Date: Fri, 12 Jun 2020 14:37:56 -0500 Subject: [PATCH 0102/1498] httpcaddyfile: New `acme_eab` option (#3492) * Adds global options for external account bindings * Maybe other people use ctags too? * Use nested block to configure external account * go format files * Restore acme_ca directive in test file * Change Caddyfile config syntax for acme_eab * Update test Co-authored-by: Matt Holt --- .gitignore | 2 +- caddyconfig/httpcaddyfile/options.go | 31 ++++++- caddyconfig/httpcaddyfile/tlsapp.go | 9 +- .../caddyfile_adapt/global_options.txt | 3 +- .../caddyfile_adapt/global_options_acme.txt | 85 +++++++++++++++++++ 5 files changed, 125 insertions(+), 5 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/global_options_acme.txt diff --git a/.gitignore b/.gitignore index d8128f54..4b8dc489 100644 --- a/.gitignore +++ b/.gitignore @@ -20,4 +20,4 @@ vendor # goreleaser artifacts dist caddy-build -caddy-dist \ No newline at end of file +caddy-dist diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go index cecb3d4b..2b6b111e 100644 --- a/caddyconfig/httpcaddyfile/options.go +++ b/caddyconfig/httpcaddyfile/options.go @@ -31,8 +31,9 @@ func init() { RegisterGlobalOption("experimental_http3", parseOptTrue) RegisterGlobalOption("storage", parseOptStorage) RegisterGlobalOption("acme_ca", parseOptSingleString) - RegisterGlobalOption("acme_dns", parseOptSingleString) RegisterGlobalOption("acme_ca_root", parseOptSingleString) + RegisterGlobalOption("acme_dns", parseOptSingleString) + RegisterGlobalOption("acme_eab", parseOptACMEEAB) RegisterGlobalOption("email", parseOptSingleString) RegisterGlobalOption("admin", parseOptAdmin) RegisterGlobalOption("on_demand_tls", parseOptOnDemand) @@ -180,6 +181,34 @@ func parseOptStorage(d *caddyfile.Dispenser) (interface{}, error) { return storage, nil } +func parseOptACMEEAB(d *caddyfile.Dispenser) (interface{}, error) { + eab := new(caddytls.ExternalAccountBinding) + for d.Next() { + if d.NextArg() { + return nil, d.ArgErr() + } + for nesting := d.Nesting(); d.NextBlock(nesting); { + switch d.Val() { + case "key_id": + if !d.NextArg() { + return nil, d.ArgErr() + } + eab.KeyID = d.Val() + + case "hmac": + if !d.NextArg() { + return nil, d.ArgErr() + } + eab.HMAC = d.Val() + + default: + return nil, d.Errf("unrecognized parameter '%s'", d.Val()) + } + } + } + return eab, nil +} + func parseOptSingleString(d *caddyfile.Dispenser) (interface{}, error) { d.Next() // consume parameter name if !d.Next() { diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index 90b4e71c..8f642915 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -348,13 +348,15 @@ func (st ServerType) buildTLSApp( // true, a non-nil value will always be returned (unless there is an error). func newBaseAutomationPolicy(options map[string]interface{}, warnings []caddyconfig.Warning, always bool) (*caddytls.AutomationPolicy, error) { acmeCA, hasACMECA := options["acme_ca"] - acmeDNS, hasACMEDNS := options["acme_dns"] acmeCARoot, hasACMECARoot := options["acme_ca_root"] + acmeDNS, hasACMEDNS := options["acme_dns"] + acmeEAB, hasACMEEAB := options["acme_eab"] + email, hasEmail := options["email"] localCerts, hasLocalCerts := options["local_certs"] keyType, hasKeyType := options["key_type"] - hasGlobalAutomationOpts := hasACMECA || hasACMEDNS || hasACMECARoot || hasEmail || hasLocalCerts || hasKeyType + hasGlobalAutomationOpts := hasACMECA || hasACMECARoot || hasACMEDNS || hasACMEEAB || hasEmail || hasLocalCerts || hasKeyType // if there are no global options related to automation policies // set, then we can just return right away @@ -396,6 +398,9 @@ func newBaseAutomationPolicy(options map[string]interface{}, warnings []caddycon if acmeCARoot != nil { mgr.TrustedRootsPEMFiles = []string{acmeCARoot.(string)} } + if acmeEAB != nil { + mgr.ExternalAccount = acmeEAB.(*caddytls.ExternalAccountBinding) + } if keyType != nil { ap.KeyType = keyType.(string) } diff --git a/caddytest/integration/caddyfile_adapt/global_options.txt b/caddytest/integration/caddyfile_adapt/global_options.txt index 33836ff7..7e850a39 100644 --- a/caddytest/integration/caddyfile_adapt/global_options.txt +++ b/caddytest/integration/caddyfile_adapt/global_options.txt @@ -9,6 +9,7 @@ } acme_ca https://example.com acme_ca_root /path/to/ca.crt + email test@example.com admin off on_demand_tls { @@ -68,4 +69,4 @@ } } } -} \ No newline at end of file +} diff --git a/caddytest/integration/caddyfile_adapt/global_options_acme.txt b/caddytest/integration/caddyfile_adapt/global_options_acme.txt new file mode 100644 index 00000000..edb52778 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/global_options_acme.txt @@ -0,0 +1,85 @@ +{ + debug + http_port 8080 + https_port 8443 + default_sni localhost + order root first + storage file_system { + root /data + } + acme_ca https://example.com + acme_eab { + key_id 4K2scIVbBpNd-78scadB2g + hmac abcdefghijklmnopqrstuvwx-abcdefghijklnopqrstuvwxyz12ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefgh + } + acme_ca_root /path/to/ca.crt + email test@example.com + admin off + on_demand_tls { + ask https://example.com + interval 30s + burst 20 + } + + key_type ed25519 +} + +:80 +---------- +{ + "admin": { + "disabled": true + }, + "logging": { + "logs": { + "default": { + "level": "DEBUG" + } + } + }, + "storage": { + "module": "file_system", + "root": "/data" + }, + "apps": { + "http": { + "http_port": 8080, + "https_port": 8443, + "servers": { + "srv0": { + "listen": [ + ":80" + ] + } + } + }, + "tls": { + "automation": { + "policies": [ + { + "issuer": { + "ca": "https://example.com", + "email": "test@example.com", + "external_account": { + "hmac": "abcdefghijklmnopqrstuvwx-abcdefghijklnopqrstuvwxyz12ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefgh", + "key_id": "4K2scIVbBpNd-78scadB2g" + }, + "module": "acme", + "trusted_roots_pem_files": [ + "/path/to/ca.crt" + ] + }, + "key_type": "ed25519" + } + ], + "on_demand": { + "rate_limit": { + "interval": 30000000000, + "burst": 20 + }, + "ask": "https://example.com" + } + } + } + } +} From 5b48f784ae45cdeb7161e85f274283327cde24e7 Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Fri, 12 Jun 2020 22:51:04 +0300 Subject: [PATCH 0103/1498] ci: don't run s390x tests on PRs of forks (#3494) * ci: don't run s390x tests on PRs of forks * ci: check if fork by matchinging name from event against name of repo --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f0f32615..67e15d4d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -123,7 +123,7 @@ jobs: s390x-test: name: test (s390x on IBM Z) runs-on: ubuntu-latest - if: ${{ github.repository == 'caddyserver/caddy' }} + if: github.event.pull_request.head.repo.full_name == github.repository steps: - name: Checkout code into the Go module directory uses: actions/checkout@v2 From 003403ecbccbd3fa53040ee1f0fd5d411a887215 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 15 Jun 2020 14:38:51 -0400 Subject: [PATCH 0104/1498] templates: Add support for dots to close yaml frontmatter (#3498) * templates: Add support for dots to close yaml frontmatter * templates: Fix regression in body output --- modules/caddyhttp/templates/frontmatter.go | 61 +++++++++++++------ .../caddyhttp/templates/tplcontext_test.go | 17 ++++++ 2 files changed, 59 insertions(+), 19 deletions(-) diff --git a/modules/caddyhttp/templates/frontmatter.go b/modules/caddyhttp/templates/frontmatter.go index d781c7bb..f9d5fb2d 100644 --- a/modules/caddyhttp/templates/frontmatter.go +++ b/modules/caddyhttp/templates/frontmatter.go @@ -34,25 +34,30 @@ func extractFrontMatter(input string) (map[string]interface{}, string, error) { firstLine = strings.TrimSpace(firstLine) // see what kind of front matter there is, if any - var closingFence string + var closingFence []string var fmParser func([]byte) (map[string]interface{}, error) - switch firstLine { - case yamlFrontMatterFenceOpen: - fmParser = yamlFrontMatter - closingFence = yamlFrontMatterFenceClose - case tomlFrontMatterFenceOpen: - fmParser = tomlFrontMatter - closingFence = tomlFrontMatterFenceClose - case jsonFrontMatterFenceOpen: - fmParser = jsonFrontMatter - closingFence = jsonFrontMatterFenceClose - default: + for _, fmType := range supportedFrontMatterTypes { + if firstLine == fmType.FenceOpen { + closingFence = fmType.FenceClose + fmParser = fmType.ParseFunc + } + } + + if fmParser == nil { // no recognized front matter; whole document is body return nil, input, nil } // find end of front matter - fmEndFenceStart := strings.Index(input[firstLineEnd:], "\n"+closingFence) + var fmEndFence string + fmEndFenceStart := -1 + for _, fence := range closingFence { + index := strings.Index(input[firstLineEnd:], "\n"+fence) + if index >= 0 { + fmEndFenceStart = index + fmEndFence = fence + } + } if fmEndFenceStart < 0 { return nil, "", fmt.Errorf("unterminated front matter") } @@ -66,7 +71,7 @@ func extractFrontMatter(input string) (map[string]interface{}, string, error) { } // the rest is the body - body := input[fmEndFenceStart+len(closingFence):] + body := input[fmEndFenceStart+len(fmEndFence):] return fm, body, nil } @@ -96,8 +101,26 @@ type parsedMarkdownDoc struct { Body string `json:"body,omitempty"` } -const ( - yamlFrontMatterFenceOpen, yamlFrontMatterFenceClose = "---", "---" - tomlFrontMatterFenceOpen, tomlFrontMatterFenceClose = "+++", "+++" - jsonFrontMatterFenceOpen, jsonFrontMatterFenceClose = "{", "}" -) +type frontMatterType struct { + FenceOpen string + FenceClose []string + ParseFunc func(input []byte) (map[string]interface{}, error) +} + +var supportedFrontMatterTypes = []frontMatterType{ + { + FenceOpen: "---", + FenceClose: []string{"---", "..."}, + ParseFunc: yamlFrontMatter, + }, + { + FenceOpen: "+++", + FenceClose: []string{"+++"}, + ParseFunc: tomlFrontMatter, + }, + { + FenceOpen: "{", + FenceClose: []string{"}"}, + ParseFunc: jsonFrontMatter, + }, +} diff --git a/modules/caddyhttp/templates/tplcontext_test.go b/modules/caddyhttp/templates/tplcontext_test.go index 4c3da033..f90b851f 100644 --- a/modules/caddyhttp/templates/tplcontext_test.go +++ b/modules/caddyhttp/templates/tplcontext_test.go @@ -290,11 +290,13 @@ func TestSplitFrontMatter(t *testing.T) { for i, test := range []struct { input string expect string + body string }{ { // yaml with windows newline input: "---\r\ntitle: Welcome\r\n---\r\n# Test\\r\\n", expect: `Welcome`, + body: "\r\n# Test\\r\\n", }, { // yaml @@ -303,6 +305,16 @@ title: Welcome --- ### Test`, expect: `Welcome`, + body: "\n### Test", + }, + { + // yaml with dots for closer + input: `--- +title: Welcome +... +### Test`, + expect: `Welcome`, + body: "\n### Test", }, { // toml @@ -311,6 +323,7 @@ title = "Welcome" +++ ### Test`, expect: `Welcome`, + body: "\n### Test", }, { // json @@ -319,12 +332,16 @@ title = "Welcome" } ### Test`, expect: `Welcome`, + body: "\n### Test", }, } { result, _ := context.funcSplitFrontMatter(test.input) if result.Meta["title"] != test.expect { t.Errorf("Test %d: Expected %s, found %s. Input was SplitFrontMatter(%s)", i, test.expect, result.Meta["title"], test.input) } + if result.Body != test.body { + t.Errorf("Test %d: Expected body %s, found %s. Input was SplitFrontMatter(%s)", i, test.body, result.Body, test.input) + } } } From 32cafbb6309c8d78cc7e2f2a75def9c633944ef8 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 16 Jun 2020 10:02:06 -0600 Subject: [PATCH 0105/1498] httpcaddyfile: Fix ordering of catch-all site blocks Catch-alls should always go last. Normally this is the case, but we have a special case for comparing one wildcard-host site block to another non-wildcard host site block; and a catch-all site block is also a non-wildcard host site block, so now we have to special-case the catch-all site block. Sigh. This could be reproduced with a Caddyfile that has two site blocks: ":80" and "*.example.com", in that order. --- caddyconfig/httpcaddyfile/httptype.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 7be932fd..3f37f024 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -400,6 +400,11 @@ func (st *ServerType) serversFromPairings( jLongestPath = addr.Path } } + if specificity(jLongestHost) == 0 { + // catch-all blocks (blocks with no hostname) should always go + // last, even after blocks with wildcard hosts + return true + } if iWildcardHost != jWildcardHost { // site blocks that have a key with a wildcard in the hostname // must always be less specific than blocks without one; see From 6db3615547b8911ac81dc2b23c1ed8bedbef0fdb Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 16 Jun 2020 10:41:37 -0600 Subject: [PATCH 0106/1498] caddyhttp: Enable matching empty query string Caddyfile syntax: query "" Or a nil matcher in the JSON should also match an empty query string. See https://caddy.community/t/v2-match-empty-query/8708?u=matt --- modules/caddyhttp/matchers.go | 13 +++++++++---- modules/caddyhttp/matchers_test.go | 18 ++++++++++++++++++ 2 files changed, 27 insertions(+), 4 deletions(-) diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index 5dddb71e..6662daca 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -349,19 +349,21 @@ func (MatchQuery) CaddyModule() caddy.ModuleInfo { // UnmarshalCaddyfile implements caddyfile.Unmarshaler. func (m *MatchQuery) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { - if *m == nil { - *m = make(map[string][]string) - } - for d.Next() { var query string if !d.Args(&query) { return d.ArgErr() } + if query == "" { + continue + } parts := strings.SplitN(query, "=", 2) if len(parts) != 2 { return d.Errf("malformed query matcher token: %s; must be in param=val format", d.Val()) } + if *m == nil { + *m = make(map[string][]string) + } url.Values(*m).Set(parts[0], parts[1]) if d.NextBlock(0) { return d.Err("malformed query matcher: blocks are not supported") @@ -372,6 +374,9 @@ func (m *MatchQuery) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { // Match returns true if r matches m. func (m MatchQuery) Match(r *http.Request) bool { + if m == nil { + return len(r.URL.Query()) == 0 + } for param, vals := range m { paramVal, found := r.URL.Query()[param] if found { diff --git a/modules/caddyhttp/matchers_test.go b/modules/caddyhttp/matchers_test.go index 9b3a9a85..219ada88 100644 --- a/modules/caddyhttp/matchers_test.go +++ b/modules/caddyhttp/matchers_test.go @@ -528,6 +528,24 @@ func TestQueryMatcher(t *testing.T) { input: "/?someparam", expect: false, }, + { + scenario: "nil matcher value should match empty query", + match: MatchQuery(nil), + input: "/?", + expect: true, + }, + { + scenario: "nil matcher value should NOT match a non-empty query", + match: MatchQuery(nil), + input: "/?foo=bar", + expect: false, + }, + { + scenario: "non-nil matcher should NOT match an empty query", + match: MatchQuery{"": []string{}}, + input: "/?", + expect: false, + }, } { u, _ := url.Parse(tc.input) From 3af15c0725605162dc8dad0c6ab241e2dc4553c6 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 16 Jun 2020 12:02:23 -0600 Subject: [PATCH 0107/1498] caddyhttp: Empty, not nil, query matcher matches empty query string --- modules/caddyhttp/matchers.go | 13 +++++-------- modules/caddyhttp/matchers_test.go | 8 ++++---- 2 files changed, 9 insertions(+), 12 deletions(-) diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index 6662daca..a291242a 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -349,6 +349,9 @@ func (MatchQuery) CaddyModule() caddy.ModuleInfo { // UnmarshalCaddyfile implements caddyfile.Unmarshaler. func (m *MatchQuery) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + if *m == nil { + *m = make(map[string][]string) + } for d.Next() { var query string if !d.Args(&query) { @@ -361,9 +364,6 @@ func (m *MatchQuery) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { if len(parts) != 2 { return d.Errf("malformed query matcher token: %s; must be in param=val format", d.Val()) } - if *m == nil { - *m = make(map[string][]string) - } url.Values(*m).Set(parts[0], parts[1]) if d.NextBlock(0) { return d.Err("malformed query matcher: blocks are not supported") @@ -372,11 +372,8 @@ func (m *MatchQuery) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return nil } -// Match returns true if r matches m. +// Match returns true if r matches m. An empty m matches an empty query string. func (m MatchQuery) Match(r *http.Request) bool { - if m == nil { - return len(r.URL.Query()) == 0 - } for param, vals := range m { paramVal, found := r.URL.Query()[param] if found { @@ -387,7 +384,7 @@ func (m MatchQuery) Match(r *http.Request) bool { } } } - return false + return len(m) == 0 && len(r.URL.Query()) == 0 } // CaddyModule returns the Caddy module information. diff --git a/modules/caddyhttp/matchers_test.go b/modules/caddyhttp/matchers_test.go index 219ada88..1ac95882 100644 --- a/modules/caddyhttp/matchers_test.go +++ b/modules/caddyhttp/matchers_test.go @@ -529,20 +529,20 @@ func TestQueryMatcher(t *testing.T) { expect: false, }, { - scenario: "nil matcher value should match empty query", - match: MatchQuery(nil), + scenario: "empty matcher value should match empty query", + match: MatchQuery{}, input: "/?", expect: true, }, { scenario: "nil matcher value should NOT match a non-empty query", - match: MatchQuery(nil), + match: MatchQuery{}, input: "/?foo=bar", expect: false, }, { scenario: "non-nil matcher should NOT match an empty query", - match: MatchQuery{"": []string{}}, + match: MatchQuery{"": nil}, input: "/?", expect: false, }, From 5bc4777be9c818ab6b86448423a7ba29820e71b8 Mon Sep 17 00:00:00 2001 From: Xiuming Chen Date: Sun, 21 Jun 2020 21:40:54 -0700 Subject: [PATCH 0108/1498] chore: Fix typo in reverse-proxy subcommand help message (#3513) --- modules/caddyhttp/reverseproxy/command.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/caddyhttp/reverseproxy/command.go b/modules/caddyhttp/reverseproxy/command.go index a5939a2a..4a6739e5 100644 --- a/modules/caddyhttp/reverseproxy/command.go +++ b/modules/caddyhttp/reverseproxy/command.go @@ -55,7 +55,7 @@ from its original incoming value to the address of the upstream. (Otherwise, by default, all incoming headers are passed through unmodified.) `, Flags: func() *flag.FlagSet { - fs := flag.NewFlagSet("file-server", flag.ExitOnError) + fs := flag.NewFlagSet("reverse-proxy", flag.ExitOnError) fs.String("from", "localhost", "Address on which to receive traffic") fs.String("to", "", "Upstream address to which to to proxy traffic") fs.Bool("change-host-header", false, "Set upstream Host header to address of upstream") From b1480eb52f8e3dd621798e2b74b4e3e47bacc9f5 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 22 Jun 2020 13:45:18 -0400 Subject: [PATCH 0109/1498] fastcgi: Fix php_fastcgi matcher regression (#3512) --- .../caddyfile_adapt/php_fastcgi_matcher.txt | 112 ++++++++++++++++++ .../reverseproxy/fastcgi/caddyfile.go | 20 ++-- 2 files changed, 122 insertions(+), 10 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/php_fastcgi_matcher.txt diff --git a/caddytest/integration/caddyfile_adapt/php_fastcgi_matcher.txt b/caddytest/integration/caddyfile_adapt/php_fastcgi_matcher.txt new file mode 100644 index 00000000..2f4e6fe5 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/php_fastcgi_matcher.txt @@ -0,0 +1,112 @@ +:8884 + +@api host example.com +php_fastcgi @api localhost:9000 +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":8884" + ], + "routes": [ + { + "match": [ + { + "host": [ + "example.com" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "handler": "static_response", + "headers": { + "Location": [ + "{http.request.uri.path}/" + ] + }, + "status_code": 308 + } + ], + "match": [ + { + "file": { + "try_files": [ + "{http.request.uri.path}/index.php" + ] + }, + "not": [ + { + "path": [ + "*/" + ] + } + ] + } + ] + }, + { + "handle": [ + { + "handler": "rewrite", + "uri": "{http.matchers.file.relative}" + } + ], + "match": [ + { + "file": { + "split_path": [ + ".php" + ], + "try_files": [ + "{http.request.uri.path}", + "{http.request.uri.path}/index.php", + "index.php" + ] + } + } + ] + }, + { + "handle": [ + { + "handler": "reverse_proxy", + "transport": { + "protocol": "fastcgi", + "split_path": [ + ".php" + ] + }, + "upstreams": [ + { + "dial": "localhost:9000" + } + ] + } + ], + "match": [ + { + "path": [ + "*.php" + ] + } + ] + } + ] + } + ] + } + ] + } + } + } + } +} \ No newline at end of file diff --git a/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go b/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go index 7c06adcf..03b7226c 100644 --- a/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go @@ -132,6 +132,16 @@ func parsePHPFastCGI(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error // set the default index file for the try_files rewrites indexFile := "index.php" + // if the user specified a matcher token, use that + // matcher in a route that wraps both of our routes; + // either way, strip the matcher token and pass + // the remaining tokens to the unmarshaler so that + // we can gain the rest of the reverse_proxy syntax + userMatcherSet, err := h.ExtractMatcherSet() + if err != nil { + return nil, err + } + // make a new dispenser from the remaining tokens so that we // can reset the dispenser back to this point for the // reverse_proxy unmarshaler to read from it as well @@ -252,16 +262,6 @@ func parsePHPFastCGI(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error "path": h.JSON(pathList), } - // if the user specified a matcher token, use that - // matcher in a route that wraps both of our routes; - // either way, strip the matcher token and pass - // the remaining tokens to the unmarshaler so that - // we can gain the rest of the reverse_proxy syntax - userMatcherSet, err := h.ExtractMatcherSet() - if err != nil { - return nil, err - } - // create the reverse proxy handler which uses our FastCGI transport rpHandler := &reverseproxy.Handler{ TransportRaw: caddyconfig.JSONModuleObject(fcgiTransport, "protocol", "fastcgi", nil), From 61b7002d262ab748e3db7cc705c8290447fb5b34 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Thu, 25 Jun 2020 17:58:44 -0400 Subject: [PATCH 0110/1498] ci: Apparently only single-quote strings are supported (#3523) https://help.github.com/en/actions/reference/context-and-expression-syntax-for-github-actions#literals https://github.com/caddyserver/caddy/actions/runs/147953515 --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 081bcfa7..02129ab1 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -73,7 +73,7 @@ jobs: # Only publish on non-special tags (e.g. non-beta) - name: Publish .deb to Gemfury - if: ${{ steps.vars.outputs.tag_special == "" }} + if: ${{ steps.vars.outputs.tag_special == '' }} env: GEMFURY_PUSH_TOKEN: ${{ secrets.GEMFURY_PUSH_TOKEN }} run: | From 21c00a3cd2f702b32e80dbef2987ac2250a2c9a5 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Fri, 26 Jun 2020 12:01:50 -0600 Subject: [PATCH 0111/1498] caddyhttp: Better host matching for logger names (fix #3488) (#3522) First try an exact lookup like before, but if it fails, strip the port and try again. example.com:1234 should still use a logger keyed for example.com if there is no key example.com:1234. --- modules/caddyhttp/server.go | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index 38555e74..6851e986 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -453,11 +453,27 @@ func (slc ServerLogConfig) wrapLogger(logger *zap.Logger, host string) *zap.Logg } func (slc ServerLogConfig) getLoggerName(host string) string { - if loggerName, ok := slc.LoggerNames[host]; ok { + tryHost := func(key string) (string, bool) { + // first try exact match + if loggerName, ok := slc.LoggerNames[key]; ok { + return loggerName, ok + } + // strip port and try again (i.e. Host header of "example.com:1234" should + // match "example.com" if there is no "example.com:1234" in the map) + hostOnly, _, err := net.SplitHostPort(key) + if err != nil { + return "", false + } + loggerName, ok := slc.LoggerNames[hostOnly] + return loggerName, ok + } + + // try the exact hostname first + if loggerName, ok := tryHost(host); ok { return loggerName } - // Try matching wildcard domains if other non-specific loggers exist + // try matching wildcard domains if other non-specific loggers exist labels := strings.Split(host, ".") for i := range labels { if labels[i] == "" { @@ -465,7 +481,7 @@ func (slc ServerLogConfig) getLoggerName(host string) string { } labels[i] = "*" wildcardHost := strings.Join(labels, ".") - if loggerName, ok := slc.LoggerNames[wildcardHost]; ok { + if loggerName, ok := tryHost(wildcardHost); ok { return loggerName } } From c9049bdc24cf35a1c2a4871401428cd08daf1f7d Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 26 Jun 2020 12:19:51 -0600 Subject: [PATCH 0112/1498] go.mod: Minor dependency updates --- go.mod | 10 +++++----- go.sum | 43 +++++++++++++++++++++++++++++++++++-------- 2 files changed, 40 insertions(+), 13 deletions(-) diff --git a/go.mod b/go.mod index 3a623c7d..86c987f3 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/golang/protobuf v1.4.2 github.com/google/cel-go v0.5.1 github.com/jsternberg/zap-logfmt v1.2.0 - github.com/klauspost/compress v1.10.8 + github.com/klauspost/compress v1.10.10 github.com/klauspost/cpuid v1.3.0 github.com/libdns/libdns v0.0.0-20200501023120-186724ffc821 github.com/lucas-clemente/quic-go v0.17.1 @@ -22,14 +22,14 @@ require ( github.com/naoina/toml v0.1.1 github.com/smallstep/certificates v0.15.0-rc.1.0.20200506212953-e855707dc274 github.com/smallstep/cli v0.14.4 - github.com/smallstep/nosql v0.3.0 + github.com/smallstep/nosql v0.3.1 github.com/smallstep/truststore v0.9.5 github.com/yuin/goldmark v1.1.32 github.com/yuin/goldmark-highlighting v0.0.0-20200307114337-60d527fdb691 go.uber.org/zap v1.15.0 - golang.org/x/crypto v0.0.0-20200427165652-729f1e841bcc - golang.org/x/net v0.0.0-20200528225125-3c3fba18258b - google.golang.org/genproto v0.0.0-20200413115906-b5235f65be36 + golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 + golang.org/x/net v0.0.0-20200625001655-4c5254603344 + google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013 gopkg.in/natefinch/lumberjack.v2 v2.0.0 gopkg.in/yaml.v2 v2.3.0 ) diff --git a/go.sum b/go.sum index 1677a18b..3e7987ab 100644 --- a/go.sum +++ b/go.sum @@ -35,6 +35,8 @@ dmitri.shuralyov.com/state v0.0.0-20180228185332-28bcc343414c/go.mod h1:0PRwlb0D git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg= github.com/AndreasBriese/bbloom v0.0.0-20190306092124-e2d15f34fcf9 h1:HD8gA2tkByhMAwYaFAX9w2l7vxvBQ5NMoxDrkhqhtn4= github.com/AndreasBriese/bbloom v0.0.0-20190306092124-e2d15f34fcf9/go.mod h1:bOvUY6CB00SOBii9/FifXqc0awNKxLFCL/+pkDPuyl8= +github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96 h1:cTp8I5+VIoKjsnZuH8vjyaysT/ses3EvZeaV/1UkF2M= +github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96/go.mod h1:bOvUY6CB00SOBii9/FifXqc0awNKxLFCL/+pkDPuyl8= github.com/Azure/azure-sdk-for-go v32.4.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/go-autorest/autorest v0.1.0/go.mod h1:AKyIcETwSUFxIcs/Wnq/C+kwCtlEYGUVd7FPNb2slmg= github.com/Azure/go-autorest/autorest v0.5.0/go.mod h1:9HLKlQjVBH6U3oDfsXOeVc56THsLPw1L03yban4xThw= @@ -53,6 +55,8 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DataDog/zstd v1.4.1 h1:3oxKN3wbHibqx897utPC2LTQU4J+IHWWJO+glkAkpFM= github.com/DataDog/zstd v1.4.1/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo= +github.com/DataDog/zstd v1.4.5 h1:EndNeuB0l9syBZhut0wns3gV1hL8zX8LIu6ZiVHWLIQ= +github.com/DataDog/zstd v1.4.5/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo= github.com/GeertJohan/go.incremental v1.0.0/go.mod h1:6fAjUhbVuX1KcMD3c8TEgVUqmo4seqhv0i0kdATSkM0= github.com/GeertJohan/go.rice v1.0.0/go.mod h1:eH6gbSOAUv07dQuZVnBmoDP8mgsM1rtixis4Tib9if0= github.com/Masterminds/glide v0.13.2/go.mod h1:STyF5vcenH/rUqTEv+/hBXlSTo7KYwg2oc2f4tzPWic= @@ -163,13 +167,19 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/dgraph-io/badger v1.5.3 h1:5oWIuRvwn93cie+OSt1zSnkaIQ1JFQM8bGlIv6O6Sts= github.com/dgraph-io/badger v1.5.3/go.mod h1:VZxzAIRPHRVNRKRo6AXrX9BJegn6il06VMTZVJYCIjQ= +github.com/dgraph-io/badger v1.6.1 h1:w9pSFNSdq/JPM1N12Fz/F/bzo993Is1W+Q7HjPzi7yg= +github.com/dgraph-io/badger v1.6.1/go.mod h1:FRmFw3uxvcpa8zG3Rxs0th+hCLIuaQg8HlNV5bjgnuU= github.com/dgraph-io/badger/v2 v2.0.1-rc1.0.20200413122845-09dd2e1a4195 h1:n8KbImHW5qZCXv1y3tHjz5yz418/eTxeRJZ2ZuDm1ZU= github.com/dgraph-io/badger/v2 v2.0.1-rc1.0.20200413122845-09dd2e1a4195/go.mod h1:3KY8+bsP8wI0OEnQJAKpd4wIJW/Mm32yw2j/9FUVnIM= github.com/dgraph-io/ristretto v0.0.2-0.20200115201040-8f368f2f2ab3 h1:MQLRM35Pp0yAyBYksjbj1nZI/w6eyRY/mWoM1sFf4kU= github.com/dgraph-io/ristretto v0.0.2-0.20200115201040-8f368f2f2ab3/go.mod h1:KPxhHT9ZxKefz+PCeOGsrHpl1qZ7i70dGTu2u+Ahh6E= +github.com/dgraph-io/ristretto v0.0.2 h1:a5WaUrDa0qm0YrAAS1tUykT5El3kt62KNZZeMxQn3po= +github.com/dgraph-io/ristretto v0.0.2/go.mod h1:KPxhHT9ZxKefz+PCeOGsrHpl1qZ7i70dGTu2u+Ahh6E= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2 h1:tdlZCpZ/P9DhczCTSixgIKmwPv6+wP5DGjqLYw5SUiA= github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= +github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13 h1:fAjc9m62+UWV/WAFKLNi6ZS0675eEUC9y3AlwSbQu1Y= +github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8= github.com/dlclark/regexp2 v1.1.6/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc= @@ -270,6 +280,7 @@ github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrU github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= github.com/golang/protobuf v1.4.0 h1:oOuy+ugB+P/kBdUnG5QaMXSIyJ1q38wWSojYCb3z5VQ= github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= +github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= github.com/golang/protobuf v1.4.2 h1:+Z5KGCizgyZCbGh1KZqA0fcLLkwbsjIzS4aV2v7wJX0= github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= @@ -308,6 +319,8 @@ github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.0 h1:/QaMHBdZ26BB3SSst0Iwl10Epc+xhTquomWX0oZEB6w= +github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= @@ -396,8 +409,8 @@ github.com/kisielk/gotool v0.0.0-20161130080628-0de1eaf82fa3/go.mod h1:jxZFDH7IL github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.4.0/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= -github.com/klauspost/compress v1.10.8 h1:eLeJ3dr/Y9+XRfJT4l+8ZjmtB5RPJhucH2HeCV5+IZY= -github.com/klauspost/compress v1.10.8/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= +github.com/klauspost/compress v1.10.10 h1:a/y8CglcM7gLGYmlbP/stPE5sR3hbhFRUjCBfd/0B3I= +github.com/klauspost/compress v1.10.10/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/cpuid v0.0.0-20180405133222-e7e905edc00e/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/klauspost/cpuid v1.2.3 h1:CCtW0xUnWGVINKvE/WWOYKdsPV6mawAtvQuSl8guwQs= @@ -411,6 +424,8 @@ github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxv github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pretty v0.2.0 h1:s5hAObm+yFO5uHYt5dYjxi2rXrsnmRpJx4OYvIWUaQs= +github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.3/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= @@ -638,6 +653,8 @@ github.com/smallstep/cli v0.14.4 h1:oaaGwY1iNSHmIC6baiJhdZoLGmXJ0rXyRcxl3Q73SDE= github.com/smallstep/cli v0.14.4/go.mod h1:cI1F2o1ugIcP1qklLPBECfeR7v7mFxVE6pVNQIMNWpA= github.com/smallstep/nosql v0.3.0 h1:V1X5vfDsDt89499h3jZFUlR4VnnsYYs5tXaQZ0w8z5U= github.com/smallstep/nosql v0.3.0/go.mod h1:QG7gNOpidifn99MjZaiNbm7HPesIyBd97F/OfacNz8Q= +github.com/smallstep/nosql v0.3.1 h1:IZEtasli5o+o/UgIuV0rCCBAyTme+Hvz7thabLu2CzA= +github.com/smallstep/nosql v0.3.1/go.mod h1:/jxo1+AkzWIIsja753rk+ETFpPHsPiK5PJp1jkmUwXc= github.com/smallstep/truststore v0.9.3/go.mod h1:PRSkpRIhAYBK/KLWkHNgRdYgzWMEy45bN7PSJCfKKGE= github.com/smallstep/truststore v0.9.5 h1:KQ6bFXUadu3PG57sFSIBsu2pb/35NqO+MyS2Pvi62bA= github.com/smallstep/truststore v0.9.5/go.mod h1:HwHKRcBi0RUxxw1LYDpTRhYC4jZUuxPpkHdVonlkoDM= @@ -727,6 +744,8 @@ github.com/zmap/zcrypto v0.0.0-20190329181646-dff83107394d/go.mod h1:ix3q2kpLy0i github.com/zmap/zlint v0.0.0-20190516161541-9047d02cf65a/go.mod h1:xwLbce0UzBXp44sIAL1cii+hoK8j4AxRKlymZA2AIcY= go.etcd.io/bbolt v1.3.2 h1:Z/90sZLPOeCy2PwprqkFa25PdkusRzaj9P8zm/KNyvk= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= +go.etcd.io/bbolt v1.3.5 h1:XAzx9gjCb0Rxj7EoqcClPD1d5ZBxZJk0jbuoPHenBt0= +go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ= go.etcd.io/etcd v3.3.13+incompatible/go.mod h1:yaeTdrJi5lOmYerz05bd8+V7KubZs8YSFZfzsF9A6aI= go.etcd.io/etcd v3.3.18+incompatible/go.mod h1:yaeTdrJi5lOmYerz05bd8+V7KubZs8YSFZfzsF9A6aI= go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= @@ -777,8 +796,8 @@ golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20200427165652-729f1e841bcc h1:ZGI/fILM2+ueot/UixBSoj9188jCAxVHEZEGhqq67I4= -golang.org/x/crypto v0.0.0-20200427165652-729f1e841bcc/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -845,8 +864,8 @@ golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200528225125-3c3fba18258b h1:IYiJPiJfzktmDAO1HQiwjMjwjlYKHAL7KzeD544RJPs= -golang.org/x/net v0.0.0-20200528225125-3c3fba18258b/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200625001655-4c5254603344 h1:vGXIOMxbNfDTk/aXCmfdLgkrSV+Z2tcbze+pEc3v5W4= +golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -910,6 +929,8 @@ golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd h1:xhmwyvizuTgC2qz7ZlMluP20u golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200413165638-669c56c373c4 h1:opSr2sbRXk5X5/givKrrKj9HXxFpW2sdCiP8MJSKLQY= golang.org/x/sys v0.0.0-20200413165638-669c56c373c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4 h1:5/PjkGUjvEU5Gl6BxmvKRPpqo2uNMv4rcHBMwzk/st8= +golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.0.0-20170915090833-1cbadb444a80/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1006,6 +1027,8 @@ google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7 google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= google.golang.org/appengine v1.6.5 h1:tycE03LOZYQNhDpS27tcQdAzLCVMaj7QT2SXxebnpCM= google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/appengine v1.6.6 h1:lMO5rYAqUxkmaj76jAkRUvt5JZgFymx/+Q5Mzfivuhc= +google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20180831171423-11092d34479b/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20181029155118-b69ba1387ce2/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= @@ -1030,8 +1053,8 @@ google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4 google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200413115906-b5235f65be36 h1:j7CmVRD4Kec0+f8VuBAc2Ak2MFfXm5Q2/RxuJLL+76E= -google.golang.org/genproto v0.0.0-20200413115906-b5235f65be36/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013 h1:+kGHl1aib/qcwaRi1CbqBZ1rk19r85MNUf8HaBghugY= +google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= @@ -1051,8 +1074,12 @@ google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= +google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.0 h1:4MY060fB1DLGMB/7MBTLnwQUY6+F09GEiz6SsrNqyzM= google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.25.0 h1:Ejskq+SyPohKW+1uil0JJMtmHCgJPJ/qWTxr8qp+R4c= +google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= From caca55e582c74e43338b270ebb5ff277c4404195 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Fri, 26 Jun 2020 16:00:54 -0400 Subject: [PATCH 0113/1498] ci: Fix release publish trigger (#3524) Looks like event payloads need to be prefixed with `github.event` to get the actual payload contents. Didn't dig deep enough. https://help.github.com/en/actions/reference/context-and-expression-syntax-for-github-actions#github-context --- .github/workflows/release_published.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release_published.yml b/.github/workflows/release_published.yml index cf47e73d..5b92a913 100644 --- a/.github/workflows/release_published.yml +++ b/.github/workflows/release_published.yml @@ -22,7 +22,7 @@ jobs: token: ${{ secrets.REPO_DISPATCH_TOKEN }} repository: caddyserver/dist event-type: release-tagged - client-payload: '{"tag": "${{ github.release.tag_name }}"}' + client-payload: '{"tag": "${{ github.event.release.tag_name }}"}' - name: Trigger event on caddyserver/caddy-docker uses: peter-evans/repository-dispatch@v1 From 6004d3f779b8175d92d8eb7819ed800e8eddbff6 Mon Sep 17 00:00:00 2001 From: Mark Sargent <99003+sarge@users.noreply.github.com> Date: Sat, 27 Jun 2020 09:12:37 +1200 Subject: [PATCH 0114/1498] caddyhttp: Add 'map' handler (#3199) * inital map implementation * resolve the value during middleware execution * use regex instead * pr feedback * renamed mmap to maphandler * refactored GetString implementation * fixed mispelling * additional feedback --- caddyconfig/httpcaddyfile/directives.go | 1 + caddytest/integration/map_test.go | 143 ++++++++++++++++++++++++ modules/caddyhttp/map/caddyfile.go | 71 ++++++++++++ modules/caddyhttp/map/map.go | 105 +++++++++++++++++ modules/caddyhttp/standard/imports.go | 1 + replacer.go | 7 ++ 6 files changed, 328 insertions(+) create mode 100644 caddytest/integration/map_test.go create mode 100644 modules/caddyhttp/map/caddyfile.go create mode 100644 modules/caddyhttp/map/map.go diff --git a/caddyconfig/httpcaddyfile/directives.go b/caddyconfig/httpcaddyfile/directives.go index c9f4ad96..ee73078c 100644 --- a/caddyconfig/httpcaddyfile/directives.go +++ b/caddyconfig/httpcaddyfile/directives.go @@ -37,6 +37,7 @@ import ( // The header directive goes second so that headers // can be manipulated before doing redirects. var directiveOrder = []string{ + "map", "root", "header", diff --git a/caddytest/integration/map_test.go b/caddytest/integration/map_test.go new file mode 100644 index 00000000..e31b95a5 --- /dev/null +++ b/caddytest/integration/map_test.go @@ -0,0 +1,143 @@ +package integration + +import ( + "bytes" + "testing" + + "github.com/caddyserver/caddy/v2/caddytest" +) + +func TestMap(t *testing.T) { + + // arrange + tester := caddytest.NewTester(t) + tester.InitServer(`{ + http_port 9080 + https_port 9443 + } + + localhost:9080 { + + map http.request.method dest-name { + default unknown + G.T get-called + POST post-called + } + + respond /version 200 { + body "hello from localhost {dest-name}" + } + } + `, "caddyfile") + + // act and assert + tester.AssertGetResponse("http://localhost:9080/version", 200, "hello from localhost get-called") + tester.AssertPostResponseBody("http://localhost:9080/version", []string{}, bytes.NewBuffer([]byte{}), 200, "hello from localhost post-called") +} + +func TestMapRespondWithDefault(t *testing.T) { + + // arrange + tester := caddytest.NewTester(t) + tester.InitServer(`{ + http_port 9080 + https_port 9443 + } + + localhost:9080 { + + map http.request.method dest-name { + default unknown + GET get-called + } + + respond /version 200 { + body "hello from localhost {dest-name}" + } + } + `, "caddyfile") + + // act and assert + tester.AssertGetResponse("http://localhost:9080/version", 200, "hello from localhost get-called") + tester.AssertPostResponseBody("http://localhost:9080/version", []string{}, bytes.NewBuffer([]byte{}), 200, "hello from localhost unknown") +} + +func TestMapAsJson(t *testing.T) { + + // arrange + tester := caddytest.NewTester(t) + tester.InitServer(`{ + "apps": { + "http": { + "http_port": 9080, + "https_port": 9443, + "servers": { + "srv0": { + "listen": [ + ":9080" + ], + "routes": [ + { + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "handler": "map", + "source": "http.request.method", + "destination": "dest-name", + "default": "unknown", + "items": [ + { + "expression": "GET", + "value": "get-called" + }, + { + "expression": "POST", + "value": "post-called" + } + ] + } + ] + }, + { + "handle": [ + { + "body": "hello from localhost {dest-name}", + "handler": "static_response", + "status_code": 200 + } + ], + "match": [ + { + "path": [ + "/version" + ] + } + ] + } + ] + } + ], + "match": [ + { + "host": [ + "localhost" + ] + } + ], + "terminal": true + } + ] + } + } + } + } + } + `, "json") + + tester.AssertGetResponse("http://localhost:9080/version", 200, "hello from localhost get-called") + tester.AssertPostResponseBody("http://localhost:9080/version", []string{}, bytes.NewBuffer([]byte{}), 200, "hello from localhost post-called") +} diff --git a/modules/caddyhttp/map/caddyfile.go b/modules/caddyhttp/map/caddyfile.go new file mode 100644 index 00000000..57379710 --- /dev/null +++ b/modules/caddyhttp/map/caddyfile.go @@ -0,0 +1,71 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package maphandler + +import ( + "github.com/caddyserver/caddy/v2/caddyconfig/httpcaddyfile" + "github.com/caddyserver/caddy/v2/modules/caddyhttp" +) + +func init() { + httpcaddyfile.RegisterHandlerDirective("map", parseCaddyfile) +} + +// parseCaddyfile sets up the handler for a map from Caddyfile tokens. Syntax: +// +// map { +// [default ] - used if not match is found +// [ ] - regular expression to match against the source find and the matching replacement value +// ... +// } +// +// The map takes a source variable and maps it into the dest variable. The mapping process +// will check the source variable for the first successful match against a list of regular expressions. +// If a successful match is found the dest variable will contain the replacement value. +// If no successful match is found and the default is specified then the dest will contain the default value. +// +func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) { + m := new(Handler) + + for h.Next() { + // first see if source and dest are configured + if h.NextArg() { + m.Source = h.Val() + if h.NextArg() { + m.Destination = h.Val() + } + } + + // load the rules + for h.NextBlock(0) { + expression := h.Val() + if expression == "default" { + args := h.RemainingArgs() + if len(args) != 1 { + return m, h.ArgErr() + } + m.Default = args[0] + } else { + args := h.RemainingArgs() + if len(args) != 1 { + return m, h.ArgErr() + } + m.Items = append(m.Items, Item{Expression: expression, Value: args[0]}) + } + } + } + + return m, nil +} diff --git a/modules/caddyhttp/map/map.go b/modules/caddyhttp/map/map.go new file mode 100644 index 00000000..d2a0a0ab --- /dev/null +++ b/modules/caddyhttp/map/map.go @@ -0,0 +1,105 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package maphandler + +import ( + "net/http" + "regexp" + + "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/caddy/v2/modules/caddyhttp" +) + +func init() { + caddy.RegisterModule(Handler{}) +} + +// Handler is a middleware that maps a source placeholder to a destination +// placeholder. +// +// The mapping process happens early in the request handling lifecycle so that +// the Destination placeholder is calculated and available for substitution. +// The Items array contains pairs of regex expressions and values, the +// Source is matched against the expression, if they match then the destination +// placeholder is set to the value. +// +// The Default is optional, if no Item expression is matched then the value of +// the Default will be used. +// +type Handler struct { + // Source is a placeholder + Source string `json:"source,omitempty"` + // Destination is a new placeholder + Destination string `json:"destination,omitempty"` + // Default is an optional value to use if no other was found + Default string `json:"default,omitempty"` + // Items is an array of regex expressions and values + Items []Item `json:"items,omitempty"` +} + +// CaddyModule returns the Caddy module information. +func (Handler) CaddyModule() caddy.ModuleInfo { + return caddy.ModuleInfo{ + ID: "http.handlers.map", + New: func() caddy.Module { return new(Handler) }, + } +} + +// Provision will compile all regular expressions +func (h *Handler) Provision(_ caddy.Context) error { + for i := 0; i < len(h.Items); i++ { + h.Items[i].compiled = regexp.MustCompile(h.Items[i].Expression) + } + return nil +} + +func (h Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhttp.Handler) error { + repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) + + // get the source value, if the source value was not found do no + // replacement. + val, ok := repl.GetString(h.Source) + if ok { + found := false + for i := 0; i < len(h.Items); i++ { + if h.Items[i].compiled.MatchString(val) { + found = true + repl.Set(h.Destination, h.Items[i].Value) + break + } + } + + if !found && h.Default != "" { + repl.Set(h.Destination, h.Default) + } + } + return next.ServeHTTP(w, r) +} + +// Item defines each entry in the map +type Item struct { + // Expression is the regular expression searched for + Expression string `json:"expression,omitempty"` + // Value to use once the expression has been found + Value string `json:"value,omitempty"` + // compiled expression, internal use + compiled *regexp.Regexp +} + +// Interface guards +var ( + _ caddy.Provisioner = (*Handler)(nil) + _ caddyhttp.MiddlewareHandler = (*Handler)(nil) +) diff --git a/modules/caddyhttp/standard/imports.go b/modules/caddyhttp/standard/imports.go index a0ccf6e7..dabec812 100644 --- a/modules/caddyhttp/standard/imports.go +++ b/modules/caddyhttp/standard/imports.go @@ -9,6 +9,7 @@ import ( _ "github.com/caddyserver/caddy/v2/modules/caddyhttp/encode/zstd" _ "github.com/caddyserver/caddy/v2/modules/caddyhttp/fileserver" _ "github.com/caddyserver/caddy/v2/modules/caddyhttp/headers" + _ "github.com/caddyserver/caddy/v2/modules/caddyhttp/map" _ "github.com/caddyserver/caddy/v2/modules/caddyhttp/requestbody" _ "github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy" _ "github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy/fastcgi" diff --git a/replacer.go b/replacer.go index 86cd7298..29d8e26a 100644 --- a/replacer.go +++ b/replacer.go @@ -66,6 +66,13 @@ func (r *Replacer) Get(variable string) (interface{}, bool) { return nil, false } +// GetString is the same as Get, but coerces the value to a +// string representation. +func (r *Replacer) GetString(variable string) (string, bool) { + s, found := r.Get(variable) + return toString(s), found +} + // Delete removes a variable with a static value // that was created using Set. func (r *Replacer) Delete(variable string) { From ddd690de4cc133bc728f765b2492ccb54f9d84ca Mon Sep 17 00:00:00 2001 From: James Birtles Date: Fri, 26 Jun 2020 22:14:47 +0100 Subject: [PATCH 0115/1498] caddyhttp: Support placeholders in query matcher (#3521) --- modules/caddyhttp/matchers.go | 3 +++ modules/caddyhttp/matchers_test.go | 17 +++++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index a291242a..164f4434 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -374,10 +374,13 @@ func (m *MatchQuery) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { // Match returns true if r matches m. An empty m matches an empty query string. func (m MatchQuery) Match(r *http.Request) bool { + repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) for param, vals := range m { + param = repl.ReplaceAll(param, "") paramVal, found := r.URL.Query()[param] if found { for _, v := range vals { + v = repl.ReplaceAll(v, "") if paramVal[0] == v || v == "*" { return true } diff --git a/modules/caddyhttp/matchers_test.go b/modules/caddyhttp/matchers_test.go index 1ac95882..883680f2 100644 --- a/modules/caddyhttp/matchers_test.go +++ b/modules/caddyhttp/matchers_test.go @@ -546,11 +546,28 @@ func TestQueryMatcher(t *testing.T) { input: "/?", expect: false, }, + { + scenario: "match against a placeholder value", + match: MatchQuery{"debug": []string{"{http.vars.debug}"}}, + input: "/?debug=1", + expect: true, + }, + { + scenario: "match against a placeholder key", + match: MatchQuery{"{http.vars.key}": []string{"1"}}, + input: "/?somekey=1", + expect: true, + }, } { u, _ := url.Parse(tc.input) req := &http.Request{URL: u} + repl := caddy.NewReplacer() + ctx := context.WithValue(req.Context(), caddy.ReplacerCtxKey, repl) + repl.Set("http.vars.debug", "1") + repl.Set("http.vars.key", "somekey") + req = req.WithContext(ctx) actual := tc.match.Match(req) if actual != tc.expect { t.Errorf("Test %d %v: Expected %t, got %t for '%s'", i, tc.match, tc.expect, actual, tc.input) From 77f233a4840afb8b081d12b083b19ed314fd975a Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 30 Jun 2020 11:42:55 -0600 Subject: [PATCH 0116/1498] caddyhttp: Corrected host label index check (fix #3502) --- modules/caddyhttp/replacer.go | 2 +- modules/caddyhttp/replacer_test.go | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/modules/caddyhttp/replacer.go b/modules/caddyhttp/replacer.go index b3c7b5dc..f5950211 100644 --- a/modules/caddyhttp/replacer.go +++ b/modules/caddyhttp/replacer.go @@ -172,7 +172,7 @@ func addHTTPVarsToReplacer(repl *caddy.Replacer, req *http.Request, w http.Respo reqHost = req.Host // OK; assume there was no port } hostLabels := strings.Split(reqHost, ".") - if idx > len(hostLabels) { + if idx >= len(hostLabels) { return "", true } return hostLabels[len(hostLabels)-idx-1], true diff --git a/modules/caddyhttp/replacer_test.go b/modules/caddyhttp/replacer_test.go index bc18c5a0..49167ee5 100644 --- a/modules/caddyhttp/replacer_test.go +++ b/modules/caddyhttp/replacer_test.go @@ -107,6 +107,10 @@ eqp31wM9il1n+guTNyxJd+FzVAH+hCZE5K+tCgVDdVFUlDEHHbS/wqb2PSIoouLV input: "{http.request.host.labels.1}", expect: "example", }, + { + input: "{http.request.host.labels.2}", + expect: "", + }, { input: "{http.request.tls.cipher_suite}", expect: "TLS_AES_256_GCM_SHA384", From d7dbf8552562edcfb53ab2024d8ceccc33823021 Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Tue, 30 Jun 2020 20:53:29 +0300 Subject: [PATCH 0117/1498] cel: fix validation of expression result type (#3526) * cel: fix validation of expression result type The earlier code used the proto.Equals from github.com/gogo/protobuf, which failed to compare two messages of the same type for some reason. Switching to proto.Equal from the canonical github.com/golang/protobuf fixes the issue. * deps: remove deprecated github.com/golang/protobuf in favor of google.golang.org/protobuf * downgrade github.com/smallstep/nosql to resolve warning pb.proto warning --- go.mod | 5 ++- go.sum | 23 +------------ modules/caddyhttp/celmatcher.go | 4 +-- modules/caddyhttp/celmatcher_test.go | 51 ++++++++++++++++++++++++++++ 4 files changed, 56 insertions(+), 27 deletions(-) create mode 100644 modules/caddyhttp/celmatcher_test.go diff --git a/go.mod b/go.mod index 86c987f3..9d47c464 100644 --- a/go.mod +++ b/go.mod @@ -10,8 +10,6 @@ require ( github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-acme/lego/v3 v3.7.0 github.com/go-chi/chi v4.1.2+incompatible - github.com/gogo/protobuf v1.3.1 - github.com/golang/protobuf v1.4.2 github.com/google/cel-go v0.5.1 github.com/jsternberg/zap-logfmt v1.2.0 github.com/klauspost/compress v1.10.10 @@ -22,7 +20,7 @@ require ( github.com/naoina/toml v0.1.1 github.com/smallstep/certificates v0.15.0-rc.1.0.20200506212953-e855707dc274 github.com/smallstep/cli v0.14.4 - github.com/smallstep/nosql v0.3.1 + github.com/smallstep/nosql v0.3.0 github.com/smallstep/truststore v0.9.5 github.com/yuin/goldmark v1.1.32 github.com/yuin/goldmark-highlighting v0.0.0-20200307114337-60d527fdb691 @@ -30,6 +28,7 @@ require ( golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 golang.org/x/net v0.0.0-20200625001655-4c5254603344 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013 + google.golang.org/protobuf v1.25.0 gopkg.in/natefinch/lumberjack.v2 v2.0.0 gopkg.in/yaml.v2 v2.3.0 ) diff --git a/go.sum b/go.sum index 3e7987ab..79617fb4 100644 --- a/go.sum +++ b/go.sum @@ -35,8 +35,6 @@ dmitri.shuralyov.com/state v0.0.0-20180228185332-28bcc343414c/go.mod h1:0PRwlb0D git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg= github.com/AndreasBriese/bbloom v0.0.0-20190306092124-e2d15f34fcf9 h1:HD8gA2tkByhMAwYaFAX9w2l7vxvBQ5NMoxDrkhqhtn4= github.com/AndreasBriese/bbloom v0.0.0-20190306092124-e2d15f34fcf9/go.mod h1:bOvUY6CB00SOBii9/FifXqc0awNKxLFCL/+pkDPuyl8= -github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96 h1:cTp8I5+VIoKjsnZuH8vjyaysT/ses3EvZeaV/1UkF2M= -github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96/go.mod h1:bOvUY6CB00SOBii9/FifXqc0awNKxLFCL/+pkDPuyl8= github.com/Azure/azure-sdk-for-go v32.4.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/go-autorest/autorest v0.1.0/go.mod h1:AKyIcETwSUFxIcs/Wnq/C+kwCtlEYGUVd7FPNb2slmg= github.com/Azure/go-autorest/autorest v0.5.0/go.mod h1:9HLKlQjVBH6U3oDfsXOeVc56THsLPw1L03yban4xThw= @@ -55,8 +53,6 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DataDog/zstd v1.4.1 h1:3oxKN3wbHibqx897utPC2LTQU4J+IHWWJO+glkAkpFM= github.com/DataDog/zstd v1.4.1/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo= -github.com/DataDog/zstd v1.4.5 h1:EndNeuB0l9syBZhut0wns3gV1hL8zX8LIu6ZiVHWLIQ= -github.com/DataDog/zstd v1.4.5/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo= github.com/GeertJohan/go.incremental v1.0.0/go.mod h1:6fAjUhbVuX1KcMD3c8TEgVUqmo4seqhv0i0kdATSkM0= github.com/GeertJohan/go.rice v1.0.0/go.mod h1:eH6gbSOAUv07dQuZVnBmoDP8mgsM1rtixis4Tib9if0= github.com/Masterminds/glide v0.13.2/go.mod h1:STyF5vcenH/rUqTEv+/hBXlSTo7KYwg2oc2f4tzPWic= @@ -167,19 +163,13 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/dgraph-io/badger v1.5.3 h1:5oWIuRvwn93cie+OSt1zSnkaIQ1JFQM8bGlIv6O6Sts= github.com/dgraph-io/badger v1.5.3/go.mod h1:VZxzAIRPHRVNRKRo6AXrX9BJegn6il06VMTZVJYCIjQ= -github.com/dgraph-io/badger v1.6.1 h1:w9pSFNSdq/JPM1N12Fz/F/bzo993Is1W+Q7HjPzi7yg= -github.com/dgraph-io/badger v1.6.1/go.mod h1:FRmFw3uxvcpa8zG3Rxs0th+hCLIuaQg8HlNV5bjgnuU= github.com/dgraph-io/badger/v2 v2.0.1-rc1.0.20200413122845-09dd2e1a4195 h1:n8KbImHW5qZCXv1y3tHjz5yz418/eTxeRJZ2ZuDm1ZU= github.com/dgraph-io/badger/v2 v2.0.1-rc1.0.20200413122845-09dd2e1a4195/go.mod h1:3KY8+bsP8wI0OEnQJAKpd4wIJW/Mm32yw2j/9FUVnIM= github.com/dgraph-io/ristretto v0.0.2-0.20200115201040-8f368f2f2ab3 h1:MQLRM35Pp0yAyBYksjbj1nZI/w6eyRY/mWoM1sFf4kU= github.com/dgraph-io/ristretto v0.0.2-0.20200115201040-8f368f2f2ab3/go.mod h1:KPxhHT9ZxKefz+PCeOGsrHpl1qZ7i70dGTu2u+Ahh6E= -github.com/dgraph-io/ristretto v0.0.2 h1:a5WaUrDa0qm0YrAAS1tUykT5El3kt62KNZZeMxQn3po= -github.com/dgraph-io/ristretto v0.0.2/go.mod h1:KPxhHT9ZxKefz+PCeOGsrHpl1qZ7i70dGTu2u+Ahh6E= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2 h1:tdlZCpZ/P9DhczCTSixgIKmwPv6+wP5DGjqLYw5SUiA= github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= -github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13 h1:fAjc9m62+UWV/WAFKLNi6ZS0675eEUC9y3AlwSbQu1Y= -github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8= github.com/dlclark/regexp2 v1.1.6/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc= @@ -280,9 +270,8 @@ github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrU github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= github.com/golang/protobuf v1.4.0 h1:oOuy+ugB+P/kBdUnG5QaMXSIyJ1q38wWSojYCb3z5VQ= github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= +github.com/golang/protobuf v1.4.1 h1:ZFgWrT+bLgsYPirOnRfKLYJLvssAegOj/hgyMFdJZe0= github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= -github.com/golang/protobuf v1.4.2 h1:+Z5KGCizgyZCbGh1KZqA0fcLLkwbsjIzS4aV2v7wJX0= -github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.1 h1:Qgr9rKW7uDUkrbSmQeiDsGa8SjGyCOGtuasMWwvp2P4= github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= @@ -424,8 +413,6 @@ github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxv github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -github.com/kr/pretty v0.2.0 h1:s5hAObm+yFO5uHYt5dYjxi2rXrsnmRpJx4OYvIWUaQs= -github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.3/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= @@ -653,8 +640,6 @@ github.com/smallstep/cli v0.14.4 h1:oaaGwY1iNSHmIC6baiJhdZoLGmXJ0rXyRcxl3Q73SDE= github.com/smallstep/cli v0.14.4/go.mod h1:cI1F2o1ugIcP1qklLPBECfeR7v7mFxVE6pVNQIMNWpA= github.com/smallstep/nosql v0.3.0 h1:V1X5vfDsDt89499h3jZFUlR4VnnsYYs5tXaQZ0w8z5U= github.com/smallstep/nosql v0.3.0/go.mod h1:QG7gNOpidifn99MjZaiNbm7HPesIyBd97F/OfacNz8Q= -github.com/smallstep/nosql v0.3.1 h1:IZEtasli5o+o/UgIuV0rCCBAyTme+Hvz7thabLu2CzA= -github.com/smallstep/nosql v0.3.1/go.mod h1:/jxo1+AkzWIIsja753rk+ETFpPHsPiK5PJp1jkmUwXc= github.com/smallstep/truststore v0.9.3/go.mod h1:PRSkpRIhAYBK/KLWkHNgRdYgzWMEy45bN7PSJCfKKGE= github.com/smallstep/truststore v0.9.5 h1:KQ6bFXUadu3PG57sFSIBsu2pb/35NqO+MyS2Pvi62bA= github.com/smallstep/truststore v0.9.5/go.mod h1:HwHKRcBi0RUxxw1LYDpTRhYC4jZUuxPpkHdVonlkoDM= @@ -744,8 +729,6 @@ github.com/zmap/zcrypto v0.0.0-20190329181646-dff83107394d/go.mod h1:ix3q2kpLy0i github.com/zmap/zlint v0.0.0-20190516161541-9047d02cf65a/go.mod h1:xwLbce0UzBXp44sIAL1cii+hoK8j4AxRKlymZA2AIcY= go.etcd.io/bbolt v1.3.2 h1:Z/90sZLPOeCy2PwprqkFa25PdkusRzaj9P8zm/KNyvk= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= -go.etcd.io/bbolt v1.3.5 h1:XAzx9gjCb0Rxj7EoqcClPD1d5ZBxZJk0jbuoPHenBt0= -go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ= go.etcd.io/etcd v3.3.13+incompatible/go.mod h1:yaeTdrJi5lOmYerz05bd8+V7KubZs8YSFZfzsF9A6aI= go.etcd.io/etcd v3.3.18+incompatible/go.mod h1:yaeTdrJi5lOmYerz05bd8+V7KubZs8YSFZfzsF9A6aI= go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= @@ -929,8 +912,6 @@ golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd h1:xhmwyvizuTgC2qz7ZlMluP20u golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200413165638-669c56c373c4 h1:opSr2sbRXk5X5/givKrrKj9HXxFpW2sdCiP8MJSKLQY= golang.org/x/sys v0.0.0-20200413165638-669c56c373c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4 h1:5/PjkGUjvEU5Gl6BxmvKRPpqo2uNMv4rcHBMwzk/st8= -golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.0.0-20170915090833-1cbadb444a80/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1027,8 +1008,6 @@ google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7 google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= google.golang.org/appengine v1.6.5 h1:tycE03LOZYQNhDpS27tcQdAzLCVMaj7QT2SXxebnpCM= google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.6 h1:lMO5rYAqUxkmaj76jAkRUvt5JZgFymx/+Q5Mzfivuhc= -google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20180831171423-11092d34479b/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20181029155118-b69ba1387ce2/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= diff --git a/modules/caddyhttp/celmatcher.go b/modules/caddyhttp/celmatcher.go index 6c9cc967..83e01cfb 100644 --- a/modules/caddyhttp/celmatcher.go +++ b/modules/caddyhttp/celmatcher.go @@ -25,8 +25,6 @@ import ( "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" - "github.com/gogo/protobuf/proto" - "github.com/golang/protobuf/ptypes/timestamp" "github.com/google/cel-go/cel" "github.com/google/cel-go/checker/decls" "github.com/google/cel-go/common/types" @@ -35,6 +33,8 @@ import ( "github.com/google/cel-go/ext" "github.com/google/cel-go/interpreter/functions" exprpb "google.golang.org/genproto/googleapis/api/expr/v1alpha1" + "google.golang.org/protobuf/proto" + timestamp "google.golang.org/protobuf/types/known/timestamppb" ) func init() { diff --git a/modules/caddyhttp/celmatcher_test.go b/modules/caddyhttp/celmatcher_test.go new file mode 100644 index 00000000..0e3b335d --- /dev/null +++ b/modules/caddyhttp/celmatcher_test.go @@ -0,0 +1,51 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package caddyhttp + +import ( + "testing" + + "github.com/caddyserver/caddy/v2" +) + +func TestMatchExpressionProvision(t *testing.T) { + tests := []struct { + name string + expression *MatchExpression + wantErr bool + }{ + { + name: "boolean mtaches succeed", + expression: &MatchExpression{ + Expr: "{http.request.uri.query} != ''", + }, + wantErr: false, + }, + { + name: "reject expressions with non-boolean results", + expression: &MatchExpression{ + Expr: "{http.request.uri.query}", + }, + wantErr: true, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if err := tt.expression.Provision(caddy.Context{}); (err != nil) != tt.wantErr { + t.Errorf("MatchExpression.Provision() error = %v, wantErr %v", err, tt.wantErr) + } + }) + } +} From 2d0f8831f86a384f2cd409d60136ed6cd1225f32 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 30 Jun 2020 15:36:17 -0400 Subject: [PATCH 0118/1498] ci: Fix another oops with publish workflow (#3536) --- .github/workflows/release_published.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release_published.yml b/.github/workflows/release_published.yml index 5b92a913..b75358bd 100644 --- a/.github/workflows/release_published.yml +++ b/.github/workflows/release_published.yml @@ -30,5 +30,5 @@ jobs: token: ${{ secrets.REPO_DISPATCH_TOKEN }} repository: caddyserver/caddy-docker event-type: release-tagged - client-payload: '{"tag": "${{ github.release.tag_name }}"}' + client-payload: '{"tag": "${{ github.event.release.tag_name }}"}' From c35820012bfd1b636cc16d1869f80be8e6a57ce1 Mon Sep 17 00:00:00 2001 From: Greg Anders <8965202+gpanders@users.noreply.github.com> Date: Mon, 6 Jul 2020 11:53:40 -0600 Subject: [PATCH 0119/1498] templates: Disable hard wraps in Markdown rendering (#3553) --- modules/caddyhttp/templates/tplcontext.go | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/caddyhttp/templates/tplcontext.go b/modules/caddyhttp/templates/tplcontext.go index b466c5a7..814d06f3 100644 --- a/modules/caddyhttp/templates/tplcontext.go +++ b/modules/caddyhttp/templates/tplcontext.go @@ -254,7 +254,6 @@ func (templateContext) funcMarkdown(input interface{}) (string, error) { parser.WithAutoHeadingID(), ), goldmark.WithRendererOptions( - gmhtml.WithHardWraps(), gmhtml.WithUnsafe(), // TODO: this is not awesome, maybe should be configurable? ), ) From 2a5599e2ad7f2d894915365782b3e4e1022c8e06 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 6 Jul 2020 12:10:35 -0600 Subject: [PATCH 0120/1498] go.mod: Upgrade and downgrade smallstep, quic-go, and cpuid Closes #3537 and fixes #3535 --- go.mod | 8 ++++---- go.sum | 29 ++++++++++++++++------------- 2 files changed, 20 insertions(+), 17 deletions(-) diff --git a/go.mod b/go.mod index 9d47c464..0c716102 100644 --- a/go.mod +++ b/go.mod @@ -13,13 +13,13 @@ require ( github.com/google/cel-go v0.5.1 github.com/jsternberg/zap-logfmt v1.2.0 github.com/klauspost/compress v1.10.10 - github.com/klauspost/cpuid v1.3.0 + github.com/klauspost/cpuid v1.2.5 github.com/libdns/libdns v0.0.0-20200501023120-186724ffc821 - github.com/lucas-clemente/quic-go v0.17.1 + github.com/lucas-clemente/quic-go v0.17.2 github.com/naoina/go-stringutil v0.1.0 // indirect github.com/naoina/toml v0.1.1 - github.com/smallstep/certificates v0.15.0-rc.1.0.20200506212953-e855707dc274 - github.com/smallstep/cli v0.14.4 + github.com/smallstep/certificates v0.14.6 + github.com/smallstep/cli v0.14.6 github.com/smallstep/nosql v0.3.0 github.com/smallstep/truststore v0.9.5 github.com/yuin/goldmark v1.1.32 diff --git a/go.sum b/go.sum index 79617fb4..0c740450 100644 --- a/go.sum +++ b/go.sum @@ -108,6 +108,8 @@ github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6l github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/aws/aws-sdk-go v1.19.18/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.30.20/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= +github.com/aws/aws-sdk-go v1.30.29 h1:NXNqBS9hjOCpDL8SyCyl38gZX3LLLunKOJc5E7vJ8P0= +github.com/aws/aws-sdk-go v1.30.29/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= @@ -216,6 +218,7 @@ github.com/go-lintpack/lintpack v0.5.2/go.mod h1:NwZuYi2nUHho8XEIZ6SIxihrnPoqBTD github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-ole/go-ole v1.2.1/go.mod h1:7FAglXiTm7HKlQRDeOQ6ZNUHidzCWXuZWq/1dTyBNF8= +github.com/go-piv/piv-go v1.5.0/go.mod h1:ON2WvQncm7dIkCQ7kYJs+nc3V4jHGfrrJnSF8HKy7Gk= github.com/go-sql-driver/mysql v1.4.1 h1:g24URVg0OFbNUTx9qqY1IRZ9D9z3iPyi5zKhQZpNwpA= github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-sql-driver/mysql v1.5.0 h1:ozyZYNQW3x3HtqT1jira07DN2PArx2v7/mN66gGcHOs= @@ -375,6 +378,7 @@ github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANyt github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0B/fFc00Y+Rasa88328GlI/XbtyysCtTHZS8h7IrBU= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= +github.com/jmespath/go-jmespath v0.3.0 h1:OS12ieG61fsCg5+qLJ+SsW9NicxNkg3b25OyT2yCeUc= github.com/jmespath/go-jmespath v0.3.0/go.mod h1:9QtRXoHjLGCJ5IBSaohpXITPlowMeeYCZ7fLUTSywik= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= github.com/json-iterator/go v1.1.5/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= @@ -404,8 +408,8 @@ github.com/klauspost/cpuid v0.0.0-20180405133222-e7e905edc00e/go.mod h1:Pj4uuM52 github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/klauspost/cpuid v1.2.3 h1:CCtW0xUnWGVINKvE/WWOYKdsPV6mawAtvQuSl8guwQs= github.com/klauspost/cpuid v1.2.3/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= -github.com/klauspost/cpuid v1.3.0 h1:2JqaNE1hGdABW2YbA3TenkO7RiPFRvSWnEnGqWh9sHE= -github.com/klauspost/cpuid v1.3.0/go.mod h1:bYW4mA6ZgKPob1/Dlai2LviZJO7KGI3uoWLd42rAQw4= +github.com/klauspost/cpuid v1.2.5 h1:VBd9MyVIiJHzzgnrLQG5Bcv75H4YaWrlKqWHjurxCGo= +github.com/klauspost/cpuid v1.2.5/go.mod h1:bYW4mA6ZgKPob1/Dlai2LviZJO7KGI3uoWLd42rAQw4= github.com/kolo/xmlrpc v0.0.0-20190717152603-07c4ee3fd181/go.mod h1:o03bZfuBwAXHetKXuInt4S7omeXUu62/A845kiycsSQ= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s= @@ -430,8 +434,8 @@ github.com/libdns/libdns v0.0.0-20200501023120-186724ffc821/go.mod h1:yQCXzk1lEZ github.com/linode/linodego v0.10.0/go.mod h1:cziNP7pbvE3mXIPneHj0oRY8L1WtGEIKlZ8LANE4eXA= github.com/liquidweb/liquidweb-go v1.6.0/go.mod h1:UDcVnAMDkZxpw4Y7NOHkqoeiGacVLEIG/i5J9cyixzQ= github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= -github.com/lucas-clemente/quic-go v0.17.1 h1:ezsH76xpn6hKugfsXUy6voIJBFmAOwnM/Oy9F4b/n+M= -github.com/lucas-clemente/quic-go v0.17.1/go.mod h1:I0+fcNTdb9eS1ZcjQZbDVPGchJ86chcIxPALn9lEJqE= +github.com/lucas-clemente/quic-go v0.17.2 h1:4iQInIuNQkPNZmsy9rCnwuOzpH0qGnDo4jn0QfI/qE4= +github.com/lucas-clemente/quic-go v0.17.2/go.mod h1:I0+fcNTdb9eS1ZcjQZbDVPGchJ86chcIxPALn9lEJqE= github.com/lunixbochs/vtclean v1.0.0 h1:xu2sLAri4lGiovBDQKxl5mrXyESr3gUr5m5SM5+LVb8= github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/magiconair/properties v1.7.6/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= @@ -575,6 +579,7 @@ github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6So github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= +github.com/rogpeppe/go-internal v1.3.2 h1:XU784Pr0wdahMY2bYcyK6N1KuaRAdLtqD4qd8D18Bfs= github.com/rogpeppe/go-internal v1.3.2/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rs/cors v1.6.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= github.com/rs/xid v1.2.1 h1:mhH9Nq+C1fY2l1XIpgxIiUOfNpRBYH1kKcr+qfKgjRc= @@ -628,16 +633,13 @@ github.com/skratchdot/open-golang v0.0.0-20160302144031-75fb7ed4208c/go.mod h1:s github.com/smallstep/assert v0.0.0-20180720014142-de77670473b5/go.mod h1:TC9A4+RjIOS+HyTH7wG17/gSqVv95uDw2J64dQZx7RE= github.com/smallstep/assert v0.0.0-20200103212524-b99dc1097b15 h1:kSImCuenAkXtCaBeQ1UhmzzJGRhSm8sVH7I3sHE2Qdg= github.com/smallstep/assert v0.0.0-20200103212524-b99dc1097b15/go.mod h1:MyOHs9Po2fbM1LHej6sBUT8ozbxmMOFG+E+rx/GSGuc= -github.com/smallstep/certificates v0.14.4 h1:oMxSrsjMKfEDqzBooMuwsBtk0QgYEXrb6fr8YPcP1WI= -github.com/smallstep/certificates v0.14.4/go.mod h1:Y9ug0+ZTB0k22BBV/2K+LAZIVDCMjAAtbQ0XWS+E870= -github.com/smallstep/certificates v0.15.0-rc.1.0.20200506212953-e855707dc274 h1:3rzfukPUfHp5K4gscalOzpCDAfnZJKETfZpmGLprFt4= -github.com/smallstep/certificates v0.15.0-rc.1.0.20200506212953-e855707dc274/go.mod h1:tARNIrrKV9x+uiTVESAONGfS3GA2GdE3pGfNscMPvDc= -github.com/smallstep/certinfo v1.2.1/go.mod h1:1gQJekdPwPvUwFWGTi7bZELmQT09cxC9wJ0VBkBNiwU= +github.com/smallstep/certificates v0.14.5/go.mod h1:zzpB8wMz967gL8FmK6zvCNB4pDVwFDKjPg1diTVc1h8= +github.com/smallstep/certificates v0.14.6 h1:sLVnIvIjZhd6qAosuf4Mw1Mh7IMA9XrZ7lKrGBuoHZQ= +github.com/smallstep/certificates v0.14.6/go.mod h1:nhih0lhKpbWE8JB0fg4EVCh/po18ivLiTPcF8eBeNtA= github.com/smallstep/certinfo v1.3.0/go.mod h1:1gQJekdPwPvUwFWGTi7bZELmQT09cxC9wJ0VBkBNiwU= -github.com/smallstep/cli v0.14.3 h1:GghXS0NBoj7psz10Cds86vvcrz6Pmww8aMGKEiD04AI= -github.com/smallstep/cli v0.14.3/go.mod h1:U3WVQBS6udgpyHg+d0FQxodNGXBwikoXbERyfgcAhs8= -github.com/smallstep/cli v0.14.4 h1:oaaGwY1iNSHmIC6baiJhdZoLGmXJ0rXyRcxl3Q73SDE= -github.com/smallstep/cli v0.14.4/go.mod h1:cI1F2o1ugIcP1qklLPBECfeR7v7mFxVE6pVNQIMNWpA= +github.com/smallstep/cli v0.14.5/go.mod h1:mRFuqC3cGwQESBGJvog4o76jZZZ7bMjkE+hAnq2QyR8= +github.com/smallstep/cli v0.14.6 h1:xc9rawDKB70Vgvg10gfQAh9EpDWS3k1O002J5bApqUk= +github.com/smallstep/cli v0.14.6/go.mod h1:Gs9mXwk5tIBlSISt1tvCAMso7eEAiJRyNgR/6JsoojI= github.com/smallstep/nosql v0.3.0 h1:V1X5vfDsDt89499h3jZFUlR4VnnsYYs5tXaQZ0w8z5U= github.com/smallstep/nosql v0.3.0/go.mod h1:QG7gNOpidifn99MjZaiNbm7HPesIyBd97F/OfacNz8Q= github.com/smallstep/truststore v0.9.3/go.mod h1:PRSkpRIhAYBK/KLWkHNgRdYgzWMEy45bN7PSJCfKKGE= @@ -1066,6 +1068,7 @@ gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/cheggaaa/pb.v1 v1.0.28/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= +gopkg.in/errgo.v2 v2.1.0 h1:0vLT13EuvQ0hNvakwLuFZ/jYrLp5F3kcWHXdRggjCE8= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= From 7bfe5b6c9520daabb71d22f24470bc91eca931d9 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 7 Jul 2020 08:10:37 -0600 Subject: [PATCH 0121/1498] httpcaddyfile: Reorder automation policy logic (close #3550) --- caddyconfig/httpcaddyfile/tlsapp.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index 8f642915..029c024a 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -321,6 +321,9 @@ func (st ServerType) buildTLSApp( // do a little verification & cleanup if tlsApp.Automation != nil { + // consolidate automation policies that are the exact same + tlsApp.Automation.Policies = consolidateAutomationPolicies(tlsApp.Automation.Policies) + // ensure automation policies don't overlap subjects (this should be // an error at provision-time as well, but catch it in the adapt phase // for convenience) @@ -333,9 +336,6 @@ func (st ServerType) buildTLSApp( automationHostSet[s] = struct{}{} } } - - // consolidate automation policies that are the exact same - tlsApp.Automation.Policies = consolidateAutomationPolicies(tlsApp.Automation.Policies) } return tlsApp, warnings, nil From 0bf2565c37c0b2e4857be70c5302d6ad5c34b80d Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 7 Jul 2020 08:11:35 -0600 Subject: [PATCH 0122/1498] caddyhttp: Reorder some access log fields; add host matcher test case This field order reads a little more naturally. --- modules/caddyhttp/marshalers.go | 6 +++--- modules/caddyhttp/matchers_test.go | 5 +++++ 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/modules/caddyhttp/marshalers.go b/modules/caddyhttp/marshalers.go index e35a73ed..7f959238 100644 --- a/modules/caddyhttp/marshalers.go +++ b/modules/caddyhttp/marshalers.go @@ -26,11 +26,11 @@ type LoggableHTTPRequest struct{ *http.Request } // MarshalLogObject satisfies the zapcore.ObjectMarshaler interface. func (r LoggableHTTPRequest) MarshalLogObject(enc zapcore.ObjectEncoder) error { - enc.AddString("method", r.Method) - enc.AddString("uri", r.RequestURI) - enc.AddString("proto", r.Proto) enc.AddString("remote_addr", r.RemoteAddr) + enc.AddString("proto", r.Proto) + enc.AddString("method", r.Method) enc.AddString("host", r.Host) + enc.AddString("uri", r.RequestURI) enc.AddObject("headers", LoggableHTTPHeader(r.Header)) if r.TLS != nil { enc.AddObject("tls", LoggableTLSConnState(*r.TLS)) diff --git a/modules/caddyhttp/matchers_test.go b/modules/caddyhttp/matchers_test.go index 883680f2..9a2836de 100644 --- a/modules/caddyhttp/matchers_test.go +++ b/modules/caddyhttp/matchers_test.go @@ -122,6 +122,11 @@ func TestHostMatcher(t *testing.T) { input: "sub.foo.example.net", expect: false, }, + { + match: MatchHost{"www.*.*"}, + input: "www.example.com", + expect: true, + }, { match: MatchHost{"example.com"}, input: "example.com:5555", From efc0cc5e8557ebc54dd30931a27767139e808c80 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 8 Jul 2020 10:59:49 -0600 Subject: [PATCH 0123/1498] caddytls: Move initial storage clean op into goroutine Sometimes this operation can take a while (we observed 7 minutes recently, with a large, globally-distributed storage backend). --- modules/caddytls/tls.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go index cc89ef51..b2d05be5 100644 --- a/modules/caddytls/tls.go +++ b/modules/caddytls/tls.go @@ -373,9 +373,9 @@ func (t *TLS) AllMatchingCertificates(san string) []certmagic.Certificate { return t.certCache.AllMatchingCertificates(san) } -// keepStorageClean immediately cleans up all known storage units -// if it was not recently done, and starts a goroutine that runs -// the operation at every tick from t.storageCleanTicker. +// keepStorageClean starts a goroutine that immediately cleans up all +// known storage units if it was not recently done, and then runs the +// operation at every tick from t.storageCleanTicker. func (t *TLS) keepStorageClean() { t.storageCleanTicker = time.NewTicker(storageCleanInterval) t.storageCleanStop = make(chan struct{}) @@ -385,6 +385,7 @@ func (t *TLS) keepStorageClean() { log.Printf("[PANIC] storage cleaner: %v\n%s", err, debug.Stack()) } }() + t.cleanStorageUnits() for { select { case <-t.storageCleanStop: @@ -394,7 +395,6 @@ func (t *TLS) keepStorageClean() { } } }() - t.cleanStorageUnits() } func (t *TLS) cleanStorageUnits() { From a2dae1d43fcfb08a4b748302502874234d7d64af Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 8 Jul 2020 16:46:56 -0600 Subject: [PATCH 0124/1498] templates: Fix front matter closing fence search This makes it choose first matching closing fence instead of last one, which could appear in document body. --- modules/caddyhttp/templates/frontmatter.go | 1 + modules/caddyhttp/templates/tplcontext_test.go | 11 +++++++++++ 2 files changed, 12 insertions(+) diff --git a/modules/caddyhttp/templates/frontmatter.go b/modules/caddyhttp/templates/frontmatter.go index f9d5fb2d..dd052171 100644 --- a/modules/caddyhttp/templates/frontmatter.go +++ b/modules/caddyhttp/templates/frontmatter.go @@ -56,6 +56,7 @@ func extractFrontMatter(input string) (map[string]interface{}, string, error) { if index >= 0 { fmEndFenceStart = index fmEndFence = fence + break } } if fmEndFenceStart < 0 { diff --git a/modules/caddyhttp/templates/tplcontext_test.go b/modules/caddyhttp/templates/tplcontext_test.go index f90b851f..32c6a166 100644 --- a/modules/caddyhttp/templates/tplcontext_test.go +++ b/modules/caddyhttp/templates/tplcontext_test.go @@ -316,6 +316,17 @@ title: Welcome expect: `Welcome`, body: "\n### Test", }, + { + // yaml with non-fence '...' line after closing fence (i.e. first matching closing fence should be used) + input: `--- +title: Welcome +--- +### Test +... +yeah`, + expect: `Welcome`, + body: "\n### Test\n...\nyeah", + }, { // toml input: `+++ From 735c86658d058512f5d86408e18e3c81c32788d1 Mon Sep 17 00:00:00 2001 From: snu-ceyda Date: Thu, 9 Jul 2020 14:56:15 +0900 Subject: [PATCH 0125/1498] fileserver: Enable browse pagination with offset parameter (#3542) * Update browse.go * Update browselisting.go * Update browsetpl.go * fix linter err * Update modules/caddyhttp/fileserver/browse.go Co-authored-by: Matt Holt * Update modules/caddyhttp/fileserver/browselisting.go Co-authored-by: Matt Holt * Update browsetpl.go change from -> offset * Update browse.go * Update browselisting.go Co-authored-by: Matt Holt --- modules/caddyhttp/fileserver/browse.go | 3 ++- modules/caddyhttp/fileserver/browselisting.go | 14 ++++++++++- modules/caddyhttp/fileserver/browsetpl.go | 24 +++++++++---------- 3 files changed, 27 insertions(+), 14 deletions(-) diff --git a/modules/caddyhttp/fileserver/browse.go b/modules/caddyhttp/fileserver/browse.go index e5e137fc..3fecad95 100644 --- a/modules/caddyhttp/fileserver/browse.go +++ b/modules/caddyhttp/fileserver/browse.go @@ -106,6 +106,7 @@ func (fsrv *FileServer) browseApplyQueryParams(w http.ResponseWriter, r *http.Re sortParam := r.URL.Query().Get("sort") orderParam := r.URL.Query().Get("order") limitParam := r.URL.Query().Get("limit") + offsetParam := r.URL.Query().Get("offset") // first figure out what to sort by switch sortParam { @@ -130,7 +131,7 @@ func (fsrv *FileServer) browseApplyQueryParams(w http.ResponseWriter, r *http.Re } // finally, apply the sorting and limiting - listing.applySortAndLimit(sortParam, orderParam, limitParam) + listing.applySortAndLimit(sortParam, orderParam, limitParam, offsetParam) } func (fsrv *FileServer) browseWriteJSON(listing browseListing) (*bytes.Buffer, error) { diff --git a/modules/caddyhttp/fileserver/browselisting.go b/modules/caddyhttp/fileserver/browselisting.go index 9c7c4a20..cebfe8fd 100644 --- a/modules/caddyhttp/fileserver/browselisting.go +++ b/modules/caddyhttp/fileserver/browselisting.go @@ -101,6 +101,9 @@ type browseListing struct { // If ≠0 then Items have been limited to that many elements. ItemsLimitedTo int + + // If ≠0 then Items starting from that many elements. + ItemOffset int } // Breadcrumbs returns l.Path where every element maps @@ -131,7 +134,7 @@ func (l browseListing) Breadcrumbs() []crumb { return result } -func (l *browseListing) applySortAndLimit(sortParam, orderParam, limitParam string) { +func (l *browseListing) applySortAndLimit(sortParam, orderParam, limitParam string, offsetParam string) { l.Sort = sortParam l.Order = orderParam @@ -159,8 +162,17 @@ func (l *browseListing) applySortAndLimit(sortParam, orderParam, limitParam stri } } + if offsetParam != "" { + offset, _ := strconv.Atoi(offsetParam) + if offset > 0 && offset <= len(l.Items) { + l.Items = l.Items[offset:] + l.ItemOffset = offset + } + } + if limitParam != "" { limit, _ := strconv.Atoi(limitParam) + if limit > 0 && limit <= len(l.Items) { l.Items = l.Items[:limit] l.ItemsLimitedTo = limit diff --git a/modules/caddyhttp/fileserver/browsetpl.go b/modules/caddyhttp/fileserver/browsetpl.go index 567e8dd7..6415d59e 100644 --- a/modules/caddyhttp/fileserver/browsetpl.go +++ b/modules/caddyhttp/fileserver/browsetpl.go @@ -296,37 +296,37 @@ footer { {{- if and (eq .Sort "namedirfirst") (ne .Order "desc")}} - + {{- else if and (eq .Sort "namedirfirst") (ne .Order "asc")}} - + {{- else}} - + {{- end}} {{- if and (eq .Sort "name") (ne .Order "desc")}} - Name + Name {{- else if and (eq .Sort "name") (ne .Order "asc")}} - Name + Name {{- else}} - Name + Name {{- end}} {{- if and (eq .Sort "size") (ne .Order "desc")}} - Size + Size {{- else if and (eq .Sort "size") (ne .Order "asc")}} - Size + Size {{- else}} - Size + Size {{- end}} {{- if and (eq .Sort "time") (ne .Order "desc")}} - Modified + Modified {{- else if and (eq .Sort "time") (ne .Order "asc")}} - Modified + Modified {{- else}} - Modified + Modified {{- end}} From 724613a1be3ee04167f80e869b0236167c822592 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Dunglas?= Date: Fri, 10 Jul 2020 16:00:24 +0200 Subject: [PATCH 0126/1498] docs: Remove extra word in README.md (#3564) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 32f3d2fe..916fe431 100644 --- a/README.md +++ b/README.md @@ -119,7 +119,7 @@ The primary way to configure Caddy is through [its API](https://caddyserver.com/ Caddy exposes an unprecedented level of control compared to any web server in existence. In Caddy, you are usually setting the actual values of the initialized types in memory that power everything from your HTTP handlers and TLS handshakes to your storage medium. Caddy is also ridiculously extensible, with a powerful plugin system that makes vast improvements over other web servers. -To wield the power of this design, you need to know how the config document is structured. Please see the [our documentation site](https://caddyserver.com/docs/) for details about [Caddy's config structure](https://caddyserver.com/docs/json/). +To wield the power of this design, you need to know how the config document is structured. Please see [our documentation site](https://caddyserver.com/docs/) for details about [Caddy's config structure](https://caddyserver.com/docs/json/). Nearly all of Caddy's configuration is contained in a single config document, rather than being scattered across CLI flags and env variables and a configuration file as with other web servers. This makes managing your server config more straightforward and reduces hidden variables/factors. From 2c71fb116bc7311898bf87577c3db1215eb0fef9 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Sat, 11 Jul 2020 17:53:28 -0600 Subject: [PATCH 0127/1498] chore: Rename file to be consistent --- modules/standard/{import.go => imports.go} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename modules/standard/{import.go => imports.go} (100%) diff --git a/modules/standard/import.go b/modules/standard/imports.go similarity index 100% rename from modules/standard/import.go rename to modules/standard/imports.go From eda54c22a6f43d542b1e6a6532e8542ddf5eec34 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 13 Jul 2020 16:18:34 -0600 Subject: [PATCH 0128/1498] =?UTF-8?q?logging:=20=E2=9A=A0=EF=B8=8F=20Depre?= =?UTF-8?q?cate=20logfmt=20encoder?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It is essentially broken because it occludes many log fields. See: https://github.com/caddyserver/caddy/issues/3575 --- modules/logging/encoders.go | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/modules/logging/encoders.go b/modules/logging/encoders.go index bd120d57..79382dfc 100644 --- a/modules/logging/encoders.go +++ b/modules/logging/encoders.go @@ -119,6 +119,13 @@ func (je *JSONEncoder) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { // LogfmtEncoder encodes log entries as logfmt: // https://www.brandur.org/logfmt +// +// Note that logfmt does not encode nested structures +// properly, so it is not a good fit for most logs. +// +// ⚠️ DEPRECATED. Do not use. It will eventually be removed +// from the standard Caddy modules. For more information, +// see https://github.com/caddyserver/caddy/issues/3575. type LogfmtEncoder struct { zapcore.Encoder `json:"-"` LogEncoderConfig @@ -133,7 +140,10 @@ func (LogfmtEncoder) CaddyModule() caddy.ModuleInfo { } // Provision sets up the encoder. -func (lfe *LogfmtEncoder) Provision(_ caddy.Context) error { +func (lfe *LogfmtEncoder) Provision(ctx caddy.Context) error { + ctx.Logger(lfe).Warn("the logfmt encoder is DEPRECATED and will soon be removed from the standard modules", + zap.String("recommendation", "switch to a log format that isn't broken"), + zap.String("more_info", "https://github.com/caddyserver/caddy/issues/3575")) lfe.Encoder = zaplogfmt.NewEncoder(lfe.ZapcoreEncoderConfig()) return nil } From 6eafd4e82fbf894067e474b4cffa5d3d8498705d Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 16 Jul 2020 15:29:06 -0600 Subject: [PATCH 0129/1498] readme: Update badges --- .goreleaser.yml | 1 + README.md | 3 +-- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.goreleaser.yml b/.goreleaser.yml index db9760a1..0c83f9ef 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -112,5 +112,6 @@ changelog: - '^chore:' - '^ci:' - '^docs?:' + - '^readme:' - '^tests?:' - '^\w+\s+' # a hack to remove commit messages without colons thus don't correspond to a package diff --git a/README.md b/README.md index 916fe431..8d7ab4c4 100644 --- a/README.md +++ b/README.md @@ -5,8 +5,7 @@

Caddy is an extensible server platform that uses TLS by default.

- - +
@caddyserver on Twitter Caddy Forum From 6f0f159ba56adeb6e2cbbb408651419b87f20856 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 16 Jul 2020 19:25:37 -0600 Subject: [PATCH 0130/1498] caddyhttp: Add {http.request.body} placeholder --- modules/caddyhttp/app.go | 1 + modules/caddyhttp/replacer.go | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go index 45845ea1..40ae3a29 100644 --- a/modules/caddyhttp/app.go +++ b/modules/caddyhttp/app.go @@ -47,6 +47,7 @@ func init() { // // Placeholder | Description // ------------|--------------- +// `{http.request.body}` | The request body (⚠️ inefficient; use only for debugging) // `{http.request.cookie.*}` | HTTP request cookie // `{http.request.header.*}` | Specific request header field // `{http.request.host.labels.*}` | Request host labels (0-based from right); e.g. for foo.example.com: 0=com, 1=example, 2=foo diff --git a/modules/caddyhttp/replacer.go b/modules/caddyhttp/replacer.go index f5950211..3f4a808e 100644 --- a/modules/caddyhttp/replacer.go +++ b/modules/caddyhttp/replacer.go @@ -15,6 +15,7 @@ package caddyhttp import ( + "bytes" "context" "crypto/ecdsa" "crypto/ed25519" @@ -25,6 +26,8 @@ import ( "crypto/x509" "encoding/asn1" "fmt" + "io" + "io/ioutil" "net" "net/http" "net/textproto" @@ -136,6 +139,24 @@ func addHTTPVarsToReplacer(repl *caddy.Replacer, req *http.Request, w http.Respo return dir, true case "http.request.uri.query": return req.URL.RawQuery, true + case "http.request.body": + if req.Body == nil { + return "", true + } + // normally net/http will close the body for us, but since we + // are replacing it with a fake one, we have to ensure we close + // the real body ourselves when we're done + defer req.Body.Close() + // read the request body into a buffer (can't pool because we + // don't know its lifetime and would have to make a copy anyway) + buf := new(bytes.Buffer) + _, err := io.Copy(buf, req.Body) + if err != nil { + return "", true + } + // replace real body with buffered data + req.Body = ioutil.NopCloser(buf) + return buf.String(), true // original request, before any internal changes case "http.request.orig_method": From 8a0fff58aad1bd754fd4b0b69c675cbba74002ed Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 17 Jul 2020 12:20:41 -0600 Subject: [PATCH 0131/1498] caddyauth: hash-password: Set bcrypt cost to 14 (#3580) --- modules/caddyhttp/caddyauth/command.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/caddyhttp/caddyauth/command.go b/modules/caddyhttp/caddyauth/command.go index f3e1809d..a0e971ed 100644 --- a/modules/caddyhttp/caddyauth/command.go +++ b/modules/caddyhttp/caddyauth/command.go @@ -116,7 +116,7 @@ func cmdHashPassword(fs caddycmd.Flags) (int, error) { var hash []byte switch algorithm { case "bcrypt": - hash, err = bcrypt.GenerateFromPassword(plaintext, bcrypt.DefaultCost) + hash, err = bcrypt.GenerateFromPassword(plaintext, 14) case "scrypt": def := ScryptHash{} def.SetDefaults() From 705de11bef076bf66304a9e7b87d5806347c17e5 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 17 Jul 2020 12:53:48 -0600 Subject: [PATCH 0132/1498] readme: Minor tweaks --- README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 8d7ab4c4..a84b41dc 100644 --- a/README.md +++ b/README.md @@ -12,9 +12,9 @@ Caddy on Sourcegraph

- Download · + Releases · Documentation · - Community + Get Help

@@ -76,7 +76,7 @@ _**Note:** These steps [will not embed proper version information](https://githu ### With version information and/or plugins -Using [our builder tool](https://github.com/caddyserver/xcaddy)... +Using [our builder tool, `xcaddy`](https://github.com/caddyserver/xcaddy)... ``` $ xcaddy build @@ -88,8 +88,8 @@ $ xcaddy build 2. Change into it: `cd caddy` 3. Copy [Caddy's main.go](https://github.com/caddyserver/caddy/blob/master/cmd/caddy/main.go) into the empty folder. Add imports for any custom plugins you want to add. 4. Initialize a Go module: `go mod init caddy` -5. (Optional) Pin Caddy version: `go get github.com/caddyserver/caddy/v2@TAG` replacing `TAG` with a git tag or commit. -6. (Optional) Add plugins by adding their import: `_ "IMPORT_PATH"` +5. (Optional) Pin Caddy version: `go get github.com/caddyserver/caddy/v2@version` replacing `version` with a git tag or commit. +6. (Optional) Add plugins by adding their import: `_ "import/path/here"` 7. Compile: `go build` From 19cc2bd3c3e6b551d47eca7a2efdee95eec2a86f Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Fri, 17 Jul 2020 15:18:32 -0400 Subject: [PATCH 0133/1498] reverseproxy: Fix Caddyfile parsing for empty non-http transports (#3576) * reverseproxy: Fix Caddyfile parsing for empty non-http transports * Update modules/caddyhttp/reverseproxy/caddyfile.go Co-authored-by: Matt Holt * Rename empty transport test Co-authored-by: Matt Holt --- ...reverse_proxy_empty_non_http_transport.txt | 36 +++++++++++++++++++ modules/caddyhttp/reverseproxy/caddyfile.go | 4 ++- 2 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 caddytest/integration/caddyfile_adapt/reverse_proxy_empty_non_http_transport.txt diff --git a/caddytest/integration/caddyfile_adapt/reverse_proxy_empty_non_http_transport.txt b/caddytest/integration/caddyfile_adapt/reverse_proxy_empty_non_http_transport.txt new file mode 100644 index 00000000..b2618033 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/reverse_proxy_empty_non_http_transport.txt @@ -0,0 +1,36 @@ +:8884 + +reverse_proxy 127.0.0.1:65535 { + transport fastcgi +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":8884" + ], + "routes": [ + { + "handle": [ + { + "handler": "reverse_proxy", + "transport": { + "protocol": "fastcgi" + }, + "upstreams": [ + { + "dial": "127.0.0.1:65535" + } + ] + } + ] + } + ] + } + } + } + } +} diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index 4ffedf22..1d00cbf9 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -561,7 +561,9 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { } else if commonScheme == "https" { return d.Errf("upstreams are configured for HTTPS but transport module does not support TLS: %T", transport) } - if !reflect.DeepEqual(transport, reflect.New(reflect.TypeOf(transport).Elem()).Interface()) { + + // no need to encode empty default transport + if !reflect.DeepEqual(transport, new(HTTPTransport)) { h.TransportRaw = caddyconfig.JSONModuleObject(transport, "protocol", transportModuleName, nil) } } From 3fdaf507857bacddeeaeac2d23b1e15bb99bc633 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Fri, 17 Jul 2020 15:33:40 -0400 Subject: [PATCH 0134/1498] fastcgi: Fill REMOTE_USER with http.auth.user.id placeholder (#3577) Completing a TODO! --- modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go b/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go index 4a8c6d7a..c12e9320 100644 --- a/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go +++ b/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go @@ -226,6 +226,11 @@ func (t Transport) buildEnv(r *http.Request) (map[string]string, error) { reqHost = r.Host } + authUser := "" + if val, ok := repl.Get("http.auth.user.id"); ok { + authUser = val.(string) + } + // Some variables are unused but cleared explicitly to prevent // the parent environment from interfering. env = map[string]string{ @@ -240,7 +245,7 @@ func (t Transport) buildEnv(r *http.Request) (map[string]string, error) { "REMOTE_HOST": ip, // For speed, remote host lookups disabled "REMOTE_PORT": port, "REMOTE_IDENT": "", // Not used - "REMOTE_USER": "", // TODO: once there are authentication handlers, populate this + "REMOTE_USER": authUser, "REQUEST_METHOD": r.Method, "REQUEST_SCHEME": requestScheme, "SERVER_NAME": reqHost, From 0665a86eb72a178a42741d477b765169d7423fd8 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Fri, 17 Jul 2020 16:48:50 -0400 Subject: [PATCH 0135/1498] fastcgi: Ensure leading slash, omit SERVER_PORT if empty for compliance (#3570) See https://tools.ietf.org/html/rfc3875#section-4.1.13 for SCRIPT_NAME requiring leading slash See https://tools.ietf.org/html/rfc3875#section-4.1.15 for SERVER_PORT requiring omission if empty --- modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go b/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go index c12e9320..8c031724 100644 --- a/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go +++ b/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go @@ -202,6 +202,12 @@ func (t Transport) buildEnv(r *http.Request) (map[string]string, error) { pathPrefix, _ := r.Context().Value(caddy.CtxKey("path_prefix")).(string) scriptName = path.Join(pathPrefix, scriptName) + // Ensure the SCRIPT_NAME has a leading slash for compliance with RFC3875 + // Info: https://tools.ietf.org/html/rfc3875#section-4.1.13 + if scriptName != "" && !strings.HasPrefix(scriptName, "/") { + scriptName = "/" + scriptName + } + // Get the request URL from context. The context stores the original URL in case // it was changed by a middleware such as rewrite. By default, we pass the // original URI in as the value of REQUEST_URI (the user can overwrite this @@ -249,7 +255,6 @@ func (t Transport) buildEnv(r *http.Request) (map[string]string, error) { "REQUEST_METHOD": r.Method, "REQUEST_SCHEME": requestScheme, "SERVER_NAME": reqHost, - "SERVER_PORT": reqPort, "SERVER_PROTOCOL": r.Proto, "SERVER_SOFTWARE": t.serverSoftware, @@ -269,6 +274,13 @@ func (t Transport) buildEnv(r *http.Request) (map[string]string, error) { env["PATH_TRANSLATED"] = filepath.Join(root, pathInfo) // Info: http://www.oreilly.com/openbook/cgi/ch02_04.html } + // compliance with the CGI specification requires that + // SERVER_PORT should only exist if it's a valid numeric value. + // Info: https://www.ietf.org/rfc/rfc3875 Page 18 + if reqPort != "" { + env["SERVER_PORT"] = reqPort + } + // Some web apps rely on knowing HTTPS or not if r.TLS != nil { env["HTTPS"] = "on" From 246a31aacd7159acc009ff6d6497596a96533f73 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 17 Jul 2020 17:54:58 -0600 Subject: [PATCH 0136/1498] reverseproxy: Restore request's original host and header (fix #3509) We already restore them within the retry loop, but after successful proxy we didn't reset them, so as handlers bubble back up, they would see the values used for proxying. Thanks to @ziddey for identifying the cause. --- modules/caddyhttp/reverseproxy/reverseproxy.go | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 79713484..bb1453aa 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -329,10 +329,17 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyht fmt.Errorf("preparing request for upstream round-trip: %v", err)) } - // we will need the original headers and Host - // value if header operations are configured - reqHeader := r.Header + // we will need the original headers and Host value if + // header operations are configured; and we should + // restore them after we're done if they are changed + // (for example, changing the outbound Host header + // should not permanently change r.Host; issue #3509) reqHost := r.Host + reqHeader := r.Header + defer func() { + r.Host = reqHost + r.Header = reqHeader + }() start := time.Now() From bd9d796e6ed64c713002e3503a8b0012bd4f1460 Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Sun, 19 Jul 2020 00:00:00 +0300 Subject: [PATCH 0137/1498] reverseproxy: add support for custom DNS resolver (#3479) * reverse proxy: add support for custom resolver * reverse proxy: don't pollute the global resolver with bootstrap resolver setup * Improve documentation of reverseproxy.UpstreamResolver fields Co-authored-by: Matt Holt * reverse proxy: clarify the name resolution conventions of upstream resolvers and bootstrap resolver * remove support for bootstraper of resolver * godoc and code-style changes Co-authored-by: Matt Holt --- .../caddyhttp/reverseproxy/httptransport.go | 41 ++++++++++++++++++- 1 file changed, 40 insertions(+), 1 deletion(-) diff --git a/modules/caddyhttp/reverseproxy/httptransport.go b/modules/caddyhttp/reverseproxy/httptransport.go index 327cc89b..dce7b9e8 100644 --- a/modules/caddyhttp/reverseproxy/httptransport.go +++ b/modules/caddyhttp/reverseproxy/httptransport.go @@ -21,6 +21,7 @@ import ( "encoding/base64" "fmt" "io/ioutil" + weakrand "math/rand" "net" "net/http" "reflect" @@ -43,6 +44,9 @@ type HTTPTransport struct { // able to borrow/use at least some of these config fields; if so, // maybe move them into a type called CommonTransport and embed it? + // Configures the DNS resolver used to resolve the IP address of upstream hostnames. + Resolver *UpstreamResolver `json:"resolver,omitempty"` + // Configures TLS to the upstream. Setting this to an empty struct // is sufficient to enable TLS with reasonable defaults. TLS *TLSConfig `json:"tls,omitempty"` @@ -146,7 +150,30 @@ func (h *HTTPTransport) NewTransport(ctx caddy.Context) (*http.Transport, error) dialer := &net.Dialer{ Timeout: time.Duration(h.DialTimeout), FallbackDelay: time.Duration(h.FallbackDelay), - // TODO: Resolver + } + + if h.Resolver != nil { + for _, v := range h.Resolver.Addresses { + addr, err := caddy.ParseNetworkAddress(v) + if err != nil { + return nil, err + } + if addr.PortRangeSize() != 1 { + return nil, fmt.Errorf("resolver address must have exactly one address; cannot call %v", addr) + } + h.Resolver.netAddrs = append(h.Resolver.netAddrs, addr) + } + d := &net.Dialer{ + Timeout: time.Duration(h.DialTimeout), + FallbackDelay: time.Duration(h.FallbackDelay), + } + dialer.Resolver = &net.Resolver{ + PreferGo: true, + Dial: func(ctx context.Context, _, _ string) (net.Conn, error) { + addr := h.Resolver.netAddrs[weakrand.Intn(len(h.Resolver.netAddrs))] + return d.DialContext(ctx, addr.Network, addr.JoinHostPort(0)) + }, + } } rt := &http.Transport{ @@ -359,6 +386,18 @@ func (t TLSConfig) MakeTLSClientConfig(ctx caddy.Context) (*tls.Config, error) { return cfg, nil } +// UpstreamResolver holds the set of addresses of DNS resolvers of +// upstream addresses +type UpstreamResolver struct { + // The addresses of DNS resolvers to use when looking up the addresses of proxy upstreams. + // It accepts [network addresses](/docs/conventions#network-addresses) + // with port range of only 1. If the host is an IP address, it will be dialed directly to resolve the upstream server. + // If the host is not an IP address, the addresses are resolved using the [name resolution convention](https://golang.org/pkg/net/#hdr-Name_Resolution) of the Go standard library. + // If the array contains more than 1 resolver address, one is chosen at random. + Addresses []string `json:"addresses,omitempty"` + netAddrs []caddy.NetworkAddress +} + // KeepAlive holds configuration pertaining to HTTP Keep-Alive. type KeepAlive struct { // Whether HTTP Keep-Alive is enabled. Default: true From e9b1d7dcb4cbf85da7fb4cf8c411a4f840a98cf1 Mon Sep 17 00:00:00 2001 From: Kevin Lin Date: Tue, 21 Jul 2020 02:14:46 +0800 Subject: [PATCH 0138/1498] reverse_proxy: flush HTTP/2 response when ContentLength is unknown (#3561) * reverse proxy: Support more h2 stream scenarios (#3556) * reverse proxy: add integration test for better h2 stream (#3556) * reverse proxy: adjust comments as francislavoie suggests * link to issue #3556 in the comments --- caddytest/integration/stream_test.go | 201 ++++++++++++++++++ .../caddyhttp/reverseproxy/reverseproxy.go | 8 + modules/caddyhttp/reverseproxy/streaming.go | 5 + 3 files changed, 214 insertions(+) create mode 100644 caddytest/integration/stream_test.go diff --git a/caddytest/integration/stream_test.go b/caddytest/integration/stream_test.go new file mode 100644 index 00000000..c0ab32b5 --- /dev/null +++ b/caddytest/integration/stream_test.go @@ -0,0 +1,201 @@ +package integration + +import ( + "context" + "fmt" + "io" + "io/ioutil" + "net/http" + "net/http/httputil" + "net/url" + "strings" + "testing" + "time" + + "github.com/caddyserver/caddy/v2/caddytest" + "golang.org/x/net/http2" + "golang.org/x/net/http2/h2c" +) + +// (see https://github.com/caddyserver/caddy/issues/3556 for use case) +func TestH2ToH2CStream(t *testing.T) { + tester := caddytest.NewTester(t) + tester.InitServer(` + { + "apps": { + "http": { + "http_port": 9080, + "https_port": 9443, + "servers": { + "srv0": { + "listen": [ + ":9443" + ], + "routes": [ + { + "handle": [ + { + "handler": "reverse_proxy", + "transport": { + "protocol": "http", + "compression": false, + "versions": [ + "h2c", + "2" + ] + }, + "upstreams": [ + { + "dial": "localhost:54321" + } + ] + } + ], + "match": [ + { + "path": [ + "/tov2ray" + ] + } + ] + } + ], + "tls_connection_policies": [ + { + "certificate_selection": { + "any_tag": ["cert0"] + }, + "default_sni": "a.caddy.localhost" + } + ] + } + } + }, + "tls": { + "certificates": { + "load_files": [ + { + "certificate": "/a.caddy.localhost.crt", + "key": "/a.caddy.localhost.key", + "tags": [ + "cert0" + ] + } + ] + } + }, + "pki": { + "certificate_authorities" : { + "local" : { + "install_trust": false + } + } + } + } + } + `, "json") + + expectedBody := "some data to be echoed" + // start the server + server := testH2ToH2CStreamServeH2C(t) + go server.ListenAndServe() + defer func() { + ctx, cancel := context.WithTimeout(context.Background(), time.Nanosecond) + defer cancel() + server.Shutdown(ctx) + }() + + r, w := io.Pipe() + req := &http.Request{ + Method: "PUT", + Body: ioutil.NopCloser(r), + URL: &url.URL{ + Scheme: "https", + Host: "127.0.0.1:9443", + Path: "/tov2ray", + }, + Proto: "HTTP/2", + ProtoMajor: 2, + ProtoMinor: 0, + Header: make(http.Header), + } + // Disable any compression method from server. + req.Header.Set("Accept-Encoding", "identity") + + resp := tester.AssertResponseCode(req, 200) + if 200 != resp.StatusCode { + return + } + go func() { + fmt.Fprint(w, expectedBody) + w.Close() + }() + + defer resp.Body.Close() + bytes, err := ioutil.ReadAll(resp.Body) + if err != nil { + t.Fatalf("unable to read the response body %s", err) + } + + body := string(bytes) + + if !strings.Contains(body, expectedBody) { + t.Errorf("requesting \"%s\" expected response body \"%s\" but got \"%s\"", req.RequestURI, expectedBody, body) + } + return +} + +func testH2ToH2CStreamServeH2C(t *testing.T) *http.Server { + h2s := &http2.Server{} + handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + rstring, err := httputil.DumpRequest(r, false) + if err == nil { + t.Logf("h2c server received req: %s", rstring) + } + // We only accept HTTP/2! + if r.ProtoMajor != 2 { + t.Error("Not a HTTP/2 request, rejected!") + w.WriteHeader(http.StatusInternalServerError) + return + } + + if r.Host != "127.0.0.1:9443" { + t.Errorf("r.Host doesn't match, %v!", r.Host) + w.WriteHeader(http.StatusNotFound) + return + } + + if !strings.HasPrefix(r.URL.Path, "/tov2ray") { + w.WriteHeader(http.StatusNotFound) + return + } + + w.Header().Set("Cache-Control", "no-store") + w.WriteHeader(200) + if f, ok := w.(http.Flusher); ok { + f.Flush() + } + + buf := make([]byte, 4*1024) + + for { + n, err := r.Body.Read(buf) + if n > 0 { + w.Write(buf[:n]) + } + + if err != nil { + if err == io.EOF { + r.Body.Close() + } + break + } + } + }) + + server := &http.Server{ + Addr: "127.0.0.1:54321", + Handler: h2c.NewHandler(handler, h2s), + } + return server +} diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index bb1453aa..0a53db4a 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -611,6 +611,14 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, di Dia rw.WriteHeader(res.StatusCode) + // some apps need the response headers before starting to stream content with http2, + // so it's important to explicitly flush the headers to the client before streaming the data. + // (see https://github.com/caddyserver/caddy/issues/3556 for use case) + if req.ProtoMajor == 2 && res.ContentLength == -1 { + if wf, ok := rw.(http.Flusher); ok { + wf.Flush() + } + } err = h.copyResponse(rw, res.Body, h.flushInterval(req, res)) res.Body.Close() // close now, instead of defer, to populate res.Trailer if err != nil { diff --git a/modules/caddyhttp/reverseproxy/streaming.go b/modules/caddyhttp/reverseproxy/streaming.go index 8a7c6f74..105ff32b 100644 --- a/modules/caddyhttp/reverseproxy/streaming.go +++ b/modules/caddyhttp/reverseproxy/streaming.go @@ -96,6 +96,11 @@ func (h Handler) flushInterval(req *http.Request, res *http.Response) time.Durat return -1 // negative means immediately } + // for h2 and h2c upstream streaming data to client (issue #3556) + if req.ProtoMajor == 2 && res.ContentLength == -1 { + return -1 + } + // TODO: more specific cases? e.g. res.ContentLength == -1? (this TODO is from the std lib) return time.Duration(h.FlushInterval) } From 2ae8c119279826ef81223e3b2155a08779f3ee8b Mon Sep 17 00:00:00 2001 From: Manuel Dalla Lana Date: Mon, 20 Jul 2020 20:16:13 +0200 Subject: [PATCH 0139/1498] fastcgi: Add resolve_root_symlink (#3587) --- .../caddyhttp/reverseproxy/fastcgi/caddyfile.go | 12 ++++++++++++ modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go | 15 +++++++++++++++ 2 files changed, 27 insertions(+) diff --git a/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go b/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go index 03b7226c..8228439f 100644 --- a/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go @@ -39,6 +39,7 @@ func init() { // root // split // env +// resolve_root_symlink // } // func (t *Transport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { @@ -67,6 +68,9 @@ func (t *Transport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { } t.EnvVars[args[0]] = args[1] + case "resolve_root_symlink": + t.ResolveRootSymlink = true + default: return d.Errf("unrecognized subdirective %s", d.Val()) } @@ -196,6 +200,14 @@ func parsePHPFastCGI(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error return nil, dispenser.ArgErr() } indexFile = args[0] + + case "resolve_root_symlink": + args := dispenser.RemainingArgs() + dispenser.Delete() + for range args { + dispenser.Delete() + } + fcgiTransport.ResolveRootSymlink = true } } } diff --git a/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go b/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go index 8c031724..de6d0a43 100644 --- a/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go +++ b/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go @@ -54,6 +54,14 @@ type Transport struct { // that 404s if the fastcgi path info is not found. SplitPath []string `json:"split_path,omitempty"` + // Path declared as root directory will be resolved to its absolute value + // after the evaluation of any symbolic links. + // Due to the nature of PHP opcache, root directory path is cached: when + // using a symlinked directory as root this could generate errors when + // symlink is changed without php-fpm being restarted; enabling this + // directive will set $_SERVER['DOCUMENT_ROOT'] to the real directory path. + ResolveRootSymlink bool `json:"resolve_root_symlink,omitempty"` + // Extra environment variables. EnvVars map[string]string `json:"env,omitempty"` @@ -179,6 +187,13 @@ func (t Transport) buildEnv(r *http.Request) (map[string]string, error) { return nil, err } + if t.ResolveRootSymlink { + root, err = filepath.EvalSymlinks(root) + if err != nil { + return nil, err + } + } + fpath := r.URL.Path // split "actual path" from "path info" if configured From 6cea1f239d01fc065bc6f4b22d765d89b6db0152 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Mon, 20 Jul 2020 12:28:40 -0600 Subject: [PATCH 0140/1498] push: Implement HTTP/2 server push (#3573) * push: Implement HTTP/2 server push (close #3551) * push: Abstract header ops by embedding into new struct type This will allow us to add more fields to customize headers in push-specific ways in the future. * push: Ensure Link resources are pushed before response is written * Change header name from X-Caddy-Push to Caddy-Push --- caddyconfig/httpcaddyfile/directives.go | 3 +- modules/caddyhttp/headers/headers.go | 9 +- modules/caddyhttp/push/caddyfile.go | 99 ++++++++++ modules/caddyhttp/push/handler.go | 236 ++++++++++++++++++++++++ modules/caddyhttp/push/link.go | 78 ++++++++ modules/caddyhttp/push/link_test.go | 85 +++++++++ modules/caddyhttp/standard/imports.go | 1 + 7 files changed, 506 insertions(+), 5 deletions(-) create mode 100644 modules/caddyhttp/push/caddyfile.go create mode 100644 modules/caddyhttp/push/handler.go create mode 100644 modules/caddyhttp/push/link.go create mode 100644 modules/caddyhttp/push/link_test.go diff --git a/caddyconfig/httpcaddyfile/directives.go b/caddyconfig/httpcaddyfile/directives.go index ee73078c..c31bdd3c 100644 --- a/caddyconfig/httpcaddyfile/directives.go +++ b/caddyconfig/httpcaddyfile/directives.go @@ -55,10 +55,11 @@ var directiveOrder = []string{ "encode", "templates", - // special routing directives + // special routing & dispatching directives "handle", "handle_path", "route", + "push", // handlers that typically respond to requests "respond", diff --git a/modules/caddyhttp/headers/headers.go b/modules/caddyhttp/headers/headers.go index 681c21f7..3571dd92 100644 --- a/modules/caddyhttp/headers/headers.go +++ b/modules/caddyhttp/headers/headers.go @@ -54,15 +54,15 @@ func (Handler) CaddyModule() caddy.ModuleInfo { } // Provision sets up h's configuration. -func (h *Handler) Provision(_ caddy.Context) error { +func (h *Handler) Provision(ctx caddy.Context) error { if h.Request != nil { - err := h.Request.provision() + err := h.Request.Provision(ctx) if err != nil { return err } } if h.Response != nil { - err := h.Response.provision() + err := h.Response.Provision(ctx) if err != nil { return err } @@ -125,7 +125,8 @@ type HeaderOps struct { Replace map[string][]Replacement `json:"replace,omitempty"` } -func (ops *HeaderOps) provision() error { +// Provision sets up the header operations. +func (ops *HeaderOps) Provision(_ caddy.Context) error { for fieldName, replacements := range ops.Replace { for i, r := range replacements { if r.SearchRegexp != "" { diff --git a/modules/caddyhttp/push/caddyfile.go b/modules/caddyhttp/push/caddyfile.go new file mode 100644 index 00000000..a70d5d5a --- /dev/null +++ b/modules/caddyhttp/push/caddyfile.go @@ -0,0 +1,99 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package push + +import ( + "github.com/caddyserver/caddy/v2/caddyconfig/httpcaddyfile" + "github.com/caddyserver/caddy/v2/modules/caddyhttp" + "github.com/caddyserver/caddy/v2/modules/caddyhttp/headers" +) + +func init() { + httpcaddyfile.RegisterHandlerDirective("push", parseCaddyfile) +} + +// parseCaddyfile sets up the push handler. Syntax: +// +// push [] [] { +// [GET|HEAD] +// headers { +// [+] [ []] +// - +// } +// } +// +// A single resource can be specified inline without opening a +// block for the most common/simple case. Or, a block can be +// opened and multiple resources can be specified, one per +// line, optionally preceded by the method. The headers +// subdirective can be used to customize the headers that +// are set on each (synthetic) push request, using the same +// syntax as the 'header' directive for request headers. +// Placeholders are accepted in resource and header field +// name and value and replacement tokens. +func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) { + handler := new(Handler) + + for h.Next() { + if h.NextArg() { + handler.Resources = append(handler.Resources, Resource{Target: h.Val()}) + } + + // optional block + for outerNesting := h.Nesting(); h.NextBlock(outerNesting); { + switch h.Val() { + case "headers": + if h.NextArg() { + return nil, h.ArgErr() + } + for innerNesting := h.Nesting(); h.NextBlock(innerNesting); { + // include current token, which we treat as an argument here + args := []string{h.Val()} + args = append(args, h.RemainingArgs()...) + + if handler.Headers == nil { + handler.Headers = new(HeaderConfig) + } + switch len(args) { + case 1: + headers.CaddyfileHeaderOp(&handler.Headers.HeaderOps, args[0], "", "") + case 2: + headers.CaddyfileHeaderOp(&handler.Headers.HeaderOps, args[0], args[1], "") + case 3: + headers.CaddyfileHeaderOp(&handler.Headers.HeaderOps, args[0], args[1], args[2]) + default: + return nil, h.ArgErr() + } + } + + case "GET", "HEAD": + method := h.Val() + if !h.NextArg() { + return nil, h.ArgErr() + } + target := h.Val() + handler.Resources = append(handler.Resources, Resource{ + Method: method, + Target: target, + }) + + default: + handler.Resources = append(handler.Resources, Resource{Target: h.Val()}) + } + } + } + + return handler, nil +} diff --git a/modules/caddyhttp/push/handler.go b/modules/caddyhttp/push/handler.go new file mode 100644 index 00000000..a89c0cd8 --- /dev/null +++ b/modules/caddyhttp/push/handler.go @@ -0,0 +1,236 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package push + +import ( + "fmt" + "net/http" + "strings" + + "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/caddy/v2/modules/caddyhttp" + "github.com/caddyserver/caddy/v2/modules/caddyhttp/headers" + "go.uber.org/zap" +) + +func init() { + caddy.RegisterModule(Handler{}) +} + +// Handler is a middleware for manipulating the request body. +type Handler struct { + Resources []Resource `json:"resources,omitempty"` + Headers *HeaderConfig `json:"headers,omitempty"` + + logger *zap.Logger +} + +// CaddyModule returns the Caddy module information. +func (Handler) CaddyModule() caddy.ModuleInfo { + return caddy.ModuleInfo{ + ID: "http.handlers.push", + New: func() caddy.Module { return new(Handler) }, + } +} + +// Provision sets up h. +func (h *Handler) Provision(ctx caddy.Context) error { + h.logger = ctx.Logger(h) + if h.Headers != nil { + err := h.Headers.Provision(ctx) + if err != nil { + return fmt.Errorf("provisioning header operations: %v", err) + } + } + return nil +} + +func (h Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhttp.Handler) error { + pusher, ok := w.(http.Pusher) + if !ok { + return next.ServeHTTP(w, r) + } + + // short-circuit recursive pushes + if _, ok := r.Header[pushHeader]; ok { + return next.ServeHTTP(w, r) + } + + repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) + + // create header for push requests + hdr := h.initializePushHeaders(r, repl) + + // push first! + for _, resource := range h.Resources { + h.logger.Debug("pushing resource", + zap.String("uri", r.RequestURI), + zap.String("push_method", resource.Method), + zap.String("push_target", resource.Target), + zap.Object("push_headers", caddyhttp.LoggableHTTPHeader(hdr))) + err := pusher.Push(repl.ReplaceAll(resource.Target, "."), &http.PushOptions{ + Method: resource.Method, + Header: hdr, + }) + if err != nil { + // usually this means either that push is not + // supported or concurrent streams are full + break + } + } + + // wrap the response writer so that we can initiate push of any resources + // described in Link header fields before the response is written + lp := linkPusher{ + ResponseWriterWrapper: &caddyhttp.ResponseWriterWrapper{ResponseWriter: w}, + handler: h, + pusher: pusher, + header: hdr, + request: r, + } + + // serve only after pushing! + if err := next.ServeHTTP(lp, r); err != nil { + return err + } + + return nil +} + +func (h Handler) initializePushHeaders(r *http.Request, repl *caddy.Replacer) http.Header { + hdr := make(http.Header) + + // prevent recursive pushes + hdr.Set(pushHeader, "1") + + // set initial header fields; since exactly how headers should + // be implemented for server push is not well-understood, we + // are being conservative for now like httpd is: + // https://httpd.apache.org/docs/2.4/en/howto/http2.html#push + // we only copy some well-known, safe headers that are likely + // crucial when requesting certain kinds of content + for _, fieldName := range safeHeaders { + if vals, ok := r.Header[fieldName]; ok { + hdr[fieldName] = vals + } + } + + // user can customize the push request headers + if h.Headers != nil { + h.Headers.ApplyTo(hdr, repl) + } + + return hdr +} + +// servePreloadLinks parses Link headers from upstream and pushes +// resources described by them. If a resource has the "nopush" +// attribute or describes an external entity (meaning, the resource +// URI includes a scheme), it will not be pushed. +func (h Handler) servePreloadLinks(pusher http.Pusher, hdr http.Header, resources []string) { + for _, resource := range resources { + for _, resource := range parseLinkHeader(resource) { + if _, ok := resource.params["nopush"]; ok { + continue + } + if isRemoteResource(resource.uri) { + continue + } + err := pusher.Push(resource.uri, &http.PushOptions{ + Header: hdr, + }) + if err != nil { + return + } + } + } +} + +// Resource represents a request for a resource to push. +type Resource struct { + // Method is the request method, which must be GET or HEAD. + // Default is GET. + Method string `json:"method,omitempty"` + + // Target is the path to the resource being pushed. + Target string `json:"target,omitempty"` +} + +// HeaderConfig configures headers for synthetic push requests. +type HeaderConfig struct { + headers.HeaderOps +} + +// linkPusher is a http.ResponseWriter that intercepts +// the WriteHeader() call to ensure that any resources +// described by Link response headers get pushed before +// the response is allowed to be written. +type linkPusher struct { + *caddyhttp.ResponseWriterWrapper + handler Handler + pusher http.Pusher + header http.Header + request *http.Request +} + +func (lp linkPusher) WriteHeader(statusCode int) { + if links, ok := lp.ResponseWriter.Header()["Link"]; ok { + // only initiate these pushes if it hasn't been done yet + if val := caddyhttp.GetVar(lp.request.Context(), pushedLink); val == nil { + lp.handler.logger.Debug("pushing Link resources", zap.Strings("linked", links)) + caddyhttp.SetVar(lp.request.Context(), pushedLink, true) + lp.handler.servePreloadLinks(lp.pusher, lp.header, links) + } + } + lp.ResponseWriter.WriteHeader(statusCode) +} + +// isRemoteResource returns true if resource starts with +// a scheme or is a protocol-relative URI. +func isRemoteResource(resource string) bool { + return strings.HasPrefix(resource, "//") || + strings.HasPrefix(resource, "http://") || + strings.HasPrefix(resource, "https://") +} + +// safeHeaders is a list of header fields that are +// safe to copy to push requests implicitly. It is +// assumed that requests for certain kinds of content +// would fail without these fields present. +var safeHeaders = []string{ + "Accept-Encoding", + "Accept-Language", + "Accept", + "Cache-Control", + "User-Agent", +} + +// pushHeader is a header field that gets added to push requests +// in order to avoid recursive/infinite pushes. +const pushHeader = "Caddy-Push" + +// pushedLink is the key for the variable on the request +// context that we use to remember whether we have already +// pushed resources from Link headers yet; otherwise, if +// multiple push handlers are invoked, it would repeat the +// pushing of Link headers. +const pushedLink = "http.handlers.push.pushed_link" + +// Interface guards +var ( + _ caddy.Provisioner = (*Handler)(nil) + _ caddyhttp.MiddlewareHandler = (*Handler)(nil) + _ caddyhttp.HTTPInterfaces = (*linkPusher)(nil) +) diff --git a/modules/caddyhttp/push/link.go b/modules/caddyhttp/push/link.go new file mode 100644 index 00000000..16b0e7d2 --- /dev/null +++ b/modules/caddyhttp/push/link.go @@ -0,0 +1,78 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package push + +import ( + "strings" +) + +// linkResource contains the results of a parsed Link header. +type linkResource struct { + uri string + params map[string]string +} + +// parseLinkHeader is responsible for parsing Link header +// and returning list of found resources. +// +// Accepted formats are: +// +// Link: ; as=script +// Link: ; as=script,; as=style +// Link: ; +// +// where begins with a forward slash (/). +func parseLinkHeader(header string) []linkResource { + resources := []linkResource{} + + if header == "" { + return resources + } + + for _, link := range strings.Split(header, comma) { + l := linkResource{params: make(map[string]string)} + + li, ri := strings.Index(link, "<"), strings.Index(link, ">") + if li == -1 || ri == -1 { + continue + } + + l.uri = strings.TrimSpace(link[li+1 : ri]) + + for _, param := range strings.Split(strings.TrimSpace(link[ri+1:]), semicolon) { + parts := strings.SplitN(strings.TrimSpace(param), equal, 2) + key := strings.TrimSpace(parts[0]) + if key == "" { + continue + } + if len(parts) == 1 { + l.params[key] = key + } + if len(parts) == 2 { + l.params[key] = strings.TrimSpace(parts[1]) + } + } + + resources = append(resources, l) + } + + return resources +} + +const ( + comma = "," + semicolon = ";" + equal = "=" +) diff --git a/modules/caddyhttp/push/link_test.go b/modules/caddyhttp/push/link_test.go new file mode 100644 index 00000000..238e284b --- /dev/null +++ b/modules/caddyhttp/push/link_test.go @@ -0,0 +1,85 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +package push + +import ( + "reflect" + "testing" +) + +func TestParseLinkHeader(t *testing.T) { + testCases := []struct { + header string + expectedResources []linkResource + }{ + { + header: "; as=script", + expectedResources: []linkResource{{uri: "/resource", params: map[string]string{"as": "script"}}}, + }, + { + header: "", + expectedResources: []linkResource{{uri: "/resource", params: map[string]string{}}}, + }, + { + header: "; nopush", + expectedResources: []linkResource{{uri: "/resource", params: map[string]string{"nopush": "nopush"}}}, + }, + { + header: ";nopush;rel=next", + expectedResources: []linkResource{{uri: "/resource", params: map[string]string{"nopush": "nopush", "rel": "next"}}}, + }, + { + header: ";nopush;rel=next,;nopush", + expectedResources: []linkResource{ + {uri: "/resource", params: map[string]string{"nopush": "nopush", "rel": "next"}}, + {uri: "/resource2", params: map[string]string{"nopush": "nopush"}}, + }, + }, + { + header: ",", + expectedResources: []linkResource{ + {uri: "/resource", params: map[string]string{}}, + {uri: "/resource2", params: map[string]string{}}, + }, + }, + { + header: "malformed", + expectedResources: []linkResource{}, + }, + { + header: " ; ", + expectedResources: []linkResource{{uri: "/resource", params: map[string]string{}}}, + }, + } + + for i, test := range testCases { + actualResources := parseLinkHeader(test.header) + if !reflect.DeepEqual(actualResources, test.expectedResources) { + t.Errorf("Test %d (header: %s) - expected resources %v, got %v", + i, test.header, test.expectedResources, actualResources) + } + } +} diff --git a/modules/caddyhttp/standard/imports.go b/modules/caddyhttp/standard/imports.go index dabec812..0aeef842 100644 --- a/modules/caddyhttp/standard/imports.go +++ b/modules/caddyhttp/standard/imports.go @@ -10,6 +10,7 @@ import ( _ "github.com/caddyserver/caddy/v2/modules/caddyhttp/fileserver" _ "github.com/caddyserver/caddy/v2/modules/caddyhttp/headers" _ "github.com/caddyserver/caddy/v2/modules/caddyhttp/map" + _ "github.com/caddyserver/caddy/v2/modules/caddyhttp/push" _ "github.com/caddyserver/caddy/v2/modules/caddyhttp/requestbody" _ "github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy" _ "github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy/fastcgi" From fb9d874fa91c796fdb1c6cb32ab3246e63d38af9 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 20 Jul 2020 15:55:51 -0400 Subject: [PATCH 0141/1498] caddyfile: Export Tokenize function for lexing (#3549) --- caddyconfig/caddyfile/lexer.go | 19 +++++++ caddyconfig/caddyfile/lexer_test.go | 84 +++++++++++++---------------- caddyconfig/caddyfile/parse.go | 8 +-- 3 files changed, 57 insertions(+), 54 deletions(-) diff --git a/caddyconfig/caddyfile/lexer.go b/caddyconfig/caddyfile/lexer.go index 568d15cb..188ef064 100755 --- a/caddyconfig/caddyfile/lexer.go +++ b/caddyconfig/caddyfile/lexer.go @@ -16,6 +16,7 @@ package caddyfile import ( "bufio" + "bytes" "io" "unicode" ) @@ -168,3 +169,21 @@ func (l *lexer) next() bool { val = append(val, ch) } } + +// Tokenize takes bytes as input and lexes it into +// a list of tokens that can be parsed as a Caddyfile. +// Also takes a filename to fill the token's File as +// the source of the tokens, which is important to +// determine relative paths for `import` directives. +func Tokenize(input []byte, filename string) ([]Token, error) { + l := lexer{} + if err := l.load(bytes.NewReader(input)); err != nil { + return nil, err + } + var tokens []Token + for l.next() { + l.token.File = filename + tokens = append(tokens, l.token) + } + return tokens, nil +} diff --git a/caddyconfig/caddyfile/lexer_test.go b/caddyconfig/caddyfile/lexer_test.go index c8c941a9..57df16cb 100755 --- a/caddyconfig/caddyfile/lexer_test.go +++ b/caddyconfig/caddyfile/lexer_test.go @@ -15,37 +15,35 @@ package caddyfile import ( - "log" - "strings" "testing" ) type lexerTestCase struct { - input string + input []byte expected []Token } func TestLexer(t *testing.T) { testCases := []lexerTestCase{ { - input: `host:123`, + input: []byte(`host:123`), expected: []Token{ {Line: 1, Text: "host:123"}, }, }, { - input: `host:123 + input: []byte(`host:123 - directive`, + directive`), expected: []Token{ {Line: 1, Text: "host:123"}, {Line: 3, Text: "directive"}, }, }, { - input: `host:123 { + input: []byte(`host:123 { directive - }`, + }`), expected: []Token{ {Line: 1, Text: "host:123"}, {Line: 1, Text: "{"}, @@ -54,7 +52,7 @@ func TestLexer(t *testing.T) { }, }, { - input: `host:123 { directive }`, + input: []byte(`host:123 { directive }`), expected: []Token{ {Line: 1, Text: "host:123"}, {Line: 1, Text: "{"}, @@ -63,12 +61,12 @@ func TestLexer(t *testing.T) { }, }, { - input: `host:123 { + input: []byte(`host:123 { #comment directive # comment foobar # another comment - }`, + }`), expected: []Token{ {Line: 1, Text: "host:123"}, {Line: 1, Text: "{"}, @@ -78,10 +76,10 @@ func TestLexer(t *testing.T) { }, }, { - input: `host:123 { + input: []byte(`host:123 { # hash inside string is not a comment redir / /some/#/path - }`, + }`), expected: []Token{ {Line: 1, Text: "host:123"}, {Line: 1, Text: "{"}, @@ -92,14 +90,14 @@ func TestLexer(t *testing.T) { }, }, { - input: "# comment at beginning of file\n# comment at beginning of line\nhost:123", + input: []byte("# comment at beginning of file\n# comment at beginning of line\nhost:123"), expected: []Token{ {Line: 3, Text: "host:123"}, }, }, { - input: `a "quoted value" b - foobar`, + input: []byte(`a "quoted value" b + foobar`), expected: []Token{ {Line: 1, Text: "a"}, {Line: 1, Text: "quoted value"}, @@ -108,7 +106,7 @@ func TestLexer(t *testing.T) { }, }, { - input: `A "quoted \"value\" inside" B`, + input: []byte(`A "quoted \"value\" inside" B`), expected: []Token{ {Line: 1, Text: "A"}, {Line: 1, Text: `quoted "value" inside`}, @@ -116,7 +114,7 @@ func TestLexer(t *testing.T) { }, }, { - input: "An escaped \"newline\\\ninside\" quotes", + input: []byte("An escaped \"newline\\\ninside\" quotes"), expected: []Token{ {Line: 1, Text: "An"}, {Line: 1, Text: "escaped"}, @@ -125,7 +123,7 @@ func TestLexer(t *testing.T) { }, }, { - input: "An escaped newline\\\noutside quotes", + input: []byte("An escaped newline\\\noutside quotes"), expected: []Token{ {Line: 1, Text: "An"}, {Line: 1, Text: "escaped"}, @@ -135,7 +133,7 @@ func TestLexer(t *testing.T) { }, }, { - input: "line1\\\nescaped\nline2\nline3", + input: []byte("line1\\\nescaped\nline2\nline3"), expected: []Token{ {Line: 1, Text: "line1"}, {Line: 1, Text: "escaped"}, @@ -144,7 +142,7 @@ func TestLexer(t *testing.T) { }, }, { - input: "line1\\\nescaped1\\\nescaped2\nline4\nline5", + input: []byte("line1\\\nescaped1\\\nescaped2\nline4\nline5"), expected: []Token{ {Line: 1, Text: "line1"}, {Line: 1, Text: "escaped1"}, @@ -154,34 +152,34 @@ func TestLexer(t *testing.T) { }, }, { - input: `"unescapable\ in quotes"`, + input: []byte(`"unescapable\ in quotes"`), expected: []Token{ {Line: 1, Text: `unescapable\ in quotes`}, }, }, { - input: `"don't\escape"`, + input: []byte(`"don't\escape"`), expected: []Token{ {Line: 1, Text: `don't\escape`}, }, }, { - input: `"don't\\escape"`, + input: []byte(`"don't\\escape"`), expected: []Token{ {Line: 1, Text: `don't\\escape`}, }, }, { - input: `un\escapable`, + input: []byte(`un\escapable`), expected: []Token{ {Line: 1, Text: `un\escapable`}, }, }, { - input: `A "quoted value with line + input: []byte(`A "quoted value with line break inside" { foobar - }`, + }`), expected: []Token{ {Line: 1, Text: "A"}, {Line: 1, Text: "quoted value with line\n\t\t\t\t\tbreak inside"}, @@ -191,13 +189,13 @@ func TestLexer(t *testing.T) { }, }, { - input: `"C:\php\php-cgi.exe"`, + input: []byte(`"C:\php\php-cgi.exe"`), expected: []Token{ {Line: 1, Text: `C:\php\php-cgi.exe`}, }, }, { - input: `empty "" string`, + input: []byte(`empty "" string`), expected: []Token{ {Line: 1, Text: `empty`}, {Line: 1, Text: ``}, @@ -205,7 +203,7 @@ func TestLexer(t *testing.T) { }, }, { - input: "skip those\r\nCR characters", + input: []byte("skip those\r\nCR characters"), expected: []Token{ {Line: 1, Text: "skip"}, {Line: 1, Text: "those"}, @@ -214,13 +212,13 @@ func TestLexer(t *testing.T) { }, }, { - input: "\xEF\xBB\xBF:8080", // test with leading byte order mark + input: []byte("\xEF\xBB\xBF:8080"), // test with leading byte order mark expected: []Token{ {Line: 1, Text: ":8080"}, }, }, { - input: "simple `backtick quoted` string", + input: []byte("simple `backtick quoted` string"), expected: []Token{ {Line: 1, Text: `simple`}, {Line: 1, Text: `backtick quoted`}, @@ -228,7 +226,7 @@ func TestLexer(t *testing.T) { }, }, { - input: "multiline `backtick\nquoted\n` string", + input: []byte("multiline `backtick\nquoted\n` string"), expected: []Token{ {Line: 1, Text: `multiline`}, {Line: 1, Text: "backtick\nquoted\n"}, @@ -236,7 +234,7 @@ func TestLexer(t *testing.T) { }, }, { - input: "nested `\"quotes inside\" backticks` string", + input: []byte("nested `\"quotes inside\" backticks` string"), expected: []Token{ {Line: 1, Text: `nested`}, {Line: 1, Text: `"quotes inside" backticks`}, @@ -244,7 +242,7 @@ func TestLexer(t *testing.T) { }, }, { - input: "reverse-nested \"`backticks` inside\" quotes", + input: []byte("reverse-nested \"`backticks` inside\" quotes"), expected: []Token{ {Line: 1, Text: `reverse-nested`}, {Line: 1, Text: "`backticks` inside"}, @@ -254,22 +252,14 @@ func TestLexer(t *testing.T) { } for i, testCase := range testCases { - actual := tokenize(testCase.input) + actual, err := Tokenize(testCase.input, "") + if err != nil { + t.Errorf("%v", err) + } lexerCompare(t, i, testCase.expected, actual) } } -func tokenize(input string) (tokens []Token) { - l := lexer{} - if err := l.load(strings.NewReader(input)); err != nil { - log.Printf("[ERROR] load failed: %v", err) - } - for l.next() { - tokens = append(tokens, l.token) - } - return -} - func lexerCompare(t *testing.T, n int, expected, actual []Token) { if len(expected) != len(actual) { t.Errorf("Test case %d: expected %d token(s) but got %d", n, len(expected), len(actual)) diff --git a/caddyconfig/caddyfile/parse.go b/caddyconfig/caddyfile/parse.go index 5cb5b686..4ae98ca4 100755 --- a/caddyconfig/caddyfile/parse.go +++ b/caddyconfig/caddyfile/parse.go @@ -87,16 +87,10 @@ func allTokens(filename string, input []byte) ([]Token, error) { if err != nil { return nil, err } - l := new(lexer) - err = l.load(bytes.NewReader(input)) + tokens, err := Tokenize(input, filename) if err != nil { return nil, err } - var tokens []Token - for l.next() { - l.token.File = filename - tokens = append(tokens, l.token) - } return tokens, nil } From 28d870c193f33920cd10e3038151d18173e533ec Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 20 Jul 2020 14:57:40 -0600 Subject: [PATCH 0142/1498] go.mod: Update quic-go, truststore, and goldmark --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 0c716102..f3095168 100644 --- a/go.mod +++ b/go.mod @@ -15,14 +15,14 @@ require ( github.com/klauspost/compress v1.10.10 github.com/klauspost/cpuid v1.2.5 github.com/libdns/libdns v0.0.0-20200501023120-186724ffc821 - github.com/lucas-clemente/quic-go v0.17.2 + github.com/lucas-clemente/quic-go v0.17.3 github.com/naoina/go-stringutil v0.1.0 // indirect github.com/naoina/toml v0.1.1 github.com/smallstep/certificates v0.14.6 github.com/smallstep/cli v0.14.6 github.com/smallstep/nosql v0.3.0 - github.com/smallstep/truststore v0.9.5 - github.com/yuin/goldmark v1.1.32 + github.com/smallstep/truststore v0.9.6 + github.com/yuin/goldmark v1.1.33 github.com/yuin/goldmark-highlighting v0.0.0-20200307114337-60d527fdb691 go.uber.org/zap v1.15.0 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 diff --git a/go.sum b/go.sum index 0c740450..a5cfe1e7 100644 --- a/go.sum +++ b/go.sum @@ -434,8 +434,8 @@ github.com/libdns/libdns v0.0.0-20200501023120-186724ffc821/go.mod h1:yQCXzk1lEZ github.com/linode/linodego v0.10.0/go.mod h1:cziNP7pbvE3mXIPneHj0oRY8L1WtGEIKlZ8LANE4eXA= github.com/liquidweb/liquidweb-go v1.6.0/go.mod h1:UDcVnAMDkZxpw4Y7NOHkqoeiGacVLEIG/i5J9cyixzQ= github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= -github.com/lucas-clemente/quic-go v0.17.2 h1:4iQInIuNQkPNZmsy9rCnwuOzpH0qGnDo4jn0QfI/qE4= -github.com/lucas-clemente/quic-go v0.17.2/go.mod h1:I0+fcNTdb9eS1ZcjQZbDVPGchJ86chcIxPALn9lEJqE= +github.com/lucas-clemente/quic-go v0.17.3 h1:jMX/MmDNCljfisgMmPGUcBJ+zUh9w3d3ia4YJjYS3TM= +github.com/lucas-clemente/quic-go v0.17.3/go.mod h1:I0+fcNTdb9eS1ZcjQZbDVPGchJ86chcIxPALn9lEJqE= github.com/lunixbochs/vtclean v1.0.0 h1:xu2sLAri4lGiovBDQKxl5mrXyESr3gUr5m5SM5+LVb8= github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/magiconair/properties v1.7.6/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= @@ -643,8 +643,8 @@ github.com/smallstep/cli v0.14.6/go.mod h1:Gs9mXwk5tIBlSISt1tvCAMso7eEAiJRyNgR/6 github.com/smallstep/nosql v0.3.0 h1:V1X5vfDsDt89499h3jZFUlR4VnnsYYs5tXaQZ0w8z5U= github.com/smallstep/nosql v0.3.0/go.mod h1:QG7gNOpidifn99MjZaiNbm7HPesIyBd97F/OfacNz8Q= github.com/smallstep/truststore v0.9.3/go.mod h1:PRSkpRIhAYBK/KLWkHNgRdYgzWMEy45bN7PSJCfKKGE= -github.com/smallstep/truststore v0.9.5 h1:KQ6bFXUadu3PG57sFSIBsu2pb/35NqO+MyS2Pvi62bA= -github.com/smallstep/truststore v0.9.5/go.mod h1:HwHKRcBi0RUxxw1LYDpTRhYC4jZUuxPpkHdVonlkoDM= +github.com/smallstep/truststore v0.9.6 h1:vNzEJmaJL0XOZD8uouXLmYu4/aP1UQ/wHUopH3qKeYA= +github.com/smallstep/truststore v0.9.6/go.mod h1:HwHKRcBi0RUxxw1LYDpTRhYC4jZUuxPpkHdVonlkoDM= github.com/smallstep/zcrypto v0.0.0-20200203191936-fbc32cf76bce/go.mod h1:+F24VU3UCxfVFvvqgm5jNUFQOm/L6ed13ImwWGFgg/g= github.com/smallstep/zlint v0.0.0-20180727184541-d84eaafe274f/go.mod h1:GeHHT7sJDI9ti3oEaFnvx1F4N8n3ZSw2YM1+sbEoxc4= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= @@ -719,8 +719,8 @@ github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQ github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= github.com/yuin/goldmark v1.1.22/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.1.32 h1:5tjfNdR2ki3yYQ842+eX2sQHeiwpKJ0RnHO4IYOc4V8= -github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.1.33 h1:Q0PzHNn2h69wYmmE2SukzuQe0VBwErZrgJ5ZB8od6zQ= +github.com/yuin/goldmark v1.1.33/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark-highlighting v0.0.0-20200307114337-60d527fdb691 h1:VWSxtAiQNh3zgHJpdpkpVYjTPqRE3P6UZCOPa1nRDio= github.com/yuin/goldmark-highlighting v0.0.0-20200307114337-60d527fdb691/go.mod h1:YLF3kDffRfUH/bTxOxHhV6lxwIB3Vfj91rEwNMS9MXo= github.com/zmap/rc2 v0.0.0-20131011165748-24b9757f5521/go.mod h1:3YZ9o3WnatTIZhuOtot4IcUfzoKVjUHqu6WALIyI0nE= From 2bc30bb780f3b93593a2a9e42db6ab215fe12902 Mon Sep 17 00:00:00 2001 From: Patrick Hein Date: Tue, 21 Jul 2020 01:17:38 +0200 Subject: [PATCH 0143/1498] templates: Implement placeholders function (#3324) * caddyhttp, httpcaddyfile: Implement placeholders in template * caddyhttp, httpcaddyfile: Remove support for placeholder shorthands in templates * Update modules/caddyhttp/templates/templates.go updates JSON doc Co-authored-by: Matt Holt * Update modules/caddyhttp/templates/tplcontext.go Co-authored-by: Matt Holt Co-authored-by: Matt Holt --- modules/caddyhttp/templates/templates.go | 10 ++++++++++ modules/caddyhttp/templates/tplcontext.go | 8 ++++++++ 2 files changed, 18 insertions(+) diff --git a/modules/caddyhttp/templates/templates.go b/modules/caddyhttp/templates/templates.go index f5df9be0..f9ce1c39 100644 --- a/modules/caddyhttp/templates/templates.go +++ b/modules/caddyhttp/templates/templates.go @@ -64,6 +64,16 @@ func init() { // {{env "VAR_NAME"}} // ``` // +// ##### `placeholder` +// +// Gets an [placeholder variable](/docs/conventions#placeholders). +// The braces (`{}`) have to be omitted. +// +// ``` +// {{placeholder "http.request.uri.path"}} +// {{placeholder "http.error.status_code"}} +// ``` +// // ##### `.Host` // // Returns the hostname portion (no port) of the Host header of the HTTP request. diff --git a/modules/caddyhttp/templates/tplcontext.go b/modules/caddyhttp/templates/tplcontext.go index 814d06f3..7bc0ce79 100644 --- a/modules/caddyhttp/templates/tplcontext.go +++ b/modules/caddyhttp/templates/tplcontext.go @@ -29,6 +29,7 @@ import ( "github.com/Masterminds/sprig/v3" "github.com/alecthomas/chroma/formatters/html" + "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/modules/caddyhttp" "github.com/yuin/goldmark" highlighting "github.com/yuin/goldmark-highlighting" @@ -152,6 +153,7 @@ func (c templateContext) executeTemplateInBuffer(tplName string, buf *bytes.Buff "splitFrontMatter": c.funcSplitFrontMatter, "listFiles": c.funcListFiles, "env": c.funcEnv, + "placeholder": c.placeholder, }) parsedTpl, err := tpl.Parse(buf.String()) @@ -164,6 +166,12 @@ func (c templateContext) executeTemplateInBuffer(tplName string, buf *bytes.Buff return parsedTpl.Execute(buf, c) } +func (c templateContext) placeholder(name string) string { + repl := c.Req.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) + value, _ := repl.GetString(name) + return value +} + func (templateContext) funcEnv(varName string) string { return os.Getenv(varName) } From 6a14e2c2a8881d5e90f1ee363ec4662a3f87402b Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Thu, 30 Jul 2020 15:18:14 -0600 Subject: [PATCH 0144/1498] caddytls: Replace lego with acmez (#3621) * Replace lego with acmez; upgrade CertMagic * Update integration test --- caddyconfig/httpcaddyfile/builtins.go | 14 ++ caddyconfig/httpcaddyfile/options.go | 7 +- caddyconfig/httpcaddyfile/tlsapp.go | 3 +- .../caddyfile_adapt/global_options_acme.txt | 8 +- go.mod | 9 +- go.sum | 228 ++---------------- modules/caddytls/acmeissuer.go | 67 +++-- modules/caddytls/automation.go | 13 +- modules/caddytls/connpolicy.go | 12 +- modules/caddytls/dnssolver.go | 113 --------- modules/caddytls/tls.go | 9 +- 11 files changed, 97 insertions(+), 386 deletions(-) delete mode 100644 modules/caddytls/dnssolver.go diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index fde56016..5dbb4063 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -29,6 +29,7 @@ import ( "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" "github.com/caddyserver/caddy/v2/modules/caddyhttp" "github.com/caddyserver/caddy/v2/modules/caddytls" + "github.com/mholt/acmez/acme" "go.uber.org/zap/zapcore" ) @@ -262,6 +263,19 @@ func parseTLS(h Helper) ([]ConfigValue, error) { } acmeIssuer.CA = arg[0] + case "eab": + arg := h.RemainingArgs() + if len(arg) != 2 { + return nil, h.ArgErr() + } + if acmeIssuer == nil { + acmeIssuer = new(caddytls.ACMEIssuer) + } + acmeIssuer.ExternalAccount = &acme.EAB{ + KeyID: arg[0], + MACKey: arg[1], + } + case "dns": if !h.NextArg() { return nil, h.ArgErr() diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go index 2b6b111e..f69ca3ec 100644 --- a/caddyconfig/httpcaddyfile/options.go +++ b/caddyconfig/httpcaddyfile/options.go @@ -20,6 +20,7 @@ import ( "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" "github.com/caddyserver/caddy/v2/modules/caddytls" + "github.com/mholt/acmez/acme" ) func init() { @@ -182,7 +183,7 @@ func parseOptStorage(d *caddyfile.Dispenser) (interface{}, error) { } func parseOptACMEEAB(d *caddyfile.Dispenser) (interface{}, error) { - eab := new(caddytls.ExternalAccountBinding) + eab := new(acme.EAB) for d.Next() { if d.NextArg() { return nil, d.ArgErr() @@ -195,11 +196,11 @@ func parseOptACMEEAB(d *caddyfile.Dispenser) (interface{}, error) { } eab.KeyID = d.Val() - case "hmac": + case "mac_key": if !d.NextArg() { return nil, d.ArgErr() } - eab.HMAC = d.Val() + eab.MACKey = d.Val() default: return nil, d.Errf("unrecognized parameter '%s'", d.Val()) diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index 029c024a..aa3e5be0 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -27,6 +27,7 @@ import ( "github.com/caddyserver/caddy/v2/modules/caddyhttp" "github.com/caddyserver/caddy/v2/modules/caddytls" "github.com/caddyserver/certmagic" + "github.com/mholt/acmez/acme" ) func (st ServerType) buildTLSApp( @@ -399,7 +400,7 @@ func newBaseAutomationPolicy(options map[string]interface{}, warnings []caddycon mgr.TrustedRootsPEMFiles = []string{acmeCARoot.(string)} } if acmeEAB != nil { - mgr.ExternalAccount = acmeEAB.(*caddytls.ExternalAccountBinding) + mgr.ExternalAccount = acmeEAB.(*acme.EAB) } if keyType != nil { ap.KeyType = keyType.(string) diff --git a/caddytest/integration/caddyfile_adapt/global_options_acme.txt b/caddytest/integration/caddyfile_adapt/global_options_acme.txt index edb52778..500a7231 100644 --- a/caddytest/integration/caddyfile_adapt/global_options_acme.txt +++ b/caddytest/integration/caddyfile_adapt/global_options_acme.txt @@ -9,8 +9,8 @@ } acme_ca https://example.com acme_eab { - key_id 4K2scIVbBpNd-78scadB2g - hmac abcdefghijklmnopqrstuvwx-abcdefghijklnopqrstuvwxyz12ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefgh + key_id 4K2scIVbBpNd-78scadB2g + mac_key abcdefghijklmnopqrstuvwx-abcdefghijklnopqrstuvwxyz12ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefgh } acme_ca_root /path/to/ca.crt email test@example.com @@ -61,8 +61,8 @@ "ca": "https://example.com", "email": "test@example.com", "external_account": { - "hmac": "abcdefghijklmnopqrstuvwx-abcdefghijklnopqrstuvwxyz12ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefgh", - "key_id": "4K2scIVbBpNd-78scadB2g" + "key_id": "4K2scIVbBpNd-78scadB2g", + "mac_key": "abcdefghijklmnopqrstuvwx-abcdefghijklnopqrstuvwxyz12ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefgh" }, "module": "acme", "trusted_roots_pem_files": [ diff --git a/go.mod b/go.mod index f3095168..1cad2872 100644 --- a/go.mod +++ b/go.mod @@ -6,16 +6,15 @@ require ( github.com/Masterminds/sprig/v3 v3.1.0 github.com/alecthomas/chroma v0.7.4-0.20200517063913-500529fd43c1 github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a - github.com/caddyserver/certmagic v0.11.2 + github.com/caddyserver/certmagic v0.11.3-0.20200730200704-7d9dfc3fe638 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac - github.com/go-acme/lego/v3 v3.7.0 github.com/go-chi/chi v4.1.2+incompatible github.com/google/cel-go v0.5.1 github.com/jsternberg/zap-logfmt v1.2.0 github.com/klauspost/compress v1.10.10 github.com/klauspost/cpuid v1.2.5 - github.com/libdns/libdns v0.0.0-20200501023120-186724ffc821 github.com/lucas-clemente/quic-go v0.17.3 + github.com/mholt/acmez v0.1.0 github.com/naoina/go-stringutil v0.1.0 // indirect github.com/naoina/toml v0.1.1 github.com/smallstep/certificates v0.14.6 @@ -25,10 +24,10 @@ require ( github.com/yuin/goldmark v1.1.33 github.com/yuin/goldmark-highlighting v0.0.0-20200307114337-60d527fdb691 go.uber.org/zap v1.15.0 - golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 + golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de golang.org/x/net v0.0.0-20200625001655-4c5254603344 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013 - google.golang.org/protobuf v1.25.0 + google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc gopkg.in/natefinch/lumberjack.v2 v2.0.0 gopkg.in/yaml.v2 v2.3.0 ) diff --git a/go.sum b/go.sum index a5cfe1e7..63b41e9d 100644 --- a/go.sum +++ b/go.sum @@ -7,24 +7,12 @@ cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6A cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= -cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= +cloud.google.com/go v0.51.0 h1:PvKAVQWCtlGUSlZkGW3QLelKaWq7KYv/MW1EboG8bfM= cloud.google.com/go v0.51.0/go.mod h1:hWtGJ6gnXH+KgDv+V0zFGDvpi07n3z8ZNj3T1RW0Gcw= -cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= -cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= -cloud.google.com/go v0.54.0 h1:3ithwDMr7/3vpAMXiH+ZQnYbuIsh+OPhUPMFC9enmn0= -cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= -cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= -cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= -cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= -cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= -cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= -cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= -cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= -contrib.go.opencensus.io/exporter/ocagent v0.4.12/go.mod h1:450APlNTSR6FrvC3CTRqYosuDstRB9un7SOx2k/9ckA= contrib.go.opencensus.io/exporter/stackdriver v0.12.1/go.mod h1:iwB6wGarfphGGe/e5CWqyUk/cLzKnWsOKPVW3no6OTw= contrib.go.opencensus.io/resource v0.1.1/go.mod h1:F361eGI91LCmW1I/Saf+rX0+OFcigGlFvXwEGEnkRLA= dmitri.shuralyov.com/app/changes v0.0.0-20180602232624-0a106ad413e3/go.mod h1:Yl+fi1br7+Rr3LqpNJf1/uxUdtRUV+Tnj0o93V2B9MU= @@ -35,19 +23,6 @@ dmitri.shuralyov.com/state v0.0.0-20180228185332-28bcc343414c/go.mod h1:0PRwlb0D git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg= github.com/AndreasBriese/bbloom v0.0.0-20190306092124-e2d15f34fcf9 h1:HD8gA2tkByhMAwYaFAX9w2l7vxvBQ5NMoxDrkhqhtn4= github.com/AndreasBriese/bbloom v0.0.0-20190306092124-e2d15f34fcf9/go.mod h1:bOvUY6CB00SOBii9/FifXqc0awNKxLFCL/+pkDPuyl8= -github.com/Azure/azure-sdk-for-go v32.4.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/go-autorest/autorest v0.1.0/go.mod h1:AKyIcETwSUFxIcs/Wnq/C+kwCtlEYGUVd7FPNb2slmg= -github.com/Azure/go-autorest/autorest v0.5.0/go.mod h1:9HLKlQjVBH6U3oDfsXOeVc56THsLPw1L03yban4xThw= -github.com/Azure/go-autorest/autorest/adal v0.1.0/go.mod h1:MeS4XhScH55IST095THyTxElntu7WqB7pNbZo8Q5G3E= -github.com/Azure/go-autorest/autorest/adal v0.2.0/go.mod h1:MeS4XhScH55IST095THyTxElntu7WqB7pNbZo8Q5G3E= -github.com/Azure/go-autorest/autorest/azure/auth v0.1.0/go.mod h1:Gf7/i2FUpyb/sGBLIFxTBzrNzBo7aPXXE3ZVeDRwdpM= -github.com/Azure/go-autorest/autorest/azure/cli v0.1.0/go.mod h1:Dk8CUAt/b/PzkfeRsWzVG9Yj3ps8mS8ECztu43rdU8U= -github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA= -github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0= -github.com/Azure/go-autorest/autorest/to v0.2.0/go.mod h1:GunWKJp1AEqgMaGLV+iocmRAJWqST1wQYhyyjXJ3SJc= -github.com/Azure/go-autorest/autorest/validation v0.1.0/go.mod h1:Ha3z/SqBeaalWQvokg3NZAlQTalVMtOIAs1aGK7G6u8= -github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc= -github.com/Azure/go-autorest/tracing v0.1.0/go.mod h1:ROEEAFwXycQw7Sn3DXNtEedEvdeRAgDr0izn4z5Ij88= github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= @@ -70,14 +45,10 @@ github.com/Masterminds/vcs v1.13.0/go.mod h1:N09YCmOQr6RLxC6UNHzuVwAdodYbbnycGHS github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA= github.com/OneOfOne/xxhash v1.2.2 h1:KMrpdQIwFcEqXDklaen+P1axHaj9BSKzvpUUfnHldSE= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= -github.com/OpenDNS/vegadns2client v0.0.0-20180418235048-a3fa4a771d87/go.mod h1:iGLljf5n9GjT6kc0HBvyI1nOKnGQbNB66VzSNbK5iks= github.com/OpenPeeDeeP/depguard v1.0.0/go.mod h1:7/4sitnI9YlQgTLLk734QlzXT8DuHVnAyztLplQjk+o= github.com/OpenPeeDeeP/depguard v1.0.1/go.mod h1:xsIw86fROiiwelg+jB2uM9PiKihMMmUx/1V+TNhjQvM= -github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= -github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= github.com/StackExchange/wmi v0.0.0-20180116203802-5d049714c4a6/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg= github.com/ThomasRooney/gexpect v0.0.0-20161231170123-5482f0350944/go.mod h1:sPML5WwI6oxLRLPuuqbtoOKhtmpVDCYtwsps+I+vjIY= -github.com/akamai/AkamaiOPEN-edgegrid-golang v0.9.8/go.mod h1:aVvklgKsPENRkl29bNwrHISa1F+YLGTHArMxZMBqWM8= github.com/akavel/rsrc v0.8.0/go.mod h1:uLoCtb9J+EyAqh+26kdrTgmzRBFPGOolLWKpdxkKq+c= github.com/alecthomas/assert v0.0.0-20170929043011-405dbfeb8e38 h1:smF2tmSOzy2Mm+0dGI2AIUHY+w0BUc+4tn40djz7+6U= github.com/alecthomas/assert v0.0.0-20170929043011-405dbfeb8e38/go.mod h1:r7bzyVFMNntcxPZXK3/+KdruV1H5KSlyVY0gc+NgInI= @@ -96,18 +67,15 @@ github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuy github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/aliyun/alibaba-cloud-sdk-go v1.61.112/go.mod h1:pUKYbK5JQ+1Dfxk80P0qxGqe5dkxDoabbZS7zOcouyA= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/antlr/antlr4 v0.0.0-20200503195918-621b933c7a7f h1:0cEys61Sr2hUBEXfNV8eyQP01oZuBgoMeHunebPirK8= github.com/antlr/antlr4 v0.0.0-20200503195918-621b933c7a7f/go.mod h1:T7PbCXFs94rrTttyxjbyT5+/1V8T2TYDejxUfHJjw1Y= -github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a h1:pv34s756C4pEXnjgPfGYgdhg/ZdajGhyOvzx8k+23nw= github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A= github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/aws/aws-sdk-go v1.19.18/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.30.20/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/aws/aws-sdk-go v1.30.29 h1:NXNqBS9hjOCpDL8SyCyl38gZX3LLLunKOJc5E7vJ8P0= github.com/aws/aws-sdk-go v1.30.29/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= @@ -118,10 +86,8 @@ github.com/bombsimon/wsl/v2 v2.0.0/go.mod h1:mf25kr/SqFEPhhcxW1+7pxzGlW+hIl/hYTK github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= -github.com/caddyserver/certmagic v0.11.2 h1:nPBqyuFNHJEf2FwC1ixJjArtTKWyPqpaH6k4jl7gxYI= -github.com/caddyserver/certmagic v0.11.2/go.mod h1:fqY1IZk5iqhsj5FU3Vw20Sjq66tEKaanTFYNZ74soMY= -github.com/cenkalti/backoff/v4 v4.0.0 h1:6VeaLF9aI+MAUQ95106HwWzYZgJJpZ4stumjj6RFYAU= -github.com/cenkalti/backoff/v4 v4.0.0/go.mod h1:eEew/i+1Q6OrCDZh3WiXYv3+nJwBASZ8Bog/87DQnVg= +github.com/caddyserver/certmagic v0.11.3-0.20200730200704-7d9dfc3fe638 h1:yG2XwuzF6kQni6HscKZRj6Qr6mrpXsRTUzl0m+zH6o0= +github.com/caddyserver/certmagic v0.11.3-0.20200730200704-7d9dfc3fe638/go.mod h1:z0loWzjr6Sr8rOG2pdsiwajDpAcck2wfF8E7hTV0qT4= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= @@ -136,7 +102,6 @@ github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5P github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1 h1:q763qf9huN11kDQavWsoZXJNW3xEE4JJyHa5Q25/sd8= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cloudflare/cloudflare-go v0.10.2/go.mod h1:qhVI5MKwBGhdNU89ZRz2plgYutcJ5PCekLxXn56w6SY= github.com/codegangsta/cli v1.20.0/go.mod h1:/qJNoX69yVSKu5o4jLyXAENLRyk1uhi7zkbQ3slBdOA= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/bbolt v1.3.3/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= @@ -150,7 +115,6 @@ github.com/coreos/go-systemd v0.0.0-20181012123002-c6f51f82210d/go.mod h1:F5haX7 github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/corpix/uarand v0.1.1/go.mod h1:SFKZvkcRoLqVRFZ4u25xPmp6m9ktANfbpXZ7SJ0/FNU= -github.com/cpu/goacmedns v0.0.2/go.mod h1:4MipLkI+qScwqtVxcNO6okBhbgRrr7/tKXUSgSL0teQ= github.com/cpuguy83/go-md2man v1.0.10 h1:BSKMNlYxDvnunlTymqtgONjNnaRV1sTpcovwwjF22jk= github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= @@ -173,25 +137,17 @@ github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZm github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2 h1:tdlZCpZ/P9DhczCTSixgIKmwPv6+wP5DGjqLYw5SUiA= github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= -github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8= github.com/dlclark/regexp2 v1.1.6/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc= github.com/dlclark/regexp2 v1.2.0 h1:8sAhBGEM0dRWogWqWyQeIJnxjWO6oIjl8FKqREDsGfk= github.com/dlclark/regexp2 v1.2.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc= -github.com/dnaeon/go-vcr v0.0.0-20180814043457-aafff18a5cc2/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E= -github.com/dnsimple/dnsimple-go v0.60.0/go.mod h1:O5TJ0/U6r7AfT8niYNlmohpLbCSG+c71tQlGr9SeGrg= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac h1:opbrjaN/L8gg6Xh5D04Tem+8xVcz6ajZlGCs49mQgyg= github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= -github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= -github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= -github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/exoscale/egoscale v0.18.1/go.mod h1:Z7OOdzzTOz1Q1PjQXumlz9Wn/CddH0zSYdCF3rnBKXE= github.com/fatih/color v1.6.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.8.0/go.mod h1:3l45GVGkyrnYNl9HoIjnp2NnNWvh6hLAqD8yTfGjnw8= -github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/francoispqt/gojay v1.2.13 h1:d2m3sFjloqoIUQU3TsHBgj6qg/BVGlTBeHDUmyJnXKk= github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiDsoyrBGkyDY= @@ -199,19 +155,13 @@ github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= -github.com/go-acme/lego/v3 v3.7.0 h1:qC5/8/CbltyAE8fGLE6bGlqucj7pXc/vBxiLwLOsmAQ= -github.com/go-acme/lego/v3 v3.7.0/go.mod h1:4eDjjYkAsDXyNcwN8IhhZAwxz9Ltiks1Zmpv0q20J7A= -github.com/go-chi/chi v4.0.2+incompatible h1:maB6vn6FqCxrpz4FqWdh4+lwpyZIQS7YEAUcHlgXVRs= github.com/go-chi/chi v4.0.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= github.com/go-chi/chi v4.1.2+incompatible h1:fGFk2Gmi/YKXk0OmGfBh0WgmN3XB8lVnEyNz34tQRec= github.com/go-chi/chi v4.1.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= -github.com/go-cmd/cmd v1.0.5/go.mod h1:y8q8qlK5wQibcw63djSl/ntiHUHXHGdCkPk0j4QeW4s= github.com/go-critic/go-critic v0.3.5-0.20190526074819-1df300866540/go.mod h1:+sE8vrLDS2M0pZkBk0wy6+nLdKexVDrl/jBqQOTDThA= github.com/go-critic/go-critic v0.4.0/go.mod h1:7/14rZGnZbY6E38VEGk2kVhoq6itzc1E68facVDK23g= github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= -github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-lintpack/lintpack v0.5.2/go.mod h1:NwZuYi2nUHho8XEIZ6SIxihrnPoqBTDqfpXvXAN0sXM= @@ -219,7 +169,6 @@ github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-ole/go-ole v1.2.1/go.mod h1:7FAglXiTm7HKlQRDeOQ6ZNUHidzCWXuZWq/1dTyBNF8= github.com/go-piv/piv-go v1.5.0/go.mod h1:ON2WvQncm7dIkCQ7kYJs+nc3V4jHGfrrJnSF8HKy7Gk= -github.com/go-sql-driver/mysql v1.4.1 h1:g24URVg0OFbNUTx9qqY1IRZ9D9z3iPyi5zKhQZpNwpA= github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-sql-driver/mysql v1.5.0 h1:ozyZYNQW3x3HtqT1jira07DN2PArx2v7/mN66gGcHOs= github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= @@ -239,33 +188,26 @@ github.com/go-toolsmith/strparse v1.0.0/go.mod h1:YI2nUKP9YGZnL/L1/DLFBfixrcjslW github.com/go-toolsmith/typep v1.0.0/go.mod h1:JSQCQMUPdRlMZFswiq3TGpNp1GMktqkR2Ns5AIQkATU= github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= github.com/gofrs/flock v0.0.0-20190320160742-5135e617513b/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU= -github.com/gofrs/uuid v3.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= -github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= -github.com/gogo/protobuf v1.3.1 h1:DqDEcV5aeaTmdFBePNpYsp3FlcVH/2ISVVM9Qf8PSls= github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= -github.com/goji/httpauth v0.0.0-20160601135302-2da839ab0f4d/go.mod h1:nnjvkQ9ptGaCkuDUx6wNykzzlUixGxvkme+H/lnzb+A= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7 h1:5ZkaAPbicIKTF2I64qf5Fh8Aa83Q/dnOafMYV0OMwjA= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e h1:1r7pUrabqp18hOBcwBwiTsbnFeTZHV9eER/QT5JVZxY= -github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E= github.com/golang/mock v1.0.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= +github.com/golang/mock v1.4.0 h1:Rd1kQnQu0Hq3qvJppYSG0HtP+f5LPPUiDswTLiEegLg= github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.1 h1:ocYkMQY5RrXTYgXl7ICpV0IXwlEQGwKIsery4gyXa1U= -github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.4 h1:87PNWwrRvUSnqS4dlcBU/ftvOIBep4sYuBLlh6rX2wk= github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= @@ -275,7 +217,6 @@ github.com/golang/protobuf v1.4.0 h1:oOuy+ugB+P/kBdUnG5QaMXSIyJ1q38wWSojYCb3z5VQ github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= github.com/golang/protobuf v1.4.1 h1:ZFgWrT+bLgsYPirOnRfKLYJLvssAegOj/hgyMFdJZe0= github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= -github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.1 h1:Qgr9rKW7uDUkrbSmQeiDsGa8SjGyCOGtuasMWwvp2P4= github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golangci/check v0.0.0-20180506172741-cfe4005ccda2/go.mod h1:k9Qvh+8juN+UKMCS/3jFtGICgW8O96FVaZsaxdzDkR4= @@ -311,8 +252,6 @@ github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.0 h1:/QaMHBdZ26BB3SSst0Iwl10Epc+xhTquomWX0oZEB6w= -github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= @@ -322,8 +261,6 @@ github.com/google/monologue v0.0.0-20191220140058-35abc9683a6c/go.mod h1:6NTfaQo github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/trillian v1.2.2-0.20190612132142-05461f4df60a/go.mod h1:YPmUVn5NGwgnDUgqlVyFGMTgaWlnSvH7W5p+NdOG8UA= github.com/google/trillian-examples v0.0.0-20190603134952-4e75ba15216c/go.mod h1:WgL3XZ3pA8/9cm7yxqWrZE6iZkESB2ItGxy5Fo6k2lk= @@ -336,12 +273,9 @@ github.com/googleapis/gax-go/v2 v2.0.3/go.mod h1:LLvjysVCY1JZeum8Z6l8qUty8fiNwE0 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5 h1:sjZBwGj9Jlw33ImPtvFviGYvseOtDM7hkSKB7+Tv3SM= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/gophercloud/gophercloud v0.3.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= -github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= github.com/gorilla/csrf v1.6.0/go.mod h1:7tSf8kmjNYr7IWDCYhd3U8Ck34iQ/Yw5CJu7bAkHEGI= github.com/gorilla/handlers v1.4.1/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ= -github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4= github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= @@ -353,24 +287,19 @@ github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmg github.com/grpc-ecosystem/go-grpc-middleware v1.1.0/go.mod h1:f5nM7jw/oeRSadq3xCzHAvxcr8HZnzsqU6ILg/0NiiE= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.5.0/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw= -github.com/grpc-ecosystem/grpc-gateway v1.8.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.12.1/go.mod h1:8XEsbTttt/W+VvjtQhLACqCisSPWTxCZ7sBRjU6iH9c= -github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542/go.mod h1:Ow0tF8D4Kplbc8s8sSb3V2oUCygFHVp8gC3Dn6U4MNI= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/hcl v0.0.0-20180404174102-ef8a98b0bbce/go.mod h1:oZtUIOe8dh44I2q6ScRibXws4Ajl+d+nod3AaR9vL5w= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= -github.com/huandu/xstrings v1.2.0 h1:yPeWdRnmynF7p+lLYz0H2tthW9lqhMJrQV/U7yy4wX0= github.com/huandu/xstrings v1.2.0/go.mod h1:DvyZB1rfVYsBIigL8HwpZgxHwXozlTgGqn63UyNX5k4= github.com/huandu/xstrings v1.3.1 h1:4jgBlKK6tLKFvO8u5pmYjG91cqytmDCDvGh7ECVFfFs= github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/icrowley/fake v0.0.0-20180203215853-4178557ae428/go.mod h1:uhpZMVGznybq1itEKXj6RYw9I71qK4kH+OGMjRC4KEo= -github.com/iij/doapi v0.0.0-20190504054126-0bbf12d6d7df/go.mod h1:QMZY7/J/KSQEhKWFeDesPjMj+wCHReeknARU3wqlyN4= -github.com/imdario/mergo v0.3.7 h1:Y+UAYTZ7gDEuOfhxKWy+dvb5dRQ6rJjFSdX2HZY1/gI= github.com/imdario/mergo v0.3.7/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.8 h1:CGgOkSJeqMRmt0D9XLWExdT4m4F1vd3FV3VPt+0VxkQ= github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= @@ -381,9 +310,7 @@ github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht github.com/jmespath/go-jmespath v0.3.0 h1:OS12ieG61fsCg5+qLJ+SsW9NicxNkg3b25OyT2yCeUc= github.com/jmespath/go-jmespath v0.3.0/go.mod h1:9QtRXoHjLGCJ5IBSaohpXITPlowMeeYCZ7fLUTSywik= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= -github.com/json-iterator/go v1.1.5/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= -github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= @@ -406,11 +333,8 @@ github.com/klauspost/compress v1.10.10 h1:a/y8CglcM7gLGYmlbP/stPE5sR3hbhFRUjCBfd github.com/klauspost/compress v1.10.10/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/cpuid v0.0.0-20180405133222-e7e905edc00e/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= -github.com/klauspost/cpuid v1.2.3 h1:CCtW0xUnWGVINKvE/WWOYKdsPV6mawAtvQuSl8guwQs= -github.com/klauspost/cpuid v1.2.3/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/klauspost/cpuid v1.2.5 h1:VBd9MyVIiJHzzgnrLQG5Bcv75H4YaWrlKqWHjurxCGo= github.com/klauspost/cpuid v1.2.5/go.mod h1:bYW4mA6ZgKPob1/Dlai2LviZJO7KGI3uoWLd42rAQw4= -github.com/kolo/xmlrpc v0.0.0-20190717152603-07c4ee3fd181/go.mod h1:o03bZfuBwAXHetKXuInt4S7omeXUu62/A845kiycsSQ= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s= github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -424,15 +348,11 @@ github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= -github.com/labbsr0x/bindman-dns-webhook v1.0.2/go.mod h1:p6b+VCXIR8NYKpDr8/dg1HKfQoRHCdcsROXKvmoehKA= -github.com/labbsr0x/goh v1.0.1/go.mod h1:8K2UhVoaWXcCU7Lxoa2omWnC8gyW8px7/lmO61c027w= github.com/letsencrypt/pkcs11key v2.0.1-0.20170608213348-396559074696+incompatible/go.mod h1:iGYXKqDXt0cpBthCHdr9ZdsQwyGlYFh/+8xa4WzIQ34= github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/libdns/libdns v0.0.0-20200501023120-186724ffc821 h1:663opx/RKxiISi1ozf0WbvweQpYBgf34dx8hKSIau3w= github.com/libdns/libdns v0.0.0-20200501023120-186724ffc821/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40= -github.com/linode/linodego v0.10.0/go.mod h1:cziNP7pbvE3mXIPneHj0oRY8L1WtGEIKlZ8LANE4eXA= -github.com/liquidweb/liquidweb-go v1.6.0/go.mod h1:UDcVnAMDkZxpw4Y7NOHkqoeiGacVLEIG/i5J9cyixzQ= github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= github.com/lucas-clemente/quic-go v0.17.3 h1:jMX/MmDNCljfisgMmPGUcBJ+zUh9w3d3ia4YJjYS3TM= github.com/lucas-clemente/quic-go v0.17.3/go.mod h1:I0+fcNTdb9eS1ZcjQZbDVPGchJ86chcIxPALn9lEJqE= @@ -450,27 +370,25 @@ github.com/marten-seemann/qtls v0.9.1 h1:O0YKQxNVPaiFgMng0suWEOY2Sb4LT2sRn9Qimq3 github.com/marten-seemann/qtls v0.9.1/go.mod h1:T1MmAdDPyISzxlK6kjRr0pcZFBVd1OZbBb/j3cvzHhk= github.com/matoous/godox v0.0.0-20190911065817-5d6d842e92eb/go.mod h1:1BELzlh859Sh1c6+90blK8lbYy0kwQf1bYlBhBysy1s= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= -github.com/mattn/go-colorable v0.1.4 h1:snbPLB8fVfU9iwbbo30TPtbLRzwWu6aJS6Xh4eaaviA= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.6 h1:6Su7aK7lXmJ/U79bYtBjLNaha4Fs1Rg9plHpcH+vvnE= github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= -github.com/mattn/go-isatty v0.0.11 h1:FxPOTFNqGkuDUGi3H/qkUbQO4ZiBa2brKq5r0l8TGeM= github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= -github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-sqlite3 v1.10.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc= -github.com/mattn/go-tty v0.0.0-20180219170247-931426f7535a/go.mod h1:XPvLUNfbS4fJH25nqRHfWLMa1ONC8Amw+mIA639KxkE= github.com/mattn/goveralls v0.0.2/go.mod h1:8d1ZMHsd7fW6IRPKQh46F2WRpyib5/X4FOpevwGNQEw= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= +github.com/mholt/acmez v0.1.0 h1:LL7WQVCjZvwbo3pjAUdsqEao5kI8nyHubAGtCzrTS5g= +github.com/mholt/acmez v0.1.0/go.mod h1:rNLSzYu5VR6ggyarXDKDCNefo06cOkJn+VObTDJCk0U= github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4= -github.com/miekg/dns v1.1.27 h1:aEH/kqUzUxGJ/UHcEKdJY+ugH6WEzsEBBSPa8zuy1aM= -github.com/miekg/dns v1.1.27/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM= +github.com/miekg/dns v1.1.30 h1:Qww6FseFn8PRfw07jueqIXqodm0JKiiKuK0DeXSqfyo= +github.com/miekg/dns v1.1.30/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM= github.com/miekg/pkcs11 v1.0.2/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/mitchellh/copystructure v1.0.0 h1:Laisrj+bAB6b/yJwB5Bt3ITZhGJdqmxquMKeZ+mmkFQ= github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= @@ -478,7 +396,6 @@ github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrk github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-ps v0.0.0-20170309133038-4fdf99ab2936/go.mod h1:r1VsdOzOPt1ZSrGZWFoNhsAedKnEd6r9Np1+5blZCWk= github.com/mitchellh/go-ps v0.0.0-20190716172923-621e5597135b/go.mod h1:r1VsdOzOPt1ZSrGZWFoNhsAedKnEd6r9Np1+5blZCWk= -github.com/mitchellh/go-vnc v0.0.0-20150629162542-723ed9867aed/go.mod h1:3rdaFaCv4AyBgu5ALFM0+tSuHrBh6v692nyQe3ikrq0= github.com/mitchellh/mapstructure v0.0.0-20180220230111-00c29f56e238/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/reflectwalk v1.0.0 h1:9D+8oIskB4VJBN5SFlmc27fSlIBZaov1Wpk/IfikLNY= @@ -492,12 +409,10 @@ github.com/mozilla/tls-observatory v0.0.0-20180409132520-8791a200eb40/go.mod h1: github.com/mozilla/tls-observatory v0.0.0-20190404164649-a3c1b6cfecfd/go.mod h1:SrKMQvPiws7F7iqYp8/TX+IhxCYhzr6N/1yb8cwHsGk= github.com/mreiferson/go-httpclient v0.0.0-20160630210159-31f0106b4474/go.mod h1:OQA4XLvDbMgS8P0CevmM4m9Q3Jq4phKUzcocxuGJ5m8= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= -github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04/go.mod h1:5sN+Lt1CaY4wsPvgQH/jsuJi4XO2ssZbdsIizr4CVC8= github.com/naoina/go-stringutil v0.1.0 h1:rCUeRUHjBjGTSHl0VC00jUPLz8/F9dDzYI70Hzifhks= github.com/naoina/go-stringutil v0.1.0/go.mod h1:XJ2SJL9jCtBh+P9q5btrd/Ylo8XwT/h1USek5+NqSA0= github.com/naoina/toml v0.1.1 h1:PT/lllxVVN0gzzSqSlHEmP8MJB4MY2U7STGxiouV4X8= github.com/naoina/toml v0.1.1/go.mod h1:NBIhNtsFMo3G2szEBne+bO4gS192HuIYRqfvOWb4i1E= -github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32/go.mod h1:9wM+0iRr9ahx58uYLpLIr5fm8diHn0JbqRycJi6w0Ms= github.com/nbutton23/zxcvbn-go v0.0.0-20160627004424-a22cb81b2ecd/go.mod h1:o96djdrsSGy3AWPyBgZMAGfxZNfgntdJG+11KU4QvbU= github.com/nbutton23/zxcvbn-go v0.0.0-20171102151520-eafdab6b0663/go.mod h1:o96djdrsSGy3AWPyBgZMAGfxZNfgntdJG+11KU4QvbU= github.com/nbutton23/zxcvbn-go v0.0.0-20180912185939-ae427f1e4c1d/go.mod h1:o96djdrsSGy3AWPyBgZMAGfxZNfgntdJG+11KU4QvbU= @@ -506,10 +421,6 @@ github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a github.com/newrelic/go-agent v2.15.0+incompatible/go.mod h1:a8Fv1b/fYhFSReoTU6HDkTYIMZeSVNffmoS726Y0LzQ= github.com/ngdinhtoan/glide-cleanup v0.2.0/go.mod h1:UQzsmiDOb8YV3nOsCxK/c9zPpCZVNoHScRE3EO9pVMM= github.com/nkovacs/streamquote v0.0.0-20170412213628-49af9bddb229/go.mod h1:0aYXnNPJ8l7uZxf45rWW1a/uME32OF0rhiYGNQ2oF2E= -github.com/nrdcg/auroradns v1.0.1/go.mod h1:y4pc0i9QXYlFCWrhWrUSIETnZgrf4KuwjDIWmmXo3JI= -github.com/nrdcg/dnspod-go v0.4.0/go.mod h1:vZSoFSFeQVm2gWLMkyX61LZ8HI3BaqtHZWgPTGKr6KQ= -github.com/nrdcg/goinwx v0.6.1/go.mod h1:XPiut7enlbEdntAqalBIqcYcTEVhpv/dKWgDCX2SwKQ= -github.com/nrdcg/namesilo v0.2.1/go.mod h1:lwMvfQTyYq+BbjJd30ylEG4GPSS6PII0Tia4rRpRiyw= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/olekukonko/tablewriter v0.0.1/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= github.com/olekukonko/tablewriter v0.0.4/go.mod h1:zq6QwlOf5SlnkVbMSr5EoBv3636FWnp+qbPhuoO21uA= @@ -528,16 +439,11 @@ github.com/onsi/gomega v1.8.1/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoT github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8= -github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw= -github.com/oracle/oci-go-sdk v7.0.0+incompatible/go.mod h1:VQb79nF8Z2cwLkLS35ukwStZIg5F66tcBccjip/j888= -github.com/ovh/go-ovh v0.0.0-20181109152953-ba5adb4cf014/go.mod h1:joRatxRJaZBsY3JAOEMcoOp05CnZzsx4scTxi95DHyQ= github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= github.com/pelletier/go-toml v1.1.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/pelletier/go-toml v1.6.0/go.mod h1:5N711Q9dKgbdkxHL+MEfF31hpT7l0S0s/t2kKREewys= -github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= @@ -546,40 +452,30 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN github.com/pquerna/otp v1.0.0/go.mod h1:Zad1CMQfSQZI5KLpahDiSUX4tMMREnXw98IvL1nhgMk= github.com/prometheus/client_golang v0.8.0/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= -github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs= github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= github.com/prometheus/client_golang v0.9.4/go.mod h1:oCXIBxdI62A4cR6aTRJCgetEjecSIYzOEaeAn4iYEpM= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= -github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g= github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= -github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= -github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= -github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc= github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA= github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= -github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ= github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/quasilyte/go-consistent v0.0.0-20190521200055-c6f3937de18c/go.mod h1:5STLWrekHfjyYwxBRVRXNOSewLJ3PWfDJd1VyTS21fI= -github.com/rainycape/memcache v0.0.0-20150622160815-1031fa0ce2f2/go.mod h1:7tZKcyumwBO6qip7RNQ5r77yrssm9bfCowcLEBcU5IA= -github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/rogpeppe/go-internal v1.3.2 h1:XU784Pr0wdahMY2bYcyK6N1KuaRAdLtqD4qd8D18Bfs= github.com/rogpeppe/go-internal v1.3.2/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rs/cors v1.6.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= github.com/rs/xid v1.2.1 h1:mhH9Nq+C1fY2l1XIpgxIiUOfNpRBYH1kKcr+qfKgjRc= @@ -589,7 +485,6 @@ github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ryanuber/go-glob v0.0.0-20170128012129-256dc444b735/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= -github.com/sacloud/libsacloud v1.26.1/go.mod h1:79ZwATmHLIFZIMd7sxA3LwzVy/B77uj3LDoToVTxDoQ= github.com/samfoo/ansi v0.0.0-20160124022901-b6bd2ded7189 h1:CmSpbxmewNQbzqztaY0bke1qzHhyNyC29wYgh17Gxfo= github.com/samfoo/ansi v0.0.0-20160124022901-b6bd2ded7189/go.mod h1:UUwuHEJ9zkkPDxspIHOa59PUeSkGFljESGzbxntLmIg= github.com/securego/gosec v0.0.0-20191002120514-e680875ea14d/go.mod h1:w5+eXa0mYznDkHaMCXA4XYffjlH+cy1oyKbfzJXa2Do= @@ -629,7 +524,6 @@ github.com/sirupsen/logrus v1.3.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPx github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= -github.com/skratchdot/open-golang v0.0.0-20160302144031-75fb7ed4208c/go.mod h1:sUM3LWHvSMaG192sy56D9F7CNvL7jUJVXoqM1QKLnog= github.com/smallstep/assert v0.0.0-20180720014142-de77670473b5/go.mod h1:TC9A4+RjIOS+HyTH7wG17/gSqVv95uDw2J64dQZx7RE= github.com/smallstep/assert v0.0.0-20200103212524-b99dc1097b15 h1:kSImCuenAkXtCaBeQ1UhmzzJGRhSm8sVH7I3sHE2Qdg= github.com/smallstep/assert v0.0.0-20200103212524-b99dc1097b15/go.mod h1:MyOHs9Po2fbM1LHej6sBUT8ozbxmMOFG+E+rx/GSGuc= @@ -648,7 +542,6 @@ github.com/smallstep/truststore v0.9.6/go.mod h1:HwHKRcBi0RUxxw1LYDpTRhYC4jZUuxP github.com/smallstep/zcrypto v0.0.0-20200203191936-fbc32cf76bce/go.mod h1:+F24VU3UCxfVFvvqgm5jNUFQOm/L6ed13ImwWGFgg/g= github.com/smallstep/zlint v0.0.0-20180727184541-d84eaafe274f/go.mod h1:GeHHT7sJDI9ti3oEaFnvx1F4N8n3ZSw2YM1+sbEoxc4= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= -github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d/go.mod h1:UdhH50NIW0fCiwBSr0co2m7BnFLdv4fQTgdqdJTHFeE= @@ -687,19 +580,15 @@ github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69 github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cbyO7IOYJZWg1U88JhDg3PB6klq9Hg2pA= github.com/timakin/bodyclose v0.0.0-20190721030226-87058b9bfcec/go.mod h1:Qimiffbc6q9tBWlVV6x0P9sat/ao1xEkREYPPj9hphk= github.com/timakin/bodyclose v0.0.0-20190930140734-f7f2e9bca95e/go.mod h1:Qimiffbc6q9tBWlVV6x0P9sat/ao1xEkREYPPj9hphk= -github.com/timewasted/linode v0.0.0-20160829202747-37e84520dcf7/go.mod h1:imsgLplxEC/etjIhdr3dNzV3JeT27LbVu5pYWm0JCBY= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce/go.mod h1:o8v6yHRoik09Xen7gje4m9ERNah1d1PPsVq1VEx9vE4= github.com/tommy-muehle/go-mnd v1.1.1/go.mod h1:dSUh0FtTP8VhvkL1S+gUR1OKd9ZnSaozuI6r3m6wOig= -github.com/transip/gotransip/v6 v6.0.2/go.mod h1:pQZ36hWWRahCUXkFWlx9Hs711gLd8J4qdgLdRzmtY+g= -github.com/uber-go/atomic v1.3.2/go.mod h1:/Ct5t2lcmbJ4OSe/waGBoaVvVqtO0bmtfVNex1PFV8g= github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= github.com/ultraware/funlen v0.0.1/go.mod h1:Dp4UiAus7Wdb9KUZsYWZEWiRzGuM2kXM1lPbfaF6xhA= github.com/ultraware/funlen v0.0.2/go.mod h1:Dp4UiAus7Wdb9KUZsYWZEWiRzGuM2kXM1lPbfaF6xhA= github.com/ultraware/whitespace v0.0.4/go.mod h1:aVMh/gQve5Maj9hQ/hg+F75lr/X5A89uZnzAmWSineA= github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= -github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli v1.22.2 h1:gsqYFH8bb9ekPA12kRo0hfjngWQjkJPlN9R0N78BoUo= github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/uudashr/gocognit v1.0.1/go.mod h1:j44Ayx2KW4+oB6SWMv8KsmHzZrOInQav7D3cQMJ5JUM= @@ -711,11 +600,7 @@ github.com/valyala/quicktemplate v1.2.0/go.mod h1:EH+4AkTd43SvgIbQHYu59/cJyxDoOV github.com/valyala/tcplisten v0.0.0-20161114210144-ceec8f93295a/go.mod h1:v3UYOV9WzVtRmSR+PDvWpU/qWl4Wa5LApYYX4ZtKbio= github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU= github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM= -github.com/vultr/govultr v0.1.4/go.mod h1:9H008Uxr/C4vFNGLqKx232C206GL0PBHzOP0809bGNA= github.com/weppos/publicsuffix-go v0.4.0/go.mod h1:z3LCPQ38eedDQSwmsSRW4Y7t2L8Ln16JPQ02lHAdn5k= -github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= -github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= -github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= github.com/yuin/goldmark v1.1.22/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -734,13 +619,10 @@ go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/etcd v3.3.13+incompatible/go.mod h1:yaeTdrJi5lOmYerz05bd8+V7KubZs8YSFZfzsF9A6aI= go.etcd.io/etcd v3.3.18+incompatible/go.mod h1:yaeTdrJi5lOmYerz05bd8+V7KubZs8YSFZfzsF9A6aI= go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= -go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= -go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= +go.opencensus.io v0.22.2 h1:75k/FF0Q2YM8QYo07VPddOLBslDt1MZOdEslOHvmzAs= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.3 h1:8sGtKOrtQqkN1bp2AtX+misvLIlOmsEsNd+9NIcPEm8= -go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= @@ -752,7 +634,6 @@ go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+ go.uber.org/multierr v1.4.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= go.uber.org/multierr v1.5.0 h1:KCa4XfM8CWFCpxXRGok+Q0SS/0XBhMDbHHGABQLvD2A= go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU= -go.uber.org/ratelimit v0.0.0-20180316092928-c15da0234277/go.mod h1:2X8KaoNd1J0lZV+PxJk/5+DGbO/tpwLR1m++a7FnB/Y= go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee h1:0mgffUl7nfd+FpvXMVz4IDEaUSmT1ysygQC7qYo7sG4= go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= @@ -762,14 +643,11 @@ go.uber.org/zap v1.15.0 h1:ZZCA22JRF2gQE5FoNmhmrf7jeJJ2uhqDUNRYKm8dvmM= go.uber.org/zap v1.15.0/go.mod h1:Mb2vm2krFEG5DV0W9qcHBYFtp/Wku1cvYaqPsS/WYfc= go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE= golang.org/x/build v0.0.0-20190111050920-041ab4dc3f9d/go.mod h1:OWs+y06UdEOHN4y+MfF/py+xQ/tYqIWW03b70/CG9Rw= -golang.org/x/crypto v0.0.0-20180621125126-a49355c7e3f8/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190418165655-df01cb2cc480/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= @@ -777,22 +655,17 @@ golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191227163750-53104e6ec876/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200221231518-2aa609cf4a9d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de h1:ikNHVSjEfnvz6sxdSPCaPt572qowuyMDMJLLm3Db3ig= +golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= -golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= -golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= -golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -803,20 +676,14 @@ golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHl golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f h1:J5lckAjkw6qYlOZNj90mLYNTEKDvWeuc1yieZ8qUzUE= golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= -golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20200302205851-738671d3881b h1:Wh+f8QHJXR411sJR8/vRBTZ7YapZaRvUcLFFJhusH0k= -golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= -golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= -golang.org/x/mod v0.2.0 h1:KU7oHjnv3XNWfa5COkzUifxZmxp1TyI7ImMXqFxLwvQ= -golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20170915142106-8351a756f30f/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180611182652-db08ff08e862/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -826,7 +693,6 @@ golang.org/x/net v0.0.0-20181106065722-10aee1819953/go.mod h1:mL1N/T3taQHkDXs73r golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190228165749-92fc7df08ae7/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190301231341-16b79f2e4e95/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -839,15 +705,10 @@ golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190930134127-c5a3c61f89f3/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191002035440-2ec189313ef0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200625001655-4c5254603344 h1:vGXIOMxbNfDTk/aXCmfdLgkrSV+Z2tcbze+pEc3v5W4= golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= @@ -857,9 +718,8 @@ golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAG golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6 h1:pE8b58s1HRDMi8RDc79m0HISf9D4TzseP40cEA6IGfs= golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d h1:TzXSXBo42m9gQenoE3b9BGiEpg5IG2JkU5FkPIawgtw= -golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/perf v0.0.0-20180704124530-6e6d33e29852/go.mod h1:JLpeXjPJfIyPr5TlbXLkXWLhP8nz10XfvxElABhCtcw= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -870,22 +730,18 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e h1:vcxGaoTs7kV8m5Np9uUNQin4 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20171026204733-164713f0dfce/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180202135801-37707fdb30a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180622082034-63fc586f45fe/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181029174526-d69651ed3497/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181128092732-4ed8d59d0b35/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190209173611-3b5209105503/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190316082340-a2f829d7f35f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -893,24 +749,16 @@ golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190626221950-04f50cda93cb/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191220142924-d4481acd189f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd h1:xhmwyvizuTgC2qz7ZlMluP20uW+C3Rm0FD/WLDX8884= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200413165638-669c56c373c4 h1:opSr2sbRXk5X5/givKrrKj9HXxFpW2sdCiP8MJSKLQY= golang.org/x/sys v0.0.0-20200413165638-669c56c373c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -923,7 +771,6 @@ golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20190921001708-c4c64cad1fd0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20170915040203-e531a2a1c15f/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -961,26 +808,13 @@ golang.org/x/tools v0.0.0-20190930201159-7c411dea38b0/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191113232020-e2727e816f5a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200106190116-7be0a674c9fc h1:MR2F33ipDGog0C4eMhU6u9o3q6c3dvYis2aG6Jl12Wg= golang.org/x/tools v0.0.0-20200106190116-7be0a674c9fc/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb h1:iKlO7ROJc6SttHKlxzwGytRtBUqX4VARrNTgP2YLX5M= -golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= @@ -988,20 +822,14 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T google.golang.org/api v0.0.0-20180910000450-7ca32eb868bf/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= google.golang.org/api v0.0.0-20181030000543-1d582fd0359e/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= google.golang.org/api v0.1.0/go.mod h1:UGEZY7KEX120AnNLIHFMKIo4obdJhkp2tPbaPlQx13Y= -google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.5.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.6.0/go.mod h1:btoxGiFvQNVUZQ8W08zLtrVS08CNpINPEfxXxgJL1Q4= google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= +google.golang.org/api v0.15.0 h1:yzlyyDW/J0w8yNFJIhiAJy4kq74S+1DOLdawELNxFMA= google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.20.0 h1:jz2KixHX7EcCPiQrySzPdnYT7DbINAypCqKZ1Z7GM40= -google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1024,15 +852,8 @@ google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= google.golang.org/genproto v0.0.0-20190927181202-20e1ac93f88c/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= -google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= -google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200305110556-506484158171 h1:xes2Q2k+d/+YNXVw0FpZkIDJiaux4OVrRKXRAzH6A0U= google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013 h1:+kGHl1aib/qcwaRi1CbqBZ1rk19r85MNUf8HaBghugY= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= @@ -1040,7 +861,6 @@ google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmE google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.19.1/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1058,9 +878,8 @@ google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzi google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.0 h1:4MY060fB1DLGMB/7MBTLnwQUY6+F09GEiz6SsrNqyzM= google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc h1:TnonUr8u3himcMY0vSh23jFOXA+cnucl1gB6EQTReBI= google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.25.0 h1:Ejskq+SyPohKW+1uil0JJMtmHCgJPJ/qWTxr8qp+R4c= -google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -1068,22 +887,16 @@ gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/cheggaaa/pb.v1 v1.0.28/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= -gopkg.in/errgo.v2 v2.1.0 h1:0vLT13EuvQ0hNvakwLuFZ/jYrLp5F3kcWHXdRggjCE8= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo= -gopkg.in/h2non/gock.v1 v1.0.15/go.mod h1:sX4zAkdYX1TRGJ2JY156cFspQn4yRWn6p9EMdODlynE= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= -gopkg.in/ini.v1 v1.42.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.51.1/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/natefinch/lumberjack.v2 v2.0.0 h1:1Lc07Kr7qY4U2YPouBjpCLxpiyxIVoxqXgkXLknAOE8= gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= -gopkg.in/ns1/ns1-go.v2 v2.0.0-20190730140822-b51389932cbc/go.mod h1:VV+3haRsgDiVLxyifmMBrBIuCWFBPYKbRssXB9z67Hw= -gopkg.in/resty.v1 v1.9.1/go.mod h1:vo52Hzryw9PnPHcJfPsBiFW62XhNx5OczbV9y+IMpgc= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= -gopkg.in/square/go-jose.v2 v2.3.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/square/go-jose.v2 v2.4.0 h1:0kXPskUMGAXXWJlP05ktEMOV0vmzFQUWw6d+aZJQU8A= gopkg.in/square/go-jose.v2 v2.4.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= @@ -1095,8 +908,6 @@ gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= -gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= grpc.go4.org v0.0.0-20170609214715-11d0a25b4919/go.mod h1:77eQGdRu53HpSqPFJFmuJdjuHRquDANNeA4x7B8WQ9o= @@ -1105,9 +916,8 @@ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.1-2019.2.3 h1:3JgtbtFHMiCmsznwGVTUWbgGov+pVqnlf1dEJTNAXeM= honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= -honnef.co/go/tools v0.0.1-2020.1.3 h1:sXmLre5bzIR6ypkjXCDI3jHPssRhc8KD/Ome589sc3U= -honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= howett.net/plist v0.0.0-20181124034731-591f970eefbb/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0= howett.net/plist v0.0.0-20200419221736-3b63eb3a43b5 h1:AQkaJpH+/FmqRjmXZPELom5zIERYZfwTjnHpfoVMQEc= howett.net/plist v0.0.0-20200419221736-3b63eb3a43b5/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0= diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go index 195ddeb3..8fe308d6 100644 --- a/modules/caddytls/acmeissuer.go +++ b/modules/caddytls/acmeissuer.go @@ -24,7 +24,9 @@ import ( "github.com/caddyserver/caddy/v2" "github.com/caddyserver/certmagic" - "github.com/go-acme/lego/v3/challenge" + "github.com/mholt/acmez" + "github.com/mholt/acmez/acme" + "go.uber.org/zap" ) func init() { @@ -56,7 +58,7 @@ type ACMEIssuer struct { // If using an ACME CA that requires an external account // binding, specify the CA-provided credentials here. - ExternalAccount *ExternalAccountBinding `json:"external_account,omitempty"` + ExternalAccount *acme.EAB `json:"external_account,omitempty"` // Time to wait before timing out an ACME operation. ACMETimeout caddy.Duration `json:"acme_timeout,omitempty"` @@ -72,6 +74,7 @@ type ACMEIssuer struct { rootPool *x509.CertPool template certmagic.ACMEManager magic *certmagic.Config + logger *zap.Logger } // CaddyModule returns the Caddy module information. @@ -84,25 +87,29 @@ func (ACMEIssuer) CaddyModule() caddy.ModuleInfo { // Provision sets up m. func (m *ACMEIssuer) Provision(ctx caddy.Context) error { + m.logger = ctx.Logger(m) + // DNS providers if m.Challenges != nil && m.Challenges.DNS != nil && m.Challenges.DNS.ProviderRaw != nil { val, err := ctx.LoadModule(m.Challenges.DNS, "ProviderRaw") if err != nil { return fmt.Errorf("loading DNS provider module: %v", err) } - // TODO: For a temporary amount of time, we are allowing the use of - // DNS providers from go-acme/lego since there are so many implemented - // for it -- they are adapted as Caddy modules in this repository: - // https://github.com/caddy-dns/lego-deprecated - that module is - // a challenge.Provider value, so we use it directly. The user must set - // environment variables to configure it. Remove this shim once a sufficient - // number of DNS providers are implemented for the libdns APIs instead. - if grandfatheredProvider, ok := val.(challenge.Provider); ok { - m.Challenges.DNS.provider = grandfatheredProvider + + if deprecatedProvider, ok := val.(acmez.Solver); ok { + // TODO: For a temporary amount of time, we are allowing the use of DNS + // providers from go-acme/lego since there are so many providers implemented + // using that API -- they are adapted as an all-in-one Caddy module in this + // repository: https://github.com/caddy-dns/lego-deprecated - the module is a + // acmez.Solver type, so we use it directly. The user must set environment + // variables to configure it. Remove this shim once a sufficient number of + // DNS providers are implemented for the libdns APIs instead. + m.Challenges.DNS.solver = deprecatedProvider } else { - m.Challenges.DNS.provider = &solver{ - recordManager: val.(recordManager), - TTL: time.Duration(m.Challenges.DNS.TTL), + m.Challenges.DNS.solver = &certmagic.DNS01Solver{ + DNSProvider: val.(certmagic.ACMEDNSProvider), + TTL: time.Duration(m.Challenges.DNS.TTL), + PropagationTimeout: time.Duration(m.Challenges.DNS.PropagationTimeout), } } } @@ -137,16 +144,8 @@ func (m *ACMEIssuer) makeIssuerTemplate() (certmagic.ACMEManager, error) { Email: m.Email, CertObtainTimeout: time.Duration(m.ACMETimeout), TrustedRoots: m.rootPool, - } - - if m.ExternalAccount != nil { - if m.ExternalAccount.KeyID == "" || m.ExternalAccount.HMAC == "" { - return template, fmt.Errorf("when an external account binding is specified, both key ID and HMAC are required") - } - template.ExternalAccount = &certmagic.ExternalAccountBinding{ - KeyID: m.ExternalAccount.KeyID, - HMAC: m.ExternalAccount.HMAC, - } + ExternalAccount: m.ExternalAccount, + Logger: m.logger, } if m.Challenges != nil { @@ -159,7 +158,7 @@ func (m *ACMEIssuer) makeIssuerTemplate() (certmagic.ACMEManager, error) { template.AltTLSALPNPort = m.Challenges.TLSALPN.AlternatePort } if m.Challenges.DNS != nil { - template.DNSProvider = m.Challenges.DNS.provider + template.DNS01Solver = m.Challenges.DNS.solver } template.ListenHost = m.Challenges.BindHost } @@ -180,8 +179,8 @@ func (m *ACMEIssuer) SetConfig(cfg *certmagic.Config) { // we find the right place to do that just once and then re-use? // PreCheck implements the certmagic.PreChecker interface. -func (m *ACMEIssuer) PreCheck(names []string, interactive bool) error { - return certmagic.NewACMEManager(m.magic, m.template).PreCheck(names, interactive) +func (m *ACMEIssuer) PreCheck(ctx context.Context, names []string, interactive bool) error { + return certmagic.NewACMEManager(m.magic, m.template).PreCheck(ctx, names, interactive) } // Issue obtains a certificate for the given csr. @@ -195,8 +194,8 @@ func (m *ACMEIssuer) IssuerKey() string { } // Revoke revokes the given certificate. -func (m *ACMEIssuer) Revoke(ctx context.Context, cert certmagic.CertificateResource) error { - return certmagic.NewACMEManager(m.magic, m.template).Revoke(ctx, cert) +func (m *ACMEIssuer) Revoke(ctx context.Context, cert certmagic.CertificateResource, reason int) error { + return certmagic.NewACMEManager(m.magic, m.template).Revoke(ctx, cert, reason) } // onDemandAskRequest makes a request to the ask URL @@ -227,16 +226,6 @@ func onDemandAskRequest(ask string, name string) error { return nil } -// ExternalAccountBinding contains information for -// binding an external account to an ACME account. -type ExternalAccountBinding struct { - // The key identifier. - KeyID string `json:"key_id,omitempty"` - - // The HMAC. - HMAC string `json:"hmac,omitempty"` -} - // Interface guards var ( _ certmagic.PreChecker = (*ACMEIssuer)(nil) diff --git a/modules/caddytls/automation.go b/modules/caddytls/automation.go index 37d5010c..502a6314 100644 --- a/modules/caddytls/automation.go +++ b/modules/caddytls/automation.go @@ -22,12 +22,11 @@ import ( "github.com/caddyserver/caddy/v2" "github.com/caddyserver/certmagic" - "github.com/go-acme/lego/v3/challenge" + "github.com/mholt/acmez" "go.uber.org/zap" ) -// AutomationConfig designates configuration for the -// construction and use of ACME clients. +// AutomationConfig governs the automated management of TLS certificates. type AutomationConfig struct { // The list of automation policies. The first matching // policy will be applied for a given certificate/name. @@ -208,6 +207,7 @@ func (ap *AutomationPolicy) Provision(tlsApp *TLS) error { OnDemand: ond, Storage: storage, Issuer: ap.Issuer, // if nil, certmagic.New() will create one + Logger: tlsApp.logger, } if rev, ok := ap.Issuer.(certmagic.Revoker); ok { template.Revoker = rev @@ -244,6 +244,7 @@ type ChallengesConfig struct { // not enabled by default. This is the only challenge // type which does not require a direct connection // to Caddy from an external server. + // // NOTE: DNS providers are currently being upgraded, // and this API is subject to change, but should be // stabilized soon. @@ -281,6 +282,7 @@ type TLSALPNChallengeConfig struct { } // DNSChallengeConfig configures the ACME DNS challenge. +// // NOTE: This API is still experimental and is subject to change. type DNSChallengeConfig struct { // The DNS provider module to use which will manage @@ -290,7 +292,10 @@ type DNSChallengeConfig struct { // The TTL of the TXT record used for the DNS challenge. TTL caddy.Duration `json:"ttl,omitempty"` - provider challenge.Provider + // How long to wait for DNS record to propagate. + PropagationTimeout caddy.Duration `json:"propagation_timeout,omitempty"` + + solver acmez.Solver } // OnDemandConfig configures on-demand TLS, for obtaining diff --git a/modules/caddytls/connpolicy.go b/modules/caddytls/connpolicy.go index fec1fe26..7eda0022 100644 --- a/modules/caddytls/connpolicy.go +++ b/modules/caddytls/connpolicy.go @@ -22,12 +22,12 @@ import ( "strings" "github.com/caddyserver/caddy/v2" - "github.com/go-acme/lego/v3/challenge/tlsalpn01" + "github.com/mholt/acmez" ) -// ConnectionPolicies is an ordered group of connection policies; -// the first matching policy will be used to configure TLS -// connections at handshake-time. +// ConnectionPolicies govern the establishment of TLS connections. It is +// an ordered group of connection policies; the first matching policy will +// be used to configure TLS connections at handshake-time. type ConnectionPolicies []*ConnectionPolicy // Provision sets up each connection policy. It should be called @@ -229,13 +229,13 @@ func (p *ConnectionPolicy) buildStandardTLSConfig(ctx caddy.Context) error { // ensure ALPN includes the ACME TLS-ALPN protocol var alpnFound bool for _, a := range p.ALPN { - if a == tlsalpn01.ACMETLS1Protocol { + if a == acmez.ACMETLS1Protocol { alpnFound = true break } } if !alpnFound { - cfg.NextProtos = append(cfg.NextProtos, tlsalpn01.ACMETLS1Protocol) + cfg.NextProtos = append(cfg.NextProtos, acmez.ACMETLS1Protocol) } // min and max protocol versions diff --git a/modules/caddytls/dnssolver.go b/modules/caddytls/dnssolver.go deleted file mode 100644 index c8a9c3ac..00000000 --- a/modules/caddytls/dnssolver.go +++ /dev/null @@ -1,113 +0,0 @@ -// Copyright 2015 Matthew Holt and The Caddy Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package caddytls - -import ( - "context" - "fmt" - "sync" - "time" - - "github.com/go-acme/lego/v3/challenge" - "github.com/go-acme/lego/v3/challenge/dns01" - "github.com/libdns/libdns" -) - -// TODO: this is borrowed from https://github.com/mholt/acme - once we -// switch to that acme library, this file will go away - -// solver is a type that makes libdns providers usable as ACME challenge solvers. -type solver struct { - recordManager - - TTL time.Duration - - txtRecords map[string]libdns.Record // keyed by challenge token - txtRecordsMu sync.Mutex -} - -func (s *solver) Present(domain, token, keyAuth string) error { - fqdn, value := dns01.GetRecord(domain, keyAuth) - - rec := libdns.Record{ - Type: "TXT", - Name: fqdn, - Value: value, - TTL: s.TTL, - } - - zone, err := dns01.FindZoneByFqdn(fqdn) - if err != nil { - return fmt.Errorf("could not determine zone for domain %q: %v", fqdn, err) - } - - results, err := s.recordManager.AppendRecords(context.TODO(), zone, []libdns.Record{rec}) - if err != nil { - return err - } - if len(results) != 1 { - return fmt.Errorf("expected one record, got %d: %v", len(results), results) - } - - // keep this record handy so we can clean it up more efficiently - s.txtRecordsMu.Lock() - if s.txtRecords == nil { - s.txtRecords = make(map[string]libdns.Record) - } - s.txtRecords[keyAuth] = results[0] - s.txtRecordsMu.Unlock() - - // TODO: check for record propagation before continuing (accordig to config) - - return nil -} - -func (s *solver) CleanUp(domain, token, keyAuth string) error { - fqdn, _ := dns01.GetRecord(domain, keyAuth) - authZone, err := dns01.FindZoneByFqdn(fqdn) - if err != nil { - return err - } - - // retrieve the record we created - s.txtRecordsMu.Lock() - txtRec, ok := s.txtRecords[keyAuth] - if !ok { - s.txtRecordsMu.Unlock() - return fmt.Errorf("no memory of presenting a DNS record for %v", domain) - } - s.txtRecordsMu.Unlock() - - // clean up the record - _, err = s.recordManager.DeleteRecords(context.TODO(), authZone, []libdns.Record{txtRec}) - if err != nil { - return err - } - - // once it has been successfully cleaned up, we can forget about it - s.txtRecordsMu.Lock() - delete(s.txtRecords, keyAuth) - s.txtRecordsMu.Unlock() - - return nil -} - -// recordManager defines the set of operations required for ACME challenges. -type recordManager interface { - libdns.RecordAppender - libdns.RecordDeleter -} - -var _ challenge.Provider = (*solver)(nil) diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go index b2d05be5..81780266 100644 --- a/modules/caddytls/tls.go +++ b/modules/caddytls/tls.go @@ -87,6 +87,7 @@ func (t *TLS) Provision(ctx caddy.Context) error { GetConfigForCert: func(cert certmagic.Certificate) (*certmagic.Config, error) { return t.getConfigForName(cert.Names[0]), nil }, + Logger: t.logger.Named("cache"), } if t.Automation != nil { cacheOpts.OCSPCheckInterval = time.Duration(t.Automation.OCSPCheckInterval) @@ -95,6 +96,9 @@ func (t *TLS) Provision(ctx caddy.Context) error { if t.Cache != nil { cacheOpts.Capacity = t.Cache.Capacity } + if cacheOpts.Capacity <= 0 { + cacheOpts.Capacity = 10000 + } t.certCache = certmagic.NewCache(cacheOpts) // certificate loaders @@ -172,6 +176,7 @@ func (t *TLS) Provision(ctx caddy.Context) error { // commands like validate can be a better test magic := certmagic.New(t.certCache, certmagic.Config{ Storage: ctx.Storage(), + Logger: t.logger, }) for _, loader := range t.certificateLoaders { certs, err := loader.LoadCertificates() @@ -412,13 +417,13 @@ func (t *TLS) cleanStorageUnits() { } // start with the default storage - certmagic.CleanStorage(t.ctx.Storage(), options) + certmagic.CleanStorage(t.ctx, t.ctx.Storage(), options) // then clean each storage defined in ACME automation policies if t.Automation != nil { for _, ap := range t.Automation.Policies { if ap.storage != nil { - certmagic.CleanStorage(ap.storage, options) + certmagic.CleanStorage(t.ctx, ap.storage, options) } } } From 6f73a358f43013a43c55d57f0c7726a6277f62b6 Mon Sep 17 00:00:00 2001 From: Ye Zhihao Date: Sat, 1 Aug 2020 01:30:20 +0800 Subject: [PATCH 0145/1498] httpcaddyfile: Add `compression` to http transport config (#3624) * httpcaddyfile: Add `compression` to http transport config * Add caddyfile adapt test for typical h2c setup --- .../caddyfile_adapt/reverse_proxy_h2c.txt | 96 +++++++++++++++++++ modules/caddyhttp/reverseproxy/caddyfile.go | 8 ++ 2 files changed, 104 insertions(+) create mode 100644 caddytest/integration/caddyfile_adapt/reverse_proxy_h2c.txt diff --git a/caddytest/integration/caddyfile_adapt/reverse_proxy_h2c.txt b/caddytest/integration/caddyfile_adapt/reverse_proxy_h2c.txt new file mode 100644 index 00000000..7c4ba297 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/reverse_proxy_h2c.txt @@ -0,0 +1,96 @@ + +https://example.com { + reverse_proxy /path http://localhost:54321 { + header_up Host {host} + header_up X-Real-IP {remote} + header_up X-Forwarded-For {remote} + header_up X-Forwarded-Port {server_port} + header_up X-Forwarded-Proto "http" + transport http { + versions h2c 2 + compression off + } + } +} + +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "example.com" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "handler": "reverse_proxy", + "headers": { + "request": { + "set": { + "Host": [ + "{http.request.host}" + ], + "X-Forwarded-For": [ + "{http.request.remote}" + ], + "X-Forwarded-Port": [ + "{server_port}" + ], + "X-Forwarded-Proto": [ + "http" + ], + "X-Real-Ip": [ + "{http.request.remote}" + ] + } + } + }, + "transport": { + "compression": false, + "protocol": "http", + "versions": [ + "h2c", + "2" + ] + }, + "upstreams": [ + { + "dial": "localhost:54321" + } + ] + } + ], + "match": [ + { + "path": [ + "/path" + ] + } + ] + } + ] + } + ], + "terminal": true + } + ] + } + } + } + } +} diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index 1d00cbf9..8c3b1184 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -719,6 +719,14 @@ func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return d.ArgErr() } + case "compression": + if d.NextArg() { + if d.Val() == "off" { + var disable bool + h.Compression = &disable + } + } + default: return d.Errf("unrecognized subdirective %s", d.Val()) } From 3860b235d074209c495d34a3966fc7fb2d5015a5 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 31 Jul 2020 13:55:01 -0600 Subject: [PATCH 0146/1498] fileserver: Don't assume len(str) == len(ToLower(str)) (fix #3623) We can't use a positional index on an original string that we got from its lower-cased equivalent. Implement our own IndexFold() function b/c the std lib does not have one. --- modules/caddyhttp/fileserver/matcher.go | 20 ++++++- modules/caddyhttp/fileserver/matcher_test.go | 63 ++++++++++++-------- 2 files changed, 56 insertions(+), 27 deletions(-) diff --git a/modules/caddyhttp/fileserver/matcher.go b/modules/caddyhttp/fileserver/matcher.go index 9144ca4d..18444211 100644 --- a/modules/caddyhttp/fileserver/matcher.go +++ b/modules/caddyhttp/fileserver/matcher.go @@ -117,11 +117,13 @@ func (m *MatchFile) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return d.ArgErr() } m.TryPolicy = d.Val() - case "split": + case "split_path": m.SplitPath = d.RemainingArgs() if len(m.SplitPath) == 0 { return d.ArgErr() } + default: + return d.Errf("unrecognized subdirective: %s", d.Val()) } } } @@ -279,9 +281,8 @@ func strictFileExists(file string) bool { // in the split value. Returns the path as-is if the // path cannot be split. func (m MatchFile) firstSplit(path string) string { - lowerPath := strings.ToLower(path) for _, split := range m.SplitPath { - if idx := strings.Index(lowerPath, strings.ToLower(split)); idx > -1 { + if idx := indexFold(path, split); idx > -1 { pos := idx + len(split) // skip the split if it's not the final part of the filename if pos != len(path) && !strings.HasPrefix(path[pos:], "/") { @@ -293,6 +294,19 @@ func (m MatchFile) firstSplit(path string) string { return path } +// There is no strings.IndexFold() function like there is strings.EqualFold(), +// but we can use strings.EqualFold() to build our own case-insensitive +// substring search (as of Go 1.14). +func indexFold(haystack, needle string) int { + nlen := len(needle) + for i := 0; i+nlen < len(haystack); i++ { + if strings.EqualFold(haystack[i:i+nlen], needle) { + return i + } + } + return -1 +} + const ( tryPolicyFirstExist = "first_exist" tryPolicyLargestSize = "largest_size" diff --git a/modules/caddyhttp/fileserver/matcher_test.go b/modules/caddyhttp/fileserver/matcher_test.go index aa84900a..e3f29116 100644 --- a/modules/caddyhttp/fileserver/matcher_test.go +++ b/modules/caddyhttp/fileserver/matcher_test.go @@ -22,69 +22,84 @@ import ( "github.com/caddyserver/caddy/v2/modules/caddyhttp" ) -func TestPhpFileMatcher(t *testing.T) { - +func TestPHPFileMatcher(t *testing.T) { for i, tc := range []struct { - path string + path string expectedPath string - matched bool + matched bool }{ { - path: "/index.php", + path: "/index.php", expectedPath: "/index.php", - matched: true, + matched: true, }, { - path: "/index.php/somewhere", + path: "/index.php/somewhere", expectedPath: "/index.php", - matched: true, + matched: true, }, { - path: "/remote.php", + path: "/remote.php", expectedPath: "/remote.php", - matched: true, + matched: true, }, { - path: "/remote.php/somewhere", + path: "/remote.php/somewhere", expectedPath: "/remote.php", - matched: true, + matched: true, }, { - path: "/missingfile.php", + path: "/missingfile.php", matched: false, }, { - path: "/notphp.php.txt", + path: "/notphp.php.txt", expectedPath: "/notphp.php.txt", - matched: true, + matched: true, }, { - path: "/notphp.php.txt/", + path: "/notphp.php.txt/", expectedPath: "/notphp.php.txt", - matched: true, + matched: true, }, { - path: "/notphp.php.txt.suffixed", + path: "/notphp.php.txt.suffixed", matched: false, }, { - path: "/foo.php.php/index.php", + path: "/foo.php.php/index.php", expectedPath: "/foo.php.php/index.php", - matched: true, + matched: true, + }, + { + path: "/foo.php.PHP/index.php", + expectedPath: "/foo.php.PHP/index.php", + matched: true, + }, + { + // See https://github.com/caddyserver/caddy/issues/3623 + path: "/%E2%C3", + expectedPath: "/%E2%C3", + matched: false, }, } { m := &MatchFile{ Root: "./testdata", - TryFiles: []string{"{http.request.uri.path}"}, + TryFiles: []string{"{http.request.uri.path}", "{http.request.uri.path}/index.php"}, SplitPath: []string{".php"}, } - req := &http.Request{URL: &url.URL{Path: tc.path}} + u, err := url.Parse(tc.path) + if err != nil { + t.Fatalf("Test %d: parsing path: %v", i, err) + } + + req := &http.Request{URL: u} repl := caddyhttp.NewTestReplacer(req) result := m.Match(req) if result != tc.matched { - t.Fatalf("Test %d: match bool result: %v, expected: %v", i, result, tc.matched) + t.Fatalf("Test %d: expected match=%t, got %t", i, tc.matched, result) } rel, ok := repl.Get("http.matchers.file.relative") @@ -99,4 +114,4 @@ func TestPhpFileMatcher(t *testing.T) { t.Fatalf("Test %d: actual path: %v, expected: %v", i, rel, tc.expectedPath) } } -} \ No newline at end of file +} From 514eef33fe6ea4e52438e62f73c8f3c0aadd45db Mon Sep 17 00:00:00 2001 From: v-rosa Date: Fri, 31 Jul 2020 22:06:30 +0100 Subject: [PATCH 0147/1498] caddyhttp: Add support to resolve DN in CEL expression (#3608) --- modules/caddyhttp/celmatcher.go | 24 +++++++++ modules/caddyhttp/celmatcher_test.go | 75 +++++++++++++++++++++++++++- 2 files changed, 98 insertions(+), 1 deletion(-) diff --git a/modules/caddyhttp/celmatcher.go b/modules/caddyhttp/celmatcher.go index 83e01cfb..bab0a075 100644 --- a/modules/caddyhttp/celmatcher.go +++ b/modules/caddyhttp/celmatcher.go @@ -15,6 +15,7 @@ package caddyhttp import ( + "crypto/x509/pkix" "encoding/json" "fmt" "net/http" @@ -199,6 +200,27 @@ func (cr celHTTPRequest) Equal(other ref.Val) ref.Val { func (celHTTPRequest) Type() ref.Type { return httpRequestCELType } func (cr celHTTPRequest) Value() interface{} { return cr } +var pkixNameCELType = types.NewTypeValue("pkix.Name", traits.ReceiverType) + +// celPkixName wraps an pkix.Name with +// methods to satisfy the ref.Val interface. +type celPkixName struct{ *pkix.Name } + +func (pn celPkixName) ConvertToNative(typeDesc reflect.Type) (interface{}, error) { + return pn.Name, nil +} +func (celPkixName) ConvertToType(typeVal ref.Type) ref.Val { + panic("not implemented") +} +func (pn celPkixName) Equal(other ref.Val) ref.Val { + if o, ok := other.Value().(string); ok { + return types.Bool(pn.Name.String() == o) + } + return types.ValOrErr(other, "%v is not comparable type", other) +} +func (celPkixName) Type() ref.Type { return pkixNameCELType } +func (pn celPkixName) Value() interface{} { return pn } + // celTypeAdapter can adapt our custom types to a CEL value. type celTypeAdapter struct{} @@ -206,6 +228,8 @@ func (celTypeAdapter) NativeToValue(value interface{}) ref.Val { switch v := value.(type) { case celHTTPRequest: return v + case pkix.Name: + return celPkixName{&v} case time.Time: // TODO: eliminate direct protobuf dependency, sigh -- just wrap stdlib time.Time instead... return types.Timestamp{Timestamp: ×tamp.Timestamp{Seconds: v.Unix(), Nanos: int32(v.Nanosecond())}} diff --git a/modules/caddyhttp/celmatcher_test.go b/modules/caddyhttp/celmatcher_test.go index 0e3b335d..a78eb5a4 100644 --- a/modules/caddyhttp/celmatcher_test.go +++ b/modules/caddyhttp/celmatcher_test.go @@ -15,6 +15,11 @@ package caddyhttp import ( + "context" + "crypto/tls" + "crypto/x509" + "encoding/pem" + "net/http/httptest" "testing" "github.com/caddyserver/caddy/v2" @@ -27,7 +32,7 @@ func TestMatchExpressionProvision(t *testing.T) { wantErr bool }{ { - name: "boolean mtaches succeed", + name: "boolean matches succeed", expression: &MatchExpression{ Expr: "{http.request.uri.query} != ''", }, @@ -49,3 +54,71 @@ func TestMatchExpressionProvision(t *testing.T) { }) } } + +func TestMatchExpressionMatch(t *testing.T) { + + clientCert := []byte(`-----BEGIN CERTIFICATE----- +MIIB9jCCAV+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1DYWRk +eSBUZXN0IENBMB4XDTE4MDcyNDIxMzUwNVoXDTI4MDcyMTIxMzUwNVowHTEbMBkG +A1UEAwwSY2xpZW50LmxvY2FsZG9tYWluMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQDFDEpzF0ew68teT3xDzcUxVFaTII+jXH1ftHXxxP4BEYBU4q90qzeKFneF +z83I0nC0WAQ45ZwHfhLMYHFzHPdxr6+jkvKPASf0J2v2HDJuTM1bHBbik5Ls5eq+ +fVZDP8o/VHKSBKxNs8Goc2NTsr5b07QTIpkRStQK+RJALk4x9QIDAQABo0swSTAJ +BgNVHRMEAjAAMAsGA1UdDwQEAwIHgDAaBgNVHREEEzARgglsb2NhbGhvc3SHBH8A +AAEwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADgYEANSjz2Sk+ +eqp31wM9il1n+guTNyxJd+FzVAH+hCZE5K+tCgVDdVFUlDEHHbS/wqb2PSIoouLV +3Q9fgDkiUod+uIK0IynzIKvw+Cjg+3nx6NQ0IM0zo8c7v398RzB4apbXKZyeeqUH +9fNwfEi+OoXR6s+upSKobCmLGLGi9Na5s5g= +-----END CERTIFICATE-----`) + + tests := []struct { + name string + expression *MatchExpression + wantErr bool + wantResult bool + clientCertificate []byte + }{ + { + name: "boolean matches succeed for placeholder http.request.tls.client.subject", + expression: &MatchExpression{ + Expr: "{http.request.tls.client.subject} == 'CN=client.localdomain'", + }, + clientCertificate: clientCert, + wantResult: true, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if err := tt.expression.Provision(caddy.Context{}); (err != nil) != tt.wantErr { + t.Errorf("MatchExpression.Provision() error = %v, wantErr %v", err, tt.wantErr) + } + + req := httptest.NewRequest("GET", "https://example.com/foo", nil) + repl := caddy.NewReplacer() + ctx := context.WithValue(req.Context(), caddy.ReplacerCtxKey, repl) + req = req.WithContext(ctx) + addHTTPVarsToReplacer(repl, req, httptest.NewRecorder()) + + if tt.clientCertificate != nil { + block, _ := pem.Decode(clientCert) + if block == nil { + t.Fatalf("failed to decode PEM certificate") + } + + cert, err := x509.ParseCertificate(block.Bytes) + if err != nil { + t.Fatalf("failed to decode PEM certificate: %v", err) + } + + req.TLS = &tls.ConnectionState{ + PeerCertificates: []*x509.Certificate{cert}, + } + } + + if tt.expression.Match(req) != tt.wantResult { + t.Errorf("MatchExpression.Match() expected to return '%t', for expression : '%s'", tt.wantResult, tt.expression) + } + + }) + } +} From af5c148ed1d8e405978b71e7efe15d0a829cab50 Mon Sep 17 00:00:00 2001 From: Bart Date: Fri, 31 Jul 2020 22:54:18 +0000 Subject: [PATCH 0148/1498] admin,templates,core: Minor enhancements and error handling (#3607) * fix 2 possible bugs * handle unhandled errors --- admin.go | 12 +++++++++--- caddy.go | 2 +- modules/caddyhttp/reverseproxy/selectionpolicies.go | 3 +++ modules/caddyhttp/templates/tplcontext_test.go | 2 +- 4 files changed, 14 insertions(+), 5 deletions(-) diff --git a/admin.go b/admin.go index 237af3ca..acf737e0 100644 --- a/admin.go +++ b/admin.go @@ -18,6 +18,7 @@ import ( "bytes" "context" "encoding/json" + "errors" "expvar" "fmt" "io" @@ -235,15 +236,20 @@ func replaceAdmin(cfg *Config) error { MaxHeaderBytes: 1024 * 64, } - go adminServer.Serve(ln) + adminLogger := Log().Named("admin") + go func() { + if err := adminServer.Serve(ln); !errors.Is(err, http.ErrServerClosed) { + adminLogger.Error("admin server shutdown for unknown reason", zap.Error(err)) + } + }() - Log().Named("admin").Info("admin endpoint started", + adminLogger.Info("admin endpoint started", zap.String("address", addr.String()), zap.Bool("enforce_origin", adminConfig.EnforceOrigin), zap.Strings("origins", handler.allowedOrigins)) if !handler.enforceHost { - Log().Named("admin").Warn("admin endpoint on open interface; host checking disabled", + adminLogger.Warn("admin endpoint on open interface; host checking disabled", zap.String("address", addr.String())) } diff --git a/caddy.go b/caddy.go index 00926410..000cd6f1 100644 --- a/caddy.go +++ b/caddy.go @@ -471,7 +471,7 @@ func stopAndCleanup() error { } certmagic.CleanUpOwnLocks() if pidfile != "" { - os.Remove(pidfile) + return os.Remove(pidfile) } return nil } diff --git a/modules/caddyhttp/reverseproxy/selectionpolicies.go b/modules/caddyhttp/reverseproxy/selectionpolicies.go index 7c36dec2..e33ebe47 100644 --- a/modules/caddyhttp/reverseproxy/selectionpolicies.go +++ b/modules/caddyhttp/reverseproxy/selectionpolicies.go @@ -401,6 +401,9 @@ func leastRequests(upstreams []*Upstream) *Upstream { best = append(best, upstream) } } + if len(best) == 0 { + return nil + } return best[weakrand.Intn(len(best))] } diff --git a/modules/caddyhttp/templates/tplcontext_test.go b/modules/caddyhttp/templates/tplcontext_test.go index 32c6a166..c0658a17 100644 --- a/modules/caddyhttp/templates/tplcontext_test.go +++ b/modules/caddyhttp/templates/tplcontext_test.go @@ -90,7 +90,7 @@ func TestCookie(t *testing.T) { }, { // cookie with optional fields - cookie: &http.Cookie{Name: "cookie", Value: "cookieValue", Path: "/path", Domain: "https://localhost", Expires: (time.Now().Add(10 * time.Minute)), MaxAge: 120}, + cookie: &http.Cookie{Name: "cookie", Value: "cookieValue", Path: "/path", Domain: "https://localhost", Expires: time.Now().Add(10 * time.Minute), MaxAge: 120}, cookieName: "cookie", expect: "cookieValue", }, From c054a818a1d6fee61cebc48b4286bb40d0553f4c Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Sat, 1 Aug 2020 12:43:30 -0600 Subject: [PATCH 0149/1498] fileserver: Fix newly-introduced failing test on Linux (#3625) * fileserver: First attempt to fix failing test on Linux I think I updated the wrong test case before * Make new test function I guess what we really are trying to test is the case insensitivity of firstSplit. So a new test function is better for that. --- modules/caddyhttp/fileserver/matcher_test.go | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/modules/caddyhttp/fileserver/matcher_test.go b/modules/caddyhttp/fileserver/matcher_test.go index e3f29116..51cd284e 100644 --- a/modules/caddyhttp/fileserver/matcher_test.go +++ b/modules/caddyhttp/fileserver/matcher_test.go @@ -71,11 +71,6 @@ func TestPHPFileMatcher(t *testing.T) { expectedPath: "/foo.php.php/index.php", matched: true, }, - { - path: "/foo.php.PHP/index.php", - expectedPath: "/foo.php.PHP/index.php", - matched: true, - }, { // See https://github.com/caddyserver/caddy/issues/3623 path: "/%E2%C3", @@ -115,3 +110,12 @@ func TestPHPFileMatcher(t *testing.T) { } } } + +func TestFirstSplit(t *testing.T) { + m := MatchFile{SplitPath: []string{".php"}} + actual := m.firstSplit("index.PHP/somewhere") + expected := "index.PHP" + if actual != expected { + t.Errorf("Expected %s but got %s", expected, actual) + } +} From 399eff415ca530c02b21506949526ca7fd0698fe Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Sat, 1 Aug 2020 23:23:22 +0300 Subject: [PATCH 0150/1498] ci: Include tracking of GOOS for which Caddy fails to build (#3617) * ci: include tracking of GOOS for which Caddy fails to build * ci: split cross-build check into separate workflow * ci: cross-build check: make it clear the cross-build check is not a blocker * ci: cross-build check: set annotation instead of failing the build * ci: cross-build check: explicitly set continue-on-error to force success marker * ci: cross-build check: send stderr to /dev/null * ci: Simplify workflow names Co-authored-by: Francis Lavoie Co-authored-by: Francis Lavoie Co-authored-by: Matt Holt --- .github/workflows/ci.yml | 2 +- .github/workflows/cross-build.yml | 56 +++++++++++++++++++++++++++++++ 2 files changed, 57 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/cross-build.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 67e15d4d..8584455b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,6 +1,6 @@ # Used as inspiration: https://github.com/mvdan/github-actions-golang -name: Cross-Platform +name: Tests on: push: diff --git a/.github/workflows/cross-build.yml b/.github/workflows/cross-build.yml new file mode 100644 index 00000000..a935cbab --- /dev/null +++ b/.github/workflows/cross-build.yml @@ -0,0 +1,56 @@ +name: Cross-Build + +on: + push: + branches: + - master + pull_request: + branches: + - master + +jobs: + cross-build-test: + strategy: + fail-fast: false + matrix: + goos: ['android', 'linux', 'solaris', 'illumos', 'dragonfly', 'freebsd', 'openbsd', 'plan9', 'windows', 'darwin', 'netbsd'] + go-version: [ 1.14.x ] + runs-on: ubuntu-latest + continue-on-error: true + steps: + - name: Install Go + uses: actions/setup-go@v2 + with: + go-version: ${{ matrix.go-version }} + - name: Print Go version and environment + id: vars + run: | + printf "Using go at: $(which go)\n" + printf "Go version: $(go version)\n" + printf "\n\nGo environment:\n\n" + go env + printf "\n\nSystem environment:\n\n" + env + echo "::set-output name=go_cache::$(go env GOCACHE)" + - name: Cache the build cache + uses: actions/cache@v1 + with: + path: ${{ steps.vars.outputs.go_cache }} + key: cross-build-go-${{ matrix.goos }}-${{ hashFiles('**/go.sum') }} + restore-keys: | + cross-build-go-${{ matrix.goos }} + - name: Checkout code into the Go module directory + uses: actions/checkout@v2 + - name: Run Build + env: + CGO_ENABLED: 0 + GOOS: ${{ matrix.goos }} + shell: bash + continue-on-error: true + working-directory: ./cmd/caddy + run: | + GOOS=$GOOS go build -trimpath -o caddy-"$GOOS"-amd64 2> /dev/null + if [ $? -ne 0 ]; then + echo "::warning ::$GOOS Build Failed" + exit 0 + fi From 68529e2f9ecb6b5cb9552482d73b8337252c7f59 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 3 Aug 2020 10:42:42 -0600 Subject: [PATCH 0151/1498] cmd: Print caddy version with environ or --environ (#3627) --- cmd/main.go | 1 + 1 file changed, 1 insertion(+) diff --git a/cmd/main.go b/cmd/main.go index 00d5d138..914df215 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -410,6 +410,7 @@ func printEnvironment() { fmt.Printf("caddy.AppDataDir=%s\n", caddy.AppDataDir()) fmt.Printf("caddy.AppConfigDir=%s\n", caddy.AppConfigDir()) fmt.Printf("caddy.ConfigAutosavePath=%s\n", caddy.ConfigAutosavePath) + fmt.Printf("caddy.Version=%s\n", caddy.GoModule().Version) fmt.Printf("runtime.GOOS=%s\n", runtime.GOOS) fmt.Printf("runtime.GOARCH=%s\n", runtime.GOARCH) fmt.Printf("runtime.Compiler=%s\n", runtime.Compiler) From 8b80a3201fcddda3fcf125116d33555cb385a803 Mon Sep 17 00:00:00 2001 From: Ye Zhihao Date: Tue, 4 Aug 2020 03:44:38 +0800 Subject: [PATCH 0152/1498] httpcaddyfile: Bring `enforce_origin` and `origins` to admin config (#3595) * Bring `ensure_origin` and `origins` to caddyfile admin config * Add unit test for caddyfile admin config update * Add caddyfile adapt test for typical admin setup * httpcaddyfile: Replace admin config error message when there's more arguments than needed Replace d.Err() to d.ArgErr() since the latter provides similarly informative error message Co-authored-by: Matt Holt Co-authored-by: Matt Holt --- caddyconfig/httpcaddyfile/httptype.go | 8 +- caddyconfig/httpcaddyfile/httptype_test.go | 52 ++++++++++++ caddyconfig/httpcaddyfile/options.go | 38 +++++++-- .../caddyfile_adapt/global_options_admin.txt | 80 +++++++++++++++++++ 4 files changed, 164 insertions(+), 14 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/global_options_admin.txt diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 3f37f024..130067da 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -261,12 +261,8 @@ func (st ServerType) Setup(inputServerBlocks []caddyfile.ServerBlock, storageCvtr.(caddy.Module).CaddyModule().ID.Name(), &warnings) } - if adminConfig, ok := options["admin"].(string); ok && adminConfig != "" { - if adminConfig == "off" { - cfg.Admin = &caddy.AdminConfig{Disabled: true} - } else { - cfg.Admin = &caddy.AdminConfig{Listen: adminConfig} - } + if adminConfig, ok := options["admin"].(*caddy.AdminConfig); ok && adminConfig != nil { + cfg.Admin = adminConfig } if len(customLogs) > 0 { if cfg.Logging == nil { diff --git a/caddyconfig/httpcaddyfile/httptype_test.go b/caddyconfig/httpcaddyfile/httptype_test.go index b0ee3ac0..233e3749 100644 --- a/caddyconfig/httpcaddyfile/httptype_test.go +++ b/caddyconfig/httpcaddyfile/httptype_test.go @@ -164,6 +164,58 @@ func TestGlobalOptions(t *testing.T) { expectWarn: false, expectError: true, }, + { + input: ` + { + admin { + enforce_origin + origins 192.168.1.1:2020 127.0.0.1:2020 + } + } + :80 + `, + expectWarn: false, + expectError: false, + }, + { + input: ` + { + admin 127.0.0.1:2020 { + enforce_origin + origins 192.168.1.1:2020 127.0.0.1:2020 + } + } + :80 + `, + expectWarn: false, + expectError: false, + }, + { + input: ` + { + admin 192.168.1.1:2020 127.0.0.1:2020 { + enforce_origin + origins 192.168.1.1:2020 127.0.0.1:2020 + } + } + :80 + `, + expectWarn: false, + expectError: true, + }, + { + input: ` + { + admin off { + enforce_origin + origins 192.168.1.1:2020 127.0.0.1:2020 + } + } + :80 + `, + expectWarn: false, + expectError: true, + }, } { adapter := caddyfile.Adapter{ diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go index f69ca3ec..613bbc60 100644 --- a/caddyconfig/httpcaddyfile/options.go +++ b/caddyconfig/httpcaddyfile/options.go @@ -223,17 +223,39 @@ func parseOptSingleString(d *caddyfile.Dispenser) (interface{}, error) { } func parseOptAdmin(d *caddyfile.Dispenser) (interface{}, error) { - if d.Next() { - var listenAddress string - if !d.AllArgs(&listenAddress) { - return "", d.ArgErr() + adminCfg := new(caddy.AdminConfig) + for d.Next() { + if d.NextArg() { + listenAddress := d.Val() + if listenAddress == "off" { + adminCfg.Disabled = true + if d.Next() { // Do not accept any remaining options including block + return nil, d.Err("No more option is allowed after turning off admin config") + } + } else { + adminCfg.Listen = listenAddress + if d.NextArg() { // At most 1 arg is allowed + return nil, d.ArgErr() + } + } } - if listenAddress == "" { - listenAddress = caddy.DefaultAdminListen + for nesting := d.Nesting(); d.NextBlock(nesting); { + switch d.Val() { + case "enforce_origin": + adminCfg.EnforceOrigin = true + + case "origins": + adminCfg.Origins = d.RemainingArgs() + + default: + return nil, d.Errf("unrecognized parameter '%s'", d.Val()) + } } - return listenAddress, nil } - return "", nil + if adminCfg.Listen == "" && !adminCfg.Disabled { + adminCfg.Listen = caddy.DefaultAdminListen + } + return adminCfg, nil } func parseOptOnDemand(d *caddyfile.Dispenser) (interface{}, error) { diff --git a/caddytest/integration/caddyfile_adapt/global_options_admin.txt b/caddytest/integration/caddyfile_adapt/global_options_admin.txt new file mode 100644 index 00000000..14bee216 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/global_options_admin.txt @@ -0,0 +1,80 @@ +{ + debug + http_port 8080 + https_port 8443 + default_sni localhost + order root first + storage file_system { + root /data + } + acme_ca https://example.com + acme_ca_root /path/to/ca.crt + + email test@example.com + admin { + origins localhost:2019 [::1]:2019 127.0.0.1:2019 192.168.10.128 + } + on_demand_tls { + ask https://example.com + interval 30s + burst 20 + } + local_certs + key_type ed25519 +} + +:80 +---------- +{ + "admin": { + "listen": "localhost:2019", + "origins": [ + "localhost:2019", + "[::1]:2019", + "127.0.0.1:2019", + "192.168.10.128" + ] + }, + "logging": { + "logs": { + "default": { + "level": "DEBUG" + } + } + }, + "storage": { + "module": "file_system", + "root": "/data" + }, + "apps": { + "http": { + "http_port": 8080, + "https_port": 8443, + "servers": { + "srv0": { + "listen": [ + ":80" + ] + } + } + }, + "tls": { + "automation": { + "policies": [ + { + "issuer": { + "module": "internal" + } + } + ], + "on_demand": { + "rate_limit": { + "interval": 30000000000, + "burst": 20 + }, + "ask": "https://example.com" + } + } + } + } +} From 904f149e5b2f0ae9eff09dacb4f1ec41c4a76298 Mon Sep 17 00:00:00 2001 From: Kevin Lin Date: Tue, 4 Aug 2020 10:50:38 +0800 Subject: [PATCH 0153/1498] reverse_proxy: fix bidirectional streams with encodings (fix #3606) (#3620) * reverse_proxy: fix bi-h2stream breaking gzip encode handle(#3606). * reverse_proxy: check http version of both sides to avoid affecting non-h2 upstream. * Minor cleanup; apply review suggestions Co-authored-by: Matthew Holt --- caddytest/integration/stream_test.go | 236 ++++++++++++++++++ .../caddyhttp/reverseproxy/reverseproxy.go | 4 +- modules/caddyhttp/reverseproxy/streaming.go | 24 +- 3 files changed, 259 insertions(+), 5 deletions(-) diff --git a/caddytest/integration/stream_test.go b/caddytest/integration/stream_test.go index c0ab32b5..b6447c68 100644 --- a/caddytest/integration/stream_test.go +++ b/caddytest/integration/stream_test.go @@ -1,7 +1,9 @@ package integration import ( + "compress/gzip" "context" + "crypto/rand" "fmt" "io" "io/ioutil" @@ -199,3 +201,237 @@ func testH2ToH2CStreamServeH2C(t *testing.T) *http.Server { } return server } + +// (see https://github.com/caddyserver/caddy/issues/3606 for use case) +func TestH2ToH1ChunkedResponse(t *testing.T) { + tester := caddytest.NewTester(t) + tester.InitServer(` +{ + "logging": { + "logs": { + "default": { + "level": "DEBUG" + } + } + }, + "apps": { + "http": { + "http_port": 9080, + "https_port": 9443, + "servers": { + "srv0": { + "listen": [ + ":9443" + ], + "routes": [ + { + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "encodings": { + "gzip": {} + }, + "handler": "encode" + } + ] + }, + { + "handle": [ + { + "handler": "reverse_proxy", + "upstreams": [ + { + "dial": "localhost:54321" + } + ] + } + ], + "match": [ + { + "path": [ + "/tov2ray" + ] + } + ] + } + ] + } + ], + "terminal": true + } + ], + "tls_connection_policies": [ + { + "certificate_selection": { + "any_tag": [ + "cert0" + ] + }, + "default_sni": "a.caddy.localhost" + } + ] + } + } + }, + "tls": { + "certificates": { + "load_files": [ + { + "certificate": "/a.caddy.localhost.crt", + "key": "/a.caddy.localhost.key", + "tags": [ + "cert0" + ] + } + ] + } + }, + "pki": { + "certificate_authorities": { + "local": { + "install_trust": false + } + } + } + } +} + `, "json") + + // need a large body here to trigger caddy's compression, larger than gzip.miniLength + expectedBody, err := GenerateRandomString(1024) + if err != nil { + t.Fatalf("generate expected body failed, err: %s", err) + } + + // start the server + server := testH2ToH1ChunkedResponseServeH1(t) + go server.ListenAndServe() + defer func() { + ctx, cancel := context.WithTimeout(context.Background(), time.Nanosecond) + defer cancel() + server.Shutdown(ctx) + }() + + r, w := io.Pipe() + req := &http.Request{ + Method: "PUT", + Body: ioutil.NopCloser(r), + URL: &url.URL{ + Scheme: "https", + Host: "127.0.0.1:9443", + Path: "/tov2ray", + }, + Proto: "HTTP/2", + ProtoMajor: 2, + ProtoMinor: 0, + Header: make(http.Header), + } + // underlying transport will automaticlly add gzip + // req.Header.Set("Accept-Encoding", "gzip") + go func() { + fmt.Fprint(w, expectedBody) + w.Close() + }() + resp := tester.AssertResponseCode(req, 200) + if 200 != resp.StatusCode { + return + } + + defer resp.Body.Close() + bytes, err := ioutil.ReadAll(resp.Body) + if err != nil { + t.Fatalf("unable to read the response body %s", err) + } + + body := string(bytes) + + if body != expectedBody { + t.Errorf("requesting \"%s\" expected response body \"%s\" but got \"%s\"", req.RequestURI, expectedBody, body) + } + return +} + +func testH2ToH1ChunkedResponseServeH1(t *testing.T) *http.Server { + handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + + if r.Host != "127.0.0.1:9443" { + t.Errorf("r.Host doesn't match, %v!", r.Host) + w.WriteHeader(http.StatusNotFound) + return + } + + if !strings.HasPrefix(r.URL.Path, "/tov2ray") { + w.WriteHeader(http.StatusNotFound) + return + } + + defer r.Body.Close() + bytes, err := ioutil.ReadAll(r.Body) + if err != nil { + t.Fatalf("unable to read the response body %s", err) + } + + n := len(bytes) + + var writer io.Writer + if strings.Contains(r.Header.Get("Accept-Encoding"), "gzip") { + gw, err := gzip.NewWriterLevel(w, 5) + if err != nil { + t.Error("can't return gzip data") + w.WriteHeader(http.StatusInternalServerError) + return + } + defer gw.Close() + writer = gw + w.Header().Set("Content-Encoding", "gzip") + w.Header().Del("Content-Length") + w.WriteHeader(200) + } else { + writer = w + } + if n > 0 { + writer.Write(bytes[:]) + } + }) + + server := &http.Server{ + Addr: "127.0.0.1:54321", + Handler: handler, + } + return server +} + +// GenerateRandomBytes returns securely generated random bytes. +// It will return an error if the system's secure random +// number generator fails to function correctly, in which +// case the caller should not continue. +func GenerateRandomBytes(n int) ([]byte, error) { + b := make([]byte, n) + _, err := rand.Read(b) + // Note that err == nil only if we read len(b) bytes. + if err != nil { + return nil, err + } + + return b, nil +} + +// GenerateRandomString returns a securely generated random string. +// It will return an error if the system's secure random +// number generator fails to function correctly, in which +// case the caller should not continue. +func GenerateRandomString(n int) (string, error) { + const letters = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-" + bytes, err := GenerateRandomBytes(n) + if err != nil { + return "", err + } + for i, b := range bytes { + bytes[i] = letters[b%byte(len(letters))] + } + return string(bytes), nil +} diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 0a53db4a..7fdf55a7 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -613,8 +613,8 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, di Dia // some apps need the response headers before starting to stream content with http2, // so it's important to explicitly flush the headers to the client before streaming the data. - // (see https://github.com/caddyserver/caddy/issues/3556 for use case) - if req.ProtoMajor == 2 && res.ContentLength == -1 { + // (see https://github.com/caddyserver/caddy/issues/3556 for use case and nuances) + if h.isBidirectionalStream(req, res) { if wf, ok := rw.(http.Flusher); ok { wf.Flush() } diff --git a/modules/caddyhttp/reverseproxy/streaming.go b/modules/caddyhttp/reverseproxy/streaming.go index 105ff32b..127c0f0f 100644 --- a/modules/caddyhttp/reverseproxy/streaming.go +++ b/modules/caddyhttp/reverseproxy/streaming.go @@ -96,15 +96,33 @@ func (h Handler) flushInterval(req *http.Request, res *http.Response) time.Durat return -1 // negative means immediately } - // for h2 and h2c upstream streaming data to client (issue #3556) - if req.ProtoMajor == 2 && res.ContentLength == -1 { + // for h2 and h2c upstream streaming data to client (issues #3556 and #3606) + if h.isBidirectionalStream(req, res) { return -1 } - // TODO: more specific cases? e.g. res.ContentLength == -1? (this TODO is from the std lib) + // TODO: more specific cases? e.g. res.ContentLength == -1? (this TODO is from the std lib, but + // strangely similar to our isBidirectionalStream function that we implemented ourselves) return time.Duration(h.FlushInterval) } +// isBidirectionalStream returns whether we should work in bi-directional stream mode. +// +// See https://github.com/caddyserver/caddy/pull/3620 for discussion of nuances. +func (h Handler) isBidirectionalStream(req *http.Request, res *http.Response) bool { + // We have to check the encoding here; only flush headers with identity encoding. + // Non-identity encoding might combine with "encode" directive, and in that case, + // if body size larger than enc.MinLength, upper level encode handle might have + // Content-Encoding header to write. + // (see https://github.com/caddyserver/caddy/issues/3606 for use case) + ae := req.Header.Get("Accept-Encoding") + + return req.ProtoMajor == 2 && + res.ProtoMajor == 2 && + res.ContentLength == -1 && + (ae == "identity" || ae == "") +} + func (h Handler) copyResponse(dst io.Writer, src io.Reader, flushInterval time.Duration) error { if flushInterval != 0 { if wf, ok := dst.(writeFlusher); ok { From 584eba94a4e06af9ce7efc91fb914f84d7a6a48c Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 5 Aug 2020 15:42:29 -0400 Subject: [PATCH 0154/1498] httpcaddyfile: Allow named matchers in `route` blocks (#3632) --- caddyconfig/httpcaddyfile/builtins.go | 45 +++--- caddyconfig/httpcaddyfile/directives.go | 14 +- .../php_fastcgi_expanded_form.txt | 132 ++++++++++++++++++ 3 files changed, 161 insertions(+), 30 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/php_fastcgi_expanded_form.txt diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index 5dbb4063..520796d9 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -480,36 +480,23 @@ func parseRespond(h Helper) (caddyhttp.MiddlewareHandler, error) { func parseRoute(h Helper) (caddyhttp.MiddlewareHandler, error) { sr := new(caddyhttp.Subroute) - for h.Next() { - for nesting := h.Nesting(); h.NextBlock(nesting); { - dir := h.Val() + allResults, err := parseSegmentAsConfig(h) + if err != nil { + return nil, err + } - dirFunc, ok := registeredDirectives[dir] - if !ok { - return nil, h.Errf("unrecognized directive: %s", dir) - } - - subHelper := h - subHelper.Dispenser = h.NewFromNextSegment() - - results, err := dirFunc(subHelper) - if err != nil { - return nil, h.Errf("parsing caddyfile tokens for '%s': %v", dir, err) - } - for _, result := range results { - switch handler := result.Value.(type) { - case caddyhttp.Route: - sr.Routes = append(sr.Routes, handler) - case caddyhttp.Subroute: - // directives which return a literal subroute instead of a route - // means they intend to keep those handlers together without - // them being reordered; we're doing that anyway since we're in - // the route directive, so just append its handlers - sr.Routes = append(sr.Routes, handler.Routes...) - default: - return nil, h.Errf("%s directive returned something other than an HTTP route or subroute: %#v (only handler directives can be used in routes)", dir, result.Value) - } - } + for _, result := range allResults { + switch handler := result.Value.(type) { + case caddyhttp.Route: + sr.Routes = append(sr.Routes, handler) + case caddyhttp.Subroute: + // directives which return a literal subroute instead of a route + // means they intend to keep those handlers together without + // them being reordered; we're doing that anyway since we're in + // the route directive, so just append its handlers + sr.Routes = append(sr.Routes, handler.Routes...) + default: + return nil, h.Errf("%s directive returned something other than an HTTP route or subroute: %#v (only handler directives can be used in routes)", result.directive, result.Value) } } diff --git a/caddyconfig/httpcaddyfile/directives.go b/caddyconfig/httpcaddyfile/directives.go index c31bdd3c..e93fdd03 100644 --- a/caddyconfig/httpcaddyfile/directives.go +++ b/caddyconfig/httpcaddyfile/directives.go @@ -269,6 +269,18 @@ func (h Helper) NewBindAddresses(addrs []string) []ConfigValue { // are themselves treated as directives, from which a subroute is built // and returned. func ParseSegmentAsSubroute(h Helper) (caddyhttp.MiddlewareHandler, error) { + allResults, err := parseSegmentAsConfig(h) + if err != nil { + return nil, err + } + + return buildSubroute(allResults, h.groupCounter) +} + +// parseSegmentAsConfig parses the segment such that its subdirectives +// are themselves treated as directives, including named matcher definitions, +// and the raw Config structs are returned. +func parseSegmentAsConfig(h Helper) ([]ConfigValue, error) { var allResults []ConfigValue for h.Next() { @@ -319,7 +331,7 @@ func ParseSegmentAsSubroute(h Helper) (caddyhttp.MiddlewareHandler, error) { } } - return buildSubroute(allResults, h.groupCounter) + return allResults, nil } // ConfigValue represents a value to be added to the final diff --git a/caddytest/integration/caddyfile_adapt/php_fastcgi_expanded_form.txt b/caddytest/integration/caddyfile_adapt/php_fastcgi_expanded_form.txt new file mode 100644 index 00000000..d4531289 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/php_fastcgi_expanded_form.txt @@ -0,0 +1,132 @@ +:8886 + +route { + # Add trailing slash for directory requests + @canonicalPath { + file { + try_files {path}/index.php + } + not path */ + } + redir @canonicalPath {path}/ 308 + + # If the requested file does not exist, try index files + @indexFiles { + file { + try_files {path} {path}/index.php index.php + split_path .php + } + } + rewrite @indexFiles {http.matchers.file.relative} + + # Proxy PHP files to the FastCGI responder + @phpFiles { + path *.php + } + reverse_proxy @phpFiles 127.0.0.1:9000 { + transport fastcgi { + split .php + } + } +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":8886" + ], + "routes": [ + { + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "handler": "static_response", + "headers": { + "Location": [ + "{http.request.uri.path}/" + ] + }, + "status_code": 308 + } + ], + "match": [ + { + "file": { + "try_files": [ + "{http.request.uri.path}/index.php" + ] + }, + "not": [ + { + "path": [ + "*/" + ] + } + ] + } + ] + }, + { + "handle": [ + { + "handler": "rewrite", + "uri": "{http.matchers.file.relative}" + } + ], + "match": [ + { + "file": { + "split_path": [ + ".php" + ], + "try_files": [ + "{http.request.uri.path}", + "{http.request.uri.path}/index.php", + "index.php" + ] + } + } + ] + }, + { + "handle": [ + { + "handler": "reverse_proxy", + "transport": { + "protocol": "fastcgi", + "split_path": [ + ".php" + ] + }, + "upstreams": [ + { + "dial": "127.0.0.1:9000" + } + ] + } + ], + "match": [ + { + "path": [ + "*.php" + ] + } + ] + } + ] + } + ] + } + ] + } + } + } + } +} \ No newline at end of file From ff19bddac5ebfb68c77d9e2fb677b87d5c6a6524 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 6 Aug 2020 13:56:23 -0600 Subject: [PATCH 0155/1498] httpcaddyfile: Avoid repeated subjects in APs (fix #3618) When consolidating automation policies, ensure same subject names do not get appended to list. --- caddyconfig/httpcaddyfile/tlsapp.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index aa3e5be0..db6bf98c 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -444,7 +444,12 @@ func consolidateAutomationPolicies(aps []*caddytls.AutomationPolicy) []*caddytls } else if len(aps[i].Subjects) > 0 && len(aps[j].Subjects) == 0 { aps = append(aps[:i], aps[i+1:]...) } else { - aps[i].Subjects = append(aps[i].Subjects, aps[j].Subjects...) + // avoid repeated subjects + for _, subj := range aps[j].Subjects { + if !sliceContains(aps[i].Subjects, subj) { + aps[i].Subjects = append(aps[i].Subjects, subj) + } + } aps = append(aps[:j], aps[j+1:]...) } i-- From 4accf737a63acca017e29fad8ac75b2d66591c77 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Thu, 6 Aug 2020 14:17:40 -0600 Subject: [PATCH 0156/1498] ci: Ignore s390x failures (#3644) As of early August 2020 the VM has been down for several days due to lack of power due related to bad weather at the data center... sigh. --- .github/workflows/ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8584455b..0babe71f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -124,6 +124,7 @@ jobs: name: test (s390x on IBM Z) runs-on: ubuntu-latest if: github.event.pull_request.head.repo.full_name == github.repository + continue-on-error: true # August 2020: s390x VM is down due to weather and power issues steps: - name: Checkout code into the Go module directory uses: actions/checkout@v2 From c6d6a775a18999d7594d7656476405a582b3f8ab Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 6 Aug 2020 14:36:21 -0600 Subject: [PATCH 0157/1498] go.mod: Update some dependencies We can't update smallstep/nosql and klauspost/cpuid yet because of upstream breakage. --- go.mod | 10 +++++----- go.sum | 16 ++++++++++------ 2 files changed, 15 insertions(+), 11 deletions(-) diff --git a/go.mod b/go.mod index 1cad2872..2e141e0a 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.14 require ( github.com/Masterminds/sprig/v3 v3.1.0 - github.com/alecthomas/chroma v0.7.4-0.20200517063913-500529fd43c1 + github.com/alecthomas/chroma v0.8.0 github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a github.com/caddyserver/certmagic v0.11.3-0.20200730200704-7d9dfc3fe638 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac @@ -21,13 +21,13 @@ require ( github.com/smallstep/cli v0.14.6 github.com/smallstep/nosql v0.3.0 github.com/smallstep/truststore v0.9.6 - github.com/yuin/goldmark v1.1.33 + github.com/yuin/goldmark v1.2.1 github.com/yuin/goldmark-highlighting v0.0.0-20200307114337-60d527fdb691 go.uber.org/zap v1.15.0 golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de - golang.org/x/net v0.0.0-20200625001655-4c5254603344 - google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013 - google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc + golang.org/x/net v0.0.0-20200707034311-ab3426394381 + google.golang.org/genproto v0.0.0-20200806141610-86f49bd18e98 + google.golang.org/protobuf v1.24.0 gopkg.in/natefinch/lumberjack.v2 v2.0.0 gopkg.in/yaml.v2 v2.3.0 ) diff --git a/go.sum b/go.sum index 63b41e9d..cff5f175 100644 --- a/go.sum +++ b/go.sum @@ -53,8 +53,8 @@ github.com/akavel/rsrc v0.8.0/go.mod h1:uLoCtb9J+EyAqh+26kdrTgmzRBFPGOolLWKpdxkK github.com/alecthomas/assert v0.0.0-20170929043011-405dbfeb8e38 h1:smF2tmSOzy2Mm+0dGI2AIUHY+w0BUc+4tn40djz7+6U= github.com/alecthomas/assert v0.0.0-20170929043011-405dbfeb8e38/go.mod h1:r7bzyVFMNntcxPZXK3/+KdruV1H5KSlyVY0gc+NgInI= github.com/alecthomas/chroma v0.7.2-0.20200305040604-4f3623dce67a/go.mod h1:fv5SzZPFJbwp2NXJWpFIX7DZS4HgV1K4ew4Pc2OZD9s= -github.com/alecthomas/chroma v0.7.4-0.20200517063913-500529fd43c1 h1:9jsf8ot7rz1BywS9yYLkSiIeqU8LQw1D8gXVgdqsbvs= -github.com/alecthomas/chroma v0.7.4-0.20200517063913-500529fd43c1/go.mod h1:sko8vR34/90zvl5QdcUdvzL3J8NKjAUx9va9jPuFNoM= +github.com/alecthomas/chroma v0.8.0 h1:HS+HE97sgcqjQGu5uVr8jIE55Mmh5UeQ7kckAhHg2pY= +github.com/alecthomas/chroma v0.8.0/go.mod h1:sko8vR34/90zvl5QdcUdvzL3J8NKjAUx9va9jPuFNoM= github.com/alecthomas/colour v0.0.0-20160524082231-60882d9e2721 h1:JHZL0hZKJ1VENNfmXvHbgYlbUOvpzYzvy2aZU5gXVeo= github.com/alecthomas/colour v0.0.0-20160524082231-60882d9e2721/go.mod h1:QO9JBoKquHd+jz9nshCh40fOfO+JzsoXy8qTHF68zU0= github.com/alecthomas/kong v0.1.17-0.20190424132513-439c674f7ae0/go.mod h1:+inYUSluD+p4L8KdviBSgzcqEjUQOfC5fQDRFuc36lI= @@ -604,8 +604,8 @@ github.com/weppos/publicsuffix-go v0.4.0/go.mod h1:z3LCPQ38eedDQSwmsSRW4Y7t2L8Ln github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= github.com/yuin/goldmark v1.1.22/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.1.33 h1:Q0PzHNn2h69wYmmE2SukzuQe0VBwErZrgJ5ZB8od6zQ= -github.com/yuin/goldmark v1.1.33/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.2.1 h1:ruQGxdhGHe7FWOJPT0mKs5+pD2Xs1Bm/kdGlHO04FmM= +github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark-highlighting v0.0.0-20200307114337-60d527fdb691 h1:VWSxtAiQNh3zgHJpdpkpVYjTPqRE3P6UZCOPa1nRDio= github.com/yuin/goldmark-highlighting v0.0.0-20200307114337-60d527fdb691/go.mod h1:YLF3kDffRfUH/bTxOxHhV6lxwIB3Vfj91rEwNMS9MXo= github.com/zmap/rc2 v0.0.0-20131011165748-24b9757f5521/go.mod h1:3YZ9o3WnatTIZhuOtot4IcUfzoKVjUHqu6WALIyI0nE= @@ -710,8 +710,8 @@ golang.org/x/net v0.0.0-20191002035440-2ec189313ef0/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200625001655-4c5254603344 h1:vGXIOMxbNfDTk/aXCmfdLgkrSV+Z2tcbze+pEc3v5W4= -golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20200707034311-ab3426394381 h1:VXak5I6aEWmAXeQjA+QSZzlgNrpq9mjcfDemuexIKsU= +golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -857,6 +857,8 @@ google.golang.org/genproto v0.0.0-20200305110556-506484158171 h1:xes2Q2k+d/+YNXV google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013 h1:+kGHl1aib/qcwaRi1CbqBZ1rk19r85MNUf8HaBghugY= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= +google.golang.org/genproto v0.0.0-20200806141610-86f49bd18e98 h1:LCO0fg4kb6WwkXQXRQQgUYsFeFb5taTX5WAx5O/Vt28= +google.golang.org/genproto v0.0.0-20200806141610-86f49bd18e98/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= @@ -880,6 +882,8 @@ google.golang.org/protobuf v1.23.0 h1:4MY060fB1DLGMB/7MBTLnwQUY6+F09GEiz6SsrNqyz google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc h1:TnonUr8u3himcMY0vSh23jFOXA+cnucl1gB6EQTReBI= google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.24.0 h1:UhZDfRO8JRQru4/+LlLE0BRKGF8L+PICnvYZmx/fEGA= +google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= From 65a09524c3926547ed0b8515da211173df4fe379 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Fri, 7 Aug 2020 12:12:29 -0600 Subject: [PATCH 0158/1498] caddyhttp: Add TLS client cert info to logs (#3640) --- modules/caddyhttp/marshalers.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/modules/caddyhttp/marshalers.go b/modules/caddyhttp/marshalers.go index 7f959238..9e8bb9ff 100644 --- a/modules/caddyhttp/marshalers.go +++ b/modules/caddyhttp/marshalers.go @@ -73,10 +73,14 @@ type LoggableTLSConnState tls.ConnectionState func (t LoggableTLSConnState) MarshalLogObject(enc zapcore.ObjectEncoder) error { enc.AddBool("resumed", t.DidResume) enc.AddUint16("version", t.Version) - enc.AddUint16("ciphersuite", t.CipherSuite) + enc.AddUint16("cipher_suite", t.CipherSuite) enc.AddString("proto", t.NegotiatedProtocol) enc.AddBool("proto_mutual", t.NegotiatedProtocolIsMutual) enc.AddString("server_name", t.ServerName) + if len(t.PeerCertificates) > 0 { + enc.AddString("client_common_name", t.PeerCertificates[0].Subject.CommonName) + enc.AddString("client_serial", t.PeerCertificates[0].SerialNumber.String()) + } return nil } From e2f913bb7f813ac2f79cd3644066eff3815accd4 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 7 Aug 2020 18:02:24 -0600 Subject: [PATCH 0159/1498] reverseproxy: Minor fixes and cleanup Now use context cancellation to stop active health checker, which is simpler than and just as effective as using a separate stop channel. --- .../caddyhttp/reverseproxy/healthchecks.go | 11 +-- modules/caddyhttp/reverseproxy/hosts.go | 2 +- .../caddyhttp/reverseproxy/reverseproxy.go | 85 ++++++++++--------- 3 files changed, 50 insertions(+), 48 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/healthchecks.go b/modules/caddyhttp/reverseproxy/healthchecks.go index ee56f33f..79f18fcd 100644 --- a/modules/caddyhttp/reverseproxy/healthchecks.go +++ b/modules/caddyhttp/reverseproxy/healthchecks.go @@ -78,7 +78,6 @@ type ActiveHealthChecks struct { // body of a healthy backend. ExpectBody string `json:"expect_body,omitempty"` - stopChan chan struct{} httpClient *http.Client bodyRegexp *regexp.Regexp logger *zap.Logger @@ -137,8 +136,7 @@ func (h *Handler) activeHealthChecker() { select { case <-ticker.C: h.doActiveHealthCheckForAllHosts() - case <-h.HealthChecks.Active.stopChan: - // TODO: consider using a Context for cancellation instead + case <-h.ctx.Done(): ticker.Stop() return } @@ -341,8 +339,8 @@ func (h *Handler) countFailure(upstream *Upstream) { if err != nil { h.HealthChecks.Passive.logger.Error("could not count failure", zap.String("host", upstream.Dial), - zap.Error(err), - ) + zap.Error(err)) + return } // forget it later @@ -357,8 +355,7 @@ func (h *Handler) countFailure(upstream *Upstream) { if err != nil { h.HealthChecks.Passive.logger.Error("could not forget failure", zap.String("host", upstream.Dial), - zap.Error(err), - ) + zap.Error(err)) } }(upstream.Host, failDuration) } diff --git a/modules/caddyhttp/reverseproxy/hosts.go b/modules/caddyhttp/reverseproxy/hosts.go index 23759d15..5870b75f 100644 --- a/modules/caddyhttp/reverseproxy/hosts.go +++ b/modules/caddyhttp/reverseproxy/hosts.go @@ -177,7 +177,7 @@ func (u *Upstream) fillDialInfo(r *http.Request) (DialInfo, error) { // of the state of a remote host. It implements the // Host interface. type upstreamHost struct { - numRequests int64 // must be first field to be 64-bit aligned on 32-bit systems (see https://golang.org/pkg/sync/atomic/#pkg-note-BUG) + numRequests int64 // must be 64-bit aligned on 32-bit systems (see https://golang.org/pkg/sync/atomic/#pkg-note-BUG) fails int64 unhealthy int32 } diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 7fdf55a7..d1aa49a7 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -112,6 +112,7 @@ type Handler struct { Transport http.RoundTripper `json:"-"` CB CircuitBreaker `json:"-"` + ctx caddy.Context logger *zap.Logger } @@ -125,6 +126,7 @@ func (Handler) CaddyModule() caddy.ModuleInfo { // Provision ensures that h is set up properly before use. func (h *Handler) Provision(ctx caddy.Context) error { + h.ctx = ctx h.logger = ctx.Logger(h) // start by loading modules @@ -235,36 +237,43 @@ func (h *Handler) Provision(ctx caddy.Context) error { } } - // if active health checks are enabled, configure them and start a worker - if h.HealthChecks != nil && - h.HealthChecks.Active != nil && - (h.HealthChecks.Active.Path != "" || h.HealthChecks.Active.Port != 0) { - h.HealthChecks.Active.logger = h.logger.Named("health_checker.active") - - timeout := time.Duration(h.HealthChecks.Active.Timeout) - if timeout == 0 { - timeout = 5 * time.Second - } - - h.HealthChecks.Active.stopChan = make(chan struct{}) - h.HealthChecks.Active.httpClient = &http.Client{ - Timeout: timeout, - Transport: h.Transport, - } - - if h.HealthChecks.Active.Interval == 0 { - h.HealthChecks.Active.Interval = caddy.Duration(30 * time.Second) - } - - if h.HealthChecks.Active.ExpectBody != "" { - var err error - h.HealthChecks.Active.bodyRegexp, err = regexp.Compile(h.HealthChecks.Active.ExpectBody) - if err != nil { - return fmt.Errorf("expect_body: compiling regular expression: %v", err) + if h.HealthChecks != nil { + // set defaults on passive health checks, if necessary + if h.HealthChecks.Passive != nil { + if h.HealthChecks.Passive.FailDuration > 0 && h.HealthChecks.Passive.MaxFails == 0 { + h.HealthChecks.Passive.MaxFails = 1 } } - go h.activeHealthChecker() + // if active health checks are enabled, configure them and start a worker + if h.HealthChecks.Active != nil && + (h.HealthChecks.Active.Path != "" || h.HealthChecks.Active.Port != 0) { + h.HealthChecks.Active.logger = h.logger.Named("health_checker.active") + + timeout := time.Duration(h.HealthChecks.Active.Timeout) + if timeout == 0 { + timeout = 5 * time.Second + } + + h.HealthChecks.Active.httpClient = &http.Client{ + Timeout: timeout, + Transport: h.Transport, + } + + if h.HealthChecks.Active.Interval == 0 { + h.HealthChecks.Active.Interval = caddy.Duration(30 * time.Second) + } + + if h.HealthChecks.Active.ExpectBody != "" { + var err error + h.HealthChecks.Active.bodyRegexp, err = regexp.Compile(h.HealthChecks.Active.ExpectBody) + if err != nil { + return fmt.Errorf("expect_body: compiling regular expression: %v", err) + } + } + + go h.activeHealthChecker() + } } // set up any response routes @@ -280,14 +289,6 @@ func (h *Handler) Provision(ctx caddy.Context) error { // Cleanup cleans up the resources made by h during provisioning. func (h *Handler) Cleanup() error { - // stop the active health checker - if h.HealthChecks != nil && - h.HealthChecks.Active != nil && - h.HealthChecks.Active.stopChan != nil { - // TODO: consider using context cancellation, could be much simpler - close(h.HealthChecks.Active.stopChan) - } - // TODO: Close keepalive connections on reload? https://github.com/caddyserver/caddy/pull/2507/files#diff-70219fd88fe3f36834f474ce6537ed26R762 // remove hosts from our config from the pool @@ -351,7 +352,7 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyht if proxyErr == nil { proxyErr = fmt.Errorf("no upstreams available") } - if !h.LoadBalancing.tryAgain(start, proxyErr, r) { + if !h.LoadBalancing.tryAgain(h.ctx, start, proxyErr, r) { break } continue @@ -410,7 +411,7 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyht h.countFailure(upstream) // if we've tried long enough, break - if !h.LoadBalancing.tryAgain(start, proxyErr, r) { + if !h.LoadBalancing.tryAgain(h.ctx, start, proxyErr, r) { break } } @@ -661,7 +662,7 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, di Dia // long enough before the next retry (i.e. no more sleeping is // needed). If false is returned, the handler should stop trying to // proxy the request. -func (lb LoadBalancing) tryAgain(start time.Time, proxyErr error, req *http.Request) bool { +func (lb LoadBalancing) tryAgain(ctx caddy.Context, start time.Time, proxyErr error, req *http.Request) bool { // if we've tried long enough, break if time.Since(start) >= time.Duration(lb.TryDuration) { return false @@ -687,8 +688,12 @@ func (lb LoadBalancing) tryAgain(start time.Time, proxyErr error, req *http.Requ } // otherwise, wait and try the next available host - time.Sleep(time.Duration(lb.TryInterval)) - return true + select { + case <-time.After(time.Duration(lb.TryInterval)): + return true + case <-ctx.Done(): + return false + } } // directRequest modifies only req.URL so that it points to the upstream From c42bfaf31ed9d0e25078076a2bcda15bf8a1d1d7 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Sat, 8 Aug 2020 08:42:01 -0600 Subject: [PATCH 0160/1498] go.mod: Bump CertMagic --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 2e141e0a..30406919 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/Masterminds/sprig/v3 v3.1.0 github.com/alecthomas/chroma v0.8.0 github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a - github.com/caddyserver/certmagic v0.11.3-0.20200730200704-7d9dfc3fe638 + github.com/caddyserver/certmagic v0.11.3-0.20200808143826-2e100d6d0bcf github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-chi/chi v4.1.2+incompatible github.com/google/cel-go v0.5.1 diff --git a/go.sum b/go.sum index cff5f175..ecb755de 100644 --- a/go.sum +++ b/go.sum @@ -86,8 +86,8 @@ github.com/bombsimon/wsl/v2 v2.0.0/go.mod h1:mf25kr/SqFEPhhcxW1+7pxzGlW+hIl/hYTK github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= -github.com/caddyserver/certmagic v0.11.3-0.20200730200704-7d9dfc3fe638 h1:yG2XwuzF6kQni6HscKZRj6Qr6mrpXsRTUzl0m+zH6o0= -github.com/caddyserver/certmagic v0.11.3-0.20200730200704-7d9dfc3fe638/go.mod h1:z0loWzjr6Sr8rOG2pdsiwajDpAcck2wfF8E7hTV0qT4= +github.com/caddyserver/certmagic v0.11.3-0.20200808143826-2e100d6d0bcf h1:Srcj7CdiavYImKMLDj8sSJKS3htwwwJB3bjPRTXh+P0= +github.com/caddyserver/certmagic v0.11.3-0.20200808143826-2e100d6d0bcf/go.mod h1:z0loWzjr6Sr8rOG2pdsiwajDpAcck2wfF8E7hTV0qT4= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= From 66863aad3beb480a26664c77b73eb2ff7fcab754 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Tue, 11 Aug 2020 08:58:06 -0600 Subject: [PATCH 0161/1498] caddytls: Add support for ZeroSSL; add Caddyfile support for issuers (#3633) * caddytls: Add support for ZeroSSL; add Caddyfile support for issuers Configuring issuers explicitly in a Caddyfile is not easily compatible with existing ACME-specific parameters such as email or acme_ca which infer the kind of issuer it creates (this is complicated now because the ZeroSSL issuer wraps the ACME issuer)... oh well, we can revisit that later if we need to. New Caddyfile global option: { cert_issuer ... } Or, alternatively, as a tls subdirective: tls { issuer ... } For example, to use ZeroSSL with an API key: { cert_issuser zerossl API_KEY } For now, that still uses ZeroSSL's ACME endpoint; it fetches EAB credentials for you. You can also provide the EAB credentials directly just like any other ACME endpoint: { cert_issuer acme { eab KEY_ID MAC_KEY } } All these examples use the new global option (or tls subdirective). You can still use traditional/existing options with ZeroSSL, since it's just another ACME endpoint: { acme_ca https://acme.zerossl.com/v2/DV90 acme_eab KEY_ID MAC_KEY } That's all there is to it. You just can't mix-and-match acme_* options with cert_issuer, because it becomes confusing/ambiguous/complicated to merge the settings. * Fix broken test This test was asserting buggy behavior, oops - glad this branch both discovers and fixes the bug at the same time! * Fix broken test (post-merge) * Update modules/caddytls/acmeissuer.go Fix godoc comment Co-authored-by: Francis Lavoie * Add support for ZeroSSL's EAB-by-email endpoint Also transform the ACMEIssuer into ZeroSSLIssuer implicitly if set to the ZeroSSL endpoint without EAB (the ZeroSSLIssuer is needed to generate EAB if not already provided); this is now possible with either an API key or an email address. * go.mod: Use latest certmagic, acmez, and x/net * Wrap underlying logic rather than repeating it Oops, duh * Form-encode email info into request body for EAB endpoint Co-authored-by: Francis Lavoie --- caddyconfig/httpcaddyfile/builtins.go | 52 +++- caddyconfig/httpcaddyfile/options.go | 29 +++ caddyconfig/httpcaddyfile/tlsapp.go | 40 ++- .../caddyfile_adapt/global_options.txt | 3 +- .../caddyfile_adapt/global_options_admin.txt | 3 +- go.mod | 4 +- go.sum | 8 +- modules/caddyhttp/autohttps.go | 16 +- modules/caddytls/acmeissuer.go | 221 ++++++++++++---- modules/caddytls/internalissuer.go | 57 +++-- modules/caddytls/tls.go | 6 +- modules/caddytls/zerosslissuer.go | 236 ++++++++++++++++++ 12 files changed, 579 insertions(+), 96 deletions(-) create mode 100644 modules/caddytls/zerosslissuer.go diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index 520796d9..e8fbf235 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -29,6 +29,7 @@ import ( "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" "github.com/caddyserver/caddy/v2/modules/caddyhttp" "github.com/caddyserver/caddy/v2/modules/caddytls" + "github.com/caddyserver/certmagic" "github.com/mholt/acmez/acme" "go.uber.org/zap/zapcore" ) @@ -76,6 +77,7 @@ func parseBind(h Helper) ([]ConfigValue, error) { // ca_root // dns // on_demand +// issuer ... // } // func parseTLS(h Helper) ([]ConfigValue, error) { @@ -85,6 +87,7 @@ func parseTLS(h Helper) ([]ConfigValue, error) { var certSelector caddytls.CustomCertSelectionPolicy var acmeIssuer *caddytls.ACMEIssuer var internalIssuer *caddytls.InternalIssuer + var issuer certmagic.Issuer var onDemand bool for h.Next() { @@ -276,6 +279,28 @@ func parseTLS(h Helper) ([]ConfigValue, error) { MACKey: arg[1], } + case "issuer": + if !h.NextArg() { + return nil, h.ArgErr() + } + modName := h.Val() + mod, err := caddy.GetModule("tls.issuance." + modName) + if err != nil { + return nil, h.Errf("getting issuer module '%s': %v", modName, err) + } + unm, ok := mod.New().(caddyfile.Unmarshaler) + if !ok { + return nil, h.Errf("issuer module '%s' is not a Caddyfile unmarshaler", mod.ID) + } + err = unm.UnmarshalCaddyfile(h.NewFromNextSegment()) + if err != nil { + return nil, err + } + issuer, ok = unm.(certmagic.Issuer) + if !ok { + return nil, h.Errf("module %s is not a certmagic.Issuer", mod.ID) + } + case "dns": if !h.NextArg() { return nil, h.ArgErr() @@ -350,7 +375,24 @@ func parseTLS(h Helper) ([]ConfigValue, error) { // the logic to support this would be complex return nil, h.Err("cannot use both ACME and internal issuers in same server block") } - if acmeIssuer != nil { + if issuer != nil && (acmeIssuer != nil || internalIssuer != nil) { + // similarly, the logic to support this would be complex + return nil, h.Err("when defining an issuer, all its config must be in its block, rather than from separate tls subdirectives") + } + switch { + case issuer != nil: + configVals = append(configVals, ConfigValue{ + Class: "tls.cert_issuer", + Value: issuer, + }) + + case internalIssuer != nil: + configVals = append(configVals, ConfigValue{ + Class: "tls.cert_issuer", + Value: internalIssuer, + }) + + case acmeIssuer != nil: // fill in global defaults, if configured if email := h.Option("email"); email != nil && acmeIssuer.Email == "" { acmeIssuer.Email = email.(string) @@ -361,15 +403,9 @@ func parseTLS(h Helper) ([]ConfigValue, error) { if caPemFile := h.Option("acme_ca_root"); caPemFile != nil { acmeIssuer.TrustedRootsPEMFiles = append(acmeIssuer.TrustedRootsPEMFiles, caPemFile.(string)) } - configVals = append(configVals, ConfigValue{ Class: "tls.cert_issuer", - Value: acmeIssuer, - }) - } else if internalIssuer != nil { - configVals = append(configVals, ConfigValue{ - Class: "tls.cert_issuer", - Value: internalIssuer, + Value: disambiguateACMEIssuer(acmeIssuer), }) } diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go index 613bbc60..7d34805c 100644 --- a/caddyconfig/httpcaddyfile/options.go +++ b/caddyconfig/httpcaddyfile/options.go @@ -20,6 +20,7 @@ import ( "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" "github.com/caddyserver/caddy/v2/modules/caddytls" + "github.com/caddyserver/certmagic" "github.com/mholt/acmez/acme" ) @@ -35,6 +36,7 @@ func init() { RegisterGlobalOption("acme_ca_root", parseOptSingleString) RegisterGlobalOption("acme_dns", parseOptSingleString) RegisterGlobalOption("acme_eab", parseOptACMEEAB) + RegisterGlobalOption("cert_issuer", parseOptCertIssuer) RegisterGlobalOption("email", parseOptSingleString) RegisterGlobalOption("admin", parseOptAdmin) RegisterGlobalOption("on_demand_tls", parseOptOnDemand) @@ -210,6 +212,33 @@ func parseOptACMEEAB(d *caddyfile.Dispenser) (interface{}, error) { return eab, nil } +func parseOptCertIssuer(d *caddyfile.Dispenser) (interface{}, error) { + if !d.Next() { // consume option name + return nil, d.ArgErr() + } + if !d.Next() { // get issuer module name + return nil, d.ArgErr() + } + modName := d.Val() + mod, err := caddy.GetModule("tls.issuance." + modName) + if err != nil { + return nil, d.Errf("getting issuer module '%s': %v", modName, err) + } + unm, ok := mod.New().(caddyfile.Unmarshaler) + if !ok { + return nil, d.Errf("issuer module '%s' is not a Caddyfile unmarshaler", mod.ID) + } + err = unm.UnmarshalCaddyfile(d.NewFromNextSegment()) + if err != nil { + return nil, err + } + iss, ok := unm.(certmagic.Issuer) + if !ok { + return nil, d.Errf("module %s is not a certmagic.Issuer", mod.ID) + } + return iss, nil +} + func parseOptSingleString(d *caddyfile.Dispenser) (interface{}, error) { d.Next() // consume parameter name if !d.Next() { diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index db6bf98c..a721fee3 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -21,6 +21,7 @@ import ( "reflect" "sort" "strconv" + "strings" "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/caddyconfig" @@ -135,8 +136,11 @@ func (st ServerType) buildTLSApp( // issuer, skip, since we intend to adjust only ACME issuers var acmeIssuer *caddytls.ACMEIssuer if ap.Issuer != nil { - var ok bool - if acmeIssuer, ok = ap.Issuer.(*caddytls.ACMEIssuer); !ok { + // ensure we include any issuer that embeds/wraps an underlying ACME issuer + type acmeCapable interface{ GetACMEIssuer() *caddytls.ACMEIssuer } + if acmeWrapper, ok := ap.Issuer.(acmeCapable); ok { + acmeIssuer = acmeWrapper.GetACMEIssuer() + } else { break } } @@ -348,6 +352,8 @@ func (st ServerType) buildTLSApp( // returned if there are no default/global options. However, if always is // true, a non-nil value will always be returned (unless there is an error). func newBaseAutomationPolicy(options map[string]interface{}, warnings []caddyconfig.Warning, always bool) (*caddytls.AutomationPolicy, error) { + issuer, hasIssuer := options["cert_issuer"] + acmeCA, hasACMECA := options["acme_ca"] acmeCARoot, hasACMECARoot := options["acme_ca_root"] acmeDNS, hasACMEDNS := options["acme_dns"] @@ -357,7 +363,7 @@ func newBaseAutomationPolicy(options map[string]interface{}, warnings []caddycon localCerts, hasLocalCerts := options["local_certs"] keyType, hasKeyType := options["key_type"] - hasGlobalAutomationOpts := hasACMECA || hasACMECARoot || hasACMEDNS || hasACMEEAB || hasEmail || hasLocalCerts || hasKeyType + hasGlobalAutomationOpts := hasIssuer || hasACMECA || hasACMECARoot || hasACMEDNS || hasACMEEAB || hasEmail || hasLocalCerts || hasKeyType // if there are no global options related to automation policies // set, then we can just return right away @@ -369,8 +375,16 @@ func newBaseAutomationPolicy(options map[string]interface{}, warnings []caddycon } ap := new(caddytls.AutomationPolicy) + if keyType != nil { + ap.KeyType = keyType.(string) + } - if localCerts != nil { + if hasIssuer { + if hasACMECA || hasACMEDNS || hasACMEEAB || hasEmail || hasLocalCerts { + return nil, fmt.Errorf("global options are ambiguous: cert_issuer is confusing when combined with acme_*, email, or local_certs options") + } + ap.Issuer = issuer.(certmagic.Issuer) + } else if localCerts != nil { // internal issuer enabled trumps any ACME configurations; useful in testing ap.Issuer = new(caddytls.InternalIssuer) // we'll encode it later } else { @@ -402,15 +416,25 @@ func newBaseAutomationPolicy(options map[string]interface{}, warnings []caddycon if acmeEAB != nil { mgr.ExternalAccount = acmeEAB.(*acme.EAB) } - if keyType != nil { - ap.KeyType = keyType.(string) - } - ap.Issuer = mgr // we'll encode it later + ap.Issuer = disambiguateACMEIssuer(mgr) // we'll encode it later } return ap, nil } +// disambiguateACMEIssuer returns an issuer based on the properties of acmeIssuer. +// If acmeIssuer implicitly configures a certain kind of ACMEIssuer (for example, +// ZeroSSL), the proper wrapper over acmeIssuer will be returned instead. +func disambiguateACMEIssuer(acmeIssuer *caddytls.ACMEIssuer) certmagic.Issuer { + // as a special case, we integrate with ZeroSSL's ACME endpoint if it looks like an + // implicit ZeroSSL configuration (this requires a wrapper type over ACMEIssuer + // because of the EAB generation; if EAB is provided, we can use plain ACMEIssuer) + if strings.Contains(acmeIssuer.CA, "acme.zerossl.com") && acmeIssuer.ExternalAccount == nil { + return &caddytls.ZeroSSLIssuer{ACMEIssuer: acmeIssuer} + } + return acmeIssuer +} + // consolidateAutomationPolicies combines automation policies that are the same, // for a cleaner overall output. func consolidateAutomationPolicies(aps []*caddytls.AutomationPolicy) []*caddytls.AutomationPolicy { diff --git a/caddytest/integration/caddyfile_adapt/global_options.txt b/caddytest/integration/caddyfile_adapt/global_options.txt index 7e850a39..65628247 100644 --- a/caddytest/integration/caddyfile_adapt/global_options.txt +++ b/caddytest/integration/caddyfile_adapt/global_options.txt @@ -56,7 +56,8 @@ { "issuer": { "module": "internal" - } + }, + "key_type": "ed25519" } ], "on_demand": { diff --git a/caddytest/integration/caddyfile_adapt/global_options_admin.txt b/caddytest/integration/caddyfile_adapt/global_options_admin.txt index 14bee216..9d0fb270 100644 --- a/caddytest/integration/caddyfile_adapt/global_options_admin.txt +++ b/caddytest/integration/caddyfile_adapt/global_options_admin.txt @@ -64,7 +64,8 @@ { "issuer": { "module": "internal" - } + }, + "key_type": "ed25519" } ], "on_demand": { diff --git a/go.mod b/go.mod index 30406919..931c5ad1 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/Masterminds/sprig/v3 v3.1.0 github.com/alecthomas/chroma v0.8.0 github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a - github.com/caddyserver/certmagic v0.11.3-0.20200808143826-2e100d6d0bcf + github.com/caddyserver/certmagic v0.11.3-0.20200810220624-10a8b5c72339 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-chi/chi v4.1.2+incompatible github.com/google/cel-go v0.5.1 @@ -14,7 +14,7 @@ require ( github.com/klauspost/compress v1.10.10 github.com/klauspost/cpuid v1.2.5 github.com/lucas-clemente/quic-go v0.17.3 - github.com/mholt/acmez v0.1.0 + github.com/mholt/acmez v0.1.1-0.20200810215816-dbe88fc6cf09 github.com/naoina/go-stringutil v0.1.0 // indirect github.com/naoina/toml v0.1.1 github.com/smallstep/certificates v0.14.6 diff --git a/go.sum b/go.sum index ecb755de..3fefecf9 100644 --- a/go.sum +++ b/go.sum @@ -86,8 +86,8 @@ github.com/bombsimon/wsl/v2 v2.0.0/go.mod h1:mf25kr/SqFEPhhcxW1+7pxzGlW+hIl/hYTK github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= -github.com/caddyserver/certmagic v0.11.3-0.20200808143826-2e100d6d0bcf h1:Srcj7CdiavYImKMLDj8sSJKS3htwwwJB3bjPRTXh+P0= -github.com/caddyserver/certmagic v0.11.3-0.20200808143826-2e100d6d0bcf/go.mod h1:z0loWzjr6Sr8rOG2pdsiwajDpAcck2wfF8E7hTV0qT4= +github.com/caddyserver/certmagic v0.11.3-0.20200810220624-10a8b5c72339 h1:wTD+Y63XoBtiTJhe/Xn7WLrwKenmjkt2WxH3FP+Y0DM= +github.com/caddyserver/certmagic v0.11.3-0.20200810220624-10a8b5c72339/go.mod h1:mqOzOvKa7UcC+TWbBLcP0ZLRut/xaaQBw0hRGWHBIkY= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= @@ -384,8 +384,8 @@ github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m github.com/mattn/go-sqlite3 v1.10.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc= github.com/mattn/goveralls v0.0.2/go.mod h1:8d1ZMHsd7fW6IRPKQh46F2WRpyib5/X4FOpevwGNQEw= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/mholt/acmez v0.1.0 h1:LL7WQVCjZvwbo3pjAUdsqEao5kI8nyHubAGtCzrTS5g= -github.com/mholt/acmez v0.1.0/go.mod h1:rNLSzYu5VR6ggyarXDKDCNefo06cOkJn+VObTDJCk0U= +github.com/mholt/acmez v0.1.1-0.20200810215816-dbe88fc6cf09 h1:J7NVJ46iBFeWsUc5aeVv8QNO2mLhI6rJKIbpAsH7d7g= +github.com/mholt/acmez v0.1.1-0.20200810215816-dbe88fc6cf09/go.mod h1:8qnn8QA/Ewx8E3ZSsmscqsIjhhpxuy9vqdgbX2ceceM= github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4= github.com/miekg/dns v1.1.30 h1:Qww6FseFn8PRfw07jueqIXqodm0JKiiKuK0DeXSqfyo= github.com/miekg/dns v1.1.30/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM= diff --git a/modules/caddyhttp/autohttps.go b/modules/caddyhttp/autohttps.go index 97cbed3a..07809811 100644 --- a/modules/caddyhttp/autohttps.go +++ b/modules/caddyhttp/autohttps.go @@ -451,8 +451,8 @@ func (app *App) createAutomationPolicies(ctx caddy.Context, publicNames, interna if ap.Issuer == nil { ap.Issuer = new(caddytls.ACMEIssuer) } - if acmeIssuer, ok := ap.Issuer.(*caddytls.ACMEIssuer); ok { - err := app.fillInACMEIssuer(acmeIssuer) + if acmeIssuer, ok := ap.Issuer.(acmeCapable); ok { + err := app.fillInACMEIssuer(acmeIssuer.GetACMEIssuer()) if err != nil { return err } @@ -470,9 +470,13 @@ func (app *App) createAutomationPolicies(ctx caddy.Context, publicNames, interna basePolicy = new(caddytls.AutomationPolicy) } - // if the basePolicy has an existing ACMEIssuer, let's - // use it, otherwise we'll make one - baseACMEIssuer, _ := basePolicy.Issuer.(*caddytls.ACMEIssuer) + // if the basePolicy has an existing ACMEIssuer (particularly to + // include any type that embeds/wraps an ACMEIssuer), let's use it, + // otherwise we'll make one + var baseACMEIssuer *caddytls.ACMEIssuer + if acmeWrapper, ok := basePolicy.Issuer.(acmeCapable); ok { + baseACMEIssuer = acmeWrapper.GetACMEIssuer() + } if baseACMEIssuer == nil { // note that this happens if basePolicy.Issuer is nil // OR if it is not nil but is not an ACMEIssuer @@ -630,3 +634,5 @@ func (app *App) automaticHTTPSPhase2() error { app.allCertDomains = nil // no longer needed; allow GC to deallocate return nil } + +type acmeCapable interface{ GetACMEIssuer() *caddytls.ACMEIssuer } diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go index 8fe308d6..963143bb 100644 --- a/modules/caddytls/acmeissuer.go +++ b/modules/caddytls/acmeissuer.go @@ -20,9 +20,11 @@ import ( "fmt" "io/ioutil" "net/url" + "strconv" "time" "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" "github.com/caddyserver/certmagic" "github.com/mholt/acmez" "github.com/mholt/acmez/acme" @@ -85,13 +87,13 @@ func (ACMEIssuer) CaddyModule() caddy.ModuleInfo { } } -// Provision sets up m. -func (m *ACMEIssuer) Provision(ctx caddy.Context) error { - m.logger = ctx.Logger(m) +// Provision sets up iss. +func (iss *ACMEIssuer) Provision(ctx caddy.Context) error { + iss.logger = ctx.Logger(iss) // DNS providers - if m.Challenges != nil && m.Challenges.DNS != nil && m.Challenges.DNS.ProviderRaw != nil { - val, err := ctx.LoadModule(m.Challenges.DNS, "ProviderRaw") + if iss.Challenges != nil && iss.Challenges.DNS != nil && iss.Challenges.DNS.ProviderRaw != nil { + val, err := ctx.LoadModule(iss.Challenges.DNS, "ProviderRaw") if err != nil { return fmt.Errorf("loading DNS provider module: %v", err) } @@ -104,32 +106,32 @@ func (m *ACMEIssuer) Provision(ctx caddy.Context) error { // acmez.Solver type, so we use it directly. The user must set environment // variables to configure it. Remove this shim once a sufficient number of // DNS providers are implemented for the libdns APIs instead. - m.Challenges.DNS.solver = deprecatedProvider + iss.Challenges.DNS.solver = deprecatedProvider } else { - m.Challenges.DNS.solver = &certmagic.DNS01Solver{ + iss.Challenges.DNS.solver = &certmagic.DNS01Solver{ DNSProvider: val.(certmagic.ACMEDNSProvider), - TTL: time.Duration(m.Challenges.DNS.TTL), - PropagationTimeout: time.Duration(m.Challenges.DNS.PropagationTimeout), + TTL: time.Duration(iss.Challenges.DNS.TTL), + PropagationTimeout: time.Duration(iss.Challenges.DNS.PropagationTimeout), } } } // add any custom CAs to trust store - if len(m.TrustedRootsPEMFiles) > 0 { - m.rootPool = x509.NewCertPool() - for _, pemFile := range m.TrustedRootsPEMFiles { + if len(iss.TrustedRootsPEMFiles) > 0 { + iss.rootPool = x509.NewCertPool() + for _, pemFile := range iss.TrustedRootsPEMFiles { pemData, err := ioutil.ReadFile(pemFile) if err != nil { return fmt.Errorf("loading trusted root CA's PEM file: %s: %v", pemFile, err) } - if !m.rootPool.AppendCertsFromPEM(pemData) { + if !iss.rootPool.AppendCertsFromPEM(pemData) { return fmt.Errorf("unable to add %s to trust pool: %v", pemFile, err) } } } var err error - m.template, err = m.makeIssuerTemplate() + iss.template, err = iss.makeIssuerTemplate() if err != nil { return err } @@ -137,30 +139,30 @@ func (m *ACMEIssuer) Provision(ctx caddy.Context) error { return nil } -func (m *ACMEIssuer) makeIssuerTemplate() (certmagic.ACMEManager, error) { +func (iss *ACMEIssuer) makeIssuerTemplate() (certmagic.ACMEManager, error) { template := certmagic.ACMEManager{ - CA: m.CA, - TestCA: m.TestCA, - Email: m.Email, - CertObtainTimeout: time.Duration(m.ACMETimeout), - TrustedRoots: m.rootPool, - ExternalAccount: m.ExternalAccount, - Logger: m.logger, + CA: iss.CA, + TestCA: iss.TestCA, + Email: iss.Email, + CertObtainTimeout: time.Duration(iss.ACMETimeout), + TrustedRoots: iss.rootPool, + ExternalAccount: iss.ExternalAccount, + Logger: iss.logger, } - if m.Challenges != nil { - if m.Challenges.HTTP != nil { - template.DisableHTTPChallenge = m.Challenges.HTTP.Disabled - template.AltHTTPPort = m.Challenges.HTTP.AlternatePort + if iss.Challenges != nil { + if iss.Challenges.HTTP != nil { + template.DisableHTTPChallenge = iss.Challenges.HTTP.Disabled + template.AltHTTPPort = iss.Challenges.HTTP.AlternatePort } - if m.Challenges.TLSALPN != nil { - template.DisableTLSALPNChallenge = m.Challenges.TLSALPN.Disabled - template.AltTLSALPNPort = m.Challenges.TLSALPN.AlternatePort + if iss.Challenges.TLSALPN != nil { + template.DisableTLSALPNChallenge = iss.Challenges.TLSALPN.Disabled + template.AltTLSALPNPort = iss.Challenges.TLSALPN.AlternatePort } - if m.Challenges.DNS != nil { - template.DNS01Solver = m.Challenges.DNS.solver + if iss.Challenges.DNS != nil { + template.DNS01Solver = iss.Challenges.DNS.solver } - template.ListenHost = m.Challenges.BindHost + template.ListenHost = iss.Challenges.BindHost } return template, nil @@ -170,8 +172,8 @@ func (m *ACMEIssuer) makeIssuerTemplate() (certmagic.ACMEManager, error) { // This is required because ACME needs values from the config in // order to solve the challenges during issuance. This implements // the ConfigSetter interface. -func (m *ACMEIssuer) SetConfig(cfg *certmagic.Config) { - m.magic = cfg +func (iss *ACMEIssuer) SetConfig(cfg *certmagic.Config) { + iss.magic = cfg } // TODO: I kind of hate how each call to these methods needs to @@ -179,23 +181,147 @@ func (m *ACMEIssuer) SetConfig(cfg *certmagic.Config) { // we find the right place to do that just once and then re-use? // PreCheck implements the certmagic.PreChecker interface. -func (m *ACMEIssuer) PreCheck(ctx context.Context, names []string, interactive bool) error { - return certmagic.NewACMEManager(m.magic, m.template).PreCheck(ctx, names, interactive) +func (iss *ACMEIssuer) PreCheck(ctx context.Context, names []string, interactive bool) error { + return certmagic.NewACMEManager(iss.magic, iss.template).PreCheck(ctx, names, interactive) } // Issue obtains a certificate for the given csr. -func (m *ACMEIssuer) Issue(ctx context.Context, csr *x509.CertificateRequest) (*certmagic.IssuedCertificate, error) { - return certmagic.NewACMEManager(m.magic, m.template).Issue(ctx, csr) +func (iss *ACMEIssuer) Issue(ctx context.Context, csr *x509.CertificateRequest) (*certmagic.IssuedCertificate, error) { + return certmagic.NewACMEManager(iss.magic, iss.template).Issue(ctx, csr) } // IssuerKey returns the unique issuer key for the configured CA endpoint. -func (m *ACMEIssuer) IssuerKey() string { - return certmagic.NewACMEManager(m.magic, m.template).IssuerKey() +func (iss *ACMEIssuer) IssuerKey() string { + return certmagic.NewACMEManager(iss.magic, iss.template).IssuerKey() } // Revoke revokes the given certificate. -func (m *ACMEIssuer) Revoke(ctx context.Context, cert certmagic.CertificateResource, reason int) error { - return certmagic.NewACMEManager(m.magic, m.template).Revoke(ctx, cert, reason) +func (iss *ACMEIssuer) Revoke(ctx context.Context, cert certmagic.CertificateResource, reason int) error { + return certmagic.NewACMEManager(iss.magic, iss.template).Revoke(ctx, cert, reason) +} + +// GetACMEIssuer returns iss. This is useful when other types embed ACMEIssuer, because +// type-asserting them to *ACMEIssuer will fail, but type-asserting them to an interface +// with only this method will succeed, and will still allow the embedded ACMEIssuer +// to be accessed and manipulated. +func (iss *ACMEIssuer) GetACMEIssuer() *ACMEIssuer { return iss } + +// UnmarshalCaddyfile deserializes Caddyfile tokens into iss. +// +// ... acme { +// dir +// test_dir +// email +// timeout +// disable_http_challenge +// disable_tlsalpn_challenge +// alt_http_port +// alt_tlsalpn_port +// eab +// trusted_roots +// } +// +func (iss *ACMEIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + for d.Next() { + for nesting := d.Nesting(); d.NextBlock(nesting); { + switch d.Val() { + case "dir": + if !d.AllArgs(&iss.CA) { + return d.ArgErr() + } + + case "test_dir": + if !d.AllArgs(&iss.TestCA) { + return d.ArgErr() + } + + case "email": + if !d.AllArgs(&iss.Email) { + return d.ArgErr() + } + + case "timeout": + var timeoutStr string + if !d.AllArgs(&timeoutStr) { + return d.ArgErr() + } + timeout, err := caddy.ParseDuration(timeoutStr) + if err != nil { + return d.Errf("invalid timeout duration %s: %v", timeoutStr, err) + } + iss.ACMETimeout = caddy.Duration(timeout) + + case "disable_http_challenge": + if d.NextArg() { + return d.ArgErr() + } + if iss.Challenges == nil { + iss.Challenges = new(ChallengesConfig) + } + if iss.Challenges.HTTP == nil { + iss.Challenges.HTTP = new(HTTPChallengeConfig) + } + iss.Challenges.HTTP.Disabled = true + + case "disable_tlsalpn_challenge": + if d.NextArg() { + return d.ArgErr() + } + if iss.Challenges == nil { + iss.Challenges = new(ChallengesConfig) + } + if iss.Challenges.TLSALPN == nil { + iss.Challenges.TLSALPN = new(TLSALPNChallengeConfig) + } + iss.Challenges.TLSALPN.Disabled = true + + case "alt_http_port": + if !d.NextArg() { + return d.ArgErr() + } + port, err := strconv.Atoi(d.Val()) + if err != nil { + return d.Errf("invalid port %s: %v", d.Val(), err) + } + if iss.Challenges == nil { + iss.Challenges = new(ChallengesConfig) + } + if iss.Challenges.HTTP == nil { + iss.Challenges.HTTP = new(HTTPChallengeConfig) + } + iss.Challenges.HTTP.AlternatePort = port + + case "alt_tlsalpn_port": + if !d.NextArg() { + return d.ArgErr() + } + port, err := strconv.Atoi(d.Val()) + if err != nil { + return d.Errf("invalid port %s: %v", d.Val(), err) + } + if iss.Challenges == nil { + iss.Challenges = new(ChallengesConfig) + } + if iss.Challenges.TLSALPN == nil { + iss.Challenges.TLSALPN = new(TLSALPNChallengeConfig) + } + iss.Challenges.TLSALPN.AlternatePort = port + + case "eab": + iss.ExternalAccount = new(acme.EAB) + if !d.AllArgs(&iss.ExternalAccount.KeyID, &iss.ExternalAccount.MACKey) { + return d.ArgErr() + } + + case "trusted_roots": + iss.TrustedRootsPEMFiles = d.RemainingArgs() + + default: + return d.Errf("unrecognized ACME issuer property: %s", d.Val()) + } + } + } + return nil } // onDemandAskRequest makes a request to the ask URL @@ -228,9 +354,10 @@ func onDemandAskRequest(ask string, name string) error { // Interface guards var ( - _ certmagic.PreChecker = (*ACMEIssuer)(nil) - _ certmagic.Issuer = (*ACMEIssuer)(nil) - _ certmagic.Revoker = (*ACMEIssuer)(nil) - _ caddy.Provisioner = (*ACMEIssuer)(nil) - _ ConfigSetter = (*ACMEIssuer)(nil) + _ certmagic.PreChecker = (*ACMEIssuer)(nil) + _ certmagic.Issuer = (*ACMEIssuer)(nil) + _ certmagic.Revoker = (*ACMEIssuer)(nil) + _ caddy.Provisioner = (*ACMEIssuer)(nil) + _ ConfigSetter = (*ACMEIssuer)(nil) + _ caddyfile.Unmarshaler = (*ACMEIssuer)(nil) ) diff --git a/modules/caddytls/internalissuer.go b/modules/caddytls/internalissuer.go index ca43bf8f..d70b8ca2 100644 --- a/modules/caddytls/internalissuer.go +++ b/modules/caddytls/internalissuer.go @@ -23,6 +23,7 @@ import ( "time" "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" "github.com/caddyserver/caddy/v2/modules/caddypki" "github.com/caddyserver/certmagic" "github.com/smallstep/certificates/authority/provisioner" @@ -63,25 +64,25 @@ func (InternalIssuer) CaddyModule() caddy.ModuleInfo { } // Provision sets up the issuer. -func (li *InternalIssuer) Provision(ctx caddy.Context) error { +func (iss *InternalIssuer) Provision(ctx caddy.Context) error { // get a reference to the configured CA appModule, err := ctx.App("pki") if err != nil { return err } pkiApp := appModule.(*caddypki.PKI) - if li.CA == "" { - li.CA = caddypki.DefaultCAID + if iss.CA == "" { + iss.CA = caddypki.DefaultCAID } - ca, ok := pkiApp.CAs[li.CA] + ca, ok := pkiApp.CAs[iss.CA] if !ok { - return fmt.Errorf("no certificate authority configured with id: %s", li.CA) + return fmt.Errorf("no certificate authority configured with id: %s", iss.CA) } - li.ca = ca + iss.ca = ca // set any other default values - if li.Lifetime == 0 { - li.Lifetime = caddy.Duration(defaultInternalCertLifetime) + if iss.Lifetime == 0 { + iss.Lifetime = caddy.Duration(defaultInternalCertLifetime) } return nil @@ -89,38 +90,38 @@ func (li *InternalIssuer) Provision(ctx caddy.Context) error { // IssuerKey returns the unique issuer key for the // confgured CA endpoint. -func (li InternalIssuer) IssuerKey() string { - return li.ca.ID() +func (iss InternalIssuer) IssuerKey() string { + return iss.ca.ID() } // Issue issues a certificate to satisfy the CSR. -func (li InternalIssuer) Issue(ctx context.Context, csr *x509.CertificateRequest) (*certmagic.IssuedCertificate, error) { +func (iss InternalIssuer) Issue(ctx context.Context, csr *x509.CertificateRequest) (*certmagic.IssuedCertificate, error) { // prepare the signing authority authCfg := caddypki.AuthorityConfig{ - SignWithRoot: li.SignWithRoot, + SignWithRoot: iss.SignWithRoot, } - auth, err := li.ca.NewAuthority(authCfg) + auth, err := iss.ca.NewAuthority(authCfg) if err != nil { return nil, err } // get the cert (public key) that will be used for signing var issuerCert *x509.Certificate - if li.SignWithRoot { - issuerCert = li.ca.RootCertificate() + if iss.SignWithRoot { + issuerCert = iss.ca.RootCertificate() } else { - issuerCert = li.ca.IntermediateCertificate() + issuerCert = iss.ca.IntermediateCertificate() } // ensure issued certificate does not expire later than its issuer - lifetime := time.Duration(li.Lifetime) + lifetime := time.Duration(iss.Lifetime) if time.Now().Add(lifetime).After(issuerCert.NotAfter) { // TODO: log this lifetime = issuerCert.NotAfter.Sub(time.Now()) } certChain, err := auth.Sign(csr, provisioner.Options{}, - profileDefaultDuration(li.Lifetime), + profileDefaultDuration(iss.Lifetime), ) if err != nil { return nil, err @@ -139,6 +140,26 @@ func (li InternalIssuer) Issue(ctx context.Context, csr *x509.CertificateRequest }, nil } +// UnmarshalCaddyfile deserializes Caddyfile tokens into iss. +// +// ... internal { +// ca +// } +// +func (iss *InternalIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + for d.Next() { + for d.NextBlock(0) { + switch d.Val() { + case "ca": + if !d.AllArgs(&iss.CA) { + return d.ArgErr() + } + } + } + } + return nil +} + // profileDefaultDuration is a wrapper against x509util.WithOption to conform // the SignOption interface. // diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go index 81780266..6a635d47 100644 --- a/modules/caddytls/tls.go +++ b/modules/caddytls/tls.go @@ -313,8 +313,10 @@ func (t *TLS) HandleHTTPChallenge(w http.ResponseWriter, r *http.Request) bool { if ap.magic.Issuer == nil { return false } - if am, ok := ap.magic.Issuer.(*ACMEIssuer); ok { - return certmagic.NewACMEManager(am.magic, am.template).HandleHTTPChallenge(w, r) + type acmeCapable interface{ GetACMEIssuer() *ACMEIssuer } + if am, ok := ap.magic.Issuer.(acmeCapable); ok { + iss := am.GetACMEIssuer() + return certmagic.NewACMEManager(iss.magic, iss.template).HandleHTTPChallenge(w, r) } return false } diff --git a/modules/caddytls/zerosslissuer.go b/modules/caddytls/zerosslissuer.go new file mode 100644 index 00000000..d0f49502 --- /dev/null +++ b/modules/caddytls/zerosslissuer.go @@ -0,0 +1,236 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package caddytls + +import ( + "context" + "crypto/x509" + "encoding/json" + "fmt" + "io" + "net/http" + "net/url" + "strings" + "sync" + + "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" + "github.com/caddyserver/certmagic" + "github.com/mholt/acmez/acme" + "go.uber.org/zap" +) + +func init() { + caddy.RegisterModule(new(ZeroSSLIssuer)) +} + +// ZeroSSLIssuer makes an ACME manager +// for managing certificates using ACME. +type ZeroSSLIssuer struct { + *ACMEIssuer + + // The API key (or "access key") for using the ZeroSSL API. + APIKey string `json:"api_key,omitempty"` + + mu sync.Mutex + logger *zap.Logger +} + +// CaddyModule returns the Caddy module information. +func (*ZeroSSLIssuer) CaddyModule() caddy.ModuleInfo { + return caddy.ModuleInfo{ + ID: "tls.issuance.zerossl", + New: func() caddy.Module { return new(ZeroSSLIssuer) }, + } +} + +// Provision sets up iss. +func (iss *ZeroSSLIssuer) Provision(ctx caddy.Context) error { + iss.logger = ctx.Logger(iss) + + if iss.ACMEIssuer == nil { + iss.ACMEIssuer = new(ACMEIssuer) + } + err := iss.ACMEIssuer.Provision(ctx) + if err != nil { + return err + } + + return nil +} + +func (iss *ZeroSSLIssuer) newAccountCallback(ctx context.Context, am *certmagic.ACMEManager, _ acme.Account) error { + if am.ExternalAccount != nil { + return nil + } + var err error + am.ExternalAccount, err = iss.generateEABCredentials(ctx) + return err +} + +func (iss *ZeroSSLIssuer) generateEABCredentials(ctx context.Context) (*acme.EAB, error) { + var endpoint string + var body io.Reader + + // there are two ways to generate EAB credentials: authenticated with + // their API key, or unauthenticated with their email address + switch { + case iss.APIKey != "": + apiKey := caddy.NewReplacer().ReplaceAll(iss.APIKey, "") + if apiKey == "" { + return nil, fmt.Errorf("missing API key: '%v'", iss.APIKey) + } + qs := url.Values{"access_key": []string{apiKey}} + endpoint = fmt.Sprintf("%s/eab-credentials?%s", zerosslAPIBase, qs.Encode()) + + case iss.Email != "": + email := caddy.NewReplacer().ReplaceAll(iss.Email, "") + if email == "" { + return nil, fmt.Errorf("missing email: '%v'", iss.Email) + } + endpoint = zerosslAPIBase + "/eab-credentials-email" + form := url.Values{"email": []string{email}} + body = strings.NewReader(form.Encode()) + + default: + return nil, fmt.Errorf("must configure either an API key or email address to use ZeroSSL without explicit EAB") + } + + req, err := http.NewRequestWithContext(ctx, http.MethodPost, endpoint, body) + if err != nil { + return nil, fmt.Errorf("forming request: %v", err) + } + if body != nil { + req.Header.Set("Content-Type", "application/x-www-form-urlencoded") + } + req.Header.Set("User-Agent", certmagic.UserAgent) + + resp, err := http.DefaultClient.Do(req) + if err != nil { + return nil, fmt.Errorf("performing EAB credentials request: %v", err) + } + defer resp.Body.Close() + + var result struct { + Success bool `json:"success"` + Error struct { + Code int `json:"code"` + Type string `json:"type"` + } `json:"error"` + EABKID string `json:"eab_kid"` + EABHMACKey string `json:"eab_hmac_key"` + } + err = json.NewDecoder(resp.Body).Decode(&result) + if err != nil { + return nil, fmt.Errorf("decoding API response: %v", err) + } + if result.Error.Code != 0 { + return nil, fmt.Errorf("failed getting EAB credentials: HTTP %d: %s (code %d)", + resp.StatusCode, result.Error.Type, result.Error.Code) + } + if resp.StatusCode != http.StatusOK { + return nil, fmt.Errorf("failed getting EAB credentials: HTTP %d", resp.StatusCode) + } + + iss.logger.Info("generated EAB credentials", zap.String("key_id", result.EABKID)) + + return &acme.EAB{ + KeyID: result.EABKID, + MACKey: result.EABHMACKey, + }, nil +} + +// initialize modifies the template for the underlying ACMEManager +// values by setting the CA endpoint to the ZeroSSL directory and +// setting the NewAccountFunc callback to one which allows us to +// generate EAB credentials only if a new account is being made. +// Since it modifies the stored template, its effect should only +// be needed once, but it is fine to call it repeatedly. +func (iss *ZeroSSLIssuer) initialize() { + iss.mu.Lock() + defer iss.mu.Unlock() + if iss.template.CA == "" { + iss.template.CA = zerosslACMEDirectory + } + if iss.template.NewAccountFunc == nil { + iss.template.NewAccountFunc = iss.newAccountCallback + } +} + +// PreCheck implements the certmagic.PreChecker interface. +func (iss *ZeroSSLIssuer) PreCheck(ctx context.Context, names []string, interactive bool) error { + iss.initialize() + return iss.ACMEIssuer.PreCheck(ctx, names, interactive) +} + +// Issue obtains a certificate for the given csr. +func (iss *ZeroSSLIssuer) Issue(ctx context.Context, csr *x509.CertificateRequest) (*certmagic.IssuedCertificate, error) { + iss.initialize() + return iss.ACMEIssuer.Issue(ctx, csr) +} + +// IssuerKey returns the unique issuer key for the configured CA endpoint. +func (iss *ZeroSSLIssuer) IssuerKey() string { + iss.initialize() + return iss.ACMEIssuer.IssuerKey() +} + +// Revoke revokes the given certificate. +func (iss *ZeroSSLIssuer) Revoke(ctx context.Context, cert certmagic.CertificateResource, reason int) error { + iss.initialize() + return iss.ACMEIssuer.Revoke(ctx, cert, reason) +} + +// UnmarshalCaddyfile deserializes Caddyfile tokens into iss. +// +// ... zerossl { +// ... +// } +// +// Any of the subdirectives for the ACME issuer can be used in the block. +func (iss *ZeroSSLIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + for d.Next() { + if !d.AllArgs(&iss.APIKey) { + return d.ArgErr() + } + + if iss.ACMEIssuer == nil { + iss.ACMEIssuer = new(ACMEIssuer) + } + err := iss.ACMEIssuer.UnmarshalCaddyfile(d.NewFromNextSegment()) + if err != nil { + return err + } + } + return nil +} + +const ( + zerosslACMEDirectory = "https://acme.zerossl.com/v2/DV90" + zerosslAPIBase = "https://api.zerossl.com/acme" +) + +// Interface guards +var ( + _ certmagic.PreChecker = (*ZeroSSLIssuer)(nil) + _ certmagic.Issuer = (*ZeroSSLIssuer)(nil) + _ certmagic.Revoker = (*ZeroSSLIssuer)(nil) + _ caddy.Provisioner = (*ZeroSSLIssuer)(nil) + _ ConfigSetter = (*ZeroSSLIssuer)(nil) + + // a type which properly embeds an ACMEIssuer should implement + // this interface so it can be treated as an ACMEIssuer + _ interface{ GetACMEIssuer() *ACMEIssuer } = (*ZeroSSLIssuer)(nil) +) From e385be922569c07a0471a6798d4aeaf972facb5b Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 11 Aug 2020 11:26:19 -0600 Subject: [PATCH 0162/1498] Update comment and Caddy 1 EOL --- .github/SECURITY.md | 4 ++-- caddyconfig/httpcaddyfile/builtins.go | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/SECURITY.md b/.github/SECURITY.md index ba681716..acbfd7b5 100644 --- a/.github/SECURITY.md +++ b/.github/SECURITY.md @@ -11,12 +11,12 @@ Please note that we consider publicly-registered domain names to be public infor | Version | Supported | | ------- | ------------------ | | 2.x | :white_check_mark: | -| 1.x | :white_check_mark: (deprecating soon) | +| 1.x | :white_check_mark: (EOL 1 Oct 2020) | | < 1.x | :x: | ## Reporting a Vulnerability -Please email Matt Holt (the author) directly: matt [at] lightcodelabs [dot com]. +Please email Matt Holt (the author) directly: matt [at] ardanlabs [dot com]. We'll need enough information to verify the bug and make a patch. It will speed things up if you suggest a working patch, such as a code diff, and explain why and how it works. Reports that are not actionable, do not contain enough information, are too pushy/demanding, or are not able to convince us that it is a viable and practical attack on the web server itself may be deferred to a later time or possibly ignored, resources permitting. Priority will be given to credible, responsible reports that are constructive, specific, and actionable. Thank you for understanding. diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index e8fbf235..aacf32ce 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -77,6 +77,7 @@ func parseBind(h Helper) ([]ConfigValue, error) { // ca_root // dns // on_demand +// eab // issuer ... // } // From fc65320e9c5b4e2ab96b6b421b65629560f1b8a2 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 17 Aug 2020 17:14:46 -0400 Subject: [PATCH 0163/1498] reverseproxy: Support header selection policy on `Host` field (#3653) --- modules/caddyhttp/reverseproxy/selectionpolicies.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/modules/caddyhttp/reverseproxy/selectionpolicies.go b/modules/caddyhttp/reverseproxy/selectionpolicies.go index e33ebe47..343140fc 100644 --- a/modules/caddyhttp/reverseproxy/selectionpolicies.go +++ b/modules/caddyhttp/reverseproxy/selectionpolicies.go @@ -362,6 +362,13 @@ func (s HeaderHashSelection) Select(pool UpstreamPool, req *http.Request) *Upstr if s.Field == "" { return nil } + + // The Host header should be obtained from the req.Host field + // since net/http removes it from the header map. + if s.Field == "Host" && req.Host != "" { + return hostByHashing(pool, req.Host) + } + val := req.Header.Get(s.Field) if val == "" { return RandomSelection{}.Select(pool, req) From 0afbab866794448fc0fe8b6cd6a299d7a078c2f1 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 17 Aug 2020 18:15:51 -0400 Subject: [PATCH 0164/1498] httpcaddyfile: Improve directive sorting logic (#3658) * httpcaddyfile: Flip `root` directive sort order * httpcaddyfile: Sort directives with any matcher before those with none * httpcaddyfile: Generalize reverse sort directives, improve logic * httpcaddyfile: Fix "spelling" issue * httpcaddyfile: Turns out the second change precludes the first httpcaddyfile: Delete test that no longer makes sense * httpcaddyfile: Shorten logic Co-authored-by: Matt Holt Co-authored-by: Matt Holt --- caddyconfig/httpcaddyfile/directives.go | 8 +++ ...sort_directives_with_any_matcher_first.txt | 55 +++++++++++++++++++ 2 files changed, 63 insertions(+) create mode 100644 caddytest/integration/caddyfile_adapt/sort_directives_with_any_matcher_first.txt diff --git a/caddyconfig/httpcaddyfile/directives.go b/caddyconfig/httpcaddyfile/directives.go index e93fdd03..d6af97da 100644 --- a/caddyconfig/httpcaddyfile/directives.go +++ b/caddyconfig/httpcaddyfile/directives.go @@ -398,6 +398,14 @@ func sortRoutes(routes []ConfigValue) { if len(jPM) > 0 { jPathLen = len(jPM[0]) } + + // if both directives have no path matcher, use whichever one + // has any kind of matcher defined first. + if iPathLen == 0 && jPathLen == 0 { + return len(iRoute.MatcherSetsRaw) > 0 && len(jRoute.MatcherSetsRaw) == 0 + } + + // sort with the most-specific (longest) path first return iPathLen > jPathLen }) } diff --git a/caddytest/integration/caddyfile_adapt/sort_directives_with_any_matcher_first.txt b/caddytest/integration/caddyfile_adapt/sort_directives_with_any_matcher_first.txt new file mode 100644 index 00000000..d15f56bf --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/sort_directives_with_any_matcher_first.txt @@ -0,0 +1,55 @@ +:80 + +file_server + +@untrusted not remote_ip 10.1.1.0/24 +file_server @untrusted +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":80" + ], + "routes": [ + { + "match": [ + { + "not": [ + { + "remote_ip": { + "ranges": [ + "10.1.1.0/24" + ] + } + } + ] + } + ], + "handle": [ + { + "handler": "file_server", + "hide": [ + "Caddyfile" + ] + } + ] + }, + { + "handle": [ + { + "handler": "file_server", + "hide": [ + "Caddyfile" + ] + } + ] + } + ] + } + } + } + } +} \ No newline at end of file From c94f5bb7dd3c98d6573c44f06d99c7252911a9fa Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 17 Aug 2020 10:47:53 -0600 Subject: [PATCH 0165/1498] reverseproxy: Make default buffer size const --- modules/caddyhttp/reverseproxy/streaming.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/streaming.go b/modules/caddyhttp/reverseproxy/streaming.go index 127c0f0f..666cf486 100644 --- a/modules/caddyhttp/reverseproxy/streaming.go +++ b/modules/caddyhttp/reverseproxy/streaming.go @@ -145,7 +145,7 @@ func (h Handler) copyResponse(dst io.Writer, src io.Reader, flushInterval time.D // of bytes written. func (h Handler) copyBuffer(dst io.Writer, src io.Reader, buf []byte) (int64, error) { if len(buf) == 0 { - buf = make([]byte, 32*1024) + buf = make([]byte, defaultBufferSize) } var written int64 for { @@ -252,6 +252,8 @@ func (c switchProtocolCopier) copyToBackend(errc chan<- error) { var streamingBufPool = sync.Pool{ New: func() interface{} { - return make([]byte, 32*1024) + return make([]byte, defaultBufferSize) }, } + +const defaultBufferSize = 32 * 1024 From 0279a57ac465b2920abf71d86203d9feac2015b5 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Thu, 20 Aug 2020 16:04:10 -0400 Subject: [PATCH 0166/1498] ci: Upgrade to Go 1.15 (#3642) * ci: Try Go 1.15 RC1 out of curiosity * Go 1.15 was released; let's try it * Update to latest quic-go * Attempt at fixing broken test Co-authored-by: Matthew Holt --- .github/workflows/ci.yml | 4 +- .github/workflows/cross-build.yml | 2 +- go.mod | 2 +- go.sum | 39 ++++++++++++++----- .../reverseproxy/fastcgi/client_test.go | 4 +- 5 files changed, 35 insertions(+), 16 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0babe71f..08575c3f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -17,7 +17,7 @@ jobs: fail-fast: false matrix: os: [ ubuntu-latest, macos-latest, windows-latest ] - go-version: [ 1.14.x ] + go-version: [ 1.14.x, 1.15.x ] # Set some variables per OS, usable via ${{ matrix.VAR }} # CADDY_BIN_PATH: the path to the compiled Caddy binary, for artifact publishing @@ -39,7 +39,7 @@ jobs: steps: - name: Install Go - uses: actions/setup-go@v1 + uses: actions/setup-go@v2 with: go-version: ${{ matrix.go-version }} diff --git a/.github/workflows/cross-build.yml b/.github/workflows/cross-build.yml index a935cbab..49abd792 100644 --- a/.github/workflows/cross-build.yml +++ b/.github/workflows/cross-build.yml @@ -14,7 +14,7 @@ jobs: fail-fast: false matrix: goos: ['android', 'linux', 'solaris', 'illumos', 'dragonfly', 'freebsd', 'openbsd', 'plan9', 'windows', 'darwin', 'netbsd'] - go-version: [ 1.14.x ] + go-version: [ 1.14.x, 1.15.x ] runs-on: ubuntu-latest continue-on-error: true steps: diff --git a/go.mod b/go.mod index 931c5ad1..87ddedb3 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/jsternberg/zap-logfmt v1.2.0 github.com/klauspost/compress v1.10.10 github.com/klauspost/cpuid v1.2.5 - github.com/lucas-clemente/quic-go v0.17.3 + github.com/lucas-clemente/quic-go v0.18.0 github.com/mholt/acmez v0.1.1-0.20200810215816-dbe88fc6cf09 github.com/naoina/go-stringutil v0.1.0 // indirect github.com/naoina/toml v0.1.1 diff --git a/go.sum b/go.sum index 3fefecf9..384bdb3f 100644 --- a/go.sum +++ b/go.sum @@ -153,6 +153,8 @@ github.com/francoispqt/gojay v1.2.13 h1:d2m3sFjloqoIUQU3TsHBgj6qg/BVGlTBeHDUmyJn github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiDsoyrBGkyDY= github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= +github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4= +github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= github.com/go-chi/chi v4.0.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= @@ -195,6 +197,7 @@ github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekf github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20191027212112-611e8accdfc9/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7 h1:5ZkaAPbicIKTF2I64qf5Fh8Aa83Q/dnOafMYV0OMwjA= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E= @@ -204,6 +207,8 @@ github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfb github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= github.com/golang/mock v1.4.0 h1:Rd1kQnQu0Hq3qvJppYSG0HtP+f5LPPUiDswTLiEegLg= github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= +github.com/golang/mock v1.4.4 h1:l75CXGRSwbaYNpl/Z2X1XIIAMSCquvXgpVZDhwEIJsc= +github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -217,6 +222,8 @@ github.com/golang/protobuf v1.4.0 h1:oOuy+ugB+P/kBdUnG5QaMXSIyJ1q38wWSojYCb3z5VQ github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= github.com/golang/protobuf v1.4.1 h1:ZFgWrT+bLgsYPirOnRfKLYJLvssAegOj/hgyMFdJZe0= github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= +github.com/golang/protobuf v1.4.2 h1:+Z5KGCizgyZCbGh1KZqA0fcLLkwbsjIzS4aV2v7wJX0= +github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/snappy v0.0.1 h1:Qgr9rKW7uDUkrbSmQeiDsGa8SjGyCOGtuasMWwvp2P4= github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golangci/check v0.0.0-20180506172741-cfe4005ccda2/go.mod h1:k9Qvh+8juN+UKMCS/3jFtGICgW8O96FVaZsaxdzDkR4= @@ -354,8 +361,8 @@ github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/libdns/libdns v0.0.0-20200501023120-186724ffc821 h1:663opx/RKxiISi1ozf0WbvweQpYBgf34dx8hKSIau3w= github.com/libdns/libdns v0.0.0-20200501023120-186724ffc821/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40= github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= -github.com/lucas-clemente/quic-go v0.17.3 h1:jMX/MmDNCljfisgMmPGUcBJ+zUh9w3d3ia4YJjYS3TM= -github.com/lucas-clemente/quic-go v0.17.3/go.mod h1:I0+fcNTdb9eS1ZcjQZbDVPGchJ86chcIxPALn9lEJqE= +github.com/lucas-clemente/quic-go v0.18.0 h1:JhQDdqxdwdmGdKsKgXi1+coHRoGhvU6z0rNzOJqZ/4o= +github.com/lucas-clemente/quic-go v0.18.0/go.mod h1:yXttHsSNxQi8AWijC/vLP+OJczXqzHSOcJrM5ITUlCg= github.com/lunixbochs/vtclean v1.0.0 h1:xu2sLAri4lGiovBDQKxl5mrXyESr3gUr5m5SM5+LVb8= github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/magiconair/properties v1.7.6/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= @@ -364,10 +371,12 @@ github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czP github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/manifoldco/promptui v0.3.1 h1:BxqNa7q1hVHXIXy3iupJMkXYS3aHhbubJWv2Jmg6x64= github.com/manifoldco/promptui v0.3.1/go.mod h1:zoCNXiJnyM03LlBgTsWv8mq28s7aTC71UgKasqRJHww= -github.com/marten-seemann/qpack v0.1.0 h1:/0M7lkda/6mus9B8u34Asqm8ZhHAAt9Ho0vniNuVSVg= -github.com/marten-seemann/qpack v0.1.0/go.mod h1:LFt1NU/Ptjip0C2CPkhimBz5CGE3WGDAUWqna+CNTrI= -github.com/marten-seemann/qtls v0.9.1 h1:O0YKQxNVPaiFgMng0suWEOY2Sb4LT2sRn9Qimq3Z1IQ= -github.com/marten-seemann/qtls v0.9.1/go.mod h1:T1MmAdDPyISzxlK6kjRr0pcZFBVd1OZbBb/j3cvzHhk= +github.com/marten-seemann/qpack v0.2.0 h1:/r1rhZoOmgxVKBqPNnYilZBDEyw+6OUHCbBzA5jc2y0= +github.com/marten-seemann/qpack v0.2.0/go.mod h1:F7Gl5L1jIgN1D11ucXefiuJS9UMVP2opoCp2jDKb7wc= +github.com/marten-seemann/qtls v0.10.0 h1:ECsuYUKalRL240rRD4Ri33ISb7kAQ3qGDlrrl55b2pc= +github.com/marten-seemann/qtls v0.10.0/go.mod h1:UvMd1oaYDACI99/oZUYLzMCkBXQVT0aGm99sJhbT8hs= +github.com/marten-seemann/qtls-go1-15 v0.1.0 h1:i/YPXVxz8q9umso/5y474CNcHmTpA+5DH+mFPjx6PZg= +github.com/marten-seemann/qtls-go1-15 v0.1.0/go.mod h1:GyFwywLKkRt+6mfU99csTEY1joMZz5vmB1WNZH3P81I= github.com/matoous/godox v0.0.0-20190911065817-5d6d842e92eb/go.mod h1:1BELzlh859Sh1c6+90blK8lbYy0kwQf1bYlBhBysy1s= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= @@ -421,21 +430,27 @@ github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a github.com/newrelic/go-agent v2.15.0+incompatible/go.mod h1:a8Fv1b/fYhFSReoTU6HDkTYIMZeSVNffmoS726Y0LzQ= github.com/ngdinhtoan/glide-cleanup v0.2.0/go.mod h1:UQzsmiDOb8YV3nOsCxK/c9zPpCZVNoHScRE3EO9pVMM= github.com/nkovacs/streamquote v0.0.0-20170412213628-49af9bddb229/go.mod h1:0aYXnNPJ8l7uZxf45rWW1a/uME32OF0rhiYGNQ2oF2E= +github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78= +github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/olekukonko/tablewriter v0.0.1/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= github.com/olekukonko/tablewriter v0.0.4/go.mod h1:zq6QwlOf5SlnkVbMSr5EoBv3636FWnp+qbPhuoO21uA= github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.11.0 h1:JAKSXpt1YjtLA7YpPiqO9ss6sNXEsPfSGdwN0UHqzrw= github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= +github.com/onsi/ginkgo v1.14.0 h1:2mOpI4JVVPBN+WQRa0WKH2eXR+Ey+uK4n7Zj0aYpIQA= +github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.4.2/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= -github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= +github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.8.1 h1:C5Dqfs/LeauYDX0jJXIe2SWmwCbGzx9yF8C8xy3Lh34= github.com/onsi/gomega v1.8.1/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA= +github.com/onsi/gomega v1.10.1 h1:o0+MgICZLuZ7xjH7Vx6zS/zcu93/BEp1VwkIW1mEXCE= +github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8= @@ -657,7 +672,6 @@ golang.org/x/crypto v0.0.0-20191227163750-53104e6ec876/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20200221231518-2aa609cf4a9d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de h1:ikNHVSjEfnvz6sxdSPCaPt572qowuyMDMJLLm3Db3ig= golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -694,7 +708,6 @@ golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73r golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190228165749-92fc7df08ae7/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190301231341-16b79f2e4e95/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190313220215-9f648a60d977/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= @@ -710,6 +723,7 @@ golang.org/x/net v0.0.0-20191002035440-2ec189313ef0/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200707034311-ab3426394381 h1:VXak5I6aEWmAXeQjA+QSZzlgNrpq9mjcfDemuexIKsU= golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -749,9 +763,12 @@ golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190626221950-04f50cda93cb/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191220142924-d4481acd189f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -762,6 +779,8 @@ golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200413165638-669c56c373c4 h1:opSr2sbRXk5X5/givKrrKj9HXxFpW2sdCiP8MJSKLQY= golang.org/x/sys v0.0.0-20200413165638-669c56c373c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200519105757-fe76b779f299 h1:DYfZAGf2WMFjMxbgTjaC+2HC7NkNAQs+6Q8b9WEB/F4= +golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.0.0-20170915090833-1cbadb444a80/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= diff --git a/modules/caddyhttp/reverseproxy/fastcgi/client_test.go b/modules/caddyhttp/reverseproxy/fastcgi/client_test.go index c090f3cc..f0740a4c 100644 --- a/modules/caddyhttp/reverseproxy/fastcgi/client_test.go +++ b/modules/caddyhttp/reverseproxy/fastcgi/client_test.go @@ -249,7 +249,7 @@ func DisabledTest(t *testing.T) { log.Println("test:", "post data (more than 60KB)") data := "" for i := 0x00; i < 0xff; i++ { - v0 := strings.Repeat(string(i), 256) + v0 := strings.Repeat(fmt.Sprint(i), 256) h := md5.New() _, _ = io.WriteString(h, v0) k0 := fmt.Sprintf("%x", h.Sum(nil)) @@ -266,7 +266,7 @@ func DisabledTest(t *testing.T) { log.Println("test:", "post forms (256 keys, more than 1MB)") p1 := make(map[string]string, 1) for i := 0x00; i < 0xff; i++ { - v0 := strings.Repeat(string(i), 4096) + v0 := strings.Repeat(fmt.Sprint(i), 4096) h := md5.New() _, _ = io.WriteString(h, v0) k0 := fmt.Sprintf("%x", h.Sum(nil)) From 997ef522bc636bd2485408e63f55b9b043b2d975 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 20 Aug 2020 19:28:25 -0600 Subject: [PATCH 0167/1498] go.mod: Use v0.15(.1) of smallstep libs Update internal issuer for compatibility -- yay simpler code! The .1 version also fixes non-critical SAN extensions that caused trust issues on several clients. --- go.mod | 4 +-- go.sum | 39 +++++++++++---------------- modules/caddytls/internalissuer.go | 43 ++++++++---------------------- 3 files changed, 28 insertions(+), 58 deletions(-) diff --git a/go.mod b/go.mod index 87ddedb3..d1b73f85 100644 --- a/go.mod +++ b/go.mod @@ -17,8 +17,8 @@ require ( github.com/mholt/acmez v0.1.1-0.20200810215816-dbe88fc6cf09 github.com/naoina/go-stringutil v0.1.0 // indirect github.com/naoina/toml v0.1.1 - github.com/smallstep/certificates v0.14.6 - github.com/smallstep/cli v0.14.6 + github.com/smallstep/certificates v0.15.1 + github.com/smallstep/cli v0.15.0 github.com/smallstep/nosql v0.3.0 github.com/smallstep/truststore v0.9.6 github.com/yuin/goldmark v1.2.1 diff --git a/go.sum b/go.sum index 384bdb3f..71c4773c 100644 --- a/go.sum +++ b/go.sum @@ -30,18 +30,12 @@ github.com/DataDog/zstd v1.4.1 h1:3oxKN3wbHibqx897utPC2LTQU4J+IHWWJO+glkAkpFM= github.com/DataDog/zstd v1.4.1/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo= github.com/GeertJohan/go.incremental v1.0.0/go.mod h1:6fAjUhbVuX1KcMD3c8TEgVUqmo4seqhv0i0kdATSkM0= github.com/GeertJohan/go.rice v1.0.0/go.mod h1:eH6gbSOAUv07dQuZVnBmoDP8mgsM1rtixis4Tib9if0= -github.com/Masterminds/glide v0.13.2/go.mod h1:STyF5vcenH/rUqTEv+/hBXlSTo7KYwg2oc2f4tzPWic= github.com/Masterminds/goutils v1.1.0 h1:zukEsf/1JZwCMgHiK3GZftabmxiCw4apj3a28RPBiVg= github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= -github.com/Masterminds/semver v1.4.2 h1:WBLTQ37jOCzSLtXNdoo8bNM8876KhNqOKvrlGITgsTc= -github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= -github.com/Masterminds/semver/v3 v3.0.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= github.com/Masterminds/semver/v3 v3.1.0 h1:Y2lUDsFKVRSYGojLJ1yLxSXdMmMYTYls0rCvoqmMUQk= github.com/Masterminds/semver/v3 v3.1.0/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= -github.com/Masterminds/sprig/v3 v3.0.0/go.mod h1:NEUY/Qq8Gdm2xgYA+NwJM6wmfdRV9xkh8h/Rld20R0U= github.com/Masterminds/sprig/v3 v3.1.0 h1:j7GpgZ7PdFqNsmncycTHsLmVPf5/3wJtlgW9TNDYD9Y= github.com/Masterminds/sprig/v3 v3.1.0/go.mod h1:ONGMf7UfYGAbMXCZmQLy8x3lCDIPrEZE/rU8pmrbihA= -github.com/Masterminds/vcs v1.13.0/go.mod h1:N09YCmOQr6RLxC6UNHzuVwAdodYbbnycGHSmwVJjcKA= github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA= github.com/OneOfOne/xxhash v1.2.2 h1:KMrpdQIwFcEqXDklaen+P1axHaj9BSKzvpUUfnHldSE= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= @@ -83,7 +77,6 @@ github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+Ce github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= github.com/bombsimon/wsl/v2 v2.0.0/go.mod h1:mf25kr/SqFEPhhcxW1+7pxzGlW+hIl/hYTKY95VwV8U= -github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= github.com/caddyserver/certmagic v0.11.3-0.20200810220624-10a8b5c72339 h1:wTD+Y63XoBtiTJhe/Xn7WLrwKenmjkt2WxH3FP+Y0DM= @@ -102,7 +95,6 @@ github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5P github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1 h1:q763qf9huN11kDQavWsoZXJNW3xEE4JJyHa5Q25/sd8= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/codegangsta/cli v1.20.0/go.mod h1:/qJNoX69yVSKu5o4jLyXAENLRyk1uhi7zkbQ3slBdOA= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/bbolt v1.3.3/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= @@ -114,7 +106,6 @@ github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3Ee github.com/coreos/go-systemd v0.0.0-20181012123002-c6f51f82210d/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= -github.com/corpix/uarand v0.1.1/go.mod h1:SFKZvkcRoLqVRFZ4u25xPmp6m9ktANfbpXZ7SJ0/FNU= github.com/cpuguy83/go-md2man v1.0.10 h1:BSKMNlYxDvnunlTymqtgONjNnaRV1sTpcovwwjF22jk= github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= @@ -302,12 +293,10 @@ github.com/hashicorp/hcl v0.0.0-20180404174102-ef8a98b0bbce/go.mod h1:oZtUIOe8dh github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= -github.com/huandu/xstrings v1.2.0/go.mod h1:DvyZB1rfVYsBIigL8HwpZgxHwXozlTgGqn63UyNX5k4= github.com/huandu/xstrings v1.3.1 h1:4jgBlKK6tLKFvO8u5pmYjG91cqytmDCDvGh7ECVFfFs= github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/icrowley/fake v0.0.0-20180203215853-4178557ae428/go.mod h1:uhpZMVGznybq1itEKXj6RYw9I71qK4kH+OGMjRC4KEo= -github.com/imdario/mergo v0.3.7/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.8 h1:CGgOkSJeqMRmt0D9XLWExdT4m4F1vd3FV3VPt+0VxkQ= github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= @@ -329,7 +318,6 @@ github.com/juju/ansiterm v0.0.0-20180109212912-720a0952cc2a h1:FaWFmfWdAUKbSCtOU github.com/juju/ansiterm v0.0.0-20180109212912-720a0952cc2a/go.mod h1:UJSiEoRfvx3hP73CvoARgeLjaIOjybY9vj8PUPPFGeU= github.com/juju/ratelimit v1.0.1/go.mod h1:qapgC/Gy+xNh9UxzV13HGGl/6UXNN+ct+vwSgWNm/qk= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= -github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/gotool v0.0.0-20161130080628-0de1eaf82fa3/go.mod h1:jxZFDH7ILpTPQTk+E2s+z4CUas9lVNjIuKR4c5/zKgM= @@ -428,7 +416,6 @@ github.com/nbutton23/zxcvbn-go v0.0.0-20180912185939-ae427f1e4c1d/go.mod h1:o96d github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo= github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM= github.com/newrelic/go-agent v2.15.0+incompatible/go.mod h1:a8Fv1b/fYhFSReoTU6HDkTYIMZeSVNffmoS726Y0LzQ= -github.com/ngdinhtoan/glide-cleanup v0.2.0/go.mod h1:UQzsmiDOb8YV3nOsCxK/c9zPpCZVNoHScRE3EO9pVMM= github.com/nkovacs/streamquote v0.0.0-20170412213628-49af9bddb229/go.mod h1:0aYXnNPJ8l7uZxf45rWW1a/uME32OF0rhiYGNQ2oF2E= github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= @@ -542,16 +529,17 @@ github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6Mwd github.com/smallstep/assert v0.0.0-20180720014142-de77670473b5/go.mod h1:TC9A4+RjIOS+HyTH7wG17/gSqVv95uDw2J64dQZx7RE= github.com/smallstep/assert v0.0.0-20200103212524-b99dc1097b15 h1:kSImCuenAkXtCaBeQ1UhmzzJGRhSm8sVH7I3sHE2Qdg= github.com/smallstep/assert v0.0.0-20200103212524-b99dc1097b15/go.mod h1:MyOHs9Po2fbM1LHej6sBUT8ozbxmMOFG+E+rx/GSGuc= -github.com/smallstep/certificates v0.14.5/go.mod h1:zzpB8wMz967gL8FmK6zvCNB4pDVwFDKjPg1diTVc1h8= -github.com/smallstep/certificates v0.14.6 h1:sLVnIvIjZhd6qAosuf4Mw1Mh7IMA9XrZ7lKrGBuoHZQ= -github.com/smallstep/certificates v0.14.6/go.mod h1:nhih0lhKpbWE8JB0fg4EVCh/po18ivLiTPcF8eBeNtA= +github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262 h1:unQFBIznI+VYD1/1fApl1A+9VcBk+9dcqGfnePY87LY= +github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262/go.mod h1:MyOHs9Po2fbM1LHej6sBUT8ozbxmMOFG+E+rx/GSGuc= +github.com/smallstep/certificates v0.15.0 h1:riIt3fBWuenlvHoqkVuUOxQbhtxFQMO1ziSr7usb1J0= +github.com/smallstep/certificates v0.15.0/go.mod h1:awyVXYIVn4J9ANSSnDuA3FjKia7+QixaqorGW8CKGq8= +github.com/smallstep/certificates v0.15.1 h1:Es2IGgU4D0RE4OKys/VB1KvAuGuZwkxR7D9A0DeM/Ow= +github.com/smallstep/certificates v0.15.1/go.mod h1:hDmNejfuVTDDe1NBIKrhL9xjELRJb2ZFM+bDXwSW9xI= github.com/smallstep/certinfo v1.3.0/go.mod h1:1gQJekdPwPvUwFWGTi7bZELmQT09cxC9wJ0VBkBNiwU= -github.com/smallstep/cli v0.14.5/go.mod h1:mRFuqC3cGwQESBGJvog4o76jZZZ7bMjkE+hAnq2QyR8= -github.com/smallstep/cli v0.14.6 h1:xc9rawDKB70Vgvg10gfQAh9EpDWS3k1O002J5bApqUk= -github.com/smallstep/cli v0.14.6/go.mod h1:Gs9mXwk5tIBlSISt1tvCAMso7eEAiJRyNgR/6JsoojI= +github.com/smallstep/cli v0.15.0 h1:ZBU1o4vm4FvcOFnfiT09jxuE/OsZX1BsZl5E/l2gv/c= +github.com/smallstep/cli v0.15.0/go.mod h1:trYpP49s+XF4fROcNgmPi4yO1EIKfqsc/eEck6SosO4= github.com/smallstep/nosql v0.3.0 h1:V1X5vfDsDt89499h3jZFUlR4VnnsYYs5tXaQZ0w8z5U= github.com/smallstep/nosql v0.3.0/go.mod h1:QG7gNOpidifn99MjZaiNbm7HPesIyBd97F/OfacNz8Q= -github.com/smallstep/truststore v0.9.3/go.mod h1:PRSkpRIhAYBK/KLWkHNgRdYgzWMEy45bN7PSJCfKKGE= github.com/smallstep/truststore v0.9.6 h1:vNzEJmaJL0XOZD8uouXLmYu4/aP1UQ/wHUopH3qKeYA= github.com/smallstep/truststore v0.9.6/go.mod h1:HwHKRcBi0RUxxw1LYDpTRhYC4jZUuxPpkHdVonlkoDM= github.com/smallstep/zcrypto v0.0.0-20200203191936-fbc32cf76bce/go.mod h1:+F24VU3UCxfVFvvqgm5jNUFQOm/L6ed13ImwWGFgg/g= @@ -638,6 +626,11 @@ go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2 h1:75k/FF0Q2YM8QYo07VPddOLBslDt1MZOdEslOHvmzAs= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= +go.step.sm/crypto v0.0.0-20200805202904-ec18b6df3cf0/go.mod h1:8VYxmvSKt5yOTBx3MGsD2Gk4F1Es/3FIxrjnfeYWE8U= +go.step.sm/crypto v0.1.1 h1:xg3kUS30hEnwgbxtKwq9a4MJaeiU616HSug60LU9B2E= +go.step.sm/crypto v0.1.1/go.mod h1:cIoSWTfTQ5xqvwTeZH9ZXZzi6jdMepjK4A/TDWMUvw8= +go.step.sm/crypto v0.2.0 h1:Rx+XqrNO4ZGHWlT9QCXls2L9pvcNiI23zEpAq0fctvY= +go.step.sm/crypto v0.2.0/go.mod h1:YNLnHj4JgABFoRkUq8brkscIB9THdiJUFoDxLQw1tww= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= @@ -665,14 +658,13 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191227163750-53104e6ec876/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200221231518-2aa609cf4a9d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20200709230013-948cd5f35899/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de h1:ikNHVSjEfnvz6sxdSPCaPt572qowuyMDMJLLm3Db3ig= golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -941,9 +933,8 @@ honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.1-2019.2.3 h1:3JgtbtFHMiCmsznwGVTUWbgGov+pVqnlf1dEJTNAXeM= honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= +howett.net/plist v0.0.0-20181124034731-591f970eefbb h1:jhnBjNi9UFpfpl8YZhA9CrOqpnJdvzuiHsl/dnxl11M= howett.net/plist v0.0.0-20181124034731-591f970eefbb/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0= -howett.net/plist v0.0.0-20200419221736-3b63eb3a43b5 h1:AQkaJpH+/FmqRjmXZPELom5zIERYZfwTjnHpfoVMQEc= -howett.net/plist v0.0.0-20200419221736-3b63eb3a43b5/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0= mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed/go.mod h1:Xkxe497xwlCKkIaQYRfC7CSLworTXY9RMqwhhCm+8Nc= mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b/go.mod h1:2odslEg/xrtNQqCYg2/jCoyKnw3vv5biOc3JnIcYfL4= mvdan.cc/unparam v0.0.0-20190209190245-fbb59629db34/go.mod h1:H6SUd1XjIs+qQCyskXg5OFSrilMRUkD8ePJpHKDPaeY= diff --git a/modules/caddytls/internalissuer.go b/modules/caddytls/internalissuer.go index d70b8ca2..6f228ea3 100644 --- a/modules/caddytls/internalissuer.go +++ b/modules/caddytls/internalissuer.go @@ -27,7 +27,6 @@ import ( "github.com/caddyserver/caddy/v2/modules/caddypki" "github.com/caddyserver/certmagic" "github.com/smallstep/certificates/authority/provisioner" - "github.com/smallstep/cli/crypto/x509util" ) func init() { @@ -120,9 +119,7 @@ func (iss InternalIssuer) Issue(ctx context.Context, csr *x509.CertificateReques lifetime = issuerCert.NotAfter.Sub(time.Now()) } - certChain, err := auth.Sign(csr, provisioner.Options{}, - profileDefaultDuration(iss.Lifetime), - ) + certChain, err := auth.Sign(csr, provisioner.SignOptions{}, customCertLifetime(iss.Lifetime)) if err != nil { return nil, err } @@ -160,33 +157,14 @@ func (iss *InternalIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return nil } -// profileDefaultDuration is a wrapper against x509util.WithOption to conform -// the SignOption interface. -// -// This type is borrowed from the smallstep libraries: -// https://github.com/smallstep/certificates/blob/806abb6232a5691198b891d76b9898ea7f269da0/authority/provisioner/sign_options.go#L191-L211 -// as per https://github.com/smallstep/certificates/issues/198. -// -// TODO: In the future, this approach to custom cert lifetimes may not be necessary -type profileDefaultDuration time.Duration +// customCertLifetime allows us to customize certificates that are issued +// by Smallstep libs, particularly the NotBefore & NotAfter dates. +type customCertLifetime time.Duration -func (d profileDefaultDuration) Option(so provisioner.Options) x509util.WithOption { - var backdate time.Duration - notBefore := so.NotBefore.Time() - if notBefore.IsZero() { - notBefore = time.Now().Truncate(time.Second) - backdate = -1 * so.Backdate - } - notAfter := so.NotAfter.RelativeTime(notBefore) - return func(p x509util.Profile) error { - fn := x509util.WithNotBeforeAfterDuration(notBefore, notAfter, time.Duration(d)) - if err := fn(p); err != nil { - return err - } - crt := p.Subject() - crt.NotBefore = crt.NotBefore.Add(backdate) - return nil - } +func (d customCertLifetime) Modify(cert *x509.Certificate, _ provisioner.SignOptions) error { + cert.NotBefore = time.Now() + cert.NotAfter = cert.NotBefore.Add(time.Duration(d)) + return nil } const ( @@ -195,6 +173,7 @@ const ( // Interface guards var ( - _ caddy.Provisioner = (*InternalIssuer)(nil) - _ certmagic.Issuer = (*InternalIssuer)(nil) + _ caddy.Provisioner = (*InternalIssuer)(nil) + _ certmagic.Issuer = (*InternalIssuer)(nil) + _ provisioner.CertificateModifier = (*customCertLifetime)(nil) ) From ecbc1f85c5ada6c9e50a3f0b0724b8d7731349ba Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Thu, 20 Aug 2020 22:40:26 -0400 Subject: [PATCH 0168/1498] ci: Tweaks for multi go version tests (#3673) --- .github/workflows/ci.yml | 14 +++++++------- .github/workflows/cross-build.yml | 14 +++++++++----- .github/workflows/fuzzing.yml | 6 +++--- .github/workflows/release.yml | 14 +++++++------- 4 files changed, 26 insertions(+), 22 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 08575c3f..72333656 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -17,7 +17,7 @@ jobs: fail-fast: false matrix: os: [ ubuntu-latest, macos-latest, windows-latest ] - go-version: [ 1.14.x, 1.15.x ] + go: [ '1.14', '1.15' ] # Set some variables per OS, usable via ${{ matrix.VAR }} # CADDY_BIN_PATH: the path to the compiled Caddy binary, for artifact publishing @@ -41,7 +41,7 @@ jobs: - name: Install Go uses: actions/setup-go@v2 with: - go-version: ${{ matrix.go-version }} + go-version: ${{ matrix.go }} - name: Checkout code uses: actions/checkout@v2 @@ -69,12 +69,12 @@ jobs: echo "::set-output name=go_cache::$(go env GOCACHE)" - name: Cache the build cache - uses: actions/cache@v1 + uses: actions/cache@v2 with: path: ${{ steps.vars.outputs.go_cache }} - key: ${{ runner.os }}-go-ci-${{ hashFiles('**/go.sum') }} + key: ${{ runner.os }}-${{ matrix.go }}-go-ci-${{ hashFiles('**/go.sum') }} restore-keys: | - ${{ runner.os }}-go-ci + ${{ runner.os }}-${{ matrix.go }}-go-ci - name: Get dependencies run: | @@ -91,7 +91,7 @@ jobs: - name: Publish Build Artifact uses: actions/upload-artifact@v1 with: - name: caddy_v2_${{ runner.os }}_${{ steps.vars.outputs.short_sha }} + name: caddy_${{ runner.os }}_go${{ matrix.go }}_${{ steps.vars.outputs.short_sha }} path: ${{ matrix.CADDY_BIN_PATH }} # Commented bits below were useful to allow the job to continue @@ -167,7 +167,7 @@ jobs: steps: - name: checkout uses: actions/checkout@v2 - - uses: goreleaser/goreleaser-action@v1 + - uses: goreleaser/goreleaser-action@v2 with: version: latest args: check diff --git a/.github/workflows/cross-build.yml b/.github/workflows/cross-build.yml index 49abd792..f8ae5bbc 100644 --- a/.github/workflows/cross-build.yml +++ b/.github/workflows/cross-build.yml @@ -14,14 +14,15 @@ jobs: fail-fast: false matrix: goos: ['android', 'linux', 'solaris', 'illumos', 'dragonfly', 'freebsd', 'openbsd', 'plan9', 'windows', 'darwin', 'netbsd'] - go-version: [ 1.14.x, 1.15.x ] + go: [ '1.14', '1.15' ] runs-on: ubuntu-latest continue-on-error: true steps: - name: Install Go uses: actions/setup-go@v2 with: - go-version: ${{ matrix.go-version }} + go-version: ${{ matrix.go }} + - name: Print Go version and environment id: vars run: | @@ -32,15 +33,18 @@ jobs: printf "\n\nSystem environment:\n\n" env echo "::set-output name=go_cache::$(go env GOCACHE)" + - name: Cache the build cache - uses: actions/cache@v1 + uses: actions/cache@v2 with: path: ${{ steps.vars.outputs.go_cache }} - key: cross-build-go-${{ matrix.goos }}-${{ hashFiles('**/go.sum') }} + key: cross-build-go${{ matrix.go }}-${{ matrix.goos }}-${{ hashFiles('**/go.sum') }} restore-keys: | - cross-build-go-${{ matrix.goos }} + cross-build-go${{ matrix.go }}-${{ matrix.goos }} + - name: Checkout code into the Go module directory uses: actions/checkout@v2 + - name: Run Build env: CGO_ENABLED: 0 diff --git a/.github/workflows/fuzzing.yml b/.github/workflows/fuzzing.yml index c3c9657f..05f4629c 100644 --- a/.github/workflows/fuzzing.yml +++ b/.github/workflows/fuzzing.yml @@ -12,14 +12,14 @@ jobs: strategy: matrix: os: [ ubuntu-latest ] - go-version: [ 1.14.x ] + go: [ '1.14' ] runs-on: ${{ matrix.os }} steps: - name: Install Go - uses: actions/setup-go@v1 + uses: actions/setup-go@v2 with: - go-version: ${{ matrix.go-version }} + go-version: ${{ matrix.go }} - name: Checkout code uses: actions/checkout@v2 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 02129ab1..763c9e20 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -11,14 +11,14 @@ jobs: strategy: matrix: os: [ ubuntu-latest ] - go-version: [ 1.14.x ] + go: [ '1.15' ] runs-on: ${{ matrix.os }} steps: - name: Install Go - uses: actions/setup-go@v1 + uses: actions/setup-go@v2 with: - go-version: ${{ matrix.go-version }} + go-version: ${{ matrix.go }} - name: Checkout code uses: actions/checkout@v2 @@ -54,16 +54,16 @@ jobs: echo "::set-output name=tag_special::${TAG_SPECIAL}" - name: Cache the build cache - uses: actions/cache@v1 + uses: actions/cache@v2 with: path: ${{ steps.vars.outputs.go_cache }} - key: ${{ runner.os }}-go-release-${{ hashFiles('**/go.sum') }} + key: ${{ runner.os }}-go${{ matrix.go }}-release-${{ hashFiles('**/go.sum') }} restore-keys: | - ${{ runner.os }}-go-release + ${{ runner.os }}-go${{ matrix.go }}-release # GoReleaser will take care of publishing those artifacts into the release - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v1 + uses: goreleaser/goreleaser-action@v2 with: version: latest args: release --rm-dist From 744d04c2585d50f64cf3d43d139c310a18e78f73 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 21 Aug 2020 20:30:14 -0600 Subject: [PATCH 0169/1498] caddytls: Configure custom DNS resolvers for DNS challenge (close #2476) And #3391 Maybe also related: #3664 --- go.mod | 4 ++-- go.sum | 12 ++++++------ modules/caddytls/acmeissuer.go | 1 + modules/caddytls/automation.go | 4 ++++ 4 files changed, 13 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index d1b73f85..fa5913a8 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/Masterminds/sprig/v3 v3.1.0 github.com/alecthomas/chroma v0.8.0 github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a - github.com/caddyserver/certmagic v0.11.3-0.20200810220624-10a8b5c72339 + github.com/caddyserver/certmagic v0.11.3-0.20200822022242-4fd8ae48ef87 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-chi/chi v4.1.2+incompatible github.com/google/cel-go v0.5.1 @@ -14,7 +14,7 @@ require ( github.com/klauspost/compress v1.10.10 github.com/klauspost/cpuid v1.2.5 github.com/lucas-clemente/quic-go v0.18.0 - github.com/mholt/acmez v0.1.1-0.20200810215816-dbe88fc6cf09 + github.com/mholt/acmez v0.1.1-0.20200811184240-dc9c5f05ed1e github.com/naoina/go-stringutil v0.1.0 // indirect github.com/naoina/toml v0.1.1 github.com/smallstep/certificates v0.15.1 diff --git a/go.sum b/go.sum index 71c4773c..381988e1 100644 --- a/go.sum +++ b/go.sum @@ -79,8 +79,8 @@ github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kB github.com/bombsimon/wsl/v2 v2.0.0/go.mod h1:mf25kr/SqFEPhhcxW1+7pxzGlW+hIl/hYTKY95VwV8U= github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= -github.com/caddyserver/certmagic v0.11.3-0.20200810220624-10a8b5c72339 h1:wTD+Y63XoBtiTJhe/Xn7WLrwKenmjkt2WxH3FP+Y0DM= -github.com/caddyserver/certmagic v0.11.3-0.20200810220624-10a8b5c72339/go.mod h1:mqOzOvKa7UcC+TWbBLcP0ZLRut/xaaQBw0hRGWHBIkY= +github.com/caddyserver/certmagic v0.11.3-0.20200822022242-4fd8ae48ef87 h1:3aKxAswI/GxNUKS3v+NWaB+hUyBtfXyjAWlc2Go53T0= +github.com/caddyserver/certmagic v0.11.3-0.20200822022242-4fd8ae48ef87/go.mod h1:ru+9UfE7sgvPJgieBLSRz5S3xuCd6wlV0qEHErC+x1k= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= @@ -346,8 +346,8 @@ github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+ github.com/letsencrypt/pkcs11key v2.0.1-0.20170608213348-396559074696+incompatible/go.mod h1:iGYXKqDXt0cpBthCHdr9ZdsQwyGlYFh/+8xa4WzIQ34= github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= -github.com/libdns/libdns v0.0.0-20200501023120-186724ffc821 h1:663opx/RKxiISi1ozf0WbvweQpYBgf34dx8hKSIau3w= -github.com/libdns/libdns v0.0.0-20200501023120-186724ffc821/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40= +github.com/libdns/libdns v0.1.0 h1:0ctCOrVJsVzj53mop1angHp/pE3hmAhP7KiHvR0HD04= +github.com/libdns/libdns v0.1.0/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40= github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= github.com/lucas-clemente/quic-go v0.18.0 h1:JhQDdqxdwdmGdKsKgXi1+coHRoGhvU6z0rNzOJqZ/4o= github.com/lucas-clemente/quic-go v0.18.0/go.mod h1:yXttHsSNxQi8AWijC/vLP+OJczXqzHSOcJrM5ITUlCg= @@ -381,8 +381,8 @@ github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m github.com/mattn/go-sqlite3 v1.10.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc= github.com/mattn/goveralls v0.0.2/go.mod h1:8d1ZMHsd7fW6IRPKQh46F2WRpyib5/X4FOpevwGNQEw= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/mholt/acmez v0.1.1-0.20200810215816-dbe88fc6cf09 h1:J7NVJ46iBFeWsUc5aeVv8QNO2mLhI6rJKIbpAsH7d7g= -github.com/mholt/acmez v0.1.1-0.20200810215816-dbe88fc6cf09/go.mod h1:8qnn8QA/Ewx8E3ZSsmscqsIjhhpxuy9vqdgbX2ceceM= +github.com/mholt/acmez v0.1.1-0.20200811184240-dc9c5f05ed1e h1:F5E9CM0APrZtTfowJfvUBmrCjuHLfslZyFlNTEB7UV4= +github.com/mholt/acmez v0.1.1-0.20200811184240-dc9c5f05ed1e/go.mod h1:8qnn8QA/Ewx8E3ZSsmscqsIjhhpxuy9vqdgbX2ceceM= github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4= github.com/miekg/dns v1.1.30 h1:Qww6FseFn8PRfw07jueqIXqodm0JKiiKuK0DeXSqfyo= github.com/miekg/dns v1.1.30/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM= diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go index 963143bb..07974359 100644 --- a/modules/caddytls/acmeissuer.go +++ b/modules/caddytls/acmeissuer.go @@ -112,6 +112,7 @@ func (iss *ACMEIssuer) Provision(ctx caddy.Context) error { DNSProvider: val.(certmagic.ACMEDNSProvider), TTL: time.Duration(iss.Challenges.DNS.TTL), PropagationTimeout: time.Duration(iss.Challenges.DNS.PropagationTimeout), + Resolvers: iss.Challenges.DNS.Resolvers, } } } diff --git a/modules/caddytls/automation.go b/modules/caddytls/automation.go index 502a6314..1612391c 100644 --- a/modules/caddytls/automation.go +++ b/modules/caddytls/automation.go @@ -295,6 +295,10 @@ type DNSChallengeConfig struct { // How long to wait for DNS record to propagate. PropagationTimeout caddy.Duration `json:"propagation_timeout,omitempty"` + // Custom DNS resolvers to prefer over system/built-in defaults. + // Often necessary to configure when using split-horizon DNS. + Resolvers []string `json:"resolvers,omitempty"` + solver acmez.Solver } From 494032584436338896cd275d7563bc7b325cd1c4 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 31 Aug 2020 12:33:43 -0600 Subject: [PATCH 0170/1498] fileserver: Fix inconsistencies in browse JSON --- modules/caddyhttp/fileserver/browse_test.go | 36 +++++++-------- modules/caddyhttp/fileserver/browselisting.go | 44 +++++++++---------- 2 files changed, 40 insertions(+), 40 deletions(-) diff --git a/modules/caddyhttp/fileserver/browse_test.go b/modules/caddyhttp/fileserver/browse_test.go index b1f7092b..5d5874f3 100644 --- a/modules/caddyhttp/fileserver/browse_test.go +++ b/modules/caddyhttp/fileserver/browse_test.go @@ -11,15 +11,15 @@ func BenchmarkBrowseWriteJSON(b *testing.B) { fsrv := new(FileServer) fsrv.Provision(caddy.Context{}) listing := browseListing{ - Name: "test", - Path: "test", - CanGoUp: false, - Items: make([]fileInfo, 100), - NumDirs: 42, - NumFiles: 420, - Sort: "", - Order: "", - ItemsLimitedTo: 42, + Name: "test", + Path: "test", + CanGoUp: false, + Items: make([]fileInfo, 100), + NumDirs: 42, + NumFiles: 420, + Sort: "", + Order: "", + Limit: 42, } b.ResetTimer() @@ -36,15 +36,15 @@ func BenchmarkBrowseWriteHTML(b *testing.B) { template: template.New("test"), } listing := browseListing{ - Name: "test", - Path: "test", - CanGoUp: false, - Items: make([]fileInfo, 100), - NumDirs: 42, - NumFiles: 420, - Sort: "", - Order: "", - ItemsLimitedTo: 42, + Name: "test", + Path: "test", + CanGoUp: false, + Items: make([]fileInfo, 100), + NumDirs: 42, + NumFiles: 420, + Sort: "", + Order: "", + Limit: 42, } b.ResetTimer() diff --git a/modules/caddyhttp/fileserver/browselisting.go b/modules/caddyhttp/fileserver/browselisting.go index cebfe8fd..79944f93 100644 --- a/modules/caddyhttp/fileserver/browselisting.go +++ b/modules/caddyhttp/fileserver/browselisting.go @@ -76,34 +76,34 @@ func (fsrv *FileServer) directoryListing(files []os.FileInfo, canGoUp bool, urlP type browseListing struct { // The name of the directory (the last element of the path). - Name string + Name string `json:"name"` // The full path of the request. - Path string + Path string `json:"path"` // Whether the parent directory is browseable. - CanGoUp bool + CanGoUp bool `json:"can_go_up"` // The items (files and folders) in the path. - Items []fileInfo - - // The number of directories in the listing. - NumDirs int - - // The number of files (items that aren't directories) in the listing. - NumFiles int - - // Sort column used - Sort string - - // Sorting order - Order string - - // If ≠0 then Items have been limited to that many elements. - ItemsLimitedTo int + Items []fileInfo `json:"items,omitempty"` // If ≠0 then Items starting from that many elements. - ItemOffset int + Offset int `json:"offset,omitempty"` + + // If ≠0 then Items have been limited to that many elements. + Limit int `json:"limit,omitempty"` + + // The number of directories in the listing. + NumDirs int `json:"num_dirs"` + + // The number of files (items that aren't directories) in the listing. + NumFiles int `json:"num_files"` + + // Sort column used + Sort string `json:"sort,omitempty"` + + // Sorting order + Order string `json:"order,omitempty"` } // Breadcrumbs returns l.Path where every element maps @@ -166,7 +166,7 @@ func (l *browseListing) applySortAndLimit(sortParam, orderParam, limitParam stri offset, _ := strconv.Atoi(offsetParam) if offset > 0 && offset <= len(l.Items) { l.Items = l.Items[offset:] - l.ItemOffset = offset + l.Offset = offset } } @@ -175,7 +175,7 @@ func (l *browseListing) applySortAndLimit(sortParam, orderParam, limitParam stri if limit > 0 && limit <= len(l.Items) { l.Items = l.Items[:limit] - l.ItemsLimitedTo = limit + l.Limit = limit } } } From 724b74d98144e502d4cd7b2a4b1c2309e7536d4f Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 31 Aug 2020 13:22:34 -0600 Subject: [PATCH 0171/1498] reverseproxy: Abort active health checks on context cancellation --- modules/caddyhttp/reverseproxy/healthchecks.go | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/healthchecks.go b/modules/caddyhttp/reverseproxy/healthchecks.go index 79f18fcd..33cfd82b 100644 --- a/modules/caddyhttp/reverseproxy/healthchecks.go +++ b/modules/caddyhttp/reverseproxy/healthchecks.go @@ -216,9 +216,8 @@ func (h *Handler) doActiveHealthCheck(dialInfo DialInfo, hostAddr string, host H u.Host = net.JoinHostPort(host, portStr) } - // attach dialing information to this request - TODO: use caddy.Context's context - // so it can be canceled on config reload - ctx := context.Background() + // attach dialing information to this request + ctx := h.ctx.Context ctx = context.WithValue(ctx, caddy.ReplacerCtxKey, caddy.NewReplacer()) ctx = context.WithValue(ctx, caddyhttp.VarsCtxKey, map[string]interface{}{ dialInfoVarKey: dialInfo, From 24f34780b61fc82df6507cf95535c3dfc9f78058 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 31 Aug 2020 13:23:26 -0600 Subject: [PATCH 0172/1498] caddytls: Customize DNS resolvers for DNS challenge with Caddyfile --- modules/caddytls/acmeissuer.go | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go index 07974359..e413156b 100644 --- a/modules/caddytls/acmeissuer.go +++ b/modules/caddytls/acmeissuer.go @@ -220,6 +220,7 @@ func (iss *ACMEIssuer) GetACMEIssuer() *ACMEIssuer { return iss } // alt_tlsalpn_port // eab // trusted_roots +// resolvers // } // func (iss *ACMEIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { @@ -317,6 +318,18 @@ func (iss *ACMEIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { case "trusted_roots": iss.TrustedRootsPEMFiles = d.RemainingArgs() + case "resolvers": + if !d.NextArg() { + return d.ArgErr() + } + if iss.Challenges == nil { + iss.Challenges = new(ChallengesConfig) + } + if iss.Challenges.DNS == nil { + iss.Challenges.DNS = new(DNSChallengeConfig) + } + iss.Challenges.DNS.Resolvers = d.RemainingArgs() + default: return d.Errf("unrecognized ACME issuer property: %s", d.Val()) } From 4cd7ae35b3ec3d882168cef669974a2c3aab3618 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 8 Sep 2020 12:37:46 -0400 Subject: [PATCH 0173/1498] reverseproxy: Add `buffer_requests` option to `reverse_proxy` directive (#3710) --- caddytest/integration/caddyfile_adapt/reverse_proxy_h2c.txt | 2 ++ modules/caddyhttp/reverseproxy/caddyfile.go | 6 ++++++ 2 files changed, 8 insertions(+) diff --git a/caddytest/integration/caddyfile_adapt/reverse_proxy_h2c.txt b/caddytest/integration/caddyfile_adapt/reverse_proxy_h2c.txt index 7c4ba297..9f3bc93f 100644 --- a/caddytest/integration/caddyfile_adapt/reverse_proxy_h2c.txt +++ b/caddytest/integration/caddyfile_adapt/reverse_proxy_h2c.txt @@ -10,6 +10,7 @@ https://example.com { versions h2c 2 compression off } + buffer_requests } } @@ -38,6 +39,7 @@ https://example.com { { "handle": [ { + "buffer_requests": true, "handler": "reverse_proxy", "headers": { "request": { diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index 8c3b1184..33f6e7b5 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -467,6 +467,12 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { h.FlushInterval = caddy.Duration(dur) } + case "buffer_requests": + if d.NextArg() { + return d.ArgErr() + } + h.BufferRequests = true + case "header_up": if h.Headers == nil { h.Headers = new(headers.Handler) From 04f50a975932c29bf344b45b3444572b449b1faf Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 8 Sep 2020 12:44:58 -0400 Subject: [PATCH 0174/1498] caddyhttp: Wrap http.Server logging with zap (#3668) --- modules/caddyhttp/app.go | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go index 40ae3a29..375ca4d9 100644 --- a/modules/caddyhttp/app.go +++ b/modules/caddyhttp/app.go @@ -281,6 +281,12 @@ func (app *App) Validate() error { // Start runs the app. It finishes automatic HTTPS if enabled, // including management of certificates. func (app *App) Start() error { + // get a logger compatible with http.Server + serverLogger, err := zap.NewStdLogAt(app.logger.Named("stdlib"), zap.DebugLevel) + if err != nil { + return fmt.Errorf("failed to set up server logger: %v", err) + } + for srvName, srv := range app.Servers { s := &http.Server{ ReadTimeout: time.Duration(srv.ReadTimeout), @@ -289,6 +295,7 @@ func (app *App) Start() error { IdleTimeout: time.Duration(srv.IdleTimeout), MaxHeaderBytes: srv.MaxHeaderBytes, Handler: srv, + ErrorLog: serverLogger, } // enable h2c if configured @@ -344,6 +351,7 @@ func (app *App) Start() error { Addr: hostport, Handler: srv, TLSConfig: tlsCfg, + ErrorLog: serverLogger, }, } go h3srv.Serve(h3ln) @@ -382,7 +390,7 @@ func (app *App) Start() error { // finish automatic HTTPS by finally beginning // certificate management - err := app.automaticHTTPSPhase2() + err = app.automaticHTTPSPhase2() if err != nil { return fmt.Errorf("finalizing automatic HTTPS: %v", err) } From d4f249741efa0fe300a197e27370a28d8748628f Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Tue, 8 Sep 2020 19:45:48 +0300 Subject: [PATCH 0175/1498] browse: align template to struct field renames from 4940325 (#3706) --- caddytest/integration/handler_test.go | 28 +++++++++++++++++++++++ modules/caddyhttp/fileserver/browsetpl.go | 28 +++++++++++------------ 2 files changed, 42 insertions(+), 14 deletions(-) create mode 100644 caddytest/integration/handler_test.go diff --git a/caddytest/integration/handler_test.go b/caddytest/integration/handler_test.go new file mode 100644 index 00000000..fb986c7c --- /dev/null +++ b/caddytest/integration/handler_test.go @@ -0,0 +1,28 @@ +package integration + +import ( + "net/http" + "testing" + + "github.com/caddyserver/caddy/v2/caddytest" +) + +func TestBrowse(t *testing.T) { + tester := caddytest.NewTester(t) + tester.InitServer(` + { + http_port 9080 + https_port 9443 + } + http://localhost:9080 { + file_server browse + } + `, "caddyfile") + + req, err := http.NewRequest(http.MethodGet, "http://localhost:9080/", nil) + if err != nil { + t.Fail() + return + } + tester.AssertResponseCode(req, 200) +} diff --git a/modules/caddyhttp/fileserver/browsetpl.go b/modules/caddyhttp/fileserver/browsetpl.go index 6415d59e..f3fe36fa 100644 --- a/modules/caddyhttp/fileserver/browsetpl.go +++ b/modules/caddyhttp/fileserver/browsetpl.go @@ -283,8 +283,8 @@ footer {
{{.NumDirs}} director{{if eq 1 .NumDirs}}y{{else}}ies{{end}} {{.NumFiles}} file{{if ne 1 .NumFiles}}s{{end}} - {{- if ne 0 .ItemsLimitedTo}} - (of which only {{.ItemsLimitedTo}} are displayed) + {{- if ne 0 .Limit}} + (of which only {{.Limit}} are displayed) {{- end}}
@@ -296,37 +296,37 @@ footer { {{- if and (eq .Sort "namedirfirst") (ne .Order "desc")}} - + {{- else if and (eq .Sort "namedirfirst") (ne .Order "asc")}} - + {{- else}} - + {{- end}} {{- if and (eq .Sort "name") (ne .Order "desc")}} - Name + Name {{- else if and (eq .Sort "name") (ne .Order "asc")}} - Name + Name {{- else}} - Name + Name {{- end}} {{- if and (eq .Sort "size") (ne .Order "desc")}} - Size + Size {{- else if and (eq .Sort "size") (ne .Order "asc")}} - Size + Size {{- else}} - Size + Size {{- end}} {{- if and (eq .Sort "time") (ne .Order "desc")}} - Modified + Modified {{- else if and (eq .Sort "time") (ne .Order "asc")}} - Modified + Modified {{- else}} - Modified + Modified {{- end}} From 00e6b77fe4eb4a692649970bf1724de22b15bba9 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 8 Sep 2020 13:36:46 -0400 Subject: [PATCH 0176/1498] caddytls: Add `dns` config to acmeissuer (#3701) --- modules/caddytls/acmeissuer.go | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go index e413156b..e0f656a8 100644 --- a/modules/caddytls/acmeissuer.go +++ b/modules/caddytls/acmeissuer.go @@ -24,6 +24,7 @@ import ( "time" "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/caddy/v2/caddyconfig" "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" "github.com/caddyserver/certmagic" "github.com/mholt/acmez" @@ -220,6 +221,7 @@ func (iss *ACMEIssuer) GetACMEIssuer() *ACMEIssuer { return iss } // alt_tlsalpn_port // eab // trusted_roots +// dns [] // resolvers // } // @@ -318,6 +320,30 @@ func (iss *ACMEIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { case "trusted_roots": iss.TrustedRootsPEMFiles = d.RemainingArgs() + case "dns": + if !d.NextArg() { + return d.ArgErr() + } + provName := d.Val() + if iss.Challenges == nil { + iss.Challenges = new(ChallengesConfig) + } + if iss.Challenges.DNS == nil { + iss.Challenges.DNS = new(DNSChallengeConfig) + } + dnsProvModule, err := caddy.GetModule("dns.providers." + provName) + if err != nil { + return d.Errf("getting DNS provider module named '%s': %v", provName, err) + } + dnsProvModuleInstance := dnsProvModule.New() + if unm, ok := dnsProvModuleInstance.(caddyfile.Unmarshaler); ok { + err = unm.UnmarshalCaddyfile(d.NewFromNextSegment()) + if err != nil { + return err + } + } + iss.Challenges.DNS.ProviderRaw = caddyconfig.JSONModuleObject(dnsProvModuleInstance, "name", provName, nil) + case "resolvers": if !d.NextArg() { return d.ArgErr() From 9859ab8148435e64accd8d66e67db29fb5cbc9e7 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 9 Sep 2020 10:21:59 -0600 Subject: [PATCH 0177/1498] caddytls: Fix resolvers option of acme issuer (Caddyfile) Reported in: https://caddy.community/t/dns-challenge-with-namecheap-and-split-horizon-dns/9611/17?u=matt --- modules/caddytls/acmeissuer.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go index e0f656a8..b73b34ff 100644 --- a/modules/caddytls/acmeissuer.go +++ b/modules/caddytls/acmeissuer.go @@ -345,9 +345,6 @@ func (iss *ACMEIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { iss.Challenges.DNS.ProviderRaw = caddyconfig.JSONModuleObject(dnsProvModuleInstance, "name", provName, nil) case "resolvers": - if !d.NextArg() { - return d.ArgErr() - } if iss.Challenges == nil { iss.Challenges = new(ChallengesConfig) } @@ -355,6 +352,9 @@ func (iss *ACMEIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { iss.Challenges.DNS = new(DNSChallengeConfig) } iss.Challenges.DNS.Resolvers = d.RemainingArgs() + if len(iss.Challenges.DNS.Resolvers) == 0 { + return d.ArgErr() + } default: return d.Errf("unrecognized ACME issuer property: %s", d.Val()) From 0ee4378227cf3019dcbaddeb3977ddd28e58429a Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 11 Sep 2020 12:20:39 -0600 Subject: [PATCH 0178/1498] fileserver: Improve file hiding logic for directories and prefixes Now, a filename to hide that is specified without a path separator will count as hidden if it appears in any component of the file path (not only the last component); semantically, this means hiding a file by only its name (without any part of a path) will hide both files and folders, e.g. hiding ".git" will hide "/.git" and also "/.git/foo". We also do prefix matching so that hiding "/.git" will hide "/.git" and "/.git/foo" but not "/.gitignore". The remaining logic is a globular match like before. --- modules/caddyhttp/fileserver/staticfiles.go | 39 ++++++---- .../caddyhttp/fileserver/staticfiles_test.go | 73 ++++++++++++++++++- 2 files changed, 95 insertions(+), 17 deletions(-) diff --git a/modules/caddyhttp/fileserver/staticfiles.go b/modules/caddyhttp/fileserver/staticfiles.go index d6cf4d65..735352b5 100644 --- a/modules/caddyhttp/fileserver/staticfiles.go +++ b/modules/caddyhttp/fileserver/staticfiles.go @@ -329,28 +329,37 @@ func sanitizedPathJoin(root, reqPath string) string { // fileHidden returns true if filename is hidden // according to the hide list. func fileHidden(filename string, hide []string) bool { - nameOnly := filepath.Base(filename) sep := string(filepath.Separator) + var components []string for _, h := range hide { - // assuming h is a glob/shell-like pattern, - // use it to compare the whole file path; - // but if there is no separator in h, then - // just compare against the file's name - compare := filename if !strings.Contains(h, sep) { - compare = nameOnly - } - - hidden, err := filepath.Match(h, compare) - if err != nil { - // malformed pattern; fallback by checking prefix - if strings.HasPrefix(filename, h) { + // if there is no separator in h, then we assume the user + // wants to hide any files or folders that match that + // name; thus we have to compare against each component + // of the filename, e.g. hiding "bar" would hide "/bar" + // as well as "/foo/bar/baz" but not "/barstool". + if len(components) == 0 { + components = strings.Split(filename, sep) + } + for _, c := range components { + if c == h { + return true + } + } + } else if strings.HasPrefix(filename, h) { + // otherwise, if there is a separator in h, and + // filename is exactly prefixed with h, then we + // can do a prefix match so that "/foo" matches + // "/foo/bar" but not "/foobar". + withoutPrefix := strings.TrimPrefix(filename, h) + if strings.HasPrefix(withoutPrefix, sep) { return true } } - if hidden { - // file name or path matches hide pattern + + // in the general case, a glob match will suffice + if hidden, _ := filepath.Match(h, filename); hidden { return true } } diff --git a/modules/caddyhttp/fileserver/staticfiles_test.go b/modules/caddyhttp/fileserver/staticfiles_test.go index 73762c77..f074318f 100644 --- a/modules/caddyhttp/fileserver/staticfiles_test.go +++ b/modules/caddyhttp/fileserver/staticfiles_test.go @@ -93,9 +93,78 @@ func TestSanitizedPathJoin(t *testing.T) { } actual := sanitizedPathJoin(tc.inputRoot, u.Path) if actual != tc.expect { - t.Errorf("Test %d: [%s %s] => %s (expected %s)", i, tc.inputRoot, tc.inputPath, actual, tc.expect) + t.Errorf("Test %d: [%s %s] => %s (expected %s)", + i, tc.inputRoot, tc.inputPath, actual, tc.expect) } } } -// TODO: test fileHidden +func TestFileHidden(t *testing.T) { + for i, tc := range []struct { + inputHide []string + inputPath string + expect bool + }{ + { + inputHide: nil, + inputPath: "", + expect: false, + }, + { + inputHide: []string{".gitignore"}, + inputPath: "/.gitignore", + expect: true, + }, + { + inputHide: []string{".git"}, + inputPath: "/.gitignore", + expect: false, + }, + { + inputHide: []string{"/.git"}, + inputPath: "/.gitignore", + expect: false, + }, + { + inputHide: []string{".git"}, + inputPath: "/.git", + expect: true, + }, + { + inputHide: []string{".git"}, + inputPath: "/.git/foo", + expect: true, + }, + { + inputHide: []string{".git"}, + inputPath: "/foo/.git/bar", + expect: true, + }, + { + inputHide: []string{"/prefix"}, + inputPath: "/prefix/foo", + expect: true, + }, + { + inputHide: []string{"/foo/*/bar"}, + inputPath: "/foo/asdf/bar", + expect: true, + }, + { + inputHide: []string{"/foo"}, + inputPath: "/foo", + expect: true, + }, + { + inputHide: []string{"/foo"}, + inputPath: "/foobar", + expect: false, + }, + } { + actual := fileHidden(tc.inputPath, tc.inputHide) + if actual != tc.expect { + t.Errorf("Test %d: Is %s hidden in %v? Got %t but expected %t", + i, tc.inputPath, tc.inputHide, actual, tc.expect) + } + } +} From 1c5969b576ac6e4b147bc5c0dbf2f1b8e76849ef Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Fri, 11 Sep 2020 13:09:16 -0600 Subject: [PATCH 0179/1498] fileserver: Fix new file hide tests on Windows (#3719) --- modules/caddyhttp/fileserver/staticfiles_test.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/modules/caddyhttp/fileserver/staticfiles_test.go b/modules/caddyhttp/fileserver/staticfiles_test.go index f074318f..c47fbd18 100644 --- a/modules/caddyhttp/fileserver/staticfiles_test.go +++ b/modules/caddyhttp/fileserver/staticfiles_test.go @@ -161,6 +161,12 @@ func TestFileHidden(t *testing.T) { expect: false, }, } { + // for Windows' sake + tc.inputPath = filepath.FromSlash(tc.inputPath) + for i := range tc.inputHide { + tc.inputHide[i] = filepath.FromSlash(tc.inputHide[i]) + } + actual := fileHidden(tc.inputPath, tc.inputHide) if actual != tc.expect { t.Errorf("Test %d: Is %s hidden in %v? Got %t but expected %t", From 4217217badf220d7d2c25f43f955fdc8454f2c64 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 11 Sep 2020 13:45:21 -0600 Subject: [PATCH 0180/1498] httpcaddyfile: Properly record whether we added catch-all conn policy We recently introduced `if !cp.SettingsEmpty()` which conditionally adds the connection policy to the list. If the condition evaluates to false, the policy wouldn't actually be added, even if hasCatchAllTLSConnPolicy was set to true on the previous line. Now we set that variable in accordance with whether we actually add the policy. While debugging this I noticed that catch-all policies added early in that loop (i.e. not at the end if we later determine we need one) are not always at the end of the list. They should be, though, since they are selected by which one matches first, and having a catch-all first would nullify any more specific ones later in the list. So I added a sort in consolidateConnPolicies to take care of that. Should fix #3670 and https://caddy.community/t/combining-on-demand-tls-with-custom-ssl-certs-doesnt-seem-to-work-in-2-1-1/9719 but I won't know for sure until somebody verifies it, since at least in the GitHub issue there is not yet enough information (the configs are redacted). --- caddyconfig/httpcaddyfile/httptype.go | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 130067da..f2d15686 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -446,12 +446,12 @@ func (st *ServerType) serversFromPairings( } } else { cp.DefaultSNI = defaultSNI - hasCatchAllTLSConnPolicy = true } // only append this policy if it actually changes something if !cp.SettingsEmpty() { srv.TLSConnPolicies = append(srv.TLSConnPolicies, cp) + hasCatchAllTLSConnPolicy = len(hosts) == 0 } } } @@ -653,9 +653,15 @@ func detectConflictingSchemes(srv *caddyhttp.Server, serverBlocks []serverBlock, return nil } -// consolidateConnPolicies removes empty TLS connection policies and combines -// equivalent ones for a cleaner overall output. +// consolidateConnPolicies sorts any catch-all policy to the end, removes empty TLS connection +// policies, and combines equivalent ones for a cleaner overall output. func consolidateConnPolicies(cps caddytls.ConnectionPolicies) (caddytls.ConnectionPolicies, error) { + // catch-all policies (those without any matcher) should be at the + // end, otherwise it nullifies any more specific policies + sort.SliceStable(cps, func(i, j int) bool { + return cps[j].MatchersRaw == nil && cps[i].MatchersRaw != nil + }) + for i := 0; i < len(cps); i++ { // compare it to the others for j := 0; j < len(cps); j++ { From b88e2b6a497789307b0a12f9867cf2ac8088d73a Mon Sep 17 00:00:00 2001 From: Matthew Penner Date: Mon, 14 Sep 2020 12:30:12 -0600 Subject: [PATCH 0181/1498] cmd: Allow `caddy fmt` to read from stdin (#3680) * Allow 'caddy fmt' to read from stdin * fmt: use '-' as the file name for reading from stdin * Minor adjustments Co-authored-by: Matthew Holt --- cmd/commandfuncs.go | 17 +++++++++++++---- cmd/commands.go | 8 ++++++-- 2 files changed, 19 insertions(+), 6 deletions(-) diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go index a10bc191..772fe012 100644 --- a/cmd/commandfuncs.go +++ b/cmd/commandfuncs.go @@ -533,7 +533,17 @@ func cmdFmt(fl Flags) (int, error) { if formatCmdConfigFile == "" { formatCmdConfigFile = "Caddyfile" } - overwrite := fl.Bool("overwrite") + + // as a special case, read from stdin if the file name is "-" + if formatCmdConfigFile == "-" { + input, err := ioutil.ReadAll(os.Stdin) + if err != nil { + return caddy.ExitCodeFailedStartup, + fmt.Errorf("reading stdin: %v", err) + } + fmt.Print(string(caddyfile.Format(input))) + return caddy.ExitCodeSuccess, nil + } input, err := ioutil.ReadFile(formatCmdConfigFile) if err != nil { @@ -543,9 +553,8 @@ func cmdFmt(fl Flags) (int, error) { output := caddyfile.Format(input) - if overwrite { - err = ioutil.WriteFile(formatCmdConfigFile, output, 0644) - if err != nil { + if fl.Bool("overwrite") { + if err := ioutil.WriteFile(formatCmdConfigFile, output, 0600); err != nil { return caddy.ExitCodeFailedStartup, nil } } else { diff --git a/cmd/commands.go b/cmd/commands.go index 99d5245c..ea8402d9 100644 --- a/cmd/commands.go +++ b/cmd/commands.go @@ -263,8 +263,12 @@ provisioning stages.`, Formats the Caddyfile by adding proper indentation and spaces to improve human readability. It prints the result to stdout. -If --write is specified, the output will be written to the config file -directly instead of printing it.`, +If --overwrite is specified, the output will be written to the config file +directly instead of printing it. + +If you wish you use stdin instead of a regular file, use - as the path. +When reading from stdin, the --overwrite flag has no effect: the result +is always printed to stdout.`, Flags: func() *flag.FlagSet { fs := flag.NewFlagSet("format", flag.ExitOnError) fs.Bool("overwrite", false, "Overwrite the input file with the results") From 309c1fec622c08bdc68a43de64fc0777f590d309 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 15 Sep 2020 14:37:41 -0400 Subject: [PATCH 0182/1498] logging: Implement Caddyfile support for filter encoder (#3578) * logging: Implement Caddyfile support for filter encoder * logging: Add support for parsing IP masks from strings wip * logging: Implement Caddyfile support for ip_mask * logging: Get rid of unnecessary logic to allow strings, not that useful * logging: Add adapt test --- .../caddyfile_adapt/log_filters.txt | 69 +++++++++++++++ modules/logging/filterencoder.go | 77 ++++++++++++++++ modules/logging/filters.go | 88 +++++++++++++++++-- 3 files changed, 225 insertions(+), 9 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/log_filters.txt diff --git a/caddytest/integration/caddyfile_adapt/log_filters.txt b/caddytest/integration/caddyfile_adapt/log_filters.txt new file mode 100644 index 00000000..549f4e6a --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/log_filters.txt @@ -0,0 +1,69 @@ +:80 + +log { + output stdout + format filter { + wrap console + fields { + request>headers>Authorization delete + request>headers>Server delete + request>remote_addr ip_mask { + ipv4 24 + ipv6 32 + } + } + } +} +---------- +{ + "logging": { + "logs": { + "default": { + "exclude": [ + "http.log.access.log0" + ] + }, + "log0": { + "writer": { + "output": "stdout" + }, + "encoder": { + "fields": { + "request\u003eheaders\u003eAuthorization": { + "filter": "delete" + }, + "request\u003eheaders\u003eServer": { + "filter": "delete" + }, + "request\u003eremote_addr": { + "filter": "ip_mask", + "ipv4_cidr": 24, + "ipv6_cidr": 32 + } + }, + "format": "filter", + "wrap": { + "format": "console" + } + }, + "include": [ + "http.log.access.log0" + ] + } + } + }, + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":80" + ], + "logs": { + "default_logger_name": "log0" + } + } + } + } + } +} \ No newline at end of file diff --git a/modules/logging/filterencoder.go b/modules/logging/filterencoder.go index 7a8108ca..d1c335f4 100644 --- a/modules/logging/filterencoder.go +++ b/modules/logging/filterencoder.go @@ -20,6 +20,8 @@ import ( "time" "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/caddy/v2/caddyconfig" + "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" "go.uber.org/zap" "go.uber.org/zap/buffer" "go.uber.org/zap/zapcore" @@ -94,6 +96,80 @@ func (fe *FilterEncoder) Provision(ctx caddy.Context) error { return nil } +// UnmarshalCaddyfile sets up the module from Caddyfile tokens. Syntax: +// +// filter { +// wrap +// fields { +// { +// +// } +// } +// } +func (fe *FilterEncoder) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + for d.Next() { + for d.NextBlock(0) { + switch d.Val() { + case "wrap": + if !d.NextArg() { + return d.ArgErr() + } + moduleName := d.Val() + mod, err := caddy.GetModule("caddy.logging.encoders." + moduleName) + if err != nil { + return d.Errf("getting log encoder module named '%s': %v", moduleName, err) + } + unm, ok := mod.New().(caddyfile.Unmarshaler) + if !ok { + return d.Errf("log encoder module '%s' is not a Caddyfile unmarshaler", mod) + } + err = unm.UnmarshalCaddyfile(d.NewFromNextSegment()) + if err != nil { + return err + } + enc, ok := unm.(zapcore.Encoder) + if !ok { + return d.Errf("module %s is not a zapcore.Encoder", mod) + } + fe.WrappedRaw = caddyconfig.JSONModuleObject(enc, "format", moduleName, nil) + + case "fields": + for d.NextBlock(1) { + field := d.Val() + if !d.NextArg() { + return d.ArgErr() + } + filterName := d.Val() + mod, err := caddy.GetModule("caddy.logging.encoders.filter." + filterName) + if err != nil { + return d.Errf("getting log filter module named '%s': %v", filterName, err) + } + unm, ok := mod.New().(caddyfile.Unmarshaler) + if !ok { + return d.Errf("log encoder module '%s' is not a Caddyfile unmarshaler", mod) + } + err = unm.UnmarshalCaddyfile(d.NewFromNextSegment()) + if err != nil { + return err + } + f, ok := unm.(LogFieldFilter) + if !ok { + return d.Errf("module %s is not a LogFieldFilter", mod) + } + if fe.FieldsRaw == nil { + fe.FieldsRaw = make(map[string]json.RawMessage) + } + fe.FieldsRaw[field] = caddyconfig.JSONModuleObject(f, "filter", filterName, nil) + } + + default: + return d.Errf("unrecognized subdirective %s", d.Val()) + } + } + } + return nil +} + // AddArray is part of the zapcore.ObjectEncoder interface. // Array elements do not get filtered. func (fe FilterEncoder) AddArray(key string, marshaler zapcore.ArrayMarshaler) error { @@ -330,4 +406,5 @@ func (mom logObjectMarshalerWrapper) MarshalLogObject(_ zapcore.ObjectEncoder) e var ( _ zapcore.Encoder = (*FilterEncoder)(nil) _ zapcore.ObjectMarshaler = (*logObjectMarshalerWrapper)(nil) + _ caddyfile.Unmarshaler = (*FilterEncoder)(nil) ) diff --git a/modules/logging/filters.go b/modules/logging/filters.go index cd3bbb13..3bc1e2cb 100644 --- a/modules/logging/filters.go +++ b/modules/logging/filters.go @@ -16,8 +16,10 @@ package logging import ( "net" + "strconv" "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" "go.uber.org/zap/zapcore" ) @@ -44,6 +46,11 @@ func (DeleteFilter) CaddyModule() caddy.ModuleInfo { } } +// UnmarshalCaddyfile sets up the module from Caddyfile tokens. +func (DeleteFilter) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + return nil +} + // Filter filters the input field. func (DeleteFilter) Filter(in zapcore.Field) zapcore.Field { in.Type = zapcore.SkipType @@ -53,11 +60,14 @@ func (DeleteFilter) Filter(in zapcore.Field) zapcore.Field { // IPMaskFilter is a Caddy log field filter that // masks IP addresses. type IPMaskFilter struct { - // The IPv4 range in CIDR notation. - IPv4CIDR int `json:"ipv4_cidr,omitempty"` + // The IPv4 mask, as an subnet size CIDR. + IPv4MaskRaw int `json:"ipv4_cidr,omitempty"` - // The IPv6 range in CIDR notation. - IPv6CIDR int `json:"ipv6_cidr,omitempty"` + // The IPv6 mask, as an subnet size CIDR. + IPv6MaskRaw int `json:"ipv6_cidr,omitempty"` + + v4Mask net.IPMask + v6Mask net.IPMask } // CaddyModule returns the Caddy module information. @@ -68,6 +78,58 @@ func (IPMaskFilter) CaddyModule() caddy.ModuleInfo { } } +// UnmarshalCaddyfile sets up the module from Caddyfile tokens. +func (m *IPMaskFilter) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + for d.Next() { + for d.NextBlock(0) { + switch d.Val() { + case "ipv4": + if !d.NextArg() { + return d.ArgErr() + } + val, err := strconv.Atoi(d.Val()) + if err != nil { + return d.Errf("error parsing %s: %v", d.Val(), err) + } + m.IPv4MaskRaw = val + + case "ipv6": + if !d.NextArg() { + return d.ArgErr() + } + val, err := strconv.Atoi(d.Val()) + if err != nil { + return d.Errf("error parsing %s: %v", d.Val(), err) + } + m.IPv6MaskRaw = val + + default: + return d.Errf("unrecognized subdirective %s", d.Val()) + } + } + } + return nil +} + +// Provision parses m's IP masks, from integers. +func (m *IPMaskFilter) Provision(ctx caddy.Context) error { + parseRawToMask := func(rawField int, bitLen int) net.IPMask { + if rawField == 0 { + return nil + } + + // we assume the int is a subnet size CIDR + // e.g. "16" being equivalent to masking the last + // two bytes of an ipv4 address, like "255.255.0.0" + return net.CIDRMask(rawField, bitLen) + } + + m.v4Mask = parseRawToMask(m.IPv4MaskRaw, 32) + m.v6Mask = parseRawToMask(m.IPv6MaskRaw, 128) + + return nil +} + // Filter filters the input field. func (m IPMaskFilter) Filter(in zapcore.Field) zapcore.Field { host, port, err := net.SplitHostPort(in.String) @@ -78,13 +140,10 @@ func (m IPMaskFilter) Filter(in zapcore.Field) zapcore.Field { if ipAddr == nil { return in } - bitLen := 32 - cidrPrefix := m.IPv4CIDR + mask := m.v4Mask if ipAddr.To16() != nil { - bitLen = 128 - cidrPrefix = m.IPv6CIDR + mask = m.v6Mask } - mask := net.CIDRMask(cidrPrefix, bitLen) masked := ipAddr.Mask(mask) if port == "" { in.String = masked.String() @@ -93,3 +152,14 @@ func (m IPMaskFilter) Filter(in zapcore.Field) zapcore.Field { } return in } + +// Interface guards +var ( + _ LogFieldFilter = (*DeleteFilter)(nil) + _ LogFieldFilter = (*IPMaskFilter)(nil) + + _ caddyfile.Unmarshaler = (*DeleteFilter)(nil) + _ caddyfile.Unmarshaler = (*IPMaskFilter)(nil) + + _ caddy.Provisioner = (*IPMaskFilter)(nil) +) From b01bb275b395643542ceca4fbc82bedea8e43937 Mon Sep 17 00:00:00 2001 From: Gaurav Dhameeja Date: Thu, 17 Sep 2020 02:36:51 +0530 Subject: [PATCH 0183/1498] caddyhttp: New placeholder for PEM of client certificate (#3662) * Fix-3585: added placeholder for a PEM encoded value of the certificate * Update modules/caddyhttp/replacer.go Change type of block and empty headers removed Co-authored-by: Matt Holt * fixed tests Co-authored-by: Matt Holt --- modules/caddyhttp/replacer.go | 4 ++++ modules/caddyhttp/replacer_test.go | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/modules/caddyhttp/replacer.go b/modules/caddyhttp/replacer.go index 3f4a808e..3993433a 100644 --- a/modules/caddyhttp/replacer.go +++ b/modules/caddyhttp/replacer.go @@ -25,6 +25,7 @@ import ( "crypto/tls" "crypto/x509" "encoding/asn1" + "encoding/pem" "fmt" "io" "io/ioutil" @@ -343,6 +344,9 @@ func getReqTLSReplacement(req *http.Request, key string) (interface{}, bool) { return cert.SerialNumber, true case "client.subject": return cert.Subject, true + case "client.certificate_pem": + block := pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw} + return pem.EncodeToMemory(&block), true default: return nil, false } diff --git a/modules/caddyhttp/replacer_test.go b/modules/caddyhttp/replacer_test.go index 49167ee5..486a8e3c 100644 --- a/modules/caddyhttp/replacer_test.go +++ b/modules/caddyhttp/replacer_test.go @@ -171,6 +171,10 @@ eqp31wM9il1n+guTNyxJd+FzVAH+hCZE5K+tCgVDdVFUlDEHHbS/wqb2PSIoouLV input: "{http.request.tls.client.san.ips.0}", expect: "127.0.0.1", }, + { + input: "{http.request.tls.client.certificate_pem}", + expect: string(clientCert) + "\n", // returned value comes with a newline appended to it + }, } { actual := repl.ReplaceAll(tc.input, "") if actual != tc.expect { From b95b87381a282e1fe57295d145b71645d7801f07 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 16 Sep 2020 20:09:28 -0400 Subject: [PATCH 0184/1498] fileserver: Fix try_files for directories; windows fix (#3684) * fileserver: Fix try_files for directories, windows fix * fileserver: Add new file type placeholder, refactoring, tests * fileserver: Review cleanup * fileserver: Flip the return args order --- modules/caddyhttp/fileserver/matcher.go | 85 ++++++++++------- modules/caddyhttp/fileserver/matcher_test.go | 93 +++++++++++++++++++ modules/caddyhttp/fileserver/staticfiles.go | 14 ++- .../caddyhttp/fileserver/staticfiles_test.go | 6 +- modules/caddyhttp/fileserver/testdata/foo.txt | 1 + .../fileserver/testdata/foodir/foo.txt | 1 + 6 files changed, 165 insertions(+), 35 deletions(-) create mode 100644 modules/caddyhttp/fileserver/testdata/foo.txt create mode 100644 modules/caddyhttp/fileserver/testdata/foodir/foo.txt diff --git a/modules/caddyhttp/fileserver/matcher.go b/modules/caddyhttp/fileserver/matcher.go index 18444211..475a9ee1 100644 --- a/modules/caddyhttp/fileserver/matcher.go +++ b/modules/caddyhttp/fileserver/matcher.go @@ -19,6 +19,7 @@ import ( "net/http" "os" "path" + "path/filepath" "strings" "time" @@ -34,7 +35,7 @@ func init() { // MatchFile is an HTTP request matcher that can match // requests based upon file existence. // -// Upon matching, two new placeholders will be made +// Upon matching, three new placeholders will be made // available: // // - `{http.matchers.file.relative}` The root-relative @@ -42,6 +43,8 @@ func init() { // requests. // - `{http.matchers.file.absolute}` The absolute path // of the matched file. +// - `{http.matchers.file.type}` Set to "directory" if +// the matched file is a directory, "file" otherwise. type MatchFile struct { // The root directory, used for creating absolute // file paths, and required when working with @@ -153,25 +156,18 @@ func (m MatchFile) Validate() error { } // Match returns true if r matches m. Returns true -// if a file was matched. If so, two placeholders +// if a file was matched. If so, three placeholders // will be available: // - http.matchers.file.relative // - http.matchers.file.absolute +// - http.matchers.file.type func (m MatchFile) Match(r *http.Request) bool { - repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) - rel, abs, matched := m.selectFile(r) - if matched { - repl.Set("http.matchers.file.relative", rel) - repl.Set("http.matchers.file.absolute", abs) - } - return matched + return m.selectFile(r) } // selectFile chooses a file according to m.TryPolicy by appending // the paths in m.TryFiles to m.Root, with placeholder replacements. -// It returns the root-relative path to the matched file, the full -// or absolute path, and whether a match was made. -func (m MatchFile) selectFile(r *http.Request) (rel, abs string, matched bool) { +func (m MatchFile) selectFile(r *http.Request) (matched bool) { repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) root := repl.ReplaceAll(m.Root, ".") @@ -183,13 +179,35 @@ func (m MatchFile) selectFile(r *http.Request) (rel, abs string, matched bool) { m.TryFiles = []string{r.URL.Path} } + // common preparation of the file into parts + prepareFilePath := func(file string) (string, string) { + suffix := m.firstSplit(path.Clean(repl.ReplaceAll(file, ""))) + if strings.HasSuffix(file, "/") { + suffix += "/" + } + fullpath := sanitizedPathJoin(root, suffix) + return suffix, fullpath + } + + // sets up the placeholders for the matched file + setPlaceholders := func(info os.FileInfo, rel string, abs string) { + repl.Set("http.matchers.file.relative", rel) + repl.Set("http.matchers.file.absolute", abs) + + fileType := "file" + if info.IsDir() { + fileType = "directory" + } + repl.Set("http.matchers.file.type", fileType) + } + switch m.TryPolicy { case "", tryPolicyFirstExist: for _, f := range m.TryFiles { - suffix := m.firstSplit(path.Clean(repl.ReplaceAll(f, ""))) - fullpath := sanitizedPathJoin(root, suffix) - if strictFileExists(fullpath) { - return suffix, fullpath, true + suffix, fullpath := prepareFilePath(f) + if info, exists := strictFileExists(fullpath); exists { + setPlaceholders(info, suffix, fullpath) + return true } } @@ -197,9 +215,9 @@ func (m MatchFile) selectFile(r *http.Request) (rel, abs string, matched bool) { var largestSize int64 var largestFilename string var largestSuffix string + var info os.FileInfo for _, f := range m.TryFiles { - suffix := m.firstSplit(path.Clean(repl.ReplaceAll(f, ""))) - fullpath := sanitizedPathJoin(root, suffix) + suffix, fullpath := prepareFilePath(f) info, err := os.Stat(fullpath) if err == nil && info.Size() > largestSize { largestSize = info.Size() @@ -207,15 +225,16 @@ func (m MatchFile) selectFile(r *http.Request) (rel, abs string, matched bool) { largestSuffix = suffix } } - return largestSuffix, largestFilename, true + setPlaceholders(info, largestSuffix, largestFilename) + return true case tryPolicySmallestSize: var smallestSize int64 var smallestFilename string var smallestSuffix string + var info os.FileInfo for _, f := range m.TryFiles { - suffix := m.firstSplit(path.Clean(repl.ReplaceAll(f, ""))) - fullpath := sanitizedPathJoin(root, suffix) + suffix, fullpath := prepareFilePath(f) info, err := os.Stat(fullpath) if err == nil && (smallestSize == 0 || info.Size() < smallestSize) { smallestSize = info.Size() @@ -223,15 +242,16 @@ func (m MatchFile) selectFile(r *http.Request) (rel, abs string, matched bool) { smallestSuffix = suffix } } - return smallestSuffix, smallestFilename, true + setPlaceholders(info, smallestSuffix, smallestFilename) + return true case tryPolicyMostRecentlyMod: var recentDate time.Time var recentFilename string var recentSuffix string + var info os.FileInfo for _, f := range m.TryFiles { - suffix := m.firstSplit(path.Clean(repl.ReplaceAll(f, ""))) - fullpath := sanitizedPathJoin(root, suffix) + suffix, fullpath := prepareFilePath(f) info, err := os.Stat(fullpath) if err == nil && (recentDate.IsZero() || info.ModTime().After(recentDate)) { @@ -240,7 +260,8 @@ func (m MatchFile) selectFile(r *http.Request) (rel, abs string, matched bool) { recentSuffix = suffix } } - return recentSuffix, recentFilename, true + setPlaceholders(info, recentSuffix, recentFilename) + return true } return @@ -252,7 +273,7 @@ func (m MatchFile) selectFile(r *http.Request) (rel, abs string, matched bool) { // the file must also be a directory; if it does // NOT end in a forward slash, the file must NOT // be a directory. -func strictFileExists(file string) bool { +func strictFileExists(file string) (os.FileInfo, bool) { stat, err := os.Stat(file) if err != nil { // in reality, this can be any error @@ -263,16 +284,16 @@ func strictFileExists(file string) bool { // the file exists, so we just treat any // error as if it does not exist; see // https://stackoverflow.com/a/12518877/1048862 - return false + return nil, false } - if strings.HasSuffix(file, "/") { + if strings.HasSuffix(file, string(filepath.Separator)) { // by convention, file paths ending - // in a slash must be a directory - return stat.IsDir() + // in a path separator must be a directory + return stat, stat.IsDir() } // by convention, file paths NOT ending - // in a slash must NOT be a directory - return !stat.IsDir() + // in a path separator must NOT be a directory + return stat, !stat.IsDir() } // firstSplit returns the first result where the path diff --git a/modules/caddyhttp/fileserver/matcher_test.go b/modules/caddyhttp/fileserver/matcher_test.go index 51cd284e..ddd4f78a 100644 --- a/modules/caddyhttp/fileserver/matcher_test.go +++ b/modules/caddyhttp/fileserver/matcher_test.go @@ -22,30 +22,114 @@ import ( "github.com/caddyserver/caddy/v2/modules/caddyhttp" ) +func TestFileMatcher(t *testing.T) { + for i, tc := range []struct { + path string + expectedPath string + expectedType string + matched bool + }{ + { + path: "/foo.txt", + expectedPath: "/foo.txt", + expectedType: "file", + matched: true, + }, + { + path: "/foo.txt/", + expectedPath: "/foo.txt", + expectedType: "file", + matched: true, + }, + { + path: "/foodir", + expectedPath: "/foodir/", + expectedType: "directory", + matched: true, + }, + { + path: "/foodir/", + expectedPath: "/foodir/", + expectedType: "directory", + matched: true, + }, + { + path: "/foodir/foo.txt", + expectedPath: "/foodir/foo.txt", + expectedType: "file", + matched: true, + }, + { + path: "/missingfile.php", + matched: false, + }, + } { + m := &MatchFile{ + Root: "./testdata", + TryFiles: []string{"{http.request.uri.path}", "{http.request.uri.path}/"}, + } + + u, err := url.Parse(tc.path) + if err != nil { + t.Fatalf("Test %d: parsing path: %v", i, err) + } + + req := &http.Request{URL: u} + repl := caddyhttp.NewTestReplacer(req) + + result := m.Match(req) + if result != tc.matched { + t.Fatalf("Test %d: expected match=%t, got %t", i, tc.matched, result) + } + + rel, ok := repl.Get("http.matchers.file.relative") + if !ok && result { + t.Fatalf("Test %d: expected replacer value", i) + } + if !result { + continue + } + + if rel != tc.expectedPath { + t.Fatalf("Test %d: actual path: %v, expected: %v", i, rel, tc.expectedPath) + } + + fileType, ok := repl.Get("http.matchers.file.type") + if fileType != tc.expectedType { + t.Fatalf("Test %d: actual file type: %v, expected: %v", i, fileType, tc.expectedType) + } + } +} + func TestPHPFileMatcher(t *testing.T) { for i, tc := range []struct { path string expectedPath string + expectedType string matched bool }{ { path: "/index.php", expectedPath: "/index.php", + expectedType: "file", matched: true, }, { path: "/index.php/somewhere", expectedPath: "/index.php", + expectedType: "file", matched: true, }, { path: "/remote.php", expectedPath: "/remote.php", + expectedType: "file", matched: true, }, { path: "/remote.php/somewhere", expectedPath: "/remote.php", + expectedType: "file", matched: true, }, { @@ -55,11 +139,13 @@ func TestPHPFileMatcher(t *testing.T) { { path: "/notphp.php.txt", expectedPath: "/notphp.php.txt", + expectedType: "file", matched: true, }, { path: "/notphp.php.txt/", expectedPath: "/notphp.php.txt", + expectedType: "file", matched: true, }, { @@ -69,12 +155,14 @@ func TestPHPFileMatcher(t *testing.T) { { path: "/foo.php.php/index.php", expectedPath: "/foo.php.php/index.php", + expectedType: "file", matched: true, }, { // See https://github.com/caddyserver/caddy/issues/3623 path: "/%E2%C3", expectedPath: "/%E2%C3", + expectedType: "file", matched: false, }, } { @@ -108,6 +196,11 @@ func TestPHPFileMatcher(t *testing.T) { if rel != tc.expectedPath { t.Fatalf("Test %d: actual path: %v, expected: %v", i, rel, tc.expectedPath) } + + fileType, ok := repl.Get("http.matchers.file.type") + if fileType != tc.expectedType { + t.Fatalf("Test %d: actual file type: %v, expected: %v", i, fileType, tc.expectedType) + } } } diff --git a/modules/caddyhttp/fileserver/staticfiles.go b/modules/caddyhttp/fileserver/staticfiles.go index 735352b5..2a7e0138 100644 --- a/modules/caddyhttp/fileserver/staticfiles.go +++ b/modules/caddyhttp/fileserver/staticfiles.go @@ -23,7 +23,6 @@ import ( "mime" "net/http" "os" - "path" "path/filepath" "strconv" "strings" @@ -323,7 +322,18 @@ func sanitizedPathJoin(root, reqPath string) string { if root == "" { root = "." } - return filepath.Join(root, filepath.FromSlash(path.Clean("/"+reqPath))) + + path := filepath.Join(root, filepath.Clean("/"+reqPath)) + + // filepath.Join also cleans the path, and cleaning strips + // the trailing slash, so we need to re-add it afterwards. + // if the length is 1, then it's a path to the root, + // and that should return ".", so we don't append the separator. + if strings.HasSuffix(reqPath, "/") && len(reqPath) > 1 { + path += string(filepath.Separator) + } + + return path } // fileHidden returns true if filename is hidden diff --git a/modules/caddyhttp/fileserver/staticfiles_test.go b/modules/caddyhttp/fileserver/staticfiles_test.go index c47fbd18..1bbd77b2 100644 --- a/modules/caddyhttp/fileserver/staticfiles_test.go +++ b/modules/caddyhttp/fileserver/staticfiles_test.go @@ -42,6 +42,10 @@ func TestSanitizedPathJoin(t *testing.T) { inputPath: "/foo", expect: "foo", }, + { + inputPath: "/foo/", + expect: "foo" + string(filepath.Separator), + }, { inputPath: "/foo/bar", expect: filepath.Join("foo", "bar"), @@ -73,7 +77,7 @@ func TestSanitizedPathJoin(t *testing.T) { { inputRoot: "/a/b", inputPath: "/%2e%2e%2f%2e%2e%2f", - expect: filepath.Join("/", "a", "b"), + expect: filepath.Join("/", "a", "b") + string(filepath.Separator), }, { inputRoot: "C:\\www", diff --git a/modules/caddyhttp/fileserver/testdata/foo.txt b/modules/caddyhttp/fileserver/testdata/foo.txt new file mode 100644 index 00000000..996f1789 --- /dev/null +++ b/modules/caddyhttp/fileserver/testdata/foo.txt @@ -0,0 +1 @@ +foo.txt \ No newline at end of file diff --git a/modules/caddyhttp/fileserver/testdata/foodir/foo.txt b/modules/caddyhttp/fileserver/testdata/foodir/foo.txt new file mode 100644 index 00000000..0e3335b4 --- /dev/null +++ b/modules/caddyhttp/fileserver/testdata/foodir/foo.txt @@ -0,0 +1 @@ +foodir/foo.txt \ No newline at end of file From d55d50b3b3a9a8e842bb25e1ee8468587cd346f4 Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Thu, 17 Sep 2020 04:48:37 +0300 Subject: [PATCH 0185/1498] reverseproxy: Enforce port range size of 1 at provision (#3695) * reverse_proxy: ensure upstream address has port range of only 1 * reverse_proxy: don't log the error if upstream range size is more than 1 --- modules/caddyhttp/reverseproxy/reverseproxy.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index d1aa49a7..910fbfc7 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -204,6 +204,13 @@ func (h *Handler) Provision(ctx caddy.Context) error { // set up upstreams for _, upstream := range h.Upstreams { + addr, err := caddy.ParseNetworkAddress(upstream.Dial) + if err != nil { + return err + } + if addr.PortRangeSize() != 1 { + return fmt.Errorf("multiple addresses (upstream must map to only one address): %v", addr) + } // create or get the host representation for this upstream var host Host = new(upstreamHost) existingHost, loaded := hosts.LoadOrStore(upstream.String(), host) From e3324aa6de6c6f8f9fc14757025bb15de4801dde Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 16 Sep 2020 22:01:22 -0400 Subject: [PATCH 0186/1498] httpcaddyfile: Ensure handle_path is sorted equally to handle (#3676) * httpcaddyfile: Ensure handle_path is sorted as equal to handle * httpcaddyfile: Make mutual exclusivity grouping deterministic (I hope) * httpcaddyfile: Add comment linking to the issue being fixed * httpcaddyfile: Typo fix, comment clarity Co-authored-by: Matt Holt * Update caddyconfig/httpcaddyfile/httptype.go Co-authored-by: Matt Holt --- caddyconfig/httpcaddyfile/httptype.go | 22 +++- .../caddyfile_adapt/handle_path_sorting.txt | 105 ++++++++++++++++++ 2 files changed, 126 insertions(+), 1 deletion(-) create mode 100644 caddytest/integration/caddyfile_adapt/handle_path_sorting.txt diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index f2d15686..a19a6fed 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -172,6 +172,15 @@ func (st ServerType) Setup(inputServerBlocks []caddyfile.ServerBlock, if err != nil { return nil, warnings, fmt.Errorf("parsing caddyfile tokens for '%s': %v", dir, err) } + + // As a special case, we want "handle_path" to be sorted + // at the same level as "handle", so we force them to use + // the same directive name after their parsing is complete. + // See https://github.com/caddyserver/caddy/issues/3675#issuecomment-678042377 + if dir == "handle_path" { + dir = "handle" + } + for _, result := range results { result.directive = dir sb.pile[result.Class] = append(sb.pile[result.Class], result) @@ -854,7 +863,18 @@ func buildSubroute(routes []ConfigValue, groupCounter counter) (*caddyhttp.Subro // root directives would overwrite previously-matched ones; they should not cascade "root": {}, } - for meDir, info := range mutuallyExclusiveDirs { + + // we need to deterministically loop over each of these directives + // in order to keep the group numbers consistent + keys := make([]string, 0, len(mutuallyExclusiveDirs)) + for k := range mutuallyExclusiveDirs { + keys = append(keys, k) + } + sort.Strings(keys) + + for _, meDir := range keys { + info := mutuallyExclusiveDirs[meDir] + // see how many instances of the directive there are for _, r := range routes { if r.directive == meDir { diff --git a/caddytest/integration/caddyfile_adapt/handle_path_sorting.txt b/caddytest/integration/caddyfile_adapt/handle_path_sorting.txt new file mode 100644 index 00000000..3258dc9b --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/handle_path_sorting.txt @@ -0,0 +1,105 @@ +:80 { + handle /api/* { + respond "api" + } + + handle_path /static/* { + respond "static" + } + + handle { + respond "handle" + } +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":80" + ], + "routes": [ + { + "group": "group3", + "match": [ + { + "path": [ + "/static/*" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "handler": "rewrite", + "strip_path_prefix": "/static" + } + ] + }, + { + "handle": [ + { + "body": "static", + "handler": "static_response" + } + ] + } + ] + } + ] + }, + { + "group": "group3", + "match": [ + { + "path": [ + "/api/*" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "body": "api", + "handler": "static_response" + } + ] + } + ] + } + ] + }, + { + "group": "group3", + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "body": "handle", + "handler": "static_response" + } + ] + } + ] + } + ] + } + ] + } + } + } + } +} \ No newline at end of file From bc453fa6ae36287c90d2bf6941cb686490090df2 Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Thu, 17 Sep 2020 19:25:34 +0300 Subject: [PATCH 0187/1498] reverseproxy: Correct alternate port for active health checks (#3693) * reverseproxy: construct active health-check transport from scratch (Fixes #3691) * reverseproxy: do upstream health-check on the correct alternative port * reverseproxy: add integration test for health-check on alternative port * reverseproxy: put back the custom transport for health-check http client * reverseproxy: cleanup health-check integration test * reverseproxy: fix health-check of unix socket upstreams * reverseproxy: skip unix socket tests on Windows * tabs > spaces Co-authored-by: Francis Lavoie * make the linter (and @francislavoie) happy Co-authored-by: Francis Lavoie * One more lint fix Co-authored-by: Francis Lavoie Co-authored-by: Francis Lavoie --- caddytest/integration/reverseproxy_test.go | 97 +++++++++++++++++++ .../caddyhttp/reverseproxy/healthchecks.go | 33 +++---- modules/caddyhttp/reverseproxy/hosts.go | 6 +- .../caddyhttp/reverseproxy/httptransport.go | 3 + .../caddyhttp/reverseproxy/reverseproxy.go | 14 +++ 5 files changed, 132 insertions(+), 21 deletions(-) create mode 100644 caddytest/integration/reverseproxy_test.go diff --git a/caddytest/integration/reverseproxy_test.go b/caddytest/integration/reverseproxy_test.go new file mode 100644 index 00000000..8000546d --- /dev/null +++ b/caddytest/integration/reverseproxy_test.go @@ -0,0 +1,97 @@ +package integration + +import ( + "fmt" + "io/ioutil" + "net" + "net/http" + "os" + "runtime" + "strings" + "testing" + + "github.com/caddyserver/caddy/v2/caddytest" +) + +func TestReverseProxyHealthCheck(t *testing.T) { + tester := caddytest.NewTester(t) + tester.InitServer(` + { + http_port 9080 + https_port 9443 + } + http://localhost:2020 { + respond "Hello, World!" + } + http://localhost:2021 { + respond "ok" + } + http://localhost:9080 { + reverse_proxy { + to localhost:2020 + + health_path /health + health_port 2021 + health_interval 2s + health_timeout 5s + } + } + `, "caddyfile") + + tester.AssertGetResponse("http://localhost:9080/", 200, "Hello, World!") +} + +func TestReverseProxyHealthCheckUnixSocket(t *testing.T) { + if runtime.GOOS == "windows" { + t.SkipNow() + } + tester := caddytest.NewTester(t) + f, err := ioutil.TempFile("", "*.sock") + if err != nil { + t.Errorf("failed to create TempFile: %s", err) + return + } + // a hack to get a file name within a valid path to use as socket + socketName := f.Name() + os.Remove(f.Name()) + + server := http.Server{ + Handler: http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { + if strings.HasPrefix(req.URL.Path, "/health") { + w.Write([]byte("ok")) + return + } + w.Write([]byte("Hello, World!")) + }), + } + + unixListener, err := net.Listen("unix", socketName) + if err != nil { + t.Errorf("failed to listen on the socket: %s", err) + return + } + go server.Serve(unixListener) + t.Cleanup(func() { + server.Close() + }) + runtime.Gosched() // Allow other goroutines to run + + tester.InitServer(fmt.Sprintf(` + { + http_port 9080 + https_port 9443 + } + http://localhost:9080 { + reverse_proxy { + to unix/%s + + health_path /health + health_port 2021 + health_interval 2s + health_timeout 5s + } + } + `, socketName), "caddyfile") + + tester.AssertGetResponse("http://localhost:9080/", 200, "Hello, World!") +} diff --git a/modules/caddyhttp/reverseproxy/healthchecks.go b/modules/caddyhttp/reverseproxy/healthchecks.go index 33cfd82b..410b9d4a 100644 --- a/modules/caddyhttp/reverseproxy/healthchecks.go +++ b/modules/caddyhttp/reverseproxy/healthchecks.go @@ -153,32 +153,27 @@ func (h *Handler) doActiveHealthCheckForAllHosts() { log.Printf("[PANIC] active health check: %v\n%s", err, debug.Stack()) } }() - networkAddr := upstream.Dial - addr, err := caddy.ParseNetworkAddress(networkAddr) - if err != nil { - h.HealthChecks.Active.logger.Error("bad network address", - zap.String("address", networkAddr), - zap.Error(err), - ) - return - } - if addr.PortRangeSize() != 1 { - h.HealthChecks.Active.logger.Error("multiple addresses (upstream must map to only one address)", - zap.String("address", networkAddr), - ) - return - } - hostAddr := addr.JoinHostPort(0) - if addr.IsUnixNetwork() { + + portStr := strconv.Itoa(upstream.activeHealthCheckPort) + hostAddr := net.JoinHostPort(upstream.networkAddress.Host, portStr) + if upstream.networkAddress.IsUnixNetwork() { // this will be used as the Host portion of a http.Request URL, and // paths to socket files would produce an error when creating URL, // so use a fake Host value instead; unix sockets are usually local hostAddr = "localhost" } - err = h.doActiveHealthCheck(DialInfo{Network: addr.Network, Address: hostAddr}, hostAddr, upstream.Host) + + dialInfo := DialInfo{ + Upstream: upstream, + Network: upstream.networkAddress.Network, + Host: upstream.networkAddress.Host, + Port: portStr, + Address: hostAddr, + } + err := h.doActiveHealthCheck(dialInfo, hostAddr, upstream.Host) if err != nil { h.HealthChecks.Active.logger.Error("active health check failed", - zap.String("address", networkAddr), + zap.String("address", hostAddr), zap.Error(err), ) } diff --git a/modules/caddyhttp/reverseproxy/hosts.go b/modules/caddyhttp/reverseproxy/hosts.go index 5870b75f..b7b8c9b5 100644 --- a/modules/caddyhttp/reverseproxy/hosts.go +++ b/modules/caddyhttp/reverseproxy/hosts.go @@ -92,8 +92,10 @@ type Upstream struct { // HeaderAffinity string // IPAffinity string - healthCheckPolicy *PassiveHealthChecks - cb CircuitBreaker + networkAddress caddy.NetworkAddress + activeHealthCheckPort int + healthCheckPolicy *PassiveHealthChecks + cb CircuitBreaker } func (u Upstream) String() string { diff --git a/modules/caddyhttp/reverseproxy/httptransport.go b/modules/caddyhttp/reverseproxy/httptransport.go index dce7b9e8..7e3bb69c 100644 --- a/modules/caddyhttp/reverseproxy/httptransport.go +++ b/modules/caddyhttp/reverseproxy/httptransport.go @@ -182,6 +182,9 @@ func (h *HTTPTransport) NewTransport(ctx caddy.Context) (*http.Transport, error) if dialInfo, ok := GetDialInfo(ctx); ok { network = dialInfo.Network address = dialInfo.Address + if dialInfo.Upstream.networkAddress.IsUnixNetwork() { + address = dialInfo.Host + } } conn, err := dialer.DialContext(ctx, network, address) if err != nil { diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 910fbfc7..138a3fc8 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -208,9 +208,13 @@ func (h *Handler) Provision(ctx caddy.Context) error { if err != nil { return err } + if addr.PortRangeSize() != 1 { return fmt.Errorf("multiple addresses (upstream must map to only one address): %v", addr) } + + upstream.networkAddress = addr + // create or get the host representation for this upstream var host Host = new(upstreamHost) existingHost, loaded := hosts.LoadOrStore(upstream.String(), host) @@ -267,6 +271,16 @@ func (h *Handler) Provision(ctx caddy.Context) error { Transport: h.Transport, } + for _, upstream := range h.Upstreams { + // if there's an alternative port for health-check provided in the config, + // then use it, otherwise use the port of upstream. + if h.HealthChecks.Active.Port != 0 { + upstream.activeHealthCheckPort = h.HealthChecks.Active.Port + } else { + upstream.activeHealthCheckPort = int(upstream.networkAddress.StartPort) + } + } + if h.HealthChecks.Active.Interval == 0 { h.HealthChecks.Active.Interval = caddy.Duration(30 * time.Second) } From 8ec51bbede59e1fa6ac24de3607f6e7bb3e3a654 Mon Sep 17 00:00:00 2001 From: Dave Henderson Date: Thu, 17 Sep 2020 14:01:20 -0400 Subject: [PATCH 0188/1498] metrics: Initial integration of Prometheus metrics (#3709) Signed-off-by: Dave Henderson --- admin.go | 45 ++++-- caddyconfig/httpcaddyfile/directives.go | 1 + go.mod | 1 + go.sum | 32 ++-- metrics.go | 32 ++++ modules/caddyhttp/app.go | 2 + modules/caddyhttp/metrics.go | 195 ++++++++++++++++++++++++ modules/caddyhttp/metrics_test.go | 66 ++++++++ modules/caddyhttp/routes.go | 12 +- modules/metrics/adminmetrics.go | 55 +++++++ modules/metrics/metrics.go | 109 +++++++++++++ modules/standard/imports.go | 1 + 12 files changed, 518 insertions(+), 33 deletions(-) create mode 100644 metrics.go create mode 100644 modules/caddyhttp/metrics.go create mode 100644 modules/caddyhttp/metrics_test.go create mode 100644 modules/metrics/adminmetrics.go create mode 100644 modules/metrics/metrics.go diff --git a/admin.go b/admin.go index acf737e0..4ce20998 100644 --- a/admin.go +++ b/admin.go @@ -35,6 +35,8 @@ import ( "sync" "time" + "github.com/prometheus/client_golang/prometheus" + "github.com/prometheus/client_golang/prometheus/promhttp" "go.uber.org/zap" ) @@ -107,34 +109,53 @@ func (admin AdminConfig) newAdminHandler(addr NetworkAddress) adminHandler { mux: http.NewServeMux(), } + addRouteWithMetrics := func(pattern string, handlerLabel string, h http.Handler) { + labels := prometheus.Labels{"path": pattern, "handler": handlerLabel} + h = promhttp.InstrumentHandlerCounter( + adminMetrics.requestCount.MustCurryWith(labels), + h, + ) + muxWrap.mux.Handle(pattern, h) + } // addRoute just calls muxWrap.mux.Handle after // wrapping the handler with error handling - addRoute := func(pattern string, h AdminHandler) { + addRoute := func(pattern string, handlerLabel string, h AdminHandler) { wrapper := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { err := h.ServeHTTP(w, r) + if err != nil { + labels := prometheus.Labels{ + "path": pattern, + "handler": handlerLabel, + "method": r.Method, + } + adminMetrics.requestErrors.With(labels).Inc() + } muxWrap.handleError(w, r, err) }) - muxWrap.mux.Handle(pattern, wrapper) + addRouteWithMetrics(pattern, handlerLabel, wrapper) } + const handlerLabel = "admin" + // register standard config control endpoints - addRoute("/"+rawConfigKey+"/", AdminHandlerFunc(handleConfig)) - addRoute("/id/", AdminHandlerFunc(handleConfigID)) - addRoute("/stop", AdminHandlerFunc(handleStop)) + addRoute("/"+rawConfigKey+"/", handlerLabel, AdminHandlerFunc(handleConfig)) + addRoute("/id/", handlerLabel, AdminHandlerFunc(handleConfigID)) + addRoute("/stop", handlerLabel, AdminHandlerFunc(handleStop)) // register debugging endpoints - muxWrap.mux.HandleFunc("/debug/pprof/", pprof.Index) - muxWrap.mux.HandleFunc("/debug/pprof/cmdline", pprof.Cmdline) - muxWrap.mux.HandleFunc("/debug/pprof/profile", pprof.Profile) - muxWrap.mux.HandleFunc("/debug/pprof/symbol", pprof.Symbol) - muxWrap.mux.HandleFunc("/debug/pprof/trace", pprof.Trace) - muxWrap.mux.Handle("/debug/vars", expvar.Handler()) + addRouteWithMetrics("/debug/pprof/", handlerLabel, http.HandlerFunc(pprof.Index)) + addRouteWithMetrics("/debug/pprof/cmdline", handlerLabel, http.HandlerFunc(pprof.Cmdline)) + addRouteWithMetrics("/debug/pprof/profile", handlerLabel, http.HandlerFunc(pprof.Profile)) + addRouteWithMetrics("/debug/pprof/symbol", handlerLabel, http.HandlerFunc(pprof.Symbol)) + addRouteWithMetrics("/debug/pprof/trace", handlerLabel, http.HandlerFunc(pprof.Trace)) + addRouteWithMetrics("/debug/vars", handlerLabel, expvar.Handler()) // register third-party module endpoints for _, m := range GetModules("admin.api") { router := m.New().(AdminRouter) + handlerLabel := m.ID.Name() for _, route := range router.Routes() { - addRoute(route.Pattern, route.Handler) + addRoute(route.Pattern, handlerLabel, route.Handler) } } diff --git a/caddyconfig/httpcaddyfile/directives.go b/caddyconfig/httpcaddyfile/directives.go index d6af97da..9e17eeb3 100644 --- a/caddyconfig/httpcaddyfile/directives.go +++ b/caddyconfig/httpcaddyfile/directives.go @@ -63,6 +63,7 @@ var directiveOrder = []string{ // handlers that typically respond to requests "respond", + "metrics", "reverse_proxy", "php_fastcgi", "file_server", diff --git a/go.mod b/go.mod index fa5913a8..7f9cea0b 100644 --- a/go.mod +++ b/go.mod @@ -17,6 +17,7 @@ require ( github.com/mholt/acmez v0.1.1-0.20200811184240-dc9c5f05ed1e github.com/naoina/go-stringutil v0.1.0 // indirect github.com/naoina/toml v0.1.1 + github.com/prometheus/client_golang v1.7.1 github.com/smallstep/certificates v0.15.1 github.com/smallstep/cli v0.15.0 github.com/smallstep/nosql v0.3.0 diff --git a/go.sum b/go.sum index 381988e1..545c2e16 100644 --- a/go.sum +++ b/go.sum @@ -74,6 +74,7 @@ github.com/aws/aws-sdk-go v1.30.29 h1:NXNqBS9hjOCpDL8SyCyl38gZX3LLLunKOJc5E7vJ8P github.com/aws/aws-sdk-go v1.30.29/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= +github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= github.com/bombsimon/wsl/v2 v2.0.0/go.mod h1:mf25kr/SqFEPhhcxW1+7pxzGlW+hIl/hYTKY95VwV8U= @@ -85,6 +86,7 @@ github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= +github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cheekybits/genny v1.0.0 h1:uGGa4nei+j20rOSeDeP5Of12XVm7TGUd4dJA9RDitfE= github.com/cheekybits/genny v1.0.0/go.mod h1:+tQajlRqAUrPI7DOSpB0XAqZYtQakVtB7wXkRAgjxjQ= @@ -140,9 +142,7 @@ github.com/fatih/color v1.6.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5Kwzbycv github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.8.0/go.mod h1:3l45GVGkyrnYNl9HoIjnp2NnNWvh6hLAqD8yTfGjnw8= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= -github.com/francoispqt/gojay v1.2.13 h1:d2m3sFjloqoIUQU3TsHBgj6qg/BVGlTBeHDUmyJnXKk= github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiDsoyrBGkyDY= -github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= @@ -196,7 +196,6 @@ github.com/golang/mock v1.0.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfb github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= -github.com/golang/mock v1.4.0 h1:Rd1kQnQu0Hq3qvJppYSG0HtP+f5LPPUiDswTLiEegLg= github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.4 h1:l75CXGRSwbaYNpl/Z2X1XIIAMSCquvXgpVZDhwEIJsc= github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= @@ -209,9 +208,7 @@ github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= -github.com/golang/protobuf v1.4.0 h1:oOuy+ugB+P/kBdUnG5QaMXSIyJ1q38wWSojYCb3z5VQ= github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= -github.com/golang/protobuf v1.4.1 h1:ZFgWrT+bLgsYPirOnRfKLYJLvssAegOj/hgyMFdJZe0= github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= github.com/golang/protobuf v1.4.2 h1:+Z5KGCizgyZCbGh1KZqA0fcLLkwbsjIzS4aV2v7wJX0= github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= @@ -291,7 +288,6 @@ github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/hcl v0.0.0-20180404174102-ef8a98b0bbce/go.mod h1:oZtUIOe8dh44I2q6ScRibXws4Ajl+d+nod3AaR9vL5w= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/huandu/xstrings v1.3.1 h1:4jgBlKK6tLKFvO8u5pmYjG91cqytmDCDvGh7ECVFfFs= github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= @@ -309,6 +305,7 @@ github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/jsternberg/zap-logfmt v1.2.0 h1:1v+PK4/B48cy8cfQbxL4FmmNZrjnIMr2BsnyEmXqv2o= @@ -380,6 +377,7 @@ github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzp github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-sqlite3 v1.10.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc= github.com/mattn/goveralls v0.0.2/go.mod h1:8d1ZMHsd7fW6IRPKQh46F2WRpyib5/X4FOpevwGNQEw= +github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/mholt/acmez v0.1.1-0.20200811184240-dc9c5f05ed1e h1:F5E9CM0APrZtTfowJfvUBmrCjuHLfslZyFlNTEB7UV4= github.com/mholt/acmez v0.1.1-0.20200811184240-dc9c5f05ed1e/go.mod h1:8qnn8QA/Ewx8E3ZSsmscqsIjhhpxuy9vqdgbX2ceceM= @@ -425,7 +423,6 @@ github.com/olekukonko/tablewriter v0.0.4/go.mod h1:zq6QwlOf5SlnkVbMSr5EoBv3636FW github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.11.0 h1:JAKSXpt1YjtLA7YpPiqO9ss6sNXEsPfSGdwN0UHqzrw= github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.14.0 h1:2mOpI4JVVPBN+WQRa0WKH2eXR+Ey+uK4n7Zj0aYpIQA= @@ -434,7 +431,6 @@ github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGV github.com/onsi/gomega v1.4.2/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= -github.com/onsi/gomega v1.8.1 h1:C5Dqfs/LeauYDX0jJXIe2SWmwCbGzx9yF8C8xy3Lh34= github.com/onsi/gomega v1.8.1/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA= github.com/onsi/gomega v1.10.1 h1:o0+MgICZLuZ7xjH7Vx6zS/zcu93/BEp1VwkIW1mEXCE= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= @@ -458,20 +454,28 @@ github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDf github.com/prometheus/client_golang v0.9.4/go.mod h1:oCXIBxdI62A4cR6aTRJCgetEjecSIYzOEaeAn4iYEpM= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og= +github.com/prometheus/client_golang v1.7.1 h1:NTGy1Ja9pByO+xAeH/qiWnLrKtr3hJPNjaVUwnjpdpA= +github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M= +github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA= +github.com/prometheus/common v0.10.0 h1:RyRA7RzGXQZiW+tGMr7sxa85G1z0yOpM1qq5c8lNawc= +github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= +github.com/prometheus/procfs v0.1.3 h1:F0+tqvhOksq22sc6iCHF5WGlWjdwj92p0udFh1VFBS8= +github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/quasilyte/go-consistent v0.0.0-20190521200055-c6f3937de18c/go.mod h1:5STLWrekHfjyYwxBRVRXNOSewLJ3PWfDJd1VyTS21fI= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= @@ -527,11 +531,9 @@ github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMB github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/smallstep/assert v0.0.0-20180720014142-de77670473b5/go.mod h1:TC9A4+RjIOS+HyTH7wG17/gSqVv95uDw2J64dQZx7RE= -github.com/smallstep/assert v0.0.0-20200103212524-b99dc1097b15 h1:kSImCuenAkXtCaBeQ1UhmzzJGRhSm8sVH7I3sHE2Qdg= github.com/smallstep/assert v0.0.0-20200103212524-b99dc1097b15/go.mod h1:MyOHs9Po2fbM1LHej6sBUT8ozbxmMOFG+E+rx/GSGuc= github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262 h1:unQFBIznI+VYD1/1fApl1A+9VcBk+9dcqGfnePY87LY= github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262/go.mod h1:MyOHs9Po2fbM1LHej6sBUT8ozbxmMOFG+E+rx/GSGuc= -github.com/smallstep/certificates v0.15.0 h1:riIt3fBWuenlvHoqkVuUOxQbhtxFQMO1ziSr7usb1J0= github.com/smallstep/certificates v0.15.0/go.mod h1:awyVXYIVn4J9ANSSnDuA3FjKia7+QixaqorGW8CKGq8= github.com/smallstep/certificates v0.15.1 h1:Es2IGgU4D0RE4OKys/VB1KvAuGuZwkxR7D9A0DeM/Ow= github.com/smallstep/certificates v0.15.1/go.mod h1:hDmNejfuVTDDe1NBIKrhL9xjELRJb2ZFM+bDXwSW9xI= @@ -627,7 +629,6 @@ go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2 h1:75k/FF0Q2YM8QYo07VPddOLBslDt1MZOdEslOHvmzAs= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.step.sm/crypto v0.0.0-20200805202904-ec18b6df3cf0/go.mod h1:8VYxmvSKt5yOTBx3MGsD2Gk4F1Es/3FIxrjnfeYWE8U= -go.step.sm/crypto v0.1.1 h1:xg3kUS30hEnwgbxtKwq9a4MJaeiU616HSug60LU9B2E= go.step.sm/crypto v0.1.1/go.mod h1:cIoSWTfTQ5xqvwTeZH9ZXZzi6jdMepjK4A/TDWMUvw8= go.step.sm/crypto v0.2.0 h1:Rx+XqrNO4ZGHWlT9QCXls2L9pvcNiI23zEpAq0fctvY= go.step.sm/crypto v0.2.0/go.mod h1:YNLnHj4JgABFoRkUq8brkscIB9THdiJUFoDxLQw1tww= @@ -769,10 +770,10 @@ golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200413165638-669c56c373c4 h1:opSr2sbRXk5X5/givKrrKj9HXxFpW2sdCiP8MJSKLQY= golang.org/x/sys v0.0.0-20200413165638-669c56c373c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200519105757-fe76b779f299 h1:DYfZAGf2WMFjMxbgTjaC+2HC7NkNAQs+6Q8b9WEB/F4= golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1 h1:ogLJMz+qpzav7lGMh10LMvAkM/fAoGlaiiHYiFYdm80= +golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.0.0-20170915090833-1cbadb444a80/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -864,9 +865,7 @@ google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98 google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= google.golang.org/genproto v0.0.0-20190927181202-20e1ac93f88c/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200305110556-506484158171 h1:xes2Q2k+d/+YNXVw0FpZkIDJiaux4OVrRKXRAzH6A0U= google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013 h1:+kGHl1aib/qcwaRi1CbqBZ1rk19r85MNUf8HaBghugY= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20200806141610-86f49bd18e98 h1:LCO0fg4kb6WwkXQXRQQgUYsFeFb5taTX5WAx5O/Vt28= google.golang.org/genproto v0.0.0-20200806141610-86f49bd18e98/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= @@ -889,9 +888,7 @@ google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQ google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.0 h1:4MY060fB1DLGMB/7MBTLnwQUY6+F09GEiz6SsrNqyzM= google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc h1:TnonUr8u3himcMY0vSh23jFOXA+cnucl1gB6EQTReBI= google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.24.0 h1:UhZDfRO8JRQru4/+LlLE0BRKGF8L+PICnvYZmx/fEGA= google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= @@ -903,7 +900,6 @@ gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogR gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/cheggaaa/pb.v1 v1.0.28/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= -gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= diff --git a/metrics.go b/metrics.go new file mode 100644 index 00000000..a7ff3b71 --- /dev/null +++ b/metrics.go @@ -0,0 +1,32 @@ +package caddy + +import ( + "github.com/prometheus/client_golang/prometheus" + "github.com/prometheus/client_golang/prometheus/promauto" +) + +// define and register the metrics used in this package. +func init() { + prometheus.MustRegister(prometheus.NewBuildInfoCollector()) + + const ns, sub = "caddy", "admin" + + adminMetrics.requestCount = promauto.NewCounterVec(prometheus.CounterOpts{ + Namespace: ns, + Subsystem: sub, + Name: "http_requests_total", + Help: "Counter of requests made to the Admin API's HTTP endpoints.", + }, []string{"handler", "path", "code", "method"}) + adminMetrics.requestErrors = promauto.NewCounterVec(prometheus.CounterOpts{ + Namespace: ns, + Subsystem: sub, + Name: "http_request_errors_total", + Help: "Number of requests resulting in middleware errors.", + }, []string{"handler", "path", "method"}) +} + +// adminMetrics is a collection of metrics that can be tracked for the admin API. +var adminMetrics = struct { + requestCount *prometheus.CounterVec + requestErrors *prometheus.CounterVec +}{} diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go index 375ca4d9..c8bbc95e 100644 --- a/modules/caddyhttp/app.go +++ b/modules/caddyhttp/app.go @@ -226,6 +226,8 @@ func (app *App) Provision(ctx caddy.Context) error { // route handler so that important security checks are done, etc. primaryRoute := emptyHandler if srv.Routes != nil { + // inject the server name for observability purposes + ctx.Context = contextWithServerName(ctx.Context, srvName) err := srv.Routes.ProvisionHandlers(ctx) if err != nil { return fmt.Errorf("server %s: setting up route handlers: %v", srvName, err) diff --git a/modules/caddyhttp/metrics.go b/modules/caddyhttp/metrics.go new file mode 100644 index 00000000..dbf1033a --- /dev/null +++ b/modules/caddyhttp/metrics.go @@ -0,0 +1,195 @@ +package caddyhttp + +import ( + "context" + "net/http" + "strconv" + "sync" + "time" + + "github.com/prometheus/client_golang/prometheus" + "github.com/prometheus/client_golang/prometheus/promauto" +) + +var httpMetrics = struct { + init sync.Once + requestInFlight *prometheus.GaugeVec + requestCount *prometheus.CounterVec + requestErrors *prometheus.CounterVec + requestDuration *prometheus.HistogramVec + requestSize *prometheus.HistogramVec + responseSize *prometheus.HistogramVec + responseDuration *prometheus.HistogramVec +}{ + init: sync.Once{}, +} + +func initHTTPMetrics() { + const ns, sub = "caddy", "http" + + basicLabels := []string{"server", "handler"} + httpMetrics.requestInFlight = promauto.NewGaugeVec(prometheus.GaugeOpts{ + Namespace: ns, + Subsystem: sub, + Name: "requests_in_flight", + Help: "Number of requests currently handled by this server.", + }, basicLabels) + httpMetrics.requestErrors = promauto.NewCounterVec(prometheus.CounterOpts{ + Namespace: ns, + Subsystem: sub, + Name: "request_errors_total", + Help: "Number of requests resulting in middleware errors.", + }, basicLabels) + httpMetrics.requestCount = promauto.NewCounterVec(prometheus.CounterOpts{ + Namespace: ns, + Subsystem: sub, + Name: "requests_total", + Help: "Counter of HTTP(S) requests made.", + }, basicLabels) + + // TODO: allow these to be customized in the config + durationBuckets := prometheus.DefBuckets + sizeBuckets := prometheus.ExponentialBuckets(256, 4, 8) + + httpLabels := []string{"server", "handler", "code", "method"} + httpMetrics.requestDuration = promauto.NewHistogramVec(prometheus.HistogramOpts{ + Namespace: ns, + Subsystem: sub, + Name: "request_duration_seconds", + Help: "Histogram of round-trip request durations.", + Buckets: durationBuckets, + }, httpLabels) + httpMetrics.requestSize = promauto.NewHistogramVec(prometheus.HistogramOpts{ + Namespace: ns, + Subsystem: sub, + Name: "request_size_bytes", + Help: "Total size of the request. Includes body", + Buckets: sizeBuckets, + }, httpLabels) + httpMetrics.responseSize = promauto.NewHistogramVec(prometheus.HistogramOpts{ + Namespace: ns, + Subsystem: sub, + Name: "response_size_bytes", + Help: "Size of the returned response.", + Buckets: sizeBuckets, + }, httpLabels) + httpMetrics.responseDuration = promauto.NewHistogramVec(prometheus.HistogramOpts{ + Namespace: ns, + Subsystem: sub, + Name: "response_duration_seconds", + Help: "Histogram of times to first byte in response bodies.", + Buckets: durationBuckets, + }, httpLabels) +} + +type ctxKeyServerName struct{} + +// serverNameFromContext extracts the current server name from the context. +// Returns "UNKNOWN" if none is available (should probably never happen?) +func serverNameFromContext(ctx context.Context) string { + srvName, ok := ctx.Value(ctxKeyServerName{}).(string) + if !ok { + return "UNKNOWN" + } + return srvName +} + +func contextWithServerName(ctx context.Context, serverName string) context.Context { + return context.WithValue(ctx, ctxKeyServerName{}, serverName) +} + +type metricsInstrumentedHandler struct { + labels prometheus.Labels + statusLabels prometheus.Labels + mh MiddlewareHandler +} + +func newMetricsInstrumentedHandler(server, handler string, mh MiddlewareHandler) *metricsInstrumentedHandler { + httpMetrics.init.Do(func() { + initHTTPMetrics() + }) + + labels := prometheus.Labels{"server": server, "handler": handler} + statusLabels := prometheus.Labels{"server": server, "handler": handler, "code": "", "method": ""} + return &metricsInstrumentedHandler{labels, statusLabels, mh} +} + +func (h *metricsInstrumentedHandler) ServeHTTP(w http.ResponseWriter, r *http.Request, next Handler) error { + inFlight := httpMetrics.requestInFlight.With(h.labels) + inFlight.Inc() + defer inFlight.Dec() + + statusLabels := prometheus.Labels{"method": r.Method} + for k, v := range h.labels { + statusLabels[k] = v + } + + start := time.Now() + + // This is a _bit_ of a hack - it depends on the ShouldBufferFunc always + // being called when the headers are written. + // Effectively the same behaviour as promhttp.InstrumentHandlerTimeToWriteHeader. + writeHeaderRecorder := ShouldBufferFunc(func(status int, header http.Header) bool { + statusLabels["code"] = sanitizeCode(status) + ttfb := time.Since(start).Seconds() + observeWithExemplar(statusLabels, httpMetrics.responseDuration, ttfb) + return false + }) + wrec := NewResponseRecorder(w, nil, writeHeaderRecorder) + err := h.mh.ServeHTTP(wrec, r, next) + dur := time.Since(start).Seconds() + httpMetrics.requestCount.With(h.labels).Inc() + if err != nil { + httpMetrics.requestErrors.With(h.labels).Inc() + return err + } + + observeWithExemplar(statusLabels, httpMetrics.requestDuration, dur) + observeWithExemplar(statusLabels, httpMetrics.requestSize, float64(computeApproximateRequestSize(r))) + httpMetrics.responseSize.With(statusLabels).Observe(float64(wrec.Size())) + + return nil +} + +func observeWithExemplar(l prometheus.Labels, o *prometheus.HistogramVec, value float64) { + obs := o.With(l) + if oe, ok := obs.(prometheus.ExemplarObserver); ok { + oe.ObserveWithExemplar(value, l) + return + } + // _should_ be a noop, but here just in case... + obs.Observe(value) +} + +func sanitizeCode(code int) string { + if code == 0 { + return "200" + } + return strconv.Itoa(code) + +} + +// taken from https://github.com/prometheus/client_golang/blob/6007b2b5cae01203111de55f753e76d8dac1f529/prometheus/promhttp/instrument_server.go#L298 +func computeApproximateRequestSize(r *http.Request) int { + s := 0 + if r.URL != nil { + s += len(r.URL.String()) + } + + s += len(r.Method) + s += len(r.Proto) + for name, values := range r.Header { + s += len(name) + for _, value := range values { + s += len(value) + } + } + s += len(r.Host) + + // N.B. r.Form and r.MultipartForm are assumed to be included in r.URL. + + if r.ContentLength != -1 { + s += int(r.ContentLength) + } + return s +} diff --git a/modules/caddyhttp/metrics_test.go b/modules/caddyhttp/metrics_test.go new file mode 100644 index 00000000..5c3bc1d6 --- /dev/null +++ b/modules/caddyhttp/metrics_test.go @@ -0,0 +1,66 @@ +package caddyhttp + +import ( + "context" + "errors" + "net/http" + "net/http/httptest" + "testing" + + "github.com/prometheus/client_golang/prometheus/testutil" +) + +func TestServerNameFromContext(t *testing.T) { + ctx := context.Background() + expected := "UNKNOWN" + if actual := serverNameFromContext(ctx); actual != expected { + t.Errorf("Not equal: expected %q, but got %q", expected, actual) + } + + in := "foo" + ctx = contextWithServerName(ctx, in) + if actual := serverNameFromContext(ctx); actual != in { + t.Errorf("Not equal: expected %q, but got %q", in, actual) + } +} + +func TestMetricsInstrumentedHandler(t *testing.T) { + handlerErr := errors.New("oh noes") + response := []byte("hello world!") + h := HandlerFunc(func(w http.ResponseWriter, r *http.Request) error { + if actual := testutil.ToFloat64(httpMetrics.requestInFlight); actual != 1.0 { + t.Errorf("Not same: expected %#v, but got %#v", 1.0, actual) + } + if handlerErr == nil { + w.Write(response) + } + return handlerErr + }) + + mh := middlewareHandlerFunc(func(w http.ResponseWriter, r *http.Request, h Handler) error { + return h.ServeHTTP(w, r) + }) + + ih := newMetricsInstrumentedHandler("foo", "bar", mh) + + r := httptest.NewRequest("GET", "/", nil) + w := httptest.NewRecorder() + + if actual := ih.ServeHTTP(w, r, h); actual != handlerErr { + t.Errorf("Not same: expected %#v, but got %#v", handlerErr, actual) + } + if actual := testutil.ToFloat64(httpMetrics.requestInFlight); actual != 0.0 { + t.Errorf("Not same: expected %#v, but got %#v", 0.0, actual) + } + + handlerErr = nil + if err := ih.ServeHTTP(w, r, h); err != nil { + t.Errorf("Received unexpected error: %w", err) + } +} + +type middlewareHandlerFunc func(http.ResponseWriter, *http.Request, Handler) error + +func (f middlewareHandlerFunc) ServeHTTP(w http.ResponseWriter, r *http.Request, h Handler) error { + return f(w, r, h) +} diff --git a/modules/caddyhttp/routes.go b/modules/caddyhttp/routes.go index 10e0c9de..be23d39c 100644 --- a/modules/caddyhttp/routes.go +++ b/modules/caddyhttp/routes.go @@ -157,7 +157,7 @@ func (routes RouteList) ProvisionHandlers(ctx caddy.Context) error { // pre-compile the middleware handler chain for _, midhandler := range routes[i].Handlers { - routes[i].middleware = append(routes[i].middleware, wrapMiddleware(midhandler)) + routes[i].middleware = append(routes[i].middleware, wrapMiddleware(ctx, midhandler)) } } return nil @@ -242,7 +242,13 @@ func wrapRoute(route Route) Middleware { // we need to pull this particular MiddlewareHandler // pointer into its own stack frame to preserve it so it // won't be overwritten in future loop iterations. -func wrapMiddleware(mh MiddlewareHandler) Middleware { +func wrapMiddleware(ctx caddy.Context, mh MiddlewareHandler) Middleware { + // first, wrap the middleware with metrics instrumentation + metricsHandler := newMetricsInstrumentedHandler( + serverNameFromContext(ctx.Context), + caddy.GetModuleName(mh), + mh, + ) return func(next Handler) Handler { // copy the next handler (it's an interface, so it's // just a very lightweight copy of a pointer); this @@ -253,7 +259,7 @@ func wrapMiddleware(mh MiddlewareHandler) Middleware { return HandlerFunc(func(w http.ResponseWriter, r *http.Request) error { // TODO: This is where request tracing could be implemented // TODO: see what the std lib gives us in terms of stack tracing too - return mh.ServeHTTP(w, r, nextCopy) + return metricsHandler.ServeHTTP(w, r, nextCopy) }) } } diff --git a/modules/metrics/adminmetrics.go b/modules/metrics/adminmetrics.go new file mode 100644 index 00000000..f6a55e8c --- /dev/null +++ b/modules/metrics/adminmetrics.go @@ -0,0 +1,55 @@ +// Copyright 2020 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package metrics + +import ( + "net/http" + + "github.com/caddyserver/caddy/v2" +) + +func init() { + caddy.RegisterModule(AdminMetrics{}) +} + +// AdminMetrics is a module that serves a metrics endpoint so that any gathered +// metrics can be exposed for scraping. This module is not configurable, and +// is permanently mounted to the admin API endpoint at "/metrics". +// See the Metrics module for a configurable endpoint that is usable if the +// Admin API is disabled. +type AdminMetrics struct{} + +// CaddyModule returns the Caddy module information. +func (AdminMetrics) CaddyModule() caddy.ModuleInfo { + return caddy.ModuleInfo{ + ID: "admin.api.metrics", + New: func() caddy.Module { return new(AdminMetrics) }, + } +} + +// Routes returns a route for the /metrics endpoint. +func (m *AdminMetrics) Routes() []caddy.AdminRoute { + metricsHandler := createMetricsHandler(nil) + h := caddy.AdminHandlerFunc(func(w http.ResponseWriter, r *http.Request) error { + metricsHandler.ServeHTTP(w, r) + return nil + }) + return []caddy.AdminRoute{{Pattern: "/metrics", Handler: h}} +} + +// Interface guards +var ( + _ caddy.AdminRouter = (*AdminMetrics)(nil) +) diff --git a/modules/metrics/metrics.go b/modules/metrics/metrics.go new file mode 100644 index 00000000..eab63423 --- /dev/null +++ b/modules/metrics/metrics.go @@ -0,0 +1,109 @@ +// Copyright 2020 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package metrics + +import ( + "net/http" + + "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" + "github.com/caddyserver/caddy/v2/caddyconfig/httpcaddyfile" + "github.com/caddyserver/caddy/v2/modules/caddyhttp" + + "go.uber.org/zap" + + "github.com/prometheus/client_golang/prometheus" + "github.com/prometheus/client_golang/prometheus/promhttp" +) + +func init() { + caddy.RegisterModule(Metrics{}) + httpcaddyfile.RegisterHandlerDirective("metrics", parseCaddyfile) +} + +// Metrics is a module that serves a /metrics endpoint so that any gathered +// metrics can be exposed for scraping. This module is configurable by end-users +// unlike AdminMetrics. +type Metrics struct { + metricsHandler http.Handler +} + +// CaddyModule returns the Caddy module information. +func (Metrics) CaddyModule() caddy.ModuleInfo { + return caddy.ModuleInfo{ + ID: "http.handlers.metrics", + New: func() caddy.Module { return new(Metrics) }, + } +} + +type zapLogger struct { + zl *zap.Logger +} + +func (l *zapLogger) Println(v ...interface{}) { + l.zl.Sugar().Error(v...) +} + +// Provision sets up m. +func (m *Metrics) Provision(ctx caddy.Context) error { + log := ctx.Logger(m) + m.metricsHandler = createMetricsHandler(&zapLogger{log}) + return nil +} + +func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) { + var m Metrics + err := m.UnmarshalCaddyfile(h.Dispenser) + return m, err +} + +// UnmarshalCaddyfile sets up the handler from Caddyfile tokens. Syntax: +// +// metrics +// +func (m *Metrics) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + for d.Next() { + args := d.RemainingArgs() + if len(args) > 0 { + return d.ArgErr() + } + } + return nil +} + +func (m Metrics) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhttp.Handler) error { + m.metricsHandler.ServeHTTP(w, r) + return next.ServeHTTP(w, r) +} + +// Interface guards +var ( + _ caddy.Provisioner = (*Metrics)(nil) + _ caddyhttp.MiddlewareHandler = (*Metrics)(nil) + _ caddyfile.Unmarshaler = (*Metrics)(nil) +) + +func createMetricsHandler(logger promhttp.Logger) http.Handler { + return promhttp.InstrumentMetricHandler(prometheus.DefaultRegisterer, + promhttp.HandlerFor(prometheus.DefaultGatherer, promhttp.HandlerOpts{ + // will only log errors if logger is non-nil + ErrorLog: logger, + + // Allow OpenMetrics format to be negotiated - largely compatible, + // except quantile/le label values always have a decimal. + EnableOpenMetrics: true, + }), + ) +} diff --git a/modules/standard/imports.go b/modules/standard/imports.go index b8ea7a8f..bc2d955d 100644 --- a/modules/standard/imports.go +++ b/modules/standard/imports.go @@ -11,4 +11,5 @@ import ( _ "github.com/caddyserver/caddy/v2/modules/caddytls/standardstek" _ "github.com/caddyserver/caddy/v2/modules/filestorage" _ "github.com/caddyserver/caddy/v2/modules/logging" + _ "github.com/caddyserver/caddy/v2/modules/metrics" ) From 3ee663dee195e5f8ead7879b31131f46cd0fba13 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 17 Sep 2020 12:35:25 -0600 Subject: [PATCH 0189/1498] go.mod: Upgrade dependencies --- go.mod | 16 ++++++++-------- go.sum | 29 +++++++++++++++++++++++------ 2 files changed, 31 insertions(+), 14 deletions(-) diff --git a/go.mod b/go.mod index 7f9cea0b..869c9866 100644 --- a/go.mod +++ b/go.mod @@ -6,21 +6,21 @@ require ( github.com/Masterminds/sprig/v3 v3.1.0 github.com/alecthomas/chroma v0.8.0 github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a - github.com/caddyserver/certmagic v0.11.3-0.20200822022242-4fd8ae48ef87 + github.com/caddyserver/certmagic v0.12.0 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-chi/chi v4.1.2+incompatible github.com/google/cel-go v0.5.1 github.com/jsternberg/zap-logfmt v1.2.0 - github.com/klauspost/compress v1.10.10 - github.com/klauspost/cpuid v1.2.5 + github.com/klauspost/compress v1.11.0 + github.com/klauspost/cpuid v1.2.5 // cannot upgrade until arm is fixed: https://github.com/klauspost/cpuid/issues/52 github.com/lucas-clemente/quic-go v0.18.0 - github.com/mholt/acmez v0.1.1-0.20200811184240-dc9c5f05ed1e + github.com/mholt/acmez v0.1.1 github.com/naoina/go-stringutil v0.1.0 // indirect github.com/naoina/toml v0.1.1 github.com/prometheus/client_golang v1.7.1 - github.com/smallstep/certificates v0.15.1 - github.com/smallstep/cli v0.15.0 - github.com/smallstep/nosql v0.3.0 + github.com/smallstep/certificates v0.15.4 + github.com/smallstep/cli v0.15.2 + github.com/smallstep/nosql v0.3.0 // cannot upgrade until protobuf warning is fixed github.com/smallstep/truststore v0.9.6 github.com/yuin/goldmark v1.2.1 github.com/yuin/goldmark-highlighting v0.0.0-20200307114337-60d527fdb691 @@ -28,7 +28,7 @@ require ( golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de golang.org/x/net v0.0.0-20200707034311-ab3426394381 google.golang.org/genproto v0.0.0-20200806141610-86f49bd18e98 - google.golang.org/protobuf v1.24.0 + google.golang.org/protobuf v1.24.0 // cannot upgrade until warning is fixed gopkg.in/natefinch/lumberjack.v2 v2.0.0 gopkg.in/yaml.v2 v2.3.0 ) diff --git a/go.sum b/go.sum index 545c2e16..5aeb6570 100644 --- a/go.sum +++ b/go.sum @@ -30,12 +30,16 @@ github.com/DataDog/zstd v1.4.1 h1:3oxKN3wbHibqx897utPC2LTQU4J+IHWWJO+glkAkpFM= github.com/DataDog/zstd v1.4.1/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo= github.com/GeertJohan/go.incremental v1.0.0/go.mod h1:6fAjUhbVuX1KcMD3c8TEgVUqmo4seqhv0i0kdATSkM0= github.com/GeertJohan/go.rice v1.0.0/go.mod h1:eH6gbSOAUv07dQuZVnBmoDP8mgsM1rtixis4Tib9if0= +github.com/Masterminds/glide v0.13.2/go.mod h1:STyF5vcenH/rUqTEv+/hBXlSTo7KYwg2oc2f4tzPWic= github.com/Masterminds/goutils v1.1.0 h1:zukEsf/1JZwCMgHiK3GZftabmxiCw4apj3a28RPBiVg= github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= +github.com/Masterminds/semver v1.4.2 h1:WBLTQ37jOCzSLtXNdoo8bNM8876KhNqOKvrlGITgsTc= +github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= github.com/Masterminds/semver/v3 v3.1.0 h1:Y2lUDsFKVRSYGojLJ1yLxSXdMmMYTYls0rCvoqmMUQk= github.com/Masterminds/semver/v3 v3.1.0/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= github.com/Masterminds/sprig/v3 v3.1.0 h1:j7GpgZ7PdFqNsmncycTHsLmVPf5/3wJtlgW9TNDYD9Y= github.com/Masterminds/sprig/v3 v3.1.0/go.mod h1:ONGMf7UfYGAbMXCZmQLy8x3lCDIPrEZE/rU8pmrbihA= +github.com/Masterminds/vcs v1.13.0/go.mod h1:N09YCmOQr6RLxC6UNHzuVwAdodYbbnycGHSmwVJjcKA= github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA= github.com/OneOfOne/xxhash v1.2.2 h1:KMrpdQIwFcEqXDklaen+P1axHaj9BSKzvpUUfnHldSE= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= @@ -78,10 +82,11 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= github.com/bombsimon/wsl/v2 v2.0.0/go.mod h1:mf25kr/SqFEPhhcxW1+7pxzGlW+hIl/hYTKY95VwV8U= +github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= -github.com/caddyserver/certmagic v0.11.3-0.20200822022242-4fd8ae48ef87 h1:3aKxAswI/GxNUKS3v+NWaB+hUyBtfXyjAWlc2Go53T0= -github.com/caddyserver/certmagic v0.11.3-0.20200822022242-4fd8ae48ef87/go.mod h1:ru+9UfE7sgvPJgieBLSRz5S3xuCd6wlV0qEHErC+x1k= +github.com/caddyserver/certmagic v0.12.0 h1:1f7kxykaJkOVVpXJ8ZrC6RAO5F6+kKm9U7dBFbLNeug= +github.com/caddyserver/certmagic v0.12.0/go.mod h1:tr26xh+9fY5dN0J6IPAlMj07qpog22PJKa7Nw7j835U= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= @@ -97,6 +102,7 @@ github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5P github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1 h1:q763qf9huN11kDQavWsoZXJNW3xEE4JJyHa5Q25/sd8= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= +github.com/codegangsta/cli v1.20.0/go.mod h1:/qJNoX69yVSKu5o4jLyXAENLRyk1uhi7zkbQ3slBdOA= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/bbolt v1.3.3/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= @@ -108,6 +114,7 @@ github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3Ee github.com/coreos/go-systemd v0.0.0-20181012123002-c6f51f82210d/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= +github.com/corpix/uarand v0.1.1/go.mod h1:SFKZvkcRoLqVRFZ4u25xPmp6m9ktANfbpXZ7SJ0/FNU= github.com/cpuguy83/go-md2man v1.0.10 h1:BSKMNlYxDvnunlTymqtgONjNnaRV1sTpcovwwjF22jk= github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= @@ -315,14 +322,15 @@ github.com/juju/ansiterm v0.0.0-20180109212912-720a0952cc2a h1:FaWFmfWdAUKbSCtOU github.com/juju/ansiterm v0.0.0-20180109212912-720a0952cc2a/go.mod h1:UJSiEoRfvx3hP73CvoARgeLjaIOjybY9vj8PUPPFGeU= github.com/juju/ratelimit v1.0.1/go.mod h1:qapgC/Gy+xNh9UxzV13HGGl/6UXNN+ct+vwSgWNm/qk= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= +github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/gotool v0.0.0-20161130080628-0de1eaf82fa3/go.mod h1:jxZFDH7ILpTPQTk+E2s+z4CUas9lVNjIuKR4c5/zKgM= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.4.0/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= -github.com/klauspost/compress v1.10.10 h1:a/y8CglcM7gLGYmlbP/stPE5sR3hbhFRUjCBfd/0B3I= -github.com/klauspost/compress v1.10.10/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= +github.com/klauspost/compress v1.11.0 h1:wJbzvpYMVGG9iTI9VxpnNZfd4DzMPoCWze3GgSqz8yg= +github.com/klauspost/compress v1.11.0/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/cpuid v0.0.0-20180405133222-e7e905edc00e/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/klauspost/cpuid v1.2.5 h1:VBd9MyVIiJHzzgnrLQG5Bcv75H4YaWrlKqWHjurxCGo= @@ -379,8 +387,8 @@ github.com/mattn/go-sqlite3 v1.10.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsO github.com/mattn/goveralls v0.0.2/go.mod h1:8d1ZMHsd7fW6IRPKQh46F2WRpyib5/X4FOpevwGNQEw= github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/mholt/acmez v0.1.1-0.20200811184240-dc9c5f05ed1e h1:F5E9CM0APrZtTfowJfvUBmrCjuHLfslZyFlNTEB7UV4= -github.com/mholt/acmez v0.1.1-0.20200811184240-dc9c5f05ed1e/go.mod h1:8qnn8QA/Ewx8E3ZSsmscqsIjhhpxuy9vqdgbX2ceceM= +github.com/mholt/acmez v0.1.1 h1:KQODCqk+hBn3O7qfCRPj6L96uG65T5BSS95FKNEqtdA= +github.com/mholt/acmez v0.1.1/go.mod h1:8qnn8QA/Ewx8E3ZSsmscqsIjhhpxuy9vqdgbX2ceceM= github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4= github.com/miekg/dns v1.1.30 h1:Qww6FseFn8PRfw07jueqIXqodm0JKiiKuK0DeXSqfyo= github.com/miekg/dns v1.1.30/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM= @@ -414,6 +422,7 @@ github.com/nbutton23/zxcvbn-go v0.0.0-20180912185939-ae427f1e4c1d/go.mod h1:o96d github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo= github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM= github.com/newrelic/go-agent v2.15.0+incompatible/go.mod h1:a8Fv1b/fYhFSReoTU6HDkTYIMZeSVNffmoS726Y0LzQ= +github.com/ngdinhtoan/glide-cleanup v0.2.0/go.mod h1:UQzsmiDOb8YV3nOsCxK/c9zPpCZVNoHScRE3EO9pVMM= github.com/nkovacs/streamquote v0.0.0-20170412213628-49af9bddb229/go.mod h1:0aYXnNPJ8l7uZxf45rWW1a/uME32OF0rhiYGNQ2oF2E= github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= @@ -537,9 +546,13 @@ github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262/go.mod h1:MyOHs9P github.com/smallstep/certificates v0.15.0/go.mod h1:awyVXYIVn4J9ANSSnDuA3FjKia7+QixaqorGW8CKGq8= github.com/smallstep/certificates v0.15.1 h1:Es2IGgU4D0RE4OKys/VB1KvAuGuZwkxR7D9A0DeM/Ow= github.com/smallstep/certificates v0.15.1/go.mod h1:hDmNejfuVTDDe1NBIKrhL9xjELRJb2ZFM+bDXwSW9xI= +github.com/smallstep/certificates v0.15.4 h1:bBGb2GqrQ8wKHVOhcUfgRlaTHsO1S5rqsq/z93/mRSc= +github.com/smallstep/certificates v0.15.4/go.mod h1:uMrxSjDsPBxCPLV58WQhj3L1R3zdnW7mvJloiC+cyws= github.com/smallstep/certinfo v1.3.0/go.mod h1:1gQJekdPwPvUwFWGTi7bZELmQT09cxC9wJ0VBkBNiwU= github.com/smallstep/cli v0.15.0 h1:ZBU1o4vm4FvcOFnfiT09jxuE/OsZX1BsZl5E/l2gv/c= github.com/smallstep/cli v0.15.0/go.mod h1:trYpP49s+XF4fROcNgmPi4yO1EIKfqsc/eEck6SosO4= +github.com/smallstep/cli v0.15.2 h1:bOrYD1w0Vu82XN3r7mHuXoEI9RyczHyzKjzDHQ7V7EE= +github.com/smallstep/cli v0.15.2/go.mod h1:7SDI+reLecUkYdaluSt3ASH2vQYHxdeMXtsIGD9AQXA= github.com/smallstep/nosql v0.3.0 h1:V1X5vfDsDt89499h3jZFUlR4VnnsYYs5tXaQZ0w8z5U= github.com/smallstep/nosql v0.3.0/go.mod h1:QG7gNOpidifn99MjZaiNbm7HPesIyBd97F/OfacNz8Q= github.com/smallstep/truststore v0.9.6 h1:vNzEJmaJL0XOZD8uouXLmYu4/aP1UQ/wHUopH3qKeYA= @@ -632,6 +645,8 @@ go.step.sm/crypto v0.0.0-20200805202904-ec18b6df3cf0/go.mod h1:8VYxmvSKt5yOTBx3M go.step.sm/crypto v0.1.1/go.mod h1:cIoSWTfTQ5xqvwTeZH9ZXZzi6jdMepjK4A/TDWMUvw8= go.step.sm/crypto v0.2.0 h1:Rx+XqrNO4ZGHWlT9QCXls2L9pvcNiI23zEpAq0fctvY= go.step.sm/crypto v0.2.0/go.mod h1:YNLnHj4JgABFoRkUq8brkscIB9THdiJUFoDxLQw1tww= +go.step.sm/crypto v0.6.0 h1:fbGUG5VJmDetC+RQ/T0tb6Sx0wCOgqKZcZYzTpUa7eo= +go.step.sm/crypto v0.6.0/go.mod h1:AKS4yMZVZD4EGjpSkY4eibuMenrvKCscb+BpWMet8c0= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= @@ -910,6 +925,8 @@ gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24 gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= gopkg.in/square/go-jose.v2 v2.4.0 h1:0kXPskUMGAXXWJlP05ktEMOV0vmzFQUWw6d+aZJQU8A= gopkg.in/square/go-jose.v2 v2.4.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= +gopkg.in/square/go-jose.v2 v2.5.1 h1:7odma5RETjNHWJnR32wx8t+Io4djHE1PqxCFx3iiZ2w= +gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= From c82c231ba7ec7c400e4d48ab943f57a6b29a2a2a Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 17 Sep 2020 17:23:58 -0600 Subject: [PATCH 0190/1498] caddyhttp: Remove server name from metrics For some reason this breaks automatic HTTP->HTTPS redirects. I am not sure why yet, but as a hotfix remove this until we understand it better. --- modules/caddyhttp/app.go | 2 -- modules/caddyhttp/metrics.go | 4 ---- modules/caddyhttp/metrics_test.go | 15 --------------- 3 files changed, 21 deletions(-) diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go index c8bbc95e..375ca4d9 100644 --- a/modules/caddyhttp/app.go +++ b/modules/caddyhttp/app.go @@ -226,8 +226,6 @@ func (app *App) Provision(ctx caddy.Context) error { // route handler so that important security checks are done, etc. primaryRoute := emptyHandler if srv.Routes != nil { - // inject the server name for observability purposes - ctx.Context = contextWithServerName(ctx.Context, srvName) err := srv.Routes.ProvisionHandlers(ctx) if err != nil { return fmt.Errorf("server %s: setting up route handlers: %v", srvName, err) diff --git a/modules/caddyhttp/metrics.go b/modules/caddyhttp/metrics.go index dbf1033a..2b3b7c75 100644 --- a/modules/caddyhttp/metrics.go +++ b/modules/caddyhttp/metrics.go @@ -94,10 +94,6 @@ func serverNameFromContext(ctx context.Context) string { return srvName } -func contextWithServerName(ctx context.Context, serverName string) context.Context { - return context.WithValue(ctx, ctxKeyServerName{}, serverName) -} - type metricsInstrumentedHandler struct { labels prometheus.Labels statusLabels prometheus.Labels diff --git a/modules/caddyhttp/metrics_test.go b/modules/caddyhttp/metrics_test.go index 5c3bc1d6..14248a38 100644 --- a/modules/caddyhttp/metrics_test.go +++ b/modules/caddyhttp/metrics_test.go @@ -1,7 +1,6 @@ package caddyhttp import ( - "context" "errors" "net/http" "net/http/httptest" @@ -10,20 +9,6 @@ import ( "github.com/prometheus/client_golang/prometheus/testutil" ) -func TestServerNameFromContext(t *testing.T) { - ctx := context.Background() - expected := "UNKNOWN" - if actual := serverNameFromContext(ctx); actual != expected { - t.Errorf("Not equal: expected %q, but got %q", expected, actual) - } - - in := "foo" - ctx = contextWithServerName(ctx, in) - if actual := serverNameFromContext(ctx); actual != in { - t.Errorf("Not equal: expected %q, but got %q", in, actual) - } -} - func TestMetricsInstrumentedHandler(t *testing.T) { handlerErr := errors.New("oh noes") response := []byte("hello world!") From d16ede358a2ec049bda28bf37e79c9cfcaa64c29 Mon Sep 17 00:00:00 2001 From: Dave Henderson Date: Thu, 17 Sep 2020 23:46:24 -0400 Subject: [PATCH 0191/1498] metrics: Fix hidden panic while observing with bad exemplars (#3733) * metrics: Fixing panic while observing with bad exemplars Signed-off-by: Dave Henderson * Minor cleanup The server is already added to the context. So, we can simply use that to get the server name, which is a field on the server. * Add integration test for auto HTTP->HTTPS redirects A test like this would have caught the problem in the first place Co-authored-by: Matthew Holt --- caddytest/integration/autohttps_test.go | 22 +++++++++++ modules/caddyhttp/app.go | 1 + modules/caddyhttp/metrics.go | 52 +++++++++---------------- modules/caddyhttp/metrics_test.go | 17 +++++++- modules/caddyhttp/routes.go | 9 ++--- modules/caddyhttp/server.go | 2 + 6 files changed, 62 insertions(+), 41 deletions(-) create mode 100644 caddytest/integration/autohttps_test.go diff --git a/caddytest/integration/autohttps_test.go b/caddytest/integration/autohttps_test.go new file mode 100644 index 00000000..62f172d2 --- /dev/null +++ b/caddytest/integration/autohttps_test.go @@ -0,0 +1,22 @@ +package integration + +import ( + "net/http" + "testing" + + "github.com/caddyserver/caddy/v2/caddytest" +) + +func TestAutoHTTPtoHTTPSRedirects(t *testing.T) { + tester := caddytest.NewTester(t) + tester.InitServer(` + { + http_port 9080 + https_port 9443 + } + localhost:9443 + respond "Yahaha! You found me!" + `, "caddyfile") + + tester.AssertRedirect("http://localhost:9080/", "https://localhost/", http.StatusPermanentRedirect) +} diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go index 375ca4d9..41820ea6 100644 --- a/modules/caddyhttp/app.go +++ b/modules/caddyhttp/app.go @@ -155,6 +155,7 @@ func (app *App) Provision(ctx caddy.Context) error { // prepare each server for srvName, srv := range app.Servers { + srv.name = srvName srv.tlsApp = app.tlsApp srv.logger = app.logger.Named("log") srv.errorLogger = app.logger.Named("log.error") diff --git a/modules/caddyhttp/metrics.go b/modules/caddyhttp/metrics.go index 2b3b7c75..74be135f 100644 --- a/modules/caddyhttp/metrics.go +++ b/modules/caddyhttp/metrics.go @@ -82,44 +82,38 @@ func initHTTPMetrics() { }, httpLabels) } -type ctxKeyServerName struct{} - // serverNameFromContext extracts the current server name from the context. -// Returns "UNKNOWN" if none is available (should probably never happen?) +// Returns "UNKNOWN" if none is available (should probably never happen). func serverNameFromContext(ctx context.Context) string { - srvName, ok := ctx.Value(ctxKeyServerName{}).(string) - if !ok { + srv, ok := ctx.Value(ServerCtxKey).(*Server) + if !ok || srv == nil || srv.name == "" { return "UNKNOWN" } - return srvName + return srv.name } type metricsInstrumentedHandler struct { - labels prometheus.Labels - statusLabels prometheus.Labels - mh MiddlewareHandler + handler string + mh MiddlewareHandler } -func newMetricsInstrumentedHandler(server, handler string, mh MiddlewareHandler) *metricsInstrumentedHandler { +func newMetricsInstrumentedHandler(handler string, mh MiddlewareHandler) *metricsInstrumentedHandler { httpMetrics.init.Do(func() { initHTTPMetrics() }) - labels := prometheus.Labels{"server": server, "handler": handler} - statusLabels := prometheus.Labels{"server": server, "handler": handler, "code": "", "method": ""} - return &metricsInstrumentedHandler{labels, statusLabels, mh} + return &metricsInstrumentedHandler{handler, mh} } func (h *metricsInstrumentedHandler) ServeHTTP(w http.ResponseWriter, r *http.Request, next Handler) error { - inFlight := httpMetrics.requestInFlight.With(h.labels) + server := serverNameFromContext(r.Context()) + labels := prometheus.Labels{"server": server, "handler": h.handler} + statusLabels := prometheus.Labels{"server": server, "handler": h.handler, "method": r.Method} + + inFlight := httpMetrics.requestInFlight.With(labels) inFlight.Inc() defer inFlight.Dec() - statusLabels := prometheus.Labels{"method": r.Method} - for k, v := range h.labels { - statusLabels[k] = v - } - start := time.Now() // This is a _bit_ of a hack - it depends on the ShouldBufferFunc always @@ -128,35 +122,25 @@ func (h *metricsInstrumentedHandler) ServeHTTP(w http.ResponseWriter, r *http.Re writeHeaderRecorder := ShouldBufferFunc(func(status int, header http.Header) bool { statusLabels["code"] = sanitizeCode(status) ttfb := time.Since(start).Seconds() - observeWithExemplar(statusLabels, httpMetrics.responseDuration, ttfb) + httpMetrics.responseDuration.With(statusLabels).Observe(ttfb) return false }) wrec := NewResponseRecorder(w, nil, writeHeaderRecorder) err := h.mh.ServeHTTP(wrec, r, next) dur := time.Since(start).Seconds() - httpMetrics.requestCount.With(h.labels).Inc() + httpMetrics.requestCount.With(labels).Inc() if err != nil { - httpMetrics.requestErrors.With(h.labels).Inc() + httpMetrics.requestErrors.With(labels).Inc() return err } - observeWithExemplar(statusLabels, httpMetrics.requestDuration, dur) - observeWithExemplar(statusLabels, httpMetrics.requestSize, float64(computeApproximateRequestSize(r))) + httpMetrics.requestDuration.With(statusLabels).Observe(dur) + httpMetrics.requestSize.With(statusLabels).Observe(float64(computeApproximateRequestSize(r))) httpMetrics.responseSize.With(statusLabels).Observe(float64(wrec.Size())) return nil } -func observeWithExemplar(l prometheus.Labels, o *prometheus.HistogramVec, value float64) { - obs := o.With(l) - if oe, ok := obs.(prometheus.ExemplarObserver); ok { - oe.ObserveWithExemplar(value, l) - return - } - // _should_ be a noop, but here just in case... - obs.Observe(value) -} - func sanitizeCode(code int) string { if code == 0 { return "200" diff --git a/modules/caddyhttp/metrics_test.go b/modules/caddyhttp/metrics_test.go index 14248a38..6ac591ff 100644 --- a/modules/caddyhttp/metrics_test.go +++ b/modules/caddyhttp/metrics_test.go @@ -1,6 +1,7 @@ package caddyhttp import ( + "context" "errors" "net/http" "net/http/httptest" @@ -9,6 +10,20 @@ import ( "github.com/prometheus/client_golang/prometheus/testutil" ) +func TestServerNameFromContext(t *testing.T) { + ctx := context.Background() + expected := "UNKNOWN" + if actual := serverNameFromContext(ctx); actual != expected { + t.Errorf("Not equal: expected %q, but got %q", expected, actual) + } + + in := "foo" + ctx = context.WithValue(ctx, ServerCtxKey, &Server{name: in}) + if actual := serverNameFromContext(ctx); actual != in { + t.Errorf("Not equal: expected %q, but got %q", in, actual) + } +} + func TestMetricsInstrumentedHandler(t *testing.T) { handlerErr := errors.New("oh noes") response := []byte("hello world!") @@ -26,7 +41,7 @@ func TestMetricsInstrumentedHandler(t *testing.T) { return h.ServeHTTP(w, r) }) - ih := newMetricsInstrumentedHandler("foo", "bar", mh) + ih := newMetricsInstrumentedHandler("bar", mh) r := httptest.NewRequest("GET", "/", nil) w := httptest.NewRecorder() diff --git a/modules/caddyhttp/routes.go b/modules/caddyhttp/routes.go index be23d39c..83e63540 100644 --- a/modules/caddyhttp/routes.go +++ b/modules/caddyhttp/routes.go @@ -243,12 +243,9 @@ func wrapRoute(route Route) Middleware { // pointer into its own stack frame to preserve it so it // won't be overwritten in future loop iterations. func wrapMiddleware(ctx caddy.Context, mh MiddlewareHandler) Middleware { - // first, wrap the middleware with metrics instrumentation - metricsHandler := newMetricsInstrumentedHandler( - serverNameFromContext(ctx.Context), - caddy.GetModuleName(mh), - mh, - ) + // wrap the middleware with metrics instrumentation + metricsHandler := newMetricsInstrumentedHandler(caddy.GetModuleName(mh), mh) + return func(next Handler) Handler { // copy the next handler (it's an interface, so it's // just a very lightweight copy of a pointer); this diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index 6851e986..4f198e5d 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -122,6 +122,8 @@ type Server struct { // ⚠️ Experimental feature; subject to change or removal. AllowH2C bool `json:"allow_h2c,omitempty"` + name string + primaryHandlerChain Handler errorHandlerChain Handler listenerWrappers []caddy.ListenerWrapper From b1d456d8abf15616afb6c6893af90473b4941365 Mon Sep 17 00:00:00 2001 From: Dave Henderson Date: Mon, 21 Sep 2020 15:42:47 -0400 Subject: [PATCH 0192/1498] metrics: Fix panic when headers aren't written (#3737) Signed-off-by: Dave Henderson --- modules/caddyhttp/metrics.go | 10 +++++++++- modules/caddyhttp/metrics_test.go | 18 ++++++++++++++++++ 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/modules/caddyhttp/metrics.go b/modules/caddyhttp/metrics.go index 74be135f..b764b903 100644 --- a/modules/caddyhttp/metrics.go +++ b/modules/caddyhttp/metrics.go @@ -108,7 +108,7 @@ func newMetricsInstrumentedHandler(handler string, mh MiddlewareHandler) *metric func (h *metricsInstrumentedHandler) ServeHTTP(w http.ResponseWriter, r *http.Request, next Handler) error { server := serverNameFromContext(r.Context()) labels := prometheus.Labels{"server": server, "handler": h.handler} - statusLabels := prometheus.Labels{"server": server, "handler": h.handler, "method": r.Method} + statusLabels := prometheus.Labels{"server": server, "handler": h.handler, "method": r.Method, "code": ""} inFlight := httpMetrics.requestInFlight.With(labels) inFlight.Inc() @@ -134,6 +134,14 @@ func (h *metricsInstrumentedHandler) ServeHTTP(w http.ResponseWriter, r *http.Re return err } + // If the code hasn't been set yet, and we didn't encounter an error, we're + // probably falling through with an empty handler. + if statusLabels["code"] == "" { + // we still sanitize it, even though it's likely to be 0. A 200 is + // returned on fallthrough so we want to reflect that. + statusLabels["code"] = sanitizeCode(wrec.Status()) + } + httpMetrics.requestDuration.With(statusLabels).Observe(dur) httpMetrics.requestSize.With(statusLabels).Observe(float64(computeApproximateRequestSize(r))) httpMetrics.responseSize.With(statusLabels).Observe(float64(wrec.Size())) diff --git a/modules/caddyhttp/metrics_test.go b/modules/caddyhttp/metrics_test.go index 6ac591ff..72f29a70 100644 --- a/modules/caddyhttp/metrics_test.go +++ b/modules/caddyhttp/metrics_test.go @@ -57,6 +57,24 @@ func TestMetricsInstrumentedHandler(t *testing.T) { if err := ih.ServeHTTP(w, r, h); err != nil { t.Errorf("Received unexpected error: %w", err) } + + // an empty handler - no errors, no header written + mh = middlewareHandlerFunc(func(w http.ResponseWriter, r *http.Request, h Handler) error { + return nil + }) + ih = newMetricsInstrumentedHandler("empty", mh) + r = httptest.NewRequest("GET", "/", nil) + w = httptest.NewRecorder() + + if err := ih.ServeHTTP(w, r, h); err != nil { + t.Errorf("Received unexpected error: %w", err) + } + if actual := w.Result().StatusCode; actual != 200 { + t.Errorf("Not same: expected status code %#v, but got %#v", 200, actual) + } + if actual := w.Result().Header; len(actual) != 0 { + t.Errorf("Not empty: expected headers to be empty, but got %#v", actual) + } } type middlewareHandlerFunc func(http.ResponseWriter, *http.Request, Handler) error From fe27f9cf0c7f53c891c35fbcf6a6b3219e85fd0a Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 21 Sep 2020 15:44:41 -0400 Subject: [PATCH 0193/1498] httpcaddyfile: Disallow args on route/handle directive family (#3740) --- caddyconfig/httpcaddyfile/directives.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/caddyconfig/httpcaddyfile/directives.go b/caddyconfig/httpcaddyfile/directives.go index 9e17eeb3..e9ba44c8 100644 --- a/caddyconfig/httpcaddyfile/directives.go +++ b/caddyconfig/httpcaddyfile/directives.go @@ -285,6 +285,11 @@ func parseSegmentAsConfig(h Helper) ([]ConfigValue, error) { var allResults []ConfigValue for h.Next() { + // don't allow non-matcher args on the first line + if h.NextArg() { + return nil, h.ArgErr() + } + // slice the linear list of tokens into top-level segments var segments []caddyfile.Segment for nesting := h.Nesting(); h.NextBlock(nesting); { From be6daa5fd46edc9f66a5129347482b38e22bf103 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 22 Sep 2020 19:37:15 -0400 Subject: [PATCH 0194/1498] httpcaddyfile: Fix panic when parsing route with matchers (#3746) Fixes #3745 --- caddyconfig/httpcaddyfile/directives.go | 6 +++- .../caddyfile_adapt/matchers_in_route.txt | 31 +++++++++++++++++++ 2 files changed, 36 insertions(+), 1 deletion(-) create mode 100644 caddytest/integration/caddyfile_adapt/matchers_in_route.txt diff --git a/caddyconfig/httpcaddyfile/directives.go b/caddyconfig/httpcaddyfile/directives.go index e9ba44c8..5d9a3391 100644 --- a/caddyconfig/httpcaddyfile/directives.go +++ b/caddyconfig/httpcaddyfile/directives.go @@ -304,13 +304,17 @@ func parseSegmentAsConfig(h Helper) ([]ConfigValue, error) { } // find and extract any embedded matcher definitions in this scope - for i, seg := range segments { + for i := 0; i < len(segments); i++ { + seg := segments[i] if strings.HasPrefix(seg.Directive(), matcherPrefix) { + // parse, then add the matcher to matcherDefs err := parseMatcherDefinitions(caddyfile.NewDispenser(seg), matcherDefs) if err != nil { return nil, err } + // remove the matcher segment (consumed), then step back the loop segments = append(segments[:i], segments[i+1:]...) + i-- } } diff --git a/caddytest/integration/caddyfile_adapt/matchers_in_route.txt b/caddytest/integration/caddyfile_adapt/matchers_in_route.txt new file mode 100644 index 00000000..01609b03 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/matchers_in_route.txt @@ -0,0 +1,31 @@ +:80 { + route { + # unused matchers should not panic + # see https://github.com/caddyserver/caddy/issues/3745 + @matcher1 path /path1 + @matcher2 path /path2 + } +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":80" + ], + "routes": [ + { + "handle": [ + { + "handler": "subroute" + } + ] + } + ] + } + } + } + } +} \ No newline at end of file From f197cec7f3a599ca18807e7b7719ef7666cfdb70 Mon Sep 17 00:00:00 2001 From: Dave Henderson Date: Tue, 22 Sep 2020 22:10:34 -0400 Subject: [PATCH 0195/1498] metrics: Always track method label in uppercase (#3742) * metrics: Always track method label in uppercase Signed-off-by: Dave Henderson * Just use strings.ToUpper for clarity Signed-off-by: Dave Henderson --- admin.go | 5 ++-- metrics.go | 45 ++++++++++++++++++++++++++++++++++++ modules/caddyhttp/metrics.go | 7 ++++-- 3 files changed, 52 insertions(+), 5 deletions(-) diff --git a/admin.go b/admin.go index 4ce20998..b2eb5423 100644 --- a/admin.go +++ b/admin.go @@ -36,7 +36,6 @@ import ( "time" "github.com/prometheus/client_golang/prometheus" - "github.com/prometheus/client_golang/prometheus/promhttp" "go.uber.org/zap" ) @@ -111,7 +110,7 @@ func (admin AdminConfig) newAdminHandler(addr NetworkAddress) adminHandler { addRouteWithMetrics := func(pattern string, handlerLabel string, h http.Handler) { labels := prometheus.Labels{"path": pattern, "handler": handlerLabel} - h = promhttp.InstrumentHandlerCounter( + h = instrumentHandlerCounter( adminMetrics.requestCount.MustCurryWith(labels), h, ) @@ -126,7 +125,7 @@ func (admin AdminConfig) newAdminHandler(addr NetworkAddress) adminHandler { labels := prometheus.Labels{ "path": pattern, "handler": handlerLabel, - "method": r.Method, + "method": strings.ToUpper(r.Method), } adminMetrics.requestErrors.With(labels).Inc() } diff --git a/metrics.go b/metrics.go index a7ff3b71..55fb0a31 100644 --- a/metrics.go +++ b/metrics.go @@ -1,6 +1,10 @@ package caddy import ( + "net/http" + "strconv" + "strings" + "github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus/promauto" ) @@ -30,3 +34,44 @@ var adminMetrics = struct { requestCount *prometheus.CounterVec requestErrors *prometheus.CounterVec }{} + +// Similar to promhttp.InstrumentHandlerCounter, but upper-cases method names +// instead of lower-casing them. +// +// Unlike promhttp.InstrumentHandlerCounter, this assumes a "code" and "method" +// label is present, and will panic otherwise. +func instrumentHandlerCounter(counter *prometheus.CounterVec, next http.Handler) http.HandlerFunc { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + d := newDelegator(w) + next.ServeHTTP(d, r) + counter.With(prometheus.Labels{ + "code": sanitizeCode(d.status), + "method": strings.ToUpper(r.Method), + }).Inc() + }) +} + +func newDelegator(w http.ResponseWriter) *delegator { + return &delegator{ + ResponseWriter: w, + } +} + +type delegator struct { + http.ResponseWriter + status int +} + +func (d *delegator) WriteHeader(code int) { + d.status = code + d.ResponseWriter.WriteHeader(code) +} + +func sanitizeCode(s int) string { + switch s { + case 0, 200: + return "200" + default: + return strconv.Itoa(s) + } +} diff --git a/modules/caddyhttp/metrics.go b/modules/caddyhttp/metrics.go index b764b903..3e5d6396 100644 --- a/modules/caddyhttp/metrics.go +++ b/modules/caddyhttp/metrics.go @@ -4,6 +4,7 @@ import ( "context" "net/http" "strconv" + "strings" "sync" "time" @@ -108,7 +109,10 @@ func newMetricsInstrumentedHandler(handler string, mh MiddlewareHandler) *metric func (h *metricsInstrumentedHandler) ServeHTTP(w http.ResponseWriter, r *http.Request, next Handler) error { server := serverNameFromContext(r.Context()) labels := prometheus.Labels{"server": server, "handler": h.handler} - statusLabels := prometheus.Labels{"server": server, "handler": h.handler, "method": r.Method, "code": ""} + method := strings.ToUpper(r.Method) + // the "code" value is set later, but initialized here to eliminate the possibility + // of a panic + statusLabels := prometheus.Labels{"server": server, "handler": h.handler, "method": method, "code": ""} inFlight := httpMetrics.requestInFlight.With(labels) inFlight.Inc() @@ -154,7 +158,6 @@ func sanitizeCode(code int) string { return "200" } return strconv.Itoa(code) - } // taken from https://github.com/prometheus/client_golang/blob/6007b2b5cae01203111de55f753e76d8dac1f529/prometheus/promhttp/instrument_server.go#L298 From a33e4b542689cbe7ac711e3cfde1d2a30c0156ae Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Sat, 26 Sep 2020 02:50:26 +0300 Subject: [PATCH 0196/1498] caddyfile: Add support for `vars` and `vars_regexp` matchers (#3730) * caddyfile: support vars and vars_regexp matchers in the caddyfile * caddyfile: matchers: Brian Kernighan said printf is good debugging tool but didn't say keep them around --- .../caddyfile_adapt/matcher_syntax.txt | 59 +++++++++++++++++++ modules/caddyhttp/matchers.go | 2 + modules/caddyhttp/vars.go | 48 +++++++++++++++ 3 files changed, 109 insertions(+) diff --git a/caddytest/integration/caddyfile_adapt/matcher_syntax.txt b/caddytest/integration/caddyfile_adapt/matcher_syntax.txt index 8cabc582..53ec0232 100644 --- a/caddytest/integration/caddyfile_adapt/matcher_syntax.txt +++ b/caddytest/integration/caddyfile_adapt/matcher_syntax.txt @@ -9,6 +9,15 @@ @matcher3 not method PUT respond @matcher3 "not put" + + @matcher4 vars "{http.request.uri}" "/vars-matcher" + respond @matcher4 "from vars matcher" + + @matcher5 vars_regexp static "{http.request.uri}" `\.([a-f0-9]{6})\.(css|js)$` + respond @matcher5 "from vars_regexp matcher with name" + + @matcher6 vars_regexp "{http.request.uri}" `\.([a-f0-9]{6})\.(css|js)$` + respond @matcher6 "from vars_regexp matcher without name" } ---------- { @@ -68,6 +77,56 @@ "handler": "static_response" } ] + }, + { + "match": [ + { + "vars": { + "{http.request.uri}": "/vars-matcher" + } + } + ], + "handle": [ + { + "body": "from vars matcher", + "handler": "static_response" + } + ] + }, + { + "match": [ + { + "vars_regexp": { + "{http.request.uri}": { + "name": "static", + "pattern": "\\.([a-f0-9]{6})\\.(css|js)$" + } + } + } + ], + "handle": [ + { + "body": "from vars_regexp matcher with name", + "handler": "static_response" + } + ] + }, + { + "match": [ + { + "vars_regexp": { + "{http.request.uri}": { + "pattern": "\\.([a-f0-9]{6})\\.(css|js)$" + } + } + } + ], + "handle": [ + { + "body": "from vars_regexp matcher without name", + "handler": "static_response" + } + ] } ] } diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index 164f4434..a8320242 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -927,6 +927,8 @@ var ( _ caddyfile.Unmarshaler = (*MatchHeaderRE)(nil) _ caddyfile.Unmarshaler = (*MatchProtocol)(nil) _ caddyfile.Unmarshaler = (*MatchRemoteIP)(nil) + _ caddyfile.Unmarshaler = (*VarsMatcher)(nil) + _ caddyfile.Unmarshaler = (*MatchVarsRE)(nil) _ json.Marshaler = (*MatchNot)(nil) _ json.Unmarshaler = (*MatchNot)(nil) diff --git a/modules/caddyhttp/vars.go b/modules/caddyhttp/vars.go index 9561d46c..479ef0a7 100644 --- a/modules/caddyhttp/vars.go +++ b/modules/caddyhttp/vars.go @@ -20,6 +20,7 @@ import ( "net/http" "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" ) func init() { @@ -64,6 +65,24 @@ func (VarsMatcher) CaddyModule() caddy.ModuleInfo { } } +// UnmarshalCaddyfile implements caddyfile.Unmarshaler. +func (m *VarsMatcher) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + if *m == nil { + *m = make(map[string]string) + } + for d.Next() { + var field, val string + if !d.Args(&field, &val) { + return d.Errf("malformed vars matcher: expected both field and value") + } + (*m)[field] = val + if d.NextBlock(0) { + return d.Err("malformed vars matcher: blocks are not supported") + } + } + return nil +} + // Match matches a request based on variables in the context. func (m VarsMatcher) Match(r *http.Request) bool { vars := r.Context().Value(VarsCtxKey).(map[string]interface{}) @@ -106,6 +125,35 @@ func (MatchVarsRE) CaddyModule() caddy.ModuleInfo { } } +// UnmarshalCaddyfile implements caddyfile.Unmarshaler. +func (m *MatchVarsRE) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + if *m == nil { + *m = make(map[string]*MatchRegexp) + } + for d.Next() { + var first, second, third string + if !d.Args(&first, &second) { + return d.ArgErr() + } + + var name, field, val string + if d.Args(&third) { + name = first + field = second + val = third + } else { + field = first + val = second + } + + (*m)[field] = &MatchRegexp{Pattern: val, Name: name} + if d.NextBlock(0) { + return d.Err("malformed vars_regexp matcher: blocks are not supported") + } + } + return nil +} + // Provision compiles m's regular expressions. func (m MatchVarsRE) Provision(ctx caddy.Context) error { for _, rm := range m { From 85152679ce910d0993a2902ec00d199b8cc14e4d Mon Sep 17 00:00:00 2001 From: Dave Henderson Date: Fri, 25 Sep 2020 20:00:08 -0400 Subject: [PATCH 0197/1498] admin: lower log level to Debug for /metrics requests (#3749) * admin: lower log level to Debug for /metrics requests Signed-off-by: Dave Henderson * Apply suggestions from code review Co-authored-by: Matt Holt Co-authored-by: Matt Holt --- admin.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/admin.go b/admin.go index b2eb5423..8ac12fda 100644 --- a/admin.go +++ b/admin.go @@ -311,13 +311,18 @@ type adminHandler struct { // ServeHTTP is the external entry point for API requests. // It will only be called once per request. func (h adminHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { - Log().Named("admin.api").Info("received request", + log := Log().Named("admin.api").With( zap.String("method", r.Method), zap.String("host", r.Host), zap.String("uri", r.RequestURI), zap.String("remote_addr", r.RemoteAddr), zap.Reflect("headers", r.Header), ) + if r.RequestURI == "/metrics" { + log.Debug("received request") + } else { + log.Info("received request") + } h.serveHTTP(w, r) } From dadfe1933b4ddab649b1bd64563eb8a0e4142979 Mon Sep 17 00:00:00 2001 From: Dave Henderson Date: Thu, 1 Oct 2020 12:57:14 -0400 Subject: [PATCH 0198/1498] metrics: fix handler to not run the next route (#3769) Signed-off-by: Dave Henderson --- modules/metrics/metrics.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/metrics/metrics.go b/modules/metrics/metrics.go index eab63423..eff364e2 100644 --- a/modules/metrics/metrics.go +++ b/modules/metrics/metrics.go @@ -85,7 +85,7 @@ func (m *Metrics) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { func (m Metrics) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhttp.Handler) error { m.metricsHandler.ServeHTTP(w, r) - return next.ServeHTTP(w, r) + return nil } // Interface guards From fdfdc033392d6bcc8c98232d5db825fcf4b78a51 Mon Sep 17 00:00:00 2001 From: Christian Flach Date: Thu, 1 Oct 2020 20:15:45 +0200 Subject: [PATCH 0199/1498] reverseproxy: Ignore RFC 1521 params in Content-Type header (#3758) Without this change, a Content-Type header like "text/event-stream;charset=utf-8" would not trigger the immediate flushing. Fixes #3765 --- modules/caddyhttp/reverseproxy/streaming.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/streaming.go b/modules/caddyhttp/reverseproxy/streaming.go index 666cf486..d183244b 100644 --- a/modules/caddyhttp/reverseproxy/streaming.go +++ b/modules/caddyhttp/reverseproxy/streaming.go @@ -21,6 +21,7 @@ package reverseproxy import ( "context" "io" + "mime" "net/http" "sync" "time" @@ -88,11 +89,12 @@ func (h Handler) handleUpgradeResponse(rw http.ResponseWriter, req *http.Request // flushInterval returns the p.FlushInterval value, conditionally // overriding its value for a specific request/response. func (h Handler) flushInterval(req *http.Request, res *http.Response) time.Duration { - resCT := res.Header.Get("Content-Type") + resCTHeader := res.Header.Get("Content-Type") + resCT, _, err := mime.ParseMediaType(resCTHeader) // For Server-Sent Events responses, flush immediately. // The MIME type is defined in https://www.w3.org/TR/eventsource/#text-event-stream - if resCT == "text/event-stream" { + if err == nil && resCT == "text/event-stream" { return -1 // negative means immediately } From aa9c3eb7324461c0dd4f1dd28e767d0b8d0d7ec3 Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Thu, 1 Oct 2020 22:53:19 +0300 Subject: [PATCH 0200/1498] reverseproxy: default to port 80 for upstreams in Caddyfile (#3772) * reverseproxy: default to port 80 for port-less upstream dial addresses * reverseproxy: replace integration test with an adapter test Fixes #3761 --- .../caddyfile_adapt/portless_upstream.txt | 113 ++++++++++++++++++ modules/caddyhttp/reverseproxy/caddyfile.go | 3 + 2 files changed, 116 insertions(+) create mode 100644 caddytest/integration/caddyfile_adapt/portless_upstream.txt diff --git a/caddytest/integration/caddyfile_adapt/portless_upstream.txt b/caddytest/integration/caddyfile_adapt/portless_upstream.txt new file mode 100644 index 00000000..0e060ddf --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/portless_upstream.txt @@ -0,0 +1,113 @@ +whoami.example.com { + reverse_proxy whoami +} + +app.example.com { + reverse_proxy app:80 +} +unix.example.com { + reverse_proxy unix//path/to/socket +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "whoami.example.com" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "handler": "reverse_proxy", + "upstreams": [ + { + "dial": "whoami:80" + } + ] + } + ] + } + ] + } + ], + "terminal": true + }, + { + "match": [ + { + "host": [ + "unix.example.com" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "handler": "reverse_proxy", + "upstreams": [ + { + "dial": "unix//path/to/socket" + } + ] + } + ] + } + ] + } + ], + "terminal": true + }, + { + "match": [ + { + "host": [ + "app.example.com" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "handler": "reverse_proxy", + "upstreams": [ + { + "dial": "app:80" + } + ] + } + ] + } + ] + } + ], + "terminal": true + } + ] + } + } + } + } +} diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index 33f6e7b5..fcaf82b9 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -155,6 +155,9 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { if err != nil { host = upstreamAddr } + if port == "" { + port = "80" + } } // the underlying JSON does not yet support different From 3b9eae70c9cc680792cdc86513f74f7cc49f43b1 Mon Sep 17 00:00:00 2001 From: Aleksei <37804671+aleert@users.noreply.github.com> Date: Thu, 1 Oct 2020 23:02:31 +0300 Subject: [PATCH 0201/1498] reverseproxy: Change 500 error to 502 for lookup_srv config (#3771) Fixes #3763 --- modules/caddyhttp/reverseproxy/reverseproxy.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 138a3fc8..0f93df0e 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -384,7 +384,8 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyht // DialInfo struct should have valid network address syntax dialInfo, err := upstream.fillDialInfo(r) if err != nil { - return fmt.Errorf("making dial info: %v", err) + err = fmt.Errorf("making dial info: %v", err) + return caddyhttp.Error(http.StatusBadGateway, err) } // attach to the request information about how to dial the upstream; From 6722426f1a9e6c8a5fb0bbcafd4b5f99cad2b070 Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Thu, 1 Oct 2020 23:05:39 +0300 Subject: [PATCH 0202/1498] reverseproxy: allow no port for SRV; fix regression in d55d50b (#3756) * reverseproxy: fix breakage in handling SRV lookup introduced by 3695 * reverseproxy: validate against incompatible config options with lookup_srv * reverseproxy: add integration test cases for validations involving lookup_srv * reverseproxy: clarify the reason for skipping an iteration * grammar.. Oxford comma Co-authored-by: Francis Lavoie Co-authored-by: Francis Lavoie Fixes #3753 --- caddytest/integration/reverseproxy_test.go | 103 ++++++++++++++++++ .../caddyhttp/reverseproxy/reverseproxy.go | 36 ++++-- 2 files changed, 129 insertions(+), 10 deletions(-) diff --git a/caddytest/integration/reverseproxy_test.go b/caddytest/integration/reverseproxy_test.go index 8000546d..0505becf 100644 --- a/caddytest/integration/reverseproxy_test.go +++ b/caddytest/integration/reverseproxy_test.go @@ -13,6 +13,109 @@ import ( "github.com/caddyserver/caddy/v2/caddytest" ) +func TestSRVReverseProxy(t *testing.T) { + tester := caddytest.NewTester(t) + tester.InitServer(` + { + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":8080" + ], + "routes": [ + { + "handle": [ + { + "handler": "reverse_proxy", + "upstreams": [ + { + "lookup_srv": "srv.host.service.consul" + } + ] + } + ] + } + ] + } + } + } + } + } + `, "json") +} + +func TestSRVWithDial(t *testing.T) { + caddytest.AssertLoadError(t, ` + { + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":8080" + ], + "routes": [ + { + "handle": [ + { + "handler": "reverse_proxy", + "upstreams": [ + { + "dial": "tcp/address.to.upstream:80", + "lookup_srv": "srv.host.service.consul" + } + ] + } + ] + } + ] + } + } + } + } + } + `, "json", `upstream: specifying dial address is incompatible with lookup_srv: 0: {\"dial\": \"tcp/address.to.upstream:80\", \"lookup_srv\": \"srv.host.service.consul\"}`) +} + +func TestSRVWithActiveHealthcheck(t *testing.T) { + caddytest.AssertLoadError(t, ` + { + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":8080" + ], + "routes": [ + { + "handle": [ + { + "handler": "reverse_proxy", + "health_checks": { + "active": { + "path": "/ok" + } + }, + "upstreams": [ + { + "lookup_srv": "srv.host.service.consul" + } + ] + } + ] + } + ] + } + } + } + } + } + `, "json", `upstream: lookup_srv is incompatible with active health checks: 0: {\"dial\": \"\", \"lookup_srv\": \"srv.host.service.consul\"}`) +} + func TestReverseProxyHealthCheck(t *testing.T) { tester := caddytest.NewTester(t) tester.InitServer(` diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 0f93df0e..eac02b66 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -129,6 +129,21 @@ func (h *Handler) Provision(ctx caddy.Context) error { h.ctx = ctx h.logger = ctx.Logger(h) + // get validation out of the way + for i, v := range h.Upstreams { + // Having LookupSRV non-empty conflicts with 2 other config parameters: active health checks, and upstream dial address. + // Therefore if LookupSRV is empty, then there are no immediately apparent config conflicts, and the iteration can be skipped. + if v.LookupSRV == "" { + continue + } + if h.HealthChecks != nil && h.HealthChecks.Active != nil { + return fmt.Errorf(`upstream: lookup_srv is incompatible with active health checks: %d: {"dial": %q, "lookup_srv": %q}`, i, v.Dial, v.LookupSRV) + } + if v.Dial != "" { + return fmt.Errorf(`upstream: specifying dial address is incompatible with lookup_srv: %d: {"dial": %q, "lookup_srv": %q}`, i, v.Dial, v.LookupSRV) + } + } + // start by loading modules if h.TransportRaw != nil { mod, err := ctx.LoadModule(h, "TransportRaw") @@ -204,17 +219,18 @@ func (h *Handler) Provision(ctx caddy.Context) error { // set up upstreams for _, upstream := range h.Upstreams { - addr, err := caddy.ParseNetworkAddress(upstream.Dial) - if err != nil { - return err + if upstream.LookupSRV == "" { + addr, err := caddy.ParseNetworkAddress(upstream.Dial) + if err != nil { + return err + } + + if addr.PortRangeSize() != 1 { + return fmt.Errorf("multiple addresses (upstream must map to only one address): %v", addr) + } + + upstream.networkAddress = addr } - - if addr.PortRangeSize() != 1 { - return fmt.Errorf("multiple addresses (upstream must map to only one address): %v", addr) - } - - upstream.networkAddress = addr - // create or get the host representation for this upstream var host Host = new(upstreamHost) existingHost, loaded := hosts.LoadOrStore(upstream.String(), host) From 023d702f30d0b7ccc039f2c96ca369def3acb41b Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Thu, 1 Oct 2020 17:11:10 -0600 Subject: [PATCH 0203/1498] Update SECURITY.md --- .github/SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/SECURITY.md b/.github/SECURITY.md index acbfd7b5..5fa5fc1b 100644 --- a/.github/SECURITY.md +++ b/.github/SECURITY.md @@ -11,7 +11,7 @@ Please note that we consider publicly-registered domain names to be public infor | Version | Supported | | ------- | ------------------ | | 2.x | :white_check_mark: | -| 1.x | :white_check_mark: (EOL 1 Oct 2020) | +| 1.x | :x: | | < 1.x | :x: | ## Reporting a Vulnerability From 25d2b4bf2927bf69ddce582d33339ef7d13cb6bf Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 2 Oct 2020 14:23:40 -0600 Subject: [PATCH 0204/1498] map: Reimplement; multiple outputs; optimize --- caddyconfig/httpcaddyfile/builtins.go | 4 +- caddytest/caddytest.go | 2 +- caddytest/integration/map_test.go | 133 ++++++++++----------- caddytest/integration/sni_test.go | 5 +- modules/caddyhttp/map/caddyfile.go | 86 +++++++++----- modules/caddyhttp/map/map.go | 163 +++++++++++++++++++------- 6 files changed, 246 insertions(+), 147 deletions(-) diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index aacf32ce..5ba35aa3 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -75,10 +75,10 @@ func parseBind(h Helper) ([]ConfigValue, error) { // load // ca // ca_root -// dns +// dns [...] // on_demand // eab -// issuer ... +// issuer [...] // } // func parseTLS(h Helper) ([]ConfigValue, error) { diff --git a/caddytest/caddytest.go b/caddytest/caddytest.go index 1dda345f..85a6373b 100644 --- a/caddytest/caddytest.go +++ b/caddytest/caddytest.go @@ -430,7 +430,7 @@ func (tc *Tester) AssertResponse(req *http.Request, expectedStatusCode int, expe body := string(bytes) - if !strings.Contains(body, expectedBody) { + if body != expectedBody { tc.t.Errorf("requesting \"%s\" expected response body \"%s\" but got \"%s\"", req.RequestURI, expectedBody, body) } diff --git a/caddytest/integration/map_test.go b/caddytest/integration/map_test.go index e31b95a5..dc077ee7 100644 --- a/caddytest/integration/map_test.go +++ b/caddytest/integration/map_test.go @@ -8,7 +8,6 @@ import ( ) func TestMap(t *testing.T) { - // arrange tester := caddytest.NewTester(t) tester.InitServer(`{ @@ -18,25 +17,24 @@ func TestMap(t *testing.T) { localhost:9080 { - map http.request.method dest-name { + map {http.request.method} {dest-1} {dest-2} { default unknown - G.T get-called - POST post-called + ~G.T get-called + POST post-called foobar } respond /version 200 { - body "hello from localhost {dest-name}" + body "hello from localhost {dest-1} {dest-2}" } } `, "caddyfile") // act and assert - tester.AssertGetResponse("http://localhost:9080/version", 200, "hello from localhost get-called") - tester.AssertPostResponseBody("http://localhost:9080/version", []string{}, bytes.NewBuffer([]byte{}), 200, "hello from localhost post-called") + tester.AssertGetResponse("http://localhost:9080/version", 200, "hello from localhost get-called ") + tester.AssertPostResponseBody("http://localhost:9080/version", []string{}, bytes.NewBuffer([]byte{}), 200, "hello from localhost post-called foobar") } func TestMapRespondWithDefault(t *testing.T) { - // arrange tester := caddytest.NewTester(t) tester.InitServer(`{ @@ -46,9 +44,9 @@ func TestMapRespondWithDefault(t *testing.T) { localhost:9080 { - map http.request.method dest-name { + map {http.request.method} {dest-name} { default unknown - GET get-called + GET get-called } respond /version 200 { @@ -63,80 +61,75 @@ func TestMapRespondWithDefault(t *testing.T) { } func TestMapAsJson(t *testing.T) { - // arrange tester := caddytest.NewTester(t) - tester.InitServer(`{ + tester.InitServer(` + { "apps": { "http": { - "http_port": 9080, - "https_port": 9443, - "servers": { - "srv0": { - "listen": [ - ":9080" - ], - "routes": [ - { - "handle": [ - { - "handler": "subroute", + "http_port": 9080, + "https_port": 9443, + "servers": { + "srv0": { + "listen": [ + ":9080" + ], "routes": [ { - "handle": [ - { - "handler": "map", - "source": "http.request.method", - "destination": "dest-name", - "default": "unknown", - "items": [ + "handle": [ { - "expression": "GET", - "value": "get-called" - }, - { - "expression": "POST", - "value": "post-called" + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "handler": "map", + "source": "{http.request.method}", + "destinations": ["dest-name"], + "defaults": ["unknown"], + "mappings": [ + { + "input": "GET", + "outputs": ["get-called"] + }, + { + "input": "POST", + "outputs": ["post-called"] + } + ] + } + ] + }, + { + "handle": [ + { + "body": "hello from localhost {dest-name}", + "handler": "static_response", + "status_code": 200 + } + ], + "match": [ + { + "path": ["/version"] + } + ] + } + ] } - ] - } - ] - }, - { - "handle": [ - { - "body": "hello from localhost {dest-name}", - "handler": "static_response", - "status_code": 200 - } - ], - "match": [ - { - "path": [ - "/version" - ] - } - ] + ], + "match": [ + { + "host": ["localhost"] + } + ], + "terminal": true } ] - } - ], - "match": [ - { - "host": [ - "localhost" - ] - } - ], - "terminal": true } - ] } } - } } - } - `, "json") + }`, "json") tester.AssertGetResponse("http://localhost:9080/version", 200, "hello from localhost get-called") tester.AssertPostResponseBody("http://localhost:9080/version", []string{}, bytes.NewBuffer([]byte{}), 200, "hello from localhost post-called") diff --git a/caddytest/integration/sni_test.go b/caddytest/integration/sni_test.go index 46f7c83e..813e9a05 100644 --- a/caddytest/integration/sni_test.go +++ b/caddytest/integration/sni_test.go @@ -99,7 +99,7 @@ func TestDefaultSNI(t *testing.T) { // act and assert // makes a request with no sni - tester.AssertGetResponse("https://127.0.0.1:9443/version", 200, "hello from a") + tester.AssertGetResponse("https://127.0.0.1:9443/version", 200, "hello from a.caddy.localhost") } func TestDefaultSNIWithNamedHostAndExplicitIP(t *testing.T) { @@ -204,7 +204,6 @@ func TestDefaultSNIWithNamedHostAndExplicitIP(t *testing.T) { } func TestDefaultSNIWithPortMappingOnly(t *testing.T) { - // arrange tester := caddytest.NewTester(t) tester.InitServer(` @@ -273,7 +272,7 @@ func TestDefaultSNIWithPortMappingOnly(t *testing.T) { // act and assert // makes a request with no sni - tester.AssertGetResponse("https://127.0.0.1:9443/version", 200, "hello from a") + tester.AssertGetResponse("https://127.0.0.1:9443/version", 200, "hello from a.caddy.localhost") } func TestHttpOnlyOnDomainWithSNI(t *testing.T) { diff --git a/modules/caddyhttp/map/caddyfile.go b/modules/caddyhttp/map/caddyfile.go index 57379710..67c148bd 100644 --- a/modules/caddyhttp/map/caddyfile.go +++ b/modules/caddyhttp/map/caddyfile.go @@ -15,6 +15,8 @@ package maphandler import ( + "strings" + "github.com/caddyserver/caddy/v2/caddyconfig/httpcaddyfile" "github.com/caddyserver/caddy/v2/modules/caddyhttp" ) @@ -23,49 +25,75 @@ func init() { httpcaddyfile.RegisterHandlerDirective("map", parseCaddyfile) } -// parseCaddyfile sets up the handler for a map from Caddyfile tokens. Syntax: +// parseCaddyfile sets up the map handler from Caddyfile tokens. Syntax: // -// map { -// [default ] - used if not match is found -// [ ] - regular expression to match against the source find and the matching replacement value -// ... +// map [] { +// [~] +// default // } // -// The map takes a source variable and maps it into the dest variable. The mapping process -// will check the source variable for the first successful match against a list of regular expressions. -// If a successful match is found the dest variable will contain the replacement value. -// If no successful match is found and the default is specified then the dest will contain the default value. +// If the input value is prefixed with a tilde (~), then the input will be parsed as a +// regular expression. // +// The number of outputs for each mapping must not be more than the number of destinations. +// However, for convenience, there may be fewer outputs than destinations and any missing +// outputs will be filled in implicitly. func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) { - m := new(Handler) + var handler Handler for h.Next() { - // first see if source and dest are configured - if h.NextArg() { - m.Source = h.Val() - if h.NextArg() { - m.Destination = h.Val() - } + // source + if !h.NextArg() { + return nil, h.ArgErr() + } + handler.Source = h.Val() + + // destinations + handler.Destinations = h.RemainingArgs() + if len(handler.Destinations) == 0 { + return nil, h.Err("missing destination argument(s)") } - // load the rules + // mappings for h.NextBlock(0) { - expression := h.Val() - if expression == "default" { - args := h.RemainingArgs() - if len(args) != 1 { - return m, h.ArgErr() + // defaults are a special case + if h.Val() == "default" { + if len(handler.Defaults) > 0 { + return nil, h.Err("defaults already defined") } - m.Default = args[0] - } else { - args := h.RemainingArgs() - if len(args) != 1 { - return m, h.ArgErr() + handler.Defaults = h.RemainingArgs() + for len(handler.Defaults) < len(handler.Destinations) { + handler.Defaults = append(handler.Defaults, "") } - m.Items = append(m.Items, Item{Expression: expression, Value: args[0]}) + continue } + + // every other line maps one input to one or more outputs + in := h.Val() + outs := h.RemainingArgs() + + // cannot have more outputs than destinations + if len(outs) > len(handler.Destinations) { + return nil, h.Err("too many outputs") + } + + // for convenience, can have fewer outputs than destinations, but the + // underlying handler won't accept that, so we fill in empty values + for len(outs) < len(handler.Destinations) { + outs = append(outs, "") + } + + // create the mapping + mapping := Mapping{Outputs: outs} + if strings.HasPrefix(in, "~") { + mapping.InputRegexp = in[1:] + } else { + mapping.Input = in + } + + handler.Mappings = append(handler.Mappings, mapping) } } - return m, nil + return handler, nil } diff --git a/modules/caddyhttp/map/map.go b/modules/caddyhttp/map/map.go index d2a0a0ab..29aa19f2 100644 --- a/modules/caddyhttp/map/map.go +++ b/modules/caddyhttp/map/map.go @@ -15,8 +15,11 @@ package maphandler import ( + "fmt" + "log" "net/http" "regexp" + "strings" "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/modules/caddyhttp" @@ -26,27 +29,26 @@ func init() { caddy.RegisterModule(Handler{}) } -// Handler is a middleware that maps a source placeholder to a destination -// placeholder. -// -// The mapping process happens early in the request handling lifecycle so that -// the Destination placeholder is calculated and available for substitution. -// The Items array contains pairs of regex expressions and values, the -// Source is matched against the expression, if they match then the destination -// placeholder is set to the value. -// -// The Default is optional, if no Item expression is matched then the value of -// the Default will be used. +// Handler implements a middleware that maps inputs to outputs. Specifically, it +// compares a source value against the map inputs, and for one that matches, it +// applies the output values to each destination. Destinations become placeholder +// names. // +// Mapped placeholders are not evaluated until they are used, so even for very +// large mappings, this handler is quite efficient. type Handler struct { - // Source is a placeholder + // Source is the placeholder from which to get the input value. Source string `json:"source,omitempty"` - // Destination is a new placeholder - Destination string `json:"destination,omitempty"` - // Default is an optional value to use if no other was found - Default string `json:"default,omitempty"` - // Items is an array of regex expressions and values - Items []Item `json:"items,omitempty"` + + // Destinations are the placeholders in which to store the outputs. + Destinations []string `json:"destinations,omitempty"` + + // Mappings from source values (inputs) to destination values (outputs). + // The first matching mapping will be applied. + Mappings []Mapping `json:"mappings,omitempty"` + + // If no mappings match, the default value will be applied (optional). + Defaults []string } // CaddyModule returns the Caddy module information. @@ -57,10 +59,52 @@ func (Handler) CaddyModule() caddy.ModuleInfo { } } -// Provision will compile all regular expressions +// Provision sets up h. func (h *Handler) Provision(_ caddy.Context) error { - for i := 0; i < len(h.Items); i++ { - h.Items[i].compiled = regexp.MustCompile(h.Items[i].Expression) + for j, dest := range h.Destinations { + h.Destinations[j] = strings.Trim(dest, "{}") + } + + for i, m := range h.Mappings { + if m.InputRegexp == "" { + continue + } + if m.Input != "" { + return fmt.Errorf("mapping %d has both input and input_regexp fields specified, which is confusing", i) + } + var err error + h.Mappings[i].re, err = regexp.Compile(m.InputRegexp) + if err != nil { + return fmt.Errorf("compiling regexp for mapping %d: %v", i, err) + } + } + + // TODO: improve efficiency even further by using an actual map type + // for the non-regexp mappings, OR sort them and do a binary search + + return nil +} + +// Validate ensures that h is configured properly. +func (h *Handler) Validate() error { + nDest, nDef := len(h.Destinations), len(h.Defaults) + if nDef > 0 && nDef != nDest { + return fmt.Errorf("%d destinations != %d defaults", nDest, nDef) + } + + seen := make(map[string]int) + for i, m := range h.Mappings { + // prevent duplicate mappings + if prev, ok := seen[m.Input]; ok { + return fmt.Errorf("mapping %d has a duplicate input '%s' previously used with mapping %d", i, m.Input, prev) + } + seen[m.Input] = i + + // ensure mappings have 1:1 output-to-destination correspondence + nOut := len(m.Outputs) + if nOut != nDest { + return fmt.Errorf("mapping %d has %d outputs but there are %d destinations defined", i, nOut, nDest) + } } return nil } @@ -68,38 +112,73 @@ func (h *Handler) Provision(_ caddy.Context) error { func (h Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhttp.Handler) error { repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) - // get the source value, if the source value was not found do no - // replacement. - val, ok := repl.GetString(h.Source) - if ok { - found := false - for i := 0; i < len(h.Items); i++ { - if h.Items[i].compiled.MatchString(val) { - found = true - repl.Set(h.Destination, h.Items[i].Value) - break + // defer work until a variable is actually evaluated by using replacer's Map callback + repl.Map(func(key string) (interface{}, bool) { + // return early if the variable is not even a configured destination + destIdx := h.destinationIndex(key) + if destIdx < 0 { + return nil, false + } + + input := repl.ReplaceAll(h.Source, "") + + // find the first mapping matching the input and return + // the requested destination/output value + for _, m := range h.Mappings { + log.Printf("MAPPING: %+v", m) + if m.re != nil { + if m.re.MatchString(input) { + return m.Outputs[destIdx], true + } + continue + } + if input == m.Input { + log.Printf("RETURNING: %s", m.Outputs[destIdx]) + return m.Outputs[destIdx], true } } - if !found && h.Default != "" { - repl.Set(h.Destination, h.Default) + // fall back to default if no match + if len(h.Defaults) > destIdx { + return h.Defaults[destIdx], true } - } + + return nil, true + }) + return next.ServeHTTP(w, r) } -// Item defines each entry in the map -type Item struct { - // Expression is the regular expression searched for - Expression string `json:"expression,omitempty"` - // Value to use once the expression has been found - Value string `json:"value,omitempty"` - // compiled expression, internal use - compiled *regexp.Regexp +// destinationIndex returns the positional index of the destination +// is name is a known destination; otherwise it returns -1. +func (h Handler) destinationIndex(name string) int { + for i, dest := range h.Destinations { + if dest == name { + return i + } + } + return -1 +} + +// Mapping describes a mapping from input to outputs. +type Mapping struct { + // The input value to match. Must be distinct from other mappings. + // Mutually exclusive to input_regexp. + Input string `json:"input,omitempty"` + + // The input regular expression to match. Mutually exclusive to input. + InputRegexp string `json:"input_regexp,omitempty"` + + // Upon a match with the input, each output is positionally correlated + // with each destination of the parent handler. + Outputs []string `json:"outputs,omitempty"` + + re *regexp.Regexp } // Interface guards var ( _ caddy.Provisioner = (*Handler)(nil) + _ caddy.Validator = (*Handler)(nil) _ caddyhttp.MiddlewareHandler = (*Handler)(nil) ) From 0fc47e8357af5ccd6f800819722229b1a279e5b5 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 2 Oct 2020 15:23:52 -0600 Subject: [PATCH 0205/1498] map: Apply default if mapped output is nil --- caddytest/integration/map_test.go | 4 ++-- modules/caddyhttp/map/caddyfile.go | 9 ++++++--- modules/caddyhttp/map/map.go | 24 +++++++++++++++--------- 3 files changed, 23 insertions(+), 14 deletions(-) diff --git a/caddytest/integration/map_test.go b/caddytest/integration/map_test.go index dc077ee7..aa535ecd 100644 --- a/caddytest/integration/map_test.go +++ b/caddytest/integration/map_test.go @@ -18,7 +18,7 @@ func TestMap(t *testing.T) { localhost:9080 { map {http.request.method} {dest-1} {dest-2} { - default unknown + default unknown1 unknown2 ~G.T get-called POST post-called foobar } @@ -30,7 +30,7 @@ func TestMap(t *testing.T) { `, "caddyfile") // act and assert - tester.AssertGetResponse("http://localhost:9080/version", 200, "hello from localhost get-called ") + tester.AssertGetResponse("http://localhost:9080/version", 200, "hello from localhost get-called unknown2") tester.AssertPostResponseBody("http://localhost:9080/version", []string{}, bytes.NewBuffer([]byte{}), 200, "hello from localhost post-called foobar") } diff --git a/modules/caddyhttp/map/caddyfile.go b/modules/caddyhttp/map/caddyfile.go index 67c148bd..eb0c5ae3 100644 --- a/modules/caddyhttp/map/caddyfile.go +++ b/modules/caddyhttp/map/caddyfile.go @@ -70,7 +70,10 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) // every other line maps one input to one or more outputs in := h.Val() - outs := h.RemainingArgs() + var outs []interface{} + for _, out := range h.RemainingArgs() { + outs = append(outs, out) + } // cannot have more outputs than destinations if len(outs) > len(handler.Destinations) { @@ -78,9 +81,9 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) } // for convenience, can have fewer outputs than destinations, but the - // underlying handler won't accept that, so we fill in empty values + // underlying handler won't accept that, so we fill in nil values for len(outs) < len(handler.Destinations) { - outs = append(outs, "") + outs = append(outs, nil) } // create the mapping diff --git a/modules/caddyhttp/map/map.go b/modules/caddyhttp/map/map.go index 29aa19f2..ba90e6f5 100644 --- a/modules/caddyhttp/map/map.go +++ b/modules/caddyhttp/map/map.go @@ -16,7 +16,6 @@ package maphandler import ( "fmt" - "log" "net/http" "regexp" "strings" @@ -40,14 +39,15 @@ type Handler struct { // Source is the placeholder from which to get the input value. Source string `json:"source,omitempty"` - // Destinations are the placeholders in which to store the outputs. + // Destinations are the names of placeholders in which to store the outputs. Destinations []string `json:"destinations,omitempty"` // Mappings from source values (inputs) to destination values (outputs). // The first matching mapping will be applied. Mappings []Mapping `json:"mappings,omitempty"` - // If no mappings match, the default value will be applied (optional). + // If no mappings match or if the mapped output is null/nil, the associated + // default output will be applied (optional). Defaults []string } @@ -125,20 +125,26 @@ func (h Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhtt // find the first mapping matching the input and return // the requested destination/output value for _, m := range h.Mappings { - log.Printf("MAPPING: %+v", m) if m.re != nil { if m.re.MatchString(input) { - return m.Outputs[destIdx], true + if output := m.Outputs[destIdx]; output == nil { + break + } else { + return output, true + } } continue } if input == m.Input { - log.Printf("RETURNING: %s", m.Outputs[destIdx]) - return m.Outputs[destIdx], true + if output := m.Outputs[destIdx]; output == nil { + break + } else { + return output, true + } } } - // fall back to default if no match + // fall back to default if no match or if matched nil value if len(h.Defaults) > destIdx { return h.Defaults[destIdx], true } @@ -171,7 +177,7 @@ type Mapping struct { // Upon a match with the input, each output is positionally correlated // with each destination of the parent handler. - Outputs []string `json:"outputs,omitempty"` + Outputs []interface{} `json:"outputs,omitempty"` re *regexp.Regexp } From ef8a372a1ce8ed8630bbe227349783c5a74c69b2 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 2 Oct 2020 16:08:28 -0600 Subject: [PATCH 0206/1498] map: Bug fixes; null literal with hyphen in Caddyfile --- modules/caddyhttp/map/caddyfile.go | 9 ++++++++- modules/caddyhttp/map/map.go | 29 ++++++++++++++++++----------- 2 files changed, 26 insertions(+), 12 deletions(-) diff --git a/modules/caddyhttp/map/caddyfile.go b/modules/caddyhttp/map/caddyfile.go index eb0c5ae3..77d4c46d 100644 --- a/modules/caddyhttp/map/caddyfile.go +++ b/modules/caddyhttp/map/caddyfile.go @@ -35,6 +35,9 @@ func init() { // If the input value is prefixed with a tilde (~), then the input will be parsed as a // regular expression. // +// The Caddyfile adapter treats outputs that are a literal hyphen (-) as a null/nil +// value. This is useful if you want to fall back to default for that particular output. +// // The number of outputs for each mapping must not be more than the number of destinations. // However, for convenience, there may be fewer outputs than destinations and any missing // outputs will be filled in implicitly. @@ -72,7 +75,11 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) in := h.Val() var outs []interface{} for _, out := range h.RemainingArgs() { - outs = append(outs, out) + if out == "-" { + outs = append(outs, nil) + } else { + outs = append(outs, out) + } } // cannot have more outputs than destinations diff --git a/modules/caddyhttp/map/map.go b/modules/caddyhttp/map/map.go index ba90e6f5..bfb21154 100644 --- a/modules/caddyhttp/map/map.go +++ b/modules/caddyhttp/map/map.go @@ -43,7 +43,7 @@ type Handler struct { Destinations []string `json:"destinations,omitempty"` // Mappings from source values (inputs) to destination values (outputs). - // The first matching mapping will be applied. + // The first matching, non-nil mapping will be applied. Mappings []Mapping `json:"mappings,omitempty"` // If no mappings match or if the mapped output is null/nil, the associated @@ -69,9 +69,6 @@ func (h *Handler) Provision(_ caddy.Context) error { if m.InputRegexp == "" { continue } - if m.Input != "" { - return fmt.Errorf("mapping %d has both input and input_regexp fields specified, which is confusing", i) - } var err error h.Mappings[i].re, err = regexp.Compile(m.InputRegexp) if err != nil { @@ -94,11 +91,20 @@ func (h *Handler) Validate() error { seen := make(map[string]int) for i, m := range h.Mappings { - // prevent duplicate mappings - if prev, ok := seen[m.Input]; ok { - return fmt.Errorf("mapping %d has a duplicate input '%s' previously used with mapping %d", i, m.Input, prev) + // prevent confusing/ambiguous mappings + if m.Input != "" && m.InputRegexp != "" { + return fmt.Errorf("mapping %d has both input and input_regexp fields specified, which is confusing", i) } - seen[m.Input] = i + + // prevent duplicate mappings + input := m.Input + if m.InputRegexp != "" { + input = m.InputRegexp + } + if prev, ok := seen[input]; ok { + return fmt.Errorf("mapping %d has a duplicate input '%s' previously used with mapping %d", i, input, prev) + } + seen[input] = i // ensure mappings have 1:1 output-to-destination correspondence nOut := len(m.Outputs) @@ -128,7 +134,7 @@ func (h Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhtt if m.re != nil { if m.re.MatchString(input) { if output := m.Outputs[destIdx]; output == nil { - break + continue } else { return output, true } @@ -137,7 +143,7 @@ func (h Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhtt } if input == m.Input { if output := m.Outputs[destIdx]; output == nil { - break + continue } else { return output, true } @@ -176,7 +182,8 @@ type Mapping struct { InputRegexp string `json:"input_regexp,omitempty"` // Upon a match with the input, each output is positionally correlated - // with each destination of the parent handler. + // with each destination of the parent handler. An output that is null + // (nil) will be treated as if it was not mapped at all. Outputs []interface{} `json:"outputs,omitempty"` re *regexp.Regexp From e34d9f1244439a01a195febd966c7c5d88c98d33 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Fri, 9 Oct 2020 11:32:09 -0600 Subject: [PATCH 0207/1498] readme: Add link to website for download instructions (#3785) * add Webi as install method * link to install page --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index a84b41dc..35cc89c2 100644 --- a/README.md +++ b/README.md @@ -22,6 +22,7 @@ ### Menu - [Features](#features) +- [Install](#install) - [Build from source](#build-from-source) - [For development](#for-development) - [With version information and/or plugins](#with-version-information-andor-plugins) @@ -56,7 +57,11 @@ - Actually **fun to use** - So, so much more to discover +## Install +You can install Caddy by downloading from the Github Releases and placing it in your PATH. + +For other install options, see https://caddyserver.com/docs/download. ## Build from source From c7efb0307d425eb533885e314518c370a06763da Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Tue, 13 Oct 2020 10:35:20 -0600 Subject: [PATCH 0208/1498] reverseproxy: Fix dial placeholders, SRV, active health checks (#3780) * reverseproxy: Fix dial placeholders, SRV, active health checks Supercedes #3776 Partially reverts or updates #3756, #3693, and #3695 * reverseproxy: add integration tests Co-authored-by: Mohammed Al Sahaf --- caddytest/integration/reverseproxy_test.go | 238 ++++++++++++++++++ .../caddyhttp/reverseproxy/healthchecks.go | 43 +++- modules/caddyhttp/reverseproxy/hosts.go | 1 - .../caddyhttp/reverseproxy/httptransport.go | 3 - .../caddyhttp/reverseproxy/reverseproxy.go | 18 +- 5 files changed, 270 insertions(+), 33 deletions(-) diff --git a/caddytest/integration/reverseproxy_test.go b/caddytest/integration/reverseproxy_test.go index 0505becf..e838d869 100644 --- a/caddytest/integration/reverseproxy_test.go +++ b/caddytest/integration/reverseproxy_test.go @@ -79,6 +79,244 @@ func TestSRVWithDial(t *testing.T) { `, "json", `upstream: specifying dial address is incompatible with lookup_srv: 0: {\"dial\": \"tcp/address.to.upstream:80\", \"lookup_srv\": \"srv.host.service.consul\"}`) } +func TestDialWithPlaceholderUnix(t *testing.T) { + + if runtime.GOOS == "windows" { + t.SkipNow() + } + + f, err := ioutil.TempFile("", "*.sock") + if err != nil { + t.Errorf("failed to create TempFile: %s", err) + return + } + // a hack to get a file name within a valid path to use as socket + socketName := f.Name() + os.Remove(f.Name()) + + server := http.Server{ + Handler: http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { + w.Write([]byte("Hello, World!")) + }), + } + + unixListener, err := net.Listen("unix", socketName) + if err != nil { + t.Errorf("failed to listen on the socket: %s", err) + return + } + go server.Serve(unixListener) + t.Cleanup(func() { + server.Close() + }) + runtime.Gosched() // Allow other goroutines to run + + tester := caddytest.NewTester(t) + tester.InitServer(` + { + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":8080" + ], + "routes": [ + { + "handle": [ + { + "handler": "reverse_proxy", + "upstreams": [ + { + "dial": "unix/{http.request.header.X-Caddy-Upstream-Dial}" + } + ] + } + ] + } + ] + } + } + } + } + } + `, "json") + + req, err := http.NewRequest(http.MethodGet, "http://localhost:8080", nil) + if err != nil { + t.Fail() + return + } + req.Header.Set("X-Caddy-Upstream-Dial", socketName) + tester.AssertResponse(req, 200, "Hello, World!") +} + +func TestReverseProxyWithPlaceholderDialAddress(t *testing.T) { + tester := caddytest.NewTester(t) + tester.InitServer(` + { + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":8080" + ], + "routes": [ + { + "match": [ + { + "host": [ + "localhost" + ] + } + ], + "handle": [ + { + "handler": "static_response", + "body": "Hello, World!" + } + ], + "terminal": true + } + ], + "automatic_https": { + "skip": [ + "localhost" + ] + } + }, + "srv1": { + "listen": [ + ":9080" + ], + "routes": [ + { + "match": [ + { + "host": [ + "localhost" + ] + } + ], + "handle": [ + { + + "handler": "reverse_proxy", + "upstreams": [ + { + "dial": "{http.request.header.X-Caddy-Upstream-Dial}" + } + ] + } + ], + "terminal": true + } + ], + "automatic_https": { + "skip": [ + "localhost" + ] + } + } + } + } + } + } + `, "json") + + req, err := http.NewRequest(http.MethodGet, "http://localhost:9080", nil) + if err != nil { + t.Fail() + return + } + req.Header.Set("X-Caddy-Upstream-Dial", "localhost:8080") + tester.AssertResponse(req, 200, "Hello, World!") +} + +func TestReverseProxyWithPlaceholderTCPDialAddress(t *testing.T) { + tester := caddytest.NewTester(t) + tester.InitServer(` + { + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":8080" + ], + "routes": [ + { + "match": [ + { + "host": [ + "localhost" + ] + } + ], + "handle": [ + { + "handler": "static_response", + "body": "Hello, World!" + } + ], + "terminal": true + } + ], + "automatic_https": { + "skip": [ + "localhost" + ] + } + }, + "srv1": { + "listen": [ + ":9080" + ], + "routes": [ + { + "match": [ + { + "host": [ + "localhost" + ] + } + ], + "handle": [ + { + + "handler": "reverse_proxy", + "upstreams": [ + { + "dial": "tcp/{http.request.header.X-Caddy-Upstream-Dial}:8080" + } + ] + } + ], + "terminal": true + } + ], + "automatic_https": { + "skip": [ + "localhost" + ] + } + } + } + } + } + } + `, "json") + + req, err := http.NewRequest(http.MethodGet, "http://localhost:9080", nil) + if err != nil { + t.Fail() + return + } + req.Header.Set("X-Caddy-Upstream-Dial", "localhost") + tester.AssertResponse(req, 200, "Hello, World!") +} + func TestSRVWithActiveHealthcheck(t *testing.T) { caddytest.AssertLoadError(t, ` { diff --git a/modules/caddyhttp/reverseproxy/healthchecks.go b/modules/caddyhttp/reverseproxy/healthchecks.go index 410b9d4a..4e933208 100644 --- a/modules/caddyhttp/reverseproxy/healthchecks.go +++ b/modules/caddyhttp/reverseproxy/healthchecks.go @@ -154,23 +154,42 @@ func (h *Handler) doActiveHealthCheckForAllHosts() { } }() - portStr := strconv.Itoa(upstream.activeHealthCheckPort) - hostAddr := net.JoinHostPort(upstream.networkAddress.Host, portStr) - if upstream.networkAddress.IsUnixNetwork() { + networkAddr, err := caddy.NewReplacer().ReplaceOrErr(upstream.Dial, true, true) + if err != nil { + h.HealthChecks.Active.logger.Error("invalid use of placeholders in dial address for active health checks", + zap.String("address", networkAddr), + zap.Error(err), + ) + return + } + addr, err := caddy.ParseNetworkAddress(networkAddr) + if err != nil { + h.HealthChecks.Active.logger.Error("bad network address", + zap.String("address", networkAddr), + zap.Error(err), + ) + return + } + if hcp := uint(upstream.activeHealthCheckPort); hcp != 0 { + if addr.IsUnixNetwork() { + addr.Network = "tcp" // I guess we just assume TCP since we are using a port?? + } + addr.StartPort, addr.EndPort = hcp, hcp + } + if upstream.LookupSRV == "" && addr.PortRangeSize() != 1 { + h.HealthChecks.Active.logger.Error("multiple addresses (upstream must map to only one address)", + zap.String("address", networkAddr), + ) + return + } + hostAddr := addr.JoinHostPort(0) + if addr.IsUnixNetwork() { // this will be used as the Host portion of a http.Request URL, and // paths to socket files would produce an error when creating URL, // so use a fake Host value instead; unix sockets are usually local hostAddr = "localhost" } - - dialInfo := DialInfo{ - Upstream: upstream, - Network: upstream.networkAddress.Network, - Host: upstream.networkAddress.Host, - Port: portStr, - Address: hostAddr, - } - err := h.doActiveHealthCheck(dialInfo, hostAddr, upstream.Host) + err = h.doActiveHealthCheck(DialInfo{Network: addr.Network, Address: hostAddr}, hostAddr, upstream.Host) if err != nil { h.HealthChecks.Active.logger.Error("active health check failed", zap.String("address", hostAddr), diff --git a/modules/caddyhttp/reverseproxy/hosts.go b/modules/caddyhttp/reverseproxy/hosts.go index b7b8c9b5..b9817d23 100644 --- a/modules/caddyhttp/reverseproxy/hosts.go +++ b/modules/caddyhttp/reverseproxy/hosts.go @@ -92,7 +92,6 @@ type Upstream struct { // HeaderAffinity string // IPAffinity string - networkAddress caddy.NetworkAddress activeHealthCheckPort int healthCheckPolicy *PassiveHealthChecks cb CircuitBreaker diff --git a/modules/caddyhttp/reverseproxy/httptransport.go b/modules/caddyhttp/reverseproxy/httptransport.go index 7e3bb69c..dce7b9e8 100644 --- a/modules/caddyhttp/reverseproxy/httptransport.go +++ b/modules/caddyhttp/reverseproxy/httptransport.go @@ -182,9 +182,6 @@ func (h *HTTPTransport) NewTransport(ctx caddy.Context) (*http.Transport, error) if dialInfo, ok := GetDialInfo(ctx); ok { network = dialInfo.Network address = dialInfo.Address - if dialInfo.Upstream.networkAddress.IsUnixNetwork() { - address = dialInfo.Host - } } conn, err := dialer.DialContext(ctx, network, address) if err != nil { diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index eac02b66..305a0b38 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -129,10 +129,8 @@ func (h *Handler) Provision(ctx caddy.Context) error { h.ctx = ctx h.logger = ctx.Logger(h) - // get validation out of the way + // verify SRV compatibility for i, v := range h.Upstreams { - // Having LookupSRV non-empty conflicts with 2 other config parameters: active health checks, and upstream dial address. - // Therefore if LookupSRV is empty, then there are no immediately apparent config conflicts, and the iteration can be skipped. if v.LookupSRV == "" { continue } @@ -219,18 +217,6 @@ func (h *Handler) Provision(ctx caddy.Context) error { // set up upstreams for _, upstream := range h.Upstreams { - if upstream.LookupSRV == "" { - addr, err := caddy.ParseNetworkAddress(upstream.Dial) - if err != nil { - return err - } - - if addr.PortRangeSize() != 1 { - return fmt.Errorf("multiple addresses (upstream must map to only one address): %v", addr) - } - - upstream.networkAddress = addr - } // create or get the host representation for this upstream var host Host = new(upstreamHost) existingHost, loaded := hosts.LoadOrStore(upstream.String(), host) @@ -292,8 +278,6 @@ func (h *Handler) Provision(ctx caddy.Context) error { // then use it, otherwise use the port of upstream. if h.HealthChecks.Active.Port != 0 { upstream.activeHealthCheckPort = h.HealthChecks.Active.Port - } else { - upstream.activeHealthCheckPort = int(upstream.networkAddress.StartPort) } } From 385adf5d878939c381c7f73c771771d34523a1a7 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Tue, 13 Oct 2020 10:52:39 -0600 Subject: [PATCH 0209/1498] caddyhttp: Restore original request params before error handlers (#3781) * caddyhttp: Restore original request params before error handlers Fixes #3717 * Add comment --- modules/caddyhttp/server.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index 4f198e5d..aaec711c 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -209,6 +209,14 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { return } + // restore original request before invoking error handler chain (issue #3717) + // TODO: this does not restore original headers, if modified (for efficiency) + origReq := r.Context().Value(OriginalRequestCtxKey).(http.Request) + r.Method = origReq.Method + r.RemoteAddr = origReq.RemoteAddr + r.RequestURI = origReq.RequestURI + cloneURL(origReq.URL, r.URL) + // prepare the error log logger := errLog if s.Logs != nil { From 97caf368eea8d2c33a7786fbe3471b83b5b294dc Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 19 Oct 2020 10:44:46 -0600 Subject: [PATCH 0210/1498] readme: Add zerossl --- README.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 35cc89c2..694bd2f0 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,9 @@

Caddy +
+

a project

+

Every site on HTTPS

Caddy is an extensible server platform that uses TLS by default.

@@ -150,7 +153,9 @@ Please use our [issue tracker](https://github.com/caddyserver/caddy/issues) only ## About -**The name "Caddy" is trademarked.** The name of the software is "Caddy", not "Caddy Server" or "CaddyServer". Please call it "Caddy" or, if you wish to clarify, "the Caddy web server". Caddy is a registered trademark of Light Code Labs, LLC. +**The name "Caddy" is trademarked.** The name of the software is "Caddy", not "Caddy Server" or "CaddyServer". Please call it "Caddy" or, if you wish to clarify, "the Caddy web server". Caddy is a registered trademark of apilayer GmbH. - _Project on Twitter: [@caddyserver](https://twitter.com/caddyserver)_ - _Author on Twitter: [@mholt6](https://twitter.com/mholt6)_ + +Caddy is a project of [ZeroSSL](https://zerossl.com), an [apilayer](https://apilayer.com) company. \ No newline at end of file From b6686a54d8b21bedbf042caa4a6c09d78d345fc7 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 22 Oct 2020 12:40:23 -0600 Subject: [PATCH 0211/1498] httpcaddyfile: Improve AP logic with OnDemand We have users that have site blocks like *.*.tld with on-demand TLS enabled. While *.*.tld does not qualify for a publicly-trusted cert due to its wildcards, On-Demand TLS does not actually obtain a cert with those wildcards, since it uses the actual hostname on the handshake. This improves on that logic, but I am still not 100% satisfied with the result since I think we need to also check if another site block is more specific, like foo.example.tld, which might not have on-demand TLS enabled, and make sure an automation policy gets created before the more general policy with on-demand... --- caddyconfig/httpcaddyfile/tlsapp.go | 12 +++++++++++- modules/caddytls/tls.go | 24 ++++++++++++++++++++---- 2 files changed, 31 insertions(+), 5 deletions(-) diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index a721fee3..e7329571 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -213,7 +213,17 @@ func (st ServerType) buildTLSApp( if ap.Issuer == nil { var internal, external []string for _, s := range ap.Subjects { - if certmagic.SubjectQualifiesForPublicCert(s) { + if !certmagic.SubjectQualifiesForCert(s) { + return nil, warnings, fmt.Errorf("subject does not qualify for certificate: '%s'", s) + } + // we don't use certmagic.SubjectQualifiesForPublicCert() because of one nuance: + // names like *.*.tld that may not qualify for a public certificate are actually + // fine when used with OnDemand, since OnDemand (currently) does not obtain + // wildcards (if it ever does, there will be a separate config option to enable + // it that we would need to check here) since the hostname is known at handshake; + // and it is unexpected to switch to internal issuer when the user wants to get + // regular certificates on-demand for a class of certs like *.*.tld. + if !certmagic.SubjectIsIP(s) && !certmagic.SubjectIsInternal(s) && (strings.Count(s, "*.") < 2 || ap.OnDemand) { external = append(external, s) } else { internal = append(internal, s) diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go index 6a635d47..12d25adb 100644 --- a/modules/caddytls/tls.go +++ b/modules/caddytls/tls.go @@ -334,10 +334,26 @@ func (t *TLS) AddAutomationPolicy(ap *AutomationPolicy) error { if err != nil { return err } - for i, other := range t.Automation.Policies { - // if a catch-all policy (or really, any policy with - // fewer names) exists, prioritize this new policy - if len(other.Subjects) < len(ap.Subjects) { + // sort new automation policies just before any other which is a superset + // of this one; if we find an existing policy that covers every subject in + // ap but less specifically (e.g. a catch-all policy, or one with wildcards + // or with fewer subjects), insert ap just before it, otherwise ap would + // never be used because the first matching policy is more general + for i, existing := range t.Automation.Policies { + // first see if existing is superset of ap for all names + var otherIsSuperset bool + outer: + for _, thisSubj := range ap.Subjects { + for _, otherSubj := range existing.Subjects { + if certmagic.MatchWildcard(thisSubj, otherSubj) { + otherIsSuperset = true + break outer + } + } + } + // if existing AP is a superset or if it contains fewer names (i.e. is + // more general), then new AP is more specific, so insert before it + if otherIsSuperset || len(existing.Subjects) < len(ap.Subjects) { t.Automation.Policies = append(t.Automation.Policies[:i], append([]*AutomationPolicy{ap}, t.Automation.Policies[i:]...)...) return nil From b6e96d6f4a55f96ccbb69f112822f0a923942246 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 22 Oct 2020 12:42:06 -0600 Subject: [PATCH 0212/1498] go.mod: Update CertMagic --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 869c9866..76e7a779 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/Masterminds/sprig/v3 v3.1.0 github.com/alecthomas/chroma v0.8.0 github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a - github.com/caddyserver/certmagic v0.12.0 + github.com/caddyserver/certmagic v0.12.1-0.20201021150819-90d1550af48c github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-chi/chi v4.1.2+incompatible github.com/google/cel-go v0.5.1 diff --git a/go.sum b/go.sum index 5aeb6570..a18b0928 100644 --- a/go.sum +++ b/go.sum @@ -85,8 +85,8 @@ github.com/bombsimon/wsl/v2 v2.0.0/go.mod h1:mf25kr/SqFEPhhcxW1+7pxzGlW+hIl/hYTK github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= -github.com/caddyserver/certmagic v0.12.0 h1:1f7kxykaJkOVVpXJ8ZrC6RAO5F6+kKm9U7dBFbLNeug= -github.com/caddyserver/certmagic v0.12.0/go.mod h1:tr26xh+9fY5dN0J6IPAlMj07qpog22PJKa7Nw7j835U= +github.com/caddyserver/certmagic v0.12.1-0.20201021150819-90d1550af48c h1:IvUz1LXmHL2y3UVGbzmnvz5/2CA1rvurJA/AL4reKKI= +github.com/caddyserver/certmagic v0.12.1-0.20201021150819-90d1550af48c/go.mod h1:tr26xh+9fY5dN0J6IPAlMj07qpog22PJKa7Nw7j835U= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= From db4f1c02772dfd1f50bd745b322be1b60c72ac41 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Wed, 28 Oct 2020 20:36:00 -0600 Subject: [PATCH 0213/1498] httpcaddyfile: Revise automation policy generation (#3824) * httpcaddyfile: Revise automation policy generation This should fix a frustrating edge case where wildcard subjects are used, which potentially get shadowed by more specific versions of themselves; see the new tests for an example. This change is motivated by an actual customer requirement. Although all the tests pass, this logic is incredibly complex and nuanced, and I'm worried it is not correct. But it took me about 4 days to get this far on a solution. I did my best. * Fix typo --- caddyconfig/httpcaddyfile/tlsapp.go | 299 ++++++++++-------- caddyconfig/httpcaddyfile/tlsapp_test.go | 56 ++++ .../tls_automation_policies.txt | 80 +++++ 3 files changed, 303 insertions(+), 132 deletions(-) create mode 100644 caddyconfig/httpcaddyfile/tlsapp_test.go create mode 100644 caddytest/integration/caddyfile_adapt/tls_automation_policies.txt diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index e7329571..0ac862e0 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -76,30 +76,35 @@ func (st ServerType) buildTLSApp( } } + // a catch-all automation policy is used as a "default" for all subjects that + // don't have custom configuration explicitly associated with them; this + // is only to add if the global settings or defaults are non-empty catchAllAP, err := newBaseAutomationPolicy(options, warnings, false) if err != nil { return nil, warnings, err } + if catchAllAP != nil { + if tlsApp.Automation == nil { + tlsApp.Automation = new(caddytls.AutomationConfig) + } + tlsApp.Automation.Policies = append(tlsApp.Automation.Policies, catchAllAP) + } for _, p := range pairings { for _, sblock := range p.serverBlocks { // get values that populate an automation policy for this block - var ap *caddytls.AutomationPolicy + ap, err := newBaseAutomationPolicy(options, warnings, true) + if err != nil { + return nil, warnings, err + } sblockHosts := sblock.hostsFromKeys(false) - if len(sblockHosts) == 0 { + if len(sblockHosts) == 0 && catchAllAP != nil { ap = catchAllAP } // on-demand tls if _, ok := sblock.pile["tls.on_demand"]; ok { - if ap == nil { - var err error - ap, err = newBaseAutomationPolicy(options, warnings, true) - if err != nil { - return nil, warnings, err - } - } ap.OnDemand = true } @@ -107,13 +112,6 @@ func (st ServerType) buildTLSApp( if issuerVals, ok := sblock.pile["tls.cert_issuer"]; ok { for _, issuerVal := range issuerVals { issuer := issuerVal.Value.(certmagic.Issuer) - if ap == nil { - var err error - ap, err = newBaseAutomationPolicy(options, warnings, true) - if err != nil { - return nil, warnings, err - } - } if ap == catchAllAP && !reflect.DeepEqual(ap.Issuer, issuer) { return nil, warnings, fmt.Errorf("automation policy from site block is also default/catch-all policy because of key without hostname, and the two are in conflict: %#v != %#v", ap.Issuer, issuer) } @@ -123,15 +121,6 @@ func (st ServerType) buildTLSApp( // custom bind host for _, cfgVal := range sblock.pile["bind"] { - // either an existing issuer is already configured (and thus, ap is not - // nil), or we need to configure an issuer, so we need ap to be non-nil - if ap == nil { - ap, err = newBaseAutomationPolicy(options, warnings, true) - if err != nil { - return nil, warnings, err - } - } - // if an issuer was already configured and it is NOT an ACME // issuer, skip, since we intend to adjust only ACME issuers var acmeIssuer *caddytls.ACMEIssuer @@ -164,88 +153,75 @@ func (st ServerType) buildTLSApp( ap.Issuer = acmeIssuer // we'll encode it later } - if ap != nil { - if ap.Issuer != nil { - // encode issuer now that it's all set up - issuerName := ap.Issuer.(caddy.Module).CaddyModule().ID.Name() - ap.IssuerRaw = caddyconfig.JSONModuleObject(ap.Issuer, "module", issuerName, &warnings) + // first make sure this block is allowed to create an automation policy; + // doing so is forbidden if it has a key with no host (i.e. ":443") + // and if there is a different server block that also has a key with no + // host -- since a key with no host matches any host, we need its + // associated automation policy to have an empty Subjects list, i.e. no + // host filter, which is indistinguishable between the two server blocks + // because automation is not done in the context of a particular server... + // this is an example of a poor mapping from Caddyfile to JSON but that's + // the least-leaky abstraction I could figure out + if len(sblockHosts) == 0 { + if serverBlocksWithTLSHostlessKey > 1 { + // this server block and at least one other has a key with no host, + // making the two indistinguishable; it is misleading to define such + // a policy within one server block since it actually will apply to + // others as well + return nil, warnings, fmt.Errorf("cannot make a TLS automation policy from a server block that has a host-less address when there are other TLS-enabled server block addresses lacking a host") } + if catchAllAP == nil { + // this server block has a key with no hosts, but there is not yet + // a catch-all automation policy (probably because no global options + // were set), so this one becomes it + catchAllAP = ap + } + } - // first make sure this block is allowed to create an automation policy; - // doing so is forbidden if it has a key with no host (i.e. ":443") - // and if there is a different server block that also has a key with no - // host -- since a key with no host matches any host, we need its - // associated automation policy to have an empty Subjects list, i.e. no - // host filter, which is indistinguishable between the two server blocks - // because automation is not done in the context of a particular server... - // this is an example of a poor mapping from Caddyfile to JSON but that's - // the least-leaky abstraction I could figure out - if len(sblockHosts) == 0 { - if serverBlocksWithTLSHostlessKey > 1 { - // this server block and at least one other has a key with no host, - // making the two indistinguishable; it is misleading to define such - // a policy within one server block since it actually will apply to - // others as well - return nil, warnings, fmt.Errorf("cannot make a TLS automation policy from a server block that has a host-less address when there are other TLS-enabled server block addresses lacking a host") + // associate our new automation policy with this server block's hosts + ap.Subjects = sblockHosts + sort.Strings(ap.Subjects) // solely for deterministic test results + + // if a combination of public and internal names were given + // for this same server block and no issuer was specified, we + // need to separate them out in the automation policies so + // that the internal names can use the internal issuer and + // the other names can use the default/public/ACME issuer + var ap2 *caddytls.AutomationPolicy + if ap.Issuer == nil { + var internal, external []string + for _, s := range ap.Subjects { + if !certmagic.SubjectQualifiesForCert(s) { + return nil, warnings, fmt.Errorf("subject does not qualify for certificate: '%s'", s) } - if catchAllAP == nil { - // this server block has a key with no hosts, but there is not yet - // a catch-all automation policy (probably because no global options - // were set), so this one becomes it - catchAllAP = ap + // we don't use certmagic.SubjectQualifiesForPublicCert() because of one nuance: + // names like *.*.tld that may not qualify for a public certificate are actually + // fine when used with OnDemand, since OnDemand (currently) does not obtain + // wildcards (if it ever does, there will be a separate config option to enable + // it that we would need to check here) since the hostname is known at handshake; + // and it is unexpected to switch to internal issuer when the user wants to get + // regular certificates on-demand for a class of certs like *.*.tld. + if !certmagic.SubjectIsIP(s) && !certmagic.SubjectIsInternal(s) && (strings.Count(s, "*.") < 2 || ap.OnDemand) { + external = append(external, s) + } else { + internal = append(internal, s) } } - - // associate our new automation policy with this server block's hosts, - // unless, of course, the server block has a key with no hosts, in which - // case its automation policy becomes or blends with the default/global - // automation policy because, of necessity, it applies to all hostnames - // (i.e. it has no Subjects filter) -- in that case, we'll append it last - if ap != catchAllAP { - ap.Subjects = sblockHosts - - // if a combination of public and internal names were given - // for this same server block and no issuer was specified, we - // need to separate them out in the automation policies so - // that the internal names can use the internal issuer and - // the other names can use the default/public/ACME issuer - var ap2 *caddytls.AutomationPolicy - if ap.Issuer == nil { - var internal, external []string - for _, s := range ap.Subjects { - if !certmagic.SubjectQualifiesForCert(s) { - return nil, warnings, fmt.Errorf("subject does not qualify for certificate: '%s'", s) - } - // we don't use certmagic.SubjectQualifiesForPublicCert() because of one nuance: - // names like *.*.tld that may not qualify for a public certificate are actually - // fine when used with OnDemand, since OnDemand (currently) does not obtain - // wildcards (if it ever does, there will be a separate config option to enable - // it that we would need to check here) since the hostname is known at handshake; - // and it is unexpected to switch to internal issuer when the user wants to get - // regular certificates on-demand for a class of certs like *.*.tld. - if !certmagic.SubjectIsIP(s) && !certmagic.SubjectIsInternal(s) && (strings.Count(s, "*.") < 2 || ap.OnDemand) { - external = append(external, s) - } else { - internal = append(internal, s) - } - } - if len(external) > 0 && len(internal) > 0 { - ap.Subjects = external - apCopy := *ap - ap2 = &apCopy - ap2.Subjects = internal - ap2.IssuerRaw = caddyconfig.JSONModuleObject(caddytls.InternalIssuer{}, "module", "internal", &warnings) - } - } - if tlsApp.Automation == nil { - tlsApp.Automation = new(caddytls.AutomationConfig) - } - tlsApp.Automation.Policies = append(tlsApp.Automation.Policies, ap) - if ap2 != nil { - tlsApp.Automation.Policies = append(tlsApp.Automation.Policies, ap2) - } + if len(external) > 0 && len(internal) > 0 { + ap.Subjects = external + apCopy := *ap + ap2 = &apCopy + ap2.Subjects = internal + ap2.IssuerRaw = caddyconfig.JSONModuleObject(caddytls.InternalIssuer{}, "module", "internal", &warnings) } } + if tlsApp.Automation == nil { + tlsApp.Automation = new(caddytls.AutomationConfig) + } + tlsApp.Automation.Policies = append(tlsApp.Automation.Policies, ap) + if ap2 != nil { + tlsApp.Automation.Policies = append(tlsApp.Automation.Policies, ap2) + } // certificate loaders if clVals, ok := sblock.pile["tls.cert_loader"]; ok { @@ -319,23 +295,17 @@ func (st ServerType) buildTLSApp( tlsApp.Automation.Policies = append(tlsApp.Automation.Policies, internalAP) } - // if there is a global/catch-all automation policy, ensure it goes last - if catchAllAP != nil { - // first, encode its issuer, if there is one - if catchAllAP.Issuer != nil { - issuerName := catchAllAP.Issuer.(caddy.Module).CaddyModule().ID.Name() - catchAllAP.IssuerRaw = caddyconfig.JSONModuleObject(catchAllAP.Issuer, "module", issuerName, &warnings) - } - - // then append it to the end of the policies list - if tlsApp.Automation == nil { - tlsApp.Automation = new(caddytls.AutomationConfig) - } - tlsApp.Automation.Policies = append(tlsApp.Automation.Policies, catchAllAP) - } - - // do a little verification & cleanup + // finalize and verify policies; do cleanup if tlsApp.Automation != nil { + // encode any issuer values we created, so they will be rendered in the output + for _, ap := range tlsApp.Automation.Policies { + if ap.Issuer != nil && ap.IssuerRaw == nil { + // encode issuer now that it's all set up + issuerName := ap.Issuer.(caddy.Module).CaddyModule().ID.Name() + ap.IssuerRaw = caddyconfig.JSONModuleObject(ap.Issuer, "module", issuerName, &warnings) + } + } + // consolidate automation policies that are the exact same tlsApp.Automation.Policies = consolidateAutomationPolicies(tlsApp.Automation.Policies) @@ -351,6 +321,14 @@ func (st ServerType) buildTLSApp( automationHostSet[s] = struct{}{} } } + + // if nothing remains, remove any excess values to clean up the resulting config + if len(tlsApp.Automation.Policies) == 0 { + tlsApp.Automation.Policies = nil + } + if reflect.DeepEqual(tlsApp.Automation, new(caddytls.AutomationConfig)) { + tlsApp.Automation = nil + } } return tlsApp, warnings, nil @@ -448,12 +426,30 @@ func disambiguateACMEIssuer(acmeIssuer *caddytls.ACMEIssuer) certmagic.Issuer { // consolidateAutomationPolicies combines automation policies that are the same, // for a cleaner overall output. func consolidateAutomationPolicies(aps []*caddytls.AutomationPolicy) []*caddytls.AutomationPolicy { - for i := 0; i < len(aps); i++ { - for j := 0; j < len(aps); j++ { - if j == i { - continue - } + // sort from most specific to least specific; we depend on this ordering + sort.SliceStable(aps, func(i, j int) bool { + if automationPolicyIsSubset(aps[i], aps[j]) { + return true + } + if automationPolicyIsSubset(aps[j], aps[i]) { + return false + } + return len(aps[i].Subjects) > len(aps[j].Subjects) + }) + // remove any empty policies (except subjects, of course) + emptyAP := new(caddytls.AutomationPolicy) + for i := 0; i < len(aps); i++ { + emptyAP.Subjects = aps[i].Subjects + if reflect.DeepEqual(aps[i], emptyAP) { + aps = append(aps[:i], aps[i+1:]...) + i-- + } + } + + // remove or combine duplicate policies + for i := 0; i < len(aps); i++ { + for j := i + 1; j < len(aps); j++ { // if they're exactly equal in every way, just keep one of them if reflect.DeepEqual(aps[i], aps[j]) { aps = append(aps[:j], aps[j+1:]...) @@ -473,10 +469,17 @@ func consolidateAutomationPolicies(aps []*caddytls.AutomationPolicy) []*caddytls aps[i].KeyType == aps[j].KeyType && aps[i].OnDemand == aps[j].OnDemand && aps[i].RenewalWindowRatio == aps[j].RenewalWindowRatio { - if len(aps[i].Subjects) == 0 && len(aps[j].Subjects) > 0 { - aps = append(aps[:j], aps[j+1:]...) - } else if len(aps[i].Subjects) > 0 && len(aps[j].Subjects) == 0 { - aps = append(aps[:i], aps[i+1:]...) + if len(aps[i].Subjects) > 0 && len(aps[j].Subjects) == 0 { + // later policy (at j) has no subjects ("catch-all"), so we can + // remove the identical-but-more-specific policy that comes first + // AS LONG AS it is not shadowed by another policy before it; e.g. + // if policy i is for example.com, policy i+1 is '*.com', and policy + // j is catch-all, we cannot remove policy i because that would + // cause example.com to be served by the less specific policy for + // '*.com', which might be different (yes we've seen this happen) + if automationPolicyShadows(i, aps) >= j { + aps = append(aps[:i], aps[i+1:]...) + } } else { // avoid repeated subjects for _, subj := range aps[j].Subjects { @@ -486,16 +489,48 @@ func consolidateAutomationPolicies(aps []*caddytls.AutomationPolicy) []*caddytls } aps = append(aps[:j], aps[j+1:]...) } - i-- - break } } } - // ensure any catch-all policies go last - sort.SliceStable(aps, func(i, j int) bool { - return len(aps[i].Subjects) > len(aps[j].Subjects) - }) - return aps } + +// automationPolicyIsSubset returns true if a's subjects are a subset +// of b's subjects. +func automationPolicyIsSubset(a, b *caddytls.AutomationPolicy) bool { + if len(b.Subjects) == 0 { + return true + } + if len(a.Subjects) == 0 { + return false + } + for _, aSubj := range a.Subjects { + var inSuperset bool + for _, bSubj := range b.Subjects { + if certmagic.MatchWildcard(aSubj, bSubj) { + inSuperset = true + break + } + } + if !inSuperset { + return false + } + } + return true +} + +// automationPolicyShadows returns the index of a policy that aps[i] shadows; +// in other words, for all policies after position i, if that policy covers +// the same subjects but is less specific, that policy's position is returned, +// or -1 if no shadowing is found. For example, if policy i is for +// "foo.example.com" and policy i+2 is for "*.example.com", then i+2 will be +// returned, since that policy is shadowed by i, which is in front. +func automationPolicyShadows(i int, aps []*caddytls.AutomationPolicy) int { + for j := i + 1; j < len(aps); j++ { + if automationPolicyIsSubset(aps[i], aps[j]) { + return j + } + } + return -1 +} diff --git a/caddyconfig/httpcaddyfile/tlsapp_test.go b/caddyconfig/httpcaddyfile/tlsapp_test.go new file mode 100644 index 00000000..1925e026 --- /dev/null +++ b/caddyconfig/httpcaddyfile/tlsapp_test.go @@ -0,0 +1,56 @@ +package httpcaddyfile + +import ( + "testing" + + "github.com/caddyserver/caddy/v2/modules/caddytls" +) + +func TestAutomationPolicyIsSubset(t *testing.T) { + for i, test := range []struct { + a, b []string + expect bool + }{ + { + a: []string{"example.com"}, + b: []string{}, + expect: true, + }, + { + a: []string{}, + b: []string{"example.com"}, + expect: false, + }, + { + a: []string{"foo.example.com"}, + b: []string{"*.example.com"}, + expect: true, + }, + { + a: []string{"foo.example.com"}, + b: []string{"foo.example.com"}, + expect: true, + }, + { + a: []string{"foo.example.com"}, + b: []string{"example.com"}, + expect: false, + }, + { + a: []string{"example.com", "foo.example.com"}, + b: []string{"*.com", "*.*.com"}, + expect: true, + }, + { + a: []string{"example.com", "foo.example.com"}, + b: []string{"*.com"}, + expect: false, + }, + } { + apA := &caddytls.AutomationPolicy{Subjects: test.a} + apB := &caddytls.AutomationPolicy{Subjects: test.b} + if actual := automationPolicyIsSubset(apA, apB); actual != test.expect { + t.Errorf("Test %d: Expected %t but got %t (A: %v B: %v)", i, test.expect, actual, test.a, test.b) + } + } +} diff --git a/caddytest/integration/caddyfile_adapt/tls_automation_policies.txt b/caddytest/integration/caddyfile_adapt/tls_automation_policies.txt new file mode 100644 index 00000000..0a90e4a1 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/tls_automation_policies.txt @@ -0,0 +1,80 @@ +{ + local_certs +} + +*.tld, *.*.tld { + tls { + on_demand + } +} + +foo.tld, www.foo.tld { +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "foo.tld", + "www.foo.tld" + ] + } + ], + "terminal": true + }, + { + "match": [ + { + "host": [ + "*.tld", + "*.*.tld" + ] + } + ], + "terminal": true + } + ] + } + } + }, + "tls": { + "automation": { + "policies": [ + { + "subjects": [ + "foo.tld", + "www.foo.tld" + ], + "issuer": { + "module": "internal" + } + }, + { + "subjects": [ + "*.*.tld", + "*.tld" + ], + "issuer": { + "module": "internal" + }, + "on_demand": true + }, + { + "issuer": { + "module": "internal" + } + } + ] + } + } + } +} \ No newline at end of file From c9fdff9976da38c650a51cd3fb4f2667853ff627 Mon Sep 17 00:00:00 2001 From: Jason McCallister Date: Thu, 29 Oct 2020 15:51:42 -0400 Subject: [PATCH 0214/1498] reverseproxy: caddyfile: Don't add port if upstream has placeholder (#3819) * check if the host is a placeholder * Update modules/caddyhttp/reverseproxy/caddyfile.go Co-authored-by: Matt Holt --- modules/caddyhttp/reverseproxy/caddyfile.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index fcaf82b9..193487a0 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -155,7 +155,9 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { if err != nil { host = upstreamAddr } - if port == "" { + // we can assume a port if only a hostname is specified, but use of a + // placeholder without a port likely means a port will be filled in + if port == "" && !strings.Contains(host, "{") { port = "80" } } From b66099379d065ec3340cbe147f65dcf0a39e8e52 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Fri, 30 Oct 2020 14:05:21 -0400 Subject: [PATCH 0215/1498] reverseproxy: Add max_idle_conns_per_host; fix godocs (#3829) --- ...roxy_h2c.txt => reverse_proxy_options.txt} | 8 +++++- modules/caddyhttp/reverseproxy/caddyfile.go | 28 ++++++++++++++++++- .../caddyhttp/reverseproxy/httptransport.go | 4 +++ 3 files changed, 38 insertions(+), 2 deletions(-) rename caddytest/integration/caddyfile_adapt/{reverse_proxy_h2c.txt => reverse_proxy_options.txt} (93%) diff --git a/caddytest/integration/caddyfile_adapt/reverse_proxy_h2c.txt b/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt similarity index 93% rename from caddytest/integration/caddyfile_adapt/reverse_proxy_h2c.txt rename to caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt index 9f3bc93f..423bd8fd 100644 --- a/caddytest/integration/caddyfile_adapt/reverse_proxy_h2c.txt +++ b/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt @@ -6,11 +6,15 @@ https://example.com { header_up X-Forwarded-For {remote} header_up X-Forwarded-Port {server_port} header_up X-Forwarded-Proto "http" + + buffer_requests + transport http { versions h2c 2 compression off + max_conns_per_host 5 + max_idle_conns_per_host 2 } - buffer_requests } } @@ -64,6 +68,8 @@ https://example.com { }, "transport": { "compression": false, + "max_conns_per_host": 5, + "max_idle_conns_per_host": 2, "protocol": "http", "versions": [ "h2c", diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index 193487a0..7fa118c2 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -72,6 +72,7 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) // // # streaming // flush_interval +// buffer_requests // // # header manipulation // header_up [+|-] [ []] @@ -588,13 +589,18 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { // read_buffer // write_buffer // dial_timeout -// tls_client_auth +// tls +// tls_client_auth | // tls_insecure_skip_verify // tls_timeout // tls_trusted_ca_certs +// tls_server_name // keepalive [off|] // keepalive_idle_conns // versions +// compression off +// max_conns_per_host +// max_idle_conns_per_host // } // func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { @@ -738,6 +744,26 @@ func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { } } + case "max_conns_per_host": + if !d.NextArg() { + return d.ArgErr() + } + num, err := strconv.Atoi(d.Val()) + if err != nil { + return d.Errf("bad integer value '%s': %v", d.Val(), err) + } + h.MaxConnsPerHost = num + + case "max_idle_conns_per_host": + if !d.NextArg() { + return d.ArgErr() + } + num, err := strconv.Atoi(d.Val()) + if err != nil { + return d.Errf("bad integer value '%s': %v", d.Val(), err) + } + h.MaxIdleConnsPerHost = num + default: return d.Errf("unrecognized subdirective %s", d.Val()) } diff --git a/modules/caddyhttp/reverseproxy/httptransport.go b/modules/caddyhttp/reverseproxy/httptransport.go index dce7b9e8..d2a99516 100644 --- a/modules/caddyhttp/reverseproxy/httptransport.go +++ b/modules/caddyhttp/reverseproxy/httptransport.go @@ -62,6 +62,9 @@ type HTTPTransport struct { // Maximum number of connections per host. Default: 0 (no limit) MaxConnsPerHost int `json:"max_conns_per_host,omitempty"` + // Maximum number of idle connections per host. Default: 0 (uses Go's default of 2) + MaxIdleConnsPerHost int `json:"max_idle_conns_per_host,omitempty"` + // How long to wait before timing out trying to connect to // an upstream. DialTimeout caddy.Duration `json:"dial_timeout,omitempty"` @@ -193,6 +196,7 @@ func (h *HTTPTransport) NewTransport(ctx caddy.Context) (*http.Transport, error) return conn, nil }, MaxConnsPerHost: h.MaxConnsPerHost, + MaxIdleConnsPerHost: h.MaxIdleConnsPerHost, ResponseHeaderTimeout: time.Duration(h.ResponseHeaderTimeout), ExpectContinueTimeout: time.Duration(h.ExpectContinueTimeout), MaxResponseHeaderBytes: h.MaxResponseHeaderSize, From 966d5e6b42fc6da3da8bd39dd6ceceb8f1da3999 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Sat, 31 Oct 2020 12:27:01 -0400 Subject: [PATCH 0216/1498] caddyhttp: Merge header matchers in Caddyfile (#3832) --- .../caddyfile_adapt/matcher_syntax.txt | 28 +++++++++++++++++++ modules/caddyhttp/matchers.go | 11 +++++++- 2 files changed, 38 insertions(+), 1 deletion(-) diff --git a/caddytest/integration/caddyfile_adapt/matcher_syntax.txt b/caddytest/integration/caddyfile_adapt/matcher_syntax.txt index 53ec0232..55c06ea0 100644 --- a/caddytest/integration/caddyfile_adapt/matcher_syntax.txt +++ b/caddytest/integration/caddyfile_adapt/matcher_syntax.txt @@ -18,6 +18,13 @@ @matcher6 vars_regexp "{http.request.uri}" `\.([a-f0-9]{6})\.(css|js)$` respond @matcher6 "from vars_regexp matcher without name" + + @matcher7 { + header Foo bar + header Foo foobar + header Bar foo + } + respond @matcher7 "header matcher merging values of the same field" } ---------- { @@ -127,6 +134,27 @@ "handler": "static_response" } ] + }, + { + "match": [ + { + "header": { + "Bar": [ + "foo" + ], + "Foo": [ + "bar", + "foobar" + ] + } + } + ], + "handle": [ + { + "body": "header matcher merging values of the same field", + "handler": "static_response" + } + ] } ] } diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index a8320242..cbb62538 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -408,7 +408,16 @@ func (m *MatchHeader) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { if !d.Args(&field, &val) { return d.Errf("malformed header matcher: expected both field and value") } - http.Header(*m).Set(field, val) + + // If multiple header matchers with the same header field are defined, + // we want to add the existing to the list of headers (will be OR'ed) + existing := http.Header(*m).Values(field) + if len(existing) > 0 { + http.Header(*m).Add(field, val) + } else { + http.Header(*m).Set(field, val) + } + if d.NextBlock(0) { return d.Err("malformed header matcher: blocks are not supported") } From 937ec342010894f7a6239883b10f6a107ff82c9f Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Sat, 31 Oct 2020 10:51:05 -0600 Subject: [PATCH 0217/1498] caddyauth: Prevent user enumeration by timing Always follow the code path of hashing and comparing a plaintext password even if the account is not found by the given username; this ensures that similar CPU cycles are spent for both valid and invalid usernames. Thanks to @tylerlm for helping and looking into this! --- modules/caddyhttp/caddyauth/basicauth.go | 36 ++++++++++++++++++++++-- modules/caddyhttp/caddyauth/command.go | 6 ++-- modules/caddyhttp/caddyauth/hashes.go | 12 ++++++++ 3 files changed, 47 insertions(+), 7 deletions(-) diff --git a/modules/caddyhttp/caddyauth/basicauth.go b/modules/caddyhttp/caddyauth/basicauth.go index 92e1683a..d9557730 100644 --- a/modules/caddyhttp/caddyauth/basicauth.go +++ b/modules/caddyhttp/caddyauth/basicauth.go @@ -52,11 +52,19 @@ type HTTPBasicAuth struct { // memory for a longer time (this should not be a problem // as long as your machine is not compromised, at which point // all bets are off, since basicauth necessitates plaintext - // passwords being received over the wire anyway). + // passwords being received over the wire anyway). Note that + // a cache hit does not mean it is a valid password. HashCache *Cache `json:"hash_cache,omitempty"` Accounts map[string]Account `json:"-"` Hash Comparer `json:"-"` + + // fakePassword is used when a given user is not found, + // so that timing side-channels can be mitigated: it gives + // us something to hash and compare even if the user does + // not exist, which should have similar timing as a user + // account that does exist. + fakePassword []byte } // CaddyModule returns the Caddy module information. @@ -84,6 +92,14 @@ func (hba *HTTPBasicAuth) Provision(ctx caddy.Context) error { return fmt.Errorf("hash is required") } + // if supported, generate a fake password we can compare against if needed + if hasher, ok := hba.Hash.(Hasher); ok { + hba.fakePassword, err = hasher.Hash([]byte("antitiming"), []byte("fakesalt")) + if err != nil { + return fmt.Errorf("generating anti-timing password hash: %v", err) + } + } + repl := caddy.NewReplacer() // load account list @@ -132,8 +148,12 @@ func (hba HTTPBasicAuth) Authenticate(w http.ResponseWriter, req *http.Request) } account, accountExists := hba.Accounts[username] - // don't return early if account does not exist; we want - // to try to avoid side-channels that leak existence + if !accountExists { + // don't return early if account does not exist; we want + // to try to avoid side-channels that leak existence, so + // we use a fake password to simulate realistic CPU cycles + account.password = hba.fakePassword + } same, err := hba.correctPassword(account, []byte(plaintextPasswordStr)) if err != nil { @@ -249,6 +269,16 @@ type Comparer interface { Compare(hashedPassword, plaintextPassword, salt []byte) (bool, error) } +// Hasher is a type that can generate a secure hash +// given a plaintext and optional salt (for algorithms +// that require a salt). Hashing modules which implement +// this interface can be used with the hash-password +// subcommand as well as benefitting from anti-timing +// features. +type Hasher interface { + Hash(plaintext, salt []byte) ([]byte, error) +} + // Account contains a username, password, and salt (if applicable). type Account struct { // A user's username. diff --git a/modules/caddyhttp/caddyauth/command.go b/modules/caddyhttp/caddyauth/command.go index a0e971ed..f445f67d 100644 --- a/modules/caddyhttp/caddyauth/command.go +++ b/modules/caddyhttp/caddyauth/command.go @@ -25,8 +25,6 @@ import ( "github.com/caddyserver/caddy/v2" caddycmd "github.com/caddyserver/caddy/v2/cmd" - "golang.org/x/crypto/bcrypt" - "golang.org/x/crypto/scrypt" "golang.org/x/crypto/ssh/terminal" ) @@ -116,11 +114,11 @@ func cmdHashPassword(fs caddycmd.Flags) (int, error) { var hash []byte switch algorithm { case "bcrypt": - hash, err = bcrypt.GenerateFromPassword(plaintext, 14) + hash, err = BcryptHash{}.Hash(plaintext, nil) case "scrypt": def := ScryptHash{} def.SetDefaults() - hash, err = scrypt.Key(plaintext, salt, def.N, def.R, def.P, def.KeyLength) + hash, err = def.Hash(plaintext, salt) default: return caddy.ExitCodeFailedStartup, fmt.Errorf("unrecognized hash algorithm: %s", algorithm) } diff --git a/modules/caddyhttp/caddyauth/hashes.go b/modules/caddyhttp/caddyauth/hashes.go index 5a3173eb..63bfe1be 100644 --- a/modules/caddyhttp/caddyauth/hashes.go +++ b/modules/caddyhttp/caddyauth/hashes.go @@ -50,6 +50,11 @@ func (BcryptHash) Compare(hashed, plaintext, _ []byte) (bool, error) { return true, nil } +// Hash hashes plaintext using a random salt. +func (BcryptHash) Hash(plaintext, _ []byte) ([]byte, error) { + return bcrypt.GenerateFromPassword(plaintext, 14) +} + // ScryptHash implements the scrypt KDF as a hash. type ScryptHash struct { // scrypt's N parameter. If unset or 0, a safe default is used. @@ -113,6 +118,11 @@ func (s ScryptHash) Compare(hashed, plaintext, salt []byte) (bool, error) { return false, nil } +// Hash hashes plaintext using the given salt. +func (s ScryptHash) Hash(plaintext, salt []byte) ([]byte, error) { + return scrypt.Key(plaintext, salt, s.N, s.R, s.P, s.KeyLength) +} + func hashesMatch(pwdHash1, pwdHash2 []byte) bool { return subtle.ConstantTimeCompare(pwdHash1, pwdHash2) == 1 } @@ -121,5 +131,7 @@ func hashesMatch(pwdHash1, pwdHash2 []byte) bool { var ( _ Comparer = (*BcryptHash)(nil) _ Comparer = (*ScryptHash)(nil) + _ Hasher = (*BcryptHash)(nil) + _ Hasher = (*ScryptHash)(nil) _ caddy.Provisioner = (*ScryptHash)(nil) ) From 8d038ca515ffaa4d37dca05a95181203b2db64e7 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Mon, 2 Nov 2020 14:20:12 -0700 Subject: [PATCH 0218/1498] fileserver: Improve and clarify file hiding logic (#3844) * fileserver: Improve and clarify file hiding logic * Oops, forgot to run integration tests * Make this one integration test OS-agnostic * See if this appeases the Windows gods * D'oh --- ...sort_directives_with_any_matcher_first.txt | 16 ++-- modules/caddyhttp/fileserver/caddyfile.go | 8 ++ modules/caddyhttp/fileserver/matcher.go | 3 +- modules/caddyhttp/fileserver/staticfiles.go | 81 ++++++++++++++----- .../caddyhttp/fileserver/staticfiles_test.go | 50 ++++++++++-- 5 files changed, 119 insertions(+), 39 deletions(-) diff --git a/caddytest/integration/caddyfile_adapt/sort_directives_with_any_matcher_first.txt b/caddytest/integration/caddyfile_adapt/sort_directives_with_any_matcher_first.txt index d15f56bf..6203a89c 100644 --- a/caddytest/integration/caddyfile_adapt/sort_directives_with_any_matcher_first.txt +++ b/caddytest/integration/caddyfile_adapt/sort_directives_with_any_matcher_first.txt @@ -1,9 +1,9 @@ :80 -file_server +respond 200 @untrusted not remote_ip 10.1.1.0/24 -file_server @untrusted +respond @untrusted 401 ---------- { "apps": { @@ -30,20 +30,16 @@ file_server @untrusted ], "handle": [ { - "handler": "file_server", - "hide": [ - "Caddyfile" - ] + "handler": "static_response", + "status_code": 401 } ] }, { "handle": [ { - "handler": "file_server", - "hide": [ - "Caddyfile" - ] + "handler": "static_response", + "status_code": 200 } ] } diff --git a/modules/caddyhttp/fileserver/caddyfile.go b/modules/caddyhttp/fileserver/caddyfile.go index 9b458b2f..3acbfa94 100644 --- a/modules/caddyhttp/fileserver/caddyfile.go +++ b/modules/caddyhttp/fileserver/caddyfile.go @@ -15,6 +15,7 @@ package fileserver import ( + "path/filepath" "strings" "github.com/caddyserver/caddy/v2" @@ -85,7 +86,14 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) // hide the Caddyfile (and any imported Caddyfiles) if configFiles := h.Caddyfiles(); len(configFiles) > 0 { for _, file := range configFiles { + file = filepath.Clean(file) if !fileHidden(file, fsrv.Hide) { + // if there's no path separator, the file server module will hide all + // files by that name, rather than a specific one; but we want to hide + // only this specific file, so ensure there's always a path separator + if !strings.Contains(file, separator) { + file = "." + separator + file + } fsrv.Hide = append(fsrv.Hide, file) } } diff --git a/modules/caddyhttp/fileserver/matcher.go b/modules/caddyhttp/fileserver/matcher.go index 475a9ee1..c103b033 100644 --- a/modules/caddyhttp/fileserver/matcher.go +++ b/modules/caddyhttp/fileserver/matcher.go @@ -19,7 +19,6 @@ import ( "net/http" "os" "path" - "path/filepath" "strings" "time" @@ -286,7 +285,7 @@ func strictFileExists(file string) (os.FileInfo, bool) { // https://stackoverflow.com/a/12518877/1048862 return nil, false } - if strings.HasSuffix(file, string(filepath.Separator)) { + if strings.HasSuffix(file, separator) { // by convention, file paths ending // in a path separator must be a directory return stat, stat.IsDir() diff --git a/modules/caddyhttp/fileserver/staticfiles.go b/modules/caddyhttp/fileserver/staticfiles.go index 2a7e0138..b9f2b23d 100644 --- a/modules/caddyhttp/fileserver/staticfiles.go +++ b/modules/caddyhttp/fileserver/staticfiles.go @@ -46,7 +46,20 @@ type FileServer struct { Root string `json:"root,omitempty"` // A list of files or folders to hide; the file server will pretend as if - // they don't exist. Accepts globular patterns like "*.hidden" or "/foo/*/bar". + // they don't exist. Accepts globular patterns like "*.ext" or "/foo/*/bar" + // as well as placeholders. Because site roots can be dynamic, this list + // uses file system paths, not request paths. To clarify, the base of + // relative paths is the current working directory, NOT the site root. + // + // Entries without a path separator (`/` or `\` depending on OS) will match + // any file or directory of that name regardless of its path. To hide only a + // specific file with a name that may not be unique, always use a path + // separator. For example, to hide all files or folder trees named "hidden", + // put "hidden" in the list. To hide only ./hidden, put "./hidden" in the list. + // + // When possible, all paths are resolved to their absolute form before + // comparisons are made. For maximum clarity and explictness, use complete, + // absolute paths; or, for greater portability, use relative paths instead. Hide []string `json:"hide,omitempty"` // The names of files to try as index files if a folder is requested. @@ -101,6 +114,16 @@ func (fsrv *FileServer) Provision(ctx caddy.Context) error { fsrv.Browse.template = tpl } + // for hide paths that are static (i.e. no placeholders), we can transform them into + // absolute paths before the server starts for very slight performance improvement + for i, h := range fsrv.Hide { + if !strings.Contains(h, "{") && strings.Contains(h, separator) { + if abs, err := filepath.Abs(h); err == nil { + fsrv.Hide[i] = abs + } + } + } + return nil } @@ -225,7 +248,7 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c } } w.WriteHeader(statusCode) - if r.Method != "HEAD" { + if r.Method != http.MethodHead { io.Copy(w, file) } return nil @@ -273,12 +296,12 @@ func mapDirOpenError(originalErr error, name string) error { return originalErr } - parts := strings.Split(name, string(filepath.Separator)) + parts := strings.Split(name, separator) for i := range parts { if parts[i] == "" { continue } - fi, err := os.Stat(strings.Join(parts[:i+1], string(filepath.Separator))) + fi, err := os.Stat(strings.Join(parts[:i+1], separator)) if err != nil { return originalErr } @@ -290,12 +313,19 @@ func mapDirOpenError(originalErr error, name string) error { return originalErr } -// transformHidePaths performs replacements for all the elements of -// fsrv.Hide and returns a new list of the transformed values. +// transformHidePaths performs replacements for all the elements of fsrv.Hide and +// makes them absolute paths (if they contain a path separator), then returns a +// new list of the transformed values. func (fsrv *FileServer) transformHidePaths(repl *caddy.Replacer) []string { hide := make([]string, len(fsrv.Hide)) for i := range fsrv.Hide { hide[i] = repl.ReplaceAll(fsrv.Hide[i], "") + if strings.Contains(hide[i], separator) { + abs, err := filepath.Abs(hide[i]) + if err == nil { + hide[i] = abs + } + } } return hide } @@ -330,40 +360,50 @@ func sanitizedPathJoin(root, reqPath string) string { // if the length is 1, then it's a path to the root, // and that should return ".", so we don't append the separator. if strings.HasSuffix(reqPath, "/") && len(reqPath) > 1 { - path += string(filepath.Separator) + path += separator } return path } -// fileHidden returns true if filename is hidden -// according to the hide list. +// fileHidden returns true if filename is hidden according to the hide list. +// filename must be a relative or absolute file system path, not a request +// URI path. It is expected that all the paths in the hide list are absolute +// paths or are singular filenames (without a path separator). func fileHidden(filename string, hide []string) bool { - sep := string(filepath.Separator) + if len(hide) == 0 { + return false + } + + // all path comparisons use the complete absolute path if possible + filenameAbs, err := filepath.Abs(filename) + if err == nil { + filename = filenameAbs + } + var components []string for _, h := range hide { - if !strings.Contains(h, sep) { + if !strings.Contains(h, separator) { // if there is no separator in h, then we assume the user // wants to hide any files or folders that match that // name; thus we have to compare against each component // of the filename, e.g. hiding "bar" would hide "/bar" // as well as "/foo/bar/baz" but not "/barstool". if len(components) == 0 { - components = strings.Split(filename, sep) + components = strings.Split(filename, separator) } for _, c := range components { - if c == h { + if hidden, _ := filepath.Match(h, c); hidden { return true } } } else if strings.HasPrefix(filename, h) { - // otherwise, if there is a separator in h, and - // filename is exactly prefixed with h, then we - // can do a prefix match so that "/foo" matches - // "/foo/bar" but not "/foobar". + // if there is a separator in h, and filename is exactly + // prefixed with h, then we can do a prefix match so that + // "/foo" matches "/foo/bar" but not "/foobar". withoutPrefix := strings.TrimPrefix(filename, h) - if strings.HasPrefix(withoutPrefix, sep) { + if strings.HasPrefix(withoutPrefix, separator) { return true } } @@ -414,7 +454,10 @@ var bufPool = sync.Pool{ }, } -const minBackoff, maxBackoff = 2, 5 +const ( + minBackoff, maxBackoff = 2, 5 + separator = string(filepath.Separator) +) // Interface guards var ( diff --git a/modules/caddyhttp/fileserver/staticfiles_test.go b/modules/caddyhttp/fileserver/staticfiles_test.go index 1bbd77b2..690f46ac 100644 --- a/modules/caddyhttp/fileserver/staticfiles_test.go +++ b/modules/caddyhttp/fileserver/staticfiles_test.go @@ -17,6 +17,8 @@ package fileserver import ( "net/url" "path/filepath" + "runtime" + "strings" "testing" ) @@ -44,7 +46,7 @@ func TestSanitizedPathJoin(t *testing.T) { }, { inputPath: "/foo/", - expect: "foo" + string(filepath.Separator), + expect: "foo" + separator, }, { inputPath: "/foo/bar", @@ -77,7 +79,7 @@ func TestSanitizedPathJoin(t *testing.T) { { inputRoot: "/a/b", inputPath: "/%2e%2e%2f%2e%2e%2f", - expect: filepath.Join("/", "a", "b") + string(filepath.Separator), + expect: filepath.Join("/", "a", "b") + separator, }, { inputRoot: "C:\\www", @@ -154,6 +156,26 @@ func TestFileHidden(t *testing.T) { inputPath: "/foo/asdf/bar", expect: true, }, + { + inputHide: []string{"*.txt"}, + inputPath: "/foo/bar.txt", + expect: true, + }, + { + inputHide: []string{"/foo/bar/*.txt"}, + inputPath: "/foo/bar/baz.txt", + expect: true, + }, + { + inputHide: []string{"/foo/bar/*.txt"}, + inputPath: "/foo/bar.txt", + expect: false, + }, + { + inputHide: []string{"/foo/bar/*.txt"}, + inputPath: "/foo/bar/index.html", + expect: false, + }, { inputHide: []string{"/foo"}, inputPath: "/foo", @@ -164,17 +186,29 @@ func TestFileHidden(t *testing.T) { inputPath: "/foobar", expect: false, }, + { + inputHide: []string{"first", "second"}, + inputPath: "/second", + expect: true, + }, } { - // for Windows' sake - tc.inputPath = filepath.FromSlash(tc.inputPath) - for i := range tc.inputHide { - tc.inputHide[i] = filepath.FromSlash(tc.inputHide[i]) + if runtime.GOOS == "windows" { + if strings.HasPrefix(tc.inputPath, "/") { + tc.inputPath, _ = filepath.Abs(tc.inputPath) + } + tc.inputPath = filepath.FromSlash(tc.inputPath) + for i := range tc.inputHide { + if strings.HasPrefix(tc.inputHide[i], "/") { + tc.inputHide[i], _ = filepath.Abs(tc.inputHide[i]) + } + tc.inputHide[i] = filepath.FromSlash(tc.inputHide[i]) + } } actual := fileHidden(tc.inputPath, tc.inputHide) if actual != tc.expect { - t.Errorf("Test %d: Is %s hidden in %v? Got %t but expected %t", - i, tc.inputPath, tc.inputHide, actual, tc.expect) + t.Errorf("Test %d: Does %v hide %s? Got %t but expected %t", + i, tc.inputHide, tc.inputPath, actual, tc.expect) } } } From 860cc6adfe6a5022baf5fd387e0d10c5e3a174fe Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 2 Nov 2020 16:59:02 -0500 Subject: [PATCH 0219/1498] reverseproxy: Wire up some http transport options in Caddyfile (#3843) --- .../caddyfile_adapt/reverse_proxy_options.txt | 17 ++++++- modules/caddyhttp/reverseproxy/caddyfile.go | 50 +++++++++++++++++-- 2 files changed, 63 insertions(+), 4 deletions(-) diff --git a/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt b/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt index 423bd8fd..f9b0010a 100644 --- a/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt +++ b/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt @@ -10,6 +10,14 @@ https://example.com { buffer_requests transport http { + read_buffer 10MB + write_buffer 20MB + max_response_header 30MB + dial_timeout 3s + dial_fallback_delay 5s + response_header_timeout 8s + expect_continue_timeout 9s + versions h2c 2 compression off max_conns_per_host 5 @@ -68,13 +76,20 @@ https://example.com { }, "transport": { "compression": false, + "dial_fallback_delay": 5000000000, + "dial_timeout": 3000000000, + "expect_continue_timeout": 9000000000, "max_conns_per_host": 5, "max_idle_conns_per_host": 2, + "max_response_header_size": 30000000, "protocol": "http", + "read_buffer_size": 10000000, + "response_header_timeout": 8000000000, "versions": [ "h2c", "2" - ] + ], + "write_buffer_size": 20000000 }, "upstreams": [ { diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index 7fa118c2..c5f8e17e 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -586,9 +586,13 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { // UnmarshalCaddyfile deserializes Caddyfile tokens into h. // // transport http { -// read_buffer -// write_buffer -// dial_timeout +// read_buffer +// write_buffer +// max_response_header +// dial_timeout +// dial_fallback_delay +// response_header_timeout +// expect_continue_timeout // tls // tls_client_auth | // tls_insecure_skip_verify @@ -627,6 +631,16 @@ func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { } h.WriteBufferSize = int(size) + case "max_response_header": + if !d.NextArg() { + return d.ArgErr() + } + size, err := humanize.ParseBytes(d.Val()) + if err != nil { + return d.Errf("invalid max response header size '%s': %v", d.Val(), err) + } + h.MaxResponseHeaderSize = int64(size) + case "dial_timeout": if !d.NextArg() { return d.ArgErr() @@ -637,6 +651,36 @@ func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { } h.DialTimeout = caddy.Duration(dur) + case "dial_fallback_delay": + if !d.NextArg() { + return d.ArgErr() + } + dur, err := caddy.ParseDuration(d.Val()) + if err != nil { + return d.Errf("bad fallback delay value '%s': %v", d.Val(), err) + } + h.FallbackDelay = caddy.Duration(dur) + + case "response_header_timeout": + if !d.NextArg() { + return d.ArgErr() + } + dur, err := caddy.ParseDuration(d.Val()) + if err != nil { + return d.Errf("bad timeout value '%s': %v", d.Val(), err) + } + h.ResponseHeaderTimeout = caddy.Duration(dur) + + case "expect_continue_timeout": + if !d.NextArg() { + return d.ArgErr() + } + dur, err := caddy.ParseDuration(d.Val()) + if err != nil { + return d.Errf("bad timeout value '%s': %v", d.Val(), err) + } + h.ExpectContinueTimeout = caddy.Duration(dur) + case "tls_client_auth": if h.TLS == nil { h.TLS = new(TLSConfig) From eda9a1b377effed349f2e818a3ce71c3c8df6173 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 2 Nov 2020 17:11:17 -0500 Subject: [PATCH 0220/1498] fastcgi: Add timeouts support to Caddyfile adapter (#3842) * fastcgi: Add timeouts support to Caddyfile adapter * fastcgi: Use tabs instead of spaces --- .../caddyfile_adapt/php_fastcgi_index_off.txt | 26 ++++--- .../reverseproxy/fastcgi/caddyfile.go | 72 +++++++++++++++++++ 2 files changed, 88 insertions(+), 10 deletions(-) diff --git a/caddytest/integration/caddyfile_adapt/php_fastcgi_index_off.txt b/caddytest/integration/caddyfile_adapt/php_fastcgi_index_off.txt index 6d939b4d..5ebdbd2e 100644 --- a/caddytest/integration/caddyfile_adapt/php_fastcgi_index_off.txt +++ b/caddytest/integration/caddyfile_adapt/php_fastcgi_index_off.txt @@ -1,15 +1,18 @@ :8884 php_fastcgi localhost:9000 { - # some php_fastcgi-specific subdirectives - split .php .php5 - env VAR1 value1 - env VAR2 value2 - root /var/www - index off + # some php_fastcgi-specific subdirectives + split .php .php5 + env VAR1 value1 + env VAR2 value2 + root /var/www + index off + dial_timeout 3s + read_timeout 10s + write_timeout 20s - # passed through to reverse_proxy (directive order doesn't matter!) - lb_policy random + # passed through to reverse_proxy (directive order doesn't matter!) + lb_policy random } ---------- { @@ -39,16 +42,19 @@ php_fastcgi localhost:9000 { } }, "transport": { + "dial_timeout": 3000000000, "env": { "VAR1": "value1", "VAR2": "value2" }, "protocol": "fastcgi", + "read_timeout": 10000000000, "root": "/var/www", "split_path": [ ".php", ".php5" - ] + ], + "write_timeout": 20000000000 }, "upstreams": [ { @@ -63,4 +69,4 @@ php_fastcgi localhost:9000 { } } } -} \ No newline at end of file +} diff --git a/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go b/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go index 8228439f..4d0b23b2 100644 --- a/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go @@ -40,6 +40,9 @@ func init() { // split // env // resolve_root_symlink +// dial_timeout +// read_timeout +// write_timeout // } // func (t *Transport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { @@ -69,8 +72,41 @@ func (t *Transport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { t.EnvVars[args[0]] = args[1] case "resolve_root_symlink": + if d.NextArg() { + return d.ArgErr() + } t.ResolveRootSymlink = true + case "dial_timeout": + if !d.NextArg() { + return d.ArgErr() + } + dur, err := caddy.ParseDuration(d.Val()) + if err != nil { + return d.Errf("bad timeout value %s: %v", d.Val(), err) + } + t.DialTimeout = caddy.Duration(dur) + + case "read_timeout": + if !d.NextArg() { + return d.ArgErr() + } + dur, err := caddy.ParseDuration(d.Val()) + if err != nil { + return d.Errf("bad timeout value %s: %v", d.Val(), err) + } + t.ReadTimeout = caddy.Duration(dur) + + case "write_timeout": + if !d.NextArg() { + return d.ArgErr() + } + dur, err := caddy.ParseDuration(d.Val()) + if err != nil { + return d.Errf("bad timeout value %s: %v", d.Val(), err) + } + t.WriteTimeout = caddy.Duration(dur) + default: return d.Errf("unrecognized subdirective %s", d.Val()) } @@ -208,6 +244,42 @@ func parsePHPFastCGI(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error dispenser.Delete() } fcgiTransport.ResolveRootSymlink = true + + case "dial_timeout": + if !dispenser.NextArg() { + return nil, dispenser.ArgErr() + } + dur, err := caddy.ParseDuration(dispenser.Val()) + if err != nil { + return nil, dispenser.Errf("bad timeout value %s: %v", dispenser.Val(), err) + } + fcgiTransport.DialTimeout = caddy.Duration(dur) + dispenser.Delete() + dispenser.Delete() + + case "read_timeout": + if !dispenser.NextArg() { + return nil, dispenser.ArgErr() + } + dur, err := caddy.ParseDuration(dispenser.Val()) + if err != nil { + return nil, dispenser.Errf("bad timeout value %s: %v", dispenser.Val(), err) + } + fcgiTransport.ReadTimeout = caddy.Duration(dur) + dispenser.Delete() + dispenser.Delete() + + case "write_timeout": + if !dispenser.NextArg() { + return nil, dispenser.ArgErr() + } + dur, err := caddy.ParseDuration(dispenser.Val()) + if err != nil { + return nil, dispenser.Errf("bad timeout value %s: %v", dispenser.Val(), err) + } + fcgiTransport.WriteTimeout = caddy.Duration(dur) + dispenser.Delete() + dispenser.Delete() } } } From dd26875ffcbec8b74234bdda64e019a8a20c37e2 Mon Sep 17 00:00:00 2001 From: Christoph Kluge Date: Tue, 3 Nov 2020 00:01:58 +0100 Subject: [PATCH 0221/1498] logging: Fix for IP filtering --- modules/logging/filters.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/logging/filters.go b/modules/logging/filters.go index 3bc1e2cb..a5a917de 100644 --- a/modules/logging/filters.go +++ b/modules/logging/filters.go @@ -141,7 +141,7 @@ func (m IPMaskFilter) Filter(in zapcore.Field) zapcore.Field { return in } mask := m.v4Mask - if ipAddr.To16() != nil { + if ipAddr.To4() == nil { mask = m.v6Mask } masked := ipAddr.Mask(mask) From b4f49e2962201a87037f451a0b68323524828a58 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 2 Nov 2020 18:05:01 -0500 Subject: [PATCH 0222/1498] caddyhttp: Merge query matchers in Caddyfile (#3839) Also, turns out that `Add` on headers will work even if there's nothing there yet, so we can remove the condition I introduced in #3832 --- .../caddyfile_adapt/matcher_syntax.txt | 28 +++++++++++++++++++ modules/caddyhttp/matchers.go | 27 +++++++----------- 2 files changed, 38 insertions(+), 17 deletions(-) diff --git a/caddytest/integration/caddyfile_adapt/matcher_syntax.txt b/caddytest/integration/caddyfile_adapt/matcher_syntax.txt index 55c06ea0..c5c27607 100644 --- a/caddytest/integration/caddyfile_adapt/matcher_syntax.txt +++ b/caddytest/integration/caddyfile_adapt/matcher_syntax.txt @@ -25,6 +25,12 @@ header Bar foo } respond @matcher7 "header matcher merging values of the same field" + + @matcher8 { + query foo=bar foo=baz bar=foo + query bar=baz + } + respond @matcher8 "query matcher merging pairs with the same keys" } ---------- { @@ -155,6 +161,28 @@ "handler": "static_response" } ] + }, + { + "match": [ + { + "query": { + "bar": [ + "foo", + "baz" + ], + "foo": [ + "bar", + "baz" + ] + } + } + ], + "handle": [ + { + "body": "query matcher merging pairs with the same keys", + "handler": "static_response" + } + ] } ] } diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index cbb62538..b7a304f6 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -353,18 +353,16 @@ func (m *MatchQuery) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { *m = make(map[string][]string) } for d.Next() { - var query string - if !d.Args(&query) { - return d.ArgErr() + for _, query := range d.RemainingArgs() { + if query == "" { + continue + } + parts := strings.SplitN(query, "=", 2) + if len(parts) != 2 { + return d.Errf("malformed query matcher token: %s; must be in param=val format", d.Val()) + } + url.Values(*m).Add(parts[0], parts[1]) } - if query == "" { - continue - } - parts := strings.SplitN(query, "=", 2) - if len(parts) != 2 { - return d.Errf("malformed query matcher token: %s; must be in param=val format", d.Val()) - } - url.Values(*m).Set(parts[0], parts[1]) if d.NextBlock(0) { return d.Err("malformed query matcher: blocks are not supported") } @@ -411,12 +409,7 @@ func (m *MatchHeader) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { // If multiple header matchers with the same header field are defined, // we want to add the existing to the list of headers (will be OR'ed) - existing := http.Header(*m).Values(field) - if len(existing) > 0 { - http.Header(*m).Add(field, val) - } else { - http.Header(*m).Set(field, val) - } + http.Header(*m).Add(field, val) if d.NextBlock(0) { return d.Err("malformed header matcher: blocks are not supported") From 9e28f60aab31c9ae674bd55ba3975bc6b1c2514c Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Wed, 4 Nov 2020 19:32:07 +0300 Subject: [PATCH 0223/1498] ci: remove the continuous fuzzing job (#3845) Between Github Actions deprecting a command we use[0] and Fuzzit planning to deprecate their standalone service after being acquired by Gitlab[1][2], there are no reasons to keep this job. [0] https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/ [1] https://about.gitlab.com/press/releases/2020-06-11-gitlab-acquires-peach-tech-and-fuzzit-to-expand-devsecops-offering.html [2] https://fuzzit.dev/2020/06/11/news-fuzzit-is-acquired-by-gitlab/ --- .github/workflows/fuzzing.yml | 73 ----------------------------------- 1 file changed, 73 deletions(-) delete mode 100644 .github/workflows/fuzzing.yml diff --git a/.github/workflows/fuzzing.yml b/.github/workflows/fuzzing.yml deleted file mode 100644 index 05f4629c..00000000 --- a/.github/workflows/fuzzing.yml +++ /dev/null @@ -1,73 +0,0 @@ -name: Fuzzing - -on: - # Daily midnight fuzzing - schedule: - - cron: '0 0 * * *' - -jobs: - fuzzing: - name: Fuzzing - - strategy: - matrix: - os: [ ubuntu-latest ] - go: [ '1.14' ] - runs-on: ${{ matrix.os }} - - steps: - - name: Install Go - uses: actions/setup-go@v2 - with: - go-version: ${{ matrix.go }} - - - name: Checkout code - uses: actions/checkout@v2 - - - name: Download go-fuzz tools and the Fuzzit CLI, move Fuzzit CLI to GOBIN - # If we decide we need to prevent this from running on forks, we can use this line: - # if: github.repository == 'caddyserver/caddy' - run: | - - go get -v github.com/dvyukov/go-fuzz/go-fuzz github.com/dvyukov/go-fuzz/go-fuzz-build - wget -q -O fuzzit https://github.com/fuzzitdev/fuzzit/releases/download/v2.4.77/fuzzit_Linux_x86_64 - chmod a+x fuzzit - mv fuzzit $(go env GOPATH)/bin - echo "::add-path::$(go env GOPATH)/bin" - - - name: Generate fuzzers & submit them to Fuzzit - continue-on-error: true - env: - FUZZIT_API_KEY: ${{ secrets.FUZZIT_API_KEY }} - SYSTEM_PULLREQUEST_SOURCEBRANCH: ${{ github.ref }} - BUILD_SOURCEVERSION: ${{ github.sha }} - run: | - # debug - echo "PR Source Branch: $SYSTEM_PULLREQUEST_SOURCEBRANCH" - echo "Source version: $BUILD_SOURCEVERSION" - - declare -A fuzzers_funcs=(\ - ["./caddyconfig/httpcaddyfile/addresses_fuzz.go"]="FuzzParseAddress" \ - ["./listeners_fuzz.go"]="FuzzParseNetworkAddress" \ - ["./replacer_fuzz.go"]="FuzzReplacer" \ - ) - - declare -A fuzzers_targets=(\ - ["./caddyconfig/httpcaddyfile/addresses_fuzz.go"]="parse-address" \ - ["./listeners_fuzz.go"]="parse-network-address" \ - ["./replacer_fuzz.go"]="replacer" \ - ) - - fuzz_type="fuzzing" - - for f in $(find . -name \*_fuzz.go); do - FUZZER_DIRECTORY=$(dirname "$f") - - echo "go-fuzz-build func ${fuzzers_funcs[$f]} residing in $f" - - go-fuzz-build -func "${fuzzers_funcs[$f]}" -o "$FUZZER_DIRECTORY/${fuzzers_targets[$f]}.zip" "$FUZZER_DIRECTORY" - - fuzzit create job --engine go-fuzz caddyserver/"${fuzzers_targets[$f]}" "$FUZZER_DIRECTORY"/"${fuzzers_targets[$f]}.zip" --api-key "${FUZZIT_API_KEY}" --type "${fuzz_type}" --branch "${SYSTEM_PULLREQUEST_SOURCEBRANCH}" --revision "${BUILD_SOURCEVERSION}" - - echo "Completed $f" - done From 7c28ecb5f487e24a982a10cb5c5a77dc03c38db1 Mon Sep 17 00:00:00 2001 From: Gaurav Dhameeja Date: Thu, 5 Nov 2020 00:07:41 +0530 Subject: [PATCH 0224/1498] httpcaddyfile: Add certificate_pem placeholder short, add to godoc (#3846) Co-authored-by: Matt Holt Co-authored-by: Francis Lavoie --- caddyconfig/httpcaddyfile/httptype.go | 1 + modules/caddyhttp/app.go | 1 + 2 files changed, 2 insertions(+) diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index a19a6fed..35eab906 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -99,6 +99,7 @@ func (st ServerType) Setup(inputServerBlocks []caddyfile.ServerBlock, "{tls_client_issuer}", "{http.request.tls.client.issuer}", "{tls_client_serial}", "{http.request.tls.client.serial}", "{tls_client_subject}", "{http.request.tls.client.subject}", + "{tls_client_certificate_pem}", "{http.request.tls.client.certificate_pem}", ) // these are placeholders that allow a user-defined final diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go index 41820ea6..f5f079c7 100644 --- a/modules/caddyhttp/app.go +++ b/modules/caddyhttp/app.go @@ -75,6 +75,7 @@ func init() { // `{http.request.tls.client.fingerprint}` | The SHA256 checksum of the client certificate // `{http.request.tls.client.public_key}` | The public key of the client certificate. // `{http.request.tls.client.public_key_sha256}` | The SHA256 checksum of the client's public key. +// `{http.request.tls.client.certificate_pem}` | The PEM-encoded value of the certificate. // `{http.request.tls.client.issuer}` | The issuer DN of the client certificate // `{http.request.tls.client.serial}` | The serial number of the client certificate // `{http.request.tls.client.subject}` | The subject DN of the client certificate From 3db60e6cbace3c03b7fe6cbaf8fd49fd42fde5b2 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 12 Nov 2020 12:36:37 -0700 Subject: [PATCH 0225/1498] Update contact info --- .github/SECURITY.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/SECURITY.md b/.github/SECURITY.md index 5fa5fc1b..9f940f3e 100644 --- a/.github/SECURITY.md +++ b/.github/SECURITY.md @@ -16,12 +16,12 @@ Please note that we consider publicly-registered domain names to be public infor ## Reporting a Vulnerability -Please email Matt Holt (the author) directly: matt [at] ardanlabs [dot com]. +Please email Matt Holt (the author) directly: matt [at] lightcodelabs [dot com]. We'll need enough information to verify the bug and make a patch. It will speed things up if you suggest a working patch, such as a code diff, and explain why and how it works. Reports that are not actionable, do not contain enough information, are too pushy/demanding, or are not able to convince us that it is a viable and practical attack on the web server itself may be deferred to a later time or possibly ignored, resources permitting. Priority will be given to credible, responsible reports that are constructive, specific, and actionable. Thank you for understanding. Please also understand that due to our nature as an open source project, we do not have a budget to award security bounties. We can only thank you. -If your report is valid and a patch is released, we will not reveal your identity by default. If you wish to be credited, please give us the name to use. +If your report is valid and a patch is released, we will not reveal your identity by default. If you wish to be credited, please give us the name to use and/or your GitHub username. If you don't provide this we can't credit you. Thanks for responsibly helping Caddy—and thousands of websites—be more secure! From 95af4262a8adf12e0c5eb178d9e521903eb8b0e4 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 12 Nov 2020 15:02:35 -0700 Subject: [PATCH 0226/1498] caddytls: Support ACME alt cert chain preferences --- go.mod | 2 +- go.sum | 4 ++-- modules/caddytls/acmeissuer.go | 6 ++++++ 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 76e7a779..8a0d4f25 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/Masterminds/sprig/v3 v3.1.0 github.com/alecthomas/chroma v0.8.0 github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a - github.com/caddyserver/certmagic v0.12.1-0.20201021150819-90d1550af48c + github.com/caddyserver/certmagic v0.12.1-0.20201112220015-12df2be5a021 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-chi/chi v4.1.2+incompatible github.com/google/cel-go v0.5.1 diff --git a/go.sum b/go.sum index a18b0928..294ecccc 100644 --- a/go.sum +++ b/go.sum @@ -85,8 +85,8 @@ github.com/bombsimon/wsl/v2 v2.0.0/go.mod h1:mf25kr/SqFEPhhcxW1+7pxzGlW+hIl/hYTK github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= -github.com/caddyserver/certmagic v0.12.1-0.20201021150819-90d1550af48c h1:IvUz1LXmHL2y3UVGbzmnvz5/2CA1rvurJA/AL4reKKI= -github.com/caddyserver/certmagic v0.12.1-0.20201021150819-90d1550af48c/go.mod h1:tr26xh+9fY5dN0J6IPAlMj07qpog22PJKa7Nw7j835U= +github.com/caddyserver/certmagic v0.12.1-0.20201112220015-12df2be5a021 h1:VY4JahIicW/GT84KoIm+TSKwMHj08NyPJhsGypTWJn4= +github.com/caddyserver/certmagic v0.12.1-0.20201112220015-12df2be5a021/go.mod h1:tr26xh+9fY5dN0J6IPAlMj07qpog22PJKa7Nw7j835U= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go index b73b34ff..6466229d 100644 --- a/modules/caddytls/acmeissuer.go +++ b/modules/caddytls/acmeissuer.go @@ -74,6 +74,11 @@ type ACMEIssuer struct { // is internal or for development/testing purposes. TrustedRootsPEMFiles []string `json:"trusted_roots_pem_files,omitempty"` + // List of preferred certificate chains, by issuer's CommonName. If empty, + // or if no matching chain is found, the first chain offered by the server + // will be used. + PreferredChains []string `json:"preferred_chains,omitempty"` + rootPool *x509.CertPool template certmagic.ACMEManager magic *certmagic.Config @@ -149,6 +154,7 @@ func (iss *ACMEIssuer) makeIssuerTemplate() (certmagic.ACMEManager, error) { CertObtainTimeout: time.Duration(iss.ACMETimeout), TrustedRoots: iss.rootPool, ExternalAccount: iss.ExternalAccount, + PreferredChains: iss.PreferredChains, Logger: iss.logger, } From 7a3d9d81fe5836894b39d0e218193f7cffd732ff Mon Sep 17 00:00:00 2001 From: Aurelia Date: Fri, 13 Nov 2020 23:28:21 +0100 Subject: [PATCH 0227/1498] basicauth: Minor internal improvements (#3861) * nitpicks and small improvements in basicauth module 1: roll two if statements into one, since err will be nil in the second case anyhow 2: unlock cache mutex after reading the key, as this happens by-value and reduces code complexity 3: switch cache sync.Mutex to sync.RWMutex for better concurrency on cache fast track * allocate the right kind of mutex --- modules/caddyhttp/caddyauth/basicauth.go | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/modules/caddyhttp/caddyauth/basicauth.go b/modules/caddyhttp/caddyauth/basicauth.go index d9557730..f383199e 100644 --- a/modules/caddyhttp/caddyauth/basicauth.go +++ b/modules/caddyhttp/caddyauth/basicauth.go @@ -134,7 +134,7 @@ func (hba *HTTPBasicAuth) Provision(ctx caddy.Context) error { if hba.HashCache != nil { hba.HashCache.cache = make(map[string]bool) - hba.HashCache.mu = new(sync.Mutex) + hba.HashCache.mu = new(sync.RWMutex) } return nil @@ -156,12 +156,9 @@ func (hba HTTPBasicAuth) Authenticate(w http.ResponseWriter, req *http.Request) } same, err := hba.correctPassword(account, []byte(plaintextPasswordStr)) - if err != nil { + if err != nil || !same || !accountExists { return hba.promptForCredentials(w, err) } - if !same || !accountExists { - return hba.promptForCredentials(w, nil) - } return User{ID: username}, true, nil } @@ -180,13 +177,12 @@ func (hba HTTPBasicAuth) correctPassword(account Account, plaintextPassword []by cacheKey := hex.EncodeToString(append(append(account.password, account.salt...), plaintextPassword...)) // fast track: if the result of the input is already cached, use it - hba.HashCache.mu.Lock() + hba.HashCache.mu.RLock() same, ok := hba.HashCache.cache[cacheKey] + hba.HashCache.mu.RUnlock() if ok { - hba.HashCache.mu.Unlock() return same, nil } - hba.HashCache.mu.Unlock() // slow track: do the expensive op, then add it to the cache same, err := compare() @@ -219,7 +215,7 @@ func (hba HTTPBasicAuth) promptForCredentials(w http.ResponseWriter, err error) // helpful for secure password hashes which can be expensive to // compute on every HTTP request. type Cache struct { - mu *sync.Mutex + mu *sync.RWMutex // map of concatenated hashed password + plaintext password + salt, to result cache map[string]bool From 13781e67ab1b2553598d0dd1a7153ce3cdbd4879 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Mon, 16 Nov 2020 11:05:55 -0700 Subject: [PATCH 0228/1498] caddytls: Support multiple issuers (#3862) * caddytls: Support multiple issuers Defaults are Let's Encrypt and ZeroSSL. There are probably bugs. * Commit updated integration tests, d'oh * Update go.mod --- caddyconfig/httpcaddyfile/builtins.go | 47 ++-- caddyconfig/httpcaddyfile/tlsapp.go | 212 +++++++++++------- .../caddyfile_adapt/global_options.txt | 8 +- .../caddyfile_adapt/global_options_acme.txt | 26 ++- .../caddyfile_adapt/global_options_admin.txt | 8 +- .../tls_automation_policies.txt | 24 +- go.mod | 2 +- go.sum | 4 +- modules/caddyhttp/autohttps.go | 61 +++-- modules/caddytls/acmeissuer.go | 9 + modules/caddytls/automation.go | 86 ++++--- modules/caddytls/tls.go | 20 +- modules/caddytls/zerosslissuer.go | 40 ++-- 13 files changed, 310 insertions(+), 237 deletions(-) diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index 5ba35aa3..f8b5e2c5 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -88,7 +88,7 @@ func parseTLS(h Helper) ([]ConfigValue, error) { var certSelector caddytls.CustomCertSelectionPolicy var acmeIssuer *caddytls.ACMEIssuer var internalIssuer *caddytls.InternalIssuer - var issuer certmagic.Issuer + var issuers []certmagic.Issuer var onDemand bool for h.Next() { @@ -297,10 +297,11 @@ func parseTLS(h Helper) ([]ConfigValue, error) { if err != nil { return nil, err } - issuer, ok = unm.(certmagic.Issuer) + issuer, ok := unm.(certmagic.Issuer) if !ok { return nil, h.Errf("module %s is not a certmagic.Issuer", mod.ID) } + issuers = append(issuers, issuer) case "dns": if !h.NextArg() { @@ -371,44 +372,30 @@ func parseTLS(h Helper) ([]ConfigValue, error) { }) } - // issuer - if acmeIssuer != nil && internalIssuer != nil { - // the logic to support this would be complex - return nil, h.Err("cannot use both ACME and internal issuers in same server block") + if len(issuers) > 0 && (acmeIssuer != nil || internalIssuer != nil) { + // some tls subdirectives are shortcuts that implicitly configure issuers, and the + // user can also configure issuers explicitly using the issuer subdirective; the + // logic to support both would likely be complex, or at least unintuitive + return nil, h.Err("cannot mix issuer subdirective (explicit issuers) with other issuer-specific subdirectives (implicit issuers)") } - if issuer != nil && (acmeIssuer != nil || internalIssuer != nil) { - // similarly, the logic to support this would be complex - return nil, h.Err("when defining an issuer, all its config must be in its block, rather than from separate tls subdirectives") - } - switch { - case issuer != nil: + for _, issuer := range issuers { configVals = append(configVals, ConfigValue{ Class: "tls.cert_issuer", Value: issuer, }) - - case internalIssuer != nil: - configVals = append(configVals, ConfigValue{ - Class: "tls.cert_issuer", - Value: internalIssuer, - }) - - case acmeIssuer != nil: - // fill in global defaults, if configured - if email := h.Option("email"); email != nil && acmeIssuer.Email == "" { - acmeIssuer.Email = email.(string) - } - if acmeCA := h.Option("acme_ca"); acmeCA != nil && acmeIssuer.CA == "" { - acmeIssuer.CA = acmeCA.(string) - } - if caPemFile := h.Option("acme_ca_root"); caPemFile != nil { - acmeIssuer.TrustedRootsPEMFiles = append(acmeIssuer.TrustedRootsPEMFiles, caPemFile.(string)) - } + } + if acmeIssuer != nil { configVals = append(configVals, ConfigValue{ Class: "tls.cert_issuer", Value: disambiguateACMEIssuer(acmeIssuer), }) } + if internalIssuer != nil { + configVals = append(configVals, ConfigValue{ + Class: "tls.cert_issuer", + Value: internalIssuer, + }) + } // on-demand TLS if onDemand { diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index 0ac862e0..fe4c1b15 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -110,47 +110,43 @@ func (st ServerType) buildTLSApp( // certificate issuers if issuerVals, ok := sblock.pile["tls.cert_issuer"]; ok { + var issuers []certmagic.Issuer for _, issuerVal := range issuerVals { - issuer := issuerVal.Value.(certmagic.Issuer) - if ap == catchAllAP && !reflect.DeepEqual(ap.Issuer, issuer) { - return nil, warnings, fmt.Errorf("automation policy from site block is also default/catch-all policy because of key without hostname, and the two are in conflict: %#v != %#v", ap.Issuer, issuer) - } - ap.Issuer = issuer + ap.Issuers = append(ap.Issuers, issuerVal.Value.(certmagic.Issuer)) + } + if ap == catchAllAP && !reflect.DeepEqual(ap.Issuers, issuers) { + return nil, warnings, fmt.Errorf("automation policy from site block is also default/catch-all policy because of key without hostname, and the two are in conflict: %#v != %#v", ap.Issuers, issuers) } } // custom bind host for _, cfgVal := range sblock.pile["bind"] { - // if an issuer was already configured and it is NOT an ACME - // issuer, skip, since we intend to adjust only ACME issuers - var acmeIssuer *caddytls.ACMEIssuer - if ap.Issuer != nil { - // ensure we include any issuer that embeds/wraps an underlying ACME issuer - type acmeCapable interface{ GetACMEIssuer() *caddytls.ACMEIssuer } - if acmeWrapper, ok := ap.Issuer.(acmeCapable); ok { + for _, iss := range ap.Issuers { + // if an issuer was already configured and it is NOT an ACME issuer, + // skip, since we intend to adjust only ACME issuers; ensure we + // include any issuer that embeds/wraps an underlying ACME issuer + var acmeIssuer *caddytls.ACMEIssuer + if acmeWrapper, ok := iss.(acmeCapable); ok { acmeIssuer = acmeWrapper.GetACMEIssuer() - } else { - break } - } + if acmeIssuer == nil { + continue + } - // proceed to configure the ACME issuer's bind host, without - // overwriting any existing settings - if acmeIssuer == nil { - acmeIssuer = new(caddytls.ACMEIssuer) - } - if acmeIssuer.Challenges == nil { - acmeIssuer.Challenges = new(caddytls.ChallengesConfig) - } - if acmeIssuer.Challenges.BindHost == "" { - // only binding to one host is supported - var bindHost string - if bindHosts, ok := cfgVal.Value.([]string); ok && len(bindHosts) > 0 { - bindHost = bindHosts[0] + // proceed to configure the ACME issuer's bind host, without + // overwriting any existing settings + if acmeIssuer.Challenges == nil { + acmeIssuer.Challenges = new(caddytls.ChallengesConfig) + } + if acmeIssuer.Challenges.BindHost == "" { + // only binding to one host is supported + var bindHost string + if bindHosts, ok := cfgVal.Value.([]string); ok && len(bindHosts) > 0 { + bindHost = bindHosts[0] + } + acmeIssuer.Challenges.BindHost = bindHost } - acmeIssuer.Challenges.BindHost = bindHost } - ap.Issuer = acmeIssuer // we'll encode it later } // first make sure this block is allowed to create an automation policy; @@ -188,7 +184,7 @@ func (st ServerType) buildTLSApp( // that the internal names can use the internal issuer and // the other names can use the default/public/ACME issuer var ap2 *caddytls.AutomationPolicy - if ap.Issuer == nil { + if len(ap.Issuers) == 0 { var internal, external []string for _, s := range ap.Subjects { if !certmagic.SubjectQualifiesForCert(s) { @@ -212,7 +208,7 @@ func (st ServerType) buildTLSApp( apCopy := *ap ap2 = &apCopy ap2.Subjects = internal - ap2.IssuerRaw = caddyconfig.JSONModuleObject(caddytls.InternalIssuer{}, "module", "internal", &warnings) + ap2.IssuersRaw = []json.RawMessage{caddyconfig.JSONModuleObject(caddytls.InternalIssuer{}, "module", "internal", &warnings)} } } if tlsApp.Automation == nil { @@ -277,7 +273,7 @@ func (st ServerType) buildTLSApp( // get internal certificates by default rather than ACME var al caddytls.AutomateLoader internalAP := &caddytls.AutomationPolicy{ - IssuerRaw: json.RawMessage(`{"module":"internal"}`), + IssuersRaw: []json.RawMessage{json.RawMessage(`{"module":"internal"}`)}, } for h := range hostsSharedWithHostlessKey { al = append(al, h) @@ -295,14 +291,48 @@ func (st ServerType) buildTLSApp( tlsApp.Automation.Policies = append(tlsApp.Automation.Policies, internalAP) } + // if there are any global options set for issuers (ACME ones in particular), make sure they + // take effect in every automation policy that does not have any issuers + if tlsApp.Automation != nil { + globalEmail := options["email"] + globalACMECA := options["acme_ca"] + globalACMECARoot := options["acme_ca_root"] + globalACMEDNS := options["acme_dns"] + globalACMEEAB := options["acme_eab"] + hasGlobalACMEDefaults := globalEmail != nil || globalACMECA != nil || globalACMECARoot != nil || globalACMEDNS != nil || globalACMEEAB != nil + if hasGlobalACMEDefaults { + for _, ap := range tlsApp.Automation.Policies { + if len(ap.Issuers) == 0 { + acme, zerosslACME := new(caddytls.ACMEIssuer), new(caddytls.ACMEIssuer) + zerossl := &caddytls.ZeroSSLIssuer{ACMEIssuer: zerosslACME} + ap.Issuers = []certmagic.Issuer{acme, zerossl} // TODO: keep this in sync with Caddy's other issuer defaults elsewhere, like in caddytls/automation.go (DefaultIssuers). + + // if a non-ZeroSSL endpoint is specified, we assume we can't use the ZeroSSL issuer successfully + if globalACMECA != nil && !strings.Contains(globalACMECA.(string), "zerossl") { + ap.Issuers = []certmagic.Issuer{acme} + } + } + } + } + } + // finalize and verify policies; do cleanup if tlsApp.Automation != nil { - // encode any issuer values we created, so they will be rendered in the output - for _, ap := range tlsApp.Automation.Policies { - if ap.Issuer != nil && ap.IssuerRaw == nil { - // encode issuer now that it's all set up - issuerName := ap.Issuer.(caddy.Module).CaddyModule().ID.Name() - ap.IssuerRaw = caddyconfig.JSONModuleObject(ap.Issuer, "module", issuerName, &warnings) + for i, ap := range tlsApp.Automation.Policies { + // ensure all issuers have global defaults filled in + for j, issuer := range ap.Issuers { + err := fillInGlobalACMEDefaults(issuer, options) + if err != nil { + return nil, warnings, fmt.Errorf("filling in global issuer defaults for AP %d, issuer %d: %v", i, j, err) + } + } + + // encode all issuer values we created, so they will be rendered in the output + if len(ap.Issuers) > 0 && ap.IssuersRaw == nil { + for _, iss := range ap.Issuers { + issuerName := iss.(caddy.Module).CaddyModule().ID.Name() + ap.IssuersRaw = append(ap.IssuersRaw, caddyconfig.JSONModuleObject(iss, "module", issuerName, &warnings)) + } } } @@ -334,6 +364,51 @@ func (st ServerType) buildTLSApp( return tlsApp, warnings, nil } +type acmeCapable interface{ GetACMEIssuer() *caddytls.ACMEIssuer } + +func fillInGlobalACMEDefaults(issuer certmagic.Issuer, options map[string]interface{}) error { + acmeWrapper, ok := issuer.(acmeCapable) + if !ok { + return nil + } + acmeIssuer := acmeWrapper.GetACMEIssuer() + if acmeIssuer == nil { + return nil + } + + globalEmail := options["email"] + globalACMECA := options["acme_ca"] + globalACMECARoot := options["acme_ca_root"] + globalACMEDNS := options["acme_dns"] + globalACMEEAB := options["acme_eab"] + + if globalEmail != nil && acmeIssuer.Email == "" { + acmeIssuer.Email = globalEmail.(string) + } + if globalACMECA != nil && acmeIssuer.CA == "" { + acmeIssuer.CA = globalACMECA.(string) + } + if globalACMECARoot != nil && !sliceContains(acmeIssuer.TrustedRootsPEMFiles, globalACMECARoot.(string)) { + acmeIssuer.TrustedRootsPEMFiles = append(acmeIssuer.TrustedRootsPEMFiles, globalACMECARoot.(string)) + } + if globalACMEDNS != nil && (acmeIssuer.Challenges == nil || acmeIssuer.Challenges.DNS == nil) { + provName := globalACMEDNS.(string) + dnsProvModule, err := caddy.GetModule("dns.providers." + provName) + if err != nil { + return fmt.Errorf("getting DNS provider module named '%s': %v", provName, err) + } + acmeIssuer.Challenges = &caddytls.ChallengesConfig{ + DNS: &caddytls.DNSChallengeConfig{ + ProviderRaw: caddyconfig.JSONModuleObject(dnsProvModule.New(), "name", provName, nil), + }, + } + } + if globalACMEEAB != nil && acmeIssuer.ExternalAccount == nil { + acmeIssuer.ExternalAccount = globalACMEEAB.(*acme.EAB) + } + return nil +} + // newBaseAutomationPolicy returns a new TLS automation policy that gets // its values from the global options map. It should be used as the base // for any other automation policies. A nil policy (and no error) will be @@ -341,17 +416,10 @@ func (st ServerType) buildTLSApp( // true, a non-nil value will always be returned (unless there is an error). func newBaseAutomationPolicy(options map[string]interface{}, warnings []caddyconfig.Warning, always bool) (*caddytls.AutomationPolicy, error) { issuer, hasIssuer := options["cert_issuer"] - - acmeCA, hasACMECA := options["acme_ca"] - acmeCARoot, hasACMECARoot := options["acme_ca_root"] - acmeDNS, hasACMEDNS := options["acme_dns"] - acmeEAB, hasACMEEAB := options["acme_eab"] - - email, hasEmail := options["email"] - localCerts, hasLocalCerts := options["local_certs"] + _, hasLocalCerts := options["local_certs"] keyType, hasKeyType := options["key_type"] - hasGlobalAutomationOpts := hasIssuer || hasACMECA || hasACMECARoot || hasACMEDNS || hasACMEEAB || hasEmail || hasLocalCerts || hasKeyType + hasGlobalAutomationOpts := hasIssuer || hasLocalCerts || hasKeyType // if there are no global options related to automation policies // set, then we can just return right away @@ -363,48 +431,18 @@ func newBaseAutomationPolicy(options map[string]interface{}, warnings []caddycon } ap := new(caddytls.AutomationPolicy) - if keyType != nil { + if hasKeyType { ap.KeyType = keyType.(string) } + if hasIssuer && hasLocalCerts { + return nil, fmt.Errorf("global options are ambiguous: local_certs is confusing when combined with cert_issuer, because local_certs is also a specific kind of issuer") + } + if hasIssuer { - if hasACMECA || hasACMEDNS || hasACMEEAB || hasEmail || hasLocalCerts { - return nil, fmt.Errorf("global options are ambiguous: cert_issuer is confusing when combined with acme_*, email, or local_certs options") - } - ap.Issuer = issuer.(certmagic.Issuer) - } else if localCerts != nil { - // internal issuer enabled trumps any ACME configurations; useful in testing - ap.Issuer = new(caddytls.InternalIssuer) // we'll encode it later - } else { - if acmeCA == nil { - acmeCA = "" - } - if email == nil { - email = "" - } - mgr := &caddytls.ACMEIssuer{ - CA: acmeCA.(string), - Email: email.(string), - } - if acmeDNS != nil { - provName := acmeDNS.(string) - dnsProvModule, err := caddy.GetModule("dns.providers." + provName) - if err != nil { - return nil, fmt.Errorf("getting DNS provider module named '%s': %v", provName, err) - } - mgr.Challenges = &caddytls.ChallengesConfig{ - DNS: &caddytls.DNSChallengeConfig{ - ProviderRaw: caddyconfig.JSONModuleObject(dnsProvModule.New(), "name", provName, &warnings), - }, - } - } - if acmeCARoot != nil { - mgr.TrustedRootsPEMFiles = []string{acmeCARoot.(string)} - } - if acmeEAB != nil { - mgr.ExternalAccount = acmeEAB.(*acme.EAB) - } - ap.Issuer = disambiguateACMEIssuer(mgr) // we'll encode it later + ap.Issuers = []certmagic.Issuer{issuer.(certmagic.Issuer)} + } else if hasLocalCerts { + ap.Issuers = []certmagic.Issuer{new(caddytls.InternalIssuer)} } return ap, nil @@ -463,7 +501,7 @@ func consolidateAutomationPolicies(aps []*caddytls.AutomationPolicy) []*caddytls // otherwise the one without any subjects (a catch-all) would be // eaten up by the one with subjects; and if both have subjects, we // need to combine their lists - if bytes.Equal(aps[i].IssuerRaw, aps[j].IssuerRaw) && + if reflect.DeepEqual(aps[i].IssuersRaw, aps[j].IssuersRaw) && bytes.Equal(aps[i].StorageRaw, aps[j].StorageRaw) && aps[i].MustStaple == aps[j].MustStaple && aps[i].KeyType == aps[j].KeyType && diff --git a/caddytest/integration/caddyfile_adapt/global_options.txt b/caddytest/integration/caddyfile_adapt/global_options.txt index 65628247..a0a7f0b8 100644 --- a/caddytest/integration/caddyfile_adapt/global_options.txt +++ b/caddytest/integration/caddyfile_adapt/global_options.txt @@ -54,9 +54,11 @@ "automation": { "policies": [ { - "issuer": { - "module": "internal" - }, + "issuers": [ + { + "module": "internal" + } + ], "key_type": "ed25519" } ], diff --git a/caddytest/integration/caddyfile_adapt/global_options_acme.txt b/caddytest/integration/caddyfile_adapt/global_options_acme.txt index 500a7231..0f1d78fd 100644 --- a/caddytest/integration/caddyfile_adapt/global_options_acme.txt +++ b/caddytest/integration/caddyfile_adapt/global_options_acme.txt @@ -57,18 +57,20 @@ "automation": { "policies": [ { - "issuer": { - "ca": "https://example.com", - "email": "test@example.com", - "external_account": { - "key_id": "4K2scIVbBpNd-78scadB2g", - "mac_key": "abcdefghijklmnopqrstuvwx-abcdefghijklnopqrstuvwxyz12ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefgh" - }, - "module": "acme", - "trusted_roots_pem_files": [ - "/path/to/ca.crt" - ] - }, + "issuers": [ + { + "ca": "https://example.com", + "email": "test@example.com", + "external_account": { + "key_id": "4K2scIVbBpNd-78scadB2g", + "mac_key": "abcdefghijklmnopqrstuvwx-abcdefghijklnopqrstuvwxyz12ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefgh" + }, + "module": "acme", + "trusted_roots_pem_files": [ + "/path/to/ca.crt" + ] + } + ], "key_type": "ed25519" } ], diff --git a/caddytest/integration/caddyfile_adapt/global_options_admin.txt b/caddytest/integration/caddyfile_adapt/global_options_admin.txt index 9d0fb270..67cf5adf 100644 --- a/caddytest/integration/caddyfile_adapt/global_options_admin.txt +++ b/caddytest/integration/caddyfile_adapt/global_options_admin.txt @@ -62,9 +62,11 @@ "automation": { "policies": [ { - "issuer": { - "module": "internal" - }, + "issuers": [ + { + "module": "internal" + } + ], "key_type": "ed25519" } ], diff --git a/caddytest/integration/caddyfile_adapt/tls_automation_policies.txt b/caddytest/integration/caddyfile_adapt/tls_automation_policies.txt index 0a90e4a1..c3fd4898 100644 --- a/caddytest/integration/caddyfile_adapt/tls_automation_policies.txt +++ b/caddytest/integration/caddyfile_adapt/tls_automation_policies.txt @@ -54,24 +54,30 @@ foo.tld, www.foo.tld { "foo.tld", "www.foo.tld" ], - "issuer": { - "module": "internal" - } + "issuers": [ + { + "module": "internal" + } + ] }, { "subjects": [ "*.*.tld", "*.tld" ], - "issuer": { - "module": "internal" - }, + "issuers": [ + { + "module": "internal" + } + ], "on_demand": true }, { - "issuer": { - "module": "internal" - } + "issuers": [ + { + "module": "internal" + } + ] } ] } diff --git a/go.mod b/go.mod index 8a0d4f25..3e55d38a 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/Masterminds/sprig/v3 v3.1.0 github.com/alecthomas/chroma v0.8.0 github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a - github.com/caddyserver/certmagic v0.12.1-0.20201112220015-12df2be5a021 + github.com/caddyserver/certmagic v0.12.1-0.20201116175341-0f8a9f688760 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-chi/chi v4.1.2+incompatible github.com/google/cel-go v0.5.1 diff --git a/go.sum b/go.sum index 294ecccc..1070c737 100644 --- a/go.sum +++ b/go.sum @@ -85,8 +85,8 @@ github.com/bombsimon/wsl/v2 v2.0.0/go.mod h1:mf25kr/SqFEPhhcxW1+7pxzGlW+hIl/hYTK github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= -github.com/caddyserver/certmagic v0.12.1-0.20201112220015-12df2be5a021 h1:VY4JahIicW/GT84KoIm+TSKwMHj08NyPJhsGypTWJn4= -github.com/caddyserver/certmagic v0.12.1-0.20201112220015-12df2be5a021/go.mod h1:tr26xh+9fY5dN0J6IPAlMj07qpog22PJKa7Nw7j835U= +github.com/caddyserver/certmagic v0.12.1-0.20201116175341-0f8a9f688760 h1:h7KGtOb9TAfZp2/KwPd9iyqiLVZMWbpx5Mu0Her2iRw= +github.com/caddyserver/certmagic v0.12.1-0.20201116175341-0f8a9f688760/go.mod h1:tr26xh+9fY5dN0J6IPAlMj07qpog22PJKa7Nw7j835U= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= diff --git a/modules/caddyhttp/autohttps.go b/modules/caddyhttp/autohttps.go index 07809811..805a37c2 100644 --- a/modules/caddyhttp/autohttps.go +++ b/modules/caddyhttp/autohttps.go @@ -241,7 +241,7 @@ func (app *App) automaticHTTPSPhase1(ctx caddy.Context, repl *caddy.Replacer) er // we now have a list of all the unique names for which we need certs; // turn the set into a slice so that phase 2 can use it app.allCertDomains = make([]string, 0, len(uniqueDomainsForCerts)) - var internal, external []string + var internal []string uniqueDomainsLoop: for d := range uniqueDomainsForCerts { // whether or not there is already an automation policy for this @@ -264,15 +264,13 @@ uniqueDomainsLoop: // if no automation policy exists for the name yet, we // will associate it with an implicit one - if certmagic.SubjectQualifiesForPublicCert(d) { - external = append(external, d) - } else { + if !certmagic.SubjectQualifiesForPublicCert(d) { internal = append(internal, d) } } // ensure there is an automation policy to handle these certs - err := app.createAutomationPolicies(ctx, external, internal) + err := app.createAutomationPolicies(ctx, internal) if err != nil { return err } @@ -430,7 +428,7 @@ redirServersLoop: // automation policy exists, it will be shallow-copied and used as the // base for the new ones (this is important for preserving behavior the // user intends to be "defaults"). -func (app *App) createAutomationPolicies(ctx caddy.Context, publicNames, internalNames []string) error { +func (app *App) createAutomationPolicies(ctx caddy.Context, internalNames []string) error { // before we begin, loop through the existing automation policies // and, for any ACMEIssuers we find, make sure they're filled in // with default values that might be specified in our HTTP app; also @@ -447,16 +445,23 @@ func (app *App) createAutomationPolicies(ctx caddy.Context, publicNames, interna // set up default issuer -- honestly, this is only // really necessary because the HTTP app is opinionated // and has settings which could be inferred as new - // defaults for the ACMEIssuer in the TLS app - if ap.Issuer == nil { - ap.Issuer = new(caddytls.ACMEIssuer) - } - if acmeIssuer, ok := ap.Issuer.(acmeCapable); ok { - err := app.fillInACMEIssuer(acmeIssuer.GetACMEIssuer()) + // defaults for the ACMEIssuer in the TLS app (such as + // what the HTTP and HTTPS ports are) + if ap.Issuers == nil { + var err error + ap.Issuers, err = caddytls.DefaultIssuers(ctx) if err != nil { return err } } + for _, iss := range ap.Issuers { + if acmeIssuer, ok := iss.(acmeCapable); ok { + err := app.fillInACMEIssuer(acmeIssuer.GetACMEIssuer()) + if err != nil { + return err + } + } + } // while we're here, is this the catch-all/base policy? if !foundBasePolicy && len(ap.Subjects) == 0 { @@ -471,11 +476,14 @@ func (app *App) createAutomationPolicies(ctx caddy.Context, publicNames, interna } // if the basePolicy has an existing ACMEIssuer (particularly to - // include any type that embeds/wraps an ACMEIssuer), let's use it, - // otherwise we'll make one + // include any type that embeds/wraps an ACMEIssuer), let's use it + // (I guess we just use the first one?), otherwise we'll make one var baseACMEIssuer *caddytls.ACMEIssuer - if acmeWrapper, ok := basePolicy.Issuer.(acmeCapable); ok { - baseACMEIssuer = acmeWrapper.GetACMEIssuer() + for _, iss := range basePolicy.Issuers { + if acmeWrapper, ok := iss.(acmeCapable); ok { + baseACMEIssuer = acmeWrapper.GetACMEIssuer() + break + } } if baseACMEIssuer == nil { // note that this happens if basePolicy.Issuer is nil @@ -485,7 +493,7 @@ func (app *App) createAutomationPolicies(ctx caddy.Context, publicNames, interna // if there was a base policy to begin with, we already // filled in its issuer's defaults; if there wasn't, we - // stil need to do that + // still need to do that if !foundBasePolicy { err := app.fillInACMEIssuer(baseACMEIssuer) if err != nil { @@ -494,8 +502,20 @@ func (app *App) createAutomationPolicies(ctx caddy.Context, publicNames, interna } // never overwrite any other issuer that might already be configured - if basePolicy.Issuer == nil { - basePolicy.Issuer = baseACMEIssuer + if basePolicy.Issuers == nil { + var err error + basePolicy.Issuers, err = caddytls.DefaultIssuers(ctx) + if err != nil { + return err + } + for _, iss := range basePolicy.Issuers { + if acmeIssuer, ok := iss.(acmeCapable); ok { + err := app.fillInACMEIssuer(acmeIssuer.GetACMEIssuer()) + if err != nil { + return err + } + } + } } if !foundBasePolicy { @@ -549,8 +569,7 @@ func (app *App) createAutomationPolicies(ctx caddy.Context, publicNames, interna // of names that would normally use the production API; // anyway, that gets into the weeds a bit... newPolicy.Subjects = internalNames - newPolicy.Issuer = internalIssuer - + newPolicy.Issuers = []certmagic.Issuer{internalIssuer} err := app.tlsApp.AddAutomationPolicy(newPolicy) if err != nil { return err diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go index 6466229d..7c79c7e1 100644 --- a/modules/caddytls/acmeissuer.go +++ b/modules/caddytls/acmeissuer.go @@ -97,6 +97,15 @@ func (ACMEIssuer) CaddyModule() caddy.ModuleInfo { func (iss *ACMEIssuer) Provision(ctx caddy.Context) error { iss.logger = ctx.Logger(iss) + // expand email address, if non-empty + if iss.Email != "" { + email, err := caddy.NewReplacer().ReplaceOrErr(iss.Email, true, true) + if err != nil { + return fmt.Errorf("expanding email address '%s': %v", iss.Email, err) + } + iss.Email = email + } + // DNS providers if iss.Challenges != nil && iss.Challenges.DNS != nil && iss.Challenges.DNS.ProviderRaw != nil { val, err := ctx.LoadModule(iss.Challenges.DNS, "ProviderRaw") diff --git a/modules/caddytls/automation.go b/modules/caddytls/automation.go index 1612391c..509ad6e6 100644 --- a/modules/caddytls/automation.go +++ b/modules/caddytls/automation.go @@ -23,7 +23,6 @@ import ( "github.com/caddyserver/caddy/v2" "github.com/caddyserver/certmagic" "github.com/mholt/acmez" - "go.uber.org/zap" ) // AutomationConfig governs the automated management of TLS certificates. @@ -72,8 +71,13 @@ type AutomationPolicy struct { // Which subjects (hostnames or IP addresses) this policy applies to. Subjects []string `json:"subjects,omitempty"` - // The module that will issue certificates. Default: internal if all - // subjects do not qualify for public certificates; othewise acme. + // The modules that may issue certificates. Default: internal if all + // subjects do not qualify for public certificates; othewise acme and + // zerossl. + IssuersRaw []json.RawMessage `json:"issuers,omitempty" caddy:"namespace=tls.issuance inline_key=module"` + + // DEPRECATED: Use `issuers` instead (November 2020). This field will + // be removed in the future. IssuerRaw json.RawMessage `json:"issuer,omitempty" caddy:"namespace=tls.issuance inline_key=module"` // If true, certificates will be requested with MustStaple. Not all @@ -103,10 +107,10 @@ type AutomationPolicy struct { // load. OnDemand bool `json:"on_demand,omitempty"` - // Issuer stores the decoded issuer parameters. This is only - // used to populate an underlying certmagic.Config's Issuer + // Issuers stores the decoded issuer parameters. This is only + // used to populate an underlying certmagic.Config's Issuers // field; it is not referenced thereafter. - Issuer certmagic.Issuer `json:"-"` + Issuers []certmagic.Issuer `json:"-"` magic *certmagic.Config storage certmagic.Storage @@ -150,34 +154,30 @@ func (ap *AutomationPolicy) Provision(tlsApp *TLS) error { } } - // if this automation policy has no Issuer defined, and - // none of the subjects qualify for a public certificate, - // set the issuer to internal so that these names can all - // get certificates; critically, we can only do this if an - // issuer is not explicitly configured (IssuerRaw, vs. just - // Issuer) AND if the list of subjects is non-empty - if ap.IssuerRaw == nil && len(ap.Subjects) > 0 { - var anyPublic bool - for _, s := range ap.Subjects { - if certmagic.SubjectQualifiesForPublicCert(s) { - anyPublic = true - break - } - } - if !anyPublic { - tlsApp.logger.Info("setting internal issuer for automation policy that has only internal subjects but no issuer configured", - zap.Strings("subjects", ap.Subjects)) - ap.IssuerRaw = json.RawMessage(`{"module":"internal"}`) - } + // TODO: IssuerRaw field deprecated as of November 2020 - remove this shim after deprecation is complete + if ap.IssuerRaw != nil { + tlsApp.logger.Warn("the 'issuer' field is deprecated and will be removed in the future; use 'issuers' instead; your issuer has been appended automatically for now") + ap.IssuersRaw = append(ap.IssuersRaw, ap.IssuerRaw) } - // load and provision any explicitly-configured issuer module - if ap.IssuerRaw != nil { - val, err := tlsApp.ctx.LoadModule(ap, "IssuerRaw") + // load and provision any explicitly-configured issuer modules + if ap.IssuersRaw != nil { + val, err := tlsApp.ctx.LoadModule(ap, "IssuersRaw") if err != nil { return fmt.Errorf("loading TLS automation management module: %s", err) } - ap.Issuer = val.(certmagic.Issuer) + for _, issVal := range val.([]interface{}) { + ap.Issuers = append(ap.Issuers, issVal.(certmagic.Issuer)) + } + } + + issuers := ap.Issuers + if len(issuers) == 0 { + var err error + issuers, err = DefaultIssuers(tlsApp.ctx) + if err != nil { + return err + } } keyType := ap.KeyType @@ -206,12 +206,9 @@ func (ap *AutomationPolicy) Provision(tlsApp *TLS) error { KeySource: keySource, OnDemand: ond, Storage: storage, - Issuer: ap.Issuer, // if nil, certmagic.New() will create one + Issuers: issuers, Logger: tlsApp.logger, } - if rev, ok := ap.Issuer.(certmagic.Revoker); ok { - template.Revoker = rev - } ap.magic = certmagic.New(tlsApp.certCache, template) // sometimes issuers may need the parent certmagic.Config in @@ -219,13 +216,32 @@ func (ap *AutomationPolicy) Provision(tlsApp *TLS) error { // access to the correct storage and cache so it can solve // ACME challenges -- it's an annoying, inelegant circular // dependency that I don't know how to resolve nicely!) - if annoying, ok := ap.Issuer.(ConfigSetter); ok { - annoying.SetConfig(ap.magic) + for _, issuer := range ap.magic.Issuers { + if annoying, ok := issuer.(ConfigSetter); ok { + annoying.SetConfig(ap.magic) + } } return nil } +// DefaultIssuers returns empty but provisioned default Issuers. +// This function is experimental and has no compatibility promises. +func DefaultIssuers(ctx caddy.Context) ([]certmagic.Issuer, error) { + acme := new(ACMEIssuer) + err := acme.Provision(ctx) + if err != nil { + return nil, err + } + zerossl := new(ZeroSSLIssuer) + err = zerossl.Provision(ctx) + if err != nil { + return nil, err + } + // TODO: eventually, insert ZeroSSL into first position in the slice -- see also httpcaddyfile/tlsapp.go for where similar defaults are configured + return []certmagic.Issuer{acme, zerossl}, nil +} + // ChallengesConfig configures the ACME challenges. type ChallengesConfig struct { // HTTP configures the ACME HTTP challenge. This diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go index 12d25adb..146eed4f 100644 --- a/modules/caddytls/tls.go +++ b/modules/caddytls/tls.go @@ -137,7 +137,7 @@ func (t *TLS) Provision(ctx caddy.Context) error { continue } t.Automation.defaultInternalAutomationPolicy = &AutomationPolicy{ - IssuerRaw: json.RawMessage(`{"module":"internal"}`), + IssuersRaw: []json.RawMessage{json.RawMessage(`{"module":"internal"}`)}, } err = t.Automation.defaultInternalAutomationPolicy.Provision(t) if err != nil { @@ -303,20 +303,22 @@ func (t *TLS) Manage(names []string) error { // HandleHTTPChallenge ensures that the HTTP challenge is handled for the // certificate named by r.Host, if it is an HTTP challenge request. It -// requires that the automation policy for r.Host has an issue of type -// *certmagic.ACMEManager. +// requires that the automation policy for r.Host has an issuer of type +// *certmagic.ACMEManager, or one that is ACME-enabled (GetACMEIssuer()). func (t *TLS) HandleHTTPChallenge(w http.ResponseWriter, r *http.Request) bool { if !certmagic.LooksLikeHTTPChallenge(r) { return false } + // try all the issuers until we find the one that initiated the challenge ap := t.getAutomationPolicyForName(r.Host) - if ap.magic.Issuer == nil { - return false - } type acmeCapable interface{ GetACMEIssuer() *ACMEIssuer } - if am, ok := ap.magic.Issuer.(acmeCapable); ok { - iss := am.GetACMEIssuer() - return certmagic.NewACMEManager(iss.magic, iss.template).HandleHTTPChallenge(w, r) + for _, iss := range ap.magic.Issuers { + if am, ok := iss.(acmeCapable); ok { + iss := am.GetACMEIssuer() + if certmagic.NewACMEManager(iss.magic, iss.template).HandleHTTPChallenge(w, r) { + return true + } + } } return false } diff --git a/modules/caddytls/zerosslissuer.go b/modules/caddytls/zerosslissuer.go index d0f49502..4680d1b7 100644 --- a/modules/caddytls/zerosslissuer.go +++ b/modules/caddytls/zerosslissuer.go @@ -59,16 +59,13 @@ func (*ZeroSSLIssuer) CaddyModule() caddy.ModuleInfo { // Provision sets up iss. func (iss *ZeroSSLIssuer) Provision(ctx caddy.Context) error { iss.logger = ctx.Logger(iss) - if iss.ACMEIssuer == nil { iss.ACMEIssuer = new(ACMEIssuer) } - err := iss.ACMEIssuer.Provision(ctx) - if err != nil { - return err + if iss.ACMEIssuer.CA == "" { + iss.ACMEIssuer.CA = certmagic.ZeroSSLProductionCA } - - return nil + return iss.ACMEIssuer.Provision(ctx) } func (iss *ZeroSSLIssuer) newAccountCallback(ctx context.Context, am *certmagic.ACMEManager, _ acme.Account) error { @@ -86,26 +83,22 @@ func (iss *ZeroSSLIssuer) generateEABCredentials(ctx context.Context) (*acme.EAB // there are two ways to generate EAB credentials: authenticated with // their API key, or unauthenticated with their email address - switch { - case iss.APIKey != "": + if iss.APIKey != "" { apiKey := caddy.NewReplacer().ReplaceAll(iss.APIKey, "") if apiKey == "" { return nil, fmt.Errorf("missing API key: '%v'", iss.APIKey) } qs := url.Values{"access_key": []string{apiKey}} endpoint = fmt.Sprintf("%s/eab-credentials?%s", zerosslAPIBase, qs.Encode()) - - case iss.Email != "": - email := caddy.NewReplacer().ReplaceAll(iss.Email, "") + } else { + email := iss.Email if email == "" { - return nil, fmt.Errorf("missing email: '%v'", iss.Email) + iss.logger.Warn("missing email address for ZeroSSL; it is strongly recommended to set one for next time") + email = "caddy@zerossl.com" // special email address that preserves backwards-compat, but which black-holes dashboard features, oh well } endpoint = zerosslAPIBase + "/eab-credentials-email" form := url.Values{"email": []string{email}} body = strings.NewReader(form.Encode()) - - default: - return nil, fmt.Errorf("must configure either an API key or email address to use ZeroSSL without explicit EAB") } req, err := http.NewRequestWithContext(ctx, http.MethodPost, endpoint, body) @@ -161,9 +154,6 @@ func (iss *ZeroSSLIssuer) generateEABCredentials(ctx context.Context) (*acme.EAB func (iss *ZeroSSLIssuer) initialize() { iss.mu.Lock() defer iss.mu.Unlock() - if iss.template.CA == "" { - iss.template.CA = zerosslACMEDirectory - } if iss.template.NewAccountFunc == nil { iss.template.NewAccountFunc = iss.newAccountCallback } @@ -195,15 +185,18 @@ func (iss *ZeroSSLIssuer) Revoke(ctx context.Context, cert certmagic.Certificate // UnmarshalCaddyfile deserializes Caddyfile tokens into iss. // -// ... zerossl { +// ... zerossl [] { // ... // } // // Any of the subdirectives for the ACME issuer can be used in the block. func (iss *ZeroSSLIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { for d.Next() { - if !d.AllArgs(&iss.APIKey) { - return d.ArgErr() + if d.NextArg() { + iss.APIKey = d.Val() + if d.NextArg() { + return d.ArgErr() + } } if iss.ACMEIssuer == nil { @@ -217,10 +210,7 @@ func (iss *ZeroSSLIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return nil } -const ( - zerosslACMEDirectory = "https://acme.zerossl.com/v2/DV90" - zerosslAPIBase = "https://api.zerossl.com/acme" -) +const zerosslAPIBase = "https://api.zerossl.com/acme" // Interface guards var ( From 670b723e3802ac37942dad07dc194539bccce9ff Mon Sep 17 00:00:00 2001 From: Nicola Piccinini Date: Mon, 16 Nov 2020 19:43:39 +0100 Subject: [PATCH 0229/1498] requestbody: Add Caddyfile support (#3859) * Add Caddyfile support for request_body: ``` request_body { max_size 10000000 } ``` * Improve Caddyfile parser for request_body module * Remove unnecessary `continue` * Add sample for caddyfile_adapt_test --- caddyconfig/httpcaddyfile/directives.go | 1 + .../caddyfile_adapt/request_body.txt | 45 ++++++++++++++++ modules/caddyhttp/requestbody/caddyfile.go | 51 +++++++++++++++++++ 3 files changed, 97 insertions(+) create mode 100644 caddytest/integration/caddyfile_adapt/request_body.txt create mode 100644 modules/caddyhttp/requestbody/caddyfile.go diff --git a/caddyconfig/httpcaddyfile/directives.go b/caddyconfig/httpcaddyfile/directives.go index 5d9a3391..afa2cd43 100644 --- a/caddyconfig/httpcaddyfile/directives.go +++ b/caddyconfig/httpcaddyfile/directives.go @@ -41,6 +41,7 @@ var directiveOrder = []string{ "root", "header", + "request_body", "redir", "rewrite", diff --git a/caddytest/integration/caddyfile_adapt/request_body.txt b/caddytest/integration/caddyfile_adapt/request_body.txt new file mode 100644 index 00000000..458b7392 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/request_body.txt @@ -0,0 +1,45 @@ +localhost +request_body { + max_size 1MB +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "localhost" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "handler": "request_body", + "max_size": 1000000 + } + ] + } + ] + } + ], + "terminal": true + } + ] + } + } + } + } +} \ No newline at end of file diff --git a/modules/caddyhttp/requestbody/caddyfile.go b/modules/caddyhttp/requestbody/caddyfile.go new file mode 100644 index 00000000..0a2459fb --- /dev/null +++ b/modules/caddyhttp/requestbody/caddyfile.go @@ -0,0 +1,51 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package requestbody + +import ( + "github.com/caddyserver/caddy/v2/caddyconfig/httpcaddyfile" + "github.com/caddyserver/caddy/v2/modules/caddyhttp" + "github.com/dustin/go-humanize" +) + +func init() { + httpcaddyfile.RegisterHandlerDirective("request_body", parseCaddyfile) +} + +func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) { + rb := new(RequestBody) + + for h.Next() { + // configuration should be in a block + for h.NextBlock(0) { + switch h.Val() { + case "max_size": + var sizeStr string + if !h.AllArgs(&sizeStr) { + return nil, h.ArgErr() + } + size, err := humanize.ParseBytes(sizeStr) + if err != nil { + return nil, h.Errf("parsing max_size: %v", err) + } + rb.MaxSize = int64(size) + default: + return nil, h.Errf("unrecognized servers option '%s'", h.Val()) + } + } + } + + return rb, nil +} From 99b8f44486b766f220a33906d84ac05af942f260 Mon Sep 17 00:00:00 2001 From: Dimitri Masson <30894448+d-masson@users.noreply.github.com> Date: Mon, 16 Nov 2020 20:47:15 +0100 Subject: [PATCH 0230/1498] reverse_proxy: Fix random_choose selection policy (#3811) --- .../reverseproxy/selectionpolicies.go | 9 +++- .../reverseproxy/selectionpolicies_test.go | 51 +++++++++++++++++++ 2 files changed, 58 insertions(+), 2 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/selectionpolicies.go b/modules/caddyhttp/reverseproxy/selectionpolicies.go index 343140fc..2aef63dc 100644 --- a/modules/caddyhttp/reverseproxy/selectionpolicies.go +++ b/modules/caddyhttp/reverseproxy/selectionpolicies.go @@ -397,13 +397,18 @@ func leastRequests(upstreams []*Upstream) *Upstream { return nil } var best []*Upstream - var bestReqs int + var bestReqs int = -1 for _, upstream := range upstreams { + if upstream == nil { + continue + } reqs := upstream.NumRequests() if reqs == 0 { return upstream } - if reqs <= bestReqs { + // If bestReqs was just initialized to -1 + // we need to append upstream also + if reqs <= bestReqs || bestReqs == -1 { bestReqs = reqs best = append(best, upstream) } diff --git a/modules/caddyhttp/reverseproxy/selectionpolicies_test.go b/modules/caddyhttp/reverseproxy/selectionpolicies_test.go index e9939d6d..49585da4 100644 --- a/modules/caddyhttp/reverseproxy/selectionpolicies_test.go +++ b/modules/caddyhttp/reverseproxy/selectionpolicies_test.go @@ -271,3 +271,54 @@ func TestURIHashPolicy(t *testing.T) { t.Error("Expected uri policy policy host to be nil.") } } + +func TestLeastRequests(t *testing.T) { + pool := testPool() + pool[0].Dial = "localhost:8080" + pool[1].Dial = "localhost:8081" + pool[2].Dial = "localhost:8082" + pool[0].SetHealthy(true) + pool[1].SetHealthy(true) + pool[2].SetHealthy(true) + pool[0].CountRequest(10) + pool[1].CountRequest(20) + pool[2].CountRequest(30) + + result := leastRequests(pool) + + if result == nil { + t.Error("Least request should not return nil") + } + + if result != pool[0] { + t.Error("Least request should return pool[0]") + } +} + +func TestRandomChoicePolicy(t *testing.T) { + pool := testPool() + pool[0].Dial = "localhost:8080" + pool[1].Dial = "localhost:8081" + pool[2].Dial = "localhost:8082" + pool[0].SetHealthy(false) + pool[1].SetHealthy(true) + pool[2].SetHealthy(true) + pool[0].CountRequest(10) + pool[1].CountRequest(20) + pool[2].CountRequest(30) + + request := httptest.NewRequest(http.MethodGet, "/test", nil) + randomChoicePolicy := new(RandomChoiceSelection) + randomChoicePolicy.Choose = 2 + + h := randomChoicePolicy.Select(pool, request) + + if h == nil { + t.Error("RandomChoicePolicy should not return nil") + } + + if h == pool[0] { + t.Error("RandomChoicePolicy should not choose pool[0]") + } + +} From 4fc570711e170da2bd1164966d2c47f9dc3d3d6d Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 17 Nov 2020 11:29:43 -0700 Subject: [PATCH 0231/1498] caddyhttp: Fix header matcher when using nil Uncovered in #3807 --- modules/caddyhttp/matchers.go | 4 ++++ modules/caddyhttp/matchers_test.go | 10 ++++++++++ 2 files changed, 14 insertions(+) diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index b7a304f6..d641cb68 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -445,6 +445,10 @@ func matchHeaders(input, against http.Header, host string) bool { // match if the header field exists at all continue } + if allowedFieldVals == nil && actualFieldVals == nil { + // a nil list means match if the header does not exist at all + continue + } var match bool fieldVals: for _, actualFieldVal := range actualFieldVals { diff --git a/modules/caddyhttp/matchers_test.go b/modules/caddyhttp/matchers_test.go index 9a2836de..51db67d8 100644 --- a/modules/caddyhttp/matchers_test.go +++ b/modules/caddyhttp/matchers_test.go @@ -480,6 +480,16 @@ func TestHeaderMatcher(t *testing.T) { host: "caddyserver.com", expect: false, }, + { + match: MatchHeader{"Must-Not-Exist": nil}, + input: http.Header{}, + expect: true, + }, + { + match: MatchHeader{"Must-Not-Exist": nil}, + input: http.Header{"Must-Not-Exist": []string{"do not match"}}, + expect: false, + }, } { req := &http.Request{Header: tc.input, Host: tc.host} actual := tc.match.Match(req) From 1438e4dbc83353166f30978cf471f05e6c0ecd73 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 18 Nov 2020 10:57:54 -0700 Subject: [PATCH 0232/1498] caddyhttp: New idle_timeout default of 5m --- modules/caddyhttp/app.go | 13 +++++++++++++ modules/caddyhttp/server.go | 4 ++-- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go index f5f079c7..43cc6f79 100644 --- a/modules/caddyhttp/app.go +++ b/modules/caddyhttp/app.go @@ -250,6 +250,13 @@ func (app *App) Provision(ctx caddy.Context) error { if err != nil { return fmt.Errorf("server %s: setting up TLS connection policies: %v", srvName, err) } + + // if there is no idle timeout, set a sane default; users have complained + // before that aggressive CDNs leave connections open until the server + // closes them, so if we don't close them it leads to resource exhaustion + if srv.IdleTimeout == 0 { + srv.IdleTimeout = defaultIdleTimeout + } } return nil @@ -458,6 +465,12 @@ func (app *App) httpsPort() int { return app.HTTPSPort } +// defaultIdleTimeout is the default HTTP server timeout +// for closing idle connections; useful to avoid resource +// exhaustion behind hungry CDNs, for example (we've had +// several complaints without this). +const defaultIdleTimeout = caddy.Duration(5 * time.Minute) + // Interface guards var ( _ caddy.App = (*App)(nil) diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index aaec711c..d5be1e1c 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -59,8 +59,8 @@ type Server struct { WriteTimeout caddy.Duration `json:"write_timeout,omitempty"` // IdleTimeout is the maximum time to wait for the next request - // when keep-alives are enabled. If zero, ReadTimeout is used. - // If both are zero, there is no timeout. + // when keep-alives are enabled. If zero, a default timeout of + // 5m is applied to help avoid resource exhaustion. IdleTimeout caddy.Duration `json:"idle_timeout,omitempty"` // MaxHeaderBytes is the maximum size to parse from a client's From 6ea6f3ebe08442dc24321216b7cb7922a07f2e88 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=94=D0=B5=D0=BD=D0=B8=D1=81=20=D0=A2=D0=B5=D0=BB=D1=8E?= =?UTF-8?q?=D1=85?= Date: Thu, 19 Nov 2020 01:53:43 +0700 Subject: [PATCH 0233/1498] reverseproxy: fix random hangs on http/2 requests with server push (#3875) see https://github.com/golang/go/issues/42534 --- go.mod | 2 +- go.sum | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 3e55d38a..7fb597d9 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( github.com/yuin/goldmark-highlighting v0.0.0-20200307114337-60d527fdb691 go.uber.org/zap v1.15.0 golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de - golang.org/x/net v0.0.0-20200707034311-ab3426394381 + golang.org/x/net v0.0.0-20201110031124-69a78807bb2b google.golang.org/genproto v0.0.0-20200806141610-86f49bd18e98 google.golang.org/protobuf v1.24.0 // cannot upgrade until warning is fixed gopkg.in/natefinch/lumberjack.v2 v2.0.0 diff --git a/go.sum b/go.sum index 1070c737..2e7d4af7 100644 --- a/go.sum +++ b/go.sum @@ -734,6 +734,8 @@ golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200707034311-ab3426394381 h1:VXak5I6aEWmAXeQjA+QSZzlgNrpq9mjcfDemuexIKsU= golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20201110031124-69a78807bb2b h1:uwuIcX0g4Yl1NC5XAz37xsr2lTtcqevgzYNVt49waME= +golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -789,12 +791,16 @@ golang.org/x/sys v0.0.0-20200413165638-669c56c373c4/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1 h1:ogLJMz+qpzav7lGMh10LMvAkM/fAoGlaiiHYiFYdm80= golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f h1:+Nyd8tzPX9R7BWHguqsrbFdRx3WQ/1ib8I44HXV5yTA= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.0.0-20170915090833-1cbadb444a80/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= From 349457cc1b386e92b348846a354807d6ceeb81df Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 18 Nov 2020 16:14:50 -0700 Subject: [PATCH 0234/1498] caddyhttp: Return error if error handling error Before, if there was an error in the error handler, we would not write a status code, which resulted in Go writing a 200 for us by default, which does not make sense when there's an error. Now we write the second error's status if available, otherwise 500. --- modules/caddyhttp/server.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index d5be1e1c..cff0f2ee 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -247,6 +247,11 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { zap.String("msg", errMsg), }, errFields...) logger.Error("error handling handler error", errFields...) + if handlerErr, ok := err.(HandlerError); ok { + w.WriteHeader(handlerErr.StatusCode) + } else { + w.WriteHeader(http.StatusInternalServerError) + } } } else { if errStatus >= 500 { From b0d5c2c8ae076393e7a3ad59ce875027f4c29304 Mon Sep 17 00:00:00 2001 From: Gilbert Gilb's Date: Fri, 20 Nov 2020 20:38:16 +0100 Subject: [PATCH 0235/1498] headers: Support default header values in Caddyfile with '?' (#3807) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * implement default values for header directive closes #3804 * remove `set_default` header op and rely on "require" handler instead This has the following advantages over the previous attempt: - It does not introduce a new operation for headers, but rather nicely extends over an existing feature in the header handler. - It removes the need to specify the header as "deferred" because it is already implicitely deferred by the use of the require handler. This should be less confusing to the user. * add integration test for header directive in caddyfile * bubble up errors when parsing caddyfile header directive * don't export unnecessarily and don't canonicalize headers unnecessarily * fix response headers not passed in blocks * caddyfile: fix clash when using default header in block Each header is now set in a separate handler so that it doesn't clash with other headers set/added/deleted in the same block. * caddyhttp: New idle_timeout default of 5m * reverseproxy: fix random hangs on http/2 requests with server push (#3875) see https://github.com/golang/go/issues/42534 * Refactor and cleanup with improvements * More specific link Co-authored-by: Matthew Holt Co-authored-by: Денис Телюх --- caddyconfig/httpcaddyfile/directives.go | 18 +- .../integration/caddyfile_adapt/header.txt | 107 ++++++++++ modules/caddyhttp/headers/caddyfile.go | 179 +++++++++++----- modules/caddyhttp/headers/headers_test.go | 195 +++++++++++++++++- modules/caddyhttp/push/caddyfile.go | 13 +- modules/caddyhttp/reverseproxy/caddyfile.go | 25 ++- 6 files changed, 466 insertions(+), 71 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/header.txt diff --git a/caddyconfig/httpcaddyfile/directives.go b/caddyconfig/httpcaddyfile/directives.go index afa2cd43..4ab87787 100644 --- a/caddyconfig/httpcaddyfile/directives.go +++ b/caddyconfig/httpcaddyfile/directives.go @@ -103,20 +103,11 @@ func RegisterHandlerDirective(dir string, setupFunc UnmarshalHandlerFunc) { return nil, h.ArgErr() } - matcherSet, ok, err := h.MatcherToken() + matcherSet, err := h.ExtractMatcherSet() if err != nil { return nil, err } - if ok { - // strip matcher token; we don't need to - // use the return value here because a - // new dispenser should have been made - // solely for this directive's tokens, - // with no other uses of same slice - h.Dispenser.Delete() - } - h.Dispenser.Reset() // pretend this lookahead never happened val, err := setupFunc(h) if err != nil { return nil, err @@ -201,7 +192,12 @@ func (h Helper) ExtractMatcherSet() (caddy.ModuleMap, error) { return nil, err } if hasMatcher { - h.Dispenser.Delete() // strip matcher token + // strip matcher token; we don't need to + // use the return value here because a + // new dispenser should have been made + // solely for this directive's tokens, + // with no other uses of same slice + h.Dispenser.Delete() } h.Dispenser.Reset() // pretend this lookahead never happened return matcherSet, nil diff --git a/caddytest/integration/caddyfile_adapt/header.txt b/caddytest/integration/caddyfile_adapt/header.txt new file mode 100644 index 00000000..b8e102fa --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/header.txt @@ -0,0 +1,107 @@ +:80 { + header Denis "Ritchie" + header +Edsger "Dijkstra" + header ?John "von Neumann" + header -Wolfram + header { + Grace: "Hopper" # some users habitually suffix field names with a colon + +Ray "Solomonoff" + ?Tim "Berners-Lee" + defer + } +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":80" + ], + "routes": [ + { + "handle": [ + { + "handler": "headers", + "response": { + "set": { + "Denis": [ + "Ritchie" + ] + } + } + }, + { + "handler": "headers", + "response": { + "add": { + "Edsger": [ + "Dijkstra" + ] + } + } + }, + { + "handler": "headers", + "response": { + "require": { + "headers": { + "John": null + } + }, + "set": { + "John": [ + "von Neumann" + ] + } + } + }, + { + "handler": "headers", + "response": { + "deferred": true, + "delete": [ + "Wolfram" + ] + } + }, + { + "handler": "headers", + "response": { + "add": { + "Ray": [ + "Solomonoff" + ] + }, + "deferred": true, + "set": { + "Grace": [ + "Hopper" + ] + } + } + }, + { + "handler": "headers", + "response": { + "require": { + "headers": { + "Tim": null + } + }, + "set": { + "Tim": [ + "Berners-Lee" + ] + } + } + } + ] + } + ] + } + } + } + } +} diff --git a/modules/caddyhttp/headers/caddyfile.go b/modules/caddyhttp/headers/caddyfile.go index d893cab3..75498b24 100644 --- a/modules/caddyhttp/headers/caddyfile.go +++ b/modules/caddyhttp/headers/caddyfile.go @@ -15,7 +15,9 @@ package headers import ( + "fmt" "net/http" + "reflect" "strings" "github.com/caddyserver/caddy/v2/caddyconfig/httpcaddyfile" @@ -23,15 +25,16 @@ import ( ) func init() { - httpcaddyfile.RegisterHandlerDirective("header", parseCaddyfile) - httpcaddyfile.RegisterHandlerDirective("request_header", parseReqHdrCaddyfile) + httpcaddyfile.RegisterDirective("header", parseCaddyfile) + httpcaddyfile.RegisterDirective("request_header", parseReqHdrCaddyfile) } // parseCaddyfile sets up the handler for response headers from // Caddyfile tokens. Syntax: // -// header [] [[+|-] [] []] { +// header [] [[+|-|?] [] []] { // [+] [ []] +// ? // - // [defer] // } @@ -39,17 +42,23 @@ func init() { // Either a block can be opened or a single header field can be configured // in the first line, but not both in the same directive. Header operations // are deferred to write-time if any headers are being deleted or if the -// 'defer' subdirective is used. -func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) { - hdr := new(Handler) +// 'defer' subdirective is used. + appends a header value, - deletes a field, +// and ? conditionally sets a value only if the header field is not already +// set. +func parseCaddyfile(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error) { + matcherSet, err := h.ExtractMatcherSet() + if err != nil { + return nil, err + } - makeResponseOps := func() { - if hdr.Response == nil { - hdr.Response = &RespHeaderOps{ - HeaderOps: new(HeaderOps), - } + makeHandler := func() Handler { + return Handler{ + Response: &RespHeaderOps{ + HeaderOps: &HeaderOps{}, + }, } } + handler, handlerWithRequire := makeHandler(), makeHandler() for h.Next() { // first see if headers are in the initial line @@ -64,10 +73,18 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) if h.NextArg() { replacement = h.Val() } - makeResponseOps() - CaddyfileHeaderOp(hdr.Response.HeaderOps, field, value, replacement) - if len(hdr.Response.HeaderOps.Delete) > 0 { - hdr.Response.Deferred = true + err := applyHeaderOp( + handler.Response.HeaderOps, + handler.Response, + field, + value, + replacement, + ) + if err != nil { + return nil, h.Err(err.Error()) + } + if len(handler.Response.HeaderOps.Delete) > 0 { + handler.Response.Deferred = true } } @@ -75,12 +92,18 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) for h.NextBlock(0) { field := h.Val() if field == "defer" { - hdr.Response.Deferred = true + handler.Response.Deferred = true continue } if hasArgs { - return nil, h.Err("cannot specify headers in both arguments and block") + return nil, h.Err("cannot specify headers in both arguments and block") // because it would be weird } + + // sometimes it is habitual for users to suffix a field name with a colon, + // as if they were writing a curl command or something; see + // https://caddy.community/t/v2-reverse-proxy-please-add-cors-example-to-the-docs/7349/19 + field = strings.TrimSuffix(field, ":") + var value, replacement string if h.NextArg() { value = h.Val() @@ -88,15 +111,34 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) if h.NextArg() { replacement = h.Val() } - makeResponseOps() - CaddyfileHeaderOp(hdr.Response.HeaderOps, field, value, replacement) - if len(hdr.Response.HeaderOps.Delete) > 0 { - hdr.Response.Deferred = true + + handlerToUse := handler + if strings.HasPrefix(field, "?") { + handlerToUse = handlerWithRequire + } + + err := applyHeaderOp( + handlerToUse.Response.HeaderOps, + handlerToUse.Response, + field, + value, + replacement, + ) + if err != nil { + return nil, h.Err(err.Error()) } } } - return hdr, nil + var configValues []httpcaddyfile.ConfigValue + if !reflect.DeepEqual(handler, makeHandler()) { + configValues = append(configValues, h.NewRoute(matcherSet, handler)...) + } + if !reflect.DeepEqual(handlerWithRequire, makeHandler()) { + configValues = append(configValues, h.NewRoute(matcherSet, handlerWithRequire)...) + } + + return configValues, nil } // parseReqHdrCaddyfile sets up the handler for request headers @@ -104,17 +146,27 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) // // request_header [] [[+|-] [] []] // -func parseReqHdrCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) { - hdr := new(Handler) +func parseReqHdrCaddyfile(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error) { + matcherSet, err := h.ExtractMatcherSet() + if err != nil { + return nil, err + } + + configValues := []httpcaddyfile.ConfigValue{} + for h.Next() { if !h.NextArg() { return nil, h.ArgErr() } field := h.Val() + hdr := Handler{ + Request: &HeaderOps{}, + } + // sometimes it is habitual for users to suffix a field name with a colon, // as if they were writing a curl command or something; see - // https://caddy.community/t/v2-reverse-proxy-please-add-cors-example-to-the-docs/7349 + // https://caddy.community/t/v2-reverse-proxy-please-add-cors-example-to-the-docs/7349/19 field = strings.TrimSuffix(field, ":") var value, replacement string @@ -131,13 +183,17 @@ func parseReqHdrCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, if hdr.Request == nil { hdr.Request = new(HeaderOps) } - CaddyfileHeaderOp(hdr.Request, field, value, replacement) + if err := CaddyfileHeaderOp(hdr.Request, field, value, replacement); err != nil { + return nil, h.Err(err.Error()) + } + + configValues = append(configValues, h.NewRoute(matcherSet, hdr)...) if h.NextArg() { return nil, h.ArgErr() } } - return hdr, nil + return configValues, nil } // CaddyfileHeaderOp applies a new header operation according to @@ -148,32 +204,59 @@ func parseReqHdrCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, // will be used to search and then replacement will be used to // complete the substring replacement; in that case, any + or - // prefix to field will be ignored. -func CaddyfileHeaderOp(ops *HeaderOps, field, value, replacement string) { - if strings.HasPrefix(field, "+") { +func CaddyfileHeaderOp(ops *HeaderOps, field, value, replacement string) error { + return applyHeaderOp(ops, nil, field, value, replacement) +} + +func applyHeaderOp(ops *HeaderOps, respHeaderOps *RespHeaderOps, field, value, replacement string) error { + switch { + case strings.HasPrefix(field, "+"): // append if ops.Add == nil { ops.Add = make(http.Header) } ops.Add.Set(field[1:], value) - } else if strings.HasPrefix(field, "-") { + + case strings.HasPrefix(field, "-"): // delete ops.Delete = append(ops.Delete, field[1:]) - } else { - if replacement == "" { - if ops.Set == nil { - ops.Set = make(http.Header) - } - ops.Set.Set(field, value) - } else { - if ops.Replace == nil { - ops.Replace = make(map[string][]Replacement) - } - field = strings.TrimLeft(field, "+-") - ops.Replace[field] = append( - ops.Replace[field], - Replacement{ - SearchRegexp: value, - Replace: replacement, - }, - ) + if respHeaderOps != nil { + respHeaderOps.Deferred = true } + + case strings.HasPrefix(field, "?"): // default (conditional on not existing) - response headers only + if respHeaderOps == nil { + return fmt.Errorf("%v: the default header modifier ('?') can only be used on response headers; for conditional manipulation of request headers, use matchers", field) + } + if respHeaderOps.Require == nil { + respHeaderOps.Require = &caddyhttp.ResponseMatcher{ + Headers: make(http.Header), + } + } + field = strings.TrimPrefix(field, "?") + respHeaderOps.Require.Headers[field] = nil + if respHeaderOps.Set == nil { + respHeaderOps.Set = make(http.Header) + } + respHeaderOps.Set.Set(field, value) + + case replacement != "": // replace + if ops.Replace == nil { + ops.Replace = make(map[string][]Replacement) + } + field = strings.TrimLeft(field, "+-?") + ops.Replace[field] = append( + ops.Replace[field], + Replacement{ + SearchRegexp: value, + Replace: replacement, + }, + ) + + default: // set (overwrite) + if ops.Set == nil { + ops.Set = make(http.Header) + } + ops.Set.Set(field, value) } + + return nil } diff --git a/modules/caddyhttp/headers/headers_test.go b/modules/caddyhttp/headers/headers_test.go index e4f03adc..11bdb0df 100644 --- a/modules/caddyhttp/headers/headers_test.go +++ b/modules/caddyhttp/headers/headers_test.go @@ -14,8 +14,197 @@ package headers -import "testing" +import ( + "context" + "fmt" + "net/http" + "net/http/httptest" + "reflect" + "testing" -func TestReqHeaders(t *testing.T) { - // TODO: write tests + "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/caddy/v2/modules/caddyhttp" +) + +func TestHandler(t *testing.T) { + for i, tc := range []struct { + handler Handler + reqHeader http.Header + respHeader http.Header + respStatusCode int + expectedReqHeader http.Header + expectedRespHeader http.Header + }{ + { + handler: Handler{ + Request: &HeaderOps{ + Add: http.Header{ + "Expose-Secrets": []string{"always"}, + }, + }, + }, + reqHeader: http.Header{ + "Expose-Secrets": []string{"i'm serious"}, + }, + expectedReqHeader: http.Header{ + "Expose-Secrets": []string{"i'm serious", "always"}, + }, + }, + { + handler: Handler{ + Request: &HeaderOps{ + Set: http.Header{ + "Who-Wins": []string{"batman"}, + }, + }, + }, + reqHeader: http.Header{ + "Who-Wins": []string{"joker"}, + }, + expectedReqHeader: http.Header{ + "Who-Wins": []string{"batman"}, + }, + }, + { + handler: Handler{ + Request: &HeaderOps{ + Delete: []string{"Kick-Me"}, + }, + }, + reqHeader: http.Header{ + "Kick-Me": []string{"if you can"}, + "Keep-Me": []string{"i swear i'm innocent"}, + }, + expectedReqHeader: http.Header{ + "Keep-Me": []string{"i swear i'm innocent"}, + }, + }, + { + handler: Handler{ + Request: &HeaderOps{ + Replace: map[string][]Replacement{ + "Best-Server": { + Replacement{ + Search: "NGINX", + Replace: "the Caddy web server", + }, + Replacement{ + SearchRegexp: `Apache(\d+)`, + Replace: "Caddy", + }, + }, + }, + }, + }, + reqHeader: http.Header{ + "Best-Server": []string{"it's NGINX, undoubtedly", "I love Apache2"}, + }, + expectedReqHeader: http.Header{ + "Best-Server": []string{"it's the Caddy web server, undoubtedly", "I love Caddy"}, + }, + }, + { + handler: Handler{ + Response: &RespHeaderOps{ + Require: &caddyhttp.ResponseMatcher{ + Headers: http.Header{ + "Cache-Control": nil, + }, + }, + HeaderOps: &HeaderOps{ + Add: http.Header{ + "Cache-Control": []string{"no-cache"}, + }, + }, + }, + }, + respHeader: http.Header{}, + expectedRespHeader: http.Header{ + "Cache-Control": []string{"no-cache"}, + }, + }, + { + handler: Handler{ + Response: &RespHeaderOps{ + Require: &caddyhttp.ResponseMatcher{ + Headers: http.Header{ + "Cache-Control": []string{"no-cache"}, + }, + }, + HeaderOps: &HeaderOps{ + Delete: []string{"Cache-Control"}, + }, + }, + }, + respHeader: http.Header{ + "Cache-Control": []string{"no-cache"}, + }, + expectedRespHeader: http.Header{}, + }, + { + handler: Handler{ + Response: &RespHeaderOps{ + Require: &caddyhttp.ResponseMatcher{ + StatusCode: []int{5}, + }, + HeaderOps: &HeaderOps{ + Add: http.Header{ + "Fail-5xx": []string{"true"}, + }, + }, + }, + }, + respStatusCode: 503, + respHeader: http.Header{}, + expectedRespHeader: http.Header{ + "Fail-5xx": []string{"true"}, + }, + }, + } { + rr := httptest.NewRecorder() + + req := &http.Request{Header: tc.reqHeader} + repl := caddy.NewReplacer() + ctx := context.WithValue(req.Context(), caddy.ReplacerCtxKey, repl) + req = req.WithContext(ctx) + + tc.handler.Provision(caddy.Context{}) + + next := nextHandler(func(w http.ResponseWriter, r *http.Request) error { + for k, hdrs := range tc.respHeader { + for _, v := range hdrs { + w.Header().Add(k, v) + } + } + + status := 200 + if tc.respStatusCode != 0 { + status = tc.respStatusCode + } + w.WriteHeader(status) + + if tc.expectedReqHeader != nil && !reflect.DeepEqual(r.Header, tc.expectedReqHeader) { + return fmt.Errorf("expected request header %v, got %v", tc.expectedReqHeader, r.Header) + } + + return nil + }) + + if err := tc.handler.ServeHTTP(rr, req, next); err != nil { + t.Errorf("Test %d: %w", i, err) + continue + } + + actual := rr.Header() + if tc.expectedRespHeader != nil && !reflect.DeepEqual(actual, tc.expectedRespHeader) { + t.Errorf("Test %d: expected response header %v, got %v", i, tc.expectedRespHeader, actual) + continue + } + } +} + +type nextHandler func(http.ResponseWriter, *http.Request) error + +func (f nextHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) error { + return f(w, r) } diff --git a/modules/caddyhttp/push/caddyfile.go b/modules/caddyhttp/push/caddyfile.go index a70d5d5a..61b868c5 100644 --- a/modules/caddyhttp/push/caddyfile.go +++ b/modules/caddyhttp/push/caddyfile.go @@ -59,6 +59,8 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) return nil, h.ArgErr() } for innerNesting := h.Nesting(); h.NextBlock(innerNesting); { + var err error + // include current token, which we treat as an argument here args := []string{h.Val()} args = append(args, h.RemainingArgs()...) @@ -66,16 +68,21 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) if handler.Headers == nil { handler.Headers = new(HeaderConfig) } + switch len(args) { case 1: - headers.CaddyfileHeaderOp(&handler.Headers.HeaderOps, args[0], "", "") + err = headers.CaddyfileHeaderOp(&handler.Headers.HeaderOps, args[0], "", "") case 2: - headers.CaddyfileHeaderOp(&handler.Headers.HeaderOps, args[0], args[1], "") + err = headers.CaddyfileHeaderOp(&handler.Headers.HeaderOps, args[0], args[1], "") case 3: - headers.CaddyfileHeaderOp(&handler.Headers.HeaderOps, args[0], args[1], args[2]) + err = headers.CaddyfileHeaderOp(&handler.Headers.HeaderOps, args[0], args[1], args[2]) default: return nil, h.ArgErr() } + + if err != nil { + return nil, h.Err(err.Error()) + } } case "GET", "HEAD": diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index c5f8e17e..003f6764 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -480,6 +480,8 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { h.BufferRequests = true case "header_up": + var err error + if h.Headers == nil { h.Headers = new(headers.Handler) } @@ -487,18 +489,25 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { h.Headers.Request = new(headers.HeaderOps) } args := d.RemainingArgs() + switch len(args) { case 1: - headers.CaddyfileHeaderOp(h.Headers.Request, args[0], "", "") + err = headers.CaddyfileHeaderOp(h.Headers.Request, args[0], "", "") case 2: - headers.CaddyfileHeaderOp(h.Headers.Request, args[0], args[1], "") + err = headers.CaddyfileHeaderOp(h.Headers.Request, args[0], args[1], "") case 3: - headers.CaddyfileHeaderOp(h.Headers.Request, args[0], args[1], args[2]) + err = headers.CaddyfileHeaderOp(h.Headers.Request, args[0], args[1], args[2]) default: return d.ArgErr() } + if err != nil { + return d.Err(err.Error()) + } + case "header_down": + var err error + if h.Headers == nil { h.Headers = new(headers.Handler) } @@ -510,15 +519,19 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { args := d.RemainingArgs() switch len(args) { case 1: - headers.CaddyfileHeaderOp(h.Headers.Response.HeaderOps, args[0], "", "") + err = headers.CaddyfileHeaderOp(h.Headers.Response.HeaderOps, args[0], "", "") case 2: - headers.CaddyfileHeaderOp(h.Headers.Response.HeaderOps, args[0], args[1], "") + err = headers.CaddyfileHeaderOp(h.Headers.Response.HeaderOps, args[0], args[1], "") case 3: - headers.CaddyfileHeaderOp(h.Headers.Response.HeaderOps, args[0], args[1], args[2]) + err = headers.CaddyfileHeaderOp(h.Headers.Response.HeaderOps, args[0], args[1], args[2]) default: return d.ArgErr() } + if err != nil { + return d.Err(err.Error()) + } + case "transport": if !d.NextArg() { return d.ArgErr() From 6e0849d4c2855375b66974f85eb9840d05197694 Mon Sep 17 00:00:00 2001 From: Dimitri Masson <30894448+d-masson@users.noreply.github.com> Date: Fri, 20 Nov 2020 20:39:26 +0100 Subject: [PATCH 0236/1498] reverseproxy: Implement cookie hash selection policy (#3809) * add CookieHashSelection for session affinity * add CookieHashSelection for session affinity * register module * reverse_proxy: Add and fix cookie lb_policy * reverse_proxy: Manage hmac.write error on cookie hash selection * reverse_proxy: fix some comments * reverse_proxy: variable `cookieValue` is inside the else block * reverse_proxy: Abstract duplicate nuanced logic of reservoir sampling into a function * reverse_proxy: Set a default secret is indeed useless * reverse_proxy: add configuration syntax for cookie lb_policy * reverse_proxy: doc typo and improvement Co-authored-by: utick <123liuqingdong@163.com> --- .../caddyhttp/reverseproxy/reverseproxy.go | 4 +- .../reverseproxy/selectionpolicies.go | 149 +++++++++++++++--- .../reverseproxy/selectionpolicies_test.go | 118 ++++++++++---- 3 files changed, 208 insertions(+), 63 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 305a0b38..7fc61ae6 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -368,7 +368,7 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyht var proxyErr error for { // choose an available upstream - upstream := h.LoadBalancing.SelectionPolicy.Select(h.Upstreams, r) + upstream := h.LoadBalancing.SelectionPolicy.Select(h.Upstreams, r, w) if upstream == nil { if proxyErr == nil { proxyErr = fmt.Errorf("no upstreams available") @@ -816,7 +816,7 @@ type LoadBalancing struct { // Selector selects an available upstream from the pool. type Selector interface { - Select(UpstreamPool, *http.Request) *Upstream + Select(UpstreamPool, *http.Request, http.ResponseWriter) *Upstream } // Hop-by-hop headers. These are removed when sent to the backend. diff --git a/modules/caddyhttp/reverseproxy/selectionpolicies.go b/modules/caddyhttp/reverseproxy/selectionpolicies.go index 2aef63dc..a1010f4b 100644 --- a/modules/caddyhttp/reverseproxy/selectionpolicies.go +++ b/modules/caddyhttp/reverseproxy/selectionpolicies.go @@ -15,6 +15,9 @@ package reverseproxy import ( + "crypto/hmac" + "crypto/sha256" + "encoding/hex" "fmt" "hash/fnv" weakrand "math/rand" @@ -37,6 +40,7 @@ func init() { caddy.RegisterModule(IPHashSelection{}) caddy.RegisterModule(URIHashSelection{}) caddy.RegisterModule(HeaderHashSelection{}) + caddy.RegisterModule(CookieHashSelection{}) weakrand.Seed(time.Now().UTC().UnixNano()) } @@ -54,24 +58,8 @@ func (RandomSelection) CaddyModule() caddy.ModuleInfo { } // Select returns an available host, if any. -func (r RandomSelection) Select(pool UpstreamPool, request *http.Request) *Upstream { - // use reservoir sampling because the number of available - // hosts isn't known: https://en.wikipedia.org/wiki/Reservoir_sampling - var randomHost *Upstream - var count int - for _, upstream := range pool { - if !upstream.Available() { - continue - } - // (n % 1 == 0) holds for all n, therefore a - // upstream will always be chosen if there is at - // least one available - count++ - if (weakrand.Int() % count) == 0 { - randomHost = upstream - } - } - return randomHost +func (r RandomSelection) Select(pool UpstreamPool, request *http.Request, _ http.ResponseWriter) *Upstream { + return selectRandomHost(pool) } // UnmarshalCaddyfile sets up the module from Caddyfile tokens. @@ -134,7 +122,7 @@ func (r RandomChoiceSelection) Validate() error { } // Select returns an available host, if any. -func (r RandomChoiceSelection) Select(pool UpstreamPool, _ *http.Request) *Upstream { +func (r RandomChoiceSelection) Select(pool UpstreamPool, _ *http.Request, _ http.ResponseWriter) *Upstream { k := r.Choose if k > len(pool) { k = len(pool) @@ -174,7 +162,7 @@ func (LeastConnSelection) CaddyModule() caddy.ModuleInfo { // Select selects the up host with the least number of connections in the // pool. If more than one host has the same least number of connections, // one of the hosts is chosen at random. -func (LeastConnSelection) Select(pool UpstreamPool, _ *http.Request) *Upstream { +func (LeastConnSelection) Select(pool UpstreamPool, _ *http.Request, _ http.ResponseWriter) *Upstream { var bestHost *Upstream var count int leastReqs := -1 @@ -227,7 +215,7 @@ func (RoundRobinSelection) CaddyModule() caddy.ModuleInfo { } // Select returns an available host, if any. -func (r *RoundRobinSelection) Select(pool UpstreamPool, _ *http.Request) *Upstream { +func (r *RoundRobinSelection) Select(pool UpstreamPool, _ *http.Request, _ http.ResponseWriter) *Upstream { n := uint32(len(pool)) if n == 0 { return nil @@ -265,7 +253,7 @@ func (FirstSelection) CaddyModule() caddy.ModuleInfo { } // Select returns an available host, if any. -func (FirstSelection) Select(pool UpstreamPool, _ *http.Request) *Upstream { +func (FirstSelection) Select(pool UpstreamPool, _ *http.Request, _ http.ResponseWriter) *Upstream { for _, host := range pool { if host.Available() { return host @@ -297,7 +285,7 @@ func (IPHashSelection) CaddyModule() caddy.ModuleInfo { } // Select returns an available host, if any. -func (IPHashSelection) Select(pool UpstreamPool, req *http.Request) *Upstream { +func (IPHashSelection) Select(pool UpstreamPool, req *http.Request, _ http.ResponseWriter) *Upstream { clientIP, _, err := net.SplitHostPort(req.RemoteAddr) if err != nil { clientIP = req.RemoteAddr @@ -328,7 +316,7 @@ func (URIHashSelection) CaddyModule() caddy.ModuleInfo { } // Select returns an available host, if any. -func (URIHashSelection) Select(pool UpstreamPool, req *http.Request) *Upstream { +func (URIHashSelection) Select(pool UpstreamPool, req *http.Request, _ http.ResponseWriter) *Upstream { return hostByHashing(pool, req.RequestURI) } @@ -358,7 +346,7 @@ func (HeaderHashSelection) CaddyModule() caddy.ModuleInfo { } // Select returns an available host, if any. -func (s HeaderHashSelection) Select(pool UpstreamPool, req *http.Request) *Upstream { +func (s HeaderHashSelection) Select(pool UpstreamPool, req *http.Request, _ http.ResponseWriter) *Upstream { if s.Field == "" { return nil } @@ -371,7 +359,7 @@ func (s HeaderHashSelection) Select(pool UpstreamPool, req *http.Request) *Upstr val := req.Header.Get(s.Field) if val == "" { - return RandomSelection{}.Select(pool, req) + return RandomSelection{}.Select(pool, req, nil) } return hostByHashing(pool, val) } @@ -387,6 +375,114 @@ func (s *HeaderHashSelection) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return nil } +// CookieHashSelection is a policy that selects +// a host based on a given cookie name. +type CookieHashSelection struct { + // The HTTP cookie name whose value is to be hashed and used for upstream selection. + Name string `json:"name,omitempty"` + // Secret to hash (Hmac256) chosen upstream in cookie + Secret string `json:"secret,omitempty"` +} + +// CaddyModule returns the Caddy module information. +func (CookieHashSelection) CaddyModule() caddy.ModuleInfo { + return caddy.ModuleInfo{ + ID: "http.reverse_proxy.selection_policies.cookie", + New: func() caddy.Module { return new(CookieHashSelection) }, + } +} + +// Select returns an available host, if any. +func (s CookieHashSelection) Select(pool UpstreamPool, req *http.Request, w http.ResponseWriter) *Upstream { + if s.Name == "" { + s.Name = "lb" + } + cookie, err := req.Cookie(s.Name) + // If there's no cookie, select new random host + if err != nil || cookie == nil { + return selectNewHostWithCookieHashSelection(pool, w, s.Secret, s.Name) + } else { + // If the cookie is present, loop over the available upstreams until we find a match + cookieValue := cookie.Value + for _, upstream := range pool { + if !upstream.Available() { + continue + } + sha, err := hashCookie(s.Secret, upstream.Dial) + if err == nil && sha == cookieValue { + return upstream + } + } + } + // If there is no matching host, select new random host + return selectNewHostWithCookieHashSelection(pool, w, s.Secret, s.Name) +} + +// UnmarshalCaddyfile sets up the module from Caddyfile tokens. Syntax: +// lb_policy cookie [ []] +// +// By default name is `lb` +func (s *CookieHashSelection) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + args := d.RemainingArgs() + switch len(args) { + case 1: + case 2: + s.Name = args[1] + case 3: + s.Name = args[1] + s.Secret = args[2] + default: + return d.ArgErr() + } + return nil +} + +// Select a new Host randomly and add a sticky session cookie +func selectNewHostWithCookieHashSelection(pool []*Upstream, w http.ResponseWriter, cookieSecret string, cookieName string) *Upstream { + randomHost := selectRandomHost(pool) + + if randomHost != nil { + // Hash (HMAC with some key for privacy) the upstream.Dial string as the cookie value + sha, err := hashCookie(cookieSecret, randomHost.Dial) + if err == nil { + // write the cookie. + http.SetCookie(w, &http.Cookie{Name: cookieName, Value: sha, Secure: false}) + } + } + return randomHost +} + +// hashCookie hashes (HMAC 256) some data with the secret +func hashCookie(secret string, data string) (string, error) { + h := hmac.New(sha256.New, []byte(secret)) + _, err := h.Write([]byte(data)) + if err != nil { + return "", err + } + return hex.EncodeToString(h.Sum(nil)), nil +} + +// selectRandomHost returns a random available host +func selectRandomHost(pool []*Upstream) *Upstream { + // use reservoir sampling because the number of available + // hosts isn't known: https://en.wikipedia.org/wiki/Reservoir_sampling + var randomHost *Upstream + var count int + for _, upstream := range pool { + if !upstream.Available() { + continue + } + // (n % 1 == 0) holds for all n, therefore a + // upstream will always be chosen if there is at + // least one available + count++ + if (weakrand.Int() % count) == 0 { + randomHost = upstream + } + } + return randomHost +} + // leastRequests returns the host with the // least number of active requests to it. // If more than one host has the same @@ -454,6 +550,7 @@ var ( _ Selector = (*IPHashSelection)(nil) _ Selector = (*URIHashSelection)(nil) _ Selector = (*HeaderHashSelection)(nil) + _ Selector = (*CookieHashSelection)(nil) _ caddy.Validator = (*RandomChoiceSelection)(nil) _ caddy.Provisioner = (*RandomChoiceSelection)(nil) diff --git a/modules/caddyhttp/reverseproxy/selectionpolicies_test.go b/modules/caddyhttp/reverseproxy/selectionpolicies_test.go index 49585da4..5368a1ac 100644 --- a/modules/caddyhttp/reverseproxy/selectionpolicies_test.go +++ b/modules/caddyhttp/reverseproxy/selectionpolicies_test.go @@ -33,37 +33,37 @@ func TestRoundRobinPolicy(t *testing.T) { rrPolicy := new(RoundRobinSelection) req, _ := http.NewRequest("GET", "/", nil) - h := rrPolicy.Select(pool, req) + h := rrPolicy.Select(pool, req, nil) // First selected host is 1, because counter starts at 0 // and increments before host is selected if h != pool[1] { t.Error("Expected first round robin host to be second host in the pool.") } - h = rrPolicy.Select(pool, req) + h = rrPolicy.Select(pool, req, nil) if h != pool[2] { t.Error("Expected second round robin host to be third host in the pool.") } - h = rrPolicy.Select(pool, req) + h = rrPolicy.Select(pool, req, nil) if h != pool[0] { t.Error("Expected third round robin host to be first host in the pool.") } // mark host as down pool[1].SetHealthy(false) - h = rrPolicy.Select(pool, req) + h = rrPolicy.Select(pool, req, nil) if h != pool[2] { t.Error("Expected to skip down host.") } // mark host as up pool[1].SetHealthy(true) - h = rrPolicy.Select(pool, req) + h = rrPolicy.Select(pool, req, nil) if h == pool[2] { t.Error("Expected to balance evenly among healthy hosts") } // mark host as full pool[1].CountRequest(1) pool[1].MaxRequests = 1 - h = rrPolicy.Select(pool, req) + h = rrPolicy.Select(pool, req, nil) if h != pool[2] { t.Error("Expected to skip full host.") } @@ -76,12 +76,12 @@ func TestLeastConnPolicy(t *testing.T) { pool[0].CountRequest(10) pool[1].CountRequest(10) - h := lcPolicy.Select(pool, req) + h := lcPolicy.Select(pool, req, nil) if h != pool[2] { t.Error("Expected least connection host to be third host.") } pool[2].CountRequest(100) - h = lcPolicy.Select(pool, req) + h = lcPolicy.Select(pool, req, nil) if h != pool[0] && h != pool[1] { t.Error("Expected least connection host to be first or second host.") } @@ -94,44 +94,44 @@ func TestIPHashPolicy(t *testing.T) { // We should be able to predict where every request is routed. req.RemoteAddr = "172.0.0.1:80" - h := ipHash.Select(pool, req) + h := ipHash.Select(pool, req, nil) if h != pool[1] { t.Error("Expected ip hash policy host to be the second host.") } req.RemoteAddr = "172.0.0.2:80" - h = ipHash.Select(pool, req) + h = ipHash.Select(pool, req, nil) if h != pool[1] { t.Error("Expected ip hash policy host to be the second host.") } req.RemoteAddr = "172.0.0.3:80" - h = ipHash.Select(pool, req) + h = ipHash.Select(pool, req, nil) if h != pool[2] { t.Error("Expected ip hash policy host to be the third host.") } req.RemoteAddr = "172.0.0.4:80" - h = ipHash.Select(pool, req) + h = ipHash.Select(pool, req, nil) if h != pool[1] { t.Error("Expected ip hash policy host to be the second host.") } // we should get the same results without a port req.RemoteAddr = "172.0.0.1" - h = ipHash.Select(pool, req) + h = ipHash.Select(pool, req, nil) if h != pool[1] { t.Error("Expected ip hash policy host to be the second host.") } req.RemoteAddr = "172.0.0.2" - h = ipHash.Select(pool, req) + h = ipHash.Select(pool, req, nil) if h != pool[1] { t.Error("Expected ip hash policy host to be the second host.") } req.RemoteAddr = "172.0.0.3" - h = ipHash.Select(pool, req) + h = ipHash.Select(pool, req, nil) if h != pool[2] { t.Error("Expected ip hash policy host to be the third host.") } req.RemoteAddr = "172.0.0.4" - h = ipHash.Select(pool, req) + h = ipHash.Select(pool, req, nil) if h != pool[1] { t.Error("Expected ip hash policy host to be the second host.") } @@ -140,13 +140,13 @@ func TestIPHashPolicy(t *testing.T) { // healthy host is available req.RemoteAddr = "172.0.0.1" pool[1].SetHealthy(false) - h = ipHash.Select(pool, req) + h = ipHash.Select(pool, req, nil) if h != pool[2] { t.Error("Expected ip hash policy host to be the third host.") } req.RemoteAddr = "172.0.0.2" - h = ipHash.Select(pool, req) + h = ipHash.Select(pool, req, nil) if h != pool[2] { t.Error("Expected ip hash policy host to be the third host.") } @@ -154,12 +154,12 @@ func TestIPHashPolicy(t *testing.T) { req.RemoteAddr = "172.0.0.3" pool[2].SetHealthy(false) - h = ipHash.Select(pool, req) + h = ipHash.Select(pool, req, nil) if h != pool[0] { t.Error("Expected ip hash policy host to be the first host.") } req.RemoteAddr = "172.0.0.4" - h = ipHash.Select(pool, req) + h = ipHash.Select(pool, req, nil) if h != pool[1] { t.Error("Expected ip hash policy host to be the second host.") } @@ -171,22 +171,22 @@ func TestIPHashPolicy(t *testing.T) { {Host: new(upstreamHost)}, } req.RemoteAddr = "172.0.0.1:80" - h = ipHash.Select(pool, req) + h = ipHash.Select(pool, req, nil) if h != pool[0] { t.Error("Expected ip hash policy host to be the first host.") } req.RemoteAddr = "172.0.0.2:80" - h = ipHash.Select(pool, req) + h = ipHash.Select(pool, req, nil) if h != pool[1] { t.Error("Expected ip hash policy host to be the second host.") } req.RemoteAddr = "172.0.0.3:80" - h = ipHash.Select(pool, req) + h = ipHash.Select(pool, req, nil) if h != pool[0] { t.Error("Expected ip hash policy host to be the first host.") } req.RemoteAddr = "172.0.0.4:80" - h = ipHash.Select(pool, req) + h = ipHash.Select(pool, req, nil) if h != pool[1] { t.Error("Expected ip hash policy host to be the second host.") } @@ -194,7 +194,7 @@ func TestIPHashPolicy(t *testing.T) { // We should get nil when there are no healthy hosts pool[0].SetHealthy(false) pool[1].SetHealthy(false) - h = ipHash.Select(pool, req) + h = ipHash.Select(pool, req, nil) if h != nil { t.Error("Expected ip hash policy host to be nil.") } @@ -205,13 +205,13 @@ func TestFirstPolicy(t *testing.T) { firstPolicy := new(FirstSelection) req := httptest.NewRequest(http.MethodGet, "/", nil) - h := firstPolicy.Select(pool, req) + h := firstPolicy.Select(pool, req, nil) if h != pool[0] { t.Error("Expected first policy host to be the first host.") } pool[0].SetHealthy(false) - h = firstPolicy.Select(pool, req) + h = firstPolicy.Select(pool, req, nil) if h != pool[1] { t.Error("Expected first policy host to be the second host.") } @@ -222,19 +222,19 @@ func TestURIHashPolicy(t *testing.T) { uriPolicy := new(URIHashSelection) request := httptest.NewRequest(http.MethodGet, "/test", nil) - h := uriPolicy.Select(pool, request) + h := uriPolicy.Select(pool, request, nil) if h != pool[0] { t.Error("Expected uri policy host to be the first host.") } pool[0].SetHealthy(false) - h = uriPolicy.Select(pool, request) + h = uriPolicy.Select(pool, request, nil) if h != pool[1] { t.Error("Expected uri policy host to be the first host.") } request = httptest.NewRequest(http.MethodGet, "/test_2", nil) - h = uriPolicy.Select(pool, request) + h = uriPolicy.Select(pool, request, nil) if h != pool[1] { t.Error("Expected uri policy host to be the second host.") } @@ -247,26 +247,26 @@ func TestURIHashPolicy(t *testing.T) { } request = httptest.NewRequest(http.MethodGet, "/test", nil) - h = uriPolicy.Select(pool, request) + h = uriPolicy.Select(pool, request, nil) if h != pool[0] { t.Error("Expected uri policy host to be the first host.") } pool[0].SetHealthy(false) - h = uriPolicy.Select(pool, request) + h = uriPolicy.Select(pool, request, nil) if h != pool[1] { t.Error("Expected uri policy host to be the first host.") } request = httptest.NewRequest(http.MethodGet, "/test_2", nil) - h = uriPolicy.Select(pool, request) + h = uriPolicy.Select(pool, request, nil) if h != pool[1] { t.Error("Expected uri policy host to be the second host.") } pool[0].SetHealthy(false) pool[1].SetHealthy(false) - h = uriPolicy.Select(pool, request) + h = uriPolicy.Select(pool, request, nil) if h != nil { t.Error("Expected uri policy policy host to be nil.") } @@ -311,7 +311,7 @@ func TestRandomChoicePolicy(t *testing.T) { randomChoicePolicy := new(RandomChoiceSelection) randomChoicePolicy.Choose = 2 - h := randomChoicePolicy.Select(pool, request) + h := randomChoicePolicy.Select(pool, request, nil) if h == nil { t.Error("RandomChoicePolicy should not return nil") @@ -322,3 +322,51 @@ func TestRandomChoicePolicy(t *testing.T) { } } + +func TestCookieHashPolicy(t *testing.T) { + pool := testPool() + pool[0].Dial = "localhost:8080" + pool[1].Dial = "localhost:8081" + pool[2].Dial = "localhost:8082" + pool[0].SetHealthy(true) + pool[1].SetHealthy(false) + pool[2].SetHealthy(false) + request := httptest.NewRequest(http.MethodGet, "/test", nil) + w := httptest.NewRecorder() + cookieHashPolicy := new(CookieHashSelection) + h := cookieHashPolicy.Select(pool, request, w) + cookie_server1 := w.Result().Cookies()[0] + if cookie_server1 == nil { + t.Error("cookieHashPolicy should set a cookie") + } + if cookie_server1.Name != "lb" { + t.Error("cookieHashPolicy should set a cookie with name lb") + } + if h != pool[0] { + t.Error("Expected cookieHashPolicy host to be the first only available host.") + } + pool[1].SetHealthy(true) + pool[2].SetHealthy(true) + request = httptest.NewRequest(http.MethodGet, "/test", nil) + w = httptest.NewRecorder() + request.AddCookie(cookie_server1) + h = cookieHashPolicy.Select(pool, request, w) + if h != pool[0] { + t.Error("Expected cookieHashPolicy host to stick to the first host (matching cookie).") + } + s := w.Result().Cookies() + if len(s) != 0 { + t.Error("Expected cookieHashPolicy to not set a new cookie.") + } + pool[0].SetHealthy(false) + request = httptest.NewRequest(http.MethodGet, "/test", nil) + w = httptest.NewRecorder() + request.AddCookie(cookie_server1) + h = cookieHashPolicy.Select(pool, request, w) + if h == pool[0] { + t.Error("Expected cookieHashPolicy to select a new host.") + } + if w.Result().Cookies() == nil { + t.Error("Expected cookieHashPolicy to set a new cookie.") + } +} From 96058538f01bf3fc4f2f7c25dbb2338f058f46c7 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Fri, 20 Nov 2020 16:24:58 -0500 Subject: [PATCH 0237/1498] reverseproxy: Logging for streaming and upgrades (#3689) * reverseproxy: Enable error logging for connection upgrades * reverseproxy: Change some of the error levels, unsugar * Use unsugared log in one spot Co-authored-by: Matthew Holt --- modules/caddyhttp/reverseproxy/streaming.go | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/streaming.go b/modules/caddyhttp/reverseproxy/streaming.go index d183244b..4004b7a6 100644 --- a/modules/caddyhttp/reverseproxy/streaming.go +++ b/modules/caddyhttp/reverseproxy/streaming.go @@ -33,8 +33,9 @@ func (h Handler) handleUpgradeResponse(rw http.ResponseWriter, req *http.Request reqUpType := upgradeType(req.Header) resUpType := upgradeType(res.Header) if reqUpType != resUpType { - // TODO: figure out our own error handling - // p.getErrorHandler()(rw, req, fmt.Errorf("backend tried to switch protocol %q when %q was requested", resUpType, reqUpType)) + h.logger.Debug("backend tried to switch to unexpected protocol via Upgrade header", + zap.String("backend_upgrade", resUpType), + zap.String("requested_upgrade", reqUpType)) return } @@ -42,12 +43,12 @@ func (h Handler) handleUpgradeResponse(rw http.ResponseWriter, req *http.Request hj, ok := rw.(http.Hijacker) if !ok { - // p.getErrorHandler()(rw, req, fmt.Errorf("can't switch protocols using non-Hijacker ResponseWriter type %T", rw)) + h.logger.Sugar().Errorf("can't switch protocols using non-Hijacker ResponseWriter type %T", rw) return } backConn, ok := res.Body.(io.ReadWriteCloser) if !ok { - // p.getErrorHandler()(rw, req, fmt.Errorf("internal error: 101 switching protocols response with non-writable body")) + h.logger.Error("internal error: 101 switching protocols response with non-writable body") return } @@ -66,17 +67,17 @@ func (h Handler) handleUpgradeResponse(rw http.ResponseWriter, req *http.Request conn, brw, err := hj.Hijack() if err != nil { - // p.getErrorHandler()(rw, req, fmt.Errorf("Hijack failed on protocol switch: %v", err)) + h.logger.Error("Hijack failed on protocol switch", zap.Error(err)) return } defer conn.Close() res.Body = nil // so res.Write only writes the headers; we have res.Body in backConn above if err := res.Write(brw); err != nil { - // p.getErrorHandler()(rw, req, fmt.Errorf("response write: %v", err)) + h.logger.Debug("response write", zap.Error(err)) return } if err := brw.Flush(); err != nil { - // p.getErrorHandler()(rw, req, fmt.Errorf("response flush: %v", err)) + h.logger.Debug("response flush", zap.Error(err)) return } errc := make(chan error, 1) From 1e480b818b56b5c46b88d59f54e0b5e54e7758f8 Mon Sep 17 00:00:00 2001 From: Marten Seemann Date: Sun, 22 Nov 2020 04:54:11 +0700 Subject: [PATCH 0238/1498] go.mod: update quic-go to v0.19.2 (#3880) --- go.mod | 2 +- go.sum | 11 +++++------ 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/go.mod b/go.mod index 7fb597d9..5c7aa0fd 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/jsternberg/zap-logfmt v1.2.0 github.com/klauspost/compress v1.11.0 github.com/klauspost/cpuid v1.2.5 // cannot upgrade until arm is fixed: https://github.com/klauspost/cpuid/issues/52 - github.com/lucas-clemente/quic-go v0.18.0 + github.com/lucas-clemente/quic-go v0.19.2 github.com/mholt/acmez v0.1.1 github.com/naoina/go-stringutil v0.1.0 // indirect github.com/naoina/toml v0.1.1 diff --git a/go.sum b/go.sum index 2e7d4af7..b303d00e 100644 --- a/go.sum +++ b/go.sum @@ -354,8 +354,6 @@ github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/libdns/libdns v0.1.0 h1:0ctCOrVJsVzj53mop1angHp/pE3hmAhP7KiHvR0HD04= github.com/libdns/libdns v0.1.0/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40= github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= -github.com/lucas-clemente/quic-go v0.18.0 h1:JhQDdqxdwdmGdKsKgXi1+coHRoGhvU6z0rNzOJqZ/4o= -github.com/lucas-clemente/quic-go v0.18.0/go.mod h1:yXttHsSNxQi8AWijC/vLP+OJczXqzHSOcJrM5ITUlCg= github.com/lunixbochs/vtclean v1.0.0 h1:xu2sLAri4lGiovBDQKxl5mrXyESr3gUr5m5SM5+LVb8= github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/magiconair/properties v1.7.6/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= @@ -364,12 +362,12 @@ github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czP github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/manifoldco/promptui v0.3.1 h1:BxqNa7q1hVHXIXy3iupJMkXYS3aHhbubJWv2Jmg6x64= github.com/manifoldco/promptui v0.3.1/go.mod h1:zoCNXiJnyM03LlBgTsWv8mq28s7aTC71UgKasqRJHww= -github.com/marten-seemann/qpack v0.2.0 h1:/r1rhZoOmgxVKBqPNnYilZBDEyw+6OUHCbBzA5jc2y0= -github.com/marten-seemann/qpack v0.2.0/go.mod h1:F7Gl5L1jIgN1D11ucXefiuJS9UMVP2opoCp2jDKb7wc= +github.com/marten-seemann/qpack v0.2.1 h1:jvTsT/HpCn2UZJdP+UUB53FfUUgeOyG5K1ns0OJOGVs= +github.com/marten-seemann/qpack v0.2.1/go.mod h1:F7Gl5L1jIgN1D11ucXefiuJS9UMVP2opoCp2jDKb7wc= github.com/marten-seemann/qtls v0.10.0 h1:ECsuYUKalRL240rRD4Ri33ISb7kAQ3qGDlrrl55b2pc= github.com/marten-seemann/qtls v0.10.0/go.mod h1:UvMd1oaYDACI99/oZUYLzMCkBXQVT0aGm99sJhbT8hs= -github.com/marten-seemann/qtls-go1-15 v0.1.0 h1:i/YPXVxz8q9umso/5y474CNcHmTpA+5DH+mFPjx6PZg= -github.com/marten-seemann/qtls-go1-15 v0.1.0/go.mod h1:GyFwywLKkRt+6mfU99csTEY1joMZz5vmB1WNZH3P81I= +github.com/marten-seemann/qtls-go1-15 v0.1.1 h1:LIH6K34bPVttyXnUWixk0bzH6/N07VxbSabxn5A5gZQ= +github.com/marten-seemann/qtls-go1-15 v0.1.1/go.mod h1:GyFwywLKkRt+6mfU99csTEY1joMZz5vmB1WNZH3P81I= github.com/matoous/godox v0.0.0-20190911065817-5d6d842e92eb/go.mod h1:1BELzlh859Sh1c6+90blK8lbYy0kwQf1bYlBhBysy1s= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= @@ -764,6 +762,7 @@ golang.org/x/sys v0.0.0-20181128092732-4ed8d59d0b35/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190228124157-a34e9553db1e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190316082340-a2f829d7f35f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= From bd17eb205d6ac464c64eb888a6f4b57445b6c59c Mon Sep 17 00:00:00 2001 From: Dave Henderson Date: Sun, 22 Nov 2020 16:50:29 -0500 Subject: [PATCH 0239/1498] ci: Use golangci's github action for linting (#3794) * ci: Use golangci's github action for linting Signed-off-by: Dave Henderson * Fix most of the staticcheck lint errors Signed-off-by: Dave Henderson * Fix the prealloc lint errors Signed-off-by: Dave Henderson * Fix the misspell lint errors Signed-off-by: Dave Henderson * Fix the varcheck lint errors Signed-off-by: Dave Henderson * Fix the errcheck lint errors Signed-off-by: Dave Henderson * Fix the bodyclose lint errors Signed-off-by: Dave Henderson * Fix the deadcode lint errors Signed-off-by: Dave Henderson * Fix the unused lint errors Signed-off-by: Dave Henderson * Fix the gosec lint errors Signed-off-by: Dave Henderson * Fix the gosimple lint errors Signed-off-by: Dave Henderson * Fix the ineffassign lint errors Signed-off-by: Dave Henderson * Fix the staticcheck lint errors Signed-off-by: Dave Henderson * Revert the misspell change, use a neutral English Signed-off-by: Dave Henderson * Remove broken golangci-lint CI job Signed-off-by: Dave Henderson * Re-add errantly-removed weakrand initialization Signed-off-by: Dave Henderson * don't break the loop and return * Removing extra handling for null rootKey * unignore RegisterModule/RegisterAdapter Co-authored-by: Mohammed Al Sahaf * single-line log message Co-authored-by: Matt Holt * Fix lint after a1808b0dbf209c615e438a496d257ce5e3acdce2 was merged Signed-off-by: Dave Henderson * Revert ticker change, ignore it instead Signed-off-by: Dave Henderson * Ignore some of the write errors Signed-off-by: Dave Henderson * Remove blank line Signed-off-by: Dave Henderson * Use lifetime Signed-off-by: Dave Henderson * close immediately Co-authored-by: Matt Holt * Preallocate configVals Signed-off-by: Dave Henderson * Update modules/caddytls/distributedstek/distributedstek.go Co-authored-by: Mohammed Al Sahaf Co-authored-by: Matt Holt --- .github/workflows/ci.yml | 14 ----- .github/workflows/lint.yml | 23 ++++++++ .golangci.yml | 57 +++++++++++++++++-- admin.go | 7 ++- caddyconfig/httpcaddyfile/builtins.go | 2 +- caddytest/caddytest.go | 9 +-- cmd/commandfuncs.go | 2 +- cmd/main.go | 1 + cmd/proc_posix.go | 37 ------------ cmd/proc_windows.go | 44 -------------- go.sum | 2 + listeners.go | 8 +-- logging.go | 2 +- modules/caddyhttp/app.go | 2 + modules/caddyhttp/autohttps.go | 5 +- modules/caddyhttp/caddyauth/basicauth.go | 1 + modules/caddyhttp/caddyhttp.go | 4 -- modules/caddyhttp/encode/encode.go | 2 +- modules/caddyhttp/errors.go | 10 +++- modules/caddyhttp/fileserver/browse.go | 2 +- modules/caddyhttp/fileserver/browselisting.go | 20 +++---- .../fileserver/browselisting_test.go | 40 +++++++++++++ modules/caddyhttp/fileserver/staticfiles.go | 3 +- modules/caddyhttp/marshalers.go | 3 +- modules/caddyhttp/replacer.go | 3 +- .../caddyhttp/reverseproxy/fastcgi/client.go | 7 --- .../caddyhttp/reverseproxy/healthchecks.go | 2 +- .../caddyhttp/reverseproxy/httptransport.go | 1 + .../caddyhttp/reverseproxy/reverseproxy.go | 29 ++-------- .../reverseproxy/selectionpolicies.go | 2 +- modules/caddyhttp/reverseproxy/streaming.go | 11 +++- .../caddyhttp/reverseproxy/streaming_test.go | 30 ++++++++++ modules/caddyhttp/templates/tplcontext.go | 5 +- modules/caddypki/acmeserver/acmeserver.go | 10 ++-- modules/caddypki/ca.go | 8 --- modules/caddytls/connpolicy.go | 1 + .../distributedstek/distributedstek.go | 7 ++- modules/caddytls/folderloader.go | 20 +++++-- modules/caddytls/internalissuer.go | 16 ++++-- modules/caddytls/tls.go | 2 - modules/caddytls/values.go | 1 + 41 files changed, 256 insertions(+), 199 deletions(-) create mode 100644 .github/workflows/lint.yml delete mode 100644 cmd/proc_posix.go delete mode 100644 cmd/proc_windows.go create mode 100644 modules/caddyhttp/fileserver/browselisting_test.go create mode 100644 modules/caddyhttp/reverseproxy/streaming_test.go diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 72333656..476b908f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -148,20 +148,6 @@ jobs: env: SSH_KEY: ${{ secrets.S390X_SSH_KEY }} - # From https://github.com/reviewdog/action-golangci-lint - golangci-lint: - name: runner / golangci-lint - runs-on: ubuntu-latest - steps: - - name: Checkout code into the Go module directory - uses: actions/checkout@v2 - - - name: Run golangci-lint - uses: reviewdog/action-golangci-lint@v1 - # uses: docker://reviewdog/action-golangci-lint:v1 # pre-build docker image - with: - github_token: ${{ secrets.github_token }} - goreleaser-check: runs-on: ubuntu-latest steps: diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 00000000..ef691505 --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,23 @@ +name: Lint + +on: + push: + branches: + - master + pull_request: + branches: + - master + +jobs: + # From https://github.com/golangci/golangci-lint-action + golangci: + name: lint + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: golangci-lint + uses: golangci/golangci-lint-action@v2 + with: + version: v1.31 + # Optional: show only new issues if it's a pull request. The default value is `false`. + # only-new-issues: true diff --git a/.golangci.yml b/.golangci.yml index f6d83227..2c6acca5 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -1,21 +1,68 @@ linters-settings: errcheck: - ignore: fmt:.*,io/ioutil:^Read.*,github.com/caddyserver/caddy/v2/caddyconfig:RegisterAdapter,github.com/caddyserver/caddy/v2:RegisterModule + ignore: fmt:.*,io/ioutil:^Read.*,go.uber.org/zap/zapcore:^Add.* ignoretests: true - misspell: - locale: US linters: + disable-all: true enable: - bodyclose - - prealloc - - unconvert + - deadcode - errcheck - gofmt - goimports - gosec + - gosimple + - govet - ineffassign - misspell + - prealloc + - staticcheck + - structcheck + - typecheck + - unconvert + - unused + - varcheck + # these are implicitly disabled: + # - asciicheck + # - depguard + # - dogsled + # - dupl + # - exhaustive + # - exportloopref + # - funlen + # - gci + # - gochecknoglobals + # - gochecknoinits + # - gocognit + # - goconst + # - gocritic + # - gocyclo + # - godot + # - godox + # - goerr113 + # - gofumpt + # - goheader + # - golint + # - gomnd + # - gomodguard + # - goprintffuncname + # - interfacer + # - lll + # - maligned + # - nakedret + # - nestif + # - nlreturn + # - noctx + # - nolintlint + # - rowserrcheck + # - scopelint + # - sqlclosecheck + # - stylecheck + # - testpackage + # - unparam + # - whitespace + # - wsl run: # default concurrency is a available CPU number. diff --git a/admin.go b/admin.go index 8ac12fda..f539b44b 100644 --- a/admin.go +++ b/admin.go @@ -398,7 +398,10 @@ func (h adminHandler) handleError(w http.ResponseWriter, r *http.Request, err er w.Header().Set("Content-Type", "application/json") w.WriteHeader(apiErr.Code) - json.NewEncoder(w).Encode(apiErr) + encErr := json.NewEncoder(w).Encode(apiErr) + if encErr != nil { + Log().Named("admin.api").Error("failed to encode error response", zap.Error(encErr)) + } } // checkHost returns a handler that wraps next such that @@ -838,7 +841,7 @@ var ( // will get deleted before the process gracefully exits. func PIDFile(filename string) error { pid := []byte(strconv.Itoa(os.Getpid()) + "\n") - err := ioutil.WriteFile(filename, pid, 0644) + err := ioutil.WriteFile(filename, pid, 0600) if err != nil { return err } diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index f8b5e2c5..4a0b335e 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -356,7 +356,7 @@ func parseTLS(h Helper) ([]ConfigValue, error) { } // begin building the final config values - var configVals []ConfigValue + configVals := []ConfigValue{} // certificate loaders if len(fileLoader) > 0 { diff --git a/caddytest/caddytest.go b/caddytest/caddytest.go index 85a6373b..d3c70b60 100644 --- a/caddytest/caddytest.go +++ b/caddytest/caddytest.go @@ -124,10 +124,10 @@ func (tc *Tester) initServer(rawConfig string, configType string) error { return } defer res.Body.Close() - body, err := ioutil.ReadAll(res.Body) + body, _ := ioutil.ReadAll(res.Body) var out bytes.Buffer - json.Indent(&out, body, "", " ") + _ = json.Indent(&out, body, "", " ") tc.t.Logf("----------- failed with config -----------\n%s", out.String()) } }) @@ -221,10 +221,11 @@ func isCaddyAdminRunning() error { client := &http.Client{ Timeout: Default.LoadRequestTimeout, } - _, err := client.Get(fmt.Sprintf("http://localhost:%d/config/", Default.AdminPort)) + resp, err := client.Get(fmt.Sprintf("http://localhost:%d/config/", Default.AdminPort)) if err != nil { return errors.New("caddy integration test caddy server not running. Expected to be listening on localhost:2019") } + resp.Body.Close() return nil } @@ -272,7 +273,7 @@ func CreateTestingTransport() *http.Transport { IdleConnTimeout: 90 * time.Second, TLSHandshakeTimeout: 5 * time.Second, ExpectContinueTimeout: 1 * time.Second, - TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, + TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, //nolint:gosec } } diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go index 772fe012..28fa26ed 100644 --- a/cmd/commandfuncs.go +++ b/cmd/commandfuncs.go @@ -96,7 +96,7 @@ func cmdStart(fl Flags) (int, error) { // started yet, and writing synchronously would result // in a deadlock go func() { - stdinpipe.Write(expect) + _, _ = stdinpipe.Write(expect) stdinpipe.Close() }() diff --git a/cmd/main.go b/cmd/main.go index 914df215..e92e71f6 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -236,6 +236,7 @@ func watchConfigFile(filename, adapterName string) { } // begin poller + //nolint:staticcheck for range time.Tick(1 * time.Second) { // get the file info info, err := os.Stat(filename) diff --git a/cmd/proc_posix.go b/cmd/proc_posix.go deleted file mode 100644 index 9ca589f7..00000000 --- a/cmd/proc_posix.go +++ /dev/null @@ -1,37 +0,0 @@ -// Copyright 2015 Matthew Holt and The Caddy Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// +build !windows - -package caddycmd - -import ( - "fmt" - "os" - "path/filepath" - "syscall" -) - -func gracefullyStopProcess(pid int) error { - fmt.Print("Graceful stop... ") - err := syscall.Kill(pid, syscall.SIGINT) - if err != nil { - return fmt.Errorf("kill: %v", err) - } - return nil -} - -func getProcessName() string { - return filepath.Base(os.Args[0]) -} diff --git a/cmd/proc_windows.go b/cmd/proc_windows.go deleted file mode 100644 index 4a62c272..00000000 --- a/cmd/proc_windows.go +++ /dev/null @@ -1,44 +0,0 @@ -// Copyright 2015 Matthew Holt and The Caddy Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package caddycmd - -import ( - "fmt" - "os" - "os/exec" - "path/filepath" - "strconv" -) - -func gracefullyStopProcess(pid int) error { - fmt.Print("Forceful stop... ") - // process on windows will not stop unless forced with /f - cmd := exec.Command("taskkill", "/pid", strconv.Itoa(pid), "/f") - if err := cmd.Run(); err != nil { - return fmt.Errorf("taskkill: %v", err) - } - return nil -} - -// On Windows the app name passed in os.Args[0] will match how -// caddy was started eg will match caddy or caddy.exe. -// So return appname with .exe for consistency -func getProcessName() string { - base := filepath.Base(os.Args[0]) - if filepath.Ext(base) == "" { - return base + ".exe" - } - return base -} diff --git a/go.sum b/go.sum index b303d00e..7923ba7b 100644 --- a/go.sum +++ b/go.sum @@ -354,6 +354,8 @@ github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/libdns/libdns v0.1.0 h1:0ctCOrVJsVzj53mop1angHp/pE3hmAhP7KiHvR0HD04= github.com/libdns/libdns v0.1.0/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40= github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= +github.com/lucas-clemente/quic-go v0.19.2 h1:w8BBYUx5Z+kNpeaOeQW/KzcNsKWhh4O6PeQhb0nURPg= +github.com/lucas-clemente/quic-go v0.19.2/go.mod h1:ZUygOqIoai0ASXXLJ92LTnKdbqh9MHCLTX6Nr1jUrK0= github.com/lunixbochs/vtclean v1.0.0 h1:xu2sLAri4lGiovBDQKxl5mrXyESr3gUr5m5SM5+LVb8= github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/magiconair/properties v1.7.6/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= diff --git a/listeners.go b/listeners.go index 39bd8118..2c52d125 100644 --- a/listeners.go +++ b/listeners.go @@ -129,9 +129,9 @@ func (fcl *fakeCloseListener) Accept() (net.Conn, error) { if *fcl.deadline { switch ln := fcl.Listener.(type) { case *net.TCPListener: - ln.SetDeadline(time.Time{}) + _ = ln.SetDeadline(time.Time{}) case *net.UnixListener: - ln.SetDeadline(time.Time{}) + _ = ln.SetDeadline(time.Time{}) } *fcl.deadline = false } @@ -167,9 +167,9 @@ func (fcl *fakeCloseListener) Close() error { if !*fcl.deadline { switch ln := fcl.Listener.(type) { case *net.TCPListener: - ln.SetDeadline(time.Now().Add(-1 * time.Minute)) + _ = ln.SetDeadline(time.Now().Add(-1 * time.Minute)) case *net.UnixListener: - ln.SetDeadline(time.Now().Add(-1 * time.Minute)) + _ = ln.SetDeadline(time.Now().Add(-1 * time.Minute)) } *fcl.deadline = true } diff --git a/logging.go b/logging.go index 8f3f8426..60ca4878 100644 --- a/logging.go +++ b/logging.go @@ -458,7 +458,7 @@ func (cl *CustomLog) buildCore() { if cl.Sampling.Thereafter == 0 { cl.Sampling.Thereafter = 100 } - c = zapcore.NewSampler(c, cl.Sampling.Interval, + c = zapcore.NewSamplerWithOptions(c, cl.Sampling.Interval, cl.Sampling.First, cl.Sampling.Thereafter) } cl.core = c diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go index 43cc6f79..42e77256 100644 --- a/modules/caddyhttp/app.go +++ b/modules/caddyhttp/app.go @@ -363,6 +363,7 @@ func (app *App) Start() error { ErrorLog: serverLogger, }, } + //nolint:errcheck go h3srv.Serve(h3ln) app.h3servers = append(app.h3servers, h3srv) app.h3listeners = append(app.h3listeners, h3ln) @@ -391,6 +392,7 @@ func (app *App) Start() error { zap.Bool("tls", useTLS), ) + //nolint:errcheck go s.Serve(ln) app.servers = append(app.servers, s) } diff --git a/modules/caddyhttp/autohttps.go b/modules/caddyhttp/autohttps.go index 805a37c2..fff4c461 100644 --- a/modules/caddyhttp/autohttps.go +++ b/modules/caddyhttp/autohttps.go @@ -523,7 +523,10 @@ func (app *App) createAutomationPolicies(ctx caddy.Context, internalNames []stri // our base/catch-all policy - this will serve the // public-looking names as well as any other names // that don't match any other policy - app.tlsApp.AddAutomationPolicy(basePolicy) + err := app.tlsApp.AddAutomationPolicy(basePolicy) + if err != nil { + return err + } } else { // a base policy already existed; we might have // changed it, so re-provision it diff --git a/modules/caddyhttp/caddyauth/basicauth.go b/modules/caddyhttp/caddyauth/basicauth.go index f383199e..33be70df 100644 --- a/modules/caddyhttp/caddyauth/basicauth.go +++ b/modules/caddyhttp/caddyauth/basicauth.go @@ -240,6 +240,7 @@ func (c *Cache) makeRoom() { // map with less code, this is a heavily skewed eviction // strategy; generating random numbers is cheap and // ensures a much better distribution. + //nolint:gosec rnd := weakrand.Intn(len(c.cache)) i := 0 for key := range c.cache { diff --git a/modules/caddyhttp/caddyhttp.go b/modules/caddyhttp/caddyhttp.go index a7ac8890..485afe09 100644 --- a/modules/caddyhttp/caddyhttp.go +++ b/modules/caddyhttp/caddyhttp.go @@ -18,18 +18,14 @@ import ( "bytes" "encoding/json" "io" - weakrand "math/rand" "net" "net/http" "strconv" - "time" "github.com/caddyserver/caddy/v2" ) func init() { - weakrand.Seed(time.Now().UnixNano()) - caddy.RegisterModule(tlsPlaceholderWrapper{}) } diff --git a/modules/caddyhttp/encode/encode.go b/modules/caddyhttp/encode/encode.go index 52205aa2..e42eeed8 100644 --- a/modules/caddyhttp/encode/encode.go +++ b/modules/caddyhttp/encode/encode.go @@ -262,7 +262,7 @@ func acceptedEncodings(r *http.Request) []string { return []string{} } - var prefs []encodingPreference + prefs := []encodingPreference{} for _, accepted := range strings.Split(acceptEncHeader, ",") { parts := strings.Split(accepted, ";") diff --git a/modules/caddyhttp/errors.go b/modules/caddyhttp/errors.go index 05930636..85dc3dfb 100644 --- a/modules/caddyhttp/errors.go +++ b/modules/caddyhttp/errors.go @@ -16,14 +16,19 @@ package caddyhttp import ( "fmt" - mathrand "math/rand" + weakrand "math/rand" "path" "runtime" "strings" + "time" "github.com/caddyserver/caddy/v2" ) +func init() { + weakrand.Seed(time.Now().UnixNano()) +} + // Error is a convenient way for a Handler to populate the // essential fields of a HandlerError. If err is itself a // HandlerError, then any essential fields that are not @@ -92,7 +97,8 @@ func randString(n int, sameCase bool) string { } b := make([]byte, n) for i := range b { - b[i] = dict[mathrand.Int63()%int64(len(dict))] + //nolint:gosec + b[i] = dict[weakrand.Int63()%int64(len(dict))] } return string(b) } diff --git a/modules/caddyhttp/fileserver/browse.go b/modules/caddyhttp/fileserver/browse.go index 3fecad95..cd41ea54 100644 --- a/modules/caddyhttp/fileserver/browse.go +++ b/modules/caddyhttp/fileserver/browse.go @@ -82,7 +82,7 @@ func (fsrv *FileServer) serveBrowse(dirPath string, w http.ResponseWriter, r *ht w.Header().Set("Content-Type", "text/html; charset=utf-8") } - buf.WriteTo(w) + _, _ = buf.WriteTo(w) return nil } diff --git a/modules/caddyhttp/fileserver/browselisting.go b/modules/caddyhttp/fileserver/browselisting.go index 79944f93..f3f85a37 100644 --- a/modules/caddyhttp/fileserver/browselisting.go +++ b/modules/caddyhttp/fileserver/browselisting.go @@ -30,10 +30,8 @@ import ( func (fsrv *FileServer) directoryListing(files []os.FileInfo, canGoUp bool, urlPath string, repl *caddy.Replacer) browseListing { filesToHide := fsrv.transformHidePaths(repl) - var ( - fileInfos []fileInfo - dirCount, fileCount int - ) + var dirCount, fileCount int + fileInfos := []fileInfo{} for _, f := range files { name := f.Name() @@ -109,10 +107,8 @@ type browseListing struct { // Breadcrumbs returns l.Path where every element maps // the link to the text to display. func (l browseListing) Breadcrumbs() []crumb { - var result []crumb - if len(l.Path) == 0 { - return result + return []crumb{} } // skip trailing slash @@ -122,13 +118,13 @@ func (l browseListing) Breadcrumbs() []crumb { } parts := strings.Split(lpath, "/") - for i := range parts { - txt := parts[i] - if i == 0 && parts[i] == "" { - txt = "/" + result := make([]crumb, len(parts)) + for i, p := range parts { + if i == 0 && p == "" { + p = "/" } lnk := strings.Repeat("../", len(parts)-i-1) - result = append(result, crumb{Link: lnk, Text: txt}) + result[i] = crumb{Link: lnk, Text: p} } return result diff --git a/modules/caddyhttp/fileserver/browselisting_test.go b/modules/caddyhttp/fileserver/browselisting_test.go new file mode 100644 index 00000000..6d58b7e5 --- /dev/null +++ b/modules/caddyhttp/fileserver/browselisting_test.go @@ -0,0 +1,40 @@ +package fileserver + +import ( + "testing" +) + +func TestBreadcrumbs(t *testing.T) { + testdata := []struct { + path string + expected []crumb + }{ + {"", []crumb{}}, + {"/", []crumb{{Text: "/"}}}, + {"foo/bar/baz", []crumb{ + {Link: "../../", Text: "foo"}, + {Link: "../", Text: "bar"}, + {Link: "", Text: "baz"}, + }}, + {"/qux/quux/corge/", []crumb{ + {Link: "../../../", Text: "/"}, + {Link: "../../", Text: "qux"}, + {Link: "../", Text: "quux"}, + {Link: "", Text: "corge"}, + }}, + } + + for _, d := range testdata { + l := browseListing{Path: d.path} + actual := l.Breadcrumbs() + if len(actual) != len(d.expected) { + t.Errorf("wrong size output, got %d elements but expected %d", len(actual), len(d.expected)) + continue + } + for i, c := range actual { + if c != d.expected[i] { + t.Errorf("got %#v but expected %#v at index %d", c, d.expected[i], i) + } + } + } +} diff --git a/modules/caddyhttp/fileserver/staticfiles.go b/modules/caddyhttp/fileserver/staticfiles.go index b9f2b23d..caad0b4d 100644 --- a/modules/caddyhttp/fileserver/staticfiles.go +++ b/modules/caddyhttp/fileserver/staticfiles.go @@ -249,7 +249,7 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c } w.WriteHeader(statusCode) if r.Method != http.MethodHead { - io.Copy(w, file) + _, _ = io.Copy(w, file) } return nil } @@ -278,6 +278,7 @@ func (fsrv *FileServer) openFile(filename string, w http.ResponseWriter) (*os.Fi } // maybe the server is under load and ran out of file descriptors? // have client wait arbitrary seconds to help prevent a stampede + //nolint:gosec backoff := weakrand.Intn(maxBackoff-minBackoff) + minBackoff w.Header().Set("Retry-After", strconv.Itoa(backoff)) return nil, caddyhttp.Error(http.StatusServiceUnavailable, err) diff --git a/modules/caddyhttp/marshalers.go b/modules/caddyhttp/marshalers.go index 9e8bb9ff..8001bd8f 100644 --- a/modules/caddyhttp/marshalers.go +++ b/modules/caddyhttp/marshalers.go @@ -75,7 +75,8 @@ func (t LoggableTLSConnState) MarshalLogObject(enc zapcore.ObjectEncoder) error enc.AddUint16("version", t.Version) enc.AddUint16("cipher_suite", t.CipherSuite) enc.AddString("proto", t.NegotiatedProtocol) - enc.AddBool("proto_mutual", t.NegotiatedProtocolIsMutual) + // NegotiatedProtocolIsMutual is deprecated - it's always true + enc.AddBool("proto_mutual", true) enc.AddString("server_name", t.ServerName) if len(t.PeerCertificates) > 0 { enc.AddString("client_common_name", t.PeerCertificates[0].Subject.CommonName) diff --git a/modules/caddyhttp/replacer.go b/modules/caddyhttp/replacer.go index 3993433a..5a0efce4 100644 --- a/modules/caddyhttp/replacer.go +++ b/modules/caddyhttp/replacer.go @@ -362,7 +362,8 @@ func getReqTLSReplacement(req *http.Request, key string) (interface{}, bool) { case "proto": return req.TLS.NegotiatedProtocol, true case "proto_mutual": - return req.TLS.NegotiatedProtocolIsMutual, true + // req.TLS.NegotiatedProtocolIsMutual is deprecated - it's always true. + return true, true case "server_name": return req.TLS.ServerName, true } diff --git a/modules/caddyhttp/reverseproxy/fastcgi/client.go b/modules/caddyhttp/reverseproxy/fastcgi/client.go index ae0de006..94df0c77 100644 --- a/modules/caddyhttp/reverseproxy/fastcgi/client.go +++ b/modules/caddyhttp/reverseproxy/fastcgi/client.go @@ -242,13 +242,6 @@ func (c *FCGIClient) writeBeginRequest(role uint16, flags uint8) error { return c.writeRecord(BeginRequest, b[:]) } -func (c *FCGIClient) writeEndRequest(appStatus int, protocolStatus uint8) error { - b := make([]byte, 8) - binary.BigEndian.PutUint32(b, uint32(appStatus)) - b[4] = protocolStatus - return c.writeRecord(EndRequest, b) -} - func (c *FCGIClient) writePairs(recType uint8, pairs map[string]string) error { w := newWriter(c, recType) b := make([]byte, 8) diff --git a/modules/caddyhttp/reverseproxy/healthchecks.go b/modules/caddyhttp/reverseproxy/healthchecks.go index 4e933208..285834b9 100644 --- a/modules/caddyhttp/reverseproxy/healthchecks.go +++ b/modules/caddyhttp/reverseproxy/healthchecks.go @@ -263,7 +263,7 @@ func (h *Handler) doActiveHealthCheck(dialInfo DialInfo, hostAddr string, host H } defer func() { // drain any remaining body so connection could be re-used - io.Copy(ioutil.Discard, body) + _, _ = io.Copy(ioutil.Discard, body) resp.Body.Close() }() diff --git a/modules/caddyhttp/reverseproxy/httptransport.go b/modules/caddyhttp/reverseproxy/httptransport.go index d2a99516..61e90543 100644 --- a/modules/caddyhttp/reverseproxy/httptransport.go +++ b/modules/caddyhttp/reverseproxy/httptransport.go @@ -173,6 +173,7 @@ func (h *HTTPTransport) NewTransport(ctx caddy.Context) (*http.Transport, error) dialer.Resolver = &net.Resolver{ PreferGo: true, Dial: func(ctx context.Context, _, _ string) (net.Conn, error) { + //nolint:gosec addr := h.Resolver.netAddrs[weakrand.Intn(len(h.Resolver.netAddrs))] return d.DialContext(ctx, addr.Network, addr.JoinHostPort(0)) }, diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 7fc61ae6..bed5289b 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -314,7 +314,7 @@ func (h *Handler) Cleanup() error { // remove hosts from our config from the pool for _, upstream := range h.Upstreams { - hosts.Delete(upstream.String()) + _, _ = hosts.Delete(upstream.String()) } return nil @@ -339,7 +339,7 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyht buf := bufPool.Get().(*bytes.Buffer) buf.Reset() defer bufPool.Put(buf) - io.Copy(buf, r.Body) + _, _ = io.Copy(buf, r.Body) r.Body.Close() r.Body = ioutil.NopCloser(buf) } @@ -518,7 +518,8 @@ func (h Handler) prepareRequest(req *http.Request) error { // (This method is mostly the beginning of what was borrowed from the net/http/httputil package in the // Go standard library which was used as the foundation.) func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, di DialInfo, next caddyhttp.Handler) error { - di.Upstream.Host.CountRequest(1) + _ = di.Upstream.Host.CountRequest(1) + //nolint:errcheck defer di.Upstream.Host.CountRequest(-1) // point the request to this upstream @@ -742,16 +743,6 @@ func copyHeader(dst, src http.Header) { } } -func cloneHeader(h http.Header) http.Header { - h2 := make(http.Header, len(h)) - for k, vv := range h { - vv2 := make([]string, len(vv)) - copy(vv2, vv) - h2[k] = vv2 - } - return h2 -} - func upgradeType(h http.Header) string { if !httpguts.HeaderValuesContainsToken(h["Connection"], "Upgrade") { return "" @@ -759,18 +750,6 @@ func upgradeType(h http.Header) string { return strings.ToLower(h.Get("Upgrade")) } -func singleJoiningSlash(a, b string) string { - aslash := strings.HasSuffix(a, "/") - bslash := strings.HasPrefix(b, "/") - switch { - case aslash && bslash: - return a + b[1:] - case !aslash && !bslash: - return a + "/" + b - } - return a + b -} - // removeConnectionHeaders removes hop-by-hop headers listed in the "Connection" header of h. // See RFC 7230, section 6.1 func removeConnectionHeaders(h http.Header) { diff --git a/modules/caddyhttp/reverseproxy/selectionpolicies.go b/modules/caddyhttp/reverseproxy/selectionpolicies.go index a1010f4b..a391b2f9 100644 --- a/modules/caddyhttp/reverseproxy/selectionpolicies.go +++ b/modules/caddyhttp/reverseproxy/selectionpolicies.go @@ -536,7 +536,7 @@ func hostByHashing(pool []*Upstream, s string) *Upstream { // hash calculates a fast hash based on s. func hash(s string) uint32 { h := fnv.New32a() - h.Write([]byte(s)) + _, _ = h.Write([]byte(s)) return h.Sum32() } diff --git a/modules/caddyhttp/reverseproxy/streaming.go b/modules/caddyhttp/reverseproxy/streaming.go index 4004b7a6..f108a97f 100644 --- a/modules/caddyhttp/reverseproxy/streaming.go +++ b/modules/caddyhttp/reverseproxy/streaming.go @@ -138,9 +138,9 @@ func (h Handler) copyResponse(dst io.Writer, src io.Reader, flushInterval time.D } } - buf := streamingBufPool.Get().([]byte) + buf := streamingBufPool.Get().(*[]byte) defer streamingBufPool.Put(buf) - _, err := h.copyBuffer(dst, src, buf) + _, err := h.copyBuffer(dst, src, *buf) return err } @@ -255,7 +255,12 @@ func (c switchProtocolCopier) copyToBackend(errc chan<- error) { var streamingBufPool = sync.Pool{ New: func() interface{} { - return make([]byte, defaultBufferSize) + // The Pool's New function should generally only return pointer + // types, since a pointer can be put into the return interface + // value without an allocation + // - (from the package docs) + b := make([]byte, defaultBufferSize) + return &b }, } diff --git a/modules/caddyhttp/reverseproxy/streaming_test.go b/modules/caddyhttp/reverseproxy/streaming_test.go new file mode 100644 index 00000000..4ed1f1e4 --- /dev/null +++ b/modules/caddyhttp/reverseproxy/streaming_test.go @@ -0,0 +1,30 @@ +package reverseproxy + +import ( + "bytes" + "strings" + "testing" +) + +func TestHandlerCopyResponse(t *testing.T) { + h := Handler{} + testdata := []string{ + "", + strings.Repeat("a", defaultBufferSize), + strings.Repeat("123456789 123456789 123456789 12", 3000), + } + dst := bytes.NewBuffer(nil) + + for _, d := range testdata { + src := bytes.NewBuffer([]byte(d)) + dst.Reset() + err := h.copyResponse(dst, src, 0) + if err != nil { + t.Errorf("failed with error: %v", err) + } + out := dst.String() + if out != d { + t.Errorf("bad read: got %q", out) + } + } +} diff --git a/modules/caddyhttp/templates/tplcontext.go b/modules/caddyhttp/templates/tplcontext.go index 7bc0ce79..8bdaeec7 100644 --- a/modules/caddyhttp/templates/tplcontext.go +++ b/modules/caddyhttp/templates/tplcontext.go @@ -270,7 +270,10 @@ func (templateContext) funcMarkdown(input interface{}) (string, error) { buf.Reset() defer bufPool.Put(buf) - md.Convert([]byte(inputStr), buf) + err := md.Convert([]byte(inputStr), buf) + if err != nil { + return "", err + } return buf.String(), nil } diff --git a/modules/caddypki/acmeserver/acmeserver.go b/modules/caddypki/acmeserver/acmeserver.go index 6023e064..9d8a6fc9 100644 --- a/modules/caddypki/acmeserver/acmeserver.go +++ b/modules/caddypki/acmeserver/acmeserver.go @@ -132,11 +132,11 @@ func (ash *Handler) Provision(ctx caddy.Context) error { return err } - acmeAuth, err := acme.NewAuthority( - auth.GetDatabase().(nosql.DB), // stores all the server state - ash.Host, // used for directory links; TODO: not needed - strings.Trim(ash.PathPrefix, "/"), // used for directory links - auth) // configures the signing authority + acmeAuth, err := acme.New(auth, acme.AuthorityOptions{ + DB: auth.GetDatabase().(nosql.DB), // stores all the server state + DNS: ash.Host, // used for directory links; TODO: not needed + Prefix: strings.Trim(ash.PathPrefix, "/"), // used for directory links + }) if err != nil { return err } diff --git a/modules/caddypki/ca.go b/modules/caddypki/ca.go index c0a00963..f95c9a02 100644 --- a/modules/caddypki/ca.go +++ b/modules/caddypki/ca.go @@ -309,14 +309,6 @@ func (ca CA) loadOrGenIntermediate(rootCert *x509.Certificate, rootKey interface func (ca CA) genIntermediate(rootCert *x509.Certificate, rootKey interface{}) (interCert *x509.Certificate, interKey interface{}, err error) { repl := ca.newReplacer() - rootKeyPEM, err := ca.storage.Load(ca.storageKeyRootKey()) - if err != nil { - return nil, nil, fmt.Errorf("loading root key to sign new intermediate: %v", err) - } - rootKey, err = pemDecodePrivateKey(rootKeyPEM) - if err != nil { - return nil, nil, fmt.Errorf("decoding root key: %v", err) - } interCert, interKey, err = generateIntermediate(repl.ReplaceAll(ca.IntermediateCommonName, ""), rootCert, rootKey) if err != nil { return nil, nil, fmt.Errorf("generating CA intermediate: %v", err) diff --git a/modules/caddytls/connpolicy.go b/modules/caddytls/connpolicy.go index 7eda0022..de929cc3 100644 --- a/modules/caddytls/connpolicy.go +++ b/modules/caddytls/connpolicy.go @@ -80,6 +80,7 @@ func (cp ConnectionPolicies) TLSConfig(ctx caddy.Context) *tls.Config { } return &tls.Config{ + MinVersion: tls.VersionTLS12, GetConfigForClient: func(hello *tls.ClientHelloInfo) (*tls.Config, error) { // filter policies by SNI first, if possible, to speed things up // when there may be lots of policies diff --git a/modules/caddytls/distributedstek/distributedstek.go b/modules/caddytls/distributedstek/distributedstek.go index f29db291..e76fc472 100644 --- a/modules/caddytls/distributedstek/distributedstek.go +++ b/modules/caddytls/distributedstek/distributedstek.go @@ -145,7 +145,12 @@ func (s *Provider) storeSTEK(dstek distributedSTEK) error { // current STEK is outdated (NextRotation time is in the past), // then it is rotated and persisted. The resulting STEK is returned. func (s *Provider) getSTEK() (distributedSTEK, error) { - s.storage.Lock(s.ctx, stekLockName) + err := s.storage.Lock(s.ctx, stekLockName) + if err != nil { + return distributedSTEK{}, fmt.Errorf("failed to acquire storage lock: %v", err) + } + + //nolint:errcheck defer s.storage.Unlock(stekLockName) // load the current STEKs from storage diff --git a/modules/caddytls/folderloader.go b/modules/caddytls/folderloader.go index f1a742df..10b017ee 100644 --- a/modules/caddytls/folderloader.go +++ b/modules/caddytls/folderloader.go @@ -97,26 +97,38 @@ func x509CertFromCertAndKeyPEMFile(fpath string) (tls.Certificate, error) { if derBlock.Type == "CERTIFICATE" { // Re-encode certificate as PEM, appending to certificate chain - pem.Encode(certBuilder, derBlock) + err = pem.Encode(certBuilder, derBlock) + if err != nil { + return tls.Certificate{}, err + } } else if derBlock.Type == "EC PARAMETERS" { // EC keys generated from openssl can be composed of two blocks: // parameters and key (parameter block should come first) if !foundKey { // Encode parameters - pem.Encode(keyBuilder, derBlock) + err = pem.Encode(keyBuilder, derBlock) + if err != nil { + return tls.Certificate{}, err + } // Key must immediately follow derBlock, bundle = pem.Decode(bundle) if derBlock == nil || derBlock.Type != "EC PRIVATE KEY" { return tls.Certificate{}, fmt.Errorf("%s: expected elliptic private key to immediately follow EC parameters", fpath) } - pem.Encode(keyBuilder, derBlock) + err = pem.Encode(keyBuilder, derBlock) + if err != nil { + return tls.Certificate{}, err + } foundKey = true } } else if derBlock.Type == "PRIVATE KEY" || strings.HasSuffix(derBlock.Type, " PRIVATE KEY") { // RSA key if !foundKey { - pem.Encode(keyBuilder, derBlock) + err = pem.Encode(keyBuilder, derBlock) + if err != nil { + return tls.Certificate{}, err + } foundKey = true } } else { diff --git a/modules/caddytls/internalissuer.go b/modules/caddytls/internalissuer.go index 6f228ea3..416369f5 100644 --- a/modules/caddytls/internalissuer.go +++ b/modules/caddytls/internalissuer.go @@ -27,6 +27,7 @@ import ( "github.com/caddyserver/caddy/v2/modules/caddypki" "github.com/caddyserver/certmagic" "github.com/smallstep/certificates/authority/provisioner" + "go.uber.org/zap" ) func init() { @@ -51,7 +52,8 @@ type InternalIssuer struct { // validate certificate chains. SignWithRoot bool `json:"sign_with_root,omitempty"` - ca *caddypki.CA + ca *caddypki.CA + logger *zap.Logger } // CaddyModule returns the Caddy module information. @@ -64,6 +66,8 @@ func (InternalIssuer) CaddyModule() caddy.ModuleInfo { // Provision sets up the issuer. func (iss *InternalIssuer) Provision(ctx caddy.Context) error { + iss.logger = ctx.Logger(iss) + // get a reference to the configured CA appModule, err := ctx.App("pki") if err != nil { @@ -115,11 +119,15 @@ func (iss InternalIssuer) Issue(ctx context.Context, csr *x509.CertificateReques // ensure issued certificate does not expire later than its issuer lifetime := time.Duration(iss.Lifetime) if time.Now().Add(lifetime).After(issuerCert.NotAfter) { - // TODO: log this - lifetime = issuerCert.NotAfter.Sub(time.Now()) + lifetime = time.Until(issuerCert.NotAfter) + iss.logger.Warn("cert lifetime would exceed issuer NotAfter, clamping lifetime", + zap.Duration("orig_lifetime", time.Duration(iss.Lifetime)), + zap.Duration("lifetime", lifetime), + zap.Time("not_after", issuerCert.NotAfter), + ) } - certChain, err := auth.Sign(csr, provisioner.SignOptions{}, customCertLifetime(iss.Lifetime)) + certChain, err := auth.Sign(csr, provisioner.SignOptions{}, customCertLifetime(caddy.Duration(lifetime))) if err != nil { return nil, err } diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go index 146eed4f..fd3473ed 100644 --- a/modules/caddytls/tls.go +++ b/modules/caddytls/tls.go @@ -498,8 +498,6 @@ var ( storageCleanMu sync.Mutex ) -const automateKey = "automate" - // Interface guards var ( _ caddy.App = (*TLS)(nil) diff --git a/modules/caddytls/values.go b/modules/caddytls/values.go index f0944a30..dea00131 100644 --- a/modules/caddytls/values.go +++ b/modules/caddytls/values.go @@ -122,6 +122,7 @@ var SupportedProtocols = map[string]uint16{ // unsupportedProtocols is a map of unsupported protocols. // Used for logging only, not enforcement. var unsupportedProtocols = map[string]uint16{ + //nolint:staticcheck "ssl3.0": tls.VersionSSL30, "tls1.0": tls.VersionTLS10, "tls1.1": tls.VersionTLS11, From 4a641f6c6fb441a8301eeb8cab0c0b61de70ff7f Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 23 Nov 2020 14:18:26 -0500 Subject: [PATCH 0240/1498] reverseproxy: Add Caddyfile scheme shorthand for h2c (#3629) * reverseproxy: Add Caddyfile scheme shorthand for h2c * reverseproxy: Use parentheses for condition Co-authored-by: Matt Holt Co-authored-by: Matt Holt --- .../reverse_proxy_h2c_shorthand.txt | 38 +++++++++++++++++++ modules/caddyhttp/reverseproxy/caddyfile.go | 13 +++++-- 2 files changed, 48 insertions(+), 3 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/reverse_proxy_h2c_shorthand.txt diff --git a/caddytest/integration/caddyfile_adapt/reverse_proxy_h2c_shorthand.txt b/caddytest/integration/caddyfile_adapt/reverse_proxy_h2c_shorthand.txt new file mode 100644 index 00000000..94f22086 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/reverse_proxy_h2c_shorthand.txt @@ -0,0 +1,38 @@ +:8884 + +reverse_proxy h2c://localhost:8080 +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":8884" + ], + "routes": [ + { + "handle": [ + { + "handler": "reverse_proxy", + "transport": { + "protocol": "http", + "versions": [ + "h2c", + "2" + ] + }, + "upstreams": [ + { + "dial": "localhost:8080" + } + ] + } + ] + } + ] + } + } + } + } +} \ No newline at end of file diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index 003f6764..f4556ea2 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -131,12 +131,15 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { if toURL.Scheme == "https" && urlPort == "80" { return "", d.Err("upstream address has conflicting scheme (https://) and port (:80, the HTTP port)") } + if toURL.Scheme == "h2c" && urlPort == "443" { + return "", d.Err("upstream address has conflicting scheme (h2c://) and port (:443, the HTTPS port)") + } // if port is missing, attempt to infer from scheme if toURL.Port() == "" { var toPort string switch toURL.Scheme { - case "", "http": + case "", "http", "h2c": toPort = "80" case "https": toPort = "443" @@ -565,8 +568,9 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { } // if the scheme inferred from the backends' addresses is - // HTTPS, we will need a non-nil transport to enable TLS - if commonScheme == "https" && transport == nil { + // HTTPS, we will need a non-nil transport to enable TLS, + // or if H2C, to set the transport versions. + if (commonScheme == "https" || commonScheme == "h2c") && transport == nil { transport = new(HTTPTransport) transportModuleName = "http" } @@ -583,6 +587,9 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { if commonScheme == "http" && te.TLSEnabled() { return d.Errf("upstream address scheme is HTTP but transport is configured for HTTP+TLS (HTTPS)") } + if te, ok := transport.(*HTTPTransport); ok && commonScheme == "h2c" { + te.Versions = []string{"h2c", "2"} + } } else if commonScheme == "https" { return d.Errf("upstreams are configured for HTTPS but transport module does not support TLS: %T", transport) } From 3cfefeb0f71d54f1d9a76a63be7b97d0943c88ef Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 23 Nov 2020 14:46:50 -0500 Subject: [PATCH 0241/1498] httpcaddyfile: Configure servers via global options (#3836) * httpcaddyfile: First pass at implementing server options * httpcaddyfile: Add listener wrapper support * httpcaddyfile: Sort sbaddrs to make adapt output more deterministic * httpcaddyfile: Add server options adapt tests * httpcaddyfile: Windows line endings lol * caddytest: More windows line endings lol (sorry Matt) * Update caddyconfig/httpcaddyfile/serveroptions.go Co-authored-by: Matt Holt * httpcaddyfile: Reword listener address "matcher" * Apply suggestions from code review Co-authored-by: Matt Holt * httpcaddyfile: Deprecate experimental_http3 option (moved to servers) * httpcaddyfile: Remove validation step, no longer needed Co-authored-by: Matt Holt --- caddyconfig/httpcaddyfile/addresses.go | 8 + caddyconfig/httpcaddyfile/httptype.go | 55 +++- caddyconfig/httpcaddyfile/options.go | 5 + caddyconfig/httpcaddyfile/serveroptions.go | 235 ++++++++++++++++ .../global_server_options_multi.txt | 83 ++++++ .../global_server_options_single.txt | 62 +++++ .../caddyfile_adapt/handle_path.txt | 102 +++---- .../caddyfile_adapt/handle_path_sorting.txt | 208 +++++++------- .../caddyfile_adapt/import_args_file.txt | 96 +++---- .../caddyfile_adapt/import_args_snippet.txt | 164 +++++------ .../caddyfile_adapt/log_filters.txt | 136 ++++----- .../php_fastcgi_expanded_form.txt | 262 +++++++++--------- .../caddyfile_adapt/php_fastcgi_matcher.txt | 222 +++++++-------- ...sort_directives_with_any_matcher_first.txt | 100 +++---- modules/caddyhttp/caddyhttp.go | 4 + 15 files changed, 1084 insertions(+), 658 deletions(-) create mode 100644 caddyconfig/httpcaddyfile/serveroptions.go create mode 100644 caddytest/integration/caddyfile_adapt/global_server_options_multi.txt create mode 100644 caddytest/integration/caddyfile_adapt/global_server_options_single.txt diff --git a/caddyconfig/httpcaddyfile/addresses.go b/caddyconfig/httpcaddyfile/addresses.go index 51411a9a..71053204 100644 --- a/caddyconfig/httpcaddyfile/addresses.go +++ b/caddyconfig/httpcaddyfile/addresses.go @@ -18,6 +18,7 @@ import ( "fmt" "net" "reflect" + "sort" "strconv" "strings" "unicode" @@ -163,6 +164,13 @@ func (st *ServerType) consolidateAddrMappings(addrToServerBlocks map[string][]se sbaddrs = append(sbaddrs, a) } + + // sort them by their first address (we know there will always be at least one) + // to avoid problems with non-deterministic ordering (makes tests flaky) + sort.Slice(sbaddrs, func(i, j int) bool { + return sbaddrs[i].addresses[0] < sbaddrs[j].addresses[0] + }) + return sbaddrs } diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 35eab906..e4e40b28 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -218,13 +218,6 @@ func (st ServerType) Setup(inputServerBlocks []caddyfile.ServerBlock, return nil, warnings, err } - // if experimental HTTP/3 is enabled, enable it on each server - if enableH3, ok := options["experimental_http3"].(bool); ok && enableH3 { - for _, srv := range httpApp.Servers { - srv.ExperimentalHTTP3 = true - } - } - // extract any custom logs, and enforce configured levels var customLogs []namedCustomLog var hasDefaultLog bool @@ -311,23 +304,54 @@ func (ServerType) evaluateGlobalOptionsBlock(serverBlocks []serverBlock, options } for _, segment := range serverBlocks[0].block.Segments { - dir := segment.Directive() + opt := segment.Directive() var val interface{} var err error disp := caddyfile.NewDispenser(segment) - dirFunc, ok := registeredGlobalOptions[dir] + optFunc, ok := registeredGlobalOptions[opt] if !ok { tkn := segment[0] - return nil, fmt.Errorf("%s:%d: unrecognized global option: %s", tkn.File, tkn.Line, dir) + return nil, fmt.Errorf("%s:%d: unrecognized global option: %s", tkn.File, tkn.Line, opt) } - val, err = dirFunc(disp) + val, err = optFunc(disp) if err != nil { - return nil, fmt.Errorf("parsing caddyfile tokens for '%s': %v", dir, err) + return nil, fmt.Errorf("parsing caddyfile tokens for '%s': %v", opt, err) } - options[dir] = val + // As a special case, fold multiple "servers" options together + // in an array instead of overwriting a possible existing value + if opt == "servers" { + existingOpts, ok := options[opt].([]serverOptions) + if !ok { + existingOpts = []serverOptions{} + } + serverOpts, ok := val.(serverOptions) + if !ok { + return nil, fmt.Errorf("unexpected type from 'servers' global options") + } + options[opt] = append(existingOpts, serverOpts) + continue + } + + options[opt] = val + } + + // If we got "servers" options, we'll sort them by their listener address + if serverOpts, ok := options["servers"].([]serverOptions); ok { + sort.Slice(serverOpts, func(i, j int) bool { + return len(serverOpts[i].ListenerAddress) > len(serverOpts[j].ListenerAddress) + }) + + // Reject the config if there are duplicate listener address + seen := make(map[string]bool) + for _, entry := range serverOpts { + if _, alreadySeen := seen[entry.ListenerAddress]; alreadySeen { + return nil, fmt.Errorf("cannot have 'servers' global options with duplicate listener addresses: %s", entry.ListenerAddress) + } + seen[entry.ListenerAddress] = true + } } return serverBlocks[1:], nil @@ -602,6 +626,11 @@ func (st *ServerType) serversFromPairings( servers[fmt.Sprintf("srv%d", i)] = srv } + err := applyServerOptions(servers, options, warnings) + if err != nil { + return nil, err + } + return servers, nil } diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go index 7d34805c..5001974b 100644 --- a/caddyconfig/httpcaddyfile/options.go +++ b/caddyconfig/httpcaddyfile/options.go @@ -43,6 +43,7 @@ func init() { RegisterGlobalOption("local_certs", parseOptTrue) RegisterGlobalOption("key_type", parseOptSingleString) RegisterGlobalOption("auto_https", parseOptAutoHTTPS) + RegisterGlobalOption("servers", parseServerOptions) } func parseOptTrue(d *caddyfile.Dispenser) (interface{}, error) { @@ -361,3 +362,7 @@ func parseOptAutoHTTPS(d *caddyfile.Dispenser) (interface{}, error) { } return val, nil } + +func parseServerOptions(d *caddyfile.Dispenser) (interface{}, error) { + return unmarshalCaddyfileServerOptions(d) +} diff --git a/caddyconfig/httpcaddyfile/serveroptions.go b/caddyconfig/httpcaddyfile/serveroptions.go new file mode 100644 index 00000000..38fa0f15 --- /dev/null +++ b/caddyconfig/httpcaddyfile/serveroptions.go @@ -0,0 +1,235 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package httpcaddyfile + +import ( + "encoding/json" + "fmt" + + "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/caddy/v2/caddyconfig" + "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" + "github.com/caddyserver/caddy/v2/modules/caddyhttp" + "github.com/dustin/go-humanize" +) + +// serverOptions collects server config overrides parsed from Caddyfile global options +type serverOptions struct { + // If set, will only apply these options to servers that contain a + // listener address that matches exactly. If empty, will apply to all + // servers that were not already matched by another serverOptions. + ListenerAddress string + + // These will all map 1:1 to the caddyhttp.Server struct + ListenerWrappersRaw []json.RawMessage + ReadTimeout caddy.Duration + ReadHeaderTimeout caddy.Duration + WriteTimeout caddy.Duration + IdleTimeout caddy.Duration + MaxHeaderBytes int + AllowH2C bool + ExperimentalHTTP3 bool + StrictSNIHost *bool +} + +func unmarshalCaddyfileServerOptions(d *caddyfile.Dispenser) (interface{}, error) { + serverOpts := serverOptions{} + for d.Next() { + if d.NextArg() { + serverOpts.ListenerAddress = d.Val() + if d.NextArg() { + return nil, d.ArgErr() + } + } + for nesting := d.Nesting(); d.NextBlock(nesting); { + switch d.Val() { + case "listener_wrappers": + for nesting := d.Nesting(); d.NextBlock(nesting); { + mod, err := caddy.GetModule("caddy.listeners." + d.Val()) + if err != nil { + return nil, fmt.Errorf("finding listener module '%s': %v", d.Val(), err) + } + unm, ok := mod.New().(caddyfile.Unmarshaler) + if !ok { + return nil, fmt.Errorf("listener module '%s' is not a Caddyfile unmarshaler", mod) + } + err = unm.UnmarshalCaddyfile(d.NewFromNextSegment()) + if err != nil { + return nil, err + } + listenerWrapper, ok := unm.(caddy.ListenerWrapper) + if !ok { + return nil, fmt.Errorf("module %s is not a listener wrapper", mod) + } + jsonListenerWrapper := caddyconfig.JSONModuleObject( + listenerWrapper, + "wrapper", + listenerWrapper.(caddy.Module).CaddyModule().ID.Name(), + nil, + ) + serverOpts.ListenerWrappersRaw = append(serverOpts.ListenerWrappersRaw, jsonListenerWrapper) + } + + case "timeouts": + for nesting := d.Nesting(); d.NextBlock(nesting); { + switch d.Val() { + case "read_body": + if !d.NextArg() { + return nil, d.ArgErr() + } + dur, err := caddy.ParseDuration(d.Val()) + if err != nil { + return nil, d.Errf("parsing read_body timeout duration: %v", err) + } + serverOpts.ReadTimeout = caddy.Duration(dur) + + case "read_header": + if !d.NextArg() { + return nil, d.ArgErr() + } + dur, err := caddy.ParseDuration(d.Val()) + if err != nil { + return nil, d.Errf("parsing read_header timeout duration: %v", err) + } + serverOpts.ReadHeaderTimeout = caddy.Duration(dur) + + case "write": + if !d.NextArg() { + return nil, d.ArgErr() + } + dur, err := caddy.ParseDuration(d.Val()) + if err != nil { + return nil, d.Errf("parsing write timeout duration: %v", err) + } + serverOpts.WriteTimeout = caddy.Duration(dur) + + case "idle": + if !d.NextArg() { + return nil, d.ArgErr() + } + dur, err := caddy.ParseDuration(d.Val()) + if err != nil { + return nil, d.Errf("parsing idle timeout duration: %v", err) + } + serverOpts.IdleTimeout = caddy.Duration(dur) + + default: + return nil, d.Errf("unrecognized timeouts option '%s'", d.Val()) + } + } + + case "max_header_size": + var sizeStr string + if !d.AllArgs(&sizeStr) { + return nil, d.ArgErr() + } + size, err := humanize.ParseBytes(sizeStr) + if err != nil { + return nil, d.Errf("parsing max_header_size: %v", err) + } + serverOpts.MaxHeaderBytes = int(size) + + case "protocol": + for nesting := d.Nesting(); d.NextBlock(nesting); { + switch d.Val() { + case "allow_h2c": + if d.NextArg() { + return nil, d.ArgErr() + } + serverOpts.AllowH2C = true + + case "experimental_http3": + if d.NextArg() { + return nil, d.ArgErr() + } + serverOpts.ExperimentalHTTP3 = true + + case "strict_sni_host": + if d.NextArg() { + return nil, d.ArgErr() + } + trueBool := true + serverOpts.StrictSNIHost = &trueBool + + default: + return nil, d.Errf("unrecognized protocol option '%s'", d.Val()) + } + } + + default: + return nil, d.Errf("unrecognized servers option '%s'", d.Val()) + } + } + } + return serverOpts, nil +} + +// applyServerOptions sets the server options on the appropriate servers +func applyServerOptions( + servers map[string]*caddyhttp.Server, + options map[string]interface{}, + warnings *[]caddyconfig.Warning, +) error { + // If experimental HTTP/3 is enabled, enable it on each server. + // We already know there won't be a conflict with serverOptions because + // we validated earlier that "experimental_http3" cannot be set at the same + // time as "servers" + if enableH3, ok := options["experimental_http3"].(bool); ok && enableH3 { + *warnings = append(*warnings, caddyconfig.Warning{Message: "the 'experimental_http3' global option is deprecated, please use the 'servers > protocol > experimental_http3' option instead"}) + for _, srv := range servers { + srv.ExperimentalHTTP3 = true + } + } + + serverOpts, ok := options["servers"].([]serverOptions) + if !ok { + return nil + } + + for _, server := range servers { + // find the options that apply to this server + opts := func() *serverOptions { + for _, entry := range serverOpts { + if entry.ListenerAddress == "" { + return &entry + } + for _, listener := range server.Listen { + if entry.ListenerAddress == listener { + return &entry + } + } + } + return nil + }() + + // if none apply, then move to the next server + if opts == nil { + continue + } + + // set all the options + server.ListenerWrappersRaw = opts.ListenerWrappersRaw + server.ReadTimeout = opts.ReadTimeout + server.ReadHeaderTimeout = opts.ReadHeaderTimeout + server.WriteTimeout = opts.WriteTimeout + server.IdleTimeout = opts.IdleTimeout + server.MaxHeaderBytes = opts.MaxHeaderBytes + server.AllowH2C = opts.AllowH2C + server.ExperimentalHTTP3 = opts.ExperimentalHTTP3 + server.StrictSNIHost = opts.StrictSNIHost + } + + return nil +} diff --git a/caddytest/integration/caddyfile_adapt/global_server_options_multi.txt b/caddytest/integration/caddyfile_adapt/global_server_options_multi.txt new file mode 100644 index 00000000..653eee53 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/global_server_options_multi.txt @@ -0,0 +1,83 @@ +{ + servers { + timeouts { + idle 90s + } + } + servers :80 { + timeouts { + idle 60s + } + } + servers :443 { + timeouts { + idle 30s + } + } +} + +foo.com { +} + +http://bar.com { +} + +:8080 { +} + +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "idle_timeout": 30000000000, + "routes": [ + { + "match": [ + { + "host": [ + "foo.com" + ] + } + ], + "terminal": true + } + ] + }, + "srv1": { + "listen": [ + ":80" + ], + "idle_timeout": 60000000000, + "routes": [ + { + "match": [ + { + "host": [ + "bar.com" + ] + } + ], + "terminal": true + } + ], + "automatic_https": { + "skip": [ + "bar.com" + ] + } + }, + "srv2": { + "listen": [ + ":8080" + ], + "idle_timeout": 90000000000 + } + } + } + } +} diff --git a/caddytest/integration/caddyfile_adapt/global_server_options_single.txt b/caddytest/integration/caddyfile_adapt/global_server_options_single.txt new file mode 100644 index 00000000..5a5c64cd --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/global_server_options_single.txt @@ -0,0 +1,62 @@ +{ + servers { + listener_wrappers { + tls + } + timeouts { + read_body 30s + read_header 30s + write 30s + idle 30s + } + max_header_size 100MB + protocol { + allow_h2c + experimental_http3 + strict_sni_host + } + } +} + +foo.com { +} + +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "listener_wrappers": [ + { + "wrapper": "tls" + } + ], + "read_timeout": 30000000000, + "read_header_timeout": 30000000000, + "write_timeout": 30000000000, + "idle_timeout": 30000000000, + "max_header_bytes": 100000000, + "routes": [ + { + "match": [ + { + "host": [ + "foo.com" + ] + } + ], + "terminal": true + } + ], + "strict_sni_host": true, + "experimental_http3": true, + "allow_h2c": true + } + } + } + } +} \ No newline at end of file diff --git a/caddytest/integration/caddyfile_adapt/handle_path.txt b/caddytest/integration/caddyfile_adapt/handle_path.txt index 7f40fcf2..f8817433 100644 --- a/caddytest/integration/caddyfile_adapt/handle_path.txt +++ b/caddytest/integration/caddyfile_adapt/handle_path.txt @@ -1,52 +1,52 @@ -:80 -handle_path /api/v1/* { - respond "API v1" -} ----------- -{ - "apps": { - "http": { - "servers": { - "srv0": { - "listen": [ - ":80" - ], - "routes": [ - { - "match": [ - { - "path": [ - "/api/v1/*" - ] - } - ], - "handle": [ - { - "handler": "subroute", - "routes": [ - { - "handle": [ - { - "handler": "rewrite", - "strip_path_prefix": "/api/v1" - } - ] - }, - { - "handle": [ - { - "body": "API v1", - "handler": "static_response" - } - ] - } - ] - } - ] - } - ] - } - } - } - } +:80 +handle_path /api/v1/* { + respond "API v1" +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":80" + ], + "routes": [ + { + "match": [ + { + "path": [ + "/api/v1/*" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "handler": "rewrite", + "strip_path_prefix": "/api/v1" + } + ] + }, + { + "handle": [ + { + "body": "API v1", + "handler": "static_response" + } + ] + } + ] + } + ] + } + ] + } + } + } + } } \ No newline at end of file diff --git a/caddytest/integration/caddyfile_adapt/handle_path_sorting.txt b/caddytest/integration/caddyfile_adapt/handle_path_sorting.txt index 3258dc9b..0a89f2ae 100644 --- a/caddytest/integration/caddyfile_adapt/handle_path_sorting.txt +++ b/caddytest/integration/caddyfile_adapt/handle_path_sorting.txt @@ -1,105 +1,105 @@ -:80 { - handle /api/* { - respond "api" - } - - handle_path /static/* { - respond "static" - } - - handle { - respond "handle" - } -} ----------- -{ - "apps": { - "http": { - "servers": { - "srv0": { - "listen": [ - ":80" - ], - "routes": [ - { - "group": "group3", - "match": [ - { - "path": [ - "/static/*" - ] - } - ], - "handle": [ - { - "handler": "subroute", - "routes": [ - { - "handle": [ - { - "handler": "rewrite", - "strip_path_prefix": "/static" - } - ] - }, - { - "handle": [ - { - "body": "static", - "handler": "static_response" - } - ] - } - ] - } - ] - }, - { - "group": "group3", - "match": [ - { - "path": [ - "/api/*" - ] - } - ], - "handle": [ - { - "handler": "subroute", - "routes": [ - { - "handle": [ - { - "body": "api", - "handler": "static_response" - } - ] - } - ] - } - ] - }, - { - "group": "group3", - "handle": [ - { - "handler": "subroute", - "routes": [ - { - "handle": [ - { - "body": "handle", - "handler": "static_response" - } - ] - } - ] - } - ] - } - ] - } - } - } - } +:80 { + handle /api/* { + respond "api" + } + + handle_path /static/* { + respond "static" + } + + handle { + respond "handle" + } +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":80" + ], + "routes": [ + { + "group": "group3", + "match": [ + { + "path": [ + "/static/*" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "handler": "rewrite", + "strip_path_prefix": "/static" + } + ] + }, + { + "handle": [ + { + "body": "static", + "handler": "static_response" + } + ] + } + ] + } + ] + }, + { + "group": "group3", + "match": [ + { + "path": [ + "/api/*" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "body": "api", + "handler": "static_response" + } + ] + } + ] + } + ] + }, + { + "group": "group3", + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "body": "handle", + "handler": "static_response" + } + ] + } + ] + } + ] + } + ] + } + } + } + } } \ No newline at end of file diff --git a/caddytest/integration/caddyfile_adapt/import_args_file.txt b/caddytest/integration/caddyfile_adapt/import_args_file.txt index 6947f681..1eb78f19 100644 --- a/caddytest/integration/caddyfile_adapt/import_args_file.txt +++ b/caddytest/integration/caddyfile_adapt/import_args_file.txt @@ -1,49 +1,49 @@ -example.com - -import testdata/import_respond.txt Groot Rocket -import testdata/import_respond.txt you "the confused man" ----------- -{ - "apps": { - "http": { - "servers": { - "srv0": { - "listen": [ - ":443" - ], - "routes": [ - { - "match": [ - { - "host": [ - "example.com" - ] - } - ], - "handle": [ - { - "handler": "subroute", - "routes": [ - { - "handle": [ - { - "body": "'I am Groot', hears Rocket", - "handler": "static_response" - }, - { - "body": "'I am you', hears the confused man", - "handler": "static_response" - } - ] - } - ] - } - ], - "terminal": true - } - ] - } - } - } - } +example.com + +import testdata/import_respond.txt Groot Rocket +import testdata/import_respond.txt you "the confused man" +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "example.com" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "body": "'I am Groot', hears Rocket", + "handler": "static_response" + }, + { + "body": "'I am you', hears the confused man", + "handler": "static_response" + } + ] + } + ] + } + ], + "terminal": true + } + ] + } + } + } + } } \ No newline at end of file diff --git a/caddytest/integration/caddyfile_adapt/import_args_snippet.txt b/caddytest/integration/caddyfile_adapt/import_args_snippet.txt index 8d2ff34a..9fce9abe 100644 --- a/caddytest/integration/caddyfile_adapt/import_args_snippet.txt +++ b/caddytest/integration/caddyfile_adapt/import_args_snippet.txt @@ -1,83 +1,83 @@ -(logging) { - log { - output file /var/log/caddy/{args.0}.access.log - } -} - -a.example.com { - import logging a.example.com -} - -b.example.com { - import logging b.example.com -} ----------- -{ - "logging": { - "logs": { - "default": { - "exclude": [ - "http.log.access.log0", - "http.log.access.log1" - ] - }, - "log0": { - "writer": { - "filename": "/var/log/caddy/a.example.com.access.log", - "output": "file" - }, - "include": [ - "http.log.access.log0" - ] - }, - "log1": { - "writer": { - "filename": "/var/log/caddy/b.example.com.access.log", - "output": "file" - }, - "include": [ - "http.log.access.log1" - ] - } - } - }, - "apps": { - "http": { - "servers": { - "srv0": { - "listen": [ - ":443" - ], - "routes": [ - { - "match": [ - { - "host": [ - "a.example.com" - ] - } - ], - "terminal": true - }, - { - "match": [ - { - "host": [ - "b.example.com" - ] - } - ], - "terminal": true - } - ], - "logs": { - "logger_names": { - "a.example.com": "log0", - "b.example.com": "log1" - } - } - } - } - } - } +(logging) { + log { + output file /var/log/caddy/{args.0}.access.log + } +} + +a.example.com { + import logging a.example.com +} + +b.example.com { + import logging b.example.com +} +---------- +{ + "logging": { + "logs": { + "default": { + "exclude": [ + "http.log.access.log0", + "http.log.access.log1" + ] + }, + "log0": { + "writer": { + "filename": "/var/log/caddy/a.example.com.access.log", + "output": "file" + }, + "include": [ + "http.log.access.log0" + ] + }, + "log1": { + "writer": { + "filename": "/var/log/caddy/b.example.com.access.log", + "output": "file" + }, + "include": [ + "http.log.access.log1" + ] + } + } + }, + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "a.example.com" + ] + } + ], + "terminal": true + }, + { + "match": [ + { + "host": [ + "b.example.com" + ] + } + ], + "terminal": true + } + ], + "logs": { + "logger_names": { + "a.example.com": "log0", + "b.example.com": "log1" + } + } + } + } + } + } } \ No newline at end of file diff --git a/caddytest/integration/caddyfile_adapt/log_filters.txt b/caddytest/integration/caddyfile_adapt/log_filters.txt index 549f4e6a..ab118074 100644 --- a/caddytest/integration/caddyfile_adapt/log_filters.txt +++ b/caddytest/integration/caddyfile_adapt/log_filters.txt @@ -1,69 +1,69 @@ -:80 - -log { - output stdout - format filter { - wrap console - fields { - request>headers>Authorization delete - request>headers>Server delete - request>remote_addr ip_mask { - ipv4 24 - ipv6 32 - } - } - } -} ----------- -{ - "logging": { - "logs": { - "default": { - "exclude": [ - "http.log.access.log0" - ] - }, - "log0": { - "writer": { - "output": "stdout" - }, - "encoder": { - "fields": { - "request\u003eheaders\u003eAuthorization": { - "filter": "delete" - }, - "request\u003eheaders\u003eServer": { - "filter": "delete" - }, - "request\u003eremote_addr": { - "filter": "ip_mask", - "ipv4_cidr": 24, - "ipv6_cidr": 32 - } - }, - "format": "filter", - "wrap": { - "format": "console" - } - }, - "include": [ - "http.log.access.log0" - ] - } - } - }, - "apps": { - "http": { - "servers": { - "srv0": { - "listen": [ - ":80" - ], - "logs": { - "default_logger_name": "log0" - } - } - } - } - } +:80 + +log { + output stdout + format filter { + wrap console + fields { + request>headers>Authorization delete + request>headers>Server delete + request>remote_addr ip_mask { + ipv4 24 + ipv6 32 + } + } + } +} +---------- +{ + "logging": { + "logs": { + "default": { + "exclude": [ + "http.log.access.log0" + ] + }, + "log0": { + "writer": { + "output": "stdout" + }, + "encoder": { + "fields": { + "request\u003eheaders\u003eAuthorization": { + "filter": "delete" + }, + "request\u003eheaders\u003eServer": { + "filter": "delete" + }, + "request\u003eremote_addr": { + "filter": "ip_mask", + "ipv4_cidr": 24, + "ipv6_cidr": 32 + } + }, + "format": "filter", + "wrap": { + "format": "console" + } + }, + "include": [ + "http.log.access.log0" + ] + } + } + }, + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":80" + ], + "logs": { + "default_logger_name": "log0" + } + } + } + } + } } \ No newline at end of file diff --git a/caddytest/integration/caddyfile_adapt/php_fastcgi_expanded_form.txt b/caddytest/integration/caddyfile_adapt/php_fastcgi_expanded_form.txt index d4531289..bb7c7f7b 100644 --- a/caddytest/integration/caddyfile_adapt/php_fastcgi_expanded_form.txt +++ b/caddytest/integration/caddyfile_adapt/php_fastcgi_expanded_form.txt @@ -1,132 +1,132 @@ -:8886 - -route { - # Add trailing slash for directory requests - @canonicalPath { - file { - try_files {path}/index.php - } - not path */ - } - redir @canonicalPath {path}/ 308 - - # If the requested file does not exist, try index files - @indexFiles { - file { - try_files {path} {path}/index.php index.php - split_path .php - } - } - rewrite @indexFiles {http.matchers.file.relative} - - # Proxy PHP files to the FastCGI responder - @phpFiles { - path *.php - } - reverse_proxy @phpFiles 127.0.0.1:9000 { - transport fastcgi { - split .php - } - } -} ----------- -{ - "apps": { - "http": { - "servers": { - "srv0": { - "listen": [ - ":8886" - ], - "routes": [ - { - "handle": [ - { - "handler": "subroute", - "routes": [ - { - "handle": [ - { - "handler": "static_response", - "headers": { - "Location": [ - "{http.request.uri.path}/" - ] - }, - "status_code": 308 - } - ], - "match": [ - { - "file": { - "try_files": [ - "{http.request.uri.path}/index.php" - ] - }, - "not": [ - { - "path": [ - "*/" - ] - } - ] - } - ] - }, - { - "handle": [ - { - "handler": "rewrite", - "uri": "{http.matchers.file.relative}" - } - ], - "match": [ - { - "file": { - "split_path": [ - ".php" - ], - "try_files": [ - "{http.request.uri.path}", - "{http.request.uri.path}/index.php", - "index.php" - ] - } - } - ] - }, - { - "handle": [ - { - "handler": "reverse_proxy", - "transport": { - "protocol": "fastcgi", - "split_path": [ - ".php" - ] - }, - "upstreams": [ - { - "dial": "127.0.0.1:9000" - } - ] - } - ], - "match": [ - { - "path": [ - "*.php" - ] - } - ] - } - ] - } - ] - } - ] - } - } - } - } +:8886 + +route { + # Add trailing slash for directory requests + @canonicalPath { + file { + try_files {path}/index.php + } + not path */ + } + redir @canonicalPath {path}/ 308 + + # If the requested file does not exist, try index files + @indexFiles { + file { + try_files {path} {path}/index.php index.php + split_path .php + } + } + rewrite @indexFiles {http.matchers.file.relative} + + # Proxy PHP files to the FastCGI responder + @phpFiles { + path *.php + } + reverse_proxy @phpFiles 127.0.0.1:9000 { + transport fastcgi { + split .php + } + } +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":8886" + ], + "routes": [ + { + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "handler": "static_response", + "headers": { + "Location": [ + "{http.request.uri.path}/" + ] + }, + "status_code": 308 + } + ], + "match": [ + { + "file": { + "try_files": [ + "{http.request.uri.path}/index.php" + ] + }, + "not": [ + { + "path": [ + "*/" + ] + } + ] + } + ] + }, + { + "handle": [ + { + "handler": "rewrite", + "uri": "{http.matchers.file.relative}" + } + ], + "match": [ + { + "file": { + "split_path": [ + ".php" + ], + "try_files": [ + "{http.request.uri.path}", + "{http.request.uri.path}/index.php", + "index.php" + ] + } + } + ] + }, + { + "handle": [ + { + "handler": "reverse_proxy", + "transport": { + "protocol": "fastcgi", + "split_path": [ + ".php" + ] + }, + "upstreams": [ + { + "dial": "127.0.0.1:9000" + } + ] + } + ], + "match": [ + { + "path": [ + "*.php" + ] + } + ] + } + ] + } + ] + } + ] + } + } + } + } } \ No newline at end of file diff --git a/caddytest/integration/caddyfile_adapt/php_fastcgi_matcher.txt b/caddytest/integration/caddyfile_adapt/php_fastcgi_matcher.txt index 2f4e6fe5..488c5252 100644 --- a/caddytest/integration/caddyfile_adapt/php_fastcgi_matcher.txt +++ b/caddytest/integration/caddyfile_adapt/php_fastcgi_matcher.txt @@ -1,112 +1,112 @@ -:8884 - -@api host example.com -php_fastcgi @api localhost:9000 ----------- -{ - "apps": { - "http": { - "servers": { - "srv0": { - "listen": [ - ":8884" - ], - "routes": [ - { - "match": [ - { - "host": [ - "example.com" - ] - } - ], - "handle": [ - { - "handler": "subroute", - "routes": [ - { - "handle": [ - { - "handler": "static_response", - "headers": { - "Location": [ - "{http.request.uri.path}/" - ] - }, - "status_code": 308 - } - ], - "match": [ - { - "file": { - "try_files": [ - "{http.request.uri.path}/index.php" - ] - }, - "not": [ - { - "path": [ - "*/" - ] - } - ] - } - ] - }, - { - "handle": [ - { - "handler": "rewrite", - "uri": "{http.matchers.file.relative}" - } - ], - "match": [ - { - "file": { - "split_path": [ - ".php" - ], - "try_files": [ - "{http.request.uri.path}", - "{http.request.uri.path}/index.php", - "index.php" - ] - } - } - ] - }, - { - "handle": [ - { - "handler": "reverse_proxy", - "transport": { - "protocol": "fastcgi", - "split_path": [ - ".php" - ] - }, - "upstreams": [ - { - "dial": "localhost:9000" - } - ] - } - ], - "match": [ - { - "path": [ - "*.php" - ] - } - ] - } - ] - } - ] - } - ] - } - } - } - } +:8884 + +@api host example.com +php_fastcgi @api localhost:9000 +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":8884" + ], + "routes": [ + { + "match": [ + { + "host": [ + "example.com" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "handler": "static_response", + "headers": { + "Location": [ + "{http.request.uri.path}/" + ] + }, + "status_code": 308 + } + ], + "match": [ + { + "file": { + "try_files": [ + "{http.request.uri.path}/index.php" + ] + }, + "not": [ + { + "path": [ + "*/" + ] + } + ] + } + ] + }, + { + "handle": [ + { + "handler": "rewrite", + "uri": "{http.matchers.file.relative}" + } + ], + "match": [ + { + "file": { + "split_path": [ + ".php" + ], + "try_files": [ + "{http.request.uri.path}", + "{http.request.uri.path}/index.php", + "index.php" + ] + } + } + ] + }, + { + "handle": [ + { + "handler": "reverse_proxy", + "transport": { + "protocol": "fastcgi", + "split_path": [ + ".php" + ] + }, + "upstreams": [ + { + "dial": "localhost:9000" + } + ] + } + ], + "match": [ + { + "path": [ + "*.php" + ] + } + ] + } + ] + } + ] + } + ] + } + } + } + } } \ No newline at end of file diff --git a/caddytest/integration/caddyfile_adapt/sort_directives_with_any_matcher_first.txt b/caddytest/integration/caddyfile_adapt/sort_directives_with_any_matcher_first.txt index 6203a89c..3859a7e5 100644 --- a/caddytest/integration/caddyfile_adapt/sort_directives_with_any_matcher_first.txt +++ b/caddytest/integration/caddyfile_adapt/sort_directives_with_any_matcher_first.txt @@ -1,51 +1,51 @@ -:80 - -respond 200 - -@untrusted not remote_ip 10.1.1.0/24 -respond @untrusted 401 ----------- -{ - "apps": { - "http": { - "servers": { - "srv0": { - "listen": [ - ":80" - ], - "routes": [ - { - "match": [ - { - "not": [ - { - "remote_ip": { - "ranges": [ - "10.1.1.0/24" - ] - } - } - ] - } - ], - "handle": [ - { - "handler": "static_response", - "status_code": 401 - } - ] - }, - { - "handle": [ - { - "handler": "static_response", - "status_code": 200 - } - ] - } - ] - } - } - } - } +:80 + +respond 200 + +@untrusted not remote_ip 10.1.1.0/24 +respond @untrusted 401 +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":80" + ], + "routes": [ + { + "match": [ + { + "not": [ + { + "remote_ip": { + "ranges": [ + "10.1.1.0/24" + ] + } + } + ] + } + ], + "handle": [ + { + "handler": "static_response", + "status_code": 401 + } + ] + }, + { + "handle": [ + { + "handler": "static_response", + "status_code": 200 + } + ] + } + ] + } + } + } + } } \ No newline at end of file diff --git a/modules/caddyhttp/caddyhttp.go b/modules/caddyhttp/caddyhttp.go index 485afe09..d93a5c8a 100644 --- a/modules/caddyhttp/caddyhttp.go +++ b/modules/caddyhttp/caddyhttp.go @@ -23,6 +23,7 @@ import ( "strconv" "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" ) func init() { @@ -231,6 +232,8 @@ func (tlsPlaceholderWrapper) CaddyModule() caddy.ModuleInfo { func (tlsPlaceholderWrapper) WrapListener(ln net.Listener) net.Listener { return ln } +func (tlsPlaceholderWrapper) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return nil } + const ( // DefaultHTTPPort is the default port for HTTP. DefaultHTTPPort = 80 @@ -241,3 +244,4 @@ const ( // Interface guard var _ caddy.ListenerWrapper = (*tlsPlaceholderWrapper)(nil) +var _ caddyfile.Unmarshaler = (*tlsPlaceholderWrapper)(nil) From c6dec305357868ec9ba7fbc45e6cb70404cc23a6 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 23 Nov 2020 14:51:35 -0500 Subject: [PATCH 0242/1498] caddyfile: Add support for env var defaults; add tests (#3682) * caddyfile: Add support for env var defaults, tests * caddyfile: Use ?? instead, fix redundant cast, remove env chaining * caddyfile: Use : instead --- caddyconfig/caddyfile/parse.go | 25 +++++++++++++++++++------ caddyconfig/caddyfile/parse_test.go | 17 +++++++++++++++++ 2 files changed, 36 insertions(+), 6 deletions(-) diff --git a/caddyconfig/caddyfile/parse.go b/caddyconfig/caddyfile/parse.go index 4ae98ca4..50e3244b 100755 --- a/caddyconfig/caddyfile/parse.go +++ b/caddyconfig/caddyfile/parse.go @@ -60,21 +60,31 @@ func replaceEnvVars(input []byte) ([]byte, error) { end += begin + len(spanOpen) // make end relative to input, not begin // get the name; if there is no name, skip it - envVarName := input[begin+len(spanOpen) : end] - if len(envVarName) == 0 { + envString := input[begin+len(spanOpen) : end] + if len(envString) == 0 { offset = end + len(spanClose) continue } + // split the string into a key and an optional default + envParts := strings.SplitN(string(envString), envVarDefaultDelimiter, 2) + + // do a lookup for the env var, replace with the default if not found + envVarValue, found := os.LookupEnv(envParts[0]) + if !found && len(envParts) == 2 { + envVarValue = envParts[1] + } + // get the value of the environment variable - envVarValue := []byte(os.ExpandEnv(os.Getenv(string(envVarName)))) + // note that this causes one-level deep chaining + envVarBytes := []byte(envVarValue) // splice in the value input = append(input[:begin], - append(envVarValue, input[end+len(spanClose):]...)...) + append(envVarBytes, input[end+len(spanClose):]...)...) // continue at the end of the replacement - offset = begin + len(envVarValue) + offset = begin + len(envVarBytes) } return input, nil } @@ -548,4 +558,7 @@ func (s Segment) Directive() string { // spanOpen and spanClose are used to bound spans that // contain the name of an environment variable. -var spanOpen, spanClose = []byte{'{', '$'}, []byte{'}'} +var ( + spanOpen, spanClose = []byte{'{', '$'}, []byte{'}'} + envVarDefaultDelimiter = ":" +) diff --git a/caddyconfig/caddyfile/parse_test.go b/caddyconfig/caddyfile/parse_test.go index 12c30c86..94a69a41 100755 --- a/caddyconfig/caddyfile/parse_test.go +++ b/caddyconfig/caddyfile/parse_test.go @@ -478,6 +478,7 @@ func TestParseAll(t *testing.T) { func TestEnvironmentReplacement(t *testing.T) { os.Setenv("FOOBAR", "foobar") + os.Setenv("CHAINED", "$FOOBAR") for i, test := range []struct { input string @@ -523,6 +524,22 @@ func TestEnvironmentReplacement(t *testing.T) { input: "{$FOOBAR}{$FOOBAR}", expect: "foobarfoobar", }, + { + input: "{$CHAINED}", + expect: "$FOOBAR", // should not chain env expands + }, + { + input: "{$FOO:default}", + expect: "default", + }, + { + input: "foo{$BAR:bar}baz", + expect: "foobarbaz", + }, + { + input: "foo{$BAR:$FOOBAR}baz", + expect: "foo$FOOBARbaz", // should not chain env expands + }, { input: "{$FOOBAR", expect: "{$FOOBAR", From 06ba006f9bb7fe4fe8fb97bbda594f3c438cb6ad Mon Sep 17 00:00:00 2001 From: Ian Date: Mon, 23 Nov 2020 12:03:58 -0800 Subject: [PATCH 0243/1498] acme_server: switch to bbolt storage (#3868) * acme_server: switch to bbolt storage There have been some issues with the badger storage engine being used by the embedded acme_server. This will replace the storage engine with bbolt * Switch database path back to acme_server/db and remove if directory --- modules/caddypki/acmeserver/acmeserver.go | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/modules/caddypki/acmeserver/acmeserver.go b/modules/caddypki/acmeserver/acmeserver.go index 9d8a6fc9..5c9f74b7 100644 --- a/modules/caddypki/acmeserver/acmeserver.go +++ b/modules/caddypki/acmeserver/acmeserver.go @@ -32,6 +32,7 @@ import ( "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/db" "github.com/smallstep/nosql" + "go.uber.org/zap" ) func init() { @@ -77,6 +78,7 @@ func (Handler) CaddyModule() caddy.ModuleInfo { // Provision sets up the ACME server handler. func (ash *Handler) Provision(ctx caddy.Context) error { + logger := ctx.Logger(ash) // set some defaults if ash.CA == "" { ash.CA = caddypki.DefaultCAID @@ -99,7 +101,8 @@ func (ash *Handler) Provision(ctx caddy.Context) error { return fmt.Errorf("no certificate authority configured with id: %s", ash.CA) } - dbFolder := filepath.Join(caddy.AppDataDir(), "acme_server", "db") + dbFolder := filepath.Join(caddy.AppDataDir(), "acme_server") + dbPath := filepath.Join(dbFolder, "db") // TODO: See https://github.com/smallstep/nosql/issues/7 err = os.MkdirAll(dbFolder, 0755) @@ -107,6 +110,18 @@ func (ash *Handler) Provision(ctx caddy.Context) error { return fmt.Errorf("making folder for ACME server database: %v", err) } + // Check to see if previous db exists + var stat os.FileInfo + stat, err = os.Stat(dbPath) + if stat != nil && err == nil { + // A badger db is found and should be removed + if stat.IsDir() { + logger.Warn("Found an old badger database and removing it", + zap.String("path", dbPath)) + _ = os.RemoveAll(dbPath) + } + } + authorityConfig := caddypki.AuthorityConfig{ AuthConfig: &authority.AuthConfig{ Provisioners: provisioner.List{ @@ -122,8 +137,8 @@ func (ash *Handler) Provision(ctx caddy.Context) error { }, }, DB: &db.Config{ - Type: "badger", - DataSource: dbFolder, + Type: "bbolt", + DataSource: dbPath, }, } From c5197f59991df7fbe6b921a2a84483d108525d03 Mon Sep 17 00:00:00 2001 From: Ian Date: Mon, 23 Nov 2020 12:58:26 -0800 Subject: [PATCH 0244/1498] acme_server: fix reload of acme database (#3874) * acme_server: Refactor database creation apart from authority creation This is a WIP commit that doesn't really offer anything other than setting us up for using a UsagePool to gracefully reload acme_server configs. * Implement UsagePool * Remove unused context * Fix initializing non-ACME CA This will handle cases where a DB is not provided * Sanitize acme db path and clean debug logs * Move regex to package level to prevent recompiling --- modules/caddypki/acmeserver/acmeserver.go | 86 +++++++++++++++++------ modules/caddypki/ca.go | 12 ++-- 2 files changed, 71 insertions(+), 27 deletions(-) diff --git a/modules/caddypki/acmeserver/acmeserver.go b/modules/caddypki/acmeserver/acmeserver.go index 5c9f74b7..d5e55594 100644 --- a/modules/caddypki/acmeserver/acmeserver.go +++ b/modules/caddypki/acmeserver/acmeserver.go @@ -19,6 +19,7 @@ import ( "net/http" "os" "path/filepath" + "regexp" "strings" "time" @@ -66,6 +67,7 @@ type Handler struct { PathPrefix string `json:"path_prefix,omitempty"` acmeEndpoints http.Handler + logger *zap.Logger } // CaddyModule returns the Caddy module information. @@ -78,7 +80,7 @@ func (Handler) CaddyModule() caddy.ModuleInfo { // Provision sets up the ACME server handler. func (ash *Handler) Provision(ctx caddy.Context) error { - logger := ctx.Logger(ash) + ash.logger = ctx.Logger(ash) // set some defaults if ash.CA == "" { ash.CA = caddypki.DefaultCAID @@ -101,25 +103,9 @@ func (ash *Handler) Provision(ctx caddy.Context) error { return fmt.Errorf("no certificate authority configured with id: %s", ash.CA) } - dbFolder := filepath.Join(caddy.AppDataDir(), "acme_server") - dbPath := filepath.Join(dbFolder, "db") - - // TODO: See https://github.com/smallstep/nosql/issues/7 - err = os.MkdirAll(dbFolder, 0755) + database, err := ash.openDatabase() if err != nil { - return fmt.Errorf("making folder for ACME server database: %v", err) - } - - // Check to see if previous db exists - var stat os.FileInfo - stat, err = os.Stat(dbPath) - if stat != nil && err == nil { - // A badger db is found and should be removed - if stat.IsDir() { - logger.Warn("Found an old badger database and removing it", - zap.String("path", dbPath)) - _ = os.RemoveAll(dbPath) - } + return err } authorityConfig := caddypki.AuthorityConfig{ @@ -136,10 +122,7 @@ func (ash *Handler) Provision(ctx caddy.Context) error { }, }, }, - DB: &db.Config{ - Type: "bbolt", - DataSource: dbPath, - }, + DB: database, } auth, err := ca.NewAuthority(authorityConfig) @@ -175,11 +158,68 @@ func (ash Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyh return next.ServeHTTP(w, r) } +func (ash Handler) getDatabaseKey() string { + key := ash.CA + key = strings.ToLower(key) + key = strings.TrimSpace(key) + return keyCleaner.ReplaceAllLiteralString(key, "") +} + +// Cleanup implements caddy.CleanerUpper and closes any idle databases. +func (ash Handler) Cleanup() error { + key := ash.getDatabaseKey() + deleted, err := databasePool.Delete(key) + if deleted { + ash.logger.Debug("unloading unused CA database", zap.String("db_key", key)) + } + if err != nil { + ash.logger.Error("closing CA database", zap.String("db_key", key), zap.Error(err)) + } + return err +} + +func (ash Handler) openDatabase() (*db.AuthDB, error) { + key := ash.getDatabaseKey() + database, loaded, err := databasePool.LoadOrNew(key, func() (caddy.Destructor, error) { + dbFolder := filepath.Join(caddy.AppDataDir(), "acme_server", key) + dbPath := filepath.Join(dbFolder, "db") + + err := os.MkdirAll(dbFolder, 0755) + if err != nil { + return nil, fmt.Errorf("making folder for CA database: %v", err) + } + + dbConfig := &db.Config{ + Type: "bbolt", + DataSource: dbPath, + } + database, err := db.New(dbConfig) + return databaseCloser{&database}, err + }) + + if loaded { + ash.logger.Debug("loaded preexisting CA database", zap.String("db_key", key)) + } + + return database.(databaseCloser).DB, err +} + const ( defaultHost = "localhost" defaultPathPrefix = "/acme/" ) +var keyCleaner = regexp.MustCompile(`[^\w.-_]`) +var databasePool = caddy.NewUsagePool() + +type databaseCloser struct { + DB *db.AuthDB +} + +func (closer databaseCloser) Destruct() error { + return (*closer.DB).Shutdown() +} + // Interface guards var ( _ caddyhttp.MiddlewareHandler = (*Handler)(nil) diff --git a/modules/caddypki/ca.go b/modules/caddypki/ca.go index f95c9a02..5e766767 100644 --- a/modules/caddypki/ca.go +++ b/modules/caddypki/ca.go @@ -195,14 +195,18 @@ func (ca CA) NewAuthority(authorityConfig AuthorityConfig) (*authority.Authority issuerKey = ca.IntermediateKey() } - auth, err := authority.NewEmbedded( + opts := []authority.Option{ authority.WithConfig(&authority.Config{ AuthorityConfig: authorityConfig.AuthConfig, - DB: authorityConfig.DB, }), authority.WithX509Signer(issuerCert, issuerKey.(crypto.Signer)), authority.WithX509RootCerts(rootCert), - ) + } + // Add a database if we have one + if authorityConfig.DB != nil { + opts = append(opts, authority.WithDatabase(*authorityConfig.DB)) + } + auth, err := authority.NewEmbedded(opts...) if err != nil { return nil, fmt.Errorf("initializing certificate authority: %v", err) } @@ -382,7 +386,7 @@ type AuthorityConfig struct { SignWithRoot bool // TODO: should we just embed the underlying authority.Config struct type? - DB *db.Config + DB *db.AuthDB AuthConfig *authority.AuthConfig } From 0a7721dcfe30b76c66c6364ccb6874a2eadcba21 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 24 Nov 2020 12:24:44 -0700 Subject: [PATCH 0245/1498] fileserver: Preserve transformed root (fix #3838) --- modules/caddyhttp/fileserver/browse.go | 10 +++++----- modules/caddyhttp/fileserver/browselisting.go | 4 ++-- modules/caddyhttp/fileserver/staticfiles.go | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/modules/caddyhttp/fileserver/browse.go b/modules/caddyhttp/fileserver/browse.go index cd41ea54..af3620a4 100644 --- a/modules/caddyhttp/fileserver/browse.go +++ b/modules/caddyhttp/fileserver/browse.go @@ -35,7 +35,7 @@ type Browse struct { template *template.Template } -func (fsrv *FileServer) serveBrowse(dirPath string, w http.ResponseWriter, r *http.Request, next caddyhttp.Handler) error { +func (fsrv *FileServer) serveBrowse(root, dirPath string, w http.ResponseWriter, r *http.Request, next caddyhttp.Handler) error { // navigation on the client-side gets messed up if the // URL doesn't end in a trailing slash because hrefs like // "/b/c" on a path like "/a" end up going to "/b/c" instead @@ -55,7 +55,7 @@ func (fsrv *FileServer) serveBrowse(dirPath string, w http.ResponseWriter, r *ht repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) // calling path.Clean here prevents weird breadcrumbs when URL paths are sketchy like /%2e%2e%2f - listing, err := fsrv.loadDirectoryContents(dir, path.Clean(r.URL.Path), repl) + listing, err := fsrv.loadDirectoryContents(dir, root, path.Clean(r.URL.Path), repl) switch { case os.IsPermission(err): return caddyhttp.Error(http.StatusForbidden, err) @@ -87,7 +87,7 @@ func (fsrv *FileServer) serveBrowse(dirPath string, w http.ResponseWriter, r *ht return nil } -func (fsrv *FileServer) loadDirectoryContents(dir *os.File, urlPath string, repl *caddy.Replacer) (browseListing, error) { +func (fsrv *FileServer) loadDirectoryContents(dir *os.File, root, urlPath string, repl *caddy.Replacer) (browseListing, error) { files, err := dir.Readdir(-1) if err != nil { return browseListing{}, err @@ -95,9 +95,9 @@ func (fsrv *FileServer) loadDirectoryContents(dir *os.File, urlPath string, repl // determine if user can browse up another folder curPathDir := path.Dir(strings.TrimSuffix(urlPath, "/")) - canGoUp := strings.HasPrefix(curPathDir, fsrv.Root) + canGoUp := strings.HasPrefix(curPathDir, root) - return fsrv.directoryListing(files, canGoUp, urlPath, repl), nil + return fsrv.directoryListing(files, canGoUp, root, urlPath, repl), nil } // browseApplyQueryParams applies query parameters to the listing. diff --git a/modules/caddyhttp/fileserver/browselisting.go b/modules/caddyhttp/fileserver/browselisting.go index f3f85a37..2b8c66ce 100644 --- a/modules/caddyhttp/fileserver/browselisting.go +++ b/modules/caddyhttp/fileserver/browselisting.go @@ -27,7 +27,7 @@ import ( "github.com/dustin/go-humanize" ) -func (fsrv *FileServer) directoryListing(files []os.FileInfo, canGoUp bool, urlPath string, repl *caddy.Replacer) browseListing { +func (fsrv *FileServer) directoryListing(files []os.FileInfo, canGoUp bool, root, urlPath string, repl *caddy.Replacer) browseListing { filesToHide := fsrv.transformHidePaths(repl) var dirCount, fileCount int @@ -40,7 +40,7 @@ func (fsrv *FileServer) directoryListing(files []os.FileInfo, canGoUp bool, urlP continue } - isDir := f.IsDir() || isSymlinkTargetDir(f, fsrv.Root, urlPath) + isDir := f.IsDir() || isSymlinkTargetDir(f, root, urlPath) if isDir { name += "/" diff --git a/modules/caddyhttp/fileserver/staticfiles.go b/modules/caddyhttp/fileserver/staticfiles.go index caad0b4d..f6405643 100644 --- a/modules/caddyhttp/fileserver/staticfiles.go +++ b/modules/caddyhttp/fileserver/staticfiles.go @@ -184,7 +184,7 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c // to browse or return an error if info.IsDir() { if fsrv.Browse != nil && !fileHidden(filename, filesToHide) { - return fsrv.serveBrowse(filename, w, r, next) + return fsrv.serveBrowse(root, filename, w, r, next) } return fsrv.notFound(w, r, next) } From 2d5498ee6f298703b5934a8f8889fa02778d08aa Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 24 Nov 2020 12:57:12 -0700 Subject: [PATCH 0246/1498] Update readme --- README.md | 41 +++++++++++++++++++++++++++++++++++------ 1 file changed, 35 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 694bd2f0..90753653 100644 --- a/README.md +++ b/README.md @@ -42,27 +42,30 @@

-## Features +## [Features](https://caddyserver.com/v2) - **Easy configuration** with the [Caddyfile](https://caddyserver.com/docs/caddyfile) - **Powerful configuration** with its [native JSON config](https://caddyserver.com/docs/json/) - **Dynamic configuration** with the [JSON API](https://caddyserver.com/docs/api) - [**Config adapters**](https://caddyserver.com/docs/config-adapters) if you don't like JSON - **Automatic HTTPS** by default - - [Let's Encrypt](https://letsencrypt.org) for public sites + - [ZeroSSL](https://zerossl.com) and [Let's Encrypt](https://letsencrypt.org) for public names - Fully-managed local CA for internal names & IPs - Can coordinate with other Caddy instances in a cluster + - Multi-issuer fallback - **Stays up when other servers go down** due to TLS/OCSP/certificate-related issues +- **Production-ready** after serving trillions of requests and managing millions of TLS certificates +- **Scales to tens of thousands of sites** ... and probably more - **HTTP/1.1, HTTP/2, and experimental HTTP/3** support - **Highly extensible** [modular architecture](https://caddyserver.com/docs/architecture) lets Caddy do anything without bloat - **Runs anywhere** with **no external dependencies** (not even libc) - Written in Go, a language with higher **memory safety guarantees** than other servers - Actually **fun to use** -- So, so much more to discover +- So, so much more to [discover](https://caddyserver.com/v2) ## Install -You can install Caddy by downloading from the Github Releases and placing it in your PATH. +The simplest, cross-platform way is to download from [GitHub Releases](https://github.com/caddyserver/caddy/releases) and place the executable file in your PATH. For other install options, see https://caddyserver.com/docs/download. @@ -74,13 +77,37 @@ Requirements: ### For development +_**Note:** These steps [will not embed proper version information](https://github.com/golang/go/issues/29228). For that, please follow the instructions in the next section._ + ```bash $ git clone "https://github.com/caddyserver/caddy.git" $ cd caddy/cmd/caddy/ $ go build ``` -_**Note:** These steps [will not embed proper version information](https://github.com/golang/go/issues/29228). For that, please follow the instructions below._ +When you run Caddy, it may try to bind to low ports unless otherwise specified in your config. If your OS requires elevated privileges, you will need to give your new binary permission to do so. On Linux, this can be done easily with: `sudo setcap cap_net_bind_service=+ep ./caddy` + +If you prefer to use `go run` which creates temporary binaries, you can still do this. Make an executable file called `setcap.sh` (or whatever you want) with these contents: + +```bash +#!/bin/sh +sudo setcap cap_net_bind_service=+ep "$1" +"$@" +``` + +then you can use `go run` like so: + +```bash +$ go run -exec ./setcap.sh main.go +``` + +If you don't want to type your password for `setcap`, use `sudo visudo` to edit your sudoers file and allow your user account to run that command without a password, for example: + +``` +username ALL=(ALL:ALL) NOPASSWD: /usr/sbin/setcap +``` + +replacing `username` with your actual username. Please be careful and only do this if you know what you are doing! We are only qualified to document how to use Caddy, not Go tooling or your computer, and we are providing these instructions for convenience only; please learn how to use your own computer at your own risk and make any needful adjustments. ### With version information and/or plugins @@ -107,7 +134,7 @@ $ xcaddy build The [Caddy website](https://caddyserver.com/docs/) has documentation that includes tutorials, quick-start guides, reference, and more. -**We recommend that all users do our [Getting Started](https://caddyserver.com/docs/getting-started) guide to become familiar with using Caddy.** +**We recommend that all users -- regardless of experience level -- do our [Getting Started](https://caddyserver.com/docs/getting-started) guide to become familiar with using Caddy.** If you've only got a minute, [the website has several quick-start tutorials](https://caddyserver.com/docs/quick-starts) to choose from! However, after finishing a quick-start tutorial, please read more documentation to understand how the software works. 🙂 @@ -145,6 +172,8 @@ The docs are also open source. You can contribute to them here: https://github.c - We **strongly recommend** that all professionals or companies using Caddy get a support contract through [Ardan Labs](https://www.ardanlabs.com/my/contact-us?dd=caddy) before help is needed. +- A [sponsorship](https://github.com/sponsors/mholt) goes a long way! + - Individuals can exchange help for free on our community forum at https://caddy.community. Remember that people give help out of their spare time and good will. The best way to get help is to give it first! Please use our [issue tracker](https://github.com/caddyserver/caddy/issues) only for bug reports and feature requests, i.e. actionable development items (support questions will usually be referred to the forums). From 63afffc2e317579a5bc618d5441ac238127114a0 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 24 Nov 2020 16:36:58 -0700 Subject: [PATCH 0247/1498] httpcaddyfile: Proper log config with catch-all blocks (fix #3878) --- caddyconfig/httpcaddyfile/httptype.go | 23 ++++-- .../log_except_catchall_blocks.txt | 80 +++++++++++++++++++ 2 files changed, 96 insertions(+), 7 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/log_except_catchall_blocks.txt diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index e4e40b28..406d8b95 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -450,6 +450,15 @@ func (st *ServerType) serversFromPairings( var hasCatchAllTLSConnPolicy, addressQualifiesForTLS bool autoHTTPSWillAddConnPolicy := autoHTTPS != "off" + // if a catch-all server block (one which accepts all hostnames) exists in this pairing, + // we need to know that so that we can configure logs properly (see #3878) + var catchAllSblockExists bool + for _, sblock := range p.serverBlocks { + if len(sblock.hostsFromKeys(false)) == 0 { + catchAllSblockExists = true + } + } + // create a subroute for each site in the server block for _, sblock := range p.serverBlocks { matcherSetsEnc, err := st.compileEncodedMatcherSets(sblock) @@ -563,13 +572,13 @@ func (st *ServerType) serversFromPairings( } else { // map each host to the user's desired logger name for _, h := range sblockLogHosts { - // if the custom logger name is non-empty, add it to - // the map; otherwise, only map to an empty logger - // name if the server block has a catch-all host (in - // which case only requests with mapped hostnames will - // be access-logged, so it'll be necessary to add them - // to the map even if they use default logger) - if ncl.name != "" || len(hosts) == 0 { + // if the custom logger name is non-empty, add it to the map; + // otherwise, only map to an empty logger name if this or + // another site block on this server has a catch-all host (in + // which case only requests with mapped hostnames will be + // access-logged, so it'll be necessary to add them to the + // map even if they use default logger) + if ncl.name != "" || catchAllSblockExists { if srv.Logs.LoggerNames == nil { srv.Logs.LoggerNames = make(map[string]string) } diff --git a/caddytest/integration/caddyfile_adapt/log_except_catchall_blocks.txt b/caddytest/integration/caddyfile_adapt/log_except_catchall_blocks.txt new file mode 100644 index 00000000..a6fd0513 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/log_except_catchall_blocks.txt @@ -0,0 +1,80 @@ +http://localhost:2020 { + log + file_server +} + +:2020 { + respond 418 +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":2020" + ], + "routes": [ + { + "match": [ + { + "host": [ + "localhost" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "handler": "file_server", + "hide": [ + "./Caddyfile" + ] + } + ] + } + ] + } + ], + "terminal": true + }, + { + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "handler": "static_response", + "status_code": 418 + } + ] + } + ] + } + ], + "terminal": true + } + ], + "automatic_https": { + "skip": [ + "localhost" + ] + }, + "logs": { + "logger_names": { + "localhost:2020": "" + }, + "skip_unmapped_hosts": true + } + } + } + } + } +} \ No newline at end of file From 03d853e2ec24beb55ade910b222e043fdac9e7ea Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 24 Nov 2020 18:04:37 -0700 Subject: [PATCH 0248/1498] httpcaddyfile: Fix test on Windows --- .../caddyfile_adapt/log_except_catchall_blocks.txt | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/caddytest/integration/caddyfile_adapt/log_except_catchall_blocks.txt b/caddytest/integration/caddyfile_adapt/log_except_catchall_blocks.txt index a6fd0513..57b63af4 100644 --- a/caddytest/integration/caddyfile_adapt/log_except_catchall_blocks.txt +++ b/caddytest/integration/caddyfile_adapt/log_except_catchall_blocks.txt @@ -1,6 +1,6 @@ http://localhost:2020 { log - file_server + respond 200 } :2020 { @@ -31,10 +31,8 @@ http://localhost:2020 { { "handle": [ { - "handler": "file_server", - "hide": [ - "./Caddyfile" - ] + "handler": "static_response", + "status_code": 200 } ] } From b0f8fc7aaecb9ffc40d75df2a5a114bec3b50c10 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Wed, 25 Nov 2020 10:53:00 -0700 Subject: [PATCH 0249/1498] caddytls: Configure trusted CAs from PEM files (#3882) Closes #3563 --- modules/caddytls/connpolicy.go | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/modules/caddytls/connpolicy.go b/modules/caddytls/connpolicy.go index de929cc3..ebf96e60 100644 --- a/modules/caddytls/connpolicy.go +++ b/modules/caddytls/connpolicy.go @@ -19,6 +19,7 @@ import ( "crypto/x509" "encoding/base64" "fmt" + "io/ioutil" "strings" "github.com/caddyserver/caddy/v2" @@ -286,6 +287,12 @@ type ClientAuthentication struct { // these CAs will be rejected. TrustedCACerts []string `json:"trusted_ca_certs,omitempty"` + // TrustedCACertPEMFiles is a list of PEM file names + // from which to load certificates of trusted CAs. + // Client certificates which are not signed by any of + // these CA certificates will be rejected. + TrustedCACertPEMFiles []string `json:"trusted_ca_certs_pem_files,omitempty"` + // A list of base64 DER-encoded client leaf certs // to accept. If this list is not empty, client certs // which are not in this list will be rejected. @@ -301,8 +308,8 @@ type ClientAuthentication struct { // `require_and_verify` | Require clients to present a valid certificate that is verified // // The default mode is `require_and_verify` if any - // TrustedCACerts or TrustedLeafCerts are provided; - // otherwise, the default mode is `require`. + // TrustedCACerts or TrustedCACertPEMFiles or TrustedLeafCerts + // are provided; otherwise, the default mode is `require`. Mode string `json:"mode,omitempty"` // state established with the last call to ConfigureTLSConfig @@ -312,7 +319,10 @@ type ClientAuthentication struct { // Active returns true if clientauth has an actionable configuration. func (clientauth ClientAuthentication) Active() bool { - return len(clientauth.TrustedCACerts) > 0 || len(clientauth.TrustedLeafCerts) > 0 || len(clientauth.Mode) > 0 + return len(clientauth.TrustedCACerts) > 0 || + len(clientauth.TrustedCACertPEMFiles) > 0 || + len(clientauth.TrustedLeafCerts) > 0 || + len(clientauth.Mode) > 0 } // ConfigureTLSConfig sets up cfg to enforce clientauth's configuration. @@ -339,7 +349,9 @@ func (clientauth *ClientAuthentication) ConfigureTLSConfig(cfg *tls.Config) erro } } else { // otherwise, set a safe default mode - if len(clientauth.TrustedCACerts) > 0 || len(clientauth.TrustedLeafCerts) > 0 { + if len(clientauth.TrustedCACerts) > 0 || + len(clientauth.TrustedCACertPEMFiles) > 0 || + len(clientauth.TrustedLeafCerts) > 0 { cfg.ClientAuth = tls.RequireAndVerifyClientCert } else { cfg.ClientAuth = tls.RequireAnyClientCert @@ -347,7 +359,7 @@ func (clientauth *ClientAuthentication) ConfigureTLSConfig(cfg *tls.Config) erro } // enforce CA verification by adding CA certs to the ClientCAs pool - if len(clientauth.TrustedCACerts) > 0 { + if len(clientauth.TrustedCACerts) > 0 || len(clientauth.TrustedCACertPEMFiles) > 0 { caPool := x509.NewCertPool() for _, clientCAString := range clientauth.TrustedCACerts { clientCA, err := decodeBase64DERCert(clientCAString) @@ -356,6 +368,13 @@ func (clientauth *ClientAuthentication) ConfigureTLSConfig(cfg *tls.Config) erro } caPool.AddCert(clientCA) } + for _, pemFile := range clientauth.TrustedCACertPEMFiles { + pemContents, err := ioutil.ReadFile(pemFile) + if err != nil { + return fmt.Errorf("reading %s: %v", pemFile, err) + } + caPool.AppendCertsFromPEM(pemContents) + } cfg.ClientCAs = caPool } From 53aa60afff2e66b4a2b2ca6968fe5cb6c8567437 Mon Sep 17 00:00:00 2001 From: Daniel Santos Date: Wed, 25 Nov 2020 10:54:23 -0700 Subject: [PATCH 0250/1498] reverseproxy: Handle "operation was canceled" errors (#3816) * fix(caddy): Avoid "operation was canceled" errors - Also add error handling for StatusGatewayTimeout * revert(caddy): Revert 504 handling - This will potentially break load balancing and health checks * Handle client cancellation as different error Co-authored-by: Matthew Holt --- .../caddyhttp/reverseproxy/reverseproxy.go | 27 ++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index bed5289b..3a2457f6 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -18,6 +18,7 @@ import ( "bytes" "context" "encoding/json" + "errors" "fmt" "io" "io/ioutil" @@ -384,8 +385,7 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyht // DialInfo struct should have valid network address syntax dialInfo, err := upstream.fillDialInfo(r) if err != nil { - err = fmt.Errorf("making dial info: %v", err) - return caddyhttp.Error(http.StatusBadGateway, err) + return statusError(fmt.Errorf("making dial info: %v", err)) } // attach to the request information about how to dial the upstream; @@ -438,7 +438,7 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyht } } - return caddyhttp.Error(http.StatusBadGateway, proxyErr) + return statusError(proxyErr) } // prepareRequest modifies req so that it is ready to be proxied, @@ -762,6 +762,27 @@ func removeConnectionHeaders(h http.Header) { } } +// statusError returns an error value that has a status code. +func statusError(err error) error { + // errors proxying usually mean there is a problem with the upstream(s) + statusCode := http.StatusBadGateway + + // if the client canceled the request (usually this means they closed + // the connection, so they won't see any response), we can report it + // as a client error (4xx) and not a server error (5xx); unfortunately + // the Go standard library, at least at time of writing in late 2020, + // obnoxiously wraps the exported, standard context.Canceled error with + // an unexported garbage value that we have to do a substring check for: + // https://github.com/golang/go/blob/6965b01ea248cabb70c3749fd218b36089a21efb/src/net/net.go#L416-L430 + if errors.Is(err, context.Canceled) || strings.Contains(err.Error(), "operation was canceled") { + // regrettably, there is no standard error code for "client closed connection", but + // for historical reasons we can use a code that a lot of people are already using; + // using 5xx is problematic for users; see #3748 + statusCode = 499 + } + return caddyhttp.Error(statusCode, err) +} + // LoadBalancing has parameters related to load balancing. type LoadBalancing struct { // A selection policy is how to choose an available backend. From 7d7434c9ce9778adf7b7ff6c3a6575ea1c11ed01 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 26 Nov 2020 09:37:42 -0700 Subject: [PATCH 0251/1498] fileserver: Add debug logging --- modules/caddyhttp/fileserver/browse.go | 6 ++++++ modules/caddyhttp/fileserver/staticfiles.go | 24 +++++++++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/modules/caddyhttp/fileserver/browse.go b/modules/caddyhttp/fileserver/browse.go index af3620a4..1f6986f0 100644 --- a/modules/caddyhttp/fileserver/browse.go +++ b/modules/caddyhttp/fileserver/browse.go @@ -25,6 +25,7 @@ import ( "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/modules/caddyhttp" + "go.uber.org/zap" ) // Browse configures directory browsing. @@ -36,11 +37,16 @@ type Browse struct { } func (fsrv *FileServer) serveBrowse(root, dirPath string, w http.ResponseWriter, r *http.Request, next caddyhttp.Handler) error { + fsrv.logger.Debug("browse enabled; listing directory contents", + zap.String("path", dirPath), + zap.String("root", root)) + // navigation on the client-side gets messed up if the // URL doesn't end in a trailing slash because hrefs like // "/b/c" on a path like "/a" end up going to "/b/c" instead // of "/a/b/c" - so we have to redirect in this case if !strings.HasSuffix(r.URL.Path, "/") { + fsrv.logger.Debug("redirecting to trailing slash to preserve hrefs", zap.String("request_path", r.URL.Path)) r.URL.Path += "/" http.Redirect(w, r, r.URL.String(), http.StatusMovedPermanently) return nil diff --git a/modules/caddyhttp/fileserver/staticfiles.go b/modules/caddyhttp/fileserver/staticfiles.go index f6405643..daf4b543 100644 --- a/modules/caddyhttp/fileserver/staticfiles.go +++ b/modules/caddyhttp/fileserver/staticfiles.go @@ -31,6 +31,7 @@ import ( "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/modules/caddyhttp" + "go.uber.org/zap" ) func init() { @@ -77,6 +78,8 @@ type FileServer struct { // it will invoke the next handler in the chain instead of returning // a 404 error. By default, this is false (disabled). PassThru bool `json:"pass_thru,omitempty"` + + logger *zap.Logger } // CaddyModule returns the Caddy module information. @@ -89,6 +92,8 @@ func (FileServer) CaddyModule() caddy.ModuleInfo { // Provision sets up the static files responder. func (fsrv *FileServer) Provision(ctx caddy.Context) error { + fsrv.logger = ctx.Logger(fsrv) + if fsrv.Root == "" { fsrv.Root = "{http.vars.root}" } @@ -136,6 +141,11 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c suffix := repl.ReplaceAll(r.URL.Path, "") filename := sanitizedPathJoin(root, suffix) + fsrv.logger.Debug("sanitized path join", + zap.String("site_root", root), + zap.String("request_path", suffix), + zap.String("result", filename)) + // get information about the file info, err := os.Stat(filename) if err != nil { @@ -157,6 +167,9 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c indexPath := sanitizedPathJoin(filename, indexPage) if fileHidden(indexPath, filesToHide) { // pretend this file doesn't exist + fsrv.logger.Debug("hiding index file", + zap.String("filename", indexPath), + zap.Strings("files_to_hide", filesToHide)) continue } @@ -176,6 +189,7 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c info = indexInfo filename = indexPath implicitIndexFile = true + fsrv.logger.Debug("located index file", zap.String("filename", filename)) break } } @@ -183,6 +197,9 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c // if still referencing a directory, delegate // to browse or return an error if info.IsDir() { + fsrv.logger.Debug("no index file in directory", + zap.String("path", filename), + zap.Strings("index_filenames", fsrv.IndexNames)) if fsrv.Browse != nil && !fileHidden(filename, filesToHide) { return fsrv.serveBrowse(root, filename, w, r, next) } @@ -194,6 +211,9 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c // one last check to ensure the file isn't hidden (we might // have changed the filename from when we last checked) if fileHidden(filename, filesToHide) { + fsrv.logger.Debug("hiding file", + zap.String("filename", filename), + zap.Strings("files_to_hide", filesToHide)) return fsrv.notFound(w, r, next) } @@ -203,12 +223,16 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c // in HTML (see https://github.com/caddyserver/caddy/issues/2741) if fsrv.CanonicalURIs == nil || *fsrv.CanonicalURIs { if implicitIndexFile && !strings.HasSuffix(r.URL.Path, "/") { + fsrv.logger.Debug("redirecting to canonical URI (adding trailing slash for directory)", zap.String("path", r.URL.Path)) return redirect(w, r, r.URL.Path+"/") } else if !implicitIndexFile && strings.HasSuffix(r.URL.Path, "/") { + fsrv.logger.Debug("redirecting to canonical URI (removing trailing slash for file)", zap.String("path", r.URL.Path)) return redirect(w, r, r.URL.Path[:len(r.URL.Path)-1]) } } + fsrv.logger.Debug("opening file", zap.String("filename", filename)) + // open the file file, err := fsrv.openFile(filename, w) if err != nil { From 4afcdc49d14855c0c3a4fd4558d0f81906db3ffb Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Thu, 26 Nov 2020 22:31:25 -0500 Subject: [PATCH 0252/1498] docs: Mention {http.auth.user.id} placeholder in basicauth JSON docs (#3886) --- modules/caddyhttp/caddyauth/caddyauth.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/caddyhttp/caddyauth/caddyauth.go b/modules/caddyhttp/caddyauth/caddyauth.go index a88bff60..3a0a2a04 100644 --- a/modules/caddyhttp/caddyauth/caddyauth.go +++ b/modules/caddyhttp/caddyauth/caddyauth.go @@ -30,6 +30,11 @@ func init() { // Authentication is a middleware which provides user authentication. // Rejects requests with HTTP 401 if the request is not authenticated. // +// After a successful authentication, the placeholder +// `{http.auth.user.id}` will be set to the username, and also +// `{http.auth.user.*}` placeholders may be set for any authentication +// modules that provide user metadata. +// // Its API is still experimental and may be subject to change. type Authentication struct { // A set of authentication providers. If none are specified, From a26f70a12b1289231d705bc002fe1df3180cb6c5 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 30 Nov 2020 12:20:30 -0500 Subject: [PATCH 0253/1498] headers: Fix Caddyfile parsing with request matcher (#3892) --- .../integration/caddyfile_adapt/header.txt | 25 +++++++++++++++++++ modules/caddyhttp/headers/caddyfile.go | 4 +++ 2 files changed, 29 insertions(+) diff --git a/caddytest/integration/caddyfile_adapt/header.txt b/caddytest/integration/caddyfile_adapt/header.txt index b8e102fa..19a5b41a 100644 --- a/caddytest/integration/caddyfile_adapt/header.txt +++ b/caddytest/integration/caddyfile_adapt/header.txt @@ -9,6 +9,10 @@ ?Tim "Berners-Lee" defer } + @images path /images/* + header @images { + Cache-Control "public, max-age=3600, stale-while-revalidate=86400" + } } ---------- { @@ -20,6 +24,27 @@ ":80" ], "routes": [ + { + "match": [ + { + "path": [ + "/images/*" + ] + } + ], + "handle": [ + { + "handler": "headers", + "response": { + "set": { + "Cache-Control": [ + "public, max-age=3600, stale-while-revalidate=86400" + ] + } + } + } + ] + }, { "handle": [ { diff --git a/modules/caddyhttp/headers/caddyfile.go b/modules/caddyhttp/headers/caddyfile.go index 75498b24..574e54bb 100644 --- a/modules/caddyhttp/headers/caddyfile.go +++ b/modules/caddyhttp/headers/caddyfile.go @@ -46,6 +46,10 @@ func init() { // and ? conditionally sets a value only if the header field is not already // set. func parseCaddyfile(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error) { + if !h.Next() { + return nil, h.ArgErr() + } + matcherSet, err := h.ExtractMatcherSet() if err != nil { return nil, err From 4cff36d731390915649261f0e9c088be0eeafcf1 Mon Sep 17 00:00:00 2001 From: Cuong Manh Le Date: Tue, 1 Dec 2020 22:27:46 +0700 Subject: [PATCH 0254/1498] caddyauth: Use buffered channel passed to signal.Notify (#3895) The docs at os/signal.Notify warn about this signal delivery loss bug at https://golang.org/pkg/os/signal/#Notify, which says: Package signal will not block sending to c: the caller must ensure that c has sufficient buffer space to keep up with the expected signal rate. For a channel used for notification of just one signal value, a buffer of size 1 is sufficient. Caught by a static analysis tool from Orijtech, Inc. called "sigchanyzer" --- modules/caddyhttp/caddyauth/command.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/caddyhttp/caddyauth/command.go b/modules/caddyhttp/caddyauth/command.go index f445f67d..a2ae7558 100644 --- a/modules/caddyhttp/caddyauth/command.go +++ b/modules/caddyhttp/caddyauth/command.go @@ -70,7 +70,7 @@ func cmdHashPassword(fs caddycmd.Flags) (int, error) { if terminal.IsTerminal(fd) { // ensure the terminal state is restored on SIGINT state, _ := terminal.GetState(fd) - c := make(chan os.Signal) + c := make(chan os.Signal, 1) signal.Notify(c, os.Interrupt) go func() { <-c From 9157051f45b8c1354b6c8432457ca4930ba90d9e Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 2 Dec 2020 13:26:28 -0700 Subject: [PATCH 0255/1498] caddyhttp: Optimize large host matchers --- modules/caddyhttp/matchers.go | 68 ++++++++++++++++++++++++++++++ modules/caddyhttp/matchers_test.go | 27 ++++++++++++ 2 files changed, 95 insertions(+) diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index d641cb68..c5cf21d8 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -23,6 +23,7 @@ import ( "net/url" "path/filepath" "regexp" + "sort" "strings" "github.com/caddyserver/caddy/v2" @@ -51,6 +52,8 @@ type ( // // The wildcard can be useful for matching all subdomains, for example: // `*.example.com` matches `foo.example.com` but not `foo.bar.example.com`. + // + // Duplicate entries will return an error. MatchHost []string // MatchPath matches requests by the URI's path (case-insensitive). Path @@ -167,6 +170,40 @@ func (m *MatchHost) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return nil } +// Provision sets up and validates m, including making it more efficient for large lists. +func (m MatchHost) Provision(_ caddy.Context) error { + // check for duplicates; they are nonsensical and reduce efficiency + // (we could just remove them, but the user should know their config is erroneous) + seen := make(map[string]int) + for i, h := range m { + h = strings.ToLower(h) + if firstI, ok := seen[h]; ok { + return fmt.Errorf("host at index %d is repeated at index %d: %s", firstI, i, h) + } + seen[h] = i + } + + if m.large() { + // sort the slice lexicographically, grouping "fuzzy" entries (wildcards and placeholders) + // at the front of the list; this allows us to use binary search for exact matches, which + // we have seen from experience is the most common kind of value in large lists; and any + // other kinds of values (wildcards and placeholders) are grouped in front so the linear + // search should find a match fairly quickly + sort.Slice(m, func(i, j int) bool { + iInexact, jInexact := m.fuzzy(m[i]), m.fuzzy(m[j]) + if iInexact && !jInexact { + return true + } + if !iInexact && jInexact { + return false + } + return m[i] < m[j] + }) + } + + return nil +} + // Match returns true if r matches m. func (m MatchHost) Match(r *http.Request) bool { reqHost, _, err := net.SplitHostPort(r.Host) @@ -179,10 +216,31 @@ func (m MatchHost) Match(r *http.Request) bool { reqHost = strings.TrimSuffix(reqHost, "]") } + if m.large() { + // fast path: locate exact match using binary search (about 100-1000x faster for large lists) + pos := sort.Search(len(m), func(i int) bool { + if m.fuzzy(m[i]) { + return false + } + return m[i] >= reqHost + }) + if pos < len(m) && m[pos] == reqHost { + return true + } + } + repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) outer: for _, host := range m { + // fast path: if matcher is large, we already know we don't have an exact + // match, so we're only looking for fuzzy match now, which should be at the + // front of the list; if we have reached a value that is not fuzzy, there + // will be no match and we can short-circuit for efficiency + if m.large() && !m.fuzzy(host) { + break + } + host = repl.ReplaceAll(host, "") if strings.Contains(host, "*") { patternParts := strings.Split(host, ".") @@ -207,6 +265,15 @@ outer: return false } +// fuzzy returns true if the given hostname h is not a specific +// hostname, e.g. has placeholders or wildcards. +func (MatchHost) fuzzy(h string) bool { return strings.ContainsAny(h, "{*") } + +// large returns true if m is considered to be large. Optimizing +// the matcher for smaller lists has diminishing returns. +// See related benchmark function in test file to conduct experiments. +func (m MatchHost) large() bool { return len(m) > 100 } + // CaddyModule returns the Caddy module information. func (MatchPath) CaddyModule() caddy.ModuleInfo { return caddy.ModuleInfo{ @@ -909,6 +976,7 @@ const regexpPlaceholderPrefix = "http.regexp" // Interface guards var ( _ RequestMatcher = (*MatchHost)(nil) + _ caddy.Provisioner = (*MatchHost)(nil) _ RequestMatcher = (*MatchPath)(nil) _ RequestMatcher = (*MatchPathRE)(nil) _ caddy.Provisioner = (*MatchPathRE)(nil) diff --git a/modules/caddyhttp/matchers_test.go b/modules/caddyhttp/matchers_test.go index 51db67d8..ab4487d1 100644 --- a/modules/caddyhttp/matchers_test.go +++ b/modules/caddyhttp/matchers_test.go @@ -1018,6 +1018,33 @@ func TestNotMatcher(t *testing.T) { } } } +func BenchmarkLargeHostMatcher(b *testing.B) { + // this benchmark simulates a large host matcher (thousands of entries) where each + // value is an exact hostname (not a placeholder or wildcard) - compare the results + // of this with and without the binary search (comment out the various fast path + // sections in Match) to conduct experiments + + const n = 10000 + lastHost := fmt.Sprintf("%d.example.com", n-1) + req := &http.Request{Host: lastHost} + repl := caddy.NewReplacer() + ctx := context.WithValue(req.Context(), caddy.ReplacerCtxKey, repl) + req = req.WithContext(ctx) + + matcher := make(MatchHost, n) + for i := 0; i < n; i++ { + matcher[i] = fmt.Sprintf("%d.example.com", i) + } + err := matcher.Provision(caddy.Context{}) + if err != nil { + b.Fatal(err) + } + + b.ResetTimer() + for i := 0; i < b.N; i++ { + matcher.Match(req) + } +} func BenchmarkHostMatcherWithoutPlaceholder(b *testing.B) { req := &http.Request{Host: "localhost"} From 792fca40f18b7c528b00a7dea508bdfd0821dd8c Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 2 Dec 2020 13:27:08 -0700 Subject: [PATCH 0256/1498] Minor comments --- modules/caddyhttp/server.go | 3 +++ modules/caddytls/connpolicy.go | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index cff0f2ee..ad873c8c 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -74,6 +74,9 @@ type Server struct { // handlers are executed sequentially. The sequence of invoked // handlers comprises a compiled middleware chain that flows // from each matching route and its handlers to the next. + // + // By default, all unrouted requests receive a 200 OK response + // to indicate the server is working. Routes RouteList `json:"routes,omitempty"` // Errors is how this server will handle errors returned from any diff --git a/modules/caddytls/connpolicy.go b/modules/caddytls/connpolicy.go index ebf96e60..6c7fe3f4 100644 --- a/modules/caddytls/connpolicy.go +++ b/modules/caddytls/connpolicy.go @@ -66,7 +66,7 @@ func (cp ConnectionPolicies) TLSConfig(ctx caddy.Context) *tls.Config { // using ServerName to match policies is extremely common, especially in configs // with lots and lots of different policies; we can fast-track those by indexing // them by SNI, so we don't have to iterate potentially thousands of policies - // (TODO: this map does not account for wildcards, see if this is a problem in practice?) + // (TODO: this map does not account for wildcards, see if this is a problem in practice? look for reports of high connection latency with wildcard certs but low latency for non-wildcards in multi-thousand-cert deployments) indexedBySNI := make(map[string]ConnectionPolicies) if len(cp) > 30 { for _, p := range cp { From aca7ef0d4cb2b31325515b75c664baa607668c60 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 2 Dec 2020 13:48:13 -0700 Subject: [PATCH 0257/1498] Add setcap script to gitignore --- .gitignore | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 4b8dc489..250a40ad 100644 --- a/.gitignore +++ b/.gitignore @@ -7,9 +7,10 @@ Caddyfile *.prof *.test -# build artifacts +# build artifacts and helpers cmd/caddy/caddy cmd/caddy/caddy.exe +cmd/caddy/setcap* # mac specific .DS_Store From e7a5a3850f09d26ddb035a8da4d233efc6a81581 Mon Sep 17 00:00:00 2001 From: Jordi Masip Date: Thu, 3 Dec 2020 18:02:18 +0100 Subject: [PATCH 0258/1498] cmd: add ability to read config from stdin (#3898) --- cmd/main.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/cmd/main.go b/cmd/main.go index e92e71f6..2dfb8677 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -123,7 +123,11 @@ func loadConfig(configFile, adapterName string) ([]byte, string, error) { var cfgAdapter caddyconfig.Adapter var err error if configFile != "" { - config, err = ioutil.ReadFile(configFile) + if configFile == "-" { + config, err = ioutil.ReadAll(os.Stdin) + } else { + config, err = ioutil.ReadFile(configFile) + } if err != nil { return nil, "", fmt.Errorf("reading config file: %v", err) } From 3d0e046238cd1a6cf2500e9dffbd581617082535 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 3 Dec 2020 11:33:55 -0700 Subject: [PATCH 0259/1498] caddyauth: Use structured log --- modules/caddyhttp/caddyauth/caddyauth.go | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/modules/caddyhttp/caddyauth/caddyauth.go b/modules/caddyhttp/caddyauth/caddyauth.go index 3a0a2a04..28b2e1b3 100644 --- a/modules/caddyhttp/caddyauth/caddyauth.go +++ b/modules/caddyhttp/caddyauth/caddyauth.go @@ -16,11 +16,11 @@ package caddyauth import ( "fmt" - "log" "net/http" "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/modules/caddyhttp" + "go.uber.org/zap" ) func init() { @@ -42,6 +42,8 @@ type Authentication struct { ProvidersRaw caddy.ModuleMap `json:"providers,omitempty" caddy:"namespace=http.authentication.providers"` Providers map[string]Authenticator `json:"-"` + + logger *zap.Logger } // CaddyModule returns the Caddy module information. @@ -54,6 +56,7 @@ func (Authentication) CaddyModule() caddy.ModuleInfo { // Provision sets up a. func (a *Authentication) Provision(ctx caddy.Context) error { + a.logger = ctx.Logger(a) a.Providers = make(map[string]Authenticator) mods, err := ctx.LoadModule(a, "ProvidersRaw") if err != nil { @@ -72,7 +75,9 @@ func (a Authentication) ServeHTTP(w http.ResponseWriter, r *http.Request, next c for provName, prov := range a.Providers { user, authed, err = prov.Authenticate(w, r) if err != nil { - log.Printf("[ERROR] Authenticating with %s: %v", provName, err) + a.logger.Error("auth provider returned error", + zap.String("provider", provName), + zap.Error(err)) continue } if authed { From 5643dc3fb9e84b1dc862aa96bc5474d06f36d9c4 Mon Sep 17 00:00:00 2001 From: Marten Seemann Date: Fri, 4 Dec 2020 22:49:26 +0700 Subject: [PATCH 0260/1498] go.mod: update quic-go to v0.19.3 (#3901) --- go.mod | 2 +- go.sum | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 5c7aa0fd..7532a3b8 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/jsternberg/zap-logfmt v1.2.0 github.com/klauspost/compress v1.11.0 github.com/klauspost/cpuid v1.2.5 // cannot upgrade until arm is fixed: https://github.com/klauspost/cpuid/issues/52 - github.com/lucas-clemente/quic-go v0.19.2 + github.com/lucas-clemente/quic-go v0.19.3 github.com/mholt/acmez v0.1.1 github.com/naoina/go-stringutil v0.1.0 // indirect github.com/naoina/toml v0.1.1 diff --git a/go.sum b/go.sum index 7923ba7b..1bd92d4f 100644 --- a/go.sum +++ b/go.sum @@ -354,8 +354,8 @@ github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/libdns/libdns v0.1.0 h1:0ctCOrVJsVzj53mop1angHp/pE3hmAhP7KiHvR0HD04= github.com/libdns/libdns v0.1.0/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40= github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= -github.com/lucas-clemente/quic-go v0.19.2 h1:w8BBYUx5Z+kNpeaOeQW/KzcNsKWhh4O6PeQhb0nURPg= -github.com/lucas-clemente/quic-go v0.19.2/go.mod h1:ZUygOqIoai0ASXXLJ92LTnKdbqh9MHCLTX6Nr1jUrK0= +github.com/lucas-clemente/quic-go v0.19.3 h1:eCDQqvGBB+kCTkA0XrAFtNe81FMa0/fn4QSoeAbmiF4= +github.com/lucas-clemente/quic-go v0.19.3/go.mod h1:ADXpNbTQjq1hIzCpB+y/k5iz4n4z4IwqoLb94Kh5Hu8= github.com/lunixbochs/vtclean v1.0.0 h1:xu2sLAri4lGiovBDQKxl5mrXyESr3gUr5m5SM5+LVb8= github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/magiconair/properties v1.7.6/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= @@ -764,7 +764,6 @@ golang.org/x/sys v0.0.0-20181128092732-4ed8d59d0b35/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190228124157-a34e9553db1e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190316082340-a2f829d7f35f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= From 6e9ac248dd5c2f7a4cd4e37ff277a86c18085be6 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Fri, 4 Dec 2020 19:12:13 -0500 Subject: [PATCH 0261/1498] fastcgi: Set PATH_INFO to file matcher remainder as fallback (#3739) * fastcgi: Set PATH_INFO to file matcher remainder as fallback * fastcgi: Avoid changing scriptName when not necessary * Stylistic tweaks Co-authored-by: Matthew Holt --- modules/caddyhttp/fileserver/matcher.go | 51 +++++++++++-------- modules/caddyhttp/fileserver/matcher_test.go | 8 ++- .../caddyhttp/reverseproxy/fastcgi/fastcgi.go | 22 +++++--- 3 files changed, 52 insertions(+), 29 deletions(-) diff --git a/modules/caddyhttp/fileserver/matcher.go b/modules/caddyhttp/fileserver/matcher.go index c103b033..44ef9edc 100644 --- a/modules/caddyhttp/fileserver/matcher.go +++ b/modules/caddyhttp/fileserver/matcher.go @@ -44,6 +44,8 @@ func init() { // of the matched file. // - `{http.matchers.file.type}` Set to "directory" if // the matched file is a directory, "file" otherwise. +// - `{http.matchers.file.remainder}` Set to the remainder +// of the path if the path was split by `split_path`. type MatchFile struct { // The root directory, used for creating absolute // file paths, and required when working with @@ -155,11 +157,12 @@ func (m MatchFile) Validate() error { } // Match returns true if r matches m. Returns true -// if a file was matched. If so, three placeholders +// if a file was matched. If so, four placeholders // will be available: // - http.matchers.file.relative // - http.matchers.file.absolute // - http.matchers.file.type +// - http.matchers.file.remainder func (m MatchFile) Match(r *http.Request) bool { return m.selectFile(r) } @@ -179,19 +182,20 @@ func (m MatchFile) selectFile(r *http.Request) (matched bool) { } // common preparation of the file into parts - prepareFilePath := func(file string) (string, string) { - suffix := m.firstSplit(path.Clean(repl.ReplaceAll(file, ""))) + prepareFilePath := func(file string) (suffix, fullpath, remainder string) { + suffix, remainder = m.firstSplit(path.Clean(repl.ReplaceAll(file, ""))) if strings.HasSuffix(file, "/") { suffix += "/" } - fullpath := sanitizedPathJoin(root, suffix) - return suffix, fullpath + fullpath = sanitizedPathJoin(root, suffix) + return } // sets up the placeholders for the matched file - setPlaceholders := func(info os.FileInfo, rel string, abs string) { + setPlaceholders := func(info os.FileInfo, rel string, abs string, remainder string) { repl.Set("http.matchers.file.relative", rel) repl.Set("http.matchers.file.absolute", abs) + repl.Set("http.matchers.file.remainder", remainder) fileType := "file" if info.IsDir() { @@ -203,9 +207,9 @@ func (m MatchFile) selectFile(r *http.Request) (matched bool) { switch m.TryPolicy { case "", tryPolicyFirstExist: for _, f := range m.TryFiles { - suffix, fullpath := prepareFilePath(f) + suffix, fullpath, remainder := prepareFilePath(f) if info, exists := strictFileExists(fullpath); exists { - setPlaceholders(info, suffix, fullpath) + setPlaceholders(info, suffix, fullpath, remainder) return true } } @@ -214,52 +218,58 @@ func (m MatchFile) selectFile(r *http.Request) (matched bool) { var largestSize int64 var largestFilename string var largestSuffix string + var remainder string var info os.FileInfo for _, f := range m.TryFiles { - suffix, fullpath := prepareFilePath(f) + suffix, fullpath, splitRemainder := prepareFilePath(f) info, err := os.Stat(fullpath) if err == nil && info.Size() > largestSize { largestSize = info.Size() largestFilename = fullpath largestSuffix = suffix + remainder = splitRemainder } } - setPlaceholders(info, largestSuffix, largestFilename) + setPlaceholders(info, largestSuffix, largestFilename, remainder) return true case tryPolicySmallestSize: var smallestSize int64 var smallestFilename string var smallestSuffix string + var remainder string var info os.FileInfo for _, f := range m.TryFiles { - suffix, fullpath := prepareFilePath(f) + suffix, fullpath, splitRemainder := prepareFilePath(f) info, err := os.Stat(fullpath) if err == nil && (smallestSize == 0 || info.Size() < smallestSize) { smallestSize = info.Size() smallestFilename = fullpath smallestSuffix = suffix + remainder = splitRemainder } } - setPlaceholders(info, smallestSuffix, smallestFilename) + setPlaceholders(info, smallestSuffix, smallestFilename, remainder) return true case tryPolicyMostRecentlyMod: var recentDate time.Time var recentFilename string var recentSuffix string + var remainder string var info os.FileInfo for _, f := range m.TryFiles { - suffix, fullpath := prepareFilePath(f) + suffix, fullpath, splitRemainder := prepareFilePath(f) info, err := os.Stat(fullpath) if err == nil && (recentDate.IsZero() || info.ModTime().After(recentDate)) { recentDate = info.ModTime() recentFilename = fullpath recentSuffix = suffix + remainder = splitRemainder } } - setPlaceholders(info, recentSuffix, recentFilename) + setPlaceholders(info, recentSuffix, recentFilename, remainder) return true } @@ -297,10 +307,11 @@ func strictFileExists(file string) (os.FileInfo, bool) { // firstSplit returns the first result where the path // can be split in two by a value in m.SplitPath. The -// result is the first piece of the path that ends with -// in the split value. Returns the path as-is if the -// path cannot be split. -func (m MatchFile) firstSplit(path string) string { +// return values are the first piece of the path that +// ends with the split substring and the remainder. +// If the path cannot be split, the path is returned +// as-is (with no remainder). +func (m MatchFile) firstSplit(path string) (splitPart, remainder string) { for _, split := range m.SplitPath { if idx := indexFold(path, split); idx > -1 { pos := idx + len(split) @@ -308,10 +319,10 @@ func (m MatchFile) firstSplit(path string) string { if pos != len(path) && !strings.HasPrefix(path[pos:], "/") { continue } - return path[:pos] + return path[:pos], path[pos:] } } - return path + return path, "" } // There is no strings.IndexFold() function like there is strings.EqualFold(), diff --git a/modules/caddyhttp/fileserver/matcher_test.go b/modules/caddyhttp/fileserver/matcher_test.go index ddd4f78a..e3199077 100644 --- a/modules/caddyhttp/fileserver/matcher_test.go +++ b/modules/caddyhttp/fileserver/matcher_test.go @@ -206,9 +206,13 @@ func TestPHPFileMatcher(t *testing.T) { func TestFirstSplit(t *testing.T) { m := MatchFile{SplitPath: []string{".php"}} - actual := m.firstSplit("index.PHP/somewhere") + actual, remainder := m.firstSplit("index.PHP/somewhere") expected := "index.PHP" + expectedRemainder := "/somewhere" if actual != expected { - t.Errorf("Expected %s but got %s", expected, actual) + t.Errorf("Expected split %s but got %s", expected, actual) + } + if remainder != expectedRemainder { + t.Errorf("Expected remainder %s but got %s", expectedRemainder, remainder) } } diff --git a/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go b/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go index de6d0a43..09764374 100644 --- a/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go +++ b/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go @@ -195,19 +195,27 @@ func (t Transport) buildEnv(r *http.Request) (map[string]string, error) { } fpath := r.URL.Path + scriptName := fpath + docURI := fpath // split "actual path" from "path info" if configured - var docURI, pathInfo string + var pathInfo string if splitPos := t.splitPos(fpath); splitPos > -1 { docURI = fpath[:splitPos] pathInfo = fpath[splitPos:] - } else { - docURI = fpath - } - scriptName := fpath - // Strip PATH_INFO from SCRIPT_NAME - scriptName = strings.TrimSuffix(scriptName, pathInfo) + // Strip PATH_INFO from SCRIPT_NAME + scriptName = strings.TrimSuffix(scriptName, pathInfo) + } + + // Try to grab the path remainder from a file matcher + // if we didn't get a split result here. + // See https://github.com/caddyserver/caddy/issues/3718 + if pathInfo == "" { + if remainder, ok := repl.GetString("http.matchers.file.remainder"); ok { + pathInfo = remainder + } + } // SCRIPT_FILENAME is the absolute path of SCRIPT_NAME scriptFilename := filepath.Join(root, scriptName) From 7e719157d9b7002fc09de63344f7b4fdfa7e9f57 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 7 Dec 2020 14:22:47 -0700 Subject: [PATCH 0262/1498] httpcaddyfile: Decrement counter when removing conn policy (fix #3906) --- caddyconfig/httpcaddyfile/tlsapp.go | 2 + .../tls_conn_policy_consolidate.txt | 137 ++++++++++++++++++ 2 files changed, 139 insertions(+) create mode 100644 caddytest/integration/caddyfile_adapt/tls_conn_policy_consolidate.txt diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index fe4c1b15..6a6e3ca1 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -487,6 +487,7 @@ func consolidateAutomationPolicies(aps []*caddytls.AutomationPolicy) []*caddytls // remove or combine duplicate policies for i := 0; i < len(aps); i++ { + // compare only with next policies; we sorted by specificity so we must not delete earlier policies for j := i + 1; j < len(aps); j++ { // if they're exactly equal in every way, just keep one of them if reflect.DeepEqual(aps[i], aps[j]) { @@ -526,6 +527,7 @@ func consolidateAutomationPolicies(aps []*caddytls.AutomationPolicy) []*caddytls } } aps = append(aps[:j], aps[j+1:]...) + j-- } } } diff --git a/caddytest/integration/caddyfile_adapt/tls_conn_policy_consolidate.txt b/caddytest/integration/caddyfile_adapt/tls_conn_policy_consolidate.txt new file mode 100644 index 00000000..ba6827e0 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/tls_conn_policy_consolidate.txt @@ -0,0 +1,137 @@ +# https://github.com/caddyserver/caddy/issues/3906 +a.a { + tls internal + respond 403 +} + +http://b.b https://b.b:8443 { + tls internal + respond 404 +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "a.a" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "handler": "static_response", + "status_code": 403 + } + ] + } + ] + } + ], + "terminal": true + } + ] + }, + "srv1": { + "listen": [ + ":80" + ], + "routes": [ + { + "match": [ + { + "host": [ + "b.b" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "handler": "static_response", + "status_code": 404 + } + ] + } + ] + } + ], + "terminal": true + } + ], + "automatic_https": { + "skip": [ + "b.b" + ] + } + }, + "srv2": { + "listen": [ + ":8443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "b.b" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "handler": "static_response", + "status_code": 404 + } + ] + } + ] + } + ], + "terminal": true + } + ] + } + } + }, + "tls": { + "automation": { + "policies": [ + { + "subjects": [ + "a.a", + "b.b" + ], + "issuers": [ + { + "module": "internal" + } + ] + } + ] + } + } + } +} \ No newline at end of file From 31fbcd74016f35c4edf89b5de9c8a519663d588b Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 8 Dec 2020 14:06:52 -0700 Subject: [PATCH 0263/1498] go.mod: Upgrade some dependencies --- go.mod | 12 ++++++------ go.sum | 22 ++++++++++++---------- modules/caddytls/values.go | 4 ++-- 3 files changed, 20 insertions(+), 18 deletions(-) diff --git a/go.mod b/go.mod index 7532a3b8..0ef44648 100644 --- a/go.mod +++ b/go.mod @@ -4,15 +4,15 @@ go 1.14 require ( github.com/Masterminds/sprig/v3 v3.1.0 - github.com/alecthomas/chroma v0.8.0 + github.com/alecthomas/chroma v0.8.2 github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a github.com/caddyserver/certmagic v0.12.1-0.20201116175341-0f8a9f688760 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-chi/chi v4.1.2+incompatible - github.com/google/cel-go v0.5.1 + github.com/google/cel-go v0.6.0 github.com/jsternberg/zap-logfmt v1.2.0 - github.com/klauspost/compress v1.11.0 - github.com/klauspost/cpuid v1.2.5 // cannot upgrade until arm is fixed: https://github.com/klauspost/cpuid/issues/52 + github.com/klauspost/compress v1.11.3 + github.com/klauspost/cpuid/v2 v2.0.1 github.com/lucas-clemente/quic-go v0.19.3 github.com/mholt/acmez v0.1.1 github.com/naoina/go-stringutil v0.1.0 // indirect @@ -20,11 +20,11 @@ require ( github.com/prometheus/client_golang v1.7.1 github.com/smallstep/certificates v0.15.4 github.com/smallstep/cli v0.15.2 - github.com/smallstep/nosql v0.3.0 // cannot upgrade until protobuf warning is fixed + github.com/smallstep/nosql v0.3.0 // cannot upgrade from v0.3.0 until protobuf warning is fixed github.com/smallstep/truststore v0.9.6 github.com/yuin/goldmark v1.2.1 github.com/yuin/goldmark-highlighting v0.0.0-20200307114337-60d527fdb691 - go.uber.org/zap v1.15.0 + go.uber.org/zap v1.16.0 golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de golang.org/x/net v0.0.0-20201110031124-69a78807bb2b google.golang.org/genproto v0.0.0-20200806141610-86f49bd18e98 diff --git a/go.sum b/go.sum index 1bd92d4f..40c91fa4 100644 --- a/go.sum +++ b/go.sum @@ -51,8 +51,8 @@ github.com/akavel/rsrc v0.8.0/go.mod h1:uLoCtb9J+EyAqh+26kdrTgmzRBFPGOolLWKpdxkK github.com/alecthomas/assert v0.0.0-20170929043011-405dbfeb8e38 h1:smF2tmSOzy2Mm+0dGI2AIUHY+w0BUc+4tn40djz7+6U= github.com/alecthomas/assert v0.0.0-20170929043011-405dbfeb8e38/go.mod h1:r7bzyVFMNntcxPZXK3/+KdruV1H5KSlyVY0gc+NgInI= github.com/alecthomas/chroma v0.7.2-0.20200305040604-4f3623dce67a/go.mod h1:fv5SzZPFJbwp2NXJWpFIX7DZS4HgV1K4ew4Pc2OZD9s= -github.com/alecthomas/chroma v0.8.0 h1:HS+HE97sgcqjQGu5uVr8jIE55Mmh5UeQ7kckAhHg2pY= -github.com/alecthomas/chroma v0.8.0/go.mod h1:sko8vR34/90zvl5QdcUdvzL3J8NKjAUx9va9jPuFNoM= +github.com/alecthomas/chroma v0.8.2 h1:x3zkuE2lUk/RIekyAJ3XRqSCP4zwWDfcw/YJCuCAACg= +github.com/alecthomas/chroma v0.8.2/go.mod h1:sko8vR34/90zvl5QdcUdvzL3J8NKjAUx9va9jPuFNoM= github.com/alecthomas/colour v0.0.0-20160524082231-60882d9e2721 h1:JHZL0hZKJ1VENNfmXvHbgYlbUOvpzYzvy2aZU5gXVeo= github.com/alecthomas/colour v0.0.0-20160524082231-60882d9e2721/go.mod h1:QO9JBoKquHd+jz9nshCh40fOfO+JzsoXy8qTHF68zU0= github.com/alecthomas/kong v0.1.17-0.20190424132513-439c674f7ae0/go.mod h1:+inYUSluD+p4L8KdviBSgzcqEjUQOfC5fQDRFuc36lI= @@ -155,6 +155,7 @@ github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWo github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= +github.com/go-chi/chi v4.0.2+incompatible h1:maB6vn6FqCxrpz4FqWdh4+lwpyZIQS7YEAUcHlgXVRs= github.com/go-chi/chi v4.0.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= github.com/go-chi/chi v4.1.2+incompatible h1:fGFk2Gmi/YKXk0OmGfBh0WgmN3XB8lVnEyNz34tQRec= github.com/go-chi/chi v4.1.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= @@ -245,8 +246,8 @@ github.com/golangci/revgrep v0.0.0-20180812185044-276a5c0a1039/go.mod h1:qOQCunE github.com/golangci/unconvert v0.0.0-20180507085042-28b1c447d1f4/go.mod h1:Izgrg8RkN3rCIMLGE9CyYmU9pY2Jer6DgANEnZ/L/cQ= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/cel-go v0.5.1 h1:oDsbtAwlwFPEcC8dMoRWNuVzWJUDeDZeHjoet9rXjTs= -github.com/google/cel-go v0.5.1/go.mod h1:9SvtVVTtZV4DTB1/RuAD1D2HhuqEIdmZEE/r/lrFyKE= +github.com/google/cel-go v0.6.0 h1:Li+angxmgvzlwDsPuFc1/nbqnq3gc4K/X7NrWjOADFI= +github.com/google/cel-go v0.6.0/go.mod h1:rHS68o5G1QcUv/ubiCoZ5nT5LHxRWWfS0qMzTgv42WQ= github.com/google/cel-spec v0.4.0/go.mod h1:2pBM5cU4UKjbPDXBgwWkiwBsVgnxknuEJ7C5TDWwORQ= github.com/google/certificate-transparency-go v1.1.0/go.mod h1:i+Q7XY+ArBveOUT36jiHGfuSK1fHICIg6sUkRxPAbCs= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= @@ -329,12 +330,14 @@ github.com/kisielk/gotool v0.0.0-20161130080628-0de1eaf82fa3/go.mod h1:jxZFDH7IL github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.4.0/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= -github.com/klauspost/compress v1.11.0 h1:wJbzvpYMVGG9iTI9VxpnNZfd4DzMPoCWze3GgSqz8yg= -github.com/klauspost/compress v1.11.0/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= +github.com/klauspost/compress v1.11.3 h1:dB4Bn0tN3wdCzQxnS8r06kV74qN/TAfaIS0bVE8h3jc= +github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/cpuid v0.0.0-20180405133222-e7e905edc00e/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/klauspost/cpuid v1.2.5 h1:VBd9MyVIiJHzzgnrLQG5Bcv75H4YaWrlKqWHjurxCGo= github.com/klauspost/cpuid v1.2.5/go.mod h1:bYW4mA6ZgKPob1/Dlai2LviZJO7KGI3uoWLd42rAQw4= +github.com/klauspost/cpuid/v2 v2.0.1 h1:lb04bBEJoAoV48eHs4Eq0UyhmJCkRSdIjQ3uS8WJRM4= +github.com/klauspost/cpuid/v2 v2.0.1/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s= github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -544,12 +547,10 @@ github.com/smallstep/assert v0.0.0-20200103212524-b99dc1097b15/go.mod h1:MyOHs9P github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262 h1:unQFBIznI+VYD1/1fApl1A+9VcBk+9dcqGfnePY87LY= github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262/go.mod h1:MyOHs9Po2fbM1LHej6sBUT8ozbxmMOFG+E+rx/GSGuc= github.com/smallstep/certificates v0.15.0/go.mod h1:awyVXYIVn4J9ANSSnDuA3FjKia7+QixaqorGW8CKGq8= -github.com/smallstep/certificates v0.15.1 h1:Es2IGgU4D0RE4OKys/VB1KvAuGuZwkxR7D9A0DeM/Ow= github.com/smallstep/certificates v0.15.1/go.mod h1:hDmNejfuVTDDe1NBIKrhL9xjELRJb2ZFM+bDXwSW9xI= github.com/smallstep/certificates v0.15.4 h1:bBGb2GqrQ8wKHVOhcUfgRlaTHsO1S5rqsq/z93/mRSc= github.com/smallstep/certificates v0.15.4/go.mod h1:uMrxSjDsPBxCPLV58WQhj3L1R3zdnW7mvJloiC+cyws= github.com/smallstep/certinfo v1.3.0/go.mod h1:1gQJekdPwPvUwFWGTi7bZELmQT09cxC9wJ0VBkBNiwU= -github.com/smallstep/cli v0.15.0 h1:ZBU1o4vm4FvcOFnfiT09jxuE/OsZX1BsZl5E/l2gv/c= github.com/smallstep/cli v0.15.0/go.mod h1:trYpP49s+XF4fROcNgmPi4yO1EIKfqsc/eEck6SosO4= github.com/smallstep/cli v0.15.2 h1:bOrYD1w0Vu82XN3r7mHuXoEI9RyczHyzKjzDHQ7V7EE= github.com/smallstep/cli v0.15.2/go.mod h1:7SDI+reLecUkYdaluSt3ASH2vQYHxdeMXtsIGD9AQXA= @@ -643,7 +644,6 @@ go.opencensus.io v0.22.2 h1:75k/FF0Q2YM8QYo07VPddOLBslDt1MZOdEslOHvmzAs= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.step.sm/crypto v0.0.0-20200805202904-ec18b6df3cf0/go.mod h1:8VYxmvSKt5yOTBx3MGsD2Gk4F1Es/3FIxrjnfeYWE8U= go.step.sm/crypto v0.1.1/go.mod h1:cIoSWTfTQ5xqvwTeZH9ZXZzi6jdMepjK4A/TDWMUvw8= -go.step.sm/crypto v0.2.0 h1:Rx+XqrNO4ZGHWlT9QCXls2L9pvcNiI23zEpAq0fctvY= go.step.sm/crypto v0.2.0/go.mod h1:YNLnHj4JgABFoRkUq8brkscIB9THdiJUFoDxLQw1tww= go.step.sm/crypto v0.6.0 h1:fbGUG5VJmDetC+RQ/T0tb6Sx0wCOgqKZcZYzTpUa7eo= go.step.sm/crypto v0.6.0/go.mod h1:AKS4yMZVZD4EGjpSkY4eibuMenrvKCscb+BpWMet8c0= @@ -665,6 +665,8 @@ go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= go.uber.org/zap v1.15.0 h1:ZZCA22JRF2gQE5FoNmhmrf7jeJJ2uhqDUNRYKm8dvmM= go.uber.org/zap v1.15.0/go.mod h1:Mb2vm2krFEG5DV0W9qcHBYFtp/Wku1cvYaqPsS/WYfc= +go.uber.org/zap v1.16.0 h1:uFRZXykJGK9lLY4HtgSw44DnIcAM+kRBP7x5m+NpAOM= +go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ= go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE= golang.org/x/build v0.0.0-20190111050920-041ab4dc3f9d/go.mod h1:OWs+y06UdEOHN4y+MfF/py+xQ/tYqIWW03b70/CG9Rw= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= @@ -887,6 +889,7 @@ google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBr google.golang.org/genproto v0.0.0-20190927181202-20e1ac93f88c/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200416231807-8751e049a2a0/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20200806141610-86f49bd18e98 h1:LCO0fg4kb6WwkXQXRQQgUYsFeFb5taTX5WAx5O/Vt28= google.golang.org/genproto v0.0.0-20200806141610-86f49bd18e98/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= @@ -929,7 +932,6 @@ gopkg.in/ini.v1 v1.51.1/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/natefinch/lumberjack.v2 v2.0.0 h1:1Lc07Kr7qY4U2YPouBjpCLxpiyxIVoxqXgkXLknAOE8= gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= -gopkg.in/square/go-jose.v2 v2.4.0 h1:0kXPskUMGAXXWJlP05ktEMOV0vmzFQUWw6d+aZJQU8A= gopkg.in/square/go-jose.v2 v2.4.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/square/go-jose.v2 v2.5.1 h1:7odma5RETjNHWJnR32wx8t+Io4djHE1PqxCFx3iiZ2w= gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= diff --git a/modules/caddytls/values.go b/modules/caddytls/values.go index dea00131..4e8c1adc 100644 --- a/modules/caddytls/values.go +++ b/modules/caddytls/values.go @@ -20,7 +20,7 @@ import ( "fmt" "github.com/caddyserver/certmagic" - "github.com/klauspost/cpuid" + "github.com/klauspost/cpuid/v2" ) // CipherSuiteNameSupported returns true if name is @@ -75,7 +75,7 @@ var defaultCipherSuitesWithoutAESNI = []uint16{ // // See https://github.com/caddyserver/caddy/issues/1674 func getOptimalDefaultCipherSuites() []uint16 { - if cpuid.CPU.AesNi() { + if cpuid.CPU.Supports(cpuid.AESNI) { return defaultCipherSuitesWithAESNI } return defaultCipherSuitesWithoutAESNI From c898a37f4080fe3013974bee9a44ce98bd900cc3 Mon Sep 17 00:00:00 2001 From: Jack Baron Date: Wed, 9 Dec 2020 18:28:14 +0000 Subject: [PATCH 0264/1498] httpcaddyfile: support matching headers that do not exist (#3909) * add integration test for null header matcher * implement null header matcher syntax * avoid repeating magic ! * check for field following ! character --- .../caddyfile_adapt/matcher_syntax.txt | 24 +++++++++++++++ modules/caddyhttp/matchers.go | 29 +++++++++++++++---- 2 files changed, 48 insertions(+), 5 deletions(-) diff --git a/caddytest/integration/caddyfile_adapt/matcher_syntax.txt b/caddytest/integration/caddyfile_adapt/matcher_syntax.txt index c5c27607..019ce148 100644 --- a/caddytest/integration/caddyfile_adapt/matcher_syntax.txt +++ b/caddytest/integration/caddyfile_adapt/matcher_syntax.txt @@ -31,6 +31,12 @@ query bar=baz } respond @matcher8 "query matcher merging pairs with the same keys" + + @matcher9 { + header !Foo + header Bar foo + } + respond @matcher9 "header matcher with null field matcher" } ---------- { @@ -183,6 +189,24 @@ "handler": "static_response" } ] + }, + { + "match": [ + { + "header": { + "Bar": [ + "foo" + ], + "Foo": null + } + } + ], + "handle": [ + { + "body": "header matcher with null field matcher", + "handler": "static_response" + } + ] } ] } diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index c5cf21d8..4886ba64 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -470,13 +470,32 @@ func (m *MatchHeader) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { } for d.Next() { var field, val string - if !d.Args(&field, &val) { - return d.Errf("malformed header matcher: expected both field and value") + if !d.Args(&field) { + return d.Errf("malformed header matcher: expected field") } - // If multiple header matchers with the same header field are defined, - // we want to add the existing to the list of headers (will be OR'ed) - http.Header(*m).Add(field, val) + if strings.HasPrefix(field, "!") { + if len(field) == 1 { + return d.Errf("malformed header matcher: must have field name following ! character") + } + + field = field[1:] + headers := *m + headers[field] = nil + m = &headers + if d.NextArg() { + return d.Errf("malformed header matcher: null matching headers cannot have a field value") + } + } else { + if !d.NextArg() { + return d.Errf("malformed header matcher: expected both field and value") + } + + // If multiple header matchers with the same header field are defined, + // we want to add the existing to the list of headers (will be OR'ed) + val = d.Val() + http.Header(*m).Add(field, val) + } if d.NextBlock(0) { return d.Err("malformed header matcher: blocks are not supported") From a748151666ee442beca7a8756598bbf74d7f2aa4 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 9 Dec 2020 13:04:57 -0700 Subject: [PATCH 0265/1498] go.mod: Update CertMagic (fix #3911) --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 0ef44648..57df1398 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/Masterminds/sprig/v3 v3.1.0 github.com/alecthomas/chroma v0.8.2 github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a - github.com/caddyserver/certmagic v0.12.1-0.20201116175341-0f8a9f688760 + github.com/caddyserver/certmagic v0.12.1-0.20201209195841-b726d1ed13c3 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-chi/chi v4.1.2+incompatible github.com/google/cel-go v0.6.0 diff --git a/go.sum b/go.sum index 40c91fa4..d8e38cfb 100644 --- a/go.sum +++ b/go.sum @@ -85,8 +85,8 @@ github.com/bombsimon/wsl/v2 v2.0.0/go.mod h1:mf25kr/SqFEPhhcxW1+7pxzGlW+hIl/hYTK github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= -github.com/caddyserver/certmagic v0.12.1-0.20201116175341-0f8a9f688760 h1:h7KGtOb9TAfZp2/KwPd9iyqiLVZMWbpx5Mu0Her2iRw= -github.com/caddyserver/certmagic v0.12.1-0.20201116175341-0f8a9f688760/go.mod h1:tr26xh+9fY5dN0J6IPAlMj07qpog22PJKa7Nw7j835U= +github.com/caddyserver/certmagic v0.12.1-0.20201209195841-b726d1ed13c3 h1:NW/7kFV4p6VLwG5eQa6ECivSqxAO0MmnAsAV7esFp0o= +github.com/caddyserver/certmagic v0.12.1-0.20201209195841-b726d1ed13c3/go.mod h1:tr26xh+9fY5dN0J6IPAlMj07qpog22PJKa7Nw7j835U= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= From b8a799df9f58cf3ccc2577a37c2b561d2a3e72bd Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 9 Dec 2020 13:06:57 -0700 Subject: [PATCH 0266/1498] caddyhttp: Document that remote_ip reads X-Forwarded-For header https://caddy.community/t/remote-ip-behaviour/10762?u=matt --- modules/caddyhttp/matchers.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index 4886ba64..b9ddc336 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -105,6 +105,9 @@ type ( MatchProtocol string // MatchRemoteIP matches requests by client IP (or CIDR range). + // If the X-Forwarded-For header is set, the first IP in that list + // is used as the reference IP; otherwise, the remote IP of the + // connection is the reference. MatchRemoteIP struct { Ranges []string `json:"ranges,omitempty"` From 63bda6a0dc97e02d32865c31b5e46d2ead86ac7b Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 10 Dec 2020 14:36:46 -0700 Subject: [PATCH 0267/1498] caddyhttp: Clean up internal auto-HTTPS redirect code Refactor redirect route creation into own function. Improve condition for appending port. Fixes a bug manifested through new test case: TestAutoHTTPRedirectsWithHTTPListenerFirstInAddresses --- caddytest/caddytest.go | 10 +++- caddytest/integration/autohttps_test.go | 62 +++++++++++++++++++- modules/caddyhttp/autohttps.go | 76 ++++++++++++------------- 3 files changed, 104 insertions(+), 44 deletions(-) diff --git a/caddytest/caddytest.go b/caddytest/caddytest.go index d3c70b60..5387da78 100644 --- a/caddytest/caddytest.go +++ b/caddytest/caddytest.go @@ -314,9 +314,13 @@ func (tc *Tester) AssertRedirect(requestURI string, expectedToLocation string, e if err != nil { tc.t.Errorf("requesting \"%s\" expected location: \"%s\" but got error: %s", requestURI, expectedToLocation, err) } - - if expectedToLocation != loc.String() { - tc.t.Errorf("requesting \"%s\" expected location: \"%s\" but got \"%s\"", requestURI, expectedToLocation, loc.String()) + if loc == nil && expectedToLocation != "" { + tc.t.Errorf("requesting \"%s\" expected a Location header, but didn't get one", requestURI) + } + if loc != nil { + if expectedToLocation != loc.String() { + tc.t.Errorf("requesting \"%s\" expected location: \"%s\" but got \"%s\"", requestURI, expectedToLocation, loc.String()) + } } return resp diff --git a/caddytest/integration/autohttps_test.go b/caddytest/integration/autohttps_test.go index 62f172d2..db6329a0 100644 --- a/caddytest/integration/autohttps_test.go +++ b/caddytest/integration/autohttps_test.go @@ -7,7 +7,21 @@ import ( "github.com/caddyserver/caddy/v2/caddytest" ) -func TestAutoHTTPtoHTTPSRedirects(t *testing.T) { +func TestAutoHTTPtoHTTPSRedirectsImplicitPort(t *testing.T) { + tester := caddytest.NewTester(t) + tester.InitServer(` + { + http_port 9080 + https_port 9443 + } + localhost + respond "Yahaha! You found me!" + `, "caddyfile") + + tester.AssertRedirect("http://localhost:9080/", "https://localhost/", http.StatusPermanentRedirect) +} + +func TestAutoHTTPtoHTTPSRedirectsExplicitPortSameAsHTTPSPort(t *testing.T) { tester := caddytest.NewTester(t) tester.InitServer(` { @@ -20,3 +34,49 @@ func TestAutoHTTPtoHTTPSRedirects(t *testing.T) { tester.AssertRedirect("http://localhost:9080/", "https://localhost/", http.StatusPermanentRedirect) } + +func TestAutoHTTPtoHTTPSRedirectsExplicitPortDifferentFromHTTPSPort(t *testing.T) { + tester := caddytest.NewTester(t) + tester.InitServer(` + { + http_port 9080 + https_port 9443 + } + localhost:1234 + respond "Yahaha! You found me!" + `, "caddyfile") + + tester.AssertRedirect("http://localhost:9080/", "https://localhost:1234/", http.StatusPermanentRedirect) +} + +func TestAutoHTTPRedirectsWithHTTPListenerFirstInAddresses(t *testing.T) { + tester := caddytest.NewTester(t) + tester.InitServer(` +{ + "apps": { + "http": { + "http_port": 9080, + "https_port": 9443, + "servers": { + "ingress_server": { + "listen": [ + ":9080", + ":9443" + ], + "routes": [ + { + "match": [ + { + "host": ["localhost"] + } + ] + } + ] + } + } + } + } +} +`, "json") + tester.AssertRedirect("http://localhost:9080/", "https://localhost/", http.StatusPermanentRedirect) +} diff --git a/modules/caddyhttp/autohttps.go b/modules/caddyhttp/autohttps.go index fff4c461..9d6612fa 100644 --- a/modules/caddyhttp/autohttps.go +++ b/modules/caddyhttp/autohttps.go @@ -303,31 +303,11 @@ uniqueDomainsLoop: matcherSet = append(matcherSet, MatchHost(domains)) } - // build the address to which to redirect addr, err := caddy.ParseNetworkAddress(addrStr) if err != nil { return err } - redirTo := "https://{http.request.host}" - if addr.StartPort != uint(app.httpsPort()) { - redirTo += ":" + strconv.Itoa(int(addr.StartPort)) - } - redirTo += "{http.request.uri}" - - // build the route - redirRoute := Route{ - MatcherSets: []MatcherSet{matcherSet}, - Handlers: []MiddlewareHandler{ - StaticResponse{ - StatusCode: WeakString(strconv.Itoa(http.StatusPermanentRedirect)), - Headers: http.Header{ - "Location": []string{redirTo}, - "Connection": []string{"close"}, - }, - Close: true, - }, - }, - } + redirRoute := app.makeRedirRoute(addr.StartPort, matcherSet) // use the network/host information from the address, // but change the port to the HTTP port then rebuild @@ -355,25 +335,7 @@ uniqueDomainsLoop: // it's not something that should be relied on. We can change this // if we want to. appendCatchAll := func(routes []Route) []Route { - redirTo := "https://{http.request.host}" - if app.httpsPort() != DefaultHTTPSPort { - redirTo += ":" + strconv.Itoa(app.httpsPort()) - } - redirTo += "{http.request.uri}" - routes = append(routes, Route{ - MatcherSets: []MatcherSet{{MatchProtocol("http")}}, - Handlers: []MiddlewareHandler{ - StaticResponse{ - StatusCode: WeakString(strconv.Itoa(http.StatusPermanentRedirect)), - Headers: http.Header{ - "Location": []string{redirTo}, - "Connection": []string{"close"}, - }, - Close: true, - }, - }, - }) - return routes + return append(routes, app.makeRedirRoute(uint(app.httpsPort()), MatcherSet{MatchProtocol("http")})) } redirServersLoop: @@ -422,6 +384,40 @@ redirServersLoop: return nil } +func (app *App) makeRedirRoute(redirToPort uint, matcherSet MatcherSet) Route { + redirTo := "https://{http.request.host}" + + // since this is an external redirect, we should only append an explicit + // port if we know it is not the officially standardized HTTPS port, and, + // notably, also not the port that Caddy thinks is the HTTPS port (the + // configurable HTTPSPort parameter) - we can't change the standard HTTPS + // port externally, so that config parameter is for internal use only; + // we also do not append the port if it happens to be the HTTP port as + // well, obviously (for example, user defines the HTTP port explicitly + // in the list of listen addresses for a server) + if redirToPort != uint(app.httpPort()) && + redirToPort != uint(app.httpsPort()) && + redirToPort != DefaultHTTPPort && + redirToPort != DefaultHTTPSPort { + redirTo += ":" + strconv.Itoa(int(redirToPort)) + } + + redirTo += "{http.request.uri}" + return Route{ + MatcherSets: []MatcherSet{matcherSet}, + Handlers: []MiddlewareHandler{ + StaticResponse{ + StatusCode: WeakString(strconv.Itoa(http.StatusPermanentRedirect)), + Headers: http.Header{ + "Location": []string{redirTo}, + "Connection": []string{"close"}, + }, + Close: true, + }, + }, + } +} + // createAutomationPolicy ensures that automated certificates for this // app are managed properly. This adds up to two automation policies: // one for the public names, and one for the internal names. If a catch-all From deedf8abb036bdc096360bd6f06df17a6cff9799 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 10 Dec 2020 16:09:30 -0700 Subject: [PATCH 0268/1498] caddyhttp: Optionally use forwarded IP for remote_ip matcher The remote_ip matcher was reading the X-Forwarded-For header by default, but this behavior was not documented in anything that was released. This is also a less secure default, as it is trivially easy to spoof request headers. Reading IPs from that header should be optional, and it should not be the default. This is technically a breaking change, but anyone relying on the undocumented behavior was just doing so by coincidence/luck up to this point since it was never in any released documentation. We'll still add a mention in the release notes about this. --- modules/caddyhttp/matchers.go | 35 ++++++++++++++++++++++------------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index b9ddc336..b77677bf 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -105,12 +105,16 @@ type ( MatchProtocol string // MatchRemoteIP matches requests by client IP (or CIDR range). - // If the X-Forwarded-For header is set, the first IP in that list - // is used as the reference IP; otherwise, the remote IP of the - // connection is the reference. MatchRemoteIP struct { + // The IPs or CIDR ranges to match. Ranges []string `json:"ranges,omitempty"` + // If true, prefer the first IP in the request's X-Forwarded-For + // header, if present, rather than the immediate peer's IP, as + // the reference IP against which to match. Note that it is easy + // to spoof request headers. Default: false + Forwarded bool `json:"forwarded,omitempty"` + cidrs []*net.IPNet logger *zap.Logger } @@ -795,7 +799,16 @@ func (MatchRemoteIP) CaddyModule() caddy.ModuleInfo { // UnmarshalCaddyfile implements caddyfile.Unmarshaler. func (m *MatchRemoteIP) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { for d.Next() { - m.Ranges = append(m.Ranges, d.RemainingArgs()...) + for d.NextArg() { + if d.Val() == "forwarded" { + if len(m.Ranges) > 0 { + return d.Err("if used, 'forwarded' must be first argument") + } + m.Forwarded = true + continue + } + m.Ranges = append(m.Ranges, d.Val()) + } if d.NextBlock(0) { return d.Err("malformed remote_ip matcher: blocks are not supported") } @@ -829,24 +842,20 @@ func (m *MatchRemoteIP) Provision(ctx caddy.Context) error { } func (m MatchRemoteIP) getClientIP(r *http.Request) (net.IP, error) { - var remote string - if fwdFor := r.Header.Get("X-Forwarded-For"); fwdFor != "" { - remote = strings.TrimSpace(strings.Split(fwdFor, ",")[0]) + remote := r.RemoteAddr + if m.Forwarded { + if fwdFor := r.Header.Get("X-Forwarded-For"); fwdFor != "" { + remote = strings.TrimSpace(strings.Split(fwdFor, ",")[0]) + } } - if remote == "" { - remote = r.RemoteAddr - } - ipStr, _, err := net.SplitHostPort(remote) if err != nil { ipStr = remote // OK; probably didn't have a port } - ip := net.ParseIP(ipStr) if ip == nil { return nil, fmt.Errorf("invalid client IP address: %s", ipStr) } - return ip, nil } From 132525de3bfd6acb16f8628fa057cb03e102a177 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 14 Dec 2020 15:30:55 -0700 Subject: [PATCH 0269/1498] reverseproxy: Minor lint fixes --- .../reverseproxy/selectionpolicies.go | 21 +++++++++---------- .../reverseproxy/selectionpolicies_test.go | 10 ++++----- 2 files changed, 15 insertions(+), 16 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/selectionpolicies.go b/modules/caddyhttp/reverseproxy/selectionpolicies.go index a391b2f9..e86e97e4 100644 --- a/modules/caddyhttp/reverseproxy/selectionpolicies.go +++ b/modules/caddyhttp/reverseproxy/selectionpolicies.go @@ -401,17 +401,16 @@ func (s CookieHashSelection) Select(pool UpstreamPool, req *http.Request, w http // If there's no cookie, select new random host if err != nil || cookie == nil { return selectNewHostWithCookieHashSelection(pool, w, s.Secret, s.Name) - } else { - // If the cookie is present, loop over the available upstreams until we find a match - cookieValue := cookie.Value - for _, upstream := range pool { - if !upstream.Available() { - continue - } - sha, err := hashCookie(s.Secret, upstream.Dial) - if err == nil && sha == cookieValue { - return upstream - } + } + // If the cookie is present, loop over the available upstreams until we find a match + cookieValue := cookie.Value + for _, upstream := range pool { + if !upstream.Available() { + continue + } + sha, err := hashCookie(s.Secret, upstream.Dial) + if err == nil && sha == cookieValue { + return upstream } } // If there is no matching host, select new random host diff --git a/modules/caddyhttp/reverseproxy/selectionpolicies_test.go b/modules/caddyhttp/reverseproxy/selectionpolicies_test.go index 5368a1ac..70d05aca 100644 --- a/modules/caddyhttp/reverseproxy/selectionpolicies_test.go +++ b/modules/caddyhttp/reverseproxy/selectionpolicies_test.go @@ -335,11 +335,11 @@ func TestCookieHashPolicy(t *testing.T) { w := httptest.NewRecorder() cookieHashPolicy := new(CookieHashSelection) h := cookieHashPolicy.Select(pool, request, w) - cookie_server1 := w.Result().Cookies()[0] - if cookie_server1 == nil { + cookieServer1 := w.Result().Cookies()[0] + if cookieServer1 == nil { t.Error("cookieHashPolicy should set a cookie") } - if cookie_server1.Name != "lb" { + if cookieServer1.Name != "lb" { t.Error("cookieHashPolicy should set a cookie with name lb") } if h != pool[0] { @@ -349,7 +349,7 @@ func TestCookieHashPolicy(t *testing.T) { pool[2].SetHealthy(true) request = httptest.NewRequest(http.MethodGet, "/test", nil) w = httptest.NewRecorder() - request.AddCookie(cookie_server1) + request.AddCookie(cookieServer1) h = cookieHashPolicy.Select(pool, request, w) if h != pool[0] { t.Error("Expected cookieHashPolicy host to stick to the first host (matching cookie).") @@ -361,7 +361,7 @@ func TestCookieHashPolicy(t *testing.T) { pool[0].SetHealthy(false) request = httptest.NewRequest(http.MethodGet, "/test", nil) w = httptest.NewRecorder() - request.AddCookie(cookie_server1) + request.AddCookie(cookieServer1) h = cookieHashPolicy.Select(pool, request, w) if h == pool[0] { t.Error("Expected cookieHashPolicy to select a new host.") From e384f07a3ce91ddbc8c4d4344f03a0dafe3df9f3 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 15 Dec 2020 12:16:04 -0700 Subject: [PATCH 0270/1498] caddytls: Improve alt chain preference settings This allows for finer-grained control when choosing alternate chains than simply the previous/Certbot-esque behavior of "choose first chain that contains an issuer's common name." This update allows you to sort by length (if optimizing for efficiency on the wire) and also to select the chain with a specific root CommonName. --- go.mod | 2 +- go.sum | 4 ++-- modules/caddytls/acmeissuer.go | 34 +++++++++++++++++++++++++++++----- 3 files changed, 32 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index 57df1398..f116149b 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/Masterminds/sprig/v3 v3.1.0 github.com/alecthomas/chroma v0.8.2 github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a - github.com/caddyserver/certmagic v0.12.1-0.20201209195841-b726d1ed13c3 + github.com/caddyserver/certmagic v0.12.1-0.20201215190346-201f83a06067 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-chi/chi v4.1.2+incompatible github.com/google/cel-go v0.6.0 diff --git a/go.sum b/go.sum index d8e38cfb..27dab3b1 100644 --- a/go.sum +++ b/go.sum @@ -85,8 +85,8 @@ github.com/bombsimon/wsl/v2 v2.0.0/go.mod h1:mf25kr/SqFEPhhcxW1+7pxzGlW+hIl/hYTK github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= -github.com/caddyserver/certmagic v0.12.1-0.20201209195841-b726d1ed13c3 h1:NW/7kFV4p6VLwG5eQa6ECivSqxAO0MmnAsAV7esFp0o= -github.com/caddyserver/certmagic v0.12.1-0.20201209195841-b726d1ed13c3/go.mod h1:tr26xh+9fY5dN0J6IPAlMj07qpog22PJKa7Nw7j835U= +github.com/caddyserver/certmagic v0.12.1-0.20201215190346-201f83a06067 h1:gpjCX6/8hHRgVXxy1v2AQdoAX6XRXIA8fBUZtEpnVg0= +github.com/caddyserver/certmagic v0.12.1-0.20201215190346-201f83a06067/go.mod h1:tr26xh+9fY5dN0J6IPAlMj07qpog22PJKa7Nw7j835U= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go index 7c79c7e1..df071c4b 100644 --- a/modules/caddytls/acmeissuer.go +++ b/modules/caddytls/acmeissuer.go @@ -74,10 +74,11 @@ type ACMEIssuer struct { // is internal or for development/testing purposes. TrustedRootsPEMFiles []string `json:"trusted_roots_pem_files,omitempty"` - // List of preferred certificate chains, by issuer's CommonName. If empty, - // or if no matching chain is found, the first chain offered by the server - // will be used. - PreferredChains []string `json:"preferred_chains,omitempty"` + // Preferences for selecting alternate certificate chains, if offered + // by the CA. By default, the first offered chain will be selected. + // If configured, the chains may be sorted and the first matching chain + // will be selected. + PreferredChains *ChainPreference `json:"preferred_chains,omitempty"` rootPool *x509.CertPool template certmagic.ACMEManager @@ -163,7 +164,6 @@ func (iss *ACMEIssuer) makeIssuerTemplate() (certmagic.ACMEManager, error) { CertObtainTimeout: time.Duration(iss.ACMETimeout), TrustedRoots: iss.rootPool, ExternalAccount: iss.ExternalAccount, - PreferredChains: iss.PreferredChains, Logger: iss.logger, } @@ -182,6 +182,14 @@ func (iss *ACMEIssuer) makeIssuerTemplate() (certmagic.ACMEManager, error) { template.ListenHost = iss.Challenges.BindHost } + if iss.PreferredChains != nil { + template.PreferredChains = certmagic.ChainPreference{ + Smallest: iss.PreferredChains.Smallest, + AnyCommonName: iss.PreferredChains.AnyCommonName, + RootCommonName: iss.PreferredChains.RootCommonName, + } + } + return template, nil } @@ -407,6 +415,22 @@ func onDemandAskRequest(ask string, name string) error { return nil } +// ChainPreference describes the client's preferred certificate chain, +// useful if the CA offers alternate chains. The first matching chain +// will be selected. +type ChainPreference struct { + // Prefer chains with the fewest number of bytes. + Smallest *bool `json:"smallest,omitempty"` + + // Select first chain having a root with one of + // these common names. + RootCommonName []string `json:"root_common_name,omitempty"` + + // Select first chain that has any issuer with one + // of these common names. + AnyCommonName []string `json:"any_common_name,omitempty"` +} + // Interface guards var ( _ certmagic.PreChecker = (*ACMEIssuer)(nil) From 635f075f187ac73c65e6939b8402494469a4d627 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 16 Dec 2020 15:22:16 -0700 Subject: [PATCH 0271/1498] caddyfile: Fix minor bug in formatter --- caddyconfig/caddyfile/formatter.go | 2 ++ caddyconfig/caddyfile/formatter_test.go | 11 +++++++++++ 2 files changed, 13 insertions(+) diff --git a/caddyconfig/caddyfile/formatter.go b/caddyconfig/caddyfile/formatter.go index 62705416..86202192 100644 --- a/caddyconfig/caddyfile/formatter.go +++ b/caddyconfig/caddyfile/formatter.go @@ -78,6 +78,8 @@ func Format(input []byte) []byte { if comment { if ch == '\n' { comment = false + nextLine() + continue } else { write(ch) continue diff --git a/caddyconfig/caddyfile/formatter_test.go b/caddyconfig/caddyfile/formatter_test.go index 6751ecaa..6cae20d7 100644 --- a/caddyconfig/caddyfile/formatter_test.go +++ b/caddyconfig/caddyfile/formatter_test.go @@ -310,6 +310,17 @@ baz`, input: `redir / /some/#/path`, expect: `redir / /some/#/path`, }, + { + description: "brace does not fold into comment above", + input: `# comment +{ + foo +}`, + expect: `# comment +{ + foo +}`, + }, } { // the formatter should output a trailing newline, // even if the tests aren't written to expect that From 2b90cdba52e2a4f160cdef829425bc01fbaa0d04 Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Tue, 29 Dec 2020 22:52:13 +0300 Subject: [PATCH 0272/1498] ci: reject tags if not signed by Matthew Holt's key (#3932) * ci: reject tags if not signed by Matthew Holt's key * ci: don't reject tags if an intermediate commits are not signed --- .github/workflows/release.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 763c9e20..a51a35dd 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -53,6 +53,16 @@ jobs: echo "::set-output name=tag_patch::${TAG_PATCH}" echo "::set-output name=tag_special::${TAG_SPECIAL}" + - name: Validate commits and tag signatures + run: | + + # Import Matt Holt's key + curl 'https://github.com/mholt.gpg' | gpg --import + + echo "Verifying the tag: ${{ steps.vars.outputs.version_tag }}" + # tags are only accepted if signed by Matt's key + git verify-tag "${{ steps.vars.outputs.version_tag }}" || exit 1 + - name: Cache the build cache uses: actions/cache@v2 with: From 38a83ca6f8f52d08bf47775518b51bf135978294 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 30 Dec 2020 09:28:20 -0500 Subject: [PATCH 0273/1498] ci: Update goreleaser to fix deprecation notices (#3945) See https://goreleaser.com/deprecations#nfpmsfiles and https://goreleaser.com/deprecations#nfpmsconfig_files --- .goreleaser.yml | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/.goreleaser.yml b/.goreleaser.yml index 0c83f9ef..9bdf2214 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -84,13 +84,22 @@ nfpms: # - rpm bindir: /usr/bin - files: - ./caddy-dist/init/caddy.service: /lib/systemd/system/caddy.service - ./caddy-dist/init/caddy-api.service: /lib/systemd/system/caddy-api.service - ./caddy-dist/welcome/index.html: /usr/share/caddy/index.html - ./caddy-dist/scripts/completions/bash-completion: /etc/bash_completion.d/caddy - config_files: - ./caddy-dist/config/Caddyfile: /etc/caddy/Caddyfile + contents: + - src: ./caddy-dist/init/caddy.service + dst: /lib/systemd/system/caddy.service + + - src: ./caddy-dist/init/caddy-api.service + dst: /lib/systemd/system/caddy-api.service + + - src: ./caddy-dist/welcome/index.html + dst: /usr/share/caddy/index.html + + - src: ./caddy-dist/scripts/completions/bash-completion + dst: /etc/bash_completion.d/caddy + + - src: ./caddy-dist/config/Caddyfile + dst: /etc/caddy/Caddyfile + type: config scripts: postinstall: ./caddy-dist/scripts/postinstall.sh From d8bcf5be4e0f548c7beeaca36c8a134e32418dc8 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 30 Dec 2020 08:03:33 -0700 Subject: [PATCH 0274/1498] fileserver: Fix "go up" links in browse listings (closes #3942) At some point we changed how paths are represented down the function calls of browse listings and forgot to update the canGoUp logic. I think this is right? It's simpler now. --- modules/caddyhttp/fileserver/browse.go | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/modules/caddyhttp/fileserver/browse.go b/modules/caddyhttp/fileserver/browse.go index 1f6986f0..2712077f 100644 --- a/modules/caddyhttp/fileserver/browse.go +++ b/modules/caddyhttp/fileserver/browse.go @@ -99,9 +99,8 @@ func (fsrv *FileServer) loadDirectoryContents(dir *os.File, root, urlPath string return browseListing{}, err } - // determine if user can browse up another folder - curPathDir := path.Dir(strings.TrimSuffix(urlPath, "/")) - canGoUp := strings.HasPrefix(curPathDir, root) + // user can presumably browse "up" to parent folder if path is longer than "/" + canGoUp := len(urlPath) > 1 return fsrv.directoryListing(files, canGoUp, root, urlPath, repl), nil } From 79f3af99275447058951bc27fc45b669868dde7e Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 30 Dec 2020 12:54:58 -0500 Subject: [PATCH 0275/1498] ci: Add pushing to cloudsmith (#3941) * ci: Add pushing to cloudsmith * ci: Update comments, remove env TODO * ci: Fix Cloudsmith installation by setting PATH * docs: Add Cloudsmith attribution to README * ci: Switch to keeping armv7 as the armhf .deb --- .github/workflows/release.yml | 55 +++++++++++++++++++++++++++++++++++ README.md | 6 +++- 2 files changed, 60 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a51a35dd..c09f2379 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -41,6 +41,9 @@ jobs: echo "::set-output name=short_sha::$(git rev-parse --short HEAD)" echo "::set-output name=go_cache::$(go env GOCACHE)" + # Add "pip install" CLI tools to PATH + echo ~/.local/bin >> $GITHUB_PATH + # Parse semver TAG=${GITHUB_REF/refs\/tags\//} SEMVER_RE='[^0-9]*\([0-9]*\)[.]\([0-9]*\)[.]\([0-9]*\)\([0-9A-Za-z\.-]*\)' @@ -53,6 +56,11 @@ jobs: echo "::set-output name=tag_patch::${TAG_PATCH}" echo "::set-output name=tag_special::${TAG_SPECIAL}" + # Cloudsmith CLI tooling for pushing releases + # See https://help.cloudsmith.io/docs/cli + - name: Install Cloudsmith CLI + run: pip install --upgrade cloudsmith-cli + - name: Validate commits and tag signatures run: | @@ -82,12 +90,59 @@ jobs: TAG: ${{ steps.vars.outputs.version_tag }} # Only publish on non-special tags (e.g. non-beta) + # We will continue to push to Gemfury for the forseeable future, although + # Cloudsmith is probably better, to not break things for existing users of Gemfury. + # See https://gemfury.com/caddy/deb:caddy - name: Publish .deb to Gemfury if: ${{ steps.vars.outputs.tag_special == '' }} env: GEMFURY_PUSH_TOKEN: ${{ secrets.GEMFURY_PUSH_TOKEN }} run: | for filename in dist/*.deb; do + # armv6 and armv7 are both "armhf" so we can skip the duplicate + if [[ "$filename" == *"armv6"* ]]; then + echo "Skipping $filename" + continue + fi + curl -F package=@"$filename" https://${GEMFURY_PUSH_TOKEN}:@push.fury.io/caddy/ done + # Publish only special tags (unstable/beta/rc) to the "testing" repo + # See https://cloudsmith.io/~caddy/repos/testing/ + - name: Publish .deb to Cloudsmith (special tags) + if: ${{ steps.vars.outputs.tag_special != '' }} + env: + CLOUDSMITH_API_KEY: ${{ secrets.CLOUDSMITH_API_KEY }} + run: | + for filename in dist/*.deb; do + # armv6 and armv7 are both "armhf" so we can skip the duplicate + if [[ "$filename" == *"armv6"* ]]; then + echo "Skipping $filename" + continue + fi + + echo "Pushing $filename to 'testing'" + cloudsmith push deb caddy/testing/any-distro/any-version $filename + done + + # Publish stable tags to Cloudsmith to both repos, "stable" and "testing" + # See https://cloudsmith.io/~caddy/repos/stable/ + - name: Publish .deb to Cloudsmith (stable tags) + if: ${{ steps.vars.outputs.tag_special == '' }} + env: + CLOUDSMITH_API_KEY: ${{ secrets.CLOUDSMITH_API_KEY }} + run: | + for filename in dist/*.deb; do + # armv6 and armv7 are both "armhf" so we can skip the duplicate + if [[ "$filename" == *"armv6"* ]]; then + echo "Skipping $filename" + continue + fi + + echo "Pushing $filename to 'stable'" + cloudsmith push deb caddy/stable/any-distro/any-version $filename + + echo "Pushing $filename to 'testing'" + cloudsmith push deb caddy/testing/any-distro/any-version $filename + done diff --git a/README.md b/README.md index 90753653..316a56a9 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,9 @@
@caddyserver on Twitter Caddy Forum +
Caddy on Sourcegraph + Cloudsmith

Releases · @@ -187,4 +189,6 @@ Please use our [issue tracker](https://github.com/caddyserver/caddy/issues) only - _Project on Twitter: [@caddyserver](https://twitter.com/caddyserver)_ - _Author on Twitter: [@mholt6](https://twitter.com/mholt6)_ -Caddy is a project of [ZeroSSL](https://zerossl.com), an [apilayer](https://apilayer.com) company. \ No newline at end of file +Caddy is a project of [ZeroSSL](https://zerossl.com), an [apilayer](https://apilayer.com) company. + +Debian package repository hosting is graciously provided by [Cloudsmith](https://cloudsmith.com). Cloudsmith is the only fully hosted, cloud-native, universal package management solution, that enables your organization to create, store and share packages in any format, to any place, with total confidence. \ No newline at end of file From ebc278ec98bb24f2852b61fde2a9bf2e3d83818b Mon Sep 17 00:00:00 2001 From: Dave Henderson Date: Wed, 30 Dec 2020 13:44:02 -0500 Subject: [PATCH 0276/1498] metrics: allow disabling OpenMetrics negotiation (#3944) * metrics: allow disabling OpenMetrics negotiation Signed-off-by: Dave Henderson * fixup! metrics: allow disabling OpenMetrics negotiation --- .../caddyfile_adapt/metrics_disable_om.txt | 36 ++++ .../caddyfile_adapt/metrics_syntax.txt | 33 ++++ go.mod | 2 +- go.sum | 170 ++++++++++++++++-- modules/metrics/adminmetrics.go | 2 +- modules/metrics/metrics.go | 23 ++- modules/metrics/metrics_test.go | 45 +++++ 7 files changed, 292 insertions(+), 19 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/metrics_disable_om.txt create mode 100644 caddytest/integration/caddyfile_adapt/metrics_syntax.txt create mode 100644 modules/metrics/metrics_test.go diff --git a/caddytest/integration/caddyfile_adapt/metrics_disable_om.txt b/caddytest/integration/caddyfile_adapt/metrics_disable_om.txt new file mode 100644 index 00000000..2d7b24f4 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/metrics_disable_om.txt @@ -0,0 +1,36 @@ +:80 { + metrics /metrics { + disable_openmetrics + } +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":80" + ], + "routes": [ + { + "match": [ + { + "path": [ + "/metrics" + ] + } + ], + "handle": [ + { + "disable_openmetrics": true, + "handler": "metrics" + } + ] + } + ] + } + } + } + } +} diff --git a/caddytest/integration/caddyfile_adapt/metrics_syntax.txt b/caddytest/integration/caddyfile_adapt/metrics_syntax.txt new file mode 100644 index 00000000..ca08cea2 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/metrics_syntax.txt @@ -0,0 +1,33 @@ +:80 { + metrics /metrics +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":80" + ], + "routes": [ + { + "match": [ + { + "path": [ + "/metrics" + ] + } + ], + "handle": [ + { + "handler": "metrics" + } + ] + } + ] + } + } + } + } +} diff --git a/go.mod b/go.mod index f116149b..526a1fcb 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/mholt/acmez v0.1.1 github.com/naoina/go-stringutil v0.1.0 // indirect github.com/naoina/toml v0.1.1 - github.com/prometheus/client_golang v1.7.1 + github.com/prometheus/client_golang v1.9.0 github.com/smallstep/certificates v0.15.4 github.com/smallstep/cli v0.15.2 github.com/smallstep/nosql v0.3.0 // cannot upgrade from v0.3.0 until protobuf warning is fixed diff --git a/go.sum b/go.sum index 27dab3b1..2b19650e 100644 --- a/go.sum +++ b/go.sum @@ -30,6 +30,7 @@ github.com/DataDog/zstd v1.4.1 h1:3oxKN3wbHibqx897utPC2LTQU4J+IHWWJO+glkAkpFM= github.com/DataDog/zstd v1.4.1/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo= github.com/GeertJohan/go.incremental v1.0.0/go.mod h1:6fAjUhbVuX1KcMD3c8TEgVUqmo4seqhv0i0kdATSkM0= github.com/GeertJohan/go.rice v1.0.0/go.mod h1:eH6gbSOAUv07dQuZVnBmoDP8mgsM1rtixis4Tib9if0= +github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= github.com/Masterminds/glide v0.13.2/go.mod h1:STyF5vcenH/rUqTEv+/hBXlSTo7KYwg2oc2f4tzPWic= github.com/Masterminds/goutils v1.1.0 h1:zukEsf/1JZwCMgHiK3GZftabmxiCw4apj3a28RPBiVg= github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= @@ -45,8 +46,12 @@ github.com/OneOfOne/xxhash v1.2.2 h1:KMrpdQIwFcEqXDklaen+P1axHaj9BSKzvpUUfnHldSE github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/OpenPeeDeeP/depguard v1.0.0/go.mod h1:7/4sitnI9YlQgTLLk734QlzXT8DuHVnAyztLplQjk+o= github.com/OpenPeeDeeP/depguard v1.0.1/go.mod h1:xsIw86fROiiwelg+jB2uM9PiKihMMmUx/1V+TNhjQvM= +github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= +github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= github.com/StackExchange/wmi v0.0.0-20180116203802-5d049714c4a6/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg= github.com/ThomasRooney/gexpect v0.0.0-20161231170123-5482f0350944/go.mod h1:sPML5WwI6oxLRLPuuqbtoOKhtmpVDCYtwsps+I+vjIY= +github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g= +github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= github.com/akavel/rsrc v0.8.0/go.mod h1:uLoCtb9J+EyAqh+26kdrTgmzRBFPGOolLWKpdxkKq+c= github.com/alecthomas/assert v0.0.0-20170929043011-405dbfeb8e38 h1:smF2tmSOzy2Mm+0dGI2AIUHY+w0BUc+4tn40djz7+6U= github.com/alecthomas/assert v0.0.0-20170929043011-405dbfeb8e38/go.mod h1:r7bzyVFMNntcxPZXK3/+KdruV1H5KSlyVY0gc+NgInI= @@ -65,17 +70,26 @@ github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuy github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/antlr/antlr4 v0.0.0-20200503195918-621b933c7a7f h1:0cEys61Sr2hUBEXfNV8eyQP01oZuBgoMeHunebPirK8= github.com/antlr/antlr4 v0.0.0-20200503195918-621b933c7a7f/go.mod h1:T7PbCXFs94rrTttyxjbyT5+/1V8T2TYDejxUfHJjw1Y= +github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= +github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= +github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= +github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a h1:pv34s756C4pEXnjgPfGYgdhg/ZdajGhyOvzx8k+23nw= github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A= github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= +github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU= github.com/aws/aws-sdk-go v1.19.18/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= +github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.30.29 h1:NXNqBS9hjOCpDL8SyCyl38gZX3LLLunKOJc5E7vJ8P0= github.com/aws/aws-sdk-go v1.30.29/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= +github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -87,6 +101,8 @@ github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBT github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= github.com/caddyserver/certmagic v0.12.1-0.20201215190346-201f83a06067 h1:gpjCX6/8hHRgVXxy1v2AQdoAX6XRXIA8fBUZtEpnVg0= github.com/caddyserver/certmagic v0.12.1-0.20201215190346-201f83a06067/go.mod h1:tr26xh+9fY5dN0J6IPAlMj07qpog22PJKa7Nw7j835U= +github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= +github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= @@ -101,7 +117,10 @@ github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e h1:fY5BOSpyZCqRo5O github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1 h1:q763qf9huN11kDQavWsoZXJNW3xEE4JJyHa5Q25/sd8= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= +github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= +github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= +github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI= github.com/codegangsta/cli v1.20.0/go.mod h1:/qJNoX69yVSKu5o4jLyXAENLRyk1uhi7zkbQ3slBdOA= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/bbolt v1.3.3/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= @@ -111,8 +130,10 @@ github.com/coreos/etcd v3.3.18+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= +github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20181012123002-c6f51f82210d/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= +github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/corpix/uarand v0.1.1/go.mod h1:SFKZvkcRoLqVRFZ4u25xPmp6m9ktANfbpXZ7SJ0/FNU= github.com/cpuguy83/go-md2man v1.0.10 h1:BSKMNlYxDvnunlTymqtgONjNnaRV1sTpcovwwjF22jk= @@ -140,9 +161,15 @@ github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8 github.com/dlclark/regexp2 v1.1.6/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc= github.com/dlclark/regexp2 v1.2.0 h1:8sAhBGEM0dRWogWqWyQeIJnxjWO6oIjl8FKqREDsGfk= github.com/dlclark/regexp2 v1.2.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc= +github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac h1:opbrjaN/L8gg6Xh5D04Tem+8xVcz6ajZlGCs49mQgyg= github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= +github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= +github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= +github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= +github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M= +github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4safvEdbitLhGGK48rN6g= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/fatih/color v1.6.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= @@ -150,12 +177,13 @@ github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5Kwzbycv github.com/fatih/color v1.8.0/go.mod h1:3l45GVGkyrnYNl9HoIjnp2NnNWvh6hLAqD8yTfGjnw8= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiDsoyrBGkyDY= +github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= +github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= -github.com/go-chi/chi v4.0.2+incompatible h1:maB6vn6FqCxrpz4FqWdh4+lwpyZIQS7YEAUcHlgXVRs= github.com/go-chi/chi v4.0.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= github.com/go-chi/chi v4.1.2+incompatible h1:fGFk2Gmi/YKXk0OmGfBh0WgmN3XB8lVnEyNz34tQRec= github.com/go-chi/chi v4.1.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= @@ -165,11 +193,14 @@ github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o= github.com/go-lintpack/lintpack v0.5.2/go.mod h1:NwZuYi2nUHho8XEIZ6SIxihrnPoqBTDqfpXvXAN0sXM= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= +github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= github.com/go-ole/go-ole v1.2.1/go.mod h1:7FAglXiTm7HKlQRDeOQ6ZNUHidzCWXuZWq/1dTyBNF8= github.com/go-piv/piv-go v1.5.0/go.mod h1:ON2WvQncm7dIkCQ7kYJs+nc3V4jHGfrrJnSF8HKy7Gk= +github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-sql-driver/mysql v1.5.0 h1:ozyZYNQW3x3HtqT1jira07DN2PArx2v7/mN66gGcHOs= github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= @@ -189,11 +220,14 @@ github.com/go-toolsmith/strparse v1.0.0/go.mod h1:YI2nUKP9YGZnL/L1/DLFBfixrcjslW github.com/go-toolsmith/typep v1.0.0/go.mod h1:JSQCQMUPdRlMZFswiq3TGpNp1GMktqkR2Ns5AIQkATU= github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= github.com/gofrs/flock v0.0.0-20190320160742-5135e617513b/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU= +github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= +github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191027212112-611e8accdfc9/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -218,8 +252,10 @@ github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrU github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= -github.com/golang/protobuf v1.4.2 h1:+Z5KGCizgyZCbGh1KZqA0fcLLkwbsjIzS4aV2v7wJX0= github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +github.com/golang/protobuf v1.4.3 h1:JjCZWpVbqXDqFVmTfYWEVTMIYrL/NPdPSCHPJ0T/raM= +github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.1 h1:Qgr9rKW7uDUkrbSmQeiDsGa8SjGyCOGtuasMWwvp2P4= github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golangci/check v0.0.0-20180506172741-cfe4005ccda2/go.mod h1:k9Qvh+8juN+UKMCS/3jFtGICgW8O96FVaZsaxdzDkR4= @@ -277,40 +313,67 @@ github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+ github.com/googleapis/gax-go/v2 v2.0.5 h1:sjZBwGj9Jlw33ImPtvFviGYvseOtDM7hkSKB7+Tv3SM= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= +github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= github.com/gorilla/csrf v1.6.0/go.mod h1:7tSf8kmjNYr7IWDCYhd3U8Ck34iQ/Yw5CJu7bAkHEGI= github.com/gorilla/handlers v1.4.1/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ= +github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4= +github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gostaticanalysis/analysisutil v0.0.0-20190318220348-4088753ea4d3/go.mod h1:eEOZF4jCKGi+aprrirO9e7WKB3beBRtWgqGunKl6pKE= github.com/gostaticanalysis/analysisutil v0.0.3/go.mod h1:eEOZF4jCKGi+aprrirO9e7WKB3beBRtWgqGunKl6pKE= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= +github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-middleware v1.1.0/go.mod h1:f5nM7jw/oeRSadq3xCzHAvxcr8HZnzsqU6ILg/0NiiE= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.5.0/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw= github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= +github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.12.1/go.mod h1:8XEsbTttt/W+VvjtQhLACqCisSPWTxCZ7sBRjU6iH9c= +github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE= +github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= +github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= +github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= +github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= +github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= +github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= +github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= +github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= +github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= +github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= +github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/hcl v0.0.0-20180404174102-ef8a98b0bbce/go.mod h1:oZtUIOe8dh44I2q6ScRibXws4Ajl+d+nod3AaR9vL5w= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= +github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= +github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= +github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I= +github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/huandu/xstrings v1.3.1 h1:4jgBlKK6tLKFvO8u5pmYjG91cqytmDCDvGh7ECVFfFs= github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= +github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/icrowley/fake v0.0.0-20180203215853-4178557ae428/go.mod h1:uhpZMVGznybq1itEKXj6RYw9I71qK4kH+OGMjRC4KEo= github.com/imdario/mergo v0.3.8 h1:CGgOkSJeqMRmt0D9XLWExdT4m4F1vd3FV3VPt+0VxkQ= github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= +github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo= github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0B/fFc00Y+Rasa88328GlI/XbtyysCtTHZS8h7IrBU= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.3.0 h1:OS12ieG61fsCg5+qLJ+SsW9NicxNkg3b25OyT2yCeUc= github.com/jmespath/go-jmespath v0.3.0/go.mod h1:9QtRXoHjLGCJ5IBSaohpXITPlowMeeYCZ7fLUTSywik= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= +github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= +github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= @@ -323,6 +386,7 @@ github.com/juju/ansiterm v0.0.0-20180109212912-720a0952cc2a h1:FaWFmfWdAUKbSCtOU github.com/juju/ansiterm v0.0.0-20180109212912-720a0952cc2a/go.mod h1:UJSiEoRfvx3hP73CvoARgeLjaIOjybY9vj8PUPPFGeU= github.com/juju/ratelimit v1.0.1/go.mod h1:qapgC/Gy+xNh9UxzV13HGGl/6UXNN+ct+vwSgWNm/qk= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= +github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= @@ -339,8 +403,9 @@ github.com/klauspost/cpuid v1.2.5/go.mod h1:bYW4mA6ZgKPob1/Dlai2LviZJO7KGI3uoWLd github.com/klauspost/cpuid/v2 v2.0.1 h1:lb04bBEJoAoV48eHs4Eq0UyhmJCkRSdIjQ3uS8WJRM4= github.com/klauspost/cpuid/v2 v2.0.1/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s= github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/konsorten/go-windows-terminal-sequences v1.0.3 h1:CE8S1cTafDpPvMhIxNJKvHsGVBgn1xWYf1NbHQhywc8= +github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= @@ -356,11 +421,14 @@ github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/libdns/libdns v0.1.0 h1:0ctCOrVJsVzj53mop1angHp/pE3hmAhP7KiHvR0HD04= github.com/libdns/libdns v0.1.0/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40= +github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= +github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= github.com/lucas-clemente/quic-go v0.19.3 h1:eCDQqvGBB+kCTkA0XrAFtNe81FMa0/fn4QSoeAbmiF4= github.com/lucas-clemente/quic-go v0.19.3/go.mod h1:ADXpNbTQjq1hIzCpB+y/k5iz4n4z4IwqoLb94Kh5Hu8= github.com/lunixbochs/vtclean v1.0.0 h1:xu2sLAri4lGiovBDQKxl5mrXyESr3gUr5m5SM5+LVb8= github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= +github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= github.com/magiconair/properties v1.7.6/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= @@ -384,6 +452,7 @@ github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hd github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= +github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-sqlite3 v1.10.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc= @@ -393,15 +462,21 @@ github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5 github.com/mholt/acmez v0.1.1 h1:KQODCqk+hBn3O7qfCRPj6L96uG65T5BSS95FKNEqtdA= github.com/mholt/acmez v0.1.1/go.mod h1:8qnn8QA/Ewx8E3ZSsmscqsIjhhpxuy9vqdgbX2ceceM= github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4= +github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/dns v1.1.30 h1:Qww6FseFn8PRfw07jueqIXqodm0JKiiKuK0DeXSqfyo= github.com/miekg/dns v1.1.30/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM= github.com/miekg/pkcs11 v1.0.2/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= +github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= github.com/mitchellh/copystructure v1.0.0 h1:Laisrj+bAB6b/yJwB5Bt3ITZhGJdqmxquMKeZ+mmkFQ= github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-ps v0.0.0-20170309133038-4fdf99ab2936/go.mod h1:r1VsdOzOPt1ZSrGZWFoNhsAedKnEd6r9Np1+5blZCWk= github.com/mitchellh/go-ps v0.0.0-20190716172923-621e5597135b/go.mod h1:r1VsdOzOPt1ZSrGZWFoNhsAedKnEd6r9Np1+5blZCWk= +github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= +github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= +github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= +github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v0.0.0-20180220230111-00c29f56e238/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/reflectwalk v1.0.0 h1:9D+8oIskB4VJBN5SFlmc27fSlIBZaov1Wpk/IfikLNY= @@ -415,10 +490,18 @@ github.com/mozilla/tls-observatory v0.0.0-20180409132520-8791a200eb40/go.mod h1: github.com/mozilla/tls-observatory v0.0.0-20190404164649-a3c1b6cfecfd/go.mod h1:SrKMQvPiws7F7iqYp8/TX+IhxCYhzr6N/1yb8cwHsGk= github.com/mreiferson/go-httpclient v0.0.0-20160630210159-31f0106b4474/go.mod h1:OQA4XLvDbMgS8P0CevmM4m9Q3Jq4phKUzcocxuGJ5m8= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= +github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/naoina/go-stringutil v0.1.0 h1:rCUeRUHjBjGTSHl0VC00jUPLz8/F9dDzYI70Hzifhks= github.com/naoina/go-stringutil v0.1.0/go.mod h1:XJ2SJL9jCtBh+P9q5btrd/Ylo8XwT/h1USek5+NqSA0= github.com/naoina/toml v0.1.1 h1:PT/lllxVVN0gzzSqSlHEmP8MJB4MY2U7STGxiouV4X8= github.com/naoina/toml v0.1.1/go.mod h1:NBIhNtsFMo3G2szEBne+bO4gS192HuIYRqfvOWb4i1E= +github.com/nats-io/jwt v0.3.0/go.mod h1:fRYCDE99xlTsqUzISS1Bi75UBJ6ljOJQOAAu5VglpSg= +github.com/nats-io/jwt v0.3.2/go.mod h1:/euKqTS1ZD+zzjYrY7pseZrTtWQSjujC7xjPc8wL6eU= +github.com/nats-io/nats-server/v2 v2.1.2/go.mod h1:Afk+wRZqkMQs/p45uXdrVLuab3gwv3Z8C4HTBu8GD/k= +github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzEE/Zbp4w= +github.com/nats-io/nkeys v0.1.0/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= +github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= +github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c= github.com/nbutton23/zxcvbn-go v0.0.0-20160627004424-a22cb81b2ecd/go.mod h1:o96djdrsSGy3AWPyBgZMAGfxZNfgntdJG+11KU4QvbU= github.com/nbutton23/zxcvbn-go v0.0.0-20171102151520-eafdab6b0663/go.mod h1:o96djdrsSGy3AWPyBgZMAGfxZNfgntdJG+11KU4QvbU= github.com/nbutton23/zxcvbn-go v0.0.0-20180912185939-ae427f1e4c1d/go.mod h1:o96djdrsSGy3AWPyBgZMAGfxZNfgntdJG+11KU4QvbU= @@ -429,11 +512,15 @@ github.com/ngdinhtoan/glide-cleanup v0.2.0/go.mod h1:UQzsmiDOb8YV3nOsCxK/c9zPpCZ github.com/nkovacs/streamquote v0.0.0-20170412213628-49af9bddb229/go.mod h1:0aYXnNPJ8l7uZxf45rWW1a/uME32OF0rhiYGNQ2oF2E= github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= +github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtbWGs= +github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= +github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= github.com/olekukonko/tablewriter v0.0.1/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= github.com/olekukonko/tablewriter v0.0.4/go.mod h1:zq6QwlOf5SlnkVbMSr5EoBv3636FWnp+qbPhuoO21uA= github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= @@ -441,34 +528,52 @@ github.com/onsi/ginkgo v1.14.0 h1:2mOpI4JVVPBN+WQRa0WKH2eXR+Ey+uK4n7Zj0aYpIQA= github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.4.2/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= +github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.8.1/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA= github.com/onsi/gomega v1.10.1 h1:o0+MgICZLuZ7xjH7Vx6zS/zcu93/BEp1VwkIW1mEXCE= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= +github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis= +github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74= +github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= +github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5/go.mod h1:/wsWhb9smxSfWAKL3wpBW7V8scJMt8N8gnaMCS9E/cA= github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8= +github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw= +github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= +github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= +github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM= +github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= github.com/pelletier/go-toml v1.1.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/pelletier/go-toml v1.6.0/go.mod h1:5N711Q9dKgbdkxHL+MEfF31hpT7l0S0s/t2kKREewys= +github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac= +github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= +github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/pquerna/otp v1.0.0/go.mod h1:Zad1CMQfSQZI5KLpahDiSUX4tMMREnXw98IvL1nhgMk= github.com/prometheus/client_golang v0.8.0/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= +github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs= github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= github.com/prometheus/client_golang v0.9.4/go.mod h1:oCXIBxdI62A4cR6aTRJCgetEjecSIYzOEaeAn4iYEpM= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og= -github.com/prometheus/client_golang v1.7.1 h1:NTGy1Ja9pByO+xAeH/qiWnLrKtr3hJPNjaVUwnjpdpA= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= +github.com/prometheus/client_golang v1.9.0 h1:Rrch9mh17XcxvEu9D9DEpb4isxjGBtcevQjKvxPRQIU= +github.com/prometheus/client_golang v1.9.0/go.mod h1:FqZLKOZnGdFAhOK4nqGHa7D66IdsO+O441Eve7ptJDU= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= +github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= @@ -476,20 +581,25 @@ github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2 github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= +github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA= -github.com/prometheus/common v0.10.0 h1:RyRA7RzGXQZiW+tGMr7sxa85G1z0yOpM1qq5c8lNawc= github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= +github.com/prometheus/common v0.15.0 h1:4fgOnadei3EZvgRwxJ7RMpG1k1pOZth5Pc13tyspaKM= +github.com/prometheus/common v0.15.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s= github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= -github.com/prometheus/procfs v0.1.3 h1:F0+tqvhOksq22sc6iCHF5WGlWjdwj92p0udFh1VFBS8= github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= +github.com/prometheus/procfs v0.2.0 h1:wH4vA7pcjKuZzjF7lM8awk4fnuJO6idemZXoKnULUx4= +github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/quasilyte/go-consistent v0.0.0-20190521200055-c6f3937de18c/go.mod h1:5STLWrekHfjyYwxBRVRXNOSewLJ3PWfDJd1VyTS21fI= +github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= @@ -502,9 +612,12 @@ github.com/russross/blackfriday v1.5.2 h1:HyvC0ARfnZBqnXwABFeSZHpKvJHJJfPz81GNue github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/ryanuber/go-glob v0.0.0-20170128012129-256dc444b735/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= github.com/samfoo/ansi v0.0.0-20160124022901-b6bd2ded7189 h1:CmSpbxmewNQbzqztaY0bke1qzHhyNyC29wYgh17Gxfo= github.com/samfoo/ansi v0.0.0-20160124022901-b6bd2ded7189/go.mod h1:UUwuHEJ9zkkPDxspIHOa59PUeSkGFljESGzbxntLmIg= +github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= +github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/securego/gosec v0.0.0-20191002120514-e680875ea14d/go.mod h1:w5+eXa0mYznDkHaMCXA4XYffjlH+cy1oyKbfzJXa2Do= github.com/securego/gosec v0.0.0-20200106085552-9cb83e10afad/go.mod h1:7fJLcv5NlMd4t9waQEDLgpZeE3nv4D5DMz5JuZZGufg= github.com/sergi/go-diff v1.0.0 h1:Kpca3qRNrduNnOQeazBd0ysaKrUJiIuISHxogkT9RPQ= @@ -540,8 +653,9 @@ github.com/sirupsen/logrus v1.0.5/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjM github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.3.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= -github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= +github.com/sirupsen/logrus v1.6.0 h1:UBcNElsrwanuuMsnGSlYmtmgbb23qDR5dG+6X6Oo89I= +github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/smallstep/assert v0.0.0-20180720014142-de77670473b5/go.mod h1:TC9A4+RjIOS+HyTH7wG17/gSqVv95uDw2J64dQZx7RE= github.com/smallstep/assert v0.0.0-20200103212524-b99dc1097b15/go.mod h1:MyOHs9Po2fbM1LHej6sBUT8ozbxmMOFG+E+rx/GSGuc= github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262 h1:unQFBIznI+VYD1/1fApl1A+9VcBk+9dcqGfnePY87LY= @@ -563,6 +677,7 @@ github.com/smallstep/zlint v0.0.0-20180727184541-d84eaafe274f/go.mod h1:GeHHT7sJ github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= +github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d/go.mod h1:UdhH50NIW0fCiwBSr0co2m7BnFLdv4fQTgdqdJTHFeE= github.com/sourcegraph/go-diff v0.5.1/go.mod h1:j2dHj3m8aZgQO8lMTcTnBcXkRRRqi34cd2MNlA9u1mE= github.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e/go.mod h1:HuIsMU8RRBOtsCgI77wP899iHVBQpCmg4ErYMZB+2IA= @@ -577,6 +692,7 @@ github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkU github.com/spf13/cast v1.3.1 h1:nFm6S0SMdyzrzcmThSipiEubIDy8WEXKNZ0UOgiRpng= github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cobra v0.0.2/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= +github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= github.com/spf13/jwalterweatherman v0.0.0-20180109140146-7c0cea34c8ec/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= @@ -587,6 +703,9 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An github.com/spf13/viper v1.0.2/go.mod h1:A8kyI5cUJhb8N+3pkfONlcEcZbueH6nhAm0Fq7SrnBM= github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= github.com/spf13/viper v1.6.1/go.mod h1:t3iDnF5Jlj76alVNuyFBk5oUMCvsrkbvZK0WQdfDi5k= +github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= +github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= +github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= @@ -599,6 +718,7 @@ github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69 github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cbyO7IOYJZWg1U88JhDg3PB6klq9Hg2pA= github.com/timakin/bodyclose v0.0.0-20190721030226-87058b9bfcec/go.mod h1:Qimiffbc6q9tBWlVV6x0P9sat/ao1xEkREYPPj9hphk= github.com/timakin/bodyclose v0.0.0-20190930140734-f7f2e9bca95e/go.mod h1:Qimiffbc6q9tBWlVV6x0P9sat/ao1xEkREYPPj9hphk= +github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce/go.mod h1:o8v6yHRoik09Xen7gje4m9ERNah1d1PPsVq1VEx9vE4= github.com/tommy-muehle/go-mnd v1.1.1/go.mod h1:dSUh0FtTP8VhvkL1S+gUR1OKd9ZnSaozuI6r3m6wOig= @@ -608,6 +728,7 @@ github.com/ultraware/funlen v0.0.1/go.mod h1:Dp4UiAus7Wdb9KUZsYWZEWiRzGuM2kXM1lP github.com/ultraware/funlen v0.0.2/go.mod h1:Dp4UiAus7Wdb9KUZsYWZEWiRzGuM2kXM1lPbfaF6xhA= github.com/ultraware/whitespace v0.0.4/go.mod h1:aVMh/gQve5Maj9hQ/hg+F75lr/X5A89uZnzAmWSineA= github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= +github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli v1.22.2 h1:gsqYFH8bb9ekPA12kRo0hfjngWQjkJPlN9R0N78BoUo= github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/uudashr/gocognit v1.0.1/go.mod h1:j44Ayx2KW4+oB6SWMv8KsmHzZrOInQav7D3cQMJ5JUM= @@ -633,11 +754,15 @@ github.com/zmap/zcertificate v0.0.0-20180516150559-0e3d58b1bac4/go.mod h1:5iU54t github.com/zmap/zcertificate v0.0.0-20190521191901-30e388164f71/go.mod h1:gIZi1KPgkZNUQzPZXsZrNnUnxy05nTc0+tmlqvIkhRw= github.com/zmap/zcrypto v0.0.0-20190329181646-dff83107394d/go.mod h1:ix3q2kpLy0ibAuFXlr7qOhPKwFRRSjuynGuTR8EUPCk= github.com/zmap/zlint v0.0.0-20190516161541-9047d02cf65a/go.mod h1:xwLbce0UzBXp44sIAL1cii+hoK8j4AxRKlymZA2AIcY= -go.etcd.io/bbolt v1.3.2 h1:Z/90sZLPOeCy2PwprqkFa25PdkusRzaj9P8zm/KNyvk= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= +go.etcd.io/bbolt v1.3.3 h1:MUGmc65QhB3pIlaQ5bB4LwqSj6GIonVJXpZiaKNyaKk= +go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= +go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg= go.etcd.io/etcd v3.3.13+incompatible/go.mod h1:yaeTdrJi5lOmYerz05bd8+V7KubZs8YSFZfzsF9A6aI= go.etcd.io/etcd v3.3.18+incompatible/go.mod h1:yaeTdrJi5lOmYerz05bd8+V7KubZs8YSFZfzsF9A6aI= go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= +go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= +go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2 h1:75k/FF0Q2YM8QYo07VPddOLBslDt1MZOdEslOHvmzAs= @@ -663,19 +788,20 @@ go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9E go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= -go.uber.org/zap v1.15.0 h1:ZZCA22JRF2gQE5FoNmhmrf7jeJJ2uhqDUNRYKm8dvmM= go.uber.org/zap v1.15.0/go.mod h1:Mb2vm2krFEG5DV0W9qcHBYFtp/Wku1cvYaqPsS/WYfc= go.uber.org/zap v1.16.0 h1:uFRZXykJGK9lLY4HtgSw44DnIcAM+kRBP7x5m+NpAOM= go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ= go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE= golang.org/x/build v0.0.0-20190111050920-041ab4dc3f9d/go.mod h1:OWs+y06UdEOHN4y+MfF/py+xQ/tYqIWW03b70/CG9Rw= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191227163750-53104e6ec876/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -712,11 +838,14 @@ golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73r golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180911220305-26e67e76b6c3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181029044818-c44066c5c816/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181106065722-10aee1819953/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190301231341-16b79f2e4e95/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= @@ -728,13 +857,14 @@ golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191002035440-2ec189313ef0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200707034311-ab3426394381 h1:VXak5I6aEWmAXeQjA+QSZzlgNrpq9mjcfDemuexIKsU= +golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b h1:uwuIcX0g4Yl1NC5XAz37xsr2lTtcqevgzYNVt49waME= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= @@ -756,12 +886,15 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e h1:vcxGaoTs7kV8m5Np9uUNQin4 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20171026204733-164713f0dfce/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180202135801-37707fdb30a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181029174526-d69651ed3497/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181128092732-4ed8d59d0b35/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -775,6 +908,8 @@ golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190626221950-04f50cda93cb/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -791,15 +926,15 @@ golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200413165638-669c56c373c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1 h1:ogLJMz+qpzav7lGMh10LMvAkM/fAoGlaiiHYiFYdm80= golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f h1:+Nyd8tzPX9R7BWHguqsrbFdRx3WQ/1ib8I44HXV5yTA= +golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201214210602-f9fddec55a1e h1:AyodaIpKjppX+cBfTASF2E1US3H2JFBj920Ot3rtDjs= +golang.org/x/sys v0.0.0-20201214210602-f9fddec55a1e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.0.0-20170915090833-1cbadb444a80/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -857,6 +992,7 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T google.golang.org/api v0.0.0-20180910000450-7ca32eb868bf/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= google.golang.org/api v0.0.0-20181030000543-1d582fd0359e/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= google.golang.org/api v0.1.0/go.mod h1:UGEZY7KEX120AnNLIHFMKIo4obdJhkp2tPbaPlQx13Y= +google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.5.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.6.0/go.mod h1:btoxGiFvQNVUZQ8W08zLtrVS08CNpINPEfxXxgJL1Q4= @@ -882,6 +1018,7 @@ google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRn google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190530194941-fb225487d101/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= google.golang.org/genproto v0.0.0-20190605220351-eb0b1bdb6ae6/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= @@ -897,10 +1034,13 @@ google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmE google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= +google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= +google.golang.org/grpc v1.22.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= +google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.24.0/go.mod h1:XDChyiUovWa60DnaeDeZmSW86xtLtjtZbwvSiRnRtcA= google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= @@ -922,9 +1062,11 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= gopkg.in/cheggaaa/pb.v1 v1.0.28/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= +gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o= gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= @@ -937,6 +1079,7 @@ gopkg.in/square/go-jose.v2 v2.5.1 h1:7odma5RETjNHWJnR32wx8t+Io4djHE1PqxCFx3iiZ2w gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= +gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= @@ -965,6 +1108,7 @@ rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= +sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU= sourcegraph.com/sourcegraph/go-diff v0.5.0/go.mod h1:kuch7UrkMzY0X+p9CRK03kfuPQ2zzQcaEFbx8wA8rck= sourcegraph.com/sqs/pbtypes v0.0.0-20180604144634-d3ebe8f20ae4/go.mod h1:ketZ/q3QxT9HOBeFhu6RdvsftgpsbFHBF5Cas6cDKZ0= sourcegraph.com/sqs/pbtypes v1.0.0/go.mod h1:3AciMUv4qUuRHRHhOG4TZOB+72GdPVz5k+c648qsFS4= diff --git a/modules/metrics/adminmetrics.go b/modules/metrics/adminmetrics.go index f6a55e8c..1cf398e4 100644 --- a/modules/metrics/adminmetrics.go +++ b/modules/metrics/adminmetrics.go @@ -41,7 +41,7 @@ func (AdminMetrics) CaddyModule() caddy.ModuleInfo { // Routes returns a route for the /metrics endpoint. func (m *AdminMetrics) Routes() []caddy.AdminRoute { - metricsHandler := createMetricsHandler(nil) + metricsHandler := createMetricsHandler(nil, false) h := caddy.AdminHandlerFunc(func(w http.ResponseWriter, r *http.Request) error { metricsHandler.ServeHTTP(w, r) return nil diff --git a/modules/metrics/metrics.go b/modules/metrics/metrics.go index eff364e2..e6d4345a 100644 --- a/modules/metrics/metrics.go +++ b/modules/metrics/metrics.go @@ -38,6 +38,10 @@ func init() { // unlike AdminMetrics. type Metrics struct { metricsHandler http.Handler + + // Disable OpenMetrics negotiation, enabled by default. May be necessary if + // the produced metrics cannot be parsed by the service scraping metrics. + DisableOpenMetrics bool `json:"disable_openmetrics,omitempty"` } // CaddyModule returns the Caddy module information. @@ -59,7 +63,7 @@ func (l *zapLogger) Println(v ...interface{}) { // Provision sets up m. func (m *Metrics) Provision(ctx caddy.Context) error { log := ctx.Logger(m) - m.metricsHandler = createMetricsHandler(&zapLogger{log}) + m.metricsHandler = createMetricsHandler(&zapLogger{log}, !m.DisableOpenMetrics) return nil } @@ -71,7 +75,9 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) // UnmarshalCaddyfile sets up the handler from Caddyfile tokens. Syntax: // -// metrics +// metrics [] { +// disable_openmetrics +// } // func (m *Metrics) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { for d.Next() { @@ -79,6 +85,15 @@ func (m *Metrics) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { if len(args) > 0 { return d.ArgErr() } + + for d.NextBlock(0) { + switch d.Val() { + case "disable_openmetrics": + m.DisableOpenMetrics = true + default: + return d.Errf("unrecognized subdirective %q", d.Val()) + } + } } return nil } @@ -95,7 +110,7 @@ var ( _ caddyfile.Unmarshaler = (*Metrics)(nil) ) -func createMetricsHandler(logger promhttp.Logger) http.Handler { +func createMetricsHandler(logger promhttp.Logger, enableOpenMetrics bool) http.Handler { return promhttp.InstrumentMetricHandler(prometheus.DefaultRegisterer, promhttp.HandlerFor(prometheus.DefaultGatherer, promhttp.HandlerOpts{ // will only log errors if logger is non-nil @@ -103,7 +118,7 @@ func createMetricsHandler(logger promhttp.Logger) http.Handler { // Allow OpenMetrics format to be negotiated - largely compatible, // except quantile/le label values always have a decimal. - EnableOpenMetrics: true, + EnableOpenMetrics: enableOpenMetrics, }), ) } diff --git a/modules/metrics/metrics_test.go b/modules/metrics/metrics_test.go new file mode 100644 index 00000000..d5bdf501 --- /dev/null +++ b/modules/metrics/metrics_test.go @@ -0,0 +1,45 @@ +package metrics + +import ( + "testing" + + "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" +) + +func TestMetricsUnmarshalCaddyfile(t *testing.T) { + m := &Metrics{} + d := caddyfile.NewTestDispenser(`metrics bogus`) + err := m.UnmarshalCaddyfile(d) + if err == nil { + t.Errorf("expected error") + } + + m = &Metrics{} + d = caddyfile.NewTestDispenser(`metrics`) + err = m.UnmarshalCaddyfile(d) + if err != nil { + t.Errorf("unexpected error: %v", err) + } + + if m.DisableOpenMetrics != false { + t.Errorf("DisableOpenMetrics should've been false: %v", m.DisableOpenMetrics) + } + + m = &Metrics{} + d = caddyfile.NewTestDispenser(`metrics { disable_openmetrics }`) + err = m.UnmarshalCaddyfile(d) + if err != nil { + t.Errorf("unexpected error: %v", err) + } + + if m.DisableOpenMetrics != true { + t.Errorf("DisableOpenMetrics should've been true: %v", m.DisableOpenMetrics) + } + + m = &Metrics{} + d = caddyfile.NewTestDispenser(`metrics { bogus }`) + err = m.UnmarshalCaddyfile(d) + if err == nil { + t.Errorf("expected error: %v", err) + } +} From 1b453dd4fbea2f3a54362fb4c2115bab85cad1b7 Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Thu, 31 Dec 2020 00:02:54 +0300 Subject: [PATCH 0277/1498] ci: force fetch the upstream tags (#3947) --- .github/workflows/release.yml | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c09f2379..9273ffb7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -22,10 +22,19 @@ jobs: - name: Checkout code uses: actions/checkout@v2 + with: + fetch-depth: 0 - # So GoReleaser can generate the changelog properly - - name: Unshallowify the repo clone - run: git fetch --prune --unshallow + # Force fetch upstream tags -- because 65 minutes + # tl;dr: actions/checkout@v2 runs this line: + # git -c protocol.version=2 fetch --no-tags --prune --progress --no-recurse-submodules --depth=1 origin +ebc278ec98bb24f2852b61fde2a9bf2e3d83818b:refs/tags/ + # which makes its own local lightweight tag, losing all the annotations in the process. Our earlier script ran: + # git fetch --prune --unshallow + # which doesn't overwrite that tag because that would be destructive. + # Credit to @francislavoie for the investigation. + # https://github.com/actions/checkout/issues/290#issuecomment-680260080 + - name: Force fetch upstream tags + run: git fetch --tags --force # https://github.community/t5/GitHub-Actions/How-to-get-just-the-tag-name/m-p/32167/highlight/true#M1027 - name: Print Go version and environment From c8557dc00bd93ce8ecf0bb724856a320e129c71b Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Mon, 4 Jan 2021 11:11:36 -0700 Subject: [PATCH 0278/1498] caddyfile: Introduce basic linting and fmt check (#3923) * caddyfile: Introduce basic linting and fmt check This will help encourage people to keep their Caddyfiles tidy. * Remove unrelated tests I am not sure that testing the output of warnings here is quite the right idea; these tests are just for syntax and parsing success. --- caddyconfig/caddyfile/adapter.go | 15 ++++++++--- caddyconfig/configadapters.go | 6 ----- caddyconfig/httpcaddyfile/builtins_test.go | 11 +------- caddyconfig/httpcaddyfile/httptype_test.go | 30 ++------------------- caddytest/caddytest.go | 9 ++++++- cmd/commandfuncs.go | 15 +++++++---- modules/caddyhttp/reverseproxy/caddyfile.go | 8 ++++++ 7 files changed, 40 insertions(+), 54 deletions(-) diff --git a/caddyconfig/caddyfile/adapter.go b/caddyconfig/caddyfile/adapter.go index 5b4495eb..8d624f1d 100644 --- a/caddyconfig/caddyfile/adapter.go +++ b/caddyconfig/caddyfile/adapter.go @@ -15,6 +15,7 @@ package caddyfile import ( + "bytes" "encoding/json" "fmt" @@ -51,11 +52,17 @@ func (a Adapter) Adapt(body []byte, options map[string]interface{}) ([]byte, []c return nil, warnings, err } - marshalFunc := json.Marshal - if options["pretty"] == "true" { - marshalFunc = caddyconfig.JSONIndent + // lint check: see if input was properly formatted; sometimes messy files files parse + // successfully but result in logical errors because the Caddyfile is a bad format + // TODO: also perform this check on imported files + if !bytes.Equal(Format(body), body) { + warnings = append(warnings, caddyconfig.Warning{ + File: filename, + Message: "file is not formatted with 'caddy fmt'", + }) } - result, err := marshalFunc(cfg) + + result, err := json.Marshal(cfg) return result, warnings, err } diff --git a/caddyconfig/configadapters.go b/caddyconfig/configadapters.go index 1918fa75..1665fa03 100644 --- a/caddyconfig/configadapters.go +++ b/caddyconfig/configadapters.go @@ -93,12 +93,6 @@ func JSONModuleObject(val interface{}, fieldName, fieldVal string, warnings *[]W return result } -// JSONIndent is used to JSON-marshal the final resulting Caddy -// configuration in a consistent, human-readable way. -func JSONIndent(val interface{}) ([]byte, error) { - return json.MarshalIndent(val, "", "\t") -} - // RegisterAdapter registers a config adapter with the given name. // This should usually be done at init-time. It panics if the // adapter cannot be registered successfully. diff --git a/caddyconfig/httpcaddyfile/builtins_test.go b/caddyconfig/httpcaddyfile/builtins_test.go index a255538c..c06dd230 100644 --- a/caddyconfig/httpcaddyfile/builtins_test.go +++ b/caddyconfig/httpcaddyfile/builtins_test.go @@ -10,7 +10,6 @@ import ( func TestLogDirectiveSyntax(t *testing.T) { for i, tc := range []struct { input string - expectWarn bool expectError bool }{ { @@ -18,7 +17,6 @@ func TestLogDirectiveSyntax(t *testing.T) { log } `, - expectWarn: false, expectError: false, }, { @@ -28,7 +26,6 @@ func TestLogDirectiveSyntax(t *testing.T) { } } `, - expectWarn: false, expectError: false, }, { @@ -38,7 +35,6 @@ func TestLogDirectiveSyntax(t *testing.T) { } } `, - expectWarn: false, expectError: true, }, } { @@ -47,12 +43,7 @@ func TestLogDirectiveSyntax(t *testing.T) { ServerType: ServerType{}, } - _, warnings, err := adapter.Adapt([]byte(tc.input), nil) - - if len(warnings) > 0 != tc.expectWarn { - t.Errorf("Test %d warning expectation failed Expected: %v, got %v", i, tc.expectWarn, warnings) - continue - } + _, _, err := adapter.Adapt([]byte(tc.input), nil) if err != nil != tc.expectError { t.Errorf("Test %d error expectation failed Expected: %v, got %s", i, tc.expectError, err) diff --git a/caddyconfig/httpcaddyfile/httptype_test.go b/caddyconfig/httpcaddyfile/httptype_test.go index 233e3749..69f55501 100644 --- a/caddyconfig/httpcaddyfile/httptype_test.go +++ b/caddyconfig/httpcaddyfile/httptype_test.go @@ -9,7 +9,6 @@ import ( func TestMatcherSyntax(t *testing.T) { for i, tc := range []struct { input string - expectWarn bool expectError bool }{ { @@ -18,7 +17,6 @@ func TestMatcherSyntax(t *testing.T) { query showdebug=1 } `, - expectWarn: false, expectError: false, }, { @@ -27,7 +25,6 @@ func TestMatcherSyntax(t *testing.T) { query bad format } `, - expectWarn: false, expectError: true, }, { @@ -38,7 +35,6 @@ func TestMatcherSyntax(t *testing.T) { } } `, - expectWarn: false, expectError: false, }, { @@ -47,14 +43,12 @@ func TestMatcherSyntax(t *testing.T) { not path /somepath* } `, - expectWarn: false, expectError: false, }, { input: `http://localhost @debug not path /somepath* `, - expectWarn: false, expectError: false, }, { @@ -63,7 +57,6 @@ func TestMatcherSyntax(t *testing.T) { } http://localhost `, - expectWarn: false, expectError: true, }, } { @@ -72,12 +65,7 @@ func TestMatcherSyntax(t *testing.T) { ServerType: ServerType{}, } - _, warnings, err := adapter.Adapt([]byte(tc.input), nil) - - if len(warnings) > 0 != tc.expectWarn { - t.Errorf("Test %d warning expectation failed Expected: %v, got %v", i, tc.expectWarn, warnings) - continue - } + _, _, err := adapter.Adapt([]byte(tc.input), nil) if err != nil != tc.expectError { t.Errorf("Test %d error expectation failed Expected: %v, got %s", i, tc.expectError, err) @@ -119,7 +107,6 @@ func TestSpecificity(t *testing.T) { func TestGlobalOptions(t *testing.T) { for i, tc := range []struct { input string - expectWarn bool expectError bool }{ { @@ -129,7 +116,6 @@ func TestGlobalOptions(t *testing.T) { } :80 `, - expectWarn: false, expectError: false, }, { @@ -139,7 +125,6 @@ func TestGlobalOptions(t *testing.T) { } :80 `, - expectWarn: false, expectError: false, }, { @@ -149,7 +134,6 @@ func TestGlobalOptions(t *testing.T) { } :80 `, - expectWarn: false, expectError: false, }, { @@ -161,7 +145,6 @@ func TestGlobalOptions(t *testing.T) { } :80 `, - expectWarn: false, expectError: true, }, { @@ -174,7 +157,6 @@ func TestGlobalOptions(t *testing.T) { } :80 `, - expectWarn: false, expectError: false, }, { @@ -187,7 +169,6 @@ func TestGlobalOptions(t *testing.T) { } :80 `, - expectWarn: false, expectError: false, }, { @@ -200,7 +181,6 @@ func TestGlobalOptions(t *testing.T) { } :80 `, - expectWarn: false, expectError: true, }, { @@ -213,7 +193,6 @@ func TestGlobalOptions(t *testing.T) { } :80 `, - expectWarn: false, expectError: true, }, } { @@ -222,12 +201,7 @@ func TestGlobalOptions(t *testing.T) { ServerType: ServerType{}, } - _, warnings, err := adapter.Adapt([]byte(tc.input), nil) - - if len(warnings) > 0 != tc.expectWarn { - t.Errorf("Test %d warning expectation failed Expected: %v, got %v", i, tc.expectWarn, warnings) - continue - } + _, _, err := adapter.Adapt([]byte(tc.input), nil) if err != nil != tc.expectError { t.Errorf("Test %d error expectation failed Expected: %v, got %s", i, tc.expectError, err) diff --git a/caddytest/caddytest.go b/caddytest/caddytest.go index 5387da78..4076bd5a 100644 --- a/caddytest/caddytest.go +++ b/caddytest/caddytest.go @@ -336,7 +336,6 @@ func CompareAdapt(t *testing.T, rawConfig string, adapterName string, expectedRe } options := make(map[string]interface{}) - options["pretty"] = "true" result, warnings, err := cfgAdapter.Adapt([]byte(rawConfig), options) if err != nil { @@ -344,6 +343,14 @@ func CompareAdapt(t *testing.T, rawConfig string, adapterName string, expectedRe return false } + // prettify results to keep tests human-manageable + var prettyBuf bytes.Buffer + err = json.Indent(&prettyBuf, result, "", "\t") + if err != nil { + return false + } + result = prettyBuf.Bytes() + if len(warnings) > 0 { for _, w := range warnings { t.Logf("warning: directive: %s : %s", w.Directive, w.Message) diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go index 28fa26ed..20c662b0 100644 --- a/cmd/commandfuncs.go +++ b/cmd/commandfuncs.go @@ -463,17 +463,22 @@ func cmdAdaptConfig(fl Flags) (int, error) { fmt.Errorf("reading input file: %v", err) } - opts := make(map[string]interface{}) - if adaptCmdPrettyFlag { - opts["pretty"] = "true" - } - opts["filename"] = adaptCmdInputFlag + opts := map[string]interface{}{"filename": adaptCmdInputFlag} adaptedConfig, warnings, err := cfgAdapter.Adapt(input, opts) if err != nil { return caddy.ExitCodeFailedStartup, err } + if adaptCmdPrettyFlag { + var prettyBuf bytes.Buffer + err = json.Indent(&prettyBuf, adaptedConfig, "", "\t") + if err != nil { + return caddy.ExitCodeFailedStartup, err + } + adaptedConfig = prettyBuf.Bytes() + } + // print warnings to stderr for _, warn := range warnings { msg := warn.Message diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index f4556ea2..4a692874 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -15,6 +15,7 @@ package reverseproxy import ( + "log" "net" "net/http" "net/url" @@ -497,6 +498,13 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { case 1: err = headers.CaddyfileHeaderOp(h.Headers.Request, args[0], "", "") case 2: + // some lint checks, I guess + if strings.EqualFold(args[0], "host") && (args[1] == "{hostport}" || args[1] == "{http.request.hostport}") { + log.Printf("[WARNING] Unnecessary header_up ('Host' field): the reverse proxy's default behavior is to pass headers to the upstream") + } + if strings.EqualFold(args[0], "x-forwarded-proto") && (args[1] == "{scheme}" || args[1] == "{http.request.scheme}") { + log.Printf("[WARNING] Unnecessary header_up ('X-Forwarded-Proto' field): the reverse proxy's default behavior is to pass headers to the upstream") + } err = headers.CaddyfileHeaderOp(h.Headers.Request, args[0], args[1], "") case 3: err = headers.CaddyfileHeaderOp(h.Headers.Request, args[0], args[1], args[2]) From 144b65cf993f7078cccee9e1e119d18537922b81 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Mon, 4 Jan 2021 11:11:56 -0700 Subject: [PATCH 0279/1498] cmd: Organize list-modules output; --packages flag (#3925) --- cmd/commandfuncs.go | 73 +++++++++++++++++++++++++++++++++++++-------- cmd/commands.go | 3 +- 2 files changed, 63 insertions(+), 13 deletions(-) diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go index 20c662b0..25cbe587 100644 --- a/cmd/commandfuncs.go +++ b/cmd/commandfuncs.go @@ -360,12 +360,37 @@ func cmdBuildInfo(fl Flags) (int, error) { } func cmdListModules(fl Flags) (int, error) { + packages := fl.Bool("packages") versions := fl.Bool("versions") + type moduleInfo struct { + caddyModuleID string + goModule *debug.Module + err error + } + printModuleInfo := func(mi moduleInfo) { + fmt.Print(mi.caddyModuleID) + if versions && mi.goModule != nil { + fmt.Print(" " + mi.goModule.Version) + } + if packages && mi.goModule != nil { + fmt.Print(" " + mi.goModule.Path) + if mi.goModule.Replace != nil { + fmt.Print(" => " + mi.goModule.Replace.Path) + } + } + if mi.err != nil { + fmt.Printf(" [%v]", mi.err) + } + fmt.Println() + } + + // organize modules by whether they come with the standard distribution + var standard, nonstandard, unknown []moduleInfo + bi, ok := debug.ReadBuildInfo() - if !ok || !versions { - // if there's no build information, - // just print out the modules + if !ok { + // oh well, just print the module IDs and exit for _, m := range caddy.Modules() { fmt.Println(m) } @@ -375,8 +400,8 @@ func cmdListModules(fl Flags) (int, error) { for _, modID := range caddy.Modules() { modInfo, err := caddy.GetModule(modID) if err != nil { - // that's weird - fmt.Println(modID) + // that's weird, shouldn't happen + unknown = append(unknown, moduleInfo{caddyModuleID: modID, err: err}) continue } @@ -404,16 +429,40 @@ func cmdListModules(fl Flags) (int, error) { } } - // if we could find no matching module, just print out - // the module ID instead - if matched == nil { - fmt.Println(modID) - continue - } + caddyModGoMod := moduleInfo{caddyModuleID: modID, goModule: matched} - fmt.Printf("%s %s\n", modID, matched.Version) + if strings.HasPrefix(modPkgPath, caddy.ImportPath) { + standard = append(standard, caddyModGoMod) + } else { + nonstandard = append(nonstandard, caddyModGoMod) + } } + if len(standard) > 0 { + for _, mod := range standard { + printModuleInfo(mod) + } + } + fmt.Printf("\n Standard modules: %d\n", len(standard)) + if len(nonstandard) > 0 { + if len(standard) > 0 { + fmt.Println() + } + for _, mod := range nonstandard { + printModuleInfo(mod) + } + } + fmt.Printf("\n Non-standard modules: %d\n", len(nonstandard)) + if len(unknown) > 0 { + if len(standard) > 0 || len(nonstandard) > 0 { + fmt.Println() + } + for _, mod := range unknown { + printModuleInfo(mod) + } + } + fmt.Printf("\n Unknown modules: %d\n", len(unknown)) + return caddy.ExitCodeSuccess, nil } diff --git a/cmd/commands.go b/cmd/commands.go index ea8402d9..e4a2b918 100644 --- a/cmd/commands.go +++ b/cmd/commands.go @@ -191,10 +191,11 @@ config file; otherwise the default is assumed.`, RegisterCommand(Command{ Name: "list-modules", Func: cmdListModules, - Usage: "[--versions]", + Usage: "[--packages] [--versions]", Short: "Lists the installed Caddy modules", Flags: func() *flag.FlagSet { fs := flag.NewFlagSet("list-modules", flag.ExitOnError) + fs.Bool("packages", false, "Print package paths") fs.Bool("versions", false, "Print version information") return fs }(), From 7846bc1e06b2de97906cd562d16db4b2aafbd74b Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 4 Jan 2021 11:25:29 -0700 Subject: [PATCH 0280/1498] httpcaddyfile: Adjust iterator when removing AP (fix #3953) --- caddyconfig/httpcaddyfile/tlsapp.go | 3 +- ...cies.txt => tls_automation_policies_1.txt} | 0 .../tls_automation_policies_2.txt | 96 +++++++++++++++++++ 3 files changed, 98 insertions(+), 1 deletion(-) rename caddytest/integration/caddyfile_adapt/{tls_automation_policies.txt => tls_automation_policies_1.txt} (100%) create mode 100644 caddytest/integration/caddyfile_adapt/tls_automation_policies_2.txt diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index 6a6e3ca1..1fabc455 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -453,7 +453,7 @@ func newBaseAutomationPolicy(options map[string]interface{}, warnings []caddycon // ZeroSSL), the proper wrapper over acmeIssuer will be returned instead. func disambiguateACMEIssuer(acmeIssuer *caddytls.ACMEIssuer) certmagic.Issuer { // as a special case, we integrate with ZeroSSL's ACME endpoint if it looks like an - // implicit ZeroSSL configuration (this requires a wrapper type over ACMEIssuer + // implicit ZeroSSL configuration (this requires a wrapper type over ACMEIssuer // because of the EAB generation; if EAB is provided, we can use plain ACMEIssuer) if strings.Contains(acmeIssuer.CA, "acme.zerossl.com") && acmeIssuer.ExternalAccount == nil { return &caddytls.ZeroSSLIssuer{ACMEIssuer: acmeIssuer} @@ -518,6 +518,7 @@ func consolidateAutomationPolicies(aps []*caddytls.AutomationPolicy) []*caddytls // '*.com', which might be different (yes we've seen this happen) if automationPolicyShadows(i, aps) >= j { aps = append(aps[:i], aps[i+1:]...) + i-- } } else { // avoid repeated subjects diff --git a/caddytest/integration/caddyfile_adapt/tls_automation_policies.txt b/caddytest/integration/caddyfile_adapt/tls_automation_policies_1.txt similarity index 100% rename from caddytest/integration/caddyfile_adapt/tls_automation_policies.txt rename to caddytest/integration/caddyfile_adapt/tls_automation_policies_1.txt diff --git a/caddytest/integration/caddyfile_adapt/tls_automation_policies_2.txt b/caddytest/integration/caddyfile_adapt/tls_automation_policies_2.txt new file mode 100644 index 00000000..db8e38bd --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/tls_automation_policies_2.txt @@ -0,0 +1,96 @@ +# issue #3953 + +{ + cert_issuer zerossl api_key +} + +example.com { + tls { + on_demand + } +} + +http://example.net { +} + +:1234 { +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":1234" + ] + }, + "srv1": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "example.com" + ] + } + ], + "terminal": true + } + ] + }, + "srv2": { + "listen": [ + ":80" + ], + "routes": [ + { + "match": [ + { + "host": [ + "example.net" + ] + } + ], + "terminal": true + } + ], + "automatic_https": { + "skip": [ + "example.net" + ] + } + } + } + }, + "tls": { + "automation": { + "policies": [ + { + "subjects": [ + "example.com" + ], + "issuers": [ + { + "api_key": "api_key", + "module": "zerossl" + } + ], + "on_demand": true + }, + { + "issuers": [ + { + "api_key": "api_key", + "module": "zerossl" + } + ] + } + ] + } + } + } +} \ No newline at end of file From 3c9256a1bea79a542500c8d07a9fd06fa806a79e Mon Sep 17 00:00:00 2001 From: yaxin Date: Tue, 5 Jan 2021 02:26:18 +0800 Subject: [PATCH 0281/1498] reverseproxy: Caddyfile health check headers, host header support (#3948) * reverse_proxy: 1.health check headers can be set through Caddyfile using health_headers directive; 2.health check header host can be set properly * reverse_proxy: replace example with syntax definition inline health_headers directive parse function * bugfix: change caddyfile_adapt testcase file from space to tab * reverseproxy: modify health_header value document as optional and add more test cases --- .../reverse_proxy_health_headers.txt | 57 +++++++++++++++++++ modules/caddyhttp/reverseproxy/caddyfile.go | 23 ++++++++ .../caddyhttp/reverseproxy/healthchecks.go | 7 ++- 3 files changed, 86 insertions(+), 1 deletion(-) create mode 100644 caddytest/integration/caddyfile_adapt/reverse_proxy_health_headers.txt diff --git a/caddytest/integration/caddyfile_adapt/reverse_proxy_health_headers.txt b/caddytest/integration/caddyfile_adapt/reverse_proxy_health_headers.txt new file mode 100644 index 00000000..a3d842ab --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/reverse_proxy_health_headers.txt @@ -0,0 +1,57 @@ +:8884 + +reverse_proxy 127.0.0.1:65535 { + health_headers { + Host example.com + X-Header-Key 95ca39e3cbe7 + X-Header-Keys VbG4NZwWnipo 335Q9/MhqcNU3s2TO + X-Empty-Value + } +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":8884" + ], + "routes": [ + { + "handle": [ + { + "handler": "reverse_proxy", + "health_checks": { + "active": { + "headers": { + "Host": [ + "example.com" + ], + "X-Empty-Value": [ + "" + ], + "X-Header-Key": [ + "95ca39e3cbe7" + ], + "X-Header-Keys": [ + "VbG4NZwWnipo", + "335Q9/MhqcNU3s2TO" + ] + } + } + }, + "upstreams": [ + { + "dial": "127.0.0.1:65535" + } + ] + } + ] + } + ] + } + } + } + } +} diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index 4a692874..57f425a4 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -63,6 +63,9 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) // health_timeout // health_status // health_body +// health_headers { +// [] +// } // // # passive health checking // max_fails @@ -313,6 +316,26 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { } h.HealthChecks.Active.Port = portNum + case "health_headers": + healthHeaders := make(http.Header) + for d.Next() { + for d.NextBlock(0) { + key := d.Val() + values := d.RemainingArgs() + if len(values) == 0 { + values = append(values, "") + } + healthHeaders[key] = values + } + } + if h.HealthChecks == nil { + h.HealthChecks = new(HealthChecks) + } + if h.HealthChecks.Active == nil { + h.HealthChecks.Active = new(ActiveHealthChecks) + } + h.HealthChecks.Active.Headers = healthHeaders + case "health_interval": if !d.NextArg() { return d.ArgErr() diff --git a/modules/caddyhttp/reverseproxy/healthchecks.go b/modules/caddyhttp/reverseproxy/healthchecks.go index 285834b9..42003b64 100644 --- a/modules/caddyhttp/reverseproxy/healthchecks.go +++ b/modules/caddyhttp/reverseproxy/healthchecks.go @@ -26,6 +26,7 @@ import ( "regexp" "runtime/debug" "strconv" + "strings" "time" "github.com/caddyserver/caddy/v2" @@ -241,7 +242,11 @@ func (h *Handler) doActiveHealthCheck(dialInfo DialInfo, hostAddr string, host H return fmt.Errorf("making request: %v", err) } for key, hdrs := range h.HealthChecks.Active.Headers { - req.Header[key] = hdrs + if strings.ToLower(key) == "host" { + req.Host = h.HealthChecks.Active.Headers.Get(key) + } else { + req.Header[key] = hdrs + } } // do the request, being careful to tame the response body From b1bec8c8992424b423db3d92101bd5b4989dcf65 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 4 Jan 2021 15:59:48 -0700 Subject: [PATCH 0282/1498] go.mod: Update CertMagic and acmez (improved IDN support) --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 526a1fcb..8ea1164d 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/Masterminds/sprig/v3 v3.1.0 github.com/alecthomas/chroma v0.8.2 github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a - github.com/caddyserver/certmagic v0.12.1-0.20201215190346-201f83a06067 + github.com/caddyserver/certmagic v0.12.1-0.20210104224249-7891c830824b github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-chi/chi v4.1.2+incompatible github.com/google/cel-go v0.6.0 @@ -14,7 +14,7 @@ require ( github.com/klauspost/compress v1.11.3 github.com/klauspost/cpuid/v2 v2.0.1 github.com/lucas-clemente/quic-go v0.19.3 - github.com/mholt/acmez v0.1.1 + github.com/mholt/acmez v0.1.2 github.com/naoina/go-stringutil v0.1.0 // indirect github.com/naoina/toml v0.1.1 github.com/prometheus/client_golang v1.9.0 diff --git a/go.sum b/go.sum index 2b19650e..8c5bd137 100644 --- a/go.sum +++ b/go.sum @@ -99,8 +99,8 @@ github.com/bombsimon/wsl/v2 v2.0.0/go.mod h1:mf25kr/SqFEPhhcxW1+7pxzGlW+hIl/hYTK github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= -github.com/caddyserver/certmagic v0.12.1-0.20201215190346-201f83a06067 h1:gpjCX6/8hHRgVXxy1v2AQdoAX6XRXIA8fBUZtEpnVg0= -github.com/caddyserver/certmagic v0.12.1-0.20201215190346-201f83a06067/go.mod h1:tr26xh+9fY5dN0J6IPAlMj07qpog22PJKa7Nw7j835U= +github.com/caddyserver/certmagic v0.12.1-0.20210104224249-7891c830824b h1:3sAfeMhRiv0CVLWvM+bTSVkZIf1KupsMjglpaOCAQjE= +github.com/caddyserver/certmagic v0.12.1-0.20210104224249-7891c830824b/go.mod h1:yHMCSjG2eOFdI/Jx0+CCzr2DLw+UQu42KbaOVBx7LwA= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= @@ -459,8 +459,8 @@ github.com/mattn/go-sqlite3 v1.10.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsO github.com/mattn/goveralls v0.0.2/go.mod h1:8d1ZMHsd7fW6IRPKQh46F2WRpyib5/X4FOpevwGNQEw= github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/mholt/acmez v0.1.1 h1:KQODCqk+hBn3O7qfCRPj6L96uG65T5BSS95FKNEqtdA= -github.com/mholt/acmez v0.1.1/go.mod h1:8qnn8QA/Ewx8E3ZSsmscqsIjhhpxuy9vqdgbX2ceceM= +github.com/mholt/acmez v0.1.2 h1:26ncYNBt59D+59cMUHuGa/Fzjmu6FFrBm6kk/8hdXt0= +github.com/mholt/acmez v0.1.2/go.mod h1:8qnn8QA/Ewx8E3ZSsmscqsIjhhpxuy9vqdgbX2ceceM= github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/dns v1.1.30 h1:Qww6FseFn8PRfw07jueqIXqodm0JKiiKuK0DeXSqfyo= From f0216967dca12831b1aac351fc8c4bfcea148697 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 5 Jan 2021 14:39:30 -0700 Subject: [PATCH 0283/1498] caddyfile: Refactor unmarshaling of module tokens Eliminates a fair amount of repeated code --- caddyconfig/caddyfile/adapter.go | 26 ++++++++++ caddyconfig/httpcaddyfile/builtins.go | 54 ++++++--------------- caddyconfig/httpcaddyfile/options.go | 49 ++++++++++--------- caddyconfig/httpcaddyfile/serveroptions.go | 13 ++--- caddyconfig/httpcaddyfile/tlsapp.go | 7 +-- modules/caddyhttp/encode/caddyfile.go | 13 ++--- modules/caddyhttp/reverseproxy/caddyfile.go | 26 +++------- modules/caddytls/acmeissuer.go | 13 ++--- modules/logging/filterencoder.go | 30 +++--------- 9 files changed, 90 insertions(+), 141 deletions(-) diff --git a/caddyconfig/caddyfile/adapter.go b/caddyconfig/caddyfile/adapter.go index 8d624f1d..185816b8 100644 --- a/caddyconfig/caddyfile/adapter.go +++ b/caddyconfig/caddyfile/adapter.go @@ -94,5 +94,31 @@ type ServerType interface { Setup([]ServerBlock, map[string]interface{}) (*caddy.Config, []caddyconfig.Warning, error) } +// UnmarshalModule instantiates a module with the given ID and invokes +// UnmarshalCaddyfile on the new value using the immediate next segment +// of d as input. In other words, d's next token should be the first +// token of the module's Caddyfile input. +// +// This function is used when the next segment of Caddyfile tokens +// belongs to another Caddy module. The returned value is often +// type-asserted to the module's associated type for practical use +// when setting up a config. +func UnmarshalModule(d *Dispenser, moduleID string) (Unmarshaler, error) { + mod, err := caddy.GetModule(moduleID) + if err != nil { + return nil, d.Errf("getting module named '%s': %v", moduleID, err) + } + inst := mod.New() + unm, ok := inst.(Unmarshaler) + if !ok { + return nil, d.Errf("module %s is not a Caddyfile unmarshaler; is %T", mod.ID, inst) + } + err = unm.UnmarshalCaddyfile(d.NewFromNextSegment()) + if err != nil { + return nil, err + } + return unm, nil +} + // Interface guard var _ caddyconfig.Adapter = (*Adapter)(nil) diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index 4a0b335e..7d16da15 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -285,21 +285,14 @@ func parseTLS(h Helper) ([]ConfigValue, error) { return nil, h.ArgErr() } modName := h.Val() - mod, err := caddy.GetModule("tls.issuance." + modName) - if err != nil { - return nil, h.Errf("getting issuer module '%s': %v", modName, err) - } - unm, ok := mod.New().(caddyfile.Unmarshaler) - if !ok { - return nil, h.Errf("issuer module '%s' is not a Caddyfile unmarshaler", mod.ID) - } - err = unm.UnmarshalCaddyfile(h.NewFromNextSegment()) + modID := "tls.issuance." + modName + unm, err := caddyfile.UnmarshalModule(h.Dispenser, modID) if err != nil { return nil, err } issuer, ok := unm.(certmagic.Issuer) if !ok { - return nil, h.Errf("module %s is not a certmagic.Issuer", mod.ID) + return nil, h.Errf("module %s (%T) is not a certmagic.Issuer", modID, unm) } issuers = append(issuers, issuer) @@ -315,18 +308,12 @@ func parseTLS(h Helper) ([]ConfigValue, error) { acmeIssuer.Challenges = new(caddytls.ChallengesConfig) acmeIssuer.Challenges.DNS = new(caddytls.DNSChallengeConfig) } - dnsProvModule, err := caddy.GetModule("dns.providers." + provName) + modID := "dns.providers." + provName + unm, err := caddyfile.UnmarshalModule(h.Dispenser, modID) if err != nil { - return nil, h.Errf("getting DNS provider module named '%s': %v", provName, err) + return nil, err } - dnsProvModuleInstance := dnsProvModule.New() - if unm, ok := dnsProvModuleInstance.(caddyfile.Unmarshaler); ok { - err = unm.UnmarshalCaddyfile(h.NewFromNextSegment()) - if err != nil { - return nil, err - } - } - acmeIssuer.Challenges.DNS.ProviderRaw = caddyconfig.JSONModuleObject(dnsProvModuleInstance, "name", provName, h.warnings) + acmeIssuer.Challenges.DNS.ProviderRaw = caddyconfig.JSONModuleObject(unm, "name", provName, h.warnings) case "ca_root": arg := h.RemainingArgs() @@ -583,21 +570,15 @@ func parseLog(h Helper) ([]ConfigValue, error) { case "discard": wo = caddy.DiscardWriter{} default: - mod, err := caddy.GetModule("caddy.logging.writers." + moduleName) - if err != nil { - return nil, h.Errf("getting log writer module named '%s': %v", moduleName, err) - } - unm, ok := mod.New().(caddyfile.Unmarshaler) - if !ok { - return nil, h.Errf("log writer module '%s' is not a Caddyfile unmarshaler", mod) - } - err = unm.UnmarshalCaddyfile(h.NewFromNextSegment()) + modID := "caddy.logging.writers." + moduleName + unm, err := caddyfile.UnmarshalModule(h.Dispenser, modID) if err != nil { return nil, err } + var ok bool wo, ok = unm.(caddy.WriterOpener) if !ok { - return nil, h.Errf("module %s is not a WriterOpener", mod) + return nil, h.Errf("module %s (%T) is not a WriterOpener", modID, unm) } } cl.WriterRaw = caddyconfig.JSONModuleObject(wo, "output", moduleName, h.warnings) @@ -607,21 +588,14 @@ func parseLog(h Helper) ([]ConfigValue, error) { return nil, h.ArgErr() } moduleName := h.Val() - mod, err := caddy.GetModule("caddy.logging.encoders." + moduleName) - if err != nil { - return nil, h.Errf("getting log encoder module named '%s': %v", moduleName, err) - } - unm, ok := mod.New().(caddyfile.Unmarshaler) - if !ok { - return nil, h.Errf("log encoder module '%s' is not a Caddyfile unmarshaler", mod) - } - err = unm.UnmarshalCaddyfile(h.NewFromNextSegment()) + moduleID := "caddy.logging.encoders." + moduleName + unm, err := caddyfile.UnmarshalModule(h.Dispenser, moduleID) if err != nil { return nil, err } enc, ok := unm.(zapcore.Encoder) if !ok { - return nil, h.Errf("module %s is not a zapcore.Encoder", mod) + return nil, h.Errf("module %s (%T) is not a zapcore.Encoder", moduleID, unm) } cl.EncoderRaw = caddyconfig.JSONModuleObject(enc, "format", moduleName, h.warnings) diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go index 5001974b..3a3cdf68 100644 --- a/caddyconfig/httpcaddyfile/options.go +++ b/caddyconfig/httpcaddyfile/options.go @@ -34,7 +34,7 @@ func init() { RegisterGlobalOption("storage", parseOptStorage) RegisterGlobalOption("acme_ca", parseOptSingleString) RegisterGlobalOption("acme_ca_root", parseOptSingleString) - RegisterGlobalOption("acme_dns", parseOptSingleString) + RegisterGlobalOption("acme_dns", parseOptACMEDNS) RegisterGlobalOption("acme_eab", parseOptACMEEAB) RegisterGlobalOption("cert_issuer", parseOptCertIssuer) RegisterGlobalOption("email", parseOptSingleString) @@ -165,26 +165,37 @@ func parseOptStorage(d *caddyfile.Dispenser) (interface{}, error) { if !d.Next() { // get storage module name return nil, d.ArgErr() } - modName := d.Val() - mod, err := caddy.GetModule("caddy.storage." + modName) - if err != nil { - return nil, d.Errf("getting storage module '%s': %v", modName, err) - } - unm, ok := mod.New().(caddyfile.Unmarshaler) - if !ok { - return nil, d.Errf("storage module '%s' is not a Caddyfile unmarshaler", mod.ID) - } - err = unm.UnmarshalCaddyfile(d.NewFromNextSegment()) + modID := "caddy.storage." + d.Val() + unm, err := caddyfile.UnmarshalModule(d, modID) if err != nil { return nil, err } storage, ok := unm.(caddy.StorageConverter) if !ok { - return nil, d.Errf("module %s is not a StorageConverter", mod.ID) + return nil, d.Errf("module %s is not a caddy.StorageConverter", modID) } return storage, nil } +func parseOptACMEDNS(d *caddyfile.Dispenser) (interface{}, error) { + if !d.Next() { // consume option name + return nil, d.ArgErr() + } + if !d.Next() { // get DNS module name + return nil, d.ArgErr() + } + modID := "dns.providers." + d.Val() + unm, err := caddyfile.UnmarshalModule(d, modID) + if err != nil { + return nil, err + } + prov, ok := unm.(certmagic.ACMEDNSProvider) + if !ok { + return nil, d.Errf("module %s (%T) is not a certmagic.ACMEDNSProvider", modID, unm) + } + return prov, nil +} + func parseOptACMEEAB(d *caddyfile.Dispenser) (interface{}, error) { eab := new(acme.EAB) for d.Next() { @@ -220,22 +231,14 @@ func parseOptCertIssuer(d *caddyfile.Dispenser) (interface{}, error) { if !d.Next() { // get issuer module name return nil, d.ArgErr() } - modName := d.Val() - mod, err := caddy.GetModule("tls.issuance." + modName) - if err != nil { - return nil, d.Errf("getting issuer module '%s': %v", modName, err) - } - unm, ok := mod.New().(caddyfile.Unmarshaler) - if !ok { - return nil, d.Errf("issuer module '%s' is not a Caddyfile unmarshaler", mod.ID) - } - err = unm.UnmarshalCaddyfile(d.NewFromNextSegment()) + modID := "tls.issuance." + d.Val() + unm, err := caddyfile.UnmarshalModule(d, modID) if err != nil { return nil, err } iss, ok := unm.(certmagic.Issuer) if !ok { - return nil, d.Errf("module %s is not a certmagic.Issuer", mod.ID) + return nil, d.Errf("module %s (%T) is not a certmagic.Issuer", modID, unm) } return iss, nil } diff --git a/caddyconfig/httpcaddyfile/serveroptions.go b/caddyconfig/httpcaddyfile/serveroptions.go index 38fa0f15..9e94b863 100644 --- a/caddyconfig/httpcaddyfile/serveroptions.go +++ b/caddyconfig/httpcaddyfile/serveroptions.go @@ -57,21 +57,14 @@ func unmarshalCaddyfileServerOptions(d *caddyfile.Dispenser) (interface{}, error switch d.Val() { case "listener_wrappers": for nesting := d.Nesting(); d.NextBlock(nesting); { - mod, err := caddy.GetModule("caddy.listeners." + d.Val()) - if err != nil { - return nil, fmt.Errorf("finding listener module '%s': %v", d.Val(), err) - } - unm, ok := mod.New().(caddyfile.Unmarshaler) - if !ok { - return nil, fmt.Errorf("listener module '%s' is not a Caddyfile unmarshaler", mod) - } - err = unm.UnmarshalCaddyfile(d.NewFromNextSegment()) + modID := "caddy.listeners." + d.Val() + unm, err := caddyfile.UnmarshalModule(d, modID) if err != nil { return nil, err } listenerWrapper, ok := unm.(caddy.ListenerWrapper) if !ok { - return nil, fmt.Errorf("module %s is not a listener wrapper", mod) + return nil, fmt.Errorf("module %s (%T) is not a listener wrapper", modID, unm) } jsonListenerWrapper := caddyconfig.JSONModuleObject( listenerWrapper, diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index 1fabc455..440c447d 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -392,14 +392,9 @@ func fillInGlobalACMEDefaults(issuer certmagic.Issuer, options map[string]interf acmeIssuer.TrustedRootsPEMFiles = append(acmeIssuer.TrustedRootsPEMFiles, globalACMECARoot.(string)) } if globalACMEDNS != nil && (acmeIssuer.Challenges == nil || acmeIssuer.Challenges.DNS == nil) { - provName := globalACMEDNS.(string) - dnsProvModule, err := caddy.GetModule("dns.providers." + provName) - if err != nil { - return fmt.Errorf("getting DNS provider module named '%s': %v", provName, err) - } acmeIssuer.Challenges = &caddytls.ChallengesConfig{ DNS: &caddytls.DNSChallengeConfig{ - ProviderRaw: caddyconfig.JSONModuleObject(dnsProvModule.New(), "name", provName, nil), + ProviderRaw: caddyconfig.JSONModuleObject(globalACMEDNS, "name", globalACMEDNS.(caddy.Module).CaddyModule().ID.Name(), nil), }, } } diff --git a/modules/caddyhttp/encode/caddyfile.go b/modules/caddyhttp/encode/caddyfile.go index 9d9646c0..2f11ca06 100644 --- a/modules/caddyhttp/encode/caddyfile.go +++ b/modules/caddyhttp/encode/caddyfile.go @@ -64,21 +64,14 @@ func (enc *Encode) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { for d.NextBlock(0) { name := d.Val() - mod, err := caddy.GetModule("http.encoders." + name) - if err != nil { - return fmt.Errorf("getting encoder module '%s': %v", name, err) - } - unm, ok := mod.New().(caddyfile.Unmarshaler) - if !ok { - return fmt.Errorf("encoder module '%s' is not a Caddyfile unmarshaler", mod) - } - err = unm.UnmarshalCaddyfile(d.NewFromNextSegment()) + modID := "http.encoders." + name + unm, err := caddyfile.UnmarshalModule(d, modID) if err != nil { return err } encoding, ok := unm.(Encoding) if !ok { - return fmt.Errorf("module %s is not an HTTP encoding", mod) + return fmt.Errorf("module %s is not an HTTP encoding; is %T", modID, unm) } if enc.EncodingsRaw == nil { enc.EncodingsRaw = make(caddy.ModuleMap) diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index 57f425a4..895bcbb9 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -241,21 +241,14 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return d.Err("load balancing selection policy already specified") } name := d.Val() - mod, err := caddy.GetModule("http.reverse_proxy.selection_policies." + name) - if err != nil { - return d.Errf("getting load balancing policy module '%s': %v", mod, err) - } - unm, ok := mod.New().(caddyfile.Unmarshaler) - if !ok { - return d.Errf("load balancing policy module '%s' is not a Caddyfile unmarshaler", mod) - } - err = unm.UnmarshalCaddyfile(d.NewFromNextSegment()) + modID := "http.reverse_proxy.selection_policies." + name + unm, err := caddyfile.UnmarshalModule(d, modID) if err != nil { return err } sel, ok := unm.(Selector) if !ok { - return d.Errf("module %s is not a Selector", mod) + return d.Errf("module %s (%T) is not a reverseproxy.Selector", modID, unm) } if h.LoadBalancing == nil { h.LoadBalancing = new(LoadBalancing) @@ -574,21 +567,14 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return d.Err("transport already specified") } transportModuleName = d.Val() - mod, err := caddy.GetModule("http.reverse_proxy.transport." + transportModuleName) - if err != nil { - return d.Errf("getting transport module '%s': %v", mod, err) - } - unm, ok := mod.New().(caddyfile.Unmarshaler) - if !ok { - return d.Errf("transport module '%s' is not a Caddyfile unmarshaler", mod) - } - err = unm.UnmarshalCaddyfile(d.NewFromNextSegment()) + modID := "http.reverse_proxy.transport." + transportModuleName + unm, err := caddyfile.UnmarshalModule(d, modID) if err != nil { return err } rt, ok := unm.(http.RoundTripper) if !ok { - return d.Errf("module %s is not a RoundTripper", mod) + return d.Errf("module %s (%T) is not a RoundTripper", modID, unm) } transport = rt diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go index df071c4b..43e758fd 100644 --- a/modules/caddytls/acmeissuer.go +++ b/modules/caddytls/acmeissuer.go @@ -354,18 +354,11 @@ func (iss *ACMEIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { if iss.Challenges.DNS == nil { iss.Challenges.DNS = new(DNSChallengeConfig) } - dnsProvModule, err := caddy.GetModule("dns.providers." + provName) + unm, err := caddyfile.UnmarshalModule(d, "dns.providers."+provName) if err != nil { - return d.Errf("getting DNS provider module named '%s': %v", provName, err) + return err } - dnsProvModuleInstance := dnsProvModule.New() - if unm, ok := dnsProvModuleInstance.(caddyfile.Unmarshaler); ok { - err = unm.UnmarshalCaddyfile(d.NewFromNextSegment()) - if err != nil { - return err - } - } - iss.Challenges.DNS.ProviderRaw = caddyconfig.JSONModuleObject(dnsProvModuleInstance, "name", provName, nil) + iss.Challenges.DNS.ProviderRaw = caddyconfig.JSONModuleObject(unm, "name", provName, nil) case "resolvers": if iss.Challenges == nil { diff --git a/modules/logging/filterencoder.go b/modules/logging/filterencoder.go index d1c335f4..cdb552d8 100644 --- a/modules/logging/filterencoder.go +++ b/modules/logging/filterencoder.go @@ -115,21 +115,14 @@ func (fe *FilterEncoder) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return d.ArgErr() } moduleName := d.Val() - mod, err := caddy.GetModule("caddy.logging.encoders." + moduleName) - if err != nil { - return d.Errf("getting log encoder module named '%s': %v", moduleName, err) - } - unm, ok := mod.New().(caddyfile.Unmarshaler) - if !ok { - return d.Errf("log encoder module '%s' is not a Caddyfile unmarshaler", mod) - } - err = unm.UnmarshalCaddyfile(d.NewFromNextSegment()) + moduleID := "caddy.logging.encoders." + moduleName + unm, err := caddyfile.UnmarshalModule(d, moduleID) if err != nil { return err } enc, ok := unm.(zapcore.Encoder) if !ok { - return d.Errf("module %s is not a zapcore.Encoder", mod) + return d.Errf("module %s (%T) is not a zapcore.Encoder", moduleID, unm) } fe.WrappedRaw = caddyconfig.JSONModuleObject(enc, "format", moduleName, nil) @@ -140,26 +133,19 @@ func (fe *FilterEncoder) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return d.ArgErr() } filterName := d.Val() - mod, err := caddy.GetModule("caddy.logging.encoders.filter." + filterName) - if err != nil { - return d.Errf("getting log filter module named '%s': %v", filterName, err) - } - unm, ok := mod.New().(caddyfile.Unmarshaler) - if !ok { - return d.Errf("log encoder module '%s' is not a Caddyfile unmarshaler", mod) - } - err = unm.UnmarshalCaddyfile(d.NewFromNextSegment()) + moduleID := "caddy.logging.encoders.filter." + filterName + unm, err := caddyfile.UnmarshalModule(d, moduleID) if err != nil { return err } - f, ok := unm.(LogFieldFilter) + filter, ok := unm.(LogFieldFilter) if !ok { - return d.Errf("module %s is not a LogFieldFilter", mod) + return d.Errf("module %s (%T) is not a logging.LogFieldFilter", moduleID, unm) } if fe.FieldsRaw == nil { fe.FieldsRaw = make(map[string]json.RawMessage) } - fe.FieldsRaw[field] = caddyconfig.JSONModuleObject(f, "filter", filterName, nil) + fe.FieldsRaw[field] = caddyconfig.JSONModuleObject(filter, "filter", filterName, nil) } default: From 8b6fdc04da5b31d8cb62b9d2574d16afe81ad549 Mon Sep 17 00:00:00 2001 From: Jordi Masip Date: Wed, 6 Jan 2021 20:02:58 +0100 Subject: [PATCH 0284/1498] caddytls: add 'key_type' subdirective (#3956) * caddytls: add 'key_type' subdirective * Suggested change * *string -> string * test --- caddyconfig/httpcaddyfile/builtins.go | 15 +++++++++++++++ caddyconfig/httpcaddyfile/tlsapp.go | 4 ++++ .../caddyfile_adapt/tls_automation_policies_2.txt | 2 ++ 3 files changed, 21 insertions(+) diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index 7d16da15..08dfa886 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -87,6 +87,7 @@ func parseTLS(h Helper) ([]ConfigValue, error) { var folderLoader caddytls.FolderLoader var certSelector caddytls.CustomCertSelectionPolicy var acmeIssuer *caddytls.ACMEIssuer + var keyType string var internalIssuer *caddytls.InternalIssuer var issuers []certmagic.Issuer var onDemand bool @@ -267,6 +268,13 @@ func parseTLS(h Helper) ([]ConfigValue, error) { } acmeIssuer.CA = arg[0] + case "key_type": + arg := h.RemainingArgs() + if len(arg) != 1 { + return nil, h.ArgErr() + } + keyType = arg[0] + case "eab": arg := h.RemainingArgs() if len(arg) != 2 { @@ -384,6 +392,13 @@ func parseTLS(h Helper) ([]ConfigValue, error) { }) } + if keyType != "" { + configVals = append(configVals, ConfigValue{ + Class: "tls.key_type", + Value: keyType, + }) + } + // on-demand TLS if onDemand { configVals = append(configVals, ConfigValue{ diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index 440c447d..a66146da 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -108,6 +108,10 @@ func (st ServerType) buildTLSApp( ap.OnDemand = true } + if keyTypeVals, ok := sblock.pile["tls.key_type"]; ok { + ap.KeyType = keyTypeVals[0].Value.(string) + } + // certificate issuers if issuerVals, ok := sblock.pile["tls.cert_issuer"]; ok { var issuers []certmagic.Issuer diff --git a/caddytest/integration/caddyfile_adapt/tls_automation_policies_2.txt b/caddytest/integration/caddyfile_adapt/tls_automation_policies_2.txt index db8e38bd..9be0a19a 100644 --- a/caddytest/integration/caddyfile_adapt/tls_automation_policies_2.txt +++ b/caddytest/integration/caddyfile_adapt/tls_automation_policies_2.txt @@ -7,6 +7,7 @@ example.com { tls { on_demand + key_type rsa2048 } } @@ -79,6 +80,7 @@ http://example.net { "module": "zerossl" } ], + "key_type": "rsa2048", "on_demand": true }, { From c2b91dbd65173d256e6fa4ddd3fec6ed2f6c87ef Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 7 Jan 2021 11:01:58 -0700 Subject: [PATCH 0285/1498] httpcaddyfile: Support repeated use of cert_issuer global option This changes the signature of UnmarshalGlobalFunc but this is probably OK since it's only used by this repo as far as we know. We need this change in order to "remember" the previous value in case a global option appears more than once, which is now a possibility with the cert_issuer option since Caddy now supports multiple issuers in the order defined by the user. Bonus: the issuer subdirective of tls now supports one-liner for "acme" when all you need to set is the directory: issuer acme

--- caddyconfig/httpcaddyfile/directives.go | 7 +-- caddyconfig/httpcaddyfile/httptype.go | 2 +- caddyconfig/httpcaddyfile/options.go | 61 +++++++++++++------------ caddyconfig/httpcaddyfile/tlsapp.go | 10 ++-- modules/caddytls/acmeissuer.go | 11 ++++- 5 files changed, 51 insertions(+), 40 deletions(-) diff --git a/caddyconfig/httpcaddyfile/directives.go b/caddyconfig/httpcaddyfile/directives.go index 4ab87787..b79b8116 100644 --- a/caddyconfig/httpcaddyfile/directives.go +++ b/caddyconfig/httpcaddyfile/directives.go @@ -498,9 +498,10 @@ type ( UnmarshalHandlerFunc func(h Helper) (caddyhttp.MiddlewareHandler, error) // UnmarshalGlobalFunc is a function which can unmarshal Caddyfile - // tokens into a global option config value using a Helper type. - // These are passed in a call to RegisterGlobalOption. - UnmarshalGlobalFunc func(d *caddyfile.Dispenser) (interface{}, error) + // tokens from a global option. It is passed the tokens to parse and + // existing value from the previous instance of this global option + // (if any). It returns the value to associate with this global option. + UnmarshalGlobalFunc func(d *caddyfile.Dispenser, existingVal interface{}) (interface{}, error) ) var registeredDirectives = make(map[string]UnmarshalFunc) diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 406d8b95..f16a0dfb 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -315,7 +315,7 @@ func (ServerType) evaluateGlobalOptionsBlock(serverBlocks []serverBlock, options return nil, fmt.Errorf("%s:%d: unrecognized global option: %s", tkn.File, tkn.Line, opt) } - val, err = optFunc(disp) + val, err = optFunc(disp, options[opt]) if err != nil { return nil, fmt.Errorf("parsing caddyfile tokens for '%s': %v", opt, err) } diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go index 3a3cdf68..119295b8 100644 --- a/caddyconfig/httpcaddyfile/options.go +++ b/caddyconfig/httpcaddyfile/options.go @@ -30,7 +30,6 @@ func init() { RegisterGlobalOption("https_port", parseOptHTTPSPort) RegisterGlobalOption("default_sni", parseOptSingleString) RegisterGlobalOption("order", parseOptOrder) - RegisterGlobalOption("experimental_http3", parseOptTrue) RegisterGlobalOption("storage", parseOptStorage) RegisterGlobalOption("acme_ca", parseOptSingleString) RegisterGlobalOption("acme_ca_root", parseOptSingleString) @@ -46,11 +45,9 @@ func init() { RegisterGlobalOption("servers", parseServerOptions) } -func parseOptTrue(d *caddyfile.Dispenser) (interface{}, error) { - return true, nil -} +func parseOptTrue(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { return true, nil } -func parseOptHTTPPort(d *caddyfile.Dispenser) (interface{}, error) { +func parseOptHTTPPort(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { var httpPort int for d.Next() { var httpPortStr string @@ -66,7 +63,7 @@ func parseOptHTTPPort(d *caddyfile.Dispenser) (interface{}, error) { return httpPort, nil } -func parseOptHTTPSPort(d *caddyfile.Dispenser) (interface{}, error) { +func parseOptHTTPSPort(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { var httpsPort int for d.Next() { var httpsPortStr string @@ -82,7 +79,7 @@ func parseOptHTTPSPort(d *caddyfile.Dispenser) (interface{}, error) { return httpsPort, nil } -func parseOptOrder(d *caddyfile.Dispenser) (interface{}, error) { +func parseOptOrder(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { newOrder := directiveOrder for d.Next() { @@ -158,7 +155,7 @@ func parseOptOrder(d *caddyfile.Dispenser) (interface{}, error) { return newOrder, nil } -func parseOptStorage(d *caddyfile.Dispenser) (interface{}, error) { +func parseOptStorage(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { if !d.Next() { // consume option name return nil, d.ArgErr() } @@ -177,7 +174,7 @@ func parseOptStorage(d *caddyfile.Dispenser) (interface{}, error) { return storage, nil } -func parseOptACMEDNS(d *caddyfile.Dispenser) (interface{}, error) { +func parseOptACMEDNS(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { if !d.Next() { // consume option name return nil, d.ArgErr() } @@ -196,7 +193,7 @@ func parseOptACMEDNS(d *caddyfile.Dispenser) (interface{}, error) { return prov, nil } -func parseOptACMEEAB(d *caddyfile.Dispenser) (interface{}, error) { +func parseOptACMEEAB(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { eab := new(acme.EAB) for d.Next() { if d.NextArg() { @@ -224,26 +221,30 @@ func parseOptACMEEAB(d *caddyfile.Dispenser) (interface{}, error) { return eab, nil } -func parseOptCertIssuer(d *caddyfile.Dispenser) (interface{}, error) { - if !d.Next() { // consume option name - return nil, d.ArgErr() +func parseOptCertIssuer(d *caddyfile.Dispenser, existing interface{}) (interface{}, error) { + var issuers []certmagic.Issuer + if existing != nil { + issuers = existing.([]certmagic.Issuer) } - if !d.Next() { // get issuer module name - return nil, d.ArgErr() + for d.Next() { // consume option name + if !d.Next() { // get issuer module name + return nil, d.ArgErr() + } + modID := "tls.issuance." + d.Val() + unm, err := caddyfile.UnmarshalModule(d, modID) + if err != nil { + return nil, err + } + iss, ok := unm.(certmagic.Issuer) + if !ok { + return nil, d.Errf("module %s (%T) is not a certmagic.Issuer", modID, unm) + } + issuers = append(issuers, iss) } - modID := "tls.issuance." + d.Val() - unm, err := caddyfile.UnmarshalModule(d, modID) - if err != nil { - return nil, err - } - iss, ok := unm.(certmagic.Issuer) - if !ok { - return nil, d.Errf("module %s (%T) is not a certmagic.Issuer", modID, unm) - } - return iss, nil + return issuers, nil } -func parseOptSingleString(d *caddyfile.Dispenser) (interface{}, error) { +func parseOptSingleString(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { d.Next() // consume parameter name if !d.Next() { return "", d.ArgErr() @@ -255,7 +256,7 @@ func parseOptSingleString(d *caddyfile.Dispenser) (interface{}, error) { return val, nil } -func parseOptAdmin(d *caddyfile.Dispenser) (interface{}, error) { +func parseOptAdmin(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { adminCfg := new(caddy.AdminConfig) for d.Next() { if d.NextArg() { @@ -291,7 +292,7 @@ func parseOptAdmin(d *caddyfile.Dispenser) (interface{}, error) { return adminCfg, nil } -func parseOptOnDemand(d *caddyfile.Dispenser) (interface{}, error) { +func parseOptOnDemand(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { var ond *caddytls.OnDemandConfig for d.Next() { if d.NextArg() { @@ -351,7 +352,7 @@ func parseOptOnDemand(d *caddyfile.Dispenser) (interface{}, error) { return ond, nil } -func parseOptAutoHTTPS(d *caddyfile.Dispenser) (interface{}, error) { +func parseOptAutoHTTPS(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { d.Next() // consume parameter name if !d.Next() { return "", d.ArgErr() @@ -366,6 +367,6 @@ func parseOptAutoHTTPS(d *caddyfile.Dispenser) (interface{}, error) { return val, nil } -func parseServerOptions(d *caddyfile.Dispenser) (interface{}, error) { +func parseServerOptions(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { return unmarshalCaddyfileServerOptions(d) } diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index a66146da..25b800a5 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -414,11 +414,11 @@ func fillInGlobalACMEDefaults(issuer certmagic.Issuer, options map[string]interf // returned if there are no default/global options. However, if always is // true, a non-nil value will always be returned (unless there is an error). func newBaseAutomationPolicy(options map[string]interface{}, warnings []caddyconfig.Warning, always bool) (*caddytls.AutomationPolicy, error) { - issuer, hasIssuer := options["cert_issuer"] + issuers, hasIssuers := options["cert_issuer"] _, hasLocalCerts := options["local_certs"] keyType, hasKeyType := options["key_type"] - hasGlobalAutomationOpts := hasIssuer || hasLocalCerts || hasKeyType + hasGlobalAutomationOpts := hasIssuers || hasLocalCerts || hasKeyType // if there are no global options related to automation policies // set, then we can just return right away @@ -434,12 +434,12 @@ func newBaseAutomationPolicy(options map[string]interface{}, warnings []caddycon ap.KeyType = keyType.(string) } - if hasIssuer && hasLocalCerts { + if hasIssuers && hasLocalCerts { return nil, fmt.Errorf("global options are ambiguous: local_certs is confusing when combined with cert_issuer, because local_certs is also a specific kind of issuer") } - if hasIssuer { - ap.Issuers = []certmagic.Issuer{issuer.(certmagic.Issuer)} + if hasIssuers { + ap.Issuers = issuers.([]certmagic.Issuer) } else if hasLocalCerts { ap.Issuers = []certmagic.Issuer{new(caddytls.InternalIssuer)} } diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go index 43e758fd..64725c9d 100644 --- a/modules/caddytls/acmeissuer.go +++ b/modules/caddytls/acmeissuer.go @@ -233,7 +233,7 @@ func (iss *ACMEIssuer) GetACMEIssuer() *ACMEIssuer { return iss } // UnmarshalCaddyfile deserializes Caddyfile tokens into iss. // -// ... acme { +// ... acme [] { // dir // test_dir // email @@ -250,9 +250,18 @@ func (iss *ACMEIssuer) GetACMEIssuer() *ACMEIssuer { return iss } // func (iss *ACMEIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { for d.Next() { + if d.NextArg() { + iss.CA = d.Val() + if d.NextArg() { + return d.ArgErr() + } + } for nesting := d.Nesting(); d.NextBlock(nesting); { switch d.Val() { case "dir": + if iss.CA != "" { + return d.Errf("directory is already specified: %s", iss.CA) + } if !d.AllArgs(&iss.CA) { return d.ArgErr() } From ef5448324948537bb4ce798567d79d0612d41220 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 7 Jan 2021 14:29:19 -0700 Subject: [PATCH 0286/1498] logging: Remove logfmt encoder (close #3575) Has been deprecated for about 6 months now because it is broken. --- go.mod | 1 - modules/logging/encoders.go | 56 ------------------------------------- 2 files changed, 57 deletions(-) diff --git a/go.mod b/go.mod index 8ea1164d..ed3a046b 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,6 @@ require ( github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-chi/chi v4.1.2+incompatible github.com/google/cel-go v0.6.0 - github.com/jsternberg/zap-logfmt v1.2.0 github.com/klauspost/compress v1.11.3 github.com/klauspost/cpuid/v2 v2.0.1 github.com/lucas-clemente/quic-go v0.19.3 diff --git a/modules/logging/encoders.go b/modules/logging/encoders.go index 79382dfc..ab68f5e3 100644 --- a/modules/logging/encoders.go +++ b/modules/logging/encoders.go @@ -22,7 +22,6 @@ import ( "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" - zaplogfmt "github.com/jsternberg/zap-logfmt" "go.uber.org/zap" "go.uber.org/zap/buffer" "go.uber.org/zap/zapcore" @@ -31,7 +30,6 @@ import ( func init() { caddy.RegisterModule(ConsoleEncoder{}) caddy.RegisterModule(JSONEncoder{}) - caddy.RegisterModule(LogfmtEncoder{}) caddy.RegisterModule(SingleFieldEncoder{}) } @@ -117,58 +115,6 @@ func (je *JSONEncoder) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return nil } -// LogfmtEncoder encodes log entries as logfmt: -// https://www.brandur.org/logfmt -// -// Note that logfmt does not encode nested structures -// properly, so it is not a good fit for most logs. -// -// ⚠️ DEPRECATED. Do not use. It will eventually be removed -// from the standard Caddy modules. For more information, -// see https://github.com/caddyserver/caddy/issues/3575. -type LogfmtEncoder struct { - zapcore.Encoder `json:"-"` - LogEncoderConfig -} - -// CaddyModule returns the Caddy module information. -func (LogfmtEncoder) CaddyModule() caddy.ModuleInfo { - return caddy.ModuleInfo{ - ID: "caddy.logging.encoders.logfmt", - New: func() caddy.Module { return new(LogfmtEncoder) }, - } -} - -// Provision sets up the encoder. -func (lfe *LogfmtEncoder) Provision(ctx caddy.Context) error { - ctx.Logger(lfe).Warn("the logfmt encoder is DEPRECATED and will soon be removed from the standard modules", - zap.String("recommendation", "switch to a log format that isn't broken"), - zap.String("more_info", "https://github.com/caddyserver/caddy/issues/3575")) - lfe.Encoder = zaplogfmt.NewEncoder(lfe.ZapcoreEncoderConfig()) - return nil -} - -// UnmarshalCaddyfile sets up the module from Caddyfile tokens. Syntax: -// -// logfmt { -// -// } -// -// See the godoc on the LogEncoderConfig type for the syntax of -// subdirectives that are common to most/all encoders. -func (lfe *LogfmtEncoder) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { - for d.Next() { - if d.NextArg() { - return d.ArgErr() - } - err := lfe.LogEncoderConfig.UnmarshalCaddyfile(d) - if err != nil { - return err - } - } - return nil -} - // SingleFieldEncoder writes a log entry that consists entirely // of a single string field in the log entry. This is useful // for custom, self-encoded log entries that consist of a @@ -398,11 +344,9 @@ var bufferpool = buffer.NewPool() var ( _ zapcore.Encoder = (*ConsoleEncoder)(nil) _ zapcore.Encoder = (*JSONEncoder)(nil) - _ zapcore.Encoder = (*LogfmtEncoder)(nil) _ zapcore.Encoder = (*SingleFieldEncoder)(nil) _ caddyfile.Unmarshaler = (*ConsoleEncoder)(nil) _ caddyfile.Unmarshaler = (*JSONEncoder)(nil) - _ caddyfile.Unmarshaler = (*LogfmtEncoder)(nil) _ caddyfile.Unmarshaler = (*SingleFieldEncoder)(nil) ) From 09432ba64d3931206181c895c845116db8d7e877 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 7 Jan 2021 15:52:58 -0700 Subject: [PATCH 0287/1498] caddytls: Configurable OCSP stapling; global option (closes #3714) Allows user to disable OCSP stapling (including support in the Caddyfile via the ocsp_stapling global option) or overriding responder URLs. Useful in environments where responders are not reachable due to firewalls. --- caddyconfig/httpcaddyfile/options.go | 15 +++++++++++++++ caddyconfig/httpcaddyfile/tlsapp.go | 9 ++++++++- go.mod | 2 +- go.sum | 4 ++-- modules/caddytls/automation.go | 23 ++++++++++++++++++++--- 5 files changed, 46 insertions(+), 7 deletions(-) diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go index 119295b8..54672a65 100644 --- a/caddyconfig/httpcaddyfile/options.go +++ b/caddyconfig/httpcaddyfile/options.go @@ -43,6 +43,7 @@ func init() { RegisterGlobalOption("key_type", parseOptSingleString) RegisterGlobalOption("auto_https", parseOptAutoHTTPS) RegisterGlobalOption("servers", parseServerOptions) + RegisterGlobalOption("ocsp_stapling", parseOCSPStaplingOptions) } func parseOptTrue(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { return true, nil } @@ -370,3 +371,17 @@ func parseOptAutoHTTPS(d *caddyfile.Dispenser, _ interface{}) (interface{}, erro func parseServerOptions(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { return unmarshalCaddyfileServerOptions(d) } + +func parseOCSPStaplingOptions(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { + d.Next() // consume option name + var val string + if !d.AllArgs(&val) { + return nil, d.ArgErr() + } + if val != "off" { + return nil, d.Errf("invalid argument '%s'", val) + } + return certmagic.OCSPConfig{ + DisableStapling: val == "off", + }, nil +} diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index 25b800a5..10b5e7d5 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -417,8 +417,9 @@ func newBaseAutomationPolicy(options map[string]interface{}, warnings []caddycon issuers, hasIssuers := options["cert_issuer"] _, hasLocalCerts := options["local_certs"] keyType, hasKeyType := options["key_type"] + ocspStapling, hasOCSPStapling := options["ocsp_stapling"] - hasGlobalAutomationOpts := hasIssuers || hasLocalCerts || hasKeyType + hasGlobalAutomationOpts := hasIssuers || hasLocalCerts || hasKeyType || hasOCSPStapling // if there are no global options related to automation policies // set, then we can just return right away @@ -444,6 +445,12 @@ func newBaseAutomationPolicy(options map[string]interface{}, warnings []caddycon ap.Issuers = []certmagic.Issuer{new(caddytls.InternalIssuer)} } + if hasOCSPStapling { + ocspConfig := ocspStapling.(certmagic.OCSPConfig) + ap.DisableOCSPStapling = ocspConfig.DisableStapling + ap.OCSPOverrides = ocspConfig.ResponderOverrides + } + return ap, nil } diff --git a/go.mod b/go.mod index ed3a046b..825f8743 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/Masterminds/sprig/v3 v3.1.0 github.com/alecthomas/chroma v0.8.2 github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a - github.com/caddyserver/certmagic v0.12.1-0.20210104224249-7891c830824b + github.com/caddyserver/certmagic v0.12.1-0.20210107224522-725b69d53d57 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-chi/chi v4.1.2+incompatible github.com/google/cel-go v0.6.0 diff --git a/go.sum b/go.sum index 8c5bd137..cc11013a 100644 --- a/go.sum +++ b/go.sum @@ -99,8 +99,8 @@ github.com/bombsimon/wsl/v2 v2.0.0/go.mod h1:mf25kr/SqFEPhhcxW1+7pxzGlW+hIl/hYTK github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= -github.com/caddyserver/certmagic v0.12.1-0.20210104224249-7891c830824b h1:3sAfeMhRiv0CVLWvM+bTSVkZIf1KupsMjglpaOCAQjE= -github.com/caddyserver/certmagic v0.12.1-0.20210104224249-7891c830824b/go.mod h1:yHMCSjG2eOFdI/Jx0+CCzr2DLw+UQu42KbaOVBx7LwA= +github.com/caddyserver/certmagic v0.12.1-0.20210107224522-725b69d53d57 h1:eslWGgoQlVAzOGMUfK3ncoHnONjCUVOPTGRD9JG3gAY= +github.com/caddyserver/certmagic v0.12.1-0.20210107224522-725b69d53d57/go.mod h1:yHMCSjG2eOFdI/Jx0+CCzr2DLw+UQu42KbaOVBx7LwA= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= diff --git a/modules/caddytls/automation.go b/modules/caddytls/automation.go index 509ad6e6..ed29e06a 100644 --- a/modules/caddytls/automation.go +++ b/modules/caddytls/automation.go @@ -107,6 +107,19 @@ type AutomationPolicy struct { // load. OnDemand bool `json:"on_demand,omitempty"` + // Disables OCSP stapling. Disabling OCSP stapling puts clients at + // greater risk, reduces their privacy, and usually lowers client + // performance. It is NOT recommended to disable this unless you + // are able to justify the costs. + // EXPERIMENTAL. Subject to change. + DisableOCSPStapling bool `json:"disable_ocsp_stapling,omitempty"` + + // Overrides the URLs of OCSP responders embedded in certificates. + // Each key is a OCSP server URL to override, and its value is the + // replacement. An empty value will disable querying of that server. + // EXPERIMENTAL. Subject to change. + OCSPOverrides map[string]string `json:"ocsp_overrides,omitempty"` + // Issuers stores the decoded issuer parameters. This is only // used to populate an underlying certmagic.Config's Issuers // field; it is not referenced thereafter. @@ -205,9 +218,13 @@ func (ap *AutomationPolicy) Provision(tlsApp *TLS) error { RenewalWindowRatio: ap.RenewalWindowRatio, KeySource: keySource, OnDemand: ond, - Storage: storage, - Issuers: issuers, - Logger: tlsApp.logger, + OCSP: certmagic.OCSPConfig{ + DisableStapling: ap.DisableOCSPStapling, + ResponderOverrides: ap.OCSPOverrides, + }, + Storage: storage, + Issuers: issuers, + Logger: tlsApp.logger, } ap.magic = certmagic.New(tlsApp.certCache, template) From 4f64105fbb9b315e8faf7a15144fe27e780d5384 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 8 Jan 2021 16:00:36 -0700 Subject: [PATCH 0288/1498] Update docs --- .github/CONTRIBUTING.md | 29 ++++++++++++++++------------- README.md | 10 +++++----- 2 files changed, 21 insertions(+), 18 deletions(-) diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index 7c51a3e2..0a277486 100644 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -23,13 +23,13 @@ Other menu items: ### Contributing code -You can have a huge impact on the project by helping with its code. To contribute code to Caddy, open a [pull request](https://github.com/caddyserver/caddy/pulls) (PR). If you're new to our community, that's okay: **we gladly welcome pull requests from anyone, regardless of your native language or coding experience.** You can get familiar with Caddy's code base by using [code search at Sourcegraph](https://sourcegraph.com/github.com/caddyserver/caddy/-/search). +You can have a huge impact on the project by helping with its code. To contribute code to Caddy, first submit or comment in an issue to discuss your contribution, then open a [pull request](https://github.com/caddyserver/caddy/pulls) (PR). If you're new to our community, that's okay: **we gladly welcome pull requests from anyone, regardless of your native language or coding experience.** You can get familiar with Caddy's code base by using [code search at Sourcegraph](https://sourcegraph.com/github.com/caddyserver/caddy). We hold contributions to a high standard for quality :bowtie:, so don't be surprised if we ask for revisions—even if it seems small or insignificant. Please don't take it personally. :blue_heart: If your change is on the right track, we can guide you to make it mergable. Here are some of the expectations we have of contributors: -- **Open an issue to propose your change first.** This way we can avoid confusion, coordinate what everyone is working on, and ensure that any changes are in-line with the project's goals and the best interests of its users. We can also discuss the best possible implementation. If there's already an issue about it, comment on the existing issue to claim it. +- **Open an issue to propose your change first.** This way we can avoid confusion, coordinate what everyone is working on, and ensure that any changes are in-line with the project's goals and the best interests of its users. We can also discuss the best possible implementation. If there's already an issue about it, comment on the existing issue to claim it. A lot of valuable time can be saved by discussing a propsal first. - **Keep pull requests small.** Smaller PRs are more likely to be merged because they are easier to review! We might ask you to break up large PRs into smaller ones. [An example of what we want to avoid.](https://twitter.com/iamdevloper/status/397664295875805184) @@ -45,16 +45,18 @@ Here are some of the expectations we have of contributors: - **Use comments properly.** We expect good godoc comments for package-level functions, types, and values. Comments are also useful whenever the purpose for a line of code is not obvious. +- **Pull requests may still get closed.** The longer a PR stays open and idle, the more likely it is to be closed. If we haven't reviewed it in a while, it probably means the change is not a priority. Please don't take this personally, we're trying to balance a lot of tasks! If nobody else has commented or reacted to the PR, it likely means your change is useful only to you. The reality is this happens quite a bit. We don't tend to accept PRs that aren't generally helpful. For these reasons or others, the PR may get closed even after a review. We are not obligated to accept all proposed changes, even if the best justification we can give is something vague like, "It doesn't sit right." Sometimes PRs are just the wrong thing or the wrong time. Because it is open source, you can always build your own modified version of Caddy with a change you need, even if we reject it in the official repo. + We often grant [collaborator status](#collaborator-instructions) to contributors who author one or more significant, high-quality PRs that are merged into the code base! #### HOW TO MAKE A PULL REQUEST TO CADDY -Contributing to Go projects on GitHub is fun and easy. We recommend the following workflow: +Contributing to Go projects on GitHub is fun and easy. After you have proposed your change in an issue, we recommend the following workflow: 1. [Fork this repo](https://github.com/caddyserver/caddy). This makes a copy of the code you can write to. -2. If you don't already have this repo (caddyserver/caddy.git) repo on your computer, get it with `go get github.com/caddyserver/caddy/v2`. +2. If you don't already have this repo (caddyserver/caddy.git) repo on your computer, clone it down: `git clone https://github.com/caddyserver/caddy.git` 3. Tell git that it can push the caddyserver/caddy.git repo to your fork by adding a remote: `git remote add myfork https://github.com//caddy.git` @@ -85,9 +87,9 @@ Many people on the forums could benefit from your experience and expertise, too. Like every software, Caddy has its flaws. If you find one, [search the issues](https://github.com/caddyserver/caddy/issues) to see if it has already been reported. If not, [open a new issue](https://github.com/caddyserver/caddy/issues/new) and describe the bug, and somebody will look into it! (This repository is only for Caddy and its standard modules.) -**You can help stop bugs in their tracks!** Speed up the patch by identifying the bug in the code. This can sometimes be done by adding `fmt.Println()` statements (or similar) in relevant code paths to narrow down where the problem may be. It's a good way to [introduce yourself to the Go language](https://tour.golang.org), too. +**You can help us fix bugs!** Speed up the patch by identifying the bug in the code. This can sometimes be done by adding `fmt.Println()` statements (or similar) in relevant code paths to narrow down where the problem may be. It's a good way to [introduce yourself to the Go language](https://tour.golang.org), too. -Please follow the issue template so we have all the needed information. Unredacted—yes, actual values matter. We need to be able to repeat the bug using your instructions. Please simplify the issue as much as possible. The burden is on you to convince us that it is actually a bug in Caddy. This is easiest to do when you write clear, concise instructions so we can reproduce the behavior (even if it seems obvious). The more detailed and specific you are, the faster we will be able to help you! +We may reply with an issue template. Please follow the template so we have all the needed information. Unredacted—yes, actual values matter. We need to be able to repeat the bug using your instructions. Please simplify the issue as much as possible. If you don't, we might close your report. The burden is on you to make it easily reproducible and to convince us that it is actually a bug in Caddy. This is easiest to do when you write clear, concise instructions so we can reproduce the behavior (even if it seems obvious). The more detailed and specific you are, the faster we will be able to help you! We suggest reading [How to Report Bugs Effectively](http://www.chiark.greenend.org.uk/~sgtatham/bugs.html). @@ -98,11 +100,12 @@ Please be kind. :smile: Remember that Caddy comes at no cost to you, and you're Maintainers---or more generally, developers---need three things to act on bugs: 1. To agree or be convinced that it's a bug (reporter's responsibility). - - A bug is undesired or surprising behavior which violates documentation or the spec. + - A bug is unintentional, undesired, or surprising behavior which violates documentation or relevant spec. It might be either a mistake in the documentation or a bug in the code. + - This project usually does not work around bugs in other software, systems, and dependencies; instead, we recommend that those bugs are fixed at their source. This sometimes means we close issues or reject PRs that attempt to fix, workaround, or hide bugs in other projects. 2. To be able to understand what is happening (mostly reporter's responsibility). - - If the reporter can provide satisfactory instructions such that a developer can reproduce the bug, the developer will likely be able to understand the bug, write a test case, and implement a fix. - - Otherwise, the burden is on the reporter to test possible solutions. This is discouraged because it loosens the feedback loop, slows down debugging efforts, obscures the true nature of the problem from the developers, and is unlikely to result in new test cases. + - If the reporter can provide satisfactory instructions such that a developer can reproduce the bug, the developer will likely be able to understand the bug, write a test case, and implement a fix. This is the least amount of work for everyone and path to the fastest resolution. + - Otherwise, the burden is on the reporter to test possible solutions. This is less preferable because it loosens the feedback loop, slows down debugging efforts, obscures the true nature of the problem from the developers, and is unlikely to result in new test cases. 3. A solution, or ideas toward a solution (mostly maintainer's responsibility). - Sometimes the best solution is a documentation change. @@ -112,7 +115,7 @@ Maintainers---or more generally, developers---need three things to act on bugs: Thus, at the very least, the reporter is expected to: -1. Convince the reader that it's a bug (if it's not obvious). +1. Convince the reader that it's a bug in Caddy (if it's not obvious). 2. Reduce the problem down to the minimum specific steps required to reproduce it. The maintainer is usually able to do the rest; but of course the reporter may invest additional effort to speed up the process. @@ -123,7 +126,7 @@ The maintainer is usually able to do the rest; but of course the reporter may in First, [search to see if your feature has already been requested](https://github.com/caddyserver/caddy/issues). If it has, you can add a :+1: reaction to vote for it. If your feature idea is new, open an issue to request the feature. Please describe your idea thoroughly so that we know how to implement it! Really vague requests may not be helpful or actionable and, without clarification, will have to be closed. -While we really do value your requests and implement many of them, not all features are a good fit for Caddy. Most of those [make good modules](#writing-a-caddy-module), which can be made by anyone! But if a feature is not in the best interest of the Caddy project or its users in general, we may politely decline to implement it into Caddy core. +While we really do value your requests and implement many of them, not all features are a good fit for Caddy. Most of those [make good modules](#writing-a-caddy-module), which can be made by anyone! But if a feature is not in the best interest of the Caddy project or its users in general, we may politely decline to implement it into Caddy core. Additionally, some features are bad ideas altogether (for either obvious or non-obvious reasons) which may be rejected. We'll try to explain why we reject a feature, but sometimes the best we can do is, "It's not a good fit for the project." ### Improving documentation @@ -132,7 +135,7 @@ Caddy's documentation is available at [https://caddyserver.com/docs](https://cad Note that third-party module documentation is not hosted by the Caddy website, other than basic usage examples. They are managed by the individual module authors, and you will have to contact them to change their documentation. - +Our documentation is scoped to the Caddy project only: it is not for describing how other software or systems work, even if they relate to Caddy or web servers. That kind of content [can be found in our community wiki](https://caddy.community/c/wiki/13), however. ## Collaborator Instructions @@ -167,7 +170,7 @@ Collaborators have push rights to the repository. We grant this permission after -## Values +## Values (WIP) - A person is always more important than code. People don't like being handled "efficiently". But we can still process issues and pull requests efficiently while being kind, patient, and considerate. diff --git a/README.md b/README.md index 316a56a9..184525f3 100644 --- a/README.md +++ b/README.md @@ -87,7 +87,7 @@ $ cd caddy/cmd/caddy/ $ go build ``` -When you run Caddy, it may try to bind to low ports unless otherwise specified in your config. If your OS requires elevated privileges, you will need to give your new binary permission to do so. On Linux, this can be done easily with: `sudo setcap cap_net_bind_service=+ep ./caddy` +When you run Caddy, it may try to bind to low ports unless otherwise specified in your config. If your OS requires elevated privileges for this, you will need to give your new binary permission to do so. On Linux, this can be done easily with: `sudo setcap cap_net_bind_service=+ep ./caddy` If you prefer to use `go run` which creates temporary binaries, you can still do this. Make an executable file called `setcap.sh` (or whatever you want) with these contents: @@ -125,7 +125,7 @@ $ xcaddy build 2. Change into it: `cd caddy` 3. Copy [Caddy's main.go](https://github.com/caddyserver/caddy/blob/master/cmd/caddy/main.go) into the empty folder. Add imports for any custom plugins you want to add. 4. Initialize a Go module: `go mod init caddy` -5. (Optional) Pin Caddy version: `go get github.com/caddyserver/caddy/v2@version` replacing `version` with a git tag or commit. +5. (Optional) Pin Caddy version: `go get github.com/caddyserver/caddy/v2@version` replacing `version` with a git tag, commit, or branch name. 6. (Optional) Add plugins by adding their import: `_ "import/path/here"` 7. Compile: `go build` @@ -174,7 +174,7 @@ The docs are also open source. You can contribute to them here: https://github.c - We **strongly recommend** that all professionals or companies using Caddy get a support contract through [Ardan Labs](https://www.ardanlabs.com/my/contact-us?dd=caddy) before help is needed. -- A [sponsorship](https://github.com/sponsors/mholt) goes a long way! +- A [sponsorship](https://github.com/sponsors/mholt) goes a long way! If Caddy is benefitting your company, please consider a sponsorship! This not only helps fund full-time work to ensure the longevity of the project, it's also a great look for your company to your customers and potential customers! - Individuals can exchange help for free on our community forum at https://caddy.community. Remember that people give help out of their spare time and good will. The best way to get help is to give it first! @@ -184,11 +184,11 @@ Please use our [issue tracker](https://github.com/caddyserver/caddy/issues) only ## About -**The name "Caddy" is trademarked.** The name of the software is "Caddy", not "Caddy Server" or "CaddyServer". Please call it "Caddy" or, if you wish to clarify, "the Caddy web server". Caddy is a registered trademark of apilayer GmbH. +**The name "Caddy" is trademarked.** The name of the software is "Caddy", not "Caddy Server" or "CaddyServer". Please call it "Caddy" or, if you wish to clarify, "the Caddy web server". Caddy is a registered trademark of Stack Holdings GmbH. - _Project on Twitter: [@caddyserver](https://twitter.com/caddyserver)_ - _Author on Twitter: [@mholt6](https://twitter.com/mholt6)_ -Caddy is a project of [ZeroSSL](https://zerossl.com), an [apilayer](https://apilayer.com) company. +Caddy is a project of [ZeroSSL](https://zerossl.com), a Stack Holdings company. Debian package repository hosting is graciously provided by [Cloudsmith](https://cloudsmith.com). Cloudsmith is the only fully hosted, cloud-native, universal package management solution, that enables your organization to create, store and share packages in any format, to any place, with total confidence. \ No newline at end of file From 88a38bd00d386457aec71696a386449d3bcf8990 Mon Sep 17 00:00:00 2001 From: go-d <37667595+go-d@users.noreply.github.com> Date: Mon, 11 Jan 2021 17:18:53 +0100 Subject: [PATCH 0289/1498] rewrite: Use RawPath instead of Path (fix #3596) (#3918) Prevent information loss, i.e. the encoded form that was sent by the client, when using URL strip/replace. --- modules/caddyhttp/rewrite/rewrite.go | 33 +++++++++++++++-------- modules/caddyhttp/rewrite/rewrite_test.go | 15 +++++++++++ 2 files changed, 37 insertions(+), 11 deletions(-) diff --git a/modules/caddyhttp/rewrite/rewrite.go b/modules/caddyhttp/rewrite/rewrite.go index d47c388a..ad1c4706 100644 --- a/modules/caddyhttp/rewrite/rewrite.go +++ b/modules/caddyhttp/rewrite/rewrite.go @@ -191,11 +191,21 @@ func (rewr Rewrite) rewrite(r *http.Request, repl *caddy.Replacer, logger *zap.L // strip path prefix or suffix if rewr.StripPathPrefix != "" { prefix := repl.ReplaceAll(rewr.StripPathPrefix, "") - r.URL.Path = strings.TrimPrefix(r.URL.Path, prefix) + r.URL.RawPath = strings.TrimPrefix(r.URL.RawPath, prefix) + if p, err := url.PathUnescape(r.URL.RawPath); err == nil && p != "" { + r.URL.Path = p + } else { + r.URL.Path = strings.TrimPrefix(r.URL.Path, prefix) + } } if rewr.StripPathSuffix != "" { suffix := repl.ReplaceAll(rewr.StripPathSuffix, "") - r.URL.Path = strings.TrimSuffix(r.URL.Path, suffix) + r.URL.RawPath = strings.TrimSuffix(r.URL.RawPath, suffix) + if p, err := url.PathUnescape(r.URL.RawPath); err == nil && p != "" { + r.URL.Path = p + } else { + r.URL.Path = strings.TrimSuffix(r.URL.Path, suffix) + } } // substring replacements in URI @@ -289,10 +299,10 @@ type replacer struct { Limit int `json:"limit,omitempty"` } -// do performs the replacement on r and returns true if any changes were made. -func (rep replacer) do(r *http.Request, repl *caddy.Replacer) bool { +// do performs the replacement on r. +func (rep replacer) do(r *http.Request, repl *caddy.Replacer) { if rep.Find == "" || rep.Replace == "" { - return false + return } lim := rep.Limit @@ -303,13 +313,14 @@ func (rep replacer) do(r *http.Request, repl *caddy.Replacer) bool { find := repl.ReplaceAll(rep.Find, "") replace := repl.ReplaceAll(rep.Replace, "") - oldPath := r.URL.Path - oldQuery := r.URL.RawQuery + r.URL.RawPath = strings.Replace(r.URL.RawPath, find, replace, lim) + if p, err := url.PathUnescape(r.URL.RawPath); err == nil && p != "" { + r.URL.Path = p + } else { + r.URL.Path = strings.Replace(r.URL.Path, find, replace, lim) + } - r.URL.Path = strings.Replace(oldPath, find, replace, lim) - r.URL.RawQuery = strings.Replace(oldQuery, find, replace, lim) - - return r.URL.Path != oldPath && r.URL.RawQuery != oldQuery + r.URL.RawQuery = strings.Replace(r.URL.RawQuery, find, replace, lim) } // Interface guard diff --git a/modules/caddyhttp/rewrite/rewrite_test.go b/modules/caddyhttp/rewrite/rewrite_test.go index fb4931b1..9329a04a 100644 --- a/modules/caddyhttp/rewrite/rewrite_test.go +++ b/modules/caddyhttp/rewrite/rewrite_test.go @@ -199,6 +199,11 @@ func TestRewrite(t *testing.T) { input: newRequest(t, "GET", "/prefix/foo/bar"), expect: newRequest(t, "GET", "/foo/bar"), }, + { + rule: Rewrite{StripPathPrefix: "/prefix"}, + input: newRequest(t, "GET", "/prefix/foo%2Fbar"), + expect: newRequest(t, "GET", "/foo%2Fbar"), + }, { rule: Rewrite{StripPathPrefix: "/prefix"}, input: newRequest(t, "GET", "/foo/prefix/bar"), @@ -215,6 +220,11 @@ func TestRewrite(t *testing.T) { input: newRequest(t, "GET", "/foo/bar/suffix"), expect: newRequest(t, "GET", "/foo/bar/"), }, + { + rule: Rewrite{StripPathSuffix: "suffix"}, + input: newRequest(t, "GET", "/foo%2Fbar/suffix"), + expect: newRequest(t, "GET", "/foo%2Fbar/"), + }, { rule: Rewrite{StripPathSuffix: "/suffix"}, input: newRequest(t, "GET", "/foo/suffix/bar"), @@ -231,6 +241,11 @@ func TestRewrite(t *testing.T) { input: newRequest(t, "GET", "/foo/findme/bar"), expect: newRequest(t, "GET", "/foo/replaced/bar"), }, + { + rule: Rewrite{URISubstring: []replacer{{Find: "findme", Replace: "replaced"}}}, + input: newRequest(t, "GET", "/foo/findme%2Fbar"), + expect: newRequest(t, "GET", "/foo/replaced%2Fbar"), + }, } { // copy the original input just enough so that we can // compare it after the rewrite to see if it changed From 0bf2046da7f2f5bf1b7d9fa055ae28de9a06ddaf Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 11 Jan 2021 13:35:12 -0700 Subject: [PATCH 0290/1498] requestbody: Allow overwriting remote address An experimental feature, let's see if it's useful. --- modules/caddyhttp/requestbody/requestbody.go | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/modules/caddyhttp/requestbody/requestbody.go b/modules/caddyhttp/requestbody/requestbody.go index 76cd2743..35aa1af1 100644 --- a/modules/caddyhttp/requestbody/requestbody.go +++ b/modules/caddyhttp/requestbody/requestbody.go @@ -29,6 +29,11 @@ func init() { type RequestBody struct { // The maximum number of bytes to allow reading from the body by a later handler. MaxSize int64 `json:"max_size,omitempty"` + + // Overwrites the remote address from which the request came. This is destructive; + // handlers later in the chain will not be able to recover the true originating + // address of the request. EXPERIMENTAL: May get changed or removed later. + RemoteAddress string `json:"remote_address,omitempty"` } // CaddyModule returns the Caddy module information. @@ -40,6 +45,10 @@ func (RequestBody) CaddyModule() caddy.ModuleInfo { } func (rb RequestBody) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhttp.Handler) error { + if rb.RemoteAddress != "" { + repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) + r.RemoteAddr = repl.ReplaceAll(rb.RemoteAddress, "") + } if r.Body == nil { return next.ServeHTTP(w, r) } From 14f50d9dfb6c0da0da636829175a37b1864d23cf Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 11 Jan 2021 13:49:20 -0700 Subject: [PATCH 0291/1498] templates: Add fileExists and httpError template actions The httpError function isn't particularly useful until https://github.com/golang/go/issues/34201 is fixed in the Go standard lib. --- modules/caddyhttp/templates/tplcontext.go | 26 +++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/modules/caddyhttp/templates/tplcontext.go b/modules/caddyhttp/templates/tplcontext.go index 8bdaeec7..1212ee20 100644 --- a/modules/caddyhttp/templates/tplcontext.go +++ b/modules/caddyhttp/templates/tplcontext.go @@ -153,7 +153,9 @@ func (c templateContext) executeTemplateInBuffer(tplName string, buf *bytes.Buff "splitFrontMatter": c.funcSplitFrontMatter, "listFiles": c.funcListFiles, "env": c.funcEnv, - "placeholder": c.placeholder, + "placeholder": c.funcPlaceholder, + "fileExists": c.funcFileExists, + "httpError": c.funcHTTPError, }) parsedTpl, err := tpl.Parse(buf.String()) @@ -166,7 +168,7 @@ func (c templateContext) executeTemplateInBuffer(tplName string, buf *bytes.Buff return parsedTpl.Execute(buf, c) } -func (c templateContext) placeholder(name string) string { +func (c templateContext) funcPlaceholder(name string) string { repl := c.Req.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) value, _ := repl.GetString(name) return value @@ -323,6 +325,26 @@ func (c templateContext) funcListFiles(name string) ([]string, error) { return names, nil } +// funcFileExists returns true if filename can be opened successfully. +func (c templateContext) funcFileExists(filename string) (bool, error) { + if c.Root == nil { + return false, fmt.Errorf("root file system not specified") + } + file, err := c.Root.Open(filename) + if err == nil { + file.Close() + return true, nil + } + return false, nil +} + +// funcHTTPError returns a structured HTTP handler error. EXPERIMENTAL. +// TODO: Requires https://github.com/golang/go/issues/34201 to be fixed. +// Example usage might be: `{{if not (fileExists $includeFile)}}{{httpError 404}}{{end}}` +func (c templateContext) funcHTTPError(statusCode int) (bool, error) { + return false, caddyhttp.Error(statusCode, nil) +} + // tplWrappedHeader wraps niladic functions so that they // can be used in templates. (Template functions must // return a value.) From 59071ea15d2aacb69fcfc088f4996717cd2bfc73 Mon Sep 17 00:00:00 2001 From: Stefan Tatschner Date: Tue, 12 Jan 2021 22:38:53 +0100 Subject: [PATCH 0292/1498] cmd: Implement sd_notify() to notify systemd about readiness (#3963) Issue: #3786 Based on Gaurav Dhameeja's work in #3908. --- cmd/commandfuncs.go | 13 +++++++++ cmd/notify.go | 23 +++++++++++++++ cmd/notify_linux.go | 68 +++++++++++++++++++++++++++++++++++++++++++++ cmd/notify_other.go | 25 +++++++++++++++++ 4 files changed, 129 insertions(+) create mode 100644 cmd/notify.go create mode 100644 cmd/notify_linux.go create mode 100644 cmd/notify_other.go diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go index 25cbe587..1ee7dd87 100644 --- a/cmd/commandfuncs.go +++ b/cmd/commandfuncs.go @@ -271,6 +271,10 @@ func cmdRun(fl Flags) (int, error) { } } + if err := NotifyReadiness(); err != nil { + caddy.Log().Error("unable to notify readiness to service manager", zap.Error(err)) + } + select {} } @@ -291,6 +295,15 @@ func cmdReload(fl Flags) (int, error) { reloadCmdConfigAdapterFlag := fl.String("adapter") reloadCmdAddrFlag := fl.String("address") + if err := NotifyReloading(); err != nil { + caddy.Log().Error("unable to notify reloading to service manager", zap.Error(err)) + } + defer func() { + if err := NotifyReadiness(); err != nil { + caddy.Log().Error("unable to notify readiness to service manager", zap.Error(err)) + } + }() + // get the config in caddy's native format config, configFile, err := loadConfig(reloadCmdConfigFlag, reloadCmdConfigAdapterFlag) if err != nil { diff --git a/cmd/notify.go b/cmd/notify.go new file mode 100644 index 00000000..920f2a25 --- /dev/null +++ b/cmd/notify.go @@ -0,0 +1,23 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package caddycmd + +func NotifyReadiness() error { + return notifyReadiness() +} + +func NotifyReloading() error { + return notifyReloading() +} diff --git a/cmd/notify_linux.go b/cmd/notify_linux.go new file mode 100644 index 00000000..924c00f6 --- /dev/null +++ b/cmd/notify_linux.go @@ -0,0 +1,68 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package caddycmd + +import ( + "io" + "net" + "os" + "strings" +) + +// The documentation about this IPC protocol is available here: +// https://www.freedesktop.org/software/systemd/man/sd_notify.html + +func sdNotify(path, payload string) error { + socketAddr := &net.UnixAddr{ + Name: path, + Net: "unixgram", + } + + conn, err := net.DialUnix(socketAddr.Net, nil, socketAddr) + if err != nil { + return err + } + defer conn.Close() + + if _, err := io.Copy(conn, strings.NewReader(payload)); err != nil { + return err + } + return nil +} + +// notifyReadiness notifies systemd caddy that has finished its +// initialization routines. +func notifyReadiness() error { + val, ok := os.LookupEnv("NOTIFY_SOCKET") + if !ok || val == "" { + return nil + } + if err := sdNotify(val, "READY=1"); err != nil { + return err + } + return nil +} + +// notifyReadiness notifies systemd that caddy is reloading its config. +func notifyReloading() error { + val, ok := os.LookupEnv("NOTIFY_SOCKET") + if !ok || val == "" { + return nil + } + if err := sdNotify(val, "RELOADING=1"); err != nil { + return err + } + return nil +} diff --git a/cmd/notify_other.go b/cmd/notify_other.go new file mode 100644 index 00000000..4425ed77 --- /dev/null +++ b/cmd/notify_other.go @@ -0,0 +1,25 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// +build !linux + +package caddycmd + +func notifyReadiness() error { + return nil +} + +func notifyReloading() error { + return nil +} From f0c0f38ba57ec7f01839a811d29cb9c5187ad726 Mon Sep 17 00:00:00 2001 From: Sven Dowideit Date: Thu, 14 Jan 2021 11:30:49 +1000 Subject: [PATCH 0293/1498] tests: use actual admin port value in error message (#3973) Signed-off-by: Sven Dowideit --- caddytest/caddytest.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/caddytest/caddytest.go b/caddytest/caddytest.go index 4076bd5a..c4c26876 100644 --- a/caddytest/caddytest.go +++ b/caddytest/caddytest.go @@ -223,7 +223,7 @@ func isCaddyAdminRunning() error { } resp, err := client.Get(fmt.Sprintf("http://localhost:%d/config/", Default.AdminPort)) if err != nil { - return errors.New("caddy integration test caddy server not running. Expected to be listening on localhost:2019") + return fmt.Errorf("caddy integration test caddy server not running. Expected to be listening on localhost:%d", Default.AdminPort) } resp.Body.Close() From 58e83a811bce9a4f2bad0c3460939c54848becdf Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Sat, 16 Jan 2021 09:56:06 -0700 Subject: [PATCH 0294/1498] map: Add missing json struct tag --- modules/caddyhttp/map/map.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/caddyhttp/map/map.go b/modules/caddyhttp/map/map.go index bfb21154..e193f203 100644 --- a/modules/caddyhttp/map/map.go +++ b/modules/caddyhttp/map/map.go @@ -48,7 +48,7 @@ type Handler struct { // If no mappings match or if the mapped output is null/nil, the associated // default output will be applied (optional). - Defaults []string + Defaults []string `json:"defaults,omitempty"` } // CaddyModule returns the Caddy module information. From 8f6f9865d49d044e2fdc5e97bb0cc4fac155162e Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Sat, 16 Jan 2021 12:52:33 -0700 Subject: [PATCH 0295/1498] cmd: Print more detailed version with --environ --- cmd/commandfuncs.go | 14 +------------- cmd/main.go | 21 ++++++++++++++++++++- 2 files changed, 21 insertions(+), 14 deletions(-) diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go index 1ee7dd87..bf24c240 100644 --- a/cmd/commandfuncs.go +++ b/cmd/commandfuncs.go @@ -336,19 +336,7 @@ func cmdReload(fl Flags) (int, error) { } func cmdVersion(_ Flags) (int, error) { - goModule := caddy.GoModule() - fmt.Print(goModule.Version) - if goModule.Sum != "" { - // a build with a known version will also have a checksum - fmt.Printf(" %s", goModule.Sum) - } - if goModule.Replace != nil { - fmt.Printf(" => %s", goModule.Replace.Path) - if goModule.Replace.Version != "" { - fmt.Printf(" %s", goModule.Replace.Version) - } - } - fmt.Println() + fmt.Println(caddyVersion()) return caddy.ExitCodeSuccess, nil } diff --git a/cmd/main.go b/cmd/main.go index 2dfb8677..56434319 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -415,7 +415,7 @@ func printEnvironment() { fmt.Printf("caddy.AppDataDir=%s\n", caddy.AppDataDir()) fmt.Printf("caddy.AppConfigDir=%s\n", caddy.AppConfigDir()) fmt.Printf("caddy.ConfigAutosavePath=%s\n", caddy.ConfigAutosavePath) - fmt.Printf("caddy.Version=%s\n", caddy.GoModule().Version) + fmt.Printf("caddy.Version=%s\n", caddyVersion()) fmt.Printf("runtime.GOOS=%s\n", runtime.GOOS) fmt.Printf("runtime.GOARCH=%s\n", runtime.GOARCH) fmt.Printf("runtime.Compiler=%s\n", runtime.Compiler) @@ -432,6 +432,25 @@ func printEnvironment() { } } +// caddyVersion returns a detailed version string, if available. +func caddyVersion() string { + goModule := caddy.GoModule() + ver := goModule.Version + if goModule.Sum != "" { + ver += " " + goModule.Sum + } + if goModule.Replace != nil { + ver += " => " + goModule.Replace.Path + if goModule.Replace.Version != "" { + ver += "@" + goModule.Replace.Version + } + if goModule.Replace.Sum != "" { + ver += " " + goModule.Replace.Sum + } + } + return ver +} + // moveStorage moves the old default dataDir to the new default dataDir. // TODO: This is TEMPORARY until the release candidates. func moveStorage() { From d68cff8eb6211be10fc79d3e8d469562420b78cd Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 19 Jan 2021 14:16:06 -0700 Subject: [PATCH 0296/1498] httpcaddyfile: Skip TLS APs for HTTP-only hosts (fix #3977) This is probably an invasive change, but existing tests continue to pass. It seems to make sense this way. There is likely an edge case I haven't considered. --- caddyconfig/httpcaddyfile/httptype.go | 44 +++++++++++++----- caddyconfig/httpcaddyfile/tlsapp.go | 9 ++++ .../caddyfile_adapt/http_only_hostnames.txt | 45 +++++++++++++++++++ 3 files changed, 88 insertions(+), 10 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/http_only_hostnames.txt diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index f16a0dfb..c6225df2 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -409,7 +409,7 @@ func (st *ServerType) serversFromPairings( var iLongestHost, jLongestHost string var iWildcardHost, jWildcardHost bool for _, addr := range p.serverBlocks[i].keys { - if strings.Contains(addr.Host, "*.") { + if strings.Contains(addr.Host, "*") { iWildcardHost = true } if specificity(addr.Host) > specificity(iLongestHost) { @@ -420,7 +420,7 @@ func (st *ServerType) serversFromPairings( } } for _, addr := range p.serverBlocks[j].keys { - if strings.Contains(addr.Host, "*.") { + if strings.Contains(addr.Host, "*") { jWildcardHost = true } if specificity(addr.Host) > specificity(jLongestHost) { @@ -500,16 +500,20 @@ func (st *ServerType) serversFromPairings( } for _, addr := range sblock.keys { - // exclude any hosts that were defined explicitly with "http://" - // in the key from automated cert management (issue #2998) - if addr.Scheme == "http" && addr.Host != "" { - if srv.AutoHTTPS == nil { - srv.AutoHTTPS = new(caddyhttp.AutoHTTPSConfig) - } - if !sliceContains(srv.AutoHTTPS.Skip, addr.Host) { - srv.AutoHTTPS.Skip = append(srv.AutoHTTPS.Skip, addr.Host) + // if server only uses HTTPS port, auto-HTTPS will not apply + if listenersUseAnyPortOtherThan(srv.Listen, httpPort) { + // exclude any hosts that were defined explicitly with "http://" + // in the key from automated cert management (issue #2998) + if addr.Scheme == "http" && addr.Host != "" { + if srv.AutoHTTPS == nil { + srv.AutoHTTPS = new(caddyhttp.AutoHTTPSConfig) + } + if !sliceContains(srv.AutoHTTPS.Skip, addr.Host) { + srv.AutoHTTPS.Skip = append(srv.AutoHTTPS.Skip, addr.Host) + } } } + // we'll need to remember if the address qualifies for auto-HTTPS, so we // can add a TLS conn policy if necessary if addr.Scheme == "https" || @@ -1183,6 +1187,26 @@ func sliceContains(haystack []string, needle string) bool { return false } +// listenersUseAnyPortOtherThan returns true if there are any +// listeners in addresses that use a port which is not otherPort. +// Mostly borrowed from unexported method in caddyhttp package. +func listenersUseAnyPortOtherThan(addresses []string, otherPort string) bool { + otherPortInt, err := strconv.Atoi(otherPort) + if err != nil { + return false + } + for _, lnAddr := range addresses { + laddrs, err := caddy.ParseNetworkAddress(lnAddr) + if err != nil { + continue + } + if uint(otherPortInt) > laddrs.EndPort || uint(otherPortInt) < laddrs.StartPort { + return true + } + } + return false +} + // specificity returns len(s) minus any wildcards (*) and // placeholders ({...}). Basically, it's a length count // that penalizes the use of wildcards and placeholders. diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index 10b5e7d5..dbf3cc71 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -40,6 +40,10 @@ func (st ServerType) buildTLSApp( tlsApp := &caddytls.TLS{CertificatesRaw: make(caddy.ModuleMap)} var certLoaders []caddytls.CertificateLoader + httpPort := strconv.Itoa(caddyhttp.DefaultHTTPPort) + if hp, ok := options["http_port"].(int); ok { + httpPort = strconv.Itoa(hp) + } httpsPort := strconv.Itoa(caddyhttp.DefaultHTTPSPort) if hsp, ok := options["https_port"].(int); ok { httpsPort = strconv.Itoa(hsp) @@ -91,6 +95,11 @@ func (st ServerType) buildTLSApp( } for _, p := range pairings { + // avoid setting up TLS automation policies for a server that is HTTP-only + if !listenersUseAnyPortOtherThan(p.addresses, httpPort) { + continue + } + for _, sblock := range p.serverBlocks { // get values that populate an automation policy for this block ap, err := newBaseAutomationPolicy(options, warnings, true) diff --git a/caddytest/integration/caddyfile_adapt/http_only_hostnames.txt b/caddytest/integration/caddyfile_adapt/http_only_hostnames.txt new file mode 100644 index 00000000..d867e166 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/http_only_hostnames.txt @@ -0,0 +1,45 @@ +# https://github.com/caddyserver/caddy/issues/3977 +http://* { + respond "Hello, world!" +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":80" + ], + "routes": [ + { + "match": [ + { + "host": [ + "*" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "body": "Hello, world!", + "handler": "static_response" + } + ] + } + ] + } + ], + "terminal": true + } + ] + } + } + } + } +} \ No newline at end of file From 160d19999982c4facd32c4bddced5a7dc91e8a40 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 19 Jan 2021 14:21:11 -0700 Subject: [PATCH 0297/1498] caddytest: Update Caddyfile tests for formatting, HTTP-only blocks Previous commit improved the Caddyfile adapter so it doesn't unnecessarily add names to "skip" in "auto_https" when the server is already HTTP-only. This commit updates the tests to reflect that change, while also fixing the Caddyfile formatting in many of the tests. We also print the line number of the divergence between input and formatted version in Caddyfile adapt warnings - very useful for finding initial formatting problems. --- caddyconfig/caddyfile/adapter.go | 36 +++++++-- caddytest/caddytest.go | 6 +- .../caddyfile_adapt/global_options_acme.txt | 2 +- .../global_server_options_multi.txt | 9 +-- .../global_server_options_single.txt | 2 +- .../integration/caddyfile_adapt/header.txt | 2 +- .../caddyfile_adapt/http_only_on_domain.txt | 7 +- .../caddyfile_adapt/matchers_in_route.txt | 12 +-- .../php_fastcgi_subdirectives.txt | 16 ++-- .../caddyfile_adapt/request_body.txt | 3 +- ...reverse_proxy_empty_non_http_transport.txt | 2 +- .../reverse_proxy_h2c_shorthand.txt | 74 +++++++++---------- .../tls_automation_policies_2.txt | 8 +- .../tls_client_auth_cert_file.txt | 2 +- .../tls_client_auth_inline_cert.txt | 4 +- .../tls_conn_policy_consolidate.txt | 7 +- caddytest/integration/caddyfile_adapt_test.go | 5 +- cmd/commandfuncs.go | 6 +- 18 files changed, 103 insertions(+), 100 deletions(-) diff --git a/caddyconfig/caddyfile/adapter.go b/caddyconfig/caddyfile/adapter.go index 185816b8..7f5ebc5f 100644 --- a/caddyconfig/caddyfile/adapter.go +++ b/caddyconfig/caddyfile/adapter.go @@ -53,13 +53,9 @@ func (a Adapter) Adapt(body []byte, options map[string]interface{}) ([]byte, []c } // lint check: see if input was properly formatted; sometimes messy files files parse - // successfully but result in logical errors because the Caddyfile is a bad format - // TODO: also perform this check on imported files - if !bytes.Equal(Format(body), body) { - warnings = append(warnings, caddyconfig.Warning{ - File: filename, - Message: "file is not formatted with 'caddy fmt'", - }) + // successfully but result in logical errors (the Caddyfile is a bad format, I'm sorry) + if warning, different := formattingDifference(filename, body); different { + warnings = append(warnings, warning) } result, err := json.Marshal(cfg) @@ -67,6 +63,32 @@ func (a Adapter) Adapt(body []byte, options map[string]interface{}) ([]byte, []c return result, warnings, err } +// formattingDifference returns a warning and true if the formatted version +// is any different from the input; empty warning and false otherwise. +// TODO: also perform this check on imported files +func formattingDifference(filename string, body []byte) (caddyconfig.Warning, bool) { + formatted := Format(body) + if bytes.Equal(formatted, body) { + return caddyconfig.Warning{}, false + } + + // find where the difference is + line := 1 + for i, ch := range body { + if i >= len(formatted) || ch != formatted[i] { + break + } + if ch == '\n' { + line++ + } + } + return caddyconfig.Warning{ + File: filename, + Line: line, + Message: "input is not formatted with 'caddy fmt'", + }, true +} + // Unmarshaler is a type that can unmarshal // Caddyfile tokens to set itself up for a // JSON encoding. The goal of an unmarshaler diff --git a/caddytest/caddytest.go b/caddytest/caddytest.go index c4c26876..b3896e7a 100644 --- a/caddytest/caddytest.go +++ b/caddytest/caddytest.go @@ -327,7 +327,7 @@ func (tc *Tester) AssertRedirect(requestURI string, expectedToLocation string, e } // CompareAdapt adapts a config and then compares it against an expected result -func CompareAdapt(t *testing.T, rawConfig string, adapterName string, expectedResponse string) bool { +func CompareAdapt(t *testing.T, filename, rawConfig string, adapterName string, expectedResponse string) bool { cfgAdapter := caddyconfig.GetAdapter(adapterName) if cfgAdapter == nil { @@ -353,7 +353,7 @@ func CompareAdapt(t *testing.T, rawConfig string, adapterName string, expectedRe if len(warnings) > 0 { for _, w := range warnings { - t.Logf("warning: directive: %s : %s", w.Directive, w.Message) + t.Logf("warning: %s:%d: %s: %s", filename, w.Line, w.Directive, w.Message) } } @@ -388,7 +388,7 @@ func CompareAdapt(t *testing.T, rawConfig string, adapterName string, expectedRe // AssertAdapt adapts a config and then tests it against an expected result func AssertAdapt(t *testing.T, rawConfig string, adapterName string, expectedResponse string) { - ok := CompareAdapt(t, rawConfig, adapterName, expectedResponse) + ok := CompareAdapt(t, "Caddyfile", rawConfig, adapterName, expectedResponse) if !ok { t.Fail() } diff --git a/caddytest/integration/caddyfile_adapt/global_options_acme.txt b/caddytest/integration/caddyfile_adapt/global_options_acme.txt index 0f1d78fd..fb95588a 100644 --- a/caddytest/integration/caddyfile_adapt/global_options_acme.txt +++ b/caddytest/integration/caddyfile_adapt/global_options_acme.txt @@ -9,7 +9,7 @@ } acme_ca https://example.com acme_eab { - key_id 4K2scIVbBpNd-78scadB2g + key_id 4K2scIVbBpNd-78scadB2g mac_key abcdefghijklmnopqrstuvwx-abcdefghijklnopqrstuvwxyz12ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefgh } acme_ca_root /path/to/ca.crt diff --git a/caddytest/integration/caddyfile_adapt/global_server_options_multi.txt b/caddytest/integration/caddyfile_adapt/global_server_options_multi.txt index 653eee53..90c02e5e 100644 --- a/caddytest/integration/caddyfile_adapt/global_server_options_multi.txt +++ b/caddytest/integration/caddyfile_adapt/global_server_options_multi.txt @@ -16,7 +16,7 @@ } } -foo.com { +foo.com { } http://bar.com { @@ -64,12 +64,7 @@ http://bar.com { ], "terminal": true } - ], - "automatic_https": { - "skip": [ - "bar.com" - ] - } + ] }, "srv2": { "listen": [ diff --git a/caddytest/integration/caddyfile_adapt/global_server_options_single.txt b/caddytest/integration/caddyfile_adapt/global_server_options_single.txt index 5a5c64cd..d81d0323 100644 --- a/caddytest/integration/caddyfile_adapt/global_server_options_single.txt +++ b/caddytest/integration/caddyfile_adapt/global_server_options_single.txt @@ -18,7 +18,7 @@ } } -foo.com { +foo.com { } ---------- diff --git a/caddytest/integration/caddyfile_adapt/header.txt b/caddytest/integration/caddyfile_adapt/header.txt index 19a5b41a..223839ef 100644 --- a/caddytest/integration/caddyfile_adapt/header.txt +++ b/caddytest/integration/caddyfile_adapt/header.txt @@ -4,7 +4,7 @@ header ?John "von Neumann" header -Wolfram header { - Grace: "Hopper" # some users habitually suffix field names with a colon + Grace: "Hopper" # some users habitually suffix field names with a colon +Ray "Solomonoff" ?Tim "Berners-Lee" defer diff --git a/caddytest/integration/caddyfile_adapt/http_only_on_domain.txt b/caddytest/integration/caddyfile_adapt/http_only_on_domain.txt index 83e77598..d2792423 100644 --- a/caddytest/integration/caddyfile_adapt/http_only_on_domain.txt +++ b/caddytest/integration/caddyfile_adapt/http_only_on_domain.txt @@ -46,12 +46,7 @@ http://a.caddy.localhost { ], "terminal": true } - ], - "automatic_https": { - "skip": [ - "a.caddy.localhost" - ] - } + ] } } } diff --git a/caddytest/integration/caddyfile_adapt/matchers_in_route.txt b/caddytest/integration/caddyfile_adapt/matchers_in_route.txt index 01609b03..8c587b59 100644 --- a/caddytest/integration/caddyfile_adapt/matchers_in_route.txt +++ b/caddytest/integration/caddyfile_adapt/matchers_in_route.txt @@ -1,10 +1,10 @@ :80 { - route { - # unused matchers should not panic - # see https://github.com/caddyserver/caddy/issues/3745 - @matcher1 path /path1 - @matcher2 path /path2 - } + route { + # unused matchers should not panic + # see https://github.com/caddyserver/caddy/issues/3745 + @matcher1 path /path1 + @matcher2 path /path2 + } } ---------- { diff --git a/caddytest/integration/caddyfile_adapt/php_fastcgi_subdirectives.txt b/caddytest/integration/caddyfile_adapt/php_fastcgi_subdirectives.txt index 6733a9e2..90d1633b 100644 --- a/caddytest/integration/caddyfile_adapt/php_fastcgi_subdirectives.txt +++ b/caddytest/integration/caddyfile_adapt/php_fastcgi_subdirectives.txt @@ -1,15 +1,15 @@ :8884 php_fastcgi localhost:9000 { - # some php_fastcgi-specific subdirectives - split .php .php5 - env VAR1 value1 - env VAR2 value2 - root /var/www - index index.php5 + # some php_fastcgi-specific subdirectives + split .php .php5 + env VAR1 value1 + env VAR2 value2 + root /var/www + index index.php5 - # passed through to reverse_proxy (directive order doesn't matter!) - lb_policy random + # passed through to reverse_proxy (directive order doesn't matter!) + lb_policy random } ---------- { diff --git a/caddytest/integration/caddyfile_adapt/request_body.txt b/caddytest/integration/caddyfile_adapt/request_body.txt index 458b7392..1e4fd471 100644 --- a/caddytest/integration/caddyfile_adapt/request_body.txt +++ b/caddytest/integration/caddyfile_adapt/request_body.txt @@ -1,6 +1,7 @@ localhost + request_body { - max_size 1MB + max_size 1MB } ---------- { diff --git a/caddytest/integration/caddyfile_adapt/reverse_proxy_empty_non_http_transport.txt b/caddytest/integration/caddyfile_adapt/reverse_proxy_empty_non_http_transport.txt index b2618033..bcbe29b6 100644 --- a/caddytest/integration/caddyfile_adapt/reverse_proxy_empty_non_http_transport.txt +++ b/caddytest/integration/caddyfile_adapt/reverse_proxy_empty_non_http_transport.txt @@ -1,7 +1,7 @@ :8884 reverse_proxy 127.0.0.1:65535 { - transport fastcgi + transport fastcgi } ---------- { diff --git a/caddytest/integration/caddyfile_adapt/reverse_proxy_h2c_shorthand.txt b/caddytest/integration/caddyfile_adapt/reverse_proxy_h2c_shorthand.txt index 94f22086..75ce9607 100644 --- a/caddytest/integration/caddyfile_adapt/reverse_proxy_h2c_shorthand.txt +++ b/caddytest/integration/caddyfile_adapt/reverse_proxy_h2c_shorthand.txt @@ -1,38 +1,38 @@ -:8884 - -reverse_proxy h2c://localhost:8080 ----------- -{ - "apps": { - "http": { - "servers": { - "srv0": { - "listen": [ - ":8884" - ], - "routes": [ - { - "handle": [ - { - "handler": "reverse_proxy", - "transport": { - "protocol": "http", - "versions": [ - "h2c", - "2" - ] - }, - "upstreams": [ - { - "dial": "localhost:8080" - } - ] - } - ] - } - ] - } - } - } - } +:8884 + +reverse_proxy h2c://localhost:8080 +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":8884" + ], + "routes": [ + { + "handle": [ + { + "handler": "reverse_proxy", + "transport": { + "protocol": "http", + "versions": [ + "h2c", + "2" + ] + }, + "upstreams": [ + { + "dial": "localhost:8080" + } + ] + } + ] + } + ] + } + } + } + } } \ No newline at end of file diff --git a/caddytest/integration/caddyfile_adapt/tls_automation_policies_2.txt b/caddytest/integration/caddyfile_adapt/tls_automation_policies_2.txt index 9be0a19a..17196ec0 100644 --- a/caddytest/integration/caddyfile_adapt/tls_automation_policies_2.txt +++ b/caddytest/integration/caddyfile_adapt/tls_automation_policies_2.txt @@ -1,5 +1,4 @@ # issue #3953 - { cert_issuer zerossl api_key } @@ -58,12 +57,7 @@ http://example.net { ], "terminal": true } - ], - "automatic_https": { - "skip": [ - "example.net" - ] - } + ] } } }, diff --git a/caddytest/integration/caddyfile_adapt/tls_client_auth_cert_file.txt b/caddytest/integration/caddyfile_adapt/tls_client_auth_cert_file.txt index 1e68a4df..aaa5abff 100644 --- a/caddytest/integration/caddyfile_adapt/tls_client_auth_cert_file.txt +++ b/caddytest/integration/caddyfile_adapt/tls_client_auth_cert_file.txt @@ -3,7 +3,7 @@ localhost respond "hello from localhost" tls { client_auth { - mode request + mode request trusted_ca_cert_file ../caddy.ca.cer } } diff --git a/caddytest/integration/caddyfile_adapt/tls_client_auth_inline_cert.txt b/caddytest/integration/caddyfile_adapt/tls_client_auth_inline_cert.txt index 028d3b19..4cd45813 100644 --- a/caddytest/integration/caddyfile_adapt/tls_client_auth_inline_cert.txt +++ b/caddytest/integration/caddyfile_adapt/tls_client_auth_inline_cert.txt @@ -3,8 +3,8 @@ localhost respond "hello from localhost" tls { client_auth { - mode request - trusted_ca_cert MIIDSzCCAjOgAwIBAgIUfIRObjWNUA4jxQ/0x8BOCvE2Vw4wDQYJKoZIhvcNAQELBQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMTkwODI4MTYyNTU5WhcNMjkwODI1MTYyNTU5WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK5m5elxhQfMp/3aVJ4JnpN9PUSz6LlP6LePAPFU7gqohVVFVtDkChJAG3FNkNQNlieVTja/bgH9IcC6oKbROwdY1h0MvNV8AHHigvl03WuJD8g2ReVFXXwsnrPmKXCFzQyMI6TYk3m2gYrXsZOU1GLnfMRC3KAMRgE2F45twOs9hqG169YJ6mM2eQjzjCHWI6S2/iUYvYxRkCOlYUbLsMD/AhgAf1plzg6LPqNxtdlwxZnA0ytgkmhK67HtzJu0+ovUCsMv0RwcMhsEo9T8nyFAGt9XLZ63X5WpBCTUApaAUhnG0XnerjmUWb6eUWw4zev54sEfY5F3x002iQaW6cECAwEAAaOBkDCBjTAdBgNVHQ4EFgQU4CBUbZsS2GaNIkGRz/cBsD5ivjswUQYDVR0jBEowSIAU4CBUbZsS2GaNIkGRz/cBsD5ivjuhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghR8hE5uNY1QDiPFD/THwE4K8TZXDjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAKB3V4HIzoiO/Ch6WMj9bLJ2FGbpkMrcb/Eq01hT5zcfKD66lVS1MlK+cRL446Z2b2KDP1oFyVs+qmrmtdwrWgD+nfe2sBmmIHo9m9KygMkEOfG3MghGTEcS+0cTKEcoHYWYyOqQh6jnedXY8Cdm4GM1hAc9MiL3/sqV8YCVSLNnkoNysmr06/rZ0MCUZPGUtRmfd0heWhrfzAKw2HLgX+RAmpOE2MZqWcjvqKGyaRiaZks4nJkP6521aC2Lgp0HhCz1j8/uQ5ldoDszCnu/iro0NAsNtudTMD+YoLQxLqdleIh6CW+illc2VdXwj7mn6J04yns9jfE2jRjW/yTLFuQ== + mode request + trusted_ca_cert MIIDSzCCAjOgAwIBAgIUfIRObjWNUA4jxQ/0x8BOCvE2Vw4wDQYJKoZIhvcNAQELBQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMTkwODI4MTYyNTU5WhcNMjkwODI1MTYyNTU5WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK5m5elxhQfMp/3aVJ4JnpN9PUSz6LlP6LePAPFU7gqohVVFVtDkChJAG3FNkNQNlieVTja/bgH9IcC6oKbROwdY1h0MvNV8AHHigvl03WuJD8g2ReVFXXwsnrPmKXCFzQyMI6TYk3m2gYrXsZOU1GLnfMRC3KAMRgE2F45twOs9hqG169YJ6mM2eQjzjCHWI6S2/iUYvYxRkCOlYUbLsMD/AhgAf1plzg6LPqNxtdlwxZnA0ytgkmhK67HtzJu0+ovUCsMv0RwcMhsEo9T8nyFAGt9XLZ63X5WpBCTUApaAUhnG0XnerjmUWb6eUWw4zev54sEfY5F3x002iQaW6cECAwEAAaOBkDCBjTAdBgNVHQ4EFgQU4CBUbZsS2GaNIkGRz/cBsD5ivjswUQYDVR0jBEowSIAU4CBUbZsS2GaNIkGRz/cBsD5ivjuhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghR8hE5uNY1QDiPFD/THwE4K8TZXDjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAKB3V4HIzoiO/Ch6WMj9bLJ2FGbpkMrcb/Eq01hT5zcfKD66lVS1MlK+cRL446Z2b2KDP1oFyVs+qmrmtdwrWgD+nfe2sBmmIHo9m9KygMkEOfG3MghGTEcS+0cTKEcoHYWYyOqQh6jnedXY8Cdm4GM1hAc9MiL3/sqV8YCVSLNnkoNysmr06/rZ0MCUZPGUtRmfd0heWhrfzAKw2HLgX+RAmpOE2MZqWcjvqKGyaRiaZks4nJkP6521aC2Lgp0HhCz1j8/uQ5ldoDszCnu/iro0NAsNtudTMD+YoLQxLqdleIh6CW+illc2VdXwj7mn6J04yns9jfE2jRjW/yTLFuQ== } } ---------- diff --git a/caddytest/integration/caddyfile_adapt/tls_conn_policy_consolidate.txt b/caddytest/integration/caddyfile_adapt/tls_conn_policy_consolidate.txt index ba6827e0..68e89b0d 100644 --- a/caddytest/integration/caddyfile_adapt/tls_conn_policy_consolidate.txt +++ b/caddytest/integration/caddyfile_adapt/tls_conn_policy_consolidate.txt @@ -75,12 +75,7 @@ http://b.b https://b.b:8443 { ], "terminal": true } - ], - "automatic_https": { - "skip": [ - "b.b" - ] - } + ] }, "srv2": { "listen": [ diff --git a/caddytest/integration/caddyfile_adapt_test.go b/caddytest/integration/caddyfile_adapt_test.go index bfe22ada..8794fe93 100644 --- a/caddytest/integration/caddyfile_adapt_test.go +++ b/caddytest/integration/caddyfile_adapt_test.go @@ -32,14 +32,15 @@ func TestCaddyfileAdaptToJSON(t *testing.T) { } // split the Caddyfile (first) and JSON (second) parts + // (append newline to Caddyfile to match formatter expectations) parts := strings.Split(string(data), "----------") - caddyfile, json := strings.TrimSpace(parts[0]), strings.TrimSpace(parts[1]) + caddyfile, json := strings.TrimSpace(parts[0])+"\n", strings.TrimSpace(parts[1]) // replace windows newlines in the json with unix newlines json = winNewlines.ReplaceAllString(json, "\n") // run the test - ok := caddytest.CompareAdapt(t, caddyfile, "caddyfile", json) + ok := caddytest.CompareAdapt(t, filename, caddyfile, "caddyfile", json) if !ok { t.Errorf("failed to adapt %s", filename) } diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go index bf24c240..3bf4b8df 100644 --- a/cmd/commandfuncs.go +++ b/cmd/commandfuncs.go @@ -529,6 +529,9 @@ func cmdAdaptConfig(fl Flags) (int, error) { adaptedConfig = prettyBuf.Bytes() } + // print result to stdout + fmt.Println(string(adaptedConfig)) + // print warnings to stderr for _, warn := range warnings { msg := warn.Message @@ -538,9 +541,6 @@ func cmdAdaptConfig(fl Flags) (int, error) { fmt.Fprintf(os.Stderr, "[WARNING][%s] %s:%d: %s\n", adaptCmdAdapterFlag, warn.File, warn.Line, msg) } - // print result to stdout - fmt.Println(string(adaptedConfig)) - // validate output if requested if adaptCmdValidateFlag { var cfg *caddy.Config From 1ac6351705e06316d261d2d1cc926ce33d6f23b4 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 11 Jan 2021 13:35:12 -0700 Subject: [PATCH 0298/1498] Revert "requestbody: Allow overwriting remote address" This reverts commit 0bf2046da7f2f5bf1b7d9fa055ae28de9a06ddaf. No actual use case. --- modules/caddyhttp/requestbody/requestbody.go | 9 --------- 1 file changed, 9 deletions(-) diff --git a/modules/caddyhttp/requestbody/requestbody.go b/modules/caddyhttp/requestbody/requestbody.go index 35aa1af1..76cd2743 100644 --- a/modules/caddyhttp/requestbody/requestbody.go +++ b/modules/caddyhttp/requestbody/requestbody.go @@ -29,11 +29,6 @@ func init() { type RequestBody struct { // The maximum number of bytes to allow reading from the body by a later handler. MaxSize int64 `json:"max_size,omitempty"` - - // Overwrites the remote address from which the request came. This is destructive; - // handlers later in the chain will not be able to recover the true originating - // address of the request. EXPERIMENTAL: May get changed or removed later. - RemoteAddress string `json:"remote_address,omitempty"` } // CaddyModule returns the Caddy module information. @@ -45,10 +40,6 @@ func (RequestBody) CaddyModule() caddy.ModuleInfo { } func (rb RequestBody) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhttp.Handler) error { - if rb.RemoteAddress != "" { - repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) - r.RemoteAddr = repl.ReplaceAll(rb.RemoteAddress, "") - } if r.Body == nil { return next.ServeHTTP(w, r) } From 3366384d9347447632ac334ffbbe35fb18738b90 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Tue, 19 Jan 2021 18:45:49 -0700 Subject: [PATCH 0299/1498] caddycmd: Add upgrade command (#3972) Replaces the current Caddy executable with a new one from the build server. Honors custom builds, as long as plugins are registered on the Caddy website. Requires permissions to replace current executable, of course. This is an experimental command that may get changed or removed later. --- cmd/commandfuncs.go | 247 +++++++++++++++++++++++++++++++++++--------- cmd/commands.go | 9 ++ cmd/notify.go | 2 + 3 files changed, 208 insertions(+), 50 deletions(-) diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go index 3bf4b8df..9640f4bc 100644 --- a/cmd/commandfuncs.go +++ b/cmd/commandfuncs.go @@ -25,6 +25,7 @@ import ( "log" "net" "net/http" + "net/url" "os" "os/exec" "reflect" @@ -364,11 +365,6 @@ func cmdListModules(fl Flags) (int, error) { packages := fl.Bool("packages") versions := fl.Bool("versions") - type moduleInfo struct { - caddyModuleID string - goModule *debug.Module - err error - } printModuleInfo := func(mi moduleInfo) { fmt.Print(mi.caddyModuleID) if versions && mi.goModule != nil { @@ -387,10 +383,8 @@ func cmdListModules(fl Flags) (int, error) { } // organize modules by whether they come with the standard distribution - var standard, nonstandard, unknown []moduleInfo - - bi, ok := debug.ReadBuildInfo() - if !ok { + standard, nonstandard, unknown, err := getModules() + if err != nil { // oh well, just print the module IDs and exit for _, m := range caddy.Modules() { fmt.Println(m) @@ -398,47 +392,6 @@ func cmdListModules(fl Flags) (int, error) { return caddy.ExitCodeSuccess, nil } - for _, modID := range caddy.Modules() { - modInfo, err := caddy.GetModule(modID) - if err != nil { - // that's weird, shouldn't happen - unknown = append(unknown, moduleInfo{caddyModuleID: modID, err: err}) - continue - } - - // to get the Caddy plugin's version info, we need to know - // the package that the Caddy module's value comes from; we - // can use reflection but we need a non-pointer value (I'm - // not sure why), and since New() should return a pointer - // value, we need to dereference it first - iface := interface{}(modInfo.New()) - if rv := reflect.ValueOf(iface); rv.Kind() == reflect.Ptr { - iface = reflect.New(reflect.TypeOf(iface).Elem()).Elem().Interface() - } - modPkgPath := reflect.TypeOf(iface).PkgPath() - - // now we find the Go module that the Caddy module's package - // belongs to; we assume the Caddy module package path will - // be prefixed by its Go module path, and we will choose the - // longest matching prefix in case there are nested modules - var matched *debug.Module - for _, dep := range bi.Deps { - if strings.HasPrefix(modPkgPath, dep.Path) { - if matched == nil || len(dep.Path) > len(matched.Path) { - matched = dep - } - } - } - - caddyModGoMod := moduleInfo{caddyModuleID: modID, goModule: matched} - - if strings.HasPrefix(modPkgPath, caddy.ImportPath) { - standard = append(standard, caddyModGoMod) - } else { - nonstandard = append(nonstandard, caddyModGoMod) - } - } - if len(standard) > 0 { for _, mod := range standard { printModuleInfo(mod) @@ -619,6 +572,144 @@ func cmdFmt(fl Flags) (int, error) { return caddy.ExitCodeSuccess, nil } +func cmdUpgrade(_ Flags) (int, error) { + l := caddy.Log() + + thisExecPath, err := os.Executable() + if err != nil { + return caddy.ExitCodeFailedStartup, fmt.Errorf("determining current executable path: %v", err) + } + l.Info("this executable will be replaced", zap.String("path", thisExecPath)) + + // get the list of nonstandard plugins + _, nonstandard, _, err := getModules() + if err != nil { + return caddy.ExitCodeFailedStartup, fmt.Errorf("unable to enumerate installed plugins: %v", err) + } + pluginPkgs := make(map[string]struct{}) + for _, mod := range nonstandard { + if mod.goModule.Replace != nil { + return caddy.ExitCodeFailedStartup, fmt.Errorf("cannot auto-upgrade when Go module has been replaced: %s => %s", + mod.goModule.Path, mod.goModule.Replace.Path) + } + l.Info("found non-standard module", + zap.String("id", mod.caddyModuleID), + zap.String("package", mod.goModule.Path)) + pluginPkgs[mod.goModule.Path] = struct{}{} + } + + // build the request URL to download this custom build + qs := url.Values{ + "os": {runtime.GOOS}, + "arch": {runtime.GOARCH}, + } + for pkg := range pluginPkgs { + qs.Add("p", pkg) + } + urlStr := fmt.Sprintf("https://caddyserver.com/api/download?%s", qs.Encode()) + + // initiate the build + l.Info("requesting build", + zap.String("os", qs.Get("os")), + zap.String("arch", qs.Get("arch")), + zap.Strings("packages", qs["p"])) + resp, err := http.Get(urlStr) + if err != nil { + return caddy.ExitCodeFailedStartup, fmt.Errorf("secure request failed: %v", err) + } + defer resp.Body.Close() + if resp.StatusCode >= 400 { + var details struct { + StatusCode int `json:"status_code"` + Error struct { + Message string `json:"message"` + ID string `json:"id"` + } `json:"error"` + } + err2 := json.NewDecoder(resp.Body).Decode(&details) + if err2 != nil { + return caddy.ExitCodeFailedStartup, fmt.Errorf("download and error decoding failed: HTTP %d: %v", resp.StatusCode, err2) + } + return caddy.ExitCodeFailedStartup, fmt.Errorf("download failed: HTTP %d: %s (id=%s)", resp.StatusCode, details.Error.Message, details.Error.ID) + } + + // back up the current binary, in case something goes wrong we can replace it + backupExecPath := thisExecPath + ".tmp" + l.Info("build acquired; backing up current executable", + zap.String("current_path", thisExecPath), + zap.String("backup_path", backupExecPath)) + err = os.Rename(thisExecPath, backupExecPath) + if err != nil { + return caddy.ExitCodeFailedStartup, fmt.Errorf("backing up current binary: %v", err) + } + defer func() { + if err != nil { + err2 := os.Rename(backupExecPath, thisExecPath) + if err2 != nil { + l.Error("restoring original executable failed; will need to be restored manually", + zap.String("backup_path", backupExecPath), + zap.String("original_path", thisExecPath), + zap.Error(err2)) + } + } + }() + + // download the file; do this in a closure to close reliably before we execute it + writeFile := func() error { + destFile, err := os.OpenFile(thisExecPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0770) + if err != nil { + return fmt.Errorf("unable to open destination file: %v", err) + } + defer destFile.Close() + + l.Info("downloading binary", zap.String("source", urlStr), zap.String("destination", thisExecPath)) + _, err = io.Copy(destFile, resp.Body) + if err != nil { + return fmt.Errorf("unable to download file: %v", err) + } + + err = destFile.Sync() + if err != nil { + return fmt.Errorf("syncing downloaded file to device: %v", err) + } + + return nil + } + err = writeFile() + if err != nil { + return caddy.ExitCodeFailedStartup, err + } + + // use the new binary to print out version and module info + fmt.Print("\nModule versions:\n\n") + cmd := exec.Command(thisExecPath, "list-modules", "--versions") + cmd.Stdout = os.Stdout + cmd.Stderr = os.Stderr + err = cmd.Run() + if err != nil { + return caddy.ExitCodeFailedStartup, fmt.Errorf("download succeeded, but unable to execute: %v", err) + } + fmt.Println("\nVersion:") + cmd = exec.Command(thisExecPath, "version") + cmd.Stdout = os.Stdout + cmd.Stderr = os.Stderr + err = cmd.Run() + if err != nil { + return caddy.ExitCodeFailedStartup, fmt.Errorf("download succeeded, but unable to execute: %v", err) + } + fmt.Println() + + // clean up the backup file + err = os.Remove(backupExecPath) + if err != nil { + return caddy.ExitCodeFailedStartup, fmt.Errorf("download succeeded, but unable to clean up backup binary: %v", err) + } + + l.Info("upgrade successful; please restart any running Caddy instances", zap.String("executable", thisExecPath)) + + return caddy.ExitCodeSuccess, nil +} + func cmdHelp(fl Flags) (int, error) { const fullDocs = `Full documentation is available at: https://caddyserver.com/docs/command-line` @@ -683,6 +774,56 @@ commands: return caddy.ExitCodeSuccess, nil } +func getModules() (standard, nonstandard, unknown []moduleInfo, err error) { + bi, ok := debug.ReadBuildInfo() + if !ok { + err = fmt.Errorf("no build info") + return + } + + for _, modID := range caddy.Modules() { + modInfo, err := caddy.GetModule(modID) + if err != nil { + // that's weird, shouldn't happen + unknown = append(unknown, moduleInfo{caddyModuleID: modID, err: err}) + continue + } + + // to get the Caddy plugin's version info, we need to know + // the package that the Caddy module's value comes from; we + // can use reflection but we need a non-pointer value (I'm + // not sure why), and since New() should return a pointer + // value, we need to dereference it first + iface := interface{}(modInfo.New()) + if rv := reflect.ValueOf(iface); rv.Kind() == reflect.Ptr { + iface = reflect.New(reflect.TypeOf(iface).Elem()).Elem().Interface() + } + modPkgPath := reflect.TypeOf(iface).PkgPath() + + // now we find the Go module that the Caddy module's package + // belongs to; we assume the Caddy module package path will + // be prefixed by its Go module path, and we will choose the + // longest matching prefix in case there are nested modules + var matched *debug.Module + for _, dep := range bi.Deps { + if strings.HasPrefix(modPkgPath, dep.Path) { + if matched == nil || len(dep.Path) > len(matched.Path) { + matched = dep + } + } + } + + caddyModGoMod := moduleInfo{caddyModuleID: modID, goModule: matched} + + if strings.HasPrefix(modPkgPath, caddy.ImportPath) { + standard = append(standard, caddyModGoMod) + } else { + nonstandard = append(nonstandard, caddyModGoMod) + } + } + return +} + // apiRequest makes an API request to the endpoint adminAddr with the // given HTTP method and request URI. If body is non-nil, it will be // assumed to be Content-Type application/json. @@ -755,3 +896,9 @@ func apiRequest(adminAddr, method, uri string, body io.Reader) error { return nil } + +type moduleInfo struct { + caddyModuleID string + goModule *debug.Module + err error +} diff --git a/cmd/commands.go b/cmd/commands.go index e4a2b918..17651940 100644 --- a/cmd/commands.go +++ b/cmd/commands.go @@ -277,6 +277,15 @@ is always printed to stdout.`, }(), }) + RegisterCommand(Command{ + Name: "upgrade", + Func: cmdUpgrade, + Short: "Upgrade Caddy (EXPERIMENTAL)", + Long: ` +Downloads an updated Caddy binary with the same modules/plugins at the +latest versions. EXPERIMENTAL: May be changed or removed.`, + }) + } // RegisterCommand registers the command cmd. diff --git a/cmd/notify.go b/cmd/notify.go index 920f2a25..21e0e69c 100644 --- a/cmd/notify.go +++ b/cmd/notify.go @@ -14,10 +14,12 @@ package caddycmd +// NotifyReadiness notifies process manager of readiness. func NotifyReadiness() error { return notifyReadiness() } +// NotifyReloading notifies process manager of reloading. func NotifyReloading() error { return notifyReloading() } From ab80ff4fd2911afc394b9dbceeb9f71c7a0b7ec1 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Wed, 27 Jan 2021 16:16:04 -0700 Subject: [PATCH 0300/1498] admin: Identity management, remote admin, config loaders (#3994) This commits dds 3 separate, but very related features: 1. Automated server identity management How do you know you're connecting to the server you think you are? How do you know the server connecting to you is the server instance you think it is? Mutually-authenticated TLS (mTLS) answers both of these questions. Using TLS to authenticate requires a public/private key pair (and the peer must trust the certificate you present to it). Fortunately, Caddy is really good at managing certificates by now. We tap into that power to make it possible for Caddy to obtain and renew its own identity credentials, or in other words, a certificate that can be used for both server verification when clients connect to it, and client verification when it connects to other servers. Its associated private key is essentially its identity, and TLS takes care of possession proofs. This configuration is simply a list of identifiers and an optional list of custom certificate issuers. Identifiers are things like IP addresses or DNS names that can be used to access the Caddy instance. The default issuers are ZeroSSL and Let's Encrypt, but these are public CAs, so they won't issue certs for private identifiers. Caddy will simply manage credentials for these, which other parts of Caddy can use, for example: remote administration or dynamic config loading (described below). 2. Remote administration over secure connection This feature adds generic remote admin functionality that is safe to expose on a public interface. - The "remote" (or "secure") endpoint is optional. It does not affect the standard/local/plaintext endpoint. - It's the same as the [API endpoint on localhost:2019](https://caddyserver.com/docs/api), but over TLS. - TLS cannot be disabled on this endpoint. - TLS mutual auth is required, and cannot be disabled. - The server's certificate _must_ be obtained and renewed via automated means, such as ACME. It cannot be manually loaded. - The TLS server takes care of verifying the client. - The admin handler takes care of application-layer permissions (methods and paths that each client is allowed to use).\ - Sensible defaults are still WIP. - Config fields subject to change/renaming. 3. Dyanmic config loading at startup Since this feature was planned in tandem with remote admin, and depends on its changes, I am combining them into one PR. Dynamic config loading is where you tell Caddy how to load its config, and then it loads and runs that. First, it will load the config you give it (and persist that so it can be optionally resumed later). Then, it will try pulling its _actual_ config using the module you've specified (dynamically loaded configs are _not_ persisted to storage, since resuming them doesn't make sense). This PR comes with a standard config loader module called `caddy.config_loaders.http`. Caddyfile config for all of this can probably be added later. COMMITS: * admin: Secure socket for remote management Functional, but still WIP. Optional secure socket for the admin endpoint is designed for remote management, i.e. to be exposed on a public port. It enforces TLS mutual authentication which cannot be disabled. The default port for this is :2021. The server certificate cannot be specified manually, it MUST be obtained from a certificate issuer (i.e. ACME). More polish and sensible defaults are still in development. Also cleaned up and consolidated the code related to quitting the process. * Happy lint * Implement dynamic config loading; HTTP config loader module This allows Caddy to load a dynamic config when it starts. Dynamically-loaded configs are intentionally not persisted to storage. Includes an implementation of the standard config loader, HTTPLoader. Can be used to download configs over HTTP(S). * Refactor and cleanup; prevent recursive config pulls Identity management is now separated from remote administration. There is no need to enable remote administration if all you want is identity management, but you will need to configure identity management if you want remote administration. * Fix lint warnings * Rename identities->identifiers for consistency --- admin.go | 563 ++++++++++++++++++++++++++------- caddy.go | 176 +++++++++-- caddyconfig/configadapters.go | 8 + caddyconfig/httploader.go | 151 +++++++++ caddyconfig/load.go | 93 +++--- go.mod | 4 +- go.sum | 12 +- modules/caddytls/acmeissuer.go | 21 +- modules/caddytls/tls.go | 12 + sigtrap.go | 32 +- sigtrap_posix.go | 4 +- 11 files changed, 862 insertions(+), 214 deletions(-) create mode 100644 caddyconfig/httploader.go diff --git a/admin.go b/admin.go index f539b44b..f3336575 100644 --- a/admin.go +++ b/admin.go @@ -17,6 +17,10 @@ package caddy import ( "bytes" "context" + "crypto" + "crypto/tls" + "crypto/x509" + "encoding/base64" "encoding/json" "errors" "expvar" @@ -35,12 +39,11 @@ import ( "sync" "time" + "github.com/caddyserver/certmagic" "github.com/prometheus/client_golang/prometheus" "go.uber.org/zap" ) -// TODO: is there a way to make the admin endpoint so that it can be plugged into the HTTP app? see issue #2833 - // AdminConfig configures Caddy's API endpoint, which is used // to manage Caddy while it is running. type AdminConfig struct { @@ -58,54 +61,131 @@ type AdminConfig struct { // If true, CORS headers will be emitted, and requests to the // API will be rejected if their `Host` and `Origin` headers // do not match the expected value(s). Use `origins` to - // customize which origins/hosts are allowed.If `origins` is + // customize which origins/hosts are allowed. If `origins` is // not set, the listen address is the only value allowed by - // default. + // default. Enforced only on local (plaintext) endpoint. EnforceOrigin bool `json:"enforce_origin,omitempty"` // The list of allowed origins/hosts for API requests. Only needed // if accessing the admin endpoint from a host different from the // socket's network interface or if `enforce_origin` is true. If not // set, the listener address will be the default value. If set but - // empty, no origins will be allowed. + // empty, no origins will be allowed. Enforced only on local + // (plaintext) endpoint. Origins []string `json:"origins,omitempty"` - // Options related to configuration management. + // Options pertaining to configuration management. Config *ConfigSettings `json:"config,omitempty"` + + // Options that establish this server's identity. Identity refers to + // credentials which can be used to uniquely identify and authenticate + // this server instance. This is required if remote administration is + // enabled (but does not require remote administration to be enabled). + // Default: no identity management. + Identity *IdentityConfig `json:"identity,omitempty"` + + // Options pertaining to remote administration. By default, remote + // administration is disabled. If enabled, identity management must + // also be configured, as that is how the endpoint is secured. + // See the neighboring "identity" object. + // + // EXPERIMENTAL: This feature is subject to change. + Remote *RemoteAdmin `json:"remote,omitempty"` } -// ConfigSettings configures the, uh, configuration... and -// management thereof. +// ConfigSettings configures the management of configuration. type ConfigSettings struct { // Whether to keep a copy of the active config on disk. Default is true. + // Note that "pulled" dynamic configs (using the neighboring "load" module) + // are not persisted; only configs that are pushed to Caddy get persisted. Persist *bool `json:"persist,omitempty"` + + // Loads a configuration to use. This is helpful if your configs are + // managed elsewhere, and you want Caddy to pull its config dynamically + // when it starts. The pulled config completely replaces the current + // one, just like any other config load. It is an error if a pulled + // config is configured to pull another config. + // + // EXPERIMENTAL: Subject to change. + LoadRaw json.RawMessage `json:"load,omitempty" caddy:"namespace=caddy.config_loaders inline_key=module"` } -// listenAddr extracts a singular listen address from ac.Listen, -// returning the network and the address of the listener. -func (admin AdminConfig) listenAddr() (NetworkAddress, error) { - input := admin.Listen - if input == "" { - input = DefaultAdminListen - } - listenAddr, err := ParseNetworkAddress(input) - if err != nil { - return NetworkAddress{}, fmt.Errorf("parsing admin listener address: %v", err) - } - if listenAddr.PortRangeSize() != 1 { - return NetworkAddress{}, fmt.Errorf("admin endpoint must have exactly one address; cannot listen on %v", listenAddr) - } - return listenAddr, nil +// IdentityConfig configures management of this server's identity. An identity +// consists of credentials that uniquely verify this instance; for example, +// TLS certificates (public + private key pairs). +type IdentityConfig struct { + // List of names or IP addresses which refer to this server. + // Certificates will be obtained for these identifiers so + // secure TLS connections can be made using them. + Identifiers []string `json:"identifiers,omitempty"` + + // Issuers that can provide this admin endpoint its identity + // certificate(s). Default: ACME issuers configured for + // ZeroSSL and Let's Encrypt. Be sure to change this if you + // require credentials for private identifiers. + IssuersRaw []json.RawMessage `json:"issuers,omitempty" caddy:"namespace=tls.issuance inline_key=module"` + + issuers []certmagic.Issuer +} + +// RemoteAdmin enables and configures remote administration. If enabled, +// a secure listener enforcing mutual TLS authentication will be started +// on a different port from the standard plaintext admin server. +// +// This endpoint is secured using identity management, which must be +// configured separately (because identity management does not depend +// on remote administration). See the admin/identity config struct. +// +// EXPERIMENTAL: Subject to change. +type RemoteAdmin struct { + // The address on which to start the secure listener. + // Default: :2021 + Listen string `json:"listen,omitempty"` + + // List of access controls for this secure admin endpoint. + // This configures TLS mutual authentication (i.e. authorized + // client certificates), but also application-layer permissions + // like which paths and methods each identity is authorized for. + AccessControl []*AdminAccess `json:"access_control,omitempty"` +} + +// AdminAccess specifies what permissions an identity or group +// of identities are granted. +type AdminAccess struct { + // Base64-encoded DER certificates containing public keys to accept. + // (The contents of PEM certificate blocks are base64-encoded DER.) + // Any of these public keys can appear in any part of a verified chain. + PublicKeys []string `json:"public_keys,omitempty"` + + // Limits what the associated identities are allowed to do. + // If unspecified, all permissions are granted. + Permissions []AdminPermissions `json:"permissions,omitempty"` + + publicKeys []crypto.PublicKey +} + +// AdminPermissions specifies what kinds of requests are allowed +// to be made to the admin endpoint. +type AdminPermissions struct { + // The API paths allowed. Paths are simple prefix matches. + // Any subpath of the specified paths will be allowed. + Paths []string `json:"paths,omitempty"` + + // The HTTP methods allowed for the given paths. + Methods []string `json:"methods,omitempty"` } // newAdminHandler reads admin's config and returns an http.Handler suitable // for use in an admin endpoint server, which will be listening on listenAddr. -func (admin AdminConfig) newAdminHandler(addr NetworkAddress) adminHandler { - muxWrap := adminHandler{ - enforceOrigin: admin.EnforceOrigin, - enforceHost: !addr.isWildcardInterface(), - allowedOrigins: admin.allowedOrigins(addr), - mux: http.NewServeMux(), +func (admin AdminConfig) newAdminHandler(addr NetworkAddress, remote bool) adminHandler { + muxWrap := adminHandler{mux: http.NewServeMux()} + + // secure the local or remote endpoint respectively + if remote { + muxWrap.remoteControl = admin.Remote + } else { + muxWrap.enforceHost = !addr.isWildcardInterface() + muxWrap.allowedOrigins = admin.allowedOrigins(addr) } addRouteWithMetrics := func(pattern string, handlerLabel string, h http.Handler) { @@ -197,18 +277,18 @@ func (admin AdminConfig) allowedOrigins(addr NetworkAddress) []string { return allowed } -// replaceAdmin replaces the running admin server according -// to the relevant configuration in cfg. If no configuration -// for the admin endpoint exists in cfg, a default one is -// used, so that there is always an admin server (unless it -// is explicitly configured to be disabled). -func replaceAdmin(cfg *Config) error { +// replaceLocalAdminServer replaces the running local admin server +// according to the relevant configuration in cfg. If no configuration +// for the admin endpoint exists in cfg, a default one is used, so +// that there is always an admin server (unless it is explicitly +// configured to be disabled). +func replaceLocalAdminServer(cfg *Config) error { // always be sure to close down the old admin endpoint // as gracefully as possible, even if the new one is // disabled -- careful to use reference to the current // (old) admin endpoint since it will be different // when the function returns - oldAdminServer := adminServer + oldAdminServer := localAdminServer defer func() { // do the shutdown asynchronously so that any // current API request gets a response; this @@ -236,19 +316,20 @@ func replaceAdmin(cfg *Config) error { } // extract a singular listener address - addr, err := adminConfig.listenAddr() + addr, err := parseAdminListenAddr(adminConfig.Listen, DefaultAdminListen) if err != nil { return err } - handler := adminConfig.newAdminHandler(addr) + handler := adminConfig.newAdminHandler(addr, false) ln, err := Listen(addr.Network, addr.JoinHostPort(0)) if err != nil { return err } - adminServer = &http.Server{ + localAdminServer = &http.Server{ + Addr: addr.String(), // for logging purposes only Handler: handler, ReadTimeout: 10 * time.Second, ReadHeaderTimeout: 5 * time.Second, @@ -258,7 +339,7 @@ func replaceAdmin(cfg *Config) error { adminLogger := Log().Named("admin") go func() { - if err := adminServer.Serve(ln); !errors.Is(err, http.ErrServerClosed) { + if err := localAdminServer.Serve(ln); !errors.Is(err, http.ErrServerClosed) { adminLogger.Error("admin server shutdown for unknown reason", zap.Error(err)) } }() @@ -276,6 +357,252 @@ func replaceAdmin(cfg *Config) error { return nil } +// manageIdentity sets up automated identity management for this server. +func manageIdentity(ctx Context, cfg *Config) error { + if cfg == nil || cfg.Admin == nil || cfg.Admin.Identity == nil { + return nil + } + + oldIdentityCertCache := identityCertCache + if oldIdentityCertCache != nil { + defer oldIdentityCertCache.Stop() + } + + // set default issuers; this is pretty hacky because we can't + // import the caddytls package -- but it works + if cfg.Admin.Identity.IssuersRaw == nil { + cfg.Admin.Identity.IssuersRaw = []json.RawMessage{ + json.RawMessage(`{"module": "zerossl"}`), + json.RawMessage(`{"module": "acme"}`), + } + } + + // load and provision issuer modules + if cfg.Admin.Identity.IssuersRaw != nil { + val, err := ctx.LoadModule(cfg.Admin.Identity, "IssuersRaw") + if err != nil { + return fmt.Errorf("loading identity issuer modules: %s", err) + } + for _, issVal := range val.([]interface{}) { + cfg.Admin.Identity.issuers = append(cfg.Admin.Identity.issuers, issVal.(certmagic.Issuer)) + } + } + + logger := Log().Named("admin.identity") + cmCfg := cfg.Admin.Identity.certmagicConfig(logger) + + // issuers have circular dependencies with the configs because, + // as explained in the caddytls package, they need access to the + // correct storage and cache to solve ACME challenges + for _, issuer := range cfg.Admin.Identity.issuers { + // avoid import cycle with caddytls package, so manually duplicate the interface here, yuck + if annoying, ok := issuer.(interface{ SetConfig(cfg *certmagic.Config) }); ok { + annoying.SetConfig(cmCfg) + } + } + + // obtain and renew server identity certificate(s) + return cmCfg.ManageAsync(ctx, cfg.Admin.Identity.Identifiers) +} + +// replaceRemoteAdminServer replaces the running remote admin server +// according to the relevant configuration in cfg. It stops any previous +// remote admin server and only starts a new one if configured. +func replaceRemoteAdminServer(ctx Context, cfg *Config) error { + if cfg == nil { + return nil + } + + remoteLogger := Log().Named("admin.remote") + + oldAdminServer := remoteAdminServer + defer func() { + if oldAdminServer != nil { + go func(oldAdminServer *http.Server) { + err := stopAdminServer(oldAdminServer) + if err != nil { + Log().Named("admin").Error("stopping current secure admin endpoint", zap.Error(err)) + } + }(oldAdminServer) + } + }() + + if cfg.Admin == nil || cfg.Admin.Remote == nil { + return nil + } + + addr, err := parseAdminListenAddr(cfg.Admin.Remote.Listen, DefaultRemoteAdminListen) + if err != nil { + return err + } + + // make the HTTP handler but disable Host/Origin enforcement + // because we are using TLS authentication instead + handler := cfg.Admin.newAdminHandler(addr, true) + + // create client certificate pool for TLS mutual auth, and extract public keys + // so that we can enforce access controls at the application layer + clientCertPool := x509.NewCertPool() + for i, accessControl := range cfg.Admin.Remote.AccessControl { + for j, certBase64 := range accessControl.PublicKeys { + cert, err := decodeBase64DERCert(certBase64) + if err != nil { + return fmt.Errorf("access control %d public key %d: parsing base64 certificate DER: %v", i, j, err) + } + accessControl.publicKeys = append(accessControl.publicKeys, cert.PublicKey) + clientCertPool.AddCert(cert) + } + } + + // create TLS config that will enforce mutual authentication + cmCfg := cfg.Admin.Identity.certmagicConfig(remoteLogger) + tlsConfig := cmCfg.TLSConfig() + tlsConfig.NextProtos = nil // this server does not solve ACME challenges + tlsConfig.ClientAuth = tls.RequireAndVerifyClientCert + tlsConfig.ClientCAs = clientCertPool + + // convert logger to stdlib so it can be used by HTTP server + serverLogger, err := zap.NewStdLogAt(remoteLogger, zap.DebugLevel) + if err != nil { + return err + } + + // create secure HTTP server + remoteAdminServer = &http.Server{ + Addr: addr.String(), // for logging purposes only + Handler: handler, + TLSConfig: tlsConfig, + ReadTimeout: 10 * time.Second, + ReadHeaderTimeout: 5 * time.Second, + IdleTimeout: 60 * time.Second, + MaxHeaderBytes: 1024 * 64, + ErrorLog: serverLogger, + } + + // start listener + ln, err := Listen(addr.Network, addr.JoinHostPort(0)) + if err != nil { + return err + } + ln = tls.NewListener(ln, tlsConfig) + + go func() { + if err := remoteAdminServer.Serve(ln); !errors.Is(err, http.ErrServerClosed) { + remoteLogger.Error("admin remote server shutdown for unknown reason", zap.Error(err)) + } + }() + + remoteLogger.Info("secure admin remote control endpoint started", + zap.String("address", addr.String())) + + return nil +} + +func (ident *IdentityConfig) certmagicConfig(logger *zap.Logger) *certmagic.Config { + if ident == nil { + // user might not have configured identity; that's OK, we can still make a + // certmagic config, although it'll be mostly useless for remote management + ident = new(IdentityConfig) + } + cmCfg := &certmagic.Config{ + Storage: DefaultStorage, // do not act as part of a cluster (this is for the server's local identity) + Logger: logger, + Issuers: ident.issuers, + } + if identityCertCache == nil { + identityCertCache = certmagic.NewCache(certmagic.CacheOptions{ + GetConfigForCert: func(certmagic.Certificate) (*certmagic.Config, error) { + return cmCfg, nil + }, + }) + } + return certmagic.New(identityCertCache, *cmCfg) +} + +// IdentityCredentials returns this instance's configured, managed identity credentials +// that can be used in TLS client authentication. +func (ctx Context) IdentityCredentials(logger *zap.Logger) ([]tls.Certificate, error) { + if ctx.cfg == nil || ctx.cfg.Admin == nil || ctx.cfg.Admin.Identity == nil { + return nil, fmt.Errorf("no server identity configured") + } + ident := ctx.cfg.Admin.Identity + if len(ident.Identifiers) == 0 { + return nil, fmt.Errorf("no identifiers configured") + } + if logger == nil { + logger = Log() + } + magic := ident.certmagicConfig(logger) + return magic.ClientCredentials(ctx, ident.Identifiers) +} + +// enforceAccessControls enforces application-layer access controls for r based on remote. +// It expects that the TLS server has already established at least one verified chain of +// trust, and then looks for a matching, authorized public key that is allowed to access +// the defined path(s) using the defined method(s). +func (remote RemoteAdmin) enforceAccessControls(r *http.Request) error { + for _, chain := range r.TLS.VerifiedChains { + for _, peerCert := range chain { + for _, adminAccess := range remote.AccessControl { + for _, allowedKey := range adminAccess.publicKeys { + // see if we found a matching public key; the TLS server already verified the chain + // so we know the client possesses the associated private key; this handy interface + // doesn't appear to be defined anywhere in the std lib, but was implemented here: + // https://github.com/golang/go/commit/b5f2c0f50297fa5cd14af668ddd7fd923626cf8c + comparer, ok := peerCert.PublicKey.(interface{ Equal(crypto.PublicKey) bool }) + if !ok || !comparer.Equal(allowedKey) { + continue + } + + // key recognized; make sure its HTTP request is permitted + for _, accessPerm := range adminAccess.Permissions { + // verify method + methodFound := accessPerm.Methods == nil + for _, method := range accessPerm.Methods { + if method == r.Method { + methodFound = true + break + } + } + if !methodFound { + return APIError{ + HTTPStatus: http.StatusForbidden, + Message: "not authorized to use this method", + } + } + + // verify path + pathFound := accessPerm.Paths == nil + for _, allowedPath := range accessPerm.Paths { + if strings.HasPrefix(r.URL.Path, allowedPath) { + pathFound = true + break + } + } + if !pathFound { + return APIError{ + HTTPStatus: http.StatusForbidden, + Message: "not authorized to access this path", + } + } + } + + // public key authorized, method and path allowed + return nil + } + } + } + } + + // in theory, this should never happen; with an unverified chain, the TLS server + // should not accept the connection in the first place, and the acceptable cert + // pool is configured using the same list of public keys we verify against + return APIError{ + HTTPStatus: http.StatusUnauthorized, + Message: "client identity not authorized", + } +} + func stopAdminServer(srv *http.Server) error { if srv == nil { return fmt.Errorf("no admin server") @@ -286,7 +613,7 @@ func stopAdminServer(srv *http.Server) error { if err != nil { return fmt.Errorf("shutting down admin server: %v", err) } - Log().Named("admin").Info("stopped previous server") + Log().Named("admin").Info("stopped previous server", zap.String("address", srv.Addr)) return nil } @@ -302,10 +629,15 @@ type AdminRoute struct { } type adminHandler struct { + mux *http.ServeMux + + // security for local/plaintext) endpoint, on by default enforceOrigin bool enforceHost bool allowedOrigins []string - mux *http.ServeMux + + // security for remote/encrypted endpoint + remoteControl *RemoteAdmin } // ServeHTTP is the external entry point for API requests. @@ -318,6 +650,12 @@ func (h adminHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { zap.String("remote_addr", r.RemoteAddr), zap.Reflect("headers", r.Header), ) + if r.TLS != nil { + log = log.With( + zap.Bool("secure", true), + zap.Int("verified_chains", len(r.TLS.VerifiedChains)), + ) + } if r.RequestURI == "/metrics" { log.Debug("received request") } else { @@ -330,6 +668,14 @@ func (h adminHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { // be called more than once per request, for example if a request // is rewritten (i.e. internal redirect). func (h adminHandler) serveHTTP(w http.ResponseWriter, r *http.Request) { + if h.remoteControl != nil { + // enforce access controls on secure endpoint + if err := h.remoteControl.enforceAccessControls(r); err != nil { + h.handleError(w, r, err) + return + } + } + if strings.Contains(r.Header.Get("Upgrade"), "websocket") { // I've never been able demonstrate a vulnerability myself, but apparently // WebSocket connections originating from browsers aren't subject to CORS @@ -363,8 +709,6 @@ func (h adminHandler) serveHTTP(w http.ResponseWriter, r *http.Request) { w.Header().Set("Access-Control-Allow-Origin", origin) } - // TODO: authentication & authorization, if configured - h.mux.ServeHTTP(w, r) } @@ -372,20 +716,16 @@ func (h adminHandler) handleError(w http.ResponseWriter, r *http.Request, err er if err == nil { return } - if err == ErrInternalRedir { - h.serveHTTP(w, r) - return - } apiErr, ok := err.(APIError) if !ok { apiErr = APIError{ - Code: http.StatusInternalServerError, - Err: err, + HTTPStatus: http.StatusInternalServerError, + Err: err, } } - if apiErr.Code == 0 { - apiErr.Code = http.StatusInternalServerError + if apiErr.HTTPStatus == 0 { + apiErr.HTTPStatus = http.StatusInternalServerError } if apiErr.Message == "" && apiErr.Err != nil { apiErr.Message = apiErr.Err.Error() @@ -393,11 +733,11 @@ func (h adminHandler) handleError(w http.ResponseWriter, r *http.Request, err er Log().Named("admin.api").Error("request error", zap.Error(err), - zap.Int("status_code", apiErr.Code), + zap.Int("status_code", apiErr.HTTPStatus), ) w.Header().Set("Content-Type", "application/json") - w.WriteHeader(apiErr.Code) + w.WriteHeader(apiErr.HTTPStatus) encErr := json.NewEncoder(w).Encode(apiErr) if encErr != nil { Log().Named("admin.api").Error("failed to encode error response", zap.Error(encErr)) @@ -418,8 +758,8 @@ func (h adminHandler) checkHost(r *http.Request) error { } if !allowed { return APIError{ - Code: http.StatusForbidden, - Err: fmt.Errorf("host not allowed: %s", r.Host), + HTTPStatus: http.StatusForbidden, + Err: fmt.Errorf("host not allowed: %s", r.Host), } } return nil @@ -433,14 +773,14 @@ func (h adminHandler) checkOrigin(r *http.Request) (string, error) { origin := h.getOriginHost(r) if origin == "" { return origin, APIError{ - Code: http.StatusForbidden, - Err: fmt.Errorf("missing required Origin header"), + HTTPStatus: http.StatusForbidden, + Err: fmt.Errorf("missing required Origin header"), } } if !h.originAllowed(origin) { return origin, APIError{ - Code: http.StatusForbidden, - Err: fmt.Errorf("client is not allowed to access from origin %s", origin), + HTTPStatus: http.StatusForbidden, + Err: fmt.Errorf("client is not allowed to access from origin %s", origin), } } return origin, nil @@ -480,7 +820,7 @@ func handleConfig(w http.ResponseWriter, r *http.Request) error { err := readConfig(r.URL.Path, w) if err != nil { - return APIError{Code: http.StatusBadRequest, Err: err} + return APIError{HTTPStatus: http.StatusBadRequest, Err: err} } return nil @@ -495,8 +835,8 @@ func handleConfig(w http.ResponseWriter, r *http.Request) error { if r.Method != http.MethodDelete { if ct := r.Header.Get("Content-Type"); !strings.Contains(ct, "/json") { return APIError{ - Code: http.StatusBadRequest, - Err: fmt.Errorf("unacceptable content-type: %v; 'application/json' required", ct), + HTTPStatus: http.StatusBadRequest, + Err: fmt.Errorf("unacceptable content-type: %v; 'application/json' required", ct), } } @@ -507,8 +847,8 @@ func handleConfig(w http.ResponseWriter, r *http.Request) error { _, err := io.Copy(buf, r.Body) if err != nil { return APIError{ - Code: http.StatusBadRequest, - Err: fmt.Errorf("reading request body: %v", err), + HTTPStatus: http.StatusBadRequest, + Err: fmt.Errorf("reading request body: %v", err), } } body = buf.Bytes() @@ -523,8 +863,8 @@ func handleConfig(w http.ResponseWriter, r *http.Request) error { default: return APIError{ - Code: http.StatusMethodNotAllowed, - Err: fmt.Errorf("method %s not allowed", r.Method), + HTTPStatus: http.StatusMethodNotAllowed, + Err: fmt.Errorf("method %s not allowed", r.Method), } } @@ -555,46 +895,17 @@ func handleConfigID(w http.ResponseWriter, r *http.Request) error { parts = append([]string{expanded}, parts[3:]...) r.URL.Path = path.Join(parts...) - return ErrInternalRedir -} - -func handleStop(w http.ResponseWriter, r *http.Request) error { - err := handleUnload(w, r) - if err != nil { - Log().Named("admin.api").Error("unload error", zap.Error(err)) - } - if adminServer != nil { - // use goroutine so that we can finish responding to API request - go func() { - err := stopAdminServer(adminServer) - var exitCode int - if err != nil { - exitCode = ExitCodeFailedQuit - Log().Named("admin.api").Error("failed to stop admin server gracefully", zap.Error(err)) - } - Log().Named("admin.api").Info("stopping now, bye!! 👋") - os.Exit(exitCode) - }() - } return nil } -// handleUnload stops the current configuration that is running. -// Note that doing this can also be accomplished with DELETE /config/ -// but we leave this function because handleStop uses it. -func handleUnload(w http.ResponseWriter, r *http.Request) error { +func handleStop(w http.ResponseWriter, r *http.Request) error { if r.Method != http.MethodPost { return APIError{ - Code: http.StatusMethodNotAllowed, - Err: fmt.Errorf("method not allowed"), + HTTPStatus: http.StatusMethodNotAllowed, + Err: fmt.Errorf("method not allowed"), } } - Log().Named("admin.api").Info("unloading") - if err := stopAndCleanup(); err != nil { - Log().Named("admin.api").Error("error unloading", zap.Error(err)) - } else { - Log().Named("admin.api").Info("unloading completed") - } + exitProcess(Log().Named("admin.api")) return nil } @@ -806,9 +1117,9 @@ func (f AdminHandlerFunc) ServeHTTP(w http.ResponseWriter, r *http.Request) erro // and client responses. If Message is unset, then // Err.Error() will be serialized in its place. type APIError struct { - Code int `json:"-"` - Err error `json:"-"` - Message string `json:"error"` + HTTPStatus int `json:"-"` + Err error `json:"-"` + Message string `json:"error"` } func (e APIError) Error() string { @@ -818,20 +1129,44 @@ func (e APIError) Error() string { return e.Message } +// parseAdminListenAddr extracts a singular listen address from either addr +// or defaultAddr, returning the network and the address of the listener. +func parseAdminListenAddr(addr string, defaultAddr string) (NetworkAddress, error) { + input := addr + if input == "" { + input = defaultAddr + } + listenAddr, err := ParseNetworkAddress(input) + if err != nil { + return NetworkAddress{}, fmt.Errorf("parsing listener address: %v", err) + } + if listenAddr.PortRangeSize() != 1 { + return NetworkAddress{}, fmt.Errorf("must be exactly one listener address; cannot listen on: %s", listenAddr) + } + return listenAddr, nil +} + +// decodeBase64DERCert base64-decodes, then DER-decodes, certStr. +func decodeBase64DERCert(certStr string) (*x509.Certificate, error) { + derBytes, err := base64.StdEncoding.DecodeString(certStr) + if err != nil { + return nil, err + } + return x509.ParseCertificate(derBytes) +} + var ( - // DefaultAdminListen is the address for the admin + // DefaultAdminListen is the address for the local admin // listener, if none is specified at startup. DefaultAdminListen = "localhost:2019" - // ErrInternalRedir indicates an internal redirect - // and is useful when admin API handlers rewrite - // the request; in that case, authentication and - // authorization needs to happen again for the - // rewritten request. - ErrInternalRedir = fmt.Errorf("internal redirect; re-authorization required") + // DefaultRemoteAdminListen is the address for the remote + // (TLS-authenticated) admin listener, if enabled and not + // specified otherwise. + DefaultRemoteAdminListen = ":2021" // DefaultAdminConfig is the default configuration - // for the administration endpoint. + // for the local administration endpoint. DefaultAdminConfig = &AdminConfig{ Listen: DefaultAdminListen, } @@ -869,4 +1204,8 @@ var bufPool = sync.Pool{ }, } -var adminServer *http.Server +// keep a reference to admin endpoint singletons while they're active +var ( + localAdminServer, remoteAdminServer *http.Server + identityCertCache *certmagic.Cache +) diff --git a/caddy.go b/caddy.go index 000cd6f1..70135ffb 100644 --- a/caddy.go +++ b/caddy.go @@ -130,8 +130,8 @@ func changeConfig(method, path string, input []byte, forceReload bool) error { newCfg, err := json.Marshal(rawCfg[rawConfigKey]) if err != nil { return APIError{ - Code: http.StatusBadRequest, - Err: fmt.Errorf("encoding new config: %v", err), + HTTPStatus: http.StatusBadRequest, + Err: fmt.Errorf("encoding new config: %v", err), } } @@ -146,14 +146,14 @@ func changeConfig(method, path string, input []byte, forceReload bool) error { err = indexConfigObjects(rawCfg[rawConfigKey], "/"+rawConfigKey, idx) if err != nil { return APIError{ - Code: http.StatusInternalServerError, - Err: fmt.Errorf("indexing config: %v", err), + HTTPStatus: http.StatusInternalServerError, + Err: fmt.Errorf("indexing config: %v", err), } } // load this new config; if it fails, we need to revert to // our old representation of caddy's actual config - err = unsyncedDecodeAndRun(newCfg) + err = unsyncedDecodeAndRun(newCfg, true) if err != nil { if len(rawCfgJSON) > 0 { // restore old config state to keep it consistent @@ -233,8 +233,10 @@ func indexConfigObjects(ptr interface{}, configPath string, index map[string]str // it as the new config, replacing any other current config. // It does NOT update the raw config state, as this is a // lower-level function; most callers will want to use Load -// instead. A write lock on currentCfgMu is required! -func unsyncedDecodeAndRun(cfgJSON []byte) error { +// instead. A write lock on currentCfgMu is required! If +// allowPersist is false, it will not be persisted to disk, +// even if it is configured to. +func unsyncedDecodeAndRun(cfgJSON []byte, allowPersist bool) error { // remove any @id fields from the JSON, which would cause // loading to break since the field wouldn't be recognized strippedCfgJSON := RemoveMetaFields(cfgJSON) @@ -245,6 +247,19 @@ func unsyncedDecodeAndRun(cfgJSON []byte) error { return err } + // prevent recursive config loads; that is a user error, and + // although frequent config loads should be safe, we cannot + // guarantee that in the presence of third party plugins, nor + // do we want this error to go unnoticed (we assume it was a + // pulled config if we're not allowed to persist it) + if !allowPersist && + newCfg != nil && + newCfg.Admin != nil && + newCfg.Admin.Config != nil && + newCfg.Admin.Config.LoadRaw != nil { + return fmt.Errorf("recursive config loading detected: pulled configs cannot pull other configs") + } + // run the new config and start all its apps err = run(newCfg, true) if err != nil { @@ -259,7 +274,8 @@ func unsyncedDecodeAndRun(cfgJSON []byte) error { unsyncedStop(oldCfg) // autosave a non-nil config, if not disabled - if newCfg != nil && + if allowPersist && + newCfg != nil && (newCfg.Admin == nil || newCfg.Admin.Config == nil || newCfg.Admin.Config.Persist == nil || @@ -311,14 +327,14 @@ func run(newCfg *Config, start bool) error { // start the admin endpoint (and stop any prior one) if start { - err = replaceAdmin(newCfg) + err = replaceLocalAdminServer(newCfg) if err != nil { return fmt.Errorf("starting caddy administration endpoint: %v", err) } } if newCfg == nil { - return nil + newCfg = new(Config) } // prepare the new config for use @@ -400,7 +416,7 @@ func run(newCfg *Config, start bool) error { } // Start - return func() error { + err = func() error { var started []string for name, a := range newCfg.apps { err := a.Start() @@ -420,6 +436,64 @@ func run(newCfg *Config, start bool) error { } return nil }() + if err != nil { + return err + } + + // now that the user's config is running, finish setting up anything else, + // such as remote admin endpoint, config loader, etc. + return finishSettingUp(ctx, newCfg) +} + +// finishSettingUp should be run after all apps have successfully started. +func finishSettingUp(ctx Context, cfg *Config) error { + // establish this server's identity (only after apps are loaded + // so that cert management of this endpoint doesn't prevent user's + // servers from starting which likely also use HTTP/HTTPS ports; + // but before remote management which may depend on these creds) + err := manageIdentity(ctx, cfg) + if err != nil { + return fmt.Errorf("provisioning remote admin endpoint: %v", err) + } + + // replace any remote admin endpoint + err = replaceRemoteAdminServer(ctx, cfg) + if err != nil { + return fmt.Errorf("provisioning remote admin endpoint: %v", err) + } + + // if dynamic config is requested, set that up and run it + if cfg != nil && cfg.Admin != nil && cfg.Admin.Config != nil && cfg.Admin.Config.LoadRaw != nil { + val, err := ctx.LoadModule(cfg.Admin.Config, "LoadRaw") + if err != nil { + return fmt.Errorf("loading config loader module: %s", err) + } + loadedConfig, err := val.(ConfigLoader).LoadConfig(ctx) + if err != nil { + return fmt.Errorf("loading dynamic config from %T: %v", val, err) + } + + // do this in a goroutine so current config can finish being loaded; otherwise deadlock + go func() { + Log().Info("applying dynamically-loaded config", zap.String("loader_module", val.(Module).CaddyModule().ID.Name())) + currentCfgMu.Lock() + err := unsyncedDecodeAndRun(loadedConfig, false) + currentCfgMu.Unlock() + if err == nil { + Log().Info("dynamically-loaded config applied successfully") + } else { + Log().Error("running dynamically-loaded config failed", zap.Error(err)) + } + }() + } + + return nil +} + +// ConfigLoader is a type that can load a Caddy config. The +// returned config must be valid Caddy JSON. +type ConfigLoader interface { + LoadConfig(Context) ([]byte, error) } // Stop stops running the current configuration. @@ -462,20 +536,6 @@ func unsyncedStop(cfg *Config) { cfg.cancelFunc() } -// stopAndCleanup calls stop and cleans up anything -// else that is expedient. This should only be used -// when stopping and not replacing with a new config. -func stopAndCleanup() error { - if err := Stop(); err != nil { - return err - } - certmagic.CleanUpOwnLocks() - if pidfile != "" { - return os.Remove(pidfile) - } - return nil -} - // Validate loads, provisions, and validates // cfg, but does not start running it. func Validate(cfg *Config) error { @@ -486,6 +546,72 @@ func Validate(cfg *Config) error { return err } +// exitProcess exits the process as gracefully as possible, +// but it always exits, even if there are errors doing so. +// It stops all apps, cleans up external locks, removes any +// PID file, and shuts down admin endpoint(s) in a goroutine. +// Errors are logged along the way, and an appropriate exit +// code is emitted. +func exitProcess(logger *zap.Logger) { + if logger == nil { + logger = Log() + } + logger.Warn("exiting; byeee!! 👋") + + exitCode := ExitCodeSuccess + + // stop all apps + if err := Stop(); err != nil { + logger.Error("failed to stop apps", zap.Error(err)) + exitCode = ExitCodeFailedQuit + } + + // clean up certmagic locks + certmagic.CleanUpOwnLocks(logger) + + // remove pidfile + if pidfile != "" { + err := os.Remove(pidfile) + if err != nil { + logger.Error("cleaning up PID file:", + zap.String("pidfile", pidfile), + zap.Error(err)) + exitCode = ExitCodeFailedQuit + } + } + + // shut down admin endpoint(s) in goroutines so that + // if this function was called from an admin handler, + // it has a chance to return gracefully + // use goroutine so that we can finish responding to API request + go func() { + defer func() { + logger = logger.With(zap.Int("exit_code", exitCode)) + if exitCode == ExitCodeSuccess { + logger.Info("shutdown complete") + } else { + logger.Error("unclean shutdown") + } + os.Exit(exitCode) + }() + + if remoteAdminServer != nil { + err := stopAdminServer(remoteAdminServer) + if err != nil { + exitCode = ExitCodeFailedQuit + logger.Error("failed to stop remote admin server gracefully", zap.Error(err)) + } + } + if localAdminServer != nil { + err := stopAdminServer(localAdminServer) + if err != nil { + exitCode = ExitCodeFailedQuit + logger.Error("failed to stop local admin server gracefully", zap.Error(err)) + } + } + }() +} + // Duration can be an integer or a string. An integer is // interpreted as nanoseconds. If a string, it is a Go // time.Duration value such as `300ms`, `1.5h`, or `2h45m`; diff --git a/caddyconfig/configadapters.go b/caddyconfig/configadapters.go index 1665fa03..ccac5f88 100644 --- a/caddyconfig/configadapters.go +++ b/caddyconfig/configadapters.go @@ -35,6 +35,14 @@ type Warning struct { Message string `json:"message,omitempty"` } +func (w Warning) String() string { + var directive string + if w.Directive != "" { + directive = fmt.Sprintf(" (%s)", w.Directive) + } + return fmt.Sprintf("%s:%d%s: %s", w.File, w.Line, directive, w.Message) +} + // JSON encodes val as JSON, returning it as a json.RawMessage. Any // marshaling errors (which are highly unlikely with correct code) // are converted to warnings. This is convenient when filling config diff --git a/caddyconfig/httploader.go b/caddyconfig/httploader.go new file mode 100644 index 00000000..aabd1035 --- /dev/null +++ b/caddyconfig/httploader.go @@ -0,0 +1,151 @@ +package caddyconfig + +import ( + "crypto/tls" + "crypto/x509" + "fmt" + "io/ioutil" + "net/http" + "time" + + "github.com/caddyserver/caddy/v2" +) + +func init() { + caddy.RegisterModule(HTTPLoader{}) +} + +// HTTPLoader can load Caddy configs over HTTP(S). It can adapt the config +// based on the Content-Type header of the HTTP response. +type HTTPLoader struct { + // The method for the request. Default: GET + Method string `json:"method,omitempty"` + + // The URL of the request. + URL string `json:"url,omitempty"` + + // HTTP headers to add to the request. + Headers http.Header `json:"header,omitempty"` + + // Maximum time allowed for a complete connection and request. + Timeout caddy.Duration `json:"timeout,omitempty"` + + TLS *struct { + // Present this instance's managed remote identity credentials to the server. + UseServerIdentity bool `json:"use_server_identity,omitempty"` + + // PEM-encoded client certificate filename to present to the server. + ClientCertificateFile string `json:"client_certificate_file,omitempty"` + + // PEM-encoded key to use with the client certificate. + ClientCertificateKeyFile string `json:"client_certificate_key_file,omitempty"` + + // List of PEM-encoded CA certificate files to add to the same trust + // store as RootCAPool (or root_ca_pool in the JSON). + RootCAPEMFiles []string `json:"root_ca_pem_files,omitempty"` + } `json:"tls,omitempty"` +} + +// CaddyModule returns the Caddy module information. +func (HTTPLoader) CaddyModule() caddy.ModuleInfo { + return caddy.ModuleInfo{ + ID: "caddy.config_loaders.http", + New: func() caddy.Module { return new(HTTPLoader) }, + } +} + +// LoadConfig loads a Caddy config. +func (hl HTTPLoader) LoadConfig(ctx caddy.Context) ([]byte, error) { + client, err := hl.makeClient(ctx) + if err != nil { + return nil, err + } + + method := hl.Method + if method == "" { + method = http.MethodGet + } + + req, err := http.NewRequest(method, hl.URL, nil) + if err != nil { + return nil, err + } + req.Header = hl.Headers + + resp, err := client.Do(req) + if err != nil { + return nil, err + } + defer resp.Body.Close() + if resp.StatusCode >= 400 { + return nil, fmt.Errorf("server responded with HTTP %d", resp.StatusCode) + } + + body, err := ioutil.ReadAll(resp.Body) + if err != nil { + return nil, err + } + + result, warnings, err := adaptByContentType(resp.Header.Get("Content-Type"), body) + if err != nil { + return nil, err + } + for _, warn := range warnings { + ctx.Logger(hl).Warn(warn.String()) + } + + return result, nil +} + +func (hl HTTPLoader) makeClient(ctx caddy.Context) (*http.Client, error) { + client := &http.Client{ + Timeout: time.Duration(hl.Timeout), + } + + if hl.TLS != nil { + var tlsConfig *tls.Config + + // client authentication + if hl.TLS.UseServerIdentity { + certs, err := ctx.IdentityCredentials(ctx.Logger(hl)) + if err != nil { + return nil, fmt.Errorf("getting server identity credentials: %v", err) + } + if tlsConfig == nil { + tlsConfig = new(tls.Config) + } + tlsConfig.Certificates = certs + } else if hl.TLS.ClientCertificateFile != "" && hl.TLS.ClientCertificateKeyFile != "" { + cert, err := tls.LoadX509KeyPair(hl.TLS.ClientCertificateFile, hl.TLS.ClientCertificateKeyFile) + if err != nil { + return nil, err + } + if tlsConfig == nil { + tlsConfig = new(tls.Config) + } + tlsConfig.Certificates = []tls.Certificate{cert} + } + + // trusted server certs + if len(hl.TLS.RootCAPEMFiles) > 0 { + rootPool := x509.NewCertPool() + for _, pemFile := range hl.TLS.RootCAPEMFiles { + pemData, err := ioutil.ReadFile(pemFile) + if err != nil { + return nil, fmt.Errorf("failed reading ca cert: %v", err) + } + rootPool.AppendCertsFromPEM(pemData) + } + if tlsConfig == nil { + tlsConfig = new(tls.Config) + } + tlsConfig.RootCAs = rootPool + } + + client.Transport = &http.Transport{TLSClientConfig: tlsConfig} + } + + return client, nil +} + +var _ caddy.ConfigLoader = (*HTTPLoader)(nil) diff --git a/caddyconfig/load.go b/caddyconfig/load.go index 4855b46c..7a390d0b 100644 --- a/caddyconfig/load.go +++ b/caddyconfig/load.go @@ -69,8 +69,8 @@ func (al adminLoad) Routes() []caddy.AdminRoute { func (adminLoad) handleLoad(w http.ResponseWriter, r *http.Request) error { if r.Method != http.MethodPost { return caddy.APIError{ - Code: http.StatusMethodNotAllowed, - Err: fmt.Errorf("method not allowed"), + HTTPStatus: http.StatusMethodNotAllowed, + Err: fmt.Errorf("method not allowed"), } } @@ -81,8 +81,8 @@ func (adminLoad) handleLoad(w http.ResponseWriter, r *http.Request) error { _, err := io.Copy(buf, r.Body) if err != nil { return caddy.APIError{ - Code: http.StatusBadRequest, - Err: fmt.Errorf("reading request body: %v", err), + HTTPStatus: http.StatusBadRequest, + Err: fmt.Errorf("reading request body: %v", err), } } body := buf.Bytes() @@ -90,45 +90,21 @@ func (adminLoad) handleLoad(w http.ResponseWriter, r *http.Request) error { // if the config is formatted other than Caddy's native // JSON, we need to adapt it before loading it if ctHeader := r.Header.Get("Content-Type"); ctHeader != "" { - ct, _, err := mime.ParseMediaType(ctHeader) + result, warnings, err := adaptByContentType(ctHeader, body) if err != nil { return caddy.APIError{ - Code: http.StatusBadRequest, - Err: fmt.Errorf("invalid Content-Type: %v", err), + HTTPStatus: http.StatusBadRequest, + Err: err, } } - if !strings.HasSuffix(ct, "/json") { - slashIdx := strings.Index(ct, "/") - if slashIdx < 0 { - return caddy.APIError{ - Code: http.StatusBadRequest, - Err: fmt.Errorf("malformed Content-Type"), - } - } - adapterName := ct[slashIdx+1:] - cfgAdapter := GetAdapter(adapterName) - if cfgAdapter == nil { - return caddy.APIError{ - Code: http.StatusBadRequest, - Err: fmt.Errorf("unrecognized config adapter '%s'", adapterName), - } - } - result, warnings, err := cfgAdapter.Adapt(body, nil) + if len(warnings) > 0 { + respBody, err := json.Marshal(warnings) if err != nil { - return caddy.APIError{ - Code: http.StatusBadRequest, - Err: fmt.Errorf("adapting config using %s adapter: %v", adapterName, err), - } + caddy.Log().Named("admin.api.load").Error(err.Error()) } - if len(warnings) > 0 { - respBody, err := json.Marshal(warnings) - if err != nil { - caddy.Log().Named("admin.api.load").Error(err.Error()) - } - _, _ = w.Write(respBody) - } - body = result + _, _ = w.Write(respBody) } + body = result } forceReload := r.Header.Get("Cache-Control") == "must-revalidate" @@ -136,8 +112,8 @@ func (adminLoad) handleLoad(w http.ResponseWriter, r *http.Request) error { err = caddy.Load(body, forceReload) if err != nil { return caddy.APIError{ - Code: http.StatusBadRequest, - Err: fmt.Errorf("loading config: %v", err), + HTTPStatus: http.StatusBadRequest, + Err: fmt.Errorf("loading config: %v", err), } } @@ -146,6 +122,47 @@ func (adminLoad) handleLoad(w http.ResponseWriter, r *http.Request) error { return nil } +// adaptByContentType adapts body to Caddy JSON using the adapter specified by contenType. +// If contentType is empty or ends with "/json", the input will be returned, as a no-op. +func adaptByContentType(contentType string, body []byte) ([]byte, []Warning, error) { + // assume JSON as the default + if contentType == "" { + return body, nil, nil + } + + ct, _, err := mime.ParseMediaType(contentType) + if err != nil { + return nil, nil, caddy.APIError{ + HTTPStatus: http.StatusBadRequest, + Err: fmt.Errorf("invalid Content-Type: %v", err), + } + } + + // if already JSON, no need to adapt + if strings.HasSuffix(ct, "/json") { + return body, nil, nil + } + + // adapter name should be suffix of MIME type + slashIdx := strings.Index(ct, "/") + if slashIdx < 0 { + return nil, nil, fmt.Errorf("malformed Content-Type") + } + + adapterName := ct[slashIdx+1:] + cfgAdapter := GetAdapter(adapterName) + if cfgAdapter == nil { + return nil, nil, fmt.Errorf("unrecognized config adapter '%s'", adapterName) + } + + result, warnings, err := cfgAdapter.Adapt(body, nil) + if err != nil { + return nil, nil, fmt.Errorf("adapting config using %s adapter: %v", adapterName, err) + } + + return result, warnings, nil +} + var bufPool = sync.Pool{ New: func() interface{} { return new(bytes.Buffer) diff --git a/go.mod b/go.mod index 825f8743..a4335d95 100644 --- a/go.mod +++ b/go.mod @@ -6,14 +6,14 @@ require ( github.com/Masterminds/sprig/v3 v3.1.0 github.com/alecthomas/chroma v0.8.2 github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a - github.com/caddyserver/certmagic v0.12.1-0.20210107224522-725b69d53d57 + github.com/caddyserver/certmagic v0.12.1-0.20210126230115-267fdad76a0f github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-chi/chi v4.1.2+incompatible github.com/google/cel-go v0.6.0 github.com/klauspost/compress v1.11.3 github.com/klauspost/cpuid/v2 v2.0.1 github.com/lucas-clemente/quic-go v0.19.3 - github.com/mholt/acmez v0.1.2 + github.com/mholt/acmez v0.1.3 github.com/naoina/go-stringutil v0.1.0 // indirect github.com/naoina/toml v0.1.1 github.com/prometheus/client_golang v1.9.0 diff --git a/go.sum b/go.sum index cc11013a..73497901 100644 --- a/go.sum +++ b/go.sum @@ -99,8 +99,8 @@ github.com/bombsimon/wsl/v2 v2.0.0/go.mod h1:mf25kr/SqFEPhhcxW1+7pxzGlW+hIl/hYTK github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= -github.com/caddyserver/certmagic v0.12.1-0.20210107224522-725b69d53d57 h1:eslWGgoQlVAzOGMUfK3ncoHnONjCUVOPTGRD9JG3gAY= -github.com/caddyserver/certmagic v0.12.1-0.20210107224522-725b69d53d57/go.mod h1:yHMCSjG2eOFdI/Jx0+CCzr2DLw+UQu42KbaOVBx7LwA= +github.com/caddyserver/certmagic v0.12.1-0.20210126230115-267fdad76a0f h1:uJoft/gLxPvKq+ojfq3k7w8deji/xt/1RSWN7OAk6Ng= +github.com/caddyserver/certmagic v0.12.1-0.20210126230115-267fdad76a0f/go.mod h1:CUPfwomVXGCyV77EQbR3v7H4tGJ4pX16HATeR55rqws= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= @@ -175,6 +175,7 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7 github.com/fatih/color v1.6.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.8.0/go.mod h1:3l45GVGkyrnYNl9HoIjnp2NnNWvh6hLAqD8yTfGjnw8= +github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 h1:BHsljHzVlRcyQhjrss6TZTdY2VfCqZPbv5k3iBFa2ZQ= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiDsoyrBGkyDY= github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= @@ -379,8 +380,6 @@ github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/u github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= -github.com/jsternberg/zap-logfmt v1.2.0 h1:1v+PK4/B48cy8cfQbxL4FmmNZrjnIMr2BsnyEmXqv2o= -github.com/jsternberg/zap-logfmt v1.2.0/go.mod h1:kz+1CUmCutPWABnNkOu9hOHKdT2q3TDYCcsFy9hpqb0= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/juju/ansiterm v0.0.0-20180109212912-720a0952cc2a h1:FaWFmfWdAUKbSCtOU2QjDaorUexogfaMgbipgYATUMU= github.com/juju/ansiterm v0.0.0-20180109212912-720a0952cc2a/go.mod h1:UJSiEoRfvx3hP73CvoARgeLjaIOjybY9vj8PUPPFGeU= @@ -459,8 +458,8 @@ github.com/mattn/go-sqlite3 v1.10.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsO github.com/mattn/goveralls v0.0.2/go.mod h1:8d1ZMHsd7fW6IRPKQh46F2WRpyib5/X4FOpevwGNQEw= github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/mholt/acmez v0.1.2 h1:26ncYNBt59D+59cMUHuGa/Fzjmu6FFrBm6kk/8hdXt0= -github.com/mholt/acmez v0.1.2/go.mod h1:8qnn8QA/Ewx8E3ZSsmscqsIjhhpxuy9vqdgbX2ceceM= +github.com/mholt/acmez v0.1.3 h1:J7MmNIk4Qf9b8mAGqAh4XkNeowv3f1zW816yf4zt7Qk= +github.com/mholt/acmez v0.1.3/go.mod h1:8qnn8QA/Ewx8E3ZSsmscqsIjhhpxuy9vqdgbX2ceceM= github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/dns v1.1.30 h1:Qww6FseFn8PRfw07jueqIXqodm0JKiiKuK0DeXSqfyo= @@ -785,7 +784,6 @@ go.uber.org/multierr v1.5.0 h1:KCa4XfM8CWFCpxXRGok+Q0SS/0XBhMDbHHGABQLvD2A= go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU= go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee h1:0mgffUl7nfd+FpvXMVz4IDEaUSmT1ysygQC7qYo7sG4= go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= -go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= go.uber.org/zap v1.15.0/go.mod h1:Mb2vm2krFEG5DV0W9qcHBYFtp/Wku1cvYaqPsS/WYfc= diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go index 64725c9d..bbcd5d76 100644 --- a/modules/caddytls/acmeissuer.go +++ b/modules/caddytls/acmeissuer.go @@ -59,6 +59,13 @@ type ACMEIssuer struct { // other than ACME transactions. Email string `json:"email,omitempty"` + // If you have an existing account with the ACME server, put + // the private key here in PEM format. The ACME client will + // look up your account information with this key first before + // trying to create a new one. You can use placeholders here, + // for example if you have it in an environment variable. + AccountKey string `json:"account_key,omitempty"` + // If using an ACME CA that requires an external account // binding, specify the CA-provided credentials here. ExternalAccount *acme.EAB `json:"external_account,omitempty"` @@ -98,15 +105,26 @@ func (ACMEIssuer) CaddyModule() caddy.ModuleInfo { func (iss *ACMEIssuer) Provision(ctx caddy.Context) error { iss.logger = ctx.Logger(iss) + repl := caddy.NewReplacer() + // expand email address, if non-empty if iss.Email != "" { - email, err := caddy.NewReplacer().ReplaceOrErr(iss.Email, true, true) + email, err := repl.ReplaceOrErr(iss.Email, true, true) if err != nil { return fmt.Errorf("expanding email address '%s': %v", iss.Email, err) } iss.Email = email } + // expand account key, if non-empty + if iss.AccountKey != "" { + accountKey, err := repl.ReplaceOrErr(iss.AccountKey, true, true) + if err != nil { + return fmt.Errorf("expanding account key PEM '%s': %v", iss.AccountKey, err) + } + iss.AccountKey = accountKey + } + // DNS providers if iss.Challenges != nil && iss.Challenges.DNS != nil && iss.Challenges.DNS.ProviderRaw != nil { val, err := ctx.LoadModule(iss.Challenges.DNS, "ProviderRaw") @@ -161,6 +179,7 @@ func (iss *ACMEIssuer) makeIssuerTemplate() (certmagic.ACMEManager, error) { CA: iss.CA, TestCA: iss.TestCA, Email: iss.Email, + AccountKeyPEM: iss.AccountKey, CertObtainTimeout: time.Duration(iss.ACMETimeout), TrustedRoots: iss.rootPool, ExternalAccount: iss.ExternalAccount, diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go index fd3473ed..489d87fb 100644 --- a/modules/caddytls/tls.go +++ b/modules/caddytls/tls.go @@ -306,9 +306,11 @@ func (t *TLS) Manage(names []string) error { // requires that the automation policy for r.Host has an issuer of type // *certmagic.ACMEManager, or one that is ACME-enabled (GetACMEIssuer()). func (t *TLS) HandleHTTPChallenge(w http.ResponseWriter, r *http.Request) bool { + // no-op if it's not an ACME challenge request if !certmagic.LooksLikeHTTPChallenge(r) { return false } + // try all the issuers until we find the one that initiated the challenge ap := t.getAutomationPolicyForName(r.Host) type acmeCapable interface{ GetACMEIssuer() *ACMEIssuer } @@ -320,6 +322,16 @@ func (t *TLS) HandleHTTPChallenge(w http.ResponseWriter, r *http.Request) bool { } } } + + // it's possible another server in this process initiated the challenge; + // users have requested that Caddy only handle HTTP challenges it initiated, + // so that users can proxy the others through to their backends; but we + // might not have an automation policy for all identifiers that are trying + // to get certificates (e.g. the admin endpoint), so we do this manual check + if challenge, ok := certmagic.GetACMEChallenge(r.Host); ok { + return certmagic.SolveHTTPChallenge(t.logger, w, r, challenge.Challenge) + } + return false } diff --git a/sigtrap.go b/sigtrap.go index 4ad94c15..0fce6d0d 100644 --- a/sigtrap.go +++ b/sigtrap.go @@ -47,37 +47,15 @@ func trapSignalsCrossPlatform() { } Log().Info("shutting down", zap.String("signal", "SIGINT")) - go gracefulStop("SIGINT") + go exitProcessFromSignal("SIGINT") } }() } -// gracefulStop exits the process as gracefully as possible. -// It always exits, even if there are errors shutting down. -func gracefulStop(sigName string) { - exitCode := ExitCodeSuccess - defer func() { - Log().Info("shutdown done", zap.String("signal", sigName)) - os.Exit(exitCode) - }() - - err := stopAndCleanup() - if err != nil { - Log().Error("stopping config", - zap.String("signal", sigName), - zap.Error(err)) - exitCode = ExitCodeFailedQuit - } - - if adminServer != nil { - err = stopAdminServer(adminServer) - if err != nil { - Log().Error("stopping admin endpoint", - zap.String("signal", sigName), - zap.Error(err)) - exitCode = ExitCodeFailedQuit - } - } +// exitProcessFromSignal exits the process from a system signal. +func exitProcessFromSignal(sigName string) { + logger := Log().With(zap.String("signal", sigName)) + exitProcess(logger) } // Exit codes. Generally, you should NOT diff --git a/sigtrap_posix.go b/sigtrap_posix.go index a8e4cec3..0e4dda3c 100644 --- a/sigtrap_posix.go +++ b/sigtrap_posix.go @@ -35,12 +35,12 @@ func trapSignalsPosix() { switch sig { case syscall.SIGQUIT: Log().Info("quitting process immediately", zap.String("signal", "SIGQUIT")) - certmagic.CleanUpOwnLocks() // try to clean up locks anyway, it's important + certmagic.CleanUpOwnLocks(Log()) // try to clean up locks anyway, it's important os.Exit(ExitCodeForceQuit) case syscall.SIGTERM: Log().Info("shutting down apps then terminating", zap.String("signal", "SIGTERM")) - gracefulStop("SIGTERM") + exitProcessFromSignal("SIGTERM") case syscall.SIGUSR1: Log().Info("not implemented", zap.String("signal", "SIGUSR1")) From e2c5c28597e6a8c5e7ef48fde88f0b7d740d9586 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Thu, 28 Jan 2021 12:54:55 -0700 Subject: [PATCH 0301/1498] caddyhttp: Implement handler abort; new 'abort' directive (close #3871) (#3983) * caddyhttp: Implement handler abort; new 'abort' directive (close #3871) * Move abort directive ordering; clean up redirects Seems logical for the end-all of handlers to go at the... end. The Connection header no longer needs to be set there, since Close is true, and the static_response handler now does that. --- caddyconfig/httpcaddyfile/builtins.go | 10 ++++++++++ caddyconfig/httpcaddyfile/directives.go | 1 + modules/caddyhttp/autohttps.go | 3 +-- modules/caddyhttp/staticresp.go | 17 +++++++++++++++-- 4 files changed, 27 insertions(+), 4 deletions(-) diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index 08dfa886..2de808b9 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -40,6 +40,7 @@ func init() { RegisterHandlerDirective("root", parseRoot) RegisterHandlerDirective("redir", parseRedir) RegisterHandlerDirective("respond", parseRespond) + RegisterHandlerDirective("abort", parseAbort) RegisterHandlerDirective("route", parseRoute) RegisterHandlerDirective("handle", parseHandle) RegisterDirective("handle_errors", parseHandleErrors) @@ -502,6 +503,15 @@ func parseRespond(h Helper) (caddyhttp.MiddlewareHandler, error) { return sr, nil } +// parseAbort parses the abort directive. +func parseAbort(h Helper) (caddyhttp.MiddlewareHandler, error) { + h.Next() // consume directive + for h.Next() || h.NextBlock(0) { + return nil, h.ArgErr() + } + return &caddyhttp.StaticResponse{Abort: true}, nil +} + // parseRoute parses the route directive. func parseRoute(h Helper) (caddyhttp.MiddlewareHandler, error) { sr := new(caddyhttp.Subroute) diff --git a/caddyconfig/httpcaddyfile/directives.go b/caddyconfig/httpcaddyfile/directives.go index b79b8116..7f77f49f 100644 --- a/caddyconfig/httpcaddyfile/directives.go +++ b/caddyconfig/httpcaddyfile/directives.go @@ -69,6 +69,7 @@ var directiveOrder = []string{ "php_fastcgi", "file_server", "acme_server", + "abort", } // directiveIsOrdered returns true if dir is diff --git a/modules/caddyhttp/autohttps.go b/modules/caddyhttp/autohttps.go index 9d6612fa..c1d4c087 100644 --- a/modules/caddyhttp/autohttps.go +++ b/modules/caddyhttp/autohttps.go @@ -409,8 +409,7 @@ func (app *App) makeRedirRoute(redirToPort uint, matcherSet MatcherSet) Route { StaticResponse{ StatusCode: WeakString(strconv.Itoa(http.StatusPermanentRedirect)), Headers: http.Header{ - "Location": []string{redirTo}, - "Connection": []string{"close"}, + "Location": []string{redirTo}, }, Close: true, }, diff --git a/modules/caddyhttp/staticresp.go b/modules/caddyhttp/staticresp.go index 0a568fc1..4b11e0e6 100644 --- a/modules/caddyhttp/staticresp.go +++ b/modules/caddyhttp/staticresp.go @@ -42,6 +42,11 @@ type StaticResponse struct { // If true, the server will close the client's connection // after writing the response. Close bool `json:"close,omitempty"` + + // Immediately and forcefully closes the connection without + // writing a response. Interrupts any other HTTP streams on + // the same connection. + Abort bool `json:"abort,omitempty"` } // CaddyModule returns the Caddy module information. @@ -101,10 +106,18 @@ func (s *StaticResponse) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { } func (s StaticResponse) ServeHTTP(w http.ResponseWriter, r *http.Request, _ Handler) error { - repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) + // close the connection immediately + if s.Abort { + panic(http.ErrAbortHandler) + } // close the connection after responding - r.Close = s.Close + if s.Close { + r.Close = true + w.Header().Set("Connection", "close") + } + + repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) // set all headers for field, vals := range s.Headers { From bef80cd806eadb3555487b624849149b46199c3f Mon Sep 17 00:00:00 2001 From: Tyler Kropp Date: Thu, 28 Jan 2021 14:59:50 -0500 Subject: [PATCH 0302/1498] caddyhttp: Fix redir html status code, improve flow (#3987) * Fix html redir code, improve flow * Fix integer check error and add tests --- caddyconfig/httpcaddyfile/builtins.go | 24 ++-- caddyconfig/httpcaddyfile/builtins_test.go | 122 +++++++++++++++++++++ 2 files changed, 139 insertions(+), 7 deletions(-) diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index 2de808b9..aa68adb4 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -22,6 +22,7 @@ import ( "io/ioutil" "net/http" "reflect" + "strconv" "strings" "github.com/caddyserver/caddy/v2" @@ -462,14 +463,14 @@ func parseRedir(h Helper) (caddyhttp.MiddlewareHandler, error) { if h.NextArg() { code = h.Val() } - if code == "permanent" { - code = "301" - } - if code == "temporary" || code == "" { - code = "302" - } + var body string - if code == "html" { + switch code { + case "permanent": + code = "301" + case "temporary", "": + code = "302" + case "html": // Script tag comes first since that will better imitate a redirect in the browser's // history, but the meta tag is a fallback for most non-JS clients. const metaRedir = ` @@ -484,6 +485,15 @@ func parseRedir(h Helper) (caddyhttp.MiddlewareHandler, error) { ` safeTo := html.EscapeString(to) body = fmt.Sprintf(metaRedir, safeTo, safeTo, safeTo, safeTo) + code = "302" + default: + codeInt, err := strconv.Atoi(code) + if err != nil { + return nil, h.Errf("Not a supported redir code type or not valid integer: '%s'", code) + } + if codeInt < 300 || codeInt > 399 { + return nil, h.Errf("Redir code not in the 3xx range: '%v'", codeInt) + } } return caddyhttp.StaticResponse{ diff --git a/caddyconfig/httpcaddyfile/builtins_test.go b/caddyconfig/httpcaddyfile/builtins_test.go index c06dd230..09bb4ed2 100644 --- a/caddyconfig/httpcaddyfile/builtins_test.go +++ b/caddyconfig/httpcaddyfile/builtins_test.go @@ -51,3 +51,125 @@ func TestLogDirectiveSyntax(t *testing.T) { } } } + +func TestRedirDirectiveSyntax(t *testing.T) { + for i, tc := range []struct { + input string + expectError bool + }{ + { + input: `:8080 { + redir :8081 + }`, + expectError: false, + }, + { + input: `:8080 { + redir * :8081 + }`, + expectError: false, + }, + { + input: `:8080 { + redir /api/* :8081 300 + }`, + expectError: false, + }, + { + input: `:8080 { + redir :8081 300 + }`, + expectError: false, + }, + { + input: `:8080 { + redir /api/* :8081 399 + }`, + expectError: false, + }, + { + input: `:8080 { + redir :8081 399 + }`, + expectError: false, + }, + { + input: `:8080 { + redir /old.html /new.html + }`, + expectError: false, + }, + { + input: `:8080 { + redir /old.html /new.html temporary + }`, + expectError: false, + }, + { + input: `:8080 { + redir https://example.com{uri} permanent + }`, + expectError: false, + }, + { + input: `:8080 { + redir /old.html /new.html permanent + }`, + expectError: false, + }, + { + input: `:8080 { + redir /old.html /new.html html + }`, + expectError: false, + }, + { + input: `:8080 { + redir /old.html /new.html htlm + }`, + expectError: true, + }, + { + input: `:8080 { + redir * :8081 200 + }`, + expectError: true, + }, + { + input: `:8080 { + redir * :8081 400 + }`, + expectError: true, + }, + { + input: `:8080 { + redir * :8081 temp + }`, + expectError: true, + }, + { + input: `:8080 { + redir * :8081 perm + }`, + expectError: true, + }, + { + input: `:8080 { + redir * :8081 php + }`, + expectError: true, + }, + } { + + adapter := caddyfile.Adapter{ + ServerType: ServerType{}, + } + + _, _, err := adapter.Adapt([]byte(tc.input), nil) + + if err != nil != tc.expectError { + t.Errorf("Test %d error expectation failed Expected: %v, got %s", i, tc.expectError, err) + continue + } + } +} From e2940c8c03818f1227aa2c103e05fb5664635e11 Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Fri, 29 Jan 2021 01:40:36 +0300 Subject: [PATCH 0303/1498] ci: update the command to run tests on the s390x machine (#3995) --- .github/workflows/ci.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 476b908f..9540fddd 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -64,6 +64,7 @@ jobs: go env printf "\n\nSystem environment:\n\n" env + printf "Git version: $(git version)\n\n" # Calculate the short SHA1 hash of the git commit echo "::set-output name=short_sha::$(git rev-parse --short HEAD)" echo "::set-output name=go_cache::$(go env GOCACHE)" @@ -137,7 +138,7 @@ jobs: # The environment is fresh, so there's no point in keeping accepting and adding the key. rsync -arz -e "ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" --progress --delete --exclude '.git' . caddy-ci@ci-s390x.caddyserver.com:/var/tmp/"$short_sha" - ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -t caddy-ci@ci-s390x.caddyserver.com "cd /var/tmp/$short_sha; CGO_ENABLED=0 /usr/local/go/bin/go test -v ./..." + ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -t caddy-ci@ci-s390x.caddyserver.com "cd /var/tmp/$short_sha; go version; go env; printf "\n\n";CGO_ENABLED=0 go test -v ./..." test_result=$? # There's no need leaving the files around From 55e49ff5c88170b8978cb322dfea3688fb6d3b97 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 1 Feb 2021 11:45:28 -0700 Subject: [PATCH 0304/1498] httpcaddyfile: Sort catch-all site blocks properly (fix #4003) --- caddyconfig/httpcaddyfile/httptype.go | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index c6225df2..2e7dd7cc 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -430,9 +430,12 @@ func (st *ServerType) serversFromPairings( jLongestPath = addr.Path } } + // catch-all blocks (blocks with no hostname) should always go + // last, even after blocks with wildcard hosts + if specificity(iLongestHost) == 0 { + return false + } if specificity(jLongestHost) == 0 { - // catch-all blocks (blocks with no hostname) should always go - // last, even after blocks with wildcard hosts return true } if iWildcardHost != jWildcardHost { From c986110678458f032018ff931273f8b6e1921e38 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 1 Feb 2021 17:02:01 -0700 Subject: [PATCH 0305/1498] httpcaddyfile: Warn if site address uses unspecified IP (close #4004) --- caddyconfig/httpcaddyfile/httptype.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 2e7dd7cc..0a5149fc 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -17,6 +17,7 @@ package httpcaddyfile import ( "encoding/json" "fmt" + "log" "reflect" "regexp" "sort" @@ -471,6 +472,13 @@ func (st *ServerType) serversFromPairings( hosts := sblock.hostsFromKeys(false) + // emit warnings if user put unspecified IP addresses; they probably want the bind directive + for _, h := range hosts { + if h == "0.0.0.0" || h == "::" { + log.Printf("[WARNING] Site block has unspecified IP address %s which only matches requests having that Host header; you probably want the 'bind' directive to configure the socket", h) + } + } + // tls: connection policies if cpVals, ok := sblock.pile["tls.connection_policy"]; ok { // tls connection policies From 2772ede43c852fa50f3527dbd94ae747b6f64365 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 1 Feb 2021 18:14:03 -0700 Subject: [PATCH 0306/1498] cmd: Add --force flag to reload command (close #4005) Can be useful if user wants to reload manual certificates, for example. --- cmd/commandfuncs.go | 16 +++++++++++++--- cmd/commands.go | 1 + 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go index 9640f4bc..f3feb610 100644 --- a/cmd/commandfuncs.go +++ b/cmd/commandfuncs.go @@ -282,7 +282,7 @@ func cmdRun(fl Flags) (int, error) { func cmdStop(fl Flags) (int, error) { stopCmdAddrFlag := fl.String("address") - err := apiRequest(stopCmdAddrFlag, http.MethodPost, "/stop", nil) + err := apiRequest(stopCmdAddrFlag, http.MethodPost, "/stop", nil, nil) if err != nil { caddy.Log().Warn("failed using API to stop instance", zap.Error(err)) return caddy.ExitCodeFailedStartup, err @@ -295,6 +295,7 @@ func cmdReload(fl Flags) (int, error) { reloadCmdConfigFlag := fl.String("config") reloadCmdConfigAdapterFlag := fl.String("adapter") reloadCmdAddrFlag := fl.String("address") + reloadCmdForceFlag := fl.Bool("force") if err := NotifyReloading(); err != nil { caddy.Log().Error("unable to notify reloading to service manager", zap.Error(err)) @@ -328,7 +329,13 @@ func cmdReload(fl Flags) (int, error) { adminAddr = tmpStruct.Admin.Listen } - err = apiRequest(adminAddr, http.MethodPost, "/load", bytes.NewReader(config)) + // optionally force a config reload + headers := make(http.Header) + if reloadCmdForceFlag { + headers.Set("Cache-Control", "must-revalidate") + } + + err = apiRequest(adminAddr, http.MethodPost, "/load", headers, bytes.NewReader(config)) if err != nil { return caddy.ExitCodeFailedStartup, fmt.Errorf("sending configuration to instance: %v", err) } @@ -827,7 +834,7 @@ func getModules() (standard, nonstandard, unknown []moduleInfo, err error) { // apiRequest makes an API request to the endpoint adminAddr with the // given HTTP method and request URI. If body is non-nil, it will be // assumed to be Content-Type application/json. -func apiRequest(adminAddr, method, uri string, body io.Reader) error { +func apiRequest(adminAddr, method, uri string, headers http.Header, body io.Reader) error { // parse the admin address if adminAddr == "" { adminAddr = caddy.DefaultAdminListen @@ -867,6 +874,9 @@ func apiRequest(adminAddr, method, uri string, body io.Reader) error { if body != nil { req.Header.Set("Content-Type", "application/json") } + for k, v := range headers { + req.Header[k] = v + } // make an HTTP client that dials our network type, since admin // endpoints aren't always TCP, which is what the default transport diff --git a/cmd/commands.go b/cmd/commands.go index 17651940..a5198966 100644 --- a/cmd/commands.go +++ b/cmd/commands.go @@ -178,6 +178,7 @@ config file; otherwise the default is assumed.`, fs.String("config", "", "Configuration file (required)") fs.String("adapter", "", "Name of config adapter to apply") fs.String("address", "", "Address of the administration listener, if different from config") + fs.Bool("force", false, "Force config reload, even if it is the same") return fs }(), }) From 90284e8017fedeb6eeb9f4183660a679b8a5e15e Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 2 Feb 2021 16:17:26 -0700 Subject: [PATCH 0307/1498] httpcaddyfile: Fix default issuers when email provided If `tls ` is used, we should apply that to all applicable default issuers, not drop them. This refactoring applies implicit ACME issuer settings from the tls directive to all default ACME issuers, like ZeroSSL. We also consolidate some annoying logic and improve config validity checks. Ref: https://caddy.community/t/error-obtaining-certificate-after-caddy-restart/11335/8 --- caddyconfig/httpcaddyfile/builtins.go | 56 ++++++++++++++++++++------- caddyconfig/httpcaddyfile/tlsapp.go | 27 ++++--------- modules/caddyhttp/autohttps.go | 4 +- modules/caddytls/automation.go | 33 +++++++++------- 4 files changed, 71 insertions(+), 49 deletions(-) diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index aa68adb4..4945a81a 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -369,31 +369,57 @@ func parseTLS(h Helper) ([]ConfigValue, error) { }) } + // some tls subdirectives are shortcuts that implicitly configure issuers, and the + // user can also configure issuers explicitly using the issuer subdirective; the + // logic to support both would likely be complex, or at least unintuitive if len(issuers) > 0 && (acmeIssuer != nil || internalIssuer != nil) { - // some tls subdirectives are shortcuts that implicitly configure issuers, and the - // user can also configure issuers explicitly using the issuer subdirective; the - // logic to support both would likely be complex, or at least unintuitive return nil, h.Err("cannot mix issuer subdirective (explicit issuers) with other issuer-specific subdirectives (implicit issuers)") } - for _, issuer := range issuers { - configVals = append(configVals, ConfigValue{ - Class: "tls.cert_issuer", - Value: issuer, - }) + if acmeIssuer != nil && internalIssuer != nil { + return nil, h.Err("cannot create both ACME and internal certificate issuers") } - if acmeIssuer != nil { - configVals = append(configVals, ConfigValue{ - Class: "tls.cert_issuer", - Value: disambiguateACMEIssuer(acmeIssuer), - }) - } - if internalIssuer != nil { + + // now we should either have: explicitly-created issuers, or an implicitly-created + // ACME or internal issuer, or no issuers at all + switch { + case len(issuers) > 0: + for _, issuer := range issuers { + configVals = append(configVals, ConfigValue{ + Class: "tls.cert_issuer", + Value: issuer, + }) + } + + case acmeIssuer != nil: + // implicit ACME issuers (from various subdirectives) - use defaults; there might be more than one + defaultIssuers := caddytls.DefaultIssuers() + + // if a CA endpoint was set, override multiple implicit issuers since it's a specific one + if acmeIssuer.CA != "" { + defaultIssuers = []certmagic.Issuer{acmeIssuer} + } + + for _, issuer := range defaultIssuers { + switch iss := issuer.(type) { + case *caddytls.ACMEIssuer: + issuer = acmeIssuer + case *caddytls.ZeroSSLIssuer: + iss.ACMEIssuer = acmeIssuer + } + configVals = append(configVals, ConfigValue{ + Class: "tls.cert_issuer", + Value: issuer, + }) + } + + case internalIssuer != nil: configVals = append(configVals, ConfigValue{ Class: "tls.cert_issuer", Value: internalIssuer, }) } + // certificate key type if keyType != "" { configVals = append(configVals, ConfigValue{ Class: "tls.key_type", diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index dbf3cc71..d831d1b2 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -316,13 +316,15 @@ func (st ServerType) buildTLSApp( if hasGlobalACMEDefaults { for _, ap := range tlsApp.Automation.Policies { if len(ap.Issuers) == 0 { - acme, zerosslACME := new(caddytls.ACMEIssuer), new(caddytls.ACMEIssuer) - zerossl := &caddytls.ZeroSSLIssuer{ACMEIssuer: zerosslACME} - ap.Issuers = []certmagic.Issuer{acme, zerossl} // TODO: keep this in sync with Caddy's other issuer defaults elsewhere, like in caddytls/automation.go (DefaultIssuers). + ap.Issuers = caddytls.DefaultIssuers() - // if a non-ZeroSSL endpoint is specified, we assume we can't use the ZeroSSL issuer successfully - if globalACMECA != nil && !strings.Contains(globalACMECA.(string), "zerossl") { - ap.Issuers = []certmagic.Issuer{acme} + // if a specific endpoint is configured, can't use multiple default issuers + if globalACMECA != nil { + if strings.Contains(globalACMECA.(string), "zerossl") { + ap.Issuers = []certmagic.Issuer{&caddytls.ZeroSSLIssuer{ACMEIssuer: new(caddytls.ACMEIssuer)}} + } else { + ap.Issuers = []certmagic.Issuer{new(caddytls.ACMEIssuer)} + } } } } @@ -463,19 +465,6 @@ func newBaseAutomationPolicy(options map[string]interface{}, warnings []caddycon return ap, nil } -// disambiguateACMEIssuer returns an issuer based on the properties of acmeIssuer. -// If acmeIssuer implicitly configures a certain kind of ACMEIssuer (for example, -// ZeroSSL), the proper wrapper over acmeIssuer will be returned instead. -func disambiguateACMEIssuer(acmeIssuer *caddytls.ACMEIssuer) certmagic.Issuer { - // as a special case, we integrate with ZeroSSL's ACME endpoint if it looks like an - // implicit ZeroSSL configuration (this requires a wrapper type over ACMEIssuer - // because of the EAB generation; if EAB is provided, we can use plain ACMEIssuer) - if strings.Contains(acmeIssuer.CA, "acme.zerossl.com") && acmeIssuer.ExternalAccount == nil { - return &caddytls.ZeroSSLIssuer{ACMEIssuer: acmeIssuer} - } - return acmeIssuer -} - // consolidateAutomationPolicies combines automation policies that are the same, // for a cleaner overall output. func consolidateAutomationPolicies(aps []*caddytls.AutomationPolicy) []*caddytls.AutomationPolicy { diff --git a/modules/caddyhttp/autohttps.go b/modules/caddyhttp/autohttps.go index c1d4c087..5c83d8fd 100644 --- a/modules/caddyhttp/autohttps.go +++ b/modules/caddyhttp/autohttps.go @@ -444,7 +444,7 @@ func (app *App) createAutomationPolicies(ctx caddy.Context, internalNames []stri // what the HTTP and HTTPS ports are) if ap.Issuers == nil { var err error - ap.Issuers, err = caddytls.DefaultIssuers(ctx) + ap.Issuers, err = caddytls.DefaultIssuersProvisioned(ctx) if err != nil { return err } @@ -499,7 +499,7 @@ func (app *App) createAutomationPolicies(ctx caddy.Context, internalNames []stri // never overwrite any other issuer that might already be configured if basePolicy.Issuers == nil { var err error - basePolicy.Issuers, err = caddytls.DefaultIssuers(ctx) + basePolicy.Issuers, err = caddytls.DefaultIssuersProvisioned(ctx) if err != nil { return err } diff --git a/modules/caddytls/automation.go b/modules/caddytls/automation.go index ed29e06a..bcc0a0c7 100644 --- a/modules/caddytls/automation.go +++ b/modules/caddytls/automation.go @@ -187,7 +187,7 @@ func (ap *AutomationPolicy) Provision(tlsApp *TLS) error { issuers := ap.Issuers if len(issuers) == 0 { var err error - issuers, err = DefaultIssuers(tlsApp.ctx) + issuers, err = DefaultIssuersProvisioned(tlsApp.ctx) if err != nil { return err } @@ -242,21 +242,28 @@ func (ap *AutomationPolicy) Provision(tlsApp *TLS) error { return nil } -// DefaultIssuers returns empty but provisioned default Issuers. +// DefaultIssuers returns empty Issuers (not provisioned) to be used as defaults. // This function is experimental and has no compatibility promises. -func DefaultIssuers(ctx caddy.Context) ([]certmagic.Issuer, error) { - acme := new(ACMEIssuer) - err := acme.Provision(ctx) - if err != nil { - return nil, err +func DefaultIssuers() []certmagic.Issuer { + return []certmagic.Issuer{ + new(ACMEIssuer), + &ZeroSSLIssuer{ACMEIssuer: new(ACMEIssuer)}, } - zerossl := new(ZeroSSLIssuer) - err = zerossl.Provision(ctx) - if err != nil { - return nil, err +} + +// DefaultIssuersProvisioned returns empty but provisioned default Issuers from +// DefaultIssuers(). This function is experimental and has no compatibility promises. +func DefaultIssuersProvisioned(ctx caddy.Context) ([]certmagic.Issuer, error) { + issuers := DefaultIssuers() + for i, iss := range issuers { + if prov, ok := iss.(caddy.Provisioner); ok { + err := prov.Provision(ctx) + if err != nil { + return nil, fmt.Errorf("provisioning default issuer %d: %T: %v", i, iss, err) + } + } } - // TODO: eventually, insert ZeroSSL into first position in the slice -- see also httpcaddyfile/tlsapp.go for where similar defaults are configured - return []certmagic.Issuer{acme, zerossl}, nil + return issuers, nil } // ChallengesConfig configures the ACME challenges. From 8ec90f1c402b5e1aa1eea59e45f700aeb45da6ba Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 2 Feb 2021 16:19:58 -0700 Subject: [PATCH 0308/1498] caddyhttp: Check for invalid subdirectives of static_response Ref: https://caddy.community/t/acme-server-implementation/11256/ --- modules/caddyhttp/staticresp.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/caddyhttp/staticresp.go b/modules/caddyhttp/staticresp.go index 4b11e0e6..c587f5ee 100644 --- a/modules/caddyhttp/staticresp.go +++ b/modules/caddyhttp/staticresp.go @@ -99,6 +99,8 @@ func (s *StaticResponse) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return d.Err("close already specified") } s.Close = true + default: + return d.Errf("unrecognized subdirective '%s'", d.Val()) } } } From bf50d7010a26468791f4397c0f0c4f9a8ed1d6a2 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 2 Feb 2021 17:23:52 -0700 Subject: [PATCH 0309/1498] acmeserver: Support custom CAs from Caddyfile The HTTP Caddyfile adapter can now configure the PKI app, and the acme_server directive can now be used to specify a custom CA used for issuing certificates. More customization options can follow later as needed. --- caddyconfig/httpcaddyfile/httptype.go | 10 +++++ caddyconfig/httpcaddyfile/pkiapp.go | 41 +++++++++++++++++++++ modules/caddypki/acmeserver/caddyfile.go | 47 +++++++++++++++++++++--- modules/caddypki/ca.go | 16 ++++---- modules/caddypki/maintain.go | 4 +- modules/caddypki/pki.go | 12 ++++-- modules/caddytls/internalissuer.go | 2 +- 7 files changed, 111 insertions(+), 21 deletions(-) create mode 100644 caddyconfig/httpcaddyfile/pkiapp.go diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 0a5149fc..a32acabb 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -28,6 +28,7 @@ import ( "github.com/caddyserver/caddy/v2/caddyconfig" "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" "github.com/caddyserver/caddy/v2/modules/caddyhttp" + "github.com/caddyserver/caddy/v2/modules/caddypki" "github.com/caddyserver/caddy/v2/modules/caddytls" ) @@ -219,6 +220,12 @@ func (st ServerType) Setup(inputServerBlocks []caddyfile.ServerBlock, return nil, warnings, err } + // then make the PKI app + pkiApp, warnings, err := st.buildPKIApp(pairings, options, warnings) + if err != nil { + return nil, warnings, err + } + // extract any custom logs, and enforce configured levels var customLogs []namedCustomLog var hasDefaultLog bool @@ -259,6 +266,9 @@ func (st ServerType) Setup(inputServerBlocks []caddyfile.ServerBlock, if !reflect.DeepEqual(tlsApp, &caddytls.TLS{CertificatesRaw: make(caddy.ModuleMap)}) { cfg.AppsRaw["tls"] = caddyconfig.JSON(tlsApp, &warnings) } + if !reflect.DeepEqual(pkiApp, &caddypki.PKI{CAs: make(map[string]*caddypki.CA)}) { + cfg.AppsRaw["pki"] = caddyconfig.JSON(pkiApp, &warnings) + } if storageCvtr, ok := options["storage"].(caddy.StorageConverter); ok { cfg.StorageRaw = caddyconfig.JSONModuleObject(storageCvtr, "module", diff --git a/caddyconfig/httpcaddyfile/pkiapp.go b/caddyconfig/httpcaddyfile/pkiapp.go new file mode 100644 index 00000000..3abcc6bb --- /dev/null +++ b/caddyconfig/httpcaddyfile/pkiapp.go @@ -0,0 +1,41 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package httpcaddyfile + +import ( + "github.com/caddyserver/caddy/v2/caddyconfig" + "github.com/caddyserver/caddy/v2/modules/caddypki" +) + +func (st ServerType) buildPKIApp( + pairings []sbAddrAssociation, + options map[string]interface{}, + warnings []caddyconfig.Warning, +) (*caddypki.PKI, []caddyconfig.Warning, error) { + + pkiApp := &caddypki.PKI{CAs: make(map[string]*caddypki.CA)} + + for _, p := range pairings { + for _, sblock := range p.serverBlocks { + // find all the CAs that were defined and add them to the app config + for _, caCfgValue := range sblock.pile["pki.ca"] { + ca := caCfgValue.Value.(*caddypki.CA) + pkiApp.CAs[ca.ID] = ca + } + } + } + + return pkiApp, warnings, nil +} diff --git a/modules/caddypki/acmeserver/caddyfile.go b/modules/caddypki/acmeserver/caddyfile.go index 66874604..9ac0bb20 100644 --- a/modules/caddypki/acmeserver/caddyfile.go +++ b/modules/caddypki/acmeserver/caddyfile.go @@ -16,23 +16,58 @@ package acmeserver import ( "github.com/caddyserver/caddy/v2/caddyconfig/httpcaddyfile" - "github.com/caddyserver/caddy/v2/modules/caddyhttp" + "github.com/caddyserver/caddy/v2/modules/caddypki" ) func init() { - httpcaddyfile.RegisterHandlerDirective("acme_server", parseACMEServer) + httpcaddyfile.RegisterDirective("acme_server", parseACMEServer) } // parseACMEServer sets up an ACME server handler from Caddyfile tokens. // -// acme_server [] +// acme_server [] { +// ca +// } // -func parseACMEServer(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) { - var as Handler +func parseACMEServer(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error) { + if !h.Next() { + return nil, h.ArgErr() + } + + matcherSet, err := h.ExtractMatcherSet() + if err != nil { + return nil, err + } + + var acmeServer Handler + var ca *caddypki.CA + for h.Next() { if h.NextArg() { return nil, h.ArgErr() } + for h.NextBlock(0) { + switch h.Val() { + case "ca": + if !h.AllArgs(&acmeServer.CA) { + return nil, h.ArgErr() + } + if ca == nil { + ca = new(caddypki.CA) + } + ca.ID = acmeServer.CA + } + } } - return as, nil + + configVals := h.NewRoute(matcherSet, acmeServer) + + if ca == nil { + return configVals, nil + } + + return append(configVals, httpcaddyfile.ConfigValue{ + Class: "pki.ca", + Value: ca, + }), nil } diff --git a/modules/caddypki/ca.go b/modules/caddypki/ca.go index 5e766767..957f0760 100644 --- a/modules/caddypki/ca.go +++ b/modules/caddypki/ca.go @@ -63,7 +63,12 @@ type CA struct { // separate location from your leaf certificates. StorageRaw json.RawMessage `json:"storage,omitempty" caddy:"namespace=caddy.storage inline_key=module"` - id string + // The unique config-facing ID of the certificate authority. + // Since the ID is set in JSON config via object key, this + // field is exported only for purposes of config generation + // and module provisioning. + ID string `json:"-"` + storage certmagic.Storage root, inter *x509.Certificate interKey interface{} // TODO: should we just store these as crypto.Signer? @@ -82,7 +87,7 @@ func (ca *CA) Provision(ctx caddy.Context, id string, log *zap.Logger) error { return fmt.Errorf("CA ID is required (use 'local' for the default CA)") } ca.mu.Lock() - ca.id = id + ca.ID = id ca.mu.Unlock() if ca.StorageRaw != nil { @@ -142,11 +147,6 @@ func (ca *CA) Provision(ctx caddy.Context, id string, log *zap.Logger) error { return nil } -// ID returns the CA's ID, as given by the user in the config. -func (ca CA) ID() string { - return ca.id -} - // RootCertificate returns the CA's root certificate (public key). func (ca CA) RootCertificate() *x509.Certificate { ca.mu.RLock() @@ -338,7 +338,7 @@ func (ca CA) genIntermediate(rootCert *x509.Certificate, rootKey interface{}) (i } func (ca CA) storageKeyCAPrefix() string { - return path.Join("pki", "authorities", certmagic.StorageKeys.Safe(ca.id)) + return path.Join("pki", "authorities", certmagic.StorageKeys.Safe(ca.ID)) } func (ca CA) storageKeyRootCert() string { return path.Join(ca.storageKeyCAPrefix(), "root.crt") diff --git a/modules/caddypki/maintain.go b/modules/caddypki/maintain.go index c0b277d4..31e453ff 100644 --- a/modules/caddypki/maintain.go +++ b/modules/caddypki/maintain.go @@ -50,7 +50,7 @@ func (p *PKI) renewCerts() { if err != nil { p.log.Error("renewing intermediate certificates", zap.Error(err), - zap.String("ca", ca.id)) + zap.String("ca", ca.ID)) } } } @@ -59,7 +59,7 @@ func (p *PKI) renewCertsForCA(ca *CA) error { ca.mu.Lock() defer ca.mu.Unlock() - log := p.log.With(zap.String("ca", ca.id)) + log := p.log.With(zap.String("ca", ca.ID)) // only maintain the root if it's not manually provided in the config if ca.Root == nil { diff --git a/modules/caddypki/pki.go b/modules/caddypki/pki.go index 77370797..b6f08b18 100644 --- a/modules/caddypki/pki.go +++ b/modules/caddypki/pki.go @@ -49,10 +49,14 @@ func (p *PKI) Provision(ctx caddy.Context) error { p.ctx = ctx p.log = ctx.Logger(p) - // if this app is initialized at all, ensure there's - // at least a default CA that can be used - if len(p.CAs) == 0 { - p.CAs = map[string]*CA{DefaultCAID: new(CA)} + // if this app is initialized at all, ensure there's at + // least a default CA that can be used: the standard CA + // which is used implicitly for signing local-use certs + if p.CAs == nil { + p.CAs = make(map[string]*CA) + } + if _, ok := p.CAs[DefaultCAID]; !ok { + p.CAs[DefaultCAID] = new(CA) } for caID, ca := range p.CAs { diff --git a/modules/caddytls/internalissuer.go b/modules/caddytls/internalissuer.go index 416369f5..a6ae587a 100644 --- a/modules/caddytls/internalissuer.go +++ b/modules/caddytls/internalissuer.go @@ -94,7 +94,7 @@ func (iss *InternalIssuer) Provision(ctx caddy.Context) error { // IssuerKey returns the unique issuer key for the // confgured CA endpoint. func (iss InternalIssuer) IssuerKey() string { - return iss.ca.ID() + return iss.ca.ID } // Issue issues a certificate to satisfy the CSR. From 8c291298c9241cd2d130f273b25f806687ce5e87 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 2 Feb 2021 23:07:50 -0700 Subject: [PATCH 0310/1498] httpcaddyfile: Add resolvers subdir of tls (close #4008) Allows conveniently setting the resolvers for the DNS challenge using a TLS subdirective, which applies to default issuers, rather than having to explicitly define the issuers and overwrite the defaults. --- caddyconfig/httpcaddyfile/builtins.go | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index 4945a81a..8a8f3cc9 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -316,6 +316,8 @@ func parseTLS(h Helper) ([]ConfigValue, error) { } if acmeIssuer.Challenges == nil { acmeIssuer.Challenges = new(caddytls.ChallengesConfig) + } + if acmeIssuer.Challenges.DNS == nil { acmeIssuer.Challenges.DNS = new(caddytls.DNSChallengeConfig) } modID := "dns.providers." + provName @@ -325,6 +327,22 @@ func parseTLS(h Helper) ([]ConfigValue, error) { } acmeIssuer.Challenges.DNS.ProviderRaw = caddyconfig.JSONModuleObject(unm, "name", provName, h.warnings) + case "resolvers": + args := h.RemainingArgs() + if len(args) == 0 { + return nil, h.ArgErr() + } + if acmeIssuer == nil { + acmeIssuer = new(caddytls.ACMEIssuer) + } + if acmeIssuer.Challenges == nil { + acmeIssuer.Challenges = new(caddytls.ChallengesConfig) + } + if acmeIssuer.Challenges.DNS == nil { + acmeIssuer.Challenges.DNS = new(caddytls.DNSChallengeConfig) + } + acmeIssuer.Challenges.DNS.Resolvers = args + case "ca_root": arg := h.RemainingArgs() if len(arg) != 1 { From 0aefa7b0478f3a16f33d386b9de0167ed8cf7e2a Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Fri, 5 Feb 2021 18:36:52 +0300 Subject: [PATCH 0311/1498] ci: deflake integration tests (#3966) * ci: deflake integration tests by pulling Caddy for the running config until new config is loaded --- caddytest/caddytest.go | 78 ++++++++++++++++++++++++++++++------------ 1 file changed, 57 insertions(+), 21 deletions(-) diff --git a/caddytest/caddytest.go b/caddytest/caddytest.go index b3896e7a..094e45c6 100644 --- a/caddytest/caddytest.go +++ b/caddytest/caddytest.go @@ -14,6 +14,7 @@ import ( "net/http/cookiejar" "os" "path" + "reflect" "regexp" "runtime" "strings" @@ -98,6 +99,10 @@ func (tc *Tester) InitServer(rawConfig string, configType string) { tc.t.Logf("failed to load config: %s", err) tc.t.Fail() } + if err := tc.ensureConfigRunning(rawConfig, configType); err != nil { + tc.t.Logf("failed ensurng config is running: %s", err) + tc.t.Fail() + } } // InitServer this will configure the server with a configurion of a specific @@ -171,20 +176,57 @@ func (tc *Tester) initServer(rawConfig string, configType string) error { return nil } -var hasValidated bool -var arePrerequisitesValid bool - -func validateTestPrerequisites() error { - - if hasValidated { - if !arePrerequisitesValid { - return errors.New("caddy integration prerequisites failed. see first error") +func (tc *Tester) ensureConfigRunning(rawConfig string, configType string) error { + expectedBytes := []byte(prependCaddyFilePath(rawConfig)) + if configType != "json" { + adapter := caddyconfig.GetAdapter(configType) + if adapter == nil { + return fmt.Errorf("adapter of config type is missing: %s", configType) } - return nil + expectedBytes, _, _ = adapter.Adapt([]byte(rawConfig), nil) } - hasValidated = true - arePrerequisitesValid = false + var expected interface{} + err := json.Unmarshal(expectedBytes, &expected) + if err != nil { + return err + } + + client := &http.Client{ + Timeout: Default.LoadRequestTimeout, + } + + fetchConfig := func(client *http.Client) interface{} { + resp, err := client.Get(fmt.Sprintf("http://localhost:%d/config/", Default.AdminPort)) + if err != nil { + return nil + } + defer resp.Body.Close() + actualBytes, err := ioutil.ReadAll(resp.Body) + if err != nil { + return nil + } + var actual interface{} + err = json.Unmarshal(actualBytes, &actual) + if err != nil { + return nil + } + return actual + } + + for retries := 4; retries > 0; retries-- { + if reflect.DeepEqual(expected, fetchConfig(client)) { + return nil + } + time.Sleep(10 * time.Millisecond) + } + tc.t.Errorf("POSTed configuration isn't active") + return errors.New("EnsureConfigRunning: POSTed configuration isn't active") +} + +// validateTestPrerequisites ensures the certificates are available in the +// designated path and Caddy sub-process is running. +func validateTestPrerequisites() error { // check certificates are found for _, certName := range Default.Certifcates { @@ -200,20 +242,14 @@ func validateTestPrerequisites() error { caddycmd.Main() }() - // wait for caddy to start - retries := 4 - for ; retries > 0 && isCaddyAdminRunning() != nil; retries-- { + // wait for caddy to start serving the initial config + for retries := 4; retries > 0 && isCaddyAdminRunning() != nil; retries-- { time.Sleep(10 * time.Millisecond) } } - // assert that caddy is running - if err := isCaddyAdminRunning(); err != nil { - return err - } - - arePrerequisitesValid = true - return nil + // one more time to return the error + return isCaddyAdminRunning() } func isCaddyAdminRunning() error { From 653a0d3f6bd7b66197abd1e00e366164876a9f2b Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 8 Feb 2021 11:06:19 -0700 Subject: [PATCH 0312/1498] httpcaddyfile: Fix automation policies Fixes a bug introduced in #3862 --- caddyconfig/httpcaddyfile/tlsapp.go | 3 +- .../tls_automation_policies_3.txt | 89 +++++++++++++++++++ 2 files changed, 91 insertions(+), 1 deletion(-) create mode 100644 caddytest/integration/caddyfile_adapt/tls_automation_policies_3.txt diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index d831d1b2..45ba9d21 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -125,11 +125,12 @@ func (st ServerType) buildTLSApp( if issuerVals, ok := sblock.pile["tls.cert_issuer"]; ok { var issuers []certmagic.Issuer for _, issuerVal := range issuerVals { - ap.Issuers = append(ap.Issuers, issuerVal.Value.(certmagic.Issuer)) + issuers = append(issuers, issuerVal.Value.(certmagic.Issuer)) } if ap == catchAllAP && !reflect.DeepEqual(ap.Issuers, issuers) { return nil, warnings, fmt.Errorf("automation policy from site block is also default/catch-all policy because of key without hostname, and the two are in conflict: %#v != %#v", ap.Issuers, issuers) } + ap.Issuers = issuers } // custom bind host diff --git a/caddytest/integration/caddyfile_adapt/tls_automation_policies_3.txt b/caddytest/integration/caddyfile_adapt/tls_automation_policies_3.txt new file mode 100644 index 00000000..da5824a3 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/tls_automation_policies_3.txt @@ -0,0 +1,89 @@ +# https://caddy.community/t/caddyfile-having-individual-sites-differ-from-global-options/11297 +{ + local_certs +} + +a.example.com { + tls internal +} + +b.example.com { + tls abc@example.com +} + +c.example.com { +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "a.example.com" + ] + } + ], + "terminal": true + }, + { + "match": [ + { + "host": [ + "b.example.com" + ] + } + ], + "terminal": true + }, + { + "match": [ + { + "host": [ + "c.example.com" + ] + } + ], + "terminal": true + } + ] + } + } + }, + "tls": { + "automation": { + "policies": [ + { + "subjects": [ + "b.example.com" + ], + "issuers": [ + { + "email": "abc@example.com", + "module": "acme" + }, + { + "email": "abc@example.com", + "module": "zerossl" + } + ] + }, + { + "issuers": [ + { + "module": "internal" + } + ] + } + ] + } + } + } +} \ No newline at end of file From 5ef76ff3e6e73282deb59df8b1a14bb966de36be Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 9 Feb 2021 14:15:04 -0700 Subject: [PATCH 0313/1498] reverseproxy: Response buffering & configurable buffer size Proxy response bodies can now be buffered, and the size of the request body and response body buffer can be limited. Any remaining content that doesn't fit in the buffer will remain on the wire until it can be read; i.e. bodies are not truncated, even if the buffer is not big enough. This fulfills a customer requirement. This was made possible by their sponsorship! --- modules/caddyhttp/reverseproxy/caddyfile.go | 19 +++++ .../caddyhttp/reverseproxy/httptransport.go | 1 + .../caddyhttp/reverseproxy/reverseproxy.go | 69 ++++++++++++++++--- 3 files changed, 80 insertions(+), 9 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index 895bcbb9..71ed21fa 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -499,6 +499,25 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { } h.BufferRequests = true + case "buffer_responses": + if d.NextArg() { + return d.ArgErr() + } + h.BufferResponses = true + + case "max_buffer_size": + if !d.NextArg() { + return d.ArgErr() + } + size, err := strconv.Atoi(d.Val()) + if err != nil { + return d.Errf("invalid size (bytes): %s", d.Val()) + } + if d.NextArg() { + return d.ArgErr() + } + h.MaxBufferSize = int64(size) + case "header_up": var err error diff --git a/modules/caddyhttp/reverseproxy/httptransport.go b/modules/caddyhttp/reverseproxy/httptransport.go index 61e90543..fdaf56e1 100644 --- a/modules/caddyhttp/reverseproxy/httptransport.go +++ b/modules/caddyhttp/reverseproxy/httptransport.go @@ -334,6 +334,7 @@ func (t TLSConfig) MakeTLSClientConfig(ctx caddy.Context) (*tls.Config, error) { cfg.Certificates = []tls.Certificate{cert} } if t.ClientCertificateAutomate != "" { + // TODO: use or enable ctx.IdentityCredentials() ... tlsAppIface, err := ctx.App("tls") if err != nil { return nil, fmt.Errorf("getting tls app: %v", err) diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 3a2457f6..76506ca8 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -21,7 +21,6 @@ import ( "errors" "fmt" "io" - "io/ioutil" "net" "net/http" "regexp" @@ -93,9 +92,20 @@ type Handler struct { // If true, the entire request body will be read and buffered // in memory before being proxied to the backend. This should - // be avoided if at all possible for performance reasons. + // be avoided if at all possible for performance reasons, but + // could be useful if the backend is intolerant of read latency. BufferRequests bool `json:"buffer_requests,omitempty"` + // If true, the entire response body will be read and buffered + // in memory before being proxied to the client. This should + // be avoided if at all possible for performance reasons, but + // could be useful if the backend has tighter memory constraints. + BufferResponses bool `json:"buffer_responses,omitempty"` + + // If body buffering is enabled, the maximum size of the buffers + // used for the requests and responses (in bytes). + MaxBufferSize int64 `json:"max_buffer_size,omitempty"` + // List of handlers and their associated matchers to evaluate // after successful roundtrips. The first handler that matches // the response from a backend will be invoked. The response @@ -337,12 +347,7 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyht // required, if read timeouts are set, // and if body size is limited if h.BufferRequests { - buf := bufPool.Get().(*bytes.Buffer) - buf.Reset() - defer bufPool.Put(buf) - _, _ = io.Copy(buf, r.Body) - r.Body.Close() - r.Body = ioutil.NopCloser(buf) + r.Body = h.bufferedBody(r.Body) } // prepare the request for proxying; this is needed only once @@ -563,6 +568,11 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, di Dia } } + // if enabled, buffer the response body + if h.BufferResponses { + res.Body = h.bufferedBody(res.Body) + } + // see if any response handler is configured for this response from the backend for i, rh := range h.HandleResponse { if rh.Match != nil && !rh.Match.Match(res.StatusCode, res.Header) { @@ -599,7 +609,7 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, di Dia } } - // Deal with 101 Switching Protocols responses: (WebSocket, h2c, etc) + // deal with 101 Switching Protocols responses: (WebSocket, h2c, etc) if res.StatusCode == http.StatusSwitchingProtocols { h.handleUpgradeResponse(rw, req, res) return nil @@ -735,6 +745,30 @@ func (h Handler) directRequest(req *http.Request, di DialInfo) { req.URL.Host = reqHost } +// bufferedBody reads originalBody into a buffer, then returns a reader for the buffer. +// Always close the return value when done with it, just like if it was the original body! +func (h Handler) bufferedBody(originalBody io.ReadCloser) io.ReadCloser { + buf := bufPool.Get().(*bytes.Buffer) + buf.Reset() + if h.MaxBufferSize > 0 { + n, err := io.CopyN(buf, originalBody, h.MaxBufferSize) + if err != nil || n == h.MaxBufferSize { + return bodyReadCloser{ + Reader: io.MultiReader(buf, originalBody), + buf: buf, + body: originalBody, + } + } + } else { + _, _ = io.Copy(buf, originalBody) + } + originalBody.Close() // no point in keeping it open + return bodyReadCloser{ + Reader: buf, + buf: buf, + } +} + func copyHeader(dst, src http.Header) { for k, vv := range src { for _, v := range vv { @@ -858,6 +892,23 @@ type TLSTransport interface { // roundtrip succeeded, but an error occurred after-the-fact. type roundtripSucceeded struct{ error } +// bodyReadCloser is a reader that, upon closing, will return +// its buffer to the pool and close the underlying body reader. +type bodyReadCloser struct { + io.Reader + buf *bytes.Buffer + body io.ReadCloser +} + +func (brc bodyReadCloser) Close() error { + bufPool.Put(brc.buf) + if brc.body != nil { + return brc.body.Close() + } + return nil +} + +// bufPool is used for buffering requests and responses. var bufPool = sync.Pool{ New: func() interface{} { return new(bytes.Buffer) From 51e3fdba7738e577b5ccfbad5bd7712fa594afc0 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 10 Feb 2021 19:49:23 -0700 Subject: [PATCH 0314/1498] caddytls: Save email with account if not already specified I'm pretty sure this fixes a bug when the default email is used... --- go.mod | 2 +- go.sum | 4 ++-- modules/caddytls/zerosslissuer.go | 32 +++++++++++++++++++------------ 3 files changed, 23 insertions(+), 15 deletions(-) diff --git a/go.mod b/go.mod index a4335d95..4342a36d 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/Masterminds/sprig/v3 v3.1.0 github.com/alecthomas/chroma v0.8.2 github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a - github.com/caddyserver/certmagic v0.12.1-0.20210126230115-267fdad76a0f + github.com/caddyserver/certmagic v0.12.1-0.20210211020017-ebb8d8b435b4 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-chi/chi v4.1.2+incompatible github.com/google/cel-go v0.6.0 diff --git a/go.sum b/go.sum index 73497901..1229f98c 100644 --- a/go.sum +++ b/go.sum @@ -99,8 +99,8 @@ github.com/bombsimon/wsl/v2 v2.0.0/go.mod h1:mf25kr/SqFEPhhcxW1+7pxzGlW+hIl/hYTK github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= -github.com/caddyserver/certmagic v0.12.1-0.20210126230115-267fdad76a0f h1:uJoft/gLxPvKq+ojfq3k7w8deji/xt/1RSWN7OAk6Ng= -github.com/caddyserver/certmagic v0.12.1-0.20210126230115-267fdad76a0f/go.mod h1:CUPfwomVXGCyV77EQbR3v7H4tGJ4pX16HATeR55rqws= +github.com/caddyserver/certmagic v0.12.1-0.20210211020017-ebb8d8b435b4 h1:YPHanayqEADEHFxGui7lqQ0tx4rypJaD2y4Y7Tip/ks= +github.com/caddyserver/certmagic v0.12.1-0.20210211020017-ebb8d8b435b4/go.mod h1:CUPfwomVXGCyV77EQbR3v7H4tGJ4pX16HATeR55rqws= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= diff --git a/modules/caddytls/zerosslissuer.go b/modules/caddytls/zerosslissuer.go index 4680d1b7..a8830a0b 100644 --- a/modules/caddytls/zerosslissuer.go +++ b/modules/caddytls/zerosslissuer.go @@ -68,16 +68,20 @@ func (iss *ZeroSSLIssuer) Provision(ctx caddy.Context) error { return iss.ACMEIssuer.Provision(ctx) } -func (iss *ZeroSSLIssuer) newAccountCallback(ctx context.Context, am *certmagic.ACMEManager, _ acme.Account) error { +// newAccountCallback generates EAB if not already provided. It also sets a valid default contact on the account if not set. +func (iss *ZeroSSLIssuer) newAccountCallback(ctx context.Context, am *certmagic.ACMEManager, acct acme.Account) (acme.Account, error) { if am.ExternalAccount != nil { - return nil + return acct, nil } var err error - am.ExternalAccount, err = iss.generateEABCredentials(ctx) - return err + am.ExternalAccount, acct, err = iss.generateEABCredentials(ctx, acct) + return acct, err } -func (iss *ZeroSSLIssuer) generateEABCredentials(ctx context.Context) (*acme.EAB, error) { +// generateEABCredentials generates EAB credentials using the API key if provided, +// otherwise using the primary contact email on the issuer. If an email is not set +// on the issuer, a default generic email is used. +func (iss *ZeroSSLIssuer) generateEABCredentials(ctx context.Context, acct acme.Account) (*acme.EAB, acme.Account, error) { var endpoint string var body io.Reader @@ -86,7 +90,7 @@ func (iss *ZeroSSLIssuer) generateEABCredentials(ctx context.Context) (*acme.EAB if iss.APIKey != "" { apiKey := caddy.NewReplacer().ReplaceAll(iss.APIKey, "") if apiKey == "" { - return nil, fmt.Errorf("missing API key: '%v'", iss.APIKey) + return nil, acct, fmt.Errorf("missing API key: '%v'", iss.APIKey) } qs := url.Values{"access_key": []string{apiKey}} endpoint = fmt.Sprintf("%s/eab-credentials?%s", zerosslAPIBase, qs.Encode()) @@ -96,6 +100,10 @@ func (iss *ZeroSSLIssuer) generateEABCredentials(ctx context.Context) (*acme.EAB iss.logger.Warn("missing email address for ZeroSSL; it is strongly recommended to set one for next time") email = "caddy@zerossl.com" // special email address that preserves backwards-compat, but which black-holes dashboard features, oh well } + if len(acct.Contact) == 0 { + // we borrow the email from config or the default email, so ensure it's saved with the account + acct.Contact = []string{"mailto:" + email} + } endpoint = zerosslAPIBase + "/eab-credentials-email" form := url.Values{"email": []string{email}} body = strings.NewReader(form.Encode()) @@ -103,7 +111,7 @@ func (iss *ZeroSSLIssuer) generateEABCredentials(ctx context.Context) (*acme.EAB req, err := http.NewRequestWithContext(ctx, http.MethodPost, endpoint, body) if err != nil { - return nil, fmt.Errorf("forming request: %v", err) + return nil, acct, fmt.Errorf("forming request: %v", err) } if body != nil { req.Header.Set("Content-Type", "application/x-www-form-urlencoded") @@ -112,7 +120,7 @@ func (iss *ZeroSSLIssuer) generateEABCredentials(ctx context.Context) (*acme.EAB resp, err := http.DefaultClient.Do(req) if err != nil { - return nil, fmt.Errorf("performing EAB credentials request: %v", err) + return nil, acct, fmt.Errorf("performing EAB credentials request: %v", err) } defer resp.Body.Close() @@ -127,14 +135,14 @@ func (iss *ZeroSSLIssuer) generateEABCredentials(ctx context.Context) (*acme.EAB } err = json.NewDecoder(resp.Body).Decode(&result) if err != nil { - return nil, fmt.Errorf("decoding API response: %v", err) + return nil, acct, fmt.Errorf("decoding API response: %v", err) } if result.Error.Code != 0 { - return nil, fmt.Errorf("failed getting EAB credentials: HTTP %d: %s (code %d)", + return nil, acct, fmt.Errorf("failed getting EAB credentials: HTTP %d: %s (code %d)", resp.StatusCode, result.Error.Type, result.Error.Code) } if resp.StatusCode != http.StatusOK { - return nil, fmt.Errorf("failed getting EAB credentials: HTTP %d", resp.StatusCode) + return nil, acct, fmt.Errorf("failed getting EAB credentials: HTTP %d", resp.StatusCode) } iss.logger.Info("generated EAB credentials", zap.String("key_id", result.EABKID)) @@ -142,7 +150,7 @@ func (iss *ZeroSSLIssuer) generateEABCredentials(ctx context.Context) (*acme.EAB return &acme.EAB{ KeyID: result.EABKID, MACKey: result.EABHMACKey, - }, nil + }, acct, nil } // initialize modifies the template for the underlying ACMEManager From cc63c5805e1587d7e5901deaad3f5bac944a2cf6 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 11 Feb 2021 16:27:09 -0700 Subject: [PATCH 0315/1498] caddyhttp: Support placeholders in header matcher values (close #3916) --- modules/caddyhttp/matchers.go | 10 +++++++--- modules/caddyhttp/matchers_test.go | 21 +++++++++++++++++++++ 2 files changed, 28 insertions(+), 3 deletions(-) diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index b77677bf..a4f45020 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -513,7 +513,8 @@ func (m *MatchHeader) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { // Match returns true if r matches m. func (m MatchHeader) Match(r *http.Request) bool { - return matchHeaders(r.Header, http.Header(m), r.Host) + repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) + return matchHeaders(r.Header, http.Header(m), r.Host, repl) } // getHeaderFieldVals returns the field values for the given fieldName from input. @@ -530,7 +531,7 @@ func getHeaderFieldVals(input http.Header, fieldName, host string) []string { // matchHeaders returns true if input matches the criteria in against without regex. // The host parameter should be obtained from the http.Request.Host field since // net/http removes it from the header map. -func matchHeaders(input, against http.Header, host string) bool { +func matchHeaders(input, against http.Header, host string, repl *caddy.Replacer) bool { for field, allowedFieldVals := range against { actualFieldVals := getHeaderFieldVals(input, field, host) if allowedFieldVals != nil && len(allowedFieldVals) == 0 && actualFieldVals != nil { @@ -546,6 +547,9 @@ func matchHeaders(input, against http.Header, host string) bool { fieldVals: for _, actualFieldVal := range actualFieldVals { for _, allowedFieldVal := range allowedFieldVals { + if repl != nil { + allowedFieldVal = repl.ReplaceAll(allowedFieldVal, "") + } switch { case allowedFieldVal == "*": match = true @@ -985,7 +989,7 @@ func (rm ResponseMatcher) Match(statusCode int, hdr http.Header) bool { if !rm.matchStatusCode(statusCode) { return false } - return matchHeaders(hdr, rm.Headers, "") + return matchHeaders(hdr, rm.Headers, "", nil) } func (rm ResponseMatcher) matchStatusCode(statusCode int) bool { diff --git a/modules/caddyhttp/matchers_test.go b/modules/caddyhttp/matchers_test.go index ab4487d1..5163df13 100644 --- a/modules/caddyhttp/matchers_test.go +++ b/modules/caddyhttp/matchers_test.go @@ -397,6 +397,9 @@ func TestPathREMatcher(t *testing.T) { } func TestHeaderMatcher(t *testing.T) { + repl := caddy.NewReplacer() + repl.Set("a", "foobar") + for i, tc := range []struct { match MatchHeader input http.Header // make sure these are canonical cased (std lib will do that in a real request) @@ -490,8 +493,26 @@ func TestHeaderMatcher(t *testing.T) { input: http.Header{"Must-Not-Exist": []string{"do not match"}}, expect: false, }, + { + match: MatchHeader{"Foo": []string{"{a}"}}, + input: http.Header{"Foo": []string{"foobar"}}, + expect: true, + }, + { + match: MatchHeader{"Foo": []string{"{a}"}}, + input: http.Header{"Foo": []string{"asdf"}}, + expect: false, + }, + { + match: MatchHeader{"Foo": []string{"{a}*"}}, + input: http.Header{"Foo": []string{"foobar-baz"}}, + expect: true, + }, } { req := &http.Request{Header: tc.input, Host: tc.host} + ctx := context.WithValue(req.Context(), caddy.ReplacerCtxKey, repl) + req = req.WithContext(ctx) + actual := tc.match.Match(req) if actual != tc.expect { t.Errorf("Test %d %v: Expected %t, got %t for '%s'", i, tc.match, tc.expect, actual, tc.input) From ed678235a494c07bfb8219bf78c7ba2890377bad Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 15 Feb 2021 12:07:35 -0700 Subject: [PATCH 0316/1498] cmd: Clean up `build-info` and `upgrade` output --- cmd/commandfuncs.go | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go index f3feb610..2b437c3b 100644 --- a/cmd/commandfuncs.go +++ b/cmd/commandfuncs.go @@ -354,8 +354,11 @@ func cmdBuildInfo(fl Flags) (int, error) { return caddy.ExitCodeFailedStartup, fmt.Errorf("no build information") } - fmt.Printf("path: %s\n", bi.Path) - fmt.Printf("main: %s %s %s\n", bi.Main.Path, bi.Main.Version, bi.Main.Sum) + fmt.Printf("go_version: %s\n", runtime.Version()) + fmt.Printf("go_os: %s\n", runtime.GOOS) + fmt.Printf("go_arch: %s\n", runtime.GOARCH) + fmt.Printf("path: %s\n", bi.Path) + fmt.Printf("main: %s %s %s\n", bi.Main.Path, bi.Main.Version, bi.Main.Sum) fmt.Println("dependencies:") for _, goMod := range bi.Deps { @@ -670,6 +673,7 @@ func cmdUpgrade(_ Flags) (int, error) { defer destFile.Close() l.Info("downloading binary", zap.String("source", urlStr), zap.String("destination", thisExecPath)) + _, err = io.Copy(destFile, resp.Body) if err != nil { return fmt.Errorf("unable to download file: %v", err) @@ -687,6 +691,8 @@ func cmdUpgrade(_ Flags) (int, error) { return caddy.ExitCodeFailedStartup, err } + l.Info("download successful; displaying new binary details", zap.String("location", thisExecPath)) + // use the new binary to print out version and module info fmt.Print("\nModule versions:\n\n") cmd := exec.Command(thisExecPath, "list-modules", "--versions") From bafb562991598df703a744e13cbc06472e71349e Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 15 Feb 2021 22:10:27 -0500 Subject: [PATCH 0317/1498] httpcaddyfile: Configure other apps from global options (#3990) --- caddyconfig/httpcaddyfile/httptype.go | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index a32acabb..3f638c93 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -36,6 +36,17 @@ func init() { caddyconfig.RegisterAdapter("caddyfile", caddyfile.Adapter{ServerType: ServerType{}}) } +// App represents the configuration for a non-standard +// Caddy app module (e.g. third-party plugin) which was +// parsed from a global options block. +type App struct { + // The JSON key for the app being configured + Name string + + // The raw app config as JSON + Value json.RawMessage +} + // ServerType can set up a config from an HTTP Caddyfile. type ServerType struct { } @@ -260,6 +271,17 @@ func (st ServerType) Setup(inputServerBlocks []caddyfile.ServerBlock, // annnd the top-level config, then we're done! cfg := &caddy.Config{AppsRaw: make(caddy.ModuleMap)} + + // loop through the configured options, and if any of + // them are an httpcaddyfile App, then we insert them + // into the config as raw Caddy apps + for _, opt := range options { + if app, ok := opt.(App); ok { + cfg.AppsRaw[app.Name] = app.Value + } + } + + // insert the standard Caddy apps into the config if len(httpApp.Servers) > 0 { cfg.AppsRaw["http"] = caddyconfig.JSON(httpApp, &warnings) } From fbd00e4b53226164a9aae5f44bd52328d4e59d96 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 16 Feb 2021 13:31:53 -0700 Subject: [PATCH 0318/1498] Improve security warnings --- modules/caddyhttp/app.go | 5 ++--- modules/caddytls/tls.go | 12 ++++++++++++ 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go index 42e77256..4f5bc845 100644 --- a/modules/caddyhttp/app.go +++ b/modules/caddyhttp/app.go @@ -176,8 +176,8 @@ func (app *App) Provision(ctx caddy.Context) error { // domain fronting is desired and access is not restricted // based on hostname if srv.StrictSNIHost == nil && srv.hasTLSClientAuth() { - app.logger.Info("enabling strict SNI-Host matching because TLS client auth is configured", - zap.String("server_name", srvName), + app.logger.Warn("enabling strict SNI-Host enforcement because TLS client auth is configured", + zap.String("server_id", srvName), ) trueBool := true srv.StrictSNIHost = &trueBool @@ -283,7 +283,6 @@ func (app *App) Validate() error { } } } - return nil } diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go index 489d87fb..fdff4471 100644 --- a/modules/caddytls/tls.go +++ b/modules/caddytls/tls.go @@ -236,6 +236,18 @@ func (t *TLS) Validate() error { // Start activates the TLS module. func (t *TLS) Start() error { + // warn if on-demand TLS is enabled but no restrictions are in place + if t.Automation.OnDemand == nil || + (t.Automation.OnDemand.Ask == "" && t.Automation.OnDemand.RateLimit == nil) { + for _, ap := range t.Automation.Policies { + if ap.OnDemand { + t.logger.Warn("YOUR SERVER MAY BE VULNERABLE TO ABUSE: on-demand TLS is enabled, but no protections are in place", + zap.String("docs", "https://caddyserver.com/docs/automatic-https#on-demand-tls")) + break + } + } + } + // now that we are running, and all manual certificates have // been loaded, time to load the automated/managed certificates err := t.Manage(t.automateNames) From ec3ac840cf09ec43b9130b41a46c07827b2ff0b6 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 16 Feb 2021 13:55:49 -0700 Subject: [PATCH 0319/1498] caddy: Support SetReadBuffer and SyscallConn for QUIC (fix #3998) Supersedes #3999 --- listeners.go | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/listeners.go b/listeners.go index 2c52d125..e1edcd6c 100644 --- a/listeners.go +++ b/listeners.go @@ -22,6 +22,7 @@ import ( "strings" "sync" "sync/atomic" + "syscall" "time" ) @@ -230,6 +231,24 @@ func (fcpc *fakeClosePacketConn) Close() error { return nil } +// Supports QUIC implementation: https://github.com/caddyserver/caddy/issues/3998 +func (fcpc fakeClosePacketConn) SetReadBuffer(bytes int) error { + if conn, ok := fcpc.PacketConn.(interface{ SetReadBuffer(int) error }); ok { + return conn.SetReadBuffer(bytes) + } + return fmt.Errorf("SetReadBuffer() not implemented for %T", fcpc.PacketConn) +} + +// Supports QUIC implementation: https://github.com/caddyserver/caddy/issues/3998 +func (fcpc fakeClosePacketConn) SyscallConn() (syscall.RawConn, error) { + if conn, ok := fcpc.PacketConn.(interface { + SyscallConn() (syscall.RawConn, error) + }); ok { + return conn.SyscallConn() + } + return nil, fmt.Errorf("SyscallConn() not implemented for %T", fcpc.PacketConn) +} + // ErrFakeClosed is the underlying error value returned by // fakeCloseListener.Accept() after Close() has been called, // indicating that it is pretending to be closed so that the @@ -432,3 +451,11 @@ var ( ) const maxPortSpan = 65535 + +// Interface guards (see https://github.com/caddyserver/caddy/issues/3998) +var ( + _ (interface{ SetReadBuffer(int) error }) = (*fakeClosePacketConn)(nil) + _ (interface { + SyscallConn() (syscall.RawConn, error) + }) = (*fakeClosePacketConn)(nil) +) From 5376e5113e25d85725e1f64d06a288700a50bbaa Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Thu, 18 Feb 2021 07:09:49 -0500 Subject: [PATCH 0320/1498] ci: Build and test on Go 1.16, bump minimum to 1.15 (#4024) * ci: Build and test on Go 1.16 * ci: Drop Go 1.14 support --- .github/workflows/ci.yml | 2 +- .github/workflows/cross-build.yml | 2 +- .github/workflows/release.yml | 2 +- README.md | 2 +- go.mod | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9540fddd..22e7d7ea 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -17,7 +17,7 @@ jobs: fail-fast: false matrix: os: [ ubuntu-latest, macos-latest, windows-latest ] - go: [ '1.14', '1.15' ] + go: [ '1.15', '1.16' ] # Set some variables per OS, usable via ${{ matrix.VAR }} # CADDY_BIN_PATH: the path to the compiled Caddy binary, for artifact publishing diff --git a/.github/workflows/cross-build.yml b/.github/workflows/cross-build.yml index f8ae5bbc..4da0a257 100644 --- a/.github/workflows/cross-build.yml +++ b/.github/workflows/cross-build.yml @@ -14,7 +14,7 @@ jobs: fail-fast: false matrix: goos: ['android', 'linux', 'solaris', 'illumos', 'dragonfly', 'freebsd', 'openbsd', 'plan9', 'windows', 'darwin', 'netbsd'] - go: [ '1.14', '1.15' ] + go: [ '1.15', '1.16' ] runs-on: ubuntu-latest continue-on-error: true steps: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9273ffb7..844b74b2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -11,7 +11,7 @@ jobs: strategy: matrix: os: [ ubuntu-latest ] - go: [ '1.15' ] + go: [ '1.16' ] runs-on: ${{ matrix.os }} steps: diff --git a/README.md b/README.md index 184525f3..620573eb 100644 --- a/README.md +++ b/README.md @@ -75,7 +75,7 @@ For other install options, see https://caddyserver.com/docs/download. Requirements: -- [Go 1.14 or newer](https://golang.org/dl/) +- [Go 1.15 or newer](https://golang.org/dl/) ### For development diff --git a/go.mod b/go.mod index 4342a36d..4f991e6e 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/caddyserver/caddy/v2 -go 1.14 +go 1.15 require ( github.com/Masterminds/sprig/v3 v3.1.0 From edb362aa96bd8e79adfaca44fbd9f9ce5bff778d Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 22 Feb 2021 11:14:59 -0700 Subject: [PATCH 0321/1498] httpcaddyfile: Fix catch-all site block sorting A site block that has a catch-all and the shortest address is now sorted better. https://caddy.community/t/caddy-suddenly-directs-my-site-to-the-wrong-directive/11597/2 --- caddyconfig/httpcaddyfile/httptype.go | 4 +- .../caddyfile_adapt/site_block_sorting.txt | 193 ++++++++++++++++++ 2 files changed, 195 insertions(+), 2 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/site_block_sorting.txt diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 3f638c93..f9195a65 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -442,7 +442,7 @@ func (st *ServerType) serversFromPairings( var iLongestHost, jLongestHost string var iWildcardHost, jWildcardHost bool for _, addr := range p.serverBlocks[i].keys { - if strings.Contains(addr.Host, "*") { + if strings.Contains(addr.Host, "*") || addr.Host == "" { iWildcardHost = true } if specificity(addr.Host) > specificity(iLongestHost) { @@ -453,7 +453,7 @@ func (st *ServerType) serversFromPairings( } } for _, addr := range p.serverBlocks[j].keys { - if strings.Contains(addr.Host, "*") { + if strings.Contains(addr.Host, "*") || addr.Host == "" { jWildcardHost = true } if specificity(addr.Host) > specificity(jLongestHost) { diff --git a/caddytest/integration/caddyfile_adapt/site_block_sorting.txt b/caddytest/integration/caddyfile_adapt/site_block_sorting.txt new file mode 100644 index 00000000..b2c6a6d3 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/site_block_sorting.txt @@ -0,0 +1,193 @@ +# https://caddy.community/t/caddy-suddenly-directs-my-site-to-the-wrong-directive/11597/2 +abcdef { + respond "abcdef" +} + +abcdefg { + respond "abcdefg" +} + +abc { + respond "abc" +} + +abcde, http://abcde { + respond "abcde" +} + +:443, ab { + respond "443 or ab" +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "abcdefg" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "body": "abcdefg", + "handler": "static_response" + } + ] + } + ] + } + ], + "terminal": true + }, + { + "match": [ + { + "host": [ + "abcdef" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "body": "abcdef", + "handler": "static_response" + } + ] + } + ] + } + ], + "terminal": true + }, + { + "match": [ + { + "host": [ + "abcde" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "body": "abcde", + "handler": "static_response" + } + ] + } + ] + } + ], + "terminal": true + }, + { + "match": [ + { + "host": [ + "abc" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "body": "abc", + "handler": "static_response" + } + ] + } + ] + } + ], + "terminal": true + }, + { + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "body": "443 or ab", + "handler": "static_response" + } + ] + } + ] + } + ], + "terminal": true + } + ] + }, + "srv1": { + "listen": [ + ":80" + ], + "routes": [ + { + "match": [ + { + "host": [ + "abcde" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "body": "abcde", + "handler": "static_response" + } + ] + } + ] + } + ], + "terminal": true + } + ] + } + } + }, + "tls": { + "certificates": { + "automate": [ + "ab" + ] + } + } + } +} \ No newline at end of file From 6722ae3a835702073682e020d8736140fc04538e Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Mon, 22 Feb 2021 11:57:21 -0700 Subject: [PATCH 0322/1498] reverseproxy: Add duration/latency placeholders (close #4012) (#4013) * reverseproxy: Add duration/latency placeholders (close #4012) (and #2268) Adds 4 placeholders, one is actually outside reverse proxy though: {http.request.duration} is how long since the server decoded the HTTP request (headers). {http.reverse_proxy.upstream.latency} is how long it took a proxy upstream to write the response header. {http.reverse_proxy.upstream.duration} is total time proxying to the upstream, including writing response body to client. {http.reverse_proxy.duration} is total time spent proxying, including selecting an upstream and retries. Obviously, most of these are only useful at the end of a request, like when writing response headers or logs. See also: https://caddy.community/t/any-equivalent-of-request-time-and-upstream-header-time-from-nginx/11418 * Add new placeholders to documentation --- modules/caddyhttp/app.go | 1 + modules/caddyhttp/replacer.go | 6 +++++ .../caddyhttp/reverseproxy/reverseproxy.go | 22 ++++++++++++++----- 3 files changed, 23 insertions(+), 6 deletions(-) diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go index 4f5bc845..8285200f 100644 --- a/modules/caddyhttp/app.go +++ b/modules/caddyhttp/app.go @@ -49,6 +49,7 @@ func init() { // ------------|--------------- // `{http.request.body}` | The request body (⚠️ inefficient; use only for debugging) // `{http.request.cookie.*}` | HTTP request cookie +// `{http.request.duration}` | Time up to now spent handling the request (after decoding headers from client) // `{http.request.header.*}` | Specific request header field // `{http.request.host.labels.*}` | Request host labels (0-based from right); e.g. for foo.example.com: 0=com, 1=example, 2=foo // `{http.request.host}` | The host part of the request's Host header diff --git a/modules/caddyhttp/replacer.go b/modules/caddyhttp/replacer.go index 5a0efce4..d0767f09 100644 --- a/modules/caddyhttp/replacer.go +++ b/modules/caddyhttp/replacer.go @@ -36,6 +36,7 @@ import ( "path" "strconv" "strings" + "time" "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/modules/caddytls" @@ -52,6 +53,8 @@ func NewTestReplacer(req *http.Request) *caddy.Replacer { } func addHTTPVarsToReplacer(repl *caddy.Replacer, req *http.Request, w http.ResponseWriter) { + SetVar(req.Context(), "start_time", time.Now()) + httpVars := func(key string) (interface{}, bool) { if req != nil { // query string parameters @@ -140,6 +143,9 @@ func addHTTPVarsToReplacer(repl *caddy.Replacer, req *http.Request, w http.Respo return dir, true case "http.request.uri.query": return req.URL.RawQuery, true + case "http.request.duration": + start := GetVar(req.Context(), "start_time").(time.Time) + return time.Since(start), true case "http.request.body": if req.Body == nil { return "", true diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 76506ca8..d2d01e6c 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -43,7 +43,7 @@ func init() { // Handler implements a highly configurable and production-ready reverse proxy. // // Upon proxying, this module sets the following placeholders (which can be used -// both within and after this handler): +// both within and after this handler; for example, in response headers): // // Placeholder | Description // ------------|------------- @@ -54,6 +54,9 @@ func init() { // `{http.reverse_proxy.upstream.requests}` | The approximate current number of requests to the upstream // `{http.reverse_proxy.upstream.max_requests}` | The maximum approximate number of requests allowed to the upstream // `{http.reverse_proxy.upstream.fails}` | The number of recent failed requests to the upstream +// `{http.reverse_proxy.upstream.latency}` | How long it took the proxy upstream to write the response header. +// `{http.reverse_proxy.upstream.duration}` | Time spent proxying to the upstream, including writing response body to client. +// `{http.reverse_proxy.duration}` | Total time spent proxying, including selecting an upstream, retries, and writing response. type Handler struct { // Configures the method of transport for the proxy. A transport // is what performs the actual "round trip" to the backend. @@ -370,6 +373,10 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyht }() start := time.Now() + defer func() { + // total proxying duration, including time spent on LB and retries + repl.Set("http.reverse_proxy.duration", time.Since(start)) + }() var proxyErr error for { @@ -419,7 +426,7 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyht } // proxy the request to that upstream - proxyErr = h.reverseProxy(w, r, dialInfo, next) + proxyErr = h.reverseProxy(w, r, repl, dialInfo, next) if proxyErr == nil || proxyErr == context.Canceled { // context.Canceled happens when the downstream client // cancels the request, which is not our failure @@ -522,7 +529,7 @@ func (h Handler) prepareRequest(req *http.Request) error { // reverseProxy performs a round-trip to the given backend and processes the response with the client. // (This method is mostly the beginning of what was borrowed from the net/http/httputil package in the // Go standard library which was used as the foundation.) -func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, di DialInfo, next caddyhttp.Handler) error { +func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, repl *caddy.Replacer, di DialInfo, next caddyhttp.Handler) error { _ = di.Upstream.Host.CountRequest(1) //nolint:errcheck defer di.Upstream.Host.CountRequest(-1) @@ -547,6 +554,9 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, di Dia zap.Object("headers", caddyhttp.LoggableHTTPHeader(res.Header)), zap.Int("status", res.StatusCode)) + // duration until upstream wrote response headers (roundtrip duration) + repl.Set("http.reverse_proxy.upstream.latency", duration) + // update circuit breaker on current conditions if di.Upstream.cb != nil { di.Upstream.cb.RecordMetric(res.StatusCode, duration) @@ -579,8 +589,6 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, di Dia continue } - repl := req.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) - // if configured to only change the status code, do that then continue regular proxy response if statusCodeStr := rh.StatusCode.String(); statusCodeStr != "" { statusCode, err := strconv.Atoi(repl.ReplaceAll(statusCodeStr, "")) @@ -625,7 +633,6 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, di Dia if h.Headers != nil && h.Headers.Response != nil { if h.Headers.Response.Require == nil || h.Headers.Response.Require.Match(res.StatusCode, res.Header) { - repl := req.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) h.Headers.Response.ApplyTo(res.Header, repl) } } @@ -673,6 +680,9 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, di Dia } } + // total duration spent proxying, including writing response body + repl.Set("http.reverse_proxy.upstream.duration", duration) + if len(res.Trailer) == announcedTrailers { copyHeader(rw.Header(), res.Trailer) return nil From f6bb02b303d4a24c6932fd832f7aa9de224b6833 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 22 Feb 2021 15:19:09 -0700 Subject: [PATCH 0323/1498] caddytls: Remove old asset migration code (close #3894) --- cmd/commandfuncs.go | 3 - cmd/main.go | 68 --------------------- go.mod | 2 +- modules/caddytls/tls.go | 130 ---------------------------------------- 4 files changed, 1 insertion(+), 202 deletions(-) diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go index 2b437c3b..77d95b9a 100644 --- a/cmd/commandfuncs.go +++ b/cmd/commandfuncs.go @@ -174,9 +174,6 @@ func cmdRun(fl Flags) (int, error) { printEnvironment() } - // TODO: This is TEMPORARY, until the RCs - moveStorage() - // load the config, depending on flags var config []byte var err error diff --git a/cmd/main.go b/cmd/main.go index 56434319..c4d262a5 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -450,71 +450,3 @@ func caddyVersion() string { } return ver } - -// moveStorage moves the old default dataDir to the new default dataDir. -// TODO: This is TEMPORARY until the release candidates. -func moveStorage() { - // get the home directory (the old way) - oldHome := os.Getenv("HOME") - if oldHome == "" && runtime.GOOS == "windows" { - drive := os.Getenv("HOMEDRIVE") - path := os.Getenv("HOMEPATH") - oldHome = drive + path - if drive == "" || path == "" { - oldHome = os.Getenv("USERPROFILE") - } - } - if oldHome == "" { - oldHome = "." - } - oldDataDir := filepath.Join(oldHome, ".local", "share", "caddy") - - // nothing to do if old data dir doesn't exist - _, err := os.Stat(oldDataDir) - if os.IsNotExist(err) { - return - } - - // nothing to do if the new data dir is the same as the old one - newDataDir := caddy.AppDataDir() - if oldDataDir == newDataDir { - return - } - - logger := caddy.Log().Named("automigrate").With( - zap.String("old_dir", oldDataDir), - zap.String("new_dir", newDataDir)) - - logger.Info("beginning one-time data directory migration", - zap.String("details", "https://github.com/caddyserver/caddy/issues/2955")) - - // if new data directory exists, avoid auto-migration as a conservative safety measure - _, err = os.Stat(newDataDir) - if !os.IsNotExist(err) { - logger.Error("new data directory already exists; skipping auto-migration as conservative safety measure", - zap.Error(err), - zap.String("instructions", "https://github.com/caddyserver/caddy/issues/2955#issuecomment-570000333")) - return - } - - // construct the new data directory's parent folder - err = os.MkdirAll(filepath.Dir(newDataDir), 0700) - if err != nil { - logger.Error("unable to make new datadirectory - follow link for instructions", - zap.String("instructions", "https://github.com/caddyserver/caddy/issues/2955#issuecomment-570000333"), - zap.Error(err)) - return - } - - // folder structure is same, so just try to rename (move) it; - // this fails if the new path is on a separate device - err = os.Rename(oldDataDir, newDataDir) - if err != nil { - logger.Error("new data directory already exists; skipping auto-migration as conservative safety measure - follow link for instructions", - zap.String("instructions", "https://github.com/caddyserver/caddy/issues/2955#issuecomment-570000333"), - zap.Error(err)) - } - - logger.Info("successfully completed one-time migration of data directory", - zap.String("details", "https://github.com/caddyserver/caddy/issues/2955")) -} diff --git a/go.mod b/go.mod index 4f991e6e..7b390a91 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/Masterminds/sprig/v3 v3.1.0 github.com/alecthomas/chroma v0.8.2 github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a - github.com/caddyserver/certmagic v0.12.1-0.20210211020017-ebb8d8b435b4 + github.com/caddyserver/certmagic v0.12.1-0.20210222221710-6131a445f6bf github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-chi/chi v4.1.2+incompatible github.com/google/cel-go v0.6.0 diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go index fdff4471..51c4cabb 100644 --- a/modules/caddytls/tls.go +++ b/modules/caddytls/tls.go @@ -18,13 +18,9 @@ import ( "crypto/tls" "encoding/json" "fmt" - "io/ioutil" "log" "net/http" - "os" - "path/filepath" "runtime/debug" - "strings" "sync" "time" @@ -191,14 +187,6 @@ func (t *TLS) Provision(ctx caddy.Context) error { } } - // TODO: TEMPORARY UNTIL RELEASE CANDIDATES: - // MIGRATE MANAGED CERTIFICATE ASSETS TO NEW PATH - err = t.moveCertificates() - if err != nil { - t.logger.Error("migrating certificates", zap.Error(err)) - } - // END TODO: TEMPORARY. - return nil } @@ -529,121 +517,3 @@ var ( _ caddy.Validator = (*TLS)(nil) _ caddy.CleanerUpper = (*TLS)(nil) ) - -// TODO: This is temporary until the release candidates -// (beta 16 changed the storage path for certificates), -// after which this function can be deleted -func (t *TLS) moveCertificates() error { - logger := t.logger.Named("automigrate") - - baseDir := caddy.AppDataDir() - - // if custom storage path was defined, use that instead - if fs, ok := t.ctx.Storage().(*certmagic.FileStorage); ok && fs.Path != "" { - baseDir = fs.Path - } - - oldAcmeDir := filepath.Join(baseDir, "acme") - oldAcmeCas, err := ioutil.ReadDir(oldAcmeDir) - if err != nil { - if os.IsNotExist(err) { - return nil - } - return fmt.Errorf("listing used ACME CAs: %v", err) - } - - // get list of used CAs - oldCANames := make([]string, 0, len(oldAcmeCas)) - for _, fi := range oldAcmeCas { - if !fi.IsDir() { - continue - } - oldCANames = append(oldCANames, fi.Name()) - } - - for _, oldCA := range oldCANames { - // make new destination path - newCAName := oldCA - if strings.Contains(oldCA, "api.letsencrypt.org") && - !strings.HasSuffix(oldCA, "-directory") { - newCAName += "-directory" - } - newBaseDir := filepath.Join(baseDir, "certificates", newCAName) - err := os.MkdirAll(newBaseDir, 0700) - if err != nil { - return fmt.Errorf("making new certs directory: %v", err) - } - - // list sites in old path - oldAcmeSitesDir := filepath.Join(oldAcmeDir, oldCA, "sites") - oldAcmeSites, err := ioutil.ReadDir(oldAcmeSitesDir) - if err != nil { - if os.IsNotExist(err) { - continue - } - return fmt.Errorf("listing sites: %v", err) - } - - if len(oldAcmeSites) > 0 { - logger.Warn("certificate storage path has changed; attempting one-time auto-migration", - zap.String("old_folder", oldAcmeSitesDir), - zap.String("new_folder", newBaseDir), - zap.String("details", "https://github.com/caddyserver/caddy/issues/2955")) - } - - // for each site, move its folder and re-encode its metadata - for _, siteInfo := range oldAcmeSites { - if !siteInfo.IsDir() { - continue - } - - // move the folder - oldPath := filepath.Join(oldAcmeSitesDir, siteInfo.Name()) - newPath := filepath.Join(newBaseDir, siteInfo.Name()) - logger.Info("moving certificate assets", - zap.String("ca", oldCA), - zap.String("site", siteInfo.Name()), - zap.String("destination", newPath)) - err = os.Rename(oldPath, newPath) - if err != nil { - logger.Error("failed moving site to new path; skipping", - zap.String("old_path", oldPath), - zap.String("new_path", newPath), - zap.Error(err)) - continue - } - - // re-encode metadata file - metaFilePath := filepath.Join(newPath, siteInfo.Name()+".json") - metaContents, err := ioutil.ReadFile(metaFilePath) - if err != nil { - logger.Error("could not read metadata file", - zap.String("filename", metaFilePath), - zap.Error(err)) - continue - } - if len(metaContents) == 0 { - continue - } - cr := certmagic.CertificateResource{ - SANs: []string{siteInfo.Name()}, - IssuerData: json.RawMessage(metaContents), - } - newMeta, err := json.MarshalIndent(cr, "", "\t") - if err != nil { - logger.Error("encoding new metadata file", zap.Error(err)) - continue - } - err = ioutil.WriteFile(metaFilePath, newMeta, 0600) - if err != nil { - logger.Error("writing new metadata file", zap.Error(err)) - continue - } - } - - // delete now-empty old sites dir (OK if fails) - os.Remove(oldAcmeSitesDir) - } - - return nil -} From a8fdc0a9987817173cc24016af1afb1ef09c0776 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 23 Feb 2021 12:57:10 -0700 Subject: [PATCH 0324/1498] core: Initialize logging before admin We'll see how this goes. https://caddy.community/t/calling-the-admin-api-from-within-a-route-route-causes-a-deadlock/11319 --- caddy.go | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/caddy.go b/caddy.go index 70135ffb..a56529c4 100644 --- a/caddy.go +++ b/caddy.go @@ -325,21 +325,10 @@ func run(newCfg *Config, start bool) error { // been set by a short assignment var err error - // start the admin endpoint (and stop any prior one) - if start { - err = replaceLocalAdminServer(newCfg) - if err != nil { - return fmt.Errorf("starting caddy administration endpoint: %v", err) - } - } - if newCfg == nil { newCfg = new(Config) } - // prepare the new config for use - newCfg.apps = make(map[string]App) - // create a context within which to load // modules - essentially our new config's // execution environment; be sure that @@ -373,6 +362,17 @@ func run(newCfg *Config, start bool) error { return err } + // start the admin endpoint (and stop any prior one) + if start { + err = replaceLocalAdminServer(newCfg) + if err != nil { + return fmt.Errorf("starting caddy administration endpoint: %v", err) + } + } + + // prepare the new config for use + newCfg.apps = make(map[string]App) + // set up global storage and make it CertMagic's default storage, too err = func() error { if newCfg.StorageRaw != nil { From 427bbe99d076a76766266d1386ce16a38ce56fa6 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 24 Feb 2021 11:50:23 -0700 Subject: [PATCH 0325/1498] go.mod: Latest CertMagic (updated libdns conventions) --- go.mod | 2 +- go.sum | 9 ++++----- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 7b390a91..91f2a196 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/Masterminds/sprig/v3 v3.1.0 github.com/alecthomas/chroma v0.8.2 github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a - github.com/caddyserver/certmagic v0.12.1-0.20210222221710-6131a445f6bf + github.com/caddyserver/certmagic v0.12.1-0.20210224184602-7550222c4a6a github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-chi/chi v4.1.2+incompatible github.com/google/cel-go v0.6.0 diff --git a/go.sum b/go.sum index 1229f98c..2a292d98 100644 --- a/go.sum +++ b/go.sum @@ -99,8 +99,8 @@ github.com/bombsimon/wsl/v2 v2.0.0/go.mod h1:mf25kr/SqFEPhhcxW1+7pxzGlW+hIl/hYTK github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= -github.com/caddyserver/certmagic v0.12.1-0.20210211020017-ebb8d8b435b4 h1:YPHanayqEADEHFxGui7lqQ0tx4rypJaD2y4Y7Tip/ks= -github.com/caddyserver/certmagic v0.12.1-0.20210211020017-ebb8d8b435b4/go.mod h1:CUPfwomVXGCyV77EQbR3v7H4tGJ4pX16HATeR55rqws= +github.com/caddyserver/certmagic v0.12.1-0.20210224184602-7550222c4a6a h1:gcqCMCPuHlQPY+XZzOilNouNeRpH40UhMfSp0tmulxI= +github.com/caddyserver/certmagic v0.12.1-0.20210224184602-7550222c4a6a/go.mod h1:dNOzF4iOB7H9E51xTooMB90vs+2XNVtpnx0liQNsQY4= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= @@ -175,7 +175,6 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7 github.com/fatih/color v1.6.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.8.0/go.mod h1:3l45GVGkyrnYNl9HoIjnp2NnNWvh6hLAqD8yTfGjnw8= -github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 h1:BHsljHzVlRcyQhjrss6TZTdY2VfCqZPbv5k3iBFa2ZQ= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiDsoyrBGkyDY= github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= @@ -418,8 +417,8 @@ github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+ github.com/letsencrypt/pkcs11key v2.0.1-0.20170608213348-396559074696+incompatible/go.mod h1:iGYXKqDXt0cpBthCHdr9ZdsQwyGlYFh/+8xa4WzIQ34= github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= -github.com/libdns/libdns v0.1.0 h1:0ctCOrVJsVzj53mop1angHp/pE3hmAhP7KiHvR0HD04= -github.com/libdns/libdns v0.1.0/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40= +github.com/libdns/libdns v0.2.0 h1:ewg3ByWrdUrxrje8ChPVMBNcotg7H9LQYg+u5De2RzI= +github.com/libdns/libdns v0.2.0/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40= github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= From b54fa4123975195c721ff5a5c0b43c4622009676 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 24 Feb 2021 11:55:56 -0700 Subject: [PATCH 0326/1498] Update docs; commit setcap.sh --- .gitignore | 1 - README.md | 12 ++---------- caddy.go | 2 +- cmd/caddy/setcap.sh | 6 ++++++ 4 files changed, 9 insertions(+), 12 deletions(-) create mode 100755 cmd/caddy/setcap.sh diff --git a/.gitignore b/.gitignore index 250a40ad..2d633648 100644 --- a/.gitignore +++ b/.gitignore @@ -10,7 +10,6 @@ Caddyfile # build artifacts and helpers cmd/caddy/caddy cmd/caddy/caddy.exe -cmd/caddy/setcap* # mac specific .DS_Store diff --git a/README.md b/README.md index 620573eb..b32be897 100644 --- a/README.md +++ b/README.md @@ -69,7 +69,7 @@ The simplest, cross-platform way is to download from [GitHub Releases](https://github.com/caddyserver/caddy/releases) and place the executable file in your PATH. -For other install options, see https://caddyserver.com/docs/download. +For other install options, see https://caddyserver.com/docs/install. ## Build from source @@ -89,15 +89,7 @@ $ go build When you run Caddy, it may try to bind to low ports unless otherwise specified in your config. If your OS requires elevated privileges for this, you will need to give your new binary permission to do so. On Linux, this can be done easily with: `sudo setcap cap_net_bind_service=+ep ./caddy` -If you prefer to use `go run` which creates temporary binaries, you can still do this. Make an executable file called `setcap.sh` (or whatever you want) with these contents: - -```bash -#!/bin/sh -sudo setcap cap_net_bind_service=+ep "$1" -"$@" -``` - -then you can use `go run` like so: +If you prefer to use `go run` which only creates temporary binaries, you can still do this with the included `setcap.sh` like so: ```bash $ go run -exec ./setcap.sh main.go diff --git a/caddy.go b/caddy.go index a56529c4..fccfeef9 100644 --- a/caddy.go +++ b/caddy.go @@ -289,7 +289,7 @@ func unsyncedDecodeAndRun(cfgJSON []byte, allowPersist bool) error { } else { err := ioutil.WriteFile(ConfigAutosavePath, cfgJSON, 0600) if err == nil { - Log().Info("autosaved config", zap.String("file", ConfigAutosavePath)) + Log().Info("autosaved config (load with --resume flag)", zap.String("file", ConfigAutosavePath)) } else { Log().Error("unable to autosave config", zap.String("file", ConfigAutosavePath), diff --git a/cmd/caddy/setcap.sh b/cmd/caddy/setcap.sh new file mode 100755 index 00000000..d777e5a6 --- /dev/null +++ b/cmd/caddy/setcap.sh @@ -0,0 +1,6 @@ +#!/bin/sh + +# USAGE: go run -exec ./setcap.sh + +sudo setcap cap_net_bind_service=+ep "$1" +"$@" From ce5a0934a89aabf1bc145ed0100df5f889b7dd74 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 25 Feb 2021 09:41:52 -0700 Subject: [PATCH 0327/1498] reverseproxy: Fix round robin data race (#4038) --- modules/caddyhttp/reverseproxy/reverseproxy.go | 4 ++-- modules/caddyhttp/reverseproxy/selectionpolicies.go | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index d2d01e6c..9da509f4 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -368,8 +368,8 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyht reqHost := r.Host reqHeader := r.Header defer func() { - r.Host = reqHost - r.Header = reqHeader + r.Host = reqHost // TODO: data race, see #4038 + r.Header = reqHeader // TODO: data race, see #4038 }() start := time.Now() diff --git a/modules/caddyhttp/reverseproxy/selectionpolicies.go b/modules/caddyhttp/reverseproxy/selectionpolicies.go index e86e97e4..dacfd118 100644 --- a/modules/caddyhttp/reverseproxy/selectionpolicies.go +++ b/modules/caddyhttp/reverseproxy/selectionpolicies.go @@ -221,8 +221,8 @@ func (r *RoundRobinSelection) Select(pool UpstreamPool, _ *http.Request, _ http. return nil } for i := uint32(0); i < n; i++ { - atomic.AddUint32(&r.robin, 1) - host := pool[r.robin%n] + robin := atomic.AddUint32(&r.robin, 1) + host := pool[robin%n] if host.Available() { return host } From ec309c6d52fdfce0431a1303a49f28c3f546176a Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 26 Feb 2021 19:27:58 -0700 Subject: [PATCH 0328/1498] caddypki: Add SignWithRoot option for ACME server See https://caddy.community/t/setting-up-a-caddy-pki-based-on-a-windows- root-ca-was-getting-pki-config/11616/7 Also improved a godoc comment in the caddytls package. --- modules/caddypki/acmeserver/acmeserver.go | 8 ++++++++ modules/caddytls/tls.go | 13 ++++++++----- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/modules/caddypki/acmeserver/acmeserver.go b/modules/caddypki/acmeserver/acmeserver.go index d5e55594..f5c013b0 100644 --- a/modules/caddypki/acmeserver/acmeserver.go +++ b/modules/caddypki/acmeserver/acmeserver.go @@ -66,6 +66,13 @@ type Handler struct { // on this property long-term; check release notes. PathPrefix string `json:"path_prefix,omitempty"` + // If true, the CA's root will be the issuer instead of + // the intermediate. This is NOT recommended and should + // only be used when devices/clients do not properly + // validate certificate chains. EXPERIMENTAL: Might be + // changed or removed in the future. + SignWithRoot bool `json:"sign_with_root,omitempty"` + acmeEndpoints http.Handler logger *zap.Logger } @@ -109,6 +116,7 @@ func (ash *Handler) Provision(ctx caddy.Context) error { } authorityConfig := caddypki.AuthorityConfig{ + SignWithRoot: ash.SignWithRoot, AuthConfig: &authority.AuthConfig{ Provisioners: provisioner.List{ &provisioner.ACME{ diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go index 51c4cabb..31b13fb5 100644 --- a/modules/caddytls/tls.go +++ b/modules/caddytls/tls.go @@ -478,11 +478,14 @@ type Certificate struct { Tags []string } -// AutomateLoader is a no-op certificate loader module -// that is treated as a special case: it uses this app's -// automation features to load certificates for the -// list of hostnames, rather than loading certificates -// manually. +// AutomateLoader will automatically manage certificates for the names +// in the list, including obtaining and renewing certificates. Automated +// certificates are managed according to their matching automation policy, +// configured elsewhere in this app. +// +// This is a no-op certificate loader module that is treated as a special +// case: it uses this app's automation features to load certificates for the +// list of hostnames, rather than loading certificates manually. type AutomateLoader []string // CaddyModule returns the Caddy module information. From 5bf0a55df499e189424103d87d93960395d3172f Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 1 Mar 2021 13:49:13 -0700 Subject: [PATCH 0329/1498] fileserver: Don't replace in request paths (fix #4027) --- modules/caddyhttp/fileserver/staticfiles.go | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/modules/caddyhttp/fileserver/staticfiles.go b/modules/caddyhttp/fileserver/staticfiles.go index daf4b543..e809f49f 100644 --- a/modules/caddyhttp/fileserver/staticfiles.go +++ b/modules/caddyhttp/fileserver/staticfiles.go @@ -138,12 +138,11 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c filesToHide := fsrv.transformHidePaths(repl) root := repl.ReplaceAll(fsrv.Root, ".") - suffix := repl.ReplaceAll(r.URL.Path, "") - filename := sanitizedPathJoin(root, suffix) + filename := sanitizedPathJoin(root, r.URL.Path) fsrv.logger.Debug("sanitized path join", zap.String("site_root", root), - zap.String("request_path", suffix), + zap.String("request_path", r.URL.Path), zap.String("result", filename)) // get information about the file From ad8d01cb66316cf04ea49ec277316d6f83b9abb6 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 1 Mar 2021 18:27:59 -0700 Subject: [PATCH 0330/1498] rewrite: Implement regex path replacements https://caddy.community/t/collapsing-multiple-forward-slashes-in-path-only/11626 --- modules/caddyhttp/rewrite/caddyfile.go | 17 ++++- modules/caddyhttp/rewrite/rewrite.go | 89 ++++++++++++++++++----- modules/caddyhttp/rewrite/rewrite_test.go | 23 +++++- 3 files changed, 103 insertions(+), 26 deletions(-) diff --git a/modules/caddyhttp/rewrite/caddyfile.go b/modules/caddyhttp/rewrite/caddyfile.go index 950119d6..9621af14 100644 --- a/modules/caddyhttp/rewrite/caddyfile.go +++ b/modules/caddyhttp/rewrite/caddyfile.go @@ -54,12 +54,14 @@ func parseCaddyfileRewrite(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, // parseCaddyfileURI sets up a handler for manipulating (but not "rewriting") the // URI from Caddyfile tokens. Syntax: // -// uri [] strip_prefix|strip_suffix|replace [ []] +// uri [] strip_prefix|strip_suffix|replace|path_regexp [ []] // // If strip_prefix or strip_suffix are used, then will be stripped // only if it is the beginning or the end, respectively, of the URI path. If // replace is used, then will be replaced with across -// the whole URI, up to times (or unlimited if unspecified). +// the whole URI, up to times (or unlimited if unspecified). If +// path_regexp is used, then regular expression replacements will be performed +// on the path portion of the URI (and a limit cannot be set). func parseCaddyfileURI(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) { var rewr Rewrite for h.Next() { @@ -103,11 +105,20 @@ func parseCaddyfileURI(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, err } } - rewr.URISubstring = append(rewr.URISubstring, replacer{ + rewr.URISubstring = append(rewr.URISubstring, substrReplacer{ Find: find, Replace: replace, Limit: limInt, }) + case "path_regexp": + if len(args) != 3 { + return nil, h.ArgErr() + } + find, replace := args[1], args[2] + rewr.PathRegexp = append(rewr.PathRegexp, ®exReplacer{ + Find: find, + Replace: replace, + }) default: return nil, h.Errf("unrecognized URI manipulation '%s'", args[0]) } diff --git a/modules/caddyhttp/rewrite/rewrite.go b/modules/caddyhttp/rewrite/rewrite.go index ad1c4706..fbf655ca 100644 --- a/modules/caddyhttp/rewrite/rewrite.go +++ b/modules/caddyhttp/rewrite/rewrite.go @@ -18,6 +18,7 @@ import ( "fmt" "net/http" "net/url" + "regexp" "strconv" "strings" @@ -64,7 +65,10 @@ type Rewrite struct { StripPathSuffix string `json:"strip_path_suffix,omitempty"` // Performs substring replacements on the URI. - URISubstring []replacer `json:"uri_substring,omitempty"` + URISubstring []substrReplacer `json:"uri_substring,omitempty"` + + // Performs regular expression replacements on the URI path. + PathRegexp []*regexReplacer `json:"path_regexp,omitempty"` logger *zap.Logger } @@ -80,6 +84,18 @@ func (Rewrite) CaddyModule() caddy.ModuleInfo { // Provision sets up rewr. func (rewr *Rewrite) Provision(ctx caddy.Context) error { rewr.logger = ctx.Logger(rewr) + + for i, rep := range rewr.PathRegexp { + if rep.Find == "" { + return fmt.Errorf("path_regexp find cannot be empty") + } + re, err := regexp.Compile(rep.Find) + if err != nil { + return fmt.Errorf("compiling regular expression %d: %v", i, err) + } + rep.re = re + } + return nil } @@ -200,12 +216,9 @@ func (rewr Rewrite) rewrite(r *http.Request, repl *caddy.Replacer, logger *zap.L } if rewr.StripPathSuffix != "" { suffix := repl.ReplaceAll(rewr.StripPathSuffix, "") - r.URL.RawPath = strings.TrimSuffix(r.URL.RawPath, suffix) - if p, err := url.PathUnescape(r.URL.RawPath); err == nil && p != "" { - r.URL.Path = p - } else { - r.URL.Path = strings.TrimSuffix(r.URL.Path, suffix) - } + changePath(r, func(pathOrRawPath string) string { + return strings.TrimSuffix(pathOrRawPath, suffix) + }) } // substring replacements in URI @@ -213,6 +226,11 @@ func (rewr Rewrite) rewrite(r *http.Request, repl *caddy.Replacer, logger *zap.L rep.do(r, repl) } + // regular expression replacements on the path + for _, rep := range rewr.PathRegexp { + rep.do(r, repl) + } + // update the encoded copy of the URI r.RequestURI = r.URL.RequestURI() @@ -286,12 +304,12 @@ func buildQueryString(qs string, repl *caddy.Replacer) string { return sb.String() } -// replacer describes a simple and fast substring replacement. -type replacer struct { - // The substring to find. Supports placeholders. +// substrReplacer describes either a simple and fast substring replacement. +type substrReplacer struct { + // A substring to find. Supports placeholders. Find string `json:"find,omitempty"` - // The substring to replace. Supports placeholders. + // The substring to replace with. Supports placeholders. Replace string `json:"replace,omitempty"` // Maximum number of replacements per string. @@ -299,9 +317,9 @@ type replacer struct { Limit int `json:"limit,omitempty"` } -// do performs the replacement on r. -func (rep replacer) do(r *http.Request, repl *caddy.Replacer) { - if rep.Find == "" || rep.Replace == "" { +// do performs the substring replacement on r. +func (rep substrReplacer) do(r *http.Request, repl *caddy.Replacer) { + if rep.Find == "" { return } @@ -313,15 +331,46 @@ func (rep replacer) do(r *http.Request, repl *caddy.Replacer) { find := repl.ReplaceAll(rep.Find, "") replace := repl.ReplaceAll(rep.Replace, "") - r.URL.RawPath = strings.Replace(r.URL.RawPath, find, replace, lim) - if p, err := url.PathUnescape(r.URL.RawPath); err == nil && p != "" { - r.URL.Path = p - } else { - r.URL.Path = strings.Replace(r.URL.Path, find, replace, lim) - } + changePath(r, func(pathOrRawPath string) string { + return strings.Replace(pathOrRawPath, find, replace, lim) + }) r.URL.RawQuery = strings.Replace(r.URL.RawQuery, find, replace, lim) } +// regexReplacer describes a replacement using a regular expression. +type regexReplacer struct { + // The regular expression to find. + Find string `json:"find,omitempty"` + + // The substring to replace with. Supports placeholders and + // regular expression capture groups. + Replace string `json:"replace,omitempty"` + + re *regexp.Regexp +} + +func (rep regexReplacer) do(r *http.Request, repl *caddy.Replacer) { + if rep.Find == "" || rep.re == nil { + return + } + replace := repl.ReplaceAll(rep.Replace, "") + changePath(r, func(pathOrRawPath string) string { + return rep.re.ReplaceAllString(pathOrRawPath, replace) + }) +} + +// changePath updates the path on the request URL. It first executes newVal on +// req.URL.RawPath, and if the result is a valid escaping, it will be copied +// into req.URL.Path; otherwise newVal is evaluated only on req.URL.Path. +func changePath(req *http.Request, newVal func(pathOrRawPath string) string) { + req.URL.RawPath = newVal(req.URL.RawPath) + if p, err := url.PathUnescape(req.URL.RawPath); err == nil && p != "" { + req.URL.Path = p + } else { + req.URL.Path = newVal(req.URL.Path) + } +} + // Interface guard var _ caddyhttp.MiddlewareHandler = (*Rewrite)(nil) diff --git a/modules/caddyhttp/rewrite/rewrite_test.go b/modules/caddyhttp/rewrite/rewrite_test.go index 9329a04a..4d595e29 100644 --- a/modules/caddyhttp/rewrite/rewrite_test.go +++ b/modules/caddyhttp/rewrite/rewrite_test.go @@ -16,6 +16,7 @@ package rewrite import ( "net/http" + "regexp" "testing" "github.com/caddyserver/caddy/v2" @@ -232,20 +233,26 @@ func TestRewrite(t *testing.T) { }, { - rule: Rewrite{URISubstring: []replacer{{Find: "findme", Replace: "replaced"}}}, + rule: Rewrite{URISubstring: []substrReplacer{{Find: "findme", Replace: "replaced"}}}, input: newRequest(t, "GET", "/foo/bar"), expect: newRequest(t, "GET", "/foo/bar"), }, { - rule: Rewrite{URISubstring: []replacer{{Find: "findme", Replace: "replaced"}}}, + rule: Rewrite{URISubstring: []substrReplacer{{Find: "findme", Replace: "replaced"}}}, input: newRequest(t, "GET", "/foo/findme/bar"), expect: newRequest(t, "GET", "/foo/replaced/bar"), }, { - rule: Rewrite{URISubstring: []replacer{{Find: "findme", Replace: "replaced"}}}, + rule: Rewrite{URISubstring: []substrReplacer{{Find: "findme", Replace: "replaced"}}}, input: newRequest(t, "GET", "/foo/findme%2Fbar"), expect: newRequest(t, "GET", "/foo/replaced%2Fbar"), }, + + { + rule: Rewrite{PathRegexp: []*regexReplacer{{Find: "/{2,}", Replace: "/"}}}, + input: newRequest(t, "GET", "/foo//bar///baz?a=b//c"), + expect: newRequest(t, "GET", "/foo/bar/baz?a=b//c"), + }, } { // copy the original input just enough so that we can // compare it after the rewrite to see if it changed @@ -260,6 +267,16 @@ func TestRewrite(t *testing.T) { repl.Set("http.request.uri.path", tc.input.URL.Path) repl.Set("http.request.uri.query", tc.input.URL.RawQuery) + // we can't directly call Provision() without a valid caddy.Context + // (TODO: fix that) so here we ad-hoc compile the regex + for _, rep := range tc.rule.PathRegexp { + re, err := regexp.Compile(rep.Find) + if err != nil { + t.Fatal(err) + } + rep.re = re + } + changed := tc.rule.rewrite(tc.input, repl, nil) if expected, actual := !reqEqual(originalInput, tc.input), changed; expected != actual { From 51f35ba03f78e691d0e141b24ff19f82bfb34b67 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 3 Mar 2021 12:12:31 -0500 Subject: [PATCH 0331/1498] reverseproxy: Fix upstreams with placeholders with no port (#4046) --- .../reverse_proxy_upstream_placeholder.txt | 102 ++++++++++++++++++ modules/caddyhttp/reverseproxy/caddyfile.go | 7 ++ 2 files changed, 109 insertions(+) create mode 100644 caddytest/integration/caddyfile_adapt/reverse_proxy_upstream_placeholder.txt diff --git a/caddytest/integration/caddyfile_adapt/reverse_proxy_upstream_placeholder.txt b/caddytest/integration/caddyfile_adapt/reverse_proxy_upstream_placeholder.txt new file mode 100644 index 00000000..91c8f307 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/reverse_proxy_upstream_placeholder.txt @@ -0,0 +1,102 @@ +:8884 { + map {host} {upstream} { + foo.example.com 1.2.3.4 + default 2.3.4.5 + } + + # Upstream placeholder with a port should retain the port + reverse_proxy {upstream}:80 +} + +:8885 { + map {host} {upstream} { + foo.example.com 1.2.3.4:8080 + default 2.3.4.5:8080 + } + + # Upstream placeholder with no port should not have a port joined + reverse_proxy {upstream} +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":8884" + ], + "routes": [ + { + "handle": [ + { + "defaults": [ + "2.3.4.5" + ], + "destinations": [ + "{upstream}" + ], + "handler": "map", + "mappings": [ + { + "input": "foo.example.com", + "outputs": [ + "1.2.3.4" + ] + } + ], + "source": "{http.request.host}" + }, + { + "handler": "reverse_proxy", + "upstreams": [ + { + "dial": "{upstream}:80" + } + ] + } + ] + } + ] + }, + "srv1": { + "listen": [ + ":8885" + ], + "routes": [ + { + "handle": [ + { + "defaults": [ + "2.3.4.5:8080" + ], + "destinations": [ + "{upstream}" + ], + "handler": "map", + "mappings": [ + { + "input": "foo.example.com", + "outputs": [ + "1.2.3.4:8080" + ] + } + ], + "source": "{http.request.host}" + }, + { + "handler": "reverse_proxy", + "upstreams": [ + { + "dial": "{upstream}" + } + ] + } + ] + } + ] + } + } + } + } +} diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index 71ed21fa..da7450d2 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -184,6 +184,13 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { if network != "" { return caddy.JoinNetworkAddress(network, host, port), nil } + + // if the host is a placeholder, then we don't want to join with an empty port, + // because that would just append an extra ':' at the end of the address. + if port == "" && strings.Contains(host, "{") { + return host, nil + } + return net.JoinHostPort(host, port), nil } From 802f80c3821940825ec278e1d9c153a321e956a9 Mon Sep 17 00:00:00 2001 From: Rajat Jain Date: Thu, 11 Mar 2021 02:52:33 +0530 Subject: [PATCH 0332/1498] map: Accept regex substitution in outputs (#3991) * Replace placeholders with regex groups * using Matcher methods * test added * linting fix * Revert "linting fix" This reverts commit cafd7296f43639bbcd2601bea79a47f60763a200. * Revert "test added" This reverts commit 3a76cc7b0bc5dcef15ca5c8ec22efcd4067d484c. * Revert "using Matcher methods" This reverts commit cc34337b8ebb61d40ec343cee0fc225a694d3db6. * tests added --- caddytest/integration/map_test.go | 4 ++-- modules/caddyhttp/map/map.go | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/caddytest/integration/map_test.go b/caddytest/integration/map_test.go index aa535ecd..7cd769e7 100644 --- a/caddytest/integration/map_test.go +++ b/caddytest/integration/map_test.go @@ -19,7 +19,7 @@ func TestMap(t *testing.T) { map {http.request.method} {dest-1} {dest-2} { default unknown1 unknown2 - ~G.T get-called + ~G(.)(.) G${1}${2}-called POST post-called foobar } @@ -30,7 +30,7 @@ func TestMap(t *testing.T) { `, "caddyfile") // act and assert - tester.AssertGetResponse("http://localhost:9080/version", 200, "hello from localhost get-called unknown2") + tester.AssertGetResponse("http://localhost:9080/version", 200, "hello from localhost GET-called unknown2") tester.AssertPostResponseBody("http://localhost:9080/version", []string{}, bytes.NewBuffer([]byte{}), 200, "hello from localhost post-called foobar") } diff --git a/modules/caddyhttp/map/map.go b/modules/caddyhttp/map/map.go index e193f203..a0e07687 100644 --- a/modules/caddyhttp/map/map.go +++ b/modules/caddyhttp/map/map.go @@ -136,6 +136,7 @@ func (h Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhtt if output := m.Outputs[destIdx]; output == nil { continue } else { + output = m.re.ReplaceAllString(input, m.Outputs[destIdx].(string)) return output, true } } From 2a127ac3d1650052f39e93f277e1dfd8c7c730e4 Mon Sep 17 00:00:00 2001 From: Aaron Taylor Date: Fri, 12 Mar 2021 15:00:02 -0500 Subject: [PATCH 0333/1498] caddyconfig: add global option for configuring loggers (#4028) This change is aimed at enhancing the logging module within the Caddyfile directive to allow users to configure logs other than the HTTP access log stream, which is the current capability of the Caddyfile [1]. The intent here is to leverage the same syntax as the server log directive at a global level, so that similar customizations can be added without needing to resort to a JSON-based configuration. Discussion for this approach happened in the referenced issue. Closes https://github.com/caddyserver/caddy/issues/3958 [1] https://caddyserver.com/docs/caddyfile/directives/log --- caddyconfig/httpcaddyfile/builtins.go | 87 ++++++++++++++++--- caddyconfig/httpcaddyfile/builtins_test.go | 30 ++++++- caddyconfig/httpcaddyfile/httptype.go | 49 ++++++++--- caddyconfig/httpcaddyfile/options.go | 50 +++++++++++ caddyconfig/httpcaddyfile/options_test.go | 64 ++++++++++++++ .../global_options_log_and_site.txt | 77 ++++++++++++++++ .../global_options_log_basic.txt | 18 ++++ .../global_options_log_custom.txt | 39 +++++++++ .../global_options_log_multi.txt | 26 ++++++ 9 files changed, 414 insertions(+), 26 deletions(-) create mode 100644 caddyconfig/httpcaddyfile/options_test.go create mode 100644 caddytest/integration/caddyfile_adapt/global_options_log_and_site.txt create mode 100644 caddytest/integration/caddyfile_adapt/global_options_log_basic.txt create mode 100644 caddytest/integration/caddyfile_adapt/global_options_log_custom.txt create mode 100644 caddytest/integration/caddyfile_adapt/global_options_log_multi.txt diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index 8a8f3cc9..8830f521 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -619,11 +619,50 @@ func parseHandleErrors(h Helper) ([]ConfigValue, error) { // } // func parseLog(h Helper) ([]ConfigValue, error) { + return parseLogHelper(h, nil) +} + +// parseLogHelper is used both for the parseLog directive within Server Blocks, +// as well as the global "log" option for configuring loggers at the global +// level. The parseAsGlobalOption parameter is used to distinguish any differing logic +// between the two. +func parseLogHelper(h Helper, globalLogNames map[string]struct{}) ([]ConfigValue, error) { + // When the globalLogNames parameter is passed in, we make + // modifications to the parsing behavior. + parseAsGlobalOption := globalLogNames != nil + var configValues []ConfigValue for h.Next() { - // log does not currently support any arguments - if h.NextArg() { - return nil, h.ArgErr() + // Logic below expects that a name is always present when a + // global option is being parsed. + var globalLogName string + if parseAsGlobalOption { + if h.NextArg() { + globalLogName = h.Val() + + // Only a single argument is supported. + if h.NextArg() { + return nil, h.ArgErr() + } + } else { + // If there is no log name specified, we + // reference the default logger. See the + // setupNewDefault function in the logging + // package for where this is configured. + globalLogName = "default" + } + + // Verify this name is unused. + _, used := globalLogNames[globalLogName] + if used { + return nil, h.Err("duplicate global log option for: " + globalLogName) + } + globalLogNames[globalLogName] = struct{}{} + } else { + // No arguments are supported for the server block log directive + if h.NextArg() { + return nil, h.ArgErr() + } } cl := new(caddy.CustomLog) @@ -687,22 +726,48 @@ func parseLog(h Helper) ([]ConfigValue, error) { return nil, h.ArgErr() } + case "include": + // This configuration is only allowed in the global options + if !parseAsGlobalOption { + return nil, h.ArgErr() + } + for h.NextArg() { + cl.Include = append(cl.Include, h.Val()) + } + + case "exclude": + // This configuration is only allowed in the global options + if !parseAsGlobalOption { + return nil, h.ArgErr() + } + for h.NextArg() { + cl.Exclude = append(cl.Exclude, h.Val()) + } + default: return nil, h.Errf("unrecognized subdirective: %s", h.Val()) } } var val namedCustomLog + // Skip handling of empty logging configs if !reflect.DeepEqual(cl, new(caddy.CustomLog)) { - logCounter, ok := h.State["logCounter"].(int) - if !ok { - logCounter = 0 + if parseAsGlobalOption { + // Use indicated name for global log options + val.name = globalLogName + val.log = cl + } else { + // Construct a log name for server log streams + logCounter, ok := h.State["logCounter"].(int) + if !ok { + logCounter = 0 + } + val.name = fmt.Sprintf("log%d", logCounter) + cl.Include = []string{"http.log.access." + val.name} + val.log = cl + logCounter++ + h.State["logCounter"] = logCounter } - val.name = fmt.Sprintf("log%d", logCounter) - cl.Include = []string{"http.log.access." + val.name} - val.log = cl - logCounter++ - h.State["logCounter"] = logCounter } configValues = append(configValues, ConfigValue{ Class: "custom_log", diff --git a/caddyconfig/httpcaddyfile/builtins_test.go b/caddyconfig/httpcaddyfile/builtins_test.go index 09bb4ed2..49623830 100644 --- a/caddyconfig/httpcaddyfile/builtins_test.go +++ b/caddyconfig/httpcaddyfile/builtins_test.go @@ -10,6 +10,7 @@ import ( func TestLogDirectiveSyntax(t *testing.T) { for i, tc := range []struct { input string + output string expectError bool }{ { @@ -17,6 +18,7 @@ func TestLogDirectiveSyntax(t *testing.T) { log } `, + output: `{"apps":{"http":{"servers":{"srv0":{"listen":[":8080"],"logs":{}}}}}}`, expectError: false, }, { @@ -26,11 +28,31 @@ func TestLogDirectiveSyntax(t *testing.T) { } } `, + output: `{"logging":{"logs":{"default":{"exclude":["http.log.access.log0"]},"log0":{"writer":{"filename":"foo.log","output":"file"},"include":["http.log.access.log0"]}}},"apps":{"http":{"servers":{"srv0":{"listen":[":8080"],"logs":{"default_logger_name":"log0"}}}}}}`, expectError: false, }, { input: `:8080 { - log /foo { + log { + format filter { + wrap console + fields { + common_log delete + request>remote_addr ip_mask { + ipv4 24 + ipv6 32 + } + } + } + } + } + `, + output: `{"logging":{"logs":{"default":{"exclude":["http.log.access.log0"]},"log0":{"encoder":{"fields":{"common_log":{"filter":"delete"},"request\u003eremote_addr":{"filter":"ip_mask","ipv4_cidr":24,"ipv6_cidr":32}},"format":"filter","wrap":{"format":"console"}},"include":["http.log.access.log0"]}}},"apps":{"http":{"servers":{"srv0":{"listen":[":8080"],"logs":{"default_logger_name":"log0"}}}}}}`, + expectError: false, + }, + { + input: `:8080 { + log invalid { output file foo.log } } @@ -43,12 +65,16 @@ func TestLogDirectiveSyntax(t *testing.T) { ServerType: ServerType{}, } - _, _, err := adapter.Adapt([]byte(tc.input), nil) + out, _, err := adapter.Adapt([]byte(tc.input), nil) if err != nil != tc.expectError { t.Errorf("Test %d error expectation failed Expected: %v, got %s", i, tc.expectError, err) continue } + + if string(out) != tc.output { + t.Errorf("Test %d error output mismatch Expected: %s, got %s", i, tc.output, out) + } } } diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index f9195a65..42880765 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -240,20 +240,29 @@ func (st ServerType) Setup(inputServerBlocks []caddyfile.ServerBlock, // extract any custom logs, and enforce configured levels var customLogs []namedCustomLog var hasDefaultLog bool + addCustomLog := func(ncl namedCustomLog) { + if ncl.name == "" { + return + } + if ncl.name == "default" { + hasDefaultLog = true + } + if _, ok := options["debug"]; ok && ncl.log.Level == "" { + ncl.log.Level = "DEBUG" + } + customLogs = append(customLogs, ncl) + } + // Apply global log options, when set + if options["log"] != nil { + for _, logValue := range options["log"].([]ConfigValue) { + addCustomLog(logValue.Value.(namedCustomLog)) + } + } + // Apply server-specific log options for _, p := range pairings { for _, sb := range p.serverBlocks { for _, clVal := range sb.pile["custom_log"] { - ncl := clVal.Value.(namedCustomLog) - if ncl.name == "" { - continue - } - if ncl.name == "default" { - hasDefaultLog = true - } - if _, ok := options["debug"]; ok && ncl.log.Level == "" { - ncl.log.Level = "DEBUG" - } - customLogs = append(customLogs, ncl) + addCustomLog(clVal.Value.(namedCustomLog)) } } } @@ -313,7 +322,7 @@ func (st ServerType) Setup(inputServerBlocks []caddyfile.ServerBlock, // most users seem to prefer not writing access logs // to the default log when they are directed to a // file or have any other special customization - if len(ncl.log.Include) > 0 { + if ncl.name != "default" && len(ncl.log.Include) > 0 { defaultLog, ok := cfg.Logging.Logs["default"] if !ok { defaultLog = new(caddy.CustomLog) @@ -362,11 +371,25 @@ func (ServerType) evaluateGlobalOptionsBlock(serverBlocks []serverBlock, options } serverOpts, ok := val.(serverOptions) if !ok { - return nil, fmt.Errorf("unexpected type from 'servers' global options") + return nil, fmt.Errorf("unexpected type from 'servers' global options: %T", val) } options[opt] = append(existingOpts, serverOpts) continue } + // Additionally, fold multiple "log" options together into an + // array so that multiple loggers can be configured. + if opt == "log" { + existingOpts, ok := options[opt].([]ConfigValue) + if !ok { + existingOpts = []ConfigValue{} + } + logOpts, ok := val.([]ConfigValue) + if !ok { + return nil, fmt.Errorf("unexpected type from 'log' global options: %T", val) + } + options[opt] = append(existingOpts, logOpts...) + continue + } options[opt] = val } diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go index 54672a65..9dd215f9 100644 --- a/caddyconfig/httpcaddyfile/options.go +++ b/caddyconfig/httpcaddyfile/options.go @@ -18,6 +18,7 @@ import ( "strconv" "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/caddy/v2/caddyconfig" "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" "github.com/caddyserver/caddy/v2/modules/caddytls" "github.com/caddyserver/certmagic" @@ -44,6 +45,7 @@ func init() { RegisterGlobalOption("auto_https", parseOptAutoHTTPS) RegisterGlobalOption("servers", parseServerOptions) RegisterGlobalOption("ocsp_stapling", parseOCSPStaplingOptions) + RegisterGlobalOption("log", parseLogOptions) } func parseOptTrue(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { return true, nil } @@ -385,3 +387,51 @@ func parseOCSPStaplingOptions(d *caddyfile.Dispenser, _ interface{}) (interface{ DisableStapling: val == "off", }, nil } + +// parseLogOptions parses the global log option. Syntax: +// +// log [name] { +// output ... +// format ... +// level +// include +// exclude +// } +// +// When the name argument is unspecified, this directive modifies the default +// logger. +// +func parseLogOptions(d *caddyfile.Dispenser, existingVal interface{}) (interface{}, error) { + currentNames := make(map[string]struct{}) + if existingVal != nil { + innerVals, ok := existingVal.([]ConfigValue) + if !ok { + return nil, d.Errf("existing log values of unexpected type: %T", existingVal) + } + for _, rawVal := range innerVals { + val, ok := rawVal.Value.(namedCustomLog) + if !ok { + return nil, d.Errf("existing log value of unexpected type: %T", existingVal) + } + currentNames[val.name] = struct{}{} + } + } + + var warnings []caddyconfig.Warning + // Call out the same parser that handles server-specific log configuration. + configValues, err := parseLogHelper( + Helper{ + Dispenser: d, + warnings: &warnings, + }, + currentNames, + ) + if err != nil { + return nil, err + } + if len(warnings) > 0 { + return nil, d.Errf("warnings found in parsing global log options: %+v", warnings) + } + + return configValues, nil +} diff --git a/caddyconfig/httpcaddyfile/options_test.go b/caddyconfig/httpcaddyfile/options_test.go new file mode 100644 index 00000000..bc9e8813 --- /dev/null +++ b/caddyconfig/httpcaddyfile/options_test.go @@ -0,0 +1,64 @@ +package httpcaddyfile + +import ( + "testing" + + "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" + _ "github.com/caddyserver/caddy/v2/modules/logging" +) + +func TestGlobalLogOptionSyntax(t *testing.T) { + for i, tc := range []struct { + input string + output string + expectError bool + }{ + // NOTE: Additional test cases of successful Caddyfile parsing + // are present in: caddytest/integration/caddyfile_adapt/ + { + input: `{ + log default + } + `, + output: `{}`, + expectError: false, + }, + { + input: `{ + log example { + output file foo.log + } + log example { + format json + } + } + `, + expectError: true, + }, + { + input: `{ + log example /foo { + output file foo.log + } + } + `, + expectError: true, + }, + } { + + adapter := caddyfile.Adapter{ + ServerType: ServerType{}, + } + + out, _, err := adapter.Adapt([]byte(tc.input), nil) + + if err != nil != tc.expectError { + t.Errorf("Test %d error expectation failed Expected: %v, got %v", i, tc.expectError, err) + continue + } + + if string(out) != tc.output { + t.Errorf("Test %d error output mismatch Expected: %s, got %s", i, tc.output, out) + } + } +} diff --git a/caddytest/integration/caddyfile_adapt/global_options_log_and_site.txt b/caddytest/integration/caddyfile_adapt/global_options_log_and_site.txt new file mode 100644 index 00000000..037c8b65 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/global_options_log_and_site.txt @@ -0,0 +1,77 @@ +{ + log { + output file caddy.log + include some-log-source + exclude admin.api admin2.api + } + log custom-logger { + output file caddy.log + level WARN + include custom-log-source + } +} + +:8884 { + log { + format json + output file access.log + } +} +---------- +{ + "logging": { + "logs": { + "custom-logger": { + "writer": { + "filename": "caddy.log", + "output": "file" + }, + "level": "WARN", + "include": [ + "custom-log-source" + ] + }, + "default": { + "writer": { + "filename": "caddy.log", + "output": "file" + }, + "include": [ + "some-log-source" + ], + "exclude": [ + "admin.api", + "admin2.api", + "custom-log-source", + "http.log.access.log0" + ] + }, + "log0": { + "writer": { + "filename": "access.log", + "output": "file" + }, + "encoder": { + "format": "json" + }, + "include": [ + "http.log.access.log0" + ] + } + } + }, + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":8884" + ], + "logs": { + "default_logger_name": "log0" + } + } + } + } + } +} diff --git a/caddytest/integration/caddyfile_adapt/global_options_log_basic.txt b/caddytest/integration/caddyfile_adapt/global_options_log_basic.txt new file mode 100644 index 00000000..b8d32dc3 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/global_options_log_basic.txt @@ -0,0 +1,18 @@ +{ + log { + output file foo.log + } +} +---------- +{ + "logging": { + "logs": { + "default": { + "writer": { + "filename": "foo.log", + "output": "file" + } + } + } + } +} diff --git a/caddytest/integration/caddyfile_adapt/global_options_log_custom.txt b/caddytest/integration/caddyfile_adapt/global_options_log_custom.txt new file mode 100644 index 00000000..abbca19f --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/global_options_log_custom.txt @@ -0,0 +1,39 @@ +{ + log custom-logger { + format filter { + wrap console + fields { + common_log delete + request>remote_addr ip_mask { + ipv4 24 + ipv6 32 + } + } + } + } +} +---------- +{ + "logging": { + "logs": { + "custom-logger": { + "encoder": { + "fields": { + "common_log": { + "filter": "delete" + }, + "request\u003eremote_addr": { + "filter": "ip_mask", + "ipv4_cidr": 24, + "ipv6_cidr": 32 + } + }, + "format": "filter", + "wrap": { + "format": "console" + } + } + } + } + } +} diff --git a/caddytest/integration/caddyfile_adapt/global_options_log_multi.txt b/caddytest/integration/caddyfile_adapt/global_options_log_multi.txt new file mode 100644 index 00000000..c20251ab --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/global_options_log_multi.txt @@ -0,0 +1,26 @@ +{ + log first { + output file foo.log + } + log second { + format json + } +} +---------- +{ + "logging": { + "logs": { + "first": { + "writer": { + "filename": "foo.log", + "output": "file" + } + }, + "second": { + "encoder": { + "format": "json" + } + } + } + } +} From f137b82227f7b32b2ca036a89068c806a29a5ac7 Mon Sep 17 00:00:00 2001 From: Aaron Taylor Date: Fri, 12 Mar 2021 15:01:34 -0500 Subject: [PATCH 0334/1498] logging: add replace filter for static value replacement (#4029) This filter is intended to be useful in scenarios where you may want to redact a value with a static string, giving you information that the field did previously exist and was present, but not revealing the value itself in the logs. This was inspired by work on adding more complete support for removing sensitive values from logs [1]. An example use case would be the Authorization header in request log output, for which the value should usually not be logged, but it may be quite useful for debugging to confirm that the header was present in the request. [1] https://github.com/caddyserver/caddy/issues/3958 --- .../caddyfile_adapt/log_filters.txt | 7 ++-- modules/logging/filters.go | 32 +++++++++++++++++++ 2 files changed, 36 insertions(+), 3 deletions(-) diff --git a/caddytest/integration/caddyfile_adapt/log_filters.txt b/caddytest/integration/caddyfile_adapt/log_filters.txt index ab118074..0949c1d4 100644 --- a/caddytest/integration/caddyfile_adapt/log_filters.txt +++ b/caddytest/integration/caddyfile_adapt/log_filters.txt @@ -5,7 +5,7 @@ log { format filter { wrap console fields { - request>headers>Authorization delete + request>headers>Authorization replace REDACTED request>headers>Server delete request>remote_addr ip_mask { ipv4 24 @@ -30,7 +30,8 @@ log { "encoder": { "fields": { "request\u003eheaders\u003eAuthorization": { - "filter": "delete" + "filter": "replace", + "value": "REDACTED" }, "request\u003eheaders\u003eServer": { "filter": "delete" @@ -66,4 +67,4 @@ log { } } } -} \ No newline at end of file +} diff --git a/modules/logging/filters.go b/modules/logging/filters.go index a5a917de..a4e3c738 100644 --- a/modules/logging/filters.go +++ b/modules/logging/filters.go @@ -25,6 +25,7 @@ import ( func init() { caddy.RegisterModule(DeleteFilter{}) + caddy.RegisterModule(ReplaceFilter{}) caddy.RegisterModule(IPMaskFilter{}) } @@ -57,6 +58,37 @@ func (DeleteFilter) Filter(in zapcore.Field) zapcore.Field { return in } +// ReplaceFilter is a Caddy log field filter that +// replaces the field with the indicated string. +type ReplaceFilter struct { + Value string `json:"value,omitempty"` +} + +// CaddyModule returns the Caddy module information. +func (ReplaceFilter) CaddyModule() caddy.ModuleInfo { + return caddy.ModuleInfo{ + ID: "caddy.logging.encoders.filter.replace", + New: func() caddy.Module { return new(ReplaceFilter) }, + } +} + +// UnmarshalCaddyfile sets up the module from Caddyfile tokens. +func (f *ReplaceFilter) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + for d.Next() { + if d.NextArg() { + f.Value = d.Val() + } + } + return nil +} + +// Filter filters the input field with the replacement value. +func (f *ReplaceFilter) Filter(in zapcore.Field) zapcore.Field { + in.Type = zapcore.StringType + in.String = f.Value + return in +} + // IPMaskFilter is a Caddy log field filter that // masks IP addresses. type IPMaskFilter struct { From 0d7fe36007d5fbadaa6057b6543500d63147e6c0 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Fri, 12 Mar 2021 15:25:49 -0500 Subject: [PATCH 0335/1498] httpcaddyfile: Add `error` directive for the existing handler (#4034) * httpcaddyfile: Add `error` directive for the existing handler * httpcaddyfile: Move `error` to the end of the order --- caddyconfig/httpcaddyfile/builtins.go | 11 ++++++ caddyconfig/httpcaddyfile/directives.go | 1 + modules/caddyhttp/staticerror.go | 50 ++++++++++++++++++++++++- 3 files changed, 61 insertions(+), 1 deletion(-) diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index 8830f521..32f9da71 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -42,6 +42,7 @@ func init() { RegisterHandlerDirective("redir", parseRedir) RegisterHandlerDirective("respond", parseRespond) RegisterHandlerDirective("abort", parseAbort) + RegisterHandlerDirective("error", parseError) RegisterHandlerDirective("route", parseRoute) RegisterHandlerDirective("handle", parseHandle) RegisterDirective("handle_errors", parseHandleErrors) @@ -566,6 +567,16 @@ func parseAbort(h Helper) (caddyhttp.MiddlewareHandler, error) { return &caddyhttp.StaticResponse{Abort: true}, nil } +// parseError parses the error directive. +func parseError(h Helper) (caddyhttp.MiddlewareHandler, error) { + se := new(caddyhttp.StaticError) + err := se.UnmarshalCaddyfile(h.Dispenser) + if err != nil { + return nil, err + } + return se, nil +} + // parseRoute parses the route directive. func parseRoute(h Helper) (caddyhttp.MiddlewareHandler, error) { sr := new(caddyhttp.Subroute) diff --git a/caddyconfig/httpcaddyfile/directives.go b/caddyconfig/httpcaddyfile/directives.go index 7f77f49f..b4a8407d 100644 --- a/caddyconfig/httpcaddyfile/directives.go +++ b/caddyconfig/httpcaddyfile/directives.go @@ -70,6 +70,7 @@ var directiveOrder = []string{ "file_server", "acme_server", "abort", + "error", } // directiveIsOrdered returns true if dir is diff --git a/modules/caddyhttp/staticerror.go b/modules/caddyhttp/staticerror.go index d2d255e7..914e6c14 100644 --- a/modules/caddyhttp/staticerror.go +++ b/modules/caddyhttp/staticerror.go @@ -20,6 +20,7 @@ import ( "strconv" "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" ) func init() { @@ -50,6 +51,50 @@ func (StaticError) CaddyModule() caddy.ModuleInfo { } } +// UnmarshalCaddyfile sets up the handler from Caddyfile tokens. Syntax: +// +// error [] | [] { +// message +// } +// +// If there is just one argument (other than the matcher), it is considered +// to be a status code if it's a valid positive integer of 3 digits. +func (e *StaticError) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + for d.Next() { + args := d.RemainingArgs() + switch len(args) { + case 1: + if len(args[0]) == 3 { + if num, err := strconv.Atoi(args[0]); err == nil && num > 0 { + e.StatusCode = WeakString(args[0]) + break + } + } + e.Error = args[0] + case 2: + e.Error = args[0] + e.StatusCode = WeakString(args[1]) + default: + return d.ArgErr() + } + + for d.NextBlock(0) { + switch d.Val() { + case "message": + if e.Error != "" { + return d.Err("message already specified") + } + if !d.AllArgs(&e.Error) { + return d.ArgErr() + } + default: + return d.Errf("unrecognized subdirective '%s'", d.Val()) + } + } + } + return nil +} + func (e StaticError) ServeHTTP(w http.ResponseWriter, r *http.Request, _ Handler) error { repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) @@ -66,4 +111,7 @@ func (e StaticError) ServeHTTP(w http.ResponseWriter, r *http.Request, _ Handler } // Interface guard -var _ MiddlewareHandler = (*StaticError)(nil) +var ( + _ MiddlewareHandler = (*StaticError)(nil) + _ caddyfile.Unmarshaler = (*StaticError)(nil) +) From 28a4159933bee9a01a47740456487670cb0766bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sim=C3=A3o=20Gomes=20Viana?= <80681087+simaotwx@users.noreply.github.com> Date: Fri, 19 Mar 2021 12:37:43 +0100 Subject: [PATCH 0336/1498] CONTRIBUTING: fix spelling (#4070) Minor spelling fixes to make this document even better --- .github/CONTRIBUTING.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index 0a277486..76a1bc62 100644 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -29,7 +29,7 @@ We hold contributions to a high standard for quality :bowtie:, so don't be surpr Here are some of the expectations we have of contributors: -- **Open an issue to propose your change first.** This way we can avoid confusion, coordinate what everyone is working on, and ensure that any changes are in-line with the project's goals and the best interests of its users. We can also discuss the best possible implementation. If there's already an issue about it, comment on the existing issue to claim it. A lot of valuable time can be saved by discussing a propsal first. +- **Open an issue to propose your change first.** This way we can avoid confusion, coordinate what everyone is working on, and ensure that any changes are in-line with the project's goals and the best interests of its users. We can also discuss the best possible implementation. If there's already an issue about it, comment on the existing issue to claim it. A lot of valuable time can be saved by discussing a proposal first. - **Keep pull requests small.** Smaller PRs are more likely to be merged because they are easier to review! We might ask you to break up large PRs into smaller ones. [An example of what we want to avoid.](https://twitter.com/iamdevloper/status/397664295875805184) @@ -139,7 +139,7 @@ Our documentation is scoped to the Caddy project only: it is not for describing ## Collaborator Instructions -Collaborators have push rights to the repository. We grant this permission after one or more successful, high-quality PRs are merged! We thank them for their help.The expectations we have of collaborators are: +Collaborators have push rights to the repository. We grant this permission after one or more successful, high-quality PRs are merged! We thank them for their help. The expectations we have of collaborators are: - **Help review pull requests.** Be meticulous, but also kind. We love our contributors, but we critique the contribution to make it better. Multiple, thorough reviews make for the best contributions! Here are some questions to consider: - Can the change be made more elegant? From a48c6205b79c80ec28eb791d144275da8669dc6e Mon Sep 17 00:00:00 2001 From: rai Date: Fri, 19 Mar 2021 18:41:02 +0100 Subject: [PATCH 0337/1498] fileserver: Browse listing supports dark mode (#4066) * Add dark color scheme media query * Theme search box, make everything less contrasting * Further contrast tweaks --- modules/caddyhttp/fileserver/browsetpl.go | 49 +++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/modules/caddyhttp/fileserver/browsetpl.go b/modules/caddyhttp/fileserver/browsetpl.go index f3fe36fa..69575090 100644 --- a/modules/caddyhttp/fileserver/browsetpl.go +++ b/modules/caddyhttp/fileserver/browsetpl.go @@ -226,6 +226,55 @@ footer { max-width: 100px; } } + +@media (prefers-color-scheme: dark) { + body { + background-color: #101010; + color: #dddddd; + } + + header { + background-color: #151515; + } + + tbody tr:hover { + background-color: #252525; + } + + header a, + th a { + color: #dddddd; + } + + a { + color: #5796d1; + text-decoration: none; + } + + a:hover, + h1 a:hover { + color: #62b2fd; + } + + tr { + border-bottom: 1px dashed rgba(255, 255, 255, 0.12); + } + + #up-arrow, + #down-arrow { + fill: #dddddd; + } + + #filter { + background-color: #151515; + color: #ffffff; + border: 1px solid #212121; + } + + .meta { + border-bottom: 1px solid #212121 + } +} From 0018b9be0d2e409cd80367c9e8403188723d0996 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Fri, 19 Mar 2021 13:42:26 -0400 Subject: [PATCH 0338/1498] fileserver: Add a few more debug lines (#4063) --- modules/caddyhttp/fileserver/staticfiles.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/caddyhttp/fileserver/staticfiles.go b/modules/caddyhttp/fileserver/staticfiles.go index e809f49f..f58dfe02 100644 --- a/modules/caddyhttp/fileserver/staticfiles.go +++ b/modules/caddyhttp/fileserver/staticfiles.go @@ -295,8 +295,10 @@ func (fsrv *FileServer) openFile(filename string, w http.ResponseWriter) (*os.Fi if err != nil { err = mapDirOpenError(err, filename) if os.IsNotExist(err) { + fsrv.logger.Debug("file not found", zap.String("filename", filename), zap.Error(err)) return nil, caddyhttp.Error(http.StatusNotFound, err) } else if os.IsPermission(err) { + fsrv.logger.Debug("permission denied", zap.String("filename", filename), zap.Error(err)) return nil, caddyhttp.Error(http.StatusForbidden, err) } // maybe the server is under load and ran out of file descriptors? @@ -304,6 +306,7 @@ func (fsrv *FileServer) openFile(filename string, w http.ResponseWriter) (*os.Fi //nolint:gosec backoff := weakrand.Intn(maxBackoff-minBackoff) + minBackoff w.Header().Set("Retry-After", strconv.Itoa(backoff)) + fsrv.logger.Debug("retry after backoff", zap.String("filename", filename), zap.Int("backoff", backoff), zap.Error(err)) return nil, caddyhttp.Error(http.StatusServiceUnavailable, err) } return file, nil From a87f757fccabfbaa7c8f80b1acd5faaf8d7d6297 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sim=C3=A3o=20Gomes=20Viana?= <80681087+simaotwx@users.noreply.github.com> Date: Mon, 29 Mar 2021 18:54:38 +0200 Subject: [PATCH 0339/1498] .gitignore: add IDE files (#4087) These tend to clutter up repositories. --- .gitignore | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.gitignore b/.gitignore index 2d633648..5322a53f 100644 --- a/.gitignore +++ b/.gitignore @@ -21,3 +21,7 @@ vendor dist caddy-build caddy-dist + +# IDE files +.idea/ +.vscode/ From f1c36680fc8b21d5f8c110d8d3b97c4efe324376 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 29 Mar 2021 12:55:29 -0400 Subject: [PATCH 0340/1498] headers: Fix Caddyfile parsing for `request_header` with matchers (#4085) --- .../caddyfile_adapt/request_header.txt | 90 +++++++++++++++++++ modules/caddyhttp/headers/caddyfile.go | 4 + 2 files changed, 94 insertions(+) create mode 100644 caddytest/integration/caddyfile_adapt/request_header.txt diff --git a/caddytest/integration/caddyfile_adapt/request_header.txt b/caddytest/integration/caddyfile_adapt/request_header.txt new file mode 100644 index 00000000..bab3fcac --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/request_header.txt @@ -0,0 +1,90 @@ +:80 + +@matcher path /something* +request_header @matcher Denis "Ritchie" + +request_header +Edsger "Dijkstra" +request_header -Wolfram + +@images path /images/* +request_header @images Cache-Control "public, max-age=3600, stale-while-revalidate=86400" +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":80" + ], + "routes": [ + { + "match": [ + { + "path": [ + "/something*" + ] + } + ], + "handle": [ + { + "handler": "headers", + "request": { + "set": { + "Denis": [ + "Ritchie" + ] + } + } + } + ] + }, + { + "match": [ + { + "path": [ + "/images/*" + ] + } + ], + "handle": [ + { + "handler": "headers", + "request": { + "set": { + "Cache-Control": [ + "public, max-age=3600, stale-while-revalidate=86400" + ] + } + } + } + ] + }, + { + "handle": [ + { + "handler": "headers", + "request": { + "add": { + "Edsger": [ + "Dijkstra" + ] + } + } + }, + { + "handler": "headers", + "request": { + "delete": [ + "Wolfram" + ] + } + } + ] + } + ] + } + } + } + } +} diff --git a/modules/caddyhttp/headers/caddyfile.go b/modules/caddyhttp/headers/caddyfile.go index 574e54bb..c6ea2fb0 100644 --- a/modules/caddyhttp/headers/caddyfile.go +++ b/modules/caddyhttp/headers/caddyfile.go @@ -151,6 +151,10 @@ func parseCaddyfile(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error) // request_header [] [[+|-] [] []] // func parseReqHdrCaddyfile(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error) { + if !h.Next() { + return nil, h.ArgErr() + } + matcherSet, err := h.ExtractMatcherSet() if err != nil { return nil, err From 87fbc0783ae45cff885d5118a095ad9ac8c1c08a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sim=C3=A3o=20Gomes=20Viana?= Date: Mon, 29 Mar 2021 19:02:21 +0200 Subject: [PATCH 0341/1498] cmd: main: fix minor doc typos (#4082) Fixed typos in the documentation --- cmd/main.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cmd/main.go b/cmd/main.go index c4d262a5..886391b7 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -49,7 +49,7 @@ func init() { } // Main implements the main function of the caddy command. -// Call this if Caddy is to be the main() if your program. +// Call this if Caddy is to be the main() of your program. func Main() { switch len(os.Args) { case 0: @@ -311,7 +311,7 @@ func (f Flags) Int(name string) int { // Float64 returns the float64 representation of the // flag given by name. It returns false if the flag -// is not a float63 type. It panics if the flag is +// is not a float64 type. It panics if the flag is // not in the flag set. func (f Flags) Float64(name string) float64 { val, _ := strconv.ParseFloat(f.String(name), 64) From 911c8a371aa162d8b82812c3dd0662288fea76e0 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 29 Mar 2021 13:03:50 -0400 Subject: [PATCH 0342/1498] cmd: Use formatted logger for config adapter warnings (#4080) --- cmd/main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/main.go b/cmd/main.go index 886391b7..14408fa6 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -185,7 +185,7 @@ func loadConfig(configFile, adapterName string) ([]byte, string, error) { if warn.Directive != "" { msg = fmt.Sprintf("%s: %s", warn.Directive, warn.Message) } - fmt.Printf("[WARNING][%s] %s:%d: %s\n", adapterName, warn.File, warn.Line, msg) + caddy.Log().Warn(msg, zap.String("adapter", adapterName), zap.String("file", warn.File), zap.Int("line", warn.Line)) } config = adaptedConfig } From a6bc58153be99a8c3fe81e6ac15260c124776663 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sim=C3=A3o=20Gomes=20Viana?= Date: Mon, 29 Mar 2021 19:04:22 +0200 Subject: [PATCH 0343/1498] sigtrap_posix: add missing comma to SIGTERM info (#4078) Was missing a comma, so added it --- sigtrap_posix.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sigtrap_posix.go b/sigtrap_posix.go index 0e4dda3c..d5a03a94 100644 --- a/sigtrap_posix.go +++ b/sigtrap_posix.go @@ -39,7 +39,7 @@ func trapSignalsPosix() { os.Exit(ExitCodeForceQuit) case syscall.SIGTERM: - Log().Info("shutting down apps then terminating", zap.String("signal", "SIGTERM")) + Log().Info("shutting down apps, then terminating", zap.String("signal", "SIGTERM")) exitProcessFromSignal("SIGTERM") case syscall.SIGUSR1: From d63d5ae1ceba4591f2837dff7a9e102dff7e89f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sim=C3=A3o=20Gomes=20Viana?= Date: Mon, 29 Mar 2021 20:04:25 +0200 Subject: [PATCH 0344/1498] caddyhttp: improve grammar of comment for AllowH2C (#4072) --- modules/caddyhttp/server.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index ad873c8c..27a1ca87 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -116,7 +116,7 @@ type Server struct { // Enables H2C ("Cleartext HTTP/2" or "H2 over TCP") support, // which will serve HTTP/2 over plaintext TCP connections if - // a client support it. Because this is not implemented by the + // the client supports it. Because this is not implemented by the // Go standard library, using H2C is incompatible with most // of the other options for this server. Do not enable this // only to achieve maximum client compatibility. In practice, From 1c8ea0082822fbc13cb6b86443b908f6a068f385 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sim=C3=A3o=20Gomes=20Viana?= Date: Mon, 29 Mar 2021 20:39:08 +0200 Subject: [PATCH 0345/1498] go.mod: Migrate to golang.org/x/term (#4073) golang.org/x/crypto/ssh/terminal is deprecated in favor of golang.org/x/term See https://github.com/caddyserver/caddy/pull/4073/checks?check_run_id=2152150495 Error: SA1019: package golang.org/x/crypto/ssh/terminal is deprecated: this package moved to golang.org/x/term. (staticcheck) See https://github.com/caddyserver/caddy/pull/4073/checks?check_run_id=2152228516 Error: SA1019: package golang.org/x/crypto/ssh/terminal is deprecated: this package moved to golang.org/x/term. (staticcheck) Test: go test -count=1 './...' --- go.mod | 1 + go.sum | 3 +++ logging.go | 4 ++-- modules/caddyhttp/caddyauth/command.go | 12 ++++++------ 4 files changed, 12 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index 91f2a196..4e462aba 100644 --- a/go.mod +++ b/go.mod @@ -26,6 +26,7 @@ require ( go.uber.org/zap v1.16.0 golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de golang.org/x/net v0.0.0-20201110031124-69a78807bb2b + golang.org/x/term v0.0.0-20210317153231-de623e64d2a6 google.golang.org/genproto v0.0.0-20200806141610-86f49bd18e98 google.golang.org/protobuf v1.24.0 // cannot upgrade until warning is fixed gopkg.in/natefinch/lumberjack.v2 v2.0.0 diff --git a/go.sum b/go.sum index 2a292d98..5268b114 100644 --- a/go.sum +++ b/go.sum @@ -926,8 +926,11 @@ golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201214210602-f9fddec55a1e h1:AyodaIpKjppX+cBfTASF2E1US3H2JFBj920Ot3rtDjs= golang.org/x/sys v0.0.0-20201214210602-f9fddec55a1e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/term v0.0.0-20210317153231-de623e64d2a6 h1:EC6+IGYTjPpRfv9a2b/6Puw0W+hLtAhkV1tPsXhutqs= +golang.org/x/term v0.0.0-20210317153231-de623e64d2a6/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.0.0-20170915090833-1cbadb444a80/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= diff --git a/logging.go b/logging.go index 60ca4878..7837145d 100644 --- a/logging.go +++ b/logging.go @@ -27,7 +27,7 @@ import ( "go.uber.org/zap" "go.uber.org/zap/zapcore" - "golang.org/x/crypto/ssh/terminal" + "golang.org/x/term" ) func init() { @@ -670,7 +670,7 @@ func newDefaultProductionLog() (*defaultCustomLog, error) { func newDefaultProductionLogEncoder(colorize bool) zapcore.Encoder { encCfg := zap.NewProductionEncoderConfig() - if terminal.IsTerminal(int(os.Stdout.Fd())) { + if term.IsTerminal(int(os.Stdout.Fd())) { // if interactive terminal, make output more human-readable by default encCfg.EncodeTime = func(ts time.Time, encoder zapcore.PrimitiveArrayEncoder) { encoder.AppendString(ts.UTC().Format("2006/01/02 15:04:05.000")) diff --git a/modules/caddyhttp/caddyauth/command.go b/modules/caddyhttp/caddyauth/command.go index a2ae7558..597681b6 100644 --- a/modules/caddyhttp/caddyauth/command.go +++ b/modules/caddyhttp/caddyauth/command.go @@ -25,7 +25,7 @@ import ( "github.com/caddyserver/caddy/v2" caddycmd "github.com/caddyserver/caddy/v2/cmd" - "golang.org/x/crypto/ssh/terminal" + "golang.org/x/term" ) func init() { @@ -67,27 +67,27 @@ func cmdHashPassword(fs caddycmd.Flags) (int, error) { if len(plaintext) == 0 { fd := int(os.Stdin.Fd()) - if terminal.IsTerminal(fd) { + if term.IsTerminal(fd) { // ensure the terminal state is restored on SIGINT - state, _ := terminal.GetState(fd) + state, _ := term.GetState(fd) c := make(chan os.Signal, 1) signal.Notify(c, os.Interrupt) go func() { <-c - _ = terminal.Restore(fd, state) + _ = term.Restore(fd, state) os.Exit(caddy.ExitCodeFailedStartup) }() defer signal.Stop(c) fmt.Fprint(os.Stderr, "Enter password: ") - plaintext, err = terminal.ReadPassword(fd) + plaintext, err = term.ReadPassword(fd) fmt.Fprintln(os.Stderr) if err != nil { return caddy.ExitCodeFailedStartup, err } fmt.Fprint(os.Stderr, "Confirm password: ") - confirmation, err := terminal.ReadPassword(fd) + confirmation, err := term.ReadPassword(fd) fmt.Fprintln(os.Stderr) if err != nil { return caddy.ExitCodeFailedStartup, err From 75f797debdd6c4294497edba9889c6251a8542e7 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 29 Mar 2021 20:36:40 -0400 Subject: [PATCH 0346/1498] reverseproxy: Implement health_uri, deprecate health_path, supports query (#4050) * reverseproxy: Implement health_uri, replaces health_path, supports query Also fixes a bug with `health_status` Caddyfile parsing , it would always only take the first character of the status code even if it didn't end with "xx". * reverseproxy: Rename to URI, named logger, warn in Provision (for JSON) --- .../reverse_proxy_health_path_query.txt | 75 +++++++++++++++++++ modules/caddyhttp/reverseproxy/caddyfile.go | 17 ++++- .../caddyhttp/reverseproxy/healthchecks.go | 17 ++++- .../caddyhttp/reverseproxy/reverseproxy.go | 20 ++++- 4 files changed, 123 insertions(+), 6 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/reverse_proxy_health_path_query.txt diff --git a/caddytest/integration/caddyfile_adapt/reverse_proxy_health_path_query.txt b/caddytest/integration/caddyfile_adapt/reverse_proxy_health_path_query.txt new file mode 100644 index 00000000..80ac2de5 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/reverse_proxy_health_path_query.txt @@ -0,0 +1,75 @@ +# Health with query in the uri +:8443 { + reverse_proxy localhost:54321 { + health_uri /health?ready=1 + health_status 2xx + } +} + +# Health without query in the uri +:8444 { + reverse_proxy localhost:54321 { + health_uri /health + health_status 200 + } +} + +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":8443" + ], + "routes": [ + { + "handle": [ + { + "handler": "reverse_proxy", + "health_checks": { + "active": { + "expect_status": 2, + "uri": "/health?ready=1" + } + }, + "upstreams": [ + { + "dial": "localhost:54321" + } + ] + } + ] + } + ] + }, + "srv1": { + "listen": [ + ":8444" + ], + "routes": [ + { + "handle": [ + { + "handler": "reverse_proxy", + "health_checks": { + "active": { + "expect_status": 200, + "uri": "/health" + } + }, + "upstreams": [ + { + "dial": "localhost:54321" + } + ] + } + ] + } + ] + } + } + } + } +} diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index da7450d2..dbadef60 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -288,6 +288,18 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { } h.LoadBalancing.TryInterval = caddy.Duration(dur) + case "health_uri": + if !d.NextArg() { + return d.ArgErr() + } + if h.HealthChecks == nil { + h.HealthChecks = new(HealthChecks) + } + if h.HealthChecks.Active == nil { + h.HealthChecks.Active = new(ActiveHealthChecks) + } + h.HealthChecks.Active.URI = d.Val() + case "health_path": if !d.NextArg() { return d.ArgErr() @@ -299,6 +311,7 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { h.HealthChecks.Active = new(ActiveHealthChecks) } h.HealthChecks.Active.Path = d.Val() + caddy.Log().Named("config.adapter.caddyfile").Warn("the 'health_path' subdirective is deprecated, please use 'health_uri' instead!") case "health_port": if !d.NextArg() { @@ -382,7 +395,7 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { if len(val) == 3 && strings.HasSuffix(val, "xx") { val = val[:1] } - statusNum, err := strconv.Atoi(val[:1]) + statusNum, err := strconv.Atoi(val) if err != nil { return d.Errf("bad status value '%s': %v", d.Val(), err) } @@ -463,7 +476,7 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { if len(arg) == 3 && strings.HasSuffix(arg, "xx") { arg = arg[:1] } - statusNum, err := strconv.Atoi(arg[:1]) + statusNum, err := strconv.Atoi(arg) if err != nil { return d.Errf("bad status value '%s': %v", d.Val(), err) } diff --git a/modules/caddyhttp/reverseproxy/healthchecks.go b/modules/caddyhttp/reverseproxy/healthchecks.go index 42003b64..6f658665 100644 --- a/modules/caddyhttp/reverseproxy/healthchecks.go +++ b/modules/caddyhttp/reverseproxy/healthchecks.go @@ -51,9 +51,13 @@ type HealthChecks struct { // health checks (that is, health checks which occur in a // background goroutine independently). type ActiveHealthChecks struct { - // The URI path to use for health checks. + // The path to use for health checks. + // DEPRECATED: Use 'uri' instead. Path string `json:"path,omitempty"` + // The URI (path and query) to use for health checks + URI string `json:"uri,omitempty"` + // The port to use (if different from the upstream's dial // address) for health checks. Port int `json:"port,omitempty"` @@ -79,6 +83,7 @@ type ActiveHealthChecks struct { // body of a healthy backend. ExpectBody string `json:"expect_body,omitempty"` + uri *url.URL httpClient *http.Client bodyRegexp *regexp.Regexp logger *zap.Logger @@ -218,7 +223,15 @@ func (h *Handler) doActiveHealthCheck(dialInfo DialInfo, hostAddr string, host H u := &url.URL{ Scheme: scheme, Host: hostAddr, - Path: h.HealthChecks.Active.Path, + } + + // if we have a provisioned uri, use that, otherwise use + // the deprecated Path option + if h.HealthChecks.Active.uri != nil { + u.Path = h.HealthChecks.Active.uri.Path + u.RawQuery = h.HealthChecks.Active.uri.RawQuery + } else { + u.Path = h.HealthChecks.Active.Path } // adjust the port, if configured to be different diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 9da509f4..b552d965 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -23,6 +23,7 @@ import ( "io" "net" "net/http" + "net/url" "regexp" "strconv" "strings" @@ -273,8 +274,10 @@ func (h *Handler) Provision(ctx caddy.Context) error { } // if active health checks are enabled, configure them and start a worker - if h.HealthChecks.Active != nil && - (h.HealthChecks.Active.Path != "" || h.HealthChecks.Active.Port != 0) { + if h.HealthChecks.Active != nil && (h.HealthChecks.Active.Path != "" || + h.HealthChecks.Active.URI != "" || + h.HealthChecks.Active.Port != 0) { + h.HealthChecks.Active.logger = h.logger.Named("health_checker.active") timeout := time.Duration(h.HealthChecks.Active.Timeout) @@ -282,6 +285,19 @@ func (h *Handler) Provision(ctx caddy.Context) error { timeout = 5 * time.Second } + if h.HealthChecks.Active.Path != "" { + h.HealthChecks.Active.logger.Warn("the 'path' option is deprecated, please use 'uri' instead!") + } + + // parse the URI string (supports path and query) + if h.HealthChecks.Active.URI != "" { + parsedURI, err := url.Parse(h.HealthChecks.Active.URI) + if err != nil { + return err + } + h.HealthChecks.Active.uri = parsedURI + } + h.HealthChecks.Active.httpClient = &http.Client{ Timeout: timeout, Transport: h.Transport, From f35a7fa466ffb06c38dcb3216e30c13aa8e14ce5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Steffen=20Br=C3=BCheim?= Date: Tue, 30 Mar 2021 02:47:19 +0200 Subject: [PATCH 0347/1498] encode,staticfiles: Content negotiation, precompressed files (#4045) * encode: implement prefer setting * encode: minimum_length configurable via caddyfile * encode: configurable content-types which to encode * file_server: support precompressed files * encode: use ReponseMatcher for conditional encoding of content * linting error & documentation of encode.PrecompressedOrder * encode: allow just one response matcher also change the namespace of the encoders back, I accidently changed to precompressed >.> default matchers include a * to match to any charset, that may be appended * rounding of the PR * added integration tests for new caddyfile directives * improved various doc strings (punctuation and typos) * added json tag for file_server precompress order and encode matcher * file_server: add vary header, remove accept-ranges when serving precompressed files * encode: move Suffix implementation to precompressed modules --- .../caddyfile_adapt/encode_options.txt | 66 +++++ .../file_server_precompressed.txt | 41 +++ caddytest/integration/caddyfile_adapt_test.go | 7 + .../encode/brotli/brotli_precompressed.go | 31 +++ modules/caddyhttp/encode/caddyfile.go | 139 ++++++++-- modules/caddyhttp/encode/encode.go | 104 ++++++-- modules/caddyhttp/encode/encode_test.go | 251 ++++++++++++++++++ .../encode/gzip/gzip_precompressed.go | 28 ++ .../encode/zstd/zstd_precompressed.go | 28 ++ modules/caddyhttp/fileserver/caddyfile.go | 31 ++- modules/caddyhttp/fileserver/staticfiles.go | 90 ++++++- modules/caddyhttp/standard/imports.go | 1 + 12 files changed, 768 insertions(+), 49 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/encode_options.txt create mode 100644 caddytest/integration/caddyfile_adapt/file_server_precompressed.txt create mode 100644 modules/caddyhttp/encode/brotli/brotli_precompressed.go create mode 100644 modules/caddyhttp/encode/gzip/gzip_precompressed.go create mode 100644 modules/caddyhttp/encode/zstd/zstd_precompressed.go diff --git a/caddytest/integration/caddyfile_adapt/encode_options.txt b/caddytest/integration/caddyfile_adapt/encode_options.txt new file mode 100644 index 00000000..a43c7e02 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/encode_options.txt @@ -0,0 +1,66 @@ +:80 + +encode gzip zstd { + minimum_length 256 + prefer zstd gzip + match { + status 2xx 4xx 500 + header Content-Type text/* + header Content-Type application/json* + header Content-Type application/javascript* + header Content-Type application/xhtml+xml* + header Content-Type application/atom+xml* + header Content-Type application/rss+xml* + header Content-Type image/svg+xml* + } +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":80" + ], + "routes": [ + { + "handle": [ + { + "encodings": { + "gzip": {}, + "zstd": {} + }, + "handler": "encode", + "match": { + "headers": { + "Content-Type": [ + "text/*", + "application/json*", + "application/javascript*", + "application/xhtml+xml*", + "application/atom+xml*", + "application/rss+xml*", + "image/svg+xml*" + ] + }, + "status_code": [ + 2, + 4, + 500 + ] + }, + "minimum_length": 256, + "prefer": [ + "zstd", + "gzip" + ] + } + ] + } + ] + } + } + } + } +} diff --git a/caddytest/integration/caddyfile_adapt/file_server_precompressed.txt b/caddytest/integration/caddyfile_adapt/file_server_precompressed.txt new file mode 100644 index 00000000..ac7d7edd --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/file_server_precompressed.txt @@ -0,0 +1,41 @@ +:80 + +file_server { + precompressed zstd br gzip +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":80" + ], + "routes": [ + { + "handle": [ + { + "handler": "file_server", + "hide": [ + "./Caddyfile" + ], + "precompressed": { + "br": {}, + "gzip": {}, + "zstd": {} + }, + "precompressed_order": [ + "zstd", + "br", + "gzip" + ] + } + ] + } + ] + } + } + } + } +} diff --git a/caddytest/integration/caddyfile_adapt_test.go b/caddytest/integration/caddyfile_adapt_test.go index 8794fe93..e1098999 100644 --- a/caddytest/integration/caddyfile_adapt_test.go +++ b/caddytest/integration/caddyfile_adapt_test.go @@ -1,7 +1,10 @@ package integration import ( + jsonMod "encoding/json" + "fmt" "io/ioutil" + "path/filepath" "regexp" "strings" "testing" @@ -39,6 +42,10 @@ func TestCaddyfileAdaptToJSON(t *testing.T) { // replace windows newlines in the json with unix newlines json = winNewlines.ReplaceAllString(json, "\n") + // replace os-specific default path for file_server's hide field + replacePath, _ := jsonMod.Marshal(fmt.Sprint(".", string(filepath.Separator), "Caddyfile")) + json = strings.ReplaceAll(json, `"./Caddyfile"`, string(replacePath)) + // run the test ok := caddytest.CompareAdapt(t, filename, caddyfile, "caddyfile", json) if !ok { diff --git a/modules/caddyhttp/encode/brotli/brotli_precompressed.go b/modules/caddyhttp/encode/brotli/brotli_precompressed.go new file mode 100644 index 00000000..fbd04418 --- /dev/null +++ b/modules/caddyhttp/encode/brotli/brotli_precompressed.go @@ -0,0 +1,31 @@ +package caddybrotli + +import ( + "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/caddy/v2/modules/caddyhttp/encode" +) + +func init() { + caddy.RegisterModule(BrotliPrecompressed{}) +} + +// BrotliPrecompressed provides the file extension for files precompressed with brotli encoding. +type BrotliPrecompressed struct{} + +// CaddyModule returns the Caddy module information. +func (BrotliPrecompressed) CaddyModule() caddy.ModuleInfo { + return caddy.ModuleInfo{ + ID: "http.precompressed.br", + New: func() caddy.Module { return new(BrotliPrecompressed) }, + } +} + +// AcceptEncoding returns the name of the encoding as +// used in the Accept-Encoding request headers. +func (BrotliPrecompressed) AcceptEncoding() string { return "br" } + +// Suffix returns the filename suffix of precompressed files. +func (BrotliPrecompressed) Suffix() string { return ".br" } + +// Interface guards +var _ encode.Precompressed = (*BrotliPrecompressed)(nil) diff --git a/modules/caddyhttp/encode/caddyfile.go b/modules/caddyhttp/encode/caddyfile.go index 2f11ca06..c45f159e 100644 --- a/modules/caddyhttp/encode/caddyfile.go +++ b/modules/caddyhttp/encode/caddyfile.go @@ -15,7 +15,9 @@ package encode import ( - "fmt" + "net/http" + "strconv" + "strings" "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/caddyconfig" @@ -40,21 +42,31 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) // UnmarshalCaddyfile sets up the handler from Caddyfile tokens. Syntax: // // encode [] { -// gzip [] +// gzip [] // zstd +// minimum_length +// prefer +// # response matcher block +// match { +// status +// header [] +// } +// # or response matcher single line syntax +// match [header []] | [status ] // } // // Specifying the formats on the first line will use those formats' defaults. func (enc *Encode) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + responseMatchers := make(map[string]caddyhttp.ResponseMatcher) for d.Next() { for _, arg := range d.RemainingArgs() { mod, err := caddy.GetModule("http.encoders." + arg) if err != nil { - return fmt.Errorf("finding encoder module '%s': %v", mod, err) + return d.Errf("finding encoder module '%s': %v", mod, err) } encoding, ok := mod.New().(Encoding) if !ok { - return fmt.Errorf("module %s is not an HTTP encoding", mod) + return d.Errf("module %s is not an HTTP encoding", mod) } if enc.EncodingsRaw == nil { enc.EncodingsRaw = make(caddy.ModuleMap) @@ -63,25 +75,118 @@ func (enc *Encode) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { } for d.NextBlock(0) { - name := d.Val() - modID := "http.encoders." + name - unm, err := caddyfile.UnmarshalModule(d, modID) - if err != nil { - return err + switch d.Val() { + case "minimum_length": + if !d.NextArg() { + return d.ArgErr() + } + minLength, err := strconv.Atoi(d.Val()) + if err != nil { + return err + } + enc.MinLength = minLength + case "prefer": + var encs []string + for d.NextArg() { + encs = append(encs, d.Val()) + } + if len(encs) == 0 { + return d.ArgErr() + } + enc.Prefer = encs + case "match": + err := enc.parseNamedResponseMatcher(d.NewFromNextSegment(), responseMatchers) + if err != nil { + return err + } + matcher := responseMatchers["match"] + enc.Matcher = &matcher + default: + name := d.Val() + modID := "http.encoders." + name + unm, err := caddyfile.UnmarshalModule(d, modID) + if err != nil { + return err + } + encoding, ok := unm.(Encoding) + if !ok { + return d.Errf("module %s is not an HTTP encoding; is %T", modID, unm) + } + if enc.EncodingsRaw == nil { + enc.EncodingsRaw = make(caddy.ModuleMap) + } + enc.EncodingsRaw[name] = caddyconfig.JSON(encoding, nil) } - encoding, ok := unm.(Encoding) - if !ok { - return fmt.Errorf("module %s is not an HTTP encoding; is %T", modID, unm) - } - if enc.EncodingsRaw == nil { - enc.EncodingsRaw = make(caddy.ModuleMap) - } - enc.EncodingsRaw[name] = caddyconfig.JSON(encoding, nil) } } return nil } +// Parse the tokens of a named response matcher. +// +// match { +// header [] +// status +// } +// +// Or, single line syntax: +// +// match [header []] | [status ] +// +func (enc *Encode) parseNamedResponseMatcher(d *caddyfile.Dispenser, matchers map[string]caddyhttp.ResponseMatcher) error { + for d.Next() { + definitionName := d.Val() + + if _, ok := matchers[definitionName]; ok { + return d.Errf("matcher is defined more than once: %s", definitionName) + } + + matcher := caddyhttp.ResponseMatcher{} + for nesting := d.Nesting(); d.NextArg() || d.NextBlock(nesting); { + switch d.Val() { + case "header": + if matcher.Headers == nil { + matcher.Headers = http.Header{} + } + + // reuse the header request matcher's unmarshaler + headerMatcher := caddyhttp.MatchHeader(matcher.Headers) + err := headerMatcher.UnmarshalCaddyfile(d.NewFromNextSegment()) + if err != nil { + return err + } + + matcher.Headers = http.Header(headerMatcher) + case "status": + if matcher.StatusCode == nil { + matcher.StatusCode = []int{} + } + + args := d.RemainingArgs() + if len(args) == 0 { + return d.ArgErr() + } + + for _, arg := range args { + if len(arg) == 3 && strings.HasSuffix(arg, "xx") { + arg = arg[:1] + } + statusNum, err := strconv.Atoi(arg) + if err != nil { + return d.Errf("bad status value '%s': %v", arg, err) + } + matcher.StatusCode = append(matcher.StatusCode, statusNum) + } + default: + return d.Errf("unrecognized response matcher %s", d.Val()) + } + } + + matchers[definitionName] = matcher + } + return nil +} + // Interface guard var _ caddyfile.Unmarshaler = (*Encode)(nil) diff --git a/modules/caddyhttp/encode/encode.go b/modules/caddyhttp/encode/encode.go index e42eeed8..a7abb3f9 100644 --- a/modules/caddyhttp/encode/encode.go +++ b/modules/caddyhttp/encode/encode.go @@ -23,6 +23,7 @@ import ( "bytes" "fmt" "io" + "math" "net/http" "sort" "strconv" @@ -43,12 +44,16 @@ type Encode struct { // will be chosen based on the client's Accept-Encoding header. EncodingsRaw caddy.ModuleMap `json:"encodings,omitempty" caddy:"namespace=http.encoders"` - // If the client has no strong preference, choose this encoding. TODO: Not yet implemented - // Prefer []string `json:"prefer,omitempty"` + // If the client has no strong preference, choose these encodings in order. + Prefer []string `json:"prefer,omitempty"` // Only encode responses that are at least this many bytes long. MinLength int `json:"minimum_length,omitempty"` + // Only encode responses that match against this ResponseMmatcher. + // The default is a collection of text-based Content-Type headers. + Matcher *caddyhttp.ResponseMatcher `json:"match,omitempty"` + writerPools map[string]*sync.Pool // TODO: these pools do not get reused through config reloads... } @@ -75,11 +80,46 @@ func (enc *Encode) Provision(ctx caddy.Context) error { if enc.MinLength == 0 { enc.MinLength = defaultMinLength } + + if enc.Matcher == nil { + // common text-based content types + enc.Matcher = &caddyhttp.ResponseMatcher{ + Headers: http.Header{ + "Content-Type": []string{ + "text/*", + "application/json*", + "application/javascript*", + "application/xhtml+xml*", + "application/atom+xml*", + "application/rss+xml*", + "image/svg+xml*", + }, + }, + } + } + + return nil +} + +// Validate ensures that enc's configuration is valid. +func (enc *Encode) Validate() error { + check := make(map[string]bool) + for _, encName := range enc.Prefer { + if _, ok := enc.writerPools[encName]; !ok { + return fmt.Errorf("encoding %s not enabled", encName) + } + + if _, ok := check[encName]; ok { + return fmt.Errorf("encoding %s is duplicated in prefer", encName) + } + check[encName] = true + } + return nil } func (enc *Encode) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhttp.Handler) error { - for _, encName := range acceptedEncodings(r) { + for _, encName := range AcceptedEncodings(r, enc.Prefer) { if _, ok := enc.writerPools[encName]; !ok { continue // encoding not offered } @@ -150,6 +190,11 @@ func (rw *responseWriter) WriteHeader(status int) { rw.statusCode = status } +// Match determines, if encoding should be done based on the ResponseMatcher. +func (enc *Encode) Match(rw *responseWriter) bool { + return enc.Matcher.Match(rw.statusCode, rw.Header()) +} + // Write writes to the response. If the response qualifies, // it is encoded using the encoder, which is initialized // if not done so already. @@ -240,7 +285,10 @@ func (rw *responseWriter) Close() error { // init should be called before we write a response, if rw.buf has contents. func (rw *responseWriter) init() { - if rw.Header().Get("Content-Encoding") == "" && rw.buf.Len() >= rw.config.MinLength { + if rw.Header().Get("Content-Encoding") == "" && + rw.buf.Len() >= rw.config.MinLength && + rw.config.Match(rw) { + rw.w = rw.config.writerPools[rw.encodingName].Get().(Encoder) rw.w.Reset(rw.ResponseWriter) rw.Header().Del("Content-Length") // https://github.com/golang/go/issues/14975 @@ -250,12 +298,14 @@ func (rw *responseWriter) init() { rw.Header().Del("Accept-Ranges") // we don't know ranges for dynamically-encoded content } -// acceptedEncodings returns the list of encodings that the -// client supports, in descending order of preference. If +// AcceptedEncodings returns the list of encodings that the +// client supports, in descending order of preference. +// The client preference via q-factor and the server +// preference via Prefer setting are taken into account. If // the Sec-WebSocket-Key header is present then non-identity // encodings are not considered. See // http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html. -func acceptedEncodings(r *http.Request) []string { +func AcceptedEncodings(r *http.Request, preferredOrder []string) []string { acceptEncHeader := r.Header.Get("Accept-Encoding") websocketKey := r.Header.Get("Sec-WebSocket-Key") if acceptEncHeader == "" { @@ -292,18 +342,29 @@ func acceptedEncodings(r *http.Request) []string { continue } + // set server preference + prefOrder := -1 + for i, p := range preferredOrder { + if encName == p { + prefOrder = len(preferredOrder) - i + break + } + } + prefs = append(prefs, encodingPreference{ - encoding: encName, - q: qFactor, + encoding: encName, + q: qFactor, + preferOrder: prefOrder, }) } - // sort preferences by descending q-factor - sort.Slice(prefs, func(i, j int) bool { return prefs[i].q > prefs[j].q }) - - // TODO: If no preference, or same pref for all encodings, - // and not websocket, use default encoding ordering (enc.Prefer) - // for those which are accepted by the client + // sort preferences by descending q-factor first, then by preferOrder + sort.Slice(prefs, func(i, j int) bool { + if math.Abs(prefs[i].q-prefs[j].q) < 0.00001 { + return prefs[i].preferOrder > prefs[j].preferOrder + } + return prefs[i].q > prefs[j].q + }) prefEncNames := make([]string, len(prefs)) for i := range prefs { @@ -315,8 +376,9 @@ func acceptedEncodings(r *http.Request) []string { // encodingPreference pairs an encoding with its q-factor. type encodingPreference struct { - encoding string - q float64 + encoding string + q float64 + preferOrder int } // Encoder is a type which can encode a stream of data. @@ -332,6 +394,13 @@ type Encoding interface { NewEncoder() Encoder } +// Precompressed is a type which returns filename suffix of precompressed +// file and Accept-Encoding header to use when serving this file. +type Precompressed interface { + AcceptEncoding() string + Suffix() string +} + var bufPool = sync.Pool{ New: func() interface{} { return new(bytes.Buffer) @@ -344,6 +413,7 @@ const defaultMinLength = 512 // Interface guards var ( _ caddy.Provisioner = (*Encode)(nil) + _ caddy.Validator = (*Encode)(nil) _ caddyhttp.MiddlewareHandler = (*Encode)(nil) _ caddyhttp.HTTPInterfaces = (*responseWriter)(nil) ) diff --git a/modules/caddyhttp/encode/encode_test.go b/modules/caddyhttp/encode/encode_test.go index 79eae3c5..5f1e3f2a 100644 --- a/modules/caddyhttp/encode/encode_test.go +++ b/modules/caddyhttp/encode/encode_test.go @@ -1,6 +1,8 @@ package encode import ( + "net/http" + "sync" "testing" ) @@ -10,3 +12,252 @@ func BenchmarkOpenResponseWriter(b *testing.B) { enc.openResponseWriter("test", nil) } } + +func TestPreferOrder(t *testing.T) { + testCases := []struct { + name string + accept string + prefer []string + expected []string + }{ + { + name: "PreferOrder(): 4 accept, 3 prefer", + accept: "deflate, gzip, br, zstd", + prefer: []string{"zstd", "br", "gzip"}, + expected: []string{"zstd", "br", "gzip", "deflate"}, + }, + { + name: "PreferOrder(): 2 accept, 3 prefer", + accept: "deflate, zstd", + prefer: []string{"zstd", "br", "gzip"}, + expected: []string{"zstd", "deflate"}, + }, + { + name: "PreferOrder(): 2 accept (1 empty), 3 prefer", + accept: "gzip,,zstd", + prefer: []string{"zstd", "br", "gzip"}, + expected: []string{"zstd", "gzip", ""}, + }, + { + name: "PreferOrder(): 1 accept, 2 prefer", + accept: "gzip", + prefer: []string{"zstd", "gzip"}, + expected: []string{"gzip"}, + }, + { + name: "PreferOrder(): 4 accept (1 duplicate), 1 prefer", + accept: "deflate, gzip, br, br", + prefer: []string{"br"}, + expected: []string{"br", "br", "deflate", "gzip"}, + }, + { + name: "PreferOrder(): empty accept, 0 prefer", + accept: "", + prefer: []string{}, + expected: []string{}, + }, + { + name: "PreferOrder(): empty accept, 1 prefer", + accept: "", + prefer: []string{"gzip"}, + expected: []string{}, + }, + { + name: "PreferOrder(): with q-factor", + accept: "deflate;q=0.8, gzip;q=0.4, br;q=0.2, zstd", + prefer: []string{"gzip"}, + expected: []string{"zstd", "deflate", "gzip", "br"}, + }, + { + name: "PreferOrder(): with q-factor, no prefer", + accept: "deflate;q=0.8, gzip;q=0.4, br;q=0.2, zstd", + prefer: []string{}, + expected: []string{"zstd", "deflate", "gzip", "br"}, + }, + { + name: "PreferOrder(): q-factor=0 filtered out", + accept: "deflate;q=0.1, gzip;q=0.4, br;q=0.5, zstd;q=0", + prefer: []string{"gzip"}, + expected: []string{"br", "gzip", "deflate"}, + }, + { + name: "PreferOrder(): q-factor=0 filtered out, no prefer", + accept: "deflate;q=0.1, gzip;q=0.4, br;q=0.5, zstd;q=0", + prefer: []string{}, + expected: []string{"br", "gzip", "deflate"}, + }, + { + name: "PreferOrder(): with invalid q-factor", + accept: "br, deflate, gzip;q=2, zstd;q=0.1", + prefer: []string{"zstd", "gzip"}, + expected: []string{"gzip", "br", "deflate", "zstd"}, + }, + { + name: "PreferOrder(): with invalid q-factor, no prefer", + accept: "br, deflate, gzip;q=2, zstd;q=0.1", + prefer: []string{}, + expected: []string{"br", "deflate", "gzip", "zstd"}, + }, + } + + enc := new(Encode) + r, _ := http.NewRequest("", "", nil) + + for _, test := range testCases { + t.Run(test.name, func(t *testing.T) { + + if test.accept == "" { + r.Header.Del("Accept-Encoding") + } else { + r.Header.Set("Accept-Encoding", test.accept) + } + enc.Prefer = test.prefer + result := AcceptedEncodings(r, enc.Prefer) + if !sliceEqual(result, test.expected) { + t.Errorf("AcceptedEncodings() actual: %s expected: %s", + result, + test.expected) + } + }) + } +} + +func sliceEqual(a, b []string) bool { + if len(a) != len(b) { + return false + } + for i := range a { + if a[i] != b[i] { + return false + } + } + return true +} + +func TestValidate(t *testing.T) { + type testCase struct { + name string + prefer []string + wantErr bool + } + + var err error + var testCases []testCase + enc := new(Encode) + + enc.writerPools = map[string]*sync.Pool{ + "zstd": nil, + "gzip": nil, + "br": nil, + } + testCases = []testCase{ + { + name: "ValidatePrefer (zstd, gzip & br enabled): valid order with all encoder", + prefer: []string{"zstd", "br", "gzip"}, + wantErr: false, + }, + { + name: "ValidatePrefer (zstd, gzip & br enabled): valid order with 2 out of 3 encoders", + prefer: []string{"br", "gzip"}, + wantErr: false, + }, + { + name: "ValidatePrefer (zstd, gzip & br enabled): valid order with 1 out of 3 encoders", + prefer: []string{"gzip"}, + wantErr: false, + }, + { + name: "ValidatePrefer (zstd, gzip & br enabled): 1 duplicated (once) encoder", + prefer: []string{"gzip", "zstd", "gzip"}, + wantErr: true, + }, + { + name: "ValidatePrefer (zstd, gzip & br enabled): 1 not enabled encoder in prefer list", + prefer: []string{"br", "zstd", "gzip", "deflate"}, + wantErr: true, + }, + { + name: "ValidatePrefer (zstd, gzip & br enabled): no prefer list", + prefer: []string{}, + wantErr: false, + }, + } + + for _, test := range testCases { + t.Run(test.name, func(t *testing.T) { + enc.Prefer = test.prefer + err = enc.Validate() + if (err != nil) != test.wantErr { + t.Errorf("Validate() error = %v, wantErr = %v", err, test.wantErr) + } + }) + } + + enc.writerPools = map[string]*sync.Pool{ + "zstd": nil, + "gzip": nil, + } + testCases = []testCase{ + { + name: "ValidatePrefer (zstd & gzip enabled): 1 not enabled encoder in prefer list", + prefer: []string{"zstd", "br", "gzip"}, + wantErr: true, + }, + { + name: "ValidatePrefer (zstd & gzip enabled): 2 not enabled encoder in prefer list", + prefer: []string{"br", "zstd", "gzip", "deflate"}, + wantErr: true, + }, + { + name: "ValidatePrefer (zstd & gzip enabled): only not enabled encoder in prefer list", + prefer: []string{"deflate", "br", "gzip"}, + wantErr: true, + }, + { + name: "ValidatePrefer (zstd & gzip enabled): 1 duplicated (once) encoder in prefer list", + prefer: []string{"gzip", "zstd", "gzip"}, + wantErr: true, + }, + { + name: "ValidatePrefer (zstd & gzip enabled): 1 duplicated (twice) encoder in prefer list", + prefer: []string{"gzip", "zstd", "gzip", "gzip"}, + wantErr: true, + }, + { + name: "ValidatePrefer (zstd & gzip enabled): 1 duplicated encoder in prefer list", + prefer: []string{"zstd", "zstd", "gzip", "gzip"}, + wantErr: true, + }, + { + name: "ValidatePrefer (zstd & gzip enabled): 1 duplicated not enabled encoder in prefer list", + prefer: []string{"br", "br", "gzip"}, + wantErr: true, + }, + { + name: "ValidatePrefer (zstd & gzip enabled): 2 duplicated not enabled encoder in prefer list", + prefer: []string{"br", "deflate", "br", "deflate"}, + wantErr: true, + }, + { + name: "ValidatePrefer (zstd & gzip enabled): valid order zstd first", + prefer: []string{"zstd", "gzip"}, + wantErr: false, + }, + { + name: "ValidatePrefer (zstd & gzip enabled): valid order gzip first", + prefer: []string{"gzip", "zstd"}, + wantErr: false, + }, + } + + for _, test := range testCases { + t.Run(test.name, func(t *testing.T) { + enc.Prefer = test.prefer + err = enc.Validate() + if (err != nil) != test.wantErr { + t.Errorf("Validate() error = %v, wantErr = %v", err, test.wantErr) + } + }) + + } +} diff --git a/modules/caddyhttp/encode/gzip/gzip_precompressed.go b/modules/caddyhttp/encode/gzip/gzip_precompressed.go new file mode 100644 index 00000000..7103cc8d --- /dev/null +++ b/modules/caddyhttp/encode/gzip/gzip_precompressed.go @@ -0,0 +1,28 @@ +package caddygzip + +import ( + "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/caddy/v2/modules/caddyhttp/encode" +) + +func init() { + caddy.RegisterModule(GzipPrecompressed{}) +} + +// GzipPrecompressed provides the file extension for files precompressed with gzip encoding. +type GzipPrecompressed struct { + Gzip +} + +// CaddyModule returns the Caddy module information. +func (GzipPrecompressed) CaddyModule() caddy.ModuleInfo { + return caddy.ModuleInfo{ + ID: "http.precompressed.gzip", + New: func() caddy.Module { return new(GzipPrecompressed) }, + } +} + +// Suffix returns the filename suffix of precompressed files. +func (GzipPrecompressed) Suffix() string { return ".gz" } + +var _ encode.Precompressed = (*GzipPrecompressed)(nil) diff --git a/modules/caddyhttp/encode/zstd/zstd_precompressed.go b/modules/caddyhttp/encode/zstd/zstd_precompressed.go new file mode 100644 index 00000000..522f4173 --- /dev/null +++ b/modules/caddyhttp/encode/zstd/zstd_precompressed.go @@ -0,0 +1,28 @@ +package caddyzstd + +import ( + "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/caddy/v2/modules/caddyhttp/encode" +) + +func init() { + caddy.RegisterModule(ZstdPrecompressed{}) +} + +// ZstdPrecompressed provides the file extension for files precompressed with zstandard encoding. +type ZstdPrecompressed struct { + Zstd +} + +// CaddyModule returns the Caddy module information. +func (ZstdPrecompressed) CaddyModule() caddy.ModuleInfo { + return caddy.ModuleInfo{ + ID: "http.precompressed.zstd", + New: func() caddy.Module { return new(ZstdPrecompressed) }, + } +} + +// Suffix returns the filename suffix of precompressed files. +func (ZstdPrecompressed) Suffix() string { return ".zst" } + +var _ encode.Precompressed = (*ZstdPrecompressed)(nil) diff --git a/modules/caddyhttp/fileserver/caddyfile.go b/modules/caddyhttp/fileserver/caddyfile.go index 3acbfa94..2ba53f2b 100644 --- a/modules/caddyhttp/fileserver/caddyfile.go +++ b/modules/caddyhttp/fileserver/caddyfile.go @@ -19,8 +19,10 @@ import ( "strings" "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/caddy/v2/caddyconfig" "github.com/caddyserver/caddy/v2/caddyconfig/httpcaddyfile" "github.com/caddyserver/caddy/v2/modules/caddyhttp" + "github.com/caddyserver/caddy/v2/modules/caddyhttp/encode" "github.com/caddyserver/caddy/v2/modules/caddyhttp/rewrite" ) @@ -33,10 +35,11 @@ func init() { // server and configures it with this syntax: // // file_server [] [browse] { -// root -// hide -// index -// browse [] +// root +// hide +// index +// browse [] +// precompressed // } // func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) { @@ -77,6 +80,26 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) } fsrv.Browse = new(Browse) h.Args(&fsrv.Browse.TemplateFile) + case "precompressed": + var order []string + for h.NextArg() { + modID := "http.precompressed." + h.Val() + mod, err := caddy.GetModule(modID) + if err != nil { + return nil, h.Errf("getting module named '%s': %v", modID, err) + } + inst := mod.New() + precompress, ok := inst.(encode.Precompressed) + if !ok { + return nil, h.Errf("module %s is not a precompressor; is %T", modID, inst) + } + if fsrv.PrecompressedRaw == nil { + fsrv.PrecompressedRaw = make(caddy.ModuleMap) + } + fsrv.PrecompressedRaw[h.Val()] = caddyconfig.JSON(precompress, nil) + order = append(order, h.Val()) + } + fsrv.PrecompressedOrder = order default: return nil, h.Errf("unknown subdirective '%s'", h.Val()) } diff --git a/modules/caddyhttp/fileserver/staticfiles.go b/modules/caddyhttp/fileserver/staticfiles.go index f58dfe02..c6707885 100644 --- a/modules/caddyhttp/fileserver/staticfiles.go +++ b/modules/caddyhttp/fileserver/staticfiles.go @@ -31,6 +31,7 @@ import ( "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/modules/caddyhttp" + "github.com/caddyserver/caddy/v2/modules/caddyhttp/encode" "go.uber.org/zap" ) @@ -79,6 +80,16 @@ type FileServer struct { // a 404 error. By default, this is false (disabled). PassThru bool `json:"pass_thru,omitempty"` + // Selection of encoders to use to check for precompressed files. + PrecompressedRaw caddy.ModuleMap `json:"precompressed,omitempty" caddy:"namespace=http.precompressed"` + + // If the client has no strong preference (q-factor), choose these encodings in order. + // If no order specified here, the first encoding from the Accept-Encoding header + // that both client and server support is used + PrecompressedOrder []string `json:"precompressed_order,omitempty"` + + precompressors map[string]encode.Precompressed + logger *zap.Logger } @@ -129,6 +140,32 @@ func (fsrv *FileServer) Provision(ctx caddy.Context) error { } } + mods, err := ctx.LoadModule(fsrv, "PrecompressedRaw") + if err != nil { + return fmt.Errorf("loading encoder modules: %v", err) + } + for modName, modIface := range mods.(map[string]interface{}) { + p, ok := modIface.(encode.Precompressed) + if !ok { + return fmt.Errorf("module %s is not precompressor", modName) + } + ae := p.AcceptEncoding() + if ae == "" { + return fmt.Errorf("precompressor does not specify an Accept-Encoding value") + } + suffix := p.Suffix() + if suffix == "" { + return fmt.Errorf("precompressor does not specify a Suffix value") + } + if _, ok := fsrv.precompressors[ae]; ok { + return fmt.Errorf("precompressor already added: %s", ae) + } + if fsrv.precompressors == nil { + fsrv.precompressors = make(map[string]encode.Precompressed) + } + fsrv.precompressors[ae] = p + } + return nil } @@ -205,8 +242,6 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c return fsrv.notFound(w, r, next) } - // TODO: content negotiation (brotli sidecar files, etc...) - // one last check to ensure the file isn't hidden (we might // have changed the filename from when we last checked) if fileHidden(filename, filesToHide) { @@ -230,18 +265,51 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c } } - fsrv.logger.Debug("opening file", zap.String("filename", filename)) + var file *os.File - // open the file - file, err := fsrv.openFile(filename, w) - if err != nil { - if herr, ok := err.(caddyhttp.HandlerError); ok && - herr.StatusCode == http.StatusNotFound { - return fsrv.notFound(w, r, next) + // check for precompressed files + for _, ae := range encode.AcceptedEncodings(r, fsrv.PrecompressedOrder) { + precompress, ok := fsrv.precompressors[ae] + if !ok { + continue } - return err // error is already structured + compressedFilename := filename + precompress.Suffix() + compressedInfo, err := os.Stat(compressedFilename) + if err != nil || compressedInfo.IsDir() { + fsrv.logger.Debug("precompressed file not accessible", zap.String("filename", compressedFilename), zap.Error(err)) + continue + } + fsrv.logger.Debug("opening compressed sidecar file", zap.String("filename", compressedFilename), zap.Error(err)) + file, err = fsrv.openFile(compressedFilename, w) + if err != nil { + fsrv.logger.Warn("opening precompressed file failed", zap.String("filename", compressedFilename), zap.Error(err)) + if caddyErr, ok := err.(caddyhttp.HandlerError); ok && caddyErr.StatusCode == http.StatusServiceUnavailable { + return err + } + continue + } + defer file.Close() + w.Header().Set("Content-Encoding", ae) + w.Header().Del("Accept-Ranges") + w.Header().Add("Vary", "Accept-Encoding") + break + } + + // no precompressed file found, use the actual file + if file == nil { + fsrv.logger.Debug("opening file", zap.String("filename", filename)) + + // open the file + file, err = fsrv.openFile(filename, w) + if err != nil { + if herr, ok := err.(caddyhttp.HandlerError); ok && + herr.StatusCode == http.StatusNotFound { + return fsrv.notFound(w, r, next) + } + return err // error is already structured + } + defer file.Close() } - defer file.Close() // set the ETag - note that a conditional If-None-Match request is handled // by http.ServeContent below, which checks against this ETag value diff --git a/modules/caddyhttp/standard/imports.go b/modules/caddyhttp/standard/imports.go index 0aeef842..0e2203c1 100644 --- a/modules/caddyhttp/standard/imports.go +++ b/modules/caddyhttp/standard/imports.go @@ -5,6 +5,7 @@ import ( _ "github.com/caddyserver/caddy/v2/modules/caddyhttp" _ "github.com/caddyserver/caddy/v2/modules/caddyhttp/caddyauth" _ "github.com/caddyserver/caddy/v2/modules/caddyhttp/encode" + _ "github.com/caddyserver/caddy/v2/modules/caddyhttp/encode/brotli" _ "github.com/caddyserver/caddy/v2/modules/caddyhttp/encode/gzip" _ "github.com/caddyserver/caddy/v2/modules/caddyhttp/encode/zstd" _ "github.com/caddyserver/caddy/v2/modules/caddyhttp/fileserver" From aac1ccf12d0076ce7ae2b67ed9cbdf55dc99e14e Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 30 Mar 2021 14:15:20 -0600 Subject: [PATCH 0348/1498] caddy: Add InstanceID() method Caddy can now generate and persist its own instance ID, a UUID that is stored in the data directory. This makes it possible to differentiate it from other instances in a cluster. --- caddy.go | 21 +++++++++++++++++++++ go.mod | 1 + go.sum | 3 ++- 3 files changed, 24 insertions(+), 1 deletion(-) diff --git a/caddy.go b/caddy.go index fccfeef9..dcbcb2dd 100644 --- a/caddy.go +++ b/caddy.go @@ -33,6 +33,7 @@ import ( "time" "github.com/caddyserver/certmagic" + "github.com/google/uuid" "go.uber.org/zap" ) @@ -662,6 +663,26 @@ func ParseDuration(s string) (time.Duration, error) { return time.ParseDuration(s) } +// InstanceID returns the UUID for this instance, and generates one if it +// does not already exist. The UUID is stored in the local data directory, +// regardless of storage configuration, since each instance is intended to +// have its own unique ID. +func InstanceID() (uuid.UUID, error) { + uuidFilePath := filepath.Join(AppDataDir(), "instance.uuid") + uuidFileBytes, err := os.ReadFile(uuidFilePath) + if os.IsNotExist(err) { + uuid, err := uuid.NewRandom() + if err != nil { + return uuid, err + } + err = ioutil.WriteFile(uuidFilePath, []byte(uuid.String()), 0644) + return uuid, err + } else if err != nil { + return [16]byte{}, err + } + return uuid.ParseBytes(uuidFileBytes) +} + // GoModule returns the build info of this Caddy // build from debug.BuildInfo (requires Go modules). // If no version information is available, a non-nil diff --git a/go.mod b/go.mod index 4e462aba..a1e842ea 100644 --- a/go.mod +++ b/go.mod @@ -10,6 +10,7 @@ require ( github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-chi/chi v4.1.2+incompatible github.com/google/cel-go v0.6.0 + github.com/google/uuid v1.2.0 github.com/klauspost/compress v1.11.3 github.com/klauspost/cpuid/v2 v2.0.1 github.com/lucas-clemente/quic-go v0.19.3 diff --git a/go.sum b/go.sum index 5268b114..2c803410 100644 --- a/go.sum +++ b/go.sum @@ -304,8 +304,9 @@ github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm4 github.com/google/trillian v1.2.2-0.20190612132142-05461f4df60a/go.mod h1:YPmUVn5NGwgnDUgqlVyFGMTgaWlnSvH7W5p+NdOG8UA= github.com/google/trillian-examples v0.0.0-20190603134952-4e75ba15216c/go.mod h1:WgL3XZ3pA8/9cm7yxqWrZE6iZkESB2ItGxy5Fo6k2lk= github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.2.0 h1:qJYtXnJRWmpe7m/3XlyhrsLrEURqHRM2kxzoxXqyUDs= +github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gax-go v2.0.0+incompatible h1:j0GKcs05QVmm7yesiZq2+9cxHkNK9YM6zKx4D2qucQU= github.com/googleapis/gax-go v2.0.0+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= github.com/googleapis/gax-go/v2 v2.0.3/go.mod h1:LLvjysVCY1JZeum8Z6l8qUty8fiNwE08qbEPm1M08qg= From bd357bf00507d0f81c8c401b1ffa7ccb1f7c00bf Mon Sep 17 00:00:00 2001 From: Dimitri Masson <30894448+d-masson@users.noreply.github.com> Date: Tue, 30 Mar 2021 23:29:00 +0200 Subject: [PATCH 0349/1498] reverseproxy: Set cookie path to `/` when using cookie lb_policy (#4096) --- modules/caddyhttp/reverseproxy/selectionpolicies.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/caddyhttp/reverseproxy/selectionpolicies.go b/modules/caddyhttp/reverseproxy/selectionpolicies.go index dacfd118..357ee33a 100644 --- a/modules/caddyhttp/reverseproxy/selectionpolicies.go +++ b/modules/caddyhttp/reverseproxy/selectionpolicies.go @@ -445,7 +445,7 @@ func selectNewHostWithCookieHashSelection(pool []*Upstream, w http.ResponseWrite sha, err := hashCookie(cookieSecret, randomHost.Dial) if err == nil { // write the cookie. - http.SetCookie(w, &http.Cookie{Name: cookieName, Value: sha, Secure: false}) + http.SetCookie(w, &http.Cookie{Name: cookieName, Value: sha, Path: "/", Secure: false}) } } return randomHost From e68dbe9cf8cfd06d9205e4346412c90691f78e60 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 30 Mar 2021 15:41:54 -0600 Subject: [PATCH 0350/1498] Change os to ioutil for now My editor automatically changed ioutil.ReadFile() to os.ReadFile() in accordance with Go 1.16 changes. I didn't notice this until pushing. But we still have to support Go 1.15 for a little while. --- caddy.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/caddy.go b/caddy.go index dcbcb2dd..0c1ed977 100644 --- a/caddy.go +++ b/caddy.go @@ -669,7 +669,7 @@ func ParseDuration(s string) (time.Duration, error) { // have its own unique ID. func InstanceID() (uuid.UUID, error) { uuidFilePath := filepath.Join(AppDataDir(), "instance.uuid") - uuidFileBytes, err := os.ReadFile(uuidFilePath) + uuidFileBytes, err := ioutil.ReadFile(uuidFilePath) if os.IsNotExist(err) { uuid, err := uuid.NewRandom() if err != nil { From 7da9241fd7d1d6e9b6ce54a0557b5d861f6c8084 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 1 Apr 2021 12:12:28 -0600 Subject: [PATCH 0351/1498] Use 600 instead of 644 for UUID file Are you happy, linter? --- caddy.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/caddy.go b/caddy.go index 0c1ed977..46d8531f 100644 --- a/caddy.go +++ b/caddy.go @@ -675,7 +675,7 @@ func InstanceID() (uuid.UUID, error) { if err != nil { return uuid, err } - err = ioutil.WriteFile(uuidFilePath, []byte(uuid.String()), 0644) + err = ioutil.WriteFile(uuidFilePath, []byte(uuid.String()), 0600) return uuid, err } else if err != nil { return [16]byte{}, err From a0a7c60cb9e2305f9291fbff2779936b85aacaa7 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 1 Apr 2021 12:48:59 -0600 Subject: [PATCH 0352/1498] go.mod: Use latest CertMagic --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index a1e842ea..629d1621 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/Masterminds/sprig/v3 v3.1.0 github.com/alecthomas/chroma v0.8.2 github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a - github.com/caddyserver/certmagic v0.12.1-0.20210224184602-7550222c4a6a + github.com/caddyserver/certmagic v0.13.0 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-chi/chi v4.1.2+incompatible github.com/google/cel-go v0.6.0 diff --git a/go.sum b/go.sum index 2c803410..c882b2b9 100644 --- a/go.sum +++ b/go.sum @@ -99,8 +99,8 @@ github.com/bombsimon/wsl/v2 v2.0.0/go.mod h1:mf25kr/SqFEPhhcxW1+7pxzGlW+hIl/hYTK github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= -github.com/caddyserver/certmagic v0.12.1-0.20210224184602-7550222c4a6a h1:gcqCMCPuHlQPY+XZzOilNouNeRpH40UhMfSp0tmulxI= -github.com/caddyserver/certmagic v0.12.1-0.20210224184602-7550222c4a6a/go.mod h1:dNOzF4iOB7H9E51xTooMB90vs+2XNVtpnx0liQNsQY4= +github.com/caddyserver/certmagic v0.13.0 h1:ky0rntZvIFiUKFdIikYxj31WN+Ts0Od6Wjz83iTzxfc= +github.com/caddyserver/certmagic v0.13.0/go.mod h1:dNOzF4iOB7H9E51xTooMB90vs+2XNVtpnx0liQNsQY4= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= From d21e88ae3a9d8d57c4d41c1c7c76c6a15f539898 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 1 Apr 2021 12:49:51 -0600 Subject: [PATCH 0353/1498] Minor tweaks --- modules/caddypki/ca.go | 4 ++-- modules/caddytls/pemloader.go | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/caddypki/ca.go b/modules/caddypki/ca.go index 957f0760..e3102fba 100644 --- a/modules/caddypki/ca.go +++ b/modules/caddypki/ca.go @@ -51,10 +51,10 @@ type CA struct { // and Mozilla Firefox trust stores. Default: true. InstallTrust *bool `json:"install_trust,omitempty"` - // The root certificate to use; if empty, one will be generated. + // The root certificate to use; if null, one will be generated. Root *KeyPair `json:"root,omitempty"` - // The intermediate (signing) certificate; if empty, one will be generated. + // The intermediate (signing) certificate; if null, one will be generated. Intermediate *KeyPair `json:"intermediate,omitempty"` // Optionally configure a separate storage module associated with this diff --git a/modules/caddytls/pemloader.go b/modules/caddytls/pemloader.go index bd957816..61b08851 100644 --- a/modules/caddytls/pemloader.go +++ b/modules/caddytls/pemloader.go @@ -34,7 +34,7 @@ type PEMLoader []CertKeyPEMPair func (PEMLoader) CaddyModule() caddy.ModuleInfo { return caddy.ModuleInfo{ ID: "tls.certificates.load_pem", - New: func() caddy.Module { return PEMLoader{} }, + New: func() caddy.Module { return new(PEMLoader) }, } } From eb3955a960a7185b9b5b3eed5be9dda2b97cee69 Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Thu, 1 Apr 2021 22:07:32 +0000 Subject: [PATCH 0354/1498] ci: accommodate go1.16 changes to go mod (#4102) As of go1.16, the `go` commands will no longer make automatic changes to go.{mod,sum} files (see: https://blog.golang.org/go116-module-changes). This broke the release script which relied on `go mod download` and/or `go build` to automatically generate the go.sum file. This commit explicitly invokes `go mod tidy` to have the go.sum file generated. --- .goreleaser.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.goreleaser.yml b/.goreleaser.yml index 9bdf2214..871f92fa 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -11,6 +11,9 @@ before: # GoReleaser doesn't seem to offer {{.Tag}} at this stage, so we have to embed it into the env # so we run: TAG=$(git describe --abbrev=0) goreleaser release --rm-dist --skip-publish --skip-validate - go mod edit -require=github.com/caddyserver/caddy/v2@{{.Env.TAG}} ./caddy-build/go.mod + # as of Go 1.16, `go` commands no longer automatically change go.{mod,sum}. We now have to explicitly + # run `go mod tidy`. The `/bin/sh -c '...'` is because goreleaser can't find cd in PATH without shell invocation. + - /bin/sh -c 'cd ./caddy-build && go mod tidy' - git clone --depth 1 https://github.com/caddyserver/dist caddy-dist - go mod download From 3401f91dbeae80d22c8df9a4a50de521c69c9e00 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Fri, 2 Apr 2021 13:55:34 -0400 Subject: [PATCH 0355/1498] caddyfile: Normalize line endings before comparing fmt result (#4103) --- caddyconfig/caddyfile/adapter.go | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/caddyconfig/caddyfile/adapter.go b/caddyconfig/caddyfile/adapter.go index 7f5ebc5f..5b80df3f 100644 --- a/caddyconfig/caddyfile/adapter.go +++ b/caddyconfig/caddyfile/adapter.go @@ -67,14 +67,17 @@ func (a Adapter) Adapt(body []byte, options map[string]interface{}) ([]byte, []c // is any different from the input; empty warning and false otherwise. // TODO: also perform this check on imported files func formattingDifference(filename string, body []byte) (caddyconfig.Warning, bool) { - formatted := Format(body) - if bytes.Equal(formatted, body) { + // replace windows-style newlines to normalize comparison + normalizedBody := bytes.Replace(body, []byte("\r\n"), []byte("\n"), -1) + + formatted := Format(normalizedBody) + if bytes.Equal(formatted, normalizedBody) { return caddyconfig.Warning{}, false } // find where the difference is line := 1 - for i, ch := range body { + for i, ch := range normalizedBody { if i >= len(formatted) || ch != formatted[i] { break } From 1455d6bb690d8c91159a709cc6d1a0dc01ed9153 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Fri, 2 Apr 2021 18:47:04 -0400 Subject: [PATCH 0356/1498] httpcaddyfile: Fix panic in automation policy consolidation (#4104) * httpcaddyfile: Add reproduce test * httpcaddyfile: Don't allow `i` to go below zero --- caddyconfig/httpcaddyfile/tlsapp.go | 3 +- .../tls_automation_policies_4.txt | 155 ++++++++++++++++++ 2 files changed, 157 insertions(+), 1 deletion(-) create mode 100644 caddytest/integration/caddyfile_adapt/tls_automation_policies_4.txt diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index 45ba9d21..85f9e5a3 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -491,13 +491,13 @@ func consolidateAutomationPolicies(aps []*caddytls.AutomationPolicy) []*caddytls } // remove or combine duplicate policies +outer: for i := 0; i < len(aps); i++ { // compare only with next policies; we sorted by specificity so we must not delete earlier policies for j := i + 1; j < len(aps); j++ { // if they're exactly equal in every way, just keep one of them if reflect.DeepEqual(aps[i], aps[j]) { aps = append(aps[:j], aps[j+1:]...) - i-- break } @@ -524,6 +524,7 @@ func consolidateAutomationPolicies(aps []*caddytls.AutomationPolicy) []*caddytls if automationPolicyShadows(i, aps) >= j { aps = append(aps[:i], aps[i+1:]...) i-- + continue outer } } else { // avoid repeated subjects diff --git a/caddytest/integration/caddyfile_adapt/tls_automation_policies_4.txt b/caddytest/integration/caddyfile_adapt/tls_automation_policies_4.txt new file mode 100644 index 00000000..502dbd0b --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/tls_automation_policies_4.txt @@ -0,0 +1,155 @@ +{ + email my.email@example.com +} + +:82 { + redir https://example.com{uri} +} + +:83 { + redir https://example.com{uri} +} + +:84 { + redir https://example.com{uri} +} + +abc.de { + redir https://example.com{uri} +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "abc.de" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "handler": "static_response", + "headers": { + "Location": [ + "https://example.com{http.request.uri}" + ] + }, + "status_code": 302 + } + ] + } + ] + } + ], + "terminal": true + } + ] + }, + "srv1": { + "listen": [ + ":82" + ], + "routes": [ + { + "handle": [ + { + "handler": "static_response", + "headers": { + "Location": [ + "https://example.com{http.request.uri}" + ] + }, + "status_code": 302 + } + ] + } + ] + }, + "srv2": { + "listen": [ + ":83" + ], + "routes": [ + { + "handle": [ + { + "handler": "static_response", + "headers": { + "Location": [ + "https://example.com{http.request.uri}" + ] + }, + "status_code": 302 + } + ] + } + ] + }, + "srv3": { + "listen": [ + ":84" + ], + "routes": [ + { + "handle": [ + { + "handler": "static_response", + "headers": { + "Location": [ + "https://example.com{http.request.uri}" + ] + }, + "status_code": 302 + } + ] + } + ] + } + } + }, + "tls": { + "automation": { + "policies": [ + { + "issuers": [ + { + "email": "my.email@example.com", + "module": "acme" + }, + { + "email": "my.email@example.com", + "module": "zerossl" + } + ] + }, + { + "issuers": [ + { + "email": "my.email@example.com", + "module": "acme" + }, + { + "email": "my.email@example.com", + "module": "zerossl" + } + ] + } + ] + } + } + } +} \ No newline at end of file From 66783eb4d966c01e3ecdcd456fa4a205de9c560b Mon Sep 17 00:00:00 2001 From: Marten Seemann Date: Tue, 6 Apr 2021 02:09:30 +0700 Subject: [PATCH 0357/1498] go.mod: Update quic-go to v0.20.1 (#4075) --- go.mod | 2 +- go.sum | 25 ++++++++++++------------- 2 files changed, 13 insertions(+), 14 deletions(-) diff --git a/go.mod b/go.mod index 629d1621..51269c52 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/google/uuid v1.2.0 github.com/klauspost/compress v1.11.3 github.com/klauspost/cpuid/v2 v2.0.1 - github.com/lucas-clemente/quic-go v0.19.3 + github.com/lucas-clemente/quic-go v0.20.1 github.com/mholt/acmez v0.1.3 github.com/naoina/go-stringutil v0.1.0 // indirect github.com/naoina/toml v0.1.1 diff --git a/go.sum b/go.sum index c882b2b9..16987416 100644 --- a/go.sum +++ b/go.sum @@ -230,7 +230,6 @@ github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfU github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20191027212112-611e8accdfc9/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7 h1:5ZkaAPbicIKTF2I64qf5Fh8Aa83Q/dnOafMYV0OMwjA= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E= @@ -238,9 +237,9 @@ github.com/golang/mock v1.0.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfb github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= -github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.4 h1:l75CXGRSwbaYNpl/Z2X1XIIAMSCquvXgpVZDhwEIJsc= github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= +github.com/golang/mock v1.5.0 h1:jlYHihg//f7RRwuPfptm04yp4s7O6Kw8EZiVYIGcH0g= +github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -423,8 +422,8 @@ github.com/libdns/libdns v0.2.0/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSO github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= -github.com/lucas-clemente/quic-go v0.19.3 h1:eCDQqvGBB+kCTkA0XrAFtNe81FMa0/fn4QSoeAbmiF4= -github.com/lucas-clemente/quic-go v0.19.3/go.mod h1:ADXpNbTQjq1hIzCpB+y/k5iz4n4z4IwqoLb94Kh5Hu8= +github.com/lucas-clemente/quic-go v0.20.1 h1:hb5m76V8QS/8Nw/suHvXqo3BMHAozvIkcnzpJdpanSk= +github.com/lucas-clemente/quic-go v0.20.1/go.mod h1:fZq/HUDIM+mW6X6wtzORjC0E/WDBMKe5Hf9bgjISwLk= github.com/lunixbochs/vtclean v1.0.0 h1:xu2sLAri4lGiovBDQKxl5mrXyESr3gUr5m5SM5+LVb8= github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= @@ -436,10 +435,10 @@ github.com/manifoldco/promptui v0.3.1 h1:BxqNa7q1hVHXIXy3iupJMkXYS3aHhbubJWv2Jmg github.com/manifoldco/promptui v0.3.1/go.mod h1:zoCNXiJnyM03LlBgTsWv8mq28s7aTC71UgKasqRJHww= github.com/marten-seemann/qpack v0.2.1 h1:jvTsT/HpCn2UZJdP+UUB53FfUUgeOyG5K1ns0OJOGVs= github.com/marten-seemann/qpack v0.2.1/go.mod h1:F7Gl5L1jIgN1D11ucXefiuJS9UMVP2opoCp2jDKb7wc= -github.com/marten-seemann/qtls v0.10.0 h1:ECsuYUKalRL240rRD4Ri33ISb7kAQ3qGDlrrl55b2pc= -github.com/marten-seemann/qtls v0.10.0/go.mod h1:UvMd1oaYDACI99/oZUYLzMCkBXQVT0aGm99sJhbT8hs= -github.com/marten-seemann/qtls-go1-15 v0.1.1 h1:LIH6K34bPVttyXnUWixk0bzH6/N07VxbSabxn5A5gZQ= -github.com/marten-seemann/qtls-go1-15 v0.1.1/go.mod h1:GyFwywLKkRt+6mfU99csTEY1joMZz5vmB1WNZH3P81I= +github.com/marten-seemann/qtls-go1-15 v0.1.4 h1:RehYMOyRW8hPVEja1KBVsFVNSm35Jj9Mvs5yNoZZ28A= +github.com/marten-seemann/qtls-go1-15 v0.1.4/go.mod h1:GyFwywLKkRt+6mfU99csTEY1joMZz5vmB1WNZH3P81I= +github.com/marten-seemann/qtls-go1-16 v0.1.3 h1:XEZ1xGorVy9u+lJq+WXNE+hiqRYLNvJGYmwfwKQN2gU= +github.com/marten-seemann/qtls-go1-16 v0.1.3/go.mod h1:gNpI2Ol+lRS3WwSOtIUUtRwZEQMXjYK+dQSBFbethAk= github.com/matoous/godox v0.0.0-20190911065817-5d6d842e92eb/go.mod h1:1BELzlh859Sh1c6+90blK8lbYy0kwQf1bYlBhBysy1s= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= @@ -831,6 +830,7 @@ golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCc golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= +golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20170915142106-8351a756f30f/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -928,11 +928,11 @@ golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201214210602-f9fddec55a1e h1:AyodaIpKjppX+cBfTASF2E1US3H2JFBj920Ot3rtDjs= golang.org/x/sys v0.0.0-20201214210602-f9fddec55a1e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201231184435-2d18734c6014 h1:joucsQqXmyBVxViHCPFjG3hx8JzIFSaym3l3MM/Jsdg= +golang.org/x/sys v0.0.0-20201231184435-2d18734c6014/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/term v0.0.0-20210317153231-de623e64d2a6 h1:EC6+IGYTjPpRfv9a2b/6Puw0W+hLtAhkV1tPsXhutqs= golang.org/x/term v0.0.0-20210317153231-de623e64d2a6/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.0.0-20170915090833-1cbadb444a80/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -980,6 +980,7 @@ golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191113232020-e2727e816f5a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= @@ -1106,8 +1107,6 @@ mvdan.cc/unparam v0.0.0-20190209190245-fbb59629db34/go.mod h1:H6SUd1XjIs+qQCyskX mvdan.cc/unparam v0.0.0-20190720180237-d51796306d8f/go.mod h1:4G1h5nDURzA3bwVMZIVpwbkw+04kSxk3rAtzlimaUJw= mvdan.cc/unparam v0.0.0-20191111180625-960b1ec0f2c2/go.mod h1:rCqoQrfAmpTX/h2APczwM7UymU/uvaOluiVPIYCSY/k= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= -rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= -rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU= sourcegraph.com/sourcegraph/go-diff v0.5.0/go.mod h1:kuch7UrkMzY0X+p9CRK03kfuPQ2zzQcaEFbx8wA8rck= From 45fb7202ac0e606ccb7b4fe95f169424f0a6cabc Mon Sep 17 00:00:00 2001 From: Carl George Date: Mon, 5 Apr 2021 15:01:20 -0500 Subject: [PATCH 0358/1498] notify: Send all sd_notify signals from main caddy process (#4060) Initial sd_notify support was added in #3963, but that sent signals from both cmdRun and cmdReload. This approach has two drawbacks: - Reloads initiated via the API do not send signals. - The signals are sent from different processes, which requires the `NotifyAccess=exec` directive in the unit file. This change moves the NotifyReloading and NotifyReadiness invocations to Load, which address both of those drawbacks. It also adds a complimentary NotifyStopping method which is invoked from handleStop. All the notify methods are defined in a notify package to avoid an import loop. --- admin.go | 6 ++++++ caddy.go | 11 +++++++++++ cmd/commandfuncs.go | 13 ------------- {cmd => notify}/notify.go | 7 ++++++- {cmd => notify}/notify_linux.go | 18 +++++++++++++++--- {cmd => notify}/notify_other.go | 6 +++++- 6 files changed, 43 insertions(+), 18 deletions(-) rename {cmd => notify}/notify.go (86%) rename {cmd => notify}/notify_linux.go (79%) rename {cmd => notify}/notify_other.go (92%) diff --git a/admin.go b/admin.go index f3336575..da7ce0f5 100644 --- a/admin.go +++ b/admin.go @@ -39,6 +39,7 @@ import ( "sync" "time" + "github.com/caddyserver/caddy/v2/notify" "github.com/caddyserver/certmagic" "github.com/prometheus/client_golang/prometheus" "go.uber.org/zap" @@ -905,6 +906,11 @@ func handleStop(w http.ResponseWriter, r *http.Request) error { Err: fmt.Errorf("method not allowed"), } } + + if err := notify.NotifyStopping(); err != nil { + Log().Error("unable to notify stopping to service manager", zap.Error(err)) + } + exitProcess(Log().Named("admin.api")) return nil } diff --git a/caddy.go b/caddy.go index 46d8531f..96dfea5c 100644 --- a/caddy.go +++ b/caddy.go @@ -32,6 +32,7 @@ import ( "sync" "time" + "github.com/caddyserver/caddy/v2/notify" "github.com/caddyserver/certmagic" "github.com/google/uuid" "go.uber.org/zap" @@ -100,6 +101,16 @@ func Run(cfg *Config) error { // if it is different from the current config or // forceReload is true. func Load(cfgJSON []byte, forceReload bool) error { + if err := notify.NotifyReloading(); err != nil { + Log().Error("unable to notify reloading to service manager", zap.Error(err)) + } + + defer func() { + if err := notify.NotifyReadiness(); err != nil { + Log().Error("unable to notify readiness to service manager", zap.Error(err)) + } + }() + return changeConfig(http.MethodPost, "/"+rawConfigKey, cfgJSON, forceReload) } diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go index 77d95b9a..d32b9c76 100644 --- a/cmd/commandfuncs.go +++ b/cmd/commandfuncs.go @@ -269,10 +269,6 @@ func cmdRun(fl Flags) (int, error) { } } - if err := NotifyReadiness(); err != nil { - caddy.Log().Error("unable to notify readiness to service manager", zap.Error(err)) - } - select {} } @@ -294,15 +290,6 @@ func cmdReload(fl Flags) (int, error) { reloadCmdAddrFlag := fl.String("address") reloadCmdForceFlag := fl.Bool("force") - if err := NotifyReloading(); err != nil { - caddy.Log().Error("unable to notify reloading to service manager", zap.Error(err)) - } - defer func() { - if err := NotifyReadiness(); err != nil { - caddy.Log().Error("unable to notify readiness to service manager", zap.Error(err)) - } - }() - // get the config in caddy's native format config, configFile, err := loadConfig(reloadCmdConfigFlag, reloadCmdConfigAdapterFlag) if err != nil { diff --git a/cmd/notify.go b/notify/notify.go similarity index 86% rename from cmd/notify.go rename to notify/notify.go index 21e0e69c..bca80c1f 100644 --- a/cmd/notify.go +++ b/notify/notify.go @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -package caddycmd +package notify // NotifyReadiness notifies process manager of readiness. func NotifyReadiness() error { @@ -23,3 +23,8 @@ func NotifyReadiness() error { func NotifyReloading() error { return notifyReloading() } + +// NotifyStopping notifies process manager of stopping. +func NotifyStopping() error { + return notifyStopping() +} diff --git a/cmd/notify_linux.go b/notify/notify_linux.go similarity index 79% rename from cmd/notify_linux.go rename to notify/notify_linux.go index 924c00f6..8ba49d2c 100644 --- a/cmd/notify_linux.go +++ b/notify/notify_linux.go @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -package caddycmd +package notify import ( "io" @@ -42,7 +42,7 @@ func sdNotify(path, payload string) error { return nil } -// notifyReadiness notifies systemd caddy that has finished its +// notifyReadiness notifies systemd that caddy has finished its // initialization routines. func notifyReadiness() error { val, ok := os.LookupEnv("NOTIFY_SOCKET") @@ -55,7 +55,7 @@ func notifyReadiness() error { return nil } -// notifyReadiness notifies systemd that caddy is reloading its config. +// notifyReloading notifies systemd that caddy is reloading its config. func notifyReloading() error { val, ok := os.LookupEnv("NOTIFY_SOCKET") if !ok || val == "" { @@ -66,3 +66,15 @@ func notifyReloading() error { } return nil } + +// notifyStopping notifies systemd that caddy is stopping. +func notifyStopping() error { + val, ok := os.LookupEnv("NOTIFY_SOCKET") + if !ok || val == "" { + return nil + } + if err := sdNotify(val, "STOPPING=1"); err != nil { + return err + } + return nil +} diff --git a/cmd/notify_other.go b/notify/notify_other.go similarity index 92% rename from cmd/notify_other.go rename to notify/notify_other.go index 4425ed77..17f62bab 100644 --- a/cmd/notify_other.go +++ b/notify/notify_other.go @@ -14,7 +14,7 @@ // +build !linux -package caddycmd +package notify func notifyReadiness() error { return nil @@ -23,3 +23,7 @@ func notifyReadiness() error { func notifyReloading() error { return nil } + +func notifyStopping() error { + return nil +} From 3f6283b385642c56f34b479d1275095379b062d3 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Thu, 8 Apr 2021 13:09:12 -0400 Subject: [PATCH 0359/1498] fileserver: Add status code override (#4076) After reading a question about the `handle_response` feature of `reverse_proxy`, I realized that we didn't have a way of serving an arbitrary file with a status code other than 200. This is an issue in situations where you want to serve a custom error page in routes that are not errors, like the aforementioned `handle_response`, where you may want to retain the status code returned by the proxy but write a response with content from a file. This feature is super simple, basically if a status code is configured (can be a status code number, or a placeholder string) then that status will be written out before serving the file - if we write the status code first, then the stdlib won't write its own (only the first HTTP status header wins). --- .../caddyfile_adapt/file_server_status.txt | 112 ++++++++++++++++++ modules/caddyhttp/fileserver/caddyfile.go | 12 ++ modules/caddyhttp/fileserver/staticfiles.go | 16 +++ 3 files changed, 140 insertions(+) create mode 100644 caddytest/integration/caddyfile_adapt/file_server_status.txt diff --git a/caddytest/integration/caddyfile_adapt/file_server_status.txt b/caddytest/integration/caddyfile_adapt/file_server_status.txt new file mode 100644 index 00000000..ede1f4ad --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/file_server_status.txt @@ -0,0 +1,112 @@ +localhost + +root * /srv + +handle /nope* { + file_server { + status 403 + } +} + +handle /custom-status* { + file_server { + status {env.CUSTOM_STATUS} + } +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "localhost" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "handler": "vars", + "root": "/srv" + } + ] + }, + { + "group": "group2", + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "handler": "file_server", + "hide": [ + "./Caddyfile" + ], + "status_code": "{env.CUSTOM_STATUS}" + } + ] + } + ] + } + ], + "match": [ + { + "path": [ + "/custom-status*" + ] + } + ] + }, + { + "group": "group2", + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "handler": "file_server", + "hide": [ + "./Caddyfile" + ], + "status_code": 403 + } + ] + } + ] + } + ], + "match": [ + { + "path": [ + "/nope*" + ] + } + ] + } + ] + } + ], + "terminal": true + } + ] + } + } + } + } +} \ No newline at end of file diff --git a/modules/caddyhttp/fileserver/caddyfile.go b/modules/caddyhttp/fileserver/caddyfile.go index 2ba53f2b..447f4811 100644 --- a/modules/caddyhttp/fileserver/caddyfile.go +++ b/modules/caddyhttp/fileserver/caddyfile.go @@ -40,6 +40,7 @@ func init() { // index // browse [] // precompressed +// status // } // func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) { @@ -65,21 +66,25 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) if len(fsrv.Hide) == 0 { return nil, h.ArgErr() } + case "index": fsrv.IndexNames = h.RemainingArgs() if len(fsrv.IndexNames) == 0 { return nil, h.ArgErr() } + case "root": if !h.Args(&fsrv.Root) { return nil, h.ArgErr() } + case "browse": if fsrv.Browse != nil { return nil, h.Err("browsing is already configured") } fsrv.Browse = new(Browse) h.Args(&fsrv.Browse.TemplateFile) + case "precompressed": var order []string for h.NextArg() { @@ -100,6 +105,13 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) order = append(order, h.Val()) } fsrv.PrecompressedOrder = order + + case "status": + if !h.NextArg() { + return nil, h.ArgErr() + } + fsrv.StatusCode = caddyhttp.WeakString(h.Val()) + default: return nil, h.Errf("unknown subdirective '%s'", h.Val()) } diff --git a/modules/caddyhttp/fileserver/staticfiles.go b/modules/caddyhttp/fileserver/staticfiles.go index c6707885..660e1d19 100644 --- a/modules/caddyhttp/fileserver/staticfiles.go +++ b/modules/caddyhttp/fileserver/staticfiles.go @@ -75,6 +75,12 @@ type FileServer struct { // remove trailing slash from URIs for files. Default is true. CanonicalURIs *bool `json:"canonical_uris,omitempty"` + // Override the status code written when successfully serving a file. + // Particularly useful when explicitly serving a file as display for + // an error, like a 404 page. A placeholder may be used. By default, + // the status code will typically be 200, or 206 for partial content. + StatusCode caddyhttp.WeakString `json:"status_code,omitempty"` + // If pass-thru mode is enabled and a requested file is not found, // it will invoke the next handler in the chain instead of returning // a 404 error. By default, this is false (disabled). @@ -345,6 +351,16 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c return nil } + // if a status code override is configured, write the status code + // before serving the file + if codeStr := fsrv.StatusCode.String(); codeStr != "" { + intVal, err := strconv.Atoi(repl.ReplaceAll(codeStr, "")) + if err != nil { + return caddyhttp.Error(http.StatusInternalServerError, err) + } + w.WriteHeader(intVal) + } + // let the standard library do what it does best; note, however, // that errors generated by ServeContent are written immediately // to the response, so we cannot handle them (but errors there From 03b5debd958a324d5c00cc37f887130b0198e747 Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Thu, 8 Apr 2021 17:45:19 +0000 Subject: [PATCH 0360/1498] ci: fuzz: add 4 more fuzzing targets (#4105) --- caddyconfig/caddyfile/formatter_fuzz.go | 25 +++++++++++++++++ caddyconfig/caddyfile/lexer_fuzz.go | 28 +++++++++++++++++++ duration_fuzz.go | 25 +++++++++++++++++ .../caddyhttp/templates/frontmatter_fuzz.go | 25 +++++++++++++++++ 4 files changed, 103 insertions(+) create mode 100644 caddyconfig/caddyfile/formatter_fuzz.go create mode 100644 caddyconfig/caddyfile/lexer_fuzz.go create mode 100644 duration_fuzz.go create mode 100644 modules/caddyhttp/templates/frontmatter_fuzz.go diff --git a/caddyconfig/caddyfile/formatter_fuzz.go b/caddyconfig/caddyfile/formatter_fuzz.go new file mode 100644 index 00000000..8be06345 --- /dev/null +++ b/caddyconfig/caddyfile/formatter_fuzz.go @@ -0,0 +1,25 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// +build gofuzz + +package caddyfile + +func FuzzFormat(input []byte) int { + formatted := Format(input) + if formatted != Format(formatted) { + return 1 + } + return 0 +} diff --git a/caddyconfig/caddyfile/lexer_fuzz.go b/caddyconfig/caddyfile/lexer_fuzz.go new file mode 100644 index 00000000..29348446 --- /dev/null +++ b/caddyconfig/caddyfile/lexer_fuzz.go @@ -0,0 +1,28 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// +build gofuzz + +package caddyfile + +func FuzzTokenize(input []byte) int { + tokens, err := Tokenize(input, "Caddyfile") + if err != nil { + return 0 + } + if len(tokens) == 0 { + return -1 + } + return 1 +} diff --git a/duration_fuzz.go b/duration_fuzz.go new file mode 100644 index 00000000..e7afed3f --- /dev/null +++ b/duration_fuzz.go @@ -0,0 +1,25 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// +build gofuzz + +package caddy + +func FuzzParseDuration(data []byte) int { + _, err := ParseDuration(string(data)) + if err != nil { + return 0 + } + return 1 +} diff --git a/modules/caddyhttp/templates/frontmatter_fuzz.go b/modules/caddyhttp/templates/frontmatter_fuzz.go new file mode 100644 index 00000000..8d8427b0 --- /dev/null +++ b/modules/caddyhttp/templates/frontmatter_fuzz.go @@ -0,0 +1,25 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// +build gofuzz + +package templates + +func FuzzExtractFrontMatter(data []byte) int { + _, _, err := extractFrontMatter(string(data)) + if err != nil { + return 0 + } + return 1 +} From 3903642aa7cf711cb20f27958e7ee5b15fe2bbb3 Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Fri, 9 Apr 2021 18:06:25 +0000 Subject: [PATCH 0361/1498] caddyfile: reject cyclic imports (#4022) * caddyfile: reject recursive self-imports * caddyfile: detect and reject cyclic imports of snippets and files * caddyfile: do not be stickler about connected nodes not being connected already * caddyfile: include missing test artifacts of cyclic imports * address review comments --- caddyconfig/caddyfile/importgraph.go | 127 ++++++++++++++++++ caddyconfig/caddyfile/lexer.go | 8 +- caddyconfig/caddyfile/parse.go | 37 ++++- caddyconfig/caddyfile/parse_test.go | 22 +++ .../caddyfile/testdata/import_recursive0.txt | 1 + .../caddyfile/testdata/import_recursive1.txt | 1 + .../caddyfile/testdata/import_recursive2.txt | 1 + .../caddyfile/testdata/import_recursive3.txt | 1 + 8 files changed, 193 insertions(+), 5 deletions(-) create mode 100644 caddyconfig/caddyfile/importgraph.go create mode 100644 caddyconfig/caddyfile/testdata/import_recursive0.txt create mode 100644 caddyconfig/caddyfile/testdata/import_recursive1.txt create mode 100644 caddyconfig/caddyfile/testdata/import_recursive2.txt create mode 100644 caddyconfig/caddyfile/testdata/import_recursive3.txt diff --git a/caddyconfig/caddyfile/importgraph.go b/caddyconfig/caddyfile/importgraph.go new file mode 100644 index 00000000..659c3680 --- /dev/null +++ b/caddyconfig/caddyfile/importgraph.go @@ -0,0 +1,127 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package caddyfile + +import ( + "fmt" +) + +type adjacency map[string][]string + +type importGraph struct { + nodes map[string]bool + edges adjacency +} + +func (i *importGraph) addNode(name string) { + if i.nodes == nil { + i.nodes = make(map[string]bool) + } + if _, exists := i.nodes[name]; exists { + return + } + i.nodes[name] = true +} +func (i *importGraph) addNodes(names []string) { + for _, name := range names { + i.addNode(name) + } +} + +func (i *importGraph) removeNode(name string) { + delete(i.nodes, name) +} +func (i *importGraph) removeNodes(names []string) { + for _, name := range names { + i.removeNode(name) + } +} + +func (i *importGraph) addEdge(from, to string) error { + if !i.exists(from) || !i.exists(to) { + return fmt.Errorf("one of the nodes does not exist") + } + + if i.willCycle(to, from) { + return fmt.Errorf("a cycle of imports exists between %s and %s", from, to) + } + + if i.areConnected(from, to) { + // if connected, there's nothing to do + return nil + } + + if i.nodes == nil { + i.nodes = make(map[string]bool) + } + if i.edges == nil { + i.edges = make(adjacency) + } + + i.edges[from] = append(i.edges[from], to) + return nil +} +func (i *importGraph) addEdges(from string, tos []string) error { + for _, to := range tos { + err := i.addEdge(from, to) + if err != nil { + return err + } + } + return nil +} + +func (i *importGraph) areConnected(from, to string) bool { + al, ok := i.edges[from] + if !ok { + return false + } + for _, v := range al { + if v == to { + return true + } + } + return false +} + +func (i *importGraph) willCycle(from, to string) bool { + collector := make(map[string]bool) + + var visit func(string) + visit = func(start string) { + if !collector[start] { + collector[start] = true + for _, v := range i.edges[start] { + visit(v) + } + } + } + + for _, v := range i.edges[from] { + visit(v) + } + for k := range collector { + if to == k { + return true + } + } + + return false +} + +func (i *importGraph) exists(key string) bool { + _, exists := i.nodes[key] + return exists +} diff --git a/caddyconfig/caddyfile/lexer.go b/caddyconfig/caddyfile/lexer.go index 188ef064..f4da2391 100755 --- a/caddyconfig/caddyfile/lexer.go +++ b/caddyconfig/caddyfile/lexer.go @@ -35,9 +35,11 @@ type ( // Token represents a single parsable unit. Token struct { - File string - Line int - Text string + File string + Line int + Text string + inSnippet bool + snippetName string } ) diff --git a/caddyconfig/caddyfile/parse.go b/caddyconfig/caddyfile/parse.go index 50e3244b..52abf478 100755 --- a/caddyconfig/caddyfile/parse.go +++ b/caddyconfig/caddyfile/parse.go @@ -16,6 +16,7 @@ package caddyfile import ( "bytes" + "fmt" "io/ioutil" "log" "os" @@ -40,7 +41,13 @@ func Parse(filename string, input []byte) ([]ServerBlock, error) { if err != nil { return nil, err } - p := parser{Dispenser: NewDispenser(tokens)} + p := parser{ + Dispenser: NewDispenser(tokens), + importGraph: importGraph{ + nodes: make(map[string]bool), + edges: make(adjacency), + }, + } return p.parseAll() } @@ -110,6 +117,7 @@ type parser struct { eof bool // if we encounter a valid EOF in a hard place definedSnippets map[string][]Token nesting int + importGraph importGraph } func (p *parser) parseAll() ([]ServerBlock, error) { @@ -165,6 +173,15 @@ func (p *parser) begin() error { if err != nil { return err } + // Just as we need to track which file the token comes from, we need to + // keep track of which snippets do the tokens come from. This is helpful + // in tracking import cycles across files/snippets by namespacing them. Without + // this we end up with false-positives in cycle-detection. + for k, v := range tokens { + v.inSnippet = true + v.snippetName = name + tokens[k] = v + } p.definedSnippets[name] = tokens // empty block keys so we don't save this block as a real server. p.block.Keys = nil @@ -314,10 +331,15 @@ func (p *parser) doImport() error { tokensBefore := p.tokens[:p.cursor-1-len(args)] tokensAfter := p.tokens[p.cursor+1:] var importedTokens []Token + var nodes []string // first check snippets. That is a simple, non-recursive replacement if p.definedSnippets != nil && p.definedSnippets[importPattern] != nil { importedTokens = p.definedSnippets[importPattern] + if len(importedTokens) > 0 { + // just grab the first one + nodes = append(nodes, fmt.Sprintf("%s:%s", importedTokens[0].File, importedTokens[0].snippetName)) + } } else { // make path relative to the file of the _token_ being processed rather // than current working directory (issue #867) and then use glob to get @@ -353,7 +375,6 @@ func (p *parser) doImport() error { } // collect all the imported tokens - for _, importFile := range matches { newTokens, err := p.doSingleImport(importFile) if err != nil { @@ -361,6 +382,18 @@ func (p *parser) doImport() error { } importedTokens = append(importedTokens, newTokens...) } + nodes = matches + } + + nodeName := p.File() + if p.Token().inSnippet { + nodeName += fmt.Sprintf(":%s", p.Token().snippetName) + } + p.importGraph.addNode(nodeName) + p.importGraph.addNodes(nodes) + if err := p.importGraph.addEdges(nodeName, nodes); err != nil { + p.importGraph.removeNodes(nodes) + return err } // copy the tokens so we don't overwrite p.definedSnippets diff --git a/caddyconfig/caddyfile/parse_test.go b/caddyconfig/caddyfile/parse_test.go index 94a69a41..3c7db79b 100755 --- a/caddyconfig/caddyfile/parse_test.go +++ b/caddyconfig/caddyfile/parse_test.go @@ -444,6 +444,28 @@ func TestParseAll(t *testing.T) { {`import notfound/*`, false, [][]string{}}, // glob needn't error with no matches {`import notfound/file.conf`, true, [][]string{}}, // but a specific file should + + // recursive self-import + {`import testdata/import_recursive0.txt`, true, [][]string{}}, + {`import testdata/import_recursive3.txt + import testdata/import_recursive1.txt`, true, [][]string{}}, + + // cyclic imports + {`(A) { + import A + } + :80 + import A + `, true, [][]string{}}, + {`(A) { + import B + } + (B) { + import A + } + :80 + import A + `, true, [][]string{}}, } { p := testParser(test.input) blocks, err := p.parseAll() diff --git a/caddyconfig/caddyfile/testdata/import_recursive0.txt b/caddyconfig/caddyfile/testdata/import_recursive0.txt new file mode 100644 index 00000000..4d827b33 --- /dev/null +++ b/caddyconfig/caddyfile/testdata/import_recursive0.txt @@ -0,0 +1 @@ +import import_recursive0.txt \ No newline at end of file diff --git a/caddyconfig/caddyfile/testdata/import_recursive1.txt b/caddyconfig/caddyfile/testdata/import_recursive1.txt new file mode 100644 index 00000000..9b6102ed --- /dev/null +++ b/caddyconfig/caddyfile/testdata/import_recursive1.txt @@ -0,0 +1 @@ +import import_recursive2.txt \ No newline at end of file diff --git a/caddyconfig/caddyfile/testdata/import_recursive2.txt b/caddyconfig/caddyfile/testdata/import_recursive2.txt new file mode 100644 index 00000000..5553dea3 --- /dev/null +++ b/caddyconfig/caddyfile/testdata/import_recursive2.txt @@ -0,0 +1 @@ +import import_recursive3.txt \ No newline at end of file diff --git a/caddyconfig/caddyfile/testdata/import_recursive3.txt b/caddyconfig/caddyfile/testdata/import_recursive3.txt new file mode 100644 index 00000000..fcf0237f --- /dev/null +++ b/caddyconfig/caddyfile/testdata/import_recursive3.txt @@ -0,0 +1 @@ +import import_recursive1.txt \ No newline at end of file From 42b7134ffa3bf3e9e86514c82407979c2627a5ab Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 12 Apr 2021 15:41:22 -0600 Subject: [PATCH 0362/1498] caddytls: Configurable storage clean interval Can drastically reduce costs on storage backends where scans are expensive. Also reduced default interval to 24h. See https://github.com/silinternational/certmagic-storage-dynamodb/issues/18 --- modules/caddytls/automation.go | 13 +++++++++ modules/caddytls/tls.go | 48 +++++++++++++++++++++++++++------- 2 files changed, 52 insertions(+), 9 deletions(-) diff --git a/modules/caddytls/automation.go b/modules/caddytls/automation.go index bcc0a0c7..6ea92afd 100644 --- a/modules/caddytls/automation.go +++ b/modules/caddytls/automation.go @@ -56,6 +56,19 @@ type AutomationConfig struct { // performed. Default: 10m RenewCheckInterval caddy.Duration `json:"renew_interval,omitempty"` + // How often to scan storage units for old or expired + // assets and remove them. These scans exert lots of + // reads (and list operations) on the storage module, so + // choose a longer interval for large deployments. + // Default: 24h + // + // Storage will always be cleaned when the process first + // starts. Then, a new cleaning will be started this + // duration after the previous cleaning started if the + // previous cleaning finished in less than half the time + // of this interval (otherwise next start will be skipped). + StorageCleanInterval caddy.Duration `json:"storage_clean_interval,omitempty"` + defaultPublicAutomationPolicy *AutomationPolicy defaultInternalAutomationPolicy *AutomationPolicy // only initialized if necessary } diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go index 31b13fb5..a0853bae 100644 --- a/modules/caddytls/tls.go +++ b/modules/caddytls/tls.go @@ -414,7 +414,7 @@ func (t *TLS) AllMatchingCertificates(san string) []certmagic.Certificate { // known storage units if it was not recently done, and then runs the // operation at every tick from t.storageCleanTicker. func (t *TLS) keepStorageClean() { - t.storageCleanTicker = time.NewTicker(storageCleanInterval) + t.storageCleanTicker = time.NewTicker(t.storageCleanInterval()) t.storageCleanStop = make(chan struct{}) go func() { defer func() { @@ -438,31 +438,61 @@ func (t *TLS) cleanStorageUnits() { storageCleanMu.Lock() defer storageCleanMu.Unlock() - if !storageClean.IsZero() && time.Since(storageClean) < storageCleanInterval { + // If storage was cleaned recently, don't do it again for now. Although the ticker + // drops missed ticks for us, config reloads discard the old ticker and replace it + // with a new one, possibly invoking a cleaning to happen again too soon. + // (We divide the interval by 2 because the actual cleaning takes non-zero time, + // and we don't want to skip cleanings if we don't have to; whereas if a cleaning + // took the entire interval, we'd probably want to skip the next one so we aren't + // constantly cleaning. This allows cleanings to take up to half the interval's + // duration before we decide to skip the next one.) + if !storageClean.IsZero() && time.Since(storageClean) < t.storageCleanInterval()/2 { return } + // mark when storage cleaning was last initiated + storageClean = time.Now() + options := certmagic.CleanStorageOptions{ OCSPStaples: true, ExpiredCerts: true, ExpiredCertGracePeriod: 24 * time.Hour * 14, } - // start with the default storage - certmagic.CleanStorage(t.ctx, t.ctx.Storage(), options) + // avoid cleaning same storage more than once per cleaning cycle + storagesCleaned := make(map[string]struct{}) + + // start with the default/global storage + storage := t.ctx.Storage() + storageStr := fmt.Sprintf("%v", storage) + t.logger.Info("cleaning storage unit", zap.String("description", storageStr)) + certmagic.CleanStorage(t.ctx, storage, options) + storagesCleaned[storageStr] = struct{}{} // then clean each storage defined in ACME automation policies if t.Automation != nil { for _, ap := range t.Automation.Policies { - if ap.storage != nil { - certmagic.CleanStorage(t.ctx, ap.storage, options) + if ap.storage == nil { + continue } + storageStr := fmt.Sprintf("%v", ap.storage) + if _, ok := storagesCleaned[storageStr]; ok { + continue + } + t.logger.Info("cleaning storage unit", zap.String("description", storageStr)) + certmagic.CleanStorage(t.ctx, ap.storage, options) + storagesCleaned[storageStr] = struct{}{} } } - storageClean = time.Now() + t.logger.Info("finished cleaning storage units") +} - t.logger.Info("cleaned up storage units") +func (t *TLS) storageCleanInterval() time.Duration { + if t.Automation != nil && t.Automation.StorageCleanInterval > 0 { + return time.Duration(t.Automation.StorageCleanInterval) + } + return defaultStorageCleanInterval } // CertificateLoader is a type that can load certificates. @@ -507,7 +537,7 @@ type CertCacheOptions struct { // Variables related to storage cleaning. var ( - storageCleanInterval = 12 * time.Hour + defaultStorageCleanInterval = 24 * time.Hour storageClean time.Time storageCleanMu sync.Mutex From 2250920e1d8506991c97275f1e517e1189c20a2f Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 12 Apr 2021 16:09:02 -0600 Subject: [PATCH 0363/1498] caddytls: Disable OCSP stapling for manual certs (#4064) --- modules/caddytls/tls.go | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go index a0853bae..c111bbba 100644 --- a/modules/caddytls/tls.go +++ b/modules/caddytls/tls.go @@ -56,6 +56,16 @@ type TLS struct { // Configures the in-memory certificate cache. Cache *CertCacheOptions `json:"cache,omitempty"` + // Disables OCSP stapling for manually-managed certificates only. + // To configure OCSP stapling for automated certificates, use an + // automation policy instead. + // + // Disabling OCSP stapling puts clients at greater risk, reduces their + // privacy, and usually lowers client performance. It is NOT recommended + // to disable this unless you are able to justify the costs. + // EXPERIMENTAL. Subject to change. + DisableOCSPStapling bool `json:"disable_ocsp_stapling,omitempty"` + certificateLoaders []CertificateLoader automateNames []string certCache *certmagic.Cache @@ -173,6 +183,9 @@ func (t *TLS) Provision(ctx caddy.Context) error { magic := certmagic.New(t.certCache, certmagic.Config{ Storage: ctx.Storage(), Logger: t.logger, + OCSP: certmagic.OCSPConfig{ + DisableStapling: t.DisableOCSPStapling, + }, }) for _, loader := range t.certificateLoaders { certs, err := loader.LoadCertificates() From 00e12aa918aedcfae3a69292efb70de615e172dd Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Thu, 15 Apr 2021 23:03:54 +0000 Subject: [PATCH 0364/1498] fuzz: fix the FuzzFormat comparison (#4117) --- caddyconfig/caddyfile/formatter_fuzz.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/caddyconfig/caddyfile/formatter_fuzz.go b/caddyconfig/caddyfile/formatter_fuzz.go index 8be06345..b1bbd84a 100644 --- a/caddyconfig/caddyfile/formatter_fuzz.go +++ b/caddyconfig/caddyfile/formatter_fuzz.go @@ -16,9 +16,11 @@ package caddyfile +import "bytes" + func FuzzFormat(input []byte) int { formatted := Format(input) - if formatted != Format(formatted) { + if bytes.Equal(formatted, Format(formatted)) { return 1 } return 0 From 96bb3659299ae5ef28ffb3f9a23e16417c570924 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 16 Apr 2021 11:17:15 -0600 Subject: [PATCH 0365/1498] httpcaddyfile: Take into account host scheme/port (fix #4113) --- caddyconfig/httpcaddyfile/tlsapp.go | 8 +++--- .../http_only_on_hostless_block.txt | 28 +++++++++++++++++++ 2 files changed, 32 insertions(+), 4 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/http_only_on_hostless_block.txt diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index 85f9e5a3..1e32be01 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -54,7 +54,7 @@ func (st ServerType) buildTLSApp( // a hostless key, so that they don't get forgotten/omitted // by auto-HTTPS (since they won't appear in route matchers) var serverBlocksWithTLSHostlessKey int - hostsSharedWithHostlessKey := make(map[string]struct{}) + httpsHostsSharedWithHostlessKey := make(map[string]struct{}) for _, pair := range pairings { for _, sb := range pair.serverBlocks { for _, addr := range sb.keys { @@ -70,8 +70,8 @@ func (st ServerType) buildTLSApp( if otherAddr.Original == addr.Original { continue } - if otherAddr.Host != "" { - hostsSharedWithHostlessKey[otherAddr.Host] = struct{}{} + if otherAddr.Host != "" && otherAddr.Scheme != "http" && otherAddr.Port != httpPort { + httpsHostsSharedWithHostlessKey[otherAddr.Host] = struct{}{} } } break @@ -289,7 +289,7 @@ func (st ServerType) buildTLSApp( internalAP := &caddytls.AutomationPolicy{ IssuersRaw: []json.RawMessage{json.RawMessage(`{"module":"internal"}`)}, } - for h := range hostsSharedWithHostlessKey { + for h := range httpsHostsSharedWithHostlessKey { al = append(al, h) if !certmagic.SubjectQualifiesForPublicCert(h) { internalAP.Subjects = append(internalAP.Subjects, h) diff --git a/caddytest/integration/caddyfile_adapt/http_only_on_hostless_block.txt b/caddytest/integration/caddyfile_adapt/http_only_on_hostless_block.txt new file mode 100644 index 00000000..9ccc59eb --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/http_only_on_hostless_block.txt @@ -0,0 +1,28 @@ +# Issue #4113 +:80, http://example.com { + respond "foo" +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":80" + ], + "routes": [ + { + "handle": [ + { + "body": "foo", + "handler": "static_response" + } + ] + } + ] + } + } + } + } +} \ No newline at end of file From d789596bc0b014c99d75c00fe8e55c40ee3d58e3 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 19 Apr 2021 21:54:12 -0400 Subject: [PATCH 0366/1498] caddyhttp: Implement better logic for inserting the HTTP->HTTPS redirs (#4033) * caddyhttp: Implement better logic for inserting the HTTP->HTTPS redirs * caddyhttp: Add integration test --- caddytest/integration/autohttps_test.go | 23 ++++++++++++++++++ modules/caddyhttp/autohttps.go | 29 ++++++++++++----------- modules/caddyhttp/server.go | 31 +++++++++++++++++++++++++ 3 files changed, 69 insertions(+), 14 deletions(-) diff --git a/caddytest/integration/autohttps_test.go b/caddytest/integration/autohttps_test.go index db6329a0..72968e95 100644 --- a/caddytest/integration/autohttps_test.go +++ b/caddytest/integration/autohttps_test.go @@ -80,3 +80,26 @@ func TestAutoHTTPRedirectsWithHTTPListenerFirstInAddresses(t *testing.T) { `, "json") tester.AssertRedirect("http://localhost:9080/", "https://localhost/", http.StatusPermanentRedirect) } + +func TestAutoHTTPRedirectsInsertedBeforeUserDefinedCatchAll(t *testing.T) { + tester := caddytest.NewTester(t) + tester.InitServer(` + { + http_port 9080 + https_port 9443 + local_certs + } + http://:9080 { + respond "Foo" + } + http://baz.localhost:9080 { + respond "Baz" + } + bar.localhost { + respond "Bar" + } + `, "caddyfile") + tester.AssertRedirect("http://bar.localhost:9080/", "https://bar.localhost/", http.StatusPermanentRedirect) + tester.AssertGetResponse("http://foo.localhost:9080/", 200, "Foo") + tester.AssertGetResponse("http://baz.localhost:9080/", 200, "Baz") +} diff --git a/modules/caddyhttp/autohttps.go b/modules/caddyhttp/autohttps.go index 5c83d8fd..da4428db 100644 --- a/modules/caddyhttp/autohttps.go +++ b/modules/caddyhttp/autohttps.go @@ -342,21 +342,22 @@ redirServersLoop: for redirServerAddr, routes := range redirServers { // for each redirect listener, see if there's already a // server configured to listen on that exact address; if so, - // simply add the redirect route to the end of its route - // list; otherwise, we'll create a new server for all the - // listener addresses that are unused and serve the - // remaining redirects from it - for srvName, srv := range app.Servers { + // insert the redirect route to the end of its route list + // after any other routes with host matchers; otherwise, + // we'll create a new server for all the listener addresses + // that are unused and serve the remaining redirects from it + for _, srv := range app.Servers { if srv.hasListenerAddress(redirServerAddr) { - // user has configured a server for the same address - // that the redirect runs from; simply append our - // redirect route to the existing routes, with a - // caveat that their config might override ours - app.logger.Warn("user server is listening on same interface as automatic HTTP->HTTPS redirects; user-configured routes might override these redirects", - zap.String("server_name", srvName), - zap.String("interface", redirServerAddr), - ) - srv.Routes = append(srv.Routes, appendCatchAll(routes)...) + // find the index of the route after the last route with a host + // matcher, then insert the redirects there, but before any + // user-defined catch-all routes + // see https://github.com/caddyserver/caddy/issues/3212 + insertIndex := srv.findLastRouteWithHostMatcher() + srv.Routes = append(srv.Routes[:insertIndex], append(routes, srv.Routes[insertIndex:]...)...) + + // append our catch-all route in case the user didn't define their own + srv.Routes = appendCatchAll(srv.Routes) + continue redirServersLoop } } diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index 27a1ca87..294ee6af 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -373,6 +373,37 @@ func (s *Server) hasTLSClientAuth() bool { return false } +// findLastRouteWithHostMatcher returns the index of the last route +// in the server which has a host matcher. Used during Automatic HTTPS +// to determine where to insert the HTTP->HTTPS redirect route, such +// that it is after any other host matcher but before any "catch-all" +// route without a host matcher. +func (s *Server) findLastRouteWithHostMatcher() int { + lastIndex := len(s.Routes) + for i, route := range s.Routes { + // since we want to break out of an inner loop, use a closure + // to allow us to use 'return' when we found a host matcher + found := (func() bool { + for _, sets := range route.MatcherSets { + for _, matcher := range sets { + switch matcher.(type) { + case *MatchHost: + return true + } + } + } + return false + })() + + // if we found the host matcher, change the lastIndex to + // just after the current route + if found { + lastIndex = i + 1 + } + } + return lastIndex +} + // HTTPErrorConfig determines how to handle errors // from the HTTP handlers. type HTTPErrorConfig struct { From 4d0474e3b8a985f730fadc797066f41bb232bef8 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 21 Apr 2021 15:43:34 -0400 Subject: [PATCH 0367/1498] reverseproxy: Admin endpoint for reporting upstream statuses (#4125) --- modules/caddyhttp/reverseproxy/admin.go | 122 ++++++++++++++++++++++++ 1 file changed, 122 insertions(+) create mode 100644 modules/caddyhttp/reverseproxy/admin.go diff --git a/modules/caddyhttp/reverseproxy/admin.go b/modules/caddyhttp/reverseproxy/admin.go new file mode 100644 index 00000000..25685a3a --- /dev/null +++ b/modules/caddyhttp/reverseproxy/admin.go @@ -0,0 +1,122 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package reverseproxy + +import ( + "encoding/json" + "fmt" + "net/http" + + "github.com/caddyserver/caddy/v2" +) + +func init() { + caddy.RegisterModule(adminUpstreams{}) +} + +// adminUpstreams is a module that provides the +// /reverse_proxy/upstreams endpoint for the Caddy admin +// API. This allows for checking the health of configured +// reverse proxy upstreams in the pool. +type adminUpstreams struct{} + +// upstreamResults holds the status of a particular upstream +type upstreamStatus struct { + Address string `json:"address"` + Healthy bool `json:"healthy"` + NumRequests int `json:"num_requests"` + Fails int `json:"fails"` +} + +// CaddyModule returns the Caddy module information. +func (adminUpstreams) CaddyModule() caddy.ModuleInfo { + return caddy.ModuleInfo{ + ID: "admin.api.reverse_proxy", + New: func() caddy.Module { return new(adminUpstreams) }, + } +} + +// Routes returns a route for the /reverse_proxy/upstreams endpoint. +func (al adminUpstreams) Routes() []caddy.AdminRoute { + return []caddy.AdminRoute{ + { + Pattern: "/reverse_proxy/upstreams", + Handler: caddy.AdminHandlerFunc(al.handleUpstreams), + }, + } +} + +// handleUpstreams reports the status of the reverse proxy +// upstream pool. +func (adminUpstreams) handleUpstreams(w http.ResponseWriter, r *http.Request) error { + if r.Method != http.MethodGet { + return caddy.APIError{ + HTTPStatus: http.StatusMethodNotAllowed, + Err: fmt.Errorf("method not allowed"), + } + } + + // Prep for a JSON response + w.Header().Set("Content-Type", "application/json") + enc := json.NewEncoder(w) + + // Collect the results to respond with + results := []upstreamStatus{} + + // Iterate over the upstream pool (needs to be fast) + var rangeErr error + hosts.Range(func(key, val interface{}) bool { + address, ok := key.(string) + if !ok { + rangeErr = caddy.APIError{ + HTTPStatus: http.StatusInternalServerError, + Err: fmt.Errorf("could not type assert upstream address"), + } + return false + } + + upstream, ok := val.(*upstreamHost) + if !ok { + rangeErr = caddy.APIError{ + HTTPStatus: http.StatusInternalServerError, + Err: fmt.Errorf("could not type assert upstream struct"), + } + return false + } + + results = append(results, upstreamStatus{ + Address: address, + Healthy: !upstream.Unhealthy(), + NumRequests: upstream.NumRequests(), + Fails: upstream.Fails(), + }) + return true + }) + + // If an error happened during the range, return it + if rangeErr != nil { + return rangeErr + } + + err := enc.Encode(results) + if err != nil { + return caddy.APIError{ + HTTPStatus: http.StatusInternalServerError, + Err: err, + } + } + + return nil +} From 1e218e1d2e3986b7cc1cd7335b43f11a4f194b6e Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 21 Apr 2021 19:05:55 -0400 Subject: [PATCH 0368/1498] caddytls: Add `load_storage` module (#4055) An idea that came up in https://caddy.community/t/save-internally-issued-wildcard-certificate-in-consul/11740, this a simple module that might be useful for anyone who uses storage modules that aren't filesystem, to let them load certs/keys externally issued for use by Caddy. Bit goofy, since we need to fetch the certmagic.Storage during provisioning, it needs a wrapping struct instead of just being an array like `load_files`. Future work might involve adding Caddyfile support via a subdirective of the `tls` directive maybe? --- modules/caddytls/storageloader.go | 89 +++++++++++++++++++++++++++++++ 1 file changed, 89 insertions(+) create mode 100644 modules/caddytls/storageloader.go diff --git a/modules/caddytls/storageloader.go b/modules/caddytls/storageloader.go new file mode 100644 index 00000000..e78996f1 --- /dev/null +++ b/modules/caddytls/storageloader.go @@ -0,0 +1,89 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package caddytls + +import ( + "crypto/tls" + "fmt" + + "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/certmagic" +) + +func init() { + caddy.RegisterModule(StorageLoader{}) +} + +// StorageLoader loads certificates and their associated keys +// from the globally configured storage module. +type StorageLoader struct { + // A list of pairs of certificate and key file names along with their + // encoding format so that they can be loaded from storage. + Pairs []CertKeyFilePair `json:"pairs,omitempty"` + + // Reference to the globally configured storage module. + storage certmagic.Storage +} + +// CaddyModule returns the Caddy module information. +func (StorageLoader) CaddyModule() caddy.ModuleInfo { + return caddy.ModuleInfo{ + ID: "tls.certificates.load_storage", + New: func() caddy.Module { return new(StorageLoader) }, + } +} + +// Provision loads the storage module for sl. +func (sl *StorageLoader) Provision(ctx caddy.Context) error { + sl.storage = ctx.Storage() + return nil +} + +// LoadCertificates returns the certificates to be loaded by sl. +func (sl StorageLoader) LoadCertificates() ([]Certificate, error) { + certs := make([]Certificate, 0, len(sl.Pairs)) + for _, pair := range sl.Pairs { + certData, err := sl.storage.Load(pair.Certificate) + if err != nil { + return nil, err + } + keyData, err := sl.storage.Load(pair.Key) + if err != nil { + return nil, err + } + + var cert tls.Certificate + switch pair.Format { + case "": + fallthrough + case "pem": + cert, err = tls.X509KeyPair(certData, keyData) + default: + return nil, fmt.Errorf("unrecognized certificate/key encoding format: %s", pair.Format) + } + if err != nil { + return nil, err + } + + certs = append(certs, Certificate{Certificate: cert, Tags: pair.Tags}) + } + return certs, nil +} + +// Interface guard +var ( + _ CertificateLoader = (*StorageLoader)(nil) + _ caddy.Provisioner = (*StorageLoader)(nil) +) From a8d45277ca387ca4769fb4e881d242a5896cca5a Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Thu, 22 Apr 2021 20:29:04 -0400 Subject: [PATCH 0369/1498] caddyfile: Fix `import` replacing unrelated placeholders (#4129) * caddyfile: Fix `import` replacing unrelated placeholders See https://caddy.community/t/snippet-issue-works-outside-snippet/12231 So it turns out that `NewReplacer()` gives a replacer with some global defaults (like `{env.*}` and some system and time placeholders), which is not ideal when running `import` because we just want to replace `{args.*}` only, and nothing else. * caddyfile: Add test --- caddyconfig/caddyfile/parse.go | 2 +- .../import_args_snippet_env_placeholder.txt | 31 +++++++++++++++++++ replacer.go | 12 +++++++ 3 files changed, 44 insertions(+), 1 deletion(-) create mode 100644 caddytest/integration/caddyfile_adapt/import_args_snippet_env_placeholder.txt diff --git a/caddyconfig/caddyfile/parse.go b/caddyconfig/caddyfile/parse.go index 52abf478..96491bb3 100755 --- a/caddyconfig/caddyfile/parse.go +++ b/caddyconfig/caddyfile/parse.go @@ -321,7 +321,7 @@ func (p *parser) doImport() error { args := p.RemainingArgs() // add args to the replacer - repl := caddy.NewReplacer() + repl := caddy.NewEmptyReplacer() for index, arg := range args { repl.Set("args."+strconv.Itoa(index), arg) } diff --git a/caddytest/integration/caddyfile_adapt/import_args_snippet_env_placeholder.txt b/caddytest/integration/caddyfile_adapt/import_args_snippet_env_placeholder.txt new file mode 100644 index 00000000..1bc907e5 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/import_args_snippet_env_placeholder.txt @@ -0,0 +1,31 @@ +(foo) { + respond {env.FOO} +} + +:80 { + import foo +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":80" + ], + "routes": [ + { + "handle": [ + { + "body": "{env.FOO}", + "handler": "static_response" + } + ] + } + ] + } + } + } + } +} \ No newline at end of file diff --git a/replacer.go b/replacer.go index 29d8e26a..e6cfdede 100644 --- a/replacer.go +++ b/replacer.go @@ -36,6 +36,18 @@ func NewReplacer() *Replacer { return rep } +// NewEmptyReplacer returns a new Replacer, +// without the global default replacements. +func NewEmptyReplacer() *Replacer { + rep := &Replacer{ + static: make(map[string]interface{}), + } + rep.providers = []ReplacerFunc{ + rep.fromStatic, + } + return rep +} + // Replacer can replace values in strings. // A default/empty Replacer is not valid; // use NewReplacer to make one. From 3a1e81dbf6587d2e886529d55e7a02eabeaa7c47 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Thu, 29 Apr 2021 02:01:48 -0400 Subject: [PATCH 0370/1498] fileserver: Better handling of HTTP status override (#4132) --- modules/caddyhttp/fileserver/staticfiles.go | 46 ++++++++++++++------- 1 file changed, 30 insertions(+), 16 deletions(-) diff --git a/modules/caddyhttp/fileserver/staticfiles.go b/modules/caddyhttp/fileserver/staticfiles.go index 660e1d19..dd448172 100644 --- a/modules/caddyhttp/fileserver/staticfiles.go +++ b/modules/caddyhttp/fileserver/staticfiles.go @@ -18,7 +18,6 @@ import ( "bytes" "fmt" "html/template" - "io" weakrand "math/rand" "mime" "net/http" @@ -333,32 +332,33 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c } } - // if this handler exists in an error context (i.e. is - // part of a handler chain that is supposed to handle - // a previous error), we have to serve the content - // manually in order to write the correct status code + var statusCodeOverride int + + // if this handler exists in an error context (i.e. is part of a + // handler chain that is supposed to handle a previous error), + // we should set status code to the one from the error instead + // of letting http.ServeContent set the default (usually 200) if reqErr, ok := r.Context().Value(caddyhttp.ErrorCtxKey).(error); ok { - statusCode := http.StatusInternalServerError + statusCodeOverride = http.StatusInternalServerError if handlerErr, ok := reqErr.(caddyhttp.HandlerError); ok { if handlerErr.StatusCode > 0 { - statusCode = handlerErr.StatusCode + statusCodeOverride = handlerErr.StatusCode } } - w.WriteHeader(statusCode) - if r.Method != http.MethodHead { - _, _ = io.Copy(w, file) - } - return nil } - // if a status code override is configured, write the status code - // before serving the file + // if a status code override is configured, run the replacer on it if codeStr := fsrv.StatusCode.String(); codeStr != "" { - intVal, err := strconv.Atoi(repl.ReplaceAll(codeStr, "")) + statusCodeOverride, err = strconv.Atoi(repl.ReplaceAll(codeStr, "")) if err != nil { return caddyhttp.Error(http.StatusInternalServerError, err) } - w.WriteHeader(intVal) + } + + // if we do have an override from the previous two parts, then + // we wrap the response writer to intercept the WriteHeader call + if statusCodeOverride > 0 { + w = statusOverrideResponseWriter{ResponseWriter: w, code: statusCodeOverride} } // let the standard library do what it does best; note, however, @@ -557,6 +557,20 @@ func redirect(w http.ResponseWriter, r *http.Request, to string) error { return nil } +// statusOverrideResponseWriter intercepts WriteHeader calls +// to instead write the HTTP status code we want instead +// of the one http.ServeContent will use by default (usually 200) +type statusOverrideResponseWriter struct { + http.ResponseWriter + code int +} + +// WriteHeader intercepts calls by the stdlib to WriteHeader +// to instead write the HTTP status code we want. +func (wr statusOverrideResponseWriter) WriteHeader(int) { + wr.ResponseWriter.WriteHeader(wr.code) +} + var defaultIndexNames = []string{"index.html", "index.txt"} var bufPool = sync.Pool{ From 90175571698d7cb0e4184d257a425f0bd11c713d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sim=C3=A3o=20Gomes=20Viana?= Date: Thu, 29 Apr 2021 18:52:22 +0200 Subject: [PATCH 0371/1498] reverseproxy: fix hash selection policy (#4137) * caddyhttp: reverseproxy: fix hash selection policy Fixes: #4135 Test: go test './...' -count=1 * caddyhttp: reverseproxy: add test to catch #4135 If you revert the last commit, the test will fail. --- .../reverseproxy/selectionpolicies.go | 3 +- .../reverseproxy/selectionpolicies_test.go | 29 +++++++++++++++++++ 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/selectionpolicies.go b/modules/caddyhttp/reverseproxy/selectionpolicies.go index 357ee33a..001f7f80 100644 --- a/modules/caddyhttp/reverseproxy/selectionpolicies.go +++ b/modules/caddyhttp/reverseproxy/selectionpolicies.go @@ -523,8 +523,7 @@ func hostByHashing(pool []*Upstream, s string) *Upstream { } index := hash(s) % poolLen for i := uint32(0); i < poolLen; i++ { - index += i - upstream := pool[index%poolLen] + upstream := pool[(index+i)%poolLen] if upstream.Available() { return upstream } diff --git a/modules/caddyhttp/reverseproxy/selectionpolicies_test.go b/modules/caddyhttp/reverseproxy/selectionpolicies_test.go index 70d05aca..60a27028 100644 --- a/modules/caddyhttp/reverseproxy/selectionpolicies_test.go +++ b/modules/caddyhttp/reverseproxy/selectionpolicies_test.go @@ -198,6 +198,35 @@ func TestIPHashPolicy(t *testing.T) { if h != nil { t.Error("Expected ip hash policy host to be nil.") } + + // Reproduce #4135 + pool = UpstreamPool{ + {Host: new(upstreamHost)}, + {Host: new(upstreamHost)}, + {Host: new(upstreamHost)}, + {Host: new(upstreamHost)}, + {Host: new(upstreamHost)}, + {Host: new(upstreamHost)}, + {Host: new(upstreamHost)}, + {Host: new(upstreamHost)}, + {Host: new(upstreamHost)}, + } + pool[0].SetHealthy(false) + pool[1].SetHealthy(false) + pool[2].SetHealthy(false) + pool[3].SetHealthy(false) + pool[4].SetHealthy(false) + pool[5].SetHealthy(false) + pool[6].SetHealthy(false) + pool[7].SetHealthy(false) + pool[8].SetHealthy(true) + + // We should get a result back when there is one healthy host left. + h = ipHash.Select(pool, req, nil) + if h == nil { + // If it is nil, it means we missed a host even though one is available + t.Error("Expected ip hash policy host to not be nil, but it is nil.") + } } func TestFirstPolicy(t *testing.T) { From ff6ca577ec7196e2cf3991c817d3655754de4b24 Mon Sep 17 00:00:00 2001 From: Alban Lecocq Date: Thu, 29 Apr 2021 18:56:01 +0200 Subject: [PATCH 0372/1498] httpcaddyfile: Fix unexpectedly removed policy (#4128) * httpcaddyfile: Fix unexpectedly removed policy When user set on_demand tls option in a catch-all (:443) policy, we expect other policies to not have the on_demand enabled See ex in tls_automation_policies_5.txt Btw, we can remove policies if they are **all** empty. * Update caddyconfig/httpcaddyfile/tlsapp.go Co-authored-by: Matt Holt Co-authored-by: Matt Holt --- caddyconfig/httpcaddyfile/tlsapp.go | 10 ++- .../tls_automation_policies_5.txt | 62 +++++++++++++++++++ 2 files changed, 69 insertions(+), 3 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/tls_automation_policies_5.txt diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index 1e32be01..72f99be7 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -480,15 +480,19 @@ func consolidateAutomationPolicies(aps []*caddytls.AutomationPolicy) []*caddytls return len(aps[i].Subjects) > len(aps[j].Subjects) }) - // remove any empty policies (except subjects, of course) + emptyAPCount := 0 + // compute the number of empty policies (disregarding subjects) - see #4128 emptyAP := new(caddytls.AutomationPolicy) for i := 0; i < len(aps); i++ { emptyAP.Subjects = aps[i].Subjects if reflect.DeepEqual(aps[i], emptyAP) { - aps = append(aps[:i], aps[i+1:]...) - i-- + emptyAPCount++ } } + // If all policies are empty, we can return nil, as there is no need to set any policy + if emptyAPCount == len(aps) { + return nil + } // remove or combine duplicate policies outer: diff --git a/caddytest/integration/caddyfile_adapt/tls_automation_policies_5.txt b/caddytest/integration/caddyfile_adapt/tls_automation_policies_5.txt new file mode 100644 index 00000000..87d278db --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/tls_automation_policies_5.txt @@ -0,0 +1,62 @@ +a.example.com { +} + +b.example.com { +} + +:443 { + tls { + on_demand + } +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "a.example.com" + ] + } + ], + "terminal": true + }, + { + "match": [ + { + "host": [ + "b.example.com" + ] + } + ], + "terminal": true + } + ] + } + } + }, + "tls": { + "automation": { + "policies": [ + { + "subjects": [ + "a.example.com", + "b.example.com" + ] + }, + { + "on_demand": true + } + ] + } + } + } +} \ No newline at end of file From 956f01163d150b70aa3d5fc418ba9f150bd25c24 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Fri, 30 Apr 2021 10:14:52 -0600 Subject: [PATCH 0373/1498] caddytls: Implement remote IP connection matcher (#4123) * caddytls: Implement remote IP connection matcher * Implement IP range negation If both Ranges and NotRanges are specified, both must match. --- context.go | 8 +++ modules/caddytls/matchers.go | 104 +++++++++++++++++++++++++++++- modules/caddytls/matchers_test.go | 92 ++++++++++++++++++++++++++ 3 files changed, 202 insertions(+), 2 deletions(-) diff --git a/context.go b/context.go index c574be7d..a6386aa8 100644 --- a/context.go +++ b/context.go @@ -430,5 +430,13 @@ func (ctx Context) Storage() certmagic.Storage { // Logger returns a logger that can be used by mod. func (ctx Context) Logger(mod Module) *zap.Logger { + if ctx.cfg == nil { + // often the case in tests; just use a dev logger + l, err := zap.NewDevelopment() + if err != nil { + panic("config missing, unable to create dev logger: " + err.Error()) + } + return l + } return ctx.cfg.Logging.Logger(mod) } diff --git a/modules/caddytls/matchers.go b/modules/caddytls/matchers.go index 50da6097..aee0e726 100644 --- a/modules/caddytls/matchers.go +++ b/modules/caddytls/matchers.go @@ -16,13 +16,18 @@ package caddytls import ( "crypto/tls" + "fmt" + "net" + "strings" "github.com/caddyserver/caddy/v2" "github.com/caddyserver/certmagic" + "go.uber.org/zap" ) func init() { caddy.RegisterModule(MatchServerName{}) + caddy.RegisterModule(MatchRemoteIP{}) } // MatchServerName matches based on SNI. Names in @@ -48,5 +53,100 @@ func (m MatchServerName) Match(hello *tls.ClientHelloInfo) bool { return false } -// Interface guard -var _ ConnectionMatcher = (*MatchServerName)(nil) +// MatchRemoteIP matches based on the remote IP of the +// connection. Specific IPs or CIDR ranges can be specified. +// +// Note that IPs can sometimes be spoofed, so do not rely +// on this as a replacement for actual authentication. +type MatchRemoteIP struct { + // The IPs or CIDR ranges to match. + Ranges []string `json:"ranges,omitempty"` + + // The IPs or CIDR ranges to *NOT* match. + NotRanges []string `json:"not_ranges,omitempty"` + + cidrs []*net.IPNet + notCidrs []*net.IPNet + logger *zap.Logger +} + +// CaddyModule returns the Caddy module information. +func (MatchRemoteIP) CaddyModule() caddy.ModuleInfo { + return caddy.ModuleInfo{ + ID: "tls.handshake_match.remote_ip", + New: func() caddy.Module { return new(MatchRemoteIP) }, + } +} + +// Provision parses m's IP ranges, either from IP or CIDR expressions. +func (m *MatchRemoteIP) Provision(ctx caddy.Context) error { + m.logger = ctx.Logger(m) + for _, str := range m.Ranges { + cidrs, err := m.parseIPRange(str) + if err != nil { + return err + } + m.cidrs = cidrs + } + for _, str := range m.NotRanges { + cidrs, err := m.parseIPRange(str) + if err != nil { + return err + } + m.notCidrs = cidrs + } + return nil +} + +// Match matches hello based on the connection's remote IP. +func (m MatchRemoteIP) Match(hello *tls.ClientHelloInfo) bool { + remoteAddr := hello.Conn.RemoteAddr().String() + ipStr, _, err := net.SplitHostPort(remoteAddr) + if err != nil { + ipStr = remoteAddr // weird; maybe no port? + } + ip := net.ParseIP(ipStr) + if ip == nil { + m.logger.Error("invalid client IP addresss", zap.String("ip", ipStr)) + return false + } + return (len(m.cidrs) == 0 || m.matches(ip, m.cidrs)) && + (len(m.notCidrs) == 0 || !m.matches(ip, m.notCidrs)) +} + +func (MatchRemoteIP) parseIPRange(str string) ([]*net.IPNet, error) { + var cidrs []*net.IPNet + if strings.Contains(str, "/") { + _, ipNet, err := net.ParseCIDR(str) + if err != nil { + return nil, fmt.Errorf("parsing CIDR expression: %v", err) + } + cidrs = append(cidrs, ipNet) + } else { + ip := net.ParseIP(str) + if ip == nil { + return nil, fmt.Errorf("invalid IP address: %s", str) + } + mask := len(ip) * 8 + cidrs = append(cidrs, &net.IPNet{ + IP: ip, + Mask: net.CIDRMask(mask, mask), + }) + } + return cidrs, nil +} + +func (MatchRemoteIP) matches(ip net.IP, ranges []*net.IPNet) bool { + for _, ipRange := range ranges { + if ipRange.Contains(ip) { + return true + } + } + return false +} + +// Interface guards +var ( + _ ConnectionMatcher = (*MatchServerName)(nil) + _ ConnectionMatcher = (*MatchRemoteIP)(nil) +) diff --git a/modules/caddytls/matchers_test.go b/modules/caddytls/matchers_test.go index 24a015a5..4522b337 100644 --- a/modules/caddytls/matchers_test.go +++ b/modules/caddytls/matchers_test.go @@ -15,8 +15,12 @@ package caddytls import ( + "context" "crypto/tls" + "net" "testing" + + "github.com/caddyserver/caddy/v2" ) func TestServerNameMatcher(t *testing.T) { @@ -84,3 +88,91 @@ func TestServerNameMatcher(t *testing.T) { } } } + +func TestRemoteIPMatcher(t *testing.T) { + ctx, cancel := caddy.NewContext(caddy.Context{Context: context.Background()}) + defer cancel() + + for i, tc := range []struct { + ranges []string + notRanges []string + input string + expect bool + }{ + { + ranges: []string{"127.0.0.1"}, + input: "127.0.0.1:12345", + expect: true, + }, + { + ranges: []string{"127.0.0.1"}, + input: "127.0.0.2:12345", + expect: false, + }, + { + ranges: []string{"127.0.0.1/16"}, + input: "127.0.1.23:12345", + expect: true, + }, + { + ranges: []string{"127.0.0.1", "192.168.1.105"}, + input: "192.168.1.105:12345", + expect: true, + }, + { + notRanges: []string{"127.0.0.1"}, + input: "127.0.0.1:12345", + expect: false, + }, + { + notRanges: []string{"127.0.0.2"}, + input: "127.0.0.1:12345", + expect: true, + }, + { + ranges: []string{"127.0.0.1"}, + notRanges: []string{"127.0.0.2"}, + input: "127.0.0.1:12345", + expect: true, + }, + { + ranges: []string{"127.0.0.2"}, + notRanges: []string{"127.0.0.2"}, + input: "127.0.0.2:12345", + expect: false, + }, + { + ranges: []string{"127.0.0.2"}, + notRanges: []string{"127.0.0.2"}, + input: "127.0.0.3:12345", + expect: false, + }, + } { + matcher := MatchRemoteIP{Ranges: tc.ranges, NotRanges: tc.notRanges} + err := matcher.Provision(ctx) + if err != nil { + t.Fatalf("Test %d: Provision failed: %v", i, err) + } + + addr := testAddr(tc.input) + chi := &tls.ClientHelloInfo{Conn: testConn{addr: addr}} + + actual := matcher.Match(chi) + if actual != tc.expect { + t.Errorf("Test %d: Expected %t but got %t (input=%s ranges=%v notRanges=%v)", + i, tc.expect, actual, tc.input, tc.ranges, tc.notRanges) + } + } +} + +type testConn struct { + *net.TCPConn + addr testAddr +} + +func (tc testConn) RemoteAddr() net.Addr { return tc.addr } + +type testAddr string + +func (testAddr) Network() string { return "tcp" } +func (ta testAddr) String() string { return string(ta) } From 637fd8f67b7ff6191673ff13e94825a4ec896891 Mon Sep 17 00:00:00 2001 From: Jason Du Date: Fri, 30 Apr 2021 19:17:23 -0700 Subject: [PATCH 0374/1498] fileserver: Share template logic for both `templates` and `file_server browse` (#4093) Co-authored-by: Matthew Holt --- modules/caddyhttp/fileserver/browse.go | 73 ++++++++++++-- modules/caddyhttp/fileserver/browse_test.go | 30 ++++-- .../{browselisting.go => browsetplcontext.go} | 21 ++-- ...sting_test.go => browsetplcontext_test.go} | 16 ++- modules/caddyhttp/fileserver/staticfiles.go | 18 ---- modules/caddyhttp/templates/templates.go | 6 +- modules/caddyhttp/templates/tplcontext.go | 98 +++++++++++-------- .../caddyhttp/templates/tplcontext_test.go | 24 +---- 8 files changed, 175 insertions(+), 111 deletions(-) rename modules/caddyhttp/fileserver/{browselisting.go => browsetplcontext.go} (92%) rename modules/caddyhttp/fileserver/{browselisting_test.go => browsetplcontext_test.go} (56%) diff --git a/modules/caddyhttp/fileserver/browse.go b/modules/caddyhttp/fileserver/browse.go index 2712077f..fc8bddb6 100644 --- a/modules/caddyhttp/fileserver/browse.go +++ b/modules/caddyhttp/fileserver/browse.go @@ -17,14 +17,16 @@ package fileserver import ( "bytes" "encoding/json" - "html/template" + "fmt" "net/http" "os" "path" "strings" + "text/template" "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/modules/caddyhttp" + "github.com/caddyserver/caddy/v2/modules/caddyhttp/templates" "go.uber.org/zap" ) @@ -82,7 +84,26 @@ func (fsrv *FileServer) serveBrowse(root, dirPath string, w http.ResponseWriter, } w.Header().Set("Content-Type", "application/json; charset=utf-8") } else { - if buf, err = fsrv.browseWriteHTML(listing); err != nil { + var fs http.FileSystem + if fsrv.Root != "" { + fs = http.Dir(repl.ReplaceAll(fsrv.Root, ".")) + } + + var tplCtx = &templateContext{ + TemplateContext: templates.TemplateContext{ + Root: fs, + Req: r, + RespHeader: templates.WrappedHeader{Header: w.Header()}, + }, + browseTemplateContext: listing, + } + + err = fsrv.makeBrowseTemplate(tplCtx) + if err != nil { + return fmt.Errorf("parsing browse template: %v", err) + } + + if buf, err = fsrv.browseWriteHTML(tplCtx); err != nil { return caddyhttp.Error(http.StatusInternalServerError, err) } w.Header().Set("Content-Type", "text/html; charset=utf-8") @@ -93,10 +114,10 @@ func (fsrv *FileServer) serveBrowse(root, dirPath string, w http.ResponseWriter, return nil } -func (fsrv *FileServer) loadDirectoryContents(dir *os.File, root, urlPath string, repl *caddy.Replacer) (browseListing, error) { +func (fsrv *FileServer) loadDirectoryContents(dir *os.File, root, urlPath string, repl *caddy.Replacer) (browseTemplateContext, error) { files, err := dir.Readdir(-1) if err != nil { - return browseListing{}, err + return browseTemplateContext{}, err } // user can presumably browse "up" to parent folder if path is longer than "/" @@ -107,7 +128,7 @@ func (fsrv *FileServer) loadDirectoryContents(dir *os.File, root, urlPath string // browseApplyQueryParams applies query parameters to the listing. // It mutates the listing and may set cookies. -func (fsrv *FileServer) browseApplyQueryParams(w http.ResponseWriter, r *http.Request, listing *browseListing) { +func (fsrv *FileServer) browseApplyQueryParams(w http.ResponseWriter, r *http.Request, listing *browseTemplateContext) { sortParam := r.URL.Query().Get("sort") orderParam := r.URL.Query().Get("order") limitParam := r.URL.Query().Get("limit") @@ -139,17 +160,41 @@ func (fsrv *FileServer) browseApplyQueryParams(w http.ResponseWriter, r *http.Re listing.applySortAndLimit(sortParam, orderParam, limitParam, offsetParam) } -func (fsrv *FileServer) browseWriteJSON(listing browseListing) (*bytes.Buffer, error) { +// makeBrowseTemplate creates the template to be used for directory listings. +func (fsrv *FileServer) makeBrowseTemplate(tplCtx *templateContext) error { + var tpl *template.Template + var err error + + if fsrv.Browse.TemplateFile != "" { + tpl = tplCtx.NewTemplate(path.Base(fsrv.Browse.TemplateFile)) + tpl, err = tpl.ParseFiles(fsrv.Browse.TemplateFile) + if err != nil { + return fmt.Errorf("parsing browse template file: %v", err) + } + } else { + tpl = tplCtx.NewTemplate("default_listing") + tpl, err = tpl.Parse(defaultBrowseTemplate) + if err != nil { + return fmt.Errorf("parsing default browse template: %v", err) + } + } + + fsrv.Browse.template = tpl + + return nil +} + +func (fsrv *FileServer) browseWriteJSON(listing browseTemplateContext) (*bytes.Buffer, error) { buf := bufPool.Get().(*bytes.Buffer) + defer bufPool.Put(buf) err := json.NewEncoder(buf).Encode(listing.Items) - bufPool.Put(buf) return buf, err } -func (fsrv *FileServer) browseWriteHTML(listing browseListing) (*bytes.Buffer, error) { +func (fsrv *FileServer) browseWriteHTML(tplCtx *templateContext) (*bytes.Buffer, error) { buf := bufPool.Get().(*bytes.Buffer) - err := fsrv.Browse.template.Execute(buf, listing) - bufPool.Put(buf) + defer bufPool.Put(buf) + err := fsrv.Browse.template.Execute(buf, tplCtx) return buf, err } @@ -171,3 +216,11 @@ func isSymlinkTargetDir(f os.FileInfo, root, urlPath string) bool { } return targetInfo.IsDir() } + +// templateContext powers the context used when evaluating the browse template. +// It combines browse-specific features with the standard templates handler +// features. +type templateContext struct { + templates.TemplateContext + browseTemplateContext +} diff --git a/modules/caddyhttp/fileserver/browse_test.go b/modules/caddyhttp/fileserver/browse_test.go index 5d5874f3..30862fa4 100644 --- a/modules/caddyhttp/fileserver/browse_test.go +++ b/modules/caddyhttp/fileserver/browse_test.go @@ -1,16 +1,27 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package fileserver import ( - "html/template" "testing" - - "github.com/caddyserver/caddy/v2" + "text/template" ) func BenchmarkBrowseWriteJSON(b *testing.B) { fsrv := new(FileServer) - fsrv.Provision(caddy.Context{}) - listing := browseListing{ + listing := browseTemplateContext{ Name: "test", Path: "test", CanGoUp: false, @@ -30,12 +41,11 @@ func BenchmarkBrowseWriteJSON(b *testing.B) { func BenchmarkBrowseWriteHTML(b *testing.B) { fsrv := new(FileServer) - fsrv.Provision(caddy.Context{}) fsrv.Browse = &Browse{ TemplateFile: "", template: template.New("test"), } - listing := browseListing{ + listing := browseTemplateContext{ Name: "test", Path: "test", CanGoUp: false, @@ -46,9 +56,13 @@ func BenchmarkBrowseWriteHTML(b *testing.B) { Order: "", Limit: 42, } + tplCtx := &templateContext{ + browseTemplateContext: listing, + } + fsrv.makeBrowseTemplate(tplCtx) b.ResetTimer() for n := 0; n < b.N; n++ { - fsrv.browseWriteHTML(listing) + fsrv.browseWriteHTML(tplCtx) } } diff --git a/modules/caddyhttp/fileserver/browselisting.go b/modules/caddyhttp/fileserver/browsetplcontext.go similarity index 92% rename from modules/caddyhttp/fileserver/browselisting.go rename to modules/caddyhttp/fileserver/browsetplcontext.go index 2b8c66ce..489e8c05 100644 --- a/modules/caddyhttp/fileserver/browselisting.go +++ b/modules/caddyhttp/fileserver/browsetplcontext.go @@ -27,7 +27,7 @@ import ( "github.com/dustin/go-humanize" ) -func (fsrv *FileServer) directoryListing(files []os.FileInfo, canGoUp bool, root, urlPath string, repl *caddy.Replacer) browseListing { +func (fsrv *FileServer) directoryListing(files []os.FileInfo, canGoUp bool, root, urlPath string, repl *caddy.Replacer) browseTemplateContext { filesToHide := fsrv.transformHidePaths(repl) var dirCount, fileCount int @@ -62,7 +62,7 @@ func (fsrv *FileServer) directoryListing(files []os.FileInfo, canGoUp bool, root }) } - return browseListing{ + return browseTemplateContext{ Name: path.Base(urlPath), Path: urlPath, CanGoUp: canGoUp, @@ -72,7 +72,8 @@ func (fsrv *FileServer) directoryListing(files []os.FileInfo, canGoUp bool, root } } -type browseListing struct { +// browseTemplateContext provides the template context for directory listings. +type browseTemplateContext struct { // The name of the directory (the last element of the path). Name string `json:"name"` @@ -106,7 +107,7 @@ type browseListing struct { // Breadcrumbs returns l.Path where every element maps // the link to the text to display. -func (l browseListing) Breadcrumbs() []crumb { +func (l browseTemplateContext) Breadcrumbs() []crumb { if len(l.Path) == 0 { return []crumb{} } @@ -130,7 +131,7 @@ func (l browseListing) Breadcrumbs() []crumb { return result } -func (l *browseListing) applySortAndLimit(sortParam, orderParam, limitParam string, offsetParam string) { +func (l *browseTemplateContext) applySortAndLimit(sortParam, orderParam, limitParam string, offsetParam string) { l.Sort = sortParam l.Order = orderParam @@ -207,10 +208,12 @@ func (fi fileInfo) HumanModTime(format string) string { return fi.ModTime.Format(format) } -type byName browseListing -type byNameDirFirst browseListing -type bySize browseListing -type byTime browseListing +type ( + byName browseTemplateContext + byNameDirFirst browseTemplateContext + bySize browseTemplateContext + byTime browseTemplateContext +) func (l byName) Len() int { return len(l.Items) } func (l byName) Swap(i, j int) { l.Items[i], l.Items[j] = l.Items[j], l.Items[i] } diff --git a/modules/caddyhttp/fileserver/browselisting_test.go b/modules/caddyhttp/fileserver/browsetplcontext_test.go similarity index 56% rename from modules/caddyhttp/fileserver/browselisting_test.go rename to modules/caddyhttp/fileserver/browsetplcontext_test.go index 6d58b7e5..01e6c8f1 100644 --- a/modules/caddyhttp/fileserver/browselisting_test.go +++ b/modules/caddyhttp/fileserver/browsetplcontext_test.go @@ -1,3 +1,17 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package fileserver import ( @@ -25,7 +39,7 @@ func TestBreadcrumbs(t *testing.T) { } for _, d := range testdata { - l := browseListing{Path: d.path} + l := browseTemplateContext{Path: d.path} actual := l.Breadcrumbs() if len(actual) != len(d.expected) { t.Errorf("wrong size output, got %d elements but expected %d", len(actual), len(d.expected)) diff --git a/modules/caddyhttp/fileserver/staticfiles.go b/modules/caddyhttp/fileserver/staticfiles.go index dd448172..f2320aab 100644 --- a/modules/caddyhttp/fileserver/staticfiles.go +++ b/modules/caddyhttp/fileserver/staticfiles.go @@ -17,7 +17,6 @@ package fileserver import ( "bytes" "fmt" - "html/template" weakrand "math/rand" "mime" "net/http" @@ -118,23 +117,6 @@ func (fsrv *FileServer) Provision(ctx caddy.Context) error { fsrv.IndexNames = defaultIndexNames } - if fsrv.Browse != nil { - var tpl *template.Template - var err error - if fsrv.Browse.TemplateFile != "" { - tpl, err = template.ParseFiles(fsrv.Browse.TemplateFile) - if err != nil { - return fmt.Errorf("parsing browse template file: %v", err) - } - } else { - tpl, err = template.New("default_listing").Parse(defaultBrowseTemplate) - if err != nil { - return fmt.Errorf("parsing default browse template: %v", err) - } - } - fsrv.Browse.template = tpl - } - // for hide paths that are static (i.e. no placeholders), we can transform them into // absolute paths before the server starts for very slight performance improvement for i, h := range fsrv.Hide { diff --git a/modules/caddyhttp/templates/templates.go b/modules/caddyhttp/templates/templates.go index f9ce1c39..33e5a70c 100644 --- a/modules/caddyhttp/templates/templates.go +++ b/modules/caddyhttp/templates/templates.go @@ -37,7 +37,7 @@ func init() { // // [All Sprig functions](https://masterminds.github.io/sprig/) are supported. // -// In addition to the standard functions and Sprig functions, Caddy adds +// In addition to the standard functions and the Sprig library, Caddy adds // extra functions and data that are available to a template: // // ##### `.Args` @@ -303,10 +303,10 @@ func (t *Templates) executeTemplate(rr caddyhttp.ResponseRecorder, r *http.Reque fs = http.Dir(repl.ReplaceAll(t.FileRoot, ".")) } - ctx := &templateContext{ + ctx := &TemplateContext{ Root: fs, Req: r, - RespHeader: tplWrappedHeader{rr.Header()}, + RespHeader: WrappedHeader{rr.Header()}, config: t, } diff --git a/modules/caddyhttp/templates/tplcontext.go b/modules/caddyhttp/templates/tplcontext.go index 1212ee20..1a145a2e 100644 --- a/modules/caddyhttp/templates/tplcontext.go +++ b/modules/caddyhttp/templates/tplcontext.go @@ -38,19 +38,49 @@ import ( gmhtml "github.com/yuin/goldmark/renderer/html" ) -// templateContext is the templateContext with which HTTP templates are executed. -type templateContext struct { +// TemplateContext is the TemplateContext with which HTTP templates are executed. +type TemplateContext struct { Root http.FileSystem Req *http.Request Args []interface{} // defined by arguments to funcInclude - RespHeader tplWrappedHeader + RespHeader WrappedHeader config *Templates } +// NewTemplate returns a new template intended to be evaluated with this +// context, as it is initialized with configuration from this context. +func (c TemplateContext) NewTemplate(tplName string) *template.Template { + tpl := template.New(tplName) + + // customize delimiters, if applicable + if c.config != nil && len(c.config.Delimiters) == 2 { + tpl.Delims(c.config.Delimiters[0], c.config.Delimiters[1]) + } + + // add sprig library + tpl.Funcs(sprigFuncMap) + + // add our own library + tpl.Funcs(template.FuncMap{ + "include": c.funcInclude, + "httpInclude": c.funcHTTPInclude, + "stripHTML": c.funcStripHTML, + "markdown": c.funcMarkdown, + "splitFrontMatter": c.funcSplitFrontMatter, + "listFiles": c.funcListFiles, + "env": c.funcEnv, + "placeholder": c.funcPlaceholder, + "fileExists": c.funcFileExists, + "httpError": c.funcHTTPError, + }) + + return tpl +} + // OriginalReq returns the original, unmodified, un-rewritten request as // it originally came in over the wire. -func (c templateContext) OriginalReq() http.Request { +func (c TemplateContext) OriginalReq() http.Request { or, _ := c.Req.Context().Value(caddyhttp.OriginalRequestCtxKey).(http.Request) return or } @@ -59,7 +89,7 @@ func (c templateContext) OriginalReq() http.Request { // Note that included files are NOT escaped, so you should only include // trusted files. If it is not trusted, be sure to use escaping functions // in your template. -func (c templateContext) funcInclude(filename string, args ...interface{}) (string, error) { +func (c TemplateContext) funcInclude(filename string, args ...interface{}) (string, error) { if c.Root == nil { return "", fmt.Errorf("root file system not specified") } @@ -93,7 +123,7 @@ func (c templateContext) funcInclude(filename string, args ...interface{}) (stri // to the given URI on the same server. Note that included bodies // are NOT escaped, so you should only include trusted resources. // If it is not trusted, be sure to use escaping functions yourself. -func (c templateContext) funcHTTPInclude(uri string) (string, error) { +func (c TemplateContext) funcHTTPInclude(uri string) (string, error) { // prevent virtual request loops by counting how many levels // deep we are; and if we get too deep, return an error recursionCount := 1 @@ -137,26 +167,8 @@ func (c templateContext) funcHTTPInclude(uri string) (string, error) { return buf.String(), nil } -func (c templateContext) executeTemplateInBuffer(tplName string, buf *bytes.Buffer) error { - tpl := template.New(tplName) - if len(c.config.Delimiters) == 2 { - tpl.Delims(c.config.Delimiters[0], c.config.Delimiters[1]) - } - - tpl.Funcs(sprigFuncMap) - - tpl.Funcs(template.FuncMap{ - "include": c.funcInclude, - "httpInclude": c.funcHTTPInclude, - "stripHTML": c.funcStripHTML, - "markdown": c.funcMarkdown, - "splitFrontMatter": c.funcSplitFrontMatter, - "listFiles": c.funcListFiles, - "env": c.funcEnv, - "placeholder": c.funcPlaceholder, - "fileExists": c.funcFileExists, - "httpError": c.funcHTTPError, - }) +func (c TemplateContext) executeTemplateInBuffer(tplName string, buf *bytes.Buffer) error { + tpl := c.NewTemplate(tplName) parsedTpl, err := tpl.Parse(buf.String()) if err != nil { @@ -168,18 +180,18 @@ func (c templateContext) executeTemplateInBuffer(tplName string, buf *bytes.Buff return parsedTpl.Execute(buf, c) } -func (c templateContext) funcPlaceholder(name string) string { +func (c TemplateContext) funcPlaceholder(name string) string { repl := c.Req.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) value, _ := repl.GetString(name) return value } -func (templateContext) funcEnv(varName string) string { +func (TemplateContext) funcEnv(varName string) string { return os.Getenv(varName) } // Cookie gets the value of a cookie with name name. -func (c templateContext) Cookie(name string) string { +func (c TemplateContext) Cookie(name string) string { cookies := c.Req.Cookies() for _, cookie := range cookies { if cookie.Name == name { @@ -190,7 +202,7 @@ func (c templateContext) Cookie(name string) string { } // RemoteIP gets the IP address of the client making the request. -func (c templateContext) RemoteIP() string { +func (c TemplateContext) RemoteIP() string { ip, _, err := net.SplitHostPort(c.Req.RemoteAddr) if err != nil { return c.Req.RemoteAddr @@ -200,7 +212,7 @@ func (c templateContext) RemoteIP() string { // Host returns the hostname portion of the Host header // from the HTTP request. -func (c templateContext) Host() (string, error) { +func (c TemplateContext) Host() (string, error) { host, _, err := net.SplitHostPort(c.Req.Host) if err != nil { if !strings.Contains(c.Req.Host, ":") { @@ -214,7 +226,7 @@ func (c templateContext) Host() (string, error) { // funcStripHTML returns s without HTML tags. It is fairly naive // but works with most valid HTML inputs. -func (templateContext) funcStripHTML(s string) string { +func (TemplateContext) funcStripHTML(s string) string { var buf bytes.Buffer var inTag, inQuotes bool var tagStart int @@ -247,7 +259,7 @@ func (templateContext) funcStripHTML(s string) string { // funcMarkdown renders the markdown body as HTML. The resulting // HTML is NOT escaped so that it can be rendered as HTML. -func (templateContext) funcMarkdown(input interface{}) (string, error) { +func (TemplateContext) funcMarkdown(input interface{}) (string, error) { inputStr := toString(input) md := goldmark.New( @@ -283,7 +295,7 @@ func (templateContext) funcMarkdown(input interface{}) (string, error) { // splitFrontMatter parses front matter out from the beginning of input, // and returns the separated key-value pairs and the body/content. input // must be a "stringy" value. -func (templateContext) funcSplitFrontMatter(input interface{}) (parsedMarkdownDoc, error) { +func (TemplateContext) funcSplitFrontMatter(input interface{}) (parsedMarkdownDoc, error) { meta, body, err := extractFrontMatter(toString(input)) if err != nil { return parsedMarkdownDoc{}, err @@ -293,7 +305,7 @@ func (templateContext) funcSplitFrontMatter(input interface{}) (parsedMarkdownDo // funcListFiles reads and returns a slice of names from the given // directory relative to the root of c. -func (c templateContext) funcListFiles(name string) ([]string, error) { +func (c TemplateContext) funcListFiles(name string) ([]string, error) { if c.Root == nil { return nil, fmt.Errorf("root file system not specified") } @@ -326,7 +338,7 @@ func (c templateContext) funcListFiles(name string) ([]string, error) { } // funcFileExists returns true if filename can be opened successfully. -func (c templateContext) funcFileExists(filename string) (bool, error) { +func (c TemplateContext) funcFileExists(filename string) (bool, error) { if c.Root == nil { return false, fmt.Errorf("root file system not specified") } @@ -339,21 +351,21 @@ func (c templateContext) funcFileExists(filename string) (bool, error) { } // funcHTTPError returns a structured HTTP handler error. EXPERIMENTAL. -// TODO: Requires https://github.com/golang/go/issues/34201 to be fixed. +// TODO: Requires https://github.com/golang/go/issues/34201 to be fixed (Go 1.17). // Example usage might be: `{{if not (fileExists $includeFile)}}{{httpError 404}}{{end}}` -func (c templateContext) funcHTTPError(statusCode int) (bool, error) { +func (c TemplateContext) funcHTTPError(statusCode int) (bool, error) { return false, caddyhttp.Error(statusCode, nil) } -// tplWrappedHeader wraps niladic functions so that they +// WrappedHeader wraps niladic functions so that they // can be used in templates. (Template functions must // return a value.) -type tplWrappedHeader struct{ http.Header } +type WrappedHeader struct{ http.Header } // Add adds a header field value, appending val to // existing values for that field. It returns an // empty string. -func (h tplWrappedHeader) Add(field, val string) string { +func (h WrappedHeader) Add(field, val string) string { h.Header.Add(field, val) return "" } @@ -361,13 +373,13 @@ func (h tplWrappedHeader) Add(field, val string) string { // Set sets a header field value, overwriting any // other values for that field. It returns an // empty string. -func (h tplWrappedHeader) Set(field, val string) string { +func (h WrappedHeader) Set(field, val string) string { h.Header.Set(field, val) return "" } // Del deletes a header field. It returns an empty string. -func (h tplWrappedHeader) Del(field string) string { +func (h WrappedHeader) Del(field string) string { h.Header.Del(field) return "" } diff --git a/modules/caddyhttp/templates/tplcontext_test.go b/modules/caddyhttp/templates/tplcontext_test.go index c0658a17..efee3bed 100644 --- a/modules/caddyhttp/templates/tplcontext_test.go +++ b/modules/caddyhttp/templates/tplcontext_test.go @@ -12,20 +12,6 @@ // See the License for the specific language governing permissions and // limitations under the License. -// Copyright 2015 Light Code Labs, LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - package templates import ( @@ -357,7 +343,7 @@ title = "Welcome" } -func getContextOrFail(t *testing.T) templateContext { +func getContextOrFail(t *testing.T) TemplateContext { context, err := initTestContext() if err != nil { t.Fatalf("failed to prepare test context: %v", err) @@ -365,15 +351,15 @@ func getContextOrFail(t *testing.T) templateContext { return context } -func initTestContext() (templateContext, error) { +func initTestContext() (TemplateContext, error) { body := bytes.NewBufferString("request body") request, err := http.NewRequest("GET", "https://example.com/foo/bar", body) if err != nil { - return templateContext{}, err + return TemplateContext{}, err } - return templateContext{ + return TemplateContext{ Root: http.Dir(os.TempDir()), Req: request, - RespHeader: tplWrappedHeader{make(http.Header)}, + RespHeader: WrappedHeader{make(http.Header)}, }, nil } From 53ececda21f77d000ee893bc981d6ec5c33872f8 Mon Sep 17 00:00:00 2001 From: Calvin Xiao Date: Mon, 3 May 2021 00:35:28 +0800 Subject: [PATCH 0375/1498] caddyhttp: performance improvement in HeaderRE Matcher (#4143) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Below is the report using `benchstat` and cmd: `go test -run=BenchmarkHeaderREMatcher -bench=BenchmarkHeaderREMatcher -benchmem -count=10` ``` name old time/op new time/op delta HeaderREMatcher-16 869ns ± 1% 658ns ± 0% -24.29% (p=0.000 n=10+10) name old alloc/op new alloc/op delta HeaderREMatcher-16 144B ± 0% 112B ± 0% -22.22% (p=0.000 n=10+10) name old allocs/op new allocs/op delta HeaderREMatcher-16 7.00 ± 0% 5.00 ± 0% -28.57% (p=0.000 n=10+10) ``` --- modules/caddyhttp/matchers.go | 5 +++-- modules/caddyhttp/matchers_test.go | 26 ++++++++++++++++++++++++++ 2 files changed, 29 insertions(+), 2 deletions(-) diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index a4f45020..eaf43e9a 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -24,6 +24,7 @@ import ( "path/filepath" "regexp" "sort" + "strconv" "strings" "github.com/caddyserver/caddy/v2" @@ -935,14 +936,14 @@ func (mre *MatchRegexp) Match(input string, repl *caddy.Replacer) bool { // save all capture groups, first by index for i, match := range matches { - key := fmt.Sprintf("%s.%d", mre.phPrefix, i) + key := mre.phPrefix + "." + strconv.Itoa(i) repl.Set(key, match) } // then by name for i, name := range mre.compiled.SubexpNames() { if i != 0 && name != "" { - key := fmt.Sprintf("%s.%s", mre.phPrefix, name) + key := mre.phPrefix + "." + name repl.Set(key, matches[i]) } } diff --git a/modules/caddyhttp/matchers_test.go b/modules/caddyhttp/matchers_test.go index 5163df13..950020f9 100644 --- a/modules/caddyhttp/matchers_test.go +++ b/modules/caddyhttp/matchers_test.go @@ -692,6 +692,32 @@ func TestHeaderREMatcher(t *testing.T) { } } +func BenchmarkHeaderREMatcher(b *testing.B) { + + i := 0 + match := MatchHeaderRE{"Field": &MatchRegexp{Pattern: "^foo(.*)$", Name: "name"}} + input := http.Header{"Field": []string{"foobar"}} + var host string + err := match.Provision(caddy.Context{}) + if err != nil { + b.Errorf("Test %d %v: Provisioning: %v", i, match, err) + } + err = match.Validate() + if err != nil { + b.Errorf("Test %d %v: Validating: %v", i, match, err) + } + + // set up the fake request and its Replacer + req := &http.Request{Header: input, URL: new(url.URL), Host: host} + repl := caddy.NewReplacer() + ctx := context.WithValue(req.Context(), caddy.ReplacerCtxKey, repl) + req = req.WithContext(ctx) + addHTTPVarsToReplacer(repl, req, httptest.NewRecorder()) + for run := 0; run < b.N; run++ { + match.Match(req) + } +} + func TestVarREMatcher(t *testing.T) { for i, tc := range []struct { desc string From 6e0e3e1537c399faabd30cc08a9fe68a7be87639 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Sun, 2 May 2021 13:57:28 -0400 Subject: [PATCH 0376/1498] httpcaddyfile: Add global option for `storage_clean_interval` (#4134) Followup to https://github.com/caddyserver/caddy/commit/42b7134ffa3bf3e9e86514c82407979c2627a5ab --- caddyconfig/httpcaddyfile/options.go | 15 +++++++++++++++ caddyconfig/httpcaddyfile/tlsapp.go | 8 ++++++++ .../caddyfile_adapt/global_options_acme.txt | 4 +++- 3 files changed, 26 insertions(+), 1 deletion(-) diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go index 9dd215f9..799b0881 100644 --- a/caddyconfig/httpcaddyfile/options.go +++ b/caddyconfig/httpcaddyfile/options.go @@ -32,6 +32,7 @@ func init() { RegisterGlobalOption("default_sni", parseOptSingleString) RegisterGlobalOption("order", parseOptOrder) RegisterGlobalOption("storage", parseOptStorage) + RegisterGlobalOption("storage_clean_interval", parseOptStorageCleanInterval) RegisterGlobalOption("acme_ca", parseOptSingleString) RegisterGlobalOption("acme_ca_root", parseOptSingleString) RegisterGlobalOption("acme_dns", parseOptACMEDNS) @@ -177,6 +178,20 @@ func parseOptStorage(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) return storage, nil } +func parseOptStorageCleanInterval(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { + if !d.Next() { // consume option name + return nil, d.ArgErr() + } + if !d.Next() { // get duration value + return nil, d.ArgErr() + } + dur, err := caddy.ParseDuration(d.Val()) + if err != nil { + return nil, err + } + return caddy.Duration(dur), nil +} + func parseOptACMEDNS(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { if !d.Next() { // consume option name return nil, d.ArgErr() diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index 72f99be7..c4af8e4c 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -278,6 +278,14 @@ func (st ServerType) buildTLSApp( tlsApp.Automation.OnDemand = onDemand } + // set the storage clean interval if configured + if storageCleanInterval, ok := options["storage_clean_interval"].(caddy.Duration); ok { + if tlsApp.Automation == nil { + tlsApp.Automation = new(caddytls.AutomationConfig) + } + tlsApp.Automation.StorageCleanInterval = storageCleanInterval + } + // if any hostnames appear on the same server block as a key with // no host, they will not be used with route matchers because the // hostless key matches all hosts, therefore, it wouldn't be diff --git a/caddytest/integration/caddyfile_adapt/global_options_acme.txt b/caddytest/integration/caddyfile_adapt/global_options_acme.txt index fb95588a..36f317ab 100644 --- a/caddytest/integration/caddyfile_adapt/global_options_acme.txt +++ b/caddytest/integration/caddyfile_adapt/global_options_acme.txt @@ -20,6 +20,7 @@ interval 30s burst 20 } + storage_clean_interval 7d key_type ed25519 } @@ -80,7 +81,8 @@ "burst": 20 }, "ask": "https://example.com" - } + }, + "storage_clean_interval": 604800000000000 } } } From ef7f15f3a42474319e2db0dff6720d91c153f0bf Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Sun, 2 May 2021 14:11:27 -0400 Subject: [PATCH 0377/1498] httpcaddyfile: Add `auto_https ignore_loaded_certs` (#4077) --- caddyconfig/httpcaddyfile/builtins.go | 8 ++--- caddyconfig/httpcaddyfile/httptype.go | 3 ++ caddyconfig/httpcaddyfile/options.go | 4 +-- .../auto_https_ignore_loaded_certs.txt | 34 +++++++++++++++++++ 4 files changed, 43 insertions(+), 6 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/auto_https_ignore_loaded_certs.txt diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index 32f9da71..d52c5ef8 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -126,10 +126,10 @@ func parseTLS(h Helper) ([]ConfigValue, error) { // must load each cert only once; otherwise, they each get a // different tag... since a cert loaded twice has the same // bytes, it will overwrite the first one in the cache, and - // only the last cert (and its tag) will survive, so a any conn - // policy that is looking for any tag but the last one to be - // loaded won't find it, and TLS handshakes will fail (see end) - // of issue #3004) + // only the last cert (and its tag) will survive, so any conn + // policy that is looking for any tag other than the last one + // to be loaded won't find it, and TLS handshakes will fail + // (see end of issue #3004) // // tlsCertTags maps certificate filenames to their tag. // This is used to remember which tag is used for each diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 42880765..1ccaed24 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -451,6 +451,9 @@ func (st *ServerType) serversFromPairings( if autoHTTPS == "disable_redirects" { srv.AutoHTTPS.DisableRedir = true } + if autoHTTPS == "ignore_loaded_certs" { + srv.AutoHTTPS.IgnoreLoadedCerts = true + } } // sort server blocks by their keys; this is important because diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go index 799b0881..d95496c3 100644 --- a/caddyconfig/httpcaddyfile/options.go +++ b/caddyconfig/httpcaddyfile/options.go @@ -379,8 +379,8 @@ func parseOptAutoHTTPS(d *caddyfile.Dispenser, _ interface{}) (interface{}, erro if d.Next() { return "", d.ArgErr() } - if val != "off" && val != "disable_redirects" { - return "", d.Errf("auto_https must be either 'off' or 'disable_redirects'") + if val != "off" && val != "disable_redirects" && val != "ignore_loaded_certs" { + return "", d.Errf("auto_https must be one of 'off', 'disable_redirects' or 'ignore_loaded_certs'") } return val, nil } diff --git a/caddytest/integration/caddyfile_adapt/auto_https_ignore_loaded_certs.txt b/caddytest/integration/caddyfile_adapt/auto_https_ignore_loaded_certs.txt new file mode 100644 index 00000000..1c654385 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/auto_https_ignore_loaded_certs.txt @@ -0,0 +1,34 @@ +{ + auto_https ignore_loaded_certs +} + +localhost +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "localhost" + ] + } + ], + "terminal": true + } + ], + "automatic_https": { + "ignore_loaded_certificates": true + } + } + } + } + } +} \ No newline at end of file From e6f6d3a4765565b09f95a29a2e75be34e1d70359 Mon Sep 17 00:00:00 2001 From: Jesse Date: Mon, 3 May 2021 02:38:16 +0800 Subject: [PATCH 0378/1498] cmd: Add --envfile flag to `start` command (#4141) * add envfile in start cmd * fix commandfuncs * fix commandfuncs * fix cmdStart envfile from bool to string Co-authored-by: Francis Lavoie --- cmd/commandfuncs.go | 4 ++++ cmd/commands.go | 6 +++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go index d32b9c76..f24a9d06 100644 --- a/cmd/commandfuncs.go +++ b/cmd/commandfuncs.go @@ -45,6 +45,7 @@ func cmdStart(fl Flags) (int, error) { startCmdConfigAdapterFlag := fl.String("adapter") startCmdPidfileFlag := fl.String("pidfile") startCmdWatchFlag := fl.Bool("watch") + startCmdEnvfileFlag := fl.String("envfile") // open a listener to which the child process will connect when // it is ready to confirm that it has successfully started @@ -68,6 +69,9 @@ func cmdStart(fl Flags) (int, error) { if startCmdConfigFlag != "" { cmd.Args = append(cmd.Args, "--config", startCmdConfigFlag) } + if startCmdEnvfileFlag != "" { + cmd.Args = append(cmd.Args, "--envfile", startCmdEnvfileFlag) + } if startCmdConfigAdapterFlag != "" { cmd.Args = append(cmd.Args, "--adapter", startCmdConfigAdapterFlag) } diff --git a/cmd/commands.go b/cmd/commands.go index a5198966..36e9c04f 100644 --- a/cmd/commands.go +++ b/cmd/commands.go @@ -74,18 +74,22 @@ func init() { RegisterCommand(Command{ Name: "start", Func: cmdStart, - Usage: "[--config [--adapter ]] [--watch] [--pidfile ]", + Usage: "[--config [--adapter ]] [--envfile ] [--watch] [--pidfile ]", Short: "Starts the Caddy process in the background and then returns", Long: ` Starts the Caddy process, optionally bootstrapped with an initial config file. This command unblocks after the server starts running or fails to run. +If --envfile is specified, an environment file with environment variables in +the KEY=VALUE format will be loaded into the Caddy process. + On Windows, the spawned child process will remain attached to the terminal, so closing the window will forcefully stop Caddy; to avoid forgetting this, try using 'caddy run' instead to keep it in the foreground.`, Flags: func() *flag.FlagSet { fs := flag.NewFlagSet("start", flag.ExitOnError) fs.String("config", "", "Configuration file") + fs.String("envfile", "", "Environment file to load") fs.String("adapter", "", "Name of config adapter to apply") fs.String("pidfile", "", "Path of file to which to write process ID") fs.Bool("watch", false, "Reload changed config file automatically") From e4a22de9d1c4d7aa83126ee13e40b61e7b0e9df0 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Sun, 2 May 2021 14:39:06 -0400 Subject: [PATCH 0379/1498] reverseproxy: Add `handle_response` blocks to `reverse_proxy` (#3710) (#4021) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * reverseproxy: Add `handle_response` blocks to `reverse_proxy` (#3710) * reverseproxy: complete handle_response test * reverseproxy: Change handle_response matchers to use named matchers reverseproxy: Add support for changing status code * fastcgi: Remove obsolete TODO We already have d.Err("transport already specified") in the reverse_proxy parsing code which covers this case * reverseproxy: Fix support for "4xx" type status codes * Apply suggestions from code review Co-authored-by: Matt Holt * caddyhttp: Reorganize response matchers * reverseproxy: Reintroduce caddyfile.Unmarshaler * reverseproxy: Add comment mentioning Finalize should be called Co-authored-by: Maxime Soulé Co-authored-by: Matt Holt --- caddyconfig/httpcaddyfile/directives.go | 7 + .../reverse_proxy_handle_response.txt | 193 ++++++++++++++++++ modules/caddyhttp/encode/caddyfile.go | 69 +------ modules/caddyhttp/matchers.go | 34 --- modules/caddyhttp/matchers_test.go | 149 -------------- modules/caddyhttp/responsematchers.go | 122 +++++++++++ modules/caddyhttp/responsematchers_test.go | 169 +++++++++++++++ modules/caddyhttp/reverseproxy/caddyfile.go | 132 ++++++++++++ .../reverseproxy/fastcgi/caddyfile.go | 6 +- .../caddyhttp/reverseproxy/reverseproxy.go | 7 + 10 files changed, 635 insertions(+), 253 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/reverse_proxy_handle_response.txt create mode 100644 modules/caddyhttp/responsematchers.go create mode 100644 modules/caddyhttp/responsematchers_test.go diff --git a/caddyconfig/httpcaddyfile/directives.go b/caddyconfig/httpcaddyfile/directives.go index b4a8407d..5e194741 100644 --- a/caddyconfig/httpcaddyfile/directives.go +++ b/caddyconfig/httpcaddyfile/directives.go @@ -265,6 +265,13 @@ func (h Helper) NewBindAddresses(addrs []string) []ConfigValue { return []ConfigValue{{Class: "bind", Value: addrs}} } +// WithDispenser returns a new instance based on d. All others Helper +// fields are copied, so typically maps are shared with this new instance. +func (h Helper) WithDispenser(d *caddyfile.Dispenser) Helper { + h.Dispenser = d + return h +} + // ParseSegmentAsSubroute parses the segment such that its subdirectives // are themselves treated as directives, from which a subroute is built // and returned. diff --git a/caddytest/integration/caddyfile_adapt/reverse_proxy_handle_response.txt b/caddytest/integration/caddyfile_adapt/reverse_proxy_handle_response.txt new file mode 100644 index 00000000..35d9631a --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/reverse_proxy_handle_response.txt @@ -0,0 +1,193 @@ +:8884 + +reverse_proxy 127.0.0.1:65535 { + @accel header X-Accel-Redirect * + handle_response @accel { + respond "Header X-Accel-Redirect!" + } + + @another { + header X-Another * + } + handle_response @another { + respond "Header X-Another!" + } + + @401 status 401 + handle_response @401 { + respond "Status 401!" + } + + handle_response { + respond "Any! This should be last in the JSON!" + } + + @403 { + status 403 + } + handle_response @403 { + respond "Status 403!" + } + + @multi { + status 401 403 + status 404 + header Foo * + header Bar * + } + handle_response @multi { + respond "Headers Foo, Bar AND statuses 401, 403 and 404!" + } + + @changeStatus status 500 + handle_response @changeStatus 400 +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":8884" + ], + "routes": [ + { + "handle": [ + { + "handle_response": [ + { + "match": { + "headers": { + "X-Accel-Redirect": [ + "*" + ] + } + }, + "routes": [ + { + "handle": [ + { + "body": "Header X-Accel-Redirect!", + "handler": "static_response" + } + ] + } + ] + }, + { + "match": { + "headers": { + "X-Another": [ + "*" + ] + } + }, + "routes": [ + { + "handle": [ + { + "body": "Header X-Another!", + "handler": "static_response" + } + ] + } + ] + }, + { + "match": { + "status_code": [ + 401 + ] + }, + "routes": [ + { + "handle": [ + { + "body": "Status 401!", + "handler": "static_response" + } + ] + } + ] + }, + { + "match": { + "status_code": [ + 403 + ] + }, + "routes": [ + { + "handle": [ + { + "body": "Status 403!", + "handler": "static_response" + } + ] + } + ] + }, + { + "match": { + "headers": { + "Bar": [ + "*" + ], + "Foo": [ + "*" + ] + }, + "status_code": [ + 401, + 403, + 404 + ] + }, + "routes": [ + { + "handle": [ + { + "body": "Headers Foo, Bar AND statuses 401, 403 and 404!", + "handler": "static_response" + } + ] + } + ] + }, + { + "match": { + "status_code": [ + 500 + ] + }, + "status_code": 400 + }, + { + "routes": [ + { + "handle": [ + { + "body": "Any! This should be last in the JSON!", + "handler": "static_response" + } + ] + } + ] + } + ], + "handler": "reverse_proxy", + "upstreams": [ + { + "dial": "127.0.0.1:65535" + } + ] + } + ] + } + ] + } + } + } + } +} diff --git a/modules/caddyhttp/encode/caddyfile.go b/modules/caddyhttp/encode/caddyfile.go index c45f159e..b236520e 100644 --- a/modules/caddyhttp/encode/caddyfile.go +++ b/modules/caddyhttp/encode/caddyfile.go @@ -15,9 +15,7 @@ package encode import ( - "net/http" "strconv" - "strings" "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/caddyconfig" @@ -95,7 +93,7 @@ func (enc *Encode) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { } enc.Prefer = encs case "match": - err := enc.parseNamedResponseMatcher(d.NewFromNextSegment(), responseMatchers) + err := caddyhttp.ParseNamedResponseMatcher(d.NewFromNextSegment(), responseMatchers) if err != nil { return err } @@ -123,70 +121,5 @@ func (enc *Encode) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return nil } -// Parse the tokens of a named response matcher. -// -// match { -// header [] -// status -// } -// -// Or, single line syntax: -// -// match [header []] | [status ] -// -func (enc *Encode) parseNamedResponseMatcher(d *caddyfile.Dispenser, matchers map[string]caddyhttp.ResponseMatcher) error { - for d.Next() { - definitionName := d.Val() - - if _, ok := matchers[definitionName]; ok { - return d.Errf("matcher is defined more than once: %s", definitionName) - } - - matcher := caddyhttp.ResponseMatcher{} - for nesting := d.Nesting(); d.NextArg() || d.NextBlock(nesting); { - switch d.Val() { - case "header": - if matcher.Headers == nil { - matcher.Headers = http.Header{} - } - - // reuse the header request matcher's unmarshaler - headerMatcher := caddyhttp.MatchHeader(matcher.Headers) - err := headerMatcher.UnmarshalCaddyfile(d.NewFromNextSegment()) - if err != nil { - return err - } - - matcher.Headers = http.Header(headerMatcher) - case "status": - if matcher.StatusCode == nil { - matcher.StatusCode = []int{} - } - - args := d.RemainingArgs() - if len(args) == 0 { - return d.ArgErr() - } - - for _, arg := range args { - if len(arg) == 3 && strings.HasSuffix(arg, "xx") { - arg = arg[:1] - } - statusNum, err := strconv.Atoi(arg) - if err != nil { - return d.Errf("bad status value '%s': %v", arg, err) - } - matcher.StatusCode = append(matcher.StatusCode, statusNum) - } - default: - return d.Errf("unrecognized response matcher %s", d.Val()) - } - } - - matchers[definitionName] = matcher - } - return nil -} - // Interface guard var _ caddyfile.Unmarshaler = (*Encode)(nil) diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index eaf43e9a..9b127dbc 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -971,40 +971,6 @@ func (mre *MatchRegexp) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return nil } -// ResponseMatcher is a type which can determine if an -// HTTP response matches some criteria. -type ResponseMatcher struct { - // If set, one of these status codes would be required. - // A one-digit status can be used to represent all codes - // in that class (e.g. 3 for all 3xx codes). - StatusCode []int `json:"status_code,omitempty"` - - // If set, each header specified must be one of the - // specified values, with the same logic used by the - // request header matcher. - Headers http.Header `json:"headers,omitempty"` -} - -// Match returns true if the given statusCode and hdr match rm. -func (rm ResponseMatcher) Match(statusCode int, hdr http.Header) bool { - if !rm.matchStatusCode(statusCode) { - return false - } - return matchHeaders(hdr, rm.Headers, "", nil) -} - -func (rm ResponseMatcher) matchStatusCode(statusCode int) bool { - if rm.StatusCode == nil { - return true - } - for _, code := range rm.StatusCode { - if StatusCodeMatches(statusCode, code) { - return true - } - } - return false -} - var wordRE = regexp.MustCompile(`\w+`) const regexpPlaceholderPrefix = "http.regexp" diff --git a/modules/caddyhttp/matchers_test.go b/modules/caddyhttp/matchers_test.go index 950020f9..2ec70392 100644 --- a/modules/caddyhttp/matchers_test.go +++ b/modules/caddyhttp/matchers_test.go @@ -804,155 +804,6 @@ func TestVarREMatcher(t *testing.T) { } } -func TestResponseMatcher(t *testing.T) { - for i, tc := range []struct { - require ResponseMatcher - status int - hdr http.Header // make sure these are canonical cased (std lib will do that in a real request) - expect bool - }{ - { - require: ResponseMatcher{}, - status: 200, - expect: true, - }, - { - require: ResponseMatcher{ - StatusCode: []int{200}, - }, - status: 200, - expect: true, - }, - { - require: ResponseMatcher{ - StatusCode: []int{2}, - }, - status: 200, - expect: true, - }, - { - require: ResponseMatcher{ - StatusCode: []int{201}, - }, - status: 200, - expect: false, - }, - { - require: ResponseMatcher{ - StatusCode: []int{2}, - }, - status: 301, - expect: false, - }, - { - require: ResponseMatcher{ - StatusCode: []int{3}, - }, - status: 301, - expect: true, - }, - { - require: ResponseMatcher{ - StatusCode: []int{3}, - }, - status: 399, - expect: true, - }, - { - require: ResponseMatcher{ - StatusCode: []int{3}, - }, - status: 400, - expect: false, - }, - { - require: ResponseMatcher{ - StatusCode: []int{3, 4}, - }, - status: 400, - expect: true, - }, - { - require: ResponseMatcher{ - StatusCode: []int{3, 401}, - }, - status: 401, - expect: true, - }, - { - require: ResponseMatcher{ - Headers: http.Header{ - "Foo": []string{"bar"}, - }, - }, - hdr: http.Header{"Foo": []string{"bar"}}, - expect: true, - }, - { - require: ResponseMatcher{ - Headers: http.Header{ - "Foo2": []string{"bar"}, - }, - }, - hdr: http.Header{"Foo": []string{"bar"}}, - expect: false, - }, - { - require: ResponseMatcher{ - Headers: http.Header{ - "Foo": []string{"bar", "baz"}, - }, - }, - hdr: http.Header{"Foo": []string{"baz"}}, - expect: true, - }, - { - require: ResponseMatcher{ - Headers: http.Header{ - "Foo": []string{"bar"}, - "Foo2": []string{"baz"}, - }, - }, - hdr: http.Header{"Foo": []string{"baz"}}, - expect: false, - }, - { - require: ResponseMatcher{ - Headers: http.Header{ - "Foo": []string{"bar"}, - "Foo2": []string{"baz"}, - }, - }, - hdr: http.Header{"Foo": []string{"bar"}, "Foo2": []string{"baz"}}, - expect: true, - }, - { - require: ResponseMatcher{ - Headers: http.Header{ - "Foo": []string{"foo*"}, - }, - }, - hdr: http.Header{"Foo": []string{"foobar"}}, - expect: true, - }, - { - require: ResponseMatcher{ - Headers: http.Header{ - "Foo": []string{"foo*"}, - }, - }, - hdr: http.Header{"Foo": []string{"foobar"}}, - expect: true, - }, - } { - actual := tc.require.Match(tc.status, tc.hdr) - if actual != tc.expect { - t.Errorf("Test %d %v: Expected %t, got %t for HTTP %d %v", i, tc.require, tc.expect, actual, tc.status, tc.hdr) - continue - } - } -} - func TestNotMatcher(t *testing.T) { for i, tc := range []struct { host, path string diff --git a/modules/caddyhttp/responsematchers.go b/modules/caddyhttp/responsematchers.go new file mode 100644 index 00000000..d9ad8480 --- /dev/null +++ b/modules/caddyhttp/responsematchers.go @@ -0,0 +1,122 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package caddyhttp + +import ( + "net/http" + "strconv" + "strings" + + "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" +) + +// ResponseMatcher is a type which can determine if an +// HTTP response matches some criteria. +type ResponseMatcher struct { + // If set, one of these status codes would be required. + // A one-digit status can be used to represent all codes + // in that class (e.g. 3 for all 3xx codes). + StatusCode []int `json:"status_code,omitempty"` + + // If set, each header specified must be one of the + // specified values, with the same logic used by the + // request header matcher. + Headers http.Header `json:"headers,omitempty"` +} + +// Match returns true if the given statusCode and hdr match rm. +func (rm ResponseMatcher) Match(statusCode int, hdr http.Header) bool { + if !rm.matchStatusCode(statusCode) { + return false + } + return matchHeaders(hdr, rm.Headers, "", nil) +} + +func (rm ResponseMatcher) matchStatusCode(statusCode int) bool { + if rm.StatusCode == nil { + return true + } + for _, code := range rm.StatusCode { + if StatusCodeMatches(statusCode, code) { + return true + } + } + return false +} + +// ParseNamedResponseMatcher parses the tokens of a named response matcher. +// +// @name { +// header [] +// status +// } +// +// Or, single line syntax: +// +// @name [header []] | [status ] +// +func ParseNamedResponseMatcher(d *caddyfile.Dispenser, matchers map[string]ResponseMatcher) error { + for d.Next() { + definitionName := d.Val() + + if _, ok := matchers[definitionName]; ok { + return d.Errf("matcher is defined more than once: %s", definitionName) + } + + matcher := ResponseMatcher{} + for nesting := d.Nesting(); d.NextArg() || d.NextBlock(nesting); { + switch d.Val() { + case "header": + if matcher.Headers == nil { + matcher.Headers = http.Header{} + } + + // reuse the header request matcher's unmarshaler + headerMatcher := MatchHeader(matcher.Headers) + err := headerMatcher.UnmarshalCaddyfile(d.NewFromNextSegment()) + if err != nil { + return err + } + + matcher.Headers = http.Header(headerMatcher) + case "status": + if matcher.StatusCode == nil { + matcher.StatusCode = []int{} + } + + args := d.RemainingArgs() + if len(args) == 0 { + return d.ArgErr() + } + + for _, arg := range args { + if len(arg) == 3 && strings.HasSuffix(arg, "xx") { + arg = arg[:1] + } + statusNum, err := strconv.Atoi(arg) + if err != nil { + return d.Errf("bad status value '%s': %v", arg, err) + } + matcher.StatusCode = append(matcher.StatusCode, statusNum) + } + default: + return d.Errf("unrecognized response matcher %s", d.Val()) + } + } + + matchers[definitionName] = matcher + } + return nil +} diff --git a/modules/caddyhttp/responsematchers_test.go b/modules/caddyhttp/responsematchers_test.go new file mode 100644 index 00000000..f5bb6f18 --- /dev/null +++ b/modules/caddyhttp/responsematchers_test.go @@ -0,0 +1,169 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package caddyhttp + +import ( + "net/http" + "testing" +) + +func TestResponseMatcher(t *testing.T) { + for i, tc := range []struct { + require ResponseMatcher + status int + hdr http.Header // make sure these are canonical cased (std lib will do that in a real request) + expect bool + }{ + { + require: ResponseMatcher{}, + status: 200, + expect: true, + }, + { + require: ResponseMatcher{ + StatusCode: []int{200}, + }, + status: 200, + expect: true, + }, + { + require: ResponseMatcher{ + StatusCode: []int{2}, + }, + status: 200, + expect: true, + }, + { + require: ResponseMatcher{ + StatusCode: []int{201}, + }, + status: 200, + expect: false, + }, + { + require: ResponseMatcher{ + StatusCode: []int{2}, + }, + status: 301, + expect: false, + }, + { + require: ResponseMatcher{ + StatusCode: []int{3}, + }, + status: 301, + expect: true, + }, + { + require: ResponseMatcher{ + StatusCode: []int{3}, + }, + status: 399, + expect: true, + }, + { + require: ResponseMatcher{ + StatusCode: []int{3}, + }, + status: 400, + expect: false, + }, + { + require: ResponseMatcher{ + StatusCode: []int{3, 4}, + }, + status: 400, + expect: true, + }, + { + require: ResponseMatcher{ + StatusCode: []int{3, 401}, + }, + status: 401, + expect: true, + }, + { + require: ResponseMatcher{ + Headers: http.Header{ + "Foo": []string{"bar"}, + }, + }, + hdr: http.Header{"Foo": []string{"bar"}}, + expect: true, + }, + { + require: ResponseMatcher{ + Headers: http.Header{ + "Foo2": []string{"bar"}, + }, + }, + hdr: http.Header{"Foo": []string{"bar"}}, + expect: false, + }, + { + require: ResponseMatcher{ + Headers: http.Header{ + "Foo": []string{"bar", "baz"}, + }, + }, + hdr: http.Header{"Foo": []string{"baz"}}, + expect: true, + }, + { + require: ResponseMatcher{ + Headers: http.Header{ + "Foo": []string{"bar"}, + "Foo2": []string{"baz"}, + }, + }, + hdr: http.Header{"Foo": []string{"baz"}}, + expect: false, + }, + { + require: ResponseMatcher{ + Headers: http.Header{ + "Foo": []string{"bar"}, + "Foo2": []string{"baz"}, + }, + }, + hdr: http.Header{"Foo": []string{"bar"}, "Foo2": []string{"baz"}}, + expect: true, + }, + { + require: ResponseMatcher{ + Headers: http.Header{ + "Foo": []string{"foo*"}, + }, + }, + hdr: http.Header{"Foo": []string{"foobar"}}, + expect: true, + }, + { + require: ResponseMatcher{ + Headers: http.Header{ + "Foo": []string{"foo*"}, + }, + }, + hdr: http.Header{"Foo": []string{"foobar"}}, + expect: true, + }, + } { + actual := tc.require.Match(tc.status, tc.hdr) + if actual != tc.expect { + t.Errorf("Test %d %v: Expected %t, got %t for HTTP %d %v", i, tc.require, tc.expect, actual, tc.status, tc.hdr) + continue + } + } +} diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index dbadef60..61eac7ed 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -42,6 +42,10 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) if err != nil { return nil, err } + err = rp.FinalizeUnmarshalCaddyfile(h) + if err != nil { + return nil, err + } return rp, nil } @@ -86,12 +90,24 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) // transport { // ... // } +// +// # handle responses +// @name { +// status +// header [] +// } +// handle_response [] [status_code] { +// +// } // } // // Proxy upstream addresses should be network dial addresses such // as `host:port`, or a URL such as `scheme://host:port`. Scheme // and port may be inferred from other parts of the address/URL; if // either are missing, defaults to HTTP. +// +// The FinalizeUnmarshalCaddyfile method should be called after this +// to finalize parsing of "handle_response" blocks, if possible. func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { // currently, all backends must use the same scheme/protocol (the // underlying JSON does not yet support per-backend transports) @@ -102,6 +118,10 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { var transport http.RoundTripper var transportModuleName string + // collect the response matchers defined as subdirectives + // prefixed with "@" for use with "handle_response" blocks + h.responseMatchers = make(map[string]caddyhttp.ResponseMatcher) + // TODO: the logic in this function is kind of sensitive, we need // to write tests before making any more changes to it upstreamDialAddress := func(upstreamAddr string) (string, error) { @@ -227,6 +247,16 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { } for d.NextBlock(0) { + // if the subdirective has an "@" prefix then we + // parse it as a response matcher for use with "handle_response" + if strings.HasPrefix(d.Val(), matcherPrefix) { + err := caddyhttp.ParseNamedResponseMatcher(d.NewFromNextSegment(), h.responseMatchers) + if err != nil { + return err + } + continue + } + switch d.Val() { case "to": args := d.RemainingArgs() @@ -617,6 +647,12 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { } transport = rt + case "handle_response": + // delegate the parsing of handle_response to the caller, + // since we need the httpcaddyfile.Helper to parse subroutes. + // See h.FinalizeUnmarshalCaddyfile + h.handleResponseSegments = append(h.handleResponseSegments, d.NewFromNextSegment()) + default: return d.Errf("unrecognized subdirective %s", d.Val()) } @@ -659,6 +695,100 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return nil } +// FinalizeUnmarshalCaddyfile finalizes the Caddyfile parsing which +// requires having an httpcaddyfile.Helper to function, to parse subroutes. +func (h *Handler) FinalizeUnmarshalCaddyfile(helper httpcaddyfile.Helper) error { + for _, d := range h.handleResponseSegments { + // consume the "handle_response" token + d.Next() + + var matcher *caddyhttp.ResponseMatcher + args := d.RemainingArgs() + + // the first arg should be a matcher (optional) + // the second arg should be a status code (optional) + // any more than that isn't currently supported + if len(args) > 2 { + return d.Errf("too many arguments for 'handle_response': %s", args) + } + + // the first arg should always be a matcher. + // it doesn't really make sense to support status code without a matcher. + if len(args) > 0 { + if !strings.HasPrefix(args[0], matcherPrefix) { + return d.Errf("must use a named response matcher, starting with '@'") + } + + foundMatcher, ok := h.responseMatchers[args[0]] + if !ok { + return d.Errf("no named response matcher defined with name '%s'", args[0][1:]) + } + matcher = &foundMatcher + } + + // a second arg should be a status code, in which case + // we skip parsing the block for routes + if len(args) == 2 { + _, err := strconv.Atoi(args[1]) + if err != nil { + return d.Errf("bad integer value '%s': %v", args[1], err) + } + + // make sure there's no block, cause it doesn't make sense + if d.NextBlock(1) { + return d.Errf("cannot define routes for 'handle_response' when changing the status code") + } + + h.HandleResponse = append( + h.HandleResponse, + caddyhttp.ResponseHandler{ + Match: matcher, + StatusCode: caddyhttp.WeakString(args[1]), + }, + ) + continue + } + + // parse the block as routes + handler, err := httpcaddyfile.ParseSegmentAsSubroute(helper.WithDispenser(d.NewFromNextSegment())) + if err != nil { + return err + } + subroute, ok := handler.(*caddyhttp.Subroute) + if !ok { + return helper.Errf("segment was not parsed as a subroute") + } + h.HandleResponse = append( + h.HandleResponse, + caddyhttp.ResponseHandler{ + Match: matcher, + Routes: subroute.Routes, + }, + ) + } + + // move the handle_response entries without a matcher to the end. + // we can't use sort.SliceStable because it will reorder the rest of the + // entries which may be undesirable because we don't have a good + // heuristic to use for sorting. + withoutMatchers := []caddyhttp.ResponseHandler{} + withMatchers := []caddyhttp.ResponseHandler{} + for _, hr := range h.HandleResponse { + if hr.Match == nil { + withoutMatchers = append(withoutMatchers, hr) + } else { + withMatchers = append(withMatchers, hr) + } + } + h.HandleResponse = append(withMatchers, withoutMatchers...) + + // clean up the bits we only needed for adapting + h.handleResponseSegments = nil + h.responseMatchers = nil + + return nil +} + // UnmarshalCaddyfile deserializes Caddyfile tokens into h. // // transport http { @@ -892,6 +1022,8 @@ func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return nil } +const matcherPrefix = "@" + // Interface guards var ( _ caddyfile.Unmarshaler = (*Handler)(nil) diff --git a/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go b/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go index 4d0b23b2..0ccd9fec 100644 --- a/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go @@ -353,12 +353,14 @@ func parsePHPFastCGI(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error // the rest of the config is specified by the user // using the reverse_proxy directive syntax - // TODO: this can overwrite our fcgiTransport that we encoded and - // set on the rpHandler... even with a non-fastcgi transport! err = rpHandler.UnmarshalCaddyfile(dispenser) if err != nil { return nil, err } + err = rpHandler.FinalizeUnmarshalCaddyfile(h) + if err != nil { + return nil, err + } // create the final reverse proxy route which is // conditional on matching PHP files diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index b552d965..b6c24f3c 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -31,6 +31,7 @@ import ( "time" "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" "github.com/caddyserver/caddy/v2/modules/caddyhttp" "github.com/caddyserver/caddy/v2/modules/caddyhttp/headers" "go.uber.org/zap" @@ -127,6 +128,12 @@ type Handler struct { Transport http.RoundTripper `json:"-"` CB CircuitBreaker `json:"-"` + // Holds the named response matchers from the Caddyfile while adapting + responseMatchers map[string]caddyhttp.ResponseMatcher + + // Holds the handle_response Caddyfile tokens while adapting + handleResponseSegments []*caddyfile.Dispenser + ctx caddy.Context logger *zap.Logger } From efe84497d7a333a8a6c7b658286121bad1b7f616 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 3 May 2021 11:10:18 -0600 Subject: [PATCH 0380/1498] go.mod: CertMagic v0.13.1 --- go.mod | 4 ++-- go.sum | 11 +++++------ 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index 51269c52..6fe6902e 100644 --- a/go.mod +++ b/go.mod @@ -6,13 +6,13 @@ require ( github.com/Masterminds/sprig/v3 v3.1.0 github.com/alecthomas/chroma v0.8.2 github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a - github.com/caddyserver/certmagic v0.13.0 + github.com/caddyserver/certmagic v0.13.1 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-chi/chi v4.1.2+incompatible github.com/google/cel-go v0.6.0 github.com/google/uuid v1.2.0 github.com/klauspost/compress v1.11.3 - github.com/klauspost/cpuid/v2 v2.0.1 + github.com/klauspost/cpuid/v2 v2.0.6 github.com/lucas-clemente/quic-go v0.20.1 github.com/mholt/acmez v0.1.3 github.com/naoina/go-stringutil v0.1.0 // indirect diff --git a/go.sum b/go.sum index 16987416..b13a5c7e 100644 --- a/go.sum +++ b/go.sum @@ -99,8 +99,8 @@ github.com/bombsimon/wsl/v2 v2.0.0/go.mod h1:mf25kr/SqFEPhhcxW1+7pxzGlW+hIl/hYTK github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= -github.com/caddyserver/certmagic v0.13.0 h1:ky0rntZvIFiUKFdIikYxj31WN+Ts0Od6Wjz83iTzxfc= -github.com/caddyserver/certmagic v0.13.0/go.mod h1:dNOzF4iOB7H9E51xTooMB90vs+2XNVtpnx0liQNsQY4= +github.com/caddyserver/certmagic v0.13.1 h1:A5qLxh9J6/CYWEOHaj135IWAjCY0193ONxEy8jbOlPw= +github.com/caddyserver/certmagic v0.13.1/go.mod h1:+zhQtEgLOyXRA/KRduHXNhGGdTeqRM4ePj8eBGD/2CQ= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= @@ -395,11 +395,10 @@ github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0 github.com/klauspost/compress v1.11.3 h1:dB4Bn0tN3wdCzQxnS8r06kV74qN/TAfaIS0bVE8h3jc= github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/cpuid v0.0.0-20180405133222-e7e905edc00e/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= +github.com/klauspost/cpuid v1.2.0 h1:NMpwD2G9JSFOE1/TJjGSo5zG7Yb2bTe7eq1jH+irmeE= github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= -github.com/klauspost/cpuid v1.2.5 h1:VBd9MyVIiJHzzgnrLQG5Bcv75H4YaWrlKqWHjurxCGo= -github.com/klauspost/cpuid v1.2.5/go.mod h1:bYW4mA6ZgKPob1/Dlai2LviZJO7KGI3uoWLd42rAQw4= -github.com/klauspost/cpuid/v2 v2.0.1 h1:lb04bBEJoAoV48eHs4Eq0UyhmJCkRSdIjQ3uS8WJRM4= -github.com/klauspost/cpuid/v2 v2.0.1/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= +github.com/klauspost/cpuid/v2 v2.0.6 h1:dQ5ueTiftKxp0gyjKSx5+8BtPWkyQbd95m8Gys/RarI= +github.com/klauspost/cpuid/v2 v2.0.6/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3 h1:CE8S1cTafDpPvMhIxNJKvHsGVBgn1xWYf1NbHQhywc8= From 74f5d66c4826e177123859abae3981bd196bfdcf Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 4 May 2021 11:49:13 -0400 Subject: [PATCH 0381/1498] fileserver: Fix `file` matcher with empty `try_files` (#4147) * fileserver: Fix `file` matcher with empty `try_files` Fixes https://github.com/caddyserver/caddy/issues/4146 If `TryFiles` is empty, we fill it with `r.URL.Path`. In this case, this is `/`. Then later, in `prepareFilePath()`, we run the replacer (which turns `{path}` into `/` at that point) but `file` remains the original value (and the placeholder is still the placeholder there). So then `strings.HasSuffix(file, "/")` will be `false` for the placeholder, but `true` for the empty `TryFiles` codepath, because `file` was `/` due to being set to the actual request value beforehand. This means that `suffix` becomes `//` in that case, so after `sanitizedPathJoin`, it becomes `./`, so `strictFileExists`'s `strings.HasSuffix(file, separator)` codepath will return true. I think we should change the `m.TryFiles == nil` codepath to `m.TryFiles = []string{"{http.request.uri.path}"}` for consistency. (And maybe consider hoisting this to `Provision` cause there's no point doing this on every request). I don't think this "optimization" of directly using `r.URL.Path` is so valuable, cause it causes this edgecase with directories. * Update modules/caddyhttp/fileserver/matcher.go Co-authored-by: Matt Holt Co-authored-by: Matt Holt --- modules/caddyhttp/fileserver/matcher.go | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/modules/caddyhttp/fileserver/matcher.go b/modules/caddyhttp/fileserver/matcher.go index 44ef9edc..064398c6 100644 --- a/modules/caddyhttp/fileserver/matcher.go +++ b/modules/caddyhttp/fileserver/matcher.go @@ -139,6 +139,11 @@ func (m *MatchFile) Provision(_ caddy.Context) error { if m.Root == "" { m.Root = "{http.vars.root}" } + // if list of files to try was omitted entirely, assume URL path + // (use placeholder instead of r.URL.Path; see issue #4146) + if m.TryFiles == nil { + m.TryFiles = []string{"{http.request.uri.path}"} + } return nil } @@ -174,13 +179,6 @@ func (m MatchFile) selectFile(r *http.Request) (matched bool) { root := repl.ReplaceAll(m.Root, ".") - // if list of files to try was omitted entirely, - // assume URL path - if m.TryFiles == nil { - // m is not a pointer, so this is safe - m.TryFiles = []string{r.URL.Path} - } - // common preparation of the file into parts prepareFilePath := func(file string) (suffix, fullpath, remainder string) { suffix, remainder = m.firstSplit(path.Clean(repl.ReplaceAll(file, ""))) From a17c3b568d635ea45deb204d06e251810e94a7d6 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 5 May 2021 14:52:18 -0600 Subject: [PATCH 0382/1498] reverseproxy: Minor logging improvements --- modules/caddyhttp/reverseproxy/reverseproxy.go | 8 +++++--- .../caddyhttp/reverseproxy/selectionpolicies_test.go | 2 +- modules/caddyhttp/reverseproxy/streaming.go | 12 ++++++++++-- 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index b6c24f3c..ddb3ca92 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -568,9 +568,11 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, repl * logger := h.logger.With( zap.String("upstream", di.Upstream.String()), zap.Object("request", caddyhttp.LoggableHTTPRequest{Request: req}), - zap.Duration("duration", duration)) + ) if err != nil { - logger.Debug("upstream roundtrip", zap.Error(err)) + logger.Debug("upstream roundtrip", + zap.Duration("duration", duration), + zap.Error(err)) return err } logger.Debug("upstream roundtrip", @@ -642,7 +644,7 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, repl * // deal with 101 Switching Protocols responses: (WebSocket, h2c, etc) if res.StatusCode == http.StatusSwitchingProtocols { - h.handleUpgradeResponse(rw, req, res) + h.handleUpgradeResponse(logger, rw, req, res) return nil } diff --git a/modules/caddyhttp/reverseproxy/selectionpolicies_test.go b/modules/caddyhttp/reverseproxy/selectionpolicies_test.go index 60a27028..c28799d4 100644 --- a/modules/caddyhttp/reverseproxy/selectionpolicies_test.go +++ b/modules/caddyhttp/reverseproxy/selectionpolicies_test.go @@ -366,7 +366,7 @@ func TestCookieHashPolicy(t *testing.T) { h := cookieHashPolicy.Select(pool, request, w) cookieServer1 := w.Result().Cookies()[0] if cookieServer1 == nil { - t.Error("cookieHashPolicy should set a cookie") + t.Fatal("cookieHashPolicy should set a cookie") } if cookieServer1.Name != "lb" { t.Error("cookieHashPolicy should set a cookie with name lb") diff --git a/modules/caddyhttp/reverseproxy/streaming.go b/modules/caddyhttp/reverseproxy/streaming.go index f108a97f..285c04b7 100644 --- a/modules/caddyhttp/reverseproxy/streaming.go +++ b/modules/caddyhttp/reverseproxy/streaming.go @@ -29,7 +29,7 @@ import ( "go.uber.org/zap" ) -func (h Handler) handleUpgradeResponse(rw http.ResponseWriter, req *http.Request, res *http.Response) { +func (h Handler) handleUpgradeResponse(logger *zap.Logger, rw http.ResponseWriter, req *http.Request, res *http.Response) { reqUpType := upgradeType(req.Header) resUpType := upgradeType(res.Header) if reqUpType != resUpType { @@ -65,12 +65,19 @@ func (h Handler) handleUpgradeResponse(rw http.ResponseWriter, req *http.Request }() defer close(backConnCloseCh) + logger.Debug("upgrading connection") conn, brw, err := hj.Hijack() if err != nil { - h.logger.Error("Hijack failed on protocol switch", zap.Error(err)) + h.logger.Error("hijack failed on protocol switch", zap.Error(err)) return } defer conn.Close() + + start := time.Now() + defer func() { + logger.Debug("connection closed", zap.Duration("duration", time.Since(start))) + }() + res.Body = nil // so res.Write only writes the headers; we have res.Body in backConn above if err := res.Write(brw); err != nil { h.logger.Debug("response write", zap.Error(err)) @@ -80,6 +87,7 @@ func (h Handler) handleUpgradeResponse(rw http.ResponseWriter, req *http.Request h.logger.Debug("response flush", zap.Error(err)) return } + errc := make(chan error, 1) spc := switchProtocolCopier{user: conn, backend: backConn} go spc.copyToBackend(errc) From d4b2f1bcee2190d13bc96aa8da5ea530bd6b9a22 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 5 May 2021 17:55:40 -0400 Subject: [PATCH 0383/1498] caddyhttp: Fix fallback for the error handler chain (#4131) * caddyhttp: Fix fallback for the error handler chain The fix I went with in the end (after realizing some mistaken assumptions in #4131) is to just make the routes fall back to errorEmptyHandler instead of the non-error empty handler, if Terminal is true, making the routes error-aware. Ultimately this was probably just an oversight when errors was implemented at some point in the early betas of v2. See https://caddy.community/t/problem-with-basicauth-handle-errors/12243/9 for context. * Revert "caddyhttp: Fix fallback for the error handler chain" This reverts commit 95b6ac44a6122d3ca5513a13bbc723cd5f4785f8. * caddyhttp: Fix via `routes.go` --- modules/caddyhttp/routes.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/modules/caddyhttp/routes.go b/modules/caddyhttp/routes.go index 83e63540..ebd763c7 100644 --- a/modules/caddyhttp/routes.go +++ b/modules/caddyhttp/routes.go @@ -220,7 +220,11 @@ func wrapRoute(route Route) Middleware { // make terminal routes terminate if route.Terminal { - nextCopy = emptyHandler + if _, ok := req.Context().Value(ErrorCtxKey).(error); ok { + nextCopy = errorEmptyHandler + } else { + nextCopy = emptyHandler + } } // compile this route's handler stack From 3cf443f0feee50a5de3f31daf79af1b8f70ebc76 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Fri, 7 May 2021 18:18:17 -0400 Subject: [PATCH 0384/1498] httpcaddyfile: Add `grace_period` global option (#4152) See https://caddyserver.com/docs/json/apps/http/#grace_period --- caddyconfig/httpcaddyfile/httptype.go | 15 ++++++++++++--- caddyconfig/httpcaddyfile/options.go | 5 +++-- .../caddyfile_adapt/global_options.txt | 2 ++ 3 files changed, 17 insertions(+), 5 deletions(-) diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 1ccaed24..559d7b76 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -220,9 +220,10 @@ func (st ServerType) Setup(inputServerBlocks []caddyfile.ServerBlock, // now that each server is configured, make the HTTP app httpApp := caddyhttp.App{ - HTTPPort: tryInt(options["http_port"], &warnings), - HTTPSPort: tryInt(options["https_port"], &warnings), - Servers: servers, + HTTPPort: tryInt(options["http_port"], &warnings), + HTTPSPort: tryInt(options["https_port"], &warnings), + GracePeriod: tryDuration(options["grace_period"], &warnings), + Servers: servers, } // then make the TLS app @@ -1246,6 +1247,14 @@ func tryString(val interface{}, warnings *[]caddyconfig.Warning) string { return stringVal } +func tryDuration(val interface{}, warnings *[]caddyconfig.Warning) caddy.Duration { + durationVal, ok := val.(caddy.Duration) + if val != nil && !ok && warnings != nil { + *warnings = append(*warnings, caddyconfig.Warning{Message: "not a duration type"}) + } + return durationVal +} + // sliceContains returns true if needle is in haystack. func sliceContains(haystack []string, needle string) bool { for _, s := range haystack { diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go index d95496c3..905ecae8 100644 --- a/caddyconfig/httpcaddyfile/options.go +++ b/caddyconfig/httpcaddyfile/options.go @@ -29,10 +29,11 @@ func init() { RegisterGlobalOption("debug", parseOptTrue) RegisterGlobalOption("http_port", parseOptHTTPPort) RegisterGlobalOption("https_port", parseOptHTTPSPort) + RegisterGlobalOption("grace_period", parseOptDuration) RegisterGlobalOption("default_sni", parseOptSingleString) RegisterGlobalOption("order", parseOptOrder) RegisterGlobalOption("storage", parseOptStorage) - RegisterGlobalOption("storage_clean_interval", parseOptStorageCleanInterval) + RegisterGlobalOption("storage_clean_interval", parseOptDuration) RegisterGlobalOption("acme_ca", parseOptSingleString) RegisterGlobalOption("acme_ca_root", parseOptSingleString) RegisterGlobalOption("acme_dns", parseOptACMEDNS) @@ -178,7 +179,7 @@ func parseOptStorage(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) return storage, nil } -func parseOptStorageCleanInterval(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { +func parseOptDuration(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { if !d.Next() { // consume option name return nil, d.ArgErr() } diff --git a/caddytest/integration/caddyfile_adapt/global_options.txt b/caddytest/integration/caddyfile_adapt/global_options.txt index a0a7f0b8..dda644b2 100644 --- a/caddytest/integration/caddyfile_adapt/global_options.txt +++ b/caddytest/integration/caddyfile_adapt/global_options.txt @@ -2,6 +2,7 @@ debug http_port 8080 https_port 8443 + grace_period 5s default_sni localhost order root first storage file_system { @@ -42,6 +43,7 @@ "http": { "http_port": 8080, "https_port": 8443, + "grace_period": 5000000000, "servers": { "srv0": { "listen": [ From 61642b766baaa8cef62f5a7ea3c29d8ebdbd86ea Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Sun, 9 May 2021 00:37:27 -0400 Subject: [PATCH 0385/1498] caddytls: Run replacer on ask URL, for env vars (#4154) Fixes #3922 --- modules/caddytls/tls.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go index c111bbba..a93183e6 100644 --- a/modules/caddytls/tls.go +++ b/modules/caddytls/tls.go @@ -87,6 +87,7 @@ func (TLS) CaddyModule() caddy.ModuleInfo { func (t *TLS) Provision(ctx caddy.Context) error { t.ctx = ctx t.logger = ctx.Logger(t) + repl := caddy.NewReplacer() // set up a new certificate cache; this (re)loads all certificates cacheOpts := certmagic.CacheOptions{ @@ -176,6 +177,11 @@ func (t *TLS) Provision(ctx caddy.Context) error { onDemandRateLimiter.SetWindow(0) } + // run replacer on ask URL (for environment variables) + if t.Automation != nil && t.Automation.OnDemand != nil && t.Automation.OnDemand.Ask != "" { + t.Automation.OnDemand.Ask = repl.ReplaceAll(t.Automation.OnDemand.Ask, "") + } + // load manual/static (unmanaged) certificates - we do this in // provision so that other apps (such as http) can know which // certificates have been manually loaded, and also so that From 77764714ad83d5c6e4db2da4b8945701f146bad0 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 10 May 2021 12:06:38 -0400 Subject: [PATCH 0386/1498] encode: Default to order the formats are enabled for `prefer` in Caddyfile (#4151) --- .../caddyfile_adapt/encode_options.txt | 46 +++++++++++++++++++ modules/caddyhttp/encode/caddyfile.go | 25 +++++++++- 2 files changed, 70 insertions(+), 1 deletion(-) diff --git a/caddytest/integration/caddyfile_adapt/encode_options.txt b/caddytest/integration/caddyfile_adapt/encode_options.txt index a43c7e02..9459008a 100644 --- a/caddytest/integration/caddyfile_adapt/encode_options.txt +++ b/caddytest/integration/caddyfile_adapt/encode_options.txt @@ -1,5 +1,6 @@ :80 +# All the options encode gzip zstd { minimum_length 256 prefer zstd gzip @@ -14,6 +15,20 @@ encode gzip zstd { header Content-Type image/svg+xml* } } + +# Prefer list is implied (short way) +encode gzip zstd + +# Prefer list is implied (long way) +encode { + gzip 5 + zstd +} + +# Prefer list is turned off +encode gzip zstd { + prefer off +} ---------- { "apps": { @@ -55,6 +70,37 @@ encode gzip zstd { "zstd", "gzip" ] + }, + { + "encodings": { + "gzip": {}, + "zstd": {} + }, + "handler": "encode", + "prefer": [ + "gzip", + "zstd" + ] + }, + { + "encodings": { + "gzip": { + "level": 5 + }, + "zstd": {} + }, + "handler": "encode", + "prefer": [ + "gzip", + "zstd" + ] + }, + { + "encodings": { + "gzip": {}, + "zstd": {} + }, + "handler": "encode" } ] } diff --git a/modules/caddyhttp/encode/caddyfile.go b/modules/caddyhttp/encode/caddyfile.go index b236520e..d00a16a2 100644 --- a/modules/caddyhttp/encode/caddyfile.go +++ b/modules/caddyhttp/encode/caddyfile.go @@ -43,7 +43,7 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) // gzip [] // zstd // minimum_length -// prefer +// prefer off| // # response matcher block // match { // status @@ -55,7 +55,11 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) // // Specifying the formats on the first line will use those formats' defaults. func (enc *Encode) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + var preferDefaults []string + var preferOff bool + responseMatchers := make(map[string]caddyhttp.ResponseMatcher) + for d.Next() { for _, arg := range d.RemainingArgs() { mod, err := caddy.GetModule("http.encoders." + arg) @@ -70,6 +74,7 @@ func (enc *Encode) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { enc.EncodingsRaw = make(caddy.ModuleMap) } enc.EncodingsRaw[arg] = caddyconfig.JSON(encoding, nil) + preferDefaults = append(preferDefaults, arg) } for d.NextBlock(0) { @@ -86,6 +91,11 @@ func (enc *Encode) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { case "prefer": var encs []string for d.NextArg() { + // if one of the values is "off", then + // we'll skip setting the prefer list. + if d.Val() == "off" { + preferOff = true + } encs = append(encs, d.Val()) } if len(encs) == 0 { @@ -114,10 +124,23 @@ func (enc *Encode) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { enc.EncodingsRaw = make(caddy.ModuleMap) } enc.EncodingsRaw[name] = caddyconfig.JSON(encoding, nil) + preferDefaults = append(preferDefaults, name) } } } + // if the "prefer" subdirective wasn't specified, use + // the order in which the encoders were defined. + if len(enc.Prefer) == 0 { + enc.Prefer = preferDefaults + } + + // if "prefer off" was set, then we'll not use the default + // behaviour of the order in which they were defined. + if preferOff { + enc.Prefer = nil + } + return nil } From f5db41ce1d4bb5ac75489f11985ca46898fb642e Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 10 May 2021 13:12:59 -0400 Subject: [PATCH 0387/1498] encode: Drop `prefer` from Caddyfile (#4156) Followup to #4150, #4151 /cc @ueffel @polarathene After a bit of discussion with @mholt, we decided to remove `prefer` as a subdirective and just go with using the order implicitly always. Simpler config, simpler docs, etc. Effectively changes 7776471 and reverts a small part of f35a7fa. --- .../caddyfile_adapt/encode_options.txt | 35 +++---------------- modules/caddyhttp/encode/caddyfile.go | 35 +++---------------- 2 files changed, 9 insertions(+), 61 deletions(-) diff --git a/caddytest/integration/caddyfile_adapt/encode_options.txt b/caddytest/integration/caddyfile_adapt/encode_options.txt index 9459008a..6f811abf 100644 --- a/caddytest/integration/caddyfile_adapt/encode_options.txt +++ b/caddytest/integration/caddyfile_adapt/encode_options.txt @@ -3,7 +3,6 @@ # All the options encode gzip zstd { minimum_length 256 - prefer zstd gzip match { status 2xx 4xx 500 header Content-Type text/* @@ -16,18 +15,10 @@ encode gzip zstd { } } -# Prefer list is implied (short way) -encode gzip zstd - -# Prefer list is implied (long way) +# Long way with a block for each encoding encode { - gzip 5 zstd -} - -# Prefer list is turned off -encode gzip zstd { - prefer off + gzip 5 } ---------- { @@ -66,17 +57,6 @@ encode gzip zstd { ] }, "minimum_length": 256, - "prefer": [ - "zstd", - "gzip" - ] - }, - { - "encodings": { - "gzip": {}, - "zstd": {} - }, - "handler": "encode", "prefer": [ "gzip", "zstd" @@ -91,16 +71,9 @@ encode gzip zstd { }, "handler": "encode", "prefer": [ - "gzip", - "zstd" + "zstd", + "gzip" ] - }, - { - "encodings": { - "gzip": {}, - "zstd": {} - }, - "handler": "encode" } ] } diff --git a/modules/caddyhttp/encode/caddyfile.go b/modules/caddyhttp/encode/caddyfile.go index d00a16a2..2541b1aa 100644 --- a/modules/caddyhttp/encode/caddyfile.go +++ b/modules/caddyhttp/encode/caddyfile.go @@ -43,7 +43,6 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) // gzip [] // zstd // minimum_length -// prefer off| // # response matcher block // match { // status @@ -55,8 +54,7 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) // // Specifying the formats on the first line will use those formats' defaults. func (enc *Encode) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { - var preferDefaults []string - var preferOff bool + var prefer []string responseMatchers := make(map[string]caddyhttp.ResponseMatcher) @@ -74,7 +72,7 @@ func (enc *Encode) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { enc.EncodingsRaw = make(caddy.ModuleMap) } enc.EncodingsRaw[arg] = caddyconfig.JSON(encoding, nil) - preferDefaults = append(preferDefaults, arg) + prefer = append(prefer, arg) } for d.NextBlock(0) { @@ -88,20 +86,6 @@ func (enc *Encode) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return err } enc.MinLength = minLength - case "prefer": - var encs []string - for d.NextArg() { - // if one of the values is "off", then - // we'll skip setting the prefer list. - if d.Val() == "off" { - preferOff = true - } - encs = append(encs, d.Val()) - } - if len(encs) == 0 { - return d.ArgErr() - } - enc.Prefer = encs case "match": err := caddyhttp.ParseNamedResponseMatcher(d.NewFromNextSegment(), responseMatchers) if err != nil { @@ -124,22 +108,13 @@ func (enc *Encode) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { enc.EncodingsRaw = make(caddy.ModuleMap) } enc.EncodingsRaw[name] = caddyconfig.JSON(encoding, nil) - preferDefaults = append(preferDefaults, name) + prefer = append(prefer, name) } } } - // if the "prefer" subdirective wasn't specified, use - // the order in which the encoders were defined. - if len(enc.Prefer) == 0 { - enc.Prefer = preferDefaults - } - - // if "prefer off" was set, then we'll not use the default - // behaviour of the order in which they were defined. - if preferOff { - enc.Prefer = nil - } + // use the order in which the encoders were defined. + enc.Prefer = prefer return nil } From bc2210247861340c644d9825ac2b2860f8c6e12a Mon Sep 17 00:00:00 2001 From: Matthew Penner Date: Mon, 10 May 2021 12:01:27 -0600 Subject: [PATCH 0388/1498] caddyfile: Fix `caddy fmt` nesting not decrementing (#4157) * caddyfile(formatter): fix nesting not decrementing This is an extremely weird edge-case where if you had a environment variable {} on one line, a comment on the next line, and the closing of the block on the following line; the rest of the Caddyfile would be indented further than it should've been. ref; https://github.com/matthewpi/vscode-caddyfile-support/issues/13 * run gofmt * fmt: better way of handling edge case --- caddyconfig/caddyfile/formatter.go | 1 + caddyconfig/caddyfile/formatter_test.go | 38 +++++++++++++++++++++++++ modules/caddyhttp/replacer_test.go | 2 +- 3 files changed, 40 insertions(+), 1 deletion(-) diff --git a/caddyconfig/caddyfile/formatter.go b/caddyconfig/caddyfile/formatter.go index 86202192..cb0033f7 100644 --- a/caddyconfig/caddyfile/formatter.go +++ b/caddyconfig/caddyfile/formatter.go @@ -78,6 +78,7 @@ func Format(input []byte) []byte { if comment { if ch == '\n' { comment = false + space = true nextLine() continue } else { diff --git a/caddyconfig/caddyfile/formatter_test.go b/caddyconfig/caddyfile/formatter_test.go index 6cae20d7..64cf6d21 100644 --- a/caddyconfig/caddyfile/formatter_test.go +++ b/caddyconfig/caddyfile/formatter_test.go @@ -321,6 +321,44 @@ baz`, foo }`, }, + { + description: "matthewpi/vscode-caddyfile-support#13", + input: `{ + email {$ACMEEMAIL} + #debug +} + +block { +} +`, + expect: `{ + email {$ACMEEMAIL} + #debug +} + +block { +} +`, + }, + { + description: "matthewpi/vscode-caddyfile-support#13 - bad formatting", + input: `{ + email {$ACMEEMAIL} + #debug + } + + block { + } +`, + expect: `{ + email {$ACMEEMAIL} + #debug +} + +block { +} +`, + }, } { // the formatter should output a trailing newline, // even if the tests aren't written to expect that diff --git a/modules/caddyhttp/replacer_test.go b/modules/caddyhttp/replacer_test.go index 486a8e3c..5026ac84 100644 --- a/modules/caddyhttp/replacer_test.go +++ b/modules/caddyhttp/replacer_test.go @@ -173,7 +173,7 @@ eqp31wM9il1n+guTNyxJd+FzVAH+hCZE5K+tCgVDdVFUlDEHHbS/wqb2PSIoouLV }, { input: "{http.request.tls.client.certificate_pem}", - expect: string(clientCert) + "\n", // returned value comes with a newline appended to it + expect: string(clientCert) + "\n", // returned value comes with a newline appended to it }, } { actual := repl.ReplaceAll(tc.input, "") From dbe164d98a58e8b0dbf3fed26e4e9bb6f668a9e2 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 11 May 2021 15:26:07 -0600 Subject: [PATCH 0389/1498] httpcaddyfile: Fix automation policy consolidation again (fix #4161) Also fix a previous test that asserted incorrect behavior. --- caddyconfig/httpcaddyfile/tlsapp.go | 5 +- .../tls_automation_policies_4.txt | 12 -- .../tls_automation_policies_6.txt | 120 ++++++++++++++++++ 3 files changed, 124 insertions(+), 13 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/tls_automation_policies_6.txt diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index c4af8e4c..2510a9bf 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -510,7 +510,10 @@ outer: // if they're exactly equal in every way, just keep one of them if reflect.DeepEqual(aps[i], aps[j]) { aps = append(aps[:j], aps[j+1:]...) - break + // must re-evaluate current i against next j; can't skip it! + // even if i decrements to -1, will be incremented to 0 immediately + i-- + continue outer } // if the policy is the same, we can keep just one, but we have diff --git a/caddytest/integration/caddyfile_adapt/tls_automation_policies_4.txt b/caddytest/integration/caddyfile_adapt/tls_automation_policies_4.txt index 502dbd0b..d8f2164d 100644 --- a/caddytest/integration/caddyfile_adapt/tls_automation_policies_4.txt +++ b/caddytest/integration/caddyfile_adapt/tls_automation_policies_4.txt @@ -124,18 +124,6 @@ abc.de { "tls": { "automation": { "policies": [ - { - "issuers": [ - { - "email": "my.email@example.com", - "module": "acme" - }, - { - "email": "my.email@example.com", - "module": "zerossl" - } - ] - }, { "issuers": [ { diff --git a/caddytest/integration/caddyfile_adapt/tls_automation_policies_6.txt b/caddytest/integration/caddyfile_adapt/tls_automation_policies_6.txt new file mode 100644 index 00000000..b3ad7ff2 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/tls_automation_policies_6.txt @@ -0,0 +1,120 @@ +# (this Caddyfile is contrived, but based on issue #4161) + +example.com { + tls { + ca https://foobar + } +} + +example.com:8443 { + tls { + ca https://foobar + } +} + +example.com:8444 { + tls { + ca https://foobar + } +} + +example.com:8445 { + tls { + ca https://foobar + } +} + +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "example.com" + ] + } + ], + "terminal": true + } + ] + }, + "srv1": { + "listen": [ + ":8443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "example.com" + ] + } + ], + "terminal": true + } + ] + }, + "srv2": { + "listen": [ + ":8444" + ], + "routes": [ + { + "match": [ + { + "host": [ + "example.com" + ] + } + ], + "terminal": true + } + ] + }, + "srv3": { + "listen": [ + ":8445" + ], + "routes": [ + { + "match": [ + { + "host": [ + "example.com" + ] + } + ], + "terminal": true + } + ] + } + } + }, + "tls": { + "automation": { + "policies": [ + { + "subjects": [ + "example.com" + ], + "issuers": [ + { + "ca": "https://foobar", + "module": "acme" + } + ] + } + ] + } + } + } +} \ No newline at end of file From 2aefe156869851a89d7a34e28c3e4ff3ac442fff Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Tue, 11 May 2021 22:11:27 +0000 Subject: [PATCH 0390/1498] cmd: upgrade: inherit the permissions of the original executable (#4160) --- cmd/commandfuncs.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go index f24a9d06..58b97204 100644 --- a/cmd/commandfuncs.go +++ b/cmd/commandfuncs.go @@ -577,6 +577,10 @@ func cmdUpgrade(_ Flags) (int, error) { if err != nil { return caddy.ExitCodeFailedStartup, fmt.Errorf("determining current executable path: %v", err) } + thisExecStat, err := os.Stat(thisExecPath) + if err != nil { + return caddy.ExitCodeFailedStartup, fmt.Errorf("retrieving current executable permission bits: %v", err) + } l.Info("this executable will be replaced", zap.String("path", thisExecPath)) // get the list of nonstandard plugins @@ -654,7 +658,7 @@ func cmdUpgrade(_ Flags) (int, error) { // download the file; do this in a closure to close reliably before we execute it writeFile := func() error { - destFile, err := os.OpenFile(thisExecPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0770) + destFile, err := os.OpenFile(thisExecPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, thisExecStat.Mode()) if err != nil { return fmt.Errorf("unable to open destination file: %v", err) } From 37718560c1bf8e330d18edb2e663e64a624dee8e Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 12 May 2021 00:26:16 -0400 Subject: [PATCH 0391/1498] ci: Run CI on PRs targeting minor version branches (#4164) We decided that we'll use branches like `2.4` as the target for any changes that we might want to release in a `2.4.x` version like `2.4.1`, so that we can continue to merge changes targeting the next minor release (e.g. `2.5.0`) on master. Our CI config wasn't set up for this to work properly though, since it was only running checks on PRs targeting master. This should fix it. I couldn't find a way to do a pattern to only match digits for the branch names from Github's docs, it just looks like a pretty generic glob syntax. But this should do until we get to 3.0 --- .github/workflows/ci.yml | 2 ++ .github/workflows/cross-build.yml | 2 ++ .github/workflows/lint.yml | 2 ++ 3 files changed, 6 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 22e7d7ea..9a46b80b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -6,9 +6,11 @@ on: push: branches: - master + - 2.* pull_request: branches: - master + - 2.* jobs: test: diff --git a/.github/workflows/cross-build.yml b/.github/workflows/cross-build.yml index 4da0a257..dc6b8e3d 100644 --- a/.github/workflows/cross-build.yml +++ b/.github/workflows/cross-build.yml @@ -4,9 +4,11 @@ on: push: branches: - master + - 2.* pull_request: branches: - master + - 2.* jobs: cross-build-test: diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index ef691505..4b4ed036 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -4,9 +4,11 @@ on: push: branches: - master + - 2.* pull_request: branches: - master + - 2.* jobs: # From https://github.com/golangci/golangci-lint-action From aef8d4decceba3371d6722a81e17cd5f94162116 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 12 May 2021 16:19:08 -0400 Subject: [PATCH 0392/1498] reverseproxy: Set the headers in the replacer before `handle_response` (#4165) Turns out this was an oversight, we assumed we could use `{http.response.header.*}` but that doesn't work because those are grabbed from the response writer, and we haven't copied any headers into the response writer yet. So the fix is to set all the response headers into the replacer at a new namespace before running the handlers. This adds the `{http.reverse_proxy.header.*}` replacer. See https://caddy.community/t/empty-http-response-header-x-accel-redirect/12447 --- modules/caddyhttp/reverseproxy/reverseproxy.go | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index ddb3ca92..671f42a2 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -120,9 +120,10 @@ type Handler struct { // handler chain will not affect the health status of the // backend. // - // Two new placeholders are available in this handler chain: - // - `{http.reverse_proxy.status_code}` The status code - // - `{http.reverse_proxy.status_text}` The status text + // Three new placeholders are available in this handler chain: + // - `{http.reverse_proxy.status_code}` The status code from the response + // - `{http.reverse_proxy.status_text}` The status text from the response + // - `{http.reverse_proxy.header.*}` The headers from the response HandleResponse []caddyhttp.ResponseHandler `json:"handle_response,omitempty"` Transport http.RoundTripper `json:"-"` @@ -631,9 +632,17 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, repl * if len(rh.Routes) == 0 { continue } + res.Body.Close() + + // set up the replacer so that parts of the original response can be + // used for routing decisions + for field, value := range res.Header { + repl.Set("http.reverse_proxy.header."+field, strings.Join(value, ",")) + } repl.Set("http.reverse_proxy.status_code", res.StatusCode) repl.Set("http.reverse_proxy.status_text", res.Status) + h.logger.Debug("handling response", zap.Int("handler", i)) if routeErr := rh.Routes.Compile(next).ServeHTTP(rw, req); routeErr != nil { // wrap error in roundtripSucceeded so caller knows that From b82db994f39c6991d673a7ae9836f5454b1f9668 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 12 May 2021 18:18:44 -0400 Subject: [PATCH 0393/1498] caddyfile: Add parse error on site address with trailing `{` (#4163) * caddyfile: Add parse error on site address in `{` This is an incredibly common mistake made by users, so we should catch it earlier in the parser and give a more friendly message. Often it ends up adapting but with mistakes, or erroring out later due to other site addresses being read as directives. There's not really ever a situation where a lone '{' is valid at the end of a site address (but I suppose there are edgecases where the user wants to use a path matcher where it ends specifically in `{`, but... why?), so this should be fine. * Update caddyconfig/caddyfile/parse.go --- caddyconfig/caddyfile/parse.go | 5 +++++ caddyconfig/caddyfile/parse_test.go | 4 ++++ 2 files changed, 9 insertions(+) diff --git a/caddyconfig/caddyfile/parse.go b/caddyconfig/caddyfile/parse.go index 96491bb3..d8707658 100755 --- a/caddyconfig/caddyfile/parse.go +++ b/caddyconfig/caddyfile/parse.go @@ -214,6 +214,11 @@ func (p *parser) addresses() error { break } + // Users commonly forget to place a space between the address and the '{' + if strings.HasSuffix(tkn, "{") { + return p.Errf("Site addresses cannot end with a curly brace: '%s' - put a space between the token and the brace", tkn) + } + if tkn != "" { // empty token possible if user typed "" // Trailing comma indicates another address will follow, which // may possibly be on the next line diff --git a/caddyconfig/caddyfile/parse_test.go b/caddyconfig/caddyfile/parse_test.go index 3c7db79b..12c71395 100755 --- a/caddyconfig/caddyfile/parse_test.go +++ b/caddyconfig/caddyfile/parse_test.go @@ -160,6 +160,10 @@ func TestParseOneAndImport(t *testing.T) { "localhost", }, []int{}}, + {`localhost{ + dir1 + }`, true, []string{}, []int{}}, + {`localhost dir1 { nested { From 7f26a6b3e507cef98c2d4a74384bacf53bc58f57 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 19 May 2021 10:27:25 -0600 Subject: [PATCH 0394/1498] admin: Reinstate internal redirect for /id/ requests Fix regression from ab80ff4fd2911afc394b9dbceeb9f71c7a0b7ec1 (probably a mistake when rebasing) See https://caddy.community/t/id-selector-is-not-working-after-upgrade-to-2-4-0/12513?u=matt --- admin.go | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/admin.go b/admin.go index da7ce0f5..51eb0cc8 100644 --- a/admin.go +++ b/admin.go @@ -717,6 +717,10 @@ func (h adminHandler) handleError(w http.ResponseWriter, r *http.Request, err er if err == nil { return } + if err == errInternalRedir { + h.serveHTTP(w, r) + return + } apiErr, ok := err.(APIError) if !ok { @@ -896,7 +900,7 @@ func handleConfigID(w http.ResponseWriter, r *http.Request) error { parts = append([]string{expanded}, parts[3:]...) r.URL.Path = path.Join(parts...) - return nil + return errInternalRedir } func handleStop(w http.ResponseWriter, r *http.Request) error { @@ -1199,6 +1203,13 @@ var idRegexp = regexp.MustCompile(`(?m),?\s*"` + idKey + `"\s*:\s*(-?[0-9]+(\.[0 // pidfile is the name of the pidfile, if any. var pidfile string +// errInternalRedir indicates an internal redirect +// and is useful when admin API handlers rewrite +// the request; in that case, authentication and +// authorization needs to happen again for the +// rewritten request. +var errInternalRedir = fmt.Errorf("internal redirect; re-authorization required") + const ( rawConfigKey = "config" idKey = "@id" From e3c369d4526e44f23efb10aaad8a60ce519720a0 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Wed, 19 May 2021 15:14:03 -0600 Subject: [PATCH 0395/1498] logging: Implement dial timeout for net writer (fix #4083) (#4172) * logging: Implement dial timeout for net writer (fix #4083) * Limit how often redials are attempted This should cause dial blocking to occur only once every 10 seconds at most, but it also means the logger connection might be down for up to 10 seconds after it comes back online; oh well. We shouldn't block for DialTimeout at every single log emission. * Clarify offline behavior --- modules/logging/netwriter.go | 75 +++++++++++++++++++++++++++++------- 1 file changed, 61 insertions(+), 14 deletions(-) diff --git a/modules/logging/netwriter.go b/modules/logging/netwriter.go index a25ede71..2bf23bf0 100644 --- a/modules/logging/netwriter.go +++ b/modules/logging/netwriter.go @@ -18,7 +18,9 @@ import ( "fmt" "io" "net" + "os" "sync" + "time" "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" @@ -28,10 +30,16 @@ func init() { caddy.RegisterModule(NetWriter{}) } -// NetWriter implements a log writer that outputs to a network socket. +// NetWriter implements a log writer that outputs to a network socket. If +// the socket goes down, it will dump logs to stderr while it attempts to +// reconnect. type NetWriter struct { + // The address of the network socket to which to connect. Address string `json:"address,omitempty"` + // The timeout to wait while connecting to the socket. + DialTimeout caddy.Duration `json:"dial_timeout,omitempty"` + addr caddy.NetworkAddress } @@ -60,6 +68,10 @@ func (nw *NetWriter) Provision(ctx caddy.Context) error { return fmt.Errorf("multiple ports not supported") } + if nw.DialTimeout < 0 { + return fmt.Errorf("timeout cannot be less than 0") + } + return nil } @@ -74,7 +86,10 @@ func (nw NetWriter) WriterKey() string { // OpenWriter opens a new network connection. func (nw NetWriter) OpenWriter() (io.WriteCloser, error) { - reconn := &redialerConn{nw: nw} + reconn := &redialerConn{ + nw: nw, + timeout: time.Duration(nw.DialTimeout), + } conn, err := reconn.dial() if err != nil { return nil, err @@ -87,7 +102,9 @@ func (nw NetWriter) OpenWriter() (io.WriteCloser, error) { // UnmarshalCaddyfile sets up the handler from Caddyfile tokens. Syntax: // -// net
+// net
{ +// dial_timeout +// } // func (nw *NetWriter) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { for d.Next() { @@ -98,6 +115,22 @@ func (nw *NetWriter) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { if d.NextArg() { return d.ArgErr() } + for nesting := d.Nesting(); d.NextBlock(nesting); { + switch d.Val() { + case "dial_timeout": + if !d.NextArg() { + return d.ArgErr() + } + timeout, err := caddy.ParseDuration(d.Val()) + if err != nil { + return d.Errf("invalid duration: %s", d.Val()) + } + if d.NextArg() { + return d.ArgErr() + } + nw.DialTimeout = caddy.Duration(timeout) + } + } } return nil } @@ -107,8 +140,10 @@ func (nw *NetWriter) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { // is retried. type redialerConn struct { net.Conn - connMu sync.RWMutex - nw NetWriter + connMu sync.RWMutex + nw NetWriter + timeout time.Duration + lastRedial time.Time } // Write wraps the underlying Conn.Write method, but if that fails, @@ -131,20 +166,32 @@ func (reconn *redialerConn) Write(b []byte) (n int, err error) { return } - // we're the lucky first goroutine to re-dial the connection - conn2, err2 := reconn.dial() - if err2 != nil { - return - } - if n, err = conn2.Write(b); err == nil { - reconn.Conn.Close() - reconn.Conn = conn2 + // there's still a problem, so try to re-attempt dialing the socket + // if some time has passed in which the issue could have potentially + // been resolved - we don't want to block at every single log + // emission (!) - see discussion in #4111 + if time.Since(reconn.lastRedial) > 10*time.Second { + reconn.lastRedial = time.Now() + conn2, err2 := reconn.dial() + if err2 != nil { + // logger socket still offline; instead of discarding the log, dump it to stderr + os.Stderr.Write(b) + return + } + if n, err = conn2.Write(b); err == nil { + reconn.Conn.Close() + reconn.Conn = conn2 + } + } else { + // last redial attempt was too recent; just dump to stderr for now + os.Stderr.Write(b) } + return } func (reconn *redialerConn) dial() (net.Conn, error) { - return net.Dial(reconn.nw.addr.Network, reconn.nw.addr.JoinHostPort(0)) + return net.DialTimeout(reconn.nw.addr.Network, reconn.nw.addr.JoinHostPort(0), reconn.timeout) } // Interface guards From b4cef492cc2b4c6ee0e43b083488823cbf5e3a48 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Mon, 24 May 2021 16:21:53 -0600 Subject: [PATCH 0396/1498] Update .goreleaser.yml Ubuntu's package updater doesn't show the name of the package, so just adding "Caddy" to the description helps a lot --- .goreleaser.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.goreleaser.yml b/.goreleaser.yml index 871f92fa..22074316 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -79,7 +79,7 @@ nfpms: homepage: https://caddyserver.com maintainer: Matthew Holt description: | - Powerful, enterprise-ready, open source web server with automatic HTTPS written in Go + Caddy - Powerful, enterprise-ready, open source web server with automatic HTTPS written in Go license: Apache 2.0 formats: From ecd5eeab3857a0d6903a85bf52183171bda1920c Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 3 Jun 2021 12:18:25 -0600 Subject: [PATCH 0397/1498] go.mod: Update direct dependencies --- go.mod | 38 +- go.sum | 619 +++++++++++----------- modules/caddyhttp/celmatcher.go | 4 +- modules/caddypki/acmeserver/acmeserver.go | 23 +- modules/caddytls/internalissuer.go | 4 +- 5 files changed, 357 insertions(+), 331 deletions(-) diff --git a/go.mod b/go.mod index 6fe6902e..9fc4f5b0 100644 --- a/go.mod +++ b/go.mod @@ -3,33 +3,33 @@ module github.com/caddyserver/caddy/v2 go 1.15 require ( - github.com/Masterminds/sprig/v3 v3.1.0 - github.com/alecthomas/chroma v0.8.2 - github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a + github.com/Masterminds/sprig/v3 v3.2.2 + github.com/alecthomas/chroma v0.9.1 + github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b github.com/caddyserver/certmagic v0.13.1 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-chi/chi v4.1.2+incompatible - github.com/google/cel-go v0.6.0 + github.com/google/cel-go v0.7.3 github.com/google/uuid v1.2.0 - github.com/klauspost/compress v1.11.3 + github.com/klauspost/compress v1.13.0 github.com/klauspost/cpuid/v2 v2.0.6 - github.com/lucas-clemente/quic-go v0.20.1 + github.com/lucas-clemente/quic-go v0.21.0 github.com/mholt/acmez v0.1.3 github.com/naoina/go-stringutil v0.1.0 // indirect github.com/naoina/toml v0.1.1 - github.com/prometheus/client_golang v1.9.0 - github.com/smallstep/certificates v0.15.4 - github.com/smallstep/cli v0.15.2 - github.com/smallstep/nosql v0.3.0 // cannot upgrade from v0.3.0 until protobuf warning is fixed + github.com/prometheus/client_golang v1.10.1-0.20210603120351-253906201bda + github.com/smallstep/certificates v0.15.15 + github.com/smallstep/cli v0.15.16 + github.com/smallstep/nosql v0.3.6 github.com/smallstep/truststore v0.9.6 - github.com/yuin/goldmark v1.2.1 - github.com/yuin/goldmark-highlighting v0.0.0-20200307114337-60d527fdb691 - go.uber.org/zap v1.16.0 - golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de - golang.org/x/net v0.0.0-20201110031124-69a78807bb2b - golang.org/x/term v0.0.0-20210317153231-de623e64d2a6 - google.golang.org/genproto v0.0.0-20200806141610-86f49bd18e98 - google.golang.org/protobuf v1.24.0 // cannot upgrade until warning is fixed + github.com/yuin/goldmark v1.3.7 + github.com/yuin/goldmark-highlighting v0.0.0-20210516132338-9216f9c5aa01 + go.uber.org/zap v1.17.0 + golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a + golang.org/x/net v0.0.0-20210525063256-abc453219eb5 + golang.org/x/term v0.0.0-20210503060354-a79de5458b56 + google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c + google.golang.org/protobuf v1.26.0 gopkg.in/natefinch/lumberjack.v2 v2.0.0 - gopkg.in/yaml.v2 v2.3.0 + gopkg.in/yaml.v2 v2.4.0 ) diff --git a/go.sum b/go.sum index b13a5c7e..b462796a 100644 --- a/go.sum +++ b/go.sum @@ -7,12 +7,33 @@ cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6A cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= -cloud.google.com/go v0.51.0 h1:PvKAVQWCtlGUSlZkGW3QLelKaWq7KYv/MW1EboG8bfM= -cloud.google.com/go v0.51.0/go.mod h1:hWtGJ6gnXH+KgDv+V0zFGDvpi07n3z8ZNj3T1RW0Gcw= +cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= +cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= +cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= +cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= +cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= +cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= +cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= +cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= +cloud.google.com/go v0.70.0 h1:ujhG1RejZYi+HYfJNlgBh3j/bVKD8DewM7AkJ5UPyBc= +cloud.google.com/go v0.70.0/go.mod h1:/UTKYRQTWjVnSe7nGvoSzxEFUELzSI/yAYd0JQT6cRo= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= +cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= +cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= +cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= +cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= +cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= +cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= +cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= +cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= +cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= +cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= +cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= +cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= +cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= contrib.go.opencensus.io/exporter/stackdriver v0.12.1/go.mod h1:iwB6wGarfphGGe/e5CWqyUk/cLzKnWsOKPVW3no6OTw= contrib.go.opencensus.io/resource v0.1.1/go.mod h1:F361eGI91LCmW1I/Saf+rX0+OFcigGlFvXwEGEnkRLA= dmitri.shuralyov.com/app/changes v0.0.0-20180602232624-0a106ad413e3/go.mod h1:Yl+fi1br7+Rr3LqpNJf1/uxUdtRUV+Tnj0o93V2B9MU= @@ -21,49 +42,44 @@ dmitri.shuralyov.com/html/belt v0.0.0-20180602232347-f7d459c86be0/go.mod h1:JLBr dmitri.shuralyov.com/service/change v0.0.0-20181023043359-a85b471d5412/go.mod h1:a1inKt/atXimZ4Mv927x+r7UpyzRUf4emIoiiSC2TN4= dmitri.shuralyov.com/state v0.0.0-20180228185332-28bcc343414c/go.mod h1:0PRwlb0D6DFvNNtx+9ybjezNCa8XF0xaYcETyp6rHWU= git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg= -github.com/AndreasBriese/bbloom v0.0.0-20190306092124-e2d15f34fcf9 h1:HD8gA2tkByhMAwYaFAX9w2l7vxvBQ5NMoxDrkhqhtn4= -github.com/AndreasBriese/bbloom v0.0.0-20190306092124-e2d15f34fcf9/go.mod h1:bOvUY6CB00SOBii9/FifXqc0awNKxLFCL/+pkDPuyl8= +github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96 h1:cTp8I5+VIoKjsnZuH8vjyaysT/ses3EvZeaV/1UkF2M= +github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96/go.mod h1:bOvUY6CB00SOBii9/FifXqc0awNKxLFCL/+pkDPuyl8= github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/DataDog/zstd v1.4.1 h1:3oxKN3wbHibqx897utPC2LTQU4J+IHWWJO+glkAkpFM= github.com/DataDog/zstd v1.4.1/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo= -github.com/GeertJohan/go.incremental v1.0.0/go.mod h1:6fAjUhbVuX1KcMD3c8TEgVUqmo4seqhv0i0kdATSkM0= -github.com/GeertJohan/go.rice v1.0.0/go.mod h1:eH6gbSOAUv07dQuZVnBmoDP8mgsM1rtixis4Tib9if0= -github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= +github.com/DataDog/zstd v1.4.5 h1:EndNeuB0l9syBZhut0wns3gV1hL8zX8LIu6ZiVHWLIQ= +github.com/DataDog/zstd v1.4.5/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo= github.com/Masterminds/glide v0.13.2/go.mod h1:STyF5vcenH/rUqTEv+/hBXlSTo7KYwg2oc2f4tzPWic= -github.com/Masterminds/goutils v1.1.0 h1:zukEsf/1JZwCMgHiK3GZftabmxiCw4apj3a28RPBiVg= github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= +github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= +github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= github.com/Masterminds/semver v1.4.2 h1:WBLTQ37jOCzSLtXNdoo8bNM8876KhNqOKvrlGITgsTc= github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= -github.com/Masterminds/semver/v3 v3.1.0 h1:Y2lUDsFKVRSYGojLJ1yLxSXdMmMYTYls0rCvoqmMUQk= github.com/Masterminds/semver/v3 v3.1.0/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= -github.com/Masterminds/sprig/v3 v3.1.0 h1:j7GpgZ7PdFqNsmncycTHsLmVPf5/3wJtlgW9TNDYD9Y= +github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc= +github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= github.com/Masterminds/sprig/v3 v3.1.0/go.mod h1:ONGMf7UfYGAbMXCZmQLy8x3lCDIPrEZE/rU8pmrbihA= +github.com/Masterminds/sprig/v3 v3.2.2 h1:17jRggJu518dr3QaafizSXOjKYp94wKfABxUmyxvxX8= +github.com/Masterminds/sprig/v3 v3.2.2/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk= github.com/Masterminds/vcs v1.13.0/go.mod h1:N09YCmOQr6RLxC6UNHzuVwAdodYbbnycGHSmwVJjcKA= github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA= github.com/OneOfOne/xxhash v1.2.2 h1:KMrpdQIwFcEqXDklaen+P1axHaj9BSKzvpUUfnHldSE= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/OpenPeeDeeP/depguard v1.0.0/go.mod h1:7/4sitnI9YlQgTLLk734QlzXT8DuHVnAyztLplQjk+o= github.com/OpenPeeDeeP/depguard v1.0.1/go.mod h1:xsIw86fROiiwelg+jB2uM9PiKihMMmUx/1V+TNhjQvM= -github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= -github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= github.com/StackExchange/wmi v0.0.0-20180116203802-5d049714c4a6/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg= +github.com/ThalesIgnite/crypto11 v1.2.4/go.mod h1:ILDKtnCKiQ7zRoNxcp36Y1ZR8LBPmR2E23+wTQe/MlE= github.com/ThomasRooney/gexpect v0.0.0-20161231170123-5482f0350944/go.mod h1:sPML5WwI6oxLRLPuuqbtoOKhtmpVDCYtwsps+I+vjIY= -github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g= -github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= -github.com/akavel/rsrc v0.8.0/go.mod h1:uLoCtb9J+EyAqh+26kdrTgmzRBFPGOolLWKpdxkKq+c= github.com/alecthomas/assert v0.0.0-20170929043011-405dbfeb8e38 h1:smF2tmSOzy2Mm+0dGI2AIUHY+w0BUc+4tn40djz7+6U= github.com/alecthomas/assert v0.0.0-20170929043011-405dbfeb8e38/go.mod h1:r7bzyVFMNntcxPZXK3/+KdruV1H5KSlyVY0gc+NgInI= github.com/alecthomas/chroma v0.7.2-0.20200305040604-4f3623dce67a/go.mod h1:fv5SzZPFJbwp2NXJWpFIX7DZS4HgV1K4ew4Pc2OZD9s= -github.com/alecthomas/chroma v0.8.2 h1:x3zkuE2lUk/RIekyAJ3XRqSCP4zwWDfcw/YJCuCAACg= -github.com/alecthomas/chroma v0.8.2/go.mod h1:sko8vR34/90zvl5QdcUdvzL3J8NKjAUx9va9jPuFNoM= +github.com/alecthomas/chroma v0.9.1 h1:cBmvQqRImzR5aWqdMxYZByND4S7BCS/g0svZb28h0Dc= +github.com/alecthomas/chroma v0.9.1/go.mod h1:eMuEnpA18XbG/WhOWtCzJHS7WqEtDAI+HxdwoW0nVSk= github.com/alecthomas/colour v0.0.0-20160524082231-60882d9e2721 h1:JHZL0hZKJ1VENNfmXvHbgYlbUOvpzYzvy2aZU5gXVeo= github.com/alecthomas/colour v0.0.0-20160524082231-60882d9e2721/go.mod h1:QO9JBoKquHd+jz9nshCh40fOfO+JzsoXy8qTHF68zU0= -github.com/alecthomas/kong v0.1.17-0.20190424132513-439c674f7ae0/go.mod h1:+inYUSluD+p4L8KdviBSgzcqEjUQOfC5fQDRFuc36lI= github.com/alecthomas/kong v0.2.1-0.20190708041108-0548c6b1afae/go.mod h1:+inYUSluD+p4L8KdviBSgzcqEjUQOfC5fQDRFuc36lI= github.com/alecthomas/kong v0.2.4/go.mod h1:kQOmtJgV+Lb4aj+I2LEn40cbtawdWJ9Y8QLq+lElKxE= -github.com/alecthomas/kong-hcl v0.1.8-0.20190615233001-b21fea9723c8/go.mod h1:MRgZdU3vrFd05IQ89AxUZ0aYdF39BYoNFa324SodPCA= github.com/alecthomas/repr v0.0.0-20180818092828-117648cd9897 h1:p9Sln00KOTlrYkxI1zYWl1QLnEqAqEARBEYa8FQnQcY= github.com/alecthomas/repr v0.0.0-20180818092828-117648cd9897/go.mod h1:xTS7Pm1pD1mvyM075QCDSRqH6qRLXylzS24ZTpRiSzQ= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= @@ -72,24 +88,15 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= -github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/antlr/antlr4 v0.0.0-20200503195918-621b933c7a7f h1:0cEys61Sr2hUBEXfNV8eyQP01oZuBgoMeHunebPirK8= github.com/antlr/antlr4 v0.0.0-20200503195918-621b933c7a7f/go.mod h1:T7PbCXFs94rrTttyxjbyT5+/1V8T2TYDejxUfHJjw1Y= -github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= -github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= -github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= -github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= -github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= -github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a h1:pv34s756C4pEXnjgPfGYgdhg/ZdajGhyOvzx8k+23nw= -github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A= +github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b h1:uUXgbcPDK3KpW29o4iy7GtuappbWT0l5NaMo9H9pJDw= +github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A= github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= -github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU= github.com/aws/aws-sdk-go v1.19.18/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.30.29 h1:NXNqBS9hjOCpDL8SyCyl38gZX3LLLunKOJc5E7vJ8P0= github.com/aws/aws-sdk-go v1.30.29/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= -github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -101,8 +108,6 @@ github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBT github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= github.com/caddyserver/certmagic v0.13.1 h1:A5qLxh9J6/CYWEOHaj135IWAjCY0193ONxEy8jbOlPw= github.com/caddyserver/certmagic v0.13.1/go.mod h1:+zhQtEgLOyXRA/KRduHXNhGGdTeqRM4ePj8eBGD/2CQ= -github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= -github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= @@ -117,23 +122,18 @@ github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e h1:fY5BOSpyZCqRo5O github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1 h1:q763qf9huN11kDQavWsoZXJNW3xEE4JJyHa5Q25/sd8= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= -github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= -github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI= +github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= +github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/codegangsta/cli v1.20.0/go.mod h1:/qJNoX69yVSKu5o4jLyXAENLRyk1uhi7zkbQ3slBdOA= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= -github.com/coreos/bbolt v1.3.3/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= -github.com/coreos/etcd v3.3.18+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= -github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20181012123002-c6f51f82210d/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= -github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/corpix/uarand v0.1.1/go.mod h1:SFKZvkcRoLqVRFZ4u25xPmp6m9ktANfbpXZ7SJ0/FNU= github.com/cpuguy83/go-md2man v1.0.10 h1:BSKMNlYxDvnunlTymqtgONjNnaRV1sTpcovwwjF22jk= @@ -142,43 +142,39 @@ github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:ma github.com/cpuguy83/go-md2man/v2 v2.0.0 h1:EoUDS0afbrsXAZ9YQ9jdu/mZ2sXgT1/2yyNng4PGlyM= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= -github.com/daaku/go.zipexe v1.0.0/go.mod h1:z8IiR6TsVLEYKwXAoE/I+8ys/sDkgTzSL0CLnGVd57E= github.com/danwakefield/fnmatch v0.0.0-20160403171240-cbb64ac3d964 h1:y5HC9v93H5EPKqaS1UYVg1uYah5Xf51mBfIoWehClUQ= github.com/danwakefield/fnmatch v0.0.0-20160403171240-cbb64ac3d964/go.mod h1:Xd9hchkHSWYkEqJwUGisez3G1QY8Ryz0sdWrLPMGjLk= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/dgraph-io/badger v1.5.3 h1:5oWIuRvwn93cie+OSt1zSnkaIQ1JFQM8bGlIv6O6Sts= -github.com/dgraph-io/badger v1.5.3/go.mod h1:VZxzAIRPHRVNRKRo6AXrX9BJegn6il06VMTZVJYCIjQ= -github.com/dgraph-io/badger/v2 v2.0.1-rc1.0.20200413122845-09dd2e1a4195 h1:n8KbImHW5qZCXv1y3tHjz5yz418/eTxeRJZ2ZuDm1ZU= -github.com/dgraph-io/badger/v2 v2.0.1-rc1.0.20200413122845-09dd2e1a4195/go.mod h1:3KY8+bsP8wI0OEnQJAKpd4wIJW/Mm32yw2j/9FUVnIM= -github.com/dgraph-io/ristretto v0.0.2-0.20200115201040-8f368f2f2ab3 h1:MQLRM35Pp0yAyBYksjbj1nZI/w6eyRY/mWoM1sFf4kU= -github.com/dgraph-io/ristretto v0.0.2-0.20200115201040-8f368f2f2ab3/go.mod h1:KPxhHT9ZxKefz+PCeOGsrHpl1qZ7i70dGTu2u+Ahh6E= +github.com/dgraph-io/badger v1.6.2 h1:mNw0qs90GVgGGWylh0umH5iag1j6n/PeJtNvL6KY/x8= +github.com/dgraph-io/badger v1.6.2/go.mod h1:JW2yswe3V058sS0kZ2h/AXeDSqFjxnZcRrVH//y2UQE= +github.com/dgraph-io/badger/v2 v2.0.1-rc1.0.20201003150343-5d1bab4fc658 h1:/WBjuutuivOA02gpDtrvrWKw01ugkyt3QnimB7enbtI= +github.com/dgraph-io/badger/v2 v2.0.1-rc1.0.20201003150343-5d1bab4fc658/go.mod h1:2uGEvGm+JSDLd5UAaKIFSbXDcYyeH0fWJP4N2HMMYMI= +github.com/dgraph-io/ristretto v0.0.2/go.mod h1:KPxhHT9ZxKefz+PCeOGsrHpl1qZ7i70dGTu2u+Ahh6E= +github.com/dgraph-io/ristretto v0.0.4-0.20200906165740-41ebdbffecfd h1:KoJOtZf+6wpQaDTuOWGuo61GxcPBIfhwRxRTaTWGCTc= +github.com/dgraph-io/ristretto v0.0.4-0.20200906165740-41ebdbffecfd/go.mod h1:YylP9MpCYGVZQrly/j/diqcdUetCRRePeBB0c2VGXsA= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= -github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2 h1:tdlZCpZ/P9DhczCTSixgIKmwPv6+wP5DGjqLYw5SUiA= github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= +github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13 h1:fAjc9m62+UWV/WAFKLNi6ZS0675eEUC9y3AlwSbQu1Y= +github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/dlclark/regexp2 v1.1.6/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc= -github.com/dlclark/regexp2 v1.2.0 h1:8sAhBGEM0dRWogWqWyQeIJnxjWO6oIjl8FKqREDsGfk= github.com/dlclark/regexp2 v1.2.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc= -github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= +github.com/dlclark/regexp2 v1.4.0 h1:F1rxgk7p4uKjwIQxBs9oAXe5CqrXlCduYEJvrF4u93E= +github.com/dlclark/regexp2 v1.4.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac h1:opbrjaN/L8gg6Xh5D04Tem+8xVcz6ajZlGCs49mQgyg= github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= -github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= -github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= -github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= -github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M= -github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4safvEdbitLhGGK48rN6g= +github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= +github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/fatih/color v1.6.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= -github.com/fatih/color v1.8.0/go.mod h1:3l45GVGkyrnYNl9HoIjnp2NnNWvh6hLAqD8yTfGjnw8= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiDsoyrBGkyDY= -github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= -github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= @@ -188,18 +184,20 @@ github.com/go-chi/chi v4.0.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxm github.com/go-chi/chi v4.1.2+incompatible h1:fGFk2Gmi/YKXk0OmGfBh0WgmN3XB8lVnEyNz34tQRec= github.com/go-chi/chi v4.1.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= github.com/go-critic/go-critic v0.3.5-0.20190526074819-1df300866540/go.mod h1:+sE8vrLDS2M0pZkBk0wy6+nLdKexVDrl/jBqQOTDThA= -github.com/go-critic/go-critic v0.4.0/go.mod h1:7/14rZGnZbY6E38VEGk2kVhoq6itzc1E68facVDK23g= +github.com/go-critic/go-critic v0.4.1/go.mod h1:7/14rZGnZbY6E38VEGk2kVhoq6itzc1E68facVDK23g= github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= +github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= +github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= -github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o= +github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= github.com/go-lintpack/lintpack v0.5.2/go.mod h1:NwZuYi2nUHho8XEIZ6SIxihrnPoqBTDqfpXvXAN0sXM= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= github.com/go-ole/go-ole v1.2.1/go.mod h1:7FAglXiTm7HKlQRDeOQ6ZNUHidzCWXuZWq/1dTyBNF8= -github.com/go-piv/piv-go v1.5.0/go.mod h1:ON2WvQncm7dIkCQ7kYJs+nc3V4jHGfrrJnSF8HKy7Gk= +github.com/go-piv/piv-go v1.7.0/go.mod h1:ON2WvQncm7dIkCQ7kYJs+nc3V4jHGfrrJnSF8HKy7Gk= github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-sql-driver/mysql v1.5.0 h1:ozyZYNQW3x3HtqT1jira07DN2PArx2v7/mN66gGcHOs= @@ -220,23 +218,22 @@ github.com/go-toolsmith/strparse v1.0.0/go.mod h1:YI2nUKP9YGZnL/L1/DLFBfixrcjslW github.com/go-toolsmith/typep v1.0.0/go.mod h1:JSQCQMUPdRlMZFswiq3TGpNp1GMktqkR2Ns5AIQkATU= github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= github.com/gofrs/flock v0.0.0-20190320160742-5135e617513b/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU= -github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= -github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= -github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7 h1:5ZkaAPbicIKTF2I64qf5Fh8Aa83Q/dnOafMYV0OMwjA= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e h1:1r7pUrabqp18hOBcwBwiTsbnFeTZHV9eER/QT5JVZxY= +github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E= github.com/golang/mock v1.0.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= +github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= +github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= +github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= github.com/golang/mock v1.5.0 h1:jlYHihg//f7RRwuPfptm04yp4s7O6Kw8EZiVYIGcH0g= github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8= @@ -245,6 +242,7 @@ github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5y github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= +github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= @@ -252,11 +250,14 @@ github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:W github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.4.3 h1:JjCZWpVbqXDqFVmTfYWEVTMIYrL/NPdPSCHPJ0T/raM= github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/golang/snappy v0.0.1 h1:Qgr9rKW7uDUkrbSmQeiDsGa8SjGyCOGtuasMWwvp2P4= +github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= +github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= +github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= +github.com/golang/snappy v0.0.2/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= +github.com/golang/snappy v0.0.3 h1:fHPg5GQYlCeLIPB9BZqMVR5nR9A+IM5zcgeTdjMYmLA= +github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golangci/check v0.0.0-20180506172741-cfe4005ccda2/go.mod h1:k9Qvh+8juN+UKMCS/3jFtGICgW8O96FVaZsaxdzDkR4= github.com/golangci/dupl v0.0.0-20180902072040-3e9179ac440a/go.mod h1:ryS0uhF+x9jgbj/N71xsEqODy9BN81/GonCZiOzirOk= github.com/golangci/errcheck v0.0.0-20181223084120-ef45e06d44b6/go.mod h1:DbHgvLiFKX1Sh2T1w8Q/h4NAI8MHIpzCdnBUDTXU3I0= @@ -264,11 +265,10 @@ github.com/golangci/go-misc v0.0.0-20180628070357-927a3d87b613/go.mod h1:SyvUF2N github.com/golangci/go-tools v0.0.0-20190318055746-e32c54105b7c/go.mod h1:unzUULGw35sjyOYjUt0jMTXqHlZPpPc6e+xfO4cd6mM= github.com/golangci/goconst v0.0.0-20180610141641-041c5f2b40f3/go.mod h1:JXrF4TWy4tXYn62/9x8Wm/K/dm06p8tCKwFRDPZG/1o= github.com/golangci/gocyclo v0.0.0-20180528134321-2becd97e67ee/go.mod h1:ozx7R9SIwqmqf5pRP90DhR2Oay2UIjGuKheCBCNwAYU= -github.com/golangci/gocyclo v0.0.0-20180528144436-0a533e8fa43d/go.mod h1:ozx7R9SIwqmqf5pRP90DhR2Oay2UIjGuKheCBCNwAYU= github.com/golangci/gofmt v0.0.0-20181222123516-0b8337e80d98/go.mod h1:9qCChq59u/eW8im404Q2WWTrnBUQKjpNYKMbU4M7EFU= github.com/golangci/gofmt v0.0.0-20190930125516-244bba706f1a/go.mod h1:9qCChq59u/eW8im404Q2WWTrnBUQKjpNYKMbU4M7EFU= github.com/golangci/golangci-lint v1.17.2-0.20190910081718-bad04bb7378f/go.mod h1:kaqo8l0OZKYPtjNmG4z4HrWLgcYNIJ9B9q3LWri9uLg= -github.com/golangci/golangci-lint v1.22.2/go.mod h1:2Bj42k6hPQFTRxkDb7S3TQ+EsnumZXOmIYNqlQrp0FI= +github.com/golangci/golangci-lint v1.24.0/go.mod h1:yIqiAZ2SSQqg+1JeFlAdvEWjGVz4uu5jr4lrciqA1gE= github.com/golangci/gosec v0.0.0-20190211064107-66fb7fc33547/go.mod h1:0qUabqiIQgfmlAmulqxyiGkkyF6/tOGSnY2cnPVwrzU= github.com/golangci/ineffassign v0.0.0-20190609212857-42439a7714cc/go.mod h1:e5tpTHCfVze+7EpLEozzMB3eafxo2KT5veNg1k6byQU= github.com/golangci/lint-1 v0.0.0-20190420132249-ee948d087217/go.mod h1:66R6K6P6VWk9I95jvqGxkqJxVWGFy9XlDwLwVz1RCFg= @@ -277,33 +277,44 @@ github.com/golangci/maligned v0.0.0-20180506175553-b1d89398deca/go.mod h1:tvlJhZ github.com/golangci/misspell v0.0.0-20180809174111-950f5d19e770/go.mod h1:dEbvlSfYbMQDtrpRMQU675gSDLDNa8sCPPChZ7PhiVA= github.com/golangci/prealloc v0.0.0-20180630174525-215b22d4de21/go.mod h1:tf5+bzsHdTM0bsB7+8mt0GUMvjCgwLpTapNZHU8AajI= github.com/golangci/revgrep v0.0.0-20180526074752-d9c87f5ffaf0/go.mod h1:qOQCunEYvmd/TLamH+7LlVccLvUH5kZNhbCgTHoBbp4= -github.com/golangci/revgrep v0.0.0-20180812185044-276a5c0a1039/go.mod h1:qOQCunEYvmd/TLamH+7LlVccLvUH5kZNhbCgTHoBbp4= github.com/golangci/unconvert v0.0.0-20180507085042-28b1c447d1f4/go.mod h1:Izgrg8RkN3rCIMLGE9CyYmU9pY2Jer6DgANEnZ/L/cQ= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/cel-go v0.6.0 h1:Li+angxmgvzlwDsPuFc1/nbqnq3gc4K/X7NrWjOADFI= -github.com/google/cel-go v0.6.0/go.mod h1:rHS68o5G1QcUv/ubiCoZ5nT5LHxRWWfS0qMzTgv42WQ= -github.com/google/cel-spec v0.4.0/go.mod h1:2pBM5cU4UKjbPDXBgwWkiwBsVgnxknuEJ7C5TDWwORQ= +github.com/google/cel-go v0.7.3 h1:8v9BSN0avuGwrHFKNCjfiQ/CE6+D6sW+BDyOVoEeP6o= +github.com/google/cel-go v0.7.3/go.mod h1:4EtyFAHT5xNr0Msu0MJjyGxPUgdr9DlcaPyzLt/kkt8= +github.com/google/cel-spec v0.5.0/go.mod h1:Nwjgxy5CbjlPrtCWjeDjUyKMl8w41YBYGjsyDdqk0xA= github.com/google/certificate-transparency-go v1.1.0/go.mod h1:i+Q7XY+ArBveOUT36jiHGfuSK1fHICIg6sUkRxPAbCs= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU= +github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= +github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= github.com/google/monologue v0.0.0-20190606152607-4b11a32b5934/go.mod h1:6NTfaQoUpg5QmPsCUWLR3ig33FHrKXhTtWzF0DVdmuk= -github.com/google/monologue v0.0.0-20191220140058-35abc9683a6c/go.mod h1:6NTfaQoUpg5QmPsCUWLR3ig33FHrKXhTtWzF0DVdmuk= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20201009210932-67992a1a5a35/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/trillian v1.2.2-0.20190612132142-05461f4df60a/go.mod h1:YPmUVn5NGwgnDUgqlVyFGMTgaWlnSvH7W5p+NdOG8UA= github.com/google/trillian-examples v0.0.0-20190603134952-4e75ba15216c/go.mod h1:WgL3XZ3pA8/9cm7yxqWrZE6iZkESB2ItGxy5Fo6k2lk= github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.2.0 h1:qJYtXnJRWmpe7m/3XlyhrsLrEURqHRM2kxzoxXqyUDs= github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gax-go v2.0.0+incompatible h1:j0GKcs05QVmm7yesiZq2+9cxHkNK9YM6zKx4D2qucQU= @@ -313,70 +324,40 @@ github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+ github.com/googleapis/gax-go/v2 v2.0.5 h1:sjZBwGj9Jlw33ImPtvFviGYvseOtDM7hkSKB7+Tv3SM= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= -github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= -github.com/gorilla/csrf v1.6.0/go.mod h1:7tSf8kmjNYr7IWDCYhd3U8Ck34iQ/Yw5CJu7bAkHEGI= -github.com/gorilla/handlers v1.4.1/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ= -github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= -github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= -github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4= -github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= -github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gostaticanalysis/analysisutil v0.0.0-20190318220348-4088753ea4d3/go.mod h1:eEOZF4jCKGi+aprrirO9e7WKB3beBRtWgqGunKl6pKE= -github.com/gostaticanalysis/analysisutil v0.0.3/go.mod h1:eEOZF4jCKGi+aprrirO9e7WKB3beBRtWgqGunKl6pKE= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= -github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= -github.com/grpc-ecosystem/go-grpc-middleware v1.1.0/go.mod h1:f5nM7jw/oeRSadq3xCzHAvxcr8HZnzsqU6ILg/0NiiE= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.5.0/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw= github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= -github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= -github.com/grpc-ecosystem/grpc-gateway v1.12.1/go.mod h1:8XEsbTttt/W+VvjtQhLACqCisSPWTxCZ7sBRjU6iH9c= -github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE= -github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= -github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= -github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= -github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= -github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= -github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= -github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= -github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= -github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= -github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= -github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/hcl v0.0.0-20180404174102-ef8a98b0bbce/go.mod h1:oZtUIOe8dh44I2q6ScRibXws4Ajl+d+nod3AaR9vL5w= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= -github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= -github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I= -github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/huandu/xstrings v1.3.1 h1:4jgBlKK6tLKFvO8u5pmYjG91cqytmDCDvGh7ECVFfFs= github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= -github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= +github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/icrowley/fake v0.0.0-20180203215853-4178557ae428/go.mod h1:uhpZMVGznybq1itEKXj6RYw9I71qK4kH+OGMjRC4KEo= -github.com/imdario/mergo v0.3.8 h1:CGgOkSJeqMRmt0D9XLWExdT4m4F1vd3FV3VPt+0VxkQ= github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= +github.com/imdario/mergo v0.3.11 h1:3tnifQM4i+fbajXKBHXWEH+KvNHqojZ778UH75j3bGA= +github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= -github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo= github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0B/fFc00Y+Rasa88328GlI/XbtyysCtTHZS8h7IrBU= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= +github.com/jingyugao/rowserrcheck v0.0.0-20191204022205-72ab7603b68a/go.mod h1:xRskid8CManxVta/ALEhJha/pweKBaVG6fWgc0yH25s= +github.com/jirfag/go-printf-func-name v0.0.0-20191110105641-45db9963cdd3/go.mod h1:HEWGJkRDzjJY2sqdDwxccsGicWEf9BQOZsq2tV+xzM0= github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.3.0 h1:OS12ieG61fsCg5+qLJ+SsW9NicxNkg3b25OyT2yCeUc= github.com/jmespath/go-jmespath v0.3.0/go.mod h1:9QtRXoHjLGCJ5IBSaohpXITPlowMeeYCZ7fLUTSywik= +github.com/jmoiron/sqlx v1.2.1-0.20190826204134-d7d95172beb5/go.mod h1:1FEQNm3xlJgrMD+FBdI9+xvCksHtbpVBBw5dYhBSsks= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= -github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= @@ -387,13 +368,12 @@ github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7V github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= -github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/gotool v0.0.0-20161130080628-0de1eaf82fa3/go.mod h1:jxZFDH7ILpTPQTk+E2s+z4CUas9lVNjIuKR4c5/zKgM= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.4.0/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= -github.com/klauspost/compress v1.11.3 h1:dB4Bn0tN3wdCzQxnS8r06kV74qN/TAfaIS0bVE8h3jc= -github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= +github.com/klauspost/compress v1.13.0 h1:2T7tUoQrQT+fQWdaY5rjWztFGAFwbGD04iPJg90ZiOs= +github.com/klauspost/compress v1.13.0/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= github.com/klauspost/cpuid v0.0.0-20180405133222-e7e905edc00e/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/klauspost/cpuid v1.2.0 h1:NMpwD2G9JSFOE1/TJjGSo5zG7Yb2bTe7eq1jH+irmeE= github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= @@ -404,8 +384,9 @@ github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxv github.com/konsorten/go-windows-terminal-sequences v1.0.3 h1:CE8S1cTafDpPvMhIxNJKvHsGVBgn1xWYf1NbHQhywc8= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= -github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pretty v0.2.0 h1:s5hAObm+yFO5uHYt5dYjxi2rXrsnmRpJx4OYvIWUaQs= +github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.3/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= @@ -414,30 +395,31 @@ github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/letsencrypt/pkcs11key v2.0.1-0.20170608213348-396559074696+incompatible/go.mod h1:iGYXKqDXt0cpBthCHdr9ZdsQwyGlYFh/+8xa4WzIQ34= +github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/libdns/libdns v0.2.0 h1:ewg3ByWrdUrxrje8ChPVMBNcotg7H9LQYg+u5De2RzI= github.com/libdns/libdns v0.2.0/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40= -github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= -github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= -github.com/lucas-clemente/quic-go v0.20.1 h1:hb5m76V8QS/8Nw/suHvXqo3BMHAozvIkcnzpJdpanSk= -github.com/lucas-clemente/quic-go v0.20.1/go.mod h1:fZq/HUDIM+mW6X6wtzORjC0E/WDBMKe5Hf9bgjISwLk= +github.com/lucas-clemente/quic-go v0.21.0 h1:ZdC8UBxUSBdPlEv1+4y4SqIBy54VA8bRxN7DmkQ0URs= +github.com/lucas-clemente/quic-go v0.21.0/go.mod h1:BWkfkkOSJD1AxFNBqdjBZi6FznZ96bhdcvZiA+LDrY8= +github.com/lunixbochs/vtclean v0.0.0-20180621232353-2d01aacdc34a/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/lunixbochs/vtclean v1.0.0 h1:xu2sLAri4lGiovBDQKxl5mrXyESr3gUr5m5SM5+LVb8= github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= -github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= github.com/magiconair/properties v1.7.6/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/manifoldco/promptui v0.3.1 h1:BxqNa7q1hVHXIXy3iupJMkXYS3aHhbubJWv2Jmg6x64= -github.com/manifoldco/promptui v0.3.1/go.mod h1:zoCNXiJnyM03LlBgTsWv8mq28s7aTC71UgKasqRJHww= +github.com/manifoldco/promptui v0.8.0 h1:R95mMF+McvXZQ7j1g8ucVZE1gLP3Sv6j9vlF9kyRqQo= +github.com/manifoldco/promptui v0.8.0/go.mod h1:n4zTdgP0vr0S3w7/O/g98U+e0gwLScEXGwov2nIKuGQ= github.com/marten-seemann/qpack v0.2.1 h1:jvTsT/HpCn2UZJdP+UUB53FfUUgeOyG5K1ns0OJOGVs= github.com/marten-seemann/qpack v0.2.1/go.mod h1:F7Gl5L1jIgN1D11ucXefiuJS9UMVP2opoCp2jDKb7wc= github.com/marten-seemann/qtls-go1-15 v0.1.4 h1:RehYMOyRW8hPVEja1KBVsFVNSm35Jj9Mvs5yNoZZ28A= github.com/marten-seemann/qtls-go1-15 v0.1.4/go.mod h1:GyFwywLKkRt+6mfU99csTEY1joMZz5vmB1WNZH3P81I= github.com/marten-seemann/qtls-go1-16 v0.1.3 h1:XEZ1xGorVy9u+lJq+WXNE+hiqRYLNvJGYmwfwKQN2gU= github.com/marten-seemann/qtls-go1-16 v0.1.3/go.mod h1:gNpI2Ol+lRS3WwSOtIUUtRwZEQMXjYK+dQSBFbethAk= +github.com/marten-seemann/qtls-go1-17 v0.1.0-alpha.1 h1:LRFa3YRSlOAf9y56Szfhlh60CQrIMBSK/rneZD1gtuk= +github.com/marten-seemann/qtls-go1-17 v0.1.0-alpha.1/go.mod h1:lQDiKZDfPagLmg1zMtEgoBMSTAORq6M08lBogD5FtBY= github.com/matoous/godox v0.0.0-20190911065817-5d6d842e92eb/go.mod h1:1BELzlh859Sh1c6+90blK8lbYy0kwQf1bYlBhBysy1s= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= @@ -449,9 +431,8 @@ github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hd github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= -github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= -github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= +github.com/mattn/go-sqlite3 v1.9.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc= github.com/mattn/go-sqlite3 v1.10.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc= github.com/mattn/goveralls v0.0.2/go.mod h1:8d1ZMHsd7fW6IRPKQh46F2WRpyib5/X4FOpevwGNQEw= github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU= @@ -459,21 +440,16 @@ github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5 github.com/mholt/acmez v0.1.3 h1:J7MmNIk4Qf9b8mAGqAh4XkNeowv3f1zW816yf4zt7Qk= github.com/mholt/acmez v0.1.3/go.mod h1:8qnn8QA/Ewx8E3ZSsmscqsIjhhpxuy9vqdgbX2ceceM= github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4= -github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/dns v1.1.30 h1:Qww6FseFn8PRfw07jueqIXqodm0JKiiKuK0DeXSqfyo= github.com/miekg/dns v1.1.30/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM= github.com/miekg/pkcs11 v1.0.2/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= -github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= +github.com/miekg/pkcs11 v1.0.3-0.20190429190417-a667d056470f/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/mitchellh/copystructure v1.0.0 h1:Laisrj+bAB6b/yJwB5Bt3ITZhGJdqmxquMKeZ+mmkFQ= github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-ps v0.0.0-20170309133038-4fdf99ab2936/go.mod h1:r1VsdOzOPt1ZSrGZWFoNhsAedKnEd6r9Np1+5blZCWk= github.com/mitchellh/go-ps v0.0.0-20190716172923-621e5597135b/go.mod h1:r1VsdOzOPt1ZSrGZWFoNhsAedKnEd6r9Np1+5blZCWk= -github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= -github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= -github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= -github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v0.0.0-20180220230111-00c29f56e238/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/reflectwalk v1.0.0 h1:9D+8oIskB4VJBN5SFlmc27fSlIBZaov1Wpk/IfikLNY= @@ -492,13 +468,6 @@ github.com/naoina/go-stringutil v0.1.0 h1:rCUeRUHjBjGTSHl0VC00jUPLz8/F9dDzYI70Hz github.com/naoina/go-stringutil v0.1.0/go.mod h1:XJ2SJL9jCtBh+P9q5btrd/Ylo8XwT/h1USek5+NqSA0= github.com/naoina/toml v0.1.1 h1:PT/lllxVVN0gzzSqSlHEmP8MJB4MY2U7STGxiouV4X8= github.com/naoina/toml v0.1.1/go.mod h1:NBIhNtsFMo3G2szEBne+bO4gS192HuIYRqfvOWb4i1E= -github.com/nats-io/jwt v0.3.0/go.mod h1:fRYCDE99xlTsqUzISS1Bi75UBJ6ljOJQOAAu5VglpSg= -github.com/nats-io/jwt v0.3.2/go.mod h1:/euKqTS1ZD+zzjYrY7pseZrTtWQSjujC7xjPc8wL6eU= -github.com/nats-io/nats-server/v2 v2.1.2/go.mod h1:Afk+wRZqkMQs/p45uXdrVLuab3gwv3Z8C4HTBu8GD/k= -github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzEE/Zbp4w= -github.com/nats-io/nkeys v0.1.0/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= -github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= -github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c= github.com/nbutton23/zxcvbn-go v0.0.0-20160627004424-a22cb81b2ecd/go.mod h1:o96djdrsSGy3AWPyBgZMAGfxZNfgntdJG+11KU4QvbU= github.com/nbutton23/zxcvbn-go v0.0.0-20171102151520-eafdab6b0663/go.mod h1:o96djdrsSGy3AWPyBgZMAGfxZNfgntdJG+11KU4QvbU= github.com/nbutton23/zxcvbn-go v0.0.0-20180912185939-ae427f1e4c1d/go.mod h1:o96djdrsSGy3AWPyBgZMAGfxZNfgntdJG+11KU4QvbU= @@ -506,102 +475,66 @@ github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJE github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM= github.com/newrelic/go-agent v2.15.0+incompatible/go.mod h1:a8Fv1b/fYhFSReoTU6HDkTYIMZeSVNffmoS726Y0LzQ= github.com/ngdinhtoan/glide-cleanup v0.2.0/go.mod h1:UQzsmiDOb8YV3nOsCxK/c9zPpCZVNoHScRE3EO9pVMM= -github.com/nkovacs/streamquote v0.0.0-20170412213628-49af9bddb229/go.mod h1:0aYXnNPJ8l7uZxf45rWW1a/uME32OF0rhiYGNQ2oF2E= github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= -github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtbWGs= -github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= -github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= github.com/olekukonko/tablewriter v0.0.1/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= -github.com/olekukonko/tablewriter v0.0.4/go.mod h1:zq6QwlOf5SlnkVbMSr5EoBv3636FWnp+qbPhuoO21uA= github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.14.0 h1:2mOpI4JVVPBN+WQRa0WKH2eXR+Ey+uK4n7Zj0aYpIQA= github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.4.2/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= -github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= -github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.8.1/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA= github.com/onsi/gomega v1.10.1 h1:o0+MgICZLuZ7xjH7Vx6zS/zcu93/BEp1VwkIW1mEXCE= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= -github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis= -github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74= -github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= -github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= -github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5/go.mod h1:/wsWhb9smxSfWAKL3wpBW7V8scJMt8N8gnaMCS9E/cA= github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8= -github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw= -github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= -github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= -github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM= -github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= github.com/pelletier/go-toml v1.1.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= -github.com/pelletier/go-toml v1.6.0/go.mod h1:5N711Q9dKgbdkxHL+MEfF31hpT7l0S0s/t2kKREewys= -github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac= -github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= -github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/pquerna/otp v1.0.0/go.mod h1:Zad1CMQfSQZI5KLpahDiSUX4tMMREnXw98IvL1nhgMk= github.com/prometheus/client_golang v0.8.0/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= -github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs= github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= github.com/prometheus/client_golang v0.9.4/go.mod h1:oCXIBxdI62A4cR6aTRJCgetEjecSIYzOEaeAn4iYEpM= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= -github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= -github.com/prometheus/client_golang v1.9.0 h1:Rrch9mh17XcxvEu9D9DEpb4isxjGBtcevQjKvxPRQIU= -github.com/prometheus/client_golang v1.9.0/go.mod h1:FqZLKOZnGdFAhOK4nqGHa7D66IdsO+O441Eve7ptJDU= +github.com/prometheus/client_golang v1.10.1-0.20210603120351-253906201bda h1:3W1P84xhSTIfDWfFnKN84yPp6iPXmvSgwfQe4heKOM8= +github.com/prometheus/client_golang v1.10.1-0.20210603120351-253906201bda/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= -github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= -github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= -github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA= github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= -github.com/prometheus/common v0.15.0 h1:4fgOnadei3EZvgRwxJ7RMpG1k1pOZth5Pc13tyspaKM= -github.com/prometheus/common v0.15.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s= +github.com/prometheus/common v0.26.0 h1:iMAkS2TDoNWnKM+Kopnx/8tnEStIfpYA0ur0xQzzhMQ= +github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= -github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= -github.com/prometheus/procfs v0.2.0 h1:wH4vA7pcjKuZzjF7lM8awk4fnuJO6idemZXoKnULUx4= -github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= +github.com/prometheus/procfs v0.6.0 h1:mxy4L2jP6qMonqmq+aTtOx1ifVWUgG/TAmntgbh3xv4= +github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/quasilyte/go-consistent v0.0.0-20190521200055-c6f3937de18c/go.mod h1:5STLWrekHfjyYwxBRVRXNOSewLJ3PWfDJd1VyTS21fI= -github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= -github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/rogpeppe/go-internal v1.3.2/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rs/cors v1.6.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= github.com/rs/xid v1.2.1 h1:mhH9Nq+C1fY2l1XIpgxIiUOfNpRBYH1kKcr+qfKgjRc= github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ= @@ -609,19 +542,17 @@ github.com/russross/blackfriday v1.5.2 h1:HyvC0ARfnZBqnXwABFeSZHpKvJHJJfPz81GNue github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/ryanuber/go-glob v0.0.0-20170128012129-256dc444b735/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= github.com/samfoo/ansi v0.0.0-20160124022901-b6bd2ded7189 h1:CmSpbxmewNQbzqztaY0bke1qzHhyNyC29wYgh17Gxfo= github.com/samfoo/ansi v0.0.0-20160124022901-b6bd2ded7189/go.mod h1:UUwuHEJ9zkkPDxspIHOa59PUeSkGFljESGzbxntLmIg= -github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= -github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= -github.com/securego/gosec v0.0.0-20191002120514-e680875ea14d/go.mod h1:w5+eXa0mYznDkHaMCXA4XYffjlH+cy1oyKbfzJXa2Do= -github.com/securego/gosec v0.0.0-20200106085552-9cb83e10afad/go.mod h1:7fJLcv5NlMd4t9waQEDLgpZeE3nv4D5DMz5JuZZGufg= +github.com/securego/gosec v0.0.0-20200103095621-79fbf3af8d83/go.mod h1:vvbZ2Ae7AzSq3/kywjUDxSNq2SJ27RxCz2un0H3ePqE= github.com/sergi/go-diff v1.0.0 h1:Kpca3qRNrduNnOQeazBd0ysaKrUJiIuISHxogkT9RPQ= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/shirou/gopsutil v0.0.0-20180427012116-c95755e4bcd7/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA= github.com/shirou/gopsutil v0.0.0-20190901111213-e4ec7b275ada/go.mod h1:WWnYX4lzhCH5h/3YBfyVA3VbLYjlMZZAQcW9ojMexNc= github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4/go.mod h1:qsXQc7+bwAM3Q1u/4XEfrquwF8Lw7D7y5cD8CuHnfIc= +github.com/shopspring/decimal v1.2.0 h1:abSATXmQEYyShuxI4/vyW3tV1MrKAJzCZ/0zLUXYbsQ= +github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/shurcooL/component v0.0.0-20170202220835-f88ec8f54cc4/go.mod h1:XhFIlyj5a1fBNx5aJTbKoIq0mNaPvOagO+HjB3EtxrY= github.com/shurcooL/events v0.0.0-20181021180414-410e4ca65f48/go.mod h1:5u70Mqkb5O5cxEA8nxTsgrgLehJeAw6Oc4Ab1c/P1HM= github.com/shurcooL/github_flavored_markdown v0.0.0-20181002035957-2122de532470/go.mod h1:2dOwnU2uBioM+SGy2aZoq1f/Sd1l9OkAeAUvjSyvgU0= @@ -654,19 +585,16 @@ github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6Mwd github.com/sirupsen/logrus v1.6.0 h1:UBcNElsrwanuuMsnGSlYmtmgbb23qDR5dG+6X6Oo89I= github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/smallstep/assert v0.0.0-20180720014142-de77670473b5/go.mod h1:TC9A4+RjIOS+HyTH7wG17/gSqVv95uDw2J64dQZx7RE= -github.com/smallstep/assert v0.0.0-20200103212524-b99dc1097b15/go.mod h1:MyOHs9Po2fbM1LHej6sBUT8ozbxmMOFG+E+rx/GSGuc= github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262 h1:unQFBIznI+VYD1/1fApl1A+9VcBk+9dcqGfnePY87LY= github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262/go.mod h1:MyOHs9Po2fbM1LHej6sBUT8ozbxmMOFG+E+rx/GSGuc= -github.com/smallstep/certificates v0.15.0/go.mod h1:awyVXYIVn4J9ANSSnDuA3FjKia7+QixaqorGW8CKGq8= -github.com/smallstep/certificates v0.15.1/go.mod h1:hDmNejfuVTDDe1NBIKrhL9xjELRJb2ZFM+bDXwSW9xI= -github.com/smallstep/certificates v0.15.4 h1:bBGb2GqrQ8wKHVOhcUfgRlaTHsO1S5rqsq/z93/mRSc= -github.com/smallstep/certificates v0.15.4/go.mod h1:uMrxSjDsPBxCPLV58WQhj3L1R3zdnW7mvJloiC+cyws= -github.com/smallstep/certinfo v1.3.0/go.mod h1:1gQJekdPwPvUwFWGTi7bZELmQT09cxC9wJ0VBkBNiwU= -github.com/smallstep/cli v0.15.0/go.mod h1:trYpP49s+XF4fROcNgmPi4yO1EIKfqsc/eEck6SosO4= -github.com/smallstep/cli v0.15.2 h1:bOrYD1w0Vu82XN3r7mHuXoEI9RyczHyzKjzDHQ7V7EE= -github.com/smallstep/cli v0.15.2/go.mod h1:7SDI+reLecUkYdaluSt3ASH2vQYHxdeMXtsIGD9AQXA= -github.com/smallstep/nosql v0.3.0 h1:V1X5vfDsDt89499h3jZFUlR4VnnsYYs5tXaQZ0w8z5U= -github.com/smallstep/nosql v0.3.0/go.mod h1:QG7gNOpidifn99MjZaiNbm7HPesIyBd97F/OfacNz8Q= +github.com/smallstep/certificates v0.15.14/go.mod h1:1L10hpdBHF2U88GVrA77qAJG7wjnacIr+sgBfIDdzDE= +github.com/smallstep/certificates v0.15.15 h1:k9LUlLibqth02HZN4QDWDKMZDWu6oko4RgcTCpV8rOs= +github.com/smallstep/certificates v0.15.15/go.mod h1:1L10hpdBHF2U88GVrA77qAJG7wjnacIr+sgBfIDdzDE= +github.com/smallstep/certinfo v1.5.0/go.mod h1:UWVjfGJeUc8O9PDR6VqI2CgWrQbF1HNMld1BSarYV2Q= +github.com/smallstep/cli v0.15.16 h1:K3YQxfK3GrcJTiikkNFhFTWVR8qPR2ftROfWDFGphqM= +github.com/smallstep/cli v0.15.16/go.mod h1:HU1iYqmiz28BSjC38zX9zpcfI+3Yi0DTPuDGeeoWjeU= +github.com/smallstep/nosql v0.3.6 h1:cq6a3NwjFJxkVlWU1T4qGskcfEXr0fO1WqQrraDO1Po= +github.com/smallstep/nosql v0.3.6/go.mod h1:h1zC/Z54uNHc8euquLED4qJNCrMHd3nytA141ZZh4qQ= github.com/smallstep/truststore v0.9.6 h1:vNzEJmaJL0XOZD8uouXLmYu4/aP1UQ/wHUopH3qKeYA= github.com/smallstep/truststore v0.9.6/go.mod h1:HwHKRcBi0RUxxw1LYDpTRhYC4jZUuxPpkHdVonlkoDM= github.com/smallstep/zcrypto v0.0.0-20200203191936-fbc32cf76bce/go.mod h1:+F24VU3UCxfVFvvqgm5jNUFQOm/L6ed13ImwWGFgg/g= @@ -674,7 +602,6 @@ github.com/smallstep/zlint v0.0.0-20180727184541-d84eaafe274f/go.mod h1:GeHHT7sJ github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= -github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d/go.mod h1:UdhH50NIW0fCiwBSr0co2m7BnFLdv4fQTgdqdJTHFeE= github.com/sourcegraph/go-diff v0.5.1/go.mod h1:j2dHj3m8aZgQO8lMTcTnBcXkRRRqi34cd2MNlA9u1mE= github.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e/go.mod h1:HuIsMU8RRBOtsCgI77wP899iHVBQpCmg4ErYMZB+2IA= @@ -683,55 +610,52 @@ github.com/spaolacci/murmur3 v1.1.0 h1:7c1g84S4BPRrfL5Xrdp6fOJ206sU9y293DDHaoy0b github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/afero v1.1.0/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= -github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= github.com/spf13/cast v1.2.0/go.mod h1:r2rcYCSwa1IExKTDiTfzaxqT2FNHs8hODu4LnUfgKEg= github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cast v1.3.1 h1:nFm6S0SMdyzrzcmThSipiEubIDy8WEXKNZ0UOgiRpng= github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cobra v0.0.2/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= -github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= github.com/spf13/jwalterweatherman v0.0.0-20180109140146-7c0cea34c8ec/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= -github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/viper v1.0.2/go.mod h1:A8kyI5cUJhb8N+3pkfONlcEcZbueH6nhAm0Fq7SrnBM= github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= github.com/spf13/viper v1.6.1/go.mod h1:t3iDnF5Jlj76alVNuyFBk5oUMCvsrkbvZK0WQdfDi5k= -github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= -github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= -github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI= +github.com/stoewer/go-strcase v1.2.0 h1:Z2iHWqGXH00XYgqDmNgQbIBxf3wrNq0F3feEy0ainaU= +github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= -github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= +github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= +github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cbyO7IOYJZWg1U88JhDg3PB6klq9Hg2pA= +github.com/thales-e-security/pool v0.0.2/go.mod h1:qtpMm2+thHtqhLzTwgDBj/OuNnMpupY8mv0Phz0gjhU= github.com/timakin/bodyclose v0.0.0-20190721030226-87058b9bfcec/go.mod h1:Qimiffbc6q9tBWlVV6x0P9sat/ao1xEkREYPPj9hphk= github.com/timakin/bodyclose v0.0.0-20190930140734-f7f2e9bca95e/go.mod h1:Qimiffbc6q9tBWlVV6x0P9sat/ao1xEkREYPPj9hphk= -github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce/go.mod h1:o8v6yHRoik09Xen7gje4m9ERNah1d1PPsVq1VEx9vE4= -github.com/tommy-muehle/go-mnd v1.1.1/go.mod h1:dSUh0FtTP8VhvkL1S+gUR1OKd9ZnSaozuI6r3m6wOig= +github.com/tommy-muehle/go-mnd v1.3.1-0.20200224220436-e6f9a994e8fa/go.mod h1:dSUh0FtTP8VhvkL1S+gUR1OKd9ZnSaozuI6r3m6wOig= github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= github.com/ultraware/funlen v0.0.1/go.mod h1:Dp4UiAus7Wdb9KUZsYWZEWiRzGuM2kXM1lPbfaF6xhA= github.com/ultraware/funlen v0.0.2/go.mod h1:Dp4UiAus7Wdb9KUZsYWZEWiRzGuM2kXM1lPbfaF6xhA= github.com/ultraware/whitespace v0.0.4/go.mod h1:aVMh/gQve5Maj9hQ/hg+F75lr/X5A89uZnzAmWSineA= github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= -github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= -github.com/urfave/cli v1.22.2 h1:gsqYFH8bb9ekPA12kRo0hfjngWQjkJPlN9R0N78BoUo= github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= +github.com/urfave/cli v1.22.4 h1:u7tSpNPPswAFymm8IehJhy4uJMlUuU/GmqSkvJ1InXA= +github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/uudashr/gocognit v1.0.1/go.mod h1:j44Ayx2KW4+oB6SWMv8KsmHzZrOInQav7D3cQMJ5JUM= github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= github.com/valyala/fasthttp v1.2.0/go.mod h1:4vX61m6KN+xDduDNwXrhIAVZaZaZiQ1luJk8LWSxF3s= -github.com/valyala/fasttemplate v1.0.1/go.mod h1:UQGH1tvbgY+Nz5t2n7tXsz52dQxojPUpymEIMZ47gx8= github.com/valyala/quicktemplate v1.1.1/go.mod h1:EH+4AkTd43SvgIbQHYu59/cJyxDoOVRUAfrukLPuGJ4= github.com/valyala/quicktemplate v1.2.0/go.mod h1:EH+4AkTd43SvgIbQHYu59/cJyxDoOVRUAfrukLPuGJ4= github.com/valyala/tcplisten v0.0.0-20161114210144-ceec8f93295a/go.mod h1:v3UYOV9WzVtRmSR+PDvWpU/qWl4Wa5LApYYX4ZtKbio= @@ -740,11 +664,16 @@ github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMI github.com/weppos/publicsuffix-go v0.4.0/go.mod h1:z3LCPQ38eedDQSwmsSRW4Y7t2L8Ln16JPQ02lHAdn5k= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= -github.com/yuin/goldmark v1.1.22/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.2.1 h1:ruQGxdhGHe7FWOJPT0mKs5+pD2Xs1Bm/kdGlHO04FmM= +github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark-highlighting v0.0.0-20200307114337-60d527fdb691 h1:VWSxtAiQNh3zgHJpdpkpVYjTPqRE3P6UZCOPa1nRDio= -github.com/yuin/goldmark-highlighting v0.0.0-20200307114337-60d527fdb691/go.mod h1:YLF3kDffRfUH/bTxOxHhV6lxwIB3Vfj91rEwNMS9MXo= +github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +github.com/yuin/goldmark v1.3.6/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +github.com/yuin/goldmark v1.3.7 h1:NSaHgaeJFCtWXCBkBKXw0rhgMuJ0VoE9FB5mWldcrQ4= +github.com/yuin/goldmark v1.3.7/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +github.com/yuin/goldmark-highlighting v0.0.0-20210516132338-9216f9c5aa01 h1:0SJnXjE4jDClMW6grE0xpNhwpqbPwkBTn8zpVw5C0SI= +github.com/yuin/goldmark-highlighting v0.0.0-20210516132338-9216f9c5aa01/go.mod h1:TwKQPa5XkCCRC2GRZ5wtfNUTQ2+9/i19mGRijFeJ4BE= github.com/zmap/rc2 v0.0.0-20131011165748-24b9757f5521/go.mod h1:3YZ9o3WnatTIZhuOtot4IcUfzoKVjUHqu6WALIyI0nE= github.com/zmap/rc2 v0.0.0-20190804163417-abaa70531248/go.mod h1:3YZ9o3WnatTIZhuOtot4IcUfzoKVjUHqu6WALIyI0nE= github.com/zmap/zcertificate v0.0.0-20180516150559-0e3d58b1bac4/go.mod h1:5iU54tB79AMBcySS0R2XIyZBAVmeHranShAFELYx7is= @@ -752,66 +681,63 @@ github.com/zmap/zcertificate v0.0.0-20190521191901-30e388164f71/go.mod h1:gIZi1K github.com/zmap/zcrypto v0.0.0-20190329181646-dff83107394d/go.mod h1:ix3q2kpLy0ibAuFXlr7qOhPKwFRRSjuynGuTR8EUPCk= github.com/zmap/zlint v0.0.0-20190516161541-9047d02cf65a/go.mod h1:xwLbce0UzBXp44sIAL1cii+hoK8j4AxRKlymZA2AIcY= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= -go.etcd.io/bbolt v1.3.3 h1:MUGmc65QhB3pIlaQ5bB4LwqSj6GIonVJXpZiaKNyaKk= -go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= -go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg= +go.etcd.io/bbolt v1.3.5 h1:XAzx9gjCb0Rxj7EoqcClPD1d5ZBxZJk0jbuoPHenBt0= +go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ= go.etcd.io/etcd v3.3.13+incompatible/go.mod h1:yaeTdrJi5lOmYerz05bd8+V7KubZs8YSFZfzsF9A6aI= -go.etcd.io/etcd v3.3.18+incompatible/go.mod h1:yaeTdrJi5lOmYerz05bd8+V7KubZs8YSFZfzsF9A6aI= +go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk= go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= -go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= -go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= -go.opencensus.io v0.22.2 h1:75k/FF0Q2YM8QYo07VPddOLBslDt1MZOdEslOHvmzAs= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.step.sm/crypto v0.0.0-20200805202904-ec18b6df3cf0/go.mod h1:8VYxmvSKt5yOTBx3MGsD2Gk4F1Es/3FIxrjnfeYWE8U= -go.step.sm/crypto v0.1.1/go.mod h1:cIoSWTfTQ5xqvwTeZH9ZXZzi6jdMepjK4A/TDWMUvw8= -go.step.sm/crypto v0.2.0/go.mod h1:YNLnHj4JgABFoRkUq8brkscIB9THdiJUFoDxLQw1tww= -go.step.sm/crypto v0.6.0 h1:fbGUG5VJmDetC+RQ/T0tb6Sx0wCOgqKZcZYzTpUa7eo= -go.step.sm/crypto v0.6.0/go.mod h1:AKS4yMZVZD4EGjpSkY4eibuMenrvKCscb+BpWMet8c0= -go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= +go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= +go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= +go.opencensus.io v0.22.5 h1:dntmOdLpSpHlVqbW5Eay97DelsZHe+55D+xC6i0dDS0= +go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= +go.step.sm/cli-utils v0.2.0 h1:hpVu9+6dpv/7/Bd8nGJFc3V+gQ+TciSJRTu9TavDUQ4= +go.step.sm/cli-utils v0.2.0/go.mod h1:+t4qCp5NO+080DdGkJxEh3xL5S4TcYC2JTPLMM72b6Y= +go.step.sm/crypto v0.6.1/go.mod h1:AKS4yMZVZD4EGjpSkY4eibuMenrvKCscb+BpWMet8c0= +go.step.sm/crypto v0.8.0 h1:S4qBPyy3hR7KWLybSkHB0H14pwFfYkom4RZ96JzmXig= +go.step.sm/crypto v0.8.0/go.mod h1:+CYG05Mek1YDqi5WK0ERc6cOpKly2i/a5aZmU1sfGj0= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= -go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= -go.uber.org/atomic v1.5.1/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= -go.uber.org/atomic v1.6.0 h1:Ezj3JGmsOnG1MoRWQkPBsKLe9DwWD9QeXzTRzzldNVk= go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= +go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw= +go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= -go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= -go.uber.org/multierr v1.4.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= -go.uber.org/multierr v1.5.0 h1:KCa4XfM8CWFCpxXRGok+Q0SS/0XBhMDbHHGABQLvD2A= go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU= -go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee h1:0mgffUl7nfd+FpvXMVz4IDEaUSmT1ysygQC7qYo7sG4= +go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4= +go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= -go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= go.uber.org/zap v1.15.0/go.mod h1:Mb2vm2krFEG5DV0W9qcHBYFtp/Wku1cvYaqPsS/WYfc= -go.uber.org/zap v1.16.0 h1:uFRZXykJGK9lLY4HtgSw44DnIcAM+kRBP7x5m+NpAOM= -go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ= +go.uber.org/zap v1.17.0 h1:MTjgFu6ZLKvY6Pvaqk97GlxNBuMpV4Hy/3P6tRGlI2U= +go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE= golang.org/x/build v0.0.0-20190111050920-041ab4dc3f9d/go.mod h1:OWs+y06UdEOHN4y+MfF/py+xQ/tYqIWW03b70/CG9Rw= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20191227163750-53104e6ec876/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200221231518-2aa609cf4a9d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20200709230013-948cd5f35899/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de h1:ikNHVSjEfnvz6sxdSPCaPt572qowuyMDMJLLm3Db3ig= golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a h1:kr2P4QFmQr29mSLA43kwrOcgcReGTfbE9N577tCTuBc= +golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= +golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= +golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= +golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= +golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= +golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -822,27 +748,29 @@ golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHl golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f h1:J5lckAjkw6qYlOZNj90mLYNTEKDvWeuc1yieZ8qUzUE= golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= +golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= +golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= +golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20170915142106-8351a756f30f/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180911220305-26e67e76b6c3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181029044818-c44066c5c816/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181106065722-10aee1819953/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190301231341-16b79f2e4e95/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= @@ -854,40 +782,56 @@ golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191002035440-2ec189313ef0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20201110031124-69a78807bb2b h1:uwuIcX0g4Yl1NC5XAz37xsr2lTtcqevgzYNVt49waME= -golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20201010224723-4f7140c49acb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= +golang.org/x/net v0.0.0-20210525063256-abc453219eb5 h1:wjuX4b5yYQnEQHzd+CBcrcC6OVR2J1CN6mUy0oSxIPo= +golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6 h1:pE8b58s1HRDMi8RDc79m0HISf9D4TzseP40cEA6IGfs= golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43 h1:ld7aEMNHoBnnDAX15v1T6z31v8HwR2A9FYOuAhWqkwc= +golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/perf v0.0.0-20180704124530-6e6d33e29852/go.mod h1:JLpeXjPJfIyPr5TlbXLkXWLhP8nz10XfvxElABhCtcw= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e h1:vcxGaoTs7kV8m5Np9uUNQin4BrLOthgV7252N8V+FwY= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ= +golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20171026204733-164713f0dfce/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180202135801-37707fdb30a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181029174526-d69651ed3497/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -906,38 +850,57 @@ golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190626221950-04f50cda93cb/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191220142924-d4481acd189f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200413165638-669c56c373c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200828194041-157a740278f4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201214210602-f9fddec55a1e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201231184435-2d18734c6014 h1:joucsQqXmyBVxViHCPFjG3hx8JzIFSaym3l3MM/Jsdg= golang.org/x/sys v0.0.0-20201231184435-2d18734c6014/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/term v0.0.0-20210317153231-de623e64d2a6 h1:EC6+IGYTjPpRfv9a2b/6Puw0W+hLtAhkV1tPsXhutqs= -golang.org/x/term v0.0.0-20210317153231-de623e64d2a6/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40 h1:JWgyZ1qgdTaF3N3oxC+MdTV7qvEEgHo3otj+HB5CM7Q= +golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210503060354-a79de5458b56 h1:b8jxX3zqjpqb2LklXPzKSGJhzyxCOZSz8ncv8Nv+y7w= +golang.org/x/term v0.0.0-20210503060354-a79de5458b56/go.mod h1:tfny5GFUkzUvx4ps4ajbZsCe5lw1metzhBm9T3x7oIY= +golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.0.0-20170915090833-1cbadb444a80/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= -golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M= +golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -948,7 +911,6 @@ golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGm golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181030000716-a0a13e073c7b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181117154741-2ddaf7f79a09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190110163146-51295c7ec13a/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -972,44 +934,80 @@ golang.org/x/tools v0.0.0-20190719005602-e377ae9d6386/go.mod h1:jcCCGcm9btYwXyDq golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190909030654-5b82db07426d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190910044552-dd2b5c81c578/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20190911151314-feee8acb394c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20190930201159-7c411dea38b0/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191113232020-e2727e816f5a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200106190116-7be0a674c9fc h1:MR2F33ipDGog0C4eMhU6u9o3q6c3dvYis2aG6Jl12Wg= -golang.org/x/tools v0.0.0-20200106190116-7be0a674c9fc/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200102140908-9497f49d5709/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200204192400-7124308813f3/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= +golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= +golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= +golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= +golang.org/x/tools v0.0.0-20201017001424-6003fad69a88/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU= +golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/api v0.0.0-20180910000450-7ca32eb868bf/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= google.golang.org/api v0.0.0-20181030000543-1d582fd0359e/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= google.golang.org/api v0.1.0/go.mod h1:UGEZY7KEX120AnNLIHFMKIo4obdJhkp2tPbaPlQx13Y= -google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.5.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.6.0/go.mod h1:btoxGiFvQNVUZQ8W08zLtrVS08CNpINPEfxXxgJL1Q4= google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.15.0 h1:yzlyyDW/J0w8yNFJIhiAJy4kq74S+1DOLdawELNxFMA= +google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= +google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= +google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= +google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= +google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= +google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= +google.golang.org/api v0.33.0 h1:+gL0XvACeMIvpwLZ5rQZzLn5cwOsgg8dIcfJ2SYfBVw= +google.golang.org/api v0.33.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= -google.golang.org/appengine v1.6.5 h1:tycE03LOZYQNhDpS27tcQdAzLCVMaj7QT2SXxebnpCM= google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/appengine v1.6.6 h1:lMO5rYAqUxkmaj76jAkRUvt5JZgFymx/+Q5Mzfivuhc= +google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20180831171423-11092d34479b/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20181029155118-b69ba1387ce2/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= @@ -1019,34 +1017,57 @@ google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRn google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190530194941-fb225487d101/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= google.golang.org/genproto v0.0.0-20190605220351-eb0b1bdb6ae6/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= -google.golang.org/genproto v0.0.0-20190927181202-20e1ac93f88c/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= +google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= +google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200416231807-8751e049a2a0/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20200806141610-86f49bd18e98 h1:LCO0fg4kb6WwkXQXRQQgUYsFeFb5taTX5WAx5O/Vt28= -google.golang.org/genproto v0.0.0-20200806141610-86f49bd18e98/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= +google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201102152239-715cce707fb0/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c h1:wtujag7C+4D6KMoulW9YauvK2lgdvCMS260jsqqBXr0= +google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= -google.golang.org/grpc v1.22.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.24.0/go.mod h1:XDChyiUovWa60DnaeDeZmSW86xtLtjtZbwvSiRnRtcA= +google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.1 h1:zvIju4sqAGvwKspUQOhwnpcqSbzi7/H6QomNNjTL4sk= google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= +google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= +google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= +google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= +google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= +google.golang.org/grpc v1.32.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= +google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= +google.golang.org/grpc v1.38.0 h1:/9BgsAsa5nWe26HqOlvlgJnqBuktYOLCgjCPqsa56W0= +google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -1055,59 +1076,61 @@ google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzi google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.24.0 h1:UhZDfRO8JRQru4/+LlLE0BRKGF8L+PICnvYZmx/fEGA= google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= +google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= +google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= +google.golang.org/protobuf v1.26.0 h1:bxAC2xTBsZGibn2RTntX0oH50xLsqy1OxA9tTL3p/lk= +google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= gopkg.in/cheggaaa/pb.v1 v1.0.28/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= -gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o= gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/ini.v1 v1.51.1/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/natefinch/lumberjack.v2 v2.0.0 h1:1Lc07Kr7qY4U2YPouBjpCLxpiyxIVoxqXgkXLknAOE8= gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= -gopkg.in/square/go-jose.v2 v2.4.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/square/go-jose.v2 v2.5.1 h1:7odma5RETjNHWJnR32wx8t+Io4djHE1PqxCFx3iiZ2w= gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= -gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo= +gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= grpc.go4.org v0.0.0-20170609214715-11d0a25b4919/go.mod h1:77eQGdRu53HpSqPFJFmuJdjuHRquDANNeA4x7B8WQ9o= honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.1-2019.2.3 h1:3JgtbtFHMiCmsznwGVTUWbgGov+pVqnlf1dEJTNAXeM= honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= +honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= +honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= howett.net/plist v0.0.0-20181124034731-591f970eefbb h1:jhnBjNi9UFpfpl8YZhA9CrOqpnJdvzuiHsl/dnxl11M= howett.net/plist v0.0.0-20181124034731-591f970eefbb/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0= mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed/go.mod h1:Xkxe497xwlCKkIaQYRfC7CSLworTXY9RMqwhhCm+8Nc= mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b/go.mod h1:2odslEg/xrtNQqCYg2/jCoyKnw3vv5biOc3JnIcYfL4= mvdan.cc/unparam v0.0.0-20190209190245-fbb59629db34/go.mod h1:H6SUd1XjIs+qQCyskXg5OFSrilMRUkD8ePJpHKDPaeY= mvdan.cc/unparam v0.0.0-20190720180237-d51796306d8f/go.mod h1:4G1h5nDURzA3bwVMZIVpwbkw+04kSxk3rAtzlimaUJw= -mvdan.cc/unparam v0.0.0-20191111180625-960b1ec0f2c2/go.mod h1:rCqoQrfAmpTX/h2APczwM7UymU/uvaOluiVPIYCSY/k= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= -sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= -sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU= +rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= +rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= +software.sslmate.com/src/go-pkcs12 v0.0.0-20201103104416-57fc603b7f52/go.mod h1:/xvNRWUqm0+/ZMiF4EX00vrSCMsE4/NHb+Pt3freEeQ= sourcegraph.com/sourcegraph/go-diff v0.5.0/go.mod h1:kuch7UrkMzY0X+p9CRK03kfuPQ2zzQcaEFbx8wA8rck= sourcegraph.com/sqs/pbtypes v0.0.0-20180604144634-d3ebe8f20ae4/go.mod h1:ketZ/q3QxT9HOBeFhu6RdvsftgpsbFHBF5Cas6cDKZ0= -sourcegraph.com/sqs/pbtypes v1.0.0/go.mod h1:3AciMUv4qUuRHRHhOG4TZOB+72GdPVz5k+c648qsFS4= diff --git a/modules/caddyhttp/celmatcher.go b/modules/caddyhttp/celmatcher.go index bab0a075..d7d55d84 100644 --- a/modules/caddyhttp/celmatcher.go +++ b/modules/caddyhttp/celmatcher.go @@ -35,7 +35,6 @@ import ( "github.com/google/cel-go/interpreter/functions" exprpb "google.golang.org/genproto/googleapis/api/expr/v1alpha1" "google.golang.org/protobuf/proto" - timestamp "google.golang.org/protobuf/types/known/timestamppb" ) func init() { @@ -231,8 +230,7 @@ func (celTypeAdapter) NativeToValue(value interface{}) ref.Val { case pkix.Name: return celPkixName{&v} case time.Time: - // TODO: eliminate direct protobuf dependency, sigh -- just wrap stdlib time.Time instead... - return types.Timestamp{Timestamp: ×tamp.Timestamp{Seconds: v.Unix(), Nanos: int32(v.Nanosecond())}} + return types.Timestamp{Time: v} case error: types.NewErr(v.Error()) } diff --git a/modules/caddypki/acmeserver/acmeserver.go b/modules/caddypki/acmeserver/acmeserver.go index f5c013b0..e6399eaa 100644 --- a/modules/caddypki/acmeserver/acmeserver.go +++ b/modules/caddypki/acmeserver/acmeserver.go @@ -29,6 +29,7 @@ import ( "github.com/go-chi/chi" "github.com/smallstep/certificates/acme" acmeAPI "github.com/smallstep/certificates/acme/api" + acmeNoSQL "github.com/smallstep/certificates/acme/db/nosql" "github.com/smallstep/certificates/authority" "github.com/smallstep/certificates/authority/provisioner" "github.com/smallstep/certificates/db" @@ -138,17 +139,23 @@ func (ash *Handler) Provision(ctx caddy.Context) error { return err } - acmeAuth, err := acme.New(auth, acme.AuthorityOptions{ - DB: auth.GetDatabase().(nosql.DB), // stores all the server state - DNS: ash.Host, // used for directory links; TODO: not needed - Prefix: strings.Trim(ash.PathPrefix, "/"), // used for directory links - }) - if err != nil { - return err + var acmeDB acme.DB + if authorityConfig.DB != nil { + acmeDB, err = acmeNoSQL.New(auth.GetDatabase().(nosql.DB)) + if err != nil { + return fmt.Errorf("configuring ACME DB: %v", err) + } } // create the router for the ACME endpoints - acmeRouterHandler := acmeAPI.New(acmeAuth) + acmeRouterHandler := acmeAPI.NewHandler(acmeAPI.HandlerOptions{ + CA: auth, + DB: acmeDB, // stores all the server state + DNS: ash.Host, // used for directory links; TODO: not needed (follow-up upstream with step-ca) + Prefix: ash.PathPrefix, // used for directory links + }) + + // extract its http.Handler so we can use it directly r := chi.NewRouter() r.Route(ash.PathPrefix, func(r chi.Router) { acmeRouterHandler.Route(r) diff --git a/modules/caddytls/internalissuer.go b/modules/caddytls/internalissuer.go index a6ae587a..7a25f6d3 100644 --- a/modules/caddytls/internalissuer.go +++ b/modules/caddytls/internalissuer.go @@ -175,9 +175,7 @@ func (d customCertLifetime) Modify(cert *x509.Certificate, _ provisioner.SignOpt return nil } -const ( - defaultInternalCertLifetime = 12 * time.Hour -) +const defaultInternalCertLifetime = 12 * time.Hour // Interface guards var ( From 7b500e74b40714874278816dcce128a4b8e7389d Mon Sep 17 00:00:00 2001 From: Dave Henderson Date: Fri, 4 Jun 2021 00:19:16 -0400 Subject: [PATCH 0398/1498] metrics: use buildinfo collector from new collectors pkg (#4187) Signed-off-by: Dave Henderson --- metrics.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/metrics.go b/metrics.go index 55fb0a31..ab9d7978 100644 --- a/metrics.go +++ b/metrics.go @@ -6,12 +6,13 @@ import ( "strings" "github.com/prometheus/client_golang/prometheus" + "github.com/prometheus/client_golang/prometheus/collectors" "github.com/prometheus/client_golang/prometheus/promauto" ) // define and register the metrics used in this package. func init() { - prometheus.MustRegister(prometheus.NewBuildInfoCollector()) + prometheus.MustRegister(collectors.NewBuildInfoCollector()) const ns, sub = "caddy", "admin" From 94b712009a52fd2dba6295667d359a9a3c952d31 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Fri, 4 Jun 2021 16:15:43 -0400 Subject: [PATCH 0399/1498] logging: Actually use `level_key` (#4189) --- modules/logging/encoders.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/logging/encoders.go b/modules/logging/encoders.go index ab68f5e3..40e86bdc 100644 --- a/modules/logging/encoders.go +++ b/modules/logging/encoders.go @@ -264,6 +264,9 @@ func (lec *LogEncoderConfig) ZapcoreEncoderConfig() zapcore.EncoderConfig { if lec.MessageKey != nil { cfg.MessageKey = *lec.MessageKey } + if lec.LevelKey != nil { + cfg.LevelKey = *lec.LevelKey + } if lec.TimeKey != nil { cfg.TimeKey = *lec.TimeKey } From 2a8109468ce8520fa96e8a5139a350a1a68cbd26 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 4 Jun 2021 15:21:02 -0600 Subject: [PATCH 0400/1498] reverseproxy: Always remove hop-by-hop headers See golang/go#46313 Based on https://github.com/golang/go/commit/950fa11c4cb01a145bb07eeb167d90a1846061b3 --- modules/caddyhttp/reverseproxy/reverseproxy.go | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 671f42a2..dbbf6471 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -504,18 +504,14 @@ func (h Handler) prepareRequest(req *http.Request) error { // Remove hop-by-hop headers to the backend. Especially // important is "Connection" because we want a persistent // connection, regardless of what the client sent to us. + // Issue golang/go#46313: don't skip if field is empty. for _, h := range hopHeaders { - hv := req.Header.Get(h) - if hv == "" { - continue - } - if h == "Te" && hv == "trailers" { - // Issue golang/go#21096: tell backend applications that - // care about trailer support that we support - // trailers. (We do, but we don't go out of - // our way to advertise that unless the - // incoming client request thought it was - // worth mentioning) + // Issue golang/go#21096: tell backend applications that care about trailer support + // that we support trailers. (We do, but we don't go out of our way to + // advertise that unless the incoming client request thought it was worth + // mentioning.) + if h == "Te" && httpguts.HeaderValuesContainsToken(req.Header["Te"], "trailers") { + req.Header.Set("Te", "trailers") continue } req.Header.Del(h) From 323ffd20764e0f31a26ac700952adbb937b9eb69 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 3 Jun 2021 12:24:35 -0600 Subject: [PATCH 0401/1498] admin: Replace admin cert cache when reloading (fix #4184) --- admin.go | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/admin.go b/admin.go index 51eb0cc8..8eef9165 100644 --- a/admin.go +++ b/admin.go @@ -364,11 +364,6 @@ func manageIdentity(ctx Context, cfg *Config) error { return nil } - oldIdentityCertCache := identityCertCache - if oldIdentityCertCache != nil { - defer oldIdentityCertCache.Stop() - } - // set default issuers; this is pretty hacky because we can't // import the caddytls package -- but it works if cfg.Admin.Identity.IssuersRaw == nil { @@ -389,8 +384,13 @@ func manageIdentity(ctx Context, cfg *Config) error { } } + // we'll make a new cache when we make the CertMagic config, so stop any previous cache + if identityCertCache != nil { + identityCertCache.Stop() + } + logger := Log().Named("admin.identity") - cmCfg := cfg.Admin.Identity.certmagicConfig(logger) + cmCfg := cfg.Admin.Identity.certmagicConfig(logger, true) // issuers have circular dependencies with the configs because, // as explained in the caddytls package, they need access to the @@ -456,7 +456,7 @@ func replaceRemoteAdminServer(ctx Context, cfg *Config) error { } // create TLS config that will enforce mutual authentication - cmCfg := cfg.Admin.Identity.certmagicConfig(remoteLogger) + cmCfg := cfg.Admin.Identity.certmagicConfig(remoteLogger, false) tlsConfig := cmCfg.TLSConfig() tlsConfig.NextProtos = nil // this server does not solve ACME challenges tlsConfig.ClientAuth = tls.RequireAndVerifyClientCert @@ -499,7 +499,7 @@ func replaceRemoteAdminServer(ctx Context, cfg *Config) error { return nil } -func (ident *IdentityConfig) certmagicConfig(logger *zap.Logger) *certmagic.Config { +func (ident *IdentityConfig) certmagicConfig(logger *zap.Logger, makeCache bool) *certmagic.Config { if ident == nil { // user might not have configured identity; that's OK, we can still make a // certmagic config, although it'll be mostly useless for remote management @@ -510,7 +510,7 @@ func (ident *IdentityConfig) certmagicConfig(logger *zap.Logger) *certmagic.Conf Logger: logger, Issuers: ident.issuers, } - if identityCertCache == nil { + if makeCache { identityCertCache = certmagic.NewCache(certmagic.CacheOptions{ GetConfigForCert: func(certmagic.Certificate) (*certmagic.Config, error) { return cmCfg, nil @@ -533,7 +533,7 @@ func (ctx Context) IdentityCredentials(logger *zap.Logger) ([]tls.Certificate, e if logger == nil { logger = Log() } - magic := ident.certmagicConfig(logger) + magic := ident.certmagicConfig(logger, false) return magic.ClientCredentials(ctx, ident.Identifiers) } From 658772ff24b9e1eabf6f254d039d91e8abfcb775 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 7 Jun 2021 14:18:49 -0400 Subject: [PATCH 0402/1498] httpcaddyfile: Add `skip_install_trust` global option (#4153) Fixes https://github.com/caddyserver/caddy/issues/4002 --- caddyconfig/httpcaddyfile/options.go | 1 + caddyconfig/httpcaddyfile/pkiapp.go | 20 +++++++ .../global_options_skip_install_trust.txt | 56 +++++++++++++++++++ 3 files changed, 77 insertions(+) create mode 100644 caddytest/integration/caddyfile_adapt/global_options_skip_install_trust.txt diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go index 905ecae8..fe8e319a 100644 --- a/caddyconfig/httpcaddyfile/options.go +++ b/caddyconfig/httpcaddyfile/options.go @@ -39,6 +39,7 @@ func init() { RegisterGlobalOption("acme_dns", parseOptACMEDNS) RegisterGlobalOption("acme_eab", parseOptACMEEAB) RegisterGlobalOption("cert_issuer", parseOptCertIssuer) + RegisterGlobalOption("skip_install_trust", parseOptTrue) RegisterGlobalOption("email", parseOptSingleString) RegisterGlobalOption("admin", parseOptAdmin) RegisterGlobalOption("on_demand_tls", parseOptOnDemand) diff --git a/caddyconfig/httpcaddyfile/pkiapp.go b/caddyconfig/httpcaddyfile/pkiapp.go index 3abcc6bb..a21951db 100644 --- a/caddyconfig/httpcaddyfile/pkiapp.go +++ b/caddyconfig/httpcaddyfile/pkiapp.go @@ -27,15 +27,35 @@ func (st ServerType) buildPKIApp( pkiApp := &caddypki.PKI{CAs: make(map[string]*caddypki.CA)} + skipInstallTrust := false + if _, ok := options["skip_install_trust"]; ok { + skipInstallTrust = true + } + falseBool := false + for _, p := range pairings { for _, sblock := range p.serverBlocks { // find all the CAs that were defined and add them to the app config + // i.e. from any "acme_server" directives for _, caCfgValue := range sblock.pile["pki.ca"] { ca := caCfgValue.Value.(*caddypki.CA) + if skipInstallTrust { + ca.InstallTrust = &falseBool + } pkiApp.CAs[ca.ID] = ca } } } + // if there was no CAs defined in any of the servers, + // and we were requested to not install trust, then + // add one for the default/local CA to do so + if len(pkiApp.CAs) == 0 && skipInstallTrust { + ca := new(caddypki.CA) + ca.ID = caddypki.DefaultCAID + ca.InstallTrust = &falseBool + pkiApp.CAs[ca.ID] = ca + } + return pkiApp, warnings, nil } diff --git a/caddytest/integration/caddyfile_adapt/global_options_skip_install_trust.txt b/caddytest/integration/caddyfile_adapt/global_options_skip_install_trust.txt new file mode 100644 index 00000000..f949ac1a --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/global_options_skip_install_trust.txt @@ -0,0 +1,56 @@ +{ + skip_install_trust +} + +a.example.com { + tls internal +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "a.example.com" + ] + } + ], + "terminal": true + } + ] + } + } + }, + "pki": { + "certificate_authorities": { + "local": { + "install_trust": false + } + } + }, + "tls": { + "automation": { + "policies": [ + { + "subjects": [ + "a.example.com" + ], + "issuers": [ + { + "module": "internal" + } + ] + } + ] + } + } + } +} \ No newline at end of file From f9b54454a19e2b070159ce8d2af76d819658244e Mon Sep 17 00:00:00 2001 From: diamondburned Date: Mon, 7 Jun 2021 11:20:08 -0700 Subject: [PATCH 0403/1498] fileserver: Redirect within the original URL (#4179) This commit changes the file_server directive to redirect using the original request's URL instead of the possibly trimmed URL. This should make file_server work with handle_path. This fix is taken from mholt's comment in https://caddy.community/t/file-servers-on-different-paths-not-working/11698/11. --- modules/caddyhttp/fileserver/browse.go | 8 ++++---- modules/caddyhttp/fileserver/staticfiles.go | 14 ++++++++------ 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/modules/caddyhttp/fileserver/browse.go b/modules/caddyhttp/fileserver/browse.go index fc8bddb6..444a6562 100644 --- a/modules/caddyhttp/fileserver/browse.go +++ b/modules/caddyhttp/fileserver/browse.go @@ -47,10 +47,10 @@ func (fsrv *FileServer) serveBrowse(root, dirPath string, w http.ResponseWriter, // URL doesn't end in a trailing slash because hrefs like // "/b/c" on a path like "/a" end up going to "/b/c" instead // of "/a/b/c" - so we have to redirect in this case - if !strings.HasSuffix(r.URL.Path, "/") { - fsrv.logger.Debug("redirecting to trailing slash to preserve hrefs", zap.String("request_path", r.URL.Path)) - r.URL.Path += "/" - http.Redirect(w, r, r.URL.String(), http.StatusMovedPermanently) + oldReq := r.Context().Value(caddyhttp.OriginalRequestCtxKey).(http.Request) + if !strings.HasSuffix(oldReq.URL.Path, "/") { + fsrv.logger.Debug("redirecting to trailing slash to preserve hrefs", zap.String("request_path", oldReq.URL.Path)) + http.Redirect(w, r, oldReq.URL.Path+"/", http.StatusMovedPermanently) return nil } diff --git a/modules/caddyhttp/fileserver/staticfiles.go b/modules/caddyhttp/fileserver/staticfiles.go index f2320aab..87e0a771 100644 --- a/modules/caddyhttp/fileserver/staticfiles.go +++ b/modules/caddyhttp/fileserver/staticfiles.go @@ -243,12 +243,14 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c // trailing slash - not enforcing this can break relative hrefs // in HTML (see https://github.com/caddyserver/caddy/issues/2741) if fsrv.CanonicalURIs == nil || *fsrv.CanonicalURIs { - if implicitIndexFile && !strings.HasSuffix(r.URL.Path, "/") { - fsrv.logger.Debug("redirecting to canonical URI (adding trailing slash for directory)", zap.String("path", r.URL.Path)) - return redirect(w, r, r.URL.Path+"/") - } else if !implicitIndexFile && strings.HasSuffix(r.URL.Path, "/") { - fsrv.logger.Debug("redirecting to canonical URI (removing trailing slash for file)", zap.String("path", r.URL.Path)) - return redirect(w, r, r.URL.Path[:len(r.URL.Path)-1]) + oldReq := r.Context().Value(caddyhttp.OriginalRequestCtxKey).(http.Request) + + if implicitIndexFile && !strings.HasSuffix(oldReq.URL.Path, "/") { + fsrv.logger.Debug("redirecting to canonical URI (adding trailing slash for directory)", zap.String("path", oldReq.URL.Path)) + return redirect(w, r, oldReq.URL.Path+"/") + } else if !implicitIndexFile && strings.HasSuffix(oldReq.URL.Path, "/") { + fsrv.logger.Debug("redirecting to canonical URI (removing trailing slash for file)", zap.String("path", oldReq.URL.Path)) + return redirect(w, r, oldReq.URL.Path[:len(oldReq.URL.Path)-1]) } } From 4c2da188419cf087049a6a3d4d08a859ac94c397 Mon Sep 17 00:00:00 2001 From: Peter Magnusson Date: Mon, 7 Jun 2021 20:25:12 +0200 Subject: [PATCH 0404/1498] caddytls: Add Caddyfile support for `propagation_timeout` (#4178) * add propagation_timeout to UnmarshalCaddyfile - Closes #4177 * added caddyfile_adapt test --- .../tls_propagation_timeout.txt | 70 +++++++++++++++++++ modules/caddytls/acmeissuer.go | 16 +++++ 2 files changed, 86 insertions(+) create mode 100644 caddytest/integration/caddyfile_adapt/tls_propagation_timeout.txt diff --git a/caddytest/integration/caddyfile_adapt/tls_propagation_timeout.txt b/caddytest/integration/caddyfile_adapt/tls_propagation_timeout.txt new file mode 100644 index 00000000..5d2b643c --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/tls_propagation_timeout.txt @@ -0,0 +1,70 @@ +localhost + +respond "hello from localhost" +tls { + issuer acme { + propagation_timeout "10m0s" + } +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "localhost" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "body": "hello from localhost", + "handler": "static_response" + } + ] + } + ] + } + ], + "terminal": true + } + ] + } + } + }, + "tls": { + "automation": { + "policies": [ + { + "subjects": [ + "localhost" + ], + "issuers": [ + { + "challenges": { + "dns": { + "propagation_timeout": 600000000000 + } + }, + "module": "acme" + } + ] + } + ] + } + } + } +} \ No newline at end of file diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go index bbcd5d76..60850445 100644 --- a/modules/caddytls/acmeissuer.go +++ b/modules/caddytls/acmeissuer.go @@ -387,6 +387,22 @@ func (iss *ACMEIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return err } iss.Challenges.DNS.ProviderRaw = caddyconfig.JSONModuleObject(unm, "name", provName, nil) + case "propagation_timeout": + if !d.NextArg() { + return d.ArgErr() + } + timeoutStr := d.Val() + timeout, err := caddy.ParseDuration(timeoutStr) + if err != nil { + return d.Errf("invalid propagation_timeout duration %s: %v", timeoutStr, err) + } + if iss.Challenges == nil { + iss.Challenges = new(ChallengesConfig) + } + if iss.Challenges.DNS == nil { + iss.Challenges.DNS = new(DNSChallengeConfig) + } + iss.Challenges.DNS.PropagationTimeout = caddy.Duration(timeout) case "resolvers": if iss.Challenges == nil { From 76913b19ff053bc5b0848ce4d0bbf73698f30d93 Mon Sep 17 00:00:00 2001 From: diamondburned Date: Mon, 7 Jun 2021 16:33:54 -0700 Subject: [PATCH 0405/1498] fileserver: Fix browse not redirecting query parameters (#4196) This commit is a follow up to PR #4179 that introduced a bug where browse redirections to the right URL would not preserve query parameters. --- modules/caddyhttp/fileserver/browse.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/caddyhttp/fileserver/browse.go b/modules/caddyhttp/fileserver/browse.go index 444a6562..fa6da68d 100644 --- a/modules/caddyhttp/fileserver/browse.go +++ b/modules/caddyhttp/fileserver/browse.go @@ -50,7 +50,8 @@ func (fsrv *FileServer) serveBrowse(root, dirPath string, w http.ResponseWriter, oldReq := r.Context().Value(caddyhttp.OriginalRequestCtxKey).(http.Request) if !strings.HasSuffix(oldReq.URL.Path, "/") { fsrv.logger.Debug("redirecting to trailing slash to preserve hrefs", zap.String("request_path", oldReq.URL.Path)) - http.Redirect(w, r, oldReq.URL.Path+"/", http.StatusMovedPermanently) + oldReq.URL.Path += "/" + http.Redirect(w, r, oldReq.URL.String(), http.StatusMovedPermanently) return nil } From 1e92258dd670dc62a55b100d1e68e7f482da14a1 Mon Sep 17 00:00:00 2001 From: Klooven Date: Tue, 8 Jun 2021 23:10:37 +0300 Subject: [PATCH 0406/1498] httpcaddyfile: Add `preferred_chains` global option and issuer subdirective (#4192) * Added preferred_chains option to Caddyfile * Caddyfile adapt tests for preferred_chains --- caddyconfig/httpcaddyfile/options.go | 6 ++ caddyconfig/httpcaddyfile/tlsapp.go | 7 ++- .../global_options_preferred_chains.txt | 56 +++++++++++++++++ .../tls_acme_preferred_chains.txt | 57 +++++++++++++++++ modules/caddytls/acmeissuer.go | 62 +++++++++++++++++++ 5 files changed, 187 insertions(+), 1 deletion(-) create mode 100644 caddytest/integration/caddyfile_adapt/global_options_preferred_chains.txt create mode 100644 caddytest/integration/caddyfile_adapt/tls_acme_preferred_chains.txt diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go index fe8e319a..f693110e 100644 --- a/caddyconfig/httpcaddyfile/options.go +++ b/caddyconfig/httpcaddyfile/options.go @@ -49,6 +49,7 @@ func init() { RegisterGlobalOption("servers", parseServerOptions) RegisterGlobalOption("ocsp_stapling", parseOCSPStaplingOptions) RegisterGlobalOption("log", parseLogOptions) + RegisterGlobalOption("preferred_chains", parseOptPreferredChains) } func parseOptTrue(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { return true, nil } @@ -452,3 +453,8 @@ func parseLogOptions(d *caddyfile.Dispenser, existingVal interface{}) (interface return configValues, nil } + +func parseOptPreferredChains(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { + d.Next() + return caddytls.ParseCaddyfilePreferredChainsOptions(d) +} diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index 2510a9bf..b7a8f02d 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -321,7 +321,8 @@ func (st ServerType) buildTLSApp( globalACMECARoot := options["acme_ca_root"] globalACMEDNS := options["acme_dns"] globalACMEEAB := options["acme_eab"] - hasGlobalACMEDefaults := globalEmail != nil || globalACMECA != nil || globalACMECARoot != nil || globalACMEDNS != nil || globalACMEEAB != nil + globalPreferredChains := options["preferred_chains"] + hasGlobalACMEDefaults := globalEmail != nil || globalACMECA != nil || globalACMECARoot != nil || globalACMEDNS != nil || globalACMEEAB != nil || globalPreferredChains != nil if hasGlobalACMEDefaults { for _, ap := range tlsApp.Automation.Policies { if len(ap.Issuers) == 0 { @@ -405,6 +406,7 @@ func fillInGlobalACMEDefaults(issuer certmagic.Issuer, options map[string]interf globalACMECARoot := options["acme_ca_root"] globalACMEDNS := options["acme_dns"] globalACMEEAB := options["acme_eab"] + globalPreferredChains := options["preferred_chains"] if globalEmail != nil && acmeIssuer.Email == "" { acmeIssuer.Email = globalEmail.(string) @@ -425,6 +427,9 @@ func fillInGlobalACMEDefaults(issuer certmagic.Issuer, options map[string]interf if globalACMEEAB != nil && acmeIssuer.ExternalAccount == nil { acmeIssuer.ExternalAccount = globalACMEEAB.(*acme.EAB) } + if globalPreferredChains != nil && acmeIssuer.PreferredChains == nil { + acmeIssuer.PreferredChains = globalPreferredChains.(*caddytls.ChainPreference) + } return nil } diff --git a/caddytest/integration/caddyfile_adapt/global_options_preferred_chains.txt b/caddytest/integration/caddyfile_adapt/global_options_preferred_chains.txt new file mode 100644 index 00000000..893b34b4 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/global_options_preferred_chains.txt @@ -0,0 +1,56 @@ +{ + preferred_chains smallest +} + +localhost +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "localhost" + ] + } + ], + "terminal": true + } + ] + } + } + }, + "tls": { + "automation": { + "policies": [ + { + "subjects": [ + "localhost" + ], + "issuers": [ + { + "module": "acme", + "preferred_chains": { + "smallest": true + } + }, + { + "module": "zerossl", + "preferred_chains": { + "smallest": true + } + } + ] + } + ] + } + } + } +} diff --git a/caddytest/integration/caddyfile_adapt/tls_acme_preferred_chains.txt b/caddytest/integration/caddyfile_adapt/tls_acme_preferred_chains.txt new file mode 100644 index 00000000..d6242d7d --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/tls_acme_preferred_chains.txt @@ -0,0 +1,57 @@ +localhost + +tls { + issuer acme { + preferred_chains { + any_common_name "Generic CA 1" "Generic CA 2" + } + } +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "localhost" + ] + } + ], + "terminal": true + } + ] + } + } + }, + "tls": { + "automation": { + "policies": [ + { + "subjects": [ + "localhost" + ], + "issuers": [ + { + "module": "acme", + "preferred_chains": { + "any_common_name": [ + "Generic CA 1", + "Generic CA 2" + ] + } + } + ] + } + ] + } + } + } +} diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go index 60850445..b60e560e 100644 --- a/modules/caddytls/acmeissuer.go +++ b/modules/caddytls/acmeissuer.go @@ -265,6 +265,10 @@ func (iss *ACMEIssuer) GetACMEIssuer() *ACMEIssuer { return iss } // trusted_roots // dns [] // resolvers +// preferred_chains [smallest] { +// root_common_name +// any_common_name +// } // } // func (iss *ACMEIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { @@ -416,6 +420,13 @@ func (iss *ACMEIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return d.ArgErr() } + case "preferred_chains": + chainPref, err := ParseCaddyfilePreferredChainsOptions(d) + if err != nil { + return err + } + iss.PreferredChains = chainPref + default: return d.Errf("unrecognized ACME issuer property: %s", d.Val()) } @@ -452,6 +463,57 @@ func onDemandAskRequest(ask string, name string) error { return nil } +func ParseCaddyfilePreferredChainsOptions(d *caddyfile.Dispenser) (*ChainPreference, error) { + chainPref := new(ChainPreference) + if d.NextArg() { + smallestOpt := d.Val() + if smallestOpt == "smallest" { + trueBool := true + chainPref.Smallest = &trueBool + if d.NextArg() { // Only one argument allowed + return nil, d.ArgErr() + } + if d.NextBlock(d.Nesting()) { // Don't allow other options when smallest == true + return nil, d.Err("No more options are accepted when using the 'smallest' option") + } + } else { // Smallest option should always be 'smallest' or unset + return nil, d.Errf("Invalid argument '%s'", smallestOpt) + } + } + for nesting := d.Nesting(); d.NextBlock(nesting); { + switch d.Val() { + case "root_common_name": + rootCommonNameOpt := d.RemainingArgs() + chainPref.RootCommonName = rootCommonNameOpt + if rootCommonNameOpt == nil { + return nil, d.ArgErr() + } + if chainPref.AnyCommonName != nil { + return nil, d.Err("Can't set root_common_name when any_common_name is already set") + } + + case "any_common_name": + anyCommonNameOpt := d.RemainingArgs() + chainPref.AnyCommonName = anyCommonNameOpt + if anyCommonNameOpt == nil { + return nil, d.ArgErr() + } + if chainPref.RootCommonName != nil { + return nil, d.Err("Can't set any_common_name when root_common_name is already set") + } + + default: + return nil, d.Errf("Received unrecognized parameter '%s'", d.Val()) + } + } + + if chainPref.Smallest == nil && chainPref.RootCommonName == nil && chainPref.AnyCommonName == nil { + return nil, d.Err("No options for preferred_chains received") + } + + return chainPref, nil +} + // ChainPreference describes the client's preferred certificate chain, // useful if the CA offers alternate chains. The first matching chain // will be selected. From 05656a60b3b089ce1735a1ebb02539cca9f68fb4 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 9 Jun 2021 14:34:59 -0600 Subject: [PATCH 0407/1498] httpcaddyfile: Don't add HTTP hosts to TLS APs (fix #4176 and fix #4198) In the Caddyfile, hosts specified for HTTP sockets (either scheme is "http" or it is on the HTTP port) should not be used as subjects in TLS automation policies (APs). --- caddyconfig/httpcaddyfile/directives.go | 21 ++++++ caddyconfig/httpcaddyfile/tlsapp.go | 2 +- .../tls_automation_policies_7.txt | 68 +++++++++++++++++++ 3 files changed, 90 insertions(+), 1 deletion(-) create mode 100644 caddytest/integration/caddyfile_adapt/tls_automation_policies_7.txt diff --git a/caddyconfig/httpcaddyfile/directives.go b/caddyconfig/httpcaddyfile/directives.go index 5e194741..75fd473d 100644 --- a/caddyconfig/httpcaddyfile/directives.go +++ b/caddyconfig/httpcaddyfile/directives.go @@ -478,6 +478,27 @@ func (sb serverBlock) hostsFromKeys(loggerMode bool) []string { return sblockHosts } +func (sb serverBlock) hostsFromKeysNotHTTP(httpPort string) []string { + // ensure each entry in our list is unique + hostMap := make(map[string]struct{}) + for _, addr := range sb.keys { + if addr.Host == "" { + continue + } + if addr.Scheme != "http" && addr.Port != httpPort { + hostMap[addr.Host] = struct{}{} + } + } + + // convert map to slice + sblockHosts := make([]string, 0, len(hostMap)) + for host := range hostMap { + sblockHosts = append(sblockHosts, host) + } + + return sblockHosts +} + // hasHostCatchAllKey returns true if sb has a key that // omits a host portion, i.e. it "catches all" hosts. func (sb serverBlock) hasHostCatchAllKey() bool { diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index b7a8f02d..1bfddda1 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -189,7 +189,7 @@ func (st ServerType) buildTLSApp( } // associate our new automation policy with this server block's hosts - ap.Subjects = sblockHosts + ap.Subjects = sblock.hostsFromKeysNotHTTP(httpPort) sort.Strings(ap.Subjects) // solely for deterministic test results // if a combination of public and internal names were given diff --git a/caddytest/integration/caddyfile_adapt/tls_automation_policies_7.txt b/caddytest/integration/caddyfile_adapt/tls_automation_policies_7.txt new file mode 100644 index 00000000..4b17bf3d --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/tls_automation_policies_7.txt @@ -0,0 +1,68 @@ +# (this Caddyfile is contrived, but based on issues #4176 and #4198) + +http://example.com { +} + +https://example.com { + tls internal +} + +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "example.com" + ] + } + ], + "terminal": true + } + ] + }, + "srv1": { + "listen": [ + ":80" + ], + "routes": [ + { + "match": [ + { + "host": [ + "example.com" + ] + } + ], + "terminal": true + } + ] + } + } + }, + "tls": { + "automation": { + "policies": [ + { + "subjects": [ + "example.com" + ], + "issuers": [ + { + "module": "internal" + } + ] + } + ] + } + } + } +} \ No newline at end of file From 89aa3a5ef3e0da58d8a165ffe4c073fda52994db Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Sat, 12 Jun 2021 14:44:32 -0600 Subject: [PATCH 0408/1498] go.mod: Use CertMagic v0.14.0 (fix #4191) * Force auto-renew for OCSP revoked status (maybe) (fix #4191) * Use latest commit * go.mod: Use CertMagic v0.14.0 (fix #4191) Correctly replaces revoked certificates --- go.mod | 2 +- go.sum | 15 +++++++-------- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 9fc4f5b0..f9a86686 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/Masterminds/sprig/v3 v3.2.2 github.com/alecthomas/chroma v0.9.1 github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b - github.com/caddyserver/certmagic v0.13.1 + github.com/caddyserver/certmagic v0.14.0 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-chi/chi v4.1.2+incompatible github.com/google/cel-go v0.7.3 diff --git a/go.sum b/go.sum index b462796a..67762bfa 100644 --- a/go.sum +++ b/go.sum @@ -106,8 +106,8 @@ github.com/bombsimon/wsl/v2 v2.0.0/go.mod h1:mf25kr/SqFEPhhcxW1+7pxzGlW+hIl/hYTK github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= -github.com/caddyserver/certmagic v0.13.1 h1:A5qLxh9J6/CYWEOHaj135IWAjCY0193ONxEy8jbOlPw= -github.com/caddyserver/certmagic v0.13.1/go.mod h1:+zhQtEgLOyXRA/KRduHXNhGGdTeqRM4ePj8eBGD/2CQ= +github.com/caddyserver/certmagic v0.14.0 h1:XW1o32s7smIYEJSc6g+N8YXljpjRo5ZE2zi3CIYTs74= +github.com/caddyserver/certmagic v0.14.0/go.mod h1:oRQOZmUVKwlpgNidslysHt05osM9uMrJ4YMk+Ot4P4Q= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= @@ -398,8 +398,8 @@ github.com/letsencrypt/pkcs11key v2.0.1-0.20170608213348-396559074696+incompatib github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= -github.com/libdns/libdns v0.2.0 h1:ewg3ByWrdUrxrje8ChPVMBNcotg7H9LQYg+u5De2RzI= -github.com/libdns/libdns v0.2.0/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40= +github.com/libdns/libdns v0.2.1 h1:Wu59T7wSHRgtA0cfxC+n1c/e+O3upJGWytknkmFEDis= +github.com/libdns/libdns v0.2.1/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40= github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= github.com/lucas-clemente/quic-go v0.21.0 h1:ZdC8UBxUSBdPlEv1+4y4SqIBy54VA8bRxN7DmkQ0URs= github.com/lucas-clemente/quic-go v0.21.0/go.mod h1:BWkfkkOSJD1AxFNBqdjBZi6FznZ96bhdcvZiA+LDrY8= @@ -440,8 +440,8 @@ github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5 github.com/mholt/acmez v0.1.3 h1:J7MmNIk4Qf9b8mAGqAh4XkNeowv3f1zW816yf4zt7Qk= github.com/mholt/acmez v0.1.3/go.mod h1:8qnn8QA/Ewx8E3ZSsmscqsIjhhpxuy9vqdgbX2ceceM= github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4= -github.com/miekg/dns v1.1.30 h1:Qww6FseFn8PRfw07jueqIXqodm0JKiiKuK0DeXSqfyo= -github.com/miekg/dns v1.1.30/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM= +github.com/miekg/dns v1.1.42 h1:gWGe42RGaIqXQZ+r3WUGEKBEtvPHY2SXo4dqixDNxuY= +github.com/miekg/dns v1.1.42/go.mod h1:+evo5L0630/F6ca/Z9+GAqzhjGyn8/c+TBaOyfEl0V4= github.com/miekg/pkcs11 v1.0.2/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/miekg/pkcs11 v1.0.3-0.20190429190417-a667d056470f/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/mitchellh/copystructure v1.0.0 h1:Laisrj+bAB6b/yJwB5Bt3ITZhGJdqmxquMKeZ+mmkFQ= @@ -852,7 +852,6 @@ golang.org/x/sys v0.0.0-20190626221950-04f50cda93cb/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -884,6 +883,7 @@ golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201231184435-2d18734c6014/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -945,7 +945,6 @@ golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200102140908-9497f49d5709/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= From 8848df9c5d372a559d01512b7a4ef00e38867b55 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 14 Jun 2021 09:03:56 -0600 Subject: [PATCH 0409/1498] Revert "fileserver: Redirect within the original URL (#4179)" This reverts commit f9b54454a19e2b070159ce8d2af76d819658244e. /cc @diamondburned (see #4205) --- modules/caddyhttp/fileserver/browse.go | 9 ++++----- modules/caddyhttp/fileserver/staticfiles.go | 14 ++++++-------- 2 files changed, 10 insertions(+), 13 deletions(-) diff --git a/modules/caddyhttp/fileserver/browse.go b/modules/caddyhttp/fileserver/browse.go index fa6da68d..fc8bddb6 100644 --- a/modules/caddyhttp/fileserver/browse.go +++ b/modules/caddyhttp/fileserver/browse.go @@ -47,11 +47,10 @@ func (fsrv *FileServer) serveBrowse(root, dirPath string, w http.ResponseWriter, // URL doesn't end in a trailing slash because hrefs like // "/b/c" on a path like "/a" end up going to "/b/c" instead // of "/a/b/c" - so we have to redirect in this case - oldReq := r.Context().Value(caddyhttp.OriginalRequestCtxKey).(http.Request) - if !strings.HasSuffix(oldReq.URL.Path, "/") { - fsrv.logger.Debug("redirecting to trailing slash to preserve hrefs", zap.String("request_path", oldReq.URL.Path)) - oldReq.URL.Path += "/" - http.Redirect(w, r, oldReq.URL.String(), http.StatusMovedPermanently) + if !strings.HasSuffix(r.URL.Path, "/") { + fsrv.logger.Debug("redirecting to trailing slash to preserve hrefs", zap.String("request_path", r.URL.Path)) + r.URL.Path += "/" + http.Redirect(w, r, r.URL.String(), http.StatusMovedPermanently) return nil } diff --git a/modules/caddyhttp/fileserver/staticfiles.go b/modules/caddyhttp/fileserver/staticfiles.go index 87e0a771..f2320aab 100644 --- a/modules/caddyhttp/fileserver/staticfiles.go +++ b/modules/caddyhttp/fileserver/staticfiles.go @@ -243,14 +243,12 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c // trailing slash - not enforcing this can break relative hrefs // in HTML (see https://github.com/caddyserver/caddy/issues/2741) if fsrv.CanonicalURIs == nil || *fsrv.CanonicalURIs { - oldReq := r.Context().Value(caddyhttp.OriginalRequestCtxKey).(http.Request) - - if implicitIndexFile && !strings.HasSuffix(oldReq.URL.Path, "/") { - fsrv.logger.Debug("redirecting to canonical URI (adding trailing slash for directory)", zap.String("path", oldReq.URL.Path)) - return redirect(w, r, oldReq.URL.Path+"/") - } else if !implicitIndexFile && strings.HasSuffix(oldReq.URL.Path, "/") { - fsrv.logger.Debug("redirecting to canonical URI (removing trailing slash for file)", zap.String("path", oldReq.URL.Path)) - return redirect(w, r, oldReq.URL.Path[:len(oldReq.URL.Path)-1]) + if implicitIndexFile && !strings.HasSuffix(r.URL.Path, "/") { + fsrv.logger.Debug("redirecting to canonical URI (adding trailing slash for directory)", zap.String("path", r.URL.Path)) + return redirect(w, r, r.URL.Path+"/") + } else if !implicitIndexFile && strings.HasSuffix(r.URL.Path, "/") { + fsrv.logger.Debug("redirecting to canonical URI (removing trailing slash for file)", zap.String("path", r.URL.Path)) + return redirect(w, r, r.URL.Path[:len(r.URL.Path)-1]) } } From 6d25261c2227eb040658a710ebe1f6cfd550bcab Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 14 Jun 2021 14:00:12 -0600 Subject: [PATCH 0410/1498] Expand and clarify security policy While the Caddy project has had very few valid security bug reports over the years, we have a low signal-to-noise ratio with them (lots of invalid reports). Most are out of scope, and it can take too much valuable time for us to determine that. We would prefer researchers do this first. Hopefully these paragraphs spell out much more clearly what we do and don't accept. --- .github/SECURITY.md | 42 +++++++++++++++++++++++++++++++++++++----- 1 file changed, 37 insertions(+), 5 deletions(-) diff --git a/.github/SECURITY.md b/.github/SECURITY.md index 9f940f3e..8a957ce7 100644 --- a/.github/SECURITY.md +++ b/.github/SECURITY.md @@ -2,9 +2,6 @@ The Caddy project would like to make sure that it stays on top of all practically-exploitable vulnerabilities. -Some security problems are more the result of interplay between different components of the Web, rather than a vulnerability in the web server itself. Please report only vulnerabilities in the web server itself, as we cannot coerce the rest of the Web to be fixed (for example, we do not consider IP spoofing or BGP hijacks a vulnerability in the Caddy web server). - -Please note that we consider publicly-registered domain names to be public information. This necessary in order to maintain the integrity of certificate transparency, public DNS, and other public trust systems. ## Supported Versions @@ -14,11 +11,46 @@ Please note that we consider publicly-registered domain names to be public infor | 1.x | :x: | | < 1.x | :x: | + +## Acceptable Scope + +A security report must demonstrate a security bug in the source code from this repository. + +Some security problems are the result of interplay between different components of the Web, rather than a vulnerability in the web server itself. Please only report vulnerabilities in the web server itself, as we cannot coerce the rest of the Web to be fixed (for example, we do not consider IP spoofing, BGP hijacks, or missing/misconfigured HTTP headers a vulnerability in the Caddy web server). + +Vulnerabilities caused by misconfigurations are out of scope. Yes, it is entirely possible to craft and use a configuration that is unsafe, just like with every other web server; we recommend against doing that. + +We do not accept reports if the steps imply or require a compromised system or third-party software, as we cannot control those. We expect that users secure their own systems and keep all their software patched. For example, if untrusted users are able to upload/write/host arbitrary files in the web root directory, it is NOT a security bug in Caddy if those files get served to clients; however, it _would_ be a valid report if a bug in Caddy's source code unintentionally gave unauthorized users the ability to upload unsafe files or delete files without relying on an unpatched system or piece of software. + +Client-side exploits are out of scope. In other words, it is not a bug in Caddy if the web browser does something unsafe, even if the downloaded content was served by Caddy. (Those kinds of exploits can generally be mitigated by proper configuration of HTTP headers.) As a general rule, the content served by Caddy is not considered in scope because content is configurable by the site owner or the associated web application. + +Security bugs in code dependencies are out of scope. Instead, if a dependency has patched a relevant security bug, please feel free to open a public issue or pull request to update that dependency in our code. + + ## Reporting a Vulnerability -Please email Matt Holt (the author) directly: matt [at] lightcodelabs [dot com]. +We get a lot of difficult reports that turn out to be invalid. Clear, obvious reports tend to be the most credible (but are also rare). -We'll need enough information to verify the bug and make a patch. It will speed things up if you suggest a working patch, such as a code diff, and explain why and how it works. Reports that are not actionable, do not contain enough information, are too pushy/demanding, or are not able to convince us that it is a viable and practical attack on the web server itself may be deferred to a later time or possibly ignored, resources permitting. Priority will be given to credible, responsible reports that are constructive, specific, and actionable. Thank you for understanding. +First please ensure your report falls within the accepted scope of security bugs (above). + +We'll need enough information to verify the bug and make a patch. To speed things up, please include: + +- Most minimal possible config (without redactions!) +- Command(s) +- Precise HTTP requests (`curl -v` and its output please) +- Full log output (please enable debug mode) +- Specific minimal steps to reproduce the issue from scratch +- A working patch + +Please DO NOT use containers, VMs, cloud instances or services, or any other complex infrastructure in your steps. Always prefer `curl` instead of web browsers. + +We consider publicly-registered domain names to be public information. This necessary in order to maintain the integrity of certificate transparency, public DNS, and other public trust systems. Do not redact domain names from your reports. The actual content of your domain name affects Caddy's behavior, so we need the exact domain name(s) to reproduce with, or your report will be ignored. + +It will speed things up if you suggest a working patch, such as a code diff, and explain why and how it works. Reports that are not actionable, do not contain enough information, are too pushy/demanding, or are not able to convince us that it is a viable and practical attack on the web server itself may be deferred to a later time or possibly ignored, depending on available resources. Priority will be given to credible, responsible reports that are constructive, specific, and actionable. (We get a lot of invalid reports.) Thank you for understanding. + +When you are ready, please email Matt Holt (the author) directly: matt [at] lightcodelabs [dot com]. + +Please don't encrypt the email body. It only makes the process more complicated. Please also understand that due to our nature as an open source project, we do not have a budget to award security bounties. We can only thank you. From 7c68809f4e13a7ac7c9e216a69410e7c1966c1df Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 15 Jun 2021 14:54:48 -0600 Subject: [PATCH 0411/1498] reverseproxy: Fix overwriting of max_idle_conns_per_host (closes #4201) Also split the Caddyfile subdirective keepalive_idle_conns into two properties so the conns and conns_per_host can be set separately. This is technically a breaking change, but probably anyone who this breaks already had a broken config anyway, and silently fixing it won't help them fix their configs. --- modules/caddyhttp/reverseproxy/caddyfile.go | 22 ++++++++++--------- .../caddyhttp/reverseproxy/httptransport.go | 10 +++------ .../caddyhttp/reverseproxy/reverseproxy.go | 2 +- 3 files changed, 16 insertions(+), 18 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index 61eac7ed..8bbdf5e8 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -978,6 +978,18 @@ func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { h.KeepAlive = new(KeepAlive) } h.KeepAlive.MaxIdleConns = num + + case "keepalive_idle_conns_per_host": + if !d.NextArg() { + return d.ArgErr() + } + num, err := strconv.Atoi(d.Val()) + if err != nil { + return d.Errf("bad integer value '%s': %v", d.Val(), err) + } + if h.KeepAlive == nil { + h.KeepAlive = new(KeepAlive) + } h.KeepAlive.MaxIdleConnsPerHost = num case "versions": @@ -1004,16 +1016,6 @@ func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { } h.MaxConnsPerHost = num - case "max_idle_conns_per_host": - if !d.NextArg() { - return d.ArgErr() - } - num, err := strconv.Atoi(d.Val()) - if err != nil { - return d.Errf("bad integer value '%s': %v", d.Val(), err) - } - h.MaxIdleConnsPerHost = num - default: return d.Errf("unrecognized subdirective %s", d.Val()) } diff --git a/modules/caddyhttp/reverseproxy/httptransport.go b/modules/caddyhttp/reverseproxy/httptransport.go index fdaf56e1..f217a4ba 100644 --- a/modules/caddyhttp/reverseproxy/httptransport.go +++ b/modules/caddyhttp/reverseproxy/httptransport.go @@ -62,9 +62,6 @@ type HTTPTransport struct { // Maximum number of connections per host. Default: 0 (no limit) MaxConnsPerHost int `json:"max_conns_per_host,omitempty"` - // Maximum number of idle connections per host. Default: 0 (uses Go's default of 2) - MaxIdleConnsPerHost int `json:"max_idle_conns_per_host,omitempty"` - // How long to wait before timing out trying to connect to // an upstream. DialTimeout caddy.Duration `json:"dial_timeout,omitempty"` @@ -197,7 +194,6 @@ func (h *HTTPTransport) NewTransport(ctx caddy.Context) (*http.Transport, error) return conn, nil }, MaxConnsPerHost: h.MaxConnsPerHost, - MaxIdleConnsPerHost: h.MaxIdleConnsPerHost, ResponseHeaderTimeout: time.Duration(h.ResponseHeaderTimeout), ExpectContinueTimeout: time.Duration(h.ExpectContinueTimeout), MaxResponseHeaderBytes: h.MaxResponseHeaderSize, @@ -412,13 +408,13 @@ type KeepAlive struct { // How often to probe for liveness. ProbeInterval caddy.Duration `json:"probe_interval,omitempty"` - // Maximum number of idle connections. + // Maximum number of idle connections. Default: 0, which means no limit. MaxIdleConns int `json:"max_idle_conns,omitempty"` - // Maximum number of idle connections per upstream host. + // Maximum number of idle connections per host. Default: 0, which uses Go's default of 2. MaxIdleConnsPerHost int `json:"max_idle_conns_per_host,omitempty"` - // How long connections should be kept alive when idle. + // How long connections should be kept alive when idle. Default: 0, which means no timeout. IdleConnTimeout caddy.Duration `json:"idle_timeout,omitempty"` } diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index dbbf6471..6b217e1a 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -204,7 +204,7 @@ func (h *Handler) Provision(ctx caddy.Context) error { KeepAlive: &KeepAlive{ ProbeInterval: caddy.Duration(30 * time.Second), IdleConnTimeout: caddy.Duration(2 * time.Minute), - MaxIdleConnsPerHost: 32, + MaxIdleConnsPerHost: 32, // seems about optimal, see #2805 }, DialTimeout: caddy.Duration(10 * time.Second), } From 32c284b54a77b6c4d3b38485ac2b6484c783b825 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 15 Jun 2021 15:02:22 -0600 Subject: [PATCH 0412/1498] reverseproxy: Adjust test related to #4201 Commit 7c68809f4e13a7ac7c9e216a69410e7c1966c1df --- .../integration/caddyfile_adapt/reverse_proxy_options.txt | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt b/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt index f9b0010a..544bb9ff 100644 --- a/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt +++ b/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt @@ -21,7 +21,7 @@ https://example.com { versions h2c 2 compression off max_conns_per_host 5 - max_idle_conns_per_host 2 + keepalive_idle_conns_per_host 2 } } } @@ -79,8 +79,10 @@ https://example.com { "dial_fallback_delay": 5000000000, "dial_timeout": 3000000000, "expect_continue_timeout": 9000000000, + "keep_alive": { + "max_idle_conns_per_host": 2 + }, "max_conns_per_host": 5, - "max_idle_conns_per_host": 2, "max_response_header_size": 30000000, "protocol": "http", "read_buffer_size": 10000000, From e8ae80adca5db7102e646954fcc53827732ceb83 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 16 Jun 2021 14:28:34 -0600 Subject: [PATCH 0413/1498] fileserver: Don't persist parsed template (fix #4202) Templates are parsed at request-time (like they are in the templates middleware) to allow live changes to the template while the server is running. Fixes race condition. Also refactored use of a buffer so a buffer put back in the pool will not continue to be used (written to client) in the meantime. A couple of benchmarks removed due to refactor, which is fine, since we know pooling helps here. --- modules/caddyhttp/fileserver/browse.go | 48 ++++++--------- modules/caddyhttp/fileserver/browse_test.go | 68 --------------------- modules/caddyhttp/fileserver/staticfiles.go | 9 --- 3 files changed, 20 insertions(+), 105 deletions(-) delete mode 100644 modules/caddyhttp/fileserver/browse_test.go diff --git a/modules/caddyhttp/fileserver/browse.go b/modules/caddyhttp/fileserver/browse.go index fc8bddb6..750eb143 100644 --- a/modules/caddyhttp/fileserver/browse.go +++ b/modules/caddyhttp/fileserver/browse.go @@ -22,6 +22,7 @@ import ( "os" "path" "strings" + "sync" "text/template" "github.com/caddyserver/caddy/v2" @@ -34,8 +35,6 @@ import ( type Browse struct { // Use this template file instead of the default browse template. TemplateFile string `json:"template_file,omitempty"` - - template *template.Template } func (fsrv *FileServer) serveBrowse(root, dirPath string, w http.ResponseWriter, r *http.Request, next caddyhttp.Handler) error { @@ -75,11 +74,14 @@ func (fsrv *FileServer) serveBrowse(root, dirPath string, w http.ResponseWriter, fsrv.browseApplyQueryParams(w, r, &listing) - // write response as either JSON or HTML - var buf *bytes.Buffer + buf := bufPool.Get().(*bytes.Buffer) + defer bufPool.Put(buf) + acceptHeader := strings.ToLower(strings.Join(r.Header["Accept"], ",")) + + // write response as either JSON or HTML if strings.Contains(acceptHeader, "application/json") { - if buf, err = fsrv.browseWriteJSON(listing); err != nil { + if err := json.NewEncoder(buf).Encode(listing.Items); err != nil { return caddyhttp.Error(http.StatusInternalServerError, err) } w.Header().Set("Content-Type", "application/json; charset=utf-8") @@ -98,12 +100,11 @@ func (fsrv *FileServer) serveBrowse(root, dirPath string, w http.ResponseWriter, browseTemplateContext: listing, } - err = fsrv.makeBrowseTemplate(tplCtx) + tpl, err := fsrv.makeBrowseTemplate(tplCtx) if err != nil { return fmt.Errorf("parsing browse template: %v", err) } - - if buf, err = fsrv.browseWriteHTML(tplCtx); err != nil { + if err := tpl.Execute(buf, tplCtx); err != nil { return caddyhttp.Error(http.StatusInternalServerError, err) } w.Header().Set("Content-Type", "text/html; charset=utf-8") @@ -161,7 +162,7 @@ func (fsrv *FileServer) browseApplyQueryParams(w http.ResponseWriter, r *http.Re } // makeBrowseTemplate creates the template to be used for directory listings. -func (fsrv *FileServer) makeBrowseTemplate(tplCtx *templateContext) error { +func (fsrv *FileServer) makeBrowseTemplate(tplCtx *templateContext) (*template.Template, error) { var tpl *template.Template var err error @@ -169,33 +170,17 @@ func (fsrv *FileServer) makeBrowseTemplate(tplCtx *templateContext) error { tpl = tplCtx.NewTemplate(path.Base(fsrv.Browse.TemplateFile)) tpl, err = tpl.ParseFiles(fsrv.Browse.TemplateFile) if err != nil { - return fmt.Errorf("parsing browse template file: %v", err) + return nil, fmt.Errorf("parsing browse template file: %v", err) } } else { tpl = tplCtx.NewTemplate("default_listing") tpl, err = tpl.Parse(defaultBrowseTemplate) if err != nil { - return fmt.Errorf("parsing default browse template: %v", err) + return nil, fmt.Errorf("parsing default browse template: %v", err) } } - fsrv.Browse.template = tpl - - return nil -} - -func (fsrv *FileServer) browseWriteJSON(listing browseTemplateContext) (*bytes.Buffer, error) { - buf := bufPool.Get().(*bytes.Buffer) - defer bufPool.Put(buf) - err := json.NewEncoder(buf).Encode(listing.Items) - return buf, err -} - -func (fsrv *FileServer) browseWriteHTML(tplCtx *templateContext) (*bytes.Buffer, error) { - buf := bufPool.Get().(*bytes.Buffer) - defer bufPool.Put(buf) - err := fsrv.Browse.template.Execute(buf, tplCtx) - return buf, err + return tpl, nil } // isSymlink return true if f is a symbolic link @@ -224,3 +209,10 @@ type templateContext struct { templates.TemplateContext browseTemplateContext } + +// bufPool is used to increase the efficiency of file listings. +var bufPool = sync.Pool{ + New: func() interface{} { + return new(bytes.Buffer) + }, +} diff --git a/modules/caddyhttp/fileserver/browse_test.go b/modules/caddyhttp/fileserver/browse_test.go deleted file mode 100644 index 30862fa4..00000000 --- a/modules/caddyhttp/fileserver/browse_test.go +++ /dev/null @@ -1,68 +0,0 @@ -// Copyright 2015 Matthew Holt and The Caddy Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package fileserver - -import ( - "testing" - "text/template" -) - -func BenchmarkBrowseWriteJSON(b *testing.B) { - fsrv := new(FileServer) - listing := browseTemplateContext{ - Name: "test", - Path: "test", - CanGoUp: false, - Items: make([]fileInfo, 100), - NumDirs: 42, - NumFiles: 420, - Sort: "", - Order: "", - Limit: 42, - } - b.ResetTimer() - - for n := 0; n < b.N; n++ { - fsrv.browseWriteJSON(listing) - } -} - -func BenchmarkBrowseWriteHTML(b *testing.B) { - fsrv := new(FileServer) - fsrv.Browse = &Browse{ - TemplateFile: "", - template: template.New("test"), - } - listing := browseTemplateContext{ - Name: "test", - Path: "test", - CanGoUp: false, - Items: make([]fileInfo, 100), - NumDirs: 42, - NumFiles: 420, - Sort: "", - Order: "", - Limit: 42, - } - tplCtx := &templateContext{ - browseTemplateContext: listing, - } - fsrv.makeBrowseTemplate(tplCtx) - b.ResetTimer() - - for n := 0; n < b.N; n++ { - fsrv.browseWriteHTML(tplCtx) - } -} diff --git a/modules/caddyhttp/fileserver/staticfiles.go b/modules/caddyhttp/fileserver/staticfiles.go index f2320aab..f151e323 100644 --- a/modules/caddyhttp/fileserver/staticfiles.go +++ b/modules/caddyhttp/fileserver/staticfiles.go @@ -15,7 +15,6 @@ package fileserver import ( - "bytes" "fmt" weakrand "math/rand" "mime" @@ -24,7 +23,6 @@ import ( "path/filepath" "strconv" "strings" - "sync" "time" "github.com/caddyserver/caddy/v2" @@ -178,7 +176,6 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c } else if os.IsPermission(err) { return caddyhttp.Error(http.StatusForbidden, err) } - // TODO: treat this as resource exhaustion like with os.Open? Or unnecessary here? return caddyhttp.Error(http.StatusInternalServerError, err) } @@ -555,12 +552,6 @@ func (wr statusOverrideResponseWriter) WriteHeader(int) { var defaultIndexNames = []string{"index.html", "index.txt"} -var bufPool = sync.Pool{ - New: func() interface{} { - return new(bytes.Buffer) - }, -} - const ( minBackoff, maxBackoff = 2, 5 separator = string(filepath.Separator) From 238914d70b0f6c277494f0296a15eb9eb84ecc76 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 16 Jun 2021 14:29:42 -0600 Subject: [PATCH 0414/1498] Some misc. cleanup The fastcgi changes came from v1 which don't make sense in v2. Fix comment about default value in reverse proxy keep alive. --- modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go | 10 ++-------- modules/caddyhttp/reverseproxy/httptransport.go | 2 +- 2 files changed, 3 insertions(+), 9 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go b/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go index 09764374..d7a0e369 100644 --- a/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go +++ b/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go @@ -236,13 +236,7 @@ func (t Transport) buildEnv(r *http.Request) (map[string]string, error) { // original URI in as the value of REQUEST_URI (the user can overwrite this // if desired). Most PHP apps seem to want the original URI. Besides, this is // how nginx defaults: http://stackoverflow.com/a/12485156/1048862 - origReq, ok := r.Context().Value(caddyhttp.OriginalRequestCtxKey).(http.Request) - if !ok { - // some requests, like active health checks, don't add this to - // the request context, so we can just use the current URL - origReq = *r - } - reqURL := origReq.URL + origReq := r.Context().Value(caddyhttp.OriginalRequestCtxKey).(http.Request) requestScheme := "http" if r.TLS != nil { @@ -285,7 +279,7 @@ func (t Transport) buildEnv(r *http.Request) (map[string]string, error) { "DOCUMENT_ROOT": root, "DOCUMENT_URI": docURI, "HTTP_HOST": r.Host, // added here, since not always part of headers - "REQUEST_URI": reqURL.RequestURI(), + "REQUEST_URI": origReq.URL.RequestURI(), "SCRIPT_FILENAME": scriptFilename, "SCRIPT_NAME": scriptName, } diff --git a/modules/caddyhttp/reverseproxy/httptransport.go b/modules/caddyhttp/reverseproxy/httptransport.go index f217a4ba..19328513 100644 --- a/modules/caddyhttp/reverseproxy/httptransport.go +++ b/modules/caddyhttp/reverseproxy/httptransport.go @@ -411,7 +411,7 @@ type KeepAlive struct { // Maximum number of idle connections. Default: 0, which means no limit. MaxIdleConns int `json:"max_idle_conns,omitempty"` - // Maximum number of idle connections per host. Default: 0, which uses Go's default of 2. + // Maximum number of idle connections per host. Default: 32. MaxIdleConnsPerHost int `json:"max_idle_conns_per_host,omitempty"` // How long connections should be kept alive when idle. Default: 0, which means no timeout. From fbd6560976dc73052bd5d3277869912de68f6731 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 17 Jun 2021 09:55:49 -0600 Subject: [PATCH 0415/1498] fileserver: Only redirect if filename not rewritten (fix #4205) This is the more correct implementation of 23dadc0d86dd75dad7559c25f20c9641bc7bc30f (#4179)... I think. This commit effectively undoes the revert in 8848df9c5d372a559d01512b7a4ef00e38867b55, but with corrections to the logic. We *do* need to use the original request path (the path the browser knows) for redirects, since they are external, and rewrites are only internal. However, if the path was rewritten to a non-canonical path, we should not redirect to canonicalize that, since rewrites are intentional by the site owner. Canonicalizing the path involves modifying only the suffix (base element, or filename) of the path. Thus, if a rewrite involves only the prefix (like how handle_path strips a path prefix), then we can (hopefully!) safely redirect using the original URI since the filename was not rewritten. So basically, if rewrites modify the filename, we should not canonicalize those requests. If rewrites only modify another part of the path (commonly a prefix), we should be OK to redirect. --- modules/caddyhttp/fileserver/browse.go | 29 +++++++++++++++------ modules/caddyhttp/fileserver/staticfiles.go | 27 ++++++++++++++----- 2 files changed, 42 insertions(+), 14 deletions(-) diff --git a/modules/caddyhttp/fileserver/browse.go b/modules/caddyhttp/fileserver/browse.go index 750eb143..3122f12b 100644 --- a/modules/caddyhttp/fileserver/browse.go +++ b/modules/caddyhttp/fileserver/browse.go @@ -42,15 +42,28 @@ func (fsrv *FileServer) serveBrowse(root, dirPath string, w http.ResponseWriter, zap.String("path", dirPath), zap.String("root", root)) - // navigation on the client-side gets messed up if the - // URL doesn't end in a trailing slash because hrefs like - // "/b/c" on a path like "/a" end up going to "/b/c" instead + // Navigation on the client-side gets messed up if the + // URL doesn't end in a trailing slash because hrefs to + // "b/c" at path "/a" end up going to "/b/c" instead // of "/a/b/c" - so we have to redirect in this case - if !strings.HasSuffix(r.URL.Path, "/") { - fsrv.logger.Debug("redirecting to trailing slash to preserve hrefs", zap.String("request_path", r.URL.Path)) - r.URL.Path += "/" - http.Redirect(w, r, r.URL.String(), http.StatusMovedPermanently) - return nil + // so that the path is "/a/" and the client constructs + // relative hrefs "b/c" to be "/a/b/c". + // + // Only redirect if the last element of the path (the filename) was not + // rewritten; if the admin wanted to rewrite to the canonical path, they + // would have, and we have to be very careful not to introduce unwanted + // redirects and especially redirect loops! (Redirecting using the + // original URI is necessary because that's the URI the browser knows, + // we don't want to redirect from internally-rewritten URIs.) + // See https://github.com/caddyserver/caddy/issues/4205. + origReq := r.Context().Value(caddyhttp.OriginalRequestCtxKey).(http.Request) + if path.Base(origReq.URL.Path) == path.Base(r.URL.Path) { + if !strings.HasSuffix(origReq.URL.Path, "/") { + fsrv.logger.Debug("redirecting to trailing slash to preserve hrefs", zap.String("request_path", r.URL.Path)) + origReq.URL.Path += "/" + http.Redirect(w, r, origReq.URL.String(), http.StatusMovedPermanently) + return nil + } } dir, err := fsrv.openFile(dirPath, w) diff --git a/modules/caddyhttp/fileserver/staticfiles.go b/modules/caddyhttp/fileserver/staticfiles.go index f151e323..9266332a 100644 --- a/modules/caddyhttp/fileserver/staticfiles.go +++ b/modules/caddyhttp/fileserver/staticfiles.go @@ -20,6 +20,7 @@ import ( "mime" "net/http" "os" + "path" "path/filepath" "strconv" "strings" @@ -240,12 +241,26 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c // trailing slash - not enforcing this can break relative hrefs // in HTML (see https://github.com/caddyserver/caddy/issues/2741) if fsrv.CanonicalURIs == nil || *fsrv.CanonicalURIs { - if implicitIndexFile && !strings.HasSuffix(r.URL.Path, "/") { - fsrv.logger.Debug("redirecting to canonical URI (adding trailing slash for directory)", zap.String("path", r.URL.Path)) - return redirect(w, r, r.URL.Path+"/") - } else if !implicitIndexFile && strings.HasSuffix(r.URL.Path, "/") { - fsrv.logger.Debug("redirecting to canonical URI (removing trailing slash for file)", zap.String("path", r.URL.Path)) - return redirect(w, r, r.URL.Path[:len(r.URL.Path)-1]) + // Only redirect if the last element of the path (the filename) was not + // rewritten; if the admin wanted to rewrite to the canonical path, they + // would have, and we have to be very careful not to introduce unwanted + // redirects and especially redirect loops! + // See https://github.com/caddyserver/caddy/issues/4205. + origReq := r.Context().Value(caddyhttp.OriginalRequestCtxKey).(http.Request) + if path.Base(origReq.URL.Path) == path.Base(r.URL.Path) { + if implicitIndexFile && !strings.HasSuffix(origReq.URL.Path, "/") { + to := origReq.URL.Path + "/" + fsrv.logger.Debug("redirecting to canonical URI (adding trailing slash for directory)", + zap.String("from_path", origReq.URL.Path), + zap.String("to_path", to)) + return redirect(w, r, to) + } else if !implicitIndexFile && strings.HasSuffix(origReq.URL.Path, "/") { + to := origReq.URL.Path[:len(origReq.URL.Path)-1] + fsrv.logger.Debug("redirecting to canonical URI (removing trailing slash for file)", + zap.String("from_path", origReq.URL.Path), + zap.String("to_path", to)) + return redirect(w, r, to) + } } } From 9d4ed3a3236df06e54c80c4f6633b66d68ad3673 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Thu, 17 Jun 2021 09:59:08 -0600 Subject: [PATCH 0416/1498] caddyhttp: Refactor and export SanitizedPathJoin for use in fastcgi (#4207) --- modules/caddyhttp/caddyhttp.go | 29 ++++++ modules/caddyhttp/caddyhttp_test.go | 94 +++++++++++++++++++ modules/caddyhttp/fileserver/browse.go | 2 +- modules/caddyhttp/fileserver/matcher.go | 2 +- modules/caddyhttp/fileserver/matcher_test.go | 4 +- modules/caddyhttp/fileserver/staticfiles.go | 40 +------- .../caddyhttp/fileserver/staticfiles_test.go | 84 ----------------- .../caddyhttp/reverseproxy/fastcgi/fastcgi.go | 10 +- 8 files changed, 131 insertions(+), 134 deletions(-) create mode 100644 modules/caddyhttp/caddyhttp_test.go diff --git a/modules/caddyhttp/caddyhttp.go b/modules/caddyhttp/caddyhttp.go index d93a5c8a..784b2b90 100644 --- a/modules/caddyhttp/caddyhttp.go +++ b/modules/caddyhttp/caddyhttp.go @@ -20,7 +20,9 @@ import ( "io" "net" "net/http" + "path/filepath" "strconv" + "strings" "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" @@ -217,6 +219,31 @@ func StatusCodeMatches(actual, configured int) bool { return false } +// SanitizedPathJoin performs filepath.Join(root, reqPath) that +// is safe against directory traversal attacks. It uses logic +// similar to that in the Go standard library, specifically +// in the implementation of http.Dir. The root is assumed to +// be a trusted path, but reqPath is not; and the output will +// never be outside of root. The resulting path can be used +// with the local file system. +func SanitizedPathJoin(root, reqPath string) string { + if root == "" { + root = "." + } + + path := filepath.Join(root, filepath.Clean("/"+reqPath)) + + // filepath.Join also cleans the path, and cleaning strips + // the trailing slash, so we need to re-add it afterwards. + // if the length is 1, then it's a path to the root, + // and that should return ".", so we don't append the separator. + if strings.HasSuffix(reqPath, "/") && len(reqPath) > 1 { + path += separator + } + + return path +} + // tlsPlaceholderWrapper is a no-op listener wrapper that marks // where the TLS listener should be in a chain of listener wrappers. // It should only be used if another listener wrapper must be placed @@ -242,6 +269,8 @@ const ( DefaultHTTPSPort = 443 ) +const separator = string(filepath.Separator) + // Interface guard var _ caddy.ListenerWrapper = (*tlsPlaceholderWrapper)(nil) var _ caddyfile.Unmarshaler = (*tlsPlaceholderWrapper)(nil) diff --git a/modules/caddyhttp/caddyhttp_test.go b/modules/caddyhttp/caddyhttp_test.go new file mode 100644 index 00000000..09011fe9 --- /dev/null +++ b/modules/caddyhttp/caddyhttp_test.go @@ -0,0 +1,94 @@ +package caddyhttp + +import ( + "net/url" + "path/filepath" + "testing" +) + +func TestSanitizedPathJoin(t *testing.T) { + // For reference: + // %2e = . + // %2f = / + // %5c = \ + for i, tc := range []struct { + inputRoot string + inputPath string + expect string + }{ + { + inputPath: "", + expect: ".", + }, + { + inputPath: "/", + expect: ".", + }, + { + inputPath: "/foo", + expect: "foo", + }, + { + inputPath: "/foo/", + expect: "foo" + separator, + }, + { + inputPath: "/foo/bar", + expect: filepath.Join("foo", "bar"), + }, + { + inputRoot: "/a", + inputPath: "/foo/bar", + expect: filepath.Join("/", "a", "foo", "bar"), + }, + { + inputPath: "/foo/../bar", + expect: "bar", + }, + { + inputRoot: "/a/b", + inputPath: "/foo/../bar", + expect: filepath.Join("/", "a", "b", "bar"), + }, + { + inputRoot: "/a/b", + inputPath: "/..%2fbar", + expect: filepath.Join("/", "a", "b", "bar"), + }, + { + inputRoot: "/a/b", + inputPath: "/%2e%2e%2fbar", + expect: filepath.Join("/", "a", "b", "bar"), + }, + { + inputRoot: "/a/b", + inputPath: "/%2e%2e%2f%2e%2e%2f", + expect: filepath.Join("/", "a", "b") + separator, + }, + { + inputRoot: "C:\\www", + inputPath: "/foo/bar", + expect: filepath.Join("C:\\www", "foo", "bar"), + }, + { + inputRoot: "C:\\www", + inputPath: "/D:\\foo\\bar", + expect: filepath.Join("C:\\www", "D:\\foo\\bar"), + }, + } { + // we don't *need* to use an actual parsed URL, but it + // adds some authenticity to the tests since real-world + // values will be coming in from URLs; thus, the test + // corpus can contain paths as encoded by clients, which + // more closely emulates the actual attack vector + u, err := url.Parse("http://test:9999" + tc.inputPath) + if err != nil { + t.Fatalf("Test %d: invalid URL: %v", i, err) + } + actual := SanitizedPathJoin(tc.inputRoot, u.Path) + if actual != tc.expect { + t.Errorf("Test %d: SanitizedPathJoin('%s', '%s') => %s (expected '%s')", + i, tc.inputRoot, tc.inputPath, actual, tc.expect) + } + } +} diff --git a/modules/caddyhttp/fileserver/browse.go b/modules/caddyhttp/fileserver/browse.go index 3122f12b..cd9bcbcd 100644 --- a/modules/caddyhttp/fileserver/browse.go +++ b/modules/caddyhttp/fileserver/browse.go @@ -207,7 +207,7 @@ func isSymlinkTargetDir(f os.FileInfo, root, urlPath string) bool { if !isSymlink(f) { return false } - target := sanitizedPathJoin(root, path.Join(urlPath, f.Name())) + target := caddyhttp.SanitizedPathJoin(root, path.Join(urlPath, f.Name())) targetInfo, err := os.Stat(target) if err != nil { return false diff --git a/modules/caddyhttp/fileserver/matcher.go b/modules/caddyhttp/fileserver/matcher.go index 064398c6..739b9e05 100644 --- a/modules/caddyhttp/fileserver/matcher.go +++ b/modules/caddyhttp/fileserver/matcher.go @@ -185,7 +185,7 @@ func (m MatchFile) selectFile(r *http.Request) (matched bool) { if strings.HasSuffix(file, "/") { suffix += "/" } - fullpath = sanitizedPathJoin(root, suffix) + fullpath = caddyhttp.SanitizedPathJoin(root, suffix) return } diff --git a/modules/caddyhttp/fileserver/matcher_test.go b/modules/caddyhttp/fileserver/matcher_test.go index e3199077..746a5d78 100644 --- a/modules/caddyhttp/fileserver/matcher_test.go +++ b/modules/caddyhttp/fileserver/matcher_test.go @@ -94,7 +94,7 @@ func TestFileMatcher(t *testing.T) { t.Fatalf("Test %d: actual path: %v, expected: %v", i, rel, tc.expectedPath) } - fileType, ok := repl.Get("http.matchers.file.type") + fileType, _ := repl.Get("http.matchers.file.type") if fileType != tc.expectedType { t.Fatalf("Test %d: actual file type: %v, expected: %v", i, fileType, tc.expectedType) } @@ -197,7 +197,7 @@ func TestPHPFileMatcher(t *testing.T) { t.Fatalf("Test %d: actual path: %v, expected: %v", i, rel, tc.expectedPath) } - fileType, ok := repl.Get("http.matchers.file.type") + fileType, _ := repl.Get("http.matchers.file.type") if fileType != tc.expectedType { t.Fatalf("Test %d: actual file type: %v, expected: %v", i, fileType, tc.expectedType) } diff --git a/modules/caddyhttp/fileserver/staticfiles.go b/modules/caddyhttp/fileserver/staticfiles.go index 9266332a..45f8610d 100644 --- a/modules/caddyhttp/fileserver/staticfiles.go +++ b/modules/caddyhttp/fileserver/staticfiles.go @@ -161,7 +161,7 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c filesToHide := fsrv.transformHidePaths(repl) root := repl.ReplaceAll(fsrv.Root, ".") - filename := sanitizedPathJoin(root, r.URL.Path) + filename := caddyhttp.SanitizedPathJoin(root, r.URL.Path) fsrv.logger.Debug("sanitized path join", zap.String("site_root", root), @@ -185,7 +185,7 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c var implicitIndexFile bool if info.IsDir() && len(fsrv.IndexNames) > 0 { for _, indexPage := range fsrv.IndexNames { - indexPath := sanitizedPathJoin(filename, indexPage) + indexPath := caddyhttp.SanitizedPathJoin(filename, indexPage) if fileHidden(indexPath, filesToHide) { // pretend this file doesn't exist fsrv.logger.Debug("hiding index file", @@ -435,42 +435,6 @@ func (fsrv *FileServer) transformHidePaths(repl *caddy.Replacer) []string { return hide } -// sanitizedPathJoin performs filepath.Join(root, reqPath) that -// is safe against directory traversal attacks. It uses logic -// similar to that in the Go standard library, specifically -// in the implementation of http.Dir. The root is assumed to -// be a trusted path, but reqPath is not. -func sanitizedPathJoin(root, reqPath string) string { - // TODO: Caddy 1 uses this: - // prevent absolute path access on Windows, e.g. http://localhost:5000/C:\Windows\notepad.exe - // if runtime.GOOS == "windows" && len(reqPath) > 0 && filepath.IsAbs(reqPath[1:]) { - // TODO. - // } - - // TODO: whereas std lib's http.Dir.Open() uses this: - // if filepath.Separator != '/' && strings.ContainsRune(name, filepath.Separator) { - // return nil, errors.New("http: invalid character in file path") - // } - - // TODO: see https://play.golang.org/p/oh77BiVQFti for another thing to consider - - if root == "" { - root = "." - } - - path := filepath.Join(root, filepath.Clean("/"+reqPath)) - - // filepath.Join also cleans the path, and cleaning strips - // the trailing slash, so we need to re-add it afterwards. - // if the length is 1, then it's a path to the root, - // and that should return ".", so we don't append the separator. - if strings.HasSuffix(reqPath, "/") && len(reqPath) > 1 { - path += separator - } - - return path -} - // fileHidden returns true if filename is hidden according to the hide list. // filename must be a relative or absolute file system path, not a request // URI path. It is expected that all the paths in the hide list are absolute diff --git a/modules/caddyhttp/fileserver/staticfiles_test.go b/modules/caddyhttp/fileserver/staticfiles_test.go index 690f46ac..5d6133c7 100644 --- a/modules/caddyhttp/fileserver/staticfiles_test.go +++ b/modules/caddyhttp/fileserver/staticfiles_test.go @@ -15,96 +15,12 @@ package fileserver import ( - "net/url" "path/filepath" "runtime" "strings" "testing" ) -func TestSanitizedPathJoin(t *testing.T) { - // For easy reference: - // %2e = . - // %2f = / - // %5c = \ - for i, tc := range []struct { - inputRoot string - inputPath string - expect string - }{ - { - inputPath: "", - expect: ".", - }, - { - inputPath: "/", - expect: ".", - }, - { - inputPath: "/foo", - expect: "foo", - }, - { - inputPath: "/foo/", - expect: "foo" + separator, - }, - { - inputPath: "/foo/bar", - expect: filepath.Join("foo", "bar"), - }, - { - inputRoot: "/a", - inputPath: "/foo/bar", - expect: filepath.Join("/", "a", "foo", "bar"), - }, - { - inputPath: "/foo/../bar", - expect: "bar", - }, - { - inputRoot: "/a/b", - inputPath: "/foo/../bar", - expect: filepath.Join("/", "a", "b", "bar"), - }, - { - inputRoot: "/a/b", - inputPath: "/..%2fbar", - expect: filepath.Join("/", "a", "b", "bar"), - }, - { - inputRoot: "/a/b", - inputPath: "/%2e%2e%2fbar", - expect: filepath.Join("/", "a", "b", "bar"), - }, - { - inputRoot: "/a/b", - inputPath: "/%2e%2e%2f%2e%2e%2f", - expect: filepath.Join("/", "a", "b") + separator, - }, - { - inputRoot: "C:\\www", - inputPath: "/foo/bar", - expect: filepath.Join("C:\\www", "foo", "bar"), - }, - // TODO: test more windows paths... on windows... sigh. - } { - // we don't *need* to use an actual parsed URL, but it - // adds some authenticity to the tests since real-world - // values will be coming in from URLs; thus, the test - // corpus can contain paths as encoded by clients, which - // more closely emulates the actual attack vector - u, err := url.Parse("http://test:9999" + tc.inputPath) - if err != nil { - t.Fatalf("Test %d: invalid URL: %v", i, err) - } - actual := sanitizedPathJoin(tc.inputRoot, u.Path) - if actual != tc.expect { - t.Errorf("Test %d: [%s %s] => %s (expected %s)", - i, tc.inputRoot, tc.inputPath, actual, tc.expect) - } - } -} - func TestFileHidden(t *testing.T) { for i, tc := range []struct { inputHide []string diff --git a/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go b/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go index d7a0e369..40e0207f 100644 --- a/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go +++ b/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go @@ -20,7 +20,6 @@ import ( "fmt" "net" "net/http" - "path" "path/filepath" "strconv" "strings" @@ -218,12 +217,7 @@ func (t Transport) buildEnv(r *http.Request) (map[string]string, error) { } // SCRIPT_FILENAME is the absolute path of SCRIPT_NAME - scriptFilename := filepath.Join(root, scriptName) - - // Add vhost path prefix to scriptName. Otherwise, some PHP software will - // have difficulty discovering its URL. - pathPrefix, _ := r.Context().Value(caddy.CtxKey("path_prefix")).(string) - scriptName = path.Join(pathPrefix, scriptName) + scriptFilename := caddyhttp.SanitizedPathJoin(root, scriptName) // Ensure the SCRIPT_NAME has a leading slash for compliance with RFC3875 // Info: https://tools.ietf.org/html/rfc3875#section-4.1.13 @@ -288,7 +282,7 @@ func (t Transport) buildEnv(r *http.Request) (map[string]string, error) { // PATH_TRANSLATED should only exist if PATH_INFO is defined. // Info: https://www.ietf.org/rfc/rfc3875 Page 14 if env["PATH_INFO"] != "" { - env["PATH_TRANSLATED"] = filepath.Join(root, pathInfo) // Info: http://www.oreilly.com/openbook/cgi/ch02_04.html + env["PATH_TRANSLATED"] = caddyhttp.SanitizedPathJoin(root, pathInfo) // Info: http://www.oreilly.com/openbook/cgi/ch02_04.html } // compliance with the CGI specification requires that From 69c914483d448cae05ebc4b658a331682532d3d3 Mon Sep 17 00:00:00 2001 From: Klaus Post Date: Fri, 18 Jun 2021 10:49:49 -0700 Subject: [PATCH 0417/1498] encode: Tweak compression settings (#4215) * Tweak compression settings zstd: Limit window sizes to 128K to keep memory in control both server and client size. zstd: Write 0 length frames. This may be needed for compatibility. zstd: Create fewer encoders. Small memory improvement. gzip: Allow -2 (Huffman only) and -3 (stateless) compression modes. * Update modules/caddyhttp/encode/zstd/zstd.go Update docs. Co-authored-by: Francis Lavoie Co-authored-by: Francis Lavoie --- modules/caddyhttp/encode/gzip/gzip.go | 9 ++++----- modules/caddyhttp/encode/zstd/zstd.go | 5 ++++- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/modules/caddyhttp/encode/gzip/gzip.go b/modules/caddyhttp/encode/gzip/gzip.go index 8215b3fb..02125831 100644 --- a/modules/caddyhttp/encode/gzip/gzip.go +++ b/modules/caddyhttp/encode/gzip/gzip.go @@ -15,7 +15,6 @@ package caddygzip import ( - "compress/flate" "fmt" "strconv" @@ -68,11 +67,11 @@ func (g *Gzip) Provision(ctx caddy.Context) error { // Validate validates g's configuration. func (g Gzip) Validate() error { - if g.Level < flate.NoCompression { - return fmt.Errorf("quality too low; must be >= %d", flate.NoCompression) + if g.Level < gzip.StatelessCompression { + return fmt.Errorf("quality too low; must be >= %d", gzip.StatelessCompression) } - if g.Level > flate.BestCompression { - return fmt.Errorf("quality too high; must be <= %d", flate.BestCompression) + if g.Level > gzip.BestCompression { + return fmt.Errorf("quality too high; must be <= %d", gzip.BestCompression) } return nil } diff --git a/modules/caddyhttp/encode/zstd/zstd.go b/modules/caddyhttp/encode/zstd/zstd.go index 5182fc4e..d2a638cb 100644 --- a/modules/caddyhttp/encode/zstd/zstd.go +++ b/modules/caddyhttp/encode/zstd/zstd.go @@ -47,7 +47,10 @@ func (Zstd) AcceptEncoding() string { return "zstd" } // NewEncoder returns a new gzip writer. func (z Zstd) NewEncoder() encode.Encoder { - writer, _ := zstd.NewWriter(nil) + // The default of 8MB for the window is + // too large for many clients, so we limit + // it to 128K to lighten their load. + writer, _ := zstd.NewWriter(nil, zstd.WithWindowSize(128<<10), zstd.WithEncoderConcurrency(1), zstd.WithZeroFrames(true)) return writer } From 885a9aaf48316ee17ec668fe0174f32d95431bb5 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 18 Jun 2021 12:02:36 -0600 Subject: [PATCH 0418/1498] go.mod: Update dependencies (close #4216) --- go.mod | 8 ++++---- go.sum | 26 +++++++++++++------------- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/go.mod b/go.mod index f9a86686..8ee7b0d8 100644 --- a/go.mod +++ b/go.mod @@ -4,16 +4,16 @@ go 1.15 require ( github.com/Masterminds/sprig/v3 v3.2.2 - github.com/alecthomas/chroma v0.9.1 + github.com/alecthomas/chroma v0.9.2 github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b github.com/caddyserver/certmagic v0.14.0 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-chi/chi v4.1.2+incompatible github.com/google/cel-go v0.7.3 github.com/google/uuid v1.2.0 - github.com/klauspost/compress v1.13.0 + github.com/klauspost/compress v1.13.1 github.com/klauspost/cpuid/v2 v2.0.6 - github.com/lucas-clemente/quic-go v0.21.0 + github.com/lucas-clemente/quic-go v0.21.1 github.com/mholt/acmez v0.1.3 github.com/naoina/go-stringutil v0.1.0 // indirect github.com/naoina/toml v0.1.1 @@ -22,7 +22,7 @@ require ( github.com/smallstep/cli v0.15.16 github.com/smallstep/nosql v0.3.6 github.com/smallstep/truststore v0.9.6 - github.com/yuin/goldmark v1.3.7 + github.com/yuin/goldmark v1.3.8 github.com/yuin/goldmark-highlighting v0.0.0-20210516132338-9216f9c5aa01 go.uber.org/zap v1.17.0 golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a diff --git a/go.sum b/go.sum index 67762bfa..2a96e69e 100644 --- a/go.sum +++ b/go.sum @@ -74,8 +74,8 @@ github.com/ThomasRooney/gexpect v0.0.0-20161231170123-5482f0350944/go.mod h1:sPM github.com/alecthomas/assert v0.0.0-20170929043011-405dbfeb8e38 h1:smF2tmSOzy2Mm+0dGI2AIUHY+w0BUc+4tn40djz7+6U= github.com/alecthomas/assert v0.0.0-20170929043011-405dbfeb8e38/go.mod h1:r7bzyVFMNntcxPZXK3/+KdruV1H5KSlyVY0gc+NgInI= github.com/alecthomas/chroma v0.7.2-0.20200305040604-4f3623dce67a/go.mod h1:fv5SzZPFJbwp2NXJWpFIX7DZS4HgV1K4ew4Pc2OZD9s= -github.com/alecthomas/chroma v0.9.1 h1:cBmvQqRImzR5aWqdMxYZByND4S7BCS/g0svZb28h0Dc= -github.com/alecthomas/chroma v0.9.1/go.mod h1:eMuEnpA18XbG/WhOWtCzJHS7WqEtDAI+HxdwoW0nVSk= +github.com/alecthomas/chroma v0.9.2 h1:yU1sE2+TZbLIQPMk30SolL2Hn53SR/Pv750f7qZ/XMs= +github.com/alecthomas/chroma v0.9.2/go.mod h1:eMuEnpA18XbG/WhOWtCzJHS7WqEtDAI+HxdwoW0nVSk= github.com/alecthomas/colour v0.0.0-20160524082231-60882d9e2721 h1:JHZL0hZKJ1VENNfmXvHbgYlbUOvpzYzvy2aZU5gXVeo= github.com/alecthomas/colour v0.0.0-20160524082231-60882d9e2721/go.mod h1:QO9JBoKquHd+jz9nshCh40fOfO+JzsoXy8qTHF68zU0= github.com/alecthomas/kong v0.2.1-0.20190708041108-0548c6b1afae/go.mod h1:+inYUSluD+p4L8KdviBSgzcqEjUQOfC5fQDRFuc36lI= @@ -235,8 +235,8 @@ github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= -github.com/golang/mock v1.5.0 h1:jlYHihg//f7RRwuPfptm04yp4s7O6Kw8EZiVYIGcH0g= -github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8= +github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc= +github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -372,8 +372,8 @@ github.com/kisielk/gotool v0.0.0-20161130080628-0de1eaf82fa3/go.mod h1:jxZFDH7IL github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.4.0/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= -github.com/klauspost/compress v1.13.0 h1:2T7tUoQrQT+fQWdaY5rjWztFGAFwbGD04iPJg90ZiOs= -github.com/klauspost/compress v1.13.0/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= +github.com/klauspost/compress v1.13.1 h1:wXr2uRxZTJXHLly6qhJabee5JqIhTRoLBhDOA74hDEQ= +github.com/klauspost/compress v1.13.1/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= github.com/klauspost/cpuid v0.0.0-20180405133222-e7e905edc00e/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/klauspost/cpuid v1.2.0 h1:NMpwD2G9JSFOE1/TJjGSo5zG7Yb2bTe7eq1jH+irmeE= github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= @@ -401,8 +401,8 @@ github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/libdns/libdns v0.2.1 h1:Wu59T7wSHRgtA0cfxC+n1c/e+O3upJGWytknkmFEDis= github.com/libdns/libdns v0.2.1/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40= github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= -github.com/lucas-clemente/quic-go v0.21.0 h1:ZdC8UBxUSBdPlEv1+4y4SqIBy54VA8bRxN7DmkQ0URs= -github.com/lucas-clemente/quic-go v0.21.0/go.mod h1:BWkfkkOSJD1AxFNBqdjBZi6FznZ96bhdcvZiA+LDrY8= +github.com/lucas-clemente/quic-go v0.21.1 h1:uuhCcu885TE9u/piPYMChI/yqA1lXfaLUEx8uCMxf8w= +github.com/lucas-clemente/quic-go v0.21.1/go.mod h1:U9kFi5LKbNIlU30dkuM9vxmTxWq4Bvzee/MjBI+07UA= github.com/lunixbochs/vtclean v0.0.0-20180621232353-2d01aacdc34a/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/lunixbochs/vtclean v1.0.0 h1:xu2sLAri4lGiovBDQKxl5mrXyESr3gUr5m5SM5+LVb8= github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= @@ -418,8 +418,8 @@ github.com/marten-seemann/qtls-go1-15 v0.1.4 h1:RehYMOyRW8hPVEja1KBVsFVNSm35Jj9M github.com/marten-seemann/qtls-go1-15 v0.1.4/go.mod h1:GyFwywLKkRt+6mfU99csTEY1joMZz5vmB1WNZH3P81I= github.com/marten-seemann/qtls-go1-16 v0.1.3 h1:XEZ1xGorVy9u+lJq+WXNE+hiqRYLNvJGYmwfwKQN2gU= github.com/marten-seemann/qtls-go1-16 v0.1.3/go.mod h1:gNpI2Ol+lRS3WwSOtIUUtRwZEQMXjYK+dQSBFbethAk= -github.com/marten-seemann/qtls-go1-17 v0.1.0-alpha.1 h1:LRFa3YRSlOAf9y56Szfhlh60CQrIMBSK/rneZD1gtuk= -github.com/marten-seemann/qtls-go1-17 v0.1.0-alpha.1/go.mod h1:lQDiKZDfPagLmg1zMtEgoBMSTAORq6M08lBogD5FtBY= +github.com/marten-seemann/qtls-go1-17 v0.1.0-beta.1.2 h1:SficYjyOthSrliKI+EaFuXS6HqSsX3dkY9AqxAAjBjw= +github.com/marten-seemann/qtls-go1-17 v0.1.0-beta.1.2/go.mod h1:fz4HIxByo+LlWcreM4CZOYNuz3taBQ8rN2X6FqvaWo8= github.com/matoous/godox v0.0.0-20190911065817-5d6d842e92eb/go.mod h1:1BELzlh859Sh1c6+90blK8lbYy0kwQf1bYlBhBysy1s= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= @@ -670,8 +670,8 @@ github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.3.6/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= -github.com/yuin/goldmark v1.3.7 h1:NSaHgaeJFCtWXCBkBKXw0rhgMuJ0VoE9FB5mWldcrQ4= -github.com/yuin/goldmark v1.3.7/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +github.com/yuin/goldmark v1.3.8 h1:Nw158Q8QN+CPgTmVRByhVwapp8Mm1e2blinhmx4wx5E= +github.com/yuin/goldmark v1.3.8/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark-highlighting v0.0.0-20210516132338-9216f9c5aa01 h1:0SJnXjE4jDClMW6grE0xpNhwpqbPwkBTn8zpVw5C0SI= github.com/yuin/goldmark-highlighting v0.0.0-20210516132338-9216f9c5aa01/go.mod h1:TwKQPa5XkCCRC2GRZ5wtfNUTQ2+9/i19mGRijFeJ4BE= github.com/zmap/rc2 v0.0.0-20131011165748-24b9757f5521/go.mod h1:3YZ9o3WnatTIZhuOtot4IcUfzoKVjUHqu6WALIyI0nE= @@ -881,7 +881,6 @@ golang.org/x/sys v0.0.0-20200828194041-157a740278f4/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201231184435-2d18734c6014/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -969,6 +968,7 @@ golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= golang.org/x/tools v0.0.0-20201017001424-6003fad69a88/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU= +golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From 2de7e14e1c5fcc8c846b341583597ab65eaf7156 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 21 Jun 2021 11:56:41 -0600 Subject: [PATCH 0419/1498] acmeserver: Trim slashes from path prefix See https://caddy.community/t/mtls-tls-internal-error/12807 --- modules/caddypki/acmeserver/acmeserver.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/caddypki/acmeserver/acmeserver.go b/modules/caddypki/acmeserver/acmeserver.go index e6399eaa..7f9195ec 100644 --- a/modules/caddypki/acmeserver/acmeserver.go +++ b/modules/caddypki/acmeserver/acmeserver.go @@ -150,9 +150,9 @@ func (ash *Handler) Provision(ctx caddy.Context) error { // create the router for the ACME endpoints acmeRouterHandler := acmeAPI.NewHandler(acmeAPI.HandlerOptions{ CA: auth, - DB: acmeDB, // stores all the server state - DNS: ash.Host, // used for directory links; TODO: not needed (follow-up upstream with step-ca) - Prefix: ash.PathPrefix, // used for directory links + DB: acmeDB, // stores all the server state + DNS: ash.Host, // used for directory links; TODO: not needed (follow-up upstream with step-ca) + Prefix: strings.Trim(ash.PathPrefix, "/"), // used for directory links }) // extract its http.Handler so we can use it directly From b3d35a4995c98cfadeb0c3a356025dbd3984caef Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 25 Jun 2021 11:28:32 -0600 Subject: [PATCH 0420/1498] httpcaddyfile: Don't put localhost in public APs (fix #4220) If an email is specified in global options, a site called 'localhost' shouldn't be bunched together with public DNS names in the automation policies, which get the default, public-CA issuers. Fix old test that did this. I also noticed that these two: localhost { } example.com { } and localhost, example.com { } produce slightly different TLS automation policies. The former is what the new test case covers, and we have logic that removes the empty automation policy for localhost so that auto-HTTPS can implicitly create one. (We prefer that whenever possible.) But the latter case produces two automation policies, with the second one being for localhost, with an explicit internal issuer. It's not wrong, just more explicit than it needs to be. I'd really like to completely rewrite the code from scratch that generates automation policies, hopefully there is a simpler, more correct algorithm. --- caddyconfig/httpcaddyfile/tlsapp.go | 37 +++++++++-- .../global_options_preferred_chains.txt | 6 +- ...mation_policies_global_email_localhost.txt | 66 +++++++++++++++++++ 3 files changed, 102 insertions(+), 7 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/tls_automation_policies_global_email_localhost.txt diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index 1bfddda1..0fe1fc5f 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -211,7 +211,7 @@ func (st ServerType) buildTLSApp( // it that we would need to check here) since the hostname is known at handshake; // and it is unexpected to switch to internal issuer when the user wants to get // regular certificates on-demand for a class of certs like *.*.tld. - if !certmagic.SubjectIsIP(s) && !certmagic.SubjectIsInternal(s) && (strings.Count(s, "*.") < 2 || ap.OnDemand) { + if subjectQualifiesForPublicCert(ap, s) { external = append(external, s) } else { internal = append(internal, s) @@ -324,8 +324,12 @@ func (st ServerType) buildTLSApp( globalPreferredChains := options["preferred_chains"] hasGlobalACMEDefaults := globalEmail != nil || globalACMECA != nil || globalACMECARoot != nil || globalACMEDNS != nil || globalACMEEAB != nil || globalPreferredChains != nil if hasGlobalACMEDefaults { - for _, ap := range tlsApp.Automation.Policies { - if len(ap.Issuers) == 0 { + // for _, ap := range tlsApp.Automation.Policies { + for i := 0; i < len(tlsApp.Automation.Policies); i++ { + ap := tlsApp.Automation.Policies[i] + if len(ap.Issuers) == 0 && automationPolicyHasAllPublicNames(ap) { + // for public names, create default issuers which will later be filled in with configured global defaults + // (internal names will implicitly use the internal issuer at auto-https time) ap.Issuers = caddytls.DefaultIssuers() // if a specific endpoint is configured, can't use multiple default issuers @@ -494,16 +498,23 @@ func consolidateAutomationPolicies(aps []*caddytls.AutomationPolicy) []*caddytls }) emptyAPCount := 0 + origLenAPs := len(aps) // compute the number of empty policies (disregarding subjects) - see #4128 emptyAP := new(caddytls.AutomationPolicy) for i := 0; i < len(aps); i++ { emptyAP.Subjects = aps[i].Subjects if reflect.DeepEqual(aps[i], emptyAP) { emptyAPCount++ + if !automationPolicyHasAllPublicNames(aps[i]) { + // if this automation policy has internal names, we might as well remove it + // so auto-https can implicitly use the internal issuer + aps = append(aps[:i], aps[i+1:]...) + i-- + } } } // If all policies are empty, we can return nil, as there is no need to set any policy - if emptyAPCount == len(aps) { + if emptyAPCount == origLenAPs { return nil } @@ -601,3 +612,21 @@ func automationPolicyShadows(i int, aps []*caddytls.AutomationPolicy) int { } return -1 } + +// subjectQualifiesForPublicCert is like certmagic.SubjectQualifiesForPublicCert() except +// that this allows domains with multiple wildcard levels like '*.*.example.com' to qualify +// if the automation policy has OnDemand enabled (i.e. this function is more lenient). +func subjectQualifiesForPublicCert(ap *caddytls.AutomationPolicy, subj string) bool { + return !certmagic.SubjectIsIP(subj) && + !certmagic.SubjectIsInternal(subj) && + (strings.Count(subj, "*.") < 2 || ap.OnDemand) +} + +func automationPolicyHasAllPublicNames(ap *caddytls.AutomationPolicy) bool { + for _, subj := range ap.Subjects { + if !subjectQualifiesForPublicCert(ap, subj) { + return false + } + } + return true +} diff --git a/caddytest/integration/caddyfile_adapt/global_options_preferred_chains.txt b/caddytest/integration/caddyfile_adapt/global_options_preferred_chains.txt index 893b34b4..9173b26b 100644 --- a/caddytest/integration/caddyfile_adapt/global_options_preferred_chains.txt +++ b/caddytest/integration/caddyfile_adapt/global_options_preferred_chains.txt @@ -2,7 +2,7 @@ preferred_chains smallest } -localhost +example.com ---------- { "apps": { @@ -17,7 +17,7 @@ localhost "match": [ { "host": [ - "localhost" + "example.com" ] } ], @@ -32,7 +32,7 @@ localhost "policies": [ { "subjects": [ - "localhost" + "example.com" ], "issuers": [ { diff --git a/caddytest/integration/caddyfile_adapt/tls_automation_policies_global_email_localhost.txt b/caddytest/integration/caddyfile_adapt/tls_automation_policies_global_email_localhost.txt new file mode 100644 index 00000000..e8ef3a7e --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/tls_automation_policies_global_email_localhost.txt @@ -0,0 +1,66 @@ +{ + email foo@bar +} + +localhost { +} + +example.com { +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "example.com" + ] + } + ], + "terminal": true + }, + { + "match": [ + { + "host": [ + "localhost" + ] + } + ], + "terminal": true + } + ] + } + } + }, + "tls": { + "automation": { + "policies": [ + { + "subjects": [ + "example.com" + ], + "issuers": [ + { + "email": "foo@bar", + "module": "acme" + }, + { + "email": "foo@bar", + "module": "zerossl" + } + ] + } + ] + } + } + } +} \ No newline at end of file From 81e5318021dea884ab1cc92eb47a2a24585e3c5f Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 25 Jun 2021 11:29:56 -0600 Subject: [PATCH 0421/1498] caddytls: Remove "IssuerRaw" field Has been deprecated and printing warnings for about 8 months now. Replaced by "IssuersRaw" field in v2.3.0. --- modules/caddytls/automation.go | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/modules/caddytls/automation.go b/modules/caddytls/automation.go index 6ea92afd..c4a90a84 100644 --- a/modules/caddytls/automation.go +++ b/modules/caddytls/automation.go @@ -89,10 +89,6 @@ type AutomationPolicy struct { // zerossl. IssuersRaw []json.RawMessage `json:"issuers,omitempty" caddy:"namespace=tls.issuance inline_key=module"` - // DEPRECATED: Use `issuers` instead (November 2020). This field will - // be removed in the future. - IssuerRaw json.RawMessage `json:"issuer,omitempty" caddy:"namespace=tls.issuance inline_key=module"` - // If true, certificates will be requested with MustStaple. Not all // CAs support this, and there are potentially serious consequences // of enabling this feature without proper threat modeling. @@ -180,12 +176,6 @@ func (ap *AutomationPolicy) Provision(tlsApp *TLS) error { } } - // TODO: IssuerRaw field deprecated as of November 2020 - remove this shim after deprecation is complete - if ap.IssuerRaw != nil { - tlsApp.logger.Warn("the 'issuer' field is deprecated and will be removed in the future; use 'issuers' instead; your issuer has been appended automatically for now") - ap.IssuersRaw = append(ap.IssuersRaw, ap.IssuerRaw) - } - // load and provision any explicitly-configured issuer modules if ap.IssuersRaw != nil { val, err := tlsApp.ctx.LoadModule(ap, "IssuersRaw") From 191dc86f9e40c12517a133cf2181631c9adec791 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 25 Jun 2021 11:33:18 -0600 Subject: [PATCH 0422/1498] fileserver: Clarify docs about canonicalization Related to https://github.com/caddyserver/caddy/issues/4205. --- modules/caddyhttp/fileserver/staticfiles.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/caddyhttp/fileserver/staticfiles.go b/modules/caddyhttp/fileserver/staticfiles.go index 45f8610d..592b3171 100644 --- a/modules/caddyhttp/fileserver/staticfiles.go +++ b/modules/caddyhttp/fileserver/staticfiles.go @@ -70,6 +70,10 @@ type FileServer struct { // Use redirects to enforce trailing slashes for directories, or to // remove trailing slash from URIs for files. Default is true. + // + // Canonicalization will not happen if the last element of the request's + // path (the filename) is changed in an internal rewrite, to avoid + // clobbering the explicit rewrite with implicit behavior. CanonicalURIs *bool `json:"canonical_uris,omitempty"` // Override the status code written when successfully serving a file. From 0bdb8aa82d7cef64dae3f75f19c680922237e658 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 1 Jul 2021 17:20:51 -0600 Subject: [PATCH 0423/1498] acmeserver: Don't set host for directory links by default This makes the server more easily proxied. --- modules/caddypki/acmeserver/acmeserver.go | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) diff --git a/modules/caddypki/acmeserver/acmeserver.go b/modules/caddypki/acmeserver/acmeserver.go index 7f9195ec..42d8cc49 100644 --- a/modules/caddypki/acmeserver/acmeserver.go +++ b/modules/caddypki/acmeserver/acmeserver.go @@ -50,17 +50,16 @@ type Handler struct { // The hostname or IP address by which ACME clients // will access the server. This is used to populate - // the ACME directory endpoint. Default: localhost. + // the ACME directory endpoint. If not set, the Host + // header of the request will be used. // COMPATIBILITY NOTE / TODO: This property may go away in the - // future, as it is currently only required due to - // limitations in the underlying library. Do not rely - // on this property long-term; check release notes. + // future. Do not rely on this property long-term; check release notes. Host string `json:"host,omitempty"` // The path prefix under which to serve all ACME // endpoints. All other requests will not be served // by this handler and will be passed through to - // the next one. Default: "/acme/" + // the next one. Default: "/acme/". // COMPATIBILITY NOTE / TODO: This property may go away in the // future, as it is currently only required due to // limitations in the underlying library. Do not rely @@ -93,9 +92,6 @@ func (ash *Handler) Provision(ctx caddy.Context) error { if ash.CA == "" { ash.CA = caddypki.DefaultCAID } - if ash.Host == "" { - ash.Host = defaultHost - } if ash.PathPrefix == "" { ash.PathPrefix = defaultPathPrefix } @@ -151,7 +147,7 @@ func (ash *Handler) Provision(ctx caddy.Context) error { acmeRouterHandler := acmeAPI.NewHandler(acmeAPI.HandlerOptions{ CA: auth, DB: acmeDB, // stores all the server state - DNS: ash.Host, // used for directory links; TODO: not needed (follow-up upstream with step-ca) + DNS: ash.Host, // used for directory links Prefix: strings.Trim(ash.PathPrefix, "/"), // used for directory links }) @@ -219,10 +215,7 @@ func (ash Handler) openDatabase() (*db.AuthDB, error) { return database.(databaseCloser).DB, err } -const ( - defaultHost = "localhost" - defaultPathPrefix = "/acme/" -) +const defaultPathPrefix = "/acme/" var keyCleaner = regexp.MustCompile(`[^\w.-_]`) var databasePool = caddy.NewUsagePool() From 4245ceb67d1a40ce7a691bcf85e143218e5c458c Mon Sep 17 00:00:00 2001 From: mritd Date: Fri, 2 Jul 2021 07:22:16 +0800 Subject: [PATCH 0424/1498] fileserver: Add `disable_canonical_uris` Caddyfile subdirective (#4222) * feat(fileserver): add 'canonical_uris' parameter to caddyfile add 'canonical_uris' parameter to caddyfile reference #2741 Signed-off-by: mritd * feat(file_server): rename subdirective canonical_uris to disable_canonical_uris rename subdirective canonical_uris to disable_canonical_uris Signed-off-by: mritd * test(caddyfile_adapt): add disable_canonical_uris subdirective test file add disable_canonical_uris subdirective test file Signed-off-by: mritd --- .../file_server_disable_canonical_uris.txt | 32 +++++++++++++++++++ modules/caddyhttp/fileserver/caddyfile.go | 8 +++++ 2 files changed, 40 insertions(+) create mode 100644 caddytest/integration/caddyfile_adapt/file_server_disable_canonical_uris.txt diff --git a/caddytest/integration/caddyfile_adapt/file_server_disable_canonical_uris.txt b/caddytest/integration/caddyfile_adapt/file_server_disable_canonical_uris.txt new file mode 100644 index 00000000..c30b9e95 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/file_server_disable_canonical_uris.txt @@ -0,0 +1,32 @@ +:80 + +file_server { + disable_canonical_uris +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":80" + ], + "routes": [ + { + "handle": [ + { + "canonical_uris": false, + "handler": "file_server", + "hide": [ + "./Caddyfile" + ] + } + ] + } + ] + } + } + } + } +} diff --git a/modules/caddyhttp/fileserver/caddyfile.go b/modules/caddyhttp/fileserver/caddyfile.go index 447f4811..886d6672 100644 --- a/modules/caddyhttp/fileserver/caddyfile.go +++ b/modules/caddyhttp/fileserver/caddyfile.go @@ -41,6 +41,7 @@ func init() { // browse [] // precompressed // status +// disable_canonical_uris // } // func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) { @@ -112,6 +113,13 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) } fsrv.StatusCode = caddyhttp.WeakString(h.Val()) + case "disable_canonical_uris": + if h.NextArg() { + return nil, h.ArgErr() + } + falseBool := false + fsrv.CanonicalURIs = &falseBool + default: return nil, h.Errf("unknown subdirective '%s'", h.Val()) } From 42e140b1b2f5fc3f602151947dc981334b338020 Mon Sep 17 00:00:00 2001 From: hmol233 <82594500+hmol233@users.noreply.github.com> Date: Wed, 7 Jul 2021 00:09:44 +0800 Subject: [PATCH 0425/1498] caddyhttp: Fix incorrect determination of gRPC protocol (#4236) --- modules/caddyhttp/matchers.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index 9b127dbc..1a49b3c0 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -667,7 +667,7 @@ func (MatchProtocol) CaddyModule() caddy.ModuleInfo { func (m MatchProtocol) Match(r *http.Request) bool { switch string(m) { case "grpc": - return r.Header.Get("content-type") == "application/grpc" + return strings.HasPrefix(r.Header.Get("content-type"), "application/grpc") case "https": return r.TLS != nil case "http": From d882211080cbb97f5e1cfdd87be6874eb1a9430a Mon Sep 17 00:00:00 2001 From: elnoro Date: Wed, 7 Jul 2021 08:43:45 +0500 Subject: [PATCH 0426/1498] reverseproxy: Keep path to unix socket as dial address (#4232) --- caddytest/integration/reverseproxy_test.go | 54 +++++++++++++++++++ .../caddyhttp/reverseproxy/healthchecks.go | 3 +- 2 files changed, 56 insertions(+), 1 deletion(-) diff --git a/caddytest/integration/reverseproxy_test.go b/caddytest/integration/reverseproxy_test.go index e838d869..e6aff87f 100644 --- a/caddytest/integration/reverseproxy_test.go +++ b/caddytest/integration/reverseproxy_test.go @@ -436,3 +436,57 @@ func TestReverseProxyHealthCheckUnixSocket(t *testing.T) { tester.AssertGetResponse("http://localhost:9080/", 200, "Hello, World!") } + +func TestReverseProxyHealthCheckUnixSocketWithoutPort(t *testing.T) { + if runtime.GOOS == "windows" { + t.SkipNow() + } + tester := caddytest.NewTester(t) + f, err := ioutil.TempFile("", "*.sock") + if err != nil { + t.Errorf("failed to create TempFile: %s", err) + return + } + // a hack to get a file name within a valid path to use as socket + socketName := f.Name() + os.Remove(f.Name()) + + server := http.Server{ + Handler: http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { + if strings.HasPrefix(req.URL.Path, "/health") { + w.Write([]byte("ok")) + return + } + w.Write([]byte("Hello, World!")) + }), + } + + unixListener, err := net.Listen("unix", socketName) + if err != nil { + t.Errorf("failed to listen on the socket: %s", err) + return + } + go server.Serve(unixListener) + t.Cleanup(func() { + server.Close() + }) + runtime.Gosched() // Allow other goroutines to run + + tester.InitServer(fmt.Sprintf(` + { + http_port 9080 + https_port 9443 + } + http://localhost:9080 { + reverse_proxy { + to unix/%s + + health_path /health + health_interval 2s + health_timeout 5s + } + } + `, socketName), "caddyfile") + + tester.AssertGetResponse("http://localhost:9080/", 200, "Hello, World!") +} diff --git a/modules/caddyhttp/reverseproxy/healthchecks.go b/modules/caddyhttp/reverseproxy/healthchecks.go index 6f658665..8d5bd77e 100644 --- a/modules/caddyhttp/reverseproxy/healthchecks.go +++ b/modules/caddyhttp/reverseproxy/healthchecks.go @@ -189,13 +189,14 @@ func (h *Handler) doActiveHealthCheckForAllHosts() { return } hostAddr := addr.JoinHostPort(0) + dialAddr := hostAddr if addr.IsUnixNetwork() { // this will be used as the Host portion of a http.Request URL, and // paths to socket files would produce an error when creating URL, // so use a fake Host value instead; unix sockets are usually local hostAddr = "localhost" } - err = h.doActiveHealthCheck(DialInfo{Network: addr.Network, Address: hostAddr}, hostAddr, upstream.Host) + err = h.doActiveHealthCheck(DialInfo{Network: addr.Network, Address: dialAddr}, hostAddr, upstream.Host) if err != nil { h.HealthChecks.Active.logger.Error("active health check failed", zap.String("address", hostAddr), From 9e16e80f3c9ae663e3ecf596a578a852172e38fb Mon Sep 17 00:00:00 2001 From: diamondburned Date: Tue, 6 Jul 2021 23:54:54 -0700 Subject: [PATCH 0427/1498] fileserver: Fix browse name_dir_first sorting (#4218) This commit fixes the `sortByNameDirFirst` variable inside fileserver to match what browse's default template has. Co-authored-by: Francis Lavoie --- modules/caddyhttp/fileserver/browsetplcontext.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/caddyhttp/fileserver/browsetplcontext.go b/modules/caddyhttp/fileserver/browsetplcontext.go index 489e8c05..d420c489 100644 --- a/modules/caddyhttp/fileserver/browsetplcontext.go +++ b/modules/caddyhttp/fileserver/browsetplcontext.go @@ -264,7 +264,7 @@ func (l byTime) Less(i, j int) bool { return l.Items[i].ModTime.Before(l.Items[j const ( sortByName = "name" - sortByNameDirFirst = "name_dir_first" + sortByNameDirFirst = "namedirfirst" sortBySize = "size" sortByTime = "time" ) From 46d99aba854ce19d51a075c39a8747b4f2404743 Mon Sep 17 00:00:00 2001 From: Leo Di Donato Date: Mon, 12 Jul 2021 17:13:01 +0200 Subject: [PATCH 0428/1498] logging: Add missing interface guards for replace filter (#4244) Signed-off-by: Leonardo Di Donato --- modules/logging/filters.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/logging/filters.go b/modules/logging/filters.go index a4e3c738..ef5a4cb9 100644 --- a/modules/logging/filters.go +++ b/modules/logging/filters.go @@ -188,9 +188,11 @@ func (m IPMaskFilter) Filter(in zapcore.Field) zapcore.Field { // Interface guards var ( _ LogFieldFilter = (*DeleteFilter)(nil) + _ LogFieldFilter = (*ReplaceFilter)(nil) _ LogFieldFilter = (*IPMaskFilter)(nil) _ caddyfile.Unmarshaler = (*DeleteFilter)(nil) + _ caddyfile.Unmarshaler = (*ReplaceFilter)(nil) _ caddyfile.Unmarshaler = (*IPMaskFilter)(nil) _ caddy.Provisioner = (*IPMaskFilter)(nil) From 1c6c7714a38879f78c486fcb9c7c6e39fc39c6a5 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 14 Jul 2021 12:49:34 -0400 Subject: [PATCH 0429/1498] caddyhttp: Fix edgecase with auto HTTP->HTTPS logic (#4243) --- caddytest/integration/autohttps_test.go | 20 ++++++++++++++++++++ modules/caddyhttp/server.go | 11 +++++++++++ 2 files changed, 31 insertions(+) diff --git a/caddytest/integration/autohttps_test.go b/caddytest/integration/autohttps_test.go index 72968e95..a065b0df 100644 --- a/caddytest/integration/autohttps_test.go +++ b/caddytest/integration/autohttps_test.go @@ -103,3 +103,23 @@ func TestAutoHTTPRedirectsInsertedBeforeUserDefinedCatchAll(t *testing.T) { tester.AssertGetResponse("http://foo.localhost:9080/", 200, "Foo") tester.AssertGetResponse("http://baz.localhost:9080/", 200, "Baz") } + +func TestAutoHTTPRedirectsInsertedBeforeUserDefinedCatchAllWithNoExplicitHTTPSite(t *testing.T) { + tester := caddytest.NewTester(t) + tester.InitServer(` + { + http_port 9080 + https_port 9443 + local_certs + } + http://:9080 { + respond "Foo" + } + bar.localhost { + respond "Bar" + } + `, "caddyfile") + tester.AssertRedirect("http://bar.localhost:9080/", "https://bar.localhost/", http.StatusPermanentRedirect) + tester.AssertGetResponse("http://foo.localhost:9080/", 200, "Foo") + tester.AssertGetResponse("http://baz.localhost:9080/", 200, "Foo") +} diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index 294ee6af..9dc1028e 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -379,7 +379,9 @@ func (s *Server) hasTLSClientAuth() bool { // that it is after any other host matcher but before any "catch-all" // route without a host matcher. func (s *Server) findLastRouteWithHostMatcher() int { + foundHostMatcher := false lastIndex := len(s.Routes) + for i, route := range s.Routes { // since we want to break out of an inner loop, use a closure // to allow us to use 'return' when we found a host matcher @@ -388,6 +390,7 @@ func (s *Server) findLastRouteWithHostMatcher() int { for _, matcher := range sets { switch matcher.(type) { case *MatchHost: + foundHostMatcher = true return true } } @@ -401,6 +404,14 @@ func (s *Server) findLastRouteWithHostMatcher() int { lastIndex = i + 1 } } + + // If we didn't actually find a host matcher, return 0 + // because that means every defined route was a "catch-all". + // See https://caddy.community/t/how-to-set-priority-in-caddyfile/13002/8 + if !foundHostMatcher { + return 0 + } + return lastIndex } From 124ba1ba714220322c65625012c564f89b75bfc9 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 14 Jul 2021 13:07:38 -0400 Subject: [PATCH 0430/1498] logging: Prep for `common_log` removal (#4149) See https://github.com/caddyserver/caddy/issues/4148#issuecomment-833207811 --- modules/caddyhttp/server.go | 3 +++ modules/logging/encoders.go | 2 ++ 2 files changed, 5 insertions(+) diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index 9dc1028e..80948325 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -184,8 +184,11 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { log = logger.Error } + userID, _ := repl.GetString("http.auth.user.id") + log("handled request", zap.String("common_log", repl.ReplaceAll(commonLogFormat, commonLogEmptyValue)), + zap.String("user_id", userID), zap.Duration("duration", duration), zap.Int("size", wrec.Size()), zap.Int("status", wrec.Status()), diff --git a/modules/logging/encoders.go b/modules/logging/encoders.go index 40e86bdc..8b2b44c1 100644 --- a/modules/logging/encoders.go +++ b/modules/logging/encoders.go @@ -307,6 +307,8 @@ func (lec *LogEncoderConfig) ZapcoreEncoderConfig() zapcore.EncoderConfig { timeFormat = "2006/01/02 15:04:05.000" case "wall_nano": timeFormat = "2006/01/02 15:04:05.000000000" + case "common_log": + timeFormat = "02/Jan/2006:15:04:05 -0700" } timeFormatter = func(ts time.Time, encoder zapcore.PrimitiveArrayEncoder) { encoder.AppendString(ts.UTC().Format(timeFormat)) From b6f51254ea2dcb29dde0ffb4076802505a43ace1 Mon Sep 17 00:00:00 2001 From: Ggicci Date: Mon, 19 Jul 2021 22:35:14 +0800 Subject: [PATCH 0431/1498] caddyfile: keep error chain info in Dispenser.Errf (#4233) * caddyfile: Errf enable error chain unwrapping * refactor: remove parseError --- caddyconfig/caddyfile/dispenser.go | 6 +++--- caddyconfig/caddyfile/dispenser_test.go | 7 +++++++ 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/caddyconfig/caddyfile/dispenser.go b/caddyconfig/caddyfile/dispenser.go index fe8c2353..fa7f5e75 100755 --- a/caddyconfig/caddyfile/dispenser.go +++ b/caddyconfig/caddyfile/dispenser.go @@ -345,13 +345,13 @@ func (d *Dispenser) EOFErr() error { // Err generates a custom parse-time error with a message of msg. func (d *Dispenser) Err(msg string) error { - msg = fmt.Sprintf("%s:%d - Error during parsing: %s", d.File(), d.Line(), msg) - return errors.New(msg) + return d.Errf(msg) } // Errf is like Err, but for formatted error messages func (d *Dispenser) Errf(format string, args ...interface{}) error { - return d.Err(fmt.Sprintf(format, args...)) + err := fmt.Errorf(format, args...) + return fmt.Errorf("%s:%d - Error during parsing: %w", d.File(), d.Line(), err) } // Delete deletes the current token and returns the updated slice diff --git a/caddyconfig/caddyfile/dispenser_test.go b/caddyconfig/caddyfile/dispenser_test.go index 577872fc..b64a9735 100755 --- a/caddyconfig/caddyfile/dispenser_test.go +++ b/caddyconfig/caddyfile/dispenser_test.go @@ -15,6 +15,7 @@ package caddyfile import ( + "errors" "reflect" "strings" "testing" @@ -303,4 +304,10 @@ func TestDispenser_ArgErr_Err(t *testing.T) { if !strings.Contains(err.Error(), "foobar") { t.Errorf("Expected error message with custom message in it ('foobar'); got '%v'", err) } + + var ErrBarIsFull = errors.New("bar is full") + bookingError := d.Errf("unable to reserve: %w", ErrBarIsFull) + if !errors.Is(bookingError, ErrBarIsFull) { + t.Errorf("Errf(): should be able to unwrap the error chain") + } } From c131339c5cda3a541223fde4a714aab55de13b9a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8E=8B=E6=B8=85=E9=9B=A8?= Date: Thu, 29 Jul 2021 05:39:08 +0800 Subject: [PATCH 0432/1498] admin: Implement load_interval to pull config on a timer (#4246) * feat: implement a simple timer to pull config mostly referenced to the issue re #4106 * Update admin.go use `caddy.Duration` Co-authored-by: Matt Holt * Update caddy.go Co-authored-by: Matt Holt * Update admin.go Co-authored-by: Francis Lavoie * fix: sync load config when no pull interval provided try not to make break change * fix: change PullInterval to LoadInterval * fix: change pull_interval to load_interval * Update caddy.go Co-authored-by: Matt Holt Co-authored-by: Matt Holt Co-authored-by: Francis Lavoie --- admin.go | 6 ++++++ caddy.go | 44 ++++++++++++++++++++++++++++++++------------ 2 files changed, 38 insertions(+), 12 deletions(-) diff --git a/admin.go b/admin.go index 8eef9165..ff5bc713 100644 --- a/admin.go +++ b/admin.go @@ -109,6 +109,12 @@ type ConfigSettings struct { // // EXPERIMENTAL: Subject to change. LoadRaw json.RawMessage `json:"load,omitempty" caddy:"namespace=caddy.config_loaders inline_key=module"` + + // The interval to pull config. With a non-zero value, will pull config + // from config loader (eg. a http loader) with given interval. + // + // EXPERIMENTAL: Subject to change. + LoadInterval Duration `json:"load_interval,omitempty"` } // IdentityConfig configures management of this server's identity. An identity diff --git a/caddy.go b/caddy.go index 96dfea5c..ba025b18 100644 --- a/caddy.go +++ b/caddy.go @@ -268,8 +268,9 @@ func unsyncedDecodeAndRun(cfgJSON []byte, allowPersist bool) error { newCfg != nil && newCfg.Admin != nil && newCfg.Admin.Config != nil && - newCfg.Admin.Config.LoadRaw != nil { - return fmt.Errorf("recursive config loading detected: pulled configs cannot pull other configs") + newCfg.Admin.Config.LoadRaw != nil && + newCfg.Admin.Config.LoadInterval <= 0 { + return fmt.Errorf("recursive config loading detected: pulled configs cannot pull other configs without positive load_interval") } // run the new config and start all its apps @@ -480,23 +481,42 @@ func finishSettingUp(ctx Context, cfg *Config) error { if err != nil { return fmt.Errorf("loading config loader module: %s", err) } - loadedConfig, err := val.(ConfigLoader).LoadConfig(ctx) - if err != nil { - return fmt.Errorf("loading dynamic config from %T: %v", val, err) - } - - // do this in a goroutine so current config can finish being loaded; otherwise deadlock - go func() { - Log().Info("applying dynamically-loaded config", zap.String("loader_module", val.(Module).CaddyModule().ID.Name())) + runLoadedConfig := func(config []byte) { + Log().Info("applying dynamically-loaded config", zap.String("loader_module", val.(Module).CaddyModule().ID.Name()), zap.Int("pull_interval", int(cfg.Admin.Config.LoadInterval))) currentCfgMu.Lock() - err := unsyncedDecodeAndRun(loadedConfig, false) + err := unsyncedDecodeAndRun(config, false) currentCfgMu.Unlock() if err == nil { Log().Info("dynamically-loaded config applied successfully") } else { Log().Error("running dynamically-loaded config failed", zap.Error(err)) } - }() + } + if cfg.Admin.Config.LoadInterval > 0 { + go func() { + select { + // if LoadInterval is positive, will wait for the interval and then run with new config + case <-time.After(time.Duration(cfg.Admin.Config.LoadInterval)): + loadedConfig, err := val.(ConfigLoader).LoadConfig(ctx) + if err != nil { + Log().Error("loading dynamic config failed", zap.Error(err)) + return + } + runLoadedConfig(loadedConfig) + case <-ctx.Done(): + return + } + }() + } else { + // if no LoadInterval is provided, will load config synchronously + loadedConfig, err := val.(ConfigLoader).LoadConfig(ctx) + if err != nil { + return fmt.Errorf("loading dynamic config from %T: %v", val, err) + } + // do this in a goroutine so current config can finish being loaded; otherwise deadlock + go runLoadedConfig(loadedConfig) + } + } return nil From 569ecdbd02a3bdf8589f785cca022240973dea4d Mon Sep 17 00:00:00 2001 From: Frederik Ring Date: Mon, 2 Aug 2021 22:15:27 +0200 Subject: [PATCH 0433/1498] httpcaddyfile: Ensure hosts to skip for logs can always be collected (#4258) * httpcaddyfile: ensure hosts to skip can always be collected Previously, some hosts that should be skipped in logging would be missed as the current logic would only collect them after encountering the first server that would log. This change makes sure the ServerLogConfig is initialized before iterating over the server blocks. * httpcaddyfile: add test case for skip hosts behavior --- caddyconfig/httpcaddyfile/httptype.go | 13 +++- .../caddyfile_adapt/log_skip_hosts.txt | 75 +++++++++++++++++++ 2 files changed, 85 insertions(+), 3 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/log_skip_hosts.txt diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 559d7b76..2a11f85e 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -522,6 +522,16 @@ func (st *ServerType) serversFromPairings( } } + // if needed, the ServerLogConfig is initialized beforehand so + // that all server blocks can populate it with data, even when not + // coming with a log directive + for _, sblock := range p.serverBlocks { + if len(sblock.pile["custom_log"]) != 0 { + srv.Logs = new(caddyhttp.ServerLogConfig) + break + } + } + // create a subroute for each site in the server block for _, sblock := range p.serverBlocks { matcherSetsEnc, err := st.compileEncodedMatcherSets(sblock) @@ -636,9 +646,6 @@ func (st *ServerType) serversFromPairings( sblockLogHosts := sblock.hostsFromKeys(true) for _, cval := range sblock.pile["custom_log"] { ncl := cval.Value.(namedCustomLog) - if srv.Logs == nil { - srv.Logs = new(caddyhttp.ServerLogConfig) - } if sblock.hasHostCatchAllKey() { // all requests for hosts not able to be listed should use // this log because it's a catch-all-hosts server block diff --git a/caddytest/integration/caddyfile_adapt/log_skip_hosts.txt b/caddytest/integration/caddyfile_adapt/log_skip_hosts.txt new file mode 100644 index 00000000..6fbd85a8 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/log_skip_hosts.txt @@ -0,0 +1,75 @@ +one.example.com { + log +} + +two.example.com { +} + +three.example.com { +} + +example.com { +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "three.example.com" + ] + } + ], + "terminal": true + }, + { + "match": [ + { + "host": [ + "one.example.com" + ] + } + ], + "terminal": true + }, + { + "match": [ + { + "host": [ + "two.example.com" + ] + } + ], + "terminal": true + }, + { + "match": [ + { + "host": [ + "example.com" + ] + } + ], + "terminal": true + } + ], + "logs": { + "skip_hosts": [ + "three.example.com", + "two.example.com", + "example.com" + ] + } + } + } + } + } +} From 68c5c71659109b10226f10873f7dc67102b9dc14 Mon Sep 17 00:00:00 2001 From: Oleg Date: Thu, 12 Aug 2021 02:31:41 +0300 Subject: [PATCH 0434/1498] cmd: New `add-package` and `remove-package` commands (#4226) * adding package command * add-package command name * refactoring duplicate code * fixed by review * fixed by review * remove-package command * commands in different files, common utils * fix add, remove, upgrade packages in 1 file * copyright and downloadPath moved * refactor * downloadPath do no export * adding/removing multiple packages * addPackages/removePackages, comments, command-desc * add-package, process case len(args) == 0 Co-authored-by: Francis Lavoie --- cmd/commandfuncs.go | 197 ---------------------------- cmd/commands.go | 24 ++++ cmd/packagesfuncs.go | 306 +++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 330 insertions(+), 197 deletions(-) create mode 100644 cmd/packagesfuncs.go diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go index 58b97204..c70b57af 100644 --- a/cmd/commandfuncs.go +++ b/cmd/commandfuncs.go @@ -25,10 +25,8 @@ import ( "log" "net" "net/http" - "net/url" "os" "os/exec" - "reflect" "runtime" "runtime/debug" "sort" @@ -570,151 +568,6 @@ func cmdFmt(fl Flags) (int, error) { return caddy.ExitCodeSuccess, nil } -func cmdUpgrade(_ Flags) (int, error) { - l := caddy.Log() - - thisExecPath, err := os.Executable() - if err != nil { - return caddy.ExitCodeFailedStartup, fmt.Errorf("determining current executable path: %v", err) - } - thisExecStat, err := os.Stat(thisExecPath) - if err != nil { - return caddy.ExitCodeFailedStartup, fmt.Errorf("retrieving current executable permission bits: %v", err) - } - l.Info("this executable will be replaced", zap.String("path", thisExecPath)) - - // get the list of nonstandard plugins - _, nonstandard, _, err := getModules() - if err != nil { - return caddy.ExitCodeFailedStartup, fmt.Errorf("unable to enumerate installed plugins: %v", err) - } - pluginPkgs := make(map[string]struct{}) - for _, mod := range nonstandard { - if mod.goModule.Replace != nil { - return caddy.ExitCodeFailedStartup, fmt.Errorf("cannot auto-upgrade when Go module has been replaced: %s => %s", - mod.goModule.Path, mod.goModule.Replace.Path) - } - l.Info("found non-standard module", - zap.String("id", mod.caddyModuleID), - zap.String("package", mod.goModule.Path)) - pluginPkgs[mod.goModule.Path] = struct{}{} - } - - // build the request URL to download this custom build - qs := url.Values{ - "os": {runtime.GOOS}, - "arch": {runtime.GOARCH}, - } - for pkg := range pluginPkgs { - qs.Add("p", pkg) - } - urlStr := fmt.Sprintf("https://caddyserver.com/api/download?%s", qs.Encode()) - - // initiate the build - l.Info("requesting build", - zap.String("os", qs.Get("os")), - zap.String("arch", qs.Get("arch")), - zap.Strings("packages", qs["p"])) - resp, err := http.Get(urlStr) - if err != nil { - return caddy.ExitCodeFailedStartup, fmt.Errorf("secure request failed: %v", err) - } - defer resp.Body.Close() - if resp.StatusCode >= 400 { - var details struct { - StatusCode int `json:"status_code"` - Error struct { - Message string `json:"message"` - ID string `json:"id"` - } `json:"error"` - } - err2 := json.NewDecoder(resp.Body).Decode(&details) - if err2 != nil { - return caddy.ExitCodeFailedStartup, fmt.Errorf("download and error decoding failed: HTTP %d: %v", resp.StatusCode, err2) - } - return caddy.ExitCodeFailedStartup, fmt.Errorf("download failed: HTTP %d: %s (id=%s)", resp.StatusCode, details.Error.Message, details.Error.ID) - } - - // back up the current binary, in case something goes wrong we can replace it - backupExecPath := thisExecPath + ".tmp" - l.Info("build acquired; backing up current executable", - zap.String("current_path", thisExecPath), - zap.String("backup_path", backupExecPath)) - err = os.Rename(thisExecPath, backupExecPath) - if err != nil { - return caddy.ExitCodeFailedStartup, fmt.Errorf("backing up current binary: %v", err) - } - defer func() { - if err != nil { - err2 := os.Rename(backupExecPath, thisExecPath) - if err2 != nil { - l.Error("restoring original executable failed; will need to be restored manually", - zap.String("backup_path", backupExecPath), - zap.String("original_path", thisExecPath), - zap.Error(err2)) - } - } - }() - - // download the file; do this in a closure to close reliably before we execute it - writeFile := func() error { - destFile, err := os.OpenFile(thisExecPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, thisExecStat.Mode()) - if err != nil { - return fmt.Errorf("unable to open destination file: %v", err) - } - defer destFile.Close() - - l.Info("downloading binary", zap.String("source", urlStr), zap.String("destination", thisExecPath)) - - _, err = io.Copy(destFile, resp.Body) - if err != nil { - return fmt.Errorf("unable to download file: %v", err) - } - - err = destFile.Sync() - if err != nil { - return fmt.Errorf("syncing downloaded file to device: %v", err) - } - - return nil - } - err = writeFile() - if err != nil { - return caddy.ExitCodeFailedStartup, err - } - - l.Info("download successful; displaying new binary details", zap.String("location", thisExecPath)) - - // use the new binary to print out version and module info - fmt.Print("\nModule versions:\n\n") - cmd := exec.Command(thisExecPath, "list-modules", "--versions") - cmd.Stdout = os.Stdout - cmd.Stderr = os.Stderr - err = cmd.Run() - if err != nil { - return caddy.ExitCodeFailedStartup, fmt.Errorf("download succeeded, but unable to execute: %v", err) - } - fmt.Println("\nVersion:") - cmd = exec.Command(thisExecPath, "version") - cmd.Stdout = os.Stdout - cmd.Stderr = os.Stderr - err = cmd.Run() - if err != nil { - return caddy.ExitCodeFailedStartup, fmt.Errorf("download succeeded, but unable to execute: %v", err) - } - fmt.Println() - - // clean up the backup file - err = os.Remove(backupExecPath) - if err != nil { - return caddy.ExitCodeFailedStartup, fmt.Errorf("download succeeded, but unable to clean up backup binary: %v", err) - } - - l.Info("upgrade successful; please restart any running Caddy instances", zap.String("executable", thisExecPath)) - - return caddy.ExitCodeSuccess, nil -} - func cmdHelp(fl Flags) (int, error) { const fullDocs = `Full documentation is available at: https://caddyserver.com/docs/command-line` @@ -779,56 +632,6 @@ commands: return caddy.ExitCodeSuccess, nil } -func getModules() (standard, nonstandard, unknown []moduleInfo, err error) { - bi, ok := debug.ReadBuildInfo() - if !ok { - err = fmt.Errorf("no build info") - return - } - - for _, modID := range caddy.Modules() { - modInfo, err := caddy.GetModule(modID) - if err != nil { - // that's weird, shouldn't happen - unknown = append(unknown, moduleInfo{caddyModuleID: modID, err: err}) - continue - } - - // to get the Caddy plugin's version info, we need to know - // the package that the Caddy module's value comes from; we - // can use reflection but we need a non-pointer value (I'm - // not sure why), and since New() should return a pointer - // value, we need to dereference it first - iface := interface{}(modInfo.New()) - if rv := reflect.ValueOf(iface); rv.Kind() == reflect.Ptr { - iface = reflect.New(reflect.TypeOf(iface).Elem()).Elem().Interface() - } - modPkgPath := reflect.TypeOf(iface).PkgPath() - - // now we find the Go module that the Caddy module's package - // belongs to; we assume the Caddy module package path will - // be prefixed by its Go module path, and we will choose the - // longest matching prefix in case there are nested modules - var matched *debug.Module - for _, dep := range bi.Deps { - if strings.HasPrefix(modPkgPath, dep.Path) { - if matched == nil || len(dep.Path) > len(matched.Path) { - matched = dep - } - } - } - - caddyModGoMod := moduleInfo{caddyModuleID: modID, goModule: matched} - - if strings.HasPrefix(modPkgPath, caddy.ImportPath) { - standard = append(standard, caddyModGoMod) - } else { - nonstandard = append(nonstandard, caddyModGoMod) - } - } - return -} - // apiRequest makes an API request to the endpoint adminAddr with the // given HTTP method and request URI. If body is non-nil, it will be // assumed to be Content-Type application/json. diff --git a/cmd/commands.go b/cmd/commands.go index 36e9c04f..89c4fe43 100644 --- a/cmd/commands.go +++ b/cmd/commands.go @@ -291,6 +291,30 @@ Downloads an updated Caddy binary with the same modules/plugins at the latest versions. EXPERIMENTAL: May be changed or removed.`, }) + RegisterCommand(Command{ + Name: "add-package", + Func: cmdAddPackage, + Usage: "", + Short: "Adds Caddy packages (EXPERIMENTAL)", + Long: ` +Downloads an updated Caddy binary with the specified packages (module/plugin) +added. Retains existing packages. Returns an error if the any of packages are +already included. EXPERIMENTAL: May be changed or removed. +`, + }) + + RegisterCommand(Command{ + Name: "remove-package", + Func: cmdRemovePackage, + Usage: "", + Short: "Removes Caddy packages (EXPERIMENTAL)", + Long: ` +Downloads an updated Caddy binaries without the specified packages (module/plugin). +Returns an error if any of the packages are not included. +EXPERIMENTAL: May be changed or removed. +`, + }) + } // RegisterCommand registers the command cmd. diff --git a/cmd/packagesfuncs.go b/cmd/packagesfuncs.go new file mode 100644 index 00000000..6aaf52bf --- /dev/null +++ b/cmd/packagesfuncs.go @@ -0,0 +1,306 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package caddycmd + +import ( + "encoding/json" + "fmt" + "io" + "net/http" + "net/url" + "os" + "os/exec" + "reflect" + "runtime" + "runtime/debug" + "strings" + + "github.com/caddyserver/caddy/v2" + "go.uber.org/zap" +) + +func cmdUpgrade(_ Flags) (int, error) { + _, nonstandard, _, err := getModules() + if err != nil { + return caddy.ExitCodeFailedStartup, fmt.Errorf("unable to enumerate installed plugins: %v", err) + } + pluginPkgs, err := getPluginPackages(nonstandard) + if err != nil { + return caddy.ExitCodeFailedStartup, err + } + + return upgradeBuild(pluginPkgs) +} + +func cmdAddPackage(fl Flags) (int, error) { + if len(fl.Args()) == 0 { + return caddy.ExitCodeFailedStartup, fmt.Errorf("at least one package name must be specified") + } + _, nonstandard, _, err := getModules() + if err != nil { + return caddy.ExitCodeFailedStartup, fmt.Errorf("unable to enumerate installed plugins: %v", err) + } + pluginPkgs, err := getPluginPackages(nonstandard) + if err != nil { + return caddy.ExitCodeFailedStartup, err + } + + for _, arg := range fl.Args() { + if _, ok := pluginPkgs[arg]; ok { + return caddy.ExitCodeFailedStartup, fmt.Errorf("package is already added") + } + pluginPkgs[arg] = struct{}{} + } + + return upgradeBuild(pluginPkgs) +} + +func cmdRemovePackage(fl Flags) (int, error) { + if len(fl.Args()) == 0 { + return caddy.ExitCodeFailedStartup, fmt.Errorf("at least one package name must be specified") + } + _, nonstandard, _, err := getModules() + if err != nil { + return caddy.ExitCodeFailedStartup, fmt.Errorf("unable to enumerate installed plugins: %v", err) + } + pluginPkgs, err := getPluginPackages(nonstandard) + if err != nil { + return caddy.ExitCodeFailedStartup, err + } + + for _, arg := range fl.Args() { + if _, ok := pluginPkgs[arg]; !ok { + // package does not exist + return caddy.ExitCodeFailedStartup, fmt.Errorf("package is not added") + } + delete(pluginPkgs, arg) + } + + return upgradeBuild(pluginPkgs) +} + +func upgradeBuild(pluginPkgs map[string]struct{}) (int, error) { + l := caddy.Log() + + thisExecPath, err := os.Executable() + if err != nil { + return caddy.ExitCodeFailedStartup, fmt.Errorf("determining current executable path: %v", err) + } + thisExecStat, err := os.Stat(thisExecPath) + if err != nil { + return caddy.ExitCodeFailedStartup, fmt.Errorf("retrieving current executable permission bits: %v", err) + } + l.Info("this executable will be replaced", zap.String("path", thisExecPath)) + + // build the request URL to download this custom build + qs := url.Values{ + "os": {runtime.GOOS}, + "arch": {runtime.GOARCH}, + } + for pkg := range pluginPkgs { + qs.Add("p", pkg) + } + + // initiate the build + resp, err := downloadBuild(qs) + if err != nil { + return caddy.ExitCodeFailedStartup, fmt.Errorf("download failed: %v", err) + } + defer resp.Body.Close() + + // back up the current binary, in case something goes wrong we can replace it + backupExecPath := thisExecPath + ".tmp" + l.Info("build acquired; backing up current executable", + zap.String("current_path", thisExecPath), + zap.String("backup_path", backupExecPath)) + err = os.Rename(thisExecPath, backupExecPath) + if err != nil { + return caddy.ExitCodeFailedStartup, fmt.Errorf("backing up current binary: %v", err) + } + defer func() { + if err != nil { + err2 := os.Rename(backupExecPath, thisExecPath) + if err2 != nil { + l.Error("restoring original executable failed; will need to be restored manually", + zap.String("backup_path", backupExecPath), + zap.String("original_path", thisExecPath), + zap.Error(err2)) + } + } + }() + + // download the file; do this in a closure to close reliably before we execute it + err = writeCaddyBinary(thisExecPath, &resp.Body, thisExecStat) + if err != nil { + return caddy.ExitCodeFailedStartup, err + } + + l.Info("download successful; displaying new binary details", zap.String("location", thisExecPath)) + + // use the new binary to print out version and module info + fmt.Print("\nModule versions:\n\n") + if err = listModules(thisExecPath); err != nil { + return caddy.ExitCodeFailedStartup, fmt.Errorf("download succeeded, but unable to execute: %v", err) + } + fmt.Println("\nVersion:") + if err = showVersion(thisExecPath); err != nil { + return caddy.ExitCodeFailedStartup, fmt.Errorf("download succeeded, but unable to execute: %v", err) + } + fmt.Println() + + // clean up the backup file + if err = os.Remove(backupExecPath); err != nil { + return caddy.ExitCodeFailedStartup, fmt.Errorf("download succeeded, but unable to clean up backup binary: %v", err) + } + l.Info("upgrade successful; please restart any running Caddy instances", zap.String("executable", thisExecPath)) + + return caddy.ExitCodeSuccess, nil +} + +func getModules() (standard, nonstandard, unknown []moduleInfo, err error) { + bi, ok := debug.ReadBuildInfo() + if !ok { + err = fmt.Errorf("no build info") + return + } + + for _, modID := range caddy.Modules() { + modInfo, err := caddy.GetModule(modID) + if err != nil { + // that's weird, shouldn't happen + unknown = append(unknown, moduleInfo{caddyModuleID: modID, err: err}) + continue + } + + // to get the Caddy plugin's version info, we need to know + // the package that the Caddy module's value comes from; we + // can use reflection but we need a non-pointer value (I'm + // not sure why), and since New() should return a pointer + // value, we need to dereference it first + iface := interface{}(modInfo.New()) + if rv := reflect.ValueOf(iface); rv.Kind() == reflect.Ptr { + iface = reflect.New(reflect.TypeOf(iface).Elem()).Elem().Interface() + } + modPkgPath := reflect.TypeOf(iface).PkgPath() + + // now we find the Go module that the Caddy module's package + // belongs to; we assume the Caddy module package path will + // be prefixed by its Go module path, and we will choose the + // longest matching prefix in case there are nested modules + var matched *debug.Module + for _, dep := range bi.Deps { + if strings.HasPrefix(modPkgPath, dep.Path) { + if matched == nil || len(dep.Path) > len(matched.Path) { + matched = dep + } + } + } + + caddyModGoMod := moduleInfo{caddyModuleID: modID, goModule: matched} + + if strings.HasPrefix(modPkgPath, caddy.ImportPath) { + standard = append(standard, caddyModGoMod) + } else { + nonstandard = append(nonstandard, caddyModGoMod) + } + } + return +} + +func listModules(path string) error { + cmd := exec.Command(path, "list-modules", "--versions") + cmd.Stdout = os.Stdout + cmd.Stderr = os.Stderr + err := cmd.Run() + if err != nil { + return fmt.Errorf("download succeeded, but unable to execute: %v", err) + } + return nil +} + +func showVersion(path string) error { + cmd := exec.Command(path, "version") + cmd.Stdout = os.Stdout + cmd.Stderr = os.Stderr + err := cmd.Run() + if err != nil { + return fmt.Errorf("download succeeded, but unable to execute: %v", err) + } + return nil +} + +func downloadBuild(qs url.Values) (*http.Response, error) { + l := caddy.Log() + l.Info("requesting build", + zap.String("os", qs.Get("os")), + zap.String("arch", qs.Get("arch")), + zap.Strings("packages", qs["p"])) + resp, err := http.Get(fmt.Sprintf("%s?%s", downloadPath, qs.Encode())) + if err != nil { + return nil, fmt.Errorf("secure request failed: %v", err) + } + if resp.StatusCode >= 400 { + var details struct { + StatusCode int `json:"status_code"` + Error struct { + Message string `json:"message"` + ID string `json:"id"` + } `json:"error"` + } + err2 := json.NewDecoder(resp.Body).Decode(&details) + if err2 != nil { + return nil, fmt.Errorf("download and error decoding failed: HTTP %d: %v", resp.StatusCode, err2) + } + return nil, fmt.Errorf("download failed: HTTP %d: %s (id=%s)", resp.StatusCode, details.Error.Message, details.Error.ID) + } + return resp, nil +} + +func getPluginPackages(modules []moduleInfo) (map[string]struct{}, error) { + pluginPkgs := make(map[string]struct{}) + for _, mod := range modules { + if mod.goModule.Replace != nil { + return nil, fmt.Errorf("cannot auto-upgrade when Go module has been replaced: %s => %s", + mod.goModule.Path, mod.goModule.Replace.Path) + } + pluginPkgs[mod.goModule.Path] = struct{}{} + } + return pluginPkgs, nil +} + +func writeCaddyBinary(path string, body *io.ReadCloser, fileInfo os.FileInfo) error { + l := caddy.Log() + destFile, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE|os.O_TRUNC, fileInfo.Mode()) + if err != nil { + return fmt.Errorf("unable to open destination file: %v", err) + } + defer destFile.Close() + + l.Info("downloading binary", zap.String("destination", path)) + + _, err = io.Copy(destFile, *body) + if err != nil { + return fmt.Errorf("unable to download file: %v", err) + } + + err = destFile.Sync() + if err != nil { + return fmt.Errorf("syncing downloaded file to device: %v", err) + } + + return nil +} + +const downloadPath = "https://caddyserver.com/api/download" From e6c29ce081673d85e527d59f3afb7ace034573df Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Thu, 12 Aug 2021 12:48:24 -0400 Subject: [PATCH 0435/1498] reverseproxy: Incorporate latest proxy changes from stdlib (#4266) I went through the commits that touched stdlib's `reverseproxy.go` file, and copied over all the changes that are to code that was copied into Caddy. The commits I pulled changes from: - https://github.com/golang/go/commit/2cc347382f4df3fb40d8d81ec9331f0748b1c394 - https://github.com/golang/go/commit/a5cea062b305c8502bdc959c0eec279dbcd4391f - https://github.com/golang/go/commit/ecdbffd4ec68b509998792f120868fec319de59b - https://github.com/golang/go/commit/21898524f66c075d7cfb64a38f17684140e57675 -https://github.com/golang/go/commit/ca3c0df1f8e07337ba4048b191bf905118ebe251 - https://github.com/golang/go/commit/9c017ff30dd21bbdcdb11f39458d3944db530d7e This may also fix https://github.com/caddyserver/caddy/issues/4247 because of the change to `copyResponse` to set `mlw.flushPending = true` right away. --- .../caddyhttp/reverseproxy/reverseproxy.go | 32 ++++++++++++------- modules/caddyhttp/reverseproxy/streaming.go | 20 +++++++++--- 2 files changed, 37 insertions(+), 15 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 6b217e1a..633cc657 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -23,6 +23,7 @@ import ( "io" "net" "net/http" + "net/textproto" "net/url" "regexp" "strconv" @@ -80,10 +81,13 @@ type Handler struct { // Upstreams is the list of backends to proxy to. Upstreams UpstreamPool `json:"upstreams,omitempty"` - // Adjusts how often to flush the response buffer. A - // negative value disables response buffering. - // TODO: figure out good defaults and write docs for this - // (see https://github.com/caddyserver/caddy/issues/1460) + // Adjusts how often to flush the response buffer. By default, + // no periodic flushing is done. A negative value disables + // response buffering, and flushes immediately after each + // write to the client. This option is ignored when the upstream's + // response is recognized as a streaming response, or if its + // content length is -1; for such responses, writes are flushed + // to the client immediately. FlushInterval caddy.Duration `json:"flush_interval,omitempty"` // Headers manipulates headers between Caddy and the backend. @@ -528,13 +532,19 @@ func (h Handler) prepareRequest(req *http.Request) error { // If we aren't the first proxy retain prior // X-Forwarded-For information as a comma+space // separated list and fold multiple headers into one. - if prior, ok := req.Header["X-Forwarded-For"]; ok { + prior, ok := req.Header["X-Forwarded-For"] + omit := ok && prior == nil // Issue 38079: nil now means don't populate the header + if len(prior) > 0 { clientIP = strings.Join(prior, ", ") + ", " + clientIP } - req.Header.Set("X-Forwarded-For", clientIP) + if !omit { + req.Header.Set("X-Forwarded-For", clientIP) + } } - if req.Header.Get("X-Forwarded-Proto") == "" { + prior, ok := req.Header["X-Forwarded-Proto"] + omit := ok && prior == nil + if len(prior) == 0 && !omit { // set X-Forwarded-Proto; many backend apps expect this too proto := "https" if req.TLS == nil { @@ -827,10 +837,10 @@ func upgradeType(h http.Header) string { // removeConnectionHeaders removes hop-by-hop headers listed in the "Connection" header of h. // See RFC 7230, section 6.1 func removeConnectionHeaders(h http.Header) { - if c := h.Get("Connection"); c != "" { - for _, f := range strings.Split(c, ",") { - if f = strings.TrimSpace(f); f != "" { - h.Del(f) + for _, f := range h["Connection"] { + for _, sf := range strings.Split(f, ",") { + if sf = textproto.TrimString(sf); sf != "" { + h.Del(sf) } } } diff --git a/modules/caddyhttp/reverseproxy/streaming.go b/modules/caddyhttp/reverseproxy/streaming.go index 285c04b7..1db352b7 100644 --- a/modules/caddyhttp/reverseproxy/streaming.go +++ b/modules/caddyhttp/reverseproxy/streaming.go @@ -32,6 +32,9 @@ import ( func (h Handler) handleUpgradeResponse(logger *zap.Logger, rw http.ResponseWriter, req *http.Request, res *http.Response) { reqUpType := upgradeType(req.Header) resUpType := upgradeType(res.Header) + // TODO: Update to use "net/http/internal/ascii" once we bumped + // the minimum Go version to 1.17. + // See https://github.com/golang/go/commit/5c489514bc5e61ad9b5b07bd7d8ec65d66a0512a if reqUpType != resUpType { h.logger.Debug("backend tried to switch to unexpected protocol via Upgrade header", zap.String("backend_upgrade", resUpType), @@ -39,8 +42,6 @@ func (h Handler) handleUpgradeResponse(logger *zap.Logger, rw http.ResponseWrite return } - copyHeader(res.Header, rw.Header()) - hj, ok := rw.(http.Hijacker) if !ok { h.logger.Sugar().Errorf("can't switch protocols using non-Hijacker ResponseWriter type %T", rw) @@ -78,6 +79,9 @@ func (h Handler) handleUpgradeResponse(logger *zap.Logger, rw http.ResponseWrite logger.Debug("connection closed", zap.Duration("duration", time.Since(start))) }() + copyHeader(rw.Header(), res.Header) + + res.Header = rw.Header() res.Body = nil // so res.Write only writes the headers; we have res.Body in backConn above if err := res.Write(brw); err != nil { h.logger.Debug("response write", zap.Error(err)) @@ -107,13 +111,16 @@ func (h Handler) flushInterval(req *http.Request, res *http.Response) time.Durat return -1 // negative means immediately } + // We might have the case of streaming for which Content-Length might be unset. + if res.ContentLength == -1 { + return -1 + } + // for h2 and h2c upstream streaming data to client (issues #3556 and #3606) if h.isBidirectionalStream(req, res) { return -1 } - // TODO: more specific cases? e.g. res.ContentLength == -1? (this TODO is from the std lib, but - // strangely similar to our isBidirectionalStream function that we implemented ourselves) return time.Duration(h.FlushInterval) } @@ -142,6 +149,11 @@ func (h Handler) copyResponse(dst io.Writer, src io.Reader, flushInterval time.D latency: flushInterval, } defer mlw.stop() + + // set up initial timer so headers get flushed even if body writes are delayed + mlw.flushPending = true + mlw.t = time.AfterFunc(flushInterval, mlw.delayedFlush) + dst = mlw } } From ab32440b2121c5a8cf36e1eea1b7347f0386c2dc Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Thu, 12 Aug 2021 14:08:37 -0400 Subject: [PATCH 0436/1498] httpcaddyfile: Add shortcut for proxy hostport placeholder (#4263) * httpcaddyfile: Add shortcut for proxy hostport placeholder I've noticed that it's a pretty common pattern to write a proxy like this, when needing to proxy over HTTPS: ``` reverse_proxy https://example.com { header_up Host {http.reverse_proxy.upstream.hostport} } ``` I find it pretty hard to remember the exact placeholder to use for this, and I continually need to refer to the docs when I need it. I think a simple fix for this is to add another Caddyfile placeholder for this one to shorten it: ``` reverse_proxy https://example.com { header_up Host {proxy_hostport} } ``` * Switch the shortcut name --- caddyconfig/httpcaddyfile/httptype.go | 1 + 1 file changed, 1 insertion(+) diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 2a11f85e..ff52dbf9 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -113,6 +113,7 @@ func (st ServerType) Setup(inputServerBlocks []caddyfile.ServerBlock, "{tls_client_serial}", "{http.request.tls.client.serial}", "{tls_client_subject}", "{http.request.tls.client.subject}", "{tls_client_certificate_pem}", "{http.request.tls.client.certificate_pem}", + "{upstream_hostport}", "{http.reverse_proxy.upstream.hostport}", ) // these are placeholders that allow a user-defined final From a10910f3981908424493c043d26dfcb4e5f8dc25 Mon Sep 17 00:00:00 2001 From: Steven Angles Date: Mon, 16 Aug 2021 17:04:47 -0400 Subject: [PATCH 0437/1498] admin: Sync server variables (fix #4260) (#4274) * Synchronize server assignment/references to avoid data race * only hold lock during var reassignment --- admin.go | 15 ++++++++++++-- admin_test.go | 54 ++++++++++++++++++++++++++++++++++----------------- 2 files changed, 49 insertions(+), 20 deletions(-) diff --git a/admin.go b/admin.go index ff5bc713..fb451682 100644 --- a/admin.go +++ b/admin.go @@ -335,6 +335,7 @@ func replaceLocalAdminServer(cfg *Config) error { return err } + serverMu.Lock() localAdminServer = &http.Server{ Addr: addr.String(), // for logging purposes only Handler: handler, @@ -343,10 +344,14 @@ func replaceLocalAdminServer(cfg *Config) error { IdleTimeout: 60 * time.Second, MaxHeaderBytes: 1024 * 64, } + serverMu.Unlock() adminLogger := Log().Named("admin") go func() { - if err := localAdminServer.Serve(ln); !errors.Is(err, http.ErrServerClosed) { + serverMu.Lock() + server := localAdminServer + serverMu.Unlock() + if err := server.Serve(ln); !errors.Is(err, http.ErrServerClosed) { adminLogger.Error("admin server shutdown for unknown reason", zap.Error(err)) } }() @@ -474,6 +479,7 @@ func replaceRemoteAdminServer(ctx Context, cfg *Config) error { return err } + serverMu.Lock() // create secure HTTP server remoteAdminServer = &http.Server{ Addr: addr.String(), // for logging purposes only @@ -485,6 +491,7 @@ func replaceRemoteAdminServer(ctx Context, cfg *Config) error { MaxHeaderBytes: 1024 * 64, ErrorLog: serverLogger, } + serverMu.Unlock() // start listener ln, err := Listen(addr.Network, addr.JoinHostPort(0)) @@ -494,7 +501,10 @@ func replaceRemoteAdminServer(ctx Context, cfg *Config) error { ln = tls.NewListener(ln, tlsConfig) go func() { - if err := remoteAdminServer.Serve(ln); !errors.Is(err, http.ErrServerClosed) { + serverMu.Lock() + server := remoteAdminServer + serverMu.Unlock() + if err := server.Serve(ln); !errors.Is(err, http.ErrServerClosed) { remoteLogger.Error("admin remote server shutdown for unknown reason", zap.Error(err)) } }() @@ -1229,6 +1239,7 @@ var bufPool = sync.Pool{ // keep a reference to admin endpoint singletons while they're active var ( + serverMu sync.Mutex localAdminServer, remoteAdminServer *http.Server identityCertCache *certmagic.Cache ) diff --git a/admin_test.go b/admin_test.go index cfb4ab7b..608a32c6 100644 --- a/admin_test.go +++ b/admin_test.go @@ -17,9 +17,28 @@ package caddy import ( "encoding/json" "reflect" + "sync" "testing" ) +var testCfg = []byte(`{ + "apps": { + "http": { + "servers": { + "myserver": { + "listen": ["tcp/localhost:8080-8084"], + "read_timeout": "30s" + }, + "yourserver": { + "listen": ["127.0.0.1:5000"], + "read_header_timeout": "15s" + } + } + } + } + } + `) + func TestUnsyncedConfigAccess(t *testing.T) { // each test is performed in sequence, so // each change builds on the previous ones; @@ -108,25 +127,24 @@ func TestUnsyncedConfigAccess(t *testing.T) { } } +// TestLoadConcurrent exercises Load under concurrent conditions +// and is most useful under test with `-race` enabled. +func TestLoadConcurrent(t *testing.T) { + var wg sync.WaitGroup + + for i := 0; i < 100; i++ { + wg.Add(1) + go func() { + _ = Load(testCfg, true) + wg.Done() + }() + } + + wg.Wait() +} + func BenchmarkLoad(b *testing.B) { for i := 0; i < b.N; i++ { - cfg := []byte(`{ - "apps": { - "http": { - "servers": { - "myserver": { - "listen": ["tcp/localhost:8080-8084"], - "read_timeout": "30s" - }, - "yourserver": { - "listen": ["127.0.0.1:5000"], - "read_header_timeout": "15s" - } - } - } - } - } - `) - Load(cfg, true) + Load(testCfg, true) } } From 1b1e625c201bdc2570dded6164e212f3abda902c Mon Sep 17 00:00:00 2001 From: Rainer Borene Date: Mon, 16 Aug 2021 18:06:44 -0300 Subject: [PATCH 0438/1498] core: Unix ns and Unix ms time placeholders (#4280) --- replacer.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/replacer.go b/replacer.go index e6cfdede..bffc4244 100644 --- a/replacer.go +++ b/replacer.go @@ -301,6 +301,10 @@ func globalDefaultReplacements(key string) (interface{}, bool) { return nowFunc().Format("02/Jan/2006:15:04:05 -0700"), true case "time.now.year": return strconv.Itoa(nowFunc().Year()), true + case "time.now.unix": + return strconv.FormatInt(nowFunc().Unix(), 10), true + case "time.now.unix_ms": + return strconv.FormatInt(nowFunc().UnixNano()/int64(time.Millisecond), 10), true } return nil, false From 6bc87ea2ff50a962f16dfafeb125f0f947c1a885 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 16 Aug 2021 23:56:20 -0400 Subject: [PATCH 0439/1498] ci: Start testing on Go 1.17, drop 1.15 (#4283) --- .github/workflows/ci.yml | 2 +- .github/workflows/cross-build.yml | 2 +- .github/workflows/release.yml | 2 +- README.md | 2 +- go.mod | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9a46b80b..44461258 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,7 +19,7 @@ jobs: fail-fast: false matrix: os: [ ubuntu-latest, macos-latest, windows-latest ] - go: [ '1.15', '1.16' ] + go: [ '1.16', '1.17' ] # Set some variables per OS, usable via ${{ matrix.VAR }} # CADDY_BIN_PATH: the path to the compiled Caddy binary, for artifact publishing diff --git a/.github/workflows/cross-build.yml b/.github/workflows/cross-build.yml index dc6b8e3d..277f22ca 100644 --- a/.github/workflows/cross-build.yml +++ b/.github/workflows/cross-build.yml @@ -16,7 +16,7 @@ jobs: fail-fast: false matrix: goos: ['android', 'linux', 'solaris', 'illumos', 'dragonfly', 'freebsd', 'openbsd', 'plan9', 'windows', 'darwin', 'netbsd'] - go: [ '1.15', '1.16' ] + go: [ '1.16', '1.17' ] runs-on: ubuntu-latest continue-on-error: true steps: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 844b74b2..834d3034 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -11,7 +11,7 @@ jobs: strategy: matrix: os: [ ubuntu-latest ] - go: [ '1.16' ] + go: [ '1.17' ] runs-on: ${{ matrix.os }} steps: diff --git a/README.md b/README.md index b32be897..5f00e323 100644 --- a/README.md +++ b/README.md @@ -75,7 +75,7 @@ For other install options, see https://caddyserver.com/docs/install. Requirements: -- [Go 1.15 or newer](https://golang.org/dl/) +- [Go 1.16 or newer](https://golang.org/dl/) ### For development diff --git a/go.mod b/go.mod index 8ee7b0d8..c353a7d0 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/caddyserver/caddy/v2 -go 1.15 +go 1.16 require ( github.com/Masterminds/sprig/v3 v3.2.2 From 8a974a4f8f1628c0b74c3a19cb8f2d0b48123cca Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 17 Aug 2021 10:51:26 -0600 Subject: [PATCH 0440/1498] logging: Warn for deprecated single_field encoder --- caddytest/integration/reverseproxy_test.go | 6 +++--- modules/caddyhttp/reverseproxy/caddyfile.go | 2 +- modules/logging/encoders.go | 1 + 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/caddytest/integration/reverseproxy_test.go b/caddytest/integration/reverseproxy_test.go index e6aff87f..422f6716 100644 --- a/caddytest/integration/reverseproxy_test.go +++ b/caddytest/integration/reverseproxy_test.go @@ -371,7 +371,7 @@ func TestReverseProxyHealthCheck(t *testing.T) { reverse_proxy { to localhost:2020 - health_path /health + health_uri /health health_port 2021 health_interval 2s health_timeout 5s @@ -426,7 +426,7 @@ func TestReverseProxyHealthCheckUnixSocket(t *testing.T) { reverse_proxy { to unix/%s - health_path /health + health_uri /health health_port 2021 health_interval 2s health_timeout 5s @@ -481,7 +481,7 @@ func TestReverseProxyHealthCheckUnixSocketWithoutPort(t *testing.T) { reverse_proxy { to unix/%s - health_path /health + health_uri /health health_interval 2s health_timeout 5s } diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index 8bbdf5e8..c7f555f8 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -61,7 +61,7 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) // lb_try_interval // // # active health checking -// health_path +// health_uri // health_port // health_interval // health_timeout diff --git a/modules/logging/encoders.go b/modules/logging/encoders.go index 8b2b44c1..1b5f4a6d 100644 --- a/modules/logging/encoders.go +++ b/modules/logging/encoders.go @@ -135,6 +135,7 @@ func (SingleFieldEncoder) CaddyModule() caddy.ModuleInfo { // Provision sets up the encoder. func (se *SingleFieldEncoder) Provision(ctx caddy.Context) error { + caddy.Log().Named("caddy.logging.encoders.single_field").Warn("the 'single_field' encoder is deprecated and will be removed soon!") if se.FallbackRaw != nil { val, err := ctx.LoadModule(se, "FallbackRaw") if err != nil { From 9e333c39da785075e14d2a75887439f1887356d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=2E=20=C3=81ngel=20Jimeno?= Date: Wed, 18 Aug 2021 20:58:19 +0200 Subject: [PATCH 0441/1498] cmd: use net.ErrClosed for matching returned error (#4289) Implements #3805 --- cmd/commandfuncs.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go index c70b57af..c456a813 100644 --- a/cmd/commandfuncs.go +++ b/cmd/commandfuncs.go @@ -19,6 +19,7 @@ import ( "context" "crypto/rand" "encoding/json" + "errors" "fmt" "io" "io/ioutil" @@ -119,7 +120,7 @@ func cmdStart(fl Flags) (int, error) { for { conn, err := ln.Accept() if err != nil { - if !strings.Contains(err.Error(), "use of closed network connection") { + if !errors.Is(err, net.ErrClosed) { log.Println(err) } break From a056fcd7ba64b6f313f08ec7a48536c726ca432b Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Thu, 19 Aug 2021 18:08:19 -0400 Subject: [PATCH 0442/1498] chore: Upgrade smallstep libs (#4291) See https://github.com/smallstep/nosql/issues/12 for context. --- go.mod | 4 +- go.sum | 273 ++++++++++++++++++++++++++++++++++++++++++++++++++++++--- 2 files changed, 261 insertions(+), 16 deletions(-) diff --git a/go.mod b/go.mod index c353a7d0..69d771f6 100644 --- a/go.mod +++ b/go.mod @@ -18,9 +18,9 @@ require ( github.com/naoina/go-stringutil v0.1.0 // indirect github.com/naoina/toml v0.1.1 github.com/prometheus/client_golang v1.10.1-0.20210603120351-253906201bda - github.com/smallstep/certificates v0.15.15 + github.com/smallstep/certificates v0.16.1 github.com/smallstep/cli v0.15.16 - github.com/smallstep/nosql v0.3.6 + github.com/smallstep/nosql v0.3.7 github.com/smallstep/truststore v0.9.6 github.com/yuin/goldmark v1.3.8 github.com/yuin/goldmark-highlighting v0.0.0-20210516132338-9216f9c5aa01 diff --git a/go.sum b/go.sum index 2a96e69e..3de91df3 100644 --- a/go.sum +++ b/go.sum @@ -15,8 +15,14 @@ cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKV cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= -cloud.google.com/go v0.70.0 h1:ujhG1RejZYi+HYfJNlgBh3j/bVKD8DewM7AkJ5UPyBc= cloud.google.com/go v0.70.0/go.mod h1:/UTKYRQTWjVnSe7nGvoSzxEFUELzSI/yAYd0JQT6cRo= +cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI= +cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= +cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= +cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= +cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= +cloud.google.com/go v0.83.0 h1:bAMqZidYkmIsUqe6PtkEPT7Q+vfizScn+jfNA6jwK9c= +cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= @@ -50,6 +56,7 @@ github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym github.com/DataDog/zstd v1.4.1/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo= github.com/DataDog/zstd v1.4.5 h1:EndNeuB0l9syBZhut0wns3gV1hL8zX8LIu6ZiVHWLIQ= github.com/DataDog/zstd v1.4.5/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo= +github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= github.com/Masterminds/glide v0.13.2/go.mod h1:STyF5vcenH/rUqTEv+/hBXlSTo7KYwg2oc2f4tzPWic= github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= @@ -68,9 +75,13 @@ github.com/OneOfOne/xxhash v1.2.2 h1:KMrpdQIwFcEqXDklaen+P1axHaj9BSKzvpUUfnHldSE github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/OpenPeeDeeP/depguard v1.0.0/go.mod h1:7/4sitnI9YlQgTLLk734QlzXT8DuHVnAyztLplQjk+o= github.com/OpenPeeDeeP/depguard v1.0.1/go.mod h1:xsIw86fROiiwelg+jB2uM9PiKihMMmUx/1V+TNhjQvM= +github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= +github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= github.com/StackExchange/wmi v0.0.0-20180116203802-5d049714c4a6/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg= github.com/ThalesIgnite/crypto11 v1.2.4/go.mod h1:ILDKtnCKiQ7zRoNxcp36Y1ZR8LBPmR2E23+wTQe/MlE= github.com/ThomasRooney/gexpect v0.0.0-20161231170123-5482f0350944/go.mod h1:sPML5WwI6oxLRLPuuqbtoOKhtmpVDCYtwsps+I+vjIY= +github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g= +github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= github.com/alecthomas/assert v0.0.0-20170929043011-405dbfeb8e38 h1:smF2tmSOzy2Mm+0dGI2AIUHY+w0BUc+4tn40djz7+6U= github.com/alecthomas/assert v0.0.0-20170929043011-405dbfeb8e38/go.mod h1:r7bzyVFMNntcxPZXK3/+KdruV1H5KSlyVY0gc+NgInI= github.com/alecthomas/chroma v0.7.2-0.20200305040604-4f3623dce67a/go.mod h1:fv5SzZPFJbwp2NXJWpFIX7DZS4HgV1K4ew4Pc2OZD9s= @@ -90,24 +101,36 @@ github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk5 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= github.com/antlr/antlr4 v0.0.0-20200503195918-621b933c7a7f h1:0cEys61Sr2hUBEXfNV8eyQP01oZuBgoMeHunebPirK8= github.com/antlr/antlr4 v0.0.0-20200503195918-621b933c7a7f/go.mod h1:T7PbCXFs94rrTttyxjbyT5+/1V8T2TYDejxUfHJjw1Y= +github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= +github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= +github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= +github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= +github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A= github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b h1:uUXgbcPDK3KpW29o4iy7GtuappbWT0l5NaMo9H9pJDw= github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A= github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= +github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU= github.com/aws/aws-sdk-go v1.19.18/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= +github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.30.29 h1:NXNqBS9hjOCpDL8SyCyl38gZX3LLLunKOJc5E7vJ8P0= github.com/aws/aws-sdk-go v1.30.29/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= +github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= +github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps= github.com/bombsimon/wsl/v2 v2.0.0/go.mod h1:mf25kr/SqFEPhhcxW1+7pxzGlW+hIl/hYTKY95VwV8U= github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= github.com/caddyserver/certmagic v0.14.0 h1:XW1o32s7smIYEJSc6g+N8YXljpjRo5ZE2zi3CIYTs74= github.com/caddyserver/certmagic v0.14.0/go.mod h1:oRQOZmUVKwlpgNidslysHt05osM9uMrJ4YMk+Ot4P4Q= +github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= +github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= @@ -122,9 +145,13 @@ github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e h1:fY5BOSpyZCqRo5O github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1 h1:q763qf9huN11kDQavWsoZXJNW3xEE4JJyHa5Q25/sd8= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= +github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= +github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= +github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= +github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI= github.com/codegangsta/cli v1.20.0/go.mod h1:/qJNoX69yVSKu5o4jLyXAENLRyk1uhi7zkbQ3slBdOA= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= @@ -132,8 +159,10 @@ github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= +github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20181012123002-c6f51f82210d/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= +github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/corpix/uarand v0.1.1/go.mod h1:SFKZvkcRoLqVRFZ4u25xPmp6m9ktANfbpXZ7SJ0/FNU= github.com/cpuguy83/go-md2man v1.0.10 h1:BSKMNlYxDvnunlTymqtgONjNnaRV1sTpcovwwjF22jk= @@ -149,9 +178,11 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/dgraph-io/badger v1.6.2 h1:mNw0qs90GVgGGWylh0umH5iag1j6n/PeJtNvL6KY/x8= github.com/dgraph-io/badger v1.6.2/go.mod h1:JW2yswe3V058sS0kZ2h/AXeDSqFjxnZcRrVH//y2UQE= -github.com/dgraph-io/badger/v2 v2.0.1-rc1.0.20201003150343-5d1bab4fc658 h1:/WBjuutuivOA02gpDtrvrWKw01ugkyt3QnimB7enbtI= github.com/dgraph-io/badger/v2 v2.0.1-rc1.0.20201003150343-5d1bab4fc658/go.mod h1:2uGEvGm+JSDLd5UAaKIFSbXDcYyeH0fWJP4N2HMMYMI= +github.com/dgraph-io/badger/v2 v2.2007.3 h1:Sl9tQWz92WCbVSe8pj04Tkqlm2boW+KAxd+XSs58SQI= +github.com/dgraph-io/badger/v2 v2.2007.3/go.mod h1:26P/7fbL4kUZVEVKLAKXkBXKOydDmM2p1e+NhhnBCAE= github.com/dgraph-io/ristretto v0.0.2/go.mod h1:KPxhHT9ZxKefz+PCeOGsrHpl1qZ7i70dGTu2u+Ahh6E= +github.com/dgraph-io/ristretto v0.0.3-0.20200630154024-f66de99634de/go.mod h1:KPxhHT9ZxKefz+PCeOGsrHpl1qZ7i70dGTu2u+Ahh6E= github.com/dgraph-io/ristretto v0.0.4-0.20200906165740-41ebdbffecfd h1:KoJOtZf+6wpQaDTuOWGuo61GxcPBIfhwRxRTaTWGCTc= github.com/dgraph-io/ristretto v0.0.4-0.20200906165740-41ebdbffecfd/go.mod h1:YylP9MpCYGVZQrly/j/diqcdUetCRRePeBB0c2VGXsA= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= @@ -163,18 +194,28 @@ github.com/dlclark/regexp2 v1.1.6/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55k github.com/dlclark/regexp2 v1.2.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc= github.com/dlclark/regexp2 v1.4.0 h1:F1rxgk7p4uKjwIQxBs9oAXe5CqrXlCduYEJvrF4u93E= github.com/dlclark/regexp2 v1.4.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc= +github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac h1:opbrjaN/L8gg6Xh5D04Tem+8xVcz6ajZlGCs49mQgyg= github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= +github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= +github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= +github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= +github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M= +github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4safvEdbitLhGGK48rN6g= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= +github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= +github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/fatih/color v1.6.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiDsoyrBGkyDY= +github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= +github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= @@ -189,12 +230,16 @@ github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= +github.com/go-kit/kit v0.4.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-kit/kit v0.10.0 h1:dXFJfIHVvUcpSgDOV+Ne6t7jXri8Tfv2uOLHUZ2XNuo= +github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= github.com/go-lintpack/lintpack v0.5.2/go.mod h1:NwZuYi2nUHho8XEIZ6SIxihrnPoqBTDqfpXvXAN0sXM= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= +github.com/go-logfmt/logfmt v0.5.0 h1:TrB8swr/68K7m9CcGut2g3UOihhbcbiMAYiuTXdEih4= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= github.com/go-ole/go-ole v1.2.1/go.mod h1:7FAglXiTm7HKlQRDeOQ6ZNUHidzCWXuZWq/1dTyBNF8= github.com/go-piv/piv-go v1.7.0/go.mod h1:ON2WvQncm7dIkCQ7kYJs+nc3V4jHGfrrJnSF8HKy7Gk= @@ -202,6 +247,8 @@ github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-sql-driver/mysql v1.5.0 h1:ozyZYNQW3x3HtqT1jira07DN2PArx2v7/mN66gGcHOs= github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= +github.com/go-stack/stack v1.6.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= +github.com/go-stack/stack v1.8.0 h1:5SgMzNM5HxrEjV0ww2lTmX6E2Izsfxas4+YHWRs3Lsk= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-toolsmith/astcast v1.0.0/go.mod h1:mt2OdQTeAQcY4DQgPSArJjHCcOwlX+Wl/kwN+LbLGQ4= github.com/go-toolsmith/astcopy v1.0.0/go.mod h1:vrgyG+5Bxrnz4MZWPF+pI4R8h3qKRjjyvV/DSez4WVQ= @@ -218,9 +265,12 @@ github.com/go-toolsmith/strparse v1.0.0/go.mod h1:YI2nUKP9YGZnL/L1/DLFBfixrcjslW github.com/go-toolsmith/typep v1.0.0/go.mod h1:JSQCQMUPdRlMZFswiq3TGpNp1GMktqkR2Ns5AIQkATU= github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= github.com/gofrs/flock v0.0.0-20190320160742-5135e617513b/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU= +github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= +github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -235,6 +285,7 @@ github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= +github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8= github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc= github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -252,8 +303,10 @@ github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QD github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= +github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM= github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.2/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.3 h1:fHPg5GQYlCeLIPB9BZqMVR5nR9A+IM5zcgeTdjMYmLA= @@ -292,14 +345,18 @@ github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ= +github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= +github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= +github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= github.com/google/monologue v0.0.0-20190606152607-4b11a32b5934/go.mod h1:6NTfaQoUpg5QmPsCUWLR3ig33FHrKXhTtWzF0DVdmuk= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= @@ -309,6 +366,11 @@ github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hf github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20201009210932-67992a1a5a35/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/trillian v1.2.2-0.20190612132142-05461f4df60a/go.mod h1:YPmUVn5NGwgnDUgqlVyFGMTgaWlnSvH7W5p+NdOG8UA= github.com/google/trillian-examples v0.0.0-20190603134952-4e75ba15216c/go.mod h1:WgL3XZ3pA8/9cm7yxqWrZE6iZkESB2ItGxy5Fo6k2lk= @@ -324,20 +386,48 @@ github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+ github.com/googleapis/gax-go/v2 v2.0.5 h1:sjZBwGj9Jlw33ImPtvFviGYvseOtDM7hkSKB7+Tv3SM= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= +github.com/gorilla/context v0.0.0-20160226214623-1ea25387ff6f/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= +github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= +github.com/gorilla/mux v1.4.0/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= +github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= +github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= +github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gostaticanalysis/analysisutil v0.0.0-20190318220348-4088753ea4d3/go.mod h1:eEOZF4jCKGi+aprrirO9e7WKB3beBRtWgqGunKl6pKE= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= +github.com/groob/finalizer v0.0.0-20170707115354-4c2ed49aabda/go.mod h1:MyndkAZd5rUMdNogn35MWXBX1UiBigrU8eTj8DoAC2c= github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= +github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.5.0/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw= github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= +github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= +github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE= +github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= +github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= +github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= +github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= +github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= +github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= +github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= +github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= +github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= +github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= +github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/hcl v0.0.0-20180404174102-ef8a98b0bbce/go.mod h1:oZtUIOe8dh44I2q6ScRibXws4Ajl+d+nod3AaR9vL5w= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= +github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= +github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= +github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I= +github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/huandu/xstrings v1.3.1 h1:4jgBlKK6tLKFvO8u5pmYjG91cqytmDCDvGh7ECVFfFs= github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= +github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/icrowley/fake v0.0.0-20180203215853-4178557ae428/go.mod h1:uhpZMVGznybq1itEKXj6RYw9I71qK4kH+OGMjRC4KEo= @@ -345,6 +435,7 @@ github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJ github.com/imdario/mergo v0.3.11 h1:3tnifQM4i+fbajXKBHXWEH+KvNHqojZ778UH75j3bGA= github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= +github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo= github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0B/fFc00Y+Rasa88328GlI/XbtyysCtTHZS8h7IrBU= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/jingyugao/rowserrcheck v0.0.0-20191204022205-72ab7603b68a/go.mod h1:xRskid8CManxVta/ALEhJha/pweKBaVG6fWgc0yH25s= @@ -356,6 +447,8 @@ github.com/jmoiron/sqlx v1.2.1-0.20190826204134-d7d95172beb5/go.mod h1:1FEQNm3xl github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= +github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= @@ -400,12 +493,15 @@ github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/libdns/libdns v0.2.1 h1:Wu59T7wSHRgtA0cfxC+n1c/e+O3upJGWytknkmFEDis= github.com/libdns/libdns v0.2.1/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40= +github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= +github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= github.com/lucas-clemente/quic-go v0.21.1 h1:uuhCcu885TE9u/piPYMChI/yqA1lXfaLUEx8uCMxf8w= github.com/lucas-clemente/quic-go v0.21.1/go.mod h1:U9kFi5LKbNIlU30dkuM9vxmTxWq4Bvzee/MjBI+07UA= github.com/lunixbochs/vtclean v0.0.0-20180621232353-2d01aacdc34a/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/lunixbochs/vtclean v1.0.0 h1:xu2sLAri4lGiovBDQKxl5mrXyESr3gUr5m5SM5+LVb8= github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= +github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= github.com/magiconair/properties v1.7.6/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= @@ -423,14 +519,17 @@ github.com/marten-seemann/qtls-go1-17 v0.1.0-beta.1.2/go.mod h1:fz4HIxByo+LlWcre github.com/matoous/godox v0.0.0-20190911065817-5d6d842e92eb/go.mod h1:1BELzlh859Sh1c6+90blK8lbYy0kwQf1bYlBhBysy1s= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= -github.com/mattn/go-colorable v0.1.6 h1:6Su7aK7lXmJ/U79bYtBjLNaha4Fs1Rg9plHpcH+vvnE= github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= +github.com/mattn/go-colorable v0.1.8 h1:c1ghPdyEDarC70ftn0y+A/Ee++9zz8ljHG1b13eJ0s8= +github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= -github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= +github.com/mattn/go-isatty v0.0.13 h1:qdl+GuBjcsKKDco5BsxPJlId98mSWNKqYA+Co0SC1yA= +github.com/mattn/go-isatty v0.0.13/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= +github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-sqlite3 v1.9.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc= github.com/mattn/go-sqlite3 v1.10.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc= @@ -440,16 +539,24 @@ github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5 github.com/mholt/acmez v0.1.3 h1:J7MmNIk4Qf9b8mAGqAh4XkNeowv3f1zW816yf4zt7Qk= github.com/mholt/acmez v0.1.3/go.mod h1:8qnn8QA/Ewx8E3ZSsmscqsIjhhpxuy9vqdgbX2ceceM= github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4= +github.com/micromdm/scep/v2 v2.0.0 h1:cRzcY0S5QX+0+J+7YC4P2uZSnfMup8S8zJu/bLFgOkA= +github.com/micromdm/scep/v2 v2.0.0/go.mod h1:ouaDs5tcjOjdHD/h8BGaQsWE87MUnQ/wMTMgfMMIpPc= +github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/dns v1.1.42 h1:gWGe42RGaIqXQZ+r3WUGEKBEtvPHY2SXo4dqixDNxuY= github.com/miekg/dns v1.1.42/go.mod h1:+evo5L0630/F6ca/Z9+GAqzhjGyn8/c+TBaOyfEl0V4= github.com/miekg/pkcs11 v1.0.2/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/miekg/pkcs11 v1.0.3-0.20190429190417-a667d056470f/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= +github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= github.com/mitchellh/copystructure v1.0.0 h1:Laisrj+bAB6b/yJwB5Bt3ITZhGJdqmxquMKeZ+mmkFQ= github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-ps v0.0.0-20170309133038-4fdf99ab2936/go.mod h1:r1VsdOzOPt1ZSrGZWFoNhsAedKnEd6r9Np1+5blZCWk= github.com/mitchellh/go-ps v0.0.0-20190716172923-621e5597135b/go.mod h1:r1VsdOzOPt1ZSrGZWFoNhsAedKnEd6r9Np1+5blZCWk= +github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= +github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= +github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= +github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v0.0.0-20180220230111-00c29f56e238/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/reflectwalk v1.0.0 h1:9D+8oIskB4VJBN5SFlmc27fSlIBZaov1Wpk/IfikLNY= @@ -468,6 +575,13 @@ github.com/naoina/go-stringutil v0.1.0 h1:rCUeRUHjBjGTSHl0VC00jUPLz8/F9dDzYI70Hz github.com/naoina/go-stringutil v0.1.0/go.mod h1:XJ2SJL9jCtBh+P9q5btrd/Ylo8XwT/h1USek5+NqSA0= github.com/naoina/toml v0.1.1 h1:PT/lllxVVN0gzzSqSlHEmP8MJB4MY2U7STGxiouV4X8= github.com/naoina/toml v0.1.1/go.mod h1:NBIhNtsFMo3G2szEBne+bO4gS192HuIYRqfvOWb4i1E= +github.com/nats-io/jwt v0.3.0/go.mod h1:fRYCDE99xlTsqUzISS1Bi75UBJ6ljOJQOAAu5VglpSg= +github.com/nats-io/jwt v0.3.2/go.mod h1:/euKqTS1ZD+zzjYrY7pseZrTtWQSjujC7xjPc8wL6eU= +github.com/nats-io/nats-server/v2 v2.1.2/go.mod h1:Afk+wRZqkMQs/p45uXdrVLuab3gwv3Z8C4HTBu8GD/k= +github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzEE/Zbp4w= +github.com/nats-io/nkeys v0.1.0/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= +github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= +github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c= github.com/nbutton23/zxcvbn-go v0.0.0-20160627004424-a22cb81b2ecd/go.mod h1:o96djdrsSGy3AWPyBgZMAGfxZNfgntdJG+11KU4QvbU= github.com/nbutton23/zxcvbn-go v0.0.0-20171102151520-eafdab6b0663/go.mod h1:o96djdrsSGy3AWPyBgZMAGfxZNfgntdJG+11KU4QvbU= github.com/nbutton23/zxcvbn-go v0.0.0-20180912185939-ae427f1e4c1d/go.mod h1:o96djdrsSGy3AWPyBgZMAGfxZNfgntdJG+11KU4QvbU= @@ -477,61 +591,90 @@ github.com/newrelic/go-agent v2.15.0+incompatible/go.mod h1:a8Fv1b/fYhFSReoTU6HD github.com/ngdinhtoan/glide-cleanup v0.2.0/go.mod h1:UQzsmiDOb8YV3nOsCxK/c9zPpCZVNoHScRE3EO9pVMM= github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= +github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtbWGs= +github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= +github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= github.com/olekukonko/tablewriter v0.0.1/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.14.0 h1:2mOpI4JVVPBN+WQRa0WKH2eXR+Ey+uK4n7Zj0aYpIQA= github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.4.2/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= +github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.8.1/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA= github.com/onsi/gomega v1.10.1 h1:o0+MgICZLuZ7xjH7Vx6zS/zcu93/BEp1VwkIW1mEXCE= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= +github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis= +github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74= +github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= +github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= +github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5/go.mod h1:/wsWhb9smxSfWAKL3wpBW7V8scJMt8N8gnaMCS9E/cA= github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8= +github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw= +github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= +github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= +github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM= +github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= github.com/pelletier/go-toml v1.1.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= +github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac= +github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= +github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/pquerna/otp v1.0.0/go.mod h1:Zad1CMQfSQZI5KLpahDiSUX4tMMREnXw98IvL1nhgMk= github.com/prometheus/client_golang v0.8.0/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= +github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs= github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= github.com/prometheus/client_golang v0.9.4/go.mod h1:oCXIBxdI62A4cR6aTRJCgetEjecSIYzOEaeAn4iYEpM= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= +github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_golang v1.10.1-0.20210603120351-253906201bda h1:3W1P84xhSTIfDWfFnKN84yPp6iPXmvSgwfQe4heKOM8= github.com/prometheus/client_golang v1.10.1-0.20210603120351-253906201bda/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= +github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= +github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= +github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA= github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.26.0 h1:iMAkS2TDoNWnKM+Kopnx/8tnEStIfpYA0ur0xQzzhMQ= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= +github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.6.0 h1:mxy4L2jP6qMonqmq+aTtOx1ifVWUgG/TAmntgbh3xv4= github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/quasilyte/go-consistent v0.0.0-20190521200055-c6f3937de18c/go.mod h1:5STLWrekHfjyYwxBRVRXNOSewLJ3PWfDJd1VyTS21fI= +github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= @@ -542,9 +685,12 @@ github.com/russross/blackfriday v1.5.2 h1:HyvC0ARfnZBqnXwABFeSZHpKvJHJJfPz81GNue github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/ryanuber/go-glob v0.0.0-20170128012129-256dc444b735/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= github.com/samfoo/ansi v0.0.0-20160124022901-b6bd2ded7189 h1:CmSpbxmewNQbzqztaY0bke1qzHhyNyC29wYgh17Gxfo= github.com/samfoo/ansi v0.0.0-20160124022901-b6bd2ded7189/go.mod h1:UUwuHEJ9zkkPDxspIHOa59PUeSkGFljESGzbxntLmIg= +github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= +github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/securego/gosec v0.0.0-20200103095621-79fbf3af8d83/go.mod h1:vvbZ2Ae7AzSq3/kywjUDxSNq2SJ27RxCz2un0H3ePqE= github.com/sergi/go-diff v1.0.0 h1:Kpca3qRNrduNnOQeazBd0ysaKrUJiIuISHxogkT9RPQ= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= @@ -588,13 +734,14 @@ github.com/smallstep/assert v0.0.0-20180720014142-de77670473b5/go.mod h1:TC9A4+R github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262 h1:unQFBIznI+VYD1/1fApl1A+9VcBk+9dcqGfnePY87LY= github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262/go.mod h1:MyOHs9Po2fbM1LHej6sBUT8ozbxmMOFG+E+rx/GSGuc= github.com/smallstep/certificates v0.15.14/go.mod h1:1L10hpdBHF2U88GVrA77qAJG7wjnacIr+sgBfIDdzDE= -github.com/smallstep/certificates v0.15.15 h1:k9LUlLibqth02HZN4QDWDKMZDWu6oko4RgcTCpV8rOs= -github.com/smallstep/certificates v0.15.15/go.mod h1:1L10hpdBHF2U88GVrA77qAJG7wjnacIr+sgBfIDdzDE= +github.com/smallstep/certificates v0.16.1 h1:g3RIRrZs5argARZoHJiUm6NNOWtqRIcRIrHElDThvLI= +github.com/smallstep/certificates v0.16.1/go.mod h1:Y4cKGkm99bRA3L6MVfwi0kWSgaVKA/ddJ4LtoMyI3QY= github.com/smallstep/certinfo v1.5.0/go.mod h1:UWVjfGJeUc8O9PDR6VqI2CgWrQbF1HNMld1BSarYV2Q= github.com/smallstep/cli v0.15.16 h1:K3YQxfK3GrcJTiikkNFhFTWVR8qPR2ftROfWDFGphqM= github.com/smallstep/cli v0.15.16/go.mod h1:HU1iYqmiz28BSjC38zX9zpcfI+3Yi0DTPuDGeeoWjeU= -github.com/smallstep/nosql v0.3.6 h1:cq6a3NwjFJxkVlWU1T4qGskcfEXr0fO1WqQrraDO1Po= github.com/smallstep/nosql v0.3.6/go.mod h1:h1zC/Z54uNHc8euquLED4qJNCrMHd3nytA141ZZh4qQ= +github.com/smallstep/nosql v0.3.7 h1:P5C1cCj89a/MbD+4k8k585fzoaZNISmRA06v3q6u5lU= +github.com/smallstep/nosql v0.3.7/go.mod h1:mC+MOhUY1uV5S5vGmAwp1FSPfDB7iImiYn5nJCjzAdA= github.com/smallstep/truststore v0.9.6 h1:vNzEJmaJL0XOZD8uouXLmYu4/aP1UQ/wHUopH3qKeYA= github.com/smallstep/truststore v0.9.6/go.mod h1:HwHKRcBi0RUxxw1LYDpTRhYC4jZUuxPpkHdVonlkoDM= github.com/smallstep/zcrypto v0.0.0-20200203191936-fbc32cf76bce/go.mod h1:+F24VU3UCxfVFvvqgm5jNUFQOm/L6ed13ImwWGFgg/g= @@ -602,6 +749,7 @@ github.com/smallstep/zlint v0.0.0-20180727184541-d84eaafe274f/go.mod h1:GeHHT7sJ github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= +github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d/go.mod h1:UdhH50NIW0fCiwBSr0co2m7BnFLdv4fQTgdqdJTHFeE= github.com/sourcegraph/go-diff v0.5.1/go.mod h1:j2dHj3m8aZgQO8lMTcTnBcXkRRRqi34cd2MNlA9u1mE= github.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e/go.mod h1:HuIsMU8RRBOtsCgI77wP899iHVBQpCmg4ErYMZB+2IA= @@ -615,6 +763,7 @@ github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkU github.com/spf13/cast v1.3.1 h1:nFm6S0SMdyzrzcmThSipiEubIDy8WEXKNZ0UOgiRpng= github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cobra v0.0.2/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= +github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= github.com/spf13/jwalterweatherman v0.0.0-20180109140146-7c0cea34c8ec/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= @@ -626,6 +775,9 @@ github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DM github.com/spf13/viper v1.6.1/go.mod h1:t3iDnF5Jlj76alVNuyFBk5oUMCvsrkbvZK0WQdfDi5k= github.com/stoewer/go-strcase v1.2.0 h1:Z2iHWqGXH00XYgqDmNgQbIBxf3wrNq0F3feEy0ainaU= github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= +github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= +github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= +github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= @@ -641,6 +793,7 @@ github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cb github.com/thales-e-security/pool v0.0.2/go.mod h1:qtpMm2+thHtqhLzTwgDBj/OuNnMpupY8mv0Phz0gjhU= github.com/timakin/bodyclose v0.0.0-20190721030226-87058b9bfcec/go.mod h1:Qimiffbc6q9tBWlVV6x0P9sat/ao1xEkREYPPj9hphk= github.com/timakin/bodyclose v0.0.0-20190930140734-f7f2e9bca95e/go.mod h1:Qimiffbc6q9tBWlVV6x0P9sat/ao1xEkREYPPj9hphk= +github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce/go.mod h1:o8v6yHRoik09Xen7gje4m9ERNah1d1PPsVq1VEx9vE4= github.com/tommy-muehle/go-mnd v1.3.1-0.20200224220436-e6f9a994e8fa/go.mod h1:dSUh0FtTP8VhvkL1S+gUR1OKd9ZnSaozuI6r3m6wOig= @@ -650,6 +803,7 @@ github.com/ultraware/funlen v0.0.1/go.mod h1:Dp4UiAus7Wdb9KUZsYWZEWiRzGuM2kXM1lP github.com/ultraware/funlen v0.0.2/go.mod h1:Dp4UiAus7Wdb9KUZsYWZEWiRzGuM2kXM1lPbfaF6xhA= github.com/ultraware/whitespace v0.0.4/go.mod h1:aVMh/gQve5Maj9hQ/hg+F75lr/X5A89uZnzAmWSineA= github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= +github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli v1.22.4 h1:u7tSpNPPswAFymm8IehJhy4uJMlUuU/GmqSkvJ1InXA= github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= @@ -681,45 +835,61 @@ github.com/zmap/zcertificate v0.0.0-20190521191901-30e388164f71/go.mod h1:gIZi1K github.com/zmap/zcrypto v0.0.0-20190329181646-dff83107394d/go.mod h1:ix3q2kpLy0ibAuFXlr7qOhPKwFRRSjuynGuTR8EUPCk= github.com/zmap/zlint v0.0.0-20190516161541-9047d02cf65a/go.mod h1:xwLbce0UzBXp44sIAL1cii+hoK8j4AxRKlymZA2AIcY= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= +go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.5 h1:XAzx9gjCb0Rxj7EoqcClPD1d5ZBxZJk0jbuoPHenBt0= go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ= +go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg= go.etcd.io/etcd v3.3.13+incompatible/go.mod h1:yaeTdrJi5lOmYerz05bd8+V7KubZs8YSFZfzsF9A6aI= +go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1 h1:A/5uWzF44DlIgdm/PQFwfMkW0JX+cIcQi/SwLAmZP5M= go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk= go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= +go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= +go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.5 h1:dntmOdLpSpHlVqbW5Eay97DelsZHe+55D+xC6i0dDS0= go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= -go.step.sm/cli-utils v0.2.0 h1:hpVu9+6dpv/7/Bd8nGJFc3V+gQ+TciSJRTu9TavDUQ4= +go.opencensus.io v0.23.0 h1:gqCw0LfLxScz8irSi8exQc7fyQ0fKQU/qnC/X8+V/1M= +go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.step.sm/cli-utils v0.2.0/go.mod h1:+t4qCp5NO+080DdGkJxEh3xL5S4TcYC2JTPLMM72b6Y= +go.step.sm/cli-utils v0.4.1 h1:QztRUhGYjOPM1I2Nmi7V6XejQyVtcESmo+sbegxvX7Q= +go.step.sm/cli-utils v0.4.1/go.mod h1:hWYVOSlw8W9Pd+BwIbs/aftVVMRms3EG7Q2qLRwc0WA= go.step.sm/crypto v0.6.1/go.mod h1:AKS4yMZVZD4EGjpSkY4eibuMenrvKCscb+BpWMet8c0= -go.step.sm/crypto v0.8.0 h1:S4qBPyy3hR7KWLybSkHB0H14pwFfYkom4RZ96JzmXig= go.step.sm/crypto v0.8.0/go.mod h1:+CYG05Mek1YDqi5WK0ERc6cOpKly2i/a5aZmU1sfGj0= +go.step.sm/crypto v0.9.0 h1:q2AllTSnVj4NRtyEPkGW2ohArLmbGbe6ZAL/VIOKDzA= +go.step.sm/crypto v0.9.0/go.mod h1:+CYG05Mek1YDqi5WK0ERc6cOpKly2i/a5aZmU1sfGj0= +go.step.sm/linkedca v0.0.0-20210611183751-27424aae8d25 h1:ncJqviWswJT19IdnfOYQGKG1zL7IDy4lAJz1PuM3fgw= +go.step.sm/linkedca v0.0.0-20210611183751-27424aae8d25/go.mod h1:5uTRjozEGSPAZal9xJqlaD38cvJcLe3o1VAFVjqcORo= +go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= +go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= +go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU= go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= +go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= go.uber.org/zap v1.15.0/go.mod h1:Mb2vm2krFEG5DV0W9qcHBYFtp/Wku1cvYaqPsS/WYfc= go.uber.org/zap v1.17.0 h1:MTjgFu6ZLKvY6Pvaqk97GlxNBuMpV4Hy/3P6tRGlI2U= go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE= golang.org/x/build v0.0.0-20190111050920-041ab4dc3f9d/go.mod h1:OWs+y06UdEOHN4y+MfF/py+xQ/tYqIWW03b70/CG9Rw= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200221231518-2aa609cf4a9d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -751,6 +921,7 @@ golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHl golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= @@ -760,17 +931,23 @@ golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzB golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/net v0.0.0-20170726083632-f5079bd7f6f7/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20170915142106-8351a756f30f/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180911220305-26e67e76b6c3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181029044818-c44066c5c816/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181106065722-10aee1819953/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190301231341-16b79f2e4e95/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= @@ -784,6 +961,7 @@ golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -801,9 +979,15 @@ golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81R golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201010224723-4f7140c49acb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= +golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5 h1:wjuX4b5yYQnEQHzd+CBcrcC6OVR2J1CN6mUy0oSxIPo= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -814,8 +998,14 @@ golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a/go.mod h1:gOpvHmFTYa4Iltr golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43 h1:ld7aEMNHoBnnDAX15v1T6z31v8HwR2A9FYOuAhWqkwc= golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c h1:pkQiBZBvdos9qq4wBAHqlzuZHEXo07pqV06ef90u1WI= +golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/perf v0.0.0-20180704124530-6e6d33e29852/go.mod h1:JLpeXjPJfIyPr5TlbXLkXWLhP8nz10XfvxElABhCtcw= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -825,13 +1015,17 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20170728174421-0f826bdd13b5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20171026204733-164713f0dfce/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181029174526-d69651ed3497/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -850,6 +1044,7 @@ golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190626221950-04f50cda93cb/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -857,6 +1052,7 @@ golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191220142924-d4481acd189f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -881,11 +1077,19 @@ golang.org/x/sys v0.0.0-20200828194041-157a740278f4/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40 h1:JWgyZ1qgdTaF3N3oxC+MdTV7qvEEgHo3otj+HB5CM7Q= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= @@ -897,6 +1101,7 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -947,6 +1152,7 @@ golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200102140908-9497f49d5709/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= @@ -968,6 +1174,11 @@ golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= golang.org/x/tools v0.0.0-20201017001424-6003fad69a88/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU= +golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -978,6 +1189,7 @@ golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8T google.golang.org/api v0.0.0-20180910000450-7ca32eb868bf/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= google.golang.org/api v0.0.0-20181030000543-1d582fd0359e/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= google.golang.org/api v0.1.0/go.mod h1:UGEZY7KEX120AnNLIHFMKIo4obdJhkp2tPbaPlQx13Y= +google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.5.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.6.0/go.mod h1:btoxGiFvQNVUZQ8W08zLtrVS08CNpINPEfxXxgJL1Q4= @@ -996,8 +1208,14 @@ google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0M google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= -google.golang.org/api v0.33.0 h1:+gL0XvACeMIvpwLZ5rQZzLn5cwOsgg8dIcfJ2SYfBVw= google.golang.org/api v0.33.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= +google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= +google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE= +google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= +google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= +google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= +google.golang.org/api v0.47.0 h1:sQLWZQvP6jPGIP4JGPkJu4zHswrv81iobiyszr3b/0I= +google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1005,8 +1223,9 @@ google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.6 h1:lMO5rYAqUxkmaj76jAkRUvt5JZgFymx/+Q5Mzfivuhc= google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= +google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20180831171423-11092d34479b/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20181029155118-b69ba1387ce2/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= @@ -1016,6 +1235,7 @@ google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRn google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190530194941-fb225487d101/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= google.golang.org/genproto v0.0.0-20190605220351-eb0b1bdb6ae6/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= @@ -1044,16 +1264,29 @@ google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201102152239-715cce707fb0/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= +google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c h1:wtujag7C+4D6KMoulW9YauvK2lgdvCMS260jsqqBXr0= google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= +google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= +google.golang.org/grpc v1.22.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= +google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= @@ -1065,8 +1298,15 @@ google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.32.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= +google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= +google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= +google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= +google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= +google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= +google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.38.0 h1:/9BgsAsa5nWe26HqOlvlgJnqBuktYOLCgjCPqsa56W0= google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= +google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -1086,9 +1326,11 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= gopkg.in/cheggaaa/pb.v1 v1.0.28/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= +gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o= gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= @@ -1099,6 +1341,7 @@ gopkg.in/square/go-jose.v2 v2.5.1 h1:7odma5RETjNHWJnR32wx8t+Io4djHE1PqxCFx3iiZ2w gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= +gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= @@ -1130,6 +1373,8 @@ mvdan.cc/unparam v0.0.0-20190720180237-d51796306d8f/go.mod h1:4G1h5nDURzA3bwVMZI rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= +sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= software.sslmate.com/src/go-pkcs12 v0.0.0-20201103104416-57fc603b7f52/go.mod h1:/xvNRWUqm0+/ZMiF4EX00vrSCMsE4/NHb+Pt3freEeQ= +sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU= sourcegraph.com/sourcegraph/go-diff v0.5.0/go.mod h1:kuch7UrkMzY0X+p9CRK03kfuPQ2zzQcaEFbx8wA8rck= sourcegraph.com/sqs/pbtypes v0.0.0-20180604144634-d3ebe8f20ae4/go.mod h1:ketZ/q3QxT9HOBeFhu6RdvsftgpsbFHBF5Cas6cDKZ0= From c1cd192ee760cf4ad4e6ca6021ceb86f03576e1e Mon Sep 17 00:00:00 2001 From: Scott Mebberson Date: Fri, 20 Aug 2021 14:14:28 +0930 Subject: [PATCH 0443/1498] caddyhttp: Updated the documentation for MatchQuery (#4295) --- modules/caddyhttp/matchers.go | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index 1a49b3c0..b452d48e 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -82,7 +82,19 @@ type ( // MatchMethod matches requests by the method. MatchMethod []string - // MatchQuery matches requests by URI's query string. + // MatchQuery matches requests by the URI's query string. It takes a JSON object + // keyed by the query keys, with an array of string values to match for that key. + // Query key matches are exact, but wildcards may be used for value matches. Both + // keys and values may be placeholders. + // An example of the structure to match `?key=value&topic=api&query=something` is: + // + // ```json + // { + // "key": ["value"], + // "topic": ["api"], + // "query": ["*"] + // } + // ``` MatchQuery url.Values // MatchHeader matches requests by header fields. It performs fast, From e0a6a1efffd424b5ff0a2437a9b0a7066ac62803 Mon Sep 17 00:00:00 2001 From: Adam Weinberger Date: Fri, 20 Aug 2021 12:19:16 -0400 Subject: [PATCH 0444/1498] chore: Update quic-go for go 1.17 support (#4297) * Update quic-go for go 1.17 support * Complete quic-go update (go mod tidy) --- go.mod | 2 +- go.sum | 30 ++++++++++++++++++++---------- 2 files changed, 21 insertions(+), 11 deletions(-) diff --git a/go.mod b/go.mod index 69d771f6..75770ec0 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/google/uuid v1.2.0 github.com/klauspost/compress v1.13.1 github.com/klauspost/cpuid/v2 v2.0.6 - github.com/lucas-clemente/quic-go v0.21.1 + github.com/lucas-clemente/quic-go v0.23.0 github.com/mholt/acmez v0.1.3 github.com/naoina/go-stringutil v0.1.0 // indirect github.com/naoina/toml v0.1.1 diff --git a/go.sum b/go.sum index 3de91df3..340dd35c 100644 --- a/go.sum +++ b/go.sum @@ -250,6 +250,8 @@ github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LB github.com/go-stack/stack v1.6.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-stack/stack v1.8.0 h1:5SgMzNM5HxrEjV0ww2lTmX6E2Izsfxas4+YHWRs3Lsk= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= +github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I= +github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/go-toolsmith/astcast v1.0.0/go.mod h1:mt2OdQTeAQcY4DQgPSArJjHCcOwlX+Wl/kwN+LbLGQ4= github.com/go-toolsmith/astcopy v1.0.0/go.mod h1:vrgyG+5Bxrnz4MZWPF+pI4R8h3qKRjjyvV/DSez4WVQ= github.com/go-toolsmith/astequal v0.0.0-20180903214952-dcb477bfacd6/go.mod h1:H+xSiq0+LtiDC11+h1G32h7Of5O3CYFJ99GVbS5lDKY= @@ -496,8 +498,8 @@ github.com/libdns/libdns v0.2.1/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSO github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= -github.com/lucas-clemente/quic-go v0.21.1 h1:uuhCcu885TE9u/piPYMChI/yqA1lXfaLUEx8uCMxf8w= -github.com/lucas-clemente/quic-go v0.21.1/go.mod h1:U9kFi5LKbNIlU30dkuM9vxmTxWq4Bvzee/MjBI+07UA= +github.com/lucas-clemente/quic-go v0.23.0 h1:5vFnKtZ6nHDFsc/F3uuiF4T3y/AXaQdxjUqiVw26GZE= +github.com/lucas-clemente/quic-go v0.23.0/go.mod h1:paZuzjXCE5mj6sikVLMvqXk8lJV2AsqtJ6bDhjEfxx0= github.com/lunixbochs/vtclean v0.0.0-20180621232353-2d01aacdc34a/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/lunixbochs/vtclean v1.0.0 h1:xu2sLAri4lGiovBDQKxl5mrXyESr3gUr5m5SM5+LVb8= github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= @@ -510,12 +512,11 @@ github.com/manifoldco/promptui v0.8.0 h1:R95mMF+McvXZQ7j1g8ucVZE1gLP3Sv6j9vlF9ky github.com/manifoldco/promptui v0.8.0/go.mod h1:n4zTdgP0vr0S3w7/O/g98U+e0gwLScEXGwov2nIKuGQ= github.com/marten-seemann/qpack v0.2.1 h1:jvTsT/HpCn2UZJdP+UUB53FfUUgeOyG5K1ns0OJOGVs= github.com/marten-seemann/qpack v0.2.1/go.mod h1:F7Gl5L1jIgN1D11ucXefiuJS9UMVP2opoCp2jDKb7wc= -github.com/marten-seemann/qtls-go1-15 v0.1.4 h1:RehYMOyRW8hPVEja1KBVsFVNSm35Jj9Mvs5yNoZZ28A= github.com/marten-seemann/qtls-go1-15 v0.1.4/go.mod h1:GyFwywLKkRt+6mfU99csTEY1joMZz5vmB1WNZH3P81I= -github.com/marten-seemann/qtls-go1-16 v0.1.3 h1:XEZ1xGorVy9u+lJq+WXNE+hiqRYLNvJGYmwfwKQN2gU= -github.com/marten-seemann/qtls-go1-16 v0.1.3/go.mod h1:gNpI2Ol+lRS3WwSOtIUUtRwZEQMXjYK+dQSBFbethAk= -github.com/marten-seemann/qtls-go1-17 v0.1.0-beta.1.2 h1:SficYjyOthSrliKI+EaFuXS6HqSsX3dkY9AqxAAjBjw= -github.com/marten-seemann/qtls-go1-17 v0.1.0-beta.1.2/go.mod h1:fz4HIxByo+LlWcreM4CZOYNuz3taBQ8rN2X6FqvaWo8= +github.com/marten-seemann/qtls-go1-16 v0.1.4 h1:xbHbOGGhrenVtII6Co8akhLEdrawwB2iHl5yhJRpnco= +github.com/marten-seemann/qtls-go1-16 v0.1.4/go.mod h1:gNpI2Ol+lRS3WwSOtIUUtRwZEQMXjYK+dQSBFbethAk= +github.com/marten-seemann/qtls-go1-17 v0.1.0 h1:P9ggrs5xtwiqXv/FHNwntmuLMNq3KaSIG93AtAZ48xk= +github.com/marten-seemann/qtls-go1-17 v0.1.0/go.mod h1:fz4HIxByo+LlWcreM4CZOYNuz3taBQ8rN2X6FqvaWo8= github.com/matoous/godox v0.0.0-20190911065817-5d6d842e92eb/go.mod h1:1BELzlh859Sh1c6+90blK8lbYy0kwQf1bYlBhBysy1s= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= @@ -589,8 +590,9 @@ github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJE github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM= github.com/newrelic/go-agent v2.15.0+incompatible/go.mod h1:a8Fv1b/fYhFSReoTU6HDkTYIMZeSVNffmoS726Y0LzQ= github.com/ngdinhtoan/glide-cleanup v0.2.0/go.mod h1:UQzsmiDOb8YV3nOsCxK/c9zPpCZVNoHScRE3EO9pVMM= -github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= +github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= +github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtbWGs= github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= @@ -601,15 +603,18 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= -github.com/onsi/ginkgo v1.14.0 h1:2mOpI4JVVPBN+WQRa0WKH2eXR+Ey+uK4n7Zj0aYpIQA= github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= +github.com/onsi/ginkgo v1.16.2/go.mod h1:CObGmKUOKaSC0RjmoAK7tKyn4Azo5P2IWuoMnvwxz1E= +github.com/onsi/ginkgo v1.16.4 h1:29JGrr5oVBm5ulCWet69zQkzWipVXIol6ygQUe/EzNc= +github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.4.2/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.8.1/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA= -github.com/onsi/gomega v1.10.1 h1:o0+MgICZLuZ7xjH7Vx6zS/zcu93/BEp1VwkIW1mEXCE= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= +github.com/onsi/gomega v1.13.0 h1:7lLHu94wT9Ij0o6EWWclhu0aOh32VxhkwEJvzuWPeak= +github.com/onsi/gomega v1.13.0/go.mod h1:lRk9szgn8TxENtWd0Tp4c3wjlRfMTMH27I+3Je41yGY= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis= github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74= @@ -933,6 +938,7 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.4.2 h1:Gz96sIWK3OalVv/I/qNygP42zyoKp3xptRVCWRFEBvo= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20170726083632-f5079bd7f6f7/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20170915142106-8351a756f30f/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -987,6 +993,7 @@ golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= +golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5 h1:wjuX4b5yYQnEQHzd+CBcrcC6OVR2J1CN6mUy0oSxIPo= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= @@ -1079,6 +1086,7 @@ golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1177,9 +1185,11 @@ golang.org/x/tools v0.0.0-20201017001424-6003fad69a88/go.mod h1:z6u4i615ZeAfBE4X golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.2 h1:kRBLX7v7Af8W7Gdbbc908OJcdgtK8bOz9Uaj8/F1ACA= golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From ce5a45db458166ff71cb776d70fd63e28196aafa Mon Sep 17 00:00:00 2001 From: Pascal Zarrad Date: Fri, 20 Aug 2021 23:51:31 +0200 Subject: [PATCH 0445/1498] cmd: Fix paths when using an env file (#4296) * core: Fix paths when using an env file * refactor: move path logic to loadFromEnv --- cmd/main.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cmd/main.go b/cmd/main.go index 14408fa6..deac87fe 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -361,6 +361,11 @@ func loadEnvFromFile(envFile string) error { } } + // Update the storage paths to ensure they have the proper + // value after loading a specified env file. + caddy.ConfigAutosavePath = filepath.Join(caddy.AppConfigDir(), "autosave.json") + caddy.DefaultStorage = &certmagic.FileStorage{Path: caddy.AppDataDir()} + return nil } From d74913f871414ddac9a3884fc6aef4492ee4f65f Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 23 Aug 2021 13:26:07 -0400 Subject: [PATCH 0446/1498] caddyfile: Error on invalid site addresses containing comma (#4302) Some users forget to use a comma between their site addresses. This is invalid (commas aren't a valid character in domains) and later parts of the code like certificate automation will try to use this otherwise, which doesn't make sense. Best to error as early as possible. Example thread on the forums where this happened: https://caddy.community/t/simplify-caddyfile/13281/9 --- caddyconfig/caddyfile/parse.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/caddyconfig/caddyfile/parse.go b/caddyconfig/caddyfile/parse.go index d8707658..5906bdd9 100755 --- a/caddyconfig/caddyfile/parse.go +++ b/caddyconfig/caddyfile/parse.go @@ -229,6 +229,13 @@ func (p *parser) addresses() error { expectingAnother = false // but we may still see another one on this line } + // If there's a comma here, it's probably because they didn't use a space + // between their two domains, e.g. "foo.com,bar.com", which would not be + // parsed as two separate site addresses. + if strings.Contains(tkn, ",") { + return p.Errf("Site addresses cannot contain a comma ',': '%s' - put a space after the comma to separate site addresses", tkn) + } + p.block.Keys = append(p.block.Keys, tkn) } From 51f125bd44be41d6220f0c134b6a402a85f80ad6 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 23 Aug 2021 13:53:27 -0400 Subject: [PATCH 0447/1498] caddyfile: Better error message for missing site block braces (#4301) Some new users mistakenly try to define two sites without braces around each. Doing this can yield a confusing error message saying that their site address is an "unknown directive". We can do better by keeping track of whether the current site block was parsed with or without a brace, then changing the error message later based on that. For example, now this invalid config: ``` foo.example.com respond "foo" bar.example.com respond "bar" ``` Will yield this error message: ``` $ caddy adapt 2021/08/22 19:21:31.028 INFO using adjacent Caddyfile adapt: Caddyfile:4: unrecognized directive: bar.example.com Did you mean to define a second site? If so, you must use curly braces around each site to separate their configurations. ``` --- caddyconfig/caddyfile/parse.go | 11 +++++++++-- caddyconfig/httpcaddyfile/httptype.go | 6 +++++- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/caddyconfig/caddyfile/parse.go b/caddyconfig/caddyfile/parse.go index 5906bdd9..c0f60794 100755 --- a/caddyconfig/caddyfile/parse.go +++ b/caddyconfig/caddyfile/parse.go @@ -211,6 +211,12 @@ func (p *parser) addresses() error { if expectingAnother { return p.Errf("Expected another address but had '%s' - check for extra comma", tkn) } + // Mark this server block as being defined with braces. + // This is used to provide a better error message when + // the user may have tried to define two server blocks + // without having used braces, which are required in + // that case. + p.block.HasBraces = true break } @@ -571,8 +577,9 @@ func (p *parser) snippetTokens() ([]Token, error) { // head of the server block with tokens, which are // grouped by segments. type ServerBlock struct { - Keys []string - Segments []Segment + HasBraces bool + Keys []string + Segments []Segment } // DispenseDirective returns a dispenser that contains diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index ff52dbf9..e5dafe6a 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -170,7 +170,11 @@ func (st ServerType) Setup(inputServerBlocks []caddyfile.ServerBlock, dirFunc, ok := registeredDirectives[dir] if !ok { tkn := segment[0] - return nil, warnings, fmt.Errorf("%s:%d: unrecognized directive: %s", tkn.File, tkn.Line, dir) + message := "%s:%d: unrecognized directive: %s" + if !sb.block.HasBraces { + message += "\nDid you mean to define a second site? If so, you must use curly braces around each site to separate their configurations." + } + return nil, warnings, fmt.Errorf(message, tkn.File, tkn.Line, dir) } h := Helper{ From f70a7578faa1ab9169bc05a121911bf33d7d3da3 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 23 Aug 2021 13:54:28 -0400 Subject: [PATCH 0448/1498] reverseproxy: Remove redundant flushing (#4299) From reading through the code, I think this code path is now obsoleted by the changes made in https://github.com/caddyserver/caddy/pull/4266. Basically, `h.flushInterval()` will set the flush interval to `-1` if we're in a bi-directional stream, and the recent PR ensured that `h.copyResponse()` properly flushes headers immediately when the flush interval is non-zero. So now there should be no need to call Flush before calling `h.copyResponse()`. --- modules/caddyhttp/reverseproxy/reverseproxy.go | 9 --------- 1 file changed, 9 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 633cc657..671ea044 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -691,15 +691,6 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, repl * } rw.WriteHeader(res.StatusCode) - - // some apps need the response headers before starting to stream content with http2, - // so it's important to explicitly flush the headers to the client before streaming the data. - // (see https://github.com/caddyserver/caddy/issues/3556 for use case and nuances) - if h.isBidirectionalStream(req, res) { - if wf, ok := rw.(http.Flusher); ok { - wf.Flush() - } - } err = h.copyResponse(rw, res.Body, h.flushInterval(req, res)) res.Body.Close() // close now, instead of defer, to populate res.Trailer if err != nil { From bfbc459c0afcb62bd73eb78472406ace1519790c Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 18 Aug 2021 15:32:35 -0600 Subject: [PATCH 0449/1498] httpcaddyfile: Improve unrecognized directive errors --- caddyconfig/httpcaddyfile/directives.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/caddyconfig/httpcaddyfile/directives.go b/caddyconfig/httpcaddyfile/directives.go index 75fd473d..800e8929 100644 --- a/caddyconfig/httpcaddyfile/directives.go +++ b/caddyconfig/httpcaddyfile/directives.go @@ -329,7 +329,7 @@ func parseSegmentAsConfig(h Helper) ([]ConfigValue, error) { dir := seg.Directive() dirFunc, ok := registeredDirectives[dir] if !ok { - return nil, h.Errf("unrecognized directive: %s", dir) + return nil, h.Errf("unrecognized directive: %s - are you sure your Caddyfile structure (nesting and braces) is correct?", dir) } subHelper := h From 19a55d6aebc27a24d8d7511f56a340f576a0526b Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Wed, 25 Aug 2021 20:30:24 +0300 Subject: [PATCH 0450/1498] chore: promote creating 'caddy-build' to the release action (#4306) The commit goreleaser/goreleaser@013bd69126459125694d7cb2c434dd9ba63e5a5b of GoReleaser is now checking the `go version` prior to executing any of the pre-hooks, which involves setting the current dir of the command to the `build.dir` of the build config. At the time of version check, the buil dir does not exist. It's created in the pre-hook. As a workaround, the build-dir is now created in the Github Action prior to executing goreleaser action. --- .github/workflows/ci.yml | 4 ++++ .github/workflows/release.yml | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 44461258..8d15586d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -156,6 +156,10 @@ jobs: steps: - name: checkout uses: actions/checkout@v2 + + - name: Create 'caddy-build' + run: mkdir -p caddy-build + - uses: goreleaser/goreleaser-action@v2 with: version: latest diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 834d3034..0145b684 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -88,6 +88,10 @@ jobs: restore-keys: | ${{ runner.os }}-go${{ matrix.go }}-release + - name: Create the 'caddy-build' dir for GoReleaser + run: | + mkdir -p caddy-build + # GoReleaser will take care of publishing those artifacts into the release - name: Run GoReleaser uses: goreleaser/goreleaser-action@v2 From f6d5ec2fd68c2b9ae3104c0e2650b37f07a552e1 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 25 Aug 2021 14:16:55 -0400 Subject: [PATCH 0451/1498] chore: Upgrade smallstep libs (#4307) See https://github.com/smallstep/nosql/issues/12 for context. --- go.mod | 16 +- go.sum | 539 +++++++++++++++++++++++++++++++++++++-------------------- 2 files changed, 362 insertions(+), 193 deletions(-) diff --git a/go.mod b/go.mod index 75770ec0..d869e3a5 100644 --- a/go.mod +++ b/go.mod @@ -17,19 +17,19 @@ require ( github.com/mholt/acmez v0.1.3 github.com/naoina/go-stringutil v0.1.0 // indirect github.com/naoina/toml v0.1.1 - github.com/prometheus/client_golang v1.10.1-0.20210603120351-253906201bda - github.com/smallstep/certificates v0.16.1 - github.com/smallstep/cli v0.15.16 - github.com/smallstep/nosql v0.3.7 + github.com/prometheus/client_golang v1.11.0 + github.com/smallstep/certificates v0.16.4 + github.com/smallstep/cli v0.16.1 + github.com/smallstep/nosql v0.3.8 github.com/smallstep/truststore v0.9.6 github.com/yuin/goldmark v1.3.8 github.com/yuin/goldmark-highlighting v0.0.0-20210516132338-9216f9c5aa01 go.uber.org/zap v1.17.0 - golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a - golang.org/x/net v0.0.0-20210525063256-abc453219eb5 + golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e + golang.org/x/net v0.0.0-20210614182718-04defd469f4e golang.org/x/term v0.0.0-20210503060354-a79de5458b56 - google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c - google.golang.org/protobuf v1.26.0 + google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08 + google.golang.org/protobuf v1.27.1 gopkg.in/natefinch/lumberjack.v2 v2.0.0 gopkg.in/yaml.v2 v2.4.0 ) diff --git a/go.sum b/go.sum index 340dd35c..77a72138 100644 --- a/go.sum +++ b/go.sum @@ -1,10 +1,14 @@ +bazil.org/fuse v0.0.0-20180421153158-65cc252bf669/go.mod h1:Xbm+BRKSBEpa4q4hTSxohYNQpsxXPbPry4JJWOB3LB8= +bitbucket.org/creachadair/shell v0.0.6/go.mod h1:8Qqi/cYk7vPnsOePHroKXDJYmb5x7ENhtiFtfZq8K+M= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.31.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.37.0/go.mod h1:TS1dMSSfndXH133OKGwekG838Om/cQT0BUHV3HcBgoo= cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= +cloud.google.com/go v0.39.0/go.mod h1:rVLT6fkc8chs9sfPtFc1SBH6em7n+ZoXaG+87tDISts= cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= +cloud.google.com/go v0.44.3/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= @@ -15,9 +19,9 @@ cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKV cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= -cloud.google.com/go v0.70.0/go.mod h1:/UTKYRQTWjVnSe7nGvoSzxEFUELzSI/yAYd0JQT6cRo= cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI= cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= +cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY= cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= @@ -31,16 +35,26 @@ cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4g cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= +cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= +cloud.google.com/go/spanner v1.17.0/go.mod h1:+17t2ixFwRG4lWRwE+5kipDR9Ef07Jkmc8z0IbMDKUs= +cloud.google.com/go/spanner v1.18.0/go.mod h1:LvAjUXPeJRGNuGpikMULjhLj/t9cRvdc+fxRoLiugXA= +cloud.google.com/go/spanner v1.20.0/go.mod h1:ajR/W06cMHQu7nqQ4irRGplPNoWgejGJlEhlB8xBTKk= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= +code.gitea.io/sdk/gitea v0.11.3/go.mod h1:z3uwDV/b9Ls47NGukYM9XhnHtqPh/J+t40lsUrR6JDY= +contrib.go.opencensus.io/exporter/aws v0.0.0-20181029163544-2befc13012d0/go.mod h1:uu1P0UCM/6RbsMrgPa98ll8ZcHM858i/AD06a9aLRCA= +contrib.go.opencensus.io/exporter/ocagent v0.5.0/go.mod h1:ImxhfLRpxoYiSq891pBrLVhN+qmP8BTVvdH2YLs7Gl0= contrib.go.opencensus.io/exporter/stackdriver v0.12.1/go.mod h1:iwB6wGarfphGGe/e5CWqyUk/cLzKnWsOKPVW3no6OTw= +contrib.go.opencensus.io/exporter/stackdriver v0.13.5/go.mod h1:aXENhDJ1Y4lIg4EUaVTwzvYETVNZk10Pu26tevFKLUc= +contrib.go.opencensus.io/exporter/stackdriver v0.13.7/go.mod h1:huNtlWx75MwO7qMs0KrMxPZXzNNWebav1Sq/pm02JdQ= +contrib.go.opencensus.io/integrations/ocsql v0.1.4/go.mod h1:8DsSdjz3F+APR+0z0WkU1aRorQCFfRxvqjUUPMbF3fE= contrib.go.opencensus.io/resource v0.1.1/go.mod h1:F361eGI91LCmW1I/Saf+rX0+OFcigGlFvXwEGEnkRLA= dmitri.shuralyov.com/app/changes v0.0.0-20180602232624-0a106ad413e3/go.mod h1:Yl+fi1br7+Rr3LqpNJf1/uxUdtRUV+Tnj0o93V2B9MU= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= @@ -50,22 +64,35 @@ dmitri.shuralyov.com/state v0.0.0-20180228185332-28bcc343414c/go.mod h1:0PRwlb0D git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg= github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96 h1:cTp8I5+VIoKjsnZuH8vjyaysT/ses3EvZeaV/1UkF2M= github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96/go.mod h1:bOvUY6CB00SOBii9/FifXqc0awNKxLFCL/+pkDPuyl8= +github.com/Azure/azure-amqp-common-go/v2 v2.1.0/go.mod h1:R8rea+gJRuJR6QxTir/XuEd+YuKoUiazDC/N96FiDEU= +github.com/Azure/azure-pipeline-go v0.2.1/go.mod h1:UGSo8XybXnIGZ3epmeBw7Jdz+HiUVpqIlpz/HKHylF4= +github.com/Azure/azure-sdk-for-go v29.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= +github.com/Azure/azure-sdk-for-go v30.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= +github.com/Azure/azure-service-bus-go v0.9.1/go.mod h1:yzBx6/BUGfjfeqbRZny9AQIbIe3AcV9WZbAdpkoXOa0= +github.com/Azure/azure-storage-blob-go v0.8.0/go.mod h1:lPI3aLPpuLTeUwh1sViKXFxwl2B6teiRqI0deQUvsw0= +github.com/Azure/go-autorest v12.0.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DataDog/zstd v1.4.1/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo= github.com/DataDog/zstd v1.4.5 h1:EndNeuB0l9syBZhut0wns3gV1hL8zX8LIu6ZiVHWLIQ= github.com/DataDog/zstd v1.4.5/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo= +github.com/GoogleCloudPlatform/cloudsql-proxy v0.0.0-20191009163259-e802c2cb94ae/go.mod h1:mjwGPas4yKduTyubHvD1Atl9r1rUq8DfVy+gkVvZ+oo= github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= github.com/Masterminds/glide v0.13.2/go.mod h1:STyF5vcenH/rUqTEv+/hBXlSTo7KYwg2oc2f4tzPWic= github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= -github.com/Masterminds/semver v1.4.2 h1:WBLTQ37jOCzSLtXNdoo8bNM8876KhNqOKvrlGITgsTc= github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= +github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww= +github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= +github.com/Masterminds/semver/v3 v3.0.3/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= github.com/Masterminds/semver/v3 v3.1.0/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc= github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= +github.com/Masterminds/sprig v2.15.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= +github.com/Masterminds/sprig v2.22.0+incompatible h1:z4yfnGrZ7netVz+0EDJ0Wi+5VZCSYp4Z0m2dk6cEM60= +github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= github.com/Masterminds/sprig/v3 v3.1.0/go.mod h1:ONGMf7UfYGAbMXCZmQLy8x3lCDIPrEZE/rU8pmrbihA= github.com/Masterminds/sprig/v3 v3.2.2 h1:17jRggJu518dr3QaafizSXOjKYp94wKfABxUmyxvxX8= github.com/Masterminds/sprig/v3 v3.2.2/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk= @@ -73,15 +100,13 @@ github.com/Masterminds/vcs v1.13.0/go.mod h1:N09YCmOQr6RLxC6UNHzuVwAdodYbbnycGHS github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA= github.com/OneOfOne/xxhash v1.2.2 h1:KMrpdQIwFcEqXDklaen+P1axHaj9BSKzvpUUfnHldSE= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= -github.com/OpenPeeDeeP/depguard v1.0.0/go.mod h1:7/4sitnI9YlQgTLLk734QlzXT8DuHVnAyztLplQjk+o= -github.com/OpenPeeDeeP/depguard v1.0.1/go.mod h1:xsIw86fROiiwelg+jB2uM9PiKihMMmUx/1V+TNhjQvM= github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= -github.com/StackExchange/wmi v0.0.0-20180116203802-5d049714c4a6/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg= github.com/ThalesIgnite/crypto11 v1.2.4/go.mod h1:ILDKtnCKiQ7zRoNxcp36Y1ZR8LBPmR2E23+wTQe/MlE= github.com/ThomasRooney/gexpect v0.0.0-20161231170123-5482f0350944/go.mod h1:sPML5WwI6oxLRLPuuqbtoOKhtmpVDCYtwsps+I+vjIY= github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g= github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= +github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7/go.mod h1:6zEj6s6u/ghQa61ZWa/C2Aw3RkjiTBOix7dkqa1VLIs= github.com/alecthomas/assert v0.0.0-20170929043011-405dbfeb8e38 h1:smF2tmSOzy2Mm+0dGI2AIUHY+w0BUc+4tn40djz7+6U= github.com/alecthomas/assert v0.0.0-20170929043011-405dbfeb8e38/go.mod h1:r7bzyVFMNntcxPZXK3/+KdruV1H5KSlyVY0gc+NgInI= github.com/alecthomas/chroma v0.7.2-0.20200305040604-4f3623dce67a/go.mod h1:fv5SzZPFJbwp2NXJWpFIX7DZS4HgV1K4ew4Pc2OZD9s= @@ -89,6 +114,7 @@ github.com/alecthomas/chroma v0.9.2 h1:yU1sE2+TZbLIQPMk30SolL2Hn53SR/Pv750f7qZ/X github.com/alecthomas/chroma v0.9.2/go.mod h1:eMuEnpA18XbG/WhOWtCzJHS7WqEtDAI+HxdwoW0nVSk= github.com/alecthomas/colour v0.0.0-20160524082231-60882d9e2721 h1:JHZL0hZKJ1VENNfmXvHbgYlbUOvpzYzvy2aZU5gXVeo= github.com/alecthomas/colour v0.0.0-20160524082231-60882d9e2721/go.mod h1:QO9JBoKquHd+jz9nshCh40fOfO+JzsoXy8qTHF68zU0= +github.com/alecthomas/kingpin v2.2.6+incompatible/go.mod h1:59OFYbFVLKQKq+mqrL6Rw5bR0c3ACQaawgXx0QYndlE= github.com/alecthomas/kong v0.2.1-0.20190708041108-0548c6b1afae/go.mod h1:+inYUSluD+p4L8KdviBSgzcqEjUQOfC5fQDRFuc36lI= github.com/alecthomas/kong v0.2.4/go.mod h1:kQOmtJgV+Lb4aj+I2LEn40cbtawdWJ9Y8QLq+lElKxE= github.com/alecthomas/repr v0.0.0-20180818092828-117648cd9897 h1:p9Sln00KOTlrYkxI1zYWl1QLnEqAqEARBEYa8FQnQcY= @@ -99,40 +125,64 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= +github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/antlr/antlr4 v0.0.0-20200503195918-621b933c7a7f h1:0cEys61Sr2hUBEXfNV8eyQP01oZuBgoMeHunebPirK8= github.com/antlr/antlr4 v0.0.0-20200503195918-621b933c7a7f/go.mod h1:T7PbCXFs94rrTttyxjbyT5+/1V8T2TYDejxUfHJjw1Y= +github.com/aokoli/goutils v1.0.1/go.mod h1:SijmP0QR8LtwsmDs8Yii5Z/S4trXFGFC2oO5g9DP+DQ= +github.com/apache/beam v2.28.0+incompatible/go.mod h1:/8NX3Qi8vGstDLLaeaU7+lzVEu/ACaQhYjeefzQ0y1o= +github.com/apache/beam v2.30.0+incompatible/go.mod h1:/8NX3Qi8vGstDLLaeaU7+lzVEu/ACaQhYjeefzQ0y1o= github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= +github.com/apex/log v1.1.4/go.mod h1:AlpoD9aScyQfJDVHmLMEcx4oU6LqzkWp4Mg9GdAcEvQ= +github.com/apex/logs v0.0.4/go.mod h1:XzxuLZ5myVHDy9SAmYpamKKRNApGj54PfYLcFrXqDwo= +github.com/aphistic/golf v0.0.0-20180712155816-02c07f170c5a/go.mod h1:3NqKYiepwy8kCu4PNA+aP7WUV72eXWJeP9/r3/K9aLE= +github.com/aphistic/sweet v0.2.0/go.mod h1:fWDlIh/isSE9n6EPsRmC0det+whmX6dJid3stzu0Xys= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= +github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A= github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b h1:uUXgbcPDK3KpW29o4iy7GtuappbWT0l5NaMo9H9pJDw= github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A= github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU= +github.com/aws/aws-sdk-go v1.15.27/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0= github.com/aws/aws-sdk-go v1.19.18/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= +github.com/aws/aws-sdk-go v1.19.45/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= +github.com/aws/aws-sdk-go v1.20.6/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= +github.com/aws/aws-sdk-go v1.23.20/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= +github.com/aws/aws-sdk-go v1.25.11/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.30.29 h1:NXNqBS9hjOCpDL8SyCyl38gZX3LLLunKOJc5E7vJ8P0= github.com/aws/aws-sdk-go v1.30.29/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= +github.com/aws/aws-sdk-go v1.37.0 h1:GzFnhOIsrGyQ69s7VgqtrG2BG8v7X7vwB3Xpbd/DBBk= +github.com/aws/aws-sdk-go v1.37.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= +github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59/go.mod h1:q/89r3U2H7sSsE2t6Kca0lfwTK8JdoNGS/yzM/4iH5I= +github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= +github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84= +github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb/go.mod h1:PkYb9DJNAwrSvRx5DYA+gUcOIgTGVMNkfSCbZM8cWpI= github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps= -github.com/bombsimon/wsl/v2 v2.0.0/go.mod h1:mf25kr/SqFEPhhcxW1+7pxzGlW+hIl/hYTKY95VwV8U= -github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= +github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= +github.com/caarlos0/ctrlc v1.0.0/go.mod h1:CdXpj4rmq0q/1Eb44M9zi2nKB0QraNKuRGYGrrHhcQw= github.com/caddyserver/certmagic v0.14.0 h1:XW1o32s7smIYEJSc6g+N8YXljpjRo5ZE2zi3CIYTs74= github.com/caddyserver/certmagic v0.14.0/go.mod h1:oRQOZmUVKwlpgNidslysHt05osM9uMrJ4YMk+Ot4P4Q= +github.com/campoy/unique v0.0.0-20180121183637-88950e537e7e/go.mod h1:9IOqJGCPMSc6E5ydlp5NIonxObaeu/Iub/X03EKPVYo= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= +github.com/cavaliercoder/go-cpio v0.0.0-20180626203310-925f9528c45e/go.mod h1:oDpT4efm8tSYHXV5tHSdRvBet/b/QzxZ+XyyPehvm3A= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= +github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= +github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= +github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY= @@ -151,6 +201,9 @@ github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGX github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= +github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo= +github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA= +github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI= github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI= github.com/codegangsta/cli v1.20.0/go.mod h1:/qJNoX69yVSKu5o4jLyXAENLRyk1uhi7zkbQ3slBdOA= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= @@ -162,6 +215,8 @@ github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3Ee github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20181012123002-c6f51f82210d/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= +github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= +github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/corpix/uarand v0.1.1/go.mod h1:SFKZvkcRoLqVRFZ4u25xPmp6m9ktANfbpXZ7SJ0/FNU= @@ -171,16 +226,20 @@ github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:ma github.com/cpuguy83/go-md2man/v2 v2.0.0 h1:EoUDS0afbrsXAZ9YQ9jdu/mZ2sXgT1/2yyNng4PGlyM= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/danwakefield/fnmatch v0.0.0-20160403171240-cbb64ac3d964 h1:y5HC9v93H5EPKqaS1UYVg1uYah5Xf51mBfIoWehClUQ= github.com/danwakefield/fnmatch v0.0.0-20160403171240-cbb64ac3d964/go.mod h1:Xd9hchkHSWYkEqJwUGisez3G1QY8Ryz0sdWrLPMGjLk= +github.com/davecgh/go-spew v0.0.0-20161028175848-04cdfd42973b/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/devigned/tab v0.1.1/go.mod h1:XG9mPq0dFghrYvoBF3xdRrJzSTX1b7IQrvaL9mzjeJY= github.com/dgraph-io/badger v1.6.2 h1:mNw0qs90GVgGGWylh0umH5iag1j6n/PeJtNvL6KY/x8= github.com/dgraph-io/badger v1.6.2/go.mod h1:JW2yswe3V058sS0kZ2h/AXeDSqFjxnZcRrVH//y2UQE= github.com/dgraph-io/badger/v2 v2.0.1-rc1.0.20201003150343-5d1bab4fc658/go.mod h1:2uGEvGm+JSDLd5UAaKIFSbXDcYyeH0fWJP4N2HMMYMI= -github.com/dgraph-io/badger/v2 v2.2007.3 h1:Sl9tQWz92WCbVSe8pj04Tkqlm2boW+KAxd+XSs58SQI= -github.com/dgraph-io/badger/v2 v2.2007.3/go.mod h1:26P/7fbL4kUZVEVKLAKXkBXKOydDmM2p1e+NhhnBCAE= +github.com/dgraph-io/badger/v2 v2.2007.4 h1:TRWBQg8UrlUhaFdco01nO2uXwzKS7zd+HVdwV/GHc4o= +github.com/dgraph-io/badger/v2 v2.2007.4/go.mod h1:vSw/ax2qojzbN6eXHIx6KPKtCSHJN/Uz0X0VPruTIhk= github.com/dgraph-io/ristretto v0.0.2/go.mod h1:KPxhHT9ZxKefz+PCeOGsrHpl1qZ7i70dGTu2u+Ahh6E= github.com/dgraph-io/ristretto v0.0.3-0.20200630154024-f66de99634de/go.mod h1:KPxhHT9ZxKefz+PCeOGsrHpl1qZ7i70dGTu2u+Ahh6E= github.com/dgraph-io/ristretto v0.0.4-0.20200906165740-41ebdbffecfd h1:KoJOtZf+6wpQaDTuOWGuo61GxcPBIfhwRxRTaTWGCTc= @@ -190,6 +249,7 @@ github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUn github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13 h1:fAjc9m62+UWV/WAFKLNi6ZS0675eEUC9y3AlwSbQu1Y= github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= +github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8= github.com/dlclark/regexp2 v1.1.6/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc= github.com/dlclark/regexp2 v1.2.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc= github.com/dlclark/regexp2 v1.4.0 h1:F1rxgk7p4uKjwIQxBs9oAXe5CqrXlCduYEJvrF4u93E= @@ -202,6 +262,7 @@ github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5m github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M= +github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o= github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4safvEdbitLhGGK48rN6g= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= @@ -210,76 +271,75 @@ github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5y github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/fatih/color v1.6.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= +github.com/envoyproxy/protoc-gen-validate v0.3.0-java/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= +github.com/etcd-io/gofail v0.0.0-20190801230047-ad7f989257ca/go.mod h1:49H/RkXP8pKaZy4h0d+NW16rSLhyVBt4o6VLJbmOqDE= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= +github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= +github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= +github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= +github.com/fortytw2/leaktest v1.2.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= +github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiDsoyrBGkyDY= github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= +github.com/fullstorydev/grpcurl v1.8.0/go.mod h1:Mn2jWbdMrQGJQ8UD62uNyMumT2acsZUCkZIqFxsQf1o= +github.com/fullstorydev/grpcurl v1.8.1/go.mod h1:3BWhvHZwNO7iLXaQlojdg5NA6SxUDePli4ecpK1N7gw= +github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= +github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= github.com/go-chi/chi v4.0.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= github.com/go-chi/chi v4.1.2+incompatible h1:fGFk2Gmi/YKXk0OmGfBh0WgmN3XB8lVnEyNz34tQRec= github.com/go-chi/chi v4.1.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= -github.com/go-critic/go-critic v0.3.5-0.20190526074819-1df300866540/go.mod h1:+sE8vrLDS2M0pZkBk0wy6+nLdKexVDrl/jBqQOTDThA= -github.com/go-critic/go-critic v0.4.1/go.mod h1:7/14rZGnZbY6E38VEGk2kVhoq6itzc1E68facVDK23g= github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= +github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= github.com/go-kit/kit v0.4.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.10.0 h1:dXFJfIHVvUcpSgDOV+Ne6t7jXri8Tfv2uOLHUZ2XNuo= github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= -github.com/go-lintpack/lintpack v0.5.2/go.mod h1:NwZuYi2nUHho8XEIZ6SIxihrnPoqBTDqfpXvXAN0sXM= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logfmt/logfmt v0.5.0 h1:TrB8swr/68K7m9CcGut2g3UOihhbcbiMAYiuTXdEih4= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= -github.com/go-ole/go-ole v1.2.1/go.mod h1:7FAglXiTm7HKlQRDeOQ6ZNUHidzCWXuZWq/1dTyBNF8= github.com/go-piv/piv-go v1.7.0/go.mod h1:ON2WvQncm7dIkCQ7kYJs+nc3V4jHGfrrJnSF8HKy7Gk= +github.com/go-redis/redis v6.15.9+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA= github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= -github.com/go-sql-driver/mysql v1.5.0 h1:ozyZYNQW3x3HtqT1jira07DN2PArx2v7/mN66gGcHOs= github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= +github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE= +github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-stack/stack v1.6.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-stack/stack v1.8.0 h1:5SgMzNM5HxrEjV0ww2lTmX6E2Izsfxas4+YHWRs3Lsk= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= -github.com/go-toolsmith/astcast v1.0.0/go.mod h1:mt2OdQTeAQcY4DQgPSArJjHCcOwlX+Wl/kwN+LbLGQ4= -github.com/go-toolsmith/astcopy v1.0.0/go.mod h1:vrgyG+5Bxrnz4MZWPF+pI4R8h3qKRjjyvV/DSez4WVQ= -github.com/go-toolsmith/astequal v0.0.0-20180903214952-dcb477bfacd6/go.mod h1:H+xSiq0+LtiDC11+h1G32h7Of5O3CYFJ99GVbS5lDKY= -github.com/go-toolsmith/astequal v1.0.0/go.mod h1:H+xSiq0+LtiDC11+h1G32h7Of5O3CYFJ99GVbS5lDKY= -github.com/go-toolsmith/astfmt v0.0.0-20180903215011-8f8ee99c3086/go.mod h1:mP93XdblcopXwlyN4X4uodxXQhldPGZbcEJIimQHrkg= -github.com/go-toolsmith/astfmt v1.0.0/go.mod h1:cnWmsOAuq4jJY6Ct5YWlVLmcmLMn1JUPuQIHCY7CJDw= -github.com/go-toolsmith/astinfo v0.0.0-20180906194353-9809ff7efb21/go.mod h1:dDStQCHtmZpYOmjRP/8gHHnCCch3Zz3oEgCdZVdtweU= -github.com/go-toolsmith/astp v0.0.0-20180903215135-0af7e3c24f30/go.mod h1:SV2ur98SGypH1UjcPpCatrV5hPazG6+IfNHbkDXBRrk= -github.com/go-toolsmith/astp v1.0.0/go.mod h1:RSyrtpVlfTFGDYRbrjyWP1pYu//tSFcvdYrA8meBmLI= -github.com/go-toolsmith/pkgload v0.0.0-20181119091011-e9e65178eee8/go.mod h1:WoMrjiy4zvdS+Bg6z9jZH82QXwkcgCBX6nOfnmdaHks= -github.com/go-toolsmith/pkgload v1.0.0/go.mod h1:5eFArkbO80v7Z0kdngIxsRXRMTaX4Ilcwuh3clNrQJc= -github.com/go-toolsmith/strparse v1.0.0/go.mod h1:YI2nUKP9YGZnL/L1/DLFBfixrcjslWct4wyljWhSRy8= -github.com/go-toolsmith/typep v1.0.0/go.mod h1:JSQCQMUPdRlMZFswiq3TGpNp1GMktqkR2Ns5AIQkATU= -github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= -github.com/gofrs/flock v0.0.0-20190320160742-5135e617513b/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU= +github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= +github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= +github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= +github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= +github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e h1:1r7pUrabqp18hOBcwBwiTsbnFeTZHV9eER/QT5JVZxY= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= +github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E= -github.com/golang/mock v1.0.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= @@ -313,32 +373,16 @@ github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEW github.com/golang/snappy v0.0.2/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.3 h1:fHPg5GQYlCeLIPB9BZqMVR5nR9A+IM5zcgeTdjMYmLA= github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/golangci/check v0.0.0-20180506172741-cfe4005ccda2/go.mod h1:k9Qvh+8juN+UKMCS/3jFtGICgW8O96FVaZsaxdzDkR4= -github.com/golangci/dupl v0.0.0-20180902072040-3e9179ac440a/go.mod h1:ryS0uhF+x9jgbj/N71xsEqODy9BN81/GonCZiOzirOk= -github.com/golangci/errcheck v0.0.0-20181223084120-ef45e06d44b6/go.mod h1:DbHgvLiFKX1Sh2T1w8Q/h4NAI8MHIpzCdnBUDTXU3I0= -github.com/golangci/go-misc v0.0.0-20180628070357-927a3d87b613/go.mod h1:SyvUF2NxV+sN8upjjeVYr5W7tyxaT1JVtvhKhOn2ii8= -github.com/golangci/go-tools v0.0.0-20190318055746-e32c54105b7c/go.mod h1:unzUULGw35sjyOYjUt0jMTXqHlZPpPc6e+xfO4cd6mM= -github.com/golangci/goconst v0.0.0-20180610141641-041c5f2b40f3/go.mod h1:JXrF4TWy4tXYn62/9x8Wm/K/dm06p8tCKwFRDPZG/1o= -github.com/golangci/gocyclo v0.0.0-20180528134321-2becd97e67ee/go.mod h1:ozx7R9SIwqmqf5pRP90DhR2Oay2UIjGuKheCBCNwAYU= -github.com/golangci/gofmt v0.0.0-20181222123516-0b8337e80d98/go.mod h1:9qCChq59u/eW8im404Q2WWTrnBUQKjpNYKMbU4M7EFU= -github.com/golangci/gofmt v0.0.0-20190930125516-244bba706f1a/go.mod h1:9qCChq59u/eW8im404Q2WWTrnBUQKjpNYKMbU4M7EFU= -github.com/golangci/golangci-lint v1.17.2-0.20190910081718-bad04bb7378f/go.mod h1:kaqo8l0OZKYPtjNmG4z4HrWLgcYNIJ9B9q3LWri9uLg= -github.com/golangci/golangci-lint v1.24.0/go.mod h1:yIqiAZ2SSQqg+1JeFlAdvEWjGVz4uu5jr4lrciqA1gE= -github.com/golangci/gosec v0.0.0-20190211064107-66fb7fc33547/go.mod h1:0qUabqiIQgfmlAmulqxyiGkkyF6/tOGSnY2cnPVwrzU= -github.com/golangci/ineffassign v0.0.0-20190609212857-42439a7714cc/go.mod h1:e5tpTHCfVze+7EpLEozzMB3eafxo2KT5veNg1k6byQU= -github.com/golangci/lint-1 v0.0.0-20190420132249-ee948d087217/go.mod h1:66R6K6P6VWk9I95jvqGxkqJxVWGFy9XlDwLwVz1RCFg= -github.com/golangci/lint-1 v0.0.0-20191013205115-297bf364a8e0/go.mod h1:66R6K6P6VWk9I95jvqGxkqJxVWGFy9XlDwLwVz1RCFg= -github.com/golangci/maligned v0.0.0-20180506175553-b1d89398deca/go.mod h1:tvlJhZqDe4LMs4ZHD0oMUlt9G2LWuDGoisJTBzLMV9o= -github.com/golangci/misspell v0.0.0-20180809174111-950f5d19e770/go.mod h1:dEbvlSfYbMQDtrpRMQU675gSDLDNa8sCPPChZ7PhiVA= -github.com/golangci/prealloc v0.0.0-20180630174525-215b22d4de21/go.mod h1:tf5+bzsHdTM0bsB7+8mt0GUMvjCgwLpTapNZHU8AajI= -github.com/golangci/revgrep v0.0.0-20180526074752-d9c87f5ffaf0/go.mod h1:qOQCunEYvmd/TLamH+7LlVccLvUH5kZNhbCgTHoBbp4= -github.com/golangci/unconvert v0.0.0-20180507085042-28b1c447d1f4/go.mod h1:Izgrg8RkN3rCIMLGE9CyYmU9pY2Jer6DgANEnZ/L/cQ= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= +github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= github.com/google/cel-go v0.7.3 h1:8v9BSN0avuGwrHFKNCjfiQ/CE6+D6sW+BDyOVoEeP6o= github.com/google/cel-go v0.7.3/go.mod h1:4EtyFAHT5xNr0Msu0MJjyGxPUgdr9DlcaPyzLt/kkt8= github.com/google/cel-spec v0.5.0/go.mod h1:Nwjgxy5CbjlPrtCWjeDjUyKMl8w41YBYGjsyDdqk0xA= -github.com/google/certificate-transparency-go v1.1.0/go.mod h1:i+Q7XY+ArBveOUT36jiHGfuSK1fHICIg6sUkRxPAbCs= +github.com/google/certificate-transparency-go v1.0.21/go.mod h1:QeJfpSbVSfYc7RgB3gJFj9cbuQMMchQxrWXz8Ruopmg= +github.com/google/certificate-transparency-go v1.1.2-0.20210422104406-9f33727a7a18/go.mod h1:6CKh9dscIRoqc2kC6YUFICHZMT9NrClyPrRVFrdw1QQ= +github.com/google/certificate-transparency-go v1.1.2-0.20210512142713-bed466244fa6/go.mod h1:aF2dp7Dh81mY8Y/zpzyXps4fQW5zQbDu2CxfpJB6NkI= +github.com/google/certificate-transparency-go v1.1.2-0.20210623111010-a50f74f4ce95/go.mod h1:Qj+RD7dL44/KQVYkRk4wDVszkPOzxNcHmuX4HCMEqKg= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= @@ -353,13 +397,18 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ= +github.com/google/go-github/v28 v28.1.1/go.mod h1:bsqJWQX05omyWVmc00nEUql9mhQyv38lDZ8kPZcQVoM= +github.com/google/go-licenses v0.0.0-20210329231322-ce1d9163b77d/go.mod h1:+TYOmkVoJOpwnS0wfdsJCV9CoD5nJYsHoFk/0CrTK4M= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= +github.com/google/go-replayers/grpcreplay v0.1.0/go.mod h1:8Ig2Idjpr6gifRd6pNVggX6TC1Zw6Jx74AKp7QNH2QE= +github.com/google/go-replayers/httpreplay v0.1.0/go.mod h1:YKZViNhiGgqdBlUbI2MwGpq4pXxNmhJLPHQ7cv2b5no= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/licenseclassifier v0.0.0-20210325184830-bb04aff29e72/go.mod h1:qsqn2hxC+vURpyBRygGUuinTO42MFRLcsmQ/P8v94+M= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= +github.com/google/martian v2.1.1-0.20190517191504-25dcb96d9e51+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= -github.com/google/monologue v0.0.0-20190606152607-4b11a32b5934/go.mod h1:6NTfaQoUpg5QmPsCUWLR3ig33FHrKXhTtWzF0DVdmuk= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= @@ -367,27 +416,36 @@ github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hf github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20201009210932-67992a1a5a35/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= -github.com/google/trillian v1.2.2-0.20190612132142-05461f4df60a/go.mod h1:YPmUVn5NGwgnDUgqlVyFGMTgaWlnSvH7W5p+NdOG8UA= -github.com/google/trillian-examples v0.0.0-20190603134952-4e75ba15216c/go.mod h1:WgL3XZ3pA8/9cm7yxqWrZE6iZkESB2ItGxy5Fo6k2lk= +github.com/google/rpmpack v0.0.0-20191226140753-aa36bfddb3a0/go.mod h1:RaTPr0KUf2K7fnZYLNDrr8rxAamWs3iNywJLtQ2AzBg= +github.com/google/subcommands v1.0.1/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk= +github.com/google/trillian v1.3.14-0.20210409160123-c5ea3abd4a41/go.mod h1:1dPv0CUjNQVFEDuAUFhZql16pw/VlPgaX8qj+g5pVzQ= +github.com/google/trillian v1.3.14-0.20210511103300-67b5f349eefa/go.mod h1:s4jO3Ai4NSvxucdvqUHON0bCqJyoya32eNw6XJwsmNc= +github.com/google/trillian v1.3.14-0.20210622121126-870e0cdde059/go.mod h1:77nhQ5M0g7nqL2S6sjQWUyqQ90h0X26T8cr0pQqqxec= +github.com/google/uuid v0.0.0-20161128191214-064e2069ce9c/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.2.0 h1:qJYtXnJRWmpe7m/3XlyhrsLrEURqHRM2kxzoxXqyUDs= github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/gax-go v2.0.0+incompatible h1:j0GKcs05QVmm7yesiZq2+9cxHkNK9YM6zKx4D2qucQU= +github.com/google/wire v0.3.0/go.mod h1:i1DMg/Lu8Sz5yYl25iOdmc5CT5qusaa+zmRWs16741s= github.com/googleapis/gax-go v2.0.0+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= +github.com/googleapis/gax-go v2.0.2+incompatible h1:silFMLAnr330+NRuag/VjIGF7TLp/LBrV2CJKFLWEww= +github.com/googleapis/gax-go v2.0.2+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= github.com/googleapis/gax-go/v2 v2.0.3/go.mod h1:LLvjysVCY1JZeum8Z6l8qUty8fiNwE08qbEPm1M08qg= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5 h1:sjZBwGj9Jlw33ImPtvFviGYvseOtDM7hkSKB7+Tv3SM= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= +github.com/gordonklaus/ineffassign v0.0.0-20200309095847-7953dde2c7bf/go.mod h1:cuNKsD1zp2v6XfE/orVX2QE1LC+i254ceGcVeDT3pTU= +github.com/goreleaser/goreleaser v0.134.0/go.mod h1:ZT6Y2rSYa6NxQzIsdfWWNWAlYGXGbreo66NmE+3X3WQ= +github.com/goreleaser/nfpm v1.2.1/go.mod h1:TtWrABZozuLOttX2uDlYyECfQX7x5XYkVxhjYcR6G9w= github.com/gorilla/context v0.0.0-20160226214623-1ea25387ff6f/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= github.com/gorilla/mux v1.4.0/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= @@ -395,22 +453,32 @@ github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2z github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= -github.com/gostaticanalysis/analysisutil v0.0.0-20190318220348-4088753ea4d3/go.mod h1:eEOZF4jCKGi+aprrirO9e7WKB3beBRtWgqGunKl6pKE= +github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/groob/finalizer v0.0.0-20170707115354-4c2ed49aabda/go.mod h1:MyndkAZd5rUMdNogn35MWXBX1UiBigrU8eTj8DoAC2c= github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= +github.com/grpc-ecosystem/go-grpc-middleware v1.2.2/go.mod h1:EaizFBKfUKtMIF5iaDEhniwNedqGo9FuLFzppDr3uwI= +github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.5.0/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw= +github.com/grpc-ecosystem/grpc-gateway v1.8.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= +github.com/grpc-ecosystem/grpc-gateway v1.9.2/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= +github.com/grpc-ecosystem/grpc-gateway v1.14.6/go.mod h1:zdiPV4Yse/1gnckTHtghG4GkDEdKCRJduHpTxT3/jcw= +github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= +github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE= +github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= +github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= +github.com/hashicorp/go-retryablehttp v0.6.4/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= @@ -420,37 +488,48 @@ github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09 github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/hcl v0.0.0-20180404174102-ef8a98b0bbce/go.mod h1:oZtUIOe8dh44I2q6ScRibXws4Ajl+d+nod3AaR9vL5w= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I= github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= +github.com/huandu/xstrings v1.0.0/go.mod h1:4qWG/gcEcfX4z/mBDHJ++3ReCw9ibxbsNJbcucJdbSo= +github.com/huandu/xstrings v1.2.0/go.mod h1:DvyZB1rfVYsBIigL8HwpZgxHwXozlTgGqn63UyNX5k4= github.com/huandu/xstrings v1.3.1 h1:4jgBlKK6tLKFvO8u5pmYjG91cqytmDCDvGh7ECVFfFs= github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/icrowley/fake v0.0.0-20180203215853-4178557ae428/go.mod h1:uhpZMVGznybq1itEKXj6RYw9I71qK4kH+OGMjRC4KEo= +github.com/imdario/mergo v0.3.4/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= +github.com/imdario/mergo v0.3.9/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.11 h1:3tnifQM4i+fbajXKBHXWEH+KvNHqojZ778UH75j3bGA= github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo= +github.com/jarcoal/httpmock v1.0.5/go.mod h1:ATjnClrvW/3tijVmpL/va5Z3aAyGvqU3gCT8nX0Txik= +github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0B/fFc00Y+Rasa88328GlI/XbtyysCtTHZS8h7IrBU= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= -github.com/jingyugao/rowserrcheck v0.0.0-20191204022205-72ab7603b68a/go.mod h1:xRskid8CManxVta/ALEhJha/pweKBaVG6fWgc0yH25s= -github.com/jirfag/go-printf-func-name v0.0.0-20191110105641-45db9963cdd3/go.mod h1:HEWGJkRDzjJY2sqdDwxccsGicWEf9BQOZsq2tV+xzM0= +github.com/jhump/protoreflect v1.6.1/go.mod h1:RZQ/lnuN+zqeRVpQigTwO6o0AJUkxbnSnpuG7toUTG4= +github.com/jhump/protoreflect v1.8.2/go.mod h1:7GcYQDdMU/O/BBrl/cX6PNHpXh6cenjd8pneu5yW7Tg= +github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= -github.com/jmespath/go-jmespath v0.3.0 h1:OS12ieG61fsCg5+qLJ+SsW9NicxNkg3b25OyT2yCeUc= github.com/jmespath/go-jmespath v0.3.0/go.mod h1:9QtRXoHjLGCJ5IBSaohpXITPlowMeeYCZ7fLUTSywik= -github.com/jmoiron/sqlx v1.2.1-0.20190826204134-d7d95172beb5/go.mod h1:1FEQNm3xlJgrMD+FBdI9+xvCksHtbpVBBw5dYhBSsks= +github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= +github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= +github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= +github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= +github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= +github.com/jpillora/backoff v0.0.0-20180909062703-3050d21c67d7/go.mod h1:2iMrUgbbvHEiQClaW2NsSzMyGHqN+rDFqY705q49KG0= github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= @@ -462,49 +541,44 @@ github.com/juju/ratelimit v1.0.1/go.mod h1:qapgC/Gy+xNh9UxzV13HGGl/6UXNN+ct+vwSg github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8= +github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= -github.com/kisielk/gotool v0.0.0-20161130080628-0de1eaf82fa3/go.mod h1:jxZFDH7ILpTPQTk+E2s+z4CUas9lVNjIuKR4c5/zKgM= +github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= +github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.4.0/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= -github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= +github.com/klauspost/compress v1.12.3/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= github.com/klauspost/compress v1.13.1 h1:wXr2uRxZTJXHLly6qhJabee5JqIhTRoLBhDOA74hDEQ= github.com/klauspost/compress v1.13.1/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= -github.com/klauspost/cpuid v0.0.0-20180405133222-e7e905edc00e/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= -github.com/klauspost/cpuid v1.2.0 h1:NMpwD2G9JSFOE1/TJjGSo5zG7Yb2bTe7eq1jH+irmeE= -github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/klauspost/cpuid/v2 v2.0.6 h1:dQ5ueTiftKxp0gyjKSx5+8BtPWkyQbd95m8Gys/RarI= github.com/klauspost/cpuid/v2 v2.0.6/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/konsorten/go-windows-terminal-sequences v1.0.3 h1:CE8S1cTafDpPvMhIxNJKvHsGVBgn1xWYf1NbHQhywc8= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -github.com/kr/pretty v0.2.0 h1:s5hAObm+yFO5uHYt5dYjxi2rXrsnmRpJx4OYvIWUaQs= github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI= +github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.3/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= -github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= -github.com/letsencrypt/pkcs11key v2.0.1-0.20170608213348-396559074696+incompatible/go.mod h1:iGYXKqDXt0cpBthCHdr9ZdsQwyGlYFh/+8xa4WzIQ34= -github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= +github.com/letsencrypt/pkcs11key/v4 v4.0.0/go.mod h1:EFUvBDay26dErnNb70Nd0/VW3tJiIbETBPTl9ATXQag= github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= -github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/libdns/libdns v0.2.1 h1:Wu59T7wSHRgtA0cfxC+n1c/e+O3upJGWytknkmFEDis= github.com/libdns/libdns v0.2.1/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40= github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= -github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= github.com/lucas-clemente/quic-go v0.23.0 h1:5vFnKtZ6nHDFsc/F3uuiF4T3y/AXaQdxjUqiVw26GZE= github.com/lucas-clemente/quic-go v0.23.0/go.mod h1:paZuzjXCE5mj6sikVLMvqXk8lJV2AsqtJ6bDhjEfxx0= github.com/lunixbochs/vtclean v0.0.0-20180621232353-2d01aacdc34a/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/lunixbochs/vtclean v1.0.0 h1:xu2sLAri4lGiovBDQKxl5mrXyESr3gUr5m5SM5+LVb8= github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= -github.com/magiconair/properties v1.7.6/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= @@ -517,26 +591,30 @@ github.com/marten-seemann/qtls-go1-16 v0.1.4 h1:xbHbOGGhrenVtII6Co8akhLEdrawwB2i github.com/marten-seemann/qtls-go1-16 v0.1.4/go.mod h1:gNpI2Ol+lRS3WwSOtIUUtRwZEQMXjYK+dQSBFbethAk= github.com/marten-seemann/qtls-go1-17 v0.1.0 h1:P9ggrs5xtwiqXv/FHNwntmuLMNq3KaSIG93AtAZ48xk= github.com/marten-seemann/qtls-go1-17 v0.1.0/go.mod h1:fz4HIxByo+LlWcreM4CZOYNuz3taBQ8rN2X6FqvaWo8= -github.com/matoous/godox v0.0.0-20190911065817-5d6d842e92eb/go.mod h1:1BELzlh859Sh1c6+90blK8lbYy0kwQf1bYlBhBysy1s= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= +github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ= +github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-colorable v0.1.8 h1:c1ghPdyEDarC70ftn0y+A/Ee++9zz8ljHG1b13eJ0s8= github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= +github.com/mattn/go-ieproxy v0.0.0-20190610004146-91bb50d98149/go.mod h1:31jz6HNzdxOmlERGGEc4v/dMssOfmp2p5bT/okiKFFc= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= +github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-isatty v0.0.13 h1:qdl+GuBjcsKKDco5BsxPJlId98mSWNKqYA+Co0SC1yA= github.com/mattn/go-isatty v0.0.13/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= -github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= -github.com/mattn/go-sqlite3 v1.9.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc= -github.com/mattn/go-sqlite3 v1.10.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc= -github.com/mattn/goveralls v0.0.2/go.mod h1:8d1ZMHsd7fW6IRPKQh46F2WRpyib5/X4FOpevwGNQEw= +github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= +github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= +github.com/mattn/go-shellwords v1.0.10/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y= +github.com/mattn/go-zglob v0.0.1/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo= github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= +github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= github.com/mholt/acmez v0.1.3 h1:J7MmNIk4Qf9b8mAGqAh4XkNeowv3f1zW816yf4zt7Qk= github.com/mholt/acmez v0.1.3/go.mod h1:8qnn8QA/Ewx8E3ZSsmscqsIjhhpxuy9vqdgbX2ceceM= github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4= @@ -547,31 +625,30 @@ github.com/miekg/dns v1.1.42 h1:gWGe42RGaIqXQZ+r3WUGEKBEtvPHY2SXo4dqixDNxuY= github.com/miekg/dns v1.1.42/go.mod h1:+evo5L0630/F6ca/Z9+GAqzhjGyn8/c+TBaOyfEl0V4= github.com/miekg/pkcs11 v1.0.2/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/miekg/pkcs11 v1.0.3-0.20190429190417-a667d056470f/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= +github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= github.com/mitchellh/copystructure v1.0.0 h1:Laisrj+bAB6b/yJwB5Bt3ITZhGJdqmxquMKeZ+mmkFQ= github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= -github.com/mitchellh/go-ps v0.0.0-20170309133038-4fdf99ab2936/go.mod h1:r1VsdOzOPt1ZSrGZWFoNhsAedKnEd6r9Np1+5blZCWk= -github.com/mitchellh/go-ps v0.0.0-20190716172923-621e5597135b/go.mod h1:r1VsdOzOPt1ZSrGZWFoNhsAedKnEd6r9Np1+5blZCWk= github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/mitchellh/mapstructure v0.0.0-20180220230111-00c29f56e238/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/mitchellh/reflectwalk v1.0.0 h1:9D+8oIskB4VJBN5SFlmc27fSlIBZaov1Wpk/IfikLNY= github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= +github.com/mitchellh/reflectwalk v1.0.1 h1:FVzMWA5RllMAKIdUSC8mdWo3XtwoecrH79BY70sEEpE= +github.com/mitchellh/reflectwalk v1.0.1/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8= -github.com/mozilla/tls-observatory v0.0.0-20180409132520-8791a200eb40/go.mod h1:SrKMQvPiws7F7iqYp8/TX+IhxCYhzr6N/1yb8cwHsGk= -github.com/mozilla/tls-observatory v0.0.0-20190404164649-a3c1b6cfecfd/go.mod h1:SrKMQvPiws7F7iqYp8/TX+IhxCYhzr6N/1yb8cwHsGk= github.com/mreiferson/go-httpclient v0.0.0-20160630210159-31f0106b4474/go.mod h1:OQA4XLvDbMgS8P0CevmM4m9Q3Jq4phKUzcocxuGJ5m8= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= +github.com/mwitkow/go-proto-validators v0.0.0-20180403085117-0950a7990007/go.mod h1:m2XC9Qq0AlmmVksL6FktJCdTYyLk7V3fKyp0sl1yWQo= +github.com/mwitkow/go-proto-validators v0.2.0/go.mod h1:ZfA1hW+UH/2ZHOWvQ3HnQaU0DtnpXu850MZiy+YUgcc= github.com/naoina/go-stringutil v0.1.0 h1:rCUeRUHjBjGTSHl0VC00jUPLz8/F9dDzYI70Hzifhks= github.com/naoina/go-stringutil v0.1.0/go.mod h1:XJ2SJL9jCtBh+P9q5btrd/Ylo8XwT/h1USek5+NqSA0= github.com/naoina/toml v0.1.1 h1:PT/lllxVVN0gzzSqSlHEmP8MJB4MY2U7STGxiouV4X8= @@ -583,13 +660,11 @@ github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzE github.com/nats-io/nkeys v0.1.0/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c= -github.com/nbutton23/zxcvbn-go v0.0.0-20160627004424-a22cb81b2ecd/go.mod h1:o96djdrsSGy3AWPyBgZMAGfxZNfgntdJG+11KU4QvbU= -github.com/nbutton23/zxcvbn-go v0.0.0-20171102151520-eafdab6b0663/go.mod h1:o96djdrsSGy3AWPyBgZMAGfxZNfgntdJG+11KU4QvbU= -github.com/nbutton23/zxcvbn-go v0.0.0-20180912185939-ae427f1e4c1d/go.mod h1:o96djdrsSGy3AWPyBgZMAGfxZNfgntdJG+11KU4QvbU= github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo= github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM= github.com/newrelic/go-agent v2.15.0+incompatible/go.mod h1:a8Fv1b/fYhFSReoTU6HDkTYIMZeSVNffmoS726Y0LzQ= github.com/ngdinhtoan/glide-cleanup v0.2.0/go.mod h1:UQzsmiDOb8YV3nOsCxK/c9zPpCZVNoHScRE3EO9pVMM= +github.com/nishanths/predeclared v0.0.0-20200524104333-86fad755b4d3/go.mod h1:nt3d53pc1VYcphSCIaYAJtnPYnr3Zyn8fMq2wvPGPso= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= @@ -597,21 +672,19 @@ github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtb github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= -github.com/olekukonko/tablewriter v0.0.1/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= -github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/olekukonko/tablewriter v0.0.4/go.mod h1:zq6QwlOf5SlnkVbMSr5EoBv3636FWnp+qbPhuoO21uA= +github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= github.com/onsi/ginkgo v1.16.2/go.mod h1:CObGmKUOKaSC0RjmoAK7tKyn4Azo5P2IWuoMnvwxz1E= github.com/onsi/ginkgo v1.16.4 h1:29JGrr5oVBm5ulCWet69zQkzWipVXIol6ygQUe/EzNc= github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= -github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= -github.com/onsi/gomega v1.4.2/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= +github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= -github.com/onsi/gomega v1.8.1/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.13.0 h1:7lLHu94wT9Ij0o6EWWclhu0aOh32VxhkwEJvzuWPeak= github.com/onsi/gomega v1.13.0/go.mod h1:lRk9szgn8TxENtWd0Tp4c3wjlRfMTMH27I+3Je41yGY= @@ -625,10 +698,15 @@ github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTm github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw= github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= +github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw= +github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE= +github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs= +github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT91xUo= +github.com/otiai10/mint v1.3.1/go.mod h1:/yxELlJQ0ufhjUwhshSj+wFjZ78CnZ48/1wtmBH1OTc= github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= -github.com/pelletier/go-toml v1.1.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= +github.com/pelletier/go-buffruneio v0.2.0/go.mod h1:JkE26KsDizTr40EUHkXVtNPvgGtbSNq5BcowyYOWdKo= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac= github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= @@ -638,6 +716,7 @@ github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA= +github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= @@ -646,12 +725,13 @@ github.com/prometheus/client_golang v0.8.0/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXP github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs= github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= -github.com/prometheus/client_golang v0.9.4/go.mod h1:oCXIBxdI62A4cR6aTRJCgetEjecSIYzOEaeAn4iYEpM= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og= +github.com/prometheus/client_golang v1.5.1/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= -github.com/prometheus/client_golang v1.10.1-0.20210603120351-253906201bda h1:3W1P84xhSTIfDWfFnKN84yPp6iPXmvSgwfQe4heKOM8= -github.com/prometheus/client_golang v1.10.1-0.20210603120351-253906201bda/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= +github.com/prometheus/client_golang v1.10.0/go.mod h1:WJM3cc3yu7XKBKa/I8WeZm+V3eltZnBwfENSU7mdogU= +github.com/prometheus/client_golang v1.11.0 h1:HNkLOAEQMIDv/K+04rukrLx6ch7msSRwf3/SASFAGtQ= +github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= @@ -665,7 +745,9 @@ github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y8 github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA= +github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= +github.com/prometheus/common v0.18.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s= github.com/prometheus/common v0.26.0 h1:iMAkS2TDoNWnKM+Kopnx/8tnEStIfpYA0ur0xQzzhMQ= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= @@ -675,15 +757,18 @@ github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7z github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= +github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.6.0 h1:mxy4L2jP6qMonqmq+aTtOx1ifVWUgG/TAmntgbh3xv4= github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= -github.com/quasilyte/go-consistent v0.0.0-20190521200055-c6f3937de18c/go.mod h1:5STLWrekHfjyYwxBRVRXNOSewLJ3PWfDJd1VyTS21fI= +github.com/pseudomuto/protoc-gen-doc v1.4.1/go.mod h1:exDTOVwqpp30eV/EDPFLZy3Pwr2sn6hBC1WIYH/UbIg= +github.com/pseudomuto/protokit v0.2.0/go.mod h1:2PdH30hxVHsup8KpBTOXTBeMVhJZVio3Q8ViKSAXT0Q= github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= -github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= +github.com/rogpeppe/fastuuid v1.1.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= +github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/rs/cors v1.6.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= +github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= github.com/rs/xid v1.2.1 h1:mhH9Nq+C1fY2l1XIpgxIiUOfNpRBYH1kKcr+qfKgjRc= github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ= github.com/russross/blackfriday v1.5.2 h1:HyvC0ARfnZBqnXwABFeSZHpKvJHJJfPz81GNueLj0oo= @@ -691,17 +776,15 @@ github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= -github.com/ryanuber/go-glob v0.0.0-20170128012129-256dc444b735/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= github.com/samfoo/ansi v0.0.0-20160124022901-b6bd2ded7189 h1:CmSpbxmewNQbzqztaY0bke1qzHhyNyC29wYgh17Gxfo= github.com/samfoo/ansi v0.0.0-20160124022901-b6bd2ded7189/go.mod h1:UUwuHEJ9zkkPDxspIHOa59PUeSkGFljESGzbxntLmIg= github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= +github.com/sassoftware/go-rpmutils v0.0.0-20190420191620-a8f1baeba37b/go.mod h1:am+Fp8Bt506lA3Rk3QCmSqmYmLMnPDhdDUcosQCAx+I= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= -github.com/securego/gosec v0.0.0-20200103095621-79fbf3af8d83/go.mod h1:vvbZ2Ae7AzSq3/kywjUDxSNq2SJ27RxCz2un0H3ePqE= -github.com/sergi/go-diff v1.0.0 h1:Kpca3qRNrduNnOQeazBd0ysaKrUJiIuISHxogkT9RPQ= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= -github.com/shirou/gopsutil v0.0.0-20180427012116-c95755e4bcd7/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA= -github.com/shirou/gopsutil v0.0.0-20190901111213-e4ec7b275ada/go.mod h1:WWnYX4lzhCH5h/3YBfyVA3VbLYjlMZZAQcW9ojMexNc= -github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4/go.mod h1:qsXQc7+bwAM3Q1u/4XEfrquwF8Lw7D7y5cD8CuHnfIc= +github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= +github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= +github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/shopspring/decimal v1.2.0 h1:abSATXmQEYyShuxI4/vyW3tV1MrKAJzCZ/0zLUXYbsQ= github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/shurcooL/component v0.0.0-20170202220835-f88ec8f54cc4/go.mod h1:XhFIlyj5a1fBNx5aJTbKoIq0mNaPvOagO+HjB3EtxrY= @@ -728,56 +811,60 @@ github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5I github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/shurcooL/users v0.0.0-20180125191416-49c67e49c537/go.mod h1:QJTqeLYEDaXHZDBsXlPCDqdhQuJkuw4NOtaxYe3xii4= github.com/shurcooL/webdavfs v0.0.0-20170829043945-18c3829fa133/go.mod h1:hKmq5kWdCj2z2KEozexVbfEZIWiTjhE0+UjmZgPqehw= -github.com/sirupsen/logrus v1.0.5/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.3.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= -github.com/sirupsen/logrus v1.6.0 h1:UBcNElsrwanuuMsnGSlYmtmgbb23qDR5dG+6X6Oo89I= github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= +github.com/sirupsen/logrus v1.7.0 h1:ShrD1U9pZB12TX0cVy0DtePoCH97K8EtX+mg7ZARUtM= +github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/smallstep/assert v0.0.0-20180720014142-de77670473b5/go.mod h1:TC9A4+RjIOS+HyTH7wG17/gSqVv95uDw2J64dQZx7RE= github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262 h1:unQFBIznI+VYD1/1fApl1A+9VcBk+9dcqGfnePY87LY= github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262/go.mod h1:MyOHs9Po2fbM1LHej6sBUT8ozbxmMOFG+E+rx/GSGuc= -github.com/smallstep/certificates v0.15.14/go.mod h1:1L10hpdBHF2U88GVrA77qAJG7wjnacIr+sgBfIDdzDE= -github.com/smallstep/certificates v0.16.1 h1:g3RIRrZs5argARZoHJiUm6NNOWtqRIcRIrHElDThvLI= -github.com/smallstep/certificates v0.16.1/go.mod h1:Y4cKGkm99bRA3L6MVfwi0kWSgaVKA/ddJ4LtoMyI3QY= -github.com/smallstep/certinfo v1.5.0/go.mod h1:UWVjfGJeUc8O9PDR6VqI2CgWrQbF1HNMld1BSarYV2Q= -github.com/smallstep/cli v0.15.16 h1:K3YQxfK3GrcJTiikkNFhFTWVR8qPR2ftROfWDFGphqM= -github.com/smallstep/cli v0.15.16/go.mod h1:HU1iYqmiz28BSjC38zX9zpcfI+3Yi0DTPuDGeeoWjeU= +github.com/smallstep/certificates v0.16.0/go.mod h1:oht6bnzBapjumPGXTZK/rBJYLO+O8/TTWt5/VlE9Wd4= +github.com/smallstep/certificates v0.16.4 h1:/dhaR+6reeTHd2etVIjgpZI0CTn6USrhVqakoV0HZ0w= +github.com/smallstep/certificates v0.16.4/go.mod h1:U3Dkt4ttxRxC4yPedzzAQokC121/7d3Sfnj6mNgpw7Q= +github.com/smallstep/certinfo v1.5.1/go.mod h1:gA7HBbue0Wwr3kD60P2UtgTIFfMAOC66D3rzYhI0GZ4= +github.com/smallstep/cli v0.16.1 h1:zFN/B5XF+WbvwfRya11SPfiT7g7LIMRSCaoeQNce3Hw= +github.com/smallstep/cli v0.16.1/go.mod h1:C8IES4TcHN3/Va6x9B+ugJM1t0pwzICHAg+RB2FASg4= github.com/smallstep/nosql v0.3.6/go.mod h1:h1zC/Z54uNHc8euquLED4qJNCrMHd3nytA141ZZh4qQ= -github.com/smallstep/nosql v0.3.7 h1:P5C1cCj89a/MbD+4k8k585fzoaZNISmRA06v3q6u5lU= -github.com/smallstep/nosql v0.3.7/go.mod h1:mC+MOhUY1uV5S5vGmAwp1FSPfDB7iImiYn5nJCjzAdA= +github.com/smallstep/nosql v0.3.8 h1:1/EWUbbEdz9ai0g9Fd09VekVjtxp+5+gIHpV2PdwW3o= +github.com/smallstep/nosql v0.3.8/go.mod h1:X2qkYpNcW3yjLUvhEHfgGfClpKbFPapewvx7zo4TOFs= github.com/smallstep/truststore v0.9.6 h1:vNzEJmaJL0XOZD8uouXLmYu4/aP1UQ/wHUopH3qKeYA= github.com/smallstep/truststore v0.9.6/go.mod h1:HwHKRcBi0RUxxw1LYDpTRhYC4jZUuxPpkHdVonlkoDM= github.com/smallstep/zcrypto v0.0.0-20200203191936-fbc32cf76bce/go.mod h1:+F24VU3UCxfVFvvqgm5jNUFQOm/L6ed13ImwWGFgg/g= github.com/smallstep/zlint v0.0.0-20180727184541-d84eaafe274f/go.mod h1:GeHHT7sJDI9ti3oEaFnvx1F4N8n3ZSw2YM1+sbEoxc4= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= +github.com/smartystreets/assertions v1.0.0/go.mod h1:kHHU4qYBaI3q23Pp3VPrmWhuIUrLW/7eUrw0BU5VaoM= +github.com/smartystreets/go-aws-auth v0.0.0-20180515143844-0c1422d1fdb9/go.mod h1:SnhjPscd9TpLiy1LpzGSKh3bXCfxxXuqd9xmQJy3slM= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= +github.com/smartystreets/gunit v1.0.0/go.mod h1:qwPWnhz6pn0NnRBP++URONOVyNkPyr4SauJk4cUOwJs= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= +github.com/soheilhy/cmux v0.1.5-0.20210205191134-5ec6847320e5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= +github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d/go.mod h1:UdhH50NIW0fCiwBSr0co2m7BnFLdv4fQTgdqdJTHFeE= -github.com/sourcegraph/go-diff v0.5.1/go.mod h1:j2dHj3m8aZgQO8lMTcTnBcXkRRRqi34cd2MNlA9u1mE= github.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e/go.mod h1:HuIsMU8RRBOtsCgI77wP899iHVBQpCmg4ErYMZB+2IA= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spaolacci/murmur3 v1.1.0 h1:7c1g84S4BPRrfL5Xrdp6fOJ206sU9y293DDHaoy0bLI= github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= -github.com/spf13/afero v1.1.0/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= -github.com/spf13/cast v1.2.0/go.mod h1:r2rcYCSwa1IExKTDiTfzaxqT2FNHs8hODu4LnUfgKEg= github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cast v1.3.1 h1:nFm6S0SMdyzrzcmThSipiEubIDy8WEXKNZ0UOgiRpng= github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cobra v0.0.2/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= -github.com/spf13/jwalterweatherman v0.0.0-20180109140146-7c0cea34c8ec/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= +github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= +github.com/spf13/cobra v1.1.1/go.mod h1:WnodtKOvamDL/PwE2M4iKs8aMDBZ5Q5klgD3qfVJQMI= +github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/spf13/viper v1.0.2/go.mod h1:A8kyI5cUJhb8N+3pkfONlcEcZbueH6nhAm0Fq7SrnBM= github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= -github.com/spf13/viper v1.6.1/go.mod h1:t3iDnF5Jlj76alVNuyFBk5oUMCvsrkbvZK0WQdfDi5k= +github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= +github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= +github.com/src-d/gcfg v1.4.0/go.mod h1:p/UMsR43ujA89BJY9duynAwIpvqEujIH/jFlfL7jWoI= github.com/stoewer/go-strcase v1.2.0 h1:Z2iHWqGXH00XYgqDmNgQbIBxf3wrNq0F3feEy0ainaU= github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= @@ -786,6 +873,7 @@ github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5J github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= +github.com/stretchr/testify v0.0.0-20170130113145-4d4bfba8f1d1/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= @@ -796,31 +884,31 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cbyO7IOYJZWg1U88JhDg3PB6klq9Hg2pA= github.com/thales-e-security/pool v0.0.2/go.mod h1:qtpMm2+thHtqhLzTwgDBj/OuNnMpupY8mv0Phz0gjhU= -github.com/timakin/bodyclose v0.0.0-20190721030226-87058b9bfcec/go.mod h1:Qimiffbc6q9tBWlVV6x0P9sat/ao1xEkREYPPj9hphk= -github.com/timakin/bodyclose v0.0.0-20190930140734-f7f2e9bca95e/go.mod h1:Qimiffbc6q9tBWlVV6x0P9sat/ao1xEkREYPPj9hphk= +github.com/tj/assert v0.0.0-20171129193455-018094318fb0/go.mod h1:mZ9/Rh9oLWpLLDRpvE+3b7gP/C2YyLFYxNmcLnPTMe0= +github.com/tj/go-elastic v0.0.0-20171221160941-36157cbbebc2/go.mod h1:WjeM0Oo1eNAjXGDx2yma7uG2XoyRZTq1uv3M/o7imD0= +github.com/tj/go-kinesis v0.0.0-20171128231115-08b17f58cb1b/go.mod h1:/yhzCV0xPfx6jb1bBgRFjl5lytqVqZXEaeqWP8lTEao= +github.com/tj/go-spin v1.1.0/go.mod h1:Mg1mzmePZm4dva8Qz60H2lHwmJ2loum4VIrLgVnKwh4= github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= +github.com/tmc/grpc-websocket-proxy v0.0.0-20200427203606-3cfed13b9966/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= +github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce/go.mod h1:o8v6yHRoik09Xen7gje4m9ERNah1d1PPsVq1VEx9vE4= -github.com/tommy-muehle/go-mnd v1.3.1-0.20200224220436-e6f9a994e8fa/go.mod h1:dSUh0FtTP8VhvkL1S+gUR1OKd9ZnSaozuI6r3m6wOig= github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= -github.com/ultraware/funlen v0.0.1/go.mod h1:Dp4UiAus7Wdb9KUZsYWZEWiRzGuM2kXM1lPbfaF6xhA= -github.com/ultraware/funlen v0.0.2/go.mod h1:Dp4UiAus7Wdb9KUZsYWZEWiRzGuM2kXM1lPbfaF6xhA= -github.com/ultraware/whitespace v0.0.4/go.mod h1:aVMh/gQve5Maj9hQ/hg+F75lr/X5A89uZnzAmWSineA= +github.com/ulikunitz/xz v0.5.6/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8= +github.com/ulikunitz/xz v0.5.7/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= -github.com/urfave/cli v1.22.4 h1:u7tSpNPPswAFymm8IehJhy4uJMlUuU/GmqSkvJ1InXA= github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= -github.com/uudashr/gocognit v1.0.1/go.mod h1:j44Ayx2KW4+oB6SWMv8KsmHzZrOInQav7D3cQMJ5JUM= -github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= -github.com/valyala/fasthttp v1.2.0/go.mod h1:4vX61m6KN+xDduDNwXrhIAVZaZaZiQ1luJk8LWSxF3s= -github.com/valyala/quicktemplate v1.1.1/go.mod h1:EH+4AkTd43SvgIbQHYu59/cJyxDoOVRUAfrukLPuGJ4= -github.com/valyala/quicktemplate v1.2.0/go.mod h1:EH+4AkTd43SvgIbQHYu59/cJyxDoOVRUAfrukLPuGJ4= -github.com/valyala/tcplisten v0.0.0-20161114210144-ceec8f93295a/go.mod h1:v3UYOV9WzVtRmSR+PDvWpU/qWl4Wa5LApYYX4ZtKbio= +github.com/urfave/cli v1.22.5 h1:lNq9sAHXK2qfdI8W+GRItjCEkI+2oR4d+MEHy1CKXoU= +github.com/urfave/cli v1.22.5/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU= github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM= github.com/weppos/publicsuffix-go v0.4.0/go.mod h1:z3LCPQ38eedDQSwmsSRW4Y7t2L8Ln16JPQ02lHAdn5k= +github.com/xanzy/go-gitlab v0.31.0/go.mod h1:sPLojNBn68fMUWSxIJtdVVIP8uSBYqesTfDUseX11Ug= +github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4= +github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8/go.mod h1:HUYIGzjTL3rfEspMxjDjgmT5uz5wzYJKVo23qUhYTos= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -841,12 +929,33 @@ github.com/zmap/zcrypto v0.0.0-20190329181646-dff83107394d/go.mod h1:ix3q2kpLy0i github.com/zmap/zlint v0.0.0-20190516161541-9047d02cf65a/go.mod h1:xwLbce0UzBXp44sIAL1cii+hoK8j4AxRKlymZA2AIcY= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= -go.etcd.io/bbolt v1.3.5 h1:XAzx9gjCb0Rxj7EoqcClPD1d5ZBxZJk0jbuoPHenBt0= go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ= +go.etcd.io/bbolt v1.3.6 h1:/ecaJf0sk1l4l6V4awd65v2C3ILy7MSj+s/x1ADCIMU= +go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4= go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg= -go.etcd.io/etcd v3.3.13+incompatible/go.mod h1:yaeTdrJi5lOmYerz05bd8+V7KubZs8YSFZfzsF9A6aI= +go.etcd.io/etcd/api/v3 v3.5.0-alpha.0/go.mod h1:mPcW6aZJukV6Aa81LSKpBjQXTWlXB5r74ymPoSWa3Sw= +go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= +go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= +go.etcd.io/etcd/client/v2 v2.305.0-alpha.0/go.mod h1:kdV+xzCJ3luEBSIeQyB/OEKkWKd8Zkux4sbDeANrosU= +go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ= +go.etcd.io/etcd/client/v3 v3.5.0-alpha.0/go.mod h1:wKt7jgDgf/OfKiYmCq5WFGxOFAkVMLxiiXgLDFhECr8= +go.etcd.io/etcd/client/v3 v3.5.0/go.mod h1:AIKXXVX/DQXtfTEqBryiLTUXwON+GuvO6Z7lLS/oTh0= +go.etcd.io/etcd/etcdctl/v3 v3.5.0-alpha.0/go.mod h1:YPwSaBciV5G6Gpt435AasAG3ROetZsKNUzibRa/++oo= +go.etcd.io/etcd/etcdctl/v3 v3.5.0/go.mod h1:vGTfKdsh87RI7kA2JHFBEGxjQEYx+pi299wqEOdi34M= +go.etcd.io/etcd/etcdutl/v3 v3.5.0/go.mod h1:o98rKMCibbFAG8QS9KmvlYDGDShmmIbmRE8vSofzYNg= +go.etcd.io/etcd/pkg/v3 v3.5.0-alpha.0/go.mod h1:tV31atvwzcybuqejDoY3oaNRTtlD2l/Ot78Pc9w7DMY= +go.etcd.io/etcd/pkg/v3 v3.5.0/go.mod h1:UzJGatBQ1lXChBkQF0AuAtkRQMYnHubxAEYIrC3MSsE= +go.etcd.io/etcd/raft/v3 v3.5.0-alpha.0/go.mod h1:FAwse6Zlm5v4tEWZaTjmNhe17Int4Oxbu7+2r0DiD3w= +go.etcd.io/etcd/raft/v3 v3.5.0/go.mod h1:UFOHSIvO/nKwd4lhkwabrTD3cqW5yVyYYf/KlD00Szc= +go.etcd.io/etcd/server/v3 v3.5.0-alpha.0/go.mod h1:tsKetYpt980ZTpzl/gb+UOJj9RkIyCb1u4wjzMg90BQ= +go.etcd.io/etcd/server/v3 v3.5.0/go.mod h1:3Ah5ruV+M+7RZr0+Y/5mNLwC+eQlni+mQmOVdCRJoS4= +go.etcd.io/etcd/tests/v3 v3.5.0-alpha.0/go.mod h1:HnrHxjyCuZ8YDt8PYVyQQ5d1ZQfzJVEtQWllr5Vp/30= +go.etcd.io/etcd/tests/v3 v3.5.0/go.mod h1:f+mtZ1bE1YPvgKdOJV2BKy4JQW0nAFnQehgOE7+WyJE= +go.etcd.io/etcd/v3 v3.5.0-alpha.0/go.mod h1:JZ79d3LV6NUfPjUxXrpiFAYcjhT+06qqw+i28snx8To= +go.etcd.io/etcd/v3 v3.5.0/go.mod h1:FldM0/VzcxYWLvWx1sdA7ghKw7C3L2DvUTzGrcEtsC4= go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1 h1:A/5uWzF44DlIgdm/PQFwfMkW0JX+cIcQi/SwLAmZP5M= go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk= +go.opencensus.io v0.15.0/go.mod h1:UffZAU+4sDEINUGP/B7UfBBkq4fqLu9zXAX7ke6CHW0= go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= @@ -856,13 +965,22 @@ go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= +go.opencensus.io v0.22.6/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.23.0 h1:gqCw0LfLxScz8irSi8exQc7fyQ0fKQU/qnC/X8+V/1M= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= -go.step.sm/cli-utils v0.2.0/go.mod h1:+t4qCp5NO+080DdGkJxEh3xL5S4TcYC2JTPLMM72b6Y= +go.opentelemetry.io/contrib v0.20.0/go.mod h1:G/EtFaa6qaN7+LxqfIAT3GiZa7Wv5DTBUzl5H4LY0Kc= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.20.0/go.mod h1:oVGt1LRbBOBq1A5BQLlUg9UaU/54aiHw8cgjV3aWZ/E= +go.opentelemetry.io/otel v0.20.0/go.mod h1:Y3ugLH2oa81t5QO+Lty+zXf8zC9L26ax4Nzoxm/dooo= +go.opentelemetry.io/otel/exporters/otlp v0.20.0/go.mod h1:YIieizyaN77rtLJra0buKiNBOm9XQfkPEKBeuhoMwAM= +go.opentelemetry.io/otel/metric v0.20.0/go.mod h1:598I5tYlH1vzBjn+BTuhzTCSb/9debfNp6R3s7Pr1eU= +go.opentelemetry.io/otel/oteltest v0.20.0/go.mod h1:L7bgKf9ZB7qCwT9Up7i9/pn0PWIa9FqQ2IQ8LoxiGnw= +go.opentelemetry.io/otel/sdk v0.20.0/go.mod h1:g/IcepuwNsoiX5Byy2nNV0ySUF1em498m7hBWC279Yc= +go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi+bJK+Dr8NQCh0qGhm1KDnNlE= +go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE= +go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw= +go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.step.sm/cli-utils v0.4.1 h1:QztRUhGYjOPM1I2Nmi7V6XejQyVtcESmo+sbegxvX7Q= go.step.sm/cli-utils v0.4.1/go.mod h1:hWYVOSlw8W9Pd+BwIbs/aftVVMRms3EG7Q2qLRwc0WA= -go.step.sm/crypto v0.6.1/go.mod h1:AKS4yMZVZD4EGjpSkY4eibuMenrvKCscb+BpWMet8c0= -go.step.sm/crypto v0.8.0/go.mod h1:+CYG05Mek1YDqi5WK0ERc6cOpKly2i/a5aZmU1sfGj0= go.step.sm/crypto v0.9.0 h1:q2AllTSnVj4NRtyEPkGW2ohArLmbGbe6ZAL/VIOKDzA= go.step.sm/crypto v0.9.0/go.mod h1:+CYG05Mek1YDqi5WK0ERc6cOpKly2i/a5aZmU1sfGj0= go.step.sm/linkedca v0.0.0-20210611183751-27424aae8d25 h1:ncJqviWswJT19IdnfOYQGKG1zL7IDy4lAJz1PuM3fgw= @@ -873,6 +991,7 @@ go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= +go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU= @@ -882,27 +1001,36 @@ go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9E go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= go.uber.org/zap v1.15.0/go.mod h1:Mb2vm2krFEG5DV0W9qcHBYFtp/Wku1cvYaqPsS/WYfc= +go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ= go.uber.org/zap v1.17.0 h1:MTjgFu6ZLKvY6Pvaqk97GlxNBuMpV4Hy/3P6tRGlI2U= go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE= +gocloud.dev v0.19.0/go.mod h1:SmKwiR8YwIMMJvQBKLsC3fHNyMwXLw3PMDO+VVteJMI= golang.org/x/build v0.0.0-20190111050920-041ab4dc3f9d/go.mod h1:OWs+y06UdEOHN4y+MfF/py+xQ/tYqIWW03b70/CG9Rw= +golang.org/x/crypto v0.0.0-20180501155221-613d6eafa307/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20191002192127-34f69633bfdc/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200221231518-2aa609cf4a9d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a h1:kr2P4QFmQr29mSLA43kwrOcgcReGTfbE9N577tCTuBc= golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= +golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e h1:gsTQYXdTw2Gq7RBsWvlQ91b+aEQ6bXFUngBGuR8sPpI= +golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -913,6 +1041,7 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= +golang.org/x/exp v0.0.0-20200331195152-e8c3332aa8e5/go.mod h1:4M0jN8W1tt0AVLNr8HDosyJCDCDuyL9N9+3m7wDWgKw= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -941,14 +1070,13 @@ golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2 h1:Gz96sIWK3OalVv/I/qNygP42zyoKp3xptRVCWRFEBvo= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20170726083632-f5079bd7f6f7/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20170915142106-8351a756f30f/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180911220305-26e67e76b6c3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181029044818-c44066c5c816/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181106065722-10aee1819953/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181108082009-03003ca0c849/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -964,11 +1092,14 @@ golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190619014844-b5b0513f8c1b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20191002035440-2ec189313ef0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20191119073136-fc4aabc6c914/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -976,6 +1107,7 @@ golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200421231249-e086a090c8fd/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= @@ -984,21 +1116,24 @@ golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/ golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20201010224723-4f7140c49acb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20210525063256-abc453219eb5 h1:wjuX4b5yYQnEQHzd+CBcrcC6OVR2J1CN6mUy0oSxIPo= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20210614182718-04defd469f4e h1:XpT3nA5TvE525Ne3hInMh6+GETgn27Zfm9dxsThnX2Q= +golang.org/x/net v0.0.0-20210614182718-04defd469f4e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= +golang.org/x/oauth2 v0.0.0-20181106182150-f42d05182288/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1008,9 +1143,12 @@ golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4Iltr golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210126194326-f9ce19ea3013/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210413134643-5e61552d6c78/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210427180440-81ed05c6b58c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c h1:pkQiBZBvdos9qq4wBAHqlzuZHEXo07pqV06ef90u1WI= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/perf v0.0.0-20180704124530-6e6d33e29852/go.mod h1:JLpeXjPJfIyPr5TlbXLkXWLhP8nz10XfvxElABhCtcw= @@ -1018,6 +1156,7 @@ golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190412183630-56d357773e84/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1027,7 +1166,6 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20170728174421-0f826bdd13b5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20171026204733-164713f0dfce/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -1040,6 +1178,7 @@ golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20181128092732-4ed8d59d0b35/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190221075227-b4e8571b14e0/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190316082340-a2f829d7f35f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1048,15 +1187,16 @@ golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190620070143-6f217b454f45/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190626221950-04f50cda93cb/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191119060738-e882bf8e40c2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191220142924-d4481acd189f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1072,6 +1212,7 @@ golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200413165638-669c56c373c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1082,7 +1223,9 @@ golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200828194041-157a740278f4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201009025420-dfb3f7c4e634/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1092,19 +1235,25 @@ golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210309074719-68d13333faf2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210412220455-f1c623a9e750/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210503080704-8803ae5d1324/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40 h1:JWgyZ1qgdTaF3N3oxC+MdTV7qvEEgHo3otj+HB5CM7Q= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c h1:F1jZWGFhYfh0Ci55sIpILtKKK8p3i2/krTr0H1rg74I= +golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210503060354-a79de5458b56 h1:b8jxX3zqjpqb2LklXPzKSGJhzyxCOZSz8ncv8Nv+y7w= golang.org/x/term v0.0.0-20210503060354-a79de5458b56/go.mod h1:tfny5GFUkzUvx4ps4ajbZsCe5lw1metzhBm9T3x7oIY= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.0.0-20170915090833-1cbadb444a80/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= @@ -1117,55 +1266,48 @@ golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxb golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/tools v0.0.0-20170915040203-e531a2a1c15f/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181030000716-a0a13e073c7b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20181117154741-2ddaf7f79a09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190110163146-51295c7ec13a/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190121143147-24cd39ecf745/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190221204921-83362c3779f5/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190311215038-5c2858a9cfe5/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190322203728-c1a832b0ad89/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190422233926-fe54fb35175b/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190521203540-521d6ed310dd/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190719005602-e377ae9d6386/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI= +golang.org/x/tools v0.0.0-20190729092621-ff9f1409240a/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI= golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20190909030654-5b82db07426d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20190910044552-dd2b5c81c578/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191010075000-0337d82405ff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191113232020-e2727e816f5a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191118222007-07fc4c7f2b98/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200102140908-9497f49d5709/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200204192400-7124308813f3/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= @@ -1173,24 +1315,31 @@ golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapK golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= +golang.org/x/tools v0.0.0-20200426102838-f3a5411a4c3b/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200522201501-cb1345f3a375/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200717024301-6ddee64345a6/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= -golang.org/x/tools v0.0.0-20201017001424-6003fad69a88/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU= +golang.org/x/tools v0.0.0-20201014170642-d1624618ad65/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU= golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.2 h1:kRBLX7v7Af8W7Gdbbc908OJcdgtK8bOz9Uaj8/F1ACA= golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.3 h1:L69ShwSZEyCsLKoAxDKeMvLDZkumEe8gXUZAjab0tX8= +golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1206,6 +1355,7 @@ google.golang.org/api v0.6.0/go.mod h1:btoxGiFvQNVUZQ8W08zLtrVS08CNpINPEfxXxgJL1 google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= +google.golang.org/api v0.10.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= @@ -1218,35 +1368,42 @@ google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0M google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= -google.golang.org/api v0.33.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE= +google.golang.org/api v0.37.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= -google.golang.org/api v0.47.0 h1:sQLWZQvP6jPGIP4JGPkJu4zHswrv81iobiyszr3b/0I= +google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= +google.golang.org/api v0.46.0/go.mod h1:ceL4oozhkAiTID8XMmJBsIxID/9wMXJVVFXPg4ylg3I= google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo= +google.golang.org/api v0.48.0 h1:RDAPWfNFY06dffEXfn7hZF5Fr1ZbnChzfQZAPyBd1+I= +google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= +google.golang.org/appengine v1.6.2/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/genproto v0.0.0-20170818010345-ee236bd376b0/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20180831171423-11092d34479b/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20181029155118-b69ba1387ce2/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/genproto v0.0.0-20181107211654-5fc9ac540362/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20181202183823-bd91e49a0898/go.mod h1:7Ep/1NZk928CDR8SjdVbjWNpdIf6nzjE3BTgJDr2Atg= google.golang.org/genproto v0.0.0-20190306203927-b5d61aea6440/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190508193815-b515fa19cec8/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190530194941-fb225487d101/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= -google.golang.org/genproto v0.0.0-20190605220351-eb0b1bdb6ae6/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= +google.golang.org/genproto v0.0.0-20190620144150-6af8c5fc6601/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= @@ -1263,8 +1420,10 @@ google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfG google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= @@ -1272,20 +1431,27 @@ google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201102152239-715cce707fb0/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210126160654-44e461bb6506/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210331142528-b7513248f0ba/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= +google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= +google.golang.org/genproto v0.0.0-20210427215850-f767ed18ee4d/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= +google.golang.org/genproto v0.0.0-20210429181445-86c259c2b4ab/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c h1:wtujag7C+4D6KMoulW9YauvK2lgdvCMS260jsqqBXr0= google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= +google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08 h1:pc16UedxnxXXtGxHCSUhafAoVHQZ0yXl8ZelMH4EETc= +google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= +google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= @@ -1307,6 +1473,7 @@ google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.32.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= +google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= @@ -1327,10 +1494,11 @@ google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2 google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= +google.golang.org/protobuf v1.25.1-0.20200805231151-a709e31e5d12/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -google.golang.org/protobuf v1.26.0 h1:bxAC2xTBsZGibn2RTntX0oH50xLsqy1OxA9tTL3p/lk= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= +google.golang.org/protobuf v1.27.1 h1:SnqbnDw1V7RiZcXPx5MEeqPv2s79L9i7BJUlG/+RurQ= +google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -1341,7 +1509,6 @@ gopkg.in/cheggaaa/pb.v1 v1.0.28/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qS gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o= -gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/natefinch/lumberjack.v2 v2.0.0 h1:1Lc07Kr7qY4U2YPouBjpCLxpiyxIVoxqXgkXLknAOE8= @@ -1349,12 +1516,16 @@ gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24 gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= gopkg.in/square/go-jose.v2 v2.5.1 h1:7odma5RETjNHWJnR32wx8t+Io4djHE1PqxCFx3iiZ2w= gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= +gopkg.in/src-d/go-billy.v4 v4.3.2/go.mod h1:nDjArDMp+XMs1aFAESLRjfGSgfvoYN0hDfzEk0GjC98= +gopkg.in/src-d/go-git-fixtures.v3 v3.5.0/go.mod h1:dLBcvytrw/TYZsNTWCnkNF2DSIlzWYqTe3rJR56Ac7g= +gopkg.in/src-d/go-git.v4 v4.13.1/go.mod h1:nx5NYcxdKxq5fpltdHnPa2Exj4Sx0EclMWZQbYDu2z8= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= @@ -1376,14 +1547,12 @@ honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= howett.net/plist v0.0.0-20181124034731-591f970eefbb h1:jhnBjNi9UFpfpl8YZhA9CrOqpnJdvzuiHsl/dnxl11M= howett.net/plist v0.0.0-20181124034731-591f970eefbb/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0= -mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed/go.mod h1:Xkxe497xwlCKkIaQYRfC7CSLworTXY9RMqwhhCm+8Nc= -mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b/go.mod h1:2odslEg/xrtNQqCYg2/jCoyKnw3vv5biOc3JnIcYfL4= -mvdan.cc/unparam v0.0.0-20190209190245-fbb59629db34/go.mod h1:H6SUd1XjIs+qQCyskXg5OFSrilMRUkD8ePJpHKDPaeY= -mvdan.cc/unparam v0.0.0-20190720180237-d51796306d8f/go.mod h1:4G1h5nDURzA3bwVMZIVpwbkw+04kSxk3rAtzlimaUJw= +pack.ag/amqp v0.11.2/go.mod h1:4/cbmt4EJXSKlG6LCfWHoqmN0uFdy5i/+YFz+fTfhV4= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= +sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= software.sslmate.com/src/go-pkcs12 v0.0.0-20201103104416-57fc603b7f52/go.mod h1:/xvNRWUqm0+/ZMiF4EX00vrSCMsE4/NHb+Pt3freEeQ= sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU= sourcegraph.com/sourcegraph/go-diff v0.5.0/go.mod h1:kuch7UrkMzY0X+p9CRK03kfuPQ2zzQcaEFbx8wA8rck= From 403732c433b816409e3525a9f49b4cc90abc2486 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Thu, 26 Aug 2021 16:31:55 -0400 Subject: [PATCH 0452/1498] httpcaddyfile: Reorder some directives (#4311) We realized we made some mistakes with the directive ordering, so we're making some minor adjustments. `abort` and `error` don't really make sense to be after other handler directives, because you would expect to be able to "fail-fast" and throw an error before falling through to some `file_server` or `respond` typically. So we're moving them up to just before `respond`, i.e. before the common handler directives. This is also more consistent with our existing examples in the docs, which actually didn't work due to the directive ordering. See https://caddyserver.com/docs/caddyfile/directives/error#examples Also, `push` doesn't quite make sense to be after `handle`/`route`, since its job is to read from response headers to push additional resources if necessary, and `handle`/`route` may be terminal so push would not be reached if it was declared outside those. And also, it would make sense to be _before_ `templates` because a template _could_ add a `Link` header to the response dynamically. --- caddyconfig/httpcaddyfile/directives.go | 8 +- .../caddyfile_adapt/error_example.txt | 138 ++++++++++++++++++ 2 files changed, 142 insertions(+), 4 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/error_example.txt diff --git a/caddyconfig/httpcaddyfile/directives.go b/caddyconfig/httpcaddyfile/directives.go index 800e8929..360f91e7 100644 --- a/caddyconfig/httpcaddyfile/directives.go +++ b/caddyconfig/httpcaddyfile/directives.go @@ -44,9 +44,9 @@ var directiveOrder = []string{ "request_body", "redir", - "rewrite", // URI manipulation + "rewrite", "uri", "try_files", @@ -54,23 +54,23 @@ var directiveOrder = []string{ "basicauth", "request_header", "encode", + "push", "templates", // special routing & dispatching directives "handle", "handle_path", "route", - "push", // handlers that typically respond to requests + "abort", + "error", "respond", "metrics", "reverse_proxy", "php_fastcgi", "file_server", "acme_server", - "abort", - "error", } // directiveIsOrdered returns true if dir is diff --git a/caddytest/integration/caddyfile_adapt/error_example.txt b/caddytest/integration/caddyfile_adapt/error_example.txt new file mode 100644 index 00000000..bd42aee5 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/error_example.txt @@ -0,0 +1,138 @@ +example.com { + root * /srv + + # Trigger errors for certain paths + error /private* "Unauthorized" 403 + error /hidden* "Not found" 404 + + # Handle the error by serving an HTML page + handle_errors { + rewrite * /{http.error.status_code}.html + file_server + } + + file_server +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "example.com" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "handler": "vars", + "root": "/srv" + } + ] + }, + { + "handle": [ + { + "error": "Unauthorized", + "handler": "error", + "status_code": 403 + } + ], + "match": [ + { + "path": [ + "/private*" + ] + } + ] + }, + { + "handle": [ + { + "error": "Not found", + "handler": "error", + "status_code": 404 + } + ], + "match": [ + { + "path": [ + "/hidden*" + ] + } + ] + }, + { + "handle": [ + { + "handler": "file_server", + "hide": [ + "./Caddyfile" + ] + } + ] + } + ] + } + ], + "terminal": true + } + ], + "errors": { + "routes": [ + { + "match": [ + { + "host": [ + "example.com" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "group": "group0", + "handle": [ + { + "handler": "rewrite", + "uri": "/{http.error.status_code}.html" + } + ] + }, + { + "handle": [ + { + "handler": "file_server", + "hide": [ + "./Caddyfile" + ] + } + ] + } + ] + } + ], + "terminal": true + } + ] + } + } + } + } + } +} \ No newline at end of file From 84b906a248a7cf7299f39f2f997822cb38387759 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 26 Aug 2021 15:00:25 -0600 Subject: [PATCH 0453/1498] go.mod: Upgrade some dependencies --- go.mod | 14 +++++++------- go.sum | 31 ++++++++++++++++++------------- 2 files changed, 25 insertions(+), 20 deletions(-) diff --git a/go.mod b/go.mod index d869e3a5..1174b7f6 100644 --- a/go.mod +++ b/go.mod @@ -6,15 +6,15 @@ require ( github.com/Masterminds/sprig/v3 v3.2.2 github.com/alecthomas/chroma v0.9.2 github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b - github.com/caddyserver/certmagic v0.14.0 + github.com/caddyserver/certmagic v0.14.3 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-chi/chi v4.1.2+incompatible github.com/google/cel-go v0.7.3 - github.com/google/uuid v1.2.0 - github.com/klauspost/compress v1.13.1 - github.com/klauspost/cpuid/v2 v2.0.6 + github.com/google/uuid v1.3.0 + github.com/klauspost/compress v1.13.4 + github.com/klauspost/cpuid/v2 v2.0.9 github.com/lucas-clemente/quic-go v0.23.0 - github.com/mholt/acmez v0.1.3 + github.com/mholt/acmez v1.0.0 github.com/naoina/go-stringutil v0.1.0 // indirect github.com/naoina/toml v0.1.1 github.com/prometheus/client_golang v1.11.0 @@ -22,9 +22,9 @@ require ( github.com/smallstep/cli v0.16.1 github.com/smallstep/nosql v0.3.8 github.com/smallstep/truststore v0.9.6 - github.com/yuin/goldmark v1.3.8 + github.com/yuin/goldmark v1.4.0 github.com/yuin/goldmark-highlighting v0.0.0-20210516132338-9216f9c5aa01 - go.uber.org/zap v1.17.0 + go.uber.org/zap v1.19.0 golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e golang.org/x/net v0.0.0-20210614182718-04defd469f4e golang.org/x/term v0.0.0-20210503060354-a79de5458b56 diff --git a/go.sum b/go.sum index 77a72138..a9993f93 100644 --- a/go.sum +++ b/go.sum @@ -75,7 +75,6 @@ github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DataDog/zstd v1.4.1/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo= -github.com/DataDog/zstd v1.4.5 h1:EndNeuB0l9syBZhut0wns3gV1hL8zX8LIu6ZiVHWLIQ= github.com/DataDog/zstd v1.4.5/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo= github.com/GoogleCloudPlatform/cloudsql-proxy v0.0.0-20191009163259-e802c2cb94ae/go.mod h1:mjwGPas4yKduTyubHvD1Atl9r1rUq8DfVy+gkVvZ+oo= github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= @@ -160,6 +159,8 @@ github.com/aws/aws-sdk-go v1.37.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zK github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59/go.mod h1:q/89r3U2H7sSsE2t6Kca0lfwTK8JdoNGS/yzM/4iH5I= github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= +github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= +github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -172,8 +173,8 @@ github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= github.com/caarlos0/ctrlc v1.0.0/go.mod h1:CdXpj4rmq0q/1Eb44M9zi2nKB0QraNKuRGYGrrHhcQw= -github.com/caddyserver/certmagic v0.14.0 h1:XW1o32s7smIYEJSc6g+N8YXljpjRo5ZE2zi3CIYTs74= -github.com/caddyserver/certmagic v0.14.0/go.mod h1:oRQOZmUVKwlpgNidslysHt05osM9uMrJ4YMk+Ot4P4Q= +github.com/caddyserver/certmagic v0.14.3 h1:6Q0TX8PVR+h2GJKBeeFQ0cOU4LI4y/9Jf0bBvg/A5NU= +github.com/caddyserver/certmagic v0.14.3/go.mod h1:/0VQ5og2Jxa5yBQ8eT80wWS7fi/DgNy1uXeXRUJ1Wj0= github.com/campoy/unique v0.0.0-20180121183637-88950e537e7e/go.mod h1:9IOqJGCPMSc6E5ydlp5NIonxObaeu/Iub/X03EKPVYo= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= github.com/cavaliercoder/go-cpio v0.0.0-20180626203310-925f9528c45e/go.mod h1:oDpT4efm8tSYHXV5tHSdRvBet/b/QzxZ+XyyPehvm3A= @@ -432,8 +433,8 @@ github.com/google/uuid v0.0.0-20161128191214-064e2069ce9c/go.mod h1:TIyPZe4Mgqvf github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.2.0 h1:qJYtXnJRWmpe7m/3XlyhrsLrEURqHRM2kxzoxXqyUDs= -github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= +github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/wire v0.3.0/go.mod h1:i1DMg/Lu8Sz5yYl25iOdmc5CT5qusaa+zmRWs16741s= github.com/googleapis/gax-go v2.0.0+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= github.com/googleapis/gax-go v2.0.2+incompatible h1:silFMLAnr330+NRuag/VjIGF7TLp/LBrV2CJKFLWEww= @@ -547,10 +548,11 @@ github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQL github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.12.3/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= -github.com/klauspost/compress v1.13.1 h1:wXr2uRxZTJXHLly6qhJabee5JqIhTRoLBhDOA74hDEQ= -github.com/klauspost/compress v1.13.1/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= -github.com/klauspost/cpuid/v2 v2.0.6 h1:dQ5ueTiftKxp0gyjKSx5+8BtPWkyQbd95m8Gys/RarI= +github.com/klauspost/compress v1.13.4 h1:0zhec2I8zGnjWcKyLl6i3gPqKANCCn5e9xmviEEeX6s= +github.com/klauspost/compress v1.13.4/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= github.com/klauspost/cpuid/v2 v2.0.6/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= +github.com/klauspost/cpuid/v2 v2.0.9 h1:lgaqFMSdTdQYdZ04uHyN2d/eKdOMyi2YLSvlQIBFYa4= +github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -615,8 +617,8 @@ github.com/mattn/go-zglob v0.0.1/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb44 github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= -github.com/mholt/acmez v0.1.3 h1:J7MmNIk4Qf9b8mAGqAh4XkNeowv3f1zW816yf4zt7Qk= -github.com/mholt/acmez v0.1.3/go.mod h1:8qnn8QA/Ewx8E3ZSsmscqsIjhhpxuy9vqdgbX2ceceM= +github.com/mholt/acmez v1.0.0 h1:ZAdWrilnq41HTlUO0vMJ6C+z8ZvzQ9I2LR1/Bo+137U= +github.com/mholt/acmez v1.0.0/go.mod h1:8qnn8QA/Ewx8E3ZSsmscqsIjhhpxuy9vqdgbX2ceceM= github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4= github.com/micromdm/scep/v2 v2.0.0 h1:cRzcY0S5QX+0+J+7YC4P2uZSnfMup8S8zJu/bLFgOkA= github.com/micromdm/scep/v2 v2.0.0/go.mod h1:ouaDs5tcjOjdHD/h8BGaQsWE87MUnQ/wMTMgfMMIpPc= @@ -917,8 +919,8 @@ github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.3.6/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= -github.com/yuin/goldmark v1.3.8 h1:Nw158Q8QN+CPgTmVRByhVwapp8Mm1e2blinhmx4wx5E= -github.com/yuin/goldmark v1.3.8/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +github.com/yuin/goldmark v1.4.0 h1:OtISOGfH6sOWa1/qXqqAiOIAO6Z5J3AEAE18WAq6BiQ= +github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark-highlighting v0.0.0-20210516132338-9216f9c5aa01 h1:0SJnXjE4jDClMW6grE0xpNhwpqbPwkBTn8zpVw5C0SI= github.com/yuin/goldmark-highlighting v0.0.0-20210516132338-9216f9c5aa01/go.mod h1:TwKQPa5XkCCRC2GRZ5wtfNUTQ2+9/i19mGRijFeJ4BE= github.com/zmap/rc2 v0.0.0-20131011165748-24b9757f5521/go.mod h1:3YZ9o3WnatTIZhuOtot4IcUfzoKVjUHqu6WALIyI0nE= @@ -991,6 +993,7 @@ go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= +go.uber.org/goleak v1.1.10 h1:z+mqJhf6ss6BSfSM671tgKyZBFPTTJM+HLxnhPC3wu0= go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= @@ -1002,8 +1005,9 @@ go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= go.uber.org/zap v1.15.0/go.mod h1:Mb2vm2krFEG5DV0W9qcHBYFtp/Wku1cvYaqPsS/WYfc= go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ= -go.uber.org/zap v1.17.0 h1:MTjgFu6ZLKvY6Pvaqk97GlxNBuMpV4Hy/3P6tRGlI2U= go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= +go.uber.org/zap v1.19.0 h1:mZQZefskPPCMIBCSEH0v2/iUqqLrYtaeqwD6FUGUnFE= +go.uber.org/zap v1.19.0/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI= go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE= gocloud.dev v0.19.0/go.mod h1:SmKwiR8YwIMMJvQBKLsC3fHNyMwXLw3PMDO+VVteJMI= golang.org/x/build v0.0.0-20190111050920-041ab4dc3f9d/go.mod h1:OWs+y06UdEOHN4y+MfF/py+xQ/tYqIWW03b70/CG9Rw= @@ -1056,6 +1060,7 @@ golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRu golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 h1:VLliZ0d+/avPrXXH+OakdXhpJuEoBZuwh1m2j7U6Iug= golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= From f43fd6f3884d957afc391da3ca689a43ba27eccb Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 30 Aug 2021 13:14:42 -0600 Subject: [PATCH 0454/1498] go.mod: Upgrade CertMagic to v0.14.4 Adds more debug logging --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 1174b7f6..0db9b57c 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/Masterminds/sprig/v3 v3.2.2 github.com/alecthomas/chroma v0.9.2 github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b - github.com/caddyserver/certmagic v0.14.3 + github.com/caddyserver/certmagic v0.14.4 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-chi/chi v4.1.2+incompatible github.com/google/cel-go v0.7.3 diff --git a/go.sum b/go.sum index a9993f93..4029bb4a 100644 --- a/go.sum +++ b/go.sum @@ -173,8 +173,8 @@ github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= github.com/caarlos0/ctrlc v1.0.0/go.mod h1:CdXpj4rmq0q/1Eb44M9zi2nKB0QraNKuRGYGrrHhcQw= -github.com/caddyserver/certmagic v0.14.3 h1:6Q0TX8PVR+h2GJKBeeFQ0cOU4LI4y/9Jf0bBvg/A5NU= -github.com/caddyserver/certmagic v0.14.3/go.mod h1:/0VQ5og2Jxa5yBQ8eT80wWS7fi/DgNy1uXeXRUJ1Wj0= +github.com/caddyserver/certmagic v0.14.4 h1:jlGiMUHOd7p3sgT8zHA/4wckZjIp/6ME2JWGAN5zh5E= +github.com/caddyserver/certmagic v0.14.4/go.mod h1:/0VQ5og2Jxa5yBQ8eT80wWS7fi/DgNy1uXeXRUJ1Wj0= github.com/campoy/unique v0.0.0-20180121183637-88950e537e7e/go.mod h1:9IOqJGCPMSc6E5ydlp5NIonxObaeu/Iub/X03EKPVYo= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= github.com/cavaliercoder/go-cpio v0.0.0-20180626203310-925f9528c45e/go.mod h1:oDpT4efm8tSYHXV5tHSdRvBet/b/QzxZ+XyyPehvm3A= From 4ebf100f099021bbec7eaa5284fe18f5f72feeb4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Steffen=20Br=C3=BCheim?= Date: Tue, 31 Aug 2021 21:36:36 +0200 Subject: [PATCH 0455/1498] encode: ignore flushing until after first write (#4318) * encode: ignore flushing until after first write (fix #4314) The first write will determine if encoding has to be done and will add an Content-Encoding. Until then Flushing has to be delayed so the Content-Encoding header can be added before headers and status code is written. (A passthrough flush would write header and status code) * Update modules/caddyhttp/encode/encode.go Co-authored-by: Matt Holt --- modules/caddyhttp/encode/encode.go | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/modules/caddyhttp/encode/encode.go b/modules/caddyhttp/encode/encode.go index a7abb3f9..8b492050 100644 --- a/modules/caddyhttp/encode/encode.go +++ b/modules/caddyhttp/encode/encode.go @@ -182,6 +182,7 @@ type responseWriter struct { buf *bytes.Buffer config *Encode statusCode int + wroteHeader bool } // WriteHeader stores the status to write when the time comes @@ -195,6 +196,19 @@ func (enc *Encode) Match(rw *responseWriter) bool { return enc.Matcher.Match(rw.statusCode, rw.Header()) } +// Flush implements http.Flusher. It delays the actual Flush of the underlying ResponseWriterWrapper +// until headers were written. +func (rw *responseWriter) Flush() { + if !rw.wroteHeader { + // flushing the underlying ResponseWriter will write header and status code, + // but we need to delay that until we can determine if we must encode and + // therefore add the Content-Encoding header; this happens in the first call + // to rw.Write (see bug in #4314) + return + } + rw.ResponseWriterWrapper.Flush() +} + // Write writes to the response. If the response qualifies, // it is encoded using the encoder, which is initialized // if not done so already. @@ -225,6 +239,7 @@ func (rw *responseWriter) Write(p []byte) (int, error) { if rw.statusCode > 0 { rw.ResponseWriter.WriteHeader(rw.statusCode) rw.statusCode = 0 + rw.wroteHeader = true } switch { @@ -271,6 +286,7 @@ func (rw *responseWriter) Close() error { // that rely on If-None-Match, for example rw.ResponseWriter.WriteHeader(rw.statusCode) rw.statusCode = 0 + rw.wroteHeader = true } if rw.w != nil { err2 := rw.w.Close() From 105dac8c2a3e48ed3957a606322015138752efd2 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 31 Aug 2021 15:44:07 -0400 Subject: [PATCH 0456/1498] ci: Only test cross-build on latest Go version (#4319) This generated way too many test jobs, which weren't really that useful. Cross-build is just to keep us posted on which architectures are building okay, so it's not necessary to do it twice. Only plan9 is not working at this point (see https://github.com/caddyserver/caddy/issues/3615) --- .github/workflows/cross-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cross-build.yml b/.github/workflows/cross-build.yml index 277f22ca..5c038569 100644 --- a/.github/workflows/cross-build.yml +++ b/.github/workflows/cross-build.yml @@ -16,7 +16,7 @@ jobs: fail-fast: false matrix: goos: ['android', 'linux', 'solaris', 'illumos', 'dragonfly', 'freebsd', 'openbsd', 'plan9', 'windows', 'darwin', 'netbsd'] - go: [ '1.16', '1.17' ] + go: [ '1.17' ] runs-on: ubuntu-latest continue-on-error: true steps: From 9f6393c64cd8dc969358d47fb96410d8ee5c063d Mon Sep 17 00:00:00 2001 From: peymaneh <80954461+pymnh@users.noreply.github.com> Date: Thu, 2 Sep 2021 02:08:02 +0200 Subject: [PATCH 0457/1498] cmd: export CaddyVersion(), Commands() (#4316) * cmd: Export CaddyVersion() * cmd: Add getter Commands() --- cmd/commandfuncs.go | 2 +- cmd/commands.go | 6 ++++++ cmd/main.go | 6 +++--- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go index c456a813..8f1c68c8 100644 --- a/cmd/commandfuncs.go +++ b/cmd/commandfuncs.go @@ -331,7 +331,7 @@ func cmdReload(fl Flags) (int, error) { } func cmdVersion(_ Flags) (int, error) { - fmt.Println(caddyVersion()) + fmt.Println(CaddyVersion()) return caddy.ExitCodeSuccess, nil } diff --git a/cmd/commands.go b/cmd/commands.go index 89c4fe43..ccb82b11 100644 --- a/cmd/commands.go +++ b/cmd/commands.go @@ -61,6 +61,12 @@ type Command struct { // any error that occurred. type CommandFunc func(Flags) (int, error) +// Commands returns a list of commands initialised by +// RegisterCommand +func Commands() map[string]Command { + return commands +} + var commands = make(map[string]Command) func init() { diff --git a/cmd/main.go b/cmd/main.go index deac87fe..8a9a2896 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -420,7 +420,7 @@ func printEnvironment() { fmt.Printf("caddy.AppDataDir=%s\n", caddy.AppDataDir()) fmt.Printf("caddy.AppConfigDir=%s\n", caddy.AppConfigDir()) fmt.Printf("caddy.ConfigAutosavePath=%s\n", caddy.ConfigAutosavePath) - fmt.Printf("caddy.Version=%s\n", caddyVersion()) + fmt.Printf("caddy.Version=%s\n", CaddyVersion()) fmt.Printf("runtime.GOOS=%s\n", runtime.GOOS) fmt.Printf("runtime.GOARCH=%s\n", runtime.GOARCH) fmt.Printf("runtime.Compiler=%s\n", runtime.Compiler) @@ -437,8 +437,8 @@ func printEnvironment() { } } -// caddyVersion returns a detailed version string, if available. -func caddyVersion() string { +// CaddyVersion returns a detailed version string, if available. +func CaddyVersion() string { goModule := caddy.GoModule() ver := goModule.Version if goModule.Sum != "" { From e0fc46a911cdabf9bf80563df7ffc02afba1246e Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Fri, 3 Sep 2021 17:05:04 +0300 Subject: [PATCH 0458/1498] ci: revert workaround implemented in #4306 (#4328) --- .github/workflows/ci.yml | 3 --- .github/workflows/release.yml | 4 ---- 2 files changed, 7 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8d15586d..c8b07ff9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -156,9 +156,6 @@ jobs: steps: - name: checkout uses: actions/checkout@v2 - - - name: Create 'caddy-build' - run: mkdir -p caddy-build - uses: goreleaser/goreleaser-action@v2 with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0145b684..834d3034 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -88,10 +88,6 @@ jobs: restore-keys: | ${{ runner.os }}-go${{ matrix.go }}-release - - name: Create the 'caddy-build' dir for GoReleaser - run: | - mkdir -p caddy-build - # GoReleaser will take care of publishing those artifacts into the release - name: Run GoReleaser uses: goreleaser/goreleaser-action@v2 From 46ab93be51754ac16bd7c59443e90481acf83022 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 3 Sep 2021 11:42:13 -0600 Subject: [PATCH 0459/1498] go.mod: Update CertMagic Adds one more debug log --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 0db9b57c..522abd8c 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/Masterminds/sprig/v3 v3.2.2 github.com/alecthomas/chroma v0.9.2 github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b - github.com/caddyserver/certmagic v0.14.4 + github.com/caddyserver/certmagic v0.14.5 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-chi/chi v4.1.2+incompatible github.com/google/cel-go v0.7.3 diff --git a/go.sum b/go.sum index 4029bb4a..ec17c2d2 100644 --- a/go.sum +++ b/go.sum @@ -173,8 +173,8 @@ github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= github.com/caarlos0/ctrlc v1.0.0/go.mod h1:CdXpj4rmq0q/1Eb44M9zi2nKB0QraNKuRGYGrrHhcQw= -github.com/caddyserver/certmagic v0.14.4 h1:jlGiMUHOd7p3sgT8zHA/4wckZjIp/6ME2JWGAN5zh5E= -github.com/caddyserver/certmagic v0.14.4/go.mod h1:/0VQ5og2Jxa5yBQ8eT80wWS7fi/DgNy1uXeXRUJ1Wj0= +github.com/caddyserver/certmagic v0.14.5 h1:y4HcFzLLBMsTv8sSlAPj5K55mvntX8e8ExcmB/lhO6w= +github.com/caddyserver/certmagic v0.14.5/go.mod h1:/0VQ5og2Jxa5yBQ8eT80wWS7fi/DgNy1uXeXRUJ1Wj0= github.com/campoy/unique v0.0.0-20180121183637-88950e537e7e/go.mod h1:9IOqJGCPMSc6E5ydlp5NIonxObaeu/Iub/X03EKPVYo= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= github.com/cavaliercoder/go-cpio v0.0.0-20180626203310-925f9528c45e/go.mod h1:oDpT4efm8tSYHXV5tHSdRvBet/b/QzxZ+XyyPehvm3A= From a779e1b38390205e8286a0578042646d858039a5 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Sat, 11 Sep 2021 16:12:21 -0400 Subject: [PATCH 0460/1498] fastcgi: Fix Caddyfile parsing when `handle_response` is used (#4342) --- .../php_fastcgi_handle_response.txt | 145 ++++++++++++++++++ .../reverseproxy/fastcgi/caddyfile.go | 2 +- 2 files changed, 146 insertions(+), 1 deletion(-) create mode 100644 caddytest/integration/caddyfile_adapt/php_fastcgi_handle_response.txt diff --git a/caddytest/integration/caddyfile_adapt/php_fastcgi_handle_response.txt b/caddytest/integration/caddyfile_adapt/php_fastcgi_handle_response.txt new file mode 100644 index 00000000..42fb6558 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/php_fastcgi_handle_response.txt @@ -0,0 +1,145 @@ +:8881 { + php_fastcgi app:9000 { + env FOO bar + + @error status 4xx + handle_response @error { + root * /errors + rewrite * /{http.reverse_proxy.status_code}.html + file_server + } + } +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":8881" + ], + "routes": [ + { + "match": [ + { + "file": { + "try_files": [ + "{http.request.uri.path}/index.php" + ] + }, + "not": [ + { + "path": [ + "*/" + ] + } + ] + } + ], + "handle": [ + { + "handler": "static_response", + "headers": { + "Location": [ + "{http.request.uri.path}/" + ] + }, + "status_code": 308 + } + ] + }, + { + "match": [ + { + "file": { + "try_files": [ + "{http.request.uri.path}", + "{http.request.uri.path}/index.php", + "index.php" + ], + "split_path": [ + ".php" + ] + } + } + ], + "handle": [ + { + "handler": "rewrite", + "uri": "{http.matchers.file.relative}" + } + ] + }, + { + "match": [ + { + "path": [ + "*.php" + ] + } + ], + "handle": [ + { + "handle_response": [ + { + "match": { + "status_code": [ + 4 + ] + }, + "routes": [ + { + "handle": [ + { + "handler": "vars", + "root": "/errors" + } + ] + }, + { + "group": "group0", + "handle": [ + { + "handler": "rewrite", + "uri": "/{http.reverse_proxy.status_code}.html" + } + ] + }, + { + "handle": [ + { + "handler": "file_server", + "hide": [ + "./Caddyfile" + ] + } + ] + } + ] + } + ], + "handler": "reverse_proxy", + "transport": { + "env": { + "FOO": "bar" + }, + "protocol": "fastcgi", + "split_path": [ + ".php" + ] + }, + "upstreams": [ + { + "dial": "app:9000" + } + ] + } + ] + } + ] + } + } + } + } +} \ No newline at end of file diff --git a/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go b/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go index 0ccd9fec..da1c92d5 100644 --- a/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go @@ -192,7 +192,7 @@ func parsePHPFastCGI(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error // NOTE: we delete the tokens as we go so that the reverse_proxy // unmarshal doesn't see these subdirectives which it cannot handle for dispenser.Next() { - for dispenser.NextBlock(0) { + for dispenser.NextBlock(0) && dispenser.Nesting() == 1 { switch dispenser.Val() { case "root": if !dispenser.NextArg() { From a437206643f35a84dea280c99e7e9555fc8df697 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 13 Sep 2021 10:13:32 -0600 Subject: [PATCH 0461/1498] headers: Canonicalize case in replace (fix #4330) --- modules/caddyhttp/headers/headers.go | 18 +++++++++++------ modules/caddyhttp/headers/headers_test.go | 24 ++++++++++++++++++++++- 2 files changed, 35 insertions(+), 7 deletions(-) diff --git a/modules/caddyhttp/headers/headers.go b/modules/caddyhttp/headers/headers.go index 3571dd92..4cef0a9f 100644 --- a/modules/caddyhttp/headers/headers.go +++ b/modules/caddyhttp/headers/headers.go @@ -213,7 +213,7 @@ func (ops HeaderOps) ApplyTo(hdr http.Header, repl *caddy.Replacer) { // replace for fieldName, replacements := range ops.Replace { - fieldName = repl.ReplaceAll(fieldName, "") + fieldName = http.CanonicalHeaderKey(repl.ReplaceAll(fieldName, "")) // all fields... if fieldName == "*" { @@ -237,11 +237,17 @@ func (ops HeaderOps) ApplyTo(hdr http.Header, repl *caddy.Replacer) { for _, r := range replacements { search := repl.ReplaceAll(r.Search, "") replace := repl.ReplaceAll(r.Replace, "") - for i := range hdr[fieldName] { - if r.re != nil { - hdr[fieldName][i] = r.re.ReplaceAllString(hdr[fieldName][i], replace) - } else { - hdr[fieldName][i] = strings.ReplaceAll(hdr[fieldName][i], search, replace) + for hdrFieldName, vals := range hdr { + // see issue #4330 for why we don't simply use hdr[fieldName] + if http.CanonicalHeaderKey(hdrFieldName) != fieldName { + continue + } + for i := range vals { + if r.re != nil { + hdr[hdrFieldName][i] = r.re.ReplaceAllString(hdr[hdrFieldName][i], replace) + } else { + hdr[hdrFieldName][i] = strings.ReplaceAll(hdr[hdrFieldName][i], search, replace) + } } } } diff --git a/modules/caddyhttp/headers/headers_test.go b/modules/caddyhttp/headers/headers_test.go index 11bdb0df..fb68225e 100644 --- a/modules/caddyhttp/headers/headers_test.go +++ b/modules/caddyhttp/headers/headers_test.go @@ -160,6 +160,28 @@ func TestHandler(t *testing.T) { "Fail-5xx": []string{"true"}, }, }, + { + handler: Handler{ + Request: &HeaderOps{ + Replace: map[string][]Replacement{ + "Case-Insensitive": { + Replacement{ + Search: "issue4330", + Replace: "issue #4330", + }, + }, + }, + }, + }, + reqHeader: http.Header{ + "case-insensitive": []string{"issue4330"}, + "Other-Header": []string{"issue4330"}, + }, + expectedReqHeader: http.Header{ + "case-insensitive": []string{"issue #4330"}, + "Other-Header": []string{"issue4330"}, + }, + }, } { rr := httptest.NewRecorder() @@ -191,7 +213,7 @@ func TestHandler(t *testing.T) { }) if err := tc.handler.ServeHTTP(rr, req, next); err != nil { - t.Errorf("Test %d: %w", i, err) + t.Errorf("Test %d: %v", i, err) continue } From 2392478bd3cf3e2878b3fa0eac8859a6374e0fa8 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 15 Sep 2021 09:55:57 -0600 Subject: [PATCH 0462/1498] templates: Propagate httpError to HTTP response Now possible with Go 1.17. See https://github.com/golang/go/issues/34201. --- modules/caddyhttp/templates/templates.go | 7 +++++++ modules/caddyhttp/templates/tplcontext.go | 5 ++--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/modules/caddyhttp/templates/templates.go b/modules/caddyhttp/templates/templates.go index 33e5a70c..6fed8c89 100644 --- a/modules/caddyhttp/templates/templates.go +++ b/modules/caddyhttp/templates/templates.go @@ -16,6 +16,7 @@ package templates import ( "bytes" + "errors" "fmt" "net/http" "strconv" @@ -312,6 +313,12 @@ func (t *Templates) executeTemplate(rr caddyhttp.ResponseRecorder, r *http.Reque err := ctx.executeTemplateInBuffer(r.URL.Path, rr.Buffer()) if err != nil { + // templates may return a custom HTTP error to be propagated to the client, + // otherwise for any other error we assume the template is broken + var handlerErr caddyhttp.HandlerError + if errors.As(err, &handlerErr) { + return handlerErr + } return caddyhttp.Error(http.StatusInternalServerError, err) } diff --git a/modules/caddyhttp/templates/tplcontext.go b/modules/caddyhttp/templates/tplcontext.go index 1a145a2e..14ac31b7 100644 --- a/modules/caddyhttp/templates/tplcontext.go +++ b/modules/caddyhttp/templates/tplcontext.go @@ -350,9 +350,8 @@ func (c TemplateContext) funcFileExists(filename string) (bool, error) { return false, nil } -// funcHTTPError returns a structured HTTP handler error. EXPERIMENTAL. -// TODO: Requires https://github.com/golang/go/issues/34201 to be fixed (Go 1.17). -// Example usage might be: `{{if not (fileExists $includeFile)}}{{httpError 404}}{{end}}` +// funcHTTPError returns a structured HTTP handler error. EXPERIMENTAL; SUBJECT TO CHANGE. +// Example usage: `{{if not (fileExists $includeFile)}}{{httpError 404}}{{end}}` func (c TemplateContext) funcHTTPError(statusCode int) (bool, error) { return false, caddyhttp.Error(statusCode, nil) } From 2ebfda1ae93d356a2d3df53bf3411248886bafaf Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 16 Sep 2021 12:50:32 -0600 Subject: [PATCH 0463/1498] Make copyright notice more consistent Some files had the old copyright or were missing the license comment entirely. Also change Light Code Labs to Dyanim in security contact and releases. --- .github/SECURITY.md | 2 +- .goreleaser.yml | 2 +- caddyconfig/caddyfile/lexer.go | 2 +- caddyconfig/caddyfile/lexer_test.go | 2 +- caddyconfig/caddyfile/parse.go | 2 +- caddyconfig/caddyfile/parse_test.go | 2 +- caddyconfig/httploader.go | 14 ++++++++++++++ 7 files changed, 20 insertions(+), 6 deletions(-) diff --git a/.github/SECURITY.md b/.github/SECURITY.md index 8a957ce7..9d1b313c 100644 --- a/.github/SECURITY.md +++ b/.github/SECURITY.md @@ -48,7 +48,7 @@ We consider publicly-registered domain names to be public information. This nece It will speed things up if you suggest a working patch, such as a code diff, and explain why and how it works. Reports that are not actionable, do not contain enough information, are too pushy/demanding, or are not able to convince us that it is a viable and practical attack on the web server itself may be deferred to a later time or possibly ignored, depending on available resources. Priority will be given to credible, responsible reports that are constructive, specific, and actionable. (We get a lot of invalid reports.) Thank you for understanding. -When you are ready, please email Matt Holt (the author) directly: matt [at] lightcodelabs [dot com]. +When you are ready, please email Matt Holt (the author) directly: matt at dyanim dot com. Please don't encrypt the email body. It only makes the process more complicated. diff --git a/.goreleaser.yml b/.goreleaser.yml index 22074316..3b7c114b 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -75,7 +75,7 @@ nfpms: - id: default package_name: caddy - vendor: Light Code Labs + vendor: Dyanim homepage: https://caddyserver.com maintainer: Matthew Holt description: | diff --git a/caddyconfig/caddyfile/lexer.go b/caddyconfig/caddyfile/lexer.go index f4da2391..968277f4 100755 --- a/caddyconfig/caddyfile/lexer.go +++ b/caddyconfig/caddyfile/lexer.go @@ -1,4 +1,4 @@ -// Copyright 2015 Light Code Labs, LLC +// Copyright 2015 Matthew Holt and The Caddy Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. diff --git a/caddyconfig/caddyfile/lexer_test.go b/caddyconfig/caddyfile/lexer_test.go index 57df16cb..30ee0f63 100755 --- a/caddyconfig/caddyfile/lexer_test.go +++ b/caddyconfig/caddyfile/lexer_test.go @@ -1,4 +1,4 @@ -// Copyright 2015 Light Code Labs, LLC +// Copyright 2015 Matthew Holt and The Caddy Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. diff --git a/caddyconfig/caddyfile/parse.go b/caddyconfig/caddyfile/parse.go index c0f60794..0fe07ab9 100755 --- a/caddyconfig/caddyfile/parse.go +++ b/caddyconfig/caddyfile/parse.go @@ -1,4 +1,4 @@ -// Copyright 2015 Light Code Labs, LLC +// Copyright 2015 Matthew Holt and The Caddy Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. diff --git a/caddyconfig/caddyfile/parse_test.go b/caddyconfig/caddyfile/parse_test.go index 12c71395..0996ed04 100755 --- a/caddyconfig/caddyfile/parse_test.go +++ b/caddyconfig/caddyfile/parse_test.go @@ -1,4 +1,4 @@ -// Copyright 2015 Light Code Labs, LLC +// Copyright 2015 Matthew Holt and The Caddy Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. diff --git a/caddyconfig/httploader.go b/caddyconfig/httploader.go index aabd1035..d9e222bb 100644 --- a/caddyconfig/httploader.go +++ b/caddyconfig/httploader.go @@ -1,3 +1,17 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package caddyconfig import ( From 33c70f418f780f8e9524c73fbf4bbdbdbb9d7500 Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Thu, 16 Sep 2021 23:40:31 +0300 Subject: [PATCH 0464/1498] fileserver: properly handle escaped/non-ascii paths (#4332) * fileserver: properly handle escaped/non-ascii paths * fileserver: tests: accommodate Windows hate of colons in files names --- modules/caddyhttp/caddyhttp.go | 2 + .../caddyhttp/fileserver/browsetplcontext.go | 7 +-- modules/caddyhttp/fileserver/matcher_test.go | 43 +++++++++++++++++++ modules/caddyhttp/fileserver/staticfiles.go | 11 +++++ .../testdata/%D9%85%D9%84%D9%81.txt | 1 + modules/caddyhttp/fileserver/testdata/ملف.txt | 1 + 6 files changed, 62 insertions(+), 3 deletions(-) create mode 100644 modules/caddyhttp/fileserver/testdata/%D9%85%D9%84%D9%81.txt create mode 100644 modules/caddyhttp/fileserver/testdata/ملف.txt diff --git a/modules/caddyhttp/caddyhttp.go b/modules/caddyhttp/caddyhttp.go index 784b2b90..1404c796 100644 --- a/modules/caddyhttp/caddyhttp.go +++ b/modules/caddyhttp/caddyhttp.go @@ -20,6 +20,7 @@ import ( "io" "net" "net/http" + "net/url" "path/filepath" "strconv" "strings" @@ -227,6 +228,7 @@ func StatusCodeMatches(actual, configured int) bool { // never be outside of root. The resulting path can be used // with the local file system. func SanitizedPathJoin(root, reqPath string) string { + reqPath, _ = url.PathUnescape(reqPath) if root == "" { root = "." } diff --git a/modules/caddyhttp/fileserver/browsetplcontext.go b/modules/caddyhttp/fileserver/browsetplcontext.go index d420c489..6aa75013 100644 --- a/modules/caddyhttp/fileserver/browsetplcontext.go +++ b/modules/caddyhttp/fileserver/browsetplcontext.go @@ -42,15 +42,16 @@ func (fsrv *FileServer) directoryListing(files []os.FileInfo, canGoUp bool, root isDir := f.IsDir() || isSymlinkTargetDir(f, root, urlPath) + u := url.URL{Path: url.PathEscape(name)} + + // add the slash after the escape of path to avoid escaping the slash as well if isDir { - name += "/" + u.Path += "/" dirCount++ } else { fileCount++ } - u := url.URL{Path: "./" + name} // prepend with "./" to fix paths with ':' in the name - fileInfos = append(fileInfos, fileInfo{ IsDir: isDir, IsSymlink: isSymlink(f), diff --git a/modules/caddyhttp/fileserver/matcher_test.go b/modules/caddyhttp/fileserver/matcher_test.go index 746a5d78..5b6078ad 100644 --- a/modules/caddyhttp/fileserver/matcher_test.go +++ b/modules/caddyhttp/fileserver/matcher_test.go @@ -17,12 +17,31 @@ package fileserver import ( "net/http" "net/url" + "os" + "runtime" "testing" "github.com/caddyserver/caddy/v2/modules/caddyhttp" ) func TestFileMatcher(t *testing.T) { + + // Windows doesn't like colons in files names + isWindows := runtime.GOOS == "windows" + if !isWindows { + filename := "with:in-name.txt" + f, err := os.Create("./testdata/" + filename) + if err != nil { + t.Fail() + return + } + t.Cleanup(func() { + os.Remove("./testdata/" + filename) + }) + f.WriteString(filename) + f.Close() + } + for i, tc := range []struct { path string expectedPath string @@ -63,6 +82,30 @@ func TestFileMatcher(t *testing.T) { path: "/missingfile.php", matched: false, }, + { + path: "ملف.txt", // the path file name is not escaped + expectedPath: "ملف.txt", + expectedType: "file", + matched: true, + }, + { + path: url.PathEscape("ملف.txt"), // singly-escaped path + expectedPath: "ملف.txt", + expectedType: "file", + matched: true, + }, + { + path: url.PathEscape(url.PathEscape("ملف.txt")), // doubly-escaped path + expectedPath: "%D9%85%D9%84%D9%81.txt", + expectedType: "file", + matched: true, + }, + { + path: "./with:in-name.txt", // browsers send the request with the path as such + expectedPath: "with:in-name.txt", + expectedType: "file", + matched: !isWindows, + }, } { m := &MatchFile{ Root: "./testdata", diff --git a/modules/caddyhttp/fileserver/staticfiles.go b/modules/caddyhttp/fileserver/staticfiles.go index 592b3171..3e096e1f 100644 --- a/modules/caddyhttp/fileserver/staticfiles.go +++ b/modules/caddyhttp/fileserver/staticfiles.go @@ -19,6 +19,7 @@ import ( weakrand "math/rand" "mime" "net/http" + "net/url" "os" "path" "path/filepath" @@ -165,6 +166,16 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c filesToHide := fsrv.transformHidePaths(repl) root := repl.ReplaceAll(fsrv.Root, ".") + // PathUnescape returns an error if the escapes aren't well-formed, + // meaning the count % matches the RFC. Return early if the escape is + // improper. + if _, err := url.PathUnescape(r.URL.Path); err != nil { + fsrv.logger.Debug("improper path escape", + zap.String("site_root", root), + zap.String("request_path", r.URL.Path), + zap.Error(err)) + return err + } filename := caddyhttp.SanitizedPathJoin(root, r.URL.Path) fsrv.logger.Debug("sanitized path join", diff --git a/modules/caddyhttp/fileserver/testdata/%D9%85%D9%84%D9%81.txt b/modules/caddyhttp/fileserver/testdata/%D9%85%D9%84%D9%81.txt new file mode 100644 index 00000000..0f4bf1a9 --- /dev/null +++ b/modules/caddyhttp/fileserver/testdata/%D9%85%D9%84%D9%81.txt @@ -0,0 +1 @@ +%D9%85%D9%84%D9%81.txt \ No newline at end of file diff --git a/modules/caddyhttp/fileserver/testdata/ملف.txt b/modules/caddyhttp/fileserver/testdata/ملف.txt new file mode 100644 index 00000000..91858286 --- /dev/null +++ b/modules/caddyhttp/fileserver/testdata/ملف.txt @@ -0,0 +1 @@ +ملف.txt \ No newline at end of file From 907e2d8d3a8ebaf14aa99939c493e56645bc2089 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Fri, 17 Sep 2021 02:52:32 -0400 Subject: [PATCH 0465/1498] caddyhttp: Add support for triggering errors from `try_files` (#4346) * caddyhttp: Add support for triggering errors from `try_files` * caddyhttp: Use vars instead of placeholders/replacer for matcher errors * caddyhttp: Add comment for matcher error var key --- modules/caddyhttp/fileserver/matcher.go | 25 ++++++++++++++++++++++++- modules/caddyhttp/matchers.go | 6 ++++++ modules/caddyhttp/routes.go | 9 +++++++++ 3 files changed, 39 insertions(+), 1 deletion(-) diff --git a/modules/caddyhttp/fileserver/matcher.go b/modules/caddyhttp/fileserver/matcher.go index 739b9e05..f8e9ce0f 100644 --- a/modules/caddyhttp/fileserver/matcher.go +++ b/modules/caddyhttp/fileserver/matcher.go @@ -19,6 +19,7 @@ import ( "net/http" "os" "path" + "strconv" "strings" "time" @@ -60,7 +61,11 @@ type MatchFile struct { // directories are treated distinctly, so to match // a directory, the filepath MUST end in a forward // slash `/`. To match a regular file, there must - // be no trailing slash. Accepts placeholders. + // be no trailing slash. Accepts placeholders. If + // the policy is "first_exist", then an error may + // be triggered as a fallback by configuring "=" + // followed by a status code number, + // for example "=404". TryFiles []string `json:"try_files,omitempty"` // How to choose a file in TryFiles. Can be: @@ -205,6 +210,10 @@ func (m MatchFile) selectFile(r *http.Request) (matched bool) { switch m.TryPolicy { case "", tryPolicyFirstExist: for _, f := range m.TryFiles { + if err := parseErrorCode(f); err != nil { + caddyhttp.SetVar(r.Context(), caddyhttp.MatcherErrorVarKey, err) + return + } suffix, fullpath, remainder := prepareFilePath(f) if info, exists := strictFileExists(fullpath); exists { setPlaceholders(info, suffix, fullpath, remainder) @@ -274,6 +283,20 @@ func (m MatchFile) selectFile(r *http.Request) (matched bool) { return } +// parseErrorCode checks if the input is a status +// code number, prefixed by "=", and returns an +// error if so. +func parseErrorCode(input string) error { + if len(input) > 1 && input[0] == '=' { + code, err := strconv.Atoi(input[1:]) + if err != nil || code < 100 || code > 999 { + return nil + } + return caddyhttp.Error(code, fmt.Errorf("%s", input[1:])) + } + return nil +} + // strictFileExists returns true if file exists // and matches the convention of the given file // path. If the path ends in a forward slash, diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index b452d48e..a22a3f1d 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -987,6 +987,12 @@ var wordRE = regexp.MustCompile(`\w+`) const regexpPlaceholderPrefix = "http.regexp" +// MatcherErrorVarKey is the key used for the variable that +// holds an optional error emitted from a request matcher, +// to short-circuit the handler chain, since matchers cannot +// return errors via the RequestMatcher interface. +const MatcherErrorVarKey = "matchers.error" + // Interface guards var ( _ RequestMatcher = (*MatchHost)(nil) diff --git a/modules/caddyhttp/routes.go b/modules/caddyhttp/routes.go index ebd763c7..7b2871ff 100644 --- a/modules/caddyhttp/routes.go +++ b/modules/caddyhttp/routes.go @@ -200,6 +200,15 @@ func wrapRoute(route Route) Middleware { // route must match at least one of the matcher sets if !route.MatcherSets.AnyMatch(req) { + // allow matchers the opportunity to short circuit + // the request and trigger the error handling chain + err, ok := GetVar(req.Context(), MatcherErrorVarKey).(error) + if ok { + return err + } + + // call the next handler, and skip this one, + // since the matcher didn't match return nextCopy.ServeHTTP(rw, req) } From 3f2c3ecf85b590473030b21fd2b5fc9c8ef88744 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Fri, 17 Sep 2021 10:23:06 -0400 Subject: [PATCH 0466/1498] fastcgi: Implement `try_files` override in Caddyfile directive (#4347) --- .../php_fastcgi_try_files_override.txt | 124 ++++++++++++++++++ .../reverseproxy/fastcgi/caddyfile.go | 42 ++++-- 2 files changed, 155 insertions(+), 11 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/php_fastcgi_try_files_override.txt diff --git a/caddytest/integration/caddyfile_adapt/php_fastcgi_try_files_override.txt b/caddytest/integration/caddyfile_adapt/php_fastcgi_try_files_override.txt new file mode 100644 index 00000000..2f4ef767 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/php_fastcgi_try_files_override.txt @@ -0,0 +1,124 @@ +:8884 + +php_fastcgi localhost:9000 { + # some php_fastcgi-specific subdirectives + split .php .php5 + env VAR1 value1 + env VAR2 value2 + root /var/www + try_files {path} {path}/index.php =404 + dial_timeout 3s + read_timeout 10s + write_timeout 20s + + # passed through to reverse_proxy (directive order doesn't matter!) + lb_policy random +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":8884" + ], + "routes": [ + { + "match": [ + { + "file": { + "try_files": [ + "{http.request.uri.path}/index.php" + ] + }, + "not": [ + { + "path": [ + "*/" + ] + } + ] + } + ], + "handle": [ + { + "handler": "static_response", + "headers": { + "Location": [ + "{http.request.uri.path}/" + ] + }, + "status_code": 308 + } + ] + }, + { + "match": [ + { + "file": { + "try_files": [ + "{http.request.uri.path}", + "{http.request.uri.path}/index.php", + "=404" + ], + "split_path": [ + ".php", + ".php5" + ] + } + } + ], + "handle": [ + { + "handler": "rewrite", + "uri": "{http.matchers.file.relative}" + } + ] + }, + { + "match": [ + { + "path": [ + "*.php", + "*.php5" + ] + } + ], + "handle": [ + { + "handler": "reverse_proxy", + "load_balancing": { + "selection_policy": { + "policy": "random" + } + }, + "transport": { + "dial_timeout": 3000000000, + "env": { + "VAR1": "value1", + "VAR2": "value2" + }, + "protocol": "fastcgi", + "read_timeout": 10000000000, + "root": "/var/www", + "split_path": [ + ".php", + ".php5" + ], + "write_timeout": 20000000000 + }, + "upstreams": [ + { + "dial": "localhost:9000" + } + ] + } + ] + } + ] + } + } + } + } +} diff --git a/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go b/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go index da1c92d5..1b4cecf4 100644 --- a/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go @@ -124,21 +124,22 @@ func (t *Transport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { // // is equivalent to a route consisting of: // +// # Add trailing slash for directory requests // @canonicalPath { -// file { -// try_files {path}/index.php -// } -// not { -// path */ -// } +// file {path}/index.php +// not path */ // } // redir @canonicalPath {path}/ 308 // -// try_files {path} {path}/index.php index.php -// -// @phpFiles { -// path *.php +// # If the requested file does not exist, try index files +// @indexFiles file { +// try_files {path} {path}/index.php index.php +// split_path .php // } +// rewrite @indexFiles {http.matchers.file.relative} +// +// # Proxy PHP files to the FastCGI responder +// @phpFiles path *.php // reverse_proxy @phpFiles localhost:7777 { // transport fastcgi { // split .php @@ -172,6 +173,9 @@ func parsePHPFastCGI(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error // set the default index file for the try_files rewrites indexFile := "index.php" + // set up for explicitly overriding try_files + tryFiles := []string{} + // if the user specified a matcher token, use that // matcher in a route that wraps both of our routes; // either way, strip the matcher token and pass @@ -237,6 +241,17 @@ func parsePHPFastCGI(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error } indexFile = args[0] + case "try_files": + args := dispenser.RemainingArgs() + dispenser.Delete() + for range args { + dispenser.Delete() + } + if len(args) < 1 { + return nil, dispenser.ArgErr() + } + tryFiles = args + case "resolve_root_symlink": args := dispenser.RemainingArgs() dispenser.Delete() @@ -318,10 +333,15 @@ func parsePHPFastCGI(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error HandlersRaw: []json.RawMessage{caddyconfig.JSONModuleObject(redirHandler, "handler", "static_response", nil)}, } + // if tryFiles wasn't overridden, use a reasonable default + if len(tryFiles) == 0 { + tryFiles = []string{"{http.request.uri.path}", "{http.request.uri.path}/" + indexFile, indexFile} + } + // route to rewrite to PHP index file rewriteMatcherSet := caddy.ModuleMap{ "file": h.JSON(fileserver.MatchFile{ - TryFiles: []string{"{http.request.uri.path}", "{http.request.uri.path}/" + indexFile, indexFile}, + TryFiles: tryFiles, SplitPath: extensions, }), } From 5fda9610f907482497a7b32abb2ab2f85a4e6906 Mon Sep 17 00:00:00 2001 From: Tim Culverhouse Date: Fri, 17 Sep 2021 14:00:36 -0500 Subject: [PATCH 0467/1498] templates: Add 'import' action (#4321) Related to (closed) Issue #2094 on template inheritance. This PR adds a new function called "import" which works like "include", except it only takes one argument and passes it to the referenced file to be used as "." in that file. * Update tplcontext.go Add {{ render "/path/to/file.ext" $data }} via funcRender * Update tplcontext.go * Refactor funcInclude, add funcImport to enable {{block}} and {{template}} * Fix funcImport return of nil showing up in html * Update godocs for and --- modules/caddyhttp/templates/templates.go | 18 ++++- modules/caddyhttp/templates/tplcontext.go | 81 +++++++++++++++-------- 2 files changed, 72 insertions(+), 27 deletions(-) diff --git a/modules/caddyhttp/templates/templates.go b/modules/caddyhttp/templates/templates.go index 6fed8c89..8f2ea2c1 100644 --- a/modules/caddyhttp/templates/templates.go +++ b/modules/caddyhttp/templates/templates.go @@ -91,9 +91,25 @@ func init() { // {{httpInclude "/foo/bar?q=val"}} // ``` // +// ##### `import` +// +// Imports the contents of another file and adds any template definitions to the template stack. If there are no defitions, the filepath will be the defition name. Any {{ define }} blocks will be accessible by {{ template }} or {{ block }}. Imports must happen before the template or block action is called +// +// **filename.html** +// ``` +// {{ define "main" }} +// content +// {{ end }} +// +// **index.html** +// ``` +// {{ import "/path/to/file.html" }} +// {{ template "main" }} +// ``` +// // ##### `include` // -// Includes the contents of another file. Optionally can pass key-value pairs as arguments to be accessed by the included file. +// Includes the contents of another file and renders in-place. Optionally can pass key-value pairs as arguments to be accessed by the included file. // // ``` // {{include "path/to/file.html"}} // no arguments diff --git a/modules/caddyhttp/templates/tplcontext.go b/modules/caddyhttp/templates/tplcontext.go index 14ac31b7..71886c9a 100644 --- a/modules/caddyhttp/templates/tplcontext.go +++ b/modules/caddyhttp/templates/tplcontext.go @@ -46,24 +46,26 @@ type TemplateContext struct { RespHeader WrappedHeader config *Templates + tpl *template.Template } // NewTemplate returns a new template intended to be evaluated with this // context, as it is initialized with configuration from this context. -func (c TemplateContext) NewTemplate(tplName string) *template.Template { - tpl := template.New(tplName) +func (c *TemplateContext) NewTemplate(tplName string) *template.Template { + c.tpl = template.New(tplName) // customize delimiters, if applicable if c.config != nil && len(c.config.Delimiters) == 2 { - tpl.Delims(c.config.Delimiters[0], c.config.Delimiters[1]) + c.tpl.Delims(c.config.Delimiters[0], c.config.Delimiters[1]) } // add sprig library - tpl.Funcs(sprigFuncMap) + c.tpl.Funcs(sprigFuncMap) // add our own library - tpl.Funcs(template.FuncMap{ + c.tpl.Funcs(template.FuncMap{ "include": c.funcInclude, + "import": c.funcImport, "httpInclude": c.funcHTTPInclude, "stripHTML": c.funcStripHTML, "markdown": c.funcMarkdown, @@ -74,8 +76,7 @@ func (c TemplateContext) NewTemplate(tplName string) *template.Template { "fileExists": c.funcFileExists, "httpError": c.funcHTTPError, }) - - return tpl + return c.tpl } // OriginalReq returns the original, unmodified, un-rewritten request as @@ -85,26 +86,13 @@ func (c TemplateContext) OriginalReq() http.Request { return or } -// funcInclude returns the contents of filename relative to the site root. +// funcInclude returns the contents of filename relative to the site root and renders it in place. // Note that included files are NOT escaped, so you should only include // trusted files. If it is not trusted, be sure to use escaping functions // in your template. func (c TemplateContext) funcInclude(filename string, args ...interface{}) (string, error) { - if c.Root == nil { - return "", fmt.Errorf("root file system not specified") - } + bodyBuf, err := c.readFileToBuffer(filename) - file, err := c.Root.Open(filename) - if err != nil { - return "", err - } - defer file.Close() - - bodyBuf := bufPool.Get().(*bytes.Buffer) - bodyBuf.Reset() - defer bufPool.Put(bodyBuf) - - _, err = io.Copy(bodyBuf, file) if err != nil { return "", err } @@ -119,6 +107,30 @@ func (c TemplateContext) funcInclude(filename string, args ...interface{}) (stri return bodyBuf.String(), nil } +// readFileToBuffer returns the contents of filename relative to root as a buffer +func (c TemplateContext) readFileToBuffer(filename string) (*bytes.Buffer, error) { + if c.Root == nil { + return nil, fmt.Errorf("root file system not specified") + } + + file, err := c.Root.Open(filename) + if err != nil { + return nil, err + } + defer file.Close() + + bodyBuf := bufPool.Get().(*bytes.Buffer) + bodyBuf.Reset() + defer bufPool.Put(bodyBuf) + + _, err = io.Copy(bodyBuf, file) + if err != nil { + return nil, err + } + + return bodyBuf, nil +} + // funcHTTPInclude returns the body of a virtual (lightweight) request // to the given URI on the same server. Note that included bodies // are NOT escaped, so you should only include trusted resources. @@ -167,17 +179,34 @@ func (c TemplateContext) funcHTTPInclude(uri string) (string, error) { return buf.String(), nil } -func (c TemplateContext) executeTemplateInBuffer(tplName string, buf *bytes.Buffer) error { - tpl := c.NewTemplate(tplName) +// funcImport parses the filename into the current template stack. The imported +// file will be rendered within the current template by calling {{ block }} or +// {{ template }} from the standard template library. If the imported file has +// no {{ define }} blocks, the name of the import will be the path +func (c *TemplateContext) funcImport(filename string) (string, error) { + bodyBuf, err := c.readFileToBuffer(filename) + if err != nil { + return "", err + } - parsedTpl, err := tpl.Parse(buf.String()) + _, err = c.tpl.Parse(bodyBuf.String()) + if err != nil { + return "", err + } + return "", nil +} + +func (c *TemplateContext) executeTemplateInBuffer(tplName string, buf *bytes.Buffer) error { + c.NewTemplate(tplName) + + _, err := c.tpl.Parse(buf.String()) if err != nil { return err } buf.Reset() // reuse buffer for output - return parsedTpl.Execute(buf, c) + return c.tpl.Execute(buf, c) } func (c TemplateContext) funcPlaceholder(name string) string { From d3a025994466c3d055fc3fc62bbb048c76f3e1c2 Mon Sep 17 00:00:00 2001 From: HayatoShiba <55432631+HayatoShiba@users.noreply.github.com> Date: Sat, 18 Sep 2021 20:51:59 +0900 Subject: [PATCH 0468/1498] fileserver: Fix displayed file size if it is symlink (#4354) * Fix file size if it is symlink * change the variable name for readability --- modules/caddyhttp/fileserver/browse.go | 7 ++++++- .../caddyhttp/fileserver/browsetplcontext.go | 20 ++++++++++++++----- 2 files changed, 21 insertions(+), 6 deletions(-) diff --git a/modules/caddyhttp/fileserver/browse.go b/modules/caddyhttp/fileserver/browse.go index cd9bcbcd..92a1e6ec 100644 --- a/modules/caddyhttp/fileserver/browse.go +++ b/modules/caddyhttp/fileserver/browse.go @@ -137,7 +137,12 @@ func (fsrv *FileServer) loadDirectoryContents(dir *os.File, root, urlPath string // user can presumably browse "up" to parent folder if path is longer than "/" canGoUp := len(urlPath) > 1 - return fsrv.directoryListing(files, canGoUp, root, urlPath, repl), nil + l, err := fsrv.directoryListing(files, canGoUp, root, urlPath, repl) + if err != nil { + return browseTemplateContext{}, err + } + + return l, nil } // browseApplyQueryParams applies query parameters to the listing. diff --git a/modules/caddyhttp/fileserver/browsetplcontext.go b/modules/caddyhttp/fileserver/browsetplcontext.go index 6aa75013..7dc4f080 100644 --- a/modules/caddyhttp/fileserver/browsetplcontext.go +++ b/modules/caddyhttp/fileserver/browsetplcontext.go @@ -27,7 +27,7 @@ import ( "github.com/dustin/go-humanize" ) -func (fsrv *FileServer) directoryListing(files []os.FileInfo, canGoUp bool, root, urlPath string, repl *caddy.Replacer) browseTemplateContext { +func (fsrv *FileServer) directoryListing(files []os.FileInfo, canGoUp bool, root, urlPath string, repl *caddy.Replacer) (browseTemplateContext, error) { filesToHide := fsrv.transformHidePaths(repl) var dirCount, fileCount int @@ -52,11 +52,21 @@ func (fsrv *FileServer) directoryListing(files []os.FileInfo, canGoUp bool, root fileCount++ } + fileIsSymlink := isSymlink(f) + size := f.Size() + if fileIsSymlink { + info, err := os.Stat(name) + if err != nil { + return browseTemplateContext{}, err + } + size = info.Size() + } + fileInfos = append(fileInfos, fileInfo{ IsDir: isDir, - IsSymlink: isSymlink(f), - Name: f.Name(), - Size: f.Size(), + IsSymlink: fileIsSymlink, + Name: name, + Size: size, URL: u.String(), ModTime: f.ModTime().UTC(), Mode: f.Mode(), @@ -70,7 +80,7 @@ func (fsrv *FileServer) directoryListing(files []os.FileInfo, canGoUp bool, root Items: fileInfos, NumDirs: dirCount, NumFiles: fileCount, - } + }, nil } // browseTemplateContext provides the template context for directory listings. From 0a5f7a677f00e1406247fb77c6a8f45898532ae5 Mon Sep 17 00:00:00 2001 From: Slavik Date: Sun, 19 Sep 2021 21:01:11 -0700 Subject: [PATCH 0469/1498] fileserver: Make file listing links purple once visited (#4356) --- modules/caddyhttp/fileserver/browsetpl.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/caddyhttp/fileserver/browsetpl.go b/modules/caddyhttp/fileserver/browsetpl.go index 69575090..72b0ec67 100644 --- a/modules/caddyhttp/fileserver/browsetpl.go +++ b/modules/caddyhttp/fileserver/browsetpl.go @@ -39,6 +39,10 @@ h1 a:hover { color: #319cff; } +a:visited { + color: #800080; +} + header, #summary { padding-left: 5%; From 16f752125fb5d6fe46b9dea95eec8804bfdb24f8 Mon Sep 17 00:00:00 2001 From: Tim Culverhouse Date: Mon, 20 Sep 2021 13:29:37 -0500 Subject: [PATCH 0470/1498] templates: Add tests for funcInclude and funcImport (#4357) * Update tplcontext.go Add {{ render "/path/to/file.ext" $data }} via funcRender * Update tplcontext.go * Refactor funcInclude, add funcImport to enable {{block}} and {{template}} * Fix funcImport return of nil showing up in html * Update godocs for and * Add tests for funcInclude * Add tests for funcImport * os.RemoveAll -> os.Remove for TestFuncInclude and TestFuncImport --- .../caddyhttp/templates/tplcontext_test.go | 134 ++++++++++++++++++ 1 file changed, 134 insertions(+) diff --git a/modules/caddyhttp/templates/tplcontext_test.go b/modules/caddyhttp/templates/tplcontext_test.go index efee3bed..1d15ca73 100644 --- a/modules/caddyhttp/templates/tplcontext_test.go +++ b/modules/caddyhttp/templates/tplcontext_test.go @@ -91,6 +91,140 @@ func TestCookie(t *testing.T) { } } +func TestImport(t *testing.T) { + for i, test := range []struct { + fileContent string + fileName string + shouldErr bool + expect string + }{ + { + // file exists, template is defined + fileContent: `{{ define "imported" }}text{{end}}`, + fileName: "file1", + shouldErr: false, + expect: `"imported"`, + }, + { + // file does not exit + fileContent: "", + fileName: "", + shouldErr: true, + }, + } { + context := getContextOrFail(t) + var absFilePath string + + // create files for test case + if test.fileName != "" { + absFilePath := filepath.Join(fmt.Sprintf("%s", context.Root), test.fileName) + if err := ioutil.WriteFile(absFilePath, []byte(test.fileContent), os.ModePerm); err != nil { + os.Remove(absFilePath) + t.Fatalf("Test %d: Expected no error creating file, got: '%s'", i, err.Error()) + } + } + + // perform test + context.NewTemplate("parent") + actual, err := context.funcImport(test.fileName) + templateWasDefined := strings.Contains(context.tpl.DefinedTemplates(), test.expect) + if err != nil { + if !test.shouldErr { + t.Errorf("Test %d: Expected no error, got: '%s'", i, err) + } + } else if test.shouldErr { + t.Errorf("Test %d: Expected error but had none", i) + } else if !templateWasDefined && actual != "" { + // template should be defined, return value should be an empty string + t.Errorf("Test %d: Expected template %s to be define but got %s", i, test.expect, context.tpl.DefinedTemplates()) + + } + + if absFilePath != "" { + if err := os.Remove(absFilePath); err != nil && !os.IsNotExist(err) { + t.Fatalf("Test %d: Expected no error removing temporary test file, got: %v", i, err) + } + } + } +} + +func TestInclude(t *testing.T) { + for i, test := range []struct { + fileContent string + fileName string + shouldErr bool + expect string + args string + }{ + { + // file exists, content is text only + fileContent: "text", + fileName: "file1", + shouldErr: false, + expect: "text", + }, + { + // file exists, content is template + fileContent: "{{ if . }}text{{ end }}", + fileName: "file1", + shouldErr: false, + expect: "text", + }, + { + // file does not exit + fileContent: "", + fileName: "", + shouldErr: true, + }, + { + // args + fileContent: "{{ index .Args 0 }}", + fileName: "file1", + shouldErr: false, + args: "text", + expect: "text", + }, + { + // args, reference arg out of range + fileContent: "{{ index .Args 1 }}", + fileName: "file1", + shouldErr: true, + args: "text", + }, + } { + context := getContextOrFail(t) + var absFilePath string + + // create files for test case + if test.fileName != "" { + absFilePath := filepath.Join(fmt.Sprintf("%s", context.Root), test.fileName) + if err := ioutil.WriteFile(absFilePath, []byte(test.fileContent), os.ModePerm); err != nil { + os.Remove(absFilePath) + t.Fatalf("Test %d: Expected no error creating file, got: '%s'", i, err.Error()) + } + } + + // perform test + actual, err := context.funcInclude(test.fileName, test.args) + if err != nil { + if !test.shouldErr { + t.Errorf("Test %d: Expected no error, got: '%s'", i, err) + } + } else if test.shouldErr { + t.Errorf("Test %d: Expected error but had none", i) + } else if actual != test.expect { + t.Errorf("Test %d: Expected %s but got %s", i, test.expect, actual) + + } + + if absFilePath != "" { + if err := os.Remove(absFilePath); err != nil && !os.IsNotExist(err) { + t.Fatalf("Test %d: Expected no error removing temporary test file, got: %v", i, err) + } + } + } +} + func TestCookieMultipleCookies(t *testing.T) { context := getContextOrFail(t) From 3336faf25466b1b2d9a007f5468d05a887e16775 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 24 Sep 2021 18:29:23 -0600 Subject: [PATCH 0471/1498] reverseproxy: Log error at error level (fix #4360) --- modules/caddyhttp/reverseproxy/reverseproxy.go | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 671ea044..aad3c741 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -574,12 +574,11 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, repl * duration := time.Since(start) logger := h.logger.With( zap.String("upstream", di.Upstream.String()), + zap.Duration("duration", duration), zap.Object("request", caddyhttp.LoggableHTTPRequest{Request: req}), ) if err != nil { - logger.Debug("upstream roundtrip", - zap.Duration("duration", duration), - zap.Error(err)) + logger.Error("upstream roundtrip", zap.Error(err)) return err } logger.Debug("upstream roundtrip", From 501da21f209c9fad92c65c8ba02a969a03ec5379 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 24 Sep 2021 18:31:01 -0600 Subject: [PATCH 0472/1498] General minor improvements to docs --- README.md | 2 ++ modules/caddyhttp/matchers.go | 12 +++++++----- modules/caddyhttp/responsematchers.go | 2 +- modules/caddyhttp/templates/templates.go | 3 ++- modules/caddyhttp/vars.go | 11 ++++++++--- modules/caddypki/pki.go | 11 ++++++++--- modules/caddytls/acmeissuer.go | 15 ++++++--------- modules/caddytls/automation.go | 6 +++--- modules/caddytls/tls.go | 19 +++++++++---------- 9 files changed, 46 insertions(+), 35 deletions(-) diff --git a/README.md b/README.md index 5f00e323..b610d1d4 100644 --- a/README.md +++ b/README.md @@ -176,6 +176,8 @@ Please use our [issue tracker](https://github.com/caddyserver/caddy/issues) only ## About +Matthew Holt began developing Caddy in 2014 while studying computer science at Brigham Young University. It soon became the first web server to use HTTPS automatically and by default, and now has hundreds of contributors and has served trillions of HTTPS requests. + **The name "Caddy" is trademarked.** The name of the software is "Caddy", not "Caddy Server" or "CaddyServer". Please call it "Caddy" or, if you wish to clarify, "the Caddy web server". Caddy is a registered trademark of Stack Holdings GmbH. - _Project on Twitter: [@caddyserver](https://twitter.com/caddyserver)_ diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index a22a3f1d..073f82fa 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -97,7 +97,8 @@ type ( // ``` MatchQuery url.Values - // MatchHeader matches requests by header fields. It performs fast, + // MatchHeader matches requests by header fields. The key is the field + // name and the array is the list of field values. It performs fast, // exact string comparisons of the field values. Fast prefix, suffix, // and substring matches can also be done by suffixing, prefixing, or // surrounding the value with the wildcard `*` character, respectively. @@ -114,7 +115,8 @@ type ( // (potentially leading to collisions). MatchHeaderRE map[string]*MatchRegexp - // MatchProtocol matches requests by protocol. + // MatchProtocol matches requests by protocol. Recognized values are + // "http", "https", and "grpc". MatchProtocol string // MatchRemoteIP matches requests by client IP (or CIDR range). @@ -139,9 +141,9 @@ type ( // matchers within a set work the same (i.e. different matchers in // the same set are AND'ed). // - // Note that the generated docs which describe the structure of - // this module are wrong because of how this type unmarshals JSON - // in a custom way. The correct structure is: + // NOTE: The generated docs which describe the structure of this + // module are wrong because of how this type unmarshals JSON in a + // custom way. The correct structure is: // // ```json // [ diff --git a/modules/caddyhttp/responsematchers.go b/modules/caddyhttp/responsematchers.go index d9ad8480..821def97 100644 --- a/modules/caddyhttp/responsematchers.go +++ b/modules/caddyhttp/responsematchers.go @@ -32,7 +32,7 @@ type ResponseMatcher struct { // If set, each header specified must be one of the // specified values, with the same logic used by the - // request header matcher. + // [request header matcher](/docs/json/apps/http/servers/routes/match/header/). Headers http.Header `json:"headers,omitempty"` } diff --git a/modules/caddyhttp/templates/templates.go b/modules/caddyhttp/templates/templates.go index 8f2ea2c1..80efded4 100644 --- a/modules/caddyhttp/templates/templates.go +++ b/modules/caddyhttp/templates/templates.go @@ -237,7 +237,8 @@ type Templates struct { // Default is text/plain, text/markdown, and text/html. MIMETypes []string `json:"mime_types,omitempty"` - // The template action delimiters. + // The template action delimiters. If set, must be precisely two elements: + // the opening and closing delimiters. Default: `["{{", "}}"]` Delimiters []string `json:"delimiters,omitempty"` } diff --git a/modules/caddyhttp/vars.go b/modules/caddyhttp/vars.go index 479ef0a7..5779b5d0 100644 --- a/modules/caddyhttp/vars.go +++ b/modules/caddyhttp/vars.go @@ -29,9 +29,14 @@ func init() { caddy.RegisterModule(MatchVarsRE{}) } -// VarsMiddleware is an HTTP middleware which sets variables -// in the context, mainly for use by placeholders. The -// placeholders have the form: `{http.vars.variable_name}` +// VarsMiddleware is an HTTP middleware which sets variables to +// have values that can be used in the HTTP request handler +// chain. The primary way to access variables is with placeholders, +// which have the form: `{http.vars.variable_name}`, or with +// the `vars` and `vars_regexp` request matchers. +// +// The key is the variable name, and the value is the value of the +// variable. Both the name and value may use or contain placeholders. type VarsMiddleware map[string]string // CaddyModule returns the Caddy module information. diff --git a/modules/caddypki/pki.go b/modules/caddypki/pki.go index b6f08b18..012eaafd 100644 --- a/modules/caddypki/pki.go +++ b/modules/caddypki/pki.go @@ -26,10 +26,15 @@ func init() { } // PKI provides Public Key Infrastructure facilities for Caddy. +// +// This app can define certificate authorities (CAs) which are capable +// of signing certificates. Other modules can be configured to use +// the CAs defined by this app for issuing certificates or getting +// key information needed for establishing trust. type PKI struct { - // The CAs to manage. Each CA is keyed by an ID that is used - // to uniquely identify it from other CAs. The default CA ID - // is "local". + // The certificate authorities to manage. Each CA is keyed by an + // ID that is used to uniquely identify it from other CAs. + // The default CA ID is "local". CAs map[string]*CA `json:"certificate_authorities,omitempty"` ctx caddy.Context diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go index b60e560e..9a7e73cd 100644 --- a/modules/caddytls/acmeissuer.go +++ b/modules/caddytls/acmeissuer.go @@ -36,20 +36,16 @@ func init() { caddy.RegisterModule(ACMEIssuer{}) } -// ACMEIssuer makes an ACME manager -// for managing certificates using ACME. -// -// TODO: support multiple ACME endpoints (probably -// requires an array of these structs) - caddy would -// also have to load certs from the backup CAs if the -// first one is expired... +// ACMEIssuer manages certificates using the ACME protocol (RFC 8555). type ACMEIssuer struct { - // The URL to the CA's ACME directory endpoint. + // The URL to the CA's ACME directory endpoint. Default: + // https://acme-v02.api.letsencrypt.org/directory CA string `json:"ca,omitempty"` // The URL to the test CA's ACME directory endpoint. // This endpoint is only used during retries if there - // is a failure using the primary CA. + // is a failure using the primary CA. Default: + // https://acme-staging-v02.api.letsencrypt.org/directory TestCA string `json:"test_ca,omitempty"` // Your email address, so the CA can contact you if necessary. @@ -71,6 +67,7 @@ type ACMEIssuer struct { ExternalAccount *acme.EAB `json:"external_account,omitempty"` // Time to wait before timing out an ACME operation. + // Default: 0 (no timeout) ACMETimeout caddy.Duration `json:"acme_timeout,omitempty"` // Configures the various ACME challenge types. diff --git a/modules/caddytls/automation.go b/modules/caddytls/automation.go index c4a90a84..2a701bfe 100644 --- a/modules/caddytls/automation.go +++ b/modules/caddytls/automation.go @@ -27,8 +27,8 @@ import ( // AutomationConfig governs the automated management of TLS certificates. type AutomationConfig struct { - // The list of automation policies. The first matching - // policy will be applied for a given certificate/name. + // The list of automation policies. The first policy matching + // a certificate or subject name will be applied. Policies []*AutomationPolicy `json:"policies,omitempty"` // On-Demand TLS defers certificate operations to the @@ -39,7 +39,7 @@ type AutomationConfig struct { // In 2015, Caddy became the first web server to // implement this experimental technology. // - // Note that this field does not enable on-demand TLS, + // Note that this field does not enable on-demand TLS; // it only configures it for when it is used. To enable // it, create an automation policy with `on_demand`. OnDemand *OnDemandConfig `json:"on_demand,omitempty"` diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go index a93183e6..778ae022 100644 --- a/modules/caddytls/tls.go +++ b/modules/caddytls/tls.go @@ -47,7 +47,7 @@ type TLS struct { // have to be refreshed manually before they expire. CertificatesRaw caddy.ModuleMap `json:"certificates,omitempty" caddy:"namespace=tls.certificates"` - // Configures the automation of certificate management. + // Configures certificate automation. Automation *AutomationConfig `json:"automation,omitempty"` // Configures session ticket ephemeral keys (STEKs). @@ -527,14 +527,14 @@ type Certificate struct { Tags []string } -// AutomateLoader will automatically manage certificates for the names -// in the list, including obtaining and renewing certificates. Automated -// certificates are managed according to their matching automation policy, -// configured elsewhere in this app. +// AutomateLoader will automatically manage certificates for the names in the +// list, including obtaining and renewing certificates. Automated certificates +// are managed according to their matching automation policy, configured +// elsewhere in this app. // -// This is a no-op certificate loader module that is treated as a special -// case: it uses this app's automation features to load certificates for the -// list of hostnames, rather than loading certificates manually. +// Technically, this is a no-op certificate loader module that is treated as +// a special case: it uses this app's automation features to load certificates +// for the list of hostnames, rather than loading certificates manually. type AutomateLoader []string // CaddyModule returns the Caddy module information. @@ -549,8 +549,7 @@ func (AutomateLoader) CaddyModule() caddy.ModuleInfo { type CertCacheOptions struct { // Maximum number of certificates to allow in the // cache. If reached, certificates will be randomly - // evicted to make room for new ones. Default: 0 - // (no limit). + // evicted to make room for new ones. Default: 10,000 Capacity int `json:"capacity,omitempty"` } From e2d964ea30d061ebf08bc94a3eec7c26adb95caf Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 27 Sep 2021 10:33:32 -0600 Subject: [PATCH 0473/1498] Add explanation for project name to readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b610d1d4..317a3ece 100644 --- a/README.md +++ b/README.md @@ -176,7 +176,7 @@ Please use our [issue tracker](https://github.com/caddyserver/caddy/issues) only ## About -Matthew Holt began developing Caddy in 2014 while studying computer science at Brigham Young University. It soon became the first web server to use HTTPS automatically and by default, and now has hundreds of contributors and has served trillions of HTTPS requests. +Matthew Holt began developing Caddy in 2014 while studying computer science at Brigham Young University. (The name "Caddy" was chosen because this software helps with the tedious, mundane tasks of serving the Web, and is also a single place for multiple things to be organized together.) It soon became the first web server to use HTTPS automatically and by default, and now has hundreds of contributors and has served trillions of HTTPS requests. **The name "Caddy" is trademarked.** The name of the software is "Caddy", not "Caddy Server" or "CaddyServer". Please call it "Caddy" or, if you wish to clarify, "the Caddy web server". Caddy is a registered trademark of Stack Holdings GmbH. From 059fc32f002d00e980b438b3edbdf7b8bcdf9a90 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 27 Sep 2021 12:06:06 -0600 Subject: [PATCH 0474/1498] Revert 3336faf2 (close #4360) Debug log is correct level for this --- modules/caddyhttp/reverseproxy/reverseproxy.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index aad3c741..360b018e 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -578,7 +578,7 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, repl * zap.Object("request", caddyhttp.LoggableHTTPRequest{Request: req}), ) if err != nil { - logger.Error("upstream roundtrip", zap.Error(err)) + logger.Debug("upstream roundtrip", zap.Error(err)) return err } logger.Debug("upstream roundtrip", From c48fadc4a7655008d13076c7f757c36368e2ca13 Mon Sep 17 00:00:00 2001 From: KallyDev <36319157+kallydev@users.noreply.github.com> Date: Thu, 30 Sep 2021 01:17:48 +0800 Subject: [PATCH 0475/1498] Move from deprecated ioutil to os and io packages (#4364) --- .golangci.yml | 2 +- admin.go | 3 +-- caddy.go | 7 +++---- caddyconfig/caddyfile/parse.go | 4 ++-- caddyconfig/caddyfile/parse_test.go | 11 +++++------ caddyconfig/httpcaddyfile/builtins.go | 4 ++-- caddyconfig/httploader.go | 7 ++++--- caddytest/caddytest.go | 10 +++++----- caddytest/integration/caddyfile_adapt_test.go | 6 +++--- caddytest/integration/reverseproxy_test.go | 7 +++---- caddytest/integration/stream_test.go | 11 +++++------ cmd/commandfuncs.go | 15 +++++++-------- cmd/main.go | 9 ++++----- logging.go | 5 ++--- modules/caddyhttp/replacer.go | 3 +-- modules/caddyhttp/reverseproxy/fastcgi/client.go | 3 +-- .../caddyhttp/reverseproxy/fastcgi/client_test.go | 3 +-- modules/caddyhttp/reverseproxy/healthchecks.go | 5 ++--- modules/caddyhttp/reverseproxy/httptransport.go | 4 ++-- modules/caddyhttp/staticresp_test.go | 4 ++-- modules/caddyhttp/templates/tplcontext_test.go | 9 ++++----- modules/caddypki/crypto.go | 6 +++--- modules/caddytls/acmeissuer.go | 4 ++-- modules/caddytls/connpolicy.go | 4 ++-- modules/caddytls/fileloader.go | 6 +++--- modules/caddytls/folderloader.go | 3 +-- 26 files changed, 71 insertions(+), 84 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index 2c6acca5..79fd8f2f 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -1,6 +1,6 @@ linters-settings: errcheck: - ignore: fmt:.*,io/ioutil:^Read.*,go.uber.org/zap/zapcore:^Add.* + ignore: fmt:.*,go.uber.org/zap/zapcore:^Add.* ignoretests: true linters: diff --git a/admin.go b/admin.go index fb451682..684526dd 100644 --- a/admin.go +++ b/admin.go @@ -26,7 +26,6 @@ import ( "expvar" "fmt" "io" - "io/ioutil" "net" "net/http" "net/http/pprof" @@ -1202,7 +1201,7 @@ var ( // will get deleted before the process gracefully exits. func PIDFile(filename string) error { pid := []byte(strconv.Itoa(os.Getpid()) + "\n") - err := ioutil.WriteFile(filename, pid, 0600) + err := os.WriteFile(filename, pid, 0600) if err != nil { return err } diff --git a/caddy.go b/caddy.go index ba025b18..a7e99c11 100644 --- a/caddy.go +++ b/caddy.go @@ -20,7 +20,6 @@ import ( "encoding/json" "fmt" "io" - "io/ioutil" "log" "net/http" "os" @@ -300,7 +299,7 @@ func unsyncedDecodeAndRun(cfgJSON []byte, allowPersist bool) error { zap.String("dir", dir), zap.Error(err)) } else { - err := ioutil.WriteFile(ConfigAutosavePath, cfgJSON, 0600) + err := os.WriteFile(ConfigAutosavePath, cfgJSON, 0600) if err == nil { Log().Info("autosaved config (load with --resume flag)", zap.String("file", ConfigAutosavePath)) } else { @@ -700,13 +699,13 @@ func ParseDuration(s string) (time.Duration, error) { // have its own unique ID. func InstanceID() (uuid.UUID, error) { uuidFilePath := filepath.Join(AppDataDir(), "instance.uuid") - uuidFileBytes, err := ioutil.ReadFile(uuidFilePath) + uuidFileBytes, err := os.ReadFile(uuidFilePath) if os.IsNotExist(err) { uuid, err := uuid.NewRandom() if err != nil { return uuid, err } - err = ioutil.WriteFile(uuidFilePath, []byte(uuid.String()), 0600) + err = os.WriteFile(uuidFilePath, []byte(uuid.String()), 0600) return uuid, err } else if err != nil { return [16]byte{}, err diff --git a/caddyconfig/caddyfile/parse.go b/caddyconfig/caddyfile/parse.go index 0fe07ab9..8591759b 100755 --- a/caddyconfig/caddyfile/parse.go +++ b/caddyconfig/caddyfile/parse.go @@ -17,7 +17,7 @@ package caddyfile import ( "bytes" "fmt" - "io/ioutil" + "io" "log" "os" "path/filepath" @@ -447,7 +447,7 @@ func (p *parser) doSingleImport(importFile string) ([]Token, error) { return nil, p.Errf("Could not import %s: is a directory", importFile) } - input, err := ioutil.ReadAll(file) + input, err := io.ReadAll(file) if err != nil { return nil, p.Errf("Could not read imported file %s: %v", importFile, err) } diff --git a/caddyconfig/caddyfile/parse_test.go b/caddyconfig/caddyfile/parse_test.go index 0996ed04..8d43e1aa 100755 --- a/caddyconfig/caddyfile/parse_test.go +++ b/caddyconfig/caddyfile/parse_test.go @@ -16,7 +16,6 @@ package caddyfile import ( "bytes" - "io/ioutil" "os" "path/filepath" "testing" @@ -280,7 +279,7 @@ func TestRecursiveImport(t *testing.T) { } // test relative recursive import - err = ioutil.WriteFile(recursiveFile1, []byte( + err = os.WriteFile(recursiveFile1, []byte( `localhost dir1 import recursive_import_test2`), 0644) @@ -289,7 +288,7 @@ func TestRecursiveImport(t *testing.T) { } defer os.Remove(recursiveFile1) - err = ioutil.WriteFile(recursiveFile2, []byte("dir2 1"), 0644) + err = os.WriteFile(recursiveFile2, []byte("dir2 1"), 0644) if err != nil { t.Fatal(err) } @@ -314,7 +313,7 @@ func TestRecursiveImport(t *testing.T) { } // test absolute recursive import - err = ioutil.WriteFile(recursiveFile1, []byte( + err = os.WriteFile(recursiveFile1, []byte( `localhost dir1 import `+recursiveFile2), 0644) @@ -370,7 +369,7 @@ func TestDirectiveImport(t *testing.T) { t.Fatal(err) } - err = ioutil.WriteFile(directiveFile, []byte(`prop1 1 + err = os.WriteFile(directiveFile, []byte(`prop1 1 prop2 2`), 0644) if err != nil { t.Fatal(err) @@ -633,7 +632,7 @@ func TestSnippets(t *testing.T) { } func writeStringToTempFileOrDie(t *testing.T, str string) (pathToFile string) { - file, err := ioutil.TempFile("", t.Name()) + file, err := os.CreateTemp("", t.Name()) if err != nil { panic(err) // get a stack trace so we know where this was called from. } diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index d52c5ef8..7fdd3e8a 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -19,8 +19,8 @@ import ( "encoding/pem" "fmt" "html" - "io/ioutil" "net/http" + "os" "reflect" "strconv" "strings" @@ -230,7 +230,7 @@ func parseTLS(h Helper) ([]ConfigValue, error) { return nil, h.ArgErr() } filename := h.Val() - certDataPEM, err := ioutil.ReadFile(filename) + certDataPEM, err := os.ReadFile(filename) if err != nil { return nil, err } diff --git a/caddyconfig/httploader.go b/caddyconfig/httploader.go index d9e222bb..396e1536 100644 --- a/caddyconfig/httploader.go +++ b/caddyconfig/httploader.go @@ -18,8 +18,9 @@ import ( "crypto/tls" "crypto/x509" "fmt" - "io/ioutil" + "io" "net/http" + "os" "time" "github.com/caddyserver/caddy/v2" @@ -95,7 +96,7 @@ func (hl HTTPLoader) LoadConfig(ctx caddy.Context) ([]byte, error) { return nil, fmt.Errorf("server responded with HTTP %d", resp.StatusCode) } - body, err := ioutil.ReadAll(resp.Body) + body, err := io.ReadAll(resp.Body) if err != nil { return nil, err } @@ -144,7 +145,7 @@ func (hl HTTPLoader) makeClient(ctx caddy.Context) (*http.Client, error) { if len(hl.TLS.RootCAPEMFiles) > 0 { rootPool := x509.NewCertPool() for _, pemFile := range hl.TLS.RootCAPEMFiles { - pemData, err := ioutil.ReadFile(pemFile) + pemData, err := os.ReadFile(pemFile) if err != nil { return nil, fmt.Errorf("failed reading ca cert: %v", err) } diff --git a/caddytest/caddytest.go b/caddytest/caddytest.go index 094e45c6..3be332ec 100644 --- a/caddytest/caddytest.go +++ b/caddytest/caddytest.go @@ -7,7 +7,7 @@ import ( "encoding/json" "errors" "fmt" - "io/ioutil" + "io" "log" "net" "net/http" @@ -129,7 +129,7 @@ func (tc *Tester) initServer(rawConfig string, configType string) error { return } defer res.Body.Close() - body, _ := ioutil.ReadAll(res.Body) + body, _ := io.ReadAll(res.Body) var out bytes.Buffer _ = json.Indent(&out, body, "", " ") @@ -162,7 +162,7 @@ func (tc *Tester) initServer(rawConfig string, configType string) error { timeElapsed(start, "caddytest: config load time") defer res.Body.Close() - body, err := ioutil.ReadAll(res.Body) + body, err := io.ReadAll(res.Body) if err != nil { tc.t.Errorf("unable to read response. %s", err) return err @@ -202,7 +202,7 @@ func (tc *Tester) ensureConfigRunning(rawConfig string, configType string) error return nil } defer resp.Body.Close() - actualBytes, err := ioutil.ReadAll(resp.Body) + actualBytes, err := io.ReadAll(resp.Body) if err != nil { return nil } @@ -471,7 +471,7 @@ func (tc *Tester) AssertResponse(req *http.Request, expectedStatusCode int, expe resp := tc.AssertResponseCode(req, expectedStatusCode) defer resp.Body.Close() - bytes, err := ioutil.ReadAll(resp.Body) + bytes, err := io.ReadAll(resp.Body) if err != nil { tc.t.Fatalf("unable to read the response body %s", err) } diff --git a/caddytest/integration/caddyfile_adapt_test.go b/caddytest/integration/caddyfile_adapt_test.go index e1098999..5b052df4 100644 --- a/caddytest/integration/caddyfile_adapt_test.go +++ b/caddytest/integration/caddyfile_adapt_test.go @@ -3,7 +3,7 @@ package integration import ( jsonMod "encoding/json" "fmt" - "io/ioutil" + "os" "path/filepath" "regexp" "strings" @@ -14,7 +14,7 @@ import ( func TestCaddyfileAdaptToJSON(t *testing.T) { // load the list of test files from the dir - files, err := ioutil.ReadDir("./caddyfile_adapt") + files, err := os.ReadDir("./caddyfile_adapt") if err != nil { t.Errorf("failed to read caddyfile_adapt dir: %s", err) } @@ -29,7 +29,7 @@ func TestCaddyfileAdaptToJSON(t *testing.T) { // read the test file filename := f.Name() - data, err := ioutil.ReadFile("./caddyfile_adapt/" + filename) + data, err := os.ReadFile("./caddyfile_adapt/" + filename) if err != nil { t.Errorf("failed to read %s dir: %s", filename, err) } diff --git a/caddytest/integration/reverseproxy_test.go b/caddytest/integration/reverseproxy_test.go index 422f6716..ca11287a 100644 --- a/caddytest/integration/reverseproxy_test.go +++ b/caddytest/integration/reverseproxy_test.go @@ -2,7 +2,6 @@ package integration import ( "fmt" - "io/ioutil" "net" "net/http" "os" @@ -85,7 +84,7 @@ func TestDialWithPlaceholderUnix(t *testing.T) { t.SkipNow() } - f, err := ioutil.TempFile("", "*.sock") + f, err := os.CreateTemp("", "*.sock") if err != nil { t.Errorf("failed to create TempFile: %s", err) return @@ -387,7 +386,7 @@ func TestReverseProxyHealthCheckUnixSocket(t *testing.T) { t.SkipNow() } tester := caddytest.NewTester(t) - f, err := ioutil.TempFile("", "*.sock") + f, err := os.CreateTemp("", "*.sock") if err != nil { t.Errorf("failed to create TempFile: %s", err) return @@ -442,7 +441,7 @@ func TestReverseProxyHealthCheckUnixSocketWithoutPort(t *testing.T) { t.SkipNow() } tester := caddytest.NewTester(t) - f, err := ioutil.TempFile("", "*.sock") + f, err := os.CreateTemp("", "*.sock") if err != nil { t.Errorf("failed to create TempFile: %s", err) return diff --git a/caddytest/integration/stream_test.go b/caddytest/integration/stream_test.go index b6447c68..d5edb793 100644 --- a/caddytest/integration/stream_test.go +++ b/caddytest/integration/stream_test.go @@ -6,7 +6,6 @@ import ( "crypto/rand" "fmt" "io" - "io/ioutil" "net/http" "net/http/httputil" "net/url" @@ -110,7 +109,7 @@ func TestH2ToH2CStream(t *testing.T) { r, w := io.Pipe() req := &http.Request{ Method: "PUT", - Body: ioutil.NopCloser(r), + Body: io.NopCloser(r), URL: &url.URL{ Scheme: "https", Host: "127.0.0.1:9443", @@ -134,7 +133,7 @@ func TestH2ToH2CStream(t *testing.T) { }() defer resp.Body.Close() - bytes, err := ioutil.ReadAll(resp.Body) + bytes, err := io.ReadAll(resp.Body) if err != nil { t.Fatalf("unable to read the response body %s", err) } @@ -319,7 +318,7 @@ func TestH2ToH1ChunkedResponse(t *testing.T) { r, w := io.Pipe() req := &http.Request{ Method: "PUT", - Body: ioutil.NopCloser(r), + Body: io.NopCloser(r), URL: &url.URL{ Scheme: "https", Host: "127.0.0.1:9443", @@ -342,7 +341,7 @@ func TestH2ToH1ChunkedResponse(t *testing.T) { } defer resp.Body.Close() - bytes, err := ioutil.ReadAll(resp.Body) + bytes, err := io.ReadAll(resp.Body) if err != nil { t.Fatalf("unable to read the response body %s", err) } @@ -370,7 +369,7 @@ func testH2ToH1ChunkedResponseServeH1(t *testing.T) *http.Server { } defer r.Body.Close() - bytes, err := ioutil.ReadAll(r.Body) + bytes, err := io.ReadAll(r.Body) if err != nil { t.Fatalf("unable to read the response body %s", err) } diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go index 8f1c68c8..cc3f65c7 100644 --- a/cmd/commandfuncs.go +++ b/cmd/commandfuncs.go @@ -22,7 +22,6 @@ import ( "errors" "fmt" "io" - "io/ioutil" "log" "net" "net/http" @@ -181,7 +180,7 @@ func cmdRun(fl Flags) (int, error) { var config []byte var err error if runCmdResumeFlag { - config, err = ioutil.ReadFile(caddy.ConfigAutosavePath) + config, err = os.ReadFile(caddy.ConfigAutosavePath) if os.IsNotExist(err) { // not a bad error; just can't resume if autosave file doesn't exist caddy.Log().Info("no autosave file exists", zap.String("autosave_file", caddy.ConfigAutosavePath)) @@ -219,7 +218,7 @@ func cmdRun(fl Flags) (int, error) { // if we are to report to another process the successful start // of the server, do so now by echoing back contents of stdin if runCmdPingbackFlag != "" { - confirmationBytes, err := ioutil.ReadAll(os.Stdin) + confirmationBytes, err := io.ReadAll(os.Stdin) if err != nil { return caddy.ExitCodeFailedStartup, fmt.Errorf("reading confirmation bytes from stdin: %v", err) @@ -457,7 +456,7 @@ func cmdAdaptConfig(fl Flags) (int, error) { fmt.Errorf("unrecognized config adapter: %s", adaptCmdAdapterFlag) } - input, err := ioutil.ReadFile(adaptCmdInputFlag) + input, err := os.ReadFile(adaptCmdInputFlag) if err != nil { return caddy.ExitCodeFailedStartup, fmt.Errorf("reading input file: %v", err) @@ -541,7 +540,7 @@ func cmdFmt(fl Flags) (int, error) { // as a special case, read from stdin if the file name is "-" if formatCmdConfigFile == "-" { - input, err := ioutil.ReadAll(os.Stdin) + input, err := io.ReadAll(os.Stdin) if err != nil { return caddy.ExitCodeFailedStartup, fmt.Errorf("reading stdin: %v", err) @@ -550,7 +549,7 @@ func cmdFmt(fl Flags) (int, error) { return caddy.ExitCodeSuccess, nil } - input, err := ioutil.ReadFile(formatCmdConfigFile) + input, err := os.ReadFile(formatCmdConfigFile) if err != nil { return caddy.ExitCodeFailedStartup, fmt.Errorf("reading input file: %v", err) @@ -559,7 +558,7 @@ func cmdFmt(fl Flags) (int, error) { output := caddyfile.Format(input) if fl.Bool("overwrite") { - if err := ioutil.WriteFile(formatCmdConfigFile, output, 0600); err != nil { + if err := os.WriteFile(formatCmdConfigFile, output, 0600); err != nil { return caddy.ExitCodeFailedStartup, nil } } else { @@ -699,7 +698,7 @@ func apiRequest(adminAddr, method, uri string, headers http.Header, body io.Read // if it didn't work, let the user know if resp.StatusCode >= 400 { - respBody, err := ioutil.ReadAll(io.LimitReader(resp.Body, 1024*10)) + respBody, err := io.ReadAll(io.LimitReader(resp.Body, 1024*10)) if err != nil { return fmt.Errorf("HTTP %d: reading error message: %v", resp.StatusCode, err) } diff --git a/cmd/main.go b/cmd/main.go index 8a9a2896..7c33c55f 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -20,7 +20,6 @@ import ( "flag" "fmt" "io" - "io/ioutil" "log" "net" "os" @@ -94,7 +93,7 @@ func Main() { // the bytes in expect, or returns an error if it doesn't. func handlePingbackConn(conn net.Conn, expect []byte) error { defer conn.Close() - confirmationBytes, err := ioutil.ReadAll(io.LimitReader(conn, 32)) + confirmationBytes, err := io.ReadAll(io.LimitReader(conn, 32)) if err != nil { return err } @@ -124,9 +123,9 @@ func loadConfig(configFile, adapterName string) ([]byte, string, error) { var err error if configFile != "" { if configFile == "-" { - config, err = ioutil.ReadAll(os.Stdin) + config, err = io.ReadAll(os.Stdin) } else { - config, err = ioutil.ReadFile(configFile) + config, err = os.ReadFile(configFile) } if err != nil { return nil, "", fmt.Errorf("reading config file: %v", err) @@ -140,7 +139,7 @@ func loadConfig(configFile, adapterName string) ([]byte, string, error) { // plugged in, and if so, try using a default Caddyfile cfgAdapter = caddyconfig.GetAdapter("caddyfile") if cfgAdapter != nil { - config, err = ioutil.ReadFile("Caddyfile") + config, err = os.ReadFile("Caddyfile") if os.IsNotExist(err) { // okay, no default Caddyfile; pretend like this never happened cfgAdapter = nil diff --git a/logging.go b/logging.go index 7837145d..129aec43 100644 --- a/logging.go +++ b/logging.go @@ -18,7 +18,6 @@ import ( "encoding/json" "fmt" "io" - "io/ioutil" "log" "os" "strings" @@ -630,9 +629,9 @@ func (StderrWriter) OpenWriter() (io.WriteCloser, error) { return notClosable{os.Stderr}, nil } -// OpenWriter returns ioutil.Discard that can't be closed. +// OpenWriter returns io.Discard that can't be closed. func (DiscardWriter) OpenWriter() (io.WriteCloser, error) { - return notClosable{ioutil.Discard}, nil + return notClosable{io.Discard}, nil } // notClosable is an io.WriteCloser that can't be closed. diff --git a/modules/caddyhttp/replacer.go b/modules/caddyhttp/replacer.go index d0767f09..4d27a840 100644 --- a/modules/caddyhttp/replacer.go +++ b/modules/caddyhttp/replacer.go @@ -28,7 +28,6 @@ import ( "encoding/pem" "fmt" "io" - "io/ioutil" "net" "net/http" "net/textproto" @@ -162,7 +161,7 @@ func addHTTPVarsToReplacer(repl *caddy.Replacer, req *http.Request, w http.Respo return "", true } // replace real body with buffered data - req.Body = ioutil.NopCloser(buf) + req.Body = io.NopCloser(buf) return buf.String(), true // original request, before any internal changes diff --git a/modules/caddyhttp/reverseproxy/fastcgi/client.go b/modules/caddyhttp/reverseproxy/fastcgi/client.go index 94df0c77..07720539 100644 --- a/modules/caddyhttp/reverseproxy/fastcgi/client.go +++ b/modules/caddyhttp/reverseproxy/fastcgi/client.go @@ -30,7 +30,6 @@ import ( "encoding/binary" "errors" "io" - "io/ioutil" "mime/multipart" "net" "net/http" @@ -445,7 +444,7 @@ func (c *FCGIClient) Request(p map[string]string, req io.Reader) (resp *http.Res if chunked(resp.TransferEncoding) { resp.Body = clientCloser{c, httputil.NewChunkedReader(rb)} } else { - resp.Body = clientCloser{c, ioutil.NopCloser(rb)} + resp.Body = clientCloser{c, io.NopCloser(rb)} } return } diff --git a/modules/caddyhttp/reverseproxy/fastcgi/client_test.go b/modules/caddyhttp/reverseproxy/fastcgi/client_test.go index f0740a4c..ef3474d4 100644 --- a/modules/caddyhttp/reverseproxy/fastcgi/client_test.go +++ b/modules/caddyhttp/reverseproxy/fastcgi/client_test.go @@ -26,7 +26,6 @@ import ( "encoding/binary" "fmt" "io" - "io/ioutil" "log" "math/rand" "net" @@ -166,7 +165,7 @@ func sendFcgi(reqType int, fcgiParams map[string]string, data []byte, posts map[ } defer resp.Body.Close() - content, _ = ioutil.ReadAll(resp.Body) + content, _ = io.ReadAll(resp.Body) log.Println("c: send data length ≈", length, string(content)) fcgi.Close() diff --git a/modules/caddyhttp/reverseproxy/healthchecks.go b/modules/caddyhttp/reverseproxy/healthchecks.go index 8d5bd77e..230bf3aa 100644 --- a/modules/caddyhttp/reverseproxy/healthchecks.go +++ b/modules/caddyhttp/reverseproxy/healthchecks.go @@ -18,7 +18,6 @@ import ( "context" "fmt" "io" - "io/ioutil" "log" "net" "net/http" @@ -282,7 +281,7 @@ func (h *Handler) doActiveHealthCheck(dialInfo DialInfo, hostAddr string, host H } defer func() { // drain any remaining body so connection could be re-used - _, _ = io.Copy(ioutil.Discard, body) + _, _ = io.Copy(io.Discard, body) resp.Body.Close() }() @@ -313,7 +312,7 @@ func (h *Handler) doActiveHealthCheck(dialInfo DialInfo, hostAddr string, host H // if body does not match regex, mark down if h.HealthChecks.Active.bodyRegexp != nil { - bodyBytes, err := ioutil.ReadAll(body) + bodyBytes, err := io.ReadAll(body) if err != nil { h.HealthChecks.Active.logger.Info("failed to read response body", zap.String("host", hostAddr), diff --git a/modules/caddyhttp/reverseproxy/httptransport.go b/modules/caddyhttp/reverseproxy/httptransport.go index 19328513..35bc9478 100644 --- a/modules/caddyhttp/reverseproxy/httptransport.go +++ b/modules/caddyhttp/reverseproxy/httptransport.go @@ -20,10 +20,10 @@ import ( "crypto/x509" "encoding/base64" "fmt" - "io/ioutil" weakrand "math/rand" "net" "net/http" + "os" "reflect" "time" @@ -364,7 +364,7 @@ func (t TLSConfig) MakeTLSClientConfig(ctx caddy.Context) (*tls.Config, error) { rootPool.AddCert(caCert) } for _, pemFile := range t.RootCAPEMFiles { - pemData, err := ioutil.ReadFile(pemFile) + pemData, err := os.ReadFile(pemFile) if err != nil { return nil, fmt.Errorf("failed reading ca cert: %v", err) } diff --git a/modules/caddyhttp/staticresp_test.go b/modules/caddyhttp/staticresp_test.go index cd0d1a1e..5844f43f 100644 --- a/modules/caddyhttp/staticresp_test.go +++ b/modules/caddyhttp/staticresp_test.go @@ -16,7 +16,7 @@ package caddyhttp import ( "context" - "io/ioutil" + "io" "net/http" "net/http/httptest" "strconv" @@ -44,7 +44,7 @@ func TestStaticResponseHandler(t *testing.T) { } resp := w.Result() - respBody, _ := ioutil.ReadAll(resp.Body) + respBody, _ := io.ReadAll(resp.Body) if resp.StatusCode != http.StatusNotFound { t.Errorf("expected status %d but got %d", http.StatusNotFound, resp.StatusCode) diff --git a/modules/caddyhttp/templates/tplcontext_test.go b/modules/caddyhttp/templates/tplcontext_test.go index 1d15ca73..c2fe61f4 100644 --- a/modules/caddyhttp/templates/tplcontext_test.go +++ b/modules/caddyhttp/templates/tplcontext_test.go @@ -17,7 +17,6 @@ package templates import ( "bytes" "fmt" - "io/ioutil" "net/http" "os" "path/filepath" @@ -118,7 +117,7 @@ func TestImport(t *testing.T) { // create files for test case if test.fileName != "" { absFilePath := filepath.Join(fmt.Sprintf("%s", context.Root), test.fileName) - if err := ioutil.WriteFile(absFilePath, []byte(test.fileContent), os.ModePerm); err != nil { + if err := os.WriteFile(absFilePath, []byte(test.fileContent), os.ModePerm); err != nil { os.Remove(absFilePath) t.Fatalf("Test %d: Expected no error creating file, got: '%s'", i, err.Error()) } @@ -198,7 +197,7 @@ func TestInclude(t *testing.T) { // create files for test case if test.fileName != "" { absFilePath := filepath.Join(fmt.Sprintf("%s", context.Root), test.fileName) - if err := ioutil.WriteFile(absFilePath, []byte(test.fileContent), os.ModePerm); err != nil { + if err := os.WriteFile(absFilePath, []byte(test.fileContent), os.ModePerm); err != nil { os.Remove(absFilePath) t.Fatalf("Test %d: Expected no error creating file, got: '%s'", i, err.Error()) } @@ -357,13 +356,13 @@ func TestFileListing(t *testing.T) { // create files for test case if test.fileNames != nil { - dirPath, err = ioutil.TempDir(fmt.Sprintf("%s", context.Root), "caddy_ctxtest") + dirPath, err = os.MkdirTemp(fmt.Sprintf("%s", context.Root), "caddy_ctxtest") if err != nil { t.Fatalf("Test %d: Expected no error creating directory, got: '%s'", i, err.Error()) } for _, name := range test.fileNames { absFilePath := filepath.Join(dirPath, name) - if err = ioutil.WriteFile(absFilePath, []byte(""), os.ModePerm); err != nil { + if err = os.WriteFile(absFilePath, []byte(""), os.ModePerm); err != nil { os.RemoveAll(dirPath) t.Fatalf("Test %d: Expected no error creating file, got: '%s'", i, err.Error()) } diff --git a/modules/caddypki/crypto.go b/modules/caddypki/crypto.go index e1a0e354..d8e72c6d 100644 --- a/modules/caddypki/crypto.go +++ b/modules/caddypki/crypto.go @@ -23,7 +23,7 @@ import ( "crypto/x509" "encoding/pem" "fmt" - "io/ioutil" + "os" "strings" ) @@ -137,11 +137,11 @@ type KeyPair struct { func (kp KeyPair) Load() (*x509.Certificate, interface{}, error) { switch kp.Format { case "", "pem_file": - certData, err := ioutil.ReadFile(kp.Certificate) + certData, err := os.ReadFile(kp.Certificate) if err != nil { return nil, nil, err } - keyData, err := ioutil.ReadFile(kp.PrivateKey) + keyData, err := os.ReadFile(kp.PrivateKey) if err != nil { return nil, nil, err } diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go index 9a7e73cd..42cef021 100644 --- a/modules/caddytls/acmeissuer.go +++ b/modules/caddytls/acmeissuer.go @@ -18,8 +18,8 @@ import ( "context" "crypto/x509" "fmt" - "io/ioutil" "net/url" + "os" "strconv" "time" @@ -152,7 +152,7 @@ func (iss *ACMEIssuer) Provision(ctx caddy.Context) error { if len(iss.TrustedRootsPEMFiles) > 0 { iss.rootPool = x509.NewCertPool() for _, pemFile := range iss.TrustedRootsPEMFiles { - pemData, err := ioutil.ReadFile(pemFile) + pemData, err := os.ReadFile(pemFile) if err != nil { return fmt.Errorf("loading trusted root CA's PEM file: %s: %v", pemFile, err) } diff --git a/modules/caddytls/connpolicy.go b/modules/caddytls/connpolicy.go index 6c7fe3f4..65cda5fb 100644 --- a/modules/caddytls/connpolicy.go +++ b/modules/caddytls/connpolicy.go @@ -19,7 +19,7 @@ import ( "crypto/x509" "encoding/base64" "fmt" - "io/ioutil" + "os" "strings" "github.com/caddyserver/caddy/v2" @@ -369,7 +369,7 @@ func (clientauth *ClientAuthentication) ConfigureTLSConfig(cfg *tls.Config) erro caPool.AddCert(clientCA) } for _, pemFile := range clientauth.TrustedCACertPEMFiles { - pemContents, err := ioutil.ReadFile(pemFile) + pemContents, err := os.ReadFile(pemFile) if err != nil { return fmt.Errorf("reading %s: %v", pemFile, err) } diff --git a/modules/caddytls/fileloader.go b/modules/caddytls/fileloader.go index fdf54864..430932b9 100644 --- a/modules/caddytls/fileloader.go +++ b/modules/caddytls/fileloader.go @@ -17,7 +17,7 @@ package caddytls import ( "crypto/tls" "fmt" - "io/ioutil" + "os" "github.com/caddyserver/caddy/v2" ) @@ -59,11 +59,11 @@ type CertKeyFilePair struct { func (fl FileLoader) LoadCertificates() ([]Certificate, error) { certs := make([]Certificate, 0, len(fl)) for _, pair := range fl { - certData, err := ioutil.ReadFile(pair.Certificate) + certData, err := os.ReadFile(pair.Certificate) if err != nil { return nil, err } - keyData, err := ioutil.ReadFile(pair.Key) + keyData, err := os.ReadFile(pair.Key) if err != nil { return nil, err } diff --git a/modules/caddytls/folderloader.go b/modules/caddytls/folderloader.go index 10b017ee..0ff0629d 100644 --- a/modules/caddytls/folderloader.go +++ b/modules/caddytls/folderloader.go @@ -19,7 +19,6 @@ import ( "crypto/tls" "encoding/pem" "fmt" - "io/ioutil" "os" "path/filepath" "strings" @@ -79,7 +78,7 @@ func (fl FolderLoader) LoadCertificates() ([]Certificate, error) { } func x509CertFromCertAndKeyPEMFile(fpath string) (tls.Certificate, error) { - bundle, err := ioutil.ReadFile(fpath) + bundle, err := os.ReadFile(fpath) if err != nil { return tls.Certificate{}, err } From cbb045a121464527d85cce1b56250480b0515f9a Mon Sep 17 00:00:00 2001 From: Oleg Date: Sat, 2 Oct 2021 01:27:29 +0300 Subject: [PATCH 0476/1498] caddyhttp: Placeholder for client cert in DER + base64 format (#4241) * client.certificate_pem_encoded in base64 format * base64-encoding without pem encoding;naming change * fix cert.Raw instead of block.bytes --- caddyconfig/httpcaddyfile/httptype.go | 1 + modules/caddyhttp/app.go | 1 + modules/caddyhttp/replacer.go | 3 +++ 3 files changed, 5 insertions(+) diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index e5dafe6a..bc010601 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -113,6 +113,7 @@ func (st ServerType) Setup(inputServerBlocks []caddyfile.ServerBlock, "{tls_client_serial}", "{http.request.tls.client.serial}", "{tls_client_subject}", "{http.request.tls.client.subject}", "{tls_client_certificate_pem}", "{http.request.tls.client.certificate_pem}", + "{tls_client_certificate_der_base64}", "{http.request.tls.client.certificate_der_base64}", "{upstream_hostport}", "{http.reverse_proxy.upstream.hostport}", ) diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go index 8285200f..91c31c85 100644 --- a/modules/caddyhttp/app.go +++ b/modules/caddyhttp/app.go @@ -77,6 +77,7 @@ func init() { // `{http.request.tls.client.public_key}` | The public key of the client certificate. // `{http.request.tls.client.public_key_sha256}` | The SHA256 checksum of the client's public key. // `{http.request.tls.client.certificate_pem}` | The PEM-encoded value of the certificate. +// `{http.request.tls.client.certificate_der_base64}` | The base64-encoded value of the certificate. // `{http.request.tls.client.issuer}` | The issuer DN of the client certificate // `{http.request.tls.client.serial}` | The serial number of the client certificate // `{http.request.tls.client.subject}` | The subject DN of the client certificate diff --git a/modules/caddyhttp/replacer.go b/modules/caddyhttp/replacer.go index 4d27a840..2cf456f2 100644 --- a/modules/caddyhttp/replacer.go +++ b/modules/caddyhttp/replacer.go @@ -25,6 +25,7 @@ import ( "crypto/tls" "crypto/x509" "encoding/asn1" + "encoding/base64" "encoding/pem" "fmt" "io" @@ -352,6 +353,8 @@ func getReqTLSReplacement(req *http.Request, key string) (interface{}, bool) { case "client.certificate_pem": block := pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw} return pem.EncodeToMemory(&block), true + case "client.certificate_der_base64": + return base64.StdEncoding.EncodeToString(cert.Raw), true default: return nil, false } From be5f77e84da941d32eb1b873d355bfc1a186304b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=2E=20=C3=81ngel=20Jimeno?= Date: Mon, 11 Oct 2021 17:56:03 +0200 Subject: [PATCH 0477/1498] caddycmd: fix caddy validate/fmt help message (#4377) * caddycmd: fix caddy validate help message Fixes #4376 * caddycmd: fix caddy fmt help message --- cmd/commands.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cmd/commands.go b/cmd/commands.go index ccb82b11..7b184fd7 100644 --- a/cmd/commands.go +++ b/cmd/commands.go @@ -259,7 +259,7 @@ Loads and provisions the provided config, but does not start running it. This reveals any errors with the configuration through the loading and provisioning stages.`, Flags: func() *flag.FlagSet { - fs := flag.NewFlagSet("load", flag.ExitOnError) + fs := flag.NewFlagSet("validate", flag.ExitOnError) fs.String("config", "", "Input configuration file") fs.String("adapter", "", "Name of config adapter") return fs @@ -282,7 +282,7 @@ If you wish you use stdin instead of a regular file, use - as the path. When reading from stdin, the --overwrite flag has no effect: the result is always printed to stdout.`, Flags: func() *flag.FlagSet { - fs := flag.NewFlagSet("format", flag.ExitOnError) + fs := flag.NewFlagSet("fmt", flag.ExitOnError) fs.Bool("overwrite", false, "Overwrite the input file with the results") return fs }(), From 837cdc566d609eae8f5f6b7207c4642768dfa4de Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sim=C3=A3o=20Gomes=20Viana?= Date: Tue, 12 Oct 2021 00:15:00 +0200 Subject: [PATCH 0478/1498] caddyhttp: reverseproxy: clarify warning for -insecure (#4379) The question would only receive bad answers so it's better to just say what the option actually does. --- modules/caddyhttp/reverseproxy/command.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/caddyhttp/reverseproxy/command.go b/modules/caddyhttp/reverseproxy/command.go index 4a6739e5..24d38c38 100644 --- a/modules/caddyhttp/reverseproxy/command.go +++ b/modules/caddyhttp/reverseproxy/command.go @@ -59,7 +59,7 @@ default, all incoming headers are passed through unmodified.) fs.String("from", "localhost", "Address on which to receive traffic") fs.String("to", "", "Upstream address to which to to proxy traffic") fs.Bool("change-host-header", false, "Set upstream Host header to address of upstream") - fs.Bool("insecure", false, "Disable TLS verification (WARNING: DISABLES SECURITY, WHY ARE YOU EVEN USING TLS?)") + fs.Bool("insecure", false, "Disable TLS verification (WARNING: DISABLES SECURITY BY NOT VERIFYING SSL CERTIFICATES!)") return fs }(), }) From c4790d7f9d48f72254051e5743d00e930928e0c9 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 12 Oct 2021 01:08:28 -0600 Subject: [PATCH 0479/1498] go.mod: Carefully upgrade some dependencies (fix #4251) The upgrade of smallstep/certificates fixes #4251. The upgrade of CertMagic fixes an issue reported in the forum that a longer timeout was confirmed to resolve (without any particular explanation, but oh well). Other upgrades have minor improvements and seem safe. --- go.mod | 16 +++++----- go.sum | 98 ++++++++++++++++++++++++++++++++-------------------------- 2 files changed, 62 insertions(+), 52 deletions(-) diff --git a/go.mod b/go.mod index 522abd8c..fe323535 100644 --- a/go.mod +++ b/go.mod @@ -6,29 +6,29 @@ require ( github.com/Masterminds/sprig/v3 v3.2.2 github.com/alecthomas/chroma v0.9.2 github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b - github.com/caddyserver/certmagic v0.14.5 + github.com/caddyserver/certmagic v0.15.1 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-chi/chi v4.1.2+incompatible github.com/google/cel-go v0.7.3 github.com/google/uuid v1.3.0 - github.com/klauspost/compress v1.13.4 + github.com/klauspost/compress v1.13.6 github.com/klauspost/cpuid/v2 v2.0.9 github.com/lucas-clemente/quic-go v0.23.0 github.com/mholt/acmez v1.0.0 github.com/naoina/go-stringutil v0.1.0 // indirect github.com/naoina/toml v0.1.1 github.com/prometheus/client_golang v1.11.0 - github.com/smallstep/certificates v0.16.4 - github.com/smallstep/cli v0.16.1 + github.com/smallstep/certificates v0.17.5-0.20211008195551-04fe3126bebf + github.com/smallstep/cli v0.17.6 github.com/smallstep/nosql v0.3.8 github.com/smallstep/truststore v0.9.6 - github.com/yuin/goldmark v1.4.0 + github.com/yuin/goldmark v1.4.1 github.com/yuin/goldmark-highlighting v0.0.0-20210516132338-9216f9c5aa01 go.uber.org/zap v1.19.0 - golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e - golang.org/x/net v0.0.0-20210614182718-04defd469f4e + golang.org/x/crypto v0.0.0-20210915214749-c084706c2272 + golang.org/x/net v0.0.0-20210913180222-943fd674d43e golang.org/x/term v0.0.0-20210503060354-a79de5458b56 - google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08 + google.golang.org/genproto v0.0.0-20210719143636-1d5a45f8e492 google.golang.org/protobuf v1.27.1 gopkg.in/natefinch/lumberjack.v2 v2.0.0 gopkg.in/yaml.v2 v2.4.0 diff --git a/go.sum b/go.sum index ec17c2d2..66b11b65 100644 --- a/go.sum +++ b/go.sum @@ -74,8 +74,6 @@ github.com/Azure/go-autorest v12.0.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSW github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/DataDog/zstd v1.4.1/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo= -github.com/DataDog/zstd v1.4.5/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo= github.com/GoogleCloudPlatform/cloudsql-proxy v0.0.0-20191009163259-e802c2cb94ae/go.mod h1:mjwGPas4yKduTyubHvD1Atl9r1rUq8DfVy+gkVvZ+oo= github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= github.com/Masterminds/glide v0.13.2/go.mod h1:STyF5vcenH/rUqTEv+/hBXlSTo7KYwg2oc2f4tzPWic= @@ -173,8 +171,8 @@ github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= github.com/caarlos0/ctrlc v1.0.0/go.mod h1:CdXpj4rmq0q/1Eb44M9zi2nKB0QraNKuRGYGrrHhcQw= -github.com/caddyserver/certmagic v0.14.5 h1:y4HcFzLLBMsTv8sSlAPj5K55mvntX8e8ExcmB/lhO6w= -github.com/caddyserver/certmagic v0.14.5/go.mod h1:/0VQ5og2Jxa5yBQ8eT80wWS7fi/DgNy1uXeXRUJ1Wj0= +github.com/caddyserver/certmagic v0.15.1 h1:OAS245AZWQ1n2BD2gSBJPnKu3COTi2HNKj/6Td8aUQg= +github.com/caddyserver/certmagic v0.15.1/go.mod h1:/0VQ5og2Jxa5yBQ8eT80wWS7fi/DgNy1uXeXRUJ1Wj0= github.com/campoy/unique v0.0.0-20180121183637-88950e537e7e/go.mod h1:9IOqJGCPMSc6E5ydlp5NIonxObaeu/Iub/X03EKPVYo= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= github.com/cavaliercoder/go-cpio v0.0.0-20180626203310-925f9528c45e/go.mod h1:oDpT4efm8tSYHXV5tHSdRvBet/b/QzxZ+XyyPehvm3A= @@ -201,6 +199,7 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= +github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo= github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA= @@ -238,7 +237,6 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/devigned/tab v0.1.1/go.mod h1:XG9mPq0dFghrYvoBF3xdRrJzSTX1b7IQrvaL9mzjeJY= github.com/dgraph-io/badger v1.6.2 h1:mNw0qs90GVgGGWylh0umH5iag1j6n/PeJtNvL6KY/x8= github.com/dgraph-io/badger v1.6.2/go.mod h1:JW2yswe3V058sS0kZ2h/AXeDSqFjxnZcRrVH//y2UQE= -github.com/dgraph-io/badger/v2 v2.0.1-rc1.0.20201003150343-5d1bab4fc658/go.mod h1:2uGEvGm+JSDLd5UAaKIFSbXDcYyeH0fWJP4N2HMMYMI= github.com/dgraph-io/badger/v2 v2.2007.4 h1:TRWBQg8UrlUhaFdco01nO2uXwzKS7zd+HVdwV/GHc4o= github.com/dgraph-io/badger/v2 v2.2007.4/go.mod h1:vSw/ax2qojzbN6eXHIx6KPKtCSHJN/Uz0X0VPruTIhk= github.com/dgraph-io/ristretto v0.0.2/go.mod h1:KPxhHT9ZxKefz+PCeOGsrHpl1qZ7i70dGTu2u+Ahh6E= @@ -271,6 +269,7 @@ github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1m github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= +github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/envoyproxy/protoc-gen-validate v0.3.0-java/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/etcd-io/gofail v0.0.0-20190801230047-ad7f989257ca/go.mod h1:49H/RkXP8pKaZy4h0d+NW16rSLhyVBt4o6VLJbmOqDE= @@ -370,8 +369,6 @@ github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/golang/snappy v0.0.2/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.3 h1:fHPg5GQYlCeLIPB9BZqMVR5nR9A+IM5zcgeTdjMYmLA= github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= @@ -497,8 +494,9 @@ github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/J github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/huandu/xstrings v1.0.0/go.mod h1:4qWG/gcEcfX4z/mBDHJ++3ReCw9ibxbsNJbcucJdbSo= github.com/huandu/xstrings v1.2.0/go.mod h1:DvyZB1rfVYsBIigL8HwpZgxHwXozlTgGqn63UyNX5k4= -github.com/huandu/xstrings v1.3.1 h1:4jgBlKK6tLKFvO8u5pmYjG91cqytmDCDvGh7ECVFfFs= github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= +github.com/huandu/xstrings v1.3.2 h1:L18LIDzqlW6xN2rEkpdV8+oL/IXWJ1APd+vsdYy4Wdw= +github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= @@ -506,8 +504,9 @@ github.com/icrowley/fake v0.0.0-20180203215853-4178557ae428/go.mod h1:uhpZMVGzny github.com/imdario/mergo v0.3.4/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.9/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/imdario/mergo v0.3.11 h1:3tnifQM4i+fbajXKBHXWEH+KvNHqojZ778UH75j3bGA= github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= +github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU= +github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo= github.com/jarcoal/httpmock v1.0.5/go.mod h1:ATjnClrvW/3tijVmpL/va5Z3aAyGvqU3gCT8nX0Txik= @@ -548,8 +547,8 @@ github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQL github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.12.3/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= -github.com/klauspost/compress v1.13.4 h1:0zhec2I8zGnjWcKyLl6i3gPqKANCCn5e9xmviEEeX6s= -github.com/klauspost/compress v1.13.4/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= +github.com/klauspost/compress v1.13.6 h1:P76CopJELS0TiO2mebmnzgWaajssP/EszplttgQxcgc= +github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= github.com/klauspost/cpuid/v2 v2.0.6/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/klauspost/cpuid/v2 v2.0.9 h1:lgaqFMSdTdQYdZ04uHyN2d/eKdOMyi2YLSvlQIBFYa4= github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= @@ -617,11 +616,13 @@ github.com/mattn/go-zglob v0.0.1/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb44 github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= +github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d h1:5PJl274Y63IEHC+7izoQE9x6ikvDFZS2mDVS3drnohI= +github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= github.com/mholt/acmez v1.0.0 h1:ZAdWrilnq41HTlUO0vMJ6C+z8ZvzQ9I2LR1/Bo+137U= github.com/mholt/acmez v1.0.0/go.mod h1:8qnn8QA/Ewx8E3ZSsmscqsIjhhpxuy9vqdgbX2ceceM= github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4= -github.com/micromdm/scep/v2 v2.0.0 h1:cRzcY0S5QX+0+J+7YC4P2uZSnfMup8S8zJu/bLFgOkA= -github.com/micromdm/scep/v2 v2.0.0/go.mod h1:ouaDs5tcjOjdHD/h8BGaQsWE87MUnQ/wMTMgfMMIpPc= +github.com/micromdm/scep/v2 v2.1.0 h1:2fS9Rla7qRR266hvUoEauBJ7J6FhgssEiq2OkSKXmaU= +github.com/micromdm/scep/v2 v2.1.0/go.mod h1:BkF7TkPPhmgJAMtHfP+sFTKXmgzNJgLQlvvGoOExBcc= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/dns v1.1.42 h1:gWGe42RGaIqXQZ+r3WUGEKBEtvPHY2SXo4dqixDNxuY= github.com/miekg/dns v1.1.42/go.mod h1:+evo5L0630/F6ca/Z9+GAqzhjGyn8/c+TBaOyfEl0V4= @@ -629,8 +630,9 @@ github.com/miekg/pkcs11 v1.0.2/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WT github.com/miekg/pkcs11 v1.0.3-0.20190429190417-a667d056470f/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= -github.com/mitchellh/copystructure v1.0.0 h1:Laisrj+bAB6b/yJwB5Bt3ITZhGJdqmxquMKeZ+mmkFQ= github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= +github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= +github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= @@ -639,8 +641,9 @@ github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0Qu github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= -github.com/mitchellh/reflectwalk v1.0.1 h1:FVzMWA5RllMAKIdUSC8mdWo3XtwoecrH79BY70sEEpE= github.com/mitchellh/reflectwalk v1.0.1/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= +github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= +github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= @@ -823,18 +826,17 @@ github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic github.com/smallstep/assert v0.0.0-20180720014142-de77670473b5/go.mod h1:TC9A4+RjIOS+HyTH7wG17/gSqVv95uDw2J64dQZx7RE= github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262 h1:unQFBIznI+VYD1/1fApl1A+9VcBk+9dcqGfnePY87LY= github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262/go.mod h1:MyOHs9Po2fbM1LHej6sBUT8ozbxmMOFG+E+rx/GSGuc= -github.com/smallstep/certificates v0.16.0/go.mod h1:oht6bnzBapjumPGXTZK/rBJYLO+O8/TTWt5/VlE9Wd4= -github.com/smallstep/certificates v0.16.4 h1:/dhaR+6reeTHd2etVIjgpZI0CTn6USrhVqakoV0HZ0w= -github.com/smallstep/certificates v0.16.4/go.mod h1:U3Dkt4ttxRxC4yPedzzAQokC121/7d3Sfnj6mNgpw7Q= -github.com/smallstep/certinfo v1.5.1/go.mod h1:gA7HBbue0Wwr3kD60P2UtgTIFfMAOC66D3rzYhI0GZ4= -github.com/smallstep/cli v0.16.1 h1:zFN/B5XF+WbvwfRya11SPfiT7g7LIMRSCaoeQNce3Hw= -github.com/smallstep/cli v0.16.1/go.mod h1:C8IES4TcHN3/Va6x9B+ugJM1t0pwzICHAg+RB2FASg4= -github.com/smallstep/nosql v0.3.6/go.mod h1:h1zC/Z54uNHc8euquLED4qJNCrMHd3nytA141ZZh4qQ= +github.com/smallstep/certificates v0.17.4/go.mod h1:NRV/XqAmL65jDaAiLDEYeW0PySKPim+RX+rWi00LKDM= +github.com/smallstep/certificates v0.17.5-0.20211008195551-04fe3126bebf h1:T27FAcJuIadMwnt5uaYCxeNQceUoCkLHqWc0Y+PneHE= +github.com/smallstep/certificates v0.17.5-0.20211008195551-04fe3126bebf/go.mod h1:dAdOimWAt87o2PZvf3KCjbKkxWKBsq85/eFemB4JVTE= +github.com/smallstep/certinfo v1.5.2/go.mod h1:gA7HBbue0Wwr3kD60P2UtgTIFfMAOC66D3rzYhI0GZ4= +github.com/smallstep/cli v0.17.6 h1:0npb8eQGDgEBPziYXb9tW4f4S5jt8aRRmEJvs97oh+Y= +github.com/smallstep/cli v0.17.6/go.mod h1:IZoK7eNA/r6cTN9GCd6+M1omgb5Ic8mJjHHH9Bh078U= github.com/smallstep/nosql v0.3.8 h1:1/EWUbbEdz9ai0g9Fd09VekVjtxp+5+gIHpV2PdwW3o= github.com/smallstep/nosql v0.3.8/go.mod h1:X2qkYpNcW3yjLUvhEHfgGfClpKbFPapewvx7zo4TOFs= github.com/smallstep/truststore v0.9.6 h1:vNzEJmaJL0XOZD8uouXLmYu4/aP1UQ/wHUopH3qKeYA= github.com/smallstep/truststore v0.9.6/go.mod h1:HwHKRcBi0RUxxw1LYDpTRhYC4jZUuxPpkHdVonlkoDM= -github.com/smallstep/zcrypto v0.0.0-20200203191936-fbc32cf76bce/go.mod h1:+F24VU3UCxfVFvvqgm5jNUFQOm/L6ed13ImwWGFgg/g= +github.com/smallstep/zcrypto v0.0.0-20210924233136-66c2600f6e71/go.mod h1:+F24VU3UCxfVFvvqgm5jNUFQOm/L6ed13ImwWGFgg/g= github.com/smallstep/zlint v0.0.0-20180727184541-d84eaafe274f/go.mod h1:GeHHT7sJDI9ti3oEaFnvx1F4N8n3ZSw2YM1+sbEoxc4= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= github.com/smartystreets/assertions v1.0.0/go.mod h1:kHHU4qYBaI3q23Pp3VPrmWhuIUrLW/7eUrw0BU5VaoM= @@ -852,8 +854,9 @@ github.com/spaolacci/murmur3 v1.1.0 h1:7c1g84S4BPRrfL5Xrdp6fOJ206sU9y293DDHaoy0b github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cast v1.3.1 h1:nFm6S0SMdyzrzcmThSipiEubIDy8WEXKNZ0UOgiRpng= github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= +github.com/spf13/cast v1.4.1 h1:s0hze+J0196ZfEMTs80N7UlFt0BDuQ7Q+JDnHiMWKdA= +github.com/spf13/cast v1.4.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= @@ -919,8 +922,8 @@ github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.3.6/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= -github.com/yuin/goldmark v1.4.0 h1:OtISOGfH6sOWa1/qXqqAiOIAO6Z5J3AEAE18WAq6BiQ= -github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +github.com/yuin/goldmark v1.4.1 h1:/vn0k+RBvwlxEmP5E7SZMqNxPhfMVFEJiykr15/0XKM= +github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark-highlighting v0.0.0-20210516132338-9216f9c5aa01 h1:0SJnXjE4jDClMW6grE0xpNhwpqbPwkBTn8zpVw5C0SI= github.com/yuin/goldmark-highlighting v0.0.0-20210516132338-9216f9c5aa01/go.mod h1:TwKQPa5XkCCRC2GRZ5wtfNUTQ2+9/i19mGRijFeJ4BE= github.com/zmap/rc2 v0.0.0-20131011165748-24b9757f5521/go.mod h1:3YZ9o3WnatTIZhuOtot4IcUfzoKVjUHqu6WALIyI0nE= @@ -955,8 +958,9 @@ go.etcd.io/etcd/tests/v3 v3.5.0-alpha.0/go.mod h1:HnrHxjyCuZ8YDt8PYVyQQ5d1ZQfzJV go.etcd.io/etcd/tests/v3 v3.5.0/go.mod h1:f+mtZ1bE1YPvgKdOJV2BKy4JQW0nAFnQehgOE7+WyJE= go.etcd.io/etcd/v3 v3.5.0-alpha.0/go.mod h1:JZ79d3LV6NUfPjUxXrpiFAYcjhT+06qqw+i28snx8To= go.etcd.io/etcd/v3 v3.5.0/go.mod h1:FldM0/VzcxYWLvWx1sdA7ghKw7C3L2DvUTzGrcEtsC4= -go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1 h1:A/5uWzF44DlIgdm/PQFwfMkW0JX+cIcQi/SwLAmZP5M= -go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk= +go.mozilla.org/pkcs7 v0.0.0-20210730143726-725912489c62/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk= +go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 h1:CCriYyAfq1Br1aIYettdHZTy8mBTIPo7We18TuO/bak= +go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk= go.opencensus.io v0.15.0/go.mod h1:UffZAU+4sDEINUGP/B7UfBBkq4fqLu9zXAX7ke6CHW0= go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= @@ -981,12 +985,14 @@ go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE= go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= -go.step.sm/cli-utils v0.4.1 h1:QztRUhGYjOPM1I2Nmi7V6XejQyVtcESmo+sbegxvX7Q= go.step.sm/cli-utils v0.4.1/go.mod h1:hWYVOSlw8W9Pd+BwIbs/aftVVMRms3EG7Q2qLRwc0WA= -go.step.sm/crypto v0.9.0 h1:q2AllTSnVj4NRtyEPkGW2ohArLmbGbe6ZAL/VIOKDzA= +go.step.sm/cli-utils v0.6.0 h1:sH4FxBcjmbxyilKXheSyJuKF/QjpojpiW90ERwUWOgQ= +go.step.sm/cli-utils v0.6.0/go.mod h1:jklBMavFl2PbmGlyxgax08ZnB0uWpadjuOlSKKXz+0U= go.step.sm/crypto v0.9.0/go.mod h1:+CYG05Mek1YDqi5WK0ERc6cOpKly2i/a5aZmU1sfGj0= -go.step.sm/linkedca v0.0.0-20210611183751-27424aae8d25 h1:ncJqviWswJT19IdnfOYQGKG1zL7IDy4lAJz1PuM3fgw= -go.step.sm/linkedca v0.0.0-20210611183751-27424aae8d25/go.mod h1:5uTRjozEGSPAZal9xJqlaD38cvJcLe3o1VAFVjqcORo= +go.step.sm/crypto v0.11.0 h1:VDpeVgEmqme/FK2w5QINxkOQ1FWOm/Wi2TwQXiacKr8= +go.step.sm/crypto v0.11.0/go.mod h1:5YzQ85BujYBu6NH18jw7nFjwuRnDch35nLzH0ES5sKg= +go.step.sm/linkedca v0.5.0 h1:oZVRSpElM7lAL1XN2YkjdHwI/oIZ+1ULOnuqYPM6xjY= +go.step.sm/linkedca v0.5.0/go.mod h1:5uTRjozEGSPAZal9xJqlaD38cvJcLe3o1VAFVjqcORo= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= @@ -1031,10 +1037,9 @@ golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= -golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e h1:gsTQYXdTw2Gq7RBsWvlQ91b+aEQ6bXFUngBGuR8sPpI= -golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20210915214749-c084706c2272 h1:3erb+vDS8lU1sxfDHF4/hhWyaXnhIaO+7RgL4fDZORA= +golang.org/x/crypto v0.0.0-20210915214749-c084706c2272/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -1134,8 +1139,8 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20210614182718-04defd469f4e h1:XpT3nA5TvE525Ne3hInMh6+GETgn27Zfm9dxsThnX2Q= -golang.org/x/net v0.0.0-20210614182718-04defd469f4e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20210913180222-943fd674d43e h1:+b/22bPvDYt4NPDcy4xAGCmON713ONAWFeY3Z7I3tR8= +golang.org/x/net v0.0.0-20210913180222-943fd674d43e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181106182150-f42d05182288/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -1253,8 +1258,8 @@ golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c h1:F1jZWGFhYfh0Ci55sIpILtKKK8p3i2/krTr0H1rg74I= -golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210915083310-ed5796bab164 h1:7ZDGnxgHAMw7thfC5bEos0RDAccZKxioiWBhfIe+tvw= +golang.org/x/sys v0.0.0-20210915083310-ed5796bab164/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210503060354-a79de5458b56 h1:b8jxX3zqjpqb2LklXPzKSGJhzyxCOZSz8ncv8Nv+y7w= golang.org/x/term v0.0.0-20210503060354-a79de5458b56/go.mod h1:tfny5GFUkzUvx4ps4ajbZsCe5lw1metzhBm9T3x7oIY= @@ -1265,8 +1270,9 @@ golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -1343,8 +1349,9 @@ golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.3 h1:L69ShwSZEyCsLKoAxDKeMvLDZkumEe8gXUZAjab0tX8= golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.5 h1:ouewzE6p+/VEB31YYnTbEJdi8pFqKp4P4n85vwo3DHA= +golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1454,8 +1461,9 @@ google.golang.org/genproto v0.0.0-20210427215850-f767ed18ee4d/go.mod h1:P3QM42oQ google.golang.org/genproto v0.0.0-20210429181445-86c259c2b4ab/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08 h1:pc16UedxnxXXtGxHCSUhafAoVHQZ0yXl8ZelMH4EETc= google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= +google.golang.org/genproto v0.0.0-20210719143636-1d5a45f8e492 h1:7yQQsvnwjfEahbNNEKcBHv3mR+HnB1ctGY/z1JXzx8M= +google.golang.org/genproto v0.0.0-20210719143636-1d5a45f8e492/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= @@ -1486,8 +1494,9 @@ google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.38.0 h1:/9BgsAsa5nWe26HqOlvlgJnqBuktYOLCgjCPqsa56W0= google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= +google.golang.org/grpc v1.39.0 h1:Klz8I9kdtkIN6EpHHUOMLCYhTn/2WAe5a0s1hcBkdTI= +google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= @@ -1519,8 +1528,9 @@ gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/natefinch/lumberjack.v2 v2.0.0 h1:1Lc07Kr7qY4U2YPouBjpCLxpiyxIVoxqXgkXLknAOE8= gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= -gopkg.in/square/go-jose.v2 v2.5.1 h1:7odma5RETjNHWJnR32wx8t+Io4djHE1PqxCFx3iiZ2w= gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= +gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI= +gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/src-d/go-billy.v4 v4.3.2/go.mod h1:nDjArDMp+XMs1aFAESLRjfGSgfvoYN0hDfzEk0GjC98= gopkg.in/src-d/go-git-fixtures.v3 v3.5.0/go.mod h1:dLBcvytrw/TYZsNTWCnkNF2DSIlzWYqTe3rJR56Ac7g= gopkg.in/src-d/go-git.v4 v4.13.1/go.mod h1:nx5NYcxdKxq5fpltdHnPa2Exj4Sx0EclMWZQbYDu2z8= From 95c035060f66577f52158312c75ca379d7ddc21e Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 13 Oct 2021 17:58:20 -0600 Subject: [PATCH 0480/1498] map: Fix regex mappings It didn't really make sense how we were doing them before. See https://caddy.community/t/map-directive-and-regular-expressions/13866/6?u=matt --- modules/caddyhttp/map/map.go | 6 +- modules/caddyhttp/map/map_test.go | 96 +++++++++++++++++++++++++++++++ 2 files changed, 101 insertions(+), 1 deletion(-) create mode 100644 modules/caddyhttp/map/map_test.go diff --git a/modules/caddyhttp/map/map.go b/modules/caddyhttp/map/map.go index a0e07687..670a55bd 100644 --- a/modules/caddyhttp/map/map.go +++ b/modules/caddyhttp/map/map.go @@ -136,7 +136,11 @@ func (h Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhtt if output := m.Outputs[destIdx]; output == nil { continue } else { - output = m.re.ReplaceAllString(input, m.Outputs[destIdx].(string)) + var result []byte + for _, submatches := range m.re.FindAllStringSubmatchIndex(input, -1) { + result = m.re.ExpandString(result, m.Outputs[destIdx].(string), input, submatches) + } + output = string(result) return output, true } } diff --git a/modules/caddyhttp/map/map_test.go b/modules/caddyhttp/map/map_test.go new file mode 100644 index 00000000..59e5c5ef --- /dev/null +++ b/modules/caddyhttp/map/map_test.go @@ -0,0 +1,96 @@ +package maphandler + +import ( + "context" + "net/http" + "net/http/httptest" + "reflect" + "testing" + + "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/caddy/v2/modules/caddyhttp" +) + +func TestHandler(t *testing.T) { + for i, tc := range []struct { + handler Handler + reqPath string + expect map[string]interface{} + }{ + { + reqPath: "/foo", + handler: Handler{ + Source: "{http.request.uri.path}", + Destinations: []string{"{output}"}, + Mappings: []Mapping{ + { + Input: "/foo", + Outputs: []interface{}{"FOO"}, + }, + }, + }, + expect: map[string]interface{}{ + "output": "FOO", + }, + }, + { + reqPath: "/abcdef", + handler: Handler{ + Source: "{http.request.uri.path}", + Destinations: []string{"{output}"}, + Mappings: []Mapping{ + { + InputRegexp: "(/abc)", + Outputs: []interface{}{"ABC"}, + }, + }, + }, + expect: map[string]interface{}{ + "output": "ABC", + }, + }, + { + reqPath: "/ABCxyzDEF", + handler: Handler{ + Source: "{http.request.uri.path}", + Destinations: []string{"{output}"}, + Mappings: []Mapping{ + { + InputRegexp: "(xyz)", + Outputs: []interface{}{"...${1}..."}, + }, + }, + }, + expect: map[string]interface{}{ + "output": "...xyz...", + }, + }, + } { + if err := tc.handler.Provision(caddy.Context{}); err != nil { + t.Fatalf("Test %d: Provisioning handler: %v", i, err) + } + + req, err := http.NewRequest(http.MethodGet, tc.reqPath, nil) + if err != nil { + t.Fatalf("Test %d: Creating request: %v", i, err) + } + repl := caddyhttp.NewTestReplacer(req) + ctx := context.WithValue(req.Context(), caddy.ReplacerCtxKey, repl) + req = req.WithContext(ctx) + + rr := httptest.NewRecorder() + noop := caddyhttp.HandlerFunc(func(_ http.ResponseWriter, _ *http.Request) error { return nil }) + + if err := tc.handler.ServeHTTP(rr, req, noop); err != nil { + t.Errorf("Test %d: Handler returned error: %v", i, err) + continue + } + + for key, expected := range tc.expect { + actual, _ := repl.Get(key) + if !reflect.DeepEqual(actual, expected) { + t.Errorf("Test %d: Expected %#v but got %#v for {%s}", i, expected, actual, key) + } + } + } +} From 64f8b557b1b1d4ca869ee7e0cba91f09e86883ef Mon Sep 17 00:00:00 2001 From: "Y.Horie" Date: Sun, 17 Oct 2021 00:09:16 +0900 Subject: [PATCH 0481/1498] fileserver: Fix compression breaks using httpInclude (#4352) (#4358) --- modules/caddyhttp/templates/tplcontext.go | 1 + .../caddyhttp/templates/tplcontext_test.go | 98 +++++++++++++------ 2 files changed, 70 insertions(+), 29 deletions(-) diff --git a/modules/caddyhttp/templates/tplcontext.go b/modules/caddyhttp/templates/tplcontext.go index 71886c9a..b1646c12 100644 --- a/modules/caddyhttp/templates/tplcontext.go +++ b/modules/caddyhttp/templates/tplcontext.go @@ -160,6 +160,7 @@ func (c TemplateContext) funcHTTPInclude(uri string) (string, error) { } virtReq.Host = c.Req.Host virtReq.Header = c.Req.Header.Clone() + virtReq.Header.Set("Accept-Encoding", "identity") // https://github.com/caddyserver/caddy/issues/4352 virtReq.Trailer = c.Req.Trailer.Clone() virtReq.Header.Set(recursionPreventionHeader, strconv.Itoa(recursionCount)) diff --git a/modules/caddyhttp/templates/tplcontext_test.go b/modules/caddyhttp/templates/tplcontext_test.go index c2fe61f4..ddc8b99b 100644 --- a/modules/caddyhttp/templates/tplcontext_test.go +++ b/modules/caddyhttp/templates/tplcontext_test.go @@ -16,6 +16,7 @@ package templates import ( "bytes" + "context" "fmt" "net/http" "os" @@ -25,10 +26,49 @@ import ( "strings" "testing" "time" + + "github.com/caddyserver/caddy/v2/modules/caddyhttp" ) +type handle struct { +} + +func (h *handle) ServeHTTP(w http.ResponseWriter, r *http.Request) { + if r.Header.Get("Accept-Encoding") == "identity" { + w.Write([]byte("good contents")) + } else { + w.Write([]byte("bad cause Accept-Encoding: " + r.Header.Get("Accept-Encoding"))) + } +} + +func TestHTTPInclude(t *testing.T) { + tplContext := getContextOrFail(t) + for i, test := range []struct { + uri string + handler *handle + expect string + }{ + { + uri: "https://example.com/foo/bar", + handler: &handle{}, + expect: "good contents", + }, + } { + ctx := context.WithValue(tplContext.Req.Context(), caddyhttp.ServerCtxKey, test.handler) + tplContext.Req = tplContext.Req.WithContext(ctx) + tplContext.Req.Header.Add("Accept-Encoding", "gzip") + result, err := tplContext.funcHTTPInclude(test.uri) + if result != test.expect { + t.Errorf("Test %d: expected '%s' but got '%s'", i, test.expect, result) + } + if err != nil { + t.Errorf("Test %d: got error: %v", i, result) + } + } +} + func TestMarkdown(t *testing.T) { - context := getContextOrFail(t) + tplContext := getContextOrFail(t) for i, test := range []struct { body string @@ -39,7 +79,7 @@ func TestMarkdown(t *testing.T) { expect: "
    \n
  • str1
    • \n
  • str2
    • \n
\n", }, } { - result, err := context.funcMarkdown(test.body) + result, err := tplContext.funcMarkdown(test.body) if result != test.expect { t.Errorf("Test %d: expected '%s' but got '%s'", i, test.expect, result) } @@ -80,9 +120,9 @@ func TestCookie(t *testing.T) { expect: "cookieValue", }, } { - context := getContextOrFail(t) - context.Req.AddCookie(test.cookie) - actual := context.Cookie(test.cookieName) + tplContext := getContextOrFail(t) + tplContext.Req.AddCookie(test.cookie) + actual := tplContext.Cookie(test.cookieName) if actual != test.expect { t.Errorf("Test %d: Expected cookie value '%s' but got '%s' for cookie with name '%s'", i, test.expect, actual, test.cookieName) @@ -111,12 +151,12 @@ func TestImport(t *testing.T) { shouldErr: true, }, } { - context := getContextOrFail(t) + tplContext := getContextOrFail(t) var absFilePath string // create files for test case if test.fileName != "" { - absFilePath := filepath.Join(fmt.Sprintf("%s", context.Root), test.fileName) + absFilePath := filepath.Join(fmt.Sprintf("%s", tplContext.Root), test.fileName) if err := os.WriteFile(absFilePath, []byte(test.fileContent), os.ModePerm); err != nil { os.Remove(absFilePath) t.Fatalf("Test %d: Expected no error creating file, got: '%s'", i, err.Error()) @@ -124,9 +164,9 @@ func TestImport(t *testing.T) { } // perform test - context.NewTemplate("parent") - actual, err := context.funcImport(test.fileName) - templateWasDefined := strings.Contains(context.tpl.DefinedTemplates(), test.expect) + tplContext.NewTemplate("parent") + actual, err := tplContext.funcImport(test.fileName) + templateWasDefined := strings.Contains(tplContext.tpl.DefinedTemplates(), test.expect) if err != nil { if !test.shouldErr { t.Errorf("Test %d: Expected no error, got: '%s'", i, err) @@ -135,7 +175,7 @@ func TestImport(t *testing.T) { t.Errorf("Test %d: Expected error but had none", i) } else if !templateWasDefined && actual != "" { // template should be defined, return value should be an empty string - t.Errorf("Test %d: Expected template %s to be define but got %s", i, test.expect, context.tpl.DefinedTemplates()) + t.Errorf("Test %d: Expected template %s to be define but got %s", i, test.expect, tplContext.tpl.DefinedTemplates()) } @@ -191,12 +231,12 @@ func TestInclude(t *testing.T) { args: "text", }, } { - context := getContextOrFail(t) + tplContext := getContextOrFail(t) var absFilePath string // create files for test case if test.fileName != "" { - absFilePath := filepath.Join(fmt.Sprintf("%s", context.Root), test.fileName) + absFilePath := filepath.Join(fmt.Sprintf("%s", tplContext.Root), test.fileName) if err := os.WriteFile(absFilePath, []byte(test.fileContent), os.ModePerm); err != nil { os.Remove(absFilePath) t.Fatalf("Test %d: Expected no error creating file, got: '%s'", i, err.Error()) @@ -204,7 +244,7 @@ func TestInclude(t *testing.T) { } // perform test - actual, err := context.funcInclude(test.fileName, test.args) + actual, err := tplContext.funcInclude(test.fileName, test.args) if err != nil { if !test.shouldErr { t.Errorf("Test %d: Expected no error, got: '%s'", i, err) @@ -225,12 +265,12 @@ func TestInclude(t *testing.T) { } func TestCookieMultipleCookies(t *testing.T) { - context := getContextOrFail(t) + tplContext := getContextOrFail(t) cookieNameBase, cookieValueBase := "cookieName", "cookieValue" for i := 0; i < 10; i++ { - context.Req.AddCookie(&http.Cookie{ + tplContext.Req.AddCookie(&http.Cookie{ Name: fmt.Sprintf("%s%d", cookieNameBase, i), Value: fmt.Sprintf("%s%d", cookieValueBase, i), }) @@ -238,7 +278,7 @@ func TestCookieMultipleCookies(t *testing.T) { for i := 0; i < 10; i++ { expectedCookieVal := fmt.Sprintf("%s%d", cookieValueBase, i) - actualCookieVal := context.Cookie(fmt.Sprintf("%s%d", cookieNameBase, i)) + actualCookieVal := tplContext.Cookie(fmt.Sprintf("%s%d", cookieNameBase, i)) if actualCookieVal != expectedCookieVal { t.Errorf("Expected cookie value %s, found %s", expectedCookieVal, actualCookieVal) } @@ -246,7 +286,7 @@ func TestCookieMultipleCookies(t *testing.T) { } func TestIP(t *testing.T) { - context := getContextOrFail(t) + tplContext := getContextOrFail(t) for i, test := range []struct { inputRemoteAddr string expect string @@ -257,15 +297,15 @@ func TestIP(t *testing.T) { {"[2001:db8:a0b:12f0::1]", "[2001:db8:a0b:12f0::1]"}, {`[fe80:1::3%eth0]:44`, `fe80:1::3%eth0`}, } { - context.Req.RemoteAddr = test.inputRemoteAddr - if actual := context.RemoteIP(); actual != test.expect { + tplContext.Req.RemoteAddr = test.inputRemoteAddr + if actual := tplContext.RemoteIP(); actual != test.expect { t.Errorf("Test %d: Expected %s but got %s", i, test.expect, actual) } } } func TestStripHTML(t *testing.T) { - context := getContextOrFail(t) + tplContext := getContextOrFail(t) for i, test := range []struct { input string @@ -302,7 +342,7 @@ func TestStripHTML(t *testing.T) { expect: ` Date: Mon, 18 Oct 2021 14:00:43 -0400 Subject: [PATCH 0482/1498] reverseproxy: Prevent copying the response if a response handler ran (#4388) --- .../caddyhttp/reverseproxy/reverseproxy.go | 39 +++++++++++++------ 1 file changed, 27 insertions(+), 12 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 360b018e..e626962e 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -614,6 +614,11 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, repl * res.Body = h.bufferedBody(res.Body) } + // the response body may get closed by a response handler, + // and we need to keep track to make sure we don't try to copy + // the response if it was already closed + bodyClosed := false + // see if any response handler is configured for this response from the backend for i, rh := range h.HandleResponse { if rh.Match != nil && !rh.Match.Match(res.StatusCode, res.Header) { @@ -638,8 +643,6 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, repl * continue } - res.Body.Close() - // set up the replacer so that parts of the original response can be // used for routing decisions for field, value := range res.Header { @@ -649,7 +652,17 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, repl * repl.Set("http.reverse_proxy.status_text", res.Status) h.logger.Debug("handling response", zap.Int("handler", i)) - if routeErr := rh.Routes.Compile(next).ServeHTTP(rw, req); routeErr != nil { + + // pass the request through the response handler routes + routeErr := rh.Routes.Compile(next).ServeHTTP(rw, req) + + // always close the response body afterwards since it's expected + // that the response handler routes will have written to the + // response writer with a new body + res.Body.Close() + bodyClosed = true + + if routeErr != nil { // wrap error in roundtripSucceeded so caller knows that // the roundtrip was successful and to not retry return roundtripSucceeded{routeErr} @@ -690,15 +703,17 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, repl * } rw.WriteHeader(res.StatusCode) - err = h.copyResponse(rw, res.Body, h.flushInterval(req, res)) - res.Body.Close() // close now, instead of defer, to populate res.Trailer - if err != nil { - // we're streaming the response and we've already written headers, so - // there's nothing an error handler can do to recover at this point; - // the standard lib's proxy panics at this point, but we'll just log - // the error and abort the stream here - h.logger.Error("aborting with incomplete response", zap.Error(err)) - return nil + if !bodyClosed { + err = h.copyResponse(rw, res.Body, h.flushInterval(req, res)) + res.Body.Close() // close now, instead of defer, to populate res.Trailer + if err != nil { + // we're streaming the response and we've already written headers, so + // there's nothing an error handler can do to recover at this point; + // the standard lib's proxy panics at this point, but we'll just log + // the error and abort the stream here + h.logger.Error("aborting with incomplete response", zap.Error(err)) + return nil + } } if len(res.Trailer) > 0 { From 062657d0d80aa1c2e3af51414db634f49c9a03a0 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 18 Oct 2021 14:19:04 -0400 Subject: [PATCH 0483/1498] caddycmd: Add `--skip-standard` to `list-modules` command, quieter output (#4386) * caddycmd: Add --skip-standard to list-modules command, quieter output * caddycmd: Also quiet `caddy upgrade` output, redundant information --- cmd/commandfuncs.go | 24 ++++++++++++++++-------- cmd/commands.go | 1 + cmd/packagesfuncs.go | 2 +- 3 files changed, 18 insertions(+), 9 deletions(-) diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go index cc3f65c7..bc62f281 100644 --- a/cmd/commandfuncs.go +++ b/cmd/commandfuncs.go @@ -360,6 +360,7 @@ func cmdBuildInfo(fl Flags) (int, error) { func cmdListModules(fl Flags) (int, error) { packages := fl.Bool("packages") versions := fl.Bool("versions") + skipStandard := fl.Bool("skip-standard") printModuleInfo := func(mi moduleInfo) { fmt.Print(mi.caddyModuleID) @@ -388,14 +389,19 @@ func cmdListModules(fl Flags) (int, error) { return caddy.ExitCodeSuccess, nil } - if len(standard) > 0 { - for _, mod := range standard { - printModuleInfo(mod) - } - } - fmt.Printf("\n Standard modules: %d\n", len(standard)) - if len(nonstandard) > 0 { + // Standard modules (always shipped with Caddy) + if !skipStandard { if len(standard) > 0 { + for _, mod := range standard { + printModuleInfo(mod) + } + } + fmt.Printf("\n Standard modules: %d\n", len(standard)) + } + + // Non-standard modules (third party plugins) + if len(nonstandard) > 0 { + if len(standard) > 0 && !skipStandard { fmt.Println() } for _, mod := range nonstandard { @@ -403,8 +409,10 @@ func cmdListModules(fl Flags) (int, error) { } } fmt.Printf("\n Non-standard modules: %d\n", len(nonstandard)) + + // Unknown modules (couldn't get Caddy module info) if len(unknown) > 0 { - if len(standard) > 0 || len(nonstandard) > 0 { + if (len(standard) > 0 && !skipStandard) || len(nonstandard) > 0 { fmt.Println() } for _, mod := range unknown { diff --git a/cmd/commands.go b/cmd/commands.go index 7b184fd7..f5624304 100644 --- a/cmd/commands.go +++ b/cmd/commands.go @@ -208,6 +208,7 @@ config file; otherwise the default is assumed.`, fs := flag.NewFlagSet("list-modules", flag.ExitOnError) fs.Bool("packages", false, "Print package paths") fs.Bool("versions", false, "Print version information") + fs.Bool("skip-standard", false, "Skip printing standard modules") return fs }(), }) diff --git a/cmd/packagesfuncs.go b/cmd/packagesfuncs.go index 6aaf52bf..c4f41eaa 100644 --- a/cmd/packagesfuncs.go +++ b/cmd/packagesfuncs.go @@ -220,7 +220,7 @@ func getModules() (standard, nonstandard, unknown []moduleInfo, err error) { } func listModules(path string) error { - cmd := exec.Command(path, "list-modules", "--versions") + cmd := exec.Command(path, "list-modules", "--versions", "--skip-standard") cmd.Stdout = os.Stdout cmd.Stderr = os.Stderr err := cmd.Run() From a2119c09e95eeb871c2b30046f596d61257b108c Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 19 Oct 2021 12:25:36 -0600 Subject: [PATCH 0484/1498] map: Fix 95c03506 (avoid repeated expansions) --- modules/caddyhttp/map/map.go | 28 +++++++++++----------------- modules/caddyhttp/map/map_test.go | 27 ++++++++++++++++++++++----- 2 files changed, 33 insertions(+), 22 deletions(-) diff --git a/modules/caddyhttp/map/map.go b/modules/caddyhttp/map/map.go index 670a55bd..83949550 100644 --- a/modules/caddyhttp/map/map.go +++ b/modules/caddyhttp/map/map.go @@ -131,27 +131,21 @@ func (h Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhtt // find the first mapping matching the input and return // the requested destination/output value for _, m := range h.Mappings { - if m.re != nil { - if m.re.MatchString(input) { - if output := m.Outputs[destIdx]; output == nil { - continue - } else { - var result []byte - for _, submatches := range m.re.FindAllStringSubmatchIndex(input, -1) { - result = m.re.ExpandString(result, m.Outputs[destIdx].(string), input, submatches) - } - output = string(result) - return output, true - } - } + output := m.Outputs[destIdx] + if output == nil { continue } - if input == m.Input { - if output := m.Outputs[destIdx]; output == nil { + if m.re != nil { + var result []byte + matches := m.re.FindStringSubmatchIndex(input) + if matches == nil { continue - } else { - return output, true } + result = m.re.ExpandString(result, output.(string), input, matches) + return string(result), true + } + if input == m.Input { + return output, true } } diff --git a/modules/caddyhttp/map/map_test.go b/modules/caddyhttp/map/map_test.go index 59e5c5ef..2789459b 100644 --- a/modules/caddyhttp/map/map_test.go +++ b/modules/caddyhttp/map/map_test.go @@ -14,11 +14,11 @@ import ( func TestHandler(t *testing.T) { for i, tc := range []struct { handler Handler - reqPath string + reqURI string expect map[string]interface{} }{ { - reqPath: "/foo", + reqURI: "/foo", handler: Handler{ Source: "{http.request.uri.path}", Destinations: []string{"{output}"}, @@ -34,7 +34,7 @@ func TestHandler(t *testing.T) { }, }, { - reqPath: "/abcdef", + reqURI: "/abcdef", handler: Handler{ Source: "{http.request.uri.path}", Destinations: []string{"{output}"}, @@ -50,7 +50,7 @@ func TestHandler(t *testing.T) { }, }, { - reqPath: "/ABCxyzDEF", + reqURI: "/ABCxyzDEF", handler: Handler{ Source: "{http.request.uri.path}", Destinations: []string{"{output}"}, @@ -65,12 +65,29 @@ func TestHandler(t *testing.T) { "output": "...xyz...", }, }, + { + // Test case from https://caddy.community/t/map-directive-and-regular-expressions/13866/14?u=matt + reqURI: "/?s=0%27+AND+%28SELECT+0+FROM+%28SELECT+count%28%2A%29%2C+CONCAT%28%28SELECT+%40%40version%29%2C+0x23%2C+FLOOR%28RAND%280%29%2A2%29%29+AS+x+FROM+information_schema.columns+GROUP+BY+x%29+y%29+-+-+%27", + handler: Handler{ + Source: "{http.request.uri}", + Destinations: []string{"{output}"}, + Mappings: []Mapping{ + { + InputRegexp: "(?i)(\\^|`|<|>|%|\\\\|\\{|\\}|\\|)", + Outputs: []interface{}{"3"}, + }, + }, + }, + expect: map[string]interface{}{ + "output": "3", + }, + }, } { if err := tc.handler.Provision(caddy.Context{}); err != nil { t.Fatalf("Test %d: Provisioning handler: %v", i, err) } - req, err := http.NewRequest(http.MethodGet, tc.reqPath, nil) + req, err := http.NewRequest(http.MethodGet, tc.reqURI, nil) if err != nil { t.Fatalf("Test %d: Creating request: %v", i, err) } From a21d5a001fbbe0764b748d6ae4c83a9a54cbd7b0 Mon Sep 17 00:00:00 2001 From: Klaus Helenius Date: Wed, 20 Oct 2021 19:15:58 +0300 Subject: [PATCH 0485/1498] fileserver: Prevent focusing filter from scrolling on page load (#4393) --- modules/caddyhttp/fileserver/browsetpl.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/caddyhttp/fileserver/browsetpl.go b/modules/caddyhttp/fileserver/browsetpl.go index 72b0ec67..06ef06d6 100644 --- a/modules/caddyhttp/fileserver/browsetpl.go +++ b/modules/caddyhttp/fileserver/browsetpl.go @@ -430,7 +430,7 @@ footer { -` + From b47af6ef04f818f41932e4152836d43a9be8fe07 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 15 Nov 2021 14:41:19 -0700 Subject: [PATCH 0496/1498] caddyfile: Copy input before parsing (fix #4422) --- caddyconfig/caddyfile/formatter_test.go | 5 ++++ caddyconfig/caddyfile/parse.go | 39 +++++++++++++++---------- 2 files changed, 28 insertions(+), 16 deletions(-) diff --git a/caddyconfig/caddyfile/formatter_test.go b/caddyconfig/caddyfile/formatter_test.go index 64cf6d21..8e5b3686 100644 --- a/caddyconfig/caddyfile/formatter_test.go +++ b/caddyconfig/caddyfile/formatter_test.go @@ -179,6 +179,11 @@ d { {$F} }`, }, + { + description: "env var placeholders with port", + input: `:{$PORT}`, + expect: `:{$PORT}`, + }, { description: "comments", input: `#a "\n" diff --git a/caddyconfig/caddyfile/parse.go b/caddyconfig/caddyfile/parse.go index 8591759b..1e694f9f 100755 --- a/caddyconfig/caddyfile/parse.go +++ b/caddyconfig/caddyfile/parse.go @@ -37,7 +37,13 @@ import ( // Environment variables in {$ENVIRONMENT_VARIABLE} notation // will be replaced before parsing begins. func Parse(filename string, input []byte) ([]ServerBlock, error) { - tokens, err := allTokens(filename, input) + // unfortunately, we must copy the input because parsing must + // remain a read-only operation, but we have to expand environment + // variables before we parse, which changes the underlying array (#4422) + inputCopy := make([]byte, len(input)) + copy(inputCopy, input) + + tokens, err := allTokens(filename, inputCopy) if err != nil { return nil, err } @@ -51,7 +57,23 @@ func Parse(filename string, input []byte) ([]ServerBlock, error) { return p.parseAll() } +// allTokens lexes the entire input, but does not parse it. +// It returns all the tokens from the input, unstructured +// and in order. It may mutate input as it expands env vars. +func allTokens(filename string, input []byte) ([]Token, error) { + inputCopy, err := replaceEnvVars(input) + if err != nil { + return nil, err + } + tokens, err := Tokenize(inputCopy, filename) + if err != nil { + return nil, err + } + return tokens, nil +} + // replaceEnvVars replaces all occurrences of environment variables. +// It mutates the underlying array and returns the updated slice. func replaceEnvVars(input []byte) ([]byte, error) { var offset int for { @@ -96,21 +118,6 @@ func replaceEnvVars(input []byte) ([]byte, error) { return input, nil } -// allTokens lexes the entire input, but does not parse it. -// It returns all the tokens from the input, unstructured -// and in order. -func allTokens(filename string, input []byte) ([]Token, error) { - input, err := replaceEnvVars(input) - if err != nil { - return nil, err - } - tokens, err := Tokenize(input, filename) - if err != nil { - return nil, err - } - return tokens, nil -} - type parser struct { *Dispenser block ServerBlock // current server block being parsed From 7f364c777acfc1a0c8c3c62d9c3ad001fb1ea6df Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 16 Nov 2021 13:08:22 -0700 Subject: [PATCH 0497/1498] core: Load config at interval instead of just once --- caddy.go | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/caddy.go b/caddy.go index a7e99c11..bee4274c 100644 --- a/caddy.go +++ b/caddy.go @@ -493,17 +493,20 @@ func finishSettingUp(ctx Context, cfg *Config) error { } if cfg.Admin.Config.LoadInterval > 0 { go func() { - select { - // if LoadInterval is positive, will wait for the interval and then run with new config - case <-time.After(time.Duration(cfg.Admin.Config.LoadInterval)): - loadedConfig, err := val.(ConfigLoader).LoadConfig(ctx) - if err != nil { - Log().Error("loading dynamic config failed", zap.Error(err)) + for { + select { + // if LoadInterval is positive, will wait for the interval and then run with new config + case <-time.After(time.Duration(cfg.Admin.Config.LoadInterval)): + loadedConfig, err := val.(ConfigLoader).LoadConfig(ctx) + if err != nil { + Log().Error("loading dynamic config failed", zap.Error(err)) + return + } + runLoadedConfig(loadedConfig) + case <-ctx.Done(): + Log().Info("stopping config load interval") return } - runLoadedConfig(loadedConfig) - case <-ctx.Done(): - return } }() } else { From 7d5047c1f190421528695e1cc3a4ad71c97eb022 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 22 Nov 2021 11:31:50 -0700 Subject: [PATCH 0498/1498] caddyhttp: Log empty value for typical password headers Work around for common misconfiguration --- modules/caddyhttp/marshalers.go | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/modules/caddyhttp/marshalers.go b/modules/caddyhttp/marshalers.go index 8001bd8f..bbb703cc 100644 --- a/modules/caddyhttp/marshalers.go +++ b/modules/caddyhttp/marshalers.go @@ -17,6 +17,7 @@ package caddyhttp import ( "crypto/tls" "net/http" + "strings" "go.uber.org/zap/zapcore" ) @@ -39,6 +40,8 @@ func (r LoggableHTTPRequest) MarshalLogObject(enc zapcore.ObjectEncoder) error { } // LoggableHTTPHeader makes an HTTP header loggable with zap.Object(). +// Headers with potentially sensitive information (Cookie, Authorization, +// and Proxy-Authorization) are logged with empty values. type LoggableHTTPHeader http.Header // MarshalLogObject satisfies the zapcore.ObjectMarshaler interface. @@ -47,6 +50,10 @@ func (h LoggableHTTPHeader) MarshalLogObject(enc zapcore.ObjectEncoder) error { return nil } for key, val := range h { + switch strings.ToLower(key) { + case "cookie", "authorization", "proxy-authorization": + val = []string{} + } enc.AddArray(key, LoggableStringArray(val)) } return nil @@ -75,8 +82,6 @@ func (t LoggableTLSConnState) MarshalLogObject(enc zapcore.ObjectEncoder) error enc.AddUint16("version", t.Version) enc.AddUint16("cipher_suite", t.CipherSuite) enc.AddString("proto", t.NegotiatedProtocol) - // NegotiatedProtocolIsMutual is deprecated - it's always true - enc.AddBool("proto_mutual", true) enc.AddString("server_name", t.ServerName) if len(t.PeerCertificates) > 0 { enc.AddString("client_common_name", t.PeerCertificates[0].Subject.CommonName) From eead337324593ef5cd30ebce2be26da84de00787 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 22 Nov 2021 13:58:25 -0500 Subject: [PATCH 0499/1498] caddyhttp: Log non-500 handler errors at debug level (#4429) Fixes #4428 It's best to still log handler errors at debug level so that they're hidden by default, but still accessible if additional details are necessary. --- modules/caddyhttp/server.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index 80948325..26384af1 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -244,6 +244,8 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { // successfully, so now just log the error if errStatus >= 500 { logger.Error(errMsg, errFields...) + } else { + logger.Debug(errMsg, errFields...) } } else { // well... this is awkward @@ -262,6 +264,8 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { } else { if errStatus >= 500 { logger.Error(errMsg, errFields...) + } else { + logger.Debug(errMsg, errFields...) } w.WriteHeader(errStatus) } From c8b5a81607c9c2799f46f42154ee311884723aa4 Mon Sep 17 00:00:00 2001 From: Jeremy Lin Date: Mon, 22 Nov 2021 13:59:09 -0800 Subject: [PATCH 0500/1498] fileserver: Fix handling of symlink sizes in directory listings (#4415) --- modules/caddyhttp/fileserver/browse.go | 7 +------ .../caddyhttp/fileserver/browsetplcontext.go | 19 ++++++++++++------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/modules/caddyhttp/fileserver/browse.go b/modules/caddyhttp/fileserver/browse.go index bd4de3ae..d076aec3 100644 --- a/modules/caddyhttp/fileserver/browse.go +++ b/modules/caddyhttp/fileserver/browse.go @@ -141,12 +141,7 @@ func (fsrv *FileServer) loadDirectoryContents(dir *os.File, root, urlPath string // user can presumably browse "up" to parent folder if path is longer than "/" canGoUp := len(urlPath) > 1 - l, err := fsrv.directoryListing(files, canGoUp, root, urlPath, repl) - if err != nil { - return browseTemplateContext{}, err - } - - return l, nil + return fsrv.directoryListing(files, canGoUp, root, urlPath, repl), nil } // browseApplyQueryParams applies query parameters to the listing. diff --git a/modules/caddyhttp/fileserver/browsetplcontext.go b/modules/caddyhttp/fileserver/browsetplcontext.go index 7dc4f080..2c57e529 100644 --- a/modules/caddyhttp/fileserver/browsetplcontext.go +++ b/modules/caddyhttp/fileserver/browsetplcontext.go @@ -24,10 +24,11 @@ import ( "time" "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/caddy/v2/modules/caddyhttp" "github.com/dustin/go-humanize" ) -func (fsrv *FileServer) directoryListing(files []os.FileInfo, canGoUp bool, root, urlPath string, repl *caddy.Replacer) (browseTemplateContext, error) { +func (fsrv *FileServer) directoryListing(files []os.FileInfo, canGoUp bool, root, urlPath string, repl *caddy.Replacer) browseTemplateContext { filesToHide := fsrv.transformHidePaths(repl) var dirCount, fileCount int @@ -52,14 +53,18 @@ func (fsrv *FileServer) directoryListing(files []os.FileInfo, canGoUp bool, root fileCount++ } - fileIsSymlink := isSymlink(f) size := f.Size() + fileIsSymlink := isSymlink(f) if fileIsSymlink { - info, err := os.Stat(name) - if err != nil { - return browseTemplateContext{}, err + path := caddyhttp.SanitizedPathJoin(root, path.Join(urlPath, f.Name())) + fileInfo, err := os.Stat(path) + if err == nil { + size = fileInfo.Size() } - size = info.Size() + // An error most likely means the symlink target doesn't exist, + // which isn't entirely unusual and shouldn't fail the listing. + // In this case, just use the size of the symlink itself, which + // was already set above. } fileInfos = append(fileInfos, fileInfo{ @@ -80,7 +85,7 @@ func (fsrv *FileServer) directoryListing(files []os.FileInfo, canGoUp bool, root Items: fileInfos, NumDirs: dirCount, NumFiles: fileCount, - }, nil + } } // browseTemplateContext provides the template context for directory listings. From 1e10f6f725189a371a923a329084f1c3f608ae38 Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Tue, 23 Nov 2021 11:13:09 +0300 Subject: [PATCH 0501/1498] fileserver: browse: do not encode the paths in breadcrumbs and page title (#4410) --- modules/caddyhttp/fileserver/browsetplcontext.go | 9 ++++++--- .../caddyhttp/fileserver/browsetplcontext_test.go | 13 +++++++++++++ 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/modules/caddyhttp/fileserver/browsetplcontext.go b/modules/caddyhttp/fileserver/browsetplcontext.go index 2c57e529..b1b8e9e7 100644 --- a/modules/caddyhttp/fileserver/browsetplcontext.go +++ b/modules/caddyhttp/fileserver/browsetplcontext.go @@ -77,9 +77,9 @@ func (fsrv *FileServer) directoryListing(files []os.FileInfo, canGoUp bool, root Mode: f.Mode(), }) } - + name, _ := url.PathUnescape(urlPath) return browseTemplateContext{ - Name: path.Base(urlPath), + Name: path.Base(name), Path: urlPath, CanGoUp: canGoUp, Items: fileInfos, @@ -133,13 +133,16 @@ func (l browseTemplateContext) Breadcrumbs() []crumb { if lpath[len(lpath)-1] == '/' { lpath = lpath[:len(lpath)-1] } - parts := strings.Split(lpath, "/") result := make([]crumb, len(parts)) for i, p := range parts { if i == 0 && p == "" { p = "/" } + // the directory name could include an encoded slash in its path, + // so the item name should be unescaped in the loop rather than unescaping the + // entire path outside the loop. + p, _ = url.PathUnescape(p) lnk := strings.Repeat("../", len(parts)-i-1) result[i] = crumb{Link: lnk, Text: p} } diff --git a/modules/caddyhttp/fileserver/browsetplcontext_test.go b/modules/caddyhttp/fileserver/browsetplcontext_test.go index 01e6c8f1..9f0d08e1 100644 --- a/modules/caddyhttp/fileserver/browsetplcontext_test.go +++ b/modules/caddyhttp/fileserver/browsetplcontext_test.go @@ -36,6 +36,19 @@ func TestBreadcrumbs(t *testing.T) { {Link: "../", Text: "quux"}, {Link: "", Text: "corge"}, }}, + {"/مجلد/", []crumb{ + {Link: "../", Text: "/"}, + {Link: "", Text: "مجلد"}, + }}, + {"/مجلد-1/مجلد-2", []crumb{ + {Link: "../../", Text: "/"}, + {Link: "../", Text: "مجلد-1"}, + {Link: "", Text: "مجلد-2"}, + }}, + {"/مجلد%2F1", []crumb{ + {Link: "../", Text: "/"}, + {Link: "", Text: "مجلد/1"}, + }}, } for _, d := range testdata { From bcac2beee7e419f8cdab2ed16f388d1af282a46b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Dunglas?= Date: Tue, 23 Nov 2021 10:01:43 +0100 Subject: [PATCH 0502/1498] logging: add a filter for query parameters (#4424) Co-authored-by: Matt Holt Co-authored-by: Francis Lavoie --- .../caddyfile_adapt/log_filters.txt | 18 +++ modules/logging/filters.go | 130 ++++++++++++++++++ modules/logging/filters_test.go | 41 ++++++ 3 files changed, 189 insertions(+) create mode 100644 modules/logging/filters_test.go diff --git a/caddytest/integration/caddyfile_adapt/log_filters.txt b/caddytest/integration/caddyfile_adapt/log_filters.txt index 0949c1d4..7873b1c9 100644 --- a/caddytest/integration/caddyfile_adapt/log_filters.txt +++ b/caddytest/integration/caddyfile_adapt/log_filters.txt @@ -5,6 +5,10 @@ log { format filter { wrap console fields { + uri query { + replace foo REDACTED + delete bar + } request>headers>Authorization replace REDACTED request>headers>Server delete request>remote_addr ip_mask { @@ -40,6 +44,20 @@ log { "filter": "ip_mask", "ipv4_cidr": 24, "ipv6_cidr": 32 + }, + "uri": { + "actions": [ + { + "parameter": "foo", + "type": "replace", + "value": "REDACTED" + }, + { + "parameter": "bar", + "type": "delete" + } + ], + "filter": "query" } }, "format": "filter", diff --git a/modules/logging/filters.go b/modules/logging/filters.go index ef5a4cb9..ceb0d8ac 100644 --- a/modules/logging/filters.go +++ b/modules/logging/filters.go @@ -15,7 +15,9 @@ package logging import ( + "errors" "net" + "net/url" "strconv" "github.com/caddyserver/caddy/v2" @@ -27,6 +29,7 @@ func init() { caddy.RegisterModule(DeleteFilter{}) caddy.RegisterModule(ReplaceFilter{}) caddy.RegisterModule(IPMaskFilter{}) + caddy.RegisterModule(QueryFilter{}) } // LogFieldFilter can filter (or manipulate) @@ -185,15 +188,142 @@ func (m IPMaskFilter) Filter(in zapcore.Field) zapcore.Field { return in } +type filterAction string + +const ( + // Replace value(s) of query parameter(s). + replaceAction filterAction = "replace" + // Delete query parameter(s). + deleteAction filterAction = "delete" +) + +func (a filterAction) IsValid() error { + switch a { + case replaceAction, deleteAction: + return nil + } + + return errors.New("invalid action type") +} + +type queryFilterAction struct { + // `replace` to replace the value(s) associated with the parameter(s) or `delete` to remove them entirely. + Type filterAction `json:"type"` + + // The name of the query parameter. + Parameter string `json:"parameter"` + + // The value to use as replacement if the action is `replace`. + Value string `json:"value,omitempty"` +} + +// QueryFilter is a Caddy log field filter that filters +// query parameters from a URL. +// +// This filter updates the logged URL string to remove or replace query +// parameters containing sensitive data. For instance, it can be used +// to redact any kind of secrets which were passed as query parameters, +// such as OAuth access tokens, session IDs, magic link tokens, etc. +type QueryFilter struct { + // A list of actions to apply to the query parameters of the URL. + Actions []queryFilterAction `json:"actions"` +} + +// Validate checks that action types are correct. +func (f *QueryFilter) Validate() error { + for _, a := range f.Actions { + if err := a.Type.IsValid(); err != nil { + return err + } + } + + return nil +} + +// CaddyModule returns the Caddy module information. +func (QueryFilter) CaddyModule() caddy.ModuleInfo { + return caddy.ModuleInfo{ + ID: "caddy.logging.encoders.filter.query", + New: func() caddy.Module { return new(QueryFilter) }, + } +} + +// UnmarshalCaddyfile sets up the module from Caddyfile tokens. +func (m *QueryFilter) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + for d.Next() { + for d.NextBlock(0) { + qfa := queryFilterAction{} + switch d.Val() { + case "replace": + if !d.NextArg() { + return d.ArgErr() + } + + qfa.Type = replaceAction + qfa.Parameter = d.Val() + + if !d.NextArg() { + return d.ArgErr() + } + qfa.Value = d.Val() + + case "delete": + if !d.NextArg() { + return d.ArgErr() + } + + qfa.Type = deleteAction + qfa.Parameter = d.Val() + + default: + return d.Errf("unrecognized subdirective %s", d.Val()) + } + + m.Actions = append(m.Actions, qfa) + } + } + return nil +} + +// Filter filters the input field. +func (m QueryFilter) Filter(in zapcore.Field) zapcore.Field { + u, err := url.Parse(in.String) + if err != nil { + return in + } + + q := u.Query() + for _, a := range m.Actions { + switch a.Type { + case replaceAction: + for i := range q[a.Parameter] { + q[a.Parameter][i] = a.Value + } + + case deleteAction: + q.Del(a.Parameter) + } + } + + u.RawQuery = q.Encode() + in.String = u.String() + + return in +} + // Interface guards var ( _ LogFieldFilter = (*DeleteFilter)(nil) _ LogFieldFilter = (*ReplaceFilter)(nil) _ LogFieldFilter = (*IPMaskFilter)(nil) + _ LogFieldFilter = (*QueryFilter)(nil) _ caddyfile.Unmarshaler = (*DeleteFilter)(nil) _ caddyfile.Unmarshaler = (*ReplaceFilter)(nil) _ caddyfile.Unmarshaler = (*IPMaskFilter)(nil) + _ caddyfile.Unmarshaler = (*QueryFilter)(nil) _ caddy.Provisioner = (*IPMaskFilter)(nil) + + _ caddy.Validator = (*QueryFilter)(nil) ) diff --git a/modules/logging/filters_test.go b/modules/logging/filters_test.go new file mode 100644 index 00000000..883a1384 --- /dev/null +++ b/modules/logging/filters_test.go @@ -0,0 +1,41 @@ +package logging + +import ( + "testing" + + "go.uber.org/zap/zapcore" +) + +func TestQueryFilter(t *testing.T) { + f := QueryFilter{[]queryFilterAction{ + {replaceAction, "foo", "REDACTED"}, + {replaceAction, "notexist", "REDACTED"}, + {deleteAction, "bar", ""}, + {deleteAction, "notexist", ""}, + }} + + if f.Validate() != nil { + t.Fatalf("the filter must be valid") + } + + out := f.Filter(zapcore.Field{String: "/path?foo=a&foo=b&bar=c&bar=d&baz=e"}) + if out.String != "/path?baz=e&foo=REDACTED&foo=REDACTED" { + t.Fatalf("query parameters have not been filtered: %s", out.String) + } +} + +func TestValidateQueryFilter(t *testing.T) { + f := QueryFilter{[]queryFilterAction{ + {}, + }} + if f.Validate() == nil { + t.Fatalf("empty action type must be invalid") + } + + f = QueryFilter{[]queryFilterAction{ + {Type: "foo"}, + }} + if f.Validate() == nil { + t.Fatalf("unknown action type must be invalid") + } +} From 8887adb027982e844965b4707b8595cee5845d54 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Dunglas?= Date: Tue, 23 Nov 2021 17:40:20 +0100 Subject: [PATCH 0503/1498] logging: add a filter for cookies (#4425) * feat(logging): add a filter for cookies * Improve godoc and add validation --- .../caddyfile_adapt/log_filters.txt | 18 +++ modules/logging/filters.go | 117 ++++++++++++++++++ modules/logging/filters_test.go | 28 +++++ 3 files changed, 163 insertions(+) diff --git a/caddytest/integration/caddyfile_adapt/log_filters.txt b/caddytest/integration/caddyfile_adapt/log_filters.txt index 7873b1c9..2693e9c6 100644 --- a/caddytest/integration/caddyfile_adapt/log_filters.txt +++ b/caddytest/integration/caddyfile_adapt/log_filters.txt @@ -11,6 +11,10 @@ log { } request>headers>Authorization replace REDACTED request>headers>Server delete + request>headers>Cookie cookie { + replace foo REDACTED + delete bar + } request>remote_addr ip_mask { ipv4 24 ipv6 32 @@ -37,6 +41,20 @@ log { "filter": "replace", "value": "REDACTED" }, + "request\u003eheaders\u003eCookie": { + "actions": [ + { + "name": "foo", + "type": "replace", + "value": "REDACTED" + }, + { + "name": "bar", + "type": "delete" + } + ], + "filter": "cookie" + }, "request\u003eheaders\u003eServer": { "filter": "delete" }, diff --git a/modules/logging/filters.go b/modules/logging/filters.go index ceb0d8ac..cf3b5cc1 100644 --- a/modules/logging/filters.go +++ b/modules/logging/filters.go @@ -17,6 +17,7 @@ package logging import ( "errors" "net" + "net/http" "net/url" "strconv" @@ -30,6 +31,7 @@ func init() { caddy.RegisterModule(ReplaceFilter{}) caddy.RegisterModule(IPMaskFilter{}) caddy.RegisterModule(QueryFilter{}) + caddy.RegisterModule(CookieFilter{}) } // LogFieldFilter can filter (or manipulate) @@ -311,17 +313,132 @@ func (m QueryFilter) Filter(in zapcore.Field) zapcore.Field { return in } +type cookieFilterAction struct { + // `replace` to replace the value of the cookie or `delete` to remove it entirely. + Type filterAction `json:"type"` + + // The name of the cookie. + Name string `json:"name"` + + // The value to use as replacement if the action is `replace`. + Value string `json:"value,omitempty"` +} + +// CookieFilter is a Caddy log field filter that filters +// cookies. +// +// This filter updates the logged HTTP header string +// to remove or replace cookies containing sensitive data. For instance, +// it can be used to redact any kind of secrets, such as session IDs. +// +// If several actions are configured for the same cookie name, only the first +// will be applied. +type CookieFilter struct { + // A list of actions to apply to the cookies. + Actions []cookieFilterAction `json:"actions"` +} + +// Validate checks that action types are correct. +func (f *CookieFilter) Validate() error { + for _, a := range f.Actions { + if err := a.Type.IsValid(); err != nil { + return err + } + } + + return nil +} + +// CaddyModule returns the Caddy module information. +func (CookieFilter) CaddyModule() caddy.ModuleInfo { + return caddy.ModuleInfo{ + ID: "caddy.logging.encoders.filter.cookie", + New: func() caddy.Module { return new(CookieFilter) }, + } +} + +// UnmarshalCaddyfile sets up the module from Caddyfile tokens. +func (m *CookieFilter) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + for d.Next() { + for d.NextBlock(0) { + cfa := cookieFilterAction{} + switch d.Val() { + case "replace": + if !d.NextArg() { + return d.ArgErr() + } + + cfa.Type = replaceAction + cfa.Name = d.Val() + + if !d.NextArg() { + return d.ArgErr() + } + cfa.Value = d.Val() + + case "delete": + if !d.NextArg() { + return d.ArgErr() + } + + cfa.Type = deleteAction + cfa.Name = d.Val() + + default: + return d.Errf("unrecognized subdirective %s", d.Val()) + } + + m.Actions = append(m.Actions, cfa) + } + } + return nil +} + +// Filter filters the input field. +func (m CookieFilter) Filter(in zapcore.Field) zapcore.Field { + originRequest := http.Request{Header: http.Header{"Cookie": []string{in.String}}} + cookies := originRequest.Cookies() + transformedRequest := http.Request{Header: make(http.Header)} + +OUTER: + for _, c := range cookies { + for _, a := range m.Actions { + if c.Name != a.Name { + continue + } + + switch a.Type { + case replaceAction: + c.Value = a.Value + transformedRequest.AddCookie(c) + continue OUTER + + case deleteAction: + continue OUTER + } + } + + transformedRequest.AddCookie(c) + } + + in.String = transformedRequest.Header.Get("Cookie") + + return in +} + // Interface guards var ( _ LogFieldFilter = (*DeleteFilter)(nil) _ LogFieldFilter = (*ReplaceFilter)(nil) _ LogFieldFilter = (*IPMaskFilter)(nil) _ LogFieldFilter = (*QueryFilter)(nil) + _ LogFieldFilter = (*CookieFilter)(nil) _ caddyfile.Unmarshaler = (*DeleteFilter)(nil) _ caddyfile.Unmarshaler = (*ReplaceFilter)(nil) _ caddyfile.Unmarshaler = (*IPMaskFilter)(nil) _ caddyfile.Unmarshaler = (*QueryFilter)(nil) + _ caddyfile.Unmarshaler = (*CookieFilter)(nil) _ caddy.Provisioner = (*IPMaskFilter)(nil) diff --git a/modules/logging/filters_test.go b/modules/logging/filters_test.go index 883a1384..6871bea0 100644 --- a/modules/logging/filters_test.go +++ b/modules/logging/filters_test.go @@ -39,3 +39,31 @@ func TestValidateQueryFilter(t *testing.T) { t.Fatalf("unknown action type must be invalid") } } + +func TestCookieFilter(t *testing.T) { + f := CookieFilter{[]cookieFilterAction{ + {replaceAction, "foo", "REDACTED"}, + {deleteAction, "bar", ""}, + }} + + out := f.Filter(zapcore.Field{String: "foo=a; foo=b; bar=c; bar=d; baz=e"}) + if out.String != "foo=REDACTED; foo=REDACTED; baz=e" { + t.Fatalf("cookies have not been filtered: %s", out.String) + } +} + +func TestValidateCookieFilter(t *testing.T) { + f := CookieFilter{[]cookieFilterAction{ + {}, + }} + if f.Validate() == nil { + t.Fatalf("empty action type must be invalid") + } + + f = CookieFilter{[]cookieFilterAction{ + {Type: "foo"}, + }} + if f.Validate() == nil { + t.Fatalf("unknown action type must be invalid") + } +} From 789efa5deef53071b57479d37e4022bf372c4eef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Dunglas?= Date: Tue, 23 Nov 2021 18:00:20 +0100 Subject: [PATCH 0504/1498] logging: add a regexp filter (#4426) --- .../caddyfile_adapt/log_filters.txt | 6 ++ modules/logging/filters.go | 57 +++++++++++++++++++ modules/logging/filters_test.go | 11 ++++ 3 files changed, 74 insertions(+) diff --git a/caddytest/integration/caddyfile_adapt/log_filters.txt b/caddytest/integration/caddyfile_adapt/log_filters.txt index 2693e9c6..1bef4c21 100644 --- a/caddytest/integration/caddyfile_adapt/log_filters.txt +++ b/caddytest/integration/caddyfile_adapt/log_filters.txt @@ -19,6 +19,7 @@ log { ipv4 24 ipv6 32 } + request>headers>Regexp regexp secret REDACTED } } } @@ -55,6 +56,11 @@ log { ], "filter": "cookie" }, + "request\u003eheaders\u003eRegexp": { + "filter": "regexp", + "regexp": "secret", + "value": "REDACTED" + }, "request\u003eheaders\u003eServer": { "filter": "delete" }, diff --git a/modules/logging/filters.go b/modules/logging/filters.go index cf3b5cc1..ded08acb 100644 --- a/modules/logging/filters.go +++ b/modules/logging/filters.go @@ -19,6 +19,7 @@ import ( "net" "net/http" "net/url" + "regexp" "strconv" "github.com/caddyserver/caddy/v2" @@ -32,6 +33,7 @@ func init() { caddy.RegisterModule(IPMaskFilter{}) caddy.RegisterModule(QueryFilter{}) caddy.RegisterModule(CookieFilter{}) + caddy.RegisterModule(RegexpFilter{}) } // LogFieldFilter can filter (or manipulate) @@ -426,6 +428,58 @@ OUTER: return in } +// RegexpFilter is a Caddy log field filter that +// replaces the field matching the provided regexp with the indicated string. +type RegexpFilter struct { + // The regular expression pattern defining what to replace. + RawRegexp string `json:"regexp,omitempty"` + + // The value to use as replacement + Value string `json:"value,omitempty"` + + regexp *regexp.Regexp +} + +// CaddyModule returns the Caddy module information. +func (RegexpFilter) CaddyModule() caddy.ModuleInfo { + return caddy.ModuleInfo{ + ID: "caddy.logging.encoders.filter.regexp", + New: func() caddy.Module { return new(RegexpFilter) }, + } +} + +// UnmarshalCaddyfile sets up the module from Caddyfile tokens. +func (f *RegexpFilter) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + for d.Next() { + if d.NextArg() { + f.RawRegexp = d.Val() + } + if d.NextArg() { + f.Value = d.Val() + } + } + return nil +} + +// Provision compiles m's regexp. +func (m *RegexpFilter) Provision(ctx caddy.Context) error { + r, err := regexp.Compile(m.RawRegexp) + if err != nil { + return err + } + + m.regexp = r + + return nil +} + +// Filter filters the input field with the replacement value if it matches the regexp. +func (f *RegexpFilter) Filter(in zapcore.Field) zapcore.Field { + in.String = f.regexp.ReplaceAllString(in.String, f.Value) + + return in +} + // Interface guards var ( _ LogFieldFilter = (*DeleteFilter)(nil) @@ -433,14 +487,17 @@ var ( _ LogFieldFilter = (*IPMaskFilter)(nil) _ LogFieldFilter = (*QueryFilter)(nil) _ LogFieldFilter = (*CookieFilter)(nil) + _ LogFieldFilter = (*RegexpFilter)(nil) _ caddyfile.Unmarshaler = (*DeleteFilter)(nil) _ caddyfile.Unmarshaler = (*ReplaceFilter)(nil) _ caddyfile.Unmarshaler = (*IPMaskFilter)(nil) _ caddyfile.Unmarshaler = (*QueryFilter)(nil) _ caddyfile.Unmarshaler = (*CookieFilter)(nil) + _ caddyfile.Unmarshaler = (*RegexpFilter)(nil) _ caddy.Provisioner = (*IPMaskFilter)(nil) + _ caddy.Provisioner = (*RegexpFilter)(nil) _ caddy.Validator = (*QueryFilter)(nil) ) diff --git a/modules/logging/filters_test.go b/modules/logging/filters_test.go index 6871bea0..99289c3e 100644 --- a/modules/logging/filters_test.go +++ b/modules/logging/filters_test.go @@ -3,6 +3,7 @@ package logging import ( "testing" + "github.com/caddyserver/caddy/v2" "go.uber.org/zap/zapcore" ) @@ -67,3 +68,13 @@ func TestValidateCookieFilter(t *testing.T) { t.Fatalf("unknown action type must be invalid") } } + +func TestRegexpFilter(t *testing.T) { + f := RegexpFilter{RawRegexp: `secret`, Value: "REDACTED"} + f.Provision(caddy.Context{}) + + out := f.Filter(zapcore.Field{String: "foo-secret-bar"}) + if out.String != "foo-REDACTED-bar" { + t.Fatalf("field has not been filtered: %s", out.String) + } +} From 9ee68c1bd57d72e8a969f1da492bd51bfa5ed9a0 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 24 Nov 2021 01:32:25 -0500 Subject: [PATCH 0505/1498] reverseproxy: Adjust defaults, document defaults (#4436) * reverseproxy: Adjust defaults, document defaults Related to some of the issues in https://github.com/caddyserver/caddy/issues/4245, a complaint about the proxy transport defaults not being properly documented in https://caddy.community/t/default-values-for-directives/14254/6. - Dug into the stdlib to find the actual defaults for some of the timeouts and buffer limits, documenting them in godoc so the JSON docs get them next release. - Moved the keep-alive and dial-timeout defaults from `reverseproxy.go` to `httptransport.go`. It doesn't make sense to set defaults in the proxy, because then any time the transport is configured with non-defaults, the keep-alive and dial-timeout defaults are lost! - Sped up the dial timeout from 10s to 3s, in practice it rarely makes sense to wait a whole 10s for dialing. A shorter timeout helps a lot with the load balancer retries, so using something lower helps with user experience. * reverseproxy: Make keepalive interval configurable via Caddyfile * fastcgi: DialTimeout default for fastcgi transport too --- .../caddyfile_adapt/reverse_proxy_options.txt | 4 ++- modules/caddyhttp/reverseproxy/caddyfile.go | 15 ++++++++ .../caddyhttp/reverseproxy/fastcgi/fastcgi.go | 11 +++++- .../caddyhttp/reverseproxy/httptransport.go | 35 +++++++++++++------ .../caddyhttp/reverseproxy/reverseproxy.go | 9 +---- 5 files changed, 54 insertions(+), 20 deletions(-) diff --git a/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt b/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt index 544bb9ff..70e7af60 100644 --- a/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt +++ b/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt @@ -22,6 +22,7 @@ https://example.com { compression off max_conns_per_host 5 keepalive_idle_conns_per_host 2 + keepalive_interval 30s } } } @@ -80,7 +81,8 @@ https://example.com { "dial_timeout": 3000000000, "expect_continue_timeout": 9000000000, "keep_alive": { - "max_idle_conns_per_host": 2 + "max_idle_conns_per_host": 2, + "probe_interval": 30000000000 }, "max_conns_per_host": 5, "max_response_header_size": 30000000, diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index c7f555f8..c37efd07 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -806,7 +806,9 @@ func (h *Handler) FinalizeUnmarshalCaddyfile(helper httpcaddyfile.Helper) error // tls_trusted_ca_certs // tls_server_name // keepalive [off|] +// keepalive_interval // keepalive_idle_conns +// keepalive_idle_conns_per_host // versions // compression off // max_conns_per_host @@ -966,6 +968,19 @@ func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { } h.KeepAlive.IdleConnTimeout = caddy.Duration(dur) + case "keepalive_interval": + if !d.NextArg() { + return d.ArgErr() + } + dur, err := caddy.ParseDuration(d.Val()) + if err != nil { + return d.Errf("bad interval value '%s': %v", d.Val(), err) + } + if h.KeepAlive == nil { + h.KeepAlive = new(KeepAlive) + } + h.KeepAlive.ProbeInterval = caddy.Duration(dur) + case "keepalive_idle_conns": if !d.NextArg() { return d.ArgErr() diff --git a/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go b/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go index 40e0207f..05b776da 100644 --- a/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go +++ b/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go @@ -64,7 +64,7 @@ type Transport struct { // Extra environment variables. EnvVars map[string]string `json:"env,omitempty"` - // The duration used to set a deadline when connecting to an upstream. + // The duration used to set a deadline when connecting to an upstream. Default: `3s`. DialTimeout caddy.Duration `json:"dial_timeout,omitempty"` // The duration used to set a deadline when reading from the FastCGI server. @@ -88,13 +88,22 @@ func (Transport) CaddyModule() caddy.ModuleInfo { // Provision sets up t. func (t *Transport) Provision(ctx caddy.Context) error { t.logger = ctx.Logger(t) + if t.Root == "" { t.Root = "{http.vars.root}" } + t.serverSoftware = "Caddy" if mod := caddy.GoModule(); mod.Version != "" { t.serverSoftware += "/" + mod.Version } + + // Set a relatively short default dial timeout. + // This is helpful to make load-balancer retries more speedy. + if t.DialTimeout == 0 { + t.DialTimeout = caddy.Duration(3 * time.Second) + } + return nil } diff --git a/modules/caddyhttp/reverseproxy/httptransport.go b/modules/caddyhttp/reverseproxy/httptransport.go index 35bc9478..f23504c7 100644 --- a/modules/caddyhttp/reverseproxy/httptransport.go +++ b/modules/caddyhttp/reverseproxy/httptransport.go @@ -63,28 +63,28 @@ type HTTPTransport struct { MaxConnsPerHost int `json:"max_conns_per_host,omitempty"` // How long to wait before timing out trying to connect to - // an upstream. + // an upstream. Default: `3s`. DialTimeout caddy.Duration `json:"dial_timeout,omitempty"` // How long to wait before spawning an RFC 6555 Fast Fallback - // connection. A negative value disables this. + // connection. A negative value disables this. Default: `300ms`. FallbackDelay caddy.Duration `json:"dial_fallback_delay,omitempty"` - // How long to wait for reading response headers from server. + // How long to wait for reading response headers from server. Default: No timeout. ResponseHeaderTimeout caddy.Duration `json:"response_header_timeout,omitempty"` // The length of time to wait for a server's first response // headers after fully writing the request headers if the - // request has a header "Expect: 100-continue". + // request has a header "Expect: 100-continue". Default: No timeout. ExpectContinueTimeout caddy.Duration `json:"expect_continue_timeout,omitempty"` - // The maximum bytes to read from response headers. + // The maximum bytes to read from response headers. Default: `10MiB`. MaxResponseHeaderSize int64 `json:"max_response_header_size,omitempty"` - // The size of the write buffer in bytes. + // The size of the write buffer in bytes. Default: `4KiB`. WriteBufferSize int `json:"write_buffer_size,omitempty"` - // The size of the read buffer in bytes. + // The size of the read buffer in bytes. Default: `4KiB`. ReadBufferSize int `json:"read_buffer_size,omitempty"` // The versions of HTTP to support. As a special case, "h2c" @@ -147,6 +147,21 @@ func (h *HTTPTransport) Provision(ctx caddy.Context) error { // NewTransport builds a standard-lib-compatible http.Transport value from h. func (h *HTTPTransport) NewTransport(ctx caddy.Context) (*http.Transport, error) { + // Set keep-alive defaults if it wasn't otherwise configured + if h.KeepAlive == nil { + h.KeepAlive = &KeepAlive{ + ProbeInterval: caddy.Duration(30 * time.Second), + IdleConnTimeout: caddy.Duration(2 * time.Minute), + MaxIdleConnsPerHost: 32, // seems about optimal, see #2805 + } + } + + // Set a relatively short default dial timeout. + // This is helpful to make load-balancer retries more speedy. + if h.DialTimeout == 0 { + h.DialTimeout = caddy.Duration(3 * time.Second) + } + dialer := &net.Dialer{ Timeout: time.Duration(h.DialTimeout), FallbackDelay: time.Duration(h.FallbackDelay), @@ -303,7 +318,7 @@ type TLSConfig struct { // option except in testing or local development environments. InsecureSkipVerify bool `json:"insecure_skip_verify,omitempty"` - // The duration to allow a TLS handshake to a server. + // The duration to allow a TLS handshake to a server. Default: No timeout. HandshakeTimeout caddy.Duration `json:"handshake_timeout,omitempty"` // The server name (SNI) to use in TLS handshakes. @@ -405,7 +420,7 @@ type KeepAlive struct { // Whether HTTP Keep-Alive is enabled. Default: true Enabled *bool `json:"enabled,omitempty"` - // How often to probe for liveness. + // How often to probe for liveness. Default: `30s`. ProbeInterval caddy.Duration `json:"probe_interval,omitempty"` // Maximum number of idle connections. Default: 0, which means no limit. @@ -414,7 +429,7 @@ type KeepAlive struct { // Maximum number of idle connections per host. Default: 32. MaxIdleConnsPerHost int `json:"max_idle_conns_per_host,omitempty"` - // How long connections should be kept alive when idle. Default: 0, which means no timeout. + // How long connections should be kept alive when idle. Default: `2m`. IdleConnTimeout caddy.Duration `json:"idle_timeout,omitempty"` } diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 36dfbfe6..c629ef6e 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -204,14 +204,7 @@ func (h *Handler) Provision(ctx caddy.Context) error { // set up transport if h.Transport == nil { - t := &HTTPTransport{ - KeepAlive: &KeepAlive{ - ProbeInterval: caddy.Duration(30 * time.Second), - IdleConnTimeout: caddy.Duration(2 * time.Minute), - MaxIdleConnsPerHost: 32, // seems about optimal, see #2805 - }, - DialTimeout: caddy.Duration(10 * time.Second), - } + t := &HTTPTransport{} err := t.Provision(ctx) if err != nil { return fmt.Errorf("provisioning default transport: %v", err) From 5e5af50e64a33ecd9c91aaa773d4f8428945ac74 Mon Sep 17 00:00:00 2001 From: Rainer Borene Date: Sun, 28 Nov 2021 19:22:26 -0300 Subject: [PATCH 0506/1498] caddyfile: make renew_interval option configurable (#4451) --- caddyconfig/httpcaddyfile/options.go | 1 + caddyconfig/httpcaddyfile/tlsapp.go | 8 ++++++++ .../integration/caddyfile_adapt/global_options_acme.txt | 2 ++ 3 files changed, 11 insertions(+) diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go index f693110e..91709cc0 100644 --- a/caddyconfig/httpcaddyfile/options.go +++ b/caddyconfig/httpcaddyfile/options.go @@ -34,6 +34,7 @@ func init() { RegisterGlobalOption("order", parseOptOrder) RegisterGlobalOption("storage", parseOptStorage) RegisterGlobalOption("storage_clean_interval", parseOptDuration) + RegisterGlobalOption("renew_interval", parseOptDuration) RegisterGlobalOption("acme_ca", parseOptSingleString) RegisterGlobalOption("acme_ca_root", parseOptSingleString) RegisterGlobalOption("acme_dns", parseOptACMEDNS) diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index 0fe1fc5f..b11addc4 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -286,6 +286,14 @@ func (st ServerType) buildTLSApp( tlsApp.Automation.StorageCleanInterval = storageCleanInterval } + // set the expired certificates renew interval if configured + if renewCheckInterval, ok := options["renew_interval"].(caddy.Duration); ok { + if tlsApp.Automation == nil { + tlsApp.Automation = new(caddytls.AutomationConfig) + } + tlsApp.Automation.RenewCheckInterval = renewCheckInterval + } + // if any hostnames appear on the same server block as a key with // no host, they will not be used with route matchers because the // hostless key matches all hosts, therefore, it wouldn't be diff --git a/caddytest/integration/caddyfile_adapt/global_options_acme.txt b/caddytest/integration/caddyfile_adapt/global_options_acme.txt index 36f317ab..58ade308 100644 --- a/caddytest/integration/caddyfile_adapt/global_options_acme.txt +++ b/caddytest/integration/caddyfile_adapt/global_options_acme.txt @@ -21,6 +21,7 @@ burst 20 } storage_clean_interval 7d + renew_interval 1d key_type ed25519 } @@ -82,6 +83,7 @@ }, "ask": "https://example.com" }, + "renew_interval": 86400000000000, "storage_clean_interval": 604800000000000 } } From 0eb0b60f47bddcf24f6af9265e60044033555ff2 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Sun, 28 Nov 2021 23:08:52 -0700 Subject: [PATCH 0507/1498] logging: Remove common_log field and single_field encoder (#4149) (#4282) --- caddyconfig/httpcaddyfile/builtins_test.go | 3 +- .../global_options_log_custom.txt | 4 - modules/caddyhttp/server.go | 9 -- modules/logging/encoders.go | 85 ------------------- 4 files changed, 1 insertion(+), 100 deletions(-) diff --git a/caddyconfig/httpcaddyfile/builtins_test.go b/caddyconfig/httpcaddyfile/builtins_test.go index 49623830..a28229b4 100644 --- a/caddyconfig/httpcaddyfile/builtins_test.go +++ b/caddyconfig/httpcaddyfile/builtins_test.go @@ -37,7 +37,6 @@ func TestLogDirectiveSyntax(t *testing.T) { format filter { wrap console fields { - common_log delete request>remote_addr ip_mask { ipv4 24 ipv6 32 @@ -47,7 +46,7 @@ func TestLogDirectiveSyntax(t *testing.T) { } } `, - output: `{"logging":{"logs":{"default":{"exclude":["http.log.access.log0"]},"log0":{"encoder":{"fields":{"common_log":{"filter":"delete"},"request\u003eremote_addr":{"filter":"ip_mask","ipv4_cidr":24,"ipv6_cidr":32}},"format":"filter","wrap":{"format":"console"}},"include":["http.log.access.log0"]}}},"apps":{"http":{"servers":{"srv0":{"listen":[":8080"],"logs":{"default_logger_name":"log0"}}}}}}`, + output: `{"logging":{"logs":{"default":{"exclude":["http.log.access.log0"]},"log0":{"encoder":{"fields":{"request\u003eremote_addr":{"filter":"ip_mask","ipv4_cidr":24,"ipv6_cidr":32}},"format":"filter","wrap":{"format":"console"}},"include":["http.log.access.log0"]}}},"apps":{"http":{"servers":{"srv0":{"listen":[":8080"],"logs":{"default_logger_name":"log0"}}}}}}`, expectError: false, }, { diff --git a/caddytest/integration/caddyfile_adapt/global_options_log_custom.txt b/caddytest/integration/caddyfile_adapt/global_options_log_custom.txt index abbca19f..e37e75e1 100644 --- a/caddytest/integration/caddyfile_adapt/global_options_log_custom.txt +++ b/caddytest/integration/caddyfile_adapt/global_options_log_custom.txt @@ -3,7 +3,6 @@ format filter { wrap console fields { - common_log delete request>remote_addr ip_mask { ipv4 24 ipv6 32 @@ -19,9 +18,6 @@ "custom-logger": { "encoder": { "fields": { - "common_log": { - "filter": "delete" - }, "request\u003eremote_addr": { "filter": "ip_mask", "ipv4_cidr": 24, diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index 26384af1..2ddec606 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -187,7 +187,6 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { userID, _ := repl.GetString("http.auth.user.id") log("handled request", - zap.String("common_log", repl.ReplaceAll(commonLogFormat, commonLogEmptyValue)), zap.String("user_id", userID), zap.Duration("duration", duration), zap.Int("size", wrec.Size()), @@ -627,14 +626,6 @@ func cloneURL(from, to *url.URL) { } } -const ( - // commonLogFormat is the common log format. https://en.wikipedia.org/wiki/Common_Log_Format - commonLogFormat = `{http.request.remote.host} ` + commonLogEmptyValue + ` {http.auth.user.id} [{time.now.common_log}] "{http.request.orig_method} {http.request.orig_uri} {http.request.proto}" {http.response.status} {http.response.size}` - - // commonLogEmptyValue is the common empty log value. - commonLogEmptyValue = "-" -) - // Context keys for HTTP request context values. const ( // For referencing the server instance diff --git a/modules/logging/encoders.go b/modules/logging/encoders.go index 1b5f4a6d..bc5fe210 100644 --- a/modules/logging/encoders.go +++ b/modules/logging/encoders.go @@ -15,9 +15,6 @@ package logging import ( - "encoding/json" - "fmt" - "strings" "time" "github.com/caddyserver/caddy/v2" @@ -30,7 +27,6 @@ import ( func init() { caddy.RegisterModule(ConsoleEncoder{}) caddy.RegisterModule(JSONEncoder{}) - caddy.RegisterModule(SingleFieldEncoder{}) } // ConsoleEncoder encodes log entries that are mostly human-readable. @@ -115,85 +111,6 @@ func (je *JSONEncoder) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return nil } -// SingleFieldEncoder writes a log entry that consists entirely -// of a single string field in the log entry. This is useful -// for custom, self-encoded log entries that consist of a -// single field in the structured log entry. -type SingleFieldEncoder struct { - zapcore.Encoder `json:"-"` - FieldName string `json:"field,omitempty"` - FallbackRaw json.RawMessage `json:"fallback,omitempty" caddy:"namespace=caddy.logging.encoders inline_key=format"` -} - -// CaddyModule returns the Caddy module information. -func (SingleFieldEncoder) CaddyModule() caddy.ModuleInfo { - return caddy.ModuleInfo{ - ID: "caddy.logging.encoders.single_field", - New: func() caddy.Module { return new(SingleFieldEncoder) }, - } -} - -// Provision sets up the encoder. -func (se *SingleFieldEncoder) Provision(ctx caddy.Context) error { - caddy.Log().Named("caddy.logging.encoders.single_field").Warn("the 'single_field' encoder is deprecated and will be removed soon!") - if se.FallbackRaw != nil { - val, err := ctx.LoadModule(se, "FallbackRaw") - if err != nil { - return fmt.Errorf("loading fallback encoder module: %v", err) - } - se.Encoder = val.(zapcore.Encoder) - } - if se.Encoder == nil { - se.Encoder = nopEncoder{} - } - return nil -} - -// Clone wraps the underlying encoder's Clone. This is -// necessary because we implement our own EncodeEntry, -// and if we simply let the embedded encoder's Clone -// be promoted, it would return a clone of that, and -// we'd lose our SingleFieldEncoder's EncodeEntry. -func (se SingleFieldEncoder) Clone() zapcore.Encoder { - return SingleFieldEncoder{ - Encoder: se.Encoder.Clone(), - FieldName: se.FieldName, - } -} - -// EncodeEntry partially implements the zapcore.Encoder interface. -func (se SingleFieldEncoder) EncodeEntry(ent zapcore.Entry, fields []zapcore.Field) (*buffer.Buffer, error) { - for _, f := range fields { - if f.Key == se.FieldName { - buf := bufferpool.Get() - buf.AppendString(f.String) - if !strings.HasSuffix(f.String, "\n") { - buf.AppendByte('\n') - } - return buf, nil - } - } - if se.Encoder == nil { - return nil, fmt.Errorf("no fallback encoder defined") - } - return se.Encoder.EncodeEntry(ent, fields) -} - -// UnmarshalCaddyfile sets up the module from Caddyfile tokens. Syntax: -// -// single_field -// -func (se *SingleFieldEncoder) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { - for d.Next() { - var fieldName string - if !d.AllArgs(&fieldName) { - return d.ArgErr() - } - se.FieldName = d.Val() - } - return nil -} - // LogEncoderConfig holds configuration common to most encoders. type LogEncoderConfig struct { MessageKey *string `json:"message_key,omitempty"` @@ -350,9 +267,7 @@ var bufferpool = buffer.NewPool() var ( _ zapcore.Encoder = (*ConsoleEncoder)(nil) _ zapcore.Encoder = (*JSONEncoder)(nil) - _ zapcore.Encoder = (*SingleFieldEncoder)(nil) _ caddyfile.Unmarshaler = (*ConsoleEncoder)(nil) _ caddyfile.Unmarshaler = (*JSONEncoder)(nil) - _ caddyfile.Unmarshaler = (*SingleFieldEncoder)(nil) ) From f55b123d63132e290789bcd07077375c76b6e1dd Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 29 Nov 2021 01:18:35 -0500 Subject: [PATCH 0508/1498] caddyhttp: Split up logged remote address into IP and port (#4403) --- admin.go | 8 +++++++- caddyconfig/httpcaddyfile/builtins_test.go | 4 ++-- .../caddyfile_adapt/global_options_log_custom.txt | 4 ++-- caddytest/integration/caddyfile_adapt/log_filters.txt | 4 ++-- modules/caddyhttp/marshalers.go | 10 +++++++++- 5 files changed, 22 insertions(+), 8 deletions(-) diff --git a/admin.go b/admin.go index 684526dd..6960de52 100644 --- a/admin.go +++ b/admin.go @@ -659,11 +659,17 @@ type adminHandler struct { // ServeHTTP is the external entry point for API requests. // It will only be called once per request. func (h adminHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { + ip, port, err := net.SplitHostPort(r.RemoteAddr) + if err != nil { + ip = r.RemoteAddr + port = "" + } log := Log().Named("admin.api").With( zap.String("method", r.Method), zap.String("host", r.Host), zap.String("uri", r.RequestURI), - zap.String("remote_addr", r.RemoteAddr), + zap.String("remote_ip", ip), + zap.String("remote_port", port), zap.Reflect("headers", r.Header), ) if r.TLS != nil { diff --git a/caddyconfig/httpcaddyfile/builtins_test.go b/caddyconfig/httpcaddyfile/builtins_test.go index a28229b4..991c649c 100644 --- a/caddyconfig/httpcaddyfile/builtins_test.go +++ b/caddyconfig/httpcaddyfile/builtins_test.go @@ -37,7 +37,7 @@ func TestLogDirectiveSyntax(t *testing.T) { format filter { wrap console fields { - request>remote_addr ip_mask { + request>remote_ip ip_mask { ipv4 24 ipv6 32 } @@ -46,7 +46,7 @@ func TestLogDirectiveSyntax(t *testing.T) { } } `, - output: `{"logging":{"logs":{"default":{"exclude":["http.log.access.log0"]},"log0":{"encoder":{"fields":{"request\u003eremote_addr":{"filter":"ip_mask","ipv4_cidr":24,"ipv6_cidr":32}},"format":"filter","wrap":{"format":"console"}},"include":["http.log.access.log0"]}}},"apps":{"http":{"servers":{"srv0":{"listen":[":8080"],"logs":{"default_logger_name":"log0"}}}}}}`, + output: `{"logging":{"logs":{"default":{"exclude":["http.log.access.log0"]},"log0":{"encoder":{"fields":{"request\u003eremote_ip":{"filter":"ip_mask","ipv4_cidr":24,"ipv6_cidr":32}},"format":"filter","wrap":{"format":"console"}},"include":["http.log.access.log0"]}}},"apps":{"http":{"servers":{"srv0":{"listen":[":8080"],"logs":{"default_logger_name":"log0"}}}}}}`, expectError: false, }, { diff --git a/caddytest/integration/caddyfile_adapt/global_options_log_custom.txt b/caddytest/integration/caddyfile_adapt/global_options_log_custom.txt index e37e75e1..b39cce9e 100644 --- a/caddytest/integration/caddyfile_adapt/global_options_log_custom.txt +++ b/caddytest/integration/caddyfile_adapt/global_options_log_custom.txt @@ -3,7 +3,7 @@ format filter { wrap console fields { - request>remote_addr ip_mask { + request>remote_ip ip_mask { ipv4 24 ipv6 32 } @@ -18,7 +18,7 @@ "custom-logger": { "encoder": { "fields": { - "request\u003eremote_addr": { + "request\u003eremote_ip": { "filter": "ip_mask", "ipv4_cidr": 24, "ipv6_cidr": 32 diff --git a/caddytest/integration/caddyfile_adapt/log_filters.txt b/caddytest/integration/caddyfile_adapt/log_filters.txt index 1bef4c21..5253529f 100644 --- a/caddytest/integration/caddyfile_adapt/log_filters.txt +++ b/caddytest/integration/caddyfile_adapt/log_filters.txt @@ -15,7 +15,7 @@ log { replace foo REDACTED delete bar } - request>remote_addr ip_mask { + request>remote_ip ip_mask { ipv4 24 ipv6 32 } @@ -64,7 +64,7 @@ log { "request\u003eheaders\u003eServer": { "filter": "delete" }, - "request\u003eremote_addr": { + "request\u003eremote_ip": { "filter": "ip_mask", "ipv4_cidr": 24, "ipv6_cidr": 32 diff --git a/modules/caddyhttp/marshalers.go b/modules/caddyhttp/marshalers.go index bbb703cc..c99c94ee 100644 --- a/modules/caddyhttp/marshalers.go +++ b/modules/caddyhttp/marshalers.go @@ -16,6 +16,7 @@ package caddyhttp import ( "crypto/tls" + "net" "net/http" "strings" @@ -27,7 +28,14 @@ type LoggableHTTPRequest struct{ *http.Request } // MarshalLogObject satisfies the zapcore.ObjectMarshaler interface. func (r LoggableHTTPRequest) MarshalLogObject(enc zapcore.ObjectEncoder) error { - enc.AddString("remote_addr", r.RemoteAddr) + ip, port, err := net.SplitHostPort(r.RemoteAddr) + if err != nil { + ip = r.RemoteAddr + port = "" + } + + enc.AddString("remote_ip", ip) + enc.AddString("remote_port", port) enc.AddString("proto", r.Proto) enc.AddString("method", r.Method) enc.AddString("host", r.Host) From ec14ccdd4075e46dd0235cc99ecfd92ed131c10a Mon Sep 17 00:00:00 2001 From: Tim Culverhouse Date: Mon, 29 Nov 2021 11:29:40 -0600 Subject: [PATCH 0509/1498] templates: fix inconsistent nested includes (#4452) --- .../caddyhttp/templates/frontmatter_fuzz.go | 1 + modules/caddyhttp/templates/tplcontext.go | 30 ++++--- .../caddyhttp/templates/tplcontext_test.go | 90 +++++++++++++++++++ 3 files changed, 109 insertions(+), 12 deletions(-) diff --git a/modules/caddyhttp/templates/frontmatter_fuzz.go b/modules/caddyhttp/templates/frontmatter_fuzz.go index 8d8427b0..361b4b62 100644 --- a/modules/caddyhttp/templates/frontmatter_fuzz.go +++ b/modules/caddyhttp/templates/frontmatter_fuzz.go @@ -12,6 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. +//go:build gofuzz // +build gofuzz package templates diff --git a/modules/caddyhttp/templates/tplcontext.go b/modules/caddyhttp/templates/tplcontext.go index b1646c12..4f3cbf50 100644 --- a/modules/caddyhttp/templates/tplcontext.go +++ b/modules/caddyhttp/templates/tplcontext.go @@ -91,7 +91,12 @@ func (c TemplateContext) OriginalReq() http.Request { // trusted files. If it is not trusted, be sure to use escaping functions // in your template. func (c TemplateContext) funcInclude(filename string, args ...interface{}) (string, error) { - bodyBuf, err := c.readFileToBuffer(filename) + + bodyBuf := bufPool.Get().(*bytes.Buffer) + bodyBuf.Reset() + defer bufPool.Put(bodyBuf) + + err := c.readFileToBuffer(filename, bodyBuf) if err != nil { return "", err @@ -107,28 +112,24 @@ func (c TemplateContext) funcInclude(filename string, args ...interface{}) (stri return bodyBuf.String(), nil } -// readFileToBuffer returns the contents of filename relative to root as a buffer -func (c TemplateContext) readFileToBuffer(filename string) (*bytes.Buffer, error) { +// readFileToBuffer reads a file into a buffer +func (c TemplateContext) readFileToBuffer(filename string, bodyBuf *bytes.Buffer) error { if c.Root == nil { - return nil, fmt.Errorf("root file system not specified") + return fmt.Errorf("root file system not specified") } file, err := c.Root.Open(filename) if err != nil { - return nil, err + return err } defer file.Close() - bodyBuf := bufPool.Get().(*bytes.Buffer) - bodyBuf.Reset() - defer bufPool.Put(bodyBuf) - _, err = io.Copy(bodyBuf, file) if err != nil { - return nil, err + return err } - return bodyBuf, nil + return nil } // funcHTTPInclude returns the body of a virtual (lightweight) request @@ -185,7 +186,12 @@ func (c TemplateContext) funcHTTPInclude(uri string) (string, error) { // {{ template }} from the standard template library. If the imported file has // no {{ define }} blocks, the name of the import will be the path func (c *TemplateContext) funcImport(filename string) (string, error) { - bodyBuf, err := c.readFileToBuffer(filename) + + bodyBuf := bufPool.Get().(*bytes.Buffer) + bodyBuf.Reset() + defer bufPool.Put(bodyBuf) + + err := c.readFileToBuffer(filename, bodyBuf) if err != nil { return "", err } diff --git a/modules/caddyhttp/templates/tplcontext_test.go b/modules/caddyhttp/templates/tplcontext_test.go index ddc8b99b..bd049751 100644 --- a/modules/caddyhttp/templates/tplcontext_test.go +++ b/modules/caddyhttp/templates/tplcontext_test.go @@ -18,6 +18,7 @@ import ( "bytes" "context" "fmt" + "io/ioutil" "net/http" "os" "path/filepath" @@ -187,6 +188,95 @@ func TestImport(t *testing.T) { } } +func TestNestedInclude(t *testing.T) { + for i, test := range []struct { + child string + childFile string + parent string + parentFile string + shouldErr bool + expect string + child2 string + child2File string + }{ + { + // include in parent + child: `{{ include "file1" }}`, + childFile: "file0", + parent: `{{ $content := "file2" }}{{ $p := include $content}}`, + parentFile: "file1", + shouldErr: false, + expect: ``, + child2: `This shouldn't show`, + child2File: "file2", + }, + } { + context := getContextOrFail(t) + var absFilePath string + var absFilePath0 string + var absFilePath1 string + var buf *bytes.Buffer + var err error + + // create files and for test case + if test.parentFile != "" { + absFilePath = filepath.Join(fmt.Sprintf("%s", context.Root), test.parentFile) + if err := ioutil.WriteFile(absFilePath, []byte(test.parent), os.ModePerm); err != nil { + os.Remove(absFilePath) + t.Fatalf("Test %d: Expected no error creating file, got: '%s'", i, err.Error()) + } + } + if test.childFile != "" { + absFilePath0 = filepath.Join(fmt.Sprintf("%s", context.Root), test.childFile) + if err := ioutil.WriteFile(absFilePath0, []byte(test.child), os.ModePerm); err != nil { + os.Remove(absFilePath0) + t.Fatalf("Test %d: Expected no error creating file, got: '%s'", i, err.Error()) + } + } + if test.child2File != "" { + absFilePath1 = filepath.Join(fmt.Sprintf("%s", context.Root), test.child2File) + if err := ioutil.WriteFile(absFilePath1, []byte(test.child2), os.ModePerm); err != nil { + os.Remove(absFilePath0) + t.Fatalf("Test %d: Expected no error creating file, got: '%s'", i, err.Error()) + } + } + + buf = bufPool.Get().(*bytes.Buffer) + buf.Reset() + defer bufPool.Put(buf) + buf.WriteString(test.child) + err = context.executeTemplateInBuffer(test.childFile, buf) + + if err != nil { + if !test.shouldErr { + t.Errorf("Test %d: Expected no error, got: '%s'", i, err) + } + } else if test.shouldErr { + t.Errorf("Test %d: Expected error but had none", i) + } else if buf.String() != test.expect { + // + t.Errorf("Test %d: Expected '%s' but got '%s'", i, test.expect, buf.String()) + + } + + if absFilePath != "" { + if err := os.Remove(absFilePath); err != nil && !os.IsNotExist(err) { + t.Fatalf("Test %d: Expected no error removing temporary test file, got: %v", i, err) + } + } + if absFilePath0 != "" { + if err := os.Remove(absFilePath0); err != nil && !os.IsNotExist(err) { + t.Fatalf("Test %d: Expected no error removing temporary test file, got: %v", i, err) + } + } + if absFilePath1 != "" { + if err := os.Remove(absFilePath1); err != nil && !os.IsNotExist(err) { + t.Fatalf("Test %d: Expected no error removing temporary test file, got: %v", i, err) + } + } + } +} + func TestInclude(t *testing.T) { for i, test := range []struct { fileContent string From c13315344762a067b61b0d9585db46bf2ed242a6 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 29 Nov 2021 19:15:41 -0500 Subject: [PATCH 0510/1498] go.mod: Update to latest smallstep/truststore, support FreeBSD (#4453) --- go.mod | 2 +- go.sum | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index d6e4eb40..f966fd2c 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( github.com/smallstep/certificates v0.17.5-0.20211008195551-04fe3126bebf github.com/smallstep/cli v0.17.6 github.com/smallstep/nosql v0.3.8 - github.com/smallstep/truststore v0.9.6 + github.com/smallstep/truststore v0.10.0 github.com/yuin/goldmark v1.4.1 github.com/yuin/goldmark-highlighting v0.0.0-20210516132338-9216f9c5aa01 go.uber.org/zap v1.19.0 diff --git a/go.sum b/go.sum index c5557d83..ea163cc8 100644 --- a/go.sum +++ b/go.sum @@ -830,8 +830,9 @@ github.com/smallstep/cli v0.17.6 h1:0npb8eQGDgEBPziYXb9tW4f4S5jt8aRRmEJvs97oh+Y= github.com/smallstep/cli v0.17.6/go.mod h1:IZoK7eNA/r6cTN9GCd6+M1omgb5Ic8mJjHHH9Bh078U= github.com/smallstep/nosql v0.3.8 h1:1/EWUbbEdz9ai0g9Fd09VekVjtxp+5+gIHpV2PdwW3o= github.com/smallstep/nosql v0.3.8/go.mod h1:X2qkYpNcW3yjLUvhEHfgGfClpKbFPapewvx7zo4TOFs= -github.com/smallstep/truststore v0.9.6 h1:vNzEJmaJL0XOZD8uouXLmYu4/aP1UQ/wHUopH3qKeYA= github.com/smallstep/truststore v0.9.6/go.mod h1:HwHKRcBi0RUxxw1LYDpTRhYC4jZUuxPpkHdVonlkoDM= +github.com/smallstep/truststore v0.10.0 h1:6Kgtws0kSNusLtxdA+NYdUh0gmEjZAgTqy2OsRuyYyU= +github.com/smallstep/truststore v0.10.0/go.mod h1:HwHKRcBi0RUxxw1LYDpTRhYC4jZUuxPpkHdVonlkoDM= github.com/smallstep/zcrypto v0.0.0-20210924233136-66c2600f6e71/go.mod h1:+F24VU3UCxfVFvvqgm5jNUFQOm/L6ed13ImwWGFgg/g= github.com/smallstep/zlint v0.0.0-20180727184541-d84eaafe274f/go.mod h1:GeHHT7sJDI9ti3oEaFnvx1F4N8n3ZSw2YM1+sbEoxc4= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= From 8e5aafa5cdb0bd6ad062014172ed21fdc1012cc1 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Thu, 2 Dec 2021 15:23:19 -0500 Subject: [PATCH 0511/1498] fastcgi: Fix a TODO, prevent zap using reflection for logging env (#4437) * fastcgi: Fix a TODO, prevent zap using reflection for logging env * Update modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go Co-authored-by: Mohammed Al Sahaf Co-authored-by: Mohammed Al Sahaf --- .../caddyhttp/reverseproxy/fastcgi/fastcgi.go | 21 +++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go b/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go index 05b776da..5404424d 100644 --- a/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go +++ b/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go @@ -29,6 +29,7 @@ import ( "github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy" "github.com/caddyserver/caddy/v2/modules/caddytls" "go.uber.org/zap" + "go.uber.org/zap/zapcore" "github.com/caddyserver/caddy/v2" ) @@ -132,7 +133,7 @@ func (t Transport) RoundTrip(r *http.Request) (*http.Response, error) { t.logger.Debug("roundtrip", zap.Object("request", caddyhttp.LoggableHTTPRequest{Request: r}), zap.String("dial", address), - zap.Any("env", env), // TODO: this uses reflection I think + zap.Object("env", env), ) fcgiBackend, err := DialContext(ctx, network, address) @@ -171,10 +172,10 @@ func (t Transport) RoundTrip(r *http.Request) (*http.Response, error) { } // buildEnv returns a set of CGI environment variables for the request. -func (t Transport) buildEnv(r *http.Request) (map[string]string, error) { +func (t Transport) buildEnv(r *http.Request) (envVars, error) { repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) - var env map[string]string + var env envVars // Separate remote IP and port; more lenient than net.SplitHostPort var ip, port string @@ -259,7 +260,7 @@ func (t Transport) buildEnv(r *http.Request) (map[string]string, error) { // Some variables are unused but cleared explicitly to prevent // the parent environment from interfering. - env = map[string]string{ + env = envVars{ // Variables defined in CGI 1.1 spec "AUTH_TYPE": "", // Not used "CONTENT_LENGTH": r.Header.Get("Content-Length"), @@ -353,6 +354,16 @@ func (t Transport) splitPos(path string) int { return -1 } +// envVars is a simple type to allow for speeding up zap log encoding. +type envVars map[string]string + +func (env envVars) MarshalLogObject(enc zapcore.ObjectEncoder) error { + for k, v := range env { + enc.AddString(k, v) + } + return nil +} + // Map of supported protocols to Apache ssl_mod format // Note that these are slightly different from SupportedProtocols in caddytls/config.go var tlsProtocolStrings = map[uint16]string{ @@ -366,6 +377,8 @@ var headerNameReplacer = strings.NewReplacer(" ", "_", "-", "_") // Interface guards var ( + _ zapcore.ObjectMarshaler = (*envVars)(nil) + _ caddy.Provisioner = (*Transport)(nil) _ http.RoundTripper = (*Transport)(nil) ) From 5bf0adad8748e96e10529d5fc5777afc9236a7b5 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Thu, 2 Dec 2021 15:26:24 -0500 Subject: [PATCH 0512/1498] caddyhttp: Make logging of credential headers opt-in (#4438) --- caddyconfig/httpcaddyfile/serveroptions.go | 31 ++++++++++++----- .../global_server_options_single.txt | 4 +++ modules/caddyhttp/marshalers.go | 33 +++++++++++++------ modules/caddyhttp/push/handler.go | 7 +++- .../caddyhttp/reverseproxy/reverseproxy.go | 13 ++++++-- modules/caddyhttp/server.go | 17 ++++++++-- 6 files changed, 81 insertions(+), 24 deletions(-) diff --git a/caddyconfig/httpcaddyfile/serveroptions.go b/caddyconfig/httpcaddyfile/serveroptions.go index 9e94b863..623f4d7c 100644 --- a/caddyconfig/httpcaddyfile/serveroptions.go +++ b/caddyconfig/httpcaddyfile/serveroptions.go @@ -33,15 +33,16 @@ type serverOptions struct { ListenerAddress string // These will all map 1:1 to the caddyhttp.Server struct - ListenerWrappersRaw []json.RawMessage - ReadTimeout caddy.Duration - ReadHeaderTimeout caddy.Duration - WriteTimeout caddy.Duration - IdleTimeout caddy.Duration - MaxHeaderBytes int - AllowH2C bool - ExperimentalHTTP3 bool - StrictSNIHost *bool + ListenerWrappersRaw []json.RawMessage + ReadTimeout caddy.Duration + ReadHeaderTimeout caddy.Duration + WriteTimeout caddy.Duration + IdleTimeout caddy.Duration + MaxHeaderBytes int + AllowH2C bool + ExperimentalHTTP3 bool + StrictSNIHost *bool + ShouldLogCredentials bool } func unmarshalCaddyfileServerOptions(d *caddyfile.Dispenser) (interface{}, error) { @@ -134,6 +135,12 @@ func unmarshalCaddyfileServerOptions(d *caddyfile.Dispenser) (interface{}, error } serverOpts.MaxHeaderBytes = int(size) + case "log_credentials": + if d.NextArg() { + return nil, d.ArgErr() + } + serverOpts.ShouldLogCredentials = true + case "protocol": for nesting := d.Nesting(); d.NextBlock(nesting); { switch d.Val() { @@ -222,6 +229,12 @@ func applyServerOptions( server.AllowH2C = opts.AllowH2C server.ExperimentalHTTP3 = opts.ExperimentalHTTP3 server.StrictSNIHost = opts.StrictSNIHost + if opts.ShouldLogCredentials { + if server.Logs == nil { + server.Logs = &caddyhttp.ServerLogConfig{} + } + server.Logs.ShouldLogCredentials = opts.ShouldLogCredentials + } } return nil diff --git a/caddytest/integration/caddyfile_adapt/global_server_options_single.txt b/caddytest/integration/caddyfile_adapt/global_server_options_single.txt index d81d0323..fb0af2c3 100644 --- a/caddytest/integration/caddyfile_adapt/global_server_options_single.txt +++ b/caddytest/integration/caddyfile_adapt/global_server_options_single.txt @@ -10,6 +10,7 @@ idle 30s } max_header_size 100MB + log_credentials protocol { allow_h2c experimental_http3 @@ -53,6 +54,9 @@ foo.com { } ], "strict_sni_host": true, + "logs": { + "should_log_credentials": true + }, "experimental_http3": true, "allow_h2c": true } diff --git a/modules/caddyhttp/marshalers.go b/modules/caddyhttp/marshalers.go index c99c94ee..e6fc3a61 100644 --- a/modules/caddyhttp/marshalers.go +++ b/modules/caddyhttp/marshalers.go @@ -24,7 +24,11 @@ import ( ) // LoggableHTTPRequest makes an HTTP request loggable with zap.Object(). -type LoggableHTTPRequest struct{ *http.Request } +type LoggableHTTPRequest struct { + *http.Request + + ShouldLogCredentials bool +} // MarshalLogObject satisfies the zapcore.ObjectMarshaler interface. func (r LoggableHTTPRequest) MarshalLogObject(enc zapcore.ObjectEncoder) error { @@ -40,7 +44,10 @@ func (r LoggableHTTPRequest) MarshalLogObject(enc zapcore.ObjectEncoder) error { enc.AddString("method", r.Method) enc.AddString("host", r.Host) enc.AddString("uri", r.RequestURI) - enc.AddObject("headers", LoggableHTTPHeader(r.Header)) + enc.AddObject("headers", LoggableHTTPHeader{ + Header: r.Header, + ShouldLogCredentials: r.ShouldLogCredentials, + }) if r.TLS != nil { enc.AddObject("tls", LoggableTLSConnState(*r.TLS)) } @@ -48,19 +55,25 @@ func (r LoggableHTTPRequest) MarshalLogObject(enc zapcore.ObjectEncoder) error { } // LoggableHTTPHeader makes an HTTP header loggable with zap.Object(). -// Headers with potentially sensitive information (Cookie, Authorization, -// and Proxy-Authorization) are logged with empty values. -type LoggableHTTPHeader http.Header +// Headers with potentially sensitive information (Cookie, Set-Cookie, +// Authorization, and Proxy-Authorization) are logged with empty values. +type LoggableHTTPHeader struct { + http.Header + + ShouldLogCredentials bool +} // MarshalLogObject satisfies the zapcore.ObjectMarshaler interface. func (h LoggableHTTPHeader) MarshalLogObject(enc zapcore.ObjectEncoder) error { - if h == nil { + if h.Header == nil { return nil } - for key, val := range h { - switch strings.ToLower(key) { - case "cookie", "authorization", "proxy-authorization": - val = []string{} + for key, val := range h.Header { + if !h.ShouldLogCredentials { + switch strings.ToLower(key) { + case "cookie", "set-cookie", "authorization", "proxy-authorization": + val = []string{} + } } enc.AddArray(key, LoggableStringArray(val)) } diff --git a/modules/caddyhttp/push/handler.go b/modules/caddyhttp/push/handler.go index a89c0cd8..75442be1 100644 --- a/modules/caddyhttp/push/handler.go +++ b/modules/caddyhttp/push/handler.go @@ -69,6 +69,8 @@ func (h Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhtt } repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) + server := r.Context().Value(caddyhttp.ServerCtxKey).(*caddyhttp.Server) + shouldLogCredentials := server.Logs != nil && server.Logs.ShouldLogCredentials // create header for push requests hdr := h.initializePushHeaders(r, repl) @@ -79,7 +81,10 @@ func (h Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhtt zap.String("uri", r.RequestURI), zap.String("push_method", resource.Method), zap.String("push_target", resource.Target), - zap.Object("push_headers", caddyhttp.LoggableHTTPHeader(hdr))) + zap.Object("push_headers", caddyhttp.LoggableHTTPHeader{ + Header: hdr, + ShouldLogCredentials: shouldLogCredentials, + })) err := pusher.Push(repl.ReplaceAll(resource.Target, "."), &http.PushOptions{ Method: resource.Method, Header: hdr, diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index c629ef6e..b4189535 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -574,6 +574,9 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, repl * // point the request to this upstream h.directRequest(req, di) + server := req.Context().Value(caddyhttp.ServerCtxKey).(*caddyhttp.Server) + shouldLogCredentials := server.Logs != nil && server.Logs.ShouldLogCredentials + // do the round-trip; emit debug log with values we know are // safe, or if there is no error, emit fuller log entry start := time.Now() @@ -582,14 +585,20 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, repl * logger := h.logger.With( zap.String("upstream", di.Upstream.String()), zap.Duration("duration", duration), - zap.Object("request", caddyhttp.LoggableHTTPRequest{Request: req}), + zap.Object("request", caddyhttp.LoggableHTTPRequest{ + Request: req, + ShouldLogCredentials: shouldLogCredentials, + }), ) if err != nil { logger.Debug("upstream roundtrip", zap.Error(err)) return err } logger.Debug("upstream roundtrip", - zap.Object("headers", caddyhttp.LoggableHTTPHeader(res.Header)), + zap.Object("headers", caddyhttp.LoggableHTTPHeader{ + Header: res.Header, + ShouldLogCredentials: shouldLogCredentials, + }), zap.Int("status", res.StatusCode)) // duration until upstream wrote response headers (roundtrip duration) diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index 2ddec606..98fd9621 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -157,7 +157,11 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { // it enters any handler chain; this is necessary // to capture the original request in case it gets // modified during handling - loggableReq := zap.Object("request", LoggableHTTPRequest{r}) + shouldLogCredentials := s.Logs != nil && s.Logs.ShouldLogCredentials + loggableReq := zap.Object("request", LoggableHTTPRequest{ + Request: r, + ShouldLogCredentials: shouldLogCredentials, + }) errLog := s.errorLogger.With(loggableReq) var duration time.Duration @@ -191,7 +195,10 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { zap.Duration("duration", duration), zap.Int("size", wrec.Size()), zap.Int("status", wrec.Status()), - zap.Object("resp_headers", LoggableHTTPHeader(wrec.Header())), + zap.Object("resp_headers", LoggableHTTPHeader{ + Header: wrec.Header(), + ShouldLogCredentials: shouldLogCredentials, + }), ) }() } @@ -508,6 +515,12 @@ type ServerLogConfig struct { // If true, requests to any host not appearing in the // LoggerNames (logger_names) map will not be logged. SkipUnmappedHosts bool `json:"skip_unmapped_hosts,omitempty"` + + // If true, credentials that are otherwise omitted, will be logged. + // The definition of credentials is defined by https://fetch.spec.whatwg.org/#credentials, + // and this includes some request and response headers, i.e `Cookie`, + // `Set-Cookie`, `Authorization`, and `Proxy-Authorization`. + ShouldLogCredentials bool `json:"should_log_credentials,omitempty"` } // wrapLogger wraps logger in a logger named according to user preferences for the given host. From a1b417c832b4ab3dab9eaa9690e1d07672a949b8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Dunglas?= Date: Thu, 2 Dec 2021 21:51:37 +0100 Subject: [PATCH 0513/1498] logging: add support for hashing data (#4434) * logging: add support for hashing data * Update modules/logging/filters.go Co-authored-by: wiese * Update modules/logging/filters.go Co-authored-by: wiese Co-authored-by: wiese --- .../caddyfile_adapt/log_filters.txt | 14 ++++ modules/logging/filters.go | 80 ++++++++++++++++--- modules/logging/filters_test.go | 19 ++++- 3 files changed, 100 insertions(+), 13 deletions(-) diff --git a/caddytest/integration/caddyfile_adapt/log_filters.txt b/caddytest/integration/caddyfile_adapt/log_filters.txt index 5253529f..776fa68d 100644 --- a/caddytest/integration/caddyfile_adapt/log_filters.txt +++ b/caddytest/integration/caddyfile_adapt/log_filters.txt @@ -8,18 +8,21 @@ log { uri query { replace foo REDACTED delete bar + hash baz } request>headers>Authorization replace REDACTED request>headers>Server delete request>headers>Cookie cookie { replace foo REDACTED delete bar + hash baz } request>remote_ip ip_mask { ipv4 24 ipv6 32 } request>headers>Regexp regexp secret REDACTED + request>headers>Hash hash } } } @@ -52,10 +55,17 @@ log { { "name": "bar", "type": "delete" + }, + { + "name": "baz", + "type": "hash" } ], "filter": "cookie" }, + "request\u003eheaders\u003eHash": { + "filter": "hash" + }, "request\u003eheaders\u003eRegexp": { "filter": "regexp", "regexp": "secret", @@ -79,6 +89,10 @@ log { { "parameter": "bar", "type": "delete" + }, + { + "parameter": "baz", + "type": "hash" } ], "filter": "query" diff --git a/modules/logging/filters.go b/modules/logging/filters.go index ded08acb..af64cc4b 100644 --- a/modules/logging/filters.go +++ b/modules/logging/filters.go @@ -15,7 +15,9 @@ package logging import ( + "crypto/sha256" "errors" + "fmt" "net" "net/http" "net/url" @@ -34,6 +36,7 @@ func init() { caddy.RegisterModule(QueryFilter{}) caddy.RegisterModule(CookieFilter{}) caddy.RegisterModule(RegexpFilter{}) + caddy.RegisterModule(HashFilter{}) } // LogFieldFilter can filter (or manipulate) @@ -65,6 +68,35 @@ func (DeleteFilter) Filter(in zapcore.Field) zapcore.Field { return in } +// hash returns the first 4 bytes of the SHA-256 hash of the given data as hexadecimal +func hash(s string) string { + return fmt.Sprintf("%.4x", sha256.Sum256([]byte(s))) +} + +// HashFilter is a Caddy log field filter that +// replaces the field with the initial 4 bytes of the SHA-256 hash of the content. +type HashFilter struct { +} + +// CaddyModule returns the Caddy module information. +func (HashFilter) CaddyModule() caddy.ModuleInfo { + return caddy.ModuleInfo{ + ID: "caddy.logging.encoders.filter.hash", + New: func() caddy.Module { return new(HashFilter) }, + } +} + +// UnmarshalCaddyfile sets up the module from Caddyfile tokens. +func (f *HashFilter) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + return nil +} + +// Filter filters the input field with the replacement value. +func (f *HashFilter) Filter(in zapcore.Field) zapcore.Field { + in.String = hash(in.String) + return in +} + // ReplaceFilter is a Caddy log field filter that // replaces the field with the indicated string. type ReplaceFilter struct { @@ -195,15 +227,19 @@ func (m IPMaskFilter) Filter(in zapcore.Field) zapcore.Field { type filterAction string const ( - // Replace value(s) of query parameter(s). + // Replace value(s). replaceAction filterAction = "replace" - // Delete query parameter(s). + + // Hash value(s). + hashAction filterAction = "hash" + + // Delete. deleteAction filterAction = "delete" ) func (a filterAction) IsValid() error { switch a { - case replaceAction, deleteAction: + case replaceAction, deleteAction, hashAction: return nil } @@ -211,7 +247,7 @@ func (a filterAction) IsValid() error { } type queryFilterAction struct { - // `replace` to replace the value(s) associated with the parameter(s) or `delete` to remove them entirely. + // `replace` to replace the value(s) associated with the parameter(s), `hash` to replace them with the 4 initial bytes of the SHA-256 of their content or `delete` to remove them entirely. Type filterAction `json:"type"` // The name of the query parameter. @@ -224,9 +260,9 @@ type queryFilterAction struct { // QueryFilter is a Caddy log field filter that filters // query parameters from a URL. // -// This filter updates the logged URL string to remove or replace query -// parameters containing sensitive data. For instance, it can be used -// to redact any kind of secrets which were passed as query parameters, +// This filter updates the logged URL string to remove, replace or hash +// query parameters containing sensitive data. For instance, it can be +// used to redact any kind of secrets which were passed as query parameters, // such as OAuth access tokens, session IDs, magic link tokens, etc. type QueryFilter struct { // A list of actions to apply to the query parameters of the URL. @@ -271,6 +307,14 @@ func (m *QueryFilter) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { } qfa.Value = d.Val() + case "hash": + if !d.NextArg() { + return d.ArgErr() + } + + qfa.Type = hashAction + qfa.Parameter = d.Val() + case "delete": if !d.NextArg() { return d.ArgErr() @@ -304,6 +348,11 @@ func (m QueryFilter) Filter(in zapcore.Field) zapcore.Field { q[a.Parameter][i] = a.Value } + case hashAction: + for i := range q[a.Parameter] { + q[a.Parameter][i] = hash(a.Value) + } + case deleteAction: q.Del(a.Parameter) } @@ -316,7 +365,7 @@ func (m QueryFilter) Filter(in zapcore.Field) zapcore.Field { } type cookieFilterAction struct { - // `replace` to replace the value of the cookie or `delete` to remove it entirely. + // `replace` to replace the value of the cookie, `hash` to replace it with the 4 initial bytes of the SHA-256 of its content or `delete` to remove it entirely. Type filterAction `json:"type"` // The name of the cookie. @@ -330,7 +379,7 @@ type cookieFilterAction struct { // cookies. // // This filter updates the logged HTTP header string -// to remove or replace cookies containing sensitive data. For instance, +// to remove, replace or hash cookies containing sensitive data. For instance, // it can be used to redact any kind of secrets, such as session IDs. // // If several actions are configured for the same cookie name, only the first @@ -378,6 +427,14 @@ func (m *CookieFilter) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { } cfa.Value = d.Val() + case "hash": + if !d.NextArg() { + return d.ArgErr() + } + + cfa.Type = hashAction + cfa.Name = d.Val() + case "delete": if !d.NextArg() { return d.ArgErr() @@ -415,6 +472,11 @@ OUTER: transformedRequest.AddCookie(c) continue OUTER + case hashAction: + c.Value = hash(c.Value) + transformedRequest.AddCookie(c) + continue OUTER + case deleteAction: continue OUTER } diff --git a/modules/logging/filters_test.go b/modules/logging/filters_test.go index 99289c3e..ecf1d877 100644 --- a/modules/logging/filters_test.go +++ b/modules/logging/filters_test.go @@ -13,14 +13,15 @@ func TestQueryFilter(t *testing.T) { {replaceAction, "notexist", "REDACTED"}, {deleteAction, "bar", ""}, {deleteAction, "notexist", ""}, + {hashAction, "hash", ""}, }} if f.Validate() != nil { t.Fatalf("the filter must be valid") } - out := f.Filter(zapcore.Field{String: "/path?foo=a&foo=b&bar=c&bar=d&baz=e"}) - if out.String != "/path?baz=e&foo=REDACTED&foo=REDACTED" { + out := f.Filter(zapcore.Field{String: "/path?foo=a&foo=b&bar=c&bar=d&baz=e&hash=hashed"}) + if out.String != "/path?baz=e&foo=REDACTED&foo=REDACTED&hash=e3b0c442" { t.Fatalf("query parameters have not been filtered: %s", out.String) } } @@ -45,10 +46,11 @@ func TestCookieFilter(t *testing.T) { f := CookieFilter{[]cookieFilterAction{ {replaceAction, "foo", "REDACTED"}, {deleteAction, "bar", ""}, + {hashAction, "hash", ""}, }} - out := f.Filter(zapcore.Field{String: "foo=a; foo=b; bar=c; bar=d; baz=e"}) - if out.String != "foo=REDACTED; foo=REDACTED; baz=e" { + out := f.Filter(zapcore.Field{String: "foo=a; foo=b; bar=c; bar=d; baz=e; hash=hashed"}) + if out.String != "foo=REDACTED; foo=REDACTED; baz=e; hash=1a06df82" { t.Fatalf("cookies have not been filtered: %s", out.String) } } @@ -78,3 +80,12 @@ func TestRegexpFilter(t *testing.T) { t.Fatalf("field has not been filtered: %s", out.String) } } + +func TestHashFilter(t *testing.T) { + f := HashFilter{} + + out := f.Filter(zapcore.Field{String: "foo"}) + if out.String != "2c26b46b" { + t.Fatalf("field has not been filtered: %s", out.String) + } +} From dce81e85d5dad5f3610f775a0d29544b6b1d2b61 Mon Sep 17 00:00:00 2001 From: Adam Burgess Date: Mon, 6 Dec 2021 17:48:40 +1100 Subject: [PATCH 0514/1498] docs: use backticks to not italicise glob path (#4460) --- modules/caddyhttp/fileserver/staticfiles.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/caddyhttp/fileserver/staticfiles.go b/modules/caddyhttp/fileserver/staticfiles.go index 3e096e1f..01146078 100644 --- a/modules/caddyhttp/fileserver/staticfiles.go +++ b/modules/caddyhttp/fileserver/staticfiles.go @@ -46,7 +46,7 @@ type FileServer struct { Root string `json:"root,omitempty"` // A list of files or folders to hide; the file server will pretend as if - // they don't exist. Accepts globular patterns like "*.ext" or "/foo/*/bar" + // they don't exist. Accepts globular patterns like `*.ext` or `/foo/*/bar` // as well as placeholders. Because site roots can be dynamic, this list // uses file system paths, not request paths. To clarify, the base of // relative paths is the current working directory, NOT the site root. From e90d7517322b8092f3bdad832565a4213cab5a1a Mon Sep 17 00:00:00 2001 From: Runzhi He <46741383+12f23eddde@users.noreply.github.com> Date: Wed, 8 Dec 2021 01:03:58 +0800 Subject: [PATCH 0515/1498] caddyfile: impove fmt warning message (#4444) Co-authored-by: Francis Lavoie --- caddyconfig/caddyfile/adapter.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/caddyconfig/caddyfile/adapter.go b/caddyconfig/caddyfile/adapter.go index 5b80df3f..55d7253a 100644 --- a/caddyconfig/caddyfile/adapter.go +++ b/caddyconfig/caddyfile/adapter.go @@ -88,7 +88,7 @@ func formattingDifference(filename string, body []byte) (caddyconfig.Warning, bo return caddyconfig.Warning{ File: filename, Line: line, - Message: "input is not formatted with 'caddy fmt'", + Message: "Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies", }, true } From 4906b9357a89fe7f41d037bfc6a896479236740f Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Thu, 9 Dec 2021 15:57:26 -0500 Subject: [PATCH 0516/1498] go.mod: Update smallstep/truststore, fix build on FreeBSD (#4473) --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index f966fd2c..02cf0b75 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( github.com/smallstep/certificates v0.17.5-0.20211008195551-04fe3126bebf github.com/smallstep/cli v0.17.6 github.com/smallstep/nosql v0.3.8 - github.com/smallstep/truststore v0.10.0 + github.com/smallstep/truststore v0.10.1 github.com/yuin/goldmark v1.4.1 github.com/yuin/goldmark-highlighting v0.0.0-20210516132338-9216f9c5aa01 go.uber.org/zap v1.19.0 diff --git a/go.sum b/go.sum index ea163cc8..db7f6795 100644 --- a/go.sum +++ b/go.sum @@ -831,8 +831,8 @@ github.com/smallstep/cli v0.17.6/go.mod h1:IZoK7eNA/r6cTN9GCd6+M1omgb5Ic8mJjHHH9 github.com/smallstep/nosql v0.3.8 h1:1/EWUbbEdz9ai0g9Fd09VekVjtxp+5+gIHpV2PdwW3o= github.com/smallstep/nosql v0.3.8/go.mod h1:X2qkYpNcW3yjLUvhEHfgGfClpKbFPapewvx7zo4TOFs= github.com/smallstep/truststore v0.9.6/go.mod h1:HwHKRcBi0RUxxw1LYDpTRhYC4jZUuxPpkHdVonlkoDM= -github.com/smallstep/truststore v0.10.0 h1:6Kgtws0kSNusLtxdA+NYdUh0gmEjZAgTqy2OsRuyYyU= -github.com/smallstep/truststore v0.10.0/go.mod h1:HwHKRcBi0RUxxw1LYDpTRhYC4jZUuxPpkHdVonlkoDM= +github.com/smallstep/truststore v0.10.1 h1:+0OUcVAfDzYXw5GUbdOz///6oMNrcPosnztITXLICS8= +github.com/smallstep/truststore v0.10.1/go.mod h1:HwHKRcBi0RUxxw1LYDpTRhYC4jZUuxPpkHdVonlkoDM= github.com/smallstep/zcrypto v0.0.0-20210924233136-66c2600f6e71/go.mod h1:+F24VU3UCxfVFvvqgm5jNUFQOm/L6ed13ImwWGFgg/g= github.com/smallstep/zlint v0.0.0-20180727184541-d84eaafe274f/go.mod h1:GeHHT7sJDI9ti3oEaFnvx1F4N8n3ZSw2YM1+sbEoxc4= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= From 6f9b6ad78e6b9a40afbf12e53017e39abee90a6d Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Fri, 10 Dec 2021 14:58:53 -0500 Subject: [PATCH 0517/1498] go.mod: Update smallstep/certificates, no longer need replace (#4475) --- go.mod | 10 +++------- go.sum | 50 ++++++++++++++++++++++++++++++-------------------- 2 files changed, 33 insertions(+), 27 deletions(-) diff --git a/go.mod b/go.mod index 02cf0b75..01f8f3e8 100644 --- a/go.mod +++ b/go.mod @@ -18,9 +18,9 @@ require ( github.com/naoina/go-stringutil v0.1.0 // indirect github.com/naoina/toml v0.1.1 github.com/prometheus/client_golang v1.11.0 - github.com/smallstep/certificates v0.17.5-0.20211008195551-04fe3126bebf - github.com/smallstep/cli v0.17.6 - github.com/smallstep/nosql v0.3.8 + github.com/smallstep/certificates v0.18.0 + github.com/smallstep/cli v0.18.0 + github.com/smallstep/nosql v0.3.9 github.com/smallstep/truststore v0.10.1 github.com/yuin/goldmark v1.4.1 github.com/yuin/goldmark-highlighting v0.0.0-20210516132338-9216f9c5aa01 @@ -33,7 +33,3 @@ require ( gopkg.in/natefinch/lumberjack.v2 v2.0.0 gopkg.in/yaml.v2 v2.4.0 ) - -// avoid license conflict from juju/ansiterm until https://github.com/manifoldco/promptui/pull/181 -// is merged or other dependency in path currently in violation fixes compliance -replace github.com/manifoldco/promptui => github.com/nguyer/promptui v0.8.1-0.20210517132806-70ccd4709797 diff --git a/go.sum b/go.sum index db7f6795..2a65b82b 100644 --- a/go.sum +++ b/go.sum @@ -68,9 +68,22 @@ github.com/Azure/azure-amqp-common-go/v2 v2.1.0/go.mod h1:R8rea+gJRuJR6QxTir/XuE github.com/Azure/azure-pipeline-go v0.2.1/go.mod h1:UGSo8XybXnIGZ3epmeBw7Jdz+HiUVpqIlpz/HKHylF4= github.com/Azure/azure-sdk-for-go v29.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v30.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= +github.com/Azure/azure-sdk-for-go v58.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-service-bus-go v0.9.1/go.mod h1:yzBx6/BUGfjfeqbRZny9AQIbIe3AcV9WZbAdpkoXOa0= github.com/Azure/azure-storage-blob-go v0.8.0/go.mod h1:lPI3aLPpuLTeUwh1sViKXFxwl2B6teiRqI0deQUvsw0= github.com/Azure/go-autorest v12.0.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= +github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= +github.com/Azure/go-autorest/autorest v0.11.17/go.mod h1:eipySxLmqSyC5s5k1CLupqet0PSENBEDP93LQ9a8QYw= +github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A= +github.com/Azure/go-autorest/autorest/adal v0.9.11/go.mod h1:nBKAnTomx8gDtl+3ZCJv2v0KACFHWTB2drffI1B68Pk= +github.com/Azure/go-autorest/autorest/azure/auth v0.5.8/go.mod h1:kxyKZTSfKh8OVFWPAgOgQ/frrJgeYQJPyR5fLFmXko4= +github.com/Azure/go-autorest/autorest/azure/cli v0.4.2/go.mod h1:7qkJkT+j6b+hIpzMOwPChJhTqS8VbsqqgULzMNRugoM= +github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= +github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= +github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcPR4o9jEImooCeWJcYV/zLE= +github.com/Azure/go-autorest/autorest/validation v0.3.1/go.mod h1:yhLgjC0Wda5DYXl6JAsWyUe4KVNffhoDhG0zVzUMo3E= +github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= +github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= @@ -249,6 +262,7 @@ github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13 h1:fAjc9m62+UWV/WA github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8= +github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= github.com/dlclark/regexp2 v1.1.6/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc= github.com/dlclark/regexp2 v1.2.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc= github.com/dlclark/regexp2 v1.4.0 h1:F1rxgk7p4uKjwIQxBs9oAXe5CqrXlCduYEJvrF4u93E= @@ -573,12 +587,13 @@ github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-b github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= github.com/lucas-clemente/quic-go v0.23.0 h1:5vFnKtZ6nHDFsc/F3uuiF4T3y/AXaQdxjUqiVw26GZE= github.com/lucas-clemente/quic-go v0.23.0/go.mod h1:paZuzjXCE5mj6sikVLMvqXk8lJV2AsqtJ6bDhjEfxx0= -github.com/lunixbochs/vtclean v0.0.0-20180621232353-2d01aacdc34a/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= +github.com/manifoldco/promptui v0.9.0 h1:3V4HzJk1TtXW1MTZMP7mdlwbBpIinw3HztaIlYthEiA= +github.com/manifoldco/promptui v0.9.0/go.mod h1:ka04sppxSGFAtxX0qhlYQjISsg9mR4GWtQEhdbn6Pgg= github.com/marten-seemann/qpack v0.2.1 h1:jvTsT/HpCn2UZJdP+UUB53FfUUgeOyG5K1ns0OJOGVs= github.com/marten-seemann/qpack v0.2.1/go.mod h1:F7Gl5L1jIgN1D11ucXefiuJS9UMVP2opoCp2jDKb7wc= github.com/marten-seemann/qtls-go1-15 v0.1.4/go.mod h1:GyFwywLKkRt+6mfU99csTEY1joMZz5vmB1WNZH3P81I= @@ -663,8 +678,6 @@ github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJE github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM= github.com/newrelic/go-agent v2.15.0+incompatible/go.mod h1:a8Fv1b/fYhFSReoTU6HDkTYIMZeSVNffmoS726Y0LzQ= github.com/ngdinhtoan/glide-cleanup v0.2.0/go.mod h1:UQzsmiDOb8YV3nOsCxK/c9zPpCZVNoHScRE3EO9pVMM= -github.com/nguyer/promptui v0.8.1-0.20210517132806-70ccd4709797 h1:unCiBzwNjcuVbP3bgM76z0ORyIuI4sspop1qhkQJ044= -github.com/nguyer/promptui v0.8.1-0.20210517132806-70ccd4709797/go.mod h1:CBMXL3a2sC3Q8TjpLcQt8w/3aQ23VSy6r7UFeCG6phA= github.com/nishanths/predeclared v0.0.0-20200524104333-86fad755b4d3/go.mod h1:nt3d53pc1VYcphSCIaYAJtnPYnr3Zyn8fMq2wvPGPso= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= @@ -777,7 +790,6 @@ github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= -github.com/samfoo/ansi v0.0.0-20160124022901-b6bd2ded7189 h1:CmSpbxmewNQbzqztaY0bke1qzHhyNyC29wYgh17Gxfo= github.com/samfoo/ansi v0.0.0-20160124022901-b6bd2ded7189/go.mod h1:UUwuHEJ9zkkPDxspIHOa59PUeSkGFljESGzbxntLmIg= github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= github.com/sassoftware/go-rpmutils v0.0.0-20190420191620-a8f1baeba37b/go.mod h1:am+Fp8Bt506lA3Rk3QCmSqmYmLMnPDhdDUcosQCAx+I= @@ -822,14 +834,13 @@ github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic github.com/smallstep/assert v0.0.0-20180720014142-de77670473b5/go.mod h1:TC9A4+RjIOS+HyTH7wG17/gSqVv95uDw2J64dQZx7RE= github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262 h1:unQFBIznI+VYD1/1fApl1A+9VcBk+9dcqGfnePY87LY= github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262/go.mod h1:MyOHs9Po2fbM1LHej6sBUT8ozbxmMOFG+E+rx/GSGuc= -github.com/smallstep/certificates v0.17.4/go.mod h1:NRV/XqAmL65jDaAiLDEYeW0PySKPim+RX+rWi00LKDM= -github.com/smallstep/certificates v0.17.5-0.20211008195551-04fe3126bebf h1:T27FAcJuIadMwnt5uaYCxeNQceUoCkLHqWc0Y+PneHE= -github.com/smallstep/certificates v0.17.5-0.20211008195551-04fe3126bebf/go.mod h1:dAdOimWAt87o2PZvf3KCjbKkxWKBsq85/eFemB4JVTE= +github.com/smallstep/certificates v0.18.0 h1:Oqt3aVDPIrwN+ujLH0iyaUvoFC3deBlWwDvU6FgiDXY= +github.com/smallstep/certificates v0.18.0/go.mod h1:8eHwHNg/bRWvNZo9S0uWFVMkS+LSpDYxM4//EgBhkFM= github.com/smallstep/certinfo v1.5.2/go.mod h1:gA7HBbue0Wwr3kD60P2UtgTIFfMAOC66D3rzYhI0GZ4= -github.com/smallstep/cli v0.17.6 h1:0npb8eQGDgEBPziYXb9tW4f4S5jt8aRRmEJvs97oh+Y= -github.com/smallstep/cli v0.17.6/go.mod h1:IZoK7eNA/r6cTN9GCd6+M1omgb5Ic8mJjHHH9Bh078U= -github.com/smallstep/nosql v0.3.8 h1:1/EWUbbEdz9ai0g9Fd09VekVjtxp+5+gIHpV2PdwW3o= -github.com/smallstep/nosql v0.3.8/go.mod h1:X2qkYpNcW3yjLUvhEHfgGfClpKbFPapewvx7zo4TOFs= +github.com/smallstep/cli v0.18.0 h1:BslbUHuMfj/LbVHxuZ4Hv1sL+vAHHidqia4JRoCBwXs= +github.com/smallstep/cli v0.18.0/go.mod h1:C8ZSfMm/pKdCHnN1C3Pc44bjIOkBbyuoyq6XjS/K9lI= +github.com/smallstep/nosql v0.3.9 h1:YPy5PR3PXClqmpFaVv0wfXDXDc7NXGBE1auyU2c87dc= +github.com/smallstep/nosql v0.3.9/go.mod h1:X2qkYpNcW3yjLUvhEHfgGfClpKbFPapewvx7zo4TOFs= github.com/smallstep/truststore v0.9.6/go.mod h1:HwHKRcBi0RUxxw1LYDpTRhYC4jZUuxPpkHdVonlkoDM= github.com/smallstep/truststore v0.10.1 h1:+0OUcVAfDzYXw5GUbdOz///6oMNrcPosnztITXLICS8= github.com/smallstep/truststore v0.10.1/go.mod h1:HwHKRcBi0RUxxw1LYDpTRhYC4jZUuxPpkHdVonlkoDM= @@ -982,14 +993,13 @@ go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE= go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= -go.step.sm/cli-utils v0.4.1/go.mod h1:hWYVOSlw8W9Pd+BwIbs/aftVVMRms3EG7Q2qLRwc0WA= -go.step.sm/cli-utils v0.6.0 h1:sH4FxBcjmbxyilKXheSyJuKF/QjpojpiW90ERwUWOgQ= -go.step.sm/cli-utils v0.6.0/go.mod h1:jklBMavFl2PbmGlyxgax08ZnB0uWpadjuOlSKKXz+0U= +go.step.sm/cli-utils v0.7.0 h1:2GvY5Muid1yzp7YQbfCCS+gK3q7zlHjjLL5Z0DXz8ds= +go.step.sm/cli-utils v0.7.0/go.mod h1:Ur6bqA/yl636kCUJbp30J7Unv5JJ226eW2KqXPDwF/E= go.step.sm/crypto v0.9.0/go.mod h1:+CYG05Mek1YDqi5WK0ERc6cOpKly2i/a5aZmU1sfGj0= -go.step.sm/crypto v0.11.0 h1:VDpeVgEmqme/FK2w5QINxkOQ1FWOm/Wi2TwQXiacKr8= -go.step.sm/crypto v0.11.0/go.mod h1:5YzQ85BujYBu6NH18jw7nFjwuRnDch35nLzH0ES5sKg= -go.step.sm/linkedca v0.5.0 h1:oZVRSpElM7lAL1XN2YkjdHwI/oIZ+1ULOnuqYPM6xjY= -go.step.sm/linkedca v0.5.0/go.mod h1:5uTRjozEGSPAZal9xJqlaD38cvJcLe3o1VAFVjqcORo= +go.step.sm/crypto v0.13.0 h1:mQuP9Uu2FNmqCJNO0OTbvolnYXzONy4wdUBtUVcP1s8= +go.step.sm/crypto v0.13.0/go.mod h1:5YzQ85BujYBu6NH18jw7nFjwuRnDch35nLzH0ES5sKg= +go.step.sm/linkedca v0.7.0 h1:ydYigs0CgLFkPGjOO4KJcAcAWbuPP8ECF1IsyHdftYc= +go.step.sm/linkedca v0.7.0/go.mod h1:5uTRjozEGSPAZal9xJqlaD38cvJcLe3o1VAFVjqcORo= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= @@ -1228,7 +1238,6 @@ golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200828194041-157a740278f4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1255,8 +1264,9 @@ golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210915083310-ed5796bab164 h1:7ZDGnxgHAMw7thfC5bEos0RDAccZKxioiWBhfIe+tvw= golang.org/x/sys v0.0.0-20210915083310-ed5796bab164/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211031064116-611d5d643895 h1:iaNpwpnrgL5jzWS0vCNnfa8HqzxveCFpFx3uC/X4Tps= +golang.org/x/sys v0.0.0-20211031064116-611d5d643895/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210503060354-a79de5458b56 h1:b8jxX3zqjpqb2LklXPzKSGJhzyxCOZSz8ncv8Nv+y7w= golang.org/x/term v0.0.0-20210503060354-a79de5458b56/go.mod h1:tfny5GFUkzUvx4ps4ajbZsCe5lw1metzhBm9T3x7oIY= From 78b5356f2b1945a90de1ef7f2c7669d82098edbd Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Sat, 11 Dec 2021 17:26:21 +0300 Subject: [PATCH 0518/1498] fileserver: do not double-escape paths (#4447) --- modules/caddyhttp/caddyhttp.go | 2 -- modules/caddyhttp/fileserver/browsetplcontext.go | 6 +++--- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/modules/caddyhttp/caddyhttp.go b/modules/caddyhttp/caddyhttp.go index 1404c796..784b2b90 100644 --- a/modules/caddyhttp/caddyhttp.go +++ b/modules/caddyhttp/caddyhttp.go @@ -20,7 +20,6 @@ import ( "io" "net" "net/http" - "net/url" "path/filepath" "strconv" "strings" @@ -228,7 +227,6 @@ func StatusCodeMatches(actual, configured int) bool { // never be outside of root. The resulting path can be used // with the local file system. func SanitizedPathJoin(root, reqPath string) string { - reqPath, _ = url.PathUnescape(reqPath) if root == "" { root = "." } diff --git a/modules/caddyhttp/fileserver/browsetplcontext.go b/modules/caddyhttp/fileserver/browsetplcontext.go index b1b8e9e7..87156d48 100644 --- a/modules/caddyhttp/fileserver/browsetplcontext.go +++ b/modules/caddyhttp/fileserver/browsetplcontext.go @@ -43,11 +43,9 @@ func (fsrv *FileServer) directoryListing(files []os.FileInfo, canGoUp bool, root isDir := f.IsDir() || isSymlinkTargetDir(f, root, urlPath) - u := url.URL{Path: url.PathEscape(name)} - // add the slash after the escape of path to avoid escaping the slash as well if isDir { - u.Path += "/" + name += "/" dirCount++ } else { fileCount++ @@ -67,6 +65,8 @@ func (fsrv *FileServer) directoryListing(files []os.FileInfo, canGoUp bool, root // was already set above. } + u := url.URL{Path: "./" + name} // prepend with "./" to fix paths with ':' in the name + fileInfos = append(fileInfos, fileInfo{ IsDir: isDir, IsSymlink: fileIsSymlink, From 81ee34e9623c3ac630f46c81a26e7823d0b2bf7b Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 13 Dec 2021 13:42:08 -0500 Subject: [PATCH 0519/1498] httpcaddyfile: Fix sorting edgecase for nested `handle_path` (#4477) --- caddyconfig/httpcaddyfile/directives.go | 3 + caddyconfig/httpcaddyfile/httptype.go | 21 ++- .../sort_directives_within_handle.txt | 133 ++++++++++++++++++ 3 files changed, 150 insertions(+), 7 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/sort_directives_within_handle.txt diff --git a/caddyconfig/httpcaddyfile/directives.go b/caddyconfig/httpcaddyfile/directives.go index 9da205e2..8d895dd9 100644 --- a/caddyconfig/httpcaddyfile/directives.go +++ b/caddyconfig/httpcaddyfile/directives.go @@ -340,6 +340,9 @@ func parseSegmentAsConfig(h Helper) ([]ConfigValue, error) { if err != nil { return nil, h.Errf("parsing caddyfile tokens for '%s': %v", dir, err) } + + dir = normalizeDirectiveName(dir) + for _, result := range results { result.directive = dir allResults = append(allResults, result) diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index bc010601..3a54c087 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -193,13 +193,7 @@ func (st ServerType) Setup(inputServerBlocks []caddyfile.ServerBlock, return nil, warnings, fmt.Errorf("parsing caddyfile tokens for '%s': %v", dir, err) } - // As a special case, we want "handle_path" to be sorted - // at the same level as "handle", so we force them to use - // the same directive name after their parsing is complete. - // See https://github.com/caddyserver/caddy/issues/3675#issuecomment-678042377 - if dir == "handle_path" { - dir = "handle" - } + dir = normalizeDirectiveName(dir) for _, result := range results { result.directive = dir @@ -1061,6 +1055,19 @@ func buildSubroute(routes []ConfigValue, groupCounter counter) (*caddyhttp.Subro return subroute, nil } +// normalizeDirectiveName ensures directives that should be sorted +// at the same level are named the same before sorting happens. +func normalizeDirectiveName(directive string) string { + // As a special case, we want "handle_path" to be sorted + // at the same level as "handle", so we force them to use + // the same directive name after their parsing is complete. + // See https://github.com/caddyserver/caddy/issues/3675#issuecomment-678042377 + if directive == "handle_path" { + directive = "handle" + } + return directive +} + // consolidateRoutes combines routes with the same properties // (same matchers, same Terminal and Group settings) for a // cleaner overall output. diff --git a/caddytest/integration/caddyfile_adapt/sort_directives_within_handle.txt b/caddytest/integration/caddyfile_adapt/sort_directives_within_handle.txt new file mode 100644 index 00000000..10ff6da3 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/sort_directives_within_handle.txt @@ -0,0 +1,133 @@ +*.example.com { + @foo host foo.example.com + handle @foo { + handle_path /strip* { + respond "this should be first" + } + handle { + respond "this should be second" + } + } + handle { + respond "this should be last" + } +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "*.example.com" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "group": "group5", + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "group": "group2", + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "handler": "rewrite", + "strip_path_prefix": "/strip" + } + ] + }, + { + "handle": [ + { + "body": "this should be first", + "handler": "static_response" + } + ] + } + ] + } + ], + "match": [ + { + "path": [ + "/strip*" + ] + } + ] + }, + { + "group": "group2", + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "body": "this should be second", + "handler": "static_response" + } + ] + } + ] + } + ] + } + ] + } + ], + "match": [ + { + "host": [ + "foo.example.com" + ] + } + ] + }, + { + "group": "group5", + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "body": "this should be last", + "handler": "static_response" + } + ] + } + ] + } + ] + } + ] + } + ], + "terminal": true + } + ] + } + } + } + } +} \ No newline at end of file From c04d24cafa60e522842d5188587ab07af2082e9b Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 13 Dec 2021 14:25:35 -0500 Subject: [PATCH 0520/1498] pki: Avoid provisioning the `local` CA when not necessary (#4463) * pki: Avoid provisioning the `local` CA when not necessary * pki: Refactor CA loading to keep the logic in the PKI app --- modules/caddypki/acmeserver/acmeserver.go | 6 +-- modules/caddypki/pki.go | 58 +++++++++++++++++++---- modules/caddytls/internalissuer.go | 15 +++--- 3 files changed, 59 insertions(+), 20 deletions(-) diff --git a/modules/caddypki/acmeserver/acmeserver.go b/modules/caddypki/acmeserver/acmeserver.go index 42d8cc49..388aa529 100644 --- a/modules/caddypki/acmeserver/acmeserver.go +++ b/modules/caddypki/acmeserver/acmeserver.go @@ -102,9 +102,9 @@ func (ash *Handler) Provision(ctx caddy.Context) error { return err } pkiApp := appModule.(*caddypki.PKI) - ca, ok := pkiApp.CAs[ash.CA] - if !ok { - return fmt.Errorf("no certificate authority configured with id: %s", ash.CA) + ca, err := pkiApp.GetCA(ash.CA, &ctx) + if err != nil { + return err } database, err := ash.openDatabase() diff --git a/modules/caddypki/pki.go b/modules/caddypki/pki.go index 012eaafd..f391fdaf 100644 --- a/modules/caddypki/pki.go +++ b/modules/caddypki/pki.go @@ -34,6 +34,8 @@ func init() { type PKI struct { // The certificate authorities to manage. Each CA is keyed by an // ID that is used to uniquely identify it from other CAs. + // At runtime, the GetCA() method should be used instead to ensure + // the default CA is provisioned if it hadn't already been. // The default CA ID is "local". CAs map[string]*CA `json:"certificate_authorities,omitempty"` @@ -54,16 +56,6 @@ func (p *PKI) Provision(ctx caddy.Context) error { p.ctx = ctx p.log = ctx.Logger(p) - // if this app is initialized at all, ensure there's at - // least a default CA that can be used: the standard CA - // which is used implicitly for signing local-use certs - if p.CAs == nil { - p.CAs = make(map[string]*CA) - } - if _, ok := p.CAs[DefaultCAID]; !ok { - p.CAs[DefaultCAID] = new(CA) - } - for caID, ca := range p.CAs { err := ca.Provision(ctx, caID, p.log) if err != nil { @@ -71,9 +63,29 @@ func (p *PKI) Provision(ctx caddy.Context) error { } } + // if this app is initialized at all, ensure there's at + // least a default CA that can be used: the standard CA + // which is used implicitly for signing local-use certs + if len(p.CAs) == 0 { + err := p.ProvisionDefaultCA(ctx) + if err != nil { + return fmt.Errorf("provisioning CA '%s': %v", DefaultCAID, err) + } + } + return nil } +// ProvisionDefaultCA sets up the default CA. +func (p *PKI) ProvisionDefaultCA(ctx caddy.Context) error { + if p.CAs == nil { + p.CAs = make(map[string]*CA) + } + + p.CAs[DefaultCAID] = new(CA) + return p.CAs[DefaultCAID].Provision(ctx, DefaultCAID, p.log) +} + // Start starts the PKI app. func (p *PKI) Start() error { // install roots to trust store, if not disabled @@ -107,6 +119,32 @@ func (p *PKI) Stop() error { return nil } +// GetCA retrieves a CA by ID. If the ID is the default +// CA ID, and it hasn't been provisioned yet, it will +// be provisioned. The context must be passed if this +// is called from a module's Provision(). +func (p *PKI) GetCA(id string, ctx *caddy.Context) (*CA, error) { + ca, ok := p.CAs[id] + if !ok { + // for anything other than the default CA ID, error out if it wasn't configured + if id != DefaultCAID { + return nil, fmt.Errorf("no certificate authority configured with id: %s", id) + } + + // for the default CA ID, provision it, because we want it to "just work" + if ctx == nil { + return nil, fmt.Errorf("cannot provision default CA without the context") + } + err := p.ProvisionDefaultCA(*ctx) + if err != nil { + return nil, fmt.Errorf("failed to provision default CA: %s", err) + } + ca = p.CAs[id] + } + + return ca, nil +} + // Interface guards var ( _ caddy.Provisioner = (*PKI)(nil) diff --git a/modules/caddytls/internalissuer.go b/modules/caddytls/internalissuer.go index 7a25f6d3..d9b6117d 100644 --- a/modules/caddytls/internalissuer.go +++ b/modules/caddytls/internalissuer.go @@ -19,7 +19,6 @@ import ( "context" "crypto/x509" "encoding/pem" - "fmt" "time" "github.com/caddyserver/caddy/v2" @@ -68,18 +67,20 @@ func (InternalIssuer) CaddyModule() caddy.ModuleInfo { func (iss *InternalIssuer) Provision(ctx caddy.Context) error { iss.logger = ctx.Logger(iss) + // set some defaults + if iss.CA == "" { + iss.CA = caddypki.DefaultCAID + } + // get a reference to the configured CA appModule, err := ctx.App("pki") if err != nil { return err } pkiApp := appModule.(*caddypki.PKI) - if iss.CA == "" { - iss.CA = caddypki.DefaultCAID - } - ca, ok := pkiApp.CAs[iss.CA] - if !ok { - return fmt.Errorf("no certificate authority configured with id: %s", iss.CA) + ca, err := pkiApp.GetCA(iss.CA, &ctx) + if err != nil { + return err } iss.ca = ca From ecac03cdcb6cceae743aac16faca7f32e5da1607 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Mon, 13 Dec 2021 13:59:58 -0700 Subject: [PATCH 0521/1498] caddyhttp: Enhance vars matcher (#4433) * caddyhttp: Enhance vars matcher Enable "or" logic for multiple values. Fall back to checking placeholders if not a var name. * Fix tests (thanks @mohammed90 !) --- .../caddyfile_adapt/matcher_syntax.txt | 4 +- modules/caddyhttp/vars.go | 76 +++++++++++++------ 2 files changed, 55 insertions(+), 25 deletions(-) diff --git a/caddytest/integration/caddyfile_adapt/matcher_syntax.txt b/caddytest/integration/caddyfile_adapt/matcher_syntax.txt index 019ce148..cb521aa6 100644 --- a/caddytest/integration/caddyfile_adapt/matcher_syntax.txt +++ b/caddytest/integration/caddyfile_adapt/matcher_syntax.txt @@ -101,7 +101,9 @@ "match": [ { "vars": { - "{http.request.uri}": "/vars-matcher" + "{http.request.uri}": [ + "/vars-matcher" + ] } } ], diff --git a/modules/caddyhttp/vars.go b/modules/caddyhttp/vars.go index 5779b5d0..91a2072c 100644 --- a/modules/caddyhttp/vars.go +++ b/modules/caddyhttp/vars.go @@ -59,8 +59,15 @@ func (t VarsMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Request, next H } // VarsMatcher is an HTTP request matcher which can match -// requests based on variables in the context. -type VarsMatcher map[string]string +// requests based on variables in the context. The key is +// the name of the variable, and the values are possible +// values the variable can be in order to match (OR'ed). +// +// As a special case, this matcher can also match on +// placeholders generally. If the key is not an HTTP chain +// variable, it will be checked to see if it is a +// placeholder name, and if so, will compare its value. +type VarsMatcher map[string][]string // CaddyModule returns the Caddy module information. func (VarsMatcher) CaddyModule() caddy.ModuleInfo { @@ -73,14 +80,18 @@ func (VarsMatcher) CaddyModule() caddy.ModuleInfo { // UnmarshalCaddyfile implements caddyfile.Unmarshaler. func (m *VarsMatcher) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { if *m == nil { - *m = make(map[string]string) + *m = make(map[string][]string) } for d.Next() { - var field, val string - if !d.Args(&field, &val) { - return d.Errf("malformed vars matcher: expected both field and value") + var field string + if !d.Args(&field) { + return d.Errf("malformed vars matcher: expected field name") } - (*m)[field] = val + vals := d.RemainingArgs() + if len(vals) == 0 { + return d.Errf("malformed vars matcher: expected at least one value to match against") + } + (*m)[field] = vals if d.NextBlock(0) { return d.Err("malformed vars matcher: blocks are not supported") } @@ -88,29 +99,46 @@ func (m *VarsMatcher) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return nil } -// Match matches a request based on variables in the context. +// Match matches a request based on variables in the context, +// or placeholders if the key is not a variable. func (m VarsMatcher) Match(r *http.Request) bool { + if len(m) == 0 { + return true + } + vars := r.Context().Value(VarsCtxKey).(map[string]interface{}) repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) - for k, v := range m { - keyExpanded := repl.ReplaceAll(k, "") - valExpanded := repl.ReplaceAll(v, "") - var varStr string - switch vv := vars[keyExpanded].(type) { - case string: - varStr = vv - case fmt.Stringer: - varStr = vv.String() - case error: - varStr = vv.Error() - default: - varStr = fmt.Sprintf("%v", vv) + + for key, vals := range m { + // look up the comparison value we will check against with this key + matcherVarNameExpanded := repl.ReplaceAll(key, "") + varValue, ok := vars[matcherVarNameExpanded] + if !ok { + // as a special case, if it's not an HTTP variable, + // see if it's a placeholder name + varValue, _ = repl.Get(matcherVarNameExpanded) } - if varStr != valExpanded { - return false + + // see if any of the values given in the matcher match the actual value + for _, v := range vals { + matcherValExpanded := repl.ReplaceAll(v, "") + var varStr string + switch vv := varValue.(type) { + case string: + varStr = vv + case fmt.Stringer: + varStr = vv.String() + case error: + varStr = vv.Error() + default: + varStr = fmt.Sprintf("%v", vv) + } + if varStr == matcherValExpanded { + return true + } } } - return true + return false } // MatchVarsRE matches the value of the context variables by a given regular expression. From a1c41210d34c629c3b5cdbdca74c540fde752aad Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 13 Dec 2021 16:13:29 -0700 Subject: [PATCH 0522/1498] caddypki: Minor tweak, don't use context pointer --- modules/caddypki/acmeserver/acmeserver.go | 2 +- modules/caddypki/pki.go | 10 +++------- modules/caddytls/internalissuer.go | 2 +- 3 files changed, 5 insertions(+), 9 deletions(-) diff --git a/modules/caddypki/acmeserver/acmeserver.go b/modules/caddypki/acmeserver/acmeserver.go index 388aa529..ff021b4f 100644 --- a/modules/caddypki/acmeserver/acmeserver.go +++ b/modules/caddypki/acmeserver/acmeserver.go @@ -102,7 +102,7 @@ func (ash *Handler) Provision(ctx caddy.Context) error { return err } pkiApp := appModule.(*caddypki.PKI) - ca, err := pkiApp.GetCA(ash.CA, &ctx) + ca, err := pkiApp.GetCA(ctx, ash.CA) if err != nil { return err } diff --git a/modules/caddypki/pki.go b/modules/caddypki/pki.go index f391fdaf..c19bd0f2 100644 --- a/modules/caddypki/pki.go +++ b/modules/caddypki/pki.go @@ -121,9 +121,8 @@ func (p *PKI) Stop() error { // GetCA retrieves a CA by ID. If the ID is the default // CA ID, and it hasn't been provisioned yet, it will -// be provisioned. The context must be passed if this -// is called from a module's Provision(). -func (p *PKI) GetCA(id string, ctx *caddy.Context) (*CA, error) { +// be provisioned. +func (p *PKI) GetCA(ctx caddy.Context, id string) (*CA, error) { ca, ok := p.CAs[id] if !ok { // for anything other than the default CA ID, error out if it wasn't configured @@ -132,10 +131,7 @@ func (p *PKI) GetCA(id string, ctx *caddy.Context) (*CA, error) { } // for the default CA ID, provision it, because we want it to "just work" - if ctx == nil { - return nil, fmt.Errorf("cannot provision default CA without the context") - } - err := p.ProvisionDefaultCA(*ctx) + err := p.ProvisionDefaultCA(ctx) if err != nil { return nil, fmt.Errorf("failed to provision default CA: %s", err) } diff --git a/modules/caddytls/internalissuer.go b/modules/caddytls/internalissuer.go index d9b6117d..5de3af56 100644 --- a/modules/caddytls/internalissuer.go +++ b/modules/caddytls/internalissuer.go @@ -78,7 +78,7 @@ func (iss *InternalIssuer) Provision(ctx caddy.Context) error { return err } pkiApp := appModule.(*caddypki.PKI) - ca, err := pkiApp.GetCA(iss.CA, &ctx) + ca, err := pkiApp.GetCA(ctx, iss.CA) if err != nil { return err } From 180ae0cc4843ecc3c7ddcb6e978ebfd474ed07f9 Mon Sep 17 00:00:00 2001 From: Rainer Borene Date: Wed, 15 Dec 2021 04:17:53 -0300 Subject: [PATCH 0523/1498] caddyhttp: Implement http.request.uuid placeholder (#4285) --- modules/caddyhttp/app.go | 1 + modules/caddyhttp/replacer.go | 19 +++++++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go index 91c31c85..64cc5401 100644 --- a/modules/caddyhttp/app.go +++ b/modules/caddyhttp/app.go @@ -50,6 +50,7 @@ func init() { // `{http.request.body}` | The request body (⚠️ inefficient; use only for debugging) // `{http.request.cookie.*}` | HTTP request cookie // `{http.request.duration}` | Time up to now spent handling the request (after decoding headers from client) +// `{http.request.uuid}` | The request unique identifier // `{http.request.header.*}` | Specific request header field // `{http.request.host.labels.*}` | Request host labels (0-based from right); e.g. for foo.example.com: 0=com, 1=example, 2=foo // `{http.request.host}` | The host part of the request's Host header diff --git a/modules/caddyhttp/replacer.go b/modules/caddyhttp/replacer.go index 2cf456f2..26f7e0be 100644 --- a/modules/caddyhttp/replacer.go +++ b/modules/caddyhttp/replacer.go @@ -40,6 +40,7 @@ import ( "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/modules/caddytls" + "github.com/google/uuid" ) // NewTestReplacer creates a replacer for an http.Request @@ -54,6 +55,7 @@ func NewTestReplacer(req *http.Request) *caddy.Replacer { func addHTTPVarsToReplacer(repl *caddy.Replacer, req *http.Request, w http.ResponseWriter) { SetVar(req.Context(), "start_time", time.Now()) + SetVar(req.Context(), "uuid", new(requestID)) httpVars := func(key string) (interface{}, bool) { if req != nil { @@ -146,6 +148,9 @@ func addHTTPVarsToReplacer(repl *caddy.Replacer, req *http.Request, w http.Respo case "http.request.duration": start := GetVar(req.Context(), "start_time").(time.Time) return time.Since(start), true + case "http.request.uuid": + id := GetVar(req.Context(), "uuid").(*requestID) + return id.String(), true case "http.request.body": if req.Body == nil { return "", true @@ -400,6 +405,20 @@ func getTLSPeerCert(cs *tls.ConnectionState) *x509.Certificate { return cs.PeerCertificates[0] } +type requestID struct { + value string +} + +// Lazy generates UUID string or return cached value if present +func (rid *requestID) String() string { + if rid.value == "" { + if id, err := uuid.NewRandom(); err == nil { + rid.value = id.String() + } + } + return rid.value +} + const ( reqCookieReplPrefix = "http.request.cookie." reqHeaderReplPrefix = "http.request.header." From 5333c3528bd2badf1676efcced322d151e3706c8 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Fri, 17 Dec 2021 10:53:11 -0500 Subject: [PATCH 0524/1498] reverseproxy: Fix incorrect `health_headers` Caddyfile parsing (#4485) Fixes #4481 --- .../reverse_proxy_health_headers.txt | 4 +++- modules/caddyhttp/reverseproxy/caddyfile.go | 14 ++++++-------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/caddytest/integration/caddyfile_adapt/reverse_proxy_health_headers.txt b/caddytest/integration/caddyfile_adapt/reverse_proxy_health_headers.txt index a3d842ab..17adcaa6 100644 --- a/caddytest/integration/caddyfile_adapt/reverse_proxy_health_headers.txt +++ b/caddytest/integration/caddyfile_adapt/reverse_proxy_health_headers.txt @@ -7,6 +7,7 @@ reverse_proxy 127.0.0.1:65535 { X-Header-Keys VbG4NZwWnipo 335Q9/MhqcNU3s2TO X-Empty-Value } + health_uri /health } ---------- { @@ -38,7 +39,8 @@ reverse_proxy 127.0.0.1:65535 { "VbG4NZwWnipo", "335Q9/MhqcNU3s2TO" ] - } + }, + "uri": "/health" } }, "upstreams": [ diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index c37efd07..52282f7b 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -361,15 +361,13 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { case "health_headers": healthHeaders := make(http.Header) - for d.Next() { - for d.NextBlock(0) { - key := d.Val() - values := d.RemainingArgs() - if len(values) == 0 { - values = append(values, "") - } - healthHeaders[key] = values + for nesting := d.Nesting(); d.NextBlock(nesting); { + key := d.Val() + values := d.RemainingArgs() + if len(values) == 0 { + values = append(values, "") } + healthHeaders[key] = values } if h.HealthChecks == nil { h.HealthChecks = new(HealthChecks) From 3fe2c73dd04f7769a9d9673236cb94b79ac45659 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Thu, 30 Dec 2021 04:15:48 -0500 Subject: [PATCH 0525/1498] caddyhttp: Fix `MatchPath` sanitizing (#4499) This is a followup to #4407, in response to a report on the forums: https://caddy.community/t/php-fastcgi-phishing-redirection/14542 Turns out that doing `TrimRight` to remove trailing dots, _before_ cleaning the path, will cause double-dots at the end of the path to not be cleaned away as they should. We should instead remove the dots _after_ cleaning. --- modules/caddyhttp/matchers.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index 439c4073..272c9242 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -325,6 +325,11 @@ func (m MatchPath) Match(r *http.Request) bool { lowerPath := strings.ToLower(unescapedPath) + // Clean the path, merges doubled slashes, etc. + // This ensures maliciously crafted requests can't bypass + // the path matcher. See #4407 + lowerPath = path.Clean(lowerPath) + // see #2917; Windows ignores trailing dots and spaces // when accessing files (sigh), potentially causing a // security risk (cry) if PHP files end up being served @@ -332,11 +337,6 @@ func (m MatchPath) Match(r *http.Request) bool { // being matched by *.php to be treated as PHP scripts lowerPath = strings.TrimRight(lowerPath, ". ") - // Clean the path, merges doubled slashes, etc. - // This ensures maliciously crafted requests can't bypass - // the path matcher. See #4407 - lowerPath = path.Clean(lowerPath) - // Cleaning may remove the trailing slash, but we want to keep it if lowerPath != "/" && strings.HasSuffix(r.URL.Path, "/") { lowerPath = lowerPath + "/" From e9dde230247ec5525d4c3803ff99c97e0dc8e348 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 4 Jan 2022 12:10:11 -0500 Subject: [PATCH 0526/1498] headers: Fix `+` in Caddyfile to properly append rather than set (#4506) --- caddytest/integration/caddyfile_adapt/header.txt | 15 +++++++++++++++ modules/caddyhttp/headers/caddyfile.go | 2 +- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/caddytest/integration/caddyfile_adapt/header.txt b/caddytest/integration/caddyfile_adapt/header.txt index 223839ef..34a044df 100644 --- a/caddytest/integration/caddyfile_adapt/header.txt +++ b/caddytest/integration/caddyfile_adapt/header.txt @@ -13,6 +13,10 @@ header @images { Cache-Control "public, max-age=3600, stale-while-revalidate=86400" } + header { + +Link "Foo" + +Link "Bar" + } } ---------- { @@ -121,6 +125,17 @@ ] } } + }, + { + "handler": "headers", + "response": { + "add": { + "Link": [ + "Foo", + "Bar" + ] + } + } } ] } diff --git a/modules/caddyhttp/headers/caddyfile.go b/modules/caddyhttp/headers/caddyfile.go index c6ea2fb0..eec11490 100644 --- a/modules/caddyhttp/headers/caddyfile.go +++ b/modules/caddyhttp/headers/caddyfile.go @@ -222,7 +222,7 @@ func applyHeaderOp(ops *HeaderOps, respHeaderOps *RespHeaderOps, field, value, r if ops.Add == nil { ops.Add = make(http.Header) } - ops.Add.Set(field[1:], value) + ops.Add.Add(field[1:], value) case strings.HasPrefix(field, "-"): // delete ops.Delete = append(ops.Delete, field[1:]) From 249adc1c872ae46e640cfb7c330e332229d8d32a Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 4 Jan 2022 14:11:27 -0500 Subject: [PATCH 0527/1498] logging: Support turning off roll compression via Caddyfile (#4505) --- .../integration/caddyfile_adapt/log_roll_days.txt | 2 ++ modules/logging/filewriter.go | 11 +++++++++++ 2 files changed, 13 insertions(+) diff --git a/caddytest/integration/caddyfile_adapt/log_roll_days.txt b/caddytest/integration/caddyfile_adapt/log_roll_days.txt index 2d146f9c..5762c92b 100644 --- a/caddytest/integration/caddyfile_adapt/log_roll_days.txt +++ b/caddytest/integration/caddyfile_adapt/log_roll_days.txt @@ -3,6 +3,7 @@ log { output file /var/log/access.log { roll_size 1gb + roll_uncompressed roll_keep 5 roll_keep_for 90d } @@ -20,6 +21,7 @@ log { "writer": { "filename": "/var/log/access.log", "output": "file", + "roll_gzip": false, "roll_keep": 5, "roll_keep_days": 90, "roll_size_mb": 954 diff --git a/modules/logging/filewriter.go b/modules/logging/filewriter.go index 376deeb2..7333fb20 100644 --- a/modules/logging/filewriter.go +++ b/modules/logging/filewriter.go @@ -134,6 +134,7 @@ func (fw FileWriter) OpenWriter() (io.WriteCloser, error) { // file { // roll_disabled // roll_size +// roll_uncompressed // roll_keep // roll_keep_for // } @@ -141,6 +142,9 @@ func (fw FileWriter) OpenWriter() (io.WriteCloser, error) { // The roll_size value has megabyte resolution. // Fractional values are rounded up to the next whole megabyte (MiB). // +// By default, compression is enabled, but can be turned off by setting +// the roll_uncompressed option. +// // The roll_keep_for duration has day resolution. // Fractional values are rounded up to the next whole number of days. // @@ -177,6 +181,13 @@ func (fw *FileWriter) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { } fw.RollSizeMB = int(math.Ceil(float64(size) / humanize.MiByte)) + case "roll_uncompressed": + var f bool + fw.RollCompress = &f + if d.NextArg() { + return d.ArgErr() + } + case "roll_keep": var keepStr string if !d.AllArgs(&keepStr) { From 2e46c2ac1d860230a80de5fd7bc85c8c9429d3f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=94=D0=B5=D0=BD=D0=B8=D1=81=20=D0=A2=D0=B5=D0=BB=D1=8E?= =?UTF-8?q?=D1=85?= Date: Wed, 5 Jan 2022 02:14:18 +0700 Subject: [PATCH 0528/1498] admin, reverseproxy: Stop timers if canceled to avoid goroutine leak (#4482) --- caddy.go | 7 ++++++- modules/caddyhttp/reverseproxy/reverseproxy.go | 7 ++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/caddy.go b/caddy.go index bee4274c..f990d362 100644 --- a/caddy.go +++ b/caddy.go @@ -494,9 +494,10 @@ func finishSettingUp(ctx Context, cfg *Config) error { if cfg.Admin.Config.LoadInterval > 0 { go func() { for { + timer := time.NewTimer(time.Duration(cfg.Admin.Config.LoadInterval)) select { // if LoadInterval is positive, will wait for the interval and then run with new config - case <-time.After(time.Duration(cfg.Admin.Config.LoadInterval)): + case <-timer.C: loadedConfig, err := val.(ConfigLoader).LoadConfig(ctx) if err != nil { Log().Error("loading dynamic config failed", zap.Error(err)) @@ -504,6 +505,10 @@ func finishSettingUp(ctx Context, cfg *Config) error { } runLoadedConfig(loadedConfig) case <-ctx.Done(): + if !timer.Stop() { + // if the timer has been stopped then read from the channel + <-timer.C + } Log().Info("stopping config load interval") return } diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index b4189535..eaa7cbf9 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -792,10 +792,15 @@ func (lb LoadBalancing) tryAgain(ctx caddy.Context, start time.Time, proxyErr er } // otherwise, wait and try the next available host + timer := time.NewTimer(time.Duration(lb.TryInterval)) select { - case <-time.After(time.Duration(lb.TryInterval)): + case <-timer.C: return true case <-ctx.Done(): + if !timer.Stop() { + // if the timer has been stopped then read from the channel + <-timer.C + } return false } } From 6cadb60fa2308f24a20a32c3f8d5e3a521c277ff Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 5 Jan 2022 13:59:59 -0700 Subject: [PATCH 0529/1498] templates: Document .OriginalReq Close caddyserver/website#91 --- modules/caddyhttp/templates/templates.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/caddyhttp/templates/templates.go b/modules/caddyhttp/templates/templates.go index 80efded4..f7332a9a 100644 --- a/modules/caddyhttp/templates/templates.go +++ b/modules/caddyhttp/templates/templates.go @@ -153,6 +153,10 @@ func init() { // {{.Req.Header.Get "User-Agent"}} // ``` // +// ##### `.OriginalReq` +// +// Like .Req, except it accesses the original HTTP request before rewrites or other internal modifications. +// // ##### `.RespHeader.Add` // // Adds a header field to the HTTP response. From b4bfa29be2191ffacfa4ed747bd5cdce8da8917f Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 5 Jan 2022 17:55:09 -0700 Subject: [PATCH 0530/1498] admin: Require identity for remote (fix #4478) --- admin.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/admin.go b/admin.go index 6960de52..0a7b9330 100644 --- a/admin.go +++ b/admin.go @@ -466,6 +466,9 @@ func replaceRemoteAdminServer(ctx Context, cfg *Config) error { } // create TLS config that will enforce mutual authentication + if identityCertCache == nil { + return fmt.Errorf("cannot enable remote admin without a certificate cache; configure identity management to initialize a certificate cache") + } cmCfg := cfg.Admin.Identity.certmagicConfig(remoteLogger, false) tlsConfig := cmCfg.TLSConfig() tlsConfig.NextProtos = nil // this server does not solve ACME challenges From 80d7a356b3443e0a994e5d6abfa6082ba3d5e6e7 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 5 Jan 2022 20:01:15 -0500 Subject: [PATCH 0531/1498] caddyhttp: Redirect HTTP requests on the HTTPS port to https:// (#4313) * caddyhttp: Redirect HTTP requests on the HTTPS port to https:// * Apply suggestions from code review Co-authored-by: Matt Holt Co-authored-by: Matt Holt --- modules/caddyhttp/app.go | 5 + modules/caddyhttp/httpredirectlistener.go | 114 ++++++++++++++++++++++ 2 files changed, 119 insertions(+) create mode 100644 modules/caddyhttp/httpredirectlistener.go diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go index 64cc5401..67f9d1d6 100644 --- a/modules/caddyhttp/app.go +++ b/modules/caddyhttp/app.go @@ -343,6 +343,11 @@ func (app *App) Start() error { // enable TLS if there is a policy and if this is not the HTTP port useTLS := len(srv.TLSConnPolicies) > 0 && int(listenAddr.StartPort+portOffset) != app.httpPort() if useTLS { + // create HTTP redirect wrapper, which detects if + // the request had HTTP bytes on the HTTPS port, and + // triggers a redirect if so. + ln = &httpRedirectListener{Listener: ln} + // create TLS listener tlsCfg := srv.TLSConnPolicies.TLSConfig(app.ctx) ln = tls.NewListener(ln, tlsCfg) diff --git a/modules/caddyhttp/httpredirectlistener.go b/modules/caddyhttp/httpredirectlistener.go new file mode 100644 index 00000000..38225a3d --- /dev/null +++ b/modules/caddyhttp/httpredirectlistener.go @@ -0,0 +1,114 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package caddyhttp + +import ( + "bufio" + "fmt" + "net" + "net/http" + "sync" +) + +// httpRedirectListener is listener that checks the first few bytes +// of the request when the server is intended to accept HTTPS requests, +// to respond to an HTTP request with a redirect. +type httpRedirectListener struct { + net.Listener +} + +// Accept waits for and returns the next connection to the listener, +// wrapping it with a httpRedirectConn. +func (l *httpRedirectListener) Accept() (net.Conn, error) { + c, err := l.Listener.Accept() + if err != nil { + return nil, err + } + + return &httpRedirectConn{ + Conn: c, + r: bufio.NewReader(c), + }, nil +} + +type httpRedirectConn struct { + net.Conn + once sync.Once + r *bufio.Reader +} + +// Read tries to peek at the first few bytes of the request, and if we get +// an error reading the headers, and that error was due to the bytes looking +// like an HTTP request, then we perform a HTTP->HTTPS redirect on the same +// port as the original connection. +func (c *httpRedirectConn) Read(p []byte) (int, error) { + var errReturn error + c.once.Do(func() { + firstBytes, err := c.r.Peek(5) + if err != nil { + return + } + + // If the request doesn't look like HTTP, then it's probably + // TLS bytes and we don't need to do anything. + if !firstBytesLookLikeHTTP(firstBytes) { + return + } + + // Parse the HTTP request, so we can get the Host and URL to redirect to. + req, err := http.ReadRequest(c.r) + if err != nil { + return + } + + // Build the redirect response, using the same Host and URL, + // but replacing the scheme with https. + headers := make(http.Header) + headers.Add("Location", "https://"+req.Host+req.URL.String()) + resp := &http.Response{ + Proto: "HTTP/1.0", + Status: "308 Permanent Redirect", + StatusCode: 308, + ProtoMajor: 1, + ProtoMinor: 0, + Header: headers, + } + + err = resp.Write(c.Conn) + if err != nil { + errReturn = fmt.Errorf("couldn't write HTTP->HTTPS redirect") + return + } + + errReturn = fmt.Errorf("redirected HTTP request on HTTPS port") + c.Conn.Close() + }) + + if errReturn != nil { + return 0, errReturn + } + + return c.r.Read(p) +} + +// firstBytesLookLikeHTTP reports whether a TLS record header +// looks like it might've been a misdirected plaintext HTTP request. +func firstBytesLookLikeHTTP(hdr []byte) bool { + switch string(hdr[:5]) { + case "GET /", "HEAD ", "POST ", "PUT /", "OPTIO": + return true + } + return false +} From 4b9849c7922c3a0a7b1bd487f5d890fcff32aaba Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 5 Jan 2022 22:45:41 -0500 Subject: [PATCH 0532/1498] httpcaddyfile: Support configuring `pki` app names via global options (#4450) --- caddyconfig/httpcaddyfile/pkiapp.go | 96 ++++++++++++++++++- .../global_options_skip_install_trust.txt | 92 ++++++++++++++++++ 2 files changed, 185 insertions(+), 3 deletions(-) diff --git a/caddyconfig/httpcaddyfile/pkiapp.go b/caddyconfig/httpcaddyfile/pkiapp.go index a21951db..b1aac75f 100644 --- a/caddyconfig/httpcaddyfile/pkiapp.go +++ b/caddyconfig/httpcaddyfile/pkiapp.go @@ -16,23 +16,108 @@ package httpcaddyfile import ( "github.com/caddyserver/caddy/v2/caddyconfig" + "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" "github.com/caddyserver/caddy/v2/modules/caddypki" ) +func init() { + RegisterGlobalOption("pki", parsePKIApp) +} + +// parsePKIApp parses the global log option. Syntax: +// +// pki { +// ca [] { +// name +// root_cn +// intermediate_cn +// } +// } +// +// When the CA ID is unspecified, 'local' is assumed. +// +func parsePKIApp(d *caddyfile.Dispenser, existingVal interface{}) (interface{}, error) { + pki := &caddypki.PKI{CAs: make(map[string]*caddypki.CA)} + + for d.Next() { + for nesting := d.Nesting(); d.NextBlock(nesting); { + switch d.Val() { + case "ca": + pkiCa := new(caddypki.CA) + if d.NextArg() { + pkiCa.ID = d.Val() + if d.NextArg() { + return nil, d.ArgErr() + } + } + if pkiCa.ID == "" { + pkiCa.ID = caddypki.DefaultCAID + } + + for nesting := d.Nesting(); d.NextBlock(nesting); { + switch d.Val() { + case "name": + if !d.NextArg() { + return nil, d.ArgErr() + } + pkiCa.Name = d.Val() + + case "root_cn": + if !d.NextArg() { + return nil, d.ArgErr() + } + pkiCa.RootCommonName = d.Val() + + case "intermediate_cn": + if !d.NextArg() { + return nil, d.ArgErr() + } + pkiCa.IntermediateCommonName = d.Val() + + default: + return nil, d.Errf("unrecognized pki ca option '%s'", d.Val()) + } + } + + pki.CAs[pkiCa.ID] = pkiCa + + default: + return nil, d.Errf("unrecognized pki option '%s'", d.Val()) + } + } + } + + return pki, nil +} + func (st ServerType) buildPKIApp( pairings []sbAddrAssociation, options map[string]interface{}, warnings []caddyconfig.Warning, ) (*caddypki.PKI, []caddyconfig.Warning, error) { - pkiApp := &caddypki.PKI{CAs: make(map[string]*caddypki.CA)} - skipInstallTrust := false if _, ok := options["skip_install_trust"]; ok { skipInstallTrust = true } falseBool := false + // Load the PKI app configured via global options + var pkiApp *caddypki.PKI + unwrappedPki, ok := options["pki"].(*caddypki.PKI) + if ok { + pkiApp = unwrappedPki + } else { + pkiApp = &caddypki.PKI{CAs: make(map[string]*caddypki.CA)} + } + for _, ca := range pkiApp.CAs { + if skipInstallTrust { + ca.InstallTrust = &falseBool + } + pkiApp.CAs[ca.ID] = ca + } + + // Add in the CAs configured via directives for _, p := range pairings { for _, sblock := range p.serverBlocks { // find all the CAs that were defined and add them to the app config @@ -42,7 +127,12 @@ func (st ServerType) buildPKIApp( if skipInstallTrust { ca.InstallTrust = &falseBool } - pkiApp.CAs[ca.ID] = ca + + // the CA might already exist from global options, so + // don't overwrite it in that case + if _, ok := pkiApp.CAs[ca.ID]; !ok { + pkiApp.CAs[ca.ID] = ca + } } } } diff --git a/caddytest/integration/caddyfile_adapt/global_options_skip_install_trust.txt b/caddytest/integration/caddyfile_adapt/global_options_skip_install_trust.txt index f949ac1a..39c118ff 100644 --- a/caddytest/integration/caddyfile_adapt/global_options_skip_install_trust.txt +++ b/caddytest/integration/caddyfile_adapt/global_options_skip_install_trust.txt @@ -1,10 +1,34 @@ { skip_install_trust + pki { + ca { + name "Local" + root_cn "Custom Local Root Name" + intermediate_cn "Custom Local Intermediate Name" + } + ca foo { + name "Foo" + root_cn "Custom Foo Root Name" + intermediate_cn "Custom Foo Intermediate Name" + } + } } a.example.com { tls internal } + +acme.example.com { + acme_server { + ca foo + } +} + +acme-bar.example.com { + acme_server { + ca bar + } +} ---------- { "apps": { @@ -15,6 +39,56 @@ a.example.com { ":443" ], "routes": [ + { + "match": [ + { + "host": [ + "acme-bar.example.com" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "ca": "bar", + "handler": "acme_server" + } + ] + } + ] + } + ], + "terminal": true + }, + { + "match": [ + { + "host": [ + "acme.example.com" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "ca": "foo", + "handler": "acme_server" + } + ] + } + ] + } + ], + "terminal": true + }, { "match": [ { @@ -31,7 +105,19 @@ a.example.com { }, "pki": { "certificate_authorities": { + "bar": { + "install_trust": false + }, + "foo": { + "name": "Foo", + "root_common_name": "Custom Foo Root Name", + "intermediate_common_name": "Custom Foo Intermediate Name", + "install_trust": false + }, "local": { + "name": "Local", + "root_common_name": "Custom Local Root Name", + "intermediate_common_name": "Custom Local Intermediate Name", "install_trust": false } } @@ -39,6 +125,12 @@ a.example.com { "tls": { "automation": { "policies": [ + { + "subjects": [ + "acme-bar.example.com", + "acme.example.com" + ] + }, { "subjects": [ "a.example.com" From c634bbe9cc7ef6ce6f9f776010ce96384fd43340 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 7 Jan 2022 10:55:11 -0700 Subject: [PATCH 0533/1498] caddypki: Return error if no PEM data found Best guess for https://caddy.community/t/on-fly-certificate-generation-based-on-sni/14639/4 --- modules/caddypki/crypto.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/caddypki/crypto.go b/modules/caddypki/crypto.go index d8e72c6d..dbc6f383 100644 --- a/modules/caddypki/crypto.go +++ b/modules/caddypki/crypto.go @@ -81,6 +81,9 @@ func pemEncodePrivateKey(key crypto.PrivateKey) ([]byte, error) { // TODO: this is the same thing as in certmagic. Should we reuse that code somehow? It's unexported. func pemDecodePrivateKey(keyPEMBytes []byte) (crypto.PrivateKey, error) { keyBlockDER, _ := pem.Decode(keyPEMBytes) + if keyBlockDER == nil { + return nil, fmt.Errorf("no PEM data found") + } if keyBlockDER.Type != "PRIVATE KEY" && !strings.HasSuffix(keyBlockDER.Type, " PRIVATE KEY") { return nil, fmt.Errorf("unknown PEM header %q", keyBlockDER.Type) From 64a3218f5c7ba98a51c76065ed32ae860351e779 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 10 Jan 2022 23:24:58 -0700 Subject: [PATCH 0534/1498] core: Simplify shared listeners, fix deadline bug When this listener code was first written, UsagePool didn't exist. We can simplify much of the wrapped listener logic by utilizing UsagePool. This also fixes a bug where new servers were able to clear deadlines set by old servers, even if the old server didn't get booted out of its Accept() call yet. And with the deadline cleared, they never would. (Sometimes. Based on reports and difficulty of reproducing the bug, this behavior was extremely rare.) I don't know why that happened exactly, maybe some polling mechanism in the kernel and if the timings worked out just wrong it would expose the bug. Anyway, now we ensure that only the closer that set the deadline is the same one that clears it, ensuring that old servers always return out of Accept(), because the deadline doesn't get cleared until they do. Of course, all this hinges on the hope that my suspicions in the middle of the night are correct and that kernels work the way I think they do in my head. Also minor enhancement to UsagePool where if a value errors upon construction (a very real possibility with listeners), it is removed from the pool. Not 100% sure the sync logic is correct there, or maybe we don't have to even put it in the pool until after construction, but it's subtle either way and I think this is safe... right? --- listeners.go | 305 +++++++++++++++++++++++---------------------------- usagepool.go | 9 +- 2 files changed, 146 insertions(+), 168 deletions(-) diff --git a/listeners.go b/listeners.go index e1edcd6c..5f02072b 100644 --- a/listeners.go +++ b/listeners.go @@ -16,7 +16,6 @@ package caddy import ( "fmt" - "log" "net" "strconv" "strings" @@ -26,124 +25,90 @@ import ( "time" ) -// Listen returns a listener suitable for use in a Caddy module. -// Always be sure to close listeners when you are done with them. +// Listen is like net.Listen, except Caddy's listeners can overlap +// each other: multiple listeners may be created on the same socket +// at the same time. This is useful because during config changes, +// the new config is started while the old config is still running. +// When Caddy listeners are closed, the closing logic is virtualized +// so the underlying socket isn't actually closed until all uses of +// the socket have been finished. Always be sure to close listeners +// when you are done with them, just like normal listeners. func Listen(network, addr string) (net.Listener, error) { lnKey := network + "/" + addr - listenersMu.Lock() - defer listenersMu.Unlock() - - // if listener already exists, increment usage counter, then return listener - if lnGlobal, ok := listeners[lnKey]; ok { - atomic.AddInt32(&lnGlobal.usage, 1) - return &fakeCloseListener{ - usage: &lnGlobal.usage, - deadline: &lnGlobal.deadline, - deadlineMu: &lnGlobal.deadlineMu, - key: lnKey, - Listener: lnGlobal.ln, - }, nil - } - - // or, create new one and save it - ln, err := net.Listen(network, addr) + sharedLn, _, err := listenerPool.LoadOrNew(lnKey, func() (Destructor, error) { + ln, err := net.Listen(network, addr) + if err != nil { + return nil, err + } + return &sharedListener{Listener: ln, key: lnKey}, nil + }) if err != nil { return nil, err } - // make sure to start its usage counter at 1 - lnGlobal := &globalListener{usage: 1, ln: ln} - listeners[lnKey] = lnGlobal - - return &fakeCloseListener{ - usage: &lnGlobal.usage, - deadline: &lnGlobal.deadline, - deadlineMu: &lnGlobal.deadlineMu, - key: lnKey, - Listener: ln, - }, nil + return &fakeCloseListener{sharedListener: sharedLn.(*sharedListener)}, nil } // ListenPacket returns a net.PacketConn suitable for use in a Caddy module. +// It is like Listen except for PacketConns. // Always be sure to close the PacketConn when you are done. func ListenPacket(network, addr string) (net.PacketConn, error) { lnKey := network + "/" + addr - listenersMu.Lock() - defer listenersMu.Unlock() - - // if listener already exists, increment usage counter, then return listener - if lnGlobal, ok := listeners[lnKey]; ok { - atomic.AddInt32(&lnGlobal.usage, 1) - log.Printf("[DEBUG] %s: Usage counter should not go above 2 or maybe 3, is now: %d", lnKey, atomic.LoadInt32(&lnGlobal.usage)) // TODO: remove - return &fakeClosePacketConn{usage: &lnGlobal.usage, key: lnKey, PacketConn: lnGlobal.pc}, nil - } - - // or, create new one and save it - pc, err := net.ListenPacket(network, addr) + sharedPc, _, err := listenerPool.LoadOrNew(lnKey, func() (Destructor, error) { + pc, err := net.ListenPacket(network, addr) + if err != nil { + return nil, err + } + return &sharedPacketConn{PacketConn: pc, key: lnKey}, nil + }) if err != nil { return nil, err } - // make sure to start its usage counter at 1 - lnGlobal := &globalListener{usage: 1, pc: pc} - listeners[lnKey] = lnGlobal - - return &fakeClosePacketConn{usage: &lnGlobal.usage, key: lnKey, PacketConn: pc}, nil + return &fakeClosePacketConn{sharedPacketConn: sharedPc.(*sharedPacketConn)}, nil } -// fakeCloseListener's Close() method is a no-op. This allows -// stopping servers that are using the listener without giving -// up the socket; thus, servers become hot-swappable while the -// listener remains running. Listeners should be re-wrapped in -// a new fakeCloseListener each time the listener is reused. -// Other than the 'closed' field (which pertains to this value -// only), the other fields in this struct should be pointers to -// the associated globalListener's struct fields (except 'key' -// which is there for read-only purposes, so it can be a copy). +// fakeCloseListener is a private wrapper over a listener that +// is shared. The state of fakeCloseListener is not shared. +// This allows one user of a socket to "close" the listener +// while in reality the socket stays open for other users of +// the listener. In this way, servers become hot-swappable +// while the listener remains running. Listeners should be +// re-wrapped in a new fakeCloseListener each time the listener +// is reused. This type is atomic and values must not be copied. type fakeCloseListener struct { - closed int32 // accessed atomically; belongs to this struct only - usage *int32 // accessed atomically; global - deadline *bool // protected by deadlineMu; global - deadlineMu *sync.Mutex // global - key string // global, but read-only, so can be copy - net.Listener // global + closed int32 // accessed atomically; belongs to this struct only + *sharedListener // embedded, so we also become a net.Listener } -// Accept accepts connections until Close() is called. func (fcl *fakeCloseListener) Accept() (net.Conn, error) { // if the listener is already "closed", return error if atomic.LoadInt32(&fcl.closed) == 1 { return nil, fcl.fakeClosedErr() } - // wrap underlying accept - conn, err := fcl.Listener.Accept() + // call underlying accept + conn, err := fcl.sharedListener.Accept() if err == nil { return conn, nil } - // accept returned with error - // TODO: This may be better as a condition variable so the deadline is cleared only once? - fcl.deadlineMu.Lock() - if *fcl.deadline { - switch ln := fcl.Listener.(type) { - case *net.TCPListener: - _ = ln.SetDeadline(time.Time{}) - case *net.UnixListener: - _ = ln.SetDeadline(time.Time{}) - } - *fcl.deadline = false - } - fcl.deadlineMu.Unlock() - + // since Accept() returned an error, it may be because our reference to + // the listener (this fakeCloseListener) may have been closed, i.e. the + // server is shutting down; in that case, we need to clear the deadline + // that we set when Close() was called, and return a non-temporary and + // non-timeout error value to the caller, masking the "true" error, so + // that server loops / goroutines won't retry, linger, and leak if atomic.LoadInt32(&fcl.closed) == 1 { - // if we canceled the Accept() by setting a deadline - // on the listener, we need to make sure any callers of - // Accept() think the listener was actually closed; - // if we return the timeout error instead, callers might - // simply retry, leaking goroutines for longer + // we dereference the sharedListener explicitly even though it's embedded + // so that it's clear in the code that side-effects are shared with other + // users of this listener, not just our own reference to it; we also don't + // do anything with the error because all we could do is log it, but we + // expliclty assign it to nothing so we don't forget it's there if needed + _ = fcl.sharedListener.clearDeadline() + if netErr, ok := err.(net.Error); ok && netErr.Timeout() { return nil, fcl.fakeClosedErr() } @@ -152,82 +117,54 @@ func (fcl *fakeCloseListener) Accept() (net.Conn, error) { return nil, err } -// Close stops accepting new connections without -// closing the underlying listener, unless no one -// else is using it. +// Close stops accepting new connections without closing the +// underlying listener. The underlying listener is only closed +// if the caller is the last known user of the socket. func (fcl *fakeCloseListener) Close() error { if atomic.CompareAndSwapInt32(&fcl.closed, 0, 1) { - // unfortunately, there is no way to cancel any - // currently-blocking calls to Accept() that are - // awaiting connections since we're not actually - // closing the listener; so we cheat by setting - // a deadline in the past, which forces it to - // time out; note that this only works for - // certain types of listeners... - fcl.deadlineMu.Lock() - if !*fcl.deadline { - switch ln := fcl.Listener.(type) { - case *net.TCPListener: - _ = ln.SetDeadline(time.Now().Add(-1 * time.Minute)) - case *net.UnixListener: - _ = ln.SetDeadline(time.Now().Add(-1 * time.Minute)) - } - *fcl.deadline = true - } - fcl.deadlineMu.Unlock() - - // since we're no longer using this listener, - // decrement the usage counter and, if no one - // else is using it, close underlying listener - if atomic.AddInt32(fcl.usage, -1) == 0 { - listenersMu.Lock() - delete(listeners, fcl.key) - listenersMu.Unlock() - err := fcl.Listener.Close() - if err != nil { - return err - } - } - + // There are two ways I know of to get an Accept() + // function to return to the server loop that called + // it: close the listener, or set a deadline in the + // past. Obviously, we can't close the socket yet + // since others may be using it (hence this whole + // file). But we can set the deadline in the past, + // and this is kind of cheating, but it works, and + // it apparently even works on Windows. + _ = fcl.sharedListener.setDeadline() + listenerPool.Delete(fcl.sharedListener.key) } - return nil } +// fakeClosedErr returns an error value that is not temporary +// nor a timeout, suitable for making the caller think the +// listener is actually closed func (fcl *fakeCloseListener) fakeClosedErr() error { return &net.OpError{ Op: "accept", - Net: fcl.Listener.Addr().Network(), - Addr: fcl.Listener.Addr(), + Net: fcl.Addr().Network(), + Addr: fcl.Addr(), Err: errFakeClosed, } } +// ErrFakeClosed is the underlying error value returned by +// fakeCloseListener.Accept() after Close() has been called, +// indicating that it is pretending to be closed so that the +// server using it can terminate, while the underlying +// socket is actually left open. +var errFakeClosed = fmt.Errorf("listener 'closed' 😉") + +// fakeClosePacketConn is like fakeCloseListener, but for PacketConns. type fakeClosePacketConn struct { - closed int32 // accessed atomically - usage *int32 // accessed atomically - key string - net.PacketConn + closed int32 // accessed atomically; belongs to this struct only + *sharedPacketConn // embedded, so we also become a net.PacketConn } func (fcpc *fakeClosePacketConn) Close() error { - log.Println("[DEBUG] Fake-closing underlying packet conn") // TODO: remove this - if atomic.CompareAndSwapInt32(&fcpc.closed, 0, 1) { - // since we're no longer using this listener, - // decrement the usage counter and, if no one - // else is using it, close underlying listener - if atomic.AddInt32(fcpc.usage, -1) == 0 { - listenersMu.Lock() - delete(listeners, fcpc.key) - listenersMu.Unlock() - err := fcpc.PacketConn.Close() - if err != nil { - return err - } - } + listenerPool.Delete(fcpc.sharedPacketConn.key) } - return nil } @@ -249,28 +186,64 @@ func (fcpc fakeClosePacketConn) SyscallConn() (syscall.RawConn, error) { return nil, fmt.Errorf("SyscallConn() not implemented for %T", fcpc.PacketConn) } -// ErrFakeClosed is the underlying error value returned by -// fakeCloseListener.Accept() after Close() has been called, -// indicating that it is pretending to be closed so that the -// server using it can terminate, while the underlying -// socket is actually left open. -var errFakeClosed = fmt.Errorf("listener 'closed' 😉") - -// globalListener keeps global state for a listener -// that may be shared by multiple servers. In other -// words, values in this struct exist only once and -// all other uses of these values point to the ones -// in this struct. In particular, the usage count -// (how many callers are using the listener), the -// actual listener, and synchronization of the -// listener's deadline changes are singular, global -// values that must not be copied. -type globalListener struct { - usage int32 // accessed atomically - deadline bool +// sharedListener is a wrapper over an underlying listener. The listener +// and the other fields on the struct are shared state that is synchronized, +// so sharedListener structs must never be copied (always use a pointer). +type sharedListener struct { + net.Listener + key string // uniquely identifies this listener + deadline bool // whether a deadline is currently set deadlineMu sync.Mutex - ln net.Listener - pc net.PacketConn +} + +func (sl *sharedListener) clearDeadline() error { + var err error + sl.deadlineMu.Lock() + if sl.deadline { + switch ln := sl.Listener.(type) { + case *net.TCPListener: + err = ln.SetDeadline(time.Time{}) + case *net.UnixListener: + err = ln.SetDeadline(time.Time{}) + } + sl.deadline = false + } + sl.deadlineMu.Unlock() + return err +} + +func (sl *sharedListener) setDeadline() error { + timeInPast := time.Now().Add(-1 * time.Minute) + var err error + sl.deadlineMu.Lock() + if !sl.deadline { + switch ln := sl.Listener.(type) { + case *net.TCPListener: + err = ln.SetDeadline(timeInPast) + case *net.UnixListener: + err = ln.SetDeadline(timeInPast) + } + sl.deadline = true + } + sl.deadlineMu.Unlock() + return err +} + +// Destruct is called by the UsagePool when the listener is +// finally not being used anymore. It closes the socket. +func (sl *sharedListener) Destruct() error { + return sl.Listener.Close() +} + +// sharedPacketConn is like sharedListener, but for net.PacketConns. +type sharedPacketConn struct { + net.PacketConn + key string +} + +// Destruct closes the underlying socket. +func (spc *sharedPacketConn) Destruct() error { + return spc.PacketConn.Close() } // NetworkAddress contains the individual components @@ -445,10 +418,8 @@ type ListenerWrapper interface { WrapListener(net.Listener) net.Listener } -var ( - listeners = make(map[string]*globalListener) - listenersMu sync.Mutex -) +// listenerPool stores and allows reuse of active listeners. +var listenerPool = NewUsagePool() const maxPortSpan = 65535 diff --git a/usagepool.go b/usagepool.go index 6fd48f5b..96ed0f0e 100644 --- a/usagepool.go +++ b/usagepool.go @@ -94,8 +94,15 @@ func (up *UsagePool) LoadOrNew(key interface{}, construct Constructor) (value in if err == nil { upv.value = value } else { - // TODO: remove error'ed entries from map upv.err = err + up.Lock() + // this *should* be safe, I think, because we have a + // write lock on upv, but we might also need to ensure + // that upv.err is nil before doing this, since we + // released the write lock on up during construct... + // but then again it's also after midnight... + delete(up.pool, key) + up.Unlock() } upv.Unlock() } From af1ac9cd2ecf95deabb194095cf5c5e66ee2fe86 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 10 Jan 2022 23:27:39 -0700 Subject: [PATCH 0535/1498] Fix lint warnings --- listeners.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/listeners.go b/listeners.go index 5f02072b..15ffbbee 100644 --- a/listeners.go +++ b/listeners.go @@ -131,7 +131,7 @@ func (fcl *fakeCloseListener) Close() error { // and this is kind of cheating, but it works, and // it apparently even works on Windows. _ = fcl.sharedListener.setDeadline() - listenerPool.Delete(fcl.sharedListener.key) + _, _ = listenerPool.Delete(fcl.sharedListener.key) } return nil } @@ -163,7 +163,7 @@ type fakeClosePacketConn struct { func (fcpc *fakeClosePacketConn) Close() error { if atomic.CompareAndSwapInt32(&fcpc.closed, 0, 1) { - listenerPool.Delete(fcpc.sharedPacketConn.key) + _, _ = listenerPool.Delete(fcpc.sharedPacketConn.key) } return nil } From 850e1605df140a0b52d7bd4c3a1c3567a67699e1 Mon Sep 17 00:00:00 2001 From: rayjlinden <42587610+rayjlinden@users.noreply.github.com> Date: Wed, 12 Jan 2022 13:24:22 -0800 Subject: [PATCH 0536/1498] caddyhttp: Return HTTP 421 for mismatched Host header (#4023) Potential fix for #4017 although the consensus is unclear. Made change to return status code 421 instead of 403 when StrictSNIHost matching is on. --- modules/caddyhttp/server.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index 98fd9621..e302c362 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -302,7 +302,7 @@ func (s *Server) enforcementHandler(w http.ResponseWriter, r *http.Request, next err := fmt.Errorf("strict host matching: TLS ServerName (%s) and HTTP Host (%s) values differ", r.TLS.ServerName, hostname) r.Close = true - return Error(http.StatusForbidden, err) + return Error(http.StatusMisdirectedRequest, err) } } return next.ServeHTTP(w, r) From 66de438a98989135dc1e4ce5aeb0c4bc98af8049 Mon Sep 17 00:00:00 2001 From: GallopingKylin <16204390+GallopingKylin@users.noreply.github.com> Date: Thu, 13 Jan 2022 08:56:18 -0800 Subject: [PATCH 0537/1498] caddytls: Fix `MatchRemoteIP` provisoning with multiple CIDR ranges (#4522) --- modules/caddytls/matchers.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/caddytls/matchers.go b/modules/caddytls/matchers.go index aee0e726..d41492ff 100644 --- a/modules/caddytls/matchers.go +++ b/modules/caddytls/matchers.go @@ -86,14 +86,14 @@ func (m *MatchRemoteIP) Provision(ctx caddy.Context) error { if err != nil { return err } - m.cidrs = cidrs + m.cidrs = append(m.cidrs, cidrs...) } for _, str := range m.NotRanges { cidrs, err := m.parseIPRange(str) if err != nil { return err } - m.notCidrs = cidrs + m.notCidrs = append(m.notCidrs, cidrs...) } return nil } From 1feb65952acd814f9abcfb8e38f727f4e49e9e68 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Thu, 13 Jan 2022 12:17:15 -0500 Subject: [PATCH 0538/1498] rewrite: Fix a double-encode issue when using the `{uri}` placeholder (#4516) --- modules/caddyhttp/rewrite/rewrite.go | 13 +++++++++++++ modules/caddyhttp/rewrite/rewrite_test.go | 15 +++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/modules/caddyhttp/rewrite/rewrite.go b/modules/caddyhttp/rewrite/rewrite.go index fbf655ca..cd340e35 100644 --- a/modules/caddyhttp/rewrite/rewrite.go +++ b/modules/caddyhttp/rewrite/rewrite.go @@ -168,7 +168,20 @@ func (rewr Rewrite) rewrite(r *http.Request, repl *caddy.Replacer, logger *zap.L // in a temporary variable so that they all read the // same version of the URI var newPath, newQuery, newFrag string + if path != "" { + // Since the 'uri' placeholder performs a URL-encode, + // we need to intercept it so that it doesn't, because + // otherwise we risk a double-encode of the path. + uriPlaceholder := "{http.request.uri}" + if strings.Contains(path, uriPlaceholder) { + tmpUri := r.URL.Path + if r.URL.RawQuery != "" { + tmpUri += "?" + r.URL.RawQuery + } + path = strings.ReplaceAll(path, uriPlaceholder, tmpUri) + } + newPath = repl.ReplaceAll(path, "") } diff --git a/modules/caddyhttp/rewrite/rewrite_test.go b/modules/caddyhttp/rewrite/rewrite_test.go index 4d595e29..38d96fe9 100644 --- a/modules/caddyhttp/rewrite/rewrite_test.go +++ b/modules/caddyhttp/rewrite/rewrite_test.go @@ -189,6 +189,21 @@ func TestRewrite(t *testing.T) { input: newRequest(t, "GET", "/foo/?a=b"), expect: newRequest(t, "GET", "/foo/bar?c=d"), }, + { + rule: Rewrite{URI: "/i{http.request.uri}"}, + input: newRequest(t, "GET", "/%C2%B7%E2%88%B5.png"), + expect: newRequest(t, "GET", "/i/%C2%B7%E2%88%B5.png"), + }, + { + rule: Rewrite{URI: "/i{http.request.uri}"}, + input: newRequest(t, "GET", "/·∵.png?a=b"), + expect: newRequest(t, "GET", "/i/%C2%B7%E2%88%B5.png?a=b"), + }, + { + rule: Rewrite{URI: "/i{http.request.uri}"}, + input: newRequest(t, "GET", "/%C2%B7%E2%88%B5.png?a=b"), + expect: newRequest(t, "GET", "/i/%C2%B7%E2%88%B5.png?a=b"), + }, { rule: Rewrite{StripPathPrefix: "/prefix"}, From 1a7a78a1f27bdf58e9921cc636375385840a2dc5 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Sun, 16 Jan 2022 17:30:07 -0700 Subject: [PATCH 0539/1498] cmd: Print error if fmt overwrite fails (fix #4524) --- cmd/commandfuncs.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go index bc62f281..ec56ab9c 100644 --- a/cmd/commandfuncs.go +++ b/cmd/commandfuncs.go @@ -567,7 +567,7 @@ func cmdFmt(fl Flags) (int, error) { if fl.Bool("overwrite") { if err := os.WriteFile(formatCmdConfigFile, output, 0600); err != nil { - return caddy.ExitCodeFailedStartup, nil + return caddy.ExitCodeFailedStartup, fmt.Errorf("overwriting formatted file: %v", err) } } else { fmt.Print(string(output)) From 93a7a45e7e1ca64dc0103af55ab2a0a4b9c6c84f Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 18 Jan 2022 13:27:43 -0500 Subject: [PATCH 0540/1498] httpcaddyfile: Fix incorrect handling of IPv6 bind addresses (#4532) The `net.JoinHostPort()` function has some naiive logic for handling IPv6, it just checks if the host part has a `:` and if so it wraps the host part with `[ ]` but this causes our network type prefix to get wrapped as well, which is invalid for `caddy.NetworkAddress`. Instead, we can just concatenate the host and port manually here to avoid this side-effect. --- caddyconfig/httpcaddyfile/addresses.go | 2 +- .../integration/caddyfile_adapt/bind_ipv6.txt | 29 +++++++++++++++++++ 2 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 caddytest/integration/caddyfile_adapt/bind_ipv6.txt diff --git a/caddyconfig/httpcaddyfile/addresses.go b/caddyconfig/httpcaddyfile/addresses.go index a4f07ae6..e2e77719 100644 --- a/caddyconfig/httpcaddyfile/addresses.go +++ b/caddyconfig/httpcaddyfile/addresses.go @@ -223,7 +223,7 @@ func (st *ServerType) listenerAddrsForServerBlockKey(sblock serverBlock, key str if err == nil && addr.IsUnixNetwork() { listeners[host] = struct{}{} } else { - listeners[net.JoinHostPort(host, lnPort)] = struct{}{} + listeners[host+":"+lnPort] = struct{}{} } } diff --git a/caddytest/integration/caddyfile_adapt/bind_ipv6.txt b/caddytest/integration/caddyfile_adapt/bind_ipv6.txt new file mode 100644 index 00000000..d9d9bec6 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/bind_ipv6.txt @@ -0,0 +1,29 @@ +example.com { + bind tcp6/[::] +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + "tcp6/[::]:443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "example.com" + ] + } + ], + "terminal": true + } + ] + } + } + } + } +} \ No newline at end of file From 1b7ff5d76c7a3c67b6e0f9b51af78d1b227fdea3 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 18 Jan 2022 13:29:07 -0500 Subject: [PATCH 0541/1498] httpcaddyfile: Add `default_bind` global option (#4531) --- caddyconfig/httpcaddyfile/addresses.go | 6 ++- caddyconfig/httpcaddyfile/options.go | 1 + .../global_options_default_bind.txt | 52 +++++++++++++++++++ 3 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 caddytest/integration/caddyfile_adapt/global_options_default_bind.txt diff --git a/caddyconfig/httpcaddyfile/addresses.go b/caddyconfig/httpcaddyfile/addresses.go index e2e77719..b33c0f05 100644 --- a/caddyconfig/httpcaddyfile/addresses.go +++ b/caddyconfig/httpcaddyfile/addresses.go @@ -213,7 +213,11 @@ func (st *ServerType) listenerAddrsForServerBlockKey(sblock serverBlock, key str lnHosts = append(lnHosts, cfgVal.Value.([]string)...) } if len(lnHosts) == 0 { - lnHosts = []string{""} + if defaultBind, ok := options["default_bind"].(string); ok { + lnHosts = []string{defaultBind} + } else { + lnHosts = []string{""} + } } // use a map to prevent duplication diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go index 91709cc0..016d0dfb 100644 --- a/caddyconfig/httpcaddyfile/options.go +++ b/caddyconfig/httpcaddyfile/options.go @@ -29,6 +29,7 @@ func init() { RegisterGlobalOption("debug", parseOptTrue) RegisterGlobalOption("http_port", parseOptHTTPPort) RegisterGlobalOption("https_port", parseOptHTTPSPort) + RegisterGlobalOption("default_bind", parseOptSingleString) RegisterGlobalOption("grace_period", parseOptDuration) RegisterGlobalOption("default_sni", parseOptSingleString) RegisterGlobalOption("order", parseOptOrder) diff --git a/caddytest/integration/caddyfile_adapt/global_options_default_bind.txt b/caddytest/integration/caddyfile_adapt/global_options_default_bind.txt new file mode 100644 index 00000000..c34186ee --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/global_options_default_bind.txt @@ -0,0 +1,52 @@ +{ + default_bind tcp4/0.0.0.0 +} + +example.com { +} + +example.org:12345 { +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + "tcp4/0.0.0.0:12345" + ], + "routes": [ + { + "match": [ + { + "host": [ + "example.org" + ] + } + ], + "terminal": true + } + ] + }, + "srv1": { + "listen": [ + "tcp4/0.0.0.0:443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "example.com" + ] + } + ], + "terminal": true + } + ] + } + } + } + } +} \ No newline at end of file From 6e6ce2be6be004f592978d9f020f0185b40af1a7 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 18 Jan 2022 13:56:00 -0500 Subject: [PATCH 0542/1498] caddyhttp: Fix HTTP->HTTPS redir not preferring HTTPS port if ambiguous (#4530) --- modules/caddyhttp/autohttps.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/caddyhttp/autohttps.go b/modules/caddyhttp/autohttps.go index da4428db..6c37d702 100644 --- a/modules/caddyhttp/autohttps.go +++ b/modules/caddyhttp/autohttps.go @@ -232,7 +232,7 @@ func (app *App) automaticHTTPSPhase1(ctx caddy.Context, repl *caddy.Replacer) er // port, we'll have to choose one, so prefer the HTTPS port if _, ok := redirDomains[d]; !ok || addr.StartPort == uint(app.httpsPort()) { - redirDomains[d] = append(redirDomains[d], addr) + redirDomains[d] = []caddy.NetworkAddress{addr} } } } From bcb7a19cd3fbc680a017bc2f5aafa71ff77e87e3 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 18 Jan 2022 14:17:35 -0500 Subject: [PATCH 0543/1498] rewrite: Add `method` Caddyfile directive (#4528) --- caddyconfig/httpcaddyfile/directives.go | 3 ++- .../caddyfile_adapt/method_directive.txt | 27 +++++++++++++++++++ modules/caddyhttp/rewrite/caddyfile.go | 19 +++++++++++++ 3 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 caddytest/integration/caddyfile_adapt/method_directive.txt diff --git a/caddyconfig/httpcaddyfile/directives.go b/caddyconfig/httpcaddyfile/directives.go index 8d895dd9..feb8e91a 100644 --- a/caddyconfig/httpcaddyfile/directives.go +++ b/caddyconfig/httpcaddyfile/directives.go @@ -45,7 +45,8 @@ var directiveOrder = []string{ "redir", - // URI manipulation + // incoming request manipulation + "method", "rewrite", "uri", "try_files", diff --git a/caddytest/integration/caddyfile_adapt/method_directive.txt b/caddytest/integration/caddyfile_adapt/method_directive.txt new file mode 100644 index 00000000..786df90c --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/method_directive.txt @@ -0,0 +1,27 @@ +:8080 { + method FOO +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":8080" + ], + "routes": [ + { + "handle": [ + { + "handler": "rewrite", + "method": "FOO" + } + ] + } + ] + } + } + } + } +} \ No newline at end of file diff --git a/modules/caddyhttp/rewrite/caddyfile.go b/modules/caddyhttp/rewrite/caddyfile.go index 9621af14..15abbfa7 100644 --- a/modules/caddyhttp/rewrite/caddyfile.go +++ b/modules/caddyhttp/rewrite/caddyfile.go @@ -27,6 +27,7 @@ import ( func init() { httpcaddyfile.RegisterHandlerDirective("rewrite", parseCaddyfileRewrite) + httpcaddyfile.RegisterHandlerDirective("method", parseCaddyfileMethod) httpcaddyfile.RegisterHandlerDirective("uri", parseCaddyfileURI) httpcaddyfile.RegisterDirective("handle_path", parseCaddyfileHandlePath) } @@ -51,6 +52,24 @@ func parseCaddyfileRewrite(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, return rewr, nil } +// parseCaddyfileMethod sets up a basic method rewrite handler from Caddyfile tokens. Syntax: +// +// method [] +// +func parseCaddyfileMethod(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) { + var rewr Rewrite + for h.Next() { + if !h.NextArg() { + return nil, h.ArgErr() + } + rewr.Method = h.Val() + if h.NextArg() { + return nil, h.ArgErr() + } + } + return rewr, nil +} + // parseCaddyfileURI sets up a handler for manipulating (but not "rewriting") the // URI from Caddyfile tokens. Syntax: // From 5a0715689444537cf2c41e3362468b97f31493b6 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 18 Jan 2022 14:18:31 -0500 Subject: [PATCH 0544/1498] httpcaddyfile: Add pki app `root` and `intermediate` cert/key config (#4514) --- caddyconfig/httpcaddyfile/pkiapp.go | 68 +++++++++++++++++++ .../global_options_skip_install_trust.txt | 22 +++++- 2 files changed, 89 insertions(+), 1 deletion(-) diff --git a/caddyconfig/httpcaddyfile/pkiapp.go b/caddyconfig/httpcaddyfile/pkiapp.go index b1aac75f..9feb4335 100644 --- a/caddyconfig/httpcaddyfile/pkiapp.go +++ b/caddyconfig/httpcaddyfile/pkiapp.go @@ -31,6 +31,16 @@ func init() { // name // root_cn // intermediate_cn +// root { +// cert +// key +// format +// } +// intermediate { +// cert +// key +// format +// } // } // } // @@ -74,6 +84,64 @@ func parsePKIApp(d *caddyfile.Dispenser, existingVal interface{}) (interface{}, } pkiCa.IntermediateCommonName = d.Val() + case "root": + if pkiCa.Root == nil { + pkiCa.Root = new(caddypki.KeyPair) + } + for nesting := d.Nesting(); d.NextBlock(nesting); { + switch d.Val() { + case "cert": + if !d.NextArg() { + return nil, d.ArgErr() + } + pkiCa.Root.Certificate = d.Val() + + case "key": + if !d.NextArg() { + return nil, d.ArgErr() + } + pkiCa.Root.PrivateKey = d.Val() + + case "format": + if !d.NextArg() { + return nil, d.ArgErr() + } + pkiCa.Root.Format = d.Val() + + default: + return nil, d.Errf("unrecognized pki ca root option '%s'", d.Val()) + } + } + + case "intermediate": + if pkiCa.Intermediate == nil { + pkiCa.Intermediate = new(caddypki.KeyPair) + } + for nesting := d.Nesting(); d.NextBlock(nesting); { + switch d.Val() { + case "cert": + if !d.NextArg() { + return nil, d.ArgErr() + } + pkiCa.Intermediate.Certificate = d.Val() + + case "key": + if !d.NextArg() { + return nil, d.ArgErr() + } + pkiCa.Intermediate.PrivateKey = d.Val() + + case "format": + if !d.NextArg() { + return nil, d.ArgErr() + } + pkiCa.Intermediate.Format = d.Val() + + default: + return nil, d.Errf("unrecognized pki ca intermediate option '%s'", d.Val()) + } + } + default: return nil, d.Errf("unrecognized pki ca option '%s'", d.Val()) } diff --git a/caddytest/integration/caddyfile_adapt/global_options_skip_install_trust.txt b/caddytest/integration/caddyfile_adapt/global_options_skip_install_trust.txt index 39c118ff..8116a4b3 100644 --- a/caddytest/integration/caddyfile_adapt/global_options_skip_install_trust.txt +++ b/caddytest/integration/caddyfile_adapt/global_options_skip_install_trust.txt @@ -5,6 +5,16 @@ name "Local" root_cn "Custom Local Root Name" intermediate_cn "Custom Local Intermediate Name" + root { + cert /path/to/cert.pem + key /path/to/key.pem + format pem_file + } + intermediate { + cert /path/to/cert.pem + key /path/to/key.pem + format pem_file + } } ca foo { name "Foo" @@ -118,7 +128,17 @@ acme-bar.example.com { "name": "Local", "root_common_name": "Custom Local Root Name", "intermediate_common_name": "Custom Local Intermediate Name", - "install_trust": false + "install_trust": false, + "root": { + "certificate": "/path/to/cert.pem", + "private_key": "/path/to/key.pem", + "format": "pem_file" + }, + "intermediate": { + "certificate": "/path/to/cert.pem", + "private_key": "/path/to/key.pem", + "format": "pem_file" + } } } }, From a79b4055e56dc4e2f2caaae9aea555d1be471948 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 18 Jan 2022 14:19:50 -0500 Subject: [PATCH 0545/1498] caddytls: Add internal Caddyfile `lifetime`, `sign_with_root` opts (#4513) --- .../caddyfile_adapt/tls_internal_options.txt | 54 +++++++++++++++++++ modules/caddytls/internalissuer.go | 21 +++++++- 2 files changed, 74 insertions(+), 1 deletion(-) create mode 100644 caddytest/integration/caddyfile_adapt/tls_internal_options.txt diff --git a/caddytest/integration/caddyfile_adapt/tls_internal_options.txt b/caddytest/integration/caddyfile_adapt/tls_internal_options.txt new file mode 100644 index 00000000..7298a370 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/tls_internal_options.txt @@ -0,0 +1,54 @@ +a.example.com { + tls { + issuer internal { + ca foo + lifetime 24h + sign_with_root + } + } +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "a.example.com" + ] + } + ], + "terminal": true + } + ] + } + } + }, + "tls": { + "automation": { + "policies": [ + { + "subjects": [ + "a.example.com" + ], + "issuers": [ + { + "ca": "foo", + "lifetime": 86400000000000, + "module": "internal", + "sign_with_root": true + } + ] + } + ] + } + } + } +} \ No newline at end of file diff --git a/modules/caddytls/internalissuer.go b/modules/caddytls/internalissuer.go index 5de3af56..ba6055ed 100644 --- a/modules/caddytls/internalissuer.go +++ b/modules/caddytls/internalissuer.go @@ -149,7 +149,9 @@ func (iss InternalIssuer) Issue(ctx context.Context, csr *x509.CertificateReques // UnmarshalCaddyfile deserializes Caddyfile tokens into iss. // // ... internal { -// ca +// ca +// lifetime +// sign_with_root // } // func (iss *InternalIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { @@ -160,6 +162,23 @@ func (iss *InternalIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { if !d.AllArgs(&iss.CA) { return d.ArgErr() } + + case "lifetime": + if !d.NextArg() { + return d.ArgErr() + } + dur, err := caddy.ParseDuration(d.Val()) + if err != nil { + return err + } + iss.Lifetime = caddy.Duration(dur) + + case "sign_with_root": + if d.NextArg() { + return d.ArgErr() + } + iss.SignWithRoot = true + } } } From b3f7ce34b4209c13186c8c9626ffb9316fb5603a Mon Sep 17 00:00:00 2001 From: Forest Johnson Date: Wed, 19 Jan 2022 19:26:44 +0000 Subject: [PATCH 0546/1498] More explanatory error message from Listen (#4534) * explain cryptic unix socket listener error related to process kill https://github.com/caddyserver/caddy/pull/4533 * less ambiguous wording: clean up -> delete * shorten error message explanation * link back to pull request in comment for later archeaology --- listeners.go | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/listeners.go b/listeners.go index 15ffbbee..c23ff783 100644 --- a/listeners.go +++ b/listeners.go @@ -17,6 +17,7 @@ package caddy import ( "fmt" "net" + "os" "strconv" "strings" "sync" @@ -39,6 +40,10 @@ func Listen(network, addr string) (net.Listener, error) { sharedLn, _, err := listenerPool.LoadOrNew(lnKey, func() (Destructor, error) { ln, err := net.Listen(network, addr) if err != nil { + // https://github.com/caddyserver/caddy/pull/4534 + if isUnixNetwork(network) && isListenBindAddressAlreadyInUseError(err) { + return nil, fmt.Errorf("%w: this can happen if Caddy was forcefully killed", err) + } return nil, err } return &sharedListener{Listener: ln, key: lnKey}, nil @@ -59,6 +64,10 @@ func ListenPacket(network, addr string) (net.PacketConn, error) { sharedPc, _, err := listenerPool.LoadOrNew(lnKey, func() (Destructor, error) { pc, err := net.ListenPacket(network, addr) if err != nil { + // https://github.com/caddyserver/caddy/pull/4534 + if isUnixNetwork(network) && isListenBindAddressAlreadyInUseError(err) { + return nil, fmt.Errorf("%w: this can happen if Caddy was forcefully killed", err) + } return nil, err } return &sharedPacketConn{PacketConn: pc, key: lnKey}, nil @@ -322,6 +331,20 @@ func isUnixNetwork(netw string) bool { return netw == "unix" || netw == "unixgram" || netw == "unixpacket" } +func isListenBindAddressAlreadyInUseError(err error) bool { + switch networkOperationError := err.(type) { + case *net.OpError: + switch syscallError := networkOperationError.Err.(type) { + case *os.SyscallError: + if syscallError.Syscall == "bind" { + return true + } + } + } + + return false +} + // ParseNetworkAddress parses addr into its individual // components. The input string is expected to be of // the form "network/host:port-range" where any part is From 94035c1797015eef281cac0c0911ede2fbb4ca71 Mon Sep 17 00:00:00 2001 From: Vojtech Vitek Date: Wed, 19 Jan 2022 20:51:46 +0100 Subject: [PATCH 0547/1498] Improve the reverse-proxy CLI --to flag help message (#4535) --- modules/caddyhttp/reverseproxy/command.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/caddyhttp/reverseproxy/command.go b/modules/caddyhttp/reverseproxy/command.go index 24d38c38..9bbc681f 100644 --- a/modules/caddyhttp/reverseproxy/command.go +++ b/modules/caddyhttp/reverseproxy/command.go @@ -57,7 +57,7 @@ default, all incoming headers are passed through unmodified.) Flags: func() *flag.FlagSet { fs := flag.NewFlagSet("reverse-proxy", flag.ExitOnError) fs.String("from", "localhost", "Address on which to receive traffic") - fs.String("to", "", "Upstream address to which to to proxy traffic") + fs.String("to", "", "Upstream address to which traffic should be sent") fs.Bool("change-host-header", false, "Set upstream Host header to address of upstream") fs.Bool("insecure", false, "Disable TLS verification (WARNING: DISABLES SECURITY BY NOT VERIFYING SSL CERTIFICATES!)") return fs From bf380d00ab62ccedcf5d7f32125bfbd4dd636d01 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Wed, 19 Jan 2022 13:44:09 -0700 Subject: [PATCH 0548/1498] caddyhttp: Reject absurd methods (#4538) * caddyhttp: Reject absurdly long methods * Limit method to 32 chars and truncate * Just reject the request and debug-log it * Log remote address --- modules/caddyhttp/server.go | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index e302c362..964b2a46 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -150,6 +150,17 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { } } + // reject very long methods; probably a mistake or an attack + if len(r.Method) > 32 { + if s.shouldLogRequest(r) { + s.accessLogger.Debug("rejecting request with long method", + zap.String("method_trunc", r.Method[:32]), + zap.String("remote_addr", r.RemoteAddr)) + } + w.WriteHeader(http.StatusMethodNotAllowed) + return + } + repl := caddy.NewReplacer() r = PrepareRequest(r, repl, w, s) From 44e5e9e43f3583f04613bbbb1996e9b5a13a60ac Mon Sep 17 00:00:00 2001 From: Kevin Daudt Date: Mon, 24 Jan 2022 22:41:08 +0100 Subject: [PATCH 0549/1498] caddyhttp: Fix test when /tmp/etc already exists (#4544) The TestFileListing test in tplcontext_test has one test that verifies if directory traversal is not happening. The context root is set to '/tmp' and then it tries to open '../../../../../etc', which gets normalized to '/tmp/etc'. The test then expects an error to be returned, assuming that '/tmp/etc' does not exist on the system. When it does exist, it results in a test failure: ``` --- FAIL: TestFileListing (0.00s) tplcontext_test.go:422: Test 4: Expected error but had none FAIL FAIL github.com/caddyserver/caddy/v2/modules/caddyhttp/templates 0.042s ``` Instead of using '/tmp' as root, use a dedicated directory created with `os.MkdirTemp()` instead. That way, we know that the directory is empty. --- modules/caddyhttp/templates/tplcontext_test.go | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/modules/caddyhttp/templates/tplcontext_test.go b/modules/caddyhttp/templates/tplcontext_test.go index bd049751..61fc80c6 100644 --- a/modules/caddyhttp/templates/tplcontext_test.go +++ b/modules/caddyhttp/templates/tplcontext_test.go @@ -608,6 +608,9 @@ title = "Welcome" func getContextOrFail(t *testing.T) TemplateContext { tplContext, err := initTestContext() + t.Cleanup(func() { + os.RemoveAll(string(tplContext.Root.(http.Dir))) + }) if err != nil { t.Fatalf("failed to prepare test context: %v", err) } @@ -620,8 +623,12 @@ func initTestContext() (TemplateContext, error) { if err != nil { return TemplateContext{}, err } + tmpDir, err := os.MkdirTemp(os.TempDir(), "caddy") + if err != nil { + return TemplateContext{}, err + } return TemplateContext{ - Root: http.Dir(os.TempDir()), + Root: http.Dir(tmpDir), Req: request, RespHeader: WrappedHeader{make(http.Header)}, }, nil From eb891d46831252c5329218bfbb606727685fea72 Mon Sep 17 00:00:00 2001 From: Dave Henderson Date: Sat, 22 Jan 2022 19:08:57 -0500 Subject: [PATCH 0550/1498] metrics: Enforce smaller set of method labels Signed-off-by: Dave Henderson --- metrics.go | 27 +++++++++++++++++++++++++-- modules/caddyhttp/metrics.go | 27 +++++++++++++++++++++++++-- modules/caddyhttp/metrics_test.go | 23 +++++++++++++++++++++++ 3 files changed, 73 insertions(+), 4 deletions(-) diff --git a/metrics.go b/metrics.go index ab9d7978..9a56f733 100644 --- a/metrics.go +++ b/metrics.go @@ -3,7 +3,6 @@ package caddy import ( "net/http" "strconv" - "strings" "github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus/collectors" @@ -47,7 +46,7 @@ func instrumentHandlerCounter(counter *prometheus.CounterVec, next http.Handler) next.ServeHTTP(d, r) counter.With(prometheus.Labels{ "code": sanitizeCode(d.status), - "method": strings.ToUpper(r.Method), + "method": sanitizeMethod(r.Method), }).Inc() }) } @@ -76,3 +75,27 @@ func sanitizeCode(s int) string { return strconv.Itoa(s) } } + +// Only support the list of "regular" HTTP methods, see +// https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods +var methodMap = map[string]string{ + "GET": http.MethodGet, "get": http.MethodGet, + "HEAD": http.MethodHead, "head": http.MethodHead, + "PUT": http.MethodPut, "put": http.MethodPut, + "POST": http.MethodPost, "post": http.MethodPost, + "DELETE": http.MethodDelete, "delete": http.MethodDelete, + "CONNECT": http.MethodConnect, "connect": http.MethodConnect, + "OPTIONS": http.MethodOptions, "options": http.MethodOptions, + "TRACE": http.MethodTrace, "trace": http.MethodTrace, + "PATCH": http.MethodPatch, "patch": http.MethodPatch, +} + +// sanitizeMethod sanitizes the method for use as a metric label. This helps +// prevent high cardinality on the method label. The name is always upper case. +func sanitizeMethod(m string) string { + if m, ok := methodMap[m]; ok { + return m + } + + return "other" +} diff --git a/modules/caddyhttp/metrics.go b/modules/caddyhttp/metrics.go index 3e5d6396..8aa91846 100644 --- a/modules/caddyhttp/metrics.go +++ b/modules/caddyhttp/metrics.go @@ -4,7 +4,6 @@ import ( "context" "net/http" "strconv" - "strings" "sync" "time" @@ -109,7 +108,7 @@ func newMetricsInstrumentedHandler(handler string, mh MiddlewareHandler) *metric func (h *metricsInstrumentedHandler) ServeHTTP(w http.ResponseWriter, r *http.Request, next Handler) error { server := serverNameFromContext(r.Context()) labels := prometheus.Labels{"server": server, "handler": h.handler} - method := strings.ToUpper(r.Method) + method := sanitizeMethod(r.Method) // the "code" value is set later, but initialized here to eliminate the possibility // of a panic statusLabels := prometheus.Labels{"server": server, "handler": h.handler, "method": method, "code": ""} @@ -160,6 +159,30 @@ func sanitizeCode(code int) string { return strconv.Itoa(code) } +// Only support the list of "regular" HTTP methods, see +// https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods +var methodMap = map[string]string{ + "GET": http.MethodGet, "get": http.MethodGet, + "HEAD": http.MethodHead, "head": http.MethodHead, + "PUT": http.MethodPut, "put": http.MethodPut, + "POST": http.MethodPost, "post": http.MethodPost, + "DELETE": http.MethodDelete, "delete": http.MethodDelete, + "CONNECT": http.MethodConnect, "connect": http.MethodConnect, + "OPTIONS": http.MethodOptions, "options": http.MethodOptions, + "TRACE": http.MethodTrace, "trace": http.MethodTrace, + "PATCH": http.MethodPatch, "patch": http.MethodPatch, +} + +// sanitizeMethod sanitizes the method for use as a metric label. This helps +// prevent high cardinality on the method label. The name is always upper case. +func sanitizeMethod(m string) string { + if m, ok := methodMap[m]; ok { + return m + } + + return "other" +} + // taken from https://github.com/prometheus/client_golang/blob/6007b2b5cae01203111de55f753e76d8dac1f529/prometheus/promhttp/instrument_server.go#L298 func computeApproximateRequestSize(r *http.Request) int { s := 0 diff --git a/modules/caddyhttp/metrics_test.go b/modules/caddyhttp/metrics_test.go index 6311935a..78e380b6 100644 --- a/modules/caddyhttp/metrics_test.go +++ b/modules/caddyhttp/metrics_test.go @@ -5,6 +5,7 @@ import ( "errors" "net/http" "net/http/httptest" + "strings" "testing" "github.com/prometheus/client_golang/prometheus/testutil" @@ -82,3 +83,25 @@ type middlewareHandlerFunc func(http.ResponseWriter, *http.Request, Handler) err func (f middlewareHandlerFunc) ServeHTTP(w http.ResponseWriter, r *http.Request, h Handler) error { return f(w, r, h) } + +func TestSanitizeMethod(t *testing.T) { + tests := []struct { + method string + expected string + }{ + {method: "get", expected: "GET"}, + {method: "POST", expected: "POST"}, + {method: "OPTIONS", expected: "OPTIONS"}, + {method: "connect", expected: "CONNECT"}, + {method: "trace", expected: "TRACE"}, + {method: "UNKNOWN", expected: "other"}, + {method: strings.Repeat("ohno", 9999), expected: "other"}, + } + + for _, d := range tests { + actual := sanitizeMethod(d.method) + if actual != d.expected { + t.Errorf("Not same: expected %#v, but got %#v", d.expected, actual) + } + } +} From 042abeb431c55a12cc101efdb75b1c1b67340cb4 Mon Sep 17 00:00:00 2001 From: Dave Henderson Date: Sat, 22 Jan 2022 19:30:16 -0500 Subject: [PATCH 0551/1498] other is not uppercase Signed-off-by: Dave Henderson --- metrics.go | 2 +- modules/caddyhttp/metrics.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/metrics.go b/metrics.go index 9a56f733..8a502601 100644 --- a/metrics.go +++ b/metrics.go @@ -97,5 +97,5 @@ func sanitizeMethod(m string) string { return m } - return "other" + return "OTHER" } diff --git a/modules/caddyhttp/metrics.go b/modules/caddyhttp/metrics.go index 8aa91846..f2023cf2 100644 --- a/modules/caddyhttp/metrics.go +++ b/modules/caddyhttp/metrics.go @@ -180,7 +180,7 @@ func sanitizeMethod(m string) string { return m } - return "other" + return "OTHER" } // taken from https://github.com/prometheus/client_golang/blob/6007b2b5cae01203111de55f753e76d8dac1f529/prometheus/promhttp/instrument_server.go#L298 From da4a759bad70cae9f4f1f38a03c26f75aa04352f Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Sun, 23 Jan 2022 01:17:14 -0500 Subject: [PATCH 0552/1498] Update modules/caddyhttp/metrics_test.go --- modules/caddyhttp/metrics_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/caddyhttp/metrics_test.go b/modules/caddyhttp/metrics_test.go index 78e380b6..95f6d9b6 100644 --- a/modules/caddyhttp/metrics_test.go +++ b/modules/caddyhttp/metrics_test.go @@ -94,8 +94,8 @@ func TestSanitizeMethod(t *testing.T) { {method: "OPTIONS", expected: "OPTIONS"}, {method: "connect", expected: "CONNECT"}, {method: "trace", expected: "TRACE"}, - {method: "UNKNOWN", expected: "other"}, - {method: strings.Repeat("ohno", 9999), expected: "other"}, + {method: "UNKNOWN", expected: "OTHER"}, + {method: strings.Repeat("ohno", 9999), expected: "OTHER"}, } for _, d := range tests { From 7ca5921a87c819f9848ccd7ec786aab0f896be72 Mon Sep 17 00:00:00 2001 From: Dave Henderson Date: Mon, 24 Jan 2022 08:35:51 -0500 Subject: [PATCH 0553/1498] move common metrics-related funcs to internal package Signed-off-by: Dave Henderson --- internal/metrics/metrics.go | 39 +++++++++++++++++++++++++++++++ internal/metrics/metrics_test.go | 28 ++++++++++++++++++++++ metrics.go | 39 +++---------------------------- modules/caddyhttp/metrics.go | 39 ++++--------------------------- modules/caddyhttp/metrics_test.go | 23 ------------------ 5 files changed, 74 insertions(+), 94 deletions(-) create mode 100644 internal/metrics/metrics.go create mode 100644 internal/metrics/metrics_test.go diff --git a/internal/metrics/metrics.go b/internal/metrics/metrics.go new file mode 100644 index 00000000..7ae09b60 --- /dev/null +++ b/internal/metrics/metrics.go @@ -0,0 +1,39 @@ +package metrics + +import ( + "net/http" + "strconv" +) + +func SanitizeCode(s int) string { + switch s { + case 0, 200: + return "200" + default: + return strconv.Itoa(s) + } +} + +// Only support the list of "regular" HTTP methods, see +// https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods +var methodMap = map[string]string{ + "GET": http.MethodGet, "get": http.MethodGet, + "HEAD": http.MethodHead, "head": http.MethodHead, + "PUT": http.MethodPut, "put": http.MethodPut, + "POST": http.MethodPost, "post": http.MethodPost, + "DELETE": http.MethodDelete, "delete": http.MethodDelete, + "CONNECT": http.MethodConnect, "connect": http.MethodConnect, + "OPTIONS": http.MethodOptions, "options": http.MethodOptions, + "TRACE": http.MethodTrace, "trace": http.MethodTrace, + "PATCH": http.MethodPatch, "patch": http.MethodPatch, +} + +// SanitizeMethod sanitizes the method for use as a metric label. This helps +// prevent high cardinality on the method label. The name is always upper case. +func SanitizeMethod(m string) string { + if m, ok := methodMap[m]; ok { + return m + } + + return "OTHER" +} diff --git a/internal/metrics/metrics_test.go b/internal/metrics/metrics_test.go new file mode 100644 index 00000000..c3f5965b --- /dev/null +++ b/internal/metrics/metrics_test.go @@ -0,0 +1,28 @@ +package metrics + +import ( + "strings" + "testing" +) + +func TestSanitizeMethod(t *testing.T) { + tests := []struct { + method string + expected string + }{ + {method: "get", expected: "GET"}, + {method: "POST", expected: "POST"}, + {method: "OPTIONS", expected: "OPTIONS"}, + {method: "connect", expected: "CONNECT"}, + {method: "trace", expected: "TRACE"}, + {method: "UNKNOWN", expected: "OTHER"}, + {method: strings.Repeat("ohno", 9999), expected: "OTHER"}, + } + + for _, d := range tests { + actual := SanitizeMethod(d.method) + if actual != d.expected { + t.Errorf("Not same: expected %#v, but got %#v", d.expected, actual) + } + } +} diff --git a/metrics.go b/metrics.go index 8a502601..325006fb 100644 --- a/metrics.go +++ b/metrics.go @@ -2,8 +2,8 @@ package caddy import ( "net/http" - "strconv" + "github.com/caddyserver/caddy/v2/internal/metrics" "github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus/collectors" "github.com/prometheus/client_golang/prometheus/promauto" @@ -45,8 +45,8 @@ func instrumentHandlerCounter(counter *prometheus.CounterVec, next http.Handler) d := newDelegator(w) next.ServeHTTP(d, r) counter.With(prometheus.Labels{ - "code": sanitizeCode(d.status), - "method": sanitizeMethod(r.Method), + "code": metrics.SanitizeCode(d.status), + "method": metrics.SanitizeMethod(r.Method), }).Inc() }) } @@ -66,36 +66,3 @@ func (d *delegator) WriteHeader(code int) { d.status = code d.ResponseWriter.WriteHeader(code) } - -func sanitizeCode(s int) string { - switch s { - case 0, 200: - return "200" - default: - return strconv.Itoa(s) - } -} - -// Only support the list of "regular" HTTP methods, see -// https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods -var methodMap = map[string]string{ - "GET": http.MethodGet, "get": http.MethodGet, - "HEAD": http.MethodHead, "head": http.MethodHead, - "PUT": http.MethodPut, "put": http.MethodPut, - "POST": http.MethodPost, "post": http.MethodPost, - "DELETE": http.MethodDelete, "delete": http.MethodDelete, - "CONNECT": http.MethodConnect, "connect": http.MethodConnect, - "OPTIONS": http.MethodOptions, "options": http.MethodOptions, - "TRACE": http.MethodTrace, "trace": http.MethodTrace, - "PATCH": http.MethodPatch, "patch": http.MethodPatch, -} - -// sanitizeMethod sanitizes the method for use as a metric label. This helps -// prevent high cardinality on the method label. The name is always upper case. -func sanitizeMethod(m string) string { - if m, ok := methodMap[m]; ok { - return m - } - - return "OTHER" -} diff --git a/modules/caddyhttp/metrics.go b/modules/caddyhttp/metrics.go index f2023cf2..458c22af 100644 --- a/modules/caddyhttp/metrics.go +++ b/modules/caddyhttp/metrics.go @@ -3,10 +3,10 @@ package caddyhttp import ( "context" "net/http" - "strconv" "sync" "time" + "github.com/caddyserver/caddy/v2/internal/metrics" "github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus/promauto" ) @@ -108,7 +108,7 @@ func newMetricsInstrumentedHandler(handler string, mh MiddlewareHandler) *metric func (h *metricsInstrumentedHandler) ServeHTTP(w http.ResponseWriter, r *http.Request, next Handler) error { server := serverNameFromContext(r.Context()) labels := prometheus.Labels{"server": server, "handler": h.handler} - method := sanitizeMethod(r.Method) + method := metrics.SanitizeMethod(r.Method) // the "code" value is set later, but initialized here to eliminate the possibility // of a panic statusLabels := prometheus.Labels{"server": server, "handler": h.handler, "method": method, "code": ""} @@ -123,7 +123,7 @@ func (h *metricsInstrumentedHandler) ServeHTTP(w http.ResponseWriter, r *http.Re // being called when the headers are written. // Effectively the same behaviour as promhttp.InstrumentHandlerTimeToWriteHeader. writeHeaderRecorder := ShouldBufferFunc(func(status int, header http.Header) bool { - statusLabels["code"] = sanitizeCode(status) + statusLabels["code"] = metrics.SanitizeCode(status) ttfb := time.Since(start).Seconds() httpMetrics.responseDuration.With(statusLabels).Observe(ttfb) return false @@ -142,7 +142,7 @@ func (h *metricsInstrumentedHandler) ServeHTTP(w http.ResponseWriter, r *http.Re if statusLabels["code"] == "" { // we still sanitize it, even though it's likely to be 0. A 200 is // returned on fallthrough so we want to reflect that. - statusLabels["code"] = sanitizeCode(wrec.Status()) + statusLabels["code"] = metrics.SanitizeCode(wrec.Status()) } httpMetrics.requestDuration.With(statusLabels).Observe(dur) @@ -152,37 +152,6 @@ func (h *metricsInstrumentedHandler) ServeHTTP(w http.ResponseWriter, r *http.Re return nil } -func sanitizeCode(code int) string { - if code == 0 { - return "200" - } - return strconv.Itoa(code) -} - -// Only support the list of "regular" HTTP methods, see -// https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods -var methodMap = map[string]string{ - "GET": http.MethodGet, "get": http.MethodGet, - "HEAD": http.MethodHead, "head": http.MethodHead, - "PUT": http.MethodPut, "put": http.MethodPut, - "POST": http.MethodPost, "post": http.MethodPost, - "DELETE": http.MethodDelete, "delete": http.MethodDelete, - "CONNECT": http.MethodConnect, "connect": http.MethodConnect, - "OPTIONS": http.MethodOptions, "options": http.MethodOptions, - "TRACE": http.MethodTrace, "trace": http.MethodTrace, - "PATCH": http.MethodPatch, "patch": http.MethodPatch, -} - -// sanitizeMethod sanitizes the method for use as a metric label. This helps -// prevent high cardinality on the method label. The name is always upper case. -func sanitizeMethod(m string) string { - if m, ok := methodMap[m]; ok { - return m - } - - return "OTHER" -} - // taken from https://github.com/prometheus/client_golang/blob/6007b2b5cae01203111de55f753e76d8dac1f529/prometheus/promhttp/instrument_server.go#L298 func computeApproximateRequestSize(r *http.Request) int { s := 0 diff --git a/modules/caddyhttp/metrics_test.go b/modules/caddyhttp/metrics_test.go index 95f6d9b6..6311935a 100644 --- a/modules/caddyhttp/metrics_test.go +++ b/modules/caddyhttp/metrics_test.go @@ -5,7 +5,6 @@ import ( "errors" "net/http" "net/http/httptest" - "strings" "testing" "github.com/prometheus/client_golang/prometheus/testutil" @@ -83,25 +82,3 @@ type middlewareHandlerFunc func(http.ResponseWriter, *http.Request, Handler) err func (f middlewareHandlerFunc) ServeHTTP(w http.ResponseWriter, r *http.Request, h Handler) error { return f(w, r, h) } - -func TestSanitizeMethod(t *testing.T) { - tests := []struct { - method string - expected string - }{ - {method: "get", expected: "GET"}, - {method: "POST", expected: "POST"}, - {method: "OPTIONS", expected: "OPTIONS"}, - {method: "connect", expected: "CONNECT"}, - {method: "trace", expected: "TRACE"}, - {method: "UNKNOWN", expected: "OTHER"}, - {method: strings.Repeat("ohno", 9999), expected: "OTHER"}, - } - - for _, d := range tests { - actual := sanitizeMethod(d.method) - if actual != d.expected { - t.Errorf("Not same: expected %#v, but got %#v", d.expected, actual) - } - } -} From 599c81d753a1af8ffbb6d733321cc76f170c41e4 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Sun, 30 Jan 2022 22:46:25 -0700 Subject: [PATCH 0554/1498] Interrim upgrade CertMagic For auto-replace certificate on revocation for on-demand mode, until a proper release is made. --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 01f8f3e8..91e8fd9c 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/Masterminds/sprig/v3 v3.2.2 github.com/alecthomas/chroma v0.9.2 github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b - github.com/caddyserver/certmagic v0.15.2 + github.com/caddyserver/certmagic v0.15.3-0.20220131045834-9245be5a2f16 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-chi/chi v4.1.2+incompatible github.com/google/cel-go v0.7.3 diff --git a/go.sum b/go.sum index 2a65b82b..613b5adb 100644 --- a/go.sum +++ b/go.sum @@ -184,8 +184,8 @@ github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= github.com/caarlos0/ctrlc v1.0.0/go.mod h1:CdXpj4rmq0q/1Eb44M9zi2nKB0QraNKuRGYGrrHhcQw= -github.com/caddyserver/certmagic v0.15.2 h1:OMTakTsLM1ZfzMDjwvYprfUgFzpVPh3u87oxMPwmeBc= -github.com/caddyserver/certmagic v0.15.2/go.mod h1:qhkAOthf72ufAcp3Y5jF2RaGE96oip3UbEQRIzwe3/8= +github.com/caddyserver/certmagic v0.15.3-0.20220131045834-9245be5a2f16 h1:o8QKPI4dmvjj0VS6210ZyElMNyf1gHDNDNEZto12Pwk= +github.com/caddyserver/certmagic v0.15.3-0.20220131045834-9245be5a2f16/go.mod h1:qhkAOthf72ufAcp3Y5jF2RaGE96oip3UbEQRIzwe3/8= github.com/campoy/unique v0.0.0-20180121183637-88950e537e7e/go.mod h1:9IOqJGCPMSc6E5ydlp5NIonxObaeu/Iub/X03EKPVYo= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= github.com/cavaliercoder/go-cpio v0.0.0-20180626203310-925f9528c45e/go.mod h1:oDpT4efm8tSYHXV5tHSdRvBet/b/QzxZ+XyyPehvm3A= From ff74a0aa09a24afd63686c2d79cb605ecbb47b8c Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 1 Feb 2022 21:00:23 -0700 Subject: [PATCH 0555/1498] go.mod: Upgrade dependencies Including crucial CertMagic upgrade --- go.mod | 22 ++++++++--------- go.sum | 78 +++++++++++++++++++++++++++++++--------------------------- 2 files changed, 53 insertions(+), 47 deletions(-) diff --git a/go.mod b/go.mod index 91e8fd9c..05b6b879 100644 --- a/go.mod +++ b/go.mod @@ -4,31 +4,31 @@ go 1.16 require ( github.com/Masterminds/sprig/v3 v3.2.2 - github.com/alecthomas/chroma v0.9.2 + github.com/alecthomas/chroma v0.10.0 github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b - github.com/caddyserver/certmagic v0.15.3-0.20220131045834-9245be5a2f16 + github.com/caddyserver/certmagic v0.15.3 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-chi/chi v4.1.2+incompatible - github.com/google/cel-go v0.7.3 + github.com/google/cel-go v0.9.0 github.com/google/uuid v1.3.0 - github.com/klauspost/compress v1.13.6 - github.com/klauspost/cpuid/v2 v2.0.9 - github.com/lucas-clemente/quic-go v0.23.0 - github.com/mholt/acmez v1.0.1 + github.com/klauspost/compress v1.14.2 + github.com/klauspost/cpuid/v2 v2.0.10 + github.com/lucas-clemente/quic-go v0.24.0 + github.com/mholt/acmez v1.0.2 github.com/naoina/go-stringutil v0.1.0 // indirect github.com/naoina/toml v0.1.1 - github.com/prometheus/client_golang v1.11.0 + github.com/prometheus/client_golang v1.12.1 github.com/smallstep/certificates v0.18.0 github.com/smallstep/cli v0.18.0 github.com/smallstep/nosql v0.3.9 github.com/smallstep/truststore v0.10.1 - github.com/yuin/goldmark v1.4.1 + github.com/yuin/goldmark v1.4.4 github.com/yuin/goldmark-highlighting v0.0.0-20210516132338-9216f9c5aa01 - go.uber.org/zap v1.19.0 + go.uber.org/zap v1.20.0 golang.org/x/crypto v0.0.0-20210915214749-c084706c2272 golang.org/x/net v0.0.0-20210913180222-943fd674d43e golang.org/x/term v0.0.0-20210503060354-a79de5458b56 - google.golang.org/genproto v0.0.0-20210719143636-1d5a45f8e492 + google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2 google.golang.org/protobuf v1.27.1 gopkg.in/natefinch/lumberjack.v2 v2.0.0 gopkg.in/yaml.v2 v2.4.0 diff --git a/go.sum b/go.sum index 613b5adb..14dcb18e 100644 --- a/go.sum +++ b/go.sum @@ -117,17 +117,13 @@ github.com/ThomasRooney/gexpect v0.0.0-20161231170123-5482f0350944/go.mod h1:sPM github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g= github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7/go.mod h1:6zEj6s6u/ghQa61ZWa/C2Aw3RkjiTBOix7dkqa1VLIs= -github.com/alecthomas/assert v0.0.0-20170929043011-405dbfeb8e38 h1:smF2tmSOzy2Mm+0dGI2AIUHY+w0BUc+4tn40djz7+6U= github.com/alecthomas/assert v0.0.0-20170929043011-405dbfeb8e38/go.mod h1:r7bzyVFMNntcxPZXK3/+KdruV1H5KSlyVY0gc+NgInI= github.com/alecthomas/chroma v0.7.2-0.20200305040604-4f3623dce67a/go.mod h1:fv5SzZPFJbwp2NXJWpFIX7DZS4HgV1K4ew4Pc2OZD9s= -github.com/alecthomas/chroma v0.9.2 h1:yU1sE2+TZbLIQPMk30SolL2Hn53SR/Pv750f7qZ/XMs= -github.com/alecthomas/chroma v0.9.2/go.mod h1:eMuEnpA18XbG/WhOWtCzJHS7WqEtDAI+HxdwoW0nVSk= -github.com/alecthomas/colour v0.0.0-20160524082231-60882d9e2721 h1:JHZL0hZKJ1VENNfmXvHbgYlbUOvpzYzvy2aZU5gXVeo= +github.com/alecthomas/chroma v0.10.0 h1:7XDcGkCQopCNKjZHfYrNLraA+M7e0fMiJ/Mfikbfjek= +github.com/alecthomas/chroma v0.10.0/go.mod h1:jtJATyUxlIORhUOFNA9NZDWGAQ8wpxQQqNSB4rjA/1s= github.com/alecthomas/colour v0.0.0-20160524082231-60882d9e2721/go.mod h1:QO9JBoKquHd+jz9nshCh40fOfO+JzsoXy8qTHF68zU0= github.com/alecthomas/kingpin v2.2.6+incompatible/go.mod h1:59OFYbFVLKQKq+mqrL6Rw5bR0c3ACQaawgXx0QYndlE= github.com/alecthomas/kong v0.2.1-0.20190708041108-0548c6b1afae/go.mod h1:+inYUSluD+p4L8KdviBSgzcqEjUQOfC5fQDRFuc36lI= -github.com/alecthomas/kong v0.2.4/go.mod h1:kQOmtJgV+Lb4aj+I2LEn40cbtawdWJ9Y8QLq+lElKxE= -github.com/alecthomas/repr v0.0.0-20180818092828-117648cd9897 h1:p9Sln00KOTlrYkxI1zYWl1QLnEqAqEARBEYa8FQnQcY= github.com/alecthomas/repr v0.0.0-20180818092828-117648cd9897/go.mod h1:xTS7Pm1pD1mvyM075QCDSRqH6qRLXylzS24ZTpRiSzQ= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= @@ -136,8 +132,8 @@ github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= -github.com/antlr/antlr4 v0.0.0-20200503195918-621b933c7a7f h1:0cEys61Sr2hUBEXfNV8eyQP01oZuBgoMeHunebPirK8= -github.com/antlr/antlr4 v0.0.0-20200503195918-621b933c7a7f/go.mod h1:T7PbCXFs94rrTttyxjbyT5+/1V8T2TYDejxUfHJjw1Y= +github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20210826220005-b48c857c3a0e h1:GCzyKMDDjSGnlpl3clrdAK7I1AaVoaiKDOYkUzChZzg= +github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20210826220005-b48c857c3a0e/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY= github.com/aokoli/goutils v1.0.1/go.mod h1:SijmP0QR8LtwsmDs8Yii5Z/S4trXFGFC2oO5g9DP+DQ= github.com/apache/beam v2.28.0+incompatible/go.mod h1:/8NX3Qi8vGstDLLaeaU7+lzVEu/ACaQhYjeefzQ0y1o= github.com/apache/beam v2.30.0+incompatible/go.mod h1:/8NX3Qi8vGstDLLaeaU7+lzVEu/ACaQhYjeefzQ0y1o= @@ -184,8 +180,8 @@ github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= github.com/caarlos0/ctrlc v1.0.0/go.mod h1:CdXpj4rmq0q/1Eb44M9zi2nKB0QraNKuRGYGrrHhcQw= -github.com/caddyserver/certmagic v0.15.3-0.20220131045834-9245be5a2f16 h1:o8QKPI4dmvjj0VS6210ZyElMNyf1gHDNDNEZto12Pwk= -github.com/caddyserver/certmagic v0.15.3-0.20220131045834-9245be5a2f16/go.mod h1:qhkAOthf72ufAcp3Y5jF2RaGE96oip3UbEQRIzwe3/8= +github.com/caddyserver/certmagic v0.15.3 h1:ScY3KVV1eMIUfW74i20kDnD4eWL8T0rG6S6Wnc6nc9U= +github.com/caddyserver/certmagic v0.15.3/go.mod h1:qhkAOthf72ufAcp3Y5jF2RaGE96oip3UbEQRIzwe3/8= github.com/campoy/unique v0.0.0-20180121183637-88950e537e7e/go.mod h1:9IOqJGCPMSc6E5ydlp5NIonxObaeu/Iub/X03EKPVYo= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= github.com/cavaliercoder/go-cpio v0.0.0-20180626203310-925f9528c45e/go.mod h1:oDpT4efm8tSYHXV5tHSdRvBet/b/QzxZ+XyyPehvm3A= @@ -197,8 +193,9 @@ github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6 github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= -github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE= +github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cheekybits/genny v1.0.0 h1:uGGa4nei+j20rOSeDeP5Of12XVm7TGUd4dJA9RDitfE= github.com/cheekybits/genny v1.0.0/go.mod h1:+tQajlRqAUrPI7DOSpB0XAqZYtQakVtB7wXkRAgjxjQ= github.com/chzyer/logex v1.1.10 h1:Swpa1K6QvQznwJRcfTfQJmTE72DqScAa40E+fbHEXEE= @@ -241,7 +238,6 @@ github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsr github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/danwakefield/fnmatch v0.0.0-20160403171240-cbb64ac3d964 h1:y5HC9v93H5EPKqaS1UYVg1uYah5Xf51mBfIoWehClUQ= github.com/danwakefield/fnmatch v0.0.0-20160403171240-cbb64ac3d964/go.mod h1:Xd9hchkHSWYkEqJwUGisez3G1QY8Ryz0sdWrLPMGjLk= github.com/davecgh/go-spew v0.0.0-20161028175848-04cdfd42973b/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -346,6 +342,7 @@ github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXP github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -388,9 +385,9 @@ github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEW github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= -github.com/google/cel-go v0.7.3 h1:8v9BSN0avuGwrHFKNCjfiQ/CE6+D6sW+BDyOVoEeP6o= -github.com/google/cel-go v0.7.3/go.mod h1:4EtyFAHT5xNr0Msu0MJjyGxPUgdr9DlcaPyzLt/kkt8= -github.com/google/cel-spec v0.5.0/go.mod h1:Nwjgxy5CbjlPrtCWjeDjUyKMl8w41YBYGjsyDdqk0xA= +github.com/google/cel-go v0.9.0 h1:u1hg7lcZ/XWw2d3aV1jFS30ijQQ6q0/h1C2ZBeBD1gY= +github.com/google/cel-go v0.9.0/go.mod h1:U7ayypeSkw23szu4GaQTPJGx66c20mx8JklMSxrmI1w= +github.com/google/cel-spec v0.6.0/go.mod h1:Nwjgxy5CbjlPrtCWjeDjUyKMl8w41YBYGjsyDdqk0xA= github.com/google/certificate-transparency-go v1.0.21/go.mod h1:QeJfpSbVSfYc7RgB3gJFj9cbuQMMchQxrWXz8Ruopmg= github.com/google/certificate-transparency-go v1.1.2-0.20210422104406-9f33727a7a18/go.mod h1:6CKh9dscIRoqc2kC6YUFICHZMT9NrClyPrRVFrdw1QQ= github.com/google/certificate-transparency-go v1.1.2-0.20210512142713-bed466244fa6/go.mod h1:aF2dp7Dh81mY8Y/zpzyXps4fQW5zQbDu2CxfpJB6NkI= @@ -546,6 +543,7 @@ github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/u github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= @@ -559,10 +557,11 @@ github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQL github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.12.3/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= -github.com/klauspost/compress v1.13.6 h1:P76CopJELS0TiO2mebmnzgWaajssP/EszplttgQxcgc= -github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= -github.com/klauspost/cpuid/v2 v2.0.9 h1:lgaqFMSdTdQYdZ04uHyN2d/eKdOMyi2YLSvlQIBFYa4= +github.com/klauspost/compress v1.14.2 h1:S0OHlFk/Gbon/yauFJ4FfJJF5V0fc5HbBTJazi28pRw= +github.com/klauspost/compress v1.14.2/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= +github.com/klauspost/cpuid/v2 v2.0.10 h1:fv5GKR+e2UgD+gcxQECVT5rBwAmlFLl2mkKm7WK3ODY= +github.com/klauspost/cpuid/v2 v2.0.10/go.mod h1:g2LTdtYhdyuGPqyWyv7qRAmj1WBqxuObKfj5c0PQa7c= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -585,8 +584,8 @@ github.com/libdns/libdns v0.2.1 h1:Wu59T7wSHRgtA0cfxC+n1c/e+O3upJGWytknkmFEDis= github.com/libdns/libdns v0.2.1/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40= github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= -github.com/lucas-clemente/quic-go v0.23.0 h1:5vFnKtZ6nHDFsc/F3uuiF4T3y/AXaQdxjUqiVw26GZE= -github.com/lucas-clemente/quic-go v0.23.0/go.mod h1:paZuzjXCE5mj6sikVLMvqXk8lJV2AsqtJ6bDhjEfxx0= +github.com/lucas-clemente/quic-go v0.24.0 h1:ToR7SIIEdrgOhgVTHvPgdVRJfgVy+N0wQAagH7L4d5g= +github.com/lucas-clemente/quic-go v0.24.0/go.mod h1:paZuzjXCE5mj6sikVLMvqXk8lJV2AsqtJ6bDhjEfxx0= github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= @@ -605,7 +604,6 @@ github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaO github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ= github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= -github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-colorable v0.1.8 h1:c1ghPdyEDarC70ftn0y+A/Ee++9zz8ljHG1b13eJ0s8= github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-ieproxy v0.0.0-20190610004146-91bb50d98149/go.mod h1:31jz6HNzdxOmlERGGEc4v/dMssOfmp2p5bT/okiKFFc= @@ -627,8 +625,9 @@ github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5 github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d h1:5PJl274Y63IEHC+7izoQE9x6ikvDFZS2mDVS3drnohI= github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= -github.com/mholt/acmez v1.0.1 h1:J7uquHOKEmo71UDnVApy1sSLA0oF/r+NtVrNzMKKA9I= github.com/mholt/acmez v1.0.1/go.mod h1:8qnn8QA/Ewx8E3ZSsmscqsIjhhpxuy9vqdgbX2ceceM= +github.com/mholt/acmez v1.0.2 h1:C8wsEBIUVi6e0DYoxqCcFuXtwc4AWXL/jgcDjF7mjVo= +github.com/mholt/acmez v1.0.2/go.mod h1:8qnn8QA/Ewx8E3ZSsmscqsIjhhpxuy9vqdgbX2ceceM= github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4= github.com/micromdm/scep/v2 v2.1.0 h1:2fS9Rla7qRR266hvUoEauBJ7J6FhgssEiq2OkSKXmaU= github.com/micromdm/scep/v2 v2.1.0/go.mod h1:BkF7TkPPhmgJAMtHfP+sFTKXmgzNJgLQlvvGoOExBcc= @@ -657,6 +656,7 @@ github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8= github.com/mreiferson/go-httpclient v0.0.0-20160630210159-31f0106b4474/go.mod h1:OQA4XLvDbMgS8P0CevmM4m9Q3Jq4phKUzcocxuGJ5m8= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= @@ -744,8 +744,9 @@ github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeD github.com/prometheus/client_golang v1.5.1/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_golang v1.10.0/go.mod h1:WJM3cc3yu7XKBKa/I8WeZm+V3eltZnBwfENSU7mdogU= -github.com/prometheus/client_golang v1.11.0 h1:HNkLOAEQMIDv/K+04rukrLx6ch7msSRwf3/SASFAGtQ= github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= +github.com/prometheus/client_golang v1.12.1 h1:ZiaPsmm9uiBeaSMRznKsCDNtPCS0T3JVDGF+06gjBzk= +github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= @@ -762,8 +763,9 @@ github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt2 github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.18.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s= -github.com/prometheus/common v0.26.0 h1:iMAkS2TDoNWnKM+Kopnx/8tnEStIfpYA0ur0xQzzhMQ= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= +github.com/prometheus/common v0.32.1 h1:hWIdL3N2HoUx3B8j3YN9mWor0qhY/NlEKZEaXxuIRh4= +github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= @@ -772,8 +774,9 @@ github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsT github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= -github.com/prometheus/procfs v0.6.0 h1:mxy4L2jP6qMonqmq+aTtOx1ifVWUgG/TAmntgbh3xv4= github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= +github.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0VU= +github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/pseudomuto/protoc-gen-doc v1.4.1/go.mod h1:exDTOVwqpp30eV/EDPFLZy3Pwr2sn6hBC1WIYH/UbIg= github.com/pseudomuto/protokit v0.2.0/go.mod h1:2PdH30hxVHsup8KpBTOXTBeMVhJZVio3Q8ViKSAXT0Q= @@ -796,7 +799,6 @@ github.com/sassoftware/go-rpmutils v0.0.0-20190420191620-a8f1baeba37b/go.mod h1: github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= -github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/shopspring/decimal v1.2.0 h1:abSATXmQEYyShuxI4/vyW3tV1MrKAJzCZ/0zLUXYbsQ= github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= @@ -930,8 +932,8 @@ github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.3.6/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= -github.com/yuin/goldmark v1.4.1 h1:/vn0k+RBvwlxEmP5E7SZMqNxPhfMVFEJiykr15/0XKM= -github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +github.com/yuin/goldmark v1.4.4 h1:zNWRjYUW32G9KirMXYHQHVNFkXvMI7LpgNW2AgYAoIs= +github.com/yuin/goldmark v1.4.4/go.mod h1:rmuwmfZ0+bvzB24eSC//bk1R1Zp3hM0OXYv/G2LIilg= github.com/yuin/goldmark-highlighting v0.0.0-20210516132338-9216f9c5aa01 h1:0SJnXjE4jDClMW6grE0xpNhwpqbPwkBTn8zpVw5C0SI= github.com/yuin/goldmark-highlighting v0.0.0-20210516132338-9216f9c5aa01/go.mod h1:TwKQPa5XkCCRC2GRZ5wtfNUTQ2+9/i19mGRijFeJ4BE= github.com/zmap/rc2 v0.0.0-20131011165748-24b9757f5521/go.mod h1:3YZ9o3WnatTIZhuOtot4IcUfzoKVjUHqu6WALIyI0nE= @@ -1006,8 +1008,9 @@ go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/goleak v1.1.10 h1:z+mqJhf6ss6BSfSM671tgKyZBFPTTJM+HLxnhPC3wu0= go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= +go.uber.org/goleak v1.1.11 h1:wy28qYRKZgnJTxGxvye5/wgWr1EKjmUDGYox5mGlRlI= +go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU= @@ -1019,8 +1022,8 @@ go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= go.uber.org/zap v1.15.0/go.mod h1:Mb2vm2krFEG5DV0W9qcHBYFtp/Wku1cvYaqPsS/WYfc= go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ= go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= -go.uber.org/zap v1.19.0 h1:mZQZefskPPCMIBCSEH0v2/iUqqLrYtaeqwD6FUGUnFE= -go.uber.org/zap v1.19.0/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI= +go.uber.org/zap v1.20.0 h1:N4oPlghZwYG55MlU6LXk/Zp00FVNE9X9wrYO8CEs4lc= +go.uber.org/zap v1.20.0/go.mod h1:wjWOCqI0f2ZZrJF/UufIOkiC8ii6tm1iqIsLo76RfJw= go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE= gocloud.dev v0.19.0/go.mod h1:SmKwiR8YwIMMJvQBKLsC3fHNyMwXLw3PMDO+VVteJMI= golang.org/x/build v0.0.0-20190111050920-041ab4dc3f9d/go.mod h1:OWs+y06UdEOHN4y+MfF/py+xQ/tYqIWW03b70/CG9Rw= @@ -1072,7 +1075,6 @@ golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRu golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 h1:VLliZ0d+/avPrXXH+OakdXhpJuEoBZuwh1m2j7U6Iug= golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= @@ -1146,6 +1148,7 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210913180222-943fd674d43e h1:+b/22bPvDYt4NPDcy4xAGCmON713ONAWFeY3Z7I3tR8= golang.org/x/net v0.0.0-20210913180222-943fd674d43e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -1228,7 +1231,6 @@ golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200413165638-669c56c373c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1264,9 +1266,11 @@ golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210915083310-ed5796bab164/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211031064116-611d5d643895 h1:iaNpwpnrgL5jzWS0vCNnfa8HqzxveCFpFx3uC/X4Tps= golang.org/x/sys v0.0.0-20211031064116-611d5d643895/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 h1:XfKQ4OlFl8okEOr5UvAqFRVj8pY/4yfcXrddB8qAbU0= +golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210503060354-a79de5458b56 h1:b8jxX3zqjpqb2LklXPzKSGJhzyxCOZSz8ncv8Nv+y7w= golang.org/x/term v0.0.0-20210503060354-a79de5458b56/go.mod h1:tfny5GFUkzUvx4ps4ajbZsCe5lw1metzhBm9T3x7oIY= @@ -1469,8 +1473,9 @@ google.golang.org/genproto v0.0.0-20210429181445-86c259c2b4ab/go.mod h1:P3QM42oQ google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210719143636-1d5a45f8e492 h1:7yQQsvnwjfEahbNNEKcBHv3mR+HnB1ctGY/z1JXzx8M= google.golang.org/genproto v0.0.0-20210719143636-1d5a45f8e492/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= +google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2 h1:NHN4wOCScVzKhPenJ2dt+BTs3X/XkBVI/Rh4iDt55T8= +google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= @@ -1502,8 +1507,9 @@ google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.39.0 h1:Klz8I9kdtkIN6EpHHUOMLCYhTn/2WAe5a0s1hcBkdTI= google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= +google.golang.org/grpc v1.40.0 h1:AGJ0Ih4mHjSeibYkFGh1dD9KJ/eOtZ93I6hoHhukQ5Q= +google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= From 7557d1d92240d7dc36a6f8137ab542f3908f316c Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 2 Feb 2022 01:33:36 -0500 Subject: [PATCH 0556/1498] reverseproxy: Avoid returning a `nil` error during GetClientCertificate (#4550) --- modules/caddyhttp/reverseproxy/httptransport.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/caddyhttp/reverseproxy/httptransport.go b/modules/caddyhttp/reverseproxy/httptransport.go index f23504c7..4be51afe 100644 --- a/modules/caddyhttp/reverseproxy/httptransport.go +++ b/modules/caddyhttp/reverseproxy/httptransport.go @@ -364,6 +364,9 @@ func (t TLSConfig) MakeTLSClientConfig(ctx caddy.Context) (*tls.Config, error) { return &cert.Certificate, nil } } + if err == nil { + err = fmt.Errorf("no client certificate found for automate name: %s", t.ClientCertificateAutomate) + } return nil, err } } From 1d0425b26f1fbb797d7bc10e3740dc031410d01f Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 7 Feb 2022 00:14:41 -0500 Subject: [PATCH 0557/1498] templates: Elaborate on what's supported by the markdown function (#4564) --- modules/caddyhttp/templates/templates.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/modules/caddyhttp/templates/templates.go b/modules/caddyhttp/templates/templates.go index f7332a9a..d4505f05 100644 --- a/modules/caddyhttp/templates/templates.go +++ b/modules/caddyhttp/templates/templates.go @@ -126,7 +126,11 @@ func init() { // // ##### `markdown` // -// Renders the given Markdown text as HTML. +// Renders the given Markdown text as HTML. This uses the +// [Goldmark](https://github.com/yuin/goldmark) library, +// which is CommonMark compliant. It also has these plugins +// enabled: Github Flavored Markdown, Footnote and syntax +// highlighting provided by [Chroma](https://github.com/alecthomas/chroma). // // ``` // {{markdown "My _markdown_ text"}} From 40b54434f3cdb804ef10eee0ba5d8d6c390e93d4 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 15 Feb 2022 12:08:12 -0700 Subject: [PATCH 0558/1498] admin: Enforce and refactor origin checking Using URLs seems a little cleaner and more correct cf: https://caddy.community/t/protect-admin-endpoint/15114 (This used to work. Something must have changed recently.) --- admin.go | 83 ++++++++++++++++++++++++++++++++++++++------------------ 1 file changed, 57 insertions(+), 26 deletions(-) diff --git a/admin.go b/admin.go index 0a7b9330..157ae95f 100644 --- a/admin.go +++ b/admin.go @@ -42,6 +42,7 @@ import ( "github.com/caddyserver/certmagic" "github.com/prometheus/client_golang/prometheus" "go.uber.org/zap" + "go.uber.org/zap/zapcore" ) // AdminConfig configures Caddy's API endpoint, which is used @@ -192,6 +193,7 @@ func (admin AdminConfig) newAdminHandler(addr NetworkAddress, remote bool) admin } else { muxWrap.enforceHost = !addr.isWildcardInterface() muxWrap.allowedOrigins = admin.allowedOrigins(addr) + muxWrap.enforceOrigin = admin.EnforceOrigin } addRouteWithMetrics := func(pattern string, handlerLabel string, h http.Handler) { @@ -252,7 +254,7 @@ func (admin AdminConfig) newAdminHandler(addr NetworkAddress, remote bool) admin // will be used as the default origin. If admin.Origins is // empty, no origins will be allowed, effectively bricking the // endpoint for non-unix-socket endpoints, but whatever. -func (admin AdminConfig) allowedOrigins(addr NetworkAddress) []string { +func (admin AdminConfig) allowedOrigins(addr NetworkAddress) []*url.URL { uniqueOrigins := make(map[string]struct{}) for _, o := range admin.Origins { uniqueOrigins[o] = struct{}{} @@ -276,8 +278,23 @@ func (admin AdminConfig) allowedOrigins(addr NetworkAddress) []string { uniqueOrigins[addr.JoinHostPort(0)] = struct{}{} } } - allowed := make([]string, 0, len(uniqueOrigins)) - for origin := range uniqueOrigins { + allowed := make([]*url.URL, 0, len(uniqueOrigins)) + for originStr := range uniqueOrigins { + var origin *url.URL + if strings.Contains(originStr, "://") { + var err error + origin, err = url.Parse(originStr) + if err != nil { + continue + } + origin.Path = "" + origin.RawPath = "" + origin.Fragment = "" + origin.RawFragment = "" + origin.RawQuery = "" + } else { + origin = &url.URL{Host: originStr} + } allowed = append(allowed, origin) } return allowed @@ -358,7 +375,7 @@ func replaceLocalAdminServer(cfg *Config) error { adminLogger.Info("admin endpoint started", zap.String("address", addr.String()), zap.Bool("enforce_origin", adminConfig.EnforceOrigin), - zap.Strings("origins", handler.allowedOrigins)) + zap.Array("origins", loggableURLArray(handler.allowedOrigins))) if !handler.enforceHost { adminLogger.Warn("admin endpoint on open interface; host checking disabled", @@ -650,10 +667,10 @@ type AdminRoute struct { type adminHandler struct { mux *http.ServeMux - // security for local/plaintext) endpoint, on by default + // security for local/plaintext endpoint enforceOrigin bool enforceHost bool - allowedOrigins []string + allowedOrigins []*url.URL // security for remote/encrypted endpoint remoteControl *RemoteAdmin @@ -779,8 +796,8 @@ func (h adminHandler) handleError(w http.ResponseWriter, r *http.Request, err er // rebinding attacks. func (h adminHandler) checkHost(r *http.Request) error { var allowed bool - for _, allowedHost := range h.allowedOrigins { - if r.Host == allowedHost { + for _, allowedOrigin := range h.allowedOrigins { + if r.Host == allowedOrigin.Host { allowed = true break } @@ -799,43 +816,45 @@ func (h adminHandler) checkHost(r *http.Request) error { // sites from issuing requests to our listener. It // returns the origin that was obtained from r. func (h adminHandler) checkOrigin(r *http.Request) (string, error) { - origin := h.getOriginHost(r) - if origin == "" { - return origin, APIError{ + originStr, origin := h.getOrigin(r) + if origin == nil { + return "", APIError{ HTTPStatus: http.StatusForbidden, - Err: fmt.Errorf("missing required Origin header"), + Err: fmt.Errorf("required Origin header is missing or invalid"), } } if !h.originAllowed(origin) { - return origin, APIError{ + return "", APIError{ HTTPStatus: http.StatusForbidden, - Err: fmt.Errorf("client is not allowed to access from origin %s", origin), + Err: fmt.Errorf("client is not allowed to access from origin '%s'", originStr), } } - return origin, nil + return origin.String(), nil } -func (h adminHandler) getOriginHost(r *http.Request) string { +func (h adminHandler) getOrigin(r *http.Request) (string, *url.URL) { origin := r.Header.Get("Origin") if origin == "" { origin = r.Header.Get("Referer") } originURL, err := url.Parse(origin) - if err == nil && originURL.Host != "" { - origin = originURL.Host + if err != nil { + return origin, nil } - return origin + originURL.Path = "" + originURL.RawPath = "" + originURL.Fragment = "" + originURL.RawFragment = "" + originURL.RawQuery = "" + return origin, originURL } -func (h adminHandler) originAllowed(origin string) bool { +func (h adminHandler) originAllowed(origin *url.URL) bool { for _, allowedOrigin := range h.allowedOrigins { - originCopy := origin - if !strings.Contains(allowedOrigin, "://") { - // no scheme specified, so allow both - originCopy = strings.TrimPrefix(originCopy, "http://") - originCopy = strings.TrimPrefix(originCopy, "https://") + if allowedOrigin.Scheme != "" && origin.Scheme != allowedOrigin.Scheme { + continue } - if originCopy == allowedOrigin { + if origin.Host == allowedOrigin.Host { return true } } @@ -1189,6 +1208,18 @@ func decodeBase64DERCert(certStr string) (*x509.Certificate, error) { return x509.ParseCertificate(derBytes) } +type loggableURLArray []*url.URL + +func (ua loggableURLArray) MarshalLogArray(enc zapcore.ArrayEncoder) error { + if ua == nil { + return nil + } + for _, u := range ua { + enc.AppendString(u.String()) + } + return nil +} + var ( // DefaultAdminListen is the address for the local admin // listener, if none is specified at startup. From 32aad909380f08a40389a33bfe788c8a35b1d850 Mon Sep 17 00:00:00 2001 From: Alok Naushad Date: Sat, 12 Feb 2022 01:53:45 +0530 Subject: [PATCH 0559/1498] admin: Write proper status on invalid requests (#4569) (fix #4561) --- admin.go | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/admin.go b/admin.go index 157ae95f..33bb5c6e 100644 --- a/admin.go +++ b/admin.go @@ -924,10 +924,16 @@ func handleConfigID(w http.ResponseWriter, r *http.Request) error { parts := strings.Split(idPath, "/") if len(parts) < 3 || parts[2] == "" { - return fmt.Errorf("request path is missing object ID") + return APIError{ + HTTPStatus: http.StatusBadRequest, + Err: fmt.Errorf("request path is missing object ID"), + } } if parts[0] != "" || parts[1] != "id" { - return fmt.Errorf("malformed object path") + return APIError{ + HTTPStatus: http.StatusBadRequest, + Err: fmt.Errorf("malformed object path"), + } } id := parts[2] @@ -936,7 +942,10 @@ func handleConfigID(w http.ResponseWriter, r *http.Request) error { expanded, ok := rawCfgIndex[id] defer currentCfgMu.RUnlock() if !ok { - return fmt.Errorf("unknown object ID '%s'", id) + return APIError{ + HTTPStatus: http.StatusNotFound, + Err: fmt.Errorf("unknown object ID '%s'", id), + } } // piece the full URL path back together From 57a708d189cfe4ccc20ae92df95dd35e52a434a8 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Thu, 17 Feb 2022 15:40:34 -0700 Subject: [PATCH 0560/1498] caddytls: Support external certificate Managers (like Tailscale) (#4541) Huge thank-you to Tailscale (https://tailscale.com) for making this change possible! This is a great feature for Caddy and Tailscale is a great fit for a standard implementation. * caddytls: GetCertificate modules; Tailscale * Caddyfile support for get_certificate Also fix AP provisioning in case of empty subject list (persist loaded module on struct, much like Issuers, to surive reprovisioning). And implement start of HTTP cert getter, still WIP. * Update modules/caddytls/automation.go Co-authored-by: Francis Lavoie * Use tsclient package, check status for name * Implement HTTP cert getter And use reuse CertMagic's PEM functions for private keys. * Remove cache option from Tailscale getter Tailscale does its own caching and we don't need the added complexity... for now, at least. * Several updates - Option to disable cert automation in auto HTTPS - Support multiple cert managers - Remove cache feature from cert manager modules - Minor improvements to auto HTTPS logging * Run go mod tidy * Try to get certificates from Tailscale implicitly Only for domains ending in .ts.net. I think this is really cool! Co-authored-by: Francis Lavoie --- caddyconfig/httpcaddyfile/builtins.go | 24 +++ caddyconfig/httpcaddyfile/httptype.go | 11 +- caddyconfig/httpcaddyfile/options.go | 4 +- caddyconfig/httpcaddyfile/tlsapp.go | 7 + go.mod | 10 +- go.sum | 75 ++++++++-- modules/caddyhttp/autohttps.go | 99 ++++++++---- modules/caddypki/ca.go | 12 +- modules/caddypki/certificates.go | 5 +- modules/caddypki/crypto.go | 74 +-------- modules/caddytls/automation.go | 44 +++++- modules/caddytls/certmanagers.go | 208 ++++++++++++++++++++++++++ modules/caddytls/folderloader.go | 35 ++--- 13 files changed, 450 insertions(+), 158 deletions(-) create mode 100644 modules/caddytls/certmanagers.go diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index 7fdd3e8a..2606bf3a 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -82,6 +82,7 @@ func parseBind(h Helper) ([]ConfigValue, error) { // on_demand // eab // issuer [...] +// get_certificate [...] // } // func parseTLS(h Helper) ([]ConfigValue, error) { @@ -93,6 +94,7 @@ func parseTLS(h Helper) ([]ConfigValue, error) { var keyType string var internalIssuer *caddytls.InternalIssuer var issuers []certmagic.Issuer + var certManagers []certmagic.CertificateManager var onDemand bool for h.Next() { @@ -307,6 +309,22 @@ func parseTLS(h Helper) ([]ConfigValue, error) { } issuers = append(issuers, issuer) + case "get_certificate": + if !h.NextArg() { + return nil, h.ArgErr() + } + modName := h.Val() + modID := "tls.get_certificate." + modName + unm, err := caddyfile.UnmarshalModule(h.Dispenser, modID) + if err != nil { + return nil, err + } + certManager, ok := unm.(certmagic.CertificateManager) + if !ok { + return nil, h.Errf("module %s (%T) is not a certmagic.CertificateManager", modID, unm) + } + certManagers = append(certManagers, certManager) + case "dns": if !h.NextArg() { return nil, h.ArgErr() @@ -453,6 +471,12 @@ func parseTLS(h Helper) ([]ConfigValue, error) { Value: true, }) } + for _, certManager := range certManagers { + configVals = append(configVals, ConfigValue{ + Class: "tls.cert_manager", + Value: certManager, + }) + } // custom certificate selection if len(certSelector.AnyTag) > 0 { diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 3a54c087..d7716a42 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -446,13 +446,14 @@ func (st *ServerType) serversFromPairings( // handle the auto_https global option if autoHTTPS != "on" { srv.AutoHTTPS = new(caddyhttp.AutoHTTPSConfig) - if autoHTTPS == "off" { + switch autoHTTPS { + case "off": srv.AutoHTTPS.Disabled = true - } - if autoHTTPS == "disable_redirects" { + case "disable_redirects": srv.AutoHTTPS.DisableRedir = true - } - if autoHTTPS == "ignore_loaded_certs" { + case "disable_certs": + srv.AutoHTTPS.DisableCerts = true + case "ignore_loaded_certs": srv.AutoHTTPS.IgnoreLoadedCerts = true } } diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go index 016d0dfb..65b03389 100644 --- a/caddyconfig/httpcaddyfile/options.go +++ b/caddyconfig/httpcaddyfile/options.go @@ -384,8 +384,8 @@ func parseOptAutoHTTPS(d *caddyfile.Dispenser, _ interface{}) (interface{}, erro if d.Next() { return "", d.ArgErr() } - if val != "off" && val != "disable_redirects" && val != "ignore_loaded_certs" { - return "", d.Errf("auto_https must be one of 'off', 'disable_redirects' or 'ignore_loaded_certs'") + if val != "off" && val != "disable_redirects" && val != "disable_certs" && val != "ignore_loaded_certs" { + return "", d.Errf("auto_https must be one of 'off', 'disable_redirects', 'disable_certs', or 'ignore_loaded_certs'") } return val, nil } diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index b11addc4..48506d81 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -133,6 +133,13 @@ func (st ServerType) buildTLSApp( ap.Issuers = issuers } + // certificate managers + if certManagerVals, ok := sblock.pile["tls.cert_manager"]; ok { + for _, certManager := range certManagerVals { + certGetterName := certManager.Value.(caddy.Module).CaddyModule().ID.Name() + ap.ManagersRaw = append(ap.ManagersRaw, caddyconfig.JSONModuleObject(certManager.Value, "via", certGetterName, &warnings)) + } + } // custom bind host for _, cfgVal := range sblock.pile["bind"] { for _, iss := range ap.Issuers { diff --git a/go.mod b/go.mod index 05b6b879..7cbbd2fe 100644 --- a/go.mod +++ b/go.mod @@ -3,11 +3,14 @@ module github.com/caddyserver/caddy/v2 go 1.16 require ( + cloud.google.com/go/kms v1.1.0 // indirect + github.com/BurntSushi/toml v0.4.1 // indirect github.com/Masterminds/sprig/v3 v3.2.2 github.com/alecthomas/chroma v0.10.0 github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b - github.com/caddyserver/certmagic v0.15.3 + github.com/caddyserver/certmagic v0.15.4-0.20220217213750-797d29bcf32f github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac + github.com/fsnotify/fsnotify v1.5.1 // indirect github.com/go-chi/chi v4.1.2+incompatible github.com/google/cel-go v0.9.0 github.com/google/uuid v1.3.0 @@ -22,14 +25,17 @@ require ( github.com/smallstep/cli v0.18.0 github.com/smallstep/nosql v0.3.9 github.com/smallstep/truststore v0.10.1 + github.com/tailscale/tscert v0.0.0-20220125204807-4509a5fbaf74 github.com/yuin/goldmark v1.4.4 github.com/yuin/goldmark-highlighting v0.0.0-20210516132338-9216f9c5aa01 go.uber.org/zap v1.20.0 golang.org/x/crypto v0.0.0-20210915214749-c084706c2272 golang.org/x/net v0.0.0-20210913180222-943fd674d43e golang.org/x/term v0.0.0-20210503060354-a79de5458b56 - google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2 + google.golang.org/genproto v0.0.0-20211018162055-cf77aa76bad2 google.golang.org/protobuf v1.27.1 + gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect gopkg.in/natefinch/lumberjack.v2 v2.0.0 gopkg.in/yaml.v2 v2.4.0 + howett.net/plist v1.0.0 // indirect ) diff --git a/go.sum b/go.sum index 14dcb18e..9fb1f9f4 100644 --- a/go.sum +++ b/go.sum @@ -25,8 +25,14 @@ cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPT cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= -cloud.google.com/go v0.83.0 h1:bAMqZidYkmIsUqe6PtkEPT7Q+vfizScn+jfNA6jwK9c= cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY= +cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM= +cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY= +cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ= +cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= +cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4= +cloud.google.com/go v0.97.0 h1:3DXvAyifywvq64LfkKaMOmkWPS1CikIQdMe2lY9vxU8= +cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= @@ -36,6 +42,8 @@ cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM7 cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= +cloud.google.com/go/kms v1.1.0 h1:1yc4rLqCkVDS9Zvc7m+3mJ47kw0Uo5Q5+sMjcmUVUeM= +cloud.google.com/go/kms v1.1.0/go.mod h1:WdbppnCDMDpOvoYBMn1+gNmOeEoZYqAv+HeuKARGCXI= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= @@ -84,8 +92,9 @@ github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcP github.com/Azure/go-autorest/autorest/validation v0.3.1/go.mod h1:yhLgjC0Wda5DYXl6JAsWyUe4KVNffhoDhG0zVzUMo3E= github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= -github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/BurntSushi/toml v0.4.1 h1:GaI7EiDXDRfa8VshkTj7Fym7ha+y8/XxIgD2okUIjLw= +github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/GoogleCloudPlatform/cloudsql-proxy v0.0.0-20191009163259-e802c2cb94ae/go.mod h1:mjwGPas4yKduTyubHvD1Atl9r1rUq8DfVy+gkVvZ+oo= github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= @@ -180,8 +189,8 @@ github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= github.com/caarlos0/ctrlc v1.0.0/go.mod h1:CdXpj4rmq0q/1Eb44M9zi2nKB0QraNKuRGYGrrHhcQw= -github.com/caddyserver/certmagic v0.15.3 h1:ScY3KVV1eMIUfW74i20kDnD4eWL8T0rG6S6Wnc6nc9U= -github.com/caddyserver/certmagic v0.15.3/go.mod h1:qhkAOthf72ufAcp3Y5jF2RaGE96oip3UbEQRIzwe3/8= +github.com/caddyserver/certmagic v0.15.4-0.20220217213750-797d29bcf32f h1:sdjilRh0dxXpofiwDSFU7itmxuXetKB6xWd+lNRVq9s= +github.com/caddyserver/certmagic v0.15.4-0.20220217213750-797d29bcf32f/go.mod h1:qhkAOthf72ufAcp3Y5jF2RaGE96oip3UbEQRIzwe3/8= github.com/campoy/unique v0.0.0-20180121183637-88950e537e7e/go.mod h1:9IOqJGCPMSc6E5ydlp5NIonxObaeu/Iub/X03EKPVYo= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= github.com/cavaliercoder/go-cpio v0.0.0-20180626203310-925f9528c45e/go.mod h1:oDpT4efm8tSYHXV5tHSdRvBet/b/QzxZ+XyyPehvm3A= @@ -294,8 +303,9 @@ github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiD github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= -github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= +github.com/fsnotify/fsnotify v1.5.1 h1:mZcQUHVQUQWoPXXtuf9yuEXKudkV2sx1E06UadKWpgI= +github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU= github.com/fullstorydev/grpcurl v1.8.0/go.mod h1:Mn2jWbdMrQGJQ8UD62uNyMumT2acsZUCkZIqFxsQf1o= github.com/fullstorydev/grpcurl v1.8.1/go.mod h1:3BWhvHZwNO7iLXaQlojdg5NA6SxUDePli4ecpK1N7gw= github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ= @@ -431,6 +441,8 @@ github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/rpmpack v0.0.0-20191226140753-aa36bfddb3a0/go.mod h1:RaTPr0KUf2K7fnZYLNDrr8rxAamWs3iNywJLtQ2AzBg= github.com/google/subcommands v1.0.1/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk= @@ -449,8 +461,10 @@ github.com/googleapis/gax-go v2.0.2+incompatible h1:silFMLAnr330+NRuag/VjIGF7TLp github.com/googleapis/gax-go v2.0.2+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= github.com/googleapis/gax-go/v2 v2.0.3/go.mod h1:LLvjysVCY1JZeum8Z6l8qUty8fiNwE08qbEPm1M08qg= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= -github.com/googleapis/gax-go/v2 v2.0.5 h1:sjZBwGj9Jlw33ImPtvFviGYvseOtDM7hkSKB7+Tv3SM= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= +github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0= +github.com/googleapis/gax-go/v2 v2.1.1 h1:dp3bWCh+PPO1zjRRiCSczJav13sBvG4UhNyVTa1KqdU= +github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0eJc8R6ouapiM= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gordonklaus/ineffassign v0.0.0-20200309095847-7953dde2c7bf/go.mod h1:cuNKsD1zp2v6XfE/orVX2QE1LC+i254ceGcVeDT3pTU= github.com/goreleaser/goreleaser v0.134.0/go.mod h1:ZT6Y2rSYa6NxQzIsdfWWNWAlYGXGbreo66NmE+3X3WQ= @@ -643,6 +657,8 @@ github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa1 github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= +github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc= +github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg= github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= @@ -897,6 +913,8 @@ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= +github.com/tailscale/tscert v0.0.0-20220125204807-4509a5fbaf74 h1:uFx5aih29p2IaRUF0lJwtVViCXStlvnPPE3NEmM4Ivs= +github.com/tailscale/tscert v0.0.0-20220125204807-4509a5fbaf74/go.mod h1:hL4gB6APAasMR2NNi/JHzqKkxW3EPQlFgLEq9PMi2t0= github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cbyO7IOYJZWg1U88JhDg3PB6klq9Hg2pA= github.com/thales-e-security/pool v0.0.2/go.mod h1:qtpMm2+thHtqhLzTwgDBj/OuNnMpupY8mv0Phz0gjhU= github.com/tj/assert v0.0.0-20171129193455-018094318fb0/go.mod h1:mZ9/Rh9oLWpLLDRpvE+3b7gP/C2YyLFYxNmcLnPTMe0= @@ -1169,8 +1187,11 @@ golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210413134643-5e61552d6c78/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210427180440-81ed05c6b58c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c h1:pkQiBZBvdos9qq4wBAHqlzuZHEXo07pqV06ef90u1WI= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f h1:Qmd2pbz05z7z6lm0DrgQVVPuBm92jqujBKMHMOlOQEw= +golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/perf v0.0.0-20180704124530-6e6d33e29852/go.mod h1:JLpeXjPJfIyPr5TlbXLkXWLhP8nz10XfvxElABhCtcw= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1266,8 +1287,14 @@ golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210915083310-ed5796bab164/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210917161153-d61c044b1678/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211031064116-611d5d643895/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 h1:XfKQ4OlFl8okEOr5UvAqFRVj8pY/4yfcXrddB8qAbU0= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -1361,6 +1388,7 @@ golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5 h1:ouewzE6p+/VEB31YYnTbEJdi8pFqKp4P4n85vwo3DHA= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1400,8 +1428,15 @@ google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= google.golang.org/api v0.46.0/go.mod h1:ceL4oozhkAiTID8XMmJBsIxID/9wMXJVVFXPg4ylg3I= google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo= -google.golang.org/api v0.48.0 h1:RDAPWfNFY06dffEXfn7hZF5Fr1ZbnChzfQZAPyBd1+I= google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4= +google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw= +google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU= +google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k= +google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE= +google.golang.org/api v0.56.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE= +google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI= +google.golang.org/api v0.58.0 h1:MDkAbYIB1JpSgCTOCYYoIec/coMlKK4oVbpnBLLcyT0= +google.golang.org/api v0.58.0/go.mod h1:cAbP2FsxoGVNwtgNAmmn3y5G1TWAiVYRmg4yku3lv+E= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1473,9 +1508,23 @@ google.golang.org/genproto v0.0.0-20210429181445-86c259c2b4ab/go.mod h1:P3QM42oQ google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= +google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= +google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24= +google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= +google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= google.golang.org/genproto v0.0.0-20210719143636-1d5a45f8e492/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= -google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2 h1:NHN4wOCScVzKhPenJ2dt+BTs3X/XkBVI/Rh4iDt55T8= +google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= +google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= +google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w= +google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= +google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= +google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= +google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= +google.golang.org/genproto v0.0.0-20210917145530-b395a37504d4/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= +google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20211018162055-cf77aa76bad2 h1:CUp93KYgL06Y/PdI8aRJaFiAHevPIGWQmijSqaUhue8= +google.golang.org/genproto v0.0.0-20211018162055-cf77aa76bad2/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= @@ -1508,6 +1557,7 @@ google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQ google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= +google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.40.0 h1:AGJ0Ih4mHjSeibYkFGh1dD9KJ/eOtZ93I6hoHhukQ5Q= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= @@ -1529,8 +1579,9 @@ google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= gopkg.in/cheggaaa/pb.v1 v1.0.28/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= @@ -1550,6 +1601,7 @@ gopkg.in/src-d/go-git.v4 v4.13.1/go.mod h1:nx5NYcxdKxq5fpltdHnPa2Exj4Sx0EclMWZQb gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= +gopkg.in/yaml.v1 v1.0.0-20140924161607-9f9df34309c0/go.mod h1:WDnlLJ4WF5VGsH/HVa3CI79GS0ol3YnhVnKP89i0kNg= gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= @@ -1573,8 +1625,9 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -howett.net/plist v0.0.0-20181124034731-591f970eefbb h1:jhnBjNi9UFpfpl8YZhA9CrOqpnJdvzuiHsl/dnxl11M= howett.net/plist v0.0.0-20181124034731-591f970eefbb/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0= +howett.net/plist v1.0.0 h1:7CrbWYbPPO/PyNy38b2EB/+gYbjCe2DXBxgtOOZbSQM= +howett.net/plist v1.0.0/go.mod h1:lqaXoTrLY4hg8tnEzNru53gicrbv7rrk+2xJA/7hw9g= pack.ag/amqp v0.11.2/go.mod h1:4/cbmt4EJXSKlG6LCfWHoqmN0uFdy5i/+YFz+fTfhV4= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= diff --git a/modules/caddyhttp/autohttps.go b/modules/caddyhttp/autohttps.go index 6c37d702..3e38d1b3 100644 --- a/modules/caddyhttp/autohttps.go +++ b/modules/caddyhttp/autohttps.go @@ -31,13 +31,20 @@ import ( // HTTPS is enabled automatically and by default when // qualifying hostnames are available from the config. type AutoHTTPSConfig struct { - // If true, automatic HTTPS will be entirely disabled. + // If true, automatic HTTPS will be entirely disabled, + // including certificate management and redirects. Disabled bool `json:"disable,omitempty"` // If true, only automatic HTTP->HTTPS redirects will - // be disabled. + // be disabled, but other auto-HTTPS features will + // remain enabled. DisableRedir bool `json:"disable_redirects,omitempty"` + // If true, automatic certificate management will be + // disabled, but other auto-HTTPS features will + // remain enabled. + DisableCerts bool `json:"disable_certificates,omitempty"` + // Hosts/domain names listed here will not be included // in automatic HTTPS (they will not have certificates // loaded nor redirects applied). @@ -104,12 +111,13 @@ func (app *App) automaticHTTPSPhase1(ctx caddy.Context, repl *caddy.Replacer) er srv.AutoHTTPS = new(AutoHTTPSConfig) } if srv.AutoHTTPS.Disabled { + app.logger.Warn("automatic HTTPS is completely disabled for server", zap.String("server_name", srvName)) continue } // skip if all listeners use the HTTP port if !srv.listenersUseAnyPortOtherThan(app.httpPort()) { - app.logger.Info("server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server", + app.logger.Warn("server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server", zap.String("server_name", srvName), zap.Int("http_port", app.httpPort()), ) @@ -166,30 +174,35 @@ func (app *App) automaticHTTPSPhase1(ctx caddy.Context, repl *caddy.Replacer) er // for all the hostnames we found, filter them so we have // a deduplicated list of names for which to obtain certs - for d := range serverDomainSet { - if certmagic.SubjectQualifiesForCert(d) && - !srv.AutoHTTPS.Skipped(d, srv.AutoHTTPS.SkipCerts) { - // if a certificate for this name is already loaded, - // don't obtain another one for it, unless we are - // supposed to ignore loaded certificates - if !srv.AutoHTTPS.IgnoreLoadedCerts && - len(app.tlsApp.AllMatchingCertificates(d)) > 0 { - app.logger.Info("skipping automatic certificate management because one or more matching certificates are already loaded", - zap.String("domain", d), - zap.String("server_name", srvName), - ) - continue - } + // (only if cert management not disabled for this server) + if srv.AutoHTTPS.DisableCerts { + app.logger.Warn("skipping automated certificate management for server because it is disabled", zap.String("server_name", srvName)) + } else { + for d := range serverDomainSet { + if certmagic.SubjectQualifiesForCert(d) && + !srv.AutoHTTPS.Skipped(d, srv.AutoHTTPS.SkipCerts) { + // if a certificate for this name is already loaded, + // don't obtain another one for it, unless we are + // supposed to ignore loaded certificates + if !srv.AutoHTTPS.IgnoreLoadedCerts && + len(app.tlsApp.AllMatchingCertificates(d)) > 0 { + app.logger.Info("skipping automatic certificate management because one or more matching certificates are already loaded", + zap.String("domain", d), + zap.String("server_name", srvName), + ) + continue + } - // most clients don't accept wildcards like *.tld... we - // can handle that, but as a courtesy, warn the user - if strings.Contains(d, "*") && - strings.Count(strings.Trim(d, "."), ".") == 1 { - app.logger.Warn("most clients do not trust second-level wildcard certificates (*.tld)", - zap.String("domain", d)) - } + // most clients don't accept wildcards like *.tld... we + // can handle that, but as a courtesy, warn the user + if strings.Contains(d, "*") && + strings.Count(strings.Trim(d, "."), ".") == 1 { + app.logger.Warn("most clients do not trust second-level wildcard certificates (*.tld)", + zap.String("domain", d)) + } - uniqueDomainsForCerts[d] = struct{}{} + uniqueDomainsForCerts[d] = struct{}{} + } } } @@ -200,12 +213,11 @@ func (app *App) automaticHTTPSPhase1(ctx caddy.Context, repl *caddy.Replacer) er // nothing left to do if auto redirects are disabled if srv.AutoHTTPS.DisableRedir { + app.logger.Warn("automatic HTTP->HTTPS redirects are disabled", zap.String("server_name", srvName)) continue } - app.logger.Info("enabling automatic HTTP->HTTPS redirects", - zap.String("server_name", srvName), - ) + app.logger.Info("enabling automatic HTTP->HTTPS redirects", zap.String("server_name", srvName)) // create HTTP->HTTPS redirects for _, addr := range srv.Listen { @@ -459,6 +471,16 @@ func (app *App) createAutomationPolicies(ctx caddy.Context, internalNames []stri } } + // if no external managers were configured, enable + // implicit Tailscale support for convenience + if ap.Managers == nil { + ts, err := implicitTailscale(ctx) + if err != nil { + return err + } + ap.Managers = []certmagic.CertificateManager{ts} + } + // while we're here, is this the catch-all/base policy? if !foundBasePolicy && len(ap.Subjects) == 0 { basePolicy = ap @@ -467,8 +489,14 @@ func (app *App) createAutomationPolicies(ctx caddy.Context, internalNames []stri } if basePolicy == nil { - // no base policy found, we will make one! - basePolicy = new(caddytls.AutomationPolicy) + // no base policy found, we will make one! (with implicit Tailscale integration) + ts, err := implicitTailscale(ctx) + if err != nil { + return err + } + basePolicy = &caddytls.AutomationPolicy{ + Managers: []certmagic.CertificateManager{ts}, + } } // if the basePolicy has an existing ACMEIssuer (particularly to @@ -482,8 +510,8 @@ func (app *App) createAutomationPolicies(ctx caddy.Context, internalNames []stri } } if baseACMEIssuer == nil { - // note that this happens if basePolicy.Issuer is nil - // OR if it is not nil but is not an ACMEIssuer + // note that this happens if basePolicy.Issuers is empty + // OR if it is not empty but does not have not an ACMEIssuer baseACMEIssuer = new(caddytls.ACMEIssuer) } @@ -653,4 +681,11 @@ func (app *App) automaticHTTPSPhase2() error { return nil } +// implicitTailscale returns a new and provisioned Tailscale module configured to be optional. +func implicitTailscale(ctx caddy.Context) (caddytls.Tailscale, error) { + ts := caddytls.Tailscale{Optional: true} + err := ts.Provision(ctx) + return ts, err +} + type acmeCapable interface{ GetACMEIssuer() *caddytls.ACMEIssuer } diff --git a/modules/caddypki/ca.go b/modules/caddypki/ca.go index e3102fba..7fefee65 100644 --- a/modules/caddypki/ca.go +++ b/modules/caddypki/ca.go @@ -239,7 +239,7 @@ func (ca CA) loadOrGenRoot() (rootCert *x509.Certificate, rootKey interface{}, e if err != nil { return nil, nil, fmt.Errorf("loading root key: %v", err) } - rootKey, err = pemDecodePrivateKey(rootKeyPEM) + rootKey, err = certmagic.PEMDecodePrivateKey(rootKeyPEM) if err != nil { return nil, nil, fmt.Errorf("decoding root key: %v", err) } @@ -263,7 +263,7 @@ func (ca CA) genRoot() (rootCert *x509.Certificate, rootKey interface{}, err err if err != nil { return nil, nil, fmt.Errorf("saving root certificate: %v", err) } - rootKeyPEM, err := pemEncodePrivateKey(rootKey) + rootKeyPEM, err := certmagic.PEMEncodePrivateKey(rootKey) if err != nil { return nil, nil, fmt.Errorf("encoding root key: %v", err) } @@ -275,7 +275,7 @@ func (ca CA) genRoot() (rootCert *x509.Certificate, rootKey interface{}, err err return rootCert, rootKey, nil } -func (ca CA) loadOrGenIntermediate(rootCert *x509.Certificate, rootKey interface{}) (interCert *x509.Certificate, interKey interface{}, err error) { +func (ca CA) loadOrGenIntermediate(rootCert *x509.Certificate, rootKey crypto.PrivateKey) (interCert *x509.Certificate, interKey crypto.PrivateKey, err error) { interCertPEM, err := ca.storage.Load(ca.storageKeyIntermediateCert()) if err != nil { if _, ok := err.(certmagic.ErrNotExist); !ok { @@ -301,7 +301,7 @@ func (ca CA) loadOrGenIntermediate(rootCert *x509.Certificate, rootKey interface if err != nil { return nil, nil, fmt.Errorf("loading intermediate key: %v", err) } - interKey, err = pemDecodePrivateKey(interKeyPEM) + interKey, err = certmagic.PEMDecodePrivateKey(interKeyPEM) if err != nil { return nil, nil, fmt.Errorf("decoding intermediate key: %v", err) } @@ -310,7 +310,7 @@ func (ca CA) loadOrGenIntermediate(rootCert *x509.Certificate, rootKey interface return interCert, interKey, nil } -func (ca CA) genIntermediate(rootCert *x509.Certificate, rootKey interface{}) (interCert *x509.Certificate, interKey interface{}, err error) { +func (ca CA) genIntermediate(rootCert *x509.Certificate, rootKey crypto.PrivateKey) (interCert *x509.Certificate, interKey crypto.PrivateKey, err error) { repl := ca.newReplacer() interCert, interKey, err = generateIntermediate(repl.ReplaceAll(ca.IntermediateCommonName, ""), rootCert, rootKey) @@ -325,7 +325,7 @@ func (ca CA) genIntermediate(rootCert *x509.Certificate, rootKey interface{}) (i if err != nil { return nil, nil, fmt.Errorf("saving intermediate certificate: %v", err) } - interKeyPEM, err := pemEncodePrivateKey(interKey) + interKeyPEM, err := certmagic.PEMEncodePrivateKey(interKey) if err != nil { return nil, nil, fmt.Errorf("encoding intermediate key: %v", err) } diff --git a/modules/caddypki/certificates.go b/modules/caddypki/certificates.go index a55c1658..bd260da6 100644 --- a/modules/caddypki/certificates.go +++ b/modules/caddypki/certificates.go @@ -15,6 +15,7 @@ package caddypki import ( + "crypto" "crypto/x509" "time" @@ -30,7 +31,7 @@ func generateRoot(commonName string) (rootCrt *x509.Certificate, privateKey inte return newCert(rootProfile) } -func generateIntermediate(commonName string, rootCrt *x509.Certificate, rootKey interface{}) (cert *x509.Certificate, privateKey interface{}, err error) { +func generateIntermediate(commonName string, rootCrt *x509.Certificate, rootKey crypto.PrivateKey) (cert *x509.Certificate, privateKey crypto.PrivateKey, err error) { interProfile, err := x509util.NewIntermediateProfile(commonName, rootCrt, rootKey) if err != nil { return @@ -39,7 +40,7 @@ func generateIntermediate(commonName string, rootCrt *x509.Certificate, rootKey return newCert(interProfile) } -func newCert(profile x509util.Profile) (cert *x509.Certificate, privateKey interface{}, err error) { +func newCert(profile x509util.Profile) (cert *x509.Certificate, privateKey crypto.PrivateKey, err error) { certBytes, err := profile.CreateCertificate() if err != nil { return diff --git a/modules/caddypki/crypto.go b/modules/caddypki/crypto.go index dbc6f383..386ce629 100644 --- a/modules/caddypki/crypto.go +++ b/modules/caddypki/crypto.go @@ -17,14 +17,12 @@ package caddypki import ( "bytes" "crypto" - "crypto/ecdsa" - "crypto/ed25519" - "crypto/rsa" "crypto/x509" "encoding/pem" "fmt" "os" - "strings" + + "github.com/caddyserver/certmagic" ) func pemDecodeSingleCert(pemDER []byte) (*x509.Certificate, error) { @@ -45,70 +43,6 @@ func pemEncodeCert(der []byte) ([]byte, error) { return pemEncode("CERTIFICATE", der) } -// pemEncodePrivateKey marshals a EC or RSA private key into a PEM-encoded array of bytes. -// TODO: this is the same thing as in certmagic. Should we reuse that code somehow? It's unexported. -func pemEncodePrivateKey(key crypto.PrivateKey) ([]byte, error) { - var pemType string - var keyBytes []byte - switch key := key.(type) { - case *ecdsa.PrivateKey: - var err error - pemType = "EC" - keyBytes, err = x509.MarshalECPrivateKey(key) - if err != nil { - return nil, err - } - case *rsa.PrivateKey: - pemType = "RSA" - keyBytes = x509.MarshalPKCS1PrivateKey(key) - case *ed25519.PrivateKey: - var err error - pemType = "ED25519" - keyBytes, err = x509.MarshalPKCS8PrivateKey(key) - if err != nil { - return nil, err - } - default: - return nil, fmt.Errorf("unsupported key type: %T", key) - } - return pemEncode(pemType+" PRIVATE KEY", keyBytes) -} - -// pemDecodePrivateKey loads a PEM-encoded ECC/RSA private key from an array of bytes. -// Borrowed from Go standard library, to handle various private key and PEM block types. -// https://github.com/golang/go/blob/693748e9fa385f1e2c3b91ca9acbb6c0ad2d133d/src/crypto/tls/tls.go#L291-L308 -// https://github.com/golang/go/blob/693748e9fa385f1e2c3b91ca9acbb6c0ad2d133d/src/crypto/tls/tls.go#L238) -// TODO: this is the same thing as in certmagic. Should we reuse that code somehow? It's unexported. -func pemDecodePrivateKey(keyPEMBytes []byte) (crypto.PrivateKey, error) { - keyBlockDER, _ := pem.Decode(keyPEMBytes) - if keyBlockDER == nil { - return nil, fmt.Errorf("no PEM data found") - } - - if keyBlockDER.Type != "PRIVATE KEY" && !strings.HasSuffix(keyBlockDER.Type, " PRIVATE KEY") { - return nil, fmt.Errorf("unknown PEM header %q", keyBlockDER.Type) - } - - if key, err := x509.ParsePKCS1PrivateKey(keyBlockDER.Bytes); err == nil { - return key, nil - } - - if key, err := x509.ParsePKCS8PrivateKey(keyBlockDER.Bytes); err == nil { - switch key := key.(type) { - case *rsa.PrivateKey, *ecdsa.PrivateKey, ed25519.PrivateKey: - return key, nil - default: - return nil, fmt.Errorf("found unknown private key type in PKCS#8 wrapping: %T", key) - } - } - - if key, err := x509.ParseECPrivateKey(keyBlockDER.Bytes); err == nil { - return key, nil - } - - return nil, fmt.Errorf("unknown private key type") -} - func pemEncode(blockType string, b []byte) ([]byte, error) { var buf bytes.Buffer err := pem.Encode(&buf, &pem.Block{Type: blockType, Bytes: b}) @@ -137,7 +71,7 @@ type KeyPair struct { } // Load loads the certificate and key. -func (kp KeyPair) Load() (*x509.Certificate, interface{}, error) { +func (kp KeyPair) Load() (*x509.Certificate, crypto.Signer, error) { switch kp.Format { case "", "pem_file": certData, err := os.ReadFile(kp.Certificate) @@ -153,7 +87,7 @@ func (kp KeyPair) Load() (*x509.Certificate, interface{}, error) { if err != nil { return nil, nil, err } - key, err := pemDecodePrivateKey(keyData) + key, err := certmagic.PEMDecodePrivateKey(keyData) if err != nil { return nil, nil, err } diff --git a/modules/caddytls/automation.go b/modules/caddytls/automation.go index 2a701bfe..95b17723 100644 --- a/modules/caddytls/automation.go +++ b/modules/caddytls/automation.go @@ -89,6 +89,14 @@ type AutomationPolicy struct { // zerossl. IssuersRaw []json.RawMessage `json:"issuers,omitempty" caddy:"namespace=tls.issuance inline_key=module"` + // Modules that can get a custom certificate to use for any + // given TLS handshake at handshake-time. Custom certificates + // can be useful if another entity is managing certificates + // and Caddy need only get it and serve it. + // + // TODO: This is an EXPERIMENTAL feature. It is subject to change or removal. + ManagersRaw []json.RawMessage `json:"get_certificate,omitempty" caddy:"namespace=tls.get_certificate inline_key=via"` + // If true, certificates will be requested with MustStaple. Not all // CAs support this, and there are potentially serious consequences // of enabling this feature without proper threat modeling. @@ -113,7 +121,7 @@ type AutomationPolicy struct { // If true, certificates will be managed "on demand"; that is, during // TLS handshakes or when needed, as opposed to at startup or config - // load. + // load. This enables On-Demand TLS for this policy. OnDemand bool `json:"on_demand,omitempty"` // Disables OCSP stapling. Disabling OCSP stapling puts clients at @@ -129,10 +137,12 @@ type AutomationPolicy struct { // EXPERIMENTAL. Subject to change. OCSPOverrides map[string]string `json:"ocsp_overrides,omitempty"` - // Issuers stores the decoded issuer parameters. This is only - // used to populate an underlying certmagic.Config's Issuers - // field; it is not referenced thereafter. - Issuers []certmagic.Issuer `json:"-"` + // Issuers and Managers store the decoded issuer and manager modules; + // they are only used to populate an underlying certmagic.Config's + // fields during provisioning so that the modules can survive a + // re-provisioning. + Issuers []certmagic.Issuer `json:"-"` + Managers []certmagic.CertificateManager `json:"-"` magic *certmagic.Config storage certmagic.Storage @@ -153,6 +163,7 @@ func (ap *AutomationPolicy) Provision(tlsApp *TLS) error { ap.storage = cmStorage } + // on-demand TLS var ond *certmagic.OnDemandConfig if ap.OnDemand { ond = &certmagic.OnDemandConfig{ @@ -176,6 +187,22 @@ func (ap *AutomationPolicy) Provision(tlsApp *TLS) error { } } + // we don't store loaded modules directly in the certmagic config since + // policy provisioning may happen more than once (during auto-HTTPS) and + // loading a module clears its config bytes; thus, load the module and + // store them on the policy before putting it on the config + + // load and provision any cert manager modules + if ap.ManagersRaw != nil { + vals, err := tlsApp.ctx.LoadModule(ap, "ManagersRaw") + if err != nil { + return fmt.Errorf("loading external certificate manager modules: %v", err) + } + for _, getCertVal := range vals.([]interface{}) { + ap.Managers = append(ap.Managers, getCertVal.(certmagic.CertificateManager)) + } + } + // load and provision any explicitly-configured issuer modules if ap.IssuersRaw != nil { val, err := tlsApp.ctx.LoadModule(ap, "IssuersRaw") @@ -225,9 +252,10 @@ func (ap *AutomationPolicy) Provision(tlsApp *TLS) error { DisableStapling: ap.DisableOCSPStapling, ResponderOverrides: ap.OCSPOverrides, }, - Storage: storage, - Issuers: issuers, - Logger: tlsApp.logger, + Storage: storage, + Issuers: issuers, + Managers: ap.Managers, + Logger: tlsApp.logger, } ap.magic = certmagic.New(tlsApp.certCache, template) diff --git a/modules/caddytls/certmanagers.go b/modules/caddytls/certmanagers.go new file mode 100644 index 00000000..653e9f50 --- /dev/null +++ b/modules/caddytls/certmanagers.go @@ -0,0 +1,208 @@ +package caddytls + +import ( + "context" + "crypto/tls" + "fmt" + "io" + "net/http" + "net/url" + "strings" + + "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" + "github.com/caddyserver/certmagic" + "github.com/tailscale/tscert" + "go.uber.org/zap" +) + +func init() { + caddy.RegisterModule(Tailscale{}) + caddy.RegisterModule(HTTPCertGetter{}) +} + +// Tailscale is a module that can get certificates from the local Tailscale process. +type Tailscale struct { + // If true, this module will operate in "best-effort" mode and + // ignore "soft" errors; i.e. try Tailscale, and if it doesn't connect + // or return a certificate, oh well. Failure to connect to Tailscale + // results in a no-op instead of an error. Intended for the use case + // where this module is added implicitly for convenience, even if + // Tailscale isn't necessarily running. + Optional bool `json:"optional,omitempty"` + + logger *zap.Logger +} + +// CaddyModule returns the Caddy module information. +func (Tailscale) CaddyModule() caddy.ModuleInfo { + return caddy.ModuleInfo{ + ID: "tls.get_certificate.tailscale", + New: func() caddy.Module { return new(Tailscale) }, + } +} + +func (ts *Tailscale) Provision(ctx caddy.Context) error { + ts.logger = ctx.Logger(ts) + return nil +} + +func (ts Tailscale) GetCertificate(ctx context.Context, hello *tls.ClientHelloInfo) (*tls.Certificate, error) { + canGetCert, err := ts.canHazCertificate(ctx, hello) + if err == nil && !canGetCert { + return nil, nil // pass-thru: Tailscale can't offer a cert for this name + } + if err != nil { + ts.logger.Warn("could not get status; will try to get certificate anyway", zap.Error(err)) + } + return tscert.GetCertificate(hello) +} + +// canHazCertificate returns true if Tailscale reports it can get a certificate for the given ClientHello. +func (ts Tailscale) canHazCertificate(ctx context.Context, hello *tls.ClientHelloInfo) (bool, error) { + if ts.Optional && !strings.HasSuffix(strings.ToLower(hello.ServerName), tailscaleDomainAliasEnding) { + return false, nil + } + status, err := tscert.GetStatus(ctx) + if err != nil { + if ts.Optional { + return false, nil // ignore error if we don't expect/require it to work anyway + } + return false, err + } + for _, domain := range status.CertDomains { + if certmagic.MatchWildcard(hello.ServerName, domain) { + return true, nil + } + } + return false, nil +} + +// UnmarshalCaddyfile deserializes Caddyfile tokens into ts. +// +// ... tailscale +// +func (Tailscale) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + for d.Next() { + if d.NextArg() { + return d.ArgErr() + } + } + return nil +} + +// tailscaleDomainAliasEnding is the ending for all Tailscale custom domains. +const tailscaleDomainAliasEnding = ".ts.net" + +// HTTPCertGetter can get a certificate via HTTP(S) request. +type HTTPCertGetter struct { + // The URL from which to download the certificate. Required. + // + // The URL will be augmented with query string parameters taken + // from the TLS handshake: + // + // - server_name: The SNI value + // - signature_schemes: Comma-separated list of hex IDs of signatures + // - cipher_suites: Comma-separated list of hex IDs of cipher suites + // + // To be valid, the response must be HTTP 200 with a PEM body + // consisting of blocks for the certificate chain and the private + // key. + URL string `json:"url,omitempty"` + + ctx context.Context +} + +// CaddyModule returns the Caddy module information. +func (hcg HTTPCertGetter) CaddyModule() caddy.ModuleInfo { + return caddy.ModuleInfo{ + ID: "tls.get_certificate.http", + New: func() caddy.Module { return new(HTTPCertGetter) }, + } +} + +func (hcg *HTTPCertGetter) Provision(ctx caddy.Context) error { + hcg.ctx = ctx + if hcg.URL == "" { + return fmt.Errorf("URL is required") + } + return nil +} + +func (hcg HTTPCertGetter) GetCertificate(ctx context.Context, hello *tls.ClientHelloInfo) (*tls.Certificate, error) { + sigs := make([]string, len(hello.SignatureSchemes)) + for i, sig := range hello.SignatureSchemes { + sigs[i] = fmt.Sprintf("%x", uint16(sig)) // you won't believe what %x uses if the val is a Stringer + } + suites := make([]string, len(hello.CipherSuites)) + for i, cs := range hello.CipherSuites { + suites[i] = fmt.Sprintf("%x", cs) + } + + parsed, err := url.Parse(hcg.URL) + if err != nil { + return nil, err + } + qs := parsed.Query() + qs.Set("server_name", hello.ServerName) + qs.Set("signature_schemes", strings.Join(sigs, ",")) + qs.Set("cipher_suites", strings.Join(suites, ",")) + parsed.RawQuery = qs.Encode() + + req, err := http.NewRequestWithContext(hcg.ctx, http.MethodGet, parsed.String(), nil) + if err != nil { + return nil, err + } + + resp, err := http.DefaultClient.Do(req) + if err != nil { + return nil, err + } + defer resp.Body.Close() + if resp.StatusCode != http.StatusOK { + return nil, fmt.Errorf("got HTTP %d", resp.StatusCode) + } + + bodyBytes, err := io.ReadAll(resp.Body) + if err != nil { + return nil, fmt.Errorf("error reading response body: %v", err) + } + + cert, err := tlsCertFromCertAndKeyPEMBundle(bodyBytes) + if err != nil { + return nil, err + } + + return &cert, nil +} + +// UnmarshalCaddyfile deserializes Caddyfile tokens into ts. +// +// ... http +// +func (hcg *HTTPCertGetter) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + for d.Next() { + if !d.NextArg() { + return d.ArgErr() + } + hcg.URL = d.Val() + if d.NextArg() { + return d.ArgErr() + } + for nesting := d.Nesting(); d.NextBlock(nesting); { + return d.Err("block not allowed here") + } + } + return nil +} + +// Interface guards +var ( + _ certmagic.CertificateManager = (*Tailscale)(nil) + _ caddy.Provisioner = (*Tailscale)(nil) + _ caddyfile.Unmarshaler = (*Tailscale)(nil) + + _ certmagic.CertificateManager = (*HTTPCertGetter)(nil) + _ caddy.Provisioner = (*HTTPCertGetter)(nil) + _ caddyfile.Unmarshaler = (*HTTPCertGetter)(nil) +) diff --git a/modules/caddytls/folderloader.go b/modules/caddytls/folderloader.go index 0ff0629d..33b31a54 100644 --- a/modules/caddytls/folderloader.go +++ b/modules/caddytls/folderloader.go @@ -61,10 +61,14 @@ func (fl FolderLoader) LoadCertificates() ([]Certificate, error) { return nil } - cert, err := x509CertFromCertAndKeyPEMFile(fpath) + bundle, err := os.ReadFile(fpath) if err != nil { return err } + cert, err := tlsCertFromCertAndKeyPEMBundle(bundle) + if err != nil { + return fmt.Errorf("%s: %w", fpath, err) + } certs = append(certs, Certificate{Certificate: cert}) @@ -77,12 +81,7 @@ func (fl FolderLoader) LoadCertificates() ([]Certificate, error) { return certs, nil } -func x509CertFromCertAndKeyPEMFile(fpath string) (tls.Certificate, error) { - bundle, err := os.ReadFile(fpath) - if err != nil { - return tls.Certificate{}, err - } - +func tlsCertFromCertAndKeyPEMBundle(bundle []byte) (tls.Certificate, error) { certBuilder, keyBuilder := new(bytes.Buffer), new(bytes.Buffer) var foundKey bool // use only the first key in the file @@ -96,8 +95,7 @@ func x509CertFromCertAndKeyPEMFile(fpath string) (tls.Certificate, error) { if derBlock.Type == "CERTIFICATE" { // Re-encode certificate as PEM, appending to certificate chain - err = pem.Encode(certBuilder, derBlock) - if err != nil { + if err := pem.Encode(certBuilder, derBlock); err != nil { return tls.Certificate{}, err } } else if derBlock.Type == "EC PARAMETERS" { @@ -105,18 +103,16 @@ func x509CertFromCertAndKeyPEMFile(fpath string) (tls.Certificate, error) { // parameters and key (parameter block should come first) if !foundKey { // Encode parameters - err = pem.Encode(keyBuilder, derBlock) - if err != nil { + if err := pem.Encode(keyBuilder, derBlock); err != nil { return tls.Certificate{}, err } // Key must immediately follow derBlock, bundle = pem.Decode(bundle) if derBlock == nil || derBlock.Type != "EC PRIVATE KEY" { - return tls.Certificate{}, fmt.Errorf("%s: expected elliptic private key to immediately follow EC parameters", fpath) + return tls.Certificate{}, fmt.Errorf("expected elliptic private key to immediately follow EC parameters") } - err = pem.Encode(keyBuilder, derBlock) - if err != nil { + if err := pem.Encode(keyBuilder, derBlock); err != nil { return tls.Certificate{}, err } foundKey = true @@ -124,28 +120,27 @@ func x509CertFromCertAndKeyPEMFile(fpath string) (tls.Certificate, error) { } else if derBlock.Type == "PRIVATE KEY" || strings.HasSuffix(derBlock.Type, " PRIVATE KEY") { // RSA key if !foundKey { - err = pem.Encode(keyBuilder, derBlock) - if err != nil { + if err := pem.Encode(keyBuilder, derBlock); err != nil { return tls.Certificate{}, err } foundKey = true } } else { - return tls.Certificate{}, fmt.Errorf("%s: unrecognized PEM block type: %s", fpath, derBlock.Type) + return tls.Certificate{}, fmt.Errorf("unrecognized PEM block type: %s", derBlock.Type) } } certPEMBytes, keyPEMBytes := certBuilder.Bytes(), keyBuilder.Bytes() if len(certPEMBytes) == 0 { - return tls.Certificate{}, fmt.Errorf("%s: failed to parse PEM data", fpath) + return tls.Certificate{}, fmt.Errorf("failed to parse PEM data") } if len(keyPEMBytes) == 0 { - return tls.Certificate{}, fmt.Errorf("%s: no private key block found", fpath) + return tls.Certificate{}, fmt.Errorf("no private key block found") } cert, err := tls.X509KeyPair(certPEMBytes, keyPEMBytes) if err != nil { - return tls.Certificate{}, fmt.Errorf("%s: making X509 key pair: %v", fpath, err) + return tls.Certificate{}, fmt.Errorf("making X509 key pair: %v", err) } return cert, nil From ff137d17d008b827d32876310e1179ec5003fef7 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 17 Feb 2022 22:58:25 -0700 Subject: [PATCH 0561/1498] caddyconfig: Support placeholders in HTTP loader --- caddyconfig/httploader.go | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/caddyconfig/httploader.go b/caddyconfig/httploader.go index 396e1536..e4d81591 100644 --- a/caddyconfig/httploader.go +++ b/caddyconfig/httploader.go @@ -71,21 +71,28 @@ func (HTTPLoader) CaddyModule() caddy.ModuleInfo { // LoadConfig loads a Caddy config. func (hl HTTPLoader) LoadConfig(ctx caddy.Context) ([]byte, error) { + repl := caddy.NewReplacer() + client, err := hl.makeClient(ctx) if err != nil { return nil, err } - method := hl.Method + method := repl.ReplaceAll(hl.Method, "") if method == "" { method = http.MethodGet } - req, err := http.NewRequest(method, hl.URL, nil) + url := repl.ReplaceAll(hl.URL, "") + req, err := http.NewRequest(method, url, nil) if err != nil { return nil, err } - req.Header = hl.Headers + for key, vals := range hl.Headers { + for _, val := range vals { + req.Header.Add(repl.ReplaceAll(key, ""), repl.ReplaceKnown(val, "")) + } + } resp, err := client.Do(req) if err != nil { From 26d633baf83994e79d2961fa9f5b37ef5b0ab800 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Sat, 19 Feb 2022 16:20:38 -0500 Subject: [PATCH 0562/1498] httpcaddyfile: Disabling OCSP stapling for both managed and unmanaged (#4589) --- caddyconfig/httpcaddyfile/tlsapp.go | 5 +++++ caddytest/integration/caddyfile_adapt/global_options.txt | 7 +++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index 48506d81..daaec95d 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -301,6 +301,11 @@ func (st ServerType) buildTLSApp( tlsApp.Automation.RenewCheckInterval = renewCheckInterval } + // set whether OCSP stapling should be disabled for manually-managed certificates + if ocspConfig, ok := options["ocsp_stapling"].(certmagic.OCSPConfig); ok { + tlsApp.DisableOCSPStapling = ocspConfig.DisableStapling + } + // if any hostnames appear on the same server block as a key with // no host, they will not be used with route matchers because the // hostless key matches all hosts, therefore, it wouldn't be diff --git a/caddytest/integration/caddyfile_adapt/global_options.txt b/caddytest/integration/caddyfile_adapt/global_options.txt index dda644b2..69e2d9d5 100644 --- a/caddytest/integration/caddyfile_adapt/global_options.txt +++ b/caddytest/integration/caddyfile_adapt/global_options.txt @@ -10,6 +10,7 @@ } acme_ca https://example.com acme_ca_root /path/to/ca.crt + ocsp_stapling off email test@example.com admin off @@ -61,7 +62,8 @@ "module": "internal" } ], - "key_type": "ed25519" + "key_type": "ed25519", + "disable_ocsp_stapling": true } ], "on_demand": { @@ -71,7 +73,8 @@ }, "ask": "https://example.com" } - } + }, + "disable_ocsp_stapling": true } } } From 0de51593a647ee68ae79643f137ae2486118a6e6 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Sat, 19 Feb 2022 17:09:09 -0500 Subject: [PATCH 0563/1498] go.mod: Revert version bump of CEL (#4587) --- go.mod | 2 +- go.sum | 13 +++++-------- 2 files changed, 6 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 7cbbd2fe..9433f0fa 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/fsnotify/fsnotify v1.5.1 // indirect github.com/go-chi/chi v4.1.2+incompatible - github.com/google/cel-go v0.9.0 + github.com/google/cel-go v0.7.3 github.com/google/uuid v1.3.0 github.com/klauspost/compress v1.14.2 github.com/klauspost/cpuid/v2 v2.0.10 diff --git a/go.sum b/go.sum index 9fb1f9f4..20acd7b3 100644 --- a/go.sum +++ b/go.sum @@ -141,8 +141,8 @@ github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= -github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20210826220005-b48c857c3a0e h1:GCzyKMDDjSGnlpl3clrdAK7I1AaVoaiKDOYkUzChZzg= -github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20210826220005-b48c857c3a0e/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY= +github.com/antlr/antlr4 v0.0.0-20200503195918-621b933c7a7f h1:0cEys61Sr2hUBEXfNV8eyQP01oZuBgoMeHunebPirK8= +github.com/antlr/antlr4 v0.0.0-20200503195918-621b933c7a7f/go.mod h1:T7PbCXFs94rrTttyxjbyT5+/1V8T2TYDejxUfHJjw1Y= github.com/aokoli/goutils v1.0.1/go.mod h1:SijmP0QR8LtwsmDs8Yii5Z/S4trXFGFC2oO5g9DP+DQ= github.com/apache/beam v2.28.0+incompatible/go.mod h1:/8NX3Qi8vGstDLLaeaU7+lzVEu/ACaQhYjeefzQ0y1o= github.com/apache/beam v2.30.0+incompatible/go.mod h1:/8NX3Qi8vGstDLLaeaU7+lzVEu/ACaQhYjeefzQ0y1o= @@ -352,7 +352,6 @@ github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXP github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -395,9 +394,9 @@ github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEW github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= -github.com/google/cel-go v0.9.0 h1:u1hg7lcZ/XWw2d3aV1jFS30ijQQ6q0/h1C2ZBeBD1gY= -github.com/google/cel-go v0.9.0/go.mod h1:U7ayypeSkw23szu4GaQTPJGx66c20mx8JklMSxrmI1w= -github.com/google/cel-spec v0.6.0/go.mod h1:Nwjgxy5CbjlPrtCWjeDjUyKMl8w41YBYGjsyDdqk0xA= +github.com/google/cel-go v0.7.3 h1:8v9BSN0avuGwrHFKNCjfiQ/CE6+D6sW+BDyOVoEeP6o= +github.com/google/cel-go v0.7.3/go.mod h1:4EtyFAHT5xNr0Msu0MJjyGxPUgdr9DlcaPyzLt/kkt8= +github.com/google/cel-spec v0.5.0/go.mod h1:Nwjgxy5CbjlPrtCWjeDjUyKMl8w41YBYGjsyDdqk0xA= github.com/google/certificate-transparency-go v1.0.21/go.mod h1:QeJfpSbVSfYc7RgB3gJFj9cbuQMMchQxrWXz8Ruopmg= github.com/google/certificate-transparency-go v1.1.2-0.20210422104406-9f33727a7a18/go.mod h1:6CKh9dscIRoqc2kC6YUFICHZMT9NrClyPrRVFrdw1QQ= github.com/google/certificate-transparency-go v1.1.2-0.20210512142713-bed466244fa6/go.mod h1:aF2dp7Dh81mY8Y/zpzyXps4fQW5zQbDu2CxfpJB6NkI= @@ -1166,7 +1165,6 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210913180222-943fd674d43e h1:+b/22bPvDYt4NPDcy4xAGCmON713ONAWFeY3Z7I3tR8= golang.org/x/net v0.0.0-20210913180222-943fd674d43e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -1291,7 +1289,6 @@ golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210915083310-ed5796bab164/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210917161153-d61c044b1678/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= From ddbb234d91246396b52d9de51f112ac2f5388829 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Sat, 19 Feb 2022 17:10:49 -0500 Subject: [PATCH 0564/1498] caddyhttp: Always log handled errors at debug level (#4584) --- modules/caddyhttp/server.go | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index 964b2a46..fa153cd2 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -259,11 +259,7 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { if err2 == nil { // user's error route handled the error response // successfully, so now just log the error - if errStatus >= 500 { - logger.Error(errMsg, errFields...) - } else { - logger.Debug(errMsg, errFields...) - } + logger.Debug(errMsg, errFields...) } else { // well... this is awkward errFields = append([]zapcore.Field{ From c921e08296ee379da3689caa1371a3003a512648 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Sat, 19 Feb 2022 17:12:28 -0500 Subject: [PATCH 0565/1498] logging: Add `roll_local_time` Caddyfile option (#4583) --- caddytest/integration/caddyfile_adapt/log_roll_days.txt | 2 ++ modules/logging/filewriter.go | 7 +++++++ 2 files changed, 9 insertions(+) diff --git a/caddytest/integration/caddyfile_adapt/log_roll_days.txt b/caddytest/integration/caddyfile_adapt/log_roll_days.txt index 5762c92b..3ead4ac1 100644 --- a/caddytest/integration/caddyfile_adapt/log_roll_days.txt +++ b/caddytest/integration/caddyfile_adapt/log_roll_days.txt @@ -4,6 +4,7 @@ log { output file /var/log/access.log { roll_size 1gb roll_uncompressed + roll_local_time roll_keep 5 roll_keep_for 90d } @@ -24,6 +25,7 @@ log { "roll_gzip": false, "roll_keep": 5, "roll_keep_days": 90, + "roll_local_time": true, "roll_size_mb": 954 }, "include": [ diff --git a/modules/logging/filewriter.go b/modules/logging/filewriter.go index 7333fb20..c0b5715d 100644 --- a/modules/logging/filewriter.go +++ b/modules/logging/filewriter.go @@ -135,6 +135,7 @@ func (fw FileWriter) OpenWriter() (io.WriteCloser, error) { // roll_disabled // roll_size // roll_uncompressed +// roll_local_time // roll_keep // roll_keep_for // } @@ -188,6 +189,12 @@ func (fw *FileWriter) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return d.ArgErr() } + case "roll_local_time": + fw.RollLocalTime = true + if d.NextArg() { + return d.ArgErr() + } + case "roll_keep": var keepStr string if !d.AllArgs(&keepStr) { From 7778912d4eb51b5ae2c7af584c42fc85e1e09f2c Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Sun, 20 Feb 2022 01:16:11 +0300 Subject: [PATCH 0566/1498] ci: update goreleaser (#4582) --- .goreleaser.yml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/.goreleaser.yml b/.goreleaser.yml index 3b7c114b..0065d407 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -6,8 +6,7 @@ before: # subsequently causes gorleaser to refuse running. - mkdir -p caddy-build - cp cmd/caddy/main.go caddy-build/main.go - - cp ./go.mod caddy-build/go.mod - - sed -i.bkp 's|github.com/caddyserver/caddy/v2|caddy|g' ./caddy-build/go.mod + - /bin/sh -c 'cd ./caddy-build && go mod init caddy' # GoReleaser doesn't seem to offer {{.Tag}} at this stage, so we have to embed it into the env # so we run: TAG=$(git describe --abbrev=0) goreleaser release --rm-dist --skip-publish --skip-validate - go mod edit -require=github.com/caddyserver/caddy/v2@{{.Env.TAG}} ./caddy-build/go.mod @@ -36,9 +35,9 @@ builds: - s390x - ppc64le goarm: - - 5 - - 6 - - 7 + - "5" + - "6" + - "7" ignore: - goos: darwin goarch: arm @@ -56,7 +55,7 @@ builds: goarch: s390x - goos: freebsd goarch: arm - goarm: 5 + goarm: "5" flags: - -trimpath ldflags: From 186fdba916a128fc2a837852d2ab04ac2efba413 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Sat, 19 Feb 2022 17:36:36 -0500 Subject: [PATCH 0567/1498] caddyhttp: Move HTTP redirect listener to an optional module (#4585) --- .../global_server_options_single.txt | 4 ++ modules/caddyhttp/app.go | 5 --- modules/caddyhttp/httpredirectlistener.go | 42 +++++++++++++++++++ 3 files changed, 46 insertions(+), 5 deletions(-) diff --git a/caddytest/integration/caddyfile_adapt/global_server_options_single.txt b/caddytest/integration/caddyfile_adapt/global_server_options_single.txt index fb0af2c3..da3e6bc2 100644 --- a/caddytest/integration/caddyfile_adapt/global_server_options_single.txt +++ b/caddytest/integration/caddyfile_adapt/global_server_options_single.txt @@ -1,6 +1,7 @@ { servers { listener_wrappers { + http_redirect tls } timeouts { @@ -32,6 +33,9 @@ foo.com { ":443" ], "listener_wrappers": [ + { + "wrapper": "http_redirect" + }, { "wrapper": "tls" } diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go index 67f9d1d6..64cc5401 100644 --- a/modules/caddyhttp/app.go +++ b/modules/caddyhttp/app.go @@ -343,11 +343,6 @@ func (app *App) Start() error { // enable TLS if there is a policy and if this is not the HTTP port useTLS := len(srv.TLSConnPolicies) > 0 && int(listenAddr.StartPort+portOffset) != app.httpPort() if useTLS { - // create HTTP redirect wrapper, which detects if - // the request had HTTP bytes on the HTTPS port, and - // triggers a redirect if so. - ln = &httpRedirectListener{Listener: ln} - // create TLS listener tlsCfg := srv.TLSConnPolicies.TLSConfig(app.ctx) ln = tls.NewListener(ln, tlsCfg) diff --git a/modules/caddyhttp/httpredirectlistener.go b/modules/caddyhttp/httpredirectlistener.go index 38225a3d..3ff79ff8 100644 --- a/modules/caddyhttp/httpredirectlistener.go +++ b/modules/caddyhttp/httpredirectlistener.go @@ -20,8 +20,45 @@ import ( "net" "net/http" "sync" + + "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" ) +func init() { + caddy.RegisterModule(HTTPRedirectListenerWrapper{}) +} + +// HTTPRedirectListenerWrapper provides HTTP->HTTPS redirects for +// connections that come on the TLS port as an HTTP request, +// by detecting using the first few bytes that it's not a TLS +// handshake, but instead an HTTP request. +// +// This is especially useful when using a non-standard HTTPS port. +// A user may simply type the address in their browser without the +// https:// scheme, which would cause the browser to attempt the +// connection over HTTP, but this would cause a "Client sent an +// HTTP request to an HTTPS server" error response. +// +// This listener wrapper must be placed BEFORE the "tls" listener +// wrapper, for it to work properly. +type HTTPRedirectListenerWrapper struct{} + +func (HTTPRedirectListenerWrapper) CaddyModule() caddy.ModuleInfo { + return caddy.ModuleInfo{ + ID: "caddy.listeners.http_redirect", + New: func() caddy.Module { return new(HTTPRedirectListenerWrapper) }, + } +} + +func (h *HTTPRedirectListenerWrapper) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + return nil +} + +func (h *HTTPRedirectListenerWrapper) WrapListener(l net.Listener) net.Listener { + return &httpRedirectListener{l} +} + // httpRedirectListener is listener that checks the first few bytes // of the request when the server is intended to accept HTTPS requests, // to respond to an HTTP request with a redirect. @@ -112,3 +149,8 @@ func firstBytesLookLikeHTTP(hdr []byte) bool { } return false } + +var ( + _ caddy.ListenerWrapper = (*HTTPRedirectListenerWrapper)(nil) + _ caddyfile.Unmarshaler = (*HTTPRedirectListenerWrapper)(nil) +) From 7ea5b2a818ff56f650c537be83c4230166f90a14 Mon Sep 17 00:00:00 2001 From: Noorain Panjwani Date: Wed, 2 Mar 2022 00:02:33 +0530 Subject: [PATCH 0568/1498] core: Config load interval only reloads if changed (#4603) --- caddy.go | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/caddy.go b/caddy.go index f990d362..aa3a705a 100644 --- a/caddy.go +++ b/caddy.go @@ -481,11 +481,23 @@ func finishSettingUp(ctx Context, cfg *Config) error { return fmt.Errorf("loading config loader module: %s", err) } runLoadedConfig := func(config []byte) { - Log().Info("applying dynamically-loaded config", zap.String("loader_module", val.(Module).CaddyModule().ID.Name()), zap.Int("pull_interval", int(cfg.Admin.Config.LoadInterval))) currentCfgMu.Lock() + defer currentCfgMu.Unlock() + + // Skip if there is no change in the config + if bytes.Equal(rawCfgJSON, config) { + return + } + + Log().Info("applying dynamically-loaded config", zap.String("loader_module", val.(Module).CaddyModule().ID.Name()), zap.Int("pull_interval", int(cfg.Admin.Config.LoadInterval))) err := unsyncedDecodeAndRun(config, false) - currentCfgMu.Unlock() if err == nil { + // success, so update our stored copy of the encoded + // config to keep it consistent with what caddy is now + // running (storing an encoded copy is not strictly + // necessary, but avoids an extra json.Marshal for + // each config change) + rawCfgJSON = config Log().Info("dynamically-loaded config applied successfully") } else { Log().Error("running dynamically-loaded config failed", zap.Error(err)) @@ -503,6 +515,7 @@ func finishSettingUp(ctx Context, cfg *Config) error { Log().Error("loading dynamic config failed", zap.Error(err)) return } + runLoadedConfig(loadedConfig) case <-ctx.Done(): if !timer.Stop() { From acbee9470818a32f77634b0c0943bc0544f6e736 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 1 Mar 2022 13:00:14 -0700 Subject: [PATCH 0569/1498] core: Revert 7f364c7; simplify dynamic config load Fixes #4577 --- caddy.go | 61 +++++++++++++++++++++----------------------------------- 1 file changed, 23 insertions(+), 38 deletions(-) diff --git a/caddy.go b/caddy.go index aa3a705a..81f80e82 100644 --- a/caddy.go +++ b/caddy.go @@ -148,7 +148,7 @@ func changeConfig(method, path string, input []byte, forceReload bool) error { // if nothing changed, no need to do a whole reload unless the client forces it if !forceReload && bytes.Equal(rawCfgJSON, newCfg) { - Log().Named("admin.api").Info("config is unchanged") + Log().Info("config is unchanged") return nil } @@ -480,51 +480,37 @@ func finishSettingUp(ctx Context, cfg *Config) error { if err != nil { return fmt.Errorf("loading config loader module: %s", err) } + + logger := Log().Named("config_loader").With( + zap.String("module", val.(Module).CaddyModule().ID.Name()), + zap.Int("pull_interval", int(cfg.Admin.Config.LoadInterval))) + runLoadedConfig := func(config []byte) { - currentCfgMu.Lock() - defer currentCfgMu.Unlock() - - // Skip if there is no change in the config - if bytes.Equal(rawCfgJSON, config) { - return - } - - Log().Info("applying dynamically-loaded config", zap.String("loader_module", val.(Module).CaddyModule().ID.Name()), zap.Int("pull_interval", int(cfg.Admin.Config.LoadInterval))) - err := unsyncedDecodeAndRun(config, false) + logger.Info("applying dynamically-loaded config") + err := changeConfig(http.MethodPost, "/"+rawConfigKey, config, false) if err == nil { - // success, so update our stored copy of the encoded - // config to keep it consistent with what caddy is now - // running (storing an encoded copy is not strictly - // necessary, but avoids an extra json.Marshal for - // each config change) - rawCfgJSON = config - Log().Info("dynamically-loaded config applied successfully") + logger.Info("successfully applied dynamically-loaded config") } else { - Log().Error("running dynamically-loaded config failed", zap.Error(err)) + logger.Error("failed to run dynamically-loaded config", zap.Error(err)) } } + if cfg.Admin.Config.LoadInterval > 0 { go func() { - for { - timer := time.NewTimer(time.Duration(cfg.Admin.Config.LoadInterval)) - select { - // if LoadInterval is positive, will wait for the interval and then run with new config - case <-timer.C: - loadedConfig, err := val.(ConfigLoader).LoadConfig(ctx) - if err != nil { - Log().Error("loading dynamic config failed", zap.Error(err)) - return - } - - runLoadedConfig(loadedConfig) - case <-ctx.Done(): - if !timer.Stop() { - // if the timer has been stopped then read from the channel - <-timer.C - } - Log().Info("stopping config load interval") + timer := time.NewTimer(time.Duration(cfg.Admin.Config.LoadInterval)) + select { + case <-timer.C: + loadedConfig, err := val.(ConfigLoader).LoadConfig(ctx) + if err != nil { + Log().Error("loading dynamic config failed", zap.Error(err)) return } + runLoadedConfig(loadedConfig) + case <-ctx.Done(): + if !timer.Stop() { + <-timer.C + } + Log().Info("stopping config load interval") } }() } else { @@ -536,7 +522,6 @@ func finishSettingUp(ctx Context, cfg *Config) error { // do this in a goroutine so current config can finish being loaded; otherwise deadlock go runLoadedConfig(loadedConfig) } - } return nil From 87a1f228b4c48db7bdab694cf0fd1c76243f29f3 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 1 Mar 2022 16:12:43 -0500 Subject: [PATCH 0570/1498] reverseproxy: Move status replacement intercept to `replace_status` (#4300) --- .../reverse_proxy_handle_response.txt | 22 +++--- modules/caddyhttp/reverseproxy/caddyfile.go | 79 +++++++++++-------- 2 files changed, 56 insertions(+), 45 deletions(-) diff --git a/caddytest/integration/caddyfile_adapt/reverse_proxy_handle_response.txt b/caddytest/integration/caddyfile_adapt/reverse_proxy_handle_response.txt index 35d9631a..88ecbc21 100644 --- a/caddytest/integration/caddyfile_adapt/reverse_proxy_handle_response.txt +++ b/caddytest/integration/caddyfile_adapt/reverse_proxy_handle_response.txt @@ -1,6 +1,9 @@ :8884 reverse_proxy 127.0.0.1:65535 { + @changeStatus status 500 + replace_status @changeStatus 400 + @accel header X-Accel-Redirect * handle_response @accel { respond "Header X-Accel-Redirect!" @@ -38,9 +41,6 @@ reverse_proxy 127.0.0.1:65535 { handle_response @multi { respond "Headers Foo, Bar AND statuses 401, 403 and 404!" } - - @changeStatus status 500 - handle_response @changeStatus 400 } ---------- { @@ -56,6 +56,14 @@ reverse_proxy 127.0.0.1:65535 { "handle": [ { "handle_response": [ + { + "match": { + "status_code": [ + 500 + ] + }, + "status_code": 400 + }, { "match": { "headers": { @@ -155,14 +163,6 @@ reverse_proxy 127.0.0.1:65535 { } ] }, - { - "match": { - "status_code": [ - 500 - ] - }, - "status_code": 400 - }, { "routes": [ { diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index 52282f7b..d642d04e 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -91,12 +91,13 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) // ... // } // -// # handle responses +// # intercepting responses // @name { // status // header [] // } -// handle_response [] [status_code] { +// replace_status +// handle_response [] { // // } // } @@ -651,6 +652,39 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { // See h.FinalizeUnmarshalCaddyfile h.handleResponseSegments = append(h.handleResponseSegments, d.NewFromNextSegment()) + case "replace_status": + args := d.RemainingArgs() + if len(args) != 2 { + return d.Errf("must have two arguments: a response matcher and a status code") + } + + if !strings.HasPrefix(args[0], matcherPrefix) { + return d.Errf("must use a named response matcher, starting with '@'") + } + + foundMatcher, ok := h.responseMatchers[args[0]] + if !ok { + return d.Errf("no named response matcher defined with name '%s'", args[0][1:]) + } + + _, err := strconv.Atoi(args[1]) + if err != nil { + return d.Errf("bad integer value '%s': %v", args[1], err) + } + + // make sure there's no block, cause it doesn't make sense + if d.NextBlock(1) { + return d.Errf("cannot define routes for 'replace_status', use 'handle_response' instead.") + } + + h.HandleResponse = append( + h.HandleResponse, + caddyhttp.ResponseHandler{ + Match: &foundMatcher, + StatusCode: caddyhttp.WeakString(args[1]), + }, + ) + default: return d.Errf("unrecognized subdirective %s", d.Val()) } @@ -699,20 +733,20 @@ func (h *Handler) FinalizeUnmarshalCaddyfile(helper httpcaddyfile.Helper) error for _, d := range h.handleResponseSegments { // consume the "handle_response" token d.Next() - - var matcher *caddyhttp.ResponseMatcher args := d.RemainingArgs() - // the first arg should be a matcher (optional) - // the second arg should be a status code (optional) - // any more than that isn't currently supported - if len(args) > 2 { + // TODO: Remove this check at some point in the future + if len(args) == 2 { + return d.Errf("configuring 'handle_response' for status code replacement is no longer supported. Use 'replace_status' instead.") + } + + if len(args) > 1 { return d.Errf("too many arguments for 'handle_response': %s", args) } - // the first arg should always be a matcher. - // it doesn't really make sense to support status code without a matcher. - if len(args) > 0 { + var matcher *caddyhttp.ResponseMatcher + if len(args) == 1 { + // the first arg should always be a matcher. if !strings.HasPrefix(args[0], matcherPrefix) { return d.Errf("must use a named response matcher, starting with '@'") } @@ -724,29 +758,6 @@ func (h *Handler) FinalizeUnmarshalCaddyfile(helper httpcaddyfile.Helper) error matcher = &foundMatcher } - // a second arg should be a status code, in which case - // we skip parsing the block for routes - if len(args) == 2 { - _, err := strconv.Atoi(args[1]) - if err != nil { - return d.Errf("bad integer value '%s': %v", args[1], err) - } - - // make sure there's no block, cause it doesn't make sense - if d.NextBlock(1) { - return d.Errf("cannot define routes for 'handle_response' when changing the status code") - } - - h.HandleResponse = append( - h.HandleResponse, - caddyhttp.ResponseHandler{ - Match: matcher, - StatusCode: caddyhttp.WeakString(args[1]), - }, - ) - continue - } - // parse the block as routes handler, err := httpcaddyfile.ParseSegmentAsSubroute(helper.WithDispenser(d.NewFromNextSegment())) if err != nil { From bc447e307f195b80eeec0f6157e0d8e641af9155 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 1 Mar 2022 15:04:47 -0700 Subject: [PATCH 0571/1498] core: Config LoadInterval -> LoadDelay for clarity And improve/clarify docs about this feature See #4577 --- admin.go | 18 ++++++++++++------ caddy.go | 14 +++++++------- 2 files changed, 19 insertions(+), 13 deletions(-) diff --git a/admin.go b/admin.go index 33bb5c6e..891f818e 100644 --- a/admin.go +++ b/admin.go @@ -101,20 +101,26 @@ type ConfigSettings struct { // are not persisted; only configs that are pushed to Caddy get persisted. Persist *bool `json:"persist,omitempty"` - // Loads a configuration to use. This is helpful if your configs are - // managed elsewhere, and you want Caddy to pull its config dynamically + // Loads a new configuration. This is helpful if your configs are + // managed elsewhere and you want Caddy to pull its config dynamically // when it starts. The pulled config completely replaces the current // one, just like any other config load. It is an error if a pulled - // config is configured to pull another config. + // config is configured to pull another config without a load_delay, + // as this creates a tight loop. // // EXPERIMENTAL: Subject to change. LoadRaw json.RawMessage `json:"load,omitempty" caddy:"namespace=caddy.config_loaders inline_key=module"` - // The interval to pull config. With a non-zero value, will pull config - // from config loader (eg. a http loader) with given interval. + // The duration after which to load config. If set, config will be pulled + // from the config loader after this duration. A delay is required if a + // dynamically-loaded config is configured to load yet another config. To + // load configs on a regular interval, ensure this value is set the same + // on all loaded configs; it can also be variable if needed, and to stop + // the loop, simply remove dynamic config loading from the next-loaded + // config. // // EXPERIMENTAL: Subject to change. - LoadInterval Duration `json:"load_interval,omitempty"` + LoadDelay Duration `json:"load_delay,omitempty"` } // IdentityConfig configures management of this server's identity. An identity diff --git a/caddy.go b/caddy.go index 81f80e82..127484d4 100644 --- a/caddy.go +++ b/caddy.go @@ -268,8 +268,8 @@ func unsyncedDecodeAndRun(cfgJSON []byte, allowPersist bool) error { newCfg.Admin != nil && newCfg.Admin.Config != nil && newCfg.Admin.Config.LoadRaw != nil && - newCfg.Admin.Config.LoadInterval <= 0 { - return fmt.Errorf("recursive config loading detected: pulled configs cannot pull other configs without positive load_interval") + newCfg.Admin.Config.LoadDelay <= 0 { + return fmt.Errorf("recursive config loading detected: pulled configs cannot pull other configs without positive load_delay") } // run the new config and start all its apps @@ -483,7 +483,7 @@ func finishSettingUp(ctx Context, cfg *Config) error { logger := Log().Named("config_loader").With( zap.String("module", val.(Module).CaddyModule().ID.Name()), - zap.Int("pull_interval", int(cfg.Admin.Config.LoadInterval))) + zap.Int("load_delay", int(cfg.Admin.Config.LoadDelay))) runLoadedConfig := func(config []byte) { logger.Info("applying dynamically-loaded config") @@ -495,9 +495,9 @@ func finishSettingUp(ctx Context, cfg *Config) error { } } - if cfg.Admin.Config.LoadInterval > 0 { + if cfg.Admin.Config.LoadDelay > 0 { go func() { - timer := time.NewTimer(time.Duration(cfg.Admin.Config.LoadInterval)) + timer := time.NewTimer(time.Duration(cfg.Admin.Config.LoadDelay)) select { case <-timer.C: loadedConfig, err := val.(ConfigLoader).LoadConfig(ctx) @@ -510,11 +510,11 @@ func finishSettingUp(ctx Context, cfg *Config) error { if !timer.Stop() { <-timer.C } - Log().Info("stopping config load interval") + Log().Info("stopping dynamic config loading") } }() } else { - // if no LoadInterval is provided, will load config synchronously + // if no LoadDelay is provided, will load config synchronously loadedConfig, err := val.(ConfigLoader).LoadConfig(ctx) if err != nil { return fmt.Errorf("loading dynamic config from %T: %v", val, err) From 15c95e9d5b330a9590bbd7271264d9d47dd6e643 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 1 Mar 2022 17:32:39 -0500 Subject: [PATCH 0572/1498] fileserver: Canonical redir when whole path is stripped (#4549) --- modules/caddyhttp/fileserver/browse.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/caddyhttp/fileserver/browse.go b/modules/caddyhttp/fileserver/browse.go index d076aec3..f308281a 100644 --- a/modules/caddyhttp/fileserver/browse.go +++ b/modules/caddyhttp/fileserver/browse.go @@ -60,8 +60,11 @@ func (fsrv *FileServer) serveBrowse(root, dirPath string, w http.ResponseWriter, // original URI is necessary because that's the URI the browser knows, // we don't want to redirect from internally-rewritten URIs.) // See https://github.com/caddyserver/caddy/issues/4205. + // We also redirect if the path is empty, because this implies the path + // prefix was fully stripped away by a `handle_path` handler for example. + // See https://github.com/caddyserver/caddy/issues/4466. origReq := r.Context().Value(caddyhttp.OriginalRequestCtxKey).(http.Request) - if path.Base(origReq.URL.Path) == path.Base(r.URL.Path) { + if r.URL.Path == "" || path.Base(origReq.URL.Path) == path.Base(r.URL.Path) { if !strings.HasSuffix(origReq.URL.Path, "/") { fsrv.logger.Debug("redirecting to trailing slash to preserve hrefs", zap.String("request_path", r.URL.Path)) origReq.URL.Path += "/" From ac14b64e08a6ea63067c62cf1bad9cd6ad823d60 Mon Sep 17 00:00:00 2001 From: BitWuehler <39520752+BitWuehler@users.noreply.github.com> Date: Tue, 1 Mar 2022 23:50:12 +0100 Subject: [PATCH 0573/1498] caddyhttp: Support zone identifiers in remote_ip matcher (#4597) * Update matchers.go * Update matchers.go * implementation of zone_id handling * last changes in zone handling * give return true values instead of bool * Apply suggestions from code review Co-authored-by: Francis Lavoie * changes as suggested * Apply suggestions from code review Co-authored-by: Francis Lavoie * Update matchers.go * shortened the Match function * changed mazcher handling * Update matchers.go * delete space Co-authored-by: Francis Lavoie --- modules/caddyhttp/matchers.go | 42 +++++++++++++++++++++++++++++------ 1 file changed, 35 insertions(+), 7 deletions(-) diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index 272c9242..9f10e2c3 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -131,7 +131,10 @@ type ( // to spoof request headers. Default: false Forwarded bool `json:"forwarded,omitempty"` + // cidrs and zones vars should aligned always in the same + // length and indexes for matching later cidrs []*net.IPNet + zones []string logger *zap.Logger } @@ -877,10 +880,19 @@ func (m *MatchRemoteIP) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { func (m *MatchRemoteIP) Provision(ctx caddy.Context) error { m.logger = ctx.Logger(m) for _, str := range m.Ranges { + // Exclude the zone_id from the IP + if strings.Contains(str, "%") { + split := strings.Split(str, "%") + str = split[0] + // write zone identifiers in m.zones for matching later + m.zones = append(m.zones, split[1]) + } else { + m.zones = append(m.zones, "") + } if strings.Contains(str, "/") { _, ipNet, err := net.ParseCIDR(str) if err != nil { - return fmt.Errorf("parsing CIDR expression: %v", err) + return fmt.Errorf("parsing CIDR expression '%s': %v", str, err) } m.cidrs = append(m.cidrs, ipNet) } else { @@ -898,8 +910,9 @@ func (m *MatchRemoteIP) Provision(ctx caddy.Context) error { return nil } -func (m MatchRemoteIP) getClientIP(r *http.Request) (net.IP, error) { +func (m MatchRemoteIP) getClientIP(r *http.Request) (net.IP, string, error) { remote := r.RemoteAddr + zoneID := "" if m.Forwarded { if fwdFor := r.Header.Get("X-Forwarded-For"); fwdFor != "" { remote = strings.TrimSpace(strings.Split(fwdFor, ",")[0]) @@ -909,25 +922,40 @@ func (m MatchRemoteIP) getClientIP(r *http.Request) (net.IP, error) { if err != nil { ipStr = remote // OK; probably didn't have a port } + // Some IPv6-Adresses can contain zone identifiers at the end, + // which are separated with "%" + if strings.Contains(ipStr, "%") { + split := strings.Split(ipStr, "%") + ipStr = split[0] + zoneID = split[1] + } ip := net.ParseIP(ipStr) if ip == nil { - return nil, fmt.Errorf("invalid client IP address: %s", ipStr) + return nil, zoneID, fmt.Errorf("invalid client IP address: %s", ipStr) } - return ip, nil + return ip, zoneID, nil } // Match returns true if r matches m. func (m MatchRemoteIP) Match(r *http.Request) bool { - clientIP, err := m.getClientIP(r) + clientIP, zoneID, err := m.getClientIP(r) if err != nil { m.logger.Error("getting client IP", zap.Error(err)) return false } - for _, ipRange := range m.cidrs { + zoneFilter := true + for i, ipRange := range m.cidrs { if ipRange.Contains(clientIP) { - return true + // Check if there are zone filters assigned and if they match. + if m.zones[i] == "" || zoneID == m.zones[i] { + return true + } + zoneFilter = false } } + if !zoneFilter { + m.logger.Debug("zone ID from remote did not match", zap.String("zone", zoneID)) + } return false } From 5bd96a6ac22849cd9fbbaae5285f0161e272b8e4 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 1 Mar 2022 20:02:39 -0500 Subject: [PATCH 0574/1498] httpcaddyfile: Support explicitly turning off `strict_sni_host` (#4592) --- caddyconfig/httpcaddyfile/serveroptions.go | 11 +++++++---- .../caddyfile_adapt/global_server_options_multi.txt | 12 ++++++++++-- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/caddyconfig/httpcaddyfile/serveroptions.go b/caddyconfig/httpcaddyfile/serveroptions.go index 623f4d7c..7a752524 100644 --- a/caddyconfig/httpcaddyfile/serveroptions.go +++ b/caddyconfig/httpcaddyfile/serveroptions.go @@ -157,11 +157,14 @@ func unmarshalCaddyfileServerOptions(d *caddyfile.Dispenser) (interface{}, error serverOpts.ExperimentalHTTP3 = true case "strict_sni_host": - if d.NextArg() { - return nil, d.ArgErr() + if d.NextArg() && d.Val() != "insecure_off" && d.Val() != "on" { + return nil, d.Errf("strict_sni_host only supports 'on' or 'insecure_off', got '%s'", d.Val()) } - trueBool := true - serverOpts.StrictSNIHost = &trueBool + boolVal := true + if d.Val() == "insecure_off" { + boolVal = false + } + serverOpts.StrictSNIHost = &boolVal default: return nil, d.Errf("unrecognized protocol option '%s'", d.Val()) diff --git a/caddytest/integration/caddyfile_adapt/global_server_options_multi.txt b/caddytest/integration/caddyfile_adapt/global_server_options_multi.txt index 90c02e5e..c01173b4 100644 --- a/caddytest/integration/caddyfile_adapt/global_server_options_multi.txt +++ b/caddytest/integration/caddyfile_adapt/global_server_options_multi.txt @@ -3,6 +3,9 @@ timeouts { idle 90s } + protocol { + strict_sni_host insecure_off + } } servers :80 { timeouts { @@ -13,6 +16,9 @@ timeouts { idle 30s } + protocol { + strict_sni_host + } } } @@ -46,7 +52,8 @@ http://bar.com { ], "terminal": true } - ] + ], + "strict_sni_host": true }, "srv1": { "listen": [ @@ -70,7 +77,8 @@ http://bar.com { "listen": [ ":8080" ], - "idle_timeout": 90000000000 + "idle_timeout": 90000000000, + "strict_sni_host": false } } } From bbad6931e30a2e74b3f53fff797d1115cc9dd491 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 2 Mar 2022 13:08:36 -0500 Subject: [PATCH 0575/1498] pki: Implement API endpoints for certs and `caddy trust` (#4443) * admin: Implement /pki/certificates/ API * pki: Lower "skip_install_trust" log level to INFO See https://github.com/caddyserver/caddy/issues/4058#issuecomment-976132935 It's not necessary to warn about this, because this was an option explicitly configured by the user. Still useful to log, but we don't need to be so loud about it. * cmd: Export functions needed for PKI app, return API response to caller * pki: Rewrite `caddy trust` command to use new admin endpoint instead * pki: Rewrite `caddy untrust` command to support using admin endpoint * Refactor cmd and pki packages for determining admin API endpoint --- admin.go | 50 ++++++--- caddy.go | 7 ++ cmd/commandfuncs.go | 112 ++++++++++++------- cmd/commands.go | 7 +- cmd/main.go | 8 +- context.go | 11 ++ modules/caddypki/adminpki.go | 194 +++++++++++++++++++++++++++++++++ modules/caddypki/command.go | 205 ++++++++++++++++++++++++++--------- modules/caddypki/pki.go | 2 +- 9 files changed, 485 insertions(+), 111 deletions(-) create mode 100644 modules/caddypki/adminpki.go diff --git a/admin.go b/admin.go index 891f818e..11efc683 100644 --- a/admin.go +++ b/admin.go @@ -92,6 +92,10 @@ type AdminConfig struct { // // EXPERIMENTAL: This feature is subject to change. Remote *RemoteAdmin `json:"remote,omitempty"` + + // Holds onto the routers so that we can later provision them + // if they require provisioning. + routers []AdminRouter } // ConfigSettings configures the management of configuration. @@ -190,7 +194,7 @@ type AdminPermissions struct { // newAdminHandler reads admin's config and returns an http.Handler suitable // for use in an admin endpoint server, which will be listening on listenAddr. -func (admin AdminConfig) newAdminHandler(addr NetworkAddress, remote bool) adminHandler { +func (admin *AdminConfig) newAdminHandler(addr NetworkAddress, remote bool) adminHandler { muxWrap := adminHandler{mux: http.NewServeMux()} // secure the local or remote endpoint respectively @@ -250,11 +254,32 @@ func (admin AdminConfig) newAdminHandler(addr NetworkAddress, remote bool) admin for _, route := range router.Routes() { addRoute(route.Pattern, handlerLabel, route.Handler) } + admin.routers = append(admin.routers, router) } return muxWrap } +// provisionAdminRouters provisions all the router modules +// in the admin.api namespace that need provisioning. +func (admin AdminConfig) provisionAdminRouters(ctx Context) error { + for _, router := range admin.routers { + provisioner, ok := router.(Provisioner) + if !ok { + continue + } + + err := provisioner.Provision(ctx) + if err != nil { + return err + } + } + + // We no longer need the routers once provisioned, allow for GC + admin.routers = nil + return nil +} + // allowedOrigins returns a list of origins that are allowed. // If admin.Origins is nil (null), the provided listen address // will be used as the default origin. If admin.Origins is @@ -332,25 +357,26 @@ func replaceLocalAdminServer(cfg *Config) error { } }() - // always get a valid admin config - adminConfig := DefaultAdminConfig - if cfg != nil && cfg.Admin != nil { - adminConfig = cfg.Admin + // set a default if admin wasn't otherwise configured + if cfg.Admin == nil { + cfg.Admin = &AdminConfig{ + Listen: DefaultAdminListen, + } } // if new admin endpoint is to be disabled, we're done - if adminConfig.Disabled { + if cfg.Admin.Disabled { Log().Named("admin").Warn("admin endpoint disabled") return nil } // extract a singular listener address - addr, err := parseAdminListenAddr(adminConfig.Listen, DefaultAdminListen) + addr, err := parseAdminListenAddr(cfg.Admin.Listen, DefaultAdminListen) if err != nil { return err } - handler := adminConfig.newAdminHandler(addr, false) + handler := cfg.Admin.newAdminHandler(addr, false) ln, err := Listen(addr.Network, addr.JoinHostPort(0)) if err != nil { @@ -380,7 +406,7 @@ func replaceLocalAdminServer(cfg *Config) error { adminLogger.Info("admin endpoint started", zap.String("address", addr.String()), - zap.Bool("enforce_origin", adminConfig.EnforceOrigin), + zap.Bool("enforce_origin", cfg.Admin.EnforceOrigin), zap.Array("origins", loggableURLArray(handler.allowedOrigins))) if !handler.enforceHost { @@ -1244,12 +1270,6 @@ var ( // (TLS-authenticated) admin listener, if enabled and not // specified otherwise. DefaultRemoteAdminListen = ":2021" - - // DefaultAdminConfig is the default configuration - // for the local administration endpoint. - DefaultAdminConfig = &AdminConfig{ - Listen: DefaultAdminListen, - } ) // PIDFile writes a pidfile to the file at filename. It diff --git a/caddy.go b/caddy.go index 127484d4..36439240 100644 --- a/caddy.go +++ b/caddy.go @@ -427,6 +427,13 @@ func run(newCfg *Config, start bool) error { return nil } + // Provision any admin routers which may need to access + // some of the other apps at runtime + err = newCfg.Admin.provisionAdminRouters(ctx) + if err != nil { + return err + } + // Start err = func() error { var started []string diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go index ec56ab9c..d308aeb8 100644 --- a/cmd/commandfuncs.go +++ b/cmd/commandfuncs.go @@ -202,7 +202,7 @@ func cmdRun(fl Flags) (int, error) { // we don't use 'else' here since this value might have been changed in 'if' block; i.e. not mutually exclusive var configFile string if !runCmdResumeFlag { - config, configFile, err = loadConfig(runCmdConfigFlag, runCmdConfigAdapterFlag) + config, configFile, err = LoadConfig(runCmdConfigFlag, runCmdConfigAdapterFlag) if err != nil { return caddy.ExitCodeFailedStartup, err } @@ -275,25 +275,33 @@ func cmdRun(fl Flags) (int, error) { } func cmdStop(fl Flags) (int, error) { - stopCmdAddrFlag := fl.String("address") + addrFlag := fl.String("address") + configFlag := fl.String("config") + configAdapterFlag := fl.String("adapter") - err := apiRequest(stopCmdAddrFlag, http.MethodPost, "/stop", nil, nil) + adminAddr, err := DetermineAdminAPIAddress(addrFlag, configFlag, configAdapterFlag) + if err != nil { + return caddy.ExitCodeFailedStartup, fmt.Errorf("couldn't determine admin API address: %v", err) + } + + resp, err := AdminAPIRequest(adminAddr, http.MethodPost, "/stop", nil, nil) if err != nil { caddy.Log().Warn("failed using API to stop instance", zap.Error(err)) return caddy.ExitCodeFailedStartup, err } + defer resp.Body.Close() return caddy.ExitCodeSuccess, nil } func cmdReload(fl Flags) (int, error) { - reloadCmdConfigFlag := fl.String("config") - reloadCmdConfigAdapterFlag := fl.String("adapter") - reloadCmdAddrFlag := fl.String("address") - reloadCmdForceFlag := fl.Bool("force") + configFlag := fl.String("config") + configAdapterFlag := fl.String("adapter") + addrFlag := fl.String("address") + forceFlag := fl.Bool("force") // get the config in caddy's native format - config, configFile, err := loadConfig(reloadCmdConfigFlag, reloadCmdConfigAdapterFlag) + config, configFile, err := LoadConfig(configFlag, configAdapterFlag) if err != nil { return caddy.ExitCodeFailedStartup, err } @@ -301,30 +309,22 @@ func cmdReload(fl Flags) (int, error) { return caddy.ExitCodeFailedStartup, fmt.Errorf("no config file to load") } - // get the address of the admin listener; use flag if specified - adminAddr := reloadCmdAddrFlag - if adminAddr == "" && len(config) > 0 { - var tmpStruct struct { - Admin caddy.AdminConfig `json:"admin"` - } - err = json.Unmarshal(config, &tmpStruct) - if err != nil { - return caddy.ExitCodeFailedStartup, - fmt.Errorf("unmarshaling admin listener address from config: %v", err) - } - adminAddr = tmpStruct.Admin.Listen + adminAddr, err := DetermineAdminAPIAddress(addrFlag, configFlag, configAdapterFlag) + if err != nil { + return caddy.ExitCodeFailedStartup, fmt.Errorf("couldn't determine admin API address: %v", err) } // optionally force a config reload headers := make(http.Header) - if reloadCmdForceFlag { + if forceFlag { headers.Set("Cache-Control", "must-revalidate") } - err = apiRequest(adminAddr, http.MethodPost, "/load", headers, bytes.NewReader(config)) + resp, err := AdminAPIRequest(adminAddr, http.MethodPost, "/load", headers, bytes.NewReader(config)) if err != nil { return caddy.ExitCodeFailedStartup, fmt.Errorf("sending configuration to instance: %v", err) } + defer resp.Body.Close() return caddy.ExitCodeSuccess, nil } @@ -518,7 +518,7 @@ func cmdValidateConfig(fl Flags) (int, error) { validateCmdConfigFlag := fl.String("config") validateCmdAdapterFlag := fl.String("adapter") - input, _, err := loadConfig(validateCmdConfigFlag, validateCmdAdapterFlag) + input, _, err := LoadConfig(validateCmdConfigFlag, validateCmdAdapterFlag) if err != nil { return caddy.ExitCodeFailedStartup, err } @@ -640,17 +640,15 @@ commands: return caddy.ExitCodeSuccess, nil } -// apiRequest makes an API request to the endpoint adminAddr with the -// given HTTP method and request URI. If body is non-nil, it will be -// assumed to be Content-Type application/json. -func apiRequest(adminAddr, method, uri string, headers http.Header, body io.Reader) error { - // parse the admin address - if adminAddr == "" { - adminAddr = caddy.DefaultAdminListen - } +// AdminAPIRequest makes an API request according to the CLI flags given, +// with the given HTTP method and request URI. If body is non-nil, it will +// be assumed to be Content-Type application/json. The caller should close +// the response body. Should only be used by Caddy CLI commands which +// need to interact with a running instance of Caddy via the admin API. +func AdminAPIRequest(adminAddr, method, uri string, headers http.Header, body io.Reader) (*http.Response, error) { parsedAddr, err := caddy.ParseNetworkAddress(adminAddr) if err != nil || parsedAddr.PortRangeSize() > 1 { - return fmt.Errorf("invalid admin address %s: %v", adminAddr, err) + return nil, fmt.Errorf("invalid admin address %s: %v", adminAddr, err) } origin := parsedAddr.JoinHostPort(0) if parsedAddr.IsUnixNetwork() { @@ -660,7 +658,7 @@ func apiRequest(adminAddr, method, uri string, headers http.Header, body io.Read // form the request req, err := http.NewRequest(method, "http://"+origin+uri, body) if err != nil { - return fmt.Errorf("making request: %v", err) + return nil, fmt.Errorf("making request: %v", err) } if parsedAddr.IsUnixNetwork() { // When listening on a unix socket, the admin endpoint doesn't @@ -700,20 +698,58 @@ func apiRequest(adminAddr, method, uri string, headers http.Header, body io.Read resp, err := client.Do(req) if err != nil { - return fmt.Errorf("performing request: %v", err) + return nil, fmt.Errorf("performing request: %v", err) } - defer resp.Body.Close() // if it didn't work, let the user know if resp.StatusCode >= 400 { respBody, err := io.ReadAll(io.LimitReader(resp.Body, 1024*10)) if err != nil { - return fmt.Errorf("HTTP %d: reading error message: %v", resp.StatusCode, err) + return nil, fmt.Errorf("HTTP %d: reading error message: %v", resp.StatusCode, err) } - return fmt.Errorf("caddy responded with error: HTTP %d: %s", resp.StatusCode, respBody) + return nil, fmt.Errorf("caddy responded with error: HTTP %d: %s", resp.StatusCode, respBody) } - return nil + return resp, nil +} + +// DetermineAdminAPIAddress determines which admin API endpoint address should +// be used based on the inputs. By priority: if `address` is specified, then +// it is returned; if `configFile` (and `configAdapter`) are specified, then that +// config will be loaded to find the admin address; otherwise, the default +// admin listen address will be returned. +func DetermineAdminAPIAddress(address, configFile, configAdapter string) (string, error) { + // Prefer the address if specified and non-empty + if address != "" { + return address, nil + } + + // Try to load the config from file if specified, with the given adapter name + if configFile != "" { + // get the config in caddy's native format + config, loadedConfigFile, err := LoadConfig(configFile, configAdapter) + if err != nil { + return "", err + } + if loadedConfigFile == "" { + return "", fmt.Errorf("no config file to load") + } + + // get the address of the admin listener + if len(config) > 0 { + var tmpStruct struct { + Admin caddy.AdminConfig `json:"admin"` + } + err = json.Unmarshal(config, &tmpStruct) + if err != nil { + return "", fmt.Errorf("unmarshaling admin listener address from config: %v", err) + } + return tmpStruct.Admin.Listen, nil + } + } + + // Fallback to the default listen address otherwise + return caddy.DefaultAdminListen, nil } type moduleInfo struct { diff --git a/cmd/commands.go b/cmd/commands.go index 1e2c40de..0c68b7c8 100644 --- a/cmd/commands.go +++ b/cmd/commands.go @@ -156,16 +156,19 @@ development environment.`, RegisterCommand(Command{ Name: "stop", Func: cmdStop, + Usage: "[--address ] [--config [--adapter ]]", Short: "Gracefully stops a started Caddy process", Long: ` Stops the background Caddy process as gracefully as possible. It requires that the admin API is enabled and accessible, since it will -use the API's /stop endpoint. The address of this request can be -customized using the --address flag if it is not the default.`, +use the API's /stop endpoint. The address of this request can be customized +using the --address flag, or from the given --config, if not the default.`, Flags: func() *flag.FlagSet { fs := flag.NewFlagSet("stop", flag.ExitOnError) fs.String("address", "", "The address to use to reach the admin API endpoint, if not the default") + fs.String("config", "", "Configuration file to use to parse the admin address, if --address is not used") + fs.String("adapter", "", "Name of config adapter to apply (when --config is used)") return fs }(), }) diff --git a/cmd/main.go b/cmd/main.go index 7c33c55f..f111ba4d 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -103,15 +103,15 @@ func handlePingbackConn(conn net.Conn, expect []byte) error { return nil } -// loadConfig loads the config from configFile and adapts it +// LoadConfig loads the config from configFile and adapts it // using adapterName. If adapterName is specified, configFile // must be also. If no configFile is specified, it tries // loading a default config file. The lack of a config file is // not treated as an error, but false will be returned if // there is no config available. It prints any warnings to stderr, // and returns the resulting JSON config bytes along with -// whether a config file was loaded or not. -func loadConfig(configFile, adapterName string) ([]byte, string, error) { +// the name of the loaded config file (if any). +func LoadConfig(configFile, adapterName string) ([]byte, string, error) { // specifying an adapter without a config file is ambiguous if adapterName != "" && configFile == "" { return nil, "", fmt.Errorf("cannot adapt config without config file (use --config)") @@ -262,7 +262,7 @@ func watchConfigFile(filename, adapterName string) { lastModified = info.ModTime() // load the contents of the file - config, _, err := loadConfig(filename, adapterName) + config, _, err := LoadConfig(filename, adapterName) if err != nil { logger().Error("unable to load latest config", zap.Error(err)) continue diff --git a/context.go b/context.go index a6386aa8..2a6f5142 100644 --- a/context.go +++ b/context.go @@ -423,6 +423,17 @@ func (ctx Context) App(name string) (interface{}, error) { return modVal, nil } +// AppIsConfigured returns whether an app named name has been +// configured. Can be called before calling App() to avoid +// instantiating an empty app when that's not desirable. +func (ctx Context) AppIsConfigured(name string) bool { + if _, ok := ctx.cfg.apps[name]; ok { + return true + } + appRaw := ctx.cfg.AppsRaw[name] + return appRaw != nil +} + // Storage returns the configured Caddy storage implementation. func (ctx Context) Storage() certmagic.Storage { return ctx.cfg.storage diff --git a/modules/caddypki/adminpki.go b/modules/caddypki/adminpki.go new file mode 100644 index 00000000..5933bcd9 --- /dev/null +++ b/modules/caddypki/adminpki.go @@ -0,0 +1,194 @@ +// Copyright 2020 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package caddypki + +import ( + "encoding/json" + "encoding/pem" + "fmt" + "net/http" + "strings" + + "github.com/caddyserver/caddy/v2" + "go.uber.org/zap" +) + +func init() { + caddy.RegisterModule(adminPKI{}) +} + +// adminPKI is a module that serves a PKI endpoint to retrieve +// information about the CAs being managed by Caddy. +type adminPKI struct { + ctx caddy.Context + log *zap.Logger + pkiApp *PKI +} + +// CaddyModule returns the Caddy module information. +func (adminPKI) CaddyModule() caddy.ModuleInfo { + return caddy.ModuleInfo{ + ID: "admin.api.pki", + New: func() caddy.Module { return new(adminPKI) }, + } +} + +// Provision sets up the adminPKI module. +func (a *adminPKI) Provision(ctx caddy.Context) error { + a.ctx = ctx + a.log = ctx.Logger(a) + + // First check if the PKI app was configured, because + // a.ctx.App() has the side effect of instantiating + // and provisioning an app even if it wasn't configured. + pkiAppConfigured := a.ctx.AppIsConfigured("pki") + if !pkiAppConfigured { + return nil + } + + // Load the PKI app, so we can query it for information. + appModule, err := a.ctx.App("pki") + if err != nil { + return err + } + a.pkiApp = appModule.(*PKI) + + return nil +} + +// Routes returns the admin routes for the PKI app. +func (a *adminPKI) Routes() []caddy.AdminRoute { + return []caddy.AdminRoute{ + { + Pattern: adminPKICertificatesEndpoint, + Handler: caddy.AdminHandlerFunc(a.handleCertificates), + }, + } +} + +// handleCertificates returns certificate information about a particular +// CA, by its ID. If the CA ID is the default, then the CA will be +// provisioned if it has not already been. Other CA IDs will return an +// error if they have not been previously provisioned. +func (a *adminPKI) handleCertificates(w http.ResponseWriter, r *http.Request) error { + if r.Method != http.MethodGet { + return caddy.APIError{ + HTTPStatus: http.StatusMethodNotAllowed, + Err: fmt.Errorf("method not allowed"), + } + } + + // Prep for a JSON response + w.Header().Set("Content-Type", "application/json") + enc := json.NewEncoder(w) + + idPath := r.URL.Path + + // Grab the CA ID from the request path, it should be the 4th segment + parts := strings.Split(idPath, "/") + if len(parts) < 4 || parts[3] == "" { + return caddy.APIError{ + HTTPStatus: http.StatusBadRequest, + Err: fmt.Errorf("request path is missing the CA ID"), + } + } + if parts[0] != "" || parts[1] != "pki" || parts[2] != "certificates" { + return caddy.APIError{ + HTTPStatus: http.StatusBadRequest, + Err: fmt.Errorf("malformed object path"), + } + } + id := parts[3] + + // Find the CA by ID, if PKI is configured + var ca *CA + ok := false + if a.pkiApp != nil { + ca, ok = a.pkiApp.CAs[id] + } + + // If we didn't find the CA, and PKI is not configured + // then we'll either error out if the CA ID is not the + // default. If the CA ID is the default, then we'll + // provision it, because the user probably aims to + // change their config to enable PKI immediately after + // if they actually requested the local CA ID. + if !ok { + if id != DefaultCAID { + return caddy.APIError{ + HTTPStatus: http.StatusNotFound, + Err: fmt.Errorf("no certificate authority configured with id: %s", id), + } + } + + // Provision the default CA, which generates and stores a root + // certificate in storage, if one doesn't already exist. + ca = new(CA) + err := ca.Provision(a.ctx, id, a.log) + if err != nil { + return caddy.APIError{ + HTTPStatus: http.StatusInternalServerError, + Err: fmt.Errorf("failed to provision CA %s, %w", id, err), + } + } + } + + // Convert the root certificate to PEM + rootPem := string(pem.EncodeToMemory(&pem.Block{ + Type: "CERTIFICATE", + Bytes: ca.RootCertificate().Raw, + })) + + // Convert the intermediate certificate to PEM + interPem := string(pem.EncodeToMemory(&pem.Block{ + Type: "CERTIFICATE", + Bytes: ca.IntermediateCertificate().Raw, + })) + + // Build the response + response := CAInfo{ + ID: ca.ID, + Name: ca.Name, + Root: rootPem, + Intermediate: interPem, + } + + // Encode and write the JSON response + err := enc.Encode(response) + if err != nil { + return caddy.APIError{ + HTTPStatus: http.StatusInternalServerError, + Err: err, + } + } + + return nil +} + +// CAInfo is the response from the certificates API endpoint +type CAInfo struct { + ID string `json:"id"` + Name string `json:"name"` + Root string `json:"root"` + Intermediate string `json:"intermediate"` +} + +const adminPKICertificatesEndpoint = "/pki/certificates/" + +// Interface guards +var ( + _ caddy.AdminRouter = (*adminPKI)(nil) + _ caddy.Provisioner = (*adminPKI)(nil) +) diff --git a/modules/caddypki/command.go b/modules/caddypki/command.go index 34daefaa..fa37ab04 100644 --- a/modules/caddypki/command.go +++ b/modules/caddypki/command.go @@ -15,11 +15,13 @@ package caddypki import ( - "context" + "crypto/x509" + "encoding/json" + "encoding/pem" "flag" "fmt" + "net/http" "os" - "path/filepath" "github.com/caddyserver/caddy/v2" caddycmd "github.com/caddyserver/caddy/v2/cmd" @@ -30,69 +32,110 @@ func init() { caddycmd.RegisterCommand(caddycmd.Command{ Name: "trust", Func: cmdTrust, + Usage: "[--ca ] [--address ] [--config [--adapter ]]", Short: "Installs a CA certificate into local trust stores", Long: ` -Adds a root certificate into the local trust stores. Intended for -development environments only. +Adds a root certificate into the local trust stores. -Since Caddy will install its root certificates into the local trust -stores automatically when they are first generated, this command is -only necessary if you need to pre-install the certificates before -using them; for example, if you have elevated privileges at one -point but not later, you will want to use this command so that a -password prompt is not required later. +Caddy will attempt to install its root certificates into the local +trust stores automatically when they are first generated, but it +might fail if Caddy doesn't have the appropriate permissions to +write to the trust store. This command is necessary to pre-install +the certificates before using them, if the server process runs as an +unprivileged user (such as via systemd). -This command installs the root certificate only for Caddy's -default CA.`, +By default, this command installs the root certificate for Caddy's +default CA (i.e. 'local'). You may specify the ID of another CA +with the --ca flag. + +Also, this command will attempt to connect to the Caddy's admin API +running at '` + caddy.DefaultAdminListen + `' to fetch the root certificate. You may +explicitly specify the --address, or use the --config flag to load +the admin address from your config, if not using the default.`, + Flags: func() *flag.FlagSet { + fs := flag.NewFlagSet("trust", flag.ExitOnError) + fs.String("ca", "", "The ID of the CA to trust (defaults to 'local')") + fs.String("address", "", "Address of the administration API listener (if --config is not used)") + fs.String("config", "", "Configuration file (if --address is not used)") + fs.String("adapter", "", "Name of config adapter to apply (if --config is used)") + return fs + }(), }) caddycmd.RegisterCommand(caddycmd.Command{ Name: "untrust", Func: cmdUntrust, - Usage: "[--ca | --cert ]", + Usage: "[--cert ] | [[--ca ] [--address ] [--config [--adapter ]]]", Short: "Untrusts a locally-trusted CA certificate", Long: ` -Untrusts a root certificate from the local trust store(s). Intended -for development environments only. +Untrusts a root certificate from the local trust store(s). This command uninstalls trust; it does not necessarily delete the root certificate from trust stores entirely. Thus, repeatedly trusting and untrusting new certificates can fill up trust databases. -This command does not delete or modify certificate files. +This command does not delete or modify certificate files from Caddy's +configured storage. -Specify which certificate to untrust either by the ID of its CA with -the --ca flag, or the direct path to the certificate file with the ---cert flag. If the --ca flag is used, only the default storage paths -are assumed (i.e. using --ca flag with custom storage backends or file -paths will not work). +This command can be used in one of two ways. Either by specifying +which certificate to untrust by a direct path to the certificate +file with the --cert flag, or by fetching the root certificate for +the CA from the admin API (default behaviour). -If no flags are specified, --ca=local is assumed.`, +If the admin API is used, then the CA defaults to 'local'. You may +specify the ID of another CA with the --ca flag. By default, this +will attempt to connect to the Caddy's admin API running at +'` + caddy.DefaultAdminListen + `' to fetch the root certificate. +You may explicitly specify the --address, or use the --config flag +to load the admin address from your config, if not using the default.`, Flags: func() *flag.FlagSet { fs := flag.NewFlagSet("untrust", flag.ExitOnError) - fs.String("ca", "", "The ID of the CA to untrust") fs.String("cert", "", "The path to the CA certificate to untrust") + fs.String("ca", "", "The ID of the CA to untrust (defaults to 'local')") + fs.String("address", "", "Address of the administration API listener (if --config is not used)") + fs.String("config", "", "Configuration file (if --address is not used)") + fs.String("adapter", "", "Name of config adapter to apply (if --config is used)") return fs }(), }) } -func cmdTrust(fs caddycmd.Flags) (int, error) { - // we have to create a sort of dummy context so that - // the CA can provision itself... - ctx, cancel := caddy.NewContext(caddy.Context{Context: context.Background()}) - defer cancel() +func cmdTrust(fl caddycmd.Flags) (int, error) { + caID := fl.String("ca") + addrFlag := fl.String("address") + configFlag := fl.String("config") + configAdapterFlag := fl.String("adapter") - // provision the CA, which generates and stores a root - // certificate if one doesn't already exist in storage - ca := CA{ - storage: caddy.DefaultStorage, + // Prepare the URI to the admin endpoint + if caID == "" { + caID = DefaultCAID } - err := ca.Provision(ctx, DefaultCAID, caddy.Log()) + + // Determine where we're sending the request to get the CA info + adminAddr, err := caddycmd.DetermineAdminAPIAddress(addrFlag, configFlag, configAdapterFlag) + if err != nil { + return caddy.ExitCodeFailedStartup, fmt.Errorf("couldn't determine admin API address: %v", err) + } + + // Fetch the root cert from the admin API + rootCert, err := rootCertFromAdmin(adminAddr, caID) if err != nil { return caddy.ExitCodeFailedStartup, err } + // Set up the CA struct; we only need to fill in the root + // because we're only using it to make use of the installRoot() + // function. Also needs a logger for warnings, and a "cert path" + // for the root cert; since we're loading from the API and we + // don't know the actual storage path via this flow, we'll just + // pass through the admin API address instead. + ca := CA{ + log: caddy.Log(), + root: rootCert, + rootCertPath: adminAddr + adminPKICertificatesEndpoint + caID, + } + + // Install the cert! err = ca.installRoot() if err != nil { return caddy.ExitCodeFailedStartup, err @@ -101,33 +144,93 @@ func cmdTrust(fs caddycmd.Flags) (int, error) { return caddy.ExitCodeSuccess, nil } -func cmdUntrust(fs caddycmd.Flags) (int, error) { - ca := fs.String("ca") - cert := fs.String("cert") +func cmdUntrust(fl caddycmd.Flags) (int, error) { + certFile := fl.String("cert") + caID := fl.String("ca") + addrFlag := fl.String("address") + configFlag := fl.String("config") + configAdapterFlag := fl.String("adapter") - if ca != "" && cert != "" { - return caddy.ExitCodeFailedStartup, fmt.Errorf("conflicting command line arguments") - } - if ca == "" && cert == "" { - ca = DefaultCAID - } - if ca != "" { - cert = filepath.Join(caddy.AppDataDir(), "pki", "authorities", ca, "root.crt") + if certFile != "" && (caID != "" || addrFlag != "" || configFlag != "") { + return caddy.ExitCodeFailedStartup, fmt.Errorf("conflicting command line arguments, cannot use --cert with other flags") } - // sanity check, make sure cert file exists first - _, err := os.Stat(cert) + // If a file was specified, try to uninstall the cert matching that file + if certFile != "" { + // Sanity check, make sure cert file exists first + _, err := os.Stat(certFile) + if err != nil { + return caddy.ExitCodeFailedStartup, fmt.Errorf("accessing certificate file: %v", err) + } + + // Uninstall the file! + err = truststore.UninstallFile(certFile, + truststore.WithDebug(), + truststore.WithFirefox(), + truststore.WithJava()) + if err != nil { + return caddy.ExitCodeFailedStartup, fmt.Errorf("failed to uninstall certificate file: %v", err) + } + + return caddy.ExitCodeSuccess, nil + } + + // Prepare the URI to the admin endpoint + if caID == "" { + caID = DefaultCAID + } + + // Determine where we're sending the request to get the CA info + adminAddr, err := caddycmd.DetermineAdminAPIAddress(addrFlag, configFlag, configAdapterFlag) if err != nil { - return caddy.ExitCodeFailedStartup, fmt.Errorf("accessing certificate file: %v", err) + return caddy.ExitCodeFailedStartup, fmt.Errorf("couldn't determine admin API address: %v", err) } - err = truststore.UninstallFile(cert, - truststore.WithDebug(), - truststore.WithFirefox(), - truststore.WithJava()) + // Fetch the root cert from the admin API + rootCert, err := rootCertFromAdmin(adminAddr, caID) if err != nil { return caddy.ExitCodeFailedStartup, err } + // Uninstall the cert! + err = truststore.Uninstall(rootCert, + truststore.WithDebug(), + truststore.WithFirefox(), + truststore.WithJava()) + if err != nil { + return caddy.ExitCodeFailedStartup, fmt.Errorf("failed to uninstall certificate file: %v", err) + } + return caddy.ExitCodeSuccess, nil } + +// rootCertFromAdmin makes the API request to fetch the +func rootCertFromAdmin(adminAddr string, caID string) (*x509.Certificate, error) { + uri := adminPKICertificatesEndpoint + caID + + // Make the request to fetch the CA info + resp, err := caddycmd.AdminAPIRequest(adminAddr, http.MethodGet, uri, make(http.Header), nil) + if err != nil { + return nil, fmt.Errorf("requesting CA info: %v", err) + } + defer resp.Body.Close() + + // Decode the resposne + caInfo := new(CAInfo) + err = json.NewDecoder(resp.Body).Decode(caInfo) + if err != nil { + return nil, fmt.Errorf("failed to decode JSON response: %v", err) + } + + // Decode the root + rootBlock, _ := pem.Decode([]byte(caInfo.Root)) + if rootBlock == nil { + return nil, fmt.Errorf("failed to decode root certificate: %v", err) + } + rootCert, err := x509.ParseCertificate(rootBlock.Bytes) + if err != nil { + return nil, fmt.Errorf("failed to parse root certificate: %v", err) + } + + return rootCert, nil +} diff --git a/modules/caddypki/pki.go b/modules/caddypki/pki.go index c19bd0f2..4fd0bb50 100644 --- a/modules/caddypki/pki.go +++ b/modules/caddypki/pki.go @@ -91,7 +91,7 @@ func (p *PKI) Start() error { // install roots to trust store, if not disabled for _, ca := range p.CAs { if ca.InstallTrust != nil && !*ca.InstallTrust { - ca.log.Warn("root certificate trust store installation disabled; unconfigured clients may show warnings", + ca.log.Info("root certificate trust store installation disabled; unconfigured clients may show warnings", zap.String("path", ca.rootCertPath)) continue } From de490c7cadc8c17759f747f5bb554967454c6529 Mon Sep 17 00:00:00 2001 From: ttys3 <41882455+ttys3@users.noreply.github.com> Date: Thu, 3 Mar 2022 02:24:16 +0800 Subject: [PATCH 0576/1498] fastcgi: Set SERVER_PORT to 80 or 443 depending on scheme (#4572) --- modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go b/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go index 5404424d..18d7e75b 100644 --- a/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go +++ b/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go @@ -296,10 +296,15 @@ func (t Transport) buildEnv(r *http.Request) (envVars, error) { } // compliance with the CGI specification requires that - // SERVER_PORT should only exist if it's a valid numeric value. - // Info: https://www.ietf.org/rfc/rfc3875 Page 18 + // the SERVER_PORT variable MUST be set to the TCP/IP port number on which this request is received from the client + // even if the port is the default port for the scheme and could otherwise be omitted from a URI. + // https://tools.ietf.org/html/rfc3875#section-4.1.15 if reqPort != "" { env["SERVER_PORT"] = reqPort + } else if requestScheme == "http" { + env["SERVER_PORT"] = "80" + } else if requestScheme == "https" { + env["SERVER_PORT"] = "443" } // Some web apps rely on knowing HTTPS or not From 78e381b29f64c07a0572a172ff5f89876e8d84db Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 2 Mar 2022 13:00:37 -0700 Subject: [PATCH 0577/1498] caddypki: Refactor /pki/ admin endpoints Remove /pki/certificates/ endpoint and split into two endpoints: - GET /pki/ca/ to get CA info and certs in JSON format - GET /pki/ca//certificates to get cert in PEM chain --- modules/caddypki/adminpki.go | 193 +++++++++++++++++++++++------------ modules/caddypki/command.go | 13 +-- 2 files changed, 134 insertions(+), 72 deletions(-) diff --git a/modules/caddypki/adminpki.go b/modules/caddypki/adminpki.go index 5933bcd9..a2939d1b 100644 --- a/modules/caddypki/adminpki.go +++ b/modules/caddypki/adminpki.go @@ -16,7 +16,6 @@ package caddypki import ( "encoding/json" - "encoding/pem" "fmt" "net/http" "strings" @@ -26,27 +25,27 @@ import ( ) func init() { - caddy.RegisterModule(adminPKI{}) + caddy.RegisterModule(adminAPI{}) } -// adminPKI is a module that serves a PKI endpoint to retrieve +// adminAPI is a module that serves PKI endpoints to retrieve // information about the CAs being managed by Caddy. -type adminPKI struct { +type adminAPI struct { ctx caddy.Context log *zap.Logger pkiApp *PKI } // CaddyModule returns the Caddy module information. -func (adminPKI) CaddyModule() caddy.ModuleInfo { +func (adminAPI) CaddyModule() caddy.ModuleInfo { return caddy.ModuleInfo{ ID: "admin.api.pki", - New: func() caddy.Module { return new(adminPKI) }, + New: func() caddy.Module { return new(adminAPI) }, } } -// Provision sets up the adminPKI module. -func (a *adminPKI) Provision(ctx caddy.Context) error { +// Provision sets up the adminAPI module. +func (a *adminAPI) Provision(ctx caddy.Context) error { a.ctx = ctx a.log = ctx.Logger(a) @@ -69,52 +68,128 @@ func (a *adminPKI) Provision(ctx caddy.Context) error { } // Routes returns the admin routes for the PKI app. -func (a *adminPKI) Routes() []caddy.AdminRoute { +func (a *adminAPI) Routes() []caddy.AdminRoute { return []caddy.AdminRoute{ { - Pattern: adminPKICertificatesEndpoint, - Handler: caddy.AdminHandlerFunc(a.handleCertificates), + Pattern: adminPKIEndpointBase, + Handler: caddy.AdminHandlerFunc(a.handleAPIEndpoints), }, } } -// handleCertificates returns certificate information about a particular -// CA, by its ID. If the CA ID is the default, then the CA will be +// handleAPIEndpoints routes API requests within adminPKIEndpointBase. +func (a *adminAPI) handleAPIEndpoints(w http.ResponseWriter, r *http.Request) error { + uri := strings.TrimPrefix(r.URL.Path, "/pki/") + parts := strings.Split(uri, "/") + switch { + case len(parts) == 2 && parts[0] == "ca" && parts[1] != "": + return a.handleCAInfo(w, r) + case len(parts) == 3 && parts[0] == "ca" && parts[1] != "" && parts[2] == "certificates": + return a.handleCACerts(w, r) + } + return caddy.APIError{ + HTTPStatus: http.StatusNotFound, + Err: fmt.Errorf("resource not found: %v", r.URL.Path), + } +} + +// handleCAInfo returns cinformation about a particular +// CA by its ID. If the CA ID is the default, then the CA will be // provisioned if it has not already been. Other CA IDs will return an // error if they have not been previously provisioned. -func (a *adminPKI) handleCertificates(w http.ResponseWriter, r *http.Request) error { +func (a *adminAPI) handleCAInfo(w http.ResponseWriter, r *http.Request) error { if r.Method != http.MethodGet { return caddy.APIError{ HTTPStatus: http.StatusMethodNotAllowed, - Err: fmt.Errorf("method not allowed"), + Err: fmt.Errorf("method not allowed: %v", r.Method), + } + } + + ca, err := a.getCAFromAPIRequestPath(r) + if err != nil { + return err + } + + rootCert, interCert, err := rootAndIntermediatePEM(ca) + if err != nil { + return caddy.APIError{ + HTTPStatus: http.StatusInternalServerError, + Err: fmt.Errorf("failed to get root and intermediate cert for CA %s: %v", ca.ID, err), + } + } + + repl := ca.newReplacer() + + response := caInfo{ + ID: ca.ID, + Name: ca.Name, + RootCN: repl.ReplaceAll(ca.RootCommonName, ""), + IntermediateCN: repl.ReplaceAll(ca.IntermediateCommonName, ""), + RootCert: string(rootCert), + IntermediateCert: string(interCert), + } + + encoded, err := json.Marshal(response) + if err != nil { + return caddy.APIError{ + HTTPStatus: http.StatusInternalServerError, + Err: err, } } - // Prep for a JSON response w.Header().Set("Content-Type", "application/json") - enc := json.NewEncoder(w) + w.Write(encoded) - idPath := r.URL.Path + return nil +} - // Grab the CA ID from the request path, it should be the 4th segment - parts := strings.Split(idPath, "/") - if len(parts) < 4 || parts[3] == "" { +// handleCACerts returns cinformation about a particular +// CA by its ID. If the CA ID is the default, then the CA will be +// provisioned if it has not already been. Other CA IDs will return an +// error if they have not been previously provisioned. +func (a *adminAPI) handleCACerts(w http.ResponseWriter, r *http.Request) error { + if r.Method != http.MethodGet { return caddy.APIError{ - HTTPStatus: http.StatusBadRequest, - Err: fmt.Errorf("request path is missing the CA ID"), + HTTPStatus: http.StatusMethodNotAllowed, + Err: fmt.Errorf("method not allowed: %v", r.Method), } } - if parts[0] != "" || parts[1] != "pki" || parts[2] != "certificates" { + + ca, err := a.getCAFromAPIRequestPath(r) + if err != nil { + return err + } + + rootCert, interCert, err := rootAndIntermediatePEM(ca) + if err != nil { return caddy.APIError{ - HTTPStatus: http.StatusBadRequest, - Err: fmt.Errorf("malformed object path"), + HTTPStatus: http.StatusInternalServerError, + Err: fmt.Errorf("failed to get root and intermediate cert for CA %s: %v", ca.ID, err), + } + } + + w.Header().Set("Content-Type", "application/pem-certificate-chain") + _, err = w.Write(interCert) + if err == nil { + w.Write(rootCert) + } + + return nil +} + +func (a *adminAPI) getCAFromAPIRequestPath(r *http.Request) (*CA, error) { + // Grab the CA ID from the request path, it should be the 4th segment (/pki/ca/) + id := strings.Split(r.URL.Path, "/")[3] + if id == "" { + return nil, caddy.APIError{ + HTTPStatus: http.StatusBadRequest, + Err: fmt.Errorf("missing CA in path"), } } - id := parts[3] // Find the CA by ID, if PKI is configured var ca *CA - ok := false + var ok bool if a.pkiApp != nil { ca, ok = a.pkiApp.CAs[id] } @@ -127,7 +202,7 @@ func (a *adminPKI) handleCertificates(w http.ResponseWriter, r *http.Request) er // if they actually requested the local CA ID. if !ok { if id != DefaultCAID { - return caddy.APIError{ + return nil, caddy.APIError{ HTTPStatus: http.StatusNotFound, Err: fmt.Errorf("no certificate authority configured with id: %s", id), } @@ -138,57 +213,43 @@ func (a *adminPKI) handleCertificates(w http.ResponseWriter, r *http.Request) er ca = new(CA) err := ca.Provision(a.ctx, id, a.log) if err != nil { - return caddy.APIError{ + return nil, caddy.APIError{ HTTPStatus: http.StatusInternalServerError, Err: fmt.Errorf("failed to provision CA %s, %w", id, err), } } } - // Convert the root certificate to PEM - rootPem := string(pem.EncodeToMemory(&pem.Block{ - Type: "CERTIFICATE", - Bytes: ca.RootCertificate().Raw, - })) + return ca, nil +} - // Convert the intermediate certificate to PEM - interPem := string(pem.EncodeToMemory(&pem.Block{ - Type: "CERTIFICATE", - Bytes: ca.IntermediateCertificate().Raw, - })) - - // Build the response - response := CAInfo{ - ID: ca.ID, - Name: ca.Name, - Root: rootPem, - Intermediate: interPem, - } - - // Encode and write the JSON response - err := enc.Encode(response) +func rootAndIntermediatePEM(ca *CA) (root, inter []byte, err error) { + root, err = pemEncodeCert(ca.RootCertificate().Raw) if err != nil { - return caddy.APIError{ - HTTPStatus: http.StatusInternalServerError, - Err: err, - } + return } - - return nil + inter, err = pemEncodeCert(ca.IntermediateCertificate().Raw) + if err != nil { + return + } + return } -// CAInfo is the response from the certificates API endpoint -type CAInfo struct { - ID string `json:"id"` - Name string `json:"name"` - Root string `json:"root"` - Intermediate string `json:"intermediate"` +// caInfo is the response structure for the CA info API endpoint. +type caInfo struct { + ID string `json:"id"` + Name string `json:"name"` + RootCN string `json:"root_common_name"` + IntermediateCN string `json:"intermediate_common_name"` + RootCert string `json:"root_certificate"` + IntermediateCert string `json:"intermediate_certificate"` } -const adminPKICertificatesEndpoint = "/pki/certificates/" +// adminPKIEndpointBase is the base admin endpoint under which all PKI admin endpoints exist. +const adminPKIEndpointBase = "/pki/" // Interface guards var ( - _ caddy.AdminRouter = (*adminPKI)(nil) - _ caddy.Provisioner = (*adminPKI)(nil) + _ caddy.AdminRouter = (*adminAPI)(nil) + _ caddy.Provisioner = (*adminAPI)(nil) ) diff --git a/modules/caddypki/command.go b/modules/caddypki/command.go index fa37ab04..4744c68e 100644 --- a/modules/caddypki/command.go +++ b/modules/caddypki/command.go @@ -22,6 +22,7 @@ import ( "fmt" "net/http" "os" + "path" "github.com/caddyserver/caddy/v2" caddycmd "github.com/caddyserver/caddy/v2/cmd" @@ -132,7 +133,7 @@ func cmdTrust(fl caddycmd.Flags) (int, error) { ca := CA{ log: caddy.Log(), root: rootCert, - rootCertPath: adminAddr + adminPKICertificatesEndpoint + caID, + rootCertPath: adminAddr + path.Join(adminPKIEndpointBase, caID, "certificates"), } // Install the cert! @@ -204,9 +205,9 @@ func cmdUntrust(fl caddycmd.Flags) (int, error) { return caddy.ExitCodeSuccess, nil } -// rootCertFromAdmin makes the API request to fetch the +// rootCertFromAdmin makes the API request to fetch the root certificate for the named CA via admin API. func rootCertFromAdmin(adminAddr string, caID string) (*x509.Certificate, error) { - uri := adminPKICertificatesEndpoint + caID + uri := path.Join(adminPKIEndpointBase, caID, "certificates") // Make the request to fetch the CA info resp, err := caddycmd.AdminAPIRequest(adminAddr, http.MethodGet, uri, make(http.Header), nil) @@ -216,14 +217,14 @@ func rootCertFromAdmin(adminAddr string, caID string) (*x509.Certificate, error) defer resp.Body.Close() // Decode the resposne - caInfo := new(CAInfo) + caInfo := new(caInfo) err = json.NewDecoder(resp.Body).Decode(caInfo) if err != nil { return nil, fmt.Errorf("failed to decode JSON response: %v", err) } - // Decode the root - rootBlock, _ := pem.Decode([]byte(caInfo.Root)) + // Decode the root cert + rootBlock, _ := pem.Decode([]byte(caInfo.RootCert)) if rootBlock == nil { return nil, fmt.Errorf("failed to decode root certificate: %v", err) } From 9b7cdfa2f2277ad9cf90e99dab50dee2ef10b58c Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 2 Mar 2022 13:38:05 -0700 Subject: [PATCH 0578/1498] caddypki: Try to fix lint warnings --- modules/caddypki/{adminpki.go => adminapi.go} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename modules/caddypki/{adminpki.go => adminapi.go} (99%) diff --git a/modules/caddypki/adminpki.go b/modules/caddypki/adminapi.go similarity index 99% rename from modules/caddypki/adminpki.go rename to modules/caddypki/adminapi.go index a2939d1b..a79e2d5c 100644 --- a/modules/caddypki/adminpki.go +++ b/modules/caddypki/adminapi.go @@ -138,7 +138,7 @@ func (a *adminAPI) handleCAInfo(w http.ResponseWriter, r *http.Request) error { } w.Header().Set("Content-Type", "application/json") - w.Write(encoded) + _, _ = w.Write(encoded) return nil } @@ -171,7 +171,7 @@ func (a *adminAPI) handleCACerts(w http.ResponseWriter, r *http.Request) error { w.Header().Set("Content-Type", "application/pem-certificate-chain") _, err = w.Write(interCert) if err == nil { - w.Write(rootCert) + _, _ = w.Write(rootCert) } return nil From 6b385a36f9750b7a66300bbb2167ea5a4d26a61f Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 2 Mar 2022 13:42:38 -0700 Subject: [PATCH 0579/1498] caddyhttp: Don't attempt to manage Tailscale certs If .ts.net domains are explicitly added to config, don't try to manage a cert for them (it will fail, and our implicit Tailscale module will get those certs at run-time). --- modules/caddyhttp/autohttps.go | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/modules/caddyhttp/autohttps.go b/modules/caddyhttp/autohttps.go index 3e38d1b3..eb66114c 100644 --- a/modules/caddyhttp/autohttps.go +++ b/modules/caddyhttp/autohttps.go @@ -152,7 +152,9 @@ func (app *App) automaticHTTPSPhase1(ctx caddy.Context, repl *caddy.Replacer) er return fmt.Errorf("%s: route %d, matcher set %d, matcher %d, host matcher %d: %v", srvName, routeIdx, matcherSetIdx, matcherIdx, hostMatcherIdx, err) } - if !srv.AutoHTTPS.Skipped(d, srv.AutoHTTPS.Skip) { + // only include domain if it's not explicitly skipped and it's not a Tailscale domain + // (the implicit Tailscale manager module will get those certs at run-time) + if !srv.AutoHTTPS.Skipped(d, srv.AutoHTTPS.Skip) && !isTailscaleDomain(d) { serverDomainSet[d] = struct{}{} } } @@ -688,4 +690,8 @@ func implicitTailscale(ctx caddy.Context) (caddytls.Tailscale, error) { return ts, err } +func isTailscaleDomain(name string) bool { + return strings.HasSuffix(strings.ToLower(name), ".ts.net") +} + type acmeCapable interface{ GetACMEIssuer() *caddytls.ACMEIssuer } From f5e104944ea48e776580a0a9ebbd02fca33d659f Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Thu, 3 Mar 2022 11:54:45 -0500 Subject: [PATCH 0580/1498] reverseproxy: Make shallow-ish clone of the request (#4551) * reverseproxy: Make shallow-ish clone of the request * Refactor request cloning into separate function Co-authored-by: Matthew Holt --- .../caddyhttp/reverseproxy/reverseproxy.go | 137 ++++++++++-------- 1 file changed, 76 insertions(+), 61 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index eaa7cbf9..53911c86 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -358,54 +358,20 @@ func (h *Handler) Cleanup() error { func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhttp.Handler) error { repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) - // if enabled, buffer client request; - // this should only be enabled if the - // upstream requires it and does not - // work with "slow clients" (gunicorn, - // etc.) - this obviously has a perf - // overhead and makes the proxy at - // risk of exhausting memory and more - // susceptible to slowloris attacks, - // so it is strongly recommended to - // only use this feature if absolutely - // required, if read timeouts are set, - // and if body size is limited - if h.BufferRequests { - r.Body = h.bufferedBody(r.Body) - } - // prepare the request for proxying; this is needed only once - err := h.prepareRequest(r) + clonedReq, err := h.prepareRequest(r) if err != nil { return caddyhttp.Error(http.StatusInternalServerError, fmt.Errorf("preparing request for upstream round-trip: %v", err)) } // we will need the original headers and Host value if - // header operations are configured; and we should - // restore them after we're done if they are changed - // (for example, changing the outbound Host header - // should not permanently change r.Host; issue #3509) - reqHost := r.Host - reqHeader := r.Header - - // sanitize the request URL; we expect it to not contain the scheme and host - // since those should be determined by r.TLS and r.Host respectively, but - // some clients may include it in the request-line, which is technically - // valid in HTTP, but breaks reverseproxy behaviour, overriding how the - // dialer will behave. See #4237 for context. - origURLScheme := r.URL.Scheme - origURLHost := r.URL.Host - r.URL.Scheme = "" - r.URL.Host = "" - - // restore modifications to the request after we're done proxying - defer func() { - r.Host = reqHost // TODO: data race, see #4038 - r.Header = reqHeader // TODO: data race, see #4038 - r.URL.Scheme = origURLScheme - r.URL.Host = origURLHost - }() + // header operations are configured; this is so that each + // retry can apply the modifications, because placeholders + // may be used which depend on the selected upstream for + // their values + reqHost := clonedReq.Host + reqHeader := clonedReq.Header start := time.Now() defer func() { @@ -416,12 +382,12 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyht var proxyErr error for { // choose an available upstream - upstream := h.LoadBalancing.SelectionPolicy.Select(h.Upstreams, r, w) + upstream := h.LoadBalancing.SelectionPolicy.Select(h.Upstreams, clonedReq, w) if upstream == nil { if proxyErr == nil { proxyErr = fmt.Errorf("no upstreams available") } - if !h.LoadBalancing.tryAgain(h.ctx, start, proxyErr, r) { + if !h.LoadBalancing.tryAgain(h.ctx, start, proxyErr, clonedReq) { break } continue @@ -430,7 +396,7 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyht // the dial address may vary per-request if placeholders are // used, so perform those replacements here; the resulting // DialInfo struct should have valid network address syntax - dialInfo, err := upstream.fillDialInfo(r) + dialInfo, err := upstream.fillDialInfo(clonedReq) if err != nil { return statusError(fmt.Errorf("making dial info: %v", err)) } @@ -451,17 +417,17 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyht // mutate request headers according to this upstream; // because we're in a retry loop, we have to copy - // headers (and the r.Host value) from the original + // headers (and the Host value) from the original // so that each retry is identical to the first if h.Headers != nil && h.Headers.Request != nil { - r.Header = make(http.Header) - copyHeader(r.Header, reqHeader) - r.Host = reqHost - h.Headers.Request.ApplyToRequest(r) + clonedReq.Header = make(http.Header) + copyHeader(clonedReq.Header, reqHeader) + clonedReq.Host = reqHost + h.Headers.Request.ApplyToRequest(clonedReq) } // proxy the request to that upstream - proxyErr = h.reverseProxy(w, r, repl, dialInfo, next) + proxyErr = h.reverseProxy(w, clonedReq, repl, dialInfo, next) if proxyErr == nil || proxyErr == context.Canceled { // context.Canceled happens when the downstream client // cancels the request, which is not our failure @@ -480,7 +446,7 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyht h.countFailure(upstream) // if we've tried long enough, break - if !h.LoadBalancing.tryAgain(h.ctx, start, proxyErr, r) { + if !h.LoadBalancing.tryAgain(h.ctx, start, proxyErr, clonedReq) { break } } @@ -488,14 +454,27 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyht return statusError(proxyErr) } -// prepareRequest modifies req so that it is ready to be proxied, -// except for directing to a specific upstream. This method mutates -// headers and other necessary properties of the request and should -// be done just once (before proxying) regardless of proxy retries. -// This assumes that no mutations of the request are performed -// by h during or after proxying. -func (h Handler) prepareRequest(req *http.Request) error { - // most of this is borrowed from the Go std lib reverse proxy +// prepareRequest clones req so that it can be safely modified without +// changing the original request or introducing data races. It then +// modifies it so that it is ready to be proxied, except for directing +// to a specific upstream. This method adjusts headers and other relevant +// properties of the cloned request and should be done just once (before +// proxying) regardless of proxy retries. This assumes that no mutations +// of the cloned request are performed by h during or after proxying. +func (h Handler) prepareRequest(req *http.Request) (*http.Request, error) { + req = cloneRequest(req) + + // if enabled, buffer client request; this should only be + // enabled if the upstream requires it and does not work + // with "slow clients" (gunicorn, etc.) - this obviously + // has a perf overhead and makes the proxy at risk of + // exhausting memory and more susceptible to slowloris + // attacks, so it is strongly recommended to only use this + // feature if absolutely required, if read timeouts are + // set, and if body size is limited + if h.BufferRequests { + req.Body = h.bufferedBody(req.Body) + } if req.ContentLength == 0 { req.Body = nil // Issue golang/go#16036: nil Body for http.Transport retries @@ -560,7 +539,7 @@ func (h Handler) prepareRequest(req *http.Request) error { req.Header.Set("X-Forwarded-Proto", proto) } - return nil + return req, nil } // reverseProxy performs a round-trip to the given backend and processes the response with the client. @@ -807,7 +786,7 @@ func (lb LoadBalancing) tryAgain(ctx caddy.Context, start time.Time, proxyErr er // directRequest modifies only req.URL so that it points to the upstream // in the given DialInfo. It must modify ONLY the request URL. -func (h Handler) directRequest(req *http.Request, di DialInfo) { +func (Handler) directRequest(req *http.Request, di DialInfo) { // we need a host, so set the upstream's host address reqHost := di.Address @@ -845,6 +824,42 @@ func (h Handler) bufferedBody(originalBody io.ReadCloser) io.ReadCloser { } } +// cloneRequest makes a semi-deep clone of origReq. +// +// Most of this code is borrowed from the Go stdlib reverse proxy, +// but we make a shallow-ish clone the request (deep clone only +// the headers and URL) so we can avoid manipulating the original +// request when using it to proxy upstream. This prevents request +// corruption and data races. +func cloneRequest(origReq *http.Request) *http.Request { + req := new(http.Request) + *req = *origReq + if origReq.URL != nil { + newURL := new(url.URL) + *newURL = *origReq.URL + if origReq.URL.User != nil { + newURL.User = new(url.Userinfo) + *newURL.User = *origReq.URL.User + } + // sanitize the request URL; we expect it to not contain the + // scheme and host since those should be determined by r.TLS + // and r.Host respectively, but some clients may include it + // in the request-line, which is technically valid in HTTP, + // but breaks reverseproxy behaviour, overriding how the + // dialer will behave. See #4237 for context. + newURL.Scheme = "" + newURL.Host = "" + req.URL = newURL + } + if origReq.Header != nil { + req.Header = origReq.Header.Clone() + } + if origReq.Trailer != nil { + req.Trailer = origReq.Trailer.Clone() + } + return req +} + func copyHeader(dst, src http.Header) { for k, vv := range src { for _, v := range vv { From ceef70dbc5543436b04a5f70749be18582f35403 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 3 Mar 2022 10:57:55 -0700 Subject: [PATCH 0581/1498] core: Retry dynamic config load if error or no-op (#4603) Also fix ineffectual assignment (unrelated) --- admin.go | 3 ++- caddy.go | 41 ++++++++++++++++++++++++++--------------- 2 files changed, 28 insertions(+), 16 deletions(-) diff --git a/admin.go b/admin.go index 11efc683..8558cee1 100644 --- a/admin.go +++ b/admin.go @@ -262,7 +262,7 @@ func (admin *AdminConfig) newAdminHandler(addr NetworkAddress, remote bool) admi // provisionAdminRouters provisions all the router modules // in the admin.api namespace that need provisioning. -func (admin AdminConfig) provisionAdminRouters(ctx Context) error { +func (admin *AdminConfig) provisionAdminRouters(ctx Context) error { for _, router := range admin.routers { provisioner, ok := router.(Provisioner) if !ok { @@ -277,6 +277,7 @@ func (admin AdminConfig) provisionAdminRouters(ctx Context) error { // We no longer need the routers once provisioned, allow for GC admin.routers = nil + return nil } diff --git a/caddy.go b/caddy.go index 36439240..661d0b0c 100644 --- a/caddy.go +++ b/caddy.go @@ -504,20 +504,29 @@ func finishSettingUp(ctx Context, cfg *Config) error { if cfg.Admin.Config.LoadDelay > 0 { go func() { - timer := time.NewTimer(time.Duration(cfg.Admin.Config.LoadDelay)) - select { - case <-timer.C: - loadedConfig, err := val.(ConfigLoader).LoadConfig(ctx) - if err != nil { - Log().Error("loading dynamic config failed", zap.Error(err)) - return + // the loop is here only to iterate if there is an error or a no-op config load, + // in which case we simply wait the delay and try again + for { + timer := time.NewTimer(time.Duration(cfg.Admin.Config.LoadDelay)) + select { + case <-timer.C: + loadedConfig, err := val.(ConfigLoader).LoadConfig(ctx) + if err != nil { + Log().Error("failed loading dynamic config; will retry", zap.Error(err)) + continue + } + if loadedConfig == nil { + Log().Info("dynamically-loaded config was nil; will retry") + continue + } + runLoadedConfig(loadedConfig) + case <-ctx.Done(): + if !timer.Stop() { + <-timer.C + } + Log().Info("stopping dynamic config loading") } - runLoadedConfig(loadedConfig) - case <-ctx.Done(): - if !timer.Stop() { - <-timer.C - } - Log().Info("stopping dynamic config loading") + break } }() } else { @@ -534,8 +543,10 @@ func finishSettingUp(ctx Context, cfg *Config) error { return nil } -// ConfigLoader is a type that can load a Caddy config. The -// returned config must be valid Caddy JSON. +// ConfigLoader is a type that can load a Caddy config. If +// the return value is non-nil, it must be valid Caddy JSON; +// if nil or with non-nil error, it is considered to be a +// no-op load and may be retried later. type ConfigLoader interface { LoadConfig(Context) ([]byte, error) } From a6199cf814d676a11cc9e2abad81b48859198aa4 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 3 Mar 2022 11:12:37 -0700 Subject: [PATCH 0582/1498] templates: Fix docs for .Args --- modules/caddyhttp/templates/templates.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/caddyhttp/templates/templates.go b/modules/caddyhttp/templates/templates.go index d4505f05..20eed8a2 100644 --- a/modules/caddyhttp/templates/templates.go +++ b/modules/caddyhttp/templates/templates.go @@ -43,10 +43,10 @@ func init() { // // ##### `.Args` // -// Access arguments passed to this page/context, for example as the result of a `include`. +// A slice of arguments passed to this page/context, for example as the result of a `include`. // // ``` -// {{.Args 0}} // first argument +// {{index .Args 0}} // first argument // ``` // // ##### `.Cookie` From a72acd21b0ef17d6cd9064dd105042b6edb3b8dc Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 3 Mar 2022 21:41:51 -0700 Subject: [PATCH 0583/1498] core: Retry dynamic config load if config unchanged (see discussion in #4603) --- admin.go | 2 +- caddy.go | 47 +++++++++++++++++++++++++++++++++-------------- 2 files changed, 34 insertions(+), 15 deletions(-) diff --git a/admin.go b/admin.go index 8558cee1..d31308a7 100644 --- a/admin.go +++ b/admin.go @@ -938,7 +938,7 @@ func handleConfig(w http.ResponseWriter, r *http.Request) error { forceReload := r.Header.Get("Cache-Control") == "must-revalidate" err := changeConfig(r.Method, r.URL.Path, body, forceReload) - if err != nil { + if err != nil && !errors.Is(err, errSameConfig) { return err } diff --git a/caddy.go b/caddy.go index 661d0b0c..02178948 100644 --- a/caddy.go +++ b/caddy.go @@ -18,6 +18,7 @@ import ( "bytes" "context" "encoding/json" + "errors" "fmt" "io" "log" @@ -110,14 +111,19 @@ func Load(cfgJSON []byte, forceReload bool) error { } }() - return changeConfig(http.MethodPost, "/"+rawConfigKey, cfgJSON, forceReload) + err := changeConfig(http.MethodPost, "/"+rawConfigKey, cfgJSON, forceReload) + if errors.Is(err, errSameConfig) { + err = nil // not really an error + } + return err } // changeConfig changes the current config (rawCfg) according to the // method, traversed via the given path, and uses the given input as // the new value (if applicable; i.e. "DELETE" doesn't have an input). // If the resulting config is the same as the previous, no reload will -// occur unless forceReload is true. This function is safe for +// occur unless forceReload is true. If the config is unchanged and not +// forcefully reloaded, then errConfigUnchanged This function is safe for // concurrent use. func changeConfig(method, path string, input []byte, forceReload bool) error { switch method { @@ -149,7 +155,7 @@ func changeConfig(method, path string, input []byte, forceReload bool) error { // if nothing changed, no need to do a whole reload unless the client forces it if !forceReload && bytes.Equal(rawCfgJSON, newCfg) { Log().Info("config is unchanged") - return nil + return errSameConfig } // find any IDs in this config and index them @@ -492,39 +498,47 @@ func finishSettingUp(ctx Context, cfg *Config) error { zap.String("module", val.(Module).CaddyModule().ID.Name()), zap.Int("load_delay", int(cfg.Admin.Config.LoadDelay))) - runLoadedConfig := func(config []byte) { + runLoadedConfig := func(config []byte) error { logger.Info("applying dynamically-loaded config") err := changeConfig(http.MethodPost, "/"+rawConfigKey, config, false) - if err == nil { - logger.Info("successfully applied dynamically-loaded config") - } else { - logger.Error("failed to run dynamically-loaded config", zap.Error(err)) + if errors.Is(err, errSameConfig) { + return err } + if err != nil { + logger.Error("failed to run dynamically-loaded config", zap.Error(err)) + return err + } + logger.Info("successfully applied dynamically-loaded config") + return nil } if cfg.Admin.Config.LoadDelay > 0 { go func() { - // the loop is here only to iterate if there is an error or a no-op config load, - // in which case we simply wait the delay and try again + // the loop is here to iterate ONLY if there is an error, a no-op config load, + // or an unchanged config; in which case we simply wait the delay and try again for { timer := time.NewTimer(time.Duration(cfg.Admin.Config.LoadDelay)) select { case <-timer.C: loadedConfig, err := val.(ConfigLoader).LoadConfig(ctx) if err != nil { - Log().Error("failed loading dynamic config; will retry", zap.Error(err)) + logger.Error("failed loading dynamic config; will retry", zap.Error(err)) continue } if loadedConfig == nil { - Log().Info("dynamically-loaded config was nil; will retry") + logger.Info("dynamically-loaded config was nil; will retry") + continue + } + err = runLoadedConfig(loadedConfig) + if errors.Is(err, errSameConfig) { + logger.Info("dynamically-loaded config was unchanged; will retry") continue } - runLoadedConfig(loadedConfig) case <-ctx.Done(): if !timer.Stop() { <-timer.C } - Log().Info("stopping dynamic config loading") + logger.Info("stopping dynamic config loading") } break } @@ -798,5 +812,10 @@ var ( rawCfgIndex map[string]string ) +// errSameConfig is returned if the new config is the same +// as the old one. This isn't usually an actual, actionable +// error; it's mostly a sentinel value. +var errSameConfig = errors.New("config is unchanged") + // ImportPath is the package import path for Caddy core. const ImportPath = "github.com/caddyserver/caddy/v2" From 2bb8550a4cd59575ea7cc7c507550b9bd079894f Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Fri, 4 Mar 2022 13:44:59 -0700 Subject: [PATCH 0584/1498] caddyhttp: Honor wildcard hosts in log SkipHosts (#4606) --- modules/caddyhttp/server.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index fa153cd2..3d211846 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -27,6 +27,7 @@ import ( "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/modules/caddytls" + "github.com/caddyserver/certmagic" "github.com/lucas-clemente/quic-go/http3" "go.uber.org/zap" "go.uber.org/zap/zapcore" @@ -484,7 +485,7 @@ func (s *Server) shouldLogRequest(r *http.Request) bool { } for _, dh := range s.Logs.SkipHosts { // logging for this particular host is disabled - if r.Host == dh { + if certmagic.MatchWildcard(r.Host, dh) { return false } } From be82cc7acae6c259aec176363478cdb390a989ee Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 4 Mar 2022 20:26:37 -0700 Subject: [PATCH 0585/1498] Appease the linter --- caddy.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/caddy.go b/caddy.go index 02178948..f6768c04 100644 --- a/caddy.go +++ b/caddy.go @@ -550,7 +550,7 @@ func finishSettingUp(ctx Context, cfg *Config) error { return fmt.Errorf("loading dynamic config from %T: %v", val, err) } // do this in a goroutine so current config can finish being loaded; otherwise deadlock - go runLoadedConfig(loadedConfig) + go func() { _ = runLoadedConfig(loadedConfig) }() } } From 09ba9e994e6391162fbfdfbd90c72270bdff3a49 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Fri, 4 Mar 2022 22:50:05 -0500 Subject: [PATCH 0586/1498] fileserver: Add `pass_thru` Caddyfile option (#4613) --- .../caddyfile_adapt/file_server_pass_thru.txt | 32 +++++++++++++++++++ modules/caddyhttp/fileserver/caddyfile.go | 6 ++++ 2 files changed, 38 insertions(+) create mode 100644 caddytest/integration/caddyfile_adapt/file_server_pass_thru.txt diff --git a/caddytest/integration/caddyfile_adapt/file_server_pass_thru.txt b/caddytest/integration/caddyfile_adapt/file_server_pass_thru.txt new file mode 100644 index 00000000..476b165d --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/file_server_pass_thru.txt @@ -0,0 +1,32 @@ +:80 + +file_server { + pass_thru +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":80" + ], + "routes": [ + { + "handle": [ + { + "handler": "file_server", + "hide": [ + "./Caddyfile" + ], + "pass_thru": true + } + ] + } + ] + } + } + } + } +} diff --git a/modules/caddyhttp/fileserver/caddyfile.go b/modules/caddyhttp/fileserver/caddyfile.go index 886d6672..26415353 100644 --- a/modules/caddyhttp/fileserver/caddyfile.go +++ b/modules/caddyhttp/fileserver/caddyfile.go @@ -120,6 +120,12 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) falseBool := false fsrv.CanonicalURIs = &falseBool + case "pass_thru": + if h.NextArg() { + return nil, h.ArgErr() + } + fsrv.PassThru = true + default: return nil, h.Errf("unknown subdirective '%s'", h.Val()) } From d058dee11d7cfcf0b711f0378d10c9e5cabc8982 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Sat, 5 Mar 2022 18:34:19 -0500 Subject: [PATCH 0587/1498] reverseproxy: Refactor dial address parsing, augment command parsing (#4616) --- caddyconfig/caddyfile/dispenser.go | 6 +- modules/caddyhttp/reverseproxy/addresses.go | 112 ++++++++++++++++++++ modules/caddyhttp/reverseproxy/caddyfile.go | 108 +++---------------- modules/caddyhttp/reverseproxy/command.go | 27 +---- 4 files changed, 134 insertions(+), 119 deletions(-) create mode 100644 modules/caddyhttp/reverseproxy/addresses.go diff --git a/caddyconfig/caddyfile/dispenser.go b/caddyconfig/caddyfile/dispenser.go index fa7f5e75..23f6eade 100755 --- a/caddyconfig/caddyfile/dispenser.go +++ b/caddyconfig/caddyfile/dispenser.go @@ -350,7 +350,11 @@ func (d *Dispenser) Err(msg string) error { // Errf is like Err, but for formatted error messages func (d *Dispenser) Errf(format string, args ...interface{}) error { - err := fmt.Errorf(format, args...) + return d.WrapErr(fmt.Errorf(format, args...)) +} + +// WrapErr takes an existing error and adds the Caddyfile file and line number. +func (d *Dispenser) WrapErr(err error) error { return fmt.Errorf("%s:%d - Error during parsing: %w", d.File(), d.Line(), err) } diff --git a/modules/caddyhttp/reverseproxy/addresses.go b/modules/caddyhttp/reverseproxy/addresses.go new file mode 100644 index 00000000..f15ed76d --- /dev/null +++ b/modules/caddyhttp/reverseproxy/addresses.go @@ -0,0 +1,112 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package reverseproxy + +import ( + "fmt" + "net" + "net/url" + "strings" + + "github.com/caddyserver/caddy/v2" +) + +// parseUpstreamDialAddress parses configuration inputs for +// the dial address, including support for a scheme in front +// as a shortcut for the port number, and a network type, +// for example 'unix' to dial a unix socket. +// +// TODO: the logic in this function is kind of sensitive, we +// need to write tests before making any more changes to it +func parseUpstreamDialAddress(upstreamAddr string) (string, string, error) { + var network, scheme, host, port string + + if strings.Contains(upstreamAddr, "://") { + // we get a parsing error if a placeholder is specified + // so we return a more user-friendly error message instead + // to explain what to do instead + if strings.Contains(upstreamAddr, "{") { + return "", "", fmt.Errorf("due to parsing difficulties, placeholders are not allowed when an upstream address contains a scheme") + } + + toURL, err := url.Parse(upstreamAddr) + if err != nil { + return "", "", fmt.Errorf("parsing upstream URL: %v", err) + } + + // there is currently no way to perform a URL rewrite between choosing + // a backend and proxying to it, so we cannot allow extra components + // in backend URLs + if toURL.Path != "" || toURL.RawQuery != "" || toURL.Fragment != "" { + return "", "", fmt.Errorf("for now, URLs for proxy upstreams only support scheme, host, and port components") + } + + // ensure the port and scheme aren't in conflict + urlPort := toURL.Port() + if toURL.Scheme == "http" && urlPort == "443" { + return "", "", fmt.Errorf("upstream address has conflicting scheme (http://) and port (:443, the HTTPS port)") + } + if toURL.Scheme == "https" && urlPort == "80" { + return "", "", fmt.Errorf("upstream address has conflicting scheme (https://) and port (:80, the HTTP port)") + } + if toURL.Scheme == "h2c" && urlPort == "443" { + return "", "", fmt.Errorf("upstream address has conflicting scheme (h2c://) and port (:443, the HTTPS port)") + } + + // if port is missing, attempt to infer from scheme + if toURL.Port() == "" { + var toPort string + switch toURL.Scheme { + case "", "http", "h2c": + toPort = "80" + case "https": + toPort = "443" + } + toURL.Host = net.JoinHostPort(toURL.Hostname(), toPort) + } + + scheme, host, port = toURL.Scheme, toURL.Hostname(), toURL.Port() + } else { + // extract network manually, since caddy.ParseNetworkAddress() will always add one + if idx := strings.Index(upstreamAddr, "/"); idx >= 0 { + network = strings.ToLower(strings.TrimSpace(upstreamAddr[:idx])) + upstreamAddr = upstreamAddr[idx+1:] + } + var err error + host, port, err = net.SplitHostPort(upstreamAddr) + if err != nil { + host = upstreamAddr + } + // we can assume a port if only a hostname is specified, but use of a + // placeholder without a port likely means a port will be filled in + if port == "" && !strings.Contains(host, "{") { + port = "80" + } + } + + // for simplest possible config, we only need to include + // the network portion if the user specified one + if network != "" { + return caddy.JoinNetworkAddress(network, host, port), scheme, nil + } + + // if the host is a placeholder, then we don't want to join with an empty port, + // because that would just append an extra ':' at the end of the address. + if port == "" && strings.Contains(host, "{") { + return host, scheme, nil + } + + return net.JoinHostPort(host, port), scheme, nil +} diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index d642d04e..a1fbeb32 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -18,7 +18,6 @@ import ( "log" "net" "net/http" - "net/url" "reflect" "strconv" "strings" @@ -123,98 +122,6 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { // prefixed with "@" for use with "handle_response" blocks h.responseMatchers = make(map[string]caddyhttp.ResponseMatcher) - // TODO: the logic in this function is kind of sensitive, we need - // to write tests before making any more changes to it - upstreamDialAddress := func(upstreamAddr string) (string, error) { - var network, scheme, host, port string - - if strings.Contains(upstreamAddr, "://") { - // we get a parsing error if a placeholder is specified - // so we return a more user-friendly error message instead - // to explain what to do instead - if strings.Contains(upstreamAddr, "{") { - return "", d.Err("due to parsing difficulties, placeholders are not allowed when an upstream address contains a scheme") - } - - toURL, err := url.Parse(upstreamAddr) - if err != nil { - return "", d.Errf("parsing upstream URL: %v", err) - } - - // there is currently no way to perform a URL rewrite between choosing - // a backend and proxying to it, so we cannot allow extra components - // in backend URLs - if toURL.Path != "" || toURL.RawQuery != "" || toURL.Fragment != "" { - return "", d.Err("for now, URLs for proxy upstreams only support scheme, host, and port components") - } - - // ensure the port and scheme aren't in conflict - urlPort := toURL.Port() - if toURL.Scheme == "http" && urlPort == "443" { - return "", d.Err("upstream address has conflicting scheme (http://) and port (:443, the HTTPS port)") - } - if toURL.Scheme == "https" && urlPort == "80" { - return "", d.Err("upstream address has conflicting scheme (https://) and port (:80, the HTTP port)") - } - if toURL.Scheme == "h2c" && urlPort == "443" { - return "", d.Err("upstream address has conflicting scheme (h2c://) and port (:443, the HTTPS port)") - } - - // if port is missing, attempt to infer from scheme - if toURL.Port() == "" { - var toPort string - switch toURL.Scheme { - case "", "http", "h2c": - toPort = "80" - case "https": - toPort = "443" - } - toURL.Host = net.JoinHostPort(toURL.Hostname(), toPort) - } - - scheme, host, port = toURL.Scheme, toURL.Hostname(), toURL.Port() - } else { - // extract network manually, since caddy.ParseNetworkAddress() will always add one - if idx := strings.Index(upstreamAddr, "/"); idx >= 0 { - network = strings.ToLower(strings.TrimSpace(upstreamAddr[:idx])) - upstreamAddr = upstreamAddr[idx+1:] - } - var err error - host, port, err = net.SplitHostPort(upstreamAddr) - if err != nil { - host = upstreamAddr - } - // we can assume a port if only a hostname is specified, but use of a - // placeholder without a port likely means a port will be filled in - if port == "" && !strings.Contains(host, "{") { - port = "80" - } - } - - // the underlying JSON does not yet support different - // transports (protocols or schemes) to each backend, - // so we remember the last one we see and compare them - if commonScheme != "" && scheme != commonScheme { - return "", d.Errf("for now, all proxy upstreams must use the same scheme (transport protocol); expecting '%s://' but got '%s://'", - commonScheme, scheme) - } - commonScheme = scheme - - // for simplest possible config, we only need to include - // the network portion if the user specified one - if network != "" { - return caddy.JoinNetworkAddress(network, host, port), nil - } - - // if the host is a placeholder, then we don't want to join with an empty port, - // because that would just append an extra ':' at the end of the address. - if port == "" && strings.Contains(host, "{") { - return host, nil - } - - return net.JoinHostPort(host, port), nil - } - // appendUpstream creates an upstream for address and adds // it to the list. If the address starts with "srv+" it is // treated as a SRV-based upstream, and any port will be @@ -224,10 +131,21 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { if isSRV { address = strings.TrimPrefix(address, "srv+") } - dialAddr, err := upstreamDialAddress(address) + + dialAddr, scheme, err := parseUpstreamDialAddress(address) if err != nil { - return err + return d.WrapErr(err) } + + // the underlying JSON does not yet support different + // transports (protocols or schemes) to each backend, + // so we remember the last one we see and compare them + if commonScheme != "" && scheme != commonScheme { + return d.Errf("for now, all proxy upstreams must use the same scheme (transport protocol); expecting '%s://' but got '%s://'", + commonScheme, scheme) + } + commonScheme = scheme + if isSRV { if host, _, err := net.SplitHostPort(dialAddr); err == nil { dialAddr = host diff --git a/modules/caddyhttp/reverseproxy/command.go b/modules/caddyhttp/reverseproxy/command.go index 9bbc681f..121142c1 100644 --- a/modules/caddyhttp/reverseproxy/command.go +++ b/modules/caddyhttp/reverseproxy/command.go @@ -18,7 +18,6 @@ import ( "encoding/json" "flag" "fmt" - "net" "net/http" "strconv" @@ -104,32 +103,14 @@ func cmdReverseProxy(fs caddycmd.Flags) (int, error) { } // set up the upstream address; assume missing information from given parts - toAddr, err := httpcaddyfile.ParseAddress(to) + toAddr, toScheme, err := parseUpstreamDialAddress(to) if err != nil { return caddy.ExitCodeFailedStartup, fmt.Errorf("invalid upstream address %s: %v", to, err) } - if toAddr.Path != "" { - return caddy.ExitCodeFailedStartup, fmt.Errorf("paths are not allowed: %s", to) - } - if toAddr.Scheme == "" { - if toAddr.Port == httpsPort { - toAddr.Scheme = "https" - } else { - toAddr.Scheme = "http" - } - } - if toAddr.Port == "" { - if toAddr.Scheme == "http" { - toAddr.Port = httpPort - } else if toAddr.Scheme == "https" { - toAddr.Port = httpsPort - } - } // proceed to build the handler and server - ht := HTTPTransport{} - if toAddr.Scheme == "https" { + if toScheme == "https" { ht.TLS = new(TLSConfig) if insecure { ht.TLS.InsecureSkipVerify = true @@ -138,7 +119,7 @@ func cmdReverseProxy(fs caddycmd.Flags) (int, error) { handler := Handler{ TransportRaw: caddyconfig.JSONModuleObject(ht, "protocol", "http", nil), - Upstreams: UpstreamPool{{Dial: net.JoinHostPort(toAddr.Host, toAddr.Port)}}, + Upstreams: UpstreamPool{{Dial: toAddr}}, } if changeHost { @@ -185,7 +166,7 @@ func cmdReverseProxy(fs caddycmd.Flags) (int, error) { return caddy.ExitCodeFailedStartup, err } - fmt.Printf("Caddy proxying %s -> %s\n", fromAddr.String(), toAddr.String()) + fmt.Printf("Caddy proxying %s -> %s\n", fromAddr.String(), toAddr) select {} } From c50094fc9d34099efd705700e6d2efa2fa065412 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Sun, 6 Mar 2022 18:51:55 -0500 Subject: [PATCH 0588/1498] reverseproxy: Implement trusted proxies for `X-Forwarded-*` headers (#4507) --- .../reverse_proxy_trusted_proxies.txt | 56 +++++ modules/caddyhttp/reverseproxy/caddyfile.go | 23 +++ .../caddyhttp/reverseproxy/reverseproxy.go | 193 +++++++++++++++--- 3 files changed, 246 insertions(+), 26 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/reverse_proxy_trusted_proxies.txt diff --git a/caddytest/integration/caddyfile_adapt/reverse_proxy_trusted_proxies.txt b/caddytest/integration/caddyfile_adapt/reverse_proxy_trusted_proxies.txt new file mode 100644 index 00000000..5e112847 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/reverse_proxy_trusted_proxies.txt @@ -0,0 +1,56 @@ +:8884 + +reverse_proxy 127.0.0.1:65535 { + trusted_proxies 127.0.0.1 +} + +reverse_proxy 127.0.0.1:65535 { + trusted_proxies private_ranges +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":8884" + ], + "routes": [ + { + "handle": [ + { + "handler": "reverse_proxy", + "trusted_proxies": [ + "127.0.0.1" + ], + "upstreams": [ + { + "dial": "127.0.0.1:65535" + } + ] + }, + { + "handler": "reverse_proxy", + "trusted_proxies": [ + "192.168.0.0/16", + "172.16.0.0/12", + "10.0.0.0/8", + "127.0.0.1/8", + "fd00::/8", + "::1" + ], + "upstreams": [ + { + "dial": "127.0.0.1:65535" + } + ] + } + ] + } + ] + } + } + } + } +} diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index a1fbeb32..e1272375 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -82,6 +82,7 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) // buffer_requests // // # header manipulation +// trusted_proxies [private_ranges] // header_up [+|-] [ []] // header_down [+|-] [ []] // @@ -485,6 +486,22 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { } h.MaxBufferSize = int64(size) + case "trusted_proxies": + for d.NextArg() { + if d.Val() == "private_ranges" { + h.TrustedProxies = append(h.TrustedProxies, []string{ + "192.168.0.0/16", + "172.16.0.0/12", + "10.0.0.0/8", + "127.0.0.1/8", + "fd00::/8", + "::1", + }...) + continue + } + h.TrustedProxies = append(h.TrustedProxies, d.Val()) + } + case "header_up": var err error @@ -504,9 +521,15 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { if strings.EqualFold(args[0], "host") && (args[1] == "{hostport}" || args[1] == "{http.request.hostport}") { log.Printf("[WARNING] Unnecessary header_up ('Host' field): the reverse proxy's default behavior is to pass headers to the upstream") } + if strings.EqualFold(args[0], "x-forwarded-for") && (args[1] == "{remote}" || args[1] == "{http.request.remote}" || args[1] == "{remote_host}" || args[1] == "{http.request.remote.host}") { + log.Printf("[WARNING] Unnecessary header_up ('X-Forwarded-For' field): the reverse proxy's default behavior is to pass headers to the upstream") + } if strings.EqualFold(args[0], "x-forwarded-proto") && (args[1] == "{scheme}" || args[1] == "{http.request.scheme}") { log.Printf("[WARNING] Unnecessary header_up ('X-Forwarded-Proto' field): the reverse proxy's default behavior is to pass headers to the upstream") } + if strings.EqualFold(args[0], "x-forwarded-host") && (args[1] == "{host}" || args[1] == "{http.request.host}" || args[1] == "{hostport}" || args[1] == "{http.request.hostport}") { + log.Printf("[WARNING] Unnecessary header_up ('X-Forwarded-Host' field): the reverse proxy's default behavior is to pass headers to the upstream") + } err = headers.CaddyfileHeaderOp(h.Headers.Request, args[0], args[1], "") case 3: err = headers.CaddyfileHeaderOp(h.Headers.Request, args[0], args[1], args[2]) diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 53911c86..a5bdc310 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -90,13 +90,20 @@ type Handler struct { // to the client immediately. FlushInterval caddy.Duration `json:"flush_interval,omitempty"` + // A list of IP ranges (supports CIDR notation) from which + // X-Forwarded-* header values should be trusted. By default, + // no proxies are trusted, so existing values will be ignored + // when setting these headers. If the proxy is trusted, then + // existing values will be used when constructing the final + // header values. + TrustedProxies []string `json:"trusted_proxies,omitempty"` + // Headers manipulates headers between Caddy and the backend. // By default, all headers are passed-thru without changes, // with the exceptions of special hop-by-hop headers. // - // X-Forwarded-For and X-Forwarded-Proto are also set - // implicitly, but this may change in the future if the official - // standardized Forwarded header field gains more adoption. + // X-Forwarded-For, X-Forwarded-Proto and X-Forwarded-Host + // are also set implicitly. Headers *headers.Handler `json:"headers,omitempty"` // If true, the entire request body will be read and buffered @@ -133,6 +140,9 @@ type Handler struct { Transport http.RoundTripper `json:"-"` CB CircuitBreaker `json:"-"` + // Holds the parsed CIDR ranges from TrustedProxies + trustedProxies []*net.IPNet + // Holds the named response matchers from the Caddyfile while adapting responseMatchers map[string]caddyhttp.ResponseMatcher @@ -192,6 +202,30 @@ func (h *Handler) Provision(ctx caddy.Context) error { h.CB = mod.(CircuitBreaker) } + // parse trusted proxy CIDRs ahead of time + for _, str := range h.TrustedProxies { + if strings.Contains(str, "/") { + _, ipNet, err := net.ParseCIDR(str) + if err != nil { + return fmt.Errorf("parsing CIDR expression: %v", err) + } + h.trustedProxies = append(h.trustedProxies, ipNet) + } else { + ip := net.ParseIP(str) + if ip == nil { + return fmt.Errorf("invalid IP address: %s", str) + } + if ipv4 := ip.To4(); ipv4 != nil { + ip = ipv4 + } + mask := len(ip) * 8 + h.trustedProxies = append(h.trustedProxies, &net.IPNet{ + IP: ip, + Mask: net.CIDRMask(mask, mask), + }) + } + } + // ensure any embedded headers handler module gets provisioned // (see https://caddy.community/t/set-cookie-manipulation-in-reverse-proxy/7666?u=matt // for what happens if we forget to provision it) @@ -514,34 +548,105 @@ func (h Handler) prepareRequest(req *http.Request) (*http.Request, error) { req.Header.Set("Upgrade", reqUpType) } - if clientIP, _, err := net.SplitHostPort(req.RemoteAddr); err == nil { - // If we aren't the first proxy retain prior - // X-Forwarded-For information as a comma+space - // separated list and fold multiple headers into one. - prior, ok := req.Header["X-Forwarded-For"] - omit := ok && prior == nil // Issue 38079: nil now means don't populate the header - if len(prior) > 0 { - clientIP = strings.Join(prior, ", ") + ", " + clientIP - } - if !omit { - req.Header.Set("X-Forwarded-For", clientIP) - } - } - - prior, ok := req.Header["X-Forwarded-Proto"] - omit := ok && prior == nil - if len(prior) == 0 && !omit { - // set X-Forwarded-Proto; many backend apps expect this too - proto := "https" - if req.TLS == nil { - proto = "http" - } - req.Header.Set("X-Forwarded-Proto", proto) + // Add the supported X-Forwarded-* headers + err := h.addForwardedHeaders(req) + if err != nil { + return nil, err } return req, nil } +// addForwardedHeaders adds the de-facto standard X-Forwarded-* +// headers to the request before it is sent upstream. +// +// These headers are security sensitive, so care is taken to only +// use existing values for these headers from the incoming request +// if the client IP is trusted (i.e. coming from a trusted proxy +// sitting in front of this server). If the request didn't have +// the headers at all, then they will be added with the values +// that we can glean from the request. +func (h Handler) addForwardedHeaders(req *http.Request) error { + // Parse the remote IP, ignore the error as non-fatal, + // but the remote IP is required to continue, so we + // just return early. This should probably never happen + // though, unless some other module manipulated the request's + // remote address and used an invalid value. + clientIP, _, err := net.SplitHostPort(req.RemoteAddr) + if err != nil { + // Remove the `X-Forwarded-*` headers to avoid upstreams + // potentially trusting a header that came from the client + req.Header.Del("X-Forwarded-For") + req.Header.Del("X-Forwarded-Proto") + req.Header.Del("X-Forwarded-Host") + return nil + } + + // Client IP may contain a zone if IPv6, so we need + // to pull that out before parsing the IP + if idx := strings.IndexByte(clientIP, '%'); idx >= 0 { + clientIP = clientIP[:idx] + } + ip := net.ParseIP(clientIP) + if ip == nil { + return fmt.Errorf("invalid client IP address: %s", clientIP) + } + + // Check if the client is a trusted proxy + trusted := false + for _, ipRange := range h.trustedProxies { + if ipRange.Contains(ip) { + trusted = true + break + } + } + + // If we aren't the first proxy, and the proxy is trusted, + // retain prior X-Forwarded-For information as a comma+space + // separated list and fold multiple headers into one. + clientXFF := clientIP + prior, ok, omit := allHeaderValues(req.Header, "X-Forwarded-For") + if trusted && ok && prior != "" { + clientXFF = prior + ", " + clientXFF + } + if !omit { + req.Header.Set("X-Forwarded-For", clientXFF) + } + + // Set X-Forwarded-Proto; many backend apps expect this, + // so that they can properly craft URLs with the right + // scheme to match the original request + proto := "https" + if req.TLS == nil { + proto = "http" + } + prior, ok, omit = lastHeaderValue(req.Header, "X-Forwarded-Proto") + if trusted && ok && prior != "" { + proto = prior + } + if !omit { + req.Header.Set("X-Forwarded-Proto", proto) + } + + // Set X-Forwarded-Host; often this is redundant because + // we pass through the request Host as-is, but in situations + // where we proxy over HTTPS, the user may need to override + // Host themselves, so it's helpful to send the original too. + host, _, err := net.SplitHostPort(req.Host) + if err != nil { + host = req.Host // OK; there probably was no port + } + prior, ok, omit = lastHeaderValue(req.Header, "X-Forwarded-Host") + if trusted && ok && prior != "" { + host = prior + } + if !omit { + req.Header.Set("X-Forwarded-Host", host) + } + + return nil +} + // reverseProxy performs a round-trip to the given backend and processes the response with the client. // (This method is mostly the beginning of what was borrowed from the net/http/httputil package in the // Go standard library which was used as the foundation.) @@ -868,6 +973,42 @@ func copyHeader(dst, src http.Header) { } } +// allHeaderValues gets all values for a given header field, +// joined by a comma and space if more than one is set. If the +// header field is nil, then the omit is true, meaning some +// earlier logic in the server wanted to prevent this header from +// getting written at all. If the header is empty, then ok is +// false. Callers should still check that the value is not empty +// (the header field may be set but have an empty value). +func allHeaderValues(h http.Header, field string) (value string, ok bool, omit bool) { + values, ok := h[http.CanonicalHeaderKey(field)] + if ok && values == nil { + return "", true, true + } + if len(values) == 0 { + return "", false, false + } + return strings.Join(values, ", "), true, false +} + +// lastHeaderValue gets the last value for a given header field +// if more than one is set. If the header field is nil, then +// the omit is true, meaning some earlier logic in the server +// wanted to prevent this header from getting written at all. +// If the header is empty, then ok is false. Callers should +// still check that the value is not empty (the header field +// may be set but have an empty value). +func lastHeaderValue(h http.Header, field string) (value string, ok bool, omit bool) { + values, ok := h[http.CanonicalHeaderKey(field)] + if ok && values == nil { + return "", true, true + } + if len(values) == 0 { + return "", false, false + } + return values[len(values)-1], true, false +} + func upgradeType(h http.Header) string { if !httpguts.HeaderValuesContainsToken(h["Connection"], "Upgrade") { return "" From ab0455922ae01bde1a7a5b3bf58eb993efc02db7 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Sun, 6 Mar 2022 17:43:39 -0700 Subject: [PATCH 0589/1498] reverseproxy: Dynamic upstreams (with SRV and A/AAAA support) (#4470) * reverseproxy: Begin refactor to enable dynamic upstreams Streamed here: https://www.youtube.com/watch?v=hj7yzXb11jU * Implement SRV and A/AAA upstream sources Also get upstreams at every retry loop iteration instead of just once before the loop. See #4442. * Minor tweaks from review * Limit size of upstreams caches * Add doc notes deprecating LookupSRV * Provision dynamic upstreams Still WIP, preparing to preserve health checker functionality * Rejigger health checks Move active health check results into handler-specific Upstreams. Improve documentation regarding health checks and upstreams. * Deprecation notice * Add Caddyfile support, use `caddy.Duration` * Interface guards * Implement custom resolvers, add resolvers to http transport Caddyfile * SRV: fix Caddyfile `name` inline arg, remove proto condition * Use pointer receiver * Add debug logs Co-authored-by: Francis Lavoie --- .../reverse_proxy_dynamic_upstreams.txt | 116 ++++++ .../caddyfile_adapt/reverse_proxy_options.txt | 7 + modules/caddyhttp/reverseproxy/admin.go | 3 +- modules/caddyhttp/reverseproxy/caddyfile.go | 221 ++++++++++ .../caddyhttp/reverseproxy/healthchecks.go | 96 +++-- modules/caddyhttp/reverseproxy/hosts.go | 99 ++--- .../caddyhttp/reverseproxy/httptransport.go | 24 +- .../caddyhttp/reverseproxy/reverseproxy.go | 290 +++++++++----- .../reverseproxy/selectionpolicies_test.go | 118 +++--- modules/caddyhttp/reverseproxy/upstreams.go | 377 ++++++++++++++++++ 10 files changed, 1063 insertions(+), 288 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/reverse_proxy_dynamic_upstreams.txt create mode 100644 modules/caddyhttp/reverseproxy/upstreams.go diff --git a/caddytest/integration/caddyfile_adapt/reverse_proxy_dynamic_upstreams.txt b/caddytest/integration/caddyfile_adapt/reverse_proxy_dynamic_upstreams.txt new file mode 100644 index 00000000..2f2cbcd3 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/reverse_proxy_dynamic_upstreams.txt @@ -0,0 +1,116 @@ +:8884 { + reverse_proxy { + dynamic a foo 9000 + } + + reverse_proxy { + dynamic a { + name foo + port 9000 + refresh 5m + resolvers 8.8.8.8 8.8.4.4 + dial_timeout 2s + dial_fallback_delay 300ms + } + } +} + +:8885 { + reverse_proxy { + dynamic srv _api._tcp.example.com + } + + reverse_proxy { + dynamic srv { + service api + proto tcp + name example.com + refresh 5m + resolvers 8.8.8.8 8.8.4.4 + dial_timeout 1s + dial_fallback_delay -1s + } + } +} + +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":8884" + ], + "routes": [ + { + "handle": [ + { + "dynamic_upstreams": { + "name": "foo", + "port": "9000", + "source": "a" + }, + "handler": "reverse_proxy" + }, + { + "dynamic_upstreams": { + "dial_fallback_delay": 300000000, + "dial_timeout": 2000000000, + "name": "foo", + "port": "9000", + "refresh": 300000000000, + "resolver": { + "addresses": [ + "8.8.8.8", + "8.8.4.4" + ] + }, + "source": "a" + }, + "handler": "reverse_proxy" + } + ] + } + ] + }, + "srv1": { + "listen": [ + ":8885" + ], + "routes": [ + { + "handle": [ + { + "dynamic_upstreams": { + "name": "_api._tcp.example.com", + "source": "srv" + }, + "handler": "reverse_proxy" + }, + { + "dynamic_upstreams": { + "dial_fallback_delay": -1000000000, + "dial_timeout": 1000000000, + "name": "example.com", + "proto": "tcp", + "refresh": 300000000000, + "resolver": { + "addresses": [ + "8.8.8.8", + "8.8.4.4" + ] + }, + "service": "api", + "source": "srv" + }, + "handler": "reverse_proxy" + } + ] + } + ] + } + } + } + } +} \ No newline at end of file diff --git a/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt b/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt index 70e7af60..e41b9004 100644 --- a/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt +++ b/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt @@ -17,6 +17,7 @@ https://example.com { dial_fallback_delay 5s response_header_timeout 8s expect_continue_timeout 9s + resolvers 8.8.8.8 8.8.4.4 versions h2c 2 compression off @@ -88,6 +89,12 @@ https://example.com { "max_response_header_size": 30000000, "protocol": "http", "read_buffer_size": 10000000, + "resolver": { + "addresses": [ + "8.8.8.8", + "8.8.4.4" + ] + }, "response_header_timeout": 8000000000, "versions": [ "h2c", diff --git a/modules/caddyhttp/reverseproxy/admin.go b/modules/caddyhttp/reverseproxy/admin.go index 25685a3a..81ec4358 100644 --- a/modules/caddyhttp/reverseproxy/admin.go +++ b/modules/caddyhttp/reverseproxy/admin.go @@ -87,7 +87,7 @@ func (adminUpstreams) handleUpstreams(w http.ResponseWriter, r *http.Request) er return false } - upstream, ok := val.(*upstreamHost) + upstream, ok := val.(*Host) if !ok { rangeErr = caddy.APIError{ HTTPStatus: http.StatusInternalServerError, @@ -98,7 +98,6 @@ func (adminUpstreams) handleUpstreams(w http.ResponseWriter, r *http.Request) er results = append(results, upstreamStatus{ Address: address, - Healthy: !upstream.Unhealthy(), NumRequests: upstream.NumRequests(), Fails: upstream.Fails(), }) diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index e1272375..f4b16369 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -53,6 +53,7 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) // reverse_proxy [] [] { // # upstreams // to +// dynamic [...] // // # load balancing // lb_policy [] @@ -190,6 +191,25 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { } } + case "dynamic": + if !d.NextArg() { + return d.ArgErr() + } + if h.DynamicUpstreams != nil { + return d.Err("dynamic upstreams already specified") + } + dynModule := d.Val() + modID := "http.reverse_proxy.upstreams." + dynModule + unm, err := caddyfile.UnmarshalModule(d, modID) + if err != nil { + return err + } + source, ok := unm.(UpstreamSource) + if !ok { + return d.Errf("module %s (%T) is not an UpstreamSource", modID, unm) + } + h.DynamicUpstreamsRaw = caddyconfig.JSONModuleObject(source, "source", dynModule, nil) + case "lb_policy": if !d.NextArg() { return d.ArgErr() @@ -749,6 +769,7 @@ func (h *Handler) FinalizeUnmarshalCaddyfile(helper httpcaddyfile.Helper) error // dial_fallback_delay // response_header_timeout // expect_continue_timeout +// resolvers // tls // tls_client_auth | // tls_insecure_skip_verify @@ -839,6 +860,15 @@ func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { } h.ExpectContinueTimeout = caddy.Duration(dur) + case "resolvers": + if h.Resolver == nil { + h.Resolver = new(UpstreamResolver) + } + h.Resolver.Addresses = d.RemainingArgs() + if len(h.Resolver.Addresses) == 0 { + return d.Errf("must specify at least one resolver address") + } + case "tls_client_auth": if h.TLS == nil { h.TLS = new(TLSConfig) @@ -989,10 +1019,201 @@ func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return nil } +// UnmarshalCaddyfile deserializes Caddyfile tokens into h. +// +// dynamic srv [] { +// service +// proto +// name +// refresh +// resolvers +// dial_timeout +// dial_fallback_delay +// } +// +func (u *SRVUpstreams) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + for d.Next() { + args := d.RemainingArgs() + if len(args) > 1 { + return d.ArgErr() + } + if len(args) > 0 { + u.Name = args[0] + } + + for d.NextBlock(0) { + switch d.Val() { + case "service": + if !d.NextArg() { + return d.ArgErr() + } + if u.Service != "" { + return d.Errf("srv service has already been specified") + } + u.Service = d.Val() + + case "proto": + if !d.NextArg() { + return d.ArgErr() + } + if u.Proto != "" { + return d.Errf("srv proto has already been specified") + } + u.Proto = d.Val() + + case "name": + if !d.NextArg() { + return d.ArgErr() + } + if u.Name != "" { + return d.Errf("srv name has already been specified") + } + u.Name = d.Val() + + case "refresh": + if !d.NextArg() { + return d.ArgErr() + } + dur, err := caddy.ParseDuration(d.Val()) + if err != nil { + return d.Errf("parsing refresh interval duration: %v", err) + } + u.Refresh = caddy.Duration(dur) + + case "resolvers": + if u.Resolver == nil { + u.Resolver = new(UpstreamResolver) + } + u.Resolver.Addresses = d.RemainingArgs() + if len(u.Resolver.Addresses) == 0 { + return d.Errf("must specify at least one resolver address") + } + + case "dial_timeout": + if !d.NextArg() { + return d.ArgErr() + } + dur, err := caddy.ParseDuration(d.Val()) + if err != nil { + return d.Errf("bad timeout value '%s': %v", d.Val(), err) + } + u.DialTimeout = caddy.Duration(dur) + + case "dial_fallback_delay": + if !d.NextArg() { + return d.ArgErr() + } + dur, err := caddy.ParseDuration(d.Val()) + if err != nil { + return d.Errf("bad delay value '%s': %v", d.Val(), err) + } + u.FallbackDelay = caddy.Duration(dur) + + default: + return d.Errf("unrecognized srv option '%s'", d.Val()) + } + } + } + + return nil +} + +// UnmarshalCaddyfile deserializes Caddyfile tokens into h. +// +// dynamic a [ +// port +// refresh +// resolvers +// dial_timeout +// dial_fallback_delay +// } +// +func (u *AUpstreams) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + for d.Next() { + args := d.RemainingArgs() + if len(args) > 2 { + return d.ArgErr() + } + if len(args) > 0 { + u.Name = args[0] + u.Port = args[1] + } + + for d.NextBlock(0) { + switch d.Val() { + case "name": + if !d.NextArg() { + return d.ArgErr() + } + if u.Name != "" { + return d.Errf("a name has already been specified") + } + u.Name = d.Val() + + case "port": + if !d.NextArg() { + return d.ArgErr() + } + if u.Port != "" { + return d.Errf("a port has already been specified") + } + u.Port = d.Val() + + case "refresh": + if !d.NextArg() { + return d.ArgErr() + } + dur, err := caddy.ParseDuration(d.Val()) + if err != nil { + return d.Errf("parsing refresh interval duration: %v", err) + } + u.Refresh = caddy.Duration(dur) + + case "resolvers": + if u.Resolver == nil { + u.Resolver = new(UpstreamResolver) + } + u.Resolver.Addresses = d.RemainingArgs() + if len(u.Resolver.Addresses) == 0 { + return d.Errf("must specify at least one resolver address") + } + + case "dial_timeout": + if !d.NextArg() { + return d.ArgErr() + } + dur, err := caddy.ParseDuration(d.Val()) + if err != nil { + return d.Errf("bad timeout value '%s': %v", d.Val(), err) + } + u.DialTimeout = caddy.Duration(dur) + + case "dial_fallback_delay": + if !d.NextArg() { + return d.ArgErr() + } + dur, err := caddy.ParseDuration(d.Val()) + if err != nil { + return d.Errf("bad delay value '%s': %v", d.Val(), err) + } + u.FallbackDelay = caddy.Duration(dur) + + default: + return d.Errf("unrecognized srv option '%s'", d.Val()) + } + } + } + + return nil +} + const matcherPrefix = "@" // Interface guards var ( _ caddyfile.Unmarshaler = (*Handler)(nil) _ caddyfile.Unmarshaler = (*HTTPTransport)(nil) + _ caddyfile.Unmarshaler = (*SRVUpstreams)(nil) + _ caddyfile.Unmarshaler = (*AUpstreams)(nil) ) diff --git a/modules/caddyhttp/reverseproxy/healthchecks.go b/modules/caddyhttp/reverseproxy/healthchecks.go index 230bf3aa..317b283e 100644 --- a/modules/caddyhttp/reverseproxy/healthchecks.go +++ b/modules/caddyhttp/reverseproxy/healthchecks.go @@ -18,7 +18,6 @@ import ( "context" "fmt" "io" - "log" "net" "net/http" "net/url" @@ -37,12 +36,32 @@ import ( type HealthChecks struct { // Active health checks run in the background on a timer. To // minimally enable active health checks, set either path or - // port (or both). + // port (or both). Note that active health check status + // (healthy/unhealthy) is stored per-proxy-handler, not + // globally; this allows different handlers to use different + // criteria to decide what defines a healthy backend. + // + // Active health checks do not run for dynamic upstreams. Active *ActiveHealthChecks `json:"active,omitempty"` // Passive health checks monitor proxied requests for errors or timeouts. // To minimally enable passive health checks, specify at least an empty - // config object. + // config object. Passive health check state is shared (stored globally), + // so a failure from one handler will be counted by all handlers; but + // the tolerances or standards for what defines healthy/unhealthy backends + // is configured per-proxy-handler. + // + // Passive health checks technically do operate on dynamic upstreams, + // but are only effective for very busy proxies where the list of + // upstreams is mostly stable. This is because the shared/global + // state of upstreams is cleaned up when the upstreams are no longer + // used. Since dynamic upstreams are allocated dynamically at each + // request (specifically, each iteration of the proxy loop per request), + // they are also cleaned up after every request. Thus, if there is a + // moment when no requests are actively referring to a particular + // upstream host, the passive health check state will be reset because + // it will be garbage-collected. It is usually better for the dynamic + // upstream module to only return healthy, available backends instead. Passive *PassiveHealthChecks `json:"passive,omitempty"` } @@ -50,8 +69,7 @@ type HealthChecks struct { // health checks (that is, health checks which occur in a // background goroutine independently). type ActiveHealthChecks struct { - // The path to use for health checks. - // DEPRECATED: Use 'uri' instead. + // DEPRECATED: Use 'uri' instead. This field will be removed. TODO: remove this field Path string `json:"path,omitempty"` // The URI (path and query) to use for health checks @@ -132,7 +150,9 @@ type CircuitBreaker interface { func (h *Handler) activeHealthChecker() { defer func() { if err := recover(); err != nil { - log.Printf("[PANIC] active health checks: %v\n%s", err, debug.Stack()) + h.HealthChecks.Active.logger.Error("active health checker panicked", + zap.Any("error", err), + zap.ByteString("stack", debug.Stack())) } }() ticker := time.NewTicker(time.Duration(h.HealthChecks.Active.Interval)) @@ -155,7 +175,9 @@ func (h *Handler) doActiveHealthCheckForAllHosts() { go func(upstream *Upstream) { defer func() { if err := recover(); err != nil { - log.Printf("[PANIC] active health check: %v\n%s", err, debug.Stack()) + h.HealthChecks.Active.logger.Error("active health check panicked", + zap.Any("error", err), + zap.ByteString("stack", debug.Stack())) } }() @@ -195,7 +217,7 @@ func (h *Handler) doActiveHealthCheckForAllHosts() { // so use a fake Host value instead; unix sockets are usually local hostAddr = "localhost" } - err = h.doActiveHealthCheck(DialInfo{Network: addr.Network, Address: dialAddr}, hostAddr, upstream.Host) + err = h.doActiveHealthCheck(DialInfo{Network: addr.Network, Address: dialAddr}, hostAddr, upstream) if err != nil { h.HealthChecks.Active.logger.Error("active health check failed", zap.String("address", hostAddr), @@ -206,14 +228,14 @@ func (h *Handler) doActiveHealthCheckForAllHosts() { } } -// doActiveHealthCheck performs a health check to host which +// doActiveHealthCheck performs a health check to upstream which // can be reached at address hostAddr. The actual address for // the request will be built according to active health checker // config. The health status of the host will be updated // according to whether it passes the health check. An error is // returned only if the health check fails to occur or if marking // the host's health status fails. -func (h *Handler) doActiveHealthCheck(dialInfo DialInfo, hostAddr string, host Host) error { +func (h *Handler) doActiveHealthCheck(dialInfo DialInfo, hostAddr string, upstream *Upstream) error { // create the URL for the request that acts as a health check scheme := "http" if ht, ok := h.Transport.(TLSTransport); ok && ht.TLSEnabled() { @@ -269,10 +291,7 @@ func (h *Handler) doActiveHealthCheck(dialInfo DialInfo, hostAddr string, host H zap.String("host", hostAddr), zap.Error(err), ) - _, err2 := host.SetHealthy(false) - if err2 != nil { - return fmt.Errorf("marking unhealthy: %v", err2) - } + upstream.setHealthy(false) return nil } var body io.Reader = resp.Body @@ -292,10 +311,7 @@ func (h *Handler) doActiveHealthCheck(dialInfo DialInfo, hostAddr string, host H zap.Int("status_code", resp.StatusCode), zap.String("host", hostAddr), ) - _, err := host.SetHealthy(false) - if err != nil { - return fmt.Errorf("marking unhealthy: %v", err) - } + upstream.setHealthy(false) return nil } } else if resp.StatusCode < 200 || resp.StatusCode >= 400 { @@ -303,10 +319,7 @@ func (h *Handler) doActiveHealthCheck(dialInfo DialInfo, hostAddr string, host H zap.Int("status_code", resp.StatusCode), zap.String("host", hostAddr), ) - _, err := host.SetHealthy(false) - if err != nil { - return fmt.Errorf("marking unhealthy: %v", err) - } + upstream.setHealthy(false) return nil } @@ -318,33 +331,21 @@ func (h *Handler) doActiveHealthCheck(dialInfo DialInfo, hostAddr string, host H zap.String("host", hostAddr), zap.Error(err), ) - _, err := host.SetHealthy(false) - if err != nil { - return fmt.Errorf("marking unhealthy: %v", err) - } + upstream.setHealthy(false) return nil } if !h.HealthChecks.Active.bodyRegexp.Match(bodyBytes) { h.HealthChecks.Active.logger.Info("response body failed expectations", zap.String("host", hostAddr), ) - _, err := host.SetHealthy(false) - if err != nil { - return fmt.Errorf("marking unhealthy: %v", err) - } + upstream.setHealthy(false) return nil } } // passed health check parameters, so mark as healthy - swapped, err := host.SetHealthy(true) - if swapped { - h.HealthChecks.Active.logger.Info("host is up", - zap.String("host", hostAddr), - ) - } - if err != nil { - return fmt.Errorf("marking healthy: %v", err) + if upstream.setHealthy(true) { + h.HealthChecks.Active.logger.Info("host is up", zap.String("host", hostAddr)) } return nil @@ -366,7 +367,7 @@ func (h *Handler) countFailure(upstream *Upstream) { } // count failure immediately - err := upstream.Host.CountFail(1) + err := upstream.Host.countFail(1) if err != nil { h.HealthChecks.Passive.logger.Error("could not count failure", zap.String("host", upstream.Dial), @@ -375,14 +376,23 @@ func (h *Handler) countFailure(upstream *Upstream) { } // forget it later - go func(host Host, failDuration time.Duration) { + go func(host *Host, failDuration time.Duration) { defer func() { if err := recover(); err != nil { - log.Printf("[PANIC] health check failure forgetter: %v\n%s", err, debug.Stack()) + h.HealthChecks.Passive.logger.Error("passive health check failure forgetter panicked", + zap.Any("error", err), + zap.ByteString("stack", debug.Stack())) } }() - time.Sleep(failDuration) - err := host.CountFail(-1) + timer := time.NewTimer(failDuration) + select { + case <-h.ctx.Done(): + if !timer.Stop() { + <-timer.C + } + case <-timer.C: + } + err := host.countFail(-1) if err != nil { h.HealthChecks.Passive.logger.Error("could not forget failure", zap.String("host", upstream.Dial), diff --git a/modules/caddyhttp/reverseproxy/hosts.go b/modules/caddyhttp/reverseproxy/hosts.go index b9817d23..a973ecba 100644 --- a/modules/caddyhttp/reverseproxy/hosts.go +++ b/modules/caddyhttp/reverseproxy/hosts.go @@ -26,44 +26,14 @@ import ( "github.com/caddyserver/caddy/v2/modules/caddyhttp" ) -// Host represents a remote host which can be proxied to. -// Its methods must be safe for concurrent use. -type Host interface { - // NumRequests returns the number of requests - // currently in process with the host. - NumRequests() int - - // Fails returns the count of recent failures. - Fails() int - - // Unhealthy returns true if the backend is unhealthy. - Unhealthy() bool - - // CountRequest atomically counts the given number of - // requests as currently in process with the host. The - // count should not go below 0. - CountRequest(int) error - - // CountFail atomically counts the given number of - // failures with the host. The count should not go - // below 0. - CountFail(int) error - - // SetHealthy atomically marks the host as either - // healthy (true) or unhealthy (false). If the given - // status is the same, this should be a no-op and - // return false. It returns true if the status was - // changed; i.e. if it is now different from before. - SetHealthy(bool) (bool, error) -} - // UpstreamPool is a collection of upstreams. type UpstreamPool []*Upstream // Upstream bridges this proxy's configuration to the // state of the backend host it is correlated with. +// Upstream values must not be copied. type Upstream struct { - Host `json:"-"` + *Host `json:"-"` // The [network address](/docs/conventions#network-addresses) // to dial to connect to the upstream. Must represent precisely @@ -77,6 +47,10 @@ type Upstream struct { // backends is down. Also be aware of open proxy vulnerabilities. Dial string `json:"dial,omitempty"` + // DEPRECATED: Use the SRVUpstreams module instead + // (http.reverse_proxy.upstreams.srv). This field will be + // removed in a future version of Caddy. TODO: Remove this field. + // // If DNS SRV records are used for service discovery with this // upstream, specify the DNS name for which to look up SRV // records here, instead of specifying a dial address. @@ -95,6 +69,7 @@ type Upstream struct { activeHealthCheckPort int healthCheckPolicy *PassiveHealthChecks cb CircuitBreaker + unhealthy int32 // accessed atomically; status from active health checker } func (u Upstream) String() string { @@ -117,7 +92,7 @@ func (u *Upstream) Available() bool { // is currently known to be healthy or "up". // It consults the circuit breaker, if any. func (u *Upstream) Healthy() bool { - healthy := !u.Host.Unhealthy() + healthy := u.healthy() if healthy && u.healthCheckPolicy != nil { healthy = u.Host.Fails() < u.healthCheckPolicy.MaxFails } @@ -142,7 +117,7 @@ func (u *Upstream) fillDialInfo(r *http.Request) (DialInfo, error) { var addr caddy.NetworkAddress if u.LookupSRV != "" { - // perform DNS lookup for SRV records and choose one + // perform DNS lookup for SRV records and choose one - TODO: deprecated srvName := repl.ReplaceAll(u.LookupSRV, "") _, records, err := net.DefaultResolver.LookupSRV(r.Context(), "", "", srvName) if err != nil { @@ -174,59 +149,67 @@ func (u *Upstream) fillDialInfo(r *http.Request) (DialInfo, error) { }, nil } -// upstreamHost is the basic, in-memory representation -// of the state of a remote host. It implements the -// Host interface. -type upstreamHost struct { +func (u *Upstream) fillHost() { + host := new(Host) + existingHost, loaded := hosts.LoadOrStore(u.String(), host) + if loaded { + host = existingHost.(*Host) + } + u.Host = host +} + +// Host is the basic, in-memory representation of the state of a remote host. +// Its fields are accessed atomically and Host values must not be copied. +type Host struct { numRequests int64 // must be 64-bit aligned on 32-bit systems (see https://golang.org/pkg/sync/atomic/#pkg-note-BUG) fails int64 - unhealthy int32 } // NumRequests returns the number of active requests to the upstream. -func (uh *upstreamHost) NumRequests() int { - return int(atomic.LoadInt64(&uh.numRequests)) +func (h *Host) NumRequests() int { + return int(atomic.LoadInt64(&h.numRequests)) } // Fails returns the number of recent failures with the upstream. -func (uh *upstreamHost) Fails() int { - return int(atomic.LoadInt64(&uh.fails)) +func (h *Host) Fails() int { + return int(atomic.LoadInt64(&h.fails)) } -// Unhealthy returns whether the upstream is healthy. -func (uh *upstreamHost) Unhealthy() bool { - return atomic.LoadInt32(&uh.unhealthy) == 1 -} - -// CountRequest mutates the active request count by +// countRequest mutates the active request count by // delta. It returns an error if the adjustment fails. -func (uh *upstreamHost) CountRequest(delta int) error { - result := atomic.AddInt64(&uh.numRequests, int64(delta)) +func (h *Host) countRequest(delta int) error { + result := atomic.AddInt64(&h.numRequests, int64(delta)) if result < 0 { return fmt.Errorf("count below 0: %d", result) } return nil } -// CountFail mutates the recent failures count by +// countFail mutates the recent failures count by // delta. It returns an error if the adjustment fails. -func (uh *upstreamHost) CountFail(delta int) error { - result := atomic.AddInt64(&uh.fails, int64(delta)) +func (h *Host) countFail(delta int) error { + result := atomic.AddInt64(&h.fails, int64(delta)) if result < 0 { return fmt.Errorf("count below 0: %d", result) } return nil } +// healthy returns true if the upstream is not actively marked as unhealthy. +// (This returns the status only from the "active" health checks.) +func (u *Upstream) healthy() bool { + return atomic.LoadInt32(&u.unhealthy) == 0 +} + // SetHealthy sets the upstream has healthy or unhealthy -// and returns true if the new value is different. -func (uh *upstreamHost) SetHealthy(healthy bool) (bool, error) { +// and returns true if the new value is different. This +// sets the status only for the "active" health checks. +func (u *Upstream) setHealthy(healthy bool) bool { var unhealthy, compare int32 = 1, 0 if healthy { unhealthy, compare = 0, 1 } - swapped := atomic.CompareAndSwapInt32(&uh.unhealthy, compare, unhealthy) - return swapped, nil + return atomic.CompareAndSwapInt32(&u.unhealthy, compare, unhealthy) } // DialInfo contains information needed to dial a diff --git a/modules/caddyhttp/reverseproxy/httptransport.go b/modules/caddyhttp/reverseproxy/httptransport.go index 4be51afe..f7472bea 100644 --- a/modules/caddyhttp/reverseproxy/httptransport.go +++ b/modules/caddyhttp/reverseproxy/httptransport.go @@ -168,15 +168,9 @@ func (h *HTTPTransport) NewTransport(ctx caddy.Context) (*http.Transport, error) } if h.Resolver != nil { - for _, v := range h.Resolver.Addresses { - addr, err := caddy.ParseNetworkAddress(v) - if err != nil { - return nil, err - } - if addr.PortRangeSize() != 1 { - return nil, fmt.Errorf("resolver address must have exactly one address; cannot call %v", addr) - } - h.Resolver.netAddrs = append(h.Resolver.netAddrs, addr) + err := h.Resolver.ParseAddresses() + if err != nil { + return nil, err } d := &net.Dialer{ Timeout: time.Duration(h.DialTimeout), @@ -406,18 +400,6 @@ func (t TLSConfig) MakeTLSClientConfig(ctx caddy.Context) (*tls.Config, error) { return cfg, nil } -// UpstreamResolver holds the set of addresses of DNS resolvers of -// upstream addresses -type UpstreamResolver struct { - // The addresses of DNS resolvers to use when looking up the addresses of proxy upstreams. - // It accepts [network addresses](/docs/conventions#network-addresses) - // with port range of only 1. If the host is an IP address, it will be dialed directly to resolve the upstream server. - // If the host is not an IP address, the addresses are resolved using the [name resolution convention](https://golang.org/pkg/net/#hdr-Name_Resolution) of the Go standard library. - // If the array contains more than 1 resolver address, one is chosen at random. - Addresses []string `json:"addresses,omitempty"` - netAddrs []caddy.NetworkAddress -} - // KeepAlive holds configuration pertaining to HTTP Keep-Alive. type KeepAlive struct { // Whether HTTP Keep-Alive is enabled. Default: true diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index a5bdc310..3355f0b5 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -78,9 +78,20 @@ type Handler struct { // up or down. Down backends will not be proxied to. HealthChecks *HealthChecks `json:"health_checks,omitempty"` - // Upstreams is the list of backends to proxy to. + // Upstreams is the static list of backends to proxy to. Upstreams UpstreamPool `json:"upstreams,omitempty"` + // A module for retrieving the list of upstreams dynamically. Dynamic + // upstreams are retrieved at every iteration of the proxy loop for + // each request (i.e. before every proxy attempt within every request). + // Active health checks do not work on dynamic upstreams, and passive + // health checks are only effective on dynamic upstreams if the proxy + // server is busy enough that concurrent requests to the same backends + // are continuous. Instead of health checks for dynamic upstreams, it + // is recommended that the dynamic upstream module only return available + // backends in the first place. + DynamicUpstreamsRaw json.RawMessage `json:"dynamic_upstreams,omitempty" caddy:"namespace=http.reverse_proxy.upstreams inline_key=source"` + // Adjusts how often to flush the response buffer. By default, // no periodic flushing is done. A negative value disables // response buffering, and flushes immediately after each @@ -137,8 +148,9 @@ type Handler struct { // - `{http.reverse_proxy.header.*}` The headers from the response HandleResponse []caddyhttp.ResponseHandler `json:"handle_response,omitempty"` - Transport http.RoundTripper `json:"-"` - CB CircuitBreaker `json:"-"` + Transport http.RoundTripper `json:"-"` + CB CircuitBreaker `json:"-"` + DynamicUpstreams UpstreamSource `json:"-"` // Holds the parsed CIDR ranges from TrustedProxies trustedProxies []*net.IPNet @@ -166,7 +178,7 @@ func (h *Handler) Provision(ctx caddy.Context) error { h.ctx = ctx h.logger = ctx.Logger(h) - // verify SRV compatibility + // verify SRV compatibility - TODO: LookupSRV deprecated; will be removed for i, v := range h.Upstreams { if v.LookupSRV == "" { continue @@ -201,6 +213,13 @@ func (h *Handler) Provision(ctx caddy.Context) error { } h.CB = mod.(CircuitBreaker) } + if h.DynamicUpstreamsRaw != nil { + mod, err := ctx.LoadModule(h, "DynamicUpstreamsRaw") + if err != nil { + return fmt.Errorf("loading upstream source module: %v", err) + } + h.DynamicUpstreams = mod.(UpstreamSource) + } // parse trusted proxy CIDRs ahead of time for _, str := range h.TrustedProxies { @@ -270,38 +289,8 @@ func (h *Handler) Provision(ctx caddy.Context) error { } // set up upstreams - for _, upstream := range h.Upstreams { - // create or get the host representation for this upstream - var host Host = new(upstreamHost) - existingHost, loaded := hosts.LoadOrStore(upstream.String(), host) - if loaded { - host = existingHost.(Host) - } - upstream.Host = host - - // give it the circuit breaker, if any - upstream.cb = h.CB - - // if the passive health checker has a non-zero UnhealthyRequestCount - // but the upstream has no MaxRequests set (they are the same thing, - // but the passive health checker is a default value for for upstreams - // without MaxRequests), copy the value into this upstream, since the - // value in the upstream (MaxRequests) is what is used during - // availability checks - if h.HealthChecks != nil && h.HealthChecks.Passive != nil { - h.HealthChecks.Passive.logger = h.logger.Named("health_checker.passive") - if h.HealthChecks.Passive.UnhealthyRequestCount > 0 && - upstream.MaxRequests == 0 { - upstream.MaxRequests = h.HealthChecks.Passive.UnhealthyRequestCount - } - } - - // upstreams need independent access to the passive - // health check policy because passive health checks - // run without access to h. - if h.HealthChecks != nil { - upstream.healthCheckPolicy = h.HealthChecks.Passive - } + for _, u := range h.Upstreams { + h.provisionUpstream(u) } if h.HealthChecks != nil { @@ -413,79 +402,127 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyht repl.Set("http.reverse_proxy.duration", time.Since(start)) }() + // in the proxy loop, each iteration is an attempt to proxy the request, + // and because we may retry some number of times, carry over the error + // from previous tries because of the nuances of load balancing & retries var proxyErr error for { - // choose an available upstream - upstream := h.LoadBalancing.SelectionPolicy.Select(h.Upstreams, clonedReq, w) - if upstream == nil { - if proxyErr == nil { - proxyErr = fmt.Errorf("no upstreams available") - } - if !h.LoadBalancing.tryAgain(h.ctx, start, proxyErr, clonedReq) { - break - } - continue - } - - // the dial address may vary per-request if placeholders are - // used, so perform those replacements here; the resulting - // DialInfo struct should have valid network address syntax - dialInfo, err := upstream.fillDialInfo(clonedReq) - if err != nil { - return statusError(fmt.Errorf("making dial info: %v", err)) - } - - // attach to the request information about how to dial the upstream; - // this is necessary because the information cannot be sufficiently - // or satisfactorily represented in a URL - caddyhttp.SetVar(r.Context(), dialInfoVarKey, dialInfo) - - // set placeholders with information about this upstream - repl.Set("http.reverse_proxy.upstream.address", dialInfo.String()) - repl.Set("http.reverse_proxy.upstream.hostport", dialInfo.Address) - repl.Set("http.reverse_proxy.upstream.host", dialInfo.Host) - repl.Set("http.reverse_proxy.upstream.port", dialInfo.Port) - repl.Set("http.reverse_proxy.upstream.requests", upstream.Host.NumRequests()) - repl.Set("http.reverse_proxy.upstream.max_requests", upstream.MaxRequests) - repl.Set("http.reverse_proxy.upstream.fails", upstream.Host.Fails()) - - // mutate request headers according to this upstream; - // because we're in a retry loop, we have to copy - // headers (and the Host value) from the original - // so that each retry is identical to the first - if h.Headers != nil && h.Headers.Request != nil { - clonedReq.Header = make(http.Header) - copyHeader(clonedReq.Header, reqHeader) - clonedReq.Host = reqHost - h.Headers.Request.ApplyToRequest(clonedReq) - } - - // proxy the request to that upstream - proxyErr = h.reverseProxy(w, clonedReq, repl, dialInfo, next) - if proxyErr == nil || proxyErr == context.Canceled { - // context.Canceled happens when the downstream client - // cancels the request, which is not our failure - return nil - } - - // if the roundtrip was successful, don't retry the request or - // ding the health status of the upstream (an error can still - // occur after the roundtrip if, for example, a response handler - // after the roundtrip returns an error) - if succ, ok := proxyErr.(roundtripSucceeded); ok { - return succ.error - } - - // remember this failure (if enabled) - h.countFailure(upstream) - - // if we've tried long enough, break - if !h.LoadBalancing.tryAgain(h.ctx, start, proxyErr, clonedReq) { + var done bool + done, proxyErr = h.proxyLoopIteration(clonedReq, w, proxyErr, start, repl, reqHeader, reqHost, next) + if done { break } } - return statusError(proxyErr) + if proxyErr != nil { + return statusError(proxyErr) + } + + return nil +} + +// proxyLoopIteration implements an iteration of the proxy loop. Despite the enormous amount of local state +// that has to be passed in, we brought this into its own method so that we could run defer more easily. +// It returns true when the loop is done and should break; false otherwise. The error value returned should +// be assigned to the proxyErr value for the next iteration of the loop (or the error handled after break). +func (h *Handler) proxyLoopIteration(r *http.Request, w http.ResponseWriter, proxyErr error, start time.Time, + repl *caddy.Replacer, reqHeader http.Header, reqHost string, next caddyhttp.Handler) (bool, error) { + // get the updated list of upstreams + upstreams := h.Upstreams + if h.DynamicUpstreams != nil { + dUpstreams, err := h.DynamicUpstreams.GetUpstreams(r) + if err != nil { + h.logger.Error("failed getting dynamic upstreams; falling back to static upstreams", zap.Error(err)) + } else { + upstreams = dUpstreams + for _, dUp := range dUpstreams { + h.provisionUpstream(dUp) + } + h.logger.Debug("provisioned dynamic upstreams", zap.Int("count", len(dUpstreams))) + defer func() { + // these upstreams are dynamic, so they are only used for this iteration + // of the proxy loop; be sure to let them go away when we're done with them + for _, upstream := range dUpstreams { + _, _ = hosts.Delete(upstream.String()) + } + }() + } + } + + // choose an available upstream + upstream := h.LoadBalancing.SelectionPolicy.Select(upstreams, r, w) + if upstream == nil { + if proxyErr == nil { + proxyErr = fmt.Errorf("no upstreams available") + } + if !h.LoadBalancing.tryAgain(h.ctx, start, proxyErr, r) { + return true, proxyErr + } + return false, proxyErr + } + + // the dial address may vary per-request if placeholders are + // used, so perform those replacements here; the resulting + // DialInfo struct should have valid network address syntax + dialInfo, err := upstream.fillDialInfo(r) + if err != nil { + return true, fmt.Errorf("making dial info: %v", err) + } + + h.logger.Debug("selected upstream", + zap.String("dial", dialInfo.Address), + zap.Int("total_upstreams", len(upstreams))) + + // attach to the request information about how to dial the upstream; + // this is necessary because the information cannot be sufficiently + // or satisfactorily represented in a URL + caddyhttp.SetVar(r.Context(), dialInfoVarKey, dialInfo) + + // set placeholders with information about this upstream + repl.Set("http.reverse_proxy.upstream.address", dialInfo.String()) + repl.Set("http.reverse_proxy.upstream.hostport", dialInfo.Address) + repl.Set("http.reverse_proxy.upstream.host", dialInfo.Host) + repl.Set("http.reverse_proxy.upstream.port", dialInfo.Port) + repl.Set("http.reverse_proxy.upstream.requests", upstream.Host.NumRequests()) + repl.Set("http.reverse_proxy.upstream.max_requests", upstream.MaxRequests) + repl.Set("http.reverse_proxy.upstream.fails", upstream.Host.Fails()) + + // mutate request headers according to this upstream; + // because we're in a retry loop, we have to copy + // headers (and the r.Host value) from the original + // so that each retry is identical to the first + if h.Headers != nil && h.Headers.Request != nil { + r.Header = make(http.Header) + copyHeader(r.Header, reqHeader) + r.Host = reqHost + h.Headers.Request.ApplyToRequest(r) + } + + // proxy the request to that upstream + proxyErr = h.reverseProxy(w, r, repl, dialInfo, next) + if proxyErr == nil || proxyErr == context.Canceled { + // context.Canceled happens when the downstream client + // cancels the request, which is not our failure + return true, nil + } + + // if the roundtrip was successful, don't retry the request or + // ding the health status of the upstream (an error can still + // occur after the roundtrip if, for example, a response handler + // after the roundtrip returns an error) + if succ, ok := proxyErr.(roundtripSucceeded); ok { + return true, succ.error + } + + // remember this failure (if enabled) + h.countFailure(upstream) + + // if we've tried long enough, break + if !h.LoadBalancing.tryAgain(h.ctx, start, proxyErr, r) { + return true, proxyErr + } + + return false, proxyErr } // prepareRequest clones req so that it can be safely modified without @@ -651,9 +688,9 @@ func (h Handler) addForwardedHeaders(req *http.Request) error { // (This method is mostly the beginning of what was borrowed from the net/http/httputil package in the // Go standard library which was used as the foundation.) func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, repl *caddy.Replacer, di DialInfo, next caddyhttp.Handler) error { - _ = di.Upstream.Host.CountRequest(1) + _ = di.Upstream.Host.countRequest(1) //nolint:errcheck - defer di.Upstream.Host.CountRequest(-1) + defer di.Upstream.Host.countRequest(-1) // point the request to this upstream h.directRequest(req, di) @@ -905,6 +942,35 @@ func (Handler) directRequest(req *http.Request, di DialInfo) { req.URL.Host = reqHost } +func (h Handler) provisionUpstream(upstream *Upstream) { + // create or get the host representation for this upstream + upstream.fillHost() + + // give it the circuit breaker, if any + upstream.cb = h.CB + + // if the passive health checker has a non-zero UnhealthyRequestCount + // but the upstream has no MaxRequests set (they are the same thing, + // but the passive health checker is a default value for for upstreams + // without MaxRequests), copy the value into this upstream, since the + // value in the upstream (MaxRequests) is what is used during + // availability checks + if h.HealthChecks != nil && h.HealthChecks.Passive != nil { + h.HealthChecks.Passive.logger = h.logger.Named("health_checker.passive") + if h.HealthChecks.Passive.UnhealthyRequestCount > 0 && + upstream.MaxRequests == 0 { + upstream.MaxRequests = h.HealthChecks.Passive.UnhealthyRequestCount + } + } + + // upstreams need independent access to the passive + // health check policy because passive health checks + // run without access to h. + if h.HealthChecks != nil { + upstream.healthCheckPolicy = h.HealthChecks.Passive + } +} + // bufferedBody reads originalBody into a buffer, then returns a reader for the buffer. // Always close the return value when done with it, just like if it was the original body! func (h Handler) bufferedBody(originalBody io.ReadCloser) io.ReadCloser { @@ -1085,6 +1151,20 @@ type Selector interface { Select(UpstreamPool, *http.Request, http.ResponseWriter) *Upstream } +// UpstreamSource gets the list of upstreams that can be used when +// proxying a request. Returned upstreams will be load balanced and +// health-checked. This should be a very fast function -- instant +// if possible -- and the return value must be as stable as possible. +// In other words, the list of upstreams should ideally not change much +// across successive calls. If the list of upstreams changes or the +// ordering is not stable, load balancing will suffer. This function +// may be called during each retry, multiple times per request, and as +// such, needs to be instantaneous. The returned slice will not be +// modified. +type UpstreamSource interface { + GetUpstreams(*http.Request) ([]*Upstream, error) +} + // Hop-by-hop headers. These are removed when sent to the backend. // As of RFC 7230, hop-by-hop headers are required to appear in the // Connection header field. These are the headers defined by the diff --git a/modules/caddyhttp/reverseproxy/selectionpolicies_test.go b/modules/caddyhttp/reverseproxy/selectionpolicies_test.go index c28799d4..7175f774 100644 --- a/modules/caddyhttp/reverseproxy/selectionpolicies_test.go +++ b/modules/caddyhttp/reverseproxy/selectionpolicies_test.go @@ -22,9 +22,9 @@ import ( func testPool() UpstreamPool { return UpstreamPool{ - {Host: new(upstreamHost)}, - {Host: new(upstreamHost)}, - {Host: new(upstreamHost)}, + {Host: new(Host)}, + {Host: new(Host)}, + {Host: new(Host)}, } } @@ -48,20 +48,20 @@ func TestRoundRobinPolicy(t *testing.T) { t.Error("Expected third round robin host to be first host in the pool.") } // mark host as down - pool[1].SetHealthy(false) + pool[1].setHealthy(false) h = rrPolicy.Select(pool, req, nil) if h != pool[2] { t.Error("Expected to skip down host.") } // mark host as up - pool[1].SetHealthy(true) + pool[1].setHealthy(true) h = rrPolicy.Select(pool, req, nil) if h == pool[2] { t.Error("Expected to balance evenly among healthy hosts") } // mark host as full - pool[1].CountRequest(1) + pool[1].countRequest(1) pool[1].MaxRequests = 1 h = rrPolicy.Select(pool, req, nil) if h != pool[2] { @@ -74,13 +74,13 @@ func TestLeastConnPolicy(t *testing.T) { lcPolicy := new(LeastConnSelection) req, _ := http.NewRequest("GET", "/", nil) - pool[0].CountRequest(10) - pool[1].CountRequest(10) + pool[0].countRequest(10) + pool[1].countRequest(10) h := lcPolicy.Select(pool, req, nil) if h != pool[2] { t.Error("Expected least connection host to be third host.") } - pool[2].CountRequest(100) + pool[2].countRequest(100) h = lcPolicy.Select(pool, req, nil) if h != pool[0] && h != pool[1] { t.Error("Expected least connection host to be first or second host.") @@ -139,7 +139,7 @@ func TestIPHashPolicy(t *testing.T) { // we should get a healthy host if the original host is unhealthy and a // healthy host is available req.RemoteAddr = "172.0.0.1" - pool[1].SetHealthy(false) + pool[1].setHealthy(false) h = ipHash.Select(pool, req, nil) if h != pool[2] { t.Error("Expected ip hash policy host to be the third host.") @@ -150,10 +150,10 @@ func TestIPHashPolicy(t *testing.T) { if h != pool[2] { t.Error("Expected ip hash policy host to be the third host.") } - pool[1].SetHealthy(true) + pool[1].setHealthy(true) req.RemoteAddr = "172.0.0.3" - pool[2].SetHealthy(false) + pool[2].setHealthy(false) h = ipHash.Select(pool, req, nil) if h != pool[0] { t.Error("Expected ip hash policy host to be the first host.") @@ -167,8 +167,8 @@ func TestIPHashPolicy(t *testing.T) { // We should be able to resize the host pool and still be able to predict // where a req will be routed with the same IP's used above pool = UpstreamPool{ - {Host: new(upstreamHost)}, - {Host: new(upstreamHost)}, + {Host: new(Host)}, + {Host: new(Host)}, } req.RemoteAddr = "172.0.0.1:80" h = ipHash.Select(pool, req, nil) @@ -192,8 +192,8 @@ func TestIPHashPolicy(t *testing.T) { } // We should get nil when there are no healthy hosts - pool[0].SetHealthy(false) - pool[1].SetHealthy(false) + pool[0].setHealthy(false) + pool[1].setHealthy(false) h = ipHash.Select(pool, req, nil) if h != nil { t.Error("Expected ip hash policy host to be nil.") @@ -201,25 +201,25 @@ func TestIPHashPolicy(t *testing.T) { // Reproduce #4135 pool = UpstreamPool{ - {Host: new(upstreamHost)}, - {Host: new(upstreamHost)}, - {Host: new(upstreamHost)}, - {Host: new(upstreamHost)}, - {Host: new(upstreamHost)}, - {Host: new(upstreamHost)}, - {Host: new(upstreamHost)}, - {Host: new(upstreamHost)}, - {Host: new(upstreamHost)}, + {Host: new(Host)}, + {Host: new(Host)}, + {Host: new(Host)}, + {Host: new(Host)}, + {Host: new(Host)}, + {Host: new(Host)}, + {Host: new(Host)}, + {Host: new(Host)}, + {Host: new(Host)}, } - pool[0].SetHealthy(false) - pool[1].SetHealthy(false) - pool[2].SetHealthy(false) - pool[3].SetHealthy(false) - pool[4].SetHealthy(false) - pool[5].SetHealthy(false) - pool[6].SetHealthy(false) - pool[7].SetHealthy(false) - pool[8].SetHealthy(true) + pool[0].setHealthy(false) + pool[1].setHealthy(false) + pool[2].setHealthy(false) + pool[3].setHealthy(false) + pool[4].setHealthy(false) + pool[5].setHealthy(false) + pool[6].setHealthy(false) + pool[7].setHealthy(false) + pool[8].setHealthy(true) // We should get a result back when there is one healthy host left. h = ipHash.Select(pool, req, nil) @@ -239,7 +239,7 @@ func TestFirstPolicy(t *testing.T) { t.Error("Expected first policy host to be the first host.") } - pool[0].SetHealthy(false) + pool[0].setHealthy(false) h = firstPolicy.Select(pool, req, nil) if h != pool[1] { t.Error("Expected first policy host to be the second host.") @@ -256,7 +256,7 @@ func TestURIHashPolicy(t *testing.T) { t.Error("Expected uri policy host to be the first host.") } - pool[0].SetHealthy(false) + pool[0].setHealthy(false) h = uriPolicy.Select(pool, request, nil) if h != pool[1] { t.Error("Expected uri policy host to be the first host.") @@ -271,8 +271,8 @@ func TestURIHashPolicy(t *testing.T) { // We should be able to resize the host pool and still be able to predict // where a request will be routed with the same URI's used above pool = UpstreamPool{ - {Host: new(upstreamHost)}, - {Host: new(upstreamHost)}, + {Host: new(Host)}, + {Host: new(Host)}, } request = httptest.NewRequest(http.MethodGet, "/test", nil) @@ -281,7 +281,7 @@ func TestURIHashPolicy(t *testing.T) { t.Error("Expected uri policy host to be the first host.") } - pool[0].SetHealthy(false) + pool[0].setHealthy(false) h = uriPolicy.Select(pool, request, nil) if h != pool[1] { t.Error("Expected uri policy host to be the first host.") @@ -293,8 +293,8 @@ func TestURIHashPolicy(t *testing.T) { t.Error("Expected uri policy host to be the second host.") } - pool[0].SetHealthy(false) - pool[1].SetHealthy(false) + pool[0].setHealthy(false) + pool[1].setHealthy(false) h = uriPolicy.Select(pool, request, nil) if h != nil { t.Error("Expected uri policy policy host to be nil.") @@ -306,12 +306,12 @@ func TestLeastRequests(t *testing.T) { pool[0].Dial = "localhost:8080" pool[1].Dial = "localhost:8081" pool[2].Dial = "localhost:8082" - pool[0].SetHealthy(true) - pool[1].SetHealthy(true) - pool[2].SetHealthy(true) - pool[0].CountRequest(10) - pool[1].CountRequest(20) - pool[2].CountRequest(30) + pool[0].setHealthy(true) + pool[1].setHealthy(true) + pool[2].setHealthy(true) + pool[0].countRequest(10) + pool[1].countRequest(20) + pool[2].countRequest(30) result := leastRequests(pool) @@ -329,12 +329,12 @@ func TestRandomChoicePolicy(t *testing.T) { pool[0].Dial = "localhost:8080" pool[1].Dial = "localhost:8081" pool[2].Dial = "localhost:8082" - pool[0].SetHealthy(false) - pool[1].SetHealthy(true) - pool[2].SetHealthy(true) - pool[0].CountRequest(10) - pool[1].CountRequest(20) - pool[2].CountRequest(30) + pool[0].setHealthy(false) + pool[1].setHealthy(true) + pool[2].setHealthy(true) + pool[0].countRequest(10) + pool[1].countRequest(20) + pool[2].countRequest(30) request := httptest.NewRequest(http.MethodGet, "/test", nil) randomChoicePolicy := new(RandomChoiceSelection) @@ -357,9 +357,9 @@ func TestCookieHashPolicy(t *testing.T) { pool[0].Dial = "localhost:8080" pool[1].Dial = "localhost:8081" pool[2].Dial = "localhost:8082" - pool[0].SetHealthy(true) - pool[1].SetHealthy(false) - pool[2].SetHealthy(false) + pool[0].setHealthy(true) + pool[1].setHealthy(false) + pool[2].setHealthy(false) request := httptest.NewRequest(http.MethodGet, "/test", nil) w := httptest.NewRecorder() cookieHashPolicy := new(CookieHashSelection) @@ -374,8 +374,8 @@ func TestCookieHashPolicy(t *testing.T) { if h != pool[0] { t.Error("Expected cookieHashPolicy host to be the first only available host.") } - pool[1].SetHealthy(true) - pool[2].SetHealthy(true) + pool[1].setHealthy(true) + pool[2].setHealthy(true) request = httptest.NewRequest(http.MethodGet, "/test", nil) w = httptest.NewRecorder() request.AddCookie(cookieServer1) @@ -387,7 +387,7 @@ func TestCookieHashPolicy(t *testing.T) { if len(s) != 0 { t.Error("Expected cookieHashPolicy to not set a new cookie.") } - pool[0].SetHealthy(false) + pool[0].setHealthy(false) request = httptest.NewRequest(http.MethodGet, "/test", nil) w = httptest.NewRecorder() request.AddCookie(cookieServer1) diff --git a/modules/caddyhttp/reverseproxy/upstreams.go b/modules/caddyhttp/reverseproxy/upstreams.go new file mode 100644 index 00000000..eb5845fc --- /dev/null +++ b/modules/caddyhttp/reverseproxy/upstreams.go @@ -0,0 +1,377 @@ +package reverseproxy + +import ( + "context" + "fmt" + weakrand "math/rand" + "net" + "net/http" + "strconv" + "sync" + "time" + + "github.com/caddyserver/caddy/v2" + "go.uber.org/zap" +) + +func init() { + caddy.RegisterModule(SRVUpstreams{}) + caddy.RegisterModule(AUpstreams{}) +} + +// SRVUpstreams provides upstreams from SRV lookups. +// The lookup DNS name can be configured either by +// its individual parts (that is, specifying the +// service, protocol, and name separately) to form +// the standard "_service._proto.name" domain, or +// the domain can be specified directly in name by +// leaving service and proto empty. See RFC 2782. +// +// Lookups are cached and refreshed at the configured +// refresh interval. +// +// Returned upstreams are sorted by priority and weight. +type SRVUpstreams struct { + // The service label. + Service string `json:"service,omitempty"` + + // The protocol label; either tcp or udp. + Proto string `json:"proto,omitempty"` + + // The name label; or, if service and proto are + // empty, the entire domain name to look up. + Name string `json:"name,omitempty"` + + // The interval at which to refresh the SRV lookup. + // Results are cached between lookups. Default: 1m + Refresh caddy.Duration `json:"refresh,omitempty"` + + // Configures the DNS resolver used to resolve the + // SRV address to SRV records. + Resolver *UpstreamResolver `json:"resolver,omitempty"` + + // If Resolver is configured, how long to wait before + // timing out trying to connect to the DNS server. + DialTimeout caddy.Duration `json:"dial_timeout,omitempty"` + + // If Resolver is configured, how long to wait before + // spawning an RFC 6555 Fast Fallback connection. + // A negative value disables this. + FallbackDelay caddy.Duration `json:"dial_fallback_delay,omitempty"` + + resolver *net.Resolver + + logger *zap.Logger +} + +// CaddyModule returns the Caddy module information. +func (SRVUpstreams) CaddyModule() caddy.ModuleInfo { + return caddy.ModuleInfo{ + ID: "http.reverse_proxy.upstreams.srv", + New: func() caddy.Module { return new(SRVUpstreams) }, + } +} + +// String returns the RFC 2782 representation of the SRV domain. +func (su SRVUpstreams) String() string { + return fmt.Sprintf("_%s._%s.%s", su.Service, su.Proto, su.Name) +} + +func (su *SRVUpstreams) Provision(ctx caddy.Context) error { + su.logger = ctx.Logger(su) + if su.Refresh == 0 { + su.Refresh = caddy.Duration(time.Minute) + } + + if su.Resolver != nil { + err := su.Resolver.ParseAddresses() + if err != nil { + return err + } + d := &net.Dialer{ + Timeout: time.Duration(su.DialTimeout), + FallbackDelay: time.Duration(su.FallbackDelay), + } + su.resolver = &net.Resolver{ + PreferGo: true, + Dial: func(ctx context.Context, _, _ string) (net.Conn, error) { + //nolint:gosec + addr := su.Resolver.netAddrs[weakrand.Intn(len(su.Resolver.netAddrs))] + return d.DialContext(ctx, addr.Network, addr.JoinHostPort(0)) + }, + } + } + if su.resolver == nil { + su.resolver = net.DefaultResolver + } + + return nil +} + +func (su SRVUpstreams) GetUpstreams(r *http.Request) ([]*Upstream, error) { + suStr := su.String() + + // first, use a cheap read-lock to return a cached result quickly + srvsMu.RLock() + cached := srvs[suStr] + srvsMu.RUnlock() + if cached.isFresh() { + return cached.upstreams, nil + } + + // otherwise, obtain a write-lock to update the cached value + srvsMu.Lock() + defer srvsMu.Unlock() + + // check to see if it's still stale, since we're now in a different + // lock from when we first checked freshness; another goroutine might + // have refreshed it in the meantime before we re-obtained our lock + cached = srvs[suStr] + if cached.isFresh() { + return cached.upstreams, nil + } + + // prepare parameters and perform the SRV lookup + repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) + service := repl.ReplaceAll(su.Service, "") + proto := repl.ReplaceAll(su.Proto, "") + name := repl.ReplaceAll(su.Name, "") + + su.logger.Debug("refreshing SRV upstreams", + zap.String("service", service), + zap.String("proto", proto), + zap.String("name", name)) + + _, records, err := su.resolver.LookupSRV(r.Context(), service, proto, name) + if err != nil { + // From LookupSRV docs: "If the response contains invalid names, those records are filtered + // out and an error will be returned alongside the the remaining results, if any." Thus, we + // only return an error if no records were also returned. + if len(records) == 0 { + return nil, err + } + su.logger.Warn("SRV records filtered", zap.Error(err)) + } + + upstreams := make([]*Upstream, len(records)) + for i, rec := range records { + su.logger.Debug("discovered SRV record", + zap.String("target", rec.Target), + zap.Uint16("port", rec.Port), + zap.Uint16("priority", rec.Priority), + zap.Uint16("weight", rec.Weight)) + addr := net.JoinHostPort(rec.Target, strconv.Itoa(int(rec.Port))) + upstreams[i] = &Upstream{Dial: addr} + } + + // before adding a new one to the cache (as opposed to replacing stale one), make room if cache is full + if cached.freshness.IsZero() && len(srvs) >= 100 { + for randomKey := range srvs { + delete(srvs, randomKey) + break + } + } + + srvs[suStr] = srvLookup{ + srvUpstreams: su, + freshness: time.Now(), + upstreams: upstreams, + } + + return upstreams, nil +} + +type srvLookup struct { + srvUpstreams SRVUpstreams + freshness time.Time + upstreams []*Upstream +} + +func (sl srvLookup) isFresh() bool { + return time.Since(sl.freshness) < time.Duration(sl.srvUpstreams.Refresh) +} + +var ( + srvs = make(map[string]srvLookup) + srvsMu sync.RWMutex +) + +// AUpstreams provides upstreams from A/AAAA lookups. +// Results are cached and refreshed at the configured +// refresh interval. +type AUpstreams struct { + // The domain name to look up. + Name string `json:"name,omitempty"` + + // The port to use with the upstreams. Default: 80 + Port string `json:"port,omitempty"` + + // The interval at which to refresh the A lookup. + // Results are cached between lookups. Default: 1m + Refresh caddy.Duration `json:"refresh,omitempty"` + + // Configures the DNS resolver used to resolve the + // domain name to A records. + Resolver *UpstreamResolver `json:"resolver,omitempty"` + + // If Resolver is configured, how long to wait before + // timing out trying to connect to the DNS server. + DialTimeout caddy.Duration `json:"dial_timeout,omitempty"` + + // If Resolver is configured, how long to wait before + // spawning an RFC 6555 Fast Fallback connection. + // A negative value disables this. + FallbackDelay caddy.Duration `json:"dial_fallback_delay,omitempty"` + + resolver *net.Resolver +} + +// CaddyModule returns the Caddy module information. +func (AUpstreams) CaddyModule() caddy.ModuleInfo { + return caddy.ModuleInfo{ + ID: "http.reverse_proxy.upstreams.a", + New: func() caddy.Module { return new(AUpstreams) }, + } +} + +func (au AUpstreams) String() string { return au.Name } + +func (au *AUpstreams) Provision(_ caddy.Context) error { + if au.Refresh == 0 { + au.Refresh = caddy.Duration(time.Minute) + } + if au.Port == "" { + au.Port = "80" + } + + if au.Resolver != nil { + err := au.Resolver.ParseAddresses() + if err != nil { + return err + } + d := &net.Dialer{ + Timeout: time.Duration(au.DialTimeout), + FallbackDelay: time.Duration(au.FallbackDelay), + } + au.resolver = &net.Resolver{ + PreferGo: true, + Dial: func(ctx context.Context, _, _ string) (net.Conn, error) { + //nolint:gosec + addr := au.Resolver.netAddrs[weakrand.Intn(len(au.Resolver.netAddrs))] + return d.DialContext(ctx, addr.Network, addr.JoinHostPort(0)) + }, + } + } + if au.resolver == nil { + au.resolver = net.DefaultResolver + } + + return nil +} + +func (au AUpstreams) GetUpstreams(r *http.Request) ([]*Upstream, error) { + auStr := au.String() + + // first, use a cheap read-lock to return a cached result quickly + aAaaaMu.RLock() + cached := aAaaa[auStr] + aAaaaMu.RUnlock() + if cached.isFresh() { + return cached.upstreams, nil + } + + // otherwise, obtain a write-lock to update the cached value + aAaaaMu.Lock() + defer aAaaaMu.Unlock() + + // check to see if it's still stale, since we're now in a different + // lock from when we first checked freshness; another goroutine might + // have refreshed it in the meantime before we re-obtained our lock + cached = aAaaa[auStr] + if cached.isFresh() { + return cached.upstreams, nil + } + + repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) + name := repl.ReplaceAll(au.Name, "") + port := repl.ReplaceAll(au.Port, "") + + ips, err := au.resolver.LookupIPAddr(r.Context(), name) + if err != nil { + return nil, err + } + + upstreams := make([]*Upstream, len(ips)) + for i, ip := range ips { + upstreams[i] = &Upstream{ + Dial: net.JoinHostPort(ip.String(), port), + } + } + + // before adding a new one to the cache (as opposed to replacing stale one), make room if cache is full + if cached.freshness.IsZero() && len(srvs) >= 100 { + for randomKey := range aAaaa { + delete(aAaaa, randomKey) + break + } + } + + aAaaa[auStr] = aLookup{ + aUpstreams: au, + freshness: time.Now(), + upstreams: upstreams, + } + + return upstreams, nil +} + +type aLookup struct { + aUpstreams AUpstreams + freshness time.Time + upstreams []*Upstream +} + +func (al aLookup) isFresh() bool { + return time.Since(al.freshness) < time.Duration(al.aUpstreams.Refresh) +} + +// UpstreamResolver holds the set of addresses of DNS resolvers of +// upstream addresses +type UpstreamResolver struct { + // The addresses of DNS resolvers to use when looking up the addresses of proxy upstreams. + // It accepts [network addresses](/docs/conventions#network-addresses) + // with port range of only 1. If the host is an IP address, it will be dialed directly to resolve the upstream server. + // If the host is not an IP address, the addresses are resolved using the [name resolution convention](https://golang.org/pkg/net/#hdr-Name_Resolution) of the Go standard library. + // If the array contains more than 1 resolver address, one is chosen at random. + Addresses []string `json:"addresses,omitempty"` + netAddrs []caddy.NetworkAddress +} + +// ParseAddresses parses all the configured network addresses +// and ensures they're ready to be used. +func (u *UpstreamResolver) ParseAddresses() error { + for _, v := range u.Addresses { + addr, err := caddy.ParseNetworkAddress(v) + if err != nil { + return err + } + if addr.PortRangeSize() != 1 { + return fmt.Errorf("resolver address must have exactly one address; cannot call %v", addr) + } + u.netAddrs = append(u.netAddrs, addr) + } + return nil +} + +var ( + aAaaa = make(map[string]aLookup) + aAaaaMu sync.RWMutex +) + +// Interface guards +var ( + _ caddy.Provisioner = (*SRVUpstreams)(nil) + _ UpstreamSource = (*SRVUpstreams)(nil) + _ caddy.Provisioner = (*AUpstreams)(nil) + _ UpstreamSource = (*AUpstreams)(nil) +) From c8f2834b514f8bfb405c11be53d60a6cfc5228ca Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 7 Mar 2022 12:06:33 -0500 Subject: [PATCH 0590/1498] fastcgi: Protect against requests with null bytes in the path (#4614) --- modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go b/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go index 18d7e75b..28481337 100644 --- a/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go +++ b/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go @@ -110,6 +110,13 @@ func (t *Transport) Provision(ctx caddy.Context) error { // RoundTrip implements http.RoundTripper. func (t Transport) RoundTrip(r *http.Request) (*http.Response, error) { + // Disallow null bytes in the request path, because + // PHP upstreams may do bad things, like execute a + // non-PHP file as PHP code. See #4574 + if strings.Contains(r.URL.Path, "\x00") { + return nil, caddyhttp.Error(http.StatusBadRequest, fmt.Errorf("invalid request path")) + } + env, err := t.buildEnv(r) if err != nil { return nil, fmt.Errorf("building environment: %v", err) From d9b1d463259a6f8f520edd6659dac11218c82b4e Mon Sep 17 00:00:00 2001 From: Ran Chen Date: Wed, 9 Mar 2022 03:03:43 +0800 Subject: [PATCH 0591/1498] caddytls: dns_challenge_override_domain for challenge delegation (#4596) * Add a override_domain option to allow DNS chanllenge delegation CNAME can be used to delegate answering the chanllenge to another DNS zone. One usage is to reduce the exposure of the DNS credential [1]. Based on the discussion in caddy/certmagic#160, we are adding an option to allow the user explicitly specify the domain to delegate, instead of following the CNAME chain. This needs caddy/certmagic#160. * rename override_domain to dns_challenge_override_domain * Update CertMagic; fix spelling Co-authored-by: Matthew Holt --- caddyconfig/httpcaddyfile/builtins.go | 16 ++++++++++++++++ go.mod | 2 +- go.sum | 4 ++-- modules/caddytls/acmeissuer.go | 14 ++++++++++++++ modules/caddytls/automation.go | 5 +++++ 5 files changed, 38 insertions(+), 3 deletions(-) diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index 2606bf3a..e1430d0b 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -362,6 +362,22 @@ func parseTLS(h Helper) ([]ConfigValue, error) { } acmeIssuer.Challenges.DNS.Resolvers = args + case "dns_challenge_override_domain": + arg := h.RemainingArgs() + if len(arg) != 1 { + return nil, h.ArgErr() + } + if acmeIssuer == nil { + acmeIssuer = new(caddytls.ACMEIssuer) + } + if acmeIssuer.Challenges == nil { + acmeIssuer.Challenges = new(caddytls.ChallengesConfig) + } + if acmeIssuer.Challenges.DNS == nil { + acmeIssuer.Challenges.DNS = new(caddytls.DNSChallengeConfig) + } + acmeIssuer.Challenges.DNS.OverrideDomain = arg[0] + case "ca_root": arg := h.RemainingArgs() if len(arg) != 1 { diff --git a/go.mod b/go.mod index 9433f0fa..511d2a84 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/Masterminds/sprig/v3 v3.2.2 github.com/alecthomas/chroma v0.10.0 github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b - github.com/caddyserver/certmagic v0.15.4-0.20220217213750-797d29bcf32f + github.com/caddyserver/certmagic v0.15.4 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/fsnotify/fsnotify v1.5.1 // indirect github.com/go-chi/chi v4.1.2+incompatible diff --git a/go.sum b/go.sum index 20acd7b3..2107d539 100644 --- a/go.sum +++ b/go.sum @@ -189,8 +189,8 @@ github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= github.com/caarlos0/ctrlc v1.0.0/go.mod h1:CdXpj4rmq0q/1Eb44M9zi2nKB0QraNKuRGYGrrHhcQw= -github.com/caddyserver/certmagic v0.15.4-0.20220217213750-797d29bcf32f h1:sdjilRh0dxXpofiwDSFU7itmxuXetKB6xWd+lNRVq9s= -github.com/caddyserver/certmagic v0.15.4-0.20220217213750-797d29bcf32f/go.mod h1:qhkAOthf72ufAcp3Y5jF2RaGE96oip3UbEQRIzwe3/8= +github.com/caddyserver/certmagic v0.15.4 h1:kz//9+Z/xw197jtIBxxUDub8pQi9gcYvhXk5Ouw2EkM= +github.com/caddyserver/certmagic v0.15.4/go.mod h1:qhkAOthf72ufAcp3Y5jF2RaGE96oip3UbEQRIzwe3/8= github.com/campoy/unique v0.0.0-20180121183637-88950e537e7e/go.mod h1:9IOqJGCPMSc6E5ydlp5NIonxObaeu/Iub/X03EKPVYo= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= github.com/cavaliercoder/go-cpio v0.0.0-20180626203310-925f9528c45e/go.mod h1:oDpT4efm8tSYHXV5tHSdRvBet/b/QzxZ+XyyPehvm3A= diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go index 42cef021..48a961fa 100644 --- a/modules/caddytls/acmeissuer.go +++ b/modules/caddytls/acmeissuer.go @@ -144,6 +144,7 @@ func (iss *ACMEIssuer) Provision(ctx caddy.Context) error { TTL: time.Duration(iss.Challenges.DNS.TTL), PropagationTimeout: time.Duration(iss.Challenges.DNS.PropagationTimeout), Resolvers: iss.Challenges.DNS.Resolvers, + OverrideDomain: iss.Challenges.DNS.OverrideDomain, } } } @@ -417,6 +418,19 @@ func (iss *ACMEIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return d.ArgErr() } + case "dns_challenge_override_domain": + arg := d.RemainingArgs() + if len(arg) != 1 { + return d.ArgErr() + } + if iss.Challenges == nil { + iss.Challenges = new(ChallengesConfig) + } + if iss.Challenges.DNS == nil { + iss.Challenges.DNS = new(DNSChallengeConfig) + } + iss.Challenges.DNS.OverrideDomain = arg[0] + case "preferred_chains": chainPref, err := ParseCaddyfilePreferredChainsOptions(d) if err != nil { diff --git a/modules/caddytls/automation.go b/modules/caddytls/automation.go index 95b17723..eb97c82d 100644 --- a/modules/caddytls/automation.go +++ b/modules/caddytls/automation.go @@ -370,6 +370,11 @@ type DNSChallengeConfig struct { // Often necessary to configure when using split-horizon DNS. Resolvers []string `json:"resolvers,omitempty"` + // Override the domain to use for the DNS challenge. This + // is to delegate the challenge to a different domain, + // e.g. one that updates faster or one with a provider API. + OverrideDomain string `json:"override_domain,omitempty"` + solver acmez.Solver } From d0b608af3178bc674936f4b1c6cce00591ebbf09 Mon Sep 17 00:00:00 2001 From: Andrii Kushch Date: Tue, 8 Mar 2022 20:18:32 +0100 Subject: [PATCH 0592/1498] tracing: New OpenTelemetry module (#4361) * opentelemetry: create a new module * fix imports * fix test * Update modules/caddyhttp/opentelemetry/README.md Co-authored-by: Dave Henderson * Update modules/caddyhttp/opentelemetry/README.md Co-authored-by: Dave Henderson * Update modules/caddyhttp/opentelemetry/README.md Co-authored-by: Dave Henderson * Update modules/caddyhttp/opentelemetry/tracer.go Co-authored-by: Dave Henderson * rename error ErrUnsupportedTracesProtocol * replace spaces with tabs in the test data * Update modules/caddyhttp/opentelemetry/README.md Co-authored-by: Francis Lavoie * Update modules/caddyhttp/opentelemetry/README.md Co-authored-by: Francis Lavoie * replace spaces with tabs in the README.md * use default values for a propagation and exporter protocol * set http attributes with helper * simplify code * Cleanup modules/caddyhttp/opentelemetry/README.md Co-authored-by: Dave Henderson * Update link in README.md Co-authored-by: Dave Henderson * Update documentation in README.md Co-authored-by: Dave Henderson * Update link to naming spec in README.md Co-authored-by: Dave Henderson * Rename module from opentelemetry to tracing Co-authored-by: Dave Henderson * Rename span_name to span Co-authored-by: Dave Henderson * Rename span_name to span Co-authored-by: Dave Henderson * Simplify otel resource creation Co-authored-by: Dave Henderson * handle extra attributes Co-authored-by: Dave Henderson * update go.opentelemetry.io/otel/semconv to 1.7.0 Co-authored-by: Dave Henderson * update go.opentelemetry.io/otel version * remove environment variable handling * always use tracecontext,baggage as propagators * extract tracer name into variable * rename OpenTelemetry to Tracing * simplify resource creation * update go.mod * rename package from opentelemetry to tracing * cleanup tests * update Caddyfile example in README.md * update README.md * fix test * fix module name in README.md * fix module name in README.md * change names in README.md and tests * order imports * remove redundant tests * Update documentation README.md Co-authored-by: Dave Henderson * Fix grammar Co-authored-by: Dave Henderson * Update comments Co-authored-by: Dave Henderson * Update comments Co-authored-by: Dave Henderson * update go.sum * update go.sum * Add otelhttp instrumentation, update OpenTelemetry libraries. * Use otelhttp instrumentation for instrumenting HTTP requests. This change uses context.WithValue to inject the next handler into the request context via a "nextCall" carrier struct, and pass it on to a standard Go HTTP handler returned by otelhttp.NewHandler. The underlying handler will extract the next handler from the context, call it and pass the returned error to the carrier struct. * use zap.Error() for the error log * remove README.md * update dependencies * clean up the code * change comment * move serveHTTP method from separate file * add syntax to the UnmarshalCaddyfile comment * go import the file * admin: Write proper status on invalid requests (#4569) (fix #4561) * update dependencies Co-authored-by: Dave Henderson Co-authored-by: Francis Lavoie Co-authored-by: Vibhav Pant Co-authored-by: Alok Naushad Co-authored-by: Cedric Ziel --- caddyconfig/httpcaddyfile/directives.go | 2 + .../integration/caddyfile_adapt/tracing.txt | 36 ++++ go.mod | 4 + go.sum | 47 ++++- modules/caddyhttp/standard/imports.go | 1 + modules/caddyhttp/tracing/module.go | 121 ++++++++++++ modules/caddyhttp/tracing/module_test.go | 182 ++++++++++++++++++ modules/caddyhttp/tracing/tracer.go | 108 +++++++++++ modules/caddyhttp/tracing/tracer_test.go | 27 +++ modules/caddyhttp/tracing/tracerprovider.go | 63 ++++++ .../caddyhttp/tracing/tracerprovider_test.go | 43 +++++ 11 files changed, 632 insertions(+), 2 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/tracing.txt create mode 100644 modules/caddyhttp/tracing/module.go create mode 100644 modules/caddyhttp/tracing/module_test.go create mode 100644 modules/caddyhttp/tracing/tracer.go create mode 100644 modules/caddyhttp/tracing/tracer_test.go create mode 100644 modules/caddyhttp/tracing/tracerprovider.go create mode 100644 modules/caddyhttp/tracing/tracerprovider_test.go diff --git a/caddyconfig/httpcaddyfile/directives.go b/caddyconfig/httpcaddyfile/directives.go index feb8e91a..03e6753e 100644 --- a/caddyconfig/httpcaddyfile/directives.go +++ b/caddyconfig/httpcaddyfile/directives.go @@ -37,6 +37,8 @@ import ( // The header directive goes second so that headers // can be manipulated before doing redirects. var directiveOrder = []string{ + "tracing", + "map", "root", diff --git a/caddytest/integration/caddyfile_adapt/tracing.txt b/caddytest/integration/caddyfile_adapt/tracing.txt new file mode 100644 index 00000000..32286600 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/tracing.txt @@ -0,0 +1,36 @@ +:80 { + tracing /myhandler { + span my-span + } +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":80" + ], + "routes": [ + { + "match": [ + { + "path": [ + "/myhandler" + ] + } + ], + "handle": [ + { + "handler": "tracing", + "span": "my-span" + } + ] + } + ] + } + } + } + } +} \ No newline at end of file diff --git a/go.mod b/go.mod index 511d2a84..61e2360f 100644 --- a/go.mod +++ b/go.mod @@ -28,6 +28,10 @@ require ( github.com/tailscale/tscert v0.0.0-20220125204807-4509a5fbaf74 github.com/yuin/goldmark v1.4.4 github.com/yuin/goldmark-highlighting v0.0.0-20210516132338-9216f9c5aa01 + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.29.0 + go.opentelemetry.io/otel v1.4.0 + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.4.0 + go.opentelemetry.io/otel/sdk v1.4.0 go.uber.org/zap v1.20.0 golang.org/x/crypto v0.0.0-20210915214749-c084706c2272 golang.org/x/net v0.0.0-20210913180222-943fd674d43e diff --git a/go.sum b/go.sum index 2107d539..ff454d44 100644 --- a/go.sum +++ b/go.sum @@ -194,7 +194,10 @@ github.com/caddyserver/certmagic v0.15.4/go.mod h1:qhkAOthf72ufAcp3Y5jF2RaGE96oi github.com/campoy/unique v0.0.0-20180121183637-88950e537e7e/go.mod h1:9IOqJGCPMSc6E5ydlp5NIonxObaeu/Iub/X03EKPVYo= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= github.com/cavaliercoder/go-cpio v0.0.0-20180626203310-925f9528c45e/go.mod h1:oDpT4efm8tSYHXV5tHSdRvBet/b/QzxZ+XyyPehvm3A= +github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= +github.com/cenkalti/backoff/v4 v4.1.2 h1:6Yo7N8UP2K6LWZnW94DLVSSrbobcWdVzAYOisuDPIFo= +github.com/cenkalti/backoff/v4 v4.1.2/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= @@ -218,7 +221,11 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= +github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI= github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo= github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA= @@ -289,11 +296,14 @@ github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5y github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= +github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/envoyproxy/protoc-gen-validate v0.3.0-java/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/etcd-io/gofail v0.0.0-20190801230047-ad7f989257ca/go.mod h1:49H/RkXP8pKaZy4h0d+NW16rSLhyVBt4o6VLJbmOqDE= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= +github.com/felixge/httpsnoop v1.0.2 h1:+nS9g82KMXccJ/wp0zyRW9ZBHFETmMGtkk+2CTTrW4o= +github.com/felixge/httpsnoop v1.0.2/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= @@ -330,6 +340,10 @@ github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logfmt/logfmt v0.5.0 h1:TrB8swr/68K7m9CcGut2g3UOihhbcbiMAYiuTXdEih4= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= +github.com/go-logr/logr v1.2.2 h1:ahHml/yUpnlb96Rp8HCvtYVPY8ZYpxq3g7UYchIYwbs= +github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= +github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-piv/piv-go v1.7.0/go.mod h1:ON2WvQncm7dIkCQ7kYJs+nc3V4jHGfrrJnSF8HKy7Gk= github.com/go-redis/redis v6.15.9+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA= github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= @@ -412,8 +426,9 @@ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o= +github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ= github.com/google/go-github/v28 v28.1.1/go.mod h1:bsqJWQX05omyWVmc00nEUql9mhQyv38lDZ8kPZcQVoM= github.com/google/go-licenses v0.0.0-20210329231322-ce1d9163b77d/go.mod h1:+TYOmkVoJOpwnS0wfdsJCV9CoD5nJYsHoFk/0CrTK4M= @@ -489,6 +504,7 @@ github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t github.com/grpc-ecosystem/grpc-gateway v1.9.2/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.14.6/go.mod h1:zdiPV4Yse/1gnckTHtghG4GkDEdKCRJduHpTxT3/jcw= +github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE= @@ -1001,17 +1017,39 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.22.6/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.23.0 h1:gqCw0LfLxScz8irSi8exQc7fyQ0fKQU/qnC/X8+V/1M= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= +go.opentelemetry.io/contrib v0.20.0 h1:ubFQUn0VCZ0gPwIoJfBJVpeBlyRMxu8Mm/huKWYd9p0= go.opentelemetry.io/contrib v0.20.0/go.mod h1:G/EtFaa6qaN7+LxqfIAT3GiZa7Wv5DTBUzl5H4LY0Kc= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.20.0/go.mod h1:oVGt1LRbBOBq1A5BQLlUg9UaU/54aiHw8cgjV3aWZ/E= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.29.0 h1:SLme4Porm+UwX0DdHMxlwRt7FzPSE0sys81bet2o0pU= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.29.0/go.mod h1:tLYsuf2v8fZreBVwp9gVMhefZlLFZaUiNVSq8QxXRII= go.opentelemetry.io/otel v0.20.0/go.mod h1:Y3ugLH2oa81t5QO+Lty+zXf8zC9L26ax4Nzoxm/dooo= +go.opentelemetry.io/otel v1.4.0 h1:7ESuKPq6zpjRaY5nvVDGiuwK7VAJ8MwkKnmNJ9whNZ4= +go.opentelemetry.io/otel v1.4.0/go.mod h1:jeAqMFKy2uLIxCtKxoFj0FAL5zAPKQagc3+GtBWakzk= +go.opentelemetry.io/otel/exporters/otlp v0.20.0 h1:PTNgq9MRmQqqJY0REVbZFvwkYOA85vbdQU/nVfxDyqg= go.opentelemetry.io/otel/exporters/otlp v0.20.0/go.mod h1:YIieizyaN77rtLJra0buKiNBOm9XQfkPEKBeuhoMwAM= +go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.4.0 h1:j7AwzDdAQBJjcqayAaYbvpYeZzII7cEe5qJTu+De6UY= +go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.4.0/go.mod h1:VpP4/RMn8bv8gNo9uK7/IMY4mtWLELsS+JIP0inH0h4= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.4.0 h1:lRpP10E8oTGVmY1nVXcwelCT1Z8ca41/l5ce7AqLAss= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.4.0/go.mod h1:3oS+j2WUoJVyj6/BzQN/52G17lNJDulngsOxDm1w2PY= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.4.0 h1:buSx4AMC/0Z232slPhicN/fU5KIlj0bMngct5pcZhkI= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.4.0/go.mod h1:ew1NcwkHo0QFT3uTm3m2IVZMkZdVIpbOYNPasgWwpdk= +go.opentelemetry.io/otel/internal/metric v0.27.0 h1:9dAVGAfFiiEq5NVB9FUJ5et+btbDQAUIJehJ+ikyryk= +go.opentelemetry.io/otel/internal/metric v0.27.0/go.mod h1:n1CVxRqKqYZtqyTh9U/onvKapPGv7y/rpyOTI+LFNzw= go.opentelemetry.io/otel/metric v0.20.0/go.mod h1:598I5tYlH1vzBjn+BTuhzTCSb/9debfNp6R3s7Pr1eU= +go.opentelemetry.io/otel/metric v0.27.0 h1:HhJPsGhJoKRSegPQILFbODU56NS/L1UE4fS1sC5kIwQ= +go.opentelemetry.io/otel/metric v0.27.0/go.mod h1:raXDJ7uP2/Jc0nVZWQjJtzoyssOYWu/+pjZqRzfvZ7g= go.opentelemetry.io/otel/oteltest v0.20.0/go.mod h1:L7bgKf9ZB7qCwT9Up7i9/pn0PWIa9FqQ2IQ8LoxiGnw= go.opentelemetry.io/otel/sdk v0.20.0/go.mod h1:g/IcepuwNsoiX5Byy2nNV0ySUF1em498m7hBWC279Yc= +go.opentelemetry.io/otel/sdk v1.4.0 h1:LJE4SW3jd4lQTESnlpQZcBhQ3oci0U2MLR5uhicfTHQ= +go.opentelemetry.io/otel/sdk v1.4.0/go.mod h1:71GJPNJh4Qju6zJuYl1CrYtXbrgfau/M9UAggqiy1UE= go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi+bJK+Dr8NQCh0qGhm1KDnNlE= go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE= go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw= +go.opentelemetry.io/otel/trace v1.4.0 h1:4OOUrPZdVFQkbzl/JSdvGCWIdw5ONXXxzHlaLlWppmo= +go.opentelemetry.io/otel/trace v1.4.0/go.mod h1:uc3eRsqDfWs9R7b92xbQbU42/eTNz4N+gLP8qJCi4aE= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= +go.opentelemetry.io/proto/otlp v0.12.0 h1:CMJ/3Wp7iOWES+CYLfnBv+DVmPbB+kmy9PJ92XvlR6c= +go.opentelemetry.io/proto/otlp v0.12.0/go.mod h1:TsIjwGWIx5VFYv9KGVlOpxoBl5Dy+63SUguV7GGvlSQ= go.step.sm/cli-utils v0.7.0 h1:2GvY5Muid1yzp7YQbfCCS+gK3q7zlHjjLL5Z0DXz8ds= go.step.sm/cli-utils v0.7.0/go.mod h1:Ur6bqA/yl636kCUJbp30J7Unv5JJ226eW2KqXPDwF/E= go.step.sm/crypto v0.9.0/go.mod h1:+CYG05Mek1YDqi5WK0ERc6cOpKly2i/a5aZmU1sfGj0= @@ -1026,8 +1064,9 @@ go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= -go.uber.org/goleak v1.1.11 h1:wy28qYRKZgnJTxGxvye5/wgWr1EKjmUDGYox5mGlRlI= go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= +go.uber.org/goleak v1.1.12 h1:gZAh5/EyT/HQwlpkCy6wTpqfH9H8Lz8zbm3dZh+OyzA= +go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU= @@ -1279,6 +1318,7 @@ golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210412220455-f1c623a9e750/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210503080704-8803ae5d1324/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -1557,6 +1597,9 @@ google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnD google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.40.0 h1:AGJ0Ih4mHjSeibYkFGh1dD9KJ/eOtZ93I6hoHhukQ5Q= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= +google.golang.org/grpc v1.43.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= +google.golang.org/grpc v1.44.0 h1:weqSxi/TMs1SqFRMHCtBgXRs8k3X39QIDEZ0pRcttUg= +google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= diff --git a/modules/caddyhttp/standard/imports.go b/modules/caddyhttp/standard/imports.go index 0e2203c1..8ce23957 100644 --- a/modules/caddyhttp/standard/imports.go +++ b/modules/caddyhttp/standard/imports.go @@ -17,4 +17,5 @@ import ( _ "github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy/fastcgi" _ "github.com/caddyserver/caddy/v2/modules/caddyhttp/rewrite" _ "github.com/caddyserver/caddy/v2/modules/caddyhttp/templates" + _ "github.com/caddyserver/caddy/v2/modules/caddyhttp/tracing" ) diff --git a/modules/caddyhttp/tracing/module.go b/modules/caddyhttp/tracing/module.go new file mode 100644 index 00000000..7cce6692 --- /dev/null +++ b/modules/caddyhttp/tracing/module.go @@ -0,0 +1,121 @@ +package tracing + +import ( + "fmt" + "net/http" + + "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" + "github.com/caddyserver/caddy/v2/caddyconfig/httpcaddyfile" + "github.com/caddyserver/caddy/v2/modules/caddyhttp" + "go.uber.org/zap" +) + +func init() { + caddy.RegisterModule(Tracing{}) + httpcaddyfile.RegisterHandlerDirective("tracing", parseCaddyfile) +} + +// Tracing implements an HTTP handler that adds support for distributed tracing, +// using OpenTelemetry. This module is responsible for the injection and +// propagation of the trace context. Configure this module via environment +// variables (see https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/sdk-environment-variables.md). +// Some values can be overwritten in the configuration file. +type Tracing struct { + // SpanName is a span name. It should follow the naming guidelines here: + // https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/trace/api.md#span + SpanName string `json:"span"` + + // otel implements opentelemetry related logic. + otel openTelemetryWrapper + + logger *zap.Logger +} + +// CaddyModule returns the Caddy module information. +func (Tracing) CaddyModule() caddy.ModuleInfo { + return caddy.ModuleInfo{ + ID: "http.handlers.tracing", + New: func() caddy.Module { return new(Tracing) }, + } +} + +// Provision implements caddy.Provisioner. +func (ot *Tracing) Provision(ctx caddy.Context) error { + ot.logger = ctx.Logger(ot) + + var err error + ot.otel, err = newOpenTelemetryWrapper(ctx, ot.SpanName) + + return err +} + +// Cleanup implements caddy.CleanerUpper and closes any idle connections. It +// calls Shutdown method for a trace provider https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/trace/sdk.md#shutdown. +func (ot *Tracing) Cleanup() error { + if err := ot.otel.cleanup(ot.logger); err != nil { + return fmt.Errorf("tracerProvider shutdown: %w", err) + } + return nil +} + +// ServeHTTP implements caddyhttp.MiddlewareHandler. +func (ot *Tracing) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhttp.Handler) error { + return ot.otel.ServeHTTP(w, r, next) +} + +// UnmarshalCaddyfile sets up the module from Caddyfile tokens. Syntax: +// +// tracing { +// [span ] +// } +// +func (ot *Tracing) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + setParameter := func(d *caddyfile.Dispenser, val *string) error { + if d.NextArg() { + *val = d.Val() + } else { + return d.ArgErr() + } + if d.NextArg() { + return d.ArgErr() + } + return nil + } + + // paramsMap is a mapping between "string" parameter from the Caddyfile and its destination within the module + paramsMap := map[string]*string{ + "span": &ot.SpanName, + } + + for d.Next() { + args := d.RemainingArgs() + if len(args) > 0 { + return d.ArgErr() + } + + for d.NextBlock(0) { + if dst, ok := paramsMap[d.Val()]; ok { + if err := setParameter(d, dst); err != nil { + return err + } + } else { + return d.ArgErr() + } + } + } + return nil +} + +func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) { + var m Tracing + err := m.UnmarshalCaddyfile(h.Dispenser) + return &m, err +} + +// Interface guards +var ( + _ caddy.Provisioner = (*Tracing)(nil) + _ caddyhttp.MiddlewareHandler = (*Tracing)(nil) + _ caddyfile.Unmarshaler = (*Tracing)(nil) +) diff --git a/modules/caddyhttp/tracing/module_test.go b/modules/caddyhttp/tracing/module_test.go new file mode 100644 index 00000000..0fbc05bb --- /dev/null +++ b/modules/caddyhttp/tracing/module_test.go @@ -0,0 +1,182 @@ +package tracing + +import ( + "context" + "errors" + "net/http" + "net/http/httptest" + "strings" + "testing" + + "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" + "github.com/caddyserver/caddy/v2/modules/caddyhttp" +) + +func TestTracing_UnmarshalCaddyfile(t *testing.T) { + tests := []struct { + name string + spanName string + d *caddyfile.Dispenser + wantErr bool + }{ + { + name: "Full config", + spanName: "my-span", + d: caddyfile.NewTestDispenser(` +tracing { + span my-span +}`), + wantErr: false, + }, + { + name: "Only span name in the config", + spanName: "my-span", + d: caddyfile.NewTestDispenser(` +tracing { + span my-span +}`), + wantErr: false, + }, + { + name: "Empty config", + d: caddyfile.NewTestDispenser(` +tracing { +}`), + wantErr: false, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + ot := &Tracing{} + if err := ot.UnmarshalCaddyfile(tt.d); (err != nil) != tt.wantErr { + t.Errorf("UnmarshalCaddyfile() error = %v, wantErrType %v", err, tt.wantErr) + } + + if ot.SpanName != tt.spanName { + t.Errorf("UnmarshalCaddyfile() SpanName = %v, want SpanName %v", ot.SpanName, tt.spanName) + } + }) + } +} + +func TestTracing_UnmarshalCaddyfile_Error(t *testing.T) { + tests := []struct { + name string + d *caddyfile.Dispenser + wantErr bool + }{ + { + name: "Unknown parameter", + d: caddyfile.NewTestDispenser(` + tracing { + foo bar + }`), + wantErr: true, + }, + { + name: "Missed argument", + d: caddyfile.NewTestDispenser(` +tracing { + span +}`), + wantErr: true, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + ot := &Tracing{} + if err := ot.UnmarshalCaddyfile(tt.d); (err != nil) != tt.wantErr { + t.Errorf("UnmarshalCaddyfile() error = %v, wantErrType %v", err, tt.wantErr) + } + }) + } +} + +func TestTracing_ServeHTTP_Propagation_Without_Initial_Headers(t *testing.T) { + ot := &Tracing{ + SpanName: "mySpan", + } + + req := httptest.NewRequest("GET", "https://example.com/foo", nil) + w := httptest.NewRecorder() + + var handler caddyhttp.HandlerFunc = func(writer http.ResponseWriter, request *http.Request) error { + traceparent := request.Header.Get("Traceparent") + if traceparent == "" || strings.HasPrefix(traceparent, "00-00000000000000000000000000000000-0000000000000000") { + t.Errorf("Invalid traceparent: %v", traceparent) + } + + return nil + } + + ctx, cancel := caddy.NewContext(caddy.Context{Context: context.Background()}) + defer cancel() + + if err := ot.Provision(ctx); err != nil { + t.Errorf("Provision error: %v", err) + t.FailNow() + } + + if err := ot.ServeHTTP(w, req, handler); err != nil { + t.Errorf("ServeHTTP error: %v", err) + } +} + +func TestTracing_ServeHTTP_Propagation_With_Initial_Headers(t *testing.T) { + ot := &Tracing{ + SpanName: "mySpan", + } + + req := httptest.NewRequest("GET", "https://example.com/foo", nil) + req.Header.Set("traceparent", "00-11111111111111111111111111111111-1111111111111111-01") + w := httptest.NewRecorder() + + var handler caddyhttp.HandlerFunc = func(writer http.ResponseWriter, request *http.Request) error { + traceparent := request.Header.Get("Traceparent") + if !strings.HasPrefix(traceparent, "00-11111111111111111111111111111111") { + t.Errorf("Invalid traceparent: %v", traceparent) + } + + return nil + } + + ctx, cancel := caddy.NewContext(caddy.Context{Context: context.Background()}) + defer cancel() + + if err := ot.Provision(ctx); err != nil { + t.Errorf("Provision error: %v", err) + t.FailNow() + } + + if err := ot.ServeHTTP(w, req, handler); err != nil { + t.Errorf("ServeHTTP error: %v", err) + } +} + +func TestTracing_ServeHTTP_Next_Error(t *testing.T) { + ot := &Tracing{ + SpanName: "mySpan", + } + + req := httptest.NewRequest("GET", "https://example.com/foo", nil) + w := httptest.NewRecorder() + + expectErr := errors.New("test error") + + var handler caddyhttp.HandlerFunc = func(writer http.ResponseWriter, request *http.Request) error { + return expectErr + } + + ctx, cancel := caddy.NewContext(caddy.Context{Context: context.Background()}) + defer cancel() + + if err := ot.Provision(ctx); err != nil { + t.Errorf("Provision error: %v", err) + t.FailNow() + } + + if err := ot.ServeHTTP(w, req, handler); err == nil || !errors.Is(err, expectErr) { + t.Errorf("expected error, got: %v", err) + } +} diff --git a/modules/caddyhttp/tracing/tracer.go b/modules/caddyhttp/tracing/tracer.go new file mode 100644 index 00000000..ce23944c --- /dev/null +++ b/modules/caddyhttp/tracing/tracer.go @@ -0,0 +1,108 @@ +package tracing + +import ( + "context" + "fmt" + "net/http" + + "github.com/caddyserver/caddy/v2" + + caddycmd "github.com/caddyserver/caddy/v2/cmd" + "github.com/caddyserver/caddy/v2/modules/caddyhttp" + "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp" + "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc" + "go.opentelemetry.io/otel/propagation" + "go.opentelemetry.io/otel/sdk/resource" + sdktrace "go.opentelemetry.io/otel/sdk/trace" + semconv "go.opentelemetry.io/otel/semconv/v1.7.0" + "go.uber.org/zap" +) + +const ( + webEngineName = "Caddy" + defaultSpanName = "handler" + nextCallCtxKey caddy.CtxKey = "nextCall" +) + +// nextCall store the next handler, and the error value return on calling it (if any) +type nextCall struct { + next caddyhttp.Handler + err error +} + +// openTelemetryWrapper is responsible for the tracing injection, extraction and propagation. +type openTelemetryWrapper struct { + propagators propagation.TextMapPropagator + + handler http.Handler + + spanName string +} + +// newOpenTelemetryWrapper is responsible for the openTelemetryWrapper initialization using provided configuration. +func newOpenTelemetryWrapper( + ctx context.Context, + spanName string, +) (openTelemetryWrapper, error) { + if spanName == "" { + spanName = defaultSpanName + } + + ot := openTelemetryWrapper{ + spanName: spanName, + } + + res, err := ot.newResource(webEngineName, caddycmd.CaddyVersion()) + if err != nil { + return ot, fmt.Errorf("creating resource error: %w", err) + } + + traceExporter, err := otlptracegrpc.New(ctx) + if err != nil { + return ot, fmt.Errorf("creating trace exporter error: %w", err) + } + + ot.propagators = propagation.NewCompositeTextMapPropagator(propagation.TraceContext{}, propagation.Baggage{}) + + tracerProvider := globalTracerProvider.getTracerProvider( + sdktrace.WithBatcher(traceExporter), + sdktrace.WithResource(res), + ) + + ot.handler = otelhttp.NewHandler(http.HandlerFunc(ot.serveHTTP), ot.spanName, otelhttp.WithTracerProvider(tracerProvider), otelhttp.WithPropagators(ot.propagators)) + return ot, nil +} + +// serveHTTP injects a tracing context and call the next handler. +func (ot *openTelemetryWrapper) serveHTTP(w http.ResponseWriter, r *http.Request) { + ot.propagators.Inject(r.Context(), propagation.HeaderCarrier(r.Header)) + next := r.Context().Value(nextCallCtxKey).(*nextCall) + next.err = next.next.ServeHTTP(w, r) +} + +// ServeHTTP propagates call to the by wrapped by `otelhttp` next handler. +func (ot *openTelemetryWrapper) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhttp.Handler) error { + n := &nextCall{ + next: next, + err: nil, + } + ot.handler.ServeHTTP(w, r.WithContext(context.WithValue(r.Context(), nextCallCtxKey, n))) + + return n.err +} + +// cleanup flush all remaining data and shutdown a tracerProvider +func (ot *openTelemetryWrapper) cleanup(logger *zap.Logger) error { + return globalTracerProvider.cleanupTracerProvider(logger) +} + +// newResource creates a resource that describe current handler instance and merge it with a default attributes value. +func (ot *openTelemetryWrapper) newResource( + webEngineName, + webEngineVersion string, +) (*resource.Resource, error) { + return resource.Merge(resource.Default(), resource.NewSchemaless( + semconv.WebEngineNameKey.String(webEngineName), + semconv.WebEngineVersionKey.String(webEngineVersion), + )) +} diff --git a/modules/caddyhttp/tracing/tracer_test.go b/modules/caddyhttp/tracing/tracer_test.go new file mode 100644 index 00000000..36a32ff4 --- /dev/null +++ b/modules/caddyhttp/tracing/tracer_test.go @@ -0,0 +1,27 @@ +package tracing + +import ( + "context" + "testing" + + "github.com/caddyserver/caddy/v2" +) + +func TestOpenTelemetryWrapper_newOpenTelemetryWrapper(t *testing.T) { + ctx, cancel := caddy.NewContext(caddy.Context{Context: context.Background()}) + defer cancel() + + var otw openTelemetryWrapper + var err error + + if otw, err = newOpenTelemetryWrapper(ctx, + "", + ); err != nil { + t.Errorf("newOpenTelemetryWrapper() error = %v", err) + t.FailNow() + } + + if otw.propagators == nil { + t.Errorf("Propagators should not be empty") + } +} diff --git a/modules/caddyhttp/tracing/tracerprovider.go b/modules/caddyhttp/tracing/tracerprovider.go new file mode 100644 index 00000000..035425ed --- /dev/null +++ b/modules/caddyhttp/tracing/tracerprovider.go @@ -0,0 +1,63 @@ +package tracing + +import ( + "context" + "fmt" + "sync" + + sdktrace "go.opentelemetry.io/otel/sdk/trace" + "go.uber.org/zap" +) + +// globalTracerProvider stores global tracer provider and is responsible for graceful shutdown when nobody is using it. +var globalTracerProvider = &tracerProvider{} + +type tracerProvider struct { + mu sync.Mutex + tracerProvider *sdktrace.TracerProvider + tracerProvidersCounter int +} + +// getTracerProvider create or return an existing global TracerProvider +func (t *tracerProvider) getTracerProvider(opts ...sdktrace.TracerProviderOption) *sdktrace.TracerProvider { + t.mu.Lock() + defer t.mu.Unlock() + + t.tracerProvidersCounter++ + + if t.tracerProvider == nil { + t.tracerProvider = sdktrace.NewTracerProvider( + opts..., + ) + } + + return t.tracerProvider +} + +// cleanupTracerProvider gracefully shutdown a TracerProvider +func (t *tracerProvider) cleanupTracerProvider(logger *zap.Logger) error { + t.mu.Lock() + defer t.mu.Unlock() + + if t.tracerProvidersCounter > 0 { + t.tracerProvidersCounter-- + } + + if t.tracerProvidersCounter == 0 { + if t.tracerProvider != nil { + // tracerProvider.ForceFlush SHOULD be invoked according to https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/trace/sdk.md#forceflush + if err := t.tracerProvider.ForceFlush(context.Background()); err != nil { + logger.Error("forcing flush", zap.Error(err)) + } + + // tracerProvider.Shutdown MUST be invoked according to https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/trace/sdk.md#shutdown + if err := t.tracerProvider.Shutdown(context.Background()); err != nil { + return fmt.Errorf("tracerProvider shutdown error: %w", err) + } + } + + t.tracerProvider = nil + } + + return nil +} diff --git a/modules/caddyhttp/tracing/tracerprovider_test.go b/modules/caddyhttp/tracing/tracerprovider_test.go new file mode 100644 index 00000000..cb2e5936 --- /dev/null +++ b/modules/caddyhttp/tracing/tracerprovider_test.go @@ -0,0 +1,43 @@ +package tracing + +import ( + "testing" + + "go.uber.org/zap" +) + +func Test_tracersProvider_getTracerProvider(t *testing.T) { + tp := tracerProvider{} + + tp.getTracerProvider() + tp.getTracerProvider() + + if tp.tracerProvider == nil { + t.Errorf("There should be tracer provider") + } + + if tp.tracerProvidersCounter != 2 { + t.Errorf("Tracer providers counter should equal to 2") + } +} + +func Test_tracersProvider_cleanupTracerProvider(t *testing.T) { + tp := tracerProvider{} + + tp.getTracerProvider() + tp.getTracerProvider() + + err := tp.cleanupTracerProvider(zap.NewNop()) + + if err != nil { + t.Errorf("There should be no error: %v", err) + } + + if tp.tracerProvider == nil { + t.Errorf("There should be tracer provider") + } + + if tp.tracerProvidersCounter != 1 { + t.Errorf("Tracer providers counter should equal to 1") + } +} From c7d6c4cbb951f7db87fc5aebf8382aeeca6c9f1d Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 9 Mar 2022 13:00:51 -0500 Subject: [PATCH 0593/1498] reverseproxy: copy_response and copy_response_headers for handle_response routes (#4391) * reverseproxy: New `copy_response` handler for `handle_response` routes Followup to #4298 and #4388. This adds a new `copy_response` handler which may only be used in `reverse_proxy`'s `handle_response` routes, which can be used to actually copy the proxy response downstream. Previously, if `handle_response` was used (with routes, not the status code mode), it was impossible to use the upstream's response body at all, because we would always close the body, expecting the routes to write a new body from scratch. To implement this, I had to refactor `h.reverseProxy()` to move all the code that came after the `HandleResponse` loop into a new function. This new function `h.finalizeResponse()` takes care of preparing the response by removing extra headers, dealing with trailers, then copying the headers and body downstream. Since basically what we want `copy_response` to do is invoke `h.finalizeResponse()` at a configurable point in time, we need to pass down the proxy handler, the response, and some other state via a new `req.WithContext(ctx)`. Wrapping a new context is pretty much the only way we have to jump a few layers in the HTTP middleware chain and let a handler pick up this information. Feels a bit dirty, but it works. Also fixed a bug with the `http.reverse_proxy.upstream.duration` placeholder, it always had the same duration as `http.reverse_proxy.upstream.latency`, but the former was meant to be the time taken for the roundtrip _plus_ copying/writing the response. * Delete the "Content-Length" header if we aren't copying Fixes a bug where the Content-Length will mismatch the actual bytes written if we skipped copying the response, so we get a message like this when using curl: ``` curl: (18) transfer closed with 18 bytes remaining to read ``` To replicate: ``` { admin off debug } :8881 { reverse_proxy 127.0.0.1:8882 { @200 status 200 handle_response @200 { header Foo bar } } } :8882 { header Content-Type application/json respond `{"hello": "world"}` 200 } ``` * Implement `copy_response_headers`, with include/exclude list support * Apply suggestions from code review Co-authored-by: Matt Holt --- caddyconfig/httpcaddyfile/directives.go | 2 + .../reverse_proxy_handle_response.txt | 65 ++++++ modules/caddyhttp/reverseproxy/caddyfile.go | 80 ++++++++ .../caddyhttp/reverseproxy/copyresponse.go | 190 ++++++++++++++++++ .../caddyhttp/reverseproxy/reverseproxy.go | 89 +++++++- 5 files changed, 420 insertions(+), 6 deletions(-) create mode 100644 modules/caddyhttp/reverseproxy/copyresponse.go diff --git a/caddyconfig/httpcaddyfile/directives.go b/caddyconfig/httpcaddyfile/directives.go index 03e6753e..b0d78158 100644 --- a/caddyconfig/httpcaddyfile/directives.go +++ b/caddyconfig/httpcaddyfile/directives.go @@ -43,6 +43,7 @@ var directiveOrder = []string{ "root", "header", + "copy_response_headers", "request_body", "redir", @@ -68,6 +69,7 @@ var directiveOrder = []string{ // handlers that typically respond to requests "abort", "error", + "copy_response", "respond", "metrics", "reverse_proxy", diff --git a/caddytest/integration/caddyfile_adapt/reverse_proxy_handle_response.txt b/caddytest/integration/caddyfile_adapt/reverse_proxy_handle_response.txt index 88ecbc21..1b6162dc 100644 --- a/caddytest/integration/caddyfile_adapt/reverse_proxy_handle_response.txt +++ b/caddytest/integration/caddyfile_adapt/reverse_proxy_handle_response.txt @@ -41,6 +41,20 @@ reverse_proxy 127.0.0.1:65535 { handle_response @multi { respond "Headers Foo, Bar AND statuses 401, 403 and 404!" } + + @200 status 200 + handle_response @200 { + copy_response_headers { + include Foo Bar + } + respond "Copied headers from the response" + } + + @201 status 201 + handle_response @201 { + header Foo "Copying the response" + copy_response 404 + } } ---------- { @@ -163,6 +177,57 @@ reverse_proxy 127.0.0.1:65535 { } ] }, + { + "match": { + "status_code": [ + 200 + ] + }, + "routes": [ + { + "handle": [ + { + "handler": "copy_response_headers", + "include": [ + "Foo", + "Bar" + ] + }, + { + "body": "Copied headers from the response", + "handler": "static_response" + } + ] + } + ] + }, + { + "match": { + "status_code": [ + 201 + ] + }, + "routes": [ + { + "handle": [ + { + "handler": "headers", + "response": { + "set": { + "Foo": [ + "Copying the response" + ] + } + } + }, + { + "handler": "copy_response", + "status_code": 404 + } + ] + } + ] + }, { "routes": [ { diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index f4b16369..cab0a71c 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -33,6 +33,8 @@ import ( func init() { httpcaddyfile.RegisterHandlerDirective("reverse_proxy", parseCaddyfile) + httpcaddyfile.RegisterHandlerDirective("copy_response", parseCopyResponseCaddyfile) + httpcaddyfile.RegisterHandlerDirective("copy_response_headers", parseCopyResponseHeadersCaddyfile) } func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) { @@ -1019,6 +1021,84 @@ func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return nil } +func parseCopyResponseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) { + crh := new(CopyResponseHandler) + err := crh.UnmarshalCaddyfile(h.Dispenser) + if err != nil { + return nil, err + } + return crh, nil +} + +// UnmarshalCaddyfile sets up the handler from Caddyfile tokens. Syntax: +// +// copy_response [] [] { +// status +// } +// +func (h *CopyResponseHandler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + for d.Next() { + args := d.RemainingArgs() + if len(args) == 1 { + if num, err := strconv.Atoi(args[0]); err == nil && num > 0 { + h.StatusCode = caddyhttp.WeakString(args[0]) + break + } + } + + for d.NextBlock(0) { + switch d.Val() { + case "status": + if !d.NextArg() { + return d.ArgErr() + } + h.StatusCode = caddyhttp.WeakString(d.Val()) + default: + return d.Errf("unrecognized subdirective '%s'", d.Val()) + } + } + } + return nil +} + +func parseCopyResponseHeadersCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) { + crh := new(CopyResponseHeadersHandler) + err := crh.UnmarshalCaddyfile(h.Dispenser) + if err != nil { + return nil, err + } + return crh, nil +} + +// UnmarshalCaddyfile sets up the handler from Caddyfile tokens. Syntax: +// +// copy_response_headers [] { +// exclude +// } +// +func (h *CopyResponseHeadersHandler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + for d.Next() { + args := d.RemainingArgs() + if len(args) > 0 { + return d.ArgErr() + } + + for d.NextBlock(0) { + switch d.Val() { + case "include": + h.Include = append(h.Include, d.RemainingArgs()...) + + case "exclude": + h.Exclude = append(h.Exclude, d.RemainingArgs()...) + + default: + return d.Errf("unrecognized subdirective '%s'", d.Val()) + } + } + } + return nil +} + // UnmarshalCaddyfile deserializes Caddyfile tokens into h. // // dynamic srv [] { diff --git a/modules/caddyhttp/reverseproxy/copyresponse.go b/modules/caddyhttp/reverseproxy/copyresponse.go new file mode 100644 index 00000000..174ffa78 --- /dev/null +++ b/modules/caddyhttp/reverseproxy/copyresponse.go @@ -0,0 +1,190 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package reverseproxy + +import ( + "fmt" + "net/http" + "strconv" + + "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" + "github.com/caddyserver/caddy/v2/modules/caddyhttp" +) + +func init() { + caddy.RegisterModule(CopyResponseHandler{}) + caddy.RegisterModule(CopyResponseHeadersHandler{}) +} + +// CopyResponseHandler is a special HTTP handler which may +// only be used within reverse_proxy's handle_response routes, +// to copy the proxy response. EXPERIMENTAL, subject to change. +type CopyResponseHandler struct { + // To write the upstream response's body but with a different + // status code, set this field to the desired status code. + StatusCode caddyhttp.WeakString `json:"status_code,omitempty"` + + ctx caddy.Context +} + +// CaddyModule returns the Caddy module information. +func (CopyResponseHandler) CaddyModule() caddy.ModuleInfo { + return caddy.ModuleInfo{ + ID: "http.handlers.copy_response", + New: func() caddy.Module { return new(CopyResponseHandler) }, + } +} + +// Provision ensures that h is set up properly before use. +func (h *CopyResponseHandler) Provision(ctx caddy.Context) error { + h.ctx = ctx + return nil +} + +// ServeHTTP implements the Handler interface. +func (h CopyResponseHandler) ServeHTTP(rw http.ResponseWriter, req *http.Request, _ caddyhttp.Handler) error { + repl := req.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) + hrc, ok := req.Context().Value(proxyHandleResponseContextCtxKey).(*handleResponseContext) + + // don't allow this to be used outside of handle_response routes + if !ok { + return caddyhttp.Error(http.StatusInternalServerError, + fmt.Errorf("cannot use 'copy_response' outside of reverse_proxy's handle_response routes")) + } + + // allow a custom status code to be written; otherwise the + // status code from the upstream resposne is written + if codeStr := h.StatusCode.String(); codeStr != "" { + intVal, err := strconv.Atoi(repl.ReplaceAll(codeStr, "")) + if err != nil { + return caddyhttp.Error(http.StatusInternalServerError, err) + } + hrc.response.StatusCode = intVal + } + + // make sure the reverse_proxy handler doesn't try to call + // finalizeResponse again after we've already done it here. + hrc.isFinalized = true + + // write the response + return hrc.handler.finalizeResponse(rw, req, hrc.response, repl, hrc.start, hrc.logger, false) +} + +// CopyResponseHeadersHandler is a special HTTP handler which may +// only be used within reverse_proxy's handle_response routes, +// to copy headers from the proxy response. EXPERIMENTAL; +// subject to change. +type CopyResponseHeadersHandler struct { + // A list of header fields to copy from the response. + // Cannot be defined at the same time as Exclude. + Include []string `json:"include,omitempty"` + + // A list of header fields to skip copying from the response. + // Cannot be defined at the same time as Include. + Exclude []string `json:"exclude,omitempty"` + + includeMap map[string]struct{} + excludeMap map[string]struct{} + ctx caddy.Context +} + +// CaddyModule returns the Caddy module information. +func (CopyResponseHeadersHandler) CaddyModule() caddy.ModuleInfo { + return caddy.ModuleInfo{ + ID: "http.handlers.copy_response_headers", + New: func() caddy.Module { return new(CopyResponseHeadersHandler) }, + } +} + +// Validate ensures the h's configuration is valid. +func (h *CopyResponseHeadersHandler) Validate() error { + if len(h.Exclude) > 0 && len(h.Include) > 0 { + return fmt.Errorf("cannot define both 'exclude' and 'include' lists at the same time") + } + + return nil +} + +// Provision ensures that h is set up properly before use. +func (h *CopyResponseHeadersHandler) Provision(ctx caddy.Context) error { + h.ctx = ctx + + // Optimize the include list by converting it to a map + if len(h.Include) > 0 { + h.includeMap = map[string]struct{}{} + } + for _, field := range h.Include { + h.includeMap[http.CanonicalHeaderKey(field)] = struct{}{} + } + + // Optimize the exclude list by converting it to a map + if len(h.Exclude) > 0 { + h.excludeMap = map[string]struct{}{} + } + for _, field := range h.Exclude { + h.excludeMap[http.CanonicalHeaderKey(field)] = struct{}{} + } + + return nil +} + +// ServeHTTP implements the Handler interface. +func (h CopyResponseHeadersHandler) ServeHTTP(rw http.ResponseWriter, req *http.Request, next caddyhttp.Handler) error { + hrc, ok := req.Context().Value(proxyHandleResponseContextCtxKey).(*handleResponseContext) + + // don't allow this to be used outside of handle_response routes + if !ok { + return caddyhttp.Error(http.StatusInternalServerError, + fmt.Errorf("cannot use 'copy_response_headers' outside of reverse_proxy's handle_response routes")) + } + + for field, values := range hrc.response.Header { + // Check the include list first, skip + // the header if it's _not_ in this list. + if len(h.includeMap) > 0 { + if _, ok := h.includeMap[field]; !ok { + continue + } + } + + // Then, check the exclude list, skip + // the header if it _is_ in this list. + if len(h.excludeMap) > 0 { + if _, ok := h.excludeMap[field]; ok { + continue + } + } + + // Copy all the values for the header. + for _, value := range values { + rw.Header().Add(field, value) + } + } + + return next.ServeHTTP(rw, req) +} + +// Interface guards +var ( + _ caddyhttp.MiddlewareHandler = (*CopyResponseHandler)(nil) + _ caddyfile.Unmarshaler = (*CopyResponseHandler)(nil) + _ caddy.Provisioner = (*CopyResponseHandler)(nil) + + _ caddyhttp.MiddlewareHandler = (*CopyResponseHeadersHandler)(nil) + _ caddyfile.Unmarshaler = (*CopyResponseHeadersHandler)(nil) + _ caddy.Provisioner = (*CopyResponseHeadersHandler)(nil) + _ caddy.Validator = (*CopyResponseHeadersHandler)(nil) +) diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 3355f0b5..2131a91c 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -790,12 +790,33 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, repl * h.logger.Debug("handling response", zap.Int("handler", i)) - // pass the request through the response handler routes - routeErr := rh.Routes.Compile(next).ServeHTTP(rw, req) + // we make some data available via request context to child routes + // so that they may inherit some options and functions from the + // handler, and be able to copy the response. + hrc := &handleResponseContext{ + handler: h, + response: res, + start: start, + logger: logger, + } + ctx := req.Context() + ctx = context.WithValue(ctx, proxyHandleResponseContextCtxKey, hrc) - // always close the response body afterwards since it's expected + // pass the request through the response handler routes + routeErr := rh.Routes.Compile(next).ServeHTTP(rw, req.WithContext(ctx)) + + // if the response handler routes already finalized the response, + // we can return early. It should be finalized if the routes executed + // included a copy_response handler. If a fresh response was written + // by the routes instead, then we still need to finalize the response + // without copying the body. + if routeErr == nil && hrc.isFinalized { + return nil + } + + // always close the response body afterwards, since it's expected // that the response handler routes will have written to the - // response writer with a new body + // response writer with a new body, if it wasn't already finalized. res.Body.Close() bodyClosed = true @@ -804,8 +825,25 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, repl * // the roundtrip was successful and to not retry return roundtripSucceeded{routeErr} } + + // we've already closed the body, so there's no use allowing + // another response handler to run as well + break } + return h.finalizeResponse(rw, req, res, repl, start, logger, bodyClosed) +} + +// finalizeResponse prepares and copies the response. +func (h Handler) finalizeResponse( + rw http.ResponseWriter, + req *http.Request, + res *http.Response, + repl *caddy.Replacer, + start time.Time, + logger *zap.Logger, + bodyClosed bool, +) error { // deal with 101 Switching Protocols responses: (WebSocket, h2c, etc) if res.StatusCode == http.StatusSwitchingProtocols { h.handleUpgradeResponse(logger, rw, req, res) @@ -818,6 +856,13 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, repl * res.Header.Del(h) } + // remove the content length if we're not going to be copying + // from the response, because otherwise there'll be a mismatch + // between bytes written and the advertised length + if bodyClosed { + res.Header.Del("Content-Length") + } + // apply any response header operations if h.Headers != nil && h.Headers.Response != nil { if h.Headers.Response.Require == nil || @@ -841,7 +886,7 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, repl * rw.WriteHeader(res.StatusCode) if !bodyClosed { - err = h.copyResponse(rw, res.Body, h.flushInterval(req, res)) + err := h.copyResponse(rw, res.Body, h.flushInterval(req, res)) res.Body.Close() // close now, instead of defer, to populate res.Trailer if err != nil { // we're streaming the response and we've already written headers, so @@ -863,7 +908,7 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, repl * } // total duration spent proxying, including writing response body - repl.Set("http.reverse_proxy.upstream.duration", duration) + repl.Set("http.reverse_proxy.upstream.duration", time.Since(start)) if len(res.Trailer) == announcedTrailers { copyHeader(rw.Header(), res.Trailer) @@ -1227,6 +1272,38 @@ var bufPool = sync.Pool{ }, } +// handleResponseContext carries some contextual information about the +// the current proxy handling. +type handleResponseContext struct { + // handler is the active proxy handler instance, so that + // routes like copy_response may inherit some config + // options and have access to handler methods. + handler *Handler + + // response is the actual response received from the proxy + // roundtrip, to potentially be copied if a copy_response + // handler is in the handle_response routes. + response *http.Response + + // start is the time just before the proxy roundtrip was + // performed, used for logging. + start time.Time + + // logger is the prepared logger which is used to write logs + // with the request, duration, and selected upstream attached. + logger *zap.Logger + + // isFinalized is whether the response has been finalized, + // i.e. copied and closed, to make sure that it doesn't + // happen twice. + isFinalized bool +} + +// proxyHandleResponseContextCtxKey is the context key for the active proxy handler +// so that handle_response routes can inherit some config options +// from the proxy handler. +const proxyHandleResponseContextCtxKey caddy.CtxKey = "reverse_proxy_handle_response_context" + // Interface guards var ( _ caddy.Provisioner = (*Handler)(nil) From bf6a1b75385da101bad110926c7f2b5f25395959 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 10 Mar 2022 11:40:03 -0700 Subject: [PATCH 0594/1498] go.mod: Upgrade some dependencies Fixes bug in yuin/goldmark https://github.com/caddyserver/website/issues/217 --- go.mod | 24 +++++----- go.sum | 136 ++++++++++++++++++++++++++++++++++++++++++++------------- 2 files changed, 118 insertions(+), 42 deletions(-) diff --git a/go.mod b/go.mod index 61e2360f..95c3de7f 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.16 require ( cloud.google.com/go/kms v1.1.0 // indirect - github.com/BurntSushi/toml v0.4.1 // indirect + github.com/BurntSushi/toml v1.0.0 // indirect github.com/Masterminds/sprig/v3 v3.2.2 github.com/alecthomas/chroma v0.10.0 github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b @@ -14,8 +14,8 @@ require ( github.com/go-chi/chi v4.1.2+incompatible github.com/google/cel-go v0.7.3 github.com/google/uuid v1.3.0 - github.com/klauspost/compress v1.14.2 - github.com/klauspost/cpuid/v2 v2.0.10 + github.com/klauspost/compress v1.15.0 + github.com/klauspost/cpuid/v2 v2.0.11 github.com/lucas-clemente/quic-go v0.24.0 github.com/mholt/acmez v1.0.2 github.com/naoina/go-stringutil v0.1.0 // indirect @@ -23,20 +23,20 @@ require ( github.com/prometheus/client_golang v1.12.1 github.com/smallstep/certificates v0.18.0 github.com/smallstep/cli v0.18.0 - github.com/smallstep/nosql v0.3.9 - github.com/smallstep/truststore v0.10.1 + github.com/smallstep/nosql v0.4.0 + github.com/smallstep/truststore v0.11.0 github.com/tailscale/tscert v0.0.0-20220125204807-4509a5fbaf74 - github.com/yuin/goldmark v1.4.4 - github.com/yuin/goldmark-highlighting v0.0.0-20210516132338-9216f9c5aa01 + github.com/yuin/goldmark v1.4.8 + github.com/yuin/goldmark-highlighting v0.0.0-20220208100518-594be1970594 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.29.0 go.opentelemetry.io/otel v1.4.0 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.4.0 go.opentelemetry.io/otel/sdk v1.4.0 - go.uber.org/zap v1.20.0 - golang.org/x/crypto v0.0.0-20210915214749-c084706c2272 - golang.org/x/net v0.0.0-20210913180222-943fd674d43e - golang.org/x/term v0.0.0-20210503060354-a79de5458b56 - google.golang.org/genproto v0.0.0-20211018162055-cf77aa76bad2 + go.uber.org/zap v1.21.0 + golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3 + golang.org/x/net v0.0.0-20220114011407-0dd24b26b47d + golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 + google.golang.org/genproto v0.0.0-20220118154757-00ab72f36ad5 google.golang.org/protobuf v1.27.1 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect gopkg.in/natefinch/lumberjack.v2 v2.0.0 diff --git a/go.sum b/go.sum index ff454d44..bfb546a4 100644 --- a/go.sum +++ b/go.sum @@ -93,8 +93,8 @@ github.com/Azure/go-autorest/autorest/validation v0.3.1/go.mod h1:yhLgjC0Wda5DYX github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/toml v0.4.1 h1:GaI7EiDXDRfa8VshkTj7Fym7ha+y8/XxIgD2okUIjLw= -github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/BurntSushi/toml v1.0.0 h1:dtDWrepsVPfW9H/4y7dDgFc2MBUSeJhlaDtK13CxFlU= +github.com/BurntSushi/toml v1.0.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/GoogleCloudPlatform/cloudsql-proxy v0.0.0-20191009163259-e802c2cb94ae/go.mod h1:mjwGPas4yKduTyubHvD1Atl9r1rUq8DfVy+gkVvZ+oo= github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= @@ -126,14 +126,9 @@ github.com/ThomasRooney/gexpect v0.0.0-20161231170123-5482f0350944/go.mod h1:sPM github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g= github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7/go.mod h1:6zEj6s6u/ghQa61ZWa/C2Aw3RkjiTBOix7dkqa1VLIs= -github.com/alecthomas/assert v0.0.0-20170929043011-405dbfeb8e38/go.mod h1:r7bzyVFMNntcxPZXK3/+KdruV1H5KSlyVY0gc+NgInI= -github.com/alecthomas/chroma v0.7.2-0.20200305040604-4f3623dce67a/go.mod h1:fv5SzZPFJbwp2NXJWpFIX7DZS4HgV1K4ew4Pc2OZD9s= github.com/alecthomas/chroma v0.10.0 h1:7XDcGkCQopCNKjZHfYrNLraA+M7e0fMiJ/Mfikbfjek= github.com/alecthomas/chroma v0.10.0/go.mod h1:jtJATyUxlIORhUOFNA9NZDWGAQ8wpxQQqNSB4rjA/1s= -github.com/alecthomas/colour v0.0.0-20160524082231-60882d9e2721/go.mod h1:QO9JBoKquHd+jz9nshCh40fOfO+JzsoXy8qTHF68zU0= github.com/alecthomas/kingpin v2.2.6+incompatible/go.mod h1:59OFYbFVLKQKq+mqrL6Rw5bR0c3ACQaawgXx0QYndlE= -github.com/alecthomas/kong v0.2.1-0.20190708041108-0548c6b1afae/go.mod h1:+inYUSluD+p4L8KdviBSgzcqEjUQOfC5fQDRFuc36lI= -github.com/alecthomas/repr v0.0.0-20180818092828-117648cd9897/go.mod h1:xTS7Pm1pD1mvyM075QCDSRqH6qRLXylzS24ZTpRiSzQ= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= @@ -226,6 +221,8 @@ github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWH github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cockroachdb/apd v1.1.0 h1:3LFP3629v+1aKXU5Q37mxmRxX/pIu1nijXydLShEq5I= +github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo= github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA= @@ -241,6 +238,7 @@ github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3Ee github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20181012123002-c6f51f82210d/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= +github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= @@ -254,7 +252,6 @@ github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsr github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/danwakefield/fnmatch v0.0.0-20160403171240-cbb64ac3d964/go.mod h1:Xd9hchkHSWYkEqJwUGisez3G1QY8Ryz0sdWrLPMGjLk= github.com/davecgh/go-spew v0.0.0-20161028175848-04cdfd42973b/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= @@ -275,8 +272,6 @@ github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13/go.mod h1:SqUrOPUn github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8= github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= -github.com/dlclark/regexp2 v1.1.6/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc= -github.com/dlclark/regexp2 v1.2.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc= github.com/dlclark/regexp2 v1.4.0 h1:F1rxgk7p4uKjwIQxBs9oAXe5CqrXlCduYEJvrF4u93E= github.com/dlclark/regexp2 v1.4.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc= github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= @@ -358,6 +353,8 @@ github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8Wd github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= +github.com/gofrs/uuid v4.0.0+incompatible h1:1SD/1F5pU8p29ybwgQSwpQk+mwdRrXCYuPhW6m+TnJw= +github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= @@ -549,6 +546,55 @@ github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU= github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo= +github.com/jackc/chunkreader v1.0.0 h1:4s39bBR8ByfqH+DKm8rQA3E1LHZWB9XWcrz8fqaZbe0= +github.com/jackc/chunkreader v1.0.0/go.mod h1:RT6O25fNZIuasFJRyZ4R/Y2BbhasbmZXF9QQ7T3kePo= +github.com/jackc/chunkreader/v2 v2.0.0/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgOHwnPIn9lDKlk= +github.com/jackc/chunkreader/v2 v2.0.1 h1:i+RDz65UE+mmpjTfyz0MoVTnzeYxroil2G82ki7MGG8= +github.com/jackc/chunkreader/v2 v2.0.1/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgOHwnPIn9lDKlk= +github.com/jackc/pgconn v0.0.0-20190420214824-7e0022ef6ba3/go.mod h1:jkELnwuX+w9qN5YIfX0fl88Ehu4XC3keFuOJJk9pcnA= +github.com/jackc/pgconn v0.0.0-20190824142844-760dd75542eb/go.mod h1:lLjNuW/+OfW9/pnVKPazfWOgNfH2aPem8YQ7ilXGvJE= +github.com/jackc/pgconn v0.0.0-20190831204454-2fabfa3c18b7/go.mod h1:ZJKsE/KZfsUgOEh9hBm+xYTstcNHg7UPMVJqRfQxq4s= +github.com/jackc/pgconn v1.8.0/go.mod h1:1C2Pb36bGIP9QHGBYCjnyhqu7Rv3sGshaQUvmfGIB/o= +github.com/jackc/pgconn v1.9.0/go.mod h1:YctiPyvzfU11JFxoXokUOOKQXQmDMoJL9vJzHH8/2JY= +github.com/jackc/pgconn v1.9.1-0.20210724152538-d89c8390a530/go.mod h1:4z2w8XhRbP1hYxkpTuBjTS3ne3J48K83+u0zoyvg2pI= +github.com/jackc/pgconn v1.10.1 h1:DzdIHIjG1AxGwoEEqS+mGsURyjt4enSmqzACXvVzOT8= +github.com/jackc/pgconn v1.10.1/go.mod h1:4z2w8XhRbP1hYxkpTuBjTS3ne3J48K83+u0zoyvg2pI= +github.com/jackc/pgio v1.0.0 h1:g12B9UwVnzGhueNavwioyEEpAmqMe1E/BN9ES+8ovkE= +github.com/jackc/pgio v1.0.0/go.mod h1:oP+2QK2wFfUWgr+gxjoBH9KGBb31Eio69xUb0w5bYf8= +github.com/jackc/pgmock v0.0.0-20190831213851-13a1b77aafa2/go.mod h1:fGZlG77KXmcq05nJLRkk0+p82V8B8Dw8KN2/V9c/OAE= +github.com/jackc/pgmock v0.0.0-20201204152224-4fe30f7445fd/go.mod h1:hrBW0Enj2AZTNpt/7Y5rr2xe/9Mn757Wtb2xeBzPv2c= +github.com/jackc/pgmock v0.0.0-20210724152146-4ad1a8207f65 h1:DadwsjnMwFjfWc9y5Wi/+Zz7xoE5ALHsRQlOctkOiHc= +github.com/jackc/pgmock v0.0.0-20210724152146-4ad1a8207f65/go.mod h1:5R2h2EEX+qri8jOWMbJCtaPWkrrNc7OHwsp2TCqp7ak= +github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM= +github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg= +github.com/jackc/pgproto3 v1.1.0 h1:FYYE4yRw+AgI8wXIinMlNjBbp/UitDJwfj5LqqewP1A= +github.com/jackc/pgproto3 v1.1.0/go.mod h1:eR5FA3leWg7p9aeAqi37XOTgTIbkABlvcPB3E5rlc78= +github.com/jackc/pgproto3/v2 v2.0.0-alpha1.0.20190420180111-c116219b62db/go.mod h1:bhq50y+xrl9n5mRYyCBFKkpRVTLYJVWeCc+mEAI3yXA= +github.com/jackc/pgproto3/v2 v2.0.0-alpha1.0.20190609003834-432c2951c711/go.mod h1:uH0AWtUmuShn0bcesswc4aBTWGvw0cAxIJp+6OB//Wg= +github.com/jackc/pgproto3/v2 v2.0.0-rc3/go.mod h1:ryONWYqW6dqSg1Lw6vXNMXoBJhpzvWKnT95C46ckYeM= +github.com/jackc/pgproto3/v2 v2.0.0-rc3.0.20190831210041-4c03ce451f29/go.mod h1:ryONWYqW6dqSg1Lw6vXNMXoBJhpzvWKnT95C46ckYeM= +github.com/jackc/pgproto3/v2 v2.0.6/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= +github.com/jackc/pgproto3/v2 v2.1.1/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= +github.com/jackc/pgproto3/v2 v2.2.0 h1:r7JypeP2D3onoQTCxWdTpCtJ4D+qpKr0TxvoyMhZ5ns= +github.com/jackc/pgproto3/v2 v2.2.0/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= +github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b h1:C8S2+VttkHFdOOCXJe+YGfa4vHYwlt4Zx+IVXQ97jYg= +github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b/go.mod h1:vsD4gTJCa9TptPL8sPkXrLZ+hDuNrZCnj29CQpr4X1E= +github.com/jackc/pgtype v0.0.0-20190421001408-4ed0de4755e0/go.mod h1:hdSHsc1V01CGwFsrv11mJRHWJ6aifDLfdV3aVjFF0zg= +github.com/jackc/pgtype v0.0.0-20190824184912-ab885b375b90/go.mod h1:KcahbBH1nCMSo2DXpzsoWOAfFkdEtEJpPbVLq8eE+mc= +github.com/jackc/pgtype v0.0.0-20190828014616-a8802b16cc59/go.mod h1:MWlu30kVJrUS8lot6TQqcg7mtthZ9T0EoIBFiJcmcyw= +github.com/jackc/pgtype v1.8.1-0.20210724151600-32e20a603178/go.mod h1:C516IlIV9NKqfsMCXTdChteoXmwgUceqaLfjg2e3NlM= +github.com/jackc/pgtype v1.9.0 h1:/SH1RxEtltvJgsDqp3TbiTFApD3mey3iygpuEGeuBXk= +github.com/jackc/pgtype v1.9.0/go.mod h1:LUMuVrfsFfdKGLw+AFFVv6KtHOFMwRgDDzBt76IqCA4= +github.com/jackc/pgx/v4 v4.0.0-20190420224344-cc3461e65d96/go.mod h1:mdxmSJJuR08CZQyj1PVQBHy9XOp5p8/SHH6a0psbY9Y= +github.com/jackc/pgx/v4 v4.0.0-20190421002000-1b8f0016e912/go.mod h1:no/Y67Jkk/9WuGR0JG/JseM9irFbnEPbuWV2EELPNuM= +github.com/jackc/pgx/v4 v4.0.0-pre1.0.20190824185557-6972a5742186/go.mod h1:X+GQnOEnf1dqHGpw7JmHqHc1NxDoalibchSk9/RWuDc= +github.com/jackc/pgx/v4 v4.12.1-0.20210724153913-640aa07df17c/go.mod h1:1QD0+tgSXP7iUjYm9C1NxKhny7lq6ee99u/z+IHFcgs= +github.com/jackc/pgx/v4 v4.14.0 h1:TgdrmgnM7VY72EuSQzBbBd4JA1RLqJolrw9nQVZABVc= +github.com/jackc/pgx/v4 v4.14.0/go.mod h1:jT3ibf/A0ZVCp89rtCIN0zCJxcE74ypROmHEZYsG/j8= +github.com/jackc/puddle v0.0.0-20190413234325-e4ced69a3a2b/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= +github.com/jackc/puddle v0.0.0-20190608224051-11cab39313c9/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= +github.com/jackc/puddle v1.1.3/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= +github.com/jackc/puddle v1.2.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jarcoal/httpmock v1.0.5/go.mod h1:ATjnClrvW/3tijVmpL/va5Z3aAyGvqU3gCT8nX0Txik= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0B/fFc00Y+Rasa88328GlI/XbtyysCtTHZS8h7IrBU= @@ -586,11 +632,11 @@ github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQL github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.12.3/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= -github.com/klauspost/compress v1.14.2 h1:S0OHlFk/Gbon/yauFJ4FfJJF5V0fc5HbBTJazi28pRw= -github.com/klauspost/compress v1.14.2/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= +github.com/klauspost/compress v1.15.0 h1:xqfchp4whNFxn5A4XFyyYtitiWI8Hy5EW59jEwcyL6U= +github.com/klauspost/compress v1.15.0/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= -github.com/klauspost/cpuid/v2 v2.0.10 h1:fv5GKR+e2UgD+gcxQECVT5rBwAmlFLl2mkKm7WK3ODY= -github.com/klauspost/cpuid/v2 v2.0.10/go.mod h1:g2LTdtYhdyuGPqyWyv7qRAmj1WBqxuObKfj5c0PQa7c= +github.com/klauspost/cpuid/v2 v2.0.11 h1:i2lw1Pm7Yi/4O6XCSyJWqEHI2MDw2FzUK6o/D21xn2A= +github.com/klauspost/cpuid/v2 v2.0.11/go.mod h1:g2LTdtYhdyuGPqyWyv7qRAmj1WBqxuObKfj5c0PQa7c= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -608,7 +654,12 @@ github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/letsencrypt/pkcs11key/v4 v4.0.0/go.mod h1:EFUvBDay26dErnNb70Nd0/VW3tJiIbETBPTl9ATXQag= +github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= +github.com/lib/pq v1.1.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= +github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= +github.com/lib/pq v1.10.2 h1:AqzbZs4ZoCBp+GtejcpCpcxM3zlSMx29dXbUSeVtJb8= +github.com/lib/pq v1.10.2/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/libdns/libdns v0.2.1 h1:Wu59T7wSHRgtA0cfxC+n1c/e+O3upJGWytknkmFEDis= github.com/libdns/libdns v0.2.1/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40= github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= @@ -633,12 +684,14 @@ github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaO github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ= github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= +github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-colorable v0.1.8 h1:c1ghPdyEDarC70ftn0y+A/Ee++9zz8ljHG1b13eJ0s8= github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-ieproxy v0.0.0-20190610004146-91bb50d98149/go.mod h1:31jz6HNzdxOmlERGGEc4v/dMssOfmp2p5bT/okiKFFc= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= +github.com/mattn/go-isatty v0.0.7/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= @@ -819,6 +872,8 @@ github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= github.com/rs/xid v1.2.1 h1:mhH9Nq+C1fY2l1XIpgxIiUOfNpRBYH1kKcr+qfKgjRc= github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ= +github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU= +github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThCjNc= github.com/russross/blackfriday v1.5.2 h1:HyvC0ARfnZBqnXwABFeSZHpKvJHJJfPz81GNueLj0oo= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q= @@ -827,10 +882,12 @@ github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb github.com/samfoo/ansi v0.0.0-20160124022901-b6bd2ded7189/go.mod h1:UUwuHEJ9zkkPDxspIHOa59PUeSkGFljESGzbxntLmIg= github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= github.com/sassoftware/go-rpmutils v0.0.0-20190420191620-a8f1baeba37b/go.mod h1:am+Fp8Bt506lA3Rk3QCmSqmYmLMnPDhdDUcosQCAx+I= +github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= +github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4= github.com/shopspring/decimal v1.2.0 h1:abSATXmQEYyShuxI4/vyW3tV1MrKAJzCZ/0zLUXYbsQ= github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/shurcooL/component v0.0.0-20170202220835-f88ec8f54cc4/go.mod h1:XhFIlyj5a1fBNx5aJTbKoIq0mNaPvOagO+HjB3EtxrY= @@ -872,11 +929,12 @@ github.com/smallstep/certificates v0.18.0/go.mod h1:8eHwHNg/bRWvNZo9S0uWFVMkS+LS github.com/smallstep/certinfo v1.5.2/go.mod h1:gA7HBbue0Wwr3kD60P2UtgTIFfMAOC66D3rzYhI0GZ4= github.com/smallstep/cli v0.18.0 h1:BslbUHuMfj/LbVHxuZ4Hv1sL+vAHHidqia4JRoCBwXs= github.com/smallstep/cli v0.18.0/go.mod h1:C8ZSfMm/pKdCHnN1C3Pc44bjIOkBbyuoyq6XjS/K9lI= -github.com/smallstep/nosql v0.3.9 h1:YPy5PR3PXClqmpFaVv0wfXDXDc7NXGBE1auyU2c87dc= github.com/smallstep/nosql v0.3.9/go.mod h1:X2qkYpNcW3yjLUvhEHfgGfClpKbFPapewvx7zo4TOFs= +github.com/smallstep/nosql v0.4.0 h1:Go3WYwttUuvwqMtFiiU4g7kBIlY+hR0bIZAqVdakQ3M= +github.com/smallstep/nosql v0.4.0/go.mod h1:yKZT5h7cdIVm6wEKM9+jN5dgK80Hljpuy8HNsnI7Gzo= github.com/smallstep/truststore v0.9.6/go.mod h1:HwHKRcBi0RUxxw1LYDpTRhYC4jZUuxPpkHdVonlkoDM= -github.com/smallstep/truststore v0.10.1 h1:+0OUcVAfDzYXw5GUbdOz///6oMNrcPosnztITXLICS8= -github.com/smallstep/truststore v0.10.1/go.mod h1:HwHKRcBi0RUxxw1LYDpTRhYC4jZUuxPpkHdVonlkoDM= +github.com/smallstep/truststore v0.11.0 h1:JUTkQ4oHr40jHTS/A2t0usEhteMWG+45CDD2iJA/dIk= +github.com/smallstep/truststore v0.11.0/go.mod h1:HwHKRcBi0RUxxw1LYDpTRhYC4jZUuxPpkHdVonlkoDM= github.com/smallstep/zcrypto v0.0.0-20210924233136-66c2600f6e71/go.mod h1:+F24VU3UCxfVFvvqgm5jNUFQOm/L6ed13ImwWGFgg/g= github.com/smallstep/zlint v0.0.0-20180727184541-d84eaafe274f/go.mod h1:GeHHT7sJDI9ti3oEaFnvx1F4N8n3ZSw2YM1+sbEoxc4= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= @@ -964,11 +1022,12 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= -github.com/yuin/goldmark v1.3.6/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= -github.com/yuin/goldmark v1.4.4 h1:zNWRjYUW32G9KirMXYHQHVNFkXvMI7LpgNW2AgYAoIs= -github.com/yuin/goldmark v1.4.4/go.mod h1:rmuwmfZ0+bvzB24eSC//bk1R1Zp3hM0OXYv/G2LIilg= -github.com/yuin/goldmark-highlighting v0.0.0-20210516132338-9216f9c5aa01 h1:0SJnXjE4jDClMW6grE0xpNhwpqbPwkBTn8zpVw5C0SI= -github.com/yuin/goldmark-highlighting v0.0.0-20210516132338-9216f9c5aa01/go.mod h1:TwKQPa5XkCCRC2GRZ5wtfNUTQ2+9/i19mGRijFeJ4BE= +github.com/yuin/goldmark v1.4.5/go.mod h1:rmuwmfZ0+bvzB24eSC//bk1R1Zp3hM0OXYv/G2LIilg= +github.com/yuin/goldmark v1.4.8 h1:zHPiabbIRssZOI0MAzJDHsyvG4MXCGqVaMOwR+HeoQQ= +github.com/yuin/goldmark v1.4.8/go.mod h1:rmuwmfZ0+bvzB24eSC//bk1R1Zp3hM0OXYv/G2LIilg= +github.com/yuin/goldmark-highlighting v0.0.0-20220208100518-594be1970594 h1:yHfZyN55+5dp1wG7wDKv8HQ044moxkyGq12KFFMFDxg= +github.com/yuin/goldmark-highlighting v0.0.0-20220208100518-594be1970594/go.mod h1:U9ihbh+1ZN7fR5Se3daSPoz1CGF9IYtSvWwVQtnzGHU= +github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q= github.com/zmap/rc2 v0.0.0-20131011165748-24b9757f5521/go.mod h1:3YZ9o3WnatTIZhuOtot4IcUfzoKVjUHqu6WALIyI0nE= github.com/zmap/rc2 v0.0.0-20190804163417-abaa70531248/go.mod h1:3YZ9o3WnatTIZhuOtot4IcUfzoKVjUHqu6WALIyI0nE= github.com/zmap/zcertificate v0.0.0-20180516150559-0e3d58b1bac4/go.mod h1:5iU54tB79AMBcySS0R2XIyZBAVmeHranShAFELYx7is= @@ -1073,13 +1132,14 @@ go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKY go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= +go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= go.uber.org/zap v1.15.0/go.mod h1:Mb2vm2krFEG5DV0W9qcHBYFtp/Wku1cvYaqPsS/WYfc= go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ= go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= -go.uber.org/zap v1.20.0 h1:N4oPlghZwYG55MlU6LXk/Zp00FVNE9X9wrYO8CEs4lc= -go.uber.org/zap v1.20.0/go.mod h1:wjWOCqI0f2ZZrJF/UufIOkiC8ii6tm1iqIsLo76RfJw= +go.uber.org/zap v1.21.0 h1:WefMeulhovoZ2sYXz7st6K0sLj7bBhpiFaud4r4zST8= +go.uber.org/zap v1.21.0/go.mod h1:wjWOCqI0f2ZZrJF/UufIOkiC8ii6tm1iqIsLo76RfJw= go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE= gocloud.dev v0.19.0/go.mod h1:SmKwiR8YwIMMJvQBKLsC3fHNyMwXLw3PMDO+VVteJMI= golang.org/x/build v0.0.0-20190111050920-041ab4dc3f9d/go.mod h1:OWs+y06UdEOHN4y+MfF/py+xQ/tYqIWW03b70/CG9Rw= @@ -1091,10 +1151,12 @@ golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnf golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190411191339-88737f569e3a/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE= golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191002192127-34f69633bfdc/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -1103,9 +1165,13 @@ golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20201203163018-be400aefbc4c/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= -golang.org/x/crypto v0.0.0-20210915214749-c084706c2272 h1:3erb+vDS8lU1sxfDHF4/hhWyaXnhIaO+7RgL4fDZORA= +golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210915214749-c084706c2272/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3 h1:0es+/5331RGQPcXlMfP+WrnIIS6dNnNRe0WB02W0F4M= +golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -1204,8 +1270,10 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20210913180222-943fd674d43e h1:+b/22bPvDYt4NPDcy4xAGCmON713ONAWFeY3Z7I3tR8= golang.org/x/net v0.0.0-20210913180222-943fd674d43e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20220114011407-0dd24b26b47d h1:1n1fc535VhN8SYtD4cDUyNlfpAF2ROMM9+11equK3hs= +golang.org/x/net v0.0.0-20220114011407-0dd24b26b47d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181106182150-f42d05182288/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -1253,13 +1321,13 @@ golang.org/x/sys v0.0.0-20181029174526-d69651ed3497/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181128092732-4ed8d59d0b35/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190221075227-b4e8571b14e0/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190316082340-a2f829d7f35f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1269,6 +1337,7 @@ golang.org/x/sys v0.0.0-20190620070143-6f217b454f45/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190626221950-04f50cda93cb/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1335,9 +1404,11 @@ golang.org/x/sys v0.0.0-20210917161153-d61c044b1678/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211031064116-611d5d643895/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 h1:XfKQ4OlFl8okEOr5UvAqFRVj8pY/4yfcXrddB8qAbU0= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210503060354-a79de5458b56 h1:b8jxX3zqjpqb2LklXPzKSGJhzyxCOZSz8ncv8Nv+y7w= golang.org/x/term v0.0.0-20210503060354-a79de5458b56/go.mod h1:tfny5GFUkzUvx4ps4ajbZsCe5lw1metzhBm9T3x7oIY= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1367,6 +1438,7 @@ golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3 golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190422233926-fe54fb35175b/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190425163242-31fd60d6bfdc/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= @@ -1374,6 +1446,7 @@ golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgw golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190729092621-ff9f1409240a/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI= golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20190823170909-c4a336ef6a2f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191010075000-0337d82405ff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= @@ -1428,6 +1501,8 @@ golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5 h1:ouewzE6p+/VEB31YYnTbEJdi8pFqKp4P4n85vwo3DHA= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1560,8 +1635,9 @@ google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEc google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= google.golang.org/genproto v0.0.0-20210917145530-b395a37504d4/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20211018162055-cf77aa76bad2 h1:CUp93KYgL06Y/PdI8aRJaFiAHevPIGWQmijSqaUhue8= google.golang.org/genproto v0.0.0-20211018162055-cf77aa76bad2/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20220118154757-00ab72f36ad5 h1:zzNejm+EgrbLfDZ6lu9Uud2IVvHySPl8vQzf04laR5Q= +google.golang.org/genproto v0.0.0-20220118154757-00ab72f36ad5/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= @@ -1595,7 +1671,6 @@ google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQ google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= -google.golang.org/grpc v1.40.0 h1:AGJ0Ih4mHjSeibYkFGh1dD9KJ/eOtZ93I6hoHhukQ5Q= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.43.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= google.golang.org/grpc v1.44.0 h1:weqSxi/TMs1SqFRMHCtBgXRs8k3X39QIDEZ0pRcttUg= @@ -1627,6 +1702,7 @@ gopkg.in/cheggaaa/pb.v1 v1.0.28/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qS gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o= +gopkg.in/inconshreveable/log15.v2 v2.0.0-20180818164646-67afb5ed74ec/go.mod h1:aPpfJ7XW+gOuirDoZ8gHhLh3kZ1B08FtV2bbmy7Jv3s= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/natefinch/lumberjack.v2 v2.0.0 h1:1Lc07Kr7qY4U2YPouBjpCLxpiyxIVoxqXgkXLknAOE8= From b82e22b459b9f81278810dc32916ca270efa888c Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Fri, 11 Mar 2022 18:55:37 +0300 Subject: [PATCH 0595/1498] caddyhttp: retain all values of vars matcher when specified multiple times (#4629) --- modules/caddyhttp/vars.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/caddyhttp/vars.go b/modules/caddyhttp/vars.go index 91a2072c..b0f10a7f 100644 --- a/modules/caddyhttp/vars.go +++ b/modules/caddyhttp/vars.go @@ -91,7 +91,7 @@ func (m *VarsMatcher) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { if len(vals) == 0 { return d.Errf("malformed vars matcher: expected at least one value to match against") } - (*m)[field] = vals + (*m)[field] = append((*m)[field], vals...) if d.NextBlock(0) { return d.Err("malformed vars matcher: blocks are not supported") } From 3d616e8c6d65e5617f5a918d72fb1514c9c7144e Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 11 Mar 2022 12:34:55 -0700 Subject: [PATCH 0596/1498] requestbody: Return HTTP 413 (fix #4558) --- modules/caddyhttp/errors.go | 3 +++ modules/caddyhttp/replacer.go | 8 ++------ modules/caddyhttp/requestbody/requestbody.go | 18 +++++++++++++++++- modules/caddyhttp/server.go | 4 +++- 4 files changed, 25 insertions(+), 8 deletions(-) diff --git a/modules/caddyhttp/errors.go b/modules/caddyhttp/errors.go index 85dc3dfb..9d1cf470 100644 --- a/modules/caddyhttp/errors.go +++ b/modules/caddyhttp/errors.go @@ -82,6 +82,9 @@ func (e HandlerError) Error() string { return strings.TrimSpace(s) } +// Unwrap returns the underlying error value. See the `errors` package for info. +func (e HandlerError) Unwrap() error { return e.Err } + // randString returns a string of n random characters. // It is not even remotely secure OR a proper distribution. // But it's good enough for some things. It excludes certain diff --git a/modules/caddyhttp/replacer.go b/modules/caddyhttp/replacer.go index 26f7e0be..d3fa8918 100644 --- a/modules/caddyhttp/replacer.go +++ b/modules/caddyhttp/replacer.go @@ -162,12 +162,8 @@ func addHTTPVarsToReplacer(repl *caddy.Replacer, req *http.Request, w http.Respo // read the request body into a buffer (can't pool because we // don't know its lifetime and would have to make a copy anyway) buf := new(bytes.Buffer) - _, err := io.Copy(buf, req.Body) - if err != nil { - return "", true - } - // replace real body with buffered data - req.Body = io.NopCloser(buf) + _, _ = io.Copy(buf, req.Body) // can't handle error, so just ignore it + req.Body = io.NopCloser(buf) // replace real body with buffered data return buf.String(), true // original request, before any internal changes diff --git a/modules/caddyhttp/requestbody/requestbody.go b/modules/caddyhttp/requestbody/requestbody.go index 76cd2743..dfc0fd92 100644 --- a/modules/caddyhttp/requestbody/requestbody.go +++ b/modules/caddyhttp/requestbody/requestbody.go @@ -15,6 +15,7 @@ package requestbody import ( + "io" "net/http" "github.com/caddyserver/caddy/v2" @@ -28,6 +29,7 @@ func init() { // RequestBody is a middleware for manipulating the request body. type RequestBody struct { // The maximum number of bytes to allow reading from the body by a later handler. + // If more bytes are read, an error with HTTP status 413 is returned. MaxSize int64 `json:"max_size,omitempty"` } @@ -44,10 +46,24 @@ func (rb RequestBody) ServeHTTP(w http.ResponseWriter, r *http.Request, next cad return next.ServeHTTP(w, r) } if rb.MaxSize > 0 { - r.Body = http.MaxBytesReader(w, r.Body, rb.MaxSize) + r.Body = errorWrapper{http.MaxBytesReader(w, r.Body, rb.MaxSize)} } return next.ServeHTTP(w, r) } +// errorWrapper wraps errors that are returned from Read() +// so that they can be associated with a proper status code. +type errorWrapper struct { + io.ReadCloser +} + +func (ew errorWrapper) Read(p []byte) (n int, err error) { + n, err = ew.ReadCloser.Read(p) + if err != nil && err.Error() == "http: request body too large" { + err = caddyhttp.Error(http.StatusRequestEntityTooLarge, err) + } + return +} + // Interface guard var _ caddyhttp.MiddlewareHandler = (*RequestBody)(nil) diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index 3d211846..6ab77dfc 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -17,6 +17,7 @@ package caddyhttp import ( "context" "encoding/json" + "errors" "fmt" "net" "net/http" @@ -600,7 +601,8 @@ func PrepareRequest(r *http.Request, repl *caddy.Replacer, w http.ResponseWriter // If err is a HandlerError, the returned values will // have richer information. func errLogValues(err error) (status int, msg string, fields []zapcore.Field) { - if handlerErr, ok := err.(HandlerError); ok { + var handlerErr HandlerError + if errors.As(err, &handlerErr) { status = handlerErr.StatusCode if handlerErr.Err == nil { msg = err.Error() From a9c7e94a38e4f4719a5c1cf7f3e11e8cf427f04e Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Sun, 13 Mar 2022 01:38:11 -0500 Subject: [PATCH 0597/1498] chore: Comment fixes (#4634) --- caddyconfig/httpcaddyfile/directives.go | 4 +- modules/caddyhttp/reverseproxy/caddyfile.go | 38 ++++++++++++------- .../caddyhttp/reverseproxy/copyresponse.go | 2 +- modules/caddypki/adminapi.go | 4 +- modules/caddypki/command.go | 6 +-- 5 files changed, 33 insertions(+), 21 deletions(-) diff --git a/caddyconfig/httpcaddyfile/directives.go b/caddyconfig/httpcaddyfile/directives.go index b0d78158..aac4f1f4 100644 --- a/caddyconfig/httpcaddyfile/directives.go +++ b/caddyconfig/httpcaddyfile/directives.go @@ -43,7 +43,7 @@ var directiveOrder = []string{ "root", "header", - "copy_response_headers", + "copy_response_headers", // only in reverse_proxy's handle_response "request_body", "redir", @@ -69,7 +69,7 @@ var directiveOrder = []string{ // handlers that typically respond to requests "abort", "error", - "copy_response", + "copy_response", // only in reverse_proxy's handle_response "respond", "metrics", "reverse_proxy", diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index cab0a71c..af0c5641 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -53,8 +53,8 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) // UnmarshalCaddyfile sets up the handler from Caddyfile tokens. Syntax: // // reverse_proxy [] [] { -// # upstreams -// to +// # backends +// to // dynamic [...] // // # load balancing @@ -63,26 +63,28 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) // lb_try_interval // // # active health checking -// health_uri -// health_port +// health_uri +// health_port // health_interval -// health_timeout -// health_status -// health_body +// health_timeout +// health_status +// health_body // health_headers { // [] // } // // # passive health checking -// max_fails -// fail_duration -// max_conns -// unhealthy_status +// fail_duration +// max_fails +// unhealthy_status // unhealthy_latency +// unhealthy_request_count // // # streaming // flush_interval // buffer_requests +// buffer_responses +// max_buffer_size // // # header manipulation // trusted_proxies [private_ranges] @@ -94,14 +96,23 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) // ... // } // -// # intercepting responses +// # optionally intercept responses from upstream // @name { // status // header [] // } -// replace_status +// replace_status [] // handle_response [] { // +// +// # special directives only available in handle_response +// copy_response [] [] { +// status +// } +// copy_response_headers [] { +// include +// exclude +// } // } // } // @@ -1073,6 +1084,7 @@ func parseCopyResponseHeadersCaddyfile(h httpcaddyfile.Helper) (caddyhttp.Middle // UnmarshalCaddyfile sets up the handler from Caddyfile tokens. Syntax: // // copy_response_headers [] { +// include // exclude // } // diff --git a/modules/caddyhttp/reverseproxy/copyresponse.go b/modules/caddyhttp/reverseproxy/copyresponse.go index 174ffa78..72a55d4a 100644 --- a/modules/caddyhttp/reverseproxy/copyresponse.go +++ b/modules/caddyhttp/reverseproxy/copyresponse.go @@ -66,7 +66,7 @@ func (h CopyResponseHandler) ServeHTTP(rw http.ResponseWriter, req *http.Request } // allow a custom status code to be written; otherwise the - // status code from the upstream resposne is written + // status code from the upstream response is written if codeStr := h.StatusCode.String(); codeStr != "" { intVal, err := strconv.Atoi(repl.ReplaceAll(codeStr, "")) if err != nil { diff --git a/modules/caddypki/adminapi.go b/modules/caddypki/adminapi.go index a79e2d5c..b4d26951 100644 --- a/modules/caddypki/adminapi.go +++ b/modules/caddypki/adminapi.go @@ -93,7 +93,7 @@ func (a *adminAPI) handleAPIEndpoints(w http.ResponseWriter, r *http.Request) er } } -// handleCAInfo returns cinformation about a particular +// handleCAInfo returns information about a particular // CA by its ID. If the CA ID is the default, then the CA will be // provisioned if it has not already been. Other CA IDs will return an // error if they have not been previously provisioned. @@ -143,7 +143,7 @@ func (a *adminAPI) handleCAInfo(w http.ResponseWriter, r *http.Request) error { return nil } -// handleCACerts returns cinformation about a particular +// handleCACerts returns the certificate chain for a particular // CA by its ID. If the CA ID is the default, then the CA will be // provisioned if it has not already been. Other CA IDs will return an // error if they have not been previously provisioned. diff --git a/modules/caddypki/command.go b/modules/caddypki/command.go index 4744c68e..9b64c613 100644 --- a/modules/caddypki/command.go +++ b/modules/caddypki/command.go @@ -49,8 +49,8 @@ By default, this command installs the root certificate for Caddy's default CA (i.e. 'local'). You may specify the ID of another CA with the --ca flag. -Also, this command will attempt to connect to the Caddy's admin API -running at '` + caddy.DefaultAdminListen + `' to fetch the root certificate. You may +This command will attempt to connect to Caddy's admin API running at +'` + caddy.DefaultAdminListen + `' to fetch the root certificate. You may explicitly specify the --address, or use the --config flag to load the admin address from your config, if not using the default.`, Flags: func() *flag.FlagSet { @@ -216,7 +216,7 @@ func rootCertFromAdmin(adminAddr string, caID string) (*x509.Certificate, error) } defer resp.Body.Close() - // Decode the resposne + // Decode the response caInfo := new(caInfo) err = json.NewDecoder(resp.Body).Decode(caInfo) if err != nil { From 4e9fbee1e2ef39ff56bdfb19126a9b1a8a841eb4 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 15 Mar 2022 18:09:19 -0400 Subject: [PATCH 0598/1498] ci: Build on Go 1.18, bump actions versions (#4637) * ci: Build on Go 1.18, bump actions versions * Revert linter version bump for now * Try linter again --- .github/workflows/ci.yml | 10 +++++----- .github/workflows/cross-build.yml | 6 +++--- .github/workflows/lint.yml | 12 ++++++++---- .github/workflows/release.yml | 8 ++++---- caddyconfig/caddyfile/formatter_fuzz.go | 1 + caddyconfig/caddyfile/lexer_fuzz.go | 1 + caddyconfig/httpcaddyfile/addresses_fuzz.go | 1 + duration_fuzz.go | 1 + go.mod | 2 +- go.sum | 6 ++++-- listeners_fuzz.go | 1 + notify/notify_other.go | 1 + replacer_fuzz.go | 1 + sigtrap_nonposix.go | 1 + sigtrap_posix.go | 1 + 15 files changed, 34 insertions(+), 19 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c8b07ff9..894b8ed2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,7 +19,7 @@ jobs: fail-fast: false matrix: os: [ ubuntu-latest, macos-latest, windows-latest ] - go: [ '1.16', '1.17' ] + go: [ '1.16', '1.17', '1.18' ] # Set some variables per OS, usable via ${{ matrix.VAR }} # CADDY_BIN_PATH: the path to the compiled Caddy binary, for artifact publishing @@ -41,12 +41,12 @@ jobs: steps: - name: Install Go - uses: actions/setup-go@v2 + uses: actions/setup-go@v3 with: go-version: ${{ matrix.go }} - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@v3 # These tools would be useful if we later decide to reinvestigate # publishing test/coverage reports to some tool for easier consumption @@ -130,7 +130,7 @@ jobs: continue-on-error: true # August 2020: s390x VM is down due to weather and power issues steps: - name: Checkout code into the Go module directory - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Run Tests run: | mkdir -p ~/.ssh && echo -e "${SSH_KEY//_/\\n}" > ~/.ssh/id_ecdsa && chmod og-rwx ~/.ssh/id_ecdsa @@ -155,7 +155,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - uses: goreleaser/goreleaser-action@v2 with: diff --git a/.github/workflows/cross-build.yml b/.github/workflows/cross-build.yml index 5c038569..04c1d29a 100644 --- a/.github/workflows/cross-build.yml +++ b/.github/workflows/cross-build.yml @@ -16,12 +16,12 @@ jobs: fail-fast: false matrix: goos: ['android', 'linux', 'solaris', 'illumos', 'dragonfly', 'freebsd', 'openbsd', 'plan9', 'windows', 'darwin', 'netbsd'] - go: [ '1.17' ] + go: [ '1.18' ] runs-on: ubuntu-latest continue-on-error: true steps: - name: Install Go - uses: actions/setup-go@v2 + uses: actions/setup-go@v3 with: go-version: ${{ matrix.go }} @@ -45,7 +45,7 @@ jobs: cross-build-go${{ matrix.go }}-${{ matrix.goos }} - name: Checkout code into the Go module directory - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Run Build env: diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 4b4ed036..7376b910 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -16,10 +16,14 @@ jobs: name: lint runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - name: golangci-lint - uses: golangci/golangci-lint-action@v2 + - uses: actions/checkout@v3 + - uses: actions/setup-go@v3 with: - version: v1.31 + go-version: 1.17 + + - name: golangci-lint + uses: golangci/golangci-lint-action@v3 + with: + version: v1.44 # Optional: show only new issues if it's a pull request. The default value is `false`. # only-new-issues: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 834d3034..8572e44a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -11,22 +11,22 @@ jobs: strategy: matrix: os: [ ubuntu-latest ] - go: [ '1.17' ] + go: [ '1.18' ] runs-on: ${{ matrix.os }} steps: - name: Install Go - uses: actions/setup-go@v2 + uses: actions/setup-go@v3 with: go-version: ${{ matrix.go }} - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: fetch-depth: 0 # Force fetch upstream tags -- because 65 minutes - # tl;dr: actions/checkout@v2 runs this line: + # tl;dr: actions/checkout@v3 runs this line: # git -c protocol.version=2 fetch --no-tags --prune --progress --no-recurse-submodules --depth=1 origin +ebc278ec98bb24f2852b61fde2a9bf2e3d83818b:refs/tags/ # which makes its own local lightweight tag, losing all the annotations in the process. Our earlier script ran: # git fetch --prune --unshallow diff --git a/caddyconfig/caddyfile/formatter_fuzz.go b/caddyconfig/caddyfile/formatter_fuzz.go index b1bbd84a..c07a2268 100644 --- a/caddyconfig/caddyfile/formatter_fuzz.go +++ b/caddyconfig/caddyfile/formatter_fuzz.go @@ -12,6 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. +//go:build gofuzz // +build gofuzz package caddyfile diff --git a/caddyconfig/caddyfile/lexer_fuzz.go b/caddyconfig/caddyfile/lexer_fuzz.go index 29348446..179fd87c 100644 --- a/caddyconfig/caddyfile/lexer_fuzz.go +++ b/caddyconfig/caddyfile/lexer_fuzz.go @@ -12,6 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. +//go:build gofuzz // +build gofuzz package caddyfile diff --git a/caddyconfig/httpcaddyfile/addresses_fuzz.go b/caddyconfig/httpcaddyfile/addresses_fuzz.go index 4ab62984..be873ef1 100644 --- a/caddyconfig/httpcaddyfile/addresses_fuzz.go +++ b/caddyconfig/httpcaddyfile/addresses_fuzz.go @@ -12,6 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. +//go:build gofuzz // +build gofuzz package httpcaddyfile diff --git a/duration_fuzz.go b/duration_fuzz.go index e7afed3f..aa01a46a 100644 --- a/duration_fuzz.go +++ b/duration_fuzz.go @@ -12,6 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. +//go:build gofuzz // +build gofuzz package caddy diff --git a/go.mod b/go.mod index 95c3de7f..a7cc1a89 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,7 @@ require ( github.com/google/uuid v1.3.0 github.com/klauspost/compress v1.15.0 github.com/klauspost/cpuid/v2 v2.0.11 - github.com/lucas-clemente/quic-go v0.24.0 + github.com/lucas-clemente/quic-go v0.25.0 github.com/mholt/acmez v1.0.2 github.com/naoina/go-stringutil v0.1.0 // indirect github.com/naoina/toml v0.1.1 diff --git a/go.sum b/go.sum index bfb546a4..e6ba33dc 100644 --- a/go.sum +++ b/go.sum @@ -664,8 +664,8 @@ github.com/libdns/libdns v0.2.1 h1:Wu59T7wSHRgtA0cfxC+n1c/e+O3upJGWytknkmFEDis= github.com/libdns/libdns v0.2.1/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40= github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= -github.com/lucas-clemente/quic-go v0.24.0 h1:ToR7SIIEdrgOhgVTHvPgdVRJfgVy+N0wQAagH7L4d5g= -github.com/lucas-clemente/quic-go v0.24.0/go.mod h1:paZuzjXCE5mj6sikVLMvqXk8lJV2AsqtJ6bDhjEfxx0= +github.com/lucas-clemente/quic-go v0.25.0 h1:K+X9Gvd7JXsOHtU0N2icZ2Nw3rx82uBej3mP4CLgibc= +github.com/lucas-clemente/quic-go v0.25.0/go.mod h1:YtzP8bxRVCBlO77yRanE264+fY/T2U9ZlW1AaHOsMOg= github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= @@ -680,6 +680,8 @@ github.com/marten-seemann/qtls-go1-16 v0.1.4 h1:xbHbOGGhrenVtII6Co8akhLEdrawwB2i github.com/marten-seemann/qtls-go1-16 v0.1.4/go.mod h1:gNpI2Ol+lRS3WwSOtIUUtRwZEQMXjYK+dQSBFbethAk= github.com/marten-seemann/qtls-go1-17 v0.1.0 h1:P9ggrs5xtwiqXv/FHNwntmuLMNq3KaSIG93AtAZ48xk= github.com/marten-seemann/qtls-go1-17 v0.1.0/go.mod h1:fz4HIxByo+LlWcreM4CZOYNuz3taBQ8rN2X6FqvaWo8= +github.com/marten-seemann/qtls-go1-18 v0.1.0-beta.1 h1:EnzzN9fPUkUck/1CuY1FlzBaIYMoiBsdwTNmNGkwUUM= +github.com/marten-seemann/qtls-go1-18 v0.1.0-beta.1/go.mod h1:PUhIQk19LoFt2174H4+an8TYvWOGjb/hHwphBeaDHwI= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ= github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= diff --git a/listeners_fuzz.go b/listeners_fuzz.go index 823d0beb..95f1e327 100644 --- a/listeners_fuzz.go +++ b/listeners_fuzz.go @@ -12,6 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. +//go:build gofuzz // +build gofuzz package caddy diff --git a/notify/notify_other.go b/notify/notify_other.go index 17f62bab..6ffec89b 100644 --- a/notify/notify_other.go +++ b/notify/notify_other.go @@ -12,6 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. +//go:build !linux // +build !linux package notify diff --git a/replacer_fuzz.go b/replacer_fuzz.go index 2c27f01a..a837e33f 100644 --- a/replacer_fuzz.go +++ b/replacer_fuzz.go @@ -12,6 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. +//go:build gofuzz // +build gofuzz package caddy diff --git a/sigtrap_nonposix.go b/sigtrap_nonposix.go index 3b4595a6..7855e13a 100644 --- a/sigtrap_nonposix.go +++ b/sigtrap_nonposix.go @@ -12,6 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. +//go:build windows || plan9 || nacl || js // +build windows plan9 nacl js package caddy diff --git a/sigtrap_posix.go b/sigtrap_posix.go index d5a03a94..b6c4cbfe 100644 --- a/sigtrap_posix.go +++ b/sigtrap_posix.go @@ -12,6 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. +//go:build !windows && !plan9 && !nacl && !js // +build !windows,!plan9,!nacl,!js package caddy From 93c99f67342504efe9f6b58a734aaec3929fe785 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 17 Mar 2022 17:53:32 -0600 Subject: [PATCH 0599/1498] map: Support numeric and bool types with Caddyfile Based on caddyserver/website#221 --- modules/caddyhttp/map/caddyfile.go | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/modules/caddyhttp/map/caddyfile.go b/modules/caddyhttp/map/caddyfile.go index 77d4c46d..a7f809b0 100644 --- a/modules/caddyhttp/map/caddyfile.go +++ b/modules/caddyhttp/map/caddyfile.go @@ -15,6 +15,7 @@ package maphandler import ( + "strconv" "strings" "github.com/caddyserver/caddy/v2/caddyconfig/httpcaddyfile" @@ -78,7 +79,7 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) if out == "-" { outs = append(outs, nil) } else { - outs = append(outs, out) + outs = append(outs, specificType(out)) } } @@ -107,3 +108,16 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) return handler, nil } + +func specificType(v string) interface{} { + if num, err := strconv.Atoi(v); err == nil { + return num + } + if num, err := strconv.ParseFloat(v, 64); err == nil { + return num + } + if bool, err := strconv.ParseBool(v); err == nil { + return bool + } + return v +} From dc4d147388547515f77447d594024386b732e7d4 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 18 Mar 2022 13:42:29 -0600 Subject: [PATCH 0600/1498] reverseproxy: Expand SRV/A addrs for cache key Hopefully fix #4645 --- modules/caddyhttp/reverseproxy/upstreams.go | 58 ++++++++++++++------- 1 file changed, 39 insertions(+), 19 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/upstreams.go b/modules/caddyhttp/reverseproxy/upstreams.go index eb5845fc..5b1ba129 100644 --- a/modules/caddyhttp/reverseproxy/upstreams.go +++ b/modules/caddyhttp/reverseproxy/upstreams.go @@ -72,11 +72,6 @@ func (SRVUpstreams) CaddyModule() caddy.ModuleInfo { } } -// String returns the RFC 2782 representation of the SRV domain. -func (su SRVUpstreams) String() string { - return fmt.Sprintf("_%s._%s.%s", su.Service, su.Proto, su.Name) -} - func (su *SRVUpstreams) Provision(ctx caddy.Context) error { su.logger = ctx.Logger(su) if su.Refresh == 0 { @@ -109,11 +104,11 @@ func (su *SRVUpstreams) Provision(ctx caddy.Context) error { } func (su SRVUpstreams) GetUpstreams(r *http.Request) ([]*Upstream, error) { - suStr := su.String() + suAddr, service, proto, name := su.expandedAddr(r) // first, use a cheap read-lock to return a cached result quickly srvsMu.RLock() - cached := srvs[suStr] + cached := srvs[suAddr] srvsMu.RUnlock() if cached.isFresh() { return cached.upstreams, nil @@ -126,17 +121,11 @@ func (su SRVUpstreams) GetUpstreams(r *http.Request) ([]*Upstream, error) { // check to see if it's still stale, since we're now in a different // lock from when we first checked freshness; another goroutine might // have refreshed it in the meantime before we re-obtained our lock - cached = srvs[suStr] + cached = srvs[suAddr] if cached.isFresh() { return cached.upstreams, nil } - // prepare parameters and perform the SRV lookup - repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) - service := repl.ReplaceAll(su.Service, "") - proto := repl.ReplaceAll(su.Proto, "") - name := repl.ReplaceAll(su.Name, "") - su.logger.Debug("refreshing SRV upstreams", zap.String("service", service), zap.String("proto", proto), @@ -172,7 +161,7 @@ func (su SRVUpstreams) GetUpstreams(r *http.Request) ([]*Upstream, error) { } } - srvs[suStr] = srvLookup{ + srvs[suAddr] = srvLookup{ srvUpstreams: su, freshness: time.Now(), upstreams: upstreams, @@ -181,6 +170,37 @@ func (su SRVUpstreams) GetUpstreams(r *http.Request) ([]*Upstream, error) { return upstreams, nil } +func (su SRVUpstreams) String() string { + if su.Service == "" && su.Proto == "" { + return su.Name + } + return su.formattedAddr(su.Service, su.Proto, su.Name) +} + +// expandedAddr expands placeholders in the configured SRV domain labels. +// The return values are: addr, the RFC 2782 representation of the SRV domain; +// service, the service; proto, the protocol; and name, the name. +// If su.Service and su.Proto are empty, name will be returned as addr instead. +func (su SRVUpstreams) expandedAddr(r *http.Request) (addr, service, proto, name string) { + repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) + name = repl.ReplaceAll(su.Name, "") + if su.Service == "" && su.Proto == "" { + addr = name + name = "" + return + } + service = repl.ReplaceAll(su.Service, "") + proto = repl.ReplaceAll(su.Proto, "") + addr = su.formattedAddr(service, proto, name) + return +} + +// formattedAddr the RFC 2782 representation of the SRV domain, in +// the form "_service._proto.name". +func (SRVUpstreams) formattedAddr(service, proto, name string) string { + return fmt.Sprintf("_%s._%s.%s", service, proto, name) +} + type srvLookup struct { srvUpstreams SRVUpstreams freshness time.Time @@ -234,8 +254,6 @@ func (AUpstreams) CaddyModule() caddy.ModuleInfo { } } -func (au AUpstreams) String() string { return au.Name } - func (au *AUpstreams) Provision(_ caddy.Context) error { if au.Refresh == 0 { au.Refresh = caddy.Duration(time.Minute) @@ -270,7 +288,8 @@ func (au *AUpstreams) Provision(_ caddy.Context) error { } func (au AUpstreams) GetUpstreams(r *http.Request) ([]*Upstream, error) { - auStr := au.String() + repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) + auStr := repl.ReplaceAll(au.String(), "") // first, use a cheap read-lock to return a cached result quickly aAaaaMu.RLock() @@ -292,7 +311,6 @@ func (au AUpstreams) GetUpstreams(r *http.Request) ([]*Upstream, error) { return cached.upstreams, nil } - repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) name := repl.ReplaceAll(au.Name, "") port := repl.ReplaceAll(au.Port, "") @@ -325,6 +343,8 @@ func (au AUpstreams) GetUpstreams(r *http.Request) ([]*Upstream, error) { return upstreams, nil } +func (au AUpstreams) String() string { return au.Name } + type aLookup struct { aUpstreams AUpstreams freshness time.Time From c5fffb4ac2631f0b41a8e13b62925b9dc8346cb9 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Fri, 18 Mar 2022 17:08:23 -0400 Subject: [PATCH 0601/1498] caddyfile: Support for raw token values; improve `map`, `expression` (#4643) * caddyfile: Support for raw token values, improve `map`, `expression` * Applied code review comments * Rename RawVal to ValRaw Co-authored-by: Matthew Holt --- caddyconfig/caddyfile/dispenser.go | 63 ++++++++++ caddyconfig/caddyfile/lexer.go | 12 +- .../caddyfile_adapt/expression_quotes.txt | 114 ++++++++++++++++++ .../caddyfile_adapt/map_with_raw_types.txt | 107 ++++++++++++++++ modules/caddyhttp/celmatcher.go | 6 +- modules/caddyhttp/map/caddyfile.go | 21 +--- 6 files changed, 300 insertions(+), 23 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/expression_quotes.txt create mode 100644 caddytest/integration/caddyfile_adapt/map_with_raw_types.txt diff --git a/caddyconfig/caddyfile/dispenser.go b/caddyconfig/caddyfile/dispenser.go index 23f6eade..fbe71ad0 100755 --- a/caddyconfig/caddyfile/dispenser.go +++ b/caddyconfig/caddyfile/dispenser.go @@ -19,6 +19,7 @@ import ( "fmt" "io" "log" + "strconv" "strings" ) @@ -201,6 +202,43 @@ func (d *Dispenser) Val() string { return d.tokens[d.cursor].Text } +// ValRaw gets the raw text of the current token (including quotes). +// If there is no token loaded, it returns empty string. +func (d *Dispenser) ValRaw() string { + if d.cursor < 0 || d.cursor >= len(d.tokens) { + return "" + } + quote := d.tokens[d.cursor].wasQuoted + if quote > 0 { + return string(quote) + d.tokens[d.cursor].Text + string(quote) // string literal + } + return d.tokens[d.cursor].Text +} + +// ScalarVal gets value of the current token, converted to the closest +// scalar type. If there is no token loaded, it returns nil. +func (d *Dispenser) ScalarVal() interface{} { + if d.cursor < 0 || d.cursor >= len(d.tokens) { + return nil + } + quote := d.tokens[d.cursor].wasQuoted + text := d.tokens[d.cursor].Text + + if quote > 0 { + return text // string literal + } + if num, err := strconv.Atoi(text); err == nil { + return num + } + if num, err := strconv.ParseFloat(text, 64); err == nil { + return num + } + if bool, err := strconv.ParseBool(text); err == nil { + return bool + } + return text +} + // Line gets the line number of the current token. // If there is no token loaded, it returns 0. func (d *Dispenser) Line() int { @@ -249,6 +287,19 @@ func (d *Dispenser) AllArgs(targets ...*string) bool { return true } +// CountRemainingArgs counts the amount of remaining arguments +// (tokens on the same line) without consuming the tokens. +func (d *Dispenser) CountRemainingArgs() int { + count := 0 + for d.NextArg() { + count++ + } + for i := 0; i < count; i++ { + d.Prev() + } + return count +} + // RemainingArgs loads any more arguments (tokens on the same line) // into a slice and returns them. Open curly brace tokens also indicate // the end of arguments, and the curly brace is not included in @@ -261,6 +312,18 @@ func (d *Dispenser) RemainingArgs() []string { return args } +// RemainingArgsRaw loads any more arguments (tokens on the same line, +// retaining quotes) into a slice and returns them. Open curly brace +// tokens also indicate the end of arguments, and the curly brace is +// not included in the return value nor is it loaded. +func (d *Dispenser) RemainingArgsRaw() []string { + var args []string + for d.NextArg() { + args = append(args, d.ValRaw()) + } + return args +} + // NewFromNextSegment returns a new dispenser with a copy of // the tokens from the current token until the end of the // "directive" whether that be to the end of the line or diff --git a/caddyconfig/caddyfile/lexer.go b/caddyconfig/caddyfile/lexer.go index 968277f4..4a23524d 100755 --- a/caddyconfig/caddyfile/lexer.go +++ b/caddyconfig/caddyfile/lexer.go @@ -38,6 +38,7 @@ type ( File string Line int Text string + wasQuoted rune // enclosing quote character, if any inSnippet bool snippetName string } @@ -78,8 +79,9 @@ func (l *lexer) next() bool { var val []rune var comment, quoted, btQuoted, escaped bool - makeToken := func() bool { + makeToken := func(quoted rune) bool { l.token.Text = string(val) + l.token.wasQuoted = quoted return true } @@ -87,7 +89,7 @@ func (l *lexer) next() bool { ch, _, err := l.reader.ReadRune() if err != nil { if len(val) > 0 { - return makeToken() + return makeToken(0) } if err == io.EOF { return false @@ -110,10 +112,10 @@ func (l *lexer) next() bool { escaped = false } else { if quoted && ch == '"' { - return makeToken() + return makeToken('"') } if btQuoted && ch == '`' { - return makeToken() + return makeToken('`') } } if ch == '\n' { @@ -139,7 +141,7 @@ func (l *lexer) next() bool { comment = false } if len(val) > 0 { - return makeToken() + return makeToken(0) } continue } diff --git a/caddytest/integration/caddyfile_adapt/expression_quotes.txt b/caddytest/integration/caddyfile_adapt/expression_quotes.txt new file mode 100644 index 00000000..f5f8983e --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/expression_quotes.txt @@ -0,0 +1,114 @@ +example.com + +@a expression {http.error.status_code} == 400 +abort @a + +@b expression {http.error.status_code} == "401" +abort @b + +@c expression {http.error.status_code} == `402` +abort @c + +@d expression "{http.error.status_code} == 403" +abort @d + +@e expression `{http.error.status_code} == 404` +abort @e +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "example.com" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "abort": true, + "handler": "static_response" + } + ], + "match": [ + { + "expression": "{http.error.status_code} == 400" + } + ] + }, + { + "handle": [ + { + "abort": true, + "handler": "static_response" + } + ], + "match": [ + { + "expression": "{http.error.status_code} == \"401\"" + } + ] + }, + { + "handle": [ + { + "abort": true, + "handler": "static_response" + } + ], + "match": [ + { + "expression": "{http.error.status_code} == `402`" + } + ] + }, + { + "handle": [ + { + "abort": true, + "handler": "static_response" + } + ], + "match": [ + { + "expression": "{http.error.status_code} == 403" + } + ] + }, + { + "handle": [ + { + "abort": true, + "handler": "static_response" + } + ], + "match": [ + { + "expression": "{http.error.status_code} == 404" + } + ] + } + ] + } + ], + "terminal": true + } + ] + } + } + } + } +} \ No newline at end of file diff --git a/caddytest/integration/caddyfile_adapt/map_with_raw_types.txt b/caddytest/integration/caddyfile_adapt/map_with_raw_types.txt new file mode 100644 index 00000000..54b2b60c --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/map_with_raw_types.txt @@ -0,0 +1,107 @@ +example.com + +map {host} {my_placeholder} {magic_number} { + # Should output boolean "true" and an integer + example.com true 3 + + # Should output a string and null + foo.example.com "string value" + + # Should output two strings (quoted int) + (.*)\.example.com "${1} subdomain" "5" + + # Should output null and a string (quoted int) + ~.*\.net$ - `7` + + # Should output a float and the string "false" + ~.*\.xyz$ 123.456 "false" + + # Should output two strings, second being escaped quote + default "unknown domain" \""" +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "example.com" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "defaults": [ + "unknown domain", + "\"" + ], + "destinations": [ + "{my_placeholder}", + "{magic_number}" + ], + "handler": "map", + "mappings": [ + { + "input": "example.com", + "outputs": [ + true, + 3 + ] + }, + { + "input": "foo.example.com", + "outputs": [ + "string value", + null + ] + }, + { + "input": "(.*)\\.example.com", + "outputs": [ + "${1} subdomain", + "5" + ] + }, + { + "input_regexp": ".*\\.net$", + "outputs": [ + null, + "7" + ] + }, + { + "input_regexp": ".*\\.xyz$", + "outputs": [ + 123.456, + "false" + ] + } + ], + "source": "{http.request.host}" + } + ] + } + ] + } + ], + "terminal": true + } + ] + } + } + } + } +} \ No newline at end of file diff --git a/modules/caddyhttp/celmatcher.go b/modules/caddyhttp/celmatcher.go index d7d55d84..0306f390 100644 --- a/modules/caddyhttp/celmatcher.go +++ b/modules/caddyhttp/celmatcher.go @@ -150,7 +150,11 @@ func (m MatchExpression) Match(r *http.Request) bool { // UnmarshalCaddyfile implements caddyfile.Unmarshaler. func (m *MatchExpression) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { for d.Next() { - m.Expr = strings.Join(d.RemainingArgs(), " ") + if d.CountRemainingArgs() > 1 { + m.Expr = strings.Join(d.RemainingArgsRaw(), " ") + } else { + m.Expr = d.Val() + } } return nil } diff --git a/modules/caddyhttp/map/caddyfile.go b/modules/caddyhttp/map/caddyfile.go index a7f809b0..8394b211 100644 --- a/modules/caddyhttp/map/caddyfile.go +++ b/modules/caddyhttp/map/caddyfile.go @@ -15,7 +15,6 @@ package maphandler import ( - "strconv" "strings" "github.com/caddyserver/caddy/v2/caddyconfig/httpcaddyfile" @@ -75,11 +74,12 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) // every other line maps one input to one or more outputs in := h.Val() var outs []interface{} - for _, out := range h.RemainingArgs() { - if out == "-" { + for h.NextArg() { + val := h.ScalarVal() + if val == "-" { outs = append(outs, nil) } else { - outs = append(outs, specificType(out)) + outs = append(outs, val) } } @@ -108,16 +108,3 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) return handler, nil } - -func specificType(v string) interface{} { - if num, err := strconv.Atoi(v); err == nil { - return num - } - if num, err := strconv.ParseFloat(v, 64); err == nil { - return num - } - if bool, err := strconv.ParseBool(v); err == nil { - return bool - } - return v -} From c2327161f725c820826587381f37d651a2b9736d Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Sat, 19 Mar 2022 22:51:32 -0600 Subject: [PATCH 0602/1498] cmd: Set Origin header properly on API requests Ref. https://caddy.community/t/bug-in-enforce-origin/15417 --- cmd/commandfuncs.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go index d308aeb8..33237401 100644 --- a/cmd/commandfuncs.go +++ b/cmd/commandfuncs.go @@ -650,13 +650,13 @@ func AdminAPIRequest(adminAddr, method, uri string, headers http.Header, body io if err != nil || parsedAddr.PortRangeSize() > 1 { return nil, fmt.Errorf("invalid admin address %s: %v", adminAddr, err) } - origin := parsedAddr.JoinHostPort(0) + origin := "http://" + parsedAddr.JoinHostPort(0) if parsedAddr.IsUnixNetwork() { origin = "unixsocket" // hack so that http.NewRequest() is happy } // form the request - req, err := http.NewRequest(method, "http://"+origin+uri, body) + req, err := http.NewRequest(method, origin+uri, body) if err != nil { return nil, fmt.Errorf("making request: %v", err) } From 2196c92c0ef4e3d3622d5a8bb549e5faed135382 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 21 Mar 2022 08:33:24 -0600 Subject: [PATCH 0603/1498] reverseproxy: Don't clear name in SRV upstreams Fix for dc4d147388547515f77447d594024386b732e7d4 --- modules/caddyhttp/reverseproxy/upstreams.go | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/caddyhttp/reverseproxy/upstreams.go b/modules/caddyhttp/reverseproxy/upstreams.go index 5b1ba129..c66e0c04 100644 --- a/modules/caddyhttp/reverseproxy/upstreams.go +++ b/modules/caddyhttp/reverseproxy/upstreams.go @@ -186,7 +186,6 @@ func (su SRVUpstreams) expandedAddr(r *http.Request) (addr, service, proto, name name = repl.ReplaceAll(su.Name, "") if su.Service == "" && su.Proto == "" { addr = name - name = "" return } service = repl.ReplaceAll(su.Service, "") From 55b4c12e0404347828ed691594d1f8ae8228c598 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 21 Mar 2022 17:05:38 -0600 Subject: [PATCH 0604/1498] map: Evaluate placeholders in output vals (#4650) --- modules/caddyhttp/map/map.go | 4 ++++ modules/caddyhttp/map/map_test.go | 17 +++++++++++++++++ 2 files changed, 21 insertions(+) diff --git a/modules/caddyhttp/map/map.go b/modules/caddyhttp/map/map.go index 83949550..0a27aab8 100644 --- a/modules/caddyhttp/map/map.go +++ b/modules/caddyhttp/map/map.go @@ -145,6 +145,10 @@ func (h Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhtt return string(result), true } if input == m.Input { + if outputStr, ok := output.(string); ok { + // NOTE: if the output has a placeholder that has the same key as the input, this is infinite recursion + return repl.ReplaceAll(outputStr, ""), true + } return output, true } } diff --git a/modules/caddyhttp/map/map_test.go b/modules/caddyhttp/map/map_test.go index 2789459b..26d6e85e 100644 --- a/modules/caddyhttp/map/map_test.go +++ b/modules/caddyhttp/map/map_test.go @@ -82,6 +82,22 @@ func TestHandler(t *testing.T) { "output": "3", }, }, + { + reqURI: "/foo", + handler: Handler{ + Source: "{http.request.uri.path}", + Destinations: []string{"{output}"}, + Mappings: []Mapping{ + { + Input: "/foo", + Outputs: []interface{}{"{testvar}"}, + }, + }, + }, + expect: map[string]interface{}{ + "output": "testing", + }, + }, } { if err := tc.handler.Provision(caddy.Context{}); err != nil { t.Fatalf("Test %d: Provisioning handler: %v", i, err) @@ -92,6 +108,7 @@ func TestHandler(t *testing.T) { t.Fatalf("Test %d: Creating request: %v", i, err) } repl := caddyhttp.NewTestReplacer(req) + repl.Set("testvar", "testing") ctx := context.WithValue(req.Context(), caddy.ReplacerCtxKey, repl) req = req.WithContext(ctx) From 79cbe7bfd06565d0e7ab0717119f78960ed54c08 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 22 Mar 2022 10:47:21 -0600 Subject: [PATCH 0605/1498] httpcaddyfile: Add 'vars' directive See discussion in #4650 --- caddyconfig/httpcaddyfile/builtins.go | 8 +++ caddyconfig/httpcaddyfile/directives.go | 1 + ...es.txt => map_and_vars_with_raw_types.txt} | 19 ++++++ modules/caddyhttp/vars.go | 66 +++++++++++++++++-- 4 files changed, 87 insertions(+), 7 deletions(-) rename caddytest/integration/caddyfile_adapt/{map_with_raw_types.txt => map_and_vars_with_raw_types.txt} (87%) diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index e1430d0b..e65039d6 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -39,6 +39,7 @@ func init() { RegisterDirective("bind", parseBind) RegisterDirective("tls", parseTLS) RegisterHandlerDirective("root", parseRoot) + RegisterHandlerDirective("vars", parseVars) RegisterHandlerDirective("redir", parseRedir) RegisterHandlerDirective("respond", parseRespond) RegisterHandlerDirective("abort", parseAbort) @@ -530,6 +531,13 @@ func parseRoot(h Helper) (caddyhttp.MiddlewareHandler, error) { return caddyhttp.VarsMiddleware{"root": root}, nil } +// parseVars parses the vars directive. See its UnmarshalCaddyfile method for syntax. +func parseVars(h Helper) (caddyhttp.MiddlewareHandler, error) { + v := new(caddyhttp.VarsMiddleware) + err := v.UnmarshalCaddyfile(h.Dispenser) + return v, err +} + // parseRedir parses the redir directive. Syntax: // // redir [] [] diff --git a/caddyconfig/httpcaddyfile/directives.go b/caddyconfig/httpcaddyfile/directives.go index aac4f1f4..425bf192 100644 --- a/caddyconfig/httpcaddyfile/directives.go +++ b/caddyconfig/httpcaddyfile/directives.go @@ -40,6 +40,7 @@ var directiveOrder = []string{ "tracing", "map", + "vars", "root", "header", diff --git a/caddytest/integration/caddyfile_adapt/map_with_raw_types.txt b/caddytest/integration/caddyfile_adapt/map_and_vars_with_raw_types.txt similarity index 87% rename from caddytest/integration/caddyfile_adapt/map_with_raw_types.txt rename to caddytest/integration/caddyfile_adapt/map_and_vars_with_raw_types.txt index 54b2b60c..af9faf47 100644 --- a/caddytest/integration/caddyfile_adapt/map_with_raw_types.txt +++ b/caddytest/integration/caddyfile_adapt/map_and_vars_with_raw_types.txt @@ -19,6 +19,14 @@ map {host} {my_placeholder} {magic_number} { # Should output two strings, second being escaped quote default "unknown domain" \""" } + +vars foo bar +vars { + abc true + def 1 + ghi 2.3 + jkl "mn op" +} ---------- { "apps": { @@ -91,6 +99,17 @@ map {host} {my_placeholder} {magic_number} { } ], "source": "{http.request.host}" + }, + { + "foo": "bar", + "handler": "vars" + }, + { + "abc": true, + "def": 1, + "ghi": 2.3, + "handler": "vars", + "jkl": "mn op" } ] } diff --git a/modules/caddyhttp/vars.go b/modules/caddyhttp/vars.go index b0f10a7f..28d0ddfc 100644 --- a/modules/caddyhttp/vars.go +++ b/modules/caddyhttp/vars.go @@ -37,7 +37,7 @@ func init() { // // The key is the variable name, and the value is the value of the // variable. Both the name and value may use or contain placeholders. -type VarsMiddleware map[string]string +type VarsMiddleware map[string]interface{} // CaddyModule returns the Caddy module information. func (VarsMiddleware) CaddyModule() caddy.ModuleInfo { @@ -47,17 +47,67 @@ func (VarsMiddleware) CaddyModule() caddy.ModuleInfo { } } -func (t VarsMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Request, next Handler) error { +func (m VarsMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Request, next Handler) error { vars := r.Context().Value(VarsCtxKey).(map[string]interface{}) repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) - for k, v := range t { + for k, v := range m { keyExpanded := repl.ReplaceAll(k, "") - valExpanded := repl.ReplaceAll(v, "") - vars[keyExpanded] = valExpanded + if valStr, ok := v.(string); ok { + v = repl.ReplaceAll(valStr, "") + } + vars[keyExpanded] = v } return next.ServeHTTP(w, r) } +// UnmarshalCaddyfile implements caddyfile.Unmarshaler. Syntax: +// +// vars [ ] { +// +// ... +// } +// +func (m *VarsMiddleware) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + if *m == nil { + *m = make(VarsMiddleware) + } + + nextVar := func(headerLine bool) error { + if headerLine { + // header line is optional + if !d.NextArg() { + return nil + } + } + varName := d.Val() + + if !d.NextArg() { + return d.ArgErr() + } + varValue := d.ScalarVal() + + (*m)[varName] = varValue + + if d.NextArg() { + return d.ArgErr() + } + return nil + } + + for d.Next() { + if err := nextVar(true); err != nil { + return err + } + for nesting := d.Nesting(); d.NextBlock(nesting); { + if err := nextVar(false); err != nil { + return err + } + } + } + + return nil +} + // VarsMatcher is an HTTP request matcher which can match // requests based on variables in the context. The key is // the name of the variable, and the values are possible @@ -261,6 +311,8 @@ func SetVar(ctx context.Context, key string, value interface{}) { // Interface guards var ( - _ MiddlewareHandler = (*VarsMiddleware)(nil) - _ RequestMatcher = (*VarsMatcher)(nil) + _ MiddlewareHandler = (*VarsMiddleware)(nil) + _ caddyfile.Unmarshaler = (*VarsMiddleware)(nil) + _ RequestMatcher = (*VarsMatcher)(nil) + _ caddyfile.Unmarshaler = (*VarsMatcher)(nil) ) From c9b5e7f77b8aac7334d81c552c583af81ba1c400 Mon Sep 17 00:00:00 2001 From: Artem Mikheev <30644072+renbou@users.noreply.github.com> Date: Wed, 23 Mar 2022 02:47:57 +0300 Subject: [PATCH 0606/1498] Fix http3 servers dying after reload (#4654) --- go.mod | 2 +- go.sum | 17 ++++----- listeners.go | 81 +++++++++++++++++++++++++++++++++++++--- modules/caddyhttp/app.go | 31 +++------------ 4 files changed, 90 insertions(+), 41 deletions(-) diff --git a/go.mod b/go.mod index a7cc1a89..425e8705 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,7 @@ require ( github.com/google/uuid v1.3.0 github.com/klauspost/compress v1.15.0 github.com/klauspost/cpuid/v2 v2.0.11 - github.com/lucas-clemente/quic-go v0.25.0 + github.com/lucas-clemente/quic-go v0.26.0 github.com/mholt/acmez v1.0.2 github.com/naoina/go-stringutil v0.1.0 // indirect github.com/naoina/toml v0.1.1 diff --git a/go.sum b/go.sum index e6ba33dc..aef242da 100644 --- a/go.sum +++ b/go.sum @@ -664,8 +664,8 @@ github.com/libdns/libdns v0.2.1 h1:Wu59T7wSHRgtA0cfxC+n1c/e+O3upJGWytknkmFEDis= github.com/libdns/libdns v0.2.1/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40= github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= -github.com/lucas-clemente/quic-go v0.25.0 h1:K+X9Gvd7JXsOHtU0N2icZ2Nw3rx82uBej3mP4CLgibc= -github.com/lucas-clemente/quic-go v0.25.0/go.mod h1:YtzP8bxRVCBlO77yRanE264+fY/T2U9ZlW1AaHOsMOg= +github.com/lucas-clemente/quic-go v0.26.0 h1:ALBQXr9UJ8A1LyzvceX4jd9QFsHvlI0RR6BkV16o00A= +github.com/lucas-clemente/quic-go v0.26.0/go.mod h1:AzgQoPda7N+3IqMMMkywBKggIFo2KT6pfnlrQ2QieeI= github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= @@ -675,13 +675,12 @@ github.com/manifoldco/promptui v0.9.0 h1:3V4HzJk1TtXW1MTZMP7mdlwbBpIinw3HztaIlYt github.com/manifoldco/promptui v0.9.0/go.mod h1:ka04sppxSGFAtxX0qhlYQjISsg9mR4GWtQEhdbn6Pgg= github.com/marten-seemann/qpack v0.2.1 h1:jvTsT/HpCn2UZJdP+UUB53FfUUgeOyG5K1ns0OJOGVs= github.com/marten-seemann/qpack v0.2.1/go.mod h1:F7Gl5L1jIgN1D11ucXefiuJS9UMVP2opoCp2jDKb7wc= -github.com/marten-seemann/qtls-go1-15 v0.1.4/go.mod h1:GyFwywLKkRt+6mfU99csTEY1joMZz5vmB1WNZH3P81I= -github.com/marten-seemann/qtls-go1-16 v0.1.4 h1:xbHbOGGhrenVtII6Co8akhLEdrawwB2iHl5yhJRpnco= -github.com/marten-seemann/qtls-go1-16 v0.1.4/go.mod h1:gNpI2Ol+lRS3WwSOtIUUtRwZEQMXjYK+dQSBFbethAk= -github.com/marten-seemann/qtls-go1-17 v0.1.0 h1:P9ggrs5xtwiqXv/FHNwntmuLMNq3KaSIG93AtAZ48xk= -github.com/marten-seemann/qtls-go1-17 v0.1.0/go.mod h1:fz4HIxByo+LlWcreM4CZOYNuz3taBQ8rN2X6FqvaWo8= -github.com/marten-seemann/qtls-go1-18 v0.1.0-beta.1 h1:EnzzN9fPUkUck/1CuY1FlzBaIYMoiBsdwTNmNGkwUUM= -github.com/marten-seemann/qtls-go1-18 v0.1.0-beta.1/go.mod h1:PUhIQk19LoFt2174H4+an8TYvWOGjb/hHwphBeaDHwI= +github.com/marten-seemann/qtls-go1-16 v0.1.5 h1:o9JrYPPco/Nukd/HpOHMHZoBDXQqoNtUCmny98/1uqQ= +github.com/marten-seemann/qtls-go1-16 v0.1.5/go.mod h1:gNpI2Ol+lRS3WwSOtIUUtRwZEQMXjYK+dQSBFbethAk= +github.com/marten-seemann/qtls-go1-17 v0.1.1 h1:DQjHPq+aOzUeh9/lixAGunn6rIOQyWChPSI4+hgW7jc= +github.com/marten-seemann/qtls-go1-17 v0.1.1/go.mod h1:C2ekUKcDdz9SDWxec1N/MvcXBpaX9l3Nx67XaR84L5s= +github.com/marten-seemann/qtls-go1-18 v0.1.1 h1:qp7p7XXUFL7fpBvSS1sWD+uSqPvzNQK43DH+/qEkj0Y= +github.com/marten-seemann/qtls-go1-18 v0.1.1/go.mod h1:mJttiymBAByA49mhlNZZGrH5u1uXYZJ+RW28Py7f4m4= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ= github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= diff --git a/listeners.go b/listeners.go index c23ff783..181db75a 100644 --- a/listeners.go +++ b/listeners.go @@ -15,6 +15,9 @@ package caddy import ( + "context" + "crypto/tls" + "errors" "fmt" "net" "os" @@ -24,6 +27,9 @@ import ( "sync/atomic" "syscall" "time" + + "github.com/lucas-clemente/quic-go" + "github.com/lucas-clemente/quic-go/http3" ) // Listen is like net.Listen, except Caddy's listeners can overlap @@ -79,6 +85,27 @@ func ListenPacket(network, addr string) (net.PacketConn, error) { return &fakeClosePacketConn{sharedPacketConn: sharedPc.(*sharedPacketConn)}, nil } +// ListenQUIC returns a quic.EarlyListener suitable for use in a Caddy module. +// Note that the context passed to Accept is currently ignored, so using +// a context other than context.Background is meaningless. +func ListenQUIC(addr string, tlsConf *tls.Config) (quic.EarlyListener, error) { + lnKey := "quic/" + addr + + sharedEl, _, err := listenerPool.LoadOrNew(lnKey, func() (Destructor, error) { + el, err := quic.ListenAddrEarly(addr, http3.ConfigureTLSConfig(tlsConf), &quic.Config{}) + if err != nil { + return nil, err + } + return &sharedQuicListener{EarlyListener: el, key: lnKey}, nil + }) + + ctx, cancel := context.WithCancel(context.Background()) + return &fakeCloseQuicListener{ + sharedQuicListener: sharedEl.(*sharedQuicListener), + context: ctx, contextCancel: cancel, + }, err +} + // fakeCloseListener is a private wrapper over a listener that // is shared. The state of fakeCloseListener is not shared. // This allows one user of a socket to "close" the listener @@ -95,7 +122,7 @@ type fakeCloseListener struct { func (fcl *fakeCloseListener) Accept() (net.Conn, error) { // if the listener is already "closed", return error if atomic.LoadInt32(&fcl.closed) == 1 { - return nil, fcl.fakeClosedErr() + return nil, fakeClosedErr(fcl) } // call underlying accept @@ -119,7 +146,7 @@ func (fcl *fakeCloseListener) Accept() (net.Conn, error) { _ = fcl.sharedListener.clearDeadline() if netErr, ok := err.(net.Error); ok && netErr.Timeout() { - return nil, fcl.fakeClosedErr() + return nil, fakeClosedErr(fcl) } } @@ -145,14 +172,47 @@ func (fcl *fakeCloseListener) Close() error { return nil } +type fakeCloseQuicListener struct { + closed int32 // accessed atomically; belongs to this struct only + *sharedQuicListener // embedded, so we also become a quic.EarlyListener + context context.Context + contextCancel context.CancelFunc +} + +// Currently Accept ignores the passed context, however a situation where +// someone would need a hotswappable QUIC-only (not http3, since it uses context.Background here) +// server on which Accept would be called with non-empty contexts +// (mind that the default net listeners' Accept doesn't take a context argument) +// sounds way too rare for us to sacrifice efficiency here. +func (fcql *fakeCloseQuicListener) Accept(_ context.Context) (quic.EarlySession, error) { + conn, err := fcql.sharedQuicListener.Accept(fcql.context) + if err == nil { + return conn, nil + } + + // if the listener is "closed", return a fake closed error instead + if atomic.LoadInt32(&fcql.closed) == 1 && errors.Is(err, context.Canceled) { + return nil, fakeClosedErr(fcql) + } + return nil, err +} + +func (fcql *fakeCloseQuicListener) Close() error { + if atomic.CompareAndSwapInt32(&fcql.closed, 0, 1) { + fcql.contextCancel() + _, _ = listenerPool.Delete(fcql.sharedQuicListener.key) + } + return nil +} + // fakeClosedErr returns an error value that is not temporary // nor a timeout, suitable for making the caller think the // listener is actually closed -func (fcl *fakeCloseListener) fakeClosedErr() error { +func fakeClosedErr(l interface{ Addr() net.Addr }) error { return &net.OpError{ Op: "accept", - Net: fcl.Addr().Network(), - Addr: fcl.Addr(), + Net: l.Addr().Network(), + Addr: l.Addr(), Err: errFakeClosed, } } @@ -244,6 +304,17 @@ func (sl *sharedListener) Destruct() error { return sl.Listener.Close() } +// sharedQuicListener is like sharedListener, but for quic.EarlyListeners. +type sharedQuicListener struct { + quic.EarlyListener + key string +} + +// Destruct closes the underlying QUIC listener. +func (sql *sharedQuicListener) Destruct() error { + return sql.EarlyListener.Close() +} + // sharedPacketConn is like sharedListener, but for net.PacketConns. type sharedPacketConn struct { net.PacketConn diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go index 64cc5401..d81f5563 100644 --- a/modules/caddyhttp/app.go +++ b/modules/caddyhttp/app.go @@ -18,7 +18,6 @@ import ( "context" "crypto/tls" "fmt" - "net" "net/http" "strconv" "time" @@ -116,9 +115,8 @@ type App struct { // affect functionality. Servers map[string]*Server `json:"servers,omitempty"` - servers []*http.Server - h3servers []*http3.Server - h3listeners []net.PacketConn + servers []*http.Server + h3servers []*http3.Server ctx caddy.Context logger *zap.Logger @@ -353,9 +351,9 @@ func (app *App) Start() error { app.logger.Info("enabling experimental HTTP/3 listener", zap.String("addr", hostport), ) - h3ln, err := caddy.ListenPacket("udp", hostport) + h3ln, err := caddy.ListenQUIC(hostport, tlsCfg) if err != nil { - return fmt.Errorf("getting HTTP/3 UDP listener: %v", err) + return fmt.Errorf("getting HTTP/3 QUIC listener: %v", err) } h3srv := &http3.Server{ Server: &http.Server{ @@ -366,9 +364,8 @@ func (app *App) Start() error { }, } //nolint:errcheck - go h3srv.Serve(h3ln) + go h3srv.ServeListener(h3ln) app.h3servers = append(app.h3servers, h3srv) - app.h3listeners = append(app.h3listeners, h3ln) srv.h3server = h3srv } ///////// @@ -426,13 +423,6 @@ func (app *App) Stop() error { } } - // close the http3 servers; it's unclear whether the bug reported in - // https://github.com/caddyserver/caddy/pull/2727#issuecomment-526856566 - // was ever truly fixed, since it seemed racey/nondeterministic; but - // recent tests in 2020 were unable to replicate the issue again after - // repeated attempts (the bug manifested after a config reload; i.e. - // reusing a http3 server or listener was problematic), but it seems - // to be working fine now for _, s := range app.h3servers { // TODO: CloseGracefully, once implemented upstream // (see https://github.com/lucas-clemente/quic-go/issues/2103) @@ -441,17 +431,6 @@ func (app *App) Stop() error { return err } } - - // closing an http3.Server does not close their underlying listeners - // since apparently the listener can be used both by servers and - // clients at the same time; so we need to manually call Close() - // on the underlying h3 listeners (see lucas-clemente/quic-go#2103) - for _, pc := range app.h3listeners { - err := pc.Close() - if err != nil { - return err - } - } return nil } From 134b8056444d8f417c0eb4163809f9659ffc3317 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 23 Mar 2022 14:34:13 -0400 Subject: [PATCH 0607/1498] caddyfile: Prevent bad block opening tokens (#4655) * caddyfile: Prevent bad block opening tokens * Clarifying comments --- caddyconfig/caddyfile/dispenser.go | 58 ++++++++++++++++++++++++++++- caddyconfig/caddyfile/parse.go | 7 ++++ caddyconfig/caddyfile/parse_test.go | 14 +++++++ 3 files changed, 77 insertions(+), 2 deletions(-) diff --git a/caddyconfig/caddyfile/dispenser.go b/caddyconfig/caddyfile/dispenser.go index fbe71ad0..8a78f433 100755 --- a/caddyconfig/caddyfile/dispenser.go +++ b/caddyconfig/caddyfile/dispenser.go @@ -458,6 +458,60 @@ func (d *Dispenser) isNewLine() bool { if d.cursor > len(d.tokens)-1 { return false } - return d.tokens[d.cursor-1].File != d.tokens[d.cursor].File || - d.tokens[d.cursor-1].Line+d.numLineBreaks(d.cursor-1) < d.tokens[d.cursor].Line + + prev := d.tokens[d.cursor-1] + curr := d.tokens[d.cursor] + + // If the previous token is from a different file, + // we can assume it's from a different line + if prev.File != curr.File { + return true + } + + // The previous token may contain line breaks if + // it was quoted and spanned multiple lines. e.g: + // + // dir "foo + // bar + // baz" + prevLineBreaks := d.numLineBreaks(d.cursor - 1) + + // If the previous token (incl line breaks) ends + // on a line earlier than the current token, + // then the current token is on a new line + return prev.Line+prevLineBreaks < curr.Line +} + +// isNextOnNewLine determines whether the current token is on a different +// line (higher line number) than the next token. It handles imported +// tokens correctly. If there isn't a next token, it returns true. +func (d *Dispenser) isNextOnNewLine() bool { + if d.cursor < 0 { + return false + } + if d.cursor >= len(d.tokens)-1 { + return true + } + + curr := d.tokens[d.cursor] + next := d.tokens[d.cursor+1] + + // If the next token is from a different file, + // we can assume it's from a different line + if curr.File != next.File { + return true + } + + // The current token may contain line breaks if + // it was quoted and spanned multiple lines. e.g: + // + // dir "foo + // bar + // baz" + currLineBreaks := d.numLineBreaks(d.cursor) + + // If the current token (incl line breaks) ends + // on a line earlier than the next token, + // then the next token is on a new line + return curr.Line+currLineBreaks < next.Line } diff --git a/caddyconfig/caddyfile/parse.go b/caddyconfig/caddyfile/parse.go index 1e694f9f..b4632384 100755 --- a/caddyconfig/caddyfile/parse.go +++ b/caddyconfig/caddyfile/parse.go @@ -494,6 +494,13 @@ func (p *parser) directive() error { for p.Next() { if p.Val() == "{" { p.nesting++ + if !p.isNextOnNewLine() && p.Token().wasQuoted == 0 { + return p.Err("Unexpected next token after '{' on same line") + } + } else if p.Val() == "{}" { + if p.isNextOnNewLine() && p.Token().wasQuoted == 0 { + return p.Err("Unexpected '{}' at end of line") + } } else if p.isNewLine() && p.nesting == 0 { p.cursor-- // read too far break diff --git a/caddyconfig/caddyfile/parse_test.go b/caddyconfig/caddyfile/parse_test.go index 8d43e1aa..c3f6fa64 100755 --- a/caddyconfig/caddyfile/parse_test.go +++ b/caddyconfig/caddyfile/parse_test.go @@ -191,6 +191,20 @@ func TestParseOneAndImport(t *testing.T) { {``, false, []string{}, []int{}}, + // Unexpected next token after '{' on same line + {`localhost + dir1 { a b }`, true, []string{"localhost"}, []int{}}, + // Workaround with quotes + {`localhost + dir1 "{" a b "}"`, false, []string{"localhost"}, []int{5}}, + + // Unexpected '{}' at end of line + {`localhost + dir1 {}`, true, []string{"localhost"}, []int{}}, + // Workaround with quotes + {`localhost + dir1 "{}"`, false, []string{"localhost"}, []int{2}}, + // import with args {`import testdata/import_args0.txt a`, false, []string{"a"}, []int{}}, {`import testdata/import_args1.txt a b`, false, []string{"a", "b"}, []int{}}, From b8dbecb841bef1f1ec67419b871d23d66af7a3b1 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 24 Mar 2022 10:44:36 -0600 Subject: [PATCH 0608/1498] reverseproxy: Include port in A upstreams cache Should fix #4659 --- modules/caddyhttp/reverseproxy/upstreams.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/caddyhttp/reverseproxy/upstreams.go b/modules/caddyhttp/reverseproxy/upstreams.go index c66e0c04..3b58b8dd 100644 --- a/modules/caddyhttp/reverseproxy/upstreams.go +++ b/modules/caddyhttp/reverseproxy/upstreams.go @@ -342,7 +342,7 @@ func (au AUpstreams) GetUpstreams(r *http.Request) ([]*Upstream, error) { return upstreams, nil } -func (au AUpstreams) String() string { return au.Name } +func (au AUpstreams) String() string { return net.JoinHostPort(au.Name, au.Port) } type aLookup struct { aUpstreams AUpstreams From 4b75f3e2f09b77b98783ea4d6602391c7283f984 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Fri, 25 Mar 2022 00:48:45 -0400 Subject: [PATCH 0609/1498] chore: Clean up adapt test line endings (#4660) Lots of the files were using CRLF instead of LF. Mostly my fault cause sometimes I make the files on Windows and VSCode for some reason kept making them with the wrong line endings. Sigh. Since .txt files typically default to spaces for indentation, I'm also adding an .editorconfig to ensure they use tabs instead --- .editorconfig | 5 + .../caddyfile_adapt/file_server_pass_thru.txt | 64 ++-- .../php_fastcgi_handle_response.txt | 288 +++++++++--------- .../php_fastcgi_try_files_override.txt | 248 +++++++-------- .../reverse_proxy_trusted_proxies.txt | 112 +++---- .../sort_directives_within_handle.txt | 264 ++++++++-------- .../caddyfile_adapt/tls_internal_options.txt | 106 +++---- 7 files changed, 546 insertions(+), 541 deletions(-) create mode 100644 .editorconfig diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 00000000..7134bf7e --- /dev/null +++ b/.editorconfig @@ -0,0 +1,5 @@ +[*] +end_of_line = lf + +[caddytest/integration/caddyfile_adapt/*.txt] +indent_style = tab \ No newline at end of file diff --git a/caddytest/integration/caddyfile_adapt/file_server_pass_thru.txt b/caddytest/integration/caddyfile_adapt/file_server_pass_thru.txt index 476b165d..cc7051b2 100644 --- a/caddytest/integration/caddyfile_adapt/file_server_pass_thru.txt +++ b/caddytest/integration/caddyfile_adapt/file_server_pass_thru.txt @@ -1,32 +1,32 @@ -:80 - -file_server { - pass_thru -} ----------- -{ - "apps": { - "http": { - "servers": { - "srv0": { - "listen": [ - ":80" - ], - "routes": [ - { - "handle": [ - { - "handler": "file_server", - "hide": [ - "./Caddyfile" - ], - "pass_thru": true - } - ] - } - ] - } - } - } - } -} +:80 + +file_server { + pass_thru +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":80" + ], + "routes": [ + { + "handle": [ + { + "handler": "file_server", + "hide": [ + "./Caddyfile" + ], + "pass_thru": true + } + ] + } + ] + } + } + } + } +} diff --git a/caddytest/integration/caddyfile_adapt/php_fastcgi_handle_response.txt b/caddytest/integration/caddyfile_adapt/php_fastcgi_handle_response.txt index 42fb6558..dbb08719 100644 --- a/caddytest/integration/caddyfile_adapt/php_fastcgi_handle_response.txt +++ b/caddytest/integration/caddyfile_adapt/php_fastcgi_handle_response.txt @@ -1,145 +1,145 @@ -:8881 { - php_fastcgi app:9000 { - env FOO bar - - @error status 4xx - handle_response @error { - root * /errors - rewrite * /{http.reverse_proxy.status_code}.html - file_server - } - } -} ----------- -{ - "apps": { - "http": { - "servers": { - "srv0": { - "listen": [ - ":8881" - ], - "routes": [ - { - "match": [ - { - "file": { - "try_files": [ - "{http.request.uri.path}/index.php" - ] - }, - "not": [ - { - "path": [ - "*/" - ] - } - ] - } - ], - "handle": [ - { - "handler": "static_response", - "headers": { - "Location": [ - "{http.request.uri.path}/" - ] - }, - "status_code": 308 - } - ] - }, - { - "match": [ - { - "file": { - "try_files": [ - "{http.request.uri.path}", - "{http.request.uri.path}/index.php", - "index.php" - ], - "split_path": [ - ".php" - ] - } - } - ], - "handle": [ - { - "handler": "rewrite", - "uri": "{http.matchers.file.relative}" - } - ] - }, - { - "match": [ - { - "path": [ - "*.php" - ] - } - ], - "handle": [ - { - "handle_response": [ - { - "match": { - "status_code": [ - 4 - ] - }, - "routes": [ - { - "handle": [ - { - "handler": "vars", - "root": "/errors" - } - ] - }, - { - "group": "group0", - "handle": [ - { - "handler": "rewrite", - "uri": "/{http.reverse_proxy.status_code}.html" - } - ] - }, - { - "handle": [ - { - "handler": "file_server", - "hide": [ - "./Caddyfile" - ] - } - ] - } - ] - } - ], - "handler": "reverse_proxy", - "transport": { - "env": { - "FOO": "bar" - }, - "protocol": "fastcgi", - "split_path": [ - ".php" - ] - }, - "upstreams": [ - { - "dial": "app:9000" - } - ] - } - ] - } - ] - } - } - } - } +:8881 { + php_fastcgi app:9000 { + env FOO bar + + @error status 4xx + handle_response @error { + root * /errors + rewrite * /{http.reverse_proxy.status_code}.html + file_server + } + } +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":8881" + ], + "routes": [ + { + "match": [ + { + "file": { + "try_files": [ + "{http.request.uri.path}/index.php" + ] + }, + "not": [ + { + "path": [ + "*/" + ] + } + ] + } + ], + "handle": [ + { + "handler": "static_response", + "headers": { + "Location": [ + "{http.request.uri.path}/" + ] + }, + "status_code": 308 + } + ] + }, + { + "match": [ + { + "file": { + "try_files": [ + "{http.request.uri.path}", + "{http.request.uri.path}/index.php", + "index.php" + ], + "split_path": [ + ".php" + ] + } + } + ], + "handle": [ + { + "handler": "rewrite", + "uri": "{http.matchers.file.relative}" + } + ] + }, + { + "match": [ + { + "path": [ + "*.php" + ] + } + ], + "handle": [ + { + "handle_response": [ + { + "match": { + "status_code": [ + 4 + ] + }, + "routes": [ + { + "handle": [ + { + "handler": "vars", + "root": "/errors" + } + ] + }, + { + "group": "group0", + "handle": [ + { + "handler": "rewrite", + "uri": "/{http.reverse_proxy.status_code}.html" + } + ] + }, + { + "handle": [ + { + "handler": "file_server", + "hide": [ + "./Caddyfile" + ] + } + ] + } + ] + } + ], + "handler": "reverse_proxy", + "transport": { + "env": { + "FOO": "bar" + }, + "protocol": "fastcgi", + "split_path": [ + ".php" + ] + }, + "upstreams": [ + { + "dial": "app:9000" + } + ] + } + ] + } + ] + } + } + } + } } \ No newline at end of file diff --git a/caddytest/integration/caddyfile_adapt/php_fastcgi_try_files_override.txt b/caddytest/integration/caddyfile_adapt/php_fastcgi_try_files_override.txt index 2f4ef767..43427862 100644 --- a/caddytest/integration/caddyfile_adapt/php_fastcgi_try_files_override.txt +++ b/caddytest/integration/caddyfile_adapt/php_fastcgi_try_files_override.txt @@ -1,124 +1,124 @@ -:8884 - -php_fastcgi localhost:9000 { - # some php_fastcgi-specific subdirectives - split .php .php5 - env VAR1 value1 - env VAR2 value2 - root /var/www - try_files {path} {path}/index.php =404 - dial_timeout 3s - read_timeout 10s - write_timeout 20s - - # passed through to reverse_proxy (directive order doesn't matter!) - lb_policy random -} ----------- -{ - "apps": { - "http": { - "servers": { - "srv0": { - "listen": [ - ":8884" - ], - "routes": [ - { - "match": [ - { - "file": { - "try_files": [ - "{http.request.uri.path}/index.php" - ] - }, - "not": [ - { - "path": [ - "*/" - ] - } - ] - } - ], - "handle": [ - { - "handler": "static_response", - "headers": { - "Location": [ - "{http.request.uri.path}/" - ] - }, - "status_code": 308 - } - ] - }, - { - "match": [ - { - "file": { - "try_files": [ - "{http.request.uri.path}", - "{http.request.uri.path}/index.php", - "=404" - ], - "split_path": [ - ".php", - ".php5" - ] - } - } - ], - "handle": [ - { - "handler": "rewrite", - "uri": "{http.matchers.file.relative}" - } - ] - }, - { - "match": [ - { - "path": [ - "*.php", - "*.php5" - ] - } - ], - "handle": [ - { - "handler": "reverse_proxy", - "load_balancing": { - "selection_policy": { - "policy": "random" - } - }, - "transport": { - "dial_timeout": 3000000000, - "env": { - "VAR1": "value1", - "VAR2": "value2" - }, - "protocol": "fastcgi", - "read_timeout": 10000000000, - "root": "/var/www", - "split_path": [ - ".php", - ".php5" - ], - "write_timeout": 20000000000 - }, - "upstreams": [ - { - "dial": "localhost:9000" - } - ] - } - ] - } - ] - } - } - } - } -} +:8884 + +php_fastcgi localhost:9000 { + # some php_fastcgi-specific subdirectives + split .php .php5 + env VAR1 value1 + env VAR2 value2 + root /var/www + try_files {path} {path}/index.php =404 + dial_timeout 3s + read_timeout 10s + write_timeout 20s + + # passed through to reverse_proxy (directive order doesn't matter!) + lb_policy random +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":8884" + ], + "routes": [ + { + "match": [ + { + "file": { + "try_files": [ + "{http.request.uri.path}/index.php" + ] + }, + "not": [ + { + "path": [ + "*/" + ] + } + ] + } + ], + "handle": [ + { + "handler": "static_response", + "headers": { + "Location": [ + "{http.request.uri.path}/" + ] + }, + "status_code": 308 + } + ] + }, + { + "match": [ + { + "file": { + "try_files": [ + "{http.request.uri.path}", + "{http.request.uri.path}/index.php", + "=404" + ], + "split_path": [ + ".php", + ".php5" + ] + } + } + ], + "handle": [ + { + "handler": "rewrite", + "uri": "{http.matchers.file.relative}" + } + ] + }, + { + "match": [ + { + "path": [ + "*.php", + "*.php5" + ] + } + ], + "handle": [ + { + "handler": "reverse_proxy", + "load_balancing": { + "selection_policy": { + "policy": "random" + } + }, + "transport": { + "dial_timeout": 3000000000, + "env": { + "VAR1": "value1", + "VAR2": "value2" + }, + "protocol": "fastcgi", + "read_timeout": 10000000000, + "root": "/var/www", + "split_path": [ + ".php", + ".php5" + ], + "write_timeout": 20000000000 + }, + "upstreams": [ + { + "dial": "localhost:9000" + } + ] + } + ] + } + ] + } + } + } + } +} diff --git a/caddytest/integration/caddyfile_adapt/reverse_proxy_trusted_proxies.txt b/caddytest/integration/caddyfile_adapt/reverse_proxy_trusted_proxies.txt index 5e112847..f1e685c0 100644 --- a/caddytest/integration/caddyfile_adapt/reverse_proxy_trusted_proxies.txt +++ b/caddytest/integration/caddyfile_adapt/reverse_proxy_trusted_proxies.txt @@ -1,56 +1,56 @@ -:8884 - -reverse_proxy 127.0.0.1:65535 { - trusted_proxies 127.0.0.1 -} - -reverse_proxy 127.0.0.1:65535 { - trusted_proxies private_ranges -} ----------- -{ - "apps": { - "http": { - "servers": { - "srv0": { - "listen": [ - ":8884" - ], - "routes": [ - { - "handle": [ - { - "handler": "reverse_proxy", - "trusted_proxies": [ - "127.0.0.1" - ], - "upstreams": [ - { - "dial": "127.0.0.1:65535" - } - ] - }, - { - "handler": "reverse_proxy", - "trusted_proxies": [ - "192.168.0.0/16", - "172.16.0.0/12", - "10.0.0.0/8", - "127.0.0.1/8", - "fd00::/8", - "::1" - ], - "upstreams": [ - { - "dial": "127.0.0.1:65535" - } - ] - } - ] - } - ] - } - } - } - } -} +:8884 + +reverse_proxy 127.0.0.1:65535 { + trusted_proxies 127.0.0.1 +} + +reverse_proxy 127.0.0.1:65535 { + trusted_proxies private_ranges +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":8884" + ], + "routes": [ + { + "handle": [ + { + "handler": "reverse_proxy", + "trusted_proxies": [ + "127.0.0.1" + ], + "upstreams": [ + { + "dial": "127.0.0.1:65535" + } + ] + }, + { + "handler": "reverse_proxy", + "trusted_proxies": [ + "192.168.0.0/16", + "172.16.0.0/12", + "10.0.0.0/8", + "127.0.0.1/8", + "fd00::/8", + "::1" + ], + "upstreams": [ + { + "dial": "127.0.0.1:65535" + } + ] + } + ] + } + ] + } + } + } + } +} diff --git a/caddytest/integration/caddyfile_adapt/sort_directives_within_handle.txt b/caddytest/integration/caddyfile_adapt/sort_directives_within_handle.txt index 10ff6da3..0cf9d880 100644 --- a/caddytest/integration/caddyfile_adapt/sort_directives_within_handle.txt +++ b/caddytest/integration/caddyfile_adapt/sort_directives_within_handle.txt @@ -1,133 +1,133 @@ -*.example.com { - @foo host foo.example.com - handle @foo { - handle_path /strip* { - respond "this should be first" - } - handle { - respond "this should be second" - } - } - handle { - respond "this should be last" - } -} ----------- -{ - "apps": { - "http": { - "servers": { - "srv0": { - "listen": [ - ":443" - ], - "routes": [ - { - "match": [ - { - "host": [ - "*.example.com" - ] - } - ], - "handle": [ - { - "handler": "subroute", - "routes": [ - { - "group": "group5", - "handle": [ - { - "handler": "subroute", - "routes": [ - { - "group": "group2", - "handle": [ - { - "handler": "subroute", - "routes": [ - { - "handle": [ - { - "handler": "rewrite", - "strip_path_prefix": "/strip" - } - ] - }, - { - "handle": [ - { - "body": "this should be first", - "handler": "static_response" - } - ] - } - ] - } - ], - "match": [ - { - "path": [ - "/strip*" - ] - } - ] - }, - { - "group": "group2", - "handle": [ - { - "handler": "subroute", - "routes": [ - { - "handle": [ - { - "body": "this should be second", - "handler": "static_response" - } - ] - } - ] - } - ] - } - ] - } - ], - "match": [ - { - "host": [ - "foo.example.com" - ] - } - ] - }, - { - "group": "group5", - "handle": [ - { - "handler": "subroute", - "routes": [ - { - "handle": [ - { - "body": "this should be last", - "handler": "static_response" - } - ] - } - ] - } - ] - } - ] - } - ], - "terminal": true - } - ] - } - } - } - } +*.example.com { + @foo host foo.example.com + handle @foo { + handle_path /strip* { + respond "this should be first" + } + handle { + respond "this should be second" + } + } + handle { + respond "this should be last" + } +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "*.example.com" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "group": "group5", + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "group": "group2", + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "handler": "rewrite", + "strip_path_prefix": "/strip" + } + ] + }, + { + "handle": [ + { + "body": "this should be first", + "handler": "static_response" + } + ] + } + ] + } + ], + "match": [ + { + "path": [ + "/strip*" + ] + } + ] + }, + { + "group": "group2", + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "body": "this should be second", + "handler": "static_response" + } + ] + } + ] + } + ] + } + ] + } + ], + "match": [ + { + "host": [ + "foo.example.com" + ] + } + ] + }, + { + "group": "group5", + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "body": "this should be last", + "handler": "static_response" + } + ] + } + ] + } + ] + } + ] + } + ], + "terminal": true + } + ] + } + } + } + } } \ No newline at end of file diff --git a/caddytest/integration/caddyfile_adapt/tls_internal_options.txt b/caddytest/integration/caddyfile_adapt/tls_internal_options.txt index 7298a370..50bbfec2 100644 --- a/caddytest/integration/caddyfile_adapt/tls_internal_options.txt +++ b/caddytest/integration/caddyfile_adapt/tls_internal_options.txt @@ -1,54 +1,54 @@ -a.example.com { - tls { - issuer internal { - ca foo - lifetime 24h - sign_with_root - } - } -} ----------- -{ - "apps": { - "http": { - "servers": { - "srv0": { - "listen": [ - ":443" - ], - "routes": [ - { - "match": [ - { - "host": [ - "a.example.com" - ] - } - ], - "terminal": true - } - ] - } - } - }, - "tls": { - "automation": { - "policies": [ - { - "subjects": [ - "a.example.com" - ], - "issuers": [ - { - "ca": "foo", - "lifetime": 86400000000000, - "module": "internal", - "sign_with_root": true - } - ] - } - ] - } - } - } +a.example.com { + tls { + issuer internal { + ca foo + lifetime 24h + sign_with_root + } + } +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "a.example.com" + ] + } + ], + "terminal": true + } + ] + } + } + }, + "tls": { + "automation": { + "policies": [ + { + "subjects": [ + "a.example.com" + ], + "issuers": [ + { + "ca": "foo", + "lifetime": 86400000000000, + "module": "internal", + "sign_with_root": true + } + ] + } + ] + } + } + } } \ No newline at end of file From a58f240d3ecbb59285303746406cab50217f8d24 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Fri, 25 Mar 2022 00:54:03 -0400 Subject: [PATCH 0610/1498] httpcaddyfile: Fix #4640 (auto-HTTPS edgecase) (#4661) Guh, this is complicated. Fixes #4640 This also follows up on #4398 (reverting it) which made a change that technically worked, but was incorrect. It changed the condition in `hostsFromKeysNotHTTP` from `&&` to `||`, but then the function no longer did what its name said it would do, and it would return hosts even if they were marked with `http://`, if they used a non-HTTP port. That wasn't the intent of it. The test added in there was kept though, because it is a valid usecase. The actual fix is to check _earlier_ whether all the addresses explicitly have `http://`, and if so we can short circuit and skip considering the rest. --- caddyconfig/httpcaddyfile/directives.go | 13 ++++- caddyconfig/httpcaddyfile/httptype.go | 2 +- caddyconfig/httpcaddyfile/tlsapp.go | 6 ++ .../tls_automation_policies_9.txt | 56 +++++++++++++++++++ 4 files changed, 75 insertions(+), 2 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/tls_automation_policies_9.txt diff --git a/caddyconfig/httpcaddyfile/directives.go b/caddyconfig/httpcaddyfile/directives.go index 425bf192..6b80e346 100644 --- a/caddyconfig/httpcaddyfile/directives.go +++ b/caddyconfig/httpcaddyfile/directives.go @@ -494,7 +494,7 @@ func (sb serverBlock) hostsFromKeysNotHTTP(httpPort string) []string { if addr.Host == "" { continue } - if addr.Scheme != "http" || addr.Port != httpPort { + if addr.Scheme != "http" && addr.Port != httpPort { hostMap[addr.Host] = struct{}{} } } @@ -519,6 +519,17 @@ func (sb serverBlock) hasHostCatchAllKey() bool { return false } +// isAllHTTP returns true if all sb keys explicitly specify +// the http:// scheme +func (sb serverBlock) isAllHTTP() bool { + for _, addr := range sb.keys { + if addr.Scheme != "http" { + return false + } + } + return true +} + type ( // UnmarshalFunc is a function which can unmarshal Caddyfile // tokens into zero or more config values using a Helper type. diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index d7716a42..f5dd68a6 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -581,7 +581,7 @@ func (st *ServerType) serversFromPairings( } for _, addr := range sblock.keys { - // if server only uses HTTPS port, auto-HTTPS will not apply + // if server only uses HTTP port, auto-HTTPS will not apply if listenersUseAnyPortOtherThan(srv.Listen, httpPort) { // exclude any hosts that were defined explicitly with "http://" // in the key from automated cert management (issue #2998) diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index daaec95d..76d7ebf3 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -101,6 +101,12 @@ func (st ServerType) buildTLSApp( } for _, sblock := range p.serverBlocks { + // check the scheme of all the site addresses, + // skip building AP if they all had http:// + if sblock.isAllHTTP() { + continue + } + // get values that populate an automation policy for this block ap, err := newBaseAutomationPolicy(options, warnings, true) if err != nil { diff --git a/caddytest/integration/caddyfile_adapt/tls_automation_policies_9.txt b/caddytest/integration/caddyfile_adapt/tls_automation_policies_9.txt new file mode 100644 index 00000000..bd82e96c --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/tls_automation_policies_9.txt @@ -0,0 +1,56 @@ +# example from issue #4640 +http://foo:8447, http://127.0.0.1:8447 { + reverse_proxy 127.0.0.1:8080 +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":8447" + ], + "routes": [ + { + "match": [ + { + "host": [ + "foo", + "127.0.0.1" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "handler": "reverse_proxy", + "upstreams": [ + { + "dial": "127.0.0.1:8080" + } + ] + } + ] + } + ] + } + ], + "terminal": true + } + ], + "automatic_https": { + "skip": [ + "foo", + "127.0.0.1" + ] + } + } + } + } + } +} \ No newline at end of file From d06d0e79f839a26ab2cf81b00ba2d180623c57a9 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 25 Mar 2022 11:28:54 -0600 Subject: [PATCH 0611/1498] go.mod: Upgrade CertMagic to v0.16.0 Includes several breaking changes; code base updated accordingly. - Added lots of context arguments - Use fs.ErrNotExist - Rename ACMEManager -> ACMEIssuer; CertificateManager -> Manager --- admin.go | 2 +- caddy.go | 4 ++-- caddyconfig/httpcaddyfile/builtins.go | 4 ++-- go.mod | 6 ++--- go.sum | 24 +++++++++---------- modules/caddyhttp/autohttps.go | 4 ++-- modules/caddypki/ca.go | 24 +++++++++++-------- modules/caddytls/acmeissuer.go | 14 +++++------ modules/caddytls/automation.go | 6 ++--- modules/caddytls/certmanagers.go | 12 +++++----- .../distributedstek/distributedstek.go | 10 ++++---- modules/caddytls/storageloader.go | 7 ++++-- modules/caddytls/tls.go | 4 ++-- modules/caddytls/zerosslissuer.go | 8 +++---- sigtrap.go | 3 ++- sigtrap_posix.go | 3 ++- 16 files changed, 73 insertions(+), 62 deletions(-) diff --git a/admin.go b/admin.go index d31308a7..214b734d 100644 --- a/admin.go +++ b/admin.go @@ -1000,7 +1000,7 @@ func handleStop(w http.ResponseWriter, r *http.Request) error { Log().Error("unable to notify stopping to service manager", zap.Error(err)) } - exitProcess(Log().Named("admin.api")) + exitProcess(context.Background(), Log().Named("admin.api")) return nil } diff --git a/caddy.go b/caddy.go index f6768c04..86935f81 100644 --- a/caddy.go +++ b/caddy.go @@ -621,7 +621,7 @@ func Validate(cfg *Config) error { // PID file, and shuts down admin endpoint(s) in a goroutine. // Errors are logged along the way, and an appropriate exit // code is emitted. -func exitProcess(logger *zap.Logger) { +func exitProcess(ctx context.Context, logger *zap.Logger) { if logger == nil { logger = Log() } @@ -636,7 +636,7 @@ func exitProcess(logger *zap.Logger) { } // clean up certmagic locks - certmagic.CleanUpOwnLocks(logger) + certmagic.CleanUpOwnLocks(ctx, logger) // remove pidfile if pidfile != "" { diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index e65039d6..1e7c7016 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -95,7 +95,7 @@ func parseTLS(h Helper) ([]ConfigValue, error) { var keyType string var internalIssuer *caddytls.InternalIssuer var issuers []certmagic.Issuer - var certManagers []certmagic.CertificateManager + var certManagers []certmagic.Manager var onDemand bool for h.Next() { @@ -320,7 +320,7 @@ func parseTLS(h Helper) ([]ConfigValue, error) { if err != nil { return nil, err } - certManager, ok := unm.(certmagic.CertificateManager) + certManager, ok := unm.(certmagic.Manager) if !ok { return nil, h.Errf("module %s (%T) is not a certmagic.CertificateManager", modID, unm) } diff --git a/go.mod b/go.mod index 425e8705..eb26a428 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/Masterminds/sprig/v3 v3.2.2 github.com/alecthomas/chroma v0.10.0 github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b - github.com/caddyserver/certmagic v0.15.4 + github.com/caddyserver/certmagic v0.16.0 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/fsnotify/fsnotify v1.5.1 // indirect github.com/go-chi/chi v4.1.2+incompatible @@ -33,8 +33,8 @@ require ( go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.4.0 go.opentelemetry.io/otel/sdk v1.4.0 go.uber.org/zap v1.21.0 - golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3 - golang.org/x/net v0.0.0-20220114011407-0dd24b26b47d + golang.org/x/crypto v0.0.0-20220210151621-f4118a5b28e2 + golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 google.golang.org/genproto v0.0.0-20220118154757-00ab72f36ad5 google.golang.org/protobuf v1.27.1 diff --git a/go.sum b/go.sum index aef242da..235b9d5c 100644 --- a/go.sum +++ b/go.sum @@ -184,8 +184,8 @@ github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= github.com/caarlos0/ctrlc v1.0.0/go.mod h1:CdXpj4rmq0q/1Eb44M9zi2nKB0QraNKuRGYGrrHhcQw= -github.com/caddyserver/certmagic v0.15.4 h1:kz//9+Z/xw197jtIBxxUDub8pQi9gcYvhXk5Ouw2EkM= -github.com/caddyserver/certmagic v0.15.4/go.mod h1:qhkAOthf72ufAcp3Y5jF2RaGE96oip3UbEQRIzwe3/8= +github.com/caddyserver/certmagic v0.16.0 h1:nM6Fm+OSnTpx/uRWmN++I2fYq006uhi6m6m3rD1Jjtg= +github.com/caddyserver/certmagic v0.16.0/go.mod h1:jKQ5n+ViHAr6DbPwEGLTSM2vDwTO6EvCKBblBRUvvuQ= github.com/campoy/unique v0.0.0-20180121183637-88950e537e7e/go.mod h1:9IOqJGCPMSc6E5ydlp5NIonxObaeu/Iub/X03EKPVYo= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= github.com/cavaliercoder/go-cpio v0.0.0-20180626203310-925f9528c45e/go.mod h1:oDpT4efm8tSYHXV5tHSdRvBet/b/QzxZ+XyyPehvm3A= @@ -634,7 +634,6 @@ github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+o github.com/klauspost/compress v1.12.3/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= github.com/klauspost/compress v1.15.0 h1:xqfchp4whNFxn5A4XFyyYtitiWI8Hy5EW59jEwcyL6U= github.com/klauspost/compress v1.15.0/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= -github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/klauspost/cpuid/v2 v2.0.11 h1:i2lw1Pm7Yi/4O6XCSyJWqEHI2MDw2FzUK6o/D21xn2A= github.com/klauspost/cpuid/v2 v2.0.11/go.mod h1:g2LTdtYhdyuGPqyWyv7qRAmj1WBqxuObKfj5c0PQa7c= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -708,15 +707,14 @@ github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5 github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d h1:5PJl274Y63IEHC+7izoQE9x6ikvDFZS2mDVS3drnohI= github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= -github.com/mholt/acmez v1.0.1/go.mod h1:8qnn8QA/Ewx8E3ZSsmscqsIjhhpxuy9vqdgbX2ceceM= github.com/mholt/acmez v1.0.2 h1:C8wsEBIUVi6e0DYoxqCcFuXtwc4AWXL/jgcDjF7mjVo= github.com/mholt/acmez v1.0.2/go.mod h1:8qnn8QA/Ewx8E3ZSsmscqsIjhhpxuy9vqdgbX2ceceM= github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4= github.com/micromdm/scep/v2 v2.1.0 h1:2fS9Rla7qRR266hvUoEauBJ7J6FhgssEiq2OkSKXmaU= github.com/micromdm/scep/v2 v2.1.0/go.mod h1:BkF7TkPPhmgJAMtHfP+sFTKXmgzNJgLQlvvGoOExBcc= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= -github.com/miekg/dns v1.1.43 h1:JKfpVSCB84vrAmHzyrsxB5NAr5kLoMXZArPSw7Qlgyg= -github.com/miekg/dns v1.1.43/go.mod h1:+evo5L0630/F6ca/Z9+GAqzhjGyn8/c+TBaOyfEl0V4= +github.com/miekg/dns v1.1.46 h1:uzwpxRtSVxtcIZmz/4Uz6/Rn7G11DvsaslXoy5LxQio= +github.com/miekg/dns v1.1.46/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME= github.com/miekg/pkcs11 v1.0.2/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/miekg/pkcs11 v1.0.3-0.20190429190417-a667d056470f/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= @@ -1171,8 +1169,8 @@ golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5 golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210915214749-c084706c2272/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3 h1:0es+/5331RGQPcXlMfP+WrnIIS6dNnNRe0WB02W0F4M= -golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220210151621-f4118a5b28e2 h1:XdAboW3BNMv9ocSCOk/u1MFioZGzCNkiJZ19v9Oe3Ig= +golang.org/x/crypto v0.0.0-20220210151621-f4118a5b28e2/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -1271,10 +1269,11 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210913180222-943fd674d43e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20220114011407-0dd24b26b47d h1:1n1fc535VhN8SYtD4cDUyNlfpAF2ROMM9+11equK3hs= -golang.org/x/net v0.0.0-20220114011407-0dd24b26b47d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk= +golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181106182150-f42d05182288/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -1379,7 +1378,6 @@ golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210309074719-68d13333faf2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1403,6 +1401,7 @@ golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210915083310-ed5796bab164/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210917161153-d61c044b1678/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211031064116-611d5d643895/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 h1:XfKQ4OlFl8okEOr5UvAqFRVj8pY/4yfcXrddB8qAbU0= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= @@ -1500,8 +1499,9 @@ golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.5 h1:ouewzE6p+/VEB31YYnTbEJdi8pFqKp4P4n85vwo3DHA= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2 h1:BonxutuHCTL0rBDnZlKjpGIQFTjyUVTexFOdWkB6Fg0= +golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/modules/caddyhttp/autohttps.go b/modules/caddyhttp/autohttps.go index eb66114c..f1d99ce3 100644 --- a/modules/caddyhttp/autohttps.go +++ b/modules/caddyhttp/autohttps.go @@ -480,7 +480,7 @@ func (app *App) createAutomationPolicies(ctx caddy.Context, internalNames []stri if err != nil { return err } - ap.Managers = []certmagic.CertificateManager{ts} + ap.Managers = []certmagic.Manager{ts} } // while we're here, is this the catch-all/base policy? @@ -497,7 +497,7 @@ func (app *App) createAutomationPolicies(ctx caddy.Context, internalNames []stri return err } basePolicy = &caddytls.AutomationPolicy{ - Managers: []certmagic.CertificateManager{ts}, + Managers: []certmagic.Manager{ts}, } } diff --git a/modules/caddypki/ca.go b/modules/caddypki/ca.go index 7fefee65..c9bdeee6 100644 --- a/modules/caddypki/ca.go +++ b/modules/caddypki/ca.go @@ -18,7 +18,9 @@ import ( "crypto" "crypto/x509" "encoding/json" + "errors" "fmt" + "io/fs" "path" "sync" "time" @@ -76,12 +78,14 @@ type CA struct { rootCertPath string // mainly used for logging purposes if trusting log *zap.Logger + ctx caddy.Context } // Provision sets up the CA. func (ca *CA) Provision(ctx caddy.Context, id string, log *zap.Logger) error { ca.mu = new(sync.RWMutex) ca.log = log.Named("ca." + id) + ca.ctx = ctx if id == "" { return fmt.Errorf("CA ID is required (use 'local' for the default CA)") @@ -215,9 +219,9 @@ func (ca CA) NewAuthority(authorityConfig AuthorityConfig) (*authority.Authority } func (ca CA) loadOrGenRoot() (rootCert *x509.Certificate, rootKey interface{}, err error) { - rootCertPEM, err := ca.storage.Load(ca.storageKeyRootCert()) + rootCertPEM, err := ca.storage.Load(ca.ctx, ca.storageKeyRootCert()) if err != nil { - if _, ok := err.(certmagic.ErrNotExist); !ok { + if !errors.Is(err, fs.ErrNotExist) { return nil, nil, fmt.Errorf("loading root cert: %v", err) } @@ -235,7 +239,7 @@ func (ca CA) loadOrGenRoot() (rootCert *x509.Certificate, rootKey interface{}, e } } if rootKey == nil { - rootKeyPEM, err := ca.storage.Load(ca.storageKeyRootKey()) + rootKeyPEM, err := ca.storage.Load(ca.ctx, ca.storageKeyRootKey()) if err != nil { return nil, nil, fmt.Errorf("loading root key: %v", err) } @@ -259,7 +263,7 @@ func (ca CA) genRoot() (rootCert *x509.Certificate, rootKey interface{}, err err if err != nil { return nil, nil, fmt.Errorf("encoding root certificate: %v", err) } - err = ca.storage.Store(ca.storageKeyRootCert(), rootCertPEM) + err = ca.storage.Store(ca.ctx, ca.storageKeyRootCert(), rootCertPEM) if err != nil { return nil, nil, fmt.Errorf("saving root certificate: %v", err) } @@ -267,7 +271,7 @@ func (ca CA) genRoot() (rootCert *x509.Certificate, rootKey interface{}, err err if err != nil { return nil, nil, fmt.Errorf("encoding root key: %v", err) } - err = ca.storage.Store(ca.storageKeyRootKey(), rootKeyPEM) + err = ca.storage.Store(ca.ctx, ca.storageKeyRootKey(), rootKeyPEM) if err != nil { return nil, nil, fmt.Errorf("saving root key: %v", err) } @@ -276,9 +280,9 @@ func (ca CA) genRoot() (rootCert *x509.Certificate, rootKey interface{}, err err } func (ca CA) loadOrGenIntermediate(rootCert *x509.Certificate, rootKey crypto.PrivateKey) (interCert *x509.Certificate, interKey crypto.PrivateKey, err error) { - interCertPEM, err := ca.storage.Load(ca.storageKeyIntermediateCert()) + interCertPEM, err := ca.storage.Load(ca.ctx, ca.storageKeyIntermediateCert()) if err != nil { - if _, ok := err.(certmagic.ErrNotExist); !ok { + if !errors.Is(err, fs.ErrNotExist) { return nil, nil, fmt.Errorf("loading intermediate cert: %v", err) } @@ -297,7 +301,7 @@ func (ca CA) loadOrGenIntermediate(rootCert *x509.Certificate, rootKey crypto.Pr } if interKey == nil { - interKeyPEM, err := ca.storage.Load(ca.storageKeyIntermediateKey()) + interKeyPEM, err := ca.storage.Load(ca.ctx, ca.storageKeyIntermediateKey()) if err != nil { return nil, nil, fmt.Errorf("loading intermediate key: %v", err) } @@ -321,7 +325,7 @@ func (ca CA) genIntermediate(rootCert *x509.Certificate, rootKey crypto.PrivateK if err != nil { return nil, nil, fmt.Errorf("encoding intermediate certificate: %v", err) } - err = ca.storage.Store(ca.storageKeyIntermediateCert(), interCertPEM) + err = ca.storage.Store(ca.ctx, ca.storageKeyIntermediateCert(), interCertPEM) if err != nil { return nil, nil, fmt.Errorf("saving intermediate certificate: %v", err) } @@ -329,7 +333,7 @@ func (ca CA) genIntermediate(rootCert *x509.Certificate, rootKey crypto.PrivateK if err != nil { return nil, nil, fmt.Errorf("encoding intermediate key: %v", err) } - err = ca.storage.Store(ca.storageKeyIntermediateKey(), interKeyPEM) + err = ca.storage.Store(ca.ctx, ca.storageKeyIntermediateKey(), interKeyPEM) if err != nil { return nil, nil, fmt.Errorf("saving intermediate key: %v", err) } diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go index 48a961fa..fd60cc8e 100644 --- a/modules/caddytls/acmeissuer.go +++ b/modules/caddytls/acmeissuer.go @@ -85,7 +85,7 @@ type ACMEIssuer struct { PreferredChains *ChainPreference `json:"preferred_chains,omitempty"` rootPool *x509.CertPool - template certmagic.ACMEManager + template certmagic.ACMEIssuer magic *certmagic.Config logger *zap.Logger } @@ -172,8 +172,8 @@ func (iss *ACMEIssuer) Provision(ctx caddy.Context) error { return nil } -func (iss *ACMEIssuer) makeIssuerTemplate() (certmagic.ACMEManager, error) { - template := certmagic.ACMEManager{ +func (iss *ACMEIssuer) makeIssuerTemplate() (certmagic.ACMEIssuer, error) { + template := certmagic.ACMEIssuer{ CA: iss.CA, TestCA: iss.TestCA, Email: iss.Email, @@ -224,22 +224,22 @@ func (iss *ACMEIssuer) SetConfig(cfg *certmagic.Config) { // PreCheck implements the certmagic.PreChecker interface. func (iss *ACMEIssuer) PreCheck(ctx context.Context, names []string, interactive bool) error { - return certmagic.NewACMEManager(iss.magic, iss.template).PreCheck(ctx, names, interactive) + return certmagic.NewACMEIssuer(iss.magic, iss.template).PreCheck(ctx, names, interactive) } // Issue obtains a certificate for the given csr. func (iss *ACMEIssuer) Issue(ctx context.Context, csr *x509.CertificateRequest) (*certmagic.IssuedCertificate, error) { - return certmagic.NewACMEManager(iss.magic, iss.template).Issue(ctx, csr) + return certmagic.NewACMEIssuer(iss.magic, iss.template).Issue(ctx, csr) } // IssuerKey returns the unique issuer key for the configured CA endpoint. func (iss *ACMEIssuer) IssuerKey() string { - return certmagic.NewACMEManager(iss.magic, iss.template).IssuerKey() + return certmagic.NewACMEIssuer(iss.magic, iss.template).IssuerKey() } // Revoke revokes the given certificate. func (iss *ACMEIssuer) Revoke(ctx context.Context, cert certmagic.CertificateResource, reason int) error { - return certmagic.NewACMEManager(iss.magic, iss.template).Revoke(ctx, cert, reason) + return certmagic.NewACMEIssuer(iss.magic, iss.template).Revoke(ctx, cert, reason) } // GetACMEIssuer returns iss. This is useful when other types embed ACMEIssuer, because diff --git a/modules/caddytls/automation.go b/modules/caddytls/automation.go index eb97c82d..26884bce 100644 --- a/modules/caddytls/automation.go +++ b/modules/caddytls/automation.go @@ -141,8 +141,8 @@ type AutomationPolicy struct { // they are only used to populate an underlying certmagic.Config's // fields during provisioning so that the modules can survive a // re-provisioning. - Issuers []certmagic.Issuer `json:"-"` - Managers []certmagic.CertificateManager `json:"-"` + Issuers []certmagic.Issuer `json:"-"` + Managers []certmagic.Manager `json:"-"` magic *certmagic.Config storage certmagic.Storage @@ -199,7 +199,7 @@ func (ap *AutomationPolicy) Provision(tlsApp *TLS) error { return fmt.Errorf("loading external certificate manager modules: %v", err) } for _, getCertVal := range vals.([]interface{}) { - ap.Managers = append(ap.Managers, getCertVal.(certmagic.CertificateManager)) + ap.Managers = append(ap.Managers, getCertVal.(certmagic.Manager)) } } diff --git a/modules/caddytls/certmanagers.go b/modules/caddytls/certmanagers.go index 653e9f50..8c8d7017 100644 --- a/modules/caddytls/certmanagers.go +++ b/modules/caddytls/certmanagers.go @@ -198,11 +198,11 @@ func (hcg *HTTPCertGetter) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { // Interface guards var ( - _ certmagic.CertificateManager = (*Tailscale)(nil) - _ caddy.Provisioner = (*Tailscale)(nil) - _ caddyfile.Unmarshaler = (*Tailscale)(nil) + _ certmagic.Manager = (*Tailscale)(nil) + _ caddy.Provisioner = (*Tailscale)(nil) + _ caddyfile.Unmarshaler = (*Tailscale)(nil) - _ certmagic.CertificateManager = (*HTTPCertGetter)(nil) - _ caddy.Provisioner = (*HTTPCertGetter)(nil) - _ caddyfile.Unmarshaler = (*HTTPCertGetter)(nil) + _ certmagic.Manager = (*HTTPCertGetter)(nil) + _ caddy.Provisioner = (*HTTPCertGetter)(nil) + _ caddyfile.Unmarshaler = (*HTTPCertGetter)(nil) ) diff --git a/modules/caddytls/distributedstek/distributedstek.go b/modules/caddytls/distributedstek/distributedstek.go index e76fc472..18ed6949 100644 --- a/modules/caddytls/distributedstek/distributedstek.go +++ b/modules/caddytls/distributedstek/distributedstek.go @@ -26,7 +26,9 @@ import ( "bytes" "encoding/gob" "encoding/json" + "errors" "fmt" + "io/fs" "log" "runtime/debug" "time" @@ -115,7 +117,7 @@ func (s *Provider) Next(doneChan <-chan struct{}) <-chan [][32]byte { func (s *Provider) loadSTEK() (distributedSTEK, error) { var sg distributedSTEK - gobBytes, err := s.storage.Load(stekFileName) + gobBytes, err := s.storage.Load(s.ctx, stekFileName) if err != nil { return sg, err // don't wrap, in case error is certmagic.ErrNotExist } @@ -133,7 +135,7 @@ func (s *Provider) storeSTEK(dstek distributedSTEK) error { if err != nil { return fmt.Errorf("encoding STEK gob: %v", err) } - err = s.storage.Store(stekFileName, buf.Bytes()) + err = s.storage.Store(s.ctx, stekFileName, buf.Bytes()) if err != nil { return fmt.Errorf("storing STEK gob: %v", err) } @@ -151,11 +153,11 @@ func (s *Provider) getSTEK() (distributedSTEK, error) { } //nolint:errcheck - defer s.storage.Unlock(stekLockName) + defer s.storage.Unlock(s.ctx, stekLockName) // load the current STEKs from storage dstek, err := s.loadSTEK() - if _, isNotExist := err.(certmagic.ErrNotExist); isNotExist { + if errors.Is(err, fs.ErrNotExist) { // if there is none, then make some right away dstek, err = s.rotateKeys(dstek) if err != nil { diff --git a/modules/caddytls/storageloader.go b/modules/caddytls/storageloader.go index e78996f1..ef9d51e7 100644 --- a/modules/caddytls/storageloader.go +++ b/modules/caddytls/storageloader.go @@ -35,6 +35,8 @@ type StorageLoader struct { // Reference to the globally configured storage module. storage certmagic.Storage + + ctx caddy.Context } // CaddyModule returns the Caddy module information. @@ -48,6 +50,7 @@ func (StorageLoader) CaddyModule() caddy.ModuleInfo { // Provision loads the storage module for sl. func (sl *StorageLoader) Provision(ctx caddy.Context) error { sl.storage = ctx.Storage() + sl.ctx = ctx return nil } @@ -55,11 +58,11 @@ func (sl *StorageLoader) Provision(ctx caddy.Context) error { func (sl StorageLoader) LoadCertificates() ([]Certificate, error) { certs := make([]Certificate, 0, len(sl.Pairs)) for _, pair := range sl.Pairs { - certData, err := sl.storage.Load(pair.Certificate) + certData, err := sl.storage.Load(sl.ctx, pair.Certificate) if err != nil { return nil, err } - keyData, err := sl.storage.Load(pair.Key) + keyData, err := sl.storage.Load(sl.ctx, pair.Key) if err != nil { return nil, err } diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go index 31c559c1..9fe30fe3 100644 --- a/modules/caddytls/tls.go +++ b/modules/caddytls/tls.go @@ -199,7 +199,7 @@ func (t *TLS) Provision(ctx caddy.Context) error { return fmt.Errorf("loading certificates: %v", err) } for _, cert := range certs { - err := magic.CacheUnmanagedTLSCertificate(cert.Certificate, cert.Tags) + err := magic.CacheUnmanagedTLSCertificate(ctx, cert.Certificate, cert.Tags) if err != nil { return fmt.Errorf("caching unmanaged certificate: %v", err) } @@ -336,7 +336,7 @@ func (t *TLS) HandleHTTPChallenge(w http.ResponseWriter, r *http.Request) bool { for _, iss := range ap.magic.Issuers { if am, ok := iss.(acmeCapable); ok { iss := am.GetACMEIssuer() - if certmagic.NewACMEManager(iss.magic, iss.template).HandleHTTPChallenge(w, r) { + if certmagic.NewACMEIssuer(iss.magic, iss.template).HandleHTTPChallenge(w, r) { return true } } diff --git a/modules/caddytls/zerosslissuer.go b/modules/caddytls/zerosslissuer.go index a8830a0b..a75063bc 100644 --- a/modules/caddytls/zerosslissuer.go +++ b/modules/caddytls/zerosslissuer.go @@ -69,12 +69,12 @@ func (iss *ZeroSSLIssuer) Provision(ctx caddy.Context) error { } // newAccountCallback generates EAB if not already provided. It also sets a valid default contact on the account if not set. -func (iss *ZeroSSLIssuer) newAccountCallback(ctx context.Context, am *certmagic.ACMEManager, acct acme.Account) (acme.Account, error) { - if am.ExternalAccount != nil { +func (iss *ZeroSSLIssuer) newAccountCallback(ctx context.Context, acmeIss *certmagic.ACMEIssuer, acct acme.Account) (acme.Account, error) { + if acmeIss.ExternalAccount != nil { return acct, nil } var err error - am.ExternalAccount, acct, err = iss.generateEABCredentials(ctx, acct) + acmeIss.ExternalAccount, acct, err = iss.generateEABCredentials(ctx, acct) return acct, err } @@ -153,7 +153,7 @@ func (iss *ZeroSSLIssuer) generateEABCredentials(ctx context.Context, acct acme. }, acct, nil } -// initialize modifies the template for the underlying ACMEManager +// initialize modifies the template for the underlying ACMEIssuer // values by setting the CA endpoint to the ZeroSSL directory and // setting the NewAccountFunc callback to one which allows us to // generate EAB credentials only if a new account is being made. diff --git a/sigtrap.go b/sigtrap.go index 0fce6d0d..b0be1c73 100644 --- a/sigtrap.go +++ b/sigtrap.go @@ -15,6 +15,7 @@ package caddy import ( + "context" "os" "os/signal" @@ -55,7 +56,7 @@ func trapSignalsCrossPlatform() { // exitProcessFromSignal exits the process from a system signal. func exitProcessFromSignal(sigName string) { logger := Log().With(zap.String("signal", sigName)) - exitProcess(logger) + exitProcess(context.TODO(), logger) } // Exit codes. Generally, you should NOT diff --git a/sigtrap_posix.go b/sigtrap_posix.go index b6c4cbfe..706d0c25 100644 --- a/sigtrap_posix.go +++ b/sigtrap_posix.go @@ -18,6 +18,7 @@ package caddy import ( + "context" "os" "os/signal" "syscall" @@ -36,7 +37,7 @@ func trapSignalsPosix() { switch sig { case syscall.SIGQUIT: Log().Info("quitting process immediately", zap.String("signal", "SIGQUIT")) - certmagic.CleanUpOwnLocks(Log()) // try to clean up locks anyway, it's important + certmagic.CleanUpOwnLocks(context.TODO(), Log()) // try to clean up locks anyway, it's important os.Exit(ExitCodeForceQuit) case syscall.SIGTERM: From b4f1a713978f44b6f26721bd4eaa355164e3e6f4 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Fri, 25 Mar 2022 14:56:29 -0400 Subject: [PATCH 0612/1498] chore: Bump minimum Go to 1.17 (#4662) --- .github/workflows/ci.yml | 2 +- README.md | 2 +- go.mod | 103 ++++++++++++++++++++++++++++++++++++--- 3 files changed, 99 insertions(+), 8 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 894b8ed2..424b5dd1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,7 +19,7 @@ jobs: fail-fast: false matrix: os: [ ubuntu-latest, macos-latest, windows-latest ] - go: [ '1.16', '1.17', '1.18' ] + go: [ '1.17', '1.18' ] # Set some variables per OS, usable via ${{ matrix.VAR }} # CADDY_BIN_PATH: the path to the compiled Caddy binary, for artifact publishing diff --git a/README.md b/README.md index 317a3ece..251e54a5 100644 --- a/README.md +++ b/README.md @@ -75,7 +75,7 @@ For other install options, see https://caddyserver.com/docs/install. Requirements: -- [Go 1.16 or newer](https://golang.org/dl/) +- [Go 1.17 or newer](https://golang.org/dl/) ### For development diff --git a/go.mod b/go.mod index eb26a428..63cbceac 100644 --- a/go.mod +++ b/go.mod @@ -1,16 +1,13 @@ module github.com/caddyserver/caddy/v2 -go 1.16 +go 1.17 require ( - cloud.google.com/go/kms v1.1.0 // indirect - github.com/BurntSushi/toml v1.0.0 // indirect github.com/Masterminds/sprig/v3 v3.2.2 github.com/alecthomas/chroma v0.10.0 github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b github.com/caddyserver/certmagic v0.16.0 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac - github.com/fsnotify/fsnotify v1.5.1 // indirect github.com/go-chi/chi v4.1.2+incompatible github.com/google/cel-go v0.7.3 github.com/google/uuid v1.3.0 @@ -18,7 +15,6 @@ require ( github.com/klauspost/cpuid/v2 v2.0.11 github.com/lucas-clemente/quic-go v0.26.0 github.com/mholt/acmez v1.0.2 - github.com/naoina/go-stringutil v0.1.0 // indirect github.com/naoina/toml v0.1.1 github.com/prometheus/client_golang v1.12.1 github.com/smallstep/certificates v0.18.0 @@ -38,8 +34,103 @@ require ( golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 google.golang.org/genproto v0.0.0-20220118154757-00ab72f36ad5 google.golang.org/protobuf v1.27.1 - gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect gopkg.in/natefinch/lumberjack.v2 v2.0.0 gopkg.in/yaml.v2 v2.4.0 +) + +require ( + cloud.google.com/go/kms v1.1.0 // indirect + github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96 // indirect + github.com/BurntSushi/toml v1.0.0 // indirect + github.com/Masterminds/goutils v1.1.1 // indirect + github.com/Masterminds/semver/v3 v3.1.1 // indirect + github.com/antlr/antlr4 v0.0.0-20200503195918-621b933c7a7f // indirect + github.com/beorn7/perks v1.0.1 // indirect + github.com/cenkalti/backoff/v4 v4.1.2 // indirect + github.com/cespare/xxhash v1.1.0 // indirect + github.com/cespare/xxhash/v2 v2.1.2 // indirect + github.com/cheekybits/genny v1.0.0 // indirect + github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e // indirect + github.com/cpuguy83/go-md2man/v2 v2.0.0 // indirect + github.com/dgraph-io/badger v1.6.2 // indirect + github.com/dgraph-io/badger/v2 v2.2007.4 // indirect + github.com/dgraph-io/ristretto v0.0.4-0.20200906165740-41ebdbffecfd // indirect + github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13 // indirect + github.com/dlclark/regexp2 v1.4.0 // indirect + github.com/felixge/httpsnoop v1.0.2 // indirect + github.com/fsnotify/fsnotify v1.5.1 // indirect + github.com/go-kit/kit v0.10.0 // indirect + github.com/go-logfmt/logfmt v0.5.0 // indirect + github.com/go-logr/logr v1.2.2 // indirect + github.com/go-logr/stdr v1.2.2 // indirect + github.com/go-sql-driver/mysql v1.6.0 // indirect + github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect + github.com/golang/protobuf v1.5.2 // indirect + github.com/golang/snappy v0.0.3 // indirect + github.com/googleapis/gax-go/v2 v2.1.1 // indirect + github.com/grpc-ecosystem/grpc-gateway v1.16.0 // indirect + github.com/huandu/xstrings v1.3.2 // indirect + github.com/imdario/mergo v0.3.12 // indirect + github.com/jackc/chunkreader/v2 v2.0.1 // indirect + github.com/jackc/pgconn v1.10.1 // indirect + github.com/jackc/pgio v1.0.0 // indirect + github.com/jackc/pgpassfile v1.0.0 // indirect + github.com/jackc/pgproto3/v2 v2.2.0 // indirect + github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b // indirect + github.com/jackc/pgtype v1.9.0 // indirect + github.com/jackc/pgx/v4 v4.14.0 // indirect + github.com/libdns/libdns v0.2.1 // indirect + github.com/manifoldco/promptui v0.9.0 // indirect + github.com/marten-seemann/qpack v0.2.1 // indirect + github.com/marten-seemann/qtls-go1-16 v0.1.5 // indirect + github.com/marten-seemann/qtls-go1-17 v0.1.1 // indirect + github.com/marten-seemann/qtls-go1-18 v0.1.1 // indirect + github.com/mattn/go-colorable v0.1.8 // indirect + github.com/mattn/go-isatty v0.0.13 // indirect + github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect + github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect + github.com/micromdm/scep/v2 v2.1.0 // indirect + github.com/miekg/dns v1.1.46 // indirect + github.com/mitchellh/copystructure v1.2.0 // indirect + github.com/mitchellh/go-ps v1.0.0 // indirect + github.com/mitchellh/reflectwalk v1.0.2 // indirect + github.com/naoina/go-stringutil v0.1.0 // indirect + github.com/nxadm/tail v1.4.8 // indirect + github.com/onsi/ginkgo v1.16.4 // indirect + github.com/pkg/errors v0.9.1 // indirect + github.com/prometheus/client_model v0.2.0 // indirect + github.com/prometheus/common v0.32.1 // indirect + github.com/prometheus/procfs v0.7.3 // indirect + github.com/rs/xid v1.2.1 // indirect + github.com/russross/blackfriday/v2 v2.0.1 // indirect + github.com/shopspring/decimal v1.2.0 // indirect + github.com/shurcooL/sanitized_anchor_name v1.0.0 // indirect + github.com/sirupsen/logrus v1.7.0 // indirect + github.com/spf13/cast v1.4.1 // indirect + github.com/stoewer/go-strcase v1.2.0 // indirect + github.com/urfave/cli v1.22.5 // indirect + go.etcd.io/bbolt v1.3.6 // indirect + go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 // indirect + go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.4.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.4.0 // indirect + go.opentelemetry.io/otel/internal/metric v0.27.0 // indirect + go.opentelemetry.io/otel/metric v0.27.0 // indirect + go.opentelemetry.io/otel/trace v1.4.0 // indirect + go.opentelemetry.io/proto/otlp v0.12.0 // indirect + go.step.sm/cli-utils v0.7.0 // indirect + go.step.sm/crypto v0.13.0 // indirect + go.step.sm/linkedca v0.7.0 // indirect + go.uber.org/atomic v1.7.0 // indirect + go.uber.org/multierr v1.6.0 // indirect + golang.org/x/mod v0.4.2 // indirect + golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 // indirect + golang.org/x/text v0.3.7 // indirect + golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2 // indirect + golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect + google.golang.org/api v0.58.0 // indirect + google.golang.org/grpc v1.44.0 // indirect + gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect + gopkg.in/square/go-jose.v2 v2.6.0 // indirect + gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect howett.net/plist v1.0.0 // indirect ) From 734acc776a1156d22dabedd420053d834663a22e Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 28 Mar 2022 17:07:43 -0400 Subject: [PATCH 0613/1498] chore: Fix for xcaddy builds (#4665) * chore: Attempt fix for xcaddy builds * Upgrade smallstep/certificates which avoids the problem --- go.mod | 22 ++++++------- go.sum | 102 +++++++++++++++++++++++++++++++++++++++++++++++---------- 2 files changed, 94 insertions(+), 30 deletions(-) diff --git a/go.mod b/go.mod index 63cbceac..f1b11667 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/mholt/acmez v1.0.2 github.com/naoina/toml v0.1.1 github.com/prometheus/client_golang v1.12.1 - github.com/smallstep/certificates v0.18.0 + github.com/smallstep/certificates v0.18.3-0.20220328195804-49de04661b85 github.com/smallstep/cli v0.18.0 github.com/smallstep/nosql v0.4.0 github.com/smallstep/truststore v0.11.0 @@ -32,14 +32,14 @@ require ( golang.org/x/crypto v0.0.0-20220210151621-f4118a5b28e2 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 - google.golang.org/genproto v0.0.0-20220118154757-00ab72f36ad5 + google.golang.org/genproto v0.0.0-20220222213610-43724f9ea8cf google.golang.org/protobuf v1.27.1 gopkg.in/natefinch/lumberjack.v2 v2.0.0 gopkg.in/yaml.v2 v2.4.0 ) require ( - cloud.google.com/go/kms v1.1.0 // indirect + filippo.io/edwards25519 v1.0.0-rc.1 // indirect github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96 // indirect github.com/BurntSushi/toml v1.0.0 // indirect github.com/Masterminds/goutils v1.1.1 // indirect @@ -67,7 +67,6 @@ require ( github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect github.com/golang/protobuf v1.5.2 // indirect github.com/golang/snappy v0.0.3 // indirect - github.com/googleapis/gax-go/v2 v2.1.1 // indirect github.com/grpc-ecosystem/grpc-gateway v1.16.0 // indirect github.com/huandu/xstrings v1.3.2 // indirect github.com/imdario/mergo v0.3.12 // indirect @@ -105,7 +104,8 @@ require ( github.com/russross/blackfriday/v2 v2.0.1 // indirect github.com/shopspring/decimal v1.2.0 // indirect github.com/shurcooL/sanitized_anchor_name v1.0.0 // indirect - github.com/sirupsen/logrus v1.7.0 // indirect + github.com/sirupsen/logrus v1.8.1 // indirect + github.com/slackhq/nebula v1.5.2 // indirect github.com/spf13/cast v1.4.1 // indirect github.com/stoewer/go-strcase v1.2.0 // indirect github.com/urfave/cli v1.22.5 // indirect @@ -118,18 +118,16 @@ require ( go.opentelemetry.io/otel/trace v1.4.0 // indirect go.opentelemetry.io/proto/otlp v0.12.0 // indirect go.step.sm/cli-utils v0.7.0 // indirect - go.step.sm/crypto v0.13.0 // indirect - go.step.sm/linkedca v0.7.0 // indirect + go.step.sm/crypto v0.15.3 // indirect + go.step.sm/linkedca v0.11.0 // indirect go.uber.org/atomic v1.7.0 // indirect go.uber.org/multierr v1.6.0 // indirect golang.org/x/mod v0.4.2 // indirect - golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 // indirect - golang.org/x/text v0.3.7 // indirect - golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2 // indirect + golang.org/x/sys v0.0.0-20220209214540-3681064d5158 // indirect + golang.org/x/text v0.3.8-0.20211004125949-5bd84dd9b33b // indirect + golang.org/x/tools v0.1.7 // indirect golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect - google.golang.org/api v0.58.0 // indirect google.golang.org/grpc v1.44.0 // indirect - gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect gopkg.in/square/go-jose.v2 v2.6.0 // indirect gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect howett.net/plist v1.0.0 // indirect diff --git a/go.sum b/go.sum index 235b9d5c..5ddf302b 100644 --- a/go.sum +++ b/go.sum @@ -31,23 +31,32 @@ cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWc cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ= cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4= -cloud.google.com/go v0.97.0 h1:3DXvAyifywvq64LfkKaMOmkWPS1CikIQdMe2lY9vxU8= cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc= +cloud.google.com/go v0.99.0/go.mod h1:w0Xx2nLzqWJPuozYQX+hFfCSI8WioryfRDzkoI/Y2ZA= +cloud.google.com/go v0.100.1/go.mod h1:fs4QogzfH5n2pBXBP9vRiU+eCny7lD2vmFZy79Iuw1U= +cloud.google.com/go v0.100.2 h1:t9Iw5QH5v4XtlEQaCtUY7x6sCABps8sW0acw7e2WQ6Y= +cloud.google.com/go v0.100.2/go.mod h1:4Xra9TjzAeYHrl5+oeLlzbM2k3mjVhZh4UqTZ//w99A= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= +cloud.google.com/go/compute v0.1.0/go.mod h1:GAesmwr110a34z04OlxYkATPBEfVhkymfTBXtfbBFow= +cloud.google.com/go/compute v1.3.0 h1:mPL/MzDDYHsh5tHRS9mhmhWlcgClCrCa6ApQCU6wnHI= +cloud.google.com/go/compute v1.3.0/go.mod h1:cCZiE1NHEtai4wiufUhW8I8S1JKkAnhnQJWM7YD99wM= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= -cloud.google.com/go/kms v1.1.0 h1:1yc4rLqCkVDS9Zvc7m+3mJ47kw0Uo5Q5+sMjcmUVUeM= -cloud.google.com/go/kms v1.1.0/go.mod h1:WdbppnCDMDpOvoYBMn1+gNmOeEoZYqAv+HeuKARGCXI= +cloud.google.com/go/iam v0.1.0 h1:W2vbGCrE3Z7J/x3WXLxxGl9LMSB2uhsAA7Ss/6u/qRY= +cloud.google.com/go/iam v0.1.0/go.mod h1:vcUNEa0pEm0qRVpmWepWaFMIAI8/hjB9mO8rNCJtF6c= +cloud.google.com/go/kms v1.4.0 h1:iElbfoE61VeLhnZcGOltqL8HIly8Nhbe5t6JlH9GXjo= +cloud.google.com/go/kms v1.4.0/go.mod h1:fajBHndQ+6ubNw6Ss2sSd+SWvjL26RNo/dr7uxsnnOA= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= +cloud.google.com/go/security v1.3.0/go.mod h1:pQsnLAXfMzuWVJdctBs8BV3tGd3Jr0SMYu6KK3QXYAs= cloud.google.com/go/spanner v1.17.0/go.mod h1:+17t2ixFwRG4lWRwE+5kipDR9Ef07Jkmc8z0IbMDKUs= cloud.google.com/go/spanner v1.18.0/go.mod h1:LvAjUXPeJRGNuGpikMULjhLj/t9cRvdc+fxRoLiugXA= cloud.google.com/go/spanner v1.20.0/go.mod h1:ajR/W06cMHQu7nqQ4irRGplPNoWgejGJlEhlB8xBTKk= @@ -69,6 +78,8 @@ dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7 dmitri.shuralyov.com/html/belt v0.0.0-20180602232347-f7d459c86be0/go.mod h1:JLBrvjyP0v+ecvNYvCpyZgu5/xkfAUhi6wJj28eUfSU= dmitri.shuralyov.com/service/change v0.0.0-20181023043359-a85b471d5412/go.mod h1:a1inKt/atXimZ4Mv927x+r7UpyzRUf4emIoiiSC2TN4= dmitri.shuralyov.com/state v0.0.0-20180228185332-28bcc343414c/go.mod h1:0PRwlb0D6DFvNNtx+9ybjezNCa8XF0xaYcETyp6rHWU= +filippo.io/edwards25519 v1.0.0-rc.1 h1:m0VOOB23frXZvAOK44usCgLWvtsxIoMCTBGJZlpmGfU= +filippo.io/edwards25519 v1.0.0-rc.1/go.mod h1:N1IkdkCkiLB6tki+MYJoSx2JTY9NUlxZE7eHn5EwJns= git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg= github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96 h1:cTp8I5+VIoKjsnZuH8vjyaysT/ses3EvZeaV/1UkF2M= github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96/go.mod h1:bOvUY6CB00SOBii9/FifXqc0awNKxLFCL/+pkDPuyl8= @@ -135,6 +146,7 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= +github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/antlr/antlr4 v0.0.0-20200503195918-621b933c7a7f h1:0cEys61Sr2hUBEXfNV8eyQP01oZuBgoMeHunebPirK8= github.com/antlr/antlr4 v0.0.0-20200503195918-621b933c7a7f/go.mod h1:T7PbCXFs94rrTttyxjbyT5+/1V8T2TYDejxUfHJjw1Y= @@ -151,6 +163,7 @@ github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hC github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= +github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A= github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b h1:uUXgbcPDK3KpW29o4iy7GtuappbWT0l5NaMo9H9pJDw= @@ -252,6 +265,7 @@ github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsr github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/cyberdelia/go-metrics-graphite v0.0.0-20161219230853-39f87cc3b432/go.mod h1:xwIwAxMvYnVrGJPe2FKx5prTrnAjGOD8zvDOnxnrrkM= github.com/davecgh/go-spew v0.0.0-20161028175848-04cdfd42973b/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= @@ -300,6 +314,7 @@ github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL github.com/felixge/httpsnoop v1.0.2 h1:+nS9g82KMXccJ/wp0zyRW9ZBHFETmMGtkk+2CTTrW4o= github.com/felixge/httpsnoop v1.0.2/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= +github.com/flynn/noise v1.0.0/go.mod h1:xbMo+0i6+IGbYdJhF31t2eR1BIU0CYc12+BNAKwUTag= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/fortytw2/leaktest v1.2.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= @@ -433,6 +448,7 @@ github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO github.com/google/go-replayers/grpcreplay v0.1.0/go.mod h1:8Ig2Idjpr6gifRd6pNVggX6TC1Zw6Jx74AKp7QNH2QE= github.com/google/go-replayers/httpreplay v0.1.0/go.mod h1:YKZViNhiGgqdBlUbI2MwGpq4pXxNmhJLPHQ7cv2b5no= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo= github.com/google/licenseclassifier v0.0.0-20210325184830-bb04aff29e72/go.mod h1:qsqn2hxC+vURpyBRygGUuinTO42MFRLcsmQ/P8v94+M= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian v2.1.1-0.20190517191504-25dcb96d9e51+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= @@ -625,6 +641,7 @@ github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfV github.com/juju/ratelimit v1.0.1/go.mod h1:qapgC/Gy+xNh9UxzV13HGGl/6UXNN+ct+vwSgWNm/qk= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= +github.com/kardianos/service v1.2.0/go.mod h1:CIMRFEJVL+0DS1a3Nx06NaMn4Dz63Ng6O7dl0qH0zVM= github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8= github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= @@ -666,6 +683,8 @@ github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0U github.com/lucas-clemente/quic-go v0.26.0 h1:ALBQXr9UJ8A1LyzvceX4jd9QFsHvlI0RR6BkV16o00A= github.com/lucas-clemente/quic-go v0.26.0/go.mod h1:AzgQoPda7N+3IqMMMkywBKggIFo2KT6pfnlrQ2QieeI= github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= +github.com/lxn/walk v0.0.0-20210112085537-c389da54e794/go.mod h1:E23UucZGqpuUANJooIbHWCufXvOcT6E7Stq81gU+CSQ= +github.com/lxn/win v0.0.0-20210218163916-a377121e959e/go.mod h1:KxxjdtRkfNoYDCUP5ryK7XJJNTnpC8atvtmTheChOtk= github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= @@ -713,6 +732,7 @@ github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00v github.com/micromdm/scep/v2 v2.1.0 h1:2fS9Rla7qRR266hvUoEauBJ7J6FhgssEiq2OkSKXmaU= github.com/micromdm/scep/v2 v2.1.0/go.mod h1:BkF7TkPPhmgJAMtHfP+sFTKXmgzNJgLQlvvGoOExBcc= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= +github.com/miekg/dns v1.1.43/go.mod h1:+evo5L0630/F6ca/Z9+GAqzhjGyn8/c+TBaOyfEl0V4= github.com/miekg/dns v1.1.46 h1:uzwpxRtSVxtcIZmz/4Uz6/Rn7G11DvsaslXoy5LxQio= github.com/miekg/dns v1.1.46/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME= github.com/miekg/pkcs11 v1.0.2/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= @@ -757,6 +777,7 @@ github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzE github.com/nats-io/nkeys v0.1.0/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c= +github.com/nbrownus/go-metrics-prometheus v0.0.0-20210712211119-974a6260965f/go.mod h1:nwPd6pDNId/Xi16qtKrFHrauSwMNuvk+zcjk89wrnlA= github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo= github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM= github.com/newrelic/go-agent v2.15.0+incompatible/go.mod h1:a8Fv1b/fYhFSReoTU6HDkTYIMZeSVNffmoS726Y0LzQ= @@ -864,6 +885,7 @@ github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40T github.com/pseudomuto/protoc-gen-doc v1.4.1/go.mod h1:exDTOVwqpp30eV/EDPFLZy3Pwr2sn6hBC1WIYH/UbIg= github.com/pseudomuto/protokit v0.2.0/go.mod h1:2PdH30hxVHsup8KpBTOXTBeMVhJZVio3Q8ViKSAXT0Q= github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= +github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/rogpeppe/fastuuid v1.1.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= @@ -918,13 +940,18 @@ github.com/sirupsen/logrus v1.3.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPx github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= -github.com/sirupsen/logrus v1.7.0 h1:ShrD1U9pZB12TX0cVy0DtePoCH97K8EtX+mg7ZARUtM= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= +github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE= +github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= +github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e/go.mod h1:XV66xRDqSt+GTGFMVlhk3ULuV0y9ZmzeVGR4mloJI3M= +github.com/slackhq/nebula v1.5.2 h1:wuIOHsOnrNw3rQx8yPxXiGu8wAtAxxtUI/K8W7Vj7EI= +github.com/slackhq/nebula v1.5.2/go.mod h1:xaCM6wqbFk/NRmmUe1bv88fWBm3a1UioXJVIpR52WlE= github.com/smallstep/assert v0.0.0-20180720014142-de77670473b5/go.mod h1:TC9A4+RjIOS+HyTH7wG17/gSqVv95uDw2J64dQZx7RE= github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262 h1:unQFBIznI+VYD1/1fApl1A+9VcBk+9dcqGfnePY87LY= github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262/go.mod h1:MyOHs9Po2fbM1LHej6sBUT8ozbxmMOFG+E+rx/GSGuc= -github.com/smallstep/certificates v0.18.0 h1:Oqt3aVDPIrwN+ujLH0iyaUvoFC3deBlWwDvU6FgiDXY= github.com/smallstep/certificates v0.18.0/go.mod h1:8eHwHNg/bRWvNZo9S0uWFVMkS+LSpDYxM4//EgBhkFM= +github.com/smallstep/certificates v0.18.3-0.20220328195804-49de04661b85 h1:iXoo8eraLn0rFbn92eVd8dNjj1jcHcYsOQaqssUPTZ4= +github.com/smallstep/certificates v0.18.3-0.20220328195804-49de04661b85/go.mod h1:K4gQuZo7j4kzQb0zF0A2s6/kiPh3ZhmFThlHh2B+Gwg= github.com/smallstep/certinfo v1.5.2/go.mod h1:gA7HBbue0Wwr3kD60P2UtgTIFfMAOC66D3rzYhI0GZ4= github.com/smallstep/cli v0.18.0 h1:BslbUHuMfj/LbVHxuZ4Hv1sL+vAHHidqia4JRoCBwXs= github.com/smallstep/cli v0.18.0/go.mod h1:C8ZSfMm/pKdCHnN1C3Pc44bjIOkBbyuoyq6XjS/K9lI= @@ -944,6 +971,7 @@ github.com/smartystreets/gunit v1.0.0/go.mod h1:qwPWnhz6pn0NnRBP++URONOVyNkPyr4S github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= github.com/soheilhy/cmux v0.1.5-0.20210205191134-5ec6847320e5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= +github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8/go.mod h1:P5HUIBuIWKbyjl083/loAegFkfbFNx5i2qEP4CNbm7E= github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d/go.mod h1:UdhH50NIW0fCiwBSr0co2m7BnFLdv4fQTgdqdJTHFeE= github.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e/go.mod h1:HuIsMU8RRBOtsCgI77wP899iHVBQpCmg4ErYMZB+2IA= @@ -1010,6 +1038,9 @@ github.com/urfave/cli v1.22.5 h1:lNq9sAHXK2qfdI8W+GRItjCEkI+2oR4d+MEHy1CKXoU= github.com/urfave/cli v1.22.5/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU= github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM= +github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= +github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= +github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= github.com/weppos/publicsuffix-go v0.4.0/go.mod h1:z3LCPQ38eedDQSwmsSRW4Y7t2L8Ln16JPQ02lHAdn5k= github.com/xanzy/go-gitlab v0.31.0/go.mod h1:sPLojNBn68fMUWSxIJtdVVIP8uSBYqesTfDUseX11Ug= github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4= @@ -1021,6 +1052,7 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.5/go.mod h1:rmuwmfZ0+bvzB24eSC//bk1R1Zp3hM0OXYv/G2LIilg= github.com/yuin/goldmark v1.4.8 h1:zHPiabbIRssZOI0MAzJDHsyvG4MXCGqVaMOwR+HeoQQ= github.com/yuin/goldmark v1.4.8/go.mod h1:rmuwmfZ0+bvzB24eSC//bk1R1Zp3hM0OXYv/G2LIilg= @@ -1111,10 +1143,12 @@ go.opentelemetry.io/proto/otlp v0.12.0/go.mod h1:TsIjwGWIx5VFYv9KGVlOpxoBl5Dy+63 go.step.sm/cli-utils v0.7.0 h1:2GvY5Muid1yzp7YQbfCCS+gK3q7zlHjjLL5Z0DXz8ds= go.step.sm/cli-utils v0.7.0/go.mod h1:Ur6bqA/yl636kCUJbp30J7Unv5JJ226eW2KqXPDwF/E= go.step.sm/crypto v0.9.0/go.mod h1:+CYG05Mek1YDqi5WK0ERc6cOpKly2i/a5aZmU1sfGj0= -go.step.sm/crypto v0.13.0 h1:mQuP9Uu2FNmqCJNO0OTbvolnYXzONy4wdUBtUVcP1s8= go.step.sm/crypto v0.13.0/go.mod h1:5YzQ85BujYBu6NH18jw7nFjwuRnDch35nLzH0ES5sKg= -go.step.sm/linkedca v0.7.0 h1:ydYigs0CgLFkPGjOO4KJcAcAWbuPP8ECF1IsyHdftYc= +go.step.sm/crypto v0.15.3 h1:f3GMl+aCydt294BZRjTYwpaXRqwwndvoTY2NLN4wu10= +go.step.sm/crypto v0.15.3/go.mod h1:3G0yQr5lQqfEG0CMYz8apC/qMtjLRQlzflL2AxkcN+g= go.step.sm/linkedca v0.7.0/go.mod h1:5uTRjozEGSPAZal9xJqlaD38cvJcLe3o1VAFVjqcORo= +go.step.sm/linkedca v0.11.0 h1:jkG5XDQz9VSz2PH+cGjDvJTwiIziN0SWExTnicWpb8o= +go.step.sm/linkedca v0.11.0/go.mod h1:5uTRjozEGSPAZal9xJqlaD38cvJcLe3o1VAFVjqcORo= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= @@ -1165,10 +1199,14 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201203163018-be400aefbc4c/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= +golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210915214749-c084706c2272/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20211202192323-5770296d904e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220210151621-f4118a5b28e2 h1:XdAboW3BNMv9ocSCOk/u1MFioZGzCNkiJZ19v9Oe3Ig= golang.org/x/crypto v0.0.0-20220210151621-f4118a5b28e2/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -1270,8 +1308,11 @@ golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210913180222-943fd674d43e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20211020060615-d418f374d309/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -1295,8 +1336,9 @@ golang.org/x/oauth2 v0.0.0-20210427180440-81ed05c6b58c/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f h1:Qmd2pbz05z7z6lm0DrgQVVPuBm92jqujBKMHMOlOQEw= golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 h1:RerP+noqYHUQ8CMRcPlC2nvTa4dcBIjegkuWdcUDuqg= +golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/perf v0.0.0-20180704124530-6e6d33e29852/go.mod h1:JLpeXjPJfIyPr5TlbXLkXWLhP8nz10XfvxElABhCtcw= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1333,6 +1375,7 @@ golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190620070143-6f217b454f45/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190626221950-04f50cda93cb/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1354,6 +1397,7 @@ golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1371,6 +1415,8 @@ golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201009025420-dfb3f7c4e634/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201015000850-e3ed0017c211/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201018230417-eeed37f84f13/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1378,6 +1424,7 @@ golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210309074719-68d13333faf2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1396,14 +1443,20 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210915083310-ed5796bab164/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210917161153-d61c044b1678/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211031064116-611d5d643895/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211103235746-7861aae1554b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211210111614-af8b64212486/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 h1:XfKQ4OlFl8okEOr5UvAqFRVj8pY/4yfcXrddB8qAbU0= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220209214540-3681064d5158 h1:rm+CHSpPEEW2IsXUib1ThaHIjuBVZjxNgSKmBLFfD4c= +golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210503060354-a79de5458b56/go.mod h1:tfny5GFUkzUvx4ps4ajbZsCe5lw1metzhBm9T3x7oIY= @@ -1417,8 +1470,9 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.3.8-0.20211004125949-5bd84dd9b33b h1:NXqSWXSRUSCaFuvitrWtU169I3876zRTalMRbfd6LL0= +golang.org/x/text v0.3.8-0.20211004125949-5bd84dd9b33b/go.mod h1:EFNZuWvGYxIRUEX+K8UmCFwYmZjqcrnq15ZuVldZkZ0= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -1500,8 +1554,9 @@ golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2 h1:BonxutuHCTL0rBDnZlKjpGIQFTjyUVTexFOdWkB6Fg0= golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.7 h1:6j8CgantCy3yc8JGBqkDLMKWqZ0RDU2g1HVgacojGWQ= +golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo= golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1509,6 +1564,8 @@ golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.zx2c4.com/wintun v0.0.0-20211104114900-415007cec224/go.mod h1:deeaetjYA+DHMHg+sMSMI58GrEteJUUzzw7en6TJQcI= +golang.zx2c4.com/wireguard/windows v0.5.1/go.mod h1:EApyTk/ZNrkbZjurHL1nleDYnsPpJYBO7LZEBCyDAHk= google.golang.org/api v0.0.0-20180910000450-7ca32eb868bf/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= google.golang.org/api v0.0.0-20181030000543-1d582fd0359e/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= google.golang.org/api v0.1.0/go.mod h1:UGEZY7KEX120AnNLIHFMKIo4obdJhkp2tPbaPlQx13Y= @@ -1548,8 +1605,11 @@ google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6 google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE= google.golang.org/api v0.56.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE= google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI= -google.golang.org/api v0.58.0 h1:MDkAbYIB1JpSgCTOCYYoIec/coMlKK4oVbpnBLLcyT0= -google.golang.org/api v0.58.0/go.mod h1:cAbP2FsxoGVNwtgNAmmn3y5G1TWAiVYRmg4yku3lv+E= +google.golang.org/api v0.61.0/go.mod h1:xQRti5UdCmoCEqFxcz93fTl338AVqDgyaDRuOZ3hg9I= +google.golang.org/api v0.63.0/go.mod h1:gs4ij2ffTRXwuzzgJl/56BdwJaA194ijkfn++9tDuPo= +google.golang.org/api v0.67.0/go.mod h1:ShHKP8E60yPsKNw/w8w+VYaj9H6buA5UqDp8dhbQZ6g= +google.golang.org/api v0.70.0 h1:67zQnAE0T2rB0A3CwLSas0K+SbVzSxP+zTLkQLexeiw= +google.golang.org/api v0.70.0/go.mod h1:Bs4ZM2HGifEvXwd50TtW70ovgJffJYw2oRCOFU/SkfA= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1634,11 +1694,16 @@ google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEc google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210917145530-b395a37504d4/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20211018162055-cf77aa76bad2/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20220118154757-00ab72f36ad5 h1:zzNejm+EgrbLfDZ6lu9Uud2IVvHySPl8vQzf04laR5Q= -google.golang.org/genproto v0.0.0-20220118154757-00ab72f36ad5/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20211221195035-429b39de9b1c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20220126215142-9970aeb2e350/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20220207164111-0872dc986b00/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20220218161850-94dd64e39d7c/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= +google.golang.org/genproto v0.0.0-20220222213610-43724f9ea8cf h1:SVYXkUz2yZS9FWb2Gm8ivSlbNQzL2Z/NpPKE3RG2jWk= +google.golang.org/genproto v0.0.0-20220222213610-43724f9ea8cf/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= @@ -1673,6 +1738,7 @@ google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQ google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= +google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.43.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= google.golang.org/grpc v1.44.0 h1:weqSxi/TMs1SqFRMHCtBgXRs8k3X39QIDEZ0pRcttUg= google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= From 22d8edb984b9a0cbe5d205f823b455920464bb95 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Sun, 3 Apr 2022 12:04:33 -0400 Subject: [PATCH 0614/1498] cmd: Fix defaulting admin address if empty in config, fixes `reload` (#4674) --- cmd/commandfuncs.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go index 33237401..3cbe85b9 100644 --- a/cmd/commandfuncs.go +++ b/cmd/commandfuncs.go @@ -735,7 +735,7 @@ func DetermineAdminAPIAddress(address, configFile, configAdapter string) (string return "", fmt.Errorf("no config file to load") } - // get the address of the admin listener + // get the address of the admin listener if set if len(config) > 0 { var tmpStruct struct { Admin caddy.AdminConfig `json:"admin"` @@ -744,7 +744,9 @@ func DetermineAdminAPIAddress(address, configFile, configAdapter string) (string if err != nil { return "", fmt.Errorf("unmarshaling admin listener address from config: %v", err) } - return tmpStruct.Admin.Listen, nil + if tmpStruct.Admin.Listen != "" { + return tmpStruct.Admin.Listen, nil + } } } From 7d229665ed96a6b1e5b89d6fd963ac54e2b56bb6 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Thu, 7 Apr 2022 13:23:28 -0400 Subject: [PATCH 0615/1498] logging: Caddyfile support for `duration_format` (#4684) Somehow, this was missed. Oops! --- modules/logging/encoders.go | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/modules/logging/encoders.go b/modules/logging/encoders.go index bc5fe210..38083db0 100644 --- a/modules/logging/encoders.go +++ b/modules/logging/encoders.go @@ -128,15 +128,16 @@ type LogEncoderConfig struct { // UnmarshalCaddyfile populates the struct from Caddyfile tokens. Syntax: // // { -// message_key -// level_key -// time_key -// name_key -// caller_key -// stacktrace_key -// line_ending -// time_format -// level_format +// message_key +// level_key +// time_key +// name_key +// caller_key +// stacktrace_key +// line_ending +// time_format +// duration_format +// level_format // } // func (lec *LogEncoderConfig) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { @@ -163,6 +164,8 @@ func (lec *LogEncoderConfig) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { lec.LineEnding = &arg case "time_format": lec.TimeFormat = arg + case "duration_format": + lec.DurationFormat = arg case "level_format": lec.LevelFormat = arg default: From afca2421112eb89e435888f50f8146364a3c60a4 Mon Sep 17 00:00:00 2001 From: "Y.Horie" Date: Fri, 8 Apr 2022 06:01:09 +0900 Subject: [PATCH 0616/1498] staticfiles: Expand placeholder for index files (#4679) --- caddytest/integration/caddyfile_test.go | 24 +++++++++++++++++++ .../integration/testdata/index.localhost.html | 0 modules/caddyhttp/fileserver/staticfiles.go | 1 + 3 files changed, 25 insertions(+) create mode 100644 caddytest/integration/testdata/index.localhost.html diff --git a/caddytest/integration/caddyfile_test.go b/caddytest/integration/caddyfile_test.go index 4e9bdd98..be85f4ab 100644 --- a/caddytest/integration/caddyfile_test.go +++ b/caddytest/integration/caddyfile_test.go @@ -101,3 +101,27 @@ func TestReadCookie(t *testing.T) { // act and assert tester.AssertGetResponse("http://localhost:9080/cookie.html", 200, "

Cookie.ClientName caddytest

") } + +func TestReplIndex(t *testing.T) { + + tester := caddytest.NewTester(t) + tester.InitServer(` + { + http_port 9080 + https_port 9443 + } + + localhost:9080 { + templates { + root testdata + } + file_server { + root testdata + index "index.{host}.html" + } + } + `, "caddyfile") + + // act and assert + tester.AssertGetResponse("http://localhost:9080/", 200, "") +} diff --git a/caddytest/integration/testdata/index.localhost.html b/caddytest/integration/testdata/index.localhost.html new file mode 100644 index 00000000..e69de29b diff --git a/modules/caddyhttp/fileserver/staticfiles.go b/modules/caddyhttp/fileserver/staticfiles.go index 01146078..9a2bc6e2 100644 --- a/modules/caddyhttp/fileserver/staticfiles.go +++ b/modules/caddyhttp/fileserver/staticfiles.go @@ -200,6 +200,7 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c var implicitIndexFile bool if info.IsDir() && len(fsrv.IndexNames) > 0 { for _, indexPage := range fsrv.IndexNames { + indexPage := repl.ReplaceAll(indexPage, "") indexPath := caddyhttp.SanitizedPathJoin(filename, indexPage) if fileHidden(indexPath, filesToHide) { // pretend this file doesn't exist From e4ce40f8ff0424054045de2461fc7228c66f3c61 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 11 Apr 2022 14:49:56 -0400 Subject: [PATCH 0617/1498] reverseproxy: Sync up `handleUpgradeResponse` with stdlib (#4664) * reverseproxy: Sync up `handleUpgradeResponse` with stdlib I had left this as a TODO for when we bump to minimum 1.17, but I should've realized it was under `internal` so it couldn't be used directly. Copied the functions we needed for parity. Hopefully this is ok! * Add tests and fix godoc comments Co-authored-by: Matthew Holt --- modules/caddyhttp/reverseproxy/ascii.go | 57 ++++++++++ modules/caddyhttp/reverseproxy/ascii_test.go | 114 +++++++++++++++++++ modules/caddyhttp/reverseproxy/streaming.go | 13 ++- 3 files changed, 180 insertions(+), 4 deletions(-) create mode 100644 modules/caddyhttp/reverseproxy/ascii.go create mode 100644 modules/caddyhttp/reverseproxy/ascii_test.go diff --git a/modules/caddyhttp/reverseproxy/ascii.go b/modules/caddyhttp/reverseproxy/ascii.go new file mode 100644 index 00000000..75b8220f --- /dev/null +++ b/modules/caddyhttp/reverseproxy/ascii.go @@ -0,0 +1,57 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Most of the code in this file was initially borrowed from the Go +// standard library and modified; It had this copyright notice: +// Copyright 2021 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Original source, copied because the package was marked internal: +// https://github.com/golang/go/blob/5c489514bc5e61ad9b5b07bd7d8ec65d66a0512a/src/net/http/internal/ascii/print.go + +package reverseproxy + +// asciiEqualFold is strings.EqualFold, ASCII only. It reports whether s and t +// are equal, ASCII-case-insensitively. +func asciiEqualFold(s, t string) bool { + if len(s) != len(t) { + return false + } + for i := 0; i < len(s); i++ { + if asciiLower(s[i]) != asciiLower(t[i]) { + return false + } + } + return true +} + +// asciiLower returns the ASCII lowercase version of b. +func asciiLower(b byte) byte { + if 'A' <= b && b <= 'Z' { + return b + ('a' - 'A') + } + return b +} + +// asciiIsPrint returns whether s is ASCII and printable according to +// https://tools.ietf.org/html/rfc20#section-4.2. +func asciiIsPrint(s string) bool { + for i := 0; i < len(s); i++ { + if s[i] < ' ' || s[i] > '~' { + return false + } + } + return true +} diff --git a/modules/caddyhttp/reverseproxy/ascii_test.go b/modules/caddyhttp/reverseproxy/ascii_test.go new file mode 100644 index 00000000..d1f0c1da --- /dev/null +++ b/modules/caddyhttp/reverseproxy/ascii_test.go @@ -0,0 +1,114 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Most of the code in this file was initially borrowed from the Go +// standard library and modified; It had this copyright notice: +// Copyright 2021 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Original source, copied because the package was marked internal: +// https://github.com/golang/go/blob/5c489514bc5e61ad9b5b07bd7d8ec65d66a0512a/src/net/http/internal/ascii/print_test.go + +package reverseproxy + +import "testing" + +func TestEqualFold(t *testing.T) { + var tests = []struct { + name string + a, b string + want bool + }{ + { + name: "empty", + want: true, + }, + { + name: "simple match", + a: "CHUNKED", + b: "chunked", + want: true, + }, + { + name: "same string", + a: "chunked", + b: "chunked", + want: true, + }, + { + name: "Unicode Kelvin symbol", + a: "chunKed", // This "K" is 'KELVIN SIGN' (\u212A) + b: "chunked", + want: false, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if got := asciiEqualFold(tt.a, tt.b); got != tt.want { + t.Errorf("AsciiEqualFold(%q,%q): got %v want %v", tt.a, tt.b, got, tt.want) + } + }) + } +} + +func TestIsPrint(t *testing.T) { + var tests = []struct { + name string + in string + want bool + }{ + { + name: "empty", + want: true, + }, + { + name: "ASCII low", + in: "This is a space: ' '", + want: true, + }, + { + name: "ASCII high", + in: "This is a tilde: '~'", + want: true, + }, + { + name: "ASCII low non-print", + in: "This is a unit separator: \x1F", + want: false, + }, + { + name: "Ascii high non-print", + in: "This is a Delete: \x7F", + want: false, + }, + { + name: "Unicode letter", + in: "Today it's 280K outside: it's freezing!", // This "K" is 'KELVIN SIGN' (\u212A) + want: false, + }, + { + name: "Unicode emoji", + in: "Gophers like 🧀", + want: false, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if got := asciiIsPrint(tt.in); got != tt.want { + t.Errorf("IsASCIIPrint(%q): got %v want %v", tt.in, got, tt.want) + } + }) + } +} diff --git a/modules/caddyhttp/reverseproxy/streaming.go b/modules/caddyhttp/reverseproxy/streaming.go index 1db352b7..6bd1af23 100644 --- a/modules/caddyhttp/reverseproxy/streaming.go +++ b/modules/caddyhttp/reverseproxy/streaming.go @@ -32,10 +32,15 @@ import ( func (h Handler) handleUpgradeResponse(logger *zap.Logger, rw http.ResponseWriter, req *http.Request, res *http.Response) { reqUpType := upgradeType(req.Header) resUpType := upgradeType(res.Header) - // TODO: Update to use "net/http/internal/ascii" once we bumped - // the minimum Go version to 1.17. - // See https://github.com/golang/go/commit/5c489514bc5e61ad9b5b07bd7d8ec65d66a0512a - if reqUpType != resUpType { + + // Taken from https://github.com/golang/go/commit/5c489514bc5e61ad9b5b07bd7d8ec65d66a0512a + // We know reqUpType is ASCII, it's checked by the caller. + if !asciiIsPrint(resUpType) { + h.logger.Debug("backend tried to switch to invalid protocol", + zap.String("backend_upgrade", resUpType)) + return + } + if !asciiEqualFold(reqUpType, resUpType) { h.logger.Debug("backend tried to switch to unexpected protocol via Upgrade header", zap.String("backend_upgrade", resUpType), zap.String("requested_upgrade", reqUpType)) From 3e3bb00265f8fa0dd8ff3d33ce901776fd689f32 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 11 Apr 2022 15:04:05 -0400 Subject: [PATCH 0618/1498] reverseproxy: Add `_ms` placeholders for proxy durations (#4666) * reverseproxy: Add `_ms` placeholders for proxy durations * Add http.request.duration_ms Also add comments, and change duration_sec to duration_ms * Add response.duration_ms for consistency * Add missing godoc comment Co-authored-by: Matthew Holt --- modules/caddyhttp/app.go | 1 + modules/caddyhttp/replacer.go | 3 +++ modules/caddyhttp/reverseproxy/reverseproxy.go | 6 ++++++ modules/caddyhttp/server.go | 1 + 4 files changed, 11 insertions(+) diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go index d81f5563..d886b888 100644 --- a/modules/caddyhttp/app.go +++ b/modules/caddyhttp/app.go @@ -49,6 +49,7 @@ func init() { // `{http.request.body}` | The request body (⚠️ inefficient; use only for debugging) // `{http.request.cookie.*}` | HTTP request cookie // `{http.request.duration}` | Time up to now spent handling the request (after decoding headers from client) +// `{http.request.duration_ms}` | Same as 'duration', but in milliseconds. // `{http.request.uuid}` | The request unique identifier // `{http.request.header.*}` | Specific request header field // `{http.request.host.labels.*}` | Request host labels (0-based from right); e.g. for foo.example.com: 0=com, 1=example, 2=foo diff --git a/modules/caddyhttp/replacer.go b/modules/caddyhttp/replacer.go index d3fa8918..2fa65171 100644 --- a/modules/caddyhttp/replacer.go +++ b/modules/caddyhttp/replacer.go @@ -148,6 +148,9 @@ func addHTTPVarsToReplacer(repl *caddy.Replacer, req *http.Request, w http.Respo case "http.request.duration": start := GetVar(req.Context(), "start_time").(time.Time) return time.Since(start), true + case "http.request.duration_ms": + start := GetVar(req.Context(), "start_time").(time.Time) + return time.Since(start).Seconds() * 1e3, true // multiply seconds to preserve decimal (see #4666) case "http.request.uuid": id := GetVar(req.Context(), "uuid").(*requestID) return id.String(), true diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 2131a91c..d69b04e1 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -58,8 +58,11 @@ func init() { // `{http.reverse_proxy.upstream.max_requests}` | The maximum approximate number of requests allowed to the upstream // `{http.reverse_proxy.upstream.fails}` | The number of recent failed requests to the upstream // `{http.reverse_proxy.upstream.latency}` | How long it took the proxy upstream to write the response header. +// `{http.reverse_proxy.upstream.latency_ms}` | Same as 'latency', but in milliseconds. // `{http.reverse_proxy.upstream.duration}` | Time spent proxying to the upstream, including writing response body to client. +// `{http.reverse_proxy.upstream.duration_ms}` | Same as 'upstream.duration', but in milliseconds. // `{http.reverse_proxy.duration}` | Total time spent proxying, including selecting an upstream, retries, and writing response. +// `{http.reverse_proxy.duration_ms}` | Same as 'duration', but in milliseconds. type Handler struct { // Configures the method of transport for the proxy. A transport // is what performs the actual "round trip" to the backend. @@ -400,6 +403,7 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyht defer func() { // total proxying duration, including time spent on LB and retries repl.Set("http.reverse_proxy.duration", time.Since(start)) + repl.Set("http.reverse_proxy.duration_ms", time.Since(start).Seconds()*1e3) // multiply seconds to preserve decimal (see #4666) }() // in the proxy loop, each iteration is an attempt to proxy the request, @@ -724,6 +728,7 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, repl * // duration until upstream wrote response headers (roundtrip duration) repl.Set("http.reverse_proxy.upstream.latency", duration) + repl.Set("http.reverse_proxy.upstream.latency_ms", duration.Seconds()*1e3) // multiply seconds to preserve decimal (see #4666) // update circuit breaker on current conditions if di.Upstream.cb != nil { @@ -909,6 +914,7 @@ func (h Handler) finalizeResponse( // total duration spent proxying, including writing response body repl.Set("http.reverse_proxy.upstream.duration", time.Since(start)) + repl.Set("http.reverse_proxy.upstream.duration_ms", time.Since(start).Seconds()*1e3) if len(res.Trailer) == announcedTrailers { copyHeader(rw.Header(), res.Trailer) diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index 6ab77dfc..a4a976f7 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -190,6 +190,7 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { repl.Set("http.response.status", wrec.Status()) repl.Set("http.response.size", wrec.Size()) repl.Set("http.response.duration", duration) + repl.Set("http.response.duration_ms", duration.Seconds()*1e3) // multiply seconds to preserve decimal (see #4666) logger := accLog if s.Logs != nil { From 6512832f9f3904209ccb3c305e38ebde108083fb Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 12 Apr 2022 14:49:19 -0400 Subject: [PATCH 0619/1498] cmd: Add `--diff` option for `caddy fmt` (#4695) --- cmd/commandfuncs.go | 15 +++++++++++++++ cmd/commands.go | 6 ++++++ 2 files changed, 21 insertions(+) diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go index 3cbe85b9..79604d93 100644 --- a/cmd/commandfuncs.go +++ b/cmd/commandfuncs.go @@ -32,6 +32,7 @@ import ( "sort" "strings" + "github.com/aryann/difflib" "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/caddyconfig" "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" @@ -569,6 +570,20 @@ func cmdFmt(fl Flags) (int, error) { if err := os.WriteFile(formatCmdConfigFile, output, 0600); err != nil { return caddy.ExitCodeFailedStartup, fmt.Errorf("overwriting formatted file: %v", err) } + } else if fl.Bool("diff") { + diff := difflib.Diff( + strings.Split(string(input), "\n"), + strings.Split(string(output), "\n")) + for _, d := range diff { + switch d.Delta { + case difflib.Common: + fmt.Printf(" %s\n", d.Payload) + case difflib.LeftOnly: + fmt.Printf("- %s\n", d.Payload) + case difflib.RightOnly: + fmt.Printf("+ %s\n", d.Payload) + } + } } else { fmt.Print(string(output)) } diff --git a/cmd/commands.go b/cmd/commands.go index 0c68b7c8..51960f34 100644 --- a/cmd/commands.go +++ b/cmd/commands.go @@ -282,12 +282,18 @@ human readability. It prints the result to stdout. If --overwrite is specified, the output will be written to the config file directly instead of printing it. +If --diff is specified, the output will be compared against the input, and +lines will be prefixed with '-' and '+' where they differ. Note that +unchanged lines are prefixed with two spaces for alignment, and that this +is not a valid patch format. + If you wish you use stdin instead of a regular file, use - as the path. When reading from stdin, the --overwrite flag has no effect: the result is always printed to stdout.`, Flags: func() *flag.FlagSet { fs := flag.NewFlagSet("fmt", flag.ExitOnError) fs.Bool("overwrite", false, "Overwrite the input file with the results") + fs.Bool("diff", false, "Print the differences between the input file and the formatted output") return fs }(), }) From 00234c8ac20af0bf2d2229d4b25b5d843b962224 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 12 Apr 2022 15:48:42 -0400 Subject: [PATCH 0620/1498] templates: Switch to `BurntSushi/toml` (#4700) --- go.mod | 4 +--- go.sum | 5 ----- modules/caddyhttp/templates/frontmatter.go | 2 +- 3 files changed, 2 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index f1b11667..61dc9cf8 100644 --- a/go.mod +++ b/go.mod @@ -3,6 +3,7 @@ module github.com/caddyserver/caddy/v2 go 1.17 require ( + github.com/BurntSushi/toml v1.0.0 github.com/Masterminds/sprig/v3 v3.2.2 github.com/alecthomas/chroma v0.10.0 github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b @@ -15,7 +16,6 @@ require ( github.com/klauspost/cpuid/v2 v2.0.11 github.com/lucas-clemente/quic-go v0.26.0 github.com/mholt/acmez v1.0.2 - github.com/naoina/toml v0.1.1 github.com/prometheus/client_golang v1.12.1 github.com/smallstep/certificates v0.18.3-0.20220328195804-49de04661b85 github.com/smallstep/cli v0.18.0 @@ -41,7 +41,6 @@ require ( require ( filippo.io/edwards25519 v1.0.0-rc.1 // indirect github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96 // indirect - github.com/BurntSushi/toml v1.0.0 // indirect github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/semver/v3 v3.1.1 // indirect github.com/antlr/antlr4 v0.0.0-20200503195918-621b933c7a7f // indirect @@ -93,7 +92,6 @@ require ( github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/go-ps v1.0.0 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect - github.com/naoina/go-stringutil v0.1.0 // indirect github.com/nxadm/tail v1.4.8 // indirect github.com/onsi/ginkgo v1.16.4 // indirect github.com/pkg/errors v0.9.1 // indirect diff --git a/go.sum b/go.sum index 5ddf302b..661d59f2 100644 --- a/go.sum +++ b/go.sum @@ -667,7 +667,6 @@ github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/letsencrypt/pkcs11key/v4 v4.0.0/go.mod h1:EFUvBDay26dErnNb70Nd0/VW3tJiIbETBPTl9ATXQag= github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= @@ -766,10 +765,6 @@ github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRW github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mwitkow/go-proto-validators v0.0.0-20180403085117-0950a7990007/go.mod h1:m2XC9Qq0AlmmVksL6FktJCdTYyLk7V3fKyp0sl1yWQo= github.com/mwitkow/go-proto-validators v0.2.0/go.mod h1:ZfA1hW+UH/2ZHOWvQ3HnQaU0DtnpXu850MZiy+YUgcc= -github.com/naoina/go-stringutil v0.1.0 h1:rCUeRUHjBjGTSHl0VC00jUPLz8/F9dDzYI70Hzifhks= -github.com/naoina/go-stringutil v0.1.0/go.mod h1:XJ2SJL9jCtBh+P9q5btrd/Ylo8XwT/h1USek5+NqSA0= -github.com/naoina/toml v0.1.1 h1:PT/lllxVVN0gzzSqSlHEmP8MJB4MY2U7STGxiouV4X8= -github.com/naoina/toml v0.1.1/go.mod h1:NBIhNtsFMo3G2szEBne+bO4gS192HuIYRqfvOWb4i1E= github.com/nats-io/jwt v0.3.0/go.mod h1:fRYCDE99xlTsqUzISS1Bi75UBJ6ljOJQOAAu5VglpSg= github.com/nats-io/jwt v0.3.2/go.mod h1:/euKqTS1ZD+zzjYrY7pseZrTtWQSjujC7xjPc8wL6eU= github.com/nats-io/nats-server/v2 v2.1.2/go.mod h1:Afk+wRZqkMQs/p45uXdrVLuab3gwv3Z8C4HTBu8GD/k= diff --git a/modules/caddyhttp/templates/frontmatter.go b/modules/caddyhttp/templates/frontmatter.go index dd052171..fd6023e5 100644 --- a/modules/caddyhttp/templates/frontmatter.go +++ b/modules/caddyhttp/templates/frontmatter.go @@ -6,7 +6,7 @@ import ( "strings" "unicode" - "github.com/naoina/toml" + "github.com/BurntSushi/toml" "gopkg.in/yaml.v2" ) From e2535233bb539852c385271d8959a9ec16267cc1 Mon Sep 17 00:00:00 2001 From: cui fliter Date: Thu, 14 Apr 2022 00:13:28 +0800 Subject: [PATCH 0621/1498] fix typo (#4702) Signed-off-by: cuishuang --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8572e44a..68e231de 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -99,7 +99,7 @@ jobs: TAG: ${{ steps.vars.outputs.version_tag }} # Only publish on non-special tags (e.g. non-beta) - # We will continue to push to Gemfury for the forseeable future, although + # We will continue to push to Gemfury for the foreseeable future, although # Cloudsmith is probably better, to not break things for existing users of Gemfury. # See https://gemfury.com/caddy/deb:caddy - name: Publish .deb to Gemfury From bc15b4b0e799c52be8be86e85e9624141319474d Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 13 Apr 2022 12:20:42 -0400 Subject: [PATCH 0622/1498] caddypki: Load intermediate for signing on-the-fly (#4669) * caddypki: Load intermediate for signing on-the-fly Fixes #4517 Big thanks to @maraino for adding an API in `smallstep/certificates` so that we can fix this * Debug log * Trying a hunch, does it need to be a pointer receiver? * Clarify pointer receiver Co-authored-by: Matt Holt Co-authored-by: Matt Holt --- go.mod | 2 +- go.sum | 4 ++-- modules/caddypki/ca.go | 33 +++++++++++++++++++++++++++------ 3 files changed, 30 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 61dc9cf8..a34af653 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/lucas-clemente/quic-go v0.26.0 github.com/mholt/acmez v1.0.2 github.com/prometheus/client_golang v1.12.1 - github.com/smallstep/certificates v0.18.3-0.20220328195804-49de04661b85 + github.com/smallstep/certificates v0.18.3-0.20220329212333-b42c1dfe64cf github.com/smallstep/cli v0.18.0 github.com/smallstep/nosql v0.4.0 github.com/smallstep/truststore v0.11.0 diff --git a/go.sum b/go.sum index 661d59f2..b28ef041 100644 --- a/go.sum +++ b/go.sum @@ -945,8 +945,8 @@ github.com/smallstep/assert v0.0.0-20180720014142-de77670473b5/go.mod h1:TC9A4+R github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262 h1:unQFBIznI+VYD1/1fApl1A+9VcBk+9dcqGfnePY87LY= github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262/go.mod h1:MyOHs9Po2fbM1LHej6sBUT8ozbxmMOFG+E+rx/GSGuc= github.com/smallstep/certificates v0.18.0/go.mod h1:8eHwHNg/bRWvNZo9S0uWFVMkS+LSpDYxM4//EgBhkFM= -github.com/smallstep/certificates v0.18.3-0.20220328195804-49de04661b85 h1:iXoo8eraLn0rFbn92eVd8dNjj1jcHcYsOQaqssUPTZ4= -github.com/smallstep/certificates v0.18.3-0.20220328195804-49de04661b85/go.mod h1:K4gQuZo7j4kzQb0zF0A2s6/kiPh3ZhmFThlHh2B+Gwg= +github.com/smallstep/certificates v0.18.3-0.20220329212333-b42c1dfe64cf h1:Ky0hrHTjd/sXrLZj1rKEBYRo/3nmOUIk3xyqnrs04jY= +github.com/smallstep/certificates v0.18.3-0.20220329212333-b42c1dfe64cf/go.mod h1:K4gQuZo7j4kzQb0zF0A2s6/kiPh3ZhmFThlHh2B+Gwg= github.com/smallstep/certinfo v1.5.2/go.mod h1:gA7HBbue0Wwr3kD60P2UtgTIFfMAOC66D3rzYhI0GZ4= github.com/smallstep/cli v0.18.0 h1:BslbUHuMfj/LbVHxuZ4Hv1sL+vAHHidqia4JRoCBwXs= github.com/smallstep/cli v0.18.0/go.mod h1:C8ZSfMm/pKdCHnN1C3Pc44bjIOkBbyuoyq6XjS/K9lI= diff --git a/modules/caddypki/ca.go b/modules/caddypki/ca.go index c9bdeee6..ca9ba469 100644 --- a/modules/caddypki/ca.go +++ b/modules/caddypki/ca.go @@ -182,30 +182,51 @@ func (ca CA) IntermediateKey() interface{} { } // NewAuthority returns a new Smallstep-powered signing authority for this CA. -func (ca CA) NewAuthority(authorityConfig AuthorityConfig) (*authority.Authority, error) { +// Note that we receive *CA (a pointer) in this method to ensure the closure within it, which +// executes at a later time, always has the only copy of the CA so it can access the latest, +// renewed certificates since NewAuthority was called. See #4517 and #4669. +func (ca *CA) NewAuthority(authorityConfig AuthorityConfig) (*authority.Authority, error) { // get the root certificate and the issuer cert+key rootCert := ca.RootCertificate() - var issuerCert *x509.Certificate - var issuerKey interface{} + + // set up the signer; cert/key which signs the leaf certs + var signerOption authority.Option if authorityConfig.SignWithRoot { + // if we're signing with root, we can just pass the + // cert/key directly, since it's unlikely to expire + // while Caddy is running (long lifetime) + var issuerCert *x509.Certificate + var issuerKey interface{} issuerCert = rootCert var err error issuerKey, err = ca.RootKey() if err != nil { return nil, fmt.Errorf("loading signing key: %v", err) } + signerOption = authority.WithX509Signer(issuerCert, issuerKey.(crypto.Signer)) } else { - issuerCert = ca.IntermediateCertificate() - issuerKey = ca.IntermediateKey() + // if we're signing with intermediate, we need to make + // sure it's always fresh, because the intermediate may + // renew while Caddy is running (medium lifetime) + signerOption = authority.WithX509SignerFunc(func() ([]*x509.Certificate, crypto.Signer, error) { + issuerCert := ca.IntermediateCertificate() + issuerKey := ca.IntermediateKey().(crypto.Signer) + ca.log.Debug("using intermediate signer", + zap.String("serial", issuerCert.SerialNumber.String()), + zap.String("not_before", issuerCert.NotBefore.String()), + zap.String("not_after", issuerCert.NotAfter.String())) + return []*x509.Certificate{issuerCert}, issuerKey, nil + }) } opts := []authority.Option{ authority.WithConfig(&authority.Config{ AuthorityConfig: authorityConfig.AuthConfig, }), - authority.WithX509Signer(issuerCert, issuerKey.(crypto.Signer)), + signerOption, authority.WithX509RootCerts(rootCert), } + // Add a database if we have one if authorityConfig.DB != nil { opts = append(opts, authority.WithDatabase(*authorityConfig.DB)) From 30b6d1f47a35d00fca7cff0daa2ff59a98c5a85e Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 13 Apr 2022 11:35:28 -0600 Subject: [PATCH 0623/1498] cmd: Enhance .env (dotenv) file parsing Basic support for quoted values, newlines in quoted values, and comments. Does not support variable or command expansion. --- cmd/main.go | 58 +++++++++++----- cmd/main_test.go | 170 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 212 insertions(+), 16 deletions(-) create mode 100644 cmd/main_test.go diff --git a/cmd/main.go b/cmd/main.go index f111ba4d..498a8ae6 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -368,42 +368,68 @@ func loadEnvFromFile(envFile string) error { return nil } +// parseEnvFile parses an env file from KEY=VALUE format. +// It's pretty naive. Limited value quotation is supported, +// but variable and command expansions are not supported. func parseEnvFile(envInput io.Reader) (map[string]string, error) { envMap := make(map[string]string) scanner := bufio.NewScanner(envInput) - var line string - lineNumber := 0 + var lineNumber int for scanner.Scan() { - line = strings.TrimSpace(scanner.Text()) + line := strings.TrimSpace(scanner.Text()) lineNumber++ - // skip lines starting with comment - if strings.HasPrefix(line, "#") { - continue - } - - // skip empty line - if len(line) == 0 { + // skip empty lines and lines starting with comment + if line == "" || strings.HasPrefix(line, "#") { continue } + // split line into key and value fields := strings.SplitN(line, "=", 2) if len(fields) != 2 { return nil, fmt.Errorf("can't parse line %d; line should be in KEY=VALUE format", lineNumber) } + key, val := fields[0], fields[1] - if strings.Contains(fields[0], " ") { - return nil, fmt.Errorf("bad key on line %d: contains whitespace", lineNumber) - } - - key := fields[0] - val := fields[1] + // sometimes keys are prefixed by "export " so file can be sourced in bash; ignore it here + key = strings.TrimPrefix(key, "export ") + // validate key and value if key == "" { return nil, fmt.Errorf("missing or empty key on line %d", lineNumber) } + if strings.Contains(key, " ") { + return nil, fmt.Errorf("invalid key on line %d: contains whitespace: %s", lineNumber, key) + } + if strings.HasPrefix(val, " ") || strings.HasPrefix(val, "\t") { + return nil, fmt.Errorf("invalid value on line %d: whitespace before value: '%s'", lineNumber, val) + } + + // remove any trailing comment after value + if commentStart := strings.Index(val, "#"); commentStart > 0 { + before := val[commentStart-1] + if before == '\t' || before == ' ' { + val = strings.TrimRight(val[:commentStart], " \t") + } + } + + // quoted value: support newlines + if strings.HasPrefix(val, `"`) { + for !(strings.HasSuffix(line, `"`) && !strings.HasSuffix(line, `\"`)) { + val = strings.ReplaceAll(val, `\"`, `"`) + if !scanner.Scan() { + break + } + lineNumber++ + line = strings.ReplaceAll(scanner.Text(), `\"`, `"`) + val += "\n" + line + } + val = strings.TrimPrefix(val, `"`) + val = strings.TrimSuffix(val, `"`) + } + envMap[key] = val } diff --git a/cmd/main_test.go b/cmd/main_test.go new file mode 100644 index 00000000..90e8194f --- /dev/null +++ b/cmd/main_test.go @@ -0,0 +1,170 @@ +package caddycmd + +import ( + "reflect" + "strings" + "testing" +) + +func TestParseEnvFile(t *testing.T) { + for i, tc := range []struct { + input string + expect map[string]string + shouldErr bool + }{ + { + input: `KEY=value`, + expect: map[string]string{ + "KEY": "value", + }, + }, + { + input: ` + KEY=value + OTHER_KEY=Some Value + `, + expect: map[string]string{ + "KEY": "value", + "OTHER_KEY": "Some Value", + }, + }, + { + input: ` + KEY=value + INVALID KEY=asdf + OTHER_KEY=Some Value + `, + shouldErr: true, + }, + { + input: ` + KEY=value + SIMPLE_QUOTED="quoted value" + OTHER_KEY=Some Value + `, + expect: map[string]string{ + "KEY": "value", + "SIMPLE_QUOTED": "quoted value", + "OTHER_KEY": "Some Value", + }, + }, + { + input: ` + KEY=value + NEWLINES="foo + bar" + OTHER_KEY=Some Value + `, + expect: map[string]string{ + "KEY": "value", + "NEWLINES": "foo\n\tbar", + "OTHER_KEY": "Some Value", + }, + }, + { + input: ` + KEY=value + ESCAPED="\"escaped quotes\" +here" + OTHER_KEY=Some Value + `, + expect: map[string]string{ + "KEY": "value", + "ESCAPED": "\"escaped quotes\"\nhere", + "OTHER_KEY": "Some Value", + }, + }, + { + input: ` + export KEY=value + OTHER_KEY=Some Value + `, + expect: map[string]string{ + "KEY": "value", + "OTHER_KEY": "Some Value", + }, + }, + { + input: ` + =value + OTHER_KEY=Some Value + `, + shouldErr: true, + }, + { + input: ` + EMPTY= + OTHER_KEY=Some Value + `, + expect: map[string]string{ + "EMPTY": "", + "OTHER_KEY": "Some Value", + }, + }, + { + input: ` + EMPTY="" + OTHER_KEY=Some Value + `, + expect: map[string]string{ + "EMPTY": "", + "OTHER_KEY": "Some Value", + }, + }, + { + input: ` + KEY=value + #OTHER_KEY=Some Value + `, + expect: map[string]string{ + "KEY": "value", + }, + }, + { + input: ` + KEY=value + COMMENT=foo bar # some comment here + OTHER_KEY=Some Value + `, + expect: map[string]string{ + "KEY": "value", + "COMMENT": "foo bar", + "OTHER_KEY": "Some Value", + }, + }, + { + input: ` + KEY=value + WHITESPACE= foo + OTHER_KEY=Some Value + `, + shouldErr: true, + }, + { + input: ` + KEY=value + WHITESPACE=" foo bar " + OTHER_KEY=Some Value + `, + expect: map[string]string{ + "KEY": "value", + "WHITESPACE": " foo bar ", + "OTHER_KEY": "Some Value", + }, + }, + } { + actual, err := parseEnvFile(strings.NewReader(tc.input)) + if err != nil && !tc.shouldErr { + t.Errorf("Test %d: Got error but shouldn't have: %v", i, err) + } + if err == nil && tc.shouldErr { + t.Errorf("Test %d: Did not get error but should have", i) + } + if tc.shouldErr { + continue + } + if !reflect.DeepEqual(tc.expect, actual) { + t.Errorf("Test %d: Expected %v but got %v", i, tc.expect, actual) + } + } +} From c3a82f53d558b44603a0b26fc256e6c011a11650 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 13 Apr 2022 16:03:38 -0400 Subject: [PATCH 0624/1498] ci: Ensure we always check for latest version of Go (#4703) * ci: Ensure we always check for latest version of Go * Try to force 1.18.1, 1.17.9 * Use includes for the actual go semver * Use `~` for semver here, apparently * Try to make tests still run on 1.18.0 for Mac, for now --- .github/workflows/ci.yml | 18 ++++++++++++++++-- .github/workflows/cross-build.yml | 10 +++++++++- .github/workflows/lint.yml | 3 ++- .github/workflows/release.yml | 10 +++++++++- 4 files changed, 36 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 424b5dd1..bc9e0a0c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -21,10 +21,23 @@ jobs: os: [ ubuntu-latest, macos-latest, windows-latest ] go: [ '1.17', '1.18' ] + include: + # Set the minimum Go patch version for the given Go minor + # Usable via ${{ matrix.GO_SEMVER }} + - go: '1.17' + GO_SEMVER: '~1.17.9' + + - go: '1.18' + GO_SEMVER: '~1.18.1' + + # Go 1.18.1 isn't released yet for Mac as of Apr 13 2022 + - go: '1.18' + os: 'macos-latest' + GO_SEMVER: '1.18.0' + # Set some variables per OS, usable via ${{ matrix.VAR }} # CADDY_BIN_PATH: the path to the compiled Caddy binary, for artifact publishing # SUCCESS: the typical value for $? per OS (Windows/pwsh returns 'True') - include: - os: ubuntu-latest CADDY_BIN_PATH: ./cmd/caddy/caddy SUCCESS: 0 @@ -43,7 +56,8 @@ jobs: - name: Install Go uses: actions/setup-go@v3 with: - go-version: ${{ matrix.go }} + go-version: ${{ matrix.GO_SEMVER }} + check-latest: true - name: Checkout code uses: actions/checkout@v3 diff --git a/.github/workflows/cross-build.yml b/.github/workflows/cross-build.yml index 04c1d29a..3ac9548f 100644 --- a/.github/workflows/cross-build.yml +++ b/.github/workflows/cross-build.yml @@ -17,13 +17,21 @@ jobs: matrix: goos: ['android', 'linux', 'solaris', 'illumos', 'dragonfly', 'freebsd', 'openbsd', 'plan9', 'windows', 'darwin', 'netbsd'] go: [ '1.18' ] + + include: + # Set the minimum Go patch version for the given Go minor + # Usable via ${{ matrix.GO_SEMVER }} + - go: '1.18' + GO_SEMVER: '~1.18.1' + runs-on: ubuntu-latest continue-on-error: true steps: - name: Install Go uses: actions/setup-go@v3 with: - go-version: ${{ matrix.go }} + go-version: ${{ matrix.GO_SEMVER }} + check-latest: true - name: Print Go version and environment id: vars diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 7376b910..0aae6196 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -19,7 +19,8 @@ jobs: - uses: actions/checkout@v3 - uses: actions/setup-go@v3 with: - go-version: 1.17 + go-version: '~1.17.9' + check-latest: true - name: golangci-lint uses: golangci/golangci-lint-action@v3 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 68e231de..6d0fe7c5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -12,13 +12,21 @@ jobs: matrix: os: [ ubuntu-latest ] go: [ '1.18' ] + + include: + # Set the minimum Go patch version for the given Go minor + # Usable via ${{ matrix.GO_SEMVER }} + - go: '1.17' + GO_SEMVER: '~1.18.1' + runs-on: ${{ matrix.os }} steps: - name: Install Go uses: actions/setup-go@v3 with: - go-version: ${{ matrix.go }} + go-version: ${{ matrix.GO_SEMVER }} + check-latest: true - name: Checkout code uses: actions/checkout@v3 From 0d13173071dc623ff9453fbac9af5d9d35d75a1f Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 13 Apr 2022 14:11:03 -0600 Subject: [PATCH 0625/1498] ci: Fix typo --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6d0fe7c5..9c4db37e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -16,7 +16,7 @@ jobs: include: # Set the minimum Go patch version for the given Go minor # Usable via ${{ matrix.GO_SEMVER }} - - go: '1.17' + - go: '1.18' GO_SEMVER: '~1.18.1' runs-on: ${{ matrix.os }} From d230b330078b0b13fe861025cf12286cc87f5a49 Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Fri, 15 Apr 2022 20:58:48 +0300 Subject: [PATCH 0626/1498] ci: use latest Go version on macOS (#4708) --- .github/workflows/ci.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index bc9e0a0c..5a79fcd5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -30,11 +30,6 @@ jobs: - go: '1.18' GO_SEMVER: '~1.18.1' - # Go 1.18.1 isn't released yet for Mac as of Apr 13 2022 - - go: '1.18' - os: 'macos-latest' - GO_SEMVER: '1.18.0' - # Set some variables per OS, usable via ${{ matrix.VAR }} # CADDY_BIN_PATH: the path to the compiled Caddy binary, for artifact publishing # SUCCESS: the typical value for $? per OS (Windows/pwsh returns 'True') From dadd4b59b0ae0ebf9d3d2385242c839e97bfa63c Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 20 Apr 2022 11:32:33 -0600 Subject: [PATCH 0627/1498] Update smallstep/certificates --- go.mod | 10 ++++---- go.sum | 75 +++++++++++++++++++++++++++++++++++++++++++++++++++------- 2 files changed, 71 insertions(+), 14 deletions(-) diff --git a/go.mod b/go.mod index a34af653..3a1227d0 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/lucas-clemente/quic-go v0.26.0 github.com/mholt/acmez v1.0.2 github.com/prometheus/client_golang v1.12.1 - github.com/smallstep/certificates v0.18.3-0.20220329212333-b42c1dfe64cf + github.com/smallstep/certificates v0.19.0 github.com/smallstep/cli v0.18.0 github.com/smallstep/nosql v0.4.0 github.com/smallstep/truststore v0.11.0 @@ -65,7 +65,7 @@ require ( github.com/go-sql-driver/mysql v1.6.0 // indirect github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect github.com/golang/protobuf v1.5.2 // indirect - github.com/golang/snappy v0.0.3 // indirect + github.com/golang/snappy v0.0.4 // indirect github.com/grpc-ecosystem/grpc-gateway v1.16.0 // indirect github.com/huandu/xstrings v1.3.2 // indirect github.com/imdario/mergo v0.3.12 // indirect @@ -116,9 +116,9 @@ require ( go.opentelemetry.io/otel/trace v1.4.0 // indirect go.opentelemetry.io/proto/otlp v0.12.0 // indirect go.step.sm/cli-utils v0.7.0 // indirect - go.step.sm/crypto v0.15.3 // indirect - go.step.sm/linkedca v0.11.0 // indirect - go.uber.org/atomic v1.7.0 // indirect + go.step.sm/crypto v0.16.1 // indirect + go.step.sm/linkedca v0.15.0 // indirect + go.uber.org/atomic v1.9.0 // indirect go.uber.org/multierr v1.6.0 // indirect golang.org/x/mod v0.4.2 // indirect golang.org/x/sys v0.0.0-20220209214540-3681064d5158 // indirect diff --git a/go.sum b/go.sum index b28ef041..ffe9fc06 100644 --- a/go.sum +++ b/go.sum @@ -107,6 +107,7 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03 github.com/BurntSushi/toml v1.0.0 h1:dtDWrepsVPfW9H/4y7dDgFc2MBUSeJhlaDtK13CxFlU= github.com/BurntSushi/toml v1.0.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= +github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= github.com/GoogleCloudPlatform/cloudsql-proxy v0.0.0-20191009163259-e802c2cb94ae/go.mod h1:mjwGPas4yKduTyubHvD1Atl9r1rUq8DfVy+gkVvZ+oo= github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= github.com/Masterminds/glide v0.13.2/go.mod h1:STyF5vcenH/rUqTEv+/hBXlSTo7KYwg2oc2f4tzPWic= @@ -162,6 +163,7 @@ github.com/aphistic/sweet v0.2.0/go.mod h1:fWDlIh/isSE9n6EPsRmC0det+whmX6dJid3st github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= +github.com/armon/go-metrics v0.3.9/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= @@ -204,6 +206,7 @@ github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n github.com/cavaliercoder/go-cpio v0.0.0-20180626203310-925f9528c45e/go.mod h1:oDpT4efm8tSYHXV5tHSdRvBet/b/QzxZ+XyyPehvm3A= github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= +github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs= github.com/cenkalti/backoff/v4 v4.1.2 h1:6Yo7N8UP2K6LWZnW94DLVSSrbobcWdVzAYOisuDPIFo= github.com/cenkalti/backoff/v4 v4.1.2/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= @@ -224,6 +227,8 @@ github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e h1:fY5BOSpyZCqRo5O github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1 h1:q763qf9huN11kDQavWsoZXJNW3xEE4JJyHa5Q25/sd8= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= +github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag= +github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I= github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= @@ -309,8 +314,10 @@ github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go. github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/envoyproxy/protoc-gen-validate v0.3.0-java/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/etcd-io/gofail v0.0.0-20190801230047-ad7f989257ca/go.mod h1:49H/RkXP8pKaZy4h0d+NW16rSLhyVBt4o6VLJbmOqDE= +github.com/evanphx/json-patch/v5 v5.5.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= +github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= github.com/felixge/httpsnoop v1.0.2 h1:+nS9g82KMXccJ/wp0zyRW9ZBHFETmMGtkk+2CTTrW4o= github.com/felixge/httpsnoop v1.0.2/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= @@ -322,6 +329,8 @@ github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHqu github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiDsoyrBGkyDY= github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= +github.com/frankban/quicktest v1.10.0/go.mod h1:ui7WezCLWMWxVWr1GETZY3smRy0G4KWq9vcPtJmFl7Y= +github.com/frankban/quicktest v1.13.0/go.mod h1:qLE0fzW0VuyUAJgPU19zByoIr0HtCHN/r/VLSOOIySU= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.5.1 h1:mZcQUHVQUQWoPXXtuf9yuEXKudkV2sx1E06UadKWpgI= @@ -332,6 +341,7 @@ github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49P github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= +github.com/go-asn1-ber/asn1-ber v1.3.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= github.com/go-chi/chi v4.0.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= github.com/go-chi/chi v4.1.2+incompatible h1:fGFk2Gmi/YKXk0OmGfBh0WgmN3XB8lVnEyNz34tQRec= github.com/go-chi/chi v4.1.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= @@ -346,6 +356,7 @@ github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2 github.com/go-kit/kit v0.10.0 h1:dXFJfIHVvUcpSgDOV+Ne6t7jXri8Tfv2uOLHUZ2XNuo= github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= +github.com/go-ldap/ldap/v3 v3.1.10/go.mod h1:5Zun81jBTabRaI8lzN7E1JjyEl1g6zI6u9pd8luAK4Q= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logfmt/logfmt v0.5.0 h1:TrB8swr/68K7m9CcGut2g3UOihhbcbiMAYiuTXdEih4= @@ -366,6 +377,7 @@ github.com/go-stack/stack v1.8.0 h1:5SgMzNM5HxrEjV0ww2lTmX6E2Izsfxas4+YHWRs3Lsk= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= +github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gofrs/uuid v4.0.0+incompatible h1:1SD/1F5pU8p29ybwgQSwpQk+mwdRrXCYuPhW6m+TnJw= @@ -415,8 +427,9 @@ github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/golang/snappy v0.0.3 h1:fHPg5GQYlCeLIPB9BZqMVR5nR9A+IM5zcgeTdjMYmLA= github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= +github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= +github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= @@ -524,26 +537,52 @@ github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoP github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= +github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= +github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= +github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= +github.com/hashicorp/go-hclog v0.14.1/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= +github.com/hashicorp/go-hclog v0.16.2/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= +github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= +github.com/hashicorp/go-kms-wrapping/entropy v0.1.0/go.mod h1:d1g9WGtAunDNpek8jUIEJnBlbgKS1N2Q61QkHiZyR1g= github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= +github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= +github.com/hashicorp/go-plugin v1.4.3/go.mod h1:5fGEH17QVwTTcR0zV7yhDPLLmFX9YSZ38b18Udy6vYQ= +github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= github.com/hashicorp/go-retryablehttp v0.6.4/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= +github.com/hashicorp/go-retryablehttp v0.6.6/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= +github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= +github.com/hashicorp/go-secure-stdlib/base62 v0.1.1/go.mod h1:EdWO6czbmthiwZ3/PUsDV+UD1D5IRU4ActiaWGwt0Yw= +github.com/hashicorp/go-secure-stdlib/mlock v0.1.1/go.mod h1:zq93CJChV6L9QTfGKtfBxKqD7BqqXx5O04A/ns2p5+I= +github.com/hashicorp/go-secure-stdlib/parseutil v0.1.1/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8= +github.com/hashicorp/go-secure-stdlib/password v0.1.1/go.mod h1:9hH302QllNwu1o2TGYtSk8I8kTAN0ca1EHpwhm5Mmzo= +github.com/hashicorp/go-secure-stdlib/strutil v0.1.1/go.mod h1:gKOamz3EwoIoJq7mlMIRBpVTAUn8qPCrEclOKKWhD3U= +github.com/hashicorp/go-secure-stdlib/tlsutil v0.1.1/go.mod h1:l8slYwnJA26yBz+ErHpp2IRCLr0vuOMGBORIz4rRiAs= github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= +github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A= github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I= github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= +github.com/hashicorp/vault/api v1.3.0/go.mod h1:EabNQLI0VWbWoGlA+oBLC8PXmR9D60aUVgQGvangFWQ= +github.com/hashicorp/vault/api v1.3.1/go.mod h1:QeJoWxMFt+MsuWcYhmwRLwKEXrjwAFFywzhptMsTIUw= +github.com/hashicorp/vault/api/auth/approle v0.1.1/go.mod h1:mHOLgh//xDx4dpqXoq6tS8Ob0FoCFWLU2ibJ26Lfmag= +github.com/hashicorp/vault/sdk v0.3.0/go.mod h1:aZ3fNuL5VNydQk8GcLJ2TV8YCRVvyaakYkhZRoVuhj0= +github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/huandu/xstrings v1.0.0/go.mod h1:4qWG/gcEcfX4z/mBDHJ++3ReCw9ibxbsNJbcucJdbSo= github.com/huandu/xstrings v1.2.0/go.mod h1:DvyZB1rfVYsBIigL8HwpZgxHwXozlTgGqn63UyNX5k4= @@ -615,6 +654,7 @@ github.com/jarcoal/httpmock v1.0.5/go.mod h1:ATjnClrvW/3tijVmpL/va5Z3aAyGvqU3gCT github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0B/fFc00Y+Rasa88328GlI/XbtyysCtTHZS8h7IrBU= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= +github.com/jhump/protoreflect v1.6.0/go.mod h1:eaTn3RZAmMBcV0fifFvlm6VHNz3wSkYyXYWUh7ymB74= github.com/jhump/protoreflect v1.6.1/go.mod h1:RZQ/lnuN+zqeRVpQigTwO6o0AJUkxbnSnpuG7toUTG4= github.com/jhump/protoreflect v1.8.2/go.mod h1:7GcYQDdMU/O/BBrl/cX6PNHpXh6cenjd8pneu5yW7Tg= github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= @@ -711,6 +751,7 @@ github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNx github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.7/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= +github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84= github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-isatty v0.0.13 h1:qdl+GuBjcsKKDco5BsxPJlId98mSWNKqYA+Co0SC1yA= @@ -745,11 +786,15 @@ github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrk github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc= github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg= +github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= +github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo= github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= +github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= +github.com/mitchellh/mapstructure v1.4.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/mitchellh/reflectwalk v1.0.1/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= @@ -818,12 +863,14 @@ github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT9 github.com/otiai10/mint v1.3.1/go.mod h1:/yxELlJQ0ufhjUwhshSj+wFjZ78CnZ48/1wtmBH1OTc= github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= +github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= github.com/pelletier/go-buffruneio v0.2.0/go.mod h1:JkE26KsDizTr40EUHkXVtNPvgGtbSNq5BcowyYOWdKo= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac= github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= +github.com/pierrec/lz4 v2.5.2+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= @@ -840,6 +887,7 @@ github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og= +github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= github.com/prometheus/client_golang v1.5.1/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_golang v1.10.0/go.mod h1:WJM3cc3yu7XKBKa/I8WeZm+V3eltZnBwfENSU7mdogU= @@ -895,6 +943,8 @@ github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= +github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= +github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= github.com/samfoo/ansi v0.0.0-20160124022901-b6bd2ded7189/go.mod h1:UUwuHEJ9zkkPDxspIHOa59PUeSkGFljESGzbxntLmIg= github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= github.com/sassoftware/go-rpmutils v0.0.0-20190420191620-a8f1baeba37b/go.mod h1:am+Fp8Bt506lA3Rk3QCmSqmYmLMnPDhdDUcosQCAx+I= @@ -945,8 +995,8 @@ github.com/smallstep/assert v0.0.0-20180720014142-de77670473b5/go.mod h1:TC9A4+R github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262 h1:unQFBIznI+VYD1/1fApl1A+9VcBk+9dcqGfnePY87LY= github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262/go.mod h1:MyOHs9Po2fbM1LHej6sBUT8ozbxmMOFG+E+rx/GSGuc= github.com/smallstep/certificates v0.18.0/go.mod h1:8eHwHNg/bRWvNZo9S0uWFVMkS+LSpDYxM4//EgBhkFM= -github.com/smallstep/certificates v0.18.3-0.20220329212333-b42c1dfe64cf h1:Ky0hrHTjd/sXrLZj1rKEBYRo/3nmOUIk3xyqnrs04jY= -github.com/smallstep/certificates v0.18.3-0.20220329212333-b42c1dfe64cf/go.mod h1:K4gQuZo7j4kzQb0zF0A2s6/kiPh3ZhmFThlHh2B+Gwg= +github.com/smallstep/certificates v0.19.0 h1:wW344Q/QpupjKKFKa4PqzEXfwgeq/54dkU/HNvGnwQQ= +github.com/smallstep/certificates v0.19.0/go.mod h1:nkG4c+1HLnCmIBAgZ/bKaBPAsN7ePtyzkDWzPSqcObQ= github.com/smallstep/certinfo v1.5.2/go.mod h1:gA7HBbue0Wwr3kD60P2UtgTIFfMAOC66D3rzYhI0GZ4= github.com/smallstep/cli v0.18.0 h1:BslbUHuMfj/LbVHxuZ4Hv1sL+vAHHidqia4JRoCBwXs= github.com/smallstep/cli v0.18.0/go.mod h1:C8ZSfMm/pKdCHnN1C3Pc44bjIOkBbyuoyq6XjS/K9lI= @@ -1005,8 +1055,9 @@ github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UV github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.1 h1:5TQK59W5E3v0r2duFAb7P95B6hEeOyEnHRa8MjYSMTY= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/tailscale/tscert v0.0.0-20220125204807-4509a5fbaf74 h1:uFx5aih29p2IaRUF0lJwtVViCXStlvnPPE3NEmM4Ivs= github.com/tailscale/tscert v0.0.0-20220125204807-4509a5fbaf74/go.mod h1:hL4gB6APAasMR2NNi/JHzqKkxW3EPQlFgLEq9PMi2t0= @@ -1021,6 +1072,7 @@ github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1 github.com/tmc/grpc-websocket-proxy v0.0.0-20200427203606-3cfed13b9966/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce/go.mod h1:o8v6yHRoik09Xen7gje4m9ERNah1d1PPsVq1VEx9vE4= +github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= github.com/ulikunitz/xz v0.5.6/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8= @@ -1139,17 +1191,18 @@ go.step.sm/cli-utils v0.7.0 h1:2GvY5Muid1yzp7YQbfCCS+gK3q7zlHjjLL5Z0DXz8ds= go.step.sm/cli-utils v0.7.0/go.mod h1:Ur6bqA/yl636kCUJbp30J7Unv5JJ226eW2KqXPDwF/E= go.step.sm/crypto v0.9.0/go.mod h1:+CYG05Mek1YDqi5WK0ERc6cOpKly2i/a5aZmU1sfGj0= go.step.sm/crypto v0.13.0/go.mod h1:5YzQ85BujYBu6NH18jw7nFjwuRnDch35nLzH0ES5sKg= -go.step.sm/crypto v0.15.3 h1:f3GMl+aCydt294BZRjTYwpaXRqwwndvoTY2NLN4wu10= -go.step.sm/crypto v0.15.3/go.mod h1:3G0yQr5lQqfEG0CMYz8apC/qMtjLRQlzflL2AxkcN+g= +go.step.sm/crypto v0.16.1 h1:4mnZk21cSxyMGxsEpJwZKKvJvDu1PN09UVrWWFNUBdk= +go.step.sm/crypto v0.16.1/go.mod h1:3G0yQr5lQqfEG0CMYz8apC/qMtjLRQlzflL2AxkcN+g= go.step.sm/linkedca v0.7.0/go.mod h1:5uTRjozEGSPAZal9xJqlaD38cvJcLe3o1VAFVjqcORo= -go.step.sm/linkedca v0.11.0 h1:jkG5XDQz9VSz2PH+cGjDvJTwiIziN0SWExTnicWpb8o= -go.step.sm/linkedca v0.11.0/go.mod h1:5uTRjozEGSPAZal9xJqlaD38cvJcLe3o1VAFVjqcORo= +go.step.sm/linkedca v0.15.0 h1:lEkGRDY+u7FudGKt8yEo7nBy5OzceO9s3rl+/sZVL5M= +go.step.sm/linkedca v0.15.0/go.mod h1:W59ucS4vFpuR0g4PtkGbbtXAwxbDEnNCg+ovkej1ANM= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= -go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= +go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE= +go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= go.uber.org/goleak v1.1.12 h1:gZAh5/EyT/HQwlpkCy6wTpqfH9H8Lz8zbm3dZh+OyzA= @@ -1243,6 +1296,7 @@ golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2 h1:Gz96sIWK3OalVv/I/qNygP42zyoKp3xptRVCWRFEBvo= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20170726083632-f5079bd7f6f7/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180530234432-1e491301e022/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -1380,6 +1434,7 @@ golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191119060738-e882bf8e40c2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1472,6 +1527,7 @@ golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxb golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -1734,6 +1790,7 @@ google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnD google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= +google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k= google.golang.org/grpc v1.43.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= google.golang.org/grpc v1.44.0 h1:weqSxi/TMs1SqFRMHCtBgXRs8k3X39QIDEZ0pRcttUg= google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= From db62942d634a22cee5e598a3062bc1405895a0c2 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 21 Apr 2022 15:06:55 -0600 Subject: [PATCH 0628/1498] Make file modes consistent No need to have executable bit on .go or .txt files --- caddyconfig/caddyfile/dispenser.go | 0 caddyconfig/caddyfile/dispenser_test.go | 0 caddyconfig/caddyfile/lexer.go | 0 caddyconfig/caddyfile/lexer_test.go | 0 caddyconfig/caddyfile/parse.go | 0 caddyconfig/caddyfile/parse_test.go | 0 caddyconfig/caddyfile/testdata/import_glob0.txt | 0 caddyconfig/caddyfile/testdata/import_glob1.txt | 0 caddyconfig/caddyfile/testdata/import_glob2.txt | 0 caddyconfig/caddyfile/testdata/import_test1.txt | 0 caddyconfig/caddyfile/testdata/import_test2.txt | 0 11 files changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 caddyconfig/caddyfile/dispenser.go mode change 100755 => 100644 caddyconfig/caddyfile/dispenser_test.go mode change 100755 => 100644 caddyconfig/caddyfile/lexer.go mode change 100755 => 100644 caddyconfig/caddyfile/lexer_test.go mode change 100755 => 100644 caddyconfig/caddyfile/parse.go mode change 100755 => 100644 caddyconfig/caddyfile/parse_test.go mode change 100755 => 100644 caddyconfig/caddyfile/testdata/import_glob0.txt mode change 100755 => 100644 caddyconfig/caddyfile/testdata/import_glob1.txt mode change 100755 => 100644 caddyconfig/caddyfile/testdata/import_glob2.txt mode change 100755 => 100644 caddyconfig/caddyfile/testdata/import_test1.txt mode change 100755 => 100644 caddyconfig/caddyfile/testdata/import_test2.txt diff --git a/caddyconfig/caddyfile/dispenser.go b/caddyconfig/caddyfile/dispenser.go old mode 100755 new mode 100644 diff --git a/caddyconfig/caddyfile/dispenser_test.go b/caddyconfig/caddyfile/dispenser_test.go old mode 100755 new mode 100644 diff --git a/caddyconfig/caddyfile/lexer.go b/caddyconfig/caddyfile/lexer.go old mode 100755 new mode 100644 diff --git a/caddyconfig/caddyfile/lexer_test.go b/caddyconfig/caddyfile/lexer_test.go old mode 100755 new mode 100644 diff --git a/caddyconfig/caddyfile/parse.go b/caddyconfig/caddyfile/parse.go old mode 100755 new mode 100644 diff --git a/caddyconfig/caddyfile/parse_test.go b/caddyconfig/caddyfile/parse_test.go old mode 100755 new mode 100644 diff --git a/caddyconfig/caddyfile/testdata/import_glob0.txt b/caddyconfig/caddyfile/testdata/import_glob0.txt old mode 100755 new mode 100644 diff --git a/caddyconfig/caddyfile/testdata/import_glob1.txt b/caddyconfig/caddyfile/testdata/import_glob1.txt old mode 100755 new mode 100644 diff --git a/caddyconfig/caddyfile/testdata/import_glob2.txt b/caddyconfig/caddyfile/testdata/import_glob2.txt old mode 100755 new mode 100644 diff --git a/caddyconfig/caddyfile/testdata/import_test1.txt b/caddyconfig/caddyfile/testdata/import_test1.txt old mode 100755 new mode 100644 diff --git a/caddyconfig/caddyfile/testdata/import_test2.txt b/caddyconfig/caddyfile/testdata/import_test2.txt old mode 100755 new mode 100644 From 77a77c0219d389717ba3b8f8e28bad3462fab655 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Fri, 22 Apr 2022 18:09:11 -0400 Subject: [PATCH 0629/1498] caddytls: Add `propagation_delay`, support `propagation_timeout -1` (#4723) --- .../tls_propagation_timeout.txt | 19 +++++++++- go.mod | 2 +- go.sum | 4 +- modules/caddytls/acmeissuer.go | 38 ++++++++++++++++--- modules/caddytls/automation.go | 8 +++- 5 files changed, 60 insertions(+), 11 deletions(-) diff --git a/caddytest/integration/caddyfile_adapt/tls_propagation_timeout.txt b/caddytest/integration/caddyfile_adapt/tls_propagation_timeout.txt index 5d2b643c..032f9284 100644 --- a/caddytest/integration/caddyfile_adapt/tls_propagation_timeout.txt +++ b/caddytest/integration/caddyfile_adapt/tls_propagation_timeout.txt @@ -3,7 +3,12 @@ localhost respond "hello from localhost" tls { issuer acme { - propagation_timeout "10m0s" + propagation_delay 5m10s + propagation_timeout 10m20s + } + issuer zerossl { + propagation_delay 5m30s + propagation_timeout -1 } } ---------- @@ -56,10 +61,20 @@ tls { { "challenges": { "dns": { - "propagation_timeout": 600000000000 + "propagation_delay": 310000000000, + "propagation_timeout": 620000000000 } }, "module": "acme" + }, + { + "challenges": { + "dns": { + "propagation_delay": 330000000000, + "propagation_timeout": -1 + } + }, + "module": "zerossl" } ] } diff --git a/go.mod b/go.mod index 3a1227d0..0dd59776 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( github.com/Masterminds/sprig/v3 v3.2.2 github.com/alecthomas/chroma v0.10.0 github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b - github.com/caddyserver/certmagic v0.16.0 + github.com/caddyserver/certmagic v0.16.1 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-chi/chi v4.1.2+incompatible github.com/google/cel-go v0.7.3 diff --git a/go.sum b/go.sum index ffe9fc06..dde9bbc7 100644 --- a/go.sum +++ b/go.sum @@ -199,8 +199,8 @@ github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= github.com/caarlos0/ctrlc v1.0.0/go.mod h1:CdXpj4rmq0q/1Eb44M9zi2nKB0QraNKuRGYGrrHhcQw= -github.com/caddyserver/certmagic v0.16.0 h1:nM6Fm+OSnTpx/uRWmN++I2fYq006uhi6m6m3rD1Jjtg= -github.com/caddyserver/certmagic v0.16.0/go.mod h1:jKQ5n+ViHAr6DbPwEGLTSM2vDwTO6EvCKBblBRUvvuQ= +github.com/caddyserver/certmagic v0.16.1 h1:rdSnjcUVJojmL4M0efJ+yHXErrrijS4YYg3FuwRdJkI= +github.com/caddyserver/certmagic v0.16.1/go.mod h1:jKQ5n+ViHAr6DbPwEGLTSM2vDwTO6EvCKBblBRUvvuQ= github.com/campoy/unique v0.0.0-20180121183637-88950e537e7e/go.mod h1:9IOqJGCPMSc6E5ydlp5NIonxObaeu/Iub/X03EKPVYo= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= github.com/cavaliercoder/go-cpio v0.0.0-20180626203310-925f9528c45e/go.mod h1:oDpT4efm8tSYHXV5tHSdRvBet/b/QzxZ+XyyPehvm3A= diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go index fd60cc8e..09b31bf1 100644 --- a/modules/caddytls/acmeissuer.go +++ b/modules/caddytls/acmeissuer.go @@ -142,6 +142,7 @@ func (iss *ACMEIssuer) Provision(ctx caddy.Context) error { iss.Challenges.DNS.solver = &certmagic.DNS01Solver{ DNSProvider: val.(certmagic.ACMEDNSProvider), TTL: time.Duration(iss.Challenges.DNS.TTL), + PropagationDelay: time.Duration(iss.Challenges.DNS.PropagationDelay), PropagationTimeout: time.Duration(iss.Challenges.DNS.PropagationTimeout), Resolvers: iss.Challenges.DNS.Resolvers, OverrideDomain: iss.Challenges.DNS.OverrideDomain, @@ -262,10 +263,13 @@ func (iss *ACMEIssuer) GetACMEIssuer() *ACMEIssuer { return iss } // eab // trusted_roots // dns [] +// propagation_delay +// propagation_timeout // resolvers +// dns_challenge_override_domain // preferred_chains [smallest] { -// root_common_name -// any_common_name +// root_common_name +// any_common_name // } // } // @@ -389,14 +393,38 @@ func (iss *ACMEIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return err } iss.Challenges.DNS.ProviderRaw = caddyconfig.JSONModuleObject(unm, "name", provName, nil) + + case "propagation_delay": + if !d.NextArg() { + return d.ArgErr() + } + delayStr := d.Val() + delay, err := caddy.ParseDuration(delayStr) + if err != nil { + return d.Errf("invalid propagation_delay duration %s: %v", delayStr, err) + } + if iss.Challenges == nil { + iss.Challenges = new(ChallengesConfig) + } + if iss.Challenges.DNS == nil { + iss.Challenges.DNS = new(DNSChallengeConfig) + } + iss.Challenges.DNS.PropagationDelay = caddy.Duration(delay) + case "propagation_timeout": if !d.NextArg() { return d.ArgErr() } timeoutStr := d.Val() - timeout, err := caddy.ParseDuration(timeoutStr) - if err != nil { - return d.Errf("invalid propagation_timeout duration %s: %v", timeoutStr, err) + var timeout time.Duration + if timeoutStr == "-1" { + timeout = time.Duration(-1) + } else { + var err error + timeout, err = caddy.ParseDuration(timeoutStr) + if err != nil { + return d.Errf("invalid propagation_timeout duration %s: %v", timeoutStr, err) + } } if iss.Challenges == nil { iss.Challenges = new(ChallengesConfig) diff --git a/modules/caddytls/automation.go b/modules/caddytls/automation.go index 26884bce..197c4095 100644 --- a/modules/caddytls/automation.go +++ b/modules/caddytls/automation.go @@ -363,7 +363,13 @@ type DNSChallengeConfig struct { // The TTL of the TXT record used for the DNS challenge. TTL caddy.Duration `json:"ttl,omitempty"` - // How long to wait for DNS record to propagate. + // How long to wait before starting propagation checks. + // Default: 0 (no wait). + PropagationDelay caddy.Duration `json:"propagation_delay,omitempty"` + + // Maximum time to wait for temporary DNS record to appear. + // Set to -1 to disable propagation checks. + // Default: 2 minutes. PropagationTimeout caddy.Duration `json:"propagation_timeout,omitempty"` // Custom DNS resolvers to prefer over system/built-in defaults. From 3a1e0dbf47429f3ae7ddcbbd9acc3707b0ad0083 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 25 Apr 2022 12:12:10 -0400 Subject: [PATCH 0630/1498] httpcaddyfile: Deprecate paths in site addresses; use zap logs (#4728) --- caddyconfig/caddyfile/parse.go | 4 ++-- caddyconfig/httpcaddyfile/httptype.go | 15 +++++++++++++-- cmd/commandfuncs.go | 4 +++- modules/caddyhttp/fileserver/command.go | 2 +- modules/caddyhttp/reverseproxy/caddyfile.go | 9 ++++----- 5 files changed, 23 insertions(+), 11 deletions(-) diff --git a/caddyconfig/caddyfile/parse.go b/caddyconfig/caddyfile/parse.go index b4632384..2c2da0f1 100644 --- a/caddyconfig/caddyfile/parse.go +++ b/caddyconfig/caddyfile/parse.go @@ -18,13 +18,13 @@ import ( "bytes" "fmt" "io" - "log" "os" "path/filepath" "strconv" "strings" "github.com/caddyserver/caddy/v2" + "go.uber.org/zap" ) // Parse parses the input just enough to group tokens, in @@ -393,7 +393,7 @@ func (p *parser) doImport() error { } if len(matches) == 0 { if strings.ContainsAny(globPattern, "*?[]") { - log.Printf("[WARNING] No files matching import glob pattern: %s", importPattern) + caddy.Log().Warn("No files matching import glob pattern", zap.String("pattern", importPattern)) } else { return p.Errf("File to import not found: %s", importPattern) } diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index f5dd68a6..4f9f8d0f 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -17,7 +17,6 @@ package httpcaddyfile import ( "encoding/json" "fmt" - "log" "reflect" "regexp" "sort" @@ -30,6 +29,7 @@ import ( "github.com/caddyserver/caddy/v2/modules/caddyhttp" "github.com/caddyserver/caddy/v2/modules/caddypki" "github.com/caddyserver/caddy/v2/modules/caddytls" + "go.uber.org/zap" ) func init() { @@ -458,6 +458,17 @@ func (st *ServerType) serversFromPairings( } } + // Using paths in site addresses is deprecated + // See ParseAddress() where parsing should later reject paths + // See https://github.com/caddyserver/caddy/pull/4728 for a full explanation + for _, sblock := range p.serverBlocks { + for _, addr := range sblock.keys { + if addr.Path != "" { + caddy.Log().Named("caddyfile").Warn("Using a path in a site address is deprecated; please use the 'handle' directive instead", zap.String("address", addr.String())) + } + } + } + // sort server blocks by their keys; this is important because // only the first matching site should be evaluated, and we should // attempt to match most specific site first (host and path), in @@ -545,7 +556,7 @@ func (st *ServerType) serversFromPairings( // emit warnings if user put unspecified IP addresses; they probably want the bind directive for _, h := range hosts { if h == "0.0.0.0" || h == "::" { - log.Printf("[WARNING] Site block has unspecified IP address %s which only matches requests having that Host header; you probably want the 'bind' directive to configure the socket", h) + caddy.Log().Named("caddyfile").Warn("Site block has an unspecified IP address which only matches requests having that Host header; you probably want the 'bind' directive to configure the socket", zap.String("address", h)) } } diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go index 79604d93..26b005bc 100644 --- a/cmd/commandfuncs.go +++ b/cmd/commandfuncs.go @@ -496,7 +496,9 @@ func cmdAdaptConfig(fl Flags) (int, error) { if warn.Directive != "" { msg = fmt.Sprintf("%s: %s", warn.Directive, warn.Message) } - fmt.Fprintf(os.Stderr, "[WARNING][%s] %s:%d: %s\n", adaptCmdAdapterFlag, warn.File, warn.Line, msg) + caddy.Log().Named(adaptCmdAdapterFlag).Warn(msg, + zap.String("file", warn.File), + zap.Int("line", warn.Line)) } // validate output if requested diff --git a/modules/caddyhttp/fileserver/command.go b/modules/caddyhttp/fileserver/command.go index 654c9b83..7b4ab110 100644 --- a/modules/caddyhttp/fileserver/command.go +++ b/modules/caddyhttp/fileserver/command.go @@ -129,7 +129,7 @@ func cmdFileServer(fs caddycmd.Flags) (int, error) { return caddy.ExitCodeFailedStartup, err } - log.Printf("Caddy 2 serving static files on %s", listen) + log.Printf("Caddy serving static files on %s", listen) select {} } diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index af0c5641..b3f90106 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -15,7 +15,6 @@ package reverseproxy import ( - "log" "net" "net/http" "reflect" @@ -552,16 +551,16 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { case 2: // some lint checks, I guess if strings.EqualFold(args[0], "host") && (args[1] == "{hostport}" || args[1] == "{http.request.hostport}") { - log.Printf("[WARNING] Unnecessary header_up ('Host' field): the reverse proxy's default behavior is to pass headers to the upstream") + caddy.Log().Named("caddyfile").Warn("Unnecessary header_up Host: the reverse proxy's default behavior is to pass headers to the upstream") } if strings.EqualFold(args[0], "x-forwarded-for") && (args[1] == "{remote}" || args[1] == "{http.request.remote}" || args[1] == "{remote_host}" || args[1] == "{http.request.remote.host}") { - log.Printf("[WARNING] Unnecessary header_up ('X-Forwarded-For' field): the reverse proxy's default behavior is to pass headers to the upstream") + caddy.Log().Named("caddyfile").Warn("Unnecessary header_up X-Forwarded-For: the reverse proxy's default behavior is to pass headers to the upstream") } if strings.EqualFold(args[0], "x-forwarded-proto") && (args[1] == "{scheme}" || args[1] == "{http.request.scheme}") { - log.Printf("[WARNING] Unnecessary header_up ('X-Forwarded-Proto' field): the reverse proxy's default behavior is to pass headers to the upstream") + caddy.Log().Named("caddyfile").Warn("Unnecessary header_up X-Forwarded-Proto: the reverse proxy's default behavior is to pass headers to the upstream") } if strings.EqualFold(args[0], "x-forwarded-host") && (args[1] == "{host}" || args[1] == "{http.request.host}" || args[1] == "{hostport}" || args[1] == "{http.request.hostport}") { - log.Printf("[WARNING] Unnecessary header_up ('X-Forwarded-Host' field): the reverse proxy's default behavior is to pass headers to the upstream") + caddy.Log().Named("caddyfile").Warn("Unnecessary header_up X-Forwarded-Host: the reverse proxy's default behavior is to pass headers to the upstream") } err = headers.CaddyfileHeaderOp(h.Headers.Request, args[0], args[1], "") case 3: From a8bb4a665af358f61a7ac0eabac8df2110cb6a36 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 25 Apr 2022 12:47:12 -0400 Subject: [PATCH 0631/1498] httpcaddyfile: Add `{vars.*}` placeholder shortcut, reverse `vars` sort order (#4726) * httpcaddyfile: Add `{vars.*}` placeholder shortcut I'm yoinking this from my https://github.com/caddyserver/caddy/pull/4657 PR because I think we should get this in ASAP for v2.5.0 along with the new `vars` directive. * Sort vars by matchers in reverse --- caddyconfig/httpcaddyfile/directives.go | 29 ++++++--- caddyconfig/httpcaddyfile/httptype.go | 1 + .../caddyfile_adapt/sort_vars_in_reverse.txt | 59 +++++++++++++++++++ 3 files changed, 82 insertions(+), 7 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/sort_vars_in_reverse.txt diff --git a/caddyconfig/httpcaddyfile/directives.go b/caddyconfig/httpcaddyfile/directives.go index 6b80e346..aaa8cb01 100644 --- a/caddyconfig/httpcaddyfile/directives.go +++ b/caddyconfig/httpcaddyfile/directives.go @@ -424,14 +424,29 @@ func sortRoutes(routes []ConfigValue) { jPathLen = len(jPM[0]) } - // if both directives have no path matcher, use whichever one - // has any kind of matcher defined first. - if iPathLen == 0 && jPathLen == 0 { - return len(iRoute.MatcherSetsRaw) > 0 && len(jRoute.MatcherSetsRaw) == 0 - } + // some directives involve setting values which can overwrite + // eachother, so it makes most sense to reverse the order so + // that the lease specific matcher is first; everything else + // has most-specific matcher first + if iDir == "vars" { + // if both directives have no path matcher, use whichever one + // has no matcher first. + if iPathLen == 0 && jPathLen == 0 { + return len(iRoute.MatcherSetsRaw) == 0 && len(jRoute.MatcherSetsRaw) > 0 + } - // sort with the most-specific (longest) path first - return iPathLen > jPathLen + // sort with the least-specific (shortest) path first + return iPathLen < jPathLen + } else { + // if both directives have no path matcher, use whichever one + // has any kind of matcher defined first. + if iPathLen == 0 && jPathLen == 0 { + return len(iRoute.MatcherSetsRaw) > 0 && len(jRoute.MatcherSetsRaw) == 0 + } + + // sort with the most-specific (longest) path first + return iPathLen > jPathLen + } }) } diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 4f9f8d0f..5b0d845a 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -129,6 +129,7 @@ func (st ServerType) Setup(inputServerBlocks []caddyfile.ServerBlock, {regexp.MustCompile(`{header\.([\w-]*)}`), "{http.request.header.$1}"}, {regexp.MustCompile(`{path\.([\w-]*)}`), "{http.request.uri.path.$1}"}, {regexp.MustCompile(`{re\.([\w-]*)\.([\w-]*)}`), "{http.regexp.$1.$2}"}, + {regexp.MustCompile(`{vars\.([\w-]*)}`), "{http.vars.$1}"}, } for _, sb := range originalServerBlocks { diff --git a/caddytest/integration/caddyfile_adapt/sort_vars_in_reverse.txt b/caddytest/integration/caddyfile_adapt/sort_vars_in_reverse.txt new file mode 100644 index 00000000..dff75e1e --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/sort_vars_in_reverse.txt @@ -0,0 +1,59 @@ +:80 + +vars /foobar foo last +vars /foo foo middle +vars * foo first +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":80" + ], + "routes": [ + { + "handle": [ + { + "foo": "first", + "handler": "vars" + } + ] + }, + { + "match": [ + { + "path": [ + "/foo" + ] + } + ], + "handle": [ + { + "foo": "middle", + "handler": "vars" + } + ] + }, + { + "match": [ + { + "path": [ + "/foobar" + ] + } + ], + "handle": [ + { + "foo": "last", + "handler": "vars" + } + ] + } + ] + } + } + } + } +} \ No newline at end of file From d543ad1ffd81e12476378fd1bfe2e8afbf562506 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 26 Apr 2022 00:00:39 -0400 Subject: [PATCH 0632/1498] caddypki: Fix `caddy trust` command to use the correct API endpoint (#4730) --- modules/caddypki/command.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/caddypki/command.go b/modules/caddypki/command.go index 9b64c613..c26c19ad 100644 --- a/modules/caddypki/command.go +++ b/modules/caddypki/command.go @@ -133,7 +133,7 @@ func cmdTrust(fl caddycmd.Flags) (int, error) { ca := CA{ log: caddy.Log(), root: rootCert, - rootCertPath: adminAddr + path.Join(adminPKIEndpointBase, caID, "certificates"), + rootCertPath: adminAddr + path.Join(adminPKIEndpointBase, "ca", caID), } // Install the cert! @@ -207,7 +207,7 @@ func cmdUntrust(fl caddycmd.Flags) (int, error) { // rootCertFromAdmin makes the API request to fetch the root certificate for the named CA via admin API. func rootCertFromAdmin(adminAddr string, caID string) (*x509.Certificate, error) { - uri := path.Join(adminPKIEndpointBase, caID, "certificates") + uri := path.Join(adminPKIEndpointBase, "ca", caID) // Make the request to fetch the CA info resp, err := caddycmd.AdminAPIRequest(adminAddr, http.MethodGet, uri, make(http.Header), nil) From 40b193fb791e241dec630a37167aac576375bc96 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Wed, 27 Apr 2022 10:39:22 -0600 Subject: [PATCH 0633/1498] reverseproxy: Improve hashing LB policies with HRW (#4724) * reverseproxy: Improve hashing LB policies with HRW Previously, if a list of upstreams changed, hash-based LB policies would be greatly affected because the hash relied on the position of upstreams in the pool. Highest Random Weight or "rendezvous" hashing is apparently robust to pool changes. It runs in O(n) instead of O(log n), but n is very small usually. * Fix bug and update tests --- .../reverseproxy/selectionpolicies.go | 29 +++++---- .../reverseproxy/selectionpolicies_test.go | 60 +++++++++---------- 2 files changed, 47 insertions(+), 42 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/selectionpolicies.go b/modules/caddyhttp/reverseproxy/selectionpolicies.go index 001f7f80..125a07f9 100644 --- a/modules/caddyhttp/reverseproxy/selectionpolicies.go +++ b/modules/caddyhttp/reverseproxy/selectionpolicies.go @@ -514,21 +514,26 @@ func leastRequests(upstreams []*Upstream) *Upstream { return best[weakrand.Intn(len(best))] } -// hostByHashing returns an available host -// from pool based on a hashable string s. +// hostByHashing returns an available host from pool based on a hashable string s. func hostByHashing(pool []*Upstream, s string) *Upstream { - poolLen := uint32(len(pool)) - if poolLen == 0 { - return nil - } - index := hash(s) % poolLen - for i := uint32(0); i < poolLen; i++ { - upstream := pool[(index+i)%poolLen] - if upstream.Available() { - return upstream + // Highest Random Weight (HRW, or "Rendezvous") hashing, + // guarantees stability when the list of upstreams changes; + // see https://medium.com/i0exception/rendezvous-hashing-8c00e2fb58b0, + // https://randorithms.com/2020/12/26/rendezvous-hashing.html, + // and https://en.wikipedia.org/wiki/Rendezvous_hashing. + var highestHash uint32 + var upstream *Upstream + for _, up := range pool { + if !up.Available() { + continue + } + h := hash(s + up.String()) // important to hash key and server together + if h > highestHash { + highestHash = h + upstream = up } } - return nil + return upstream } // hash calculates a fast hash based on s. diff --git a/modules/caddyhttp/reverseproxy/selectionpolicies_test.go b/modules/caddyhttp/reverseproxy/selectionpolicies_test.go index 7175f774..aa001e42 100644 --- a/modules/caddyhttp/reverseproxy/selectionpolicies_test.go +++ b/modules/caddyhttp/reverseproxy/selectionpolicies_test.go @@ -22,9 +22,9 @@ import ( func testPool() UpstreamPool { return UpstreamPool{ - {Host: new(Host)}, - {Host: new(Host)}, - {Host: new(Host)}, + {Host: new(Host), Dial: "0.0.0.1"}, + {Host: new(Host), Dial: "0.0.0.2"}, + {Host: new(Host), Dial: "0.0.0.3"}, } } @@ -95,13 +95,13 @@ func TestIPHashPolicy(t *testing.T) { // We should be able to predict where every request is routed. req.RemoteAddr = "172.0.0.1:80" h := ipHash.Select(pool, req, nil) - if h != pool[1] { - t.Error("Expected ip hash policy host to be the second host.") + if h != pool[0] { + t.Error("Expected ip hash policy host to be the first host.") } req.RemoteAddr = "172.0.0.2:80" h = ipHash.Select(pool, req, nil) - if h != pool[1] { - t.Error("Expected ip hash policy host to be the second host.") + if h != pool[0] { + t.Error("Expected ip hash policy host to be the first host.") } req.RemoteAddr = "172.0.0.3:80" h = ipHash.Select(pool, req, nil) @@ -117,13 +117,13 @@ func TestIPHashPolicy(t *testing.T) { // we should get the same results without a port req.RemoteAddr = "172.0.0.1" h = ipHash.Select(pool, req, nil) - if h != pool[1] { - t.Error("Expected ip hash policy host to be the second host.") + if h != pool[0] { + t.Error("Expected ip hash policy host to be the first host.") } req.RemoteAddr = "172.0.0.2" h = ipHash.Select(pool, req, nil) - if h != pool[1] { - t.Error("Expected ip hash policy host to be the second host.") + if h != pool[0] { + t.Error("Expected ip hash policy host to be the first host.") } req.RemoteAddr = "172.0.0.3" h = ipHash.Select(pool, req, nil) @@ -138,7 +138,7 @@ func TestIPHashPolicy(t *testing.T) { // we should get a healthy host if the original host is unhealthy and a // healthy host is available - req.RemoteAddr = "172.0.0.1" + req.RemoteAddr = "172.0.0.4" pool[1].setHealthy(false) h = ipHash.Select(pool, req, nil) if h != pool[2] { @@ -147,16 +147,16 @@ func TestIPHashPolicy(t *testing.T) { req.RemoteAddr = "172.0.0.2" h = ipHash.Select(pool, req, nil) - if h != pool[2] { - t.Error("Expected ip hash policy host to be the third host.") + if h != pool[0] { + t.Error("Expected ip hash policy host to be the first host.") } pool[1].setHealthy(true) req.RemoteAddr = "172.0.0.3" pool[2].setHealthy(false) h = ipHash.Select(pool, req, nil) - if h != pool[0] { - t.Error("Expected ip hash policy host to be the first host.") + if h != pool[1] { + t.Error("Expected ip hash policy host to be the second host.") } req.RemoteAddr = "172.0.0.4" h = ipHash.Select(pool, req, nil) @@ -167,29 +167,29 @@ func TestIPHashPolicy(t *testing.T) { // We should be able to resize the host pool and still be able to predict // where a req will be routed with the same IP's used above pool = UpstreamPool{ - {Host: new(Host)}, - {Host: new(Host)}, + {Host: new(Host), Dial: "0.0.0.2"}, + {Host: new(Host), Dial: "0.0.0.3"}, } req.RemoteAddr = "172.0.0.1:80" h = ipHash.Select(pool, req, nil) - if h != pool[0] { - t.Error("Expected ip hash policy host to be the first host.") + if h != pool[1] { + t.Error("Expected ip hash policy host to be the second host.") } req.RemoteAddr = "172.0.0.2:80" h = ipHash.Select(pool, req, nil) - if h != pool[1] { - t.Error("Expected ip hash policy host to be the second host.") - } - req.RemoteAddr = "172.0.0.3:80" - h = ipHash.Select(pool, req, nil) if h != pool[0] { t.Error("Expected ip hash policy host to be the first host.") } - req.RemoteAddr = "172.0.0.4:80" + req.RemoteAddr = "172.0.0.3:80" h = ipHash.Select(pool, req, nil) if h != pool[1] { t.Error("Expected ip hash policy host to be the second host.") } + req.RemoteAddr = "172.0.0.4:80" + h = ipHash.Select(pool, req, nil) + if h != pool[0] { + t.Error("Expected ip hash policy host to be the first host.") + } // We should get nil when there are no healthy hosts pool[0].setHealthy(false) @@ -252,14 +252,14 @@ func TestURIHashPolicy(t *testing.T) { request := httptest.NewRequest(http.MethodGet, "/test", nil) h := uriPolicy.Select(pool, request, nil) - if h != pool[0] { - t.Error("Expected uri policy host to be the first host.") + if h != pool[2] { + t.Error("Expected uri policy host to be the third host.") } - pool[0].setHealthy(false) + pool[2].setHealthy(false) h = uriPolicy.Select(pool, request, nil) if h != pool[1] { - t.Error("Expected uri policy host to be the first host.") + t.Error("Expected uri policy host to be the second host.") } request = httptest.NewRequest(http.MethodGet, "/test_2", nil) From 3ab648382d403cdfe5c0c7218fafe2b4197ccfd7 Mon Sep 17 00:00:00 2001 From: Marco Kaufmann <66012520+mahgoh@users.noreply.github.com> Date: Wed, 27 Apr 2022 19:41:37 +0200 Subject: [PATCH 0634/1498] templates: Add missing backticks in docs (#4737) --- modules/caddyhttp/templates/templates.go | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/caddyhttp/templates/templates.go b/modules/caddyhttp/templates/templates.go index 20eed8a2..8f2ae9dc 100644 --- a/modules/caddyhttp/templates/templates.go +++ b/modules/caddyhttp/templates/templates.go @@ -100,6 +100,7 @@ func init() { // {{ define "main" }} // content // {{ end }} +// ``` // // **index.html** // ``` From dcc98da4d25dc13183f4bb4e913439a160bb1adf Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Thu, 28 Apr 2022 10:18:45 -0400 Subject: [PATCH 0635/1498] caddyhttp: Improve listen addr error message for IPv6 (#4740) --- modules/caddyhttp/autohttps.go | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/modules/caddyhttp/autohttps.go b/modules/caddyhttp/autohttps.go index f1d99ce3..91611f98 100644 --- a/modules/caddyhttp/autohttps.go +++ b/modules/caddyhttp/autohttps.go @@ -222,11 +222,15 @@ func (app *App) automaticHTTPSPhase1(ctx caddy.Context, repl *caddy.Replacer) er app.logger.Info("enabling automatic HTTP->HTTPS redirects", zap.String("server_name", srvName)) // create HTTP->HTTPS redirects - for _, addr := range srv.Listen { + for _, listenAddr := range srv.Listen { // figure out the address we will redirect to... - addr, err := caddy.ParseNetworkAddress(addr) + addr, err := caddy.ParseNetworkAddress(listenAddr) if err != nil { - return fmt.Errorf("%s: invalid listener address: %v", srvName, addr) + msg := "%s: invalid listener address: %v" + if strings.Count(listenAddr, ":") > 1 { + msg = msg + ", there are too many colons, so the port is ambiguous. Did you mean to wrap the IPv6 address with [] brackets?" + } + return fmt.Errorf(msg, srvName, listenAddr) } // this address might not have a hostname, i.e. might be a From 2e4c09155a750895a306f8900a6d5f4597db5287 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Thu, 28 Apr 2022 10:31:59 -0400 Subject: [PATCH 0636/1498] cmd: Fix unix socket addresses for admin API requests (#4742) Fixes a regression in c2327161f725c820826587381f37d651a2b9736d --- cmd/commandfuncs.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go index 26b005bc..b18f5090 100644 --- a/cmd/commandfuncs.go +++ b/cmd/commandfuncs.go @@ -669,7 +669,7 @@ func AdminAPIRequest(adminAddr, method, uri string, headers http.Header, body io } origin := "http://" + parsedAddr.JoinHostPort(0) if parsedAddr.IsUnixNetwork() { - origin = "unixsocket" // hack so that http.NewRequest() is happy + origin = "http://unixsocket" // hack so that http.NewRequest() is happy } // form the request From 3017b245c9275f910dff472ee5e7729625c4f913 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Thu, 28 Apr 2022 10:42:30 -0400 Subject: [PATCH 0637/1498] logging: Use `RedirectStdLog` to capture more stdlib logs (#4732) * logging: Use `RedirectStdLog` * .gitignore a file pattern that I'm constantly using for testing --- .gitignore | 1 + logging.go | 8 +++++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 5322a53f..e154526b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,7 @@ _gitignore/ *.log Caddyfile +Caddyfile.* !caddyfile/ # artifacts from pprof tooling diff --git a/logging.go b/logging.go index 129aec43..5f8ea06a 100644 --- a/logging.go +++ b/logging.go @@ -661,9 +661,15 @@ func newDefaultProductionLog() (*defaultCustomLog, error) { cl.buildCore() + logger := zap.New(cl.core) + + // capture logs from other libraries which + // may not be using zap logging directly + _ = zap.RedirectStdLog(logger) + return &defaultCustomLog{ CustomLog: cl, - logger: zap.New(cl.core), + logger: logger, }, nil } From 0be3d995439245e8b4069fd3bddcd4b8ef9194d4 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Thu, 28 Apr 2022 11:38:44 -0400 Subject: [PATCH 0638/1498] logging: Implement rename filter, changes field key names (#4745) --- modules/logging/filters.go | 38 +++++++++++++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) diff --git a/modules/logging/filters.go b/modules/logging/filters.go index af64cc4b..aa96e5ef 100644 --- a/modules/logging/filters.go +++ b/modules/logging/filters.go @@ -31,12 +31,13 @@ import ( func init() { caddy.RegisterModule(DeleteFilter{}) + caddy.RegisterModule(HashFilter{}) caddy.RegisterModule(ReplaceFilter{}) caddy.RegisterModule(IPMaskFilter{}) caddy.RegisterModule(QueryFilter{}) caddy.RegisterModule(CookieFilter{}) caddy.RegisterModule(RegexpFilter{}) - caddy.RegisterModule(HashFilter{}) + caddy.RegisterModule(RenameFilter{}) } // LogFieldFilter can filter (or manipulate) @@ -542,21 +543,56 @@ func (f *RegexpFilter) Filter(in zapcore.Field) zapcore.Field { return in } +// RenameFilter is a Caddy log field filter that +// renames the field's key with the indicated name. +type RenameFilter struct { + Name string `json:"name,omitempty"` +} + +// CaddyModule returns the Caddy module information. +func (RenameFilter) CaddyModule() caddy.ModuleInfo { + return caddy.ModuleInfo{ + ID: "caddy.logging.encoders.filter.rename", + New: func() caddy.Module { return new(RenameFilter) }, + } +} + +// UnmarshalCaddyfile sets up the module from Caddyfile tokens. +func (f *RenameFilter) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + for d.Next() { + if d.NextArg() { + f.Name = d.Val() + } + } + return nil +} + +// Filter renames the input field with the replacement name. +func (f *RenameFilter) Filter(in zapcore.Field) zapcore.Field { + in.Type = zapcore.StringType + in.Key = f.Name + return in +} + // Interface guards var ( _ LogFieldFilter = (*DeleteFilter)(nil) + _ LogFieldFilter = (*HashFilter)(nil) _ LogFieldFilter = (*ReplaceFilter)(nil) _ LogFieldFilter = (*IPMaskFilter)(nil) _ LogFieldFilter = (*QueryFilter)(nil) _ LogFieldFilter = (*CookieFilter)(nil) _ LogFieldFilter = (*RegexpFilter)(nil) + _ LogFieldFilter = (*RenameFilter)(nil) _ caddyfile.Unmarshaler = (*DeleteFilter)(nil) + _ caddyfile.Unmarshaler = (*HashFilter)(nil) _ caddyfile.Unmarshaler = (*ReplaceFilter)(nil) _ caddyfile.Unmarshaler = (*IPMaskFilter)(nil) _ caddyfile.Unmarshaler = (*QueryFilter)(nil) _ caddyfile.Unmarshaler = (*CookieFilter)(nil) _ caddyfile.Unmarshaler = (*RegexpFilter)(nil) + _ caddyfile.Unmarshaler = (*RenameFilter)(nil) _ caddy.Provisioner = (*IPMaskFilter)(nil) _ caddy.Provisioner = (*RegexpFilter)(nil) From af7321511c960120d61cfd22e031f43071d5a9c2 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Thu, 28 Apr 2022 12:16:25 -0400 Subject: [PATCH 0639/1498] httpcaddyfile: Fix duplicate access log when debug is on (#4746) --- caddyconfig/httpcaddyfile/httptype.go | 18 ++++---- .../global_options_debug_with_access_log.txt | 45 +++++++++++++++++++ 2 files changed, 55 insertions(+), 8 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/global_options_debug_with_access_log.txt diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 5b0d845a..242f0b82 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -254,20 +254,13 @@ func (st ServerType) Setup(inputServerBlocks []caddyfile.ServerBlock, } customLogs = append(customLogs, ncl) } + // Apply global log options, when set if options["log"] != nil { for _, logValue := range options["log"].([]ConfigValue) { addCustomLog(logValue.Value.(namedCustomLog)) } } - // Apply server-specific log options - for _, p := range pairings { - for _, sb := range p.serverBlocks { - for _, clVal := range sb.pile["custom_log"] { - addCustomLog(clVal.Value.(namedCustomLog)) - } - } - } if !hasDefaultLog { // if the default log was not customized, ensure we @@ -280,6 +273,15 @@ func (st ServerType) Setup(inputServerBlocks []caddyfile.ServerBlock, } } + // Apply server-specific log options + for _, p := range pairings { + for _, sb := range p.serverBlocks { + for _, clVal := range sb.pile["custom_log"] { + addCustomLog(clVal.Value.(namedCustomLog)) + } + } + } + // annnd the top-level config, then we're done! cfg := &caddy.Config{AppsRaw: make(caddy.ModuleMap)} diff --git a/caddytest/integration/caddyfile_adapt/global_options_debug_with_access_log.txt b/caddytest/integration/caddyfile_adapt/global_options_debug_with_access_log.txt new file mode 100644 index 00000000..772cd089 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/global_options_debug_with_access_log.txt @@ -0,0 +1,45 @@ +{ + debug +} + +:8881 { + log { + format console + } +} +---------- +{ + "logging": { + "logs": { + "default": { + "level": "DEBUG", + "exclude": [ + "http.log.access.log0" + ] + }, + "log0": { + "encoder": { + "format": "console" + }, + "level": "DEBUG", + "include": [ + "http.log.access.log0" + ] + } + } + }, + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":8881" + ], + "logs": { + "default_logger_name": "log0" + } + } + } + } + } +} \ No newline at end of file From 4a223f52038cb77bbf97ca3f3345550dea4e12d8 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 2 May 2022 13:44:28 -0400 Subject: [PATCH 0640/1498] reverseproxy: Fix Caddyfile support for `replace_status` (#4754) --- .../reverse_proxy_handle_response.txt | 23 +++++++++++-- modules/caddyhttp/reverseproxy/caddyfile.go | 33 +++++++++---------- 2 files changed, 37 insertions(+), 19 deletions(-) diff --git a/caddytest/integration/caddyfile_adapt/reverse_proxy_handle_response.txt b/caddytest/integration/caddyfile_adapt/reverse_proxy_handle_response.txt index 1b6162dc..f6a26090 100644 --- a/caddytest/integration/caddyfile_adapt/reverse_proxy_handle_response.txt +++ b/caddytest/integration/caddyfile_adapt/reverse_proxy_handle_response.txt @@ -1,8 +1,13 @@ :8884 reverse_proxy 127.0.0.1:65535 { - @changeStatus status 500 - replace_status @changeStatus 400 + @500 status 500 + replace_status @500 400 + + @all status 2xx 3xx 4xx 5xx + replace_status @all {http.error.status_code} + + replace_status {http.error.status_code} @accel header X-Accel-Redirect * handle_response @accel { @@ -78,6 +83,17 @@ reverse_proxy 127.0.0.1:65535 { }, "status_code": 400 }, + { + "match": { + "status_code": [ + 2, + 3, + 4, + 5 + ] + }, + "status_code": "{http.error.status_code}" + }, { "match": { "headers": { @@ -228,6 +244,9 @@ reverse_proxy 127.0.0.1:65535 { } ] }, + { + "status_code": "{http.error.status_code}" + }, { "routes": [ { diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index b3f90106..14de2300 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -627,22 +627,24 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { case "replace_status": args := d.RemainingArgs() - if len(args) != 2 { - return d.Errf("must have two arguments: a response matcher and a status code") + if len(args) != 1 && len(args) != 2 { + return d.Errf("must have one or two arguments: an optional response matcher, and a status code") } - if !strings.HasPrefix(args[0], matcherPrefix) { - return d.Errf("must use a named response matcher, starting with '@'") - } + responseHandler := caddyhttp.ResponseHandler{} - foundMatcher, ok := h.responseMatchers[args[0]] - if !ok { - return d.Errf("no named response matcher defined with name '%s'", args[0][1:]) - } - - _, err := strconv.Atoi(args[1]) - if err != nil { - return d.Errf("bad integer value '%s': %v", args[1], err) + if len(args) == 2 { + if !strings.HasPrefix(args[0], matcherPrefix) { + return d.Errf("must use a named response matcher, starting with '@'") + } + foundMatcher, ok := h.responseMatchers[args[0]] + if !ok { + return d.Errf("no named response matcher defined with name '%s'", args[0][1:]) + } + responseHandler.Match = &foundMatcher + responseHandler.StatusCode = caddyhttp.WeakString(args[1]) + } else if len(args) == 1 { + responseHandler.StatusCode = caddyhttp.WeakString(args[0]) } // make sure there's no block, cause it doesn't make sense @@ -652,10 +654,7 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { h.HandleResponse = append( h.HandleResponse, - caddyhttp.ResponseHandler{ - Match: &foundMatcher, - StatusCode: caddyhttp.WeakString(args[1]), - }, + responseHandler, ) default: From e84e19a04eefccc743f0d397efe49ff42626f4b3 Mon Sep 17 00:00:00 2001 From: Tyler Kropp Date: Mon, 2 May 2022 16:55:34 -0400 Subject: [PATCH 0641/1498] templates: Add custom template function registration (#4757) * Add custom template function registration * Rename TemplateFunctions to CustomFunctions * Add documentation * Document CustomFunctions interface * Preallocate custom functions map list * Fix interface name in error message --- modules/caddyhttp/templates/templates.go | 32 ++++++++++++++++++++--- modules/caddyhttp/templates/tplcontext.go | 14 +++++++--- 2 files changed, 38 insertions(+), 8 deletions(-) diff --git a/modules/caddyhttp/templates/templates.go b/modules/caddyhttp/templates/templates.go index 8f2ae9dc..5aff27f5 100644 --- a/modules/caddyhttp/templates/templates.go +++ b/modules/caddyhttp/templates/templates.go @@ -21,6 +21,7 @@ import ( "net/http" "strconv" "strings" + "text/template" "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/modules/caddyhttp" @@ -36,6 +37,8 @@ func init() { // // ⚠️ Template functions/actions are still experimental, so they are subject to change. // +// Custom template functions can be registered by creating a plugin module under the `http.handlers.templates.functions.*` namespace that implements the `CustomFunctions` interface. +// // [All Sprig functions](https://masterminds.github.io/sprig/) are supported. // // In addition to the standard functions and the Sprig library, Caddy adds @@ -249,6 +252,14 @@ type Templates struct { // The template action delimiters. If set, must be precisely two elements: // the opening and closing delimiters. Default: `["{{", "}}"]` Delimiters []string `json:"delimiters,omitempty"` + + customFuncs []template.FuncMap +} + +// Customfunctions is the interface for registering custom template functions. +type CustomFunctions interface { + // CustomTemplateFunctions should return the mapping from custom function names to implementations. + CustomTemplateFunctions() template.FuncMap } // CaddyModule returns the Caddy module information. @@ -261,6 +272,18 @@ func (Templates) CaddyModule() caddy.ModuleInfo { // Provision provisions t. func (t *Templates) Provision(ctx caddy.Context) error { + fnModInfos := caddy.GetModules("http.handlers.templates.functions") + customFuncs := make([]template.FuncMap, len(fnModInfos), 0) + for _, modInfo := range fnModInfos { + mod := modInfo.New() + fnMod, ok := mod.(CustomFunctions) + if !ok { + return fmt.Errorf("module %q does not satisfy the CustomFunctions interface", modInfo.ID) + } + customFuncs = append(customFuncs, fnMod.CustomTemplateFunctions()) + } + t.customFuncs = customFuncs + if t.MIMETypes == nil { t.MIMETypes = defaultMIMETypes } @@ -331,10 +354,11 @@ func (t *Templates) executeTemplate(rr caddyhttp.ResponseRecorder, r *http.Reque } ctx := &TemplateContext{ - Root: fs, - Req: r, - RespHeader: WrappedHeader{rr.Header()}, - config: t, + Root: fs, + Req: r, + RespHeader: WrappedHeader{rr.Header()}, + config: t, + CustomFuncs: t.customFuncs, } err := ctx.executeTemplateInBuffer(r.URL.Path, rr.Buffer()) diff --git a/modules/caddyhttp/templates/tplcontext.go b/modules/caddyhttp/templates/tplcontext.go index 4f3cbf50..7843455a 100644 --- a/modules/caddyhttp/templates/tplcontext.go +++ b/modules/caddyhttp/templates/tplcontext.go @@ -40,10 +40,11 @@ import ( // TemplateContext is the TemplateContext with which HTTP templates are executed. type TemplateContext struct { - Root http.FileSystem - Req *http.Request - Args []interface{} // defined by arguments to funcInclude - RespHeader WrappedHeader + Root http.FileSystem + Req *http.Request + Args []interface{} // defined by arguments to funcInclude + RespHeader WrappedHeader + CustomFuncs []template.FuncMap // functions added by plugins config *Templates tpl *template.Template @@ -62,6 +63,11 @@ func (c *TemplateContext) NewTemplate(tplName string) *template.Template { // add sprig library c.tpl.Funcs(sprigFuncMap) + // add all custom functions + for _, funcMap := range c.CustomFuncs { + c.tpl.Funcs(funcMap) + } + // add our own library c.tpl.Funcs(template.FuncMap{ "include": c.funcInclude, From e7fbee8c82740bd3e21c9abdcfe5a1e922244c09 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 4 May 2022 14:40:39 -0400 Subject: [PATCH 0642/1498] reverseproxy: Permit resolver addresses to not specify a port (#4760) Context: https://caddy.community/t/caddy-2-5-dynamic-upstreams-and-consul-srv-dns/15839 I realized it probably makes sense to allow `:53` to be omitted, since it's the default port for DNS. --- modules/caddyhttp/reverseproxy/upstreams.go | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/modules/caddyhttp/reverseproxy/upstreams.go b/modules/caddyhttp/reverseproxy/upstreams.go index 3b58b8dd..f788dadb 100644 --- a/modules/caddyhttp/reverseproxy/upstreams.go +++ b/modules/caddyhttp/reverseproxy/upstreams.go @@ -7,6 +7,7 @@ import ( "net" "net/http" "strconv" + "strings" "sync" "time" @@ -372,7 +373,14 @@ func (u *UpstreamResolver) ParseAddresses() error { for _, v := range u.Addresses { addr, err := caddy.ParseNetworkAddress(v) if err != nil { - return err + // If a port wasn't specified for the resolver, + // try defaulting to 53 and parse again + if strings.Contains(err.Error(), "missing port in address") { + addr, err = caddy.ParseNetworkAddress(v + ":53") + } + if err != nil { + return err + } } if addr.PortRangeSize() != 1 { return fmt.Errorf("resolver address must have exactly one address; cannot call %v", addr) From ec86a2f7a3905c888b8c953255a98a50be70d5db Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 4 May 2022 14:42:37 -0400 Subject: [PATCH 0643/1498] caddyfile: Shortcut for `remote_ip` for private IP ranges (#4753) --- .../caddyfile_adapt/matcher_syntax.txt | 25 +++++++++++++++++++ modules/caddyhttp/matchers.go | 11 ++++++++ 2 files changed, 36 insertions(+) diff --git a/caddytest/integration/caddyfile_adapt/matcher_syntax.txt b/caddytest/integration/caddyfile_adapt/matcher_syntax.txt index cb521aa6..a3e0a50e 100644 --- a/caddytest/integration/caddyfile_adapt/matcher_syntax.txt +++ b/caddytest/integration/caddyfile_adapt/matcher_syntax.txt @@ -37,6 +37,9 @@ header Bar foo } respond @matcher9 "header matcher with null field matcher" + + @matcher10 remote_ip private_ranges + respond @matcher10 "remote_ip matcher with private ranges" } ---------- { @@ -209,6 +212,28 @@ "handler": "static_response" } ] + }, + { + "match": [ + { + "remote_ip": { + "ranges": [ + "192.168.0.0/16", + "172.16.0.0/12", + "10.0.0.0/8", + "127.0.0.1/8", + "fd00::/8", + "::1" + ] + } + } + ], + "handle": [ + { + "body": "remote_ip matcher with private ranges", + "handler": "static_response" + } + ] } ] } diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index 9f10e2c3..f8953ef5 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -867,6 +867,17 @@ func (m *MatchRemoteIP) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { m.Forwarded = true continue } + if d.Val() == "private_ranges" { + m.Ranges = append(m.Ranges, []string{ + "192.168.0.0/16", + "172.16.0.0/12", + "10.0.0.0/8", + "127.0.0.1/8", + "fd00::/8", + "::1", + }...) + continue + } m.Ranges = append(m.Ranges, d.Val()) } if d.NextBlock(0) { From f6900fcf530e80c921dac8e4f09996cffce7f436 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Fri, 6 May 2022 10:50:26 -0400 Subject: [PATCH 0644/1498] reverseproxy: Support performing pre-check requests (#4739) --- caddyconfig/httpcaddyfile/builtins.go | 16 +- caddyconfig/httpcaddyfile/builtins_test.go | 27 +- caddyconfig/httpcaddyfile/directives.go | 1 + caddyconfig/httpcaddyfile/httptype.go | 1 + .../caddyfile_adapt/forward_auth_authelia.txt | 137 +++++++++ .../caddyfile_adapt/reverse_proxy_options.txt | 34 +-- modules/caddyhttp/reverseproxy/caddyfile.go | 29 +- .../reverseproxy/fastcgi/caddyfile.go | 10 +- .../reverseproxy/forwardauth/caddyfile.go | 269 ++++++++++++++++++ .../caddyhttp/reverseproxy/reverseproxy.go | 56 +++- modules/caddyhttp/rewrite/rewrite.go | 4 +- modules/caddyhttp/rewrite/rewrite_test.go | 2 +- modules/caddyhttp/standard/imports.go | 1 + 13 files changed, 542 insertions(+), 45 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/forward_auth_authelia.txt create mode 100644 modules/caddyhttp/reverseproxy/forwardauth/caddyfile.go diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index 1e7c7016..5c539e2a 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -580,12 +580,24 @@ func parseRedir(h Helper) (caddyhttp.MiddlewareHandler, error) { body = fmt.Sprintf(metaRedir, safeTo, safeTo, safeTo, safeTo) code = "302" default: + // Allow placeholders for the code + if strings.HasPrefix(code, "{") { + break + } + // Try to validate as an integer otherwise codeInt, err := strconv.Atoi(code) if err != nil { return nil, h.Errf("Not a supported redir code type or not valid integer: '%s'", code) } - if codeInt < 300 || codeInt > 399 { - return nil, h.Errf("Redir code not in the 3xx range: '%v'", codeInt) + // Sometimes, a 401 with Location header is desirable because + // requests made with XHR will "eat" the 3xx redirect; so if + // the intent was to redirect to an auth page, a 3xx won't + // work. Responding with 401 allows JS code to read the + // Location header and do a window.location redirect manually. + // see https://stackoverflow.com/a/2573589/846934 + // see https://github.com/oauth2-proxy/oauth2-proxy/issues/1522 + if codeInt < 300 || (codeInt > 399 && codeInt != 401) { + return nil, h.Errf("Redir code not in the 3xx range or 401: '%v'", codeInt) } } diff --git a/caddyconfig/httpcaddyfile/builtins_test.go b/caddyconfig/httpcaddyfile/builtins_test.go index 991c649c..bd5e1169 100644 --- a/caddyconfig/httpcaddyfile/builtins_test.go +++ b/caddyconfig/httpcaddyfile/builtins_test.go @@ -148,6 +148,27 @@ func TestRedirDirectiveSyntax(t *testing.T) { }`, expectError: false, }, + { + // this is now allowed so a Location header + // can be written and consumed by JS + // in the case of XHR requests + input: `:8080 { + redir * :8081 401 + }`, + expectError: false, + }, + { + input: `:8080 { + redir * :8081 402 + }`, + expectError: true, + }, + { + input: `:8080 { + redir * :8081 {http.reverse_proxy.status_code} + }`, + expectError: false, + }, { input: `:8080 { redir /old.html /new.html htlm @@ -160,12 +181,6 @@ func TestRedirDirectiveSyntax(t *testing.T) { }`, expectError: true, }, - { - input: `:8080 { - redir * :8081 400 - }`, - expectError: true, - }, { input: `:8080 { redir * :8081 temp diff --git a/caddyconfig/httpcaddyfile/directives.go b/caddyconfig/httpcaddyfile/directives.go index aaa8cb01..164b9126 100644 --- a/caddyconfig/httpcaddyfile/directives.go +++ b/caddyconfig/httpcaddyfile/directives.go @@ -57,6 +57,7 @@ var directiveOrder = []string{ // middleware handlers; some wrap responses "basicauth", + "forward_auth", "request_header", "encode", "push", diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 242f0b82..9c723dbf 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -130,6 +130,7 @@ func (st ServerType) Setup(inputServerBlocks []caddyfile.ServerBlock, {regexp.MustCompile(`{path\.([\w-]*)}`), "{http.request.uri.path.$1}"}, {regexp.MustCompile(`{re\.([\w-]*)\.([\w-]*)}`), "{http.regexp.$1.$2}"}, {regexp.MustCompile(`{vars\.([\w-]*)}`), "{http.vars.$1}"}, + {regexp.MustCompile(`{rp\.([\w-\.]*)}`), "{http.reverse_proxy.$1}"}, } for _, sb := range originalServerBlocks { diff --git a/caddytest/integration/caddyfile_adapt/forward_auth_authelia.txt b/caddytest/integration/caddyfile_adapt/forward_auth_authelia.txt new file mode 100644 index 00000000..e7cbb0f5 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/forward_auth_authelia.txt @@ -0,0 +1,137 @@ +app.example.com { + forward_auth authelia:9091 { + uri /api/verify?rd=https://authelia.example.com + copy_headers Remote-User Remote-Groups Remote-Name Remote-Email + } + + reverse_proxy backend:8080 +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "app.example.com" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "handle_response": [ + { + "match": { + "status_code": [ + 2 + ] + }, + "routes": [ + { + "handle": [ + { + "handler": "headers", + "request": { + "set": { + "Remote-Email": [ + "{http.reverse_proxy.header.Remote-Email}" + ], + "Remote-Groups": [ + "{http.reverse_proxy.header.Remote-Groups}" + ], + "Remote-Name": [ + "{http.reverse_proxy.header.Remote-Name}" + ], + "Remote-User": [ + "{http.reverse_proxy.header.Remote-User}" + ] + } + } + } + ] + } + ] + }, + { + "routes": [ + { + "handle": [ + { + "exclude": [ + "Connection", + "Keep-Alive", + "Te", + "Trailers", + "Transfer-Encoding", + "Upgrade" + ], + "handler": "copy_response_headers" + } + ] + }, + { + "handle": [ + { + "handler": "copy_response" + } + ] + } + ] + } + ], + "handler": "reverse_proxy", + "headers": { + "request": { + "set": { + "X-Forwarded-Method": [ + "{http.request.method}" + ], + "X-Forwarded-Uri": [ + "{http.request.uri}" + ] + } + } + }, + "rewrite": { + "method": "GET", + "uri": "/api/verify?rd=https://authelia.example.com" + }, + "upstreams": [ + { + "dial": "authelia:9091" + } + ] + }, + { + "handler": "reverse_proxy", + "upstreams": [ + { + "dial": "backend:8080" + } + ] + } + ] + } + ] + } + ], + "terminal": true + } + ] + } + } + } + } +} \ No newline at end of file diff --git a/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt b/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt index e41b9004..fc07698d 100644 --- a/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt +++ b/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt @@ -1,11 +1,11 @@ https://example.com { - reverse_proxy /path http://localhost:54321 { - header_up Host {host} - header_up X-Real-IP {remote} - header_up X-Forwarded-For {remote} - header_up X-Forwarded-Port {server_port} - header_up X-Forwarded-Proto "http" + reverse_proxy /path https://localhost:54321 { + header_up Host {upstream_hostport} + header_up Foo bar + + method GET + rewrite /rewritten?uri={uri} buffer_requests @@ -58,24 +58,19 @@ https://example.com { "headers": { "request": { "set": { + "Foo": [ + "bar" + ], "Host": [ - "{http.request.host}" - ], - "X-Forwarded-For": [ - "{http.request.remote}" - ], - "X-Forwarded-Port": [ - "{server_port}" - ], - "X-Forwarded-Proto": [ - "http" - ], - "X-Real-Ip": [ - "{http.request.remote}" + "{http.reverse_proxy.upstream.hostport}" ] } } }, + "rewrite": { + "method": "GET", + "uri": "/rewritten?uri={http.request.uri}" + }, "transport": { "compression": false, "dial_fallback_delay": 5000000000, @@ -96,6 +91,7 @@ https://example.com { ] }, "response_header_timeout": 8000000000, + "tls": {}, "versions": [ "h2c", "2" diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index 14de2300..ebea49eb 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -27,6 +27,7 @@ import ( "github.com/caddyserver/caddy/v2/caddyconfig/httpcaddyfile" "github.com/caddyserver/caddy/v2/modules/caddyhttp" "github.com/caddyserver/caddy/v2/modules/caddyhttp/headers" + "github.com/caddyserver/caddy/v2/modules/caddyhttp/rewrite" "github.com/dustin/go-humanize" ) @@ -85,10 +86,12 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) // buffer_responses // max_buffer_size // -// # header manipulation +// # request manipulation // trusted_proxies [private_ranges] // header_up [+|-] [ []] // header_down [+|-] [ []] +// method +// rewrite // // # round trip // transport { @@ -600,6 +603,30 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return d.Err(err.Error()) } + case "method": + if !d.NextArg() { + return d.ArgErr() + } + if h.Rewrite == nil { + h.Rewrite = &rewrite.Rewrite{} + } + h.Rewrite.Method = d.Val() + if d.NextArg() { + return d.ArgErr() + } + + case "rewrite": + if !d.NextArg() { + return d.ArgErr() + } + if h.Rewrite == nil { + h.Rewrite = &rewrite.Rewrite{} + } + h.Rewrite.URI = d.Val() + if d.NextArg() { + return d.ArgErr() + } + case "transport": if !d.NextArg() { return d.ArgErr() diff --git a/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go b/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go index 1b4cecf4..96b84f21 100644 --- a/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go @@ -196,7 +196,15 @@ func parsePHPFastCGI(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error // NOTE: we delete the tokens as we go so that the reverse_proxy // unmarshal doesn't see these subdirectives which it cannot handle for dispenser.Next() { - for dispenser.NextBlock(0) && dispenser.Nesting() == 1 { + for dispenser.NextBlock(0) { + // ignore any sub-subdirectives that might + // have the same name somewhere within + // the reverse_proxy passthrough tokens + if dispenser.Nesting() != 1 { + continue + } + + // parse the php_fastcgi subdirectives switch dispenser.Val() { case "root": if !dispenser.NextArg() { diff --git a/modules/caddyhttp/reverseproxy/forwardauth/caddyfile.go b/modules/caddyhttp/reverseproxy/forwardauth/caddyfile.go new file mode 100644 index 00000000..1571f09a --- /dev/null +++ b/modules/caddyhttp/reverseproxy/forwardauth/caddyfile.go @@ -0,0 +1,269 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package forwardauth + +import ( + "encoding/json" + "net/http" + + "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/caddy/v2/caddyconfig" + "github.com/caddyserver/caddy/v2/caddyconfig/httpcaddyfile" + "github.com/caddyserver/caddy/v2/modules/caddyhttp" + "github.com/caddyserver/caddy/v2/modules/caddyhttp/headers" + "github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy" + "github.com/caddyserver/caddy/v2/modules/caddyhttp/rewrite" +) + +func init() { + httpcaddyfile.RegisterDirective("forward_auth", parseCaddyfile) +} + +// parseCaddyfile parses the forward_auth directive, which has the same syntax +// as the reverse_proxy directive (in fact, the reverse_proxy's directive +// Unmarshaler is invoked by this function) but the resulting proxy is specially +// configured for most™️ auth gateways that support forward auth. The typical +// config which looks something like this: +// +// forward_auth auth-gateway:9091 { +// uri /authenticate?redirect=https://auth.example.com +// copy_headers Remote-User Remote-Email +// } +// +// is equivalent to a reverse_proxy directive like this: +// +// reverse_proxy auth-gateway:9091 { +// method GET +// rewrite /authenticate?redirect=https://auth.example.com +// +// header_up X-Forwarded-Method {method} +// header_up X-Forwarded-Uri {uri} +// +// @good status 2xx +// handle_response @good { +// request_header { +// Remote-User {http.reverse_proxy.header.Remote-User} +// Remote-Email {http.reverse_proxy.header.Remote-Email} +// } +// } +// +// handle_response { +// copy_response_headers { +// exclude Connection Keep-Alive Te Trailers Transfer-Encoding Upgrade +// } +// copy_response +// } +// } +// +func parseCaddyfile(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error) { + if !h.Next() { + return nil, h.ArgErr() + } + + // if the user specified a matcher token, use that + // matcher in a route that wraps both of our routes; + // either way, strip the matcher token and pass + // the remaining tokens to the unmarshaler so that + // we can gain the rest of the reverse_proxy syntax + userMatcherSet, err := h.ExtractMatcherSet() + if err != nil { + return nil, err + } + + // make a new dispenser from the remaining tokens so that we + // can reset the dispenser back to this point for the + // reverse_proxy unmarshaler to read from it as well + dispenser := h.NewFromNextSegment() + + // create the reverse proxy handler + rpHandler := &reverseproxy.Handler{ + // set up defaults for header_up; reverse_proxy already deals with + // adding the other three X-Forwarded-* headers, but for this flow, + // we want to also send along the incoming method and URI since this + // request will have a rewritten URI and method. + Headers: &headers.Handler{ + Request: &headers.HeaderOps{ + Set: http.Header{ + "X-Forwarded-Method": []string{"{http.request.method}"}, + "X-Forwarded-Uri": []string{"{http.request.uri}"}, + }, + }, + }, + + // we always rewrite the method to GET, which implicitly + // turns off sending the incoming request's body, which + // allows later middleware handlers to consume it + Rewrite: &rewrite.Rewrite{ + Method: "GET", + }, + + HandleResponse: []caddyhttp.ResponseHandler{}, + } + + // collect the headers to copy from the auth response + // onto the original request, so they can get passed + // through to a backend app + headersToCopy := []string{} + + // read the subdirectives for configuring the forward_auth shortcut + // NOTE: we delete the tokens as we go so that the reverse_proxy + // unmarshal doesn't see these subdirectives which it cannot handle + for dispenser.Next() { + for dispenser.NextBlock(0) { + // ignore any sub-subdirectives that might + // have the same name somewhere within + // the reverse_proxy passthrough tokens + if dispenser.Nesting() != 1 { + continue + } + + // parse the forward_auth subdirectives + switch dispenser.Val() { + case "uri": + if !dispenser.NextArg() { + return nil, dispenser.ArgErr() + } + rpHandler.Rewrite.URI = dispenser.Val() + dispenser.Delete() + dispenser.Delete() + + case "copy_headers": + args := dispenser.RemainingArgs() + dispenser.Delete() + for _, headerField := range args { + dispenser.Delete() + headersToCopy = append(headersToCopy, headerField) + } + if len(headersToCopy) == 0 { + return nil, dispenser.ArgErr() + } + } + } + } + + // reset the dispenser after we're done so that the reverse_proxy + // unmarshaler can read it from the start + dispenser.Reset() + + // the auth target URI must not be empty + if rpHandler.Rewrite.URI == "" { + return nil, dispenser.Errf("the 'uri' subdirective is required") + } + + // set up handler for good responses; when a response + // has 2xx status, then we will copy some headers from + // the response onto the original request, and allow + // handling to continue down the middleware chain, + // by _not_ executing a terminal handler. + goodResponseHandler := caddyhttp.ResponseHandler{ + Match: &caddyhttp.ResponseMatcher{ + StatusCode: []int{2}, + }, + Routes: []caddyhttp.Route{}, + } + if len(headersToCopy) > 0 { + handler := &headers.Handler{ + Request: &headers.HeaderOps{ + Set: http.Header{}, + }, + } + + for _, headerField := range headersToCopy { + handler.Request.Set[headerField] = []string{ + "{http.reverse_proxy.header." + headerField + "}", + } + } + + goodResponseHandler.Routes = append( + goodResponseHandler.Routes, + caddyhttp.Route{ + HandlersRaw: []json.RawMessage{caddyconfig.JSONModuleObject( + handler, + "handler", + "headers", + nil, + )}, + }, + ) + } + rpHandler.HandleResponse = append(rpHandler.HandleResponse, goodResponseHandler) + + // set up handler for denial responses; when a response + // has any other status than 2xx, then we copy the response + // back to the client, and terminate handling. + denialResponseHandler := caddyhttp.ResponseHandler{ + Routes: []caddyhttp.Route{ + { + HandlersRaw: []json.RawMessage{caddyconfig.JSONModuleObject( + &reverseproxy.CopyResponseHeadersHandler{ + Exclude: []string{ + "Connection", + "Keep-Alive", + "Te", + "Trailers", + "Transfer-Encoding", + "Upgrade", + }, + }, + "handler", + "copy_response_headers", + nil, + )}, + }, + { + HandlersRaw: []json.RawMessage{caddyconfig.JSONModuleObject( + &reverseproxy.CopyResponseHandler{}, + "handler", + "copy_response", + nil, + )}, + }, + }, + } + rpHandler.HandleResponse = append(rpHandler.HandleResponse, denialResponseHandler) + + // the rest of the config is specified by the user + // using the reverse_proxy directive syntax + err = rpHandler.UnmarshalCaddyfile(dispenser) + if err != nil { + return nil, err + } + err = rpHandler.FinalizeUnmarshalCaddyfile(h) + if err != nil { + return nil, err + } + + // create the final reverse proxy route + rpRoute := caddyhttp.Route{ + HandlersRaw: []json.RawMessage{caddyconfig.JSONModuleObject( + rpHandler, + "handler", + "reverse_proxy", + nil, + )}, + } + + // apply the user's matcher if any + if userMatcherSet != nil { + rpRoute.MatcherSetsRaw = []caddy.ModuleMap{userMatcherSet} + } + + return []httpcaddyfile.ConfigValue{ + { + Class: "route", + Value: rpRoute, + }, + }, nil +} diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index d69b04e1..07eb99ce 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -35,6 +35,7 @@ import ( "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" "github.com/caddyserver/caddy/v2/modules/caddyhttp" "github.com/caddyserver/caddy/v2/modules/caddyhttp/headers" + "github.com/caddyserver/caddy/v2/modules/caddyhttp/rewrite" "go.uber.org/zap" "golang.org/x/net/http/httpguts" ) @@ -136,6 +137,18 @@ type Handler struct { // used for the requests and responses (in bytes). MaxBufferSize int64 `json:"max_buffer_size,omitempty"` + // If configured, rewrites the copy of the upstream request. + // Allows changing the request method and URI (path and query). + // Since the rewrite is applied to the copy, it does not persist + // past the reverse proxy handler. + // If the method is changed to `GET` or `HEAD`, the request body + // will not be copied to the backend. This allows a later request + // handler -- either in a `handle_response` route, or after -- to + // read the body. + // By default, no rewrite is performed, and the method and URI + // from the incoming request is used as-is for proxying. + Rewrite *rewrite.Rewrite `json:"rewrite,omitempty"` + // List of handlers and their associated matchers to evaluate // after successful roundtrips. The first handler that matches // the response from a backend will be invoked. The response @@ -258,6 +271,13 @@ func (h *Handler) Provision(ctx caddy.Context) error { } } + if h.Rewrite != nil { + err := h.Rewrite.Provision(ctx) + if err != nil { + return fmt.Errorf("provisioning rewrite: %v", err) + } + } + // set up transport if h.Transport == nil { t := &HTTPTransport{} @@ -385,7 +405,7 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyht repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) // prepare the request for proxying; this is needed only once - clonedReq, err := h.prepareRequest(r) + clonedReq, err := h.prepareRequest(r, repl) if err != nil { return caddyhttp.Error(http.StatusInternalServerError, fmt.Errorf("preparing request for upstream round-trip: %v", err)) @@ -412,7 +432,7 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyht var proxyErr error for { var done bool - done, proxyErr = h.proxyLoopIteration(clonedReq, w, proxyErr, start, repl, reqHeader, reqHost, next) + done, proxyErr = h.proxyLoopIteration(clonedReq, r, w, proxyErr, start, repl, reqHeader, reqHost, next) if done { break } @@ -429,7 +449,7 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyht // that has to be passed in, we brought this into its own method so that we could run defer more easily. // It returns true when the loop is done and should break; false otherwise. The error value returned should // be assigned to the proxyErr value for the next iteration of the loop (or the error handled after break). -func (h *Handler) proxyLoopIteration(r *http.Request, w http.ResponseWriter, proxyErr error, start time.Time, +func (h *Handler) proxyLoopIteration(r *http.Request, origReq *http.Request, w http.ResponseWriter, proxyErr error, start time.Time, repl *caddy.Replacer, reqHeader http.Header, reqHost string, next caddyhttp.Handler) (bool, error) { // get the updated list of upstreams upstreams := h.Upstreams @@ -503,7 +523,7 @@ func (h *Handler) proxyLoopIteration(r *http.Request, w http.ResponseWriter, pro } // proxy the request to that upstream - proxyErr = h.reverseProxy(w, r, repl, dialInfo, next) + proxyErr = h.reverseProxy(w, r, origReq, repl, dialInfo, next) if proxyErr == nil || proxyErr == context.Canceled { // context.Canceled happens when the downstream client // cancels the request, which is not our failure @@ -536,9 +556,20 @@ func (h *Handler) proxyLoopIteration(r *http.Request, w http.ResponseWriter, pro // properties of the cloned request and should be done just once (before // proxying) regardless of proxy retries. This assumes that no mutations // of the cloned request are performed by h during or after proxying. -func (h Handler) prepareRequest(req *http.Request) (*http.Request, error) { +func (h Handler) prepareRequest(req *http.Request, repl *caddy.Replacer) (*http.Request, error) { req = cloneRequest(req) + // if enabled, perform rewrites on the cloned request; if + // the method is GET or HEAD, prevent the request body + // from being copied to the upstream + if h.Rewrite != nil { + changed := h.Rewrite.Rewrite(req, repl) + if changed && (h.Rewrite.Method == "GET" || h.Rewrite.Method == "HEAD") { + req.ContentLength = 0 + req.Body = nil + } + } + // if enabled, buffer client request; this should only be // enabled if the upstream requires it and does not work // with "slow clients" (gunicorn, etc.) - this obviously @@ -547,7 +578,7 @@ func (h Handler) prepareRequest(req *http.Request) (*http.Request, error) { // attacks, so it is strongly recommended to only use this // feature if absolutely required, if read timeouts are // set, and if body size is limited - if h.BufferRequests { + if h.BufferRequests && req.Body != nil { req.Body = h.bufferedBody(req.Body) } @@ -673,10 +704,7 @@ func (h Handler) addForwardedHeaders(req *http.Request) error { // we pass through the request Host as-is, but in situations // where we proxy over HTTPS, the user may need to override // Host themselves, so it's helpful to send the original too. - host, _, err := net.SplitHostPort(req.Host) - if err != nil { - host = req.Host // OK; there probably was no port - } + host := req.Host prior, ok, omit = lastHeaderValue(req.Header, "X-Forwarded-Host") if trusted && ok && prior != "" { host = prior @@ -691,7 +719,7 @@ func (h Handler) addForwardedHeaders(req *http.Request) error { // reverseProxy performs a round-trip to the given backend and processes the response with the client. // (This method is mostly the beginning of what was borrowed from the net/http/httputil package in the // Go standard library which was used as the foundation.) -func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, repl *caddy.Replacer, di DialInfo, next caddyhttp.Handler) error { +func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, origReq *http.Request, repl *caddy.Replacer, di DialInfo, next caddyhttp.Handler) error { _ = di.Upstream.Host.countRequest(1) //nolint:errcheck defer di.Upstream.Host.countRequest(-1) @@ -798,17 +826,19 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, repl * // we make some data available via request context to child routes // so that they may inherit some options and functions from the // handler, and be able to copy the response. + // we use the original request here, so that any routes from 'next' + // see the original request rather than the proxy cloned request. hrc := &handleResponseContext{ handler: h, response: res, start: start, logger: logger, } - ctx := req.Context() + ctx := origReq.Context() ctx = context.WithValue(ctx, proxyHandleResponseContextCtxKey, hrc) // pass the request through the response handler routes - routeErr := rh.Routes.Compile(next).ServeHTTP(rw, req.WithContext(ctx)) + routeErr := rh.Routes.Compile(next).ServeHTTP(rw, origReq.WithContext(ctx)) // if the response handler routes already finalized the response, // we can return early. It should be finalized if the routes executed diff --git a/modules/caddyhttp/rewrite/rewrite.go b/modules/caddyhttp/rewrite/rewrite.go index cd340e35..690e7526 100644 --- a/modules/caddyhttp/rewrite/rewrite.go +++ b/modules/caddyhttp/rewrite/rewrite.go @@ -106,7 +106,7 @@ func (rewr Rewrite) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddy zap.Object("request", caddyhttp.LoggableHTTPRequest{Request: r}), ) - changed := rewr.rewrite(r, repl, logger) + changed := rewr.Rewrite(r, repl) if changed { logger.Debug("rewrote request", @@ -121,7 +121,7 @@ func (rewr Rewrite) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddy // rewrite performs the rewrites on r using repl, which should // have been obtained from r, but is passed in for efficiency. // It returns true if any changes were made to r. -func (rewr Rewrite) rewrite(r *http.Request, repl *caddy.Replacer, logger *zap.Logger) bool { +func (rewr Rewrite) Rewrite(r *http.Request, repl *caddy.Replacer) bool { oldMethod := r.Method oldURI := r.RequestURI diff --git a/modules/caddyhttp/rewrite/rewrite_test.go b/modules/caddyhttp/rewrite/rewrite_test.go index 38d96fe9..3e2e13da 100644 --- a/modules/caddyhttp/rewrite/rewrite_test.go +++ b/modules/caddyhttp/rewrite/rewrite_test.go @@ -292,7 +292,7 @@ func TestRewrite(t *testing.T) { rep.re = re } - changed := tc.rule.rewrite(tc.input, repl, nil) + changed := tc.rule.Rewrite(tc.input, repl) if expected, actual := !reqEqual(originalInput, tc.input), changed; expected != actual { t.Errorf("Test %d: Expected changed=%t but was %t", i, expected, actual) diff --git a/modules/caddyhttp/standard/imports.go b/modules/caddyhttp/standard/imports.go index 8ce23957..435569d6 100644 --- a/modules/caddyhttp/standard/imports.go +++ b/modules/caddyhttp/standard/imports.go @@ -15,6 +15,7 @@ import ( _ "github.com/caddyserver/caddy/v2/modules/caddyhttp/requestbody" _ "github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy" _ "github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy/fastcgi" + _ "github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy/forwardauth" _ "github.com/caddyserver/caddy/v2/modules/caddyhttp/rewrite" _ "github.com/caddyserver/caddy/v2/modules/caddyhttp/templates" _ "github.com/caddyserver/caddy/v2/modules/caddyhttp/tracing" From f7be0ee10131f25620a2f64af7e3ded43eae2049 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Fri, 6 May 2022 12:25:31 -0400 Subject: [PATCH 0645/1498] map: Prevent output destinations overlap with Caddyfile shorthands (#4657) --- caddyconfig/httpcaddyfile/httptype.go | 84 ++++++++++++++++++--------- modules/caddyhttp/map/caddyfile.go | 5 ++ 2 files changed, 61 insertions(+), 28 deletions(-) diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 9c723dbf..a8d01bcc 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -88,34 +88,10 @@ func (st ServerType) Setup(inputServerBlocks []caddyfile.ServerBlock, return nil, warnings, err } - // replace shorthand placeholders (which are - // convenient when writing a Caddyfile) with - // their actual placeholder identifiers or - // variable names - replacer := strings.NewReplacer( - "{dir}", "{http.request.uri.path.dir}", - "{file}", "{http.request.uri.path.file}", - "{host}", "{http.request.host}", - "{hostport}", "{http.request.hostport}", - "{port}", "{http.request.port}", - "{method}", "{http.request.method}", - "{path}", "{http.request.uri.path}", - "{query}", "{http.request.uri.query}", - "{remote}", "{http.request.remote}", - "{remote_host}", "{http.request.remote.host}", - "{remote_port}", "{http.request.remote.port}", - "{scheme}", "{http.request.scheme}", - "{uri}", "{http.request.uri}", - "{tls_cipher}", "{http.request.tls.cipher_suite}", - "{tls_version}", "{http.request.tls.version}", - "{tls_client_fingerprint}", "{http.request.tls.client.fingerprint}", - "{tls_client_issuer}", "{http.request.tls.client.issuer}", - "{tls_client_serial}", "{http.request.tls.client.serial}", - "{tls_client_subject}", "{http.request.tls.client.subject}", - "{tls_client_certificate_pem}", "{http.request.tls.client.certificate_pem}", - "{tls_client_certificate_der_base64}", "{http.request.tls.client.certificate_der_base64}", - "{upstream_hostport}", "{http.reverse_proxy.upstream.hostport}", - ) + // replace shorthand placeholders (which are convenient + // when writing a Caddyfile) with their actual placeholder + // identifiers or variable names + replacer := strings.NewReplacer(placeholderShorthands()...) // these are placeholders that allow a user-defined final // parameters, but we still want to provide a shorthand @@ -1265,6 +1241,58 @@ func encodeMatcherSet(matchers map[string]caddyhttp.RequestMatcher) (caddy.Modul return msEncoded, nil } +// placeholderShorthands returns a slice of old-new string pairs, +// where the left of the pair is a placeholder shorthand that may +// be used in the Caddyfile, and the right is the replacement. +func placeholderShorthands() []string { + return []string{ + "{dir}", "{http.request.uri.path.dir}", + "{file}", "{http.request.uri.path.file}", + "{host}", "{http.request.host}", + "{hostport}", "{http.request.hostport}", + "{port}", "{http.request.port}", + "{method}", "{http.request.method}", + "{path}", "{http.request.uri.path}", + "{query}", "{http.request.uri.query}", + "{remote}", "{http.request.remote}", + "{remote_host}", "{http.request.remote.host}", + "{remote_port}", "{http.request.remote.port}", + "{scheme}", "{http.request.scheme}", + "{uri}", "{http.request.uri}", + "{tls_cipher}", "{http.request.tls.cipher_suite}", + "{tls_version}", "{http.request.tls.version}", + "{tls_client_fingerprint}", "{http.request.tls.client.fingerprint}", + "{tls_client_issuer}", "{http.request.tls.client.issuer}", + "{tls_client_serial}", "{http.request.tls.client.serial}", + "{tls_client_subject}", "{http.request.tls.client.subject}", + "{tls_client_certificate_pem}", "{http.request.tls.client.certificate_pem}", + "{tls_client_certificate_der_base64}", "{http.request.tls.client.certificate_der_base64}", + "{upstream_hostport}", "{http.reverse_proxy.upstream.hostport}", + } +} + +// WasReplacedPlaceholderShorthand checks if a token string was +// likely a replaced shorthand of the known Caddyfile placeholder +// replacement outputs. Useful to prevent some user-defined map +// output destinations from overlapping with one of the +// predefined shorthands. +func WasReplacedPlaceholderShorthand(token string) string { + prev := "" + for i, item := range placeholderShorthands() { + // only look at every 2nd item, which is the replacement + if i%2 == 0 { + prev = item + continue + } + if strings.Trim(token, "{}") == strings.Trim(item, "{}") { + // we return the original shorthand so it + // can be used for an error message + return prev + } + } + return "" +} + // tryInt tries to convert val to an integer. If it fails, // it downgrades the error to a warning and returns 0. func tryInt(val interface{}, warnings *[]caddyconfig.Warning) int { diff --git a/modules/caddyhttp/map/caddyfile.go b/modules/caddyhttp/map/caddyfile.go index 8394b211..f1ee4680 100644 --- a/modules/caddyhttp/map/caddyfile.go +++ b/modules/caddyhttp/map/caddyfile.go @@ -56,6 +56,11 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) if len(handler.Destinations) == 0 { return nil, h.Err("missing destination argument(s)") } + for _, dest := range handler.Destinations { + if shorthand := httpcaddyfile.WasReplacedPlaceholderShorthand(dest); shorthand != "" { + return nil, h.Errf("destination %s conflicts with a Caddyfile placeholder shorthand", shorthand) + } + } // mappings for h.NextBlock(0) { From b687d7b9670890efd8dc065fb7a025cd0c3a1445 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Sun, 8 May 2022 21:32:10 -0400 Subject: [PATCH 0646/1498] httpcaddyfile: Support multiple values for `default_bind` (#4774) * httpcaddyfile: Support multiple values for `default_bind` * Fix ordering of server blocks --- caddyconfig/httpcaddyfile/addresses.go | 18 ++++++++++++++---- caddyconfig/httpcaddyfile/options.go | 11 ++++++++++- .../global_options_default_bind.txt | 8 +++++--- 3 files changed, 29 insertions(+), 8 deletions(-) diff --git a/caddyconfig/httpcaddyfile/addresses.go b/caddyconfig/httpcaddyfile/addresses.go index b33c0f05..c7923e81 100644 --- a/caddyconfig/httpcaddyfile/addresses.go +++ b/caddyconfig/httpcaddyfile/addresses.go @@ -102,12 +102,20 @@ func (st *ServerType) mapAddressToServerBlocks(originalServerBlocks []serverBloc } } + // make a slice of the map keys so we can iterate in sorted order + addrs := make([]string, 0, len(addrToKeys)) + for k := range addrToKeys { + addrs = append(addrs, k) + } + sort.Strings(addrs) + // now that we know which addresses serve which keys of this // server block, we iterate that mapping and create a list of // new server blocks for each address where the keys of the // server block are only the ones which use the address; but // the contents (tokens) are of course the same - for addr, keys := range addrToKeys { + for _, addr := range addrs { + keys := addrToKeys[addr] // parse keys so that we only have to do it once parsedKeys := make([]Address, 0, len(keys)) for _, key := range keys { @@ -161,6 +169,7 @@ func (st *ServerType) consolidateAddrMappings(addrToServerBlocks map[string][]se delete(addrToServerBlocks, otherAddr) } } + sort.Strings(a.addresses) sbaddrs = append(sbaddrs, a) } @@ -208,13 +217,13 @@ func (st *ServerType) listenerAddrsForServerBlockKey(sblock serverBlock, key str } // the bind directive specifies hosts, but is optional - lnHosts := make([]string, 0, len(sblock.pile)) + lnHosts := make([]string, 0, len(sblock.pile["bind"])) for _, cfgVal := range sblock.pile["bind"] { lnHosts = append(lnHosts, cfgVal.Value.([]string)...) } if len(lnHosts) == 0 { - if defaultBind, ok := options["default_bind"].(string); ok { - lnHosts = []string{defaultBind} + if defaultBind, ok := options["default_bind"].([]string); ok { + lnHosts = defaultBind } else { lnHosts = []string{""} } @@ -236,6 +245,7 @@ func (st *ServerType) listenerAddrsForServerBlockKey(sblock serverBlock, key str for lnStr := range listeners { listenersList = append(listenersList, lnStr) } + sort.Strings(listenersList) return listenersList, nil } diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go index 65b03389..ad52a7b0 100644 --- a/caddyconfig/httpcaddyfile/options.go +++ b/caddyconfig/httpcaddyfile/options.go @@ -29,7 +29,7 @@ func init() { RegisterGlobalOption("debug", parseOptTrue) RegisterGlobalOption("http_port", parseOptHTTPPort) RegisterGlobalOption("https_port", parseOptHTTPSPort) - RegisterGlobalOption("default_bind", parseOptSingleString) + RegisterGlobalOption("default_bind", parseOptStringList) RegisterGlobalOption("grace_period", parseOptDuration) RegisterGlobalOption("default_sni", parseOptSingleString) RegisterGlobalOption("order", parseOptOrder) @@ -279,6 +279,15 @@ func parseOptSingleString(d *caddyfile.Dispenser, _ interface{}) (interface{}, e return val, nil } +func parseOptStringList(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { + d.Next() // consume parameter name + val := d.RemainingArgs() + if len(val) == 0 { + return "", d.ArgErr() + } + return val, nil +} + func parseOptAdmin(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { adminCfg := new(caddy.AdminConfig) for d.Next() { diff --git a/caddytest/integration/caddyfile_adapt/global_options_default_bind.txt b/caddytest/integration/caddyfile_adapt/global_options_default_bind.txt index c34186ee..d0b4e269 100644 --- a/caddytest/integration/caddyfile_adapt/global_options_default_bind.txt +++ b/caddytest/integration/caddyfile_adapt/global_options_default_bind.txt @@ -1,5 +1,5 @@ { - default_bind tcp4/0.0.0.0 + default_bind tcp4/0.0.0.0 tcp6/[::] } example.com { @@ -14,7 +14,8 @@ example.org:12345 { "servers": { "srv0": { "listen": [ - "tcp4/0.0.0.0:12345" + "tcp4/0.0.0.0:12345", + "tcp6/[::]:12345" ], "routes": [ { @@ -31,7 +32,8 @@ example.org:12345 { }, "srv1": { "listen": [ - "tcp4/0.0.0.0:443" + "tcp4/0.0.0.0:443", + "tcp6/[::]:443" ], "routes": [ { From 693e9b5283e675b56084ecc83d73176cab0ee27c Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 9 May 2022 11:09:42 -0600 Subject: [PATCH 0647/1498] rewrite: Handle fragment before query (fix #4775) --- modules/caddyhttp/rewrite/rewrite.go | 13 ++++++++++--- modules/caddyhttp/rewrite/rewrite_test.go | 13 ++++++++++++- 2 files changed, 22 insertions(+), 4 deletions(-) diff --git a/modules/caddyhttp/rewrite/rewrite.go b/modules/caddyhttp/rewrite/rewrite.go index 690e7526..da922693 100644 --- a/modules/caddyhttp/rewrite/rewrite.go +++ b/modules/caddyhttp/rewrite/rewrite.go @@ -135,13 +135,20 @@ func (rewr Rewrite) Rewrite(r *http.Request, repl *caddy.Replacer) bool { // find the bounds of each part of the URI that exist pathStart, qsStart, fragStart := -1, -1, -1 pathEnd, qsEnd := -1, -1 + loop: for i, ch := range uri { switch { case ch == '?' && qsStart < 0: pathEnd, qsStart = i, i+1 - case ch == '#' && fragStart < 0: - qsEnd, fragStart = i, i+1 - case pathStart < 0 && qsStart < 0 && fragStart < 0: + case ch == '#' && fragStart < 0: // everything after fragment is fragment (very clear in RFC 3986 section 4.2) + if qsStart < 0 { + pathEnd = i + } else { + qsEnd = i + } + fragStart = i + 1 + break loop + case pathStart < 0 && qsStart < 0: pathStart = i } } diff --git a/modules/caddyhttp/rewrite/rewrite_test.go b/modules/caddyhttp/rewrite/rewrite_test.go index 3e2e13da..84dce95e 100644 --- a/modules/caddyhttp/rewrite/rewrite_test.go +++ b/modules/caddyhttp/rewrite/rewrite_test.go @@ -204,6 +204,16 @@ func TestRewrite(t *testing.T) { input: newRequest(t, "GET", "/%C2%B7%E2%88%B5.png?a=b"), expect: newRequest(t, "GET", "/i/%C2%B7%E2%88%B5.png?a=b"), }, + { + rule: Rewrite{URI: "/bar#?"}, + input: newRequest(t, "GET", "/foo#fragFirst?c=d"), // not a valid query string (is part of fragment) + expect: newRequest(t, "GET", "/bar#?"), // I think this is right? but who knows; std lib drops fragment when parsing + }, + { + rule: Rewrite{URI: "/bar"}, + input: newRequest(t, "GET", "/foo#fragFirst?c=d"), + expect: newRequest(t, "GET", "/bar#fragFirst?c=d"), + }, { rule: Rewrite{StripPathPrefix: "/prefix"}, @@ -271,10 +281,11 @@ func TestRewrite(t *testing.T) { } { // copy the original input just enough so that we can // compare it after the rewrite to see if it changed + urlCopy := *tc.input.URL originalInput := &http.Request{ Method: tc.input.Method, RequestURI: tc.input.RequestURI, - URL: &*tc.input.URL, + URL: &urlCopy, } // populate the replacer just enough for our tests From 57d27c1b58e3e47d813a48a60557f013dc3b87d1 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Tue, 10 May 2022 15:25:58 -0600 Subject: [PATCH 0648/1498] reverseproxy: Support http1.1>h2c (close #4777) (#4778) --- modules/caddyhttp/reverseproxy/httptransport.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/httptransport.go b/modules/caddyhttp/reverseproxy/httptransport.go index f7472bea..264bd2aa 100644 --- a/modules/caddyhttp/reverseproxy/httptransport.go +++ b/modules/caddyhttp/reverseproxy/httptransport.go @@ -247,8 +247,8 @@ func (h *HTTPTransport) RoundTrip(req *http.Request) (*http.Response, error) { h.SetScheme(req) // if H2C ("HTTP/2 over cleartext") is enabled and the upstream request is - // HTTP/2 without TLS, use the alternate H2C-capable transport instead - if req.ProtoMajor == 2 && req.URL.Scheme == "http" && h.h2cTransport != nil { + // HTTP without TLS, use the alternate H2C-capable transport instead + if req.URL.Scheme == "http" && h.h2cTransport != nil { return h.h2cTransport.RoundTrip(req) } From 4b4e99bdb2e327d553a5f773f827f624181714af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=B8=96=E7=95=8C?= Date: Thu, 12 May 2022 13:25:17 +0800 Subject: [PATCH 0649/1498] chore: Bump quic-go to v0.27.0 (#4782) --- go.mod | 2 +- go.sum | 4 ++-- listeners.go | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 0dd59776..4cd8abb1 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/google/uuid v1.3.0 github.com/klauspost/compress v1.15.0 github.com/klauspost/cpuid/v2 v2.0.11 - github.com/lucas-clemente/quic-go v0.26.0 + github.com/lucas-clemente/quic-go v0.27.0 github.com/mholt/acmez v1.0.2 github.com/prometheus/client_golang v1.12.1 github.com/smallstep/certificates v0.19.0 diff --git a/go.sum b/go.sum index dde9bbc7..8469aae0 100644 --- a/go.sum +++ b/go.sum @@ -719,8 +719,8 @@ github.com/libdns/libdns v0.2.1 h1:Wu59T7wSHRgtA0cfxC+n1c/e+O3upJGWytknkmFEDis= github.com/libdns/libdns v0.2.1/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40= github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= -github.com/lucas-clemente/quic-go v0.26.0 h1:ALBQXr9UJ8A1LyzvceX4jd9QFsHvlI0RR6BkV16o00A= -github.com/lucas-clemente/quic-go v0.26.0/go.mod h1:AzgQoPda7N+3IqMMMkywBKggIFo2KT6pfnlrQ2QieeI= +github.com/lucas-clemente/quic-go v0.27.0 h1:v6WY87q9zD4dKASbG8hy/LpzAVNzEQzw8sEIeloJsc4= +github.com/lucas-clemente/quic-go v0.27.0/go.mod h1:AzgQoPda7N+3IqMMMkywBKggIFo2KT6pfnlrQ2QieeI= github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/lxn/walk v0.0.0-20210112085537-c389da54e794/go.mod h1:E23UucZGqpuUANJooIbHWCufXvOcT6E7Stq81gU+CSQ= github.com/lxn/win v0.0.0-20210218163916-a377121e959e/go.mod h1:KxxjdtRkfNoYDCUP5ryK7XJJNTnpC8atvtmTheChOtk= diff --git a/listeners.go b/listeners.go index 181db75a..f2d7e10b 100644 --- a/listeners.go +++ b/listeners.go @@ -184,7 +184,7 @@ type fakeCloseQuicListener struct { // server on which Accept would be called with non-empty contexts // (mind that the default net listeners' Accept doesn't take a context argument) // sounds way too rare for us to sacrifice efficiency here. -func (fcql *fakeCloseQuicListener) Accept(_ context.Context) (quic.EarlySession, error) { +func (fcql *fakeCloseQuicListener) Accept(_ context.Context) (quic.EarlyConnection, error) { conn, err := fcql.sharedQuicListener.Accept(fcql.context) if err == nil { return conn, nil From 9e760e2e0ccf5922c66cb0d9c39eaf8bfc7be501 Mon Sep 17 00:00:00 2001 From: David Larlet <3556+davidbgk@users.noreply.github.com> Date: Tue, 17 May 2022 18:56:40 -0400 Subject: [PATCH 0650/1498] templates: Documentation consistency (#4796) --- modules/caddyhttp/templates/templates.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/caddyhttp/templates/templates.go b/modules/caddyhttp/templates/templates.go index 5aff27f5..b2fe184d 100644 --- a/modules/caddyhttp/templates/templates.go +++ b/modules/caddyhttp/templates/templates.go @@ -107,7 +107,7 @@ func init() { // // **index.html** // ``` -// {{ import "/path/to/file.html" }} +// {{ import "/path/to/filename.html" }} // {{ template "main" }} // ``` // From 58970cae9265931a15be3b143e49a29931832106 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 24 May 2022 12:06:46 -0400 Subject: [PATCH 0651/1498] httpcaddyfile: Add `{err.*}` placeholder shortcut (#4798) --- caddyconfig/httpcaddyfile/httptype.go | 1 + 1 file changed, 1 insertion(+) diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index a8d01bcc..5d782441 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -107,6 +107,7 @@ func (st ServerType) Setup(inputServerBlocks []caddyfile.ServerBlock, {regexp.MustCompile(`{re\.([\w-]*)\.([\w-]*)}`), "{http.regexp.$1.$2}"}, {regexp.MustCompile(`{vars\.([\w-]*)}`), "{http.vars.$1}"}, {regexp.MustCompile(`{rp\.([\w-\.]*)}`), "{http.reverse_proxy.$1}"}, + {regexp.MustCompile(`{err\.([\w-\.]*)}`), "{http.error.$1}"}, } for _, sb := range originalServerBlocks { From 8e6bc3608402da9fce3821944acc81d92f10c8e7 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 24 May 2022 12:44:16 -0600 Subject: [PATCH 0652/1498] go.mod: Upgrade some dependencies --- go.mod | 12 ++++++------ go.sum | 23 ++++++++++++----------- 2 files changed, 18 insertions(+), 17 deletions(-) diff --git a/go.mod b/go.mod index 4cd8abb1..45fc7dfe 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/caddyserver/caddy/v2 go 1.17 require ( - github.com/BurntSushi/toml v1.0.0 + github.com/BurntSushi/toml v1.1.0 github.com/Masterminds/sprig/v3 v3.2.2 github.com/alecthomas/chroma v0.10.0 github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b @@ -12,17 +12,17 @@ require ( github.com/go-chi/chi v4.1.2+incompatible github.com/google/cel-go v0.7.3 github.com/google/uuid v1.3.0 - github.com/klauspost/compress v1.15.0 - github.com/klauspost/cpuid/v2 v2.0.11 - github.com/lucas-clemente/quic-go v0.27.0 + github.com/klauspost/compress v1.15.4 + github.com/klauspost/cpuid/v2 v2.0.12 + github.com/lucas-clemente/quic-go v0.27.1 github.com/mholt/acmez v1.0.2 github.com/prometheus/client_golang v1.12.1 github.com/smallstep/certificates v0.19.0 github.com/smallstep/cli v0.18.0 github.com/smallstep/nosql v0.4.0 github.com/smallstep/truststore v0.11.0 - github.com/tailscale/tscert v0.0.0-20220125204807-4509a5fbaf74 - github.com/yuin/goldmark v1.4.8 + github.com/tailscale/tscert v0.0.0-20220316030059-54bbcb9f74e2 + github.com/yuin/goldmark v1.4.12 github.com/yuin/goldmark-highlighting v0.0.0-20220208100518-594be1970594 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.29.0 go.opentelemetry.io/otel v1.4.0 diff --git a/go.sum b/go.sum index 8469aae0..729dbf82 100644 --- a/go.sum +++ b/go.sum @@ -104,8 +104,8 @@ github.com/Azure/go-autorest/autorest/validation v0.3.1/go.mod h1:yhLgjC0Wda5DYX github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/toml v1.0.0 h1:dtDWrepsVPfW9H/4y7dDgFc2MBUSeJhlaDtK13CxFlU= -github.com/BurntSushi/toml v1.0.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/BurntSushi/toml v1.1.0 h1:ksErzDEI1khOiGPgpwuI7x2ebx/uXQNw7xJpn9Eq1+I= +github.com/BurntSushi/toml v1.1.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= github.com/GoogleCloudPlatform/cloudsql-proxy v0.0.0-20191009163259-e802c2cb94ae/go.mod h1:mjwGPas4yKduTyubHvD1Atl9r1rUq8DfVy+gkVvZ+oo= @@ -689,10 +689,11 @@ github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQL github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.12.3/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= -github.com/klauspost/compress v1.15.0 h1:xqfchp4whNFxn5A4XFyyYtitiWI8Hy5EW59jEwcyL6U= -github.com/klauspost/compress v1.15.0/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= -github.com/klauspost/cpuid/v2 v2.0.11 h1:i2lw1Pm7Yi/4O6XCSyJWqEHI2MDw2FzUK6o/D21xn2A= +github.com/klauspost/compress v1.15.4 h1:1kn4/7MepF/CHmYub99/nNX8az0IJjfSOU/jbnTVfqQ= +github.com/klauspost/compress v1.15.4/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU= github.com/klauspost/cpuid/v2 v2.0.11/go.mod h1:g2LTdtYhdyuGPqyWyv7qRAmj1WBqxuObKfj5c0PQa7c= +github.com/klauspost/cpuid/v2 v2.0.12 h1:p9dKCg8i4gmOxtv35DvrYoWqYzQrvEVdjQ762Y0OqZE= +github.com/klauspost/cpuid/v2 v2.0.12/go.mod h1:g2LTdtYhdyuGPqyWyv7qRAmj1WBqxuObKfj5c0PQa7c= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -719,8 +720,8 @@ github.com/libdns/libdns v0.2.1 h1:Wu59T7wSHRgtA0cfxC+n1c/e+O3upJGWytknkmFEDis= github.com/libdns/libdns v0.2.1/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40= github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= -github.com/lucas-clemente/quic-go v0.27.0 h1:v6WY87q9zD4dKASbG8hy/LpzAVNzEQzw8sEIeloJsc4= -github.com/lucas-clemente/quic-go v0.27.0/go.mod h1:AzgQoPda7N+3IqMMMkywBKggIFo2KT6pfnlrQ2QieeI= +github.com/lucas-clemente/quic-go v0.27.1 h1:sOw+4kFSVrdWOYmUjufQ9GBVPqZ+tu+jMtXxXNmRJyk= +github.com/lucas-clemente/quic-go v0.27.1/go.mod h1:AzgQoPda7N+3IqMMMkywBKggIFo2KT6pfnlrQ2QieeI= github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/lxn/walk v0.0.0-20210112085537-c389da54e794/go.mod h1:E23UucZGqpuUANJooIbHWCufXvOcT6E7Stq81gU+CSQ= github.com/lxn/win v0.0.0-20210218163916-a377121e959e/go.mod h1:KxxjdtRkfNoYDCUP5ryK7XJJNTnpC8atvtmTheChOtk= @@ -1059,8 +1060,8 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1 h1:5TQK59W5E3v0r2duFAb7P95B6hEeOyEnHRa8MjYSMTY= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= -github.com/tailscale/tscert v0.0.0-20220125204807-4509a5fbaf74 h1:uFx5aih29p2IaRUF0lJwtVViCXStlvnPPE3NEmM4Ivs= -github.com/tailscale/tscert v0.0.0-20220125204807-4509a5fbaf74/go.mod h1:hL4gB6APAasMR2NNi/JHzqKkxW3EPQlFgLEq9PMi2t0= +github.com/tailscale/tscert v0.0.0-20220316030059-54bbcb9f74e2 h1:xwMw7LFhV9dbvot9A7NLClP9udqbjrQlIwWMH8e7uiQ= +github.com/tailscale/tscert v0.0.0-20220316030059-54bbcb9f74e2/go.mod h1:hL4gB6APAasMR2NNi/JHzqKkxW3EPQlFgLEq9PMi2t0= github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cbyO7IOYJZWg1U88JhDg3PB6klq9Hg2pA= github.com/thales-e-security/pool v0.0.2/go.mod h1:qtpMm2+thHtqhLzTwgDBj/OuNnMpupY8mv0Phz0gjhU= github.com/tj/assert v0.0.0-20171129193455-018094318fb0/go.mod h1:mZ9/Rh9oLWpLLDRpvE+3b7gP/C2YyLFYxNmcLnPTMe0= @@ -1101,8 +1102,8 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.5/go.mod h1:rmuwmfZ0+bvzB24eSC//bk1R1Zp3hM0OXYv/G2LIilg= -github.com/yuin/goldmark v1.4.8 h1:zHPiabbIRssZOI0MAzJDHsyvG4MXCGqVaMOwR+HeoQQ= -github.com/yuin/goldmark v1.4.8/go.mod h1:rmuwmfZ0+bvzB24eSC//bk1R1Zp3hM0OXYv/G2LIilg= +github.com/yuin/goldmark v1.4.12 h1:6hffw6vALvEDqJ19dOJvJKOoAOKe4NDaTqvd2sktGN0= +github.com/yuin/goldmark v1.4.12/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/yuin/goldmark-highlighting v0.0.0-20220208100518-594be1970594 h1:yHfZyN55+5dp1wG7wDKv8HQ044moxkyGq12KFFMFDxg= github.com/yuin/goldmark-highlighting v0.0.0-20220208100518-594be1970594/go.mod h1:U9ihbh+1ZN7fR5Se3daSPoz1CGF9IYtSvWwVQtnzGHU= github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q= From 499ad6d182d6993b1d149a5ee96dbd37d14cacd7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Dunglas?= Date: Tue, 24 May 2022 21:52:50 +0200 Subject: [PATCH 0653/1498] core: Micro-optim in run() (#4810) --- caddy.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/caddy.go b/caddy.go index 86935f81..d1550922 100644 --- a/caddy.go +++ b/caddy.go @@ -442,7 +442,7 @@ func run(newCfg *Config, start bool) error { // Start err = func() error { - var started []string + started := make([]string, 0, len(newCfg.apps)) for name, a := range newCfg.apps { err := a.Start() if err != nil { From 6891f7f421eac71dac8f8687255ede5189e7eb3a Mon Sep 17 00:00:00 2001 From: Aleks Date: Wed, 25 May 2022 01:47:08 +0200 Subject: [PATCH 0654/1498] templates: Add `humanize` function (#4767) Co-authored-by: Francis Lavoie --- modules/caddyhttp/templates/templates.go | 23 +++++++++ modules/caddyhttp/templates/tplcontext.go | 40 +++++++++++++++ .../caddyhttp/templates/tplcontext_test.go | 49 +++++++++++++++++++ 3 files changed, 112 insertions(+) diff --git a/modules/caddyhttp/templates/templates.go b/modules/caddyhttp/templates/templates.go index b2fe184d..85612ba0 100644 --- a/modules/caddyhttp/templates/templates.go +++ b/modules/caddyhttp/templates/templates.go @@ -238,6 +238,29 @@ func init() { // {{stripHTML "Shows only text content"}} // ``` // +// ##### `humanize` +// +// Transforms size and time inputs to a human readable format. +// This uses the [go-humanize](https://github.com/dustin/go-humanize) library. +// +// The first argument must be a format type, and the last argument +// is the input, or the input can be piped in. The supported format +// types are: +// - **size** which turns an integer amount of bytes into a string like `2.3 MB` +// - **time** which turns a time string into a relative time string like `2 weeks ago` +// +// For the `time` format, the layout for parsing the input can be configured +// by appending a colon `:` followed by the desired time layout. You can +// find the documentation on time layouts [in Go's docs](https://pkg.go.dev/time#pkg-constants). +// The default time layout is `RFC1123Z`, i.e. `Mon, 02 Jan 2006 15:04:05 -0700`. +// +// ``` +// {{humanize "size" "2048000"}} +// {{placeholder "http.response.header.Content-Length" | humanize "size"}} +// {{humanize "time" "Fri, 05 May 2022 15:04:05 +0200"}} +// {{humanize "time:2006-Jan-02" "2022-May-05"}} +// ``` + type Templates struct { // The root path from which to load files. Required if template functions // accessing the file system are used (such as include). Default is diff --git a/modules/caddyhttp/templates/tplcontext.go b/modules/caddyhttp/templates/tplcontext.go index 7843455a..bae24ba8 100644 --- a/modules/caddyhttp/templates/tplcontext.go +++ b/modules/caddyhttp/templates/tplcontext.go @@ -26,11 +26,13 @@ import ( "strings" "sync" "text/template" + "time" "github.com/Masterminds/sprig/v3" "github.com/alecthomas/chroma/formatters/html" "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/modules/caddyhttp" + "github.com/dustin/go-humanize" "github.com/yuin/goldmark" highlighting "github.com/yuin/goldmark-highlighting" "github.com/yuin/goldmark/extension" @@ -81,6 +83,7 @@ func (c *TemplateContext) NewTemplate(tplName string) *template.Template { "placeholder": c.funcPlaceholder, "fileExists": c.funcFileExists, "httpError": c.funcHTTPError, + "humanize": c.funcHumanize, }) return c.tpl } @@ -398,6 +401,43 @@ func (c TemplateContext) funcHTTPError(statusCode int) (bool, error) { return false, caddyhttp.Error(statusCode, nil) } +// funcHumanize transforms size and time inputs to a human readable format. +// +// Size inputs are expected to be integers, and are formatted as a +// byte size, such as "83 MB". +// +// Time inputs are parsed using the given layout (default layout is RFC1123Z) +// and are formatted as a relative time, such as "2 weeks ago". +// See https://pkg.go.dev/time#pkg-constants for time layout docs. +func (c TemplateContext) funcHumanize(formatType, data string) (string, error) { + // The format type can optionally be followed + // by a colon to provide arguments for the format + parts := strings.Split(formatType, ":") + + switch parts[0] { + case "size": + dataint, dataerr := strconv.ParseUint(data, 10, 64) + if dataerr != nil { + return "", fmt.Errorf("humanize: size cannot be parsed: %s", dataerr.Error()) + } + return humanize.Bytes(dataint), nil + + case "time": + timelayout := time.RFC1123Z + if len(parts) > 1 { + timelayout = parts[1] + } + + dataint, dataerr := time.Parse(timelayout, data) + if dataerr != nil { + return "", fmt.Errorf("humanize: time cannot be parsed: %s", dataerr.Error()) + } + return humanize.Time(dataint), nil + } + + return "", fmt.Errorf("no know function was given") +} + // WrappedHeader wraps niladic functions so that they // can be used in templates. (Template functions must // return a value.) diff --git a/modules/caddyhttp/templates/tplcontext_test.go b/modules/caddyhttp/templates/tplcontext_test.go index 61fc80c6..15a369ee 100644 --- a/modules/caddyhttp/templates/tplcontext_test.go +++ b/modules/caddyhttp/templates/tplcontext_test.go @@ -606,6 +606,55 @@ title = "Welcome" } +func TestHumanize(t *testing.T) { + tplContext := getContextOrFail(t) + for i, test := range []struct { + format string + inputData string + expect string + errorCase bool + verifyErr func(actual_string, substring string) bool + }{ + { + format: "size", + inputData: "2048000", + expect: "2.0 MB", + errorCase: false, + verifyErr: strings.Contains, + }, + { + format: "time", + inputData: "Fri, 05 May 2022 15:04:05 +0200", + expect: "ago", + errorCase: false, + verifyErr: strings.HasSuffix, + }, + { + format: "time:2006-Jan-02", + inputData: "2022-May-05", + expect: "ago", + errorCase: false, + verifyErr: strings.HasSuffix, + }, + { + format: "time", + inputData: "Fri, 05 May 2022 15:04:05 GMT+0200", + expect: "error:", + errorCase: true, + verifyErr: strings.HasPrefix, + }, + } { + if actual, err := tplContext.funcHumanize(test.format, test.inputData); !test.verifyErr(actual, test.expect) { + if !test.errorCase { + t.Errorf("Test %d: Expected '%s' but got '%s'", i, test.expect, actual) + if err != nil { + t.Errorf("Test %d: error: %s", i, err.Error()) + } + } + } + } +} + func getContextOrFail(t *testing.T) TemplateContext { tplContext, err := initTestContext() t.Cleanup(func() { From ef0aaca0d6ca3f4aece20e4d97d546e0d48d17fe Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 25 May 2022 13:56:39 -0400 Subject: [PATCH 0655/1498] ci: Fix build caching on Windows (#4811) * ci: Fix build caching on Windows I was getting tired of Windows being slow as molasses in our CI jobs, so I went to look at our trusty source of github actions + golang information, and found a somewhat recent commit that actually fixed it. See https://github.com/mvdan/github-actions-golang/commit/4b754729baa709da219a5889c459010d4eda1888 I'll do a 2nd empty commit to re-trigger CI shortly to confirm that it actually fixes it. * Retrigger CI --- .github/workflows/ci.yml | 12 ++++++++++-- .github/workflows/cross-build.yml | 8 ++++++-- .github/workflows/release.yml | 8 ++++++-- 3 files changed, 22 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5a79fcd5..05ec80f3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -78,12 +78,20 @@ jobs: printf "Git version: $(git version)\n\n" # Calculate the short SHA1 hash of the git commit echo "::set-output name=short_sha::$(git rev-parse --short HEAD)" - echo "::set-output name=go_cache::$(go env GOCACHE)" - name: Cache the build cache uses: actions/cache@v2 with: - path: ${{ steps.vars.outputs.go_cache }} + # In order: + # * Module download cache + # * Build cache (Linux) + # * Build cache (Mac) + # * Build cache (Windows) + path: | + ~/go/pkg/mod + ~/.cache/go-build + ~/Library/Caches/go-build + ~\AppData\Local\go-build key: ${{ runner.os }}-${{ matrix.go }}-go-ci-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ runner.os }}-${{ matrix.go }}-go-ci diff --git a/.github/workflows/cross-build.yml b/.github/workflows/cross-build.yml index 3ac9548f..f37dc854 100644 --- a/.github/workflows/cross-build.yml +++ b/.github/workflows/cross-build.yml @@ -42,12 +42,16 @@ jobs: go env printf "\n\nSystem environment:\n\n" env - echo "::set-output name=go_cache::$(go env GOCACHE)" - name: Cache the build cache uses: actions/cache@v2 with: - path: ${{ steps.vars.outputs.go_cache }} + # In order: + # * Module download cache + # * Build cache (Linux) + path: | + ~/go/pkg/mod + ~/.cache/go-build key: cross-build-go${{ matrix.go }}-${{ matrix.goos }}-${{ hashFiles('**/go.sum') }} restore-keys: | cross-build-go${{ matrix.go }}-${{ matrix.goos }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9c4db37e..80241201 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -56,7 +56,6 @@ jobs: env echo "::set-output name=version_tag::${GITHUB_REF/refs\/tags\//}" echo "::set-output name=short_sha::$(git rev-parse --short HEAD)" - echo "::set-output name=go_cache::$(go env GOCACHE)" # Add "pip install" CLI tools to PATH echo ~/.local/bin >> $GITHUB_PATH @@ -91,7 +90,12 @@ jobs: - name: Cache the build cache uses: actions/cache@v2 with: - path: ${{ steps.vars.outputs.go_cache }} + # In order: + # * Module download cache + # * Build cache (Linux) + path: | + ~/go/pkg/mod + ~/.cache/go-build key: ${{ runner.os }}-go${{ matrix.go }}-release-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ runner.os }}-go${{ matrix.go }}-release From a9267791c4b34b06cfb71d7cf8bee203545a3677 Mon Sep 17 00:00:00 2001 From: Alexander M <3055245+varianone@users.noreply.github.com> Date: Sun, 29 May 2022 23:33:01 +0300 Subject: [PATCH 0656/1498] reverseproxy: Add --internal-certs CLI flag #3589 (#4817) added flag --internal-certs when set, for non-local domains the internal CA will be used for cert generation --- modules/caddyhttp/reverseproxy/command.go | 24 +++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/command.go b/modules/caddyhttp/reverseproxy/command.go index 121142c1..6153b6ec 100644 --- a/modules/caddyhttp/reverseproxy/command.go +++ b/modules/caddyhttp/reverseproxy/command.go @@ -27,6 +27,7 @@ import ( caddycmd "github.com/caddyserver/caddy/v2/cmd" "github.com/caddyserver/caddy/v2/modules/caddyhttp" "github.com/caddyserver/caddy/v2/modules/caddyhttp/headers" + "github.com/caddyserver/caddy/v2/modules/caddytls" ) func init() { @@ -59,6 +60,7 @@ default, all incoming headers are passed through unmodified.) fs.String("to", "", "Upstream address to which traffic should be sent") fs.Bool("change-host-header", false, "Set upstream Host header to address of upstream") fs.Bool("insecure", false, "Disable TLS verification (WARNING: DISABLES SECURITY BY NOT VERIFYING SSL CERTIFICATES!)") + fs.Bool("internal-certs", false, "Use internal CA for issuing certs") return fs }(), }) @@ -71,6 +73,7 @@ func cmdReverseProxy(fs caddycmd.Flags) (int, error) { to := fs.String("to") changeHost := fs.Bool("change-host-header") insecure := fs.Bool("insecure") + internalCerts := fs.Bool("internal-certs") httpPort := strconv.Itoa(caddyhttp.DefaultHTTPPort) httpsPort := strconv.Itoa(caddyhttp.DefaultHTTPSPort) @@ -154,11 +157,24 @@ func cmdReverseProxy(fs caddycmd.Flags) (int, error) { Servers: map[string]*caddyhttp.Server{"proxy": server}, } + appsRaw := caddy.ModuleMap{ + "http": caddyconfig.JSON(httpApp, nil), + } + if internalCerts && fromAddr.Host != "" { + tlsApp := caddytls.TLS{ + Automation: &caddytls.AutomationConfig{ + Policies: []*caddytls.AutomationPolicy{{ + Subjects: []string{fromAddr.Host}, + IssuersRaw: []json.RawMessage{json.RawMessage(`{"module":"internal"}`)}, + }}, + }, + } + appsRaw["tls"] = caddyconfig.JSON(tlsApp, nil) + } + cfg := &caddy.Config{ - Admin: &caddy.AdminConfig{Disabled: true}, - AppsRaw: caddy.ModuleMap{ - "http": caddyconfig.JSON(httpApp, nil), - }, + Admin: &caddy.AdminConfig{Disabled: true}, + AppsRaw: appsRaw, } err = caddy.Run(cfg) From 886ba84baa4f7ed7502034893e084193dd12f9f7 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 1 Jun 2022 15:12:57 -0600 Subject: [PATCH 0657/1498] Fix #4822 and fix #4779 The fix for 4822 is the change at the top of the file, and 4779's fix is toward the bottom of the file. --- caddyconfig/httpcaddyfile/tlsapp.go | 1 - modules/caddyhttp/autohttps.go | 28 ++++++++++++++++++++-------- 2 files changed, 20 insertions(+), 9 deletions(-) diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index 76d7ebf3..40ea47d0 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -350,7 +350,6 @@ func (st ServerType) buildTLSApp( globalPreferredChains := options["preferred_chains"] hasGlobalACMEDefaults := globalEmail != nil || globalACMECA != nil || globalACMECARoot != nil || globalACMEDNS != nil || globalACMEEAB != nil || globalPreferredChains != nil if hasGlobalACMEDefaults { - // for _, ap := range tlsApp.Automation.Policies { for i := 0; i < len(tlsApp.Automation.Policies); i++ { ap := tlsApp.Automation.Policies[i] if len(ap.Issuers) == 0 && automationPolicyHasAllPublicNames(ap) { diff --git a/modules/caddyhttp/autohttps.go b/modules/caddyhttp/autohttps.go index 91611f98..4cc5d2f2 100644 --- a/modules/caddyhttp/autohttps.go +++ b/modules/caddyhttp/autohttps.go @@ -152,9 +152,7 @@ func (app *App) automaticHTTPSPhase1(ctx caddy.Context, repl *caddy.Replacer) er return fmt.Errorf("%s: route %d, matcher set %d, matcher %d, host matcher %d: %v", srvName, routeIdx, matcherSetIdx, matcherIdx, hostMatcherIdx, err) } - // only include domain if it's not explicitly skipped and it's not a Tailscale domain - // (the implicit Tailscale manager module will get those certs at run-time) - if !srv.AutoHTTPS.Skipped(d, srv.AutoHTTPS.Skip) && !isTailscaleDomain(d) { + if !srv.AutoHTTPS.Skipped(d, srv.AutoHTTPS.Skip) { serverDomainSet[d] = struct{}{} } } @@ -181,6 +179,11 @@ func (app *App) automaticHTTPSPhase1(ctx caddy.Context, repl *caddy.Replacer) er app.logger.Warn("skipping automated certificate management for server because it is disabled", zap.String("server_name", srvName)) } else { for d := range serverDomainSet { + // the implicit Tailscale manager module will get its own certs at run-time + if isTailscaleDomain(d) { + continue + } + if certmagic.SubjectQualifiesForCert(d) && !srv.AutoHTTPS.Skipped(d, srv.AutoHTTPS.SkipCerts) { // if a certificate for this name is already loaded, @@ -436,7 +439,7 @@ func (app *App) makeRedirRoute(redirToPort uint, matcherSet MatcherSet) Route { } } -// createAutomationPolicy ensures that automated certificates for this +// createAutomationPolicies ensures that automated certificates for this // app are managed properly. This adds up to two automation policies: // one for the public names, and one for the internal names. If a catch-all // automation policy exists, it will be shallow-copied and used as the @@ -485,6 +488,12 @@ func (app *App) createAutomationPolicies(ctx caddy.Context, internalNames []stri return err } ap.Managers = []certmagic.Manager{ts} + + // must reprovision the automation policy so that the underlying + // CertMagic config knows about the updated Managers + if err := ap.Provision(app.tlsApp); err != nil { + return fmt.Errorf("re-provisioning automation policy: %v", err) + } } // while we're here, is this the catch-all/base policy? @@ -495,14 +504,17 @@ func (app *App) createAutomationPolicies(ctx caddy.Context, internalNames []stri } if basePolicy == nil { - // no base policy found, we will make one! (with implicit Tailscale integration) + // no base policy found; we will make one + basePolicy = new(caddytls.AutomationPolicy) + } + + if basePolicy.Managers == nil { + // add implicit Tailscale integration, for harmless convenience ts, err := implicitTailscale(ctx) if err != nil { return err } - basePolicy = &caddytls.AutomationPolicy{ - Managers: []certmagic.Manager{ts}, - } + basePolicy.Managers = []certmagic.Manager{ts} } // if the basePolicy has an existing ACMEIssuer (particularly to From 3d18bc56b93512c0980cfc89a68979f0920c2c50 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 1 Jun 2022 15:15:20 -0600 Subject: [PATCH 0658/1498] go.mod: Update go-yaml to v3 --- go.mod | 2 +- go.sum | 3 ++- modules/caddyhttp/templates/frontmatter.go | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 45fc7dfe..c33270ca 100644 --- a/go.mod +++ b/go.mod @@ -35,7 +35,7 @@ require ( google.golang.org/genproto v0.0.0-20220222213610-43724f9ea8cf google.golang.org/protobuf v1.27.1 gopkg.in/natefinch/lumberjack.v2 v2.0.0 - gopkg.in/yaml.v2 v2.4.0 + gopkg.in/yaml.v3 v3.0.1 ) require ( diff --git a/go.sum b/go.sum index 729dbf82..10b6f9af 100644 --- a/go.sum +++ b/go.sum @@ -1850,8 +1850,9 @@ gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= grpc.go4.org v0.0.0-20170609214715-11d0a25b4919/go.mod h1:77eQGdRu53HpSqPFJFmuJdjuHRquDANNeA4x7B8WQ9o= honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/modules/caddyhttp/templates/frontmatter.go b/modules/caddyhttp/templates/frontmatter.go index fd6023e5..9031e138 100644 --- a/modules/caddyhttp/templates/frontmatter.go +++ b/modules/caddyhttp/templates/frontmatter.go @@ -7,7 +7,7 @@ import ( "unicode" "github.com/BurntSushi/toml" - "gopkg.in/yaml.v2" + "gopkg.in/yaml.v3" ) func extractFrontMatter(input string) (map[string]interface{}, string, error) { From 9864b138fbae57615998a27158787f4468247476 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 2 Jun 2022 12:32:23 -0600 Subject: [PATCH 0659/1498] reverseproxy: api: Remove misleading 'healthy' value In v2.5.0, upstream health was fixed such that whether an upstream is considered healthy or not is mostly up to each individual handler's config. Since "healthy" is an opinion, it is not a global value. I unintentionally left in the "healthy" field in the API endpoint for checking upstreams, and it is now misleading (see #4792). However, num_requests and fails remains, so health can be determined by the API client, rather than having it be opaquely (and unhelpfully) determined for the client. If we do restore this value later on, it'd need to be replicated once per reverse_proxy handler according to their individual configs. --- modules/caddyhttp/reverseproxy/admin.go | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/caddyhttp/reverseproxy/admin.go b/modules/caddyhttp/reverseproxy/admin.go index 81ec4358..771fa10c 100644 --- a/modules/caddyhttp/reverseproxy/admin.go +++ b/modules/caddyhttp/reverseproxy/admin.go @@ -35,7 +35,6 @@ type adminUpstreams struct{} // upstreamResults holds the status of a particular upstream type upstreamStatus struct { Address string `json:"address"` - Healthy bool `json:"healthy"` NumRequests int `json:"num_requests"` Fails int `json:"fails"` } From 0a14f97e4944a1aadc5fa9e6e8569759a9f0b5ec Mon Sep 17 00:00:00 2001 From: Gr33nbl00d Date: Thu, 2 Jun 2022 22:25:07 +0200 Subject: [PATCH 0660/1498] caddytls: Make peer certificate verification pluggable (#4389) * caddytls: Adding ClientCertValidator for custom client cert validations * caddytls: Cleanups for ClientCertValidator changes caddytls: Cleanups for ClientCertValidator changes * Update modules/caddytls/connpolicy.go Co-authored-by: Francis Lavoie * Update modules/caddytls/connpolicy.go Co-authored-by: Francis Lavoie * Update modules/caddytls/connpolicy.go Co-authored-by: Francis Lavoie * Update modules/caddytls/connpolicy.go Co-authored-by: Francis Lavoie * Update modules/caddytls/connpolicy.go Co-authored-by: Matt Holt * Update modules/caddytls/connpolicy.go Co-authored-by: Matt Holt * Unexported field Validators, corrected renaming of LeafVerificationValidator to LeafCertClientAuth * admin: Write proper status on invalid requests (#4569) (fix #4561) * Apply suggestions from code review * Register module; fix compilation * Add log for deprecation notice Co-authored-by: Roettges Florian Co-authored-by: Francis Lavoie Co-authored-by: Matt Holt Co-authored-by: Alok Naushad --- modules/caddytls/connpolicy.go | 108 +++++++++++++++++++++++++-------- 1 file changed, 82 insertions(+), 26 deletions(-) diff --git a/modules/caddytls/connpolicy.go b/modules/caddytls/connpolicy.go index 65cda5fb..d6304a99 100644 --- a/modules/caddytls/connpolicy.go +++ b/modules/caddytls/connpolicy.go @@ -18,6 +18,7 @@ import ( "crypto/tls" "crypto/x509" "encoding/base64" + "encoding/json" "fmt" "os" "strings" @@ -26,6 +27,10 @@ import ( "github.com/mholt/acmez" ) +func init() { + caddy.RegisterModule(LeafCertClientAuth{}) +} + // ConnectionPolicies govern the establishment of TLS connections. It is // an ordered group of connection policies; the first matching policy will // be used to configure TLS connections at handshake-time. @@ -55,6 +60,16 @@ func (cp ConnectionPolicies) Provision(ctx caddy.Context) error { if err != nil { return fmt.Errorf("connection policy %d: building standard TLS config: %s", i, err) } + + if pol.ClientAuthentication != nil && len(pol.ClientAuthentication.VerifiersRaw) > 0 { + clientCertValidations, err := ctx.LoadModule(pol.ClientAuthentication, "VerifiersRaw") + if err != nil { + return fmt.Errorf("loading client cert verifiers: %v", err) + } + for _, validator := range clientCertValidations.([]interface{}) { + cp[i].ClientAuthentication.verifiers = append(cp[i].ClientAuthentication.verifiers, validator.(ClientCertificateVerifier)) + } + } } return nil @@ -62,7 +77,7 @@ func (cp ConnectionPolicies) Provision(ctx caddy.Context) error { // TLSConfig returns a standard-lib-compatible TLS configuration which // selects the first matching policy based on the ClientHello. -func (cp ConnectionPolicies) TLSConfig(ctx caddy.Context) *tls.Config { +func (cp ConnectionPolicies) TLSConfig(_ caddy.Context) *tls.Config { // using ServerName to match policies is extremely common, especially in configs // with lots and lots of different policies; we can fast-track those by indexing // them by SNI, so we don't have to iterate potentially thousands of policies @@ -293,11 +308,22 @@ type ClientAuthentication struct { // these CA certificates will be rejected. TrustedCACertPEMFiles []string `json:"trusted_ca_certs_pem_files,omitempty"` + // DEPRECATED: This field is deprecated and will be removed in + // a future version. Please use the `validators` field instead + // with the tls.client_auth.leaf module instead. + // // A list of base64 DER-encoded client leaf certs // to accept. If this list is not empty, client certs // which are not in this list will be rejected. TrustedLeafCerts []string `json:"trusted_leaf_certs,omitempty"` + // Client certificate verification modules. These can perform + // custom client authentication checks, such as ensuring the + // certificate is not revoked. + VerifiersRaw []json.RawMessage `json:"verifiers,omitempty" caddy:"namespace=tls.client_auth inline_key=verifier"` + + verifiers []ClientCertificateVerifier + // The mode for authenticating the client. Allowed values are: // // Mode | Description @@ -312,8 +338,6 @@ type ClientAuthentication struct { // are provided; otherwise, the default mode is `require`. Mode string `json:"mode,omitempty"` - // state established with the last call to ConfigureTLSConfig - trustedLeafCerts []*x509.Certificate existingVerifyPeerCert func([][]byte, [][]*x509.Certificate) error } @@ -321,7 +345,8 @@ type ClientAuthentication struct { func (clientauth ClientAuthentication) Active() bool { return len(clientauth.TrustedCACerts) > 0 || len(clientauth.TrustedCACertPEMFiles) > 0 || - len(clientauth.TrustedLeafCerts) > 0 || + len(clientauth.TrustedLeafCerts) > 0 || // TODO: DEPRECATED + len(clientauth.VerifiersRaw) > 0 || len(clientauth.Mode) > 0 } @@ -378,28 +403,31 @@ func (clientauth *ClientAuthentication) ConfigureTLSConfig(cfg *tls.Config) erro cfg.ClientCAs = caPool } - // enforce leaf verification by writing our own verify function + // TODO: DEPRECATED: Only here for backwards compatibility. + // If leaf cert is specified, enforce by adding a client auth module if len(clientauth.TrustedLeafCerts) > 0 { - clientauth.trustedLeafCerts = []*x509.Certificate{} + caddy.Log().Named("tls.connection_policy").Warn("trusted_leaf_certs is deprecated; use leaf verifier module instead") + var trustedLeafCerts []*x509.Certificate for _, clientCertString := range clientauth.TrustedLeafCerts { clientCert, err := decodeBase64DERCert(clientCertString) if err != nil { return fmt.Errorf("parsing certificate: %v", err) } - clientauth.trustedLeafCerts = append(clientauth.trustedLeafCerts, clientCert) + trustedLeafCerts = append(trustedLeafCerts, clientCert) } - // if a custom verification function already exists, wrap it - clientauth.existingVerifyPeerCert = cfg.VerifyPeerCertificate - cfg.VerifyPeerCertificate = clientauth.verifyPeerCertificate + clientauth.verifiers = append(clientauth.verifiers, LeafCertClientAuth{TrustedLeafCerts: trustedLeafCerts}) } + // if a custom verification function already exists, wrap it + clientauth.existingVerifyPeerCert = cfg.VerifyPeerCertificate + cfg.VerifyPeerCertificate = clientauth.verifyPeerCertificate return nil } // verifyPeerCertificate is for use as a tls.Config.VerifyPeerCertificate // callback to do custom client certificate verification. It is intended // for installation only by clientauth.ConfigureTLSConfig(). -func (clientauth ClientAuthentication) verifyPeerCertificate(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error { +func (clientauth *ClientAuthentication) verifyPeerCertificate(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error { // first use any pre-existing custom verification function if clientauth.existingVerifyPeerCert != nil { err := clientauth.existingVerifyPeerCert(rawCerts, verifiedChains) @@ -407,23 +435,13 @@ func (clientauth ClientAuthentication) verifyPeerCertificate(rawCerts [][]byte, return err } } - - if len(rawCerts) == 0 { - return fmt.Errorf("no client certificate provided") - } - - remoteLeafCert, err := x509.ParseCertificate(rawCerts[0]) - if err != nil { - return fmt.Errorf("can't parse the given certificate: %s", err.Error()) - } - - for _, trustedLeafCert := range clientauth.trustedLeafCerts { - if remoteLeafCert.Equal(trustedLeafCert) { - return nil + for _, verifier := range clientauth.verifiers { + err := verifier.VerifyClientCertificate(rawCerts, verifiedChains) + if err != nil { + return err } } - - return fmt.Errorf("client leaf certificate failed validation") + return nil } // decodeBase64DERCert base64-decodes, then DER-decodes, certStr. @@ -461,6 +479,38 @@ func setDefaultTLSParams(cfg *tls.Config) { cfg.PreferServerCipherSuites = true } +// LeafCertClientAuth verifies the client's leaf certificate. +type LeafCertClientAuth struct { + TrustedLeafCerts []*x509.Certificate +} + +// CaddyModule returns the Caddy module information. +func (LeafCertClientAuth) CaddyModule() caddy.ModuleInfo { + return caddy.ModuleInfo{ + ID: "tls.client_auth.leaf", + New: func() caddy.Module { return new(LeafCertClientAuth) }, + } +} + +func (l LeafCertClientAuth) VerifyClientCertificate(rawCerts [][]byte, _ [][]*x509.Certificate) error { + if len(rawCerts) == 0 { + return fmt.Errorf("no client certificate provided") + } + + remoteLeafCert, err := x509.ParseCertificate(rawCerts[0]) + if err != nil { + return fmt.Errorf("can't parse the given certificate: %s", err.Error()) + } + + for _, trustedLeafCert := range l.TrustedLeafCerts { + if remoteLeafCert.Equal(trustedLeafCert) { + return nil + } + } + + return fmt.Errorf("client leaf certificate failed validation") +} + // PublicKeyAlgorithm is a JSON-unmarshalable wrapper type. type PublicKeyAlgorithm x509.PublicKeyAlgorithm @@ -481,4 +531,10 @@ type ConnectionMatcher interface { Match(*tls.ClientHelloInfo) bool } +// ClientCertificateVerifier is a type which verifies client certificates. +// It is called during verifyPeerCertificate in the TLS handshake. +type ClientCertificateVerifier interface { + VerifyClientCertificate(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error +} + var defaultALPN = []string{"h2", "http/1.1"} From 5e729c1e85f8ac9eac1e136ec0261c6e7b1c865e Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Fri, 3 Jun 2022 14:13:47 -0600 Subject: [PATCH 0661/1498] reverseproxy: HTTP 504 for upstream timeouts (#4824) Closes #4823 --- modules/caddyhttp/reverseproxy/reverseproxy.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 07eb99ce..1068c23d 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -524,7 +524,7 @@ func (h *Handler) proxyLoopIteration(r *http.Request, origReq *http.Request, w h // proxy the request to that upstream proxyErr = h.reverseProxy(w, r, origReq, repl, dialInfo, next) - if proxyErr == nil || proxyErr == context.Canceled { + if proxyErr == nil || errors.Is(proxyErr, context.Canceled) { // context.Canceled happens when the downstream client // cancels the request, which is not our failure return true, nil @@ -1180,6 +1180,11 @@ func statusError(err error) error { // errors proxying usually mean there is a problem with the upstream(s) statusCode := http.StatusBadGateway + // timeout errors have a standard status code (see issue #4823) + if err, ok := err.(net.Error); ok && err.Timeout() { + statusCode = http.StatusGatewayTimeout + } + // if the client canceled the request (usually this means they closed // the connection, so they won't see any response), we can report it // as a client error (4xx) and not a server error (5xx); unfortunately From 7f9b1f43c9f8c7d0f4ca9271090cae92103232c7 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 6 Jun 2022 14:37:09 -0400 Subject: [PATCH 0662/1498] reverseproxy: Correct the `tls_server_name` docs (#4827) * reverseproxy: Correct the `tls_server_name` docs * Update modules/caddyhttp/reverseproxy/httptransport.go Co-authored-by: Matt Holt Co-authored-by: Matt Holt --- modules/caddyhttp/reverseproxy/httptransport.go | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/httptransport.go b/modules/caddyhttp/reverseproxy/httptransport.go index 264bd2aa..54cdb70f 100644 --- a/modules/caddyhttp/reverseproxy/httptransport.go +++ b/modules/caddyhttp/reverseproxy/httptransport.go @@ -315,7 +315,14 @@ type TLSConfig struct { // The duration to allow a TLS handshake to a server. Default: No timeout. HandshakeTimeout caddy.Duration `json:"handshake_timeout,omitempty"` - // The server name (SNI) to use in TLS handshakes. + // The server name used when verifying the certificate received in the TLS + // handshake. By default, this will use the upstream address' host part. + // You only need to override this if your upstream address does not match the + // certificate the upstream is likely to use. For example if the upstream + // address is an IP address, then you would need to configure this to the + // hostname being served by the upstream server. Currently, this does not + // support placeholders because the TLS config is not provisioned on each + // connection, so a static value must be used. ServerName string `json:"server_name,omitempty"` } @@ -386,7 +393,7 @@ func (t TLSConfig) MakeTLSClientConfig(ctx caddy.Context) (*tls.Config, error) { cfg.RootCAs = rootPool } - // custom SNI + // override for the server name used verify the TLS handshake cfg.ServerName = t.ServerName // throw all security out the window @@ -402,16 +409,16 @@ func (t TLSConfig) MakeTLSClientConfig(ctx caddy.Context) (*tls.Config, error) { // KeepAlive holds configuration pertaining to HTTP Keep-Alive. type KeepAlive struct { - // Whether HTTP Keep-Alive is enabled. Default: true + // Whether HTTP Keep-Alive is enabled. Default: `true` Enabled *bool `json:"enabled,omitempty"` // How often to probe for liveness. Default: `30s`. ProbeInterval caddy.Duration `json:"probe_interval,omitempty"` - // Maximum number of idle connections. Default: 0, which means no limit. + // Maximum number of idle connections. Default: `0`, which means no limit. MaxIdleConns int `json:"max_idle_conns,omitempty"` - // Maximum number of idle connections per host. Default: 32. + // Maximum number of idle connections per host. Default: `32`. MaxIdleConnsPerHost int `json:"max_idle_conns_per_host,omitempty"` // How long connections should be kept alive when idle. Default: `2m`. From 1498132ea3c4f01d3be41812dbd02364cb77d263 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 8 Jun 2022 16:42:24 -0600 Subject: [PATCH 0663/1498] caddyhttp: Log error from CEL evaluation (fix #4832) --- modules/caddyhttp/celmatcher.go | 13 +++++++++++-- modules/caddyhttp/celmatcher_test.go | 2 +- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/modules/caddyhttp/celmatcher.go b/modules/caddyhttp/celmatcher.go index 0306f390..ee640fd3 100644 --- a/modules/caddyhttp/celmatcher.go +++ b/modules/caddyhttp/celmatcher.go @@ -33,6 +33,7 @@ import ( "github.com/google/cel-go/common/types/traits" "github.com/google/cel-go/ext" "github.com/google/cel-go/interpreter/functions" + "go.uber.org/zap" exprpb "google.golang.org/genproto/googleapis/api/expr/v1alpha1" "google.golang.org/protobuf/proto" ) @@ -62,6 +63,8 @@ type MatchExpression struct { expandedExpr string prg cel.Program ta ref.TypeAdapter + + log *zap.Logger } // CaddyModule returns the Caddy module information. @@ -83,7 +86,9 @@ func (m *MatchExpression) UnmarshalJSON(data []byte) error { } // Provision sets ups m. -func (m *MatchExpression) Provision(_ caddy.Context) error { +func (m *MatchExpression) Provision(ctx caddy.Context) error { + m.log = ctx.Logger(m) + // replace placeholders with a function call - this is just some // light (and possibly naïve) syntactic sugar m.expandedExpr = placeholderRegexp.ReplaceAllString(m.Expr, placeholderExpansion) @@ -137,9 +142,13 @@ func (m *MatchExpression) Provision(_ caddy.Context) error { // Match returns true if r matches m. func (m MatchExpression) Match(r *http.Request) bool { - out, _, _ := m.prg.Eval(map[string]interface{}{ + out, _, err := m.prg.Eval(map[string]interface{}{ "request": celHTTPRequest{r}, }) + if err != nil { + m.log.Error("evaluating expression", zap.Error(err)) + return false + } if outBool, ok := out.Value().(bool); ok { return outBool } diff --git a/modules/caddyhttp/celmatcher_test.go b/modules/caddyhttp/celmatcher_test.go index a78eb5a4..d71fc421 100644 --- a/modules/caddyhttp/celmatcher_test.go +++ b/modules/caddyhttp/celmatcher_test.go @@ -116,7 +116,7 @@ eqp31wM9il1n+guTNyxJd+FzVAH+hCZE5K+tCgVDdVFUlDEHHbS/wqb2PSIoouLV } if tt.expression.Match(req) != tt.wantResult { - t.Errorf("MatchExpression.Match() expected to return '%t', for expression : '%s'", tt.wantResult, tt.expression) + t.Errorf("MatchExpression.Match() expected to return '%t', for expression : '%s'", tt.wantResult, tt.expression.Expr) } }) From aaf6794b31ca790ecc501edf983ebf95a45b3897 Mon Sep 17 00:00:00 2001 From: Yaacov Akiba Slama Date: Fri, 10 Jun 2022 18:33:35 +0300 Subject: [PATCH 0664/1498] reverseproxy: Add renegotiation param in TLS client (#4784) * Add renegotiation option in reverseproxy tls client * Update modules/caddyhttp/reverseproxy/httptransport.go Co-authored-by: Matt Holt --- .../caddyfile_adapt/reverse_proxy_options.txt | 5 ++++- modules/caddyhttp/reverseproxy/caddyfile.go | 14 +++++++++++++ .../caddyhttp/reverseproxy/httptransport.go | 20 +++++++++++++++++++ 3 files changed, 38 insertions(+), 1 deletion(-) diff --git a/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt b/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt index fc07698d..29f6d236 100644 --- a/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt +++ b/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt @@ -24,6 +24,7 @@ https://example.com { max_conns_per_host 5 keepalive_idle_conns_per_host 2 keepalive_interval 30s + renegotiation freely } } } @@ -91,7 +92,9 @@ https://example.com { ] }, "response_header_timeout": 8000000000, - "tls": {}, + "tls": { + "renegotiation": "freely" + }, "versions": [ "h2c", "2" diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index ebea49eb..dfb30d80 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -922,6 +922,20 @@ func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return d.ArgErr() } + case "renegotiation": + if h.TLS == nil { + h.TLS = new(TLSConfig) + } + if !d.NextArg() { + return d.ArgErr() + } + switch renegotiation := d.Val(); renegotiation { + case "never", "once", "freely": + h.TLS.Renegotiation = renegotiation + default: + return d.ArgErr() + } + case "tls": if h.TLS == nil { h.TLS = new(TLSConfig) diff --git a/modules/caddyhttp/reverseproxy/httptransport.go b/modules/caddyhttp/reverseproxy/httptransport.go index 54cdb70f..e6ff188b 100644 --- a/modules/caddyhttp/reverseproxy/httptransport.go +++ b/modules/caddyhttp/reverseproxy/httptransport.go @@ -324,6 +324,14 @@ type TLSConfig struct { // support placeholders because the TLS config is not provisioned on each // connection, so a static value must be used. ServerName string `json:"server_name,omitempty"` + + // TLS renegotiation level. TLS renegotiation is the act of performing + // subsequent handshakes on a connection after the first. + // The level can be: + // - "never": (the default) disables renegotiation. + // - "once": allows a remote server to request renegotiation once per connection. + // - "freely": allows a remote server to repeatedly request renegotiation. + Renegotiation string `json:"renegotiation,omitempty"` } // MakeTLSClientConfig returns a tls.Config usable by a client to a backend. @@ -393,6 +401,18 @@ func (t TLSConfig) MakeTLSClientConfig(ctx caddy.Context) (*tls.Config, error) { cfg.RootCAs = rootPool } + // Renegotiation + switch t.Renegotiation { + case "never": + cfg.Renegotiation = tls.RenegotiateNever + case "once": + cfg.Renegotiation = tls.RenegotiateOnceAsClient + case "freely": + cfg.Renegotiation = tls.RenegotiateFreelyAsClient + default: + return nil, fmt.Errorf("invalid TLS renegotiation level: %v", t.Renegotiation) + } + // override for the server name used verify the TLS handshake cfg.ServerName = t.ServerName From f9b42c37723ba6fbbfc31c61119fc42963770ce9 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 14 Jun 2022 09:05:25 -0600 Subject: [PATCH 0665/1498] reverseproxy: Make TLS renegotiation optional --- modules/caddyhttp/reverseproxy/httptransport.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/caddyhttp/reverseproxy/httptransport.go b/modules/caddyhttp/reverseproxy/httptransport.go index e6ff188b..8bce580c 100644 --- a/modules/caddyhttp/reverseproxy/httptransport.go +++ b/modules/caddyhttp/reverseproxy/httptransport.go @@ -403,7 +403,7 @@ func (t TLSConfig) MakeTLSClientConfig(ctx caddy.Context) (*tls.Config, error) { // Renegotiation switch t.Renegotiation { - case "never": + case "never", "": cfg.Renegotiation = tls.RenegotiateNever case "once": cfg.Renegotiation = tls.RenegotiateOnceAsClient From c82fe91104efbbe62826510579ea57fd54c55f8c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kiss=20K=C3=A1roly=20P=C3=A1l?= Date: Wed, 15 Jun 2022 05:53:05 +0200 Subject: [PATCH 0666/1498] reverseproxy: Dynamic ServerName for TLS upstreams (#4836) * Make reverse proxy TLS server name replaceable for SNI upstreams. * Reverted previous TLS server name replacement, and implemented thread safe version. * Move TLS servername replacement into it's own function * Moved SNI servername replacement into httptransport. * Solve issue when dynamic upstreams use wrong protocol upstream. * Revert previous commit. Old commit was: Solve issue when dynamic upstreams use wrong protocol upstream. Id: 3c9806ccb63e66bdcac8e1ed4520c9d135cb011d Co-authored-by: Matt Holt --- .../caddyhttp/reverseproxy/httptransport.go | 41 ++++++++++++++++++- 1 file changed, 39 insertions(+), 2 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/httptransport.go b/modules/caddyhttp/reverseproxy/httptransport.go index 8bce580c..eefc04af 100644 --- a/modules/caddyhttp/reverseproxy/httptransport.go +++ b/modules/caddyhttp/reverseproxy/httptransport.go @@ -25,6 +25,7 @@ import ( "net/http" "os" "reflect" + "strings" "time" "github.com/caddyserver/caddy/v2" @@ -242,9 +243,45 @@ func (h *HTTPTransport) NewTransport(ctx caddy.Context) (*http.Transport, error) return rt, nil } +// replaceTLSServername checks TLS servername to see if it needs replacing +// if it does need replacing, it creates a new cloned HTTPTransport object to avoid any races +// and does the replacing of the TLS servername on that and returns the new object +// if no replacement is necessary it returns the original +func (h *HTTPTransport) replaceTLSServername(repl *caddy.Replacer) *HTTPTransport { + // check whether we have TLS and need to replace the servername in the TLSClientConfig + if h.TLSEnabled() && strings.Contains(h.TLS.ServerName, "{") { + // make a new h, "copy" the parts we don't need to touch, add a new *tls.Config and replace servername + newtransport := &HTTPTransport{ + Resolver: h.Resolver, + TLS: h.TLS, + KeepAlive: h.KeepAlive, + Compression: h.Compression, + MaxConnsPerHost: h.MaxConnsPerHost, + DialTimeout: h.DialTimeout, + FallbackDelay: h.FallbackDelay, + ResponseHeaderTimeout: h.ResponseHeaderTimeout, + ExpectContinueTimeout: h.ExpectContinueTimeout, + MaxResponseHeaderSize: h.MaxResponseHeaderSize, + WriteBufferSize: h.WriteBufferSize, + ReadBufferSize: h.ReadBufferSize, + Versions: h.Versions, + Transport: h.Transport.Clone(), + h2cTransport: h.h2cTransport, + } + newtransport.Transport.TLSClientConfig.ServerName = repl.ReplaceAll(newtransport.Transport.TLSClientConfig.ServerName, "") + return newtransport + } + + return h +} + // RoundTrip implements http.RoundTripper. func (h *HTTPTransport) RoundTrip(req *http.Request) (*http.Response, error) { - h.SetScheme(req) + // Try to replace TLS servername if needed + repl := req.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) + transport := h.replaceTLSServername(repl) + + transport.SetScheme(req) // if H2C ("HTTP/2 over cleartext") is enabled and the upstream request is // HTTP without TLS, use the alternate H2C-capable transport instead @@ -252,7 +289,7 @@ func (h *HTTPTransport) RoundTrip(req *http.Request) (*http.Response, error) { return h.h2cTransport.RoundTrip(req) } - return h.Transport.RoundTrip(req) + return transport.Transport.RoundTrip(req) } // SetScheme ensures that the outbound request req From 0bcd02d5f669869b0c79c00ea3c5a3f6a7072b20 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Wed, 15 Jun 2022 09:57:43 -0600 Subject: [PATCH 0667/1498] headers: Support wildcards for delete ops (close #4830) (#4831) --- modules/caddyhttp/headers/headers.go | 34 +++++++++++++++++++++-- modules/caddyhttp/headers/headers_test.go | 20 +++++++++++++ 2 files changed, 51 insertions(+), 3 deletions(-) diff --git a/modules/caddyhttp/headers/headers.go b/modules/caddyhttp/headers/headers.go index 4cef0a9f..f67df928 100644 --- a/modules/caddyhttp/headers/headers.go +++ b/modules/caddyhttp/headers/headers.go @@ -118,10 +118,16 @@ type HeaderOps struct { // Sets HTTP headers; replaces existing header fields. Set http.Header `json:"set,omitempty"` - // Names of HTTP header fields to delete. + // Names of HTTP header fields to delete. Basic wildcards are supported: + // + // - Start with `*` for all field names with the given suffix; + // - End with `*` for all field names with the given prefix; + // - Start and end with `*` for all field names containing a substring. Delete []string `json:"delete,omitempty"` - // Performs substring replacements of HTTP headers in-situ. + // Performs in-situ substring replacements of HTTP headers. + // Keys are the field names on which to perform the associated replacements. + // If the field name is `*`, the replacements are performed on all header fields. Replace map[string][]Replacement `json:"replace,omitempty"` } @@ -208,7 +214,29 @@ func (ops HeaderOps) ApplyTo(hdr http.Header, repl *caddy.Replacer) { // delete for _, fieldName := range ops.Delete { - hdr.Del(repl.ReplaceAll(fieldName, "")) + fieldName = strings.ToLower(repl.ReplaceAll(fieldName, "")) + switch { + case strings.HasPrefix(fieldName, "*") && strings.HasSuffix(fieldName, "*"): + for existingField := range hdr { + if strings.Contains(strings.ToLower(existingField), fieldName[1:len(fieldName)-1]) { + delete(hdr, existingField) + } + } + case strings.HasPrefix(fieldName, "*"): + for existingField := range hdr { + if strings.HasSuffix(strings.ToLower(existingField), fieldName[1:]) { + delete(hdr, existingField) + } + } + case strings.HasSuffix(fieldName, "*"): + for existingField := range hdr { + if strings.HasPrefix(strings.ToLower(existingField), fieldName[:len(fieldName)-1]) { + delete(hdr, existingField) + } + } + default: + hdr.Del(fieldName) + } } // replace diff --git a/modules/caddyhttp/headers/headers_test.go b/modules/caddyhttp/headers/headers_test.go index fb68225e..d74e6fc3 100644 --- a/modules/caddyhttp/headers/headers_test.go +++ b/modules/caddyhttp/headers/headers_test.go @@ -79,6 +79,26 @@ func TestHandler(t *testing.T) { "Keep-Me": []string{"i swear i'm innocent"}, }, }, + { + handler: Handler{ + Request: &HeaderOps{ + Delete: []string{ + "*-suffix", + "prefix-*", + "*_*", + }, + }, + }, + reqHeader: http.Header{ + "Header-Suffix": []string{"lalala"}, + "Prefix-Test": []string{"asdf"}, + "Host_Header": []string{"silly django... sigh"}, // see issue #4830 + "Keep-Me": []string{"foofoofoo"}, + }, + expectedReqHeader: http.Header{ + "Keep-Me": []string{"foofoofoo"}, + }, + }, { handler: Handler{ Request: &HeaderOps{ From 050d6e0aebf678d05ada525936739913df4661f8 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 15 Jun 2022 15:20:54 -0600 Subject: [PATCH 0668/1498] Add comment about xcaddy to main --- cmd/caddy/main.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cmd/caddy/main.go b/cmd/caddy/main.go index 2383546a..ee706d58 100644 --- a/cmd/caddy/main.go +++ b/cmd/caddy/main.go @@ -24,6 +24,8 @@ // 3. Run `go mod init caddy` // 4. Run `go install` or `go build` - you now have a custom binary! // +// Or you can use xcaddy which does it all for you as a command: +// https://github.com/caddyserver/xcaddy package main import ( From 0b6f7643569690b9a3defe989fb2e0c2607215ec Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Thu, 16 Jun 2022 16:28:11 -0400 Subject: [PATCH 0669/1498] forwardauth: Support renaming copied headers, block support (#4783) --- .../forward_auth_rename_headers.txt | 116 ++++++++++++++++++ .../reverseproxy/forwardauth/caddyfile.go | 33 +++-- 2 files changed, 142 insertions(+), 7 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/forward_auth_rename_headers.txt diff --git a/caddytest/integration/caddyfile_adapt/forward_auth_rename_headers.txt b/caddytest/integration/caddyfile_adapt/forward_auth_rename_headers.txt new file mode 100644 index 00000000..bc2d95b9 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/forward_auth_rename_headers.txt @@ -0,0 +1,116 @@ +:8881 + +forward_auth localhost:9000 { + uri /auth + copy_headers A>1 B C>3 { + D + E>5 + } +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":8881" + ], + "routes": [ + { + "handle": [ + { + "handle_response": [ + { + "match": { + "status_code": [ + 2 + ] + }, + "routes": [ + { + "handle": [ + { + "handler": "headers", + "request": { + "set": { + "1": [ + "{http.reverse_proxy.header.A}" + ], + "3": [ + "{http.reverse_proxy.header.C}" + ], + "5": [ + "{http.reverse_proxy.header.E}" + ], + "B": [ + "{http.reverse_proxy.header.B}" + ], + "D": [ + "{http.reverse_proxy.header.D}" + ] + } + } + } + ] + } + ] + }, + { + "routes": [ + { + "handle": [ + { + "exclude": [ + "Connection", + "Keep-Alive", + "Te", + "Trailers", + "Transfer-Encoding", + "Upgrade" + ], + "handler": "copy_response_headers" + } + ] + }, + { + "handle": [ + { + "handler": "copy_response" + } + ] + } + ] + } + ], + "handler": "reverse_proxy", + "headers": { + "request": { + "set": { + "X-Forwarded-Method": [ + "{http.request.method}" + ], + "X-Forwarded-Uri": [ + "{http.request.uri}" + ] + } + } + }, + "rewrite": { + "method": "GET", + "uri": "/auth" + }, + "upstreams": [ + { + "dial": "localhost:9000" + } + ] + } + ] + } + ] + } + } + } + } +} \ No newline at end of file diff --git a/modules/caddyhttp/reverseproxy/forwardauth/caddyfile.go b/modules/caddyhttp/reverseproxy/forwardauth/caddyfile.go index 1571f09a..c22dddec 100644 --- a/modules/caddyhttp/reverseproxy/forwardauth/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/forwardauth/caddyfile.go @@ -17,6 +17,7 @@ package forwardauth import ( "encoding/json" "net/http" + "strings" "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/caddyconfig" @@ -115,7 +116,7 @@ func parseCaddyfile(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error) // collect the headers to copy from the auth response // onto the original request, so they can get passed // through to a backend app - headersToCopy := []string{} + headersToCopy := make(map[string]string) // read the subdirectives for configuring the forward_auth shortcut // NOTE: we delete the tokens as we go so that the reverse_proxy @@ -141,10 +142,28 @@ func parseCaddyfile(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error) case "copy_headers": args := dispenser.RemainingArgs() - dispenser.Delete() - for _, headerField := range args { + hadBlock := false + for nesting := dispenser.Nesting(); dispenser.NextBlock(nesting); { + hadBlock = true + args = append(args, dispenser.Val()) + } + + dispenser.Delete() // directive name + if hadBlock { + dispenser.Delete() // opening brace + dispenser.Delete() // closing brace + } + for range args { dispenser.Delete() - headersToCopy = append(headersToCopy, headerField) + } + + for _, headerField := range args { + if strings.Contains(headerField, ">") { + parts := strings.Split(headerField, ">") + headersToCopy[parts[0]] = parts[1] + } else { + headersToCopy[headerField] = headerField + } } if len(headersToCopy) == 0 { return nil, dispenser.ArgErr() @@ -180,9 +199,9 @@ func parseCaddyfile(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error) }, } - for _, headerField := range headersToCopy { - handler.Request.Set[headerField] = []string{ - "{http.reverse_proxy.header." + headerField + "}", + for from, to := range headersToCopy { + handler.Request.Set[to] = []string{ + "{http.reverse_proxy.header." + from + "}", } } From 56013934a4544d092426a1437763dff198560141 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 20 Jun 2022 10:50:50 -0600 Subject: [PATCH 0670/1498] go.mod: Update some dependencies --- go.mod | 10 +++++----- go.sum | 20 ++++++++++---------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/go.mod b/go.mod index c33270ca..1422649b 100644 --- a/go.mod +++ b/go.mod @@ -12,9 +12,9 @@ require ( github.com/go-chi/chi v4.1.2+incompatible github.com/google/cel-go v0.7.3 github.com/google/uuid v1.3.0 - github.com/klauspost/compress v1.15.4 - github.com/klauspost/cpuid/v2 v2.0.12 - github.com/lucas-clemente/quic-go v0.27.1 + github.com/klauspost/compress v1.15.6 + github.com/klauspost/cpuid/v2 v2.0.13 + github.com/lucas-clemente/quic-go v0.27.2 github.com/mholt/acmez v1.0.2 github.com/prometheus/client_golang v1.12.1 github.com/smallstep/certificates v0.19.0 @@ -81,8 +81,8 @@ require ( github.com/manifoldco/promptui v0.9.0 // indirect github.com/marten-seemann/qpack v0.2.1 // indirect github.com/marten-seemann/qtls-go1-16 v0.1.5 // indirect - github.com/marten-seemann/qtls-go1-17 v0.1.1 // indirect - github.com/marten-seemann/qtls-go1-18 v0.1.1 // indirect + github.com/marten-seemann/qtls-go1-17 v0.1.2 // indirect + github.com/marten-seemann/qtls-go1-18 v0.1.2 // indirect github.com/mattn/go-colorable v0.1.8 // indirect github.com/mattn/go-isatty v0.0.13 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect diff --git a/go.sum b/go.sum index 10b6f9af..ba48313c 100644 --- a/go.sum +++ b/go.sum @@ -689,11 +689,11 @@ github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQL github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.12.3/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= -github.com/klauspost/compress v1.15.4 h1:1kn4/7MepF/CHmYub99/nNX8az0IJjfSOU/jbnTVfqQ= -github.com/klauspost/compress v1.15.4/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU= +github.com/klauspost/compress v1.15.6 h1:6D9PcO8QWu0JyaQ2zUMmu16T1T+zjjEpP91guRsvDfY= +github.com/klauspost/compress v1.15.6/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU= github.com/klauspost/cpuid/v2 v2.0.11/go.mod h1:g2LTdtYhdyuGPqyWyv7qRAmj1WBqxuObKfj5c0PQa7c= -github.com/klauspost/cpuid/v2 v2.0.12 h1:p9dKCg8i4gmOxtv35DvrYoWqYzQrvEVdjQ762Y0OqZE= -github.com/klauspost/cpuid/v2 v2.0.12/go.mod h1:g2LTdtYhdyuGPqyWyv7qRAmj1WBqxuObKfj5c0PQa7c= +github.com/klauspost/cpuid/v2 v2.0.13 h1:1XxvOiqXZ8SULZUKim/wncr3wZ38H4yCuVDvKdK9OGs= +github.com/klauspost/cpuid/v2 v2.0.13/go.mod h1:g2LTdtYhdyuGPqyWyv7qRAmj1WBqxuObKfj5c0PQa7c= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -720,8 +720,8 @@ github.com/libdns/libdns v0.2.1 h1:Wu59T7wSHRgtA0cfxC+n1c/e+O3upJGWytknkmFEDis= github.com/libdns/libdns v0.2.1/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40= github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= -github.com/lucas-clemente/quic-go v0.27.1 h1:sOw+4kFSVrdWOYmUjufQ9GBVPqZ+tu+jMtXxXNmRJyk= -github.com/lucas-clemente/quic-go v0.27.1/go.mod h1:AzgQoPda7N+3IqMMMkywBKggIFo2KT6pfnlrQ2QieeI= +github.com/lucas-clemente/quic-go v0.27.2 h1:zsMwwniyybb8B/UDNXRSYee7WpQJVOcjQEGgpw2ikXs= +github.com/lucas-clemente/quic-go v0.27.2/go.mod h1:vXgO/11FBSKM+js1NxoaQ/bPtVFYfB7uxhfHXyMhl1A= github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/lxn/walk v0.0.0-20210112085537-c389da54e794/go.mod h1:E23UucZGqpuUANJooIbHWCufXvOcT6E7Stq81gU+CSQ= github.com/lxn/win v0.0.0-20210218163916-a377121e959e/go.mod h1:KxxjdtRkfNoYDCUP5ryK7XJJNTnpC8atvtmTheChOtk= @@ -735,10 +735,10 @@ github.com/marten-seemann/qpack v0.2.1 h1:jvTsT/HpCn2UZJdP+UUB53FfUUgeOyG5K1ns0O github.com/marten-seemann/qpack v0.2.1/go.mod h1:F7Gl5L1jIgN1D11ucXefiuJS9UMVP2opoCp2jDKb7wc= github.com/marten-seemann/qtls-go1-16 v0.1.5 h1:o9JrYPPco/Nukd/HpOHMHZoBDXQqoNtUCmny98/1uqQ= github.com/marten-seemann/qtls-go1-16 v0.1.5/go.mod h1:gNpI2Ol+lRS3WwSOtIUUtRwZEQMXjYK+dQSBFbethAk= -github.com/marten-seemann/qtls-go1-17 v0.1.1 h1:DQjHPq+aOzUeh9/lixAGunn6rIOQyWChPSI4+hgW7jc= -github.com/marten-seemann/qtls-go1-17 v0.1.1/go.mod h1:C2ekUKcDdz9SDWxec1N/MvcXBpaX9l3Nx67XaR84L5s= -github.com/marten-seemann/qtls-go1-18 v0.1.1 h1:qp7p7XXUFL7fpBvSS1sWD+uSqPvzNQK43DH+/qEkj0Y= -github.com/marten-seemann/qtls-go1-18 v0.1.1/go.mod h1:mJttiymBAByA49mhlNZZGrH5u1uXYZJ+RW28Py7f4m4= +github.com/marten-seemann/qtls-go1-17 v0.1.2 h1:JADBlm0LYiVbuSySCHeY863dNkcpMmDR7s0bLKJeYlQ= +github.com/marten-seemann/qtls-go1-17 v0.1.2/go.mod h1:C2ekUKcDdz9SDWxec1N/MvcXBpaX9l3Nx67XaR84L5s= +github.com/marten-seemann/qtls-go1-18 v0.1.2 h1:JH6jmzbduz0ITVQ7ShevK10Av5+jBEKAHMntXmIV7kM= +github.com/marten-seemann/qtls-go1-18 v0.1.2/go.mod h1:mJttiymBAByA49mhlNZZGrH5u1uXYZJ+RW28Py7f4m4= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ= github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= From b6e96fa3c5fcb7601142b8ad569793a1b9c2c5eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kiss=20K=C3=A1roly=20P=C3=A1l?= Date: Mon, 20 Jun 2022 19:51:42 +0200 Subject: [PATCH 0671/1498] reverseproxy: Skip TLS for certain configured ports (#4843) * Make reverse proxy TLS server name replaceable for SNI upstreams. * Reverted previous TLS server name replacement, and implemented thread safe version. * Move TLS servername replacement into it's own function * Moved SNI servername replacement into httptransport. * Solve issue when dynamic upstreams use wrong protocol upstream. * Revert previous commit. Old commit was: Solve issue when dynamic upstreams use wrong protocol upstream. Id: 3c9806ccb63e66bdcac8e1ed4520c9d135cb011d * Added SkipTLSPorts option to http transport. * Fix typo in test config file. * Rename config option as suggested by Matt Co-authored-by: Matt Holt * Update code to match renamed config option. * Fix typo in config option name. * Fix another typo that I missed. * Tests not completing because of apparent wrong ordering of options. Co-authored-by: Matt Holt --- .../caddyfile_adapt/reverse_proxy_options.txt | 5 +++++ modules/caddyhttp/reverseproxy/caddyfile.go | 9 +++++++++ .../caddyhttp/reverseproxy/httptransport.go | 20 ++++++++++++++++++- 3 files changed, 33 insertions(+), 1 deletion(-) diff --git a/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt b/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt index 29f6d236..ea740f62 100644 --- a/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt +++ b/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt @@ -25,6 +25,7 @@ https://example.com { keepalive_idle_conns_per_host 2 keepalive_interval 30s renegotiation freely + except_ports 8181 8182 } } } @@ -93,6 +94,10 @@ https://example.com { }, "response_header_timeout": 8000000000, "tls": { + "except_ports": [ + "8181", + "8182" + ], "renegotiation": "freely" }, "versions": [ diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index dfb30d80..b2bdf049 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -1063,6 +1063,15 @@ func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { } h.MaxConnsPerHost = num + case "except_ports": + if h.TLS == nil { + h.TLS = new(TLSConfig) + } + h.TLS.ExceptPorts = d.RemainingArgs() + if len(h.TLS.ExceptPorts) == 0 { + return d.ArgErr() + } + default: return d.Errf("unrecognized subdirective %s", d.Val()) } diff --git a/modules/caddyhttp/reverseproxy/httptransport.go b/modules/caddyhttp/reverseproxy/httptransport.go index eefc04af..1fac4209 100644 --- a/modules/caddyhttp/reverseproxy/httptransport.go +++ b/modules/caddyhttp/reverseproxy/httptransport.go @@ -296,9 +296,20 @@ func (h *HTTPTransport) RoundTrip(req *http.Request) (*http.Response, error) { // has the scheme set in its URL; the underlying // http.Transport requires a scheme to be set. func (h *HTTPTransport) SetScheme(req *http.Request) { + skipTLSport := false + if h.TLS.ExceptPorts != nil { + port := req.URL.Port() + for i := range h.TLS.ExceptPorts { + if h.TLS.ExceptPorts[i] == port { + skipTLSport = true + break + } + } + } + if req.URL.Scheme == "" { req.URL.Scheme = "http" - if h.TLS != nil { + if h.TLS != nil && !skipTLSport { req.URL.Scheme = "https" } } @@ -369,6 +380,13 @@ type TLSConfig struct { // - "once": allows a remote server to request renegotiation once per connection. // - "freely": allows a remote server to repeatedly request renegotiation. Renegotiation string `json:"renegotiation,omitempty"` + + // Skip TLS ports specifies a list of upstream ports on which TLS should not be + // attempted even if it is configured. Handy when using dynamic upstreams that + // return HTTP and HTTPS endpoints too. + // When specified, TLS will automatically be configured on the transport. + // The value can be a list of any valid tcp port numbers, default empty. + ExceptPorts []string `json:"except_ports,omitempty"` } // MakeTLSClientConfig returns a tls.Config usable by a client to a backend. From 25f10511e7ef80c10493519499c479f6ffa49a0f Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 22 Jun 2022 15:01:57 -0400 Subject: [PATCH 0672/1498] reverseproxy: Fix panic when TLS is not configured (#4848) * reverseproxy: Fix panic when TLS is not configured * Refactor and simplify setScheme Co-authored-by: Matthew Holt --- .../caddyhttp/reverseproxy/httptransport.go | 41 +++++++++++-------- 1 file changed, 24 insertions(+), 17 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/httptransport.go b/modules/caddyhttp/reverseproxy/httptransport.go index 1fac4209..94a09380 100644 --- a/modules/caddyhttp/reverseproxy/httptransport.go +++ b/modules/caddyhttp/reverseproxy/httptransport.go @@ -281,7 +281,7 @@ func (h *HTTPTransport) RoundTrip(req *http.Request) (*http.Response, error) { repl := req.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) transport := h.replaceTLSServername(repl) - transport.SetScheme(req) + transport.setScheme(req) // if H2C ("HTTP/2 over cleartext") is enabled and the upstream request is // HTTP without TLS, use the alternate H2C-capable transport instead @@ -292,27 +292,34 @@ func (h *HTTPTransport) RoundTrip(req *http.Request) (*http.Response, error) { return transport.Transport.RoundTrip(req) } -// SetScheme ensures that the outbound request req +// setScheme ensures that the outbound request req // has the scheme set in its URL; the underlying // http.Transport requires a scheme to be set. -func (h *HTTPTransport) SetScheme(req *http.Request) { - skipTLSport := false - if h.TLS.ExceptPorts != nil { - port := req.URL.Port() - for i := range h.TLS.ExceptPorts { - if h.TLS.ExceptPorts[i] == port { - skipTLSport = true - break - } +func (h *HTTPTransport) setScheme(req *http.Request) { + if req.URL.Scheme != "" { + return + } + if h.shouldUseTLS(req) { + req.URL.Scheme = "https" + } else { + req.URL.Scheme = "http" + } +} + +// shouldUseTLS returns true if TLS should be used for req. +func (h *HTTPTransport) shouldUseTLS(req *http.Request) bool { + if h.TLS == nil { + return false + } + + port := req.URL.Port() + for i := range h.TLS.ExceptPorts { + if h.TLS.ExceptPorts[i] == port { + return false } } - if req.URL.Scheme == "" { - req.URL.Scheme = "http" - if h.TLS != nil && !skipTLSport { - req.URL.Scheme = "https" - } - } + return true } // TLSEnabled returns true if TLS is enabled. From 98468af8b6224d29431576fe30a7d92a8676030d Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 22 Jun 2022 15:10:14 -0400 Subject: [PATCH 0673/1498] reverseproxy: Fix double headers in response handlers (#4847) --- .../caddyfile_adapt/forward_auth_authelia.txt | 26 ------- .../forward_auth_rename_headers.txt | 26 ------- .../caddyhttp/reverseproxy/copyresponse.go | 2 +- .../reverseproxy/forwardauth/caddyfile.go | 47 ++---------- .../caddyhttp/reverseproxy/reverseproxy.go | 71 +++++++------------ 5 files changed, 34 insertions(+), 138 deletions(-) diff --git a/caddytest/integration/caddyfile_adapt/forward_auth_authelia.txt b/caddytest/integration/caddyfile_adapt/forward_auth_authelia.txt index e7cbb0f5..a0570328 100644 --- a/caddytest/integration/caddyfile_adapt/forward_auth_authelia.txt +++ b/caddytest/integration/caddyfile_adapt/forward_auth_authelia.txt @@ -63,32 +63,6 @@ app.example.com { ] } ] - }, - { - "routes": [ - { - "handle": [ - { - "exclude": [ - "Connection", - "Keep-Alive", - "Te", - "Trailers", - "Transfer-Encoding", - "Upgrade" - ], - "handler": "copy_response_headers" - } - ] - }, - { - "handle": [ - { - "handler": "copy_response" - } - ] - } - ] } ], "handler": "reverse_proxy", diff --git a/caddytest/integration/caddyfile_adapt/forward_auth_rename_headers.txt b/caddytest/integration/caddyfile_adapt/forward_auth_rename_headers.txt index bc2d95b9..65228174 100644 --- a/caddytest/integration/caddyfile_adapt/forward_auth_rename_headers.txt +++ b/caddytest/integration/caddyfile_adapt/forward_auth_rename_headers.txt @@ -55,32 +55,6 @@ forward_auth localhost:9000 { ] } ] - }, - { - "routes": [ - { - "handle": [ - { - "exclude": [ - "Connection", - "Keep-Alive", - "Te", - "Trailers", - "Transfer-Encoding", - "Upgrade" - ], - "handler": "copy_response_headers" - } - ] - }, - { - "handle": [ - { - "handler": "copy_response" - } - ] - } - ] } ], "handler": "reverse_proxy", diff --git a/modules/caddyhttp/reverseproxy/copyresponse.go b/modules/caddyhttp/reverseproxy/copyresponse.go index 72a55d4a..c1c9de92 100644 --- a/modules/caddyhttp/reverseproxy/copyresponse.go +++ b/modules/caddyhttp/reverseproxy/copyresponse.go @@ -80,7 +80,7 @@ func (h CopyResponseHandler) ServeHTTP(rw http.ResponseWriter, req *http.Request hrc.isFinalized = true // write the response - return hrc.handler.finalizeResponse(rw, req, hrc.response, repl, hrc.start, hrc.logger, false) + return hrc.handler.finalizeResponse(rw, req, hrc.response, repl, hrc.start, hrc.logger) } // CopyResponseHeadersHandler is a special HTTP handler which may diff --git a/modules/caddyhttp/reverseproxy/forwardauth/caddyfile.go b/modules/caddyhttp/reverseproxy/forwardauth/caddyfile.go index c22dddec..8230216c 100644 --- a/modules/caddyhttp/reverseproxy/forwardauth/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/forwardauth/caddyfile.go @@ -59,13 +59,6 @@ func init() { // Remote-Email {http.reverse_proxy.header.Remote-Email} // } // } -// -// handle_response { -// copy_response_headers { -// exclude Connection Keep-Alive Te Trailers Transfer-Encoding Upgrade -// } -// copy_response -// } // } // func parseCaddyfile(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error) { @@ -217,41 +210,13 @@ func parseCaddyfile(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error) }, ) } - rpHandler.HandleResponse = append(rpHandler.HandleResponse, goodResponseHandler) - // set up handler for denial responses; when a response - // has any other status than 2xx, then we copy the response - // back to the client, and terminate handling. - denialResponseHandler := caddyhttp.ResponseHandler{ - Routes: []caddyhttp.Route{ - { - HandlersRaw: []json.RawMessage{caddyconfig.JSONModuleObject( - &reverseproxy.CopyResponseHeadersHandler{ - Exclude: []string{ - "Connection", - "Keep-Alive", - "Te", - "Trailers", - "Transfer-Encoding", - "Upgrade", - }, - }, - "handler", - "copy_response_headers", - nil, - )}, - }, - { - HandlersRaw: []json.RawMessage{caddyconfig.JSONModuleObject( - &reverseproxy.CopyResponseHandler{}, - "handler", - "copy_response", - nil, - )}, - }, - }, - } - rpHandler.HandleResponse = append(rpHandler.HandleResponse, denialResponseHandler) + // note that when a response has any other status than 2xx, then we + // use the reverse proxy's default behaviour of copying the response + // back to the client, so we don't need to explicitly add a response + // handler specifically for that behaviour; we do need the 2xx handler + // though, to make handling fall through to handlers deeper in the chain. + rpHandler.HandleResponse = append(rpHandler.HandleResponse, goodResponseHandler) // the rest of the config is specified by the user // using the reverse_proxy directive syntax diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 1068c23d..15e31042 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -784,18 +784,14 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, origRe res.Body = h.bufferedBody(res.Body) } - // the response body may get closed by a response handler, - // and we need to keep track to make sure we don't try to copy - // the response if it was already closed - bodyClosed := false - // see if any response handler is configured for this response from the backend for i, rh := range h.HandleResponse { if rh.Match != nil && !rh.Match.Match(res.StatusCode, res.Header) { continue } - // if configured to only change the status code, do that then continue regular proxy response + // if configured to only change the status code, + // do that then continue regular proxy response if statusCodeStr := rh.StatusCode.String(); statusCodeStr != "" { statusCode, err := strconv.Atoi(repl.ReplaceAll(statusCodeStr, "")) if err != nil { @@ -840,33 +836,29 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, origRe // pass the request through the response handler routes routeErr := rh.Routes.Compile(next).ServeHTTP(rw, origReq.WithContext(ctx)) - // if the response handler routes already finalized the response, - // we can return early. It should be finalized if the routes executed - // included a copy_response handler. If a fresh response was written - // by the routes instead, then we still need to finalize the response - // without copying the body. - if routeErr == nil && hrc.isFinalized { - return nil + // close the response body afterwards, since we don't need it anymore; + // either a route had 'copy_response' which already consumed the body, + // or some other terminal handler ran which doesn't need the response + // body after that point (e.g. 'file_server' for X-Accel-Redirect flow), + // or we fell through to subsequent handlers past this proxy + // (e.g. forward auth's 2xx response flow). + if !hrc.isFinalized { + res.Body.Close() } - // always close the response body afterwards, since it's expected - // that the response handler routes will have written to the - // response writer with a new body, if it wasn't already finalized. - res.Body.Close() - bodyClosed = true - + // wrap any route error in roundtripSucceeded so caller knows that + // the roundtrip was successful and to not retry if routeErr != nil { - // wrap error in roundtripSucceeded so caller knows that - // the roundtrip was successful and to not retry return roundtripSucceeded{routeErr} } - // we've already closed the body, so there's no use allowing - // another response handler to run as well - break + // we're done handling the response, and we don't want to + // fall through to the default finalize/copy behaviour + return nil } - return h.finalizeResponse(rw, req, res, repl, start, logger, bodyClosed) + // copy the response body and headers back to the upstream client + return h.finalizeResponse(rw, req, res, repl, start, logger) } // finalizeResponse prepares and copies the response. @@ -877,7 +869,6 @@ func (h Handler) finalizeResponse( repl *caddy.Replacer, start time.Time, logger *zap.Logger, - bodyClosed bool, ) error { // deal with 101 Switching Protocols responses: (WebSocket, h2c, etc) if res.StatusCode == http.StatusSwitchingProtocols { @@ -891,13 +882,6 @@ func (h Handler) finalizeResponse( res.Header.Del(h) } - // remove the content length if we're not going to be copying - // from the response, because otherwise there'll be a mismatch - // between bytes written and the advertised length - if bodyClosed { - res.Header.Del("Content-Length") - } - // apply any response header operations if h.Headers != nil && h.Headers.Response != nil { if h.Headers.Response.Require == nil || @@ -920,17 +904,16 @@ func (h Handler) finalizeResponse( } rw.WriteHeader(res.StatusCode) - if !bodyClosed { - err := h.copyResponse(rw, res.Body, h.flushInterval(req, res)) - res.Body.Close() // close now, instead of defer, to populate res.Trailer - if err != nil { - // we're streaming the response and we've already written headers, so - // there's nothing an error handler can do to recover at this point; - // the standard lib's proxy panics at this point, but we'll just log - // the error and abort the stream here - h.logger.Error("aborting with incomplete response", zap.Error(err)) - return nil - } + + err := h.copyResponse(rw, res.Body, h.flushInterval(req, res)) + res.Body.Close() // close now, instead of defer, to populate res.Trailer + if err != nil { + // we're streaming the response and we've already written headers, so + // there's nothing an error handler can do to recover at this point; + // the standard lib's proxy panics at this point, but we'll just log + // the error and abort the stream here + h.logger.Error("aborting with incomplete response", zap.Error(err)) + return nil } if len(res.Trailer) > 0 { From 10f85558ead15e119f8e9abd81c8ad55eb865f8b Mon Sep 17 00:00:00 2001 From: Tristan Swadell Date: Wed, 22 Jun 2022 15:53:46 -0700 Subject: [PATCH 0674/1498] Expose several Caddy HTTP Matchers to the CEL Matcher (#4715) Co-authored-by: Francis Lavoie --- go.mod | 10 +- go.sum | 22 +- modules/caddyhttp/celmatcher.go | 481 ++++++++++++++++- modules/caddyhttp/celmatcher_test.go | 518 ++++++++++++++++--- modules/caddyhttp/fileserver/matcher.go | 218 +++++++- modules/caddyhttp/fileserver/matcher_test.go | 109 ++++ modules/caddyhttp/matchers.go | 290 ++++++++++- 7 files changed, 1552 insertions(+), 96 deletions(-) diff --git a/go.mod b/go.mod index 1422649b..077e8343 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/caddyserver/certmagic v0.16.1 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-chi/chi v4.1.2+incompatible - github.com/google/cel-go v0.7.3 + github.com/google/cel-go v0.11.4 github.com/google/uuid v1.3.0 github.com/klauspost/compress v1.15.6 github.com/klauspost/cpuid/v2 v2.0.13 @@ -32,8 +32,8 @@ require ( golang.org/x/crypto v0.0.0-20220210151621-f4118a5b28e2 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 - google.golang.org/genproto v0.0.0-20220222213610-43724f9ea8cf - google.golang.org/protobuf v1.27.1 + google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 + google.golang.org/protobuf v1.28.0 gopkg.in/natefinch/lumberjack.v2 v2.0.0 gopkg.in/yaml.v3 v3.0.1 ) @@ -43,7 +43,7 @@ require ( github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96 // indirect github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/semver/v3 v3.1.1 // indirect - github.com/antlr/antlr4 v0.0.0-20200503195918-621b933c7a7f // indirect + github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20220418222510-f25a4f6275ed // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cenkalti/backoff/v4 v4.1.2 // indirect github.com/cespare/xxhash v1.1.0 // indirect @@ -125,7 +125,7 @@ require ( golang.org/x/text v0.3.8-0.20211004125949-5bd84dd9b33b // indirect golang.org/x/tools v0.1.7 // indirect golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect - google.golang.org/grpc v1.44.0 // indirect + google.golang.org/grpc v1.46.0 // indirect gopkg.in/square/go-jose.v2 v2.6.0 // indirect gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect howett.net/plist v1.0.0 // indirect diff --git a/go.sum b/go.sum index ba48313c..56ae7cab 100644 --- a/go.sum +++ b/go.sum @@ -149,8 +149,8 @@ github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk5 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= -github.com/antlr/antlr4 v0.0.0-20200503195918-621b933c7a7f h1:0cEys61Sr2hUBEXfNV8eyQP01oZuBgoMeHunebPirK8= -github.com/antlr/antlr4 v0.0.0-20200503195918-621b933c7a7f/go.mod h1:T7PbCXFs94rrTttyxjbyT5+/1V8T2TYDejxUfHJjw1Y= +github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20220418222510-f25a4f6275ed h1:ue9pVfIcP+QMEjfgo/Ez4ZjNZfonGgR6NgjMaJMu1Cg= +github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20220418222510-f25a4f6275ed/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY= github.com/aokoli/goutils v1.0.1/go.mod h1:SijmP0QR8LtwsmDs8Yii5Z/S4trXFGFC2oO5g9DP+DQ= github.com/apache/beam v2.28.0+incompatible/go.mod h1:/8NX3Qi8vGstDLLaeaU7+lzVEu/ACaQhYjeefzQ0y1o= github.com/apache/beam v2.30.0+incompatible/go.mod h1:/8NX3Qi8vGstDLLaeaU7+lzVEu/ACaQhYjeefzQ0y1o= @@ -238,6 +238,7 @@ github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XP github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cockroachdb/apd v1.1.0 h1:3LFP3629v+1aKXU5Q37mxmRxX/pIu1nijXydLShEq5I= github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ= @@ -311,6 +312,7 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.m github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0= +github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/envoyproxy/protoc-gen-validate v0.3.0-java/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/etcd-io/gofail v0.0.0-20190801230047-ad7f989257ca/go.mod h1:49H/RkXP8pKaZy4h0d+NW16rSLhyVBt4o6VLJbmOqDE= @@ -390,6 +392,7 @@ github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXP github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -433,9 +436,8 @@ github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEW github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= -github.com/google/cel-go v0.7.3 h1:8v9BSN0avuGwrHFKNCjfiQ/CE6+D6sW+BDyOVoEeP6o= -github.com/google/cel-go v0.7.3/go.mod h1:4EtyFAHT5xNr0Msu0MJjyGxPUgdr9DlcaPyzLt/kkt8= -github.com/google/cel-spec v0.5.0/go.mod h1:Nwjgxy5CbjlPrtCWjeDjUyKMl8w41YBYGjsyDdqk0xA= +github.com/google/cel-go v0.11.4 h1:wWOnKmLxALl3l9Av221MfIOWRiR01sDVljzg6LZ6Zn0= +github.com/google/cel-go v0.11.4/go.mod h1:Av7CU6r6X3YmcHR9GXqVDaEJYfEtSxl6wvIjUQTriCw= github.com/google/certificate-transparency-go v1.0.21/go.mod h1:QeJfpSbVSfYc7RgB3gJFj9cbuQMMchQxrWXz8Ruopmg= github.com/google/certificate-transparency-go v1.1.2-0.20210422104406-9f33727a7a18/go.mod h1:6CKh9dscIRoqc2kC6YUFICHZMT9NrClyPrRVFrdw1QQ= github.com/google/certificate-transparency-go v1.1.2-0.20210512142713-bed466244fa6/go.mod h1:aF2dp7Dh81mY8Y/zpzyXps4fQW5zQbDu2CxfpJB6NkI= @@ -1714,7 +1716,6 @@ google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201102152239-715cce707fb0/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= @@ -1754,8 +1755,9 @@ google.golang.org/genproto v0.0.0-20211221195035-429b39de9b1c/go.mod h1:5CzLGKJ6 google.golang.org/genproto v0.0.0-20220126215142-9970aeb2e350/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20220207164111-0872dc986b00/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20220218161850-94dd64e39d7c/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= -google.golang.org/genproto v0.0.0-20220222213610-43724f9ea8cf h1:SVYXkUz2yZS9FWb2Gm8ivSlbNQzL2Z/NpPKE3RG2jWk= google.golang.org/genproto v0.0.0-20220222213610-43724f9ea8cf/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= +google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 h1:hrbNEivu7Zn1pxvHk6MBrq9iE22woVILTHqexqBxe6I= +google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= @@ -1793,8 +1795,9 @@ google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9K google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k= google.golang.org/grpc v1.43.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= -google.golang.org/grpc v1.44.0 h1:weqSxi/TMs1SqFRMHCtBgXRs8k3X39QIDEZ0pRcttUg= google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= +google.golang.org/grpc v1.46.0 h1:oCjezcn6g6A75TGoKYBPgKmVBLexhYLM6MebdrPApP8= +google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= @@ -1809,8 +1812,9 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba google.golang.org/protobuf v1.25.1-0.20200805231151-a709e31e5d12/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.27.1 h1:SnqbnDw1V7RiZcXPx5MEeqPv2s79L9i7BJUlG/+RurQ= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw= +google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/modules/caddyhttp/celmatcher.go b/modules/caddyhttp/celmatcher.go index ee640fd3..4938cd5c 100644 --- a/modules/caddyhttp/celmatcher.go +++ b/modules/caddyhttp/celmatcher.go @@ -17,6 +17,7 @@ package caddyhttp import ( "crypto/x509/pkix" "encoding/json" + "errors" "fmt" "net/http" "reflect" @@ -28,11 +29,15 @@ import ( "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" "github.com/google/cel-go/cel" "github.com/google/cel-go/checker/decls" + "github.com/google/cel-go/common" + "github.com/google/cel-go/common/operators" "github.com/google/cel-go/common/types" "github.com/google/cel-go/common/types/ref" "github.com/google/cel-go/common/types/traits" "github.com/google/cel-go/ext" + "github.com/google/cel-go/interpreter" "github.com/google/cel-go/interpreter/functions" + "github.com/google/cel-go/parser" "go.uber.org/zap" exprpb "google.golang.org/genproto/googleapis/api/expr/v1alpha1" "google.golang.org/protobuf/proto" @@ -96,6 +101,29 @@ func (m *MatchExpression) Provision(ctx caddy.Context) error { // our type adapter expands CEL's standard type support m.ta = celTypeAdapter{} + // initialize the CEL libraries from the Matcher implementations which + // have been configured to support CEL. + matcherLibProducers := []CELLibraryProducer{} + for _, info := range caddy.GetModules("http.matchers") { + p, ok := info.New().(CELLibraryProducer) + if ok { + matcherLibProducers = append(matcherLibProducers, p) + } + } + // Assemble the compilation and program options from the different library + // producers into a single cel.Library implementation. + matcherEnvOpts := []cel.EnvOption{} + matcherProgramOpts := []cel.ProgramOption{} + for _, producer := range matcherLibProducers { + l, err := producer.CELLibrary(ctx) + if err != nil { + return fmt.Errorf("error initializing CEL library for %T: %v", producer, err) + } + matcherEnvOpts = append(matcherEnvOpts, l.CompileOptions()...) + matcherProgramOpts = append(matcherProgramOpts, l.ProgramOptions()...) + } + matcherLib := cel.Lib(NewMatcherCELLibrary(matcherEnvOpts, matcherProgramOpts)) + // create the CEL environment env, err := cel.NewEnv( cel.Declarations( @@ -107,6 +135,7 @@ func (m *MatchExpression) Provision(ctx caddy.Context) error { ), cel.CustomTypeAdapter(m.ta), ext.Strings(), + matcherLib, ) if err != nil { return fmt.Errorf("setting up CEL environment: %v", err) @@ -114,7 +143,7 @@ func (m *MatchExpression) Provision(ctx caddy.Context) error { // parse and type-check the expression checked, issues := env.Compile(m.expandedExpr) - if issues != nil && issues.Err() != nil { + if issues.Err() != nil { return fmt.Errorf("compiling CEL program: %s", issues.Err()) } @@ -126,6 +155,7 @@ func (m *MatchExpression) Provision(ctx caddy.Context) error { // compile the "program" m.prg, err = env.Program(checked, + cel.EvalOptions(cel.OptOptimize), cel.Functions( &functions.Overload{ Operator: placeholderFuncName, @@ -133,7 +163,6 @@ func (m *MatchExpression) Provision(ctx caddy.Context) error { }, ), ) - if err != nil { return fmt.Errorf("compiling CEL program: %s", err) } @@ -142,18 +171,17 @@ func (m *MatchExpression) Provision(ctx caddy.Context) error { // Match returns true if r matches m. func (m MatchExpression) Match(r *http.Request) bool { - out, _, err := m.prg.Eval(map[string]interface{}{ - "request": celHTTPRequest{r}, - }) + celReq := celHTTPRequest{r} + out, _, err := m.prg.Eval(celReq) if err != nil { m.log.Error("evaluating expression", zap.Error(err)) + SetVar(r.Context(), MatcherErrorVarKey, err) return false } if outBool, ok := out.Value().(bool); ok { return outBool } return false - } // UnmarshalCaddyfile implements caddyfile.Unmarshaler. @@ -175,13 +203,15 @@ func (m MatchExpression) caddyPlaceholderFunc(lhs, rhs ref.Val) ref.Val { if !ok { return types.NewErr( "invalid request of type '%v' to "+placeholderFuncName+"(request, placeholderVarName)", - lhs.Type()) + lhs.Type(), + ) } phStr, ok := rhs.(types.String) if !ok { return types.NewErr( "invalid placeholder variable name of type '%v' to "+placeholderFuncName+"(request, placeholderVarName)", - rhs.Type()) + rhs.Type(), + ) } repl := celReq.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) @@ -193,10 +223,23 @@ func (m MatchExpression) caddyPlaceholderFunc(lhs, rhs ref.Val) ref.Val { // httpRequestCELType is the type representation of a native HTTP request. var httpRequestCELType = types.NewTypeValue("http.Request", traits.ReceiverType) -// cellHTTPRequest wraps an http.Request with -// methods to satisfy the ref.Val interface. +// celHTTPRequest wraps an http.Request with ref.Val interface methods. +// +// This type also implements the interpreter.Activation interface which +// drops allocation costs for CEL expression evaluations by roughly half. type celHTTPRequest struct{ *http.Request } +func (cr celHTTPRequest) ResolveName(name string) (interface{}, bool) { + if name == "request" { + return cr, true + } + return nil, false +} + +func (cr celHTTPRequest) Parent() interpreter.Activation { + return nil +} + func (cr celHTTPRequest) ConvertToNative(typeDesc reflect.Type) (interface{}, error) { return cr.Request, nil } @@ -250,12 +293,428 @@ func (celTypeAdapter) NativeToValue(value interface{}) ref.Val { return types.DefaultTypeAdapter.NativeToValue(value) } +// CELLibraryProducer provide CEL libraries that expose a Matcher +// implementation as a first class function within the CEL expression +// matcher. +type CELLibraryProducer interface { + // CELLibrary creates a cel.Library which makes it possible to use the + // target object within CEL expression matchers. + CELLibrary(caddy.Context) (cel.Library, error) +} + +// CELMatcherImpl creates a new cel.Library based on the following pieces of +// data: +// +// - macroName: the function name to be used within CEL. This will be a macro +// and not a function proper. +// - funcName: the function overload name generated by the CEL macro used to +// represent the matcher. +// - matcherDataTypes: the argument types to the macro. +// - fac: a matcherFactory implementation which converts from CEL constant +// values to a Matcher instance. +// +// Note, macro names and function names must not collide with other macros or +// functions exposed within CEL expressions, or an error will be produced +// during the expression matcher plan time. +// +// The existing CELMatcherImpl support methods are configured to support a +// limited set of function signatures. For strong type validation you may need +// to provide a custom macro which does a more detailed analysis of the CEL +// literal provided to the macro as an argument. +func CELMatcherImpl(macroName, funcName string, matcherDataTypes []*exprpb.Type, fac CELMatcherFactory) (cel.Library, error) { + requestType := decls.NewObjectType("http.Request") + var macro parser.Macro + switch len(matcherDataTypes) { + case 1: + matcherDataType := matcherDataTypes[0] + if isCELStringListType(matcherDataType) { + macro = parser.NewGlobalVarArgMacro(macroName, celMatcherStringListMacroExpander(funcName)) + } else if isCELStringType(matcherDataType) { + macro = parser.NewGlobalMacro(macroName, 1, celMatcherStringMacroExpander(funcName)) + } else if isCELJSONType(matcherDataType) { + macro = parser.NewGlobalMacro(macroName, 1, celMatcherJSONMacroExpander(funcName)) + } else { + return nil, fmt.Errorf("unsupported matcher data type: %s", cel.FormatType(matcherDataType)) + } + case 2: + if isCELStringType(matcherDataTypes[0]) && isCELStringType(matcherDataTypes[1]) { + macro = parser.NewGlobalMacro(macroName, 2, celMatcherStringListMacroExpander(funcName)) + matcherDataTypes = []*exprpb.Type{CelTypeListString} + } else { + return nil, fmt.Errorf( + "unsupported matcher data type: %s, %s", + cel.FormatType(matcherDataTypes[0]), cel.FormatType(matcherDataTypes[1]), + ) + } + case 3: + if isCELStringType(matcherDataTypes[0]) && isCELStringType(matcherDataTypes[1]) && isCELStringType(matcherDataTypes[2]) { + macro = parser.NewGlobalMacro(macroName, 3, celMatcherStringListMacroExpander(funcName)) + matcherDataTypes = []*exprpb.Type{CelTypeListString} + } else { + return nil, fmt.Errorf( + "unsupported matcher data type: %s, %s, %s", + cel.FormatType(matcherDataTypes[0]), cel.FormatType(matcherDataTypes[1]), cel.FormatType(matcherDataTypes[2]), + ) + } + } + envOptions := []cel.EnvOption{ + cel.Macros(macro), + cel.Declarations( + decls.NewFunction(funcName, + decls.NewOverload( + funcName, + append([]*exprpb.Type{requestType}, matcherDataTypes...), + decls.Bool, + ), + ), + ), + } + programOptions := []cel.ProgramOption{ + cel.CustomDecorator(CELMatcherDecorator(funcName, fac)), + cel.Functions( + &functions.Overload{ + Operator: funcName, + Binary: CELMatcherRuntimeFunction(funcName, fac), + }, + ), + } + return NewMatcherCELLibrary(envOptions, programOptions), nil +} + +// CELMatcherFactory converts a constant CEL value into a RequestMatcher. +type CELMatcherFactory func(data ref.Val) (RequestMatcher, error) + +// matcherCELLibrary is a simplistic configurable cel.Library implementation. +type matcherCELLibary struct { + envOptions []cel.EnvOption + programOptions []cel.ProgramOption +} + +// NewMatcherCELLibrary creates a matcherLibrary from option setes. +func NewMatcherCELLibrary(envOptions []cel.EnvOption, programOptions []cel.ProgramOption) cel.Library { + return &matcherCELLibary{ + envOptions: envOptions, + programOptions: programOptions, + } +} + +func (lib *matcherCELLibary) CompileOptions() []cel.EnvOption { + return lib.envOptions +} + +func (lib *matcherCELLibary) ProgramOptions() []cel.ProgramOption { + return lib.programOptions +} + +// CELMatcherDecorator matches a call overload generated by a CEL macro +// that takes a single argument, and optimizes the implementation to precompile +// the matcher and return a function that references the precompiled and +// provisioned matcher. +func CELMatcherDecorator(funcName string, fac CELMatcherFactory) interpreter.InterpretableDecorator { + return func(i interpreter.Interpretable) (interpreter.Interpretable, error) { + call, ok := i.(interpreter.InterpretableCall) + if !ok { + return i, nil + } + if call.OverloadID() != funcName { + return i, nil + } + callArgs := call.Args() + reqAttr, ok := callArgs[0].(interpreter.InterpretableAttribute) + if !ok { + return nil, errors.New("missing 'request' argument") + } + nsAttr, ok := reqAttr.Attr().(interpreter.NamespacedAttribute) + if !ok { + return nil, errors.New("missing 'request' argument") + } + varNames := nsAttr.CandidateVariableNames() + if len(varNames) != 1 || len(varNames) == 1 && varNames[0] != "request" { + return nil, errors.New("missing 'request' argument") + } + matcherData, ok := callArgs[1].(interpreter.InterpretableConst) + if !ok { + // If the matcher arguments are not constant, then this means + // they contain a Caddy placeholder reference and the evaluation + // and matcher provisioning should be handled at dynamically. + return i, nil + } + matcher, err := fac(matcherData.Value()) + if err != nil { + return nil, err + } + return interpreter.NewCall( + i.ID(), funcName, funcName+"_opt", + []interpreter.Interpretable{reqAttr}, + func(args ...ref.Val) ref.Val { + // The request value, guaranteed to be of type celHTTPRequest + celReq := args[0] + // If needed this call could be changed to convert the value + // to a *http.Request using CEL's ConvertToNative method. + httpReq := celReq.Value().(celHTTPRequest) + return types.Bool(matcher.Match(httpReq.Request)) + }, + ), nil + } +} + +// CELMatcherRuntimeFunction creates a function binding for when the input to the matcher +// is dynamically resolved rather than a set of static constant values. +func CELMatcherRuntimeFunction(funcName string, fac CELMatcherFactory) functions.BinaryOp { + return func(celReq, matcherData ref.Val) ref.Val { + matcher, err := fac(matcherData) + if err != nil { + return types.NewErr(err.Error()) + } + httpReq := celReq.Value().(celHTTPRequest) + return types.Bool(matcher.Match(httpReq.Request)) + } +} + +// celMatcherStringListMacroExpander validates that the macro is called +// with a variable number of string arguments (at least one). +// +// The arguments are collected into a single list argument the following +// function call returned: (request, [args]) +func celMatcherStringListMacroExpander(funcName string) parser.MacroExpander { + return func(eh parser.ExprHelper, target *exprpb.Expr, args []*exprpb.Expr) (*exprpb.Expr, *common.Error) { + matchArgs := []*exprpb.Expr{} + if len(args) == 0 { + return nil, &common.Error{ + Message: "matcher requires at least one argument", + } + } + for _, arg := range args { + if isCELStringExpr(arg) { + matchArgs = append(matchArgs, arg) + } else { + return nil, &common.Error{ + Location: eh.OffsetLocation(arg.GetId()), + Message: "matcher arguments must be string constants", + } + } + } + return eh.GlobalCall(funcName, eh.Ident("request"), eh.NewList(matchArgs...)), nil + } +} + +// celMatcherStringMacroExpander validates that the macro is called a single +// string argument. +// +// The following function call is returned: (request, arg) +func celMatcherStringMacroExpander(funcName string) parser.MacroExpander { + return func(eh parser.ExprHelper, target *exprpb.Expr, args []*exprpb.Expr) (*exprpb.Expr, *common.Error) { + if len(args) != 1 { + return nil, &common.Error{ + Message: "matcher requires one argument", + } + } + if isCELStringExpr(args[0]) { + return eh.GlobalCall(funcName, eh.Ident("request"), args[0]), nil + } + return nil, &common.Error{ + Location: eh.OffsetLocation(args[0].GetId()), + Message: "matcher argument must be a string literal", + } + } +} + +// celMatcherStringMacroExpander validates that the macro is called a single +// map literal argument. +// +// The following function call is returned: (request, arg) +func celMatcherJSONMacroExpander(funcName string) parser.MacroExpander { + return func(eh parser.ExprHelper, target *exprpb.Expr, args []*exprpb.Expr) (*exprpb.Expr, *common.Error) { + if len(args) != 1 { + return nil, &common.Error{ + Message: "matcher requires a map literal argument", + } + } + arg := args[0] + switch arg.GetExprKind().(type) { + case *exprpb.Expr_StructExpr: + structExpr := arg.GetStructExpr() + if structExpr.GetMessageName() != "" { + return nil, &common.Error{ + Location: eh.OffsetLocation(arg.GetId()), + Message: fmt.Sprintf( + "matcher input must be a map literal, not a %s", + structExpr.GetMessageName(), + ), + } + } + for _, entry := range structExpr.GetEntries() { + isStringPlaceholder := isCELStringExpr(entry.GetMapKey()) + if !isStringPlaceholder { + return nil, &common.Error{ + Location: eh.OffsetLocation(entry.GetId()), + Message: "matcher map keys must be string literals", + } + } + isStringListPlaceholder := isCELStringExpr(entry.GetValue()) || + isCELStringListLiteral(entry.GetValue()) + if !isStringListPlaceholder { + return nil, &common.Error{ + Location: eh.OffsetLocation(entry.GetValue().GetId()), + Message: "matcher map values must be string or list literals", + } + } + } + return eh.GlobalCall(funcName, eh.Ident("request"), arg), nil + } + + return nil, &common.Error{ + Location: eh.OffsetLocation(arg.GetId()), + Message: "matcher requires a map literal argument", + } + } +} + +// CELValueToMapStrList converts a CEL value to a map[string][]string +// +// Earlier validation stages should guarantee that the value has this type +// at compile time, and that the runtime value type is map[string]interface{}. +// The reason for the slight difference in value type is that CEL allows for +// map literals containing heterogeneous values, in this case string and list +// of string. +func CELValueToMapStrList(data ref.Val) (map[string][]string, error) { + mapStrType := reflect.TypeOf(map[string]interface{}{}) + mapStrRaw, err := data.ConvertToNative(mapStrType) + if err != nil { + return nil, err + } + mapStrIface := mapStrRaw.(map[string]interface{}) + mapStrListStr := make(map[string][]string, len(mapStrIface)) + for k, v := range mapStrIface { + switch val := v.(type) { + case string: + mapStrListStr[k] = []string{val} + case types.String: + mapStrListStr[k] = []string{string(val)} + case []string: + mapStrListStr[k] = val + case []ref.Val: + convVals := make([]string, len(val)) + for i, elem := range val { + strVal, ok := elem.(types.String) + if !ok { + return nil, fmt.Errorf("unsupported value type in header match: %T", val) + } + convVals[i] = string(strVal) + } + mapStrListStr[k] = convVals + default: + return nil, fmt.Errorf("unsupported value type in header match: %T", val) + } + } + return mapStrListStr, nil +} + +// isCELJSONType returns whether the type corresponds to JSON input. +func isCELJSONType(t *exprpb.Type) bool { + switch t.GetTypeKind().(type) { + case *exprpb.Type_MapType_: + mapType := t.GetMapType() + return isCELStringType(mapType.GetKeyType()) && mapType.GetValueType().GetDyn() != nil + } + return false +} + +// isCELStringType returns whether the type corresponds to a string. +func isCELStringType(t *exprpb.Type) bool { + switch t.GetTypeKind().(type) { + case *exprpb.Type_Primitive: + return t.GetPrimitive() == exprpb.Type_STRING + } + return false +} + +// isCELStringExpr indicates whether the expression is a supported string expression +func isCELStringExpr(e *exprpb.Expr) bool { + return isCELStringLiteral(e) || isCELCaddyPlaceholderCall(e) || isCELConcatCall(e) +} + +// isCELStringLiteral returns whether the expression is a CEL string literal. +func isCELStringLiteral(e *exprpb.Expr) bool { + switch e.GetExprKind().(type) { + case *exprpb.Expr_ConstExpr: + constant := e.GetConstExpr() + switch constant.GetConstantKind().(type) { + case *exprpb.Constant_StringValue: + return true + } + } + return false +} + +// isCELCaddyPlaceholderCall returns whether the expression is a caddy placeholder call. +func isCELCaddyPlaceholderCall(e *exprpb.Expr) bool { + switch e.GetExprKind().(type) { + case *exprpb.Expr_CallExpr: + call := e.GetCallExpr() + if call.GetFunction() == "caddyPlaceholder" { + return true + } + } + return false +} + +// isCELConcatCall tests whether the expression is a concat function (+) with string, placeholder, or +// other concat call arguments. +func isCELConcatCall(e *exprpb.Expr) bool { + switch e.GetExprKind().(type) { + case *exprpb.Expr_CallExpr: + call := e.GetCallExpr() + if call.GetTarget() != nil { + return false + } + if call.GetFunction() != operators.Add { + return false + } + for _, arg := range call.GetArgs() { + if !isCELStringExpr(arg) { + return false + } + } + return true + } + return false +} + +// isCELStringListType returns whether the type corresponds to a list of strings. +func isCELStringListType(t *exprpb.Type) bool { + switch t.GetTypeKind().(type) { + case *exprpb.Type_ListType_: + return isCELStringType(t.GetListType().GetElemType()) + } + return false +} + +// isCELStringListLiteral returns whether the expression resolves to a list literal +// containing only string constants or a placeholder call. +func isCELStringListLiteral(e *exprpb.Expr) bool { + switch e.GetExprKind().(type) { + case *exprpb.Expr_ListExpr: + list := e.GetListExpr() + for _, elem := range list.GetElements() { + if !isCELStringExpr(elem) { + return false + } + } + return true + } + return false +} + // Variables used for replacing Caddy placeholders in CEL // expressions with a proper CEL function call; this is // just for syntactic sugar. var ( - placeholderRegexp = regexp.MustCompile(`{([\w.-]+)}`) + placeholderRegexp = regexp.MustCompile(`{([a-zA-Z][\w.-]+)}`) placeholderExpansion = `caddyPlaceholder(request, "${1}")` + + CelTypeListString = decls.NewListType(decls.String) + CelTypeJson = decls.NewMapType(decls.String, decls.Dyn) ) var httpRequestObjectType = decls.NewObjectType("http.Request") diff --git a/modules/caddyhttp/celmatcher_test.go b/modules/caddyhttp/celmatcher_test.go index d71fc421..3604562b 100644 --- a/modules/caddyhttp/celmatcher_test.go +++ b/modules/caddyhttp/celmatcher_test.go @@ -19,12 +19,462 @@ import ( "crypto/tls" "crypto/x509" "encoding/pem" + "net/http" "net/http/httptest" "testing" "github.com/caddyserver/caddy/v2" ) +var ( + clientCert = []byte(`-----BEGIN CERTIFICATE----- +MIIB9jCCAV+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1DYWRk +eSBUZXN0IENBMB4XDTE4MDcyNDIxMzUwNVoXDTI4MDcyMTIxMzUwNVowHTEbMBkG +A1UEAwwSY2xpZW50LmxvY2FsZG9tYWluMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQDFDEpzF0ew68teT3xDzcUxVFaTII+jXH1ftHXxxP4BEYBU4q90qzeKFneF +z83I0nC0WAQ45ZwHfhLMYHFzHPdxr6+jkvKPASf0J2v2HDJuTM1bHBbik5Ls5eq+ +fVZDP8o/VHKSBKxNs8Goc2NTsr5b07QTIpkRStQK+RJALk4x9QIDAQABo0swSTAJ +BgNVHRMEAjAAMAsGA1UdDwQEAwIHgDAaBgNVHREEEzARgglsb2NhbGhvc3SHBH8A +AAEwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADgYEANSjz2Sk+ +eqp31wM9il1n+guTNyxJd+FzVAH+hCZE5K+tCgVDdVFUlDEHHbS/wqb2PSIoouLV +3Q9fgDkiUod+uIK0IynzIKvw+Cjg+3nx6NQ0IM0zo8c7v398RzB4apbXKZyeeqUH +9fNwfEi+OoXR6s+upSKobCmLGLGi9Na5s5g= +-----END CERTIFICATE-----`) + + matcherTests = []struct { + name string + expression *MatchExpression + urlTarget string + httpMethod string + httpHeader *http.Header + wantErr bool + wantResult bool + clientCertificate []byte + }{ + { + name: "boolean matches succeed for placeholder http.request.tls.client.subject", + expression: &MatchExpression{ + Expr: "{http.request.tls.client.subject} == 'CN=client.localdomain'", + }, + clientCertificate: clientCert, + urlTarget: "https://example.com/foo", + wantResult: true, + }, + { + name: "header matches (MatchHeader)", + expression: &MatchExpression{ + Expr: `header({'Field': 'foo'})`, + }, + urlTarget: "https://example.com/foo", + httpHeader: &http.Header{"Field": []string{"foo", "bar"}}, + wantResult: true, + }, + { + name: "header error (MatchHeader)", + expression: &MatchExpression{ + Expr: `header('foo')`, + }, + urlTarget: "https://example.com/foo", + httpHeader: &http.Header{"Field": []string{"foo", "bar"}}, + wantErr: true, + }, + { + name: "header_regexp matches (MatchHeaderRE)", + expression: &MatchExpression{ + Expr: `header_regexp('Field', 'fo{2}')`, + }, + urlTarget: "https://example.com/foo", + httpHeader: &http.Header{"Field": []string{"foo", "bar"}}, + wantResult: true, + }, + { + name: "header_regexp matches with name (MatchHeaderRE)", + expression: &MatchExpression{ + Expr: `header_regexp('foo', 'Field', 'fo{2}')`, + }, + urlTarget: "https://example.com/foo", + httpHeader: &http.Header{"Field": []string{"foo", "bar"}}, + wantResult: true, + }, + { + name: "header_regexp does not match (MatchHeaderRE)", + expression: &MatchExpression{ + Expr: `header_regexp('foo', 'Nope', 'fo{2}')`, + }, + urlTarget: "https://example.com/foo", + httpHeader: &http.Header{"Field": []string{"foo", "bar"}}, + wantResult: false, + }, + { + name: "header_regexp error (MatchHeaderRE)", + expression: &MatchExpression{ + Expr: `header_regexp('foo')`, + }, + urlTarget: "https://example.com/foo", + httpHeader: &http.Header{"Field": []string{"foo", "bar"}}, + wantErr: true, + }, + { + name: "host matches localhost (MatchHost)", + expression: &MatchExpression{ + Expr: `host('localhost')`, + }, + urlTarget: "http://localhost", + wantResult: true, + }, + { + name: "host matches (MatchHost)", + expression: &MatchExpression{ + Expr: `host('*.example.com')`, + }, + urlTarget: "https://foo.example.com", + wantResult: true, + }, + { + name: "host does not match (MatchHost)", + expression: &MatchExpression{ + Expr: `host('example.net', '*.example.com')`, + }, + urlTarget: "https://foo.example.org", + wantResult: false, + }, + { + name: "host error (MatchHost)", + expression: &MatchExpression{ + Expr: `host(80)`, + }, + urlTarget: "http://localhost:80", + wantErr: true, + }, + { + name: "method does not match (MatchMethod)", + expression: &MatchExpression{ + Expr: `method('PUT')`, + }, + urlTarget: "https://foo.example.com", + httpMethod: "GET", + wantResult: false, + }, + { + name: "method matches (MatchMethod)", + expression: &MatchExpression{ + Expr: `method('DELETE', 'PUT', 'POST')`, + }, + urlTarget: "https://foo.example.com", + httpMethod: "PUT", + wantResult: true, + }, + { + name: "method error not enough arguments (MatchMethod)", + expression: &MatchExpression{ + Expr: `method()`, + }, + urlTarget: "https://foo.example.com", + httpMethod: "PUT", + wantErr: true, + }, + { + name: "path matches substring (MatchPath)", + expression: &MatchExpression{ + Expr: `path('*substring*')`, + }, + urlTarget: "https://example.com/foo/substring/bar.txt", + wantResult: true, + }, + { + name: "path does not match (MatchPath)", + expression: &MatchExpression{ + Expr: `path('/foo')`, + }, + urlTarget: "https://example.com/foo/bar", + wantResult: false, + }, + { + name: "path matches end url fragment (MatchPath)", + expression: &MatchExpression{ + Expr: `path('/foo')`, + }, + urlTarget: "https://example.com/FOO", + wantResult: true, + }, + { + name: "path matches end fragment with substring prefix (MatchPath)", + expression: &MatchExpression{ + Expr: `path('/foo*')`, + }, + urlTarget: "https://example.com/FOOOOO", + wantResult: true, + }, + { + name: "path matches one of multiple (MatchPath)", + expression: &MatchExpression{ + Expr: `path('/foo', '/foo/*', '/bar', '/bar/*', '/baz', '/baz*')`, + }, + urlTarget: "https://example.com/foo", + wantResult: true, + }, + { + name: "path_regexp with empty regex matches empty path (MatchPathRE)", + expression: &MatchExpression{ + Expr: `path_regexp('')`, + }, + urlTarget: "https://example.com/", + wantResult: true, + }, + { + name: "path_regexp with slash regex matches empty path (MatchPathRE)", + expression: &MatchExpression{ + Expr: `path_regexp('/')`, + }, + urlTarget: "https://example.com/", + wantResult: true, + }, + { + name: "path_regexp matches end url fragment (MatchPathRE)", + expression: &MatchExpression{ + Expr: `path_regexp('^/foo')`, + }, + urlTarget: "https://example.com/foo/", + wantResult: true, + }, + { + name: "path_regexp does not match fragment at end (MatchPathRE)", + expression: &MatchExpression{ + Expr: `path_regexp('bar_at_start', '^/bar')`, + }, + urlTarget: "https://example.com/foo/bar", + wantResult: false, + }, + { + name: "protocol matches (MatchProtocol)", + expression: &MatchExpression{ + Expr: `protocol('HTTPs')`, + }, + urlTarget: "https://example.com", + wantResult: true, + }, + { + name: "protocol does not match (MatchProtocol)", + expression: &MatchExpression{ + Expr: `protocol('grpc')`, + }, + urlTarget: "https://example.com", + wantResult: false, + }, + { + name: "protocol invocation error no args (MatchProtocol)", + expression: &MatchExpression{ + Expr: `protocol()`, + }, + urlTarget: "https://example.com", + wantErr: true, + }, + { + name: "protocol invocation error too many args (MatchProtocol)", + expression: &MatchExpression{ + Expr: `protocol('grpc', 'https')`, + }, + urlTarget: "https://example.com", + wantErr: true, + }, + { + name: "protocol invocation error wrong arg type (MatchProtocol)", + expression: &MatchExpression{ + Expr: `protocol(true)`, + }, + urlTarget: "https://example.com", + wantErr: true, + }, + { + name: "query does not match against a specific value (MatchQuery)", + expression: &MatchExpression{ + Expr: `query({"debug": "1"})`, + }, + urlTarget: "https://example.com/foo", + wantResult: false, + }, + { + name: "query matches against a specific value (MatchQuery)", + expression: &MatchExpression{ + Expr: `query({"debug": "1"})`, + }, + urlTarget: "https://example.com/foo/?debug=1", + wantResult: true, + }, + { + name: "query matches against multiple values (MatchQuery)", + expression: &MatchExpression{ + Expr: `query({"debug": ["0", "1", {http.request.uri.query.debug}+"1"]})`, + }, + urlTarget: "https://example.com/foo/?debug=1", + wantResult: true, + }, + { + name: "query matches against a wildcard (MatchQuery)", + expression: &MatchExpression{ + Expr: `query({"debug": ["*"]})`, + }, + urlTarget: "https://example.com/foo/?debug=something", + wantResult: true, + }, + { + name: "query matches against a placeholder value (MatchQuery)", + expression: &MatchExpression{ + Expr: `query({"debug": {http.request.uri.query.debug}})`, + }, + urlTarget: "https://example.com/foo/?debug=1", + wantResult: true, + }, + { + name: "query error bad map key type (MatchQuery)", + expression: &MatchExpression{ + Expr: `query({1: "1"})`, + }, + urlTarget: "https://example.com/foo", + wantErr: true, + }, + { + name: "query error typed struct instead of map (MatchQuery)", + expression: &MatchExpression{ + Expr: `query(Message{field: "1"})`, + }, + urlTarget: "https://example.com/foo", + wantErr: true, + }, + { + name: "query error bad map value type (MatchQuery)", + expression: &MatchExpression{ + Expr: `query({"debug": 1})`, + }, + urlTarget: "https://example.com/foo/?debug=1", + wantErr: true, + }, + { + name: "query error no args (MatchQuery)", + expression: &MatchExpression{ + Expr: `query()`, + }, + urlTarget: "https://example.com/foo/?debug=1", + wantErr: true, + }, + { + name: "remote_ip error no args (MatchRemoteIP)", + expression: &MatchExpression{ + Expr: `remote_ip()`, + }, + urlTarget: "https://example.com/foo", + wantErr: true, + }, + { + name: "remote_ip single IP match (MatchRemoteIP)", + expression: &MatchExpression{ + Expr: `remote_ip('192.0.2.1')`, + }, + urlTarget: "https://example.com/foo", + wantResult: true, + }, + { + name: "remote_ip forwarded (MatchRemoteIP)", + expression: &MatchExpression{ + Expr: `remote_ip('forwarded', '192.0.2.1')`, + }, + urlTarget: "https://example.com/foo", + wantResult: true, + }, + { + name: "remote_ip forwarded not first (MatchRemoteIP)", + expression: &MatchExpression{ + Expr: `remote_ip('192.0.2.1', 'forwarded')`, + }, + urlTarget: "https://example.com/foo", + wantErr: true, + }, + } +) + +func TestMatchExpressionMatch(t *testing.T) { + for _, tst := range matcherTests { + tc := tst + t.Run(tc.name, func(t *testing.T) { + err := tc.expression.Provision(caddy.Context{}) + if err != nil { + if !tc.wantErr { + t.Errorf("MatchExpression.Provision() error = %v, wantErr %v", err, tc.wantErr) + } + return + } + + req := httptest.NewRequest(tc.httpMethod, tc.urlTarget, nil) + if tc.httpHeader != nil { + req.Header = *tc.httpHeader + } + repl := caddy.NewReplacer() + ctx := context.WithValue(req.Context(), caddy.ReplacerCtxKey, repl) + req = req.WithContext(ctx) + addHTTPVarsToReplacer(repl, req, httptest.NewRecorder()) + + if tc.clientCertificate != nil { + block, _ := pem.Decode(clientCert) + if block == nil { + t.Fatalf("failed to decode PEM certificate") + } + + cert, err := x509.ParseCertificate(block.Bytes) + if err != nil { + t.Fatalf("failed to decode PEM certificate: %v", err) + } + + req.TLS = &tls.ConnectionState{ + PeerCertificates: []*x509.Certificate{cert}, + } + } + + if tc.expression.Match(req) != tc.wantResult { + t.Errorf("MatchExpression.Match() expected to return '%t', for expression : '%s'", tc.wantResult, tc.expression.Expr) + } + }) + } +} + +func BenchmarkMatchExpressionMatch(b *testing.B) { + for _, tst := range matcherTests { + tc := tst + if tc.wantErr { + continue + } + b.Run(tst.name, func(b *testing.B) { + tc.expression.Provision(caddy.Context{}) + req := httptest.NewRequest(tc.httpMethod, tc.urlTarget, nil) + if tc.httpHeader != nil { + req.Header = *tc.httpHeader + } + repl := caddy.NewReplacer() + ctx := context.WithValue(req.Context(), caddy.ReplacerCtxKey, repl) + req = req.WithContext(ctx) + addHTTPVarsToReplacer(repl, req, httptest.NewRecorder()) + if tc.clientCertificate != nil { + block, _ := pem.Decode(clientCert) + if block == nil { + b.Fatalf("failed to decode PEM certificate") + } + + cert, err := x509.ParseCertificate(block.Bytes) + if err != nil { + b.Fatalf("failed to decode PEM certificate: %v", err) + } + + req.TLS = &tls.ConnectionState{ + PeerCertificates: []*x509.Certificate{cert}, + } + } + b.ResetTimer() + for i := 0; i < b.N; i++ { + tc.expression.Match(req) + } + }) + } +} + func TestMatchExpressionProvision(t *testing.T) { tests := []struct { name string @@ -54,71 +504,3 @@ func TestMatchExpressionProvision(t *testing.T) { }) } } - -func TestMatchExpressionMatch(t *testing.T) { - - clientCert := []byte(`-----BEGIN CERTIFICATE----- -MIIB9jCCAV+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1DYWRk -eSBUZXN0IENBMB4XDTE4MDcyNDIxMzUwNVoXDTI4MDcyMTIxMzUwNVowHTEbMBkG -A1UEAwwSY2xpZW50LmxvY2FsZG9tYWluMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB -iQKBgQDFDEpzF0ew68teT3xDzcUxVFaTII+jXH1ftHXxxP4BEYBU4q90qzeKFneF -z83I0nC0WAQ45ZwHfhLMYHFzHPdxr6+jkvKPASf0J2v2HDJuTM1bHBbik5Ls5eq+ -fVZDP8o/VHKSBKxNs8Goc2NTsr5b07QTIpkRStQK+RJALk4x9QIDAQABo0swSTAJ -BgNVHRMEAjAAMAsGA1UdDwQEAwIHgDAaBgNVHREEEzARgglsb2NhbGhvc3SHBH8A -AAEwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADgYEANSjz2Sk+ -eqp31wM9il1n+guTNyxJd+FzVAH+hCZE5K+tCgVDdVFUlDEHHbS/wqb2PSIoouLV -3Q9fgDkiUod+uIK0IynzIKvw+Cjg+3nx6NQ0IM0zo8c7v398RzB4apbXKZyeeqUH -9fNwfEi+OoXR6s+upSKobCmLGLGi9Na5s5g= ------END CERTIFICATE-----`) - - tests := []struct { - name string - expression *MatchExpression - wantErr bool - wantResult bool - clientCertificate []byte - }{ - { - name: "boolean matches succeed for placeholder http.request.tls.client.subject", - expression: &MatchExpression{ - Expr: "{http.request.tls.client.subject} == 'CN=client.localdomain'", - }, - clientCertificate: clientCert, - wantResult: true, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - if err := tt.expression.Provision(caddy.Context{}); (err != nil) != tt.wantErr { - t.Errorf("MatchExpression.Provision() error = %v, wantErr %v", err, tt.wantErr) - } - - req := httptest.NewRequest("GET", "https://example.com/foo", nil) - repl := caddy.NewReplacer() - ctx := context.WithValue(req.Context(), caddy.ReplacerCtxKey, repl) - req = req.WithContext(ctx) - addHTTPVarsToReplacer(repl, req, httptest.NewRecorder()) - - if tt.clientCertificate != nil { - block, _ := pem.Decode(clientCert) - if block == nil { - t.Fatalf("failed to decode PEM certificate") - } - - cert, err := x509.ParseCertificate(block.Bytes) - if err != nil { - t.Fatalf("failed to decode PEM certificate: %v", err) - } - - req.TLS = &tls.ConnectionState{ - PeerCertificates: []*x509.Certificate{cert}, - } - } - - if tt.expression.Match(req) != tt.wantResult { - t.Errorf("MatchExpression.Match() expected to return '%t', for expression : '%s'", tt.wantResult, tt.expression.Expr) - } - - }) - } -} diff --git a/modules/caddyhttp/fileserver/matcher.go b/modules/caddyhttp/fileserver/matcher.go index f8e9ce0f..4f3ffefa 100644 --- a/modules/caddyhttp/fileserver/matcher.go +++ b/modules/caddyhttp/fileserver/matcher.go @@ -26,6 +26,14 @@ import ( "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" "github.com/caddyserver/caddy/v2/modules/caddyhttp" + "github.com/google/cel-go/cel" + "github.com/google/cel-go/checker/decls" + "github.com/google/cel-go/common" + "github.com/google/cel-go/common/operators" + "github.com/google/cel-go/common/types/ref" + "github.com/google/cel-go/interpreter/functions" + "github.com/google/cel-go/parser" + exprpb "google.golang.org/genproto/googleapis/api/expr/v1alpha1" ) func init() { @@ -139,6 +147,110 @@ func (m *MatchFile) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return nil } +// CELLibrary produces options that expose this matcher for use in CEL +// expression matchers. +// +// Example: +// expression file({'root': '/srv', 'try_files': [{http.request.uri.path}, '/index.php'], 'try_policy': 'first_exist', 'split_path': ['.php']}) +func (MatchFile) CELLibrary(ctx caddy.Context) (cel.Library, error) { + requestType := decls.NewObjectType("http.Request") + envOptions := []cel.EnvOption{ + cel.Macros(parser.NewGlobalVarArgMacro("file", celFileMatcherMacroExpander())), + cel.Declarations( + decls.NewFunction("file", + decls.NewOverload("file_request_map", + []*exprpb.Type{requestType, caddyhttp.CelTypeJson}, + decls.Bool, + ), + ), + ), + } + + matcherFactory := func(data ref.Val) (caddyhttp.RequestMatcher, error) { + values, err := caddyhttp.CELValueToMapStrList(data) + if err != nil { + return nil, err + } + + var root string + if len(values["root"]) > 0 { + root = values["root"][0] + } + + var try_policy string + if len(values["try_policy"]) > 0 { + root = values["try_policy"][0] + } + + m := MatchFile{ + Root: root, + TryFiles: values["try_files"], + TryPolicy: try_policy, + SplitPath: values["split_path"], + } + + err = m.Provision(ctx) + return m, err + } + + programOptions := []cel.ProgramOption{ + cel.CustomDecorator(caddyhttp.CELMatcherDecorator("file_request_map", matcherFactory)), + cel.Functions( + &functions.Overload{ + Operator: "file_request_map", + Binary: caddyhttp.CELMatcherRuntimeFunction("file_request_map", matcherFactory), + }, + ), + } + + return caddyhttp.NewMatcherCELLibrary(envOptions, programOptions), nil +} + +func celFileMatcherMacroExpander() parser.MacroExpander { + return func(eh parser.ExprHelper, target *exprpb.Expr, args []*exprpb.Expr) (*exprpb.Expr, *common.Error) { + if len(args) == 0 { + return nil, &common.Error{ + Message: "matcher requires at least one argument", + } + } + if len(args) == 1 { + arg := args[0] + if isCELStringLiteral(arg) || isCELCaddyPlaceholderCall(arg) { + return eh.GlobalCall("file", + eh.Ident("request"), + eh.NewMap( + eh.NewMapEntry(eh.LiteralString("try_files"), eh.NewList(arg)), + ), + ), nil + } + if isCELTryFilesLiteral(arg) { + return eh.GlobalCall("file", eh.Ident("request"), arg), nil + } + return nil, &common.Error{ + Location: eh.OffsetLocation(arg.GetId()), + Message: "matcher requires either a map or string literal argument", + } + } + + for _, arg := range args { + if !(isCELStringLiteral(arg) || isCELCaddyPlaceholderCall(arg)) { + return nil, &common.Error{ + Location: eh.OffsetLocation(arg.GetId()), + Message: "matcher only supports repeated string literal arguments", + } + } + } + return eh.GlobalCall("file", + eh.Ident("request"), + eh.NewMap( + eh.NewMapEntry( + eh.LiteralString("try_files"), eh.NewList(args...), + ), + ), + ), nil + } +} + // Provision sets up m's defaults. func (m *MatchFile) Provision(_ caddy.Context) error { if m.Root == "" { @@ -359,6 +471,107 @@ func indexFold(haystack, needle string) int { return -1 } +// isCELMapLiteral returns whether the expression resolves to a map literal containing +// only string keys with or a placeholder call. +func isCELTryFilesLiteral(e *exprpb.Expr) bool { + switch e.GetExprKind().(type) { + case *exprpb.Expr_StructExpr: + structExpr := e.GetStructExpr() + if structExpr.GetMessageName() != "" { + return false + } + for _, entry := range structExpr.GetEntries() { + mapKey := entry.GetMapKey() + mapVal := entry.GetValue() + if !isCELStringLiteral(mapKey) { + return false + } + mapKeyStr := mapKey.GetConstExpr().GetStringValue() + if mapKeyStr == "try_files" || mapKeyStr == "split_path" { + if !isCELStringListLiteral(mapVal) { + return false + } + } else if mapKeyStr == "try_policy" || mapKeyStr == "root" { + if !(isCELStringExpr(mapVal)) { + return false + } + } else { + return false + } + } + return true + } + return false +} + +// isCELStringExpr indicates whether the expression is a supported string expression +func isCELStringExpr(e *exprpb.Expr) bool { + return isCELStringLiteral(e) || isCELCaddyPlaceholderCall(e) || isCELConcatCall(e) +} + +// isCELStringLiteral returns whether the expression is a CEL string literal. +func isCELStringLiteral(e *exprpb.Expr) bool { + switch e.GetExprKind().(type) { + case *exprpb.Expr_ConstExpr: + constant := e.GetConstExpr() + switch constant.GetConstantKind().(type) { + case *exprpb.Constant_StringValue: + return true + } + } + return false +} + +// isCELCaddyPlaceholderCall returns whether the expression is a caddy placeholder call. +func isCELCaddyPlaceholderCall(e *exprpb.Expr) bool { + switch e.GetExprKind().(type) { + case *exprpb.Expr_CallExpr: + call := e.GetCallExpr() + if call.GetFunction() == "caddyPlaceholder" { + return true + } + } + return false +} + +// isCELConcatCall tests whether the expression is a concat function (+) with string, placeholder, or +// other concat call arguments. +func isCELConcatCall(e *exprpb.Expr) bool { + switch e.GetExprKind().(type) { + case *exprpb.Expr_CallExpr: + call := e.GetCallExpr() + if call.GetTarget() != nil { + return false + } + if call.GetFunction() != operators.Add { + return false + } + for _, arg := range call.GetArgs() { + if !isCELStringExpr(arg) { + return false + } + } + return true + } + return false +} + +// isCELStringListLiteral returns whether the expression resolves to a list literal +// containing only string constants or a placeholder call. +func isCELStringListLiteral(e *exprpb.Expr) bool { + switch e.GetExprKind().(type) { + case *exprpb.Expr_ListExpr: + list := e.GetListExpr() + for _, elem := range list.GetElements() { + if !isCELStringExpr(elem) { + return false + } + } + return true + } + return false +} + const ( tryPolicyFirstExist = "first_exist" tryPolicyLargestSize = "largest_size" @@ -368,6 +581,7 @@ const ( // Interface guards var ( - _ caddy.Validator = (*MatchFile)(nil) - _ caddyhttp.RequestMatcher = (*MatchFile)(nil) + _ caddy.Validator = (*MatchFile)(nil) + _ caddyhttp.RequestMatcher = (*MatchFile)(nil) + _ caddyhttp.CELLibraryProducer = (*MatchFile)(nil) ) diff --git a/modules/caddyhttp/fileserver/matcher_test.go b/modules/caddyhttp/fileserver/matcher_test.go index 5b6078ad..fd109e65 100644 --- a/modules/caddyhttp/fileserver/matcher_test.go +++ b/modules/caddyhttp/fileserver/matcher_test.go @@ -15,12 +15,15 @@ package fileserver import ( + "context" "net/http" + "net/http/httptest" "net/url" "os" "runtime" "testing" + "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/modules/caddyhttp" ) @@ -259,3 +262,109 @@ func TestFirstSplit(t *testing.T) { t.Errorf("Expected remainder %s but got %s", expectedRemainder, remainder) } } + +var ( + expressionTests = []struct { + name string + expression *caddyhttp.MatchExpression + urlTarget string + httpMethod string + httpHeader *http.Header + wantErr bool + wantResult bool + clientCertificate []byte + }{ + { + name: "file error no args (MatchFile)", + expression: &caddyhttp.MatchExpression{ + Expr: `file()`, + }, + urlTarget: "https://example.com/foo", + wantErr: true, + }, + { + name: "file error bad try files (MatchFile)", + expression: &caddyhttp.MatchExpression{ + Expr: `file({"try_file": ["bad_arg"]})`, + }, + urlTarget: "https://example.com/foo", + wantErr: true, + }, + { + name: "file match short pattern index.php (MatchFile)", + expression: &caddyhttp.MatchExpression{ + Expr: `file("index.php")`, + }, + urlTarget: "https://example.com/foo", + wantResult: true, + }, + { + name: "file match short pattern foo.txt (MatchFile)", + expression: &caddyhttp.MatchExpression{ + Expr: `file({http.request.uri.path})`, + }, + urlTarget: "https://example.com/foo.txt", + wantResult: true, + }, + { + name: "file match index.php (MatchFile)", + expression: &caddyhttp.MatchExpression{ + Expr: `file({"root": "./testdata", "try_files": [{http.request.uri.path}, "/index.php"]})`, + }, + urlTarget: "https://example.com/foo", + wantResult: true, + }, + { + name: "file match long pattern foo.txt (MatchFile)", + expression: &caddyhttp.MatchExpression{ + Expr: `file({"root": "./testdata", "try_files": [{http.request.uri.path}]})`, + }, + urlTarget: "https://example.com/foo.txt", + wantResult: true, + }, + { + name: "file match long pattern foo.txt with concatenation (MatchFile)", + expression: &caddyhttp.MatchExpression{ + Expr: `file({"root": ".", "try_files": ["./testdata" + {http.request.uri.path}]})`, + }, + urlTarget: "https://example.com/foo.txt", + wantResult: true, + }, + { + name: "file not match long pattern (MatchFile)", + expression: &caddyhttp.MatchExpression{ + Expr: `file({"root": "./testdata", "try_files": [{http.request.uri.path}]})`, + }, + urlTarget: "https://example.com/nopenope.txt", + wantResult: false, + }, + } +) + +func TestMatchExpressionMatch(t *testing.T) { + for _, tst := range expressionTests { + tc := tst + t.Run(tc.name, func(t *testing.T) { + err := tc.expression.Provision(caddy.Context{}) + if err != nil { + if !tc.wantErr { + t.Errorf("MatchExpression.Provision() error = %v, wantErr %v", err, tc.wantErr) + } + return + } + + req := httptest.NewRequest(tc.httpMethod, tc.urlTarget, nil) + if tc.httpHeader != nil { + req.Header = *tc.httpHeader + } + repl := caddyhttp.NewTestReplacer(req) + repl.Set("http.vars.root", "./testdata") + ctx := context.WithValue(req.Context(), caddy.ReplacerCtxKey, repl) + req = req.WithContext(ctx) + + if tc.expression.Match(req) != tc.wantResult { + t.Errorf("MatchExpression.Match() expected to return '%t', for expression : '%s'", tc.wantResult, tc.expression.Expr) + } + }) + } +} diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index f8953ef5..268b936b 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -16,6 +16,7 @@ package caddyhttp import ( "encoding/json" + "errors" "fmt" "net" "net/http" @@ -23,6 +24,7 @@ import ( "net/url" "path" "path/filepath" + "reflect" "regexp" "sort" "strconv" @@ -30,7 +32,12 @@ import ( "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" + "github.com/google/cel-go/cel" + "github.com/google/cel-go/checker/decls" + "github.com/google/cel-go/common/types" + "github.com/google/cel-go/common/types/ref" "go.uber.org/zap" + exprpb "google.golang.org/genproto/googleapis/api/expr/v1alpha1" ) type ( @@ -291,6 +298,29 @@ outer: return false } +// CELLibrary produces options that expose this matcher for use in CEL +// expression matchers. +// +// Example: +// expression host('localhost') +func (MatchHost) CELLibrary(ctx caddy.Context) (cel.Library, error) { + return CELMatcherImpl( + "host", + "host_match_request_list", + []*exprpb.Type{CelTypeListString}, + func(data ref.Val) (RequestMatcher, error) { + refStringList := reflect.TypeOf([]string{}) + strList, err := data.ConvertToNative(refStringList) + if err != nil { + return nil, err + } + matcher := MatchHost(strList.([]string)) + err = matcher.Provision(ctx) + return matcher, err + }, + ) +} + // fuzzy returns true if the given hostname h is not a specific // hostname, e.g. has placeholders or wildcards. func (MatchHost) fuzzy(h string) bool { return strings.ContainsAny(h, "{*") } @@ -396,6 +426,33 @@ func (m MatchPath) Match(r *http.Request) bool { return false } +// CELLibrary produces options that expose this matcher for use in CEL +// expression matchers. +// +// Example: +// expression path('*substring*', '*suffix') +func (MatchPath) CELLibrary(ctx caddy.Context) (cel.Library, error) { + return CELMatcherImpl( + // name of the macro, this is the function name that users see when writing expressions. + "path", + // name of the function that the macro will be rewritten to call. + "path_match_request_list", + // internal data type of the MatchPath value. + []*exprpb.Type{CelTypeListString}, + // function to convert a constant list of strings to a MatchPath instance. + func(data ref.Val) (RequestMatcher, error) { + refStringList := reflect.TypeOf([]string{}) + strList, err := data.ConvertToNative(refStringList) + if err != nil { + return nil, err + } + matcher := MatchPath(strList.([]string)) + err = matcher.Provision(ctx) + return matcher, err + }, + ) +} + // UnmarshalCaddyfile implements caddyfile.Unmarshaler. func (m *MatchPath) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { for d.Next() { @@ -440,6 +497,50 @@ func (m MatchPathRE) Match(r *http.Request) bool { return m.MatchRegexp.Match(cleanedPath, repl) } +// CELLibrary produces options that expose this matcher for use in CEL +// expression matchers. +// +// Example: +// expression path_regexp('^/bar') +func (MatchPathRE) CELLibrary(ctx caddy.Context) (cel.Library, error) { + unnamedPattern, err := CELMatcherImpl( + "path_regexp", + "path_regexp_request_string", + []*exprpb.Type{decls.String}, + func(data ref.Val) (RequestMatcher, error) { + pattern := data.(types.String) + matcher := MatchPathRE{MatchRegexp{Pattern: string(pattern)}} + err := matcher.Provision(ctx) + return matcher, err + }, + ) + if err != nil { + return nil, err + } + namedPattern, err := CELMatcherImpl( + "path_regexp", + "path_regexp_request_string_string", + []*exprpb.Type{decls.String, decls.String}, + func(data ref.Val) (RequestMatcher, error) { + refStringList := reflect.TypeOf([]string{}) + params, err := data.ConvertToNative(refStringList) + if err != nil { + return nil, err + } + strParams := params.([]string) + matcher := MatchPathRE{MatchRegexp{Name: strParams[0], Pattern: strParams[1]}} + err = matcher.Provision(ctx) + return matcher, err + }, + ) + if err != nil { + return nil, err + } + envOpts := append(unnamedPattern.CompileOptions(), namedPattern.CompileOptions()...) + prgOpts := append(unnamedPattern.ProgramOptions(), namedPattern.ProgramOptions()...) + return NewMatcherCELLibrary(envOpts, prgOpts), nil +} + // CaddyModule returns the Caddy module information. func (MatchMethod) CaddyModule() caddy.ModuleInfo { return caddy.ModuleInfo{ @@ -469,6 +570,27 @@ func (m MatchMethod) Match(r *http.Request) bool { return false } +// CELLibrary produces options that expose this matcher for use in CEL +// expression matchers. +// +// Example: +// expression method('PUT', 'POST') +func (MatchMethod) CELLibrary(_ caddy.Context) (cel.Library, error) { + return CELMatcherImpl( + "method", + "method_request_list", + []*exprpb.Type{CelTypeListString}, + func(data ref.Val) (RequestMatcher, error) { + refStringList := reflect.TypeOf([]string{}) + strList, err := data.ConvertToNative(refStringList) + if err != nil { + return nil, err + } + return MatchMethod(strList.([]string)), nil + }, + ) +} + // CaddyModule returns the Caddy module information. func (MatchQuery) CaddyModule() caddy.ModuleInfo { return caddy.ModuleInfo{ @@ -518,6 +640,26 @@ func (m MatchQuery) Match(r *http.Request) bool { return len(m) == 0 && len(r.URL.Query()) == 0 } +// CELLibrary produces options that expose this matcher for use in CEL +// expression matchers. +// +// Example: +// expression query({'sort': 'asc'}) || query({'foo': ['*bar*', 'baz']}) +func (MatchQuery) CELLibrary(_ caddy.Context) (cel.Library, error) { + return CELMatcherImpl( + "query", + "query_matcher_request_map", + []*exprpb.Type{CelTypeJson}, + func(data ref.Val) (RequestMatcher, error) { + mapStrListStr, err := CELValueToMapStrList(data) + if err != nil { + return nil, err + } + return MatchQuery(url.Values(mapStrListStr)), nil + }, + ) +} + // CaddyModule returns the Caddy module information. func (MatchHeader) CaddyModule() caddy.ModuleInfo { return caddy.ModuleInfo{ @@ -573,6 +715,27 @@ func (m MatchHeader) Match(r *http.Request) bool { return matchHeaders(r.Header, http.Header(m), r.Host, repl) } +// CELLibrary produces options that expose this matcher for use in CEL +// expression matchers. +// +// Example: +// expression header({'content-type': 'image/png'}) +// expression header({'foo': ['bar', 'baz']}) // match bar or baz +func (MatchHeader) CELLibrary(_ caddy.Context) (cel.Library, error) { + return CELMatcherImpl( + "header", + "header_matcher_request_map", + []*exprpb.Type{CelTypeJson}, + func(data ref.Val) (RequestMatcher, error) { + mapStrListStr, err := CELValueToMapStrList(data) + if err != nil { + return nil, err + } + return MatchHeader(http.Header(mapStrListStr)), nil + }, + ) +} + // getHeaderFieldVals returns the field values for the given fieldName from input. // The host parameter should be obtained from the http.Request.Host field since // net/http removes it from the header map. @@ -710,6 +873,57 @@ func (m MatchHeaderRE) Validate() error { return nil } +// CELLibrary produces options that expose this matcher for use in CEL +// expression matchers. +// +// Example: +// expression header_regexp('foo', 'Field', 'fo+') +func (MatchHeaderRE) CELLibrary(ctx caddy.Context) (cel.Library, error) { + unnamedPattern, err := CELMatcherImpl( + "header_regexp", + "header_regexp_request_string_string", + []*exprpb.Type{decls.String, decls.String}, + func(data ref.Val) (RequestMatcher, error) { + refStringList := reflect.TypeOf([]string{}) + params, err := data.ConvertToNative(refStringList) + if err != nil { + return nil, err + } + strParams := params.([]string) + matcher := MatchHeaderRE{} + matcher[strParams[0]] = &MatchRegexp{Pattern: strParams[1], Name: ""} + err = matcher.Provision(ctx) + return matcher, err + }, + ) + if err != nil { + return nil, err + } + namedPattern, err := CELMatcherImpl( + "header_regexp", + "header_regexp_request_string_string_string", + []*exprpb.Type{decls.String, decls.String, decls.String}, + func(data ref.Val) (RequestMatcher, error) { + refStringList := reflect.TypeOf([]string{}) + params, err := data.ConvertToNative(refStringList) + if err != nil { + return nil, err + } + strParams := params.([]string) + matcher := MatchHeaderRE{} + matcher[strParams[1]] = &MatchRegexp{Pattern: strParams[2], Name: strParams[0]} + err = matcher.Provision(ctx) + return matcher, err + }, + ) + if err != nil { + return nil, err + } + envOpts := append(unnamedPattern.CompileOptions(), namedPattern.CompileOptions()...) + prgOpts := append(unnamedPattern.ProgramOptions(), namedPattern.ProgramOptions()...) + return NewMatcherCELLibrary(envOpts, prgOpts), nil +} + // CaddyModule returns the Caddy module information. func (MatchProtocol) CaddyModule() caddy.ModuleInfo { return caddy.ModuleInfo{ @@ -743,6 +957,26 @@ func (m *MatchProtocol) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return nil } +// CELLibrary produces options that expose this matcher for use in CEL +// expression matchers. +// +// Example: +// expression protocol('https') +func (MatchProtocol) CELLibrary(_ caddy.Context) (cel.Library, error) { + return CELMatcherImpl( + "protocol", + "protocol_request_string", + []*exprpb.Type{decls.String}, + func(data ref.Val) (RequestMatcher, error) { + protocolStr, ok := data.(types.String) + if !ok { + return nil, errors.New("protocol argument was not a string") + } + return MatchProtocol(strings.ToLower(string(protocolStr))), nil + }, + ) +} + // CaddyModule returns the Caddy module information. func (MatchNot) CaddyModule() caddy.ModuleInfo { return caddy.ModuleInfo{ @@ -887,6 +1121,46 @@ func (m *MatchRemoteIP) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return nil } +// CELLibrary produces options that expose this matcher for use in CEL +// expression matchers. +// +// Example: +// expression remote_ip('forwarded', '192.168.0.0/16', '172.16.0.0/12', '10.0.0.0/8') +func (MatchRemoteIP) CELLibrary(ctx caddy.Context) (cel.Library, error) { + return CELMatcherImpl( + // name of the macro, this is the function name that users see when writing expressions. + "remote_ip", + // name of the function that the macro will be rewritten to call. + "remote_ip_match_request_list", + // internal data type of the MatchPath value. + []*exprpb.Type{CelTypeListString}, + // function to convert a constant list of strings to a MatchPath instance. + func(data ref.Val) (RequestMatcher, error) { + refStringList := reflect.TypeOf([]string{}) + strList, err := data.ConvertToNative(refStringList) + if err != nil { + return nil, err + } + + m := MatchRemoteIP{} + + for _, input := range strList.([]string) { + if input == "forwarded" { + if len(m.Ranges) > 0 { + return nil, errors.New("if used, 'forwarded' must be first argument") + } + m.Forwarded = true + continue + } + m.Ranges = append(m.Ranges, input) + } + + err = m.Provision(ctx) + return m, err + }, + ) +} + // Provision parses m's IP ranges, either from IP or CIDR expressions. func (m *MatchRemoteIP) Provision(ctx caddy.Context) error { m.logger = ctx.Logger(m) @@ -1062,7 +1336,9 @@ func (mre *MatchRegexp) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return nil } -var wordRE = regexp.MustCompile(`\w+`) +var ( + wordRE = regexp.MustCompile(`\w+`) +) const regexpPlaceholderPrefix = "http.regexp" @@ -1103,6 +1379,18 @@ var ( _ caddyfile.Unmarshaler = (*VarsMatcher)(nil) _ caddyfile.Unmarshaler = (*MatchVarsRE)(nil) + _ CELLibraryProducer = (*MatchHost)(nil) + _ CELLibraryProducer = (*MatchPath)(nil) + _ CELLibraryProducer = (*MatchPathRE)(nil) + _ CELLibraryProducer = (*MatchMethod)(nil) + _ CELLibraryProducer = (*MatchQuery)(nil) + _ CELLibraryProducer = (*MatchHeader)(nil) + _ CELLibraryProducer = (*MatchHeaderRE)(nil) + _ CELLibraryProducer = (*MatchProtocol)(nil) + _ CELLibraryProducer = (*MatchRemoteIP)(nil) + // _ CELLibraryProducer = (*VarsMatcher)(nil) + // _ CELLibraryProducer = (*MatchVarsRE)(nil) + _ json.Marshaler = (*MatchNot)(nil) _ json.Unmarshaler = (*MatchNot)(nil) ) From 58e05cab155643c6543892855f373ea8755eb094 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 28 Jun 2022 21:23:30 -0400 Subject: [PATCH 0675/1498] forwardauth: Fix case when `copy_headers` is omitted (#4856) See https://caddy.community/t/using-forward-auth-and-writing-my-own-authenticator-in-php/16410, apparently it didn't work when `copy_headers` wasn't used. This is because we were skipping adding a handler to the routes in the "good response handler", but this causes the logic in `reverseproxy.go` to ignore the response handler since it's empty. Instead, we can just always put in the `header` handler, even with an empty `Set` operation, it's just a no-op, but it fixes that condition in the proxy code. --- .../reverseproxy/forwardauth/caddyfile.go | 48 ++++++++++--------- 1 file changed, 25 insertions(+), 23 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/forwardauth/caddyfile.go b/modules/caddyhttp/reverseproxy/forwardauth/caddyfile.go index 8230216c..a0b1f421 100644 --- a/modules/caddyhttp/reverseproxy/forwardauth/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/forwardauth/caddyfile.go @@ -185,32 +185,34 @@ func parseCaddyfile(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error) }, Routes: []caddyhttp.Route{}, } - if len(headersToCopy) > 0 { - handler := &headers.Handler{ - Request: &headers.HeaderOps{ - Set: http.Header{}, - }, - } - for from, to := range headersToCopy { - handler.Request.Set[to] = []string{ - "{http.reverse_proxy.header." + from + "}", - } - } - - goodResponseHandler.Routes = append( - goodResponseHandler.Routes, - caddyhttp.Route{ - HandlersRaw: []json.RawMessage{caddyconfig.JSONModuleObject( - handler, - "handler", - "headers", - nil, - )}, - }, - ) + handler := &headers.Handler{ + Request: &headers.HeaderOps{ + Set: http.Header{}, + }, } + // the list of headers to copy may be empty, but that's okay; we + // need at least one handler in the routes for the response handling + // logic in reverse_proxy to not skip this entry as empty. + for from, to := range headersToCopy { + handler.Request.Set[to] = []string{ + "{http.reverse_proxy.header." + from + "}", + } + } + + goodResponseHandler.Routes = append( + goodResponseHandler.Routes, + caddyhttp.Route{ + HandlersRaw: []json.RawMessage{caddyconfig.JSONModuleObject( + handler, + "handler", + "headers", + nil, + )}, + }, + ) + // note that when a response has any other status than 2xx, then we // use the reverse proxy's default behaviour of copying the response // back to the client, so we don't need to explicitly add a response From 660c59b6f3c138ce1a143ea864225ba177005e8e Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Tue, 28 Jun 2022 22:43:57 -0600 Subject: [PATCH 0676/1498] admin: Implement /adapt endpoint (close #4465) (#4846) --- caddyconfig/load.go | 47 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 46 insertions(+), 1 deletion(-) diff --git a/caddyconfig/load.go b/caddyconfig/load.go index 7a390d0b..78aaba2b 100644 --- a/caddyconfig/load.go +++ b/caddyconfig/load.go @@ -58,6 +58,10 @@ func (al adminLoad) Routes() []caddy.AdminRoute { Pattern: "/load", Handler: caddy.AdminHandlerFunc(al.handleLoad), }, + { + Pattern: "/adapt", + Handler: caddy.AdminHandlerFunc(al.handleAdapt), + }, } } @@ -122,7 +126,48 @@ func (adminLoad) handleLoad(w http.ResponseWriter, r *http.Request) error { return nil } -// adaptByContentType adapts body to Caddy JSON using the adapter specified by contenType. +// handleAdapt adapts the given Caddy config to JSON and responds with the result. +func (adminLoad) handleAdapt(w http.ResponseWriter, r *http.Request) error { + if r.Method != http.MethodPost { + return caddy.APIError{ + HTTPStatus: http.StatusMethodNotAllowed, + Err: fmt.Errorf("method not allowed"), + } + } + + buf := bufPool.Get().(*bytes.Buffer) + buf.Reset() + defer bufPool.Put(buf) + + _, err := io.Copy(buf, r.Body) + if err != nil { + return caddy.APIError{ + HTTPStatus: http.StatusBadRequest, + Err: fmt.Errorf("reading request body: %v", err), + } + } + + result, warnings, err := adaptByContentType(r.Header.Get("Content-Type"), buf.Bytes()) + if err != nil { + return caddy.APIError{ + HTTPStatus: http.StatusBadRequest, + Err: err, + } + } + + out := struct { + Warnings []Warning `json:"warnings,omitempty"` + Result json.RawMessage `json:"result"` + }{ + Warnings: warnings, + Result: result, + } + + w.Header().Set("Content-Type", "application/json") + return json.NewEncoder(w).Encode(out) +} + +// adaptByContentType adapts body to Caddy JSON using the adapter specified by contentType. // If contentType is empty or ends with "/json", the input will be returned, as a no-op. func adaptByContentType(contentType string, body []byte) ([]byte, []Warning, error) { // assume JSON as the default From 412dcc07d3201561302bc20b6200d893aee69657 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Tue, 5 Jul 2022 18:12:25 -0600 Subject: [PATCH 0677/1498] caddytls: Reuse issuer between PreCheck and Issue (#4866) This enables EAB reuse for ZeroSSLIssuer (which is now supported by ZeroSSL). --- modules/caddytls/acmeissuer.go | 19 +++++++++---------- modules/caddytls/tls.go | 2 +- modules/caddytls/zerosslissuer.go | 4 ++-- 3 files changed, 12 insertions(+), 13 deletions(-) diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go index 09b31bf1..9552d6f6 100644 --- a/modules/caddytls/acmeissuer.go +++ b/modules/caddytls/acmeissuer.go @@ -85,9 +85,11 @@ type ACMEIssuer struct { PreferredChains *ChainPreference `json:"preferred_chains,omitempty"` rootPool *x509.CertPool - template certmagic.ACMEIssuer - magic *certmagic.Config logger *zap.Logger + + template certmagic.ACMEIssuer // set at Provision + magic *certmagic.Config // set at PreCheck + issuer *certmagic.ACMEIssuer // set at PreCheck; result of template + magic } // CaddyModule returns the Caddy module information. @@ -217,30 +219,27 @@ func (iss *ACMEIssuer) makeIssuerTemplate() (certmagic.ACMEIssuer, error) { // the ConfigSetter interface. func (iss *ACMEIssuer) SetConfig(cfg *certmagic.Config) { iss.magic = cfg + iss.issuer = certmagic.NewACMEIssuer(cfg, iss.template) } -// TODO: I kind of hate how each call to these methods needs to -// make a new ACME manager to fill in defaults before using; can -// we find the right place to do that just once and then re-use? - // PreCheck implements the certmagic.PreChecker interface. func (iss *ACMEIssuer) PreCheck(ctx context.Context, names []string, interactive bool) error { - return certmagic.NewACMEIssuer(iss.magic, iss.template).PreCheck(ctx, names, interactive) + return iss.issuer.PreCheck(ctx, names, interactive) } // Issue obtains a certificate for the given csr. func (iss *ACMEIssuer) Issue(ctx context.Context, csr *x509.CertificateRequest) (*certmagic.IssuedCertificate, error) { - return certmagic.NewACMEIssuer(iss.magic, iss.template).Issue(ctx, csr) + return iss.issuer.Issue(ctx, csr) } // IssuerKey returns the unique issuer key for the configured CA endpoint. func (iss *ACMEIssuer) IssuerKey() string { - return certmagic.NewACMEIssuer(iss.magic, iss.template).IssuerKey() + return iss.issuer.IssuerKey() } // Revoke revokes the given certificate. func (iss *ACMEIssuer) Revoke(ctx context.Context, cert certmagic.CertificateResource, reason int) error { - return certmagic.NewACMEIssuer(iss.magic, iss.template).Revoke(ctx, cert, reason) + return iss.issuer.Revoke(ctx, cert, reason) } // GetACMEIssuer returns iss. This is useful when other types embed ACMEIssuer, because diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go index 9fe30fe3..429b24c9 100644 --- a/modules/caddytls/tls.go +++ b/modules/caddytls/tls.go @@ -336,7 +336,7 @@ func (t *TLS) HandleHTTPChallenge(w http.ResponseWriter, r *http.Request) bool { for _, iss := range ap.magic.Issuers { if am, ok := iss.(acmeCapable); ok { iss := am.GetACMEIssuer() - if certmagic.NewACMEIssuer(iss.magic, iss.template).HandleHTTPChallenge(w, r) { + if iss.issuer.HandleHTTPChallenge(w, r) { return true } } diff --git a/modules/caddytls/zerosslissuer.go b/modules/caddytls/zerosslissuer.go index a75063bc..a051ed47 100644 --- a/modules/caddytls/zerosslissuer.go +++ b/modules/caddytls/zerosslissuer.go @@ -162,8 +162,8 @@ func (iss *ZeroSSLIssuer) generateEABCredentials(ctx context.Context, acct acme. func (iss *ZeroSSLIssuer) initialize() { iss.mu.Lock() defer iss.mu.Unlock() - if iss.template.NewAccountFunc == nil { - iss.template.NewAccountFunc = iss.newAccountCallback + if iss.ACMEIssuer.issuer.NewAccountFunc == nil { + iss.ACMEIssuer.issuer.NewAccountFunc = iss.newAccountCallback } } From 8bac134f26874b25aa22f8fee325a05d39157a4c Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 6 Jul 2022 14:14:32 -0400 Subject: [PATCH 0678/1498] go.mod: Bump up quic-go to v0.28.0, fixes for BC breaks (#4867) --- go.mod | 7 ++++--- go.sum | 12 ++++++++---- modules/caddyhttp/app.go | 10 ++++------ 3 files changed, 16 insertions(+), 13 deletions(-) diff --git a/go.mod b/go.mod index 077e8343..814d1359 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/google/uuid v1.3.0 github.com/klauspost/compress v1.15.6 github.com/klauspost/cpuid/v2 v2.0.13 - github.com/lucas-clemente/quic-go v0.27.2 + github.com/lucas-clemente/quic-go v0.28.0 github.com/mholt/acmez v1.0.2 github.com/prometheus/client_golang v1.12.1 github.com/smallstep/certificates v0.19.0 @@ -30,7 +30,7 @@ require ( go.opentelemetry.io/otel/sdk v1.4.0 go.uber.org/zap v1.21.0 golang.org/x/crypto v0.0.0-20220210151621-f4118a5b28e2 - golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd + golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 google.golang.org/protobuf v1.28.0 @@ -83,6 +83,7 @@ require ( github.com/marten-seemann/qtls-go1-16 v0.1.5 // indirect github.com/marten-seemann/qtls-go1-17 v0.1.2 // indirect github.com/marten-seemann/qtls-go1-18 v0.1.2 // indirect + github.com/marten-seemann/qtls-go1-19 v0.1.0-beta.1 // indirect github.com/mattn/go-colorable v0.1.8 // indirect github.com/mattn/go-isatty v0.0.13 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect @@ -121,7 +122,7 @@ require ( go.uber.org/atomic v1.9.0 // indirect go.uber.org/multierr v1.6.0 // indirect golang.org/x/mod v0.4.2 // indirect - golang.org/x/sys v0.0.0-20220209214540-3681064d5158 // indirect + golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a // indirect golang.org/x/text v0.3.8-0.20211004125949-5bd84dd9b33b // indirect golang.org/x/tools v0.1.7 // indirect golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect diff --git a/go.sum b/go.sum index 56ae7cab..086df08c 100644 --- a/go.sum +++ b/go.sum @@ -722,8 +722,8 @@ github.com/libdns/libdns v0.2.1 h1:Wu59T7wSHRgtA0cfxC+n1c/e+O3upJGWytknkmFEDis= github.com/libdns/libdns v0.2.1/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40= github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= -github.com/lucas-clemente/quic-go v0.27.2 h1:zsMwwniyybb8B/UDNXRSYee7WpQJVOcjQEGgpw2ikXs= -github.com/lucas-clemente/quic-go v0.27.2/go.mod h1:vXgO/11FBSKM+js1NxoaQ/bPtVFYfB7uxhfHXyMhl1A= +github.com/lucas-clemente/quic-go v0.28.0 h1:9eXVRgIkMQQyiyorz/dAaOYIx3TFzXsIFkNFz4cxuJM= +github.com/lucas-clemente/quic-go v0.28.0/go.mod h1:oGz5DKK41cJt5+773+BSO9BXDsREY4HLf7+0odGAPO0= github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/lxn/walk v0.0.0-20210112085537-c389da54e794/go.mod h1:E23UucZGqpuUANJooIbHWCufXvOcT6E7Stq81gU+CSQ= github.com/lxn/win v0.0.0-20210218163916-a377121e959e/go.mod h1:KxxjdtRkfNoYDCUP5ryK7XJJNTnpC8atvtmTheChOtk= @@ -741,6 +741,8 @@ github.com/marten-seemann/qtls-go1-17 v0.1.2 h1:JADBlm0LYiVbuSySCHeY863dNkcpMmDR github.com/marten-seemann/qtls-go1-17 v0.1.2/go.mod h1:C2ekUKcDdz9SDWxec1N/MvcXBpaX9l3Nx67XaR84L5s= github.com/marten-seemann/qtls-go1-18 v0.1.2 h1:JH6jmzbduz0ITVQ7ShevK10Av5+jBEKAHMntXmIV7kM= github.com/marten-seemann/qtls-go1-18 v0.1.2/go.mod h1:mJttiymBAByA49mhlNZZGrH5u1uXYZJ+RW28Py7f4m4= +github.com/marten-seemann/qtls-go1-19 v0.1.0-beta.1 h1:7m/WlWcSROrcK5NxuXaxYD32BZqe/LEEnBrWcH/cOqQ= +github.com/marten-seemann/qtls-go1-19 v0.1.0-beta.1/go.mod h1:5HTDWtVudo/WFsHKRNuOhWlbdjrfs5JHrYb0wIJqGpI= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ= github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= @@ -1365,8 +1367,9 @@ golang.org/x/net v0.0.0-20210913180222-943fd674d43e/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20211020060615-d418f374d309/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e h1:TsQ7F31D3bUCLeqPT0u+yjp1guoArKaNKmCr22PYgTQ= +golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181106182150-f42d05182288/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -1508,8 +1511,9 @@ golang.org/x/sys v0.0.0-20211210111614-af8b64212486/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220209214540-3681064d5158 h1:rm+CHSpPEEW2IsXUib1ThaHIjuBVZjxNgSKmBLFfD4c= golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a h1:dGzPydgVsqGcTRVwiLJ1jVbufYwmzD3LfVPLKsKg+0k= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210503060354-a79de5458b56/go.mod h1:tfny5GFUkzUvx4ps4ajbZsCe5lw1metzhBm9T3x7oIY= diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go index d886b888..4a8a3755 100644 --- a/modules/caddyhttp/app.go +++ b/modules/caddyhttp/app.go @@ -357,12 +357,10 @@ func (app *App) Start() error { return fmt.Errorf("getting HTTP/3 QUIC listener: %v", err) } h3srv := &http3.Server{ - Server: &http.Server{ - Addr: hostport, - Handler: srv, - TLSConfig: tlsCfg, - ErrorLog: serverLogger, - }, + Addr: hostport, + Handler: srv, + TLSConfig: tlsCfg, + MaxHeaderBytes: srv.MaxHeaderBytes, } //nolint:errcheck go h3srv.ServeListener(h3ln) From f259ed52bb3764ce4fd5d88f1712cb43247c2639 Mon Sep 17 00:00:00 2001 From: jhwz <52683873+jhwz@users.noreply.github.com> Date: Thu, 7 Jul 2022 07:50:07 +1200 Subject: [PATCH 0679/1498] admin: support ETag on config endpoints (#4579) * admin: support ETags * support etags Co-authored-by: Matt Holt --- admin.go | 21 +++++++++++++++++++-- admin_test.go | 51 ++++++++++++++++++++++++++++++++++++++++++++++++++- caddy.go | 38 +++++++++++++++++++++++++++++++++++--- 3 files changed, 104 insertions(+), 6 deletions(-) diff --git a/admin.go b/admin.go index 214b734d..e37caf83 100644 --- a/admin.go +++ b/admin.go @@ -21,10 +21,13 @@ import ( "crypto/tls" "crypto/x509" "encoding/base64" + "encoding/hex" "encoding/json" "errors" "expvar" "fmt" + "hash" + "hash/fnv" "io" "net" "net/http" @@ -894,16 +897,30 @@ func (h adminHandler) originAllowed(origin *url.URL) bool { return false } +// etagHasher returns a the hasher we used on the config to both +// produce and verify ETags. +func etagHasher() hash.Hash32 { return fnv.New32a() } + func handleConfig(w http.ResponseWriter, r *http.Request) error { switch r.Method { case http.MethodGet: w.Header().Set("Content-Type", "application/json") + // Set the ETag as a trailer header. + // The alternative is to write the config to a buffer, and + // then hash that. + w.Header().Set("Trailer", "ETag") - err := readConfig(r.URL.Path, w) + hash := etagHasher() + configWriter := io.MultiWriter(w, hash) + err := readConfig(r.URL.Path, configWriter) if err != nil { return APIError{HTTPStatus: http.StatusBadRequest, Err: err} } + // we could consider setting up a sync.Pool for the summed + // hashes to reduce GC pressure. + w.Header().Set("ETag", r.URL.Path+" "+hex.EncodeToString(hash.Sum(nil))) + return nil case http.MethodPost, @@ -937,7 +954,7 @@ func handleConfig(w http.ResponseWriter, r *http.Request) error { forceReload := r.Header.Get("Cache-Control") == "must-revalidate" - err := changeConfig(r.Method, r.URL.Path, body, forceReload) + err := changeConfig(r.Method, r.URL.Path, body, r.Header.Get("If-Match"), forceReload) if err != nil && !errors.Is(err, errSameConfig) { return err } diff --git a/admin_test.go b/admin_test.go index 608a32c6..32f20c62 100644 --- a/admin_test.go +++ b/admin_test.go @@ -15,7 +15,9 @@ package caddy import ( + "encoding/hex" "encoding/json" + "net/http" "reflect" "sync" "testing" @@ -139,10 +141,57 @@ func TestLoadConcurrent(t *testing.T) { wg.Done() }() } - wg.Wait() } +type fooModule struct { + IntField int + StrField string +} + +func (fooModule) CaddyModule() ModuleInfo { + return ModuleInfo{ + ID: "foo", + New: func() Module { return new(fooModule) }, + } +} +func (fooModule) Start() error { return nil } +func (fooModule) Stop() error { return nil } + +func TestETags(t *testing.T) { + RegisterModule(fooModule{}) + + if err := Load([]byte(`{"apps": {"foo": {"strField": "abc", "intField": 0}}}`), true); err != nil { + t.Fatalf("loading: %s", err) + } + + const key = "/" + rawConfigKey + "/apps/foo" + + // try update the config with the wrong etag + err := changeConfig(http.MethodPost, key, []byte(`{"strField": "abc", "intField": 1}}`), "/"+rawConfigKey+" not_an_etag", false) + if apiErr, ok := err.(APIError); !ok || apiErr.HTTPStatus != http.StatusPreconditionFailed { + t.Fatalf("expected precondition failed; got %v", err) + } + + // get the etag + hash := etagHasher() + if err := readConfig(key, hash); err != nil { + t.Fatalf("reading: %s", err) + } + + // do the same update with the correct key + err = changeConfig(http.MethodPost, key, []byte(`{"strField": "abc", "intField": 1}`), key+" "+hex.EncodeToString(hash.Sum(nil)), false) + if err != nil { + t.Fatalf("expected update to work; got %v", err) + } + + // now try another update. The hash should no longer match and we should get precondition failed + err = changeConfig(http.MethodPost, key, []byte(`{"strField": "abc", "intField": 2}`), key+" "+hex.EncodeToString(hash.Sum(nil)), false) + if apiErr, ok := err.(APIError); !ok || apiErr.HTTPStatus != http.StatusPreconditionFailed { + t.Fatalf("expected precondition failed; got %v", err) + } +} + func BenchmarkLoad(b *testing.B) { for i := 0; i < b.N; i++ { Load(testCfg, true) diff --git a/caddy.go b/caddy.go index d1550922..0c6dfcd0 100644 --- a/caddy.go +++ b/caddy.go @@ -17,6 +17,7 @@ package caddy import ( "bytes" "context" + "encoding/hex" "encoding/json" "errors" "fmt" @@ -111,7 +112,7 @@ func Load(cfgJSON []byte, forceReload bool) error { } }() - err := changeConfig(http.MethodPost, "/"+rawConfigKey, cfgJSON, forceReload) + err := changeConfig(http.MethodPost, "/"+rawConfigKey, cfgJSON, "", forceReload) if errors.Is(err, errSameConfig) { err = nil // not really an error } @@ -125,7 +126,12 @@ func Load(cfgJSON []byte, forceReload bool) error { // occur unless forceReload is true. If the config is unchanged and not // forcefully reloaded, then errConfigUnchanged This function is safe for // concurrent use. -func changeConfig(method, path string, input []byte, forceReload bool) error { +// The ifMatchHeader can optionally be given a string of the format: +// " " +// where is the absolute path in the config and is the expected hash of +// the config at that path. If the hash in the ifMatchHeader doesn't match +// the hash of the config, then an APIError with status 412 will be returned. +func changeConfig(method, path string, input []byte, ifMatchHeader string, forceReload bool) error { switch method { case http.MethodGet, http.MethodHead, @@ -138,6 +144,32 @@ func changeConfig(method, path string, input []byte, forceReload bool) error { currentCfgMu.Lock() defer currentCfgMu.Unlock() + if ifMatchHeader != "" { + // read out the parts + parts := strings.Fields(ifMatchHeader) + if len(parts) != 2 { + return APIError{ + HTTPStatus: http.StatusBadRequest, + Err: fmt.Errorf("malformed If-Match header; expect format \" \""), + } + } + + // get the current hash of the config + // at the given path + hash := etagHasher() + err := unsyncedConfigAccess(http.MethodGet, parts[0], nil, hash) + if err != nil { + return err + } + + if hex.EncodeToString(hash.Sum(nil)) != parts[1] { + return APIError{ + HTTPStatus: http.StatusPreconditionFailed, + Err: fmt.Errorf("If-Match header did not match current config hash"), + } + } + } + err := unsyncedConfigAccess(method, path, input, nil) if err != nil { return err @@ -500,7 +532,7 @@ func finishSettingUp(ctx Context, cfg *Config) error { runLoadedConfig := func(config []byte) error { logger.Info("applying dynamically-loaded config") - err := changeConfig(http.MethodPost, "/"+rawConfigKey, config, false) + err := changeConfig(http.MethodPost, "/"+rawConfigKey, config, "", false) if errors.Is(err, errSameConfig) { return err } From c0f76e9ed482b0abde0c3d8f5e26e9f015418ca3 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 7 Jul 2022 14:10:19 -0600 Subject: [PATCH 0680/1498] fileserver: Use safe redirects in file browser --- modules/caddyhttp/fileserver/browse.go | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/modules/caddyhttp/fileserver/browse.go b/modules/caddyhttp/fileserver/browse.go index f308281a..d59010d2 100644 --- a/modules/caddyhttp/fileserver/browse.go +++ b/modules/caddyhttp/fileserver/browse.go @@ -67,9 +67,7 @@ func (fsrv *FileServer) serveBrowse(root, dirPath string, w http.ResponseWriter, if r.URL.Path == "" || path.Base(origReq.URL.Path) == path.Base(r.URL.Path) { if !strings.HasSuffix(origReq.URL.Path, "/") { fsrv.logger.Debug("redirecting to trailing slash to preserve hrefs", zap.String("request_path", r.URL.Path)) - origReq.URL.Path += "/" - http.Redirect(w, r, origReq.URL.String(), http.StatusMovedPermanently) - return nil + return redirect(w, r, origReq.URL.Path+"/") } } From 54d1923ccb03299aa92bf0ec3ba255e4c851a69e Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Fri, 8 Jul 2022 13:04:22 -0400 Subject: [PATCH 0681/1498] reverseproxy: Adjust new TLS Caddyfile directive names (#4872) --- .../caddyfile_adapt/reverse_proxy_options.txt | 5 +- modules/caddyhttp/reverseproxy/caddyfile.go | 58 ++++++++++--------- 2 files changed, 33 insertions(+), 30 deletions(-) diff --git a/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt b/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt index ea740f62..e05f1b90 100644 --- a/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt +++ b/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt @@ -24,8 +24,9 @@ https://example.com { max_conns_per_host 5 keepalive_idle_conns_per_host 2 keepalive_interval 30s - renegotiation freely - except_ports 8181 8182 + + tls_renegotiation freely + tls_except_ports 8181 8182 } } } diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index b2bdf049..4fa4be01 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -814,6 +814,8 @@ func (h *Handler) FinalizeUnmarshalCaddyfile(helper httpcaddyfile.Helper) error // tls_timeout // tls_trusted_ca_certs // tls_server_name +// tls_renegotiation +// tls_except_ports // keepalive [off|] // keepalive_interval // keepalive_idle_conns @@ -907,6 +909,11 @@ func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return d.Errf("must specify at least one resolver address") } + case "tls": + if h.TLS == nil { + h.TLS = new(TLSConfig) + } + case "tls_client_auth": if h.TLS == nil { h.TLS = new(TLSConfig) @@ -922,25 +929,6 @@ func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return d.ArgErr() } - case "renegotiation": - if h.TLS == nil { - h.TLS = new(TLSConfig) - } - if !d.NextArg() { - return d.ArgErr() - } - switch renegotiation := d.Val(); renegotiation { - case "never", "once", "freely": - h.TLS.Renegotiation = renegotiation - default: - return d.ArgErr() - } - - case "tls": - if h.TLS == nil { - h.TLS = new(TLSConfig) - } - case "tls_insecure_skip_verify": if d.NextArg() { return d.ArgErr() @@ -982,6 +970,29 @@ func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { } h.TLS.ServerName = d.Val() + case "tls_renegotiation": + if h.TLS == nil { + h.TLS = new(TLSConfig) + } + if !d.NextArg() { + return d.ArgErr() + } + switch renegotiation := d.Val(); renegotiation { + case "never", "once", "freely": + h.TLS.Renegotiation = renegotiation + default: + return d.ArgErr() + } + + case "tls_except_ports": + if h.TLS == nil { + h.TLS = new(TLSConfig) + } + h.TLS.ExceptPorts = d.RemainingArgs() + if len(h.TLS.ExceptPorts) == 0 { + return d.ArgErr() + } + case "keepalive": if !d.NextArg() { return d.ArgErr() @@ -1063,15 +1074,6 @@ func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { } h.MaxConnsPerHost = num - case "except_ports": - if h.TLS == nil { - h.TLS = new(TLSConfig) - } - h.TLS.ExceptPorts = d.RemainingArgs() - if len(h.TLS.ExceptPorts) == 0 { - return d.ArgErr() - } - default: return d.Errf("unrecognized subdirective %s", d.Val()) } From d6bc9e0b5c748c999e30051bf04d622dbbb0a156 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 8 Jul 2022 13:01:02 -0600 Subject: [PATCH 0682/1498] reverseproxy: Err 503 if all upstreams unavailable --- modules/caddyhttp/reverseproxy/reverseproxy.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 15e31042..64adce27 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -477,7 +477,7 @@ func (h *Handler) proxyLoopIteration(r *http.Request, origReq *http.Request, w h upstream := h.LoadBalancing.SelectionPolicy.Select(upstreams, r, w) if upstream == nil { if proxyErr == nil { - proxyErr = fmt.Errorf("no upstreams available") + proxyErr = caddyhttp.Error(http.StatusServiceUnavailable, fmt.Errorf("no upstreams available")) } if !h.LoadBalancing.tryAgain(h.ctx, start, proxyErr, r) { return true, proxyErr From 53c4d788d4bbc00d396be743a2c0b36482e53c6e Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 12 Jul 2022 14:16:03 -0400 Subject: [PATCH 0683/1498] headers: Only replace known placeholders (#4880) --- modules/caddyhttp/headers/headers.go | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/modules/caddyhttp/headers/headers.go b/modules/caddyhttp/headers/headers.go index f67df928..d5237236 100644 --- a/modules/caddyhttp/headers/headers.go +++ b/modules/caddyhttp/headers/headers.go @@ -194,27 +194,27 @@ type RespHeaderOps struct { func (ops HeaderOps) ApplyTo(hdr http.Header, repl *caddy.Replacer) { // add for fieldName, vals := range ops.Add { - fieldName = repl.ReplaceAll(fieldName, "") + fieldName = repl.ReplaceKnown(fieldName, "") for _, v := range vals { - hdr.Add(fieldName, repl.ReplaceAll(v, "")) + hdr.Add(fieldName, repl.ReplaceKnown(v, "")) } } // set for fieldName, vals := range ops.Set { - fieldName = repl.ReplaceAll(fieldName, "") + fieldName = repl.ReplaceKnown(fieldName, "") var newVals []string for i := range vals { // append to new slice so we don't overwrite // the original values in ops.Set - newVals = append(newVals, repl.ReplaceAll(vals[i], "")) + newVals = append(newVals, repl.ReplaceKnown(vals[i], "")) } hdr.Set(fieldName, strings.Join(newVals, ",")) } // delete for _, fieldName := range ops.Delete { - fieldName = strings.ToLower(repl.ReplaceAll(fieldName, "")) + fieldName = strings.ToLower(repl.ReplaceKnown(fieldName, "")) switch { case strings.HasPrefix(fieldName, "*") && strings.HasSuffix(fieldName, "*"): for existingField := range hdr { @@ -241,13 +241,13 @@ func (ops HeaderOps) ApplyTo(hdr http.Header, repl *caddy.Replacer) { // replace for fieldName, replacements := range ops.Replace { - fieldName = http.CanonicalHeaderKey(repl.ReplaceAll(fieldName, "")) + fieldName = http.CanonicalHeaderKey(repl.ReplaceKnown(fieldName, "")) // all fields... if fieldName == "*" { for _, r := range replacements { - search := repl.ReplaceAll(r.Search, "") - replace := repl.ReplaceAll(r.Replace, "") + search := repl.ReplaceKnown(r.Search, "") + replace := repl.ReplaceKnown(r.Replace, "") for fieldName, vals := range hdr { for i := range vals { if r.re != nil { @@ -263,8 +263,8 @@ func (ops HeaderOps) ApplyTo(hdr http.Header, repl *caddy.Replacer) { // ...or only with the named field for _, r := range replacements { - search := repl.ReplaceAll(r.Search, "") - replace := repl.ReplaceAll(r.Replace, "") + search := repl.ReplaceKnown(r.Search, "") + replace := repl.ReplaceKnown(r.Replace, "") for hdrFieldName, vals := range hdr { // see issue #4330 for why we don't simply use hdr[fieldName] if http.CanonicalHeaderKey(hdrFieldName) != fieldName { From ad3a83fb9169899226ce12a61c16b5bf4d03c482 Mon Sep 17 00:00:00 2001 From: jhwz <52683873+jhwz@users.noreply.github.com> Date: Wed, 13 Jul 2022 06:23:55 +1200 Subject: [PATCH 0684/1498] admin: expect quoted ETags (#4879) * expect quoted etags * admin: Minor refactor of etag facilities Co-authored-by: Matthew Holt --- admin.go | 9 +++++++-- admin_test.go | 8 ++++---- caddy.go | 10 +++++++++- 3 files changed, 20 insertions(+), 7 deletions(-) diff --git a/admin.go b/admin.go index e37caf83..670a2701 100644 --- a/admin.go +++ b/admin.go @@ -21,7 +21,6 @@ import ( "crypto/tls" "crypto/x509" "encoding/base64" - "encoding/hex" "encoding/json" "errors" "expvar" @@ -901,6 +900,12 @@ func (h adminHandler) originAllowed(origin *url.URL) bool { // produce and verify ETags. func etagHasher() hash.Hash32 { return fnv.New32a() } +// makeEtag returns an Etag header value (including quotes) for +// the given config path and hash of contents at that path. +func makeEtag(path string, hash hash.Hash) string { + return fmt.Sprintf(`"%s %x"`, path, hash.Sum(nil)) +} + func handleConfig(w http.ResponseWriter, r *http.Request) error { switch r.Method { case http.MethodGet: @@ -919,7 +924,7 @@ func handleConfig(w http.ResponseWriter, r *http.Request) error { // we could consider setting up a sync.Pool for the summed // hashes to reduce GC pressure. - w.Header().Set("ETag", r.URL.Path+" "+hex.EncodeToString(hash.Sum(nil))) + w.Header().Set("Etag", makeEtag(r.URL.Path, hash)) return nil diff --git a/admin_test.go b/admin_test.go index 32f20c62..f64df75a 100644 --- a/admin_test.go +++ b/admin_test.go @@ -15,8 +15,8 @@ package caddy import ( - "encoding/hex" "encoding/json" + "fmt" "net/http" "reflect" "sync" @@ -168,7 +168,7 @@ func TestETags(t *testing.T) { const key = "/" + rawConfigKey + "/apps/foo" // try update the config with the wrong etag - err := changeConfig(http.MethodPost, key, []byte(`{"strField": "abc", "intField": 1}}`), "/"+rawConfigKey+" not_an_etag", false) + err := changeConfig(http.MethodPost, key, []byte(`{"strField": "abc", "intField": 1}}`), fmt.Sprintf(`"/%s not_an_etag"`, rawConfigKey), false) if apiErr, ok := err.(APIError); !ok || apiErr.HTTPStatus != http.StatusPreconditionFailed { t.Fatalf("expected precondition failed; got %v", err) } @@ -180,13 +180,13 @@ func TestETags(t *testing.T) { } // do the same update with the correct key - err = changeConfig(http.MethodPost, key, []byte(`{"strField": "abc", "intField": 1}`), key+" "+hex.EncodeToString(hash.Sum(nil)), false) + err = changeConfig(http.MethodPost, key, []byte(`{"strField": "abc", "intField": 1}`), makeEtag(key, hash), false) if err != nil { t.Fatalf("expected update to work; got %v", err) } // now try another update. The hash should no longer match and we should get precondition failed - err = changeConfig(http.MethodPost, key, []byte(`{"strField": "abc", "intField": 2}`), key+" "+hex.EncodeToString(hash.Sum(nil)), false) + err = changeConfig(http.MethodPost, key, []byte(`{"strField": "abc", "intField": 2}`), makeEtag(key, hash), false) if apiErr, ok := err.(APIError); !ok || apiErr.HTTPStatus != http.StatusPreconditionFailed { t.Fatalf("expected precondition failed; got %v", err) } diff --git a/caddy.go b/caddy.go index 0c6dfcd0..98ee5b39 100644 --- a/caddy.go +++ b/caddy.go @@ -145,8 +145,16 @@ func changeConfig(method, path string, input []byte, ifMatchHeader string, force defer currentCfgMu.Unlock() if ifMatchHeader != "" { + // expect the first and last character to be quotes + if len(ifMatchHeader) < 2 || ifMatchHeader[0] != '"' || ifMatchHeader[len(ifMatchHeader)-1] != '"' { + return APIError{ + HTTPStatus: http.StatusBadRequest, + Err: fmt.Errorf("malformed If-Match header; expect quoted string"), + } + } + // read out the parts - parts := strings.Fields(ifMatchHeader) + parts := strings.Fields(ifMatchHeader[1 : len(ifMatchHeader)-1]) if len(parts) != 2 { return APIError{ HTTPStatus: http.StatusBadRequest, From c2bbe42fc3553f6a5685cdb45453c0950fa614b2 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 13 Jul 2022 08:52:30 -0600 Subject: [PATCH 0685/1498] reverseproxy: Export SetScheme() again Turns out the NTLM transport uses it. Oops. --- modules/caddyhttp/reverseproxy/httptransport.go | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/httptransport.go b/modules/caddyhttp/reverseproxy/httptransport.go index 94a09380..7b573f81 100644 --- a/modules/caddyhttp/reverseproxy/httptransport.go +++ b/modules/caddyhttp/reverseproxy/httptransport.go @@ -281,7 +281,7 @@ func (h *HTTPTransport) RoundTrip(req *http.Request) (*http.Response, error) { repl := req.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) transport := h.replaceTLSServername(repl) - transport.setScheme(req) + transport.SetScheme(req) // if H2C ("HTTP/2 over cleartext") is enabled and the upstream request is // HTTP without TLS, use the alternate H2C-capable transport instead @@ -292,10 +292,13 @@ func (h *HTTPTransport) RoundTrip(req *http.Request) (*http.Response, error) { return transport.Transport.RoundTrip(req) } -// setScheme ensures that the outbound request req +// SetScheme ensures that the outbound request req // has the scheme set in its URL; the underlying // http.Transport requires a scheme to be set. -func (h *HTTPTransport) setScheme(req *http.Request) { +// +// This method may be used by other transport modules +// that wrap/use this one. +func (h *HTTPTransport) SetScheme(req *http.Request) { if req.URL.Scheme != "" { return } From 04a14ee37ac6192d734518fa9082d6eb93971bc6 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 13 Jul 2022 12:20:00 -0600 Subject: [PATCH 0686/1498] caddyhttp: Make query matcher more efficient Only parse query string once --- modules/caddyhttp/matchers.go | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index 268b936b..4c35802c 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -103,6 +103,9 @@ type ( // "query": ["*"] // } // ``` + // + // Invalid query strings, including those with bad escapings or illegal characters + // like semicolons, will fail to parse and thus fail to match. MatchQuery url.Values // MatchHeader matches requests by header fields. The key is the field @@ -625,9 +628,22 @@ func (m *MatchQuery) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { // Match returns true if r matches m. An empty m matches an empty query string. func (m MatchQuery) Match(r *http.Request) bool { repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) + + // parse query string just once, for efficiency + parsed, err := url.ParseQuery(r.URL.RawQuery) + if err != nil { + // Illegal query string. Likely bad escape sequence or syntax. + // Note that semicolons in query string have a controversial history. Summaries: + // - https://github.com/golang/go/issues/50034 + // - https://github.com/golang/go/issues/25192 + // W3C recommendations are flawed and ambiguous, and different servers handle semicolons differently. + // Filippo Valsorda rightly wrote: "Relying on parser alignment for security is doomed." + return false + } + for param, vals := range m { param = repl.ReplaceAll(param, "") - paramVal, found := r.URL.Query()[param] + paramVal, found := parsed[param] if found { for _, v := range vals { v = repl.ReplaceAll(v, "") From 7d1f7771c9961dc6607a6ac5894b9c3195c25fcf Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 13 Jul 2022 16:15:00 -0400 Subject: [PATCH 0687/1498] reverseproxy: Implement retry count, alternative to try_duration (#4756) * reverseproxy: Implement retry count, alternative to try_duration * Add Caddyfile support for `retry_match` * Refactor to deduplicate matcher parsing logic * Fix lint --- .../reverse_proxy_load_balance.txt | 64 +++++++++++ modules/caddyhttp/matchers.go | 103 +++++++++--------- modules/caddyhttp/reverseproxy/caddyfile.go | 25 +++++ .../caddyhttp/reverseproxy/reverseproxy.go | 66 +++++++---- 4 files changed, 189 insertions(+), 69 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/reverse_proxy_load_balance.txt diff --git a/caddytest/integration/caddyfile_adapt/reverse_proxy_load_balance.txt b/caddytest/integration/caddyfile_adapt/reverse_proxy_load_balance.txt new file mode 100644 index 00000000..5885eec1 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/reverse_proxy_load_balance.txt @@ -0,0 +1,64 @@ +:8884 + +reverse_proxy 127.0.0.1:65535 { + lb_policy first + lb_retries 5 + lb_try_duration 10s + lb_try_interval 500ms + lb_retry_match { + path /foo* + method POST + } + lb_retry_match path /bar* +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":8884" + ], + "routes": [ + { + "handle": [ + { + "handler": "reverse_proxy", + "load_balancing": { + "retries": 5, + "retry_match": [ + { + "method": [ + "POST" + ], + "path": [ + "/foo*" + ] + }, + { + "path": [ + "/bar*" + ] + } + ], + "selection_policy": { + "policy": "first" + }, + "try_duration": 10000000000, + "try_interval": 500000000 + }, + "upstreams": [ + { + "dial": "127.0.0.1:65535" + } + ] + } + ] + } + ] + } + } + } + } +} diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index 4c35802c..430318ac 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -1003,57 +1003,12 @@ func (MatchNot) CaddyModule() caddy.ModuleInfo { // UnmarshalCaddyfile implements caddyfile.Unmarshaler. func (m *MatchNot) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { - // first, unmarshal each matcher in the set from its tokens - type matcherPair struct { - raw caddy.ModuleMap - decoded MatcherSet - } for d.Next() { - var mp matcherPair - matcherMap := make(map[string]RequestMatcher) - - // in case there are multiple instances of the same matcher, concatenate - // their tokens (we expect that UnmarshalCaddyfile should be able to - // handle more than one segment); otherwise, we'd overwrite other - // instances of the matcher in this set - tokensByMatcherName := make(map[string][]caddyfile.Token) - for nesting := d.Nesting(); d.NextArg() || d.NextBlock(nesting); { - matcherName := d.Val() - tokensByMatcherName[matcherName] = append(tokensByMatcherName[matcherName], d.NextSegment()...) + matcherSet, err := ParseCaddyfileNestedMatcherSet(d) + if err != nil { + return err } - for matcherName, tokens := range tokensByMatcherName { - mod, err := caddy.GetModule("http.matchers." + matcherName) - if err != nil { - return d.Errf("getting matcher module '%s': %v", matcherName, err) - } - unm, ok := mod.New().(caddyfile.Unmarshaler) - if !ok { - return d.Errf("matcher module '%s' is not a Caddyfile unmarshaler", matcherName) - } - err = unm.UnmarshalCaddyfile(caddyfile.NewDispenser(tokens)) - if err != nil { - return err - } - rm, ok := unm.(RequestMatcher) - if !ok { - return fmt.Errorf("matcher module '%s' is not a request matcher", matcherName) - } - matcherMap[matcherName] = rm - mp.decoded = append(mp.decoded, rm) - } - - // we should now have a functional 'not' matcher, but we also - // need to be able to marshal as JSON, otherwise config - // adaptation will be missing the matchers! - mp.raw = make(caddy.ModuleMap) - for name, matcher := range matcherMap { - jsonBytes, err := json.Marshal(matcher) - if err != nil { - return fmt.Errorf("marshaling %T matcher: %v", matcher, err) - } - mp.raw[name] = jsonBytes - } - m.MatcherSetsRaw = append(m.MatcherSetsRaw, mp.raw) + m.MatcherSetsRaw = append(m.MatcherSetsRaw, matcherSet) } return nil } @@ -1352,6 +1307,56 @@ func (mre *MatchRegexp) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return nil } +// ParseCaddyfileNestedMatcher parses the Caddyfile tokens for a nested +// matcher set, and returns its raw module map value. +func ParseCaddyfileNestedMatcherSet(d *caddyfile.Dispenser) (caddy.ModuleMap, error) { + matcherMap := make(map[string]RequestMatcher) + + // in case there are multiple instances of the same matcher, concatenate + // their tokens (we expect that UnmarshalCaddyfile should be able to + // handle more than one segment); otherwise, we'd overwrite other + // instances of the matcher in this set + tokensByMatcherName := make(map[string][]caddyfile.Token) + for nesting := d.Nesting(); d.NextArg() || d.NextBlock(nesting); { + matcherName := d.Val() + tokensByMatcherName[matcherName] = append(tokensByMatcherName[matcherName], d.NextSegment()...) + } + + for matcherName, tokens := range tokensByMatcherName { + mod, err := caddy.GetModule("http.matchers." + matcherName) + if err != nil { + return nil, d.Errf("getting matcher module '%s': %v", matcherName, err) + } + unm, ok := mod.New().(caddyfile.Unmarshaler) + if !ok { + return nil, d.Errf("matcher module '%s' is not a Caddyfile unmarshaler", matcherName) + } + err = unm.UnmarshalCaddyfile(caddyfile.NewDispenser(tokens)) + if err != nil { + return nil, err + } + rm, ok := unm.(RequestMatcher) + if !ok { + return nil, fmt.Errorf("matcher module '%s' is not a request matcher", matcherName) + } + matcherMap[matcherName] = rm + } + + // we should now have a functional matcher, but we also + // need to be able to marshal as JSON, otherwise config + // adaptation will be missing the matchers! + matcherSet := make(caddy.ModuleMap) + for name, matcher := range matcherMap { + jsonBytes, err := json.Marshal(matcher) + if err != nil { + return nil, fmt.Errorf("marshaling %T matcher: %v", matcher, err) + } + matcherSet[name] = jsonBytes + } + + return matcherSet, nil +} + var ( wordRE = regexp.MustCompile(`\w+`) ) diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index 4fa4be01..a5321d1b 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -59,8 +59,10 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) // // # load balancing // lb_policy [] +// lb_retries // lb_try_duration // lb_try_interval +// lb_retry_match // // # active health checking // health_uri @@ -247,6 +249,19 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { } h.LoadBalancing.SelectionPolicyRaw = caddyconfig.JSONModuleObject(sel, "policy", name, nil) + case "lb_retries": + if !d.NextArg() { + return d.ArgErr() + } + tries, err := strconv.Atoi(d.Val()) + if err != nil { + return d.Errf("bad lb_retries number '%s': %v", d.Val(), err) + } + if h.LoadBalancing == nil { + h.LoadBalancing = new(LoadBalancing) + } + h.LoadBalancing.Retries = tries + case "lb_try_duration": if !d.NextArg() { return d.ArgErr() @@ -273,6 +288,16 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { } h.LoadBalancing.TryInterval = caddy.Duration(dur) + case "lb_retry_match": + matcherSet, err := caddyhttp.ParseCaddyfileNestedMatcherSet(d) + if err != nil { + return d.Errf("failed to parse lb_retry_match: %v", err) + } + if h.LoadBalancing == nil { + h.LoadBalancing = new(LoadBalancing) + } + h.LoadBalancing.RetryMatchRaw = append(h.LoadBalancing.RetryMatchRaw, matcherSet) + case "health_uri": if !d.NextArg() { return d.ArgErr() diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 64adce27..70612750 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -430,12 +430,14 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyht // and because we may retry some number of times, carry over the error // from previous tries because of the nuances of load balancing & retries var proxyErr error + var retries int for { var done bool - done, proxyErr = h.proxyLoopIteration(clonedReq, r, w, proxyErr, start, repl, reqHeader, reqHost, next) + done, proxyErr = h.proxyLoopIteration(clonedReq, r, w, proxyErr, start, retries, repl, reqHeader, reqHost, next) if done { break } + retries++ } if proxyErr != nil { @@ -449,7 +451,7 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyht // that has to be passed in, we brought this into its own method so that we could run defer more easily. // It returns true when the loop is done and should break; false otherwise. The error value returned should // be assigned to the proxyErr value for the next iteration of the loop (or the error handled after break). -func (h *Handler) proxyLoopIteration(r *http.Request, origReq *http.Request, w http.ResponseWriter, proxyErr error, start time.Time, +func (h *Handler) proxyLoopIteration(r *http.Request, origReq *http.Request, w http.ResponseWriter, proxyErr error, start time.Time, retries int, repl *caddy.Replacer, reqHeader http.Header, reqHost string, next caddyhttp.Handler) (bool, error) { // get the updated list of upstreams upstreams := h.Upstreams @@ -479,7 +481,7 @@ func (h *Handler) proxyLoopIteration(r *http.Request, origReq *http.Request, w h if proxyErr == nil { proxyErr = caddyhttp.Error(http.StatusServiceUnavailable, fmt.Errorf("no upstreams available")) } - if !h.LoadBalancing.tryAgain(h.ctx, start, proxyErr, r) { + if !h.LoadBalancing.tryAgain(h.ctx, start, retries, proxyErr, r) { return true, proxyErr } return false, proxyErr @@ -542,7 +544,7 @@ func (h *Handler) proxyLoopIteration(r *http.Request, origReq *http.Request, w h h.countFailure(upstream) // if we've tried long enough, break - if !h.LoadBalancing.tryAgain(h.ctx, start, proxyErr, r) { + if !h.LoadBalancing.tryAgain(h.ctx, start, retries, proxyErr, r) { return true, proxyErr } @@ -944,16 +946,26 @@ func (h Handler) finalizeResponse( return nil } -// tryAgain takes the time that the handler was initially invoked -// as well as any error currently obtained, and the request being -// tried, and returns true if another attempt should be made at -// proxying the request. If true is returned, it has already blocked -// long enough before the next retry (i.e. no more sleeping is -// needed). If false is returned, the handler should stop trying to -// proxy the request. -func (lb LoadBalancing) tryAgain(ctx caddy.Context, start time.Time, proxyErr error, req *http.Request) bool { +// tryAgain takes the time that the handler was initially invoked, +// the amount of retries already performed, as well as any error +// currently obtained, and the request being tried, and returns +// true if another attempt should be made at proxying the request. +// If true is returned, it has already blocked long enough before +// the next retry (i.e. no more sleeping is needed). If false is +// returned, the handler should stop trying to proxy the request. +func (lb LoadBalancing) tryAgain(ctx caddy.Context, start time.Time, retries int, proxyErr error, req *http.Request) bool { + // no retries are configured + if lb.TryDuration == 0 && lb.Retries == 0 { + return false + } + // if we've tried long enough, break - if time.Since(start) >= time.Duration(lb.TryDuration) { + if lb.TryDuration > 0 && time.Since(start) >= time.Duration(lb.TryDuration) { + return false + } + + // if we've reached the retry limit, break + if lb.Retries > 0 && retries >= lb.Retries { return false } @@ -976,6 +988,11 @@ func (lb LoadBalancing) tryAgain(ctx caddy.Context, start time.Time, proxyErr er } } + // fast path; if the interval is zero, we don't need to wait + if lb.TryInterval == 0 { + return true + } + // otherwise, wait and try the next available host timer := time.NewTimer(time.Duration(lb.TryInterval)) select { @@ -1190,16 +1207,25 @@ type LoadBalancing struct { // The default policy is random selection. SelectionPolicyRaw json.RawMessage `json:"selection_policy,omitempty" caddy:"namespace=http.reverse_proxy.selection_policies inline_key=policy"` + // How many times to retry selecting available backends for each + // request if the next available host is down. If try_duration is + // also configured, then retries may stop early if the duration + // is reached. By default, retries are disabled (zero). + Retries int `json:"retries,omitempty"` + // How long to try selecting available backends for each request - // if the next available host is down. By default, this retry is - // disabled. Clients will wait for up to this long while the load - // balancer tries to find an available upstream host. + // if the next available host is down. Clients will wait for up + // to this long while the load balancer tries to find an available + // upstream host. If retries is also configured, tries may stop + // early if the maximum retries is reached. By default, retries + // are disabled (zero duration). TryDuration caddy.Duration `json:"try_duration,omitempty"` - // How long to wait between selecting the next host from the pool. Default - // is 250ms. Only relevant when a request to an upstream host fails. Be - // aware that setting this to 0 with a non-zero try_duration can cause the - // CPU to spin if all backends are down and latency is very low. + // How long to wait between selecting the next host from the pool. + // Default is 250ms if try_duration is enabled, otherwise zero. Only + // relevant when a request to an upstream host fails. Be aware that + // setting this to 0 with a non-zero try_duration can cause the CPU + // to spin if all backends are down and latency is very low. TryInterval caddy.Duration `json:"try_interval,omitempty"` // A list of matcher sets that restricts with which requests retries are From 8bdee04651d93a5a799f6816ceafaa7ac61fe26d Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Sat, 16 Jul 2022 23:33:43 -0600 Subject: [PATCH 0688/1498] caddyhttp: Enhance comment --- modules/caddyhttp/matchers.go | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index 430318ac..c8db22f3 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -632,12 +632,15 @@ func (m MatchQuery) Match(r *http.Request) bool { // parse query string just once, for efficiency parsed, err := url.ParseQuery(r.URL.RawQuery) if err != nil { - // Illegal query string. Likely bad escape sequence or syntax. + // Illegal query string. Likely bad escape sequence or unescaped literals. // Note that semicolons in query string have a controversial history. Summaries: // - https://github.com/golang/go/issues/50034 // - https://github.com/golang/go/issues/25192 - // W3C recommendations are flawed and ambiguous, and different servers handle semicolons differently. - // Filippo Valsorda rightly wrote: "Relying on parser alignment for security is doomed." + // Despite the URL WHATWG spec mandating the use of & separators for query strings, + // every URL parser implementation is different, and Filippo Valsorda rightly wrote: + // "Relying on parser alignment for security is doomed." Overall conclusion is that + // splitting on & and rejecting ; in key=value pairs is safer than accepting raw ;. + // We regard the Go team's decision as sound and thus reject malformed query strings. return false } From abad9bc256eea7353b9959d066f5b7ea64990a22 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 20 Jul 2022 20:14:33 -0400 Subject: [PATCH 0689/1498] cmd: Fix reload with stdin (#4900) --- cmd/commandfuncs.go | 41 ++++++++++++++++++++++--------------- modules/caddypki/command.go | 4 ++-- 2 files changed, 27 insertions(+), 18 deletions(-) diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go index b18f5090..fff8d017 100644 --- a/cmd/commandfuncs.go +++ b/cmd/commandfuncs.go @@ -280,7 +280,7 @@ func cmdStop(fl Flags) (int, error) { configFlag := fl.String("config") configAdapterFlag := fl.String("adapter") - adminAddr, err := DetermineAdminAPIAddress(addrFlag, configFlag, configAdapterFlag) + adminAddr, err := DetermineAdminAPIAddress(addrFlag, nil, configFlag, configAdapterFlag) if err != nil { return caddy.ExitCodeFailedStartup, fmt.Errorf("couldn't determine admin API address: %v", err) } @@ -310,7 +310,7 @@ func cmdReload(fl Flags) (int, error) { return caddy.ExitCodeFailedStartup, fmt.Errorf("no config file to load") } - adminAddr, err := DetermineAdminAPIAddress(addrFlag, configFlag, configAdapterFlag) + adminAddr, err := DetermineAdminAPIAddress(addrFlag, config, configFlag, configAdapterFlag) if err != nil { return caddy.ExitCodeFailedStartup, fmt.Errorf("couldn't determine admin API address: %v", err) } @@ -732,10 +732,11 @@ func AdminAPIRequest(adminAddr, method, uri string, headers http.Header, body io // DetermineAdminAPIAddress determines which admin API endpoint address should // be used based on the inputs. By priority: if `address` is specified, then -// it is returned; if `configFile` (and `configAdapter`) are specified, then that -// config will be loaded to find the admin address; otherwise, the default -// admin listen address will be returned. -func DetermineAdminAPIAddress(address, configFile, configAdapter string) (string, error) { +// it is returned; if `config` is specified, then that config will be used for +// finding the admin address; if `configFile` (and `configAdapter`) are specified, +// then that config will be loaded to find the admin address; otherwise, the +// default admin listen address will be returned. +func DetermineAdminAPIAddress(address string, config []byte, configFile, configAdapter string) (string, error) { // Prefer the address if specified and non-empty if address != "" { return address, nil @@ -743,21 +744,29 @@ func DetermineAdminAPIAddress(address, configFile, configAdapter string) (string // Try to load the config from file if specified, with the given adapter name if configFile != "" { - // get the config in caddy's native format - config, loadedConfigFile, err := LoadConfig(configFile, configAdapter) - if err != nil { - return "", err - } - if loadedConfigFile == "" { - return "", fmt.Errorf("no config file to load") + var loadedConfigFile string + var err error + + // use the provided loaded config if non-empty + // otherwise, load it from the specified file/adapter + loadedConfig := config + if len(loadedConfig) == 0 { + // get the config in caddy's native format + loadedConfig, loadedConfigFile, err = LoadConfig(configFile, configAdapter) + if err != nil { + return "", err + } + if loadedConfigFile == "" { + return "", fmt.Errorf("no config file to load") + } } - // get the address of the admin listener if set - if len(config) > 0 { + // get the address of the admin listener from the config + if len(loadedConfig) > 0 { var tmpStruct struct { Admin caddy.AdminConfig `json:"admin"` } - err = json.Unmarshal(config, &tmpStruct) + err := json.Unmarshal(loadedConfig, &tmpStruct) if err != nil { return "", fmt.Errorf("unmarshaling admin listener address from config: %v", err) } diff --git a/modules/caddypki/command.go b/modules/caddypki/command.go index c26c19ad..cb86c937 100644 --- a/modules/caddypki/command.go +++ b/modules/caddypki/command.go @@ -113,7 +113,7 @@ func cmdTrust(fl caddycmd.Flags) (int, error) { } // Determine where we're sending the request to get the CA info - adminAddr, err := caddycmd.DetermineAdminAPIAddress(addrFlag, configFlag, configAdapterFlag) + adminAddr, err := caddycmd.DetermineAdminAPIAddress(addrFlag, nil, configFlag, configAdapterFlag) if err != nil { return caddy.ExitCodeFailedStartup, fmt.Errorf("couldn't determine admin API address: %v", err) } @@ -182,7 +182,7 @@ func cmdUntrust(fl caddycmd.Flags) (int, error) { } // Determine where we're sending the request to get the CA info - adminAddr, err := caddycmd.DetermineAdminAPIAddress(addrFlag, configFlag, configAdapterFlag) + adminAddr, err := caddycmd.DetermineAdminAPIAddress(addrFlag, nil, configFlag, configAdapterFlag) if err != nil { return caddy.ExitCodeFailedStartup, fmt.Errorf("couldn't determine admin API address: %v", err) } From a379fa4c6c5d58aa6b812bb21a879ce0944c1ccb Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Sat, 23 Jul 2022 22:38:41 -0600 Subject: [PATCH 0690/1498] reverseproxy: Implement read & write timeouts for HTTP transport (#4905) --- modules/caddyhttp/reverseproxy/caddyfile.go | 20 +++++++ .../caddyhttp/reverseproxy/httptransport.go | 54 ++++++++++++++++++- 2 files changed, 72 insertions(+), 2 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index a5321d1b..a2c85f90 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -875,6 +875,26 @@ func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { } h.WriteBufferSize = int(size) + case "read_timeout": + if !d.NextArg() { + return d.ArgErr() + } + timeout, err := caddy.ParseDuration(d.Val()) + if err != nil { + return d.Errf("invalid read timeout duration '%s': %v", d.Val(), err) + } + h.ReadTimeout = caddy.Duration(timeout) + + case "write_timeout": + if !d.NextArg() { + return d.ArgErr() + } + timeout, err := caddy.ParseDuration(d.Val()) + if err != nil { + return d.Errf("invalid write timeout duration '%s': %v", d.Val(), err) + } + h.WriteTimeout = caddy.Duration(timeout) + case "max_response_header": if !d.NextArg() { return d.ArgErr() diff --git a/modules/caddyhttp/reverseproxy/httptransport.go b/modules/caddyhttp/reverseproxy/httptransport.go index 7b573f81..ef72b886 100644 --- a/modules/caddyhttp/reverseproxy/httptransport.go +++ b/modules/caddyhttp/reverseproxy/httptransport.go @@ -30,6 +30,7 @@ import ( "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/modules/caddytls" + "go.uber.org/zap" "golang.org/x/net/http2" ) @@ -88,6 +89,12 @@ type HTTPTransport struct { // The size of the read buffer in bytes. Default: `4KiB`. ReadBufferSize int `json:"read_buffer_size,omitempty"` + // The maximum time to wait for next read from backend. Default: no timeout. + ReadTimeout caddy.Duration `json:"read_timeout,omitempty"` + + // The maximum time to wait for next write to backend. Default: no timeout. + WriteTimeout caddy.Duration `json:"write_timeout,omitempty"` + // The versions of HTTP to support. As a special case, "h2c" // can be specified to use H2C (HTTP/2 over Cleartext) to the // upstream (this feature is experimental and subject to @@ -147,7 +154,7 @@ func (h *HTTPTransport) Provision(ctx caddy.Context) error { } // NewTransport builds a standard-lib-compatible http.Transport value from h. -func (h *HTTPTransport) NewTransport(ctx caddy.Context) (*http.Transport, error) { +func (h *HTTPTransport) NewTransport(caddyCtx caddy.Context) (*http.Transport, error) { // Set keep-alive defaults if it wasn't otherwise configured if h.KeepAlive == nil { h.KeepAlive = &KeepAlive{ @@ -194,6 +201,7 @@ func (h *HTTPTransport) NewTransport(ctx caddy.Context) (*http.Transport, error) network = dialInfo.Network address = dialInfo.Address } + conn, err := dialer.DialContext(ctx, network, address) if err != nil { // identify this error as one that occurred during @@ -201,6 +209,18 @@ func (h *HTTPTransport) NewTransport(ctx caddy.Context) (*http.Transport, error) // decide whether to retry a request return nil, DialError{err} } + + // if read/write timeouts are configured and this is a TCP connection, enforce the timeouts + // by wrapping the connection with our own type + if tcpConn, ok := conn.(*net.TCPConn); ok && (h.ReadTimeout > 0 || h.WriteTimeout > 0) { + conn = &tcpRWTimeoutConn{ + TCPConn: tcpConn, + readTimeout: time.Duration(h.ReadTimeout), + writeTimeout: time.Duration(h.WriteTimeout), + logger: caddyCtx.Logger(h), + } + } + return conn, nil }, MaxConnsPerHost: h.MaxConnsPerHost, @@ -214,7 +234,7 @@ func (h *HTTPTransport) NewTransport(ctx caddy.Context) (*http.Transport, error) if h.TLS != nil { rt.TLSHandshakeTimeout = time.Duration(h.TLS.HandshakeTimeout) var err error - rt.TLSClientConfig, err = h.TLS.MakeTLSClientConfig(ctx) + rt.TLSClientConfig, err = h.TLS.MakeTLSClientConfig(caddyCtx) if err != nil { return nil, fmt.Errorf("making TLS client config: %v", err) } @@ -510,6 +530,36 @@ type KeepAlive struct { IdleConnTimeout caddy.Duration `json:"idle_timeout,omitempty"` } +// tcpRWTimeoutConn enforces read/write timeouts for a TCP connection. +// If it fails to set deadlines, the error is logged but does not abort +// the read/write attempt (ignoring the error is consistent with what +// the standard library does: https://github.com/golang/go/blob/c5da4fb7ac5cb7434b41fc9a1df3bee66c7f1a4d/src/net/http/server.go#L981-L986) +type tcpRWTimeoutConn struct { + *net.TCPConn + readTimeout, writeTimeout time.Duration + logger *zap.Logger +} + +func (c *tcpRWTimeoutConn) Read(b []byte) (int, error) { + if c.readTimeout > 0 { + err := c.TCPConn.SetReadDeadline(time.Now().Add(c.readTimeout)) + if err != nil { + c.logger.Error("failed to set read deadline", zap.Error(err)) + } + } + return c.TCPConn.Read(b) +} + +func (c *tcpRWTimeoutConn) Write(b []byte) (int, error) { + if c.writeTimeout > 0 { + err := c.TCPConn.SetWriteDeadline(time.Now().Add(c.writeTimeout)) + if err != nil { + c.logger.Error("failed to set write deadline", zap.Error(err)) + } + } + return c.TCPConn.Write(b) +} + // decodeBase64DERCert base64-decodes, then DER-decodes, certStr. func decodeBase64DERCert(certStr string) (*x509.Certificate, error) { // decode base64 From 0bebea0d4c0321b9cd59be4b355020a3e28c0bcd Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 25 Jul 2022 10:39:59 -0600 Subject: [PATCH 0691/1498] caddyhttp: Log shutdown errors, don't return (fix #4908) --- modules/caddyhttp/app.go | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go index 4a8a3755..1894a975 100644 --- a/modules/caddyhttp/app.go +++ b/modules/caddyhttp/app.go @@ -415,19 +415,21 @@ func (app *App) Stop() error { ctx, cancel = context.WithTimeout(ctx, time.Duration(app.GracePeriod)) defer cancel() } - for _, s := range app.servers { - err := s.Shutdown(ctx) - if err != nil { - return err + for i, s := range app.servers { + if err := s.Shutdown(ctx); err != nil { + app.logger.Error("server shutdown", + zap.Error(err), + zap.Int("index", i)) } } - for _, s := range app.h3servers { + for i, s := range app.h3servers { // TODO: CloseGracefully, once implemented upstream // (see https://github.com/lucas-clemente/quic-go/issues/2103) - err := s.Close() - if err != nil { - return err + if err := s.Close(); err != nil { + app.logger.Error("HTTP/3 server shutdown", + zap.Error(err), + zap.Int("index", i)) } } return nil From 1e18afb5c862d62be130d563785de5c58f08ae8e Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 25 Jul 2022 17:28:20 -0600 Subject: [PATCH 0692/1498] httpcaddyfile: Detect ambiguous site definitions (fix #4635) Previously, our "duplicate key in server block" logic was flawed because it did not account for the site's bind address. We defer this check to when the listener addresses have been assigned, but before we commit a server block to its listener. Also refined how network address parsing and joining works, which was necessary for a less convoluted fix. --- caddyconfig/httpcaddyfile/addresses.go | 14 ++++-- caddyconfig/httpcaddyfile/httptype.go | 30 +++++++----- caddytest/integration/caddyfile_test.go | 2 +- listeners.go | 64 ++++++++++++++++--------- listeners_test.go | 34 +++++++++++-- 5 files changed, 99 insertions(+), 45 deletions(-) diff --git a/caddyconfig/httpcaddyfile/addresses.go b/caddyconfig/httpcaddyfile/addresses.go index c7923e81..03083d88 100644 --- a/caddyconfig/httpcaddyfile/addresses.go +++ b/caddyconfig/httpcaddyfile/addresses.go @@ -183,6 +183,8 @@ func (st *ServerType) consolidateAddrMappings(addrToServerBlocks map[string][]se return sbaddrs } +// listenerAddrsForServerBlockKey essentially converts the Caddyfile +// site addresses to Caddy listener addresses for each server block. func (st *ServerType) listenerAddrsForServerBlockKey(sblock serverBlock, key string, options map[string]interface{}) ([]string, error) { addr, err := ParseAddress(key) @@ -232,12 +234,14 @@ func (st *ServerType) listenerAddrsForServerBlockKey(sblock serverBlock, key str // use a map to prevent duplication listeners := make(map[string]struct{}) for _, host := range lnHosts { - addr, err := caddy.ParseNetworkAddress(host) - if err == nil && addr.IsUnixNetwork() { - listeners[host] = struct{}{} - } else { - listeners[host+":"+lnPort] = struct{}{} + // host can have network + host (e.g. "tcp6/localhost") but + // will/should not have port information because this usually + // comes from the bind directive, so we append the port + addr, err := caddy.ParseNetworkAddress(host + ":" + lnPort) + if err != nil { + return nil, fmt.Errorf("parsing network address: %v", err) } + listeners[addr.String()] = struct{}{} } // now turn map into list diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 5d782441..b1140594 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -58,22 +58,13 @@ func (st ServerType) Setup(inputServerBlocks []caddyfile.ServerBlock, gc := counter{new(int)} state := make(map[string]interface{}) - // load all the server blocks and associate them with a "pile" - // of config values; also prohibit duplicate keys because they - // can make a config confusing if more than one server block is - // chosen to handle a request - we actually will make each - // server block's route terminal so that only one will run - sbKeys := make(map[string]struct{}) + // load all the server blocks and associate them with a "pile" of config values originalServerBlocks := make([]serverBlock, 0, len(inputServerBlocks)) - for i, sblock := range inputServerBlocks { + for _, sblock := range inputServerBlocks { for j, k := range sblock.Keys { if j == 0 && strings.HasPrefix(k, "@") { return nil, warnings, fmt.Errorf("cannot define a matcher outside of a site block: '%s'", k) } - if _, ok := sbKeys[k]; ok { - return nil, warnings, fmt.Errorf("duplicate site address not allowed: '%s' in %v (site block %d, key %d)", k, sblock.Keys, i, j) - } - sbKeys[k] = struct{}{} } originalServerBlocks = append(originalServerBlocks, serverBlock{ block: sblock, @@ -420,6 +411,23 @@ func (st *ServerType) serversFromPairings( } for i, p := range pairings { + // detect ambiguous site definitions: server blocks which + // have the same host bound to the same interface (listener + // address), otherwise their routes will improperly be added + // to the same server (see issue #4635) + for j, sblock1 := range p.serverBlocks { + for _, key := range sblock1.block.Keys { + for k, sblock2 := range p.serverBlocks { + if k == j { + continue + } + if sliceContains(sblock2.block.Keys, key) { + return nil, fmt.Errorf("ambiguous site definition: %s", key) + } + } + } + } + srv := &caddyhttp.Server{ Listen: p.addresses, } diff --git a/caddytest/integration/caddyfile_test.go b/caddytest/integration/caddyfile_test.go index be85f4ab..27588833 100644 --- a/caddytest/integration/caddyfile_test.go +++ b/caddytest/integration/caddyfile_test.go @@ -68,7 +68,7 @@ func TestDuplicateHosts(t *testing.T) { } `, "caddyfile", - "duplicate site address not allowed") + "ambiguous site definition") } func TestReadCookie(t *testing.T) { diff --git a/listeners.go b/listeners.go index f2d7e10b..4c86e829 100644 --- a/listeners.go +++ b/listeners.go @@ -391,10 +391,13 @@ func (na NetworkAddress) port() string { return fmt.Sprintf("%d-%d", na.StartPort, na.EndPort) } -// String reconstructs the address string to the form expected -// by ParseNetworkAddress(). If the address is a unix socket, -// any non-zero port will be dropped. +// String reconstructs the address string for human display. +// The output can be parsed by ParseNetworkAddress(). If the +// address is a unix socket, any non-zero port will be dropped. func (na NetworkAddress) String() string { + if na.Network == "tcp" && (na.Host != "" || na.port() != "") { + na.Network = "" // omit default network value for brevity + } return JoinNetworkAddress(na.Network, na.Host, na.port()) } @@ -427,36 +430,38 @@ func isListenBindAddressAlreadyInUseError(err error) bool { func ParseNetworkAddress(addr string) (NetworkAddress, error) { var host, port string network, host, port, err := SplitNetworkAddress(addr) - if network == "" { - network = "tcp" - } if err != nil { return NetworkAddress{}, err } + if network == "" { + network = "tcp" + } if isUnixNetwork(network) { return NetworkAddress{ Network: network, Host: host, }, nil } - ports := strings.SplitN(port, "-", 2) - if len(ports) == 1 { - ports = append(ports, ports[0]) - } var start, end uint64 - start, err = strconv.ParseUint(ports[0], 10, 16) - if err != nil { - return NetworkAddress{}, fmt.Errorf("invalid start port: %v", err) - } - end, err = strconv.ParseUint(ports[1], 10, 16) - if err != nil { - return NetworkAddress{}, fmt.Errorf("invalid end port: %v", err) - } - if end < start { - return NetworkAddress{}, fmt.Errorf("end port must not be less than start port") - } - if (end - start) > maxPortSpan { - return NetworkAddress{}, fmt.Errorf("port range exceeds %d ports", maxPortSpan) + if port != "" { + ports := strings.SplitN(port, "-", 2) + if len(ports) == 1 { + ports = append(ports, ports[0]) + } + start, err = strconv.ParseUint(ports[0], 10, 16) + if err != nil { + return NetworkAddress{}, fmt.Errorf("invalid start port: %v", err) + } + end, err = strconv.ParseUint(ports[1], 10, 16) + if err != nil { + return NetworkAddress{}, fmt.Errorf("invalid end port: %v", err) + } + if end < start { + return NetworkAddress{}, fmt.Errorf("end port must not be less than start port") + } + if (end - start) > maxPortSpan { + return NetworkAddress{}, fmt.Errorf("port range exceeds %d ports", maxPortSpan) + } } return NetworkAddress{ Network: network, @@ -478,6 +483,19 @@ func SplitNetworkAddress(a string) (network, host, port string, err error) { return } host, port, err = net.SplitHostPort(a) + if err == nil || a == "" { + return + } + // in general, if there was an error, it was likely "missing port", + // so try adding a bogus port to take advantage of standard library's + // robust parser, then strip the artificial port before returning + // (don't overwrite original error though; might still be relevant) + var err2 error + host, port, err2 = net.SplitHostPort(a + ":0") + if err2 == nil { + err = nil + port = "" + } return } diff --git a/listeners_test.go b/listeners_test.go index b75e2dce..6b0f440a 100644 --- a/listeners_test.go +++ b/listeners_test.go @@ -32,9 +32,24 @@ func TestSplitNetworkAddress(t *testing.T) { expectErr: true, }, { - input: "foo", + input: "foo", + expectHost: "foo", + }, + { + input: ":", // empty host & empty port + }, + { + input: "::", expectErr: true, }, + { + input: "[::]", + expectHost: "::", + }, + { + input: ":1234", + expectPort: "1234", + }, { input: "foo:1234", expectHost: "foo", @@ -80,10 +95,10 @@ func TestSplitNetworkAddress(t *testing.T) { } { actualNetwork, actualHost, actualPort, err := SplitNetworkAddress(tc.input) if tc.expectErr && err == nil { - t.Errorf("Test %d: Expected error but got: %v", i, err) + t.Errorf("Test %d: Expected error but got %v", i, err) } if !tc.expectErr && err != nil { - t.Errorf("Test %d: Expected no error but got: %v", i, err) + t.Errorf("Test %d: Expected no error but got %v", i, err) } if actualNetwork != tc.expectNetwork { t.Errorf("Test %d: Expected network '%s' but got '%s'", i, tc.expectNetwork, actualNetwork) @@ -169,8 +184,17 @@ func TestParseNetworkAddress(t *testing.T) { expectErr: true, }, { - input: ":", - expectErr: true, + input: ":", + expectAddr: NetworkAddress{ + Network: "tcp", + }, + }, + { + input: "[::]", + expectAddr: NetworkAddress{ + Network: "tcp", + Host: "::", + }, }, { input: ":1234", From 7991cd125083121dc9b5907bb2dcaca6b078b4a5 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 26 Jul 2022 11:07:20 -0600 Subject: [PATCH 0693/1498] go.mod: Upgrade dependencies --- go.mod | 32 ++++++++--------- go.sum | 109 +++++++++++++++++++++++++++++++++------------------------ 2 files changed, 80 insertions(+), 61 deletions(-) diff --git a/go.mod b/go.mod index 814d1359..631cc586 100644 --- a/go.mod +++ b/go.mod @@ -3,34 +3,34 @@ module github.com/caddyserver/caddy/v2 go 1.17 require ( - github.com/BurntSushi/toml v1.1.0 + github.com/BurntSushi/toml v1.2.0 github.com/Masterminds/sprig/v3 v3.2.2 github.com/alecthomas/chroma v0.10.0 github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b github.com/caddyserver/certmagic v0.16.1 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-chi/chi v4.1.2+incompatible - github.com/google/cel-go v0.11.4 + github.com/google/cel-go v0.12.4 github.com/google/uuid v1.3.0 - github.com/klauspost/compress v1.15.6 - github.com/klauspost/cpuid/v2 v2.0.13 - github.com/lucas-clemente/quic-go v0.28.0 - github.com/mholt/acmez v1.0.2 - github.com/prometheus/client_golang v1.12.1 - github.com/smallstep/certificates v0.19.0 - github.com/smallstep/cli v0.18.0 + github.com/klauspost/compress v1.15.9 + github.com/klauspost/cpuid/v2 v2.1.0 + github.com/lucas-clemente/quic-go v0.28.1 + github.com/mholt/acmez v1.0.3 + github.com/prometheus/client_golang v1.12.2 + github.com/smallstep/certificates v0.21.0 + github.com/smallstep/cli v0.21.0 github.com/smallstep/nosql v0.4.0 github.com/smallstep/truststore v0.11.0 github.com/tailscale/tscert v0.0.0-20220316030059-54bbcb9f74e2 - github.com/yuin/goldmark v1.4.12 + github.com/yuin/goldmark v1.4.13 github.com/yuin/goldmark-highlighting v0.0.0-20220208100518-594be1970594 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.29.0 go.opentelemetry.io/otel v1.4.0 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.4.0 go.opentelemetry.io/otel/sdk v1.4.0 go.uber.org/zap v1.21.0 - golang.org/x/crypto v0.0.0-20220210151621-f4118a5b28e2 - golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e + golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29 + golang.org/x/net v0.0.0-20220630215102-69896b714898 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 google.golang.org/protobuf v1.28.0 @@ -116,13 +116,13 @@ require ( go.opentelemetry.io/otel/metric v0.27.0 // indirect go.opentelemetry.io/otel/trace v1.4.0 // indirect go.opentelemetry.io/proto/otlp v0.12.0 // indirect - go.step.sm/cli-utils v0.7.0 // indirect - go.step.sm/crypto v0.16.1 // indirect - go.step.sm/linkedca v0.15.0 // indirect + go.step.sm/cli-utils v0.7.3 // indirect + go.step.sm/crypto v0.16.2 // indirect + go.step.sm/linkedca v0.16.1 // indirect go.uber.org/atomic v1.9.0 // indirect go.uber.org/multierr v1.6.0 // indirect golang.org/x/mod v0.4.2 // indirect - golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a // indirect + golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e // indirect golang.org/x/text v0.3.8-0.20211004125949-5bd84dd9b33b // indirect golang.org/x/tools v0.1.7 // indirect golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect diff --git a/go.sum b/go.sum index 086df08c..66cfffe0 100644 --- a/go.sum +++ b/go.sum @@ -29,6 +29,8 @@ cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAV cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM= cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY= cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ= +cloud.google.com/go v0.92.2/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= +cloud.google.com/go v0.92.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4= cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc= @@ -52,6 +54,7 @@ cloud.google.com/go/iam v0.1.0 h1:W2vbGCrE3Z7J/x3WXLxxGl9LMSB2uhsAA7Ss/6u/qRY= cloud.google.com/go/iam v0.1.0/go.mod h1:vcUNEa0pEm0qRVpmWepWaFMIAI8/hjB9mO8rNCJtF6c= cloud.google.com/go/kms v1.4.0 h1:iElbfoE61VeLhnZcGOltqL8HIly8Nhbe5t6JlH9GXjo= cloud.google.com/go/kms v1.4.0/go.mod h1:fajBHndQ+6ubNw6Ss2sSd+SWvjL26RNo/dr7uxsnnOA= +cloud.google.com/go/monitoring v0.1.0/go.mod h1:Hpm3XfzJv+UTiXzCG5Ffp0wijzHTC7Cv4eR7o3x/fEE= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= @@ -59,18 +62,19 @@ cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjp cloud.google.com/go/security v1.3.0/go.mod h1:pQsnLAXfMzuWVJdctBs8BV3tGd3Jr0SMYu6KK3QXYAs= cloud.google.com/go/spanner v1.17.0/go.mod h1:+17t2ixFwRG4lWRwE+5kipDR9Ef07Jkmc8z0IbMDKUs= cloud.google.com/go/spanner v1.18.0/go.mod h1:LvAjUXPeJRGNuGpikMULjhLj/t9cRvdc+fxRoLiugXA= -cloud.google.com/go/spanner v1.20.0/go.mod h1:ajR/W06cMHQu7nqQ4irRGplPNoWgejGJlEhlB8xBTKk= +cloud.google.com/go/spanner v1.25.0/go.mod h1:kQUft3x355hzzaeFbObjsvkzZDgpDkesp3v75WBnI8w= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= +cloud.google.com/go/trace v0.1.0/go.mod h1:wxEwsoeRVPbeSkt7ZC9nWCgmoKQRAoySN7XHW2AmI7g= code.gitea.io/sdk/gitea v0.11.3/go.mod h1:z3uwDV/b9Ls47NGukYM9XhnHtqPh/J+t40lsUrR6JDY= contrib.go.opencensus.io/exporter/aws v0.0.0-20181029163544-2befc13012d0/go.mod h1:uu1P0UCM/6RbsMrgPa98ll8ZcHM858i/AD06a9aLRCA= contrib.go.opencensus.io/exporter/ocagent v0.5.0/go.mod h1:ImxhfLRpxoYiSq891pBrLVhN+qmP8BTVvdH2YLs7Gl0= contrib.go.opencensus.io/exporter/stackdriver v0.12.1/go.mod h1:iwB6wGarfphGGe/e5CWqyUk/cLzKnWsOKPVW3no6OTw= contrib.go.opencensus.io/exporter/stackdriver v0.13.5/go.mod h1:aXENhDJ1Y4lIg4EUaVTwzvYETVNZk10Pu26tevFKLUc= -contrib.go.opencensus.io/exporter/stackdriver v0.13.7/go.mod h1:huNtlWx75MwO7qMs0KrMxPZXzNNWebav1Sq/pm02JdQ= +contrib.go.opencensus.io/exporter/stackdriver v0.13.8/go.mod h1:huNtlWx75MwO7qMs0KrMxPZXzNNWebav1Sq/pm02JdQ= contrib.go.opencensus.io/integrations/ocsql v0.1.4/go.mod h1:8DsSdjz3F+APR+0z0WkU1aRorQCFfRxvqjUUPMbF3fE= contrib.go.opencensus.io/resource v0.1.1/go.mod h1:F361eGI91LCmW1I/Saf+rX0+OFcigGlFvXwEGEnkRLA= dmitri.shuralyov.com/app/changes v0.0.0-20180602232624-0a106ad413e3/go.mod h1:Yl+fi1br7+Rr3LqpNJf1/uxUdtRUV+Tnj0o93V2B9MU= @@ -104,8 +108,8 @@ github.com/Azure/go-autorest/autorest/validation v0.3.1/go.mod h1:yhLgjC0Wda5DYX github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/toml v1.1.0 h1:ksErzDEI1khOiGPgpwuI7x2ebx/uXQNw7xJpn9Eq1+I= -github.com/BurntSushi/toml v1.1.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/BurntSushi/toml v1.2.0 h1:Rt8g24XnyGTyglgET/PRUNlrUeu9F5L+7FilkXfZgs0= +github.com/BurntSushi/toml v1.2.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= github.com/GoogleCloudPlatform/cloudsql-proxy v0.0.0-20191009163259-e802c2cb94ae/go.mod h1:mjwGPas4yKduTyubHvD1Atl9r1rUq8DfVy+gkVvZ+oo= @@ -153,7 +157,7 @@ github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20220418222510-f25a4f6275ed h1:u github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20220418222510-f25a4f6275ed/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY= github.com/aokoli/goutils v1.0.1/go.mod h1:SijmP0QR8LtwsmDs8Yii5Z/S4trXFGFC2oO5g9DP+DQ= github.com/apache/beam v2.28.0+incompatible/go.mod h1:/8NX3Qi8vGstDLLaeaU7+lzVEu/ACaQhYjeefzQ0y1o= -github.com/apache/beam v2.30.0+incompatible/go.mod h1:/8NX3Qi8vGstDLLaeaU7+lzVEu/ACaQhYjeefzQ0y1o= +github.com/apache/beam v2.32.0+incompatible/go.mod h1:/8NX3Qi8vGstDLLaeaU7+lzVEu/ACaQhYjeefzQ0y1o= github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/apex/log v1.1.4/go.mod h1:AlpoD9aScyQfJDVHmLMEcx4oU6LqzkWp4Mg9GdAcEvQ= @@ -179,7 +183,6 @@ github.com/aws/aws-sdk-go v1.20.6/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN github.com/aws/aws-sdk-go v1.23.20/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.25.11/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.30.29/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/aws/aws-sdk-go v1.37.0 h1:GzFnhOIsrGyQ69s7VgqtrG2BG8v7X7vwB3Xpbd/DBBk= github.com/aws/aws-sdk-go v1.37.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= @@ -339,8 +342,11 @@ github.com/fsnotify/fsnotify v1.5.1 h1:mZcQUHVQUQWoPXXtuf9yuEXKudkV2sx1E06UadKWp github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU= github.com/fullstorydev/grpcurl v1.8.0/go.mod h1:Mn2jWbdMrQGJQ8UD62uNyMumT2acsZUCkZIqFxsQf1o= github.com/fullstorydev/grpcurl v1.8.1/go.mod h1:3BWhvHZwNO7iLXaQlojdg5NA6SxUDePli4ecpK1N7gw= +github.com/fullstorydev/grpcurl v1.8.2/go.mod h1:YvWNT3xRp2KIRuvCphFodG0fKkMXwaxA9CJgKCcyzUQ= github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI= +github.com/gin-gonic/gin v1.5.0/go.mod h1:Nd6IXA8m5kNZdNEHMBd93KT+mdY3+bewLgRvmCsR2Do= github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= github.com/go-asn1-ber/asn1-ber v1.3.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= @@ -368,6 +374,8 @@ github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbV github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-piv/piv-go v1.7.0/go.mod h1:ON2WvQncm7dIkCQ7kYJs+nc3V4jHGfrrJnSF8HKy7Gk= +github.com/go-playground/locales v0.12.1/go.mod h1:IUMDtCfWo/w/mtMfIE/IG2K+Ey3ygWanZIBtBW0W2TM= +github.com/go-playground/universal-translator v0.16.0/go.mod h1:1AnU7NaIRDWWzGEKwgtJRd2xk99HeFyHw3yid4rvQIY= github.com/go-redis/redis v6.15.9+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA= github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= @@ -436,12 +444,12 @@ github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEW github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= -github.com/google/cel-go v0.11.4 h1:wWOnKmLxALl3l9Av221MfIOWRiR01sDVljzg6LZ6Zn0= -github.com/google/cel-go v0.11.4/go.mod h1:Av7CU6r6X3YmcHR9GXqVDaEJYfEtSxl6wvIjUQTriCw= +github.com/google/cel-go v0.12.4 h1:YINKfuHZ8n72tPOqSPZBwGiDpew2CJS48mdM5W8LZQU= +github.com/google/cel-go v0.12.4/go.mod h1:Av7CU6r6X3YmcHR9GXqVDaEJYfEtSxl6wvIjUQTriCw= github.com/google/certificate-transparency-go v1.0.21/go.mod h1:QeJfpSbVSfYc7RgB3gJFj9cbuQMMchQxrWXz8Ruopmg= github.com/google/certificate-transparency-go v1.1.2-0.20210422104406-9f33727a7a18/go.mod h1:6CKh9dscIRoqc2kC6YUFICHZMT9NrClyPrRVFrdw1QQ= github.com/google/certificate-transparency-go v1.1.2-0.20210512142713-bed466244fa6/go.mod h1:aF2dp7Dh81mY8Y/zpzyXps4fQW5zQbDu2CxfpJB6NkI= -github.com/google/certificate-transparency-go v1.1.2-0.20210623111010-a50f74f4ce95/go.mod h1:Qj+RD7dL44/KQVYkRk4wDVszkPOzxNcHmuX4HCMEqKg= +github.com/google/certificate-transparency-go v1.1.2/go.mod h1:3OL+HKDqHPUfdKrHVQxO6T8nDLO0HF7LRTlkIWXaWvQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= @@ -490,7 +498,7 @@ github.com/google/rpmpack v0.0.0-20191226140753-aa36bfddb3a0/go.mod h1:RaTPr0KUf github.com/google/subcommands v1.0.1/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk= github.com/google/trillian v1.3.14-0.20210409160123-c5ea3abd4a41/go.mod h1:1dPv0CUjNQVFEDuAUFhZql16pw/VlPgaX8qj+g5pVzQ= github.com/google/trillian v1.3.14-0.20210511103300-67b5f349eefa/go.mod h1:s4jO3Ai4NSvxucdvqUHON0bCqJyoya32eNw6XJwsmNc= -github.com/google/trillian v1.3.14-0.20210622121126-870e0cdde059/go.mod h1:77nhQ5M0g7nqL2S6sjQWUyqQ90h0X26T8cr0pQqqxec= +github.com/google/trillian v1.4.0/go.mod h1:1Bja2nEgMDlEJWWRXBUemSPG9qYw84ZYX2gHRVHlR+g= github.com/google/uuid v0.0.0-20161128191214-064e2069ce9c/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -498,6 +506,7 @@ github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+ github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/wire v0.3.0/go.mod h1:i1DMg/Lu8Sz5yYl25iOdmc5CT5qusaa+zmRWs16741s= +github.com/googleapis/gax-go v2.0.0+incompatible h1:j0GKcs05QVmm7yesiZq2+9cxHkNK9YM6zKx4D2qucQU= github.com/googleapis/gax-go v2.0.0+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= github.com/googleapis/gax-go v2.0.2+incompatible h1:silFMLAnr330+NRuag/VjIGF7TLp/LBrV2CJKFLWEww= github.com/googleapis/gax-go v2.0.2+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= @@ -583,6 +592,7 @@ github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/J github.com/hashicorp/vault/api v1.3.0/go.mod h1:EabNQLI0VWbWoGlA+oBLC8PXmR9D60aUVgQGvangFWQ= github.com/hashicorp/vault/api v1.3.1/go.mod h1:QeJoWxMFt+MsuWcYhmwRLwKEXrjwAFFywzhptMsTIUw= github.com/hashicorp/vault/api/auth/approle v0.1.1/go.mod h1:mHOLgh//xDx4dpqXoq6tS8Ob0FoCFWLU2ibJ26Lfmag= +github.com/hashicorp/vault/api/auth/kubernetes v0.1.0/go.mod h1:Pdgk78uIs0mgDOLvc3a+h/vYIT9rznw2sz+ucuH9024= github.com/hashicorp/vault/sdk v0.3.0/go.mod h1:aZ3fNuL5VNydQk8GcLJ2TV8YCRVvyaakYkhZRoVuhj0= github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= @@ -659,9 +669,9 @@ github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJS github.com/jhump/protoreflect v1.6.0/go.mod h1:eaTn3RZAmMBcV0fifFvlm6VHNz3wSkYyXYWUh7ymB74= github.com/jhump/protoreflect v1.6.1/go.mod h1:RZQ/lnuN+zqeRVpQigTwO6o0AJUkxbnSnpuG7toUTG4= github.com/jhump/protoreflect v1.8.2/go.mod h1:7GcYQDdMU/O/BBrl/cX6PNHpXh6cenjd8pneu5yW7Tg= +github.com/jhump/protoreflect v1.9.0/go.mod h1:7GcYQDdMU/O/BBrl/cX6PNHpXh6cenjd8pneu5yW7Tg= github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= -github.com/jmespath/go-jmespath v0.3.0/go.mod h1:9QtRXoHjLGCJ5IBSaohpXITPlowMeeYCZ7fLUTSywik= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= @@ -691,11 +701,11 @@ github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQL github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.12.3/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= -github.com/klauspost/compress v1.15.6 h1:6D9PcO8QWu0JyaQ2zUMmu16T1T+zjjEpP91guRsvDfY= -github.com/klauspost/compress v1.15.6/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU= +github.com/klauspost/compress v1.15.9 h1:wKRjX6JRtDdrE9qwa4b/Cip7ACOshUI4smpCQanqjSY= +github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU= github.com/klauspost/cpuid/v2 v2.0.11/go.mod h1:g2LTdtYhdyuGPqyWyv7qRAmj1WBqxuObKfj5c0PQa7c= -github.com/klauspost/cpuid/v2 v2.0.13 h1:1XxvOiqXZ8SULZUKim/wncr3wZ38H4yCuVDvKdK9OGs= -github.com/klauspost/cpuid/v2 v2.0.13/go.mod h1:g2LTdtYhdyuGPqyWyv7qRAmj1WBqxuObKfj5c0PQa7c= +github.com/klauspost/cpuid/v2 v2.1.0 h1:eyi1Ad2aNJMW95zcSbmGg7Cg6cq3ADwLpMAP96d8rF0= +github.com/klauspost/cpuid/v2 v2.1.0/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -711,6 +721,7 @@ github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= +github.com/leodido/go-urn v1.1.0/go.mod h1:+cyI34gQWZcE1eQU7NVgKkkzdXDQHr1dBMtdAPozLkw= github.com/letsencrypt/pkcs11key/v4 v4.0.0/go.mod h1:EFUvBDay26dErnNb70Nd0/VW3tJiIbETBPTl9ATXQag= github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.1.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= @@ -722,8 +733,8 @@ github.com/libdns/libdns v0.2.1 h1:Wu59T7wSHRgtA0cfxC+n1c/e+O3upJGWytknkmFEDis= github.com/libdns/libdns v0.2.1/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40= github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= -github.com/lucas-clemente/quic-go v0.28.0 h1:9eXVRgIkMQQyiyorz/dAaOYIx3TFzXsIFkNFz4cxuJM= -github.com/lucas-clemente/quic-go v0.28.0/go.mod h1:oGz5DKK41cJt5+773+BSO9BXDsREY4HLf7+0odGAPO0= +github.com/lucas-clemente/quic-go v0.28.1 h1:Uo0lvVxWg5la9gflIF9lwa39ONq85Xq2D91YNEIslzU= +github.com/lucas-clemente/quic-go v0.28.1/go.mod h1:oGz5DKK41cJt5+773+BSO9BXDsREY4HLf7+0odGAPO0= github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/lxn/walk v0.0.0-20210112085537-c389da54e794/go.mod h1:E23UucZGqpuUANJooIbHWCufXvOcT6E7Stq81gU+CSQ= github.com/lxn/win v0.0.0-20210218163916-a377121e959e/go.mod h1:KxxjdtRkfNoYDCUP5ryK7XJJNTnpC8atvtmTheChOtk= @@ -756,6 +767,7 @@ github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNx github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.7/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= +github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ= github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84= github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= @@ -771,8 +783,9 @@ github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5 github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d h1:5PJl274Y63IEHC+7izoQE9x6ikvDFZS2mDVS3drnohI= github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= -github.com/mholt/acmez v1.0.2 h1:C8wsEBIUVi6e0DYoxqCcFuXtwc4AWXL/jgcDjF7mjVo= github.com/mholt/acmez v1.0.2/go.mod h1:8qnn8QA/Ewx8E3ZSsmscqsIjhhpxuy9vqdgbX2ceceM= +github.com/mholt/acmez v1.0.3 h1:mDgRxGYk6TKlfydYNMfX0HXXJh9i73YL+swPjYCADU8= +github.com/mholt/acmez v1.0.3/go.mod h1:qFGLZ4u+ehWINeJZjzPlsnjJBCPAADWTcIqE/7DAYQY= github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4= github.com/micromdm/scep/v2 v2.1.0 h1:2fS9Rla7qRR266hvUoEauBJ7J6FhgssEiq2OkSKXmaU= github.com/micromdm/scep/v2 v2.1.0/go.mod h1:BkF7TkPPhmgJAMtHfP+sFTKXmgzNJgLQlvvGoOExBcc= @@ -897,8 +910,8 @@ github.com/prometheus/client_golang v1.5.1/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3O github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_golang v1.10.0/go.mod h1:WJM3cc3yu7XKBKa/I8WeZm+V3eltZnBwfENSU7mdogU= github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= -github.com/prometheus/client_golang v1.12.1 h1:ZiaPsmm9uiBeaSMRznKsCDNtPCS0T3JVDGF+06gjBzk= -github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= +github.com/prometheus/client_golang v1.12.2 h1:51L9cDoUHVrXx4zWYlcLQIZ+d+VXHgqnYKkIuq4g/34= +github.com/prometheus/client_golang v1.12.2/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= @@ -931,6 +944,7 @@ github.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0 github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/pseudomuto/protoc-gen-doc v1.4.1/go.mod h1:exDTOVwqpp30eV/EDPFLZy3Pwr2sn6hBC1WIYH/UbIg= +github.com/pseudomuto/protoc-gen-doc v1.5.0/go.mod h1:exDTOVwqpp30eV/EDPFLZy3Pwr2sn6hBC1WIYH/UbIg= github.com/pseudomuto/protokit v0.2.0/go.mod h1:2PdH30hxVHsup8KpBTOXTBeMVhJZVio3Q8ViKSAXT0Q= github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= @@ -939,6 +953,7 @@ github.com/rogpeppe/fastuuid v1.1.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6L github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= +github.com/rs/cors v1.8.0/go.mod h1:EBwu+T5AvHOcXwvZIkQFjUN6s8Czyqw12GL/Y0tUyRM= github.com/rs/xid v1.2.1 h1:mhH9Nq+C1fY2l1XIpgxIiUOfNpRBYH1kKcr+qfKgjRc= github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ= github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU= @@ -999,16 +1014,13 @@ github.com/slackhq/nebula v1.5.2/go.mod h1:xaCM6wqbFk/NRmmUe1bv88fWBm3a1UioXJVIp github.com/smallstep/assert v0.0.0-20180720014142-de77670473b5/go.mod h1:TC9A4+RjIOS+HyTH7wG17/gSqVv95uDw2J64dQZx7RE= github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262 h1:unQFBIznI+VYD1/1fApl1A+9VcBk+9dcqGfnePY87LY= github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262/go.mod h1:MyOHs9Po2fbM1LHej6sBUT8ozbxmMOFG+E+rx/GSGuc= -github.com/smallstep/certificates v0.18.0/go.mod h1:8eHwHNg/bRWvNZo9S0uWFVMkS+LSpDYxM4//EgBhkFM= -github.com/smallstep/certificates v0.19.0 h1:wW344Q/QpupjKKFKa4PqzEXfwgeq/54dkU/HNvGnwQQ= -github.com/smallstep/certificates v0.19.0/go.mod h1:nkG4c+1HLnCmIBAgZ/bKaBPAsN7ePtyzkDWzPSqcObQ= -github.com/smallstep/certinfo v1.5.2/go.mod h1:gA7HBbue0Wwr3kD60P2UtgTIFfMAOC66D3rzYhI0GZ4= -github.com/smallstep/cli v0.18.0 h1:BslbUHuMfj/LbVHxuZ4Hv1sL+vAHHidqia4JRoCBwXs= -github.com/smallstep/cli v0.18.0/go.mod h1:C8ZSfMm/pKdCHnN1C3Pc44bjIOkBbyuoyq6XjS/K9lI= -github.com/smallstep/nosql v0.3.9/go.mod h1:X2qkYpNcW3yjLUvhEHfgGfClpKbFPapewvx7zo4TOFs= +github.com/smallstep/certificates v0.21.0 h1:RdzGph8pwPZ3RJwnJ6T+HrnHJswJNhX8skoJ4Cc/lxM= +github.com/smallstep/certificates v0.21.0/go.mod h1:QlIuU3l25qxeWTo19VviZq/CKhRFtJt75RoTEUh9pbY= +github.com/smallstep/certinfo v1.7.0/go.mod h1:QRjP6s+cuishA6cdB//RX357ysYGz/QxlpWGyWjnfII= +github.com/smallstep/cli v0.21.0 h1:m7p1lQFfbBF7RI+Z49eaRBW3oI/5HmnwT8Pa8/xgGcE= +github.com/smallstep/cli v0.21.0/go.mod h1:o8hZZAjO4901b3iWmS4fsKasuD57hmkkJJBumYnspPo= github.com/smallstep/nosql v0.4.0 h1:Go3WYwttUuvwqMtFiiU4g7kBIlY+hR0bIZAqVdakQ3M= github.com/smallstep/nosql v0.4.0/go.mod h1:yKZT5h7cdIVm6wEKM9+jN5dgK80Hljpuy8HNsnI7Gzo= -github.com/smallstep/truststore v0.9.6/go.mod h1:HwHKRcBi0RUxxw1LYDpTRhYC4jZUuxPpkHdVonlkoDM= github.com/smallstep/truststore v0.11.0 h1:JUTkQ4oHr40jHTS/A2t0usEhteMWG+45CDD2iJA/dIk= github.com/smallstep/truststore v0.11.0/go.mod h1:HwHKRcBi0RUxxw1LYDpTRhYC4jZUuxPpkHdVonlkoDM= github.com/smallstep/zcrypto v0.0.0-20210924233136-66c2600f6e71/go.mod h1:+F24VU3UCxfVFvvqgm5jNUFQOm/L6ed13ImwWGFgg/g= @@ -1079,7 +1091,9 @@ github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1 github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce/go.mod h1:o8v6yHRoik09Xen7gje4m9ERNah1d1PPsVq1VEx9vE4= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= +github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw= github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= +github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY= github.com/ulikunitz/xz v0.5.6/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8= github.com/ulikunitz/xz v0.5.7/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= @@ -1106,8 +1120,8 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.5/go.mod h1:rmuwmfZ0+bvzB24eSC//bk1R1Zp3hM0OXYv/G2LIilg= -github.com/yuin/goldmark v1.4.12 h1:6hffw6vALvEDqJ19dOJvJKOoAOKe4NDaTqvd2sktGN0= -github.com/yuin/goldmark v1.4.12/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +github.com/yuin/goldmark v1.4.13 h1:fVcFKWvrslecOb/tg+Cc05dkeYx540o0FuFt3nUVDoE= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/yuin/goldmark-highlighting v0.0.0-20220208100518-594be1970594 h1:yHfZyN55+5dp1wG7wDKv8HQ044moxkyGq12KFFMFDxg= github.com/yuin/goldmark-highlighting v0.0.0-20220208100518-594be1970594/go.mod h1:U9ihbh+1ZN7fR5Se3daSPoz1CGF9IYtSvWwVQtnzGHU= github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q= @@ -1192,15 +1206,14 @@ go.opentelemetry.io/otel/trace v1.4.0/go.mod h1:uc3eRsqDfWs9R7b92xbQbU42/eTNz4N+ go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.opentelemetry.io/proto/otlp v0.12.0 h1:CMJ/3Wp7iOWES+CYLfnBv+DVmPbB+kmy9PJ92XvlR6c= go.opentelemetry.io/proto/otlp v0.12.0/go.mod h1:TsIjwGWIx5VFYv9KGVlOpxoBl5Dy+63SUguV7GGvlSQ= -go.step.sm/cli-utils v0.7.0 h1:2GvY5Muid1yzp7YQbfCCS+gK3q7zlHjjLL5Z0DXz8ds= go.step.sm/cli-utils v0.7.0/go.mod h1:Ur6bqA/yl636kCUJbp30J7Unv5JJ226eW2KqXPDwF/E= +go.step.sm/cli-utils v0.7.3 h1:IA12IaiXVCI18yOFVQuvMpyvjL8wuwUn1yO+KhAVAr0= +go.step.sm/cli-utils v0.7.3/go.mod h1:RJRwbBLqzs5nrepQLAV9FuT3fVpWz66tKzLIB7Izpfk= go.step.sm/crypto v0.9.0/go.mod h1:+CYG05Mek1YDqi5WK0ERc6cOpKly2i/a5aZmU1sfGj0= -go.step.sm/crypto v0.13.0/go.mod h1:5YzQ85BujYBu6NH18jw7nFjwuRnDch35nLzH0ES5sKg= -go.step.sm/crypto v0.16.1 h1:4mnZk21cSxyMGxsEpJwZKKvJvDu1PN09UVrWWFNUBdk= -go.step.sm/crypto v0.16.1/go.mod h1:3G0yQr5lQqfEG0CMYz8apC/qMtjLRQlzflL2AxkcN+g= -go.step.sm/linkedca v0.7.0/go.mod h1:5uTRjozEGSPAZal9xJqlaD38cvJcLe3o1VAFVjqcORo= -go.step.sm/linkedca v0.15.0 h1:lEkGRDY+u7FudGKt8yEo7nBy5OzceO9s3rl+/sZVL5M= -go.step.sm/linkedca v0.15.0/go.mod h1:W59ucS4vFpuR0g4PtkGbbtXAwxbDEnNCg+ovkej1ANM= +go.step.sm/crypto v0.16.2 h1:Pr9aazTwWBBZNogUsOqhOrPSdwAa9pPs+lMB602lnDA= +go.step.sm/crypto v0.16.2/go.mod h1:1WkTOTY+fOX/RY4TnZREp6trQAsBHRQ7nu6QJBiNQF8= +go.step.sm/linkedca v0.16.1 h1:CdbMV5SjnlRsgeYTXaaZmQCkYIgJq8BOzpewri57M2k= +go.step.sm/linkedca v0.16.1/go.mod h1:W59ucS4vFpuR0g4PtkGbbtXAwxbDEnNCg+ovkej1ANM= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= @@ -1256,12 +1269,12 @@ golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20210915214749-c084706c2272/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211202192323-5770296d904e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220210151621-f4118a5b28e2 h1:XdAboW3BNMv9ocSCOk/u1MFioZGzCNkiJZ19v9Oe3Ig= golang.org/x/crypto v0.0.0-20220210151621-f4118a5b28e2/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29 h1:tkVvjkPTB7pnW3jnid7kNyAMPVWllTNOf/qKDze4p9o= +golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -1363,13 +1376,14 @@ golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20210913180222-943fd674d43e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211020060615-d418f374d309/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e h1:TsQ7F31D3bUCLeqPT0u+yjp1guoArKaNKmCr22PYgTQ= +golang.org/x/net v0.0.0-20220403103023-749bd193bc2b/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.0.0-20220630215102-69896b714898 h1:K7wO6V1IrczY9QOQ2WkVpw4JQSwCd52UsxVEirZUfiw= +golang.org/x/net v0.0.0-20220630215102-69896b714898/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181106182150-f42d05182288/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -1512,11 +1526,12 @@ golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a h1:dGzPydgVsqGcTRVwiLJ1jVbufYwmzD3LfVPLKsKg+0k= +golang.org/x/sys v0.0.0-20220405052023-b1e9470b6e64/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e h1:CsOuNlbOuf0mzxJIefr6Q4uAUetRUwZE4qt7VfzP+xo= +golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210503060354-a79de5458b56/go.mod h1:tfny5GFUkzUvx4ps4ajbZsCe5lw1metzhBm9T3x7oIY= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1742,7 +1757,6 @@ google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxH google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24= google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= -google.golang.org/genproto v0.0.0-20210719143636-1d5a45f8e492/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w= @@ -1760,6 +1774,7 @@ google.golang.org/genproto v0.0.0-20220126215142-9970aeb2e350/go.mod h1:5CzLGKJ6 google.golang.org/genproto v0.0.0-20220207164111-0872dc986b00/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20220218161850-94dd64e39d7c/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= google.golang.org/genproto v0.0.0-20220222213610-43724f9ea8cf/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= +google.golang.org/genproto v0.0.0-20220401170504-314d38edb7de/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 h1:hrbNEivu7Zn1pxvHk6MBrq9iE22woVILTHqexqBxe6I= google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= @@ -1800,6 +1815,7 @@ google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9K google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k= google.golang.org/grpc v1.43.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= +google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ= google.golang.org/grpc v1.46.0 h1:oCjezcn6g6A75TGoKYBPgKmVBLexhYLM6MebdrPApP8= google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= @@ -1830,6 +1846,8 @@ gopkg.in/cheggaaa/pb.v1 v1.0.28/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qS gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o= +gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE= +gopkg.in/go-playground/validator.v9 v9.29.1/go.mod h1:+c9/zcJMFNgbLvly1L1V+PpxWdVbfP1avr/N00E2vyQ= gopkg.in/inconshreveable/log15.v2 v2.0.0-20180818164646-67afb5ed74ec/go.mod h1:aPpfJ7XW+gOuirDoZ8gHhLh3kZ1B08FtV2bbmy7Jv3s= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= @@ -1859,6 +1877,7 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= grpc.go4.org v0.0.0-20170609214715-11d0a25b4919/go.mod h1:77eQGdRu53HpSqPFJFmuJdjuHRquDANNeA4x7B8WQ9o= @@ -1879,7 +1898,7 @@ rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= -software.sslmate.com/src/go-pkcs12 v0.0.0-20201103104416-57fc603b7f52/go.mod h1:/xvNRWUqm0+/ZMiF4EX00vrSCMsE4/NHb+Pt3freEeQ= +software.sslmate.com/src/go-pkcs12 v0.2.0/go.mod h1:23rNcYsMabIc1otwLpTkCCPwUq6kQsTyowttG/as0kQ= sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU= sourcegraph.com/sourcegraph/go-diff v0.5.0/go.mod h1:kuch7UrkMzY0X+p9CRK03kfuPQ2zzQcaEFbx8wA8rck= sourcegraph.com/sqs/pbtypes v0.0.0-20180604144634-d3ebe8f20ae4/go.mod h1:ketZ/q3QxT9HOBeFhu6RdvsftgpsbFHBF5Cas6cDKZ0= From c833e3b249d98e5d234eafea714e233a213ca6c2 Mon Sep 17 00:00:00 2001 From: "Y.Horie" Date: Wed, 27 Jul 2022 22:27:18 +0900 Subject: [PATCH 0694/1498] ci: Run golangci-lint on multiple os(#4875) (#4913) --- .github/workflows/lint.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 0aae6196..f8f08a78 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -14,7 +14,10 @@ jobs: # From https://github.com/golangci/golangci-lint-action golangci: name: lint - runs-on: ubuntu-latest + strategy: + matrix: + os: [ubuntu-latest, macos-latest, windows-latest] + runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v3 - uses: actions/setup-go@v3 @@ -25,6 +28,6 @@ jobs: - name: golangci-lint uses: golangci/golangci-lint-action@v3 with: - version: v1.44 + version: v1.47 # Optional: show only new issues if it's a pull request. The default value is `false`. - # only-new-issues: true + only-new-issues: true From ea8df6ff114299058593530d24fe244201525b9a Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 28 Jul 2022 14:50:28 -0600 Subject: [PATCH 0695/1498] caddyhttp: Use new CEL APIs (fix #4915) Hahaha this is the ultimate "I have no idea what I'm doing" commit but it compiles and the tests pass and I declare victory! ... probably broke something, should be tested more. It is nice that the protobuf dependency becomes indirect now. --- go.mod | 2 +- modules/caddyhttp/celmatcher.go | 114 ++++++------------------ modules/caddyhttp/fileserver/matcher.go | 12 +-- modules/caddyhttp/matchers.go | 24 +++-- 4 files changed, 43 insertions(+), 109 deletions(-) diff --git a/go.mod b/go.mod index 631cc586..c30afdf7 100644 --- a/go.mod +++ b/go.mod @@ -33,7 +33,6 @@ require ( golang.org/x/net v0.0.0-20220630215102-69896b714898 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 - google.golang.org/protobuf v1.28.0 gopkg.in/natefinch/lumberjack.v2 v2.0.0 gopkg.in/yaml.v3 v3.0.1 ) @@ -127,6 +126,7 @@ require ( golang.org/x/tools v0.1.7 // indirect golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect google.golang.org/grpc v1.46.0 // indirect + google.golang.org/protobuf v1.28.0 // indirect gopkg.in/square/go-jose.v2 v2.6.0 // indirect gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect howett.net/plist v1.0.0 // indirect diff --git a/modules/caddyhttp/celmatcher.go b/modules/caddyhttp/celmatcher.go index 4938cd5c..7b1e89db 100644 --- a/modules/caddyhttp/celmatcher.go +++ b/modules/caddyhttp/celmatcher.go @@ -28,7 +28,6 @@ import ( "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" "github.com/google/cel-go/cel" - "github.com/google/cel-go/checker/decls" "github.com/google/cel-go/common" "github.com/google/cel-go/common/operators" "github.com/google/cel-go/common/types" @@ -40,7 +39,6 @@ import ( "github.com/google/cel-go/parser" "go.uber.org/zap" exprpb "google.golang.org/genproto/googleapis/api/expr/v1alpha1" - "google.golang.org/protobuf/proto" ) func init() { @@ -126,13 +124,12 @@ func (m *MatchExpression) Provision(ctx caddy.Context) error { // create the CEL environment env, err := cel.NewEnv( - cel.Declarations( - decls.NewVar("request", httpRequestObjectType), - decls.NewFunction(placeholderFuncName, - decls.NewOverload(placeholderFuncName+"_httpRequest_string", - []*exprpb.Type{httpRequestObjectType, decls.String}, - decls.Any)), - ), + cel.Function(placeholderFuncName, cel.SingletonBinaryImpl(m.caddyPlaceholderFunc), cel.Overload( + placeholderFuncName+"_httpRequest_string", + []*cel.Type{httpRequestObjectType, cel.StringType}, + cel.AnyType, + )), + cel.Variable("request", httpRequestObjectType), cel.CustomTypeAdapter(m.ta), ext.Strings(), matcherLib, @@ -149,20 +146,12 @@ func (m *MatchExpression) Provision(ctx caddy.Context) error { // request matching is a boolean operation, so we don't really know // what to do if the expression returns a non-boolean type - if !proto.Equal(checked.ResultType(), decls.Bool) { - return fmt.Errorf("CEL request matcher expects return type of bool, not %s", checked.ResultType()) + if checked.OutputType() != cel.BoolType { + return fmt.Errorf("CEL request matcher expects return type of bool, not %s", checked.OutputType()) } // compile the "program" - m.prg, err = env.Program(checked, - cel.EvalOptions(cel.OptOptimize), - cel.Functions( - &functions.Overload{ - Operator: placeholderFuncName, - Binary: m.caddyPlaceholderFunc, - }, - ), - ) + m.prg, err = env.Program(checked, cel.EvalOptions(cel.OptOptimize)) if err != nil { return fmt.Errorf("compiling CEL program: %s", err) } @@ -321,62 +310,46 @@ type CELLibraryProducer interface { // limited set of function signatures. For strong type validation you may need // to provide a custom macro which does a more detailed analysis of the CEL // literal provided to the macro as an argument. -func CELMatcherImpl(macroName, funcName string, matcherDataTypes []*exprpb.Type, fac CELMatcherFactory) (cel.Library, error) { - requestType := decls.NewObjectType("http.Request") +func CELMatcherImpl(macroName, funcName string, matcherDataTypes []*cel.Type, fac CELMatcherFactory) (cel.Library, error) { + requestType := cel.ObjectType("http.Request") var macro parser.Macro switch len(matcherDataTypes) { case 1: matcherDataType := matcherDataTypes[0] - if isCELStringListType(matcherDataType) { + switch matcherDataType.String() { + case "list(string)": macro = parser.NewGlobalVarArgMacro(macroName, celMatcherStringListMacroExpander(funcName)) - } else if isCELStringType(matcherDataType) { + case cel.StringType.String(): macro = parser.NewGlobalMacro(macroName, 1, celMatcherStringMacroExpander(funcName)) - } else if isCELJSONType(matcherDataType) { + case CELTypeJSON.String(): macro = parser.NewGlobalMacro(macroName, 1, celMatcherJSONMacroExpander(funcName)) - } else { - return nil, fmt.Errorf("unsupported matcher data type: %s", cel.FormatType(matcherDataType)) + default: + return nil, fmt.Errorf("unsupported matcher data type: %s", matcherDataType) } case 2: - if isCELStringType(matcherDataTypes[0]) && isCELStringType(matcherDataTypes[1]) { + if matcherDataTypes[0] == cel.StringType && matcherDataTypes[1] == cel.StringType { macro = parser.NewGlobalMacro(macroName, 2, celMatcherStringListMacroExpander(funcName)) - matcherDataTypes = []*exprpb.Type{CelTypeListString} + matcherDataTypes = []*cel.Type{cel.ListType(cel.StringType)} } else { - return nil, fmt.Errorf( - "unsupported matcher data type: %s, %s", - cel.FormatType(matcherDataTypes[0]), cel.FormatType(matcherDataTypes[1]), - ) + return nil, fmt.Errorf("unsupported matcher data type: %s, %s", matcherDataTypes[0], matcherDataTypes[1]) } case 3: - if isCELStringType(matcherDataTypes[0]) && isCELStringType(matcherDataTypes[1]) && isCELStringType(matcherDataTypes[2]) { + if matcherDataTypes[0] == cel.StringType && matcherDataTypes[1] == cel.StringType && matcherDataTypes[2] == cel.StringType { macro = parser.NewGlobalMacro(macroName, 3, celMatcherStringListMacroExpander(funcName)) - matcherDataTypes = []*exprpb.Type{CelTypeListString} + matcherDataTypes = []*cel.Type{cel.ListType(cel.StringType)} } else { - return nil, fmt.Errorf( - "unsupported matcher data type: %s, %s, %s", - cel.FormatType(matcherDataTypes[0]), cel.FormatType(matcherDataTypes[1]), cel.FormatType(matcherDataTypes[2]), - ) + return nil, fmt.Errorf("unsupported matcher data type: %s, %s, %s", matcherDataTypes[0], matcherDataTypes[1], matcherDataTypes[2]) } } envOptions := []cel.EnvOption{ cel.Macros(macro), - cel.Declarations( - decls.NewFunction(funcName, - decls.NewOverload( - funcName, - append([]*exprpb.Type{requestType}, matcherDataTypes...), - decls.Bool, - ), - ), - ), + cel.Function(funcName, + cel.Overload(funcName, append([]*cel.Type{requestType}, matcherDataTypes...), cel.BoolType), + + cel.SingletonBinaryImpl(CELMatcherRuntimeFunction(funcName, fac))), } programOptions := []cel.ProgramOption{ cel.CustomDecorator(CELMatcherDecorator(funcName, fac)), - cel.Functions( - &functions.Overload{ - Operator: funcName, - Binary: CELMatcherRuntimeFunction(funcName, fac), - }, - ), } return NewMatcherCELLibrary(envOptions, programOptions), nil } @@ -610,25 +583,6 @@ func CELValueToMapStrList(data ref.Val) (map[string][]string, error) { return mapStrListStr, nil } -// isCELJSONType returns whether the type corresponds to JSON input. -func isCELJSONType(t *exprpb.Type) bool { - switch t.GetTypeKind().(type) { - case *exprpb.Type_MapType_: - mapType := t.GetMapType() - return isCELStringType(mapType.GetKeyType()) && mapType.GetValueType().GetDyn() != nil - } - return false -} - -// isCELStringType returns whether the type corresponds to a string. -func isCELStringType(t *exprpb.Type) bool { - switch t.GetTypeKind().(type) { - case *exprpb.Type_Primitive: - return t.GetPrimitive() == exprpb.Type_STRING - } - return false -} - // isCELStringExpr indicates whether the expression is a supported string expression func isCELStringExpr(e *exprpb.Expr) bool { return isCELStringLiteral(e) || isCELCaddyPlaceholderCall(e) || isCELConcatCall(e) @@ -681,15 +635,6 @@ func isCELConcatCall(e *exprpb.Expr) bool { return false } -// isCELStringListType returns whether the type corresponds to a list of strings. -func isCELStringListType(t *exprpb.Type) bool { - switch t.GetTypeKind().(type) { - case *exprpb.Type_ListType_: - return isCELStringType(t.GetListType().GetElemType()) - } - return false -} - // isCELStringListLiteral returns whether the expression resolves to a list literal // containing only string constants or a placeholder call. func isCELStringListLiteral(e *exprpb.Expr) bool { @@ -713,11 +658,10 @@ var ( placeholderRegexp = regexp.MustCompile(`{([a-zA-Z][\w.-]+)}`) placeholderExpansion = `caddyPlaceholder(request, "${1}")` - CelTypeListString = decls.NewListType(decls.String) - CelTypeJson = decls.NewMapType(decls.String, decls.Dyn) + CELTypeJSON = cel.MapType(cel.StringType, cel.DynType) ) -var httpRequestObjectType = decls.NewObjectType("http.Request") +var httpRequestObjectType = cel.ObjectType("http.Request") // The name of the CEL function which accesses Replacer values. const placeholderFuncName = "caddyPlaceholder" diff --git a/modules/caddyhttp/fileserver/matcher.go b/modules/caddyhttp/fileserver/matcher.go index 4f3ffefa..7ed93434 100644 --- a/modules/caddyhttp/fileserver/matcher.go +++ b/modules/caddyhttp/fileserver/matcher.go @@ -27,7 +27,6 @@ import ( "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" "github.com/caddyserver/caddy/v2/modules/caddyhttp" "github.com/google/cel-go/cel" - "github.com/google/cel-go/checker/decls" "github.com/google/cel-go/common" "github.com/google/cel-go/common/operators" "github.com/google/cel-go/common/types/ref" @@ -153,17 +152,10 @@ func (m *MatchFile) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { // Example: // expression file({'root': '/srv', 'try_files': [{http.request.uri.path}, '/index.php'], 'try_policy': 'first_exist', 'split_path': ['.php']}) func (MatchFile) CELLibrary(ctx caddy.Context) (cel.Library, error) { - requestType := decls.NewObjectType("http.Request") + requestType := cel.ObjectType("http.Request") envOptions := []cel.EnvOption{ cel.Macros(parser.NewGlobalVarArgMacro("file", celFileMatcherMacroExpander())), - cel.Declarations( - decls.NewFunction("file", - decls.NewOverload("file_request_map", - []*exprpb.Type{requestType, caddyhttp.CelTypeJson}, - decls.Bool, - ), - ), - ), + cel.Function("file", cel.Overload("file_request_map", []*cel.Type{requestType, caddyhttp.CELTypeJSON}, cel.BoolType)), } matcherFactory := func(data ref.Val) (caddyhttp.RequestMatcher, error) { diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index c8db22f3..82972e51 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -33,11 +33,9 @@ import ( "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" "github.com/google/cel-go/cel" - "github.com/google/cel-go/checker/decls" "github.com/google/cel-go/common/types" "github.com/google/cel-go/common/types/ref" "go.uber.org/zap" - exprpb "google.golang.org/genproto/googleapis/api/expr/v1alpha1" ) type ( @@ -310,7 +308,7 @@ func (MatchHost) CELLibrary(ctx caddy.Context) (cel.Library, error) { return CELMatcherImpl( "host", "host_match_request_list", - []*exprpb.Type{CelTypeListString}, + []*cel.Type{cel.ListType(cel.StringType)}, func(data ref.Val) (RequestMatcher, error) { refStringList := reflect.TypeOf([]string{}) strList, err := data.ConvertToNative(refStringList) @@ -441,7 +439,7 @@ func (MatchPath) CELLibrary(ctx caddy.Context) (cel.Library, error) { // name of the function that the macro will be rewritten to call. "path_match_request_list", // internal data type of the MatchPath value. - []*exprpb.Type{CelTypeListString}, + []*cel.Type{cel.ListType(cel.StringType)}, // function to convert a constant list of strings to a MatchPath instance. func(data ref.Val) (RequestMatcher, error) { refStringList := reflect.TypeOf([]string{}) @@ -509,7 +507,7 @@ func (MatchPathRE) CELLibrary(ctx caddy.Context) (cel.Library, error) { unnamedPattern, err := CELMatcherImpl( "path_regexp", "path_regexp_request_string", - []*exprpb.Type{decls.String}, + []*cel.Type{cel.StringType}, func(data ref.Val) (RequestMatcher, error) { pattern := data.(types.String) matcher := MatchPathRE{MatchRegexp{Pattern: string(pattern)}} @@ -523,7 +521,7 @@ func (MatchPathRE) CELLibrary(ctx caddy.Context) (cel.Library, error) { namedPattern, err := CELMatcherImpl( "path_regexp", "path_regexp_request_string_string", - []*exprpb.Type{decls.String, decls.String}, + []*cel.Type{cel.StringType, cel.StringType}, func(data ref.Val) (RequestMatcher, error) { refStringList := reflect.TypeOf([]string{}) params, err := data.ConvertToNative(refStringList) @@ -582,7 +580,7 @@ func (MatchMethod) CELLibrary(_ caddy.Context) (cel.Library, error) { return CELMatcherImpl( "method", "method_request_list", - []*exprpb.Type{CelTypeListString}, + []*cel.Type{cel.ListType(cel.StringType)}, func(data ref.Val) (RequestMatcher, error) { refStringList := reflect.TypeOf([]string{}) strList, err := data.ConvertToNative(refStringList) @@ -668,7 +666,7 @@ func (MatchQuery) CELLibrary(_ caddy.Context) (cel.Library, error) { return CELMatcherImpl( "query", "query_matcher_request_map", - []*exprpb.Type{CelTypeJson}, + []*cel.Type{CELTypeJSON}, func(data ref.Val) (RequestMatcher, error) { mapStrListStr, err := CELValueToMapStrList(data) if err != nil { @@ -744,7 +742,7 @@ func (MatchHeader) CELLibrary(_ caddy.Context) (cel.Library, error) { return CELMatcherImpl( "header", "header_matcher_request_map", - []*exprpb.Type{CelTypeJson}, + []*cel.Type{CELTypeJSON}, func(data ref.Val) (RequestMatcher, error) { mapStrListStr, err := CELValueToMapStrList(data) if err != nil { @@ -901,7 +899,7 @@ func (MatchHeaderRE) CELLibrary(ctx caddy.Context) (cel.Library, error) { unnamedPattern, err := CELMatcherImpl( "header_regexp", "header_regexp_request_string_string", - []*exprpb.Type{decls.String, decls.String}, + []*cel.Type{cel.StringType, cel.StringType}, func(data ref.Val) (RequestMatcher, error) { refStringList := reflect.TypeOf([]string{}) params, err := data.ConvertToNative(refStringList) @@ -921,7 +919,7 @@ func (MatchHeaderRE) CELLibrary(ctx caddy.Context) (cel.Library, error) { namedPattern, err := CELMatcherImpl( "header_regexp", "header_regexp_request_string_string_string", - []*exprpb.Type{decls.String, decls.String, decls.String}, + []*cel.Type{cel.StringType, cel.StringType, cel.StringType}, func(data ref.Val) (RequestMatcher, error) { refStringList := reflect.TypeOf([]string{}) params, err := data.ConvertToNative(refStringList) @@ -985,7 +983,7 @@ func (MatchProtocol) CELLibrary(_ caddy.Context) (cel.Library, error) { return CELMatcherImpl( "protocol", "protocol_request_string", - []*exprpb.Type{decls.String}, + []*cel.Type{cel.StringType}, func(data ref.Val) (RequestMatcher, error) { protocolStr, ok := data.(types.String) if !ok { @@ -1107,7 +1105,7 @@ func (MatchRemoteIP) CELLibrary(ctx caddy.Context) (cel.Library, error) { // name of the function that the macro will be rewritten to call. "remote_ip_match_request_list", // internal data type of the MatchPath value. - []*exprpb.Type{CelTypeListString}, + []*cel.Type{cel.ListType(cel.StringType)}, // function to convert a constant list of strings to a MatchPath instance. func(data ref.Val) (RequestMatcher, error) { refStringList := reflect.TypeOf([]string{}) From 1bdd451913c065ce555d4e2bdb891946b61ffd87 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 28 Jul 2022 14:50:51 -0600 Subject: [PATCH 0696/1498] caddytls: Remove PreferServerCipherSuites It has been deprecated by Go --- modules/caddytls/connpolicy.go | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/modules/caddytls/connpolicy.go b/modules/caddytls/connpolicy.go index d6304a99..4280f0a1 100644 --- a/modules/caddytls/connpolicy.go +++ b/modules/caddytls/connpolicy.go @@ -172,8 +172,7 @@ func (p *ConnectionPolicy) buildStandardTLSConfig(ctx caddy.Context) error { // so the user-provided config can fill them in; then we will // fill in a default config at the end if they are still unset cfg := &tls.Config{ - NextProtos: p.ALPN, - PreferServerCipherSuites: true, + NextProtos: p.ALPN, GetCertificate: func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) { // TODO: I don't love how this works: we pre-build certmagic configs // so that handshakes are faster. Unfortunately, certmagic configs are @@ -475,8 +474,6 @@ func setDefaultTLSParams(cfg *tls.Config) { if cfg.MaxVersion == 0 { cfg.MaxVersion = tls.VersionTLS13 } - - cfg.PreferServerCipherSuites = true } // LeafCertClientAuth verifies the client's leaf certificate. From 4fced0b6e15429dd51e6edc2c244f7af068ecf84 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 28 Jul 2022 15:16:36 -0600 Subject: [PATCH 0697/1498] Finish fixing lint errors from ea8df6ff Follows up #4915 --- modules/caddyhttp/celmatcher.go | 1 - modules/caddyhttp/fileserver/matcher.go | 19 ++++++++----------- 2 files changed, 8 insertions(+), 12 deletions(-) diff --git a/modules/caddyhttp/celmatcher.go b/modules/caddyhttp/celmatcher.go index 7b1e89db..81fea707 100644 --- a/modules/caddyhttp/celmatcher.go +++ b/modules/caddyhttp/celmatcher.go @@ -345,7 +345,6 @@ func CELMatcherImpl(macroName, funcName string, matcherDataTypes []*cel.Type, fa cel.Macros(macro), cel.Function(funcName, cel.Overload(funcName, append([]*cel.Type{requestType}, matcherDataTypes...), cel.BoolType), - cel.SingletonBinaryImpl(CELMatcherRuntimeFunction(funcName, fac))), } programOptions := []cel.ProgramOption{ diff --git a/modules/caddyhttp/fileserver/matcher.go b/modules/caddyhttp/fileserver/matcher.go index 7ed93434..3ef3e47a 100644 --- a/modules/caddyhttp/fileserver/matcher.go +++ b/modules/caddyhttp/fileserver/matcher.go @@ -30,7 +30,6 @@ import ( "github.com/google/cel-go/common" "github.com/google/cel-go/common/operators" "github.com/google/cel-go/common/types/ref" - "github.com/google/cel-go/interpreter/functions" "github.com/google/cel-go/parser" exprpb "google.golang.org/genproto/googleapis/api/expr/v1alpha1" ) @@ -153,10 +152,6 @@ func (m *MatchFile) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { // expression file({'root': '/srv', 'try_files': [{http.request.uri.path}, '/index.php'], 'try_policy': 'first_exist', 'split_path': ['.php']}) func (MatchFile) CELLibrary(ctx caddy.Context) (cel.Library, error) { requestType := cel.ObjectType("http.Request") - envOptions := []cel.EnvOption{ - cel.Macros(parser.NewGlobalVarArgMacro("file", celFileMatcherMacroExpander())), - cel.Function("file", cel.Overload("file_request_map", []*cel.Type{requestType, caddyhttp.CELTypeJSON}, cel.BoolType)), - } matcherFactory := func(data ref.Val) (caddyhttp.RequestMatcher, error) { values, err := caddyhttp.CELValueToMapStrList(data) @@ -185,14 +180,16 @@ func (MatchFile) CELLibrary(ctx caddy.Context) (cel.Library, error) { return m, err } + envOptions := []cel.EnvOption{ + cel.Macros(parser.NewGlobalVarArgMacro("file", celFileMatcherMacroExpander())), + cel.Function("file", cel.Overload("file_request_map", []*cel.Type{requestType, caddyhttp.CELTypeJSON}, cel.BoolType)), + cel.Function("file_request_map", + cel.Overload("file_request_map", []*cel.Type{requestType, caddyhttp.CELTypeJSON}, cel.BoolType), + cel.SingletonBinaryImpl(caddyhttp.CELMatcherRuntimeFunction("file_request_map", matcherFactory))), + } + programOptions := []cel.ProgramOption{ cel.CustomDecorator(caddyhttp.CELMatcherDecorator("file_request_map", matcherFactory)), - cel.Functions( - &functions.Overload{ - Operator: "file_request_map", - Binary: caddyhttp.CELMatcherRuntimeFunction("file_request_map", matcherFactory), - }, - ), } return caddyhttp.NewMatcherCELLibrary(envOptions, programOptions), nil From ff2ba6de8a312813140b5db24f14a407e98f4509 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Thu, 28 Jul 2022 17:19:48 -0400 Subject: [PATCH 0698/1498] caddyhttp: Clear out matcher error immediately after grabbing it (#4916) Co-authored-by: Matthew Holt --- modules/caddyhttp/routes.go | 4 ++++ modules/caddyhttp/vars.go | 10 ++++++++++ 2 files changed, 14 insertions(+) diff --git a/modules/caddyhttp/routes.go b/modules/caddyhttp/routes.go index 7b2871ff..b8771db3 100644 --- a/modules/caddyhttp/routes.go +++ b/modules/caddyhttp/routes.go @@ -204,6 +204,10 @@ func wrapRoute(route Route) Middleware { // the request and trigger the error handling chain err, ok := GetVar(req.Context(), MatcherErrorVarKey).(error) if ok { + // clear out the error from context, otherwise + // it will cascade to the error routes (#4916) + SetVar(req.Context(), MatcherErrorVarKey, nil) + // return the matcher's error return err } diff --git a/modules/caddyhttp/vars.go b/modules/caddyhttp/vars.go index 28d0ddfc..e7a7dbb7 100644 --- a/modules/caddyhttp/vars.go +++ b/modules/caddyhttp/vars.go @@ -301,11 +301,21 @@ func GetVar(ctx context.Context, key string) interface{} { // SetVar sets a value in the context's variable table with // the given key. It overwrites any previous value with the // same key. +// +// If the value is nil (note: non-nil interface with nil +// underlying value does not count) and the key exists in +// the table, the key+value will be deleted from the table. func SetVar(ctx context.Context, key string, value interface{}) { varMap, ok := ctx.Value(VarsCtxKey).(map[string]interface{}) if !ok { return } + if value == nil { + if _, ok := varMap[key]; ok { + delete(varMap, key) + return + } + } varMap[key] = value } From 2e70d1d3bfaf4b789b66e84ba60ee855ab327be3 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 28 Jul 2022 15:23:56 -0600 Subject: [PATCH 0699/1498] Fix deprecation notice by using UTF16PtrFromString --- cmd/removebinary_windows.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/removebinary_windows.go b/cmd/removebinary_windows.go index 3d7ade5d..3a6df667 100644 --- a/cmd/removebinary_windows.go +++ b/cmd/removebinary_windows.go @@ -31,6 +31,6 @@ import ( func removeCaddyBinary(path string) error { var sI syscall.StartupInfo var pI syscall.ProcessInformation - argv := syscall.StringToUTF16Ptr(filepath.Join(os.Getenv("windir"), "system32", "cmd.exe") + " /C del " + path) + argv := syscall.UTF16PtrFromString(filepath.Join(os.Getenv("windir"), "system32", "cmd.exe") + " /C del " + path) return syscall.CreateProcess(nil, argv, nil, nil, true, 0, nil, nil, &sI, &pI) } From 35a81d7c5b4ea2bb055ec0e7e56840d45a5fe60c Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 28 Jul 2022 15:40:23 -0600 Subject: [PATCH 0700/1498] Ignore linter warnings Use of non-cryptographic random numbers in the load balancing is intentional. --- modules/caddyhttp/reverseproxy/selectionpolicies.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/selectionpolicies.go b/modules/caddyhttp/reverseproxy/selectionpolicies.go index 125a07f9..5fc7136d 100644 --- a/modules/caddyhttp/reverseproxy/selectionpolicies.go +++ b/modules/caddyhttp/reverseproxy/selectionpolicies.go @@ -132,7 +132,7 @@ func (r RandomChoiceSelection) Select(pool UpstreamPool, _ *http.Request, _ http if !upstream.Available() { continue } - j := weakrand.Intn(i + 1) + j := weakrand.Intn(i + 1) //nolint:gosec if j < k { choices[j] = upstream } @@ -181,7 +181,7 @@ func (LeastConnSelection) Select(pool UpstreamPool, _ *http.Request, _ http.Resp // sample: https://en.wikipedia.org/wiki/Reservoir_sampling if numReqs == leastReqs { count++ - if (weakrand.Int() % count) == 0 { + if (weakrand.Int() % count) == 0 { //nolint:gosec bestHost = host } } @@ -475,7 +475,7 @@ func selectRandomHost(pool []*Upstream) *Upstream { // upstream will always be chosen if there is at // least one available count++ - if (weakrand.Int() % count) == 0 { + if (weakrand.Int() % count) == 0 { //nolint:gosec randomHost = upstream } } @@ -511,7 +511,7 @@ func leastRequests(upstreams []*Upstream) *Upstream { if len(best) == 0 { return nil } - return best[weakrand.Intn(len(best))] + return best[weakrand.Intn(len(best))] //nolint:gosec } // hostByHashing returns an available host from pool based on a hashable string s. From 56c139f003292005dd5dd974ffd770b8620e8aef Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 28 Jul 2022 15:44:36 -0600 Subject: [PATCH 0701/1498] Fix compilation on Windows --- cmd/removebinary_windows.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cmd/removebinary_windows.go b/cmd/removebinary_windows.go index 3a6df667..8cc271ad 100644 --- a/cmd/removebinary_windows.go +++ b/cmd/removebinary_windows.go @@ -31,6 +31,9 @@ import ( func removeCaddyBinary(path string) error { var sI syscall.StartupInfo var pI syscall.ProcessInformation - argv := syscall.UTF16PtrFromString(filepath.Join(os.Getenv("windir"), "system32", "cmd.exe") + " /C del " + path) + argv, err := syscall.UTF16PtrFromString(filepath.Join(os.Getenv("windir"), "system32", "cmd.exe") + " /C del " + path) + if err != nil { + return err + } return syscall.CreateProcess(nil, argv, nil, nil, true, 0, nil, nil, &sI, &pI) } From 2f43aa062925e0e8ff114e6035f3bc1b2f7b8e4a Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Fri, 29 Jul 2022 08:46:45 -0400 Subject: [PATCH 0702/1498] chore: Add .gitattributes to force *.go to LF (#4919) * chore: Add .gitattributes to force *.go to LF * What if I remove this flag --- .gitattributes | 1 + .github/workflows/lint.yml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) create mode 100644 .gitattributes diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 00000000..a0717e4b --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +*.go text eol=lf \ No newline at end of file diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index f8f08a78..57c3503a 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -30,4 +30,4 @@ jobs: with: version: v1.47 # Optional: show only new issues if it's a pull request. The default value is `false`. - only-new-issues: true + # only-new-issues: true From 1e0cdc54f86cb29eca14af13aaa3ccfb07d46a20 Mon Sep 17 00:00:00 2001 From: WingLim <643089849@qq.com> Date: Sat, 30 Jul 2022 04:06:54 +0800 Subject: [PATCH 0703/1498] core: Windows service integration (#4790) Co-authored-by: Matthew Holt --- caddyconfig/caddyfile/formatter_fuzz.go | 1 - caddyconfig/caddyfile/lexer_fuzz.go | 1 - caddyconfig/httpcaddyfile/addresses_fuzz.go | 1 - cmd/removebinary.go | 1 - duration_fuzz.go | 1 - go.mod | 2 +- listeners_fuzz.go | 1 - .../caddyhttp/templates/frontmatter_fuzz.go | 1 - notify/notify_linux.go | 2 + notify/notify_other.go | 17 ++----- notify/notify_windows.go | 49 +++++++++++++++++++ replacer_fuzz.go | 1 - service_windows.go | 49 +++++++++++++++++++ sigtrap_nonposix.go | 1 - sigtrap_posix.go | 1 - 15 files changed, 105 insertions(+), 24 deletions(-) create mode 100644 notify/notify_windows.go create mode 100644 service_windows.go diff --git a/caddyconfig/caddyfile/formatter_fuzz.go b/caddyconfig/caddyfile/formatter_fuzz.go index c07a2268..7c1fc643 100644 --- a/caddyconfig/caddyfile/formatter_fuzz.go +++ b/caddyconfig/caddyfile/formatter_fuzz.go @@ -13,7 +13,6 @@ // limitations under the License. //go:build gofuzz -// +build gofuzz package caddyfile diff --git a/caddyconfig/caddyfile/lexer_fuzz.go b/caddyconfig/caddyfile/lexer_fuzz.go index 179fd87c..6f75694b 100644 --- a/caddyconfig/caddyfile/lexer_fuzz.go +++ b/caddyconfig/caddyfile/lexer_fuzz.go @@ -13,7 +13,6 @@ // limitations under the License. //go:build gofuzz -// +build gofuzz package caddyfile diff --git a/caddyconfig/httpcaddyfile/addresses_fuzz.go b/caddyconfig/httpcaddyfile/addresses_fuzz.go index be873ef1..364ff971 100644 --- a/caddyconfig/httpcaddyfile/addresses_fuzz.go +++ b/caddyconfig/httpcaddyfile/addresses_fuzz.go @@ -13,7 +13,6 @@ // limitations under the License. //go:build gofuzz -// +build gofuzz package httpcaddyfile diff --git a/cmd/removebinary.go b/cmd/removebinary.go index adef6b10..c74d2b2e 100644 --- a/cmd/removebinary.go +++ b/cmd/removebinary.go @@ -13,7 +13,6 @@ // limitations under the License. //go:build !windows -// +build !windows package caddycmd diff --git a/duration_fuzz.go b/duration_fuzz.go index aa01a46a..8a1f0c7c 100644 --- a/duration_fuzz.go +++ b/duration_fuzz.go @@ -13,7 +13,6 @@ // limitations under the License. //go:build gofuzz -// +build gofuzz package caddy diff --git a/go.mod b/go.mod index c30afdf7..026d06df 100644 --- a/go.mod +++ b/go.mod @@ -121,7 +121,7 @@ require ( go.uber.org/atomic v1.9.0 // indirect go.uber.org/multierr v1.6.0 // indirect golang.org/x/mod v0.4.2 // indirect - golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e // indirect + golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e golang.org/x/text v0.3.8-0.20211004125949-5bd84dd9b33b // indirect golang.org/x/tools v0.1.7 // indirect golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect diff --git a/listeners_fuzz.go b/listeners_fuzz.go index 95f1e327..02b65ab2 100644 --- a/listeners_fuzz.go +++ b/listeners_fuzz.go @@ -13,7 +13,6 @@ // limitations under the License. //go:build gofuzz -// +build gofuzz package caddy diff --git a/modules/caddyhttp/templates/frontmatter_fuzz.go b/modules/caddyhttp/templates/frontmatter_fuzz.go index 361b4b62..7af30131 100644 --- a/modules/caddyhttp/templates/frontmatter_fuzz.go +++ b/modules/caddyhttp/templates/frontmatter_fuzz.go @@ -13,7 +13,6 @@ // limitations under the License. //go:build gofuzz -// +build gofuzz package templates diff --git a/notify/notify_linux.go b/notify/notify_linux.go index 8ba49d2c..1e8da742 100644 --- a/notify/notify_linux.go +++ b/notify/notify_linux.go @@ -12,6 +12,8 @@ // See the License for the specific language governing permissions and // limitations under the License. +// Package notify provides facilities for notifying process managers +// of state changes, mainly for when running as a system service. package notify import ( diff --git a/notify/notify_other.go b/notify/notify_other.go index 6ffec89b..7fc618b7 100644 --- a/notify/notify_other.go +++ b/notify/notify_other.go @@ -12,19 +12,10 @@ // See the License for the specific language governing permissions and // limitations under the License. -//go:build !linux -// +build !linux +//go:build !linux && !windows package notify -func notifyReadiness() error { - return nil -} - -func notifyReloading() error { - return nil -} - -func notifyStopping() error { - return nil -} +func notifyReadiness() error { return nil } +func notifyReloading() error { return nil } +func notifyStopping() error { return nil } diff --git a/notify/notify_windows.go b/notify/notify_windows.go new file mode 100644 index 00000000..a551fc7e --- /dev/null +++ b/notify/notify_windows.go @@ -0,0 +1,49 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package notify + +import "golang.org/x/sys/windows/svc" + +// globalStatus store windows service status, it can be +// use to notify caddy status. +var globalStatus chan<- svc.Status + +func SetGlobalStatus(status chan<- svc.Status) { + globalStatus = status +} + +func notifyReadiness() error { + if globalStatus != nil { + globalStatus <- svc.Status{ + State: svc.Running, + Accepts: svc.AcceptStop | svc.AcceptShutdown, + } + } + return nil +} + +func notifyReloading() error { + if globalStatus != nil { + globalStatus <- svc.Status{State: svc.StartPending} + } + return nil +} + +func notifyStopping() error { + if globalStatus != nil { + globalStatus <- svc.Status{State: svc.StopPending} + } + return nil +} diff --git a/replacer_fuzz.go b/replacer_fuzz.go index a837e33f..50fb0b61 100644 --- a/replacer_fuzz.go +++ b/replacer_fuzz.go @@ -13,7 +13,6 @@ // limitations under the License. //go:build gofuzz -// +build gofuzz package caddy diff --git a/service_windows.go b/service_windows.go new file mode 100644 index 00000000..7590fc3c --- /dev/null +++ b/service_windows.go @@ -0,0 +1,49 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package caddy + +import ( + "github.com/caddyserver/caddy/v2/notify" + "golang.org/x/sys/windows/svc" +) + +func init() { + isService, err := svc.IsWindowsService() + if err != nil || isService { + return + } + go func() { + _ = svc.Run("", runner{}) + }() +} + +type runner struct{} + +func (runner) Execute(args []string, request <-chan svc.ChangeRequest, status chan<- svc.Status) (bool, uint32) { + notify.SetGlobalStatus(status) + status <- svc.Status{State: svc.StartPending} + + for { + req := <-request + switch req.Cmd { + case svc.Interrogate: + status <- req.CurrentStatus + case svc.Stop, svc.Shutdown: + status <- svc.Status{State: svc.StopPending} + exitProcessFromSignal("SIGINT") + return false, 0 + } + } +} diff --git a/sigtrap_nonposix.go b/sigtrap_nonposix.go index 7855e13a..f80f593b 100644 --- a/sigtrap_nonposix.go +++ b/sigtrap_nonposix.go @@ -13,7 +13,6 @@ // limitations under the License. //go:build windows || plan9 || nacl || js -// +build windows plan9 nacl js package caddy diff --git a/sigtrap_posix.go b/sigtrap_posix.go index 706d0c25..7033f163 100644 --- a/sigtrap_posix.go +++ b/sigtrap_posix.go @@ -13,7 +13,6 @@ // limitations under the License. //go:build !windows && !plan9 && !nacl && !js -// +build !windows,!plan9,!nacl,!js package caddy From 07ed3e7c3078723b55687bf4b262d24ef1645c7d Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 29 Jul 2022 16:56:02 -0600 Subject: [PATCH 0704/1498] Minor docs clarification Related to #4565 --- cmd/commandfuncs.go | 2 +- cmd/commands.go | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go index fff8d017..9e979aed 100644 --- a/cmd/commandfuncs.go +++ b/cmd/commandfuncs.go @@ -647,7 +647,7 @@ commands: ) if help := flagHelp(subcommand.Flags); help != "" { - result += fmt.Sprintf("\nflags:\n%s", help) + result += fmt.Sprintf("\nflags: (NOTE: prefix flags with `--` instead of `-`)\n%s", help) } result += "\n" + fullDocs + "\n" diff --git a/cmd/commands.go b/cmd/commands.go index 51960f34..e454f7b6 100644 --- a/cmd/commands.go +++ b/cmd/commands.go @@ -137,8 +137,8 @@ The --resume flag will override the --config flag if there is a config auto- save file. It is not an error if --resume is used and no autosave file exists. If --watch is specified, the config file will be loaded automatically after -changes. ⚠️ This is dangerous in production! Only use this option in a local -development environment.`, +changes. ⚠️ This can make unintentional config changes easier; only use this +option in a local development environment.`, Flags: func() *flag.FlagSet { fs := flag.NewFlagSet("run", flag.ExitOnError) fs.String("config", "", "Configuration file") From 6668271661857b2cc43143ff65edf1071013e67e Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Sat, 30 Jul 2022 13:07:44 -0600 Subject: [PATCH 0705/1498] fileserver: Support virtual file systems (#4909) * fileserver: Support virtual file systems (close #3720) This change replaces the hard-coded use of os.Open() and os.Stat() with the use of the new (Go 1.16) io/fs APIs, enabling virtual file systems. It introduces a new module namespace, caddy.fs, for such file systems. Also improve documentation for the file server. I realized it was one of the first modules written for Caddy 2, and the docs hadn't really been updated since! * Virtualize FS for file matcher; minor tweaks * Fix tests and rename dirFS -> osFS (Since we do not use a root directory, it is dynamic.) --- modules/caddyhttp/fileserver/browse.go | 21 +-- .../caddyhttp/fileserver/browsetplcontext.go | 30 +++-- modules/caddyhttp/fileserver/matcher.go | 34 ++++- modules/caddyhttp/fileserver/matcher_test.go | 12 +- modules/caddyhttp/fileserver/staticfiles.go | 124 ++++++++++++++---- 5 files changed, 166 insertions(+), 55 deletions(-) diff --git a/modules/caddyhttp/fileserver/browse.go b/modules/caddyhttp/fileserver/browse.go index d59010d2..bdddc23b 100644 --- a/modules/caddyhttp/fileserver/browse.go +++ b/modules/caddyhttp/fileserver/browse.go @@ -19,6 +19,7 @@ import ( _ "embed" "encoding/json" "fmt" + "io/fs" "net/http" "os" "path" @@ -80,7 +81,7 @@ func (fsrv *FileServer) serveBrowse(root, dirPath string, w http.ResponseWriter, repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) // calling path.Clean here prevents weird breadcrumbs when URL paths are sketchy like /%2e%2e%2f - listing, err := fsrv.loadDirectoryContents(dir, root, path.Clean(r.URL.Path), repl) + listing, err := fsrv.loadDirectoryContents(dir.(fs.ReadDirFile), root, path.Clean(r.URL.Path), repl) switch { case os.IsPermission(err): return caddyhttp.Error(http.StatusForbidden, err) @@ -133,8 +134,8 @@ func (fsrv *FileServer) serveBrowse(root, dirPath string, w http.ResponseWriter, return nil } -func (fsrv *FileServer) loadDirectoryContents(dir *os.File, root, urlPath string, repl *caddy.Replacer) (browseTemplateContext, error) { - files, err := dir.Readdir(-1) +func (fsrv *FileServer) loadDirectoryContents(dir fs.ReadDirFile, root, urlPath string, repl *caddy.Replacer) (browseTemplateContext, error) { + files, err := dir.ReadDir(10000) // TODO: this limit should probably be configurable if err != nil { return browseTemplateContext{}, err } @@ -201,25 +202,25 @@ func (fsrv *FileServer) makeBrowseTemplate(tplCtx *templateContext) (*template.T return tpl, nil } -// isSymlink return true if f is a symbolic link -func isSymlink(f os.FileInfo) bool { - return f.Mode()&os.ModeSymlink != 0 -} - // isSymlinkTargetDir returns true if f's symbolic link target // is a directory. -func isSymlinkTargetDir(f os.FileInfo, root, urlPath string) bool { +func (fsrv *FileServer) isSymlinkTargetDir(f fs.FileInfo, root, urlPath string) bool { if !isSymlink(f) { return false } target := caddyhttp.SanitizedPathJoin(root, path.Join(urlPath, f.Name())) - targetInfo, err := os.Stat(target) + targetInfo, err := fsrv.fileSystem.Stat(target) if err != nil { return false } return targetInfo.IsDir() } +// isSymlink return true if f is a symbolic link. +func isSymlink(f fs.FileInfo) bool { + return f.Mode()&os.ModeSymlink != 0 +} + // templateContext powers the context used when evaluating the browse template. // It combines browse-specific features with the standard templates handler // features. diff --git a/modules/caddyhttp/fileserver/browsetplcontext.go b/modules/caddyhttp/fileserver/browsetplcontext.go index 87156d48..49788ee2 100644 --- a/modules/caddyhttp/fileserver/browsetplcontext.go +++ b/modules/caddyhttp/fileserver/browsetplcontext.go @@ -15,6 +15,7 @@ package fileserver import ( + "io/fs" "net/url" "os" "path" @@ -26,22 +27,31 @@ import ( "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/modules/caddyhttp" "github.com/dustin/go-humanize" + "go.uber.org/zap" ) -func (fsrv *FileServer) directoryListing(files []os.FileInfo, canGoUp bool, root, urlPath string, repl *caddy.Replacer) browseTemplateContext { +func (fsrv *FileServer) directoryListing(entries []fs.DirEntry, canGoUp bool, root, urlPath string, repl *caddy.Replacer) browseTemplateContext { filesToHide := fsrv.transformHidePaths(repl) var dirCount, fileCount int fileInfos := []fileInfo{} - for _, f := range files { - name := f.Name() + for _, entry := range entries { + name := entry.Name() if fileHidden(name, filesToHide) { continue } - isDir := f.IsDir() || isSymlinkTargetDir(f, root, urlPath) + info, err := entry.Info() + if err != nil { + fsrv.logger.Error("could not get info about directory entry", + zap.String("name", entry.Name()), + zap.String("root", root)) + continue + } + + isDir := entry.IsDir() || fsrv.isSymlinkTargetDir(info, root, urlPath) // add the slash after the escape of path to avoid escaping the slash as well if isDir { @@ -51,11 +61,11 @@ func (fsrv *FileServer) directoryListing(files []os.FileInfo, canGoUp bool, root fileCount++ } - size := f.Size() - fileIsSymlink := isSymlink(f) + size := info.Size() + fileIsSymlink := isSymlink(info) if fileIsSymlink { - path := caddyhttp.SanitizedPathJoin(root, path.Join(urlPath, f.Name())) - fileInfo, err := os.Stat(path) + path := caddyhttp.SanitizedPathJoin(root, path.Join(urlPath, info.Name())) + fileInfo, err := fsrv.fileSystem.Stat(path) if err == nil { size = fileInfo.Size() } @@ -73,8 +83,8 @@ func (fsrv *FileServer) directoryListing(files []os.FileInfo, canGoUp bool, root Name: name, Size: size, URL: u.String(), - ModTime: f.ModTime().UTC(), - Mode: f.Mode(), + ModTime: info.ModTime().UTC(), + Mode: info.Mode(), }) } name, _ := url.PathUnescape(urlPath) diff --git a/modules/caddyhttp/fileserver/matcher.go b/modules/caddyhttp/fileserver/matcher.go index 3ef3e47a..5cade257 100644 --- a/modules/caddyhttp/fileserver/matcher.go +++ b/modules/caddyhttp/fileserver/matcher.go @@ -15,7 +15,9 @@ package fileserver import ( + "encoding/json" "fmt" + "io/fs" "net/http" "os" "path" @@ -54,6 +56,11 @@ func init() { // - `{http.matchers.file.remainder}` Set to the remainder // of the path if the path was split by `split_path`. type MatchFile struct { + // The file system implementation to use. By default, the + // local disk file system will be used. + FileSystemRaw json.RawMessage `json:"file_system,omitempty" caddy:"namespace=caddy.fs inline_key=backend"` + fileSystem fs.StatFS + // The root directory, used for creating absolute // file paths, and required when working with // relative paths; if not specified, `{http.vars.root}` @@ -241,10 +248,23 @@ func celFileMatcherMacroExpander() parser.MacroExpander { } // Provision sets up m's defaults. -func (m *MatchFile) Provision(_ caddy.Context) error { +func (m *MatchFile) Provision(ctx caddy.Context) error { + // establish the file system to use + if len(m.FileSystemRaw) > 0 { + mod, err := ctx.LoadModule(m, "FileSystemRaw") + if err != nil { + return fmt.Errorf("loading file system module: %v", err) + } + m.fileSystem = mod.(fs.StatFS) + } + if m.fileSystem == nil { + m.fileSystem = osFS{} + } + if m.Root == "" { m.Root = "{http.vars.root}" } + // if list of files to try was omitted entirely, assume URL path // (use placeholder instead of r.URL.Path; see issue #4146) if m.TryFiles == nil { @@ -316,7 +336,7 @@ func (m MatchFile) selectFile(r *http.Request) (matched bool) { return } suffix, fullpath, remainder := prepareFilePath(f) - if info, exists := strictFileExists(fullpath); exists { + if info, exists := m.strictFileExists(fullpath); exists { setPlaceholders(info, suffix, fullpath, remainder) return true } @@ -330,7 +350,7 @@ func (m MatchFile) selectFile(r *http.Request) (matched bool) { var info os.FileInfo for _, f := range m.TryFiles { suffix, fullpath, splitRemainder := prepareFilePath(f) - info, err := os.Stat(fullpath) + info, err := m.fileSystem.Stat(fullpath) if err == nil && info.Size() > largestSize { largestSize = info.Size() largestFilename = fullpath @@ -349,7 +369,7 @@ func (m MatchFile) selectFile(r *http.Request) (matched bool) { var info os.FileInfo for _, f := range m.TryFiles { suffix, fullpath, splitRemainder := prepareFilePath(f) - info, err := os.Stat(fullpath) + info, err := m.fileSystem.Stat(fullpath) if err == nil && (smallestSize == 0 || info.Size() < smallestSize) { smallestSize = info.Size() smallestFilename = fullpath @@ -368,7 +388,7 @@ func (m MatchFile) selectFile(r *http.Request) (matched bool) { var info os.FileInfo for _, f := range m.TryFiles { suffix, fullpath, splitRemainder := prepareFilePath(f) - info, err := os.Stat(fullpath) + info, err := m.fileSystem.Stat(fullpath) if err == nil && (recentDate.IsZero() || info.ModTime().After(recentDate)) { recentDate = info.ModTime() @@ -404,8 +424,8 @@ func parseErrorCode(input string) error { // the file must also be a directory; if it does // NOT end in a forward slash, the file must NOT // be a directory. -func strictFileExists(file string) (os.FileInfo, bool) { - stat, err := os.Stat(file) +func (m MatchFile) strictFileExists(file string) (os.FileInfo, bool) { + stat, err := m.fileSystem.Stat(file) if err != nil { // in reality, this can be any error // such as permission or even obscure diff --git a/modules/caddyhttp/fileserver/matcher_test.go b/modules/caddyhttp/fileserver/matcher_test.go index fd109e65..7734bf1d 100644 --- a/modules/caddyhttp/fileserver/matcher_test.go +++ b/modules/caddyhttp/fileserver/matcher_test.go @@ -111,8 +111,9 @@ func TestFileMatcher(t *testing.T) { }, } { m := &MatchFile{ - Root: "./testdata", - TryFiles: []string{"{http.request.uri.path}", "{http.request.uri.path}/"}, + fileSystem: osFS{}, + Root: "./testdata", + TryFiles: []string{"{http.request.uri.path}", "{http.request.uri.path}/"}, } u, err := url.Parse(tc.path) @@ -213,9 +214,10 @@ func TestPHPFileMatcher(t *testing.T) { }, } { m := &MatchFile{ - Root: "./testdata", - TryFiles: []string{"{http.request.uri.path}", "{http.request.uri.path}/index.php"}, - SplitPath: []string{".php"}, + fileSystem: osFS{}, + Root: "./testdata", + TryFiles: []string{"{http.request.uri.path}", "{http.request.uri.path}/index.php"}, + SplitPath: []string{".php"}, } u, err := url.Parse(tc.path) diff --git a/modules/caddyhttp/fileserver/staticfiles.go b/modules/caddyhttp/fileserver/staticfiles.go index 9a2bc6e2..6bdb5afe 100644 --- a/modules/caddyhttp/fileserver/staticfiles.go +++ b/modules/caddyhttp/fileserver/staticfiles.go @@ -15,7 +15,11 @@ package fileserver import ( + "encoding/json" + "errors" "fmt" + "io" + "io/fs" weakrand "math/rand" "mime" "net/http" @@ -39,10 +43,63 @@ func init() { caddy.RegisterModule(FileServer{}) } -// FileServer implements a static file server responder for Caddy. +// FileServer implements a handler that serves static files. +// +// The path of the file to serve is constructed by joining the site root +// and the sanitized request path. Any and all files within the root and +// links with targets outside the site root may therefore be accessed. +// For example, with a site root of `/www`, requests to `/foo/bar.txt` +// will serve the file at `/www/foo/bar.txt`. +// +// The request path is sanitized using the Go standard library's +// path.Clean() function (https://pkg.go.dev/path#Clean) before being +// joined to the root. Request paths must be valid and well-formed. +// +// For requests that access directories instead of regular files, +// Caddy will attempt to serve an index file if present. For example, +// a request to `/dir/` will attempt to serve `/dir/index.html` if +// it exists. The index file names to try are configurable. If a +// requested directory does not have an index file, Caddy writes a +// 404 response. Alternatively, file browsing can be enabled with +// the "browse" parameter which shows a list of files when directories +// are requested if no index file is present. +// +// By default, this handler will canonicalize URIs so that requests to +// directories end with a slash, but requests to regular files do not. +// This is enforced with HTTP redirects automatically and can be disabled. +// Canonicalization redirects are not issued, however, if a URI rewrite +// modified the last component of the path (the filename). +// +// This handler sets the Etag and Last-Modified headers for static files. +// It does not perform MIME sniffing to determine Content-Type based on +// contents, but does use the extension (if known); see the Go docs for +// details: https://pkg.go.dev/mime#TypeByExtension +// +// The file server properly handles requests with If-Match, +// If-Unmodified-Since, If-Modified-Since, If-None-Match, Range, and +// If-Range headers. It includes the file's modification time in the +// Last-Modified header of the response. type FileServer struct { + // The file system implementation to use. By default, Caddy uses the local + // disk file system. + // + // File system modules used here must adhere to the following requirements: + // - Implement fs.StatFS interface. + // - Support seeking on opened files; i.e.returned fs.File values must + // implement the io.Seeker interface. This is required for determining + // Content-Length and satisfying Range requests. + // - fs.File values that represent directories must implement the + // fs.ReadDirFile interface so that directory listings can be procured. + FileSystemRaw json.RawMessage `json:"file_system,omitempty" caddy:"namespace=caddy.fs inline_key=backend"` + fileSystem fs.StatFS + // The path to the root of the site. Default is `{http.vars.root}` if set, - // or current working directory otherwise. + // or current working directory otherwise. This should be a trusted value. + // + // Note that a site root is not a sandbox. Although the file server does + // sanitize the request URI to prevent directory traversal, files (including + // links) within the site root may be directly accessed based on the request + // path. Files and folders within the root should be secure and trustworthy. Root string `json:"root,omitempty"` // A list of files or folders to hide; the file server will pretend as if @@ -63,6 +120,7 @@ type FileServer struct { Hide []string `json:"hide,omitempty"` // The names of files to try as index files if a folder is requested. + // Default: index.html, index.txt. IndexNames []string `json:"index_names,omitempty"` // Enables file listings if a directory was requested and no index @@ -95,8 +153,7 @@ type FileServer struct { // If no order specified here, the first encoding from the Accept-Encoding header // that both client and server support is used PrecompressedOrder []string `json:"precompressed_order,omitempty"` - - precompressors map[string]encode.Precompressed + precompressors map[string]encode.Precompressed logger *zap.Logger } @@ -113,6 +170,18 @@ func (FileServer) CaddyModule() caddy.ModuleInfo { func (fsrv *FileServer) Provision(ctx caddy.Context) error { fsrv.logger = ctx.Logger(fsrv) + // establish which file system (possibly a virtual one) we'll be using + if len(fsrv.FileSystemRaw) > 0 { + mod, err := ctx.LoadModule(fsrv, "FileSystemRaw") + if err != nil { + return fmt.Errorf("loading file system module: %v", err) + } + fsrv.fileSystem = mod.(fs.StatFS) + } + if fsrv.fileSystem == nil { + fsrv.fileSystem = osFS{} + } + if fsrv.Root == "" { fsrv.Root = "{http.vars.root}" } @@ -131,6 +200,7 @@ func (fsrv *FileServer) Provision(ctx caddy.Context) error { } } + // support precompressed sidecar files mods, err := ctx.LoadModule(fsrv, "PrecompressedRaw") if err != nil { return fmt.Errorf("loading encoder modules: %v", err) @@ -184,12 +254,12 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c zap.String("result", filename)) // get information about the file - info, err := os.Stat(filename) + info, err := fsrv.fileSystem.Stat(filename) if err != nil { - err = mapDirOpenError(err, filename) - if os.IsNotExist(err) { + err = fsrv.mapDirOpenError(err, filename) + if errors.Is(err, fs.ErrNotExist) { return fsrv.notFound(w, r, next) - } else if os.IsPermission(err) { + } else if errors.Is(err, fs.ErrPermission) { return caddyhttp.Error(http.StatusForbidden, err) } return caddyhttp.Error(http.StatusInternalServerError, err) @@ -210,7 +280,7 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c continue } - indexInfo, err := os.Stat(indexPath) + indexInfo, err := fsrv.fileSystem.Stat(indexPath) if err != nil { continue } @@ -280,7 +350,7 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c } } - var file *os.File + var file fs.File // check for precompressed files for _, ae := range encode.AcceptedEncodings(r, fsrv.PrecompressedOrder) { @@ -289,7 +359,7 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c continue } compressedFilename := filename + precompress.Suffix() - compressedInfo, err := os.Stat(compressedFilename) + compressedInfo, err := fsrv.fileSystem.Stat(compressedFilename) if err != nil || compressedInfo.IsDir() { fsrv.logger.Debug("precompressed file not accessible", zap.String("filename", compressedFilename), zap.Error(err)) continue @@ -328,14 +398,12 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c // set the ETag - note that a conditional If-None-Match request is handled // by http.ServeContent below, which checks against this ETag value - w.Header().Set("ETag", calculateEtag(info)) + w.Header().Set("Etag", calculateEtag(info)) if w.Header().Get("Content-Type") == "" { mtyp := mime.TypeByExtension(filepath.Ext(filename)) if mtyp == "" { - // do not allow Go to sniff the content-type; see - // https://www.youtube.com/watch?v=8t8JYpt0egE - // TODO: If we want a Content-Type, consider writing a default of application/octet-stream - this is secure but violates spec + // do not allow Go to sniff the content-type; see https://www.youtube.com/watch?v=8t8JYpt0egE w.Header()["Content-Type"] = nil } else { w.Header().Set("Content-Type", mtyp) @@ -375,7 +443,7 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c // that errors generated by ServeContent are written immediately // to the response, so we cannot handle them (but errors there // are rare) - http.ServeContent(w, r, info.Name(), info.ModTime(), file) + http.ServeContent(w, r, info.Name(), info.ModTime(), file.(io.ReadSeeker)) return nil } @@ -384,10 +452,10 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c // the response is configured to inform the client how to best handle it // and a well-described handler error is returned (do not wrap the // returned error value). -func (fsrv *FileServer) openFile(filename string, w http.ResponseWriter) (*os.File, error) { - file, err := os.Open(filename) +func (fsrv *FileServer) openFile(filename string, w http.ResponseWriter) (fs.File, error) { + file, err := fsrv.fileSystem.Open(filename) if err != nil { - err = mapDirOpenError(err, filename) + err = fsrv.mapDirOpenError(err, filename) if os.IsNotExist(err) { fsrv.logger.Debug("file not found", zap.String("filename", filename), zap.Error(err)) return nil, caddyhttp.Error(http.StatusNotFound, err) @@ -412,8 +480,8 @@ func (fsrv *FileServer) openFile(filename string, w http.ResponseWriter) (*os.Fi // Adapted from the Go standard library; originally written by Nathaniel Caza. // https://go-review.googlesource.com/c/go/+/36635/ // https://go-review.googlesource.com/c/go/+/36804/ -func mapDirOpenError(originalErr error, name string) error { - if os.IsNotExist(originalErr) || os.IsPermission(originalErr) { +func (fsrv *FileServer) mapDirOpenError(originalErr error, name string) error { + if errors.Is(originalErr, fs.ErrNotExist) || errors.Is(originalErr, fs.ErrPermission) { return originalErr } @@ -422,12 +490,12 @@ func mapDirOpenError(originalErr error, name string) error { if parts[i] == "" { continue } - fi, err := os.Stat(strings.Join(parts[:i+1], separator)) + fi, err := fsrv.fileSystem.Stat(strings.Join(parts[:i+1], separator)) if err != nil { return originalErr } if !fi.IsDir() { - return os.ErrNotExist + return fs.ErrNotExist } } @@ -545,6 +613,16 @@ func (wr statusOverrideResponseWriter) WriteHeader(int) { wr.ResponseWriter.WriteHeader(wr.code) } +// osFS is a simple fs.StatFS implementation that uses the local +// file system. (We do not use os.DirFS because we do our own +// rooting or path prefixing without being constrained to a single +// root folder. The standard os.DirFS implementation is problematic +// since roots can be dynamic in our application.) +type osFS struct{} + +func (osFS) Open(name string) (fs.File, error) { return os.Open(name) } +func (osFS) Stat(name string) (fs.FileInfo, error) { return os.Stat(name) } + var defaultIndexNames = []string{"index.html", "index.txt"} const ( From ebd6abcbd5f6b31b7b4cadca0a546d9f0eab9ad3 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Sun, 31 Jul 2022 21:41:26 -0600 Subject: [PATCH 0706/1498] fileserver: Support virtual file system in Caddyfile --- modules/caddyhttp/fileserver/caddyfile.go | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/modules/caddyhttp/fileserver/caddyfile.go b/modules/caddyhttp/fileserver/caddyfile.go index 26415353..a3cf9e4d 100644 --- a/modules/caddyhttp/fileserver/caddyfile.go +++ b/modules/caddyhttp/fileserver/caddyfile.go @@ -15,11 +15,13 @@ package fileserver import ( + "io/fs" "path/filepath" "strings" "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/caddyconfig" + "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" "github.com/caddyserver/caddy/v2/caddyconfig/httpcaddyfile" "github.com/caddyserver/caddy/v2/modules/caddyhttp" "github.com/caddyserver/caddy/v2/modules/caddyhttp/encode" @@ -35,6 +37,7 @@ func init() { // server and configures it with this syntax: // // file_server [] [browse] { +// fs // root // hide // index @@ -62,6 +65,25 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) for h.NextBlock(0) { switch h.Val() { + case "fs": + if !h.NextArg() { + return nil, h.ArgErr() + } + if fsrv.FileSystemRaw != nil { + return nil, h.Err("file system module already specified") + } + name := h.Val() + modID := "caddy.fs." + name + unm, err := caddyfile.UnmarshalModule(h.Dispenser, modID) + if err != nil { + return nil, err + } + statFS, ok := unm.(fs.StatFS) + if !ok { + return nil, h.Errf("module %s (%T) is not a supported file system implementation (requires fs.StatFS)", modID, unm) + } + fsrv.FileSystemRaw = caddyconfig.JSONModuleObject(statFS, "backend", name, nil) + case "hide": fsrv.Hide = h.RemainingArgs() if len(fsrv.Hide) == 0 { From f783290f40febd3eef2a299911ad95bab4d2b414 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Mon, 1 Aug 2022 13:36:22 -0600 Subject: [PATCH 0707/1498] caddyhttp: Implement `caddy respond` command (#4870) --- admin.go | 6 +- caddy.go | 79 +++---- cmd/main.go | 14 ++ modules/caddyhttp/app.go | 2 + modules/caddyhttp/fileserver/command.go | 8 +- modules/caddyhttp/reverseproxy/command.go | 7 +- modules/caddyhttp/server.go | 1 + modules/caddyhttp/staticresp.go | 241 ++++++++++++++++++++++ 8 files changed, 318 insertions(+), 40 deletions(-) diff --git a/admin.go b/admin.go index 670a2701..125a7b2e 100644 --- a/admin.go +++ b/admin.go @@ -993,9 +993,9 @@ func handleConfigID(w http.ResponseWriter, r *http.Request) error { id := parts[2] // map the ID to the expanded path - currentCfgMu.RLock() + currentCtxMu.RLock() expanded, ok := rawCfgIndex[id] - defer currentCfgMu.RUnlock() + defer currentCtxMu.RUnlock() if !ok { return APIError{ HTTPStatus: http.StatusNotFound, @@ -1030,7 +1030,7 @@ func handleStop(w http.ResponseWriter, r *http.Request) error { // the operation at path according to method, using body and out as // needed. This is a low-level, unsynchronized function; most callers // will want to use changeConfig or readConfig instead. This requires a -// read or write lock on currentCfgMu, depending on method (GET needs +// read or write lock on currentCtxMu, depending on method (GET needs // only a read lock; all others need a write lock). func unsyncedConfigAccess(method, path string, body []byte, out io.Writer) error { var err error diff --git a/caddy.go b/caddy.go index 98ee5b39..20da5de1 100644 --- a/caddy.go +++ b/caddy.go @@ -141,8 +141,8 @@ func changeConfig(method, path string, input []byte, ifMatchHeader string, force return fmt.Errorf("method not allowed") } - currentCfgMu.Lock() - defer currentCfgMu.Unlock() + currentCtxMu.Lock() + defer currentCtxMu.Unlock() if ifMatchHeader != "" { // expect the first and last character to be quotes @@ -242,15 +242,15 @@ func changeConfig(method, path string, input []byte, ifMatchHeader string, force // readConfig traverses the current config to path // and writes its JSON encoding to out. func readConfig(path string, out io.Writer) error { - currentCfgMu.RLock() - defer currentCfgMu.RUnlock() + currentCtxMu.RLock() + defer currentCtxMu.RUnlock() return unsyncedConfigAccess(http.MethodGet, path, nil, out) } // indexConfigObjects recursively searches ptr for object fields named // "@id" and maps that ID value to the full configPath in the index. // This function is NOT safe for concurrent access; obtain a write lock -// on currentCfgMu. +// on currentCtxMu. func indexConfigObjects(ptr interface{}, configPath string, index map[string]string) error { switch val := ptr.(type) { case map[string]interface{}: @@ -290,7 +290,7 @@ func indexConfigObjects(ptr interface{}, configPath string, index map[string]str // it as the new config, replacing any other current config. // It does NOT update the raw config state, as this is a // lower-level function; most callers will want to use Load -// instead. A write lock on currentCfgMu is required! If +// instead. A write lock on currentCtxMu is required! If // allowPersist is false, it will not be persisted to disk, // even if it is configured to. func unsyncedDecodeAndRun(cfgJSON []byte, allowPersist bool) error { @@ -319,17 +319,17 @@ func unsyncedDecodeAndRun(cfgJSON []byte, allowPersist bool) error { } // run the new config and start all its apps - err = run(newCfg, true) + ctx, err := run(newCfg, true) if err != nil { return err } - // swap old config with the new one - oldCfg := currentCfg - currentCfg = newCfg + // swap old context (including its config) with the new one + oldCtx := currentCtx + currentCtx = ctx // Stop, Cleanup each old app - unsyncedStop(oldCfg) + unsyncedStop(oldCtx) // autosave a non-nil config, if not disabled if allowPersist && @@ -373,7 +373,7 @@ func unsyncedDecodeAndRun(cfgJSON []byte, allowPersist bool) error { // This is a low-level function; most callers // will want to use Run instead, which also // updates the config's raw state. -func run(newCfg *Config, start bool) error { +func run(newCfg *Config, start bool) (Context, error) { // because we will need to roll back any state // modifications if this function errors, we // keep a single error value and scope all @@ -404,8 +404,8 @@ func run(newCfg *Config, start bool) error { cancel() // also undo any other state changes we made - if currentCfg != nil { - certmagic.Default.Storage = currentCfg.storage + if currentCtx.cfg != nil { + certmagic.Default.Storage = currentCtx.cfg.storage } } }() @@ -417,14 +417,14 @@ func run(newCfg *Config, start bool) error { } err = newCfg.Logging.openLogs(ctx) if err != nil { - return err + return ctx, err } // start the admin endpoint (and stop any prior one) if start { err = replaceLocalAdminServer(newCfg) if err != nil { - return fmt.Errorf("starting caddy administration endpoint: %v", err) + return ctx, fmt.Errorf("starting caddy administration endpoint: %v", err) } } @@ -453,7 +453,7 @@ func run(newCfg *Config, start bool) error { return nil }() if err != nil { - return err + return ctx, err } // Load and Provision each app and their submodules @@ -466,18 +466,18 @@ func run(newCfg *Config, start bool) error { return nil }() if err != nil { - return err + return ctx, err } if !start { - return nil + return ctx, nil } // Provision any admin routers which may need to access // some of the other apps at runtime err = newCfg.Admin.provisionAdminRouters(ctx) if err != nil { - return err + return ctx, err } // Start @@ -502,12 +502,12 @@ func run(newCfg *Config, start bool) error { return nil }() if err != nil { - return err + return ctx, err } // now that the user's config is running, finish setting up anything else, // such as remote admin endpoint, config loader, etc. - return finishSettingUp(ctx, newCfg) + return ctx, finishSettingUp(ctx, newCfg) } // finishSettingUp should be run after all apps have successfully started. @@ -612,10 +612,10 @@ type ConfigLoader interface { // stop the others. Stop should only be called // if not replacing with a new config. func Stop() error { - currentCfgMu.Lock() - defer currentCfgMu.Unlock() - unsyncedStop(currentCfg) - currentCfg = nil + currentCtxMu.Lock() + defer currentCtxMu.Unlock() + unsyncedStop(currentCtx) + currentCtx = Context{} rawCfgJSON = nil rawCfgIndex = nil rawCfg[rawConfigKey] = nil @@ -628,13 +628,13 @@ func Stop() error { // it is logged and the function continues stopping // the next app. This function assumes all apps in // cfg were successfully started first. -func unsyncedStop(cfg *Config) { - if cfg == nil { +func unsyncedStop(ctx Context) { + if ctx.cfg == nil { return } // stop each app - for name, a := range cfg.apps { + for name, a := range ctx.cfg.apps { err := a.Stop() if err != nil { log.Printf("[ERROR] stop %s: %v", name, err) @@ -642,13 +642,13 @@ func unsyncedStop(cfg *Config) { } // clean up all modules - cfg.cancelFunc() + ctx.cfg.cancelFunc() } // Validate loads, provisions, and validates // cfg, but does not start running it. func Validate(cfg *Config) error { - err := run(cfg, false) + _, err := run(cfg, false) if err == nil { cfg.cancelFunc() // call Cleanup on all modules } @@ -823,16 +823,25 @@ func goModule(mod *debug.Module) *debug.Module { return mod } +func ActiveContext() Context { + currentCtxMu.RLock() + defer currentCtxMu.RUnlock() + return currentCtx +} + // CtxKey is a value type for use with context.WithValue. type CtxKey string // This group of variables pertains to the current configuration. var ( - // currentCfgMu protects everything in this var block. - currentCfgMu sync.RWMutex + // currentCtxMu protects everything in this var block. + currentCtxMu sync.RWMutex - // currentCfg is the currently-running configuration. - currentCfg *Config + // currentCtx is the root context for the currently-running + // configuration, which can be accessed through this value. + // If the Config contained in this value is not nil, then + // a config is currently active/running. + currentCtx Context // rawCfg is the current, generic-decoded configuration; // we initialize it as a map with one field ("config") diff --git a/cmd/main.go b/cmd/main.go index 498a8ae6..348bdbce 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -338,6 +338,7 @@ func flagHelp(fs *flag.FlagSet) string { buf := new(bytes.Buffer) fs.SetOutput(buf) + buf.Write([]byte("(NOTE: use -- instead of - for flags)\n\n")) fs.PrintDefaults() return buf.String() } @@ -480,3 +481,16 @@ func CaddyVersion() string { } return ver } + +// StringSlice is a flag.Value that enables repeated use of a string flag. +type StringSlice []string + +func (ss StringSlice) String() string { return "[" + strings.Join(ss, ", ") + "]" } + +func (ss *StringSlice) Set(value string) error { + *ss = append(*ss, value) + return nil +} + +// Interface guard +var _ flag.Value = (*StringSlice)(nil) diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go index 1894a975..82e052c9 100644 --- a/modules/caddyhttp/app.go +++ b/modules/caddyhttp/app.go @@ -392,6 +392,8 @@ func (app *App) Start() error { //nolint:errcheck go s.Serve(ln) + + srv.listeners = append(srv.listeners, ln) app.servers = append(app.servers, s) } } diff --git a/modules/caddyhttp/fileserver/command.go b/modules/caddyhttp/fileserver/command.go index 7b4ab110..902c5f8c 100644 --- a/modules/caddyhttp/fileserver/command.go +++ b/modules/caddyhttp/fileserver/command.go @@ -117,8 +117,14 @@ func cmdFileServer(fs caddycmd.Flags) (int, error) { Servers: map[string]*caddyhttp.Server{"static": server}, } + var false bool cfg := &caddy.Config{ - Admin: &caddy.AdminConfig{Disabled: true}, + Admin: &caddy.AdminConfig{ + Disabled: true, + Config: &caddy.ConfigSettings{ + Persist: &false, + }, + }, AppsRaw: caddy.ModuleMap{ "http": caddyconfig.JSON(httpApp, nil), }, diff --git a/modules/caddyhttp/reverseproxy/command.go b/modules/caddyhttp/reverseproxy/command.go index 6153b6ec..fed1cd91 100644 --- a/modules/caddyhttp/reverseproxy/command.go +++ b/modules/caddyhttp/reverseproxy/command.go @@ -172,8 +172,13 @@ func cmdReverseProxy(fs caddycmd.Flags) (int, error) { appsRaw["tls"] = caddyconfig.JSON(tlsApp, nil) } + var false bool cfg := &caddy.Config{ - Admin: &caddy.AdminConfig{Disabled: true}, + Admin: &caddy.AdminConfig{Disabled: true, + Config: &caddy.ConfigSettings{ + Persist: &false, + }, + }, AppsRaw: appsRaw, } diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index a4a976f7..44a58882 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -132,6 +132,7 @@ type Server struct { primaryHandlerChain Handler errorHandlerChain Handler listenerWrappers []caddy.ListenerWrapper + listeners []net.Listener tlsApp *caddytls.TLS logger *zap.Logger diff --git a/modules/caddyhttp/staticresp.go b/modules/caddyhttp/staticresp.go index c587f5ee..9e12bd5c 100644 --- a/modules/caddyhttp/staticresp.go +++ b/modules/caddyhttp/staticresp.go @@ -15,16 +15,71 @@ package caddyhttp import ( + "bytes" + "encoding/json" + "flag" "fmt" + "io" "net/http" + "os" "strconv" + "strings" + "text/template" + "time" "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/caddy/v2/caddyconfig" "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" + caddycmd "github.com/caddyserver/caddy/v2/cmd" ) func init() { caddy.RegisterModule(StaticResponse{}) + caddycmd.RegisterCommand(caddycmd.Command{ + Name: "respond", + Func: cmdRespond, + Usage: `[--status ] [--body ] [--listen ] [--access-log] [--debug] [--header "Field: value"] `, + Short: "Simple, hard-coded HTTP responses for development and testing", + Long: ` +Spins up a quick-and-clean HTTP server for development and testing purposes. + +With no options specified, this command listens on a random available port +and answers HTTP requests with an empty 200 response. The listen address can +be customized with the --listen flag and will always be printed to stdout. +If the listen address includes a port range, multiple servers will be started. + +If a final, unnamed argument is given, it will be treated as a status code +(same as the --status flag) if it is a 3-digit number. Otherwise, it is used +as the response body (same as the --body flag). The --status and --body flags +will always override this argument (for example, to write a body that +literally says "404" but with a status code of 200, do '--status 200 404'). + +A body may be given in 3 ways: a flag, a final (and unnamed) argument to +the command, or piped to stdin (if flag and argument are unset). Limited +template evaluation is supported on the body, with the following variables: + + {{.N}} The server number (useful if using a port range) + {{.Port}} The listener port + {{.Address}} The listener address + +(See the docs for the text/template package in the Go standard library for +information about using templates: https://pkg.go.dev/text/template) + +Access/request logging and more verbose debug logging can also be enabled. + +Response headers may be added using the --header flag for each header field. +`, + Flags: func() *flag.FlagSet { + fs := flag.NewFlagSet("respond", flag.ExitOnError) + fs.String("listen", ":0", "The address to which to bind the listener") + fs.Int("status", http.StatusOK, "The response status code") + fs.String("body", "", "The body of the HTTP response") + fs.Bool("access-log", false, "Enable the access log") + fs.Bool("debug", false, "Enable more verbose debug-level logging") + fs.Var(&respondCmdHeaders, "header", "Set a header on the response (format: \"Field: value\"") + return fs + }(), + }) } // StaticResponse implements a simple responder for static responses. @@ -165,6 +220,192 @@ func (s StaticResponse) ServeHTTP(w http.ResponseWriter, r *http.Request, _ Hand return nil } +func cmdRespond(fl caddycmd.Flags) (int, error) { + caddy.TrapSignals() + + // get flag values + listen := fl.String("listen") + statusCodeFl := fl.Int("status") + bodyFl := fl.String("body") + accessLog := fl.Bool("access-log") + debug := fl.Bool("debug") + arg := fl.Arg(0) + + if fl.NArg() > 1 { + return caddy.ExitCodeFailedStartup, fmt.Errorf("too many unflagged arguments") + } + + // prefer status and body from explicit flags + statusCode, body := statusCodeFl, bodyFl + + // figure out if status code was explicitly specified; this lets + // us set a non-zero value as the default but is a little hacky + var statusCodeFlagSpecified bool + for _, fl := range os.Args { + if fl == "--status" { + statusCodeFlagSpecified = true + break + } + } + + // try to determine what kind of parameter the unnamed argument is + if arg != "" { + // specifying body and status flags makes the argument redundant/unused + if bodyFl != "" && statusCodeFlagSpecified { + return caddy.ExitCodeFailedStartup, fmt.Errorf("unflagged argument \"%s\" is overridden by flags", arg) + } + + // if a valid 3-digit number, treat as status code; otherwise body + if argInt, err := strconv.Atoi(arg); err == nil && !statusCodeFlagSpecified { + if argInt >= 100 && argInt <= 999 { + statusCode = argInt + } + } else if body == "" { + body = arg + } + } + + // if we still need a body, see if stdin is being piped + if body == "" { + stdinInfo, err := os.Stdin.Stat() + if err != nil { + return caddy.ExitCodeFailedStartup, err + } + if stdinInfo.Mode()&os.ModeNamedPipe != 0 { + bodyBytes, err := io.ReadAll(os.Stdin) + if err != nil { + return caddy.ExitCodeFailedStartup, err + } + body = string(bodyBytes) + } + } + + // build headers map + hdr := make(http.Header) + for i, h := range respondCmdHeaders { + key, val, found := cut(h, ":") // TODO: use strings.Cut() once Go 1.18 is our minimum + key, val = strings.TrimSpace(key), strings.TrimSpace(val) + if !found || key == "" || val == "" { + return caddy.ExitCodeFailedStartup, fmt.Errorf("header %d: invalid format \"%s\" (expecting \"Field: value\")", i, h) + } + hdr.Set(key, val) + } + + // expand listen address, if more than one port + listenAddr, err := caddy.ParseNetworkAddress(listen) + if err != nil { + return caddy.ExitCodeFailedStartup, err + } + listenAddrs := make([]string, 0, listenAddr.PortRangeSize()) + for offset := uint(0); offset < listenAddr.PortRangeSize(); offset++ { + listenAddrs = append(listenAddrs, listenAddr.JoinHostPort(offset)) + } + + // build each HTTP server + httpApp := App{Servers: make(map[string]*Server)} + + for i, addr := range listenAddrs { + var handlers []json.RawMessage + + // response body supports a basic template; evaluate it + tplCtx := struct { + N int // server number + Port uint // only the port + Address string // listener address + }{ + N: i, + Port: listenAddr.StartPort + uint(i), + Address: addr, + } + tpl, err := template.New("body").Parse(body) + if err != nil { + return caddy.ExitCodeFailedStartup, err + } + buf := new(bytes.Buffer) + err = tpl.Execute(buf, tplCtx) + if err != nil { + return caddy.ExitCodeFailedStartup, err + } + + // create route with handler + handler := StaticResponse{ + StatusCode: WeakString(fmt.Sprintf("%d", statusCode)), + Headers: hdr, + Body: buf.String(), + } + handlers = append(handlers, caddyconfig.JSONModuleObject(handler, "handler", "static_response", nil)) + route := Route{HandlersRaw: handlers} + + server := &Server{ + Listen: []string{addr}, + ReadHeaderTimeout: caddy.Duration(10 * time.Second), + IdleTimeout: caddy.Duration(30 * time.Second), + MaxHeaderBytes: 1024 * 10, + Routes: RouteList{route}, + AutoHTTPS: &AutoHTTPSConfig{DisableRedir: true}, + } + if accessLog { + server.Logs = new(ServerLogConfig) + } + + // save server + httpApp.Servers[fmt.Sprintf("static%d", i)] = server + } + + // finish building the config + var false bool + cfg := &caddy.Config{ + Admin: &caddy.AdminConfig{ + Disabled: true, + Config: &caddy.ConfigSettings{ + Persist: &false, + }, + }, + AppsRaw: caddy.ModuleMap{ + "http": caddyconfig.JSON(httpApp, nil), + }, + } + if debug { + cfg.Logging = &caddy.Logging{ + Logs: map[string]*caddy.CustomLog{ + "default": {Level: "DEBUG"}, + }, + } + } + + // run it! + err = caddy.Run(cfg) + if err != nil { + return caddy.ExitCodeFailedStartup, err + } + + // to print listener addresses, get the active HTTP app + loadedHTTPApp, err := caddy.ActiveContext().App("http") + if err != nil { + return caddy.ExitCodeFailedStartup, err + } + + // print each listener address + for _, srv := range loadedHTTPApp.(*App).Servers { + for _, ln := range srv.listeners { + fmt.Printf("Server address: %s\n", ln.Addr()) + } + } + + select {} +} + +// TODO: delete this and use strings.Cut() once Go 1.18 is our minimum +func cut(s, sep string) (before, after string, found bool) { + if i := strings.Index(s, sep); i >= 0 { + return s[:i], s[i+len(sep):], true + } + return s, "", false +} + +// respondCmdHeaders holds the parsed values from repeated use of the --header flag. +var respondCmdHeaders caddycmd.StringSlice + // Interface guards var ( _ MiddlewareHandler = (*StaticResponse)(nil) From db1aa5b5bc174e5a5df39a277f737b304e1e2350 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 1 Aug 2022 13:40:09 -0600 Subject: [PATCH 0708/1498] Oops (sigh) Forgot to remove this redundant line --- cmd/main.go | 1 - 1 file changed, 1 deletion(-) diff --git a/cmd/main.go b/cmd/main.go index 348bdbce..f289b493 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -338,7 +338,6 @@ func flagHelp(fs *flag.FlagSet) string { buf := new(bytes.Buffer) fs.SetOutput(buf) - buf.Write([]byte("(NOTE: use -- instead of - for flags)\n\n")) fs.PrintDefaults() return buf.String() } From 141872ed80d6323505e7543628c259fdae8506d3 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 2 Aug 2022 16:39:09 -0400 Subject: [PATCH 0709/1498] chore: Bump up to Go 1.19, minimum 1.18 (#4925) --- .github/workflows/ci.yml | 10 +- .github/workflows/cross-build.yml | 6 +- .github/workflows/lint.yml | 2 +- .github/workflows/release.yml | 6 +- README.md | 2 +- admin.go | 24 +- admin_test.go | 2 +- caddy.go | 10 +- caddyconfig/caddyfile/adapter.go | 6 +- caddyconfig/caddyfile/dispenser.go | 4 +- caddyconfig/configadapters.go | 10 +- caddyconfig/httpcaddyfile/addresses.go | 4 +- caddyconfig/httpcaddyfile/directives.go | 12 +- caddyconfig/httpcaddyfile/httptype.go | 18 +- caddyconfig/httpcaddyfile/options.go | 37 +- caddyconfig/httpcaddyfile/pkiapp.go | 5 +- caddyconfig/httpcaddyfile/serveroptions.go | 4 +- caddyconfig/httpcaddyfile/tlsapp.go | 6 +- caddyconfig/load.go | 2 +- caddytest/caddytest.go | 8 +- cmd/commandfuncs.go | 2 +- cmd/main.go | 2 +- cmd/packagesfuncs.go | 2 +- context.go | 52 +-- context_test.go | 8 +- go.mod | 2 +- go.sum | 371 ------------------ modules.go | 10 +- modules/caddyhttp/app.go | 2 +- modules/caddyhttp/caddyauth/caddyauth.go | 2 +- modules/caddyhttp/celmatcher.go | 22 +- modules/caddyhttp/encode/encode.go | 6 +- modules/caddyhttp/fileserver/browse.go | 2 +- modules/caddyhttp/fileserver/staticfiles.go | 2 +- modules/caddyhttp/map/caddyfile.go | 2 +- modules/caddyhttp/map/map.go | 4 +- modules/caddyhttp/map/map_test.go | 22 +- modules/caddyhttp/matchers.go | 2 +- modules/caddyhttp/matchers_test.go | 2 +- modules/caddyhttp/replacer.go | 10 +- modules/caddyhttp/reverseproxy/admin.go | 2 +- .../caddyhttp/reverseproxy/healthchecks.go | 2 +- .../caddyhttp/reverseproxy/reverseproxy.go | 2 +- modules/caddyhttp/reverseproxy/streaming.go | 2 +- modules/caddyhttp/rewrite/rewrite.go | 2 +- modules/caddyhttp/routes.go | 8 +- modules/caddyhttp/server.go | 2 +- modules/caddyhttp/staticresp.go | 10 +- modules/caddyhttp/templates/frontmatter.go | 22 +- modules/caddyhttp/templates/tplcontext.go | 12 +- modules/caddyhttp/vars.go | 16 +- modules/caddypki/ca.go | 14 +- modules/caddypki/certificates.go | 2 +- modules/caddytls/automation.go | 4 +- modules/caddytls/connpolicy.go | 4 +- modules/caddytls/tls.go | 2 +- modules/logging/filterencoder.go | 6 +- modules/logging/nopencoder.go | 2 +- modules/metrics/metrics.go | 2 +- replacer.go | 20 +- replacer_test.go | 14 +- usagepool.go | 14 +- 62 files changed, 244 insertions(+), 625 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 05ec80f3..f194aa2a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,16 +19,16 @@ jobs: fail-fast: false matrix: os: [ ubuntu-latest, macos-latest, windows-latest ] - go: [ '1.17', '1.18' ] + go: [ '1.18', '1.19' ] include: # Set the minimum Go patch version for the given Go minor # Usable via ${{ matrix.GO_SEMVER }} - - go: '1.17' - GO_SEMVER: '~1.17.9' - - go: '1.18' - GO_SEMVER: '~1.18.1' + GO_SEMVER: '~1.18.4' + + - go: '1.19' + GO_SEMVER: '~1.19.0' # Set some variables per OS, usable via ${{ matrix.VAR }} # CADDY_BIN_PATH: the path to the compiled Caddy binary, for artifact publishing diff --git a/.github/workflows/cross-build.yml b/.github/workflows/cross-build.yml index f37dc854..653102c6 100644 --- a/.github/workflows/cross-build.yml +++ b/.github/workflows/cross-build.yml @@ -16,13 +16,13 @@ jobs: fail-fast: false matrix: goos: ['android', 'linux', 'solaris', 'illumos', 'dragonfly', 'freebsd', 'openbsd', 'plan9', 'windows', 'darwin', 'netbsd'] - go: [ '1.18' ] + go: [ '1.19' ] include: # Set the minimum Go patch version for the given Go minor # Usable via ${{ matrix.GO_SEMVER }} - - go: '1.18' - GO_SEMVER: '~1.18.1' + - go: '1.19' + GO_SEMVER: '~1.19.0' runs-on: ubuntu-latest continue-on-error: true diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 57c3503a..c5e64d11 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -22,7 +22,7 @@ jobs: - uses: actions/checkout@v3 - uses: actions/setup-go@v3 with: - go-version: '~1.17.9' + go-version: '~1.18.4' check-latest: true - name: golangci-lint diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 80241201..2a2292a6 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -11,13 +11,13 @@ jobs: strategy: matrix: os: [ ubuntu-latest ] - go: [ '1.18' ] + go: [ '1.19' ] include: # Set the minimum Go patch version for the given Go minor # Usable via ${{ matrix.GO_SEMVER }} - - go: '1.18' - GO_SEMVER: '~1.18.1' + - go: '1.19' + GO_SEMVER: '~1.19.0' runs-on: ${{ matrix.os }} diff --git a/README.md b/README.md index 251e54a5..0495ee3a 100644 --- a/README.md +++ b/README.md @@ -75,7 +75,7 @@ For other install options, see https://caddyserver.com/docs/install. Requirements: -- [Go 1.17 or newer](https://golang.org/dl/) +- [Go 1.18 or newer](https://golang.org/dl/) ### For development diff --git a/admin.go b/admin.go index 125a7b2e..9aa17f87 100644 --- a/admin.go +++ b/admin.go @@ -441,7 +441,7 @@ func manageIdentity(ctx Context, cfg *Config) error { if err != nil { return fmt.Errorf("loading identity issuer modules: %s", err) } - for _, issVal := range val.([]interface{}) { + for _, issVal := range val.([]any) { cfg.Admin.Identity.issuers = append(cfg.Admin.Identity.issuers, issVal.(certmagic.Issuer)) } } @@ -1034,7 +1034,7 @@ func handleStop(w http.ResponseWriter, r *http.Request) error { // only a read lock; all others need a write lock). func unsyncedConfigAccess(method, path string, body []byte, out io.Writer) error { var err error - var val interface{} + var val any // if there is a request body, decode it into the // variable that will be set in the config according @@ -1071,16 +1071,16 @@ func unsyncedConfigAccess(method, path string, body []byte, out io.Writer) error parts = parts[:len(parts)-1] } - var ptr interface{} = rawCfg + var ptr any = rawCfg traverseLoop: for i, part := range parts { switch v := ptr.(type) { - case map[string]interface{}: + case map[string]any: // if the next part enters a slice, and the slice is our destination, // handle it specially (because appending to the slice copies the slice // header, which does not replace the original one like we want) - if arr, ok := v[part].([]interface{}); ok && i == len(parts)-2 { + if arr, ok := v[part].([]any); ok && i == len(parts)-2 { var idx int if method != http.MethodPost { idxStr := parts[len(parts)-1] @@ -1102,7 +1102,7 @@ traverseLoop: } case http.MethodPost: if ellipses { - valArray, ok := val.([]interface{}) + valArray, ok := val.([]any) if !ok { return fmt.Errorf("final element is not an array") } @@ -1137,9 +1137,9 @@ traverseLoop: case http.MethodPost: // if the part is an existing list, POST appends to // it, otherwise it just sets or creates the value - if arr, ok := v[part].([]interface{}); ok { + if arr, ok := v[part].([]any); ok { if ellipses { - valArray, ok := val.([]interface{}) + valArray, ok := val.([]any) if !ok { return fmt.Errorf("final element is not an array") } @@ -1170,12 +1170,12 @@ traverseLoop: // might not exist yet; that's OK but we need to make them as // we go, while we still have a pointer from the level above if v[part] == nil && method == http.MethodPut { - v[part] = make(map[string]interface{}) + v[part] = make(map[string]any) } ptr = v[part] } - case []interface{}: + case []any: partInt, err := strconv.Atoi(part) if err != nil { return fmt.Errorf("[/%s] invalid array index '%s': %v", @@ -1197,7 +1197,7 @@ traverseLoop: // RemoveMetaFields removes meta fields like "@id" from a JSON message // by using a simple regular expression. (An alternate way to do this -// would be to delete them from the raw, map[string]interface{} +// would be to delete them from the raw, map[string]any // representation as they are indexed, then iterate the index we made // and add them back after encoding as JSON, but this is simpler.) func RemoveMetaFields(rawJSON []byte) []byte { @@ -1329,7 +1329,7 @@ const ( ) var bufPool = sync.Pool{ - New: func() interface{} { + New: func() any { return new(bytes.Buffer) }, } diff --git a/admin_test.go b/admin_test.go index f64df75a..d53988b3 100644 --- a/admin_test.go +++ b/admin_test.go @@ -115,7 +115,7 @@ func TestUnsyncedConfigAccess(t *testing.T) { } // decode the expected config so we can do a convenient DeepEqual - var expectedDecoded interface{} + var expectedDecoded any err = json.Unmarshal([]byte(tc.expect), &expectedDecoded) if err != nil { t.Fatalf("Test %d: Unmarshaling expected config: %v", i, err) diff --git a/caddy.go b/caddy.go index 20da5de1..54c890bf 100644 --- a/caddy.go +++ b/caddy.go @@ -217,7 +217,7 @@ func changeConfig(method, path string, input []byte, ifMatchHeader string, force // with what caddy is still running; we need to // unmarshal it again because it's likely that // pointers deep in our rawCfg map were modified - var oldCfg interface{} + var oldCfg any err2 := json.Unmarshal(rawCfgJSON, &oldCfg) if err2 != nil { err = fmt.Errorf("%v; additionally, restoring old config: %v", err, err2) @@ -251,9 +251,9 @@ func readConfig(path string, out io.Writer) error { // "@id" and maps that ID value to the full configPath in the index. // This function is NOT safe for concurrent access; obtain a write lock // on currentCtxMu. -func indexConfigObjects(ptr interface{}, configPath string, index map[string]string) error { +func indexConfigObjects(ptr any, configPath string, index map[string]string) error { switch val := ptr.(type) { - case map[string]interface{}: + case map[string]any: for k, v := range val { if k == idKey { switch idVal := v.(type) { @@ -272,7 +272,7 @@ func indexConfigObjects(ptr interface{}, configPath string, index map[string]str return err } } - case []interface{}: + case []any: // traverse each element of the array recursively for i := range val { err := indexConfigObjects(val[i], path.Join(configPath, strconv.Itoa(i)), index) @@ -848,7 +848,7 @@ var ( // to maintain parity with the API endpoint and to avoid // the special case of having to access/mutate the variable // directly without traversing into it. - rawCfg = map[string]interface{}{ + rawCfg = map[string]any{ rawConfigKey: nil, } diff --git a/caddyconfig/caddyfile/adapter.go b/caddyconfig/caddyfile/adapter.go index 55d7253a..d5bb7c22 100644 --- a/caddyconfig/caddyfile/adapter.go +++ b/caddyconfig/caddyfile/adapter.go @@ -29,12 +29,12 @@ type Adapter struct { } // Adapt converts the Caddyfile config in body to Caddy JSON. -func (a Adapter) Adapt(body []byte, options map[string]interface{}) ([]byte, []caddyconfig.Warning, error) { +func (a Adapter) Adapt(body []byte, options map[string]any) ([]byte, []caddyconfig.Warning, error) { if a.ServerType == nil { return nil, nil, fmt.Errorf("no server type") } if options == nil { - options = make(map[string]interface{}) + options = make(map[string]any) } filename, _ := options["filename"].(string) @@ -116,7 +116,7 @@ type ServerType interface { // (e.g. CLI flags) and creates a Caddy // config, along with any warnings or // an error. - Setup([]ServerBlock, map[string]interface{}) (*caddy.Config, []caddyconfig.Warning, error) + Setup([]ServerBlock, map[string]any) (*caddy.Config, []caddyconfig.Warning, error) } // UnmarshalModule instantiates a module with the given ID and invokes diff --git a/caddyconfig/caddyfile/dispenser.go b/caddyconfig/caddyfile/dispenser.go index 8a78f433..b37d2329 100644 --- a/caddyconfig/caddyfile/dispenser.go +++ b/caddyconfig/caddyfile/dispenser.go @@ -217,7 +217,7 @@ func (d *Dispenser) ValRaw() string { // ScalarVal gets value of the current token, converted to the closest // scalar type. If there is no token loaded, it returns nil. -func (d *Dispenser) ScalarVal() interface{} { +func (d *Dispenser) ScalarVal() any { if d.cursor < 0 || d.cursor >= len(d.tokens) { return nil } @@ -412,7 +412,7 @@ func (d *Dispenser) Err(msg string) error { } // Errf is like Err, but for formatted error messages -func (d *Dispenser) Errf(format string, args ...interface{}) error { +func (d *Dispenser) Errf(format string, args ...any) error { return d.WrapErr(fmt.Errorf(format, args...)) } diff --git a/caddyconfig/configadapters.go b/caddyconfig/configadapters.go index ccac5f88..0ca3c3af 100644 --- a/caddyconfig/configadapters.go +++ b/caddyconfig/configadapters.go @@ -24,7 +24,7 @@ import ( // Adapter is a type which can adapt a configuration to Caddy JSON. // It returns the results and any warnings, or an error. type Adapter interface { - Adapt(body []byte, options map[string]interface{}) ([]byte, []Warning, error) + Adapt(body []byte, options map[string]any) ([]byte, []Warning, error) } // Warning represents a warning or notice related to conversion. @@ -48,7 +48,7 @@ func (w Warning) String() string { // are converted to warnings. This is convenient when filling config // structs that require a json.RawMessage, without having to worry // about errors. -func JSON(val interface{}, warnings *[]Warning) json.RawMessage { +func JSON(val any, warnings *[]Warning) json.RawMessage { b, err := json.Marshal(val) if err != nil { if warnings != nil { @@ -64,9 +64,9 @@ func JSON(val interface{}, warnings *[]Warning) json.RawMessage { // for encoding module values where the module name has to be described within // the object by a certain key; for example, `"handler": "file_server"` for a // file server HTTP handler (fieldName="handler" and fieldVal="file_server"). -// The val parameter must encode into a map[string]interface{} (i.e. it must be +// The val parameter must encode into a map[string]any (i.e. it must be // a struct or map). Any errors are converted into warnings. -func JSONModuleObject(val interface{}, fieldName, fieldVal string, warnings *[]Warning) json.RawMessage { +func JSONModuleObject(val any, fieldName, fieldVal string, warnings *[]Warning) json.RawMessage { // encode to a JSON object first enc, err := json.Marshal(val) if err != nil { @@ -77,7 +77,7 @@ func JSONModuleObject(val interface{}, fieldName, fieldVal string, warnings *[]W } // then decode the object - var tmp map[string]interface{} + var tmp map[string]any err = json.Unmarshal(enc, &tmp) if err != nil { if warnings != nil { diff --git a/caddyconfig/httpcaddyfile/addresses.go b/caddyconfig/httpcaddyfile/addresses.go index 03083d88..0553c083 100644 --- a/caddyconfig/httpcaddyfile/addresses.go +++ b/caddyconfig/httpcaddyfile/addresses.go @@ -76,7 +76,7 @@ import ( // multiple addresses to the same lists of server blocks (a many:many mapping). // (Doing this is essentially a map-reduce technique.) func (st *ServerType) mapAddressToServerBlocks(originalServerBlocks []serverBlock, - options map[string]interface{}) (map[string][]serverBlock, error) { + options map[string]any) (map[string][]serverBlock, error) { sbmap := make(map[string][]serverBlock) for i, sblock := range originalServerBlocks { @@ -186,7 +186,7 @@ func (st *ServerType) consolidateAddrMappings(addrToServerBlocks map[string][]se // listenerAddrsForServerBlockKey essentially converts the Caddyfile // site addresses to Caddy listener addresses for each server block. func (st *ServerType) listenerAddrsForServerBlockKey(sblock serverBlock, key string, - options map[string]interface{}) ([]string, error) { + options map[string]any) ([]string, error) { addr, err := ParseAddress(key) if err != nil { return nil, fmt.Errorf("parsing key: %v", err) diff --git a/caddyconfig/httpcaddyfile/directives.go b/caddyconfig/httpcaddyfile/directives.go index 164b9126..89706b3a 100644 --- a/caddyconfig/httpcaddyfile/directives.go +++ b/caddyconfig/httpcaddyfile/directives.go @@ -142,8 +142,8 @@ func RegisterGlobalOption(opt string, setupFunc UnmarshalGlobalFunc) { type Helper struct { *caddyfile.Dispenser // State stores intermediate variables during caddyfile adaptation. - State map[string]interface{} - options map[string]interface{} + State map[string]any + options map[string]any warnings *[]caddyconfig.Warning matcherDefs map[string]caddy.ModuleMap parentBlock caddyfile.ServerBlock @@ -151,7 +151,7 @@ type Helper struct { } // Option gets the option keyed by name. -func (h Helper) Option(name string) interface{} { +func (h Helper) Option(name string) any { return h.options[name] } @@ -175,7 +175,7 @@ func (h Helper) Caddyfiles() []string { } // JSON converts val into JSON. Any errors are added to warnings. -func (h Helper) JSON(val interface{}) json.RawMessage { +func (h Helper) JSON(val any) json.RawMessage { return caddyconfig.JSON(val, h.warnings) } @@ -375,7 +375,7 @@ type ConfigValue struct { // The value to be used when building the config. // Generally its type is associated with the // name of the Class. - Value interface{} + Value any directive string } @@ -567,7 +567,7 @@ type ( // tokens from a global option. It is passed the tokens to parse and // existing value from the previous instance of this global option // (if any). It returns the value to associate with this global option. - UnmarshalGlobalFunc func(d *caddyfile.Dispenser, existingVal interface{}) (interface{}, error) + UnmarshalGlobalFunc func(d *caddyfile.Dispenser, existingVal any) (any, error) ) var registeredDirectives = make(map[string]UnmarshalFunc) diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index b1140594..7153b8c0 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -53,10 +53,10 @@ type ServerType struct { // Setup makes a config from the tokens. func (st ServerType) Setup(inputServerBlocks []caddyfile.ServerBlock, - options map[string]interface{}) (*caddy.Config, []caddyconfig.Warning, error) { + options map[string]any) (*caddy.Config, []caddyconfig.Warning, error) { var warnings []caddyconfig.Warning gc := counter{new(int)} - state := make(map[string]interface{}) + state := make(map[string]any) // load all the server blocks and associate them with a "pile" of config values originalServerBlocks := make([]serverBlock, 0, len(inputServerBlocks)) @@ -313,14 +313,14 @@ func (st ServerType) Setup(inputServerBlocks []caddyfile.ServerBlock, // which is expected to be the first server block if it has zero // keys. It returns the updated list of server blocks with the // global options block removed, and updates options accordingly. -func (ServerType) evaluateGlobalOptionsBlock(serverBlocks []serverBlock, options map[string]interface{}) ([]serverBlock, error) { +func (ServerType) evaluateGlobalOptionsBlock(serverBlocks []serverBlock, options map[string]any) ([]serverBlock, error) { if len(serverBlocks) == 0 || len(serverBlocks[0].block.Keys) > 0 { return serverBlocks, nil } for _, segment := range serverBlocks[0].block.Segments { opt := segment.Directive() - var val interface{} + var val any var err error disp := caddyfile.NewDispenser(segment) @@ -390,7 +390,7 @@ func (ServerType) evaluateGlobalOptionsBlock(serverBlocks []serverBlock, options // to server blocks. Each pairing is essentially a server definition. func (st *ServerType) serversFromPairings( pairings []sbAddrAssociation, - options map[string]interface{}, + options map[string]any, warnings *[]caddyconfig.Warning, groupCounter counter, ) (map[string]*caddyhttp.Server, error) { @@ -725,7 +725,7 @@ func (st *ServerType) serversFromPairings( return servers, nil } -func detectConflictingSchemes(srv *caddyhttp.Server, serverBlocks []serverBlock, options map[string]interface{}) error { +func detectConflictingSchemes(srv *caddyhttp.Server, serverBlocks []serverBlock, options map[string]any) error { httpPort := strconv.Itoa(caddyhttp.DefaultHTTPPort) if hp, ok := options["http_port"].(int); ok { httpPort = strconv.Itoa(hp) @@ -1304,7 +1304,7 @@ func WasReplacedPlaceholderShorthand(token string) string { // tryInt tries to convert val to an integer. If it fails, // it downgrades the error to a warning and returns 0. -func tryInt(val interface{}, warnings *[]caddyconfig.Warning) int { +func tryInt(val any, warnings *[]caddyconfig.Warning) int { intVal, ok := val.(int) if val != nil && !ok && warnings != nil { *warnings = append(*warnings, caddyconfig.Warning{Message: "not an integer type"}) @@ -1312,7 +1312,7 @@ func tryInt(val interface{}, warnings *[]caddyconfig.Warning) int { return intVal } -func tryString(val interface{}, warnings *[]caddyconfig.Warning) string { +func tryString(val any, warnings *[]caddyconfig.Warning) string { stringVal, ok := val.(string) if val != nil && !ok && warnings != nil { *warnings = append(*warnings, caddyconfig.Warning{Message: "not a string type"}) @@ -1320,7 +1320,7 @@ func tryString(val interface{}, warnings *[]caddyconfig.Warning) string { return stringVal } -func tryDuration(val interface{}, warnings *[]caddyconfig.Warning) caddy.Duration { +func tryDuration(val any, warnings *[]caddyconfig.Warning) caddy.Duration { durationVal, ok := val.(caddy.Duration) if val != nil && !ok && warnings != nil { *warnings = append(*warnings, caddyconfig.Warning{Message: "not a duration type"}) diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go index ad52a7b0..d9af04ed 100644 --- a/caddyconfig/httpcaddyfile/options.go +++ b/caddyconfig/httpcaddyfile/options.go @@ -54,9 +54,9 @@ func init() { RegisterGlobalOption("preferred_chains", parseOptPreferredChains) } -func parseOptTrue(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { return true, nil } +func parseOptTrue(d *caddyfile.Dispenser, _ any) (any, error) { return true, nil } -func parseOptHTTPPort(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { +func parseOptHTTPPort(d *caddyfile.Dispenser, _ any) (any, error) { var httpPort int for d.Next() { var httpPortStr string @@ -72,7 +72,7 @@ func parseOptHTTPPort(d *caddyfile.Dispenser, _ interface{}) (interface{}, error return httpPort, nil } -func parseOptHTTPSPort(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { +func parseOptHTTPSPort(d *caddyfile.Dispenser, _ any) (any, error) { var httpsPort int for d.Next() { var httpsPortStr string @@ -88,7 +88,7 @@ func parseOptHTTPSPort(d *caddyfile.Dispenser, _ interface{}) (interface{}, erro return httpsPort, nil } -func parseOptOrder(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { +func parseOptOrder(d *caddyfile.Dispenser, _ any) (any, error) { newOrder := directiveOrder for d.Next() { @@ -164,7 +164,7 @@ func parseOptOrder(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { return newOrder, nil } -func parseOptStorage(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { +func parseOptStorage(d *caddyfile.Dispenser, _ any) (any, error) { if !d.Next() { // consume option name return nil, d.ArgErr() } @@ -183,7 +183,7 @@ func parseOptStorage(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) return storage, nil } -func parseOptDuration(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { +func parseOptDuration(d *caddyfile.Dispenser, _ any) (any, error) { if !d.Next() { // consume option name return nil, d.ArgErr() } @@ -197,7 +197,7 @@ func parseOptDuration(d *caddyfile.Dispenser, _ interface{}) (interface{}, error return caddy.Duration(dur), nil } -func parseOptACMEDNS(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { +func parseOptACMEDNS(d *caddyfile.Dispenser, _ any) (any, error) { if !d.Next() { // consume option name return nil, d.ArgErr() } @@ -216,7 +216,7 @@ func parseOptACMEDNS(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) return prov, nil } -func parseOptACMEEAB(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { +func parseOptACMEEAB(d *caddyfile.Dispenser, _ any) (any, error) { eab := new(acme.EAB) for d.Next() { if d.NextArg() { @@ -244,7 +244,7 @@ func parseOptACMEEAB(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) return eab, nil } -func parseOptCertIssuer(d *caddyfile.Dispenser, existing interface{}) (interface{}, error) { +func parseOptCertIssuer(d *caddyfile.Dispenser, existing any) (any, error) { var issuers []certmagic.Issuer if existing != nil { issuers = existing.([]certmagic.Issuer) @@ -267,7 +267,7 @@ func parseOptCertIssuer(d *caddyfile.Dispenser, existing interface{}) (interface return issuers, nil } -func parseOptSingleString(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { +func parseOptSingleString(d *caddyfile.Dispenser, _ any) (any, error) { d.Next() // consume parameter name if !d.Next() { return "", d.ArgErr() @@ -279,7 +279,7 @@ func parseOptSingleString(d *caddyfile.Dispenser, _ interface{}) (interface{}, e return val, nil } -func parseOptStringList(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { +func parseOptStringList(d *caddyfile.Dispenser, _ any) (any, error) { d.Next() // consume parameter name val := d.RemainingArgs() if len(val) == 0 { @@ -288,7 +288,7 @@ func parseOptStringList(d *caddyfile.Dispenser, _ interface{}) (interface{}, err return val, nil } -func parseOptAdmin(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { +func parseOptAdmin(d *caddyfile.Dispenser, _ any) (any, error) { adminCfg := new(caddy.AdminConfig) for d.Next() { if d.NextArg() { @@ -324,7 +324,7 @@ func parseOptAdmin(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { return adminCfg, nil } -func parseOptOnDemand(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { +func parseOptOnDemand(d *caddyfile.Dispenser, _ any) (any, error) { var ond *caddytls.OnDemandConfig for d.Next() { if d.NextArg() { @@ -384,7 +384,7 @@ func parseOptOnDemand(d *caddyfile.Dispenser, _ interface{}) (interface{}, error return ond, nil } -func parseOptAutoHTTPS(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { +func parseOptAutoHTTPS(d *caddyfile.Dispenser, _ any) (any, error) { d.Next() // consume parameter name if !d.Next() { return "", d.ArgErr() @@ -399,11 +399,11 @@ func parseOptAutoHTTPS(d *caddyfile.Dispenser, _ interface{}) (interface{}, erro return val, nil } -func parseServerOptions(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { +func parseServerOptions(d *caddyfile.Dispenser, _ any) (any, error) { return unmarshalCaddyfileServerOptions(d) } -func parseOCSPStaplingOptions(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { +func parseOCSPStaplingOptions(d *caddyfile.Dispenser, _ any) (any, error) { d.Next() // consume option name var val string if !d.AllArgs(&val) { @@ -429,8 +429,7 @@ func parseOCSPStaplingOptions(d *caddyfile.Dispenser, _ interface{}) (interface{ // // When the name argument is unspecified, this directive modifies the default // logger. -// -func parseLogOptions(d *caddyfile.Dispenser, existingVal interface{}) (interface{}, error) { +func parseLogOptions(d *caddyfile.Dispenser, existingVal any) (any, error) { currentNames := make(map[string]struct{}) if existingVal != nil { innerVals, ok := existingVal.([]ConfigValue) @@ -465,7 +464,7 @@ func parseLogOptions(d *caddyfile.Dispenser, existingVal interface{}) (interface return configValues, nil } -func parseOptPreferredChains(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) { +func parseOptPreferredChains(d *caddyfile.Dispenser, _ any) (any, error) { d.Next() return caddytls.ParseCaddyfilePreferredChainsOptions(d) } diff --git a/caddyconfig/httpcaddyfile/pkiapp.go b/caddyconfig/httpcaddyfile/pkiapp.go index 9feb4335..f8aba9ff 100644 --- a/caddyconfig/httpcaddyfile/pkiapp.go +++ b/caddyconfig/httpcaddyfile/pkiapp.go @@ -45,8 +45,7 @@ func init() { // } // // When the CA ID is unspecified, 'local' is assumed. -// -func parsePKIApp(d *caddyfile.Dispenser, existingVal interface{}) (interface{}, error) { +func parsePKIApp(d *caddyfile.Dispenser, existingVal any) (any, error) { pki := &caddypki.PKI{CAs: make(map[string]*caddypki.CA)} for d.Next() { @@ -160,7 +159,7 @@ func parsePKIApp(d *caddyfile.Dispenser, existingVal interface{}) (interface{}, func (st ServerType) buildPKIApp( pairings []sbAddrAssociation, - options map[string]interface{}, + options map[string]any, warnings []caddyconfig.Warning, ) (*caddypki.PKI, []caddyconfig.Warning, error) { diff --git a/caddyconfig/httpcaddyfile/serveroptions.go b/caddyconfig/httpcaddyfile/serveroptions.go index 7a752524..9eb1940f 100644 --- a/caddyconfig/httpcaddyfile/serveroptions.go +++ b/caddyconfig/httpcaddyfile/serveroptions.go @@ -45,7 +45,7 @@ type serverOptions struct { ShouldLogCredentials bool } -func unmarshalCaddyfileServerOptions(d *caddyfile.Dispenser) (interface{}, error) { +func unmarshalCaddyfileServerOptions(d *caddyfile.Dispenser) (any, error) { serverOpts := serverOptions{} for d.Next() { if d.NextArg() { @@ -182,7 +182,7 @@ func unmarshalCaddyfileServerOptions(d *caddyfile.Dispenser) (interface{}, error // applyServerOptions sets the server options on the appropriate servers func applyServerOptions( servers map[string]*caddyhttp.Server, - options map[string]interface{}, + options map[string]any, warnings *[]caddyconfig.Warning, ) error { // If experimental HTTP/3 is enabled, enable it on each server. diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index 40ea47d0..32c17478 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -33,7 +33,7 @@ import ( func (st ServerType) buildTLSApp( pairings []sbAddrAssociation, - options map[string]interface{}, + options map[string]any, warnings []caddyconfig.Warning, ) (*caddytls.TLS, []caddyconfig.Warning, error) { @@ -420,7 +420,7 @@ func (st ServerType) buildTLSApp( type acmeCapable interface{ GetACMEIssuer() *caddytls.ACMEIssuer } -func fillInGlobalACMEDefaults(issuer certmagic.Issuer, options map[string]interface{}) error { +func fillInGlobalACMEDefaults(issuer certmagic.Issuer, options map[string]any) error { acmeWrapper, ok := issuer.(acmeCapable) if !ok { return nil @@ -467,7 +467,7 @@ func fillInGlobalACMEDefaults(issuer certmagic.Issuer, options map[string]interf // for any other automation policies. A nil policy (and no error) will be // returned if there are no default/global options. However, if always is // true, a non-nil value will always be returned (unless there is an error). -func newBaseAutomationPolicy(options map[string]interface{}, warnings []caddyconfig.Warning, always bool) (*caddytls.AutomationPolicy, error) { +func newBaseAutomationPolicy(options map[string]any, warnings []caddyconfig.Warning, always bool) (*caddytls.AutomationPolicy, error) { issuers, hasIssuers := options["cert_issuer"] _, hasLocalCerts := options["local_certs"] keyType, hasKeyType := options["key_type"] diff --git a/caddyconfig/load.go b/caddyconfig/load.go index 78aaba2b..bd47bea4 100644 --- a/caddyconfig/load.go +++ b/caddyconfig/load.go @@ -209,7 +209,7 @@ func adaptByContentType(contentType string, body []byte) ([]byte, []Warning, err } var bufPool = sync.Pool{ - New: func() interface{} { + New: func() any { return new(bytes.Buffer) }, } diff --git a/caddytest/caddytest.go b/caddytest/caddytest.go index 3be332ec..9addd14d 100644 --- a/caddytest/caddytest.go +++ b/caddytest/caddytest.go @@ -186,7 +186,7 @@ func (tc *Tester) ensureConfigRunning(rawConfig string, configType string) error expectedBytes, _, _ = adapter.Adapt([]byte(rawConfig), nil) } - var expected interface{} + var expected any err := json.Unmarshal(expectedBytes, &expected) if err != nil { return err @@ -196,7 +196,7 @@ func (tc *Tester) ensureConfigRunning(rawConfig string, configType string) error Timeout: Default.LoadRequestTimeout, } - fetchConfig := func(client *http.Client) interface{} { + fetchConfig := func(client *http.Client) any { resp, err := client.Get(fmt.Sprintf("http://localhost:%d/config/", Default.AdminPort)) if err != nil { return nil @@ -206,7 +206,7 @@ func (tc *Tester) ensureConfigRunning(rawConfig string, configType string) error if err != nil { return nil } - var actual interface{} + var actual any err = json.Unmarshal(actualBytes, &actual) if err != nil { return nil @@ -371,7 +371,7 @@ func CompareAdapt(t *testing.T, filename, rawConfig string, adapterName string, return false } - options := make(map[string]interface{}) + options := make(map[string]any) result, warnings, err := cfgAdapter.Adapt([]byte(rawConfig), options) if err != nil { diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go index 9e979aed..a4b7bdf7 100644 --- a/cmd/commandfuncs.go +++ b/cmd/commandfuncs.go @@ -471,7 +471,7 @@ func cmdAdaptConfig(fl Flags) (int, error) { fmt.Errorf("reading input file: %v", err) } - opts := map[string]interface{}{"filename": adaptCmdInputFlag} + opts := map[string]any{"filename": adaptCmdInputFlag} adaptedConfig, warnings, err := cfgAdapter.Adapt(input, opts) if err != nil { diff --git a/cmd/main.go b/cmd/main.go index f289b493..e5a4edfe 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -173,7 +173,7 @@ func LoadConfig(configFile, adapterName string) ([]byte, string, error) { // adapt config if cfgAdapter != nil { - adaptedConfig, warnings, err := cfgAdapter.Adapt(config, map[string]interface{}{ + adaptedConfig, warnings, err := cfgAdapter.Adapt(config, map[string]any{ "filename": configFile, }) if err != nil { diff --git a/cmd/packagesfuncs.go b/cmd/packagesfuncs.go index ca15ea34..3aed0e8c 100644 --- a/cmd/packagesfuncs.go +++ b/cmd/packagesfuncs.go @@ -194,7 +194,7 @@ func getModules() (standard, nonstandard, unknown []moduleInfo, err error) { // can use reflection but we need a non-pointer value (I'm // not sure why), and since New() should return a pointer // value, we need to dereference it first - iface := interface{}(modInfo.New()) + iface := any(modInfo.New()) if rv := reflect.ValueOf(iface); rv.Kind() == reflect.Ptr { iface = reflect.New(reflect.TypeOf(iface).Elem()).Elem().Interface() } diff --git a/context.go b/context.go index 2a6f5142..2847619e 100644 --- a/context.go +++ b/context.go @@ -37,7 +37,7 @@ import ( // not actually need to do this). type Context struct { context.Context - moduleInstances map[string][]interface{} + moduleInstances map[string][]any cfg *Config cleanupFuncs []func() } @@ -51,7 +51,7 @@ type Context struct { // modules which are loaded will be properly unloaded. // See standard library context package's documentation. func NewContext(ctx Context) (Context, context.CancelFunc) { - newCtx := Context{moduleInstances: make(map[string][]interface{}), cfg: ctx.cfg} + newCtx := Context{moduleInstances: make(map[string][]any), cfg: ctx.cfg} c, cancel := context.WithCancel(ctx.Context) wrappedCancel := func() { cancel() @@ -90,11 +90,11 @@ func (ctx *Context) OnCancel(f func()) { // ModuleMap may be used in place of map[string]json.RawMessage. The return value's // underlying type mirrors the input field's type: // -// json.RawMessage => interface{} -// []json.RawMessage => []interface{} -// [][]json.RawMessage => [][]interface{} -// map[string]json.RawMessage => map[string]interface{} -// []map[string]json.RawMessage => []map[string]interface{} +// json.RawMessage => any +// []json.RawMessage => []any +// [][]json.RawMessage => [][]any +// map[string]json.RawMessage => map[string]any +// []map[string]json.RawMessage => []map[string]any // // The field must have a "caddy" struct tag in this format: // @@ -121,14 +121,14 @@ func (ctx *Context) OnCancel(f func()) { // in order to know the module name. // // To make use of the loaded module(s) (the return value), you will probably want -// to type-assert each interface{} value(s) to the types that are useful to you +// to type-assert each 'any' value(s) to the types that are useful to you // and store them on the same struct. Storing them on the same struct makes for // easy garbage collection when your host module is no longer needed. // // Loaded modules have already been provisioned and validated. Upon returning // successfully, this method clears the json.RawMessage(s) in the field since // the raw JSON is no longer needed, and this allows the GC to free up memory. -func (ctx Context) LoadModule(structPointer interface{}, fieldName string) (interface{}, error) { +func (ctx Context) LoadModule(structPointer any, fieldName string) (any, error) { val := reflect.ValueOf(structPointer).Elem().FieldByName(fieldName) typ := val.Type() @@ -148,7 +148,7 @@ func (ctx Context) LoadModule(structPointer interface{}, fieldName string) (inte } inlineModuleKey := opts["inline_key"] - var result interface{} + var result any switch val.Kind() { case reflect.Slice: @@ -170,7 +170,7 @@ func (ctx Context) LoadModule(structPointer interface{}, fieldName string) (inte if inlineModuleKey == "" { panic("unable to determine module name without inline_key because type is not a ModuleMap") } - var all []interface{} + var all []any for i := 0; i < val.Len(); i++ { val, err := ctx.loadModuleInline(inlineModuleKey, moduleNamespace, val.Index(i).Interface().(json.RawMessage)) if err != nil { @@ -186,10 +186,10 @@ func (ctx Context) LoadModule(structPointer interface{}, fieldName string) (inte if inlineModuleKey == "" { panic("unable to determine module name without inline_key because type is not a ModuleMap") } - var all [][]interface{} + var all [][]any for i := 0; i < val.Len(); i++ { innerVal := val.Index(i) - var allInner []interface{} + var allInner []any for j := 0; j < innerVal.Len(); j++ { innerInnerVal, err := ctx.loadModuleInline(inlineModuleKey, moduleNamespace, innerVal.Index(j).Interface().(json.RawMessage)) if err != nil { @@ -204,7 +204,7 @@ func (ctx Context) LoadModule(structPointer interface{}, fieldName string) (inte } else if isModuleMapType(typ.Elem()) { // val is `[]map[string]json.RawMessage` - var all []map[string]interface{} + var all []map[string]any for i := 0; i < val.Len(); i++ { thisSet, err := ctx.loadModulesFromSomeMap(moduleNamespace, inlineModuleKey, val.Index(i)) if err != nil { @@ -232,10 +232,10 @@ func (ctx Context) LoadModule(structPointer interface{}, fieldName string) (inte return result, nil } -// loadModulesFromSomeMap loads modules from val, which must be a type of map[string]interface{}. +// loadModulesFromSomeMap loads modules from val, which must be a type of map[string]any. // Depending on inlineModuleKey, it will be interpreted as either a ModuleMap (key is the module // name) or as a regular map (key is not the module name, and module name is defined inline). -func (ctx Context) loadModulesFromSomeMap(namespace, inlineModuleKey string, val reflect.Value) (map[string]interface{}, error) { +func (ctx Context) loadModulesFromSomeMap(namespace, inlineModuleKey string, val reflect.Value) (map[string]any, error) { // if no inline_key is specified, then val must be a ModuleMap, // where the key is the module name if inlineModuleKey == "" { @@ -253,8 +253,8 @@ func (ctx Context) loadModulesFromSomeMap(namespace, inlineModuleKey string, val // loadModulesFromRegularMap loads modules from val, where val is a map[string]json.RawMessage. // Map keys are NOT interpreted as module names, so module names are still expected to appear // inline with the objects. -func (ctx Context) loadModulesFromRegularMap(namespace, inlineModuleKey string, val reflect.Value) (map[string]interface{}, error) { - mods := make(map[string]interface{}) +func (ctx Context) loadModulesFromRegularMap(namespace, inlineModuleKey string, val reflect.Value) (map[string]any, error) { + mods := make(map[string]any) iter := val.MapRange() for iter.Next() { k := iter.Key() @@ -268,10 +268,10 @@ func (ctx Context) loadModulesFromRegularMap(namespace, inlineModuleKey string, return mods, nil } -// loadModuleMap loads modules from a ModuleMap, i.e. map[string]interface{}, where the key is the +// loadModuleMap loads modules from a ModuleMap, i.e. map[string]any, where the key is the // module name. With a module map, module names do not need to be defined inline with their values. -func (ctx Context) loadModuleMap(namespace string, val reflect.Value) (map[string]interface{}, error) { - all := make(map[string]interface{}) +func (ctx Context) loadModuleMap(namespace string, val reflect.Value) (map[string]any, error) { + all := make(map[string]any) iter := val.MapRange() for iter.Next() { k := iter.Key().Interface().(string) @@ -299,7 +299,7 @@ func (ctx Context) loadModuleMap(namespace string, val reflect.Value) (map[strin // directly by most modules. However, this method is useful when // dynamically loading/unloading modules in their own context, // like from embedded scripts, etc. -func (ctx Context) LoadModuleByID(id string, rawMsg json.RawMessage) (interface{}, error) { +func (ctx Context) LoadModuleByID(id string, rawMsg json.RawMessage) (any, error) { modulesMu.RLock() mod, ok := modules[id] modulesMu.RUnlock() @@ -311,7 +311,7 @@ func (ctx Context) LoadModuleByID(id string, rawMsg json.RawMessage) (interface{ return nil, fmt.Errorf("module '%s' has no constructor", mod.ID) } - val := mod.New().(interface{}) + val := mod.New().(any) // value must be a pointer for unmarshaling into concrete type, even if // the module's concrete type is a slice or map; New() *should* return @@ -375,7 +375,7 @@ func (ctx Context) LoadModuleByID(id string, rawMsg json.RawMessage) (interface{ } // loadModuleInline loads a module from a JSON raw message which decodes to -// a map[string]interface{}, where one of the object keys is moduleNameKey +// a map[string]any, where one of the object keys is moduleNameKey // and the corresponding value is the module name (as a string) which can // be found in the given scope. In other words, the module name is declared // in-line with the module itself. @@ -385,7 +385,7 @@ func (ctx Context) LoadModuleByID(id string, rawMsg json.RawMessage) (interface{ // multiple instances in the map or it appears in an array (where there are // no custom keys). In other words, the key containing the module name is // treated special/separate from all the other keys in the object. -func (ctx Context) loadModuleInline(moduleNameKey, moduleScope string, raw json.RawMessage) (interface{}, error) { +func (ctx Context) loadModuleInline(moduleNameKey, moduleScope string, raw json.RawMessage) (any, error) { moduleName, raw, err := getModuleNameInline(moduleNameKey, raw) if err != nil { return nil, err @@ -407,7 +407,7 @@ func (ctx Context) loadModuleInline(moduleNameKey, moduleScope string, raw json. // called during the Provision/Validate phase to reference a // module's own host app (since the parent app module is still // in the process of being provisioned, it is not yet ready). -func (ctx Context) App(name string) (interface{}, error) { +func (ctx Context) App(name string) (any, error) { if app, ok := ctx.cfg.apps[name]; ok { return app, nil } diff --git a/context_test.go b/context_test.go index afa10dbd..27395612 100644 --- a/context_test.go +++ b/context_test.go @@ -71,13 +71,13 @@ func ExampleContext_LoadModule_array() { }, } - // since our input is []json.RawMessage, the output will be []interface{} + // since our input is []json.RawMessage, the output will be []any mods, err := ctx.LoadModule(myStruct, "GuestModulesRaw") if err != nil { // you'd want to actually handle the error here // return fmt.Errorf("loading guest modules: %v", err) } - for _, mod := range mods.([]interface{}) { + for _, mod := range mods.([]any) { myStruct.guestModules = append(myStruct.guestModules, mod.(io.Writer)) } @@ -104,13 +104,13 @@ func ExampleContext_LoadModule_map() { }, } - // since our input is map[string]json.RawMessage, the output will be map[string]interface{} + // since our input is map[string]json.RawMessage, the output will be map[string]any mods, err := ctx.LoadModule(myStruct, "GuestModulesRaw") if err != nil { // you'd want to actually handle the error here // return fmt.Errorf("loading guest modules: %v", err) } - for modName, mod := range mods.(map[string]interface{}) { + for modName, mod := range mods.(map[string]any) { myStruct.guestModules[modName] = mod.(io.Writer) } diff --git a/go.mod b/go.mod index 026d06df..baaff482 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/caddyserver/caddy/v2 -go 1.17 +go 1.18 require ( github.com/BurntSushi/toml v1.2.0 diff --git a/go.sum b/go.sum index 66cfffe0..2cf9165b 100644 --- a/go.sum +++ b/go.sum @@ -1,14 +1,10 @@ -bazil.org/fuse v0.0.0-20180421153158-65cc252bf669/go.mod h1:Xbm+BRKSBEpa4q4hTSxohYNQpsxXPbPry4JJWOB3LB8= -bitbucket.org/creachadair/shell v0.0.6/go.mod h1:8Qqi/cYk7vPnsOePHroKXDJYmb5x7ENhtiFtfZq8K+M= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.31.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.37.0/go.mod h1:TS1dMSSfndXH133OKGwekG838Om/cQT0BUHV3HcBgoo= cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= -cloud.google.com/go v0.39.0/go.mod h1:rVLT6fkc8chs9sfPtFc1SBH6em7n+ZoXaG+87tDISts= cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= -cloud.google.com/go v0.44.3/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= @@ -21,7 +17,6 @@ cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOY cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI= cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= -cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY= cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= @@ -29,8 +24,6 @@ cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAV cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM= cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY= cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ= -cloud.google.com/go v0.92.2/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= -cloud.google.com/go v0.92.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4= cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc= @@ -49,34 +42,20 @@ cloud.google.com/go/compute v1.3.0 h1:mPL/MzDDYHsh5tHRS9mhmhWlcgClCrCa6ApQCU6wnH cloud.google.com/go/compute v1.3.0/go.mod h1:cCZiE1NHEtai4wiufUhW8I8S1JKkAnhnQJWM7YD99wM= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= cloud.google.com/go/iam v0.1.0 h1:W2vbGCrE3Z7J/x3WXLxxGl9LMSB2uhsAA7Ss/6u/qRY= cloud.google.com/go/iam v0.1.0/go.mod h1:vcUNEa0pEm0qRVpmWepWaFMIAI8/hjB9mO8rNCJtF6c= cloud.google.com/go/kms v1.4.0 h1:iElbfoE61VeLhnZcGOltqL8HIly8Nhbe5t6JlH9GXjo= cloud.google.com/go/kms v1.4.0/go.mod h1:fajBHndQ+6ubNw6Ss2sSd+SWvjL26RNo/dr7uxsnnOA= -cloud.google.com/go/monitoring v0.1.0/go.mod h1:Hpm3XfzJv+UTiXzCG5Ffp0wijzHTC7Cv4eR7o3x/fEE= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= cloud.google.com/go/security v1.3.0/go.mod h1:pQsnLAXfMzuWVJdctBs8BV3tGd3Jr0SMYu6KK3QXYAs= -cloud.google.com/go/spanner v1.17.0/go.mod h1:+17t2ixFwRG4lWRwE+5kipDR9Ef07Jkmc8z0IbMDKUs= -cloud.google.com/go/spanner v1.18.0/go.mod h1:LvAjUXPeJRGNuGpikMULjhLj/t9cRvdc+fxRoLiugXA= -cloud.google.com/go/spanner v1.25.0/go.mod h1:kQUft3x355hzzaeFbObjsvkzZDgpDkesp3v75WBnI8w= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= -cloud.google.com/go/trace v0.1.0/go.mod h1:wxEwsoeRVPbeSkt7ZC9nWCgmoKQRAoySN7XHW2AmI7g= -code.gitea.io/sdk/gitea v0.11.3/go.mod h1:z3uwDV/b9Ls47NGukYM9XhnHtqPh/J+t40lsUrR6JDY= -contrib.go.opencensus.io/exporter/aws v0.0.0-20181029163544-2befc13012d0/go.mod h1:uu1P0UCM/6RbsMrgPa98ll8ZcHM858i/AD06a9aLRCA= -contrib.go.opencensus.io/exporter/ocagent v0.5.0/go.mod h1:ImxhfLRpxoYiSq891pBrLVhN+qmP8BTVvdH2YLs7Gl0= -contrib.go.opencensus.io/exporter/stackdriver v0.12.1/go.mod h1:iwB6wGarfphGGe/e5CWqyUk/cLzKnWsOKPVW3no6OTw= -contrib.go.opencensus.io/exporter/stackdriver v0.13.5/go.mod h1:aXENhDJ1Y4lIg4EUaVTwzvYETVNZk10Pu26tevFKLUc= -contrib.go.opencensus.io/exporter/stackdriver v0.13.8/go.mod h1:huNtlWx75MwO7qMs0KrMxPZXzNNWebav1Sq/pm02JdQ= -contrib.go.opencensus.io/integrations/ocsql v0.1.4/go.mod h1:8DsSdjz3F+APR+0z0WkU1aRorQCFfRxvqjUUPMbF3fE= -contrib.go.opencensus.io/resource v0.1.1/go.mod h1:F361eGI91LCmW1I/Saf+rX0+OFcigGlFvXwEGEnkRLA= dmitri.shuralyov.com/app/changes v0.0.0-20180602232624-0a106ad413e3/go.mod h1:Yl+fi1br7+Rr3LqpNJf1/uxUdtRUV+Tnj0o93V2B9MU= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= dmitri.shuralyov.com/html/belt v0.0.0-20180602232347-f7d459c86be0/go.mod h1:JLBrvjyP0v+ecvNYvCpyZgu5/xkfAUhi6wJj28eUfSU= @@ -87,14 +66,7 @@ filippo.io/edwards25519 v1.0.0-rc.1/go.mod h1:N1IkdkCkiLB6tki+MYJoSx2JTY9NUlxZE7 git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg= github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96 h1:cTp8I5+VIoKjsnZuH8vjyaysT/ses3EvZeaV/1UkF2M= github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96/go.mod h1:bOvUY6CB00SOBii9/FifXqc0awNKxLFCL/+pkDPuyl8= -github.com/Azure/azure-amqp-common-go/v2 v2.1.0/go.mod h1:R8rea+gJRuJR6QxTir/XuEd+YuKoUiazDC/N96FiDEU= -github.com/Azure/azure-pipeline-go v0.2.1/go.mod h1:UGSo8XybXnIGZ3epmeBw7Jdz+HiUVpqIlpz/HKHylF4= -github.com/Azure/azure-sdk-for-go v29.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/azure-sdk-for-go v30.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v58.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/azure-service-bus-go v0.9.1/go.mod h1:yzBx6/BUGfjfeqbRZny9AQIbIe3AcV9WZbAdpkoXOa0= -github.com/Azure/azure-storage-blob-go v0.8.0/go.mod h1:lPI3aLPpuLTeUwh1sViKXFxwl2B6teiRqI0deQUvsw0= -github.com/Azure/go-autorest v12.0.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest/autorest v0.11.17/go.mod h1:eipySxLmqSyC5s5k1CLupqet0PSENBEDP93LQ9a8QYw= github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A= @@ -112,39 +84,25 @@ github.com/BurntSushi/toml v1.2.0 h1:Rt8g24XnyGTyglgET/PRUNlrUeu9F5L+7FilkXfZgs0 github.com/BurntSushi/toml v1.2.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= -github.com/GoogleCloudPlatform/cloudsql-proxy v0.0.0-20191009163259-e802c2cb94ae/go.mod h1:mjwGPas4yKduTyubHvD1Atl9r1rUq8DfVy+gkVvZ+oo= github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= -github.com/Masterminds/glide v0.13.2/go.mod h1:STyF5vcenH/rUqTEv+/hBXlSTo7KYwg2oc2f4tzPWic= github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= -github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= -github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww= -github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= -github.com/Masterminds/semver/v3 v3.0.3/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= github.com/Masterminds/semver/v3 v3.1.0/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc= github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= -github.com/Masterminds/sprig v2.15.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= -github.com/Masterminds/sprig v2.22.0+incompatible h1:z4yfnGrZ7netVz+0EDJ0Wi+5VZCSYp4Z0m2dk6cEM60= -github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= github.com/Masterminds/sprig/v3 v3.1.0/go.mod h1:ONGMf7UfYGAbMXCZmQLy8x3lCDIPrEZE/rU8pmrbihA= github.com/Masterminds/sprig/v3 v3.2.2 h1:17jRggJu518dr3QaafizSXOjKYp94wKfABxUmyxvxX8= github.com/Masterminds/sprig/v3 v3.2.2/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk= -github.com/Masterminds/vcs v1.13.0/go.mod h1:N09YCmOQr6RLxC6UNHzuVwAdodYbbnycGHSmwVJjcKA= -github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA= github.com/OneOfOne/xxhash v1.2.2 h1:KMrpdQIwFcEqXDklaen+P1axHaj9BSKzvpUUfnHldSE= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= github.com/ThalesIgnite/crypto11 v1.2.4/go.mod h1:ILDKtnCKiQ7zRoNxcp36Y1ZR8LBPmR2E23+wTQe/MlE= -github.com/ThomasRooney/gexpect v0.0.0-20161231170123-5482f0350944/go.mod h1:sPML5WwI6oxLRLPuuqbtoOKhtmpVDCYtwsps+I+vjIY= github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g= github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= -github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7/go.mod h1:6zEj6s6u/ghQa61ZWa/C2Aw3RkjiTBOix7dkqa1VLIs= github.com/alecthomas/chroma v0.10.0 h1:7XDcGkCQopCNKjZHfYrNLraA+M7e0fMiJ/Mfikbfjek= github.com/alecthomas/chroma v0.10.0/go.mod h1:jtJATyUxlIORhUOFNA9NZDWGAQ8wpxQQqNSB4rjA/1s= -github.com/alecthomas/kingpin v2.2.6+incompatible/go.mod h1:59OFYbFVLKQKq+mqrL6Rw5bR0c3ACQaawgXx0QYndlE= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= @@ -155,39 +113,22 @@ github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuW github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20220418222510-f25a4f6275ed h1:ue9pVfIcP+QMEjfgo/Ez4ZjNZfonGgR6NgjMaJMu1Cg= github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20220418222510-f25a4f6275ed/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY= -github.com/aokoli/goutils v1.0.1/go.mod h1:SijmP0QR8LtwsmDs8Yii5Z/S4trXFGFC2oO5g9DP+DQ= -github.com/apache/beam v2.28.0+incompatible/go.mod h1:/8NX3Qi8vGstDLLaeaU7+lzVEu/ACaQhYjeefzQ0y1o= -github.com/apache/beam v2.32.0+incompatible/go.mod h1:/8NX3Qi8vGstDLLaeaU7+lzVEu/ACaQhYjeefzQ0y1o= github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= -github.com/apex/log v1.1.4/go.mod h1:AlpoD9aScyQfJDVHmLMEcx4oU6LqzkWp4Mg9GdAcEvQ= -github.com/apex/logs v0.0.4/go.mod h1:XzxuLZ5myVHDy9SAmYpamKKRNApGj54PfYLcFrXqDwo= -github.com/aphistic/golf v0.0.0-20180712155816-02c07f170c5a/go.mod h1:3NqKYiepwy8kCu4PNA+aP7WUV72eXWJeP9/r3/K9aLE= -github.com/aphistic/sweet v0.2.0/go.mod h1:fWDlIh/isSE9n6EPsRmC0det+whmX6dJid3stzu0Xys= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= github.com/armon/go-metrics v0.3.9/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= -github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A= github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b h1:uUXgbcPDK3KpW29o4iy7GtuappbWT0l5NaMo9H9pJDw= github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A= -github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU= -github.com/aws/aws-sdk-go v1.15.27/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0= -github.com/aws/aws-sdk-go v1.19.18/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.19.45/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.20.6/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.23.20/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.25.11/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.37.0 h1:GzFnhOIsrGyQ69s7VgqtrG2BG8v7X7vwB3Xpbd/DBBk= github.com/aws/aws-sdk-go v1.37.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= -github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59/go.mod h1:q/89r3U2H7sSsE2t6Kca0lfwTK8JdoNGS/yzM/4iH5I= -github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= @@ -195,28 +136,17 @@ github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+Ce github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= -github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84= -github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb/go.mod h1:PkYb9DJNAwrSvRx5DYA+gUcOIgTGVMNkfSCbZM8cWpI= github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps= -github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= -github.com/caarlos0/ctrlc v1.0.0/go.mod h1:CdXpj4rmq0q/1Eb44M9zi2nKB0QraNKuRGYGrrHhcQw= github.com/caddyserver/certmagic v0.16.1 h1:rdSnjcUVJojmL4M0efJ+yHXErrrijS4YYg3FuwRdJkI= github.com/caddyserver/certmagic v0.16.1/go.mod h1:jKQ5n+ViHAr6DbPwEGLTSM2vDwTO6EvCKBblBRUvvuQ= -github.com/campoy/unique v0.0.0-20180121183637-88950e537e7e/go.mod h1:9IOqJGCPMSc6E5ydlp5NIonxObaeu/Iub/X03EKPVYo= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= -github.com/cavaliercoder/go-cpio v0.0.0-20180626203310-925f9528c45e/go.mod h1:oDpT4efm8tSYHXV5tHSdRvBet/b/QzxZ+XyyPehvm3A= -github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs= github.com/cenkalti/backoff/v4 v4.1.2 h1:6Yo7N8UP2K6LWZnW94DLVSSrbobcWdVzAYOisuDPIFo= github.com/cenkalti/backoff/v4 v4.1.2/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw= -github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= -github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= @@ -246,40 +176,25 @@ github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWH github.com/cockroachdb/apd v1.1.0 h1:3LFP3629v+1aKXU5Q37mxmRxX/pIu1nijXydLShEq5I= github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= -github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo= -github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA= -github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI= github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI= -github.com/codegangsta/cli v1.20.0/go.mod h1:/qJNoX69yVSKu5o4jLyXAENLRyk1uhi7zkbQ3slBdOA= -github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= -github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= -github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20181012123002-c6f51f82210d/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= -github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= -github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= -github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= -github.com/corpix/uarand v0.1.1/go.mod h1:SFKZvkcRoLqVRFZ4u25xPmp6m9ktANfbpXZ7SJ0/FNU= -github.com/cpuguy83/go-md2man v1.0.10 h1:BSKMNlYxDvnunlTymqtgONjNnaRV1sTpcovwwjF22jk= github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.0 h1:EoUDS0afbrsXAZ9YQ9jdu/mZ2sXgT1/2yyNng4PGlyM= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/cyberdelia/go-metrics-graphite v0.0.0-20161219230853-39f87cc3b432/go.mod h1:xwIwAxMvYnVrGJPe2FKx5prTrnAjGOD8zvDOnxnrrkM= -github.com/davecgh/go-spew v0.0.0-20161028175848-04cdfd42973b/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/devigned/tab v0.1.1/go.mod h1:XG9mPq0dFghrYvoBF3xdRrJzSTX1b7IQrvaL9mzjeJY= github.com/dgraph-io/badger v1.6.2 h1:mNw0qs90GVgGGWylh0umH5iag1j6n/PeJtNvL6KY/x8= github.com/dgraph-io/badger v1.6.2/go.mod h1:JW2yswe3V058sS0kZ2h/AXeDSqFjxnZcRrVH//y2UQE= github.com/dgraph-io/badger/v2 v2.2007.4 h1:TRWBQg8UrlUhaFdco01nO2uXwzKS7zd+HVdwV/GHc4o= @@ -292,7 +207,6 @@ github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZm github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13 h1:fAjc9m62+UWV/WAFKLNi6ZS0675eEUC9y3AlwSbQu1Y= github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= -github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8= github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= github.com/dlclark/regexp2 v1.4.0 h1:F1rxgk7p4uKjwIQxBs9oAXe5CqrXlCduYEJvrF4u93E= @@ -305,7 +219,6 @@ github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5m github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M= -github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o= github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4safvEdbitLhGGK48rN6g= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= @@ -317,8 +230,6 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.m github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0= github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/envoyproxy/protoc-gen-validate v0.3.0-java/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/etcd-io/gofail v0.0.0-20190801230047-ad7f989257ca/go.mod h1:49H/RkXP8pKaZy4h0d+NW16rSLhyVBt4o6VLJbmOqDE= github.com/evanphx/json-patch/v5 v5.5.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= @@ -329,8 +240,6 @@ github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI github.com/flynn/noise v1.0.0/go.mod h1:xbMo+0i6+IGbYdJhF31t2eR1BIU0CYc12+BNAKwUTag= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= -github.com/fortytw2/leaktest v1.2.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= -github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiDsoyrBGkyDY= github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= @@ -340,15 +249,8 @@ github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMo github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.5.1 h1:mZcQUHVQUQWoPXXtuf9yuEXKudkV2sx1E06UadKWpgI= github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU= -github.com/fullstorydev/grpcurl v1.8.0/go.mod h1:Mn2jWbdMrQGJQ8UD62uNyMumT2acsZUCkZIqFxsQf1o= -github.com/fullstorydev/grpcurl v1.8.1/go.mod h1:3BWhvHZwNO7iLXaQlojdg5NA6SxUDePli4ecpK1N7gw= -github.com/fullstorydev/grpcurl v1.8.2/go.mod h1:YvWNT3xRp2KIRuvCphFodG0fKkMXwaxA9CJgKCcyzUQ= -github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI= -github.com/gin-gonic/gin v1.5.0/go.mod h1:Nd6IXA8m5kNZdNEHMBd93KT+mdY3+bewLgRvmCsR2Do= github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= -github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= github.com/go-asn1-ber/asn1-ber v1.3.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= github.com/go-chi/chi v4.0.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= github.com/go-chi/chi v4.1.2+incompatible h1:fGFk2Gmi/YKXk0OmGfBh0WgmN3XB8lVnEyNz34tQRec= @@ -357,7 +259,6 @@ github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= github.com/go-kit/kit v0.4.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= @@ -374,11 +275,7 @@ github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbV github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-piv/piv-go v1.7.0/go.mod h1:ON2WvQncm7dIkCQ7kYJs+nc3V4jHGfrrJnSF8HKy7Gk= -github.com/go-playground/locales v0.12.1/go.mod h1:IUMDtCfWo/w/mtMfIE/IG2K+Ey3ygWanZIBtBW0W2TM= -github.com/go-playground/universal-translator v0.16.0/go.mod h1:1AnU7NaIRDWWzGEKwgtJRd2xk99HeFyHw3yid4rvQIY= -github.com/go-redis/redis v6.15.9+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA= github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= -github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE= github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= @@ -388,21 +285,15 @@ github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/me github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= -github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= -github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gofrs/uuid v4.0.0+incompatible h1:1SD/1F5pU8p29ybwgQSwpQk+mwdRrXCYuPhW6m+TnJw= github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= -github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= -github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -443,13 +334,8 @@ github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= github.com/google/cel-go v0.12.4 h1:YINKfuHZ8n72tPOqSPZBwGiDpew2CJS48mdM5W8LZQU= github.com/google/cel-go v0.12.4/go.mod h1:Av7CU6r6X3YmcHR9GXqVDaEJYfEtSxl6wvIjUQTriCw= -github.com/google/certificate-transparency-go v1.0.21/go.mod h1:QeJfpSbVSfYc7RgB3gJFj9cbuQMMchQxrWXz8Ruopmg= -github.com/google/certificate-transparency-go v1.1.2-0.20210422104406-9f33727a7a18/go.mod h1:6CKh9dscIRoqc2kC6YUFICHZMT9NrClyPrRVFrdw1QQ= -github.com/google/certificate-transparency-go v1.1.2-0.20210512142713-bed466244fa6/go.mod h1:aF2dp7Dh81mY8Y/zpzyXps4fQW5zQbDu2CxfpJB6NkI= -github.com/google/certificate-transparency-go v1.1.2/go.mod h1:3OL+HKDqHPUfdKrHVQxO6T8nDLO0HF7LRTlkIWXaWvQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= @@ -465,16 +351,10 @@ github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o= github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ= -github.com/google/go-github/v28 v28.1.1/go.mod h1:bsqJWQX05omyWVmc00nEUql9mhQyv38lDZ8kPZcQVoM= -github.com/google/go-licenses v0.0.0-20210329231322-ce1d9163b77d/go.mod h1:+TYOmkVoJOpwnS0wfdsJCV9CoD5nJYsHoFk/0CrTK4M= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= -github.com/google/go-replayers/grpcreplay v0.1.0/go.mod h1:8Ig2Idjpr6gifRd6pNVggX6TC1Zw6Jx74AKp7QNH2QE= -github.com/google/go-replayers/httpreplay v0.1.0/go.mod h1:YKZViNhiGgqdBlUbI2MwGpq4pXxNmhJLPHQ7cv2b5no= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo= -github.com/google/licenseclassifier v0.0.0-20210325184830-bb04aff29e72/go.mod h1:qsqn2hxC+vURpyBRygGUuinTO42MFRLcsmQ/P8v94+M= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= -github.com/google/martian v2.1.1-0.20190517191504-25dcb96d9e51+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= @@ -487,29 +367,19 @@ github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hf github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= -github.com/google/rpmpack v0.0.0-20191226140753-aa36bfddb3a0/go.mod h1:RaTPr0KUf2K7fnZYLNDrr8rxAamWs3iNywJLtQ2AzBg= -github.com/google/subcommands v1.0.1/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk= -github.com/google/trillian v1.3.14-0.20210409160123-c5ea3abd4a41/go.mod h1:1dPv0CUjNQVFEDuAUFhZql16pw/VlPgaX8qj+g5pVzQ= -github.com/google/trillian v1.3.14-0.20210511103300-67b5f349eefa/go.mod h1:s4jO3Ai4NSvxucdvqUHON0bCqJyoya32eNw6XJwsmNc= -github.com/google/trillian v1.4.0/go.mod h1:1Bja2nEgMDlEJWWRXBUemSPG9qYw84ZYX2gHRVHlR+g= -github.com/google/uuid v0.0.0-20161128191214-064e2069ce9c/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/wire v0.3.0/go.mod h1:i1DMg/Lu8Sz5yYl25iOdmc5CT5qusaa+zmRWs16741s= github.com/googleapis/gax-go v2.0.0+incompatible h1:j0GKcs05QVmm7yesiZq2+9cxHkNK9YM6zKx4D2qucQU= github.com/googleapis/gax-go v2.0.0+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= -github.com/googleapis/gax-go v2.0.2+incompatible h1:silFMLAnr330+NRuag/VjIGF7TLp/LBrV2CJKFLWEww= -github.com/googleapis/gax-go v2.0.2+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= github.com/googleapis/gax-go/v2 v2.0.3/go.mod h1:LLvjysVCY1JZeum8Z6l8qUty8fiNwE08qbEPm1M08qg= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= @@ -518,34 +388,21 @@ github.com/googleapis/gax-go/v2 v2.1.1 h1:dp3bWCh+PPO1zjRRiCSczJav13sBvG4UhNyVTa github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0eJc8R6ouapiM= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gordonklaus/ineffassign v0.0.0-20200309095847-7953dde2c7bf/go.mod h1:cuNKsD1zp2v6XfE/orVX2QE1LC+i254ceGcVeDT3pTU= -github.com/goreleaser/goreleaser v0.134.0/go.mod h1:ZT6Y2rSYa6NxQzIsdfWWNWAlYGXGbreo66NmE+3X3WQ= -github.com/goreleaser/nfpm v1.2.1/go.mod h1:TtWrABZozuLOttX2uDlYyECfQX7x5XYkVxhjYcR6G9w= github.com/gorilla/context v0.0.0-20160226214623-1ea25387ff6f/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= github.com/gorilla/mux v1.4.0/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= -github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= -github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/groob/finalizer v0.0.0-20170707115354-4c2ed49aabda/go.mod h1:MyndkAZd5rUMdNogn35MWXBX1UiBigrU8eTj8DoAC2c= -github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= -github.com/grpc-ecosystem/go-grpc-middleware v1.2.2/go.mod h1:EaizFBKfUKtMIF5iaDEhniwNedqGo9FuLFzppDr3uwI= -github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.5.0/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw= -github.com/grpc-ecosystem/grpc-gateway v1.8.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= -github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= -github.com/grpc-ecosystem/grpc-gateway v1.9.2/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= -github.com/grpc-ecosystem/grpc-gateway v1.14.6/go.mod h1:zdiPV4Yse/1gnckTHtghG4GkDEdKCRJduHpTxT3/jcw= github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= -github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE= -github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -563,7 +420,6 @@ github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHh github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/hashicorp/go-plugin v1.4.3/go.mod h1:5fGEH17QVwTTcR0zV7yhDPLLmFX9YSZ38b18Udy6vYQ= github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= -github.com/hashicorp/go-retryablehttp v0.6.4/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= github.com/hashicorp/go-retryablehttp v0.6.6/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= @@ -596,24 +452,18 @@ github.com/hashicorp/vault/api/auth/kubernetes v0.1.0/go.mod h1:Pdgk78uIs0mgDOLv github.com/hashicorp/vault/sdk v0.3.0/go.mod h1:aZ3fNuL5VNydQk8GcLJ2TV8YCRVvyaakYkhZRoVuhj0= github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= -github.com/huandu/xstrings v1.0.0/go.mod h1:4qWG/gcEcfX4z/mBDHJ++3ReCw9ibxbsNJbcucJdbSo= -github.com/huandu/xstrings v1.2.0/go.mod h1:DvyZB1rfVYsBIigL8HwpZgxHwXozlTgGqn63UyNX5k4= github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/huandu/xstrings v1.3.2 h1:L18LIDzqlW6xN2rEkpdV8+oL/IXWJ1APd+vsdYy4Wdw= github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/icrowley/fake v0.0.0-20180203215853-4178557ae428/go.mod h1:uhpZMVGznybq1itEKXj6RYw9I71qK4kH+OGMjRC4KEo= -github.com/imdario/mergo v0.3.4/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/imdario/mergo v0.3.9/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU= github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo= -github.com/jackc/chunkreader v1.0.0 h1:4s39bBR8ByfqH+DKm8rQA3E1LHZWB9XWcrz8fqaZbe0= github.com/jackc/chunkreader v1.0.0/go.mod h1:RT6O25fNZIuasFJRyZ4R/Y2BbhasbmZXF9QQ7T3kePo= github.com/jackc/chunkreader/v2 v2.0.0/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgOHwnPIn9lDKlk= github.com/jackc/chunkreader/v2 v2.0.1 h1:i+RDz65UE+mmpjTfyz0MoVTnzeYxroil2G82ki7MGG8= @@ -634,7 +484,6 @@ github.com/jackc/pgmock v0.0.0-20210724152146-4ad1a8207f65 h1:DadwsjnMwFjfWc9y5W github.com/jackc/pgmock v0.0.0-20210724152146-4ad1a8207f65/go.mod h1:5R2h2EEX+qri8jOWMbJCtaPWkrrNc7OHwsp2TCqp7ak= github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM= github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg= -github.com/jackc/pgproto3 v1.1.0 h1:FYYE4yRw+AgI8wXIinMlNjBbp/UitDJwfj5LqqewP1A= github.com/jackc/pgproto3 v1.1.0/go.mod h1:eR5FA3leWg7p9aeAqi37XOTgTIbkABlvcPB3E5rlc78= github.com/jackc/pgproto3/v2 v2.0.0-alpha1.0.20190420180111-c116219b62db/go.mod h1:bhq50y+xrl9n5mRYyCBFKkpRVTLYJVWeCc+mEAI3yXA= github.com/jackc/pgproto3/v2 v2.0.0-alpha1.0.20190609003834-432c2951c711/go.mod h1:uH0AWtUmuShn0bcesswc4aBTWGvw0cAxIJp+6OB//Wg= @@ -662,23 +511,15 @@ github.com/jackc/puddle v0.0.0-20190413234325-e4ced69a3a2b/go.mod h1:m4B5Dj62Y0f github.com/jackc/puddle v0.0.0-20190608224051-11cab39313c9/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jackc/puddle v1.1.3/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jackc/puddle v1.2.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= -github.com/jarcoal/httpmock v1.0.5/go.mod h1:ATjnClrvW/3tijVmpL/va5Z3aAyGvqU3gCT8nX0Txik= -github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0B/fFc00Y+Rasa88328GlI/XbtyysCtTHZS8h7IrBU= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/jhump/protoreflect v1.6.0/go.mod h1:eaTn3RZAmMBcV0fifFvlm6VHNz3wSkYyXYWUh7ymB74= -github.com/jhump/protoreflect v1.6.1/go.mod h1:RZQ/lnuN+zqeRVpQigTwO6o0AJUkxbnSnpuG7toUTG4= -github.com/jhump/protoreflect v1.8.2/go.mod h1:7GcYQDdMU/O/BBrl/cX6PNHpXh6cenjd8pneu5yW7Tg= github.com/jhump/protoreflect v1.9.0/go.mod h1:7GcYQDdMU/O/BBrl/cX6PNHpXh6cenjd8pneu5yW7Tg= -github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= -github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= -github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= -github.com/jpillora/backoff v0.0.0-20180909062703-3050d21c67d7/go.mod h1:2iMrUgbbvHEiQClaW2NsSzMyGHqN+rDFqY705q49KG0= github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= @@ -690,20 +531,15 @@ github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHm github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= -github.com/juju/ratelimit v1.0.1/go.mod h1:qapgC/Gy+xNh9UxzV13HGGl/6UXNN+ct+vwSgWNm/qk= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/kardianos/service v1.2.0/go.mod h1:CIMRFEJVL+0DS1a3Nx06NaMn4Dz63Ng6O7dl0qH0zVM= -github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8= -github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= -github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.12.3/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= github.com/klauspost/compress v1.15.9 h1:wKRjX6JRtDdrE9qwa4b/Cip7ACOshUI4smpCQanqjSY= github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU= -github.com/klauspost/cpuid/v2 v2.0.11/go.mod h1:g2LTdtYhdyuGPqyWyv7qRAmj1WBqxuObKfj5c0PQa7c= github.com/klauspost/cpuid/v2 v2.1.0 h1:eyi1Ad2aNJMW95zcSbmGg7Cg6cq3ADwLpMAP96d8rF0= github.com/klauspost/cpuid/v2 v2.1.0/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -720,12 +556,8 @@ github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= -github.com/leodido/go-urn v1.1.0/go.mod h1:+cyI34gQWZcE1eQU7NVgKkkzdXDQHr1dBMtdAPozLkw= -github.com/letsencrypt/pkcs11key/v4 v4.0.0/go.mod h1:EFUvBDay26dErnNb70Nd0/VW3tJiIbETBPTl9ATXQag= github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.1.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= -github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.10.2 h1:AqzbZs4ZoCBp+GtejcpCpcxM3zlSMx29dXbUSeVtJb8= github.com/lib/pq v1.10.2/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= @@ -740,7 +572,6 @@ github.com/lxn/walk v0.0.0-20210112085537-c389da54e794/go.mod h1:E23UucZGqpuUANJ github.com/lxn/win v0.0.0-20210218163916-a377121e959e/go.mod h1:KxxjdtRkfNoYDCUP5ryK7XJJNTnpC8atvtmTheChOtk= github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= -github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/manifoldco/promptui v0.9.0 h1:3V4HzJk1TtXW1MTZMP7mdlwbBpIinw3HztaIlYthEiA= github.com/manifoldco/promptui v0.9.0/go.mod h1:ka04sppxSGFAtxX0qhlYQjISsg9mR4GWtQEhdbn6Pgg= @@ -756,34 +587,25 @@ github.com/marten-seemann/qtls-go1-19 v0.1.0-beta.1 h1:7m/WlWcSROrcK5NxuXaxYD32B github.com/marten-seemann/qtls-go1-19 v0.1.0-beta.1/go.mod h1:5HTDWtVudo/WFsHKRNuOhWlbdjrfs5JHrYb0wIJqGpI= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ= -github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-colorable v0.1.8 h1:c1ghPdyEDarC70ftn0y+A/Ee++9zz8ljHG1b13eJ0s8= github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= -github.com/mattn/go-ieproxy v0.0.0-20190610004146-91bb50d98149/go.mod h1:31jz6HNzdxOmlERGGEc4v/dMssOfmp2p5bT/okiKFFc= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.7/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= -github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ= github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84= github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-isatty v0.0.13 h1:qdl+GuBjcsKKDco5BsxPJlId98mSWNKqYA+Co0SC1yA= github.com/mattn/go-isatty v0.0.13/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= -github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= -github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= -github.com/mattn/go-shellwords v1.0.10/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y= -github.com/mattn/go-zglob v0.0.1/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo= github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d h1:5PJl274Y63IEHC+7izoQE9x6ikvDFZS2mDVS3drnohI= github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= -github.com/mholt/acmez v1.0.2/go.mod h1:8qnn8QA/Ewx8E3ZSsmscqsIjhhpxuy9vqdgbX2ceceM= github.com/mholt/acmez v1.0.3 h1:mDgRxGYk6TKlfydYNMfX0HXXJh9i73YL+swPjYCADU8= github.com/mholt/acmez v1.0.3/go.mod h1:qFGLZ4u+ehWINeJZjzPlsnjJBCPAADWTcIqE/7DAYQY= github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4= @@ -793,7 +615,6 @@ github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3N github.com/miekg/dns v1.1.43/go.mod h1:+evo5L0630/F6ca/Z9+GAqzhjGyn8/c+TBaOyfEl0V4= github.com/miekg/dns v1.1.46 h1:uzwpxRtSVxtcIZmz/4Uz6/Rn7G11DvsaslXoy5LxQio= github.com/miekg/dns v1.1.46/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME= -github.com/miekg/pkcs11 v1.0.2/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/miekg/pkcs11 v1.0.3-0.20190429190417-a667d056470f/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= @@ -814,7 +635,6 @@ github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.4.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= -github.com/mitchellh/reflectwalk v1.0.1/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -822,12 +642,8 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJ github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= -github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8= -github.com/mreiferson/go-httpclient v0.0.0-20160630210159-31f0106b4474/go.mod h1:OQA4XLvDbMgS8P0CevmM4m9Q3Jq4phKUzcocxuGJ5m8= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= -github.com/mwitkow/go-proto-validators v0.0.0-20180403085117-0950a7990007/go.mod h1:m2XC9Qq0AlmmVksL6FktJCdTYyLk7V3fKyp0sl1yWQo= -github.com/mwitkow/go-proto-validators v0.2.0/go.mod h1:ZfA1hW+UH/2ZHOWvQ3HnQaU0DtnpXu850MZiy+YUgcc= github.com/nats-io/jwt v0.3.0/go.mod h1:fRYCDE99xlTsqUzISS1Bi75UBJ6ljOJQOAAu5VglpSg= github.com/nats-io/jwt v0.3.2/go.mod h1:/euKqTS1ZD+zzjYrY7pseZrTtWQSjujC7xjPc8wL6eU= github.com/nats-io/nats-server/v2 v2.1.2/go.mod h1:Afk+wRZqkMQs/p45uXdrVLuab3gwv3Z8C4HTBu8GD/k= @@ -839,27 +655,21 @@ github.com/nbrownus/go-metrics-prometheus v0.0.0-20210712211119-974a6260965f/go. github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo= github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM= github.com/newrelic/go-agent v2.15.0+incompatible/go.mod h1:a8Fv1b/fYhFSReoTU6HDkTYIMZeSVNffmoS726Y0LzQ= -github.com/ngdinhtoan/glide-cleanup v0.2.0/go.mod h1:UQzsmiDOb8YV3nOsCxK/c9zPpCZVNoHScRE3EO9pVMM= github.com/nishanths/predeclared v0.0.0-20200524104333-86fad755b4d3/go.mod h1:nt3d53pc1VYcphSCIaYAJtnPYnr3Zyn8fMq2wvPGPso= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtbWGs= github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= -github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= -github.com/olekukonko/tablewriter v0.0.4/go.mod h1:zq6QwlOf5SlnkVbMSr5EoBv3636FWnp+qbPhuoO21uA= -github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= github.com/onsi/ginkgo v1.16.2/go.mod h1:CObGmKUOKaSC0RjmoAK7tKyn4Azo5P2IWuoMnvwxz1E= github.com/onsi/ginkgo v1.16.4 h1:29JGrr5oVBm5ulCWet69zQkzWipVXIol6ygQUe/EzNc= github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= -github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.13.0 h1:7lLHu94wT9Ij0o6EWWclhu0aOh32VxhkwEJvzuWPeak= @@ -874,16 +684,10 @@ github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTm github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw= github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= -github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw= -github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE= -github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs= -github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT91xUo= -github.com/otiai10/mint v1.3.1/go.mod h1:/yxELlJQ0ufhjUwhshSj+wFjZ78CnZ48/1wtmBH1OTc= github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= -github.com/pelletier/go-buffruneio v0.2.0/go.mod h1:JkE26KsDizTr40EUHkXVtNPvgGtbSNq5BcowyYOWdKo= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac= github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= @@ -894,21 +698,16 @@ github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA= -github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= -github.com/pquerna/otp v1.0.0/go.mod h1:Zad1CMQfSQZI5KLpahDiSUX4tMMREnXw98IvL1nhgMk= github.com/prometheus/client_golang v0.8.0/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs= -github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og= github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= -github.com/prometheus/client_golang v1.5.1/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= -github.com/prometheus/client_golang v1.10.0/go.mod h1:WJM3cc3yu7XKBKa/I8WeZm+V3eltZnBwfENSU7mdogU= github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= github.com/prometheus/client_golang v1.12.2 h1:51L9cDoUHVrXx4zWYlcLQIZ+d+VXHgqnYKkIuq4g/34= github.com/prometheus/client_golang v1.12.2/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= @@ -920,59 +719,42 @@ github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6T github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= -github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= -github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA= github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= -github.com/prometheus/common v0.18.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/common v0.32.1 h1:hWIdL3N2HoUx3B8j3YN9mWor0qhY/NlEKZEaXxuIRh4= github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= -github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0VU= github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= -github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= -github.com/pseudomuto/protoc-gen-doc v1.4.1/go.mod h1:exDTOVwqpp30eV/EDPFLZy3Pwr2sn6hBC1WIYH/UbIg= -github.com/pseudomuto/protoc-gen-doc v1.5.0/go.mod h1:exDTOVwqpp30eV/EDPFLZy3Pwr2sn6hBC1WIYH/UbIg= -github.com/pseudomuto/protokit v0.2.0/go.mod h1:2PdH30hxVHsup8KpBTOXTBeMVhJZVio3Q8ViKSAXT0Q= github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= -github.com/rogpeppe/fastuuid v1.1.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= -github.com/rs/cors v1.8.0/go.mod h1:EBwu+T5AvHOcXwvZIkQFjUN6s8Czyqw12GL/Y0tUyRM= github.com/rs/xid v1.2.1 h1:mhH9Nq+C1fY2l1XIpgxIiUOfNpRBYH1kKcr+qfKgjRc= github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ= github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU= github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThCjNc= -github.com/russross/blackfriday v1.5.2 h1:HyvC0ARfnZBqnXwABFeSZHpKvJHJJfPz81GNueLj0oo= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= -github.com/samfoo/ansi v0.0.0-20160124022901-b6bd2ded7189/go.mod h1:UUwuHEJ9zkkPDxspIHOa59PUeSkGFljESGzbxntLmIg= github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= -github.com/sassoftware/go-rpmutils v0.0.0-20190420191620-a8f1baeba37b/go.mod h1:am+Fp8Bt506lA3Rk3QCmSqmYmLMnPDhdDUcosQCAx+I= github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= -github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= -github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4= github.com/shopspring/decimal v1.2.0 h1:abSATXmQEYyShuxI4/vyW3tV1MrKAJzCZ/0zLUXYbsQ= github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= @@ -1001,11 +783,9 @@ github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeV github.com/shurcooL/users v0.0.0-20180125191416-49c67e49c537/go.mod h1:QJTqeLYEDaXHZDBsXlPCDqdhQuJkuw4NOtaxYe3xii4= github.com/shurcooL/webdavfs v0.0.0-20170829043945-18c3829fa133/go.mod h1:hKmq5kWdCj2z2KEozexVbfEZIWiTjhE0+UjmZgPqehw= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= -github.com/sirupsen/logrus v1.3.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= -github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE= github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e/go.mod h1:XV66xRDqSt+GTGFMVlhk3ULuV0y9ZmzeVGR4mloJI3M= @@ -1016,23 +796,15 @@ github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262 h1:unQFBIznI+VYD1 github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262/go.mod h1:MyOHs9Po2fbM1LHej6sBUT8ozbxmMOFG+E+rx/GSGuc= github.com/smallstep/certificates v0.21.0 h1:RdzGph8pwPZ3RJwnJ6T+HrnHJswJNhX8skoJ4Cc/lxM= github.com/smallstep/certificates v0.21.0/go.mod h1:QlIuU3l25qxeWTo19VviZq/CKhRFtJt75RoTEUh9pbY= -github.com/smallstep/certinfo v1.7.0/go.mod h1:QRjP6s+cuishA6cdB//RX357ysYGz/QxlpWGyWjnfII= github.com/smallstep/cli v0.21.0 h1:m7p1lQFfbBF7RI+Z49eaRBW3oI/5HmnwT8Pa8/xgGcE= github.com/smallstep/cli v0.21.0/go.mod h1:o8hZZAjO4901b3iWmS4fsKasuD57hmkkJJBumYnspPo= github.com/smallstep/nosql v0.4.0 h1:Go3WYwttUuvwqMtFiiU4g7kBIlY+hR0bIZAqVdakQ3M= github.com/smallstep/nosql v0.4.0/go.mod h1:yKZT5h7cdIVm6wEKM9+jN5dgK80Hljpuy8HNsnI7Gzo= github.com/smallstep/truststore v0.11.0 h1:JUTkQ4oHr40jHTS/A2t0usEhteMWG+45CDD2iJA/dIk= github.com/smallstep/truststore v0.11.0/go.mod h1:HwHKRcBi0RUxxw1LYDpTRhYC4jZUuxPpkHdVonlkoDM= -github.com/smallstep/zcrypto v0.0.0-20210924233136-66c2600f6e71/go.mod h1:+F24VU3UCxfVFvvqgm5jNUFQOm/L6ed13ImwWGFgg/g= -github.com/smallstep/zlint v0.0.0-20180727184541-d84eaafe274f/go.mod h1:GeHHT7sJDI9ti3oEaFnvx1F4N8n3ZSw2YM1+sbEoxc4= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= -github.com/smartystreets/assertions v1.0.0/go.mod h1:kHHU4qYBaI3q23Pp3VPrmWhuIUrLW/7eUrw0BU5VaoM= -github.com/smartystreets/go-aws-auth v0.0.0-20180515143844-0c1422d1fdb9/go.mod h1:SnhjPscd9TpLiy1LpzGSKh3bXCfxxXuqd9xmQJy3slM= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= -github.com/smartystreets/gunit v1.0.0/go.mod h1:qwPWnhz6pn0NnRBP++URONOVyNkPyr4SauJk4cUOwJs= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= -github.com/soheilhy/cmux v0.1.5-0.20210205191134-5ec6847320e5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= -github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8/go.mod h1:P5HUIBuIWKbyjl083/loAegFkfbFNx5i2qEP4CNbm7E= github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d/go.mod h1:UdhH50NIW0fCiwBSr0co2m7BnFLdv4fQTgdqdJTHFeE= @@ -1047,17 +819,10 @@ github.com/spf13/cast v1.4.1 h1:s0hze+J0196ZfEMTs80N7UlFt0BDuQ7Q+JDnHiMWKdA= github.com/spf13/cast v1.4.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= -github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= -github.com/spf13/cobra v1.1.1/go.mod h1:WnodtKOvamDL/PwE2M4iKs8aMDBZ5Q5klgD3qfVJQMI= -github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= -github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= -github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= -github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= -github.com/src-d/gcfg v1.4.0/go.mod h1:p/UMsR43ujA89BJY9duynAwIpvqEujIH/jFlfL7jWoI= github.com/stoewer/go-strcase v1.2.0 h1:Z2iHWqGXH00XYgqDmNgQbIBxf3wrNq0F3feEy0ainaU= github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= @@ -1066,7 +831,6 @@ github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5J github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= -github.com/stretchr/testify v0.0.0-20170130113145-4d4bfba8f1d1/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= @@ -1075,27 +839,13 @@ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1 h1:5TQK59W5E3v0r2duFAb7P95B6hEeOyEnHRa8MjYSMTY= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/tailscale/tscert v0.0.0-20220316030059-54bbcb9f74e2 h1:xwMw7LFhV9dbvot9A7NLClP9udqbjrQlIwWMH8e7uiQ= github.com/tailscale/tscert v0.0.0-20220316030059-54bbcb9f74e2/go.mod h1:hL4gB6APAasMR2NNi/JHzqKkxW3EPQlFgLEq9PMi2t0= github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cbyO7IOYJZWg1U88JhDg3PB6klq9Hg2pA= github.com/thales-e-security/pool v0.0.2/go.mod h1:qtpMm2+thHtqhLzTwgDBj/OuNnMpupY8mv0Phz0gjhU= -github.com/tj/assert v0.0.0-20171129193455-018094318fb0/go.mod h1:mZ9/Rh9oLWpLLDRpvE+3b7gP/C2YyLFYxNmcLnPTMe0= -github.com/tj/go-elastic v0.0.0-20171221160941-36157cbbebc2/go.mod h1:WjeM0Oo1eNAjXGDx2yma7uG2XoyRZTq1uv3M/o7imD0= -github.com/tj/go-kinesis v0.0.0-20171128231115-08b17f58cb1b/go.mod h1:/yhzCV0xPfx6jb1bBgRFjl5lytqVqZXEaeqWP8lTEao= -github.com/tj/go-spin v1.1.0/go.mod h1:Mg1mzmePZm4dva8Qz60H2lHwmJ2loum4VIrLgVnKwh4= github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/tmc/grpc-websocket-proxy v0.0.0-20200427203606-3cfed13b9966/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce/go.mod h1:o8v6yHRoik09Xen7gje4m9ERNah1d1PPsVq1VEx9vE4= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= -github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= -github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw= github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= -github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY= -github.com/ulikunitz/xz v0.5.6/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8= -github.com/ulikunitz/xz v0.5.7/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= @@ -1107,10 +857,6 @@ github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMI github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= -github.com/weppos/publicsuffix-go v0.4.0/go.mod h1:z3LCPQ38eedDQSwmsSRW4Y7t2L8Ln16JPQ02lHAdn5k= -github.com/xanzy/go-gitlab v0.31.0/go.mod h1:sPLojNBn68fMUWSxIJtdVVIP8uSBYqesTfDUseX11Ug= -github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4= -github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8/go.mod h1:HUYIGzjTL3rfEspMxjDjgmT5uz5wzYJKVo23qUhYTos= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -1125,42 +871,14 @@ github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5t github.com/yuin/goldmark-highlighting v0.0.0-20220208100518-594be1970594 h1:yHfZyN55+5dp1wG7wDKv8HQ044moxkyGq12KFFMFDxg= github.com/yuin/goldmark-highlighting v0.0.0-20220208100518-594be1970594/go.mod h1:U9ihbh+1ZN7fR5Se3daSPoz1CGF9IYtSvWwVQtnzGHU= github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q= -github.com/zmap/rc2 v0.0.0-20131011165748-24b9757f5521/go.mod h1:3YZ9o3WnatTIZhuOtot4IcUfzoKVjUHqu6WALIyI0nE= -github.com/zmap/rc2 v0.0.0-20190804163417-abaa70531248/go.mod h1:3YZ9o3WnatTIZhuOtot4IcUfzoKVjUHqu6WALIyI0nE= -github.com/zmap/zcertificate v0.0.0-20180516150559-0e3d58b1bac4/go.mod h1:5iU54tB79AMBcySS0R2XIyZBAVmeHranShAFELYx7is= -github.com/zmap/zcertificate v0.0.0-20190521191901-30e388164f71/go.mod h1:gIZi1KPgkZNUQzPZXsZrNnUnxy05nTc0+tmlqvIkhRw= -github.com/zmap/zcrypto v0.0.0-20190329181646-dff83107394d/go.mod h1:ix3q2kpLy0ibAuFXlr7qOhPKwFRRSjuynGuTR8EUPCk= -github.com/zmap/zlint v0.0.0-20190516161541-9047d02cf65a/go.mod h1:xwLbce0UzBXp44sIAL1cii+hoK8j4AxRKlymZA2AIcY= -go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ= go.etcd.io/bbolt v1.3.6 h1:/ecaJf0sk1l4l6V4awd65v2C3ILy7MSj+s/x1ADCIMU= go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4= go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg= -go.etcd.io/etcd/api/v3 v3.5.0-alpha.0/go.mod h1:mPcW6aZJukV6Aa81LSKpBjQXTWlXB5r74ymPoSWa3Sw= -go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= -go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= -go.etcd.io/etcd/client/v2 v2.305.0-alpha.0/go.mod h1:kdV+xzCJ3luEBSIeQyB/OEKkWKd8Zkux4sbDeANrosU= -go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ= -go.etcd.io/etcd/client/v3 v3.5.0-alpha.0/go.mod h1:wKt7jgDgf/OfKiYmCq5WFGxOFAkVMLxiiXgLDFhECr8= -go.etcd.io/etcd/client/v3 v3.5.0/go.mod h1:AIKXXVX/DQXtfTEqBryiLTUXwON+GuvO6Z7lLS/oTh0= -go.etcd.io/etcd/etcdctl/v3 v3.5.0-alpha.0/go.mod h1:YPwSaBciV5G6Gpt435AasAG3ROetZsKNUzibRa/++oo= -go.etcd.io/etcd/etcdctl/v3 v3.5.0/go.mod h1:vGTfKdsh87RI7kA2JHFBEGxjQEYx+pi299wqEOdi34M= -go.etcd.io/etcd/etcdutl/v3 v3.5.0/go.mod h1:o98rKMCibbFAG8QS9KmvlYDGDShmmIbmRE8vSofzYNg= -go.etcd.io/etcd/pkg/v3 v3.5.0-alpha.0/go.mod h1:tV31atvwzcybuqejDoY3oaNRTtlD2l/Ot78Pc9w7DMY= -go.etcd.io/etcd/pkg/v3 v3.5.0/go.mod h1:UzJGatBQ1lXChBkQF0AuAtkRQMYnHubxAEYIrC3MSsE= -go.etcd.io/etcd/raft/v3 v3.5.0-alpha.0/go.mod h1:FAwse6Zlm5v4tEWZaTjmNhe17Int4Oxbu7+2r0DiD3w= -go.etcd.io/etcd/raft/v3 v3.5.0/go.mod h1:UFOHSIvO/nKwd4lhkwabrTD3cqW5yVyYYf/KlD00Szc= -go.etcd.io/etcd/server/v3 v3.5.0-alpha.0/go.mod h1:tsKetYpt980ZTpzl/gb+UOJj9RkIyCb1u4wjzMg90BQ= -go.etcd.io/etcd/server/v3 v3.5.0/go.mod h1:3Ah5ruV+M+7RZr0+Y/5mNLwC+eQlni+mQmOVdCRJoS4= -go.etcd.io/etcd/tests/v3 v3.5.0-alpha.0/go.mod h1:HnrHxjyCuZ8YDt8PYVyQQ5d1ZQfzJVEtQWllr5Vp/30= -go.etcd.io/etcd/tests/v3 v3.5.0/go.mod h1:f+mtZ1bE1YPvgKdOJV2BKy4JQW0nAFnQehgOE7+WyJE= -go.etcd.io/etcd/v3 v3.5.0-alpha.0/go.mod h1:JZ79d3LV6NUfPjUxXrpiFAYcjhT+06qqw+i28snx8To= -go.etcd.io/etcd/v3 v3.5.0/go.mod h1:FldM0/VzcxYWLvWx1sdA7ghKw7C3L2DvUTzGrcEtsC4= go.mozilla.org/pkcs7 v0.0.0-20210730143726-725912489c62/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk= go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 h1:CCriYyAfq1Br1aIYettdHZTy8mBTIPo7We18TuO/bak= go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk= -go.opencensus.io v0.15.0/go.mod h1:UffZAU+4sDEINUGP/B7UfBBkq4fqLu9zXAX7ke6CHW0= go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= @@ -1170,19 +888,12 @@ go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= -go.opencensus.io v0.22.6/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.23.0 h1:gqCw0LfLxScz8irSi8exQc7fyQ0fKQU/qnC/X8+V/1M= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= -go.opentelemetry.io/contrib v0.20.0 h1:ubFQUn0VCZ0gPwIoJfBJVpeBlyRMxu8Mm/huKWYd9p0= -go.opentelemetry.io/contrib v0.20.0/go.mod h1:G/EtFaa6qaN7+LxqfIAT3GiZa7Wv5DTBUzl5H4LY0Kc= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.20.0/go.mod h1:oVGt1LRbBOBq1A5BQLlUg9UaU/54aiHw8cgjV3aWZ/E= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.29.0 h1:SLme4Porm+UwX0DdHMxlwRt7FzPSE0sys81bet2o0pU= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.29.0/go.mod h1:tLYsuf2v8fZreBVwp9gVMhefZlLFZaUiNVSq8QxXRII= -go.opentelemetry.io/otel v0.20.0/go.mod h1:Y3ugLH2oa81t5QO+Lty+zXf8zC9L26ax4Nzoxm/dooo= go.opentelemetry.io/otel v1.4.0 h1:7ESuKPq6zpjRaY5nvVDGiuwK7VAJ8MwkKnmNJ9whNZ4= go.opentelemetry.io/otel v1.4.0/go.mod h1:jeAqMFKy2uLIxCtKxoFj0FAL5zAPKQagc3+GtBWakzk= -go.opentelemetry.io/otel/exporters/otlp v0.20.0 h1:PTNgq9MRmQqqJY0REVbZFvwkYOA85vbdQU/nVfxDyqg= -go.opentelemetry.io/otel/exporters/otlp v0.20.0/go.mod h1:YIieizyaN77rtLJra0buKiNBOm9XQfkPEKBeuhoMwAM= go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.4.0 h1:j7AwzDdAQBJjcqayAaYbvpYeZzII7cEe5qJTu+De6UY= go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.4.0/go.mod h1:VpP4/RMn8bv8gNo9uK7/IMY4mtWLELsS+JIP0inH0h4= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.4.0 h1:lRpP10E8oTGVmY1nVXcwelCT1Z8ca41/l5ce7AqLAss= @@ -1191,16 +902,10 @@ go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.4.0 h1:buSx4A go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.4.0/go.mod h1:ew1NcwkHo0QFT3uTm3m2IVZMkZdVIpbOYNPasgWwpdk= go.opentelemetry.io/otel/internal/metric v0.27.0 h1:9dAVGAfFiiEq5NVB9FUJ5et+btbDQAUIJehJ+ikyryk= go.opentelemetry.io/otel/internal/metric v0.27.0/go.mod h1:n1CVxRqKqYZtqyTh9U/onvKapPGv7y/rpyOTI+LFNzw= -go.opentelemetry.io/otel/metric v0.20.0/go.mod h1:598I5tYlH1vzBjn+BTuhzTCSb/9debfNp6R3s7Pr1eU= go.opentelemetry.io/otel/metric v0.27.0 h1:HhJPsGhJoKRSegPQILFbODU56NS/L1UE4fS1sC5kIwQ= go.opentelemetry.io/otel/metric v0.27.0/go.mod h1:raXDJ7uP2/Jc0nVZWQjJtzoyssOYWu/+pjZqRzfvZ7g= -go.opentelemetry.io/otel/oteltest v0.20.0/go.mod h1:L7bgKf9ZB7qCwT9Up7i9/pn0PWIa9FqQ2IQ8LoxiGnw= -go.opentelemetry.io/otel/sdk v0.20.0/go.mod h1:g/IcepuwNsoiX5Byy2nNV0ySUF1em498m7hBWC279Yc= go.opentelemetry.io/otel/sdk v1.4.0 h1:LJE4SW3jd4lQTESnlpQZcBhQ3oci0U2MLR5uhicfTHQ= go.opentelemetry.io/otel/sdk v1.4.0/go.mod h1:71GJPNJh4Qju6zJuYl1CrYtXbrgfau/M9UAggqiy1UE= -go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi+bJK+Dr8NQCh0qGhm1KDnNlE= -go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE= -go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw= go.opentelemetry.io/otel/trace v1.4.0 h1:4OOUrPZdVFQkbzl/JSdvGCWIdw5ONXXxzHlaLlWppmo= go.opentelemetry.io/otel/trace v1.4.0/go.mod h1:uc3eRsqDfWs9R7b92xbQbU42/eTNz4N+gLP8qJCi4aE= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= @@ -1221,7 +926,6 @@ go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE= go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= go.uber.org/goleak v1.1.12 h1:gZAh5/EyT/HQwlpkCy6wTpqfH9H8Lz8zbm3dZh+OyzA= go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= @@ -1234,31 +938,22 @@ go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9E go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= -go.uber.org/zap v1.15.0/go.mod h1:Mb2vm2krFEG5DV0W9qcHBYFtp/Wku1cvYaqPsS/WYfc= -go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ= -go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= go.uber.org/zap v1.21.0 h1:WefMeulhovoZ2sYXz7st6K0sLj7bBhpiFaud4r4zST8= go.uber.org/zap v1.21.0/go.mod h1:wjWOCqI0f2ZZrJF/UufIOkiC8ii6tm1iqIsLo76RfJw= go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE= -gocloud.dev v0.19.0/go.mod h1:SmKwiR8YwIMMJvQBKLsC3fHNyMwXLw3PMDO+VVteJMI= golang.org/x/build v0.0.0-20190111050920-041ab4dc3f9d/go.mod h1:OWs+y06UdEOHN4y+MfF/py+xQ/tYqIWW03b70/CG9Rw= -golang.org/x/crypto v0.0.0-20180501155221-613d6eafa307/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190411191339-88737f569e3a/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE= -golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20191002192127-34f69633bfdc/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200221231518-2aa609cf4a9d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -1272,7 +967,6 @@ golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211202192323-5770296d904e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220210151621-f4118a5b28e2/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29 h1:tkVvjkPTB7pnW3jnid7kNyAMPVWllTNOf/qKDze4p9o= golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -1285,7 +979,6 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20200331195152-e8c3332aa8e5/go.mod h1:4M0jN8W1tt0AVLNr8HDosyJCDCDuyL9N9+3m7wDWgKw= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -1321,30 +1014,23 @@ golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73r golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181029044818-c44066c5c816/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181106065722-10aee1819953/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181108082009-03003ca0c849/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190301231341-16b79f2e4e95/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190313220215-9f648a60d977/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190619014844-b5b0513f8c1b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191002035440-2ec189313ef0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191119073136-fc4aabc6c914/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -1352,7 +1038,6 @@ golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200421231249-e086a090c8fd/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= @@ -1364,9 +1049,7 @@ golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81R golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= @@ -1386,22 +1069,17 @@ golang.org/x/net v0.0.0-20220630215102-69896b714898 h1:K7wO6V1IrczY9QOQ2WkVpw4JQ golang.org/x/net v0.0.0-20220630215102-69896b714898/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20181106182150-f42d05182288/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210126194326-f9ce19ea3013/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210413134643-5e61552d6c78/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210427180440-81ed05c6b58c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= @@ -1413,7 +1091,6 @@ golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190412183630-56d357773e84/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1434,7 +1111,6 @@ golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190221075227-b4e8571b14e0/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190316082340-a2f829d7f35f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1445,7 +1121,6 @@ golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190620070143-6f217b454f45/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190626221950-04f50cda93cb/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1456,7 +1131,6 @@ golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191119060738-e882bf8e40c2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191220142924-d4481acd189f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1472,7 +1146,6 @@ golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1484,7 +1157,6 @@ golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201009025420-dfb3f7c4e634/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201015000850-e3ed0017c211/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201018230417-eeed37f84f13/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1496,15 +1168,11 @@ golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210309074719-68d13333faf2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210412220455-f1c623a9e750/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210503080704-8803ae5d1324/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -1550,20 +1218,17 @@ golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxb golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181030000716-a0a13e073c7b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190422233926-fe54fb35175b/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190425163242-31fd60d6bfdc/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= @@ -1571,19 +1236,14 @@ golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBn golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190729092621-ff9f1409240a/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI= golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190823170909-c4a336ef6a2f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191010075000-0337d82405ff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191118222007-07fc4c7f2b98/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= @@ -1601,7 +1261,6 @@ golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapK golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= -golang.org/x/tools v0.0.0-20200426102838-f3a5411a4c3b/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= @@ -1613,14 +1272,12 @@ golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= -golang.org/x/tools v0.0.0-20201014170642-d1624618ad65/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU= golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= @@ -1644,12 +1301,9 @@ google.golang.org/api v0.0.0-20181030000543-1d582fd0359e/go.mod h1:4mhQ8q/RsB7i+ google.golang.org/api v0.1.0/go.mod h1:UGEZY7KEX120AnNLIHFMKIo4obdJhkp2tPbaPlQx13Y= google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= -google.golang.org/api v0.5.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= -google.golang.org/api v0.6.0/go.mod h1:btoxGiFvQNVUZQ8W08zLtrVS08CNpINPEfxXxgJL1Q4= google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.10.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= @@ -1664,12 +1318,9 @@ google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSr google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE= -google.golang.org/api v0.37.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= -google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.46.0/go.mod h1:ceL4oozhkAiTID8XMmJBsIxID/9wMXJVVFXPg4ylg3I= google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo= google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4= google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw= @@ -1689,7 +1340,6 @@ google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= -google.golang.org/appengine v1.6.2/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= @@ -1698,16 +1348,13 @@ google.golang.org/genproto v0.0.0-20170818010345-ee236bd376b0/go.mod h1:JiN7NxoA google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20180831171423-11092d34479b/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20181029155118-b69ba1387ce2/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20181107211654-5fc9ac540362/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20181202183823-bd91e49a0898/go.mod h1:7Ep/1NZk928CDR8SjdVbjWNpdIf6nzjE3BTgJDr2Atg= google.golang.org/genproto v0.0.0-20190306203927-b5d61aea6440/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190508193815-b515fa19cec8/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190530194941-fb225487d101/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= -google.golang.org/genproto v0.0.0-20190620144150-6af8c5fc6601/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= @@ -1724,7 +1371,6 @@ google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfG google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= @@ -1739,17 +1385,11 @@ google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210126160654-44e461bb6506/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210331142528-b7513248f0ba/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= -google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20210427215850-f767ed18ee4d/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20210429181445-86c259c2b4ab/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= @@ -1798,7 +1438,6 @@ google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3Iji google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.32.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= @@ -1842,24 +1481,17 @@ gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= -gopkg.in/cheggaaa/pb.v1 v1.0.28/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o= -gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE= -gopkg.in/go-playground/validator.v9 v9.29.1/go.mod h1:+c9/zcJMFNgbLvly1L1V+PpxWdVbfP1avr/N00E2vyQ= gopkg.in/inconshreveable/log15.v2 v2.0.0-20180818164646-67afb5ed74ec/go.mod h1:aPpfJ7XW+gOuirDoZ8gHhLh3kZ1B08FtV2bbmy7Jv3s= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= -gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/natefinch/lumberjack.v2 v2.0.0 h1:1Lc07Kr7qY4U2YPouBjpCLxpiyxIVoxqXgkXLknAOE8= gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI= gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= -gopkg.in/src-d/go-billy.v4 v4.3.2/go.mod h1:nDjArDMp+XMs1aFAESLRjfGSgfvoYN0hDfzEk0GjC98= -gopkg.in/src-d/go-git-fixtures.v3 v3.5.0/go.mod h1:dLBcvytrw/TYZsNTWCnkNF2DSIlzWYqTe3rJR56Ac7g= -gopkg.in/src-d/go-git.v4 v4.13.1/go.mod h1:nx5NYcxdKxq5fpltdHnPa2Exj4Sx0EclMWZQbYDu2z8= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= @@ -1892,13 +1524,10 @@ honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9 howett.net/plist v0.0.0-20181124034731-591f970eefbb/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0= howett.net/plist v1.0.0 h1:7CrbWYbPPO/PyNy38b2EB/+gYbjCe2DXBxgtOOZbSQM= howett.net/plist v1.0.0/go.mod h1:lqaXoTrLY4hg8tnEzNru53gicrbv7rrk+2xJA/7hw9g= -pack.ag/amqp v0.11.2/go.mod h1:4/cbmt4EJXSKlG6LCfWHoqmN0uFdy5i/+YFz+fTfhV4= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= -sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= -software.sslmate.com/src/go-pkcs12 v0.2.0/go.mod h1:23rNcYsMabIc1otwLpTkCCPwUq6kQsTyowttG/as0kQ= sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU= sourcegraph.com/sourcegraph/go-diff v0.5.0/go.mod h1:kuch7UrkMzY0X+p9CRK03kfuPQ2zzQcaEFbx8wA8rck= sourcegraph.com/sqs/pbtypes v0.0.0-20180604144634-d3ebe8f20ae4/go.mod h1:ketZ/q3QxT9HOBeFhu6RdvsftgpsbFHBF5Cas6cDKZ0= diff --git a/modules.go b/modules.go index 0f4a563b..a57bc65e 100644 --- a/modules.go +++ b/modules.go @@ -44,7 +44,7 @@ import ( // Provisioner, the Provision() method is called. 4) If the // module is a Validator, the Validate() method is called. // 5) The module will probably be type-asserted from -// interface{} to some other, more useful interface expected +// 'any' to some other, more useful interface expected // by the host module. For example, HTTP handler modules are // type-asserted as caddyhttp.MiddlewareHandler values. // 6) When a module's containing Context is canceled, if it is @@ -172,7 +172,7 @@ func GetModule(name string) (ModuleInfo, error) { // GetModuleName returns a module's name (the last label of its ID) // from an instance of its value. If the value is not a module, an // empty string will be returned. -func GetModuleName(instance interface{}) string { +func GetModuleName(instance any) string { var name string if mod, ok := instance.(Module); ok { name = mod.CaddyModule().ID.Name() @@ -182,7 +182,7 @@ func GetModuleName(instance interface{}) string { // GetModuleID returns a module's ID from an instance of its value. // If the value is not a module, an empty string will be returned. -func GetModuleID(instance interface{}) string { +func GetModuleID(instance any) string { var id string if mod, ok := instance.(Module); ok { id = string(mod.CaddyModule().ID) @@ -259,7 +259,7 @@ func Modules() []string { // where raw must be a JSON encoding of a map. It returns that value, // along with the result of removing that key from raw. func getModuleNameInline(moduleNameKey string, raw json.RawMessage) (string, json.RawMessage, error) { - var tmp map[string]interface{} + var tmp map[string]any err := json.Unmarshal(raw, &tmp) if err != nil { return "", nil, err @@ -337,7 +337,7 @@ func ParseStructTag(tag string) (map[string]string, error) { // if any of the fields are unrecognized. Useful when decoding // module configurations, where you want to be more sure they're // correct. -func strictUnmarshalJSON(data []byte, v interface{}) error { +func strictUnmarshalJSON(data []byte, v any) error { dec := json.NewDecoder(bytes.NewReader(data)) dec.DisallowUnknownFields() return dec.Decode(v) diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go index 82e052c9..24069eb8 100644 --- a/modules/caddyhttp/app.go +++ b/modules/caddyhttp/app.go @@ -202,7 +202,7 @@ func (app *App) Provision(ctx caddy.Context) error { return fmt.Errorf("loading listener wrapper modules: %v", err) } var hasTLSPlaceholder bool - for i, val := range vals.([]interface{}) { + for i, val := range vals.([]any) { if _, ok := val.(*tlsPlaceholderWrapper); ok { if i == 0 { // putting the tls placeholder wrapper first is nonsensical because diff --git a/modules/caddyhttp/caddyauth/caddyauth.go b/modules/caddyhttp/caddyauth/caddyauth.go index 28b2e1b3..ae30a086 100644 --- a/modules/caddyhttp/caddyauth/caddyauth.go +++ b/modules/caddyhttp/caddyauth/caddyauth.go @@ -62,7 +62,7 @@ func (a *Authentication) Provision(ctx caddy.Context) error { if err != nil { return fmt.Errorf("loading authentication providers: %v", err) } - for modName, modIface := range mods.(map[string]interface{}) { + for modName, modIface := range mods.(map[string]any) { a.Providers[modName] = modIface.(Authenticator) } return nil diff --git a/modules/caddyhttp/celmatcher.go b/modules/caddyhttp/celmatcher.go index 81fea707..e7067c32 100644 --- a/modules/caddyhttp/celmatcher.go +++ b/modules/caddyhttp/celmatcher.go @@ -218,7 +218,7 @@ var httpRequestCELType = types.NewTypeValue("http.Request", traits.ReceiverType) // drops allocation costs for CEL expression evaluations by roughly half. type celHTTPRequest struct{ *http.Request } -func (cr celHTTPRequest) ResolveName(name string) (interface{}, bool) { +func (cr celHTTPRequest) ResolveName(name string) (any, bool) { if name == "request" { return cr, true } @@ -229,7 +229,7 @@ func (cr celHTTPRequest) Parent() interpreter.Activation { return nil } -func (cr celHTTPRequest) ConvertToNative(typeDesc reflect.Type) (interface{}, error) { +func (cr celHTTPRequest) ConvertToNative(typeDesc reflect.Type) (any, error) { return cr.Request, nil } func (celHTTPRequest) ConvertToType(typeVal ref.Type) ref.Val { @@ -241,8 +241,8 @@ func (cr celHTTPRequest) Equal(other ref.Val) ref.Val { } return types.ValOrErr(other, "%v is not comparable type", other) } -func (celHTTPRequest) Type() ref.Type { return httpRequestCELType } -func (cr celHTTPRequest) Value() interface{} { return cr } +func (celHTTPRequest) Type() ref.Type { return httpRequestCELType } +func (cr celHTTPRequest) Value() any { return cr } var pkixNameCELType = types.NewTypeValue("pkix.Name", traits.ReceiverType) @@ -250,7 +250,7 @@ var pkixNameCELType = types.NewTypeValue("pkix.Name", traits.ReceiverType) // methods to satisfy the ref.Val interface. type celPkixName struct{ *pkix.Name } -func (pn celPkixName) ConvertToNative(typeDesc reflect.Type) (interface{}, error) { +func (pn celPkixName) ConvertToNative(typeDesc reflect.Type) (any, error) { return pn.Name, nil } func (celPkixName) ConvertToType(typeVal ref.Type) ref.Val { @@ -262,13 +262,13 @@ func (pn celPkixName) Equal(other ref.Val) ref.Val { } return types.ValOrErr(other, "%v is not comparable type", other) } -func (celPkixName) Type() ref.Type { return pkixNameCELType } -func (pn celPkixName) Value() interface{} { return pn } +func (celPkixName) Type() ref.Type { return pkixNameCELType } +func (pn celPkixName) Value() any { return pn } // celTypeAdapter can adapt our custom types to a CEL value. type celTypeAdapter struct{} -func (celTypeAdapter) NativeToValue(value interface{}) ref.Val { +func (celTypeAdapter) NativeToValue(value any) ref.Val { switch v := value.(type) { case celHTTPRequest: return v @@ -545,17 +545,17 @@ func celMatcherJSONMacroExpander(funcName string) parser.MacroExpander { // CELValueToMapStrList converts a CEL value to a map[string][]string // // Earlier validation stages should guarantee that the value has this type -// at compile time, and that the runtime value type is map[string]interface{}. +// at compile time, and that the runtime value type is map[string]any. // The reason for the slight difference in value type is that CEL allows for // map literals containing heterogeneous values, in this case string and list // of string. func CELValueToMapStrList(data ref.Val) (map[string][]string, error) { - mapStrType := reflect.TypeOf(map[string]interface{}{}) + mapStrType := reflect.TypeOf(map[string]any{}) mapStrRaw, err := data.ConvertToNative(mapStrType) if err != nil { return nil, err } - mapStrIface := mapStrRaw.(map[string]interface{}) + mapStrIface := mapStrRaw.(map[string]any) mapStrListStr := make(map[string][]string, len(mapStrIface)) for k, v := range mapStrIface { switch val := v.(type) { diff --git a/modules/caddyhttp/encode/encode.go b/modules/caddyhttp/encode/encode.go index 8b492050..aae72806 100644 --- a/modules/caddyhttp/encode/encode.go +++ b/modules/caddyhttp/encode/encode.go @@ -71,7 +71,7 @@ func (enc *Encode) Provision(ctx caddy.Context) error { if err != nil { return fmt.Errorf("loading encoder modules: %v", err) } - for modName, modIface := range mods.(map[string]interface{}) { + for modName, modIface := range mods.(map[string]any) { err = enc.addEncoding(modIface.(Encoding)) if err != nil { return fmt.Errorf("adding encoding %s: %v", modName, err) @@ -142,7 +142,7 @@ func (enc *Encode) addEncoding(e Encoding) error { enc.writerPools = make(map[string]*sync.Pool) } enc.writerPools[ae] = &sync.Pool{ - New: func() interface{} { + New: func() any { return e.NewEncoder() }, } @@ -418,7 +418,7 @@ type Precompressed interface { } var bufPool = sync.Pool{ - New: func() interface{} { + New: func() any { return new(bytes.Buffer) }, } diff --git a/modules/caddyhttp/fileserver/browse.go b/modules/caddyhttp/fileserver/browse.go index bdddc23b..da978425 100644 --- a/modules/caddyhttp/fileserver/browse.go +++ b/modules/caddyhttp/fileserver/browse.go @@ -231,7 +231,7 @@ type templateContext struct { // bufPool is used to increase the efficiency of file listings. var bufPool = sync.Pool{ - New: func() interface{} { + New: func() any { return new(bytes.Buffer) }, } diff --git a/modules/caddyhttp/fileserver/staticfiles.go b/modules/caddyhttp/fileserver/staticfiles.go index 6bdb5afe..93d529de 100644 --- a/modules/caddyhttp/fileserver/staticfiles.go +++ b/modules/caddyhttp/fileserver/staticfiles.go @@ -205,7 +205,7 @@ func (fsrv *FileServer) Provision(ctx caddy.Context) error { if err != nil { return fmt.Errorf("loading encoder modules: %v", err) } - for modName, modIface := range mods.(map[string]interface{}) { + for modName, modIface := range mods.(map[string]any) { p, ok := modIface.(encode.Precompressed) if !ok { return fmt.Errorf("module %s is not precompressor", modName) diff --git a/modules/caddyhttp/map/caddyfile.go b/modules/caddyhttp/map/caddyfile.go index f1ee4680..f38aff78 100644 --- a/modules/caddyhttp/map/caddyfile.go +++ b/modules/caddyhttp/map/caddyfile.go @@ -78,7 +78,7 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) // every other line maps one input to one or more outputs in := h.Val() - var outs []interface{} + var outs []any for h.NextArg() { val := h.ScalarVal() if val == "-" { diff --git a/modules/caddyhttp/map/map.go b/modules/caddyhttp/map/map.go index 0a27aab8..bbc1249d 100644 --- a/modules/caddyhttp/map/map.go +++ b/modules/caddyhttp/map/map.go @@ -119,7 +119,7 @@ func (h Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhtt repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) // defer work until a variable is actually evaluated by using replacer's Map callback - repl.Map(func(key string) (interface{}, bool) { + repl.Map(func(key string) (any, bool) { // return early if the variable is not even a configured destination destIdx := h.destinationIndex(key) if destIdx < 0 { @@ -187,7 +187,7 @@ type Mapping struct { // Upon a match with the input, each output is positionally correlated // with each destination of the parent handler. An output that is null // (nil) will be treated as if it was not mapped at all. - Outputs []interface{} `json:"outputs,omitempty"` + Outputs []any `json:"outputs,omitempty"` re *regexp.Regexp } diff --git a/modules/caddyhttp/map/map_test.go b/modules/caddyhttp/map/map_test.go index 26d6e85e..fe233bf2 100644 --- a/modules/caddyhttp/map/map_test.go +++ b/modules/caddyhttp/map/map_test.go @@ -15,7 +15,7 @@ func TestHandler(t *testing.T) { for i, tc := range []struct { handler Handler reqURI string - expect map[string]interface{} + expect map[string]any }{ { reqURI: "/foo", @@ -25,11 +25,11 @@ func TestHandler(t *testing.T) { Mappings: []Mapping{ { Input: "/foo", - Outputs: []interface{}{"FOO"}, + Outputs: []any{"FOO"}, }, }, }, - expect: map[string]interface{}{ + expect: map[string]any{ "output": "FOO", }, }, @@ -41,11 +41,11 @@ func TestHandler(t *testing.T) { Mappings: []Mapping{ { InputRegexp: "(/abc)", - Outputs: []interface{}{"ABC"}, + Outputs: []any{"ABC"}, }, }, }, - expect: map[string]interface{}{ + expect: map[string]any{ "output": "ABC", }, }, @@ -57,11 +57,11 @@ func TestHandler(t *testing.T) { Mappings: []Mapping{ { InputRegexp: "(xyz)", - Outputs: []interface{}{"...${1}..."}, + Outputs: []any{"...${1}..."}, }, }, }, - expect: map[string]interface{}{ + expect: map[string]any{ "output": "...xyz...", }, }, @@ -74,11 +74,11 @@ func TestHandler(t *testing.T) { Mappings: []Mapping{ { InputRegexp: "(?i)(\\^|`|<|>|%|\\\\|\\{|\\}|\\|)", - Outputs: []interface{}{"3"}, + Outputs: []any{"3"}, }, }, }, - expect: map[string]interface{}{ + expect: map[string]any{ "output": "3", }, }, @@ -90,11 +90,11 @@ func TestHandler(t *testing.T) { Mappings: []Mapping{ { Input: "/foo", - Outputs: []interface{}{"{testvar}"}, + Outputs: []any{"{testvar}"}, }, }, }, - expect: map[string]interface{}{ + expect: map[string]any{ "output": "testing", }, }, diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index 82972e51..2eedaca2 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -1032,7 +1032,7 @@ func (m *MatchNot) Provision(ctx caddy.Context) error { if err != nil { return fmt.Errorf("loading matcher sets: %v", err) } - for _, modMap := range matcherSets.([]map[string]interface{}) { + for _, modMap := range matcherSets.([]map[string]any) { var ms MatcherSet for _, modIface := range modMap { ms = append(ms, modIface.(RequestMatcher)) diff --git a/modules/caddyhttp/matchers_test.go b/modules/caddyhttp/matchers_test.go index f394921a..bd4606bc 100644 --- a/modules/caddyhttp/matchers_test.go +++ b/modules/caddyhttp/matchers_test.go @@ -807,7 +807,7 @@ func TestVarREMatcher(t *testing.T) { req := &http.Request{URL: new(url.URL), Method: http.MethodGet} repl := caddy.NewReplacer() ctx := context.WithValue(req.Context(), caddy.ReplacerCtxKey, repl) - ctx = context.WithValue(ctx, VarsCtxKey, make(map[string]interface{})) + ctx = context.WithValue(ctx, VarsCtxKey, make(map[string]any)) req = req.WithContext(ctx) addHTTPVarsToReplacer(repl, req, httptest.NewRecorder()) diff --git a/modules/caddyhttp/replacer.go b/modules/caddyhttp/replacer.go index 2fa65171..bde58b79 100644 --- a/modules/caddyhttp/replacer.go +++ b/modules/caddyhttp/replacer.go @@ -57,7 +57,7 @@ func addHTTPVarsToReplacer(repl *caddy.Replacer, req *http.Request, w http.Respo SetVar(req.Context(), "start_time", time.Now()) SetVar(req.Context(), "uuid", new(requestID)) - httpVars := func(key string) (interface{}, bool) { + httpVars := func(key string) (any, bool) { if req != nil { // query string parameters if strings.HasPrefix(key, reqURIQueryReplPrefix) { @@ -233,7 +233,7 @@ func addHTTPVarsToReplacer(repl *caddy.Replacer, req *http.Request, w http.Respo // middleware variables if strings.HasPrefix(key, varsReplPrefix) { varName := key[len(varsReplPrefix):] - tbl := req.Context().Value(VarsCtxKey).(map[string]interface{}) + tbl := req.Context().Value(VarsCtxKey).(map[string]any) raw := tbl[varName] // variables can be dynamic, so always return true // even when it may not be set; treat as empty then @@ -258,7 +258,7 @@ func addHTTPVarsToReplacer(repl *caddy.Replacer, req *http.Request, w http.Respo repl.Map(httpVars) } -func getReqTLSReplacement(req *http.Request, key string) (interface{}, bool) { +func getReqTLSReplacement(req *http.Request, key string) (any, bool) { if req == nil || req.TLS == nil { return nil, false } @@ -279,7 +279,7 @@ func getReqTLSReplacement(req *http.Request, key string) (interface{}, bool) { if strings.HasPrefix(field, "client.san.") { field = field[len("client.san."):] var fieldName string - var fieldValue interface{} + var fieldValue any switch { case strings.HasPrefix(field, "dns_names"): fieldName = "dns_names" @@ -383,7 +383,7 @@ func getReqTLSReplacement(req *http.Request, key string) (interface{}, bool) { } // marshalPublicKey returns the byte encoding of pubKey. -func marshalPublicKey(pubKey interface{}) ([]byte, error) { +func marshalPublicKey(pubKey any) ([]byte, error) { switch key := pubKey.(type) { case *rsa.PublicKey: return asn1.Marshal(key) diff --git a/modules/caddyhttp/reverseproxy/admin.go b/modules/caddyhttp/reverseproxy/admin.go index 771fa10c..f64d1ecf 100644 --- a/modules/caddyhttp/reverseproxy/admin.go +++ b/modules/caddyhttp/reverseproxy/admin.go @@ -76,7 +76,7 @@ func (adminUpstreams) handleUpstreams(w http.ResponseWriter, r *http.Request) er // Iterate over the upstream pool (needs to be fast) var rangeErr error - hosts.Range(func(key, val interface{}) bool { + hosts.Range(func(key, val any) bool { address, ok := key.(string) if !ok { rangeErr = caddy.APIError{ diff --git a/modules/caddyhttp/reverseproxy/healthchecks.go b/modules/caddyhttp/reverseproxy/healthchecks.go index 317b283e..eb986388 100644 --- a/modules/caddyhttp/reverseproxy/healthchecks.go +++ b/modules/caddyhttp/reverseproxy/healthchecks.go @@ -269,7 +269,7 @@ func (h *Handler) doActiveHealthCheck(dialInfo DialInfo, hostAddr string, upstre // attach dialing information to this request ctx := h.ctx.Context ctx = context.WithValue(ctx, caddy.ReplacerCtxKey, caddy.NewReplacer()) - ctx = context.WithValue(ctx, caddyhttp.VarsCtxKey, map[string]interface{}{ + ctx = context.WithValue(ctx, caddyhttp.VarsCtxKey, map[string]any{ dialInfoVarKey: dialInfo, }) req, err := http.NewRequestWithContext(ctx, http.MethodGet, u.String(), nil) diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 70612750..c800b390 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -1317,7 +1317,7 @@ func (brc bodyReadCloser) Close() error { // bufPool is used for buffering requests and responses. var bufPool = sync.Pool{ - New: func() interface{} { + New: func() any { return new(bytes.Buffer) }, } diff --git a/modules/caddyhttp/reverseproxy/streaming.go b/modules/caddyhttp/reverseproxy/streaming.go index 6bd1af23..298ab58d 100644 --- a/modules/caddyhttp/reverseproxy/streaming.go +++ b/modules/caddyhttp/reverseproxy/streaming.go @@ -279,7 +279,7 @@ func (c switchProtocolCopier) copyToBackend(errc chan<- error) { } var streamingBufPool = sync.Pool{ - New: func() interface{} { + New: func() any { // The Pool's New function should generally only return pointer // types, since a pointer can be put into the return interface // value without an allocation diff --git a/modules/caddyhttp/rewrite/rewrite.go b/modules/caddyhttp/rewrite/rewrite.go index da922693..ac8c4fc6 100644 --- a/modules/caddyhttp/rewrite/rewrite.go +++ b/modules/caddyhttp/rewrite/rewrite.go @@ -283,7 +283,7 @@ func buildQueryString(qs string, repl *caddy.Replacer) string { // consume the component and write the result comp := qs[:end] - comp, _ = repl.ReplaceFunc(comp, func(name string, val interface{}) (interface{}, error) { + comp, _ = repl.ReplaceFunc(comp, func(name string, val any) (any, error) { if name == "http.request.uri.query" && wroteVal { return val, nil // already escaped } diff --git a/modules/caddyhttp/routes.go b/modules/caddyhttp/routes.go index b8771db3..45cbd80d 100644 --- a/modules/caddyhttp/routes.go +++ b/modules/caddyhttp/routes.go @@ -151,7 +151,7 @@ func (routes RouteList) ProvisionHandlers(ctx caddy.Context) error { if err != nil { return fmt.Errorf("route %d: loading handler modules: %v", i, err) } - for _, handler := range handlersIface.([]interface{}) { + for _, handler := range handlersIface.([]any) { routes[i].Handlers = append(routes[i].Handlers, handler.(MiddlewareHandler)) } @@ -315,9 +315,9 @@ func (ms MatcherSets) AnyMatch(req *http.Request) bool { return len(ms) == 0 } -// FromInterface fills ms from an interface{} value obtained from LoadModule. -func (ms *MatcherSets) FromInterface(matcherSets interface{}) error { - for _, matcherSetIfaces := range matcherSets.([]map[string]interface{}) { +// FromInterface fills ms from an 'any' value obtained from LoadModule. +func (ms *MatcherSets) FromInterface(matcherSets any) error { + for _, matcherSetIfaces := range matcherSets.([]map[string]any) { var matcherSet MatcherSet for _, matcher := range matcherSetIfaces { reqMatcher, ok := matcher.(RequestMatcher) diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index 44a58882..c665e297 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -585,7 +585,7 @@ func PrepareRequest(r *http.Request, repl *caddy.Replacer, w http.ResponseWriter // set up the context for the request ctx := context.WithValue(r.Context(), caddy.ReplacerCtxKey, repl) ctx = context.WithValue(ctx, ServerCtxKey, s) - ctx = context.WithValue(ctx, VarsCtxKey, make(map[string]interface{})) + ctx = context.WithValue(ctx, VarsCtxKey, make(map[string]any)) ctx = context.WithValue(ctx, routeGroupCtxKey, make(map[string]struct{})) var url2 url.URL // avoid letting this escape to the heap ctx = context.WithValue(ctx, OriginalRequestCtxKey, originalRequest(r, &url2)) diff --git a/modules/caddyhttp/staticresp.go b/modules/caddyhttp/staticresp.go index 9e12bd5c..f0aea030 100644 --- a/modules/caddyhttp/staticresp.go +++ b/modules/caddyhttp/staticresp.go @@ -283,7 +283,7 @@ func cmdRespond(fl caddycmd.Flags) (int, error) { // build headers map hdr := make(http.Header) for i, h := range respondCmdHeaders { - key, val, found := cut(h, ":") // TODO: use strings.Cut() once Go 1.18 is our minimum + key, val, found := strings.Cut(h, ":") key, val = strings.TrimSpace(key), strings.TrimSpace(val) if !found || key == "" || val == "" { return caddy.ExitCodeFailedStartup, fmt.Errorf("header %d: invalid format \"%s\" (expecting \"Field: value\")", i, h) @@ -395,14 +395,6 @@ func cmdRespond(fl caddycmd.Flags) (int, error) { select {} } -// TODO: delete this and use strings.Cut() once Go 1.18 is our minimum -func cut(s, sep string) (before, after string, found bool) { - if i := strings.Index(s, sep); i >= 0 { - return s[:i], s[i+len(sep):], true - } - return s, "", false -} - // respondCmdHeaders holds the parsed values from repeated use of the --header flag. var respondCmdHeaders caddycmd.StringSlice diff --git a/modules/caddyhttp/templates/frontmatter.go b/modules/caddyhttp/templates/frontmatter.go index 9031e138..3f7bd0cc 100644 --- a/modules/caddyhttp/templates/frontmatter.go +++ b/modules/caddyhttp/templates/frontmatter.go @@ -10,7 +10,7 @@ import ( "gopkg.in/yaml.v3" ) -func extractFrontMatter(input string) (map[string]interface{}, string, error) { +func extractFrontMatter(input string) (map[string]any, string, error) { // get the bounds of the first non-empty line var firstLineStart, firstLineEnd int lineEmpty := true @@ -35,7 +35,7 @@ func extractFrontMatter(input string) (map[string]interface{}, string, error) { // see what kind of front matter there is, if any var closingFence []string - var fmParser func([]byte) (map[string]interface{}, error) + var fmParser func([]byte) (map[string]any, error) for _, fmType := range supportedFrontMatterTypes { if firstLine == fmType.FenceOpen { closingFence = fmType.FenceClose @@ -77,35 +77,35 @@ func extractFrontMatter(input string) (map[string]interface{}, string, error) { return fm, body, nil } -func yamlFrontMatter(input []byte) (map[string]interface{}, error) { - m := make(map[string]interface{}) +func yamlFrontMatter(input []byte) (map[string]any, error) { + m := make(map[string]any) err := yaml.Unmarshal(input, &m) return m, err } -func tomlFrontMatter(input []byte) (map[string]interface{}, error) { - m := make(map[string]interface{}) +func tomlFrontMatter(input []byte) (map[string]any, error) { + m := make(map[string]any) err := toml.Unmarshal(input, &m) return m, err } -func jsonFrontMatter(input []byte) (map[string]interface{}, error) { +func jsonFrontMatter(input []byte) (map[string]any, error) { input = append([]byte{'{'}, input...) input = append(input, '}') - m := make(map[string]interface{}) + m := make(map[string]any) err := json.Unmarshal(input, &m) return m, err } type parsedMarkdownDoc struct { - Meta map[string]interface{} `json:"meta,omitempty"` - Body string `json:"body,omitempty"` + Meta map[string]any `json:"meta,omitempty"` + Body string `json:"body,omitempty"` } type frontMatterType struct { FenceOpen string FenceClose []string - ParseFunc func(input []byte) (map[string]interface{}, error) + ParseFunc func(input []byte) (map[string]any, error) } var supportedFrontMatterTypes = []frontMatterType{ diff --git a/modules/caddyhttp/templates/tplcontext.go b/modules/caddyhttp/templates/tplcontext.go index bae24ba8..96a341c8 100644 --- a/modules/caddyhttp/templates/tplcontext.go +++ b/modules/caddyhttp/templates/tplcontext.go @@ -44,7 +44,7 @@ import ( type TemplateContext struct { Root http.FileSystem Req *http.Request - Args []interface{} // defined by arguments to funcInclude + Args []any // defined by arguments to funcInclude RespHeader WrappedHeader CustomFuncs []template.FuncMap // functions added by plugins @@ -99,7 +99,7 @@ func (c TemplateContext) OriginalReq() http.Request { // Note that included files are NOT escaped, so you should only include // trusted files. If it is not trusted, be sure to use escaping functions // in your template. -func (c TemplateContext) funcInclude(filename string, args ...interface{}) (string, error) { +func (c TemplateContext) funcInclude(filename string, args ...any) (string, error) { bodyBuf := bufPool.Get().(*bytes.Buffer) bodyBuf.Reset() @@ -304,7 +304,7 @@ func (TemplateContext) funcStripHTML(s string) string { // funcMarkdown renders the markdown body as HTML. The resulting // HTML is NOT escaped so that it can be rendered as HTML. -func (TemplateContext) funcMarkdown(input interface{}) (string, error) { +func (TemplateContext) funcMarkdown(input any) (string, error) { inputStr := toString(input) md := goldmark.New( @@ -340,7 +340,7 @@ func (TemplateContext) funcMarkdown(input interface{}) (string, error) { // splitFrontMatter parses front matter out from the beginning of input, // and returns the separated key-value pairs and the body/content. input // must be a "stringy" value. -func (TemplateContext) funcSplitFrontMatter(input interface{}) (parsedMarkdownDoc, error) { +func (TemplateContext) funcSplitFrontMatter(input any) (parsedMarkdownDoc, error) { meta, body, err := extractFrontMatter(toString(input)) if err != nil { return parsedMarkdownDoc{}, err @@ -465,7 +465,7 @@ func (h WrappedHeader) Del(field string) string { return "" } -func toString(input interface{}) string { +func toString(input any) string { switch v := input.(type) { case string: return v @@ -479,7 +479,7 @@ func toString(input interface{}) string { } var bufPool = sync.Pool{ - New: func() interface{} { + New: func() any { return new(bytes.Buffer) }, } diff --git a/modules/caddyhttp/vars.go b/modules/caddyhttp/vars.go index e7a7dbb7..08f3e70b 100644 --- a/modules/caddyhttp/vars.go +++ b/modules/caddyhttp/vars.go @@ -37,7 +37,7 @@ func init() { // // The key is the variable name, and the value is the value of the // variable. Both the name and value may use or contain placeholders. -type VarsMiddleware map[string]interface{} +type VarsMiddleware map[string]any // CaddyModule returns the Caddy module information. func (VarsMiddleware) CaddyModule() caddy.ModuleInfo { @@ -48,7 +48,7 @@ func (VarsMiddleware) CaddyModule() caddy.ModuleInfo { } func (m VarsMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Request, next Handler) error { - vars := r.Context().Value(VarsCtxKey).(map[string]interface{}) + vars := r.Context().Value(VarsCtxKey).(map[string]any) repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) for k, v := range m { keyExpanded := repl.ReplaceAll(k, "") @@ -156,7 +156,7 @@ func (m VarsMatcher) Match(r *http.Request) bool { return true } - vars := r.Context().Value(VarsCtxKey).(map[string]interface{}) + vars := r.Context().Value(VarsCtxKey).(map[string]any) repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) for key, vals := range m { @@ -250,7 +250,7 @@ func (m MatchVarsRE) Provision(ctx caddy.Context) error { // Match returns true if r matches m. func (m MatchVarsRE) Match(r *http.Request) bool { - vars := r.Context().Value(VarsCtxKey).(map[string]interface{}) + vars := r.Context().Value(VarsCtxKey).(map[string]any) repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) for k, rm := range m { var varStr string @@ -290,8 +290,8 @@ func (m MatchVarsRE) Validate() error { // GetVar gets a value out of the context's variable table by key. // If the key does not exist, the return value will be nil. -func GetVar(ctx context.Context, key string) interface{} { - varMap, ok := ctx.Value(VarsCtxKey).(map[string]interface{}) +func GetVar(ctx context.Context, key string) any { + varMap, ok := ctx.Value(VarsCtxKey).(map[string]any) if !ok { return nil } @@ -305,8 +305,8 @@ func GetVar(ctx context.Context, key string) interface{} { // If the value is nil (note: non-nil interface with nil // underlying value does not count) and the key exists in // the table, the key+value will be deleted from the table. -func SetVar(ctx context.Context, key string, value interface{}) { - varMap, ok := ctx.Value(VarsCtxKey).(map[string]interface{}) +func SetVar(ctx context.Context, key string, value any) { + varMap, ok := ctx.Value(VarsCtxKey).(map[string]any) if !ok { return } diff --git a/modules/caddypki/ca.go b/modules/caddypki/ca.go index ca9ba469..41e78a6b 100644 --- a/modules/caddypki/ca.go +++ b/modules/caddypki/ca.go @@ -73,7 +73,7 @@ type CA struct { storage certmagic.Storage root, inter *x509.Certificate - interKey interface{} // TODO: should we just store these as crypto.Signer? + interKey any // TODO: should we just store these as crypto.Signer? mu *sync.RWMutex rootCertPath string // mainly used for logging purposes if trusting @@ -121,7 +121,7 @@ func (ca *CA) Provision(ctx caddy.Context, id string, log *zap.Logger) error { // load the certs and key that will be used for signing var rootCert, interCert *x509.Certificate - var rootKey, interKey interface{} + var rootKey, interKey any var err error if ca.Root != nil { if ca.Root.Format == "" || ca.Root.Format == "pem_file" { @@ -161,7 +161,7 @@ func (ca CA) RootCertificate() *x509.Certificate { // RootKey returns the CA's root private key. Since the root key is // not cached in memory long-term, it needs to be loaded from storage, // which could yield an error. -func (ca CA) RootKey() (interface{}, error) { +func (ca CA) RootKey() (any, error) { _, rootKey, err := ca.loadOrGenRoot() return rootKey, err } @@ -175,7 +175,7 @@ func (ca CA) IntermediateCertificate() *x509.Certificate { } // IntermediateKey returns the CA's intermediate private key. -func (ca CA) IntermediateKey() interface{} { +func (ca CA) IntermediateKey() any { ca.mu.RLock() defer ca.mu.RUnlock() return ca.interKey @@ -196,7 +196,7 @@ func (ca *CA) NewAuthority(authorityConfig AuthorityConfig) (*authority.Authorit // cert/key directly, since it's unlikely to expire // while Caddy is running (long lifetime) var issuerCert *x509.Certificate - var issuerKey interface{} + var issuerKey any issuerCert = rootCert var err error issuerKey, err = ca.RootKey() @@ -239,7 +239,7 @@ func (ca *CA) NewAuthority(authorityConfig AuthorityConfig) (*authority.Authorit return auth, nil } -func (ca CA) loadOrGenRoot() (rootCert *x509.Certificate, rootKey interface{}, err error) { +func (ca CA) loadOrGenRoot() (rootCert *x509.Certificate, rootKey any, err error) { rootCertPEM, err := ca.storage.Load(ca.ctx, ca.storageKeyRootCert()) if err != nil { if !errors.Is(err, fs.ErrNotExist) { @@ -273,7 +273,7 @@ func (ca CA) loadOrGenRoot() (rootCert *x509.Certificate, rootKey interface{}, e return rootCert, rootKey, nil } -func (ca CA) genRoot() (rootCert *x509.Certificate, rootKey interface{}, err error) { +func (ca CA) genRoot() (rootCert *x509.Certificate, rootKey any, err error) { repl := ca.newReplacer() rootCert, rootKey, err = generateRoot(repl.ReplaceAll(ca.RootCommonName, "")) diff --git a/modules/caddypki/certificates.go b/modules/caddypki/certificates.go index bd260da6..442a0ad6 100644 --- a/modules/caddypki/certificates.go +++ b/modules/caddypki/certificates.go @@ -22,7 +22,7 @@ import ( "github.com/smallstep/cli/crypto/x509util" ) -func generateRoot(commonName string) (rootCrt *x509.Certificate, privateKey interface{}, err error) { +func generateRoot(commonName string) (rootCrt *x509.Certificate, privateKey any, err error) { rootProfile, err := x509util.NewRootProfile(commonName) if err != nil { return diff --git a/modules/caddytls/automation.go b/modules/caddytls/automation.go index 197c4095..ee168b43 100644 --- a/modules/caddytls/automation.go +++ b/modules/caddytls/automation.go @@ -198,7 +198,7 @@ func (ap *AutomationPolicy) Provision(tlsApp *TLS) error { if err != nil { return fmt.Errorf("loading external certificate manager modules: %v", err) } - for _, getCertVal := range vals.([]interface{}) { + for _, getCertVal := range vals.([]any) { ap.Managers = append(ap.Managers, getCertVal.(certmagic.Manager)) } } @@ -209,7 +209,7 @@ func (ap *AutomationPolicy) Provision(tlsApp *TLS) error { if err != nil { return fmt.Errorf("loading TLS automation management module: %s", err) } - for _, issVal := range val.([]interface{}) { + for _, issVal := range val.([]any) { ap.Issuers = append(ap.Issuers, issVal.(certmagic.Issuer)) } } diff --git a/modules/caddytls/connpolicy.go b/modules/caddytls/connpolicy.go index 4280f0a1..285e9f6f 100644 --- a/modules/caddytls/connpolicy.go +++ b/modules/caddytls/connpolicy.go @@ -46,7 +46,7 @@ func (cp ConnectionPolicies) Provision(ctx caddy.Context) error { if err != nil { return fmt.Errorf("loading handshake matchers: %v", err) } - for _, modIface := range mods.(map[string]interface{}) { + for _, modIface := range mods.(map[string]any) { cp[i].matchers = append(cp[i].matchers, modIface.(ConnectionMatcher)) } @@ -66,7 +66,7 @@ func (cp ConnectionPolicies) Provision(ctx caddy.Context) error { if err != nil { return fmt.Errorf("loading client cert verifiers: %v", err) } - for _, validator := range clientCertValidations.([]interface{}) { + for _, validator := range clientCertValidations.([]any) { cp[i].ClientAuthentication.verifiers = append(cp[i].ClientAuthentication.verifiers, validator.(ClientCertificateVerifier)) } } diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go index 429b24c9..f1294899 100644 --- a/modules/caddytls/tls.go +++ b/modules/caddytls/tls.go @@ -113,7 +113,7 @@ func (t *TLS) Provision(ctx caddy.Context) error { if err != nil { return fmt.Errorf("loading certificate loader modules: %s", err) } - for modName, modIface := range val.(map[string]interface{}) { + for modName, modIface := range val.(map[string]any) { if modName == "automate" { // special case; these will be loaded in later using our automation facilities, // which we want to avoid doing during provisioning diff --git a/modules/logging/filterencoder.go b/modules/logging/filterencoder.go index cdb552d8..6a768dd6 100644 --- a/modules/logging/filterencoder.go +++ b/modules/logging/filterencoder.go @@ -89,7 +89,7 @@ func (fe *FilterEncoder) Provision(ctx caddy.Context) error { if err != nil { return fmt.Errorf("loading log filter modules: %v", err) } - for fieldName, modIface := range vals.(map[string]interface{}) { + for fieldName, modIface := range vals.(map[string]any) { fe.Fields[fieldName] = modIface.(LogFieldFilter) } @@ -326,7 +326,7 @@ func (fe FilterEncoder) AddUintptr(key string, value uintptr) { } // AddReflected is part of the zapcore.ObjectEncoder interface. -func (fe FilterEncoder) AddReflected(key string, value interface{}) error { +func (fe FilterEncoder) AddReflected(key string, value any) error { if !fe.filtered(key, value) { return fe.wrapped.AddReflected(key, value) } @@ -367,7 +367,7 @@ func (fe FilterEncoder) EncodeEntry(ent zapcore.Entry, fields []zapcore.Field) ( // added to the underlying encoder (so do not do // that again). If false was returned, the field has // not yet been added to the underlying encoder. -func (fe FilterEncoder) filtered(key string, value interface{}) bool { +func (fe FilterEncoder) filtered(key string, value any) bool { filter, ok := fe.Fields[fe.keyPrefix+key] if !ok { return false diff --git a/modules/logging/nopencoder.go b/modules/logging/nopencoder.go index fc3d70d9..62c1f787 100644 --- a/modules/logging/nopencoder.go +++ b/modules/logging/nopencoder.go @@ -95,7 +95,7 @@ func (nopEncoder) AddUint8(key string, value uint8) {} func (nopEncoder) AddUintptr(key string, value uintptr) {} // AddReflected is part of the zapcore.ObjectEncoder interface. -func (nopEncoder) AddReflected(key string, value interface{}) error { return nil } +func (nopEncoder) AddReflected(key string, value any) error { return nil } // OpenNamespace is part of the zapcore.ObjectEncoder interface. func (nopEncoder) OpenNamespace(key string) {} diff --git a/modules/metrics/metrics.go b/modules/metrics/metrics.go index e6d4345a..1ad392c1 100644 --- a/modules/metrics/metrics.go +++ b/modules/metrics/metrics.go @@ -56,7 +56,7 @@ type zapLogger struct { zl *zap.Logger } -func (l *zapLogger) Println(v ...interface{}) { +func (l *zapLogger) Println(v ...any) { l.zl.Sugar().Error(v...) } diff --git a/replacer.go b/replacer.go index bffc4244..b8b22671 100644 --- a/replacer.go +++ b/replacer.go @@ -27,7 +27,7 @@ import ( // NewReplacer returns a new Replacer. func NewReplacer() *Replacer { rep := &Replacer{ - static: make(map[string]interface{}), + static: make(map[string]any), } rep.providers = []ReplacerFunc{ globalDefaultReplacements, @@ -40,7 +40,7 @@ func NewReplacer() *Replacer { // without the global default replacements. func NewEmptyReplacer() *Replacer { rep := &Replacer{ - static: make(map[string]interface{}), + static: make(map[string]any), } rep.providers = []ReplacerFunc{ rep.fromStatic, @@ -53,7 +53,7 @@ func NewEmptyReplacer() *Replacer { // use NewReplacer to make one. type Replacer struct { providers []ReplacerFunc - static map[string]interface{} + static map[string]any } // Map adds mapFunc to the list of value providers. @@ -63,13 +63,13 @@ func (r *Replacer) Map(mapFunc ReplacerFunc) { } // Set sets a custom variable to a static value. -func (r *Replacer) Set(variable string, value interface{}) { +func (r *Replacer) Set(variable string, value any) { r.static[variable] = value } // Get gets a value from the replacer. It returns // the value and whether the variable was known. -func (r *Replacer) Get(variable string) (interface{}, bool) { +func (r *Replacer) Get(variable string) (any, bool) { for _, mapFunc := range r.providers { if val, ok := mapFunc(variable); ok { return val, true @@ -92,7 +92,7 @@ func (r *Replacer) Delete(variable string) { } // fromStatic provides values from r.static. -func (r *Replacer) fromStatic(key string) (interface{}, bool) { +func (r *Replacer) fromStatic(key string) (any, bool) { val, ok := r.static[key] return val, ok } @@ -230,7 +230,7 @@ scan: return sb.String(), nil } -func toString(val interface{}) string { +func toString(val any) string { switch v := val.(type) { case nil: return "" @@ -275,9 +275,9 @@ func toString(val interface{}) string { // to service that key (even if the value is blank). If the // function does not recognize the key, false should be // returned. -type ReplacerFunc func(key string) (interface{}, bool) +type ReplacerFunc func(key string) (any, bool) -func globalDefaultReplacements(key string) (interface{}, bool) { +func globalDefaultReplacements(key string) (any, bool) { // check environment variable const envPrefix = "env." if strings.HasPrefix(key, envPrefix) { @@ -316,7 +316,7 @@ func globalDefaultReplacements(key string) (interface{}, bool) { // will be the replacement, and returns the value that // will actually be the replacement, or an error. Note // that errors are sometimes ignored by replacers. -type ReplacementFunc func(variable string, val interface{}) (interface{}, error) +type ReplacementFunc func(variable string, val any) (any, error) // nowFunc is a variable so tests can change it // in order to obtain a deterministic time. diff --git a/replacer_test.go b/replacer_test.go index d6ac0331..09b41c29 100644 --- a/replacer_test.go +++ b/replacer_test.go @@ -178,7 +178,7 @@ func TestReplacerSet(t *testing.T) { for _, tc := range []struct { variable string - value interface{} + value any }{ { variable: "test1", @@ -236,7 +236,7 @@ func TestReplacerReplaceKnown(t *testing.T) { rep := Replacer{ providers: []ReplacerFunc{ // split our possible vars to two functions (to test if both functions are called) - func(key string) (val interface{}, ok bool) { + func(key string) (val any, ok bool) { switch key { case "test1": return "val1", true @@ -250,7 +250,7 @@ func TestReplacerReplaceKnown(t *testing.T) { return "NOOO", false } }, - func(key string) (val interface{}, ok bool) { + func(key string) (val any, ok bool) { switch key { case "1": return "test-123", true @@ -306,7 +306,7 @@ func TestReplacerReplaceKnown(t *testing.T) { func TestReplacerDelete(t *testing.T) { rep := Replacer{ - static: map[string]interface{}{ + static: map[string]any{ "key1": "val1", "key2": "val2", "key3": "val3", @@ -341,10 +341,10 @@ func TestReplacerMap(t *testing.T) { rep := testReplacer() for i, tc := range []ReplacerFunc{ - func(key string) (val interface{}, ok bool) { + func(key string) (val any, ok bool) { return "", false }, - func(key string) (val interface{}, ok bool) { + func(key string) (val any, ok bool) { return "", false }, } { @@ -453,6 +453,6 @@ func BenchmarkReplacer(b *testing.B) { func testReplacer() Replacer { return Replacer{ providers: make([]ReplacerFunc, 0), - static: make(map[string]interface{}), + static: make(map[string]any), } } diff --git a/usagepool.go b/usagepool.go index 96ed0f0e..92340218 100644 --- a/usagepool.go +++ b/usagepool.go @@ -57,13 +57,13 @@ import ( // NewUsagePool() to make a new one. type UsagePool struct { sync.RWMutex - pool map[interface{}]*usagePoolVal + pool map[any]*usagePoolVal } // NewUsagePool returns a new usage pool that is ready to use. func NewUsagePool() *UsagePool { return &UsagePool{ - pool: make(map[interface{}]*usagePoolVal), + pool: make(map[any]*usagePoolVal), } } @@ -74,7 +74,7 @@ func NewUsagePool() *UsagePool { // or constructed value is returned. The loaded return value is true // if the value already existed and was loaded, or false if it was // newly constructed. -func (up *UsagePool) LoadOrNew(key interface{}, construct Constructor) (value interface{}, loaded bool, err error) { +func (up *UsagePool) LoadOrNew(key any, construct Constructor) (value any, loaded bool, err error) { var upv *usagePoolVal up.Lock() upv, loaded = up.pool[key] @@ -113,7 +113,7 @@ func (up *UsagePool) LoadOrNew(key interface{}, construct Constructor) (value in // already exists, or stores it if it does not exist. It returns the // value that was either loaded or stored, and true if the value already // existed and was -func (up *UsagePool) LoadOrStore(key, val interface{}) (value interface{}, loaded bool) { +func (up *UsagePool) LoadOrStore(key, val any) (value any, loaded bool) { var upv *usagePoolVal up.Lock() upv, loaded = up.pool[key] @@ -144,7 +144,7 @@ func (up *UsagePool) LoadOrStore(key, val interface{}) (value interface{}, loade // This method is somewhat naive and acquires a read lock on the // entire pool during iteration, so do your best to make f() really // fast, m'kay? -func (up *UsagePool) Range(f func(key, value interface{}) bool) { +func (up *UsagePool) Range(f func(key, value any) bool) { up.RLock() defer up.RUnlock() for key, upv := range up.pool { @@ -166,7 +166,7 @@ func (up *UsagePool) Range(f func(key, value interface{}) bool) { // true if the usage count reached 0 and the value was deleted. // It panics if the usage count drops below 0; always call // Delete precisely as many times as LoadOrStore. -func (up *UsagePool) Delete(key interface{}) (deleted bool, err error) { +func (up *UsagePool) Delete(key any) (deleted bool, err error) { up.Lock() upv, ok := up.pool[key] if !ok { @@ -206,7 +206,7 @@ type Destructor interface { type usagePoolVal struct { refs int32 // accessed atomically; must be 64-bit aligned for 32-bit systems - value interface{} + value any err error sync.RWMutex } From 63c7720e84176184698730fed0ca7c402c53481a Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 2 Aug 2022 15:35:19 -0600 Subject: [PATCH 0710/1498] go.mod: Upgrade CertMagic and acmez --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index baaff482..f0225eef 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( github.com/Masterminds/sprig/v3 v3.2.2 github.com/alecthomas/chroma v0.10.0 github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b - github.com/caddyserver/certmagic v0.16.1 + github.com/caddyserver/certmagic v0.16.2 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-chi/chi v4.1.2+incompatible github.com/google/cel-go v0.12.4 @@ -15,7 +15,7 @@ require ( github.com/klauspost/compress v1.15.9 github.com/klauspost/cpuid/v2 v2.1.0 github.com/lucas-clemente/quic-go v0.28.1 - github.com/mholt/acmez v1.0.3 + github.com/mholt/acmez v1.0.4 github.com/prometheus/client_golang v1.12.2 github.com/smallstep/certificates v0.21.0 github.com/smallstep/cli v0.21.0 diff --git a/go.sum b/go.sum index 2cf9165b..72182296 100644 --- a/go.sum +++ b/go.sum @@ -139,8 +139,8 @@ github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kB github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps= github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= -github.com/caddyserver/certmagic v0.16.1 h1:rdSnjcUVJojmL4M0efJ+yHXErrrijS4YYg3FuwRdJkI= -github.com/caddyserver/certmagic v0.16.1/go.mod h1:jKQ5n+ViHAr6DbPwEGLTSM2vDwTO6EvCKBblBRUvvuQ= +github.com/caddyserver/certmagic v0.16.2 h1:k2n3LkkUG3aMUK/kckMuF9/0VFo+0FtMX3drPYESbmQ= +github.com/caddyserver/certmagic v0.16.2/go.mod h1:PgLIr/dSJa+WA7t7z6Je5xuS/e5A/GFCPHRuZ1QP+MQ= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs= @@ -606,8 +606,8 @@ github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0j github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d h1:5PJl274Y63IEHC+7izoQE9x6ikvDFZS2mDVS3drnohI= github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= -github.com/mholt/acmez v1.0.3 h1:mDgRxGYk6TKlfydYNMfX0HXXJh9i73YL+swPjYCADU8= -github.com/mholt/acmez v1.0.3/go.mod h1:qFGLZ4u+ehWINeJZjzPlsnjJBCPAADWTcIqE/7DAYQY= +github.com/mholt/acmez v1.0.4 h1:N3cE4Pek+dSolbsofIkAYz6H1d3pE+2G0os7QHslf80= +github.com/mholt/acmez v1.0.4/go.mod h1:qFGLZ4u+ehWINeJZjzPlsnjJBCPAADWTcIqE/7DAYQY= github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4= github.com/micromdm/scep/v2 v2.1.0 h1:2fS9Rla7qRR266hvUoEauBJ7J6FhgssEiq2OkSKXmaU= github.com/micromdm/scep/v2 v2.1.0/go.mod h1:BkF7TkPPhmgJAMtHfP+sFTKXmgzNJgLQlvvGoOExBcc= From 1960a0dc117dd30fb507b390ddf93b2ef371b9ad Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Wed, 3 Aug 2022 11:04:51 -0600 Subject: [PATCH 0711/1498] httpserver: Configurable shutdown delay (#4906) --- caddyconfig/httpcaddyfile/httptype.go | 9 +- caddyconfig/httpcaddyfile/options.go | 1 + .../caddyfile_adapt/global_options.txt | 2 + listeners.go | 30 +++- listeners_test.go | 82 +++++++++++ modules/caddyhttp/app.go | 128 ++++++++++++------ modules/caddyhttp/replacer.go | 16 +++ modules/caddyhttp/server.go | 8 +- usagepool.go | 15 ++ 9 files changed, 245 insertions(+), 46 deletions(-) diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 7153b8c0..cca864d0 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -190,10 +190,11 @@ func (st ServerType) Setup(inputServerBlocks []caddyfile.ServerBlock, // now that each server is configured, make the HTTP app httpApp := caddyhttp.App{ - HTTPPort: tryInt(options["http_port"], &warnings), - HTTPSPort: tryInt(options["https_port"], &warnings), - GracePeriod: tryDuration(options["grace_period"], &warnings), - Servers: servers, + HTTPPort: tryInt(options["http_port"], &warnings), + HTTPSPort: tryInt(options["https_port"], &warnings), + GracePeriod: tryDuration(options["grace_period"], &warnings), + ShutdownDelay: tryDuration(options["shutdown_delay"], &warnings), + Servers: servers, } // then make the TLS app diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go index d9af04ed..36f8f4b1 100644 --- a/caddyconfig/httpcaddyfile/options.go +++ b/caddyconfig/httpcaddyfile/options.go @@ -31,6 +31,7 @@ func init() { RegisterGlobalOption("https_port", parseOptHTTPSPort) RegisterGlobalOption("default_bind", parseOptStringList) RegisterGlobalOption("grace_period", parseOptDuration) + RegisterGlobalOption("shutdown_delay", parseOptDuration) RegisterGlobalOption("default_sni", parseOptSingleString) RegisterGlobalOption("order", parseOptOrder) RegisterGlobalOption("storage", parseOptStorage) diff --git a/caddytest/integration/caddyfile_adapt/global_options.txt b/caddytest/integration/caddyfile_adapt/global_options.txt index 69e2d9d5..57831a44 100644 --- a/caddytest/integration/caddyfile_adapt/global_options.txt +++ b/caddytest/integration/caddyfile_adapt/global_options.txt @@ -3,6 +3,7 @@ http_port 8080 https_port 8443 grace_period 5s + shutdown_delay 10s default_sni localhost order root first storage file_system { @@ -45,6 +46,7 @@ "http_port": 8080, "https_port": 8443, "grace_period": 5000000000, + "shutdown_delay": 10000000000, "servers": { "srv0": { "listen": [ diff --git a/listeners.go b/listeners.go index 4c86e829..d9cfbf28 100644 --- a/listeners.go +++ b/listeners.go @@ -41,7 +41,7 @@ import ( // the socket have been finished. Always be sure to close listeners // when you are done with them, just like normal listeners. func Listen(network, addr string) (net.Listener, error) { - lnKey := network + "/" + addr + lnKey := listenerKey(network, addr) sharedLn, _, err := listenerPool.LoadOrNew(lnKey, func() (Destructor, error) { ln, err := net.Listen(network, addr) @@ -65,7 +65,7 @@ func Listen(network, addr string) (net.Listener, error) { // It is like Listen except for PacketConns. // Always be sure to close the PacketConn when you are done. func ListenPacket(network, addr string) (net.PacketConn, error) { - lnKey := network + "/" + addr + lnKey := listenerKey(network, addr) sharedPc, _, err := listenerPool.LoadOrNew(lnKey, func() (Destructor, error) { pc, err := net.ListenPacket(network, addr) @@ -89,7 +89,7 @@ func ListenPacket(network, addr string) (net.PacketConn, error) { // Note that the context passed to Accept is currently ignored, so using // a context other than context.Background is meaningless. func ListenQUIC(addr string, tlsConf *tls.Config) (quic.EarlyListener, error) { - lnKey := "quic/" + addr + lnKey := listenerKey("udp", addr) sharedEl, _, err := listenerPool.LoadOrNew(lnKey, func() (Destructor, error) { el, err := quic.ListenAddrEarly(addr, http3.ConfigureTLSConfig(tlsConf), &quic.Config{}) @@ -106,6 +106,16 @@ func ListenQUIC(addr string, tlsConf *tls.Config) (quic.EarlyListener, error) { }, err } +func listenerKey(network, addr string) string { + return network + "/" + addr +} + +// ListenerUsage returns the current usage count of the given listener address. +func ListenerUsage(network, addr string) int { + count, _ := listenerPool.References(listenerKey(network, addr)) + return count +} + // fakeCloseListener is a private wrapper over a listener that // is shared. The state of fakeCloseListener is not shared. // This allows one user of a socket to "close" the listener @@ -353,11 +363,25 @@ func (na NetworkAddress) JoinHostPort(offset uint) string { return net.JoinHostPort(na.Host, strconv.Itoa(int(na.StartPort+offset))) } +func (na NetworkAddress) Expand() []NetworkAddress { + size := na.PortRangeSize() + addrs := make([]NetworkAddress, size) + for portOffset := uint(0); portOffset < size; portOffset++ { + na2 := na + na2.StartPort, na2.EndPort = na.StartPort+portOffset, na.StartPort+portOffset + addrs[portOffset] = na2 + } + return addrs +} + // PortRangeSize returns how many ports are in // pa's port range. Port ranges are inclusive, // so the size is the difference of start and // end ports plus one. func (na NetworkAddress) PortRangeSize() uint { + if na.EndPort < na.StartPort { + return 0 + } return (na.EndPort - na.StartPort) + 1 } diff --git a/listeners_test.go b/listeners_test.go index 6b0f440a..c5aa5273 100644 --- a/listeners_test.go +++ b/listeners_test.go @@ -331,3 +331,85 @@ func TestJoinHostPort(t *testing.T) { } } } + +func TestExpand(t *testing.T) { + for i, tc := range []struct { + input NetworkAddress + expect []NetworkAddress + }{ + { + input: NetworkAddress{ + Network: "tcp", + Host: "localhost", + StartPort: 2000, + EndPort: 2000, + }, + expect: []NetworkAddress{ + { + Network: "tcp", + Host: "localhost", + StartPort: 2000, + EndPort: 2000, + }, + }, + }, + { + input: NetworkAddress{ + Network: "tcp", + Host: "localhost", + StartPort: 2000, + EndPort: 2002, + }, + expect: []NetworkAddress{ + { + Network: "tcp", + Host: "localhost", + StartPort: 2000, + EndPort: 2000, + }, + { + Network: "tcp", + Host: "localhost", + StartPort: 2001, + EndPort: 2001, + }, + { + Network: "tcp", + Host: "localhost", + StartPort: 2002, + EndPort: 2002, + }, + }, + }, + { + input: NetworkAddress{ + Network: "tcp", + Host: "localhost", + StartPort: 2000, + EndPort: 1999, + }, + expect: []NetworkAddress{}, + }, + { + input: NetworkAddress{ + Network: "unix", + Host: "/foo/bar", + StartPort: 0, + EndPort: 0, + }, + expect: []NetworkAddress{ + { + Network: "unix", + Host: "/foo/bar", + StartPort: 0, + EndPort: 0, + }, + }, + }, + } { + actual := tc.input.Expand() + if !reflect.DeepEqual(actual, tc.expect) { + t.Errorf("Test %d: Expected %+v but got %+v", i, tc.expect, actual) + } + } +} diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go index 24069eb8..c28e09db 100644 --- a/modules/caddyhttp/app.go +++ b/modules/caddyhttp/app.go @@ -20,6 +20,7 @@ import ( "fmt" "net/http" "strconv" + "sync" "time" "github.com/caddyserver/caddy/v2" @@ -95,6 +96,8 @@ func init() { // `{http.request.uri}` | The full request URI // `{http.response.header.*}` | Specific response header field // `{http.vars.*}` | Custom variables in the HTTP handler chain +// `{http.shutting_down}` | True if the HTTP app is shutting down +// `{http.time_until_shutdown}` | Time until HTTP server shutdown, if scheduled type App struct { // HTTPPort specifies the port to use for HTTP (as opposed to HTTPS), // which is used when setting up HTTP->HTTPS redirects or ACME HTTP @@ -107,18 +110,31 @@ type App struct { HTTPSPort int `json:"https_port,omitempty"` // GracePeriod is how long to wait for active connections when shutting - // down the server. Once the grace period is over, connections will - // be forcefully closed. + // down the servers. During the grace period, no new connections are + // accepted, idle connections are closed, and active connections will + // be given the full length of time to become idle and close. + // Once the grace period is over, connections will be forcefully closed. + // If zero, the grace period is eternal. Default: 0. GracePeriod caddy.Duration `json:"grace_period,omitempty"` + // ShutdownDelay is how long to wait before initiating the grace + // period. When this app is stopping (e.g. during a config reload or + // process exit), all servers will be shut down. Normally this immediately + // initiates the grace period. However, if this delay is configured, servers + // will not be shut down until the delay is over. During this time, servers + // continue to function normally and allow new connections. At the end, the + // grace period will begin. This can be useful to allow downstream load + // balancers time to move this instance out of the rotation without hiccups. + // + // When shutdown has been scheduled, placeholders {http.shutting_down} (bool) + // and {http.time_until_shutdown} (duration) may be useful for health checks. + ShutdownDelay caddy.Duration `json:"shutdown_delay,omitempty"` + // Servers is the list of servers, keyed by arbitrary names chosen // at your discretion for your own convenience; the keys do not // affect functionality. Servers map[string]*Server `json:"servers,omitempty"` - servers []*http.Server - h3servers []*http3.Server - ctx caddy.Context logger *zap.Logger tlsApp *caddytls.TLS @@ -162,6 +178,7 @@ func (app *App) Provision(ctx caddy.Context) error { srv.tlsApp = app.tlsApp srv.logger = app.logger.Named("log") srv.errorLogger = app.logger.Named("log.error") + srv.shutdownAtMu = new(sync.RWMutex) // only enable access logs if configured if srv.Logs != nil { @@ -298,7 +315,7 @@ func (app *App) Start() error { } for srvName, srv := range app.Servers { - s := &http.Server{ + srv.server = &http.Server{ ReadTimeout: time.Duration(srv.ReadTimeout), ReadHeaderTimeout: time.Duration(srv.ReadHeaderTimeout), WriteTimeout: time.Duration(srv.WriteTimeout), @@ -307,13 +324,14 @@ func (app *App) Start() error { Handler: srv, ErrorLog: serverLogger, } + tlsCfg := srv.TLSConnPolicies.TLSConfig(app.ctx) // enable h2c if configured if srv.AllowH2C { h2server := &http2.Server{ IdleTimeout: time.Duration(srv.IdleTimeout), } - s.Handler = h2c.NewHandler(srv, h2server) + srv.server.Handler = h2c.NewHandler(srv, h2server) } for _, lnAddr := range srv.Listen { @@ -321,6 +339,8 @@ func (app *App) Start() error { if err != nil { return fmt.Errorf("%s: parsing listen address '%s': %v", srvName, lnAddr, err) } + srv.addresses = append(srv.addresses, listenAddr) + for portOffset := uint(0); portOffset < listenAddr.PortRangeSize(); portOffset++ { // create the listener for this socket hostport := listenAddr.JoinHostPort(portOffset) @@ -343,31 +363,27 @@ func (app *App) Start() error { useTLS := len(srv.TLSConnPolicies) > 0 && int(listenAddr.StartPort+portOffset) != app.httpPort() if useTLS { // create TLS listener - tlsCfg := srv.TLSConnPolicies.TLSConfig(app.ctx) ln = tls.NewListener(ln, tlsCfg) - ///////// // TODO: HTTP/3 support is experimental for now if srv.ExperimentalHTTP3 { - app.logger.Info("enabling experimental HTTP/3 listener", - zap.String("addr", hostport), - ) + if srv.h3server == nil { + srv.h3server = &http3.Server{ + Handler: srv, + TLSConfig: tlsCfg, + MaxHeaderBytes: srv.MaxHeaderBytes, + } + } + + app.logger.Info("enabling experimental HTTP/3 listener", zap.String("addr", hostport)) h3ln, err := caddy.ListenQUIC(hostport, tlsCfg) if err != nil { return fmt.Errorf("getting HTTP/3 QUIC listener: %v", err) } - h3srv := &http3.Server{ - Addr: hostport, - Handler: srv, - TLSConfig: tlsCfg, - MaxHeaderBytes: srv.MaxHeaderBytes, - } + //nolint:errcheck - go h3srv.ServeListener(h3ln) - app.h3servers = append(app.h3servers, h3srv) - srv.h3server = h3srv + go srv.h3server.ServeListener(h3ln) } - ///////// } // finish wrapping listener where we left off before TLS @@ -390,11 +406,10 @@ func (app *App) Start() error { zap.Bool("tls", useTLS), ) - //nolint:errcheck - go s.Serve(ln) - srv.listeners = append(srv.listeners, ln) - app.servers = append(app.servers, s) + + //nolint:errcheck + go srv.server.Serve(ln) } } } @@ -412,28 +427,65 @@ func (app *App) Start() error { // Stop gracefully shuts down the HTTP server. func (app *App) Stop() error { ctx := context.Background() + + // see if any listeners in our config will be closing or if they are continuing + // hrough a reload; because if any are closing, we will enforce shutdown delay + var delay bool + scheduledTime := time.Now().Add(time.Duration(app.ShutdownDelay)) + if app.ShutdownDelay > 0 { + for _, server := range app.Servers { + for _, na := range server.addresses { + for _, addr := range na.Expand() { + if caddy.ListenerUsage(addr.Network, addr.JoinHostPort(0)) < 2 { + app.logger.Debug("listener closing and shutdown delay is configured", zap.String("address", addr.String())) + server.shutdownAtMu.Lock() + server.shutdownAt = scheduledTime + server.shutdownAtMu.Unlock() + delay = true + } else { + app.logger.Debug("shutdown delay configured but listener will remain open", zap.String("address", addr.String())) + } + } + } + } + } + + // honor scheduled/delayed shutdown time + if delay { + app.logger.Debug("shutdown scheduled", + zap.Duration("delay_duration", time.Duration(app.ShutdownDelay)), + zap.Time("time", scheduledTime)) + time.Sleep(time.Duration(app.ShutdownDelay)) + } + + // enforce grace period if configured if app.GracePeriod > 0 { var cancel context.CancelFunc ctx, cancel = context.WithTimeout(ctx, time.Duration(app.GracePeriod)) defer cancel() + app.logger.Debug("servers shutting down; grace period initiated", zap.Duration("duration", time.Duration(app.GracePeriod))) + } else { + app.logger.Debug("servers shutting down with eternal grace period") } - for i, s := range app.servers { - if err := s.Shutdown(ctx); err != nil { + + // shut down servers + for _, server := range app.Servers { + if err := server.server.Shutdown(ctx); err != nil { app.logger.Error("server shutdown", zap.Error(err), - zap.Int("index", i)) + zap.Strings("addresses", server.Listen)) + } + + if server.h3server != nil { + // TODO: CloseGracefully, once implemented upstream (see https://github.com/lucas-clemente/quic-go/issues/2103) + if err := server.h3server.Close(); err != nil { + app.logger.Error("HTTP/3 server shutdown", + zap.Error(err), + zap.Strings("addresses", server.Listen)) + } } } - for i, s := range app.h3servers { - // TODO: CloseGracefully, once implemented upstream - // (see https://github.com/lucas-clemente/quic-go/issues/2103) - if err := s.Close(); err != nil { - app.logger.Error("HTTP/3 server shutdown", - zap.Error(err), - zap.Int("index", i)) - } - } return nil } diff --git a/modules/caddyhttp/replacer.go b/modules/caddyhttp/replacer.go index bde58b79..76c1c872 100644 --- a/modules/caddyhttp/replacer.go +++ b/modules/caddyhttp/replacer.go @@ -252,6 +252,22 @@ func addHTTPVarsToReplacer(repl *caddy.Replacer, req *http.Request, w http.Respo } } + switch { + case key == "http.shutting_down": + server := req.Context().Value(ServerCtxKey).(*Server) + server.shutdownAtMu.RLock() + defer server.shutdownAtMu.RUnlock() + return !server.shutdownAt.IsZero(), true + case key == "http.time_until_shutdown": + server := req.Context().Value(ServerCtxKey).(*Server) + server.shutdownAtMu.RLock() + defer server.shutdownAtMu.RUnlock() + if server.shutdownAt.IsZero() { + return nil, true + } + return time.Until(server.shutdownAt), true + } + return nil, false } diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index c665e297..62c0fd9f 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -24,6 +24,7 @@ import ( "net/url" "runtime" "strings" + "sync" "time" "github.com/caddyserver/caddy/v2" @@ -139,7 +140,12 @@ type Server struct { accessLogger *zap.Logger errorLogger *zap.Logger - h3server *http3.Server + server *http.Server + h3server *http3.Server + addresses []caddy.NetworkAddress + + shutdownAt time.Time + shutdownAtMu *sync.RWMutex } // ServeHTTP is the entry point for all HTTP requests. diff --git a/usagepool.go b/usagepool.go index 92340218..c3444155 100644 --- a/usagepool.go +++ b/usagepool.go @@ -194,6 +194,21 @@ func (up *UsagePool) Delete(key any) (deleted bool, err error) { return } +// References returns the number of references (count of usages) to a +// key in the pool, and true if the key exists, or false otherwise. +func (up *UsagePool) References(key interface{}) (int, bool) { + up.RLock() + upv, loaded := up.pool[key] + up.RUnlock() + if loaded { + // I wonder if it'd be safer to read this value during + // our lock on the UsagePool... guess we'll see... + refs := atomic.LoadInt32(&upv.refs) + return int(refs), true + } + return 0, false +} + // Constructor is a function that returns a new value // that can destruct itself when it is no longer needed. type Constructor func() (Destructor, error) From 17ae5acaba536e98cfa86ddcd6967801f1fa1bbe Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Thu, 4 Aug 2022 11:16:59 -0600 Subject: [PATCH 0712/1498] cmd: Use newly-available version information (#4931) --- caddy.go | 115 ++++++++++++++---- cmd/commandfuncs.go | 21 +--- cmd/main.go | 26 +--- .../caddyhttp/reverseproxy/fastcgi/fastcgi.go | 6 +- modules/caddyhttp/tracing/tracer.go | 4 +- 5 files changed, 103 insertions(+), 69 deletions(-) diff --git a/caddy.go b/caddy.go index 54c890bf..6964f77c 100644 --- a/caddy.go +++ b/caddy.go @@ -127,7 +127,9 @@ func Load(cfgJSON []byte, forceReload bool) error { // forcefully reloaded, then errConfigUnchanged This function is safe for // concurrent use. // The ifMatchHeader can optionally be given a string of the format: -// " " +// +// " " +// // where is the absolute path in the config and is the expected hash of // the config at that path. If the hash in the ifMatchHeader doesn't match // the hash of the config, then an APIError with status 412 will be returned. @@ -791,38 +793,102 @@ func InstanceID() (uuid.UUID, error) { return uuid.ParseBytes(uuidFileBytes) } -// GoModule returns the build info of this Caddy -// build from debug.BuildInfo (requires Go modules). -// If no version information is available, a non-nil -// value will still be returned, but with an -// unknown version. -func GoModule() *debug.Module { - var mod debug.Module - return goModule(&mod) -} - -// goModule holds the actual implementation of GoModule. -// Allocating debug.Module in GoModule() and passing a -// reference to goModule enables mid-stack inlining. -func goModule(mod *debug.Module) *debug.Module { - mod.Version = "unknown" +// Version returns the Caddy version in a simple/short form, and +// a full version string. The short form will not have spaces and +// is intended for User-Agent strings and similar, but may be +// omitting valuable information. Note that Caddy must be compiled +// in a special way to properly embed complete version information. +// First this function tries to get the version from the embedded +// build info provided by go.mod dependencies; then it tries to +// get info from embedded VCS information, which requires having +// built Caddy from a git repository. If no version is available, +// this function returns "(devel)" becaise Go uses that, but for +// the simple form we change it to "unknown". +// +// See relevant Go issues: https://github.com/golang/go/issues/29228 +// and https://github.com/golang/go/issues/50603. +// +// This function is experimental and subject to change or removal. +func Version() (simple, full string) { + // the currently-recommended way to build Caddy involves + // building it as a dependency so we can extract version + // information from go.mod tooling; once the upstream + // Go issues are fixed, we should just be able to use + // bi.Main... hopefully. + var module *debug.Module bi, ok := debug.ReadBuildInfo() if ok { - mod.Path = bi.Main.Path - // The recommended way to build Caddy involves - // creating a separate main module, which - // TODO: track related Go issue: https://github.com/golang/go/issues/29228 - // once that issue is fixed, we should just be able to use bi.Main... hopefully. + // find the Caddy module in the dependency list for _, dep := range bi.Deps { if dep.Path == ImportPath { - return dep + module = dep + break } } - return &bi.Main } - return mod + if module != nil { + simple, full = module.Version, module.Version + if module.Sum != "" { + full += " " + module.Sum + } + if module.Replace != nil { + full += " => " + module.Replace.Path + if module.Replace.Version != "" { + simple = module.Replace.Version + "_custom" + full += "@" + module.Replace.Version + } + if module.Replace.Sum != "" { + full += " " + module.Replace.Sum + } + } + } + + if full == "" { + var vcsRevision string + var vcsTime time.Time + var vcsModified bool + for _, setting := range bi.Settings { + switch setting.Key { + case "vcs.revision": + vcsRevision = setting.Value + case "vcs.time": + vcsTime, _ = time.Parse(time.RFC3339, setting.Value) + case "vcs.modified": + vcsModified, _ = strconv.ParseBool(setting.Value) + } + } + + if vcsRevision != "" { + var modified string + if vcsModified { + modified = "+modified" + } + full = fmt.Sprintf("%s%s (%s)", vcsRevision, modified, vcsTime.Format(time.RFC822)) + simple = vcsRevision + + // use short checksum for simple, if hex-only + if _, err := hex.DecodeString(simple); err == nil { + simple = simple[:8] + } + + // append date to simple since it can be convenient + // to know the commit date as part of the version + if !vcsTime.IsZero() { + simple += "-" + vcsTime.Format("20060102") + } + } + } + + if simple == "" || simple == "(devel)" { + simple = "unknown" + } + + return } +// ActiveContext returns the currently-active context. +// This function is experimental and might be changed +// or removed in the future. func ActiveContext() Context { currentCtxMu.RLock() defer currentCtxMu.RUnlock() @@ -867,4 +933,5 @@ var ( var errSameConfig = errors.New("config is unchanged") // ImportPath is the package import path for Caddy core. +// This identifier may be removed in the future. const ImportPath = "github.com/caddyserver/caddy/v2" diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go index a4b7bdf7..67015f78 100644 --- a/cmd/commandfuncs.go +++ b/cmd/commandfuncs.go @@ -331,30 +331,17 @@ func cmdReload(fl Flags) (int, error) { } func cmdVersion(_ Flags) (int, error) { - fmt.Println(CaddyVersion()) + _, full := caddy.Version() + fmt.Println(full) return caddy.ExitCodeSuccess, nil } -func cmdBuildInfo(fl Flags) (int, error) { +func cmdBuildInfo(_ Flags) (int, error) { bi, ok := debug.ReadBuildInfo() if !ok { return caddy.ExitCodeFailedStartup, fmt.Errorf("no build information") } - - fmt.Printf("go_version: %s\n", runtime.Version()) - fmt.Printf("go_os: %s\n", runtime.GOOS) - fmt.Printf("go_arch: %s\n", runtime.GOARCH) - fmt.Printf("path: %s\n", bi.Path) - fmt.Printf("main: %s %s %s\n", bi.Main.Path, bi.Main.Version, bi.Main.Sum) - fmt.Println("dependencies:") - - for _, goMod := range bi.Deps { - fmt.Printf("%s %s %s", goMod.Path, goMod.Version, goMod.Sum) - if goMod.Replace != nil { - fmt.Printf(" => %s %s %s", goMod.Replace.Path, goMod.Replace.Version, goMod.Replace.Sum) - } - fmt.Println() - } + fmt.Println(bi) return caddy.ExitCodeSuccess, nil } diff --git a/cmd/main.go b/cmd/main.go index e5a4edfe..e932b6b8 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -38,8 +38,8 @@ import ( func init() { // set a fitting User-Agent for ACME requests - goModule := caddy.GoModule() - cleanModVersion := strings.TrimPrefix(goModule.Version, "v") + version, _ := caddy.Version() + cleanModVersion := strings.TrimPrefix(version, "v") certmagic.UserAgent = "Caddy/" + cleanModVersion // by using Caddy, user indicates agreement to CA terms @@ -441,11 +441,12 @@ func parseEnvFile(envInput io.Reader) (map[string]string, error) { } func printEnvironment() { + _, version := caddy.Version() fmt.Printf("caddy.HomeDir=%s\n", caddy.HomeDir()) fmt.Printf("caddy.AppDataDir=%s\n", caddy.AppDataDir()) fmt.Printf("caddy.AppConfigDir=%s\n", caddy.AppConfigDir()) fmt.Printf("caddy.ConfigAutosavePath=%s\n", caddy.ConfigAutosavePath) - fmt.Printf("caddy.Version=%s\n", CaddyVersion()) + fmt.Printf("caddy.Version=%s\n", version) fmt.Printf("runtime.GOOS=%s\n", runtime.GOOS) fmt.Printf("runtime.GOARCH=%s\n", runtime.GOARCH) fmt.Printf("runtime.Compiler=%s\n", runtime.Compiler) @@ -462,25 +463,6 @@ func printEnvironment() { } } -// CaddyVersion returns a detailed version string, if available. -func CaddyVersion() string { - goModule := caddy.GoModule() - ver := goModule.Version - if goModule.Sum != "" { - ver += " " + goModule.Sum - } - if goModule.Replace != nil { - ver += " => " + goModule.Replace.Path - if goModule.Replace.Version != "" { - ver += "@" + goModule.Replace.Version - } - if goModule.Replace.Sum != "" { - ver += " " + goModule.Replace.Sum - } - } - return ver -} - // StringSlice is a flag.Value that enables repeated use of a string flag. type StringSlice []string diff --git a/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go b/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go index 28481337..313f4ebd 100644 --- a/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go +++ b/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go @@ -94,10 +94,8 @@ func (t *Transport) Provision(ctx caddy.Context) error { t.Root = "{http.vars.root}" } - t.serverSoftware = "Caddy" - if mod := caddy.GoModule(); mod.Version != "" { - t.serverSoftware += "/" + mod.Version - } + version, _ := caddy.Version() + t.serverSoftware = "Caddy/" + version // Set a relatively short default dial timeout. // This is helpful to make load-balancer retries more speedy. diff --git a/modules/caddyhttp/tracing/tracer.go b/modules/caddyhttp/tracing/tracer.go index ce23944c..ddb01e82 100644 --- a/modules/caddyhttp/tracing/tracer.go +++ b/modules/caddyhttp/tracing/tracer.go @@ -7,7 +7,6 @@ import ( "github.com/caddyserver/caddy/v2" - caddycmd "github.com/caddyserver/caddy/v2/cmd" "github.com/caddyserver/caddy/v2/modules/caddyhttp" "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp" "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc" @@ -52,7 +51,8 @@ func newOpenTelemetryWrapper( spanName: spanName, } - res, err := ot.newResource(webEngineName, caddycmd.CaddyVersion()) + version, _ := caddy.Version() + res, err := ot.newResource(webEngineName, version) if err != nil { return ot, fmt.Errorf("creating resource error: %w", err) } From 2642bd72b7ca35b8622824fdffced2aefe1aaf11 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wilczy=C5=84skiT?= <102859171+WilczynskiT@users.noreply.github.com> Date: Thu, 4 Aug 2022 19:17:35 +0200 Subject: [PATCH 0713/1498] Replace strings.Index usages with strings.Cut (#4930) --- caddyconfig/load.go | 5 ++--- cmd/main.go | 6 +++--- listeners.go | 17 +++++++++-------- modules.go | 6 +++--- modules/caddyhttp/matchers.go | 6 +++--- modules/caddyhttp/push/link.go | 11 +++++------ modules/caddyhttp/reverseproxy/addresses.go | 6 +++--- .../caddyhttp/reverseproxy/fastcgi/client.go | 8 ++++---- 8 files changed, 32 insertions(+), 33 deletions(-) diff --git a/caddyconfig/load.go b/caddyconfig/load.go index bd47bea4..9f5cda90 100644 --- a/caddyconfig/load.go +++ b/caddyconfig/load.go @@ -189,12 +189,11 @@ func adaptByContentType(contentType string, body []byte) ([]byte, []Warning, err } // adapter name should be suffix of MIME type - slashIdx := strings.Index(ct, "/") - if slashIdx < 0 { + _, adapterName, slashFound := strings.Cut(ct, "/") + if !slashFound { return nil, nil, fmt.Errorf("malformed Content-Type") } - adapterName := ct[slashIdx+1:] cfgAdapter := GetAdapter(adapterName) if cfgAdapter == nil { return nil, nil, fmt.Errorf("unrecognized config adapter '%s'", adapterName) diff --git a/cmd/main.go b/cmd/main.go index e932b6b8..c475eaad 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -387,11 +387,11 @@ func parseEnvFile(envInput io.Reader) (map[string]string, error) { } // split line into key and value - fields := strings.SplitN(line, "=", 2) - if len(fields) != 2 { + before, after, isCut := strings.Cut(line, "=") + if !isCut { return nil, fmt.Errorf("can't parse line %d; line should be in KEY=VALUE format", lineNumber) } - key, val := fields[0], fields[1] + key, val := before, after // sometimes keys are prefixed by "export " so file can be sourced in bash; ignore it here key = strings.TrimPrefix(key, "export ") diff --git a/listeners.go b/listeners.go index d9cfbf28..3a8d49dd 100644 --- a/listeners.go +++ b/listeners.go @@ -468,15 +468,15 @@ func ParseNetworkAddress(addr string) (NetworkAddress, error) { } var start, end uint64 if port != "" { - ports := strings.SplitN(port, "-", 2) - if len(ports) == 1 { - ports = append(ports, ports[0]) + before, after, found := strings.Cut(port, "-") + if !found { + after = before } - start, err = strconv.ParseUint(ports[0], 10, 16) + start, err = strconv.ParseUint(before, 10, 16) if err != nil { return NetworkAddress{}, fmt.Errorf("invalid start port: %v", err) } - end, err = strconv.ParseUint(ports[1], 10, 16) + end, err = strconv.ParseUint(after, 10, 16) if err != nil { return NetworkAddress{}, fmt.Errorf("invalid end port: %v", err) } @@ -498,9 +498,10 @@ func ParseNetworkAddress(addr string) (NetworkAddress, error) { // SplitNetworkAddress splits a into its network, host, and port components. // Note that port may be a port range (:X-Y), or omitted for unix sockets. func SplitNetworkAddress(a string) (network, host, port string, err error) { - if idx := strings.Index(a, "/"); idx >= 0 { - network = strings.ToLower(strings.TrimSpace(a[:idx])) - a = a[idx+1:] + beforeSlash, afterSlash, slashFound := strings.Cut(a, "/") + if slashFound { + network = strings.ToLower(strings.TrimSpace(beforeSlash)) + a = afterSlash } if isUnixNetwork(network) { host = a diff --git a/modules.go b/modules.go index a57bc65e..e83bc747 100644 --- a/modules.go +++ b/modules.go @@ -324,11 +324,11 @@ func ParseStructTag(tag string) (map[string]string, error) { if pair == "" { continue } - parts := strings.SplitN(pair, "=", 2) - if len(parts) != 2 { + before, after, isCut := strings.Cut(pair, "=") + if !isCut { return nil, fmt.Errorf("missing key in '%s' (pair %d)", pair, i) } - results[parts[0]] = parts[1] + results[before] = after } return results, nil } diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index 2eedaca2..bb957d6a 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -610,11 +610,11 @@ func (m *MatchQuery) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { if query == "" { continue } - parts := strings.SplitN(query, "=", 2) - if len(parts) != 2 { + before, after, found := strings.Cut(query, "=") + if !found { return d.Errf("malformed query matcher token: %s; must be in param=val format", d.Val()) } - url.Values(*m).Add(parts[0], parts[1]) + url.Values(*m).Add(before, after) } if d.NextBlock(0) { return d.Err("malformed query matcher: blocks are not supported") diff --git a/modules/caddyhttp/push/link.go b/modules/caddyhttp/push/link.go index 16b0e7d2..f7c1dd89 100644 --- a/modules/caddyhttp/push/link.go +++ b/modules/caddyhttp/push/link.go @@ -52,17 +52,16 @@ func parseLinkHeader(header string) []linkResource { l.uri = strings.TrimSpace(link[li+1 : ri]) for _, param := range strings.Split(strings.TrimSpace(link[ri+1:]), semicolon) { - parts := strings.SplitN(strings.TrimSpace(param), equal, 2) - key := strings.TrimSpace(parts[0]) + before, after, isCut := strings.Cut(strings.TrimSpace(param), equal) + key := strings.TrimSpace(before) if key == "" { continue } - if len(parts) == 1 { + if isCut { + l.params[key] = strings.TrimSpace(after) + } else { l.params[key] = key } - if len(parts) == 2 { - l.params[key] = strings.TrimSpace(parts[1]) - } } resources = append(resources, l) diff --git a/modules/caddyhttp/reverseproxy/addresses.go b/modules/caddyhttp/reverseproxy/addresses.go index f15ed76d..c161ed87 100644 --- a/modules/caddyhttp/reverseproxy/addresses.go +++ b/modules/caddyhttp/reverseproxy/addresses.go @@ -80,9 +80,9 @@ func parseUpstreamDialAddress(upstreamAddr string) (string, string, error) { scheme, host, port = toURL.Scheme, toURL.Hostname(), toURL.Port() } else { // extract network manually, since caddy.ParseNetworkAddress() will always add one - if idx := strings.Index(upstreamAddr, "/"); idx >= 0 { - network = strings.ToLower(strings.TrimSpace(upstreamAddr[:idx])) - upstreamAddr = upstreamAddr[idx+1:] + if beforeSlash, afterSlash, slashFound := strings.Cut(upstreamAddr, "/"); slashFound { + network = strings.ToLower(strings.TrimSpace(beforeSlash)) + upstreamAddr = afterSlash } var err error host, port, err = net.SplitHostPort(upstreamAddr) diff --git a/modules/caddyhttp/reverseproxy/fastcgi/client.go b/modules/caddyhttp/reverseproxy/fastcgi/client.go index 07720539..0fdcbfee 100644 --- a/modules/caddyhttp/reverseproxy/fastcgi/client.go +++ b/modules/caddyhttp/reverseproxy/fastcgi/client.go @@ -424,13 +424,13 @@ func (c *FCGIClient) Request(p map[string]string, req io.Reader) (resp *http.Res resp.Header = http.Header(mimeHeader) if resp.Header.Get("Status") != "" { - statusParts := strings.SplitN(resp.Header.Get("Status"), " ", 2) - resp.StatusCode, err = strconv.Atoi(statusParts[0]) + statusNumber, statusInfo, statusIsCut := strings.Cut(resp.Header.Get("Status"), " ") + resp.StatusCode, err = strconv.Atoi(statusNumber) if err != nil { return } - if len(statusParts) > 1 { - resp.Status = statusParts[1] + if statusIsCut { + resp.Status = statusInfo } } else { From d26559316fa6fae880351637365f07947a2b79f6 Mon Sep 17 00:00:00 2001 From: Chirag Maheshwari <34106488+chir4gm@users.noreply.github.com> Date: Sun, 7 Aug 2022 09:33:37 +0530 Subject: [PATCH 0714/1498] Replace strings.Index with strings.Cut (#4932) --- cmd/main.go | 7 ++----- modules/caddyhttp/reverseproxy/reverseproxy.go | 4 ++-- modules/caddyhttp/rewrite/rewrite.go | 4 ++-- 3 files changed, 6 insertions(+), 9 deletions(-) diff --git a/cmd/main.go b/cmd/main.go index c475eaad..09246f4b 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -408,11 +408,8 @@ func parseEnvFile(envInput io.Reader) (map[string]string, error) { } // remove any trailing comment after value - if commentStart := strings.Index(val, "#"); commentStart > 0 { - before := val[commentStart-1] - if before == '\t' || before == ' ' { - val = strings.TrimRight(val[:commentStart], " \t") - } + if commentStart, _, found := strings.Cut(val, "#"); found { + val = strings.TrimRight(commentStart, " \t") } // quoted value: support newlines diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index c800b390..8887511e 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -658,8 +658,8 @@ func (h Handler) addForwardedHeaders(req *http.Request) error { // Client IP may contain a zone if IPv6, so we need // to pull that out before parsing the IP - if idx := strings.IndexByte(clientIP, '%'); idx >= 0 { - clientIP = clientIP[:idx] + if before, _, found := strings.Cut(clientIP, "%"); found { + clientIP = before } ip := net.ParseIP(clientIP) if ip == nil { diff --git a/modules/caddyhttp/rewrite/rewrite.go b/modules/caddyhttp/rewrite/rewrite.go index ac8c4fc6..7da23277 100644 --- a/modules/caddyhttp/rewrite/rewrite.go +++ b/modules/caddyhttp/rewrite/rewrite.go @@ -194,10 +194,10 @@ func (rewr Rewrite) Rewrite(r *http.Request, repl *caddy.Replacer) bool { // before continuing, we need to check if a query string // snuck into the path component during replacements - if quPos := strings.Index(newPath, "?"); quPos > -1 { + if before, after, found := strings.Cut(newPath, "?"); found { // recompute; new path contains a query string var injectedQuery string - newPath, injectedQuery = newPath[:quPos], newPath[quPos+1:] + newPath, injectedQuery = before, after // don't overwrite explicitly-configured query string if query == "" { query = injectedQuery From b9618b8b98e4267516ac9bd61f2fd4b7f905ab3c Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 8 Aug 2022 12:48:28 -0600 Subject: [PATCH 0715/1498] Improve docs for ZeroSSL issuer --- modules/caddytls/zerosslissuer.go | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/modules/caddytls/zerosslissuer.go b/modules/caddytls/zerosslissuer.go index a051ed47..c7ff70fb 100644 --- a/modules/caddytls/zerosslissuer.go +++ b/modules/caddytls/zerosslissuer.go @@ -36,12 +36,20 @@ func init() { caddy.RegisterModule(new(ZeroSSLIssuer)) } -// ZeroSSLIssuer makes an ACME manager -// for managing certificates using ACME. +// ZeroSSLIssuer makes an ACME issuer for getting certificates +// from ZeroSSL by automatically generating EAB credentials. +// Please be sure to set a valid email address in your config +// so you can access/manage your domains in your ZeroSSL account. +// +// This issuer is only needed for automatic generation of EAB +// credentials. If manually configuring/reusing EAB credentials, +// the standard ACMEIssuer may be used if desired. type ZeroSSLIssuer struct { *ACMEIssuer // The API key (or "access key") for using the ZeroSSL API. + // This is optional, but can be used if you have an API key + // already and don't want to supply your email address. APIKey string `json:"api_key,omitempty"` mu sync.Mutex @@ -193,9 +201,9 @@ func (iss *ZeroSSLIssuer) Revoke(ctx context.Context, cert certmagic.Certificate // UnmarshalCaddyfile deserializes Caddyfile tokens into iss. // -// ... zerossl [] { -// ... -// } +// ... zerossl [] { +// ... +// } // // Any of the subdirectives for the ACME issuer can be used in the block. func (iss *ZeroSSLIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { From 8c72f343576684f012f97b087a79132583090eff Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 8 Aug 2022 12:49:39 -0600 Subject: [PATCH 0716/1498] fileserver: Generate Etag from sidecar file Don't use the primary/uncompressed file for Etag when serving sidecars. This was just overlooked initially. --- modules/caddyhttp/fileserver/staticfiles.go | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/caddyhttp/fileserver/staticfiles.go b/modules/caddyhttp/fileserver/staticfiles.go index 93d529de..43ef0884 100644 --- a/modules/caddyhttp/fileserver/staticfiles.go +++ b/modules/caddyhttp/fileserver/staticfiles.go @@ -374,6 +374,7 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c continue } defer file.Close() + info = compressedInfo w.Header().Set("Content-Encoding", ae) w.Header().Del("Accept-Ranges") w.Header().Add("Vary", "Accept-Encoding") From 7ab61f46f0db1ee63c6c691def61ca2a9ebee332 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 8 Aug 2022 13:09:57 -0600 Subject: [PATCH 0717/1498] fileserver: Better fix for Etag of compressed files --- modules/caddyhttp/fileserver/staticfiles.go | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/modules/caddyhttp/fileserver/staticfiles.go b/modules/caddyhttp/fileserver/staticfiles.go index 43ef0884..a745d5a8 100644 --- a/modules/caddyhttp/fileserver/staticfiles.go +++ b/modules/caddyhttp/fileserver/staticfiles.go @@ -351,6 +351,7 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c } var file fs.File + var etag string // check for precompressed files for _, ae := range encode.AcceptedEncodings(r, fsrv.PrecompressedOrder) { @@ -371,13 +372,19 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c if caddyErr, ok := err.(caddyhttp.HandlerError); ok && caddyErr.StatusCode == http.StatusServiceUnavailable { return err } + file = nil continue } defer file.Close() - info = compressedInfo w.Header().Set("Content-Encoding", ae) w.Header().Del("Accept-Ranges") w.Header().Add("Vary", "Accept-Encoding") + + // don't assign info = compressedInfo because sidecars are kind + // of transparent; however we do need to set the Etag: + // https://caddy.community/t/gzipped-sidecar-file-wrong-same-etag/16793 + etag = calculateEtag(compressedInfo) + break } @@ -395,11 +402,13 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c return err // error is already structured } defer file.Close() + + etag = calculateEtag(info) } - // set the ETag - note that a conditional If-None-Match request is handled - // by http.ServeContent below, which checks against this ETag value - w.Header().Set("Etag", calculateEtag(info)) + // set the Etag - note that a conditional If-None-Match request is handled + // by http.ServeContent below, which checks against this Etag value + w.Header().Set("Etag", etag) if w.Header().Get("Content-Type") == "" { mtyp := mime.TypeByExtension(filepath.Ext(filename)) From 7f6a328b4744bbdd5ee07c5eccb3f897390ff982 Mon Sep 17 00:00:00 2001 From: lewandowski-stripe <108926515+lewandowski-stripe@users.noreply.github.com> Date: Mon, 8 Aug 2022 23:04:18 +0200 Subject: [PATCH 0718/1498] go.mod: Upgrade OpenTelemetry dependencies (#4937) --- go.mod | 12 ++++++------ go.sum | 12 ++++++++++++ 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index f0225eef..87fdc60e 100644 --- a/go.mod +++ b/go.mod @@ -24,8 +24,8 @@ require ( github.com/tailscale/tscert v0.0.0-20220316030059-54bbcb9f74e2 github.com/yuin/goldmark v1.4.13 github.com/yuin/goldmark-highlighting v0.0.0-20220208100518-594be1970594 - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.29.0 - go.opentelemetry.io/otel v1.4.0 + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.34.0 + go.opentelemetry.io/otel v1.9.0 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.4.0 go.opentelemetry.io/otel/sdk v1.4.0 go.uber.org/zap v1.21.0 @@ -55,11 +55,11 @@ require ( github.com/dgraph-io/ristretto v0.0.4-0.20200906165740-41ebdbffecfd // indirect github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13 // indirect github.com/dlclark/regexp2 v1.4.0 // indirect - github.com/felixge/httpsnoop v1.0.2 // indirect + github.com/felixge/httpsnoop v1.0.3 // indirect github.com/fsnotify/fsnotify v1.5.1 // indirect github.com/go-kit/kit v0.10.0 // indirect github.com/go-logfmt/logfmt v0.5.0 // indirect - github.com/go-logr/logr v1.2.2 // indirect + github.com/go-logr/logr v1.2.3 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-sql-driver/mysql v1.6.0 // indirect github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect @@ -112,8 +112,8 @@ require ( go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.4.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.4.0 // indirect go.opentelemetry.io/otel/internal/metric v0.27.0 // indirect - go.opentelemetry.io/otel/metric v0.27.0 // indirect - go.opentelemetry.io/otel/trace v1.4.0 // indirect + go.opentelemetry.io/otel/metric v0.31.0 // indirect + go.opentelemetry.io/otel/trace v1.9.0 // indirect go.opentelemetry.io/proto/otlp v0.12.0 // indirect go.step.sm/cli-utils v0.7.3 // indirect go.step.sm/crypto v0.16.2 // indirect diff --git a/go.sum b/go.sum index 72182296..4ab23b56 100644 --- a/go.sum +++ b/go.sum @@ -236,6 +236,8 @@ github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= github.com/felixge/httpsnoop v1.0.2 h1:+nS9g82KMXccJ/wp0zyRW9ZBHFETmMGtkk+2CTTrW4o= github.com/felixge/httpsnoop v1.0.2/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= +github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk= +github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/flynn/noise v1.0.0/go.mod h1:xbMo+0i6+IGbYdJhF31t2eR1BIU0CYc12+BNAKwUTag= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= @@ -272,6 +274,8 @@ github.com/go-logfmt/logfmt v0.5.0 h1:TrB8swr/68K7m9CcGut2g3UOihhbcbiMAYiuTXdEih github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= github.com/go-logr/logr v1.2.2 h1:ahHml/yUpnlb96Rp8HCvtYVPY8ZYpxq3g7UYchIYwbs= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= +github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-piv/piv-go v1.7.0/go.mod h1:ON2WvQncm7dIkCQ7kYJs+nc3V4jHGfrrJnSF8HKy7Gk= @@ -892,8 +896,12 @@ go.opencensus.io v0.23.0 h1:gqCw0LfLxScz8irSi8exQc7fyQ0fKQU/qnC/X8+V/1M= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.29.0 h1:SLme4Porm+UwX0DdHMxlwRt7FzPSE0sys81bet2o0pU= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.29.0/go.mod h1:tLYsuf2v8fZreBVwp9gVMhefZlLFZaUiNVSq8QxXRII= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.34.0 h1:9NkMW03wwEzPtP/KciZ4Ozu/Uz5ZA7kfqXJIObnrjGU= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.34.0/go.mod h1:548ZsYzmT4PL4zWKRd8q/N4z0Wxzn/ZxUE+lkEpwWQA= go.opentelemetry.io/otel v1.4.0 h1:7ESuKPq6zpjRaY5nvVDGiuwK7VAJ8MwkKnmNJ9whNZ4= go.opentelemetry.io/otel v1.4.0/go.mod h1:jeAqMFKy2uLIxCtKxoFj0FAL5zAPKQagc3+GtBWakzk= +go.opentelemetry.io/otel v1.9.0 h1:8WZNQFIB2a71LnANS9JeyidJKKGOOremcUtb/OtHISw= +go.opentelemetry.io/otel v1.9.0/go.mod h1:np4EoPGzoPs3O67xUVNoPPcmSvsfOxNlNA4F4AC+0Eo= go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.4.0 h1:j7AwzDdAQBJjcqayAaYbvpYeZzII7cEe5qJTu+De6UY= go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.4.0/go.mod h1:VpP4/RMn8bv8gNo9uK7/IMY4mtWLELsS+JIP0inH0h4= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.4.0 h1:lRpP10E8oTGVmY1nVXcwelCT1Z8ca41/l5ce7AqLAss= @@ -904,10 +912,14 @@ go.opentelemetry.io/otel/internal/metric v0.27.0 h1:9dAVGAfFiiEq5NVB9FUJ5et+btbD go.opentelemetry.io/otel/internal/metric v0.27.0/go.mod h1:n1CVxRqKqYZtqyTh9U/onvKapPGv7y/rpyOTI+LFNzw= go.opentelemetry.io/otel/metric v0.27.0 h1:HhJPsGhJoKRSegPQILFbODU56NS/L1UE4fS1sC5kIwQ= go.opentelemetry.io/otel/metric v0.27.0/go.mod h1:raXDJ7uP2/Jc0nVZWQjJtzoyssOYWu/+pjZqRzfvZ7g= +go.opentelemetry.io/otel/metric v0.31.0 h1:6SiklT+gfWAwWUR0meEMxQBtihpiEs4c+vL9spDTqUs= +go.opentelemetry.io/otel/metric v0.31.0/go.mod h1:ohmwj9KTSIeBnDBm/ZwH2PSZxZzoOaG2xZeekTRzL5A= go.opentelemetry.io/otel/sdk v1.4.0 h1:LJE4SW3jd4lQTESnlpQZcBhQ3oci0U2MLR5uhicfTHQ= go.opentelemetry.io/otel/sdk v1.4.0/go.mod h1:71GJPNJh4Qju6zJuYl1CrYtXbrgfau/M9UAggqiy1UE= go.opentelemetry.io/otel/trace v1.4.0 h1:4OOUrPZdVFQkbzl/JSdvGCWIdw5ONXXxzHlaLlWppmo= go.opentelemetry.io/otel/trace v1.4.0/go.mod h1:uc3eRsqDfWs9R7b92xbQbU42/eTNz4N+gLP8qJCi4aE= +go.opentelemetry.io/otel/trace v1.9.0 h1:oZaCNJUjWcg60VXWee8lJKlqhPbXAPB51URuR47pQYc= +go.opentelemetry.io/otel/trace v1.9.0/go.mod h1:2737Q0MuG8q1uILYm2YYVkAyLtOofiTNGg6VODnOiPo= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.opentelemetry.io/proto/otlp v0.12.0 h1:CMJ/3Wp7iOWES+CYLfnBv+DVmPbB+kmy9PJ92XvlR6c= go.opentelemetry.io/proto/otlp v0.12.0/go.mod h1:TsIjwGWIx5VFYv9KGVlOpxoBl5Dy+63SUguV7GGvlSQ= From fe61209df2d8ecbff7371703ae2dfa58342d2ed9 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 8 Aug 2022 21:11:02 -0400 Subject: [PATCH 0719/1498] logging: Fix `cookie` filter (#4943) --- modules/logging/filters.go | 11 +++++++++-- modules/logging/filters_test.go | 11 +++++++++-- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/modules/logging/filters.go b/modules/logging/filters.go index aa96e5ef..c2c039af 100644 --- a/modules/logging/filters.go +++ b/modules/logging/filters.go @@ -26,6 +26,7 @@ import ( "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" + "github.com/caddyserver/caddy/v2/modules/caddyhttp" "go.uber.org/zap/zapcore" ) @@ -456,7 +457,13 @@ func (m *CookieFilter) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { // Filter filters the input field. func (m CookieFilter) Filter(in zapcore.Field) zapcore.Field { - originRequest := http.Request{Header: http.Header{"Cookie": []string{in.String}}} + cookiesSlice, ok := in.Interface.(caddyhttp.LoggableStringArray) + if !ok { + return in + } + + // using a dummy Request to make use of the Cookies() function to parse it + originRequest := http.Request{Header: http.Header{"Cookie": cookiesSlice}} cookies := originRequest.Cookies() transformedRequest := http.Request{Header: make(http.Header)} @@ -486,7 +493,7 @@ OUTER: transformedRequest.AddCookie(c) } - in.String = transformedRequest.Header.Get("Cookie") + in.Interface = caddyhttp.LoggableStringArray(transformedRequest.Header["Cookie"]) return in } diff --git a/modules/logging/filters_test.go b/modules/logging/filters_test.go index ecf1d877..2b087f28 100644 --- a/modules/logging/filters_test.go +++ b/modules/logging/filters_test.go @@ -4,6 +4,7 @@ import ( "testing" "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/caddy/v2/modules/caddyhttp" "go.uber.org/zap/zapcore" ) @@ -49,8 +50,14 @@ func TestCookieFilter(t *testing.T) { {hashAction, "hash", ""}, }} - out := f.Filter(zapcore.Field{String: "foo=a; foo=b; bar=c; bar=d; baz=e; hash=hashed"}) - if out.String != "foo=REDACTED; foo=REDACTED; baz=e; hash=1a06df82" { + out := f.Filter(zapcore.Field{Interface: caddyhttp.LoggableStringArray{ + "foo=a; foo=b; bar=c; bar=d; baz=e; hash=hashed", + }}) + outval := out.Interface.(caddyhttp.LoggableStringArray) + expected := caddyhttp.LoggableStringArray{ + "foo=REDACTED; foo=REDACTED; baz=e; hash=1a06df82", + } + if outval[0] != expected[0] { t.Fatalf("cookies have not been filtered: %s", out.String) } } From 085df25c7e82b5bdd198787232d559f2ac1e72eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Dunglas?= Date: Tue, 9 Aug 2022 18:53:24 +0200 Subject: [PATCH 0720/1498] reverseproxy: Support 1xx status codes (HTTP early hints) (#4882) --- .../caddyhttp/reverseproxy/reverseproxy.go | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 8887511e..276616b4 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -23,9 +23,11 @@ import ( "io" "net" "net/http" + "net/http/httptrace" "net/textproto" "net/url" "regexp" + "runtime" "strconv" "strings" "sync" @@ -40,7 +42,11 @@ import ( "golang.org/x/net/http/httpguts" ) +var supports1xx bool + func init() { + supports1xx = !regexp.MustCompile(`^go1\.1(?:7|8)\.`).Match([]byte(runtime.Version())) + caddy.RegisterModule(Handler{}) } @@ -732,6 +738,25 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, origRe server := req.Context().Value(caddyhttp.ServerCtxKey).(*caddyhttp.Server) shouldLogCredentials := server.Logs != nil && server.Logs.ShouldLogCredentials + if supports1xx { + // Forward 1xx status codes, backported from https://github.com/golang/go/pull/53164 + trace := &httptrace.ClientTrace{ + Got1xxResponse: func(code int, header textproto.MIMEHeader) error { + h := rw.Header() + copyHeader(h, http.Header(header)) + rw.WriteHeader(code) + + // Clear headers, it's not automatically done by ResponseWriter.WriteHeader() for 1xx responses + for k := range h { + delete(h, k) + } + + return nil + }, + } + req = req.WithContext(httptrace.WithClientTrace(req.Context(), trace)) + } + // do the round-trip; emit debug log with values we know are // safe, or if there is no error, emit fuller log entry start := time.Now() From 91ab0e60669b84b7c09189a06de0d6a9771bf950 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 9 Aug 2022 11:11:52 -0600 Subject: [PATCH 0721/1498] httpcaddyfile: redir with "html" emits 200, no Location (fix #4940) The intent of "html" is to redirect browser clients only, or those which can evaluate JS and/or meta tags. So return HTTP 200 and no Location header. See #4940. --- caddyconfig/httpcaddyfile/builtins.go | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index 5c539e2a..cd233484 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -540,8 +540,13 @@ func parseVars(h Helper) (caddyhttp.MiddlewareHandler, error) { // parseRedir parses the redir directive. Syntax: // -// redir [] [] +// redir [] [] // +// can be "permanent" for 301, "temporary" for 302 (default), +// a placeholder, or any number in the 3xx range or 401. The special +// code "html" can be used to redirect only browser clients (will +// respond with HTTP 200 and no Location header; redirect is performed +// with JS and a meta tag). func parseRedir(h Helper) (caddyhttp.MiddlewareHandler, error) { if !h.Next() { return nil, h.ArgErr() @@ -558,6 +563,7 @@ func parseRedir(h Helper) (caddyhttp.MiddlewareHandler, error) { } var body string + var hdr http.Header switch code { case "permanent": code = "301" @@ -578,7 +584,7 @@ func parseRedir(h Helper) (caddyhttp.MiddlewareHandler, error) { ` safeTo := html.EscapeString(to) body = fmt.Sprintf(metaRedir, safeTo, safeTo, safeTo, safeTo) - code = "302" + code = "200" // don't redirect non-browser clients default: // Allow placeholders for the code if strings.HasPrefix(code, "{") { @@ -601,9 +607,14 @@ func parseRedir(h Helper) (caddyhttp.MiddlewareHandler, error) { } } + // don't redirect non-browser clients + if code != "200" { + hdr = http.Header{"Location": []string{to}} + } + return caddyhttp.StaticResponse{ StatusCode: caddyhttp.WeakString(code), - Headers: http.Header{"Location": []string{to}}, + Headers: hdr, Body: body, }, nil } From 922d9f5c251a27bc9f76c4b74bde151cc03cc9b3 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Fri, 12 Aug 2022 15:11:13 -0400 Subject: [PATCH 0722/1498] reverseproxy: Fix H2C dialer using new stdlib `DialTLSContext` (#4951) --- go.mod | 5 +- go.sum | 21 ++-- .../caddyhttp/reverseproxy/httptransport.go | 102 +++++++++--------- 3 files changed, 60 insertions(+), 68 deletions(-) diff --git a/go.mod b/go.mod index 87fdc60e..4c668ca2 100644 --- a/go.mod +++ b/go.mod @@ -30,7 +30,7 @@ require ( go.opentelemetry.io/otel/sdk v1.4.0 go.uber.org/zap v1.21.0 golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29 - golang.org/x/net v0.0.0-20220630215102-69896b714898 + golang.org/x/net v0.0.0-20220812165438-1d4ff48094d1 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 gopkg.in/natefinch/lumberjack.v2 v2.0.0 @@ -111,7 +111,6 @@ require ( go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 // indirect go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.4.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.4.0 // indirect - go.opentelemetry.io/otel/internal/metric v0.27.0 // indirect go.opentelemetry.io/otel/metric v0.31.0 // indirect go.opentelemetry.io/otel/trace v1.9.0 // indirect go.opentelemetry.io/proto/otlp v0.12.0 // indirect @@ -121,7 +120,7 @@ require ( go.uber.org/atomic v1.9.0 // indirect go.uber.org/multierr v1.6.0 // indirect golang.org/x/mod v0.4.2 // indirect - golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e + golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10 golang.org/x/text v0.3.8-0.20211004125949-5bd84dd9b33b // indirect golang.org/x/tools v0.1.7 // indirect golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect diff --git a/go.sum b/go.sum index 4ab23b56..0c22859c 100644 --- a/go.sum +++ b/go.sum @@ -234,8 +234,6 @@ github.com/evanphx/json-patch/v5 v5.5.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2Vvl github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= -github.com/felixge/httpsnoop v1.0.2 h1:+nS9g82KMXccJ/wp0zyRW9ZBHFETmMGtkk+2CTTrW4o= -github.com/felixge/httpsnoop v1.0.2/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk= github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= @@ -272,7 +270,6 @@ github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logfmt/logfmt v0.5.0 h1:TrB8swr/68K7m9CcGut2g3UOihhbcbiMAYiuTXdEih4= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= -github.com/go-logr/logr v1.2.2 h1:ahHml/yUpnlb96Rp8HCvtYVPY8ZYpxq3g7UYchIYwbs= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= @@ -352,8 +349,8 @@ github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o= github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= +github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg= github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= @@ -841,8 +838,8 @@ github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81P github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.1 h1:5TQK59W5E3v0r2duFAb7P95B6hEeOyEnHRa8MjYSMTY= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk= github.com/tailscale/tscert v0.0.0-20220316030059-54bbcb9f74e2 h1:xwMw7LFhV9dbvot9A7NLClP9udqbjrQlIwWMH8e7uiQ= github.com/tailscale/tscert v0.0.0-20220316030059-54bbcb9f74e2/go.mod h1:hL4gB6APAasMR2NNi/JHzqKkxW3EPQlFgLEq9PMi2t0= github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cbyO7IOYJZWg1U88JhDg3PB6klq9Hg2pA= @@ -894,11 +891,8 @@ go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0 h1:gqCw0LfLxScz8irSi8exQc7fyQ0fKQU/qnC/X8+V/1M= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.29.0 h1:SLme4Porm+UwX0DdHMxlwRt7FzPSE0sys81bet2o0pU= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.29.0/go.mod h1:tLYsuf2v8fZreBVwp9gVMhefZlLFZaUiNVSq8QxXRII= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.34.0 h1:9NkMW03wwEzPtP/KciZ4Ozu/Uz5ZA7kfqXJIObnrjGU= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.34.0/go.mod h1:548ZsYzmT4PL4zWKRd8q/N4z0Wxzn/ZxUE+lkEpwWQA= -go.opentelemetry.io/otel v1.4.0 h1:7ESuKPq6zpjRaY5nvVDGiuwK7VAJ8MwkKnmNJ9whNZ4= go.opentelemetry.io/otel v1.4.0/go.mod h1:jeAqMFKy2uLIxCtKxoFj0FAL5zAPKQagc3+GtBWakzk= go.opentelemetry.io/otel v1.9.0 h1:8WZNQFIB2a71LnANS9JeyidJKKGOOremcUtb/OtHISw= go.opentelemetry.io/otel v1.9.0/go.mod h1:np4EoPGzoPs3O67xUVNoPPcmSvsfOxNlNA4F4AC+0Eo= @@ -908,15 +902,10 @@ go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.4.0 h1:lRpP10E8oTGVmY1nVXcw go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.4.0/go.mod h1:3oS+j2WUoJVyj6/BzQN/52G17lNJDulngsOxDm1w2PY= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.4.0 h1:buSx4AMC/0Z232slPhicN/fU5KIlj0bMngct5pcZhkI= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.4.0/go.mod h1:ew1NcwkHo0QFT3uTm3m2IVZMkZdVIpbOYNPasgWwpdk= -go.opentelemetry.io/otel/internal/metric v0.27.0 h1:9dAVGAfFiiEq5NVB9FUJ5et+btbDQAUIJehJ+ikyryk= -go.opentelemetry.io/otel/internal/metric v0.27.0/go.mod h1:n1CVxRqKqYZtqyTh9U/onvKapPGv7y/rpyOTI+LFNzw= -go.opentelemetry.io/otel/metric v0.27.0 h1:HhJPsGhJoKRSegPQILFbODU56NS/L1UE4fS1sC5kIwQ= -go.opentelemetry.io/otel/metric v0.27.0/go.mod h1:raXDJ7uP2/Jc0nVZWQjJtzoyssOYWu/+pjZqRzfvZ7g= go.opentelemetry.io/otel/metric v0.31.0 h1:6SiklT+gfWAwWUR0meEMxQBtihpiEs4c+vL9spDTqUs= go.opentelemetry.io/otel/metric v0.31.0/go.mod h1:ohmwj9KTSIeBnDBm/ZwH2PSZxZzoOaG2xZeekTRzL5A= go.opentelemetry.io/otel/sdk v1.4.0 h1:LJE4SW3jd4lQTESnlpQZcBhQ3oci0U2MLR5uhicfTHQ= go.opentelemetry.io/otel/sdk v1.4.0/go.mod h1:71GJPNJh4Qju6zJuYl1CrYtXbrgfau/M9UAggqiy1UE= -go.opentelemetry.io/otel/trace v1.4.0 h1:4OOUrPZdVFQkbzl/JSdvGCWIdw5ONXXxzHlaLlWppmo= go.opentelemetry.io/otel/trace v1.4.0/go.mod h1:uc3eRsqDfWs9R7b92xbQbU42/eTNz4N+gLP8qJCi4aE= go.opentelemetry.io/otel/trace v1.9.0 h1:oZaCNJUjWcg60VXWee8lJKlqhPbXAPB51URuR47pQYc= go.opentelemetry.io/otel/trace v1.9.0/go.mod h1:2737Q0MuG8q1uILYm2YYVkAyLtOofiTNGg6VODnOiPo= @@ -1077,8 +1066,9 @@ golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220403103023-749bd193bc2b/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.0.0-20220630215102-69896b714898 h1:K7wO6V1IrczY9QOQ2WkVpw4JQSwCd52UsxVEirZUfiw= golang.org/x/net v0.0.0-20220630215102-69896b714898/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.0.0-20220812165438-1d4ff48094d1 h1:mx1QvUwXKGgh+3SB51PH4G1TouzL84rLG0CtpdX+TTg= +golang.org/x/net v0.0.0-20220812165438-1d4ff48094d1/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -1208,8 +1198,9 @@ golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220405052023-b1e9470b6e64/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e h1:CsOuNlbOuf0mzxJIefr6Q4uAUetRUwZE4qt7VfzP+xo= golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10 h1:WIoqL4EROvwiPdUtaip4VcDdpZ4kha7wBWZrbVKCIZg= +golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= diff --git a/modules/caddyhttp/reverseproxy/httptransport.go b/modules/caddyhttp/reverseproxy/httptransport.go index ef72b886..e9c7ddd0 100644 --- a/modules/caddyhttp/reverseproxy/httptransport.go +++ b/modules/caddyhttp/reverseproxy/httptransport.go @@ -128,28 +128,6 @@ func (h *HTTPTransport) Provision(ctx caddy.Context) error { } h.Transport = rt - // if h2c is enabled, configure its transport (std lib http.Transport - // does not "HTTP/2 over cleartext TCP") - if sliceContains(h.Versions, "h2c") { - // crafting our own http2.Transport doesn't allow us to utilize - // most of the customizations/preferences on the http.Transport, - // because, for some reason, only http2.ConfigureTransport() - // is allowed to set the unexported field that refers to a base - // http.Transport config; oh well - h2t := &http2.Transport{ - // kind of a hack, but for plaintext/H2C requests, pretend to dial TLS - DialTLS: func(network, addr string, _ *tls.Config) (net.Conn, error) { - // TODO: no context, thus potentially wrong dial info - return net.Dial(network, addr) - }, - AllowHTTP: true, - } - if h.Compression != nil { - h2t.DisableCompression = !*h.Compression - } - h.h2cTransport = h2t - } - return nil } @@ -194,35 +172,38 @@ func (h *HTTPTransport) NewTransport(caddyCtx caddy.Context) (*http.Transport, e } } + // Set up the dialer to pull the correct information from the context + dialContext := func(ctx context.Context, network, address string) (net.Conn, error) { + // the proper dialing information should be embedded into the request's context + if dialInfo, ok := GetDialInfo(ctx); ok { + network = dialInfo.Network + address = dialInfo.Address + } + + conn, err := dialer.DialContext(ctx, network, address) + if err != nil { + // identify this error as one that occurred during + // dialing, which can be important when trying to + // decide whether to retry a request + return nil, DialError{err} + } + + // if read/write timeouts are configured and this is a TCP connection, enforce the timeouts + // by wrapping the connection with our own type + if tcpConn, ok := conn.(*net.TCPConn); ok && (h.ReadTimeout > 0 || h.WriteTimeout > 0) { + conn = &tcpRWTimeoutConn{ + TCPConn: tcpConn, + readTimeout: time.Duration(h.ReadTimeout), + writeTimeout: time.Duration(h.WriteTimeout), + logger: caddyCtx.Logger(h), + } + } + + return conn, nil + } + rt := &http.Transport{ - DialContext: func(ctx context.Context, network, address string) (net.Conn, error) { - // the proper dialing information should be embedded into the request's context - if dialInfo, ok := GetDialInfo(ctx); ok { - network = dialInfo.Network - address = dialInfo.Address - } - - conn, err := dialer.DialContext(ctx, network, address) - if err != nil { - // identify this error as one that occurred during - // dialing, which can be important when trying to - // decide whether to retry a request - return nil, DialError{err} - } - - // if read/write timeouts are configured and this is a TCP connection, enforce the timeouts - // by wrapping the connection with our own type - if tcpConn, ok := conn.(*net.TCPConn); ok && (h.ReadTimeout > 0 || h.WriteTimeout > 0) { - conn = &tcpRWTimeoutConn{ - TCPConn: tcpConn, - readTimeout: time.Duration(h.ReadTimeout), - writeTimeout: time.Duration(h.WriteTimeout), - logger: caddyCtx.Logger(h), - } - } - - return conn, nil - }, + DialContext: dialContext, MaxConnsPerHost: h.MaxConnsPerHost, ResponseHeaderTimeout: time.Duration(h.ResponseHeaderTimeout), ExpectContinueTimeout: time.Duration(h.ExpectContinueTimeout), @@ -260,6 +241,27 @@ func (h *HTTPTransport) NewTransport(caddyCtx caddy.Context) (*http.Transport, e } } + // if h2c is enabled, configure its transport (std lib http.Transport + // does not "HTTP/2 over cleartext TCP") + if sliceContains(h.Versions, "h2c") { + // crafting our own http2.Transport doesn't allow us to utilize + // most of the customizations/preferences on the http.Transport, + // because, for some reason, only http2.ConfigureTransport() + // is allowed to set the unexported field that refers to a base + // http.Transport config; oh well + h2t := &http2.Transport{ + // kind of a hack, but for plaintext/H2C requests, pretend to dial TLS + DialTLSContext: func(ctx context.Context, network, address string, _ *tls.Config) (net.Conn, error) { + return dialContext(ctx, network, address) + }, + AllowHTTP: true, + } + if h.Compression != nil { + h2t.DisableCompression = !*h.Compression + } + h.h2cTransport = h2t + } + return rt, nil } From f5dce84a7028d1b116db7fead27ff8b2506baf78 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Fri, 12 Aug 2022 13:15:41 -0600 Subject: [PATCH 0723/1498] reverseproxy: Ignore context cancel in stream mode (#4952) --- .../caddyhttp/reverseproxy/reverseproxy.go | 27 +++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 276616b4..cc6b530c 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -109,6 +109,11 @@ type Handler struct { // response is recognized as a streaming response, or if its // content length is -1; for such responses, writes are flushed // to the client immediately. + // + // Normally, a request will be canceled if the client disconnects + // before the response is received from the backend. If explicitly + // set to -1, client disconnection will be ignored and the request + // will be completed to help facilitate low-latency streaming. FlushInterval caddy.Duration `json:"flush_interval,omitempty"` // A list of IP ranges (supports CIDR notation) from which @@ -757,6 +762,15 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, origRe req = req.WithContext(httptrace.WithClientTrace(req.Context(), trace)) } + // if FlushInterval is explicitly configured to -1 (i.e. flush continuously to achieve + // low-latency streaming), don't let the transport cancel the request if the client + // disconnects: user probably wants us to finish sending the data to the upstream + // regardless, and we should expect client disconnection in low-latency streaming + // scenarios (see issue #4922) + if h.FlushInterval == -1 { + req = req.WithContext(ignoreClientGoneContext{req.Context(), h.ctx.Done()}) + } + // do the round-trip; emit debug log with values we know are // safe, or if there is no error, emit fuller log entry start := time.Now() @@ -1374,6 +1388,19 @@ type handleResponseContext struct { isFinalized bool } +// ignoreClientGoneContext is a special context.Context type +// intended for use when doing a RoundTrip where you don't +// want a client disconnection to cancel the request during +// the roundtrip. Set its done field to a Done() channel +// of a context that doesn't get canceled when the client +// disconnects, such as caddy.Context.Done() instead. +type ignoreClientGoneContext struct { + context.Context + done <-chan struct{} +} + +func (c ignoreClientGoneContext) Done() <-chan struct{} { return c.done } + // proxyHandleResponseContextCtxKey is the context key for the active proxy handler // so that handle_response routes can inherit some config options // from the proxy handler. From e2a5e2293ab0b06e33445a1243f36cd5def1de42 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Fri, 12 Aug 2022 17:09:18 -0400 Subject: [PATCH 0724/1498] reverseproxy: Add `unix+h2c` Caddyfile network shortcut (#4953) --- .../reverse_proxy_h2c_shorthand.txt | 17 +++++++++++++++++ modules/caddyhttp/reverseproxy/addresses.go | 6 ++++++ 2 files changed, 23 insertions(+) diff --git a/caddytest/integration/caddyfile_adapt/reverse_proxy_h2c_shorthand.txt b/caddytest/integration/caddyfile_adapt/reverse_proxy_h2c_shorthand.txt index 75ce9607..59394673 100644 --- a/caddytest/integration/caddyfile_adapt/reverse_proxy_h2c_shorthand.txt +++ b/caddytest/integration/caddyfile_adapt/reverse_proxy_h2c_shorthand.txt @@ -1,6 +1,8 @@ :8884 reverse_proxy h2c://localhost:8080 + +reverse_proxy unix+h2c//run/app.sock ---------- { "apps": { @@ -27,6 +29,21 @@ reverse_proxy h2c://localhost:8080 "dial": "localhost:8080" } ] + }, + { + "handler": "reverse_proxy", + "transport": { + "protocol": "http", + "versions": [ + "h2c", + "2" + ] + }, + "upstreams": [ + { + "dial": "unix//run/app.sock" + } + ] } ] } diff --git a/modules/caddyhttp/reverseproxy/addresses.go b/modules/caddyhttp/reverseproxy/addresses.go index c161ed87..4da47fbb 100644 --- a/modules/caddyhttp/reverseproxy/addresses.go +++ b/modules/caddyhttp/reverseproxy/addresses.go @@ -96,6 +96,12 @@ func parseUpstreamDialAddress(upstreamAddr string) (string, string, error) { } } + // special case network to support both unix and h2c at the same time + if network == "unix+h2c" { + network = "unix" + scheme = "h2c" + } + // for simplest possible config, we only need to include // the network portion if the user specified one if network != "" { From c79c08627d36e9871dedd3c7d8889d7d710134c2 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Mon, 15 Aug 2022 12:01:58 -0600 Subject: [PATCH 0725/1498] caddyhttp: Enable HTTP/3 by default (#4707) --- caddyconfig/httpcaddyfile/serveroptions.go | 58 +++++---- .../global_server_options_single.txt | 15 +-- go.mod | 16 +-- go.sum | 118 ++---------------- listeners.go | 12 +- modules/caddyhttp/app.go | 84 ++++++++----- modules/caddyhttp/server.go | 83 ++++++++++-- modules/caddytls/connpolicy.go | 15 ++- 8 files changed, 210 insertions(+), 191 deletions(-) diff --git a/caddyconfig/httpcaddyfile/serveroptions.go b/caddyconfig/httpcaddyfile/serveroptions.go index 9eb1940f..6764f1a1 100644 --- a/caddyconfig/httpcaddyfile/serveroptions.go +++ b/caddyconfig/httpcaddyfile/serveroptions.go @@ -39,8 +39,7 @@ type serverOptions struct { WriteTimeout caddy.Duration IdleTimeout caddy.Duration MaxHeaderBytes int - AllowH2C bool - ExperimentalHTTP3 bool + Protocols []string StrictSNIHost *bool ShouldLogCredentials bool } @@ -141,22 +140,51 @@ func unmarshalCaddyfileServerOptions(d *caddyfile.Dispenser) (any, error) { } serverOpts.ShouldLogCredentials = true + case "protocols": + protos := d.RemainingArgs() + for _, proto := range protos { + if proto != "h1" && proto != "h2" && proto != "h2c" && proto != "h3" { + return nil, d.Errf("unknown protocol '%s': expected h1, h2, h2c, or h3", proto) + } + if sliceContains(serverOpts.Protocols, proto) { + return nil, d.Errf("protocol %s specified more than once", proto) + } + serverOpts.Protocols = append(serverOpts.Protocols, proto) + } + if d.NextBlock(0) { + return nil, d.ArgErr() + } + + case "strict_sni_host": + if d.NextArg() && d.Val() != "insecure_off" && d.Val() != "on" { + return nil, d.Errf("strict_sni_host only supports 'on' or 'insecure_off', got '%s'", d.Val()) + } + boolVal := true + if d.Val() == "insecure_off" { + boolVal = false + } + serverOpts.StrictSNIHost = &boolVal + + // TODO: DEPRECATED. (August 2022) case "protocol": + caddy.Log().Named("caddyfile").Warn("DEPRECATED: protocol sub-option will be removed soon") + for nesting := d.Nesting(); d.NextBlock(nesting); { switch d.Val() { case "allow_h2c": - if d.NextArg() { - return nil, d.ArgErr() - } - serverOpts.AllowH2C = true + caddy.Log().Named("caddyfile").Warn("DEPRECATED: allow_h2c will be removed soon; use protocols option instead") - case "experimental_http3": if d.NextArg() { return nil, d.ArgErr() } - serverOpts.ExperimentalHTTP3 = true + if sliceContains(serverOpts.Protocols, "h2c") { + return nil, d.Errf("protocol h2c already specified") + } + serverOpts.Protocols = append(serverOpts.Protocols, "h2c") case "strict_sni_host": + caddy.Log().Named("caddyfile").Warn("DEPRECATED: protocol > strict_sni_host in this position will be removed soon; move up to the servers block instead") + if d.NextArg() && d.Val() != "insecure_off" && d.Val() != "on" { return nil, d.Errf("strict_sni_host only supports 'on' or 'insecure_off', got '%s'", d.Val()) } @@ -185,17 +213,6 @@ func applyServerOptions( options map[string]any, warnings *[]caddyconfig.Warning, ) error { - // If experimental HTTP/3 is enabled, enable it on each server. - // We already know there won't be a conflict with serverOptions because - // we validated earlier that "experimental_http3" cannot be set at the same - // time as "servers" - if enableH3, ok := options["experimental_http3"].(bool); ok && enableH3 { - *warnings = append(*warnings, caddyconfig.Warning{Message: "the 'experimental_http3' global option is deprecated, please use the 'servers > protocol > experimental_http3' option instead"}) - for _, srv := range servers { - srv.ExperimentalHTTP3 = true - } - } - serverOpts, ok := options["servers"].([]serverOptions) if !ok { return nil @@ -229,8 +246,7 @@ func applyServerOptions( server.WriteTimeout = opts.WriteTimeout server.IdleTimeout = opts.IdleTimeout server.MaxHeaderBytes = opts.MaxHeaderBytes - server.AllowH2C = opts.AllowH2C - server.ExperimentalHTTP3 = opts.ExperimentalHTTP3 + server.Protocols = opts.Protocols server.StrictSNIHost = opts.StrictSNIHost if opts.ShouldLogCredentials { if server.Logs == nil { diff --git a/caddytest/integration/caddyfile_adapt/global_server_options_single.txt b/caddytest/integration/caddyfile_adapt/global_server_options_single.txt index da3e6bc2..cfe6bfdf 100644 --- a/caddytest/integration/caddyfile_adapt/global_server_options_single.txt +++ b/caddytest/integration/caddyfile_adapt/global_server_options_single.txt @@ -12,11 +12,8 @@ } max_header_size 100MB log_credentials - protocol { - allow_h2c - experimental_http3 - strict_sni_host - } + strict_sni_host + protocols h1 h2 h2c h3 } } @@ -61,8 +58,12 @@ foo.com { "logs": { "should_log_credentials": true }, - "experimental_http3": true, - "allow_h2c": true + "protocols": [ + "h1", + "h2", + "h2c", + "h3" + ] } } } diff --git a/go.mod b/go.mod index 4c668ca2..5f49829a 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/google/uuid v1.3.0 github.com/klauspost/compress v1.15.9 github.com/klauspost/cpuid/v2 v2.1.0 - github.com/lucas-clemente/quic-go v0.28.1 + github.com/lucas-clemente/quic-go v0.28.2-0.20220813150001-9957668d4301 github.com/mholt/acmez v1.0.4 github.com/prometheus/client_golang v1.12.2 github.com/smallstep/certificates v0.21.0 @@ -37,6 +37,11 @@ require ( gopkg.in/yaml.v3 v3.0.1 ) +require ( + github.com/golang/mock v1.6.0 // indirect + golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e // indirect +) + require ( filippo.io/edwards25519 v1.0.0-rc.1 // indirect github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96 // indirect @@ -47,7 +52,6 @@ require ( github.com/cenkalti/backoff/v4 v4.1.2 // indirect github.com/cespare/xxhash v1.1.0 // indirect github.com/cespare/xxhash/v2 v2.1.2 // indirect - github.com/cheekybits/genny v1.0.0 // indirect github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e // indirect github.com/cpuguy83/go-md2man/v2 v2.0.0 // indirect github.com/dgraph-io/badger v1.6.2 // indirect @@ -79,10 +83,8 @@ require ( github.com/libdns/libdns v0.2.1 // indirect github.com/manifoldco/promptui v0.9.0 // indirect github.com/marten-seemann/qpack v0.2.1 // indirect - github.com/marten-seemann/qtls-go1-16 v0.1.5 // indirect - github.com/marten-seemann/qtls-go1-17 v0.1.2 // indirect github.com/marten-seemann/qtls-go1-18 v0.1.2 // indirect - github.com/marten-seemann/qtls-go1-19 v0.1.0-beta.1 // indirect + github.com/marten-seemann/qtls-go1-19 v0.1.0 // indirect github.com/mattn/go-colorable v0.1.8 // indirect github.com/mattn/go-isatty v0.0.13 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect @@ -119,10 +121,10 @@ require ( go.step.sm/linkedca v0.16.1 // indirect go.uber.org/atomic v1.9.0 // indirect go.uber.org/multierr v1.6.0 // indirect - golang.org/x/mod v0.4.2 // indirect + golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 // indirect golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10 golang.org/x/text v0.3.8-0.20211004125949-5bd84dd9b33b // indirect - golang.org/x/tools v0.1.7 // indirect + golang.org/x/tools v0.1.10 // indirect golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect google.golang.org/grpc v1.46.0 // indirect google.golang.org/protobuf v1.28.0 // indirect diff --git a/go.sum b/go.sum index 0c22859c..5b7c35ee 100644 --- a/go.sum +++ b/go.sum @@ -1,7 +1,5 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.31.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.37.0/go.mod h1:TS1dMSSfndXH133OKGwekG838Om/cQT0BUHV3HcBgoo= cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= @@ -56,14 +54,9 @@ cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0Zeo cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= -dmitri.shuralyov.com/app/changes v0.0.0-20180602232624-0a106ad413e3/go.mod h1:Yl+fi1br7+Rr3LqpNJf1/uxUdtRUV+Tnj0o93V2B9MU= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -dmitri.shuralyov.com/html/belt v0.0.0-20180602232347-f7d459c86be0/go.mod h1:JLBrvjyP0v+ecvNYvCpyZgu5/xkfAUhi6wJj28eUfSU= -dmitri.shuralyov.com/service/change v0.0.0-20181023043359-a85b471d5412/go.mod h1:a1inKt/atXimZ4Mv927x+r7UpyzRUf4emIoiiSC2TN4= -dmitri.shuralyov.com/state v0.0.0-20180228185332-28bcc343414c/go.mod h1:0PRwlb0D6DFvNNtx+9ybjezNCa8XF0xaYcETyp6rHWU= filippo.io/edwards25519 v1.0.0-rc.1 h1:m0VOOB23frXZvAOK44usCgLWvtsxIoMCTBGJZlpmGfU= filippo.io/edwards25519 v1.0.0-rc.1/go.mod h1:N1IkdkCkiLB6tki+MYJoSx2JTY9NUlxZE7eHn5EwJns= -git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg= github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96 h1:cTp8I5+VIoKjsnZuH8vjyaysT/ses3EvZeaV/1UkF2M= github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96/go.mod h1:bOvUY6CB00SOBii9/FifXqc0awNKxLFCL/+pkDPuyl8= github.com/Azure/azure-sdk-for-go v58.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= @@ -108,7 +101,6 @@ github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuy github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= -github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20220418222510-f25a4f6275ed h1:ue9pVfIcP+QMEjfgo/Ez4ZjNZfonGgR6NgjMaJMu1Cg= @@ -137,8 +129,6 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps= -github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= -github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= github.com/caddyserver/certmagic v0.16.2 h1:k2n3LkkUG3aMUK/kckMuF9/0VFo+0FtMX3drPYESbmQ= github.com/caddyserver/certmagic v0.16.2/go.mod h1:PgLIr/dSJa+WA7t7z6Je5xuS/e5A/GFCPHRuZ1QP+MQ= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= @@ -152,8 +142,6 @@ github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghf github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE= github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/cheekybits/genny v1.0.0 h1:uGGa4nei+j20rOSeDeP5Of12XVm7TGUd4dJA9RDitfE= -github.com/cheekybits/genny v1.0.0/go.mod h1:+tQajlRqAUrPI7DOSpB0XAqZYtQakVtB7wXkRAgjxjQ= github.com/chzyer/logex v1.1.10 h1:Swpa1K6QvQznwJRcfTfQJmTE72DqScAa40E+fbHEXEE= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e h1:fY5BOSpyZCqRo5OhCuC+XN+r/bBCmeuuJtjz+bCNIf8= @@ -181,7 +169,6 @@ github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= -github.com/coreos/go-systemd v0.0.0-20181012123002-c6f51f82210d/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= @@ -236,11 +223,9 @@ github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk= github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/flynn/noise v1.0.0/go.mod h1:xbMo+0i6+IGbYdJhF31t2eR1BIU0CYc12+BNAKwUTag= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= -github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiDsoyrBGkyDY= github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= github.com/frankban/quicktest v1.10.0/go.mod h1:ui7WezCLWMWxVWr1GETZY3smRy0G4KWq9vcPtJmFl7Y= @@ -250,12 +235,10 @@ github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4 github.com/fsnotify/fsnotify v1.5.1 h1:mZcQUHVQUQWoPXXtuf9yuEXKudkV2sx1E06UadKWpgI= github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= github.com/go-asn1-ber/asn1-ber v1.3.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= github.com/go-chi/chi v4.0.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= github.com/go-chi/chi v4.1.2+incompatible h1:fGFk2Gmi/YKXk0OmGfBh0WgmN3XB8lVnEyNz34tQRec= github.com/go-chi/chi v4.1.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= -github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= @@ -300,7 +283,6 @@ github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4er github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= @@ -351,8 +333,6 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg= -github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ= -github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= @@ -379,9 +359,6 @@ github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+ github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/gax-go v2.0.0+incompatible h1:j0GKcs05QVmm7yesiZq2+9cxHkNK9YM6zKx4D2qucQU= -github.com/googleapis/gax-go v2.0.0+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= -github.com/googleapis/gax-go/v2 v2.0.3/go.mod h1:LLvjysVCY1JZeum8Z6l8qUty8fiNwE08qbEPm1M08qg= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0= @@ -395,11 +372,9 @@ github.com/gorilla/mux v1.4.0/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2z github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= -github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/groob/finalizer v0.0.0-20170707115354-4c2ed49aabda/go.mod h1:MyndkAZd5rUMdNogn35MWXBX1UiBigrU8eTj8DoAC2c= github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= -github.com/grpc-ecosystem/grpc-gateway v1.5.0/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw= github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= @@ -512,7 +487,6 @@ github.com/jackc/puddle v0.0.0-20190413234325-e4ced69a3a2b/go.mod h1:m4B5Dj62Y0f github.com/jackc/puddle v0.0.0-20190608224051-11cab39313c9/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jackc/puddle v1.1.3/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jackc/puddle v1.2.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= -github.com/jellevandenhooff/dkim v0.0.0-20150330215556-f50fe3d243e1/go.mod h1:E0B/fFc00Y+Rasa88328GlI/XbtyysCtTHZS8h7IrBU= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/jhump/protoreflect v1.6.0/go.mod h1:eaTn3RZAmMBcV0fifFvlm6VHNz3wSkYyXYWUh7ymB74= github.com/jhump/protoreflect v1.9.0/go.mod h1:7GcYQDdMU/O/BBrl/cX6PNHpXh6cenjd8pneu5yW7Tg= @@ -552,7 +526,6 @@ github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfn github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/pty v1.1.3/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= @@ -566,26 +539,20 @@ github.com/libdns/libdns v0.2.1 h1:Wu59T7wSHRgtA0cfxC+n1c/e+O3upJGWytknkmFEDis= github.com/libdns/libdns v0.2.1/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40= github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= -github.com/lucas-clemente/quic-go v0.28.1 h1:Uo0lvVxWg5la9gflIF9lwa39ONq85Xq2D91YNEIslzU= -github.com/lucas-clemente/quic-go v0.28.1/go.mod h1:oGz5DKK41cJt5+773+BSO9BXDsREY4HLf7+0odGAPO0= -github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= +github.com/lucas-clemente/quic-go v0.28.2-0.20220813150001-9957668d4301 h1:6W5uGdteJsB9b2T36wrc/nr48COmN9M0jeFx05NEsUQ= +github.com/lucas-clemente/quic-go v0.28.2-0.20220813150001-9957668d4301/go.mod h1:CTcNfLYJS2UuRNB+zcNlgvkjBhxX6Hm3WUxxAQx2mgE= github.com/lxn/walk v0.0.0-20210112085537-c389da54e794/go.mod h1:E23UucZGqpuUANJooIbHWCufXvOcT6E7Stq81gU+CSQ= github.com/lxn/win v0.0.0-20210218163916-a377121e959e/go.mod h1:KxxjdtRkfNoYDCUP5ryK7XJJNTnpC8atvtmTheChOtk= github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= -github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/manifoldco/promptui v0.9.0 h1:3V4HzJk1TtXW1MTZMP7mdlwbBpIinw3HztaIlYthEiA= github.com/manifoldco/promptui v0.9.0/go.mod h1:ka04sppxSGFAtxX0qhlYQjISsg9mR4GWtQEhdbn6Pgg= github.com/marten-seemann/qpack v0.2.1 h1:jvTsT/HpCn2UZJdP+UUB53FfUUgeOyG5K1ns0OJOGVs= github.com/marten-seemann/qpack v0.2.1/go.mod h1:F7Gl5L1jIgN1D11ucXefiuJS9UMVP2opoCp2jDKb7wc= -github.com/marten-seemann/qtls-go1-16 v0.1.5 h1:o9JrYPPco/Nukd/HpOHMHZoBDXQqoNtUCmny98/1uqQ= -github.com/marten-seemann/qtls-go1-16 v0.1.5/go.mod h1:gNpI2Ol+lRS3WwSOtIUUtRwZEQMXjYK+dQSBFbethAk= -github.com/marten-seemann/qtls-go1-17 v0.1.2 h1:JADBlm0LYiVbuSySCHeY863dNkcpMmDR7s0bLKJeYlQ= -github.com/marten-seemann/qtls-go1-17 v0.1.2/go.mod h1:C2ekUKcDdz9SDWxec1N/MvcXBpaX9l3Nx67XaR84L5s= github.com/marten-seemann/qtls-go1-18 v0.1.2 h1:JH6jmzbduz0ITVQ7ShevK10Av5+jBEKAHMntXmIV7kM= github.com/marten-seemann/qtls-go1-18 v0.1.2/go.mod h1:mJttiymBAByA49mhlNZZGrH5u1uXYZJ+RW28Py7f4m4= -github.com/marten-seemann/qtls-go1-19 v0.1.0-beta.1 h1:7m/WlWcSROrcK5NxuXaxYD32BZqe/LEEnBrWcH/cOqQ= -github.com/marten-seemann/qtls-go1-19 v0.1.0-beta.1/go.mod h1:5HTDWtVudo/WFsHKRNuOhWlbdjrfs5JHrYb0wIJqGpI= +github.com/marten-seemann/qtls-go1-19 v0.1.0 h1:rLFKD/9mp/uq1SYGYuVZhm83wkmU95pK5df3GufyYYU= +github.com/marten-seemann/qtls-go1-19 v0.1.0/go.mod h1:5HTDWtVudo/WFsHKRNuOhWlbdjrfs5JHrYb0wIJqGpI= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= @@ -609,7 +576,6 @@ github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d h1:5PJl274Y63IEHC+7izoQ github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= github.com/mholt/acmez v1.0.4 h1:N3cE4Pek+dSolbsofIkAYz6H1d3pE+2G0os7QHslf80= github.com/mholt/acmez v1.0.4/go.mod h1:qFGLZ4u+ehWINeJZjzPlsnjJBCPAADWTcIqE/7DAYQY= -github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4= github.com/micromdm/scep/v2 v2.1.0 h1:2fS9Rla7qRR266hvUoEauBJ7J6FhgssEiq2OkSKXmaU= github.com/micromdm/scep/v2 v2.1.0/go.mod h1:BkF7TkPPhmgJAMtHfP+sFTKXmgzNJgLQlvvGoOExBcc= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= @@ -653,8 +619,6 @@ github.com/nats-io/nkeys v0.1.0/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxzi github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c= github.com/nbrownus/go-metrics-prometheus v0.0.0-20210712211119-974a6260965f/go.mod h1:nwPd6pDNId/Xi16qtKrFHrauSwMNuvk+zcjk89wrnlA= -github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo= -github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM= github.com/newrelic/go-agent v2.15.0+incompatible/go.mod h1:a8Fv1b/fYhFSReoTU6HDkTYIMZeSVNffmoS726Y0LzQ= github.com/nishanths/predeclared v0.0.0-20200524104333-86fad755b4d3/go.mod h1:nt3d53pc1VYcphSCIaYAJtnPYnr3Zyn8fMq2wvPGPso= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= @@ -667,21 +631,18 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= -github.com/onsi/ginkgo v1.16.2/go.mod h1:CObGmKUOKaSC0RjmoAK7tKyn4Azo5P2IWuoMnvwxz1E= github.com/onsi/ginkgo v1.16.4 h1:29JGrr5oVBm5ulCWet69zQkzWipVXIol6ygQUe/EzNc= github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.13.0 h1:7lLHu94wT9Ij0o6EWWclhu0aOh32VxhkwEJvzuWPeak= -github.com/onsi/gomega v1.13.0/go.mod h1:lRk9szgn8TxENtWd0Tp4c3wjlRfMTMH27I+3Je41yGY= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis= github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74= github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5/go.mod h1:/wsWhb9smxSfWAKL3wpBW7V8scJMt8N8gnaMCS9E/cA= -github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8= github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw= github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= @@ -702,7 +663,6 @@ github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6J github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= -github.com/prometheus/client_golang v0.8.0/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= @@ -719,7 +679,6 @@ github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1: github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA= @@ -728,7 +687,6 @@ github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB8 github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/common v0.32.1 h1:hWIdL3N2HoUx3B8j3YN9mWor0qhY/NlEKZEaXxuIRh4= github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= -github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= @@ -755,34 +713,11 @@ github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIH github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= -github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4= github.com/shopspring/decimal v1.2.0 h1:abSATXmQEYyShuxI4/vyW3tV1MrKAJzCZ/0zLUXYbsQ= github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= -github.com/shurcooL/component v0.0.0-20170202220835-f88ec8f54cc4/go.mod h1:XhFIlyj5a1fBNx5aJTbKoIq0mNaPvOagO+HjB3EtxrY= -github.com/shurcooL/events v0.0.0-20181021180414-410e4ca65f48/go.mod h1:5u70Mqkb5O5cxEA8nxTsgrgLehJeAw6Oc4Ab1c/P1HM= -github.com/shurcooL/github_flavored_markdown v0.0.0-20181002035957-2122de532470/go.mod h1:2dOwnU2uBioM+SGy2aZoq1f/Sd1l9OkAeAUvjSyvgU0= -github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk= -github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041/go.mod h1:N5mDOmsrJOB+vfqUK+7DmDyjhSLIIBnXo9lvZJj3MWQ= -github.com/shurcooL/gofontwoff v0.0.0-20180329035133-29b52fc0a18d/go.mod h1:05UtEgK5zq39gLST6uB0cf3NEHjETfB4Fgr3Gx5R9Vw= -github.com/shurcooL/gopherjslib v0.0.0-20160914041154-feb6d3990c2c/go.mod h1:8d3azKNyqcHP1GaQE/c6dDgjkgSx2BZ4IoEi4F1reUI= -github.com/shurcooL/highlight_diff v0.0.0-20170515013008-09bb4053de1b/go.mod h1:ZpfEhSmds4ytuByIcDnOLkTHGUI6KNqRNPDLHDk+mUU= -github.com/shurcooL/highlight_go v0.0.0-20181028180052-98c3abbbae20/go.mod h1:UDKB5a1T23gOMUJrI+uSuH0VRDStOiUVSjBTRDVBVag= -github.com/shurcooL/home v0.0.0-20181020052607-80b7ffcb30f9/go.mod h1:+rgNQw2P9ARFAs37qieuu7ohDNQ3gds9msbT2yn85sg= -github.com/shurcooL/htmlg v0.0.0-20170918183704-d01228ac9e50/go.mod h1:zPn1wHpTIePGnXSHpsVPWEktKXHr6+SS6x/IKRb7cpw= -github.com/shurcooL/httperror v0.0.0-20170206035902-86b7830d14cc/go.mod h1:aYMfkZ6DWSJPJ6c4Wwz3QtW22G7mf/PEgaB9k/ik5+Y= -github.com/shurcooL/httpfs v0.0.0-20171119174359-809beceb2371/go.mod h1:ZY1cvUeJuFPAdZ/B6v7RHavJWZn2YPVFQ1OSXhCGOkg= -github.com/shurcooL/httpgzip v0.0.0-20180522190206-b1c53ac65af9/go.mod h1:919LwcH0M7/W4fcZ0/jy0qGght1GIhqyS/EgWGH2j5Q= -github.com/shurcooL/issues v0.0.0-20181008053335-6292fdc1e191/go.mod h1:e2qWDig5bLteJ4fwvDAc2NHzqFEthkqn7aOZAOpj+PQ= -github.com/shurcooL/issuesapp v0.0.0-20180602232740-048589ce2241/go.mod h1:NPpHK2TI7iSaM0buivtFUc9offApnI0Alt/K8hcHy0I= -github.com/shurcooL/notifications v0.0.0-20181007000457-627ab5aea122/go.mod h1:b5uSkrEVM1jQUspwbixRBhaIjIzL2xazXp6kntxYle0= -github.com/shurcooL/octicon v0.0.0-20181028054416-fa4f57f9efb2/go.mod h1:eWdoE5JD4R5UVWDucdOPg1g2fqQRq78IQa9zlOV1vpQ= -github.com/shurcooL/reactions v0.0.0-20181006231557-f2e0b4ca5b82/go.mod h1:TCR1lToEk4d2s07G3XGfz2QrgHXg4RJBvjrOozvoWfk= -github.com/shurcooL/sanitized_anchor_name v0.0.0-20170918181015-86672fcb3f95/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= -github.com/shurcooL/users v0.0.0-20180125191416-49c67e49c537/go.mod h1:QJTqeLYEDaXHZDBsXlPCDqdhQuJkuw4NOtaxYe3xii4= -github.com/shurcooL/webdavfs v0.0.0-20170829043945-18c3829fa133/go.mod h1:hKmq5kWdCj2z2KEozexVbfEZIWiTjhE0+UjmZgPqehw= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= @@ -808,8 +743,6 @@ github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9 github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8/go.mod h1:P5HUIBuIWKbyjl083/loAegFkfbFNx5i2qEP4CNbm7E= github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= -github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d/go.mod h1:UdhH50NIW0fCiwBSr0co2m7BnFLdv4fQTgdqdJTHFeE= -github.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e/go.mod h1:HuIsMU8RRBOtsCgI77wP899iHVBQpCmg4ErYMZB+2IA= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spaolacci/murmur3 v1.1.0 h1:7c1g84S4BPRrfL5Xrdp6fOJ206sU9y293DDHaoy0bLI= github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= @@ -842,7 +775,6 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk= github.com/tailscale/tscert v0.0.0-20220316030059-54bbcb9f74e2 h1:xwMw7LFhV9dbvot9A7NLClP9udqbjrQlIwWMH8e7uiQ= github.com/tailscale/tscert v0.0.0-20220316030059-54bbcb9f74e2/go.mod h1:hL4gB6APAasMR2NNi/JHzqKkxW3EPQlFgLEq9PMi2t0= -github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cbyO7IOYJZWg1U88JhDg3PB6klq9Hg2pA= github.com/thales-e-security/pool v0.0.2/go.mod h1:qtpMm2+thHtqhLzTwgDBj/OuNnMpupY8mv0Phz0gjhU= github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= @@ -853,8 +785,6 @@ github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtX github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli v1.22.5 h1:lNq9sAHXK2qfdI8W+GRItjCEkI+2oR4d+MEHy1CKXoU= github.com/urfave/cli v1.22.5/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= -github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU= -github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM= github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= @@ -880,7 +810,6 @@ go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mI go.mozilla.org/pkcs7 v0.0.0-20210730143726-725912489c62/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk= go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 h1:CCriYyAfq1Br1aIYettdHZTy8mBTIPo7We18TuO/bak= go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk= -go.opencensus.io v0.18.0/go.mod h1:vKdFvxhtzZ9onBp9VKHK8z/sRpBMnKAsufL7wlDrCOA= go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= @@ -941,21 +870,16 @@ go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= go.uber.org/zap v1.21.0 h1:WefMeulhovoZ2sYXz7st6K0sLj7bBhpiFaud4r4zST8= go.uber.org/zap v1.21.0/go.mod h1:wjWOCqI0f2ZZrJF/UufIOkiC8ii6tm1iqIsLo76RfJw= -go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE= -golang.org/x/build v0.0.0-20190111050920-041ab4dc3f9d/go.mod h1:OWs+y06UdEOHN4y+MfF/py+xQ/tYqIWW03b70/CG9Rw= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190411191339-88737f569e3a/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20200221231518-2aa609cf4a9d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -980,9 +904,10 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= +golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e h1:+WEEuIdZHnUeJJmEUjyYC2gfUMj69yZXw17EnHg/otA= +golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e/go.mod h1:Kr81I6Kryrl9sr8s2FK3vxD90NdsKWRuOIl2O4CvYbA= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -1005,16 +930,15 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.2 h1:Gz96sIWK3OalVv/I/qNygP42zyoKp3xptRVCWRFEBvo= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 h1:kQgndtyPBW/JIYERgdxfwMYh3AVStj88WQTlNDi2a+o= +golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= golang.org/x/net v0.0.0-20170726083632-f5079bd7f6f7/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180530234432-1e491301e022/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181029044818-c44066c5c816/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181106065722-10aee1819953/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -1022,7 +946,6 @@ golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73r golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190313220215-9f648a60d977/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= @@ -1055,7 +978,6 @@ golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= @@ -1065,13 +987,10 @@ golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220403103023-749bd193bc2b/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.0.0-20220630215102-69896b714898/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.0.0-20220812165438-1d4ff48094d1 h1:mx1QvUwXKGgh+3SB51PH4G1TouzL84rLG0CtpdX+TTg= golang.org/x/net v0.0.0-20220812165438-1d4ff48094d1/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1088,7 +1007,6 @@ golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 h1:RerP+noqYHUQ8CMRcPlC2nvTa4dcBIjegkuWdcUDuqg= golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/perf v0.0.0-20180704124530-6e6d33e29852/go.mod h1:JLpeXjPJfIyPr5TlbXLkXWLhP8nz10XfvxElABhCtcw= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1107,7 +1025,6 @@ golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181029174526-d69651ed3497/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -1115,7 +1032,6 @@ golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190316082340-a2f829d7f35f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1225,7 +1141,6 @@ golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxb golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20181030000716-a0a13e073c7b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= @@ -1288,8 +1203,9 @@ golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.7 h1:6j8CgantCy3yc8JGBqkDLMKWqZ0RDU2g1HVgacojGWQ= golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo= +golang.org/x/tools v0.1.10 h1:QjFRCZxdOhBJ/UNgnBZLbNV13DlbnK0quyivTnXJM20= +golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1299,9 +1215,6 @@ golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1N golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.zx2c4.com/wintun v0.0.0-20211104114900-415007cec224/go.mod h1:deeaetjYA+DHMHg+sMSMI58GrEteJUUzzw7en6TJQcI= golang.zx2c4.com/wireguard/windows v0.5.1/go.mod h1:EApyTk/ZNrkbZjurHL1nleDYnsPpJYBO7LZEBCyDAHk= -google.golang.org/api v0.0.0-20180910000450-7ca32eb868bf/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= -google.golang.org/api v0.0.0-20181030000543-1d582fd0359e/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= -google.golang.org/api v0.1.0/go.mod h1:UGEZY7KEX120AnNLIHFMKIo4obdJhkp2tPbaPlQx13Y= google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= @@ -1339,7 +1252,6 @@ google.golang.org/api v0.70.0 h1:67zQnAE0T2rB0A3CwLSas0K+SbVzSxP+zTLkQLexeiw= google.golang.org/api v0.70.0/go.mod h1:Bs4ZM2HGifEvXwd50TtW70ovgJffJYw2oRCOFU/SkfA= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= @@ -1349,10 +1261,6 @@ google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6 google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/genproto v0.0.0-20170818010345-ee236bd376b0/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20180831171423-11092d34479b/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20181029155118-b69ba1387ce2/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20181202183823-bd91e49a0898/go.mod h1:7Ep/1NZk928CDR8SjdVbjWNpdIf6nzjE3BTgJDr2Atg= -google.golang.org/genproto v0.0.0-20190306203927-b5d61aea6440/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= @@ -1421,8 +1329,6 @@ google.golang.org/genproto v0.0.0-20220401170504-314d38edb7de/go.mod h1:8w6bsBMX google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 h1:hrbNEivu7Zn1pxvHk6MBrq9iE22woVILTHqexqBxe6I= google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= -google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= -google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM= @@ -1488,7 +1394,6 @@ gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o= gopkg.in/inconshreveable/log15.v2 v2.0.0-20180818164646-67afb5ed74ec/go.mod h1:aPpfJ7XW+gOuirDoZ8gHhLh3kZ1B08FtV2bbmy7Jv3s= -gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/natefinch/lumberjack.v2 v2.0.0 h1:1Lc07Kr7qY4U2YPouBjpCLxpiyxIVoxqXgkXLknAOE8= gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= @@ -1515,7 +1420,6 @@ gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -grpc.go4.org v0.0.0-20170609214715-11d0a25b4919/go.mod h1:77eQGdRu53HpSqPFJFmuJdjuHRquDANNeA4x7B8WQ9o= honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= @@ -1532,5 +1436,3 @@ rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU= -sourcegraph.com/sourcegraph/go-diff v0.5.0/go.mod h1:kuch7UrkMzY0X+p9CRK03kfuPQ2zzQcaEFbx8wA8rck= -sourcegraph.com/sqs/pbtypes v0.0.0-20180604144634-d3ebe8f20ae4/go.mod h1:ketZ/q3QxT9HOBeFhu6RdvsftgpsbFHBF5Cas6cDKZ0= diff --git a/listeners.go b/listeners.go index 3a8d49dd..c7d6d52f 100644 --- a/listeners.go +++ b/listeners.go @@ -88,11 +88,19 @@ func ListenPacket(network, addr string) (net.PacketConn, error) { // ListenQUIC returns a quic.EarlyListener suitable for use in a Caddy module. // Note that the context passed to Accept is currently ignored, so using // a context other than context.Background is meaningless. -func ListenQUIC(addr string, tlsConf *tls.Config) (quic.EarlyListener, error) { +func ListenQUIC(addr string, tlsConf *tls.Config, activeRequests *int64) (quic.EarlyListener, error) { lnKey := listenerKey("udp", addr) sharedEl, _, err := listenerPool.LoadOrNew(lnKey, func() (Destructor, error) { - el, err := quic.ListenAddrEarly(addr, http3.ConfigureTLSConfig(tlsConf), &quic.Config{}) + el, err := quic.ListenAddrEarly(addr, http3.ConfigureTLSConfig(tlsConf), &quic.Config{ + RequireAddressValidation: func(clientAddr net.Addr) bool { + var highLoad bool + if activeRequests != nil { + highLoad = atomic.LoadInt64(activeRequests) > 1000 // TODO: make tunable? + } + return highLoad + }, + }) if err != nil { return nil, err } diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go index c28e09db..a3d0f7e1 100644 --- a/modules/caddyhttp/app.go +++ b/modules/caddyhttp/app.go @@ -25,7 +25,6 @@ import ( "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/modules/caddytls" - "github.com/lucas-clemente/quic-go/http3" "go.uber.org/zap" "golang.org/x/net/http2" "golang.org/x/net/http2/h2c" @@ -185,6 +184,17 @@ func (app *App) Provision(ctx caddy.Context) error { srv.accessLogger = app.logger.Named("log.access") } + // the Go standard library does not let us serve only HTTP/2 using + // http.Server; we would probably need to write our own server + if !srv.protocol("h1") && (srv.protocol("h2") || srv.protocol("h2c")) { + return fmt.Errorf("server %s: cannot enable HTTP/2 or H2C without enabling HTTP/1.1; add h1 to protocols or remove h2/h2c", srvName) + } + + // if no protocols configured explicitly, enable all except h2c + if len(srv.Protocols) == 0 { + srv.Protocols = []string{"h1", "h2", "h3"} + } + // if not explicitly configured by the user, disallow TLS // client auth bypass (domain fronting) which could // otherwise be exploited by sending an unprotected SNI @@ -196,8 +206,7 @@ func (app *App) Provision(ctx caddy.Context) error { // based on hostname if srv.StrictSNIHost == nil && srv.hasTLSClientAuth() { app.logger.Warn("enabling strict SNI-Host enforcement because TLS client auth is configured", - zap.String("server_id", srvName), - ) + zap.String("server_id", srvName)) trueBool := true srv.StrictSNIHost = &trueBool } @@ -206,8 +215,7 @@ func (app *App) Provision(ctx caddy.Context) error { for i := range srv.Listen { lnOut, err := repl.ReplaceOrErr(srv.Listen[i], true, true) if err != nil { - return fmt.Errorf("server %s, listener %d: %v", - srvName, i, err) + return fmt.Errorf("server %s, listener %d: %v", srvName, i, err) } srv.Listen[i] = lnOut } @@ -324,10 +332,34 @@ func (app *App) Start() error { Handler: srv, ErrorLog: serverLogger, } + + // disable HTTP/2, which we enabled by default during provisioning + if !srv.protocol("h2") { + srv.server.TLSNextProto = make(map[string]func(*http.Server, *tls.Conn, http.Handler)) + for _, cp := range srv.TLSConnPolicies { + // the TLSConfig was already provisioned, so... manually remove it + for i, np := range cp.TLSConfig.NextProtos { + if np == "h2" { + cp.TLSConfig.NextProtos = append(cp.TLSConfig.NextProtos[:i], cp.TLSConfig.NextProtos[i+1:]...) + break + } + } + // remove it from the parent connection policy too, just to keep things tidy + for i, alpn := range cp.ALPN { + if alpn == "h2" { + cp.ALPN = append(cp.ALPN[:i], cp.ALPN[i+1:]...) + break + } + } + } + } + + // this TLS config is used by the std lib to choose the actual TLS config for connections + // by looking through the connection policies to find the first one that matches tlsCfg := srv.TLSConnPolicies.TLSConfig(app.ctx) - // enable h2c if configured - if srv.AllowH2C { + // enable H2C if configured + if srv.protocol("h2c") { h2server := &http2.Server{ IdleTimeout: time.Duration(srv.IdleTimeout), } @@ -362,27 +394,15 @@ func (app *App) Start() error { // enable TLS if there is a policy and if this is not the HTTP port useTLS := len(srv.TLSConnPolicies) > 0 && int(listenAddr.StartPort+portOffset) != app.httpPort() if useTLS { - // create TLS listener + // create TLS listener - this enables and terminates TLS ln = tls.NewListener(ln, tlsCfg) - // TODO: HTTP/3 support is experimental for now - if srv.ExperimentalHTTP3 { - if srv.h3server == nil { - srv.h3server = &http3.Server{ - Handler: srv, - TLSConfig: tlsCfg, - MaxHeaderBytes: srv.MaxHeaderBytes, - } + // enable HTTP/3 if configured + if srv.protocol("h3") { + app.logger.Info("enabling HTTP/3 listener", zap.String("addr", hostport)) + if err := srv.serveHTTP3(hostport, tlsCfg); err != nil { + return err } - - app.logger.Info("enabling experimental HTTP/3 listener", zap.String("addr", hostport)) - h3ln, err := caddy.ListenQUIC(hostport, tlsCfg) - if err != nil { - return fmt.Errorf("getting HTTP/3 QUIC listener: %v", err) - } - - //nolint:errcheck - go srv.h3server.ServeListener(h3ln) } } @@ -402,16 +422,22 @@ func (app *App) Start() error { app.logger.Debug("starting server loop", zap.String("address", ln.Addr().String()), - zap.Bool("http3", srv.ExperimentalHTTP3), zap.Bool("tls", useTLS), - ) + zap.Bool("http3", srv.h3server != nil)) srv.listeners = append(srv.listeners, ln) - //nolint:errcheck - go srv.server.Serve(ln) + // enable HTTP/1 if configured + if srv.protocol("h1") { + //nolint:errcheck + go srv.server.Serve(ln) + } } } + + srv.logger.Info("server running", + zap.String("name", srvName), + zap.Strings("protocols", srv.Protocols)) } // finish automatic HTTPS by finally beginning diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index 62c0fd9f..f8cd6122 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -16,6 +16,7 @@ package caddyhttp import ( "context" + "crypto/tls" "encoding/json" "errors" "fmt" @@ -25,6 +26,7 @@ import ( "runtime" "strings" "sync" + "sync/atomic" "time" "github.com/caddyserver/caddy/v2" @@ -37,6 +39,8 @@ import ( // Server describes an HTTP server. type Server struct { + activeRequests int64 // accessed atomically + // Socket addresses to which to bind listeners. Accepts // [network addresses](/docs/conventions#network-addresses) // that may include port ranges. Listener addresses must @@ -112,21 +116,35 @@ type Server struct { // to a non-null, empty struct. Logs *ServerLogConfig `json:"logs,omitempty"` - // Enable experimental HTTP/3 support. Note that HTTP/3 is not a - // finished standard and has extremely limited client support. - // This field is not subject to compatibility promises. - ExperimentalHTTP3 bool `json:"experimental_http3,omitempty"` - - // Enables H2C ("Cleartext HTTP/2" or "H2 over TCP") support, - // which will serve HTTP/2 over plaintext TCP connections if - // the client supports it. Because this is not implemented by the - // Go standard library, using H2C is incompatible with most - // of the other options for this server. Do not enable this + // Protocols specifies which HTTP protocols to enable. + // Supported values are: + // + // - `h1` (HTTP/1.1) + // - `h2` (HTTP/2) + // - `h2c` (cleartext HTTP/2) + // - `h3` (HTTP/3) + // + // If enabling `h2` or `h2c`, `h1` must also be enabled; + // this is due to current limitations in the Go standard + // library. + // + // HTTP/2 operates only over TLS (HTTPS). HTTP/3 opens + // a UDP socket to serve QUIC connections. + // + // H2C operates over plain TCP if the client supports it; + // however, because this is not implemented by the Go + // standard library, other server options are not compatible + // and will not be applied to H2C requests. Do not enable this // only to achieve maximum client compatibility. In practice, // very few clients implement H2C, and even fewer require it. - // This setting applies only to unencrypted HTTP listeners. - // ⚠️ Experimental feature; subject to change or removal. - AllowH2C bool `json:"allow_h2c,omitempty"` + // Enabling H2C can be useful for serving/proxying gRPC + // if encryption is not possible or desired. + // + // We recommend for most users to simply let Caddy use the + // default settings. + // + // Default: `[h1 h2 h3]` + Protocols []string `json:"protocols,omitempty"` name string @@ -152,7 +170,12 @@ type Server struct { func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { w.Header().Set("Server", "Caddy") + // advertise HTTP/3, if enabled if s.h3server != nil { + // keep track of active requests for QUIC transport purposes (See AcceptToken callback in quic.Config) + atomic.AddInt64(&s.activeRequests, 1) + defer atomic.AddInt64(&s.activeRequests, -1) + err := s.h3server.SetQuicHeaders(w.Header()) if err != nil { s.logger.Error("setting HTTP/3 Alt-Svc header", zap.Error(err)) @@ -445,6 +468,30 @@ func (s *Server) findLastRouteWithHostMatcher() int { return lastIndex } +// serveHTTP3 creates a QUIC listener, configures an HTTP/3 server if +// not already done, and then uses that server to serve HTTP/3 over +// the listener, with Server s as the handler. +func (s *Server) serveHTTP3(hostport string, tlsCfg *tls.Config) error { + h3ln, err := caddy.ListenQUIC(hostport, tlsCfg, &s.activeRequests) + if err != nil { + return fmt.Errorf("starting HTTP/3 QUIC listener: %v", err) + } + + // create HTTP/3 server if not done already + if s.h3server == nil { + s.h3server = &http3.Server{ + Handler: s, + TLSConfig: tlsCfg, + MaxHeaderBytes: s.MaxHeaderBytes, + } + } + + //nolint:errcheck + go s.h3server.ServeListener(h3ln) + + return nil +} + // HTTPErrorConfig determines how to handle errors // from the HTTP handlers. type HTTPErrorConfig struct { @@ -509,6 +556,16 @@ func (s *Server) shouldLogRequest(r *http.Request) bool { return true } +// protocol returns true if the protocol proto is configured/enabled. +func (s *Server) protocol(proto string) bool { + for _, p := range s.Protocols { + if p == proto { + return true + } + } + return false +} + // ServerLogConfig describes a server's logging configuration. If // enabled without customization, all requests to this server are // logged to the default logger; logger destinations may be diff --git a/modules/caddytls/connpolicy.go b/modules/caddytls/connpolicy.go index 285e9f6f..f7b9c462 100644 --- a/modules/caddytls/connpolicy.go +++ b/modules/caddytls/connpolicy.go @@ -112,7 +112,7 @@ func (cp ConnectionPolicies) TLSConfig(_ caddy.Context) *tls.Config { continue policyLoop } } - return pol.stdTLSConfig, nil + return pol.TLSConfig, nil } return nil, fmt.Errorf("no server TLS configuration available for ClientHello: %+v", hello) @@ -156,8 +156,15 @@ type ConnectionPolicy struct { // is no policy configured for the empty SNI value. DefaultSNI string `json:"default_sni,omitempty"` - matchers []ConnectionMatcher - stdTLSConfig *tls.Config + // TLSConfig is the fully-formed, standard lib TLS config + // used to serve TLS connections. Provision all + // ConnectionPolicies to populate this. It is exported only + // so it can be minimally adjusted after provisioning + // if necessary (like to adjust NextProtos to disable HTTP/2), + // and may be unexported in the future. + TLSConfig *tls.Config `json:"-"` + + matchers []ConnectionMatcher } func (p *ConnectionPolicy) buildStandardTLSConfig(ctx caddy.Context) error { @@ -275,7 +282,7 @@ func (p *ConnectionPolicy) buildStandardTLSConfig(ctx caddy.Context) error { setDefaultTLSParams(cfg) - p.stdTLSConfig = cfg + p.TLSConfig = cfg return nil } From dc62d468e9645f52a5e1b4f6093dff65137ab3fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Abdussamet=20Ko=C3=A7ak?= Date: Tue, 16 Aug 2022 07:31:45 +0300 Subject: [PATCH 0726/1498] fileserver: reset buffer before using it (#4962) (#4963) --- modules/caddyhttp/fileserver/browse.go | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/caddyhttp/fileserver/browse.go b/modules/caddyhttp/fileserver/browse.go index da978425..90263560 100644 --- a/modules/caddyhttp/fileserver/browse.go +++ b/modules/caddyhttp/fileserver/browse.go @@ -94,6 +94,7 @@ func (fsrv *FileServer) serveBrowse(root, dirPath string, w http.ResponseWriter, fsrv.browseApplyQueryParams(w, r, &listing) buf := bufPool.Get().(*bytes.Buffer) + buf.Reset() defer bufPool.Put(buf) acceptHeader := strings.ToLower(strings.Join(r.Header["Accept"], ",")) From a479943acd70068c4b80d3a8f4b8dd7ab93ca2ba Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Tue, 16 Aug 2022 08:48:57 -0600 Subject: [PATCH 0727/1498] caddyhttp: Smarter path matching and rewriting (#4948) Co-authored-by: RussellLuo --- modules/caddyhttp/caddyhttp.go | 35 +++ modules/caddyhttp/caddyhttp_test.go | 57 ++++ modules/caddyhttp/fileserver/staticfiles.go | 12 +- modules/caddyhttp/matchers.go | 322 +++++++++++++++----- modules/caddyhttp/matchers_test.go | 153 +++++++++- modules/caddyhttp/rewrite/rewrite.go | 110 +++++-- modules/caddyhttp/rewrite/rewrite_test.go | 41 +++ 7 files changed, 616 insertions(+), 114 deletions(-) diff --git a/modules/caddyhttp/caddyhttp.go b/modules/caddyhttp/caddyhttp.go index 784b2b90..c9cc9e6d 100644 --- a/modules/caddyhttp/caddyhttp.go +++ b/modules/caddyhttp/caddyhttp.go @@ -20,6 +20,7 @@ import ( "io" "net" "net/http" + "path" "path/filepath" "strconv" "strings" @@ -244,6 +245,40 @@ func SanitizedPathJoin(root, reqPath string) string { return path } +// CleanPath cleans path p according to path.Clean(), but only +// merges repeated slashes if collapseSlashes is true, and always +// preserves trailing slashes. +func CleanPath(p string, collapseSlashes bool) string { + if collapseSlashes { + return cleanPath(p) + } + + // insert an invalid/impossible URI character into each two consecutive + // slashes to expand empty path segments; then clean the path as usual, + // and then remove the remaining temporary characters. + const tmpCh = 0xff + var sb strings.Builder + for i, ch := range p { + if ch == '/' && i > 0 && p[i-1] == '/' { + sb.WriteByte(tmpCh) + } + sb.WriteRune(ch) + } + halfCleaned := cleanPath(sb.String()) + halfCleaned = strings.ReplaceAll(halfCleaned, string([]byte{tmpCh}), "") + + return halfCleaned +} + +// cleanPath does path.Clean(p) but preserves any trailing slash. +func cleanPath(p string) string { + cleaned := path.Clean(p) + if cleaned != "/" && strings.HasSuffix(p, "/") { + cleaned = cleaned + "/" + } + return cleaned +} + // tlsPlaceholderWrapper is a no-op listener wrapper that marks // where the TLS listener should be in a chain of listener wrappers. // It should only be used if another listener wrapper must be placed diff --git a/modules/caddyhttp/caddyhttp_test.go b/modules/caddyhttp/caddyhttp_test.go index 09011fe9..1bca4d60 100644 --- a/modules/caddyhttp/caddyhttp_test.go +++ b/modules/caddyhttp/caddyhttp_test.go @@ -92,3 +92,60 @@ func TestSanitizedPathJoin(t *testing.T) { } } } + +func TestCleanPath(t *testing.T) { + for i, tc := range []struct { + input string + mergeSlashes bool + expect string + }{ + { + input: "/foo", + expect: "/foo", + }, + { + input: "/foo/", + expect: "/foo/", + }, + { + input: "//foo", + expect: "//foo", + }, + { + input: "//foo", + mergeSlashes: true, + expect: "/foo", + }, + { + input: "/foo//bar/", + mergeSlashes: true, + expect: "/foo/bar/", + }, + { + input: "/foo/./.././bar", + expect: "/bar", + }, + { + input: "/foo//./..//./bar", + expect: "/foo//bar", + }, + { + input: "/foo///./..//./bar", + expect: "/foo///bar", + }, + { + input: "/foo///./..//.", + expect: "/foo//", + }, + { + input: "/foo//./bar", + expect: "/foo//bar", + }, + } { + actual := CleanPath(tc.input, tc.mergeSlashes) + if actual != tc.expect { + t.Errorf("Test %d [input='%s' mergeSlashes=%t]: Got '%s', expected '%s'", + i, tc.input, tc.mergeSlashes, actual, tc.expect) + } + } +} diff --git a/modules/caddyhttp/fileserver/staticfiles.go b/modules/caddyhttp/fileserver/staticfiles.go index a745d5a8..554f8d30 100644 --- a/modules/caddyhttp/fileserver/staticfiles.go +++ b/modules/caddyhttp/fileserver/staticfiles.go @@ -23,7 +23,6 @@ import ( weakrand "math/rand" "mime" "net/http" - "net/url" "os" "path" "path/filepath" @@ -236,16 +235,7 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c filesToHide := fsrv.transformHidePaths(repl) root := repl.ReplaceAll(fsrv.Root, ".") - // PathUnescape returns an error if the escapes aren't well-formed, - // meaning the count % matches the RFC. Return early if the escape is - // improper. - if _, err := url.PathUnescape(r.URL.Path); err != nil { - fsrv.logger.Debug("improper path escape", - zap.String("site_root", root), - zap.String("request_path", r.URL.Path), - zap.Error(err)) - return err - } + filename := caddyhttp.SanitizedPathJoin(root, r.URL.Path) fsrv.logger.Debug("sanitized path join", diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index bb957d6a..d6bbe7e4 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -23,7 +23,6 @@ import ( "net/textproto" "net/url" "path" - "path/filepath" "reflect" "regexp" "sort" @@ -63,20 +62,51 @@ type ( // Duplicate entries will return an error. MatchHost []string - // MatchPath matches requests by the URI's path (case-insensitive). Path - // matches are exact, but wildcards may be used: + // MatchPath case-insensitively matches requests by the URI's path. Path + // matching is exact, not prefix-based, giving you more control and clarity + // over matching. Wildcards (`*`) may be used: // - // - At the end, for a prefix match (`/prefix/*`) - // - At the beginning, for a suffix match (`*.suffix`) - // - On both sides, for a substring match (`*/contains/*`) + // - At the end only, for a prefix match (`/prefix/*`) + // - At the beginning only, for a suffix match (`*.suffix`) + // - On both sides only, for a substring match (`*/contains/*`) // - In the middle, for a globular match (`/accounts/*/info`) // + // Slashes are significant; i.e. `/foo*` matches `/foo`, `/foo/`, `/foo/bar`, + // and `/foobar`; but `/foo/*` does not match `/foo` or `/foobar`. Valid + // paths start with a slash `/`. + // + // Because there are, in general, multiple possible escaped forms of any + // path, path matchers operate in unescaped space; that is, path matchers + // should be written in their unescaped form to prevent ambiguities and + // possible security issues, as all request paths will be normalized to + // their unescaped forms before matcher evaluation. + // + // However, escape sequences in a match pattern are supported; they are + // compared with the request's raw/escaped path for those bytes only. + // In other words, a matcher of `/foo%2Fbar` will match a request path + // of precisely `/foo%2Fbar`, but not `/foo/bar`. It follows that matching + // the literal percent sign (%) in normalized space can be done using the + // escaped form, `%25`. + // + // Even though wildcards (`*`) operate in the normalized space, the special + // escaped wildcard (`%*`), which is not a valid escape sequence, may be + // used in place of a span that should NOT be decoded; that is, `/bands/%*` + // will match `/bands/AC%2fDC` whereas `/bands/*` will not. + // + // Even though path matching is done in normalized space, the special + // wildcard `%*` may be used in place of a span that should NOT be decoded; + // that is, `/bands/%*/` will match `/bands/AC%2fDC/` whereas `/bands/*/` + // will not. + // // This matcher is fast, so it does not support regular expressions or // capture groups. For slower but more powerful matching, use the - // path_regexp matcher. + // path_regexp matcher. (Note that due to the special treatment of + // escape sequences in matcher patterns, they may perform slightly slower + // in high-traffic environments.) MatchPath []string // MatchPathRE matches requests by a regular expression on the URI's path. + // Path matching is performed in the unescaped (decoded) form of the path. // // Upon a match, it adds placeholders to the request: `{http.regexp.name.capture_group}` // where `name` is the regular expression's name, and `capture_group` is either @@ -303,7 +333,8 @@ outer: // expression matchers. // // Example: -// expression host('localhost') +// +// expression host('localhost') func (MatchHost) CELLibrary(ctx caddy.Context) (cel.Library, error) { return CELMatcherImpl( "host", @@ -342,6 +373,7 @@ func (MatchPath) CaddyModule() caddy.ModuleInfo { // Provision lower-cases the paths in m to ensure case-insensitive matching. func (m MatchPath) Provision(_ caddy.Context) error { for i := range m { + // TODO: if m[i] == "*", put it first and delete all others (will always match) m[i] = strings.ToLower(m[i]) } return nil @@ -349,77 +381,108 @@ func (m MatchPath) Provision(_ caddy.Context) error { // Match returns true if r matches m. func (m MatchPath) Match(r *http.Request) bool { - // PathUnescape returns an error if the escapes aren't - // well-formed, meaning the count % matches the RFC. - // Return early if the escape is improper. - unescapedPath, err := url.PathUnescape(r.URL.Path) - if err != nil { - return false - } + // Even though RFC 9110 says that path matching is case-sensitive + // (https://www.rfc-editor.org/rfc/rfc9110.html#section-4.2.3), + // we do case-insensitive matching to mitigate security issues + // related to differences between operating systems, applications, + // etc; if case-sensitive matching is needed, the regex matcher + // can be used instead. + reqPath := strings.ToLower(r.URL.Path) - lowerPath := strings.ToLower(unescapedPath) - - // Clean the path, merges doubled slashes, etc. - // This ensures maliciously crafted requests can't bypass - // the path matcher. See #4407 - lowerPath = path.Clean(lowerPath) - - // see #2917; Windows ignores trailing dots and spaces + // See #2917; Windows ignores trailing dots and spaces // when accessing files (sigh), potentially causing a // security risk (cry) if PHP files end up being served // as static files, exposing the source code, instead of - // being matched by *.php to be treated as PHP scripts - lowerPath = strings.TrimRight(lowerPath, ". ") - - // Cleaning may remove the trailing slash, but we want to keep it - if lowerPath != "/" && strings.HasSuffix(r.URL.Path, "/") { - lowerPath = lowerPath + "/" - } + // being matched by *.php to be treated as PHP scripts. + reqPath = strings.TrimRight(reqPath, ". ") repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) - for _, matchPath := range m { - matchPath = repl.ReplaceAll(matchPath, "") + for _, matchPattern := range m { + matchPattern = repl.ReplaceAll(matchPattern, "") // special case: whole path is wildcard; this is unnecessary // as it matches all requests, which is the same as no matcher - if matchPath == "*" { + if matchPattern == "*" { return true } + // Clean the path, merge doubled slashes, etc. + // This ensures maliciously crafted requests can't bypass + // the path matcher. See #4407. Good security posture + // requires that we should do all we can to reduce any + // funny-looking paths into "normalized" forms such that + // weird variants can't sneak by. + // + // How we clean the path depends on the kind of pattern: + // we either merge slashes or we don't. If the pattern + // has double slashes, we preserve them in the path. + // + // TODO: Despite the fact that the *vast* majority of path + // matchers have only 1 pattern, a possible optimization is + // to remember the cleaned form of the path for future + // iterations; it's just that the way we clean depends on + // the kind of pattern. + + mergeSlashes := !strings.Contains(matchPattern, "//") + + // if '%' appears in the match pattern, we interpret that to mean + // the intent is to compare that part of the path in raw/escaped + // space; i.e. "%40"=="%40", not "@", and "%2F"=="%2F", not "/" + if strings.Contains(matchPattern, "%") { + reqPathForPattern := CleanPath(r.URL.EscapedPath(), mergeSlashes) + if m.matchPatternWithEscapeSequence(reqPathForPattern, matchPattern) { + return true + } + + // doing prefix/suffix/substring matches doesn't make sense + continue + } + + reqPathForPattern := CleanPath(reqPath, mergeSlashes) + + // for substring, prefix, and suffix matching, only perform those + // special, fast matches if they are the only wildcards in the pattern; + // otherwise we assume a globular match if any * appears in the middle + // special case: first and last characters are wildcard, // treat it as a fast substring match - if len(matchPath) > 1 && - strings.HasPrefix(matchPath, "*") && - strings.HasSuffix(matchPath, "*") { - if strings.Contains(lowerPath, matchPath[1:len(matchPath)-1]) { + if strings.Count(matchPattern, "*") == 2 && + strings.HasPrefix(matchPattern, "*") && + strings.HasSuffix(matchPattern, "*") && + strings.Count(matchPattern, "*") == 2 { + if strings.Contains(reqPathForPattern, matchPattern[1:len(matchPattern)-1]) { return true } continue } - // special case: first character is a wildcard, - // treat it as a fast suffix match - if strings.HasPrefix(matchPath, "*") { - if strings.HasSuffix(lowerPath, matchPath[1:]) { - return true + // only perform prefix/suffix match if it is the only wildcard... + // I think that is more correct most of the time + if strings.Count(matchPattern, "*") == 1 { + // special case: first character is a wildcard, + // treat it as a fast suffix match + if strings.HasPrefix(matchPattern, "*") { + if strings.HasSuffix(reqPathForPattern, matchPattern[1:]) { + return true + } + continue + } + + // special case: last character is a wildcard, + // treat it as a fast prefix match + if strings.HasSuffix(matchPattern, "*") { + if strings.HasPrefix(reqPathForPattern, matchPattern[:len(matchPattern)-1]) { + return true + } + continue } - continue } - // special case: last character is a wildcard, - // treat it as a fast prefix match - if strings.HasSuffix(matchPath, "*") { - if strings.HasPrefix(lowerPath, matchPath[:len(matchPath)-1]) { - return true - } - continue - } - - // for everything else, try globular matching, which also - // is exact matching if there are no glob/wildcard chars; - // can ignore error here because we can't handle it anyway - matches, _ := filepath.Match(matchPath, lowerPath) + // at last, use globular matching, which also is exact matching + // if there are no glob/wildcard chars; we ignore the error here + // because we can't handle it anyway + matches, _ := path.Match(matchPattern, reqPathForPattern) if matches { return true } @@ -427,11 +490,118 @@ func (m MatchPath) Match(r *http.Request) bool { return false } +func (MatchPath) matchPatternWithEscapeSequence(escapedPath, matchPath string) bool { + // We would just compare the pattern against r.URL.Path, + // but the pattern contains %, indicating that we should + // compare at least some part of the path in raw/escaped + // space, not normalized space; so we build the string we + // will compare against by adding the normalized parts + // of the path, then switching to the escaped parts where + // the pattern hints to us wherever % is present. + var sb strings.Builder + + // iterate the pattern and escaped path in lock-step; + // increment iPattern every time we consume a char from the pattern, + // increment iPath every time we consume a char from the path; + // iPattern and iPath are our cursors/iterator positions for each string + var iPattern, iPath int + for { + if iPattern >= len(matchPath) || iPath >= len(escapedPath) { + break + } + + // get the next character from the request path + + pathCh := string(escapedPath[iPath]) + var escapedPathCh string + + // normalize (decode) escape sequences + if pathCh == "%" && len(escapedPath) >= iPath+3 { + // hold onto this in case we find out the intent is to match in escaped space here; + // we lowercase it even though technically the spec says: "For consistency, URI + // producers and normalizers should use uppercase hexadecimal digits for all percent- + // encodings" (RFC 3986 section 2.1) - we lowercased the matcher pattern earlier in + // provisioning so we do the same here to gain case-insensitivity in equivalence; + // besides, this string is never shown visibly + escapedPathCh = strings.ToLower(escapedPath[iPath : iPath+3]) + + var err error + pathCh, err = url.PathUnescape(escapedPathCh) + if err != nil { + // should be impossible unless EscapedPath() is giving us an invalid sequence! + return false + } + iPath += 2 // escape sequence is 2 bytes longer than normal char + } + + // now get the next character from the pattern + + normalize := true + switch matchPath[iPattern] { + case '%': + // escape sequence + + // if not a wildcard ("%*"), compare literally; consume next two bytes of pattern + if len(matchPath) >= iPattern+3 && matchPath[iPattern+1] != '*' { + sb.WriteString(escapedPathCh) + iPath++ + iPattern += 2 + break + } + + // escaped wildcard sequence; consume next byte only ('*') + iPattern++ + normalize = false + + fallthrough + case '*': + // wildcard, so consume until next matching character + remaining := escapedPath[iPath:] + until := len(escapedPath) - iPath // go until end of string... + if iPattern < len(matchPath)-1 { // ...unless the * is not at the end + nextCh := matchPath[iPattern+1] + until = strings.IndexByte(remaining, nextCh) + if until == -1 { + // terminating char of wildcard span not found, so definitely no match + return false + } + } + if until == 0 { + // empty span; nothing to add on this iteration + break + } + next := remaining[:until] + if normalize { + var err error + next, err = url.PathUnescape(next) + if err != nil { + return false // should be impossible anyway + } + } + sb.WriteString(next) + iPath += until + default: + sb.WriteString(pathCh) + iPath++ + } + + iPattern++ + } + + // we can now treat rawpath globs (%*) as regular globs (*) + matchPath = strings.ReplaceAll(matchPath, "%*", "*") + + // ignore error here because we can't handle it anyway= + matches, _ := path.Match(matchPath, sb.String()) + return matches +} + // CELLibrary produces options that expose this matcher for use in CEL // expression matchers. // // Example: -// expression path('*substring*', '*suffix') +// +// expression path('*substring*', '*suffix') func (MatchPath) CELLibrary(ctx caddy.Context) (cel.Library, error) { return CELMatcherImpl( // name of the macro, this is the function name that users see when writing expressions. @@ -477,23 +647,10 @@ func (MatchPathRE) CaddyModule() caddy.ModuleInfo { func (m MatchPathRE) Match(r *http.Request) bool { repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) - // PathUnescape returns an error if the escapes aren't - // well-formed, meaning the count % matches the RFC. - // Return early if the escape is improper. - unescapedPath, err := url.PathUnescape(r.URL.Path) - if err != nil { - return false - } - // Clean the path, merges doubled slashes, etc. // This ensures maliciously crafted requests can't bypass // the path matcher. See #4407 - cleanedPath := path.Clean(unescapedPath) - - // Cleaning may remove the trailing slash, but we want to keep it - if cleanedPath != "/" && strings.HasSuffix(r.URL.Path, "/") { - cleanedPath = cleanedPath + "/" - } + cleanedPath := cleanPath(r.URL.Path) return m.MatchRegexp.Match(cleanedPath, repl) } @@ -502,7 +659,8 @@ func (m MatchPathRE) Match(r *http.Request) bool { // expression matchers. // // Example: -// expression path_regexp('^/bar') +// +// expression path_regexp('^/bar') func (MatchPathRE) CELLibrary(ctx caddy.Context) (cel.Library, error) { unnamedPattern, err := CELMatcherImpl( "path_regexp", @@ -575,7 +733,8 @@ func (m MatchMethod) Match(r *http.Request) bool { // expression matchers. // // Example: -// expression method('PUT', 'POST') +// +// expression method('PUT', 'POST') func (MatchMethod) CELLibrary(_ caddy.Context) (cel.Library, error) { return CELMatcherImpl( "method", @@ -661,7 +820,8 @@ func (m MatchQuery) Match(r *http.Request) bool { // expression matchers. // // Example: -// expression query({'sort': 'asc'}) || query({'foo': ['*bar*', 'baz']}) +// +// expression query({'sort': 'asc'}) || query({'foo': ['*bar*', 'baz']}) func (MatchQuery) CELLibrary(_ caddy.Context) (cel.Library, error) { return CELMatcherImpl( "query", @@ -736,8 +896,9 @@ func (m MatchHeader) Match(r *http.Request) bool { // expression matchers. // // Example: -// expression header({'content-type': 'image/png'}) -// expression header({'foo': ['bar', 'baz']}) // match bar or baz +// +// expression header({'content-type': 'image/png'}) +// expression header({'foo': ['bar', 'baz']}) // match bar or baz func (MatchHeader) CELLibrary(_ caddy.Context) (cel.Library, error) { return CELMatcherImpl( "header", @@ -894,7 +1055,8 @@ func (m MatchHeaderRE) Validate() error { // expression matchers. // // Example: -// expression header_regexp('foo', 'Field', 'fo+') +// +// expression header_regexp('foo', 'Field', 'fo+') func (MatchHeaderRE) CELLibrary(ctx caddy.Context) (cel.Library, error) { unnamedPattern, err := CELMatcherImpl( "header_regexp", @@ -978,7 +1140,8 @@ func (m *MatchProtocol) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { // expression matchers. // // Example: -// expression protocol('https') +// +// expression protocol('https') func (MatchProtocol) CELLibrary(_ caddy.Context) (cel.Library, error) { return CELMatcherImpl( "protocol", @@ -1097,7 +1260,8 @@ func (m *MatchRemoteIP) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { // expression matchers. // // Example: -// expression remote_ip('forwarded', '192.168.0.0/16', '172.16.0.0/12', '10.0.0.0/8') +// +// expression remote_ip('forwarded', '192.168.0.0/16', '172.16.0.0/12', '10.0.0.0/8') func (MatchRemoteIP) CELLibrary(ctx caddy.Context) (cel.Library, error) { return CELMatcherImpl( // name of the macro, this is the function name that users see when writing expressions. diff --git a/modules/caddyhttp/matchers_test.go b/modules/caddyhttp/matchers_test.go index bd4606bc..4d5538cd 100644 --- a/modules/caddyhttp/matchers_test.go +++ b/modules/caddyhttp/matchers_test.go @@ -158,9 +158,10 @@ func TestHostMatcher(t *testing.T) { func TestPathMatcher(t *testing.T) { for i, tc := range []struct { - match MatchPath - input string - expect bool + match MatchPath // not URI-encoded because not parsing from a URI + input string // should be valid URI encoding (escaped) since it will become part of a request + expect bool + provisionErr bool }{ { match: MatchPath{}, @@ -252,6 +253,11 @@ func TestPathMatcher(t *testing.T) { input: "/FOOOO", expect: true, }, + { + match: MatchPath{"*.php"}, + input: "/foo/index.php. .", + expect: true, + }, { match: MatchPath{"/foo/bar.txt"}, input: "/foo/BAR.txt", @@ -263,10 +269,60 @@ func TestPathMatcher(t *testing.T) { expect: true, }, { - match: MatchPath{"/foo*"}, + match: MatchPath{"/foo"}, input: "//foo", expect: true, }, + { + match: MatchPath{"//foo"}, + input: "/foo", + expect: false, + }, + { + match: MatchPath{"//foo"}, + input: "//foo", + expect: true, + }, + { + match: MatchPath{"/foo//*"}, + input: "/foo//bar", + expect: true, + }, + { + match: MatchPath{"/foo//*"}, + input: "/foo/%2Fbar", + expect: true, + }, + { + match: MatchPath{"/foo/%2F*"}, + input: "/foo/%2Fbar", + expect: true, + }, + { + match: MatchPath{"/foo/%2F*"}, + input: "/foo//bar", + expect: false, + }, + { + match: MatchPath{"/foo//bar"}, + input: "/foo//bar", + expect: true, + }, + { + match: MatchPath{"/foo/*//bar"}, + input: "/foo///bar", + expect: true, + }, + { + match: MatchPath{"/foo/%*//bar"}, + input: "/foo///bar", + expect: true, + }, + { + match: MatchPath{"/foo/%*//bar"}, + input: "/foo//%2Fbar", + expect: true, + }, { match: MatchPath{"/foo*"}, input: "/%2F/foo", @@ -292,8 +348,79 @@ func TestPathMatcher(t *testing.T) { input: "/foo/bar", expect: true, }, + // notice these next three test cases are the same normalized path but are written differently + { + match: MatchPath{"/%25@.txt"}, + input: "/%25@.txt", + expect: true, + }, + { + match: MatchPath{"/%25@.txt"}, + input: "/%25%40.txt", + expect: true, + }, + { + match: MatchPath{"/%25%40.txt"}, + input: "/%25%40.txt", + expect: true, + }, + { + match: MatchPath{"/bands/*/*"}, + input: "/bands/AC%2FDC/T.N.T", + expect: false, // because * operates in normalized space + }, + { + match: MatchPath{"/bands/%*/%*"}, + input: "/bands/AC%2FDC/T.N.T", + expect: true, + }, + { + match: MatchPath{"/bands/%*/%*"}, + input: "/bands/AC/DC/T.N.T", + expect: false, + }, + { + match: MatchPath{"/bands/%*"}, + input: "/bands/AC/DC", + expect: false, // not a suffix match + }, + { + match: MatchPath{"/bands/%*"}, + input: "/bands/AC%2FDC", + expect: true, + }, + { + match: MatchPath{"/foo%2fbar/baz"}, + input: "/foo%2Fbar/baz", + expect: true, + }, + { + match: MatchPath{"/foo%2fbar/baz"}, + input: "/foo/bar/baz", + expect: false, + }, + { + match: MatchPath{"/foo/bar/baz"}, + input: "/foo%2fbar/baz", + expect: true, + }, } { - req := &http.Request{URL: &url.URL{Path: tc.input}} + err := tc.match.Provision(caddy.Context{}) + if err == nil && tc.provisionErr { + t.Errorf("Test %d %v: Expected error provisioning, but there was no error", i, tc.match) + } + if err != nil && !tc.provisionErr { + t.Errorf("Test %d %v: Expected no error provisioning, but there was an error: %v", i, tc.match, err) + } + if tc.provisionErr { + continue // if it's not supposed to provision properly, pointless to test it + } + + u, err := url.ParseRequestURI(tc.input) + if err != nil { + t.Fatalf("Test %d (%v): Invalid request URI (should be rejected by Go's HTTP server): %v", i, tc.input, err) + } + req := &http.Request{URL: u} repl := caddy.NewReplacer() ctx := context.WithValue(req.Context(), caddy.ReplacerCtxKey, repl) req = req.WithContext(ctx) @@ -387,6 +514,16 @@ func TestPathREMatcher(t *testing.T) { expect: true, expectRepl: map[string]string{"name.myparam": "bar"}, }, + { + match: MatchPathRE{MatchRegexp{Pattern: "^/%@.txt"}}, + input: "/%25@.txt", + expect: true, + }, + { + match: MatchPathRE{MatchRegexp{Pattern: "^/%25@.txt"}}, + input: "/%25@.txt", + expect: false, + }, } { // compile the regexp and validate its name err := tc.match.Provision(caddy.Context{}) @@ -401,7 +538,11 @@ func TestPathREMatcher(t *testing.T) { } // set up the fake request and its Replacer - req := &http.Request{URL: &url.URL{Path: tc.input}} + u, err := url.ParseRequestURI(tc.input) + if err != nil { + t.Fatalf("Test %d: Bad input URI: %v", i, err) + } + req := &http.Request{URL: u} repl := caddy.NewReplacer() ctx := context.WithValue(req.Context(), caddy.ReplacerCtxKey, repl) req = req.WithContext(ctx) diff --git a/modules/caddyhttp/rewrite/rewrite.go b/modules/caddyhttp/rewrite/rewrite.go index 7da23277..4316b5af 100644 --- a/modules/caddyhttp/rewrite/rewrite.go +++ b/modules/caddyhttp/rewrite/rewrite.go @@ -31,13 +31,25 @@ func init() { caddy.RegisterModule(Rewrite{}) } -// Rewrite is a middleware which can rewrite HTTP requests. +// Rewrite is a middleware which can rewrite/mutate HTTP requests. // -// The Method and URI properties are "setters": the request URI -// will be set to the given values. Other properties are "modifiers": -// they modify existing files but do not explicitly specify what the -// result will be. It is atypical to combine the use of setters and +// The Method and URI properties are "setters" (the request URI +// will be overwritten with the given values). Other properties are +// "modifiers" (they modify existing values in a differentiable +// way). It is atypical to combine the use of setters and // modifiers in a single rewrite. +// +// To ensure consistent behavior, prefix and suffix stripping is +// performed in the URL-decoded (unescaped, normalized) space by +// default except for the specific bytes where an escape sequence +// is used in the prefix or suffix pattern. +// +// For all modifiers, paths are cleaned before being modified so that +// multiple, consecutive slashes are collapsed into a single slash, +// and dot elements are resolved and removed. In the special case +// of a prefix, suffix, or substring containing "//" (repeated slashes), +// slashes will not be merged while cleaning the path so that +// the rewrite can be interpreted literally. type Rewrite struct { // Changes the request's HTTP verb. Method string `json:"method,omitempty"` @@ -59,9 +71,15 @@ type Rewrite struct { URI string `json:"uri,omitempty"` // Strips the given prefix from the beginning of the URI path. + // The prefix should be written in normalized (unescaped) form, + // but if an escaping (`%xx`) is used, the path will be required + // to have that same escape at that position in order to match. StripPathPrefix string `json:"strip_path_prefix,omitempty"` // Strips the given suffix from the end of the URI path. + // The suffix should be written in normalized (unescaped) form, + // but if an escaping (`%xx`) is used, the path will be required + // to have that same escape at that position in order to match. StripPathSuffix string `json:"strip_path_suffix,omitempty"` // Performs substring replacements on the URI. @@ -227,17 +245,18 @@ func (rewr Rewrite) Rewrite(r *http.Request, repl *caddy.Replacer) bool { // strip path prefix or suffix if rewr.StripPathPrefix != "" { prefix := repl.ReplaceAll(rewr.StripPathPrefix, "") - r.URL.RawPath = strings.TrimPrefix(r.URL.RawPath, prefix) - if p, err := url.PathUnescape(r.URL.RawPath); err == nil && p != "" { - r.URL.Path = p - } else { - r.URL.Path = strings.TrimPrefix(r.URL.Path, prefix) - } + mergeSlashes := !strings.Contains(prefix, "//") + changePath(r, func(escapedPath string) string { + escapedPath = caddyhttp.CleanPath(escapedPath, mergeSlashes) + return trimPathPrefix(escapedPath, prefix) + }) } if rewr.StripPathSuffix != "" { suffix := repl.ReplaceAll(rewr.StripPathSuffix, "") - changePath(r, func(pathOrRawPath string) string { - return strings.TrimSuffix(pathOrRawPath, suffix) + mergeSlashes := !strings.Contains(suffix, "//") + changePath(r, func(escapedPath string) string { + escapedPath = caddyhttp.CleanPath(escapedPath, mergeSlashes) + return reverse(trimPathPrefix(reverse(escapedPath), reverse(suffix))) }) } @@ -324,6 +343,58 @@ func buildQueryString(qs string, repl *caddy.Replacer) string { return sb.String() } +// trimPathPrefix is like strings.TrimPrefix, but customized for advanced URI +// path prefix matching. The string prefix will be trimmed from the beginning +// of escapedPath if escapedPath starts with prefix. Rather than a naive 1:1 +// comparison of each byte to determine if escapedPath starts with prefix, +// both strings are iterated in lock-step, and if prefix has a '%' encoding +// at a particular position, escapedPath must also have the same encoding +// representation for that character. In other words, if the prefix string +// uses the escaped form for a character, escapedPath must literally use the +// same escape at that position. Otherwise, all character comparisons are +// performed in normalized/unescaped space. +func trimPathPrefix(escapedPath, prefix string) string { + var iPath, iPrefix int + for { + if iPath >= len(escapedPath) || iPrefix >= len(prefix) { + break + } + + prefixCh := prefix[iPrefix] + ch := string(escapedPath[iPath]) + + if ch == "%" && prefixCh != '%' && len(escapedPath) >= iPath+3 { + var err error + ch, err = url.PathUnescape(escapedPath[iPath : iPath+3]) + if err != nil { + // should be impossible unless EscapedPath() is returning invalid values! + return escapedPath + } + iPath += 2 + } + + // prefix comparisons are case-insensitive to consistency with + // path matcher, which is case-insensitive for good reasons + if !strings.EqualFold(ch, string(prefixCh)) { + return escapedPath + } + + iPath++ + iPrefix++ + } + + // found matching prefix, trim it + return escapedPath[iPath:] +} + +func reverse(s string) string { + r := []rune(s) + for i, j := 0, len(r)-1; i < len(r)/2; i, j = i+1, j-1 { + r[i], r[j] = r[j], r[i] + } + return string(r) +} + // substrReplacer describes either a simple and fast substring replacement. type substrReplacer struct { // A substring to find. Supports placeholders. @@ -351,8 +422,10 @@ func (rep substrReplacer) do(r *http.Request, repl *caddy.Replacer) { find := repl.ReplaceAll(rep.Find, "") replace := repl.ReplaceAll(rep.Replace, "") + mergeSlashes := !strings.Contains(rep.Find, "//") + changePath(r, func(pathOrRawPath string) string { - return strings.Replace(pathOrRawPath, find, replace, lim) + return strings.Replace(caddyhttp.CleanPath(pathOrRawPath, mergeSlashes), find, replace, lim) }) r.URL.RawQuery = strings.Replace(r.URL.RawQuery, find, replace, lim) @@ -380,16 +453,17 @@ func (rep regexReplacer) do(r *http.Request, repl *caddy.Replacer) { }) } -// changePath updates the path on the request URL. It first executes newVal on -// req.URL.RawPath, and if the result is a valid escaping, it will be copied -// into req.URL.Path; otherwise newVal is evaluated only on req.URL.Path. func changePath(req *http.Request, newVal func(pathOrRawPath string) string) { - req.URL.RawPath = newVal(req.URL.RawPath) + req.URL.RawPath = newVal(req.URL.EscapedPath()) if p, err := url.PathUnescape(req.URL.RawPath); err == nil && p != "" { req.URL.Path = p } else { req.URL.Path = newVal(req.URL.Path) } + // RawPath is only set if it's different from the normalized Path (std lib) + if req.URL.RawPath == req.URL.Path { + req.URL.RawPath = "" + } } // Interface guard diff --git a/modules/caddyhttp/rewrite/rewrite_test.go b/modules/caddyhttp/rewrite/rewrite_test.go index 84dce95e..bc20c853 100644 --- a/modules/caddyhttp/rewrite/rewrite_test.go +++ b/modules/caddyhttp/rewrite/rewrite_test.go @@ -235,6 +235,42 @@ func TestRewrite(t *testing.T) { input: newRequest(t, "GET", "/foo/prefix/bar"), expect: newRequest(t, "GET", "/foo/prefix/bar"), }, + { + rule: Rewrite{StripPathPrefix: "//prefix"}, + // scheme and host needed for URL parser to succeed in setting up test + input: newRequest(t, "GET", "http://host//prefix/foo/bar"), + expect: newRequest(t, "GET", "http://host/foo/bar"), + }, + { + rule: Rewrite{StripPathPrefix: "//prefix"}, + input: newRequest(t, "GET", "/prefix/foo/bar"), + expect: newRequest(t, "GET", "/prefix/foo/bar"), + }, + { + rule: Rewrite{StripPathPrefix: "/a%2Fb/c"}, + input: newRequest(t, "GET", "/a%2Fb/c/d"), + expect: newRequest(t, "GET", "/d"), + }, + { + rule: Rewrite{StripPathPrefix: "/a%2Fb/c"}, + input: newRequest(t, "GET", "/a%2fb/c/d"), + expect: newRequest(t, "GET", "/d"), + }, + { + rule: Rewrite{StripPathPrefix: "/a/b/c"}, + input: newRequest(t, "GET", "/a%2Fb/c/d"), + expect: newRequest(t, "GET", "/d"), + }, + { + rule: Rewrite{StripPathPrefix: "/a%2Fb/c"}, + input: newRequest(t, "GET", "/a/b/c/d"), + expect: newRequest(t, "GET", "/a/b/c/d"), + }, + { + rule: Rewrite{StripPathPrefix: "//a%2Fb/c"}, + input: newRequest(t, "GET", "/a/b/c/d"), + expect: newRequest(t, "GET", "/a/b/c/d"), + }, { rule: Rewrite{StripPathSuffix: "/suffix"}, @@ -251,6 +287,11 @@ func TestRewrite(t *testing.T) { input: newRequest(t, "GET", "/foo%2Fbar/suffix"), expect: newRequest(t, "GET", "/foo%2Fbar/"), }, + { + rule: Rewrite{StripPathSuffix: "%2fsuffix"}, + input: newRequest(t, "GET", "/foo%2Fbar%2fsuffix"), + expect: newRequest(t, "GET", "/foo%2Fbar"), + }, { rule: Rewrite{StripPathSuffix: "/suffix"}, input: newRequest(t, "GET", "/foo/suffix/bar"), From a944de4ab7acfdd114d11a2ca0d267110ba9c152 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 16 Aug 2022 10:03:19 -0600 Subject: [PATCH 0728/1498] Clean up metrics test code No need to use != for booleans --- modules/metrics/metrics_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/metrics/metrics_test.go b/modules/metrics/metrics_test.go index d5bdf501..9eb02fbb 100644 --- a/modules/metrics/metrics_test.go +++ b/modules/metrics/metrics_test.go @@ -21,7 +21,7 @@ func TestMetricsUnmarshalCaddyfile(t *testing.T) { t.Errorf("unexpected error: %v", err) } - if m.DisableOpenMetrics != false { + if m.DisableOpenMetrics { t.Errorf("DisableOpenMetrics should've been false: %v", m.DisableOpenMetrics) } @@ -32,7 +32,7 @@ func TestMetricsUnmarshalCaddyfile(t *testing.T) { t.Errorf("unexpected error: %v", err) } - if m.DisableOpenMetrics != true { + if !m.DisableOpenMetrics { t.Errorf("DisableOpenMetrics should've been true: %v", m.DisableOpenMetrics) } From c7772588bd44ceffcc0ba4817e4d43c826675379 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wilczy=C5=84skiT?= <102859171+WilczynskiT@users.noreply.github.com> Date: Thu, 18 Aug 2022 00:10:57 +0200 Subject: [PATCH 0729/1498] core: Change net.IP to netip.Addr; use netip.Prefix (#4966) Co-authored-by: Matt Holt --- caddyconfig/httpcaddyfile/addresses.go | 7 ++-- listeners.go | 5 +-- modules/caddyhttp/matchers.go | 30 ++++++++-------- .../caddyhttp/reverseproxy/reverseproxy.go | 31 +++++++---------- modules/caddytls/matchers.go | 34 +++++++++---------- 5 files changed, 50 insertions(+), 57 deletions(-) diff --git a/caddyconfig/httpcaddyfile/addresses.go b/caddyconfig/httpcaddyfile/addresses.go index 0553c083..e7a7cdb0 100644 --- a/caddyconfig/httpcaddyfile/addresses.go +++ b/caddyconfig/httpcaddyfile/addresses.go @@ -17,6 +17,7 @@ package httpcaddyfile import ( "fmt" "net" + "net/netip" "reflect" "sort" "strconv" @@ -354,9 +355,9 @@ func (a Address) Normalize() Address { // ensure host is normalized if it's an IP address host := strings.TrimSpace(a.Host) - if ip := net.ParseIP(host); ip != nil { - if ipv6 := ip.To16(); ipv6 != nil && ipv6.DefaultMask() == nil { - host = ipv6.String() + if ip, err := netip.ParseAddr(host); err == nil { + if ip.Is6() && !ip.Is4() && !ip.Is4In6() { + host = ip.String() } } diff --git a/listeners.go b/listeners.go index c7d6d52f..86983874 100644 --- a/listeners.go +++ b/listeners.go @@ -20,6 +20,7 @@ import ( "errors" "fmt" "net" + "net/netip" "os" "strconv" "strings" @@ -400,7 +401,7 @@ func (na NetworkAddress) isLoopback() bool { if na.Host == "localhost" { return true } - if ip := net.ParseIP(na.Host); ip != nil { + if ip, err := netip.ParseAddr(na.Host); err == nil { return ip.IsLoopback() } return false @@ -410,7 +411,7 @@ func (na NetworkAddress) isWildcardInterface() bool { if na.Host == "" { return true } - if ip := net.ParseIP(na.Host); ip != nil { + if ip, err := netip.ParseAddr(na.Host); err == nil { return ip.IsUnspecified() } return false diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index d6bbe7e4..5056c9aa 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -20,6 +20,7 @@ import ( "fmt" "net" "net/http" + "net/netip" "net/textproto" "net/url" "path" @@ -171,7 +172,7 @@ type ( // cidrs and zones vars should aligned always in the same // length and indexes for matching later - cidrs []*net.IPNet + cidrs []*netip.Prefix zones []string logger *zap.Logger } @@ -1311,27 +1312,24 @@ func (m *MatchRemoteIP) Provision(ctx caddy.Context) error { m.zones = append(m.zones, "") } if strings.Contains(str, "/") { - _, ipNet, err := net.ParseCIDR(str) + ipNet, err := netip.ParsePrefix(str) if err != nil { return fmt.Errorf("parsing CIDR expression '%s': %v", str, err) } - m.cidrs = append(m.cidrs, ipNet) + m.cidrs = append(m.cidrs, &ipNet) } else { - ip := net.ParseIP(str) - if ip == nil { - return fmt.Errorf("invalid IP address: %s", str) + ipAddr, err := netip.ParseAddr(str) + if err != nil { + return fmt.Errorf("invalid IP address: '%s': %v", str, err) } - mask := len(ip) * 8 - m.cidrs = append(m.cidrs, &net.IPNet{ - IP: ip, - Mask: net.CIDRMask(mask, mask), - }) + ipNew := netip.PrefixFrom(ipAddr, ipAddr.BitLen()) + m.cidrs = append(m.cidrs, &ipNew) } } return nil } -func (m MatchRemoteIP) getClientIP(r *http.Request) (net.IP, string, error) { +func (m MatchRemoteIP) getClientIP(r *http.Request) (netip.Addr, string, error) { remote := r.RemoteAddr zoneID := "" if m.Forwarded { @@ -1350,11 +1348,11 @@ func (m MatchRemoteIP) getClientIP(r *http.Request) (net.IP, string, error) { ipStr = split[0] zoneID = split[1] } - ip := net.ParseIP(ipStr) - if ip == nil { - return nil, zoneID, fmt.Errorf("invalid client IP address: %s", ipStr) + ipAddr, err := netip.ParseAddr(ipStr) + if err != nil { + return netip.IPv4Unspecified(), "", err } - return ip, zoneID, nil + return ipAddr, zoneID, nil } // Match returns true if r matches m. diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index cc6b530c..0890306c 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -24,6 +24,7 @@ import ( "net" "net/http" "net/http/httptrace" + "net/netip" "net/textproto" "net/url" "regexp" @@ -180,7 +181,7 @@ type Handler struct { DynamicUpstreams UpstreamSource `json:"-"` // Holds the parsed CIDR ranges from TrustedProxies - trustedProxies []*net.IPNet + trustedProxies []netip.Prefix // Holds the named response matchers from the Caddyfile while adapting responseMatchers map[string]caddyhttp.ResponseMatcher @@ -251,24 +252,18 @@ func (h *Handler) Provision(ctx caddy.Context) error { // parse trusted proxy CIDRs ahead of time for _, str := range h.TrustedProxies { if strings.Contains(str, "/") { - _, ipNet, err := net.ParseCIDR(str) + ipNet, err := netip.ParsePrefix(str) if err != nil { - return fmt.Errorf("parsing CIDR expression: %v", err) + return fmt.Errorf("parsing CIDR expression: '%s': %v", str, err) } h.trustedProxies = append(h.trustedProxies, ipNet) } else { - ip := net.ParseIP(str) - if ip == nil { - return fmt.Errorf("invalid IP address: %s", str) + ipAddr, err := netip.ParseAddr(str) + if err != nil { + return fmt.Errorf("invalid IP address: '%s': %v", str, err) } - if ipv4 := ip.To4(); ipv4 != nil { - ip = ipv4 - } - mask := len(ip) * 8 - h.trustedProxies = append(h.trustedProxies, &net.IPNet{ - IP: ip, - Mask: net.CIDRMask(mask, mask), - }) + ipNew := netip.PrefixFrom(ipAddr, ipAddr.BitLen()) + h.trustedProxies = append(h.trustedProxies, ipNew) } } @@ -672,15 +667,15 @@ func (h Handler) addForwardedHeaders(req *http.Request) error { if before, _, found := strings.Cut(clientIP, "%"); found { clientIP = before } - ip := net.ParseIP(clientIP) - if ip == nil { - return fmt.Errorf("invalid client IP address: %s", clientIP) + ipAddr, err := netip.ParseAddr(clientIP) + if err != nil { + return fmt.Errorf("invalid IP address: '%s': %v", clientIP, err) } // Check if the client is a trusted proxy trusted := false for _, ipRange := range h.trustedProxies { - if ipRange.Contains(ip) { + if ipRange.Contains(ipAddr) { trusted = true break } diff --git a/modules/caddytls/matchers.go b/modules/caddytls/matchers.go index d41492ff..4a22bc09 100644 --- a/modules/caddytls/matchers.go +++ b/modules/caddytls/matchers.go @@ -18,6 +18,7 @@ import ( "crypto/tls" "fmt" "net" + "net/netip" "strings" "github.com/caddyserver/caddy/v2" @@ -65,8 +66,8 @@ type MatchRemoteIP struct { // The IPs or CIDR ranges to *NOT* match. NotRanges []string `json:"not_ranges,omitempty"` - cidrs []*net.IPNet - notCidrs []*net.IPNet + cidrs []netip.Prefix + notCidrs []netip.Prefix logger *zap.Logger } @@ -105,38 +106,35 @@ func (m MatchRemoteIP) Match(hello *tls.ClientHelloInfo) bool { if err != nil { ipStr = remoteAddr // weird; maybe no port? } - ip := net.ParseIP(ipStr) - if ip == nil { + ipAddr, err := netip.ParseAddr(ipStr) + if err != nil { m.logger.Error("invalid client IP addresss", zap.String("ip", ipStr)) return false } - return (len(m.cidrs) == 0 || m.matches(ip, m.cidrs)) && - (len(m.notCidrs) == 0 || !m.matches(ip, m.notCidrs)) + return (len(m.cidrs) == 0 || m.matches(ipAddr, m.cidrs)) && + (len(m.notCidrs) == 0 || !m.matches(ipAddr, m.notCidrs)) } -func (MatchRemoteIP) parseIPRange(str string) ([]*net.IPNet, error) { - var cidrs []*net.IPNet +func (MatchRemoteIP) parseIPRange(str string) ([]netip.Prefix, error) { + var cidrs []netip.Prefix if strings.Contains(str, "/") { - _, ipNet, err := net.ParseCIDR(str) + ipNet, err := netip.ParsePrefix(str) if err != nil { return nil, fmt.Errorf("parsing CIDR expression: %v", err) } cidrs = append(cidrs, ipNet) } else { - ip := net.ParseIP(str) - if ip == nil { - return nil, fmt.Errorf("invalid IP address: %s", str) + ipAddr, err := netip.ParseAddr(str) + if err != nil { + return nil, fmt.Errorf("invalid IP address: '%s': %v", str, err) } - mask := len(ip) * 8 - cidrs = append(cidrs, &net.IPNet{ - IP: ip, - Mask: net.CIDRMask(mask, mask), - }) + ip := netip.PrefixFrom(ipAddr, ipAddr.BitLen()) + cidrs = append(cidrs, ip) } return cidrs, nil } -func (MatchRemoteIP) matches(ip net.IP, ranges []*net.IPNet) bool { +func (MatchRemoteIP) matches(ip netip.Addr, ranges []netip.Prefix) bool { for _, ipRange := range ranges { if ipRange.Contains(ip) { return true From fe5f5dfd6aa2f48e92897327c9c7d8c8583a3d72 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 18 Aug 2022 10:56:27 -0600 Subject: [PATCH 0730/1498] go.mod: Upgrade CertMagic to v0.16.3 --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 5f49829a..3ad78190 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( github.com/Masterminds/sprig/v3 v3.2.2 github.com/alecthomas/chroma v0.10.0 github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b - github.com/caddyserver/certmagic v0.16.2 + github.com/caddyserver/certmagic v0.16.3 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-chi/chi v4.1.2+incompatible github.com/google/cel-go v0.12.4 @@ -29,7 +29,7 @@ require ( go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.4.0 go.opentelemetry.io/otel/sdk v1.4.0 go.uber.org/zap v1.21.0 - golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29 + golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa golang.org/x/net v0.0.0-20220812165438-1d4ff48094d1 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 @@ -90,7 +90,7 @@ require ( github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect github.com/micromdm/scep/v2 v2.1.0 // indirect - github.com/miekg/dns v1.1.46 // indirect + github.com/miekg/dns v1.1.50 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/go-ps v1.0.0 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect diff --git a/go.sum b/go.sum index 5b7c35ee..a8050068 100644 --- a/go.sum +++ b/go.sum @@ -129,8 +129,8 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps= -github.com/caddyserver/certmagic v0.16.2 h1:k2n3LkkUG3aMUK/kckMuF9/0VFo+0FtMX3drPYESbmQ= -github.com/caddyserver/certmagic v0.16.2/go.mod h1:PgLIr/dSJa+WA7t7z6Je5xuS/e5A/GFCPHRuZ1QP+MQ= +github.com/caddyserver/certmagic v0.16.3 h1:1ZbiU7y5X0MnDjBTXywUbPMs/ScHbgCeeCy/LPh4IZk= +github.com/caddyserver/certmagic v0.16.3/go.mod h1:pSS2aZcdKlrTZrb2DKuRafckx20o5Fz1EdDKEB8KOQM= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs= @@ -580,8 +580,8 @@ github.com/micromdm/scep/v2 v2.1.0 h1:2fS9Rla7qRR266hvUoEauBJ7J6FhgssEiq2OkSKXma github.com/micromdm/scep/v2 v2.1.0/go.mod h1:BkF7TkPPhmgJAMtHfP+sFTKXmgzNJgLQlvvGoOExBcc= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/dns v1.1.43/go.mod h1:+evo5L0630/F6ca/Z9+GAqzhjGyn8/c+TBaOyfEl0V4= -github.com/miekg/dns v1.1.46 h1:uzwpxRtSVxtcIZmz/4Uz6/Rn7G11DvsaslXoy5LxQio= -github.com/miekg/dns v1.1.46/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME= +github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA= +github.com/miekg/dns v1.1.50/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME= github.com/miekg/pkcs11 v1.0.3-0.20190429190417-a667d056470f/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= @@ -892,8 +892,8 @@ golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211202192323-5770296d904e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29 h1:tkVvjkPTB7pnW3jnid7kNyAMPVWllTNOf/qKDze4p9o= -golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa h1:zuSxTR4o9y82ebqCUJYNGJbGPo6sKVl54f/TVDObg1c= +golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= From 72541f1cb81a97466afcdf0a6164367c499a9f81 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 23 Aug 2022 01:31:07 -0400 Subject: [PATCH 0731/1498] caddyhttp: Set `http.error.message` to the HandlerError message (#4971) --- modules/caddyhttp/server.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index f8cd6122..73e14757 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -526,8 +526,9 @@ func (*HTTPErrorConfig) WithError(r *http.Request, err error) *http.Request { if handlerErr, ok := err.(HandlerError); ok { repl.Set("http.error.status_code", handlerErr.StatusCode) repl.Set("http.error.status_text", http.StatusText(handlerErr.StatusCode)) - repl.Set("http.error.trace", handlerErr.Trace) repl.Set("http.error.id", handlerErr.ID) + repl.Set("http.error.trace", handlerErr.Trace) + repl.Set("http.error.message", handlerErr.Err.Error()) } return r From a22c08a6385772861173f21ebab3ac0b63796402 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 23 Aug 2022 10:17:46 -0400 Subject: [PATCH 0732/1498] caddyhttp: Fix for nil `handlerErr.Err` (#4977) --- modules/caddyhttp/server.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index 73e14757..be59184b 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -528,7 +528,11 @@ func (*HTTPErrorConfig) WithError(r *http.Request, err error) *http.Request { repl.Set("http.error.status_text", http.StatusText(handlerErr.StatusCode)) repl.Set("http.error.id", handlerErr.ID) repl.Set("http.error.trace", handlerErr.Trace) - repl.Set("http.error.message", handlerErr.Err.Error()) + if handlerErr.Err != nil { + repl.Set("http.error.message", handlerErr.Err.Error()) + } else { + repl.Set("http.error.message", http.StatusText(handlerErr.StatusCode)) + } } return r From e289ba6187ddd50afc86feb85246a14298673a69 Mon Sep 17 00:00:00 2001 From: jedy Date: Tue, 23 Aug 2022 22:26:02 +0800 Subject: [PATCH 0733/1498] templates: cap of slice should not be smaller than length (#4975) --- modules/caddyhttp/templates/templates.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/caddyhttp/templates/templates.go b/modules/caddyhttp/templates/templates.go index 85612ba0..40e5bbeb 100644 --- a/modules/caddyhttp/templates/templates.go +++ b/modules/caddyhttp/templates/templates.go @@ -296,7 +296,7 @@ func (Templates) CaddyModule() caddy.ModuleInfo { // Provision provisions t. func (t *Templates) Provision(ctx caddy.Context) error { fnModInfos := caddy.GetModules("http.handlers.templates.functions") - customFuncs := make([]template.FuncMap, len(fnModInfos), 0) + customFuncs := make([]template.FuncMap, 0, len(fnModInfos)) for _, modInfo := range fnModInfos { mod := modInfo.New() fnMod, ok := mod.(CustomFunctions) From bbc923d66b92780a10ba961fcbe7f056bf7ef3b6 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Tue, 23 Aug 2022 14:26:19 -0600 Subject: [PATCH 0734/1498] ci: Increase linter timeout (#4981) --- .github/workflows/lint.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index c5e64d11..d437d7bf 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -29,5 +29,7 @@ jobs: uses: golangci/golangci-lint-action@v3 with: version: v1.47 + # Windows times out frequently after about 5m50s if we don't set a longer timeout. + args: --timeout 10m # Optional: show only new issues if it's a pull request. The default value is `false`. # only-new-issues: true From 3aabbc49a2eccc66a20d3223e9fb2925cbbdd0d4 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 23 Aug 2022 22:28:11 -0600 Subject: [PATCH 0735/1498] caddytls: Log error if ask request fails Errors returned from the DecisionFunc (whether to get a cert on-demand) are used as a signal whether to allow a cert or not; *any* error will forbid cert issuance. We bubble up the error all the way to the caller, but that caller is the Go standard library which might gobble it up. Now we explicitly log connection errors so sysadmins can ensure their ask endpoints are working. Thanks to our sponsor AppCove for reporting this! --- modules/caddytls/acmeissuer.go | 52 ++++++++++++++++++---------------- modules/caddytls/automation.go | 9 ++++++ 2 files changed, 37 insertions(+), 24 deletions(-) diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go index 9552d6f6..2fe4004f 100644 --- a/modules/caddytls/acmeissuer.go +++ b/modules/caddytls/acmeissuer.go @@ -17,6 +17,7 @@ package caddytls import ( "context" "crypto/x509" + "errors" "fmt" "net/url" "os" @@ -250,28 +251,27 @@ func (iss *ACMEIssuer) GetACMEIssuer() *ACMEIssuer { return iss } // UnmarshalCaddyfile deserializes Caddyfile tokens into iss. // -// ... acme [] { -// dir -// test_dir -// email -// timeout -// disable_http_challenge -// disable_tlsalpn_challenge -// alt_http_port -// alt_tlsalpn_port -// eab -// trusted_roots -// dns [] -// propagation_delay -// propagation_timeout -// resolvers -// dns_challenge_override_domain -// preferred_chains [smallest] { -// root_common_name -// any_common_name -// } -// } -// +// ... acme [] { +// dir +// test_dir +// email +// timeout +// disable_http_challenge +// disable_tlsalpn_challenge +// alt_http_port +// alt_tlsalpn_port +// eab +// trusted_roots +// dns [] +// propagation_delay +// propagation_timeout +// resolvers +// dns_challenge_override_domain +// preferred_chains [smallest] { +// root_common_name +// any_common_name +// } +// } func (iss *ACMEIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { for d.Next() { if d.NextArg() { @@ -494,8 +494,7 @@ func onDemandAskRequest(ask string, name string) error { resp.Body.Close() if resp.StatusCode < 200 || resp.StatusCode > 299 { - return fmt.Errorf("certificate for hostname '%s' not allowed; non-2xx status code %d returned from %v", - name, resp.StatusCode, ask) + return fmt.Errorf("%s: %w %s - non-2xx status code %d", name, errAskDenied, ask, resp.StatusCode) } return nil @@ -568,6 +567,11 @@ type ChainPreference struct { AnyCommonName []string `json:"any_common_name,omitempty"` } +// errAskDenied is an error that should be wrapped or returned when the +// configured "ask" endpoint does not allow a certificate to be issued, +// to distinguish that from other errors such as connection failure. +var errAskDenied = errors.New("certificate not allowed by ask endpoint") + // Interface guards var ( _ certmagic.PreChecker = (*ACMEIssuer)(nil) diff --git a/modules/caddytls/automation.go b/modules/caddytls/automation.go index ee168b43..0a732b8d 100644 --- a/modules/caddytls/automation.go +++ b/modules/caddytls/automation.go @@ -16,6 +16,7 @@ package caddytls import ( "encoding/json" + "errors" "fmt" "net/http" "time" @@ -23,6 +24,7 @@ import ( "github.com/caddyserver/caddy/v2" "github.com/caddyserver/certmagic" "github.com/mholt/acmez" + "go.uber.org/zap" ) // AutomationConfig governs the automated management of TLS certificates. @@ -174,6 +176,13 @@ func (ap *AutomationPolicy) Provision(tlsApp *TLS) error { tlsApp.Automation.OnDemand.Ask != "" { err := onDemandAskRequest(tlsApp.Automation.OnDemand.Ask, name) if err != nil { + // distinguish true errors from denials, because it's important to log actual errors + if !errors.Is(err, errAskDenied) { + tlsApp.logger.Error("request to 'ask' endpoint failed", + zap.Error(err), + zap.String("endpoint", tlsApp.Automation.OnDemand.Ask), + zap.String("domain", name)) + } return err } } From b540f195b1bdf5ea8b869e43431a3f1d64810753 Mon Sep 17 00:00:00 2001 From: Ben Burkert Date: Wed, 24 Aug 2022 19:22:56 +0200 Subject: [PATCH 0736/1498] httpcaddyfile: Add ocsp_interval global option (#4980) --- caddyconfig/httpcaddyfile/options.go | 1 + caddyconfig/httpcaddyfile/tlsapp.go | 8 ++++++++ .../integration/caddyfile_adapt/global_options_acme.txt | 2 ++ 3 files changed, 11 insertions(+) diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go index 36f8f4b1..c41e8bc8 100644 --- a/caddyconfig/httpcaddyfile/options.go +++ b/caddyconfig/httpcaddyfile/options.go @@ -37,6 +37,7 @@ func init() { RegisterGlobalOption("storage", parseOptStorage) RegisterGlobalOption("storage_clean_interval", parseOptDuration) RegisterGlobalOption("renew_interval", parseOptDuration) + RegisterGlobalOption("ocsp_interval", parseOptDuration) RegisterGlobalOption("acme_ca", parseOptSingleString) RegisterGlobalOption("acme_ca_root", parseOptSingleString) RegisterGlobalOption("acme_dns", parseOptACMEDNS) diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index 32c17478..947512aa 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -307,6 +307,14 @@ func (st ServerType) buildTLSApp( tlsApp.Automation.RenewCheckInterval = renewCheckInterval } + // set the OCSP check interval if configured + if ocspCheckInterval, ok := options["ocsp_interval"].(caddy.Duration); ok { + if tlsApp.Automation == nil { + tlsApp.Automation = new(caddytls.AutomationConfig) + } + tlsApp.Automation.OCSPCheckInterval = ocspCheckInterval + } + // set whether OCSP stapling should be disabled for manually-managed certificates if ocspConfig, ok := options["ocsp_stapling"].(certmagic.OCSPConfig); ok { tlsApp.DisableOCSPStapling = ocspConfig.DisableStapling diff --git a/caddytest/integration/caddyfile_adapt/global_options_acme.txt b/caddytest/integration/caddyfile_adapt/global_options_acme.txt index 58ade308..1949d17a 100644 --- a/caddytest/integration/caddyfile_adapt/global_options_acme.txt +++ b/caddytest/integration/caddyfile_adapt/global_options_acme.txt @@ -22,6 +22,7 @@ } storage_clean_interval 7d renew_interval 1d + ocsp_interval 2d key_type ed25519 } @@ -83,6 +84,7 @@ }, "ask": "https://example.com" }, + "ocsp_interval": 172800000000000, "renew_interval": 86400000000000, "storage_clean_interval": 604800000000000 } From 66596f2d74dfbd876cbd140467491951b69dec5c Mon Sep 17 00:00:00 2001 From: Simon Legner Date: Thu, 25 Aug 2022 11:00:05 +0200 Subject: [PATCH 0737/1498] zstd: fix typo in comment (#4985) --- modules/caddyhttp/encode/zstd/zstd.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/caddyhttp/encode/zstd/zstd.go b/modules/caddyhttp/encode/zstd/zstd.go index d2a638cb..3da9b138 100644 --- a/modules/caddyhttp/encode/zstd/zstd.go +++ b/modules/caddyhttp/encode/zstd/zstd.go @@ -45,7 +45,7 @@ func (z *Zstd) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { // used in the Accept-Encoding request headers. func (Zstd) AcceptEncoding() string { return "zstd" } -// NewEncoder returns a new gzip writer. +// NewEncoder returns a new Zstandard writer. func (z Zstd) NewEncoder() encode.Encoder { // The default of 8MB for the window is // too large for many clients, so we limit From 2cc5d38229d92838b2753fd0e67e083f70251f75 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 25 Aug 2022 13:28:58 -0600 Subject: [PATCH 0738/1498] Fix comment indentation --- modules/caddyhttp/replacer.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/caddyhttp/replacer.go b/modules/caddyhttp/replacer.go index 76c1c872..17fc02ea 100644 --- a/modules/caddyhttp/replacer.go +++ b/modules/caddyhttp/replacer.go @@ -169,7 +169,7 @@ func addHTTPVarsToReplacer(repl *caddy.Replacer, req *http.Request, w http.Respo req.Body = io.NopCloser(buf) // replace real body with buffered data return buf.String(), true - // original request, before any internal changes + // original request, before any internal changes case "http.request.orig_method": or, _ := req.Context().Value(OriginalRequestCtxKey).(http.Request) return or.Method, true From 5fb5b81439a521294a88cf4ad6da49fdc350f3aa Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 25 Aug 2022 21:42:48 -0600 Subject: [PATCH 0739/1498] reverseproxy: Multiple dynamic upstreams This allows users to, for example, get upstreams from multiple SRV endpoints in order (such as primary and secondary clusters). Also, gofmt went to town on the comments, sigh --- modules/caddyhttp/reverseproxy/caddyfile.go | 257 +++++++++++--------- modules/caddyhttp/reverseproxy/upstreams.go | 81 +++++- 2 files changed, 218 insertions(+), 120 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index a2c85f90..f746ee50 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -52,73 +52,73 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) // UnmarshalCaddyfile sets up the handler from Caddyfile tokens. Syntax: // -// reverse_proxy [] [] { -// # backends -// to -// dynamic [...] +// reverse_proxy [] [] { +// # backends +// to +// dynamic [...] // -// # load balancing -// lb_policy [] -// lb_retries -// lb_try_duration -// lb_try_interval -// lb_retry_match +// # load balancing +// lb_policy [] +// lb_retries +// lb_try_duration +// lb_try_interval +// lb_retry_match // -// # active health checking -// health_uri -// health_port -// health_interval -// health_timeout -// health_status -// health_body -// health_headers { -// [] -// } +// # active health checking +// health_uri +// health_port +// health_interval +// health_timeout +// health_status +// health_body +// health_headers { +// [] +// } // -// # passive health checking -// fail_duration -// max_fails -// unhealthy_status -// unhealthy_latency -// unhealthy_request_count +// # passive health checking +// fail_duration +// max_fails +// unhealthy_status +// unhealthy_latency +// unhealthy_request_count // -// # streaming -// flush_interval -// buffer_requests -// buffer_responses -// max_buffer_size +// # streaming +// flush_interval +// buffer_requests +// buffer_responses +// max_buffer_size // -// # request manipulation -// trusted_proxies [private_ranges] -// header_up [+|-] [ []] -// header_down [+|-] [ []] -// method -// rewrite +// # request manipulation +// trusted_proxies [private_ranges] +// header_up [+|-] [ []] +// header_down [+|-] [ []] +// method +// rewrite // -// # round trip -// transport { -// ... -// } +// # round trip +// transport { +// ... +// } // -// # optionally intercept responses from upstream -// @name { -// status -// header [] -// } -// replace_status [] -// handle_response [] { -// +// # optionally intercept responses from upstream +// @name { +// status +// header [] +// } +// replace_status [] +// handle_response [] { +// // -// # special directives only available in handle_response -// copy_response [] [] { -// status -// } -// copy_response_headers [] { -// include -// exclude -// } -// } -// } +// # special directives only available in handle_response +// copy_response [] [] { +// status +// } +// copy_response_headers [] { +// include +// exclude +// } +// } +// } // // Proxy upstream addresses should be network dial addresses such // as `host:port`, or a URL such as `scheme://host:port`. Scheme @@ -824,33 +824,32 @@ func (h *Handler) FinalizeUnmarshalCaddyfile(helper httpcaddyfile.Helper) error // UnmarshalCaddyfile deserializes Caddyfile tokens into h. // -// transport http { -// read_buffer -// write_buffer -// max_response_header -// dial_timeout -// dial_fallback_delay -// response_header_timeout -// expect_continue_timeout -// resolvers -// tls -// tls_client_auth | -// tls_insecure_skip_verify -// tls_timeout -// tls_trusted_ca_certs -// tls_server_name -// tls_renegotiation -// tls_except_ports -// keepalive [off|] -// keepalive_interval -// keepalive_idle_conns -// keepalive_idle_conns_per_host -// versions -// compression off -// max_conns_per_host -// max_idle_conns_per_host -// } -// +// transport http { +// read_buffer +// write_buffer +// max_response_header +// dial_timeout +// dial_fallback_delay +// response_header_timeout +// expect_continue_timeout +// resolvers +// tls +// tls_client_auth | +// tls_insecure_skip_verify +// tls_timeout +// tls_trusted_ca_certs +// tls_server_name +// tls_renegotiation +// tls_except_ports +// keepalive [off|] +// keepalive_interval +// keepalive_idle_conns +// keepalive_idle_conns_per_host +// versions +// compression off +// max_conns_per_host +// max_idle_conns_per_host +// } func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { for d.Next() { for d.NextBlock(0) { @@ -1138,10 +1137,9 @@ func parseCopyResponseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHan // UnmarshalCaddyfile sets up the handler from Caddyfile tokens. Syntax: // -// copy_response [] [] { -// status -// } -// +// copy_response [] [] { +// status +// } func (h *CopyResponseHandler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { for d.Next() { args := d.RemainingArgs() @@ -1178,11 +1176,10 @@ func parseCopyResponseHeadersCaddyfile(h httpcaddyfile.Helper) (caddyhttp.Middle // UnmarshalCaddyfile sets up the handler from Caddyfile tokens. Syntax: // -// copy_response_headers [] { -// include -// exclude -// } -// +// copy_response_headers [] { +// include +// exclude +// } func (h *CopyResponseHeadersHandler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { for d.Next() { args := d.RemainingArgs() @@ -1208,16 +1205,15 @@ func (h *CopyResponseHeadersHandler) UnmarshalCaddyfile(d *caddyfile.Dispenser) // UnmarshalCaddyfile deserializes Caddyfile tokens into h. // -// dynamic srv [] { -// service -// proto -// name -// refresh -// resolvers -// dial_timeout -// dial_fallback_delay -// } -// +// dynamic srv [] { +// service +// proto +// name +// refresh +// resolvers +// dial_timeout +// dial_fallback_delay +// } func (u *SRVUpstreams) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { for d.Next() { args := d.RemainingArgs() @@ -1307,15 +1303,14 @@ func (u *SRVUpstreams) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { // UnmarshalCaddyfile deserializes Caddyfile tokens into h. // -// dynamic a [ -// port -// refresh -// resolvers -// dial_timeout -// dial_fallback_delay -// } -// +// dynamic a [ +// port +// refresh +// resolvers +// dial_timeout +// dial_fallback_delay +// } func (u *AUpstreams) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { for d.Next() { args := d.RemainingArgs() @@ -1324,7 +1319,9 @@ func (u *AUpstreams) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { } if len(args) > 0 { u.Name = args[0] - u.Port = args[1] + if len(args) == 2 { + u.Port = args[1] + } } for d.NextBlock(0) { @@ -1395,6 +1392,35 @@ func (u *AUpstreams) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return nil } +// UnmarshalCaddyfile deserializes Caddyfile tokens into h. +// +// dynamic multi { +// [...] +// } +func (u *MultiUpstreams) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + for d.Next() { + if d.NextArg() { + return d.ArgErr() + } + + for nesting := d.Nesting(); d.NextBlock(nesting); { + dynModule := d.Val() + modID := "http.reverse_proxy.upstreams." + dynModule + unm, err := caddyfile.UnmarshalModule(d, modID) + if err != nil { + return err + } + source, ok := unm.(UpstreamSource) + if !ok { + return d.Errf("module %s (%T) is not an UpstreamSource", modID, unm) + } + u.SourcesRaw = append(u.SourcesRaw, caddyconfig.JSONModuleObject(source, "source", dynModule, nil)) + } + } + + return nil +} + const matcherPrefix = "@" // Interface guards @@ -1403,4 +1429,5 @@ var ( _ caddyfile.Unmarshaler = (*HTTPTransport)(nil) _ caddyfile.Unmarshaler = (*SRVUpstreams)(nil) _ caddyfile.Unmarshaler = (*AUpstreams)(nil) + _ caddyfile.Unmarshaler = (*MultiUpstreams)(nil) ) diff --git a/modules/caddyhttp/reverseproxy/upstreams.go b/modules/caddyhttp/reverseproxy/upstreams.go index f788dadb..f49bb289 100644 --- a/modules/caddyhttp/reverseproxy/upstreams.go +++ b/modules/caddyhttp/reverseproxy/upstreams.go @@ -2,6 +2,7 @@ package reverseproxy import ( "context" + "encoding/json" "fmt" weakrand "math/rand" "net" @@ -18,6 +19,7 @@ import ( func init() { caddy.RegisterModule(SRVUpstreams{}) caddy.RegisterModule(AUpstreams{}) + caddy.RegisterModule(MultiUpstreams{}) } // SRVUpstreams provides upstreams from SRV lookups. @@ -211,11 +213,6 @@ func (sl srvLookup) isFresh() bool { return time.Since(sl.freshness) < time.Duration(sl.srvUpstreams.Refresh) } -var ( - srvs = make(map[string]srvLookup) - srvsMu sync.RWMutex -) - // AUpstreams provides upstreams from A/AAAA lookups. // Results are cached and refreshed at the configured // refresh interval. @@ -355,6 +352,77 @@ func (al aLookup) isFresh() bool { return time.Since(al.freshness) < time.Duration(al.aUpstreams.Refresh) } +// MultiUpstreams is a single dynamic upstream source that +// aggregates the results of multiple dynamic upstream sources. +// All configured sources will be queried in order, with their +// results appended to the end of the list. Errors returned +// from individual sources will be logged and the next source +// will continue to be invoked. +// +// This module makes it easy to implement redundant cluster +// failovers, especially in conjunction with the `first` load +// balancing policy: if the first source returns an error or +// no upstreams, the second source's upstreams will be used +// naturally. +type MultiUpstreams struct { + // The list of upstream source modules to get upstreams from. + // They will be queried in order, with their results appended + // in the order they are returned. + SourcesRaw []json.RawMessage `json:"sources,omitempty" caddy:"namespace=http.reverse_proxy.upstreams inline_key=source"` + sources []UpstreamSource + + logger *zap.Logger +} + +// CaddyModule returns the Caddy module information. +func (MultiUpstreams) CaddyModule() caddy.ModuleInfo { + return caddy.ModuleInfo{ + ID: "http.reverse_proxy.upstreams.multi", + New: func() caddy.Module { return new(MultiUpstreams) }, + } +} + +func (mu *MultiUpstreams) Provision(ctx caddy.Context) error { + mu.logger = ctx.Logger(mu) + + if mu.SourcesRaw != nil { + mod, err := ctx.LoadModule(mu, "SourcesRaw") + if err != nil { + return fmt.Errorf("loading upstream source modules: %v", err) + } + for _, src := range mod.([]any) { + mu.sources = append(mu.sources, src.(UpstreamSource)) + } + } + + return nil +} + +func (mu MultiUpstreams) GetUpstreams(r *http.Request) ([]*Upstream, error) { + var upstreams []*Upstream + + for i, src := range mu.sources { + select { + case <-r.Context().Done(): + return upstreams, context.Canceled + default: + } + + up, err := src.GetUpstreams(r) + if err != nil { + mu.logger.Error("upstream source returned error", + zap.Int("source_idx", i), + zap.Error(err)) + } else if len(up) == 0 { + mu.logger.Warn("upstream source returned 0 upstreams", zap.Int("source_idx", i)) + } else { + upstreams = append(upstreams, up...) + } + } + + return upstreams, nil +} + // UpstreamResolver holds the set of addresses of DNS resolvers of // upstream addresses type UpstreamResolver struct { @@ -391,6 +459,9 @@ func (u *UpstreamResolver) ParseAddresses() error { } var ( + srvs = make(map[string]srvLookup) + srvsMu sync.RWMutex + aAaaa = make(map[string]aLookup) aAaaaMu sync.RWMutex ) From 4c282e86dae16359370f410e29dc96dc5aeeb449 Mon Sep 17 00:00:00 2001 From: WeidiDeng Date: Fri, 26 Aug 2022 12:17:52 +0800 Subject: [PATCH 0740/1498] admin: Don't stop old server if new one fails (#4964) Fixes #4954 Co-authored-by: Matthew Holt --- admin.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/admin.go b/admin.go index 9aa17f87..a9432bf5 100644 --- a/admin.go +++ b/admin.go @@ -340,17 +340,19 @@ func (admin AdminConfig) allowedOrigins(addr NetworkAddress) []*url.URL { // that there is always an admin server (unless it is explicitly // configured to be disabled). func replaceLocalAdminServer(cfg *Config) error { - // always be sure to close down the old admin endpoint + // always* be sure to close down the old admin endpoint // as gracefully as possible, even if the new one is // disabled -- careful to use reference to the current // (old) admin endpoint since it will be different // when the function returns + // (* except if the new one fails to start) oldAdminServer := localAdminServer + var err error defer func() { // do the shutdown asynchronously so that any // current API request gets a response; this // goroutine may last a few seconds - if oldAdminServer != nil { + if oldAdminServer != nil && err == nil { go func(oldAdminServer *http.Server) { err := stopAdminServer(oldAdminServer) if err != nil { From 0c57facc67910a6b0994763ac8e6e55e693f20e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?D=C3=A1vid=20Szab=C3=B3?= Date: Sat, 27 Aug 2022 20:30:23 +0200 Subject: [PATCH 0741/1498] reverseproxy: Add upstreams healthy metrics (#4935) --- modules/caddyhttp/reverseproxy/metrics.go | 81 +++++++++++++++++++ .../caddyhttp/reverseproxy/reverseproxy.go | 3 + 2 files changed, 84 insertions(+) create mode 100644 modules/caddyhttp/reverseproxy/metrics.go diff --git a/modules/caddyhttp/reverseproxy/metrics.go b/modules/caddyhttp/reverseproxy/metrics.go new file mode 100644 index 00000000..4272bc4e --- /dev/null +++ b/modules/caddyhttp/reverseproxy/metrics.go @@ -0,0 +1,81 @@ +package reverseproxy + +import ( + "runtime/debug" + "sync" + "time" + + "github.com/prometheus/client_golang/prometheus" + "github.com/prometheus/client_golang/prometheus/promauto" + "go.uber.org/zap" +) + +var reverseProxyMetrics = struct { + init sync.Once + upstreamsHealthy *prometheus.GaugeVec + logger *zap.Logger +}{} + +func initReverseProxyMetrics(handler *Handler) { + const ns, sub = "caddy", "reverse_proxy" + + upstreamsLabels := []string{"upstream"} + reverseProxyMetrics.upstreamsHealthy = promauto.NewGaugeVec(prometheus.GaugeOpts{ + Namespace: ns, + Subsystem: sub, + Name: "upstreams_healthy", + Help: "Health status of reverse proxy upstreams.", + }, upstreamsLabels) + + reverseProxyMetrics.logger = handler.logger.Named("reverse_proxy.metrics") +} + +type metricsUpstreamsHealthyUpdater struct { + handler *Handler +} + +func newMetricsUpstreamsHealthyUpdater(handler *Handler) *metricsUpstreamsHealthyUpdater { + reverseProxyMetrics.init.Do(func() { + initReverseProxyMetrics(handler) + }) + + return &metricsUpstreamsHealthyUpdater{handler} +} + +func (m *metricsUpstreamsHealthyUpdater) Init() { + go func() { + defer func() { + if err := recover(); err != nil { + reverseProxyMetrics.logger.Error("upstreams healthy metrics updater panicked", + zap.Any("error", err), + zap.ByteString("stack", debug.Stack())) + } + }() + + m.update() + + ticker := time.NewTicker(10 * time.Second) + for { + select { + case <-ticker.C: + m.update() + case <-m.handler.ctx.Done(): + ticker.Stop() + return + } + } + }() +} + +func (m *metricsUpstreamsHealthyUpdater) update() { + for _, upstream := range m.handler.Upstreams { + labels := prometheus.Labels{"upstream": upstream.Dial} + + gaugeValue := 0.0 + if upstream.Healthy() { + gaugeValue = 1.0 + } + + reverseProxyMetrics.upstreamsHealthy.With(labels).Set(gaugeValue) + } +} diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 0890306c..fd3eb2c4 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -392,6 +392,9 @@ func (h *Handler) Provision(ctx caddy.Context) error { } } + upstreamHealthyUpdater := newMetricsUpstreamsHealthyUpdater(h) + upstreamHealthyUpdater.Init() + return nil } From e1801fdb19988a319fdc174ad39391e1a1c12f54 Mon Sep 17 00:00:00 2001 From: Abirdcfly Date: Sun, 28 Aug 2022 04:39:26 +0800 Subject: [PATCH 0742/1498] Remove duplicate words in comments (#4986) --- modules/caddyhttp/reverseproxy/reverseproxy.go | 2 +- modules/caddyhttp/reverseproxy/upstreams.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index fd3eb2c4..99436513 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -1360,7 +1360,7 @@ var bufPool = sync.Pool{ } // handleResponseContext carries some contextual information about the -// the current proxy handling. +// current proxy handling. type handleResponseContext struct { // handler is the active proxy handler instance, so that // routes like copy_response may inherit some config diff --git a/modules/caddyhttp/reverseproxy/upstreams.go b/modules/caddyhttp/reverseproxy/upstreams.go index f49bb289..b9f85a2c 100644 --- a/modules/caddyhttp/reverseproxy/upstreams.go +++ b/modules/caddyhttp/reverseproxy/upstreams.go @@ -137,7 +137,7 @@ func (su SRVUpstreams) GetUpstreams(r *http.Request) ([]*Upstream, error) { _, records, err := su.resolver.LookupSRV(r.Context(), service, proto, name) if err != nil { // From LookupSRV docs: "If the response contains invalid names, those records are filtered - // out and an error will be returned alongside the the remaining results, if any." Thus, we + // out and an error will be returned alongside the remaining results, if any." Thus, we // only return an error if no records were also returned. if len(records) == 0 { return nil, err From 8cb3cf540c2d083721a1717b9ddf2657b7eb5102 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 29 Aug 2022 12:31:53 -0600 Subject: [PATCH 0743/1498] Minor cleanup, resolve a couple lint warnings --- caddytest/integration/stream_test.go | 10 ++++------ modules/caddyhttp/reverseproxy/reverseproxy.go | 4 +++- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/caddytest/integration/stream_test.go b/caddytest/integration/stream_test.go index d5edb793..cfd9d361 100644 --- a/caddytest/integration/stream_test.go +++ b/caddytest/integration/stream_test.go @@ -123,8 +123,8 @@ func TestH2ToH2CStream(t *testing.T) { // Disable any compression method from server. req.Header.Set("Accept-Encoding", "identity") - resp := tester.AssertResponseCode(req, 200) - if 200 != resp.StatusCode { + resp := tester.AssertResponseCode(req, http.StatusOK) + if resp.StatusCode != http.StatusOK { return } go func() { @@ -143,7 +143,6 @@ func TestH2ToH2CStream(t *testing.T) { if !strings.Contains(body, expectedBody) { t.Errorf("requesting \"%s\" expected response body \"%s\" but got \"%s\"", req.RequestURI, expectedBody, body) } - return } func testH2ToH2CStreamServeH2C(t *testing.T) *http.Server { @@ -335,8 +334,8 @@ func TestH2ToH1ChunkedResponse(t *testing.T) { fmt.Fprint(w, expectedBody) w.Close() }() - resp := tester.AssertResponseCode(req, 200) - if 200 != resp.StatusCode { + resp := tester.AssertResponseCode(req, http.StatusOK) + if resp.StatusCode != http.StatusOK { return } @@ -351,7 +350,6 @@ func TestH2ToH1ChunkedResponse(t *testing.T) { if body != expectedBody { t.Errorf("requesting \"%s\" expected response body \"%s\" but got \"%s\"", req.RequestURI, expectedBody, body) } - return } func testH2ToH1ChunkedResponseServeH1(t *testing.T) *http.Server { diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 99436513..b806ddac 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -46,7 +46,9 @@ import ( var supports1xx bool func init() { - supports1xx = !regexp.MustCompile(`^go1\.1(?:7|8)\.`).Match([]byte(runtime.Version())) + // Caddy requires at least Go 1.18, but Early Hints requires Go 1.19; thus we can simply check for 1.18 in version string + // TODO: remove this once our minimum Go version is 1.19 + supports1xx = !strings.Contains(runtime.Version(), "go1.18") caddy.RegisterModule(Handler{}) } From 258bc82b69ccb0f514fc62ec8ecd7273458ab2e4 Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Wed, 31 Aug 2022 01:38:38 +0300 Subject: [PATCH 0744/1498] cmd: Migrate to `spf13/cobra`, remove single-dash arg support (#4565) * cmd: migrate to spf13/cobra * add `manpage` command * limit Caddy tagline to root `help` only * hard-code the manpage section to 8 --- cmd/cobra.go | 33 +++++++++++++++++++++++ cmd/commandfuncs.go | 65 --------------------------------------------- cmd/commands.go | 57 ++++++++++++++++++++++++++++++--------- cmd/main.go | 49 +++------------------------------- go.mod | 8 ++++-- go.sum | 37 ++++++++++++++++++++++++-- 6 files changed, 123 insertions(+), 126 deletions(-) create mode 100644 cmd/cobra.go diff --git a/cmd/cobra.go b/cmd/cobra.go new file mode 100644 index 00000000..ad95ec0d --- /dev/null +++ b/cmd/cobra.go @@ -0,0 +1,33 @@ +package caddycmd + +import ( + "github.com/spf13/cobra" +) + +var rootCmd = &cobra.Command{ + Use: "caddy", +} + +const docsHeader = "{{if not .HasParent}} Caddy is an extensible server platform.\n\n{{end}}" +const fullDocsFooter = `Full documentation is available at: +https://caddyserver.com/docs/command-line +` + +func init() { + rootCmd.SetHelpTemplate(docsHeader + rootCmd.HelpTemplate() + "\n" + fullDocsFooter) +} + +func caddyCmdToCoral(caddyCmd Command) *cobra.Command { + cmd := &cobra.Command{ + Use: caddyCmd.Name, + Short: caddyCmd.Short, + Long: caddyCmd.Long, + RunE: func(cmd *cobra.Command, _ []string) error { + fls := cmd.Flags() + _, err := caddyCmd.Func(Flags{fls}) + return err + }, + } + cmd.Flags().AddGoFlagSet(caddyCmd.Flags) + return cmd +} diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go index 67015f78..874cc6ff 100644 --- a/cmd/commandfuncs.go +++ b/cmd/commandfuncs.go @@ -29,7 +29,6 @@ import ( "os/exec" "runtime" "runtime/debug" - "sort" "strings" "github.com/aryann/difflib" @@ -580,70 +579,6 @@ func cmdFmt(fl Flags) (int, error) { return caddy.ExitCodeSuccess, nil } -func cmdHelp(fl Flags) (int, error) { - const fullDocs = `Full documentation is available at: -https://caddyserver.com/docs/command-line` - - args := fl.Args() - if len(args) == 0 { - s := `Caddy is an extensible server platform. - -usage: - caddy [] - -commands: -` - keys := make([]string, 0, len(commands)) - for k := range commands { - keys = append(keys, k) - } - sort.Strings(keys) - for _, k := range keys { - cmd := commands[k] - short := strings.TrimSuffix(cmd.Short, ".") - s += fmt.Sprintf(" %-15s %s\n", cmd.Name, short) - } - - s += "\nUse 'caddy help ' for more information about a command.\n" - s += "\n" + fullDocs + "\n" - - fmt.Print(s) - - return caddy.ExitCodeSuccess, nil - } else if len(args) > 1 { - return caddy.ExitCodeFailedStartup, fmt.Errorf("can only give help with one command") - } - - subcommand, ok := commands[args[0]] - if !ok { - return caddy.ExitCodeFailedStartup, fmt.Errorf("unknown command: %s", args[0]) - } - - helpText := strings.TrimSpace(subcommand.Long) - if helpText == "" { - helpText = subcommand.Short - if !strings.HasSuffix(helpText, ".") { - helpText += "." - } - } - - result := fmt.Sprintf("%s\n\nusage:\n caddy %s %s\n", - helpText, - subcommand.Name, - strings.TrimSpace(subcommand.Usage), - ) - - if help := flagHelp(subcommand.Flags); help != "" { - result += fmt.Sprintf("\nflags: (NOTE: prefix flags with `--` instead of `-`)\n%s", help) - } - - result += "\n" + fullDocs + "\n" - - fmt.Print(result) - - return caddy.ExitCodeSuccess, nil -} - // AdminAPIRequest makes an API request according to the CLI flags given, // with the given HTTP method and request URI. If body is non-nil, it will // be assumed to be Content-Type application/json. The caller should close diff --git a/cmd/commands.go b/cmd/commands.go index e454f7b6..2085dfcd 100644 --- a/cmd/commands.go +++ b/cmd/commands.go @@ -16,7 +16,13 @@ package caddycmd import ( "flag" + "fmt" + "os" "regexp" + "strings" + + "github.com/caddyserver/caddy/v2" + "github.com/spf13/cobra/doc" ) // Command represents a subcommand. Name, Func, @@ -70,13 +76,6 @@ func Commands() map[string]Command { var commands = make(map[string]Command) func init() { - RegisterCommand(Command{ - Name: "help", - Func: cmdHelp, - Usage: "", - Short: "Shows help for a Caddy subcommand", - }) - RegisterCommand(Command{ Name: "start", Func: cmdStart, @@ -346,16 +345,50 @@ EXPERIMENTAL: May be changed or removed. }(), }) + RegisterCommand(Command{ + Name: "manpage", + Func: func(fl Flags) (int, error) { + dir := strings.TrimSpace(fl.String("directory")) + if dir == "" { + return caddy.ExitCodeFailedQuit, fmt.Errorf("designated output directory and specified section are required") + } + if err := os.MkdirAll(dir, 0755); err != nil { + return caddy.ExitCodeFailedQuit, err + } + if err := doc.GenManTree(rootCmd, &doc.GenManHeader{ + Title: "Caddy", + Section: "8", + }, dir); err != nil { + return caddy.ExitCodeFailedQuit, err + } + return caddy.ExitCodeSuccess, nil + }, + Usage: "--directory ", + Short: "Generates the manual pages of Caddy commands", + Long: ` +Generates the manual pages of Caddy commands into the designated directory tagged into the specified section. + +The manual page files are generated into the directory specified by the argument of --directory. If the directory does not exist, it will be created. + +The manual pages are sorted into the section specified by the argument of --section. +`, + Flags: func() *flag.FlagSet { + fs := flag.NewFlagSet("manpage", flag.ExitOnError) + fs.String("directory", "", "The output directory where the manpages are generated") + fs.String("section", "", "The section number of the generated manual pages") + return fs + }(), + }) } // RegisterCommand registers the command cmd. // cmd.Name must be unique and conform to the // following format: // -// - lowercase -// - alphanumeric and hyphen characters only -// - cannot start or end with a hyphen -// - hyphen cannot be adjacent to another hyphen +// - lowercase +// - alphanumeric and hyphen characters only +// - cannot start or end with a hyphen +// - hyphen cannot be adjacent to another hyphen // // This function panics if the name is already registered, // if the name does not meet the described format, or if @@ -378,7 +411,7 @@ func RegisterCommand(cmd Command) { if !commandNameRegex.MatchString(cmd.Name) { panic("invalid command name") } - commands[cmd.Name] = cmd + rootCmd.AddCommand(caddyCmdToCoral(cmd)) } var commandNameRegex = regexp.MustCompile(`^[a-z0-9]$|^([a-z0-9]+-?[a-z0-9]*)+[a-z0-9]$`) diff --git a/cmd/main.go b/cmd/main.go index 09246f4b..44e339af 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -33,6 +33,7 @@ import ( "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/caddyconfig" "github.com/caddyserver/certmagic" + "github.com/spf13/pflag" "go.uber.org/zap" ) @@ -58,35 +59,9 @@ func Main() { os.Args = append(os.Args, "help") } - subcommandName := os.Args[1] - subcommand, ok := commands[subcommandName] - if !ok { - if strings.HasPrefix(os.Args[1], "-") { - // user probably forgot to type the subcommand - fmt.Println("[ERROR] first argument must be a subcommand; see 'caddy help'") - } else { - fmt.Printf("[ERROR] '%s' is not a recognized subcommand; see 'caddy help'\n", os.Args[1]) - } - os.Exit(caddy.ExitCodeFailedStartup) + if err := rootCmd.Execute(); err != nil { + os.Exit(1) } - - fs := subcommand.Flags - if fs == nil { - fs = flag.NewFlagSet(subcommand.Name, flag.ExitOnError) - } - - err := fs.Parse(os.Args[2:]) - if err != nil { - fmt.Println(err) - os.Exit(caddy.ExitCodeFailedStartup) - } - - exitCode, err := subcommand.Func(Flags{fs}) - if err != nil { - fmt.Fprintf(os.Stderr, "%s: %v\n", subcommand.Name, err) - } - - os.Exit(exitCode) } // handlePingbackConn reads from conn and ensures it matches @@ -280,7 +255,7 @@ func watchConfigFile(filename, adapterName string) { // Flags wraps a FlagSet so that typed values // from flags can be easily retrieved. type Flags struct { - *flag.FlagSet + *pflag.FlagSet } // String returns the string representation of the @@ -326,22 +301,6 @@ func (f Flags) Duration(name string) time.Duration { return val } -// flagHelp returns the help text for fs. -func flagHelp(fs *flag.FlagSet) string { - if fs == nil { - return "" - } - - // temporarily redirect output - out := fs.Output() - defer fs.SetOutput(out) - - buf := new(bytes.Buffer) - fs.SetOutput(buf) - fs.PrintDefaults() - return buf.String() -} - func loadEnvFromFile(envFile string) error { file, err := os.Open(envFile) if err != nil { diff --git a/go.mod b/go.mod index 3ad78190..f8f78633 100644 --- a/go.mod +++ b/go.mod @@ -21,6 +21,8 @@ require ( github.com/smallstep/cli v0.21.0 github.com/smallstep/nosql v0.4.0 github.com/smallstep/truststore v0.11.0 + github.com/spf13/cobra v1.1.3 + github.com/spf13/pflag v1.0.5 github.com/tailscale/tscert v0.0.0-20220316030059-54bbcb9f74e2 github.com/yuin/goldmark v1.4.13 github.com/yuin/goldmark-highlighting v0.0.0-20220208100518-594be1970594 @@ -40,6 +42,7 @@ require ( require ( github.com/golang/mock v1.6.0 // indirect golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e // indirect + gopkg.in/yaml.v2 v2.4.0 // indirect ) require ( @@ -53,7 +56,7 @@ require ( github.com/cespare/xxhash v1.1.0 // indirect github.com/cespare/xxhash/v2 v2.1.2 // indirect github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e // indirect - github.com/cpuguy83/go-md2man/v2 v2.0.0 // indirect + github.com/cpuguy83/go-md2man/v2 v2.0.1 // indirect github.com/dgraph-io/badger v1.6.2 // indirect github.com/dgraph-io/badger/v2 v2.2007.4 // indirect github.com/dgraph-io/ristretto v0.0.4-0.20200906165740-41ebdbffecfd // indirect @@ -72,6 +75,7 @@ require ( github.com/grpc-ecosystem/grpc-gateway v1.16.0 // indirect github.com/huandu/xstrings v1.3.2 // indirect github.com/imdario/mergo v0.3.12 // indirect + github.com/inconshreveable/mousetrap v1.0.0 // indirect github.com/jackc/chunkreader/v2 v2.0.1 // indirect github.com/jackc/pgconn v1.10.1 // indirect github.com/jackc/pgio v1.0.0 // indirect @@ -101,7 +105,7 @@ require ( github.com/prometheus/common v0.32.1 // indirect github.com/prometheus/procfs v0.7.3 // indirect github.com/rs/xid v1.2.1 // indirect - github.com/russross/blackfriday/v2 v2.0.1 // indirect + github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/shopspring/decimal v1.2.0 // indirect github.com/shurcooL/sanitized_anchor_name v1.0.0 // indirect github.com/sirupsen/logrus v1.8.1 // indirect diff --git a/go.sum b/go.sum index a8050068..e9409c16 100644 --- a/go.sum +++ b/go.sum @@ -40,6 +40,7 @@ cloud.google.com/go/compute v1.3.0 h1:mPL/MzDDYHsh5tHRS9mhmhWlcgClCrCa6ApQCU6wnH cloud.google.com/go/compute v1.3.0/go.mod h1:cCZiE1NHEtai4wiufUhW8I8S1JKkAnhnQJWM7YD99wM= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= +cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= cloud.google.com/go/iam v0.1.0 h1:W2vbGCrE3Z7J/x3WXLxxGl9LMSB2uhsAA7Ss/6u/qRY= cloud.google.com/go/iam v0.1.0/go.mod h1:vcUNEa0pEm0qRVpmWepWaFMIAI8/hjB9mO8rNCJtF6c= cloud.google.com/go/kms v1.4.0 h1:iElbfoE61VeLhnZcGOltqL8HIly8Nhbe5t6JlH9GXjo= @@ -128,6 +129,7 @@ github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+Ce github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= +github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84= github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps= github.com/caddyserver/certmagic v0.16.3 h1:1ZbiU7y5X0MnDjBTXywUbPMs/ScHbgCeeCy/LPh4IZk= github.com/caddyserver/certmagic v0.16.3/go.mod h1:pSS2aZcdKlrTZrb2DKuRafckx20o5Fz1EdDKEB8KOQM= @@ -165,17 +167,22 @@ github.com/cockroachdb/apd v1.1.0 h1:3LFP3629v+1aKXU5Q37mxmRxX/pIu1nijXydLShEq5I github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI= +github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= +github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= +github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= +github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= -github.com/cpuguy83/go-md2man/v2 v2.0.0 h1:EoUDS0afbrsXAZ9YQ9jdu/mZ2sXgT1/2yyNng4PGlyM= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= +github.com/cpuguy83/go-md2man/v2 v2.0.1 h1:r/myEWzV9lfsM1tFLgDyu0atFtJ1fXn261LKYj/3DxU= +github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/cyberdelia/go-metrics-graphite v0.0.0-20161219230853-39f87cc3b432/go.mod h1:xwIwAxMvYnVrGJPe2FKx5prTrnAjGOD8zvDOnxnrrkM= @@ -194,6 +201,7 @@ github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZm github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13 h1:fAjc9m62+UWV/WAFKLNi6ZS0675eEUC9y3AlwSbQu1Y= github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= +github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8= github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= github.com/dlclark/regexp2 v1.4.0 h1:F1rxgk7p4uKjwIQxBs9oAXe5CqrXlCduYEJvrF4u93E= @@ -278,6 +286,7 @@ github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zV github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -372,13 +381,18 @@ github.com/gorilla/mux v1.4.0/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2z github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= +github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/groob/finalizer v0.0.0-20170707115354-4c2ed49aabda/go.mod h1:MyndkAZd5rUMdNogn35MWXBX1UiBigrU8eTj8DoAC2c= +github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= +github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= +github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE= +github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -438,6 +452,7 @@ github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJ github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU= github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= +github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo= github.com/jackc/chunkreader v1.0.0/go.mod h1:RT6O25fNZIuasFJRyZ4R/Y2BbhasbmZXF9QQ7T3kePo= @@ -545,6 +560,7 @@ github.com/lxn/walk v0.0.0-20210112085537-c389da54e794/go.mod h1:E23UucZGqpuUANJ github.com/lxn/win v0.0.0-20210218163916-a377121e959e/go.mod h1:KxxjdtRkfNoYDCUP5ryK7XJJNTnpC8atvtmTheChOtk= github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= +github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/manifoldco/promptui v0.9.0 h1:3V4HzJk1TtXW1MTZMP7mdlwbBpIinw3HztaIlYthEiA= github.com/manifoldco/promptui v0.9.0/go.mod h1:ka04sppxSGFAtxX0qhlYQjISsg9mR4GWtQEhdbn6Pgg= github.com/marten-seemann/qpack v0.2.1 h1:jvTsT/HpCn2UZJdP+UUB53FfUUgeOyG5K1ns0OJOGVs= @@ -626,6 +642,7 @@ github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtbWGs= github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= +github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= @@ -665,6 +682,7 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs= +github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og= github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= @@ -679,7 +697,9 @@ github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1: github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= +github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA= github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= @@ -689,12 +709,14 @@ github.com/prometheus/common v0.32.1 h1:hWIdL3N2HoUx3B8j3YN9mWor0qhY/NlEKZEaXxuI github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0VU= github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= +github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= @@ -705,8 +727,9 @@ github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ= github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU= github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThCjNc= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= -github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= +github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= @@ -753,10 +776,15 @@ github.com/spf13/cast v1.4.1 h1:s0hze+J0196ZfEMTs80N7UlFt0BDuQ7Q+JDnHiMWKdA= github.com/spf13/cast v1.4.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= +github.com/spf13/cobra v1.1.3 h1:xghbfqPkxzxP3C/f3n5DdpAbdKLj4ZE4BWQI362l53M= +github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= +github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= +github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= github.com/stoewer/go-strcase v1.2.0 h1:Z2iHWqGXH00XYgqDmNgQbIBxf3wrNq0F3feEy0ainaU= github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= @@ -773,10 +801,12 @@ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk= +github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/tailscale/tscert v0.0.0-20220316030059-54bbcb9f74e2 h1:xwMw7LFhV9dbvot9A7NLClP9udqbjrQlIwWMH8e7uiQ= github.com/tailscale/tscert v0.0.0-20220316030059-54bbcb9f74e2/go.mod h1:hL4gB6APAasMR2NNi/JHzqKkxW3EPQlFgLEq9PMi2t0= github.com/thales-e-security/pool v0.0.2/go.mod h1:qtpMm2+thHtqhLzTwgDBj/OuNnMpupY8mv0Phz0gjhU= github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= +github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= @@ -802,6 +832,7 @@ github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5t github.com/yuin/goldmark-highlighting v0.0.0-20220208100518-594be1970594 h1:yHfZyN55+5dp1wG7wDKv8HQ044moxkyGq12KFFMFDxg= github.com/yuin/goldmark-highlighting v0.0.0-20220208100518-594be1970594/go.mod h1:U9ihbh+1ZN7fR5Se3daSPoz1CGF9IYtSvWwVQtnzGHU= github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q= +go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ= go.etcd.io/bbolt v1.3.6 h1:/ecaJf0sk1l4l6V4awd65v2C3ILy7MSj+s/x1ADCIMU= @@ -1160,6 +1191,7 @@ golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= @@ -1394,6 +1426,7 @@ gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o= gopkg.in/inconshreveable/log15.v2 v2.0.0-20180818164646-67afb5ed74ec/go.mod h1:aPpfJ7XW+gOuirDoZ8gHhLh3kZ1B08FtV2bbmy7Jv3s= +gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/natefinch/lumberjack.v2 v2.0.0 h1:1Lc07Kr7qY4U2YPouBjpCLxpiyxIVoxqXgkXLknAOE8= gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= From d605ebe75a2043199ba53022adaa20be680cf051 Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Wed, 31 Aug 2022 02:24:05 +0300 Subject: [PATCH 0745/1498] cmd: add completion command (#4994) * cmd: add completion command * error check --- cmd/commands.go | 63 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) diff --git a/cmd/commands.go b/cmd/commands.go index 2085dfcd..e71923cf 100644 --- a/cmd/commands.go +++ b/cmd/commands.go @@ -22,6 +22,7 @@ import ( "strings" "github.com/caddyserver/caddy/v2" + "github.com/spf13/cobra" "github.com/spf13/cobra/doc" ) @@ -379,6 +380,68 @@ The manual pages are sorted into the section specified by the argument of --sect return fs }(), }) + + // source: https://github.com/spf13/cobra/blob/main/shell_completions.md + rootCmd.AddCommand(&cobra.Command{ + Use: "completion [bash|zsh|fish|powershell]", + Short: "Generate completion script", + Long: fmt.Sprintf(`To load completions: + + Bash: + + $ source <(%[1]s completion bash) + + # To load completions for each session, execute once: + # Linux: + $ %[1]s completion bash > /etc/bash_completion.d/%[1]s + # macOS: + $ %[1]s completion bash > $(brew --prefix)/etc/bash_completion.d/%[1]s + + Zsh: + + # If shell completion is not already enabled in your environment, + # you will need to enable it. You can execute the following once: + + $ echo "autoload -U compinit; compinit" >> ~/.zshrc + + # To load completions for each session, execute once: + $ %[1]s completion zsh > "${fpath[1]}/_%[1]s" + + # You will need to start a new shell for this setup to take effect. + + fish: + + $ %[1]s completion fish | source + + # To load completions for each session, execute once: + $ %[1]s completion fish > ~/.config/fish/completions/%[1]s.fish + + PowerShell: + + PS> %[1]s completion powershell | Out-String | Invoke-Expression + + # To load completions for every new session, run: + PS> %[1]s completion powershell > %[1]s.ps1 + # and source this file from your PowerShell profile. + `, rootCmd.Root().Name()), + DisableFlagsInUseLine: true, + ValidArgs: []string{"bash", "zsh", "fish", "powershell"}, + Args: cobra.ExactValidArgs(1), + RunE: func(cmd *cobra.Command, args []string) error { + switch args[0] { + case "bash": + return cmd.Root().GenBashCompletion(os.Stdout) + case "zsh": + return cmd.Root().GenZshCompletion(os.Stdout) + case "fish": + return cmd.Root().GenFishCompletion(os.Stdout, true) + case "powershell": + return cmd.Root().GenPowerShellCompletionWithDesc(os.Stdout) + default: + return fmt.Errorf("unrecognized shell: %s", args[0]) + } + }, + }) } // RegisterCommand registers the command cmd. From 687a4b9e81c7b0b08c760ec33808c721d6775e0e Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 30 Aug 2022 19:15:52 -0600 Subject: [PATCH 0746/1498] cmd: Enhance CLI docs --- cmd/cobra.go | 91 ++++++++++++++++++++++++++++++++++++++++++++++--- cmd/commands.go | 11 +++--- 2 files changed, 91 insertions(+), 11 deletions(-) diff --git a/cmd/cobra.go b/cmd/cobra.go index ad95ec0d..437fda97 100644 --- a/cmd/cobra.go +++ b/cmd/cobra.go @@ -6,15 +6,98 @@ import ( var rootCmd = &cobra.Command{ Use: "caddy", + Long: `Caddy is an extensible server platform written in Go. + +At its core, Caddy merely manages configuration. Modules are plugged +in statically at compile-time to provide useful functionality. Caddy's +standard distribution includes common modules to serve HTTP, TLS, +and PKI applications, including the automation of certificates. + +To run Caddy, use: + + - 'caddy run' to run Caddy in the foreground (recommended). + - 'caddy start' to start Caddy in the background; only do this + if you will be keeping the terminal window open until you run + 'caddy stop' to close the server. + +When Caddy is started, it opens a locally-bound administrative socket +to which configuration can be POSTed via a restful HTTP API (see +https://caddyserver.com/docs/api). + +Caddy's native configuration format is JSON. However, config adapters +can be used to convert other config formats to JSON when Caddy receives +its configuration. The Caddyfile is a built-in config adapter that is +popular for hand-written configurations due to its straightforward +syntax (see https://caddyserver.com/docs/caddyfile). Many third-party +adapters are available (see https://caddyserver.com/docs/config-adapters). +Use 'caddy adapt' to see how a config translates to JSON. + +For convenience, the CLI can act as an HTTP client to give Caddy its +initial configuration for you. If a file named Caddyfile is in the +current working directory, it will do this automatically. Otherwise, +you can use the --config flag to specify the path to a config file. + +Some special-purpose subcommands build and load a configuration file +for you directly from command line input; for example: + + - caddy file-server + - caddy reverse-proxy + - caddy respond + +These commands disable the administration endpoint because their +configuration is specified solely on the command line. + +In general, the most common way to run Caddy is simply: + + $ caddy run + +Or, with a configuration file: + + $ caddy run --config caddy.json + +If running interactively in a terminal, running Caddy in the +background may be more convenient: + + $ caddy start + ... + $ caddy stop + +This allows you to run other commands while Caddy stays running. +Be sure to stop Caddy before you close the terminal! + +Depending on the system, Caddy may need permission to bind to low +ports. One way to do this on Linux is to use setcap: + + $ sudo setcap cap_net_bind_service=+ep $(which caddy) + +Remember to run that command again after replacing the binary. + +See the Caddy website for tutorials, configuration structure, +syntax, and module documentation: https://caddyserver.com/docs/ + +Custom Caddy builds are available on the Caddy download page at: +https://caddyserver.com/download + +The xcaddy command can be used to build Caddy from source with or +without additional plugins: https://github.com/caddyserver/xcaddy + +Where possible, Caddy should be installed using officially-supported +package installers: https://caddyserver.com/docs/install + +Instructions for running Caddy in production are also available: +https://caddyserver.com/docs/running +`, + Example: ` $ caddy run + $ caddy run --config caddy.json + $ caddy reload --config caddy.json + $ caddy stop`, } -const docsHeader = "{{if not .HasParent}} Caddy is an extensible server platform.\n\n{{end}}" const fullDocsFooter = `Full documentation is available at: -https://caddyserver.com/docs/command-line -` +https://caddyserver.com/docs/command-line` func init() { - rootCmd.SetHelpTemplate(docsHeader + rootCmd.HelpTemplate() + "\n" + fullDocsFooter) + rootCmd.SetHelpTemplate(rootCmd.HelpTemplate() + "\n" + fullDocsFooter) } func caddyCmdToCoral(caddyCmd Command) *cobra.Command { diff --git a/cmd/commands.go b/cmd/commands.go index e71923cf..4ae3a5b3 100644 --- a/cmd/commands.go +++ b/cmd/commands.go @@ -358,25 +358,22 @@ EXPERIMENTAL: May be changed or removed. } if err := doc.GenManTree(rootCmd, &doc.GenManHeader{ Title: "Caddy", - Section: "8", + Section: "8", // https://en.wikipedia.org/wiki/Man_page#Manual_sections }, dir); err != nil { return caddy.ExitCodeFailedQuit, err } return caddy.ExitCodeSuccess, nil }, - Usage: "--directory ", - Short: "Generates the manual pages of Caddy commands", + Usage: "--directory ", + Short: "Generates the manual pages for Caddy commands", Long: ` -Generates the manual pages of Caddy commands into the designated directory tagged into the specified section. +Generates the manual pages for Caddy commands into the designated directory tagged into section 8 (System Administration). The manual page files are generated into the directory specified by the argument of --directory. If the directory does not exist, it will be created. - -The manual pages are sorted into the section specified by the argument of --section. `, Flags: func() *flag.FlagSet { fs := flag.NewFlagSet("manpage", flag.ExitOnError) fs.String("directory", "", "The output directory where the manpages are generated") - fs.String("section", "", "The section number of the generated manual pages") return fs }(), }) From 2d5a30b908d022d76c246a09154d1fc611695a17 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Wed, 31 Aug 2022 09:43:46 -0600 Subject: [PATCH 0747/1498] caddyhttp: Set Content-Type for static response (#4999) --- modules/caddyhttp/staticresp.go | 42 ++++++++++++++++++++++++++------- 1 file changed, 33 insertions(+), 9 deletions(-) diff --git a/modules/caddyhttp/staticresp.go b/modules/caddyhttp/staticresp.go index f0aea030..f4296924 100644 --- a/modules/caddyhttp/staticresp.go +++ b/modules/caddyhttp/staticresp.go @@ -88,10 +88,18 @@ type StaticResponse struct { // if needing to use a placeholder, a string. StatusCode WeakString `json:"status_code,omitempty"` - // Header fields to set on the response. + // Header fields to set on the response; overwrites any existing + // header fields of the same names after normalization. Headers http.Header `json:"headers,omitempty"` - // The response body. + // The response body. If non-empty, the Content-Type header may + // be added automatically if it is not explicitly configured nor + // already set on the response; the default value is + // "text/plain; charset=utf-8" unless the body is a valid JSON object + // or array, in which case the value will be "application/json". + // Other than those common special cases the Content-Type header + // should be set explicitly if it is desired because MIME sniffing + // is disabled for safety. Body string `json:"body,omitempty"` // If true, the server will close the client's connection @@ -114,10 +122,10 @@ func (StaticResponse) CaddyModule() caddy.ModuleInfo { // UnmarshalCaddyfile sets up the handler from Caddyfile tokens. Syntax: // -// respond [] | [] { -// body -// close -// } +// respond [] | [] { +// body +// close +// } // // If there is just one argument (other than the matcher), it is considered // to be a status code if it's a valid positive integer of 3 digits. @@ -186,7 +194,23 @@ func (s StaticResponse) ServeHTTP(w http.ResponseWriter, r *http.Request, _ Hand w.Header()[field] = newVals } - // do not allow Go to sniff the content-type + // implicitly set Content-Type header if we can do so safely + // (this allows templates handler to eval templates successfully + // or for clients to render JSON properly which is very common) + body := repl.ReplaceKnown(s.Body, "") + if body != "" && w.Header().Get("Content-Type") == "" { + content := strings.TrimSpace(s.Body) + if len(content) > 2 && + (content[0] == '{' && content[len(content)-1] == '}' || + (content[0] == '[' && content[len(content)-1] == ']')) && + json.Valid([]byte(content)) { + w.Header().Set("Content-Type", "application/json") + } else { + w.Header().Set("Content-Type", "text/plain; charset=utf-8") + } + } + + // do not allow Go to sniff the content-type, for safety if w.Header().Get("Content-Type") == "" { w.Header()["Content-Type"] = nil } @@ -213,8 +237,8 @@ func (s StaticResponse) ServeHTTP(w http.ResponseWriter, r *http.Request, _ Hand w.WriteHeader(statusCode) // write response body - if s.Body != "" { - fmt.Fprint(w, repl.ReplaceKnown(s.Body, "")) + if body != "" { + fmt.Fprint(w, body) } return nil From 68d8ac9802c5e7bf5bf55d1a3c1db634edc93999 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 31 Aug 2022 12:18:29 -0400 Subject: [PATCH 0748/1498] httpcaddyfile: Add `{cookie.*}` placeholder shortcut (#5001) --- caddyconfig/httpcaddyfile/httptype.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index cca864d0..8fef131b 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -91,10 +91,11 @@ func (st ServerType) Setup(inputServerBlocks []caddyfile.ServerBlock, search *regexp.Regexp replace string }{ - {regexp.MustCompile(`{query\.([\w-]*)}`), "{http.request.uri.query.$1}"}, - {regexp.MustCompile(`{labels\.([\w-]*)}`), "{http.request.host.labels.$1}"}, {regexp.MustCompile(`{header\.([\w-]*)}`), "{http.request.header.$1}"}, + {regexp.MustCompile(`{cookie\.([\w-]*)}`), "{http.request.cookie.$1}"}, + {regexp.MustCompile(`{labels\.([\w-]*)}`), "{http.request.host.labels.$1}"}, {regexp.MustCompile(`{path\.([\w-]*)}`), "{http.request.uri.path.$1}"}, + {regexp.MustCompile(`{query\.([\w-]*)}`), "{http.request.uri.query.$1}"}, {regexp.MustCompile(`{re\.([\w-]*)\.([\w-]*)}`), "{http.regexp.$1.$2}"}, {regexp.MustCompile(`{vars\.([\w-]*)}`), "{http.vars.$1}"}, {regexp.MustCompile(`{rp\.([\w-\.]*)}`), "{http.reverse_proxy.$1}"}, From d4d8bbcfc64d1194079cae35697709f6d267d02f Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 31 Aug 2022 17:01:30 -0400 Subject: [PATCH 0749/1498] events: Implement event system (#4912) Co-authored-by: Matt Holt --- context.go | 68 +++- go.mod | 2 +- go.sum | 4 +- modules/caddyevents/app.go | 367 ++++++++++++++++++ modules/caddyevents/eventsconfig/caddyfile.go | 88 +++++ modules/caddyhttp/app.go | 8 + .../caddyhttp/reverseproxy/healthchecks.go | 18 +- .../caddyhttp/reverseproxy/reverseproxy.go | 7 + modules/caddyhttp/server.go | 3 + modules/caddytls/automation.go | 1 + modules/caddytls/tls.go | 15 + modules/standard/imports.go | 2 + usagepool.go | 20 +- 13 files changed, 569 insertions(+), 34 deletions(-) create mode 100644 modules/caddyevents/app.go create mode 100644 modules/caddyevents/eventsconfig/caddyfile.go diff --git a/context.go b/context.go index 2847619e..e850b73d 100644 --- a/context.go +++ b/context.go @@ -37,9 +37,10 @@ import ( // not actually need to do this). type Context struct { context.Context - moduleInstances map[string][]any + moduleInstances map[string][]Module cfg *Config cleanupFuncs []func() + ancestry []Module } // NewContext provides a new context derived from the given @@ -51,7 +52,7 @@ type Context struct { // modules which are loaded will be properly unloaded. // See standard library context package's documentation. func NewContext(ctx Context) (Context, context.CancelFunc) { - newCtx := Context{moduleInstances: make(map[string][]any), cfg: ctx.cfg} + newCtx := Context{moduleInstances: make(map[string][]Module), cfg: ctx.cfg} c, cancel := context.WithCancel(ctx.Context) wrappedCancel := func() { cancel() @@ -90,15 +91,15 @@ func (ctx *Context) OnCancel(f func()) { // ModuleMap may be used in place of map[string]json.RawMessage. The return value's // underlying type mirrors the input field's type: // -// json.RawMessage => any -// []json.RawMessage => []any -// [][]json.RawMessage => [][]any -// map[string]json.RawMessage => map[string]any -// []map[string]json.RawMessage => []map[string]any +// json.RawMessage => any +// []json.RawMessage => []any +// [][]json.RawMessage => [][]any +// map[string]json.RawMessage => map[string]any +// []map[string]json.RawMessage => []map[string]any // // The field must have a "caddy" struct tag in this format: // -// caddy:"key1=val1 key2=val2" +// caddy:"key1=val1 key2=val2" // // To load modules, a "namespace" key is required. For example, to load modules // in the "http.handlers" namespace, you'd put: `namespace=http.handlers` in the @@ -115,7 +116,7 @@ func (ctx *Context) OnCancel(f func()) { // meaning the key containing the module's name that is defined inline with the module // itself. You must specify the inline key in a struct tag, along with the namespace: // -// caddy:"namespace=http.handlers inline_key=handler" +// caddy:"namespace=http.handlers inline_key=handler" // // This will look for a key/value pair like `"handler": "..."` in the json.RawMessage // in order to know the module name. @@ -301,17 +302,17 @@ func (ctx Context) loadModuleMap(namespace string, val reflect.Value) (map[strin // like from embedded scripts, etc. func (ctx Context) LoadModuleByID(id string, rawMsg json.RawMessage) (any, error) { modulesMu.RLock() - mod, ok := modules[id] + modInfo, ok := modules[id] modulesMu.RUnlock() if !ok { return nil, fmt.Errorf("unknown module: %s", id) } - if mod.New == nil { - return nil, fmt.Errorf("module '%s' has no constructor", mod.ID) + if modInfo.New == nil { + return nil, fmt.Errorf("module '%s' has no constructor", modInfo.ID) } - val := mod.New().(any) + val := modInfo.New() // value must be a pointer for unmarshaling into concrete type, even if // the module's concrete type is a slice or map; New() *should* return @@ -327,7 +328,7 @@ func (ctx Context) LoadModuleByID(id string, rawMsg json.RawMessage) (any, error if len(rawMsg) > 0 { err := strictUnmarshalJSON(rawMsg, &val) if err != nil { - return nil, fmt.Errorf("decoding module config: %s: %v", mod, err) + return nil, fmt.Errorf("decoding module config: %s: %v", modInfo, err) } } @@ -340,6 +341,8 @@ func (ctx Context) LoadModuleByID(id string, rawMsg json.RawMessage) (any, error return nil, fmt.Errorf("module value cannot be null") } + ctx.ancestry = append(ctx.ancestry, val) + if prov, ok := val.(Provisioner); ok { err := prov.Provision(ctx) if err != nil { @@ -351,7 +354,7 @@ func (ctx Context) LoadModuleByID(id string, rawMsg json.RawMessage) (any, error err = fmt.Errorf("%v; additionally, cleanup: %v", err, err2) } } - return nil, fmt.Errorf("provision %s: %v", mod, err) + return nil, fmt.Errorf("provision %s: %v", modInfo, err) } } @@ -365,7 +368,7 @@ func (ctx Context) LoadModuleByID(id string, rawMsg json.RawMessage) (any, error err = fmt.Errorf("%v; additionally, cleanup: %v", err, err2) } } - return nil, fmt.Errorf("%s: invalid configuration: %v", mod, err) + return nil, fmt.Errorf("%s: invalid configuration: %v", modInfo, err) } } @@ -439,8 +442,10 @@ func (ctx Context) Storage() certmagic.Storage { return ctx.cfg.storage } +// TODO: aw man, can I please change this? // Logger returns a logger that can be used by mod. func (ctx Context) Logger(mod Module) *zap.Logger { + // TODO: if mod is nil, use ctx.Module() instead... if ctx.cfg == nil { // often the case in tests; just use a dev logger l, err := zap.NewDevelopment() @@ -451,3 +456,34 @@ func (ctx Context) Logger(mod Module) *zap.Logger { } return ctx.cfg.Logging.Logger(mod) } + +// TODO: use this +// // Logger returns a logger that can be used by the current module. +// func (ctx Context) Log() *zap.Logger { +// if ctx.cfg == nil { +// // often the case in tests; just use a dev logger +// l, err := zap.NewDevelopment() +// if err != nil { +// panic("config missing, unable to create dev logger: " + err.Error()) +// } +// return l +// } +// return ctx.cfg.Logging.Logger(ctx.Module()) +// } + +// Modules returns the lineage of modules that this context provisioned, +// with the most recent/current module being last in the list. +func (ctx Context) Modules() []Module { + mods := make([]Module, len(ctx.ancestry)) + copy(mods, ctx.ancestry) + return mods +} + +// Module returns the current module, or the most recent one +// provisioned by the context. +func (ctx Context) Module() Module { + if len(ctx.ancestry) == 0 { + return nil + } + return ctx.ancestry[len(ctx.ancestry)-1] +} diff --git a/go.mod b/go.mod index f8f78633..8504d9cc 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( github.com/Masterminds/sprig/v3 v3.2.2 github.com/alecthomas/chroma v0.10.0 github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b - github.com/caddyserver/certmagic v0.16.3 + github.com/caddyserver/certmagic v0.17.0 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-chi/chi v4.1.2+incompatible github.com/google/cel-go v0.12.4 diff --git a/go.sum b/go.sum index e9409c16..88e53ac9 100644 --- a/go.sum +++ b/go.sum @@ -131,8 +131,8 @@ github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6r github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84= github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps= -github.com/caddyserver/certmagic v0.16.3 h1:1ZbiU7y5X0MnDjBTXywUbPMs/ScHbgCeeCy/LPh4IZk= -github.com/caddyserver/certmagic v0.16.3/go.mod h1:pSS2aZcdKlrTZrb2DKuRafckx20o5Fz1EdDKEB8KOQM= +github.com/caddyserver/certmagic v0.17.0 h1:AHHvvmv6SNcq0vK5BgCevQqYMV8GNprVk6FWZzx8d+Q= +github.com/caddyserver/certmagic v0.17.0/go.mod h1:pSS2aZcdKlrTZrb2DKuRafckx20o5Fz1EdDKEB8KOQM= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs= diff --git a/modules/caddyevents/app.go b/modules/caddyevents/app.go new file mode 100644 index 00000000..0c05fe58 --- /dev/null +++ b/modules/caddyevents/app.go @@ -0,0 +1,367 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package caddyevents + +import ( + "context" + "encoding/json" + "errors" + "fmt" + "strings" + "time" + + "github.com/caddyserver/caddy/v2" + "github.com/google/uuid" + "go.uber.org/zap" +) + +func init() { + caddy.RegisterModule(App{}) +} + +// App implements a global eventing system within Caddy. +// Modules can emit and subscribe to events, providing +// hooks into deep parts of the code base that aren't +// otherwise accessible. Events provide information about +// what and when things are happening, and this facility +// allows handlers to take action when events occur, +// add information to the event's metadata, and even +// control program flow in some cases. +// +// Events are propagated in a DOM-like fashion. An event +// emitted from module `a.b.c` (the "origin") will first +// invoke handlers listening to `a.b.c`, then `a.b`, +// then `a`, then those listening regardless of origin. +// If a handler returns the special error Aborted, then +// propagation immediately stops and the event is marked +// as aborted. Emitters may optionally choose to adjust +// program flow based on an abort. +// +// Modules can subscribe to events by origin and/or name. +// A handler is invoked only if it is subscribed to the +// event by name and origin. Subscriptions should be +// registered during the provisioning phase, before apps +// are started. +// +// Event handlers are fired synchronously as part of the +// regular flow of the program. This allows event handlers +// to control the flow of the program if the origin permits +// it and also allows handlers to convey new information +// back into the origin module before it continues. +// In essence, event handlers are similar to HTTP +// middleware handlers. +// +// Event bindings/subscribers are unordered; i.e. +// event handlers are invoked in an arbitrary order. +// Event handlers should not rely on the logic of other +// handlers to succeed. +// +// The entirety of this app module is EXPERIMENTAL and +// subject to change. Pay attention to release notes. +type App struct { + // Subscriptions bind handlers to one or more events + // either globally or scoped to specific modules or module + // namespaces. + Subscriptions []*Subscription `json:"subscriptions,omitempty"` + + // Map of event name to map of module ID/namespace to handlers + subscriptions map[string]map[caddy.ModuleID][]Handler + + logger *zap.Logger + started bool +} + +// Subscription represents binding of one or more handlers to +// one or more events. +type Subscription struct { + // The name(s) of the event(s) to bind to. Default: all events. + Events []string `json:"events,omitempty"` + + // The ID or namespace of the module(s) from which events + // originate to listen to for events. Default: all modules. + // + // Events propagate up, so events emitted by module "a.b.c" + // will also trigger the event for "a.b" and "a". Thus, to + // receive all events from "a.b.c" and "a.b.d", for example, + // one can subscribe to either "a.b" or all of "a" entirely. + Modules []caddy.ModuleID `json:"modules,omitempty"` + + // The event handler modules. These implement the actual + // behavior to invoke when an event occurs. At least one + // handler is required. + HandlersRaw []json.RawMessage `json:"handlers,omitempty" caddy:"namespace=events.handlers inline_key=handler"` + + // The decoded handlers; Go code that is subscribing to + // an event should set this field directly; HandlersRaw + // is meant for JSON configuration to fill out this field. + Handlers []Handler `json:"-"` +} + +// CaddyModule returns the Caddy module information. +func (App) CaddyModule() caddy.ModuleInfo { + return caddy.ModuleInfo{ + ID: "events", + New: func() caddy.Module { return new(App) }, + } +} + +// Provision sets up the app. +func (app *App) Provision(ctx caddy.Context) error { + app.logger = ctx.Logger(app) + app.subscriptions = make(map[string]map[caddy.ModuleID][]Handler) + + for _, sub := range app.Subscriptions { + if sub.HandlersRaw != nil { + handlersIface, err := ctx.LoadModule(sub, "HandlersRaw") + if err != nil { + return fmt.Errorf("loading event subscriber modules: %v", err) + } + for _, h := range handlersIface.([]any) { + sub.Handlers = append(sub.Handlers, h.(Handler)) + } + if len(sub.Handlers) == 0 { + // pointless to bind without any handlers + return fmt.Errorf("no handlers defined") + } + } + } + + return nil +} + +// Start runs the app. +func (app *App) Start() error { + for _, sub := range app.Subscriptions { + if err := app.Subscribe(sub); err != nil { + return err + } + } + + app.started = true + + return nil +} + +// Stop gracefully shuts down the app. +func (app *App) Stop() error { + return nil +} + +// Subscribe binds one or more event handlers to one or more events +// according to the subscription s. For now, subscriptions can only +// be created during the provision phase; new bindings cannot be +// created after the events app has started. +func (app *App) Subscribe(s *Subscription) error { + if app.started { + return fmt.Errorf("events already started; new subscriptions closed") + } + + // handle special case of catch-alls (omission of event name or module space implies all) + if len(s.Events) == 0 { + s.Events = []string{""} + } + if len(s.Modules) == 0 { + s.Modules = []caddy.ModuleID{""} + } + + for _, eventName := range s.Events { + if app.subscriptions[eventName] == nil { + app.subscriptions[eventName] = make(map[caddy.ModuleID][]Handler) + } + for _, originModule := range s.Modules { + app.subscriptions[eventName][originModule] = append(app.subscriptions[eventName][originModule], s.Handlers...) + } + } + + return nil +} + +// On is syntactic sugar for Subscribe() that binds a single handler +// to a single event from any module. If the eventName is empty string, +// it counts for all events. +func (app *App) On(eventName string, handler Handler) error { + return app.Subscribe(&Subscription{ + Events: []string{eventName}, + Handlers: []Handler{handler}, + }) +} + +// Emit creates and dispatches an event named eventName to all relevant handlers with +// the metadata data. Events are emitted and propagated synchronously. The returned Event +// value will have any additional information from the invoked handlers. +func (app *App) Emit(ctx caddy.Context, eventName string, data map[string]any) Event { + id, err := uuid.NewRandom() + if err != nil { + app.logger.Error("failed generating new event ID", + zap.Error(err), + zap.String("event", eventName)) + } + + eventName = strings.ToLower(eventName) + + e := Event{ + id: id, + ts: time.Now(), + name: eventName, + origin: ctx.Module(), + data: data, + } + + // add event info to replacer, make sure it's in the context + repl, ok := ctx.Context.Value(caddy.ReplacerCtxKey).(*caddy.Replacer) + if !ok { + repl = caddy.NewReplacer() + ctx.Context = context.WithValue(ctx.Context, caddy.ReplacerCtxKey, repl) + } + repl.Map(func(key string) (any, bool) { + switch key { + case "event": + return e, true + case "event.id": + return e.id, true + case "event.name": + return e.name, true + case "event.time": + return e.ts, true + case "event.time_unix": + return e.ts.UnixMilli(), true + case "event.module": + return e.origin.CaddyModule().ID, true + case "event.data": + return e.data, true + } + + if strings.HasPrefix(key, "event.data.") { + key = strings.TrimPrefix(key, "event.data.") + if val, ok := data[key]; ok { + return val, true + } + } + + return nil, false + }) + + app.logger.Debug("event", + zap.String("name", e.name), + zap.String("id", e.id.String()), + zap.String("origin", e.origin.CaddyModule().String()), + zap.Any("data", e.data), + ) + + // invoke handlers bound to the event by name and also all events; this for loop + // iterates twice at most: once for the event name, once for "" (all events) + for { + moduleID := e.origin.CaddyModule().ID + + // implement propagation up the module tree (i.e. start with "a.b.c" then "a.b" then "a" then "") + for { + if app.subscriptions[eventName] == nil { + break // shortcut if event not bound at all + } + + for _, handler := range app.subscriptions[eventName][moduleID] { + if err := handler.Handle(ctx, e); err != nil { + aborted := errors.Is(err, ErrAborted) + + app.logger.Error("handler error", + zap.Error(err), + zap.Bool("aborted", aborted)) + + if aborted { + e.Aborted = err + return e + } + } + } + + if moduleID == "" { + break + } + lastDot := strings.LastIndex(string(moduleID), ".") + if lastDot < 0 { + moduleID = "" // include handlers bound to events regardless of module + } else { + moduleID = moduleID[:lastDot] + } + } + + // include handlers listening to all events + if eventName == "" { + break + } + eventName = "" + } + + return e +} + +// Event represents something that has happened or is happening. +type Event struct { + id uuid.UUID + ts time.Time + name string + origin caddy.Module + data map[string]any + + // If non-nil, the event has been aborted, meaning + // propagation has stopped to other handlers and + // the code should stop what it was doing. Emitters + // may choose to use this as a signal to adjust their + // code path appropriately. + Aborted error +} + +// CloudEvent exports event e as a structure that, when +// serialized as JSON, is compatible with the +// CloudEvents spec. +func (e Event) CloudEvent() CloudEvent { + dataJSON, _ := json.Marshal(e.data) + return CloudEvent{ + ID: e.id.String(), + Source: e.origin.CaddyModule().String(), + SpecVersion: "1.0", + Type: e.name, + Time: e.ts, + DataContentType: "application/json", + Data: dataJSON, + } +} + +// CloudEvent is a JSON-serializable structure that +// is compatible with the CloudEvents specification. +// See https://cloudevents.io. +type CloudEvent struct { + ID string `json:"id"` + Source string `json:"source"` + SpecVersion string `json:"specversion"` + Type string `json:"type"` + Time time.Time `json:"time"` + DataContentType string `json:"datacontenttype,omitempty"` + Data json.RawMessage `json:"data,omitempty"` +} + +// ErrAborted cancels an event. +var ErrAborted = errors.New("event aborted") + +// Handler is a type that can handle events. +type Handler interface { + Handle(context.Context, Event) error +} + +// Interface guards +var ( + _ caddy.App = (*App)(nil) + _ caddy.Provisioner = (*App)(nil) +) diff --git a/modules/caddyevents/eventsconfig/caddyfile.go b/modules/caddyevents/eventsconfig/caddyfile.go new file mode 100644 index 00000000..9c3fae78 --- /dev/null +++ b/modules/caddyevents/eventsconfig/caddyfile.go @@ -0,0 +1,88 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Package eventsconfig is for configuring caddyevents.App with the +// Caddyfile. This code can't be in the caddyevents package because +// the httpcaddyfile package imports caddyhttp, which imports +// caddyevents: hence, it creates an import cycle. +package eventsconfig + +import ( + "encoding/json" + + "github.com/caddyserver/caddy/v2/caddyconfig" + "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" + "github.com/caddyserver/caddy/v2/caddyconfig/httpcaddyfile" + "github.com/caddyserver/caddy/v2/modules/caddyevents" +) + +func init() { + httpcaddyfile.RegisterGlobalOption("events", parseApp) +} + +// parseApp configures the "events" global option from Caddyfile to set up the events app. +// Syntax: +// +// events { +// on +// } +// +// If is *, then it will bind to all events. +func parseApp(d *caddyfile.Dispenser, _ any) (any, error) { + app := new(caddyevents.App) + + // consume the option name + if !d.Next() { + return nil, d.ArgErr() + } + + // handle the block + for d.NextBlock(0) { + switch d.Val() { + case "on": + if !d.NextArg() { + return nil, d.ArgErr() + } + eventName := d.Val() + if eventName == "*" { + eventName = "" + } + + if !d.NextArg() { + return nil, d.ArgErr() + } + handlerName := d.Val() + modID := "events.handlers." + handlerName + unm, err := caddyfile.UnmarshalModule(d, modID) + if err != nil { + return nil, err + } + + app.Subscriptions = append(app.Subscriptions, &caddyevents.Subscription{ + Events: []string{eventName}, + HandlersRaw: []json.RawMessage{ + caddyconfig.JSONModuleObject(unm, "handler", handlerName, nil), + }, + }) + + default: + return nil, d.ArgErr() + } + } + + return httpcaddyfile.App{ + Name: "events", + Value: caddyconfig.JSON(app, nil), + }, nil +} diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go index a3d0f7e1..3db87b18 100644 --- a/modules/caddyhttp/app.go +++ b/modules/caddyhttp/app.go @@ -24,6 +24,7 @@ import ( "time" "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/caddy/v2/modules/caddyevents" "github.com/caddyserver/caddy/v2/modules/caddytls" "go.uber.org/zap" "golang.org/x/net/http2" @@ -161,6 +162,11 @@ func (app *App) Provision(ctx caddy.Context) error { app.ctx = ctx app.logger = ctx.Logger(app) + eventsAppIface, err := ctx.App("events") + if err != nil { + return fmt.Errorf("getting events app: %v", err) + } + repl := caddy.NewReplacer() // this provisions the matchers for each route, @@ -175,6 +181,8 @@ func (app *App) Provision(ctx caddy.Context) error { for srvName, srv := range app.Servers { srv.name = srvName srv.tlsApp = app.tlsApp + srv.events = eventsAppIface.(*caddyevents.App) + srv.ctx = ctx srv.logger = app.logger.Named("log") srv.errorLogger = app.logger.Named("log.error") srv.shutdownAtMu = new(sync.RWMutex) diff --git a/modules/caddyhttp/reverseproxy/healthchecks.go b/modules/caddyhttp/reverseproxy/healthchecks.go index eb986388..cf22d261 100644 --- a/modules/caddyhttp/reverseproxy/healthchecks.go +++ b/modules/caddyhttp/reverseproxy/healthchecks.go @@ -284,6 +284,13 @@ func (h *Handler) doActiveHealthCheck(dialInfo DialInfo, hostAddr string, upstre } } + markUnhealthy := func() { + // dispatch an event that the host newly became unhealthy + if upstream.setHealthy(false) { + h.events.Emit(h.ctx, "unhealthy", map[string]any{"host": hostAddr}) + } + } + // do the request, being careful to tame the response body resp, err := h.HealthChecks.Active.httpClient.Do(req) if err != nil { @@ -291,7 +298,7 @@ func (h *Handler) doActiveHealthCheck(dialInfo DialInfo, hostAddr string, upstre zap.String("host", hostAddr), zap.Error(err), ) - upstream.setHealthy(false) + markUnhealthy() return nil } var body io.Reader = resp.Body @@ -311,7 +318,7 @@ func (h *Handler) doActiveHealthCheck(dialInfo DialInfo, hostAddr string, upstre zap.Int("status_code", resp.StatusCode), zap.String("host", hostAddr), ) - upstream.setHealthy(false) + markUnhealthy() return nil } } else if resp.StatusCode < 200 || resp.StatusCode >= 400 { @@ -319,7 +326,7 @@ func (h *Handler) doActiveHealthCheck(dialInfo DialInfo, hostAddr string, upstre zap.Int("status_code", resp.StatusCode), zap.String("host", hostAddr), ) - upstream.setHealthy(false) + markUnhealthy() return nil } @@ -331,14 +338,14 @@ func (h *Handler) doActiveHealthCheck(dialInfo DialInfo, hostAddr string, upstre zap.String("host", hostAddr), zap.Error(err), ) - upstream.setHealthy(false) + markUnhealthy() return nil } if !h.HealthChecks.Active.bodyRegexp.Match(bodyBytes) { h.HealthChecks.Active.logger.Info("response body failed expectations", zap.String("host", hostAddr), ) - upstream.setHealthy(false) + markUnhealthy() return nil } } @@ -346,6 +353,7 @@ func (h *Handler) doActiveHealthCheck(dialInfo DialInfo, hostAddr string, upstre // passed health check parameters, so mark as healthy if upstream.setHealthy(true) { h.HealthChecks.Active.logger.Info("host is up", zap.String("host", hostAddr)) + h.events.Emit(h.ctx, "healthy", map[string]any{"host": hostAddr}) } return nil diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index b806ddac..895682fd 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -36,6 +36,7 @@ import ( "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" + "github.com/caddyserver/caddy/v2/modules/caddyevents" "github.com/caddyserver/caddy/v2/modules/caddyhttp" "github.com/caddyserver/caddy/v2/modules/caddyhttp/headers" "github.com/caddyserver/caddy/v2/modules/caddyhttp/rewrite" @@ -193,6 +194,7 @@ type Handler struct { ctx caddy.Context logger *zap.Logger + events *caddyevents.App } // CaddyModule returns the Caddy module information. @@ -205,6 +207,11 @@ func (Handler) CaddyModule() caddy.ModuleInfo { // Provision ensures that h is set up properly before use. func (h *Handler) Provision(ctx caddy.Context) error { + eventAppIface, err := ctx.App("events") + if err != nil { + return fmt.Errorf("getting events app: %v", err) + } + h.events = eventAppIface.(*caddyevents.App) h.ctx = ctx h.logger = ctx.Logger(h) diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index be59184b..eec4d1b2 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -30,6 +30,7 @@ import ( "time" "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/caddy/v2/modules/caddyevents" "github.com/caddyserver/caddy/v2/modules/caddytls" "github.com/caddyserver/certmagic" "github.com/lucas-clemente/quic-go/http3" @@ -154,9 +155,11 @@ type Server struct { listeners []net.Listener tlsApp *caddytls.TLS + events *caddyevents.App logger *zap.Logger accessLogger *zap.Logger errorLogger *zap.Logger + ctx caddy.Context server *http.Server h3server *http3.Server diff --git a/modules/caddytls/automation.go b/modules/caddytls/automation.go index 0a732b8d..e80d3558 100644 --- a/modules/caddytls/automation.go +++ b/modules/caddytls/automation.go @@ -256,6 +256,7 @@ func (ap *AutomationPolicy) Provision(tlsApp *TLS) error { MustStaple: ap.MustStaple, RenewalWindowRatio: ap.RenewalWindowRatio, KeySource: keySource, + OnEvent: tlsApp.onEvent, OnDemand: ond, OCSP: certmagic.OCSPConfig{ DisableStapling: ap.DisableOCSPStapling, diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go index f1294899..fc5f2ace 100644 --- a/modules/caddytls/tls.go +++ b/modules/caddytls/tls.go @@ -15,6 +15,7 @@ package caddytls import ( + "context" "crypto/tls" "encoding/json" "fmt" @@ -25,6 +26,7 @@ import ( "time" "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/caddy/v2/modules/caddyevents" "github.com/caddyserver/certmagic" "go.uber.org/zap" ) @@ -73,6 +75,7 @@ type TLS struct { storageCleanTicker *time.Ticker storageCleanStop chan struct{} logger *zap.Logger + events *caddyevents.App } // CaddyModule returns the Caddy module information. @@ -85,6 +88,11 @@ func (TLS) CaddyModule() caddy.ModuleInfo { // Provision sets up the configuration for the TLS app. func (t *TLS) Provision(ctx caddy.Context) error { + eventsAppIface, err := ctx.App("events") + if err != nil { + return fmt.Errorf("getting events app: %v", err) + } + t.events = eventsAppIface.(*caddyevents.App) t.ctx = ctx t.logger = ctx.Logger(t) repl := caddy.NewReplacer() @@ -189,6 +197,7 @@ func (t *TLS) Provision(ctx caddy.Context) error { magic := certmagic.New(t.certCache, certmagic.Config{ Storage: ctx.Storage(), Logger: t.logger, + OnEvent: t.onEvent, OCSP: certmagic.OCSPConfig{ DisableStapling: t.DisableOCSPStapling, }, @@ -514,6 +523,12 @@ func (t *TLS) storageCleanInterval() time.Duration { return defaultStorageCleanInterval } +// onEvent translates CertMagic events into Caddy events then dispatches them. +func (t *TLS) onEvent(ctx context.Context, eventName string, data map[string]any) error { + evt := t.events.Emit(t.ctx, eventName, data) + return evt.Aborted +} + // CertificateLoader is a type that can load certificates. // Certificates can optionally be associated with tags. type CertificateLoader interface { diff --git a/modules/standard/imports.go b/modules/standard/imports.go index bc2d955d..a9d0b396 100644 --- a/modules/standard/imports.go +++ b/modules/standard/imports.go @@ -3,6 +3,8 @@ package standard import ( // standard Caddy modules _ "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" + _ "github.com/caddyserver/caddy/v2/modules/caddyevents" + _ "github.com/caddyserver/caddy/v2/modules/caddyevents/eventsconfig" _ "github.com/caddyserver/caddy/v2/modules/caddyhttp/standard" _ "github.com/caddyserver/caddy/v2/modules/caddypki" _ "github.com/caddyserver/caddy/v2/modules/caddypki/acmeserver" diff --git a/usagepool.go b/usagepool.go index c3444155..7007849f 100644 --- a/usagepool.go +++ b/usagepool.go @@ -25,15 +25,15 @@ import ( // only inserted if they do not already exist. There // are two ways to add values to the pool: // -// 1) LoadOrStore will increment usage and store the -// value immediately if it does not already exist. -// 2) LoadOrNew will atomically check for existence -// and construct the value immediately if it does -// not already exist, or increment the usage -// otherwise, then store that value in the pool. -// When the constructed value is finally deleted -// from the pool (when its usage reaches 0), it -// will be cleaned up by calling Destruct(). +// 1. LoadOrStore will increment usage and store the +// value immediately if it does not already exist. +// 2. LoadOrNew will atomically check for existence +// and construct the value immediately if it does +// not already exist, or increment the usage +// otherwise, then store that value in the pool. +// When the constructed value is finally deleted +// from the pool (when its usage reaches 0), it +// will be cleaned up by calling Destruct(). // // The use of LoadOrNew allows values to be created // and reused and finally cleaned up only once, even @@ -196,7 +196,7 @@ func (up *UsagePool) Delete(key any) (deleted bool, err error) { // References returns the number of references (count of usages) to a // key in the pool, and true if the key exists, or false otherwise. -func (up *UsagePool) References(key interface{}) (int, bool) { +func (up *UsagePool) References(key any) (int, bool) { up.RLock() upv, loaded := up.pool[key] up.RUnlock() From 3cd7437b3d2aa7e72129f18991a4eb71214febb6 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 31 Aug 2022 18:48:46 -0600 Subject: [PATCH 0750/1498] events: Tune logging and context cancellation --- modules/caddyevents/app.go | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/modules/caddyevents/app.go b/modules/caddyevents/app.go index 0c05fe58..3ae40e81 100644 --- a/modules/caddyevents/app.go +++ b/modules/caddyevents/app.go @@ -202,11 +202,11 @@ func (app *App) On(eventName string, handler Handler) error { // the metadata data. Events are emitted and propagated synchronously. The returned Event // value will have any additional information from the invoked handlers. func (app *App) Emit(ctx caddy.Context, eventName string, data map[string]any) Event { + logger := app.logger.With(zap.String("name", eventName)) + id, err := uuid.NewRandom() if err != nil { - app.logger.Error("failed generating new event ID", - zap.Error(err), - zap.String("event", eventName)) + logger.Error("failed generating new event ID", zap.Error(err)) } eventName = strings.ToLower(eventName) @@ -219,6 +219,10 @@ func (app *App) Emit(ctx caddy.Context, eventName string, data map[string]any) E data: data, } + logger = logger.With( + zap.String("id", e.id.String()), + zap.String("origin", e.origin.CaddyModule().String())) + // add event info to replacer, make sure it's in the context repl, ok := ctx.Context.Value(caddy.ReplacerCtxKey).(*caddy.Replacer) if !ok { @@ -253,12 +257,7 @@ func (app *App) Emit(ctx caddy.Context, eventName string, data map[string]any) E return nil, false }) - app.logger.Debug("event", - zap.String("name", e.name), - zap.String("id", e.id.String()), - zap.String("origin", e.origin.CaddyModule().String()), - zap.Any("data", e.data), - ) + logger.Debug("event", zap.Any("data", e.data)) // invoke handlers bound to the event by name and also all events; this for loop // iterates twice at most: once for the event name, once for "" (all events) @@ -272,10 +271,17 @@ func (app *App) Emit(ctx caddy.Context, eventName string, data map[string]any) E } for _, handler := range app.subscriptions[eventName][moduleID] { + select { + case <-ctx.Done(): + logger.Error("context canceled; event handling stopped") + return e + default: + } + if err := handler.Handle(ctx, e); err != nil { aborted := errors.Is(err, ErrAborted) - app.logger.Error("handler error", + logger.Error("handler error", zap.Error(err), zap.Bool("aborted", aborted)) From cb849bd6648294feb42eac1081aece589f20eaf6 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 31 Aug 2022 18:49:34 -0600 Subject: [PATCH 0751/1498] caddyhttp: Disable draft versions of QUIC See comment in #4996 --- modules/caddyhttp/server.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index eec4d1b2..dcf9af1a 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -33,6 +33,7 @@ import ( "github.com/caddyserver/caddy/v2/modules/caddyevents" "github.com/caddyserver/caddy/v2/modules/caddytls" "github.com/caddyserver/certmagic" + "github.com/lucas-clemente/quic-go" "github.com/lucas-clemente/quic-go/http3" "go.uber.org/zap" "go.uber.org/zap/zapcore" @@ -486,6 +487,10 @@ func (s *Server) serveHTTP3(hostport string, tlsCfg *tls.Config) error { Handler: s, TLSConfig: tlsCfg, MaxHeaderBytes: s.MaxHeaderBytes, + // TODO: remove this config when draft versions are no longer supported (we have no need to support drafts) + QuicConfig: &quic.Config{ + Versions: []quic.VersionNumber{quic.Version1, quic.Version2}, + }, } } From 1edc1a45e3aee1f7d86b68c3ddaf2fd16ba8ab73 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Thu, 1 Sep 2022 16:30:03 -0600 Subject: [PATCH 0752/1498] core: Plugins can register listener networks (#5002) * core: Plugins can register listener networks This can be useful for custom listeners. This feature/API is experimental and may change! * caddyhttp: Expose server listeners --- listeners.go | 38 +++++++++++++++++++++++++++++++++++++ modules/caddyhttp/server.go | 8 ++++++++ 2 files changed, 46 insertions(+) diff --git a/listeners.go b/listeners.go index 86983874..a95c98c3 100644 --- a/listeners.go +++ b/listeners.go @@ -31,6 +31,7 @@ import ( "github.com/lucas-clemente/quic-go" "github.com/lucas-clemente/quic-go/http3" + "go.uber.org/zap" ) // Listen is like net.Listen, except Caddy's listeners can overlap @@ -42,6 +43,14 @@ import ( // the socket have been finished. Always be sure to close listeners // when you are done with them, just like normal listeners. func Listen(network, addr string) (net.Listener, error) { + network = strings.TrimSpace(strings.ToLower(network)) + + // get listener from plugin if network type is registered + if getListener, ok := networkTypes[network]; ok { + Log().Debug("getting listener from plugin", zap.String("network", network)) + return getListener(network, addr) + } + lnKey := listenerKey(network, addr) sharedLn, _, err := listenerPool.LoadOrNew(lnKey, func() (Destructor, error) { @@ -551,6 +560,35 @@ func JoinNetworkAddress(network, host, port string) string { return a } +// RegisterNetwork registers a network type with Caddy so that if a listener is +// created for that network type, getListener will be invoked to get the listener. +// This should be called during init() and will panic if the network type is standard +// or reserved, or if it is already registered. EXPERIMENTAL and subject to change. +func RegisterNetwork(network string, getListener ListenerFunc) { + network = strings.TrimSpace(strings.ToLower(network)) + + if network == "tcp" || network == "tcp4" || network == "tcp6" || + network == "udp" || network == "udp4" || network == "udp6" || + network == "unix" || network == "unixpacket" || network == "unixgram" || + strings.HasPrefix("ip:", network) || strings.HasPrefix("ip4:", network) || strings.HasPrefix("ip6:", network) { + panic("network type " + network + " is reserved") + } + + if _, ok := networkTypes[strings.ToLower(network)]; ok { + panic("network type " + network + " is already registered") + } + + networkTypes[network] = getListener +} + +// ListenerFunc is a function that can return a listener given a network and address. +// The listeners must be capable of overlapping: with Caddy, new configs are loaded +// before old ones are unloaded, so listeners may overlap briefly if the configs +// both need the same listener. EXPERIMENTAL and subject to change. +type ListenerFunc func(network, addr string) (net.Listener, error) + +var networkTypes = map[string]ListenerFunc{} + // ListenerWrapper is a type that wraps a listener // so it can modify the input listener's methods. // Modules that implement this interface are found diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index dcf9af1a..e01e7c8e 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -579,6 +579,14 @@ func (s *Server) protocol(proto string) bool { return false } +// Listeners returns the server's listeners. These are active listeners, +// so calling Accept() or Close() on them will probably break things. +// They are made available here for read-only purposes (e.g. Addr()) +// and for type-asserting for purposes where you know what you're doing. +// +// EXPERIMENTAL: Subject to change or removal. +func (s *Server) Listeners() []net.Listener { return s.listeners } + // ServerLogConfig describes a server's logging configuration. If // enabled without customization, all requests to this server are // logged to the default logger; logger destinations may be From 7c35bfa57cb402e82b28118b69c265df3e8c94fd Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 1 Sep 2022 16:49:18 -0600 Subject: [PATCH 0753/1498] caddyhttp: Accept placeholders in vars matcher key Until now, the vars matcher has unintentionally lacked parity with the map directive: the destination placeholders of the map directive would be expressed as placeholders, i.e. {foo}. But the vars matcher would not use { }: vars foo value This looked weird, and was confusing, since it implied that the key could be dynamic, which doesn't seem helpful here. I think this is a proper bug fix, since we're not used to accessing placeholders literally without { } in the Caddyfile. --- modules/caddyhttp/vars.go | 41 +++++++++++++++++++++------------------ replacer.go | 2 ++ 2 files changed, 24 insertions(+), 19 deletions(-) diff --git a/modules/caddyhttp/vars.go b/modules/caddyhttp/vars.go index 08f3e70b..b4e1d897 100644 --- a/modules/caddyhttp/vars.go +++ b/modules/caddyhttp/vars.go @@ -18,6 +18,7 @@ import ( "context" "fmt" "net/http" + "strings" "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" @@ -62,11 +63,10 @@ func (m VarsMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Request, next H // UnmarshalCaddyfile implements caddyfile.Unmarshaler. Syntax: // -// vars [ ] { -// -// ... -// } -// +// vars [ ] { +// +// ... +// } func (m *VarsMiddleware) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { if *m == nil { *m = make(VarsMiddleware) @@ -109,14 +109,17 @@ func (m *VarsMiddleware) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { } // VarsMatcher is an HTTP request matcher which can match -// requests based on variables in the context. The key is -// the name of the variable, and the values are possible -// values the variable can be in order to match (OR'ed). +// requests based on variables in the context or placeholder +// values. The key is the placeholder or name of the variable, +// and the values are possible values the variable can be in +// order to match (logical OR'ed). // -// As a special case, this matcher can also match on -// placeholders generally. If the key is not an HTTP chain -// variable, it will be checked to see if it is a -// placeholder name, and if so, will compare its value. +// If the key is surrounded by `{ }` it is assumed to be a +// placeholder. Otherwise, it will be considered a variable +// name. +// +// Placeholders in the keys are not expanded, but +// placeholders in the values are. type VarsMatcher map[string][]string // CaddyModule returns the Caddy module information. @@ -160,13 +163,13 @@ func (m VarsMatcher) Match(r *http.Request) bool { repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) for key, vals := range m { - // look up the comparison value we will check against with this key - matcherVarNameExpanded := repl.ReplaceAll(key, "") - varValue, ok := vars[matcherVarNameExpanded] - if !ok { - // as a special case, if it's not an HTTP variable, - // see if it's a placeholder name - varValue, _ = repl.Get(matcherVarNameExpanded) + var varValue any + if strings.HasPrefix(key, "{") && + strings.HasSuffix(key, "}") && + strings.Count(key, "{") == 1 { + varValue, _ = repl.Get(strings.Trim(key, "{}")) + } else { + varValue = vars[key] } // see if any of the values given in the matcher match the actual value diff --git a/replacer.go b/replacer.go index b8b22671..aa943cf7 100644 --- a/replacer.go +++ b/replacer.go @@ -238,6 +238,8 @@ func toString(val any) string { return v case fmt.Stringer: return v.String() + case error: + return v.Error() case byte: return string(v) case []byte: From 7d5108d132d3bccfd8d83bc3fc2dbc46afde20ae Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Thu, 1 Sep 2022 23:12:37 -0400 Subject: [PATCH 0754/1498] httpcaddyfile: Add shortcut for expression matchers (#4976) --- caddyconfig/caddyfile/lexer.go | 4 ++ caddyconfig/httpcaddyfile/httptype.go | 47 +++++++++++++++---- .../caddyfile_adapt/matcher_syntax.txt | 32 +++++++++---- 3 files changed, 65 insertions(+), 18 deletions(-) diff --git a/caddyconfig/caddyfile/lexer.go b/caddyconfig/caddyfile/lexer.go index 4a23524d..5605a6aa 100644 --- a/caddyconfig/caddyfile/lexer.go +++ b/caddyconfig/caddyfile/lexer.go @@ -191,3 +191,7 @@ func Tokenize(input []byte, filename string) ([]Token, error) { } return tokens, nil } + +func (t Token) Quoted() bool { + return t.wasQuoted > 0 +} diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 8fef131b..2182a5b8 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -1201,6 +1201,7 @@ func (st *ServerType) compileEncodedMatcherSets(sblock serverBlock) ([]caddy.Mod func parseMatcherDefinitions(d *caddyfile.Dispenser, matchers map[string]caddy.ModuleMap) error { for d.Next() { + // this is the "name" for "named matchers" definitionName := d.Val() if _, ok := matchers[definitionName]; ok { @@ -1208,16 +1209,9 @@ func parseMatcherDefinitions(d *caddyfile.Dispenser, matchers map[string]caddy.M } matchers[definitionName] = make(caddy.ModuleMap) - // in case there are multiple instances of the same matcher, concatenate - // their tokens (we expect that UnmarshalCaddyfile should be able to - // handle more than one segment); otherwise, we'd overwrite other - // instances of the matcher in this set - tokensByMatcherName := make(map[string][]caddyfile.Token) - for nesting := d.Nesting(); d.NextArg() || d.NextBlock(nesting); { - matcherName := d.Val() - tokensByMatcherName[matcherName] = append(tokensByMatcherName[matcherName], d.NextSegment()...) - } - for matcherName, tokens := range tokensByMatcherName { + // given a matcher name and the tokens following it, parse + // the tokens as a matcher module and record it + makeMatcher := func(matcherName string, tokens []caddyfile.Token) error { mod, err := caddy.GetModule("http.matchers." + matcherName) if err != nil { return fmt.Errorf("getting matcher module '%s': %v", matcherName, err) @@ -1235,6 +1229,39 @@ func parseMatcherDefinitions(d *caddyfile.Dispenser, matchers map[string]caddy.M return fmt.Errorf("matcher module '%s' is not a request matcher", matcherName) } matchers[definitionName][matcherName] = caddyconfig.JSON(rm, nil) + return nil + } + + // if the next token is quoted, we can assume it's not a matcher name + // and that it's probably an 'expression' matcher + if d.NextArg() { + if d.Token().Quoted() { + err := makeMatcher("expression", []caddyfile.Token{d.Token()}) + if err != nil { + return err + } + continue + } + + // if it wasn't quoted, then we need to rewind after calling + // d.NextArg() so the below properly grabs the matcher name + d.Prev() + } + + // in case there are multiple instances of the same matcher, concatenate + // their tokens (we expect that UnmarshalCaddyfile should be able to + // handle more than one segment); otherwise, we'd overwrite other + // instances of the matcher in this set + tokensByMatcherName := make(map[string][]caddyfile.Token) + for nesting := d.Nesting(); d.NextArg() || d.NextBlock(nesting); { + matcherName := d.Val() + tokensByMatcherName[matcherName] = append(tokensByMatcherName[matcherName], d.NextSegment()...) + } + for matcherName, tokens := range tokensByMatcherName { + err := makeMatcher(matcherName, tokens) + if err != nil { + return err + } } } return nil diff --git a/caddytest/integration/caddyfile_adapt/matcher_syntax.txt b/caddytest/integration/caddyfile_adapt/matcher_syntax.txt index a3e0a50e..fb3dfb66 100644 --- a/caddytest/integration/caddyfile_adapt/matcher_syntax.txt +++ b/caddytest/integration/caddyfile_adapt/matcher_syntax.txt @@ -19,27 +19,30 @@ @matcher6 vars_regexp "{http.request.uri}" `\.([a-f0-9]{6})\.(css|js)$` respond @matcher6 "from vars_regexp matcher without name" - @matcher7 { + @matcher7 `path('/foo*') && method('GET')` + respond @matcher7 "inline expression matcher shortcut" + + @matcher8 { header Foo bar header Foo foobar header Bar foo } - respond @matcher7 "header matcher merging values of the same field" + respond @matcher8 "header matcher merging values of the same field" - @matcher8 { + @matcher9 { query foo=bar foo=baz bar=foo query bar=baz } - respond @matcher8 "query matcher merging pairs with the same keys" + respond @matcher9 "query matcher merging pairs with the same keys" - @matcher9 { + @matcher10 { header !Foo header Bar foo } - respond @matcher9 "header matcher with null field matcher" + respond @matcher10 "header matcher with null field matcher" - @matcher10 remote_ip private_ranges - respond @matcher10 "remote_ip matcher with private ranges" + @matcher11 remote_ip private_ranges + respond @matcher11 "remote_ip matcher with private ranges" } ---------- { @@ -152,6 +155,19 @@ } ] }, + { + "match": [ + { + "expression": "path('/foo*') \u0026\u0026 method('GET')" + } + ], + "handle": [ + { + "body": "inline expression matcher shortcut", + "handler": "static_response" + } + ] + }, { "match": [ { From 73d4a8ba02292491fca289b324e89ef8c62fd435 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 1 Sep 2022 21:15:20 -0600 Subject: [PATCH 0755/1498] map: Coerce val to string, fix #4987 Also prevent infinite recursion, and enforce placeholder syntax. --- caddyconfig/caddyfile/dispenser.go | 8 +++---- modules/caddyhttp/map/caddyfile.go | 10 ++++----- modules/caddyhttp/map/map.go | 26 +++++++++++++++++------ modules/caddyhttp/templates/tplcontext.go | 17 ++------------- replacer.go | 12 ++++++----- 5 files changed, 38 insertions(+), 35 deletions(-) diff --git a/caddyconfig/caddyfile/dispenser.go b/caddyconfig/caddyfile/dispenser.go index b37d2329..91bd9a50 100644 --- a/caddyconfig/caddyfile/dispenser.go +++ b/caddyconfig/caddyfile/dispenser.go @@ -146,15 +146,15 @@ func (d *Dispenser) NextLine() bool { // // Proper use of this method looks like this: // -// for nesting := d.Nesting(); d.NextBlock(nesting); { -// } +// for nesting := d.Nesting(); d.NextBlock(nesting); { +// } // // However, in simple cases where it is known that the // Dispenser is new and has not already traversed state // by a loop over NextBlock(), this will do: // -// for d.NextBlock(0) { -// } +// for d.NextBlock(0) { +// } // // As with other token parsing logic, a loop over // NextBlock() should be contained within a loop over diff --git a/modules/caddyhttp/map/caddyfile.go b/modules/caddyhttp/map/caddyfile.go index f38aff78..9cc7d8c6 100644 --- a/modules/caddyhttp/map/caddyfile.go +++ b/modules/caddyhttp/map/caddyfile.go @@ -27,10 +27,10 @@ func init() { // parseCaddyfile sets up the map handler from Caddyfile tokens. Syntax: // -// map [] { -// [~] -// default -// } +// map [] { +// [~] +// default +// } // // If the input value is prefixed with a tilde (~), then the input will be parsed as a // regular expression. @@ -76,7 +76,7 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) continue } - // every other line maps one input to one or more outputs + // every line maps an input value to one or more outputs in := h.Val() var outs []any for h.NextArg() { diff --git a/modules/caddyhttp/map/map.go b/modules/caddyhttp/map/map.go index bbc1249d..d41806d4 100644 --- a/modules/caddyhttp/map/map.go +++ b/modules/caddyhttp/map/map.go @@ -62,6 +62,9 @@ func (Handler) CaddyModule() caddy.ModuleInfo { // Provision sets up h. func (h *Handler) Provision(_ caddy.Context) error { for j, dest := range h.Destinations { + if strings.Count(dest, "{") != 1 || !strings.HasPrefix(dest, "{") { + return fmt.Errorf("destination must be a placeholder and only a placeholder") + } h.Destinations[j] = strings.Trim(dest, "{}") } @@ -106,6 +109,16 @@ func (h *Handler) Validate() error { } seen[input] = i + // prevent infinite recursion + for _, out := range m.Outputs { + for _, dest := range h.Destinations { + if strings.Contains(caddy.ToString(out), dest) || + strings.Contains(m.Input, dest) { + return fmt.Errorf("mapping %d requires value of {%s} to define value of {%s}: infinite recursion", i, dest, dest) + } + } + } + // ensure mappings have 1:1 output-to-destination correspondence nOut := len(m.Outputs) if nOut != nDest { @@ -135,21 +148,22 @@ func (h Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhtt if output == nil { continue } + outputStr := caddy.ToString(output) + + // evaluate regular expression if configured if m.re != nil { var result []byte matches := m.re.FindStringSubmatchIndex(input) if matches == nil { continue } - result = m.re.ExpandString(result, output.(string), input, matches) + result = m.re.ExpandString(result, outputStr, input, matches) return string(result), true } + + // otherwise simple string comparison if input == m.Input { - if outputStr, ok := output.(string); ok { - // NOTE: if the output has a placeholder that has the same key as the input, this is infinite recursion - return repl.ReplaceAll(outputStr, ""), true - } - return output, true + return repl.ReplaceAll(outputStr, ""), true } } diff --git a/modules/caddyhttp/templates/tplcontext.go b/modules/caddyhttp/templates/tplcontext.go index 96a341c8..f681399c 100644 --- a/modules/caddyhttp/templates/tplcontext.go +++ b/modules/caddyhttp/templates/tplcontext.go @@ -305,7 +305,7 @@ func (TemplateContext) funcStripHTML(s string) string { // funcMarkdown renders the markdown body as HTML. The resulting // HTML is NOT escaped so that it can be rendered as HTML. func (TemplateContext) funcMarkdown(input any) (string, error) { - inputStr := toString(input) + inputStr := caddy.ToString(input) md := goldmark.New( goldmark.WithExtensions( @@ -341,7 +341,7 @@ func (TemplateContext) funcMarkdown(input any) (string, error) { // and returns the separated key-value pairs and the body/content. input // must be a "stringy" value. func (TemplateContext) funcSplitFrontMatter(input any) (parsedMarkdownDoc, error) { - meta, body, err := extractFrontMatter(toString(input)) + meta, body, err := extractFrontMatter(caddy.ToString(input)) if err != nil { return parsedMarkdownDoc{}, err } @@ -465,19 +465,6 @@ func (h WrappedHeader) Del(field string) string { return "" } -func toString(input any) string { - switch v := input.(type) { - case string: - return v - case fmt.Stringer: - return v.String() - case error: - return v.Error() - default: - return fmt.Sprintf("%v", input) - } -} - var bufPool = sync.Pool{ New: func() any { return new(bytes.Buffer) diff --git a/replacer.go b/replacer.go index aa943cf7..d30a4061 100644 --- a/replacer.go +++ b/replacer.go @@ -78,11 +78,11 @@ func (r *Replacer) Get(variable string) (any, bool) { return nil, false } -// GetString is the same as Get, but coerces the value to a -// string representation. +// GetString is the same as Get, but coerces the value to a +// string representation as efficiently as possible. func (r *Replacer) GetString(variable string) (string, bool) { s, found := r.Get(variable) - return toString(s), found + return ToString(s), found } // Delete removes a variable with a static value @@ -204,7 +204,7 @@ scan: } // convert val to a string as efficiently as possible - valStr := toString(val) + valStr := ToString(val) // write the value; if it's empty, either return // an error or write a default value @@ -230,7 +230,9 @@ scan: return sb.String(), nil } -func toString(val any) string { +// ToString returns val as a string, as efficiently as possible. +// EXPERIMENTAL: may be changed or removed later. +func ToString(val any) string { switch v := val.(type) { case nil: return "" From d062fb40201b321c492da9b50ab8d107e0bb3c5f Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Thu, 1 Sep 2022 23:31:54 -0400 Subject: [PATCH 0756/1498] caddyhttp: Copy logger config to HTTP server during AutoHTTPS (#4990) --- modules/caddyhttp/autohttps.go | 9 +++++++++ modules/caddyhttp/server.go | 13 +++++++++++++ 2 files changed, 22 insertions(+) diff --git a/modules/caddyhttp/autohttps.go b/modules/caddyhttp/autohttps.go index 4cc5d2f2..70f999b0 100644 --- a/modules/caddyhttp/autohttps.go +++ b/modules/caddyhttp/autohttps.go @@ -93,6 +93,9 @@ func (app *App) automaticHTTPSPhase1(ctx caddy.Context, repl *caddy.Replacer) er // https://github.com/caddyserver/caddy/issues/3443) redirDomains := make(map[string][]caddy.NetworkAddress) + // the configured logger for an HTTPS enabled server + var logger *ServerLogConfig + for srvName, srv := range app.Servers { // as a prerequisite, provision route matchers; this is // required for all routes on all servers, and must be @@ -172,6 +175,11 @@ func (app *App) automaticHTTPSPhase1(ctx caddy.Context, repl *caddy.Replacer) er continue } + // clone the logger so we can apply it to the HTTP server + if srv.Logs != nil { + logger = srv.Logs.clone() + } + // for all the hostnames we found, filter them so we have // a deduplicated list of names for which to obtain certs // (only if cert management not disabled for this server) @@ -400,6 +408,7 @@ redirServersLoop: app.Servers["remaining_auto_https_redirects"] = &Server{ Listen: redirServerAddrsList, Routes: appendCatchAll(redirRoutes), + Logs: logger, } } diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index e01e7c8e..2dabf46c 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -663,6 +663,19 @@ func (slc ServerLogConfig) getLoggerName(host string) string { return slc.DefaultLoggerName } +func (slc *ServerLogConfig) clone() *ServerLogConfig { + clone := &ServerLogConfig{} + clone.DefaultLoggerName = slc.DefaultLoggerName + clone.LoggerNames = make(map[string]string) + for k, v := range slc.LoggerNames { + clone.LoggerNames[k] = v + } + clone.SkipHosts = append(clone.SkipHosts, slc.SkipHosts...) + clone.SkipUnmappedHosts = slc.SkipUnmappedHosts + clone.ShouldLogCredentials = slc.ShouldLogCredentials + return clone +} + // PrepareRequest fills the request r for use in a Caddy HTTP handler chain. w and s can // be nil, but the handlers will lose response placeholders and access to the server. func PrepareRequest(r *http.Request, repl *caddy.Replacer, w http.ResponseWriter, s *Server) *http.Request { From aefd821ae0b966c8f8599eaa59dffe1b0fc51740 Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Fri, 2 Sep 2022 06:39:18 +0300 Subject: [PATCH 0757/1498] dist: deb package manpages and bash completion scripts (#5007) --- .goreleaser.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.goreleaser.yml b/.goreleaser.yml index 0065d407..f0e26159 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -14,7 +14,11 @@ before: # run `go mod tidy`. The `/bin/sh -c '...'` is because goreleaser can't find cd in PATH without shell invocation. - /bin/sh -c 'cd ./caddy-build && go mod tidy' - git clone --depth 1 https://github.com/caddyserver/dist caddy-dist + - mkdir -p caddy-dist/man - go mod download + - go run cmd/caddy/main.go manpage --directory ./caddy-dist/man + - gzip -r ./caddy-dist/man/ + - /bin/sh -c 'go run cmd/caddy/main.go completion bash > ./caddy-dist/scripts/bash-completion' builds: - env: @@ -96,13 +100,16 @@ nfpms: - src: ./caddy-dist/welcome/index.html dst: /usr/share/caddy/index.html - - src: ./caddy-dist/scripts/completions/bash-completion + - src: ./caddy-dist/scripts/bash-completion dst: /etc/bash_completion.d/caddy - src: ./caddy-dist/config/Caddyfile dst: /etc/caddy/Caddyfile type: config + - src: ./caddy-dist/man/* + dst: /usr/share/man/man8/ + scripts: postinstall: ./caddy-dist/scripts/postinstall.sh preremove: ./caddy-dist/scripts/preremove.sh From e77992dd99509c883dbb3b6dd185f771a42e5fae Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 1 Sep 2022 21:40:15 -0600 Subject: [PATCH 0758/1498] Fix failing test --- caddytest/integration/map_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/caddytest/integration/map_test.go b/caddytest/integration/map_test.go index 7cd769e7..afed0c35 100644 --- a/caddytest/integration/map_test.go +++ b/caddytest/integration/map_test.go @@ -60,7 +60,7 @@ func TestMapRespondWithDefault(t *testing.T) { tester.AssertPostResponseBody("http://localhost:9080/version", []string{}, bytes.NewBuffer([]byte{}), 200, "hello from localhost unknown") } -func TestMapAsJson(t *testing.T) { +func TestMapAsJSON(t *testing.T) { // arrange tester := caddytest.NewTester(t) tester.InitServer(` @@ -85,7 +85,7 @@ func TestMapAsJson(t *testing.T) { { "handler": "map", "source": "{http.request.method}", - "destinations": ["dest-name"], + "destinations": ["{dest-name}"], "defaults": ["unknown"], "mappings": [ { From ec2a5762b03356aa3b59714d51fd969e9bf3f6e3 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 1 Sep 2022 21:41:09 -0600 Subject: [PATCH 0759/1498] cmd: Don't print long help text on error --- cmd/cobra.go | 4 ++++ cmd/main.go | 5 +---- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/cmd/cobra.go b/cmd/cobra.go index 437fda97..d2a546ca 100644 --- a/cmd/cobra.go +++ b/cmd/cobra.go @@ -91,6 +91,10 @@ https://caddyserver.com/docs/running $ caddy run --config caddy.json $ caddy reload --config caddy.json $ caddy stop`, + + // kind of annoying to have all the help text printed out if + // caddy has an error provisioning its modules, for instance... + SilenceUsage: true, } const fullDocsFooter = `Full documentation is available at: diff --git a/cmd/main.go b/cmd/main.go index 44e339af..b91559ce 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -51,12 +51,9 @@ func init() { // Main implements the main function of the caddy command. // Call this if Caddy is to be the main() of your program. func Main() { - switch len(os.Args) { - case 0: + if len(os.Args) == 0 { fmt.Printf("[FATAL] no arguments provided by OS; args[0] must be command\n") os.Exit(caddy.ExitCodeFailedStartup) - case 1: - os.Args = append(os.Args, "help") } if err := rootCmd.Execute(); err != nil { From f2a7e7c966c42b3a09bc8414136af0439fd7b630 Mon Sep 17 00:00:00 2001 From: fleandro <3987005+flga@users.noreply.github.com> Date: Fri, 2 Sep 2022 05:02:48 +0100 Subject: [PATCH 0760/1498] fastcgi: allow users to log stderr output (#4967) (#5004) Co-authored-by: flga --- .../reverseproxy/fastcgi/caddyfile.go | 76 +++++++++++-------- .../caddyhttp/reverseproxy/fastcgi/client.go | 35 ++++++++- .../caddyhttp/reverseproxy/fastcgi/fastcgi.go | 46 +++++++++-- 3 files changed, 116 insertions(+), 41 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go b/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go index 96b84f21..a9e6b220 100644 --- a/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go @@ -35,16 +35,16 @@ func init() { // UnmarshalCaddyfile deserializes Caddyfile tokens into h. // -// transport fastcgi { -// root -// split -// env -// resolve_root_symlink -// dial_timeout -// read_timeout -// write_timeout -// } -// +// transport fastcgi { +// root +// split +// env +// resolve_root_symlink +// dial_timeout +// read_timeout +// write_timeout +// capture_stderr +// } func (t *Transport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { for d.Next() { for d.NextBlock(0) { @@ -107,6 +107,12 @@ func (t *Transport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { } t.WriteTimeout = caddy.Duration(dur) + case "capture_stderr": + if d.NextArg() { + return d.ArgErr() + } + t.CaptureStderr = true + default: return d.Errf("unrecognized subdirective %s", d.Val()) } @@ -120,31 +126,31 @@ func (t *Transport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { // Unmarshaler is invoked by this function) but the resulting proxy is specially // configured for most™️ PHP apps over FastCGI. A line such as this: // -// php_fastcgi localhost:7777 +// php_fastcgi localhost:7777 // // is equivalent to a route consisting of: // -// # Add trailing slash for directory requests -// @canonicalPath { -// file {path}/index.php -// not path */ -// } -// redir @canonicalPath {path}/ 308 +// # Add trailing slash for directory requests +// @canonicalPath { +// file {path}/index.php +// not path */ +// } +// redir @canonicalPath {path}/ 308 // -// # If the requested file does not exist, try index files -// @indexFiles file { -// try_files {path} {path}/index.php index.php -// split_path .php -// } -// rewrite @indexFiles {http.matchers.file.relative} +// # If the requested file does not exist, try index files +// @indexFiles file { +// try_files {path} {path}/index.php index.php +// split_path .php +// } +// rewrite @indexFiles {http.matchers.file.relative} // -// # Proxy PHP files to the FastCGI responder -// @phpFiles path *.php -// reverse_proxy @phpFiles localhost:7777 { -// transport fastcgi { -// split .php -// } -// } +// # Proxy PHP files to the FastCGI responder +// @phpFiles path *.php +// reverse_proxy @phpFiles localhost:7777 { +// transport fastcgi { +// split .php +// } +// } // // Thus, this directive produces multiple handlers, each with a different // matcher because multiple consecutive handlers are necessary to support @@ -154,7 +160,7 @@ func (t *Transport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { // // If a matcher is specified by the user, for example: // -// php_fastcgi /subpath localhost:7777 +// php_fastcgi /subpath localhost:7777 // // then the resulting handlers are wrapped in a subroute that uses the // user's matcher as a prerequisite to enter the subroute. In other @@ -303,6 +309,14 @@ func parsePHPFastCGI(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error fcgiTransport.WriteTimeout = caddy.Duration(dur) dispenser.Delete() dispenser.Delete() + + case "capture_stderr": + args := dispenser.RemainingArgs() + dispenser.Delete() + for range args { + dispenser.Delete() + } + fcgiTransport.CaptureStderr = true } } } diff --git a/modules/caddyhttp/reverseproxy/fastcgi/client.go b/modules/caddyhttp/reverseproxy/fastcgi/client.go index 0fdcbfee..bccb49ce 100644 --- a/modules/caddyhttp/reverseproxy/fastcgi/client.go +++ b/modules/caddyhttp/reverseproxy/fastcgi/client.go @@ -42,6 +42,8 @@ import ( "strings" "sync" "time" + + "go.uber.org/zap" ) // FCGIListenSockFileno describes listen socket file number. @@ -180,6 +182,7 @@ type FCGIClient struct { stderr bytes.Buffer keepAlive bool reqID uint16 + logger *zap.Logger } // DialWithDialerContext connects to the fcgi responder at the specified network address, using custom net.Dialer @@ -339,7 +342,6 @@ type streamReader struct { } func (w *streamReader) Read(p []byte) (n int, err error) { - if len(p) > 0 { if len(w.buf) == 0 { @@ -400,9 +402,24 @@ func (c *FCGIClient) Do(p map[string]string, req io.Reader) (r io.Reader, err er type clientCloser struct { *FCGIClient io.Reader + + status int + logger *zap.Logger } -func (f clientCloser) Close() error { return f.rwc.Close() } +func (f clientCloser) Close() error { + stderr := f.FCGIClient.stderr.Bytes() + if len(stderr) == 0 { + return f.FCGIClient.rwc.Close() + } + + if f.status >= 400 { + f.logger.Error("stderr", zap.ByteString("body", stderr)) + } else { + f.logger.Warn("stderr", zap.ByteString("body", stderr)) + } + return f.FCGIClient.rwc.Close() +} // Request returns a HTTP Response with Header and Body // from fcgi responder @@ -442,9 +459,19 @@ func (c *FCGIClient) Request(p map[string]string, req io.Reader) (resp *http.Res resp.ContentLength, _ = strconv.ParseInt(resp.Header.Get("Content-Length"), 10, 64) if chunked(resp.TransferEncoding) { - resp.Body = clientCloser{c, httputil.NewChunkedReader(rb)} + resp.Body = clientCloser{ + FCGIClient: c, + Reader: httputil.NewChunkedReader(rb), + status: resp.StatusCode, + logger: c.logger, + } } else { - resp.Body = clientCloser{c, io.NopCloser(rb)} + resp.Body = clientCloser{ + FCGIClient: c, + Reader: rb, + status: resp.StatusCode, + logger: c.logger, + } } return } diff --git a/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go b/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go index 313f4ebd..a9f8be13 100644 --- a/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go +++ b/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go @@ -34,6 +34,8 @@ import ( "github.com/caddyserver/caddy/v2" ) +var noopLogger = zap.NewNop() + func init() { caddy.RegisterModule(Transport{}) } @@ -74,6 +76,11 @@ type Transport struct { // The duration used to set a deadline when sending to the FastCGI server. WriteTimeout caddy.Duration `json:"write_timeout,omitempty"` + // Capture and log any messages sent by the upstream on stderr. Logs at WARN + // level by default. If the response has a 4xx or 5xx status ERROR level will + // be used instead. + CaptureStderr bool `json:"capture_stderr,omitempty"` + serverSoftware string logger *zap.Logger } @@ -108,6 +115,8 @@ func (t *Transport) Provision(ctx caddy.Context) error { // RoundTrip implements http.RoundTripper. func (t Transport) RoundTrip(r *http.Request) (*http.Response, error) { + server := r.Context().Value(caddyhttp.ServerCtxKey).(*caddyhttp.Server) + // Disallow null bytes in the request path, because // PHP upstreams may do bad things, like execute a // non-PHP file as PHP code. See #4574 @@ -135,10 +144,16 @@ func (t Transport) RoundTrip(r *http.Request) (*http.Response, error) { address = dialInfo.Address } + logCreds := server.Logs != nil && server.Logs.ShouldLogCredentials + loggableReq := caddyhttp.LoggableHTTPRequest{ + Request: r, + ShouldLogCredentials: logCreds, + } + loggableEnv := loggableEnv{vars: env, logCredentials: logCreds} t.logger.Debug("roundtrip", - zap.Object("request", caddyhttp.LoggableHTTPRequest{Request: r}), + zap.Object("request", loggableReq), zap.String("dial", address), - zap.Object("env", env), + zap.Object("env", loggableEnv), ) fcgiBackend, err := DialContext(ctx, network, address) @@ -146,6 +161,14 @@ func (t Transport) RoundTrip(r *http.Request) (*http.Response, error) { // TODO: wrap in a special error type if the dial failed, so retries can happen if enabled return nil, fmt.Errorf("dialing backend: %v", err) } + if t.CaptureStderr { + fcgiBackend.logger = t.logger.With( + zap.Object("request", loggableReq), + zap.Object("env", loggableEnv), + ) + } else { + fcgiBackend.logger = noopLogger + } // fcgiBackend gets closed when response body is closed (see clientCloser) // read/write timeouts @@ -364,11 +387,22 @@ func (t Transport) splitPos(path string) int { return -1 } -// envVars is a simple type to allow for speeding up zap log encoding. type envVars map[string]string -func (env envVars) MarshalLogObject(enc zapcore.ObjectEncoder) error { - for k, v := range env { +// loggableEnv is a simple type to allow for speeding up zap log encoding. +type loggableEnv struct { + vars envVars + logCredentials bool +} + +func (env loggableEnv) MarshalLogObject(enc zapcore.ObjectEncoder) error { + for k, v := range env.vars { + if !env.logCredentials { + switch strings.ToLower(k) { + case "http_cookie", "http_set_cookie", "http_authorization", "http_proxy_authorization": + v = "" + } + } enc.AddString(k, v) } return nil @@ -387,7 +421,7 @@ var headerNameReplacer = strings.NewReplacer(" ", "_", "-", "_") // Interface guards var ( - _ zapcore.ObjectMarshaler = (*envVars)(nil) + _ zapcore.ObjectMarshaler = (*loggableEnv)(nil) _ caddy.Provisioner = (*Transport)(nil) _ http.RoundTripper = (*Transport)(nil) From 66959d9f18768beb9531d51241978731bff8a305 Mon Sep 17 00:00:00 2001 From: Avdhut <32304774+Malankar@users.noreply.github.com> Date: Fri, 2 Sep 2022 09:37:52 +0530 Subject: [PATCH 0761/1498] templates: Document `httpError` function (#4972) * added the httpError function into the document * Update templates.go * Update templates.go * Fix gofmt Co-authored-by: Matt Holt --- modules/caddyhttp/templates/templates.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/modules/caddyhttp/templates/templates.go b/modules/caddyhttp/templates/templates.go index 40e5bbeb..29d16507 100644 --- a/modules/caddyhttp/templates/templates.go +++ b/modules/caddyhttp/templates/templates.go @@ -189,6 +189,14 @@ func init() { // {{.RespHeader.Set "Field-Name" "val"}} // ``` // +// ##### `httpError` +// +// Returns an error with the given status code to the HTTP handler chain. +// +// ``` +// {{if not (fileExists $includedFile)}}{{httpError 404}}{{end}} +// ``` +// // ##### `splitFrontMatter` // // Splits front matter out from the body. Front matter is metadata that appears at the very beginning of a file or string. Front matter can be in YAML, TOML, or JSON formats: From 59286d2c7ede928cc24916abdf6c0fb9ee12b826 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 2 Sep 2022 09:23:51 -0600 Subject: [PATCH 0762/1498] notify: Don't send ready after error (fix #5003) Also simplify the notify package quite a bit. Also move stop notification into better place. Add ability to send status or error. --- admin.go | 5 --- caddy.go | 26 +++++++++++--- notify/notify.go | 30 ----------------- notify/notify_linux.go | 73 ++++++++++++++++++++-------------------- notify/notify_other.go | 8 +++-- notify/notify_windows.go | 12 +++++-- 6 files changed, 71 insertions(+), 83 deletions(-) delete mode 100644 notify/notify.go diff --git a/admin.go b/admin.go index a9432bf5..36cc2f82 100644 --- a/admin.go +++ b/admin.go @@ -40,7 +40,6 @@ import ( "sync" "time" - "github.com/caddyserver/caddy/v2/notify" "github.com/caddyserver/certmagic" "github.com/prometheus/client_golang/prometheus" "go.uber.org/zap" @@ -1020,10 +1019,6 @@ func handleStop(w http.ResponseWriter, r *http.Request) error { } } - if err := notify.NotifyStopping(); err != nil { - Log().Error("unable to notify stopping to service manager", zap.Error(err)) - } - exitProcess(context.Background(), Log().Named("admin.api")) return nil } diff --git a/caddy.go b/caddy.go index 6964f77c..4a82d22c 100644 --- a/caddy.go +++ b/caddy.go @@ -102,20 +102,32 @@ func Run(cfg *Config) error { // if it is different from the current config or // forceReload is true. func Load(cfgJSON []byte, forceReload bool) error { - if err := notify.NotifyReloading(); err != nil { - Log().Error("unable to notify reloading to service manager", zap.Error(err)) + if err := notify.Reloading(); err != nil { + Log().Error("unable to notify service manager of reloading state", zap.Error(err)) } + // after reload, notify system of success or, if + // failure, update with status (error message) + var err error defer func() { - if err := notify.NotifyReadiness(); err != nil { - Log().Error("unable to notify readiness to service manager", zap.Error(err)) + if err != nil { + if notifyErr := notify.Error(err, 0); notifyErr != nil { + Log().Error("unable to notify to service manager of reload error", + zap.Error(err), + zap.String("reload_err", err.Error())) + } + return + } + if err := notify.Ready(); err != nil { + Log().Error("unable to notify to service manager of ready state", zap.Error(err)) } }() - err := changeConfig(http.MethodPost, "/"+rawConfigKey, cfgJSON, "", forceReload) + err = changeConfig(http.MethodPost, "/"+rawConfigKey, cfgJSON, "", forceReload) if errors.Is(err, errSameConfig) { err = nil // not really an error } + return err } @@ -664,6 +676,10 @@ func Validate(cfg *Config) error { // Errors are logged along the way, and an appropriate exit // code is emitted. func exitProcess(ctx context.Context, logger *zap.Logger) { + if err := notify.Stopping(); err != nil { + Log().Error("unable to notify service manager of stopping state", zap.Error(err)) + } + if logger == nil { logger = Log() } diff --git a/notify/notify.go b/notify/notify.go deleted file mode 100644 index bca80c1f..00000000 --- a/notify/notify.go +++ /dev/null @@ -1,30 +0,0 @@ -// Copyright 2015 Matthew Holt and The Caddy Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package notify - -// NotifyReadiness notifies process manager of readiness. -func NotifyReadiness() error { - return notifyReadiness() -} - -// NotifyReloading notifies process manager of reloading. -func NotifyReloading() error { - return notifyReloading() -} - -// NotifyStopping notifies process manager of stopping. -func NotifyStopping() error { - return notifyStopping() -} diff --git a/notify/notify_linux.go b/notify/notify_linux.go index 1e8da742..3457a5a6 100644 --- a/notify/notify_linux.go +++ b/notify/notify_linux.go @@ -17,7 +17,7 @@ package notify import ( - "io" + "fmt" "net" "os" "strings" @@ -26,9 +26,13 @@ import ( // The documentation about this IPC protocol is available here: // https://www.freedesktop.org/software/systemd/man/sd_notify.html -func sdNotify(path, payload string) error { +func sdNotify(payload string) error { + if socketPath == "" { + return nil + } + socketAddr := &net.UnixAddr{ - Name: path, + Name: socketPath, Net: "unixgram", } @@ -38,45 +42,40 @@ func sdNotify(path, payload string) error { } defer conn.Close() - if _, err := io.Copy(conn, strings.NewReader(payload)); err != nil { - return err - } - return nil + _, err = conn.Write([]byte(payload)) + return err } -// notifyReadiness notifies systemd that caddy has finished its +// Ready notifies systemd that caddy has finished its // initialization routines. -func notifyReadiness() error { - val, ok := os.LookupEnv("NOTIFY_SOCKET") - if !ok || val == "" { - return nil - } - if err := sdNotify(val, "READY=1"); err != nil { - return err - } - return nil +func Ready() error { + return sdNotify("READY=1") } -// notifyReloading notifies systemd that caddy is reloading its config. -func notifyReloading() error { - val, ok := os.LookupEnv("NOTIFY_SOCKET") - if !ok || val == "" { - return nil - } - if err := sdNotify(val, "RELOADING=1"); err != nil { - return err - } - return nil +// Reloading notifies systemd that caddy is reloading its config. +func Reloading() error { + return sdNotify("RELOADING=1") } -// notifyStopping notifies systemd that caddy is stopping. -func notifyStopping() error { - val, ok := os.LookupEnv("NOTIFY_SOCKET") - if !ok || val == "" { - return nil - } - if err := sdNotify(val, "STOPPING=1"); err != nil { - return err - } - return nil +// Stopping notifies systemd that caddy is stopping. +func Stopping() error { + return sdNotify("STOPPING=1") } + +// Status sends systemd an updated status message. +func Status(msg string) error { + return sdNotify("STATUS=" + msg) +} + +// Error is like Status, but sends systemd an error message +// instead, with an optional errno-style error number. +func Error(err error, errno int) error { + collapsedErr := strings.ReplaceAll(err.Error(), "\n", " ") + msg := fmt.Sprintf("STATUS=%s", collapsedErr) + if errno > 0 { + msg += fmt.Sprintf("\nERRNO=%d", errno) + } + return sdNotify(msg) +} + +var socketPath, _ = os.LookupEnv("NOTIFY_SOCKET") diff --git a/notify/notify_other.go b/notify/notify_other.go index 7fc618b7..dbe9bdb9 100644 --- a/notify/notify_other.go +++ b/notify/notify_other.go @@ -16,6 +16,8 @@ package notify -func notifyReadiness() error { return nil } -func notifyReloading() error { return nil } -func notifyStopping() error { return nil } +func Ready() error { return nil } +func Reloading() error { return nil } +func Stopping() error { return nil } +func Status(_ string) error { return nil } +func Error(_ error, _ int) error { return nil } diff --git a/notify/notify_windows.go b/notify/notify_windows.go index a551fc7e..5666a4c2 100644 --- a/notify/notify_windows.go +++ b/notify/notify_windows.go @@ -24,7 +24,7 @@ func SetGlobalStatus(status chan<- svc.Status) { globalStatus = status } -func notifyReadiness() error { +func Ready() error { if globalStatus != nil { globalStatus <- svc.Status{ State: svc.Running, @@ -34,16 +34,22 @@ func notifyReadiness() error { return nil } -func notifyReloading() error { +func Reloading() error { if globalStatus != nil { globalStatus <- svc.Status{State: svc.StartPending} } return nil } -func notifyStopping() error { +func Stopping() error { if globalStatus != nil { globalStatus <- svc.Status{State: svc.StopPending} } return nil } + +// TODO: not implemented +func Status(_ string) error { return nil } + +// TODO: not implemented +func Error(_ error, _ int) error { return nil } From 5c7ae5e5056086c2340e1179a065b332561f326a Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 2 Sep 2022 10:19:51 -0600 Subject: [PATCH 0763/1498] Minor fix of error log --- caddy.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/caddy.go b/caddy.go index 4a82d22c..26c149b9 100644 --- a/caddy.go +++ b/caddy.go @@ -113,7 +113,7 @@ func Load(cfgJSON []byte, forceReload bool) error { if err != nil { if notifyErr := notify.Error(err, 0); notifyErr != nil { Log().Error("unable to notify to service manager of reload error", - zap.Error(err), + zap.Error(notifyErr), zap.String("reload_err", err.Error())) } return From 6c0d0511ba07f607bfa58e07caff176296c61b53 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 2 Sep 2022 10:26:31 -0600 Subject: [PATCH 0764/1498] Update readme --- README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 0495ee3a..715eb135 100644 --- a/README.md +++ b/README.md @@ -57,19 +57,19 @@ - Multi-issuer fallback - **Stays up when other servers go down** due to TLS/OCSP/certificate-related issues - **Production-ready** after serving trillions of requests and managing millions of TLS certificates -- **Scales to tens of thousands of sites** ... and probably more -- **HTTP/1.1, HTTP/2, and experimental HTTP/3** support +- **Scales to hundreds of thousands of sites** as proven in production +- **HTTP/1.1, HTTP/2, and HTTP/3** supported all by default - **Highly extensible** [modular architecture](https://caddyserver.com/docs/architecture) lets Caddy do anything without bloat - **Runs anywhere** with **no external dependencies** (not even libc) - Written in Go, a language with higher **memory safety guarantees** than other servers - Actually **fun to use** -- So, so much more to [discover](https://caddyserver.com/v2) +- So much more to [discover](https://caddyserver.com/v2) ## Install -The simplest, cross-platform way is to download from [GitHub Releases](https://github.com/caddyserver/caddy/releases) and place the executable file in your PATH. +The simplest, cross-platform way to get started is to download Caddy from [GitHub Releases](https://github.com/caddyserver/caddy/releases) and place the executable file in your PATH. -For other install options, see https://caddyserver.com/docs/install. +See [our online documentation](https://caddyserver.com/docs/install) for other install instructions. ## Build from source @@ -164,9 +164,9 @@ The docs are also open source. You can contribute to them here: https://github.c ## Getting help -- We **strongly recommend** that all professionals or companies using Caddy get a support contract through [Ardan Labs](https://www.ardanlabs.com/my/contact-us?dd=caddy) before help is needed. +- We advise companies using Caddy to secure a support contract through [Ardan Labs](https://www.ardanlabs.com/my/contact-us?dd=caddy) before help is needed. -- A [sponsorship](https://github.com/sponsors/mholt) goes a long way! If Caddy is benefitting your company, please consider a sponsorship! This not only helps fund full-time work to ensure the longevity of the project, it's also a great look for your company to your customers and potential customers! +- A [sponsorship](https://github.com/sponsors/mholt) goes a long way! We can offer private help to sponsors. If Caddy is benefitting your company, please consider a sponsorship. This not only helps fund full-time work to ensure the longevity of the project, it provides your company the resources, support, and discounts you need; along with being a great look for your company to your customers and potential customers! - Individuals can exchange help for free on our community forum at https://caddy.community. Remember that people give help out of their spare time and good will. The best way to get help is to give it first! From 005c5a63823b19382aa918f1e1f3288e66446225 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 2 Sep 2022 13:04:31 -0600 Subject: [PATCH 0765/1498] Minor style adjustments for HTTP redir logging --- modules/caddyhttp/autohttps.go | 10 ++++++---- modules/caddyhttp/server.go | 13 +++++++------ 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/modules/caddyhttp/autohttps.go b/modules/caddyhttp/autohttps.go index 70f999b0..3d476cb1 100644 --- a/modules/caddyhttp/autohttps.go +++ b/modules/caddyhttp/autohttps.go @@ -93,8 +93,8 @@ func (app *App) automaticHTTPSPhase1(ctx caddy.Context, repl *caddy.Replacer) er // https://github.com/caddyserver/caddy/issues/3443) redirDomains := make(map[string][]caddy.NetworkAddress) - // the configured logger for an HTTPS enabled server - var logger *ServerLogConfig + // the log configuration for an HTTPS enabled server + var logCfg *ServerLogConfig for srvName, srv := range app.Servers { // as a prerequisite, provision route matchers; this is @@ -176,8 +176,10 @@ func (app *App) automaticHTTPSPhase1(ctx caddy.Context, repl *caddy.Replacer) er } // clone the logger so we can apply it to the HTTP server + // (not sure if necessary to clone it; but probably safer) + // (we choose one log cfg arbitrarily; not sure which is best) if srv.Logs != nil { - logger = srv.Logs.clone() + logCfg = srv.Logs.clone() } // for all the hostnames we found, filter them so we have @@ -408,7 +410,7 @@ redirServersLoop: app.Servers["remaining_auto_https_redirects"] = &Server{ Listen: redirServerAddrsList, Routes: appendCatchAll(redirRoutes), - Logs: logger, + Logs: logCfg, } } diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index 2dabf46c..1bba34ca 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -664,15 +664,16 @@ func (slc ServerLogConfig) getLoggerName(host string) string { } func (slc *ServerLogConfig) clone() *ServerLogConfig { - clone := &ServerLogConfig{} - clone.DefaultLoggerName = slc.DefaultLoggerName - clone.LoggerNames = make(map[string]string) + clone := &ServerLogConfig{ + DefaultLoggerName: slc.DefaultLoggerName, + LoggerNames: make(map[string]string), + SkipHosts: append([]string{}, slc.SkipHosts...), + SkipUnmappedHosts: slc.SkipUnmappedHosts, + ShouldLogCredentials: slc.ShouldLogCredentials, + } for k, v := range slc.LoggerNames { clone.LoggerNames[k] = v } - clone.SkipHosts = append(clone.SkipHosts, slc.SkipHosts...) - clone.SkipUnmappedHosts = slc.SkipUnmappedHosts - clone.ShouldLogCredentials = slc.ShouldLogCredentials return clone } From 83b26975bd9330c4cfc44d52b106da739240e72b Mon Sep 17 00:00:00 2001 From: WeidiDeng Date: Sat, 3 Sep 2022 06:57:55 +0800 Subject: [PATCH 0766/1498] fastcgi: Optimize FastCGI transport (#4978) * break up code and use lazy reading and pool bufio.Writer * close underlying connection when operation failed * allocate bufWriter and streamWriter only once * refactor record writing * rebase from master * handle err * Fix type assertion Also reduce some duplication * Refactor client and clientCloser for logging Should reduce allocations * Minor cosmetic adjustments; apply Apache license * Appease the linter Co-authored-by: Matthew Holt --- .../caddyhttp/reverseproxy/fastcgi/client.go | 347 +++--------------- .../reverseproxy/fastcgi/client_test.go | 6 +- .../caddyhttp/reverseproxy/fastcgi/fastcgi.go | 57 +-- .../caddyhttp/reverseproxy/fastcgi/header.go | 32 ++ .../caddyhttp/reverseproxy/fastcgi/pool.go | 26 ++ .../caddyhttp/reverseproxy/fastcgi/reader.go | 44 +++ .../caddyhttp/reverseproxy/fastcgi/record.go | 58 +++ .../caddyhttp/reverseproxy/fastcgi/writer.go | 145 ++++++++ 8 files changed, 400 insertions(+), 315 deletions(-) create mode 100644 modules/caddyhttp/reverseproxy/fastcgi/header.go create mode 100644 modules/caddyhttp/reverseproxy/fastcgi/pool.go create mode 100644 modules/caddyhttp/reverseproxy/fastcgi/reader.go create mode 100644 modules/caddyhttp/reverseproxy/fastcgi/record.go create mode 100644 modules/caddyhttp/reverseproxy/fastcgi/writer.go diff --git a/modules/caddyhttp/reverseproxy/fastcgi/client.go b/modules/caddyhttp/reverseproxy/fastcgi/client.go index bccb49ce..ae36dd8b 100644 --- a/modules/caddyhttp/reverseproxy/fastcgi/client.go +++ b/modules/caddyhttp/reverseproxy/fastcgi/client.go @@ -26,9 +26,6 @@ package fastcgi import ( "bufio" "bytes" - "context" - "encoding/binary" - "errors" "io" "mime/multipart" "net" @@ -40,7 +37,6 @@ import ( "path/filepath" "strconv" "strings" - "sync" "time" "go.uber.org/zap" @@ -122,285 +118,60 @@ const ( maxPad = 255 ) -type header struct { - Version uint8 - Type uint8 - ID uint16 - ContentLength uint16 - PaddingLength uint8 - Reserved uint8 -} - // for padding so we don't have to allocate all the time // not synchronized because we don't care what the contents are var pad [maxPad]byte -func (h *header) init(recType uint8, reqID uint16, contentLength int) { - h.Version = 1 - h.Type = recType - h.ID = reqID - h.ContentLength = uint16(contentLength) - h.PaddingLength = uint8(-contentLength & 7) -} - -type record struct { - h header - rbuf []byte -} - -func (rec *record) read(r io.Reader) (buf []byte, err error) { - if err = binary.Read(r, binary.BigEndian, &rec.h); err != nil { - return - } - if rec.h.Version != 1 { - err = errors.New("fcgi: invalid header version") - return - } - if rec.h.Type == EndRequest { - err = io.EOF - return - } - n := int(rec.h.ContentLength) + int(rec.h.PaddingLength) - if len(rec.rbuf) < n { - rec.rbuf = make([]byte, n) - } - if _, err = io.ReadFull(r, rec.rbuf[:n]); err != nil { - return - } - buf = rec.rbuf[:int(rec.h.ContentLength)] - - return -} - -// FCGIClient implements a FastCGI client, which is a standard for +// client implements a FastCGI client, which is a standard for // interfacing external applications with Web servers. -type FCGIClient struct { - mutex sync.Mutex - rwc io.ReadWriteCloser - h header - buf bytes.Buffer - stderr bytes.Buffer - keepAlive bool - reqID uint16 - logger *zap.Logger -} - -// DialWithDialerContext connects to the fcgi responder at the specified network address, using custom net.Dialer -// and a context. -// See func net.Dial for a description of the network and address parameters. -func DialWithDialerContext(ctx context.Context, network, address string, dialer net.Dialer) (fcgi *FCGIClient, err error) { - var conn net.Conn - conn, err = dialer.DialContext(ctx, network, address) - if err != nil { - return - } - - fcgi = &FCGIClient{ - rwc: conn, - keepAlive: false, - reqID: 1, - } - - return -} - -// DialContext is like Dial but passes ctx to dialer.Dial. -func DialContext(ctx context.Context, network, address string) (fcgi *FCGIClient, err error) { - // TODO: why not set timeout here? - return DialWithDialerContext(ctx, network, address, net.Dialer{}) -} - -// Dial connects to the fcgi responder at the specified network address, using default net.Dialer. -// See func net.Dial for a description of the network and address parameters. -func Dial(network, address string) (fcgi *FCGIClient, err error) { - return DialContext(context.Background(), network, address) -} - -// Close closes fcgi connection -func (c *FCGIClient) Close() { - c.rwc.Close() -} - -func (c *FCGIClient) writeRecord(recType uint8, content []byte) (err error) { - c.mutex.Lock() - defer c.mutex.Unlock() - c.buf.Reset() - c.h.init(recType, c.reqID, len(content)) - if err := binary.Write(&c.buf, binary.BigEndian, c.h); err != nil { - return err - } - if _, err := c.buf.Write(content); err != nil { - return err - } - if _, err := c.buf.Write(pad[:c.h.PaddingLength]); err != nil { - return err - } - _, err = c.rwc.Write(c.buf.Bytes()) - return err -} - -func (c *FCGIClient) writeBeginRequest(role uint16, flags uint8) error { - b := [8]byte{byte(role >> 8), byte(role), flags} - return c.writeRecord(BeginRequest, b[:]) -} - -func (c *FCGIClient) writePairs(recType uint8, pairs map[string]string) error { - w := newWriter(c, recType) - b := make([]byte, 8) - nn := 0 - for k, v := range pairs { - m := 8 + len(k) + len(v) - if m > maxWrite { - // param data size exceed 65535 bytes" - vl := maxWrite - 8 - len(k) - v = v[:vl] - } - n := encodeSize(b, uint32(len(k))) - n += encodeSize(b[n:], uint32(len(v))) - m = n + len(k) + len(v) - if (nn + m) > maxWrite { - w.Flush() - nn = 0 - } - nn += m - if _, err := w.Write(b[:n]); err != nil { - return err - } - if _, err := w.WriteString(k); err != nil { - return err - } - if _, err := w.WriteString(v); err != nil { - return err - } - } - w.Close() - return nil -} - -func encodeSize(b []byte, size uint32) int { - if size > 127 { - size |= 1 << 31 - binary.BigEndian.PutUint32(b, size) - return 4 - } - b[0] = byte(size) - return 1 -} - -// bufWriter encapsulates bufio.Writer but also closes the underlying stream when -// Closed. -type bufWriter struct { - closer io.Closer - *bufio.Writer -} - -func (w *bufWriter) Close() error { - if err := w.Writer.Flush(); err != nil { - w.closer.Close() - return err - } - return w.closer.Close() -} - -func newWriter(c *FCGIClient, recType uint8) *bufWriter { - s := &streamWriter{c: c, recType: recType} - w := bufio.NewWriterSize(s, maxWrite) - return &bufWriter{s, w} -} - -// streamWriter abstracts out the separation of a stream into discrete records. -// It only writes maxWrite bytes at a time. -type streamWriter struct { - c *FCGIClient - recType uint8 -} - -func (w *streamWriter) Write(p []byte) (int, error) { - nn := 0 - for len(p) > 0 { - n := len(p) - if n > maxWrite { - n = maxWrite - } - if err := w.c.writeRecord(w.recType, p[:n]); err != nil { - return nn, err - } - nn += n - p = p[n:] - } - return nn, nil -} - -func (w *streamWriter) Close() error { - // send empty record to close the stream - return w.c.writeRecord(w.recType, nil) -} - -type streamReader struct { - c *FCGIClient - buf []byte -} - -func (w *streamReader) Read(p []byte) (n int, err error) { - if len(p) > 0 { - if len(w.buf) == 0 { - - // filter outputs for error log - for { - rec := &record{} - var buf []byte - buf, err = rec.read(w.c.rwc) - if err != nil { - return - } - // standard error output - if rec.h.Type == Stderr { - w.c.stderr.Write(buf) - continue - } - w.buf = buf - break - } - } - - n = len(p) - if n > len(w.buf) { - n = len(w.buf) - } - copy(p, w.buf[:n]) - w.buf = w.buf[n:] - } - - return +type client struct { + rwc net.Conn + // keepAlive bool // TODO: implement + reqID uint16 + stderr bool + logger *zap.Logger } // Do made the request and returns a io.Reader that translates the data read // from fcgi responder out of fcgi packet before returning it. -func (c *FCGIClient) Do(p map[string]string, req io.Reader) (r io.Reader, err error) { - err = c.writeBeginRequest(uint16(Responder), 0) +func (c *client) Do(p map[string]string, req io.Reader) (r io.Reader, err error) { + writer := &streamWriter{c: c} + writer.buf = bufPool.Get().(*bytes.Buffer) + writer.buf.Reset() + defer bufPool.Put(writer.buf) + + err = writer.writeBeginRequest(uint16(Responder), 0) if err != nil { return } - err = c.writePairs(Params, p) + writer.recType = Params + err = writer.writePairs(p) if err != nil { return } - body := newWriter(c, Stdin) + writer.recType = Stdin if req != nil { - _, _ = io.Copy(body, req) + _, err = io.Copy(writer, req) + if err != nil { + return nil, err + } + } + err = writer.FlushStream() + if err != nil { + return nil, err } - body.Close() r = &streamReader{c: c} return } // clientCloser is a io.ReadCloser. It wraps a io.Reader with a Closer -// that closes FCGIClient connection. +// that closes the client connection. type clientCloser struct { - *FCGIClient + rwc net.Conn + r *streamReader io.Reader status int @@ -408,9 +179,9 @@ type clientCloser struct { } func (f clientCloser) Close() error { - stderr := f.FCGIClient.stderr.Bytes() + stderr := f.r.stderr.Bytes() if len(stderr) == 0 { - return f.FCGIClient.rwc.Close() + return f.rwc.Close() } if f.status >= 400 { @@ -418,12 +189,13 @@ func (f clientCloser) Close() error { } else { f.logger.Warn("stderr", zap.ByteString("body", stderr)) } - return f.FCGIClient.rwc.Close() + + return f.rwc.Close() } // Request returns a HTTP Response with Header and Body // from fcgi responder -func (c *FCGIClient) Request(p map[string]string, req io.Reader) (resp *http.Response, err error) { +func (c *client) Request(p map[string]string, req io.Reader) (resp *http.Response, err error) { r, err := c.Do(p, req) if err != nil { return @@ -458,26 +230,27 @@ func (c *FCGIClient) Request(p map[string]string, req io.Reader) (resp *http.Res resp.TransferEncoding = resp.Header["Transfer-Encoding"] resp.ContentLength, _ = strconv.ParseInt(resp.Header.Get("Content-Length"), 10, 64) - if chunked(resp.TransferEncoding) { - resp.Body = clientCloser{ - FCGIClient: c, - Reader: httputil.NewChunkedReader(rb), - status: resp.StatusCode, - logger: c.logger, - } - } else { - resp.Body = clientCloser{ - FCGIClient: c, - Reader: rb, - status: resp.StatusCode, - logger: c.logger, - } + // wrap the response body in our closer + closer := clientCloser{ + rwc: c.rwc, + r: r.(*streamReader), + Reader: rb, + status: resp.StatusCode, + logger: noopLogger, } + if chunked(resp.TransferEncoding) { + closer.Reader = httputil.NewChunkedReader(rb) + } + if c.stderr { + closer.logger = c.logger + } + resp.Body = closer + return } // Get issues a GET request to the fcgi responder. -func (c *FCGIClient) Get(p map[string]string, body io.Reader, l int64) (resp *http.Response, err error) { +func (c *client) Get(p map[string]string, body io.Reader, l int64) (resp *http.Response, err error) { p["REQUEST_METHOD"] = "GET" p["CONTENT_LENGTH"] = strconv.FormatInt(l, 10) @@ -486,7 +259,7 @@ func (c *FCGIClient) Get(p map[string]string, body io.Reader, l int64) (resp *ht } // Head issues a HEAD request to the fcgi responder. -func (c *FCGIClient) Head(p map[string]string) (resp *http.Response, err error) { +func (c *client) Head(p map[string]string) (resp *http.Response, err error) { p["REQUEST_METHOD"] = "HEAD" p["CONTENT_LENGTH"] = "0" @@ -495,7 +268,7 @@ func (c *FCGIClient) Head(p map[string]string) (resp *http.Response, err error) } // Options issues an OPTIONS request to the fcgi responder. -func (c *FCGIClient) Options(p map[string]string) (resp *http.Response, err error) { +func (c *client) Options(p map[string]string) (resp *http.Response, err error) { p["REQUEST_METHOD"] = "OPTIONS" p["CONTENT_LENGTH"] = "0" @@ -505,7 +278,7 @@ func (c *FCGIClient) Options(p map[string]string) (resp *http.Response, err erro // Post issues a POST request to the fcgi responder. with request body // in the format that bodyType specified -func (c *FCGIClient) Post(p map[string]string, method string, bodyType string, body io.Reader, l int64) (resp *http.Response, err error) { +func (c *client) Post(p map[string]string, method string, bodyType string, body io.Reader, l int64) (resp *http.Response, err error) { if p == nil { p = make(map[string]string) } @@ -528,7 +301,7 @@ func (c *FCGIClient) Post(p map[string]string, method string, bodyType string, b // PostForm issues a POST to the fcgi responder, with form // as a string key to a list values (url.Values) -func (c *FCGIClient) PostForm(p map[string]string, data url.Values) (resp *http.Response, err error) { +func (c *client) PostForm(p map[string]string, data url.Values) (resp *http.Response, err error) { body := bytes.NewReader([]byte(data.Encode())) return c.Post(p, "POST", "application/x-www-form-urlencoded", body, int64(body.Len())) } @@ -536,7 +309,7 @@ func (c *FCGIClient) PostForm(p map[string]string, data url.Values) (resp *http. // PostFile issues a POST to the fcgi responder in multipart(RFC 2046) standard, // with form as a string key to a list values (url.Values), // and/or with file as a string key to a list file path. -func (c *FCGIClient) PostFile(p map[string]string, data url.Values, file map[string]string) (resp *http.Response, err error) { +func (c *client) PostFile(p map[string]string, data url.Values, file map[string]string) (resp *http.Response, err error) { buf := &bytes.Buffer{} writer := multipart.NewWriter(buf) bodyType := writer.FormDataContentType() @@ -577,18 +350,18 @@ func (c *FCGIClient) PostFile(p map[string]string, data url.Values, file map[str // SetReadTimeout sets the read timeout for future calls that read from the // fcgi responder. A zero value for t means no timeout will be set. -func (c *FCGIClient) SetReadTimeout(t time.Duration) error { - if conn, ok := c.rwc.(net.Conn); ok && t != 0 { - return conn.SetReadDeadline(time.Now().Add(t)) +func (c *client) SetReadTimeout(t time.Duration) error { + if t != 0 { + return c.rwc.SetReadDeadline(time.Now().Add(t)) } return nil } // SetWriteTimeout sets the write timeout for future calls that send data to // the fcgi responder. A zero value for t means no timeout will be set. -func (c *FCGIClient) SetWriteTimeout(t time.Duration) error { - if conn, ok := c.rwc.(net.Conn); ok && t != 0 { - return conn.SetWriteDeadline(time.Now().Add(t)) +func (c *client) SetWriteTimeout(t time.Duration) error { + if t != 0 { + return c.rwc.SetWriteDeadline(time.Now().Add(t)) } return nil } diff --git a/modules/caddyhttp/reverseproxy/fastcgi/client_test.go b/modules/caddyhttp/reverseproxy/fastcgi/client_test.go index ef3474d4..78e5713a 100644 --- a/modules/caddyhttp/reverseproxy/fastcgi/client_test.go +++ b/modules/caddyhttp/reverseproxy/fastcgi/client_test.go @@ -118,12 +118,14 @@ func (s FastCGIServer) ServeHTTP(resp http.ResponseWriter, req *http.Request) { } func sendFcgi(reqType int, fcgiParams map[string]string, data []byte, posts map[string]string, files map[string]string) (content []byte) { - fcgi, err := Dial("tcp", ipPort) + conn, err := net.Dial("tcp", ipPort) if err != nil { log.Println("err:", err) return } + fcgi := client{rwc: conn, reqID: 1} + length := 0 var resp *http.Response @@ -168,7 +170,7 @@ func sendFcgi(reqType int, fcgiParams map[string]string, data []byte, posts map[ content, _ = io.ReadAll(resp.Body) log.Println("c: send data length ≈", length, string(content)) - fcgi.Close() + conn.Close() time.Sleep(1 * time.Second) if bytes.Contains(content, []byte("FAILED")) { diff --git a/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go b/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go index a9f8be13..6ff6ff4a 100644 --- a/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go +++ b/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go @@ -15,7 +15,6 @@ package fastcgi import ( - "context" "crypto/tls" "fmt" "net" @@ -129,13 +128,7 @@ func (t Transport) RoundTrip(r *http.Request) (*http.Response, error) { return nil, fmt.Errorf("building environment: %v", err) } - // TODO: doesn't dialer have a Timeout field? ctx := r.Context() - if t.DialTimeout > 0 { - var cancel context.CancelFunc - ctx, cancel = context.WithTimeout(ctx, time.Duration(t.DialTimeout)) - defer cancel() - } // extract dial information from request (should have been embedded by the reverse proxy) network, address := "tcp", r.URL.Host @@ -150,32 +143,41 @@ func (t Transport) RoundTrip(r *http.Request) (*http.Response, error) { ShouldLogCredentials: logCreds, } loggableEnv := loggableEnv{vars: env, logCredentials: logCreds} - t.logger.Debug("roundtrip", + + logger := t.logger.With( zap.Object("request", loggableReq), - zap.String("dial", address), zap.Object("env", loggableEnv), ) + logger.Debug("roundtrip", + zap.String("dial", address), + zap.Object("env", loggableEnv), + zap.Object("request", loggableReq)) - fcgiBackend, err := DialContext(ctx, network, address) + // connect to the backend + dialer := net.Dialer{Timeout: time.Duration(t.DialTimeout)} + conn, err := dialer.DialContext(ctx, network, address) if err != nil { - // TODO: wrap in a special error type if the dial failed, so retries can happen if enabled return nil, fmt.Errorf("dialing backend: %v", err) } - if t.CaptureStderr { - fcgiBackend.logger = t.logger.With( - zap.Object("request", loggableReq), - zap.Object("env", loggableEnv), - ) - } else { - fcgiBackend.logger = noopLogger + defer func() { + // conn will be closed with the response body unless there's an error + if err != nil { + conn.Close() + } + }() + + // create the client that will facilitate the protocol + client := client{ + rwc: conn, + reqID: 1, + logger: logger, } - // fcgiBackend gets closed when response body is closed (see clientCloser) // read/write timeouts - if err := fcgiBackend.SetReadTimeout(time.Duration(t.ReadTimeout)); err != nil { + if err = client.SetReadTimeout(time.Duration(t.ReadTimeout)); err != nil { return nil, fmt.Errorf("setting read timeout: %v", err) } - if err := fcgiBackend.SetWriteTimeout(time.Duration(t.WriteTimeout)); err != nil { + if err = client.SetWriteTimeout(time.Duration(t.WriteTimeout)); err != nil { return nil, fmt.Errorf("setting write timeout: %v", err) } @@ -187,16 +189,19 @@ func (t Transport) RoundTrip(r *http.Request) (*http.Response, error) { var resp *http.Response switch r.Method { case http.MethodHead: - resp, err = fcgiBackend.Head(env) + resp, err = client.Head(env) case http.MethodGet: - resp, err = fcgiBackend.Get(env, r.Body, contentLength) + resp, err = client.Get(env, r.Body, contentLength) case http.MethodOptions: - resp, err = fcgiBackend.Options(env) + resp, err = client.Options(env) default: - resp, err = fcgiBackend.Post(env, r.Method, r.Header.Get("Content-Type"), r.Body, contentLength) + resp, err = client.Post(env, r.Method, r.Header.Get("Content-Type"), r.Body, contentLength) + } + if err != nil { + return nil, err } - return resp, err + return resp, nil } // buildEnv returns a set of CGI environment variables for the request. diff --git a/modules/caddyhttp/reverseproxy/fastcgi/header.go b/modules/caddyhttp/reverseproxy/fastcgi/header.go new file mode 100644 index 00000000..59dce715 --- /dev/null +++ b/modules/caddyhttp/reverseproxy/fastcgi/header.go @@ -0,0 +1,32 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package fastcgi + +type header struct { + Version uint8 + Type uint8 + ID uint16 + ContentLength uint16 + PaddingLength uint8 + Reserved uint8 +} + +func (h *header) init(recType uint8, reqID uint16, contentLength int) { + h.Version = 1 + h.Type = recType + h.ID = reqID + h.ContentLength = uint16(contentLength) + h.PaddingLength = uint8(-contentLength & 7) +} diff --git a/modules/caddyhttp/reverseproxy/fastcgi/pool.go b/modules/caddyhttp/reverseproxy/fastcgi/pool.go new file mode 100644 index 00000000..29017f11 --- /dev/null +++ b/modules/caddyhttp/reverseproxy/fastcgi/pool.go @@ -0,0 +1,26 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package fastcgi + +import ( + "bytes" + "sync" +) + +var bufPool = sync.Pool{ + New: func() any { + return new(bytes.Buffer) + }, +} diff --git a/modules/caddyhttp/reverseproxy/fastcgi/reader.go b/modules/caddyhttp/reverseproxy/fastcgi/reader.go new file mode 100644 index 00000000..3a8e91de --- /dev/null +++ b/modules/caddyhttp/reverseproxy/fastcgi/reader.go @@ -0,0 +1,44 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package fastcgi + +import ( + "bytes" + "io" +) + +type streamReader struct { + c *client + rec record + stderr bytes.Buffer +} + +func (w *streamReader) Read(p []byte) (n int, err error) { + for !w.rec.hasMore() { + err = w.rec.fill(w.c.rwc) + if err != nil { + return 0, err + } + + // standard error output + if w.rec.h.Type == Stderr { + if _, err = io.Copy(&w.stderr, &w.rec); err != nil { + return 0, err + } + } + } + + return w.rec.Read(p) +} diff --git a/modules/caddyhttp/reverseproxy/fastcgi/record.go b/modules/caddyhttp/reverseproxy/fastcgi/record.go new file mode 100644 index 00000000..46c1f17b --- /dev/null +++ b/modules/caddyhttp/reverseproxy/fastcgi/record.go @@ -0,0 +1,58 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package fastcgi + +import ( + "encoding/binary" + "errors" + "io" +) + +type record struct { + h header + lr io.LimitedReader + padding int64 +} + +func (rec *record) fill(r io.Reader) (err error) { + rec.lr.N = rec.padding + rec.lr.R = r + if _, err = io.Copy(io.Discard, rec); err != nil { + return + } + + if err = binary.Read(r, binary.BigEndian, &rec.h); err != nil { + return + } + if rec.h.Version != 1 { + err = errors.New("fcgi: invalid header version") + return + } + if rec.h.Type == EndRequest { + err = io.EOF + return + } + rec.lr.N = int64(rec.h.ContentLength) + rec.padding = int64(rec.h.PaddingLength) + return +} + +func (rec *record) Read(p []byte) (n int, err error) { + return rec.lr.Read(p) +} + +func (rec *record) hasMore() bool { + return rec.lr.N > 0 +} diff --git a/modules/caddyhttp/reverseproxy/fastcgi/writer.go b/modules/caddyhttp/reverseproxy/fastcgi/writer.go new file mode 100644 index 00000000..3af00d9a --- /dev/null +++ b/modules/caddyhttp/reverseproxy/fastcgi/writer.go @@ -0,0 +1,145 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package fastcgi + +import ( + "bytes" + "encoding/binary" +) + +// streamWriter abstracts out the separation of a stream into discrete records. +// It only writes maxWrite bytes at a time. +type streamWriter struct { + c *client + h header + buf *bytes.Buffer + recType uint8 +} + +func (w *streamWriter) writeRecord(recType uint8, content []byte) (err error) { + w.h.init(recType, w.c.reqID, len(content)) + w.buf.Write(pad[:8]) + w.writeHeader() + w.buf.Write(content) + w.buf.Write(pad[:w.h.PaddingLength]) + _, err = w.buf.WriteTo(w.c.rwc) + return err +} + +func (w *streamWriter) writeBeginRequest(role uint16, flags uint8) error { + b := [8]byte{byte(role >> 8), byte(role), flags} + return w.writeRecord(BeginRequest, b[:]) +} + +func (w *streamWriter) Write(p []byte) (int, error) { + // init header + if w.buf.Len() < 8 { + w.buf.Write(pad[:8]) + } + + nn := 0 + for len(p) > 0 { + n := len(p) + nl := maxWrite + 8 - w.buf.Len() + if n > nl { + n = nl + w.buf.Write(p[:n]) + if err := w.Flush(); err != nil { + return nn, err + } + // reset headers + w.buf.Write(pad[:8]) + } else { + w.buf.Write(p[:n]) + } + nn += n + p = p[n:] + } + return nn, nil +} + +func (w *streamWriter) endStream() error { + // send empty record to close the stream + return w.writeRecord(w.recType, nil) +} + +func (w *streamWriter) writePairs(pairs map[string]string) error { + b := make([]byte, 8) + nn := 0 + // init headers + w.buf.Write(b) + for k, v := range pairs { + m := 8 + len(k) + len(v) + if m > maxWrite { + // param data size exceed 65535 bytes" + vl := maxWrite - 8 - len(k) + v = v[:vl] + } + n := encodeSize(b, uint32(len(k))) + n += encodeSize(b[n:], uint32(len(v))) + m = n + len(k) + len(v) + if (nn + m) > maxWrite { + if err := w.Flush(); err != nil { + return err + } + // reset headers + w.buf.Write(b) + nn = 0 + } + nn += m + w.buf.Write(b[:n]) + w.buf.WriteString(k) + w.buf.WriteString(v) + } + return w.FlushStream() +} + +func encodeSize(b []byte, size uint32) int { + if size > 127 { + size |= 1 << 31 + binary.BigEndian.PutUint32(b, size) + return 4 + } + b[0] = byte(size) + return 1 +} + +// writeHeader populate header wire data in buf, it abuses buffer.Bytes() modification +func (w *streamWriter) writeHeader() { + h := w.buf.Bytes()[:8] + h[0] = w.h.Version + h[1] = w.h.Type + binary.BigEndian.PutUint16(h[2:4], w.h.ID) + binary.BigEndian.PutUint16(h[4:6], w.h.ContentLength) + h[6] = w.h.PaddingLength + h[7] = w.h.Reserved +} + +// Flush write buffer data to the underlying connection, it assumes header data is the first 8 bytes of buf +func (w *streamWriter) Flush() error { + w.h.init(w.recType, w.c.reqID, w.buf.Len()-8) + w.writeHeader() + w.buf.Write(pad[:w.h.PaddingLength]) + _, err := w.buf.WriteTo(w.c.rwc) + return err +} + +// FlushStream flush data then end current stream +func (w *streamWriter) FlushStream() error { + if err := w.Flush(); err != nil { + return err + } + return w.endStream() +} From d3c3fa10bd72029720969cff0c29e2b79a1b2cdf Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Fri, 2 Sep 2022 16:59:11 -0600 Subject: [PATCH 0767/1498] core: Refactor listeners; use SO_REUSEPORT on Unix (#4705) * core: Refactor listeners; use SO_REUSEPORT on Unix Just an experiment for now * Fix lint by logging error * TCP Keepalive configuration (#4865) * initial attempt at TCP Keepalive configuration * core: implement tcp-keepalive for linux * move canSetKeepAlive interface * Godoc for keepalive server parameter * handle return values * log keepalive errors * Clean up after bad merge * Merge in pluggable network types From 1edc1a45e3aee1f7d86b68c3ddaf2fd16ba8ab73 * Slight refactor, fix from recent merge conflict Co-authored-by: Karmanyaah Malhotra --- caddyconfig/httpcaddyfile/serveroptions.go | 11 ++ listen.go | 172 +++++++++++++++++++++ listen_linux.go | 34 ++++ listeners.go | 148 ++---------------- modules/caddyhttp/app.go | 2 +- modules/caddyhttp/server.go | 5 + 6 files changed, 234 insertions(+), 138 deletions(-) create mode 100644 listen.go create mode 100644 listen_linux.go diff --git a/caddyconfig/httpcaddyfile/serveroptions.go b/caddyconfig/httpcaddyfile/serveroptions.go index 6764f1a1..f3e3d73f 100644 --- a/caddyconfig/httpcaddyfile/serveroptions.go +++ b/caddyconfig/httpcaddyfile/serveroptions.go @@ -38,6 +38,7 @@ type serverOptions struct { ReadHeaderTimeout caddy.Duration WriteTimeout caddy.Duration IdleTimeout caddy.Duration + KeepAliveInterval caddy.Duration MaxHeaderBytes int Protocols []string StrictSNIHost *bool @@ -122,6 +123,15 @@ func unmarshalCaddyfileServerOptions(d *caddyfile.Dispenser) (any, error) { return nil, d.Errf("unrecognized timeouts option '%s'", d.Val()) } } + case "keepalive_interval": + if !d.NextArg() { + return nil, d.ArgErr() + } + dur, err := caddy.ParseDuration(d.Val()) + if err != nil { + return nil, d.Errf("parsing keepalive interval duration: %v", err) + } + serverOpts.KeepAliveInterval = caddy.Duration(dur) case "max_header_size": var sizeStr string @@ -245,6 +255,7 @@ func applyServerOptions( server.ReadHeaderTimeout = opts.ReadHeaderTimeout server.WriteTimeout = opts.WriteTimeout server.IdleTimeout = opts.IdleTimeout + server.KeepAliveInterval = opts.KeepAliveInterval server.MaxHeaderBytes = opts.MaxHeaderBytes server.Protocols = opts.Protocols server.StrictSNIHost = opts.StrictSNIHost diff --git a/listen.go b/listen.go new file mode 100644 index 00000000..2c4a0b28 --- /dev/null +++ b/listen.go @@ -0,0 +1,172 @@ +//go:build !linux + +package caddy + +import ( + "fmt" + "net" + "sync" + "sync/atomic" + "time" + + "go.uber.org/zap" +) + +func ListenTimeout(network, addr string, keepAlivePeriod time.Duration) (net.Listener, error) { + // check to see if plugin provides listener + if ln, err := getListenerFromPlugin(network, addr); err != nil || ln != nil { + return ln, err + } + + lnKey := listenerKey(network, addr) + + sharedLn, _, err := listenerPool.LoadOrNew(lnKey, func() (Destructor, error) { + ln, err := net.Listen(network, addr) + if err != nil { + // https://github.com/caddyserver/caddy/pull/4534 + if isUnixNetwork(network) && isListenBindAddressAlreadyInUseError(err) { + return nil, fmt.Errorf("%w: this can happen if Caddy was forcefully killed", err) + } + return nil, err + } + return &sharedListener{Listener: ln, key: lnKey}, nil + }) + if err != nil { + return nil, err + } + + return &fakeCloseListener{sharedListener: sharedLn.(*sharedListener), keepAlivePeriod: keepAlivePeriod}, nil +} + +// fakeCloseListener is a private wrapper over a listener that +// is shared. The state of fakeCloseListener is not shared. +// This allows one user of a socket to "close" the listener +// while in reality the socket stays open for other users of +// the listener. In this way, servers become hot-swappable +// while the listener remains running. Listeners should be +// re-wrapped in a new fakeCloseListener each time the listener +// is reused. This type is atomic and values must not be copied. +type fakeCloseListener struct { + closed int32 // accessed atomically; belongs to this struct only + *sharedListener // embedded, so we also become a net.Listener + keepAlivePeriod time.Duration +} + +type canSetKeepAlive interface { + SetKeepAlivePeriod(d time.Duration) error + SetKeepAlive(bool) error +} + +func (fcl *fakeCloseListener) Accept() (net.Conn, error) { + // if the listener is already "closed", return error + if atomic.LoadInt32(&fcl.closed) == 1 { + return nil, fakeClosedErr(fcl) + } + + // call underlying accept + conn, err := fcl.sharedListener.Accept() + if err == nil { + // if 0, do nothing, Go's default is already set + // and if the connection allows setting KeepAlive, set it + if tconn, ok := conn.(canSetKeepAlive); ok && fcl.keepAlivePeriod != 0 { + if fcl.keepAlivePeriod > 0 { + err = tconn.SetKeepAlivePeriod(fcl.keepAlivePeriod) + } else { // negative + err = tconn.SetKeepAlive(false) + } + if err != nil { + Log().With(zap.String("server", fcl.sharedListener.key)).Warn("unable to set keepalive for new connection:", zap.Error(err)) + } + } + return conn, nil + } + + // since Accept() returned an error, it may be because our reference to + // the listener (this fakeCloseListener) may have been closed, i.e. the + // server is shutting down; in that case, we need to clear the deadline + // that we set when Close() was called, and return a non-temporary and + // non-timeout error value to the caller, masking the "true" error, so + // that server loops / goroutines won't retry, linger, and leak + if atomic.LoadInt32(&fcl.closed) == 1 { + // we dereference the sharedListener explicitly even though it's embedded + // so that it's clear in the code that side-effects are shared with other + // users of this listener, not just our own reference to it; we also don't + // do anything with the error because all we could do is log it, but we + // expliclty assign it to nothing so we don't forget it's there if needed + _ = fcl.sharedListener.clearDeadline() + + if netErr, ok := err.(net.Error); ok && netErr.Timeout() { + return nil, fakeClosedErr(fcl) + } + } + + return nil, err +} + +// Close stops accepting new connections without closing the +// underlying listener. The underlying listener is only closed +// if the caller is the last known user of the socket. +func (fcl *fakeCloseListener) Close() error { + if atomic.CompareAndSwapInt32(&fcl.closed, 0, 1) { + // There are two ways I know of to get an Accept() + // function to return to the server loop that called + // it: close the listener, or set a deadline in the + // past. Obviously, we can't close the socket yet + // since others may be using it (hence this whole + // file). But we can set the deadline in the past, + // and this is kind of cheating, but it works, and + // it apparently even works on Windows. + _ = fcl.sharedListener.setDeadline() + _, _ = listenerPool.Delete(fcl.sharedListener.key) + } + return nil +} + +// sharedListener is a wrapper over an underlying listener. The listener +// and the other fields on the struct are shared state that is synchronized, +// so sharedListener structs must never be copied (always use a pointer). +type sharedListener struct { + net.Listener + key string // uniquely identifies this listener + deadline bool // whether a deadline is currently set + deadlineMu sync.Mutex +} + +func (sl *sharedListener) clearDeadline() error { + var err error + sl.deadlineMu.Lock() + if sl.deadline { + switch ln := sl.Listener.(type) { + case *net.TCPListener: + err = ln.SetDeadline(time.Time{}) + case *net.UnixListener: + err = ln.SetDeadline(time.Time{}) + } + sl.deadline = false + } + sl.deadlineMu.Unlock() + return err +} + +func (sl *sharedListener) setDeadline() error { + timeInPast := time.Now().Add(-1 * time.Minute) + var err error + sl.deadlineMu.Lock() + if !sl.deadline { + switch ln := sl.Listener.(type) { + case *net.TCPListener: + err = ln.SetDeadline(timeInPast) + case *net.UnixListener: + err = ln.SetDeadline(timeInPast) + } + sl.deadline = true + } + sl.deadlineMu.Unlock() + return err +} + +// Destruct is called by the UsagePool when the listener is +// finally not being used anymore. It closes the socket. +func (sl *sharedListener) Destruct() error { + return sl.Listener.Close() +} diff --git a/listen_linux.go b/listen_linux.go new file mode 100644 index 00000000..b1220ce4 --- /dev/null +++ b/listen_linux.go @@ -0,0 +1,34 @@ +package caddy + +import ( + "context" + "net" + "syscall" + "time" + + "go.uber.org/zap" + "golang.org/x/sys/unix" +) + +// ListenTimeout is the same as Listen, but with a configurable keep-alive timeout duration. +func ListenTimeout(network, addr string, keepalivePeriod time.Duration) (net.Listener, error) { + // check to see if plugin provides listener + if ln, err := getListenerFromPlugin(network, addr); err != nil || ln != nil { + return ln, err + } + + config := &net.ListenConfig{Control: reusePort, KeepAlive: keepalivePeriod} + return config.Listen(context.Background(), network, addr) +} + +func reusePort(network, address string, conn syscall.RawConn) error { + return conn.Control(func(descriptor uintptr) { + if err := unix.SetsockoptInt(int(descriptor), unix.SOL_SOCKET, unix.SO_REUSEPORT, 1); err != nil { + Log().Error("setting SO_REUSEPORT", + zap.String("network", network), + zap.String("address", address), + zap.Uintptr("descriptor", descriptor), + zap.Error(err)) + } + }) +} diff --git a/listeners.go b/listeners.go index a95c98c3..59144439 100644 --- a/listeners.go +++ b/listeners.go @@ -24,10 +24,8 @@ import ( "os" "strconv" "strings" - "sync" "sync/atomic" "syscall" - "time" "github.com/lucas-clemente/quic-go" "github.com/lucas-clemente/quic-go/http3" @@ -43,6 +41,14 @@ import ( // the socket have been finished. Always be sure to close listeners // when you are done with them, just like normal listeners. func Listen(network, addr string) (net.Listener, error) { + // a 0 timeout means Go uses its default + return ListenTimeout(network, addr, 0) +} + +// getListenerFromPlugin returns a listener on the given network and address +// if a plugin has registered the network name. It may return (nil, nil) if +// no plugin can provide a listener. +func getListenerFromPlugin(network, addr string) (net.Listener, error) { network = strings.TrimSpace(strings.ToLower(network)) // get listener from plugin if network type is registered @@ -51,24 +57,7 @@ func Listen(network, addr string) (net.Listener, error) { return getListener(network, addr) } - lnKey := listenerKey(network, addr) - - sharedLn, _, err := listenerPool.LoadOrNew(lnKey, func() (Destructor, error) { - ln, err := net.Listen(network, addr) - if err != nil { - // https://github.com/caddyserver/caddy/pull/4534 - if isUnixNetwork(network) && isListenBindAddressAlreadyInUseError(err) { - return nil, fmt.Errorf("%w: this can happen if Caddy was forcefully killed", err) - } - return nil, err - } - return &sharedListener{Listener: ln, key: lnKey}, nil - }) - if err != nil { - return nil, err - } - - return &fakeCloseListener{sharedListener: sharedLn.(*sharedListener)}, nil + return nil, nil } // ListenPacket returns a net.PacketConn suitable for use in a Caddy module. @@ -124,80 +113,14 @@ func ListenQUIC(addr string, tlsConf *tls.Config, activeRequests *int64) (quic.E }, err } -func listenerKey(network, addr string) string { - return network + "/" + addr -} - // ListenerUsage returns the current usage count of the given listener address. func ListenerUsage(network, addr string) int { count, _ := listenerPool.References(listenerKey(network, addr)) return count } -// fakeCloseListener is a private wrapper over a listener that -// is shared. The state of fakeCloseListener is not shared. -// This allows one user of a socket to "close" the listener -// while in reality the socket stays open for other users of -// the listener. In this way, servers become hot-swappable -// while the listener remains running. Listeners should be -// re-wrapped in a new fakeCloseListener each time the listener -// is reused. This type is atomic and values must not be copied. -type fakeCloseListener struct { - closed int32 // accessed atomically; belongs to this struct only - *sharedListener // embedded, so we also become a net.Listener -} - -func (fcl *fakeCloseListener) Accept() (net.Conn, error) { - // if the listener is already "closed", return error - if atomic.LoadInt32(&fcl.closed) == 1 { - return nil, fakeClosedErr(fcl) - } - - // call underlying accept - conn, err := fcl.sharedListener.Accept() - if err == nil { - return conn, nil - } - - // since Accept() returned an error, it may be because our reference to - // the listener (this fakeCloseListener) may have been closed, i.e. the - // server is shutting down; in that case, we need to clear the deadline - // that we set when Close() was called, and return a non-temporary and - // non-timeout error value to the caller, masking the "true" error, so - // that server loops / goroutines won't retry, linger, and leak - if atomic.LoadInt32(&fcl.closed) == 1 { - // we dereference the sharedListener explicitly even though it's embedded - // so that it's clear in the code that side-effects are shared with other - // users of this listener, not just our own reference to it; we also don't - // do anything with the error because all we could do is log it, but we - // expliclty assign it to nothing so we don't forget it's there if needed - _ = fcl.sharedListener.clearDeadline() - - if netErr, ok := err.(net.Error); ok && netErr.Timeout() { - return nil, fakeClosedErr(fcl) - } - } - - return nil, err -} - -// Close stops accepting new connections without closing the -// underlying listener. The underlying listener is only closed -// if the caller is the last known user of the socket. -func (fcl *fakeCloseListener) Close() error { - if atomic.CompareAndSwapInt32(&fcl.closed, 0, 1) { - // There are two ways I know of to get an Accept() - // function to return to the server loop that called - // it: close the listener, or set a deadline in the - // past. Obviously, we can't close the socket yet - // since others may be using it (hence this whole - // file). But we can set the deadline in the past, - // and this is kind of cheating, but it works, and - // it apparently even works on Windows. - _ = fcl.sharedListener.setDeadline() - _, _ = listenerPool.Delete(fcl.sharedListener.key) - } - return nil +func listenerKey(network, addr string) string { + return network + "/" + addr } type fakeCloseQuicListener struct { @@ -283,55 +206,6 @@ func (fcpc fakeClosePacketConn) SyscallConn() (syscall.RawConn, error) { return nil, fmt.Errorf("SyscallConn() not implemented for %T", fcpc.PacketConn) } -// sharedListener is a wrapper over an underlying listener. The listener -// and the other fields on the struct are shared state that is synchronized, -// so sharedListener structs must never be copied (always use a pointer). -type sharedListener struct { - net.Listener - key string // uniquely identifies this listener - deadline bool // whether a deadline is currently set - deadlineMu sync.Mutex -} - -func (sl *sharedListener) clearDeadline() error { - var err error - sl.deadlineMu.Lock() - if sl.deadline { - switch ln := sl.Listener.(type) { - case *net.TCPListener: - err = ln.SetDeadline(time.Time{}) - case *net.UnixListener: - err = ln.SetDeadline(time.Time{}) - } - sl.deadline = false - } - sl.deadlineMu.Unlock() - return err -} - -func (sl *sharedListener) setDeadline() error { - timeInPast := time.Now().Add(-1 * time.Minute) - var err error - sl.deadlineMu.Lock() - if !sl.deadline { - switch ln := sl.Listener.(type) { - case *net.TCPListener: - err = ln.SetDeadline(timeInPast) - case *net.UnixListener: - err = ln.SetDeadline(timeInPast) - } - sl.deadline = true - } - sl.deadlineMu.Unlock() - return err -} - -// Destruct is called by the UsagePool when the listener is -// finally not being used anymore. It closes the socket. -func (sl *sharedListener) Destruct() error { - return sl.Listener.Close() -} - // sharedQuicListener is like sharedListener, but for quic.EarlyListeners. type sharedQuicListener struct { quic.EarlyListener diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go index 3db87b18..e48f8286 100644 --- a/modules/caddyhttp/app.go +++ b/modules/caddyhttp/app.go @@ -384,7 +384,7 @@ func (app *App) Start() error { for portOffset := uint(0); portOffset < listenAddr.PortRangeSize(); portOffset++ { // create the listener for this socket hostport := listenAddr.JoinHostPort(portOffset) - ln, err := caddy.Listen(listenAddr.Network, hostport) + ln, err := caddy.ListenTimeout(listenAddr.Network, hostport, time.Duration(srv.KeepAliveInterval)) if err != nil { return fmt.Errorf("%s: listening on %s: %v", listenAddr.Network, hostport, err) } diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index 1bba34ca..e2da5319 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -72,6 +72,11 @@ type Server struct { // 5m is applied to help avoid resource exhaustion. IdleTimeout caddy.Duration `json:"idle_timeout,omitempty"` + // KeepAliveInterval is the interval at which TCP keepalive packets + // are sent to keep the connection alive at the TCP layer when no other + // data is being transmitted. The default is 15s. + KeepAliveInterval caddy.Duration `json:"keepalive_interval,omitempty"` + // MaxHeaderBytes is the maximum size to parse from a client's // HTTP request headers. MaxHeaderBytes int `json:"max_header_bytes,omitempty"` From 66476d8c8f6010f19fb65bac7758c6fd2824e231 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Fri, 2 Sep 2022 17:01:55 -0600 Subject: [PATCH 0768/1498] reverseproxy: Close hijacked conns on reload/quit (#4895) * reverseproxy: Close hijacked conns on reload/quit We also send a Close control message to both ends of WebSocket connections. I have tested this many times in my dev environment with consistent success, although the variety of scenarios was limited. * Oops... actually call Close() this time * CloseMessage --> closeMessage Co-authored-by: Francis Lavoie * Use httpguts, duh * Use map instead of sync.Map Co-authored-by: Francis Lavoie --- .../caddyhttp/reverseproxy/reverseproxy.go | 30 ++++++- modules/caddyhttp/reverseproxy/streaming.go | 78 ++++++++++++++++++- 2 files changed, 103 insertions(+), 5 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 895682fd..dc1458d1 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -192,6 +192,10 @@ type Handler struct { // Holds the handle_response Caddyfile tokens while adapting handleResponseSegments []*caddyfile.Dispenser + // Stores upgraded requests (hijacked connections) for proper cleanup + connections map[io.ReadWriteCloser]openConnection + connectionsMu *sync.Mutex + ctx caddy.Context logger *zap.Logger events *caddyevents.App @@ -214,6 +218,8 @@ func (h *Handler) Provision(ctx caddy.Context) error { h.events = eventAppIface.(*caddyevents.App) h.ctx = ctx h.logger = ctx.Logger(h) + h.connections = make(map[io.ReadWriteCloser]openConnection) + h.connectionsMu = new(sync.Mutex) // verify SRV compatibility - TODO: LookupSRV deprecated; will be removed for i, v := range h.Upstreams { @@ -407,16 +413,34 @@ func (h *Handler) Provision(ctx caddy.Context) error { return nil } -// Cleanup cleans up the resources made by h during provisioning. +// Cleanup cleans up the resources made by h. func (h *Handler) Cleanup() error { - // TODO: Close keepalive connections on reload? https://github.com/caddyserver/caddy/pull/2507/files#diff-70219fd88fe3f36834f474ce6537ed26R762 + // close hijacked connections (both to client and backend) + var err error + h.connectionsMu.Lock() + for _, oc := range h.connections { + if oc.gracefulClose != nil { + // this is potentially blocking while we have the lock on the connections + // map, but that should be OK since the server has in theory shut down + // and we are no longer using the connections map + gracefulErr := oc.gracefulClose() + if gracefulErr != nil && err == nil { + err = gracefulErr + } + } + closeErr := oc.conn.Close() + if closeErr != nil && err == nil { + err = closeErr + } + } + h.connectionsMu.Unlock() // remove hosts from our config from the pool for _, upstream := range h.Upstreams { _, _ = hosts.Delete(upstream.String()) } - return nil + return err } func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhttp.Handler) error { diff --git a/modules/caddyhttp/reverseproxy/streaming.go b/modules/caddyhttp/reverseproxy/streaming.go index 298ab58d..01d865db 100644 --- a/modules/caddyhttp/reverseproxy/streaming.go +++ b/modules/caddyhttp/reverseproxy/streaming.go @@ -20,6 +20,7 @@ package reverseproxy import ( "context" + "encoding/binary" "io" "mime" "net/http" @@ -27,6 +28,7 @@ import ( "time" "go.uber.org/zap" + "golang.org/x/net/http/httpguts" ) func (h Handler) handleUpgradeResponse(logger *zap.Logger, rw http.ResponseWriter, req *http.Request, res *http.Response) { @@ -97,8 +99,26 @@ func (h Handler) handleUpgradeResponse(logger *zap.Logger, rw http.ResponseWrite return } - errc := make(chan error, 1) + // Ensure the hijacked client connection, and the new connection established + // with the backend, are both closed in the event of a server shutdown. This + // is done by registering them. We also try to gracefully close connections + // we recognize as websockets. + gracefulClose := func(conn io.ReadWriteCloser) func() error { + if isWebsocket(req) { + return func() error { + return writeCloseControl(conn) + } + } + return nil + } + deleteFrontConn := h.registerConnection(conn, gracefulClose(conn)) + deleteBackConn := h.registerConnection(backConn, gracefulClose(backConn)) + defer deleteFrontConn() + defer deleteBackConn() + spc := switchProtocolCopier{user: conn, backend: backConn} + + errc := make(chan error, 1) go spc.copyToBackend(errc) go spc.copyFromBackend(errc) <-errc @@ -209,6 +229,60 @@ func (h Handler) copyBuffer(dst io.Writer, src io.Reader, buf []byte) (int64, er } } +// registerConnection holds onto conn so it can be closed in the event +// of a server shutdown. This is useful because hijacked connections or +// connections dialed to backends don't close when server is shut down. +// The caller should call the returned delete() function when the +// connection is done to remove it from memory. +func (h *Handler) registerConnection(conn io.ReadWriteCloser, gracefulClose func() error) (del func()) { + h.connectionsMu.Lock() + h.connections[conn] = openConnection{conn, gracefulClose} + h.connectionsMu.Unlock() + return func() { + h.connectionsMu.Lock() + delete(h.connections, conn) + h.connectionsMu.Unlock() + } +} + +// writeCloseControl sends a best-effort Close control message to the given +// WebSocket connection. Thanks to @pascaldekloe who provided inspiration +// from his simple implementation of this I was able to learn from at: +// github.com/pascaldekloe/websocket. +func writeCloseControl(conn io.Writer) error { + // https://github.com/pascaldekloe/websocket/blob/32050af67a5d/websocket.go#L119 + + var reason string // max 123 bytes (control frame payload limit is 125; status code takes 2) + const goingAway uint16 = 1001 + + // TODO: we might need to ensure we are the exclusive writer by this point (io.Copy is stopped)? + var writeBuf [127]byte + const closeMessage = 8 + const finalBit = 1 << 7 + writeBuf[0] = closeMessage | finalBit + writeBuf[1] = byte(len(reason) + 2) + binary.BigEndian.PutUint16(writeBuf[2:4], goingAway) + copy(writeBuf[4:], reason) + + // simply best-effort, but return error for logging purposes + _, err := conn.Write(writeBuf[:4+len(reason)]) + return err +} + +// isWebsocket returns true if r looks to be an upgrade request for WebSockets. +// It is a fairly naive check. +func isWebsocket(r *http.Request) bool { + return httpguts.HeaderValuesContainsToken(r.Header["Connection"], "upgrade") && + httpguts.HeaderValuesContainsToken(r.Header["Upgrade"], "websocket") +} + +// openConnection maps an open connection to +// an optional function for graceful close. +type openConnection struct { + conn io.ReadWriteCloser + gracefulClose func() error +} + type writeFlusher interface { io.Writer http.Flusher @@ -265,7 +339,7 @@ func (m *maxLatencyWriter) stop() { // switchProtocolCopier exists so goroutines proxying data back and // forth have nice names in stacks. type switchProtocolCopier struct { - user, backend io.ReadWriter + user, backend io.ReadWriteCloser } func (c switchProtocolCopier) copyFromBackend(errc chan<- error) { From d6b3c7d2623d9a809abda367fb93dc48b0ba7d7c Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Sat, 3 Sep 2022 03:37:10 +0300 Subject: [PATCH 0769/1498] ci: generate SBOM and sign artifacts using cosign (#4910) * ci: sign artifacts using cosign * include SBOM --- .github/workflows/release.yml | 10 +++++++++- .goreleaser.yml | 11 ++++++++++- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2a2292a6..d67f875f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -99,7 +99,14 @@ jobs: key: ${{ runner.os }}-go${{ matrix.go }}-release-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ runner.os }}-go${{ matrix.go }}-release - + - name: Install Cosign + uses: sigstore/cosign-installer@main + - name: Cosign version + run: cosign version + - name: Install Syft + uses: anchore/sbom-action/download-syft@main + - name: Syft version + run: syft version # GoReleaser will take care of publishing those artifacts into the release - name: Run GoReleaser uses: goreleaser/goreleaser-action@v2 @@ -109,6 +116,7 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} TAG: ${{ steps.vars.outputs.version_tag }} + COSIGN_EXPERIMENTAL: 1 # Only publish on non-special tags (e.g. non-beta) # We will continue to push to Gemfury for the foreseeable future, although diff --git a/.goreleaser.yml b/.goreleaser.yml index f0e26159..d4f786de 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -62,9 +62,18 @@ builds: goarm: "5" flags: - -trimpath + - -mod=readonly ldflags: - -s -w - +signs: + - cmd: cosign + signature: "${artifact}.sig" + args: ["sign-blob", "--oidc-issuer=https://token.actions.githubusercontent.com", "--output=${signature}", "${artifact}"] + artifacts: all +sboms: + - artifacts: binary + cmd: syft + args: ["$artifact", "--file", "$sbom", "--output", "cyclonedx-json"] archives: - format_overrides: - goos: windows From 6e3063b15aa88179fefcf6f75001224de68c5dd2 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 5 Sep 2022 15:32:58 -0400 Subject: [PATCH 0770/1498] caddyauth: Speed up basicauth provision, deprecate scrypt (#4720) * caddyauth: Speed up basicauth provisioning, precalculate fake password * Deprecate scrypt, allow using decoded bcrypt hashes * Add TODO note Co-authored-by: Matt Holt Co-authored-by: Matt Holt --- modules/caddyhttp/caddyauth/basicauth.go | 22 +++++++++++++++++----- modules/caddyhttp/caddyauth/command.go | 11 +++++++---- modules/caddyhttp/caddyauth/hashes.go | 21 ++++++++++++++++++++- 3 files changed, 44 insertions(+), 10 deletions(-) diff --git a/modules/caddyhttp/caddyauth/basicauth.go b/modules/caddyhttp/caddyauth/basicauth.go index 33be70df..e090dacd 100644 --- a/modules/caddyhttp/caddyauth/basicauth.go +++ b/modules/caddyhttp/caddyauth/basicauth.go @@ -21,6 +21,7 @@ import ( "fmt" weakrand "math/rand" "net/http" + "strings" "sync" "time" @@ -94,7 +95,7 @@ func (hba *HTTPBasicAuth) Provision(ctx caddy.Context) error { // if supported, generate a fake password we can compare against if needed if hasher, ok := hba.Hash.(Hasher); ok { - hba.fakePassword, err = hasher.Hash([]byte("antitiming"), []byte("fakesalt")) + hba.fakePassword = hasher.FakeHash() if err != nil { return fmt.Errorf("generating anti-timing password hash: %v", err) } @@ -117,10 +118,19 @@ func (hba *HTTPBasicAuth) Provision(ctx caddy.Context) error { return fmt.Errorf("account %d: username and password are required", i) } - acct.password, err = base64.StdEncoding.DecodeString(acct.Password) - if err != nil { - return fmt.Errorf("base64-decoding password: %v", err) + // TODO: Remove support for redundantly-encoded b64-encoded hashes + // Passwords starting with '$' are likely in Modular Crypt Format, + // so we don't need to base64 decode them. But historically, we + // required redundant base64, so we try to decode it otherwise. + if strings.HasPrefix(acct.Password, "$") { + acct.password = []byte(acct.Password) + } else { + acct.password, err = base64.StdEncoding.DecodeString(acct.Password) + if err != nil { + return fmt.Errorf("base64-decoding password: %v", err) + } } + if acct.Salt != "" { acct.salt, err = base64.StdEncoding.DecodeString(acct.Salt) if err != nil { @@ -271,9 +281,11 @@ type Comparer interface { // that require a salt). Hashing modules which implement // this interface can be used with the hash-password // subcommand as well as benefitting from anti-timing -// features. +// features. A hasher also returns a fake hash which +// can be used for timing side-channel mitigation. type Hasher interface { Hash(plaintext, salt []byte) ([]byte, error) + FakeHash() []byte } // Account contains a username, password, and salt (if applicable). diff --git a/modules/caddyhttp/caddyauth/command.go b/modules/caddyhttp/caddyauth/command.go index 597681b6..609de4e8 100644 --- a/modules/caddyhttp/caddyauth/command.go +++ b/modules/caddyhttp/caddyauth/command.go @@ -42,11 +42,13 @@ hash is written to stdout as a base64 string. Caddy is attached to a controlling tty, the plaintext will not be echoed. ---algorithm may be bcrypt or scrypt. If script, the default +--algorithm may be bcrypt or scrypt. If scrypt, the default parameters are used. Use the --salt flag for algorithms which require a salt to be provided (scrypt). + +Note that scrypt is deprecated. Please use 'bcrypt' instead. `, Flags: func() *flag.FlagSet { fs := flag.NewFlagSet("hash-password", flag.ExitOnError) @@ -112,13 +114,16 @@ func cmdHashPassword(fs caddycmd.Flags) (int, error) { } var hash []byte + var hashString string switch algorithm { case "bcrypt": hash, err = BcryptHash{}.Hash(plaintext, nil) + hashString = string(hash) case "scrypt": def := ScryptHash{} def.SetDefaults() hash, err = def.Hash(plaintext, salt) + hashString = base64.StdEncoding.EncodeToString(hash) default: return caddy.ExitCodeFailedStartup, fmt.Errorf("unrecognized hash algorithm: %s", algorithm) } @@ -126,9 +131,7 @@ func cmdHashPassword(fs caddycmd.Flags) (int, error) { return caddy.ExitCodeFailedStartup, err } - hashBase64 := base64.StdEncoding.EncodeToString(hash) - - fmt.Println(hashBase64) + fmt.Println(hashString) return 0, nil } diff --git a/modules/caddyhttp/caddyauth/hashes.go b/modules/caddyhttp/caddyauth/hashes.go index 63bfe1be..6505d187 100644 --- a/modules/caddyhttp/caddyauth/hashes.go +++ b/modules/caddyhttp/caddyauth/hashes.go @@ -16,6 +16,7 @@ package caddyauth import ( "crypto/subtle" + "encoding/base64" "github.com/caddyserver/caddy/v2" "golang.org/x/crypto/bcrypt" @@ -55,7 +56,16 @@ func (BcryptHash) Hash(plaintext, _ []byte) ([]byte, error) { return bcrypt.GenerateFromPassword(plaintext, 14) } +// FakeHash returns a fake hash. +func (BcryptHash) FakeHash() []byte { + // hashed with the following command: + // caddy hash-password --plaintext "antitiming" --algorithm "bcrypt" + return []byte("$2a$14$X3ulqf/iGxnf1k6oMZ.RZeJUoqI9PX2PM4rS5lkIKJXduLGXGPrt6") +} + // ScryptHash implements the scrypt KDF as a hash. +// +// DEPRECATED, please use 'bcrypt' instead. type ScryptHash struct { // scrypt's N parameter. If unset or 0, a safe default is used. N int `json:"N,omitempty"` @@ -80,8 +90,9 @@ func (ScryptHash) CaddyModule() caddy.ModuleInfo { } // Provision sets up s. -func (s *ScryptHash) Provision(_ caddy.Context) error { +func (s *ScryptHash) Provision(ctx caddy.Context) error { s.SetDefaults() + ctx.Logger(s).Warn("use of 'scrypt' is deprecated, please use 'bcrypt' instead") return nil } @@ -123,6 +134,14 @@ func (s ScryptHash) Hash(plaintext, salt []byte) ([]byte, error) { return scrypt.Key(plaintext, salt, s.N, s.R, s.P, s.KeyLength) } +// FakeHash returns a fake hash. +func (ScryptHash) FakeHash() []byte { + // hashed with the following command: + // caddy hash-password --plaintext "antitiming" --salt "fakesalt" --algorithm "scrypt" + bytes, _ := base64.StdEncoding.DecodeString("kFbjiVemlwK/ZS0tS6/UQqEDeaNMigyCs48KEsGUse8=") + return bytes +} + func hashesMatch(pwdHash1, pwdHash2 []byte) bool { return subtle.ConstantTimeCompare(pwdHash1, pwdHash2) == 1 } From ad69503aefeead7782022e8e8698c16b1e6c638d Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 5 Sep 2022 13:42:59 -0600 Subject: [PATCH 0771/1498] Remove unnecessary error check --- modules/caddyhttp/caddyauth/basicauth.go | 3 --- 1 file changed, 3 deletions(-) diff --git a/modules/caddyhttp/caddyauth/basicauth.go b/modules/caddyhttp/caddyauth/basicauth.go index e090dacd..eb6fd592 100644 --- a/modules/caddyhttp/caddyauth/basicauth.go +++ b/modules/caddyhttp/caddyauth/basicauth.go @@ -96,9 +96,6 @@ func (hba *HTTPBasicAuth) Provision(ctx caddy.Context) error { // if supported, generate a fake password we can compare against if needed if hasher, ok := hba.Hash.(Hasher); ok { hba.fakePassword = hasher.FakeHash() - if err != nil { - return fmt.Errorf("generating anti-timing password hash: %v", err) - } } repl := caddy.NewReplacer() From ca4fae64d99a63291a91e59af5a1e8eef8c8e2d8 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Mon, 5 Sep 2022 13:50:44 -0600 Subject: [PATCH 0772/1498] caddyhttp: Support `respond` with HTTP 103 Early Hints (#5006) * caddyhttp: Support sending HTTP 103 Early Hints This adds support for early hints in the static_response handler. * caddyhttp: Don't record 1xx responses --- modules/caddyhttp/matchers.go | 16 +++++++++ modules/caddyhttp/push/handler.go | 20 +++++++++-- modules/caddyhttp/responsewriter.go | 52 +++++++++++++++++------------ modules/caddyhttp/staticresp.go | 15 +++++++-- 4 files changed, 77 insertions(+), 26 deletions(-) diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index 5056c9aa..f86ce0a4 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -1121,6 +1121,22 @@ func (m MatchProtocol) Match(r *http.Request) bool { return r.TLS != nil case "http": return r.TLS == nil + case "http/1.0": + return r.ProtoMajor == 1 && r.ProtoMinor == 0 + case "http/1.0+": + return r.ProtoAtLeast(1, 0) + case "http/1.1": + return r.ProtoMajor == 1 && r.ProtoMinor == 1 + case "http/1.1+": + return r.ProtoAtLeast(1, 1) + case "http/2": + return r.ProtoMajor == 2 + case "http/2+": + return r.ProtoAtLeast(2, 0) + case "http/3": + return r.ProtoMajor == 3 + case "http/3+": + return r.ProtoAtLeast(3, 0) } return false } diff --git a/modules/caddyhttp/push/handler.go b/modules/caddyhttp/push/handler.go index 75442be1..27652ef0 100644 --- a/modules/caddyhttp/push/handler.go +++ b/modules/caddyhttp/push/handler.go @@ -29,10 +29,24 @@ func init() { caddy.RegisterModule(Handler{}) } -// Handler is a middleware for manipulating the request body. +// Handler is a middleware for HTTP/2 server push. Note that +// HTTP/2 server push has been deprecated by some clients and +// its use is discouraged unless you can accurately predict +// which resources actually need to be pushed to the client; +// it can be difficult to know what the client already has +// cached. Pushing unnecessary resources results in worse +// performance. Consider using HTTP 103 Early Hints instead. +// +// This handler supports pushing from Link headers; in other +// words, if the eventual response has Link headers, this +// handler will push the resources indicated by those headers, +// even without specifying any resources in its config. type Handler struct { - Resources []Resource `json:"resources,omitempty"` - Headers *HeaderConfig `json:"headers,omitempty"` + // The resources to push. + Resources []Resource `json:"resources,omitempty"` + + // Headers to modify for the push requests. + Headers *HeaderConfig `json:"headers,omitempty"` logger *zap.Logger } diff --git a/modules/caddyhttp/responsewriter.go b/modules/caddyhttp/responsewriter.go index 0ffb9320..374bbfba 100644 --- a/modules/caddyhttp/responsewriter.go +++ b/modules/caddyhttp/responsewriter.go @@ -111,15 +111,15 @@ type responseRecorder struct { // // Proper usage of a recorder looks like this: // -// rec := caddyhttp.NewResponseRecorder(w, buf, shouldBuffer) -// err := next.ServeHTTP(rec, req) -// if err != nil { -// return err -// } -// if !rec.Buffered() { -// return nil -// } -// // process the buffered response here +// rec := caddyhttp.NewResponseRecorder(w, buf, shouldBuffer) +// err := next.ServeHTTP(rec, req) +// if err != nil { +// return err +// } +// if !rec.Buffered() { +// return nil +// } +// // process the buffered response here // // The header map is not buffered; i.e. the ResponseRecorder's Header() // method returns the same header map of the underlying ResponseWriter. @@ -129,7 +129,7 @@ type responseRecorder struct { // Once you are ready to write the response, there are two ways you can // do it. The easier way is to have the recorder do it: // -// rec.WriteResponse() +// rec.WriteResponse() // // This writes the recorded response headers as well as the buffered body. // Or, you may wish to do it yourself, especially if you manipulated the @@ -138,9 +138,12 @@ type responseRecorder struct { // recorder's body buffer, but you might have your own body to write // instead): // -// w.WriteHeader(rec.Status()) -// io.Copy(w, rec.Buffer()) +// w.WriteHeader(rec.Status()) +// io.Copy(w, rec.Buffer()) // +// As a special case, 1xx responses are not buffered nor recorded +// because they are not the final response; they are passed through +// directly to the underlying ResponseWriter. func NewResponseRecorder(w http.ResponseWriter, buf *bytes.Buffer, shouldBuffer ShouldBufferFunc) ResponseRecorder { return &responseRecorder{ ResponseWriterWrapper: &ResponseWriterWrapper{ResponseWriter: w}, @@ -149,22 +152,29 @@ func NewResponseRecorder(w http.ResponseWriter, buf *bytes.Buffer, shouldBuffer } } +// WriteHeader writes the headers with statusCode to the wrapped +// ResponseWriter unless the response is to be buffered instead. +// 1xx responses are never buffered. func (rr *responseRecorder) WriteHeader(statusCode int) { if rr.wroteHeader { return } - rr.statusCode = statusCode - rr.wroteHeader = true - // decide whether we should buffer the response - if rr.shouldBuffer == nil { - rr.stream = true - } else { - rr.stream = !rr.shouldBuffer(rr.statusCode, rr.ResponseWriterWrapper.Header()) + // 1xx responses aren't final; just informational + if statusCode < 100 || statusCode > 199 { + rr.statusCode = statusCode + rr.wroteHeader = true + + // decide whether we should buffer the response + if rr.shouldBuffer == nil { + rr.stream = true + } else { + rr.stream = !rr.shouldBuffer(rr.statusCode, rr.ResponseWriterWrapper.Header()) + } } - // if not buffered, immediately write header - if rr.stream { + // if informational or not buffered, immediately write header + if rr.stream || (100 <= statusCode && statusCode <= 199) { rr.ResponseWriterWrapper.WriteHeader(rr.statusCode) } } diff --git a/modules/caddyhttp/staticresp.go b/modules/caddyhttp/staticresp.go index f4296924..ccc70e2d 100644 --- a/modules/caddyhttp/staticresp.go +++ b/modules/caddyhttp/staticresp.go @@ -86,6 +86,12 @@ Response headers may be added using the --header flag for each header field. type StaticResponse struct { // The HTTP status code to respond with. Can be an integer or, // if needing to use a placeholder, a string. + // + // If the status code is 103 (Early Hints), the response headers + // will be written to the client immediately, the body will be + // ignored, and the next handler will be invoked. This behavior + // is EXPERIMENTAL while RFC 8297 is a draft, and may be changed + // or removed. StatusCode WeakString `json:"status_code,omitempty"` // Header fields to set on the response; overwrites any existing @@ -170,7 +176,7 @@ func (s *StaticResponse) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return nil } -func (s StaticResponse) ServeHTTP(w http.ResponseWriter, r *http.Request, _ Handler) error { +func (s StaticResponse) ServeHTTP(w http.ResponseWriter, r *http.Request, next Handler) error { // close the connection immediately if s.Abort { panic(http.ErrAbortHandler) @@ -237,10 +243,15 @@ func (s StaticResponse) ServeHTTP(w http.ResponseWriter, r *http.Request, _ Hand w.WriteHeader(statusCode) // write response body - if body != "" { + if statusCode != http.StatusEarlyHints && body != "" { fmt.Fprint(w, body) } + // continue handling after Early Hints as they are not the final response + if statusCode == http.StatusEarlyHints { + return next.ServeHTTP(w, r) + } + return nil } From d5ea43fb4b549dda6040b31ce472e7843dfc5077 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Mon, 5 Sep 2022 13:53:41 -0600 Subject: [PATCH 0773/1498] fileserver: Support glob expansion in file matcher (#4993) * fileserver: Support glob expansion in file matcher * Fix tests * Fix bugs and tests * Attempt Windows fix, sigh * debug Windows, WIP * Continue debugging Windows * Another attempt at Windows * Plz Windows * Cmon... * Clean up, hope I didn't break anything --- modules/caddyhttp/fileserver/caddyfile.go | 61 +++-- modules/caddyhttp/fileserver/matcher.go | 234 ++++++++++++------ modules/caddyhttp/fileserver/matcher_test.go | 29 ++- modules/caddyhttp/fileserver/staticfiles.go | 13 +- .../fileserver/testdata/foodir/bar.txt | 1 + modules/caddyhttp/replacer.go | 4 + modules/caddyhttp/replacer_test.go | 84 ++++--- 7 files changed, 281 insertions(+), 145 deletions(-) create mode 100644 modules/caddyhttp/fileserver/testdata/foodir/bar.txt diff --git a/modules/caddyhttp/fileserver/caddyfile.go b/modules/caddyhttp/fileserver/caddyfile.go index a3cf9e4d..1a0424c1 100644 --- a/modules/caddyhttp/fileserver/caddyfile.go +++ b/modules/caddyhttp/fileserver/caddyfile.go @@ -36,17 +36,16 @@ func init() { // parseCaddyfile parses the file_server directive. It enables the static file // server and configures it with this syntax: // -// file_server [] [browse] { -// fs -// root -// hide -// index -// browse [] -// precompressed -// status -// disable_canonical_uris -// } -// +// file_server [] [browse] { +// fs +// root +// hide +// index +// browse [] +// precompressed +// status +// disable_canonical_uris +// } func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) { var fsrv FileServer @@ -177,22 +176,23 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) // with a rewrite directive, so this is not a standard handler directive. // A try_files directive has this syntax (notice no matcher tokens accepted): // -// try_files +// try_files { +// policy first_exist|smallest_size|largest_size|most_recently_modified +// } // // and is basically shorthand for: // -// @try_files { -// file { -// try_files -// } -// } -// rewrite @try_files {http.matchers.file.relative} +// @try_files file { +// try_files +// policy first_exist|smallest_size|largest_size|most_recently_modified +// } +// rewrite @try_files {http.matchers.file.relative} // // This directive rewrites request paths only, preserving any other part // of the URI, unless the part is explicitly given in the file list. For // example, if any of the files in the list have a query string: // -// try_files {path} index.php?{query}&p={path} +// try_files {path} index.php?{query}&p={path} // // then the query string will not be treated as part of the file name; and // if that file matches, the given query string will replace any query string @@ -207,6 +207,27 @@ func parseTryFiles(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error) return nil, h.ArgErr() } + // parse out the optional try policy + var tryPolicy string + for nesting := h.Nesting(); h.NextBlock(nesting); { + switch h.Val() { + case "policy": + if tryPolicy != "" { + return nil, h.Err("try policy already configured") + } + if !h.NextArg() { + return nil, h.ArgErr() + } + tryPolicy = h.Val() + + switch tryPolicy { + case tryPolicyFirstExist, tryPolicyLargestSize, tryPolicySmallestSize, tryPolicyMostRecentlyMod: + default: + return nil, h.Errf("unrecognized try policy: %s", tryPolicy) + } + } + } + // makeRoute returns a route that tries the files listed in try // and then rewrites to the matched file; userQueryString is // appended to the rewrite rule. @@ -215,7 +236,7 @@ func parseTryFiles(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error) URI: "{http.matchers.file.relative}" + userQueryString, } matcherSet := caddy.ModuleMap{ - "file": h.JSON(MatchFile{TryFiles: try}), + "file": h.JSON(MatchFile{TryFiles: try, TryPolicy: tryPolicy}), } return h.NewRoute(matcherSet, handler) } diff --git a/modules/caddyhttp/fileserver/matcher.go b/modules/caddyhttp/fileserver/matcher.go index 5cade257..a5dab6eb 100644 --- a/modules/caddyhttp/fileserver/matcher.go +++ b/modules/caddyhttp/fileserver/matcher.go @@ -21,9 +21,10 @@ import ( "net/http" "os" "path" + "path/filepath" + "runtime" "strconv" "strings" - "time" "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" @@ -33,6 +34,7 @@ import ( "github.com/google/cel-go/common/operators" "github.com/google/cel-go/common/types/ref" "github.com/google/cel-go/parser" + "go.uber.org/zap" exprpb "google.golang.org/genproto/googleapis/api/expr/v1alpha1" ) @@ -55,6 +57,9 @@ func init() { // the matched file is a directory, "file" otherwise. // - `{http.matchers.file.remainder}` Set to the remainder // of the path if the path was split by `split_path`. +// +// Even though file matching may depend on the OS path +// separator, the placeholder values always use /. type MatchFile struct { // The file system implementation to use. By default, the // local disk file system will be used. @@ -101,6 +106,8 @@ type MatchFile struct { // Each delimiter must appear at the end of a URI path // component in order to be used as a split delimiter. SplitPath []string `json:"split_path,omitempty"` + + logger *zap.Logger } // CaddyModule returns the Caddy module information. @@ -113,12 +120,11 @@ func (MatchFile) CaddyModule() caddy.ModuleInfo { // UnmarshalCaddyfile sets up the matcher from Caddyfile tokens. Syntax: // -// file { -// root -// try_files -// try_policy first_exist|smallest_size|largest_size|most_recently_modified -// } -// +// file { +// root +// try_files +// try_policy first_exist|smallest_size|largest_size|most_recently_modified +// } func (m *MatchFile) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { for d.Next() { m.TryFiles = append(m.TryFiles, d.RemainingArgs()...) @@ -156,7 +162,8 @@ func (m *MatchFile) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { // expression matchers. // // Example: -// expression file({'root': '/srv', 'try_files': [{http.request.uri.path}, '/index.php'], 'try_policy': 'first_exist', 'split_path': ['.php']}) +// +// expression file({'root': '/srv', 'try_files': [{http.request.uri.path}, '/index.php'], 'try_policy': 'first_exist', 'split_path': ['.php']}) func (MatchFile) CELLibrary(ctx caddy.Context) (cel.Library, error) { requestType := cel.ObjectType("http.Request") @@ -249,6 +256,8 @@ func celFileMatcherMacroExpander() parser.MacroExpander { // Provision sets up m's defaults. func (m *MatchFile) Provision(ctx caddy.Context) error { + m.logger = ctx.Logger(m) + // establish the file system to use if len(m.FileSystemRaw) > 0 { mod, err := ctx.LoadModule(m, "FileSystemRaw") @@ -290,10 +299,10 @@ func (m MatchFile) Validate() error { // Match returns true if r matches m. Returns true // if a file was matched. If so, four placeholders // will be available: -// - http.matchers.file.relative -// - http.matchers.file.absolute -// - http.matchers.file.type -// - http.matchers.file.remainder +// - http.matchers.file.relative: Path to file relative to site root +// - http.matchers.file.absolute: Path to file including site root +// - http.matchers.file.type: file or directory +// - http.matchers.file.remainder: Portion remaining after splitting file path (if configured) func (m MatchFile) Match(r *http.Request) bool { return m.selectFile(r) } @@ -303,23 +312,80 @@ func (m MatchFile) Match(r *http.Request) bool { func (m MatchFile) selectFile(r *http.Request) (matched bool) { repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) - root := repl.ReplaceAll(m.Root, ".") + root := filepath.Clean(repl.ReplaceAll(m.Root, ".")) - // common preparation of the file into parts - prepareFilePath := func(file string) (suffix, fullpath, remainder string) { - suffix, remainder = m.firstSplit(path.Clean(repl.ReplaceAll(file, ""))) - if strings.HasSuffix(file, "/") { - suffix += "/" - } - fullpath = caddyhttp.SanitizedPathJoin(root, suffix) - return + type matchCandidate struct { + fullpath, relative, splitRemainder string } - // sets up the placeholders for the matched file - setPlaceholders := func(info os.FileInfo, rel string, abs string, remainder string) { - repl.Set("http.matchers.file.relative", rel) - repl.Set("http.matchers.file.absolute", abs) - repl.Set("http.matchers.file.remainder", remainder) + // makeCandidates evaluates placeholders in file and expands any glob expressions + // to build a list of file candidates. Special glob characters are escaped in + // placeholder replacements so globs cannot be expanded from placeholders, and + // globs are not evaluated on Windows because of its path separator character: + // escaping is not supported so we can't safely glob on Windows, or we can't + // support placeholders on Windows (pick one). (Actually, evaluating untrusted + // globs is not the end of the world since the file server will still hide any + // hidden files, it just might lead to unexpected behavior.) + makeCandidates := func(file string) []matchCandidate { + // first, evaluate placeholders in the file pattern + expandedFile, err := repl.ReplaceFunc(file, func(variable string, val any) (any, error) { + if runtime.GOOS == "windows" { + return val, nil + } + switch v := val.(type) { + case string: + return globSafeRepl.Replace(v), nil + case fmt.Stringer: + return globSafeRepl.Replace(v.String()), nil + } + return val, nil + }) + if err != nil { + m.logger.Error("evaluating placeholders", zap.Error(err)) + expandedFile = file // "oh well," I guess? + } + + // clean the path and split, if configured -- we must split before + // globbing so that the file system doesn't include the remainder + // ("afterSplit") in the filename; be sure to restore trailing slash + beforeSplit, afterSplit := m.firstSplit(path.Clean(expandedFile)) + if strings.HasSuffix(file, "/") { + beforeSplit += "/" + } + + // create the full path to the file by prepending the site root + fullPattern := caddyhttp.SanitizedPathJoin(root, beforeSplit) + + // expand glob expressions, but not on Windows because Glob() doesn't + // support escaping on Windows due to path separator) + var globResults []string + if runtime.GOOS == "windows" { + globResults = []string{fullPattern} // precious Windows + } else { + globResults, err = fs.Glob(m.fileSystem, fullPattern) + if err != nil { + m.logger.Error("expanding glob", zap.Error(err)) + } + } + + // for each glob result, combine all the forms of the path + var candidates []matchCandidate + for _, result := range globResults { + candidates = append(candidates, matchCandidate{ + fullpath: result, + relative: strings.TrimPrefix(result, root), + splitRemainder: afterSplit, + }) + } + + return candidates + } + + // setPlaceholders creates the placeholders for the matched file + setPlaceholders := func(candidate matchCandidate, info fs.FileInfo) { + repl.Set("http.matchers.file.relative", filepath.ToSlash(candidate.relative)) + repl.Set("http.matchers.file.absolute", filepath.ToSlash(candidate.fullpath)) + repl.Set("http.matchers.file.remainder", filepath.ToSlash(candidate.splitRemainder)) fileType := "file" if info.IsDir() { @@ -328,76 +394,83 @@ func (m MatchFile) selectFile(r *http.Request) (matched bool) { repl.Set("http.matchers.file.type", fileType) } + // match file according to the configured policy switch m.TryPolicy { case "", tryPolicyFirstExist: - for _, f := range m.TryFiles { - if err := parseErrorCode(f); err != nil { + for _, pattern := range m.TryFiles { + if err := parseErrorCode(pattern); err != nil { caddyhttp.SetVar(r.Context(), caddyhttp.MatcherErrorVarKey, err) return } - suffix, fullpath, remainder := prepareFilePath(f) - if info, exists := m.strictFileExists(fullpath); exists { - setPlaceholders(info, suffix, fullpath, remainder) - return true + candidates := makeCandidates(pattern) + for _, c := range candidates { + if info, exists := m.strictFileExists(c.fullpath); exists { + setPlaceholders(c, info) + return true + } } } case tryPolicyLargestSize: var largestSize int64 - var largestFilename string - var largestSuffix string - var remainder string - var info os.FileInfo - for _, f := range m.TryFiles { - suffix, fullpath, splitRemainder := prepareFilePath(f) - info, err := m.fileSystem.Stat(fullpath) - if err == nil && info.Size() > largestSize { - largestSize = info.Size() - largestFilename = fullpath - largestSuffix = suffix - remainder = splitRemainder + var largest matchCandidate + var largestInfo os.FileInfo + for _, pattern := range m.TryFiles { + candidates := makeCandidates(pattern) + for _, c := range candidates { + info, err := m.fileSystem.Stat(c.fullpath) + if err == nil && info.Size() > largestSize { + largestSize = info.Size() + largest = c + largestInfo = info + } } } - setPlaceholders(info, largestSuffix, largestFilename, remainder) + if largestInfo == nil { + return false + } + setPlaceholders(largest, largestInfo) return true case tryPolicySmallestSize: var smallestSize int64 - var smallestFilename string - var smallestSuffix string - var remainder string - var info os.FileInfo - for _, f := range m.TryFiles { - suffix, fullpath, splitRemainder := prepareFilePath(f) - info, err := m.fileSystem.Stat(fullpath) - if err == nil && (smallestSize == 0 || info.Size() < smallestSize) { - smallestSize = info.Size() - smallestFilename = fullpath - smallestSuffix = suffix - remainder = splitRemainder + var smallest matchCandidate + var smallestInfo os.FileInfo + for _, pattern := range m.TryFiles { + candidates := makeCandidates(pattern) + for _, c := range candidates { + info, err := m.fileSystem.Stat(c.fullpath) + if err == nil && (smallestSize == 0 || info.Size() < smallestSize) { + smallestSize = info.Size() + smallest = c + smallestInfo = info + } } } - setPlaceholders(info, smallestSuffix, smallestFilename, remainder) + if smallestInfo == nil { + return false + } + setPlaceholders(smallest, smallestInfo) return true case tryPolicyMostRecentlyMod: - var recentDate time.Time - var recentFilename string - var recentSuffix string - var remainder string - var info os.FileInfo - for _, f := range m.TryFiles { - suffix, fullpath, splitRemainder := prepareFilePath(f) - info, err := m.fileSystem.Stat(fullpath) - if err == nil && - (recentDate.IsZero() || info.ModTime().After(recentDate)) { - recentDate = info.ModTime() - recentFilename = fullpath - recentSuffix = suffix - remainder = splitRemainder + var recent matchCandidate + var recentInfo os.FileInfo + for _, pattern := range m.TryFiles { + candidates := makeCandidates(pattern) + for _, c := range candidates { + info, err := m.fileSystem.Stat(c.fullpath) + if err == nil && + (recentInfo == nil || info.ModTime().After(recentInfo.ModTime())) { + recent = c + recentInfo = info + } } } - setPlaceholders(info, recentSuffix, recentFilename, remainder) + if recentInfo == nil { + return false + } + setPlaceholders(recent, recentInfo) return true } @@ -425,7 +498,7 @@ func parseErrorCode(input string) error { // NOT end in a forward slash, the file must NOT // be a directory. func (m MatchFile) strictFileExists(file string) (os.FileInfo, bool) { - stat, err := m.fileSystem.Stat(file) + info, err := m.fileSystem.Stat(file) if err != nil { // in reality, this can be any error // such as permission or even obscure @@ -440,11 +513,11 @@ func (m MatchFile) strictFileExists(file string) (os.FileInfo, bool) { if strings.HasSuffix(file, separator) { // by convention, file paths ending // in a path separator must be a directory - return stat, stat.IsDir() + return info, info.IsDir() } // by convention, file paths NOT ending // in a path separator must NOT be a directory - return stat, !stat.IsDir() + return info, !info.IsDir() } // firstSplit returns the first result where the path @@ -581,6 +654,15 @@ func isCELStringListLiteral(e *exprpb.Expr) bool { return false } +// globSafeRepl replaces special glob characters with escaped +// equivalents. Note that the filepath godoc states that +// escaping is not done on Windows because of the separator. +var globSafeRepl = strings.NewReplacer( + "*", "\\*", + "[", "\\[", + "?", "\\?", +) + const ( tryPolicyFirstExist = "first_exist" tryPolicyLargestSize = "largest_size" diff --git a/modules/caddyhttp/fileserver/matcher_test.go b/modules/caddyhttp/fileserver/matcher_test.go index 7734bf1d..0f8c6bbc 100644 --- a/modules/caddyhttp/fileserver/matcher_test.go +++ b/modules/caddyhttp/fileserver/matcher_test.go @@ -28,7 +28,6 @@ import ( ) func TestFileMatcher(t *testing.T) { - // Windows doesn't like colons in files names isWindows := runtime.GOOS == "windows" if !isWindows { @@ -87,25 +86,25 @@ func TestFileMatcher(t *testing.T) { }, { path: "ملف.txt", // the path file name is not escaped - expectedPath: "ملف.txt", + expectedPath: "/ملف.txt", expectedType: "file", matched: true, }, { path: url.PathEscape("ملف.txt"), // singly-escaped path - expectedPath: "ملف.txt", + expectedPath: "/ملف.txt", expectedType: "file", matched: true, }, { path: url.PathEscape(url.PathEscape("ملف.txt")), // doubly-escaped path - expectedPath: "%D9%85%D9%84%D9%81.txt", + expectedPath: "/%D9%85%D9%84%D9%81.txt", expectedType: "file", matched: true, }, { path: "./with:in-name.txt", // browsers send the request with the path as such - expectedPath: "with:in-name.txt", + expectedPath: "/with:in-name.txt", expectedType: "file", matched: !isWindows, }, @@ -118,7 +117,7 @@ func TestFileMatcher(t *testing.T) { u, err := url.Parse(tc.path) if err != nil { - t.Fatalf("Test %d: parsing path: %v", i, err) + t.Errorf("Test %d: parsing path: %v", i, err) } req := &http.Request{URL: u} @@ -126,24 +125,24 @@ func TestFileMatcher(t *testing.T) { result := m.Match(req) if result != tc.matched { - t.Fatalf("Test %d: expected match=%t, got %t", i, tc.matched, result) + t.Errorf("Test %d: expected match=%t, got %t", i, tc.matched, result) } rel, ok := repl.Get("http.matchers.file.relative") if !ok && result { - t.Fatalf("Test %d: expected replacer value", i) + t.Errorf("Test %d: expected replacer value", i) } if !result { continue } if rel != tc.expectedPath { - t.Fatalf("Test %d: actual path: %v, expected: %v", i, rel, tc.expectedPath) + t.Errorf("Test %d: actual path: %v, expected: %v", i, rel, tc.expectedPath) } fileType, _ := repl.Get("http.matchers.file.type") if fileType != tc.expectedType { - t.Fatalf("Test %d: actual file type: %v, expected: %v", i, fileType, tc.expectedType) + t.Errorf("Test %d: actual file type: %v, expected: %v", i, fileType, tc.expectedType) } } } @@ -222,7 +221,7 @@ func TestPHPFileMatcher(t *testing.T) { u, err := url.Parse(tc.path) if err != nil { - t.Fatalf("Test %d: parsing path: %v", i, err) + t.Errorf("Test %d: parsing path: %v", i, err) } req := &http.Request{URL: u} @@ -230,24 +229,24 @@ func TestPHPFileMatcher(t *testing.T) { result := m.Match(req) if result != tc.matched { - t.Fatalf("Test %d: expected match=%t, got %t", i, tc.matched, result) + t.Errorf("Test %d: expected match=%t, got %t", i, tc.matched, result) } rel, ok := repl.Get("http.matchers.file.relative") if !ok && result { - t.Fatalf("Test %d: expected replacer value", i) + t.Errorf("Test %d: expected replacer value", i) } if !result { continue } if rel != tc.expectedPath { - t.Fatalf("Test %d: actual path: %v, expected: %v", i, rel, tc.expectedPath) + t.Errorf("Test %d: actual path: %v, expected: %v", i, rel, tc.expectedPath) } fileType, _ := repl.Get("http.matchers.file.type") if fileType != tc.expectedType { - t.Fatalf("Test %d: actual file type: %v, expected: %v", i, fileType, tc.expectedType) + t.Errorf("Test %d: actual file type: %v, expected: %v", i, fileType, tc.expectedType) } } } diff --git a/modules/caddyhttp/fileserver/staticfiles.go b/modules/caddyhttp/fileserver/staticfiles.go index 554f8d30..25bcf5a2 100644 --- a/modules/caddyhttp/fileserver/staticfiles.go +++ b/modules/caddyhttp/fileserver/staticfiles.go @@ -618,10 +618,15 @@ func (wr statusOverrideResponseWriter) WriteHeader(int) { // rooting or path prefixing without being constrained to a single // root folder. The standard os.DirFS implementation is problematic // since roots can be dynamic in our application.) +// +// osFS also implements fs.GlobFS, fs.ReadDirFS, and fs.ReadFileFS. type osFS struct{} -func (osFS) Open(name string) (fs.File, error) { return os.Open(name) } -func (osFS) Stat(name string) (fs.FileInfo, error) { return os.Stat(name) } +func (osFS) Open(name string) (fs.File, error) { return os.Open(name) } +func (osFS) Stat(name string) (fs.FileInfo, error) { return os.Stat(name) } +func (osFS) Glob(pattern string) ([]string, error) { return filepath.Glob(pattern) } +func (osFS) ReadDir(name string) ([]fs.DirEntry, error) { return os.ReadDir(name) } +func (osFS) ReadFile(name string) ([]byte, error) { return os.ReadFile(name) } var defaultIndexNames = []string{"index.html", "index.txt"} @@ -634,4 +639,8 @@ const ( var ( _ caddy.Provisioner = (*FileServer)(nil) _ caddyhttp.MiddlewareHandler = (*FileServer)(nil) + + _ fs.GlobFS = (*osFS)(nil) + _ fs.ReadDirFS = (*osFS)(nil) + _ fs.ReadFileFS = (*osFS)(nil) ) diff --git a/modules/caddyhttp/fileserver/testdata/foodir/bar.txt b/modules/caddyhttp/fileserver/testdata/foodir/bar.txt new file mode 100644 index 00000000..df34bd20 --- /dev/null +++ b/modules/caddyhttp/fileserver/testdata/foodir/bar.txt @@ -0,0 +1 @@ +foodir/bar.txt \ No newline at end of file diff --git a/modules/caddyhttp/replacer.go b/modules/caddyhttp/replacer.go index 17fc02ea..e1546499 100644 --- a/modules/caddyhttp/replacer.go +++ b/modules/caddyhttp/replacer.go @@ -143,6 +143,10 @@ func addHTTPVarsToReplacer(repl *caddy.Replacer, req *http.Request, w http.Respo case "http.request.uri.path.dir": dir, _ := path.Split(req.URL.Path) return dir, true + case "http.request.uri.path.file.base": + return strings.TrimSuffix(path.Base(req.URL.Path), path.Ext(req.URL.Path)), true + case "http.request.uri.path.file.ext": + return path.Ext(req.URL.Path), true case "http.request.uri.query": return req.URL.RawQuery, true case "http.request.duration": diff --git a/modules/caddyhttp/replacer_test.go b/modules/caddyhttp/replacer_test.go index 5026ac84..18253d3f 100644 --- a/modules/caddyhttp/replacer_test.go +++ b/modules/caddyhttp/replacer_test.go @@ -27,7 +27,7 @@ import ( ) func TestHTTPVarReplacement(t *testing.T) { - req, _ := http.NewRequest("GET", "/", nil) + req, _ := http.NewRequest(http.MethodGet, "/foo/bar.tar.gz", nil) repl := caddy.NewReplacer() ctx := context.WithValue(req.Context(), caddy.ReplacerCtxKey, repl) req = req.WithContext(ctx) @@ -72,114 +72,134 @@ eqp31wM9il1n+guTNyxJd+FzVAH+hCZE5K+tCgVDdVFUlDEHHbS/wqb2PSIoouLV addHTTPVarsToReplacer(repl, req, res) for i, tc := range []struct { - input string + get string expect string }{ { - input: "{http.request.scheme}", + get: "http.request.scheme", expect: "https", }, { - input: "{http.request.host}", + get: "http.request.method", + expect: http.MethodGet, + }, + { + get: "http.request.host", expect: "example.com", }, { - input: "{http.request.port}", + get: "http.request.port", expect: "80", }, { - input: "{http.request.hostport}", + get: "http.request.hostport", expect: "example.com:80", }, { - input: "{http.request.remote.host}", + get: "http.request.remote.host", expect: "localhost", }, { - input: "{http.request.remote.port}", + get: "http.request.remote.port", expect: "1234", }, { - input: "{http.request.host.labels.0}", + get: "http.request.host.labels.0", expect: "com", }, { - input: "{http.request.host.labels.1}", + get: "http.request.host.labels.1", expect: "example", }, { - input: "{http.request.host.labels.2}", - expect: "", + get: "http.request.host.labels.2", + expect: "", }, { - input: "{http.request.tls.cipher_suite}", + get: "http.request.uri.path.file", + expect: "bar.tar.gz", + }, + { + get: "http.request.uri.path.file.base", + expect: "bar.tar", + }, + { + // not ideal, but also most correct, given that files can have dots (example: index..html) TODO: maybe this isn't right.. + get: "http.request.uri.path.file.ext", + expect: ".gz", + }, + { + get: "http.request.tls.cipher_suite", expect: "TLS_AES_256_GCM_SHA384", }, { - input: "{http.request.tls.proto}", + get: "http.request.tls.proto", expect: "h2", }, { - input: "{http.request.tls.proto_mutual}", + get: "http.request.tls.proto_mutual", expect: "true", }, { - input: "{http.request.tls.resumed}", + get: "http.request.tls.resumed", expect: "false", }, { - input: "{http.request.tls.server_name}", + get: "http.request.tls.server_name", expect: "foo.com", }, { - input: "{http.request.tls.version}", + get: "http.request.tls.version", expect: "tls1.3", }, { - input: "{http.request.tls.client.fingerprint}", + get: "http.request.tls.client.fingerprint", expect: "9f57b7b497cceacc5459b76ac1c3afedbc12b300e728071f55f84168ff0f7702", }, { - input: "{http.request.tls.client.issuer}", + get: "http.request.tls.client.issuer", expect: "CN=Caddy Test CA", }, { - input: "{http.request.tls.client.serial}", + get: "http.request.tls.client.serial", expect: "2", }, { - input: "{http.request.tls.client.subject}", + get: "http.request.tls.client.subject", expect: "CN=client.localdomain", }, { - input: "{http.request.tls.client.san.dns_names}", + get: "http.request.tls.client.san.dns_names", expect: "[localhost]", }, { - input: "{http.request.tls.client.san.dns_names.0}", + get: "http.request.tls.client.san.dns_names.0", expect: "localhost", }, { - input: "{http.request.tls.client.san.dns_names.1}", - expect: "", + get: "http.request.tls.client.san.dns_names.1", + expect: "", }, { - input: "{http.request.tls.client.san.ips}", + get: "http.request.tls.client.san.ips", expect: "[127.0.0.1]", }, { - input: "{http.request.tls.client.san.ips.0}", + get: "http.request.tls.client.san.ips.0", expect: "127.0.0.1", }, { - input: "{http.request.tls.client.certificate_pem}", + get: "http.request.tls.client.certificate_pem", expect: string(clientCert) + "\n", // returned value comes with a newline appended to it }, } { - actual := repl.ReplaceAll(tc.input, "") + actual, got := repl.GetString(tc.get) + if !got { + t.Errorf("Test %d: Expected to recognize the placeholder name, but didn't", i) + } if actual != tc.expect { - t.Errorf("Test %d: Expected placeholder %s to be '%s' but got '%s'", - i, tc.input, tc.expect, actual) + t.Errorf("Test %d: Expected %s to be '%s' but got '%s'", + i, tc.get, tc.expect, actual) } } } From 5dfa08174ae3af34f10f0c1b5ca69b12a0ec7395 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 5 Sep 2022 13:55:45 -0600 Subject: [PATCH 0774/1498] go.mod: Upgrade CertMagic (v0.17.1) --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 8504d9cc..71600276 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( github.com/Masterminds/sprig/v3 v3.2.2 github.com/alecthomas/chroma v0.10.0 github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b - github.com/caddyserver/certmagic v0.17.0 + github.com/caddyserver/certmagic v0.17.1 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-chi/chi v4.1.2+incompatible github.com/google/cel-go v0.12.4 diff --git a/go.sum b/go.sum index 88e53ac9..acb9e238 100644 --- a/go.sum +++ b/go.sum @@ -131,8 +131,8 @@ github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6r github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84= github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps= -github.com/caddyserver/certmagic v0.17.0 h1:AHHvvmv6SNcq0vK5BgCevQqYMV8GNprVk6FWZzx8d+Q= -github.com/caddyserver/certmagic v0.17.0/go.mod h1:pSS2aZcdKlrTZrb2DKuRafckx20o5Fz1EdDKEB8KOQM= +github.com/caddyserver/certmagic v0.17.1 h1:VrWANhQAj3brK7jAUKyN6XBHg56WsyorI/84Ilq1tCQ= +github.com/caddyserver/certmagic v0.17.1/go.mod h1:pSS2aZcdKlrTZrb2DKuRafckx20o5Fz1EdDKEB8KOQM= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs= From 0499d9c1c4177503c4a3d8d6bffd5d44e5edd430 Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Mon, 5 Sep 2022 23:57:27 +0300 Subject: [PATCH 0775/1498] ci: add `id-token` permission and update the signing command (#5016) --- .github/workflows/release.yml | 6 ++++++ .goreleaser.yml | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d67f875f..8ab9488c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,6 +20,12 @@ jobs: GO_SEMVER: '~1.19.0' runs-on: ${{ matrix.os }} + # https://github.com/sigstore/cosign/issues/1258#issuecomment-1002251233 + # https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings + permissions: + id-token: write + # https://docs.github.com/en/rest/overview/permissions-required-for-github-apps#permission-on-contents + contents: read steps: - name: Install Go diff --git a/.goreleaser.yml b/.goreleaser.yml index d4f786de..d3de2b70 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -68,7 +68,7 @@ builds: signs: - cmd: cosign signature: "${artifact}.sig" - args: ["sign-blob", "--oidc-issuer=https://token.actions.githubusercontent.com", "--output=${signature}", "${artifact}"] + args: ["sign-blob", "--output-signature=${signature}", "--output-certificate", "${signature}.pem", "${artifact}"] artifacts: all sboms: - artifacts: binary From 487217519cd8dad207d04d5db966aacff3949b1d Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Tue, 6 Sep 2022 00:35:47 +0300 Subject: [PATCH 0776/1498] ci: grant the `release` workflow the `write` permission to `contents` (#5017) --- .github/workflows/release.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8ab9488c..435086fd 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -25,7 +25,8 @@ jobs: permissions: id-token: write # https://docs.github.com/en/rest/overview/permissions-required-for-github-apps#permission-on-contents - contents: read + # "Releases" is part of `contents`, so it needs the `write` + contents: write steps: - name: Install Go From fded2644f8ddda33002353ee3aedd15195f17cb5 Mon Sep 17 00:00:00 2001 From: Dave Henderson Date: Mon, 5 Sep 2022 19:25:34 -0400 Subject: [PATCH 0777/1498] Drop requirement for filesystems to implement fs.StatFS Signed-off-by: Dave Henderson --- modules/caddyhttp/fileserver/browse.go | 2 +- .../caddyhttp/fileserver/browsetplcontext.go | 2 +- modules/caddyhttp/fileserver/caddyfile.go | 6 +++--- modules/caddyhttp/fileserver/matcher.go | 12 ++++++------ modules/caddyhttp/fileserver/staticfiles.go | 19 ++++++++++--------- 5 files changed, 21 insertions(+), 20 deletions(-) diff --git a/modules/caddyhttp/fileserver/browse.go b/modules/caddyhttp/fileserver/browse.go index 90263560..7804d19b 100644 --- a/modules/caddyhttp/fileserver/browse.go +++ b/modules/caddyhttp/fileserver/browse.go @@ -210,7 +210,7 @@ func (fsrv *FileServer) isSymlinkTargetDir(f fs.FileInfo, root, urlPath string) return false } target := caddyhttp.SanitizedPathJoin(root, path.Join(urlPath, f.Name())) - targetInfo, err := fsrv.fileSystem.Stat(target) + targetInfo, err := fs.Stat(fsrv.fileSystem, target) if err != nil { return false } diff --git a/modules/caddyhttp/fileserver/browsetplcontext.go b/modules/caddyhttp/fileserver/browsetplcontext.go index 49788ee2..cd24fc23 100644 --- a/modules/caddyhttp/fileserver/browsetplcontext.go +++ b/modules/caddyhttp/fileserver/browsetplcontext.go @@ -65,7 +65,7 @@ func (fsrv *FileServer) directoryListing(entries []fs.DirEntry, canGoUp bool, ro fileIsSymlink := isSymlink(info) if fileIsSymlink { path := caddyhttp.SanitizedPathJoin(root, path.Join(urlPath, info.Name())) - fileInfo, err := fsrv.fileSystem.Stat(path) + fileInfo, err := fs.Stat(fsrv.fileSystem, path) if err == nil { size = fileInfo.Size() } diff --git a/modules/caddyhttp/fileserver/caddyfile.go b/modules/caddyhttp/fileserver/caddyfile.go index 1a0424c1..df56092b 100644 --- a/modules/caddyhttp/fileserver/caddyfile.go +++ b/modules/caddyhttp/fileserver/caddyfile.go @@ -77,11 +77,11 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) if err != nil { return nil, err } - statFS, ok := unm.(fs.StatFS) + fsys, ok := unm.(fs.FS) if !ok { - return nil, h.Errf("module %s (%T) is not a supported file system implementation (requires fs.StatFS)", modID, unm) + return nil, h.Errf("module %s (%T) is not a supported file system implementation (requires fs.FS)", modID, unm) } - fsrv.FileSystemRaw = caddyconfig.JSONModuleObject(statFS, "backend", name, nil) + fsrv.FileSystemRaw = caddyconfig.JSONModuleObject(fsys, "backend", name, nil) case "hide": fsrv.Hide = h.RemainingArgs() diff --git a/modules/caddyhttp/fileserver/matcher.go b/modules/caddyhttp/fileserver/matcher.go index a5dab6eb..87a15243 100644 --- a/modules/caddyhttp/fileserver/matcher.go +++ b/modules/caddyhttp/fileserver/matcher.go @@ -64,7 +64,7 @@ type MatchFile struct { // The file system implementation to use. By default, the // local disk file system will be used. FileSystemRaw json.RawMessage `json:"file_system,omitempty" caddy:"namespace=caddy.fs inline_key=backend"` - fileSystem fs.StatFS + fileSystem fs.FS // The root directory, used for creating absolute // file paths, and required when working with @@ -264,7 +264,7 @@ func (m *MatchFile) Provision(ctx caddy.Context) error { if err != nil { return fmt.Errorf("loading file system module: %v", err) } - m.fileSystem = mod.(fs.StatFS) + m.fileSystem = mod.(fs.FS) } if m.fileSystem == nil { m.fileSystem = osFS{} @@ -418,7 +418,7 @@ func (m MatchFile) selectFile(r *http.Request) (matched bool) { for _, pattern := range m.TryFiles { candidates := makeCandidates(pattern) for _, c := range candidates { - info, err := m.fileSystem.Stat(c.fullpath) + info, err := fs.Stat(m.fileSystem, c.fullpath) if err == nil && info.Size() > largestSize { largestSize = info.Size() largest = c @@ -439,7 +439,7 @@ func (m MatchFile) selectFile(r *http.Request) (matched bool) { for _, pattern := range m.TryFiles { candidates := makeCandidates(pattern) for _, c := range candidates { - info, err := m.fileSystem.Stat(c.fullpath) + info, err := fs.Stat(m.fileSystem, c.fullpath) if err == nil && (smallestSize == 0 || info.Size() < smallestSize) { smallestSize = info.Size() smallest = c @@ -459,7 +459,7 @@ func (m MatchFile) selectFile(r *http.Request) (matched bool) { for _, pattern := range m.TryFiles { candidates := makeCandidates(pattern) for _, c := range candidates { - info, err := m.fileSystem.Stat(c.fullpath) + info, err := fs.Stat(m.fileSystem, c.fullpath) if err == nil && (recentInfo == nil || info.ModTime().After(recentInfo.ModTime())) { recent = c @@ -498,7 +498,7 @@ func parseErrorCode(input string) error { // NOT end in a forward slash, the file must NOT // be a directory. func (m MatchFile) strictFileExists(file string) (os.FileInfo, bool) { - info, err := m.fileSystem.Stat(file) + info, err := fs.Stat(m.fileSystem, file) if err != nil { // in reality, this can be any error // such as permission or even obscure diff --git a/modules/caddyhttp/fileserver/staticfiles.go b/modules/caddyhttp/fileserver/staticfiles.go index 25bcf5a2..0639d979 100644 --- a/modules/caddyhttp/fileserver/staticfiles.go +++ b/modules/caddyhttp/fileserver/staticfiles.go @@ -83,14 +83,14 @@ type FileServer struct { // disk file system. // // File system modules used here must adhere to the following requirements: - // - Implement fs.StatFS interface. + // - Implement fs.FS interface. // - Support seeking on opened files; i.e.returned fs.File values must // implement the io.Seeker interface. This is required for determining // Content-Length and satisfying Range requests. // - fs.File values that represent directories must implement the // fs.ReadDirFile interface so that directory listings can be procured. FileSystemRaw json.RawMessage `json:"file_system,omitempty" caddy:"namespace=caddy.fs inline_key=backend"` - fileSystem fs.StatFS + fileSystem fs.FS // The path to the root of the site. Default is `{http.vars.root}` if set, // or current working directory otherwise. This should be a trusted value. @@ -175,7 +175,7 @@ func (fsrv *FileServer) Provision(ctx caddy.Context) error { if err != nil { return fmt.Errorf("loading file system module: %v", err) } - fsrv.fileSystem = mod.(fs.StatFS) + fsrv.fileSystem = mod.(fs.FS) } if fsrv.fileSystem == nil { fsrv.fileSystem = osFS{} @@ -244,7 +244,7 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c zap.String("result", filename)) // get information about the file - info, err := fsrv.fileSystem.Stat(filename) + info, err := fs.Stat(fsrv.fileSystem, filename) if err != nil { err = fsrv.mapDirOpenError(err, filename) if errors.Is(err, fs.ErrNotExist) { @@ -270,7 +270,7 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c continue } - indexInfo, err := fsrv.fileSystem.Stat(indexPath) + indexInfo, err := fs.Stat(fsrv.fileSystem, indexPath) if err != nil { continue } @@ -350,7 +350,7 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c continue } compressedFilename := filename + precompress.Suffix() - compressedInfo, err := fsrv.fileSystem.Stat(compressedFilename) + compressedInfo, err := fs.Stat(fsrv.fileSystem, compressedFilename) if err != nil || compressedInfo.IsDir() { fsrv.logger.Debug("precompressed file not accessible", zap.String("filename", compressedFilename), zap.Error(err)) continue @@ -490,7 +490,7 @@ func (fsrv *FileServer) mapDirOpenError(originalErr error, name string) error { if parts[i] == "" { continue } - fi, err := fsrv.fileSystem.Stat(strings.Join(parts[:i+1], separator)) + fi, err := fs.Stat(fsrv.fileSystem, strings.Join(parts[:i+1], separator)) if err != nil { return originalErr } @@ -613,13 +613,13 @@ func (wr statusOverrideResponseWriter) WriteHeader(int) { wr.ResponseWriter.WriteHeader(wr.code) } -// osFS is a simple fs.StatFS implementation that uses the local +// osFS is a simple fs.FS implementation that uses the local // file system. (We do not use os.DirFS because we do our own // rooting or path prefixing without being constrained to a single // root folder. The standard os.DirFS implementation is problematic // since roots can be dynamic in our application.) // -// osFS also implements fs.GlobFS, fs.ReadDirFS, and fs.ReadFileFS. +// osFS also implements fs.StatFS, fs.GlobFS, fs.ReadDirFS, and fs.ReadFileFS. type osFS struct{} func (osFS) Open(name string) (fs.File, error) { return os.Open(name) } @@ -640,6 +640,7 @@ var ( _ caddy.Provisioner = (*FileServer)(nil) _ caddyhttp.MiddlewareHandler = (*FileServer)(nil) + _ fs.StatFS = (*osFS)(nil) _ fs.GlobFS = (*osFS)(nil) _ fs.ReadDirFS = (*osFS)(nil) _ fs.ReadFileFS = (*osFS)(nil) From 8cc8f9fddd2ea717633528322e1bef938bee2415 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 5 Sep 2022 23:41:48 -0400 Subject: [PATCH 0778/1498] httpcaddyfile: Add a couple more placeholder shortcuts (#5015) This adds: - `{file.*}` -> `{http.request.uri.path.file.*}` - `{file_match.*}` -> `{http.matchers.file.*}` This is a follow-up to #4993 which introduces the new URI file placeholders, and a shortcut for using `file` matcher output. For example, where the `try_files` directive is a shortcut for this: ``` @try_files file rewrite @try_files {http.matchers.file.relative} ``` It could instead be: ``` @try_files file rewrite @try_files {file_match.relative} ``` --- caddyconfig/httpcaddyfile/httptype.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 2182a5b8..72d98bd9 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -95,11 +95,13 @@ func (st ServerType) Setup(inputServerBlocks []caddyfile.ServerBlock, {regexp.MustCompile(`{cookie\.([\w-]*)}`), "{http.request.cookie.$1}"}, {regexp.MustCompile(`{labels\.([\w-]*)}`), "{http.request.host.labels.$1}"}, {regexp.MustCompile(`{path\.([\w-]*)}`), "{http.request.uri.path.$1}"}, + {regexp.MustCompile(`{file\.([\w-]*)}`), "{http.request.uri.path.file.$1}"}, {regexp.MustCompile(`{query\.([\w-]*)}`), "{http.request.uri.query.$1}"}, {regexp.MustCompile(`{re\.([\w-]*)\.([\w-]*)}`), "{http.regexp.$1.$2}"}, {regexp.MustCompile(`{vars\.([\w-]*)}`), "{http.vars.$1}"}, {regexp.MustCompile(`{rp\.([\w-\.]*)}`), "{http.reverse_proxy.$1}"}, {regexp.MustCompile(`{err\.([\w-\.]*)}`), "{http.error.$1}"}, + {regexp.MustCompile(`{file_match\.([\w-]*)}`), "{http.matchers.file.$1}"}, } for _, sb := range originalServerBlocks { From 1c9c8f6a13f99817cb35a9b100287da81255be21 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 6 Sep 2022 14:19:58 -0600 Subject: [PATCH 0779/1498] cmd: Enhance some help text --- cmd/commands.go | 37 +++++++++++++++++++++++++++++++++++-- 1 file changed, 35 insertions(+), 2 deletions(-) diff --git a/cmd/commands.go b/cmd/commands.go index 4ae3a5b3..e1e7a53e 100644 --- a/cmd/commands.go +++ b/cmd/commands.go @@ -200,6 +200,19 @@ config file; otherwise the default is assumed.`, Name: "version", Func: cmdVersion, Short: "Prints the version", + Long: ` +Prints the version of this Caddy binary. + +Version information must be embedded into the binary at compile-time in +order for Caddy to display anything useful with this command. If Caddy +is built from within a version control repository, the Go command will +embed the revision hash if available. However, if Caddy is built in the +way specified by our online documentation (or by using xcaddy), more +detailed version information is printed as given by Go modules. + +For more details about the full version string, see the Go module +documentation: https://go.dev/doc/modules/version-numbers +`, }) RegisterCommand(Command{ @@ -226,6 +239,24 @@ config file; otherwise the default is assumed.`, Name: "environ", Func: cmdEnviron, Short: "Prints the environment", + Long: ` +Prints the environment as seen by this Caddy process. + +The environment includes variables set in the system. If your Caddy +configuration uses environment variables (e.g. "{env.VARIABLE}") then +this command can be useful for verifying that the variables will have +the values you expect in your config. + +Note that environments may be different depending on how you run Caddy. +Environments for Caddy instances started by service managers such as +systemd are often different than the environment inherited from your +shell or terminal. + +You can also print the environment the same time you use "caddy run" +by adding the "--environ" flag. + +Environments may contain sensitive data. +`, }) RegisterCommand(Command{ @@ -367,9 +398,11 @@ EXPERIMENTAL: May be changed or removed. Usage: "--directory ", Short: "Generates the manual pages for Caddy commands", Long: ` -Generates the manual pages for Caddy commands into the designated directory tagged into section 8 (System Administration). +Generates the manual pages for Caddy commands into the designated directory +tagged into section 8 (System Administration). -The manual page files are generated into the directory specified by the argument of --directory. If the directory does not exist, it will be created. +The manual page files are generated into the directory specified by the +argument of --directory. If the directory does not exist, it will be created. `, Flags: func() *flag.FlagSet { fs := flag.NewFlagSet("manpage", flag.ExitOnError) From dd9813c65be3af8e222bda6e63f5eea9232c6eee Mon Sep 17 00:00:00 2001 From: fleandro <3987005+flga@users.noreply.github.com> Date: Wed, 7 Sep 2022 21:13:35 +0100 Subject: [PATCH 0780/1498] caddyhttp: ensure ResponseWriterWrapper and ResponseRecorder use ReadFrom if the underlying response writer implements it. (#5022) Doing so allows for splice/sendfile optimizations when available. Fixes #4731 Co-authored-by: flga Co-authored-by: Matthew Holt --- modules/caddyhttp/responsewriter.go | 37 ++++- modules/caddyhttp/responsewriter_test.go | 165 +++++++++++++++++++++++ 2 files changed, 200 insertions(+), 2 deletions(-) create mode 100644 modules/caddyhttp/responsewriter_test.go diff --git a/modules/caddyhttp/responsewriter.go b/modules/caddyhttp/responsewriter.go index 374bbfba..9820b41b 100644 --- a/modules/caddyhttp/responsewriter.go +++ b/modules/caddyhttp/responsewriter.go @@ -62,6 +62,16 @@ func (rww *ResponseWriterWrapper) Push(target string, opts *http.PushOptions) er return ErrNotImplemented } +// ReadFrom implements io.ReaderFrom. It simply calls the underlying +// ResponseWriter's ReadFrom method if there is one, otherwise it defaults +// to io.Copy. +func (rww *ResponseWriterWrapper) ReadFrom(r io.Reader) (n int64, err error) { + if rf, ok := rww.ResponseWriter.(io.ReaderFrom); ok { + return rf.ReadFrom(r) + } + return io.Copy(rww.ResponseWriter, r) +} + // HTTPInterfaces mix all the interfaces that middleware ResponseWriters need to support. type HTTPInterfaces interface { http.ResponseWriter @@ -188,9 +198,26 @@ func (rr *responseRecorder) Write(data []byte) (int, error) { } else { n, err = rr.buf.Write(data) } - if err == nil { - rr.size += n + + rr.size += n + return n, err +} + +func (rr *responseRecorder) ReadFrom(r io.Reader) (int64, error) { + rr.WriteHeader(http.StatusOK) + var n int64 + var err error + if rr.stream { + if rf, ok := rr.ResponseWriter.(io.ReaderFrom); ok { + n, err = rf.ReadFrom(r) + } else { + n, err = io.Copy(rr.ResponseWriter, r) + } + } else { + n, err = rr.buf.ReadFrom(r) } + + rr.size += int(n) return n, err } @@ -251,4 +278,10 @@ type ShouldBufferFunc func(status int, header http.Header) bool var ( _ HTTPInterfaces = (*ResponseWriterWrapper)(nil) _ ResponseRecorder = (*responseRecorder)(nil) + + // Implementing ReaderFrom can be such a significant + // optimization that it should probably be required! + // see PR #5022 (25%-50% speedup) + _ io.ReaderFrom = (*ResponseWriterWrapper)(nil) + _ io.ReaderFrom = (*responseRecorder)(nil) ) diff --git a/modules/caddyhttp/responsewriter_test.go b/modules/caddyhttp/responsewriter_test.go new file mode 100644 index 00000000..19139320 --- /dev/null +++ b/modules/caddyhttp/responsewriter_test.go @@ -0,0 +1,165 @@ +package caddyhttp + +import ( + "bytes" + "fmt" + "io" + "net/http" + "strings" + "testing" +) + +type responseWriterSpy interface { + http.ResponseWriter + Written() string + CalledReadFrom() bool +} + +var ( + _ responseWriterSpy = (*baseRespWriter)(nil) + _ responseWriterSpy = (*readFromRespWriter)(nil) +) + +// a barebones http.ResponseWriter mock +type baseRespWriter []byte + +func (brw *baseRespWriter) Write(d []byte) (int, error) { + *brw = append(*brw, d...) + return len(d), nil +} +func (brw *baseRespWriter) Header() http.Header { return nil } +func (brw *baseRespWriter) WriteHeader(statusCode int) {} +func (brw *baseRespWriter) Written() string { return string(*brw) } +func (brw *baseRespWriter) CalledReadFrom() bool { return false } + +// an http.ResponseWriter mock that supports ReadFrom +type readFromRespWriter struct { + baseRespWriter + called bool +} + +func (rf *readFromRespWriter) ReadFrom(r io.Reader) (int64, error) { + rf.called = true + return io.Copy(&rf.baseRespWriter, r) +} + +func (rf *readFromRespWriter) CalledReadFrom() bool { return rf.called } + +func TestResponseWriterWrapperReadFrom(t *testing.T) { + tests := map[string]struct { + responseWriter responseWriterSpy + wantReadFrom bool + }{ + "no ReadFrom": { + responseWriter: &baseRespWriter{}, + wantReadFrom: false, + }, + "has ReadFrom": { + responseWriter: &readFromRespWriter{}, + wantReadFrom: true, + }, + } + for name, tt := range tests { + t.Run(name, func(t *testing.T) { + // what we expect middlewares to do: + type myWrapper struct { + *ResponseWriterWrapper + } + + wrapped := myWrapper{ + ResponseWriterWrapper: &ResponseWriterWrapper{ResponseWriter: tt.responseWriter}, + } + + const srcData = "boo!" + // hides everything but Read, since strings.Reader implements WriteTo it would + // take precedence over our ReadFrom. + src := struct{ io.Reader }{strings.NewReader(srcData)} + + fmt.Println(name) + if _, err := io.Copy(wrapped, src); err != nil { + t.Errorf("Copy() err = %v", err) + } + + if got := tt.responseWriter.Written(); got != srcData { + t.Errorf("data = %q, want %q", got, srcData) + } + + if tt.responseWriter.CalledReadFrom() != tt.wantReadFrom { + if tt.wantReadFrom { + t.Errorf("ReadFrom() should have been called") + } else { + t.Errorf("ReadFrom() should not have been called") + } + } + }) + } +} + +func TestResponseRecorderReadFrom(t *testing.T) { + tests := map[string]struct { + responseWriter responseWriterSpy + shouldBuffer bool + wantReadFrom bool + }{ + "buffered plain": { + responseWriter: &baseRespWriter{}, + shouldBuffer: true, + wantReadFrom: false, + }, + "streamed plain": { + responseWriter: &baseRespWriter{}, + shouldBuffer: false, + wantReadFrom: false, + }, + "buffered ReadFrom": { + responseWriter: &readFromRespWriter{}, + shouldBuffer: true, + wantReadFrom: false, + }, + "streamed ReadFrom": { + responseWriter: &readFromRespWriter{}, + shouldBuffer: false, + wantReadFrom: true, + }, + } + for name, tt := range tests { + t.Run(name, func(t *testing.T) { + var buf bytes.Buffer + + rr := NewResponseRecorder(tt.responseWriter, &buf, func(status int, header http.Header) bool { + return tt.shouldBuffer + }) + + const srcData = "boo!" + // hides everything but Read, since strings.Reader implements WriteTo it would + // take precedence over our ReadFrom. + src := struct{ io.Reader }{strings.NewReader(srcData)} + + if _, err := io.Copy(rr, src); err != nil { + t.Errorf("Copy() err = %v", err) + } + + wantStreamed := srcData + wantBuffered := "" + if tt.shouldBuffer { + wantStreamed = "" + wantBuffered = srcData + } + + if got := tt.responseWriter.Written(); got != wantStreamed { + t.Errorf("streamed data = %q, want %q", got, wantStreamed) + } + if got := buf.String(); got != wantBuffered { + t.Errorf("buffered data = %q, want %q", got, wantBuffered) + } + + if tt.responseWriter.CalledReadFrom() != tt.wantReadFrom { + if tt.wantReadFrom { + t.Errorf("ReadFrom() should have been called") + } else { + t.Errorf("ReadFrom() should not have been called") + } + } + }) + } +} From c19f2072379e18fbf3b2409ecd49ca023d62b882 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 7 Sep 2022 21:14:11 -0600 Subject: [PATCH 0781/1498] fileserver: Ignore EOF when browsing empty dir Thanks to @WeidiDeng for reporting this --- modules/caddyhttp/fileserver/browse.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/caddyhttp/fileserver/browse.go b/modules/caddyhttp/fileserver/browse.go index 7804d19b..6a72e155 100644 --- a/modules/caddyhttp/fileserver/browse.go +++ b/modules/caddyhttp/fileserver/browse.go @@ -19,6 +19,7 @@ import ( _ "embed" "encoding/json" "fmt" + "io" "io/fs" "net/http" "os" @@ -137,7 +138,7 @@ func (fsrv *FileServer) serveBrowse(root, dirPath string, w http.ResponseWriter, func (fsrv *FileServer) loadDirectoryContents(dir fs.ReadDirFile, root, urlPath string, repl *caddy.Replacer) (browseTemplateContext, error) { files, err := dir.ReadDir(10000) // TODO: this limit should probably be configurable - if err != nil { + if err != nil && err != io.EOF { return browseTemplateContext{}, err } From 50748e19c34fc90882bbb268c95a2a0acb051752 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 8 Sep 2022 12:36:31 -0600 Subject: [PATCH 0782/1498] core: Check error on ListenQUIC --- listeners.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/listeners.go b/listeners.go index 59144439..b4949108 100644 --- a/listeners.go +++ b/listeners.go @@ -105,6 +105,9 @@ func ListenQUIC(addr string, tlsConf *tls.Config, activeRequests *int64) (quic.E } return &sharedQuicListener{EarlyListener: el, key: lnKey}, nil }) + if err != nil { + return nil, err + } ctx, cancel := context.WithCancel(context.Background()) return &fakeCloseQuicListener{ From 076a8b8095ad4e1a8f2ad770ce375612dcaf0288 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 8 Sep 2022 13:10:40 -0600 Subject: [PATCH 0783/1498] Very minor tweaks --- listeners.go | 6 ++++-- modules/caddyhttp/server.go | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/listeners.go b/listeners.go index b4949108..6a23c61a 100644 --- a/listeners.go +++ b/listeners.go @@ -87,6 +87,7 @@ func ListenPacket(network, addr string) (net.PacketConn, error) { // ListenQUIC returns a quic.EarlyListener suitable for use in a Caddy module. // Note that the context passed to Accept is currently ignored, so using // a context other than context.Background is meaningless. +// This API is EXPERIMENTAL and may change. func ListenQUIC(addr string, tlsConf *tls.Config, activeRequests *int64) (quic.EarlyListener, error) { lnKey := listenerKey("udp", addr) @@ -112,8 +113,9 @@ func ListenQUIC(addr string, tlsConf *tls.Config, activeRequests *int64) (quic.E ctx, cancel := context.WithCancel(context.Background()) return &fakeCloseQuicListener{ sharedQuicListener: sharedEl.(*sharedQuicListener), - context: ctx, contextCancel: cancel, - }, err + context: ctx, + contextCancel: cancel, + }, nil } // ListenerUsage returns the current usage count of the given listener address. diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index e2da5319..f1909c41 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -181,7 +181,7 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { // advertise HTTP/3, if enabled if s.h3server != nil { - // keep track of active requests for QUIC transport purposes (See AcceptToken callback in quic.Config) + // keep track of active requests for QUIC transport purposes atomic.AddInt64(&s.activeRequests, 1) defer atomic.AddInt64(&s.activeRequests, -1) From c5df7bb6bd99b44ef0c0d70ca4988524f52730f3 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Sat, 10 Sep 2022 21:44:35 -0600 Subject: [PATCH 0784/1498] go.mod: Update truststore --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 71600276..2b558310 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/smallstep/certificates v0.21.0 github.com/smallstep/cli v0.21.0 github.com/smallstep/nosql v0.4.0 - github.com/smallstep/truststore v0.11.0 + github.com/smallstep/truststore v0.12.0 github.com/spf13/cobra v1.1.3 github.com/spf13/pflag v1.0.5 github.com/tailscale/tscert v0.0.0-20220316030059-54bbcb9f74e2 diff --git a/go.sum b/go.sum index acb9e238..1044ece3 100644 --- a/go.sum +++ b/go.sum @@ -759,8 +759,8 @@ github.com/smallstep/cli v0.21.0 h1:m7p1lQFfbBF7RI+Z49eaRBW3oI/5HmnwT8Pa8/xgGcE= github.com/smallstep/cli v0.21.0/go.mod h1:o8hZZAjO4901b3iWmS4fsKasuD57hmkkJJBumYnspPo= github.com/smallstep/nosql v0.4.0 h1:Go3WYwttUuvwqMtFiiU4g7kBIlY+hR0bIZAqVdakQ3M= github.com/smallstep/nosql v0.4.0/go.mod h1:yKZT5h7cdIVm6wEKM9+jN5dgK80Hljpuy8HNsnI7Gzo= -github.com/smallstep/truststore v0.11.0 h1:JUTkQ4oHr40jHTS/A2t0usEhteMWG+45CDD2iJA/dIk= -github.com/smallstep/truststore v0.11.0/go.mod h1:HwHKRcBi0RUxxw1LYDpTRhYC4jZUuxPpkHdVonlkoDM= +github.com/smallstep/truststore v0.12.0 h1:973Aa6fA7Ob/GCxqziosDzkQq6tV0Le6IUe4sikyW+U= +github.com/smallstep/truststore v0.12.0/go.mod h1:HwHKRcBi0RUxxw1LYDpTRhYC4jZUuxPpkHdVonlkoDM= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= From 9fe4f93bc7afd92f9e98749006aab7f0dd45562c Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Tue, 13 Sep 2022 01:59:53 +0300 Subject: [PATCH 0785/1498] supplychain: publish signing cert, sbom, and signatures of sbom (#5027) --- .goreleaser.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.goreleaser.yml b/.goreleaser.yml index d3de2b70..9369bc48 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -68,12 +68,16 @@ builds: signs: - cmd: cosign signature: "${artifact}.sig" - args: ["sign-blob", "--output-signature=${signature}", "--output-certificate", "${signature}.pem", "${artifact}"] + certificate: '{{ trimsuffix .Env.artifact ".tar.gz" }}.pem' + args: ["sign-blob", "--output-signature=${signature}", "--output-certificate", "${certificate}", "${artifact}"] artifacts: all sboms: - artifacts: binary + # defaults to + # documents: + # - "{{ .Binary }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}.sbom" cmd: syft - args: ["$artifact", "--file", "$sbom", "--output", "cyclonedx-json"] + args: ["$artifact", "--file", "${document}", "--output", "cyclonedx-json"] archives: - format_overrides: - goos: windows From d35f618b10e9f530b068f42d1dcecb9e70b6ae0a Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 13 Sep 2022 08:59:03 -0600 Subject: [PATCH 0786/1498] caddytls: Error if placeholder is empty in 'ask' Fixes #5036 --- modules/caddytls/tls.go | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go index fc5f2ace..2e532ed9 100644 --- a/modules/caddytls/tls.go +++ b/modules/caddytls/tls.go @@ -185,9 +185,12 @@ func (t *TLS) Provision(ctx caddy.Context) error { onDemandRateLimiter.SetWindow(0) } - // run replacer on ask URL (for environment variables) + // run replacer on ask URL (for environment variables) -- return errors to prevent surprises (#5036) if t.Automation != nil && t.Automation.OnDemand != nil && t.Automation.OnDemand.Ask != "" { - t.Automation.OnDemand.Ask = repl.ReplaceAll(t.Automation.OnDemand.Ask, "") + t.Automation.OnDemand.Ask, err = repl.ReplaceOrErr(t.Automation.OnDemand.Ask, true, true) + if err != nil { + return fmt.Errorf("preparing 'ask' endpoint: %v", err) + } } // load manual/static (unmanaged) certificates - we do this in From 61c75f74dec6b0524feef9b24ef8d6005f096b09 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 13 Sep 2022 13:18:37 -0400 Subject: [PATCH 0787/1498] caddyhttp: Explicitly disallow multiple regexp matchers (#5030) * caddyhttp: Explicitly disallow multiple regexp matchers Fix #5028 Since the matchers would overwrite eachother, we should error out to tell the user their config doesn't make sense. * Update modules/caddyhttp/matchers.go Co-authored-by: Matt Holt --- modules/caddyhttp/matchers.go | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index f86ce0a4..3d5791f7 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -1001,6 +1001,12 @@ func (m *MatchHeaderRE) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { val = second } + // If there's already a pattern for this field + // then we would end up overwriting the old one + if (*m)[field] != nil { + return d.Errf("header_regexp matcher can only be used once per named matcher, per header field: %s", field) + } + (*m)[field] = &MatchRegexp{Pattern: val, Name: name} if d.NextBlock(0) { @@ -1469,6 +1475,13 @@ func (mre *MatchRegexp) Match(input string, repl *caddy.Replacer) bool { // UnmarshalCaddyfile implements caddyfile.Unmarshaler. func (mre *MatchRegexp) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { for d.Next() { + // If this is the second iteration of the loop + // then there's more than one path_regexp matcher + // and we would end up overwriting the old one + if mre.Pattern != "" { + return d.Err("regular expression can only be used once per named matcher") + } + args := d.RemainingArgs() switch len(args) { case 1: From 20d487be573424e7647b5a157754f6e284554e23 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 13 Sep 2022 11:26:10 -0600 Subject: [PATCH 0788/1498] caddyhttp: Very minor optimization to path matcher If * is in the matcher it will always match so we can just put it first. --- modules/caddyhttp/matchers.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index 3d5791f7..a01f8f98 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -374,7 +374,11 @@ func (MatchPath) CaddyModule() caddy.ModuleInfo { // Provision lower-cases the paths in m to ensure case-insensitive matching. func (m MatchPath) Provision(_ caddy.Context) error { for i := range m { - // TODO: if m[i] == "*", put it first and delete all others (will always match) + if m[i] == "*" && i > 0 { + // will always match, so just put it first + m[0] = m[i] + break + } m[i] = strings.ToLower(m[i]) } return nil From 754fe4f7b4dddbfc7a8ee7fee405cee057da858e Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 13 Sep 2022 13:43:21 -0600 Subject: [PATCH 0789/1498] httpcaddyfile: Fix sorting of repeated directives Fixes #5037 --- caddyconfig/httpcaddyfile/directives.go | 43 ++++++++++++++----------- caddyconfig/httpcaddyfile/httptype.go | 2 +- caddytest/caddytest.go | 2 +- modules/caddyhttp/routes.go | 22 +++++++++++++ 4 files changed, 49 insertions(+), 20 deletions(-) diff --git a/caddyconfig/httpcaddyfile/directives.go b/caddyconfig/httpcaddyfile/directives.go index 89706b3a..e2113ebb 100644 --- a/caddyconfig/httpcaddyfile/directives.go +++ b/caddyconfig/httpcaddyfile/directives.go @@ -406,7 +406,7 @@ func sortRoutes(routes []ConfigValue) { return false } - // decode the path matchers, if there is just one of them + // decode the path matchers if there is just one matcher set var iPM, jPM caddyhttp.MatchPath if len(iRoute.MatcherSetsRaw) == 1 { _ = json.Unmarshal(iRoute.MatcherSetsRaw[0]["path"], &iPM) @@ -415,38 +415,45 @@ func sortRoutes(routes []ConfigValue) { _ = json.Unmarshal(jRoute.MatcherSetsRaw[0]["path"], &jPM) } - // sort by longer path (more specific) first; missing path - // matchers or multi-matchers are treated as zero-length paths + // if there is only one path in the path matcher, sort by longer path + // (more specific) first; missing path matchers or multi-matchers are + // treated as zero-length paths var iPathLen, jPathLen int - if len(iPM) > 0 { + if len(iPM) == 1 { iPathLen = len(iPM[0]) } - if len(jPM) > 0 { + if len(jPM) == 1 { jPathLen = len(jPM[0]) } // some directives involve setting values which can overwrite - // eachother, so it makes most sense to reverse the order so + // each other, so it makes most sense to reverse the order so // that the lease specific matcher is first; everything else // has most-specific matcher first if iDir == "vars" { - // if both directives have no path matcher, use whichever one - // has no matcher first. - if iPathLen == 0 && jPathLen == 0 { - return len(iRoute.MatcherSetsRaw) == 0 && len(jRoute.MatcherSetsRaw) > 0 + // we can only confidently compare path lengths if both + // directives have a single path to match (issue #5037) + if iPathLen > 0 && jPathLen > 0 { + // sort least-specific (shortest) path first + return iPathLen < jPathLen } - // sort with the least-specific (shortest) path first - return iPathLen < jPathLen + // if both directives don't have a single path to compare, + // sort whichever one has no matcher first; if both have + // no matcher, sort equally (stable sort preserves order) + return len(iRoute.MatcherSetsRaw) == 0 && len(jRoute.MatcherSetsRaw) > 0 } else { - // if both directives have no path matcher, use whichever one - // has any kind of matcher defined first. - if iPathLen == 0 && jPathLen == 0 { - return len(iRoute.MatcherSetsRaw) > 0 && len(jRoute.MatcherSetsRaw) == 0 + // we can only confidently compare path lengths if both + // directives have a single path to match (issue #5037) + if iPathLen > 0 && jPathLen > 0 { + // sort most-specific (longest) path first + return iPathLen > jPathLen } - // sort with the most-specific (longest) path first - return iPathLen > jPathLen + // if both directives don't have a single path to compare, + // sort whichever one has a matcher first; if both have + // a matcher, sort equally (stable sort preserves order) + return len(iRoute.MatcherSetsRaw) > 0 && len(jRoute.MatcherSetsRaw) == 0 } }) } diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 72d98bd9..9cf386a4 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -955,7 +955,7 @@ func appendSubrouteToRouteList(routeList caddyhttp.RouteList, func buildSubroute(routes []ConfigValue, groupCounter counter) (*caddyhttp.Subroute, error) { for _, val := range routes { if !directiveIsOrdered(val.directive) { - return nil, fmt.Errorf("directive '%s' is not ordered, so it cannot be used here", val.directive) + return nil, fmt.Errorf("directive '%s' is not an ordered HTTP handler, so it cannot be used here", val.directive) } } diff --git a/caddytest/caddytest.go b/caddytest/caddytest.go index 9addd14d..4fb33941 100644 --- a/caddytest/caddytest.go +++ b/caddytest/caddytest.go @@ -100,7 +100,7 @@ func (tc *Tester) InitServer(rawConfig string, configType string) { tc.t.Fail() } if err := tc.ensureConfigRunning(rawConfig, configType); err != nil { - tc.t.Logf("failed ensurng config is running: %s", err) + tc.t.Logf("failed ensuring config is running: %s", err) tc.t.Fail() } } diff --git a/modules/caddyhttp/routes.go b/modules/caddyhttp/routes.go index 45cbd80d..ce9bece2 100644 --- a/modules/caddyhttp/routes.go +++ b/modules/caddyhttp/routes.go @@ -109,6 +109,17 @@ func (r Route) Empty() bool { r.Group == "" } +func (r Route) String() string { + handlersRaw := "[" + for _, hr := range r.HandlersRaw { + handlersRaw += " " + string(hr) + } + handlersRaw += "]" + + return fmt.Sprintf(`{Group:"%s" MatcherSetsRaw:%s HandlersRaw:%s Terminal:%t}`, + r.Group, r.MatcherSetsRaw, handlersRaw, r.Terminal) +} + // RouteList is a list of server routes that can // create a middleware chain. type RouteList []Route @@ -331,4 +342,15 @@ func (ms *MatcherSets) FromInterface(matcherSets any) error { return nil } +// TODO: Is this used? +func (ms MatcherSets) String() string { + result := "[" + for _, matcherSet := range ms { + for _, matcher := range matcherSet { + result += fmt.Sprintf(" %#v", matcher) + } + } + return result + " ]" +} + var routeGroupCtxKey = caddy.CtxKey("route_group") From 0b3161aeea388a092fd5a128191d64e7fd2fd941 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 13 Sep 2022 17:21:04 -0600 Subject: [PATCH 0790/1498] cmd: Customizable user agent (close #2795) --- cmd/main.go | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/cmd/main.go b/cmd/main.go index b91559ce..17da8bd0 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -41,10 +41,15 @@ func init() { // set a fitting User-Agent for ACME requests version, _ := caddy.Version() cleanModVersion := strings.TrimPrefix(version, "v") - certmagic.UserAgent = "Caddy/" + cleanModVersion + ua := "Caddy/" + cleanModVersion + if uaEnv, ok := os.LookupEnv("USERAGENT"); ok { + ua = uaEnv + " " + ua + } + certmagic.UserAgent = ua // by using Caddy, user indicates agreement to CA terms - // (very important, or ACME account creation will fail!) + // (very important, as Caddy is often non-interactive + // and thus ACME account creation will fail!) certmagic.DefaultACME.Agreed = true } From 62b0685375cc4dc2c670afd07d1319affa179544 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 14 Sep 2022 23:24:16 -0600 Subject: [PATCH 0791/1498] cmd: Improve error message if config missing --- cmd/commandfuncs.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go index 874cc6ff..e3daae59 100644 --- a/cmd/commandfuncs.go +++ b/cmd/commandfuncs.go @@ -679,7 +679,7 @@ func DetermineAdminAPIAddress(address string, config []byte, configFile, configA return "", err } if loadedConfigFile == "" { - return "", fmt.Errorf("no config file to load") + return "", fmt.Errorf("no config file to load; either use --config flag or ensure Caddyfile exists in current directory") } } From a1ad20e4720391d847c58fcdcef7c8d9c287faf2 Mon Sep 17 00:00:00 2001 From: Michael Stapelberg Date: Thu, 15 Sep 2022 16:03:24 +0200 Subject: [PATCH 0792/1498] httpcaddyfile: Fix bind when IPv6 is specified with network (#4950) * fix listening on IPv6 addresses: use net.JoinHostPort Commit 1e18afb5c862d62be130d563785de5c58f08ae8e broke my caddy setup. This commit fixes it. * Refactor solution; simplify, add descriptive comment * Move network to host, not copy Co-authored-by: Matthew Holt --- caddyconfig/httpcaddyfile/addresses.go | 36 +++++++++++++++++--------- 1 file changed, 24 insertions(+), 12 deletions(-) diff --git a/caddyconfig/httpcaddyfile/addresses.go b/caddyconfig/httpcaddyfile/addresses.go index e7a7cdb0..93bad27d 100644 --- a/caddyconfig/httpcaddyfile/addresses.go +++ b/caddyconfig/httpcaddyfile/addresses.go @@ -36,12 +36,12 @@ import ( // server block that share the same address stay grouped together so the config // isn't repeated unnecessarily. For example, this Caddyfile: // -// example.com { -// bind 127.0.0.1 -// } -// www.example.com, example.net/path, localhost:9999 { -// bind 127.0.0.1 1.2.3.4 -// } +// example.com { +// bind 127.0.0.1 +// } +// www.example.com, example.net/path, localhost:9999 { +// bind 127.0.0.1 1.2.3.4 +// } // // has two server blocks to start with. But expressed in this Caddyfile are // actually 4 listener addresses: 127.0.0.1:443, 1.2.3.4:443, 127.0.0.1:9999, @@ -219,7 +219,7 @@ func (st *ServerType) listenerAddrsForServerBlockKey(sblock serverBlock, key str return nil, fmt.Errorf("[%s] scheme and port violate convention", key) } - // the bind directive specifies hosts, but is optional + // the bind directive specifies hosts (and potentially network), but is optional lnHosts := make([]string, 0, len(sblock.pile["bind"])) for _, cfgVal := range sblock.pile["bind"] { lnHosts = append(lnHosts, cfgVal.Value.([]string)...) @@ -234,11 +234,23 @@ func (st *ServerType) listenerAddrsForServerBlockKey(sblock serverBlock, key str // use a map to prevent duplication listeners := make(map[string]struct{}) - for _, host := range lnHosts { - // host can have network + host (e.g. "tcp6/localhost") but - // will/should not have port information because this usually - // comes from the bind directive, so we append the port - addr, err := caddy.ParseNetworkAddress(host + ":" + lnPort) + for _, lnHost := range lnHosts { + // normally we would simply append the port, + // but if lnHost is IPv6, we need to ensure it + // is enclosed in [ ]; net.JoinHostPort does + // this for us, but lnHost might also have a + // network type in front (e.g. "tcp/") leading + // to "[tcp/::1]" which causes parsing failures + // later; what we need is "tcp/[::1]", so we have + // to split the network and host, then re-combine + network, host, ok := strings.Cut(lnHost, "/") + if !ok { + host = network + network = "" + } + host = strings.Trim(host, "[]") // IPv6 + networkAddr := caddy.JoinNetworkAddress(network, host, lnPort) + addr, err := caddy.ParseNetworkAddress(networkAddr) if err != nil { return nil, fmt.Errorf("parsing network address: %v", err) } From 9ad0ebc956f4317111c12e2c5428acd18522f025 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Thu, 15 Sep 2022 12:05:36 -0400 Subject: [PATCH 0793/1498] caddyhttp: Add 'skip_log' var to omit request from logs (#4691) * caddyhttp: Implement `skip_log` handler * Refactor to use vars middleware Co-authored-by: Matt Holt --- caddyconfig/httpcaddyfile/builtins.go | 13 ++ caddyconfig/httpcaddyfile/directives.go | 1 + .../log_except_catchall_blocks.txt | 32 ++++ modules/caddyhttp/logging.go | 144 ++++++++++++++++++ modules/caddyhttp/server.go | 121 +-------------- 5 files changed, 195 insertions(+), 116 deletions(-) create mode 100644 modules/caddyhttp/logging.go diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index cd233484..103b7a1f 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -48,6 +48,7 @@ func init() { RegisterHandlerDirective("handle", parseHandle) RegisterDirective("handle_errors", parseHandleErrors) RegisterDirective("log", parseLog) + RegisterHandlerDirective("skip_log", parseSkipLog) } // parseBind parses the bind directive. Syntax: @@ -858,3 +859,15 @@ func parseLogHelper(h Helper, globalLogNames map[string]struct{}) ([]ConfigValue } return configValues, nil } + +// parseSkipLog parses the skip_log directive. Syntax: +// +// skip_log [] +func parseSkipLog(h Helper) (caddyhttp.MiddlewareHandler, error) { + for h.Next() { + if h.NextArg() { + return nil, h.ArgErr() + } + } + return caddyhttp.VarsMiddleware{"skip_log": true}, nil +} diff --git a/caddyconfig/httpcaddyfile/directives.go b/caddyconfig/httpcaddyfile/directives.go index e2113ebb..5ab092d7 100644 --- a/caddyconfig/httpcaddyfile/directives.go +++ b/caddyconfig/httpcaddyfile/directives.go @@ -42,6 +42,7 @@ var directiveOrder = []string{ "map", "vars", "root", + "skip_log", "header", "copy_response_headers", // only in reverse_proxy's handle_response diff --git a/caddytest/integration/caddyfile_adapt/log_except_catchall_blocks.txt b/caddytest/integration/caddyfile_adapt/log_except_catchall_blocks.txt index 57b63af4..ed3b20de 100644 --- a/caddytest/integration/caddyfile_adapt/log_except_catchall_blocks.txt +++ b/caddytest/integration/caddyfile_adapt/log_except_catchall_blocks.txt @@ -1,5 +1,7 @@ http://localhost:2020 { log + skip_log /first-hidden* + skip_log /second-hidden* respond 200 } @@ -28,6 +30,36 @@ http://localhost:2020 { { "handler": "subroute", "routes": [ + { + "handle": [ + { + "handler": "vars", + "skip_log": true + } + ], + "match": [ + { + "path": [ + "/second-hidden*" + ] + } + ] + }, + { + "handle": [ + { + "handler": "vars", + "skip_log": true + } + ], + "match": [ + { + "path": [ + "/first-hidden*" + ] + } + ] + }, { "handle": [ { diff --git a/modules/caddyhttp/logging.go b/modules/caddyhttp/logging.go new file mode 100644 index 00000000..4faaec7f --- /dev/null +++ b/modules/caddyhttp/logging.go @@ -0,0 +1,144 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package caddyhttp + +import ( + "errors" + "net" + "net/http" + "strings" + + "go.uber.org/zap" + "go.uber.org/zap/zapcore" +) + +// ServerLogConfig describes a server's logging configuration. If +// enabled without customization, all requests to this server are +// logged to the default logger; logger destinations may be +// customized per-request-host. +type ServerLogConfig struct { + // The default logger name for all logs emitted by this server for + // hostnames that are not in the LoggerNames (logger_names) map. + DefaultLoggerName string `json:"default_logger_name,omitempty"` + + // LoggerNames maps request hostnames to a custom logger name. + // For example, a mapping of "example.com" to "example" would + // cause access logs from requests with a Host of example.com + // to be emitted by a logger named "http.log.access.example". + LoggerNames map[string]string `json:"logger_names,omitempty"` + + // By default, all requests to this server will be logged if + // access logging is enabled. This field lists the request + // hosts for which access logging should be disabled. + SkipHosts []string `json:"skip_hosts,omitempty"` + + // If true, requests to any host not appearing in the + // LoggerNames (logger_names) map will not be logged. + SkipUnmappedHosts bool `json:"skip_unmapped_hosts,omitempty"` + + // If true, credentials that are otherwise omitted, will be logged. + // The definition of credentials is defined by https://fetch.spec.whatwg.org/#credentials, + // and this includes some request and response headers, i.e `Cookie`, + // `Set-Cookie`, `Authorization`, and `Proxy-Authorization`. + ShouldLogCredentials bool `json:"should_log_credentials,omitempty"` +} + +// wrapLogger wraps logger in a logger named according to user preferences for the given host. +func (slc ServerLogConfig) wrapLogger(logger *zap.Logger, host string) *zap.Logger { + if loggerName := slc.getLoggerName(host); loggerName != "" { + return logger.Named(loggerName) + } + return logger +} + +func (slc ServerLogConfig) getLoggerName(host string) string { + tryHost := func(key string) (string, bool) { + // first try exact match + if loggerName, ok := slc.LoggerNames[key]; ok { + return loggerName, ok + } + // strip port and try again (i.e. Host header of "example.com:1234" should + // match "example.com" if there is no "example.com:1234" in the map) + hostOnly, _, err := net.SplitHostPort(key) + if err != nil { + return "", false + } + loggerName, ok := slc.LoggerNames[hostOnly] + return loggerName, ok + } + + // try the exact hostname first + if loggerName, ok := tryHost(host); ok { + return loggerName + } + + // try matching wildcard domains if other non-specific loggers exist + labels := strings.Split(host, ".") + for i := range labels { + if labels[i] == "" { + continue + } + labels[i] = "*" + wildcardHost := strings.Join(labels, ".") + if loggerName, ok := tryHost(wildcardHost); ok { + return loggerName + } + } + + return slc.DefaultLoggerName +} + +func (slc *ServerLogConfig) clone() *ServerLogConfig { + clone := &ServerLogConfig{ + DefaultLoggerName: slc.DefaultLoggerName, + LoggerNames: make(map[string]string), + SkipHosts: append([]string{}, slc.SkipHosts...), + SkipUnmappedHosts: slc.SkipUnmappedHosts, + ShouldLogCredentials: slc.ShouldLogCredentials, + } + for k, v := range slc.LoggerNames { + clone.LoggerNames[k] = v + } + return clone +} + +// errLogValues inspects err and returns the status code +// to use, the error log message, and any extra fields. +// If err is a HandlerError, the returned values will +// have richer information. +func errLogValues(err error) (status int, msg string, fields []zapcore.Field) { + var handlerErr HandlerError + if errors.As(err, &handlerErr) { + status = handlerErr.StatusCode + if handlerErr.Err == nil { + msg = err.Error() + } else { + msg = handlerErr.Err.Error() + } + fields = []zapcore.Field{ + zap.Int("status", handlerErr.StatusCode), + zap.String("err_id", handlerErr.ID), + zap.String("err_trace", handlerErr.Trace), + } + return + } + status = http.StatusInternalServerError + msg = err.Error() + return +} + +// Variable name used to indicate that this request +// should be omitted from the access logs +const SkipLogVar = "skip_log" diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index f1909c41..83f1a533 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -18,7 +18,6 @@ import ( "context" "crypto/tls" "encoding/json" - "errors" "fmt" "net" "net/http" @@ -226,6 +225,11 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { accLog := s.accessLogger.With(loggableReq) defer func() { + // this request may be flagged as omitted from the logs + if skipLog, ok := GetVar(r.Context(), SkipLogVar).(bool); ok && skipLog { + return + } + repl.Set("http.response.status", wrec.Status()) repl.Set("http.response.size", wrec.Size()) repl.Set("http.response.duration", duration) @@ -592,96 +596,6 @@ func (s *Server) protocol(proto string) bool { // EXPERIMENTAL: Subject to change or removal. func (s *Server) Listeners() []net.Listener { return s.listeners } -// ServerLogConfig describes a server's logging configuration. If -// enabled without customization, all requests to this server are -// logged to the default logger; logger destinations may be -// customized per-request-host. -type ServerLogConfig struct { - // The default logger name for all logs emitted by this server for - // hostnames that are not in the LoggerNames (logger_names) map. - DefaultLoggerName string `json:"default_logger_name,omitempty"` - - // LoggerNames maps request hostnames to a custom logger name. - // For example, a mapping of "example.com" to "example" would - // cause access logs from requests with a Host of example.com - // to be emitted by a logger named "http.log.access.example". - LoggerNames map[string]string `json:"logger_names,omitempty"` - - // By default, all requests to this server will be logged if - // access logging is enabled. This field lists the request - // hosts for which access logging should be disabled. - SkipHosts []string `json:"skip_hosts,omitempty"` - - // If true, requests to any host not appearing in the - // LoggerNames (logger_names) map will not be logged. - SkipUnmappedHosts bool `json:"skip_unmapped_hosts,omitempty"` - - // If true, credentials that are otherwise omitted, will be logged. - // The definition of credentials is defined by https://fetch.spec.whatwg.org/#credentials, - // and this includes some request and response headers, i.e `Cookie`, - // `Set-Cookie`, `Authorization`, and `Proxy-Authorization`. - ShouldLogCredentials bool `json:"should_log_credentials,omitempty"` -} - -// wrapLogger wraps logger in a logger named according to user preferences for the given host. -func (slc ServerLogConfig) wrapLogger(logger *zap.Logger, host string) *zap.Logger { - if loggerName := slc.getLoggerName(host); loggerName != "" { - return logger.Named(loggerName) - } - return logger -} - -func (slc ServerLogConfig) getLoggerName(host string) string { - tryHost := func(key string) (string, bool) { - // first try exact match - if loggerName, ok := slc.LoggerNames[key]; ok { - return loggerName, ok - } - // strip port and try again (i.e. Host header of "example.com:1234" should - // match "example.com" if there is no "example.com:1234" in the map) - hostOnly, _, err := net.SplitHostPort(key) - if err != nil { - return "", false - } - loggerName, ok := slc.LoggerNames[hostOnly] - return loggerName, ok - } - - // try the exact hostname first - if loggerName, ok := tryHost(host); ok { - return loggerName - } - - // try matching wildcard domains if other non-specific loggers exist - labels := strings.Split(host, ".") - for i := range labels { - if labels[i] == "" { - continue - } - labels[i] = "*" - wildcardHost := strings.Join(labels, ".") - if loggerName, ok := tryHost(wildcardHost); ok { - return loggerName - } - } - - return slc.DefaultLoggerName -} - -func (slc *ServerLogConfig) clone() *ServerLogConfig { - clone := &ServerLogConfig{ - DefaultLoggerName: slc.DefaultLoggerName, - LoggerNames: make(map[string]string), - SkipHosts: append([]string{}, slc.SkipHosts...), - SkipUnmappedHosts: slc.SkipUnmappedHosts, - ShouldLogCredentials: slc.ShouldLogCredentials, - } - for k, v := range slc.LoggerNames { - clone.LoggerNames[k] = v - } - return clone -} - // PrepareRequest fills the request r for use in a Caddy HTTP handler chain. w and s can // be nil, but the handlers will lose response placeholders and access to the server. func PrepareRequest(r *http.Request, repl *caddy.Replacer, w http.ResponseWriter, s *Server) *http.Request { @@ -701,31 +615,6 @@ func PrepareRequest(r *http.Request, repl *caddy.Replacer, w http.ResponseWriter return r } -// errLogValues inspects err and returns the status code -// to use, the error log message, and any extra fields. -// If err is a HandlerError, the returned values will -// have richer information. -func errLogValues(err error) (status int, msg string, fields []zapcore.Field) { - var handlerErr HandlerError - if errors.As(err, &handlerErr) { - status = handlerErr.StatusCode - if handlerErr.Err == nil { - msg = err.Error() - } else { - msg = handlerErr.Err.Error() - } - fields = []zapcore.Field{ - zap.Int("status", handlerErr.StatusCode), - zap.String("err_id", handlerErr.ID), - zap.String("err_trace", handlerErr.Trace), - } - return - } - status = http.StatusInternalServerError - msg = err.Error() - return -} - // originalRequest returns a partial, shallow copy of // req, including: req.Method, deep copy of req.URL // (into the urlCopy parameter, which should be on the From e338648fed3263200dfd6abc9f8100c6f1c0eb67 Mon Sep 17 00:00:00 2001 From: Isaac Parker Date: Thu, 15 Sep 2022 12:35:38 -0600 Subject: [PATCH 0794/1498] reverseproxy: Support repeated --to flags in command (#4693) * feat: Multiple 'to' upstreams in reverse-proxy cmd * Repeat --to for multiple upstreams, rather than comma-separating in a single flag Co-authored-by: Matt Holt --- modules/caddyhttp/reverseproxy/command.go | 40 ++++++++++++++++++----- 1 file changed, 32 insertions(+), 8 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/command.go b/modules/caddyhttp/reverseproxy/command.go index fed1cd91..ff19919f 100644 --- a/modules/caddyhttp/reverseproxy/command.go +++ b/modules/caddyhttp/reverseproxy/command.go @@ -41,6 +41,7 @@ A simple but production-ready reverse proxy. Useful for quick deployments, demos, and development. Simply shuttles HTTP(S) traffic from the --from address to the --to address. +Multiple --to addresses may be specified by repeating the flag. Unless otherwise specified in the addresses, the --from address will be assumed to be HTTPS if a hostname is given, and the --to address will be @@ -57,7 +58,7 @@ default, all incoming headers are passed through unmodified.) Flags: func() *flag.FlagSet { fs := flag.NewFlagSet("reverse-proxy", flag.ExitOnError) fs.String("from", "localhost", "Address on which to receive traffic") - fs.String("to", "", "Upstream address to which traffic should be sent") + fs.Var(&reverseProxyCmdTo, "to", "Upstream address(es) to which traffic should be sent") fs.Bool("change-host-header", false, "Set upstream Host header to address of upstream") fs.Bool("insecure", false, "Disable TLS verification (WARNING: DISABLES SECURITY BY NOT VERIFYING SSL CERTIFICATES!)") fs.Bool("internal-certs", false, "Use internal CA for issuing certs") @@ -70,7 +71,6 @@ func cmdReverseProxy(fs caddycmd.Flags) (int, error) { caddy.TrapSignals() from := fs.String("from") - to := fs.String("to") changeHost := fs.Bool("change-host-header") insecure := fs.Bool("insecure") internalCerts := fs.Bool("internal-certs") @@ -78,7 +78,7 @@ func cmdReverseProxy(fs caddycmd.Flags) (int, error) { httpPort := strconv.Itoa(caddyhttp.DefaultHTTPPort) httpsPort := strconv.Itoa(caddyhttp.DefaultHTTPSPort) - if to == "" { + if len(reverseProxyCmdTo) == 0 { return caddy.ExitCodeFailedStartup, fmt.Errorf("--to is required") } @@ -106,9 +106,18 @@ func cmdReverseProxy(fs caddycmd.Flags) (int, error) { } // set up the upstream address; assume missing information from given parts - toAddr, toScheme, err := parseUpstreamDialAddress(to) - if err != nil { - return caddy.ExitCodeFailedStartup, fmt.Errorf("invalid upstream address %s: %v", to, err) + // mixing schemes isn't supported, so use first defined (if available) + toAddresses := make([]string, len(reverseProxyCmdTo)) + var toScheme string + for i, toLoc := range reverseProxyCmdTo { + addr, scheme, err := parseUpstreamDialAddress(toLoc) + if err != nil { + return caddy.ExitCodeFailedStartup, fmt.Errorf("invalid upstream address %s: %v", toLoc, err) + } + if scheme != "" && toScheme != "" { + toScheme = scheme + } + toAddresses[i] = addr } // proceed to build the handler and server @@ -120,9 +129,16 @@ func cmdReverseProxy(fs caddycmd.Flags) (int, error) { } } + upstreamPool := UpstreamPool{} + for _, toAddr := range toAddresses { + upstreamPool = append(upstreamPool, &Upstream{ + Dial: toAddr, + }) + } + handler := Handler{ TransportRaw: caddyconfig.JSONModuleObject(ht, "protocol", "http", nil), - Upstreams: UpstreamPool{{Dial: toAddr}}, + Upstreams: upstreamPool, } if changeHost { @@ -187,7 +203,15 @@ func cmdReverseProxy(fs caddycmd.Flags) (int, error) { return caddy.ExitCodeFailedStartup, err } - fmt.Printf("Caddy proxying %s -> %s\n", fromAddr.String(), toAddr) + for _, to := range toAddresses { + fmt.Printf("Caddy proxying %s -> %s\n", fromAddr.String(), to) + } + if len(toAddresses) > 1 { + fmt.Println("Load balancing policy: random") + } select {} } + +// reverseProxyCmdTo holds the parsed values from repeated use of the --to flag. +var reverseProxyCmdTo caddycmd.StringSlice From 2dc747cf2d7dd4e7337c1d7665042b896f3b4445 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 15 Sep 2022 13:36:08 -0600 Subject: [PATCH 0795/1498] Limit unclosed placeholder tolerance (fix #4170) --- replacer.go | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/replacer.go b/replacer.go index d30a4061..57979205 100644 --- a/replacer.go +++ b/replacer.go @@ -144,9 +144,11 @@ func (r *Replacer) replace(input, empty string, // iterate the input to find each placeholder var lastWriteCursor int + // fail fast if too many placeholders are unclosed + var unclosedCount int + scan: for i := 0; i < len(input); i++ { - // check for escaped braces if i > 0 && input[i-1] == phEscape && (input[i] == phClose || input[i] == phOpen) { sb.WriteString(input[lastWriteCursor : i-1]) @@ -158,9 +160,17 @@ scan: continue } + // our iterator is now on an unescaped open brace (start of placeholder) + + // too many unclosed placeholders in absolutely ridiculous input can be extremely slow (issue #4170) + if unclosedCount > 100 { + return "", fmt.Errorf("too many unclosed placeholders") + } + // find the end of the placeholder end := strings.Index(input[i:], string(phClose)) + i if end < i { + unclosedCount++ continue } @@ -168,6 +178,7 @@ scan: for end > 0 && end < len(input)-1 && input[end-1] == phEscape { nextEnd := strings.Index(input[end+1:], string(phClose)) if nextEnd < 0 { + unclosedCount++ continue scan } end += nextEnd + 1 From e6c58fdc085f8875361563551699bcf02e3ede8b Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 15 Sep 2022 14:12:53 -0600 Subject: [PATCH 0796/1498] caddyfile: Prevent infinite nesting on fmt (fix #4175) --- caddyconfig/caddyfile/formatter.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/caddyconfig/caddyfile/formatter.go b/caddyconfig/caddyfile/formatter.go index cb0033f7..3981cd69 100644 --- a/caddyconfig/caddyfile/formatter.go +++ b/caddyconfig/caddyfile/formatter.go @@ -153,7 +153,10 @@ func Format(input []byte) []byte { openBraceWritten = true nextLine() newLines = 0 - nesting++ + // prevent infinite nesting from ridiculous inputs (issue #4175) + if nesting < 10 { + nesting++ + } } switch { From 49b7a252641639b25c6578b3682c8e441ba8a451 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 15 Sep 2022 14:13:58 -0600 Subject: [PATCH 0797/1498] Fix #4169 (correct e6c58fd) --- caddyconfig/caddyfile/formatter.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/caddyconfig/caddyfile/formatter.go b/caddyconfig/caddyfile/formatter.go index 3981cd69..82581a3d 100644 --- a/caddyconfig/caddyfile/formatter.go +++ b/caddyconfig/caddyfile/formatter.go @@ -153,7 +153,7 @@ func Format(input []byte) []byte { openBraceWritten = true nextLine() newLines = 0 - // prevent infinite nesting from ridiculous inputs (issue #4175) + // prevent infinite nesting from ridiculous inputs (issue #4169) if nesting < 10 { nesting++ } From f1f7a2267460c5ed456153a4a04d864fb7865c56 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 15 Sep 2022 14:25:29 -0600 Subject: [PATCH 0798/1498] Reject absurdly long duration strings (fix #4175) --- caddy.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/caddy.go b/caddy.go index 26c149b9..9595c96c 100644 --- a/caddy.go +++ b/caddy.go @@ -763,8 +763,12 @@ func (d *Duration) UnmarshalJSON(b []byte) error { // ParseDuration parses a duration string, adding // support for the "d" unit meaning number of days, -// where a day is assumed to be 24h. +// where a day is assumed to be 24h. The maximum +// input string length is 1024. func ParseDuration(s string) (time.Duration, error) { + if len(s) > 1024 { + return 0, fmt.Errorf("parsing duration: input string too long") + } var inNumber bool var numStart int for i := 0; i < len(s); i++ { From 48d723c07c52d76755ee323581a20777699f1557 Mon Sep 17 00:00:00 2001 From: WeidiDeng Date: Fri, 16 Sep 2022 06:05:08 +0800 Subject: [PATCH 0799/1498] encode: Fix Accept-Ranges header; HEAD requests (#5039) * fix encode handler header manipulation also avoid implementing ReadFrom because it breaks when io.Copied to directly * strconv.Itoa should be tried as a last resort WriteHeader during Close --- modules/caddyhttp/encode/encode.go | 128 ++++++++++++----------------- 1 file changed, 52 insertions(+), 76 deletions(-) diff --git a/modules/caddyhttp/encode/encode.go b/modules/caddyhttp/encode/encode.go index aae72806..f9e33ac9 100644 --- a/modules/caddyhttp/encode/encode.go +++ b/modules/caddyhttp/encode/encode.go @@ -20,7 +20,6 @@ package encode import ( - "bytes" "fmt" "io" "math" @@ -160,13 +159,12 @@ func (enc *Encode) openResponseWriter(encodingName string, w http.ResponseWriter // initResponseWriter initializes the responseWriter instance // allocated in openResponseWriter, enabling mid-stack inlining. func (enc *Encode) initResponseWriter(rw *responseWriter, encodingName string, wrappedRW http.ResponseWriter) *responseWriter { - buf := bufPool.Get().(*bytes.Buffer) - buf.Reset() - - // The allocation of ResponseWriterWrapper might be optimized as well. - rw.ResponseWriterWrapper = &caddyhttp.ResponseWriterWrapper{ResponseWriter: wrappedRW} + if httpInterfaces, ok := wrappedRW.(caddyhttp.HTTPInterfaces); ok { + rw.HTTPInterfaces = httpInterfaces + } else { + rw.HTTPInterfaces = &caddyhttp.ResponseWriterWrapper{ResponseWriter: wrappedRW} + } rw.encodingName = encodingName - rw.buf = buf rw.config = enc return rw @@ -176,10 +174,9 @@ func (enc *Encode) initResponseWriter(rw *responseWriter, encodingName string, w // using the encoding represented by encodingName and // configured by config. type responseWriter struct { - *caddyhttp.ResponseWriterWrapper + caddyhttp.HTTPInterfaces encodingName string w Encoder - buf *bytes.Buffer config *Encode statusCode int wroteHeader bool @@ -206,28 +203,33 @@ func (rw *responseWriter) Flush() { // to rw.Write (see bug in #4314) return } - rw.ResponseWriterWrapper.Flush() + rw.HTTPInterfaces.Flush() } // Write writes to the response. If the response qualifies, // it is encoded using the encoder, which is initialized // if not done so already. func (rw *responseWriter) Write(p []byte) (int, error) { - var n, written int - var err error + // ignore zero data writes, probably head request + if len(p) == 0 { + return 0, nil + } - if rw.buf != nil && rw.config.MinLength > 0 { - written = rw.buf.Len() - _, err := rw.buf.Write(p) - if err != nil { - return 0, err + // sniff content-type and determine content-length + if !rw.wroteHeader && rw.config.MinLength > 0 { + var gtMinLength bool + if len(p) > rw.config.MinLength { + gtMinLength = true + } else if cl, err := strconv.Atoi(rw.Header().Get("Content-Length")); err == nil && cl > rw.config.MinLength { + gtMinLength = true + } + + if gtMinLength { + if rw.Header().Get("Content-Type") == "" { + rw.Header().Set("Content-Type", http.DetectContentType(p)) + } + rw.init() } - rw.init() - p = rw.buf.Bytes() - defer func() { - bufPool.Put(rw.buf) - rw.buf = nil - }() } // before we write to the response, we need to make @@ -236,63 +238,44 @@ func (rw *responseWriter) Write(p []byte) (int, error) { // and if so, that means we haven't written the // header OR the default status code will be written // by the standard library - if rw.statusCode > 0 { - rw.ResponseWriter.WriteHeader(rw.statusCode) - rw.statusCode = 0 + if !rw.wroteHeader { + if rw.statusCode != 0 { + rw.HTTPInterfaces.WriteHeader(rw.statusCode) + } else { + rw.HTTPInterfaces.WriteHeader(http.StatusOK) + } rw.wroteHeader = true } - switch { - case rw.w != nil: - n, err = rw.w.Write(p) - default: - n, err = rw.ResponseWriter.Write(p) + if rw.w != nil { + return rw.w.Write(p) + } else { + return rw.HTTPInterfaces.Write(p) } - n -= written - if n < 0 { - n = 0 - } - return n, err } // Close writes any remaining buffered response and // deallocates any active resources. func (rw *responseWriter) Close() error { - var err error - // only attempt to write the remaining buffered response - // if there are any bytes left to write; otherwise, if - // the handler above us returned an error without writing - // anything, we'd write to the response when we instead - // should simply let the error propagate back down; this - // is why the check for rw.buf.Len() > 0 is crucial - if rw.buf != nil && rw.buf.Len() > 0 { - rw.init() - p := rw.buf.Bytes() - defer func() { - bufPool.Put(rw.buf) - rw.buf = nil - }() - switch { - case rw.w != nil: - _, err = rw.w.Write(p) - default: - _, err = rw.ResponseWriter.Write(p) + // didn't write, probably head request + if !rw.wroteHeader { + cl, err := strconv.Atoi(rw.Header().Get("Content-Length")) + if err == nil && cl > rw.config.MinLength { + rw.init() + } + + if rw.statusCode != 0 { + rw.HTTPInterfaces.WriteHeader(rw.statusCode) + } else { + rw.HTTPInterfaces.WriteHeader(http.StatusOK) } - } else if rw.statusCode != 0 { - // it is possible that a body was not written, and - // a header was not even written yet, even though - // we are closing; ensure the proper status code is - // written exactly once, or we risk breaking requests - // that rely on If-None-Match, for example - rw.ResponseWriter.WriteHeader(rw.statusCode) - rw.statusCode = 0 rw.wroteHeader = true } + + var err error if rw.w != nil { - err2 := rw.w.Close() - if err2 != nil && err == nil { - err = err2 - } + err = rw.w.Close() + rw.w.Reset(nil) rw.config.writerPools[rw.encodingName].Put(rw.w) rw.w = nil } @@ -302,16 +285,15 @@ func (rw *responseWriter) Close() error { // init should be called before we write a response, if rw.buf has contents. func (rw *responseWriter) init() { if rw.Header().Get("Content-Encoding") == "" && - rw.buf.Len() >= rw.config.MinLength && rw.config.Match(rw) { rw.w = rw.config.writerPools[rw.encodingName].Get().(Encoder) - rw.w.Reset(rw.ResponseWriter) + rw.w.Reset(rw.HTTPInterfaces) rw.Header().Del("Content-Length") // https://github.com/golang/go/issues/14975 rw.Header().Set("Content-Encoding", rw.encodingName) rw.Header().Add("Vary", "Accept-Encoding") + rw.Header().Del("Accept-Ranges") // we don't know ranges for dynamically-encoded content } - rw.Header().Del("Accept-Ranges") // we don't know ranges for dynamically-encoded content } // AcceptedEncodings returns the list of encodings that the @@ -417,12 +399,6 @@ type Precompressed interface { Suffix() string } -var bufPool = sync.Pool{ - New: func() any { - return new(bytes.Buffer) - }, -} - // defaultMinLength is the minimum length at which to compress content. const defaultMinLength = 512 From b6cec3789342c2408d878359d4ed07e3789611ac Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 15 Sep 2022 23:10:16 -0600 Subject: [PATCH 0800/1498] caddyhttp: Add --debug flag to commands file-server and reverse-proxy This might be useful! --- caddyconfig/httpcaddyfile/httptype.go | 4 ++-- modules/caddyhttp/fileserver/command.go | 10 ++++++++++ modules/caddyhttp/reverseproxy/command.go | 11 +++++++++++ modules/caddyhttp/staticresp.go | 3 ++- 4 files changed, 25 insertions(+), 3 deletions(-) diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 9cf386a4..7159454b 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -223,7 +223,7 @@ func (st ServerType) Setup(inputServerBlocks []caddyfile.ServerBlock, hasDefaultLog = true } if _, ok := options["debug"]; ok && ncl.log.Level == "" { - ncl.log.Level = "DEBUG" + ncl.log.Level = zap.DebugLevel.CapitalString() } customLogs = append(customLogs, ncl) } @@ -241,7 +241,7 @@ func (st ServerType) Setup(inputServerBlocks []caddyfile.ServerBlock, if _, ok := options["debug"]; ok { customLogs = append(customLogs, namedCustomLog{ name: "default", - log: &caddy.CustomLog{Level: "DEBUG"}, + log: &caddy.CustomLog{Level: zap.DebugLevel.CapitalString()}, }) } } diff --git a/modules/caddyhttp/fileserver/command.go b/modules/caddyhttp/fileserver/command.go index 902c5f8c..6a775097 100644 --- a/modules/caddyhttp/fileserver/command.go +++ b/modules/caddyhttp/fileserver/command.go @@ -27,6 +27,7 @@ import ( "github.com/caddyserver/caddy/v2/modules/caddyhttp" caddytpl "github.com/caddyserver/caddy/v2/modules/caddyhttp/templates" "github.com/caddyserver/certmagic" + "go.uber.org/zap" ) func init() { @@ -70,6 +71,7 @@ func cmdFileServer(fs caddycmd.Flags) (int, error) { browse := fs.Bool("browse") templates := fs.Bool("templates") accessLog := fs.Bool("access-log") + debug := fs.Bool("debug") var handlers []json.RawMessage @@ -130,6 +132,14 @@ func cmdFileServer(fs caddycmd.Flags) (int, error) { }, } + if debug { + cfg.Logging = &caddy.Logging{ + Logs: map[string]*caddy.CustomLog{ + "default": {Level: zap.DebugLevel.CapitalString()}, + }, + } + } + err := caddy.Run(cfg) if err != nil { return caddy.ExitCodeFailedStartup, err diff --git a/modules/caddyhttp/reverseproxy/command.go b/modules/caddyhttp/reverseproxy/command.go index ff19919f..481f6e00 100644 --- a/modules/caddyhttp/reverseproxy/command.go +++ b/modules/caddyhttp/reverseproxy/command.go @@ -28,6 +28,7 @@ import ( "github.com/caddyserver/caddy/v2/modules/caddyhttp" "github.com/caddyserver/caddy/v2/modules/caddyhttp/headers" "github.com/caddyserver/caddy/v2/modules/caddytls" + "go.uber.org/zap" ) func init() { @@ -62,6 +63,7 @@ default, all incoming headers are passed through unmodified.) fs.Bool("change-host-header", false, "Set upstream Host header to address of upstream") fs.Bool("insecure", false, "Disable TLS verification (WARNING: DISABLES SECURITY BY NOT VERIFYING SSL CERTIFICATES!)") fs.Bool("internal-certs", false, "Use internal CA for issuing certs") + fs.Bool("debug", false, "Enable verbose debug logs") return fs }(), }) @@ -74,6 +76,7 @@ func cmdReverseProxy(fs caddycmd.Flags) (int, error) { changeHost := fs.Bool("change-host-header") insecure := fs.Bool("insecure") internalCerts := fs.Bool("internal-certs") + debug := fs.Bool("debug") httpPort := strconv.Itoa(caddyhttp.DefaultHTTPPort) httpsPort := strconv.Itoa(caddyhttp.DefaultHTTPSPort) @@ -198,6 +201,14 @@ func cmdReverseProxy(fs caddycmd.Flags) (int, error) { AppsRaw: appsRaw, } + if debug { + cfg.Logging = &caddy.Logging{ + Logs: map[string]*caddy.CustomLog{ + "default": {Level: zap.DebugLevel.CapitalString()}, + }, + } + } + err = caddy.Run(cfg) if err != nil { return caddy.ExitCodeFailedStartup, err diff --git a/modules/caddyhttp/staticresp.go b/modules/caddyhttp/staticresp.go index ccc70e2d..411a7bcc 100644 --- a/modules/caddyhttp/staticresp.go +++ b/modules/caddyhttp/staticresp.go @@ -31,6 +31,7 @@ import ( "github.com/caddyserver/caddy/v2/caddyconfig" "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" caddycmd "github.com/caddyserver/caddy/v2/cmd" + "go.uber.org/zap" ) func init() { @@ -403,7 +404,7 @@ func cmdRespond(fl caddycmd.Flags) (int, error) { if debug { cfg.Logging = &caddy.Logging{ Logs: map[string]*caddy.CustomLog{ - "default": {Level: "DEBUG"}, + "default": {Level: zap.DebugLevel.CapitalString()}, }, } } From 258071d857aa8d1524161cb7273f960f24162ce9 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 16 Sep 2022 09:42:05 -0600 Subject: [PATCH 0801/1498] caddytls: Debug log on implicit tailscale error (#5041) --- modules/caddytls/certmanagers.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/caddytls/certmanagers.go b/modules/caddytls/certmanagers.go index 8c8d7017..de7abf97 100644 --- a/modules/caddytls/certmanagers.go +++ b/modules/caddytls/certmanagers.go @@ -66,7 +66,9 @@ func (ts Tailscale) canHazCertificate(ctx context.Context, hello *tls.ClientHell status, err := tscert.GetStatus(ctx) if err != nil { if ts.Optional { - return false, nil // ignore error if we don't expect/require it to work anyway + // ignore error if we don't expect/require it to work anyway, but log it for debugging + ts.logger.Debug("error getting tailscale status", zap.Error(err), zap.String("server_name", hello.ServerName)) + return false, nil } return false, err } @@ -80,8 +82,7 @@ func (ts Tailscale) canHazCertificate(ctx context.Context, hello *tls.ClientHell // UnmarshalCaddyfile deserializes Caddyfile tokens into ts. // -// ... tailscale -// +// ... tailscale func (Tailscale) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { for d.Next() { if d.NextArg() { @@ -178,8 +179,7 @@ func (hcg HTTPCertGetter) GetCertificate(ctx context.Context, hello *tls.ClientH // UnmarshalCaddyfile deserializes Caddyfile tokens into ts. // -// ... http -// +// ... http func (hcg *HTTPCertGetter) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { for d.Next() { if !d.NextArg() { From 74547f5bedafcb59fc25f14b43301f33a40f9416 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Fri, 16 Sep 2022 13:32:49 -0600 Subject: [PATCH 0802/1498] caddyhttp: Make metrics opt-in (#5042) * caddyhttp: Make metrics opt-in Related to #4644 * Make configurable in Caddyfile --- caddyconfig/httpcaddyfile/serveroptions.go | 11 +++++++++++ modules/caddyhttp/app.go | 2 +- modules/caddyhttp/metrics.go | 4 ++++ modules/caddyhttp/routes.go | 17 ++++++++++------- modules/caddyhttp/server.go | 4 ++++ 5 files changed, 30 insertions(+), 8 deletions(-) diff --git a/caddyconfig/httpcaddyfile/serveroptions.go b/caddyconfig/httpcaddyfile/serveroptions.go index f3e3d73f..8e021fd5 100644 --- a/caddyconfig/httpcaddyfile/serveroptions.go +++ b/caddyconfig/httpcaddyfile/serveroptions.go @@ -43,6 +43,7 @@ type serverOptions struct { Protocols []string StrictSNIHost *bool ShouldLogCredentials bool + Metrics *caddyhttp.Metrics } func unmarshalCaddyfileServerOptions(d *caddyfile.Dispenser) (any, error) { @@ -175,6 +176,15 @@ func unmarshalCaddyfileServerOptions(d *caddyfile.Dispenser) (any, error) { } serverOpts.StrictSNIHost = &boolVal + case "metrics": + if d.NextArg() { + return nil, d.ArgErr() + } + if d.NextBlock(0) { + return nil, d.ArgErr() + } + serverOpts.Metrics = new(caddyhttp.Metrics) + // TODO: DEPRECATED. (August 2022) case "protocol": caddy.Log().Named("caddyfile").Warn("DEPRECATED: protocol sub-option will be removed soon") @@ -259,6 +269,7 @@ func applyServerOptions( server.MaxHeaderBytes = opts.MaxHeaderBytes server.Protocols = opts.Protocols server.StrictSNIHost = opts.StrictSNIHost + server.Metrics = opts.Metrics if opts.ShouldLogCredentials { if server.Logs == nil { server.Logs = &caddyhttp.ServerLogConfig{} diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go index e48f8286..3edc5b23 100644 --- a/modules/caddyhttp/app.go +++ b/modules/caddyhttp/app.go @@ -263,7 +263,7 @@ func (app *App) Provision(ctx caddy.Context) error { // route handler so that important security checks are done, etc. primaryRoute := emptyHandler if srv.Routes != nil { - err := srv.Routes.ProvisionHandlers(ctx) + err := srv.Routes.ProvisionHandlers(ctx, srv.Metrics) if err != nil { return fmt.Errorf("server %s: setting up route handlers: %v", srvName, err) } diff --git a/modules/caddyhttp/metrics.go b/modules/caddyhttp/metrics.go index 458c22af..64fbed75 100644 --- a/modules/caddyhttp/metrics.go +++ b/modules/caddyhttp/metrics.go @@ -11,6 +11,10 @@ import ( "github.com/prometheus/client_golang/prometheus/promauto" ) +// Metrics configures metrics observations. +// EXPERIMENTAL and subject to change or removal. +type Metrics struct{} + var httpMetrics = struct { init sync.Once requestInFlight *prometheus.GaugeVec diff --git a/modules/caddyhttp/routes.go b/modules/caddyhttp/routes.go index ce9bece2..da25097b 100644 --- a/modules/caddyhttp/routes.go +++ b/modules/caddyhttp/routes.go @@ -130,7 +130,7 @@ func (routes RouteList) Provision(ctx caddy.Context) error { if err != nil { return err } - return routes.ProvisionHandlers(ctx) + return routes.ProvisionHandlers(ctx, nil) } // ProvisionMatchers sets up all the matchers by loading the @@ -156,7 +156,7 @@ func (routes RouteList) ProvisionMatchers(ctx caddy.Context) error { // handler modules. Only call this method directly if you need // to set up matchers and handlers separately without having // to provision a second time; otherwise use Provision instead. -func (routes RouteList) ProvisionHandlers(ctx caddy.Context) error { +func (routes RouteList) ProvisionHandlers(ctx caddy.Context, metrics *Metrics) error { for i := range routes { handlersIface, err := ctx.LoadModule(&routes[i], "HandlersRaw") if err != nil { @@ -168,7 +168,7 @@ func (routes RouteList) ProvisionHandlers(ctx caddy.Context) error { // pre-compile the middleware handler chain for _, midhandler := range routes[i].Handlers { - routes[i].middleware = append(routes[i].middleware, wrapMiddleware(ctx, midhandler)) + routes[i].middleware = append(routes[i].middleware, wrapMiddleware(ctx, midhandler, metrics)) } } return nil @@ -270,9 +270,12 @@ func wrapRoute(route Route) Middleware { // we need to pull this particular MiddlewareHandler // pointer into its own stack frame to preserve it so it // won't be overwritten in future loop iterations. -func wrapMiddleware(ctx caddy.Context, mh MiddlewareHandler) Middleware { - // wrap the middleware with metrics instrumentation - metricsHandler := newMetricsInstrumentedHandler(caddy.GetModuleName(mh), mh) +func wrapMiddleware(ctx caddy.Context, mh MiddlewareHandler, metrics *Metrics) Middleware { + handlerToUse := mh + if metrics != nil { + // wrap the middleware with metrics instrumentation + handlerToUse = newMetricsInstrumentedHandler(caddy.GetModuleName(mh), mh) + } return func(next Handler) Handler { // copy the next handler (it's an interface, so it's @@ -284,7 +287,7 @@ func wrapMiddleware(ctx caddy.Context, mh MiddlewareHandler) Middleware { return HandlerFunc(func(w http.ResponseWriter, r *http.Request) error { // TODO: This is where request tracing could be implemented // TODO: see what the std lib gives us in terms of stack tracing too - return metricsHandler.ServeHTTP(w, r, nextCopy) + return handlerToUse.ServeHTTP(w, r, nextCopy) }) } } diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index 83f1a533..ca5a5949 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -152,6 +152,10 @@ type Server struct { // Default: `[h1 h2 h3]` Protocols []string `json:"protocols,omitempty"` + // If set, metrics observations will be enabled. + // This setting is EXPERIMENTAL and subject to change. + Metrics *Metrics `json:"metrics,omitempty"` + name string primaryHandlerChain Handler From 616418281b49ed1052ee395b674d8df97c820b11 Mon Sep 17 00:00:00 2001 From: David Manouchehri Date: Fri, 16 Sep 2022 16:05:37 -0400 Subject: [PATCH 0803/1498] caddyhttp: Support TLS key logging for debugging (#4808) * Add SSL key logging. * Resolve merge conflict with master * Add Caddyfile support; various fixes * Also commit go.mod and go.sum, oops * Appease linter * Minor tweaks * Add doc comment Co-authored-by: Matt Holt --- caddyconfig/httpcaddyfile/builtins.go | 67 ++++++++++++++------------- caddyconfig/httpcaddyfile/options.go | 14 +++--- modules/caddytls/connpolicy.go | 46 +++++++++++++++++- 3 files changed, 87 insertions(+), 40 deletions(-) diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index 103b7a1f..7f23fd59 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -53,8 +53,7 @@ func init() { // parseBind parses the bind directive. Syntax: // -// bind -// +// bind func parseBind(h Helper) ([]ConfigValue, error) { var lnHosts []string for h.Next() { @@ -65,28 +64,28 @@ func parseBind(h Helper) ([]ConfigValue, error) { // parseTLS parses the tls directive. Syntax: // -// tls [|internal]|[ ] { -// protocols [] -// ciphers -// curves -// client_auth { -// mode [request|require|verify_if_given|require_and_verify] -// trusted_ca_cert -// trusted_ca_cert_file -// trusted_leaf_cert -// trusted_leaf_cert_file -// } -// alpn -// load -// ca -// ca_root -// dns [...] -// on_demand -// eab -// issuer [...] -// get_certificate [...] -// } -// +// tls [|internal]|[ ] { +// protocols [] +// ciphers +// curves +// client_auth { +// mode [request|require|verify_if_given|require_and_verify] +// trusted_ca_cert +// trusted_ca_cert_file +// trusted_leaf_cert +// trusted_leaf_cert_file +// } +// alpn +// load +// ca +// ca_root +// dns [...] +// on_demand +// eab +// issuer [...] +// get_certificate [...] +// insecure_secrets_log +// } func parseTLS(h Helper) ([]ConfigValue, error) { cp := new(caddytls.ConnectionPolicy) var fileLoader caddytls.FileLoader @@ -396,6 +395,12 @@ func parseTLS(h Helper) ([]ConfigValue, error) { } onDemand = true + case "insecure_secrets_log": + if !h.NextArg() { + return nil, h.ArgErr() + } + cp.InsecureSecretsLog = h.Val() + default: return nil, h.Errf("unknown subdirective: %s", h.Val()) } @@ -516,8 +521,7 @@ func parseTLS(h Helper) ([]ConfigValue, error) { // parseRoot parses the root directive. Syntax: // -// root [] -// +// root [] func parseRoot(h Helper) (caddyhttp.MiddlewareHandler, error) { var root string for h.Next() { @@ -695,12 +699,11 @@ func parseHandleErrors(h Helper) ([]ConfigValue, error) { // parseLog parses the log directive. Syntax: // -// log { -// output ... -// format ... -// level -// } -// +// log { +// output ... +// format ... +// level +// } func parseLog(h Helper) ([]ConfigValue, error) { return parseLogHelper(h, nil) } diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go index c41e8bc8..1775c93b 100644 --- a/caddyconfig/httpcaddyfile/options.go +++ b/caddyconfig/httpcaddyfile/options.go @@ -421,13 +421,13 @@ func parseOCSPStaplingOptions(d *caddyfile.Dispenser, _ any) (any, error) { // parseLogOptions parses the global log option. Syntax: // -// log [name] { -// output ... -// format ... -// level -// include -// exclude -// } +// log [name] { +// output ... +// format ... +// level +// include +// exclude +// } // // When the name argument is unspecified, this directive modifies the default // logger. diff --git a/modules/caddytls/connpolicy.go b/modules/caddytls/connpolicy.go index f7b9c462..bce69bc8 100644 --- a/modules/caddytls/connpolicy.go +++ b/modules/caddytls/connpolicy.go @@ -20,11 +20,14 @@ import ( "encoding/base64" "encoding/json" "fmt" + "io" "os" + "path/filepath" "strings" "github.com/caddyserver/caddy/v2" "github.com/mholt/acmez" + "go.uber.org/zap" ) func init() { @@ -156,6 +159,16 @@ type ConnectionPolicy struct { // is no policy configured for the empty SNI value. DefaultSNI string `json:"default_sni,omitempty"` + // Also known as "SSLKEYLOGFILE", TLS secrets will be written to + // this file in NSS key log format which can then be parsed by + // Wireshark and other tools. This is INSECURE as it allows other + // programs or tools to decrypt TLS connections. However, this + // capability can be useful for debugging and troubleshooting. + // **ENABLING THIS LOG COMPROMISES SECURITY!** + // + // This feature is EXPERIMENTAL and subject to change or removal. + InsecureSecretsLog string `json:"insecure_secrets_log,omitempty"` + // TLSConfig is the fully-formed, standard lib TLS config // used to serve TLS connections. Provision all // ConnectionPolicies to populate this. It is exported only @@ -280,6 +293,30 @@ func (p *ConnectionPolicy) buildStandardTLSConfig(ctx caddy.Context) error { } } + if p.InsecureSecretsLog != "" { + filename, err := caddy.NewReplacer().ReplaceOrErr(p.InsecureSecretsLog, true, true) + if err != nil { + return err + } + filename, err = filepath.Abs(filename) + if err != nil { + return err + } + logFile, _, err := secretsLogPool.LoadOrNew(filename, func() (caddy.Destructor, error) { + w, err := os.OpenFile(filename, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0600) + return destructableWriter{w}, err + }) + if err != nil { + return err + } + ctx.OnCancel(func() { _, _ = secretsLogPool.Delete(filename) }) + + cfg.KeyLogWriter = logFile.(io.Writer) + + tlsApp.logger.Warn("TLS SECURITY COMPROMISED: secrets logging is enabled!", + zap.String("log_filename", filename)) + } + setDefaultTLSParams(cfg) p.TLSConfig = cfg @@ -297,7 +334,8 @@ func (p ConnectionPolicy) SettingsEmpty() bool { p.ProtocolMin == "" && p.ProtocolMax == "" && p.ClientAuthentication == nil && - p.DefaultSNI == "" + p.DefaultSNI == "" && + p.InsecureSecretsLog == "" } // ClientAuthentication configures TLS client auth. @@ -542,3 +580,9 @@ type ClientCertificateVerifier interface { } var defaultALPN = []string{"h2", "http/1.1"} + +type destructableWriter struct{ *os.File } + +func (d destructableWriter) Destruct() error { return d.Close() } + +var secretsLogPool = caddy.NewUsagePool() From bffc2587329ca7e1f8a28edae9b5a9bf11e2fc7c Mon Sep 17 00:00:00 2001 From: WeidiDeng Date: Sat, 17 Sep 2022 04:48:55 +0800 Subject: [PATCH 0804/1498] caddyhttp: Support configuring Server from handler provisioning (#4933) * configuring http.Server from handlers. * Minor tweaks * Run gofmt Co-authored-by: Matthew Holt --- modules/caddyhttp/app.go | 5 +++- modules/caddyhttp/server.go | 50 +++++++++++++++++++++++++++++++++++++ 2 files changed, 54 insertions(+), 1 deletion(-) diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go index 3edc5b23..0253521a 100644 --- a/modules/caddyhttp/app.go +++ b/modules/caddyhttp/app.go @@ -178,7 +178,9 @@ func (app *App) Provision(ctx caddy.Context) error { } // prepare each server + oldContext := ctx.Context for srvName, srv := range app.Servers { + ctx.Context = context.WithValue(oldContext, ServerCtxKey, srv) srv.name = srvName srv.tlsApp = app.tlsApp srv.events = eventsAppIface.(*caddyevents.App) @@ -293,7 +295,7 @@ func (app *App) Provision(ctx caddy.Context) error { srv.IdleTimeout = defaultIdleTimeout } } - + ctx.Context = oldContext return nil } @@ -365,6 +367,7 @@ func (app *App) Start() error { // this TLS config is used by the std lib to choose the actual TLS config for connections // by looking through the connection policies to find the first one that matches tlsCfg := srv.TLSConnPolicies.TLSConfig(app.ctx) + srv.configureServer(srv.server) // enable H2C if configured if srv.protocol("h2c") { diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index ca5a5949..d9fe077e 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -176,6 +176,11 @@ type Server struct { shutdownAt time.Time shutdownAtMu *sync.RWMutex + + // registered callback functions + connStateFuncs []func(net.Conn, http.ConnState) + connContextFuncs []func(ctx context.Context, c net.Conn) context.Context + onShutdownFuncs []func() } // ServeHTTP is the entry point for all HTTP requests. @@ -513,6 +518,51 @@ func (s *Server) serveHTTP3(hostport string, tlsCfg *tls.Config) error { return nil } +// configureServer applies/binds the registered callback functions to the server. +func (s *Server) configureServer(server *http.Server) { + for _, f := range s.connStateFuncs { + if server.ConnState != nil { + baseConnStateFunc := server.ConnState + server.ConnState = func(conn net.Conn, state http.ConnState) { + baseConnStateFunc(conn, state) + f(conn, state) + } + } else { + server.ConnState = f + } + } + + for _, f := range s.connContextFuncs { + if server.ConnContext != nil { + baseConnContextFunc := server.ConnContext + server.ConnContext = func(ctx context.Context, c net.Conn) context.Context { + return f(baseConnContextFunc(ctx, c), c) + } + } else { + server.ConnContext = f + } + } + + for _, f := range s.onShutdownFuncs { + server.RegisterOnShutdown(f) + } +} + +// RegisterConnState registers f to be invoked on s.ConnState. +func (s *Server) RegisterConnState(f func(net.Conn, http.ConnState)) { + s.connStateFuncs = append(s.connStateFuncs, f) +} + +// RegisterConnContext registers f to be invoked as part of s.ConnContext. +func (s *Server) RegisterConnContext(f func(ctx context.Context, c net.Conn) context.Context) { + s.connContextFuncs = append(s.connContextFuncs, f) +} + +// RegisterOnShutdown registers f to be invoked on server shutdown. +func (s *Server) RegisterOnShutdown(f func()) { + s.onShutdownFuncs = append(s.onShutdownFuncs, f) +} + // HTTPErrorConfig determines how to handle errors // from the HTTP handlers. type HTTPErrorConfig struct { From e43b6d81782ef79f22058179d8793f40cea89556 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 16 Sep 2022 16:55:30 -0600 Subject: [PATCH 0805/1498] core: Variadic Context.Logger(); soft deprecation Ideally I'd just remove the parameter to caddy.Context.Logger(), but this would break most Caddy plugins. Instead, I'm making it variadic and marking it as partially deprecated. In the future, I might completely remove the parameter once most plugins have updated. --- caddyconfig/httploader.go | 4 +- context.go | 43 +++++++++++-------- modules/caddyevents/app.go | 2 +- modules/caddyhttp/app.go | 2 +- modules/caddyhttp/caddyauth/caddyauth.go | 2 +- modules/caddyhttp/caddyauth/hashes.go | 2 +- modules/caddyhttp/celmatcher.go | 16 +++---- modules/caddyhttp/fileserver/matcher.go | 2 +- modules/caddyhttp/fileserver/staticfiles.go | 2 +- modules/caddyhttp/matchers.go | 2 +- modules/caddyhttp/push/handler.go | 2 +- .../caddyhttp/reverseproxy/fastcgi/fastcgi.go | 2 +- .../caddyhttp/reverseproxy/httptransport.go | 2 +- .../caddyhttp/reverseproxy/reverseproxy.go | 2 +- modules/caddyhttp/reverseproxy/upstreams.go | 4 +- modules/caddyhttp/rewrite/rewrite.go | 2 +- modules/caddyhttp/tracing/module.go | 9 ++-- modules/caddypki/acmeserver/acmeserver.go | 2 +- modules/caddypki/adminapi.go | 2 +- modules/caddypki/pki.go | 2 +- modules/caddytls/acmeissuer.go | 2 +- modules/caddytls/certmanagers.go | 2 +- modules/caddytls/internalissuer.go | 13 +++--- modules/caddytls/matchers.go | 2 +- modules/caddytls/tls.go | 2 +- modules/caddytls/zerosslissuer.go | 2 +- modules/metrics/metrics.go | 9 ++-- 27 files changed, 71 insertions(+), 67 deletions(-) diff --git a/caddyconfig/httploader.go b/caddyconfig/httploader.go index e4d81591..80eab446 100644 --- a/caddyconfig/httploader.go +++ b/caddyconfig/httploader.go @@ -113,7 +113,7 @@ func (hl HTTPLoader) LoadConfig(ctx caddy.Context) ([]byte, error) { return nil, err } for _, warn := range warnings { - ctx.Logger(hl).Warn(warn.String()) + ctx.Logger().Warn(warn.String()) } return result, nil @@ -129,7 +129,7 @@ func (hl HTTPLoader) makeClient(ctx caddy.Context) (*http.Client, error) { // client authentication if hl.TLS.UseServerIdentity { - certs, err := ctx.IdentityCredentials(ctx.Logger(hl)) + certs, err := ctx.IdentityCredentials(ctx.Logger()) if err != nil { return nil, fmt.Errorf("getting server identity credentials: %v", err) } diff --git a/context.go b/context.go index e850b73d..e55e40ce 100644 --- a/context.go +++ b/context.go @@ -442,10 +442,27 @@ func (ctx Context) Storage() certmagic.Storage { return ctx.cfg.storage } -// TODO: aw man, can I please change this? -// Logger returns a logger that can be used by mod. -func (ctx Context) Logger(mod Module) *zap.Logger { - // TODO: if mod is nil, use ctx.Module() instead... +// Logger returns a logger that is intended for use by the most +// recent module associated with the context. Callers should not +// pass in any arguments unless they want to associate with a +// different module; it panics if more than 1 value is passed in. +// +// Originally, this method's signature was `Logger(mod Module)`, +// requiring that an instance of a Caddy module be passsed in. +// However, that is no longer necessary, as the closest module +// most recently associated with the context will be automatically +// assumed. To prevent a sudden breaking change, this method's +// signature has been changed to be variadic, but we may remove +// the parameter altogether in the future. Callers should not +// pass in any argument. If there is valid need to specify a +// different module, please open an issue to discuss. +// +// PARTIALLY DEPRECATED: The Logger(module) form is deprecated and +// may be removed in the future. Do not pass in any arguments. +func (ctx Context) Logger(module ...Module) *zap.Logger { + if len(module) > 1 { + panic("more than 1 module passed in") + } if ctx.cfg == nil { // often the case in tests; just use a dev logger l, err := zap.NewDevelopment() @@ -454,23 +471,13 @@ func (ctx Context) Logger(mod Module) *zap.Logger { } return l } + mod := ctx.Module() + if len(module) > 0 { + mod = module[0] + } return ctx.cfg.Logging.Logger(mod) } -// TODO: use this -// // Logger returns a logger that can be used by the current module. -// func (ctx Context) Log() *zap.Logger { -// if ctx.cfg == nil { -// // often the case in tests; just use a dev logger -// l, err := zap.NewDevelopment() -// if err != nil { -// panic("config missing, unable to create dev logger: " + err.Error()) -// } -// return l -// } -// return ctx.cfg.Logging.Logger(ctx.Module()) -// } - // Modules returns the lineage of modules that this context provisioned, // with the most recent/current module being last in the list. func (ctx Context) Modules() []Module { diff --git a/modules/caddyevents/app.go b/modules/caddyevents/app.go index 3ae40e81..db2192ce 100644 --- a/modules/caddyevents/app.go +++ b/modules/caddyevents/app.go @@ -119,7 +119,7 @@ func (App) CaddyModule() caddy.ModuleInfo { // Provision sets up the app. func (app *App) Provision(ctx caddy.Context) error { - app.logger = ctx.Logger(app) + app.logger = ctx.Logger() app.subscriptions = make(map[string]map[caddy.ModuleID][]Handler) for _, sub := range app.Subscriptions { diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go index 0253521a..290a4083 100644 --- a/modules/caddyhttp/app.go +++ b/modules/caddyhttp/app.go @@ -160,7 +160,7 @@ func (app *App) Provision(ctx caddy.Context) error { } app.tlsApp = tlsAppIface.(*caddytls.TLS) app.ctx = ctx - app.logger = ctx.Logger(app) + app.logger = ctx.Logger() eventsAppIface, err := ctx.App("events") if err != nil { diff --git a/modules/caddyhttp/caddyauth/caddyauth.go b/modules/caddyhttp/caddyauth/caddyauth.go index ae30a086..b2bdbc22 100644 --- a/modules/caddyhttp/caddyauth/caddyauth.go +++ b/modules/caddyhttp/caddyauth/caddyauth.go @@ -56,7 +56,7 @@ func (Authentication) CaddyModule() caddy.ModuleInfo { // Provision sets up a. func (a *Authentication) Provision(ctx caddy.Context) error { - a.logger = ctx.Logger(a) + a.logger = ctx.Logger() a.Providers = make(map[string]Authenticator) mods, err := ctx.LoadModule(a, "ProvidersRaw") if err != nil { diff --git a/modules/caddyhttp/caddyauth/hashes.go b/modules/caddyhttp/caddyauth/hashes.go index 6505d187..6a651f0d 100644 --- a/modules/caddyhttp/caddyauth/hashes.go +++ b/modules/caddyhttp/caddyauth/hashes.go @@ -92,7 +92,7 @@ func (ScryptHash) CaddyModule() caddy.ModuleInfo { // Provision sets up s. func (s *ScryptHash) Provision(ctx caddy.Context) error { s.SetDefaults() - ctx.Logger(s).Warn("use of 'scrypt' is deprecated, please use 'bcrypt' instead") + ctx.Logger().Warn("use of 'scrypt' is deprecated, please use 'bcrypt' instead") return nil } diff --git a/modules/caddyhttp/celmatcher.go b/modules/caddyhttp/celmatcher.go index e7067c32..7f1cc02e 100644 --- a/modules/caddyhttp/celmatcher.go +++ b/modules/caddyhttp/celmatcher.go @@ -90,7 +90,7 @@ func (m *MatchExpression) UnmarshalJSON(data []byte) error { // Provision sets ups m. func (m *MatchExpression) Provision(ctx caddy.Context) error { - m.log = ctx.Logger(m) + m.log = ctx.Logger() // replace placeholders with a function call - this is just some // light (and possibly naïve) syntactic sugar @@ -294,13 +294,13 @@ type CELLibraryProducer interface { // CELMatcherImpl creates a new cel.Library based on the following pieces of // data: // -// - macroName: the function name to be used within CEL. This will be a macro -// and not a function proper. -// - funcName: the function overload name generated by the CEL macro used to -// represent the matcher. -// - matcherDataTypes: the argument types to the macro. -// - fac: a matcherFactory implementation which converts from CEL constant -// values to a Matcher instance. +// - macroName: the function name to be used within CEL. This will be a macro +// and not a function proper. +// - funcName: the function overload name generated by the CEL macro used to +// represent the matcher. +// - matcherDataTypes: the argument types to the macro. +// - fac: a matcherFactory implementation which converts from CEL constant +// values to a Matcher instance. // // Note, macro names and function names must not collide with other macros or // functions exposed within CEL expressions, or an error will be produced diff --git a/modules/caddyhttp/fileserver/matcher.go b/modules/caddyhttp/fileserver/matcher.go index 87a15243..2989e4b2 100644 --- a/modules/caddyhttp/fileserver/matcher.go +++ b/modules/caddyhttp/fileserver/matcher.go @@ -256,7 +256,7 @@ func celFileMatcherMacroExpander() parser.MacroExpander { // Provision sets up m's defaults. func (m *MatchFile) Provision(ctx caddy.Context) error { - m.logger = ctx.Logger(m) + m.logger = ctx.Logger() // establish the file system to use if len(m.FileSystemRaw) > 0 { diff --git a/modules/caddyhttp/fileserver/staticfiles.go b/modules/caddyhttp/fileserver/staticfiles.go index 0639d979..84743388 100644 --- a/modules/caddyhttp/fileserver/staticfiles.go +++ b/modules/caddyhttp/fileserver/staticfiles.go @@ -167,7 +167,7 @@ func (FileServer) CaddyModule() caddy.ModuleInfo { // Provision sets up the static files responder. func (fsrv *FileServer) Provision(ctx caddy.Context) error { - fsrv.logger = ctx.Logger(fsrv) + fsrv.logger = ctx.Logger() // establish which file system (possibly a virtual one) we'll be using if len(fsrv.FileSystemRaw) > 0 { diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index a01f8f98..bca94be8 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -1326,7 +1326,7 @@ func (MatchRemoteIP) CELLibrary(ctx caddy.Context) (cel.Library, error) { // Provision parses m's IP ranges, either from IP or CIDR expressions. func (m *MatchRemoteIP) Provision(ctx caddy.Context) error { - m.logger = ctx.Logger(m) + m.logger = ctx.Logger() for _, str := range m.Ranges { // Exclude the zone_id from the IP if strings.Contains(str, "%") { diff --git a/modules/caddyhttp/push/handler.go b/modules/caddyhttp/push/handler.go index 27652ef0..60eadd0c 100644 --- a/modules/caddyhttp/push/handler.go +++ b/modules/caddyhttp/push/handler.go @@ -61,7 +61,7 @@ func (Handler) CaddyModule() caddy.ModuleInfo { // Provision sets up h. func (h *Handler) Provision(ctx caddy.Context) error { - h.logger = ctx.Logger(h) + h.logger = ctx.Logger() if h.Headers != nil { err := h.Headers.Provision(ctx) if err != nil { diff --git a/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go b/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go index 6ff6ff4a..ec194e72 100644 --- a/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go +++ b/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go @@ -94,7 +94,7 @@ func (Transport) CaddyModule() caddy.ModuleInfo { // Provision sets up t. func (t *Transport) Provision(ctx caddy.Context) error { - t.logger = ctx.Logger(t) + t.logger = ctx.Logger() if t.Root == "" { t.Root = "{http.vars.root}" diff --git a/modules/caddyhttp/reverseproxy/httptransport.go b/modules/caddyhttp/reverseproxy/httptransport.go index e9c7ddd0..ec5d2f23 100644 --- a/modules/caddyhttp/reverseproxy/httptransport.go +++ b/modules/caddyhttp/reverseproxy/httptransport.go @@ -195,7 +195,7 @@ func (h *HTTPTransport) NewTransport(caddyCtx caddy.Context) (*http.Transport, e TCPConn: tcpConn, readTimeout: time.Duration(h.ReadTimeout), writeTimeout: time.Duration(h.WriteTimeout), - logger: caddyCtx.Logger(h), + logger: caddyCtx.Logger(), } } diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index dc1458d1..4c8b29b1 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -217,7 +217,7 @@ func (h *Handler) Provision(ctx caddy.Context) error { } h.events = eventAppIface.(*caddyevents.App) h.ctx = ctx - h.logger = ctx.Logger(h) + h.logger = ctx.Logger() h.connections = make(map[io.ReadWriteCloser]openConnection) h.connectionsMu = new(sync.Mutex) diff --git a/modules/caddyhttp/reverseproxy/upstreams.go b/modules/caddyhttp/reverseproxy/upstreams.go index b9f85a2c..7a90016d 100644 --- a/modules/caddyhttp/reverseproxy/upstreams.go +++ b/modules/caddyhttp/reverseproxy/upstreams.go @@ -76,7 +76,7 @@ func (SRVUpstreams) CaddyModule() caddy.ModuleInfo { } func (su *SRVUpstreams) Provision(ctx caddy.Context) error { - su.logger = ctx.Logger(su) + su.logger = ctx.Logger() if su.Refresh == 0 { su.Refresh = caddy.Duration(time.Minute) } @@ -383,7 +383,7 @@ func (MultiUpstreams) CaddyModule() caddy.ModuleInfo { } func (mu *MultiUpstreams) Provision(ctx caddy.Context) error { - mu.logger = ctx.Logger(mu) + mu.logger = ctx.Logger() if mu.SourcesRaw != nil { mod, err := ctx.LoadModule(mu, "SourcesRaw") diff --git a/modules/caddyhttp/rewrite/rewrite.go b/modules/caddyhttp/rewrite/rewrite.go index 4316b5af..95bc5046 100644 --- a/modules/caddyhttp/rewrite/rewrite.go +++ b/modules/caddyhttp/rewrite/rewrite.go @@ -101,7 +101,7 @@ func (Rewrite) CaddyModule() caddy.ModuleInfo { // Provision sets up rewr. func (rewr *Rewrite) Provision(ctx caddy.Context) error { - rewr.logger = ctx.Logger(rewr) + rewr.logger = ctx.Logger() for i, rep := range rewr.PathRegexp { if rep.Find == "" { diff --git a/modules/caddyhttp/tracing/module.go b/modules/caddyhttp/tracing/module.go index 7cce6692..e3eb84d2 100644 --- a/modules/caddyhttp/tracing/module.go +++ b/modules/caddyhttp/tracing/module.go @@ -42,7 +42,7 @@ func (Tracing) CaddyModule() caddy.ModuleInfo { // Provision implements caddy.Provisioner. func (ot *Tracing) Provision(ctx caddy.Context) error { - ot.logger = ctx.Logger(ot) + ot.logger = ctx.Logger() var err error ot.otel, err = newOpenTelemetryWrapper(ctx, ot.SpanName) @@ -66,10 +66,9 @@ func (ot *Tracing) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyh // UnmarshalCaddyfile sets up the module from Caddyfile tokens. Syntax: // -// tracing { -// [span ] -// } -// +// tracing { +// [span ] +// } func (ot *Tracing) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { setParameter := func(d *caddyfile.Dispenser, val *string) error { if d.NextArg() { diff --git a/modules/caddypki/acmeserver/acmeserver.go b/modules/caddypki/acmeserver/acmeserver.go index ff021b4f..921d0b87 100644 --- a/modules/caddypki/acmeserver/acmeserver.go +++ b/modules/caddypki/acmeserver/acmeserver.go @@ -87,7 +87,7 @@ func (Handler) CaddyModule() caddy.ModuleInfo { // Provision sets up the ACME server handler. func (ash *Handler) Provision(ctx caddy.Context) error { - ash.logger = ctx.Logger(ash) + ash.logger = ctx.Logger() // set some defaults if ash.CA == "" { ash.CA = caddypki.DefaultCAID diff --git a/modules/caddypki/adminapi.go b/modules/caddypki/adminapi.go index b4d26951..f03c6b63 100644 --- a/modules/caddypki/adminapi.go +++ b/modules/caddypki/adminapi.go @@ -47,7 +47,7 @@ func (adminAPI) CaddyModule() caddy.ModuleInfo { // Provision sets up the adminAPI module. func (a *adminAPI) Provision(ctx caddy.Context) error { a.ctx = ctx - a.log = ctx.Logger(a) + a.log = ctx.Logger(a) // TODO: passing in 'a' is a hack until the admin API is officially extensible (see #5032) // First check if the PKI app was configured, because // a.ctx.App() has the side effect of instantiating diff --git a/modules/caddypki/pki.go b/modules/caddypki/pki.go index 4fd0bb50..2caeb2b5 100644 --- a/modules/caddypki/pki.go +++ b/modules/caddypki/pki.go @@ -54,7 +54,7 @@ func (PKI) CaddyModule() caddy.ModuleInfo { // Provision sets up the configuration for the PKI app. func (p *PKI) Provision(ctx caddy.Context) error { p.ctx = ctx - p.log = ctx.Logger(p) + p.log = ctx.Logger() for caID, ca := range p.CAs { err := ca.Provision(ctx, caID, p.log) diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go index 2fe4004f..2f752ed0 100644 --- a/modules/caddytls/acmeissuer.go +++ b/modules/caddytls/acmeissuer.go @@ -103,7 +103,7 @@ func (ACMEIssuer) CaddyModule() caddy.ModuleInfo { // Provision sets up iss. func (iss *ACMEIssuer) Provision(ctx caddy.Context) error { - iss.logger = ctx.Logger(iss) + iss.logger = ctx.Logger() repl := caddy.NewReplacer() diff --git a/modules/caddytls/certmanagers.go b/modules/caddytls/certmanagers.go index de7abf97..1b701ab2 100644 --- a/modules/caddytls/certmanagers.go +++ b/modules/caddytls/certmanagers.go @@ -43,7 +43,7 @@ func (Tailscale) CaddyModule() caddy.ModuleInfo { } func (ts *Tailscale) Provision(ctx caddy.Context) error { - ts.logger = ctx.Logger(ts) + ts.logger = ctx.Logger() return nil } diff --git a/modules/caddytls/internalissuer.go b/modules/caddytls/internalissuer.go index ba6055ed..3dd6c359 100644 --- a/modules/caddytls/internalissuer.go +++ b/modules/caddytls/internalissuer.go @@ -65,7 +65,7 @@ func (InternalIssuer) CaddyModule() caddy.ModuleInfo { // Provision sets up the issuer. func (iss *InternalIssuer) Provision(ctx caddy.Context) error { - iss.logger = ctx.Logger(iss) + iss.logger = ctx.Logger() // set some defaults if iss.CA == "" { @@ -148,12 +148,11 @@ func (iss InternalIssuer) Issue(ctx context.Context, csr *x509.CertificateReques // UnmarshalCaddyfile deserializes Caddyfile tokens into iss. // -// ... internal { -// ca -// lifetime -// sign_with_root -// } -// +// ... internal { +// ca +// lifetime +// sign_with_root +// } func (iss *InternalIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { for d.Next() { for d.NextBlock(0) { diff --git a/modules/caddytls/matchers.go b/modules/caddytls/matchers.go index 4a22bc09..f541220f 100644 --- a/modules/caddytls/matchers.go +++ b/modules/caddytls/matchers.go @@ -81,7 +81,7 @@ func (MatchRemoteIP) CaddyModule() caddy.ModuleInfo { // Provision parses m's IP ranges, either from IP or CIDR expressions. func (m *MatchRemoteIP) Provision(ctx caddy.Context) error { - m.logger = ctx.Logger(m) + m.logger = ctx.Logger() for _, str := range m.Ranges { cidrs, err := m.parseIPRange(str) if err != nil { diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go index 2e532ed9..8051653e 100644 --- a/modules/caddytls/tls.go +++ b/modules/caddytls/tls.go @@ -94,7 +94,7 @@ func (t *TLS) Provision(ctx caddy.Context) error { } t.events = eventsAppIface.(*caddyevents.App) t.ctx = ctx - t.logger = ctx.Logger(t) + t.logger = ctx.Logger() repl := caddy.NewReplacer() // set up a new certificate cache; this (re)loads all certificates diff --git a/modules/caddytls/zerosslissuer.go b/modules/caddytls/zerosslissuer.go index c7ff70fb..02092944 100644 --- a/modules/caddytls/zerosslissuer.go +++ b/modules/caddytls/zerosslissuer.go @@ -66,7 +66,7 @@ func (*ZeroSSLIssuer) CaddyModule() caddy.ModuleInfo { // Provision sets up iss. func (iss *ZeroSSLIssuer) Provision(ctx caddy.Context) error { - iss.logger = ctx.Logger(iss) + iss.logger = ctx.Logger() if iss.ACMEIssuer == nil { iss.ACMEIssuer = new(ACMEIssuer) } diff --git a/modules/metrics/metrics.go b/modules/metrics/metrics.go index 1ad392c1..d4ad9779 100644 --- a/modules/metrics/metrics.go +++ b/modules/metrics/metrics.go @@ -62,7 +62,7 @@ func (l *zapLogger) Println(v ...any) { // Provision sets up m. func (m *Metrics) Provision(ctx caddy.Context) error { - log := ctx.Logger(m) + log := ctx.Logger() m.metricsHandler = createMetricsHandler(&zapLogger{log}, !m.DisableOpenMetrics) return nil } @@ -75,10 +75,9 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) // UnmarshalCaddyfile sets up the handler from Caddyfile tokens. Syntax: // -// metrics [] { -// disable_openmetrics -// } -// +// metrics [] { +// disable_openmetrics +// } func (m *Metrics) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { for d.Next() { args := d.RemainingArgs() From b4643994d521671a130e8b1e33ad3747af3618f5 Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Sat, 17 Sep 2022 17:54:50 +0300 Subject: [PATCH 0806/1498] ci: fix the name template of singing certificate and sboms (#5046) --- .goreleaser.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.goreleaser.yml b/.goreleaser.yml index 9369bc48..bfd3fd43 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -68,14 +68,13 @@ builds: signs: - cmd: cosign signature: "${artifact}.sig" - certificate: '{{ trimsuffix .Env.artifact ".tar.gz" }}.pem' + certificate: '{{ trimsuffix (trimsuffix .Env.artifact ".zip") ".tar.gz" }}.pem' args: ["sign-blob", "--output-signature=${signature}", "--output-certificate", "${certificate}", "${artifact}"] artifacts: all sboms: - artifacts: binary - # defaults to - # documents: - # - "{{ .Binary }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}.sbom" + documents: + - '{{ .Binary }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}{{if .Arm}}v{{ .Arm }}{{end}}.sbom' cmd: syft args: ["$artifact", "--file", "${document}", "--output", "cyclonedx-json"] archives: From 00beec2e34cbbc111c5f61058ee5b2b05c90ca8b Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Sat, 17 Sep 2022 11:28:13 -0600 Subject: [PATCH 0807/1498] caddyhttp: Fix write header on responseRecorder --- modules/caddyhttp/responsewriter.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/caddyhttp/responsewriter.go b/modules/caddyhttp/responsewriter.go index 9820b41b..4e2c8f00 100644 --- a/modules/caddyhttp/responsewriter.go +++ b/modules/caddyhttp/responsewriter.go @@ -185,7 +185,7 @@ func (rr *responseRecorder) WriteHeader(statusCode int) { // if informational or not buffered, immediately write header if rr.stream || (100 <= statusCode && statusCode <= 199) { - rr.ResponseWriterWrapper.WriteHeader(rr.statusCode) + rr.ResponseWriterWrapper.WriteHeader(statusCode) } } From c7a6bc59345ca4075cc8bf97bd80900d28d8e05d Mon Sep 17 00:00:00 2001 From: WeidiDeng Date: Sun, 18 Sep 2022 08:47:53 +0800 Subject: [PATCH 0808/1498] caddyhttp: responseRecorder save status in all cases (#5049) --- modules/caddyhttp/responsewriter.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/caddyhttp/responsewriter.go b/modules/caddyhttp/responsewriter.go index 4e2c8f00..d29f6a76 100644 --- a/modules/caddyhttp/responsewriter.go +++ b/modules/caddyhttp/responsewriter.go @@ -170,9 +170,11 @@ func (rr *responseRecorder) WriteHeader(statusCode int) { return } + // save statusCode in case http middleware upgrading websocket + // connections by manually setting headers and writing status 101 + rr.statusCode = statusCode // 1xx responses aren't final; just informational if statusCode < 100 || statusCode > 199 { - rr.statusCode = statusCode rr.wroteHeader = true // decide whether we should buffer the response From 0950ba4f0b77f2a9134188386345fccdfddb80ad Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 19 Sep 2022 16:20:58 -0600 Subject: [PATCH 0809/1498] events: Make event data exported This could lead to bugs if handlers are not careful, but it is surely useful. We'll see how it goes, what the feedback is like, etc. --- modules/caddyevents/app.go | 39 +++++++++++++++++++++++++++----------- 1 file changed, 28 insertions(+), 11 deletions(-) diff --git a/modules/caddyevents/app.go b/modules/caddyevents/app.go index db2192ce..6b10460d 100644 --- a/modules/caddyevents/app.go +++ b/modules/caddyevents/app.go @@ -201,6 +201,9 @@ func (app *App) On(eventName string, handler Handler) error { // Emit creates and dispatches an event named eventName to all relevant handlers with // the metadata data. Events are emitted and propagated synchronously. The returned Event // value will have any additional information from the invoked handlers. +// +// Note that the data map is not copied, for efficiency. After Emit() is called, the +// data passed in should not be changed in other goroutines. func (app *App) Emit(ctx caddy.Context, eventName string, data map[string]any) Event { logger := app.logger.With(zap.String("name", eventName)) @@ -212,11 +215,11 @@ func (app *App) Emit(ctx caddy.Context, eventName string, data map[string]any) E eventName = strings.ToLower(eventName) e := Event{ + Data: data, id: id, ts: time.Now(), name: eventName, origin: ctx.Module(), - data: data, } logger = logger.With( @@ -244,12 +247,12 @@ func (app *App) Emit(ctx caddy.Context, eventName string, data map[string]any) E case "event.module": return e.origin.CaddyModule().ID, true case "event.data": - return e.data, true + return e.Data, true } if strings.HasPrefix(key, "event.data.") { key = strings.TrimPrefix(key, "event.data.") - if val, ok := data[key]; ok { + if val, ok := e.Data[key]; ok { return val, true } } @@ -257,7 +260,7 @@ func (app *App) Emit(ctx caddy.Context, eventName string, data map[string]any) E return nil, false }) - logger.Debug("event", zap.Any("data", e.data)) + logger.Debug("event", zap.Any("data", e.Data)) // invoke handlers bound to the event by name and also all events; this for loop // iterates twice at most: once for the event name, once for "" (all events) @@ -314,26 +317,40 @@ func (app *App) Emit(ctx caddy.Context, eventName string, data map[string]any) E } // Event represents something that has happened or is happening. +// An Event value is not synchronized, so it should be copied if +// being used in goroutines. +// +// EXPERIMENTAL: As with the rest of this package, events are +// subject to change. type Event struct { - id uuid.UUID - ts time.Time - name string - origin caddy.Module - data map[string]any - // If non-nil, the event has been aborted, meaning // propagation has stopped to other handlers and // the code should stop what it was doing. Emitters // may choose to use this as a signal to adjust their // code path appropriately. Aborted error + + // The data associated with the event. Usually the + // original emitter will be the only one to set or + // change these values, but the field is exported + // so handlers can have full access if needed. + // However, this map is not synchronized, so + // handlers must not use this map directly in new + // goroutines; instead, copy the map to use it in a + // goroutine. + Data map[string]any + + id uuid.UUID + ts time.Time + name string + origin caddy.Module } // CloudEvent exports event e as a structure that, when // serialized as JSON, is compatible with the // CloudEvents spec. func (e Event) CloudEvent() CloudEvent { - dataJSON, _ := json.Marshal(e.data) + dataJSON, _ := json.Marshal(e.Data) return CloudEvent{ ID: e.id.String(), Source: e.origin.CaddyModule().String(), From da8b7fe58f83012d9a6c6e15cb249ca5f476597c Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Mon, 19 Sep 2022 21:54:47 -0600 Subject: [PATCH 0810/1498] caddyhttp: Honor grace period in background (#5043) * caddyhttp: Honor grace period in background This avoids blocking during config reloads. * Don't quit process until servers shut down * Make tests more likely to pass on fast CI (#5045) * caddyhttp: Even faster shutdowns Simultaneously shut down all HTTP servers, rather than one at a time. In practice there usually won't be more than 1 that lingers. But this code ensures that they all Shutdown() in their own goroutine and then we wait for them at the end (if exiting). We also wait for them to start up so we can be fairly confident the shutdowns have begun; i.e. old servers no longer accepting new connections. * Fix comment typo * Pull functions out of loop, for readability --- caddy.go | 11 ++++ caddytest/caddytest.go | 2 +- caddytest/integration/caddyfile_test.go | 4 ++ caddytest/integration/handler_test.go | 1 + caddytest/integration/map_test.go | 1 + caddytest/integration/reverseproxy_test.go | 6 +++ caddytest/integration/sni_test.go | 3 ++ caddytest/integration/stream_test.go | 2 + modules/caddyhttp/app.go | 58 ++++++++++++++++++---- 9 files changed, 78 insertions(+), 10 deletions(-) diff --git a/caddy.go b/caddy.go index 9595c96c..584865bd 100644 --- a/caddy.go +++ b/caddy.go @@ -31,6 +31,7 @@ import ( "strconv" "strings" "sync" + "sync/atomic" "time" "github.com/caddyserver/caddy/v2/notify" @@ -676,6 +677,10 @@ func Validate(cfg *Config) error { // Errors are logged along the way, and an appropriate exit // code is emitted. func exitProcess(ctx context.Context, logger *zap.Logger) { + // let the rest of the program know we're quitting + atomic.StoreInt32(exiting, 1) + + // give the OS or service/process manager our 2 weeks' notice: we quit if err := notify.Stopping(); err != nil { Log().Error("unable to notify service manager of stopping state", zap.Error(err)) } @@ -739,6 +744,12 @@ func exitProcess(ctx context.Context, logger *zap.Logger) { }() } +var exiting = new(int32) // accessed atomically + +// Exiting returns true if the process is exiting. +// EXPERIMENTAL API: subject to change or removal. +func Exiting() bool { return atomic.LoadInt32(exiting) == 1 } + // Duration can be an integer or a string. An integer is // interpreted as nanoseconds. If a string, it is a Go // time.Duration value such as `300ms`, `1.5h`, or `2h45m`; diff --git a/caddytest/caddytest.go b/caddytest/caddytest.go index 4fb33941..e560ab4a 100644 --- a/caddytest/caddytest.go +++ b/caddytest/caddytest.go @@ -43,7 +43,7 @@ type Defaults struct { // Default testing values var Default = Defaults{ - AdminPort: 2019, + AdminPort: 2999, // different from what a real server also running on a developer's machine might be Certifcates: []string{"/caddy.localhost.crt", "/caddy.localhost.key"}, TestRequestTimeout: 5 * time.Second, LoadRequestTimeout: 5 * time.Second, diff --git a/caddytest/integration/caddyfile_test.go b/caddytest/integration/caddyfile_test.go index 27588833..77ac54ef 100644 --- a/caddytest/integration/caddyfile_test.go +++ b/caddytest/integration/caddyfile_test.go @@ -16,6 +16,7 @@ func TestRespond(t *testing.T) { { http_port 9080 https_port 9443 + grace_period 1 } localhost:9080 { @@ -37,6 +38,7 @@ func TestRedirect(t *testing.T) { { http_port 9080 https_port 9443 + grace_period 1 } localhost:9080 { @@ -86,6 +88,7 @@ func TestReadCookie(t *testing.T) { { http_port 9080 https_port 9443 + grace_period 1 } localhost:9080 { @@ -109,6 +112,7 @@ func TestReplIndex(t *testing.T) { { http_port 9080 https_port 9443 + grace_period 1 } localhost:9080 { diff --git a/caddytest/integration/handler_test.go b/caddytest/integration/handler_test.go index fb986c7c..e295dc55 100644 --- a/caddytest/integration/handler_test.go +++ b/caddytest/integration/handler_test.go @@ -13,6 +13,7 @@ func TestBrowse(t *testing.T) { { http_port 9080 https_port 9443 + grace_period 1 } http://localhost:9080 { file_server browse diff --git a/caddytest/integration/map_test.go b/caddytest/integration/map_test.go index afed0c35..05959576 100644 --- a/caddytest/integration/map_test.go +++ b/caddytest/integration/map_test.go @@ -13,6 +13,7 @@ func TestMap(t *testing.T) { tester.InitServer(`{ http_port 9080 https_port 9443 + grace_period 1 } localhost:9080 { diff --git a/caddytest/integration/reverseproxy_test.go b/caddytest/integration/reverseproxy_test.go index ca11287a..dfc8df0d 100644 --- a/caddytest/integration/reverseproxy_test.go +++ b/caddytest/integration/reverseproxy_test.go @@ -18,6 +18,7 @@ func TestSRVReverseProxy(t *testing.T) { { "apps": { "http": { + "grace_period": 1, "servers": { "srv0": { "listen": [ @@ -50,6 +51,7 @@ func TestSRVWithDial(t *testing.T) { { "apps": { "http": { + "grace_period": 1, "servers": { "srv0": { "listen": [ @@ -115,6 +117,7 @@ func TestDialWithPlaceholderUnix(t *testing.T) { { "apps": { "http": { + "grace_period": 1, "servers": { "srv0": { "listen": [ @@ -156,6 +159,7 @@ func TestReverseProxyWithPlaceholderDialAddress(t *testing.T) { { "apps": { "http": { + "grace_period": 1, "servers": { "srv0": { "listen": [ @@ -239,6 +243,7 @@ func TestReverseProxyWithPlaceholderTCPDialAddress(t *testing.T) { { "apps": { "http": { + "grace_period": 1, "servers": { "srv0": { "listen": [ @@ -321,6 +326,7 @@ func TestSRVWithActiveHealthcheck(t *testing.T) { { "apps": { "http": { + "grace_period": 1, "servers": { "srv0": { "listen": [ diff --git a/caddytest/integration/sni_test.go b/caddytest/integration/sni_test.go index 813e9a05..aa47c75e 100644 --- a/caddytest/integration/sni_test.go +++ b/caddytest/integration/sni_test.go @@ -15,6 +15,7 @@ func TestDefaultSNI(t *testing.T) { "http": { "http_port": 9080, "https_port": 9443, + "grace_period": 1, "servers": { "srv0": { "listen": [ @@ -112,6 +113,7 @@ func TestDefaultSNIWithNamedHostAndExplicitIP(t *testing.T) { "http": { "http_port": 9080, "https_port": 9443, + "grace_period": 1, "servers": { "srv0": { "listen": [ @@ -212,6 +214,7 @@ func TestDefaultSNIWithPortMappingOnly(t *testing.T) { "http": { "http_port": 9080, "https_port": 9443, + "grace_period": 1, "servers": { "srv0": { "listen": [ diff --git a/caddytest/integration/stream_test.go b/caddytest/integration/stream_test.go index cfd9d361..0cb1db2e 100644 --- a/caddytest/integration/stream_test.go +++ b/caddytest/integration/stream_test.go @@ -27,6 +27,7 @@ func TestH2ToH2CStream(t *testing.T) { "http": { "http_port": 9080, "https_port": 9443, + "grace_period": 1, "servers": { "srv0": { "listen": [ @@ -216,6 +217,7 @@ func TestH2ToH1ChunkedResponse(t *testing.T) { "http": { "http_port": 9080, "https_port": 9443, + "grace_period": 1, "servers": { "srv0": { "listen": [ diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go index 290a4083..84b0b941 100644 --- a/modules/caddyhttp/app.go +++ b/modules/caddyhttp/app.go @@ -505,22 +505,62 @@ func (app *App) Stop() error { app.logger.Debug("servers shutting down with eternal grace period") } - // shut down servers - for _, server := range app.Servers { + // goroutines aren't guaranteed to be scheduled right away, + // so we'll use one WaitGroup to wait for all the goroutines + // to start their server shutdowns, and another to wait for + // them to finish; we'll always block for them to start so + // that when we return the caller can be confident* that the + // old servers are no longer accepting new connections + // (* the scheduler might still pause them right before + // calling Shutdown(), but it's unlikely) + var startedShutdown, finishedShutdown sync.WaitGroup + + // these will run in goroutines + stopServer := func(server *Server) { + defer finishedShutdown.Done() + startedShutdown.Done() + if err := server.server.Shutdown(ctx); err != nil { app.logger.Error("server shutdown", zap.Error(err), zap.Strings("addresses", server.Listen)) } + } + stopH3Server := func(server *Server) { + defer finishedShutdown.Done() + startedShutdown.Done() - if server.h3server != nil { - // TODO: CloseGracefully, once implemented upstream (see https://github.com/lucas-clemente/quic-go/issues/2103) - if err := server.h3server.Close(); err != nil { - app.logger.Error("HTTP/3 server shutdown", - zap.Error(err), - zap.Strings("addresses", server.Listen)) - } + if server.h3server == nil { + return } + // TODO: CloseGracefully, once implemented upstream (see https://github.com/lucas-clemente/quic-go/issues/2103) + if err := server.h3server.Close(); err != nil { + app.logger.Error("HTTP/3 server shutdown", + zap.Error(err), + zap.Strings("addresses", server.Listen)) + } + } + + for _, server := range app.Servers { + startedShutdown.Add(2) + finishedShutdown.Add(2) + go stopServer(server) + go stopH3Server(server) + } + + // block until all the goroutines have been run by the scheduler; + // this means that they have likely called Shutdown() by now + startedShutdown.Wait() + + // if the process is exiting, we need to block here and wait + // for the grace periods to complete, otherwise the process will + // terminate before the servers are finished shutting down; but + // we don't really need to wait for the grace period to finish + // if the process isn't exiting (but note that frequent config + // reloads with long grace periods for a sustained length of time + // may deplete resources) + if caddy.Exiting() { + finishedShutdown.Wait() } return nil From e3d04ff86b5bf886bc4c6cf7806987eeda96d163 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 20 Sep 2022 00:11:19 -0400 Subject: [PATCH 0811/1498] caddyhttp: Skip inserting HTTP->HTTPS redir if catch-all for both exist (#5051) --- modules/caddyhttp/autohttps.go | 34 ++++++++++++++++++++++------------ 1 file changed, 22 insertions(+), 12 deletions(-) diff --git a/modules/caddyhttp/autohttps.go b/modules/caddyhttp/autohttps.go index 3d476cb1..be229ea8 100644 --- a/modules/caddyhttp/autohttps.go +++ b/modules/caddyhttp/autohttps.go @@ -378,19 +378,29 @@ redirServersLoop: // we'll create a new server for all the listener addresses // that are unused and serve the remaining redirects from it for _, srv := range app.Servers { - if srv.hasListenerAddress(redirServerAddr) { - // find the index of the route after the last route with a host - // matcher, then insert the redirects there, but before any - // user-defined catch-all routes - // see https://github.com/caddyserver/caddy/issues/3212 - insertIndex := srv.findLastRouteWithHostMatcher() - srv.Routes = append(srv.Routes[:insertIndex], append(routes, srv.Routes[insertIndex:]...)...) - - // append our catch-all route in case the user didn't define their own - srv.Routes = appendCatchAll(srv.Routes) - - continue redirServersLoop + // only look at servers which listen on an address which + // we want to add redirects to + if !srv.hasListenerAddress(redirServerAddr) { + continue } + + // find the index of the route after the last route with a host + // matcher, then insert the redirects there, but before any + // user-defined catch-all routes + // see https://github.com/caddyserver/caddy/issues/3212 + insertIndex := srv.findLastRouteWithHostMatcher() + + // add the redirects at the insert index, except for when + // we have a catch-all for HTTPS, in which case the user's + // defined catch-all should take precedence. See #4829 + if len(uniqueDomainsForCerts) != 0 { + srv.Routes = append(srv.Routes[:insertIndex], append(routes, srv.Routes[insertIndex:]...)...) + } + + // append our catch-all route in case the user didn't define their own + srv.Routes = appendCatchAll(srv.Routes) + + continue redirServersLoop } // no server with this listener address exists; From 821a08a6e39ed0e7c43b0271ccf126c194eb6339 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 20 Sep 2022 10:09:04 -0400 Subject: [PATCH 0812/1498] httpcaddyfile: Fix `protocols` global option parsing (#5054) * httpcaddyfile: Fix `protocols` global option parsing When checking for a block, the current nesting must be used, otherwise it returns the wrong thing. * Adjust adapt test to cover the broken behaviour that is now fixed * Fix some admin tests which suddenly run even with -short --- admin_test.go | 2 +- caddyconfig/httpcaddyfile/serveroptions.go | 2 +- .../caddyfile_adapt/global_server_options_single.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/admin_test.go b/admin_test.go index d53988b3..04aa8867 100644 --- a/admin_test.go +++ b/admin_test.go @@ -161,7 +161,7 @@ func (fooModule) Stop() error { return nil } func TestETags(t *testing.T) { RegisterModule(fooModule{}) - if err := Load([]byte(`{"apps": {"foo": {"strField": "abc", "intField": 0}}}`), true); err != nil { + if err := Load([]byte(`{"admin": {"listen": "localhost:2999"}, "apps": {"foo": {"strField": "abc", "intField": 0}}}`), true); err != nil { t.Fatalf("loading: %s", err) } diff --git a/caddyconfig/httpcaddyfile/serveroptions.go b/caddyconfig/httpcaddyfile/serveroptions.go index 8e021fd5..8ab8969d 100644 --- a/caddyconfig/httpcaddyfile/serveroptions.go +++ b/caddyconfig/httpcaddyfile/serveroptions.go @@ -162,7 +162,7 @@ func unmarshalCaddyfileServerOptions(d *caddyfile.Dispenser) (any, error) { } serverOpts.Protocols = append(serverOpts.Protocols, proto) } - if d.NextBlock(0) { + if nesting := d.Nesting(); d.NextBlock(nesting) { return nil, d.ArgErr() } diff --git a/caddytest/integration/caddyfile_adapt/global_server_options_single.txt b/caddytest/integration/caddyfile_adapt/global_server_options_single.txt index cfe6bfdf..5fb67392 100644 --- a/caddytest/integration/caddyfile_adapt/global_server_options_single.txt +++ b/caddytest/integration/caddyfile_adapt/global_server_options_single.txt @@ -12,8 +12,8 @@ } max_header_size 100MB log_credentials - strict_sni_host protocols h1 h2 h2c h3 + strict_sni_host } } From beb7dcbf2aa0d523ad230d21187e923ecd676eba Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 20 Sep 2022 16:56:02 -0600 Subject: [PATCH 0813/1498] fileserver: Reinstate --debug flag I think it got lost during a rebase or something --- modules/caddyhttp/fileserver/command.go | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/caddyhttp/fileserver/command.go b/modules/caddyhttp/fileserver/command.go index 6a775097..bc7f981d 100644 --- a/modules/caddyhttp/fileserver/command.go +++ b/modules/caddyhttp/fileserver/command.go @@ -57,6 +57,7 @@ respond with a file listing.`, fs.Bool("browse", false, "Enable directory browsing") fs.Bool("templates", false, "Enable template rendering") fs.Bool("access-log", false, "Enable the access log") + fs.Bool("debug", false, "Enable verbose debug logs") return fs }(), }) From 44ad0cedafcd32d5edcf3c6ed62834641d10fa2f Mon Sep 17 00:00:00 2001 From: WeidiDeng Date: Wed, 21 Sep 2022 22:30:42 +0800 Subject: [PATCH 0814/1498] encode: don't WriteHeader unless called (#5060) --- modules/caddyhttp/encode/encode.go | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/modules/caddyhttp/encode/encode.go b/modules/caddyhttp/encode/encode.go index f9e33ac9..91e7060a 100644 --- a/modules/caddyhttp/encode/encode.go +++ b/modules/caddyhttp/encode/encode.go @@ -241,8 +241,6 @@ func (rw *responseWriter) Write(p []byte) (int, error) { if !rw.wroteHeader { if rw.statusCode != 0 { rw.HTTPInterfaces.WriteHeader(rw.statusCode) - } else { - rw.HTTPInterfaces.WriteHeader(http.StatusOK) } rw.wroteHeader = true } @@ -264,10 +262,9 @@ func (rw *responseWriter) Close() error { rw.init() } + // issue #5059, don't write status code if not set explicitly. if rw.statusCode != 0 { rw.HTTPInterfaces.WriteHeader(rw.statusCode) - } else { - rw.HTTPInterfaces.WriteHeader(http.StatusOK) } rw.wroteHeader = true } From 1426c97da57fc84d8b584a960c43fbb58df68b80 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Wed, 21 Sep 2022 12:55:23 -0600 Subject: [PATCH 0815/1498] core: Reuse unix sockets (UDS) and don't try to serve HTTP/3 over UDS (#5063) * core: Reuse unix sockets * Don't serve HTTP/3 over unix sockets This requires upstream support, if even useful * Don't use unix build tag... yet * Fix build tag * Allow ErrNotExist when unlinking socket --- listen.go | 19 ++++++- listen_linux.go | 34 ------------ listen_unix.go | 115 +++++++++++++++++++++++++++++++++++++++ modules/caddyhttp/app.go | 2 +- 4 files changed, 134 insertions(+), 36 deletions(-) delete mode 100644 listen_linux.go create mode 100644 listen_unix.go diff --git a/listen.go b/listen.go index 2c4a0b28..268785a3 100644 --- a/listen.go +++ b/listen.go @@ -1,4 +1,21 @@ -//go:build !linux +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// TODO: Go 1.19 introduced the "unix" build tag. We have to support Go 1.18 until Go 1.20 is released. +// When Go 1.19 is our minimum, change this build tag to simply "!unix". +// (see similar change needed in listen_unix.go) +//go:build !(aix || android || darwin || dragonfly || freebsd || hurd || illumos || ios || linux || netbsd || openbsd || solaris) package caddy diff --git a/listen_linux.go b/listen_linux.go deleted file mode 100644 index b1220ce4..00000000 --- a/listen_linux.go +++ /dev/null @@ -1,34 +0,0 @@ -package caddy - -import ( - "context" - "net" - "syscall" - "time" - - "go.uber.org/zap" - "golang.org/x/sys/unix" -) - -// ListenTimeout is the same as Listen, but with a configurable keep-alive timeout duration. -func ListenTimeout(network, addr string, keepalivePeriod time.Duration) (net.Listener, error) { - // check to see if plugin provides listener - if ln, err := getListenerFromPlugin(network, addr); err != nil || ln != nil { - return ln, err - } - - config := &net.ListenConfig{Control: reusePort, KeepAlive: keepalivePeriod} - return config.Listen(context.Background(), network, addr) -} - -func reusePort(network, address string, conn syscall.RawConn) error { - return conn.Control(func(descriptor uintptr) { - if err := unix.SetsockoptInt(int(descriptor), unix.SOL_SOCKET, unix.SO_REUSEPORT, 1); err != nil { - Log().Error("setting SO_REUSEPORT", - zap.String("network", network), - zap.String("address", address), - zap.Uintptr("descriptor", descriptor), - zap.Error(err)) - } - }) -} diff --git a/listen_unix.go b/listen_unix.go new file mode 100644 index 00000000..f7b62794 --- /dev/null +++ b/listen_unix.go @@ -0,0 +1,115 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// TODO: Go 1.19 introduced the "unix" build tag. We have to support Go 1.18 until Go 1.20 is released. +// When Go 1.19 is our minimum, remove this build tag, since "_unix" in the filename will do this. +// (see also change needed in listen.go) +//go:build aix || android || darwin || dragonfly || freebsd || hurd || illumos || ios || linux || netbsd || openbsd || solaris + +package caddy + +import ( + "context" + "errors" + "io/fs" + "net" + "sync" + "syscall" + "time" + + "go.uber.org/zap" + "golang.org/x/sys/unix" +) + +// ListenTimeout is the same as Listen, but with a configurable keep-alive timeout duration. +func ListenTimeout(network, addr string, keepalivePeriod time.Duration) (net.Listener, error) { + // check to see if plugin provides listener + if ln, err := getListenerFromPlugin(network, addr); err != nil || ln != nil { + return ln, err + } + + socketKey := listenerKey(network, addr) + if isUnixNetwork(network) { + unixSocketsMu.Lock() + defer unixSocketsMu.Unlock() + + socket, exists := unixSockets[socketKey] + if exists { + // make copy of file descriptor + socketFile, err := socket.File() // dup() deep down + if err != nil { + return nil, err + } + + // use copy to make new listener + ln, err := net.FileListener(socketFile) + if err != nil { + return nil, err + } + + // the old socket fd will likely be closed soon, so replace it in the map + unixSockets[socketKey] = ln.(*net.UnixListener) + + return ln.(*net.UnixListener), nil + } + + // from what I can tell after some quick research, it's quite common for programs to + // leave their socket file behind after they close, so the typical pattern is to + // unlink it before you bind to it -- this is often crucial if the last program using + // it was killed forcefully without a chance to clean up the socket, but there is a + // race, as the comment in net.UnixListener.close() explains... oh well? + if err := syscall.Unlink(addr); err != nil && !errors.Is(err, fs.ErrNotExist) { + return nil, err + } + } + + config := &net.ListenConfig{Control: reusePort, KeepAlive: keepalivePeriod} + + ln, err := config.Listen(context.Background(), network, addr) + if err != nil { + return nil, err + } + + if uln, ok := ln.(*net.UnixListener); ok { + // TODO: ideally, we should unlink the socket once we know we're done using it + // (i.e. either on exit or a new config that doesn't use this socket; in UsagePool + // terms, when the reference count reaches 0), but given that we unlink existing + // socket before we create the new one anyway (see above), we don't necessarily + // need to clean up after ourselves; still, doing so would probably be more tidy + uln.SetUnlinkOnClose(false) + unixSockets[socketKey] = uln + } + + return ln, nil +} + +// reusePort sets SO_REUSEPORT. Ineffective for unix sockets. +func reusePort(network, address string, conn syscall.RawConn) error { + return conn.Control(func(descriptor uintptr) { + if err := unix.SetsockoptInt(int(descriptor), unix.SOL_SOCKET, unix.SO_REUSEPORT, 1); err != nil { + Log().Error("setting SO_REUSEPORT", + zap.String("network", network), + zap.String("address", address), + zap.Uintptr("descriptor", descriptor), + zap.Error(err)) + } + }) +} + +// unixSockets keeps track of the currently-active unix sockets +// so we can transfer their FDs gracefully during reloads. +var ( + unixSockets = make(map[string]*net.UnixListener) + unixSocketsMu sync.Mutex +) diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go index 84b0b941..c9a55431 100644 --- a/modules/caddyhttp/app.go +++ b/modules/caddyhttp/app.go @@ -409,7 +409,7 @@ func (app *App) Start() error { ln = tls.NewListener(ln, tlsCfg) // enable HTTP/3 if configured - if srv.protocol("h3") { + if srv.protocol("h3") && !listenAddr.IsUnixNetwork() { app.logger.Info("enabling HTTP/3 listener", zap.String("addr", hostport)) if err := srv.serveHTTP3(hostport, tlsCfg); err != nil { return err From 9206e8a7381d62a5f8362f541ab9c052f06a9d50 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 21 Sep 2022 12:59:40 -0600 Subject: [PATCH 0816/1498] Tweak some comments --- modules/caddyhttp/responsewriter.go | 3 ++- modules/caddyhttp/server.go | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/caddyhttp/responsewriter.go b/modules/caddyhttp/responsewriter.go index d29f6a76..0631229d 100644 --- a/modules/caddyhttp/responsewriter.go +++ b/modules/caddyhttp/responsewriter.go @@ -170,9 +170,10 @@ func (rr *responseRecorder) WriteHeader(statusCode int) { return } - // save statusCode in case http middleware upgrading websocket + // save statusCode always, in case HTTP middleware upgrades websocket // connections by manually setting headers and writing status 101 rr.statusCode = statusCode + // 1xx responses aren't final; just informational if statusCode < 100 || statusCode > 199 { rr.wroteHeader = true diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index d9fe077e..5daa5b2b 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -239,7 +239,7 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { return } - repl.Set("http.response.status", wrec.Status()) + repl.Set("http.response.status", wrec.Status()) // will be 0 if no response is written by us (Go will write 200 to client) repl.Set("http.response.size", wrec.Size()) repl.Set("http.response.duration", duration) repl.Set("http.response.duration_ms", duration.Seconds()*1e3) // multiply seconds to preserve decimal (see #4666) From eead00f54a4b5d55292b2dcf5f1ec462c79207ad Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Thu, 22 Sep 2022 18:09:18 +0300 Subject: [PATCH 0817/1498] ci: extend goreleaser timeout to 1-hour (#5067) --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 435086fd..456925a1 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -119,7 +119,7 @@ jobs: uses: goreleaser/goreleaser-action@v2 with: version: latest - args: release --rm-dist + args: release --rm-dist --timeout 60m env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} TAG: ${{ steps.vars.outputs.version_tag }} From f7c1a51efb6d0e578c6f699b6f3498b5930cdd32 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 23 Sep 2022 14:36:38 -0600 Subject: [PATCH 0818/1498] fastcgi: Redirect using original URI path (fix #5073) --- modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go b/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go index a9e6b220..799050e9 100644 --- a/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go @@ -348,7 +348,7 @@ func parsePHPFastCGI(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error } redirHandler := caddyhttp.StaticResponse{ StatusCode: caddyhttp.WeakString(strconv.Itoa(http.StatusPermanentRedirect)), - Headers: http.Header{"Location": []string{"{http.request.uri.path}/"}}, + Headers: http.Header{"Location": []string{"{http.request.orig_uri.path}/"}}, } redirRoute := caddyhttp.Route{ MatcherSetsRaw: []caddy.ModuleMap{redirMatcherSet}, From e747a9bb12bc644aebce369061a2dc0de567d8d9 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 23 Sep 2022 16:47:59 -0600 Subject: [PATCH 0819/1498] Fix tests --- .../integration/caddyfile_adapt/php_fastcgi_expanded_form.txt | 4 ++-- .../caddyfile_adapt/php_fastcgi_handle_response.txt | 2 +- caddytest/integration/caddyfile_adapt/php_fastcgi_matcher.txt | 2 +- .../integration/caddyfile_adapt/php_fastcgi_subdirectives.txt | 2 +- .../caddyfile_adapt/php_fastcgi_try_files_override.txt | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/caddytest/integration/caddyfile_adapt/php_fastcgi_expanded_form.txt b/caddytest/integration/caddyfile_adapt/php_fastcgi_expanded_form.txt index bb7c7f7b..2fa2b797 100644 --- a/caddytest/integration/caddyfile_adapt/php_fastcgi_expanded_form.txt +++ b/caddytest/integration/caddyfile_adapt/php_fastcgi_expanded_form.txt @@ -8,7 +8,7 @@ route { } not path */ } - redir @canonicalPath {path}/ 308 + redir @canonicalPath {http.request.orig_uri.path}/ 308 # If the requested file does not exist, try index files @indexFiles { @@ -50,7 +50,7 @@ route { "handler": "static_response", "headers": { "Location": [ - "{http.request.uri.path}/" + "{http.request.orig_uri.path}/" ] }, "status_code": 308 diff --git a/caddytest/integration/caddyfile_adapt/php_fastcgi_handle_response.txt b/caddytest/integration/caddyfile_adapt/php_fastcgi_handle_response.txt index dbb08719..70a0780d 100644 --- a/caddytest/integration/caddyfile_adapt/php_fastcgi_handle_response.txt +++ b/caddytest/integration/caddyfile_adapt/php_fastcgi_handle_response.txt @@ -42,7 +42,7 @@ "handler": "static_response", "headers": { "Location": [ - "{http.request.uri.path}/" + "{http.request.orig_uri.path}/" ] }, "status_code": 308 diff --git a/caddytest/integration/caddyfile_adapt/php_fastcgi_matcher.txt b/caddytest/integration/caddyfile_adapt/php_fastcgi_matcher.txt index 488c5252..d90b2cb4 100644 --- a/caddytest/integration/caddyfile_adapt/php_fastcgi_matcher.txt +++ b/caddytest/integration/caddyfile_adapt/php_fastcgi_matcher.txt @@ -30,7 +30,7 @@ php_fastcgi @api localhost:9000 "handler": "static_response", "headers": { "Location": [ - "{http.request.uri.path}/" + "{http.request.orig_uri.path}/" ] }, "status_code": 308 diff --git a/caddytest/integration/caddyfile_adapt/php_fastcgi_subdirectives.txt b/caddytest/integration/caddyfile_adapt/php_fastcgi_subdirectives.txt index 90d1633b..a04d66fe 100644 --- a/caddytest/integration/caddyfile_adapt/php_fastcgi_subdirectives.txt +++ b/caddytest/integration/caddyfile_adapt/php_fastcgi_subdirectives.txt @@ -43,7 +43,7 @@ php_fastcgi localhost:9000 { "handler": "static_response", "headers": { "Location": [ - "{http.request.uri.path}/" + "{http.request.orig_uri.path}/" ] }, "status_code": 308 diff --git a/caddytest/integration/caddyfile_adapt/php_fastcgi_try_files_override.txt b/caddytest/integration/caddyfile_adapt/php_fastcgi_try_files_override.txt index 43427862..a3381f67 100644 --- a/caddytest/integration/caddyfile_adapt/php_fastcgi_try_files_override.txt +++ b/caddytest/integration/caddyfile_adapt/php_fastcgi_try_files_override.txt @@ -46,7 +46,7 @@ php_fastcgi localhost:9000 { "handler": "static_response", "headers": { "Location": [ - "{http.request.uri.path}/" + "{http.request.orig_uri.path}/" ] }, "status_code": 308 From 7041970059db9047143d82b2c489c7bc34df691f Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 23 Sep 2022 17:11:53 -0600 Subject: [PATCH 0820/1498] headers: Support repeated WriteHeader if 1xx (fix #5074) --- modules/caddyhttp/headers/headers.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/caddyhttp/headers/headers.go b/modules/caddyhttp/headers/headers.go index d5237236..f8d3fdcc 100644 --- a/modules/caddyhttp/headers/headers.go +++ b/modules/caddyhttp/headers/headers.go @@ -332,7 +332,10 @@ func (rww *responseWriterWrapper) WriteHeader(status int) { if rww.wroteHeader { return } - rww.wroteHeader = true + // 1xx responses aren't final; just informational + if status < 100 || status > 199 { + rww.wroteHeader = true + } if rww.require == nil || rww.require.Match(status, rww.ResponseWriterWrapper.Header()) { if rww.headerOps != nil { rww.headerOps.ApplyTo(rww.ResponseWriterWrapper.Header(), rww.replacer) From b5727b9c443b45a83c463caa85a24783e901f144 Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Sat, 24 Sep 2022 22:00:55 +0300 Subject: [PATCH 0821/1498] ci: fix integration tests (#5079) --- caddytest/caddytest.go | 2 +- caddytest/integration/autohttps_test.go | 22 +- caddytest/integration/caddyfile_test.go | 14 +- caddytest/integration/handler_test.go | 4 +- caddytest/integration/map_test.go | 16 +- caddytest/integration/reverseproxy_test.go | 63 +++ caddytest/integration/sni_test.go | 497 +++++++++++---------- caddytest/integration/stream_test.go | 6 + caddytest/integration/test.init.config | 3 + 9 files changed, 379 insertions(+), 248 deletions(-) create mode 100644 caddytest/integration/test.init.config diff --git a/caddytest/caddytest.go b/caddytest/caddytest.go index e560ab4a..2ffd313c 100644 --- a/caddytest/caddytest.go +++ b/caddytest/caddytest.go @@ -237,7 +237,7 @@ func validateTestPrerequisites() error { if isCaddyAdminRunning() != nil { // start inprocess caddy server - os.Args = []string{"caddy", "run"} + os.Args = []string{"caddy", "run", "--config", "./test.init.config", "--adapter", "caddyfile"} go func() { caddycmd.Main() }() diff --git a/caddytest/integration/autohttps_test.go b/caddytest/integration/autohttps_test.go index a065b0df..1dbdbcee 100644 --- a/caddytest/integration/autohttps_test.go +++ b/caddytest/integration/autohttps_test.go @@ -11,6 +11,8 @@ func TestAutoHTTPtoHTTPSRedirectsImplicitPort(t *testing.T) { tester := caddytest.NewTester(t) tester.InitServer(` { + admin localhost:2999 + skip_install_trust http_port 9080 https_port 9443 } @@ -25,6 +27,8 @@ func TestAutoHTTPtoHTTPSRedirectsExplicitPortSameAsHTTPSPort(t *testing.T) { tester := caddytest.NewTester(t) tester.InitServer(` { + skip_install_trust + admin localhost:2999 http_port 9080 https_port 9443 } @@ -39,6 +43,8 @@ func TestAutoHTTPtoHTTPSRedirectsExplicitPortDifferentFromHTTPSPort(t *testing.T tester := caddytest.NewTester(t) tester.InitServer(` { + skip_install_trust + admin localhost:2999 http_port 9080 https_port 9443 } @@ -53,6 +59,9 @@ func TestAutoHTTPRedirectsWithHTTPListenerFirstInAddresses(t *testing.T) { tester := caddytest.NewTester(t) tester.InitServer(` { + "admin": { + "listen": "localhost:2999" + }, "apps": { "http": { "http_port": 9080, @@ -74,7 +83,14 @@ func TestAutoHTTPRedirectsWithHTTPListenerFirstInAddresses(t *testing.T) { ] } } - } + }, + "pki": { + "certificate_authorities": { + "local": { + "install_trust": false + } + } + } } } `, "json") @@ -85,6 +101,8 @@ func TestAutoHTTPRedirectsInsertedBeforeUserDefinedCatchAll(t *testing.T) { tester := caddytest.NewTester(t) tester.InitServer(` { + skip_install_trust + admin localhost:2999 http_port 9080 https_port 9443 local_certs @@ -108,6 +126,8 @@ func TestAutoHTTPRedirectsInsertedBeforeUserDefinedCatchAllWithNoExplicitHTTPSit tester := caddytest.NewTester(t) tester.InitServer(` { + skip_install_trust + admin localhost:2999 http_port 9080 https_port 9443 local_certs diff --git a/caddytest/integration/caddyfile_test.go b/caddytest/integration/caddyfile_test.go index 77ac54ef..3f3ba0ae 100644 --- a/caddytest/integration/caddyfile_test.go +++ b/caddytest/integration/caddyfile_test.go @@ -14,9 +14,10 @@ func TestRespond(t *testing.T) { tester := caddytest.NewTester(t) tester.InitServer(` { + admin localhost:2999 http_port 9080 https_port 9443 - grace_period 1 + grace_period 1ns } localhost:9080 { @@ -36,9 +37,10 @@ func TestRedirect(t *testing.T) { tester := caddytest.NewTester(t) tester.InitServer(` { + admin localhost:2999 http_port 9080 https_port 9443 - grace_period 1 + grace_period 1ns } localhost:9080 { @@ -86,9 +88,11 @@ func TestReadCookie(t *testing.T) { tester.Client.Jar.SetCookies(localhost, []*http.Cookie{&cookie}) tester.InitServer(` { + skip_install_trust + admin localhost:2999 http_port 9080 https_port 9443 - grace_period 1 + grace_period 1ns } localhost:9080 { @@ -110,9 +114,11 @@ func TestReplIndex(t *testing.T) { tester := caddytest.NewTester(t) tester.InitServer(` { + skip_install_trust + admin localhost:2999 http_port 9080 https_port 9443 - grace_period 1 + grace_period 1ns } localhost:9080 { diff --git a/caddytest/integration/handler_test.go b/caddytest/integration/handler_test.go index e295dc55..6db119ea 100644 --- a/caddytest/integration/handler_test.go +++ b/caddytest/integration/handler_test.go @@ -11,9 +11,11 @@ func TestBrowse(t *testing.T) { tester := caddytest.NewTester(t) tester.InitServer(` { + skip_install_trust + admin localhost:2999 http_port 9080 https_port 9443 - grace_period 1 + grace_period 1ns } http://localhost:9080 { file_server browse diff --git a/caddytest/integration/map_test.go b/caddytest/integration/map_test.go index 05959576..eb338656 100644 --- a/caddytest/integration/map_test.go +++ b/caddytest/integration/map_test.go @@ -11,9 +11,11 @@ func TestMap(t *testing.T) { // arrange tester := caddytest.NewTester(t) tester.InitServer(`{ + skip_install_trust + admin localhost:2999 http_port 9080 https_port 9443 - grace_period 1 + grace_period 1ns } localhost:9080 { @@ -39,6 +41,8 @@ func TestMapRespondWithDefault(t *testing.T) { // arrange tester := caddytest.NewTester(t) tester.InitServer(`{ + skip_install_trust + admin localhost:2999 http_port 9080 https_port 9443 } @@ -66,7 +70,17 @@ func TestMapAsJSON(t *testing.T) { tester := caddytest.NewTester(t) tester.InitServer(` { + "admin": { + "listen": "localhost:2999" + }, "apps": { + "pki": { + "certificate_authorities" : { + "local" : { + "install_trust": false + } + } + }, "http": { "http_port": 9080, "https_port": 9443, diff --git a/caddytest/integration/reverseproxy_test.go b/caddytest/integration/reverseproxy_test.go index dfc8df0d..81aec714 100644 --- a/caddytest/integration/reverseproxy_test.go +++ b/caddytest/integration/reverseproxy_test.go @@ -16,7 +16,17 @@ func TestSRVReverseProxy(t *testing.T) { tester := caddytest.NewTester(t) tester.InitServer(` { + "admin": { + "listen": "localhost:2999" + }, "apps": { + "pki": { + "certificate_authorities" : { + "local" : { + "install_trust": false + } + } + }, "http": { "grace_period": 1, "servers": { @@ -50,6 +60,13 @@ func TestSRVWithDial(t *testing.T) { caddytest.AssertLoadError(t, ` { "apps": { + "pki": { + "certificate_authorities" : { + "local" : { + "install_trust": false + } + } + }, "http": { "grace_period": 1, "servers": { @@ -115,7 +132,17 @@ func TestDialWithPlaceholderUnix(t *testing.T) { tester := caddytest.NewTester(t) tester.InitServer(` { + "admin": { + "listen": "localhost:2999" + }, "apps": { + "pki": { + "certificate_authorities" : { + "local" : { + "install_trust": false + } + } + }, "http": { "grace_period": 1, "servers": { @@ -157,7 +184,17 @@ func TestReverseProxyWithPlaceholderDialAddress(t *testing.T) { tester := caddytest.NewTester(t) tester.InitServer(` { + "admin": { + "listen": "localhost:2999" + }, "apps": { + "pki": { + "certificate_authorities" : { + "local" : { + "install_trust": false + } + } + }, "http": { "grace_period": 1, "servers": { @@ -241,7 +278,17 @@ func TestReverseProxyWithPlaceholderTCPDialAddress(t *testing.T) { tester := caddytest.NewTester(t) tester.InitServer(` { + "admin": { + "listen": "localhost:2999" + }, "apps": { + "pki": { + "certificate_authorities" : { + "local" : { + "install_trust": false + } + } + }, "http": { "grace_period": 1, "servers": { @@ -325,6 +372,13 @@ func TestSRVWithActiveHealthcheck(t *testing.T) { caddytest.AssertLoadError(t, ` { "apps": { + "pki": { + "certificate_authorities" : { + "local" : { + "install_trust": false + } + } + }, "http": { "grace_period": 1, "servers": { @@ -363,8 +417,11 @@ func TestReverseProxyHealthCheck(t *testing.T) { tester := caddytest.NewTester(t) tester.InitServer(` { + skip_install_trust + admin localhost:2999 http_port 9080 https_port 9443 + grace_period 1ns } http://localhost:2020 { respond "Hello, World!" @@ -424,8 +481,11 @@ func TestReverseProxyHealthCheckUnixSocket(t *testing.T) { tester.InitServer(fmt.Sprintf(` { + skip_install_trust + admin localhost:2999 http_port 9080 https_port 9443 + grace_period 1ns } http://localhost:9080 { reverse_proxy { @@ -479,8 +539,11 @@ func TestReverseProxyHealthCheckUnixSocketWithoutPort(t *testing.T) { tester.InitServer(fmt.Sprintf(` { + skip_install_trust + admin localhost:2999 http_port 9080 https_port 9443 + grace_period 1ns } http://localhost:9080 { reverse_proxy { diff --git a/caddytest/integration/sni_test.go b/caddytest/integration/sni_test.go index aa47c75e..24dddc59 100644 --- a/caddytest/integration/sni_test.go +++ b/caddytest/integration/sni_test.go @@ -11,92 +11,95 @@ func TestDefaultSNI(t *testing.T) { // arrange tester := caddytest.NewTester(t) tester.InitServer(`{ - "apps": { - "http": { - "http_port": 9080, - "https_port": 9443, - "grace_period": 1, - "servers": { - "srv0": { - "listen": [ - ":9443" - ], - "routes": [ - { - "handle": [ - { - "handler": "subroute", - "routes": [ - { - "handle": [ - { - "body": "hello from a.caddy.localhost", - "handler": "static_response", - "status_code": 200 - } - ], - "match": [ - { - "path": [ - "/version" - ] - } - ] - } - ] - } - ], - "match": [ - { - "host": [ - "127.0.0.1" - ] - } - ], - "terminal": true - } - ], - "tls_connection_policies": [ - { - "certificate_selection": { - "any_tag": ["cert0"] - }, - "match": { - "sni": [ - "127.0.0.1" - ] - } - }, - { - "default_sni": "*.caddy.localhost" - } - ] - } - } - }, - "tls": { - "certificates": { - "load_files": [ - { - "certificate": "/caddy.localhost.crt", - "key": "/caddy.localhost.key", - "tags": [ - "cert0" - ] - } - ] - } - }, - "pki": { - "certificate_authorities" : { - "local" : { - "install_trust": false - } - } - } - } - } - `, "json") + "admin": { + "listen": "localhost:2999" + }, + "apps": { + "http": { + "http_port": 9080, + "https_port": 9443, + "grace_period": 1, + "servers": { + "srv0": { + "listen": [ + ":9443" + ], + "routes": [ + { + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "body": "hello from a.caddy.localhost", + "handler": "static_response", + "status_code": 200 + } + ], + "match": [ + { + "path": [ + "/version" + ] + } + ] + } + ] + } + ], + "match": [ + { + "host": [ + "127.0.0.1" + ] + } + ], + "terminal": true + } + ], + "tls_connection_policies": [ + { + "certificate_selection": { + "any_tag": ["cert0"] + }, + "match": { + "sni": [ + "127.0.0.1" + ] + } + }, + { + "default_sni": "*.caddy.localhost" + } + ] + } + } + }, + "tls": { + "certificates": { + "load_files": [ + { + "certificate": "/caddy.localhost.crt", + "key": "/caddy.localhost.key", + "tags": [ + "cert0" + ] + } + ] + } + }, + "pki": { + "certificate_authorities" : { + "local" : { + "install_trust": false + } + } + } + } + } + `, "json") // act and assert // makes a request with no sni @@ -108,97 +111,100 @@ func TestDefaultSNIWithNamedHostAndExplicitIP(t *testing.T) { // arrange tester := caddytest.NewTester(t) tester.InitServer(` - { - "apps": { - "http": { - "http_port": 9080, - "https_port": 9443, - "grace_period": 1, - "servers": { - "srv0": { - "listen": [ - ":9443" - ], - "routes": [ - { - "handle": [ - { - "handler": "subroute", - "routes": [ - { - "handle": [ - { - "body": "hello from a", - "handler": "static_response", - "status_code": 200 - } - ], - "match": [ - { - "path": [ - "/version" - ] - } - ] - } - ] - } - ], - "match": [ - { - "host": [ - "a.caddy.localhost", - "127.0.0.1" - ] - } - ], - "terminal": true - } - ], - "tls_connection_policies": [ - { - "certificate_selection": { - "any_tag": ["cert0"] - }, - "default_sni": "a.caddy.localhost", - "match": { - "sni": [ - "a.caddy.localhost", - "127.0.0.1", - "" - ] - } - }, - { - "default_sni": "a.caddy.localhost" - } - ] - } - } - }, - "tls": { - "certificates": { - "load_files": [ - { - "certificate": "/a.caddy.localhost.crt", - "key": "/a.caddy.localhost.key", - "tags": [ - "cert0" - ] - } - ] - } - }, - "pki": { - "certificate_authorities" : { - "local" : { - "install_trust": false - } - } - } - } - } - `, "json") + { + "admin": { + "listen": "localhost:2999" + }, + "apps": { + "http": { + "http_port": 9080, + "https_port": 9443, + "grace_period": 1, + "servers": { + "srv0": { + "listen": [ + ":9443" + ], + "routes": [ + { + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "body": "hello from a", + "handler": "static_response", + "status_code": 200 + } + ], + "match": [ + { + "path": [ + "/version" + ] + } + ] + } + ] + } + ], + "match": [ + { + "host": [ + "a.caddy.localhost", + "127.0.0.1" + ] + } + ], + "terminal": true + } + ], + "tls_connection_policies": [ + { + "certificate_selection": { + "any_tag": ["cert0"] + }, + "default_sni": "a.caddy.localhost", + "match": { + "sni": [ + "a.caddy.localhost", + "127.0.0.1", + "" + ] + } + }, + { + "default_sni": "a.caddy.localhost" + } + ] + } + } + }, + "tls": { + "certificates": { + "load_files": [ + { + "certificate": "/a.caddy.localhost.crt", + "key": "/a.caddy.localhost.key", + "tags": [ + "cert0" + ] + } + ] + } + }, + "pki": { + "certificate_authorities" : { + "local" : { + "install_trust": false + } + } + } + } + } + `, "json") // act and assert // makes a request with no sni @@ -209,69 +215,72 @@ func TestDefaultSNIWithPortMappingOnly(t *testing.T) { // arrange tester := caddytest.NewTester(t) tester.InitServer(` - { - "apps": { - "http": { - "http_port": 9080, - "https_port": 9443, - "grace_period": 1, - "servers": { - "srv0": { - "listen": [ - ":9443" - ], - "routes": [ - { - "handle": [ - { - "body": "hello from a.caddy.localhost", - "handler": "static_response", - "status_code": 200 - } - ], - "match": [ - { - "path": [ - "/version" - ] - } - ] - } - ], - "tls_connection_policies": [ - { - "certificate_selection": { - "any_tag": ["cert0"] - }, - "default_sni": "a.caddy.localhost" - } - ] - } - } - }, - "tls": { - "certificates": { - "load_files": [ - { - "certificate": "/a.caddy.localhost.crt", - "key": "/a.caddy.localhost.key", - "tags": [ - "cert0" - ] - } - ] - } - }, - "pki": { - "certificate_authorities" : { - "local" : { - "install_trust": false - } - } - } - } - } - `, "json") + { + "admin": { + "listen": "localhost:2999" + }, + "apps": { + "http": { + "http_port": 9080, + "https_port": 9443, + "grace_period": 1, + "servers": { + "srv0": { + "listen": [ + ":9443" + ], + "routes": [ + { + "handle": [ + { + "body": "hello from a.caddy.localhost", + "handler": "static_response", + "status_code": 200 + } + ], + "match": [ + { + "path": [ + "/version" + ] + } + ] + } + ], + "tls_connection_policies": [ + { + "certificate_selection": { + "any_tag": ["cert0"] + }, + "default_sni": "a.caddy.localhost" + } + ] + } + } + }, + "tls": { + "certificates": { + "load_files": [ + { + "certificate": "/a.caddy.localhost.crt", + "key": "/a.caddy.localhost.key", + "tags": [ + "cert0" + ] + } + ] + } + }, + "pki": { + "certificate_authorities" : { + "local" : { + "install_trust": false + } + } + } + } + } + `, "json") // act and assert // makes a request with no sni @@ -281,6 +290,7 @@ func TestDefaultSNIWithPortMappingOnly(t *testing.T) { func TestHttpOnlyOnDomainWithSNI(t *testing.T) { caddytest.AssertAdapt(t, ` { + skip_install_trust default_sni a.caddy.localhost } :80 { @@ -316,6 +326,13 @@ func TestHttpOnlyOnDomainWithSNI(t *testing.T) { ] } } + }, + "pki": { + "certificate_authorities": { + "local": { + "install_trust": false + } + } } } }`) diff --git a/caddytest/integration/stream_test.go b/caddytest/integration/stream_test.go index 0cb1db2e..09d4f641 100644 --- a/caddytest/integration/stream_test.go +++ b/caddytest/integration/stream_test.go @@ -23,6 +23,9 @@ func TestH2ToH2CStream(t *testing.T) { tester := caddytest.NewTester(t) tester.InitServer(` { + "admin": { + "listen": "localhost:2999" + }, "apps": { "http": { "http_port": 9080, @@ -206,6 +209,9 @@ func TestH2ToH1ChunkedResponse(t *testing.T) { tester := caddytest.NewTester(t) tester.InitServer(` { + "admin": { + "listen": "localhost:2999" + }, "logging": { "logs": { "default": { diff --git a/caddytest/integration/test.init.config b/caddytest/integration/test.init.config new file mode 100644 index 00000000..9119ebcb --- /dev/null +++ b/caddytest/integration/test.init.config @@ -0,0 +1,3 @@ +{ + admin localhost:2999 +} From d0556929a4a574ea67be4c1ca2a2741b0f7a52c2 Mon Sep 17 00:00:00 2001 From: lemmi Date: Tue, 27 Sep 2022 21:03:30 +0200 Subject: [PATCH 0822/1498] reverseproxy: fix upstream scheme handling in command (#5088) e338648fed3263200dfd6abc9f8100c6f1c0eb67 introduced multiple upstream addresses. A comment notes that mixing schemes isn't supported and therefore the first valid scheme is supposed to be used. Fixes setting the first scheme. fixes #5087 --- modules/caddyhttp/reverseproxy/command.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/caddyhttp/reverseproxy/command.go b/modules/caddyhttp/reverseproxy/command.go index 481f6e00..1b630861 100644 --- a/modules/caddyhttp/reverseproxy/command.go +++ b/modules/caddyhttp/reverseproxy/command.go @@ -117,7 +117,7 @@ func cmdReverseProxy(fs caddycmd.Flags) (int, error) { if err != nil { return caddy.ExitCodeFailedStartup, fmt.Errorf("invalid upstream address %s: %v", toLoc, err) } - if scheme != "" && toScheme != "" { + if scheme != "" && toScheme == "" { toScheme = scheme } toAddresses[i] = addr From 013b5103527cb1646dc717cadf48ad34aceaa77e Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 28 Sep 2022 00:13:12 -0600 Subject: [PATCH 0823/1498] rewrite: Only trim prefix if matched See #5073 --- modules/caddyhttp/rewrite/rewrite.go | 9 +++++++-- modules/caddyhttp/rewrite/rewrite_test.go | 10 ++++++++++ 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/modules/caddyhttp/rewrite/rewrite.go b/modules/caddyhttp/rewrite/rewrite.go index 95bc5046..31c97788 100644 --- a/modules/caddyhttp/rewrite/rewrite.go +++ b/modules/caddyhttp/rewrite/rewrite.go @@ -383,8 +383,13 @@ func trimPathPrefix(escapedPath, prefix string) string { iPrefix++ } - // found matching prefix, trim it - return escapedPath[iPath:] + // if we iterated through the entire prefix, we found it, so trim it + if iPath >= len(prefix) { + return escapedPath[iPath:] + } + + // otherwise we did not find the prefix + return escapedPath } func reverse(s string) string { diff --git a/modules/caddyhttp/rewrite/rewrite_test.go b/modules/caddyhttp/rewrite/rewrite_test.go index bc20c853..5875983b 100644 --- a/modules/caddyhttp/rewrite/rewrite_test.go +++ b/modules/caddyhttp/rewrite/rewrite_test.go @@ -225,6 +225,16 @@ func TestRewrite(t *testing.T) { input: newRequest(t, "GET", "/prefix/foo/bar"), expect: newRequest(t, "GET", "/foo/bar"), }, + { + rule: Rewrite{StripPathPrefix: "/prefix"}, + input: newRequest(t, "GET", "/prefix"), + expect: newRequest(t, "GET", ""), + }, + { + rule: Rewrite{StripPathPrefix: "/prefix"}, + input: newRequest(t, "GET", "/"), + expect: newRequest(t, "GET", "/"), + }, { rule: Rewrite{StripPathPrefix: "/prefix"}, input: newRequest(t, "GET", "/prefix/foo%2Fbar"), From e3e8aabbcf65d37516bb97f9dc0f77df52f8cf55 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Wed, 28 Sep 2022 13:35:51 -0600 Subject: [PATCH 0824/1498] core: Refactor and improve listener logic (#5089) * core: Refactor, improve listener logic Deprecate: - caddy.Listen - caddy.ListenTimeout - caddy.ListenPacket Prefer caddy.NetworkAddress.Listen() instead. Change: - caddy.ListenQUIC (hopefully to remove later) - caddy.ListenerFunc signature (add context and ListenConfig) - Don't emit Alt-Svc header advertising h3 over HTTP/3 - Use quic.ListenEarly instead of quic.ListenEarlyAddr; this gives us more flexibility (e.g. possibility of HTTP/3 over UDS) but also introduces a new issue: https://github.com/lucas-clemente/quic-go/issues/3560#issuecomment-1258959608 - Unlink unix socket before and after use * Appease the linter * Keep ListenAll --- admin.go | 7 +- listen.go | 26 +- listen_unix.go | 105 +++--- listeners.go | 636 +++++++++++++++++++++++----------- modules/caddyhttp/app.go | 48 ++- modules/caddyhttp/matchers.go | 4 +- modules/caddyhttp/server.go | 40 ++- 7 files changed, 568 insertions(+), 298 deletions(-) diff --git a/admin.go b/admin.go index 36cc2f82..a23a1ac7 100644 --- a/admin.go +++ b/admin.go @@ -382,7 +382,7 @@ func replaceLocalAdminServer(cfg *Config) error { handler := cfg.Admin.newAdminHandler(addr, false) - ln, err := Listen(addr.Network, addr.JoinHostPort(0)) + ln, err := addr.Listen(context.TODO(), 0, net.ListenConfig{}) if err != nil { return err } @@ -403,7 +403,7 @@ func replaceLocalAdminServer(cfg *Config) error { serverMu.Lock() server := localAdminServer serverMu.Unlock() - if err := server.Serve(ln); !errors.Is(err, http.ErrServerClosed) { + if err := server.Serve(ln.(net.Listener)); !errors.Is(err, http.ErrServerClosed) { adminLogger.Error("admin server shutdown for unknown reason", zap.Error(err)) } }() @@ -549,10 +549,11 @@ func replaceRemoteAdminServer(ctx Context, cfg *Config) error { serverMu.Unlock() // start listener - ln, err := Listen(addr.Network, addr.JoinHostPort(0)) + lnAny, err := addr.Listen(ctx, 0, net.ListenConfig{}) if err != nil { return err } + ln := lnAny.(net.Listener) ln = tls.NewListener(ln, tlsConfig) go func() { diff --git a/listen.go b/listen.go index 268785a3..1ca16874 100644 --- a/listen.go +++ b/listen.go @@ -20,7 +20,7 @@ package caddy import ( - "fmt" + "context" "net" "sync" "sync/atomic" @@ -29,21 +29,14 @@ import ( "go.uber.org/zap" ) -func ListenTimeout(network, addr string, keepAlivePeriod time.Duration) (net.Listener, error) { - // check to see if plugin provides listener - if ln, err := getListenerFromPlugin(network, addr); err != nil || ln != nil { - return ln, err - } - - lnKey := listenerKey(network, addr) +func reuseUnixSocket(network, addr string) (any, error) { + return nil, nil +} +func listenTCPOrUnix(ctx context.Context, lnKey string, network, address string, config net.ListenConfig) (net.Listener, error) { sharedLn, _, err := listenerPool.LoadOrNew(lnKey, func() (Destructor, error) { - ln, err := net.Listen(network, addr) + ln, err := config.Listen(ctx, network, address) if err != nil { - // https://github.com/caddyserver/caddy/pull/4534 - if isUnixNetwork(network) && isListenBindAddressAlreadyInUseError(err) { - return nil, fmt.Errorf("%w: this can happen if Caddy was forcefully killed", err) - } return nil, err } return &sharedListener{Listener: ln, key: lnKey}, nil @@ -51,8 +44,7 @@ func ListenTimeout(network, addr string, keepAlivePeriod time.Duration) (net.Lis if err != nil { return nil, err } - - return &fakeCloseListener{sharedListener: sharedLn.(*sharedListener), keepAlivePeriod: keepAlivePeriod}, nil + return &fakeCloseListener{sharedListener: sharedLn.(*sharedListener), keepAlivePeriod: config.KeepAlive}, nil } // fakeCloseListener is a private wrapper over a listener that @@ -156,8 +148,6 @@ func (sl *sharedListener) clearDeadline() error { switch ln := sl.Listener.(type) { case *net.TCPListener: err = ln.SetDeadline(time.Time{}) - case *net.UnixListener: - err = ln.SetDeadline(time.Time{}) } sl.deadline = false } @@ -173,8 +163,6 @@ func (sl *sharedListener) setDeadline() error { switch ln := sl.Listener.(type) { case *net.TCPListener: err = ln.SetDeadline(timeInPast) - case *net.UnixListener: - err = ln.SetDeadline(timeInPast) } sl.deadline = true } diff --git a/listen_unix.go b/listen_unix.go index f7b62794..dc955d89 100644 --- a/listen_unix.go +++ b/listen_unix.go @@ -24,78 +24,88 @@ import ( "errors" "io/fs" "net" - "sync" + "sync/atomic" "syscall" - "time" "go.uber.org/zap" "golang.org/x/sys/unix" ) -// ListenTimeout is the same as Listen, but with a configurable keep-alive timeout duration. -func ListenTimeout(network, addr string, keepalivePeriod time.Duration) (net.Listener, error) { - // check to see if plugin provides listener - if ln, err := getListenerFromPlugin(network, addr); err != nil || ln != nil { - return ln, err +// reuseUnixSocket copies and reuses the unix domain socket (UDS) if we already +// have it open; if not, unlink it so we can have it. No-op if not a unix network. +func reuseUnixSocket(network, addr string) (any, error) { + if !isUnixNetwork(network) { + return nil, nil } socketKey := listenerKey(network, addr) - if isUnixNetwork(network) { - unixSocketsMu.Lock() - defer unixSocketsMu.Unlock() - socket, exists := unixSockets[socketKey] - if exists { - // make copy of file descriptor - socketFile, err := socket.File() // dup() deep down - if err != nil { - return nil, err - } + socket, exists := unixSockets[socketKey] + if exists { + // make copy of file descriptor + socketFile, err := socket.File() // does dup() deep down + if err != nil { + return nil, err + } - // use copy to make new listener + // use copied fd to make new Listener or PacketConn, then replace + // it in the map so that future copies always come from the most + // recent fd (as the previous ones will be closed, and we'd get + // "use of closed network connection" errors) -- note that we + // preserve the *pointer* to the counter (not just the value) so + // that all socket wrappers will refer to the same value + switch unixSocket := socket.(type) { + case *unixListener: ln, err := net.FileListener(socketFile) if err != nil { return nil, err } + atomic.AddInt32(unixSocket.count, 1) + unixSockets[socketKey] = &unixListener{ln.(*net.UnixListener), socketKey, unixSocket.count} - // the old socket fd will likely be closed soon, so replace it in the map - unixSockets[socketKey] = ln.(*net.UnixListener) - - return ln.(*net.UnixListener), nil + case *unixConn: + pc, err := net.FilePacketConn(socketFile) + if err != nil { + return nil, err + } + atomic.AddInt32(unixSocket.count, 1) + unixSockets[socketKey] = &unixConn{pc.(*net.UnixConn), addr, socketKey, unixSocket.count} } - // from what I can tell after some quick research, it's quite common for programs to - // leave their socket file behind after they close, so the typical pattern is to - // unlink it before you bind to it -- this is often crucial if the last program using - // it was killed forcefully without a chance to clean up the socket, but there is a - // race, as the comment in net.UnixListener.close() explains... oh well? - if err := syscall.Unlink(addr); err != nil && !errors.Is(err, fs.ErrNotExist) { - return nil, err - } + return unixSockets[socketKey], nil } - config := &net.ListenConfig{Control: reusePort, KeepAlive: keepalivePeriod} - - ln, err := config.Listen(context.Background(), network, addr) - if err != nil { + // from what I can tell after some quick research, it's quite common for programs to + // leave their socket file behind after they close, so the typical pattern is to + // unlink it before you bind to it -- this is often crucial if the last program using + // it was killed forcefully without a chance to clean up the socket, but there is a + // race, as the comment in net.UnixListener.close() explains... oh well, I guess? + if err := syscall.Unlink(addr); err != nil && !errors.Is(err, fs.ErrNotExist) { return nil, err } - if uln, ok := ln.(*net.UnixListener); ok { - // TODO: ideally, we should unlink the socket once we know we're done using it - // (i.e. either on exit or a new config that doesn't use this socket; in UsagePool - // terms, when the reference count reaches 0), but given that we unlink existing - // socket before we create the new one anyway (see above), we don't necessarily - // need to clean up after ourselves; still, doing so would probably be more tidy - uln.SetUnlinkOnClose(false) - unixSockets[socketKey] = uln - } + return nil, nil +} - return ln, nil +func listenTCPOrUnix(ctx context.Context, lnKey string, network, address string, config net.ListenConfig) (net.Listener, error) { + // wrap any Control function set by the user so we can also add our reusePort control without clobbering theirs + oldControl := config.Control + config.Control = func(network, address string, c syscall.RawConn) error { + if oldControl != nil { + if err := oldControl(network, address, c); err != nil { + return err + } + } + return reusePort(network, address, c) + } + return config.Listen(ctx, network, address) } // reusePort sets SO_REUSEPORT. Ineffective for unix sockets. func reusePort(network, address string, conn syscall.RawConn) error { + if isUnixNetwork(network) { + return nil + } return conn.Control(func(descriptor uintptr) { if err := unix.SetsockoptInt(int(descriptor), unix.SOL_SOCKET, unix.SO_REUSEPORT, 1); err != nil { Log().Error("setting SO_REUSEPORT", @@ -106,10 +116,3 @@ func reusePort(network, address string, conn syscall.RawConn) error { } }) } - -// unixSockets keeps track of the currently-active unix sockets -// so we can transfer their FDs gracefully during reloads. -var ( - unixSockets = make(map[string]*net.UnixListener) - unixSocketsMu sync.Mutex -) diff --git a/listeners.go b/listeners.go index 6a23c61a..aad6b691 100644 --- a/listeners.go +++ b/listeners.go @@ -19,230 +19,187 @@ import ( "crypto/tls" "errors" "fmt" + "io" "net" "net/netip" "os" "strconv" "strings" + "sync" "sync/atomic" "syscall" + "time" "github.com/lucas-clemente/quic-go" "github.com/lucas-clemente/quic-go/http3" "go.uber.org/zap" ) -// Listen is like net.Listen, except Caddy's listeners can overlap -// each other: multiple listeners may be created on the same socket -// at the same time. This is useful because during config changes, -// the new config is started while the old config is still running. -// When Caddy listeners are closed, the closing logic is virtualized -// so the underlying socket isn't actually closed until all uses of -// the socket have been finished. Always be sure to close listeners -// when you are done with them, just like normal listeners. -func Listen(network, addr string) (net.Listener, error) { - // a 0 timeout means Go uses its default - return ListenTimeout(network, addr, 0) +// NetworkAddress represents one or more network addresses. +// It contains the individual components for a parsed network +// address of the form accepted by ParseNetworkAddress(). +type NetworkAddress struct { + // Should be a network value accepted by Go's net package or + // by a plugin providing a listener for that network type. + Network string + + // The "main" part of the network address is the host, which + // often takes the form of a hostname, DNS name, IP address, + // or socket path. + Host string + + // For addresses that contain a port, ranges are given by + // [StartPort, EndPort]; i.e. for a single port, StartPort + // and EndPort are the same. For no port, they are 0. + StartPort uint + EndPort uint } -// getListenerFromPlugin returns a listener on the given network and address -// if a plugin has registered the network name. It may return (nil, nil) if -// no plugin can provide a listener. -func getListenerFromPlugin(network, addr string) (net.Listener, error) { - network = strings.TrimSpace(strings.ToLower(network)) +// ListenAll calls Listen() for all addresses represented by this struct, i.e. all ports in the range. +// (If the address doesn't use ports or has 1 port only, then only 1 listener will be created.) +// It returns an error if any listener failed to bind, and closes any listeners opened up to that point. +// +// TODO: Experimental API: subject to change or removal. +func (na NetworkAddress) ListenAll(ctx context.Context, config net.ListenConfig) ([]any, error) { + var listeners []any + var err error - // get listener from plugin if network type is registered - if getListener, ok := networkTypes[network]; ok { - Log().Debug("getting listener from plugin", zap.String("network", network)) - return getListener(network, addr) - } - - return nil, nil -} - -// ListenPacket returns a net.PacketConn suitable for use in a Caddy module. -// It is like Listen except for PacketConns. -// Always be sure to close the PacketConn when you are done. -func ListenPacket(network, addr string) (net.PacketConn, error) { - lnKey := listenerKey(network, addr) - - sharedPc, _, err := listenerPool.LoadOrNew(lnKey, func() (Destructor, error) { - pc, err := net.ListenPacket(network, addr) - if err != nil { - // https://github.com/caddyserver/caddy/pull/4534 - if isUnixNetwork(network) && isListenBindAddressAlreadyInUseError(err) { - return nil, fmt.Errorf("%w: this can happen if Caddy was forcefully killed", err) + // if one of the addresses has a failure, we need to close + // any that did open a socket to avoid leaking resources + defer func() { + if err == nil { + return + } + for _, ln := range listeners { + if cl, ok := ln.(io.Closer); ok { + cl.Close() } + } + }() + + // an address can contain a port range, which represents multiple addresses; + // some addresses don't use ports at all and have a port range size of 1; + // whatever the case, iterate each address represented and bind a socket + for portOffset := uint(0); portOffset < na.PortRangeSize(); portOffset++ { + select { + case <-ctx.Done(): + return nil, ctx.Err() + default: + } + + // create (or reuse) the listener ourselves + var ln any + ln, err = na.Listen(ctx, portOffset, config) + if err != nil { return nil, err } - return &sharedPacketConn{PacketConn: pc, key: lnKey}, nil - }) - if err != nil { - return nil, err + listeners = append(listeners, ln) } - return &fakeClosePacketConn{sharedPacketConn: sharedPc.(*sharedPacketConn)}, nil + return listeners, nil } -// ListenQUIC returns a quic.EarlyListener suitable for use in a Caddy module. -// Note that the context passed to Accept is currently ignored, so using -// a context other than context.Background is meaningless. -// This API is EXPERIMENTAL and may change. -func ListenQUIC(addr string, tlsConf *tls.Config, activeRequests *int64) (quic.EarlyListener, error) { - lnKey := listenerKey("udp", addr) +// Listen is similar to net.Listen, with a few differences: +// +// Listen announces on the network address using the port calculated by adding +// portOffset to the start port. (For network types that do not use ports, the +// portOffset is ignored.) +// +// The provided ListenConfig is used to create the listener. Its Control function, +// if set, may be wrapped by an internally-used Control function. The provided +// context may be used to cancel long operations early. The context is not used +// to close the listener after it has been created. +// +// Caddy's listeners can overlap each other: multiple listeners may be created on +// the same socket at the same time. This is useful because during config changes, +// the new config is started while the old config is still running. How this is +// accomplished varies by platform and network type. For example, on Unix, SO_REUSEPORT +// is set except on Unix sockets, for which the file descriptor is duplicated and +// reused; on Windows, the close logic is virtualized using timeouts. Like normal +// listeners, be sure to Close() them when you are done. +// +// This method returns any type, as the implementations of listeners for various +// network types are not interchangeable. The type of listener returned is switched +// on the network type. Stream-based networks ("tcp", "unix", "unixpacket", etc.) +// return a net.Listener; datagram-based networks ("udp", "unixgram", etc.) return +// a net.PacketConn; and so forth. The actual concrete types are not guaranteed to +// be standard, exported types (wrapping is necessary to provide graceful reloads). +// +// Unix sockets will be unlinked before being created, to ensure we can bind to +// it even if the previous program using it exited uncleanly; it will also be +// unlinked upon a graceful exit (or when a new config does not use that socket). +// +// TODO: Experimental API: subject to change or removal. +func (na NetworkAddress) Listen(ctx context.Context, portOffset uint, config net.ListenConfig) (any, error) { + if na.IsUnixNetwork() { + unixSocketsMu.Lock() + defer unixSocketsMu.Unlock() + } - sharedEl, _, err := listenerPool.LoadOrNew(lnKey, func() (Destructor, error) { - el, err := quic.ListenAddrEarly(addr, http3.ConfigureTLSConfig(tlsConf), &quic.Config{ - RequireAddressValidation: func(clientAddr net.Addr) bool { - var highLoad bool - if activeRequests != nil { - highLoad = atomic.LoadInt64(activeRequests) > 1000 // TODO: make tunable? - } - return highLoad - }, + // check to see if plugin provides listener + if ln, err := getListenerFromPlugin(ctx, na.Network, na.JoinHostPort(portOffset), config); ln != nil || err != nil { + return ln, err + } + + // create (or reuse) the listener ourselves + return na.listen(ctx, portOffset, config) +} + +func (na NetworkAddress) listen(ctx context.Context, portOffset uint, config net.ListenConfig) (any, error) { + var ln any + var err error + + address := na.JoinHostPort(portOffset) + + // if this is a unix socket, see if we already have it open + if socket, err := reuseUnixSocket(na.Network, address); socket != nil || err != nil { + return socket, err + } + + lnKey := listenerKey(na.Network, address) + + switch na.Network { + case "tcp", "tcp4", "tcp6", "unix", "unixpacket": + ln, err = listenTCPOrUnix(ctx, lnKey, na.Network, address, config) + case "unixgram": + ln, err = config.ListenPacket(ctx, na.Network, address) + case "udp", "udp4", "udp6": + sharedPc, _, err := listenerPool.LoadOrNew(lnKey, func() (Destructor, error) { + pc, err := config.ListenPacket(ctx, na.Network, address) + if err != nil { + return nil, err + } + return &sharedPacketConn{PacketConn: pc, key: lnKey}, nil }) if err != nil { return nil, err } - return &sharedQuicListener{EarlyListener: el, key: lnKey}, nil - }) + ln = &fakeClosePacketConn{sharedPacketConn: sharedPc.(*sharedPacketConn)} + } + if strings.HasPrefix(na.Network, "ip") { + ln, err = config.ListenPacket(ctx, na.Network, address) + } if err != nil { return nil, err } - - ctx, cancel := context.WithCancel(context.Background()) - return &fakeCloseQuicListener{ - sharedQuicListener: sharedEl.(*sharedQuicListener), - context: ctx, - contextCancel: cancel, - }, nil -} - -// ListenerUsage returns the current usage count of the given listener address. -func ListenerUsage(network, addr string) int { - count, _ := listenerPool.References(listenerKey(network, addr)) - return count -} - -func listenerKey(network, addr string) string { - return network + "/" + addr -} - -type fakeCloseQuicListener struct { - closed int32 // accessed atomically; belongs to this struct only - *sharedQuicListener // embedded, so we also become a quic.EarlyListener - context context.Context - contextCancel context.CancelFunc -} - -// Currently Accept ignores the passed context, however a situation where -// someone would need a hotswappable QUIC-only (not http3, since it uses context.Background here) -// server on which Accept would be called with non-empty contexts -// (mind that the default net listeners' Accept doesn't take a context argument) -// sounds way too rare for us to sacrifice efficiency here. -func (fcql *fakeCloseQuicListener) Accept(_ context.Context) (quic.EarlyConnection, error) { - conn, err := fcql.sharedQuicListener.Accept(fcql.context) - if err == nil { - return conn, nil + if ln == nil { + return nil, fmt.Errorf("unsupported network type: %s", na.Network) } - // if the listener is "closed", return a fake closed error instead - if atomic.LoadInt32(&fcql.closed) == 1 && errors.Is(err, context.Canceled) { - return nil, fakeClosedErr(fcql) + // if new listener is a unix socket, make sure we can reuse it later + // (we do our own "unlink on close" -- not required, but more tidy) + one := int32(1) + switch unix := ln.(type) { + case *net.UnixListener: + unix.SetUnlinkOnClose(false) + ln = &unixListener{unix, lnKey, &one} + unixSockets[lnKey] = ln.(*unixListener) + case *net.UnixConn: + ln = &unixConn{unix, address, lnKey, &one} + unixSockets[lnKey] = ln.(*unixConn) } - return nil, err -} -func (fcql *fakeCloseQuicListener) Close() error { - if atomic.CompareAndSwapInt32(&fcql.closed, 0, 1) { - fcql.contextCancel() - _, _ = listenerPool.Delete(fcql.sharedQuicListener.key) - } - return nil -} - -// fakeClosedErr returns an error value that is not temporary -// nor a timeout, suitable for making the caller think the -// listener is actually closed -func fakeClosedErr(l interface{ Addr() net.Addr }) error { - return &net.OpError{ - Op: "accept", - Net: l.Addr().Network(), - Addr: l.Addr(), - Err: errFakeClosed, - } -} - -// ErrFakeClosed is the underlying error value returned by -// fakeCloseListener.Accept() after Close() has been called, -// indicating that it is pretending to be closed so that the -// server using it can terminate, while the underlying -// socket is actually left open. -var errFakeClosed = fmt.Errorf("listener 'closed' 😉") - -// fakeClosePacketConn is like fakeCloseListener, but for PacketConns. -type fakeClosePacketConn struct { - closed int32 // accessed atomically; belongs to this struct only - *sharedPacketConn // embedded, so we also become a net.PacketConn -} - -func (fcpc *fakeClosePacketConn) Close() error { - if atomic.CompareAndSwapInt32(&fcpc.closed, 0, 1) { - _, _ = listenerPool.Delete(fcpc.sharedPacketConn.key) - } - return nil -} - -// Supports QUIC implementation: https://github.com/caddyserver/caddy/issues/3998 -func (fcpc fakeClosePacketConn) SetReadBuffer(bytes int) error { - if conn, ok := fcpc.PacketConn.(interface{ SetReadBuffer(int) error }); ok { - return conn.SetReadBuffer(bytes) - } - return fmt.Errorf("SetReadBuffer() not implemented for %T", fcpc.PacketConn) -} - -// Supports QUIC implementation: https://github.com/caddyserver/caddy/issues/3998 -func (fcpc fakeClosePacketConn) SyscallConn() (syscall.RawConn, error) { - if conn, ok := fcpc.PacketConn.(interface { - SyscallConn() (syscall.RawConn, error) - }); ok { - return conn.SyscallConn() - } - return nil, fmt.Errorf("SyscallConn() not implemented for %T", fcpc.PacketConn) -} - -// sharedQuicListener is like sharedListener, but for quic.EarlyListeners. -type sharedQuicListener struct { - quic.EarlyListener - key string -} - -// Destruct closes the underlying QUIC listener. -func (sql *sharedQuicListener) Destruct() error { - return sql.EarlyListener.Close() -} - -// sharedPacketConn is like sharedListener, but for net.PacketConns. -type sharedPacketConn struct { - net.PacketConn - key string -} - -// Destruct closes the underlying socket. -func (spc *sharedPacketConn) Destruct() error { - return spc.PacketConn.Close() -} - -// NetworkAddress contains the individual components -// for a parsed network address of the form accepted -// by ParseNetworkAddress(). Network should be a -// network value accepted by Go's net package. Port -// ranges are given by [StartPort, EndPort]. -type NetworkAddress struct { - Network string - Host string - StartPort uint - EndPort uint + return ln, nil } // IsUnixNetwork returns true if na.Network is @@ -260,17 +217,27 @@ func (na NetworkAddress) JoinHostPort(offset uint) string { return net.JoinHostPort(na.Host, strconv.Itoa(int(na.StartPort+offset))) } +// Expand returns one NetworkAddress for each port in the port range. +// +// This is EXPERIMENTAL and subject to change or removal. func (na NetworkAddress) Expand() []NetworkAddress { size := na.PortRangeSize() addrs := make([]NetworkAddress, size) for portOffset := uint(0); portOffset < size; portOffset++ { - na2 := na - na2.StartPort, na2.EndPort = na.StartPort+portOffset, na.StartPort+portOffset - addrs[portOffset] = na2 + addrs[portOffset] = na.At(portOffset) } return addrs } +// At returns a NetworkAddress with a port range of just 1 +// at the given port offset; i.e. a NetworkAddress that +// represents precisely 1 address only. +func (na NetworkAddress) At(portOffset uint) NetworkAddress { + na2 := na + na2.StartPort, na2.EndPort = na.StartPort+portOffset, na.StartPort+portOffset + return na2 +} + // PortRangeSize returns how many ports are in // pa's port range. Port ranges are inclusive, // so the size is the difference of start and @@ -326,20 +293,6 @@ func isUnixNetwork(netw string) bool { return netw == "unix" || netw == "unixgram" || netw == "unixpacket" } -func isListenBindAddressAlreadyInUseError(err error) bool { - switch networkOperationError := err.(type) { - case *net.OpError: - switch syscallError := networkOperationError.Err.(type) { - case *os.SyscallError: - if syscallError.Syscall == "bind" { - return true - } - } - } - - return false -} - // ParseNetworkAddress parses addr into its individual // components. The input string is expected to be of // the form "network/host:port-range" where any part is @@ -439,6 +392,209 @@ func JoinNetworkAddress(network, host, port string) string { return a } +// DEPRECATED: Use NetworkAddress.Listen instead. This function will likely be changed or removed in the future. +func Listen(network, addr string) (net.Listener, error) { + // a 0 timeout means Go uses its default + return ListenTimeout(network, addr, 0) +} + +// DEPRECATED: Use NetworkAddress.Listen instead. This function will likely be changed or removed in the future. +func ListenTimeout(network, addr string, keepalivePeriod time.Duration) (net.Listener, error) { + netAddr, err := ParseNetworkAddress(JoinNetworkAddress(network, addr, "")) + if err != nil { + return nil, err + } + + ln, err := netAddr.Listen(context.TODO(), 0, net.ListenConfig{KeepAlive: keepalivePeriod}) + if err != nil { + return nil, err + } + + return ln.(net.Listener), nil +} + +// DEPRECATED: Use NetworkAddress.Listen instead. This function will likely be changed or removed in the future. +func ListenPacket(network, addr string) (net.PacketConn, error) { + netAddr, err := ParseNetworkAddress(JoinNetworkAddress(network, addr, "")) + if err != nil { + return nil, err + } + + ln, err := netAddr.Listen(context.TODO(), 0, net.ListenConfig{}) + if err != nil { + return nil, err + } + + return ln.(net.PacketConn), nil +} + +// ListenQUIC returns a quic.EarlyListener suitable for use in a Caddy module. +// The network will be transformed into a QUIC-compatible type (if unix, then +// unixgram will be used; otherwise, udp will be used). +// +// NOTE: This API is EXPERIMENTAL and may be changed or removed. +// +// TODO: See if we can find a more elegant solution closer to the new NetworkAddress.Listen API. +func ListenQUIC(ln net.PacketConn, tlsConf *tls.Config, activeRequests *int64) (quic.EarlyListener, error) { + lnKey := listenerKey(ln.LocalAddr().Network(), ln.LocalAddr().String()) + + sharedEarlyListener, _, err := listenerPool.LoadOrNew(lnKey, func() (Destructor, error) { + earlyLn, err := quic.ListenEarly(ln, http3.ConfigureTLSConfig(tlsConf), &quic.Config{ + RequireAddressValidation: func(clientAddr net.Addr) bool { + var highLoad bool + if activeRequests != nil { + highLoad = atomic.LoadInt64(activeRequests) > 1000 // TODO: make tunable? + } + return highLoad + }, + }) + if err != nil { + return nil, err + } + + return &sharedQuicListener{EarlyListener: earlyLn, key: lnKey}, nil + }) + if err != nil { + return nil, err + } + + // TODO: to serve QUIC over a unix socket, currently we need to hold onto + // the underlying net.PacketConn (which we wrap as unixConn to keep count + // of closes) because closing the quic.EarlyListener doesn't actually close + // the underlying PacketConn, but we need to for unix sockets since we dup + // the file descriptor and thus need to close the original; track issue: + // https://github.com/lucas-clemente/quic-go/issues/3560#issuecomment-1258959608 + var unix *unixConn + if uc, ok := ln.(*unixConn); ok { + unix = uc + } + + ctx, cancel := context.WithCancel(context.Background()) + return &fakeCloseQuicListener{ + sharedQuicListener: sharedEarlyListener.(*sharedQuicListener), + uc: unix, + context: ctx, + contextCancel: cancel, + }, nil +} + +// ListenerUsage returns the current usage count of the given listener address. +func ListenerUsage(network, addr string) int { + count, _ := listenerPool.References(listenerKey(network, addr)) + return count +} + +// sharedQuicListener is like sharedListener, but for quic.EarlyListeners. +type sharedQuicListener struct { + quic.EarlyListener + key string +} + +// Destruct closes the underlying QUIC listener. +func (sql *sharedQuicListener) Destruct() error { + return sql.EarlyListener.Close() +} + +// sharedPacketConn is like sharedListener, but for net.PacketConns. +type sharedPacketConn struct { + net.PacketConn + key string +} + +// Destruct closes the underlying socket. +func (spc *sharedPacketConn) Destruct() error { + return spc.PacketConn.Close() +} + +// fakeClosedErr returns an error value that is not temporary +// nor a timeout, suitable for making the caller think the +// listener is actually closed +func fakeClosedErr(l interface{ Addr() net.Addr }) error { + return &net.OpError{ + Op: "accept", + Net: l.Addr().Network(), + Addr: l.Addr(), + Err: errFakeClosed, + } +} + +// errFakeClosed is the underlying error value returned by +// fakeCloseListener.Accept() after Close() has been called, +// indicating that it is pretending to be closed so that the +// server using it can terminate, while the underlying +// socket is actually left open. +var errFakeClosed = fmt.Errorf("listener 'closed' 😉") + +// fakeClosePacketConn is like fakeCloseListener, but for PacketConns. +type fakeClosePacketConn struct { + closed int32 // accessed atomically; belongs to this struct only + *sharedPacketConn // embedded, so we also become a net.PacketConn +} + +func (fcpc *fakeClosePacketConn) Close() error { + if atomic.CompareAndSwapInt32(&fcpc.closed, 0, 1) { + _, _ = listenerPool.Delete(fcpc.sharedPacketConn.key) + } + return nil +} + +// Supports QUIC implementation: https://github.com/caddyserver/caddy/issues/3998 +func (fcpc fakeClosePacketConn) SetReadBuffer(bytes int) error { + if conn, ok := fcpc.PacketConn.(interface{ SetReadBuffer(int) error }); ok { + return conn.SetReadBuffer(bytes) + } + return fmt.Errorf("SetReadBuffer() not implemented for %T", fcpc.PacketConn) +} + +// Supports QUIC implementation: https://github.com/caddyserver/caddy/issues/3998 +func (fcpc fakeClosePacketConn) SyscallConn() (syscall.RawConn, error) { + if conn, ok := fcpc.PacketConn.(interface { + SyscallConn() (syscall.RawConn, error) + }); ok { + return conn.SyscallConn() + } + return nil, fmt.Errorf("SyscallConn() not implemented for %T", fcpc.PacketConn) +} + +type fakeCloseQuicListener struct { + closed int32 // accessed atomically; belongs to this struct only + *sharedQuicListener // embedded, so we also become a quic.EarlyListener + uc *unixConn // underlying unix socket, if UDS + context context.Context + contextCancel context.CancelFunc +} + +// Currently Accept ignores the passed context, however a situation where +// someone would need a hotswappable QUIC-only (not http3, since it uses context.Background here) +// server on which Accept would be called with non-empty contexts +// (mind that the default net listeners' Accept doesn't take a context argument) +// sounds way too rare for us to sacrifice efficiency here. +func (fcql *fakeCloseQuicListener) Accept(_ context.Context) (quic.EarlyConnection, error) { + conn, err := fcql.sharedQuicListener.Accept(fcql.context) + if err == nil { + return conn, nil + } + + // if the listener is "closed", return a fake closed error instead + if atomic.LoadInt32(&fcql.closed) == 1 && errors.Is(err, context.Canceled) { + return nil, fakeClosedErr(fcql) + } + return nil, err +} + +func (fcql *fakeCloseQuicListener) Close() error { + if atomic.CompareAndSwapInt32(&fcql.closed, 0, 1) { + fcql.contextCancel() + _, _ = listenerPool.Delete(fcql.sharedQuicListener.key) + if fcql.uc != nil { + // unix sockets need to be closed ourselves because we dup() the file + // descriptor when we reuse them, so this avoids a resource leak + fcql.uc.Close() + } + } + return nil +} + // RegisterNetwork registers a network type with Caddy so that if a listener is // created for that network type, getListener will be invoked to get the listener. // This should be called during init() and will panic if the network type is standard @@ -460,11 +616,77 @@ func RegisterNetwork(network string, getListener ListenerFunc) { networkTypes[network] = getListener } +type unixListener struct { + *net.UnixListener + mapKey string + count *int32 // accessed atomically +} + +func (uln *unixListener) Close() error { + newCount := atomic.AddInt32(uln.count, -1) + if newCount == 0 { + defer func() { + addr := uln.Addr().String() + unixSocketsMu.Lock() + delete(unixSockets, uln.mapKey) + unixSocketsMu.Unlock() + _ = syscall.Unlink(addr) + }() + } + return uln.UnixListener.Close() +} + +type unixConn struct { + *net.UnixConn + filename string + mapKey string + count *int32 // accessed atomically +} + +func (uc *unixConn) Close() error { + newCount := atomic.AddInt32(uc.count, -1) + if newCount == 0 { + defer func() { + unixSocketsMu.Lock() + delete(unixSockets, uc.mapKey) + unixSocketsMu.Unlock() + _ = syscall.Unlink(uc.filename) + }() + } + return uc.UnixConn.Close() +} + +// unixSockets keeps track of the currently-active unix sockets +// so we can transfer their FDs gracefully during reloads. +var ( + unixSockets = make(map[string]interface { + File() (*os.File, error) + }) + unixSocketsMu sync.Mutex +) + +// getListenerFromPlugin returns a listener on the given network and address +// if a plugin has registered the network name. It may return (nil, nil) if +// no plugin can provide a listener. +func getListenerFromPlugin(ctx context.Context, network, addr string, config net.ListenConfig) (any, error) { + // get listener from plugin if network type is registered + if getListener, ok := networkTypes[network]; ok { + Log().Debug("getting listener from plugin", zap.String("network", network)) + return getListener(ctx, network, addr, config) + } + + return nil, nil +} + +func listenerKey(network, addr string) string { + return network + "/" + addr +} + // ListenerFunc is a function that can return a listener given a network and address. // The listeners must be capable of overlapping: with Caddy, new configs are loaded // before old ones are unloaded, so listeners may overlap briefly if the configs // both need the same listener. EXPERIMENTAL and subject to change. -type ListenerFunc func(network, addr string) (net.Listener, error) +type ListenerFunc func(ctx context.Context, network, addr string, cfg net.ListenConfig) (any, error) var networkTypes = map[string]ListenerFunc{} diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go index c9a55431..33d96d86 100644 --- a/modules/caddyhttp/app.go +++ b/modules/caddyhttp/app.go @@ -18,6 +18,7 @@ import ( "context" "crypto/tls" "fmt" + "net" "net/http" "strconv" "sync" @@ -387,10 +388,11 @@ func (app *App) Start() error { for portOffset := uint(0); portOffset < listenAddr.PortRangeSize(); portOffset++ { // create the listener for this socket hostport := listenAddr.JoinHostPort(portOffset) - ln, err := caddy.ListenTimeout(listenAddr.Network, hostport, time.Duration(srv.KeepAliveInterval)) + lnAny, err := listenAddr.Listen(app.ctx, portOffset, net.ListenConfig{KeepAlive: time.Duration(srv.KeepAliveInterval)}) if err != nil { - return fmt.Errorf("%s: listening on %s: %v", listenAddr.Network, hostport, err) + return fmt.Errorf("listening on %s: %v", listenAddr.At(portOffset), err) } + ln := lnAny.(net.Listener) // wrap listener before TLS (up to the TLS placeholder wrapper) var lnWrapperIdx int @@ -409,10 +411,27 @@ func (app *App) Start() error { ln = tls.NewListener(ln, tlsCfg) // enable HTTP/3 if configured - if srv.protocol("h3") && !listenAddr.IsUnixNetwork() { - app.logger.Info("enabling HTTP/3 listener", zap.String("addr", hostport)) - if err := srv.serveHTTP3(hostport, tlsCfg); err != nil { - return err + if srv.protocol("h3") { + // Can't serve HTTP/3 on the same socket as HTTP/1 and 2 because it uses + // a different transport mechanism... which is fine, but the OS doesn't + // differentiate between a SOCK_STREAM file and a SOCK_DGRAM file; they + // are still one file on the system. So even though "unixpacket" and + // "unixgram" are different network types just as "tcp" and "udp" are, + // the OS will not let us use the same file as both STREAM and DGRAM. + if len(srv.Protocols) > 1 && listenAddr.IsUnixNetwork() { + app.logger.Warn("HTTP/3 disabled because Unix can't multiplex STREAM and DGRAM on same socket", + zap.String("file", hostport)) + for i := range srv.Protocols { + if srv.Protocols[i] == "h3" { + srv.Protocols = append(srv.Protocols[:i], srv.Protocols[i+1:]...) + break + } + } + } else { + app.logger.Info("enabling HTTP/3 listener", zap.String("addr", hostport)) + if err := srv.serveHTTP3(listenAddr.At(portOffset), tlsCfg); err != nil { + return err + } } } } @@ -424,11 +443,10 @@ func (app *App) Start() error { // if binding to port 0, the OS chooses a port for us; // but the user won't know the port unless we print it - if listenAddr.StartPort == 0 && listenAddr.EndPort == 0 { + if !listenAddr.IsUnixNetwork() && listenAddr.StartPort == 0 && listenAddr.EndPort == 0 { app.logger.Info("port 0 listener", zap.String("input_address", lnAddr), - zap.String("actual_address", ln.Addr().String()), - ) + zap.String("actual_address", ln.Addr().String())) } app.logger.Debug("starting server loop", @@ -533,6 +551,18 @@ func (app *App) Stop() error { if server.h3server == nil { return } + + // TODO: we have to manually close our listeners because quic-go won't + // close listeners it didn't create along with the server itself... + // see https://github.com/lucas-clemente/quic-go/issues/3560 + for _, el := range server.h3listeners { + if err := el.Close(); err != nil { + app.logger.Error("HTTP/3 listener close", + zap.Error(err), + zap.String("address", el.LocalAddr().String())) + } + } + // TODO: CloseGracefully, once implemented upstream (see https://github.com/lucas-clemente/quic-go/issues/2103) if err := server.h3server.Close(); err != nil { app.logger.Error("HTTP/3 server shutdown", diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index bca94be8..e39ba3fc 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -156,7 +156,9 @@ type ( MatchHeaderRE map[string]*MatchRegexp // MatchProtocol matches requests by protocol. Recognized values are - // "http", "https", and "grpc". + // "http", "https", and "grpc" for broad protocol matches, or specific + // HTTP versions can be specified like so: "http/1", "http/1.1", + // "http/2", "http/3", or minimum versions: "http/2+", etc. MatchProtocol string // MatchRemoteIP matches requests by client IP (or CIDR range). diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index 5daa5b2b..4d47d266 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -170,9 +170,10 @@ type Server struct { errorLogger *zap.Logger ctx caddy.Context - server *http.Server - h3server *http3.Server - addresses []caddy.NetworkAddress + server *http.Server + h3server *http3.Server + h3listeners []net.PacketConn // TODO: we have to hold these because quic-go won't close listeners it didn't create + addresses []caddy.NetworkAddress shutdownAt time.Time shutdownAtMu *sync.RWMutex @@ -193,9 +194,11 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { atomic.AddInt64(&s.activeRequests, 1) defer atomic.AddInt64(&s.activeRequests, -1) - err := s.h3server.SetQuicHeaders(w.Header()) - if err != nil { - s.logger.Error("setting HTTP/3 Alt-Svc header", zap.Error(err)) + if r.ProtoMajor < 3 { + err := s.h3server.SetQuicHeaders(w.Header()) + if err != nil { + s.logger.Error("setting HTTP/3 Alt-Svc header", zap.Error(err)) + } } } @@ -493,8 +496,27 @@ func (s *Server) findLastRouteWithHostMatcher() int { // serveHTTP3 creates a QUIC listener, configures an HTTP/3 server if // not already done, and then uses that server to serve HTTP/3 over // the listener, with Server s as the handler. -func (s *Server) serveHTTP3(hostport string, tlsCfg *tls.Config) error { - h3ln, err := caddy.ListenQUIC(hostport, tlsCfg, &s.activeRequests) +func (s *Server) serveHTTP3(addr caddy.NetworkAddress, tlsCfg *tls.Config) error { + switch addr.Network { + case "unix": + addr.Network = "unixgram" + case "tcp": + addr.Network = "udp" + case "tcp4": + addr.Network = "udp4" + case "tcp6": + addr.Network = "udp6" + default: + return fmt.Errorf("unsure what network to use for HTTP/3 given network type: %s", addr.Network) + } + + lnAny, err := addr.Listen(s.ctx, 0, net.ListenConfig{}) + if err != nil { + return err + } + ln := lnAny.(net.PacketConn) + + h3ln, err := caddy.ListenQUIC(ln, tlsCfg, &s.activeRequests) if err != nil { return fmt.Errorf("starting HTTP/3 QUIC listener: %v", err) } @@ -512,6 +534,8 @@ func (s *Server) serveHTTP3(hostport string, tlsCfg *tls.Config) error { } } + s.h3listeners = append(s.h3listeners, lnAny.(net.PacketConn)) + //nolint:errcheck go s.h3server.ServeListener(h3ln) From 61822f129b9edbbc1ed2fd068d8e5ba919b5881d Mon Sep 17 00:00:00 2001 From: Will Norris Date: Wed, 28 Sep 2022 12:38:20 -0700 Subject: [PATCH 0825/1498] caddyhttp: replace placeholders in map defaults (#5081) This updates the map directive to replace placeholders in default values in the same way as matched values. --- modules/caddyhttp/map/map.go | 2 +- modules/caddyhttp/map/map_test.go | 22 ++++++++++++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/modules/caddyhttp/map/map.go b/modules/caddyhttp/map/map.go index d41806d4..b972534b 100644 --- a/modules/caddyhttp/map/map.go +++ b/modules/caddyhttp/map/map.go @@ -169,7 +169,7 @@ func (h Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhtt // fall back to default if no match or if matched nil value if len(h.Defaults) > destIdx { - return h.Defaults[destIdx], true + return repl.ReplaceAll(h.Defaults[destIdx], ""), true } return nil, true diff --git a/modules/caddyhttp/map/map_test.go b/modules/caddyhttp/map/map_test.go index fe233bf2..3ff5e711 100644 --- a/modules/caddyhttp/map/map_test.go +++ b/modules/caddyhttp/map/map_test.go @@ -98,6 +98,28 @@ func TestHandler(t *testing.T) { "output": "testing", }, }, + { + reqURI: "/foo", + handler: Handler{ + Source: "{http.request.uri.path}", + Destinations: []string{"{output}"}, + Defaults: []string{"default"}, + }, + expect: map[string]any{ + "output": "default", + }, + }, + { + reqURI: "/foo", + handler: Handler{ + Source: "{http.request.uri.path}", + Destinations: []string{"{output}"}, + Defaults: []string{"{testvar}"}, + }, + expect: map[string]any{ + "output": "testing", + }, + }, } { if err := tc.handler.Provision(caddy.Context{}); err != nil { t.Fatalf("Test %d: Provisioning handler: %v", i, err) From e2991eb019e36b612be3d7b43ed961c7a7e3841d Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Thu, 29 Sep 2022 08:19:56 -0600 Subject: [PATCH 0826/1498] reverseproxy: On 103 don't delete own headers (#5091) See #5074 --- modules/caddyhttp/headers/caddyfile.go | 15 +++++++-------- modules/caddyhttp/reverseproxy/reverseproxy.go | 5 +++-- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/modules/caddyhttp/headers/caddyfile.go b/modules/caddyhttp/headers/caddyfile.go index eec11490..a6bec957 100644 --- a/modules/caddyhttp/headers/caddyfile.go +++ b/modules/caddyhttp/headers/caddyfile.go @@ -32,12 +32,12 @@ func init() { // parseCaddyfile sets up the handler for response headers from // Caddyfile tokens. Syntax: // -// header [] [[+|-|?] [] []] { -// [+] [ []] -// ? -// - -// [defer] -// } +// header [] [[+|-|?] [] []] { +// [+] [ []] +// ? +// - +// [defer] +// } // // Either a block can be opened or a single header field can be configured // in the first line, but not both in the same directive. Header operations @@ -148,8 +148,7 @@ func parseCaddyfile(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error) // parseReqHdrCaddyfile sets up the handler for request headers // from Caddyfile tokens. Syntax: // -// request_header [] [[+|-] [] []] -// +// request_header [] [[+|-] [] []] func parseReqHdrCaddyfile(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error) { if !h.Next() { return nil, h.ArgErr() diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 4c8b29b1..55d3aa8c 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -782,8 +782,9 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, origRe copyHeader(h, http.Header(header)) rw.WriteHeader(code) - // Clear headers, it's not automatically done by ResponseWriter.WriteHeader() for 1xx responses - for k := range h { + // Clear headers coming from the backend + // (it's not automatically done by ResponseWriter.WriteHeader() for 1xx responses) + for k := range header { delete(h, k) } From ab720fb768a2602f940cb7296c34021b5bb6c7e6 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 29 Sep 2022 10:32:02 -0600 Subject: [PATCH 0827/1498] core: Fix ListenQUIC listener key conflict Reported on commit e3e8aabbcf65d37516bb97f9dc0f77df52f8cf55 Abused this change in some bash for loops to rapidly reload config while making requests and didn't observe any memory or resource leaks. --- listeners.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/listeners.go b/listeners.go index aad6b691..ea03ca42 100644 --- a/listeners.go +++ b/listeners.go @@ -436,7 +436,7 @@ func ListenPacket(network, addr string) (net.PacketConn, error) { // // TODO: See if we can find a more elegant solution closer to the new NetworkAddress.Listen API. func ListenQUIC(ln net.PacketConn, tlsConf *tls.Config, activeRequests *int64) (quic.EarlyListener, error) { - lnKey := listenerKey(ln.LocalAddr().Network(), ln.LocalAddr().String()) + lnKey := listenerKey("quic+"+ln.LocalAddr().Network(), ln.LocalAddr().String()) sharedEarlyListener, _, err := listenerPool.LoadOrNew(lnKey, func() (Destructor, error) { earlyLn, err := quic.ListenEarly(ln, http3.ConfigureTLSConfig(tlsConf), &quic.Config{ @@ -451,7 +451,6 @@ func ListenQUIC(ln net.PacketConn, tlsConf *tls.Config, activeRequests *int64) ( if err != nil { return nil, err } - return &sharedQuicListener{EarlyListener: earlyLn, key: lnKey}, nil }) if err != nil { From 037dc23cad3848050dc1e6f4dfdabeb6ea190fa7 Mon Sep 17 00:00:00 2001 From: Cory Cooper Date: Thu, 29 Sep 2022 10:24:52 -0700 Subject: [PATCH 0828/1498] admin: Use replacer on listen addresses (#5071) * admin: use replacer on listen address * admin: consolidate replacer logic --- admin.go | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/admin.go b/admin.go index a23a1ac7..db46e713 100644 --- a/admin.go +++ b/admin.go @@ -57,7 +57,7 @@ type AdminConfig struct { // The address to which the admin endpoint's listener should // bind itself. Can be any single network address that can be - // parsed by Caddy. Default: localhost:2019 + // parsed by Caddy. Accepts placeholders. Default: localhost:2019 Listen string `json:"listen,omitempty"` // If true, CORS headers will be emitted, and requests to the @@ -156,7 +156,7 @@ type IdentityConfig struct { // // EXPERIMENTAL: Subject to change. type RemoteAdmin struct { - // The address on which to start the secure listener. + // The address on which to start the secure listener. Accepts placeholders. // Default: :2021 Listen string `json:"listen,omitempty"` @@ -1247,7 +1247,10 @@ func (e APIError) Error() string { // parseAdminListenAddr extracts a singular listen address from either addr // or defaultAddr, returning the network and the address of the listener. func parseAdminListenAddr(addr string, defaultAddr string) (NetworkAddress, error) { - input := addr + input, err := NewReplacer().ReplaceOrErr(addr, true, true) + if err != nil { + return NetworkAddress{}, fmt.Errorf("replacing listen address: %v", err) + } if input == "" { input = defaultAddr } From 2a8c458ffedf886af9542541ea1b1de62370929d Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 29 Sep 2022 12:37:06 -0600 Subject: [PATCH 0829/1498] reverseproxy: Parse humanized byte size (fix #5095) --- modules/caddyhttp/reverseproxy/caddyfile.go | 4 ++-- modules/caddyhttp/reverseproxy/reverseproxy.go | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index f746ee50..f1f10d19 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -537,9 +537,9 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { if !d.NextArg() { return d.ArgErr() } - size, err := strconv.Atoi(d.Val()) + size, err := humanize.ParseBytes(d.Val()) if err != nil { - return d.Errf("invalid size (bytes): %s", d.Val()) + return d.Errf("invalid byte size '%s': %v", d.Val(), err) } if d.NextArg() { return d.ArgErr() diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 55d3aa8c..f2ac942c 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -783,7 +783,7 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, origRe rw.WriteHeader(code) // Clear headers coming from the backend - // (it's not automatically done by ResponseWriter.WriteHeader() for 1xx responses) + // (it's not automatically done by ResponseWriter.WriteHeader() for 1xx responses for k := range header { delete(h, k) } From fcdbc69fabd14c6d0b1fe5c5e07490bf27d7f8bd Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 29 Sep 2022 12:38:36 -0600 Subject: [PATCH 0830/1498] Fix comment I apparently read the diff backwards in 2a8c458ffedf886af9542541ea1b1de62370929d --- modules/caddyhttp/reverseproxy/reverseproxy.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index f2ac942c..55d3aa8c 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -783,7 +783,7 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, origRe rw.WriteHeader(code) // Clear headers coming from the backend - // (it's not automatically done by ResponseWriter.WriteHeader() for 1xx responses + // (it's not automatically done by ResponseWriter.WriteHeader() for 1xx responses) for k := range header { delete(h, k) } From 5e52bbb1369b7444700427539e4dd532ed13ac6d Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Thu, 29 Sep 2022 12:46:38 -0600 Subject: [PATCH 0831/1498] map: Remove infinite recursion check (#5094) It was not accurate. Placeholders could be used in outputs that are defined in the same mapping as long as that placeholder does not do the same. A more general solution would be to detect it at run-time in the replacer directly, but that's a bit tedious and will require allocations I think. A better implementation of this check could still be done, but I don't know if it would always be accurate. Could be a "best-effort" thing? But I've also never heard of an actual case where someone configured infinite recursion... --- modules/caddyhttp/map/map.go | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/modules/caddyhttp/map/map.go b/modules/caddyhttp/map/map.go index b972534b..fbd1e405 100644 --- a/modules/caddyhttp/map/map.go +++ b/modules/caddyhttp/map/map.go @@ -109,22 +109,13 @@ func (h *Handler) Validate() error { } seen[input] = i - // prevent infinite recursion - for _, out := range m.Outputs { - for _, dest := range h.Destinations { - if strings.Contains(caddy.ToString(out), dest) || - strings.Contains(m.Input, dest) { - return fmt.Errorf("mapping %d requires value of {%s} to define value of {%s}: infinite recursion", i, dest, dest) - } - } - } - // ensure mappings have 1:1 output-to-destination correspondence nOut := len(m.Outputs) if nOut != nDest { return fmt.Errorf("mapping %d has %d outputs but there are %d destinations defined", i, nOut, nDest) } } + return nil } From 9873ff9918224f56604048ea0ed3d3ae3953939e Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 30 Sep 2022 13:29:33 -0600 Subject: [PATCH 0832/1498] caddyhttp: Remote IP prefix placeholders See https://github.com/mholt/caddy-ratelimit/issues/12 --- modules/caddyhttp/replacer.go | 32 ++++++++++++++++++++++++++++++ modules/caddyhttp/replacer_test.go | 20 +++++++++++++++---- 2 files changed, 48 insertions(+), 4 deletions(-) diff --git a/modules/caddyhttp/replacer.go b/modules/caddyhttp/replacer.go index e1546499..9ea5f772 100644 --- a/modules/caddyhttp/replacer.go +++ b/modules/caddyhttp/replacer.go @@ -31,6 +31,7 @@ import ( "io" "net" "net/http" + "net/netip" "net/textproto" "net/url" "path" @@ -196,6 +197,37 @@ func addHTTPVarsToReplacer(repl *caddy.Replacer, req *http.Request, w http.Respo return or.URL.RawQuery, true } + // remote IP range/prefix (e.g. keep top 24 bits of 1.2.3.4 => "1.2.3.0/24") + // syntax: "/V4,V6" where V4 = IPv4 bits, and V6 = IPv6 bits; if no comma, then same bit length used for both + // (EXPERIMENTAL) + if strings.HasPrefix(key, "http.request.remote.host/") { + host, _, err := net.SplitHostPort(req.RemoteAddr) + if err != nil { + host = req.RemoteAddr // assume no port, I guess? + } + addr, err := netip.ParseAddr(host) + if err != nil { + return host, true // not an IP address + } + // extract the bits from the end of the placeholder (start after "/") then split on "," + bitsBoth := key[strings.Index(key, "/")+1:] + ipv4BitsStr, ipv6BitsStr, cutOK := strings.Cut(bitsBoth, ",") + bitsStr := ipv4BitsStr + if addr.Is6() && cutOK { + bitsStr = ipv6BitsStr + } + // convert to integer then compute prefix + bits, err := strconv.Atoi(bitsStr) + if err != nil { + return "", true + } + prefix, err := addr.Prefix(bits) + if err != nil { + return "", true + } + return prefix.String(), true + } + // hostname labels if strings.HasPrefix(key, reqHostLabelsReplPrefix) { idxStr := key[len(reqHostLabelsReplPrefix):] diff --git a/modules/caddyhttp/replacer_test.go b/modules/caddyhttp/replacer_test.go index 18253d3f..44c6f2a8 100644 --- a/modules/caddyhttp/replacer_test.go +++ b/modules/caddyhttp/replacer_test.go @@ -32,7 +32,7 @@ func TestHTTPVarReplacement(t *testing.T) { ctx := context.WithValue(req.Context(), caddy.ReplacerCtxKey, repl) req = req.WithContext(ctx) req.Host = "example.com:80" - req.RemoteAddr = "localhost:1234" + req.RemoteAddr = "192.168.159.32:1234" clientCert := []byte(`-----BEGIN CERTIFICATE----- MIIB9jCCAV+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1DYWRk @@ -61,7 +61,7 @@ eqp31wM9il1n+guTNyxJd+FzVAH+hCZE5K+tCgVDdVFUlDEHHbS/wqb2PSIoouLV req.TLS = &tls.ConnectionState{ Version: tls.VersionTLS13, HandshakeComplete: true, - ServerName: "foo.com", + ServerName: "example.com", CipherSuite: tls.TLS_AES_256_GCM_SHA384, PeerCertificates: []*x509.Certificate{cert}, NegotiatedProtocol: "h2", @@ -97,7 +97,19 @@ eqp31wM9il1n+guTNyxJd+FzVAH+hCZE5K+tCgVDdVFUlDEHHbS/wqb2PSIoouLV }, { get: "http.request.remote.host", - expect: "localhost", + expect: "192.168.159.32", + }, + { + get: "http.request.remote.host/24", + expect: "192.168.159.0/24", + }, + { + get: "http.request.remote.host/24,32", + expect: "192.168.159.0/24", + }, + { + get: "http.request.remote.host/999", + expect: "", }, { get: "http.request.remote.port", @@ -146,7 +158,7 @@ eqp31wM9il1n+guTNyxJd+FzVAH+hCZE5K+tCgVDdVFUlDEHHbS/wqb2PSIoouLV }, { get: "http.request.tls.server_name", - expect: "foo.com", + expect: "example.com", }, { get: "http.request.tls.version", From fe91de67b62c0089a04f24f99f527ad8d92c3d1b Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 30 Sep 2022 13:39:37 -0600 Subject: [PATCH 0833/1498] go.mod: Upgrade select dependencies --- go.mod | 34 ++--- go.sum | 415 ++++++--------------------------------------------------- 2 files changed, 61 insertions(+), 388 deletions(-) diff --git a/go.mod b/go.mod index 2b558310..afcd268b 100644 --- a/go.mod +++ b/go.mod @@ -7,34 +7,34 @@ require ( github.com/Masterminds/sprig/v3 v3.2.2 github.com/alecthomas/chroma v0.10.0 github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b - github.com/caddyserver/certmagic v0.17.1 + github.com/caddyserver/certmagic v0.17.2 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-chi/chi v4.1.2+incompatible - github.com/google/cel-go v0.12.4 + github.com/google/cel-go v0.12.5 github.com/google/uuid v1.3.0 - github.com/klauspost/compress v1.15.9 - github.com/klauspost/cpuid/v2 v2.1.0 - github.com/lucas-clemente/quic-go v0.28.2-0.20220813150001-9957668d4301 + github.com/klauspost/compress v1.15.11 + github.com/klauspost/cpuid/v2 v2.1.1 + github.com/lucas-clemente/quic-go v0.29.1 github.com/mholt/acmez v1.0.4 github.com/prometheus/client_golang v1.12.2 - github.com/smallstep/certificates v0.21.0 - github.com/smallstep/cli v0.21.0 + github.com/smallstep/certificates v0.22.1 + github.com/smallstep/cli v0.22.0 github.com/smallstep/nosql v0.4.0 github.com/smallstep/truststore v0.12.0 - github.com/spf13/cobra v1.1.3 + github.com/spf13/cobra v1.5.0 github.com/spf13/pflag v1.0.5 github.com/tailscale/tscert v0.0.0-20220316030059-54bbcb9f74e2 - github.com/yuin/goldmark v1.4.13 + github.com/yuin/goldmark v1.5.2 github.com/yuin/goldmark-highlighting v0.0.0-20220208100518-594be1970594 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.34.0 go.opentelemetry.io/otel v1.9.0 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.4.0 go.opentelemetry.io/otel/sdk v1.4.0 - go.uber.org/zap v1.21.0 + go.uber.org/zap v1.23.0 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa golang.org/x/net v0.0.0-20220812165438-1d4ff48094d1 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 - google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 + google.golang.org/genproto v0.0.0-20220617124728-180714bec0ad gopkg.in/natefinch/lumberjack.v2 v2.0.0 gopkg.in/yaml.v3 v3.0.1 ) @@ -56,7 +56,7 @@ require ( github.com/cespare/xxhash v1.1.0 // indirect github.com/cespare/xxhash/v2 v2.1.2 // indirect github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e // indirect - github.com/cpuguy83/go-md2man/v2 v2.0.1 // indirect + github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect github.com/dgraph-io/badger v1.6.2 // indirect github.com/dgraph-io/badger/v2 v2.2007.4 // indirect github.com/dgraph-io/ristretto v0.0.4-0.20200906165740-41ebdbffecfd // indirect @@ -120,17 +120,17 @@ require ( go.opentelemetry.io/otel/metric v0.31.0 // indirect go.opentelemetry.io/otel/trace v1.9.0 // indirect go.opentelemetry.io/proto/otlp v0.12.0 // indirect - go.step.sm/cli-utils v0.7.3 // indirect - go.step.sm/crypto v0.16.2 // indirect - go.step.sm/linkedca v0.16.1 // indirect + go.step.sm/cli-utils v0.7.4 // indirect + go.step.sm/crypto v0.18.0 // indirect + go.step.sm/linkedca v0.18.0 // indirect go.uber.org/atomic v1.9.0 // indirect go.uber.org/multierr v1.6.0 // indirect golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 // indirect golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10 golang.org/x/text v0.3.8-0.20211004125949-5bd84dd9b33b // indirect golang.org/x/tools v0.1.10 // indirect - golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect - google.golang.org/grpc v1.46.0 // indirect + golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f // indirect + google.golang.org/grpc v1.47.0 // indirect google.golang.org/protobuf v1.28.0 // indirect gopkg.in/square/go-jose.v2 v2.6.0 // indirect gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect diff --git a/go.sum b/go.sum index 1044ece3..1ca18c9d 100644 --- a/go.sum +++ b/go.sum @@ -13,43 +13,22 @@ cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKV cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= -cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI= -cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= -cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= -cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= -cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= -cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY= -cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM= -cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY= -cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ= -cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= -cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4= -cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc= -cloud.google.com/go v0.99.0/go.mod h1:w0Xx2nLzqWJPuozYQX+hFfCSI8WioryfRDzkoI/Y2ZA= -cloud.google.com/go v0.100.1/go.mod h1:fs4QogzfH5n2pBXBP9vRiU+eCny7lD2vmFZy79Iuw1U= cloud.google.com/go v0.100.2 h1:t9Iw5QH5v4XtlEQaCtUY7x6sCABps8sW0acw7e2WQ6Y= -cloud.google.com/go v0.100.2/go.mod h1:4Xra9TjzAeYHrl5+oeLlzbM2k3mjVhZh4UqTZ//w99A= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= -cloud.google.com/go/compute v0.1.0/go.mod h1:GAesmwr110a34z04OlxYkATPBEfVhkymfTBXtfbBFow= -cloud.google.com/go/compute v1.3.0 h1:mPL/MzDDYHsh5tHRS9mhmhWlcgClCrCa6ApQCU6wnHI= -cloud.google.com/go/compute v1.3.0/go.mod h1:cCZiE1NHEtai4wiufUhW8I8S1JKkAnhnQJWM7YD99wM= +cloud.google.com/go/compute v1.6.1 h1:2sMmt8prCn7DPaG4Pmh0N3Inmc8cT8ae5k1M6VJ9Wqc= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= cloud.google.com/go/iam v0.1.0 h1:W2vbGCrE3Z7J/x3WXLxxGl9LMSB2uhsAA7Ss/6u/qRY= -cloud.google.com/go/iam v0.1.0/go.mod h1:vcUNEa0pEm0qRVpmWepWaFMIAI8/hjB9mO8rNCJtF6c= cloud.google.com/go/kms v1.4.0 h1:iElbfoE61VeLhnZcGOltqL8HIly8Nhbe5t6JlH9GXjo= -cloud.google.com/go/kms v1.4.0/go.mod h1:fajBHndQ+6ubNw6Ss2sSd+SWvjL26RNo/dr7uxsnnOA= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/security v1.3.0/go.mod h1:pQsnLAXfMzuWVJdctBs8BV3tGd3Jr0SMYu6KK3QXYAs= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= @@ -60,24 +39,10 @@ filippo.io/edwards25519 v1.0.0-rc.1 h1:m0VOOB23frXZvAOK44usCgLWvtsxIoMCTBGJZlpmG filippo.io/edwards25519 v1.0.0-rc.1/go.mod h1:N1IkdkCkiLB6tki+MYJoSx2JTY9NUlxZE7eHn5EwJns= github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96 h1:cTp8I5+VIoKjsnZuH8vjyaysT/ses3EvZeaV/1UkF2M= github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96/go.mod h1:bOvUY6CB00SOBii9/FifXqc0awNKxLFCL/+pkDPuyl8= -github.com/Azure/azure-sdk-for-go v58.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= -github.com/Azure/go-autorest/autorest v0.11.17/go.mod h1:eipySxLmqSyC5s5k1CLupqet0PSENBEDP93LQ9a8QYw= -github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A= -github.com/Azure/go-autorest/autorest/adal v0.9.11/go.mod h1:nBKAnTomx8gDtl+3ZCJv2v0KACFHWTB2drffI1B68Pk= -github.com/Azure/go-autorest/autorest/azure/auth v0.5.8/go.mod h1:kxyKZTSfKh8OVFWPAgOgQ/frrJgeYQJPyR5fLFmXko4= -github.com/Azure/go-autorest/autorest/azure/cli v0.4.2/go.mod h1:7qkJkT+j6b+hIpzMOwPChJhTqS8VbsqqgULzMNRugoM= -github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= -github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= -github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcPR4o9jEImooCeWJcYV/zLE= -github.com/Azure/go-autorest/autorest/validation v0.3.1/go.mod h1:yhLgjC0Wda5DYXl6JAsWyUe4KVNffhoDhG0zVzUMo3E= -github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= -github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v1.2.0 h1:Rt8g24XnyGTyglgET/PRUNlrUeu9F5L+7FilkXfZgs0= github.com/BurntSushi/toml v1.2.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= @@ -92,7 +57,6 @@ github.com/OneOfOne/xxhash v1.2.2 h1:KMrpdQIwFcEqXDklaen+P1axHaj9BSKzvpUUfnHldSE github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= -github.com/ThalesIgnite/crypto11 v1.2.4/go.mod h1:ILDKtnCKiQ7zRoNxcp36Y1ZR8LBPmR2E23+wTQe/MlE= github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g= github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= github.com/alecthomas/chroma v0.10.0 h1:7XDcGkCQopCNKjZHfYrNLraA+M7e0fMiJ/Mfikbfjek= @@ -102,7 +66,6 @@ github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuy github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= -github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20220418222510-f25a4f6275ed h1:ue9pVfIcP+QMEjfgo/Ez4ZjNZfonGgR6NgjMaJMu1Cg= github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20220418222510-f25a4f6275ed/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY= @@ -111,16 +74,13 @@ github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= -github.com/armon/go-metrics v0.3.9/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= -github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A= github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b h1:uUXgbcPDK3KpW29o4iy7GtuappbWT0l5NaMo9H9pJDw= github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A= github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU= github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.37.0 h1:GzFnhOIsrGyQ69s7VgqtrG2BG8v7X7vwB3Xpbd/DBBk= -github.com/aws/aws-sdk-go v1.37.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= +github.com/aws/aws-sdk-go v1.44.37 h1:KvDxCX6dfJeEDC77U5GPGSP0ErecmNnhDHFxw+NIvlI= github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= @@ -129,13 +89,11 @@ github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+Ce github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= -github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84= github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps= -github.com/caddyserver/certmagic v0.17.1 h1:VrWANhQAj3brK7jAUKyN6XBHg56WsyorI/84Ilq1tCQ= -github.com/caddyserver/certmagic v0.17.1/go.mod h1:pSS2aZcdKlrTZrb2DKuRafckx20o5Fz1EdDKEB8KOQM= +github.com/caddyserver/certmagic v0.17.2 h1:o30seC1T/dBqBCNNGNHWwj2i5/I/FMjBbTAhjADP3nE= +github.com/caddyserver/certmagic v0.17.2/go.mod h1:ouWUuC490GOLJzkyN35eXfV8bSbwMwSf4bdhkIxtdQE= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= -github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs= github.com/cenkalti/backoff/v4 v4.1.2 h1:6Yo7N8UP2K6LWZnW94DLVSSrbobcWdVzAYOisuDPIFo= github.com/cenkalti/backoff/v4 v4.1.2/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= @@ -150,15 +108,11 @@ github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e h1:fY5BOSpyZCqRo5O github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1 h1:q763qf9huN11kDQavWsoZXJNW3xEE4JJyHa5Q25/sd8= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= -github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag= -github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I= github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI= -github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= @@ -167,25 +121,19 @@ github.com/cockroachdb/apd v1.1.0 h1:3LFP3629v+1aKXU5Q37mxmRxX/pIu1nijXydLShEq5I github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI= -github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= -github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= -github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= -github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= -github.com/cpuguy83/go-md2man/v2 v2.0.1 h1:r/myEWzV9lfsM1tFLgDyu0atFtJ1fXn261LKYj/3DxU= -github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w= +github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= -github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/cyberdelia/go-metrics-graphite v0.0.0-20161219230853-39f87cc3b432/go.mod h1:xwIwAxMvYnVrGJPe2FKx5prTrnAjGOD8zvDOnxnrrkM= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -201,9 +149,6 @@ github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZm github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13 h1:fAjc9m62+UWV/WAFKLNi6ZS0675eEUC9y3AlwSbQu1Y= github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= -github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= -github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8= -github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= github.com/dlclark/regexp2 v1.4.0 h1:F1rxgk7p4uKjwIQxBs9oAXe5CqrXlCduYEJvrF4u93E= github.com/dlclark/regexp2 v1.4.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc= github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= @@ -218,33 +163,21 @@ github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4s github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= -github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0= github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/evanphx/json-patch/v5 v5.5.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= -github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= -github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk= github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/flynn/noise v1.0.0/go.mod h1:xbMo+0i6+IGbYdJhF31t2eR1BIU0CYc12+BNAKwUTag= -github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= -github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= -github.com/frankban/quicktest v1.10.0/go.mod h1:ui7WezCLWMWxVWr1GETZY3smRy0G4KWq9vcPtJmFl7Y= -github.com/frankban/quicktest v1.13.0/go.mod h1:qLE0fzW0VuyUAJgPU19zByoIr0HtCHN/r/VLSOOIySU= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.5.1 h1:mZcQUHVQUQWoPXXtuf9yuEXKudkV2sx1E06UadKWpgI= github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/go-asn1-ber/asn1-ber v1.3.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= -github.com/go-chi/chi v4.0.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= github.com/go-chi/chi v4.1.2+incompatible h1:fGFk2Gmi/YKXk0OmGfBh0WgmN3XB8lVnEyNz34tQRec= github.com/go-chi/chi v4.1.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= @@ -256,7 +189,6 @@ github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2 github.com/go-kit/kit v0.10.0 h1:dXFJfIHVvUcpSgDOV+Ne6t7jXri8Tfv2uOLHUZ2XNuo= github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= -github.com/go-ldap/ldap/v3 v3.1.10/go.mod h1:5Zun81jBTabRaI8lzN7E1JjyEl1g6zI6u9pd8luAK4Q= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logfmt/logfmt v0.5.0 h1:TrB8swr/68K7m9CcGut2g3UOihhbcbiMAYiuTXdEih4= @@ -266,7 +198,6 @@ github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= -github.com/go-piv/piv-go v1.7.0/go.mod h1:ON2WvQncm7dIkCQ7kYJs+nc3V4jHGfrrJnSF8HKy7Gk= github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE= @@ -276,22 +207,18 @@ github.com/go-stack/stack v1.8.0 h1:5SgMzNM5HxrEjV0ww2lTmX6E2Izsfxas4+YHWRs3Lsk= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= -github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/gofrs/uuid v4.0.0+incompatible h1:1SD/1F5pU8p29ybwgQSwpQk+mwdRrXCYuPhW6m+TnJw= github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= -github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= @@ -299,7 +226,6 @@ github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= -github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8= github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc= github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -317,7 +243,6 @@ github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QD github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM= github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= @@ -326,8 +251,8 @@ github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/cel-go v0.12.4 h1:YINKfuHZ8n72tPOqSPZBwGiDpew2CJS48mdM5W8LZQU= -github.com/google/cel-go v0.12.4/go.mod h1:Av7CU6r6X3YmcHR9GXqVDaEJYfEtSxl6wvIjUQTriCw= +github.com/google/cel-go v0.12.5 h1:DmzaiSgoaqGCjtpPQWl26/gND+yRpim56H1jCVev6d8= +github.com/google/cel-go v0.12.5/go.mod h1:Jk7ljRzLBhkmiAwBoUxB1sZSCVBAzkqPF25olK/iRDw= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= @@ -336,18 +261,14 @@ github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= @@ -355,99 +276,56 @@ github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hf github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa h1:7MYGT2XEMam7Mtzv1yDUYXANedWvwk3HKkR3MyGowy8= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0= -github.com/googleapis/gax-go/v2 v2.1.1 h1:dp3bWCh+PPO1zjRRiCSczJav13sBvG4UhNyVTa1KqdU= -github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0eJc8R6ouapiM= +github.com/googleapis/gax-go/v2 v2.4.0 h1:dS9eYAjhrE2RjmzYw2XAPvcXfmcQLtFEQWn0CR82awk= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= -github.com/gordonklaus/ineffassign v0.0.0-20200309095847-7953dde2c7bf/go.mod h1:cuNKsD1zp2v6XfE/orVX2QE1LC+i254ceGcVeDT3pTU= github.com/gorilla/context v0.0.0-20160226214623-1ea25387ff6f/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= github.com/gorilla/mux v1.4.0/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= -github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/groob/finalizer v0.0.0-20170707115354-4c2ed49aabda/go.mod h1:MyndkAZd5rUMdNogn35MWXBX1UiBigrU8eTj8DoAC2c= -github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= -github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= -github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE= -github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= -github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= -github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= -github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= -github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= -github.com/hashicorp/go-hclog v0.14.1/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= -github.com/hashicorp/go-hclog v0.16.2/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= -github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= -github.com/hashicorp/go-kms-wrapping/entropy v0.1.0/go.mod h1:d1g9WGtAunDNpek8jUIEJnBlbgKS1N2Q61QkHiZyR1g= github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= -github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= -github.com/hashicorp/go-plugin v1.4.3/go.mod h1:5fGEH17QVwTTcR0zV7yhDPLLmFX9YSZ38b18Udy6vYQ= -github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= -github.com/hashicorp/go-retryablehttp v0.6.6/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= -github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= -github.com/hashicorp/go-secure-stdlib/base62 v0.1.1/go.mod h1:EdWO6czbmthiwZ3/PUsDV+UD1D5IRU4ActiaWGwt0Yw= -github.com/hashicorp/go-secure-stdlib/mlock v0.1.1/go.mod h1:zq93CJChV6L9QTfGKtfBxKqD7BqqXx5O04A/ns2p5+I= -github.com/hashicorp/go-secure-stdlib/parseutil v0.1.1/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8= -github.com/hashicorp/go-secure-stdlib/password v0.1.1/go.mod h1:9hH302QllNwu1o2TGYtSk8I8kTAN0ca1EHpwhm5Mmzo= -github.com/hashicorp/go-secure-stdlib/strutil v0.1.1/go.mod h1:gKOamz3EwoIoJq7mlMIRBpVTAUn8qPCrEclOKKWhD3U= -github.com/hashicorp/go-secure-stdlib/tlsutil v0.1.1/go.mod h1:l8slYwnJA26yBz+ErHpp2IRCLr0vuOMGBORIz4rRiAs= github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= -github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A= github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I= github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= -github.com/hashicorp/vault/api v1.3.0/go.mod h1:EabNQLI0VWbWoGlA+oBLC8PXmR9D60aUVgQGvangFWQ= -github.com/hashicorp/vault/api v1.3.1/go.mod h1:QeJoWxMFt+MsuWcYhmwRLwKEXrjwAFFywzhptMsTIUw= -github.com/hashicorp/vault/api/auth/approle v0.1.1/go.mod h1:mHOLgh//xDx4dpqXoq6tS8Ob0FoCFWLU2ibJ26Lfmag= -github.com/hashicorp/vault/api/auth/kubernetes v0.1.0/go.mod h1:Pdgk78uIs0mgDOLvc3a+h/vYIT9rznw2sz+ucuH9024= -github.com/hashicorp/vault/sdk v0.3.0/go.mod h1:aZ3fNuL5VNydQk8GcLJ2TV8YCRVvyaakYkhZRoVuhj0= -github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/huandu/xstrings v1.3.2 h1:L18LIDzqlW6xN2rEkpdV8+oL/IXWJ1APd+vsdYy4Wdw= github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU= @@ -503,18 +381,13 @@ github.com/jackc/puddle v0.0.0-20190608224051-11cab39313c9/go.mod h1:m4B5Dj62Y0f github.com/jackc/puddle v1.1.3/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jackc/puddle v1.2.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= -github.com/jhump/protoreflect v1.6.0/go.mod h1:eaTn3RZAmMBcV0fifFvlm6VHNz3wSkYyXYWUh7ymB74= -github.com/jhump/protoreflect v1.9.0/go.mod h1:7GcYQDdMU/O/BBrl/cX6PNHpXh6cenjd8pneu5yW7Tg= github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= -github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= -github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= @@ -523,28 +396,24 @@ github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/X github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= -github.com/kardianos/service v1.2.0/go.mod h1:CIMRFEJVL+0DS1a3Nx06NaMn4Dz63Ng6O7dl0qH0zVM= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= -github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.12.3/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= -github.com/klauspost/compress v1.15.9 h1:wKRjX6JRtDdrE9qwa4b/Cip7ACOshUI4smpCQanqjSY= -github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU= -github.com/klauspost/cpuid/v2 v2.1.0 h1:eyi1Ad2aNJMW95zcSbmGg7Cg6cq3ADwLpMAP96d8rF0= -github.com/klauspost/cpuid/v2 v2.1.0/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= +github.com/klauspost/compress v1.15.11 h1:Lcadnb3RKGin4FYM/orgq0qde+nc15E5Cbqg4B9Sx9c= +github.com/klauspost/compress v1.15.11/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM= +github.com/klauspost/cpuid/v2 v2.1.1 h1:t0wUqjowdm8ezddV5k0tLWVklVuvLJpoHeb4WBdydm0= +github.com/klauspost/cpuid/v2 v2.1.1/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI= -github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= +github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= -github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= -github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.1.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= @@ -554,13 +423,10 @@ github.com/libdns/libdns v0.2.1 h1:Wu59T7wSHRgtA0cfxC+n1c/e+O3upJGWytknkmFEDis= github.com/libdns/libdns v0.2.1/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40= github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= -github.com/lucas-clemente/quic-go v0.28.2-0.20220813150001-9957668d4301 h1:6W5uGdteJsB9b2T36wrc/nr48COmN9M0jeFx05NEsUQ= -github.com/lucas-clemente/quic-go v0.28.2-0.20220813150001-9957668d4301/go.mod h1:CTcNfLYJS2UuRNB+zcNlgvkjBhxX6Hm3WUxxAQx2mgE= -github.com/lxn/walk v0.0.0-20210112085537-c389da54e794/go.mod h1:E23UucZGqpuUANJooIbHWCufXvOcT6E7Stq81gU+CSQ= -github.com/lxn/win v0.0.0-20210218163916-a377121e959e/go.mod h1:KxxjdtRkfNoYDCUP5ryK7XJJNTnpC8atvtmTheChOtk= +github.com/lucas-clemente/quic-go v0.29.1 h1:Z+WMJ++qMLhvpFkRZA+jl3BTxUjm415YBmWanXB8zP0= +github.com/lucas-clemente/quic-go v0.29.1/go.mod h1:CTcNfLYJS2UuRNB+zcNlgvkjBhxX6Hm3WUxxAQx2mgE= github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= -github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/manifoldco/promptui v0.9.0 h1:3V4HzJk1TtXW1MTZMP7mdlwbBpIinw3HztaIlYthEiA= github.com/manifoldco/promptui v0.9.0/go.mod h1:ka04sppxSGFAtxX0qhlYQjISsg9mR4GWtQEhdbn6Pgg= github.com/marten-seemann/qpack v0.2.1 h1:jvTsT/HpCn2UZJdP+UUB53FfUUgeOyG5K1ns0OJOGVs= @@ -580,7 +446,6 @@ github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNx github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.7/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= -github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84= github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-isatty v0.0.13 h1:qdl+GuBjcsKKDco5BsxPJlId98mSWNKqYA+Co0SC1yA= @@ -595,11 +460,8 @@ github.com/mholt/acmez v1.0.4/go.mod h1:qFGLZ4u+ehWINeJZjzPlsnjJBCPAADWTcIqE/7DA github.com/micromdm/scep/v2 v2.1.0 h1:2fS9Rla7qRR266hvUoEauBJ7J6FhgssEiq2OkSKXmaU= github.com/micromdm/scep/v2 v2.1.0/go.mod h1:BkF7TkPPhmgJAMtHfP+sFTKXmgzNJgLQlvvGoOExBcc= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= -github.com/miekg/dns v1.1.43/go.mod h1:+evo5L0630/F6ca/Z9+GAqzhjGyn8/c+TBaOyfEl0V4= github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA= github.com/miekg/dns v1.1.50/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME= -github.com/miekg/pkcs11 v1.0.3-0.20190429190417-a667d056470f/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= -github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= @@ -608,15 +470,11 @@ github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrk github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc= github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg= -github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= -github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo= github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= -github.com/mitchellh/mapstructure v1.4.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= @@ -634,15 +492,11 @@ github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzE github.com/nats-io/nkeys v0.1.0/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c= -github.com/nbrownus/go-metrics-prometheus v0.0.0-20210712211119-974a6260965f/go.mod h1:nwPd6pDNId/Xi16qtKrFHrauSwMNuvk+zcjk89wrnlA= -github.com/newrelic/go-agent v2.15.0+incompatible/go.mod h1:a8Fv1b/fYhFSReoTU6HDkTYIMZeSVNffmoS726Y0LzQ= -github.com/nishanths/predeclared v0.0.0-20200524104333-86fad755b4d3/go.mod h1:nt3d53pc1VYcphSCIaYAJtnPYnr3Zyn8fMq2wvPGPso= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtbWGs= github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= -github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= @@ -665,13 +519,11 @@ github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnh github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= -github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac= github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= -github.com/pierrec/lz4 v2.5.2+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= @@ -682,10 +534,8 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs= -github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og= -github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= github.com/prometheus/client_golang v1.12.2 h1:51L9cDoUHVrXx4zWYlcLQIZ+d+VXHgqnYKkIuq4g/34= @@ -697,31 +547,26 @@ github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1: github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= -github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA= -github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/common v0.32.1 h1:hWIdL3N2HoUx3B8j3YN9mWor0qhY/NlEKZEaXxuIRh4= github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0VU= github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= -github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= -github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= +github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= github.com/rs/xid v1.2.1 h1:mhH9Nq+C1fY2l1XIpgxIiUOfNpRBYH1kKcr+qfKgjRc= github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ= github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU= @@ -731,8 +576,6 @@ github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQD github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= -github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= -github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= @@ -747,16 +590,15 @@ github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6Mwd github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE= github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e/go.mod h1:XV66xRDqSt+GTGFMVlhk3ULuV0y9ZmzeVGR4mloJI3M= github.com/slackhq/nebula v1.5.2 h1:wuIOHsOnrNw3rQx8yPxXiGu8wAtAxxtUI/K8W7Vj7EI= github.com/slackhq/nebula v1.5.2/go.mod h1:xaCM6wqbFk/NRmmUe1bv88fWBm3a1UioXJVIpR52WlE= github.com/smallstep/assert v0.0.0-20180720014142-de77670473b5/go.mod h1:TC9A4+RjIOS+HyTH7wG17/gSqVv95uDw2J64dQZx7RE= github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262 h1:unQFBIznI+VYD1/1fApl1A+9VcBk+9dcqGfnePY87LY= github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262/go.mod h1:MyOHs9Po2fbM1LHej6sBUT8ozbxmMOFG+E+rx/GSGuc= -github.com/smallstep/certificates v0.21.0 h1:RdzGph8pwPZ3RJwnJ6T+HrnHJswJNhX8skoJ4Cc/lxM= -github.com/smallstep/certificates v0.21.0/go.mod h1:QlIuU3l25qxeWTo19VviZq/CKhRFtJt75RoTEUh9pbY= -github.com/smallstep/cli v0.21.0 h1:m7p1lQFfbBF7RI+Z49eaRBW3oI/5HmnwT8Pa8/xgGcE= -github.com/smallstep/cli v0.21.0/go.mod h1:o8hZZAjO4901b3iWmS4fsKasuD57hmkkJJBumYnspPo= +github.com/smallstep/certificates v0.22.1 h1:oAwb9tj+M3sKnlKLqPpJUOsn1HbxKOJ4MVCuvDHHjy8= +github.com/smallstep/certificates v0.22.1/go.mod h1:3R1PxdLOEqbNaWp88WiUByQAHGL+b9NefaQ5q6oTIZo= +github.com/smallstep/cli v0.22.0 h1:Mbb2CkunxAVig7Cr1NymS2NhjeOvkZqLPsfe9ZKMEfk= +github.com/smallstep/cli v0.22.0/go.mod h1:147IhymdB7JJYz1vN7XP2JS1YE+7soYX1yB/1gpZWh8= github.com/smallstep/nosql v0.4.0 h1:Go3WYwttUuvwqMtFiiU4g7kBIlY+hR0bIZAqVdakQ3M= github.com/smallstep/nosql v0.4.0/go.mod h1:yKZT5h7cdIVm6wEKM9+jN5dgK80Hljpuy8HNsnI7Gzo= github.com/smallstep/truststore v0.12.0 h1:973Aa6fA7Ob/GCxqziosDzkQq6tV0Le6IUe4sikyW+U= @@ -764,7 +606,6 @@ github.com/smallstep/truststore v0.12.0/go.mod h1:HwHKRcBi0RUxxw1LYDpTRhYC4jZUux github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= -github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8/go.mod h1:P5HUIBuIWKbyjl083/loAegFkfbFNx5i2qEP4CNbm7E= github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spaolacci/murmur3 v1.1.0 h1:7c1g84S4BPRrfL5Xrdp6fOJ206sU9y293DDHaoy0bLI= @@ -776,15 +617,14 @@ github.com/spf13/cast v1.4.1 h1:s0hze+J0196ZfEMTs80N7UlFt0BDuQ7Q+JDnHiMWKdA= github.com/spf13/cast v1.4.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= -github.com/spf13/cobra v1.1.3 h1:xghbfqPkxzxP3C/f3n5DdpAbdKLj4ZE4BWQI362l53M= -github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= +github.com/spf13/cobra v1.5.0 h1:X+jTBEBqF0bHN+9cSMgmfuvv2VHJ9ezmFNf9Y/XstYU= +github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= -github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= github.com/stoewer/go-strcase v1.2.0 h1:Z2iHWqGXH00XYgqDmNgQbIBxf3wrNq0F3feEy0ainaU= github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= @@ -797,27 +637,18 @@ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXf github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= -github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk= -github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/tailscale/tscert v0.0.0-20220316030059-54bbcb9f74e2 h1:xwMw7LFhV9dbvot9A7NLClP9udqbjrQlIwWMH8e7uiQ= github.com/tailscale/tscert v0.0.0-20220316030059-54bbcb9f74e2/go.mod h1:hL4gB6APAasMR2NNi/JHzqKkxW3EPQlFgLEq9PMi2t0= -github.com/thales-e-security/pool v0.0.2/go.mod h1:qtpMm2+thHtqhLzTwgDBj/OuNnMpupY8mv0Phz0gjhU= github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= -github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli v1.22.5 h1:lNq9sAHXK2qfdI8W+GRItjCEkI+2oR4d+MEHy1CKXoU= github.com/urfave/cli v1.22.5/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= -github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= -github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= -github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -825,14 +656,12 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= -github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.5/go.mod h1:rmuwmfZ0+bvzB24eSC//bk1R1Zp3hM0OXYv/G2LIilg= -github.com/yuin/goldmark v1.4.13 h1:fVcFKWvrslecOb/tg+Cc05dkeYx540o0FuFt3nUVDoE= -github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +github.com/yuin/goldmark v1.5.2 h1:ALmeCk/px5FSm1MAcFBAsVKZjDuMVj8Tm7FFIlMJnqU= +github.com/yuin/goldmark v1.5.2/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/yuin/goldmark-highlighting v0.0.0-20220208100518-594be1970594 h1:yHfZyN55+5dp1wG7wDKv8HQ044moxkyGq12KFFMFDxg= github.com/yuin/goldmark-highlighting v0.0.0-20220208100518-594be1970594/go.mod h1:U9ihbh+1ZN7fR5Se3daSPoz1CGF9IYtSvWwVQtnzGHU= github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q= -go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ= go.etcd.io/bbolt v1.3.6 h1:/ecaJf0sk1l4l6V4awd65v2C3ILy7MSj+s/x1ADCIMU= @@ -848,9 +677,7 @@ go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0 h1:gqCw0LfLxScz8irSi8exQc7fyQ0fKQU/qnC/X8+V/1M= -go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.34.0 h1:9NkMW03wwEzPtP/KciZ4Ozu/Uz5ZA7kfqXJIObnrjGU= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.34.0/go.mod h1:548ZsYzmT4PL4zWKRd8q/N4z0Wxzn/ZxUE+lkEpwWQA= go.opentelemetry.io/otel v1.4.0/go.mod h1:jeAqMFKy2uLIxCtKxoFj0FAL5zAPKQagc3+GtBWakzk= @@ -872,14 +699,13 @@ go.opentelemetry.io/otel/trace v1.9.0/go.mod h1:2737Q0MuG8q1uILYm2YYVkAyLtOofiTN go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.opentelemetry.io/proto/otlp v0.12.0 h1:CMJ/3Wp7iOWES+CYLfnBv+DVmPbB+kmy9PJ92XvlR6c= go.opentelemetry.io/proto/otlp v0.12.0/go.mod h1:TsIjwGWIx5VFYv9KGVlOpxoBl5Dy+63SUguV7GGvlSQ= -go.step.sm/cli-utils v0.7.0/go.mod h1:Ur6bqA/yl636kCUJbp30J7Unv5JJ226eW2KqXPDwF/E= -go.step.sm/cli-utils v0.7.3 h1:IA12IaiXVCI18yOFVQuvMpyvjL8wuwUn1yO+KhAVAr0= -go.step.sm/cli-utils v0.7.3/go.mod h1:RJRwbBLqzs5nrepQLAV9FuT3fVpWz66tKzLIB7Izpfk= +go.step.sm/cli-utils v0.7.4 h1:oI7PStZqlvjPZ0u2EB4lN7yZ4R3ShTotdGL/L84Oorg= +go.step.sm/cli-utils v0.7.4/go.mod h1:taSsY8haLmXoXM3ZkywIyRmVij/4Aj0fQbNTlJvv71I= go.step.sm/crypto v0.9.0/go.mod h1:+CYG05Mek1YDqi5WK0ERc6cOpKly2i/a5aZmU1sfGj0= -go.step.sm/crypto v0.16.2 h1:Pr9aazTwWBBZNogUsOqhOrPSdwAa9pPs+lMB602lnDA= -go.step.sm/crypto v0.16.2/go.mod h1:1WkTOTY+fOX/RY4TnZREp6trQAsBHRQ7nu6QJBiNQF8= -go.step.sm/linkedca v0.16.1 h1:CdbMV5SjnlRsgeYTXaaZmQCkYIgJq8BOzpewri57M2k= -go.step.sm/linkedca v0.16.1/go.mod h1:W59ucS4vFpuR0g4PtkGbbtXAwxbDEnNCg+ovkej1ANM= +go.step.sm/crypto v0.18.0 h1:saD/tMG7uKJmUIPyOyudidVTHPnozTU02CDd+oqwKn0= +go.step.sm/crypto v0.18.0/go.mod h1:qZ+pNU1nV+THwP7TPTNCRMRr9xrRURhETTAK7U5psfw= +go.step.sm/linkedca v0.18.0 h1:uxRBd2WDvJNZ2i0nJm/QmG4lkRxWoebYKJinchX7T7o= +go.step.sm/linkedca v0.18.0/go.mod h1:qSuYlIIhvPmA2+DSSS03E2IXhbXWTLW61Xh9zDQJ3VM= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= @@ -899,8 +725,9 @@ go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9E go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= -go.uber.org/zap v1.21.0 h1:WefMeulhovoZ2sYXz7st6K0sLj7bBhpiFaud4r4zST8= go.uber.org/zap v1.21.0/go.mod h1:wjWOCqI0f2ZZrJF/UufIOkiC8ii6tm1iqIsLo76RfJw= +go.uber.org/zap v1.23.0 h1:OjGQ5KQDEUawVHxNwQgPpiypGHOxo2mNZsOqTak4fFY= +go.uber.org/zap v1.23.0/go.mod h1:D+nX8jyLsMHMYrln8A0rJjFt/T/9/bGgIhAqxv5URuY= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= @@ -914,15 +741,9 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201203163018-be400aefbc4c/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= -golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= -golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20211202192323-5770296d904e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa h1:zuSxTR4o9y82ebqCUJYNGJbGPo6sKVl54f/TVDObg1c= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -949,8 +770,6 @@ golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHl golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= @@ -959,13 +778,10 @@ golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzB golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 h1:kQgndtyPBW/JIYERgdxfwMYh3AVStj88WQTlNDi2a+o= golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= golang.org/x/net v0.0.0-20170726083632-f5079bd7f6f7/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180530234432-1e491301e022/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -1002,22 +818,10 @@ golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81R golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20211020060615-d418f374d309/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.0.0-20220403103023-749bd193bc2b/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220630215102-69896b714898/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.0.0-20220812165438-1d4ff48094d1 h1:mx1QvUwXKGgh+3SB51PH4G1TouzL84rLG0CtpdX+TTg= golang.org/x/net v0.0.0-20220812165438-1d4ff48094d1/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= @@ -1026,18 +830,8 @@ golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4Iltr golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 h1:RerP+noqYHUQ8CMRcPlC2nvTa4dcBIjegkuWdcUDuqg= -golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb h1:8tDJ3aechhddbdPAxpycgXHJRMLpk/Ab+aa4OgdN5/g= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1069,7 +863,6 @@ golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190626221950-04f50cda93cb/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1078,7 +871,6 @@ golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1090,7 +882,6 @@ golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1103,47 +894,21 @@ golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201015000850-e3ed0017c211/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201018230417-eeed37f84f13/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210915083310-ed5796bab164/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211031064116-611d5d643895/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211103235746-7861aae1554b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211210111614-af8b64212486/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220405052023-b1e9470b6e64/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10 h1:WIoqL4EROvwiPdUtaip4VcDdpZ4kha7wBWZrbVKCIZg= @@ -1167,8 +932,6 @@ golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxb golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -1191,7 +954,6 @@ golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= @@ -1214,28 +976,14 @@ golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWc golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200522201501-cb1345f3a375/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200717024301-6ddee64345a6/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= -golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo= golang.org/x/tools v0.1.10 h1:QjFRCZxdOhBJ/UNgnBZLbNV13DlbnK0quyivTnXJM20= golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1243,10 +991,9 @@ golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.zx2c4.com/wintun v0.0.0-20211104114900-415007cec224/go.mod h1:deeaetjYA+DHMHg+sMSMI58GrEteJUUzzw7en6TJQcI= -golang.zx2c4.com/wireguard/windows v0.5.1/go.mod h1:EApyTk/ZNrkbZjurHL1nleDYnsPpJYBO7LZEBCyDAHk= +golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f h1:uF6paiQQebLeSXkrTqHqz0MXhXXS1KgF41eUdBNvxK0= +golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= @@ -1264,24 +1011,7 @@ google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0M google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= -google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= -google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE= -google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= -google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= -google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= -google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo= -google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4= -google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw= -google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU= -google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k= -google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE= -google.golang.org/api v0.56.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE= -google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI= -google.golang.org/api v0.61.0/go.mod h1:xQRti5UdCmoCEqFxcz93fTl338AVqDgyaDRuOZ3hg9I= -google.golang.org/api v0.63.0/go.mod h1:gs4ij2ffTRXwuzzgJl/56BdwJaA194ijkfn++9tDuPo= -google.golang.org/api v0.67.0/go.mod h1:ShHKP8E60yPsKNw/w8w+VYaj9H6buA5UqDp8dhbQZ6g= -google.golang.org/api v0.70.0 h1:67zQnAE0T2rB0A3CwLSas0K+SbVzSxP+zTLkQLexeiw= -google.golang.org/api v0.70.0/go.mod h1:Bs4ZM2HGifEvXwd50TtW70ovgJffJYw2oRCOFU/SkfA= +google.golang.org/api v0.84.0 h1:NMB9J4cCxs9xEm+1Z9QiO3eFvn7EnQj3Eo3hN6ugVlg= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1290,8 +1020,6 @@ google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= -google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/genproto v0.0.0-20170818010345-ee236bd376b0/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= @@ -1323,44 +1051,8 @@ google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7Fc google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= -google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= -google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24= -google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= -google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= -google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= -google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= -google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w= -google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= -google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20211221195035-429b39de9b1c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20220126215142-9970aeb2e350/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20220207164111-0872dc986b00/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20220218161850-94dd64e39d7c/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= -google.golang.org/genproto v0.0.0-20220222213610-43724f9ea8cf/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= -google.golang.org/genproto v0.0.0-20220401170504-314d38edb7de/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= -google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 h1:hrbNEivu7Zn1pxvHk6MBrq9iE22woVILTHqexqBxe6I= -google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= -google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= +google.golang.org/genproto v0.0.0-20220617124728-180714bec0ad h1:kqrS+lhvaMHCxul6sKQvKJ8nAAhlVItmZV822hYFH/U= +google.golang.org/genproto v0.0.0-20220617124728-180714bec0ad/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM= @@ -1378,27 +1070,13 @@ google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKa google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= -google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= -google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= -google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= -google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= -google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= -google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k= google.golang.org/grpc v1.43.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= -google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ= -google.golang.org/grpc v1.46.0 h1:oCjezcn6g6A75TGoKYBPgKmVBLexhYLM6MebdrPApP8= -google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= -google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= +google.golang.org/grpc v1.47.0 h1:9n77onPX5F3qfFCqjy9dhn8PbNQsIKeVU04J9G7umt8= +google.golang.org/grpc v1.47.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -1409,7 +1087,6 @@ google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2 google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= -google.golang.org/protobuf v1.25.1-0.20200805231151-a709e31e5d12/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= @@ -1418,15 +1095,13 @@ google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqw gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= -gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o= gopkg.in/inconshreveable/log15.v2 v2.0.0-20180818164646-67afb5ed74ec/go.mod h1:aPpfJ7XW+gOuirDoZ8gHhLh3kZ1B08FtV2bbmy7Jv3s= -gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/natefinch/lumberjack.v2 v2.0.0 h1:1Lc07Kr7qY4U2YPouBjpCLxpiyxIVoxqXgkXLknAOE8= gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= @@ -1443,14 +1118,12 @@ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= From b1d04f5b39df58e092ad503e9ccd0584b30936a1 Mon Sep 17 00:00:00 2001 From: iliana etaoin Date: Sat, 1 Oct 2022 17:14:27 -0700 Subject: [PATCH 0834/1498] fileserver: better dark mode visited link contrast (#5105) PR #4066 added a dark color scheme to the file_server browse template. PR #4356 later set the links for the `:visited` pseudo-class, but did not set anything for the dark mode, resulting in poor contrast. I selected some new colors by feel. This commit also adds an `a:visited:hover` for both, to go along with the normal blue hover colors. --- modules/caddyhttp/fileserver/browse.html | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/modules/caddyhttp/fileserver/browse.html b/modules/caddyhttp/fileserver/browse.html index c0ea1310..01537fc6 100644 --- a/modules/caddyhttp/fileserver/browse.html +++ b/modules/caddyhttp/fileserver/browse.html @@ -27,6 +27,10 @@ a:visited { color: #800080; } +a:visited:hover { + color: #b900b9; +} + header, #summary { padding-left: 5%; @@ -244,6 +248,14 @@ footer { color: #62b2fd; } + a:visited { + color: #c269c2; + } + + a:visited:hover { + color: #d03cd0; + } + tr { border-bottom: 1px dashed rgba(255, 255, 255, 0.12); } From da24f57daca431704f953500386758eae2b8de1b Mon Sep 17 00:00:00 2001 From: Tobias Gruetzmacher Date: Sun, 2 Oct 2022 22:56:54 +0200 Subject: [PATCH 0835/1498] Fix inverted logic in Windows service detection (#5106) --- service_windows.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/service_windows.go b/service_windows.go index 7590fc3c..6db29925 100644 --- a/service_windows.go +++ b/service_windows.go @@ -21,7 +21,7 @@ import ( func init() { isService, err := svc.IsWindowsService() - if err != nil || isService { + if err != nil || !isService { return } go func() { From c28cd29fe7ffc4b7f7bebb16fe721f25abab2446 Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Tue, 4 Oct 2022 17:03:10 +0300 Subject: [PATCH 0836/1498] ci: enhance the CI/CD flow (#5118) --- .github/workflows/ci.yml | 7 ++++--- .goreleaser.yml | 1 + 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f194aa2a..ca0f02d9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -156,17 +156,18 @@ jobs: short_sha=$(git rev-parse --short HEAD) # The environment is fresh, so there's no point in keeping accepting and adding the key. - rsync -arz -e "ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" --progress --delete --exclude '.git' . caddy-ci@ci-s390x.caddyserver.com:/var/tmp/"$short_sha" - ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -t caddy-ci@ci-s390x.caddyserver.com "cd /var/tmp/$short_sha; go version; go env; printf "\n\n";CGO_ENABLED=0 go test -v ./..." + rsync -arz -e "ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" --progress --delete --exclude '.git' . "$CI_USER"@ci-s390x.caddyserver.com:/var/tmp/"$short_sha" + ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -t "$CI_USER"@ci-s390x.caddyserver.com "cd /var/tmp/$short_sha; go version; go env; printf "\n\n";CGO_ENABLED=0 go test -v ./..." test_result=$? # There's no need leaving the files around - ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null caddy-ci@ci-s390x.caddyserver.com "rm -rf /var/tmp/'$short_sha'" + ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null "$CI_USER"@ci-s390x.caddyserver.com "rm -rf /var/tmp/'$short_sha'" echo "Test exit code: $test_result" exit $test_result env: SSH_KEY: ${{ secrets.S390X_SSH_KEY }} + CI_USER: ${{ secrets.CI_USER }} goreleaser-check: runs-on: ubuntu-latest diff --git a/.goreleaser.yml b/.goreleaser.yml index bfd3fd43..dafcce09 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -4,6 +4,7 @@ before: # This is so we can run goreleaser on tag without Git complaining of being dirty. The main.go in cmd/caddy directory # cannot be built within that directory due to changes necessary for the build causing Git to be dirty, which # subsequently causes gorleaser to refuse running. + - rm -rf caddy-build caddy-dist - mkdir -p caddy-build - cp cmd/caddy/main.go caddy-build/main.go - /bin/sh -c 'cd ./caddy-build && go mod init caddy' From 253d97c93dce9a3365e67d0360b2e47dd165578e Mon Sep 17 00:00:00 2001 From: Tobias Gruetzmacher Date: Tue, 4 Oct 2022 19:04:02 +0200 Subject: [PATCH 0837/1498] core: Chdir to executable location on Windows (#5115) Since all Windows services are run from the Windows system directory, make it easier for users by switching to our program directory right after the start. --- service_windows.go | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/service_windows.go b/service_windows.go index 6db29925..357c9ac8 100644 --- a/service_windows.go +++ b/service_windows.go @@ -15,6 +15,9 @@ package caddy import ( + "os" + "path/filepath" + "github.com/caddyserver/caddy/v2/notify" "golang.org/x/sys/windows/svc" ) @@ -24,6 +27,14 @@ func init() { if err != nil || !isService { return } + + // Windows services always start in the system32 directory, try to + // switch into the directory where the caddy executable is. + execPath, err := os.Executable() + if err == nil { + _ = os.Chdir(filepath.Dir(execPath)) + } + go func() { _ = svc.Run("", runner{}) }() From 2808de1e30b873f9c8f4693eae59bd56f20ebbbe Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 4 Oct 2022 22:58:19 -0400 Subject: [PATCH 0838/1498] httpcaddyfile: Skip `automate` when `auto_https off` is specified (#5110) --- caddyconfig/httpcaddyfile/tlsapp.go | 14 +++-- .../tls_automation_policies_10.txt | 58 +++++++++++++++++++ 2 files changed, 68 insertions(+), 4 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/tls_automation_policies_10.txt diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index 947512aa..240cb02d 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -48,6 +48,10 @@ func (st ServerType) buildTLSApp( if hsp, ok := options["https_port"].(int); ok { httpsPort = strconv.Itoa(hsp) } + autoHTTPS := "on" + if ah, ok := options["auto_https"].(string); ok { + autoHTTPS = ah + } // count how many server blocks have a TLS-enabled key with // no host, and find all hosts that share a server block with @@ -331,10 +335,12 @@ func (st ServerType) buildTLSApp( internalAP := &caddytls.AutomationPolicy{ IssuersRaw: []json.RawMessage{json.RawMessage(`{"module":"internal"}`)}, } - for h := range httpsHostsSharedWithHostlessKey { - al = append(al, h) - if !certmagic.SubjectQualifiesForPublicCert(h) { - internalAP.Subjects = append(internalAP.Subjects, h) + if autoHTTPS != "off" { + for h := range httpsHostsSharedWithHostlessKey { + al = append(al, h) + if !certmagic.SubjectQualifiesForPublicCert(h) { + internalAP.Subjects = append(internalAP.Subjects, h) + } } } if len(al) > 0 { diff --git a/caddytest/integration/caddyfile_adapt/tls_automation_policies_10.txt b/caddytest/integration/caddyfile_adapt/tls_automation_policies_10.txt new file mode 100644 index 00000000..b6832ad1 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/tls_automation_policies_10.txt @@ -0,0 +1,58 @@ +# example from issue #4667 +{ + auto_https off +} + +https://, example.com { + tls test.crt test.key + respond "Hello World" +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "handle": [ + { + "body": "Hello World", + "handler": "static_response" + } + ] + } + ], + "tls_connection_policies": [ + { + "certificate_selection": { + "any_tag": [ + "cert0" + ] + } + } + ], + "automatic_https": { + "disable": true + } + } + } + }, + "tls": { + "certificates": { + "load_files": [ + { + "certificate": "test.crt", + "key": "test.key", + "tags": [ + "cert0" + ] + } + ] + } + } + } +} \ No newline at end of file From 01e192edc9e11ceb92dd02eb79efde087838831a Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 4 Oct 2022 23:18:48 -0400 Subject: [PATCH 0839/1498] logging: Better `console` encoder defaults (#5109) This is something that has bothered me for a while, so I figured I'd do something about it now since I'm playing in the logging code lately. The `console` encoder doesn't actually match the defaults that zap's default logger uses. This makes it match better with the rest of the logs when using the `console` encoder alongside somekind of filter, which requires you to configure an encoder to wrap. --- modules/logging/encoders.go | 43 +++++++++++++++++++++---------------- 1 file changed, 24 insertions(+), 19 deletions(-) diff --git a/modules/logging/encoders.go b/modules/logging/encoders.go index 38083db0..d8825d35 100644 --- a/modules/logging/encoders.go +++ b/modules/logging/encoders.go @@ -45,15 +45,21 @@ func (ConsoleEncoder) CaddyModule() caddy.ModuleInfo { // Provision sets up the encoder. func (ce *ConsoleEncoder) Provision(_ caddy.Context) error { + if ce.LevelFormat == "" { + ce.LevelFormat = "color" + } + if ce.TimeFormat == "" { + ce.TimeFormat = "wall_milli" + } ce.Encoder = zapcore.NewConsoleEncoder(ce.ZapcoreEncoderConfig()) return nil } // UnmarshalCaddyfile sets up the module from Caddyfile tokens. Syntax: // -// console { -// -// } +// console { +// +// } // // See the godoc on the LogEncoderConfig type for the syntax of // subdirectives that are common to most/all encoders. @@ -92,9 +98,9 @@ func (je *JSONEncoder) Provision(_ caddy.Context) error { // UnmarshalCaddyfile sets up the module from Caddyfile tokens. Syntax: // -// json { -// -// } +// json { +// +// } // // See the godoc on the LogEncoderConfig type for the syntax of // subdirectives that are common to most/all encoders. @@ -127,19 +133,18 @@ type LogEncoderConfig struct { // UnmarshalCaddyfile populates the struct from Caddyfile tokens. Syntax: // -// { -// message_key -// level_key -// time_key -// name_key -// caller_key -// stacktrace_key -// line_ending -// time_format -// duration_format -// level_format -// } -// +// { +// message_key +// level_key +// time_key +// name_key +// caller_key +// stacktrace_key +// line_ending +// time_format +// duration_format +// level_format +// } func (lec *LogEncoderConfig) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { for nesting := d.Nesting(); d.NextBlock(nesting); { subdir := d.Val() From 2be56c526c9652911883905eb91abaf5fdf821fb Mon Sep 17 00:00:00 2001 From: xufanglu <3146974+likev@users.noreply.github.com> Date: Wed, 5 Oct 2022 11:32:40 +0800 Subject: [PATCH 0840/1498] fileserver: Treat invalid file path as NotFound (#5099) treat invalid file path as notFound so that PassThru can work --- modules/caddyhttp/fileserver/staticfiles.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/caddyhttp/fileserver/staticfiles.go b/modules/caddyhttp/fileserver/staticfiles.go index 84743388..04728ce4 100644 --- a/modules/caddyhttp/fileserver/staticfiles.go +++ b/modules/caddyhttp/fileserver/staticfiles.go @@ -247,7 +247,7 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c info, err := fs.Stat(fsrv.fileSystem, filename) if err != nil { err = fsrv.mapDirOpenError(err, filename) - if errors.Is(err, fs.ErrNotExist) { + if errors.Is(err, fs.ErrNotExist) || errors.Is(err, fs.ErrInvalid) { return fsrv.notFound(w, r, next) } else if errors.Is(err, fs.ErrPermission) { return caddyhttp.Error(http.StatusForbidden, err) From 9e1d964bd6af27cd96a370987a1cadc58933d19a Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 5 Oct 2022 00:23:14 -0400 Subject: [PATCH 0841/1498] logging: Add `time_local` option to use local time instead of UTC (#5108) --- modules/logging/encoders.go | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/modules/logging/encoders.go b/modules/logging/encoders.go index d8825d35..1cfab8ea 100644 --- a/modules/logging/encoders.go +++ b/modules/logging/encoders.go @@ -127,6 +127,7 @@ type LogEncoderConfig struct { StacktraceKey *string `json:"stacktrace_key,omitempty"` LineEnding *string `json:"line_ending,omitempty"` TimeFormat string `json:"time_format,omitempty"` + TimeLocal bool `json:"time_local,omitempty"` DurationFormat string `json:"duration_format,omitempty"` LevelFormat string `json:"level_format,omitempty"` } @@ -142,12 +143,21 @@ type LogEncoderConfig struct { // stacktrace_key // line_ending // time_format +// time_local // duration_format // level_format // } func (lec *LogEncoderConfig) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { for nesting := d.Nesting(); d.NextBlock(nesting); { subdir := d.Val() + switch subdir { + case "time_local": + lec.TimeLocal = true + if d.NextArg() { + return d.ArgErr() + } + continue + } var arg string if !d.AllArgs(&arg) { return d.ArgErr() @@ -237,7 +247,13 @@ func (lec *LogEncoderConfig) ZapcoreEncoderConfig() zapcore.EncoderConfig { timeFormat = "02/Jan/2006:15:04:05 -0700" } timeFormatter = func(ts time.Time, encoder zapcore.PrimitiveArrayEncoder) { - encoder.AppendString(ts.UTC().Format(timeFormat)) + var time time.Time + if lec.TimeLocal { + time = ts.Local() + } else { + time = ts.UTC() + } + encoder.AppendString(time.Format(timeFormat)) } } cfg.EncodeTime = timeFormatter From ea58d519078916d4cf273628653e348befbaf6c0 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 5 Oct 2022 01:21:23 -0400 Subject: [PATCH 0842/1498] logging: Perform filtering on arrays of strings (where possible) (#5101) * logging: Perform filtering on arrays of strings (where possible) * Add test for ip_mask filter * Oops, need to continue when it's not an IP * Test for invalid IPs --- modules/logging/filters.go | 83 ++++++++++++++++------- modules/logging/filters_test.go | 112 +++++++++++++++++++++++++++++++- 2 files changed, 171 insertions(+), 24 deletions(-) diff --git a/modules/logging/filters.go b/modules/logging/filters.go index c2c039af..8cc84c73 100644 --- a/modules/logging/filters.go +++ b/modules/logging/filters.go @@ -23,6 +23,7 @@ import ( "net/url" "regexp" "strconv" + "strings" "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" @@ -76,7 +77,10 @@ func hash(s string) string { } // HashFilter is a Caddy log field filter that -// replaces the field with the initial 4 bytes of the SHA-256 hash of the content. +// replaces the field with the initial 4 bytes +// of the SHA-256 hash of the content. Operates +// on string fields, or on arrays of strings +// where each string is hashed. type HashFilter struct { } @@ -95,7 +99,13 @@ func (f *HashFilter) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { // Filter filters the input field with the replacement value. func (f *HashFilter) Filter(in zapcore.Field) zapcore.Field { - in.String = hash(in.String) + if array, ok := in.Interface.(caddyhttp.LoggableStringArray); ok { + for i, s := range array { + array[i] = hash(s) + } + } else { + in.String = hash(in.String) + } return in } @@ -131,7 +141,10 @@ func (f *ReplaceFilter) Filter(in zapcore.Field) zapcore.Field { } // IPMaskFilter is a Caddy log field filter that -// masks IP addresses. +// masks IP addresses in a string, or in an array +// of strings. The string may be a comma separated +// list of IP addresses, where all of the values +// will be masked. type IPMaskFilter struct { // The IPv4 mask, as an subnet size CIDR. IPv4MaskRaw int `json:"ipv4_cidr,omitempty"` @@ -205,27 +218,45 @@ func (m *IPMaskFilter) Provision(ctx caddy.Context) error { // Filter filters the input field. func (m IPMaskFilter) Filter(in zapcore.Field) zapcore.Field { - host, port, err := net.SplitHostPort(in.String) - if err != nil { - host = in.String // assume whole thing was IP address - } - ipAddr := net.ParseIP(host) - if ipAddr == nil { - return in - } - mask := m.v4Mask - if ipAddr.To4() == nil { - mask = m.v6Mask - } - masked := ipAddr.Mask(mask) - if port == "" { - in.String = masked.String() + if array, ok := in.Interface.(caddyhttp.LoggableStringArray); ok { + for i, s := range array { + array[i] = m.mask(s) + } } else { - in.String = net.JoinHostPort(masked.String(), port) + in.String = m.mask(in.String) } + return in } +func (m IPMaskFilter) mask(s string) string { + output := "" + for _, value := range strings.Split(s, ",") { + value = strings.TrimSpace(value) + host, port, err := net.SplitHostPort(value) + if err != nil { + host = value // assume whole thing was IP address + } + ipAddr := net.ParseIP(host) + if ipAddr == nil { + output += value + ", " + continue + } + mask := m.v4Mask + if ipAddr.To4() == nil { + mask = m.v6Mask + } + masked := ipAddr.Mask(mask) + if port == "" { + output += masked.String() + ", " + continue + } + + output += net.JoinHostPort(masked.String(), port) + ", " + } + return strings.TrimSuffix(output, ", ") +} + type filterAction string const ( @@ -499,7 +530,10 @@ OUTER: } // RegexpFilter is a Caddy log field filter that -// replaces the field matching the provided regexp with the indicated string. +// replaces the field matching the provided regexp +// with the indicated string. If the field is an +// array of strings, each of them will have the +// regexp replacement applied. type RegexpFilter struct { // The regular expression pattern defining what to replace. RawRegexp string `json:"regexp,omitempty"` @@ -545,7 +579,13 @@ func (m *RegexpFilter) Provision(ctx caddy.Context) error { // Filter filters the input field with the replacement value if it matches the regexp. func (f *RegexpFilter) Filter(in zapcore.Field) zapcore.Field { - in.String = f.regexp.ReplaceAllString(in.String, f.Value) + if array, ok := in.Interface.(caddyhttp.LoggableStringArray); ok { + for i, s := range array { + array[i] = f.regexp.ReplaceAllString(s, f.Value) + } + } else { + in.String = f.regexp.ReplaceAllString(in.String, f.Value) + } return in } @@ -576,7 +616,6 @@ func (f *RenameFilter) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { // Filter renames the input field with the replacement name. func (f *RenameFilter) Filter(in zapcore.Field) zapcore.Field { - in.Type = zapcore.StringType in.Key = f.Name return in } diff --git a/modules/logging/filters_test.go b/modules/logging/filters_test.go index 2b087f28..e9c3e77f 100644 --- a/modules/logging/filters_test.go +++ b/modules/logging/filters_test.go @@ -8,6 +8,81 @@ import ( "go.uber.org/zap/zapcore" ) +func TestIPMaskSingleValue(t *testing.T) { + f := IPMaskFilter{IPv4MaskRaw: 16, IPv6MaskRaw: 32} + f.Provision(caddy.Context{}) + + out := f.Filter(zapcore.Field{String: "255.255.255.255"}) + if out.String != "255.255.0.0" { + t.Fatalf("field has not been filtered: %s", out.String) + } + + out = f.Filter(zapcore.Field{String: "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff"}) + if out.String != "ffff:ffff::" { + t.Fatalf("field has not been filtered: %s", out.String) + } + + out = f.Filter(zapcore.Field{String: "not-an-ip"}) + if out.String != "not-an-ip" { + t.Fatalf("field has been filtered: %s", out.String) + } +} + +func TestIPMaskCommaValue(t *testing.T) { + f := IPMaskFilter{IPv4MaskRaw: 16, IPv6MaskRaw: 32} + f.Provision(caddy.Context{}) + + out := f.Filter(zapcore.Field{String: "255.255.255.255, 244.244.244.244"}) + if out.String != "255.255.0.0, 244.244.0.0" { + t.Fatalf("field has not been filtered: %s", out.String) + } + + out = f.Filter(zapcore.Field{String: "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, ff00:ffff:ffff:ffff:ffff:ffff:ffff:ffff"}) + if out.String != "ffff:ffff::, ff00:ffff::" { + t.Fatalf("field has not been filtered: %s", out.String) + } + + out = f.Filter(zapcore.Field{String: "not-an-ip, 255.255.255.255"}) + if out.String != "not-an-ip, 255.255.0.0" { + t.Fatalf("field has not been filtered: %s", out.String) + } +} + +func TestIPMaskMultiValue(t *testing.T) { + f := IPMaskFilter{IPv4MaskRaw: 16, IPv6MaskRaw: 32} + f.Provision(caddy.Context{}) + + out := f.Filter(zapcore.Field{Interface: caddyhttp.LoggableStringArray{ + "255.255.255.255", + "244.244.244.244", + }}) + arr, ok := out.Interface.(caddyhttp.LoggableStringArray) + if !ok { + t.Fatalf("field is wrong type: %T", out.Integer) + } + if arr[0] != "255.255.0.0" { + t.Fatalf("field entry 0 has not been filtered: %s", arr[0]) + } + if arr[1] != "244.244.0.0" { + t.Fatalf("field entry 1 has not been filtered: %s", arr[1]) + } + + out = f.Filter(zapcore.Field{Interface: caddyhttp.LoggableStringArray{ + "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", + "ff00:ffff:ffff:ffff:ffff:ffff:ffff:ffff", + }}) + arr, ok = out.Interface.(caddyhttp.LoggableStringArray) + if !ok { + t.Fatalf("field is wrong type: %T", out.Integer) + } + if arr[0] != "ffff:ffff::" { + t.Fatalf("field entry 0 has not been filtered: %s", arr[0]) + } + if arr[1] != "ff00:ffff::" { + t.Fatalf("field entry 1 has not been filtered: %s", arr[1]) + } +} + func TestQueryFilter(t *testing.T) { f := QueryFilter{[]queryFilterAction{ {replaceAction, "foo", "REDACTED"}, @@ -78,7 +153,7 @@ func TestValidateCookieFilter(t *testing.T) { } } -func TestRegexpFilter(t *testing.T) { +func TestRegexpFilterSingleValue(t *testing.T) { f := RegexpFilter{RawRegexp: `secret`, Value: "REDACTED"} f.Provision(caddy.Context{}) @@ -88,7 +163,24 @@ func TestRegexpFilter(t *testing.T) { } } -func TestHashFilter(t *testing.T) { +func TestRegexpFilterMultiValue(t *testing.T) { + f := RegexpFilter{RawRegexp: `secret`, Value: "REDACTED"} + f.Provision(caddy.Context{}) + + out := f.Filter(zapcore.Field{Interface: caddyhttp.LoggableStringArray{"foo-secret-bar", "bar-secret-foo"}}) + arr, ok := out.Interface.(caddyhttp.LoggableStringArray) + if !ok { + t.Fatalf("field is wrong type: %T", out.Integer) + } + if arr[0] != "foo-REDACTED-bar" { + t.Fatalf("field entry 0 has not been filtered: %s", arr[0]) + } + if arr[1] != "bar-REDACTED-foo" { + t.Fatalf("field entry 1 has not been filtered: %s", arr[1]) + } +} + +func TestHashFilterSingleValue(t *testing.T) { f := HashFilter{} out := f.Filter(zapcore.Field{String: "foo"}) @@ -96,3 +188,19 @@ func TestHashFilter(t *testing.T) { t.Fatalf("field has not been filtered: %s", out.String) } } + +func TestHashFilterMultiValue(t *testing.T) { + f := HashFilter{} + + out := f.Filter(zapcore.Field{Interface: caddyhttp.LoggableStringArray{"foo", "bar"}}) + arr, ok := out.Interface.(caddyhttp.LoggableStringArray) + if !ok { + t.Fatalf("field is wrong type: %T", out.Integer) + } + if arr[0] != "2c26b46b" { + t.Fatalf("field entry 0 has not been filtered: %s", arr[0]) + } + if arr[1] != "fcde2b2e" { + t.Fatalf("field entry 1 has not been filtered: %s", arr[1]) + } +} From 2153a81ec85da99dcd33aa87ff0df5d286f00e9d Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Tue, 4 Oct 2022 23:37:01 -0600 Subject: [PATCH 0843/1498] forwardauth: Canonicalize header fields (fix #5038) (#5097) --- .../reverseproxy/forwardauth/caddyfile.go | 39 +++++++++---------- 1 file changed, 18 insertions(+), 21 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/forwardauth/caddyfile.go b/modules/caddyhttp/reverseproxy/forwardauth/caddyfile.go index a0b1f421..cecc0001 100644 --- a/modules/caddyhttp/reverseproxy/forwardauth/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/forwardauth/caddyfile.go @@ -38,29 +38,28 @@ func init() { // configured for most™️ auth gateways that support forward auth. The typical // config which looks something like this: // -// forward_auth auth-gateway:9091 { -// uri /authenticate?redirect=https://auth.example.com -// copy_headers Remote-User Remote-Email -// } +// forward_auth auth-gateway:9091 { +// uri /authenticate?redirect=https://auth.example.com +// copy_headers Remote-User Remote-Email +// } // // is equivalent to a reverse_proxy directive like this: // -// reverse_proxy auth-gateway:9091 { -// method GET -// rewrite /authenticate?redirect=https://auth.example.com +// reverse_proxy auth-gateway:9091 { +// method GET +// rewrite /authenticate?redirect=https://auth.example.com // -// header_up X-Forwarded-Method {method} -// header_up X-Forwarded-Uri {uri} -// -// @good status 2xx -// handle_response @good { -// request_header { -// Remote-User {http.reverse_proxy.header.Remote-User} -// Remote-Email {http.reverse_proxy.header.Remote-Email} -// } -// } -// } +// header_up X-Forwarded-Method {method} +// header_up X-Forwarded-Uri {uri} // +// @good status 2xx +// handle_response @good { +// request_header { +// Remote-User {http.reverse_proxy.header.Remote-User} +// Remote-Email {http.reverse_proxy.header.Remote-Email} +// } +// } +// } func parseCaddyfile(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error) { if !h.Next() { return nil, h.ArgErr() @@ -196,9 +195,7 @@ func parseCaddyfile(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error) // need at least one handler in the routes for the response handling // logic in reverse_proxy to not skip this entry as empty. for from, to := range headersToCopy { - handler.Request.Set[to] = []string{ - "{http.reverse_proxy.header." + from + "}", - } + handler.Request.Set.Set(to, "{http.reverse_proxy.header."+http.CanonicalHeaderKey(from)+"}") } goodResponseHandler.Routes = append( From e4fac1294f3fcedea5bc94668d56ec64e651bc98 Mon Sep 17 00:00:00 2001 From: Adam Weinberger Date: Wed, 5 Oct 2022 10:59:57 -0600 Subject: [PATCH 0844/1498] core: Set version manually via CustomVersion (#5072) * Allow version to be set manually When Caddy is built from a release tarball (as downloaded from GitHub), `caddy version` returns an empty string. This causes confusion for downstream packagers. With this commit, VersionString can be set with eg. go build (...) -ldflags '-X (...).VersionString=v1.2.3' Then the short form version will be "v1.2.3", and the full version string will begin with "v1.2.3 ". * Prefer embedded version, then CustomVersion * Prefer "unknown" for full version over empty Co-authored-by: Matthew Holt --- caddy.go | 36 +++++++++++++++++++++++++++++++++--- 1 file changed, 33 insertions(+), 3 deletions(-) diff --git a/caddy.go b/caddy.go index 584865bd..1ecad94e 100644 --- a/caddy.go +++ b/caddy.go @@ -824,6 +824,20 @@ func InstanceID() (uuid.UUID, error) { return uuid.ParseBytes(uuidFileBytes) } +// CustomVersion is an optional string that overrides Caddy's +// reported version. It can be helpful when downstream packagers +// need to manually set Caddy's version. If no other version +// information is available, the short form version (see +// Version()) will be set to CustomVersion, and the full version +// will include CustomVersion at the beginning. +// +// Set this variable during `go build` with `-ldflags`: +// +// -ldflags '-X github.com/caddyserver/caddy/v2.CustomVersion=v2.6.2' +// +// for example. +var CustomVersion string + // Version returns the Caddy version in a simple/short form, and // a full version string. The short form will not have spaces and // is intended for User-Agent strings and similar, but may be @@ -833,8 +847,10 @@ func InstanceID() (uuid.UUID, error) { // build info provided by go.mod dependencies; then it tries to // get info from embedded VCS information, which requires having // built Caddy from a git repository. If no version is available, -// this function returns "(devel)" becaise Go uses that, but for -// the simple form we change it to "unknown". +// this function returns "(devel)" because Go uses that, but for +// the simple form we change it to "unknown". If still no version +// is available (e.g. no VCS repo), then it will use CustomVersion; +// CustomVersion is always prepended to the full version string. // // See relevant Go issues: https://github.com/golang/go/issues/29228 // and https://github.com/golang/go/issues/50603. @@ -910,8 +926,22 @@ func Version() (simple, full string) { } } + if full == "" { + if CustomVersion != "" { + full = CustomVersion + } else { + full = "unknown" + } + } else if CustomVersion != "" { + full = CustomVersion + " " + full + } + if simple == "" || simple == "(devel)" { - simple = "unknown" + if CustomVersion != "" { + simple = CustomVersion + } else { + simple = "unknown" + } } return From e07a267276b9c00181c979ec65f26e25b8325beb Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 5 Oct 2022 11:40:41 -0600 Subject: [PATCH 0845/1498] caddytest: Revise sleep durations Attempt to reduce flakiness a bit more Test suite needs to be rewritten. --- caddytest/caddytest.go | 4 ++-- caddytest/integration/reverseproxy_test.go | 2 ++ modules/caddyhttp/reverseproxy/fastcgi/client_test.go | 4 ++-- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/caddytest/caddytest.go b/caddytest/caddytest.go index 2ffd313c..ca10fab7 100644 --- a/caddytest/caddytest.go +++ b/caddytest/caddytest.go @@ -214,7 +214,7 @@ func (tc *Tester) ensureConfigRunning(rawConfig string, configType string) error return actual } - for retries := 4; retries > 0; retries-- { + for retries := 10; retries > 0; retries-- { if reflect.DeepEqual(expected, fetchConfig(client)) { return nil } @@ -243,7 +243,7 @@ func validateTestPrerequisites() error { }() // wait for caddy to start serving the initial config - for retries := 4; retries > 0 && isCaddyAdminRunning() != nil; retries-- { + for retries := 10; retries > 0 && isCaddyAdminRunning() != nil; retries-- { time.Sleep(10 * time.Millisecond) } } diff --git a/caddytest/integration/reverseproxy_test.go b/caddytest/integration/reverseproxy_test.go index 81aec714..049c7fd2 100644 --- a/caddytest/integration/reverseproxy_test.go +++ b/caddytest/integration/reverseproxy_test.go @@ -8,6 +8,7 @@ import ( "runtime" "strings" "testing" + "time" "github.com/caddyserver/caddy/v2/caddytest" ) @@ -441,6 +442,7 @@ func TestReverseProxyHealthCheck(t *testing.T) { } `, "caddyfile") + time.Sleep(100 * time.Millisecond) // TODO: for some reason this test seems particularly flaky, getting 503 when it should be 200, unless we wait tester.AssertGetResponse("http://localhost:9080/", 200, "Hello, World!") } diff --git a/modules/caddyhttp/reverseproxy/fastcgi/client_test.go b/modules/caddyhttp/reverseproxy/fastcgi/client_test.go index 78e5713a..29bb5785 100644 --- a/modules/caddyhttp/reverseproxy/fastcgi/client_test.go +++ b/modules/caddyhttp/reverseproxy/fastcgi/client_test.go @@ -171,7 +171,7 @@ func sendFcgi(reqType int, fcgiParams map[string]string, data []byte, posts map[ log.Println("c: send data length ≈", length, string(content)) conn.Close() - time.Sleep(1 * time.Second) + time.Sleep(250 * time.Millisecond) if bytes.Contains(content, []byte("FAILED")) { globalt.Error("Server return failed message") @@ -230,7 +230,7 @@ func DisabledTest(t *testing.T) { } }() - time.Sleep(1 * time.Second) + time.Sleep(250 * time.Millisecond) // init fcgiParams := make(map[string]string) From 99ffe9338837eff80def7e5d51c2a0e02f56abdb Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 5 Oct 2022 14:14:13 -0400 Subject: [PATCH 0846/1498] logging: Fix `skip_hosts` with wildcards (#5102) Fix #4859 --- caddyconfig/httpcaddyfile/builtins.go | 2 +- caddyconfig/httpcaddyfile/httptype.go | 33 +++++-------------- .../caddyfile_adapt/log_skip_hosts.txt | 3 ++ logging.go | 8 +++-- modules/caddyhttp/server.go | 15 ++++----- 5 files changed, 23 insertions(+), 38 deletions(-) diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index 7f23fd59..f4c9ce01 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -735,7 +735,7 @@ func parseLogHelper(h Helper, globalLogNames map[string]struct{}) ([]ConfigValue // reference the default logger. See the // setupNewDefault function in the logging // package for where this is configured. - globalLogName = "default" + globalLogName = caddy.DefaultLoggerName } // Verify this name is unused. diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 7159454b..c220c066 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -219,7 +219,7 @@ func (st ServerType) Setup(inputServerBlocks []caddyfile.ServerBlock, if ncl.name == "" { return } - if ncl.name == "default" { + if ncl.name == caddy.DefaultLoggerName { hasDefaultLog = true } if _, ok := options["debug"]; ok && ncl.log.Level == "" { @@ -240,7 +240,7 @@ func (st ServerType) Setup(inputServerBlocks []caddyfile.ServerBlock, // configure it with any applicable options if _, ok := options["debug"]; ok { customLogs = append(customLogs, namedCustomLog{ - name: "default", + name: caddy.DefaultLoggerName, log: &caddy.CustomLog{Level: zap.DebugLevel.CapitalString()}, }) } @@ -299,11 +299,11 @@ func (st ServerType) Setup(inputServerBlocks []caddyfile.ServerBlock, // most users seem to prefer not writing access logs // to the default log when they are directed to a // file or have any other special customization - if ncl.name != "default" && len(ncl.log.Include) > 0 { - defaultLog, ok := cfg.Logging.Logs["default"] + if ncl.name != caddy.DefaultLoggerName && len(ncl.log.Include) > 0 { + defaultLog, ok := cfg.Logging.Logs[caddy.DefaultLoggerName] if !ok { defaultLog = new(caddy.CustomLog) - cfg.Logging.Logs["default"] = defaultLog + cfg.Logging.Logs[caddy.DefaultLoggerName] = defaultLog } defaultLog.Exclude = append(defaultLog.Exclude, ncl.log.Include...) } @@ -518,15 +518,6 @@ func (st *ServerType) serversFromPairings( var hasCatchAllTLSConnPolicy, addressQualifiesForTLS bool autoHTTPSWillAddConnPolicy := autoHTTPS != "off" - // if a catch-all server block (one which accepts all hostnames) exists in this pairing, - // we need to know that so that we can configure logs properly (see #3878) - var catchAllSblockExists bool - for _, sblock := range p.serverBlocks { - if len(sblock.hostsFromKeys(false)) == 0 { - catchAllSblockExists = true - } - } - // if needed, the ServerLogConfig is initialized beforehand so // that all server blocks can populate it with data, even when not // coming with a log directive @@ -658,18 +649,10 @@ func (st *ServerType) serversFromPairings( } else { // map each host to the user's desired logger name for _, h := range sblockLogHosts { - // if the custom logger name is non-empty, add it to the map; - // otherwise, only map to an empty logger name if this or - // another site block on this server has a catch-all host (in - // which case only requests with mapped hostnames will be - // access-logged, so it'll be necessary to add them to the - // map even if they use default logger) - if ncl.name != "" || catchAllSblockExists { - if srv.Logs.LoggerNames == nil { - srv.Logs.LoggerNames = make(map[string]string) - } - srv.Logs.LoggerNames[h] = ncl.name + if srv.Logs.LoggerNames == nil { + srv.Logs.LoggerNames = make(map[string]string) } + srv.Logs.LoggerNames[h] = ncl.name } } } diff --git a/caddytest/integration/caddyfile_adapt/log_skip_hosts.txt b/caddytest/integration/caddyfile_adapt/log_skip_hosts.txt index 6fbd85a8..25e4bd1c 100644 --- a/caddytest/integration/caddyfile_adapt/log_skip_hosts.txt +++ b/caddytest/integration/caddyfile_adapt/log_skip_hosts.txt @@ -62,6 +62,9 @@ example.com { } ], "logs": { + "logger_names": { + "one.example.com": "" + }, "skip_hosts": [ "three.example.com", "two.example.com", diff --git a/logging.go b/logging.go index 5f8ea06a..c00c8315 100644 --- a/logging.go +++ b/logging.go @@ -105,7 +105,7 @@ func (logging *Logging) openLogs(ctx Context) error { // then set up any other custom logs for name, l := range logging.Logs { // the default log is already set up - if name == "default" { + if name == DefaultLoggerName { continue } @@ -138,7 +138,7 @@ func (logging *Logging) setupNewDefault(ctx Context) error { // extract the user-defined default log, if any newDefault := new(defaultCustomLog) - if userDefault, ok := logging.Logs["default"]; ok { + if userDefault, ok := logging.Logs[DefaultLoggerName]; ok { newDefault.CustomLog = userDefault } else { // if none, make one with our own default settings @@ -147,7 +147,7 @@ func (logging *Logging) setupNewDefault(ctx Context) error { if err != nil { return fmt.Errorf("setting up default Caddy log: %v", err) } - logging.Logs["default"] = newDefault.CustomLog + logging.Logs[DefaultLoggerName] = newDefault.CustomLog } // set up this new log @@ -702,6 +702,8 @@ var ( var writers = NewUsagePool() +const DefaultLoggerName = "default" + // Interface guards var ( _ io.WriteCloser = (*notClosable)(nil) diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index 4d47d266..60fc3c38 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -639,21 +639,18 @@ func (s *Server) shouldLogRequest(r *http.Request) bool { // logging is disabled return false } + if _, ok := s.Logs.LoggerNames[r.Host]; ok { + // this host is mapped to a particular logger name + return true + } for _, dh := range s.Logs.SkipHosts { // logging for this particular host is disabled if certmagic.MatchWildcard(r.Host, dh) { return false } } - if _, ok := s.Logs.LoggerNames[r.Host]; ok { - // this host is mapped to a particular logger name - return true - } - if s.Logs.SkipUnmappedHosts { - // this host is not mapped and thus must not be logged - return false - } - return true + // if configured, this host is not mapped and thus must not be logged + return !s.Logs.SkipUnmappedHosts } // protocol returns true if the protocol proto is configured/enabled. From ed118f2b0900e6416ef202afb0f79caeae4fddcb Mon Sep 17 00:00:00 2001 From: Ioannis Cherouvim <743305+cherouvim@users.noreply.github.com> Date: Wed, 5 Oct 2022 21:36:06 +0300 Subject: [PATCH 0847/1498] Fix typo in comment (#5121) --- context.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/context.go b/context.go index e55e40ce..330bfa6f 100644 --- a/context.go +++ b/context.go @@ -448,7 +448,7 @@ func (ctx Context) Storage() certmagic.Storage { // different module; it panics if more than 1 value is passed in. // // Originally, this method's signature was `Logger(mod Module)`, -// requiring that an instance of a Caddy module be passsed in. +// requiring that an instance of a Caddy module be passed in. // However, that is no longer necessary, as the closest module // most recently associated with the context will be automatically // assumed. To prevent a sudden breaking change, this method's From 498f32bab96ba00e1a7d04c6bc8b367c97d8a335 Mon Sep 17 00:00:00 2001 From: Cory Cooper Date: Wed, 5 Oct 2022 21:34:49 -0700 Subject: [PATCH 0848/1498] caddyconfig: Implement retries into HTTPLoader (#5077) * httploader: Add max_retries * caddyconfig: dependency-free http config loading retries * caddyconfig: support `retry_delay` in http loader * httploader: Implement retries * Apply suggestions from code review Co-authored-by: Matt Holt Co-authored-by: Matt Holt --- caddyconfig/httploader.go | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/caddyconfig/httploader.go b/caddyconfig/httploader.go index 80eab446..f1992199 100644 --- a/caddyconfig/httploader.go +++ b/caddyconfig/httploader.go @@ -94,7 +94,7 @@ func (hl HTTPLoader) LoadConfig(ctx caddy.Context) ([]byte, error) { } } - resp, err := client.Do(req) + resp, err := doHttpCallWithRetries(ctx, client, req) if err != nil { return nil, err } @@ -119,6 +119,37 @@ func (hl HTTPLoader) LoadConfig(ctx caddy.Context) ([]byte, error) { return result, nil } +func attemptHttpCall(client *http.Client, request *http.Request) (*http.Response, error) { + resp, err := client.Do(request) + if err != nil { + return nil, fmt.Errorf("problem calling http loader url: %v", err) + } else if resp.StatusCode < 200 || resp.StatusCode > 499 { + return nil, fmt.Errorf("bad response status code from http loader url: %v", resp.StatusCode) + } + return resp, nil +} + +func doHttpCallWithRetries(ctx caddy.Context, client *http.Client, request *http.Request) (*http.Response, error) { + var resp *http.Response + var err error + const maxAttempts = 10 + + // attempt up to 10 times + for i := 0; i < maxAttempts; i++ { + resp, err = attemptHttpCall(client, request) + if err != nil && i < maxAttempts-1 { + // wait 500ms before reattempting, or until context is done + select { + case <-time.After(time.Millisecond * 500): + case <-ctx.Done(): + return resp, ctx.Err() + } + } + } + + return resp, err +} + func (hl HTTPLoader) makeClient(ctx caddy.Context) (*http.Client, error) { client := &http.Client{ Timeout: time.Duration(hl.Timeout), From d46ba2e27fca841c289629fcc5ecf86b7f47d1f9 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Thu, 6 Oct 2022 21:40:08 -0400 Subject: [PATCH 0849/1498] httpcaddyfile: Fix `metrics` global option parsing (#5126) --- caddyconfig/httpcaddyfile/serveroptions.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/caddyconfig/httpcaddyfile/serveroptions.go b/caddyconfig/httpcaddyfile/serveroptions.go index 8ab8969d..3e206c87 100644 --- a/caddyconfig/httpcaddyfile/serveroptions.go +++ b/caddyconfig/httpcaddyfile/serveroptions.go @@ -180,7 +180,7 @@ func unmarshalCaddyfileServerOptions(d *caddyfile.Dispenser) (any, error) { if d.NextArg() { return nil, d.ArgErr() } - if d.NextBlock(0) { + if nesting := d.Nesting(); d.NextBlock(nesting) { return nil, d.ArgErr() } serverOpts.Metrics = new(caddyhttp.Metrics) From b4e28af953aa02fb44f88c155956488b1f473348 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Dunglas?= Date: Fri, 7 Oct 2022 11:54:41 +0200 Subject: [PATCH 0850/1498] replacer: working directory global placeholder (#5127) --- replacer.go | 4 ++++ replacer_test.go | 5 +++++ 2 files changed, 9 insertions(+) diff --git a/replacer.go b/replacer.go index 57979205..7f97f347 100644 --- a/replacer.go +++ b/replacer.go @@ -308,6 +308,10 @@ func globalDefaultReplacements(key string) (any, bool) { return string(filepath.Separator), true case "system.os": return runtime.GOOS, true + case "system.wd": + // OK if there is an error; just return empty string + wd, _ := os.Getwd() + return wd, true case "system.arch": return runtime.GOARCH, true case "time.now": diff --git a/replacer_test.go b/replacer_test.go index 09b41c29..41ada7d6 100644 --- a/replacer_test.go +++ b/replacer_test.go @@ -372,6 +372,7 @@ func TestReplacerNew(t *testing.T) { } else { // test if default global replacements are added as the first provider hostname, _ := os.Hostname() + wd, _ := os.Getwd() os.Setenv("CADDY_REPLACER_TEST", "envtest") defer os.Setenv("CADDY_REPLACER_TEST", "") @@ -395,6 +396,10 @@ func TestReplacerNew(t *testing.T) { variable: "system.arch", value: runtime.GOARCH, }, + { + variable: "system.wd", + value: wd, + }, { variable: "env.CADDY_REPLACER_TEST", value: "envtest", From 33f60da9f2d6edc5de550275f043c4262d23f6ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Abdussamet=20Ko=C3=A7ak?= Date: Sat, 8 Oct 2022 21:56:35 +0300 Subject: [PATCH 0851/1498] fileserver: stop listing dir when request context is cancelled (#5131) Prevents caddy from performing disk IO needlessly when the request is cancelled before the listing is finished. Closes #5129 --- modules/caddyhttp/fileserver/browse.go | 7 ++++--- modules/caddyhttp/fileserver/browsetplcontext.go | 7 ++++++- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/modules/caddyhttp/fileserver/browse.go b/modules/caddyhttp/fileserver/browse.go index 6a72e155..a8f5e8ab 100644 --- a/modules/caddyhttp/fileserver/browse.go +++ b/modules/caddyhttp/fileserver/browse.go @@ -16,6 +16,7 @@ package fileserver import ( "bytes" + "context" _ "embed" "encoding/json" "fmt" @@ -82,7 +83,7 @@ func (fsrv *FileServer) serveBrowse(root, dirPath string, w http.ResponseWriter, repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) // calling path.Clean here prevents weird breadcrumbs when URL paths are sketchy like /%2e%2e%2f - listing, err := fsrv.loadDirectoryContents(dir.(fs.ReadDirFile), root, path.Clean(r.URL.Path), repl) + listing, err := fsrv.loadDirectoryContents(r.Context(), dir.(fs.ReadDirFile), root, path.Clean(r.URL.Path), repl) switch { case os.IsPermission(err): return caddyhttp.Error(http.StatusForbidden, err) @@ -136,7 +137,7 @@ func (fsrv *FileServer) serveBrowse(root, dirPath string, w http.ResponseWriter, return nil } -func (fsrv *FileServer) loadDirectoryContents(dir fs.ReadDirFile, root, urlPath string, repl *caddy.Replacer) (browseTemplateContext, error) { +func (fsrv *FileServer) loadDirectoryContents(ctx context.Context, dir fs.ReadDirFile, root, urlPath string, repl *caddy.Replacer) (browseTemplateContext, error) { files, err := dir.ReadDir(10000) // TODO: this limit should probably be configurable if err != nil && err != io.EOF { return browseTemplateContext{}, err @@ -145,7 +146,7 @@ func (fsrv *FileServer) loadDirectoryContents(dir fs.ReadDirFile, root, urlPath // user can presumably browse "up" to parent folder if path is longer than "/" canGoUp := len(urlPath) > 1 - return fsrv.directoryListing(files, canGoUp, root, urlPath, repl), nil + return fsrv.directoryListing(ctx, files, canGoUp, root, urlPath, repl), nil } // browseApplyQueryParams applies query parameters to the listing. diff --git a/modules/caddyhttp/fileserver/browsetplcontext.go b/modules/caddyhttp/fileserver/browsetplcontext.go index cd24fc23..172fa505 100644 --- a/modules/caddyhttp/fileserver/browsetplcontext.go +++ b/modules/caddyhttp/fileserver/browsetplcontext.go @@ -15,6 +15,7 @@ package fileserver import ( + "context" "io/fs" "net/url" "os" @@ -30,13 +31,17 @@ import ( "go.uber.org/zap" ) -func (fsrv *FileServer) directoryListing(entries []fs.DirEntry, canGoUp bool, root, urlPath string, repl *caddy.Replacer) browseTemplateContext { +func (fsrv *FileServer) directoryListing(ctx context.Context, entries []fs.DirEntry, canGoUp bool, root, urlPath string, repl *caddy.Replacer) browseTemplateContext { filesToHide := fsrv.transformHidePaths(repl) var dirCount, fileCount int fileInfos := []fileInfo{} for _, entry := range entries { + if err := ctx.Err(); err != nil { + break + } + name := entry.Name() if fileHidden(name, filesToHide) { From 3e1fd2a8d4d1463574033fbbdf5c27a693f9a86c Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Wed, 12 Oct 2022 09:27:08 -0600 Subject: [PATCH 0852/1498] httpcaddyfile: Wrap site block in subroute if host matcher used (#5130) * httpcaddyfile: Wrap site block in subroute if host matcher used (fix #5124) * Correct boolean logic (oops) --- caddyconfig/httpcaddyfile/httptype.go | 32 +++- .../global_server_options_multi.txt | 8 +- .../caddyfile_adapt/php_fastcgi_matcher.txt | 157 ++++++++++-------- modules/caddyhttp/app.go | 2 +- 4 files changed, 117 insertions(+), 82 deletions(-) diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index c220c066..77f990b9 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -907,11 +907,32 @@ func appendSubrouteToRouteList(routeList caddyhttp.RouteList, return routeList } + // No need to wrap the handlers in a subroute if this is the only server block + // and there is no matcher for it (doing so would produce unnecessarily nested + // JSON), *unless* there is a host matcher within this site block; if so, then + // we still need to wrap in a subroute because otherwise the host matcher from + // the inside of the site block would be a top-level host matcher, which is + // subject to auto-HTTPS (cert management), and using a host matcher within + // a site block is a valid, common pattern for excluding domains from cert + // management, leading to unexpected behavior; see issue #5124. + wrapInSubroute := true if len(matcherSetsEnc) == 0 && len(p.serverBlocks) == 1 { - // no need to wrap the handlers in a subroute if this is - // the only server block and there is no matcher for it - routeList = append(routeList, subroute.Routes...) - } else { + var hasHostMatcher bool + outer: + for _, route := range subroute.Routes { + for _, ms := range route.MatcherSetsRaw { + for matcherName := range ms { + if matcherName == "host" { + hasHostMatcher = true + break outer + } + } + } + } + wrapInSubroute = hasHostMatcher + } + + if wrapInSubroute { route := caddyhttp.Route{ // the semantics of a site block in the Caddyfile dictate // that only the first matching one is evaluated, since @@ -929,7 +950,10 @@ func appendSubrouteToRouteList(routeList caddyhttp.RouteList, if len(route.MatcherSetsRaw) > 0 || len(route.HandlersRaw) > 0 { routeList = append(routeList, route) } + } else { + routeList = append(routeList, subroute.Routes...) } + return routeList } diff --git a/caddytest/integration/caddyfile_adapt/global_server_options_multi.txt b/caddytest/integration/caddyfile_adapt/global_server_options_multi.txt index c01173b4..ca5306fd 100644 --- a/caddytest/integration/caddyfile_adapt/global_server_options_multi.txt +++ b/caddytest/integration/caddyfile_adapt/global_server_options_multi.txt @@ -3,9 +3,7 @@ timeouts { idle 90s } - protocol { - strict_sni_host insecure_off - } + strict_sni_host insecure_off } servers :80 { timeouts { @@ -16,9 +14,7 @@ timeouts { idle 30s } - protocol { - strict_sni_host - } + strict_sni_host } } diff --git a/caddytest/integration/caddyfile_adapt/php_fastcgi_matcher.txt b/caddytest/integration/caddyfile_adapt/php_fastcgi_matcher.txt index d90b2cb4..e5b331e3 100644 --- a/caddytest/integration/caddyfile_adapt/php_fastcgi_matcher.txt +++ b/caddytest/integration/caddyfile_adapt/php_fastcgi_matcher.txt @@ -1,7 +1,12 @@ :8884 -@api host example.com -php_fastcgi @api localhost:9000 +# the use of a host matcher here should cause this +# site block to be wrapped in a subroute, even though +# the site block does not have a hostname; this is +# to prevent auto-HTTPS from picking up on this host +# matcher because it is not a key on the site block +@test host example.com +php_fastcgi @test localhost:9000 ---------- { "apps": { @@ -13,13 +18,6 @@ php_fastcgi @api localhost:9000 ], "routes": [ { - "match": [ - { - "host": [ - "example.com" - ] - } - ], "handle": [ { "handler": "subroute", @@ -27,82 +25,99 @@ php_fastcgi @api localhost:9000 { "handle": [ { - "handler": "static_response", - "headers": { - "Location": [ - "{http.request.orig_uri.path}/" - ] - }, - "status_code": 308 - } - ], - "match": [ - { - "file": { - "try_files": [ - "{http.request.uri.path}/index.php" - ] - }, - "not": [ + "handler": "subroute", + "routes": [ { - "path": [ - "*/" + "handle": [ + { + "handler": "static_response", + "headers": { + "Location": [ + "{http.request.orig_uri.path}/" + ] + }, + "status_code": 308 + } + ], + "match": [ + { + "file": { + "try_files": [ + "{http.request.uri.path}/index.php" + ] + }, + "not": [ + { + "path": [ + "*/" + ] + } + ] + } + ] + }, + { + "handle": [ + { + "handler": "rewrite", + "uri": "{http.matchers.file.relative}" + } + ], + "match": [ + { + "file": { + "split_path": [ + ".php" + ], + "try_files": [ + "{http.request.uri.path}", + "{http.request.uri.path}/index.php", + "index.php" + ] + } + } + ] + }, + { + "handle": [ + { + "handler": "reverse_proxy", + "transport": { + "protocol": "fastcgi", + "split_path": [ + ".php" + ] + }, + "upstreams": [ + { + "dial": "localhost:9000" + } + ] + } + ], + "match": [ + { + "path": [ + "*.php" + ] + } ] } ] } - ] - }, - { - "handle": [ - { - "handler": "rewrite", - "uri": "{http.matchers.file.relative}" - } ], "match": [ { - "file": { - "split_path": [ - ".php" - ], - "try_files": [ - "{http.request.uri.path}", - "{http.request.uri.path}/index.php", - "index.php" - ] - } - } - ] - }, - { - "handle": [ - { - "handler": "reverse_proxy", - "transport": { - "protocol": "fastcgi", - "split_path": [ - ".php" - ] - }, - "upstreams": [ - { - "dial": "localhost:9000" - } - ] - } - ], - "match": [ - { - "path": [ - "*.php" + "host": [ + "example.com" ] } ] } ] } - ] + ], + "terminal": true } ] } diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go index 33d96d86..0943b32d 100644 --- a/modules/caddyhttp/app.go +++ b/modules/caddyhttp/app.go @@ -66,7 +66,7 @@ func init() { // `{http.request.orig_uri}` | The request's original URI // `{http.request.port}` | The port part of the request's Host header // `{http.request.proto}` | The protocol of the request -// `{http.request.remote.host}` | The host part of the remote client's address +// `{http.request.remote.host}` | The host (IP) part of the remote client's address // `{http.request.remote.port}` | The port part of the remote client's address // `{http.request.remote}` | The address of the remote client // `{http.request.scheme}` | The request scheme From 6bad878a22e048762262d6fabe2144cefaf4ca81 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Thu, 13 Oct 2022 11:30:57 -0600 Subject: [PATCH 0853/1498] httpcaddyfile: Improve detection of indistinguishable TLS automation policies (#5120) * httpcaddyfile: Skip some logic if auto_https off * Try removing this check altogether... * Refine test timeouts slightly, sigh * caddyhttp: Assume udp for unrecognized network type Seems like the reasonable thing to do if a plugin registers its own network type. * Add comment to document my lack of knowledge * Clean up and prepare to merge Add comments to try to explain what happened --- caddyconfig/httpcaddyfile/tlsapp.go | 88 +++++++++++----------- caddytest/integration/reverseproxy_test.go | 4 +- go.mod | 6 +- go.sum | 12 +-- modules/caddyhttp/server.go | 4 +- 5 files changed, 56 insertions(+), 58 deletions(-) diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index 240cb02d..3d32b4f7 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -44,41 +44,32 @@ func (st ServerType) buildTLSApp( if hp, ok := options["http_port"].(int); ok { httpPort = strconv.Itoa(hp) } - httpsPort := strconv.Itoa(caddyhttp.DefaultHTTPSPort) - if hsp, ok := options["https_port"].(int); ok { - httpsPort = strconv.Itoa(hsp) - } autoHTTPS := "on" if ah, ok := options["auto_https"].(string); ok { autoHTTPS = ah } - // count how many server blocks have a TLS-enabled key with - // no host, and find all hosts that share a server block with - // a hostless key, so that they don't get forgotten/omitted - // by auto-HTTPS (since they won't appear in route matchers) - var serverBlocksWithTLSHostlessKey int + // find all hosts that share a server block with a hostless + // key, so that they don't get forgotten/omitted by auto-HTTPS + // (since they won't appear in route matchers) httpsHostsSharedWithHostlessKey := make(map[string]struct{}) - for _, pair := range pairings { - for _, sb := range pair.serverBlocks { - for _, addr := range sb.keys { - if addr.Host == "" { - // this address has no hostname, but if it's explicitly set - // to HTTPS, then we need to count it as being TLS-enabled - if addr.Scheme == "https" || addr.Port == httpsPort { - serverBlocksWithTLSHostlessKey++ - } - // this server block has a hostless key, now - // go through and add all the hosts to the set - for _, otherAddr := range sb.keys { - if otherAddr.Original == addr.Original { - continue - } - if otherAddr.Host != "" && otherAddr.Scheme != "http" && otherAddr.Port != httpPort { - httpsHostsSharedWithHostlessKey[otherAddr.Host] = struct{}{} + if autoHTTPS != "off" { + for _, pair := range pairings { + for _, sb := range pair.serverBlocks { + for _, addr := range sb.keys { + if addr.Host == "" { + // this server block has a hostless key, now + // go through and add all the hosts to the set + for _, otherAddr := range sb.keys { + if otherAddr.Original == addr.Original { + continue + } + if otherAddr.Host != "" && otherAddr.Scheme != "http" && otherAddr.Port != httpPort { + httpsHostsSharedWithHostlessKey[otherAddr.Host] = struct{}{} + } } + break } - break } } } @@ -138,6 +129,19 @@ func (st ServerType) buildTLSApp( issuers = append(issuers, issuerVal.Value.(certmagic.Issuer)) } if ap == catchAllAP && !reflect.DeepEqual(ap.Issuers, issuers) { + // this more correctly implements an error check that was removed + // below; try it with this config: + // + // :443 { + // bind 127.0.0.1 + // } + // + // :443 { + // bind ::1 + // tls { + // issuer acme + // } + // } return nil, warnings, fmt.Errorf("automation policy from site block is also default/catch-all policy because of key without hostname, and the two are in conflict: %#v != %#v", ap.Issuers, issuers) } ap.Issuers = issuers @@ -180,29 +184,25 @@ func (st ServerType) buildTLSApp( } } - // first make sure this block is allowed to create an automation policy; - // doing so is forbidden if it has a key with no host (i.e. ":443") + // we used to ensure this block is allowed to create an automation policy; + // doing so was forbidden if it has a key with no host (i.e. ":443") // and if there is a different server block that also has a key with no // host -- since a key with no host matches any host, we need its // associated automation policy to have an empty Subjects list, i.e. no // host filter, which is indistinguishable between the two server blocks // because automation is not done in the context of a particular server... // this is an example of a poor mapping from Caddyfile to JSON but that's - // the least-leaky abstraction I could figure out - if len(sblockHosts) == 0 { - if serverBlocksWithTLSHostlessKey > 1 { - // this server block and at least one other has a key with no host, - // making the two indistinguishable; it is misleading to define such - // a policy within one server block since it actually will apply to - // others as well - return nil, warnings, fmt.Errorf("cannot make a TLS automation policy from a server block that has a host-less address when there are other TLS-enabled server block addresses lacking a host") - } - if catchAllAP == nil { - // this server block has a key with no hosts, but there is not yet - // a catch-all automation policy (probably because no global options - // were set), so this one becomes it - catchAllAP = ap - } + // the least-leaky abstraction I could figure out -- however, this check + // was preventing certain listeners, like those provided by plugins, from + // being used as desired (see the Tailscale listener plugin), so I removed + // the check: and I think since I originally wrote the check I added a new + // check above which *properly* detects this ambiguity without breaking the + // listener plugin; see the check above with a commented example config + if len(sblockHosts) == 0 && catchAllAP == nil { + // this server block has a key with no hosts, but there is not yet + // a catch-all automation policy (probably because no global options + // were set), so this one becomes it + catchAllAP = ap } // associate our new automation policy with this server block's hosts diff --git a/caddytest/integration/reverseproxy_test.go b/caddytest/integration/reverseproxy_test.go index 049c7fd2..f7b19672 100644 --- a/caddytest/integration/reverseproxy_test.go +++ b/caddytest/integration/reverseproxy_test.go @@ -436,8 +436,8 @@ func TestReverseProxyHealthCheck(t *testing.T) { health_uri /health health_port 2021 - health_interval 2s - health_timeout 5s + health_interval 10ms + health_timeout 100ms } } `, "caddyfile") diff --git a/go.mod b/go.mod index afcd268b..0c7a3766 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/google/uuid v1.3.0 github.com/klauspost/compress v1.15.11 github.com/klauspost/cpuid/v2 v2.1.1 - github.com/lucas-clemente/quic-go v0.29.1 + github.com/lucas-clemente/quic-go v0.29.2 github.com/mholt/acmez v1.0.4 github.com/prometheus/client_golang v1.12.2 github.com/smallstep/certificates v0.22.1 @@ -87,8 +87,8 @@ require ( github.com/libdns/libdns v0.2.1 // indirect github.com/manifoldco/promptui v0.9.0 // indirect github.com/marten-seemann/qpack v0.2.1 // indirect - github.com/marten-seemann/qtls-go1-18 v0.1.2 // indirect - github.com/marten-seemann/qtls-go1-19 v0.1.0 // indirect + github.com/marten-seemann/qtls-go1-18 v0.1.3 // indirect + github.com/marten-seemann/qtls-go1-19 v0.1.1 // indirect github.com/mattn/go-colorable v0.1.8 // indirect github.com/mattn/go-isatty v0.0.13 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect diff --git a/go.sum b/go.sum index 1ca18c9d..ddad26b4 100644 --- a/go.sum +++ b/go.sum @@ -423,18 +423,18 @@ github.com/libdns/libdns v0.2.1 h1:Wu59T7wSHRgtA0cfxC+n1c/e+O3upJGWytknkmFEDis= github.com/libdns/libdns v0.2.1/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40= github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= -github.com/lucas-clemente/quic-go v0.29.1 h1:Z+WMJ++qMLhvpFkRZA+jl3BTxUjm415YBmWanXB8zP0= -github.com/lucas-clemente/quic-go v0.29.1/go.mod h1:CTcNfLYJS2UuRNB+zcNlgvkjBhxX6Hm3WUxxAQx2mgE= +github.com/lucas-clemente/quic-go v0.29.2 h1:O8Mt0O6LpvEW+wfC40vZdcw0DngwYzoxq5xULZNzSI8= +github.com/lucas-clemente/quic-go v0.29.2/go.mod h1:g6/h9YMmLuU54tL1gW25uIi3VlBp3uv+sBihplIuskE= github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/manifoldco/promptui v0.9.0 h1:3V4HzJk1TtXW1MTZMP7mdlwbBpIinw3HztaIlYthEiA= github.com/manifoldco/promptui v0.9.0/go.mod h1:ka04sppxSGFAtxX0qhlYQjISsg9mR4GWtQEhdbn6Pgg= github.com/marten-seemann/qpack v0.2.1 h1:jvTsT/HpCn2UZJdP+UUB53FfUUgeOyG5K1ns0OJOGVs= github.com/marten-seemann/qpack v0.2.1/go.mod h1:F7Gl5L1jIgN1D11ucXefiuJS9UMVP2opoCp2jDKb7wc= -github.com/marten-seemann/qtls-go1-18 v0.1.2 h1:JH6jmzbduz0ITVQ7ShevK10Av5+jBEKAHMntXmIV7kM= -github.com/marten-seemann/qtls-go1-18 v0.1.2/go.mod h1:mJttiymBAByA49mhlNZZGrH5u1uXYZJ+RW28Py7f4m4= -github.com/marten-seemann/qtls-go1-19 v0.1.0 h1:rLFKD/9mp/uq1SYGYuVZhm83wkmU95pK5df3GufyYYU= -github.com/marten-seemann/qtls-go1-19 v0.1.0/go.mod h1:5HTDWtVudo/WFsHKRNuOhWlbdjrfs5JHrYb0wIJqGpI= +github.com/marten-seemann/qtls-go1-18 v0.1.3 h1:R4H2Ks8P6pAtUagjFty2p7BVHn3XiwDAl7TTQf5h7TI= +github.com/marten-seemann/qtls-go1-18 v0.1.3/go.mod h1:mJttiymBAByA49mhlNZZGrH5u1uXYZJ+RW28Py7f4m4= +github.com/marten-seemann/qtls-go1-19 v0.1.1 h1:mnbxeq3oEyQxQXwI4ReCgW9DPoPR94sNlqWoDZnjRIE= +github.com/marten-seemann/qtls-go1-19 v0.1.1/go.mod h1:5HTDWtVudo/WFsHKRNuOhWlbdjrfs5JHrYb0wIJqGpI= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index 60fc3c38..7a244d2c 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -500,14 +500,12 @@ func (s *Server) serveHTTP3(addr caddy.NetworkAddress, tlsCfg *tls.Config) error switch addr.Network { case "unix": addr.Network = "unixgram" - case "tcp": - addr.Network = "udp" case "tcp4": addr.Network = "udp4" case "tcp6": addr.Network = "udp6" default: - return fmt.Errorf("unsure what network to use for HTTP/3 given network type: %s", addr.Network) + addr.Network = "udp" // TODO: Maybe a better default is to not enable HTTP/3 if we do not know the network? } lnAny, err := addr.Listen(s.ctx, 0, net.ListenConfig{}) From 1cd594963eb54b011764e1172b18aabd3bde90d3 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Sun, 16 Oct 2022 12:25:44 -0400 Subject: [PATCH 0854/1498] docs: Fix templates documentation, stray newline breaks godoc (#5149) --- modules/caddyhttp/templates/templates.go | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/caddyhttp/templates/templates.go b/modules/caddyhttp/templates/templates.go index 29d16507..e32e1c3a 100644 --- a/modules/caddyhttp/templates/templates.go +++ b/modules/caddyhttp/templates/templates.go @@ -268,7 +268,6 @@ func init() { // {{humanize "time" "Fri, 05 May 2022 15:04:05 +0200"}} // {{humanize "time:2006-Jan-02" "2022-May-05"}} // ``` - type Templates struct { // The root path from which to load files. Required if template functions // accessing the file system are used (such as include). Default is From a999b707276dbcc9a5424c90c084923e303e5d89 Mon Sep 17 00:00:00 2001 From: BakaFT Date: Mon, 17 Oct 2022 16:51:41 +0800 Subject: [PATCH 0855/1498] cmd: Add missing `\n` to HelpTemplate (#5151) --- cmd/cobra.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/cobra.go b/cmd/cobra.go index d2a546ca..8da99aee 100644 --- a/cmd/cobra.go +++ b/cmd/cobra.go @@ -101,7 +101,7 @@ const fullDocsFooter = `Full documentation is available at: https://caddyserver.com/docs/command-line` func init() { - rootCmd.SetHelpTemplate(rootCmd.HelpTemplate() + "\n" + fullDocsFooter) + rootCmd.SetHelpTemplate(rootCmd.HelpTemplate() + "\n" + fullDocsFooter + "\n") } func caddyCmdToCoral(caddyCmd Command) *cobra.Command { From 72e7edda1f79f36dad1f0aa60a3603e3f4f44412 Mon Sep 17 00:00:00 2001 From: Scott Mebberson <74628+smebberson@users.noreply.github.com> Date: Wed, 19 Oct 2022 10:44:53 +1030 Subject: [PATCH 0856/1498] map: Clarified how destination values should be formatted (#5156) --- modules/caddyhttp/map/map.go | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/caddyhttp/map/map.go b/modules/caddyhttp/map/map.go index fbd1e405..336f2572 100644 --- a/modules/caddyhttp/map/map.go +++ b/modules/caddyhttp/map/map.go @@ -40,6 +40,7 @@ type Handler struct { Source string `json:"source,omitempty"` // Destinations are the names of placeholders in which to store the outputs. + // Destination values should be wrapped in braces, for example, {my_placeholder}. Destinations []string `json:"destinations,omitempty"` // Mappings from source values (inputs) to destination values (outputs). From 4bf6cb41990e16b1d99015aea080d06d7ef1152d Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Tue, 18 Oct 2022 21:55:25 -0600 Subject: [PATCH 0857/1498] fileserver: Reject ADS and short name paths; trim trailing dots and spaces on Windows (#5148) * fileserver: Reject ADS and short name paths * caddyhttp: Trim trailing space and dot on Windows Windows ignores trailing dots and spaces in filenames. * Fix test * Adjust path filters * Revert Windows test * Actually revert the test * Just check for colons --- modules/caddyhttp/caddyhttp_test.go | 2 +- modules/caddyhttp/fileserver/staticfiles.go | 14 ++++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/modules/caddyhttp/caddyhttp_test.go b/modules/caddyhttp/caddyhttp_test.go index 1bca4d60..a14de781 100644 --- a/modules/caddyhttp/caddyhttp_test.go +++ b/modules/caddyhttp/caddyhttp_test.go @@ -87,7 +87,7 @@ func TestSanitizedPathJoin(t *testing.T) { } actual := SanitizedPathJoin(tc.inputRoot, u.Path) if actual != tc.expect { - t.Errorf("Test %d: SanitizedPathJoin('%s', '%s') => %s (expected '%s')", + t.Errorf("Test %d: SanitizedPathJoin('%s', '%s') => '%s' (expected '%s')", i, tc.inputRoot, tc.inputPath, actual, tc.expect) } } diff --git a/modules/caddyhttp/fileserver/staticfiles.go b/modules/caddyhttp/fileserver/staticfiles.go index 04728ce4..fe1a4fc9 100644 --- a/modules/caddyhttp/fileserver/staticfiles.go +++ b/modules/caddyhttp/fileserver/staticfiles.go @@ -26,6 +26,7 @@ import ( "os" "path" "path/filepath" + "runtime" "strconv" "strings" "time" @@ -232,6 +233,19 @@ func (fsrv *FileServer) Provision(ctx caddy.Context) error { func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhttp.Handler) error { repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) + if runtime.GOOS == "windows" { + // reject paths with Alternate Data Streams (ADS) + if strings.Contains(r.URL.Path, ":") { + return caddyhttp.Error(http.StatusBadRequest, fmt.Errorf("illegal ADS path")) + } + // reject paths with "8.3" short names + trimmedPath := strings.TrimRight(r.URL.Path, ". ") // Windows ignores trailing dots and spaces, sigh + if len(path.Base(trimmedPath)) <= 12 && strings.Contains(trimmedPath, "~") { + return caddyhttp.Error(http.StatusBadRequest, fmt.Errorf("illegal short name")) + } + // both of those could bypass file hiding or possibly leak information even if the file is not hidden + } + filesToHide := fsrv.transformHidePaths(repl) root := repl.ReplaceAll(fsrv.Root, ".") From a3ae146cbdf2cfbdbdf5feea52e8bf407cce2b31 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Mon, 24 Oct 2022 10:23:57 -0600 Subject: [PATCH 0858/1498] fileserver: Reject non-GET/HEAD requests (close #5166) (#5167) * fileserver: Reject non-GET/HEAD requests (close #5166) * Set Allow header according to RFC 9110 10.2.1 --- modules/caddyhttp/fileserver/staticfiles.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/modules/caddyhttp/fileserver/staticfiles.go b/modules/caddyhttp/fileserver/staticfiles.go index fe1a4fc9..c0fde660 100644 --- a/modules/caddyhttp/fileserver/staticfiles.go +++ b/modules/caddyhttp/fileserver/staticfiles.go @@ -410,6 +410,14 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c etag = calculateEtag(info) } + // at this point, we're serving a file; Go std lib supports only + // GET and HEAD, which is sensible for a static file server - reject + // any other methods (see issue #5166) + if r.Method != http.MethodGet && r.Method != http.MethodHead { + w.Header().Add("Allow", "GET, HEAD") + return caddyhttp.Error(http.StatusMethodNotAllowed, nil) + } + // set the Etag - note that a conditional If-None-Match request is handled // by http.ServeContent below, which checks against this Etag value w.Header().Set("Etag", etag) From ed503118dd8bd2dda2e780bdf7a0ada74338a462 Mon Sep 17 00:00:00 2001 From: XYenon Date: Tue, 25 Oct 2022 01:57:50 +0800 Subject: [PATCH 0859/1498] caddyhttp: add placeholder {http.request.orig_uri.path.*} (#5161) --- modules/caddyhttp/replacer.go | 38 +++++++++++++++++++++++++++-------- 1 file changed, 30 insertions(+), 8 deletions(-) diff --git a/modules/caddyhttp/replacer.go b/modules/caddyhttp/replacer.go index 9ea5f772..e89c502b 100644 --- a/modules/caddyhttp/replacer.go +++ b/modules/caddyhttp/replacer.go @@ -266,6 +266,27 @@ func addHTTPVarsToReplacer(repl *caddy.Replacer, req *http.Request, w http.Respo return pathParts[idx], true } + // orig uri path parts + if strings.HasPrefix(key, reqOrigURIPathReplPrefix) { + idxStr := key[len(reqOrigURIPathReplPrefix):] + idx, err := strconv.Atoi(idxStr) + if err != nil { + return "", false + } + or, _ := req.Context().Value(OriginalRequestCtxKey).(http.Request) + pathParts := strings.Split(or.URL.Path, "/") + if len(pathParts) > 0 && pathParts[0] == "" { + pathParts = pathParts[1:] + } + if idx < 0 { + return "", false + } + if idx >= len(pathParts) { + return "", true + } + return pathParts[idx], true + } + // middleware variables if strings.HasPrefix(key, varsReplPrefix) { varName := key[len(varsReplPrefix):] @@ -471,12 +492,13 @@ func (rid *requestID) String() string { } const ( - reqCookieReplPrefix = "http.request.cookie." - reqHeaderReplPrefix = "http.request.header." - reqHostLabelsReplPrefix = "http.request.host.labels." - reqTLSReplPrefix = "http.request.tls." - reqURIPathReplPrefix = "http.request.uri.path." - reqURIQueryReplPrefix = "http.request.uri.query." - respHeaderReplPrefix = "http.response.header." - varsReplPrefix = "http.vars." + reqCookieReplPrefix = "http.request.cookie." + reqHeaderReplPrefix = "http.request.header." + reqHostLabelsReplPrefix = "http.request.host.labels." + reqTLSReplPrefix = "http.request.tls." + reqURIPathReplPrefix = "http.request.uri.path." + reqURIQueryReplPrefix = "http.request.uri.query." + respHeaderReplPrefix = "http.response.header." + varsReplPrefix = "http.vars." + reqOrigURIPathReplPrefix = "http.request.orig_uri.path." ) From bbe366316771ea23381a473a528e71a72a7148a5 Mon Sep 17 00:00:00 2001 From: Chris Lahaye Date: Mon, 24 Oct 2022 19:58:30 +0200 Subject: [PATCH 0860/1498] caddyconfig: Fix httploader leak from unused responses (#5159) fixes #5158 Signed-off-by: Chris Lahaye Signed-off-by: Chris Lahaye --- caddyconfig/httploader.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/caddyconfig/httploader.go b/caddyconfig/httploader.go index f1992199..04dec34f 100644 --- a/caddyconfig/httploader.go +++ b/caddyconfig/httploader.go @@ -134,16 +134,16 @@ func doHttpCallWithRetries(ctx caddy.Context, client *http.Client, request *http var err error const maxAttempts = 10 - // attempt up to 10 times for i := 0; i < maxAttempts; i++ { resp, err = attemptHttpCall(client, request) if err != nil && i < maxAttempts-1 { - // wait 500ms before reattempting, or until context is done select { case <-time.After(time.Millisecond * 500): case <-ctx.Done(): return resp, ctx.Err() } + } else { + break } } From 817470dd66edb22015651971e39f8ef183d7bf9d Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 24 Oct 2022 12:18:32 -0600 Subject: [PATCH 0861/1498] httploader: Close resp body on bad status code Related to #5158 --- caddyconfig/httploader.go | 1 + 1 file changed, 1 insertion(+) diff --git a/caddyconfig/httploader.go b/caddyconfig/httploader.go index 04dec34f..7c4dc231 100644 --- a/caddyconfig/httploader.go +++ b/caddyconfig/httploader.go @@ -124,6 +124,7 @@ func attemptHttpCall(client *http.Client, request *http.Request) (*http.Response if err != nil { return nil, fmt.Errorf("problem calling http loader url: %v", err) } else if resp.StatusCode < 200 || resp.StatusCode > 499 { + resp.Body.Close() return nil, fmt.Errorf("bad response status code from http loader url: %v", resp.StatusCode) } return resp, nil From 798c4a3ba48b55e85867780ed399dc084c15b322 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 24 Oct 2022 12:20:39 -0600 Subject: [PATCH 0862/1498] go.mod: Upgrade some dependencies Quic-go 0.30 should be faster --- go.mod | 24 +++++++++------------- go.sum | 64 +++++++++++++++++++++------------------------------------- 2 files changed, 33 insertions(+), 55 deletions(-) diff --git a/go.mod b/go.mod index 0c7a3766..18b939be 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/caddyserver/caddy/v2 go 1.18 require ( - github.com/BurntSushi/toml v1.2.0 + github.com/BurntSushi/toml v1.2.1 github.com/Masterminds/sprig/v3 v3.2.2 github.com/alecthomas/chroma v0.10.0 github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b @@ -13,15 +13,15 @@ require ( github.com/google/cel-go v0.12.5 github.com/google/uuid v1.3.0 github.com/klauspost/compress v1.15.11 - github.com/klauspost/cpuid/v2 v2.1.1 - github.com/lucas-clemente/quic-go v0.29.2 + github.com/klauspost/cpuid/v2 v2.1.2 + github.com/lucas-clemente/quic-go v0.30.0 github.com/mholt/acmez v1.0.4 github.com/prometheus/client_golang v1.12.2 github.com/smallstep/certificates v0.22.1 github.com/smallstep/cli v0.22.0 github.com/smallstep/nosql v0.4.0 github.com/smallstep/truststore v0.12.0 - github.com/spf13/cobra v1.5.0 + github.com/spf13/cobra v1.6.0 github.com/spf13/pflag v1.0.5 github.com/tailscale/tscert v0.0.0-20220316030059-54bbcb9f74e2 github.com/yuin/goldmark v1.5.2 @@ -41,8 +41,9 @@ require ( require ( github.com/golang/mock v1.6.0 // indirect + github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 // indirect + github.com/onsi/ginkgo/v2 v2.2.0 // indirect golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e // indirect - gopkg.in/yaml.v2 v2.4.0 // indirect ) require ( @@ -63,7 +64,6 @@ require ( github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13 // indirect github.com/dlclark/regexp2 v1.4.0 // indirect github.com/felixge/httpsnoop v1.0.3 // indirect - github.com/fsnotify/fsnotify v1.5.1 // indirect github.com/go-kit/kit v0.10.0 // indirect github.com/go-logfmt/logfmt v0.5.0 // indirect github.com/go-logr/logr v1.2.3 // indirect @@ -75,7 +75,7 @@ require ( github.com/grpc-ecosystem/grpc-gateway v1.16.0 // indirect github.com/huandu/xstrings v1.3.2 // indirect github.com/imdario/mergo v0.3.12 // indirect - github.com/inconshreveable/mousetrap v1.0.0 // indirect + github.com/inconshreveable/mousetrap v1.0.1 // indirect github.com/jackc/chunkreader/v2 v2.0.1 // indirect github.com/jackc/pgconn v1.10.1 // indirect github.com/jackc/pgio v1.0.0 // indirect @@ -86,7 +86,7 @@ require ( github.com/jackc/pgx/v4 v4.14.0 // indirect github.com/libdns/libdns v0.2.1 // indirect github.com/manifoldco/promptui v0.9.0 // indirect - github.com/marten-seemann/qpack v0.2.1 // indirect + github.com/marten-seemann/qpack v0.3.0 // indirect github.com/marten-seemann/qtls-go1-18 v0.1.3 // indirect github.com/marten-seemann/qtls-go1-19 v0.1.1 // indirect github.com/mattn/go-colorable v0.1.8 // indirect @@ -98,8 +98,6 @@ require ( github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/go-ps v1.0.0 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect - github.com/nxadm/tail v1.4.8 // indirect - github.com/onsi/ginkgo v1.16.4 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/prometheus/client_model v0.2.0 // indirect github.com/prometheus/common v0.32.1 // indirect @@ -125,14 +123,12 @@ require ( go.step.sm/linkedca v0.18.0 // indirect go.uber.org/atomic v1.9.0 // indirect go.uber.org/multierr v1.6.0 // indirect - golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 // indirect + golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10 golang.org/x/text v0.3.8-0.20211004125949-5bd84dd9b33b // indirect - golang.org/x/tools v0.1.10 // indirect - golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f // indirect + golang.org/x/tools v0.1.12 // indirect google.golang.org/grpc v1.47.0 // indirect google.golang.org/protobuf v1.28.0 // indirect gopkg.in/square/go-jose.v2 v2.6.0 // indirect - gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect howett.net/plist v1.0.0 // indirect ) diff --git a/go.sum b/go.sum index ddad26b4..d647b8d7 100644 --- a/go.sum +++ b/go.sum @@ -40,8 +40,8 @@ filippo.io/edwards25519 v1.0.0-rc.1/go.mod h1:N1IkdkCkiLB6tki+MYJoSx2JTY9NUlxZE7 github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96 h1:cTp8I5+VIoKjsnZuH8vjyaysT/ses3EvZeaV/1UkF2M= github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96/go.mod h1:bOvUY6CB00SOBii9/FifXqc0awNKxLFCL/+pkDPuyl8= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/toml v1.2.0 h1:Rt8g24XnyGTyglgET/PRUNlrUeu9F5L+7FilkXfZgs0= -github.com/BurntSushi/toml v1.2.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak= +github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= @@ -174,9 +174,6 @@ github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSw github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= -github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= -github.com/fsnotify/fsnotify v1.5.1 h1:mZcQUHVQUQWoPXXtuf9yuEXKudkV2sx1E06UadKWpgI= -github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/go-chi/chi v4.1.2+incompatible h1:fGFk2Gmi/YKXk0OmGfBh0WgmN3XB8lVnEyNz34tQRec= github.com/go-chi/chi v4.1.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= @@ -276,6 +273,8 @@ github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hf github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 h1:yAJXTCF9TqKcTiHJAE8dj7HMvPfh66eeA2JYW7eFpSE= +github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -326,12 +325,14 @@ github.com/huandu/xstrings v1.3.2 h1:L18LIDzqlW6xN2rEkpdV8+oL/IXWJ1APd+vsdYy4Wdw github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= +github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU= github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= -github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= +github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc= +github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo= github.com/jackc/chunkreader v1.0.0/go.mod h1:RT6O25fNZIuasFJRyZ4R/Y2BbhasbmZXF9QQ7T3kePo= github.com/jackc/chunkreader/v2 v2.0.0/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgOHwnPIn9lDKlk= @@ -401,8 +402,8 @@ github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+o github.com/klauspost/compress v1.12.3/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= github.com/klauspost/compress v1.15.11 h1:Lcadnb3RKGin4FYM/orgq0qde+nc15E5Cbqg4B9Sx9c= github.com/klauspost/compress v1.15.11/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM= -github.com/klauspost/cpuid/v2 v2.1.1 h1:t0wUqjowdm8ezddV5k0tLWVklVuvLJpoHeb4WBdydm0= -github.com/klauspost/cpuid/v2 v2.1.1/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= +github.com/klauspost/cpuid/v2 v2.1.2 h1:XhdX4fqAJUA0yj+kUwMavO0hHrSPAecYdYf1ZmxHvak= +github.com/klauspost/cpuid/v2 v2.1.2/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -423,14 +424,14 @@ github.com/libdns/libdns v0.2.1 h1:Wu59T7wSHRgtA0cfxC+n1c/e+O3upJGWytknkmFEDis= github.com/libdns/libdns v0.2.1/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40= github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= -github.com/lucas-clemente/quic-go v0.29.2 h1:O8Mt0O6LpvEW+wfC40vZdcw0DngwYzoxq5xULZNzSI8= -github.com/lucas-clemente/quic-go v0.29.2/go.mod h1:g6/h9YMmLuU54tL1gW25uIi3VlBp3uv+sBihplIuskE= +github.com/lucas-clemente/quic-go v0.30.0 h1:nwLW0h8ahVQ5EPTIM7uhl/stHqQDea15oRlYKZmw2O0= +github.com/lucas-clemente/quic-go v0.30.0/go.mod h1:ssOrRsOmdxa768Wr78vnh2B8JozgLsMzG/g+0qEC7uk= github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/manifoldco/promptui v0.9.0 h1:3V4HzJk1TtXW1MTZMP7mdlwbBpIinw3HztaIlYthEiA= github.com/manifoldco/promptui v0.9.0/go.mod h1:ka04sppxSGFAtxX0qhlYQjISsg9mR4GWtQEhdbn6Pgg= -github.com/marten-seemann/qpack v0.2.1 h1:jvTsT/HpCn2UZJdP+UUB53FfUUgeOyG5K1ns0OJOGVs= -github.com/marten-seemann/qpack v0.2.1/go.mod h1:F7Gl5L1jIgN1D11ucXefiuJS9UMVP2opoCp2jDKb7wc= +github.com/marten-seemann/qpack v0.3.0 h1:UiWstOgT8+znlkDPOg2+3rIuYXJ2CnGDkGUXN6ki6hE= +github.com/marten-seemann/qpack v0.3.0/go.mod h1:cGfKPBiP4a9EQdxCwEwI/GEeWAsjSekBvx/X8mh58+g= github.com/marten-seemann/qtls-go1-18 v0.1.3 h1:R4H2Ks8P6pAtUagjFty2p7BVHn3XiwDAl7TTQf5h7TI= github.com/marten-seemann/qtls-go1-18 v0.1.3/go.mod h1:mJttiymBAByA49mhlNZZGrH5u1uXYZJ+RW28Py7f4m4= github.com/marten-seemann/qtls-go1-19 v0.1.1 h1:mnbxeq3oEyQxQXwI4ReCgW9DPoPR94sNlqWoDZnjRIE= @@ -492,22 +493,15 @@ github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzE github.com/nats-io/nkeys v0.1.0/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c= -github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= -github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= -github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtbWGs= github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= -github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= -github.com/onsi/ginkgo v1.16.4 h1:29JGrr5oVBm5ulCWet69zQkzWipVXIol6ygQUe/EzNc= -github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= +github.com/onsi/ginkgo/v2 v2.2.0 h1:3ZNA3L1c5FYDFTTxbFeVGGD8jYvjYauHD30YgLxVsNI= +github.com/onsi/ginkgo/v2 v2.2.0/go.mod h1:MEH45j8TBi6u9BMogfbp0stKC5cdGjumZj5Y7AG4VIk= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= -github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= -github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= -github.com/onsi/gomega v1.13.0 h1:7lLHu94wT9Ij0o6EWWclhu0aOh32VxhkwEJvzuWPeak= +github.com/onsi/gomega v1.20.1 h1:PA/3qinGoukvymdIDV8pii6tiZgC8kbmJO6Z5+b002Q= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis= github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74= @@ -617,8 +611,8 @@ github.com/spf13/cast v1.4.1 h1:s0hze+J0196ZfEMTs80N7UlFt0BDuQ7Q+JDnHiMWKdA= github.com/spf13/cast v1.4.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= -github.com/spf13/cobra v1.5.0 h1:X+jTBEBqF0bHN+9cSMgmfuvv2VHJ9ezmFNf9Y/XstYU= -github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM= +github.com/spf13/cobra v1.6.0 h1:42a0n6jwCot1pUmomAp4T7DeMD+20LFv4Q54pxLf2LI= +github.com/spf13/cobra v1.6.0/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= @@ -654,7 +648,6 @@ github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1: github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.5/go.mod h1:rmuwmfZ0+bvzB24eSC//bk1R1Zp3hM0OXYv/G2LIilg= github.com/yuin/goldmark v1.5.2 h1:ALmeCk/px5FSm1MAcFBAsVKZjDuMVj8Tm7FFIlMJnqU= @@ -779,8 +772,8 @@ golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzB golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 h1:kQgndtyPBW/JIYERgdxfwMYh3AVStj88WQTlNDi2a+o= -golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/net v0.0.0-20170726083632-f5079bd7f6f7/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -812,7 +805,6 @@ golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/ golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= @@ -840,10 +832,9 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 h1:uVc8UZUe6tr40fFVnUP5Oj+veunVezqYl9z7DYw9xzw= golang.org/x/sys v0.0.0-20170728174421-0f826bdd13b5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -868,11 +859,8 @@ golang.org/x/sys v0.0.0-20190626221950-04f50cda93cb/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191220142924-d4481acd189f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -889,7 +877,6 @@ golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -897,7 +884,6 @@ golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -980,20 +966,17 @@ golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.10 h1:QjFRCZxdOhBJ/UNgnBZLbNV13DlbnK0quyivTnXJM20= -golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= +golang.org/x/tools v0.1.12 h1:VveCTK38A2rkS8ZqFY25HIDFscX5X9OoEhJd3quQmXU= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f h1:uF6paiQQebLeSXkrTqHqz0MXhXXS1KgF41eUdBNvxK0= -golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= @@ -1108,7 +1091,6 @@ gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI= gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= -gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= gopkg.in/yaml.v1 v1.0.0-20140924161607-9f9df34309c0/go.mod h1:WDnlLJ4WF5VGsH/HVa3CI79GS0ol3YnhVnKP89i0kNg= From f20a8e7aa02034eddc48e7cc160813883a8935e2 Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Tue, 25 Oct 2022 17:56:38 +0300 Subject: [PATCH 0863/1498] cmd: replace deprecate func use (#5170) --- cmd/commands.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/commands.go b/cmd/commands.go index e1e7a53e..c92e1269 100644 --- a/cmd/commands.go +++ b/cmd/commands.go @@ -456,7 +456,7 @@ argument of --directory. If the directory does not exist, it will be created. `, rootCmd.Root().Name()), DisableFlagsInUseLine: true, ValidArgs: []string{"bash", "zsh", "fish", "powershell"}, - Args: cobra.ExactValidArgs(1), + Args: cobra.MatchAll(cobra.ExactArgs(1), cobra.OnlyValidArgs), RunE: func(cmd *cobra.Command, args []string) error { switch args[0] { case "bash": From 1fa4cb7ba15b2e3166a30258fd99e13eac5fdd0e Mon Sep 17 00:00:00 2001 From: Benjamin Chalmers <111370568+ben-bud@users.noreply.github.com> Date: Thu, 27 Oct 2022 23:12:30 +0100 Subject: [PATCH 0864/1498] caddytest: Increased sleep between retries to reduce flakey tests in CI (#5160) * Incresed sleep between retries to reduce flakey tests in CI * Also changed wait time for admin * Modified time to make it more reliable Co-authored-by: Mohammed Al Sahaf --- caddytest/caddytest.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/caddytest/caddytest.go b/caddytest/caddytest.go index ca10fab7..868b4274 100644 --- a/caddytest/caddytest.go +++ b/caddytest/caddytest.go @@ -218,7 +218,7 @@ func (tc *Tester) ensureConfigRunning(rawConfig string, configType string) error if reflect.DeepEqual(expected, fetchConfig(client)) { return nil } - time.Sleep(10 * time.Millisecond) + time.Sleep(1 * time.Second) } tc.t.Errorf("POSTed configuration isn't active") return errors.New("EnsureConfigRunning: POSTed configuration isn't active") @@ -244,7 +244,7 @@ func validateTestPrerequisites() error { // wait for caddy to start serving the initial config for retries := 10; retries > 0 && isCaddyAdminRunning() != nil; retries-- { - time.Sleep(10 * time.Millisecond) + time.Sleep(1 * time.Second) } } From 087f126cf4c8750424b26f177aa7f426be806b7f Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Sat, 29 Oct 2022 22:35:44 +0200 Subject: [PATCH 0865/1498] caddyhttp: Canonicalize header field names (#5176) --- modules/caddyhttp/staticresp.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/caddyhttp/staticresp.go b/modules/caddyhttp/staticresp.go index 411a7bcc..add5b121 100644 --- a/modules/caddyhttp/staticresp.go +++ b/modules/caddyhttp/staticresp.go @@ -21,6 +21,7 @@ import ( "fmt" "io" "net/http" + "net/textproto" "os" "strconv" "strings" @@ -193,7 +194,7 @@ func (s StaticResponse) ServeHTTP(w http.ResponseWriter, r *http.Request, next H // set all headers for field, vals := range s.Headers { - field = repl.ReplaceAll(field, "") + field = textproto.CanonicalMIMEHeaderKey(repl.ReplaceAll(field, "")) newVals := make([]string, len(vals)) for i := range vals { newVals[i] = repl.ReplaceAll(vals[i], "") From 6efd1b3bb1217841269e67930cba33992fb96930 Mon Sep 17 00:00:00 2001 From: Ashish Kurmi <100655670+boahc077@users.noreply.github.com> Date: Sun, 6 Nov 2022 01:01:36 -0700 Subject: [PATCH 0866/1498] ci: set least privilged token for github actions for lint workflow (#5179) * ci: set least privilged token for github actions Signed-off-by: Ashish Kurmi * ci:reverting github actions permissions for all but lint workflow Signed-off-by: Ashish Kurmi --- .github/workflows/lint.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index d437d7bf..c8580d39 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -10,9 +10,15 @@ on: - master - 2.* +permissions: + contents: read + jobs: # From https://github.com/golangci/golangci-lint-action golangci: + permissions: + contents: read # for actions/checkout to fetch code + pull-requests: read # for golangci/golangci-lint-action to fetch pull requests name: lint strategy: matrix: From 33fdea8f261c306a47b07a6df2c3cb8fe2ad2d5d Mon Sep 17 00:00:00 2001 From: Jonathan Garcia <116393282+joga84@users.noreply.github.com> Date: Tue, 8 Nov 2022 20:13:46 +0100 Subject: [PATCH 0867/1498] caddypki: Prefer user-configured root instead of generating new one (#5189) instead of generating a new root certificate at the default location load the certificate from the configuration. fixes: #5181 --- modules/caddypki/ca.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/caddypki/ca.go b/modules/caddypki/ca.go index 41e78a6b..acf8d14d 100644 --- a/modules/caddypki/ca.go +++ b/modules/caddypki/ca.go @@ -240,6 +240,9 @@ func (ca *CA) NewAuthority(authorityConfig AuthorityConfig) (*authority.Authorit } func (ca CA) loadOrGenRoot() (rootCert *x509.Certificate, rootKey any, err error) { + if ca.Root != nil { + return ca.Root.Load() + } rootCertPEM, err := ca.storage.Load(ca.ctx, ca.storageKeyRootCert()) if err != nil { if !errors.Is(err, fs.ErrNotExist) { From ee7c92ec9b57c671c9091ff993b1a24251020c25 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 14 Nov 2022 11:38:02 -0500 Subject: [PATCH 0868/1498] reverseproxy: Mask the WS close message when we're the client (#5199) * reverseproxy: Mask the WS close message when we're the client * weakrand * Bump golangci-lint version so path ignores work on Windows * gofmt * ugh, gofmt everything, I guess --- .github/workflows/lint.yml | 2 +- .golangci.yml | 4 + caddyconfig/httpcaddyfile/pkiapp.go | 34 ++--- cmd/caddy/main.go | 8 +- modules/caddyhttp/caddyauth/caddyfile.go | 8 +- modules/caddyhttp/encode/caddyfile.go | 24 ++-- modules/caddyhttp/push/caddyfile.go | 14 +-- modules/caddyhttp/push/link.go | 6 +- modules/caddyhttp/push/link_test.go | 2 +- modules/caddyhttp/responsematchers.go | 11 +- .../reverseproxy/selectionpolicies.go | 3 +- modules/caddyhttp/reverseproxy/streaming.go | 118 +++++++++++++++--- modules/caddyhttp/rewrite/caddyfile.go | 13 +- modules/caddyhttp/staticerror.go | 6 +- modules/caddyhttp/templates/caddyfile.go | 11 +- modules/caddyhttp/templates/templates.go | 22 ++-- modules/caddypki/acmeserver/caddyfile.go | 7 +- modules/logging/filewriter.go | 16 +-- modules/logging/filterencoder.go | 16 +-- modules/logging/netwriter.go | 7 +- 20 files changed, 209 insertions(+), 123 deletions(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index c8580d39..7e56afc3 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -34,7 +34,7 @@ jobs: - name: golangci-lint uses: golangci/golangci-lint-action@v3 with: - version: v1.47 + version: v1.50 # Windows times out frequently after about 5m50s if we don't set a longer timeout. args: --timeout 10m # Optional: show only new issues if it's a pull request. The default value is `false`. diff --git a/.golangci.yml b/.golangci.yml index 79fd8f2f..c36821cc 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -96,3 +96,7 @@ issues: text: "G404" # G404: Insecure random number source (rand) linters: - gosec + - path: modules/caddyhttp/reverseproxy/streaming.go + text: "G404" # G404: Insecure random number source (rand) + linters: + - gosec diff --git a/caddyconfig/httpcaddyfile/pkiapp.go b/caddyconfig/httpcaddyfile/pkiapp.go index f8aba9ff..a67ac992 100644 --- a/caddyconfig/httpcaddyfile/pkiapp.go +++ b/caddyconfig/httpcaddyfile/pkiapp.go @@ -26,23 +26,23 @@ func init() { // parsePKIApp parses the global log option. Syntax: // -// pki { -// ca [] { -// name -// root_cn -// intermediate_cn -// root { -// cert -// key -// format -// } -// intermediate { -// cert -// key -// format -// } -// } -// } +// pki { +// ca [] { +// name +// root_cn +// intermediate_cn +// root { +// cert +// key +// format +// } +// intermediate { +// cert +// key +// format +// } +// } +// } // // When the CA ID is unspecified, 'local' is assumed. func parsePKIApp(d *caddyfile.Dispenser, existingVal any) (any, error) { diff --git a/cmd/caddy/main.go b/cmd/caddy/main.go index ee706d58..48fa149a 100644 --- a/cmd/caddy/main.go +++ b/cmd/caddy/main.go @@ -19,10 +19,10 @@ // There is no need to modify the Caddy source code to customize your // builds. You can easily build a custom Caddy with these simple steps: // -// 1. Copy this file (main.go) into a new folder -// 2. Edit the imports below to include the modules you want plugged in -// 3. Run `go mod init caddy` -// 4. Run `go install` or `go build` - you now have a custom binary! +// 1. Copy this file (main.go) into a new folder +// 2. Edit the imports below to include the modules you want plugged in +// 3. Run `go mod init caddy` +// 4. Run `go install` or `go build` - you now have a custom binary! // // Or you can use xcaddy which does it all for you as a command: // https://github.com/caddyserver/xcaddy diff --git a/modules/caddyhttp/caddyauth/caddyfile.go b/modules/caddyhttp/caddyauth/caddyfile.go index afa38087..05c02320 100644 --- a/modules/caddyhttp/caddyauth/caddyfile.go +++ b/modules/caddyhttp/caddyauth/caddyfile.go @@ -27,10 +27,10 @@ func init() { // parseCaddyfile sets up the handler from Caddyfile tokens. Syntax: // -// basicauth [] [ []] { -// [] -// ... -// } +// basicauth [] [ []] { +// [] +// ... +// } // // If no hash algorithm is supplied, bcrypt will be assumed. func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) { diff --git a/modules/caddyhttp/encode/caddyfile.go b/modules/caddyhttp/encode/caddyfile.go index 2541b1aa..25d13f7c 100644 --- a/modules/caddyhttp/encode/caddyfile.go +++ b/modules/caddyhttp/encode/caddyfile.go @@ -39,18 +39,18 @@ func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) // UnmarshalCaddyfile sets up the handler from Caddyfile tokens. Syntax: // -// encode [] { -// gzip [] -// zstd -// minimum_length -// # response matcher block -// match { -// status -// header [] -// } -// # or response matcher single line syntax -// match [header []] | [status ] -// } +// encode [] { +// gzip [] +// zstd +// minimum_length +// # response matcher block +// match { +// status +// header [] +// } +// # or response matcher single line syntax +// match [header []] | [status ] +// } // // Specifying the formats on the first line will use those formats' defaults. func (enc *Encode) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { diff --git a/modules/caddyhttp/push/caddyfile.go b/modules/caddyhttp/push/caddyfile.go index 61b868c5..963117c1 100644 --- a/modules/caddyhttp/push/caddyfile.go +++ b/modules/caddyhttp/push/caddyfile.go @@ -26,13 +26,13 @@ func init() { // parseCaddyfile sets up the push handler. Syntax: // -// push [] [] { -// [GET|HEAD] -// headers { -// [+] [ []] -// - -// } -// } +// push [] [] { +// [GET|HEAD] +// headers { +// [+] [ []] +// - +// } +// } // // A single resource can be specified inline without opening a // block for the most common/simple case. Or, a block can be diff --git a/modules/caddyhttp/push/link.go b/modules/caddyhttp/push/link.go index f7c1dd89..855dffd0 100644 --- a/modules/caddyhttp/push/link.go +++ b/modules/caddyhttp/push/link.go @@ -29,9 +29,9 @@ type linkResource struct { // // Accepted formats are: // -// Link: ; as=script -// Link: ; as=script,; as=style -// Link: ; +// Link: ; as=script +// Link: ; as=script,; as=style +// Link: ; // // where begins with a forward slash (/). func parseLinkHeader(header string) []linkResource { diff --git a/modules/caddyhttp/push/link_test.go b/modules/caddyhttp/push/link_test.go index 238e284b..634bcb6d 100644 --- a/modules/caddyhttp/push/link_test.go +++ b/modules/caddyhttp/push/link_test.go @@ -4,7 +4,7 @@ // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // -// http://www.apache.org/licenses/LICENSE-2.0 +// http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, diff --git a/modules/caddyhttp/responsematchers.go b/modules/caddyhttp/responsematchers.go index 821def97..6bac7800 100644 --- a/modules/caddyhttp/responsematchers.go +++ b/modules/caddyhttp/responsematchers.go @@ -58,15 +58,14 @@ func (rm ResponseMatcher) matchStatusCode(statusCode int) bool { // ParseNamedResponseMatcher parses the tokens of a named response matcher. // -// @name { -// header [] -// status -// } +// @name { +// header [] +// status +// } // // Or, single line syntax: // -// @name [header []] | [status ] -// +// @name [header []] | [status ] func ParseNamedResponseMatcher(d *caddyfile.Dispenser, matchers map[string]ResponseMatcher) error { for d.Next() { definitionName := d.Val() diff --git a/modules/caddyhttp/reverseproxy/selectionpolicies.go b/modules/caddyhttp/reverseproxy/selectionpolicies.go index 5fc7136d..2de830c1 100644 --- a/modules/caddyhttp/reverseproxy/selectionpolicies.go +++ b/modules/caddyhttp/reverseproxy/selectionpolicies.go @@ -418,7 +418,8 @@ func (s CookieHashSelection) Select(pool UpstreamPool, req *http.Request, w http } // UnmarshalCaddyfile sets up the module from Caddyfile tokens. Syntax: -// lb_policy cookie [ []] +// +// lb_policy cookie [ []] // // By default name is `lb` func (s *CookieHashSelection) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { diff --git a/modules/caddyhttp/reverseproxy/streaming.go b/modules/caddyhttp/reverseproxy/streaming.go index 01d865db..834cb9e1 100644 --- a/modules/caddyhttp/reverseproxy/streaming.go +++ b/modules/caddyhttp/reverseproxy/streaming.go @@ -20,12 +20,13 @@ package reverseproxy import ( "context" - "encoding/binary" "io" + weakrand "math/rand" "mime" "net/http" "sync" "time" + "unsafe" "go.uber.org/zap" "golang.org/x/net/http/httpguts" @@ -103,16 +104,19 @@ func (h Handler) handleUpgradeResponse(logger *zap.Logger, rw http.ResponseWrite // with the backend, are both closed in the event of a server shutdown. This // is done by registering them. We also try to gracefully close connections // we recognize as websockets. - gracefulClose := func(conn io.ReadWriteCloser) func() error { + // We need to make sure the client connection messages (i.e. to upstream) + // are masked, so we need to know whether the connection is considered the + // server or the client side of the proxy. + gracefulClose := func(conn io.ReadWriteCloser, isClient bool) func() error { if isWebsocket(req) { return func() error { - return writeCloseControl(conn) + return writeCloseControl(conn, isClient) } } return nil } - deleteFrontConn := h.registerConnection(conn, gracefulClose(conn)) - deleteBackConn := h.registerConnection(backConn, gracefulClose(backConn)) + deleteFrontConn := h.registerConnection(conn, gracefulClose(conn, false)) + deleteBackConn := h.registerConnection(backConn, gracefulClose(backConn, true)) defer deleteFrontConn() defer deleteBackConn() @@ -248,27 +252,108 @@ func (h *Handler) registerConnection(conn io.ReadWriteCloser, gracefulClose func // writeCloseControl sends a best-effort Close control message to the given // WebSocket connection. Thanks to @pascaldekloe who provided inspiration // from his simple implementation of this I was able to learn from at: -// github.com/pascaldekloe/websocket. -func writeCloseControl(conn io.Writer) error { +// github.com/pascaldekloe/websocket. Further work for handling masking +// taken from github.com/gorilla/websocket. +func writeCloseControl(conn io.Writer, isClient bool) error { + // Sources: // https://github.com/pascaldekloe/websocket/blob/32050af67a5d/websocket.go#L119 + // https://github.com/gorilla/websocket/blob/v1.5.0/conn.go#L413 + // For now, we're not using a reason. We might later, though. + // The code handling the reason is left in var reason string // max 123 bytes (control frame payload limit is 125; status code takes 2) - const goingAway uint16 = 1001 - // TODO: we might need to ensure we are the exclusive writer by this point (io.Copy is stopped)? - var writeBuf [127]byte const closeMessage = 8 - const finalBit = 1 << 7 - writeBuf[0] = closeMessage | finalBit - writeBuf[1] = byte(len(reason) + 2) - binary.BigEndian.PutUint16(writeBuf[2:4], goingAway) - copy(writeBuf[4:], reason) + const finalBit = 1 << 7 // Frame header byte 0 bits from Section 5.2 of RFC 6455 + const maskBit = 1 << 7 // Frame header byte 1 bits from Section 5.2 of RFC 6455 + const goingAwayUpper uint8 = 1001 >> 8 + const goingAwayLower uint8 = 1001 & 0xff + + b0 := byte(closeMessage) | finalBit + b1 := byte(len(reason) + 2) + if isClient { + b1 |= maskBit + } + + buf := make([]byte, 0, 127) + buf = append(buf, b0, b1) + msgLength := 4 + len(reason) + + // Both branches below append the "going away" code and reason + appendMessage := func(buf []byte) []byte { + buf = append(buf, goingAwayUpper, goingAwayLower) + buf = append(buf, []byte(reason)...) + return buf + } + + // When we're the client, we need to mask the message as per + // https://www.rfc-editor.org/rfc/rfc6455#section-5.3 + if isClient { + key := newMaskKey() + buf = append(buf, key[:]...) + msgLength += len(key) + buf = appendMessage(buf) + maskBytes(key, 0, buf[2+len(key):]) + } else { + buf = appendMessage(buf) + } // simply best-effort, but return error for logging purposes - _, err := conn.Write(writeBuf[:4+len(reason)]) + // TODO: we might need to ensure we are the exclusive writer by this point (io.Copy is stopped)? + _, err := conn.Write(buf[:msgLength]) return err } +// Copied from https://github.com/gorilla/websocket/blob/v1.5.0/mask.go +func maskBytes(key [4]byte, pos int, b []byte) int { + // Mask one byte at a time for small buffers. + if len(b) < 2*wordSize { + for i := range b { + b[i] ^= key[pos&3] + pos++ + } + return pos & 3 + } + + // Mask one byte at a time to word boundary. + if n := int(uintptr(unsafe.Pointer(&b[0]))) % wordSize; n != 0 { + n = wordSize - n + for i := range b[:n] { + b[i] ^= key[pos&3] + pos++ + } + b = b[n:] + } + + // Create aligned word size key. + var k [wordSize]byte + for i := range k { + k[i] = key[(pos+i)&3] + } + kw := *(*uintptr)(unsafe.Pointer(&k)) + + // Mask one word at a time. + n := (len(b) / wordSize) * wordSize + for i := 0; i < n; i += wordSize { + *(*uintptr)(unsafe.Pointer(uintptr(unsafe.Pointer(&b[0])) + uintptr(i))) ^= kw + } + + // Mask one byte at a time for remaining bytes. + b = b[n:] + for i := range b { + b[i] ^= key[pos&3] + pos++ + } + + return pos & 3 +} + +// Copied from https://github.com/gorilla/websocket/blob/v1.5.0/conn.go#L184 +func newMaskKey() [4]byte { + n := weakrand.Uint32() + return [4]byte{byte(n), byte(n >> 8), byte(n >> 16), byte(n >> 24)} +} + // isWebsocket returns true if r looks to be an upgrade request for WebSockets. // It is a fairly naive check. func isWebsocket(r *http.Request) bool { @@ -364,3 +449,4 @@ var streamingBufPool = sync.Pool{ } const defaultBufferSize = 32 * 1024 +const wordSize = int(unsafe.Sizeof(uintptr(0))) diff --git a/modules/caddyhttp/rewrite/caddyfile.go b/modules/caddyhttp/rewrite/caddyfile.go index 15abbfa7..a34c1bb0 100644 --- a/modules/caddyhttp/rewrite/caddyfile.go +++ b/modules/caddyhttp/rewrite/caddyfile.go @@ -34,7 +34,7 @@ func init() { // parseCaddyfileRewrite sets up a basic rewrite handler from Caddyfile tokens. Syntax: // -// rewrite [] +// rewrite [] // // Only URI components which are given in will be set in the resulting URI. // See the docs for the rewrite handler for more information. @@ -54,8 +54,7 @@ func parseCaddyfileRewrite(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, // parseCaddyfileMethod sets up a basic method rewrite handler from Caddyfile tokens. Syntax: // -// method [] -// +// method [] func parseCaddyfileMethod(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) { var rewr Rewrite for h.Next() { @@ -73,7 +72,7 @@ func parseCaddyfileMethod(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, // parseCaddyfileURI sets up a handler for manipulating (but not "rewriting") the // URI from Caddyfile tokens. Syntax: // -// uri [] strip_prefix|strip_suffix|replace|path_regexp [ []] +// uri [] strip_prefix|strip_suffix|replace|path_regexp [ []] // // If strip_prefix or strip_suffix are used, then will be stripped // only if it is the beginning or the end, respectively, of the URI path. If @@ -147,9 +146,9 @@ func parseCaddyfileURI(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, err // parseCaddyfileHandlePath parses the handle_path directive. Syntax: // -// handle_path [] { -// -// } +// handle_path [] { +// +// } // // Only path matchers (with a `/` prefix) are supported as this is a shortcut // for the handle directive with a strip_prefix rewrite. diff --git a/modules/caddyhttp/staticerror.go b/modules/caddyhttp/staticerror.go index 914e6c14..7cf1a3e9 100644 --- a/modules/caddyhttp/staticerror.go +++ b/modules/caddyhttp/staticerror.go @@ -53,9 +53,9 @@ func (StaticError) CaddyModule() caddy.ModuleInfo { // UnmarshalCaddyfile sets up the handler from Caddyfile tokens. Syntax: // -// error [] | [] { -// message -// } +// error [] | [] { +// message +// } // // If there is just one argument (other than the matcher), it is considered // to be a status code if it's a valid positive integer of 3 digits. diff --git a/modules/caddyhttp/templates/caddyfile.go b/modules/caddyhttp/templates/caddyfile.go index ea6aa9f2..06ca3e26 100644 --- a/modules/caddyhttp/templates/caddyfile.go +++ b/modules/caddyhttp/templates/caddyfile.go @@ -25,12 +25,11 @@ func init() { // parseCaddyfile sets up the handler from Caddyfile tokens. Syntax: // -// templates [] { -// mime -// between -// root -// } -// +// templates [] { +// mime +// between +// root +// } func parseCaddyfile(h httpcaddyfile.Helper) (caddyhttp.MiddlewareHandler, error) { t := new(Templates) for h.Next() { diff --git a/modules/caddyhttp/templates/templates.go b/modules/caddyhttp/templates/templates.go index e32e1c3a..449536ac 100644 --- a/modules/caddyhttp/templates/templates.go +++ b/modules/caddyhttp/templates/templates.go @@ -152,10 +152,10 @@ func init() { // // Accesses the current HTTP request, which has various fields, including: // -// - `.Method` - the method -// - `.URL` - the URL, which in turn has component fields (Scheme, Host, Path, etc.) -// - `.Header` - the header fields -// - `.Host` - the Host or :authority header of the request +// - `.Method` - the method +// - `.URL` - the URL, which in turn has component fields (Scheme, Host, Path, etc.) +// - `.Header` - the header fields +// - `.Host` - the Host or :authority header of the request // // ``` // {{.Req.Header.Get "User-Agent"}} @@ -221,15 +221,16 @@ func init() { // --- // ``` // -// // **JSON** is simply `{` and `}`: // // ``` -// { -// "template": "blog", -// "title": "Blog Homepage", -// "sitename": "A Caddy site" -// } +// +// { +// "template": "blog", +// "title": "Blog Homepage", +// "sitename": "A Caddy site" +// } +// // ``` // // The resulting front matter will be made available like so: @@ -237,7 +238,6 @@ func init() { // - `.Meta` to access the metadata fields, for example: `{{$parsed.Meta.title}}` // - `.Body` to access the body after the front matter, for example: `{{markdown $parsed.Body}}` // -// // ##### `stripHTML` // // Removes HTML from a string. diff --git a/modules/caddypki/acmeserver/caddyfile.go b/modules/caddypki/acmeserver/caddyfile.go index 9ac0bb20..fe12712b 100644 --- a/modules/caddypki/acmeserver/caddyfile.go +++ b/modules/caddypki/acmeserver/caddyfile.go @@ -25,10 +25,9 @@ func init() { // parseACMEServer sets up an ACME server handler from Caddyfile tokens. // -// acme_server [] { -// ca -// } -// +// acme_server [] { +// ca +// } func parseACMEServer(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error) { if !h.Next() { return nil, h.ArgErr() diff --git a/modules/logging/filewriter.go b/modules/logging/filewriter.go index c0b5715d..f902a6db 100644 --- a/modules/logging/filewriter.go +++ b/modules/logging/filewriter.go @@ -131,14 +131,14 @@ func (fw FileWriter) OpenWriter() (io.WriteCloser, error) { // UnmarshalCaddyfile sets up the module from Caddyfile tokens. Syntax: // -// file { -// roll_disabled -// roll_size -// roll_uncompressed -// roll_local_time -// roll_keep -// roll_keep_for -// } +// file { +// roll_disabled +// roll_size +// roll_uncompressed +// roll_local_time +// roll_keep +// roll_keep_for +// } // // The roll_size value has megabyte resolution. // Fractional values are rounded up to the next whole megabyte (MiB). diff --git a/modules/logging/filterencoder.go b/modules/logging/filterencoder.go index 6a768dd6..1a6842e1 100644 --- a/modules/logging/filterencoder.go +++ b/modules/logging/filterencoder.go @@ -98,14 +98,14 @@ func (fe *FilterEncoder) Provision(ctx caddy.Context) error { // UnmarshalCaddyfile sets up the module from Caddyfile tokens. Syntax: // -// filter { -// wrap -// fields { -// { -// -// } -// } -// } +// filter { +// wrap +// fields { +// { +// +// } +// } +// } func (fe *FilterEncoder) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { for d.Next() { for d.NextBlock(0) { diff --git a/modules/logging/netwriter.go b/modules/logging/netwriter.go index 2bf23bf0..5a6cf394 100644 --- a/modules/logging/netwriter.go +++ b/modules/logging/netwriter.go @@ -102,10 +102,9 @@ func (nw NetWriter) OpenWriter() (io.WriteCloser, error) { // UnmarshalCaddyfile sets up the handler from Caddyfile tokens. Syntax: // -// net
{ -// dial_timeout -// } -// +// net
{ +// dial_timeout +// } func (nw *NetWriter) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { for d.Next() { if !d.NextArg() { From ac96455a9a6ac34eb8ea95339838038e725f5bee Mon Sep 17 00:00:00 2001 From: bit Date: Wed, 23 Nov 2022 18:48:37 +0000 Subject: [PATCH 0869/1498] admin: fix certificate renewal for admin (#5169) certmagic.New takes a template and returns pointer to the new config. GetConfigForCert later must return a pointer to the new config not the template. fixes #5162 --- admin.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/admin.go b/admin.go index db46e713..4b107ad0 100644 --- a/admin.go +++ b/admin.go @@ -572,12 +572,13 @@ func replaceRemoteAdminServer(ctx Context, cfg *Config) error { } func (ident *IdentityConfig) certmagicConfig(logger *zap.Logger, makeCache bool) *certmagic.Config { + var cmCfg *certmagic.Config if ident == nil { // user might not have configured identity; that's OK, we can still make a // certmagic config, although it'll be mostly useless for remote management ident = new(IdentityConfig) } - cmCfg := &certmagic.Config{ + template := certmagic.Config{ Storage: DefaultStorage, // do not act as part of a cluster (this is for the server's local identity) Logger: logger, Issuers: ident.issuers, @@ -589,7 +590,8 @@ func (ident *IdentityConfig) certmagicConfig(logger *zap.Logger, makeCache bool) }, }) } - return certmagic.New(identityCertCache, *cmCfg) + cmCfg = certmagic.New(identityCertCache, template) + return cmCfg } // IdentityCredentials returns this instance's configured, managed identity credentials From 6f8fe01da170f6e4be09f85ea952c3e0d89f64db Mon Sep 17 00:00:00 2001 From: Mariano Cano Date: Wed, 23 Nov 2022 19:47:42 -0800 Subject: [PATCH 0870/1498] caddypki: Use go.step.sm/crypto to generate the PKI (#5217) This commit replaces the use of github.com/smallstep/cli to generate the root and intermediate certificates and uses go.step.sm/crypto instead. It also upgrades the version of github.com/smallstep/certificates to the latest version. --- go.mod | 55 ++++++------ go.sum | 144 +++++++++++++++++-------------- modules/caddypki/ca.go | 10 +-- modules/caddypki/certificates.go | 51 +++++++---- 4 files changed, 149 insertions(+), 111 deletions(-) diff --git a/go.mod b/go.mod index 18b939be..00119b97 100644 --- a/go.mod +++ b/go.mod @@ -17,9 +17,8 @@ require ( github.com/lucas-clemente/quic-go v0.30.0 github.com/mholt/acmez v1.0.4 github.com/prometheus/client_golang v1.12.2 - github.com/smallstep/certificates v0.22.1 - github.com/smallstep/cli v0.22.0 - github.com/smallstep/nosql v0.4.0 + github.com/smallstep/certificates v0.23.0 + github.com/smallstep/nosql v0.5.0 github.com/smallstep/truststore v0.12.0 github.com/spf13/cobra v1.6.0 github.com/spf13/pflag v1.0.5 @@ -31,23 +30,27 @@ require ( go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.4.0 go.opentelemetry.io/otel/sdk v1.4.0 go.uber.org/zap v1.23.0 - golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa - golang.org/x/net v0.0.0-20220812165438-1d4ff48094d1 - golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 - google.golang.org/genproto v0.0.0-20220617124728-180714bec0ad + golang.org/x/crypto v0.0.0-20221005025214-4161e89ecf1b + golang.org/x/net v0.1.0 + golang.org/x/term v0.1.0 + google.golang.org/genproto v0.0.0-20221027153422-115e99e71e1c gopkg.in/natefinch/lumberjack.v2 v2.0.0 gopkg.in/yaml.v3 v3.0.1 ) require ( + github.com/fxamacker/cbor/v2 v2.4.0 // indirect + github.com/golang/glog v1.0.0 // indirect github.com/golang/mock v1.6.0 // indirect github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 // indirect github.com/onsi/ginkgo/v2 v2.2.0 // indirect + github.com/rogpeppe/go-internal v1.9.0 // indirect + github.com/x448/float16 v0.8.4 // indirect golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e // indirect ) require ( - filippo.io/edwards25519 v1.0.0-rc.1 // indirect + filippo.io/edwards25519 v1.0.0 // indirect github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96 // indirect github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/semver/v3 v3.1.1 // indirect @@ -60,12 +63,12 @@ require ( github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect github.com/dgraph-io/badger v1.6.2 // indirect github.com/dgraph-io/badger/v2 v2.2007.4 // indirect - github.com/dgraph-io/ristretto v0.0.4-0.20200906165740-41ebdbffecfd // indirect + github.com/dgraph-io/ristretto v0.1.0 // indirect github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13 // indirect github.com/dlclark/regexp2 v1.4.0 // indirect github.com/felixge/httpsnoop v1.0.3 // indirect github.com/go-kit/kit v0.10.0 // indirect - github.com/go-logfmt/logfmt v0.5.0 // indirect + github.com/go-logfmt/logfmt v0.5.1 // indirect github.com/go-logr/logr v1.2.3 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-sql-driver/mysql v1.6.0 // indirect @@ -77,13 +80,13 @@ require ( github.com/imdario/mergo v0.3.12 // indirect github.com/inconshreveable/mousetrap v1.0.1 // indirect github.com/jackc/chunkreader/v2 v2.0.1 // indirect - github.com/jackc/pgconn v1.10.1 // indirect + github.com/jackc/pgconn v1.13.0 // indirect github.com/jackc/pgio v1.0.0 // indirect github.com/jackc/pgpassfile v1.0.0 // indirect - github.com/jackc/pgproto3/v2 v2.2.0 // indirect + github.com/jackc/pgproto3/v2 v2.3.1 // indirect github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b // indirect - github.com/jackc/pgtype v1.9.0 // indirect - github.com/jackc/pgx/v4 v4.14.0 // indirect + github.com/jackc/pgtype v1.12.0 // indirect + github.com/jackc/pgx/v4 v4.17.2 // indirect github.com/libdns/libdns v0.2.1 // indirect github.com/manifoldco/promptui v0.9.0 // indirect github.com/marten-seemann/qpack v0.3.0 // indirect @@ -100,17 +103,17 @@ require ( github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/prometheus/client_model v0.2.0 // indirect - github.com/prometheus/common v0.32.1 // indirect + github.com/prometheus/common v0.33.0 // indirect github.com/prometheus/procfs v0.7.3 // indirect - github.com/rs/xid v1.2.1 // indirect + github.com/rs/xid v1.4.0 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/shopspring/decimal v1.2.0 // indirect github.com/shurcooL/sanitized_anchor_name v1.0.0 // indirect - github.com/sirupsen/logrus v1.8.1 // indirect - github.com/slackhq/nebula v1.5.2 // indirect + github.com/sirupsen/logrus v1.9.0 // indirect + github.com/slackhq/nebula v1.6.1 // indirect github.com/spf13/cast v1.4.1 // indirect github.com/stoewer/go-strcase v1.2.0 // indirect - github.com/urfave/cli v1.22.5 // indirect + github.com/urfave/cli v1.22.10 // indirect go.etcd.io/bbolt v1.3.6 // indirect go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 // indirect go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.4.0 // indirect @@ -118,17 +121,17 @@ require ( go.opentelemetry.io/otel/metric v0.31.0 // indirect go.opentelemetry.io/otel/trace v1.9.0 // indirect go.opentelemetry.io/proto/otlp v0.12.0 // indirect - go.step.sm/cli-utils v0.7.4 // indirect - go.step.sm/crypto v0.18.0 // indirect - go.step.sm/linkedca v0.18.0 // indirect + go.step.sm/cli-utils v0.7.5 // indirect + go.step.sm/crypto v0.23.1 + go.step.sm/linkedca v0.19.0 // indirect go.uber.org/atomic v1.9.0 // indirect go.uber.org/multierr v1.6.0 // indirect golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect - golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10 - golang.org/x/text v0.3.8-0.20211004125949-5bd84dd9b33b // indirect + golang.org/x/sys v0.1.0 + golang.org/x/text v0.4.0 // indirect golang.org/x/tools v0.1.12 // indirect - google.golang.org/grpc v1.47.0 // indirect - google.golang.org/protobuf v1.28.0 // indirect + google.golang.org/grpc v1.50.1 // indirect + google.golang.org/protobuf v1.28.1 // indirect gopkg.in/square/go-jose.v2 v2.6.0 // indirect howett.net/plist v1.0.0 // indirect ) diff --git a/go.sum b/go.sum index d647b8d7..33b3aca3 100644 --- a/go.sum +++ b/go.sum @@ -13,18 +13,19 @@ cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKV cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= -cloud.google.com/go v0.100.2 h1:t9Iw5QH5v4XtlEQaCtUY7x6sCABps8sW0acw7e2WQ6Y= +cloud.google.com/go v0.105.0 h1:DNtEKRBAAzeS4KyIory52wWHuClNaXJ5x1F7xa4q+5Y= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= -cloud.google.com/go/compute v1.6.1 h1:2sMmt8prCn7DPaG4Pmh0N3Inmc8cT8ae5k1M6VJ9Wqc= +cloud.google.com/go/compute v1.12.1 h1:gKVJMEyqV5c/UnpzjjQbo3Rjvvqpr9B1DFSbJC4OXr0= +cloud.google.com/go/compute/metadata v0.2.1 h1:efOwf5ymceDhK6PKMnnrTHP4pppY5L22mle96M1yP48= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/iam v0.1.0 h1:W2vbGCrE3Z7J/x3WXLxxGl9LMSB2uhsAA7Ss/6u/qRY= -cloud.google.com/go/kms v1.4.0 h1:iElbfoE61VeLhnZcGOltqL8HIly8Nhbe5t6JlH9GXjo= +cloud.google.com/go/iam v0.6.0 h1:nsqQC88kT5Iwlm4MeNGTpfMWddp6NB/UOLFTH6m1QfQ= +cloud.google.com/go/kms v1.6.0 h1:OWRZzrPmOZUzurjI2FBGtgY2mB1WaJkqhw6oIwSj0Yg= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= @@ -35,8 +36,8 @@ cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohl cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -filippo.io/edwards25519 v1.0.0-rc.1 h1:m0VOOB23frXZvAOK44usCgLWvtsxIoMCTBGJZlpmGfU= -filippo.io/edwards25519 v1.0.0-rc.1/go.mod h1:N1IkdkCkiLB6tki+MYJoSx2JTY9NUlxZE7eHn5EwJns= +filippo.io/edwards25519 v1.0.0 h1:0wAIcmJUqRdI8IJ/3eGi5/HwXZWPujYXXlkrQogz0Ek= +filippo.io/edwards25519 v1.0.0/go.mod h1:N1IkdkCkiLB6tki+MYJoSx2JTY9NUlxZE7eHn5EwJns= github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96 h1:cTp8I5+VIoKjsnZuH8vjyaysT/ses3EvZeaV/1UkF2M= github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96/go.mod h1:bOvUY6CB00SOBii9/FifXqc0awNKxLFCL/+pkDPuyl8= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= @@ -80,7 +81,7 @@ github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b h1:uUXgbcPDK3KpW29o github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A= github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU= github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.44.37 h1:KvDxCX6dfJeEDC77U5GPGSP0ErecmNnhDHFxw+NIvlI= +github.com/aws/aws-sdk-go v1.44.132 h1:+IjL9VoR0OXScQ5gyme9xjcolwUkd3uaH144f4Ao+4s= github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= @@ -115,7 +116,6 @@ github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnht github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI= github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cockroachdb/apd v1.1.0 h1:3LFP3629v+1aKXU5Q37mxmRxX/pIu1nijXydLShEq5I= github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ= @@ -143,8 +143,8 @@ github.com/dgraph-io/badger/v2 v2.2007.4 h1:TRWBQg8UrlUhaFdco01nO2uXwzKS7zd+HVdw github.com/dgraph-io/badger/v2 v2.2007.4/go.mod h1:vSw/ax2qojzbN6eXHIx6KPKtCSHJN/Uz0X0VPruTIhk= github.com/dgraph-io/ristretto v0.0.2/go.mod h1:KPxhHT9ZxKefz+PCeOGsrHpl1qZ7i70dGTu2u+Ahh6E= github.com/dgraph-io/ristretto v0.0.3-0.20200630154024-f66de99634de/go.mod h1:KPxhHT9ZxKefz+PCeOGsrHpl1qZ7i70dGTu2u+Ahh6E= -github.com/dgraph-io/ristretto v0.0.4-0.20200906165740-41ebdbffecfd h1:KoJOtZf+6wpQaDTuOWGuo61GxcPBIfhwRxRTaTWGCTc= -github.com/dgraph-io/ristretto v0.0.4-0.20200906165740-41ebdbffecfd/go.mod h1:YylP9MpCYGVZQrly/j/diqcdUetCRRePeBB0c2VGXsA= +github.com/dgraph-io/ristretto v0.1.0 h1:Jv3CGQHp9OjuMBSne1485aDpUkTKEcUqF+jm/LuerPI= +github.com/dgraph-io/ristretto v0.1.0/go.mod h1:fux0lOrBhrVCJd3lcTHsIJhq1T2rokOu6v9Vcb3Q9ug= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13 h1:fAjc9m62+UWV/WAFKLNi6ZS0675eEUC9y3AlwSbQu1Y= @@ -164,9 +164,7 @@ github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymF github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0= -github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk= @@ -174,6 +172,8 @@ github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSw github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= +github.com/fxamacker/cbor/v2 v2.4.0 h1:ri0ArlOR+5XunOP8CRUowT0pSJOwhW098ZCUyskZD88= +github.com/fxamacker/cbor/v2 v2.4.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/go-chi/chi v4.1.2+incompatible h1:fGFk2Gmi/YKXk0OmGfBh0WgmN3XB8lVnEyNz34tQRec= github.com/go-chi/chi v4.1.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= @@ -186,10 +186,12 @@ github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2 github.com/go-kit/kit v0.10.0 h1:dXFJfIHVvUcpSgDOV+Ne6t7jXri8Tfv2uOLHUZ2XNuo= github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= +github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= -github.com/go-logfmt/logfmt v0.5.0 h1:TrB8swr/68K7m9CcGut2g3UOihhbcbiMAYiuTXdEih4= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= +github.com/go-logfmt/logfmt v0.5.1 h1:otpy5pqBCBZ1ng9RQ0dPu4PN7ba75Y/aA+UpowDyNVA= +github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= @@ -211,6 +213,8 @@ github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7a github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/glog v1.0.0 h1:nfP3RFugxnNRyKgeWd4oI1nYvXpxrx8ck8ZrcizshdQ= +github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -260,9 +264,8 @@ github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= -github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg= +github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= @@ -281,10 +284,10 @@ github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+ github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa h1:7MYGT2XEMam7Mtzv1yDUYXANedWvwk3HKkR3MyGowy8= +github.com/googleapis/enterprise-certificate-proxy v0.2.0 h1:y8Yozv7SZtlU//QXbezB6QkpuE6jMD2/gfzk4AftXjs= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/googleapis/gax-go/v2 v2.4.0 h1:dS9eYAjhrE2RjmzYw2XAPvcXfmcQLtFEQWn0CR82awk= +github.com/googleapis/gax-go/v2 v2.7.0 h1:IcsPKeInNvYi7eqSaDjiZqDDKu5rsmunY0Y1YupQSSQ= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gorilla/context v0.0.0-20160226214623-1ea25387ff6f/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= @@ -344,8 +347,9 @@ github.com/jackc/pgconn v0.0.0-20190831204454-2fabfa3c18b7/go.mod h1:ZJKsE/KZfsU github.com/jackc/pgconn v1.8.0/go.mod h1:1C2Pb36bGIP9QHGBYCjnyhqu7Rv3sGshaQUvmfGIB/o= github.com/jackc/pgconn v1.9.0/go.mod h1:YctiPyvzfU11JFxoXokUOOKQXQmDMoJL9vJzHH8/2JY= github.com/jackc/pgconn v1.9.1-0.20210724152538-d89c8390a530/go.mod h1:4z2w8XhRbP1hYxkpTuBjTS3ne3J48K83+u0zoyvg2pI= -github.com/jackc/pgconn v1.10.1 h1:DzdIHIjG1AxGwoEEqS+mGsURyjt4enSmqzACXvVzOT8= github.com/jackc/pgconn v1.10.1/go.mod h1:4z2w8XhRbP1hYxkpTuBjTS3ne3J48K83+u0zoyvg2pI= +github.com/jackc/pgconn v1.13.0 h1:3L1XMNV2Zvca/8BYhzcRFS70Lr0WlDg16Di6SFGAbys= +github.com/jackc/pgconn v1.13.0/go.mod h1:AnowpAqO4CMIIJNZl2VJp+KrkAZciAkhEl0W0JIobpI= github.com/jackc/pgio v1.0.0 h1:g12B9UwVnzGhueNavwioyEEpAmqMe1E/BN9ES+8ovkE= github.com/jackc/pgio v1.0.0/go.mod h1:oP+2QK2wFfUWgr+gxjoBH9KGBb31Eio69xUb0w5bYf8= github.com/jackc/pgmock v0.0.0-20190831213851-13a1b77aafa2/go.mod h1:fGZlG77KXmcq05nJLRkk0+p82V8B8Dw8KN2/V9c/OAE= @@ -361,26 +365,30 @@ github.com/jackc/pgproto3/v2 v2.0.0-rc3/go.mod h1:ryONWYqW6dqSg1Lw6vXNMXoBJhpzvW github.com/jackc/pgproto3/v2 v2.0.0-rc3.0.20190831210041-4c03ce451f29/go.mod h1:ryONWYqW6dqSg1Lw6vXNMXoBJhpzvWKnT95C46ckYeM= github.com/jackc/pgproto3/v2 v2.0.6/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= github.com/jackc/pgproto3/v2 v2.1.1/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= -github.com/jackc/pgproto3/v2 v2.2.0 h1:r7JypeP2D3onoQTCxWdTpCtJ4D+qpKr0TxvoyMhZ5ns= github.com/jackc/pgproto3/v2 v2.2.0/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= +github.com/jackc/pgproto3/v2 v2.3.1 h1:nwj7qwf0S+Q7ISFfBndqeLwSwxs+4DPsbRFjECT1Y4Y= +github.com/jackc/pgproto3/v2 v2.3.1/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b h1:C8S2+VttkHFdOOCXJe+YGfa4vHYwlt4Zx+IVXQ97jYg= github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b/go.mod h1:vsD4gTJCa9TptPL8sPkXrLZ+hDuNrZCnj29CQpr4X1E= github.com/jackc/pgtype v0.0.0-20190421001408-4ed0de4755e0/go.mod h1:hdSHsc1V01CGwFsrv11mJRHWJ6aifDLfdV3aVjFF0zg= github.com/jackc/pgtype v0.0.0-20190824184912-ab885b375b90/go.mod h1:KcahbBH1nCMSo2DXpzsoWOAfFkdEtEJpPbVLq8eE+mc= github.com/jackc/pgtype v0.0.0-20190828014616-a8802b16cc59/go.mod h1:MWlu30kVJrUS8lot6TQqcg7mtthZ9T0EoIBFiJcmcyw= github.com/jackc/pgtype v1.8.1-0.20210724151600-32e20a603178/go.mod h1:C516IlIV9NKqfsMCXTdChteoXmwgUceqaLfjg2e3NlM= -github.com/jackc/pgtype v1.9.0 h1:/SH1RxEtltvJgsDqp3TbiTFApD3mey3iygpuEGeuBXk= github.com/jackc/pgtype v1.9.0/go.mod h1:LUMuVrfsFfdKGLw+AFFVv6KtHOFMwRgDDzBt76IqCA4= +github.com/jackc/pgtype v1.12.0 h1:Dlq8Qvcch7kiehm8wPGIW0W3KsCCHJnRacKW0UM8n5w= +github.com/jackc/pgtype v1.12.0/go.mod h1:LUMuVrfsFfdKGLw+AFFVv6KtHOFMwRgDDzBt76IqCA4= github.com/jackc/pgx/v4 v4.0.0-20190420224344-cc3461e65d96/go.mod h1:mdxmSJJuR08CZQyj1PVQBHy9XOp5p8/SHH6a0psbY9Y= github.com/jackc/pgx/v4 v4.0.0-20190421002000-1b8f0016e912/go.mod h1:no/Y67Jkk/9WuGR0JG/JseM9irFbnEPbuWV2EELPNuM= github.com/jackc/pgx/v4 v4.0.0-pre1.0.20190824185557-6972a5742186/go.mod h1:X+GQnOEnf1dqHGpw7JmHqHc1NxDoalibchSk9/RWuDc= github.com/jackc/pgx/v4 v4.12.1-0.20210724153913-640aa07df17c/go.mod h1:1QD0+tgSXP7iUjYm9C1NxKhny7lq6ee99u/z+IHFcgs= -github.com/jackc/pgx/v4 v4.14.0 h1:TgdrmgnM7VY72EuSQzBbBd4JA1RLqJolrw9nQVZABVc= github.com/jackc/pgx/v4 v4.14.0/go.mod h1:jT3ibf/A0ZVCp89rtCIN0zCJxcE74ypROmHEZYsG/j8= +github.com/jackc/pgx/v4 v4.17.2 h1:0Ut0rpeKwvIVbMQ1KbMBU4h6wxehBI535LK6Flheh8E= +github.com/jackc/pgx/v4 v4.17.2/go.mod h1:lcxIZN44yMIrWI78a5CpucdD14hX0SBDbNRvjDBItsw= github.com/jackc/puddle v0.0.0-20190413234325-e4ced69a3a2b/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jackc/puddle v0.0.0-20190608224051-11cab39313c9/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jackc/puddle v1.1.3/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jackc/puddle v1.2.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= +github.com/jackc/puddle v1.3.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= @@ -532,6 +540,7 @@ github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5Fsn github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= +github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= github.com/prometheus/client_golang v1.12.2 h1:51L9cDoUHVrXx4zWYlcLQIZ+d+VXHgqnYKkIuq4g/34= github.com/prometheus/client_golang v1.12.2/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= @@ -546,8 +555,9 @@ github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y8 github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA= github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= -github.com/prometheus/common v0.32.1 h1:hWIdL3N2HoUx3B8j3YN9mWor0qhY/NlEKZEaXxuIRh4= github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= +github.com/prometheus/common v0.33.0 h1:rHgav/0a6+uYgGdNt3jwz8FNSesO/Hsang3O0T9A5SE= +github.com/prometheus/common v0.33.0/go.mod h1:gB3sOl7P0TvJabZpLY5uQMpUqRCPPCyRLCZYc7JZTNE= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= @@ -561,8 +571,10 @@ github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6So github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= -github.com/rs/xid v1.2.1 h1:mhH9Nq+C1fY2l1XIpgxIiUOfNpRBYH1kKcr+qfKgjRc= +github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ= +github.com/rs/xid v1.4.0 h1:qd7wPTDkN6KQx2VmMBLrpHkiyQwgFXRnkOLacUiaSNY= +github.com/rs/xid v1.4.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU= github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThCjNc= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= @@ -582,19 +594,17 @@ github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPx github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= -github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE= -github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/slackhq/nebula v1.5.2 h1:wuIOHsOnrNw3rQx8yPxXiGu8wAtAxxtUI/K8W7Vj7EI= -github.com/slackhq/nebula v1.5.2/go.mod h1:xaCM6wqbFk/NRmmUe1bv88fWBm3a1UioXJVIpR52WlE= +github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0= +github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/slackhq/nebula v1.6.1 h1:/OCTR3abj0Sbf2nGoLUrdDXImrCv0ZVFpVPP5qa0DsM= +github.com/slackhq/nebula v1.6.1/go.mod h1:UmkqnXe4O53QwToSl/gG7sM4BroQwAB7dd4hUaT6MlI= github.com/smallstep/assert v0.0.0-20180720014142-de77670473b5/go.mod h1:TC9A4+RjIOS+HyTH7wG17/gSqVv95uDw2J64dQZx7RE= github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262 h1:unQFBIznI+VYD1/1fApl1A+9VcBk+9dcqGfnePY87LY= github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262/go.mod h1:MyOHs9Po2fbM1LHej6sBUT8ozbxmMOFG+E+rx/GSGuc= -github.com/smallstep/certificates v0.22.1 h1:oAwb9tj+M3sKnlKLqPpJUOsn1HbxKOJ4MVCuvDHHjy8= -github.com/smallstep/certificates v0.22.1/go.mod h1:3R1PxdLOEqbNaWp88WiUByQAHGL+b9NefaQ5q6oTIZo= -github.com/smallstep/cli v0.22.0 h1:Mbb2CkunxAVig7Cr1NymS2NhjeOvkZqLPsfe9ZKMEfk= -github.com/smallstep/cli v0.22.0/go.mod h1:147IhymdB7JJYz1vN7XP2JS1YE+7soYX1yB/1gpZWh8= -github.com/smallstep/nosql v0.4.0 h1:Go3WYwttUuvwqMtFiiU4g7kBIlY+hR0bIZAqVdakQ3M= -github.com/smallstep/nosql v0.4.0/go.mod h1:yKZT5h7cdIVm6wEKM9+jN5dgK80Hljpuy8HNsnI7Gzo= +github.com/smallstep/certificates v0.23.0 h1:f9oRG4Eswnqknnl7ue/xs6twc5sG7JdooOXsGZic6ek= +github.com/smallstep/certificates v0.23.0/go.mod h1:2LD5DhoohKaP8462Lti4Z7EF2xlbe6oTa+n2OR0E1Lo= +github.com/smallstep/nosql v0.5.0 h1:1BPyHy8bha8qSaxgULGEdqhXpNFXimAfudnauFVqmxw= +github.com/smallstep/nosql v0.5.0/go.mod h1:yKZT5h7cdIVm6wEKM9+jN5dgK80Hljpuy8HNsnI7Gzo= github.com/smallstep/truststore v0.12.0 h1:973Aa6fA7Ob/GCxqziosDzkQq6tV0Le6IUe4sikyW+U= github.com/smallstep/truststore v0.12.0/go.mod h1:HwHKRcBi0RUxxw1LYDpTRhYC4jZUuxPpkHdVonlkoDM= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= @@ -627,13 +637,15 @@ github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5J github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= github.com/tailscale/tscert v0.0.0-20220316030059-54bbcb9f74e2 h1:xwMw7LFhV9dbvot9A7NLClP9udqbjrQlIwWMH8e7uiQ= github.com/tailscale/tscert v0.0.0-20220316030059-54bbcb9f74e2/go.mod h1:hL4gB6APAasMR2NNi/JHzqKkxW3EPQlFgLEq9PMi2t0= github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= @@ -641,8 +653,10 @@ github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljT github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= -github.com/urfave/cli v1.22.5 h1:lNq9sAHXK2qfdI8W+GRItjCEkI+2oR4d+MEHy1CKXoU= -github.com/urfave/cli v1.22.5/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= +github.com/urfave/cli v1.22.10 h1:p8Fspmz3iTctJstry1PYS3HVdllxnEzTEsgIgtxTrCk= +github.com/urfave/cli v1.22.10/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= +github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= +github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -692,13 +706,13 @@ go.opentelemetry.io/otel/trace v1.9.0/go.mod h1:2737Q0MuG8q1uILYm2YYVkAyLtOofiTN go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.opentelemetry.io/proto/otlp v0.12.0 h1:CMJ/3Wp7iOWES+CYLfnBv+DVmPbB+kmy9PJ92XvlR6c= go.opentelemetry.io/proto/otlp v0.12.0/go.mod h1:TsIjwGWIx5VFYv9KGVlOpxoBl5Dy+63SUguV7GGvlSQ= -go.step.sm/cli-utils v0.7.4 h1:oI7PStZqlvjPZ0u2EB4lN7yZ4R3ShTotdGL/L84Oorg= -go.step.sm/cli-utils v0.7.4/go.mod h1:taSsY8haLmXoXM3ZkywIyRmVij/4Aj0fQbNTlJvv71I= +go.step.sm/cli-utils v0.7.5 h1:jyp6X8k8mN1B0uWJydTid0C++8tQhm2kaaAdXKQQzdk= +go.step.sm/cli-utils v0.7.5/go.mod h1:taSsY8haLmXoXM3ZkywIyRmVij/4Aj0fQbNTlJvv71I= go.step.sm/crypto v0.9.0/go.mod h1:+CYG05Mek1YDqi5WK0ERc6cOpKly2i/a5aZmU1sfGj0= -go.step.sm/crypto v0.18.0 h1:saD/tMG7uKJmUIPyOyudidVTHPnozTU02CDd+oqwKn0= -go.step.sm/crypto v0.18.0/go.mod h1:qZ+pNU1nV+THwP7TPTNCRMRr9xrRURhETTAK7U5psfw= -go.step.sm/linkedca v0.18.0 h1:uxRBd2WDvJNZ2i0nJm/QmG4lkRxWoebYKJinchX7T7o= -go.step.sm/linkedca v0.18.0/go.mod h1:qSuYlIIhvPmA2+DSSS03E2IXhbXWTLW61Xh9zDQJ3VM= +go.step.sm/crypto v0.23.1 h1:Yr9vlzjGqIKVi88KcpZtEcNTcpDkt1nVR7tumW4h+CU= +go.step.sm/crypto v0.23.1/go.mod h1:djAhDYpNAuWF2LkzbCVcf0JDy1UWgrxR3eQ7pQ8EQ/w= +go.step.sm/linkedca v0.19.0 h1:xuagkR35wrJI2gnu6FAM+q3VmjwsHScvGcJsfZ0GdsI= +go.step.sm/linkedca v0.19.0/go.mod h1:b7vWPrHfYLEOTSUZitFEcztVCpTc+ileIN85CwEAluM= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= @@ -737,8 +751,9 @@ golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20201203163018-be400aefbc4c/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa h1:zuSxTR4o9y82ebqCUJYNGJbGPo6sKVl54f/TVDObg1c= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20221005025214-4161e89ecf1b h1:huxqepDufQpLLIRXiVkTvnxrzJlpwmIWAObmcCcUFr0= +golang.org/x/crypto v0.0.0-20221005025214-4161e89ecf1b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -809,21 +824,24 @@ golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/ golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220630215102-69896b714898/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.0.0-20220812165438-1d4ff48094d1 h1:mx1QvUwXKGgh+3SB51PH4G1TouzL84rLG0CtpdX+TTg= -golang.org/x/net v0.0.0-20220812165438-1d4ff48094d1/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= +golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0= +golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb h1:8tDJ3aechhddbdPAxpycgXHJRMLpk/Ab+aa4OgdN5/g= +golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= +golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783 h1:nt+Q6cXKz4MosCSpnbMtqiQ8Oz0pxTef2B4Vca2lvfk= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -884,7 +902,6 @@ golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -894,26 +911,28 @@ golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211031064116-611d5d643895/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10 h1:WIoqL4EROvwiPdUtaip4VcDdpZ4kha7wBWZrbVKCIZg= -golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U= +golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.1.0 h1:g6Z6vPFA9dYBAF7DWcH6sCcOntplXsDKcliusYijMlw= +golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.3.8-0.20211004125949-5bd84dd9b33b h1:NXqSWXSRUSCaFuvitrWtU169I3876zRTalMRbfd6LL0= -golang.org/x/text v0.3.8-0.20211004125949-5bd84dd9b33b/go.mod h1:EFNZuWvGYxIRUEX+K8UmCFwYmZjqcrnq15ZuVldZkZ0= +golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg= +golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -994,7 +1013,7 @@ google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0M google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= -google.golang.org/api v0.84.0 h1:NMB9J4cCxs9xEm+1Z9QiO3eFvn7EnQj3Eo3hN6ugVlg= +google.golang.org/api v0.102.0 h1:JxJl2qQ85fRMPNvlZY/enexbxpCjLwGhZUtgfGeQ51I= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1034,8 +1053,8 @@ google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7Fc google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20220617124728-180714bec0ad h1:kqrS+lhvaMHCxul6sKQvKJ8nAAhlVItmZV822hYFH/U= -google.golang.org/genproto v0.0.0-20220617124728-180714bec0ad/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= +google.golang.org/genproto v0.0.0-20221027153422-115e99e71e1c h1:QgY/XxIAIeccR+Ca/rDdKubLIU9rcJ3xfy1DC/Wd2Oo= +google.golang.org/genproto v0.0.0-20221027153422-115e99e71e1c/go.mod h1:CGI5F/G+E5bKwmfYo09AXuVN4dD894kIKUFmVbP2/Fo= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM= @@ -1055,11 +1074,10 @@ google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.43.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= -google.golang.org/grpc v1.47.0 h1:9n77onPX5F3qfFCqjy9dhn8PbNQsIKeVU04J9G7umt8= -google.golang.org/grpc v1.47.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= +google.golang.org/grpc v1.50.1 h1:DS/BukOZWp8s6p4Dt/tOaJaTQyPyOoCcrjroHuCeLzY= +google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -1073,13 +1091,13 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw= -google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= +google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= diff --git a/modules/caddypki/ca.go b/modules/caddypki/ca.go index acf8d14d..914eddf8 100644 --- a/modules/caddypki/ca.go +++ b/modules/caddypki/ca.go @@ -121,7 +121,7 @@ func (ca *CA) Provision(ctx caddy.Context, id string, log *zap.Logger) error { // load the certs and key that will be used for signing var rootCert, interCert *x509.Certificate - var rootKey, interKey any + var rootKey, interKey crypto.Signer var err error if ca.Root != nil { if ca.Root.Format == "" || ca.Root.Format == "pem_file" { @@ -239,7 +239,7 @@ func (ca *CA) NewAuthority(authorityConfig AuthorityConfig) (*authority.Authorit return auth, nil } -func (ca CA) loadOrGenRoot() (rootCert *x509.Certificate, rootKey any, err error) { +func (ca CA) loadOrGenRoot() (rootCert *x509.Certificate, rootKey crypto.Signer, err error) { if ca.Root != nil { return ca.Root.Load() } @@ -276,7 +276,7 @@ func (ca CA) loadOrGenRoot() (rootCert *x509.Certificate, rootKey any, err error return rootCert, rootKey, nil } -func (ca CA) genRoot() (rootCert *x509.Certificate, rootKey any, err error) { +func (ca CA) genRoot() (rootCert *x509.Certificate, rootKey crypto.Signer, err error) { repl := ca.newReplacer() rootCert, rootKey, err = generateRoot(repl.ReplaceAll(ca.RootCommonName, "")) @@ -303,7 +303,7 @@ func (ca CA) genRoot() (rootCert *x509.Certificate, rootKey any, err error) { return rootCert, rootKey, nil } -func (ca CA) loadOrGenIntermediate(rootCert *x509.Certificate, rootKey crypto.PrivateKey) (interCert *x509.Certificate, interKey crypto.PrivateKey, err error) { +func (ca CA) loadOrGenIntermediate(rootCert *x509.Certificate, rootKey crypto.Signer) (interCert *x509.Certificate, interKey crypto.Signer, err error) { interCertPEM, err := ca.storage.Load(ca.ctx, ca.storageKeyIntermediateCert()) if err != nil { if !errors.Is(err, fs.ErrNotExist) { @@ -338,7 +338,7 @@ func (ca CA) loadOrGenIntermediate(rootCert *x509.Certificate, rootKey crypto.Pr return interCert, interKey, nil } -func (ca CA) genIntermediate(rootCert *x509.Certificate, rootKey crypto.PrivateKey) (interCert *x509.Certificate, interKey crypto.PrivateKey, err error) { +func (ca CA) genIntermediate(rootCert *x509.Certificate, rootKey crypto.Signer) (interCert *x509.Certificate, interKey crypto.Signer, err error) { repl := ca.newReplacer() interCert, interKey, err = generateIntermediate(repl.ReplaceAll(ca.IntermediateCommonName, ""), rootCert, rootKey) diff --git a/modules/caddypki/certificates.go b/modules/caddypki/certificates.go index 442a0ad6..c3b88a10 100644 --- a/modules/caddypki/certificates.go +++ b/modules/caddypki/certificates.go @@ -19,33 +19,50 @@ import ( "crypto/x509" "time" - "github.com/smallstep/cli/crypto/x509util" + "go.step.sm/crypto/keyutil" + "go.step.sm/crypto/x509util" ) -func generateRoot(commonName string) (rootCrt *x509.Certificate, privateKey any, err error) { - rootProfile, err := x509util.NewRootProfile(commonName) +func generateRoot(commonName string) (*x509.Certificate, crypto.Signer, error) { + template, signer, err := newCert(commonName, x509util.DefaultRootTemplate, defaultRootLifetime) if err != nil { - return + return nil, nil, err } - rootProfile.Subject().NotAfter = time.Now().Add(defaultRootLifetime) // TODO: make configurable - return newCert(rootProfile) + root, err := x509util.CreateCertificate(template, template, signer.Public(), signer) + if err != nil { + return nil, nil, err + } + return root, signer, nil } -func generateIntermediate(commonName string, rootCrt *x509.Certificate, rootKey crypto.PrivateKey) (cert *x509.Certificate, privateKey crypto.PrivateKey, err error) { - interProfile, err := x509util.NewIntermediateProfile(commonName, rootCrt, rootKey) +func generateIntermediate(commonName string, rootCrt *x509.Certificate, rootKey crypto.Signer) (*x509.Certificate, crypto.Signer, error) { + template, signer, err := newCert(commonName, x509util.DefaultIntermediateTemplate, defaultIntermediateLifetime) if err != nil { - return + return nil, nil, err } - interProfile.Subject().NotAfter = time.Now().Add(defaultIntermediateLifetime) // TODO: make configurable - return newCert(interProfile) + intermediate, err := x509util.CreateCertificate(template, rootCrt, signer.Public(), rootKey) + if err != nil { + return nil, nil, err + } + return intermediate, signer, nil } -func newCert(profile x509util.Profile) (cert *x509.Certificate, privateKey crypto.PrivateKey, err error) { - certBytes, err := profile.CreateCertificate() +func newCert(commonName, templateName string, lifetime time.Duration) (cert *x509.Certificate, signer crypto.Signer, err error) { + signer, err = keyutil.GenerateDefaultSigner() if err != nil { - return + return nil, nil, err } - privateKey = profile.SubjectPrivateKey() - cert, err = x509.ParseCertificate(certBytes) - return + csr, err := x509util.CreateCertificateRequest(commonName, []string{}, signer) + if err != nil { + return nil, nil, err + } + template, err := x509util.NewCertificate(csr, x509util.WithTemplate(templateName, x509util.CreateTemplateData(commonName, []string{}))) + if err != nil { + return nil, nil, err + } + + cert = template.GetCertificate() + cert.NotBefore = time.Now().Truncate(time.Second) + cert.NotAfter = cert.NotBefore.Add(lifetime) + return cert, signer, nil } From 762b02789ac0ef79e92de7c58dac19d24a104587 Mon Sep 17 00:00:00 2001 From: bit Date: Thu, 24 Nov 2022 03:49:22 +0000 Subject: [PATCH 0871/1498] admin: set certmagic cache logger (#5173) same way it is set in modules/caddytls/tls.go --- admin.go | 1 + 1 file changed, 1 insertion(+) diff --git a/admin.go b/admin.go index 4b107ad0..d23c7db0 100644 --- a/admin.go +++ b/admin.go @@ -588,6 +588,7 @@ func (ident *IdentityConfig) certmagicConfig(logger *zap.Logger, makeCache bool) GetConfigForCert: func(certmagic.Certificate) (*certmagic.Config, error) { return cmCfg, nil }, + Logger: logger.Named("cache"), }) } cmCfg = certmagic.New(identityCertCache, template) From ae77a56ac8761bfe064904bd7098a952d3221034 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 30 Nov 2022 16:03:31 -0700 Subject: [PATCH 0872/1498] Clarify some docs --- modules/caddyhttp/matchers.go | 15 +++++++++++++++ modules/caddyhttp/reverseproxy/healthchecks.go | 8 ++++---- 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index e39ba3fc..93c7e691 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -123,6 +123,7 @@ type ( // keyed by the query keys, with an array of string values to match for that key. // Query key matches are exact, but wildcards may be used for value matches. Both // keys and values may be placeholders. + // // An example of the structure to match `?key=value&topic=api&query=something` is: // // ```json @@ -135,6 +136,13 @@ type ( // // Invalid query strings, including those with bad escapings or illegal characters // like semicolons, will fail to parse and thus fail to match. + // + // **NOTE:** Notice that query string values are arrays, not singular values. This is + // because repeated keys are valid in query strings, and each one may have a + // different value. This matcher will match for a key if any one of its configured + // values is assigned in the query string. Backend applications relyon on query + // strings MUST take into consideration that query string values are arrays and can + // have multiple values. MatchQuery url.Values // MatchHeader matches requests by header fields. The key is the field @@ -144,6 +152,13 @@ type ( // surrounding the value with the wildcard `*` character, respectively. // If a list is null, the header must not exist. If the list is empty, // the field must simply exist, regardless of its value. + // + // **NOTE:** Notice that header values are arrays, not singular values. This is + // because repeated fields are valid in headers, and each one may have a + // different value. This matcher will match for a field if any one of its configured + // values matches in the header. Backend applications relying on headers MUST take + // into consideration that header field values are arrays and can have multiple + // values. MatchHeader http.Header // MatchHeaderRE matches requests by a regular expression on header fields. diff --git a/modules/caddyhttp/reverseproxy/healthchecks.go b/modules/caddyhttp/reverseproxy/healthchecks.go index cf22d261..e4c732ac 100644 --- a/modules/caddyhttp/reverseproxy/healthchecks.go +++ b/modules/caddyhttp/reverseproxy/healthchecks.go @@ -46,10 +46,10 @@ type HealthChecks struct { // Passive health checks monitor proxied requests for errors or timeouts. // To minimally enable passive health checks, specify at least an empty - // config object. Passive health check state is shared (stored globally), - // so a failure from one handler will be counted by all handlers; but - // the tolerances or standards for what defines healthy/unhealthy backends - // is configured per-proxy-handler. + // config object with fail_duration > 0. Passive health check state is + // shared (stored globally), so a failure from one handler will be counted + // by all handlers; but the tolerances or standards for what defines + // healthy/unhealthy backends is configured per-proxy-handler. // // Passive health checks technically do operate on dynamic upstreams, // but are only effective for very busy proxies where the list of From d4a7d89f564234e44012a763cc28c5a3991bd98e Mon Sep 17 00:00:00 2001 From: Alban Lecocq Date: Mon, 5 Dec 2022 19:28:12 +0100 Subject: [PATCH 0873/1498] reverseproxy: Improve hostByHashing distribution (#5229) * If upstreams are all using same host but with different ports ie: foobar:4001 foobar:4002 foobar:4003 ... Because fnv-1a has not a good enough avalanche effect Then the hostByHashing result is not well balanced over all upstreams As last byte FNV input tend to affect few bits, the idea is to change the concatenation order between the key and the upstream strings So the upstream last byte have more impact on hash diffusion --- .../reverseproxy/selectionpolicies.go | 2 +- .../reverseproxy/selectionpolicies_test.go | 44 +++++++++---------- 2 files changed, 23 insertions(+), 23 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/selectionpolicies.go b/modules/caddyhttp/reverseproxy/selectionpolicies.go index 2de830c1..0b7f50cd 100644 --- a/modules/caddyhttp/reverseproxy/selectionpolicies.go +++ b/modules/caddyhttp/reverseproxy/selectionpolicies.go @@ -528,7 +528,7 @@ func hostByHashing(pool []*Upstream, s string) *Upstream { if !up.Available() { continue } - h := hash(s + up.String()) // important to hash key and server together + h := hash(up.String() + s) // important to hash key and server together if h > highestHash { highestHash = h upstream = up diff --git a/modules/caddyhttp/reverseproxy/selectionpolicies_test.go b/modules/caddyhttp/reverseproxy/selectionpolicies_test.go index aa001e42..546a60d6 100644 --- a/modules/caddyhttp/reverseproxy/selectionpolicies_test.go +++ b/modules/caddyhttp/reverseproxy/selectionpolicies_test.go @@ -95,18 +95,18 @@ func TestIPHashPolicy(t *testing.T) { // We should be able to predict where every request is routed. req.RemoteAddr = "172.0.0.1:80" h := ipHash.Select(pool, req, nil) - if h != pool[0] { - t.Error("Expected ip hash policy host to be the first host.") + if h != pool[1] { + t.Error("Expected ip hash policy host to be the second host.") } req.RemoteAddr = "172.0.0.2:80" h = ipHash.Select(pool, req, nil) - if h != pool[0] { - t.Error("Expected ip hash policy host to be the first host.") + if h != pool[1] { + t.Error("Expected ip hash policy host to be the second host.") } req.RemoteAddr = "172.0.0.3:80" h = ipHash.Select(pool, req, nil) - if h != pool[2] { - t.Error("Expected ip hash policy host to be the third host.") + if h != pool[1] { + t.Error("Expected ip hash policy host to be the second host.") } req.RemoteAddr = "172.0.0.4:80" h = ipHash.Select(pool, req, nil) @@ -117,18 +117,18 @@ func TestIPHashPolicy(t *testing.T) { // we should get the same results without a port req.RemoteAddr = "172.0.0.1" h = ipHash.Select(pool, req, nil) - if h != pool[0] { - t.Error("Expected ip hash policy host to be the first host.") + if h != pool[1] { + t.Error("Expected ip hash policy host to be the second host.") } req.RemoteAddr = "172.0.0.2" h = ipHash.Select(pool, req, nil) - if h != pool[0] { - t.Error("Expected ip hash policy host to be the first host.") + if h != pool[1] { + t.Error("Expected ip hash policy host to be the second host.") } req.RemoteAddr = "172.0.0.3" h = ipHash.Select(pool, req, nil) - if h != pool[2] { - t.Error("Expected ip hash policy host to be the third host.") + if h != pool[1] { + t.Error("Expected ip hash policy host to be the second host.") } req.RemoteAddr = "172.0.0.4" h = ipHash.Select(pool, req, nil) @@ -141,8 +141,8 @@ func TestIPHashPolicy(t *testing.T) { req.RemoteAddr = "172.0.0.4" pool[1].setHealthy(false) h = ipHash.Select(pool, req, nil) - if h != pool[2] { - t.Error("Expected ip hash policy host to be the third host.") + if h != pool[0] { + t.Error("Expected ip hash policy host to be the first host.") } req.RemoteAddr = "172.0.0.2" @@ -172,8 +172,8 @@ func TestIPHashPolicy(t *testing.T) { } req.RemoteAddr = "172.0.0.1:80" h = ipHash.Select(pool, req, nil) - if h != pool[1] { - t.Error("Expected ip hash policy host to be the second host.") + if h != pool[0] { + t.Error("Expected ip hash policy host to be the first host.") } req.RemoteAddr = "172.0.0.2:80" h = ipHash.Select(pool, req, nil) @@ -182,8 +182,8 @@ func TestIPHashPolicy(t *testing.T) { } req.RemoteAddr = "172.0.0.3:80" h = ipHash.Select(pool, req, nil) - if h != pool[1] { - t.Error("Expected ip hash policy host to be the second host.") + if h != pool[0] { + t.Error("Expected ip hash policy host to be the first host.") } req.RemoteAddr = "172.0.0.4:80" h = ipHash.Select(pool, req, nil) @@ -252,8 +252,8 @@ func TestURIHashPolicy(t *testing.T) { request := httptest.NewRequest(http.MethodGet, "/test", nil) h := uriPolicy.Select(pool, request, nil) - if h != pool[2] { - t.Error("Expected uri policy host to be the third host.") + if h != pool[1] { + t.Error("Expected uri policy host to be the second host.") } pool[2].setHealthy(false) @@ -264,8 +264,8 @@ func TestURIHashPolicy(t *testing.T) { request = httptest.NewRequest(http.MethodGet, "/test_2", nil) h = uriPolicy.Select(pool, request, nil) - if h != pool[1] { - t.Error("Expected uri policy host to be the second host.") + if h != pool[0] { + t.Error("Expected uri policy host to be the first host.") } // We should be able to resize the host pool and still be able to predict From fef9cb3e05ea071cdfd9ed1a6be5c8dcabf6603e Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Mon, 5 Dec 2022 21:49:41 +0300 Subject: [PATCH 0874/1498] caddytest: internalize init config into '.go' file (#5230) --- caddytest/caddytest.go | 23 ++++++++++++++++++++--- caddytest/integration/test.init.config | 3 --- 2 files changed, 20 insertions(+), 6 deletions(-) delete mode 100644 caddytest/integration/test.init.config diff --git a/caddytest/caddytest.go b/caddytest/caddytest.go index 868b4274..0958e6c9 100644 --- a/caddytest/caddytest.go +++ b/caddytest/caddytest.go @@ -114,7 +114,7 @@ func (tc *Tester) initServer(rawConfig string, configType string) error { return nil } - err := validateTestPrerequisites() + err := validateTestPrerequisites(tc.t) if err != nil { tc.t.Skipf("skipping tests as failed integration prerequisites. %s", err) return nil @@ -224,9 +224,14 @@ func (tc *Tester) ensureConfigRunning(rawConfig string, configType string) error return errors.New("EnsureConfigRunning: POSTed configuration isn't active") } +const initConfig = `{ + admin localhost:2999 +} +` + // validateTestPrerequisites ensures the certificates are available in the // designated path and Caddy sub-process is running. -func validateTestPrerequisites() error { +func validateTestPrerequisites(t *testing.T) error { // check certificates are found for _, certName := range Default.Certifcates { @@ -236,8 +241,20 @@ func validateTestPrerequisites() error { } if isCaddyAdminRunning() != nil { + // setup the init config file, and set the cleanup afterwards + f, err := os.CreateTemp("", "") + if err != nil { + return err + } + t.Cleanup(func() { + os.Remove(f.Name()) + }) + if _, err := f.WriteString(initConfig); err != nil { + return err + } + // start inprocess caddy server - os.Args = []string{"caddy", "run", "--config", "./test.init.config", "--adapter", "caddyfile"} + os.Args = []string{"caddy", "run", "--config", f.Name(), "--adapter", "caddyfile"} go func() { caddycmd.Main() }() diff --git a/caddytest/integration/test.init.config b/caddytest/integration/test.init.config deleted file mode 100644 index 9119ebcb..00000000 --- a/caddytest/integration/test.init.config +++ /dev/null @@ -1,3 +0,0 @@ -{ - admin localhost:2999 -} From bfaf2a8201b83d7369772cb6f2439abe66d9342a Mon Sep 17 00:00:00 2001 From: Kyle McCullough Date: Mon, 5 Dec 2022 23:12:26 -0800 Subject: [PATCH 0875/1498] acme_server: Configurable default lifetime for issued certificates (#5232) * acme_server: add certificate lifetime configuration option Signed-off-by: Kyle McCullough * pki: allow intermediate cert lifetime to be configured Signed-off-by: Kyle McCullough Signed-off-by: Kyle McCullough --- caddyconfig/httpcaddyfile/pkiapp.go | 18 ++- .../caddyfile_adapt/acme_server_lifetime.txt | 108 ++++++++++++++++++ .../global_options_skip_install_trust.txt | 2 +- caddytest/integration/pki_test.go | 101 ++++++++++++++++ modules/caddypki/acmeserver/acmeserver.go | 14 ++- modules/caddypki/acmeserver/caddyfile.go | 19 +++ modules/caddypki/ca.go | 10 +- modules/caddypki/certificates.go | 4 +- 8 files changed, 268 insertions(+), 8 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/acme_server_lifetime.txt create mode 100644 caddytest/integration/pki_test.go diff --git a/caddyconfig/httpcaddyfile/pkiapp.go b/caddyconfig/httpcaddyfile/pkiapp.go index a67ac992..3414636e 100644 --- a/caddyconfig/httpcaddyfile/pkiapp.go +++ b/caddyconfig/httpcaddyfile/pkiapp.go @@ -15,6 +15,7 @@ package httpcaddyfile import ( + "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/caddyconfig" "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" "github.com/caddyserver/caddy/v2/modules/caddypki" @@ -28,9 +29,10 @@ func init() { // // pki { // ca [] { -// name -// root_cn -// intermediate_cn +// name +// root_cn +// intermediate_cn +// intermediate_lifetime // root { // cert // key @@ -83,6 +85,16 @@ func parsePKIApp(d *caddyfile.Dispenser, existingVal any) (any, error) { } pkiCa.IntermediateCommonName = d.Val() + case "intermediate_lifetime": + if !d.NextArg() { + return nil, d.ArgErr() + } + dur, err := caddy.ParseDuration(d.Val()) + if err != nil { + return nil, err + } + pkiCa.IntermediateLifetime = caddy.Duration(dur) + case "root": if pkiCa.Root == nil { pkiCa.Root = new(caddypki.KeyPair) diff --git a/caddytest/integration/caddyfile_adapt/acme_server_lifetime.txt b/caddytest/integration/caddyfile_adapt/acme_server_lifetime.txt new file mode 100644 index 00000000..6099440a --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/acme_server_lifetime.txt @@ -0,0 +1,108 @@ +{ + pki { + ca internal { + name "Internal" + root_cn "Internal Root Cert" + intermediate_cn "Internal Intermediate Cert" + } + ca internal-long-lived { + name "Long-lived" + root_cn "Internal Root Cert 2" + intermediate_cn "Internal Intermediate Cert 2" + } + } +} + +acme-internal.example.com { + acme_server { + ca internal + } +} + +acme-long-lived.example.com { + acme_server { + ca internal-long-lived + lifetime 7d + } +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "acme-long-lived.example.com" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "ca": "internal-long-lived", + "handler": "acme_server", + "lifetime": 604800000000000 + } + ] + } + ] + } + ], + "terminal": true + }, + { + "match": [ + { + "host": [ + "acme-internal.example.com" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "ca": "internal", + "handler": "acme_server" + } + ] + } + ] + } + ], + "terminal": true + } + ] + } + } + }, + "pki": { + "certificate_authorities": { + "internal": { + "name": "Internal", + "root_common_name": "Internal Root Cert", + "intermediate_common_name": "Internal Intermediate Cert" + }, + "internal-long-lived": { + "name": "Long-lived", + "root_common_name": "Internal Root Cert 2", + "intermediate_common_name": "Internal Intermediate Cert 2" + } + } + } + } +} diff --git a/caddytest/integration/caddyfile_adapt/global_options_skip_install_trust.txt b/caddytest/integration/caddyfile_adapt/global_options_skip_install_trust.txt index 8116a4b3..3a175a0d 100644 --- a/caddytest/integration/caddyfile_adapt/global_options_skip_install_trust.txt +++ b/caddytest/integration/caddyfile_adapt/global_options_skip_install_trust.txt @@ -165,4 +165,4 @@ acme-bar.example.com { } } } -} \ No newline at end of file +} diff --git a/caddytest/integration/pki_test.go b/caddytest/integration/pki_test.go new file mode 100644 index 00000000..5e9928c0 --- /dev/null +++ b/caddytest/integration/pki_test.go @@ -0,0 +1,101 @@ +package integration + +import ( + "testing" + + "github.com/caddyserver/caddy/v2/caddytest" +) + +func TestLeafCertLifetimeLessThanIntermediate(t *testing.T) { + caddytest.AssertLoadError(t, ` + { + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "ca": "internal", + "handler": "acme_server", + "lifetime": 604800000000000 + } + ] + } + ] + } + ] + } + ] + } + } + }, + "pki": { + "certificate_authorities": { + "internal": { + "install_trust": false, + "intermediate_lifetime": 604800000000000, + "name": "Internal CA" + } + } + } + } + } + `, "json", "certificate lifetime (168h0m0s) should be less than intermediate certificate lifetime (168h0m0s)") +} + +func TestIntermediateLifetimeLessThanRoot(t *testing.T) { + caddytest.AssertLoadError(t, ` + { + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "ca": "internal", + "handler": "acme_server", + "lifetime": 2592000000000000 + } + ] + } + ] + } + ] + } + ] + } + } + }, + "pki": { + "certificate_authorities": { + "internal": { + "install_trust": false, + "intermediate_lifetime": 311040000000000000, + "name": "Internal CA" + } + } + } + } + } + `, "json", "intermediate certificate lifetime must be less than root certificate lifetime (86400h0m0s)") +} diff --git a/modules/caddypki/acmeserver/acmeserver.go b/modules/caddypki/acmeserver/acmeserver.go index 921d0b87..6ecdfdc6 100644 --- a/modules/caddypki/acmeserver/acmeserver.go +++ b/modules/caddypki/acmeserver/acmeserver.go @@ -48,6 +48,9 @@ type Handler struct { // the default ID is "local". CA string `json:"ca,omitempty"` + // The lifetime for issued certificates + Lifetime caddy.Duration `json:"lifetime,omitempty"` + // The hostname or IP address by which ACME clients // will access the server. This is used to populate // the ACME directory endpoint. If not set, the Host @@ -95,6 +98,9 @@ func (ash *Handler) Provision(ctx caddy.Context) error { if ash.PathPrefix == "" { ash.PathPrefix = defaultPathPrefix } + if ash.Lifetime == 0 { + ash.Lifetime = caddy.Duration(12 * time.Hour) + } // get a reference to the configured CA appModule, err := ctx.App("pki") @@ -107,6 +113,12 @@ func (ash *Handler) Provision(ctx caddy.Context) error { return err } + // make sure leaf cert lifetime is less than the intermediate cert lifetime. this check only + // applies for caddy-managed intermediate certificates + if ca.Intermediate == nil && ash.Lifetime >= ca.IntermediateLifetime { + return fmt.Errorf("certificate lifetime (%s) should be less than intermediate certificate lifetime (%s)", time.Duration(ash.Lifetime), time.Duration(ca.IntermediateLifetime)) + } + database, err := ash.openDatabase() if err != nil { return err @@ -122,7 +134,7 @@ func (ash *Handler) Provision(ctx caddy.Context) error { Claims: &provisioner.Claims{ MinTLSDur: &provisioner.Duration{Duration: 5 * time.Minute}, MaxTLSDur: &provisioner.Duration{Duration: 24 * time.Hour * 365}, - DefaultTLSDur: &provisioner.Duration{Duration: 12 * time.Hour}, + DefaultTLSDur: &provisioner.Duration{Duration: time.Duration(ash.Lifetime)}, }, }, }, diff --git a/modules/caddypki/acmeserver/caddyfile.go b/modules/caddypki/acmeserver/caddyfile.go index fe12712b..ae2d8ef1 100644 --- a/modules/caddypki/acmeserver/caddyfile.go +++ b/modules/caddypki/acmeserver/caddyfile.go @@ -15,6 +15,9 @@ package acmeserver import ( + "time" + + "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/caddyconfig/httpcaddyfile" "github.com/caddyserver/caddy/v2/modules/caddypki" ) @@ -27,6 +30,7 @@ func init() { // // acme_server [] { // ca +// lifetime // } func parseACMEServer(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error) { if !h.Next() { @@ -55,6 +59,21 @@ func parseACMEServer(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error ca = new(caddypki.CA) } ca.ID = acmeServer.CA + case "lifetime": + if !h.NextArg() { + return nil, h.ArgErr() + } + + dur, err := caddy.ParseDuration(h.Val()) + if err != nil { + return nil, err + } + + if d := time.Duration(ca.IntermediateLifetime); d > 0 && dur > d { + return nil, h.Errf("certificate lifetime (%s) exceeds intermediate certificate lifetime (%s)", dur, d) + } + + acmeServer.Lifetime = caddy.Duration(dur) } } } diff --git a/modules/caddypki/ca.go b/modules/caddypki/ca.go index 914eddf8..1ba08900 100644 --- a/modules/caddypki/ca.go +++ b/modules/caddypki/ca.go @@ -48,6 +48,9 @@ type CA struct { // intermediate certificates. IntermediateCommonName string `json:"intermediate_common_name,omitempty"` + // The lifetime for the intermediate certificates + IntermediateLifetime caddy.Duration `json:"intermediate_lifetime,omitempty"` + // Whether Caddy will attempt to install the CA's root // into the system trust store, as well as into Java // and Mozilla Firefox trust stores. Default: true. @@ -118,6 +121,11 @@ func (ca *CA) Provision(ctx caddy.Context, id string, log *zap.Logger) error { if ca.IntermediateCommonName == "" { ca.IntermediateCommonName = defaultIntermediateCommonName } + if ca.IntermediateLifetime == 0 { + ca.IntermediateLifetime = caddy.Duration(defaultIntermediateLifetime) + } else if time.Duration(ca.IntermediateLifetime) >= defaultRootLifetime { + return fmt.Errorf("intermediate certificate lifetime must be less than root certificate lifetime (%s)", defaultRootLifetime) + } // load the certs and key that will be used for signing var rootCert, interCert *x509.Certificate @@ -341,7 +349,7 @@ func (ca CA) loadOrGenIntermediate(rootCert *x509.Certificate, rootKey crypto.Si func (ca CA) genIntermediate(rootCert *x509.Certificate, rootKey crypto.Signer) (interCert *x509.Certificate, interKey crypto.Signer, err error) { repl := ca.newReplacer() - interCert, interKey, err = generateIntermediate(repl.ReplaceAll(ca.IntermediateCommonName, ""), rootCert, rootKey) + interCert, interKey, err = generateIntermediate(repl.ReplaceAll(ca.IntermediateCommonName, ""), rootCert, rootKey, time.Duration(ca.IntermediateLifetime)) if err != nil { return nil, nil, fmt.Errorf("generating CA intermediate: %v", err) } diff --git a/modules/caddypki/certificates.go b/modules/caddypki/certificates.go index c3b88a10..e3004293 100644 --- a/modules/caddypki/certificates.go +++ b/modules/caddypki/certificates.go @@ -35,8 +35,8 @@ func generateRoot(commonName string) (*x509.Certificate, crypto.Signer, error) { return root, signer, nil } -func generateIntermediate(commonName string, rootCrt *x509.Certificate, rootKey crypto.Signer) (*x509.Certificate, crypto.Signer, error) { - template, signer, err := newCert(commonName, x509util.DefaultIntermediateTemplate, defaultIntermediateLifetime) +func generateIntermediate(commonName string, rootCrt *x509.Certificate, rootKey crypto.Signer, lifetime time.Duration) (*x509.Certificate, crypto.Signer, error) { + template, signer, err := newCert(commonName, x509util.DefaultIntermediateTemplate, lifetime) if err != nil { return nil, nil, err } From fac35db9dcbf23af7ffad885bf072e3fbbaa7e71 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 8 Dec 2022 08:55:04 -0700 Subject: [PATCH 0876/1498] go.mod: Update quic-go to v0.31.0 And fix a comment typo --- go.mod | 4 ++-- go.sum | 8 ++++---- modules/caddyhttp/matchers.go | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/go.mod b/go.mod index 00119b97..b152fa81 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/google/uuid v1.3.0 github.com/klauspost/compress v1.15.11 github.com/klauspost/cpuid/v2 v2.1.2 - github.com/lucas-clemente/quic-go v0.30.0 + github.com/lucas-clemente/quic-go v0.31.0 github.com/mholt/acmez v1.0.4 github.com/prometheus/client_golang v1.12.2 github.com/smallstep/certificates v0.23.0 @@ -127,7 +127,7 @@ require ( go.uber.org/atomic v1.9.0 // indirect go.uber.org/multierr v1.6.0 // indirect golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect - golang.org/x/sys v0.1.0 + golang.org/x/sys v0.1.1-0.20221102194838-fc697a31fa06 golang.org/x/text v0.4.0 // indirect golang.org/x/tools v0.1.12 // indirect google.golang.org/grpc v1.50.1 // indirect diff --git a/go.sum b/go.sum index 33b3aca3..acc31e9a 100644 --- a/go.sum +++ b/go.sum @@ -432,8 +432,8 @@ github.com/libdns/libdns v0.2.1 h1:Wu59T7wSHRgtA0cfxC+n1c/e+O3upJGWytknkmFEDis= github.com/libdns/libdns v0.2.1/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40= github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= -github.com/lucas-clemente/quic-go v0.30.0 h1:nwLW0h8ahVQ5EPTIM7uhl/stHqQDea15oRlYKZmw2O0= -github.com/lucas-clemente/quic-go v0.30.0/go.mod h1:ssOrRsOmdxa768Wr78vnh2B8JozgLsMzG/g+0qEC7uk= +github.com/lucas-clemente/quic-go v0.31.0 h1:MfNp3fk0wjWRajw6quMFA3ap1AVtlU+2mtwmbVogB2M= +github.com/lucas-clemente/quic-go v0.31.0/go.mod h1:0wFbizLgYzqHqtlyxyCaJKlE7bYgE6JQ+54TLd/Dq2g= github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/manifoldco/promptui v0.9.0 h1:3V4HzJk1TtXW1MTZMP7mdlwbBpIinw3HztaIlYthEiA= @@ -916,8 +916,8 @@ golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U= -golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.1.1-0.20221102194838-fc697a31fa06 h1:E1pm64FqQa4v8dHd/bAneyMkR4hk8LTJhoSlc5mc1cM= +golang.org/x/sys v0.1.1-0.20221102194838-fc697a31fa06/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index 93c7e691..400c1543 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -140,7 +140,7 @@ type ( // **NOTE:** Notice that query string values are arrays, not singular values. This is // because repeated keys are valid in query strings, and each one may have a // different value. This matcher will match for a key if any one of its configured - // values is assigned in the query string. Backend applications relyon on query + // values is assigned in the query string. Backend applications relying on query // strings MUST take into consideration that query string values are arrays and can // have multiple values. MatchQuery url.Values From e10ed7b00d30cc91662949671f0051cd16da9222 Mon Sep 17 00:00:00 2001 From: IndeedNotJames Date: Mon, 12 Dec 2022 18:18:30 +0100 Subject: [PATCH 0877/1498] readme: darker variants of logos in dark mode (#5248) --- README.md | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 715eb135..4ca992de 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,11 @@

- Caddy + + + + + Caddy + +

a project

@@ -40,7 +46,13 @@

Powered by
- CertMagic + + + + + CertMagic + +

@@ -78,7 +90,7 @@ Requirements: - [Go 1.18 or newer](https://golang.org/dl/) ### For development - + _**Note:** These steps [will not embed proper version information](https://github.com/golang/go/issues/29228). For that, please follow the instructions in the next section._ ```bash @@ -185,4 +197,4 @@ Matthew Holt began developing Caddy in 2014 while studying computer science at B Caddy is a project of [ZeroSSL](https://zerossl.com), a Stack Holdings company. -Debian package repository hosting is graciously provided by [Cloudsmith](https://cloudsmith.com). Cloudsmith is the only fully hosted, cloud-native, universal package management solution, that enables your organization to create, store and share packages in any format, to any place, with total confidence. \ No newline at end of file +Debian package repository hosting is graciously provided by [Cloudsmith](https://cloudsmith.com). Cloudsmith is the only fully hosted, cloud-native, universal package management solution, that enables your organization to create, store and share packages in any format, to any place, with total confidence. From 4fe5e64e461a9c22a8f2a275a1c715f25a6ca381 Mon Sep 17 00:00:00 2001 From: Emily Lange Date: Mon, 19 Dec 2022 21:01:30 +0100 Subject: [PATCH 0878/1498] readme: white ZeroSSL text color in dark mode (#5259) * readme: white ZeroSSL text color in dark mode * fix: keep `valign` for GitHub mobile app --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4ca992de..c0c9cffc 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@
-

a project

+

a project

Every site on HTTPS

From c3b5b1811c119b896c5f70e3275ca835e7df5460 Mon Sep 17 00:00:00 2001 From: Lukas Vogel Date: Mon, 19 Dec 2022 22:23:45 +0100 Subject: [PATCH 0879/1498] cmd: Avoid panic when printing version without build info (#5210) * version: don't panic if read build info doesn't work If `debug.ReadBuildInfo()` doesn't return the build information we should not try to access it. Especially if users only want to build with the `CustomVersion` we should not assume access to `debug.ReadBuildInfo()`. The build environment where this isn't available for me is when building with bazel. * exit early --- caddy.go | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/caddy.go b/caddy.go index 1ecad94e..5d0152a7 100644 --- a/caddy.go +++ b/caddy.go @@ -864,13 +864,21 @@ func Version() (simple, full string) { // bi.Main... hopefully. var module *debug.Module bi, ok := debug.ReadBuildInfo() - if ok { - // find the Caddy module in the dependency list - for _, dep := range bi.Deps { - if dep.Path == ImportPath { - module = dep - break - } + if !ok { + if CustomVersion != "" { + full = CustomVersion + simple = CustomVersion + return + } + full = "unknown" + simple = "unknown" + return + } + // find the Caddy module in the dependency list + for _, dep := range bi.Deps { + if dep.Path == ImportPath { + module = dep + break } } if module != nil { From d3d76d6ac227e5ef1829c4e2da194f055e98ce43 Mon Sep 17 00:00:00 2001 From: John Losito Date: Mon, 19 Dec 2022 16:57:56 -0500 Subject: [PATCH 0880/1498] ci: Check for github action updates monthly (#5258) --- .github/dependabot.yml | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..64284b90 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,7 @@ +--- +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "monthly" From cd49847edb7cf511d868b89e8fb82137bf681311 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 Dec 2022 18:44:54 -0500 Subject: [PATCH 0881/1498] build(deps): bump peter-evans/repository-dispatch from 1 to 2 (#5261) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release_published.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release_published.yml b/.github/workflows/release_published.yml index b75358bd..7736e852 100644 --- a/.github/workflows/release_published.yml +++ b/.github/workflows/release_published.yml @@ -17,7 +17,7 @@ jobs: # See https://github.com/peter-evans/repository-dispatch - name: Trigger event on caddyserver/dist - uses: peter-evans/repository-dispatch@v1 + uses: peter-evans/repository-dispatch@v2 with: token: ${{ secrets.REPO_DISPATCH_TOKEN }} repository: caddyserver/dist @@ -25,7 +25,7 @@ jobs: client-payload: '{"tag": "${{ github.event.release.tag_name }}"}' - name: Trigger event on caddyserver/caddy-docker - uses: peter-evans/repository-dispatch@v1 + uses: peter-evans/repository-dispatch@v2 with: token: ${{ secrets.REPO_DISPATCH_TOKEN }} repository: caddyserver/caddy-docker From 329af5ced96b76734a2d60e5d04a577570dd07cb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 Dec 2022 18:56:52 -0500 Subject: [PATCH 0882/1498] build(deps): bump actions/cache from 2 to 3 (#5263) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 2 +- .github/workflows/cross-build.yml | 2 +- .github/workflows/release.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ca0f02d9..1e2de702 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -80,7 +80,7 @@ jobs: echo "::set-output name=short_sha::$(git rev-parse --short HEAD)" - name: Cache the build cache - uses: actions/cache@v2 + uses: actions/cache@v3 with: # In order: # * Module download cache diff --git a/.github/workflows/cross-build.yml b/.github/workflows/cross-build.yml index 653102c6..e8d07980 100644 --- a/.github/workflows/cross-build.yml +++ b/.github/workflows/cross-build.yml @@ -44,7 +44,7 @@ jobs: env - name: Cache the build cache - uses: actions/cache@v2 + uses: actions/cache@v3 with: # In order: # * Module download cache diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 456925a1..9128ebfc 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -95,7 +95,7 @@ jobs: git verify-tag "${{ steps.vars.outputs.version_tag }}" || exit 1 - name: Cache the build cache - uses: actions/cache@v2 + uses: actions/cache@v3 with: # In order: # * Module download cache From 3b724a2082586795448e3859c1f43c0f6cf0fe6d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 Dec 2022 19:14:43 -0500 Subject: [PATCH 0883/1498] build(deps): bump actions/upload-artifact from 1 to 3 (#5262) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1e2de702..ad22711a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -109,7 +109,7 @@ jobs: go build -trimpath -ldflags="-w -s" -v - name: Publish Build Artifact - uses: actions/upload-artifact@v1 + uses: actions/upload-artifact@v3 with: name: caddy_${{ runner.os }}_go${{ matrix.go }}_${{ steps.vars.outputs.short_sha }} path: ${{ matrix.CADDY_BIN_PATH }} From af93517c2d0e6ad11f8803b59768f0f9d0e11fe1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 Dec 2022 19:47:33 -0500 Subject: [PATCH 0884/1498] build(deps): bump goreleaser/goreleaser-action from 2 to 4 (#5264) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 2 +- .github/workflows/release.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ad22711a..96277520 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -175,7 +175,7 @@ jobs: - name: checkout uses: actions/checkout@v3 - - uses: goreleaser/goreleaser-action@v2 + - uses: goreleaser/goreleaser-action@v4 with: version: latest args: check diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9128ebfc..63e882f8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -116,7 +116,7 @@ jobs: run: syft version # GoReleaser will take care of publishing those artifacts into the release - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v2 + uses: goreleaser/goreleaser-action@v4 with: version: latest args: release --rm-dist --timeout 60m From dac7cacd4df35e96a4d8c7d09b925bb432509884 Mon Sep 17 00:00:00 2001 From: darkweak Date: Tue, 20 Dec 2022 21:26:53 +0100 Subject: [PATCH 0885/1498] encode: Respect Cache-Control no-transform (#5257) * encode: respect Cache-Control HTTP header no-transform * encode: switch to strings.Contains --- modules/caddyhttp/encode/encode.go | 20 +++++++---- modules/caddyhttp/encode/encode_test.go | 47 +++++++++++++++++++++++++ 2 files changed, 60 insertions(+), 7 deletions(-) diff --git a/modules/caddyhttp/encode/encode.go b/modules/caddyhttp/encode/encode.go index 91e7060a..e3a6267d 100644 --- a/modules/caddyhttp/encode/encode.go +++ b/modules/caddyhttp/encode/encode.go @@ -117,14 +117,20 @@ func (enc *Encode) Validate() error { return nil } +func isEncodeAllowed(h http.Header) bool { + return !strings.Contains(h.Get("Cache-Control"), "no-transform") +} + func (enc *Encode) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhttp.Handler) error { - for _, encName := range AcceptedEncodings(r, enc.Prefer) { - if _, ok := enc.writerPools[encName]; !ok { - continue // encoding not offered + if isEncodeAllowed(r.Header) { + for _, encName := range AcceptedEncodings(r, enc.Prefer) { + if _, ok := enc.writerPools[encName]; !ok { + continue // encoding not offered + } + w = enc.openResponseWriter(encName, w) + defer w.(*responseWriter).Close() + break } - w = enc.openResponseWriter(encName, w) - defer w.(*responseWriter).Close() - break } return next.ServeHTTP(w, r) } @@ -281,7 +287,7 @@ func (rw *responseWriter) Close() error { // init should be called before we write a response, if rw.buf has contents. func (rw *responseWriter) init() { - if rw.Header().Get("Content-Encoding") == "" && + if rw.Header().Get("Content-Encoding") == "" && isEncodeAllowed(rw.Header()) && rw.config.Match(rw) { rw.w = rw.config.writerPools[rw.encodingName].Get().(Encoder) diff --git a/modules/caddyhttp/encode/encode_test.go b/modules/caddyhttp/encode/encode_test.go index 5f1e3f2a..3374ee3b 100644 --- a/modules/caddyhttp/encode/encode_test.go +++ b/modules/caddyhttp/encode/encode_test.go @@ -261,3 +261,50 @@ func TestValidate(t *testing.T) { } } + +func TestIsEncodeAllowed(t *testing.T) { + testCases := []struct { + name string + headers http.Header + expected bool + }{ + { + name: "Without any headers", + headers: http.Header{}, + expected: true, + }, + { + name: "Without Cache-Control HTTP header", + headers: http.Header{ + "Accept-Encoding": {"gzip"}, + }, + expected: true, + }, + { + name: "Cache-Control HTTP header ending with no-transform directive", + headers: http.Header{ + "Accept-Encoding": {"gzip"}, + "Cache-Control": {"no-cache; no-transform"}, + }, + expected: false, + }, + { + name: "With Cache-Control HTTP header no-transform as Cache-Extension value", + headers: http.Header{ + "Accept-Encoding": {"gzip"}, + "Cache-Control": {`no-store; no-cache; community="no-transform"`}, + }, + expected: false, + }, + } + + for _, test := range testCases { + t.Run(test.name, func(t *testing.T) { + if result := isEncodeAllowed(test.headers); result != test.expected { + t.Errorf("The headers given to the isEncodeAllowed should return %t, %t given.", + result, + test.expected) + } + }) + } +} From b166b9008344786e7cfe5715b7e8a4cd3ec1bd76 Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Thu, 22 Dec 2022 22:13:47 +0300 Subject: [PATCH 0886/1498] ci: exclude dependbot from running tests on s390x machine (#5266) --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 96277520..bc6366f2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -143,7 +143,7 @@ jobs: s390x-test: name: test (s390x on IBM Z) runs-on: ubuntu-latest - if: github.event.pull_request.head.repo.full_name == github.repository + if: github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]' continue-on-error: true # August 2020: s390x VM is down due to weather and power issues steps: - name: Checkout code into the Go module directory From 4e54e48409bb3716f6b10d54a7e8fafd6be898dc Mon Sep 17 00:00:00 2001 From: TAKAHASHI Shuuji Date: Thu, 29 Dec 2022 02:05:42 +0900 Subject: [PATCH 0887/1498] ci: Update GitHub Actions to avoid `set-output` deprecation (#5271) --- .github/workflows/ci.yml | 6 +++--- .github/workflows/release.yml | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index bc6366f2..40b8d0ba 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -64,7 +64,7 @@ jobs: # go get github.com/axw/gocov/gocov # go get github.com/AlekSi/gocov-xml # go get -u github.com/jstemmer/go-junit-report - # echo "::add-path::$(go env GOPATH)/bin" + # echo "$(go env GOPATH)/bin" >> $GITHUB_PATH - name: Print Go version and environment id: vars @@ -77,7 +77,7 @@ jobs: env printf "Git version: $(git version)\n\n" # Calculate the short SHA1 hash of the git commit - echo "::set-output name=short_sha::$(git rev-parse --short HEAD)" + echo "short_sha=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT - name: Cache the build cache uses: actions/cache@v3 @@ -123,7 +123,7 @@ jobs: run: | # (go test -v -coverprofile=cover-profile.out -race ./... 2>&1) > test-results/test-result.out go test -v -coverprofile="cover-profile.out" -short -race ./... - # echo "::set-output name=status::$?" + # echo "status=$?" >> $GITHUB_OUTPUT # Relevant step if we reinvestigate publishing test/coverage reports # - name: Prepare coverage reports diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 63e882f8..955e8d86 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -61,8 +61,8 @@ jobs: go env printf "\n\nSystem environment:\n\n" env - echo "::set-output name=version_tag::${GITHUB_REF/refs\/tags\//}" - echo "::set-output name=short_sha::$(git rev-parse --short HEAD)" + echo "version_tag=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_OUTPUT + echo "short_sha=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT # Add "pip install" CLI tools to PATH echo ~/.local/bin >> $GITHUB_PATH @@ -74,10 +74,10 @@ jobs: TAG_MINOR=`echo ${TAG#v} | sed -e "s#$SEMVER_RE#\2#"` TAG_PATCH=`echo ${TAG#v} | sed -e "s#$SEMVER_RE#\3#"` TAG_SPECIAL=`echo ${TAG#v} | sed -e "s#$SEMVER_RE#\4#"` - echo "::set-output name=tag_major::${TAG_MAJOR}" - echo "::set-output name=tag_minor::${TAG_MINOR}" - echo "::set-output name=tag_patch::${TAG_PATCH}" - echo "::set-output name=tag_special::${TAG_SPECIAL}" + echo "tag_major=${TAG_MAJOR}" >> $GITHUB_OUTPUT + echo "tag_minor=${TAG_MINOR}" >> $GITHUB_OUTPUT + echo "tag_patch=${TAG_PATCH}" >> $GITHUB_OUTPUT + echo "tag_special=${TAG_SPECIAL}" >> $GITHUB_OUTPUT # Cloudsmith CLI tooling for pushing releases # See https://help.cloudsmith.io/docs/cli From b40548ff614a2b30773d6f609fd75e526b409994 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 28 Dec 2022 13:11:39 -0500 Subject: [PATCH 0888/1498] ci: Fix goreleaser deprecation (#5270) --- .goreleaser.yml | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/.goreleaser.yml b/.goreleaser.yml index dafcce09..3f7f40db 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -66,24 +66,41 @@ builds: - -mod=readonly ldflags: - -s -w + signs: - cmd: cosign signature: "${artifact}.sig" certificate: '{{ trimsuffix (trimsuffix .Env.artifact ".zip") ".tar.gz" }}.pem' args: ["sign-blob", "--output-signature=${signature}", "--output-certificate", "${certificate}", "${artifact}"] artifacts: all + sboms: - artifacts: binary documents: - - '{{ .Binary }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}{{if .Arm}}v{{ .Arm }}{{end}}.sbom' + - >- + {{ .ProjectName }}_ + {{- .Version }}_ + {{- if eq .Os "darwin" }}mac{{ else }}{{ .Os }}{{ end }}_ + {{- .Arch }} + {{- with .Arm }}v{{ . }}{{ end }} + {{- with .Mips }}_{{ . }}{{ end }} + {{- if not (eq .Amd64 "v1") }}{{ .Amd64 }}{{ end }}.sbom cmd: syft args: ["$artifact", "--file", "${document}", "--output", "cyclonedx-json"] + archives: - format_overrides: - goos: windows format: zip - replacements: - darwin: mac + name_template: >- + {{ .ProjectName }}_ + {{- .Version }}_ + {{- if eq .Os "darwin" }}mac{{ else }}{{ .Os }}{{ end }}_ + {{- .Arch }} + {{- with .Arm }}v{{ . }}{{ end }} + {{- with .Mips }}_{{ . }}{{ end }} + {{- if not (eq .Amd64 "v1") }}{{ .Amd64 }}{{ end }} + checksum: algorithm: sha512 @@ -128,7 +145,6 @@ nfpms: preremove: ./caddy-dist/scripts/preremove.sh postremove: ./caddy-dist/scripts/postremove.sh - release: github: owner: caddyserver From bd74f9449601b6d7dee1cb1db8b960ee1b811de3 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Sat, 31 Dec 2022 10:10:32 -0700 Subject: [PATCH 0889/1498] Update README.md Update logo and fix test result badge --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index c0c9cffc..f7060216 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,9 @@

- - - Caddy + + + Caddy
@@ -13,7 +13,7 @@

Every site on HTTPS

Caddy is an extensible server platform that uses TLS by default.

- +
@caddyserver on Twitter From 05a4637489d669c274dddf7e8dd23735ef149302 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Sun, 1 Jan 2023 16:27:06 -0700 Subject: [PATCH 0890/1498] Update README.md Attempt to fix logo that was appearing black in some browsers (perhaps due to CSP?). Thanks to @IndeedNotJames for investigating! Hopefully this works. --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index f7060216..e0d659d6 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,9 @@

- - - Caddy + + + Caddy
From 4e9ad50f6503a347e85b7030afa616a83f145394 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Wed, 4 Jan 2023 11:07:27 -0700 Subject: [PATCH 0891/1498] fileserver: Add a couple test cases With placeholders --- modules/caddyhttp/fileserver/matcher_test.go | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/modules/caddyhttp/fileserver/matcher_test.go b/modules/caddyhttp/fileserver/matcher_test.go index 0f8c6bbc..6ef86b7a 100644 --- a/modules/caddyhttp/fileserver/matcher_test.go +++ b/modules/caddyhttp/fileserver/matcher_test.go @@ -62,6 +62,12 @@ func TestFileMatcher(t *testing.T) { expectedType: "file", matched: true, }, + { + path: "/foo.txt?a=b", + expectedPath: "/foo.txt", + expectedType: "file", + matched: true, + }, { path: "/foodir", expectedPath: "/foodir/", @@ -211,6 +217,12 @@ func TestPHPFileMatcher(t *testing.T) { expectedType: "file", matched: false, }, + { + path: "/index.php?path={path}&{query}", + expectedPath: "/index.php", + expectedType: "file", + matched: true, + }, } { m := &MatchFile{ fileSystem: osFS{}, From 55035d327a2dbd32887db0b1dcbc25dba590798f Mon Sep 17 00:00:00 2001 From: Yannick Ihmels Date: Fri, 6 Jan 2023 20:44:00 +0100 Subject: [PATCH 0892/1498] caddytls: Add `dns_ttl` config, improve Caddyfile `tls` options (#5287) --- caddyconfig/httpcaddyfile/builtins.go | 94 +++++++++++++++++-- .../caddyfile_adapt/tls_dns_ttl.txt | 70 ++++++++++++++ modules/caddytls/acmeissuer.go | 18 ++++ 3 files changed, 173 insertions(+), 9 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/tls_dns_ttl.txt diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index f4c9ce01..3f1943c8 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -24,6 +24,7 @@ import ( "reflect" "strconv" "strings" + "time" "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/caddyconfig" @@ -75,16 +76,22 @@ func parseBind(h Helper) ([]ConfigValue, error) { // trusted_leaf_cert // trusted_leaf_cert_file // } -// alpn -// load -// ca -// ca_root -// dns [...] +// alpn +// load +// ca +// ca_root +// key_type [ed25519|p256|p384|rsa2048|rsa4096] +// dns [...] +// propagation_delay +// propagation_timeout +// resolvers +// dns_ttl +// dns_challenge_override_domain // on_demand -// eab -// issuer [...] -// get_certificate [...] -// insecure_secrets_log +// eab +// issuer [...] +// get_certificate [...] +// insecure_secrets_log // } func parseTLS(h Helper) ([]ConfigValue, error) { cp := new(caddytls.ConnectionPolicy) @@ -363,6 +370,75 @@ func parseTLS(h Helper) ([]ConfigValue, error) { } acmeIssuer.Challenges.DNS.Resolvers = args + case "propagation_delay": + arg := h.RemainingArgs() + if len(arg) != 1 { + return nil, h.ArgErr() + } + delayStr := arg[0] + delay, err := caddy.ParseDuration(delayStr) + if err != nil { + return nil, h.Errf("invalid propagation_delay duration %s: %v", delayStr, err) + } + if acmeIssuer == nil { + acmeIssuer = new(caddytls.ACMEIssuer) + } + if acmeIssuer.Challenges == nil { + acmeIssuer.Challenges = new(caddytls.ChallengesConfig) + } + if acmeIssuer.Challenges.DNS == nil { + acmeIssuer.Challenges.DNS = new(caddytls.DNSChallengeConfig) + } + acmeIssuer.Challenges.DNS.PropagationDelay = caddy.Duration(delay) + + case "propagation_timeout": + arg := h.RemainingArgs() + if len(arg) != 1 { + return nil, h.ArgErr() + } + timeoutStr := arg[0] + var timeout time.Duration + if timeoutStr == "-1" { + timeout = time.Duration(-1) + } else { + var err error + timeout, err = caddy.ParseDuration(timeoutStr) + if err != nil { + return nil, h.Errf("invalid propagation_timeout duration %s: %v", timeoutStr, err) + } + } + if acmeIssuer == nil { + acmeIssuer = new(caddytls.ACMEIssuer) + } + if acmeIssuer.Challenges == nil { + acmeIssuer.Challenges = new(caddytls.ChallengesConfig) + } + if acmeIssuer.Challenges.DNS == nil { + acmeIssuer.Challenges.DNS = new(caddytls.DNSChallengeConfig) + } + acmeIssuer.Challenges.DNS.PropagationTimeout = caddy.Duration(timeout) + + case "dns_ttl": + arg := h.RemainingArgs() + if len(arg) != 1 { + return nil, h.ArgErr() + } + ttlStr := arg[0] + ttl, err := caddy.ParseDuration(ttlStr) + if err != nil { + return nil, h.Errf("invalid dns_ttl duration %s: %v", ttlStr, err) + } + if acmeIssuer == nil { + acmeIssuer = new(caddytls.ACMEIssuer) + } + if acmeIssuer.Challenges == nil { + acmeIssuer.Challenges = new(caddytls.ChallengesConfig) + } + if acmeIssuer.Challenges.DNS == nil { + acmeIssuer.Challenges.DNS = new(caddytls.DNSChallengeConfig) + } + acmeIssuer.Challenges.DNS.TTL = caddy.Duration(ttl) + case "dns_challenge_override_domain": arg := h.RemainingArgs() if len(arg) != 1 { diff --git a/caddytest/integration/caddyfile_adapt/tls_dns_ttl.txt b/caddytest/integration/caddyfile_adapt/tls_dns_ttl.txt new file mode 100644 index 00000000..b1b2941c --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/tls_dns_ttl.txt @@ -0,0 +1,70 @@ +localhost + +respond "hello from localhost" +tls { + issuer acme { + dns_ttl 5m10s + } +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "localhost" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "body": "hello from localhost", + "handler": "static_response" + } + ] + } + ] + } + ], + "terminal": true + } + ] + } + } + }, + "tls": { + "automation": { + "policies": [ + { + "subjects": [ + "localhost" + ], + "issuers": [ + { + "challenges": { + "dns": { + "ttl": 310000000000 + } + }, + "module": "acme" + } + ] + } + ] + } + } + } +} \ No newline at end of file diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go index 2f752ed0..12e300ed 100644 --- a/modules/caddytls/acmeissuer.go +++ b/modules/caddytls/acmeissuer.go @@ -266,6 +266,7 @@ func (iss *ACMEIssuer) GetACMEIssuer() *ACMEIssuer { return iss } // propagation_delay // propagation_timeout // resolvers +// dns_ttl // dns_challenge_override_domain // preferred_chains [smallest] { // root_common_name @@ -445,6 +446,23 @@ func (iss *ACMEIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { return d.ArgErr() } + case "dns_ttl": + if !d.NextArg() { + return d.ArgErr() + } + ttlStr := d.Val() + ttl, err := caddy.ParseDuration(ttlStr) + if err != nil { + return d.Errf("invalid dns_ttl duration %s: %v", ttlStr, err) + } + if iss.Challenges == nil { + iss.Challenges = new(ChallengesConfig) + } + if iss.Challenges.DNS == nil { + iss.Challenges.DNS = new(DNSChallengeConfig) + } + iss.Challenges.DNS.TTL = caddy.Duration(ttl) + case "dns_challenge_override_domain": arg := d.RemainingArgs() if len(arg) != 1 { From d74f6fd96790fc8f5abf302d9b10b0d333273d0d Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Fri, 6 Jan 2023 13:06:38 -0700 Subject: [PATCH 0893/1498] reverseproxy: Set origreq in active health check (#5284) * reverseproxy: Set origreq in active health check Fix #5281 * Oops; dereference Request --- modules/caddyhttp/reverseproxy/healthchecks.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/caddyhttp/reverseproxy/healthchecks.go b/modules/caddyhttp/reverseproxy/healthchecks.go index e4c732ac..c27b24f7 100644 --- a/modules/caddyhttp/reverseproxy/healthchecks.go +++ b/modules/caddyhttp/reverseproxy/healthchecks.go @@ -266,7 +266,8 @@ func (h *Handler) doActiveHealthCheck(dialInfo DialInfo, hostAddr string, upstre u.Host = net.JoinHostPort(host, portStr) } - // attach dialing information to this request + // attach dialing information to this request, as well as context values that + // may be expected by handlers of this request ctx := h.ctx.Context ctx = context.WithValue(ctx, caddy.ReplacerCtxKey, caddy.NewReplacer()) ctx = context.WithValue(ctx, caddyhttp.VarsCtxKey, map[string]any{ @@ -276,6 +277,8 @@ func (h *Handler) doActiveHealthCheck(dialInfo DialInfo, hostAddr string, upstre if err != nil { return fmt.Errorf("making request: %v", err) } + ctx = context.WithValue(ctx, caddyhttp.OriginalRequestCtxKey, *req) + req = req.WithContext(ctx) for key, hdrs := range h.HealthChecks.Active.Headers { if strings.ToLower(key) == "host" { req.Host = h.HealthChecks.Active.Headers.Get(key) From e450a7377b00f7f2a99042ba8e440fed69072028 Mon Sep 17 00:00:00 2001 From: Emily Lange Date: Fri, 6 Jan 2023 21:42:07 +0100 Subject: [PATCH 0894/1498] reverseproxy: Don't enable auto-https when `--from` flag is http (#5269) --- modules/caddyhttp/reverseproxy/command.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/caddyhttp/reverseproxy/command.go b/modules/caddyhttp/reverseproxy/command.go index 1b630861..ca621910 100644 --- a/modules/caddyhttp/reverseproxy/command.go +++ b/modules/caddyhttp/reverseproxy/command.go @@ -172,6 +172,10 @@ func cmdReverseProxy(fs caddycmd.Flags) (int, error) { Listen: []string{":" + fromAddr.Port}, } + if fromAddr.Scheme == "http" { + server.AutoHTTPS = &caddyhttp.AutoHTTPSConfig{Disabled: true} + } + httpApp := caddyhttp.App{ Servers: map[string]*caddyhttp.Server{"proxy": server}, } From 845bc4d50b437995d574819850206e4b3db4040d Mon Sep 17 00:00:00 2001 From: "Y.Horie" Date: Mon, 9 Jan 2023 16:13:34 +0900 Subject: [PATCH 0895/1498] reverseproxy: Fix hanging for Transfer-Encoding: chunked (#5289) * Fixes #5236 * enable request body buffering in reverse proxy when the request header has Transfer-Encoding: chunked --- .../caddyhttp/reverseproxy/reverseproxy.go | 23 ++++++++++++++----- 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 55d3aa8c..3adec3d9 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -622,8 +622,9 @@ func (h Handler) prepareRequest(req *http.Request, repl *caddy.Replacer) (*http. // attacks, so it is strongly recommended to only use this // feature if absolutely required, if read timeouts are // set, and if body size is limited - if h.BufferRequests && req.Body != nil { - req.Body = h.bufferedBody(req.Body) + if (h.BufferRequests || isChunkedRequest(req)) && req.Body != nil { + req.Body, req.ContentLength = h.bufferedBody(req.Body) + req.Header.Set("Content-Length", strconv.FormatInt(req.ContentLength, 10)) } if req.ContentLength == 0 { @@ -854,7 +855,7 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, origRe // if enabled, buffer the response body if h.BufferResponses { - res.Body = h.bufferedBody(res.Body) + res.Body, _ = h.bufferedBody(res.Body) } // see if any response handler is configured for this response from the backend @@ -1125,7 +1126,8 @@ func (h Handler) provisionUpstream(upstream *Upstream) { // bufferedBody reads originalBody into a buffer, then returns a reader for the buffer. // Always close the return value when done with it, just like if it was the original body! -func (h Handler) bufferedBody(originalBody io.ReadCloser) io.ReadCloser { +func (h Handler) bufferedBody(originalBody io.ReadCloser) (io.ReadCloser, int64) { + var written int64 buf := bufPool.Get().(*bytes.Buffer) buf.Reset() if h.MaxBufferSize > 0 { @@ -1135,16 +1137,25 @@ func (h Handler) bufferedBody(originalBody io.ReadCloser) io.ReadCloser { Reader: io.MultiReader(buf, originalBody), buf: buf, body: originalBody, - } + }, n } } else { - _, _ = io.Copy(buf, originalBody) + written, _ = io.Copy(buf, originalBody) } originalBody.Close() // no point in keeping it open return bodyReadCloser{ Reader: buf, buf: buf, + }, written +} + +func isChunkedRequest(req *http.Request) bool { + for _, transferEncoding := range req.TransferEncoding { + if transferEncoding == "chunked" { + return true + } } + return false } // cloneRequest makes a semi-deep clone of origReq. From 66ce0c5c635c4ff254ccb92123711534b6461b35 Mon Sep 17 00:00:00 2001 From: Yannick Ihmels Date: Mon, 9 Jan 2023 21:18:12 +0100 Subject: [PATCH 0896/1498] caddytls: Add test cases for Caddyfile `tls` options (#5293) --- .../caddyfile_adapt/tls_dns_ttl.txt | 12 ++- .../tls_explicit_issuer_dns_ttl.txt | 81 +++++++++++++++++++ ...s_explicit_issuer_propagation_options.txt} | 0 .../tls_propagation_options.txt | 79 ++++++++++++++++++ 4 files changed, 169 insertions(+), 3 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/tls_explicit_issuer_dns_ttl.txt rename caddytest/integration/caddyfile_adapt/{tls_propagation_timeout.txt => tls_explicit_issuer_propagation_options.txt} (100%) create mode 100644 caddytest/integration/caddyfile_adapt/tls_propagation_options.txt diff --git a/caddytest/integration/caddyfile_adapt/tls_dns_ttl.txt b/caddytest/integration/caddyfile_adapt/tls_dns_ttl.txt index b1b2941c..02e46763 100644 --- a/caddytest/integration/caddyfile_adapt/tls_dns_ttl.txt +++ b/caddytest/integration/caddyfile_adapt/tls_dns_ttl.txt @@ -2,9 +2,7 @@ localhost respond "hello from localhost" tls { - issuer acme { - dns_ttl 5m10s - } + dns_ttl 5m10s } ---------- { @@ -60,6 +58,14 @@ tls { } }, "module": "acme" + }, + { + "challenges": { + "dns": { + "ttl": 310000000000 + } + }, + "module": "zerossl" } ] } diff --git a/caddytest/integration/caddyfile_adapt/tls_explicit_issuer_dns_ttl.txt b/caddytest/integration/caddyfile_adapt/tls_explicit_issuer_dns_ttl.txt new file mode 100644 index 00000000..53629e3a --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/tls_explicit_issuer_dns_ttl.txt @@ -0,0 +1,81 @@ +localhost + +respond "hello from localhost" +tls { + issuer acme { + dns_ttl 5m10s + } + issuer zerossl { + dns_ttl 10m20s + } +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "localhost" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "body": "hello from localhost", + "handler": "static_response" + } + ] + } + ] + } + ], + "terminal": true + } + ] + } + } + }, + "tls": { + "automation": { + "policies": [ + { + "subjects": [ + "localhost" + ], + "issuers": [ + { + "challenges": { + "dns": { + "ttl": 310000000000 + } + }, + "module": "acme" + }, + { + "challenges": { + "dns": { + "ttl": 620000000000 + } + }, + "module": "zerossl" + } + ] + } + ] + } + } + } +} \ No newline at end of file diff --git a/caddytest/integration/caddyfile_adapt/tls_propagation_timeout.txt b/caddytest/integration/caddyfile_adapt/tls_explicit_issuer_propagation_options.txt similarity index 100% rename from caddytest/integration/caddyfile_adapt/tls_propagation_timeout.txt rename to caddytest/integration/caddyfile_adapt/tls_explicit_issuer_propagation_options.txt diff --git a/caddytest/integration/caddyfile_adapt/tls_propagation_options.txt b/caddytest/integration/caddyfile_adapt/tls_propagation_options.txt new file mode 100644 index 00000000..ee4666b6 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/tls_propagation_options.txt @@ -0,0 +1,79 @@ +localhost + +respond "hello from localhost" +tls { + propagation_delay 5m10s + propagation_timeout 10m20s +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "localhost" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "body": "hello from localhost", + "handler": "static_response" + } + ] + } + ] + } + ], + "terminal": true + } + ] + } + } + }, + "tls": { + "automation": { + "policies": [ + { + "subjects": [ + "localhost" + ], + "issuers": [ + { + "challenges": { + "dns": { + "propagation_delay": 310000000000, + "propagation_timeout": 620000000000 + } + }, + "module": "acme" + }, + { + "challenges": { + "dns": { + "propagation_delay": 310000000000, + "propagation_timeout": 620000000000 + } + }, + "module": "zerossl" + } + ] + } + ] + } + } + } +} \ No newline at end of file From 223cbe3d0b50487117c785f0755bb80a9ee65010 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 10 Jan 2023 00:08:23 -0500 Subject: [PATCH 0897/1498] caddyhttp: Add server-level `trusted_proxies` config (#5103) --- caddyconfig/httpcaddyfile/serveroptions.go | 11 +++ .../global_server_options_single.txt | 9 +++ modules/caddyhttp/app.go | 20 +++++ modules/caddyhttp/matchers.go | 9 +-- modules/caddyhttp/replacer.go | 3 +- modules/caddyhttp/reverseproxy/caddyfile.go | 9 +-- .../caddyhttp/reverseproxy/reverseproxy.go | 6 +- modules/caddyhttp/server.go | 73 ++++++++++++++++++- 8 files changed, 117 insertions(+), 23 deletions(-) diff --git a/caddyconfig/httpcaddyfile/serveroptions.go b/caddyconfig/httpcaddyfile/serveroptions.go index 3e206c87..7aa0a2a8 100644 --- a/caddyconfig/httpcaddyfile/serveroptions.go +++ b/caddyconfig/httpcaddyfile/serveroptions.go @@ -42,6 +42,7 @@ type serverOptions struct { MaxHeaderBytes int Protocols []string StrictSNIHost *bool + TrustedProxies []string ShouldLogCredentials bool Metrics *caddyhttp.Metrics } @@ -176,6 +177,15 @@ func unmarshalCaddyfileServerOptions(d *caddyfile.Dispenser) (any, error) { } serverOpts.StrictSNIHost = &boolVal + case "trusted_proxies": + for d.NextArg() { + if d.Val() == "private_ranges" { + serverOpts.TrustedProxies = append(serverOpts.TrustedProxies, caddyhttp.PrivateRangesCIDR()...) + continue + } + serverOpts.TrustedProxies = append(serverOpts.TrustedProxies, d.Val()) + } + case "metrics": if d.NextArg() { return nil, d.ArgErr() @@ -269,6 +279,7 @@ func applyServerOptions( server.MaxHeaderBytes = opts.MaxHeaderBytes server.Protocols = opts.Protocols server.StrictSNIHost = opts.StrictSNIHost + server.TrustedProxies = opts.TrustedProxies server.Metrics = opts.Metrics if opts.ShouldLogCredentials { if server.Logs == nil { diff --git a/caddytest/integration/caddyfile_adapt/global_server_options_single.txt b/caddytest/integration/caddyfile_adapt/global_server_options_single.txt index 5fb67392..f767ea74 100644 --- a/caddytest/integration/caddyfile_adapt/global_server_options_single.txt +++ b/caddytest/integration/caddyfile_adapt/global_server_options_single.txt @@ -14,6 +14,7 @@ log_credentials protocols h1 h2 h2c h3 strict_sni_host + trusted_proxies private_ranges } } @@ -55,6 +56,14 @@ foo.com { } ], "strict_sni_host": true, + "trusted_proxies": [ + "192.168.0.0/16", + "172.16.0.0/12", + "10.0.0.0/8", + "127.0.0.1/8", + "fd00::/8", + "::1" + ], "logs": { "should_log_credentials": true }, diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go index 0943b32d..d790284c 100644 --- a/modules/caddyhttp/app.go +++ b/modules/caddyhttp/app.go @@ -20,7 +20,9 @@ import ( "fmt" "net" "net/http" + "net/netip" "strconv" + "strings" "sync" "time" @@ -222,6 +224,24 @@ func (app *App) Provision(ctx caddy.Context) error { srv.StrictSNIHost = &trueBool } + // parse trusted proxy CIDRs ahead of time + for _, str := range srv.TrustedProxies { + if strings.Contains(str, "/") { + ipNet, err := netip.ParsePrefix(str) + if err != nil { + return fmt.Errorf("parsing CIDR expression: '%s': %v", str, err) + } + srv.trustedProxies = append(srv.trustedProxies, ipNet) + } else { + ipAddr, err := netip.ParseAddr(str) + if err != nil { + return fmt.Errorf("invalid IP address: '%s': %v", str, err) + } + ipNew := netip.PrefixFrom(ipAddr, ipAddr.BitLen()) + srv.trustedProxies = append(srv.trustedProxies, ipNew) + } + } + // process each listener address for i := range srv.Listen { lnOut, err := repl.ReplaceOrErr(srv.Listen[i], true, true) diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index 400c1543..3064300b 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -1281,14 +1281,7 @@ func (m *MatchRemoteIP) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { continue } if d.Val() == "private_ranges" { - m.Ranges = append(m.Ranges, []string{ - "192.168.0.0/16", - "172.16.0.0/12", - "10.0.0.0/8", - "127.0.0.1/8", - "fd00::/8", - "::1", - }...) + m.Ranges = append(m.Ranges, PrivateRangesCIDR()...) continue } m.Ranges = append(m.Ranges, d.Val()) diff --git a/modules/caddyhttp/replacer.go b/modules/caddyhttp/replacer.go index e89c502b..c58b56ed 100644 --- a/modules/caddyhttp/replacer.go +++ b/modules/caddyhttp/replacer.go @@ -290,8 +290,7 @@ func addHTTPVarsToReplacer(repl *caddy.Replacer, req *http.Request, w http.Respo // middleware variables if strings.HasPrefix(key, varsReplPrefix) { varName := key[len(varsReplPrefix):] - tbl := req.Context().Value(VarsCtxKey).(map[string]any) - raw := tbl[varName] + raw := GetVar(req.Context(), varName) // variables can be dynamic, so always return true // even when it may not be set; treat as empty then return raw, true diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index f1f10d19..cd9b77cd 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -549,14 +549,7 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { case "trusted_proxies": for d.NextArg() { if d.Val() == "private_ranges" { - h.TrustedProxies = append(h.TrustedProxies, []string{ - "192.168.0.0/16", - "172.16.0.0/12", - "10.0.0.0/8", - "127.0.0.1/8", - "fd00::/8", - "::1", - }...) + h.TrustedProxies = append(h.TrustedProxies, caddyhttp.PrivateRangesCIDR()...) continue } h.TrustedProxies = append(h.TrustedProxies, d.Val()) diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 3adec3d9..88d98e82 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -701,16 +701,14 @@ func (h Handler) addForwardedHeaders(req *http.Request) error { // Client IP may contain a zone if IPv6, so we need // to pull that out before parsing the IP - if before, _, found := strings.Cut(clientIP, "%"); found { - clientIP = before - } + clientIP, _, _ = strings.Cut(clientIP, "%") ipAddr, err := netip.ParseAddr(clientIP) if err != nil { return fmt.Errorf("invalid IP address: '%s': %v", clientIP, err) } // Check if the client is a trusted proxy - trusted := false + trusted := caddyhttp.GetVar(req.Context(), caddyhttp.TrustedProxyVarKey).(bool) for _, ipRange := range h.trustedProxies { if ipRange.Contains(ipAddr) { trusted = true diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index 7a244d2c..f50abf0e 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -21,6 +21,7 @@ import ( "fmt" "net" "net/http" + "net/netip" "net/url" "runtime" "strings" @@ -117,6 +118,18 @@ type Server struct { // client authentication. StrictSNIHost *bool `json:"strict_sni_host,omitempty"` + // A list of IP ranges (supports CIDR notation) from which + // requests should be trusted. By default, no proxies are + // trusted. + // + // On its own, this configuration will not do anything, + // but it can be used as a default set of ranges for + // handlers or matchers in routes to pick up, instead + // of needing to configure each of them. See the + // `reverse_proxy` handler for example, which uses this + // to trust sensitive incoming `X-Forwarded-*` headers. + TrustedProxies []string `json:"trusted_proxies,omitempty"` + // Enables access logging and configures how access logs are handled // in this server. To minimally enable access logs, simply set this // to a non-null, empty struct. @@ -175,6 +188,9 @@ type Server struct { h3listeners []net.PacketConn // TODO: we have to hold these because quic-go won't close listeners it didn't create addresses []caddy.NetworkAddress + // Holds the parsed CIDR ranges from TrustedProxies + trustedProxies []netip.Prefix + shutdownAt time.Time shutdownAtMu *sync.RWMutex @@ -675,7 +691,9 @@ func PrepareRequest(r *http.Request, repl *caddy.Replacer, w http.ResponseWriter // set up the context for the request ctx := context.WithValue(r.Context(), caddy.ReplacerCtxKey, repl) ctx = context.WithValue(ctx, ServerCtxKey, s) - ctx = context.WithValue(ctx, VarsCtxKey, make(map[string]any)) + ctx = context.WithValue(ctx, VarsCtxKey, map[string]any{ + TrustedProxyVarKey: determineTrustedProxy(r, s), + }) ctx = context.WithValue(ctx, routeGroupCtxKey, make(map[string]struct{})) var url2 url.URL // avoid letting this escape to the heap ctx = context.WithValue(ctx, OriginalRequestCtxKey, originalRequest(r, &url2)) @@ -705,6 +723,43 @@ func originalRequest(req *http.Request, urlCopy *url.URL) http.Request { } } +// determineTrustedProxy parses the remote IP address of +// the request, and determines (if the server configured it) +// if the client is a trusted proxy. +func determineTrustedProxy(r *http.Request, s *Server) bool { + // If there's no server, then we can't check anything + if s == nil { + return false + } + + // Parse the remote IP, ignore the error as non-fatal, + // but the remote IP is required to continue, so we + // just return early. This should probably never happen + // though, unless some other module manipulated the request's + // remote address and used an invalid value. + clientIP, _, err := net.SplitHostPort(r.RemoteAddr) + if err != nil { + return false + } + + // Client IP may contain a zone if IPv6, so we need + // to pull that out before parsing the IP + clientIP, _, _ = strings.Cut(clientIP, "%") + ipAddr, err := netip.ParseAddr(clientIP) + if err != nil { + return false + } + + // Check if the client is a trusted proxy + for _, ipRange := range s.trustedProxies { + if ipRange.Contains(ipAddr) { + return true + } + } + + return false +} + // cloneURL makes a copy of r.URL and returns a // new value that doesn't reference the original. func cloneURL(from, to *url.URL) { @@ -716,6 +771,19 @@ func cloneURL(from, to *url.URL) { } } +// PrivateRangesCIDR returns a list of private CIDR range +// strings, which can be used as a configuration shortcut. +func PrivateRangesCIDR() []string { + return []string{ + "192.168.0.0/16", + "172.16.0.0/12", + "10.0.0.0/8", + "127.0.0.1/8", + "fd00::/8", + "::1", + } +} + // Context keys for HTTP request context values. const ( // For referencing the server instance @@ -727,4 +795,7 @@ const ( // For a partial copy of the unmodified request that // originally came into the server's entry handler OriginalRequestCtxKey caddy.CtxKey = "original_request" + + // For tracking whether the client is a trusted proxy + TrustedProxyVarKey string = "trusted_proxy" ) From 62e8b21724b0734ceb7879d740902eb3772d34b2 Mon Sep 17 00:00:00 2001 From: "Y.Horie" Date: Tue, 17 Jan 2023 20:57:42 +0900 Subject: [PATCH 0898/1498] chore: Fix caddyfile.replaceEnvVars return (#5311) --- caddyconfig/caddyfile/parse.go | 14 +++----------- caddyconfig/caddyfile/parse_test.go | 5 +---- 2 files changed, 4 insertions(+), 15 deletions(-) diff --git a/caddyconfig/caddyfile/parse.go b/caddyconfig/caddyfile/parse.go index 2c2da0f1..82c515b9 100644 --- a/caddyconfig/caddyfile/parse.go +++ b/caddyconfig/caddyfile/parse.go @@ -61,20 +61,12 @@ func Parse(filename string, input []byte) ([]ServerBlock, error) { // It returns all the tokens from the input, unstructured // and in order. It may mutate input as it expands env vars. func allTokens(filename string, input []byte) ([]Token, error) { - inputCopy, err := replaceEnvVars(input) - if err != nil { - return nil, err - } - tokens, err := Tokenize(inputCopy, filename) - if err != nil { - return nil, err - } - return tokens, nil + return Tokenize(replaceEnvVars(input), filename) } // replaceEnvVars replaces all occurrences of environment variables. // It mutates the underlying array and returns the updated slice. -func replaceEnvVars(input []byte) ([]byte, error) { +func replaceEnvVars(input []byte) []byte { var offset int for { begin := bytes.Index(input[offset:], spanOpen) @@ -115,7 +107,7 @@ func replaceEnvVars(input []byte) ([]byte, error) { // continue at the end of the replacement offset = begin + len(envVarBytes) } - return input, nil + return input } type parser struct { diff --git a/caddyconfig/caddyfile/parse_test.go b/caddyconfig/caddyfile/parse_test.go index c3f6fa64..e3eff564 100644 --- a/caddyconfig/caddyfile/parse_test.go +++ b/caddyconfig/caddyfile/parse_test.go @@ -604,10 +604,7 @@ func TestEnvironmentReplacement(t *testing.T) { expect: "}{$", }, } { - actual, err := replaceEnvVars([]byte(test.input)) - if err != nil { - t.Fatal(err) - } + actual := replaceEnvVars([]byte(test.input)) if !bytes.Equal(actual, []byte(test.expect)) { t.Errorf("Test %d: Expected: '%s' but got '%s'", i, test.expect, actual) } From e8ad9b32c9730ddb162b6fb1443fc0b36fcef7dc Mon Sep 17 00:00:00 2001 From: Alexandre Vicenzi Date: Tue, 17 Jan 2023 13:07:07 +0100 Subject: [PATCH 0899/1498] go.mod: Update golang.org/x/net to v0.5.0 (#5314) --- go.mod | 8 ++++---- go.sum | 8 ++++++++ 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index b152fa81..42f72bbb 100644 --- a/go.mod +++ b/go.mod @@ -31,8 +31,8 @@ require ( go.opentelemetry.io/otel/sdk v1.4.0 go.uber.org/zap v1.23.0 golang.org/x/crypto v0.0.0-20221005025214-4161e89ecf1b - golang.org/x/net v0.1.0 - golang.org/x/term v0.1.0 + golang.org/x/net v0.5.0 + golang.org/x/term v0.4.0 google.golang.org/genproto v0.0.0-20221027153422-115e99e71e1c gopkg.in/natefinch/lumberjack.v2 v2.0.0 gopkg.in/yaml.v3 v3.0.1 @@ -127,8 +127,8 @@ require ( go.uber.org/atomic v1.9.0 // indirect go.uber.org/multierr v1.6.0 // indirect golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect - golang.org/x/sys v0.1.1-0.20221102194838-fc697a31fa06 - golang.org/x/text v0.4.0 // indirect + golang.org/x/sys v0.4.0 + golang.org/x/text v0.6.0 // indirect golang.org/x/tools v0.1.12 // indirect google.golang.org/grpc v1.50.1 // indirect google.golang.org/protobuf v1.28.1 // indirect diff --git a/go.sum b/go.sum index acc31e9a..0f8cf479 100644 --- a/go.sum +++ b/go.sum @@ -834,6 +834,8 @@ golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su golang.org/x/net v0.0.0-20220630215102-69896b714898/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= +golang.org/x/net v0.5.0 h1:GyT4nK/YDHSqa1c4753ouYCDajOYKTja9Xb/OHtgvSw= +golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -918,11 +920,15 @@ golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.1-0.20221102194838-fc697a31fa06 h1:E1pm64FqQa4v8dHd/bAneyMkR4hk8LTJhoSlc5mc1cM= golang.org/x/sys v0.1.1-0.20221102194838-fc697a31fa06/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.4.0 h1:Zr2JFtRQNX3BCZ8YtxRE9hNJYC8J6I1MVbMg6owUp18= +golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0 h1:g6Z6vPFA9dYBAF7DWcH6sCcOntplXsDKcliusYijMlw= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.4.0 h1:O7UWfv5+A2qiuulQk30kVinPoMtoIPeVaKLEgLpVkvg= +golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -933,6 +939,8 @@ golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.6.0 h1:3XmdazWV+ubf7QgHSTWeykHOci5oeekaGJBLkrkaw4k= +golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= From c38a040e85a7d277299acaab39bdad171bc45675 Mon Sep 17 00:00:00 2001 From: WeidiDeng Date: Thu, 19 Jan 2023 05:04:41 +0800 Subject: [PATCH 0900/1498] httpcaddyfile: Fix `handle` grouping inside `route` (#5315) Co-authored-by: Francis Lavoie --- caddyconfig/httpcaddyfile/builtins.go | 15 +--- caddyconfig/httpcaddyfile/directives.go | 2 +- caddyconfig/httpcaddyfile/httptype.go | 16 ++-- .../handle_nested_in_route.txt | 78 +++++++++++++++++++ .../php_fastcgi_expanded_form.txt | 3 +- 5 files changed, 93 insertions(+), 21 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/handle_nested_in_route.txt diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index 3f1943c8..45da4a8d 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -731,29 +731,20 @@ func parseError(h Helper) (caddyhttp.MiddlewareHandler, error) { // parseRoute parses the route directive. func parseRoute(h Helper) (caddyhttp.MiddlewareHandler, error) { - sr := new(caddyhttp.Subroute) - allResults, err := parseSegmentAsConfig(h) if err != nil { return nil, err } for _, result := range allResults { - switch handler := result.Value.(type) { - case caddyhttp.Route: - sr.Routes = append(sr.Routes, handler) - case caddyhttp.Subroute: - // directives which return a literal subroute instead of a route - // means they intend to keep those handlers together without - // them being reordered; we're doing that anyway since we're in - // the route directive, so just append its handlers - sr.Routes = append(sr.Routes, handler.Routes...) + switch result.Value.(type) { + case caddyhttp.Route, caddyhttp.Subroute: default: return nil, h.Errf("%s directive returned something other than an HTTP route or subroute: %#v (only handler directives can be used in routes)", result.directive, result.Value) } } - return sr, nil + return buildSubroute(allResults, h.groupCounter, false) } func parseHandle(h Helper) (caddyhttp.MiddlewareHandler, error) { diff --git a/caddyconfig/httpcaddyfile/directives.go b/caddyconfig/httpcaddyfile/directives.go index 5ab092d7..a772dbaa 100644 --- a/caddyconfig/httpcaddyfile/directives.go +++ b/caddyconfig/httpcaddyfile/directives.go @@ -289,7 +289,7 @@ func ParseSegmentAsSubroute(h Helper) (caddyhttp.MiddlewareHandler, error) { return nil, err } - return buildSubroute(allResults, h.groupCounter) + return buildSubroute(allResults, h.groupCounter, true) } // parseSegmentAsConfig parses the segment such that its subdirectives diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 77f990b9..00678ef2 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -618,7 +618,7 @@ func (st *ServerType) serversFromPairings( // set up each handler directive, making sure to honor directive order dirRoutes := sblock.pile["route"] - siteSubroute, err := buildSubroute(dirRoutes, groupCounter) + siteSubroute, err := buildSubroute(dirRoutes, groupCounter, true) if err != nil { return nil, err } @@ -959,14 +959,16 @@ func appendSubrouteToRouteList(routeList caddyhttp.RouteList, // buildSubroute turns the config values, which are expected to be routes // into a clean and orderly subroute that has all the routes within it. -func buildSubroute(routes []ConfigValue, groupCounter counter) (*caddyhttp.Subroute, error) { - for _, val := range routes { - if !directiveIsOrdered(val.directive) { - return nil, fmt.Errorf("directive '%s' is not an ordered HTTP handler, so it cannot be used here", val.directive) +func buildSubroute(routes []ConfigValue, groupCounter counter, needsSorting bool) (*caddyhttp.Subroute, error) { + if needsSorting { + for _, val := range routes { + if !directiveIsOrdered(val.directive) { + return nil, fmt.Errorf("directive '%s' is not an ordered HTTP handler, so it cannot be used here", val.directive) + } } - } - sortRoutes(routes) + sortRoutes(routes) + } subroute := new(caddyhttp.Subroute) diff --git a/caddytest/integration/caddyfile_adapt/handle_nested_in_route.txt b/caddytest/integration/caddyfile_adapt/handle_nested_in_route.txt new file mode 100644 index 00000000..1f77d5c4 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/handle_nested_in_route.txt @@ -0,0 +1,78 @@ +:8881 { + route { + handle /foo/* { + respond "Foo" + } + handle { + respond "Bar" + } + } +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":8881" + ], + "routes": [ + { + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "group": "group2", + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "body": "Foo", + "handler": "static_response" + } + ] + } + ] + } + ], + "match": [ + { + "path": [ + "/foo/*" + ] + } + ] + }, + { + "group": "group2", + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "body": "Bar", + "handler": "static_response" + } + ] + } + ] + } + ] + } + ] + } + ] + } + ] + } + } + } + } +} \ No newline at end of file diff --git a/caddytest/integration/caddyfile_adapt/php_fastcgi_expanded_form.txt b/caddytest/integration/caddyfile_adapt/php_fastcgi_expanded_form.txt index 2fa2b797..8a57b9e3 100644 --- a/caddytest/integration/caddyfile_adapt/php_fastcgi_expanded_form.txt +++ b/caddytest/integration/caddyfile_adapt/php_fastcgi_expanded_form.txt @@ -74,6 +74,7 @@ route { ] }, { + "group": "group0", "handle": [ { "handler": "rewrite", @@ -129,4 +130,4 @@ route { } } } -} \ No newline at end of file +} From 8d6870fd068aa3ea472a46f34d219f41703e2ddb Mon Sep 17 00:00:00 2001 From: "Y.Horie" Date: Sun, 22 Jan 2023 00:27:58 +0900 Subject: [PATCH 0901/1498] chore: Fix typo, coral -> cobra (#5325) --- cmd/cobra.go | 2 +- cmd/commands.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cmd/cobra.go b/cmd/cobra.go index 8da99aee..203b7bd1 100644 --- a/cmd/cobra.go +++ b/cmd/cobra.go @@ -104,7 +104,7 @@ func init() { rootCmd.SetHelpTemplate(rootCmd.HelpTemplate() + "\n" + fullDocsFooter + "\n") } -func caddyCmdToCoral(caddyCmd Command) *cobra.Command { +func caddyCmdToCobra(caddyCmd Command) *cobra.Command { cmd := &cobra.Command{ Use: caddyCmd.Name, Short: caddyCmd.Short, diff --git a/cmd/commands.go b/cmd/commands.go index c92e1269..83d3c99a 100644 --- a/cmd/commands.go +++ b/cmd/commands.go @@ -504,7 +504,7 @@ func RegisterCommand(cmd Command) { if !commandNameRegex.MatchString(cmd.Name) { panic("invalid command name") } - rootCmd.AddCommand(caddyCmdToCoral(cmd)) + rootCmd.AddCommand(caddyCmdToCobra(cmd)) } var commandNameRegex = regexp.MustCompile(`^[a-z0-9]$|^([a-z0-9]+-?[a-z0-9]*)+[a-z0-9]$`) From d6d7511699f6a35e3246918023af5ba3bc2cbc67 Mon Sep 17 00:00:00 2001 From: "Y.Horie" Date: Sun, 22 Jan 2023 02:22:36 +0900 Subject: [PATCH 0902/1498] httpcaddyfile: Warn on importing empty file; skip dotfiles (#5320) * httpcaddyfile: Change the parse rules when empty file or dotfile with a glob. * Fixes #5295 * Empty file should just log a warning, and result in no tokens. * The last segment of the path is '*', it should skip any dotfiles. * The last segment of the path is '.*', it should read all dotfiles in a dir. * httpcaddyfile: Regard empty files as import files which include only white space. --- caddyconfig/caddyfile/parse.go | 20 +++++++++++++++++++ caddyconfig/caddyfile/parse_test.go | 17 ++++++++++++++++ caddyconfig/caddyfile/testdata/empty.txt | 0 .../caddyfile/testdata/glob/.dotfile.txt | 4 ++++ .../caddyfile/testdata/glob/import_test1.txt | 2 ++ .../caddyfile/testdata/only_white_space.txt | 7 +++++++ 6 files changed, 50 insertions(+) create mode 100644 caddyconfig/caddyfile/testdata/empty.txt create mode 100644 caddyconfig/caddyfile/testdata/glob/.dotfile.txt create mode 100644 caddyconfig/caddyfile/testdata/glob/import_test1.txt create mode 100644 caddyconfig/caddyfile/testdata/only_white_space.txt diff --git a/caddyconfig/caddyfile/parse.go b/caddyconfig/caddyfile/parse.go index 82c515b9..edc86f28 100644 --- a/caddyconfig/caddyfile/parse.go +++ b/caddyconfig/caddyfile/parse.go @@ -389,6 +389,20 @@ func (p *parser) doImport() error { } else { return p.Errf("File to import not found: %s", importPattern) } + } else { + // See issue #5295 - should skip any files that start with a . when iterating over them. + sep := string(filepath.Separator) + segGlobPattern := strings.Split(globPattern, sep) + if strings.HasPrefix(segGlobPattern[len(segGlobPattern)-1], "*") { + var tmpMatches []string + for _, m := range matches { + seg := strings.Split(m, sep) + if !strings.HasPrefix(seg[len(seg)-1], ".") { + tmpMatches = append(tmpMatches, m) + } + } + matches = tmpMatches + } } // collect all the imported tokens @@ -451,6 +465,12 @@ func (p *parser) doSingleImport(importFile string) ([]Token, error) { return nil, p.Errf("Could not read imported file %s: %v", importFile, err) } + // only warning in case of empty files + if len(input) == 0 || len(strings.TrimSpace(string(input))) == 0 { + caddy.Log().Warn("Import file is empty", zap.String("file", importFile)) + return []Token{}, nil + } + importedTokens, err := allTokens(importFile, input) if err != nil { return nil, p.Errf("Could not read tokens while importing %s: %v", importFile, err) diff --git a/caddyconfig/caddyfile/parse_test.go b/caddyconfig/caddyfile/parse_test.go index e3eff564..4d18cc44 100644 --- a/caddyconfig/caddyfile/parse_test.go +++ b/caddyconfig/caddyfile/parse_test.go @@ -187,6 +187,23 @@ func TestParseOneAndImport(t *testing.T) { {`import testdata/not_found.txt`, true, []string{}, []int{}}, + // empty file should just log a warning, and result in no tokens + {`import testdata/empty.txt`, false, []string{}, []int{}}, + + {`import testdata/only_white_space.txt`, false, []string{}, []int{}}, + + // import path/to/dir/* should skip any files that start with a . when iterating over them. + {`localhost + dir1 arg1 + import testdata/glob/*`, false, []string{ + "localhost", + }, []int{2, 3, 1}}, + + // import path/to/dir/.* should continue to read all dotfiles in a dir. + {`import testdata/glob/.*`, false, []string{ + "host1", + }, []int{1, 2}}, + {`""`, false, []string{}, []int{}}, {``, false, []string{}, []int{}}, diff --git a/caddyconfig/caddyfile/testdata/empty.txt b/caddyconfig/caddyfile/testdata/empty.txt new file mode 100644 index 00000000..e69de29b diff --git a/caddyconfig/caddyfile/testdata/glob/.dotfile.txt b/caddyconfig/caddyfile/testdata/glob/.dotfile.txt new file mode 100644 index 00000000..faab100c --- /dev/null +++ b/caddyconfig/caddyfile/testdata/glob/.dotfile.txt @@ -0,0 +1,4 @@ +host1 { + dir1 + dir2 arg1 +} diff --git a/caddyconfig/caddyfile/testdata/glob/import_test1.txt b/caddyconfig/caddyfile/testdata/glob/import_test1.txt new file mode 100644 index 00000000..dac7b29b --- /dev/null +++ b/caddyconfig/caddyfile/testdata/glob/import_test1.txt @@ -0,0 +1,2 @@ +dir2 arg1 arg2 +dir3 \ No newline at end of file diff --git a/caddyconfig/caddyfile/testdata/only_white_space.txt b/caddyconfig/caddyfile/testdata/only_white_space.txt new file mode 100644 index 00000000..705327cd --- /dev/null +++ b/caddyconfig/caddyfile/testdata/only_white_space.txt @@ -0,0 +1,7 @@ + + + + +  + + From 5805b3ca11492c2673180e707a643b24100a9e4a Mon Sep 17 00:00:00 2001 From: "Y.Horie" Date: Sun, 22 Jan 2023 13:28:37 +0900 Subject: [PATCH 0903/1498] cmd: `caddy fmt` return code is 1 if not formatted (#5297) * cmd: Fix caddy fmt if input isn't formatted * Fixes #5294 * return exit 1 with an error message * cmd: Use formattingDifference for caddy fmt * #5294 * expose caddyfile.formattingDifference --- caddyconfig/caddyfile/adapter.go | 6 +++--- cmd/commandfuncs.go | 4 ++++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/caddyconfig/caddyfile/adapter.go b/caddyconfig/caddyfile/adapter.go index d5bb7c22..b924325b 100644 --- a/caddyconfig/caddyfile/adapter.go +++ b/caddyconfig/caddyfile/adapter.go @@ -54,7 +54,7 @@ func (a Adapter) Adapt(body []byte, options map[string]any) ([]byte, []caddyconf // lint check: see if input was properly formatted; sometimes messy files files parse // successfully but result in logical errors (the Caddyfile is a bad format, I'm sorry) - if warning, different := formattingDifference(filename, body); different { + if warning, different := FormattingDifference(filename, body); different { warnings = append(warnings, warning) } @@ -63,10 +63,10 @@ func (a Adapter) Adapt(body []byte, options map[string]any) ([]byte, []caddyconf return result, warnings, err } -// formattingDifference returns a warning and true if the formatted version +// FormattingDifference returns a warning and true if the formatted version // is any different from the input; empty warning and false otherwise. // TODO: also perform this check on imported files -func formattingDifference(filename string, body []byte) (caddyconfig.Warning, bool) { +func FormattingDifference(filename string, body []byte) (caddyconfig.Warning, bool) { // replace windows-style newlines to normalize comparison normalizedBody := bytes.Replace(body, []byte("\r\n"), []byte("\n"), -1) diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go index e3daae59..bc4c2278 100644 --- a/cmd/commandfuncs.go +++ b/cmd/commandfuncs.go @@ -576,6 +576,10 @@ func cmdFmt(fl Flags) (int, error) { fmt.Print(string(output)) } + if warning, diff := caddyfile.FormattingDifference(formatCmdConfigFile, input); diff { + return caddy.ExitCodeFailedStartup, fmt.Errorf("%s:%d: Caddyfile input is not formatted", warning.File, warning.Line) + } + return caddy.ExitCodeSuccess, nil } From 98867ac3468b33c012ae75a14c8d923117629dc2 Mon Sep 17 00:00:00 2001 From: Brad Fitzpatrick Date: Tue, 24 Jan 2023 17:01:54 -0800 Subject: [PATCH 0904/1498] go.mod: bump tscert package to fix Tailscale 1.34+ on Windows (#5331) As of Tailscale 1.34.0 on Windows, Tailscale now uses a named pipe to connect to the local tailscale service. This pulls in tailscale/tscert#5 as reported in tailscale/tscert#4. (Sorry, we should've noticed this earlier!) Signed-off-by: Brad Fitzpatrick Signed-off-by: Brad Fitzpatrick --- go.mod | 3 ++- go.sum | 20 ++++++++++---------- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/go.mod b/go.mod index 42f72bbb..c329bbdf 100644 --- a/go.mod +++ b/go.mod @@ -22,7 +22,7 @@ require ( github.com/smallstep/truststore v0.12.0 github.com/spf13/cobra v1.6.0 github.com/spf13/pflag v1.0.5 - github.com/tailscale/tscert v0.0.0-20220316030059-54bbcb9f74e2 + github.com/tailscale/tscert v0.0.0-20230124224810-c6dc1f4049b2 github.com/yuin/goldmark v1.5.2 github.com/yuin/goldmark-highlighting v0.0.0-20220208100518-594be1970594 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.34.0 @@ -39,6 +39,7 @@ require ( ) require ( + github.com/Microsoft/go-winio v0.6.0 // indirect github.com/fxamacker/cbor/v2 v2.4.0 // indirect github.com/golang/glog v1.0.0 // indirect github.com/golang/mock v1.6.0 // indirect diff --git a/go.sum b/go.sum index 0f8cf479..55f673b3 100644 --- a/go.sum +++ b/go.sum @@ -54,6 +54,8 @@ github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0 github.com/Masterminds/sprig/v3 v3.1.0/go.mod h1:ONGMf7UfYGAbMXCZmQLy8x3lCDIPrEZE/rU8pmrbihA= github.com/Masterminds/sprig/v3 v3.2.2 h1:17jRggJu518dr3QaafizSXOjKYp94wKfABxUmyxvxX8= github.com/Masterminds/sprig/v3 v3.2.2/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk= +github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg= +github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE= github.com/OneOfOne/xxhash v1.2.2 h1:KMrpdQIwFcEqXDklaen+P1axHaj9BSKzvpUUfnHldSE= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= @@ -594,6 +596,7 @@ github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPx github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= +github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0= github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/slackhq/nebula v1.6.1 h1:/OCTR3abj0Sbf2nGoLUrdDXImrCv0ZVFpVPP5qa0DsM= @@ -646,8 +649,8 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= -github.com/tailscale/tscert v0.0.0-20220316030059-54bbcb9f74e2 h1:xwMw7LFhV9dbvot9A7NLClP9udqbjrQlIwWMH8e7uiQ= -github.com/tailscale/tscert v0.0.0-20220316030059-54bbcb9f74e2/go.mod h1:hL4gB6APAasMR2NNi/JHzqKkxW3EPQlFgLEq9PMi2t0= +github.com/tailscale/tscert v0.0.0-20230124224810-c6dc1f4049b2 h1:TrgfmCXwtWyFw85UkRGXt9qZRzdzt3nWt2Rerdecn0w= +github.com/tailscale/tscert v0.0.0-20230124224810-c6dc1f4049b2/go.mod h1:kNGUQ3VESx3VZwRwA9MSCUegIl6+saPL8Noq82ozCaU= github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= @@ -664,6 +667,7 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.5/go.mod h1:rmuwmfZ0+bvzB24eSC//bk1R1Zp3hM0OXYv/G2LIilg= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/yuin/goldmark v1.5.2 h1:ALmeCk/px5FSm1MAcFBAsVKZjDuMVj8Tm7FFIlMJnqU= github.com/yuin/goldmark v1.5.2/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/yuin/goldmark-highlighting v0.0.0-20220208100518-594be1970594 h1:yHfZyN55+5dp1wG7wDKv8HQ044moxkyGq12KFFMFDxg= @@ -751,6 +755,7 @@ golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20201203163018-be400aefbc4c/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20221005025214-4161e89ecf1b h1:huxqepDufQpLLIRXiVkTvnxrzJlpwmIWAObmcCcUFr0= golang.org/x/crypto v0.0.0-20221005025214-4161e89ecf1b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= @@ -832,8 +837,7 @@ golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220630215102-69896b714898/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0= -golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.5.0 h1:GyT4nK/YDHSqa1c4753ouYCDajOYKTja9Xb/OHtgvSw= golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -855,6 +859,7 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 h1:uVc8UZUe6tr40fFVnUP5Oj+veunVezqYl9z7DYw9xzw= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20170728174421-0f826bdd13b5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -918,15 +923,12 @@ golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.1.1-0.20221102194838-fc697a31fa06 h1:E1pm64FqQa4v8dHd/bAneyMkR4hk8LTJhoSlc5mc1cM= -golang.org/x/sys v0.1.1-0.20221102194838-fc697a31fa06/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.4.0 h1:Zr2JFtRQNX3BCZ8YtxRE9hNJYC8J6I1MVbMg6owUp18= golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.1.0 h1:g6Z6vPFA9dYBAF7DWcH6sCcOntplXsDKcliusYijMlw= -golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.4.0 h1:O7UWfv5+A2qiuulQk30kVinPoMtoIPeVaKLEgLpVkvg= golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -937,8 +939,6 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg= -golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.6.0 h1:3XmdazWV+ubf7QgHSTWeykHOci5oeekaGJBLkrkaw4k= golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= From 962310204f088a74719a48fa2dc76e76934dfa09 Mon Sep 17 00:00:00 2001 From: David Frickert Date: Wed, 25 Jan 2023 07:26:44 +0000 Subject: [PATCH 0905/1498] tracing: Support placeholders in span name (#5329) Fixes https://github.com/caddyserver/caddy/issues/5171 --- modules/caddyhttp/tracing/module_test.go | 14 +++++++++++--- modules/caddyhttp/tracing/tracer.go | 13 ++++++++++++- 2 files changed, 23 insertions(+), 4 deletions(-) diff --git a/modules/caddyhttp/tracing/module_test.go b/modules/caddyhttp/tracing/module_test.go index 0fbc05bb..2a775fc1 100644 --- a/modules/caddyhttp/tracing/module_test.go +++ b/modules/caddyhttp/tracing/module_test.go @@ -98,7 +98,7 @@ func TestTracing_ServeHTTP_Propagation_Without_Initial_Headers(t *testing.T) { SpanName: "mySpan", } - req := httptest.NewRequest("GET", "https://example.com/foo", nil) + req := createRequestWithContext("GET", "https://example.com/foo") w := httptest.NewRecorder() var handler caddyhttp.HandlerFunc = func(writer http.ResponseWriter, request *http.Request) error { @@ -128,7 +128,7 @@ func TestTracing_ServeHTTP_Propagation_With_Initial_Headers(t *testing.T) { SpanName: "mySpan", } - req := httptest.NewRequest("GET", "https://example.com/foo", nil) + req := createRequestWithContext("GET", "https://example.com/foo") req.Header.Set("traceparent", "00-11111111111111111111111111111111-1111111111111111-01") w := httptest.NewRecorder() @@ -159,7 +159,7 @@ func TestTracing_ServeHTTP_Next_Error(t *testing.T) { SpanName: "mySpan", } - req := httptest.NewRequest("GET", "https://example.com/foo", nil) + req := createRequestWithContext("GET", "https://example.com/foo") w := httptest.NewRecorder() expectErr := errors.New("test error") @@ -180,3 +180,11 @@ func TestTracing_ServeHTTP_Next_Error(t *testing.T) { t.Errorf("expected error, got: %v", err) } } + +func createRequestWithContext(method string, url string) *http.Request { + r, _ := http.NewRequest(method, url, nil) + repl := caddy.NewReplacer() + ctx := context.WithValue(r.Context(), caddy.ReplacerCtxKey, repl) + r = r.WithContext(ctx) + return r +} diff --git a/modules/caddyhttp/tracing/tracer.go b/modules/caddyhttp/tracing/tracer.go index ddb01e82..e5c51073 100644 --- a/modules/caddyhttp/tracing/tracer.go +++ b/modules/caddyhttp/tracing/tracer.go @@ -69,7 +69,13 @@ func newOpenTelemetryWrapper( sdktrace.WithResource(res), ) - ot.handler = otelhttp.NewHandler(http.HandlerFunc(ot.serveHTTP), ot.spanName, otelhttp.WithTracerProvider(tracerProvider), otelhttp.WithPropagators(ot.propagators)) + ot.handler = otelhttp.NewHandler(http.HandlerFunc(ot.serveHTTP), + ot.spanName, + otelhttp.WithTracerProvider(tracerProvider), + otelhttp.WithPropagators(ot.propagators), + otelhttp.WithSpanNameFormatter(ot.spanNameFormatter), + ) + return ot, nil } @@ -106,3 +112,8 @@ func (ot *openTelemetryWrapper) newResource( semconv.WebEngineVersionKey.String(webEngineVersion), )) } + +// spanNameFormatter performs the replacement of placeholders in the span name +func (ot *openTelemetryWrapper) spanNameFormatter(operation string, r *http.Request) string { + return r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer).ReplaceAll(operation, "") +} From e9d95ab29f6cbf24fd3f7f7fd439ab31e2797f93 Mon Sep 17 00:00:00 2001 From: "Y.Horie" Date: Wed, 25 Jan 2023 23:40:08 +0900 Subject: [PATCH 0906/1498] reverseproxy: Add flag to short command to disable redirects (#5330) Co-authored-by: Francis Lavoie Fixes undefined --- modules/caddyhttp/reverseproxy/command.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/caddyhttp/reverseproxy/command.go b/modules/caddyhttp/reverseproxy/command.go index ca621910..44f4c222 100644 --- a/modules/caddyhttp/reverseproxy/command.go +++ b/modules/caddyhttp/reverseproxy/command.go @@ -64,6 +64,7 @@ default, all incoming headers are passed through unmodified.) fs.Bool("insecure", false, "Disable TLS verification (WARNING: DISABLES SECURITY BY NOT VERIFYING SSL CERTIFICATES!)") fs.Bool("internal-certs", false, "Use internal CA for issuing certs") fs.Bool("debug", false, "Enable verbose debug logs") + fs.Bool("disable-redirects", false, "Disable HTTP->HTTPS redirects") return fs }(), }) @@ -77,6 +78,7 @@ func cmdReverseProxy(fs caddycmd.Flags) (int, error) { insecure := fs.Bool("insecure") internalCerts := fs.Bool("internal-certs") debug := fs.Bool("debug") + disableRedir := fs.Bool("disable-redirects") httpPort := strconv.Itoa(caddyhttp.DefaultHTTPPort) httpsPort := strconv.Itoa(caddyhttp.DefaultHTTPSPort) @@ -174,6 +176,8 @@ func cmdReverseProxy(fs caddycmd.Flags) (int, error) { if fromAddr.Scheme == "http" { server.AutoHTTPS = &caddyhttp.AutoHTTPSConfig{Disabled: true} + } else if disableRedir { + server.AutoHTTPS = &caddyhttp.AutoHTTPSConfig{DisableRedir: true} } httpApp := caddyhttp.App{ From 7f2a93e6c36ceec9e007baeedeb594ab0dc43a71 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Fri, 27 Jan 2023 14:56:39 -0500 Subject: [PATCH 0907/1498] caddyfile: Allow overriding server names (#5323) --- caddyconfig/httpcaddyfile/httptype.go | 2 +- caddyconfig/httpcaddyfile/serveroptions.go | 37 ++++++++- .../caddyfile_adapt/server_names.txt | 77 +++++++++++++++++++ 3 files changed, 114 insertions(+), 2 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/server_names.txt diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 00678ef2..43d756f6 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -706,7 +706,7 @@ func (st *ServerType) serversFromPairings( err := applyServerOptions(servers, options, warnings) if err != nil { - return nil, err + return nil, fmt.Errorf("applying global server options: %v", err) } return servers, nil diff --git a/caddyconfig/httpcaddyfile/serveroptions.go b/caddyconfig/httpcaddyfile/serveroptions.go index 7aa0a2a8..dca4ede7 100644 --- a/caddyconfig/httpcaddyfile/serveroptions.go +++ b/caddyconfig/httpcaddyfile/serveroptions.go @@ -33,6 +33,7 @@ type serverOptions struct { ListenerAddress string // These will all map 1:1 to the caddyhttp.Server struct + Name string ListenerWrappersRaw []json.RawMessage ReadTimeout caddy.Duration ReadHeaderTimeout caddy.Duration @@ -58,6 +59,15 @@ func unmarshalCaddyfileServerOptions(d *caddyfile.Dispenser) (any, error) { } for nesting := d.Nesting(); d.NextBlock(nesting); { switch d.Val() { + case "name": + if serverOpts.ListenerAddress == "" { + return nil, d.Errf("cannot set a name for a server without a listener address") + } + if !d.NextArg() { + return nil, d.ArgErr() + } + serverOpts.Name = d.Val() + case "listener_wrappers": for nesting := d.Nesting(); d.NextBlock(nesting); { modID := "caddy.listeners." + d.Val() @@ -248,7 +258,22 @@ func applyServerOptions( return nil } - for _, server := range servers { + // check for duplicate names, which would clobber the config + existingNames := map[string]bool{} + for _, opts := range serverOpts { + if opts.Name == "" { + continue + } + if existingNames[opts.Name] { + return fmt.Errorf("cannot use duplicate server name '%s'", opts.Name) + } + existingNames[opts.Name] = true + } + + // collect the server name overrides + nameReplacements := map[string]string{} + + for key, server := range servers { // find the options that apply to this server opts := func() *serverOptions { for _, entry := range serverOpts { @@ -287,6 +312,16 @@ func applyServerOptions( } server.Logs.ShouldLogCredentials = opts.ShouldLogCredentials } + + if opts.Name != "" { + nameReplacements[key] = opts.Name + } + } + + // rename the servers if marked to do so + for old, new := range nameReplacements { + servers[new] = servers[old] + delete(servers, old) } return nil diff --git a/caddytest/integration/caddyfile_adapt/server_names.txt b/caddytest/integration/caddyfile_adapt/server_names.txt new file mode 100644 index 00000000..e43eb8c0 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/server_names.txt @@ -0,0 +1,77 @@ +{ + servers :443 { + name https + } + + servers :8000 { + name app1 + } + + servers :8001 { + name app2 + } + + servers 123.123.123.123:8002 { + name bind-server + } +} + +example.com { +} + +:8000 { +} + +:8001, :8002 { +} + +:8002 { + bind 123.123.123.123 222.222.222.222 +} +---------- +{ + "apps": { + "http": { + "servers": { + "app1": { + "listen": [ + ":8000" + ] + }, + "app2": { + "listen": [ + ":8001" + ] + }, + "bind-server": { + "listen": [ + "123.123.123.123:8002", + "222.222.222.222:8002" + ] + }, + "https": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "example.com" + ] + } + ], + "terminal": true + } + ] + }, + "srv4": { + "listen": [ + ":8002" + ] + } + } + } + } +} \ No newline at end of file From d73660f7c338cf4d12ba82c07e14df7f53593ea5 Mon Sep 17 00:00:00 2001 From: "Y.Horie" Date: Sat, 28 Jan 2023 13:31:37 +0900 Subject: [PATCH 0908/1498] httpcaddyfile: Add persist_config global option (#5339) Co-authored-by: Francis Lavoie --- caddyconfig/httpcaddyfile/httptype.go | 11 ++++++ caddyconfig/httpcaddyfile/options.go | 16 +++++++++ ..._options_admin_with_persist_config_off.txt | 36 +++++++++++++++++++ .../global_options_persist_config.txt | 25 +++++++++++++ 4 files changed, 88 insertions(+) create mode 100644 caddytest/integration/caddyfile_adapt/global_options_admin_with_persist_config_off.txt create mode 100644 caddytest/integration/caddyfile_adapt/global_options_persist_config.txt diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go index 43d756f6..50e98ac6 100644 --- a/caddyconfig/httpcaddyfile/httptype.go +++ b/caddyconfig/httpcaddyfile/httptype.go @@ -286,6 +286,17 @@ func (st ServerType) Setup(inputServerBlocks []caddyfile.ServerBlock, if adminConfig, ok := options["admin"].(*caddy.AdminConfig); ok && adminConfig != nil { cfg.Admin = adminConfig } + + if pc, ok := options["persist_config"].(string); ok && pc == "off" { + if cfg.Admin == nil { + cfg.Admin = new(caddy.AdminConfig) + } + if cfg.Admin.Config == nil { + cfg.Admin.Config = new(caddy.ConfigSettings) + } + cfg.Admin.Config.Persist = new(bool) + } + if len(customLogs) > 0 { if cfg.Logging == nil { cfg.Logging = &caddy.Logging{ diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go index 1775c93b..4e5212bf 100644 --- a/caddyconfig/httpcaddyfile/options.go +++ b/caddyconfig/httpcaddyfile/options.go @@ -54,6 +54,7 @@ func init() { RegisterGlobalOption("ocsp_stapling", parseOCSPStaplingOptions) RegisterGlobalOption("log", parseLogOptions) RegisterGlobalOption("preferred_chains", parseOptPreferredChains) + RegisterGlobalOption("persist_config", parseOptPersistConfig) } func parseOptTrue(d *caddyfile.Dispenser, _ any) (any, error) { return true, nil } @@ -386,6 +387,21 @@ func parseOptOnDemand(d *caddyfile.Dispenser, _ any) (any, error) { return ond, nil } +func parseOptPersistConfig(d *caddyfile.Dispenser, _ any) (any, error) { + d.Next() // consume parameter name + if !d.Next() { + return "", d.ArgErr() + } + val := d.Val() + if d.Next() { + return "", d.ArgErr() + } + if val != "off" { + return "", d.Errf("persist_config must be 'off'") + } + return val, nil +} + func parseOptAutoHTTPS(d *caddyfile.Dispenser, _ any) (any, error) { d.Next() // consume parameter name if !d.Next() { diff --git a/caddytest/integration/caddyfile_adapt/global_options_admin_with_persist_config_off.txt b/caddytest/integration/caddyfile_adapt/global_options_admin_with_persist_config_off.txt new file mode 100644 index 00000000..998fe223 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/global_options_admin_with_persist_config_off.txt @@ -0,0 +1,36 @@ +{ + http_port 8080 + persist_config off + admin { + origins localhost:2019 [::1]:2019 127.0.0.1:2019 192.168.10.128 + } +} + +:80 +---------- +{ + "admin": { + "listen": "localhost:2019", + "origins": [ + "localhost:2019", + "[::1]:2019", + "127.0.0.1:2019", + "192.168.10.128" + ], + "config": { + "persist": false + } + }, + "apps": { + "http": { + "http_port": 8080, + "servers": { + "srv0": { + "listen": [ + ":80" + ] + } + } + } + } +} diff --git a/caddytest/integration/caddyfile_adapt/global_options_persist_config.txt b/caddytest/integration/caddyfile_adapt/global_options_persist_config.txt new file mode 100644 index 00000000..c905b476 --- /dev/null +++ b/caddytest/integration/caddyfile_adapt/global_options_persist_config.txt @@ -0,0 +1,25 @@ +{ + persist_config off +} + +:8881 { +} +---------- +{ + "admin": { + "config": { + "persist": false + } + }, + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":8881" + ] + } + } + } + } +} From 0a3efd1641f07ceaa2035cedec1ba43448b2d520 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 30 Jan 2023 09:30:53 -0700 Subject: [PATCH 0909/1498] caddytls: Debug log for ask endpoint --- modules/caddytls/acmeissuer.go | 10 ++++++++-- modules/caddytls/automation.go | 3 +-- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go index 12e300ed..ca799817 100644 --- a/modules/caddytls/acmeissuer.go +++ b/modules/caddytls/acmeissuer.go @@ -495,7 +495,7 @@ func (iss *ACMEIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { // to see if a certificate can be obtained for name. // The certificate request should be denied if this // returns an error. -func onDemandAskRequest(ask string, name string) error { +func onDemandAskRequest(logger *zap.Logger, ask string, name string) error { askURL, err := url.Parse(ask) if err != nil { return fmt.Errorf("parsing ask URL: %v", err) @@ -504,13 +504,19 @@ func onDemandAskRequest(ask string, name string) error { qs.Set("domain", name) askURL.RawQuery = qs.Encode() - resp, err := onDemandAskClient.Get(askURL.String()) + askURLString := askURL.String() + resp, err := onDemandAskClient.Get(askURLString) if err != nil { return fmt.Errorf("error checking %v to determine if certificate for hostname '%s' should be allowed: %v", ask, name, err) } resp.Body.Close() + logger.Debug("response from ask endpoint", + zap.String("domain", name), + zap.String("url", askURLString), + zap.Int("status", resp.StatusCode)) + if resp.StatusCode < 200 || resp.StatusCode > 299 { return fmt.Errorf("%s: %w %s - non-2xx status code %d", name, errAskDenied, ask, resp.StatusCode) } diff --git a/modules/caddytls/automation.go b/modules/caddytls/automation.go index e80d3558..7f216d5e 100644 --- a/modules/caddytls/automation.go +++ b/modules/caddytls/automation.go @@ -174,8 +174,7 @@ func (ap *AutomationPolicy) Provision(tlsApp *TLS) error { if tlsApp.Automation != nil && tlsApp.Automation.OnDemand != nil && tlsApp.Automation.OnDemand.Ask != "" { - err := onDemandAskRequest(tlsApp.Automation.OnDemand.Ask, name) - if err != nil { + if err := onDemandAskRequest(tlsApp.logger, tlsApp.Automation.OnDemand.Ask, name); err != nil { // distinguish true errors from denials, because it's important to log actual errors if !errors.Is(err, errAskDenied) { tlsApp.logger.Error("request to 'ask' endpoint failed", From 201b9b41f98aa28d7d0ad223bf3614b78312690d Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Tue, 31 Jan 2023 03:07:57 -0500 Subject: [PATCH 0910/1498] chore: Fix warning "range variable captured by func literal" (#5348) --- modules/caddyhttp/matchers_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/caddyhttp/matchers_test.go b/modules/caddyhttp/matchers_test.go index 4d5538cd..4f5da69a 100644 --- a/modules/caddyhttp/matchers_test.go +++ b/modules/caddyhttp/matchers_test.go @@ -929,6 +929,7 @@ func TestVarREMatcher(t *testing.T) { expect: true, }, } { + i := i // capture range value tc := tc // capture range value t.Run(tc.desc, func(t *testing.T) { t.Parallel() From 8c0b49bf039bc0b6ab72b44ef0e1e6587c76ad2b Mon Sep 17 00:00:00 2001 From: Amis Shokoohi Date: Tue, 31 Jan 2023 19:54:44 +0330 Subject: [PATCH 0911/1498] cmd: `fmt` exit successfully after overwriting config file (#5351) Fixes https://github.com/caddyserver/caddy/issues/5349 --- cmd/commandfuncs.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go index bc4c2278..c5264ed4 100644 --- a/cmd/commandfuncs.go +++ b/cmd/commandfuncs.go @@ -558,7 +558,10 @@ func cmdFmt(fl Flags) (int, error) { if err := os.WriteFile(formatCmdConfigFile, output, 0600); err != nil { return caddy.ExitCodeFailedStartup, fmt.Errorf("overwriting formatted file: %v", err) } - } else if fl.Bool("diff") { + return caddy.ExitCodeSuccess, nil + } + + if fl.Bool("diff") { diff := difflib.Diff( strings.Split(string(input), "\n"), strings.Split(string(output), "\n")) From 94b8d56096b2581d6739b057655e7b895c8fd3bb Mon Sep 17 00:00:00 2001 From: Amis Shokoohi Date: Wed, 1 Feb 2023 00:57:35 +0330 Subject: [PATCH 0912/1498] cmd: Add `--envfile` flag to `validate` command (#5350) Fixes https://github.com/caddyserver/caddy/issues/5346 --- cmd/commandfuncs.go | 9 +++++++++ cmd/commands.go | 8 ++++++-- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go index c5264ed4..09accd0d 100644 --- a/cmd/commandfuncs.go +++ b/cmd/commandfuncs.go @@ -506,6 +506,15 @@ func cmdAdaptConfig(fl Flags) (int, error) { func cmdValidateConfig(fl Flags) (int, error) { validateCmdConfigFlag := fl.String("config") validateCmdAdapterFlag := fl.String("adapter") + runCmdLoadEnvfileFlag := fl.String("envfile") + + // load all additional envs as soon as possible + if runCmdLoadEnvfileFlag != "" { + if err := loadEnvFromFile(runCmdLoadEnvfileFlag); err != nil { + return caddy.ExitCodeFailedStartup, + fmt.Errorf("loading additional environment variables: %v", err) + } + } input, _, err := LoadConfig(validateCmdConfigFlag, validateCmdAdapterFlag) if err != nil { diff --git a/cmd/commands.go b/cmd/commands.go index 83d3c99a..9216b898 100644 --- a/cmd/commands.go +++ b/cmd/commands.go @@ -287,16 +287,20 @@ zero exit status will be returned.`, RegisterCommand(Command{ Name: "validate", Func: cmdValidateConfig, - Usage: "--config [--adapter ]", + Usage: "--config [--adapter ] [--envfile ]", Short: "Tests whether a configuration file is valid", Long: ` Loads and provisions the provided config, but does not start running it. This reveals any errors with the configuration through the loading and -provisioning stages.`, +provisioning stages. + +If --envfile is specified, an environment file with environment variables in +the KEY=VALUE format will be loaded into the Caddy process.`, Flags: func() *flag.FlagSet { fs := flag.NewFlagSet("validate", flag.ExitOnError) fs.String("config", "", "Input configuration file") fs.String("adapter", "", "Name of config adapter") + fs.String("envfile", "", "Environment file to load") return fs }(), }) From e62b5fb58619364051551a7ee614fb9949cfe69a Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 6 Feb 2023 11:29:20 -0500 Subject: [PATCH 0913/1498] chore: Build with Go 1.20, keep minimum at 1.18 for now (#5353) --- .github/workflows/ci.yml | 6 +++--- .github/workflows/cross-build.yml | 6 +++--- .github/workflows/release.yml | 6 +++--- go.mod | 17 ++++++++-------- go.sum | 34 +++++++++++++++++-------------- listeners.go | 6 +++--- modules/caddyhttp/app.go | 4 ++-- modules/caddyhttp/caddyhttp.go | 2 +- modules/caddyhttp/server.go | 4 ++-- 9 files changed, 45 insertions(+), 40 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 40b8d0ba..ba074198 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,7 +19,7 @@ jobs: fail-fast: false matrix: os: [ ubuntu-latest, macos-latest, windows-latest ] - go: [ '1.18', '1.19' ] + go: [ '1.18', '1.20' ] include: # Set the minimum Go patch version for the given Go minor @@ -27,8 +27,8 @@ jobs: - go: '1.18' GO_SEMVER: '~1.18.4' - - go: '1.19' - GO_SEMVER: '~1.19.0' + - go: '1.20' + GO_SEMVER: '~1.20.0' # Set some variables per OS, usable via ${{ matrix.VAR }} # CADDY_BIN_PATH: the path to the compiled Caddy binary, for artifact publishing diff --git a/.github/workflows/cross-build.yml b/.github/workflows/cross-build.yml index e8d07980..8b5e429a 100644 --- a/.github/workflows/cross-build.yml +++ b/.github/workflows/cross-build.yml @@ -16,13 +16,13 @@ jobs: fail-fast: false matrix: goos: ['android', 'linux', 'solaris', 'illumos', 'dragonfly', 'freebsd', 'openbsd', 'plan9', 'windows', 'darwin', 'netbsd'] - go: [ '1.19' ] + go: [ '1.20' ] include: # Set the minimum Go patch version for the given Go minor # Usable via ${{ matrix.GO_SEMVER }} - - go: '1.19' - GO_SEMVER: '~1.19.0' + - go: '1.20' + GO_SEMVER: '~1.20.0' runs-on: ubuntu-latest continue-on-error: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 955e8d86..d8ea96ba 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -11,13 +11,13 @@ jobs: strategy: matrix: os: [ ubuntu-latest ] - go: [ '1.19' ] + go: [ '1.20' ] include: # Set the minimum Go patch version for the given Go minor # Usable via ${{ matrix.GO_SEMVER }} - - go: '1.19' - GO_SEMVER: '~1.19.0' + - go: '1.20' + GO_SEMVER: '~1.20.0' runs-on: ${{ matrix.os }} # https://github.com/sigstore/cosign/issues/1258#issuecomment-1002251233 diff --git a/go.mod b/go.mod index c329bbdf..b762aee6 100644 --- a/go.mod +++ b/go.mod @@ -14,9 +14,9 @@ require ( github.com/google/uuid v1.3.0 github.com/klauspost/compress v1.15.11 github.com/klauspost/cpuid/v2 v2.1.2 - github.com/lucas-clemente/quic-go v0.31.0 github.com/mholt/acmez v1.0.4 github.com/prometheus/client_golang v1.12.2 + github.com/quic-go/quic-go v0.32.0 github.com/smallstep/certificates v0.23.0 github.com/smallstep/nosql v0.5.0 github.com/smallstep/truststore v0.12.0 @@ -30,7 +30,7 @@ require ( go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.4.0 go.opentelemetry.io/otel/sdk v1.4.0 go.uber.org/zap v1.23.0 - golang.org/x/crypto v0.0.0-20221005025214-4161e89ecf1b + golang.org/x/crypto v0.4.0 golang.org/x/net v0.5.0 golang.org/x/term v0.4.0 google.golang.org/genproto v0.0.0-20221027153422-115e99e71e1c @@ -45,9 +45,13 @@ require ( github.com/golang/mock v1.6.0 // indirect github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 // indirect github.com/onsi/ginkgo/v2 v2.2.0 // indirect + github.com/quic-go/qpack v0.4.0 // indirect + github.com/quic-go/qtls-go1-18 v0.2.0 // indirect + github.com/quic-go/qtls-go1-19 v0.2.0 // indirect + github.com/quic-go/qtls-go1-20 v0.1.0 // indirect github.com/rogpeppe/go-internal v1.9.0 // indirect github.com/x448/float16 v0.8.4 // indirect - golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e // indirect + golang.org/x/exp v0.0.0-20221205204356-47842c84f3db // indirect ) require ( @@ -90,9 +94,6 @@ require ( github.com/jackc/pgx/v4 v4.17.2 // indirect github.com/libdns/libdns v0.2.1 // indirect github.com/manifoldco/promptui v0.9.0 // indirect - github.com/marten-seemann/qpack v0.3.0 // indirect - github.com/marten-seemann/qtls-go1-18 v0.1.3 // indirect - github.com/marten-seemann/qtls-go1-19 v0.1.1 // indirect github.com/mattn/go-colorable v0.1.8 // indirect github.com/mattn/go-isatty v0.0.13 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect @@ -127,10 +128,10 @@ require ( go.step.sm/linkedca v0.19.0 // indirect go.uber.org/atomic v1.9.0 // indirect go.uber.org/multierr v1.6.0 // indirect - golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect + golang.org/x/mod v0.6.0 // indirect golang.org/x/sys v0.4.0 golang.org/x/text v0.6.0 // indirect - golang.org/x/tools v0.1.12 // indirect + golang.org/x/tools v0.2.0 // indirect google.golang.org/grpc v1.50.1 // indirect google.golang.org/protobuf v1.28.1 // indirect gopkg.in/square/go-jose.v2 v2.6.0 // indirect diff --git a/go.sum b/go.sum index 55f673b3..bc565631 100644 --- a/go.sum +++ b/go.sum @@ -434,18 +434,10 @@ github.com/libdns/libdns v0.2.1 h1:Wu59T7wSHRgtA0cfxC+n1c/e+O3upJGWytknkmFEDis= github.com/libdns/libdns v0.2.1/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40= github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= -github.com/lucas-clemente/quic-go v0.31.0 h1:MfNp3fk0wjWRajw6quMFA3ap1AVtlU+2mtwmbVogB2M= -github.com/lucas-clemente/quic-go v0.31.0/go.mod h1:0wFbizLgYzqHqtlyxyCaJKlE7bYgE6JQ+54TLd/Dq2g= github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/manifoldco/promptui v0.9.0 h1:3V4HzJk1TtXW1MTZMP7mdlwbBpIinw3HztaIlYthEiA= github.com/manifoldco/promptui v0.9.0/go.mod h1:ka04sppxSGFAtxX0qhlYQjISsg9mR4GWtQEhdbn6Pgg= -github.com/marten-seemann/qpack v0.3.0 h1:UiWstOgT8+znlkDPOg2+3rIuYXJ2CnGDkGUXN6ki6hE= -github.com/marten-seemann/qpack v0.3.0/go.mod h1:cGfKPBiP4a9EQdxCwEwI/GEeWAsjSekBvx/X8mh58+g= -github.com/marten-seemann/qtls-go1-18 v0.1.3 h1:R4H2Ks8P6pAtUagjFty2p7BVHn3XiwDAl7TTQf5h7TI= -github.com/marten-seemann/qtls-go1-18 v0.1.3/go.mod h1:mJttiymBAByA49mhlNZZGrH5u1uXYZJ+RW28Py7f4m4= -github.com/marten-seemann/qtls-go1-19 v0.1.1 h1:mnbxeq3oEyQxQXwI4ReCgW9DPoPR94sNlqWoDZnjRIE= -github.com/marten-seemann/qtls-go1-19 v0.1.1/go.mod h1:5HTDWtVudo/WFsHKRNuOhWlbdjrfs5JHrYb0wIJqGpI= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= @@ -568,6 +560,16 @@ github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4O github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0VU= github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= +github.com/quic-go/qpack v0.4.0 h1:Cr9BXA1sQS2SmDUWjSofMPNKmvF6IiIfDRmgU0w1ZCo= +github.com/quic-go/qpack v0.4.0/go.mod h1:UZVnYIfi5GRk+zI9UMaCPsmZ2xKJP7XBUvVyT1Knj9A= +github.com/quic-go/qtls-go1-18 v0.2.0 h1:5ViXqBZ90wpUcZS0ge79rf029yx0dYB0McyPJwqqj7U= +github.com/quic-go/qtls-go1-18 v0.2.0/go.mod h1:moGulGHK7o6O8lSPSZNoOwcLvJKJ85vVNc7oJFD65bc= +github.com/quic-go/qtls-go1-19 v0.2.0 h1:Cvn2WdhyViFUHoOqK52i51k4nDX8EwIh5VJiVM4nttk= +github.com/quic-go/qtls-go1-19 v0.2.0/go.mod h1:ySOI96ew8lnoKPtSqx2BlI5wCpUVPT05RMAlajtnyOI= +github.com/quic-go/qtls-go1-20 v0.1.0 h1:d1PK3ErFy9t7zxKsG3NXBJXZjp/kMLoIb3y/kV54oAI= +github.com/quic-go/qtls-go1-20 v0.1.0/go.mod h1:JKtK6mjbAVcUTN/9jZpvLbGxvdWIKS8uT7EiStoU1SM= +github.com/quic-go/quic-go v0.32.0 h1:lY02md31s1JgPiiyfqJijpu/UX/Iun304FI3yUqX7tA= +github.com/quic-go/quic-go v0.32.0/go.mod h1:/fCsKANhQIeD5l76c2JFU+07gVE3KaA0FP+0zMWwfwo= github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= @@ -757,8 +759,8 @@ golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20221005025214-4161e89ecf1b h1:huxqepDufQpLLIRXiVkTvnxrzJlpwmIWAObmcCcUFr0= -golang.org/x/crypto v0.0.0-20221005025214-4161e89ecf1b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.4.0 h1:UVQgzMY87xqpKNgb+kDsll2Igd33HszWHFLmpaRMq/8= +golang.org/x/crypto v0.4.0/go.mod h1:3quD/ATkf6oY+rnes5c3ExXTbLc8mueNue5/DoinL80= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -769,8 +771,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e h1:+WEEuIdZHnUeJJmEUjyYC2gfUMj69yZXw17EnHg/otA= -golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e/go.mod h1:Kr81I6Kryrl9sr8s2FK3vxD90NdsKWRuOIl2O4CvYbA= +golang.org/x/exp v0.0.0-20221205204356-47842c84f3db h1:D/cFflL63o2KSLJIwjlcIt8PR064j/xsmdEJL/YvY/o= +golang.org/x/exp v0.0.0-20221205204356-47842c84f3db/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -792,8 +794,9 @@ golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzB golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/mod v0.6.0 h1:b9gGHsz9/HhJ3HF5DHQytPpuwocVTChQJK3AvoLRD5I= +golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= golang.org/x/net v0.0.0-20170726083632-f5079bd7f6f7/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -858,8 +861,8 @@ golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 h1:uVc8UZUe6tr40fFVnUP5Oj+veunVezqYl9z7DYw9xzw= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sys v0.0.0-20170728174421-0f826bdd13b5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -996,8 +999,9 @@ golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.12 h1:VveCTK38A2rkS8ZqFY25HIDFscX5X9OoEhJd3quQmXU= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.2.0 h1:G6AHpWxTMGY1KyEYoAQ5WTtIekUUvDNjan3ugu60JvE= +golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA= golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/listeners.go b/listeners.go index ea03ca42..5bf85a08 100644 --- a/listeners.go +++ b/listeners.go @@ -30,8 +30,8 @@ import ( "syscall" "time" - "github.com/lucas-clemente/quic-go" - "github.com/lucas-clemente/quic-go/http3" + "github.com/quic-go/quic-go" + "github.com/quic-go/quic-go/http3" "go.uber.org/zap" ) @@ -462,7 +462,7 @@ func ListenQUIC(ln net.PacketConn, tlsConf *tls.Config, activeRequests *int64) ( // of closes) because closing the quic.EarlyListener doesn't actually close // the underlying PacketConn, but we need to for unix sockets since we dup // the file descriptor and thus need to close the original; track issue: - // https://github.com/lucas-clemente/quic-go/issues/3560#issuecomment-1258959608 + // https://github.com/quic-go/quic-go/issues/3560#issuecomment-1258959608 var unix *unixConn if uc, ok := ln.(*unixConn); ok { unix = uc diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go index d790284c..da25d372 100644 --- a/modules/caddyhttp/app.go +++ b/modules/caddyhttp/app.go @@ -574,7 +574,7 @@ func (app *App) Stop() error { // TODO: we have to manually close our listeners because quic-go won't // close listeners it didn't create along with the server itself... - // see https://github.com/lucas-clemente/quic-go/issues/3560 + // see https://github.com/quic-go/quic-go/issues/3560 for _, el := range server.h3listeners { if err := el.Close(); err != nil { app.logger.Error("HTTP/3 listener close", @@ -583,7 +583,7 @@ func (app *App) Stop() error { } } - // TODO: CloseGracefully, once implemented upstream (see https://github.com/lucas-clemente/quic-go/issues/2103) + // TODO: CloseGracefully, once implemented upstream (see https://github.com/quic-go/quic-go/issues/2103) if err := server.h3server.Close(); err != nil { app.logger.Error("HTTP/3 server shutdown", zap.Error(err), diff --git a/modules/caddyhttp/caddyhttp.go b/modules/caddyhttp/caddyhttp.go index c9cc9e6d..c497dc7a 100644 --- a/modules/caddyhttp/caddyhttp.go +++ b/modules/caddyhttp/caddyhttp.go @@ -232,7 +232,7 @@ func SanitizedPathJoin(root, reqPath string) string { root = "." } - path := filepath.Join(root, filepath.Clean("/"+reqPath)) + path := filepath.Join(root, path.Clean("/"+reqPath)) // filepath.Join also cleans the path, and cleaning strips // the trailing slash, so we need to re-add it afterwards. diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index f50abf0e..420cc4a0 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -33,8 +33,8 @@ import ( "github.com/caddyserver/caddy/v2/modules/caddyevents" "github.com/caddyserver/caddy/v2/modules/caddytls" "github.com/caddyserver/certmagic" - "github.com/lucas-clemente/quic-go" - "github.com/lucas-clemente/quic-go/http3" + "github.com/quic-go/quic-go" + "github.com/quic-go/quic-go/http3" "go.uber.org/zap" "go.uber.org/zap/zapcore" ) From ac83b7e218e3c3eb4ef26922196759434b130786 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 6 Feb 2023 12:55:16 -0500 Subject: [PATCH 0914/1498] admin: Add `CADDY_ADMIN` env var to override the default (#5332) --- admin.go | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/admin.go b/admin.go index d23c7db0..674d06a2 100644 --- a/admin.go +++ b/admin.go @@ -46,6 +46,17 @@ import ( "go.uber.org/zap/zapcore" ) +func init() { + // The hard-coded default `DefaultAdminListen` can be overidden + // by setting the `CADDY_ADMIN` environment variable. + // The environment variable may be used by packagers to change + // the default admin address to something more appropriate for + // that platform. See #5317 for discussion. + if env, exists := os.LookupEnv("CADDY_ADMIN"); exists { + DefaultAdminListen = env + } +} + // AdminConfig configures Caddy's API endpoint, which is used // to manage Caddy while it is running. type AdminConfig struct { @@ -57,7 +68,9 @@ type AdminConfig struct { // The address to which the admin endpoint's listener should // bind itself. Can be any single network address that can be - // parsed by Caddy. Accepts placeholders. Default: localhost:2019 + // parsed by Caddy. Accepts placeholders. + // Default: the value of the `CADDY_ADMIN` environment variable, + // or `localhost:2019` otherwise. Listen string `json:"listen,omitempty"` // If true, CORS headers will be emitted, and requests to the From 8d3a1b8bcbc36930ca3ad0a6b38604ceaa697ecb Mon Sep 17 00:00:00 2001 From: "Y.Horie" Date: Tue, 7 Feb 2023 03:29:03 +0900 Subject: [PATCH 0915/1498] caddyauth: Use singleflight for basic auth (#5344) * caddyauth: Add singleflight for basic auth * Fixes #5338 * it occurred the thunder herd problem like this https://medium.com/@mhrlife/avoid-duplicate-requests-while-filling-cache-98c687879f59 * Update modules/caddyhttp/caddyauth/basicauth.go Fix comment Co-authored-by: Francis Lavoie --------- Co-authored-by: Francis Lavoie Co-authored-by: Matt Holt --- go.mod | 1 + modules/caddyhttp/caddyauth/basicauth.go | 13 +++++++++++-- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index b762aee6..63cf4f2d 100644 --- a/go.mod +++ b/go.mod @@ -32,6 +32,7 @@ require ( go.uber.org/zap v1.23.0 golang.org/x/crypto v0.4.0 golang.org/x/net v0.5.0 + golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 golang.org/x/term v0.4.0 google.golang.org/genproto v0.0.0-20221027153422-115e99e71e1c gopkg.in/natefinch/lumberjack.v2 v2.0.0 diff --git a/modules/caddyhttp/caddyauth/basicauth.go b/modules/caddyhttp/caddyauth/basicauth.go index eb6fd592..f515a72c 100644 --- a/modules/caddyhttp/caddyauth/basicauth.go +++ b/modules/caddyhttp/caddyauth/basicauth.go @@ -26,6 +26,7 @@ import ( "time" "github.com/caddyserver/caddy/v2" + "golang.org/x/sync/singleflight" ) func init() { @@ -142,6 +143,7 @@ func (hba *HTTPBasicAuth) Provision(ctx caddy.Context) error { if hba.HashCache != nil { hba.HashCache.cache = make(map[string]bool) hba.HashCache.mu = new(sync.RWMutex) + hba.HashCache.g = new(singleflight.Group) } return nil @@ -190,12 +192,18 @@ func (hba HTTPBasicAuth) correctPassword(account Account, plaintextPassword []by if ok { return same, nil } - // slow track: do the expensive op, then add it to the cache - same, err := compare() + // but perform it in a singleflight group so that multiple + // parallel requests using the same password don't cause a + // thundering herd problem by all performing the same hashing + // operation before the first one finishes and caches it. + v, err, _ := hba.HashCache.g.Do(cacheKey, func() (any, error) { + return compare() + }) if err != nil { return false, err } + same = v.(bool) hba.HashCache.mu.Lock() if len(hba.HashCache.cache) >= 1000 { hba.HashCache.makeRoom() // keep cache size under control @@ -223,6 +231,7 @@ func (hba HTTPBasicAuth) promptForCredentials(w http.ResponseWriter, err error) // compute on every HTTP request. type Cache struct { mu *sync.RWMutex + g *singleflight.Group // map of concatenated hashed password + plaintext password + salt, to result cache map[string]bool From f6f1d8fc8931ae9ed9ed9b948b559a6149232fbc Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Mon, 6 Feb 2023 12:24:01 -0700 Subject: [PATCH 0916/1498] Run go.mod tidy --- go.mod | 2 +- go.sum | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 63cf4f2d..b1836303 100644 --- a/go.mod +++ b/go.mod @@ -32,7 +32,7 @@ require ( go.uber.org/zap v1.23.0 golang.org/x/crypto v0.4.0 golang.org/x/net v0.5.0 - golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 + golang.org/x/sync v0.1.0 golang.org/x/term v0.4.0 google.golang.org/genproto v0.0.0-20221027153422-115e99e71e1c gopkg.in/natefinch/lumberjack.v2 v2.0.0 diff --git a/go.sum b/go.sum index bc565631..5b19de8f 100644 --- a/go.sum +++ b/go.sum @@ -863,6 +863,7 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= +golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20170728174421-0f826bdd13b5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= From 12bcbe2c4924ecbf6730fc340a7a4250bddcc9be Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 6 Feb 2023 14:44:11 -0500 Subject: [PATCH 0917/1498] caddyhttp: Pluggable trusted proxy IP range sources (#5328) * caddyhttp: Pluggable trusted proxy IP range sources * Add request to the IPRangeSource interface --- caddyconfig/httpcaddyfile/serveroptions.go | 28 +++- .../global_server_options_single.txt | 21 +-- .../caddyfile_adapt/reverse_proxy_options.txt | 4 +- modules/caddyhttp/app.go | 23 +-- modules/caddyhttp/ip_range.go | 142 ++++++++++++++++++ modules/caddyhttp/server.go | 25 +-- 6 files changed, 188 insertions(+), 55 deletions(-) create mode 100644 modules/caddyhttp/ip_range.go diff --git a/caddyconfig/httpcaddyfile/serveroptions.go b/caddyconfig/httpcaddyfile/serveroptions.go index dca4ede7..eb57c58c 100644 --- a/caddyconfig/httpcaddyfile/serveroptions.go +++ b/caddyconfig/httpcaddyfile/serveroptions.go @@ -43,7 +43,7 @@ type serverOptions struct { MaxHeaderBytes int Protocols []string StrictSNIHost *bool - TrustedProxies []string + TrustedProxiesRaw json.RawMessage ShouldLogCredentials bool Metrics *caddyhttp.Metrics } @@ -188,13 +188,25 @@ func unmarshalCaddyfileServerOptions(d *caddyfile.Dispenser) (any, error) { serverOpts.StrictSNIHost = &boolVal case "trusted_proxies": - for d.NextArg() { - if d.Val() == "private_ranges" { - serverOpts.TrustedProxies = append(serverOpts.TrustedProxies, caddyhttp.PrivateRangesCIDR()...) - continue - } - serverOpts.TrustedProxies = append(serverOpts.TrustedProxies, d.Val()) + if !d.NextArg() { + return nil, d.Err("trusted_proxies expects an IP range source module name as its first argument") } + modID := "http.ip_sources." + d.Val() + unm, err := caddyfile.UnmarshalModule(d, modID) + if err != nil { + return nil, err + } + source, ok := unm.(caddyhttp.IPRangeSource) + if !ok { + return nil, fmt.Errorf("module %s (%T) is not an IP range source", modID, unm) + } + jsonSource := caddyconfig.JSONModuleObject( + source, + "source", + source.(caddy.Module).CaddyModule().ID.Name(), + nil, + ) + serverOpts.TrustedProxiesRaw = jsonSource case "metrics": if d.NextArg() { @@ -304,7 +316,7 @@ func applyServerOptions( server.MaxHeaderBytes = opts.MaxHeaderBytes server.Protocols = opts.Protocols server.StrictSNIHost = opts.StrictSNIHost - server.TrustedProxies = opts.TrustedProxies + server.TrustedProxiesRaw = opts.TrustedProxiesRaw server.Metrics = opts.Metrics if opts.ShouldLogCredentials { if server.Logs == nil { diff --git a/caddytest/integration/caddyfile_adapt/global_server_options_single.txt b/caddytest/integration/caddyfile_adapt/global_server_options_single.txt index f767ea74..d963604e 100644 --- a/caddytest/integration/caddyfile_adapt/global_server_options_single.txt +++ b/caddytest/integration/caddyfile_adapt/global_server_options_single.txt @@ -14,7 +14,7 @@ log_credentials protocols h1 h2 h2c h3 strict_sni_host - trusted_proxies private_ranges + trusted_proxies static private_ranges } } @@ -56,14 +56,17 @@ foo.com { } ], "strict_sni_host": true, - "trusted_proxies": [ - "192.168.0.0/16", - "172.16.0.0/12", - "10.0.0.0/8", - "127.0.0.1/8", - "fd00::/8", - "::1" - ], + "trusted_proxies": { + "ranges": [ + "192.168.0.0/16", + "172.16.0.0/12", + "10.0.0.0/8", + "127.0.0.1/8", + "fd00::/8", + "::1" + ], + "source": "static" + }, "logs": { "should_log_credentials": true }, diff --git a/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt b/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt index e05f1b90..b22333a4 100644 --- a/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt +++ b/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt @@ -1,4 +1,3 @@ - https://example.com { reverse_proxy /path https://localhost:54321 { header_up Host {upstream_hostport} @@ -24,13 +23,12 @@ https://example.com { max_conns_per_host 5 keepalive_idle_conns_per_host 2 keepalive_interval 30s - + tls_renegotiation freely tls_except_ports 8181 8182 } } } - ---------- { "apps": { diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go index da25d372..0ec80cef 100644 --- a/modules/caddyhttp/app.go +++ b/modules/caddyhttp/app.go @@ -20,9 +20,7 @@ import ( "fmt" "net" "net/http" - "net/netip" "strconv" - "strings" "sync" "time" @@ -224,22 +222,13 @@ func (app *App) Provision(ctx caddy.Context) error { srv.StrictSNIHost = &trueBool } - // parse trusted proxy CIDRs ahead of time - for _, str := range srv.TrustedProxies { - if strings.Contains(str, "/") { - ipNet, err := netip.ParsePrefix(str) - if err != nil { - return fmt.Errorf("parsing CIDR expression: '%s': %v", str, err) - } - srv.trustedProxies = append(srv.trustedProxies, ipNet) - } else { - ipAddr, err := netip.ParseAddr(str) - if err != nil { - return fmt.Errorf("invalid IP address: '%s': %v", str, err) - } - ipNew := netip.PrefixFrom(ipAddr, ipAddr.BitLen()) - srv.trustedProxies = append(srv.trustedProxies, ipNew) + // set up the trusted proxies source + for srv.TrustedProxiesRaw != nil { + val, err := ctx.LoadModule(srv, "TrustedProxiesRaw") + if err != nil { + return fmt.Errorf("loading trusted proxies modules: %v", err) } + srv.trustedProxies = val.(IPRangeSource) } // process each listener address diff --git a/modules/caddyhttp/ip_range.go b/modules/caddyhttp/ip_range.go new file mode 100644 index 00000000..b1db2547 --- /dev/null +++ b/modules/caddyhttp/ip_range.go @@ -0,0 +1,142 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package caddyhttp + +import ( + "fmt" + "net/http" + "net/netip" + "strings" + + "github.com/caddyserver/caddy/v2" + "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" +) + +func init() { + caddy.RegisterModule(StaticIPRange{}) +} + +// IPRangeSource gets a list of IP ranges. +// +// The request is passed as an argument to allow plugin implementations +// to have more flexibility. But, a plugin MUST NOT modify the request. +// The caller will have read the `r.RemoteAddr` before getting IP ranges. +// +// This should be a very fast function -- instant if possible. +// The list of IP ranges should be sourced as soon as possible if loaded +// from an external source (i.e. initially loaded during Provisioning), +// so that it's ready to be used when requests start getting handled. +// A read lock should probably be used to get the cached value if the +// ranges can change at runtime (e.g. periodically refreshed). +// Using a `caddy.UsagePool` may be a good idea to avoid having refetch +// the values when a config reload occurs, which would waste time. +// +// If the list of IP ranges cannot be sourced, then provisioning SHOULD +// fail. Getting the IP ranges at runtime MUST NOT fail, because it would +// cancel incoming requests. If refreshing the list fails, then the +// previous list of IP ranges should continue to be returned so that the +// server can continue to operate normally. +type IPRangeSource interface { + GetIPRanges(*http.Request) []netip.Prefix +} + +// StaticIPRange provides a static range of IP address prefixes (CIDRs). +type StaticIPRange struct { + // A static list of IP ranges (supports CIDR notation). + Ranges []string `json:"ranges,omitempty"` + + // Holds the parsed CIDR ranges from Ranges. + ranges []netip.Prefix +} + +// CaddyModule returns the Caddy module information. +func (StaticIPRange) CaddyModule() caddy.ModuleInfo { + return caddy.ModuleInfo{ + ID: "http.ip_sources.static", + New: func() caddy.Module { return new(StaticIPRange) }, + } +} + +func (s *StaticIPRange) Provision(ctx caddy.Context) error { + for _, str := range s.Ranges { + prefix, err := CIDRExpressionToPrefix(str) + if err != nil { + return err + } + s.ranges = append(s.ranges, prefix) + } + + return nil +} + +func (s *StaticIPRange) GetIPRanges(_ *http.Request) []netip.Prefix { + return s.ranges +} + +// UnmarshalCaddyfile implements caddyfile.Unmarshaler. +func (m *StaticIPRange) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { + if !d.Next() { + return nil + } + for d.NextArg() { + if d.Val() == "private_ranges" { + m.Ranges = append(m.Ranges, PrivateRangesCIDR()...) + continue + } + m.Ranges = append(m.Ranges, d.Val()) + } + return nil +} + +// CIDRExpressionToPrefix takes a string which could be either a +// CIDR expression or a single IP address, and returns a netip.Prefix. +func CIDRExpressionToPrefix(expr string) (netip.Prefix, error) { + // Having a slash means it should be a CIDR expression + if strings.Contains(expr, "/") { + prefix, err := netip.ParsePrefix(expr) + if err != nil { + return netip.Prefix{}, fmt.Errorf("parsing CIDR expression: '%s': %v", expr, err) + } + return prefix, nil + } + + // Otherwise it's likely a single IP address + parsed, err := netip.ParseAddr(expr) + if err != nil { + return netip.Prefix{}, fmt.Errorf("invalid IP address: '%s': %v", expr, err) + } + prefix := netip.PrefixFrom(parsed, parsed.BitLen()) + return prefix, nil +} + +// PrivateRangesCIDR returns a list of private CIDR range +// strings, which can be used as a configuration shortcut. +func PrivateRangesCIDR() []string { + return []string{ + "192.168.0.0/16", + "172.16.0.0/12", + "10.0.0.0/8", + "127.0.0.1/8", + "fd00::/8", + "::1", + } +} + +// Interface guards +var ( + _ caddy.Provisioner = (*StaticIPRange)(nil) + _ caddyfile.Unmarshaler = (*StaticIPRange)(nil) + _ IPRangeSource = (*StaticIPRange)(nil) +) diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index 420cc4a0..13ebbe61 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -118,7 +118,7 @@ type Server struct { // client authentication. StrictSNIHost *bool `json:"strict_sni_host,omitempty"` - // A list of IP ranges (supports CIDR notation) from which + // A module which provides a source of IP ranges, from which // requests should be trusted. By default, no proxies are // trusted. // @@ -128,7 +128,7 @@ type Server struct { // of needing to configure each of them. See the // `reverse_proxy` handler for example, which uses this // to trust sensitive incoming `X-Forwarded-*` headers. - TrustedProxies []string `json:"trusted_proxies,omitempty"` + TrustedProxiesRaw json.RawMessage `json:"trusted_proxies,omitempty" caddy:"namespace=http.ip_sources inline_key=source"` // Enables access logging and configures how access logs are handled // in this server. To minimally enable access logs, simply set this @@ -188,8 +188,7 @@ type Server struct { h3listeners []net.PacketConn // TODO: we have to hold these because quic-go won't close listeners it didn't create addresses []caddy.NetworkAddress - // Holds the parsed CIDR ranges from TrustedProxies - trustedProxies []netip.Prefix + trustedProxies IPRangeSource shutdownAt time.Time shutdownAtMu *sync.RWMutex @@ -751,7 +750,10 @@ func determineTrustedProxy(r *http.Request, s *Server) bool { } // Check if the client is a trusted proxy - for _, ipRange := range s.trustedProxies { + if s.trustedProxies == nil { + return false + } + for _, ipRange := range s.trustedProxies.GetIPRanges(r) { if ipRange.Contains(ipAddr) { return true } @@ -771,19 +773,6 @@ func cloneURL(from, to *url.URL) { } } -// PrivateRangesCIDR returns a list of private CIDR range -// strings, which can be used as a configuration shortcut. -func PrivateRangesCIDR() []string { - return []string{ - "192.168.0.0/16", - "172.16.0.0/12", - "10.0.0.0/8", - "127.0.0.1/8", - "fd00::/8", - "::1", - } -} - // Context keys for HTTP request context values. const ( // For referencing the server instance From c77a6bea66b30ea88cd991671bf67669c80ffcdd Mon Sep 17 00:00:00 2001 From: WeidiDeng Date: Tue, 7 Feb 2023 07:14:59 +0800 Subject: [PATCH 0918/1498] reverseproxy: Log status code and byte count for websockets (#5140) * log response size for websocket request * record size when using hijack bufio.Writer --- modules/caddyhttp/responsewriter.go | 35 ++++++++++++++++++--- modules/caddyhttp/reverseproxy/streaming.go | 15 ++++----- 2 files changed, 36 insertions(+), 14 deletions(-) diff --git a/modules/caddyhttp/responsewriter.go b/modules/caddyhttp/responsewriter.go index 0631229d..1b28cf0b 100644 --- a/modules/caddyhttp/responsewriter.go +++ b/modules/caddyhttp/responsewriter.go @@ -211,11 +211,7 @@ func (rr *responseRecorder) ReadFrom(r io.Reader) (int64, error) { var n int64 var err error if rr.stream { - if rf, ok := rr.ResponseWriter.(io.ReaderFrom); ok { - n, err = rf.ReadFrom(r) - } else { - n, err = io.Copy(rr.ResponseWriter, r) - } + n, err = rr.ResponseWriterWrapper.ReadFrom(r) } else { n, err = rr.buf.ReadFrom(r) } @@ -260,6 +256,35 @@ func (rr *responseRecorder) WriteResponse() error { return err } +func (rr *responseRecorder) Hijack() (net.Conn, *bufio.ReadWriter, error) { + conn, brw, err := rr.ResponseWriterWrapper.Hijack() + if err != nil { + return nil, nil, err + } + // Per http documentation, returned bufio.Writer is empty, but bufio.Read maybe not + conn = &hijackedConn{conn, rr} + brw.Writer.Reset(conn) + return conn, brw, nil +} + +// used to track the size of hijacked response writers +type hijackedConn struct { + net.Conn + rr *responseRecorder +} + +func (hc *hijackedConn) Write(p []byte) (int, error) { + n, err := hc.Conn.Write(p) + hc.rr.size += n + return n, err +} + +func (hc *hijackedConn) ReadFrom(r io.Reader) (int64, error) { + n, err := io.Copy(hc.Conn, r) + hc.rr.size += int(n) + return n, err +} + // ResponseRecorder is a http.ResponseWriter that records // responses instead of writing them to the client. See // docs for NewResponseRecorder for proper usage. diff --git a/modules/caddyhttp/reverseproxy/streaming.go b/modules/caddyhttp/reverseproxy/streaming.go index 834cb9e1..1db107af 100644 --- a/modules/caddyhttp/reverseproxy/streaming.go +++ b/modules/caddyhttp/reverseproxy/streaming.go @@ -74,27 +74,24 @@ func (h Handler) handleUpgradeResponse(logger *zap.Logger, rw http.ResponseWrite }() defer close(backConnCloseCh) + // write header first, response headers should not be counted in size + // like the rest of handler chain. + copyHeader(rw.Header(), res.Header) + rw.WriteHeader(res.StatusCode) + logger.Debug("upgrading connection") conn, brw, err := hj.Hijack() if err != nil { h.logger.Error("hijack failed on protocol switch", zap.Error(err)) return } - defer conn.Close() start := time.Now() defer func() { + conn.Close() logger.Debug("connection closed", zap.Duration("duration", time.Since(start))) }() - copyHeader(rw.Header(), res.Header) - - res.Header = rw.Header() - res.Body = nil // so res.Write only writes the headers; we have res.Body in backConn above - if err := res.Write(brw); err != nil { - h.logger.Debug("response write", zap.Error(err)) - return - } if err := brw.Flush(); err != nil { h.logger.Debug("response flush", zap.Error(err)) return From 536c28d4dc4b048d710bd37903857f0de15ab3c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Steffen=20Br=C3=BCheim?= Date: Wed, 8 Feb 2023 18:05:09 +0100 Subject: [PATCH 0919/1498] core: Support Windows absolute paths for UDS proxy upstreams (#5114) * added some tests for parseUpstreamDialAddress Test 4 fails because it produces "[[::1]]:80" instead of "[::1]:80" * support absolute windows path in unix reverse proxy address * make IsUnixNetwork public, support +h2c and reuse it * add new tests --- listen_unix.go | 4 +- listeners.go | 13 +- modules/caddyhttp/reverseproxy/addresses.go | 12 +- .../caddyhttp/reverseproxy/addresses_test.go | 244 ++++++++++++++++++ 4 files changed, 255 insertions(+), 18 deletions(-) create mode 100644 modules/caddyhttp/reverseproxy/addresses_test.go diff --git a/listen_unix.go b/listen_unix.go index dc955d89..7ea67452 100644 --- a/listen_unix.go +++ b/listen_unix.go @@ -34,7 +34,7 @@ import ( // reuseUnixSocket copies and reuses the unix domain socket (UDS) if we already // have it open; if not, unlink it so we can have it. No-op if not a unix network. func reuseUnixSocket(network, addr string) (any, error) { - if !isUnixNetwork(network) { + if !IsUnixNetwork(network) { return nil, nil } @@ -103,7 +103,7 @@ func listenTCPOrUnix(ctx context.Context, lnKey string, network, address string, // reusePort sets SO_REUSEPORT. Ineffective for unix sockets. func reusePort(network, address string, conn syscall.RawConn) error { - if isUnixNetwork(network) { + if IsUnixNetwork(network) { return nil } return conn.Control(func(descriptor uintptr) { diff --git a/listeners.go b/listeners.go index 5bf85a08..f9221444 100644 --- a/listeners.go +++ b/listeners.go @@ -205,7 +205,7 @@ func (na NetworkAddress) listen(ctx context.Context, portOffset uint, config net // IsUnixNetwork returns true if na.Network is // unix, unixgram, or unixpacket. func (na NetworkAddress) IsUnixNetwork() bool { - return isUnixNetwork(na.Network) + return IsUnixNetwork(na.Network) } // JoinHostPort is like net.JoinHostPort, but where the port @@ -289,8 +289,9 @@ func (na NetworkAddress) String() string { return JoinNetworkAddress(na.Network, na.Host, na.port()) } -func isUnixNetwork(netw string) bool { - return netw == "unix" || netw == "unixgram" || netw == "unixpacket" +// IsUnixNetwork returns true if the netw is a unix network. +func IsUnixNetwork(netw string) bool { + return strings.HasPrefix(netw, "unix") } // ParseNetworkAddress parses addr into its individual @@ -310,7 +311,7 @@ func ParseNetworkAddress(addr string) (NetworkAddress, error) { if network == "" { network = "tcp" } - if isUnixNetwork(network) { + if IsUnixNetwork(network) { return NetworkAddress{ Network: network, Host: host, @@ -353,7 +354,7 @@ func SplitNetworkAddress(a string) (network, host, port string, err error) { network = strings.ToLower(strings.TrimSpace(beforeSlash)) a = afterSlash } - if isUnixNetwork(network) { + if IsUnixNetwork(network) { host = a return } @@ -384,7 +385,7 @@ func JoinNetworkAddress(network, host, port string) string { if network != "" { a = network + "/" } - if (host != "" && port == "") || isUnixNetwork(network) { + if (host != "" && port == "") || IsUnixNetwork(network) { a += host } else if port != "" { a += net.JoinHostPort(host, port) diff --git a/modules/caddyhttp/reverseproxy/addresses.go b/modules/caddyhttp/reverseproxy/addresses.go index 4da47fbb..81521084 100644 --- a/modules/caddyhttp/reverseproxy/addresses.go +++ b/modules/caddyhttp/reverseproxy/addresses.go @@ -27,9 +27,6 @@ import ( // the dial address, including support for a scheme in front // as a shortcut for the port number, and a network type, // for example 'unix' to dial a unix socket. -// -// TODO: the logic in this function is kind of sensitive, we -// need to write tests before making any more changes to it func parseUpstreamDialAddress(upstreamAddr string) (string, string, error) { var network, scheme, host, port string @@ -79,19 +76,14 @@ func parseUpstreamDialAddress(upstreamAddr string) (string, string, error) { scheme, host, port = toURL.Scheme, toURL.Hostname(), toURL.Port() } else { - // extract network manually, since caddy.ParseNetworkAddress() will always add one - if beforeSlash, afterSlash, slashFound := strings.Cut(upstreamAddr, "/"); slashFound { - network = strings.ToLower(strings.TrimSpace(beforeSlash)) - upstreamAddr = afterSlash - } var err error - host, port, err = net.SplitHostPort(upstreamAddr) + network, host, port, err = caddy.SplitNetworkAddress(upstreamAddr) if err != nil { host = upstreamAddr } // we can assume a port if only a hostname is specified, but use of a // placeholder without a port likely means a port will be filled in - if port == "" && !strings.Contains(host, "{") { + if port == "" && !strings.Contains(host, "{") && !caddy.IsUnixNetwork(network) { port = "80" } } diff --git a/modules/caddyhttp/reverseproxy/addresses_test.go b/modules/caddyhttp/reverseproxy/addresses_test.go new file mode 100644 index 00000000..6355c757 --- /dev/null +++ b/modules/caddyhttp/reverseproxy/addresses_test.go @@ -0,0 +1,244 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package reverseproxy + +import "testing" + +func TestParseUpstreamDialAddress(t *testing.T) { + for i, tc := range []struct { + input string + expectHostPort string + expectScheme string + expectErr bool + }{ + { + input: "foo", + expectHostPort: "foo:80", + }, + { + input: "foo:1234", + expectHostPort: "foo:1234", + }, + { + input: "127.0.0.1", + expectHostPort: "127.0.0.1:80", + }, + { + input: "127.0.0.1:1234", + expectHostPort: "127.0.0.1:1234", + }, + { + input: "[::1]", + expectHostPort: "[::1]:80", + }, + { + input: "[::1]:1234", + expectHostPort: "[::1]:1234", + }, + { + input: "{foo}", + expectHostPort: "{foo}", + }, + { + input: "{foo}:80", + expectHostPort: "{foo}:80", + }, + { + input: "{foo}:{bar}", + expectHostPort: "{foo}:{bar}", + }, + { + input: "http://foo", + expectHostPort: "foo:80", + expectScheme: "http", + }, + { + input: "http://foo:1234", + expectHostPort: "foo:1234", + expectScheme: "http", + }, + { + input: "http://127.0.0.1", + expectHostPort: "127.0.0.1:80", + expectScheme: "http", + }, + { + input: "http://127.0.0.1:1234", + expectHostPort: "127.0.0.1:1234", + expectScheme: "http", + }, + { + input: "http://[::1]", + expectHostPort: "[::1]:80", + expectScheme: "http", + }, + { + input: "http://[::1]:80", + expectHostPort: "[::1]:80", + expectScheme: "http", + }, + { + input: "https://foo", + expectHostPort: "foo:443", + expectScheme: "https", + }, + { + input: "https://foo:1234", + expectHostPort: "foo:1234", + expectScheme: "https", + }, + { + input: "https://127.0.0.1", + expectHostPort: "127.0.0.1:443", + expectScheme: "https", + }, + { + input: "https://127.0.0.1:1234", + expectHostPort: "127.0.0.1:1234", + expectScheme: "https", + }, + { + input: "https://[::1]", + expectHostPort: "[::1]:443", + expectScheme: "https", + }, + { + input: "https://[::1]:1234", + expectHostPort: "[::1]:1234", + expectScheme: "https", + }, + { + input: "h2c://foo", + expectHostPort: "foo:80", + expectScheme: "h2c", + }, + { + input: "h2c://foo:1234", + expectHostPort: "foo:1234", + expectScheme: "h2c", + }, + { + input: "h2c://127.0.0.1", + expectHostPort: "127.0.0.1:80", + expectScheme: "h2c", + }, + { + input: "h2c://127.0.0.1:1234", + expectHostPort: "127.0.0.1:1234", + expectScheme: "h2c", + }, + { + input: "h2c://[::1]", + expectHostPort: "[::1]:80", + expectScheme: "h2c", + }, + { + input: "h2c://[::1]:1234", + expectHostPort: "[::1]:1234", + expectScheme: "h2c", + }, + { + input: "unix//var/php.sock", + expectHostPort: "unix//var/php.sock", + }, + { + input: "unix+h2c//var/grpc.sock", + expectHostPort: "unix//var/grpc.sock", + expectScheme: "h2c", + }, + { + input: "unix/{foo}", + expectHostPort: "unix/{foo}", + }, + { + input: "unix+h2c/{foo}", + expectHostPort: "unix/{foo}", + expectScheme: "h2c", + }, + { + input: "unix//foo/{foo}/bar", + expectHostPort: "unix//foo/{foo}/bar", + }, + { + input: "unix+h2c//foo/{foo}/bar", + expectHostPort: "unix//foo/{foo}/bar", + expectScheme: "h2c", + }, + { + input: "http://{foo}", + expectErr: true, + }, + { + input: "http:// :80", + expectErr: true, + }, + { + input: "http://localhost/path", + expectErr: true, + }, + { + input: "http://localhost?key=value", + expectErr: true, + }, + { + input: "http://localhost#fragment", + expectErr: true, + }, + { + input: "http://foo:443", + expectErr: true, + }, + { + input: "https://foo:80", + expectErr: true, + }, + { + input: "h2c://foo:443", + expectErr: true, + }, + { + input: `unix/c:\absolute\path`, + expectHostPort: `unix/c:\absolute\path`, + }, + { + input: `unix+h2c/c:\absolute\path`, + expectHostPort: `unix/c:\absolute\path`, + expectScheme: "h2c", + }, + { + input: "unix/c:/absolute/path", + expectHostPort: "unix/c:/absolute/path", + }, + { + input: "unix+h2c/c:/absolute/path", + expectHostPort: "unix/c:/absolute/path", + expectScheme: "h2c", + }, + } { + actualHostPort, actualScheme, err := parseUpstreamDialAddress(tc.input) + if tc.expectErr && err == nil { + t.Errorf("Test %d: Expected error but got %v", i, err) + } + if !tc.expectErr && err != nil { + t.Errorf("Test %d: Expected no error but got %v", i, err) + } + if actualHostPort != tc.expectHostPort { + t.Errorf("Test %d: Expected host and port '%s' but got '%s'", i, tc.expectHostPort, actualHostPort) + } + if actualScheme != tc.expectScheme { + t.Errorf("Test %d: Expected scheme '%s' but got '%s'", i, tc.expectScheme, actualScheme) + } + } +} From 90798f3eea6b7a219a9bb55f680919c0504263e3 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 8 Feb 2023 12:49:17 -0500 Subject: [PATCH 0920/1498] go.mod: Upgrade various dependencies (#5362) * chore: Upgrade various dependencies * Support CEL file matcher with no args * Document `http.request.orig_uri.path.*`, reorder placeholders in docs --------- Co-authored-by: Matt Holt --- go.mod | 67 ++++---- go.sum | 162 ++++++++++--------- modules/caddyhttp/app.go | 13 +- modules/caddyhttp/celmatcher.go | 4 +- modules/caddyhttp/fileserver/matcher.go | 29 ++-- modules/caddyhttp/fileserver/matcher_test.go | 4 +- modules/caddyhttp/templates/tplcontext.go | 4 +- modules/caddyhttp/tracing/tracer.go | 6 +- 8 files changed, 156 insertions(+), 133 deletions(-) diff --git a/go.mod b/go.mod index b1836303..25cd994a 100644 --- a/go.mod +++ b/go.mod @@ -4,43 +4,44 @@ go 1.18 require ( github.com/BurntSushi/toml v1.2.1 - github.com/Masterminds/sprig/v3 v3.2.2 - github.com/alecthomas/chroma v0.10.0 + github.com/Masterminds/sprig/v3 v3.2.3 + github.com/alecthomas/chroma/v2 v2.5.0 github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b github.com/caddyserver/certmagic v0.17.2 - github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac + github.com/dustin/go-humanize v1.0.1 github.com/go-chi/chi v4.1.2+incompatible - github.com/google/cel-go v0.12.5 + github.com/google/cel-go v0.13.0 github.com/google/uuid v1.3.0 - github.com/klauspost/compress v1.15.11 - github.com/klauspost/cpuid/v2 v2.1.2 + github.com/klauspost/compress v1.15.15 + github.com/klauspost/cpuid/v2 v2.2.3 github.com/mholt/acmez v1.0.4 - github.com/prometheus/client_golang v1.12.2 + github.com/prometheus/client_golang v1.14.0 github.com/quic-go/quic-go v0.32.0 - github.com/smallstep/certificates v0.23.0 + github.com/smallstep/certificates v0.23.2 github.com/smallstep/nosql v0.5.0 - github.com/smallstep/truststore v0.12.0 - github.com/spf13/cobra v1.6.0 + github.com/smallstep/truststore v0.12.1 + github.com/spf13/cobra v1.6.1 github.com/spf13/pflag v1.0.5 github.com/tailscale/tscert v0.0.0-20230124224810-c6dc1f4049b2 - github.com/yuin/goldmark v1.5.2 - github.com/yuin/goldmark-highlighting v0.0.0-20220208100518-594be1970594 - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.34.0 - go.opentelemetry.io/otel v1.9.0 + github.com/yuin/goldmark v1.5.4 + github.com/yuin/goldmark-highlighting/v2 v2.0.0-20220924101305-151362477c87 + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.39.0 + go.opentelemetry.io/otel v1.13.0 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.4.0 - go.opentelemetry.io/otel/sdk v1.4.0 - go.uber.org/zap v1.23.0 - golang.org/x/crypto v0.4.0 + go.opentelemetry.io/otel/sdk v1.13.0 + go.uber.org/zap v1.24.0 + golang.org/x/crypto v0.5.0 golang.org/x/net v0.5.0 golang.org/x/sync v0.1.0 - golang.org/x/term v0.4.0 - google.golang.org/genproto v0.0.0-20221027153422-115e99e71e1c - gopkg.in/natefinch/lumberjack.v2 v2.0.0 + golang.org/x/term v0.5.0 + google.golang.org/genproto v0.0.0-20230202175211-008b39050e57 + gopkg.in/natefinch/lumberjack.v2 v2.2.1 gopkg.in/yaml.v3 v3.0.1 ) require ( github.com/Microsoft/go-winio v0.6.0 // indirect + github.com/davecgh/go-spew v1.1.1 // indirect github.com/fxamacker/cbor/v2 v2.4.0 // indirect github.com/golang/glog v1.0.0 // indirect github.com/golang/mock v1.6.0 // indirect @@ -59,8 +60,8 @@ require ( filippo.io/edwards25519 v1.0.0 // indirect github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96 // indirect github.com/Masterminds/goutils v1.1.1 // indirect - github.com/Masterminds/semver/v3 v3.1.1 // indirect - github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20220418222510-f25a4f6275ed // indirect + github.com/Masterminds/semver/v3 v3.2.0 // indirect + github.com/antlr/antlr4/runtime/Go/antlr v1.4.10 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cenkalti/backoff/v4 v4.1.2 // indirect github.com/cespare/xxhash v1.1.0 // indirect @@ -71,7 +72,7 @@ require ( github.com/dgraph-io/badger/v2 v2.2007.4 // indirect github.com/dgraph-io/ristretto v0.1.0 // indirect github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13 // indirect - github.com/dlclark/regexp2 v1.4.0 // indirect + github.com/dlclark/regexp2 v1.7.0 // indirect github.com/felixge/httpsnoop v1.0.3 // indirect github.com/go-kit/kit v0.10.0 // indirect github.com/go-logfmt/logfmt v0.5.1 // indirect @@ -82,7 +83,7 @@ require ( github.com/golang/protobuf v1.5.2 // indirect github.com/golang/snappy v0.0.4 // indirect github.com/grpc-ecosystem/grpc-gateway v1.16.0 // indirect - github.com/huandu/xstrings v1.3.2 // indirect + github.com/huandu/xstrings v1.3.3 // indirect github.com/imdario/mergo v0.3.12 // indirect github.com/inconshreveable/mousetrap v1.0.1 // indirect github.com/jackc/chunkreader/v2 v2.0.1 // indirect @@ -105,9 +106,9 @@ require ( github.com/mitchellh/go-ps v1.0.0 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/pkg/errors v0.9.1 // indirect - github.com/prometheus/client_model v0.2.0 // indirect - github.com/prometheus/common v0.33.0 // indirect - github.com/prometheus/procfs v0.7.3 // indirect + github.com/prometheus/client_model v0.3.0 // indirect + github.com/prometheus/common v0.37.0 // indirect + github.com/prometheus/procfs v0.8.0 // indirect github.com/rs/xid v1.4.0 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/shopspring/decimal v1.2.0 // indirect @@ -116,24 +117,24 @@ require ( github.com/slackhq/nebula v1.6.1 // indirect github.com/spf13/cast v1.4.1 // indirect github.com/stoewer/go-strcase v1.2.0 // indirect - github.com/urfave/cli v1.22.10 // indirect + github.com/urfave/cli v1.22.12 // indirect go.etcd.io/bbolt v1.3.6 // indirect go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 // indirect go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.4.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.4.0 // indirect - go.opentelemetry.io/otel/metric v0.31.0 // indirect - go.opentelemetry.io/otel/trace v1.9.0 // indirect + go.opentelemetry.io/otel/metric v0.36.0 // indirect + go.opentelemetry.io/otel/trace v1.13.0 // indirect go.opentelemetry.io/proto/otlp v0.12.0 // indirect go.step.sm/cli-utils v0.7.5 // indirect - go.step.sm/crypto v0.23.1 + go.step.sm/crypto v0.23.2 go.step.sm/linkedca v0.19.0 // indirect go.uber.org/atomic v1.9.0 // indirect go.uber.org/multierr v1.6.0 // indirect golang.org/x/mod v0.6.0 // indirect - golang.org/x/sys v0.4.0 + golang.org/x/sys v0.5.0 golang.org/x/text v0.6.0 // indirect golang.org/x/tools v0.2.0 // indirect - google.golang.org/grpc v1.50.1 // indirect + google.golang.org/grpc v1.52.3 // indirect google.golang.org/protobuf v1.28.1 // indirect gopkg.in/square/go-jose.v2 v2.6.0 // indirect howett.net/plist v1.0.0 // indirect diff --git a/go.sum b/go.sum index 5b19de8f..abc9637c 100644 --- a/go.sum +++ b/go.sum @@ -13,19 +13,19 @@ cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKV cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= -cloud.google.com/go v0.105.0 h1:DNtEKRBAAzeS4KyIory52wWHuClNaXJ5x1F7xa4q+5Y= +cloud.google.com/go v0.107.0 h1:qkj22L7bgkl6vIeZDlOY2po43Mx/TIa2Wsa7VR+PEww= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= -cloud.google.com/go/compute v1.12.1 h1:gKVJMEyqV5c/UnpzjjQbo3Rjvvqpr9B1DFSbJC4OXr0= -cloud.google.com/go/compute/metadata v0.2.1 h1:efOwf5ymceDhK6PKMnnrTHP4pppY5L22mle96M1yP48= +cloud.google.com/go/compute v1.14.0 h1:hfm2+FfxVmnRlh6LpB7cg1ZNU+5edAHmW679JePztk0= +cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/iam v0.6.0 h1:nsqQC88kT5Iwlm4MeNGTpfMWddp6NB/UOLFTH6m1QfQ= -cloud.google.com/go/kms v1.6.0 h1:OWRZzrPmOZUzurjI2FBGtgY2mB1WaJkqhw6oIwSj0Yg= +cloud.google.com/go/iam v0.8.0 h1:E2osAkZzxI/+8pZcxVLcDtAQx/u+hZXVryUaYQ5O0Kk= +cloud.google.com/go/kms v1.8.0 h1:VrJLOsMRzW7IqTTYn+OYupqF3iKSE060Nrn+PECrYjg= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= @@ -49,11 +49,12 @@ github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy86 github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= github.com/Masterminds/semver/v3 v3.1.0/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= -github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc= github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= +github.com/Masterminds/semver/v3 v3.2.0 h1:3MEsd0SM6jqZojhjLWWeBY+Kcjy9i6MQAeY7YgDP83g= +github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= github.com/Masterminds/sprig/v3 v3.1.0/go.mod h1:ONGMf7UfYGAbMXCZmQLy8x3lCDIPrEZE/rU8pmrbihA= -github.com/Masterminds/sprig/v3 v3.2.2 h1:17jRggJu518dr3QaafizSXOjKYp94wKfABxUmyxvxX8= -github.com/Masterminds/sprig/v3 v3.2.2/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk= +github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA= +github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM= github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg= github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE= github.com/OneOfOne/xxhash v1.2.2 h1:KMrpdQIwFcEqXDklaen+P1axHaj9BSKzvpUUfnHldSE= @@ -62,16 +63,20 @@ github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWX github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g= github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= -github.com/alecthomas/chroma v0.10.0 h1:7XDcGkCQopCNKjZHfYrNLraA+M7e0fMiJ/Mfikbfjek= -github.com/alecthomas/chroma v0.10.0/go.mod h1:jtJATyUxlIORhUOFNA9NZDWGAQ8wpxQQqNSB4rjA/1s= +github.com/alecthomas/assert/v2 v2.2.1 h1:XivOgYcduV98QCahG8T5XTezV5bylXe+lBxLG2K2ink= +github.com/alecthomas/chroma/v2 v2.2.0/go.mod h1:vf4zrexSH54oEjJ7EdB65tGNHmH3pGZmVkgTP5RHvAs= +github.com/alecthomas/chroma/v2 v2.5.0 h1:CQCdj1BiBV17sD4Bd32b/Bzuiq/EqoNTrnIhyQAZ+Rk= +github.com/alecthomas/chroma/v2 v2.5.0/go.mod h1:yrkMI9807G1ROx13fhe1v6PN2DDeaR73L3d+1nmYQtw= +github.com/alecthomas/repr v0.0.0-20220113201626-b1b626ac65ae/go.mod h1:2kn6fqh/zIyPLmm3ugklbEi5hg5wS435eygvNfaDQL8= +github.com/alecthomas/repr v0.2.0 h1:HAzS41CIzNW5syS8Mf9UwXhNH1J9aix/BvDRf1Ml2Yk= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= -github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20220418222510-f25a4f6275ed h1:ue9pVfIcP+QMEjfgo/Ez4ZjNZfonGgR6NgjMaJMu1Cg= -github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20220418222510-f25a4f6275ed/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY= +github.com/antlr/antlr4/runtime/Go/antlr v1.4.10 h1:yL7+Jz0jTC6yykIK/Wh74gnTJnrGr5AyrNMXuA0gves= +github.com/antlr/antlr4/runtime/Go/antlr v1.4.10/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY= github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= @@ -83,7 +88,7 @@ github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b h1:uUXgbcPDK3KpW29o github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A= github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU= github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= -github.com/aws/aws-sdk-go v1.44.132 h1:+IjL9VoR0OXScQ5gyme9xjcolwUkd3uaH144f4Ao+4s= +github.com/aws/aws-sdk-go v1.44.185 h1:stasiou+Ucx2A0RyXRyPph4sLCBxVQK7DPPK8tNcl5g= github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= @@ -151,12 +156,13 @@ github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZm github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13 h1:fAjc9m62+UWV/WAFKLNi6ZS0675eEUC9y3AlwSbQu1Y= github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= -github.com/dlclark/regexp2 v1.4.0 h1:F1rxgk7p4uKjwIQxBs9oAXe5CqrXlCduYEJvrF4u93E= github.com/dlclark/regexp2 v1.4.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc= +github.com/dlclark/regexp2 v1.7.0 h1:7lJfhqlPssTb1WQx4yvTHN0uElPEv52sbaECrAQxjAo= +github.com/dlclark/regexp2 v1.7.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8= github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= -github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac h1:opbrjaN/L8gg6Xh5D04Tem+8xVcz6ajZlGCs49mQgyg= -github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= +github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= +github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= @@ -254,8 +260,8 @@ github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/cel-go v0.12.5 h1:DmzaiSgoaqGCjtpPQWl26/gND+yRpim56H1jCVev6d8= -github.com/google/cel-go v0.12.5/go.mod h1:Jk7ljRzLBhkmiAwBoUxB1sZSCVBAzkqPF25olK/iRDw= +github.com/google/cel-go v0.13.0 h1:z+8OBOcmh7IeKyqwT/6IlnMvy621fYUqnTVPEdegGlU= +github.com/google/cel-go v0.13.0/go.mod h1:K2hpQgEjDp18J76a2DKFRlPBPpgRZgi6EbnpDgIhJ8s= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= @@ -286,7 +292,7 @@ github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+ github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/enterprise-certificate-proxy v0.2.0 h1:y8Yozv7SZtlU//QXbezB6QkpuE6jMD2/gfzk4AftXjs= +github.com/googleapis/enterprise-certificate-proxy v0.2.1 h1:RY7tHKZcRlk788d5WSo/e83gOyyy742E8GSs771ySpg= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gax-go/v2 v2.7.0 h1:IcsPKeInNvYi7eqSaDjiZqDDKu5rsmunY0Y1YupQSSQ= @@ -324,10 +330,11 @@ github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I= github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= +github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= -github.com/huandu/xstrings v1.3.2 h1:L18LIDzqlW6xN2rEkpdV8+oL/IXWJ1APd+vsdYy4Wdw= -github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= +github.com/huandu/xstrings v1.3.3 h1:/Gcsuc1x8JVbJ9/rlye4xZnVAbEkGauT8lbebqcQws4= +github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= @@ -410,17 +417,17 @@ github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8 github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.12.3/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= -github.com/klauspost/compress v1.15.11 h1:Lcadnb3RKGin4FYM/orgq0qde+nc15E5Cbqg4B9Sx9c= -github.com/klauspost/compress v1.15.11/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM= -github.com/klauspost/cpuid/v2 v2.1.2 h1:XhdX4fqAJUA0yj+kUwMavO0hHrSPAecYdYf1ZmxHvak= -github.com/klauspost/cpuid/v2 v2.1.2/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= +github.com/klauspost/compress v1.15.15 h1:EF27CXIuDsYJ6mmvtBRlEuB2UVOqHG1tAXgZ7yIO+lw= +github.com/klauspost/compress v1.15.15/go.mod h1:ZcK2JAFqKOpnBlxcLsJzYfrS9X1akm9fHZNnD9+Vo/4= +github.com/klauspost/cpuid/v2 v2.2.3 h1:sxCkb+qR91z4vsqw4vGGZlDgPz3G7gjaLyK3V8y70BU= +github.com/klauspost/cpuid/v2 v2.2.3/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= @@ -535,31 +542,33 @@ github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeD github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= -github.com/prometheus/client_golang v1.12.2 h1:51L9cDoUHVrXx4zWYlcLQIZ+d+VXHgqnYKkIuq4g/34= -github.com/prometheus/client_golang v1.12.2/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= +github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw= +github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4= +github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w= github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA= github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= -github.com/prometheus/common v0.33.0 h1:rHgav/0a6+uYgGdNt3jwz8FNSesO/Hsang3O0T9A5SE= -github.com/prometheus/common v0.33.0/go.mod h1:gB3sOl7P0TvJabZpLY5uQMpUqRCPPCyRLCZYc7JZTNE= +github.com/prometheus/common v0.37.0 h1:ccBbHCgIiT9uSoFY0vX8H3zsNR5eLt17/RQLUvn8pXE= +github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= -github.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0VU= github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= +github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo= +github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4= github.com/quic-go/qpack v0.4.0 h1:Cr9BXA1sQS2SmDUWjSofMPNKmvF6IiIfDRmgU0w1ZCo= github.com/quic-go/qpack v0.4.0/go.mod h1:UZVnYIfi5GRk+zI9UMaCPsmZ2xKJP7XBUvVyT1Knj9A= github.com/quic-go/qtls-go1-18 v0.2.0 h1:5ViXqBZ90wpUcZS0ge79rf029yx0dYB0McyPJwqqj7U= @@ -606,12 +615,12 @@ github.com/slackhq/nebula v1.6.1/go.mod h1:UmkqnXe4O53QwToSl/gG7sM4BroQwAB7dd4hU github.com/smallstep/assert v0.0.0-20180720014142-de77670473b5/go.mod h1:TC9A4+RjIOS+HyTH7wG17/gSqVv95uDw2J64dQZx7RE= github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262 h1:unQFBIznI+VYD1/1fApl1A+9VcBk+9dcqGfnePY87LY= github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262/go.mod h1:MyOHs9Po2fbM1LHej6sBUT8ozbxmMOFG+E+rx/GSGuc= -github.com/smallstep/certificates v0.23.0 h1:f9oRG4Eswnqknnl7ue/xs6twc5sG7JdooOXsGZic6ek= -github.com/smallstep/certificates v0.23.0/go.mod h1:2LD5DhoohKaP8462Lti4Z7EF2xlbe6oTa+n2OR0E1Lo= +github.com/smallstep/certificates v0.23.2 h1:7KSx9WfZ3CILV0XlsTrl+PK58YE4CHSgqobB6+ieQWs= +github.com/smallstep/certificates v0.23.2/go.mod h1:YuQAlNuYrRA5z+meSH9D0XsUFH45TyAhNgyV5kYuQpQ= github.com/smallstep/nosql v0.5.0 h1:1BPyHy8bha8qSaxgULGEdqhXpNFXimAfudnauFVqmxw= github.com/smallstep/nosql v0.5.0/go.mod h1:yKZT5h7cdIVm6wEKM9+jN5dgK80Hljpuy8HNsnI7Gzo= -github.com/smallstep/truststore v0.12.0 h1:973Aa6fA7Ob/GCxqziosDzkQq6tV0Le6IUe4sikyW+U= -github.com/smallstep/truststore v0.12.0/go.mod h1:HwHKRcBi0RUxxw1LYDpTRhYC4jZUuxPpkHdVonlkoDM= +github.com/smallstep/truststore v0.12.1 h1:guLUKkc1UlsXeS3t6BuVMa4leOOpdiv02PCRTiy1WdY= +github.com/smallstep/truststore v0.12.1/go.mod h1:M4mebeNy28KusGX3lJxpLARIktLcyqBOrj3ZiZ46pqw= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= @@ -626,8 +635,8 @@ github.com/spf13/cast v1.4.1 h1:s0hze+J0196ZfEMTs80N7UlFt0BDuQ7Q+JDnHiMWKdA= github.com/spf13/cast v1.4.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= -github.com/spf13/cobra v1.6.0 h1:42a0n6jwCot1pUmomAp4T7DeMD+20LFv4Q54pxLf2LI= -github.com/spf13/cobra v1.6.0/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY= +github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA= +github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= @@ -643,6 +652,7 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= @@ -651,6 +661,7 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/tailscale/tscert v0.0.0-20230124224810-c6dc1f4049b2 h1:TrgfmCXwtWyFw85UkRGXt9qZRzdzt3nWt2Rerdecn0w= github.com/tailscale/tscert v0.0.0-20230124224810-c6dc1f4049b2/go.mod h1:kNGUQ3VESx3VZwRwA9MSCUegIl6+saPL8Noq82ozCaU= github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= @@ -658,8 +669,8 @@ github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljT github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= -github.com/urfave/cli v1.22.10 h1:p8Fspmz3iTctJstry1PYS3HVdllxnEzTEsgIgtxTrCk= -github.com/urfave/cli v1.22.10/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= +github.com/urfave/cli v1.22.12 h1:igJgVw1JdKH+trcLWLeLwZjU9fEfPesQ+9/e4MQ44S8= +github.com/urfave/cli v1.22.12/go.mod h1:sSBEIC79qR6OvcmsD4U3KABeOTxDqQtdDnaFuUN30b8= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= @@ -668,12 +679,12 @@ github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= -github.com/yuin/goldmark v1.4.5/go.mod h1:rmuwmfZ0+bvzB24eSC//bk1R1Zp3hM0OXYv/G2LIilg= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -github.com/yuin/goldmark v1.5.2 h1:ALmeCk/px5FSm1MAcFBAsVKZjDuMVj8Tm7FFIlMJnqU= -github.com/yuin/goldmark v1.5.2/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -github.com/yuin/goldmark-highlighting v0.0.0-20220208100518-594be1970594 h1:yHfZyN55+5dp1wG7wDKv8HQ044moxkyGq12KFFMFDxg= -github.com/yuin/goldmark-highlighting v0.0.0-20220208100518-594be1970594/go.mod h1:U9ihbh+1ZN7fR5Se3daSPoz1CGF9IYtSvWwVQtnzGHU= +github.com/yuin/goldmark v1.4.15/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +github.com/yuin/goldmark v1.5.4 h1:2uY/xC0roWy8IBEGLgB1ywIoEJFGmRrX21YQcvGZzjU= +github.com/yuin/goldmark v1.5.4/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +github.com/yuin/goldmark-highlighting/v2 v2.0.0-20220924101305-151362477c87 h1:Py16JEzkSdKAtEFJjiaYLYBOWGXc1r/xHj/Q/5lA37k= +github.com/yuin/goldmark-highlighting/v2 v2.0.0-20220924101305-151362477c87/go.mod h1:ovIvrum6DQJA4QsJSovrkC4saKHQVs7TvcaeO8AIl5I= github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q= go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ= @@ -690,33 +701,34 @@ go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.23.0 h1:gqCw0LfLxScz8irSi8exQc7fyQ0fKQU/qnC/X8+V/1M= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.34.0 h1:9NkMW03wwEzPtP/KciZ4Ozu/Uz5ZA7kfqXJIObnrjGU= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.34.0/go.mod h1:548ZsYzmT4PL4zWKRd8q/N4z0Wxzn/ZxUE+lkEpwWQA= +go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.39.0 h1:vFEBG7SieZJzvnRWQ81jxpuEqe6J8Ex+hgc9CqOTzHc= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.39.0/go.mod h1:9rgTcOKdIhDOC0IcAu8a+R+FChqSUBihKpM1lVNi6T0= go.opentelemetry.io/otel v1.4.0/go.mod h1:jeAqMFKy2uLIxCtKxoFj0FAL5zAPKQagc3+GtBWakzk= -go.opentelemetry.io/otel v1.9.0 h1:8WZNQFIB2a71LnANS9JeyidJKKGOOremcUtb/OtHISw= -go.opentelemetry.io/otel v1.9.0/go.mod h1:np4EoPGzoPs3O67xUVNoPPcmSvsfOxNlNA4F4AC+0Eo= +go.opentelemetry.io/otel v1.13.0 h1:1ZAKnNQKwBBxFtww/GwxNUyTf0AxkZzrukO8MeXqe4Y= +go.opentelemetry.io/otel v1.13.0/go.mod h1:FH3RtdZCzRkJYFTCsAKDy9l/XYjMdNv6QrkFFB8DvVg= go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.4.0 h1:j7AwzDdAQBJjcqayAaYbvpYeZzII7cEe5qJTu+De6UY= go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.4.0/go.mod h1:VpP4/RMn8bv8gNo9uK7/IMY4mtWLELsS+JIP0inH0h4= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.4.0 h1:lRpP10E8oTGVmY1nVXcwelCT1Z8ca41/l5ce7AqLAss= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.4.0/go.mod h1:3oS+j2WUoJVyj6/BzQN/52G17lNJDulngsOxDm1w2PY= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.4.0 h1:buSx4AMC/0Z232slPhicN/fU5KIlj0bMngct5pcZhkI= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.4.0/go.mod h1:ew1NcwkHo0QFT3uTm3m2IVZMkZdVIpbOYNPasgWwpdk= -go.opentelemetry.io/otel/metric v0.31.0 h1:6SiklT+gfWAwWUR0meEMxQBtihpiEs4c+vL9spDTqUs= -go.opentelemetry.io/otel/metric v0.31.0/go.mod h1:ohmwj9KTSIeBnDBm/ZwH2PSZxZzoOaG2xZeekTRzL5A= -go.opentelemetry.io/otel/sdk v1.4.0 h1:LJE4SW3jd4lQTESnlpQZcBhQ3oci0U2MLR5uhicfTHQ= +go.opentelemetry.io/otel/metric v0.36.0 h1:t0lgGI+L68QWt3QtOIlqM9gXoxqxWLhZ3R/e5oOAY0Q= +go.opentelemetry.io/otel/metric v0.36.0/go.mod h1:wKVw57sd2HdSZAzyfOM9gTqqE8v7CbqWsYL6AyrH9qk= go.opentelemetry.io/otel/sdk v1.4.0/go.mod h1:71GJPNJh4Qju6zJuYl1CrYtXbrgfau/M9UAggqiy1UE= +go.opentelemetry.io/otel/sdk v1.13.0 h1:BHib5g8MvdqS65yo2vV1s6Le42Hm6rrw08qU6yz5JaM= +go.opentelemetry.io/otel/sdk v1.13.0/go.mod h1:YLKPx5+6Vx/o1TCUYYs+bpymtkmazOMT6zoRrC7AQ7I= go.opentelemetry.io/otel/trace v1.4.0/go.mod h1:uc3eRsqDfWs9R7b92xbQbU42/eTNz4N+gLP8qJCi4aE= -go.opentelemetry.io/otel/trace v1.9.0 h1:oZaCNJUjWcg60VXWee8lJKlqhPbXAPB51URuR47pQYc= -go.opentelemetry.io/otel/trace v1.9.0/go.mod h1:2737Q0MuG8q1uILYm2YYVkAyLtOofiTNGg6VODnOiPo= +go.opentelemetry.io/otel/trace v1.13.0 h1:CBgRZ6ntv+Amuj1jDsMhZtlAPT6gbyIRdaIzFhfBSdY= +go.opentelemetry.io/otel/trace v1.13.0/go.mod h1:muCvmmO9KKpvuXSf3KKAXXB2ygNYHQ+ZfI5X08d3tds= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.opentelemetry.io/proto/otlp v0.12.0 h1:CMJ/3Wp7iOWES+CYLfnBv+DVmPbB+kmy9PJ92XvlR6c= go.opentelemetry.io/proto/otlp v0.12.0/go.mod h1:TsIjwGWIx5VFYv9KGVlOpxoBl5Dy+63SUguV7GGvlSQ= go.step.sm/cli-utils v0.7.5 h1:jyp6X8k8mN1B0uWJydTid0C++8tQhm2kaaAdXKQQzdk= go.step.sm/cli-utils v0.7.5/go.mod h1:taSsY8haLmXoXM3ZkywIyRmVij/4Aj0fQbNTlJvv71I= go.step.sm/crypto v0.9.0/go.mod h1:+CYG05Mek1YDqi5WK0ERc6cOpKly2i/a5aZmU1sfGj0= -go.step.sm/crypto v0.23.1 h1:Yr9vlzjGqIKVi88KcpZtEcNTcpDkt1nVR7tumW4h+CU= -go.step.sm/crypto v0.23.1/go.mod h1:djAhDYpNAuWF2LkzbCVcf0JDy1UWgrxR3eQ7pQ8EQ/w= +go.step.sm/crypto v0.23.2 h1:XGmQH9Pkpxop47cjYlUhF10L5roPCbu1BCZXopbeW8I= +go.step.sm/crypto v0.23.2/go.mod h1:/IXGz8al8k7u7OV0RTWIi8TRVqO2FMyZVpedV+6Da6U= go.step.sm/linkedca v0.19.0 h1:xuagkR35wrJI2gnu6FAM+q3VmjwsHScvGcJsfZ0GdsI= go.step.sm/linkedca v0.19.0/go.mod h1:b7vWPrHfYLEOTSUZitFEcztVCpTc+ileIN85CwEAluM= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= @@ -739,8 +751,8 @@ go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= go.uber.org/zap v1.21.0/go.mod h1:wjWOCqI0f2ZZrJF/UufIOkiC8ii6tm1iqIsLo76RfJw= -go.uber.org/zap v1.23.0 h1:OjGQ5KQDEUawVHxNwQgPpiypGHOxo2mNZsOqTak4fFY= -go.uber.org/zap v1.23.0/go.mod h1:D+nX8jyLsMHMYrln8A0rJjFt/T/9/bGgIhAqxv5URuY= +go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60= +go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= @@ -759,8 +771,9 @@ golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.4.0 h1:UVQgzMY87xqpKNgb+kDsll2Igd33HszWHFLmpaRMq/8= -golang.org/x/crypto v0.4.0/go.mod h1:3quD/ATkf6oY+rnes5c3ExXTbLc8mueNue5/DoinL80= +golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= +golang.org/x/crypto v0.5.0 h1:U/0M97KRkSFvyD/3FSmdP5W5swImpNgle/EHFhOsQPE= +golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -841,6 +854,7 @@ golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220630215102-69896b714898/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.5.0 h1:GyT4nK/YDHSqa1c4753ouYCDajOYKTja9Xb/OHtgvSw= golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -928,13 +942,15 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.4.0 h1:Zr2JFtRQNX3BCZ8YtxRE9hNJYC8J6I1MVbMg6owUp18= -golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.4.0 h1:O7UWfv5+A2qiuulQk30kVinPoMtoIPeVaKLEgLpVkvg= -golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= +golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= +golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -943,6 +959,7 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.6.0 h1:3XmdazWV+ubf7QgHSTWeykHOci5oeekaGJBLkrkaw4k= golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -1026,7 +1043,7 @@ google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0M google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= -google.golang.org/api v0.102.0 h1:JxJl2qQ85fRMPNvlZY/enexbxpCjLwGhZUtgfGeQ51I= +google.golang.org/api v0.108.0 h1:WVBc/faN0DkKtR43Q/7+tPny9ZoLZdIiAyG5Q9vFClg= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1066,8 +1083,8 @@ google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7Fc google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20221027153422-115e99e71e1c h1:QgY/XxIAIeccR+Ca/rDdKubLIU9rcJ3xfy1DC/Wd2Oo= -google.golang.org/genproto v0.0.0-20221027153422-115e99e71e1c/go.mod h1:CGI5F/G+E5bKwmfYo09AXuVN4dD894kIKUFmVbP2/Fo= +google.golang.org/genproto v0.0.0-20230202175211-008b39050e57 h1:vArvWooPH749rNHpBGgVl+U9B9dATjiEhJzcWGlovNs= +google.golang.org/genproto v0.0.0-20230202175211-008b39050e57/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM= @@ -1089,8 +1106,8 @@ google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTp google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.43.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= -google.golang.org/grpc v1.50.1 h1:DS/BukOZWp8s6p4Dt/tOaJaTQyPyOoCcrjroHuCeLzY= -google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= +google.golang.org/grpc v1.52.3 h1:pf7sOysg4LdgBqduXveGKrcEwbStiK2rtfghdzlUYDQ= +google.golang.org/grpc v1.52.3/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -1116,8 +1133,8 @@ gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o= gopkg.in/inconshreveable/log15.v2 v2.0.0-20180818164646-67afb5ed74ec/go.mod h1:aPpfJ7XW+gOuirDoZ8gHhLh3kZ1B08FtV2bbmy7Jv3s= -gopkg.in/natefinch/lumberjack.v2 v2.0.0 h1:1Lc07Kr7qY4U2YPouBjpCLxpiyxIVoxqXgkXLknAOE8= -gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= +gopkg.in/natefinch/lumberjack.v2 v2.2.1 h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc= +gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI= @@ -1147,7 +1164,6 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -howett.net/plist v0.0.0-20181124034731-591f970eefbb/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0= howett.net/plist v1.0.0 h1:7CrbWYbPPO/PyNy38b2EB/+gYbjCe2DXBxgtOOZbSQM= howett.net/plist v1.0.0/go.mod h1:lqaXoTrLY4hg8tnEzNru53gicrbv7rrk+2xJA/7hw9g= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go index 0ec80cef..36a4011b 100644 --- a/modules/caddyhttp/app.go +++ b/modules/caddyhttp/app.go @@ -54,16 +54,17 @@ func init() { // `{http.request.duration_ms}` | Same as 'duration', but in milliseconds. // `{http.request.uuid}` | The request unique identifier // `{http.request.header.*}` | Specific request header field -// `{http.request.host.labels.*}` | Request host labels (0-based from right); e.g. for foo.example.com: 0=com, 1=example, 2=foo // `{http.request.host}` | The host part of the request's Host header +// `{http.request.host.labels.*}` | Request host labels (0-based from right); e.g. for foo.example.com: 0=com, 1=example, 2=foo // `{http.request.hostport}` | The host and port from the request's Host header // `{http.request.method}` | The request method // `{http.request.orig_method}` | The request's original method +// `{http.request.orig_uri}` | The request's original URI +// `{http.request.orig_uri.path}` | The request's original path +// `{http.request.orig_uri.path.*}` | Parts of the original path, split by `/` (0-based from left) // `{http.request.orig_uri.path.dir}` | The request's original directory // `{http.request.orig_uri.path.file}` | The request's original filename -// `{http.request.orig_uri.path}` | The request's original path // `{http.request.orig_uri.query}` | The request's original query string (without `?`) -// `{http.request.orig_uri}` | The request's original URI // `{http.request.port}` | The port part of the request's Host header // `{http.request.proto}` | The protocol of the request // `{http.request.remote.host}` | The host (IP) part of the remote client's address @@ -88,13 +89,13 @@ func init() { // `{http.request.tls.client.san.emails.*}` | SAN email addresses (index optional) // `{http.request.tls.client.san.ips.*}` | SAN IP addresses (index optional) // `{http.request.tls.client.san.uris.*}` | SAN URIs (index optional) +// `{http.request.uri}` | The full request URI +// `{http.request.uri.path}` | The path component of the request URI // `{http.request.uri.path.*}` | Parts of the path, split by `/` (0-based from left) // `{http.request.uri.path.dir}` | The directory, excluding leaf filename // `{http.request.uri.path.file}` | The filename of the path, excluding directory -// `{http.request.uri.path}` | The path component of the request URI -// `{http.request.uri.query.*}` | Individual query string value // `{http.request.uri.query}` | The query string (without `?`) -// `{http.request.uri}` | The full request URI +// `{http.request.uri.query.*}` | Individual query string value // `{http.response.header.*}` | Specific response header field // `{http.vars.*}` | Custom variables in the HTTP handler chain // `{http.shutting_down}` | True if the HTTP app is shutting down diff --git a/modules/caddyhttp/celmatcher.go b/modules/caddyhttp/celmatcher.go index 7f1cc02e..60ca00b6 100644 --- a/modules/caddyhttp/celmatcher.go +++ b/modules/caddyhttp/celmatcher.go @@ -124,7 +124,7 @@ func (m *MatchExpression) Provision(ctx caddy.Context) error { // create the CEL environment env, err := cel.NewEnv( - cel.Function(placeholderFuncName, cel.SingletonBinaryImpl(m.caddyPlaceholderFunc), cel.Overload( + cel.Function(placeholderFuncName, cel.SingletonBinaryBinding(m.caddyPlaceholderFunc), cel.Overload( placeholderFuncName+"_httpRequest_string", []*cel.Type{httpRequestObjectType, cel.StringType}, cel.AnyType, @@ -345,7 +345,7 @@ func CELMatcherImpl(macroName, funcName string, matcherDataTypes []*cel.Type, fa cel.Macros(macro), cel.Function(funcName, cel.Overload(funcName, append([]*cel.Type{requestType}, matcherDataTypes...), cel.BoolType), - cel.SingletonBinaryImpl(CELMatcherRuntimeFunction(funcName, fac))), + cel.SingletonBinaryBinding(CELMatcherRuntimeFunction(funcName, fac))), } programOptions := []cel.ProgramOption{ cel.CustomDecorator(CELMatcherDecorator(funcName, fac)), diff --git a/modules/caddyhttp/fileserver/matcher.go b/modules/caddyhttp/fileserver/matcher.go index 2989e4b2..1cdc87c7 100644 --- a/modules/caddyhttp/fileserver/matcher.go +++ b/modules/caddyhttp/fileserver/matcher.go @@ -163,6 +163,8 @@ func (m *MatchFile) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { // // Example: // +// expression file() +// expression file({http.request.uri.path}, '/index.php') // expression file({'root': '/srv', 'try_files': [{http.request.uri.path}, '/index.php'], 'try_policy': 'first_exist', 'split_path': ['.php']}) func (MatchFile) CELLibrary(ctx caddy.Context) (cel.Library, error) { requestType := cel.ObjectType("http.Request") @@ -199,7 +201,7 @@ func (MatchFile) CELLibrary(ctx caddy.Context) (cel.Library, error) { cel.Function("file", cel.Overload("file_request_map", []*cel.Type{requestType, caddyhttp.CELTypeJSON}, cel.BoolType)), cel.Function("file_request_map", cel.Overload("file_request_map", []*cel.Type{requestType, caddyhttp.CELTypeJSON}, cel.BoolType), - cel.SingletonBinaryImpl(caddyhttp.CELMatcherRuntimeFunction("file_request_map", matcherFactory))), + cel.SingletonBinaryBinding(caddyhttp.CELMatcherRuntimeFunction("file_request_map", matcherFactory))), } programOptions := []cel.ProgramOption{ @@ -212,18 +214,21 @@ func (MatchFile) CELLibrary(ctx caddy.Context) (cel.Library, error) { func celFileMatcherMacroExpander() parser.MacroExpander { return func(eh parser.ExprHelper, target *exprpb.Expr, args []*exprpb.Expr) (*exprpb.Expr, *common.Error) { if len(args) == 0 { - return nil, &common.Error{ - Message: "matcher requires at least one argument", - } + return eh.GlobalCall("file", + eh.Ident("request"), + eh.NewMap(), + ), nil } if len(args) == 1 { arg := args[0] if isCELStringLiteral(arg) || isCELCaddyPlaceholderCall(arg) { return eh.GlobalCall("file", eh.Ident("request"), - eh.NewMap( - eh.NewMapEntry(eh.LiteralString("try_files"), eh.NewList(arg)), - ), + eh.NewMap(eh.NewMapEntry( + eh.LiteralString("try_files"), + eh.NewList(arg), + false, + )), ), nil } if isCELTryFilesLiteral(arg) { @@ -245,11 +250,11 @@ func celFileMatcherMacroExpander() parser.MacroExpander { } return eh.GlobalCall("file", eh.Ident("request"), - eh.NewMap( - eh.NewMapEntry( - eh.LiteralString("try_files"), eh.NewList(args...), - ), - ), + eh.NewMap(eh.NewMapEntry( + eh.LiteralString("try_files"), + eh.NewList(args...), + false, + )), ), nil } } diff --git a/modules/caddyhttp/fileserver/matcher_test.go b/modules/caddyhttp/fileserver/matcher_test.go index 6ef86b7a..bab34cc6 100644 --- a/modules/caddyhttp/fileserver/matcher_test.go +++ b/modules/caddyhttp/fileserver/matcher_test.go @@ -292,8 +292,8 @@ var ( expression: &caddyhttp.MatchExpression{ Expr: `file()`, }, - urlTarget: "https://example.com/foo", - wantErr: true, + urlTarget: "https://example.com/foo.txt", + wantResult: true, }, { name: "file error bad try files (MatchFile)", diff --git a/modules/caddyhttp/templates/tplcontext.go b/modules/caddyhttp/templates/tplcontext.go index f681399c..ddad24f6 100644 --- a/modules/caddyhttp/templates/tplcontext.go +++ b/modules/caddyhttp/templates/tplcontext.go @@ -29,12 +29,12 @@ import ( "time" "github.com/Masterminds/sprig/v3" - "github.com/alecthomas/chroma/formatters/html" + "github.com/alecthomas/chroma/v2/formatters/html" "github.com/caddyserver/caddy/v2" "github.com/caddyserver/caddy/v2/modules/caddyhttp" "github.com/dustin/go-humanize" "github.com/yuin/goldmark" - highlighting "github.com/yuin/goldmark-highlighting" + highlighting "github.com/yuin/goldmark-highlighting/v2" "github.com/yuin/goldmark/extension" "github.com/yuin/goldmark/parser" gmhtml "github.com/yuin/goldmark/renderer/html" diff --git a/modules/caddyhttp/tracing/tracer.go b/modules/caddyhttp/tracing/tracer.go index e5c51073..d113a567 100644 --- a/modules/caddyhttp/tracing/tracer.go +++ b/modules/caddyhttp/tracing/tracer.go @@ -13,7 +13,7 @@ import ( "go.opentelemetry.io/otel/propagation" "go.opentelemetry.io/otel/sdk/resource" sdktrace "go.opentelemetry.io/otel/sdk/trace" - semconv "go.opentelemetry.io/otel/semconv/v1.7.0" + semconv "go.opentelemetry.io/otel/semconv/v1.17.0" "go.uber.org/zap" ) @@ -108,8 +108,8 @@ func (ot *openTelemetryWrapper) newResource( webEngineVersion string, ) (*resource.Resource, error) { return resource.Merge(resource.Default(), resource.NewSchemaless( - semconv.WebEngineNameKey.String(webEngineName), - semconv.WebEngineVersionKey.String(webEngineVersion), + semconv.WebEngineName(webEngineName), + semconv.WebEngineVersion(webEngineVersion), )) } From 4b119a475fa345e7d6eb44c71cdf7ab645bd381e Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Sat, 11 Feb 2023 17:25:29 -0700 Subject: [PATCH 0921/1498] reverseproxy: Don't buffer chunked requests (fix #5366) (#5367) * reverseproxy: Don't buffer chunked requests (fix #5366) Mostly reverts 845bc4d50b437995d574819850206e4b3db4040d (#5289) Adds warning for unsafe config. Deprecates unsafe properties in favor of simpler, safer designed ones. * Update modules/caddyhttp/reverseproxy/caddyfile.go Co-authored-by: Y.Horie * Update modules/caddyhttp/reverseproxy/reverseproxy.go Co-authored-by: Y.Horie * Update modules/caddyhttp/reverseproxy/reverseproxy.go Co-authored-by: Y.Horie * Remove unused code --------- Co-authored-by: Y.Horie --- modules/caddyhttp/reverseproxy/caddyfile.go | 49 +++++++---- .../caddyhttp/reverseproxy/reverseproxy.go | 84 +++++++++++-------- 2 files changed, 86 insertions(+), 47 deletions(-) diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index cd9b77cd..1211188d 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -521,19 +521,8 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { h.FlushInterval = caddy.Duration(dur) } - case "buffer_requests": - if d.NextArg() { - return d.ArgErr() - } - h.BufferRequests = true - - case "buffer_responses": - if d.NextArg() { - return d.ArgErr() - } - h.BufferResponses = true - - case "max_buffer_size": + case "request_buffers", "response_buffers": + subdir := d.Val() if !d.NextArg() { return d.ArgErr() } @@ -544,7 +533,39 @@ func (h *Handler) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { if d.NextArg() { return d.ArgErr() } - h.MaxBufferSize = int64(size) + if subdir == "request_buffers" { + h.RequestBuffers = int64(size) + } else if subdir == "response_buffers" { + h.ResponseBuffers = int64(size) + + } + + // TODO: These three properties are deprecated; remove them sometime after v2.6.4 + case "buffer_requests": // TODO: deprecated + if d.NextArg() { + return d.ArgErr() + } + caddy.Log().Named("config.adapter.caddyfile").Warn("DEPRECATED: buffer_requests: use request_buffers instead (with a maximum buffer size)") + h.DeprecatedBufferRequests = true + case "buffer_responses": // TODO: deprecated + if d.NextArg() { + return d.ArgErr() + } + caddy.Log().Named("config.adapter.caddyfile").Warn("DEPRECATED: buffer_responses: use response_buffers instead (with a maximum buffer size)") + h.DeprecatedBufferResponses = true + case "max_buffer_size": // TODO: deprecated + if !d.NextArg() { + return d.ArgErr() + } + size, err := humanize.ParseBytes(d.Val()) + if err != nil { + return d.Errf("invalid byte size '%s': %v", d.Val(), err) + } + if d.NextArg() { + return d.ArgErr() + } + caddy.Log().Named("config.adapter.caddyfile").Warn("DEPRECATED: max_buffer_size: use request_buffers and/or response_buffers instead (with maximum buffer sizes)") + h.DeprecatedMaxBufferSize = int64(size) case "trusted_proxies": for d.NextArg() { diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go index 88d98e82..1449785f 100644 --- a/modules/caddyhttp/reverseproxy/reverseproxy.go +++ b/modules/caddyhttp/reverseproxy/reverseproxy.go @@ -136,21 +136,27 @@ type Handler struct { // are also set implicitly. Headers *headers.Handler `json:"headers,omitempty"` - // If true, the entire request body will be read and buffered - // in memory before being proxied to the backend. This should - // be avoided if at all possible for performance reasons, but - // could be useful if the backend is intolerant of read latency. - BufferRequests bool `json:"buffer_requests,omitempty"` + // DEPRECATED: Do not use; will be removed. See request_buffers instead. + DeprecatedBufferRequests bool `json:"buffer_requests,omitempty"` - // If true, the entire response body will be read and buffered - // in memory before being proxied to the client. This should - // be avoided if at all possible for performance reasons, but + // DEPRECATED: Do not use; will be removed. See response_buffers instead. + DeprecatedBufferResponses bool `json:"buffer_responses,omitempty"` + + // DEPRECATED: Do not use; will be removed. See request_buffers and response_buffers instead. + DeprecatedMaxBufferSize int64 `json:"max_buffer_size,omitempty"` + + // If nonzero, the entire request body up to this size will be read + // and buffered in memory before being proxied to the backend. This + // should be avoided if at all possible for performance reasons, but + // could be useful if the backend is intolerant of read latency or + // chunked encodings. + RequestBuffers int64 `json:"request_buffers,omitempty"` + + // If nonzero, the entire response body up to this size will be read + // and buffered in memory before being proxied to the client. This + // should be avoided if at all possible for performance reasons, but // could be useful if the backend has tighter memory constraints. - BufferResponses bool `json:"buffer_responses,omitempty"` - - // If body buffering is enabled, the maximum size of the buffers - // used for the requests and responses (in bytes). - MaxBufferSize int64 `json:"max_buffer_size,omitempty"` + ResponseBuffers int64 `json:"response_buffers,omitempty"` // If configured, rewrites the copy of the upstream request. // Allows changing the request method and URI (path and query). @@ -221,11 +227,28 @@ func (h *Handler) Provision(ctx caddy.Context) error { h.connections = make(map[io.ReadWriteCloser]openConnection) h.connectionsMu = new(sync.Mutex) + // TODO: remove deprecated fields sometime after v2.6.4 + if h.DeprecatedBufferRequests { + h.logger.Warn("DEPRECATED: buffer_requests: this property will be removed soon; use request_buffers instead (and set a maximum buffer size)") + } + if h.DeprecatedBufferResponses { + h.logger.Warn("DEPRECATED: buffer_responses: this property will be removed soon; use response_buffers instead (and set a maximum buffer size)") + } + if h.DeprecatedMaxBufferSize != 0 { + h.logger.Warn("DEPRECATED: max_buffer_size: this property will be removed soon; use request_buffers and/or response_buffers instead (and set maximum buffer sizes)") + } + + // warn about unsafe buffering config + if h.RequestBuffers == -1 || h.ResponseBuffers == -1 { + h.logger.Warn("UNLIMITED BUFFERING: buffering is enabled without any cap on buffer size, which can result in OOM crashes") + } + // verify SRV compatibility - TODO: LookupSRV deprecated; will be removed for i, v := range h.Upstreams { if v.LookupSRV == "" { continue } + h.logger.Warn("DEPRECATED: lookup_srv: will be removed in a near-future version of Caddy; use the http.reverse_proxy.upstreams.srv module instead") if h.HealthChecks != nil && h.HealthChecks.Active != nil { return fmt.Errorf(`upstream: lookup_srv is incompatible with active health checks: %d: {"dial": %q, "lookup_srv": %q}`, i, v.Dial, v.LookupSRV) } @@ -622,9 +645,8 @@ func (h Handler) prepareRequest(req *http.Request, repl *caddy.Replacer) (*http. // attacks, so it is strongly recommended to only use this // feature if absolutely required, if read timeouts are // set, and if body size is limited - if (h.BufferRequests || isChunkedRequest(req)) && req.Body != nil { - req.Body, req.ContentLength = h.bufferedBody(req.Body) - req.Header.Set("Content-Length", strconv.FormatInt(req.ContentLength, 10)) + if h.RequestBuffers != 0 && req.Body != nil { + req.Body, _ = h.bufferedBody(req.Body, h.RequestBuffers) } if req.ContentLength == 0 { @@ -852,8 +874,8 @@ func (h *Handler) reverseProxy(rw http.ResponseWriter, req *http.Request, origRe } // if enabled, buffer the response body - if h.BufferResponses { - res.Body, _ = h.bufferedBody(res.Body) + if h.ResponseBuffers != 0 { + res.Body, _ = h.bufferedBody(res.Body, h.ResponseBuffers) } // see if any response handler is configured for this response from the backend @@ -1122,15 +1144,20 @@ func (h Handler) provisionUpstream(upstream *Upstream) { } } -// bufferedBody reads originalBody into a buffer, then returns a reader for the buffer. -// Always close the return value when done with it, just like if it was the original body! -func (h Handler) bufferedBody(originalBody io.ReadCloser) (io.ReadCloser, int64) { +// bufferedBody reads originalBody into a buffer with maximum size of limit (-1 for unlimited), +// then returns a reader for the buffer along with how many bytes were buffered. Always close +// the return value when done with it, just like if it was the original body! If limit is 0 +// (which it shouldn't be), this function returns its input; i.e. is a no-op, for safety. +func (h Handler) bufferedBody(originalBody io.ReadCloser, limit int64) (io.ReadCloser, int64) { + if limit == 0 { + return originalBody, 0 + } var written int64 buf := bufPool.Get().(*bytes.Buffer) buf.Reset() - if h.MaxBufferSize > 0 { - n, err := io.CopyN(buf, originalBody, h.MaxBufferSize) - if err != nil || n == h.MaxBufferSize { + if limit > 0 { + n, err := io.CopyN(buf, originalBody, limit) + if err != nil || n == limit { return bodyReadCloser{ Reader: io.MultiReader(buf, originalBody), buf: buf, @@ -1147,15 +1174,6 @@ func (h Handler) bufferedBody(originalBody io.ReadCloser) (io.ReadCloser, int64) }, written } -func isChunkedRequest(req *http.Request) bool { - for _, transferEncoding := range req.TransferEncoding { - if transferEncoding == "chunked" { - return true - } - } - return false -} - // cloneRequest makes a semi-deep clone of origReq. // // Most of this code is borrowed from the Go stdlib reverse proxy, From 0db29e2ce9799f652f3d16fd5aed6e426d23bd0a Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 14 Feb 2023 12:08:31 -0700 Subject: [PATCH 0922/1498] go.mod: Upgrade acmez and x/net x/net 0.7.0 contains a security patch apparently. --- go.mod | 6 +++--- go.sum | 18 ++++++------------ 2 files changed, 9 insertions(+), 15 deletions(-) diff --git a/go.mod b/go.mod index 25cd994a..517abfc2 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/google/uuid v1.3.0 github.com/klauspost/compress v1.15.15 github.com/klauspost/cpuid/v2 v2.2.3 - github.com/mholt/acmez v1.0.4 + github.com/mholt/acmez v1.1.0 github.com/prometheus/client_golang v1.14.0 github.com/quic-go/quic-go v0.32.0 github.com/smallstep/certificates v0.23.2 @@ -31,7 +31,7 @@ require ( go.opentelemetry.io/otel/sdk v1.13.0 go.uber.org/zap v1.24.0 golang.org/x/crypto v0.5.0 - golang.org/x/net v0.5.0 + golang.org/x/net v0.7.0 golang.org/x/sync v0.1.0 golang.org/x/term v0.5.0 google.golang.org/genproto v0.0.0-20230202175211-008b39050e57 @@ -132,7 +132,7 @@ require ( go.uber.org/multierr v1.6.0 // indirect golang.org/x/mod v0.6.0 // indirect golang.org/x/sys v0.5.0 - golang.org/x/text v0.6.0 // indirect + golang.org/x/text v0.7.0 // indirect golang.org/x/tools v0.2.0 // indirect google.golang.org/grpc v1.52.3 // indirect google.golang.org/protobuf v1.28.1 // indirect diff --git a/go.sum b/go.sum index abc9637c..13f90d61 100644 --- a/go.sum +++ b/go.sum @@ -91,7 +91,6 @@ github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN github.com/aws/aws-sdk-go v1.44.185 h1:stasiou+Ucx2A0RyXRyPph4sLCBxVQK7DPPK8tNcl5g= github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= -github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -465,8 +464,8 @@ github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0j github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d h1:5PJl274Y63IEHC+7izoQE9x6ikvDFZS2mDVS3drnohI= github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= -github.com/mholt/acmez v1.0.4 h1:N3cE4Pek+dSolbsofIkAYz6H1d3pE+2G0os7QHslf80= -github.com/mholt/acmez v1.0.4/go.mod h1:qFGLZ4u+ehWINeJZjzPlsnjJBCPAADWTcIqE/7DAYQY= +github.com/mholt/acmez v1.1.0 h1:IQ9CGHKOHokorxnffsqDvmmE30mDenO1lptYZ1AYkHY= +github.com/mholt/acmez v1.1.0/go.mod h1:zwo5+fbLLTowAX8o8ETfQzbDtwGEXnPhkmGdKIP+bgs= github.com/micromdm/scep/v2 v2.1.0 h1:2fS9Rla7qRR266hvUoEauBJ7J6FhgssEiq2OkSKXmaU= github.com/micromdm/scep/v2 v2.1.0/go.mod h1:BkF7TkPPhmgJAMtHfP+sFTKXmgzNJgLQlvvGoOExBcc= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= @@ -738,7 +737,6 @@ go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE= go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= go.uber.org/goleak v1.1.12 h1:gZAh5/EyT/HQwlpkCy6wTpqfH9H8Lz8zbm3dZh+OyzA= go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= @@ -750,7 +748,6 @@ go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9E go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= -go.uber.org/zap v1.21.0/go.mod h1:wjWOCqI0f2ZZrJF/UufIOkiC8ii6tm1iqIsLo76RfJw= go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60= go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= @@ -852,11 +849,10 @@ golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.0.0-20220630215102-69896b714898/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= -golang.org/x/net v0.5.0 h1:GyT4nK/YDHSqa1c4753ouYCDajOYKTja9Xb/OHtgvSw= -golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= +golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= +golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -960,8 +956,8 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.6.0 h1:3XmdazWV+ubf7QgHSTWeykHOci5oeekaGJBLkrkaw4k= -golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -1148,12 +1144,10 @@ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= From 5ded580444e9258cb35a9c94192d3c1d63e7b74f Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Thu, 16 Feb 2023 11:14:07 -0500 Subject: [PATCH 0923/1498] cmd: Adjust documentation for commands (#5377) --- cmd/commands.go | 30 ++++++++++++++--------- modules/caddyhttp/reverseproxy/command.go | 17 +++++++++---- 2 files changed, 31 insertions(+), 16 deletions(-) diff --git a/cmd/commands.go b/cmd/commands.go index 9216b898..9daabd14 100644 --- a/cmd/commands.go +++ b/cmd/commands.go @@ -91,14 +91,15 @@ the KEY=VALUE format will be loaded into the Caddy process. On Windows, the spawned child process will remain attached to the terminal, so closing the window will forcefully stop Caddy; to avoid forgetting this, try -using 'caddy run' instead to keep it in the foreground.`, +using 'caddy run' instead to keep it in the foreground. +`, Flags: func() *flag.FlagSet { fs := flag.NewFlagSet("start", flag.ExitOnError) fs.String("config", "", "Configuration file") - fs.String("envfile", "", "Environment file to load") fs.String("adapter", "", "Name of config adapter to apply") - fs.String("pidfile", "", "Path of file to which to write process ID") + fs.String("envfile", "", "Environment file to load") fs.Bool("watch", false, "Reload changed config file automatically") + fs.String("pidfile", "", "Path of file to which to write process ID") return fs }(), }) @@ -138,7 +139,8 @@ save file. It is not an error if --resume is used and no autosave file exists. If --watch is specified, the config file will be loaded automatically after changes. ⚠️ This can make unintentional config changes easier; only use this -option in a local development environment.`, +option in a local development environment. +`, Flags: func() *flag.FlagSet { fs := flag.NewFlagSet("run", flag.ExitOnError) fs.String("config", "", "Configuration file") @@ -163,7 +165,8 @@ Stops the background Caddy process as gracefully as possible. It requires that the admin API is enabled and accessible, since it will use the API's /stop endpoint. The address of this request can be customized -using the --address flag, or from the given --config, if not the default.`, +using the --address flag, or from the given --config, if not the default. +`, Flags: func() *flag.FlagSet { fs := flag.NewFlagSet("stop", flag.ExitOnError) fs.String("address", "", "The address to use to reach the admin API endpoint, if not the default") @@ -185,7 +188,8 @@ workflows revolving around config files. Since the admin endpoint is configurable, the endpoint configuration is loaded from the --address flag if specified; otherwise it is loaded from the given -config file; otherwise the default is assumed.`, +config file; otherwise the default is assumed. +`, Flags: func() *flag.FlagSet { fs := flag.NewFlagSet("reload", flag.ExitOnError) fs.String("config", "", "Configuration file (required)") @@ -273,7 +277,8 @@ for human readability. If --validate is used, the adapted config will be checked for validity. If the config is invalid, an error will be printed to stderr and a non- -zero exit status will be returned.`, +zero exit status will be returned. +`, Flags: func() *flag.FlagSet { fs := flag.NewFlagSet("adapt", flag.ExitOnError) fs.String("config", "", "Configuration file to adapt (required)") @@ -295,7 +300,8 @@ This reveals any errors with the configuration through the loading and provisioning stages. If --envfile is specified, an environment file with environment variables in -the KEY=VALUE format will be loaded into the Caddy process.`, +the KEY=VALUE format will be loaded into the Caddy process. +`, Flags: func() *flag.FlagSet { fs := flag.NewFlagSet("validate", flag.ExitOnError) fs.String("config", "", "Input configuration file") @@ -308,7 +314,7 @@ the KEY=VALUE format will be loaded into the Caddy process.`, RegisterCommand(Command{ Name: "fmt", Func: cmdFmt, - Usage: "[--overwrite] []", + Usage: "[--overwrite] [--diff] []", Short: "Formats a Caddyfile", Long: ` Formats the Caddyfile by adding proper indentation and spaces to improve @@ -324,7 +330,8 @@ is not a valid patch format. If you wish you use stdin instead of a regular file, use - as the path. When reading from stdin, the --overwrite flag has no effect: the result -is always printed to stdout.`, +is always printed to stdout. +`, Flags: func() *flag.FlagSet { fs := flag.NewFlagSet("fmt", flag.ExitOnError) fs.Bool("overwrite", false, "Overwrite the input file with the results") @@ -339,7 +346,8 @@ is always printed to stdout.`, Short: "Upgrade Caddy (EXPERIMENTAL)", Long: ` Downloads an updated Caddy binary with the same modules/plugins at the -latest versions. EXPERIMENTAL: May be changed or removed.`, +latest versions. EXPERIMENTAL: May be changed or removed. +`, Flags: func() *flag.FlagSet { fs := flag.NewFlagSet("upgrade", flag.ExitOnError) fs.Bool("keep-backup", false, "Keep the backed up binary, instead of deleting it") diff --git a/modules/caddyhttp/reverseproxy/command.go b/modules/caddyhttp/reverseproxy/command.go index 44f4c222..04fb9b4d 100644 --- a/modules/caddyhttp/reverseproxy/command.go +++ b/modules/caddyhttp/reverseproxy/command.go @@ -35,7 +35,7 @@ func init() { caddycmd.RegisterCommand(caddycmd.Command{ Name: "reverse-proxy", Func: cmdReverseProxy, - Usage: "[--from ] [--to ] [--change-host-header]", + Usage: "[--from ] [--to ] [--change-host-header] [--insecure] [--internal-certs] [--disable-redirects]", Short: "A quick and production-ready reverse proxy", Long: ` A simple but production-ready reverse proxy. Useful for quick deployments, @@ -52,16 +52,23 @@ If the --from address has a host or IP, Caddy will attempt to serve the proxy over HTTPS with a certificate (unless overridden by the HTTP scheme or port). -If --change-host-header is set, the Host header on the request will be modified -from its original incoming value to the address of the upstream. (Otherwise, by -default, all incoming headers are passed through unmodified.) +If serving HTTPS: + --disable-redirects can be used to avoid binding to the HTTP port. + --internal-certs can be used to force issuance certs using the internal + CA instead of attempting to issue a public certificate. + +For proxying: + --change-host-header sets the Host header on the request to the address + of the upstream, instead of defaulting to the incoming Host header. + --insecure disables TLS verification with the upstream. WARNING: THIS + DISABLES SECURITY BY NOT VERIFYING THE UPSTREAM'S CERTIFICATE. `, Flags: func() *flag.FlagSet { fs := flag.NewFlagSet("reverse-proxy", flag.ExitOnError) fs.String("from", "localhost", "Address on which to receive traffic") fs.Var(&reverseProxyCmdTo, "to", "Upstream address(es) to which traffic should be sent") fs.Bool("change-host-header", false, "Set upstream Host header to address of upstream") - fs.Bool("insecure", false, "Disable TLS verification (WARNING: DISABLES SECURITY BY NOT VERIFYING SSL CERTIFICATES!)") + fs.Bool("insecure", false, "Disable TLS verification (WARNING: DISABLES SECURITY BY NOT VERIFYING TLS CERTIFICATES!)") fs.Bool("internal-certs", false, "Use internal CA for issuing certs") fs.Bool("debug", false, "Enable verbose debug logs") fs.Bool("disable-redirects", false, "Disable HTTP->HTTPS redirects") From bf54892a73373637901c13e018b20cfac15878b4 Mon Sep 17 00:00:00 2001 From: Emily Lange Date: Fri, 17 Feb 2023 00:34:12 +0100 Subject: [PATCH 0924/1498] cmd: make `caddy fmt` hints more clear (#5378) --- caddyconfig/caddyfile/adapter.go | 2 +- cmd/commandfuncs.go | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/caddyconfig/caddyfile/adapter.go b/caddyconfig/caddyfile/adapter.go index b924325b..d6ef602d 100644 --- a/caddyconfig/caddyfile/adapter.go +++ b/caddyconfig/caddyfile/adapter.go @@ -88,7 +88,7 @@ func FormattingDifference(filename string, body []byte) (caddyconfig.Warning, bo return caddyconfig.Warning{ File: filename, Line: line, - Message: "Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies", + Message: "Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies", }, true } diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go index 09accd0d..62afae2b 100644 --- a/cmd/commandfuncs.go +++ b/cmd/commandfuncs.go @@ -589,7 +589,10 @@ func cmdFmt(fl Flags) (int, error) { } if warning, diff := caddyfile.FormattingDifference(formatCmdConfigFile, input); diff { - return caddy.ExitCodeFailedStartup, fmt.Errorf("%s:%d: Caddyfile input is not formatted", warning.File, warning.Line) + return caddy.ExitCodeFailedStartup, fmt.Errorf(`%s:%d: Caddyfile input is not formatted; Tip: use '--overwrite' to update your Caddyfile in-place instead of previewing it. Consult '--help' for more options`, + warning.File, + warning.Line, + ) } return caddy.ExitCodeSuccess, nil From 8bc05e598da0068358a2876c45f92f2c77455341 Mon Sep 17 00:00:00 2001 From: WeidiDeng Date: Fri, 17 Feb 2023 08:08:36 +0800 Subject: [PATCH 0925/1498] caddyfile: Implement variadics for import args placeholders (#5249) * implement variadic placeholders imported snippets reflect actual lines in file * add import directive line number for imported snippets add tests for parsing * add realfile field to help debug import cycle detection. * use file field to reflect import chain * Switch syntax, deprecate old syntax, refactoring - Moved the import args handling to a separate file - Using {args[0:1]} syntax now - Deprecate {args.*} syntax - Use a replacer map for better control over the parsing - Add plenty of warnings when invalid placeholders are detected - Renaming variables, cleanup comments for readability - More tests to cover edgecases I could think of - Minor cleanup to snippet tracking in tokens, drop a redundant boolean field in tokens --------- Co-authored-by: Francis Lavoie --- caddyconfig/caddyfile/importargs.go | 142 +++++++++++++++++++++ caddyconfig/caddyfile/lexer.go | 19 ++- caddyconfig/caddyfile/parse.go | 45 ++++--- caddyconfig/caddyfile/parse_test.go | 82 ++++++++++++ caddyconfig/httpcaddyfile/builtins_test.go | 43 +++++++ 5 files changed, 313 insertions(+), 18 deletions(-) create mode 100644 caddyconfig/caddyfile/importargs.go diff --git a/caddyconfig/caddyfile/importargs.go b/caddyconfig/caddyfile/importargs.go new file mode 100644 index 00000000..53725a12 --- /dev/null +++ b/caddyconfig/caddyfile/importargs.go @@ -0,0 +1,142 @@ +// Copyright 2015 Matthew Holt and The Caddy Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package caddyfile + +import ( + "regexp" + "strconv" + "strings" + + "github.com/caddyserver/caddy/v2" + "go.uber.org/zap" +) + +// parseVariadic determines if the token is a variadic placeholder, +// and if so, determines the index range (start/end) of args to use. +// Returns a boolean signaling whether a variadic placeholder was found, +// and the start and end indices. +func parseVariadic(token Token, argCount int) (bool, int, int) { + if !strings.HasPrefix(token.Text, "{args[") { + return false, 0, 0 + } + if !strings.HasSuffix(token.Text, "]}") { + return false, 0, 0 + } + + argRange := strings.TrimSuffix(strings.TrimPrefix(token.Text, "{args["), "]}") + if argRange == "" { + caddy.Log().Named("caddyfile").Warn( + "Placeholder "+token.Text+" cannot have an empty index", + zap.String("file", token.File+":"+strconv.Itoa(token.Line))) + return false, 0, 0 + } + + start, end, found := strings.Cut(argRange, ":") + + // If no ":" delimiter is found, this is not a variadic. + // The replacer will pick this up. + if !found { + return false, 0, 0 + } + + var ( + startIndex = 0 + endIndex = argCount + err error + ) + if start != "" { + startIndex, err = strconv.Atoi(start) + if err != nil { + caddy.Log().Named("caddyfile").Warn( + "Variadic placeholder "+token.Text+" has an invalid start index", + zap.String("file", token.File+":"+strconv.Itoa(token.Line))) + return false, 0, 0 + } + } + if end != "" { + endIndex, err = strconv.Atoi(end) + if err != nil { + caddy.Log().Named("caddyfile").Warn( + "Variadic placeholder "+token.Text+" has an invalid end index", + zap.String("file", token.File+":"+strconv.Itoa(token.Line))) + return false, 0, 0 + } + } + + // bound check + if startIndex < 0 || startIndex > endIndex || endIndex > argCount { + caddy.Log().Named("caddyfile").Warn( + "Variadic placeholder "+token.Text+" indices are out of bounds, only "+strconv.Itoa(argCount)+" argument(s) exist", + zap.String("file", token.File+":"+strconv.Itoa(token.Line))) + return false, 0, 0 + } + return true, startIndex, endIndex +} + +// makeArgsReplacer prepares a Replacer which can replace +// non-variadic args placeholders in imported tokens. +func makeArgsReplacer(args []string) *caddy.Replacer { + repl := caddy.NewEmptyReplacer() + repl.Map(func(key string) (any, bool) { + // TODO: Remove the deprecated {args.*} placeholder + // support at some point in the future + if matches := argsRegexpIndexDeprecated.FindStringSubmatch(key); len(matches) > 0 { + value, err := strconv.Atoi(matches[1]) + if err != nil { + caddy.Log().Named("caddyfile").Warn( + "Placeholder {args." + matches[1] + "} has an invalid index") + return nil, false + } + if value >= len(args) { + caddy.Log().Named("caddyfile").Warn( + "Placeholder {args." + matches[1] + "} index is out of bounds, only " + strconv.Itoa(len(args)) + " argument(s) exist") + return nil, false + } + caddy.Log().Named("caddyfile").Warn( + "Placeholder {args." + matches[1] + "} deprecated, use {args[" + matches[1] + "]} instead") + return args[value], true + } + + // Handle args[*] form + if matches := argsRegexpIndex.FindStringSubmatch(key); len(matches) > 0 { + if strings.Contains(matches[1], ":") { + caddy.Log().Named("caddyfile").Warn( + "Variadic placeholder {args[" + matches[1] + "]} must be a token on its own") + return nil, false + } + value, err := strconv.Atoi(matches[1]) + if err != nil { + caddy.Log().Named("caddyfile").Warn( + "Placeholder {args[" + matches[1] + "]} has an invalid index") + return nil, false + } + if value >= len(args) { + caddy.Log().Named("caddyfile").Warn( + "Placeholder {args[" + matches[1] + "]} index is out of bounds, only " + strconv.Itoa(len(args)) + " argument(s) exist") + return nil, false + } + return args[value], true + } + + // Not an args placeholder, ignore + return nil, false + }) + return repl +} + +var ( + argsRegexpIndexDeprecated = regexp.MustCompile(`args\.(.+)`) + argsRegexpIndex = regexp.MustCompile(`args\[(.+)]`) +) diff --git a/caddyconfig/caddyfile/lexer.go b/caddyconfig/caddyfile/lexer.go index 5605a6aa..09b04c17 100644 --- a/caddyconfig/caddyfile/lexer.go +++ b/caddyconfig/caddyfile/lexer.go @@ -36,14 +36,31 @@ type ( // Token represents a single parsable unit. Token struct { File string + origFile string Line int Text string wasQuoted rune // enclosing quote character, if any - inSnippet bool snippetName string } ) +// originalFile gets original filename before import modification. +func (t Token) originalFile() string { + if t.origFile != "" { + return t.origFile + } + return t.File +} + +// updateFile updates the token's source filename for error display +// and remembers the original filename. Used during "import" processing. +func (t *Token) updateFile(file string) { + if t.origFile == "" { + t.origFile = t.File + } + t.File = file +} + // load prepares the lexer to scan an input for tokens. // It discards any leading byte order mark. func (l *lexer) load(input io.Reader) error { diff --git a/caddyconfig/caddyfile/parse.go b/caddyconfig/caddyfile/parse.go index edc86f28..c65acae9 100644 --- a/caddyconfig/caddyfile/parse.go +++ b/caddyconfig/caddyfile/parse.go @@ -20,7 +20,6 @@ import ( "io" "os" "path/filepath" - "strconv" "strings" "github.com/caddyserver/caddy/v2" @@ -173,11 +172,10 @@ func (p *parser) begin() error { return err } // Just as we need to track which file the token comes from, we need to - // keep track of which snippets do the tokens come from. This is helpful - // in tracking import cycles across files/snippets by namespacing them. Without - // this we end up with false-positives in cycle-detection. + // keep track of which snippet the token comes from. This is helpful + // in tracking import cycles across files/snippets by namespacing them. + // Without this, we end up with false-positives in cycle-detection. for k, v := range tokens { - v.inSnippet = true v.snippetName = name tokens[k] = v } @@ -337,11 +335,8 @@ func (p *parser) doImport() error { // grab remaining args as placeholder replacements args := p.RemainingArgs() - // add args to the replacer - repl := caddy.NewEmptyReplacer() - for index, arg := range args { - repl.Set("args."+strconv.Itoa(index), arg) - } + // set up a replacer for non-variadic args replacement + repl := makeArgsReplacer(args) // splice out the import directive and its arguments // (2 tokens, plus the length of args) @@ -416,8 +411,8 @@ func (p *parser) doImport() error { nodes = matches } - nodeName := p.File() - if p.Token().inSnippet { + nodeName := p.Token().originalFile() + if p.Token().snippetName != "" { nodeName += fmt.Sprintf(":%s", p.Token().snippetName) } p.importGraph.addNode(nodeName) @@ -428,13 +423,29 @@ func (p *parser) doImport() error { } // copy the tokens so we don't overwrite p.definedSnippets - tokensCopy := make([]Token, len(importedTokens)) - copy(tokensCopy, importedTokens) + tokensCopy := make([]Token, 0, len(importedTokens)) // run the argument replacer on the tokens - for index, token := range tokensCopy { - token.Text = repl.ReplaceKnown(token.Text, "") - tokensCopy[index] = token + // golang for range slice return a copy of value + // similarly, append also copy value + for _, token := range importedTokens { + // set the token's file to refer to import directive line number and snippet name + if token.snippetName != "" { + token.updateFile(fmt.Sprintf("%s:%d (import %s)", token.File, p.Line(), token.snippetName)) + } else { + token.updateFile(fmt.Sprintf("%s:%d (import)", token.File, p.Line())) + } + + foundVariadic, startIndex, endIndex := parseVariadic(token, len(args)) + if foundVariadic { + for _, arg := range args[startIndex:endIndex] { + token.Text = arg + tokensCopy = append(tokensCopy, token) + } + } else { + token.Text = repl.ReplaceKnown(token.Text, "") + tokensCopy = append(tokensCopy, token) + } } // splice the imported tokens in the place of the import statement diff --git a/caddyconfig/caddyfile/parse_test.go b/caddyconfig/caddyfile/parse_test.go index 4d18cc44..ad8683b1 100644 --- a/caddyconfig/caddyfile/parse_test.go +++ b/caddyconfig/caddyfile/parse_test.go @@ -21,6 +21,88 @@ import ( "testing" ) +func TestParseVariadic(t *testing.T) { + var args = make([]string, 10) + for i, tc := range []struct { + input string + result bool + }{ + { + input: "", + result: false, + }, + { + input: "{args[1", + result: false, + }, + { + input: "1]}", + result: false, + }, + { + input: "{args[:]}aaaaa", + result: false, + }, + { + input: "aaaaa{args[:]}", + result: false, + }, + { + input: "{args.}", + result: false, + }, + { + input: "{args.1}", + result: false, + }, + { + input: "{args[]}", + result: false, + }, + { + input: "{args[:]}", + result: true, + }, + { + input: "{args[:]}", + result: true, + }, + { + input: "{args[0:]}", + result: true, + }, + { + input: "{args[:0]}", + result: true, + }, + { + input: "{args[-1:]}", + result: false, + }, + { + input: "{args[:11]}", + result: false, + }, + { + input: "{args[10:0]}", + result: false, + }, + { + input: "{args[0:10]}", + result: true, + }, + } { + token := Token{ + File: "test", + Line: 1, + Text: tc.input, + } + if v, _, _ := parseVariadic(token, len(args)); v != tc.result { + t.Errorf("Test %d error expectation failed Expected: %t, got %t", i, tc.result, v) + } + } +} + func TestAllTokens(t *testing.T) { input := []byte("a b c\nd e") expected := []string{"a", "b", "c", "d", "e"} diff --git a/caddyconfig/httpcaddyfile/builtins_test.go b/caddyconfig/httpcaddyfile/builtins_test.go index bd5e1169..6ae4b311 100644 --- a/caddyconfig/httpcaddyfile/builtins_test.go +++ b/caddyconfig/httpcaddyfile/builtins_test.go @@ -1,6 +1,7 @@ package httpcaddyfile import ( + "strings" "testing" "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" @@ -213,3 +214,45 @@ func TestRedirDirectiveSyntax(t *testing.T) { } } } + +func TestImportErrorLine(t *testing.T) { + for i, tc := range []struct { + input string + errorFunc func(err error) bool + }{ + { + input: `(t1) { + abort {args[:]} + } + :8080 { + import t1 + import t1 true + }`, + errorFunc: func(err error) bool { + return err != nil && strings.Contains(err.Error(), "Caddyfile:6 (import t1):2") + }, + }, + { + input: `(t1) { + abort {args[:]} + } + :8080 { + import t1 true + }`, + errorFunc: func(err error) bool { + return err != nil && strings.Contains(err.Error(), "Caddyfile:5 (import t1):2") + }, + }, + } { + adapter := caddyfile.Adapter{ + ServerType: ServerType{}, + } + + _, _, err := adapter.Adapt([]byte(tc.input), nil) + + if !tc.errorFunc(err) { + t.Errorf("Test %d error expectation failed, got %s", i, err) + continue + } + } +} From 79de6df93d0404790c3bfecfefa9e1458ffcff75 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 22 Feb 2023 13:39:40 -0500 Subject: [PATCH 0926/1498] cmd: Strict unmarshal for validate (#5383) --- caddy.go | 2 +- cmd/commandfuncs.go | 4 ++-- context.go | 2 +- modules.go | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/caddy.go b/caddy.go index 5d0152a7..84cfc11c 100644 --- a/caddy.go +++ b/caddy.go @@ -314,7 +314,7 @@ func unsyncedDecodeAndRun(cfgJSON []byte, allowPersist bool) error { strippedCfgJSON := RemoveMetaFields(cfgJSON) var newCfg *Config - err := strictUnmarshalJSON(strippedCfgJSON, &newCfg) + err := StrictUnmarshalJSON(strippedCfgJSON, &newCfg) if err != nil { return err } diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go index 62afae2b..cc5666bb 100644 --- a/cmd/commandfuncs.go +++ b/cmd/commandfuncs.go @@ -490,7 +490,7 @@ func cmdAdaptConfig(fl Flags) (int, error) { // validate output if requested if adaptCmdValidateFlag { var cfg *caddy.Config - err = json.Unmarshal(adaptedConfig, &cfg) + err = caddy.StrictUnmarshalJSON(adaptedConfig, &cfg) if err != nil { return caddy.ExitCodeFailedStartup, fmt.Errorf("decoding config: %v", err) } @@ -523,7 +523,7 @@ func cmdValidateConfig(fl Flags) (int, error) { input = caddy.RemoveMetaFields(input) var cfg *caddy.Config - err = json.Unmarshal(input, &cfg) + err = caddy.StrictUnmarshalJSON(input, &cfg) if err != nil { return caddy.ExitCodeFailedStartup, fmt.Errorf("decoding config: %v", err) } diff --git a/context.go b/context.go index 330bfa6f..c585aa55 100644 --- a/context.go +++ b/context.go @@ -326,7 +326,7 @@ func (ctx Context) LoadModuleByID(id string, rawMsg json.RawMessage) (any, error // fill in its config only if there is a config to fill in if len(rawMsg) > 0 { - err := strictUnmarshalJSON(rawMsg, &val) + err := StrictUnmarshalJSON(rawMsg, &val) if err != nil { return nil, fmt.Errorf("decoding module config: %s: %v", modInfo, err) } diff --git a/modules.go b/modules.go index e83bc747..470c25e3 100644 --- a/modules.go +++ b/modules.go @@ -333,11 +333,11 @@ func ParseStructTag(tag string) (map[string]string, error) { return results, nil } -// strictUnmarshalJSON is like json.Unmarshal but returns an error +// StrictUnmarshalJSON is like json.Unmarshal but returns an error // if any of the fields are unrecognized. Useful when decoding // module configurations, where you want to be more sure they're // correct. -func strictUnmarshalJSON(data []byte, v any) error { +func StrictUnmarshalJSON(data []byte, v any) error { dec := json.NewDecoder(bytes.NewReader(data)) dec.DisallowUnknownFields() return dec.Decode(v) From be53e432fcac0a9b9accbc36885304639e8ca70b Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Wed, 22 Feb 2023 13:41:01 -0500 Subject: [PATCH 0927/1498] caddytls: Relax the warning for on-demand (#5384) --- modules/caddytls/tls.go | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go index 8051653e..92004b82 100644 --- a/modules/caddytls/tls.go +++ b/modules/caddytls/tls.go @@ -22,6 +22,7 @@ import ( "log" "net/http" "runtime/debug" + "strings" "sync" "time" @@ -259,7 +260,17 @@ func (t *TLS) Start() error { if t.Automation.OnDemand == nil || (t.Automation.OnDemand.Ask == "" && t.Automation.OnDemand.RateLimit == nil) { for _, ap := range t.Automation.Policies { - if ap.OnDemand { + isWildcardOrDefault := false + if len(ap.Subjects) == 0 { + isWildcardOrDefault = true + } + for _, sub := range ap.Subjects { + if strings.HasPrefix(sub, "*") { + isWildcardOrDefault = true + break + } + } + if ap.OnDemand && isWildcardOrDefault { t.logger.Warn("YOUR SERVER MAY BE VULNERABLE TO ABUSE: on-demand TLS is enabled, but no protections are in place", zap.String("docs", "https://caddyserver.com/docs/automatic-https#on-demand-tls")) break From e3909cc385f68a636cc8675dc12f6cd5185d722d Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Fri, 24 Feb 2023 22:54:04 +0300 Subject: [PATCH 0928/1498] reverseproxy: refactor HTTP transport layer (#5369) Co-authored-by: Francis Lavoie Co-authored-by: Weidi Deng --- caddytest/integration/reverseproxy_test.go | 268 +++++++++--------- .../caddyhttp/reverseproxy/httptransport.go | 20 +- 2 files changed, 148 insertions(+), 140 deletions(-) diff --git a/caddytest/integration/reverseproxy_test.go b/caddytest/integration/reverseproxy_test.go index f7b19672..4333d129 100644 --- a/caddytest/integration/reverseproxy_test.go +++ b/caddytest/integration/reverseproxy_test.go @@ -22,39 +22,39 @@ func TestSRVReverseProxy(t *testing.T) { }, "apps": { "pki": { - "certificate_authorities" : { - "local" : { - "install_trust": false + "certificate_authorities": { + "local": { + "install_trust": false } } }, - "http": { - "grace_period": 1, - "servers": { - "srv0": { - "listen": [ - ":8080" - ], - "routes": [ - { - "handle": [ - { - "handler": "reverse_proxy", - "upstreams": [ - { - "lookup_srv": "srv.host.service.consul" - } + "http": { + "grace_period": 1, + "servers": { + "srv0": { + "listen": [ + ":18080" + ], + "routes": [ + { + "handle": [ + { + "handler": "reverse_proxy", + "upstreams": [ + { + "lookup_srv": "srv.host.service.consul" + } + ] + } + ] + } ] - } - ] - } - ] - } + } + } } - } } - } - `, "json") + } + `, "json") } func TestSRVWithDial(t *testing.T) { @@ -62,39 +62,39 @@ func TestSRVWithDial(t *testing.T) { { "apps": { "pki": { - "certificate_authorities" : { - "local" : { - "install_trust": false - } + "certificate_authorities": { + "local": { + "install_trust": false + } } - }, - "http": { - "grace_period": 1, - "servers": { - "srv0": { - "listen": [ - ":8080" - ], - "routes": [ - { - "handle": [ - { - "handler": "reverse_proxy", - "upstreams": [ - { - "dial": "tcp/address.to.upstream:80", - "lookup_srv": "srv.host.service.consul" - } + }, + "http": { + "grace_period": 1, + "servers": { + "srv0": { + "listen": [ + ":18080" + ], + "routes": [ + { + "handle": [ + { + "handler": "reverse_proxy", + "upstreams": [ + { + "dial": "tcp/address.to.upstream:80", + "lookup_srv": "srv.host.service.consul" + } + ] + } + ] + } ] - } - ] - } - ] - } + } + } } - } } - } + } `, "json", `upstream: specifying dial address is incompatible with lookup_srv: 0: {\"dial\": \"tcp/address.to.upstream:80\", \"lookup_srv\": \"srv.host.service.consul\"}`) } @@ -138,41 +138,41 @@ func TestDialWithPlaceholderUnix(t *testing.T) { }, "apps": { "pki": { - "certificate_authorities" : { - "local" : { - "install_trust": false - } + "certificate_authorities": { + "local": { + "install_trust": false + } } - }, - "http": { - "grace_period": 1, - "servers": { - "srv0": { - "listen": [ - ":8080" - ], - "routes": [ - { - "handle": [ - { - "handler": "reverse_proxy", - "upstreams": [ - { - "dial": "unix/{http.request.header.X-Caddy-Upstream-Dial}" - } + }, + "http": { + "grace_period": 1, + "servers": { + "srv0": { + "listen": [ + ":18080" + ], + "routes": [ + { + "handle": [ + { + "handler": "reverse_proxy", + "upstreams": [ + { + "dial": "unix/{http.request.header.X-Caddy-Upstream-Dial}" + } + ] + } + ] + } ] - } - ] - } - ] - } - } - } + } + } + } } - } + } `, "json") - req, err := http.NewRequest(http.MethodGet, "http://localhost:8080", nil) + req, err := http.NewRequest(http.MethodGet, "http://localhost:18080", nil) if err != nil { t.Fail() return @@ -190,18 +190,18 @@ func TestReverseProxyWithPlaceholderDialAddress(t *testing.T) { }, "apps": { "pki": { - "certificate_authorities" : { - "local" : { - "install_trust": false - } + "certificate_authorities": { + "local": { + "install_trust": false + } } - }, + }, "http": { "grace_period": 1, "servers": { "srv0": { "listen": [ - ":8080" + ":18080" ], "routes": [ { @@ -264,14 +264,14 @@ func TestReverseProxyWithPlaceholderDialAddress(t *testing.T) { } } } - `, "json") + `, "json") req, err := http.NewRequest(http.MethodGet, "http://localhost:9080", nil) if err != nil { t.Fail() return } - req.Header.Set("X-Caddy-Upstream-Dial", "localhost:8080") + req.Header.Set("X-Caddy-Upstream-Dial", "localhost:18080") tester.AssertResponse(req, 200, "Hello, World!") } @@ -284,18 +284,18 @@ func TestReverseProxyWithPlaceholderTCPDialAddress(t *testing.T) { }, "apps": { "pki": { - "certificate_authorities" : { - "local" : { - "install_trust": false - } + "certificate_authorities": { + "local": { + "install_trust": false + } } - }, + }, "http": { "grace_period": 1, "servers": { "srv0": { "listen": [ - ":8080" + ":18080" ], "routes": [ { @@ -340,7 +340,7 @@ func TestReverseProxyWithPlaceholderTCPDialAddress(t *testing.T) { "handler": "reverse_proxy", "upstreams": [ { - "dial": "tcp/{http.request.header.X-Caddy-Upstream-Dial}:8080" + "dial": "tcp/{http.request.header.X-Caddy-Upstream-Dial}:18080" } ] } @@ -358,7 +358,7 @@ func TestReverseProxyWithPlaceholderTCPDialAddress(t *testing.T) { } } } - `, "json") + `, "json") req, err := http.NewRequest(http.MethodGet, "http://localhost:9080", nil) if err != nil { @@ -375,42 +375,42 @@ func TestSRVWithActiveHealthcheck(t *testing.T) { "apps": { "pki": { "certificate_authorities" : { - "local" : { - "install_trust": false - } + "local" : { + "install_trust": false + } } - }, - "http": { - "grace_period": 1, - "servers": { - "srv0": { - "listen": [ - ":8080" - ], - "routes": [ - { - "handle": [ - { - "handler": "reverse_proxy", - "health_checks": { - "active": { - "path": "/ok" + }, + "http": { + "grace_period": 1, + "servers": { + "srv0": { + "listen": [ + ":18080" + ], + "routes": [ + { + "handle": [ + { + "handler": "reverse_proxy", + "health_checks": { + "active": { + "path": "/ok" + } + }, + "upstreams": [ + { + "lookup_srv": "srv.host.service.consul" + } + ] + } + ] } - }, - "upstreams": [ - { - "lookup_srv": "srv.host.service.consul" - } ] - } - ] - } - ] - } + } + } } - } } - } + } `, "json", `upstream: lookup_srv is incompatible with active health checks: 0: {\"dial\": \"\", \"lookup_srv\": \"srv.host.service.consul\"}`) } @@ -440,7 +440,7 @@ func TestReverseProxyHealthCheck(t *testing.T) { health_timeout 100ms } } - `, "caddyfile") + `, "caddyfile") time.Sleep(100 * time.Millisecond) // TODO: for some reason this test seems particularly flaky, getting 503 when it should be 200, unless we wait tester.AssertGetResponse("http://localhost:9080/", 200, "Hello, World!") diff --git a/modules/caddyhttp/reverseproxy/httptransport.go b/modules/caddyhttp/reverseproxy/httptransport.go index ec5d2f23..71d06d5a 100644 --- a/modules/caddyhttp/reverseproxy/httptransport.go +++ b/modules/caddyhttp/reverseproxy/httptransport.go @@ -172,12 +172,19 @@ func (h *HTTPTransport) NewTransport(caddyCtx caddy.Context) (*http.Transport, e } } - // Set up the dialer to pull the correct information from the context dialContext := func(ctx context.Context, network, address string) (net.Conn, error) { - // the proper dialing information should be embedded into the request's context + // For unix socket upstreams, we need to recover the dial info from + // the request's context, because the Host on the request's URL + // will have been modified by directing the request, overwriting + // the unix socket filename. + // Also, we need to avoid overwriting the address at this point + // when not necessary, because http.ProxyFromEnvironment may have + // modified the address according to the user's env proxy config. if dialInfo, ok := GetDialInfo(ctx); ok { - network = dialInfo.Network - address = dialInfo.Address + if strings.HasPrefix(dialInfo.Network, "unix") { + network = dialInfo.Network + address = dialInfo.Address + } } conn, err := dialer.DialContext(ctx, network, address) @@ -188,8 +195,8 @@ func (h *HTTPTransport) NewTransport(caddyCtx caddy.Context) (*http.Transport, e return nil, DialError{err} } - // if read/write timeouts are configured and this is a TCP connection, enforce the timeouts - // by wrapping the connection with our own type + // if read/write timeouts are configured and this is a TCP connection, + // enforce the timeouts by wrapping the connection with our own type if tcpConn, ok := conn.(*net.TCPConn); ok && (h.ReadTimeout > 0 || h.WriteTimeout > 0) { conn = &tcpRWTimeoutConn{ TCPConn: tcpConn, @@ -203,6 +210,7 @@ func (h *HTTPTransport) NewTransport(caddyCtx caddy.Context) (*http.Transport, e } rt := &http.Transport{ + Proxy: http.ProxyFromEnvironment, DialContext: dialContext, MaxConnsPerHost: h.MaxConnsPerHost, ResponseHeaderTimeout: time.Duration(h.ResponseHeaderTimeout), From 8cb1bb4af30b880f981b1ae6fdb13e5944bfaefe Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 24 Feb 2023 13:35:56 -0700 Subject: [PATCH 0929/1498] go.mod: Upgrade quic-go to v0.33.0 (Go 1.19 min) --- README.md | 4 ++-- go.mod | 9 ++++----- go.sum | 18 ++++++++---------- 3 files changed, 14 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index e0d659d6..5e96a6c0 100644 --- a/README.md +++ b/README.md @@ -70,7 +70,7 @@ - **Stays up when other servers go down** due to TLS/OCSP/certificate-related issues - **Production-ready** after serving trillions of requests and managing millions of TLS certificates - **Scales to hundreds of thousands of sites** as proven in production -- **HTTP/1.1, HTTP/2, and HTTP/3** supported all by default +- **HTTP/1.1, HTTP/2, and HTTP/3** all supported by default - **Highly extensible** [modular architecture](https://caddyserver.com/docs/architecture) lets Caddy do anything without bloat - **Runs anywhere** with **no external dependencies** (not even libc) - Written in Go, a language with higher **memory safety guarantees** than other servers @@ -87,7 +87,7 @@ See [our online documentation](https://caddyserver.com/docs/install) for other i Requirements: -- [Go 1.18 or newer](https://golang.org/dl/) +- [Go 1.19 or newer](https://golang.org/dl/) ### For development diff --git a/go.mod b/go.mod index 517abfc2..4a5dc864 100644 --- a/go.mod +++ b/go.mod @@ -13,10 +13,10 @@ require ( github.com/google/cel-go v0.13.0 github.com/google/uuid v1.3.0 github.com/klauspost/compress v1.15.15 - github.com/klauspost/cpuid/v2 v2.2.3 + github.com/klauspost/cpuid/v2 v2.2.4 github.com/mholt/acmez v1.1.0 github.com/prometheus/client_golang v1.14.0 - github.com/quic-go/quic-go v0.32.0 + github.com/quic-go/quic-go v0.33.0 github.com/smallstep/certificates v0.23.2 github.com/smallstep/nosql v0.5.0 github.com/smallstep/truststore v0.12.1 @@ -48,9 +48,8 @@ require ( github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 // indirect github.com/onsi/ginkgo/v2 v2.2.0 // indirect github.com/quic-go/qpack v0.4.0 // indirect - github.com/quic-go/qtls-go1-18 v0.2.0 // indirect - github.com/quic-go/qtls-go1-19 v0.2.0 // indirect - github.com/quic-go/qtls-go1-20 v0.1.0 // indirect + github.com/quic-go/qtls-go1-19 v0.2.1 // indirect + github.com/quic-go/qtls-go1-20 v0.1.1 // indirect github.com/rogpeppe/go-internal v1.9.0 // indirect github.com/x448/float16 v0.8.4 // indirect golang.org/x/exp v0.0.0-20221205204356-47842c84f3db // indirect diff --git a/go.sum b/go.sum index 13f90d61..4dde45d0 100644 --- a/go.sum +++ b/go.sum @@ -418,8 +418,8 @@ github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+o github.com/klauspost/compress v1.12.3/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= github.com/klauspost/compress v1.15.15 h1:EF27CXIuDsYJ6mmvtBRlEuB2UVOqHG1tAXgZ7yIO+lw= github.com/klauspost/compress v1.15.15/go.mod h1:ZcK2JAFqKOpnBlxcLsJzYfrS9X1akm9fHZNnD9+Vo/4= -github.com/klauspost/cpuid/v2 v2.2.3 h1:sxCkb+qR91z4vsqw4vGGZlDgPz3G7gjaLyK3V8y70BU= -github.com/klauspost/cpuid/v2 v2.2.3/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= +github.com/klauspost/cpuid/v2 v2.2.4 h1:acbojRNwl3o09bUq+yDCtZFc1aiwaAAxtcn8YkZXnvk= +github.com/klauspost/cpuid/v2 v2.2.4/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -570,14 +570,12 @@ github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5 github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4= github.com/quic-go/qpack v0.4.0 h1:Cr9BXA1sQS2SmDUWjSofMPNKmvF6IiIfDRmgU0w1ZCo= github.com/quic-go/qpack v0.4.0/go.mod h1:UZVnYIfi5GRk+zI9UMaCPsmZ2xKJP7XBUvVyT1Knj9A= -github.com/quic-go/qtls-go1-18 v0.2.0 h1:5ViXqBZ90wpUcZS0ge79rf029yx0dYB0McyPJwqqj7U= -github.com/quic-go/qtls-go1-18 v0.2.0/go.mod h1:moGulGHK7o6O8lSPSZNoOwcLvJKJ85vVNc7oJFD65bc= -github.com/quic-go/qtls-go1-19 v0.2.0 h1:Cvn2WdhyViFUHoOqK52i51k4nDX8EwIh5VJiVM4nttk= -github.com/quic-go/qtls-go1-19 v0.2.0/go.mod h1:ySOI96ew8lnoKPtSqx2BlI5wCpUVPT05RMAlajtnyOI= -github.com/quic-go/qtls-go1-20 v0.1.0 h1:d1PK3ErFy9t7zxKsG3NXBJXZjp/kMLoIb3y/kV54oAI= -github.com/quic-go/qtls-go1-20 v0.1.0/go.mod h1:JKtK6mjbAVcUTN/9jZpvLbGxvdWIKS8uT7EiStoU1SM= -github.com/quic-go/quic-go v0.32.0 h1:lY02md31s1JgPiiyfqJijpu/UX/Iun304FI3yUqX7tA= -github.com/quic-go/quic-go v0.32.0/go.mod h1:/fCsKANhQIeD5l76c2JFU+07gVE3KaA0FP+0zMWwfwo= +github.com/quic-go/qtls-go1-19 v0.2.1 h1:aJcKNMkH5ASEJB9FXNeZCyTEIHU1J7MmHyz1Q1TSG1A= +github.com/quic-go/qtls-go1-19 v0.2.1/go.mod h1:ySOI96ew8lnoKPtSqx2BlI5wCpUVPT05RMAlajtnyOI= +github.com/quic-go/qtls-go1-20 v0.1.1 h1:KbChDlg82d3IHqaj2bn6GfKRj84Per2VGf5XV3wSwQk= +github.com/quic-go/qtls-go1-20 v0.1.1/go.mod h1:JKtK6mjbAVcUTN/9jZpvLbGxvdWIKS8uT7EiStoU1SM= +github.com/quic-go/quic-go v0.33.0 h1:ItNoTDN/Fm/zBlq769lLJc8ECe9gYaW40veHCCco7y0= +github.com/quic-go/quic-go v0.33.0/go.mod h1:YMuhaAV9/jIu0XclDXwZPAsP/2Kgr5yMYhe9oxhhOFA= github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= From 167981d258f41b7ef931d510056a5a5fdc9cbd0d Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 24 Feb 2023 13:45:44 -0700 Subject: [PATCH 0930/1498] ci: Update minimum Go version to 1.19 --- .github/workflows/ci.yml | 8 ++++---- .github/workflows/cross-build.yml | 2 +- .github/workflows/lint.yml | 2 +- .github/workflows/release.yml | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ba074198..9d3be243 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,16 +19,16 @@ jobs: fail-fast: false matrix: os: [ ubuntu-latest, macos-latest, windows-latest ] - go: [ '1.18', '1.20' ] + go: [ '1.19', '1.20' ] include: # Set the minimum Go patch version for the given Go minor # Usable via ${{ matrix.GO_SEMVER }} - - go: '1.18' - GO_SEMVER: '~1.18.4' + - go: '1.19' + GO_SEMVER: '~1.19.6' - go: '1.20' - GO_SEMVER: '~1.20.0' + GO_SEMVER: '~1.20.1' # Set some variables per OS, usable via ${{ matrix.VAR }} # CADDY_BIN_PATH: the path to the compiled Caddy binary, for artifact publishing diff --git a/.github/workflows/cross-build.yml b/.github/workflows/cross-build.yml index 8b5e429a..0e789024 100644 --- a/.github/workflows/cross-build.yml +++ b/.github/workflows/cross-build.yml @@ -22,7 +22,7 @@ jobs: # Set the minimum Go patch version for the given Go minor # Usable via ${{ matrix.GO_SEMVER }} - go: '1.20' - GO_SEMVER: '~1.20.0' + GO_SEMVER: '~1.20.1' runs-on: ubuntu-latest continue-on-error: true diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 7e56afc3..f82ebd96 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -28,7 +28,7 @@ jobs: - uses: actions/checkout@v3 - uses: actions/setup-go@v3 with: - go-version: '~1.18.4' + go-version: '~1.19.6' check-latest: true - name: golangci-lint diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d8ea96ba..00240584 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -17,7 +17,7 @@ jobs: # Set the minimum Go patch version for the given Go minor # Usable via ${{ matrix.GO_SEMVER }} - go: '1.20' - GO_SEMVER: '~1.20.0' + GO_SEMVER: '~1.20.1' runs-on: ${{ matrix.os }} # https://github.com/sigstore/cosign/issues/1258#issuecomment-1002251233 From 9e6919550be5689628d0020ec14e90ea6f527716 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Fri, 24 Feb 2023 18:09:12 -0500 Subject: [PATCH 0931/1498] cmd: Expand cobra support, add short flags (#5379) * cmd: Expand cobra support * Convert commands to cobra, add short flags * Fix version command typo Co-authored-by: Emily Lange * Apply suggestions from code review Co-authored-by: Matt Holt --------- Co-authored-by: Emily Lange Co-authored-by: Matt Holt --- cmd/cobra.go | 21 +- cmd/commands.go | 233 ++++++++++------------ modules/caddyhttp/caddyauth/command.go | 16 +- modules/caddyhttp/fileserver/command.go | 24 +-- modules/caddyhttp/reverseproxy/command.go | 48 +++-- modules/caddyhttp/staticresp.go | 31 ++- modules/caddypki/command.go | 36 ++-- 7 files changed, 199 insertions(+), 210 deletions(-) diff --git a/cmd/cobra.go b/cmd/cobra.go index 203b7bd1..4339cdbf 100644 --- a/cmd/cobra.go +++ b/cmd/cobra.go @@ -109,12 +109,21 @@ func caddyCmdToCobra(caddyCmd Command) *cobra.Command { Use: caddyCmd.Name, Short: caddyCmd.Short, Long: caddyCmd.Long, - RunE: func(cmd *cobra.Command, _ []string) error { - fls := cmd.Flags() - _, err := caddyCmd.Func(Flags{fls}) - return err - }, } - cmd.Flags().AddGoFlagSet(caddyCmd.Flags) + if caddyCmd.CobraFunc != nil { + caddyCmd.CobraFunc(cmd) + } else { + cmd.RunE = WrapCommandFuncForCobra(caddyCmd.Func) + cmd.Flags().AddGoFlagSet(caddyCmd.Flags) + } return cmd } + +// WrapCommandFuncForCobra wraps a Caddy CommandFunc for use +// in a cobra command's RunE field. +func WrapCommandFuncForCobra(f CommandFunc) func(cmd *cobra.Command, _ []string) error { + return func(cmd *cobra.Command, _ []string) error { + _, err := f(Flags{cmd.Flags()}) + return err + } +} diff --git a/cmd/commands.go b/cmd/commands.go index 9daabd14..a06336da 100644 --- a/cmd/commands.go +++ b/cmd/commands.go @@ -34,12 +34,6 @@ type Command struct { // Required. Name string - // Func is a function that executes a subcommand using - // the parsed flags. It returns an exit code and any - // associated error. - // Required. - Func CommandFunc - // Usage is a brief message describing the syntax of // the subcommand's flags and args. Use [] to indicate // optional parameters and <> to enclose literal values @@ -60,7 +54,21 @@ type Command struct { Long string // Flags is the flagset for command. + // This is ignored if CobraFunc is set. Flags *flag.FlagSet + + // Func is a function that executes a subcommand using + // the parsed flags. It returns an exit code and any + // associated error. + // Required if CobraFunc is not set. + Func CommandFunc + + // CobraFunc allows further configuration of the command + // via cobra's APIs. If this is set, then Func and Flags + // are ignored, with the assumption that they are set in + // this function. A caddycmd.WrapCommandFuncForCobra helper + // exists to simplify porting CommandFunc to Cobra's RunE. + CobraFunc func(*cobra.Command) } // CommandFunc is a command's function. It runs the @@ -79,7 +87,6 @@ var commands = make(map[string]Command) func init() { RegisterCommand(Command{ Name: "start", - Func: cmdStart, Usage: "[--config [--adapter ]] [--envfile ] [--watch] [--pidfile ]", Short: "Starts the Caddy process in the background and then returns", Long: ` @@ -93,21 +100,19 @@ On Windows, the spawned child process will remain attached to the terminal, so closing the window will forcefully stop Caddy; to avoid forgetting this, try using 'caddy run' instead to keep it in the foreground. `, - Flags: func() *flag.FlagSet { - fs := flag.NewFlagSet("start", flag.ExitOnError) - fs.String("config", "", "Configuration file") - fs.String("adapter", "", "Name of config adapter to apply") - fs.String("envfile", "", "Environment file to load") - fs.Bool("watch", false, "Reload changed config file automatically") - fs.String("pidfile", "", "Path of file to which to write process ID") - return fs - }(), + CobraFunc: func(cmd *cobra.Command) { + cmd.Flags().StringP("config", "c", "", "Configuration file") + cmd.Flags().StringP("adapter", "a", "", "Name of config adapter to apply") + cmd.Flags().StringP("envfile", "", "", "Environment file to load") + cmd.Flags().BoolP("watch", "w", false, "Reload changed config file automatically") + cmd.Flags().StringP("pidfile", "", "", "Path of file to which to write process ID") + cmd.RunE = WrapCommandFuncForCobra(cmdStart) + }, }) RegisterCommand(Command{ Name: "run", - Func: cmdRun, - Usage: "[--config [--adapter ]] [--envfile ] [--environ] [--resume] [--watch] [--pidfile ]", + Usage: "[--config [--adapter ]] [--envfile ] [--environ] [--resume] [--watch] [--pidfile ]", Short: `Starts the Caddy process and blocks indefinitely`, Long: ` Starts the Caddy process, optionally bootstrapped with an initial config file, @@ -141,24 +146,22 @@ If --watch is specified, the config file will be loaded automatically after changes. ⚠️ This can make unintentional config changes easier; only use this option in a local development environment. `, - Flags: func() *flag.FlagSet { - fs := flag.NewFlagSet("run", flag.ExitOnError) - fs.String("config", "", "Configuration file") - fs.String("adapter", "", "Name of config adapter to apply") - fs.String("envfile", "", "Environment file to load") - fs.Bool("environ", false, "Print environment") - fs.Bool("resume", false, "Use saved config, if any (and prefer over --config file)") - fs.Bool("watch", false, "Watch config file for changes and reload it automatically") - fs.String("pidfile", "", "Path of file to which to write process ID") - fs.String("pingback", "", "Echo confirmation bytes to this address on success") - return fs - }(), + CobraFunc: func(cmd *cobra.Command) { + cmd.Flags().StringP("config", "c", "", "Configuration file") + cmd.Flags().StringP("adapter", "a", "", "Name of config adapter to apply") + cmd.Flags().StringP("envfile", "", "", "Environment file to load") + cmd.Flags().BoolP("environ", "e", false, "Print environment") + cmd.Flags().BoolP("resume", "r", false, "Use saved config, if any (and prefer over --config file)") + cmd.Flags().BoolP("watch", "w", false, "Watch config file for changes and reload it automatically") + cmd.Flags().StringP("pidfile", "", "", "Path of file to which to write process ID") + cmd.Flags().StringP("pingback", "", "", "Echo confirmation bytes to this address on success") + cmd.RunE = WrapCommandFuncForCobra(cmdRun) + }, }) RegisterCommand(Command{ Name: "stop", - Func: cmdStop, - Usage: "[--address ] [--config [--adapter ]]", + Usage: "[--config [--adapter ]] [--address ]", Short: "Gracefully stops a started Caddy process", Long: ` Stops the background Caddy process as gracefully as possible. @@ -167,18 +170,16 @@ It requires that the admin API is enabled and accessible, since it will use the API's /stop endpoint. The address of this request can be customized using the --address flag, or from the given --config, if not the default. `, - Flags: func() *flag.FlagSet { - fs := flag.NewFlagSet("stop", flag.ExitOnError) - fs.String("address", "", "The address to use to reach the admin API endpoint, if not the default") - fs.String("config", "", "Configuration file to use to parse the admin address, if --address is not used") - fs.String("adapter", "", "Name of config adapter to apply (when --config is used)") - return fs - }(), + CobraFunc: func(cmd *cobra.Command) { + cmd.Flags().StringP("config", "c", "", "Configuration file to use to parse the admin address, if --address is not used") + cmd.Flags().StringP("adapter", "a", "", "Name of config adapter to apply (when --config is used)") + cmd.Flags().StringP("address", "", "", "The address to use to reach the admin API endpoint, if not the default") + cmd.RunE = WrapCommandFuncForCobra(cmdStop) + }, }) RegisterCommand(Command{ Name: "reload", - Func: cmdReload, Usage: "--config [--adapter ] [--address ]", Short: "Changes the config of the running Caddy instance", Long: ` @@ -190,19 +191,17 @@ Since the admin endpoint is configurable, the endpoint configuration is loaded from the --address flag if specified; otherwise it is loaded from the given config file; otherwise the default is assumed. `, - Flags: func() *flag.FlagSet { - fs := flag.NewFlagSet("reload", flag.ExitOnError) - fs.String("config", "", "Configuration file (required)") - fs.String("adapter", "", "Name of config adapter to apply") - fs.String("address", "", "Address of the administration listener, if different from config") - fs.Bool("force", false, "Force config reload, even if it is the same") - return fs - }(), + CobraFunc: func(cmd *cobra.Command) { + cmd.Flags().StringP("config", "c", "", "Configuration file (required)") + cmd.Flags().StringP("adapter", "a", "", "Name of config adapter to apply") + cmd.Flags().StringP("address", "", "", "Address of the administration listener, if different from config") + cmd.Flags().BoolP("force", "f", false, "Force config reload, even if it is the same") + cmd.RunE = WrapCommandFuncForCobra(cmdReload) + }, }) RegisterCommand(Command{ Name: "version", - Func: cmdVersion, Short: "Prints the version", Long: ` Prints the version of this Caddy binary. @@ -217,31 +216,29 @@ detailed version information is printed as given by Go modules. For more details about the full version string, see the Go module documentation: https://go.dev/doc/modules/version-numbers `, + Func: cmdVersion, }) RegisterCommand(Command{ Name: "list-modules", - Func: cmdListModules, - Usage: "[--packages] [--versions]", + Usage: "[--packages] [--versions] [--skip-standard]", Short: "Lists the installed Caddy modules", - Flags: func() *flag.FlagSet { - fs := flag.NewFlagSet("list-modules", flag.ExitOnError) - fs.Bool("packages", false, "Print package paths") - fs.Bool("versions", false, "Print version information") - fs.Bool("skip-standard", false, "Skip printing standard modules") - return fs - }(), + CobraFunc: func(cmd *cobra.Command) { + cmd.Flags().BoolP("packages", "", false, "Print package paths") + cmd.Flags().BoolP("versions", "", false, "Print version information") + cmd.Flags().BoolP("skip-standard", "s", false, "Skip printing standard modules") + cmd.RunE = WrapCommandFuncForCobra(cmdListModules) + }, }) RegisterCommand(Command{ Name: "build-info", - Func: cmdBuildInfo, Short: "Prints information about this build", + Func: cmdBuildInfo, }) RegisterCommand(Command{ Name: "environ", - Func: cmdEnviron, Short: "Prints the environment", Long: ` Prints the environment as seen by this Caddy process. @@ -261,11 +258,11 @@ by adding the "--environ" flag. Environments may contain sensitive data. `, + Func: cmdEnviron, }) RegisterCommand(Command{ Name: "adapt", - Func: cmdAdaptConfig, Usage: "--config [--adapter ] [--pretty] [--validate]", Short: "Adapts a configuration to Caddy's native JSON", Long: ` @@ -279,19 +276,17 @@ If --validate is used, the adapted config will be checked for validity. If the config is invalid, an error will be printed to stderr and a non- zero exit status will be returned. `, - Flags: func() *flag.FlagSet { - fs := flag.NewFlagSet("adapt", flag.ExitOnError) - fs.String("config", "", "Configuration file to adapt (required)") - fs.String("adapter", "caddyfile", "Name of config adapter") - fs.Bool("pretty", false, "Format the output for human readability") - fs.Bool("validate", false, "Validate the output") - return fs - }(), + CobraFunc: func(cmd *cobra.Command) { + cmd.Flags().StringP("config", "c", "", "Configuration file to adapt (required)") + cmd.Flags().StringP("adapter", "a", "caddyfile", "Name of config adapter") + cmd.Flags().BoolP("pretty", "p", false, "Format the output for human readability") + cmd.Flags().BoolP("validate", "", false, "Validate the output") + cmd.RunE = WrapCommandFuncForCobra(cmdAdaptConfig) + }, }) RegisterCommand(Command{ Name: "validate", - Func: cmdValidateConfig, Usage: "--config [--adapter ] [--envfile ]", Short: "Tests whether a configuration file is valid", Long: ` @@ -302,18 +297,16 @@ provisioning stages. If --envfile is specified, an environment file with environment variables in the KEY=VALUE format will be loaded into the Caddy process. `, - Flags: func() *flag.FlagSet { - fs := flag.NewFlagSet("validate", flag.ExitOnError) - fs.String("config", "", "Input configuration file") - fs.String("adapter", "", "Name of config adapter") - fs.String("envfile", "", "Environment file to load") - return fs - }(), + CobraFunc: func(cmd *cobra.Command) { + cmd.Flags().StringP("config", "c", "", "Input configuration file") + cmd.Flags().StringP("adapter", "a", "", "Name of config adapter") + cmd.Flags().StringP("envfile", "", "", "Environment file to load") + cmd.RunE = WrapCommandFuncForCobra(cmdValidateConfig) + }, }) RegisterCommand(Command{ Name: "fmt", - Func: cmdFmt, Usage: "[--overwrite] [--diff] []", Short: "Formats a Caddyfile", Long: ` @@ -332,32 +325,28 @@ If you wish you use stdin instead of a regular file, use - as the path. When reading from stdin, the --overwrite flag has no effect: the result is always printed to stdout. `, - Flags: func() *flag.FlagSet { - fs := flag.NewFlagSet("fmt", flag.ExitOnError) - fs.Bool("overwrite", false, "Overwrite the input file with the results") - fs.Bool("diff", false, "Print the differences between the input file and the formatted output") - return fs - }(), + CobraFunc: func(cmd *cobra.Command) { + cmd.Flags().BoolP("overwrite", "w", false, "Overwrite the input file with the results") + cmd.Flags().BoolP("diff", "d", false, "Print the differences between the input file and the formatted output") + cmd.RunE = WrapCommandFuncForCobra(cmdFmt) + }, }) RegisterCommand(Command{ Name: "upgrade", - Func: cmdUpgrade, Short: "Upgrade Caddy (EXPERIMENTAL)", Long: ` Downloads an updated Caddy binary with the same modules/plugins at the latest versions. EXPERIMENTAL: May be changed or removed. `, - Flags: func() *flag.FlagSet { - fs := flag.NewFlagSet("upgrade", flag.ExitOnError) - fs.Bool("keep-backup", false, "Keep the backed up binary, instead of deleting it") - return fs - }(), + CobraFunc: func(cmd *cobra.Command) { + cmd.Flags().BoolP("keep-backup", "k", false, "Keep the backed up binary, instead of deleting it") + cmd.RunE = WrapCommandFuncForCobra(cmdUpgrade) + }, }) RegisterCommand(Command{ Name: "add-package", - Func: cmdAddPackage, Usage: "", Short: "Adds Caddy packages (EXPERIMENTAL)", Long: ` @@ -365,11 +354,10 @@ Downloads an updated Caddy binary with the specified packages (module/plugin) added. Retains existing packages. Returns an error if the any of packages are already included. EXPERIMENTAL: May be changed or removed. `, - Flags: func() *flag.FlagSet { - fs := flag.NewFlagSet("add-package", flag.ExitOnError) - fs.Bool("keep-backup", false, "Keep the backed up binary, instead of deleting it") - return fs - }(), + CobraFunc: func(cmd *cobra.Command) { + cmd.Flags().BoolP("keep-backup", "k", false, "Keep the backed up binary, instead of deleting it") + cmd.RunE = WrapCommandFuncForCobra(cmdAddPackage) + }, }) RegisterCommand(Command{ @@ -382,31 +370,14 @@ Downloads an updated Caddy binaries without the specified packages (module/plugi Returns an error if any of the packages are not included. EXPERIMENTAL: May be changed or removed. `, - Flags: func() *flag.FlagSet { - fs := flag.NewFlagSet("remove-package", flag.ExitOnError) - fs.Bool("keep-backup", false, "Keep the backed up binary, instead of deleting it") - return fs - }(), + CobraFunc: func(cmd *cobra.Command) { + cmd.Flags().BoolP("keep-backup", "k", false, "Keep the backed up binary, instead of deleting it") + cmd.RunE = WrapCommandFuncForCobra(cmdRemovePackage) + }, }) RegisterCommand(Command{ - Name: "manpage", - Func: func(fl Flags) (int, error) { - dir := strings.TrimSpace(fl.String("directory")) - if dir == "" { - return caddy.ExitCodeFailedQuit, fmt.Errorf("designated output directory and specified section are required") - } - if err := os.MkdirAll(dir, 0755); err != nil { - return caddy.ExitCodeFailedQuit, err - } - if err := doc.GenManTree(rootCmd, &doc.GenManHeader{ - Title: "Caddy", - Section: "8", // https://en.wikipedia.org/wiki/Man_page#Manual_sections - }, dir); err != nil { - return caddy.ExitCodeFailedQuit, err - } - return caddy.ExitCodeSuccess, nil - }, + Name: "manpage", Usage: "--directory ", Short: "Generates the manual pages for Caddy commands", Long: ` @@ -416,11 +387,25 @@ tagged into section 8 (System Administration). The manual page files are generated into the directory specified by the argument of --directory. If the directory does not exist, it will be created. `, - Flags: func() *flag.FlagSet { - fs := flag.NewFlagSet("manpage", flag.ExitOnError) - fs.String("directory", "", "The output directory where the manpages are generated") - return fs - }(), + CobraFunc: func(cmd *cobra.Command) { + cmd.Flags().StringP("directory", "o", "", "The output directory where the manpages are generated") + cmd.RunE = WrapCommandFuncForCobra(func(fl Flags) (int, error) { + dir := strings.TrimSpace(fl.String("directory")) + if dir == "" { + return caddy.ExitCodeFailedQuit, fmt.Errorf("designated output directory and specified section are required") + } + if err := os.MkdirAll(dir, 0755); err != nil { + return caddy.ExitCodeFailedQuit, err + } + if err := doc.GenManTree(rootCmd, &doc.GenManHeader{ + Title: "Caddy", + Section: "8", // https://en.wikipedia.org/wiki/Man_page#Manual_sections + }, dir); err != nil { + return caddy.ExitCodeFailedQuit, err + } + return caddy.ExitCodeSuccess, nil + }) + }, }) // source: https://github.com/spf13/cobra/blob/main/shell_completions.md @@ -504,7 +489,7 @@ func RegisterCommand(cmd Command) { if cmd.Name == "" { panic("command name is required") } - if cmd.Func == nil { + if cmd.Func == nil && cmd.CobraFunc == nil { panic("command function missing") } if cmd.Short == "" { diff --git a/modules/caddyhttp/caddyauth/command.go b/modules/caddyhttp/caddyauth/command.go index 609de4e8..915bcd31 100644 --- a/modules/caddyhttp/caddyauth/command.go +++ b/modules/caddyhttp/caddyauth/command.go @@ -18,20 +18,19 @@ import ( "bufio" "bytes" "encoding/base64" - "flag" "fmt" "os" "os/signal" "github.com/caddyserver/caddy/v2" caddycmd "github.com/caddyserver/caddy/v2/cmd" + "github.com/spf13/cobra" "golang.org/x/term" ) func init() { caddycmd.RegisterCommand(caddycmd.Command{ Name: "hash-password", - Func: cmdHashPassword, Usage: "[--algorithm ] [--salt ] [--plaintext ]", Short: "Hashes a password and writes base64", Long: ` @@ -50,13 +49,12 @@ be provided (scrypt). Note that scrypt is deprecated. Please use 'bcrypt' instead. `, - Flags: func() *flag.FlagSet { - fs := flag.NewFlagSet("hash-password", flag.ExitOnError) - fs.String("algorithm", "bcrypt", "Name of the hash algorithm") - fs.String("plaintext", "", "The plaintext password") - fs.String("salt", "", "The password salt") - return fs - }(), + CobraFunc: func(cmd *cobra.Command) { + cmd.Flags().StringP("plaintext", "p", "", "The plaintext password") + cmd.Flags().StringP("salt", "s", "", "The password salt") + cmd.Flags().StringP("algorithm", "a", "bcrypt", "Name of the hash algorithm") + cmd.RunE = caddycmd.WrapCommandFuncForCobra(cmdHashPassword) + }, }) } diff --git a/modules/caddyhttp/fileserver/command.go b/modules/caddyhttp/fileserver/command.go index bc7f981d..697ec348 100644 --- a/modules/caddyhttp/fileserver/command.go +++ b/modules/caddyhttp/fileserver/command.go @@ -16,7 +16,6 @@ package fileserver import ( "encoding/json" - "flag" "log" "strconv" "time" @@ -27,13 +26,13 @@ import ( "github.com/caddyserver/caddy/v2/modules/caddyhttp" caddytpl "github.com/caddyserver/caddy/v2/modules/caddyhttp/templates" "github.com/caddyserver/certmagic" + "github.com/spf13/cobra" "go.uber.org/zap" ) func init() { caddycmd.RegisterCommand(caddycmd.Command{ Name: "file-server", - Func: cmdFileServer, Usage: "[--domain ] [--root ] [--listen ] [--browse] [--access-log]", Short: "Spins up a production-ready file server", Long: ` @@ -49,17 +48,16 @@ using this option. If --browse is enabled, requests for folders without an index file will respond with a file listing.`, - Flags: func() *flag.FlagSet { - fs := flag.NewFlagSet("file-server", flag.ExitOnError) - fs.String("domain", "", "Domain name at which to serve the files") - fs.String("root", "", "The path to the root of the site") - fs.String("listen", "", "The address to which to bind the listener") - fs.Bool("browse", false, "Enable directory browsing") - fs.Bool("templates", false, "Enable template rendering") - fs.Bool("access-log", false, "Enable the access log") - fs.Bool("debug", false, "Enable verbose debug logs") - return fs - }(), + CobraFunc: func(cmd *cobra.Command) { + cmd.Flags().StringP("domain", "d", "", "Domain name at which to serve the files") + cmd.Flags().StringP("root", "r", "", "The path to the root of the site") + cmd.Flags().StringP("listen", "", "", "The address to which to bind the listener") + cmd.Flags().BoolP("browse", "b", false, "Enable directory browsing") + cmd.Flags().BoolP("templates", "t", false, "Enable template rendering") + cmd.Flags().BoolP("access-log", "", false, "Enable the access log") + cmd.Flags().BoolP("debug", "v", false, "Enable verbose debug logs") + cmd.RunE = caddycmd.WrapCommandFuncForCobra(cmdFileServer) + }, }) } diff --git a/modules/caddyhttp/reverseproxy/command.go b/modules/caddyhttp/reverseproxy/command.go index 04fb9b4d..8c171ec1 100644 --- a/modules/caddyhttp/reverseproxy/command.go +++ b/modules/caddyhttp/reverseproxy/command.go @@ -16,7 +16,6 @@ package reverseproxy import ( "encoding/json" - "flag" "fmt" "net/http" "strconv" @@ -28,14 +27,14 @@ import ( "github.com/caddyserver/caddy/v2/modules/caddyhttp" "github.com/caddyserver/caddy/v2/modules/caddyhttp/headers" "github.com/caddyserver/caddy/v2/modules/caddytls" + "github.com/spf13/cobra" "go.uber.org/zap" ) func init() { caddycmd.RegisterCommand(caddycmd.Command{ Name: "reverse-proxy", - Func: cmdReverseProxy, - Usage: "[--from ] [--to ] [--change-host-header] [--insecure] [--internal-certs] [--disable-redirects]", + Usage: "[--from ] [--to ] [--change-host-header] [--insecure] [--internal-certs] [--disable-redirects] [--access-log]", Short: "A quick and production-ready reverse proxy", Long: ` A simple but production-ready reverse proxy. Useful for quick deployments, @@ -63,17 +62,17 @@ For proxying: --insecure disables TLS verification with the upstream. WARNING: THIS DISABLES SECURITY BY NOT VERIFYING THE UPSTREAM'S CERTIFICATE. `, - Flags: func() *flag.FlagSet { - fs := flag.NewFlagSet("reverse-proxy", flag.ExitOnError) - fs.String("from", "localhost", "Address on which to receive traffic") - fs.Var(&reverseProxyCmdTo, "to", "Upstream address(es) to which traffic should be sent") - fs.Bool("change-host-header", false, "Set upstream Host header to address of upstream") - fs.Bool("insecure", false, "Disable TLS verification (WARNING: DISABLES SECURITY BY NOT VERIFYING TLS CERTIFICATES!)") - fs.Bool("internal-certs", false, "Use internal CA for issuing certs") - fs.Bool("debug", false, "Enable verbose debug logs") - fs.Bool("disable-redirects", false, "Disable HTTP->HTTPS redirects") - return fs - }(), + CobraFunc: func(cmd *cobra.Command) { + cmd.Flags().StringP("from", "f", "localhost", "Address on which to receive traffic") + cmd.Flags().StringSliceP("to", "t", []string{}, "Upstream address(es) to which traffic should be sent") + cmd.Flags().BoolP("change-host-header", "c", false, "Set upstream Host header to address of upstream") + cmd.Flags().BoolP("insecure", "", false, "Disable TLS verification (WARNING: DISABLES SECURITY BY NOT VERIFYING TLS CERTIFICATES!)") + cmd.Flags().BoolP("disable-redirects", "r", false, "Disable HTTP->HTTPS redirects") + cmd.Flags().BoolP("internal-certs", "i", false, "Use internal CA for issuing certs") + cmd.Flags().BoolP("access-log", "", false, "Enable the access log") + cmd.Flags().BoolP("debug", "v", false, "Enable verbose debug logs") + cmd.RunE = caddycmd.WrapCommandFuncForCobra(cmdReverseProxy) + }, }) } @@ -83,14 +82,19 @@ func cmdReverseProxy(fs caddycmd.Flags) (int, error) { from := fs.String("from") changeHost := fs.Bool("change-host-header") insecure := fs.Bool("insecure") - internalCerts := fs.Bool("internal-certs") - debug := fs.Bool("debug") disableRedir := fs.Bool("disable-redirects") + internalCerts := fs.Bool("internal-certs") + accessLog := fs.Bool("access-log") + debug := fs.Bool("debug") httpPort := strconv.Itoa(caddyhttp.DefaultHTTPPort) httpsPort := strconv.Itoa(caddyhttp.DefaultHTTPSPort) - if len(reverseProxyCmdTo) == 0 { + to, err := fs.GetStringSlice("to") + if err != nil { + return caddy.ExitCodeFailedStartup, fmt.Errorf("invalid to flag: %v", err) + } + if len(to) == 0 { return caddy.ExitCodeFailedStartup, fmt.Errorf("--to is required") } @@ -119,9 +123,9 @@ func cmdReverseProxy(fs caddycmd.Flags) (int, error) { // set up the upstream address; assume missing information from given parts // mixing schemes isn't supported, so use first defined (if available) - toAddresses := make([]string, len(reverseProxyCmdTo)) + toAddresses := make([]string, len(to)) var toScheme string - for i, toLoc := range reverseProxyCmdTo { + for i, toLoc := range to { addr, scheme, err := parseUpstreamDialAddress(toLoc) if err != nil { return caddy.ExitCodeFailedStartup, fmt.Errorf("invalid upstream address %s: %v", toLoc, err) @@ -180,6 +184,9 @@ func cmdReverseProxy(fs caddycmd.Flags) (int, error) { Routes: caddyhttp.RouteList{route}, Listen: []string{":" + fromAddr.Port}, } + if accessLog { + server.Logs = &caddyhttp.ServerLogConfig{} + } if fromAddr.Scheme == "http" { server.AutoHTTPS = &caddyhttp.AutoHTTPSConfig{Disabled: true} @@ -238,6 +245,3 @@ func cmdReverseProxy(fs caddycmd.Flags) (int, error) { select {} } - -// reverseProxyCmdTo holds the parsed values from repeated use of the --to flag. -var reverseProxyCmdTo caddycmd.StringSlice diff --git a/modules/caddyhttp/staticresp.go b/modules/caddyhttp/staticresp.go index add5b121..67614c2b 100644 --- a/modules/caddyhttp/staticresp.go +++ b/modules/caddyhttp/staticresp.go @@ -17,7 +17,6 @@ package caddyhttp import ( "bytes" "encoding/json" - "flag" "fmt" "io" "net/http" @@ -32,6 +31,7 @@ import ( "github.com/caddyserver/caddy/v2/caddyconfig" "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile" caddycmd "github.com/caddyserver/caddy/v2/cmd" + "github.com/spf13/cobra" "go.uber.org/zap" ) @@ -39,7 +39,6 @@ func init() { caddy.RegisterModule(StaticResponse{}) caddycmd.RegisterCommand(caddycmd.Command{ Name: "respond", - Func: cmdRespond, Usage: `[--status ] [--body ] [--listen ] [--access-log] [--debug] [--header "Field: value"] `, Short: "Simple, hard-coded HTTP responses for development and testing", Long: ` @@ -71,16 +70,15 @@ Access/request logging and more verbose debug logging can also be enabled. Response headers may be added using the --header flag for each header field. `, - Flags: func() *flag.FlagSet { - fs := flag.NewFlagSet("respond", flag.ExitOnError) - fs.String("listen", ":0", "The address to which to bind the listener") - fs.Int("status", http.StatusOK, "The response status code") - fs.String("body", "", "The body of the HTTP response") - fs.Bool("access-log", false, "Enable the access log") - fs.Bool("debug", false, "Enable more verbose debug-level logging") - fs.Var(&respondCmdHeaders, "header", "Set a header on the response (format: \"Field: value\"") - return fs - }(), + CobraFunc: func(cmd *cobra.Command) { + cmd.Flags().StringP("listen", "l", ":0", "The address to which to bind the listener") + cmd.Flags().IntP("status", "s", http.StatusOK, "The response status code") + cmd.Flags().StringP("body", "b", "", "The body of the HTTP response") + cmd.Flags().BoolP("access-log", "", false, "Enable the access log") + cmd.Flags().BoolP("debug", "v", false, "Enable more verbose debug-level logging") + cmd.Flags().StringSliceP("header", "H", []string{}, "Set a header on the response (format: \"Field: value\")") + cmd.RunE = caddycmd.WrapCommandFuncForCobra(cmdRespond) + }, }) } @@ -318,8 +316,12 @@ func cmdRespond(fl caddycmd.Flags) (int, error) { } // build headers map + headers, err := fl.GetStringSlice("header") + if err != nil { + return caddy.ExitCodeFailedStartup, fmt.Errorf("invalid header flag: %v", err) + } hdr := make(http.Header) - for i, h := range respondCmdHeaders { + for i, h := range headers { key, val, found := strings.Cut(h, ":") key, val = strings.TrimSpace(key), strings.TrimSpace(val) if !found || key == "" || val == "" { @@ -432,9 +434,6 @@ func cmdRespond(fl caddycmd.Flags) (int, error) { select {} } -// respondCmdHeaders holds the parsed values from repeated use of the --header flag. -var respondCmdHeaders caddycmd.StringSlice - // Interface guards var ( _ MiddlewareHandler = (*StaticResponse)(nil) diff --git a/modules/caddypki/command.go b/modules/caddypki/command.go index cb86c937..e78f35c8 100644 --- a/modules/caddypki/command.go +++ b/modules/caddypki/command.go @@ -18,7 +18,6 @@ import ( "crypto/x509" "encoding/json" "encoding/pem" - "flag" "fmt" "net/http" "os" @@ -27,12 +26,12 @@ import ( "github.com/caddyserver/caddy/v2" caddycmd "github.com/caddyserver/caddy/v2/cmd" "github.com/smallstep/truststore" + "github.com/spf13/cobra" ) func init() { caddycmd.RegisterCommand(caddycmd.Command{ Name: "trust", - Func: cmdTrust, Usage: "[--ca ] [--address ] [--config [--adapter ]]", Short: "Installs a CA certificate into local trust stores", Long: ` @@ -53,19 +52,17 @@ This command will attempt to connect to Caddy's admin API running at '` + caddy.DefaultAdminListen + `' to fetch the root certificate. You may explicitly specify the --address, or use the --config flag to load the admin address from your config, if not using the default.`, - Flags: func() *flag.FlagSet { - fs := flag.NewFlagSet("trust", flag.ExitOnError) - fs.String("ca", "", "The ID of the CA to trust (defaults to 'local')") - fs.String("address", "", "Address of the administration API listener (if --config is not used)") - fs.String("config", "", "Configuration file (if --address is not used)") - fs.String("adapter", "", "Name of config adapter to apply (if --config is used)") - return fs - }(), + CobraFunc: func(cmd *cobra.Command) { + cmd.Flags().StringP("ca", "", "", "The ID of the CA to trust (defaults to 'local')") + cmd.Flags().StringP("address", "", "", "Address of the administration API listener (if --config is not used)") + cmd.Flags().StringP("config", "c", "", "Configuration file (if --address is not used)") + cmd.Flags().StringP("adapter", "a", "", "Name of config adapter to apply (if --config is used)") + cmd.RunE = caddycmd.WrapCommandFuncForCobra(cmdTrust) + }, }) caddycmd.RegisterCommand(caddycmd.Command{ Name: "untrust", - Func: cmdUntrust, Usage: "[--cert ] | [[--ca ] [--address ] [--config [--adapter ]]]", Short: "Untrusts a locally-trusted CA certificate", Long: ` @@ -89,15 +86,14 @@ will attempt to connect to the Caddy's admin API running at '` + caddy.DefaultAdminListen + `' to fetch the root certificate. You may explicitly specify the --address, or use the --config flag to load the admin address from your config, if not using the default.`, - Flags: func() *flag.FlagSet { - fs := flag.NewFlagSet("untrust", flag.ExitOnError) - fs.String("cert", "", "The path to the CA certificate to untrust") - fs.String("ca", "", "The ID of the CA to untrust (defaults to 'local')") - fs.String("address", "", "Address of the administration API listener (if --config is not used)") - fs.String("config", "", "Configuration file (if --address is not used)") - fs.String("adapter", "", "Name of config adapter to apply (if --config is used)") - return fs - }(), + CobraFunc: func(cmd *cobra.Command) { + cmd.Flags().StringP("cert", "p", "", "The path to the CA certificate to untrust") + cmd.Flags().StringP("ca", "", "", "The ID of the CA to untrust (defaults to 'local')") + cmd.Flags().StringP("address", "", "", "Address of the administration API listener (if --config is not used)") + cmd.Flags().StringP("config", "c", "", "Configuration file (if --address is not used)") + cmd.Flags().StringP("adapter", "a", "", "Name of config adapter to apply (if --config is used)") + cmd.RunE = caddycmd.WrapCommandFuncForCobra(cmdUntrust) + }, }) } From 960150bb034dc9a549ee7289b1a4eb4abafeb30a Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Sat, 25 Feb 2023 19:34:27 -0500 Subject: [PATCH 0932/1498] caddyfile: Implement heredoc support (#5385) --- caddyconfig/caddyfile/dispenser.go | 58 ++--- caddyconfig/caddyfile/lexer.go | 226 ++++++++++++++---- caddyconfig/caddyfile/lexer_test.go | 125 +++++++++- .../caddyfile/testdata/import_args0.txt | 2 +- .../caddyfile/testdata/import_args1.txt | 2 +- .../integration/caddyfile_adapt/heredoc.txt | 50 ++++ .../caddyfile_adapt/import_args_snippet.txt | 2 +- .../caddyfile_adapt/reverse_proxy_options.txt | 4 +- .../integration/testdata/import_respond.txt | 2 +- modules/caddyhttp/celmatcher.go | 6 +- .../reverseproxy/fastcgi/caddyfile.go | 42 +--- .../reverseproxy/forwardauth/caddyfile.go | 13 +- 12 files changed, 397 insertions(+), 135 deletions(-) create mode 100644 caddytest/integration/caddyfile_adapt/heredoc.txt diff --git a/caddyconfig/caddyfile/dispenser.go b/caddyconfig/caddyfile/dispenser.go index 91bd9a50..0daed3c4 100644 --- a/caddyconfig/caddyfile/dispenser.go +++ b/caddyconfig/caddyfile/dispenser.go @@ -20,7 +20,6 @@ import ( "io" "log" "strconv" - "strings" ) // Dispenser is a type that dispenses tokens, similarly to a lexer, @@ -101,12 +100,12 @@ func (d *Dispenser) nextOnSameLine() bool { d.cursor++ return true } - if d.cursor >= len(d.tokens) { + if d.cursor >= len(d.tokens)-1 { return false } - if d.cursor < len(d.tokens)-1 && - d.tokens[d.cursor].File == d.tokens[d.cursor+1].File && - d.tokens[d.cursor].Line+d.numLineBreaks(d.cursor) == d.tokens[d.cursor+1].Line { + curr := d.tokens[d.cursor] + next := d.tokens[d.cursor+1] + if curr.File == next.File && curr.Line+curr.NumLineBreaks() == next.Line { d.cursor++ return true } @@ -122,12 +121,12 @@ func (d *Dispenser) NextLine() bool { d.cursor++ return true } - if d.cursor >= len(d.tokens) { + if d.cursor >= len(d.tokens)-1 { return false } - if d.cursor < len(d.tokens)-1 && - (d.tokens[d.cursor].File != d.tokens[d.cursor+1].File || - d.tokens[d.cursor].Line+d.numLineBreaks(d.cursor) < d.tokens[d.cursor+1].Line) { + curr := d.tokens[d.cursor] + next := d.tokens[d.cursor+1] + if curr.File != next.File || curr.Line+curr.NumLineBreaks() < next.Line { d.cursor++ return true } @@ -203,14 +202,17 @@ func (d *Dispenser) Val() string { } // ValRaw gets the raw text of the current token (including quotes). +// If the token was a heredoc, then the delimiter is not included, +// because that is not relevant to any unmarshaling logic at this time. // If there is no token loaded, it returns empty string. func (d *Dispenser) ValRaw() string { if d.cursor < 0 || d.cursor >= len(d.tokens) { return "" } quote := d.tokens[d.cursor].wasQuoted - if quote > 0 { - return string(quote) + d.tokens[d.cursor].Text + string(quote) // string literal + if quote > 0 && quote != '<' { + // string literal + return string(quote) + d.tokens[d.cursor].Text + string(quote) } return d.tokens[d.cursor].Text } @@ -438,14 +440,14 @@ func (d *Dispenser) Delete() []Token { return d.tokens } -// numLineBreaks counts how many line breaks are in the token -// value given by the token index tknIdx. It returns 0 if the -// token does not exist or there are no line breaks. -func (d *Dispenser) numLineBreaks(tknIdx int) int { - if tknIdx < 0 || tknIdx >= len(d.tokens) { - return 0 +// DeleteN is the same as Delete, but can delete many tokens at once. +// If there aren't N tokens available to delete, none are deleted. +func (d *Dispenser) DeleteN(amount int) []Token { + if amount > 0 && d.cursor >= (amount-1) && d.cursor <= len(d.tokens)-1 { + d.tokens = append(d.tokens[:d.cursor-(amount-1)], d.tokens[d.cursor+1:]...) + d.cursor -= amount } - return strings.Count(d.tokens[tknIdx].Text, "\n") + return d.tokens } // isNewLine determines whether the current token is on a different @@ -468,18 +470,10 @@ func (d *Dispenser) isNewLine() bool { return true } - // The previous token may contain line breaks if - // it was quoted and spanned multiple lines. e.g: - // - // dir "foo - // bar - // baz" - prevLineBreaks := d.numLineBreaks(d.cursor - 1) - // If the previous token (incl line breaks) ends // on a line earlier than the current token, // then the current token is on a new line - return prev.Line+prevLineBreaks < curr.Line + return prev.Line+prev.NumLineBreaks() < curr.Line } // isNextOnNewLine determines whether the current token is on a different @@ -502,16 +496,8 @@ func (d *Dispenser) isNextOnNewLine() bool { return true } - // The current token may contain line breaks if - // it was quoted and spanned multiple lines. e.g: - // - // dir "foo - // bar - // baz" - currLineBreaks := d.numLineBreaks(d.cursor) - // If the current token (incl line breaks) ends // on a line earlier than the next token, // then the next token is on a new line - return curr.Line+currLineBreaks < next.Line + return curr.Line+curr.NumLineBreaks() < next.Line } diff --git a/caddyconfig/caddyfile/lexer.go b/caddyconfig/caddyfile/lexer.go index 09b04c17..ba8b8798 100644 --- a/caddyconfig/caddyfile/lexer.go +++ b/caddyconfig/caddyfile/lexer.go @@ -17,7 +17,10 @@ package caddyfile import ( "bufio" "bytes" + "fmt" "io" + "regexp" + "strings" "unicode" ) @@ -35,30 +38,39 @@ type ( // Token represents a single parsable unit. Token struct { - File string - origFile string - Line int - Text string - wasQuoted rune // enclosing quote character, if any - snippetName string + File string + origFile string + Line int + Text string + wasQuoted rune // enclosing quote character, if any + heredocMarker string + snippetName string } ) -// originalFile gets original filename before import modification. -func (t Token) originalFile() string { - if t.origFile != "" { - return t.origFile +// Tokenize takes bytes as input and lexes it into +// a list of tokens that can be parsed as a Caddyfile. +// Also takes a filename to fill the token's File as +// the source of the tokens, which is important to +// determine relative paths for `import` directives. +func Tokenize(input []byte, filename string) ([]Token, error) { + l := lexer{} + if err := l.load(bytes.NewReader(input)); err != nil { + return nil, err } - return t.File -} - -// updateFile updates the token's source filename for error display -// and remembers the original filename. Used during "import" processing. -func (t *Token) updateFile(file string) { - if t.origFile == "" { - t.origFile = t.File + var tokens []Token + for { + found, err := l.next() + if err != nil { + return nil, err + } + if !found { + break + } + l.token.File = filename + tokens = append(tokens, l.token) } - t.File = file + return tokens, nil } // load prepares the lexer to scan an input for tokens. @@ -92,28 +104,93 @@ func (l *lexer) load(input io.Reader) error { // may be escaped. The rest of the line is skipped // if a "#" character is read in. Returns true if // a token was loaded; false otherwise. -func (l *lexer) next() bool { +func (l *lexer) next() (bool, error) { var val []rune - var comment, quoted, btQuoted, escaped bool + var comment, quoted, btQuoted, inHeredoc, heredocEscaped, escaped bool + var heredocMarker string makeToken := func(quoted rune) bool { l.token.Text = string(val) l.token.wasQuoted = quoted + l.token.heredocMarker = heredocMarker return true } for { + // Read a character in; if err then if we had + // read some characters, make a token. If we + // reached EOF, then no more tokens to read. + // If no EOF, then we had a problem. ch, _, err := l.reader.ReadRune() if err != nil { if len(val) > 0 { - return makeToken(0) + if inHeredoc { + return false, fmt.Errorf("incomplete heredoc <<%s on line #%d, expected ending marker %s", heredocMarker, l.line+l.skippedLines, heredocMarker) + } + + return makeToken(0), nil } if err == io.EOF { - return false + return false, nil } - panic(err) + return false, err } + // detect whether we have the start of a heredoc + if !inHeredoc && !heredocEscaped && len(val) > 1 && string(val[:2]) == "<<" { + if ch == '<' { + return false, fmt.Errorf("too many '<' for heredoc on line #%d; only use two, for example < len(heredocMarker) && heredocMarker == string(val[len(val)-len(heredocMarker):]) { + // set the final value + val, err = l.finalizeHeredoc(val, heredocMarker) + if err != nil { + return false, err + } + + // set the line counter, and make the token + l.line += l.skippedLines + l.skippedLines = 0 + return makeToken('<'), nil + } + + // stay in the heredoc until we find the ending marker + continue + } + + // track whether we found an escape '\' for the next + // iteration to be contextually aware if !escaped && !btQuoted && ch == '\\' { escaped = true continue @@ -128,26 +205,29 @@ func (l *lexer) next() bool { } escaped = false } else { - if quoted && ch == '"' { - return makeToken('"') - } - if btQuoted && ch == '`' { - return makeToken('`') + if (quoted && ch == '"') || (btQuoted && ch == '`') { + return makeToken(ch), nil } } + // allow quoted text to wrap continue on multiple lines if ch == '\n' { l.line += 1 + l.skippedLines l.skippedLines = 0 } + // collect this character as part of the quoted token val = append(val, ch) continue } if unicode.IsSpace(ch) { + // ignore CR altogether, we only actually care about LF (\n) if ch == '\r' { continue } + // end of the line if ch == '\n' { + // newlines can be escaped to chain arguments + // onto multiple lines; else, increment the line count if escaped { l.skippedLines++ escaped = false @@ -155,14 +235,18 @@ func (l *lexer) next() bool { l.line += 1 + l.skippedLines l.skippedLines = 0 } + // comments (#) are single-line only comment = false } + // any kind of space means we're at the end of this token if len(val) > 0 { - return makeToken(0) + return makeToken(0), nil } continue } + // comments must be at the start of a token, + // in other words, preceded by space or newline if ch == '#' && len(val) == 0 { comment = true } @@ -183,7 +267,12 @@ func (l *lexer) next() bool { } if escaped { - val = append(val, '\\') + // allow escaping the first < to skip the heredoc syntax + if ch == '<' { + heredocEscaped = true + } else { + val = append(val, '\\') + } escaped = false } @@ -191,24 +280,71 @@ func (l *lexer) next() bool { } } -// Tokenize takes bytes as input and lexes it into -// a list of tokens that can be parsed as a Caddyfile. -// Also takes a filename to fill the token's File as -// the source of the tokens, which is important to -// determine relative paths for `import` directives. -func Tokenize(input []byte, filename string) ([]Token, error) { - l := lexer{} - if err := l.load(bytes.NewReader(input)); err != nil { - return nil, err +// finalizeHeredoc takes the runes read as the heredoc text and the marker, +// and processes the text to strip leading whitespace, returning the final +// value without the leading whitespace. +func (l *lexer) finalizeHeredoc(val []rune, marker string) ([]rune, error) { + // find the last newline of the heredoc, which is where the contents end + lastNewline := strings.LastIndex(string(val), "\n") + + // collapse the content, then split into separate lines + lines := strings.Split(string(val[:lastNewline+1]), "\n") + + // figure out how much whitespace we need to strip from the front of every line + // by getting the string that precedes the marker, on the last line + paddingToStrip := string(val[lastNewline+1 : len(val)-len(marker)]) + + // iterate over each line and strip the whitespace from the front + var out string + for lineNum, lineText := range lines[:len(lines)-1] { + // find an exact match for the padding + index := strings.Index(lineText, paddingToStrip) + + // if the padding doesn't match exactly at the start then we can't safely strip + if index != 0 { + return nil, fmt.Errorf("mismatched leading whitespace in heredoc <<%s on line #%d [%s], expected whitespace [%s] to match the closing marker", marker, l.line+lineNum+1, lineText, paddingToStrip) + } + + // strip, then append the line, with the newline, to the output. + // also removes all "\r" because Windows. + out += strings.ReplaceAll(lineText[len(paddingToStrip):]+"\n", "\r", "") } - var tokens []Token - for l.next() { - l.token.File = filename - tokens = append(tokens, l.token) + + // return the final value + return []rune(out), nil +} + +// originalFile gets original filename before import modification. +func (t Token) originalFile() string { + if t.origFile != "" { + return t.origFile } - return tokens, nil + return t.File +} + +// updateFile updates the token's source filename for error display +// and remembers the original filename. Used during "import" processing. +func (t *Token) updateFile(file string) { + if t.origFile == "" { + t.origFile = t.File + } + t.File = file } func (t Token) Quoted() bool { return t.wasQuoted > 0 } + +// NumLineBreaks counts how many line breaks are in the token text. +func (t Token) NumLineBreaks() int { + lineBreaks := strings.Count(t.Text, "\n") + if t.wasQuoted == '<' { + // heredocs have an extra linebreak because the opening + // delimiter is on its own line and is not included in + // the token Text itself + lineBreaks++ + } + return lineBreaks +} + +var heredocMarkerRegexp = regexp.MustCompile("^[A-Za-z0-9_-]+$") diff --git a/caddyconfig/caddyfile/lexer_test.go b/caddyconfig/caddyfile/lexer_test.go index 30ee0f63..3c7e157e 100644 --- a/caddyconfig/caddyfile/lexer_test.go +++ b/caddyconfig/caddyfile/lexer_test.go @@ -18,13 +18,13 @@ import ( "testing" ) -type lexerTestCase struct { - input []byte - expected []Token -} - func TestLexer(t *testing.T) { - testCases := []lexerTestCase{ + testCases := []struct { + input []byte + expected []Token + expectErr bool + errorMessage string + }{ { input: []byte(`host:123`), expected: []Token{ @@ -249,10 +249,123 @@ func TestLexer(t *testing.T) { {Line: 1, Text: `quotes`}, }, }, + { + input: []byte(`heredoc < + Foo + Foo + + EOF 200 +} +---------- +{ + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [ + ":443" + ], + "routes": [ + { + "match": [ + { + "host": [ + "example.com" + ] + } + ], + "handle": [ + { + "handler": "subroute", + "routes": [ + { + "handle": [ + { + "body": "\u003chtml\u003e\n \u003chead\u003e\u003ctitle\u003eFoo\u003c/title\u003e\n \u003cbody\u003eFoo\u003c/body\u003e\n\u003c/html\u003e\n", + "handler": "static_response", + "status_code": 200 + } + ] + } + ] + } + ], + "terminal": true + } + ] + } + } + } + } +} \ No newline at end of file diff --git a/caddytest/integration/caddyfile_adapt/import_args_snippet.txt b/caddytest/integration/caddyfile_adapt/import_args_snippet.txt index 9fce9abe..10d9f4cf 100644 --- a/caddytest/integration/caddyfile_adapt/import_args_snippet.txt +++ b/caddytest/integration/caddyfile_adapt/import_args_snippet.txt @@ -1,6 +1,6 @@ (logging) { log { - output file /var/log/caddy/{args.0}.access.log + output file /var/log/caddy/{args[0]}.access.log } } diff --git a/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt b/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt index b22333a4..f6420ca0 100644 --- a/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt +++ b/caddytest/integration/caddyfile_adapt/reverse_proxy_options.txt @@ -6,7 +6,7 @@ https://example.com { method GET rewrite /rewritten?uri={uri} - buffer_requests + request_buffers 4KB transport http { read_buffer 10MB @@ -54,7 +54,6 @@ https://example.com { { "handle": [ { - "buffer_requests": true, "handler": "reverse_proxy", "headers": { "request": { @@ -68,6 +67,7 @@ https://example.com { } } }, + "request_buffers": 4000, "rewrite": { "method": "GET", "uri": "/rewritten?uri={http.request.uri}" diff --git a/caddytest/integration/testdata/import_respond.txt b/caddytest/integration/testdata/import_respond.txt index 0907fbeb..45130885 100644 --- a/caddytest/integration/testdata/import_respond.txt +++ b/caddytest/integration/testdata/import_respond.txt @@ -1 +1 @@ -respond "'I am {args.0}', hears {args.1}" \ No newline at end of file +respond "'I am {args[0]}', hears {args[1]}" \ No newline at end of file diff --git a/modules/caddyhttp/celmatcher.go b/modules/caddyhttp/celmatcher.go index 60ca00b6..c4635e2a 100644 --- a/modules/caddyhttp/celmatcher.go +++ b/modules/caddyhttp/celmatcher.go @@ -191,15 +191,17 @@ func (m MatchExpression) caddyPlaceholderFunc(lhs, rhs ref.Val) ref.Val { celReq, ok := lhs.(celHTTPRequest) if !ok { return types.NewErr( - "invalid request of type '%v' to "+placeholderFuncName+"(request, placeholderVarName)", + "invalid request of type '%v' to %s(request, placeholderVarName)", lhs.Type(), + placeholderFuncName, ) } phStr, ok := rhs.(types.String) if !ok { return types.NewErr( - "invalid placeholder variable name of type '%v' to "+placeholderFuncName+"(request, placeholderVarName)", + "invalid placeholder variable name of type '%v' to %s(request, placeholderVarName)", rhs.Type(), + placeholderFuncName, ) } diff --git a/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go b/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go index 799050e9..4687e686 100644 --- a/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go @@ -217,25 +217,18 @@ func parsePHPFastCGI(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error return nil, dispenser.ArgErr() } fcgiTransport.Root = dispenser.Val() - dispenser.Delete() - dispenser.Delete() + dispenser.DeleteN(2) case "split": extensions = dispenser.RemainingArgs() - dispenser.Delete() - for range extensions { - dispenser.Delete() - } + dispenser.DeleteN(len(extensions) + 1) if len(extensions) == 0 { return nil, dispenser.ArgErr() } case "env": args := dispenser.RemainingArgs() - dispenser.Delete() - for range args { - dispenser.Delete() - } + dispenser.DeleteN(len(args) + 1) if len(args) != 2 { return nil, dispenser.ArgErr() } @@ -246,10 +239,7 @@ func parsePHPFastCGI(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error case "index": args := dispenser.RemainingArgs() - dispenser.Delete() - for range args { - dispenser.Delete() - } + dispenser.DeleteN(len(args) + 1) if len(args) != 1 { return nil, dispenser.ArgErr() } @@ -257,10 +247,7 @@ func parsePHPFastCGI(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error case "try_files": args := dispenser.RemainingArgs() - dispenser.Delete() - for range args { - dispenser.Delete() - } + dispenser.DeleteN(len(args) + 1) if len(args) < 1 { return nil, dispenser.ArgErr() } @@ -268,10 +255,7 @@ func parsePHPFastCGI(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error case "resolve_root_symlink": args := dispenser.RemainingArgs() - dispenser.Delete() - for range args { - dispenser.Delete() - } + dispenser.DeleteN(len(args) + 1) fcgiTransport.ResolveRootSymlink = true case "dial_timeout": @@ -283,8 +267,7 @@ func parsePHPFastCGI(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error return nil, dispenser.Errf("bad timeout value %s: %v", dispenser.Val(), err) } fcgiTransport.DialTimeout = caddy.Duration(dur) - dispenser.Delete() - dispenser.Delete() + dispenser.DeleteN(2) case "read_timeout": if !dispenser.NextArg() { @@ -295,8 +278,7 @@ func parsePHPFastCGI(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error return nil, dispenser.Errf("bad timeout value %s: %v", dispenser.Val(), err) } fcgiTransport.ReadTimeout = caddy.Duration(dur) - dispenser.Delete() - dispenser.Delete() + dispenser.DeleteN(2) case "write_timeout": if !dispenser.NextArg() { @@ -307,15 +289,11 @@ func parsePHPFastCGI(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error return nil, dispenser.Errf("bad timeout value %s: %v", dispenser.Val(), err) } fcgiTransport.WriteTimeout = caddy.Duration(dur) - dispenser.Delete() - dispenser.Delete() + dispenser.DeleteN(2) case "capture_stderr": args := dispenser.RemainingArgs() - dispenser.Delete() - for range args { - dispenser.Delete() - } + dispenser.DeleteN(len(args) + 1) fcgiTransport.CaptureStderr = true } } diff --git a/modules/caddyhttp/reverseproxy/forwardauth/caddyfile.go b/modules/caddyhttp/reverseproxy/forwardauth/caddyfile.go index cecc0001..dbd2a290 100644 --- a/modules/caddyhttp/reverseproxy/forwardauth/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/forwardauth/caddyfile.go @@ -129,8 +129,7 @@ func parseCaddyfile(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error) return nil, dispenser.ArgErr() } rpHandler.Rewrite.URI = dispenser.Val() - dispenser.Delete() - dispenser.Delete() + dispenser.DeleteN(2) case "copy_headers": args := dispenser.RemainingArgs() @@ -140,13 +139,11 @@ func parseCaddyfile(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error) args = append(args, dispenser.Val()) } - dispenser.Delete() // directive name + // directive name + args + dispenser.DeleteN(len(args) + 1) if hadBlock { - dispenser.Delete() // opening brace - dispenser.Delete() // closing brace - } - for range args { - dispenser.Delete() + // opening & closing brace + dispenser.DeleteN(2) } for _, headerField := range args { From f3379f650a3de0e83903e3aa34d39b4ec647ee50 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Sun, 26 Feb 2023 16:56:48 -0500 Subject: [PATCH 0933/1498] caddyfile: Fix heredoc fuzz crasher, drop trailing newline (#5404) Co-authored-by: Mohammed Al Sahaf --- caddyconfig/caddyfile/lexer.go | 19 +++-- caddyconfig/caddyfile/lexer_test.go | 73 ++++++++++++++++--- .../integration/caddyfile_adapt/heredoc.txt | 2 +- 3 files changed, 77 insertions(+), 17 deletions(-) diff --git a/caddyconfig/caddyfile/lexer.go b/caddyconfig/caddyfile/lexer.go index ba8b8798..1f531f45 100644 --- a/caddyconfig/caddyfile/lexer.go +++ b/caddyconfig/caddyfile/lexer.go @@ -284,15 +284,17 @@ func (l *lexer) next() (bool, error) { // and processes the text to strip leading whitespace, returning the final // value without the leading whitespace. func (l *lexer) finalizeHeredoc(val []rune, marker string) ([]rune, error) { + stringVal := string(val) + // find the last newline of the heredoc, which is where the contents end - lastNewline := strings.LastIndex(string(val), "\n") + lastNewline := strings.LastIndex(stringVal, "\n") // collapse the content, then split into separate lines - lines := strings.Split(string(val[:lastNewline+1]), "\n") + lines := strings.Split(stringVal[:lastNewline+1], "\n") // figure out how much whitespace we need to strip from the front of every line // by getting the string that precedes the marker, on the last line - paddingToStrip := string(val[lastNewline+1 : len(val)-len(marker)]) + paddingToStrip := stringVal[lastNewline+1 : len(stringVal)-len(marker)] // iterate over each line and strip the whitespace from the front var out string @@ -310,6 +312,11 @@ func (l *lexer) finalizeHeredoc(val []rune, marker string) ([]rune, error) { out += strings.ReplaceAll(lineText[len(paddingToStrip):]+"\n", "\r", "") } + // Remove the trailing newline from the loop + if len(out) > 0 && out[len(out)-1] == '\n' { + out = out[:len(out)-1] + } + // return the final value return []rune(out), nil } @@ -340,9 +347,9 @@ func (t Token) NumLineBreaks() int { lineBreaks := strings.Count(t.Text, "\n") if t.wasQuoted == '<' { // heredocs have an extra linebreak because the opening - // delimiter is on its own line and is not included in - // the token Text itself - lineBreaks++ + // delimiter is on its own line and is not included in the + // token Text itself, and the trailing newline is removed. + lineBreaks += 2 } return lineBreaks } diff --git a/caddyconfig/caddyfile/lexer_test.go b/caddyconfig/caddyfile/lexer_test.go index 3c7e157e..801d81e2 100644 --- a/caddyconfig/caddyfile/lexer_test.go +++ b/caddyconfig/caddyfile/lexer_test.go @@ -256,7 +256,7 @@ EOF same-line-arg `), expected: []Token{ {Line: 1, Text: `heredoc`}, - {Line: 1, Text: "content\n"}, + {Line: 1, Text: "content"}, {Line: 3, Text: `same-line-arg`}, }, }, @@ -267,18 +267,40 @@ VERY-LONG-MARKER same-line-arg `), expected: []Token{ {Line: 1, Text: `heredoc`}, - {Line: 1, Text: "content\n"}, + {Line: 1, Text: "content"}, {Line: 3, Text: `same-line-arg`}, }, }, { input: []byte(`heredoc < Date: Mon, 27 Feb 2023 01:06:15 +0300 Subject: [PATCH 0934/1498] ci/cd: ship tarballs with vendored deps (#5403) --- .goreleaser.yml | 45 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 43 insertions(+), 2 deletions(-) diff --git a/.goreleaser.yml b/.goreleaser.yml index 3f7f40db..93ea5206 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -4,7 +4,9 @@ before: # This is so we can run goreleaser on tag without Git complaining of being dirty. The main.go in cmd/caddy directory # cannot be built within that directory due to changes necessary for the build causing Git to be dirty, which # subsequently causes gorleaser to refuse running. - - rm -rf caddy-build caddy-dist + - rm -rf caddy-build caddy-dist vendor + # vendor Caddy deps + - go mod vendor - mkdir -p caddy-build - cp cmd/caddy/main.go caddy-build/main.go - /bin/sh -c 'cd ./caddy-build && go mod init caddy' @@ -14,6 +16,8 @@ before: # as of Go 1.16, `go` commands no longer automatically change go.{mod,sum}. We now have to explicitly # run `go mod tidy`. The `/bin/sh -c '...'` is because goreleaser can't find cd in PATH without shell invocation. - /bin/sh -c 'cd ./caddy-build && go mod tidy' + # vendor the deps of the prepared to-build module + - /bin/sh -c 'cd ./caddy-build && go mod vendor' - git clone --depth 1 https://github.com/caddyserver/dist caddy-dist - mkdir -p caddy-dist/man - go mod download @@ -89,7 +93,8 @@ sboms: args: ["$artifact", "--file", "${document}", "--output", "cyclonedx-json"] archives: - - format_overrides: + - id: default + format_overrides: - goos: windows format: zip name_template: >- @@ -100,6 +105,42 @@ archives: {{- with .Arm }}v{{ . }}{{ end }} {{- with .Mips }}_{{ . }}{{ end }} {{- if not (eq .Amd64 "v1") }}{{ .Amd64 }}{{ end }} + + # packge the 'caddy-build' directory into a tarball, + # allowing users to build the exact same set of files as ours. + - id: source + meta: true + rlcp: true + name_template: "{{ .ProjectName }}_{{ .Version }}_buildable-artifact" + files: + - src: LICENSE + dst: ./LICENSE + - src: README.md + dst: ./README.md + - src: AUTHORS + dst: ./AUTHORS + - src: ./caddy-build + dst: ./ + +source: + enabled: true + name_template: '{{ .ProjectName }}_{{ .Version }}_src' + format: 'tar.gz' + + # This will make the destination paths be relative to the longest common + # path prefix between all the files matched and the source glob. + # Enabling this essentially mimic the behavior of nfpm's contents section. + # It will be the default by June 2023. + # + # Default: false + rlcp: true + + # Additional files/template/globs you want to add to the source archive. + # + # Default: empty. + files: + - vendor + checksum: algorithm: sha512 From 941eae5f615aeaf038f62002e673a7bf4886f1c7 Mon Sep 17 00:00:00 2001 From: Emily Lange Date: Mon, 27 Feb 2023 18:23:09 +0100 Subject: [PATCH 0935/1498] reverseproxy: allow specifying ip version for dynamic `a` upstream (#5401) Co-authored-by: Francis Lavoie --- .../reverse_proxy_dynamic_upstreams.txt | 8 +++-- modules/caddyhttp/reverseproxy/caddyfile.go | 25 ++++++++++++- modules/caddyhttp/reverseproxy/upstreams.go | 36 +++++++++++++++++-- 3 files changed, 64 insertions(+), 5 deletions(-) diff --git a/caddytest/integration/caddyfile_adapt/reverse_proxy_dynamic_upstreams.txt b/caddytest/integration/caddyfile_adapt/reverse_proxy_dynamic_upstreams.txt index 2f2cbcd3..384cc056 100644 --- a/caddytest/integration/caddyfile_adapt/reverse_proxy_dynamic_upstreams.txt +++ b/caddytest/integration/caddyfile_adapt/reverse_proxy_dynamic_upstreams.txt @@ -11,6 +11,7 @@ resolvers 8.8.8.8 8.8.4.4 dial_timeout 2s dial_fallback_delay 300ms + versions ipv6 } } } @@ -66,7 +67,10 @@ "8.8.4.4" ] }, - "source": "a" + "source": "a", + "versions": { + "ipv6": true + } }, "handler": "reverse_proxy" } @@ -113,4 +117,4 @@ } } } -} \ No newline at end of file +} diff --git a/modules/caddyhttp/reverseproxy/caddyfile.go b/modules/caddyhttp/reverseproxy/caddyfile.go index 1211188d..cf84ba7c 100644 --- a/modules/caddyhttp/reverseproxy/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/caddyfile.go @@ -1324,6 +1324,7 @@ func (u *SRVUpstreams) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { // resolvers // dial_timeout // dial_fallback_delay +// versions ipv4|ipv6 // } func (u *AUpstreams) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { for d.Next() { @@ -1397,8 +1398,30 @@ func (u *AUpstreams) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { } u.FallbackDelay = caddy.Duration(dur) + case "versions": + args := d.RemainingArgs() + if len(args) == 0 { + return d.Errf("must specify at least one version") + } + + if u.Versions == nil { + u.Versions = &ipVersions{} + } + + trueBool := true + for _, arg := range args { + switch arg { + case "ipv4": + u.Versions.IPv4 = &trueBool + case "ipv6": + u.Versions.IPv6 = &trueBool + default: + return d.Errf("unsupported version: '%s'", arg) + } + } + default: - return d.Errf("unrecognized srv option '%s'", d.Val()) + return d.Errf("unrecognized a option '%s'", d.Val()) } } } diff --git a/modules/caddyhttp/reverseproxy/upstreams.go b/modules/caddyhttp/reverseproxy/upstreams.go index 7a90016d..30bd7b57 100644 --- a/modules/caddyhttp/reverseproxy/upstreams.go +++ b/modules/caddyhttp/reverseproxy/upstreams.go @@ -213,6 +213,11 @@ func (sl srvLookup) isFresh() bool { return time.Since(sl.freshness) < time.Duration(sl.srvUpstreams.Refresh) } +type ipVersions struct { + IPv4 *bool `json:"ipv4,omitempty"` + IPv6 *bool `json:"ipv6,omitempty"` +} + // AUpstreams provides upstreams from A/AAAA lookups. // Results are cached and refreshed at the configured // refresh interval. @@ -240,6 +245,11 @@ type AUpstreams struct { // A negative value disables this. FallbackDelay caddy.Duration `json:"dial_fallback_delay,omitempty"` + // The IP versions to resolve for. By default, both + // "ipv4" and "ipv6" will be enabled, which + // correspond to A and AAAA records respectively. + Versions *ipVersions `json:"versions,omitempty"` + resolver *net.Resolver } @@ -286,7 +296,29 @@ func (au *AUpstreams) Provision(_ caddy.Context) error { func (au AUpstreams) GetUpstreams(r *http.Request) ([]*Upstream, error) { repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) - auStr := repl.ReplaceAll(au.String(), "") + + resolveIpv4 := au.Versions.IPv4 == nil || *au.Versions.IPv4 + resolveIpv6 := au.Versions.IPv6 == nil || *au.Versions.IPv6 + + // Map ipVersion early, so we can use it as part of the cache-key. + // This should be fairly inexpensive and comes and the upside of + // allowing the same dynamic upstream (name + port combination) + // to be used multiple times with different ip versions. + // + // It also forced a cache-miss if a previously cached dynamic + // upstream changes its ip version, e.g. after a config reload, + // while keeping the cache-invalidation as simple as it currently is. + var ipVersion string + switch { + case resolveIpv4 && !resolveIpv6: + ipVersion = "ip4" + case !resolveIpv4 && resolveIpv6: + ipVersion = "ip6" + default: + ipVersion = "ip" + } + + auStr := repl.ReplaceAll(au.String()+ipVersion, "") // first, use a cheap read-lock to return a cached result quickly aAaaaMu.RLock() @@ -311,7 +343,7 @@ func (au AUpstreams) GetUpstreams(r *http.Request) ([]*Upstream, error) { name := repl.ReplaceAll(au.Name, "") port := repl.ReplaceAll(au.Port, "") - ips, err := au.resolver.LookupIPAddr(r.Context(), name) + ips, err := au.resolver.LookupIP(r.Context(), ipVersion, name) if err != nil { return nil, err } From f6bab8ba85b231ea0930282e684c0040001059e6 Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Mon, 27 Feb 2023 13:58:27 -0500 Subject: [PATCH 0936/1498] context: Rename func to `AppIfConfigured` (#5397) --- context.go | 19 ++++++++++++------- modules/caddypki/adminapi.go | 16 +++++----------- 2 files changed, 17 insertions(+), 18 deletions(-) diff --git a/context.go b/context.go index c585aa55..fcefad19 100644 --- a/context.go +++ b/context.go @@ -426,15 +426,20 @@ func (ctx Context) App(name string) (any, error) { return modVal, nil } -// AppIsConfigured returns whether an app named name has been -// configured. Can be called before calling App() to avoid +// AppIfConfigured returns an app by its name if it has been +// configured. Can be called instead of App() to avoid // instantiating an empty app when that's not desirable. -func (ctx Context) AppIsConfigured(name string) bool { - if _, ok := ctx.cfg.apps[name]; ok { - return true +func (ctx Context) AppIfConfigured(name string) (any, error) { + app, ok := ctx.cfg.apps[name] + if !ok || app == nil { + return nil, nil } - appRaw := ctx.cfg.AppsRaw[name] - return appRaw != nil + + appModule, err := ctx.App(name) + if err != nil { + return nil, err + } + return appModule, nil } // Storage returns the configured Caddy storage implementation. diff --git a/modules/caddypki/adminapi.go b/modules/caddypki/adminapi.go index f03c6b63..cab7c703 100644 --- a/modules/caddypki/adminapi.go +++ b/modules/caddypki/adminapi.go @@ -49,20 +49,14 @@ func (a *adminAPI) Provision(ctx caddy.Context) error { a.ctx = ctx a.log = ctx.Logger(a) // TODO: passing in 'a' is a hack until the admin API is officially extensible (see #5032) - // First check if the PKI app was configured, because - // a.ctx.App() has the side effect of instantiating - // and provisioning an app even if it wasn't configured. - pkiAppConfigured := a.ctx.AppIsConfigured("pki") - if !pkiAppConfigured { - return nil - } - - // Load the PKI app, so we can query it for information. - appModule, err := a.ctx.App("pki") + // Avoid initializing PKI if it wasn't configured + pkiApp, err := a.ctx.AppIfConfigured("pki") if err != nil { return err } - a.pkiApp = appModule.(*PKI) + if pkiApp != nil { + a.pkiApp = pkiApp.(*PKI) + } return nil } From 85375861f6a903da9af8aa665552a6546d075c9f Mon Sep 17 00:00:00 2001 From: Francis Lavoie Date: Thu, 2 Mar 2023 11:01:54 -0500 Subject: [PATCH 0937/1498] caddyhttp: Fix `vars_regexp` matcher with placeholders (#5408) Changed to match the `vars` matcher's logic for handling placeholders --- modules/caddyhttp/vars.go | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/modules/caddyhttp/vars.go b/modules/caddyhttp/vars.go index b4e1d897..d2d7f62c 100644 --- a/modules/caddyhttp/vars.go +++ b/modules/caddyhttp/vars.go @@ -255,9 +255,18 @@ func (m MatchVarsRE) Provision(ctx caddy.Context) error { func (m MatchVarsRE) Match(r *http.Request) bool { vars := r.Context().Value(VarsCtxKey).(map[string]any) repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) - for k, rm := range m { + for key, val := range m { + var varValue any + if strings.HasPrefix(key, "{") && + strings.HasSuffix(key, "}") && + strings.Count(key, "{") == 1 { + varValue, _ = repl.Get(strings.Trim(key, "{}")) + } else { + varValue = vars[key] + } + var varStr string - switch vv := vars[k].(type) { + switch vv := varValue.(type) { case string: varStr = vv case fmt.Stringer: @@ -267,13 +276,9 @@ func (m MatchVarsRE) Match(r *http.Request) bool { default: varStr = fmt.Sprintf("%v", vv) } - valExpanded := repl.ReplaceAll(varStr, "") - if match := rm.Match(valExpanded, repl); match { - return match - } - replacedVal := repl.ReplaceAll(k, "") - if match := rm.Match(replacedVal, repl); match { + valExpanded := repl.ReplaceAll(varStr, "") + if match := val.Match(valExpanded, repl); match { return match } } From 99d47050e97a8ccac2aad3bda46be46d4fec85ed Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Thu, 2 Mar 2023 21:00:18 -0700 Subject: [PATCH 0938/1498] core: Eliminate unnecessary shutdown delay on Unix (#5413) * core: Eliminate unnecessary shutdown delay on Unix Fix #5393, alternate to #5405 * Comments, cleanup, adjust logs * Fix build constraint --- go.mod | 2 +- listen.go | 5 +---- listen_unix.go | 36 +++++++++++++++++++++++++++++++----- modules/caddyhttp/app.go | 6 +++--- 4 files changed, 36 insertions(+), 13 deletions(-) diff --git a/go.mod b/go.mod index 4a5dc864..1b6dbb92 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/caddyserver/caddy/v2 -go 1.18 +go 1.19 require ( github.com/BurntSushi/toml v1.2.1 diff --git a/listen.go b/listen.go index 1ca16874..e0d67c6a 100644 --- a/listen.go +++ b/listen.go @@ -12,10 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -// TODO: Go 1.19 introduced the "unix" build tag. We have to support Go 1.18 until Go 1.20 is released. -// When Go 1.19 is our minimum, change this build tag to simply "!unix". -// (see similar change needed in listen_unix.go) -//go:build !(aix || android || darwin || dragonfly || freebsd || hurd || illumos || ios || linux || netbsd || openbsd || solaris) +//go:build !unix package caddy diff --git a/listen_unix.go b/listen_unix.go index 7ea67452..50d9a66d 100644 --- a/listen_unix.go +++ b/listen_unix.go @@ -12,10 +12,10 @@ // See the License for the specific language governing permissions and // limitations under the License. -// TODO: Go 1.19 introduced the "unix" build tag. We have to support Go 1.18 until Go 1.20 is released. -// When Go 1.19 is our minimum, remove this build tag, since "_unix" in the filename will do this. -// (see also change needed in listen.go) -//go:build aix || android || darwin || dragonfly || freebsd || hurd || illumos || ios || linux || netbsd || openbsd || solaris +// Even though the filename ends in _unix.go, we still have to specify the +// build constraint here, because the filename convention only works for +// literal GOOS values, and "unix" is a shortcut unique to build tags. +//go:build unix package caddy @@ -98,7 +98,19 @@ func listenTCPOrUnix(ctx context.Context, lnKey string, network, address string, } return reusePort(network, address, c) } - return config.Listen(ctx, network, address) + + // even though SO_REUSEPORT lets us bind the socket multiple times, + // we still put it in the listenerPool so we can count how many + // configs are using this socket; necessary to ensure we can know + // whether to enforce shutdown delays, for example (see #5393). + ln, err := config.Listen(ctx, network, address) + if err == nil { + listenerPool.LoadOrStore(lnKey, nil) + } + + // lightly wrap the listener so that when it is closed, + // we can decrement the usage pool counter + return deleteListener{ln, lnKey}, err } // reusePort sets SO_REUSEPORT. Ineffective for unix sockets. @@ -116,3 +128,17 @@ func reusePort(network, address string, conn syscall.RawConn) error { } }) } + +// deleteListener is a type that simply deletes itself +// from the listenerPool when it closes. It is used +// solely for the purpose of reference counting (i.e. +// counting how many configs are using a given socket). +type deleteListener struct { + net.Listener + lnKey string +} + +func (dl deleteListener) Close() error { + _, _ = listenerPool.Delete(dl.lnKey) + return dl.Listener.Close() +} diff --git a/modules/caddyhttp/app.go b/modules/caddyhttp/app.go index 36a4011b..670185a1 100644 --- a/modules/caddyhttp/app.go +++ b/modules/caddyhttp/app.go @@ -517,7 +517,7 @@ func (app *App) Stop() error { // honor scheduled/delayed shutdown time if delay { - app.logger.Debug("shutdown scheduled", + app.logger.Info("shutdown scheduled", zap.Duration("delay_duration", time.Duration(app.ShutdownDelay)), zap.Time("time", scheduledTime)) time.Sleep(time.Duration(app.ShutdownDelay)) @@ -528,9 +528,9 @@ func (app *App) Stop() error { var cancel context.CancelFunc ctx, cancel = context.WithTimeout(ctx, time.Duration(app.GracePeriod)) defer cancel() - app.logger.Debug("servers shutting down; grace period initiated", zap.Duration("duration", time.Duration(app.GracePeriod))) + app.logger.Info("servers shutting down; grace period initiated", zap.Duration("duration", time.Duration(app.GracePeriod))) } else { - app.logger.Debug("servers shutting down with eternal grace period") + app.logger.Info("servers shutting down with eternal grace period") } // goroutines aren't guaranteed to be scheduled right away, From 94d41a9d86d6ca2d2d001183a62d762ee045094f Mon Sep 17 00:00:00 2001 From: esell Date: Fri, 3 Mar 2023 14:45:17 -0700 Subject: [PATCH 0939/1498] fileserver: Remove trailing slash on fs filenames (#5417) --- modules/caddyhttp/fileserver/staticfiles.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/caddyhttp/fileserver/staticfiles.go b/modules/caddyhttp/fileserver/staticfiles.go index c0fde660..0459b3ac 100644 --- a/modules/caddyhttp/fileserver/staticfiles.go +++ b/modules/caddyhttp/fileserver/staticfiles.go @@ -250,7 +250,8 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request, next c root := repl.ReplaceAll(fsrv.Root, ".") - filename := caddyhttp.SanitizedPathJoin(root, r.URL.Path) + // remove any trailing `/` as it breaks fs.ValidPath() in the stdlib + filename := strings.TrimSuffix(caddyhttp.SanitizedPathJoin(root, r.URL.Path), "/") fsrv.logger.Debug("sanitized path join", zap.String("site_root", root), From b3f0cea2c31f6137cd1604ba31afffdbfc8b70ee Mon Sep 17 00:00:00 2001 From: WeidiDeng Date: Tue, 7 Mar 2023 00:13:48 +0800 Subject: [PATCH 0940/1498] encode: flush status code when hijacked. (#5419) --- modules/caddyhttp/encode/encode.go | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/modules/caddyhttp/encode/encode.go b/modules/caddyhttp/encode/encode.go index e3a6267d..8a6fc106 100644 --- a/modules/caddyhttp/encode/encode.go +++ b/modules/caddyhttp/encode/encode.go @@ -20,9 +20,11 @@ package encode import ( + "bufio" "fmt" "io" "math" + "net" "net/http" "sort" "strconv" @@ -212,6 +214,18 @@ func (rw *responseWriter) Flush() { rw.HTTPInterfaces.Flush() } +// Hijack implements http.Hijacker. It will flush status code if set. We don't track actual hijacked +// status assuming http middlewares will track its status. +func (rw *responseWriter) Hijack() (net.Conn, *bufio.ReadWriter, error) { + if !rw.wroteHeader { + if rw.statusCode != 0 { + rw.HTTPInterfaces.WriteHeader(rw.statusCode) + } + rw.wroteHeader = true + } + return rw.HTTPInterfaces.Hijack() +} + // Write writes to the response. If the response qualifies, // it is encoded using the encoder, which is initialized // if not done so already. From c05e3898b924c3434ee17e9e50cde2bc498e9f88 Mon Sep 17 00:00:00 2001 From: Marten Seemann Date: Thu, 9 Mar 2023 07:58:31 -0800 Subject: [PATCH 0941/1498] caddyhttp: Enable 0-RTT QUIC (#5425) --- listeners.go | 1 + 1 file changed, 1 insertion(+) diff --git a/listeners.go b/listeners.go index f9221444..7c5401a6 100644 --- a/listeners.go +++ b/listeners.go @@ -441,6 +441,7 @@ func ListenQUIC(ln net.PacketConn, tlsConf *tls.Config, activeRequests *int64) ( sharedEarlyListener, _, err := listenerPool.LoadOrNew(lnKey, func() (Destructor, error) { earlyLn, err := quic.ListenEarly(ln, http3.ConfigureTLSConfig(tlsConf), &quic.Config{ + Allow0RTT: func(net.Addr) bool { return true }, RequireAddressValidation: func(clientAddr net.Addr) bool { var highLoad bool if activeRequests != nil { From b420561737e4589affbfe08c0acf7dcb593381d0 Mon Sep 17 00:00:00 2001 From: Chris Reeves Date: Thu, 9 Mar 2023 16:02:35 +0000 Subject: [PATCH 0942/1498] tracing: Support autoprop from OTEL_PROPAGATORS (#5147) Co-authored-by: Matt Holt --- go.sum | 3 ++- modules/caddyhttp/tracing/tracer.go | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/go.sum b/go.sum index 4dde45d0..96ca028b 100644 --- a/go.sum +++ b/go.sum @@ -740,8 +740,9 @@ go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU= -go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= +go.uber.org/multierr v1.8.0 h1:dg6GjLku4EH+249NNmoIciG9N/jURbDG+pFlTkhzIC8= +go.uber.org/multierr v1.8.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak= go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= diff --git a/modules/caddyhttp/tracing/tracer.go b/modules/caddyhttp/tracing/tracer.go index d113a567..cb727430 100644 --- a/modules/caddyhttp/tracing/tracer.go +++ b/modules/caddyhttp/tracing/tracer.go @@ -6,9 +6,9 @@ import ( "net/http" "github.com/caddyserver/caddy/v2" - "github.com/caddyserver/caddy/v2/modules/caddyhttp" "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp" + "go.opentelemetry.io/contrib/propagators/autoprop" "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc" "go.opentelemetry.io/otel/propagation" "go.opentelemetry.io/otel/sdk/resource" @@ -62,7 +62,7 @@ func newOpenTelemetryWrapper( return ot, fmt.Errorf("creating trace exporter error: %w", err) } - ot.propagators = propagation.NewCompositeTextMapPropagator(propagation.TraceContext{}, propagation.Baggage{}) + ot.propagators = autoprop.NewTextMapPropagator() tracerProvider := globalTracerProvider.getTracerProvider( sdktrace.WithBatcher(traceExporter), From 9e943319b4ba2120e1f862f6615afb3c99e3a81e Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Thu, 9 Mar 2023 10:33:25 -0700 Subject: [PATCH 0943/1498] go.mod: Upgrade dependencies --- go.mod | 67 ++++++++++++---------- go.sum | 174 +++++++++++++++++++++++++++++---------------------------- 2 files changed, 125 insertions(+), 116 deletions(-) diff --git a/go.mod b/go.mod index 1b6dbb92..361cc13e 100644 --- a/go.mod +++ b/go.mod @@ -12,29 +12,30 @@ require ( github.com/go-chi/chi v4.1.2+incompatible github.com/google/cel-go v0.13.0 github.com/google/uuid v1.3.0 - github.com/klauspost/compress v1.15.15 + github.com/klauspost/compress v1.16.0 github.com/klauspost/cpuid/v2 v2.2.4 github.com/mholt/acmez v1.1.0 github.com/prometheus/client_golang v1.14.0 github.com/quic-go/quic-go v0.33.0 github.com/smallstep/certificates v0.23.2 - github.com/smallstep/nosql v0.5.0 + github.com/smallstep/nosql v0.6.0 github.com/smallstep/truststore v0.12.1 github.com/spf13/cobra v1.6.1 github.com/spf13/pflag v1.0.5 github.com/tailscale/tscert v0.0.0-20230124224810-c6dc1f4049b2 github.com/yuin/goldmark v1.5.4 github.com/yuin/goldmark-highlighting/v2 v2.0.0-20220924101305-151362477c87 - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.39.0 - go.opentelemetry.io/otel v1.13.0 - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.4.0 - go.opentelemetry.io/otel/sdk v1.13.0 + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.40.0 + go.opentelemetry.io/contrib/propagators/autoprop v0.40.0 + go.opentelemetry.io/otel v1.14.0 + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.14.0 + go.opentelemetry.io/otel/sdk v1.14.0 go.uber.org/zap v1.24.0 - golang.org/x/crypto v0.5.0 - golang.org/x/net v0.7.0 + golang.org/x/crypto v0.7.0 + golang.org/x/net v0.8.0 golang.org/x/sync v0.1.0 - golang.org/x/term v0.5.0 - google.golang.org/genproto v0.0.0-20230202175211-008b39050e57 + golang.org/x/term v0.6.0 + google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4 gopkg.in/natefinch/lumberjack.v2 v2.2.1 gopkg.in/yaml.v3 v3.0.1 ) @@ -46,12 +47,17 @@ require ( github.com/golang/glog v1.0.0 // indirect github.com/golang/mock v1.6.0 // indirect github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 // indirect github.com/onsi/ginkgo/v2 v2.2.0 // indirect github.com/quic-go/qpack v0.4.0 // indirect github.com/quic-go/qtls-go1-19 v0.2.1 // indirect github.com/quic-go/qtls-go1-20 v0.1.1 // indirect github.com/rogpeppe/go-internal v1.9.0 // indirect github.com/x448/float16 v0.8.4 // indirect + go.opentelemetry.io/contrib/propagators/aws v1.15.0 // indirect + go.opentelemetry.io/contrib/propagators/b3 v1.15.0 // indirect + go.opentelemetry.io/contrib/propagators/jaeger v1.15.0 // indirect + go.opentelemetry.io/contrib/propagators/ot v1.15.0 // indirect golang.org/x/exp v0.0.0-20221205204356-47842c84f3db // indirect ) @@ -62,9 +68,9 @@ require ( github.com/Masterminds/semver/v3 v3.2.0 // indirect github.com/antlr/antlr4/runtime/Go/antlr v1.4.10 // indirect github.com/beorn7/perks v1.0.1 // indirect - github.com/cenkalti/backoff/v4 v4.1.2 // indirect + github.com/cenkalti/backoff/v4 v4.2.0 // indirect github.com/cespare/xxhash v1.1.0 // indirect - github.com/cespare/xxhash/v2 v2.1.2 // indirect + github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e // indirect github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect github.com/dgraph-io/badger v1.6.2 // indirect @@ -77,22 +83,21 @@ require ( github.com/go-logfmt/logfmt v0.5.1 // indirect github.com/go-logr/logr v1.2.3 // indirect github.com/go-logr/stdr v1.2.2 // indirect - github.com/go-sql-driver/mysql v1.6.0 // indirect + github.com/go-sql-driver/mysql v1.7.0 // indirect github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect github.com/golang/protobuf v1.5.2 // indirect github.com/golang/snappy v0.0.4 // indirect - github.com/grpc-ecosystem/grpc-gateway v1.16.0 // indirect github.com/huandu/xstrings v1.3.3 // indirect github.com/imdario/mergo v0.3.12 // indirect github.com/inconshreveable/mousetrap v1.0.1 // indirect github.com/jackc/chunkreader/v2 v2.0.1 // indirect - github.com/jackc/pgconn v1.13.0 // indirect + github.com/jackc/pgconn v1.14.0 // indirect github.com/jackc/pgio v1.0.0 // indirect github.com/jackc/pgpassfile v1.0.0 // indirect - github.com/jackc/pgproto3/v2 v2.3.1 // indirect - github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b // indirect - github.com/jackc/pgtype v1.12.0 // indirect - github.com/jackc/pgx/v4 v4.17.2 // indirect + github.com/jackc/pgproto3/v2 v2.3.2 // indirect + github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a // indirect + github.com/jackc/pgtype v1.14.0 // indirect + github.com/jackc/pgx/v4 v4.18.0 // indirect github.com/libdns/libdns v0.2.1 // indirect github.com/manifoldco/promptui v0.9.0 // indirect github.com/mattn/go-colorable v0.1.8 // indirect @@ -117,23 +122,23 @@ require ( github.com/spf13/cast v1.4.1 // indirect github.com/stoewer/go-strcase v1.2.0 // indirect github.com/urfave/cli v1.22.12 // indirect - go.etcd.io/bbolt v1.3.6 // indirect + go.etcd.io/bbolt v1.3.7 // indirect go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 // indirect - go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.4.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.4.0 // indirect - go.opentelemetry.io/otel/metric v0.36.0 // indirect - go.opentelemetry.io/otel/trace v1.13.0 // indirect - go.opentelemetry.io/proto/otlp v0.12.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.14.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.14.0 // indirect + go.opentelemetry.io/otel/metric v0.37.0 // indirect + go.opentelemetry.io/otel/trace v1.14.0 // indirect + go.opentelemetry.io/proto/otlp v0.19.0 // indirect go.step.sm/cli-utils v0.7.5 // indirect go.step.sm/crypto v0.23.2 go.step.sm/linkedca v0.19.0 // indirect go.uber.org/atomic v1.9.0 // indirect - go.uber.org/multierr v1.6.0 // indirect - golang.org/x/mod v0.6.0 // indirect - golang.org/x/sys v0.5.0 - golang.org/x/text v0.7.0 // indirect - golang.org/x/tools v0.2.0 // indirect - google.golang.org/grpc v1.52.3 // indirect + go.uber.org/multierr v1.9.0 // indirect + golang.org/x/mod v0.8.0 // indirect + golang.org/x/sys v0.6.0 + golang.org/x/text v0.8.0 // indirect + golang.org/x/tools v0.6.0 // indirect + google.golang.org/grpc v1.53.0 // indirect google.golang.org/protobuf v1.28.1 // indirect gopkg.in/square/go-jose.v2 v2.6.0 // indirect howett.net/plist v1.0.0 // indirect diff --git a/go.sum b/go.sum index 96ca028b..c7c79d91 100644 --- a/go.sum +++ b/go.sum @@ -13,19 +13,19 @@ cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKV cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= -cloud.google.com/go v0.107.0 h1:qkj22L7bgkl6vIeZDlOY2po43Mx/TIa2Wsa7VR+PEww= +cloud.google.com/go v0.110.0 h1:Zc8gqp3+a9/Eyph2KDmcGaPtbKRIoqq4YTlL4NMD0Ys= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= -cloud.google.com/go/compute v1.14.0 h1:hfm2+FfxVmnRlh6LpB7cg1ZNU+5edAHmW679JePztk0= +cloud.google.com/go/compute v1.18.0 h1:FEigFqoDbys2cvFkZ9Fjq4gnHBP55anJ0yQyau2f9oY= cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/iam v0.8.0 h1:E2osAkZzxI/+8pZcxVLcDtAQx/u+hZXVryUaYQ5O0Kk= -cloud.google.com/go/kms v1.8.0 h1:VrJLOsMRzW7IqTTYn+OYupqF3iKSE060Nrn+PECrYjg= +cloud.google.com/go/iam v0.12.0 h1:DRtTY29b75ciH6Ov1PHb4/iat2CLCvrOm40Q0a6DFpE= +cloud.google.com/go/kms v1.9.0 h1:b0votJQa/9DSsxgHwN33/tTLA7ZHVzfWhDCrfiXijSo= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= @@ -101,14 +101,15 @@ github.com/caddyserver/certmagic v0.17.2 h1:o30seC1T/dBqBCNNGNHWwj2i5/I/FMjBbTAh github.com/caddyserver/certmagic v0.17.2/go.mod h1:ouWUuC490GOLJzkyN35eXfV8bSbwMwSf4bdhkIxtdQE= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= -github.com/cenkalti/backoff/v4 v4.1.2 h1:6Yo7N8UP2K6LWZnW94DLVSSrbobcWdVzAYOisuDPIFo= -github.com/cenkalti/backoff/v4 v4.1.2/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw= +github.com/cenkalti/backoff/v4 v4.2.0 h1:HN5dHm3WBOgndBH6E8V0q2jIYIR3s9yglV8k/+MN3u4= +github.com/cenkalti/backoff/v4 v4.2.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE= github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= +github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chzyer/logex v1.1.10 h1:Swpa1K6QvQznwJRcfTfQJmTE72DqScAa40E+fbHEXEE= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e h1:fY5BOSpyZCqRo5OhCuC+XN+r/bBCmeuuJtjz+bCNIf8= @@ -120,6 +121,7 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI= +github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= @@ -171,6 +173,7 @@ github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymF github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= +github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= @@ -205,9 +208,8 @@ github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbV github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= -github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= -github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE= -github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= +github.com/go-sql-driver/mysql v1.7.0 h1:ueSltNNllEqE3qcWBTD0iQd3IpL/6U+mJxLkazJ7YPc= +github.com/go-sql-driver/mysql v1.7.0/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI= github.com/go-stack/stack v1.6.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-stack/stack v1.8.0 h1:5SgMzNM5HxrEjV0ww2lTmX6E2Izsfxas4+YHWRs3Lsk= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= @@ -271,7 +273,7 @@ github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= +github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= @@ -306,8 +308,9 @@ github.com/groob/finalizer v0.0.0-20170707115354-4c2ed49aabda/go.mod h1:MyndkAZd github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= -github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 h1:BZHcxBETFHIdVyhyEfOvn/RdU/QGdLI4y34qQGjGWO0= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks= github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE= github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -355,9 +358,8 @@ github.com/jackc/pgconn v0.0.0-20190831204454-2fabfa3c18b7/go.mod h1:ZJKsE/KZfsU github.com/jackc/pgconn v1.8.0/go.mod h1:1C2Pb36bGIP9QHGBYCjnyhqu7Rv3sGshaQUvmfGIB/o= github.com/jackc/pgconn v1.9.0/go.mod h1:YctiPyvzfU11JFxoXokUOOKQXQmDMoJL9vJzHH8/2JY= github.com/jackc/pgconn v1.9.1-0.20210724152538-d89c8390a530/go.mod h1:4z2w8XhRbP1hYxkpTuBjTS3ne3J48K83+u0zoyvg2pI= -github.com/jackc/pgconn v1.10.1/go.mod h1:4z2w8XhRbP1hYxkpTuBjTS3ne3J48K83+u0zoyvg2pI= -github.com/jackc/pgconn v1.13.0 h1:3L1XMNV2Zvca/8BYhzcRFS70Lr0WlDg16Di6SFGAbys= -github.com/jackc/pgconn v1.13.0/go.mod h1:AnowpAqO4CMIIJNZl2VJp+KrkAZciAkhEl0W0JIobpI= +github.com/jackc/pgconn v1.14.0 h1:vrbA9Ud87g6JdFWkHTJXppVce58qPIdP7N8y0Ml/A7Q= +github.com/jackc/pgconn v1.14.0/go.mod h1:9mBNlny0UvkgJdCDvdVHYSjI+8tD2rnKK69Wz8ti++E= github.com/jackc/pgio v1.0.0 h1:g12B9UwVnzGhueNavwioyEEpAmqMe1E/BN9ES+8ovkE= github.com/jackc/pgio v1.0.0/go.mod h1:oP+2QK2wFfUWgr+gxjoBH9KGBb31Eio69xUb0w5bYf8= github.com/jackc/pgmock v0.0.0-20190831213851-13a1b77aafa2/go.mod h1:fGZlG77KXmcq05nJLRkk0+p82V8B8Dw8KN2/V9c/OAE= @@ -373,29 +375,26 @@ github.com/jackc/pgproto3/v2 v2.0.0-rc3/go.mod h1:ryONWYqW6dqSg1Lw6vXNMXoBJhpzvW github.com/jackc/pgproto3/v2 v2.0.0-rc3.0.20190831210041-4c03ce451f29/go.mod h1:ryONWYqW6dqSg1Lw6vXNMXoBJhpzvWKnT95C46ckYeM= github.com/jackc/pgproto3/v2 v2.0.6/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= github.com/jackc/pgproto3/v2 v2.1.1/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= -github.com/jackc/pgproto3/v2 v2.2.0/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= -github.com/jackc/pgproto3/v2 v2.3.1 h1:nwj7qwf0S+Q7ISFfBndqeLwSwxs+4DPsbRFjECT1Y4Y= -github.com/jackc/pgproto3/v2 v2.3.1/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= -github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b h1:C8S2+VttkHFdOOCXJe+YGfa4vHYwlt4Zx+IVXQ97jYg= +github.com/jackc/pgproto3/v2 v2.3.2 h1:7eY55bdBeCz1F2fTzSz69QC+pG46jYq9/jtSPiJ5nn0= +github.com/jackc/pgproto3/v2 v2.3.2/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b/go.mod h1:vsD4gTJCa9TptPL8sPkXrLZ+hDuNrZCnj29CQpr4X1E= +github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a h1:bbPeKD0xmW/Y25WS6cokEszi5g+S0QxI/d45PkRi7Nk= +github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM= github.com/jackc/pgtype v0.0.0-20190421001408-4ed0de4755e0/go.mod h1:hdSHsc1V01CGwFsrv11mJRHWJ6aifDLfdV3aVjFF0zg= github.com/jackc/pgtype v0.0.0-20190824184912-ab885b375b90/go.mod h1:KcahbBH1nCMSo2DXpzsoWOAfFkdEtEJpPbVLq8eE+mc= github.com/jackc/pgtype v0.0.0-20190828014616-a8802b16cc59/go.mod h1:MWlu30kVJrUS8lot6TQqcg7mtthZ9T0EoIBFiJcmcyw= github.com/jackc/pgtype v1.8.1-0.20210724151600-32e20a603178/go.mod h1:C516IlIV9NKqfsMCXTdChteoXmwgUceqaLfjg2e3NlM= -github.com/jackc/pgtype v1.9.0/go.mod h1:LUMuVrfsFfdKGLw+AFFVv6KtHOFMwRgDDzBt76IqCA4= -github.com/jackc/pgtype v1.12.0 h1:Dlq8Qvcch7kiehm8wPGIW0W3KsCCHJnRacKW0UM8n5w= -github.com/jackc/pgtype v1.12.0/go.mod h1:LUMuVrfsFfdKGLw+AFFVv6KtHOFMwRgDDzBt76IqCA4= +github.com/jackc/pgtype v1.14.0 h1:y+xUdabmyMkJLyApYuPj38mW+aAIqCe5uuBB51rH3Vw= +github.com/jackc/pgtype v1.14.0/go.mod h1:LUMuVrfsFfdKGLw+AFFVv6KtHOFMwRgDDzBt76IqCA4= github.com/jackc/pgx/v4 v4.0.0-20190420224344-cc3461e65d96/go.mod h1:mdxmSJJuR08CZQyj1PVQBHy9XOp5p8/SHH6a0psbY9Y= github.com/jackc/pgx/v4 v4.0.0-20190421002000-1b8f0016e912/go.mod h1:no/Y67Jkk/9WuGR0JG/JseM9irFbnEPbuWV2EELPNuM= github.com/jackc/pgx/v4 v4.0.0-pre1.0.20190824185557-6972a5742186/go.mod h1:X+GQnOEnf1dqHGpw7JmHqHc1NxDoalibchSk9/RWuDc= github.com/jackc/pgx/v4 v4.12.1-0.20210724153913-640aa07df17c/go.mod h1:1QD0+tgSXP7iUjYm9C1NxKhny7lq6ee99u/z+IHFcgs= -github.com/jackc/pgx/v4 v4.14.0/go.mod h1:jT3ibf/A0ZVCp89rtCIN0zCJxcE74ypROmHEZYsG/j8= -github.com/jackc/pgx/v4 v4.17.2 h1:0Ut0rpeKwvIVbMQ1KbMBU4h6wxehBI535LK6Flheh8E= -github.com/jackc/pgx/v4 v4.17.2/go.mod h1:lcxIZN44yMIrWI78a5CpucdD14hX0SBDbNRvjDBItsw= +github.com/jackc/pgx/v4 v4.18.0 h1:Ltaa1ePvc7msFGALnCrqKJVEByu/qYh5jJBYcDtAno4= +github.com/jackc/pgx/v4 v4.18.0/go.mod h1:FydWkUyadDmdNH/mHnGob881GawxeEm7TcMCzkb+qQE= github.com/jackc/puddle v0.0.0-20190413234325-e4ced69a3a2b/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jackc/puddle v0.0.0-20190608224051-11cab39313c9/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jackc/puddle v1.1.3/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= -github.com/jackc/puddle v1.2.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jackc/puddle v1.3.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= @@ -416,8 +415,8 @@ github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8 github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.12.3/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= -github.com/klauspost/compress v1.15.15 h1:EF27CXIuDsYJ6mmvtBRlEuB2UVOqHG1tAXgZ7yIO+lw= -github.com/klauspost/compress v1.15.15/go.mod h1:ZcK2JAFqKOpnBlxcLsJzYfrS9X1akm9fHZNnD9+Vo/4= +github.com/klauspost/compress v1.16.0 h1:iULayQNOReoYUe+1qtKOqw9CwJv3aNQu8ivo7lw1HU4= +github.com/klauspost/compress v1.16.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= github.com/klauspost/cpuid/v2 v2.2.4 h1:acbojRNwl3o09bUq+yDCtZFc1aiwaAAxtcn8YkZXnvk= github.com/klauspost/cpuid/v2 v2.2.4/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -609,13 +608,12 @@ github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0 github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/slackhq/nebula v1.6.1 h1:/OCTR3abj0Sbf2nGoLUrdDXImrCv0ZVFpVPP5qa0DsM= github.com/slackhq/nebula v1.6.1/go.mod h1:UmkqnXe4O53QwToSl/gG7sM4BroQwAB7dd4hUaT6MlI= -github.com/smallstep/assert v0.0.0-20180720014142-de77670473b5/go.mod h1:TC9A4+RjIOS+HyTH7wG17/gSqVv95uDw2J64dQZx7RE= github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262 h1:unQFBIznI+VYD1/1fApl1A+9VcBk+9dcqGfnePY87LY= github.com/smallstep/assert v0.0.0-20200723003110-82e2b9b3b262/go.mod h1:MyOHs9Po2fbM1LHej6sBUT8ozbxmMOFG+E+rx/GSGuc= github.com/smallstep/certificates v0.23.2 h1:7KSx9WfZ3CILV0XlsTrl+PK58YE4CHSgqobB6+ieQWs= github.com/smallstep/certificates v0.23.2/go.mod h1:YuQAlNuYrRA5z+meSH9D0XsUFH45TyAhNgyV5kYuQpQ= -github.com/smallstep/nosql v0.5.0 h1:1BPyHy8bha8qSaxgULGEdqhXpNFXimAfudnauFVqmxw= -github.com/smallstep/nosql v0.5.0/go.mod h1:yKZT5h7cdIVm6wEKM9+jN5dgK80Hljpuy8HNsnI7Gzo= +github.com/smallstep/nosql v0.6.0 h1:ur7ysI8s9st0cMXnTvB8tA3+x5Eifmkb6hl4uqNV5jc= +github.com/smallstep/nosql v0.6.0/go.mod h1:jOXwLtockXORUPPZ2MCUcIkGR6w0cN1QGZniY9DITQA= github.com/smallstep/truststore v0.12.1 h1:guLUKkc1UlsXeS3t6BuVMa4leOOpdiv02PCRTiy1WdY= github.com/smallstep/truststore v0.12.1/go.mod h1:M4mebeNy28KusGX3lJxpLARIktLcyqBOrj3ZiZ46pqw= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= @@ -657,8 +655,8 @@ github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8= github.com/tailscale/tscert v0.0.0-20230124224810-c6dc1f4049b2 h1:TrgfmCXwtWyFw85UkRGXt9qZRzdzt3nWt2Rerdecn0w= github.com/tailscale/tscert v0.0.0-20230124224810-c6dc1f4049b2/go.mod h1:kNGUQ3VESx3VZwRwA9MSCUegIl6+saPL8Noq82ozCaU= github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= @@ -684,9 +682,8 @@ github.com/yuin/goldmark-highlighting/v2 v2.0.0-20220924101305-151362477c87 h1:P github.com/yuin/goldmark-highlighting/v2 v2.0.0-20220924101305-151362477c87/go.mod h1:ovIvrum6DQJA4QsJSovrkC4saKHQVs7TvcaeO8AIl5I= github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q= go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= -go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ= -go.etcd.io/bbolt v1.3.6 h1:/ecaJf0sk1l4l6V4awd65v2C3ILy7MSj+s/x1ADCIMU= -go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4= +go.etcd.io/bbolt v1.3.7 h1:j+zJOnnEjF/kyHlDDgGnVL/AIqIJPq8UoB2GSNfkUfQ= +go.etcd.io/bbolt v1.3.7/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw= go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg= go.mozilla.org/pkcs7 v0.0.0-20210730143726-725912489c62/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk= go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 h1:CCriYyAfq1Br1aIYettdHZTy8mBTIPo7We18TuO/bak= @@ -699,28 +696,35 @@ go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.39.0 h1:vFEBG7SieZJzvnRWQ81jxpuEqe6J8Ex+hgc9CqOTzHc= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.39.0/go.mod h1:9rgTcOKdIhDOC0IcAu8a+R+FChqSUBihKpM1lVNi6T0= -go.opentelemetry.io/otel v1.4.0/go.mod h1:jeAqMFKy2uLIxCtKxoFj0FAL5zAPKQagc3+GtBWakzk= -go.opentelemetry.io/otel v1.13.0 h1:1ZAKnNQKwBBxFtww/GwxNUyTf0AxkZzrukO8MeXqe4Y= -go.opentelemetry.io/otel v1.13.0/go.mod h1:FH3RtdZCzRkJYFTCsAKDy9l/XYjMdNv6QrkFFB8DvVg= -go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.4.0 h1:j7AwzDdAQBJjcqayAaYbvpYeZzII7cEe5qJTu+De6UY= -go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.4.0/go.mod h1:VpP4/RMn8bv8gNo9uK7/IMY4mtWLELsS+JIP0inH0h4= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.4.0 h1:lRpP10E8oTGVmY1nVXcwelCT1Z8ca41/l5ce7AqLAss= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.4.0/go.mod h1:3oS+j2WUoJVyj6/BzQN/52G17lNJDulngsOxDm1w2PY= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.4.0 h1:buSx4AMC/0Z232slPhicN/fU5KIlj0bMngct5pcZhkI= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.4.0/go.mod h1:ew1NcwkHo0QFT3uTm3m2IVZMkZdVIpbOYNPasgWwpdk= -go.opentelemetry.io/otel/metric v0.36.0 h1:t0lgGI+L68QWt3QtOIlqM9gXoxqxWLhZ3R/e5oOAY0Q= -go.opentelemetry.io/otel/metric v0.36.0/go.mod h1:wKVw57sd2HdSZAzyfOM9gTqqE8v7CbqWsYL6AyrH9qk= -go.opentelemetry.io/otel/sdk v1.4.0/go.mod h1:71GJPNJh4Qju6zJuYl1CrYtXbrgfau/M9UAggqiy1UE= -go.opentelemetry.io/otel/sdk v1.13.0 h1:BHib5g8MvdqS65yo2vV1s6Le42Hm6rrw08qU6yz5JaM= -go.opentelemetry.io/otel/sdk v1.13.0/go.mod h1:YLKPx5+6Vx/o1TCUYYs+bpymtkmazOMT6zoRrC7AQ7I= -go.opentelemetry.io/otel/trace v1.4.0/go.mod h1:uc3eRsqDfWs9R7b92xbQbU42/eTNz4N+gLP8qJCi4aE= -go.opentelemetry.io/otel/trace v1.13.0 h1:CBgRZ6ntv+Amuj1jDsMhZtlAPT6gbyIRdaIzFhfBSdY= -go.opentelemetry.io/otel/trace v1.13.0/go.mod h1:muCvmmO9KKpvuXSf3KKAXXB2ygNYHQ+ZfI5X08d3tds= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.40.0 h1:lE9EJyw3/JhrjWH/hEy9FptnalDQgj7vpbgC2KCCCxE= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.40.0/go.mod h1:pcQ3MM3SWvrA71U4GDqv9UFDJ3HQsW7y5ZO3tDTlUdI= +go.opentelemetry.io/contrib/propagators/autoprop v0.40.0 h1:Lj33jj7eIrBfIShiK8NU91u2BglKnUS1UUxVemuQJtw= +go.opentelemetry.io/contrib/propagators/autoprop v0.40.0/go.mod h1:6QO816FeZ+6zahs6hYqbUCCsnNBm7o+t4iwVySpzcdI= +go.opentelemetry.io/contrib/propagators/aws v1.15.0 h1:FLe+bRTMAhEALItDQt1U2S/rdq8/rGGJTJpOpCDvMu0= +go.opentelemetry.io/contrib/propagators/aws v1.15.0/go.mod h1:Z/nqdjqKjErrS3gYoEMZt8//dt8VZbqalD0V+7vh7lM= +go.opentelemetry.io/contrib/propagators/b3 v1.15.0 h1:bMaonPyFcAvZ4EVzkUNkfnUHP5Zi63CIDlA3dRsEg8Q= +go.opentelemetry.io/contrib/propagators/b3 v1.15.0/go.mod h1:VjU0g2v6HSQ+NwfifambSLAeBgevjIcqmceaKWEzl0c= +go.opentelemetry.io/contrib/propagators/jaeger v1.15.0 h1:xdJjwy5t/8I+TZehMMQ+r2h50HREihH2oMUhimQ+jug= +go.opentelemetry.io/contrib/propagators/jaeger v1.15.0/go.mod h1:tU0nwW4QTvKceNUP60/PQm0FI8zDSwey7gIFt3RR/yw= +go.opentelemetry.io/contrib/propagators/ot v1.15.0 h1:iBNejawWy7wWZ5msuZDNcMjBy14Wc0v3gCAXukGHN/Q= +go.opentelemetry.io/contrib/propagators/ot v1.15.0/go.mod h1:0P7QQ+MHt6SXR1ATaMpewSiWlp8NbKErNLKcaU4EEKI= +go.opentelemetry.io/otel v1.14.0 h1:/79Huy8wbf5DnIPhemGB+zEPVwnN6fuQybr/SRXa6hM= +go.opentelemetry.io/otel v1.14.0/go.mod h1:o4buv+dJzx8rohcUeRmWUZhqupFvzWis188WlggnNeU= +go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.14.0 h1:/fXHZHGvro6MVqV34fJzDhi7sHGpX3Ej/Qjmfn003ho= +go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.14.0/go.mod h1:UFG7EBMRdXyFstOwH028U0sVf+AvukSGhF0g8+dmNG8= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.14.0 h1:TKf2uAs2ueguzLaxOCBXNpHxfO/aC7PAdDsSH0IbeRQ= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.14.0/go.mod h1:HrbCVv40OOLTABmOn1ZWty6CHXkU8DK/Urc43tHug70= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.14.0 h1:ap+y8RXX3Mu9apKVtOkM6WSFESLM8K3wNQyOU8sWHcc= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.14.0/go.mod h1:5w41DY6S9gZrbjuq6Y+753e96WfPha5IcsOSZTtullM= +go.opentelemetry.io/otel/metric v0.37.0 h1:pHDQuLQOZwYD+Km0eb657A25NaRzy0a+eLyKfDXedEs= +go.opentelemetry.io/otel/metric v0.37.0/go.mod h1:DmdaHfGt54iV6UKxsV9slj2bBRJcKC1B1uvDLIioc1s= +go.opentelemetry.io/otel/sdk v1.14.0 h1:PDCppFRDq8A1jL9v6KMI6dYesaq+DFcDZvjsoGvxGzY= +go.opentelemetry.io/otel/sdk v1.14.0/go.mod h1:bwIC5TjrNG6QDCHNWvW4HLHtUQ4I+VQDsnjhvyZCALM= +go.opentelemetry.io/otel/trace v1.14.0 h1:wp2Mmvj41tDsyAJXiWDWpfNsOiIyd38fy85pyKcFq/M= +go.opentelemetry.io/otel/trace v1.14.0/go.mod h1:8avnQLK+CG77yNLUae4ea2JDQ6iT+gozhnZjy/rw9G8= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= -go.opentelemetry.io/proto/otlp v0.12.0 h1:CMJ/3Wp7iOWES+CYLfnBv+DVmPbB+kmy9PJ92XvlR6c= -go.opentelemetry.io/proto/otlp v0.12.0/go.mod h1:TsIjwGWIx5VFYv9KGVlOpxoBl5Dy+63SUguV7GGvlSQ= +go.opentelemetry.io/proto/otlp v0.19.0 h1:IVN6GR+mhC4s5yfcTbmzHYODqvWAp3ZedA2SJPI1Nnw= +go.opentelemetry.io/proto/otlp v0.19.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= go.step.sm/cli-utils v0.7.5 h1:jyp6X8k8mN1B0uWJydTid0C++8tQhm2kaaAdXKQQzdk= go.step.sm/cli-utils v0.7.5/go.mod h1:taSsY8haLmXoXM3ZkywIyRmVij/4Aj0fQbNTlJvv71I= go.step.sm/crypto v0.9.0/go.mod h1:+CYG05Mek1YDqi5WK0ERc6cOpKly2i/a5aZmU1sfGj0= @@ -732,17 +736,14 @@ go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= -go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE= go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/goleak v1.1.12 h1:gZAh5/EyT/HQwlpkCy6wTpqfH9H8Lz8zbm3dZh+OyzA= -go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= +go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU= -go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= -go.uber.org/multierr v1.8.0 h1:dg6GjLku4EH+249NNmoIciG9N/jURbDG+pFlTkhzIC8= -go.uber.org/multierr v1.8.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak= +go.uber.org/multierr v1.9.0 h1:7fIwc/ZtS0q++VgcfqFDxSBZVv/Xo49/SYnDFupUwlI= +go.uber.org/multierr v1.9.0/go.mod h1:X2jQV1h+kxSjClGpnseKVIxpmcjrj7MNnI0bnlfKTVQ= go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= @@ -766,10 +767,10 @@ golang.org/x/crypto v0.0.0-20201203163018-be400aefbc4c/go.mod h1:jdWPYTVW3xRLrWP golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= -golang.org/x/crypto v0.5.0 h1:U/0M97KRkSFvyD/3FSmdP5W5swImpNgle/EHFhOsQPE= -golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU= +golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= +golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A= +golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -804,8 +805,8 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.6.0 h1:b9gGHsz9/HhJ3HF5DHQytPpuwocVTChQJK3AvoLRD5I= -golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= +golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8= +golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20170726083632-f5079bd7f6f7/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -845,21 +846,22 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= -golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= -golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= +golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= -golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783 h1:nt+Q6cXKz4MosCSpnbMtqiQ8Oz0pxTef2B4Vca2lvfk= +golang.org/x/oauth2 v0.4.0 h1:NF0gk8LVPg1Ml7SSbGyySuoxdsXitj7TvgvuRxIMc/M= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -919,13 +921,11 @@ golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -938,25 +938,29 @@ golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= -golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw= +golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= +golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -1010,11 +1014,10 @@ golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.2.0 h1:G6AHpWxTMGY1KyEYoAQ5WTtIekUUvDNjan3ugu60JvE= -golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA= +golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM= +golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1078,8 +1081,9 @@ google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7Fc google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20230202175211-008b39050e57 h1:vArvWooPH749rNHpBGgVl+U9B9dATjiEhJzcWGlovNs= -google.golang.org/genproto v0.0.0-20230202175211-008b39050e57/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= +google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4 h1:DdoeryqhaXp1LtT/emMP1BRJPHHKFi5akj/nbx/zNTA= +google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4/go.mod h1:NWraEVixdDnqcqQ30jipen1STv2r/n24Wb7twVTGR4s= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM= @@ -1099,10 +1103,10 @@ google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.43.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= -google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= -google.golang.org/grpc v1.52.3 h1:pf7sOysg4LdgBqduXveGKrcEwbStiK2rtfghdzlUYDQ= -google.golang.org/grpc v1.52.3/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY= +google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= +google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= +google.golang.org/grpc v1.53.0 h1:LAv2ds7cmFV/XTS3XG1NneeENYrXGmorPxsBbptIjNc= +google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= From 6cc3cbbc697d80ae7112c589ce34032f821b4b47 Mon Sep 17 00:00:00 2001 From: Matt Holt Date: Fri, 10 Mar 2023 11:19:31 -0700 Subject: [PATCH 0944/1498] fileserver: New file browse template (#5427) * fileserver: New file browse template * Redo extension/icon logic; minor color tweaks * Fine-tune image display --- modules/caddyhttp/fileserver/browse.go | 10 +- modules/caddyhttp/fileserver/browse.html | 834 ++++++++++++++---- .../caddyhttp/fileserver/browsetplcontext.go | 13 + 3 files changed, 663 insertions(+), 194 deletions(-) diff --git a/modules/caddyhttp/fileserver/browse.go b/modules/caddyhttp/fileserver/browse.go index a8f5e8ab..e1a08942 100644 --- a/modules/caddyhttp/fileserver/browse.go +++ b/modules/caddyhttp/fileserver/browse.go @@ -152,12 +152,20 @@ func (fsrv *FileServer) loadDirectoryContents(ctx context.Context, dir fs.ReadDi // browseApplyQueryParams applies query parameters to the listing. // It mutates the listing and may set cookies. func (fsrv *FileServer) browseApplyQueryParams(w http.ResponseWriter, r *http.Request, listing *browseTemplateContext) { + layoutParam := r.URL.Query().Get("layout") sortParam := r.URL.Query().Get("sort") orderParam := r.URL.Query().Get("order") limitParam := r.URL.Query().Get("limit") offsetParam := r.URL.Query().Get("offset") - // first figure out what to sort by + switch layoutParam { + case "list", "grid", "": + listing.Layout = layoutParam + default: + listing.Layout = "list" + } + + // figure out what to sort by switch sortParam { case "": sortParam = sortByNameDirFirst diff --git a/modules/caddyhttp/fileserver/browse.html b/modules/caddyhttp/fileserver/browse.html index 01537fc6..479ead21 100644 --- a/modules/caddyhttp/fileserver/browse.html +++ b/modules/caddyhttp/fileserver/browse.html @@ -1,3 +1,94 @@ +{{- define "icon"}} + {{- if .IsDir}} + + + + + {{- else if .HasExt ".jpg" ".jpeg" ".png" ".gif" ".webp"}} + + {{- else if .HasExt ".mp4" ".mov" ".mpeg" ".avi" ".ogg" ".webm"}} + + + + + + + + + + + + {{- else if .HasExt ".mp3" ".flac" ".wav" ".wma"}} + + + + + + + + {{- else if .HasExt ".pdf"}} + + + + + + + + {{- else if .HasExt ".txt"}} + + + + + + + + + {{- else if .HasExt ".zip" ".gz" ".xz" ".tar"}} + + + + + + + + + + + + {{- else if .HasExt ".md" ".mdown" ".markdown"}} + + + + + + + {{- else if .HasExt ".go"}} + + + + + + + + + {{- else}} + {{- if .IsSymlink}} + + + + + + + + {{- else}} + + + + + + {{- end}} + {{- end}} +{{- end}} @@ -5,38 +96,72 @@ +{{- if eq .Layout "grid"}} + +{{- end}} - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +

-

- {{range $i, $crumb := .Breadcrumbs}}{{html $crumb.Text}}{{if ne $i 0}}/{{end}}{{end}} -

-
-
-
-
- {{.NumDirs}} director{{if eq 1 .NumDirs}}y{{else}}ies{{end}} - {{.NumFiles}} file{{if ne 1 .NumFiles}}s{{end}} - {{- if ne 0 .Limit}} - (of which only {{.Limit}} are displayed) - {{- end}} - -
+
+
Folder Path
+

+ {{range $i, $crumb := .Breadcrumbs}}{{html $crumb.Text}}{{if ne $i 0}}/{{end}}{{end}} +

-
+ +
+
+
+
+ + {{.NumDirs}} director{{if eq 1 .NumDirs}}y{{else}}ies{{end}} + + + {{.NumFiles}} file{{if ne 1 .NumFiles}}s{{end}} + + {{- if ne 0 .Limit}} + + (of which only {{.Limit}} are displayed) + + {{- end}} +
+ + + + + + + List + + + + + + + + + + Grid + +
+
+ {{- if eq .Layout "grid"}} + {{- range .Items}} +
+ + {{template "icon" .}} +
{{html .Name}}
+
{{.HumanSize}}
+ +
+ {{- end}} + {{- else}} @@ -387,11 +725,15 @@ footer { - - + + {{- end}} @@ -400,54 +742,145 @@ footer { {{- if .IsDir}} - + {{- else}} - + {{- end}} - + {{- end}}
{{- if and (eq .Sort "namedirfirst") (ne .Order "desc")}} - + + + + + + {{- else if and (eq .Sort "namedirfirst") (ne .Order "asc")}} - + + + + + + {{- else}} - + + + + + + {{- end}} {{- if and (eq .Sort "name") (ne .Order "desc")}} - Name + + Name + + + + + {{- else if and (eq .Sort "name") (ne .Order "asc")}} - Name + + Name + + + + + {{- else}} - Name + + Name + {{- end}} + +
+ + + + + + +
{{- if and (eq .Sort "size") (ne .Order "desc")}} - Size + + Size + + + + + {{- else if and (eq .Sort "size") (ne .Order "asc")}} - Size + + Size + + + + + {{- else}} - Size + + Size + {{- end}} {{- if and (eq .Sort "time") (ne .Order "desc")}} - Modified + + Modified + + + + + {{- else if and (eq .Sort "time") (ne .Order "asc")}} - Modified + + Modified + + + + + {{- else}} - Modified + + Modified + {{- end}} - Go up + + + + + Up
- {{- if .IsDir}} - - {{- else}} - - {{- end}} + {{template "icon" .}} {{html .Name}} {{.HumanSize}} +
+
+
+ {{.HumanSize}} +
+
+ 		+ +
+ {{- end}}
-
+
+ +