From 820957f53c8ebb2c831d0c7b2b9f357ed807cd65 Mon Sep 17 00:00:00 2001 From: George Shaw Date: Mon, 22 Jan 2018 17:08:12 -0600 Subject: [PATCH] update dep to remove gorilla/sessions and gorilla/context --- Gopkg.lock | 20 +- vendor/github.com/gorilla/context/.travis.yml | 19 - vendor/github.com/gorilla/context/LICENSE | 27 - vendor/github.com/gorilla/context/README.md | 7 - vendor/github.com/gorilla/context/context.go | 143 ---- .../gorilla/context/context_test.go | 161 ----- vendor/github.com/gorilla/context/doc.go | 82 --- .../gorilla/securecookie/.travis.yml | 18 - .../github.com/gorilla/securecookie/LICENSE | 27 - .../github.com/gorilla/securecookie/README.md | 76 --- vendor/github.com/gorilla/securecookie/doc.go | 61 -- .../github.com/gorilla/securecookie/fuzz.go | 25 - .../gorilla/securecookie/fuzz/gencorpus.go | 47 -- .../gorilla/securecookie/securecookie.go | 646 ------------------ .../gorilla/securecookie/securecookie_test.go | 274 -------- .../github.com/gorilla/sessions/.travis.yml | 22 - vendor/github.com/gorilla/sessions/LICENSE | 27 - vendor/github.com/gorilla/sessions/README.md | 79 --- vendor/github.com/gorilla/sessions/doc.go | 199 ------ vendor/github.com/gorilla/sessions/lex.go | 102 --- .../github.com/gorilla/sessions/sessions.go | 241 ------- .../gorilla/sessions/sessions_test.go | 160 ----- vendor/github.com/gorilla/sessions/store.go | 295 -------- .../github.com/gorilla/sessions/store_test.go | 125 ---- 24 files changed, 1 insertion(+), 2882 deletions(-) delete mode 100644 vendor/github.com/gorilla/context/.travis.yml delete mode 100644 vendor/github.com/gorilla/context/LICENSE delete mode 100644 vendor/github.com/gorilla/context/README.md delete mode 100644 vendor/github.com/gorilla/context/context.go delete mode 100644 vendor/github.com/gorilla/context/context_test.go delete mode 100644 vendor/github.com/gorilla/context/doc.go delete mode 100644 vendor/github.com/gorilla/securecookie/.travis.yml delete mode 100644 vendor/github.com/gorilla/securecookie/LICENSE delete mode 100644 vendor/github.com/gorilla/securecookie/README.md delete mode 100644 vendor/github.com/gorilla/securecookie/doc.go delete mode 100644 vendor/github.com/gorilla/securecookie/fuzz.go delete mode 100644 vendor/github.com/gorilla/securecookie/fuzz/gencorpus.go delete mode 100644 vendor/github.com/gorilla/securecookie/securecookie.go delete mode 100644 vendor/github.com/gorilla/securecookie/securecookie_test.go delete mode 100644 vendor/github.com/gorilla/sessions/.travis.yml delete mode 100644 vendor/github.com/gorilla/sessions/LICENSE delete mode 100644 vendor/github.com/gorilla/sessions/README.md delete mode 100644 vendor/github.com/gorilla/sessions/doc.go delete mode 100644 vendor/github.com/gorilla/sessions/lex.go delete mode 100644 vendor/github.com/gorilla/sessions/sessions.go delete mode 100644 vendor/github.com/gorilla/sessions/sessions_test.go delete mode 100644 vendor/github.com/gorilla/sessions/store.go delete mode 100644 vendor/github.com/gorilla/sessions/store_test.go diff --git a/Gopkg.lock b/Gopkg.lock index 59e8dfa..c5399e7 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -13,24 +13,6 @@ revision = "dbeaa9332f19a944acb5736b4456cfcc02140e29" version = "v3.1.0" -[[projects]] - name = "github.com/gorilla/context" - packages = ["."] - revision = "1ea25387ff6f684839d82767c1733ff4d4d15d0a" - version = "v1.1" - -[[projects]] - name = "github.com/gorilla/securecookie" - packages = ["."] - revision = "667fe4e3466a040b780561fe9b51a83a3753eefc" - version = "v1.1" - -[[projects]] - name = "github.com/gorilla/sessions" - packages = ["."] - revision = "ca9ada44574153444b00d3fd9c8559e4cc95f896" - version = "v1.1" - [[projects]] branch = "master" name = "golang.org/x/crypto" @@ -46,6 +28,6 @@ [solve-meta] analyzer-name = "dep" analyzer-version = 1 - inputs-digest = "6fa061b9ede00cd3c6c23f0fe055b108238580d8a260cb8f3915e8ed0285ce9b" + inputs-digest = "e4b8a6fd1b416960accf57e305df9fb6c1c50fb9aecde348a0735eff39614d0d" solver-name = "gps-cdcl" solver-version = 1 diff --git a/vendor/github.com/gorilla/context/.travis.yml b/vendor/github.com/gorilla/context/.travis.yml deleted file mode 100644 index faca4da..0000000 --- a/vendor/github.com/gorilla/context/.travis.yml +++ /dev/null @@ -1,19 +0,0 @@ -language: go -sudo: false - -matrix: - include: - - go: 1.3 - - go: 1.4 - - go: 1.5 - - go: 1.6 - - go: tip - -install: - - go get golang.org/x/tools/cmd/vet - -script: - - go get -t -v ./... - - diff -u <(echo -n) <(gofmt -d .) - - go tool vet . - - go test -v -race ./... diff --git a/vendor/github.com/gorilla/context/LICENSE b/vendor/github.com/gorilla/context/LICENSE deleted file mode 100644 index 0e5fb87..0000000 --- a/vendor/github.com/gorilla/context/LICENSE +++ /dev/null @@ -1,27 +0,0 @@ -Copyright (c) 2012 Rodrigo Moraes. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - - * Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above -copyright notice, this list of conditions and the following disclaimer -in the documentation and/or other materials provided with the -distribution. - * Neither the name of Google Inc. nor the names of its -contributors may be used to endorse or promote products derived from -this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/vendor/github.com/gorilla/context/README.md b/vendor/github.com/gorilla/context/README.md deleted file mode 100644 index c60a31b..0000000 --- a/vendor/github.com/gorilla/context/README.md +++ /dev/null @@ -1,7 +0,0 @@ -context -======= -[![Build Status](https://travis-ci.org/gorilla/context.png?branch=master)](https://travis-ci.org/gorilla/context) - -gorilla/context is a general purpose registry for global request variables. - -Read the full documentation here: http://www.gorillatoolkit.org/pkg/context diff --git a/vendor/github.com/gorilla/context/context.go b/vendor/github.com/gorilla/context/context.go deleted file mode 100644 index 81cb128..0000000 --- a/vendor/github.com/gorilla/context/context.go +++ /dev/null @@ -1,143 +0,0 @@ -// Copyright 2012 The Gorilla Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package context - -import ( - "net/http" - "sync" - "time" -) - -var ( - mutex sync.RWMutex - data = make(map[*http.Request]map[interface{}]interface{}) - datat = make(map[*http.Request]int64) -) - -// Set stores a value for a given key in a given request. -func Set(r *http.Request, key, val interface{}) { - mutex.Lock() - if data[r] == nil { - data[r] = make(map[interface{}]interface{}) - datat[r] = time.Now().Unix() - } - data[r][key] = val - mutex.Unlock() -} - -// Get returns a value stored for a given key in a given request. -func Get(r *http.Request, key interface{}) interface{} { - mutex.RLock() - if ctx := data[r]; ctx != nil { - value := ctx[key] - mutex.RUnlock() - return value - } - mutex.RUnlock() - return nil -} - -// GetOk returns stored value and presence state like multi-value return of map access. -func GetOk(r *http.Request, key interface{}) (interface{}, bool) { - mutex.RLock() - if _, ok := data[r]; ok { - value, ok := data[r][key] - mutex.RUnlock() - return value, ok - } - mutex.RUnlock() - return nil, false -} - -// GetAll returns all stored values for the request as a map. Nil is returned for invalid requests. -func GetAll(r *http.Request) map[interface{}]interface{} { - mutex.RLock() - if context, ok := data[r]; ok { - result := make(map[interface{}]interface{}, len(context)) - for k, v := range context { - result[k] = v - } - mutex.RUnlock() - return result - } - mutex.RUnlock() - return nil -} - -// GetAllOk returns all stored values for the request as a map and a boolean value that indicates if -// the request was registered. -func GetAllOk(r *http.Request) (map[interface{}]interface{}, bool) { - mutex.RLock() - context, ok := data[r] - result := make(map[interface{}]interface{}, len(context)) - for k, v := range context { - result[k] = v - } - mutex.RUnlock() - return result, ok -} - -// Delete removes a value stored for a given key in a given request. -func Delete(r *http.Request, key interface{}) { - mutex.Lock() - if data[r] != nil { - delete(data[r], key) - } - mutex.Unlock() -} - -// Clear removes all values stored for a given request. -// -// This is usually called by a handler wrapper to clean up request -// variables at the end of a request lifetime. See ClearHandler(). -func Clear(r *http.Request) { - mutex.Lock() - clear(r) - mutex.Unlock() -} - -// clear is Clear without the lock. -func clear(r *http.Request) { - delete(data, r) - delete(datat, r) -} - -// Purge removes request data stored for longer than maxAge, in seconds. -// It returns the amount of requests removed. -// -// If maxAge <= 0, all request data is removed. -// -// This is only used for sanity check: in case context cleaning was not -// properly set some request data can be kept forever, consuming an increasing -// amount of memory. In case this is detected, Purge() must be called -// periodically until the problem is fixed. -func Purge(maxAge int) int { - mutex.Lock() - count := 0 - if maxAge <= 0 { - count = len(data) - data = make(map[*http.Request]map[interface{}]interface{}) - datat = make(map[*http.Request]int64) - } else { - min := time.Now().Unix() - int64(maxAge) - for r := range data { - if datat[r] < min { - clear(r) - count++ - } - } - } - mutex.Unlock() - return count -} - -// ClearHandler wraps an http.Handler and clears request values at the end -// of a request lifetime. -func ClearHandler(h http.Handler) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - defer Clear(r) - h.ServeHTTP(w, r) - }) -} diff --git a/vendor/github.com/gorilla/context/context_test.go b/vendor/github.com/gorilla/context/context_test.go deleted file mode 100644 index 9814c50..0000000 --- a/vendor/github.com/gorilla/context/context_test.go +++ /dev/null @@ -1,161 +0,0 @@ -// Copyright 2012 The Gorilla Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package context - -import ( - "net/http" - "testing" -) - -type keyType int - -const ( - key1 keyType = iota - key2 -) - -func TestContext(t *testing.T) { - assertEqual := func(val interface{}, exp interface{}) { - if val != exp { - t.Errorf("Expected %v, got %v.", exp, val) - } - } - - r, _ := http.NewRequest("GET", "http://localhost:8080/", nil) - emptyR, _ := http.NewRequest("GET", "http://localhost:8080/", nil) - - // Get() - assertEqual(Get(r, key1), nil) - - // Set() - Set(r, key1, "1") - assertEqual(Get(r, key1), "1") - assertEqual(len(data[r]), 1) - - Set(r, key2, "2") - assertEqual(Get(r, key2), "2") - assertEqual(len(data[r]), 2) - - //GetOk - value, ok := GetOk(r, key1) - assertEqual(value, "1") - assertEqual(ok, true) - - value, ok = GetOk(r, "not exists") - assertEqual(value, nil) - assertEqual(ok, false) - - Set(r, "nil value", nil) - value, ok = GetOk(r, "nil value") - assertEqual(value, nil) - assertEqual(ok, true) - - // GetAll() - values := GetAll(r) - assertEqual(len(values), 3) - - // GetAll() for empty request - values = GetAll(emptyR) - if values != nil { - t.Error("GetAll didn't return nil value for invalid request") - } - - // GetAllOk() - values, ok = GetAllOk(r) - assertEqual(len(values), 3) - assertEqual(ok, true) - - // GetAllOk() for empty request - values, ok = GetAllOk(emptyR) - assertEqual(value, nil) - assertEqual(ok, false) - - // Delete() - Delete(r, key1) - assertEqual(Get(r, key1), nil) - assertEqual(len(data[r]), 2) - - Delete(r, key2) - assertEqual(Get(r, key2), nil) - assertEqual(len(data[r]), 1) - - // Clear() - Clear(r) - assertEqual(len(data), 0) -} - -func parallelReader(r *http.Request, key string, iterations int, wait, done chan struct{}) { - <-wait - for i := 0; i < iterations; i++ { - Get(r, key) - } - done <- struct{}{} - -} - -func parallelWriter(r *http.Request, key, value string, iterations int, wait, done chan struct{}) { - <-wait - for i := 0; i < iterations; i++ { - Set(r, key, value) - } - done <- struct{}{} - -} - -func benchmarkMutex(b *testing.B, numReaders, numWriters, iterations int) { - - b.StopTimer() - r, _ := http.NewRequest("GET", "http://localhost:8080/", nil) - done := make(chan struct{}) - b.StartTimer() - - for i := 0; i < b.N; i++ { - wait := make(chan struct{}) - - for i := 0; i < numReaders; i++ { - go parallelReader(r, "test", iterations, wait, done) - } - - for i := 0; i < numWriters; i++ { - go parallelWriter(r, "test", "123", iterations, wait, done) - } - - close(wait) - - for i := 0; i < numReaders+numWriters; i++ { - <-done - } - - } - -} - -func BenchmarkMutexSameReadWrite1(b *testing.B) { - benchmarkMutex(b, 1, 1, 32) -} -func BenchmarkMutexSameReadWrite2(b *testing.B) { - benchmarkMutex(b, 2, 2, 32) -} -func BenchmarkMutexSameReadWrite4(b *testing.B) { - benchmarkMutex(b, 4, 4, 32) -} -func BenchmarkMutex1(b *testing.B) { - benchmarkMutex(b, 2, 8, 32) -} -func BenchmarkMutex2(b *testing.B) { - benchmarkMutex(b, 16, 4, 64) -} -func BenchmarkMutex3(b *testing.B) { - benchmarkMutex(b, 1, 2, 128) -} -func BenchmarkMutex4(b *testing.B) { - benchmarkMutex(b, 128, 32, 256) -} -func BenchmarkMutex5(b *testing.B) { - benchmarkMutex(b, 1024, 2048, 64) -} -func BenchmarkMutex6(b *testing.B) { - benchmarkMutex(b, 2048, 1024, 512) -} diff --git a/vendor/github.com/gorilla/context/doc.go b/vendor/github.com/gorilla/context/doc.go deleted file mode 100644 index 73c7400..0000000 --- a/vendor/github.com/gorilla/context/doc.go +++ /dev/null @@ -1,82 +0,0 @@ -// Copyright 2012 The Gorilla Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -/* -Package context stores values shared during a request lifetime. - -For example, a router can set variables extracted from the URL and later -application handlers can access those values, or it can be used to store -sessions values to be saved at the end of a request. There are several -others common uses. - -The idea was posted by Brad Fitzpatrick to the go-nuts mailing list: - - http://groups.google.com/group/golang-nuts/msg/e2d679d303aa5d53 - -Here's the basic usage: first define the keys that you will need. The key -type is interface{} so a key can be of any type that supports equality. -Here we define a key using a custom int type to avoid name collisions: - - package foo - - import ( - "github.com/gorilla/context" - ) - - type key int - - const MyKey key = 0 - -Then set a variable. Variables are bound to an http.Request object, so you -need a request instance to set a value: - - context.Set(r, MyKey, "bar") - -The application can later access the variable using the same key you provided: - - func MyHandler(w http.ResponseWriter, r *http.Request) { - // val is "bar". - val := context.Get(r, foo.MyKey) - - // returns ("bar", true) - val, ok := context.GetOk(r, foo.MyKey) - // ... - } - -And that's all about the basic usage. We discuss some other ideas below. - -Any type can be stored in the context. To enforce a given type, make the key -private and wrap Get() and Set() to accept and return values of a specific -type: - - type key int - - const mykey key = 0 - - // GetMyKey returns a value for this package from the request values. - func GetMyKey(r *http.Request) SomeType { - if rv := context.Get(r, mykey); rv != nil { - return rv.(SomeType) - } - return nil - } - - // SetMyKey sets a value for this package in the request values. - func SetMyKey(r *http.Request, val SomeType) { - context.Set(r, mykey, val) - } - -Variables must be cleared at the end of a request, to remove all values -that were stored. This can be done in an http.Handler, after a request was -served. Just call Clear() passing the request: - - context.Clear(r) - -...or use ClearHandler(), which conveniently wraps an http.Handler to clear -variables at the end of a request lifetime. - -The Routers from the packages gorilla/mux and gorilla/pat call Clear() -so if you are using either of them you don't need to clear the context manually. -*/ -package context diff --git a/vendor/github.com/gorilla/securecookie/.travis.yml b/vendor/github.com/gorilla/securecookie/.travis.yml deleted file mode 100644 index 24882fc..0000000 --- a/vendor/github.com/gorilla/securecookie/.travis.yml +++ /dev/null @@ -1,18 +0,0 @@ -language: go -sudo: false - -matrix: - include: - - go: 1.3 - - go: 1.4 - - go: 1.5 - - go: 1.6 - - go: tip - allow_failures: - - go: tip - -script: - - go get -t -v ./... - - diff -u <(echo -n) <(gofmt -d .) - - go vet $(go list ./... | grep -v /vendor/) - - go test -v -race ./... diff --git a/vendor/github.com/gorilla/securecookie/LICENSE b/vendor/github.com/gorilla/securecookie/LICENSE deleted file mode 100644 index 0e5fb87..0000000 --- a/vendor/github.com/gorilla/securecookie/LICENSE +++ /dev/null @@ -1,27 +0,0 @@ -Copyright (c) 2012 Rodrigo Moraes. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - - * Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above -copyright notice, this list of conditions and the following disclaimer -in the documentation and/or other materials provided with the -distribution. - * Neither the name of Google Inc. nor the names of its -contributors may be used to endorse or promote products derived from -this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/vendor/github.com/gorilla/securecookie/README.md b/vendor/github.com/gorilla/securecookie/README.md deleted file mode 100644 index 5ed299e..0000000 --- a/vendor/github.com/gorilla/securecookie/README.md +++ /dev/null @@ -1,76 +0,0 @@ -securecookie -============ -[![GoDoc](https://godoc.org/github.com/gorilla/securecookie?status.svg)](https://godoc.org/github.com/gorilla/securecookie) [![Build Status](https://travis-ci.org/gorilla/securecookie.png?branch=master)](https://travis-ci.org/gorilla/securecookie) - -securecookie encodes and decodes authenticated and optionally encrypted -cookie values. - -Secure cookies can't be forged, because their values are validated using HMAC. -When encrypted, the content is also inaccessible to malicious eyes. It is still -recommended that sensitive data not be stored in cookies, and that HTTPS be used -to prevent cookie [replay attacks](https://en.wikipedia.org/wiki/Replay_attack). - -## Examples - -To use it, first create a new SecureCookie instance: - -```go -// Hash keys should be at least 32 bytes long -var hashKey = []byte("very-secret") -// Block keys should be 16 bytes (AES-128) or 32 bytes (AES-256) long. -// Shorter keys may weaken the encryption used. -var blockKey = []byte("a-lot-secret") -var s = securecookie.New(hashKey, blockKey) -``` - -The hashKey is required, used to authenticate the cookie value using HMAC. -It is recommended to use a key with 32 or 64 bytes. - -The blockKey is optional, used to encrypt the cookie value -- set it to nil -to not use encryption. If set, the length must correspond to the block size -of the encryption algorithm. For AES, used by default, valid lengths are -16, 24, or 32 bytes to select AES-128, AES-192, or AES-256. - -Strong keys can be created using the convenience function GenerateRandomKey(). - -Once a SecureCookie instance is set, use it to encode a cookie value: - -```go -func SetCookieHandler(w http.ResponseWriter, r *http.Request) { - value := map[string]string{ - "foo": "bar", - } - if encoded, err := s.Encode("cookie-name", value); err == nil { - cookie := &http.Cookie{ - Name: "cookie-name", - Value: encoded, - Path: "/", - } - http.SetCookie(w, cookie) - } -} -``` - -Later, use the same SecureCookie instance to decode and validate a cookie -value: - -```go -func ReadCookieHandler(w http.ResponseWriter, r *http.Request) { - if cookie, err := r.Cookie("cookie-name"); err == nil { - value := make(map[string]string) - if err = s2.Decode("cookie-name", cookie.Value, &value); err == nil { - fmt.Fprintf(w, "The value of foo is %q", value["foo"]) - } - } -} -``` - -We stored a map[string]string, but secure cookies can hold any value that -can be encoded using `encoding/gob`. To store custom types, they must be -registered first using gob.Register(). For basic types this is not needed; -it works out of the box. An optional JSON encoder that uses `encoding/json` is -available for types compatible with JSON. - -## License - -BSD licensed. See the LICENSE file for details. diff --git a/vendor/github.com/gorilla/securecookie/doc.go b/vendor/github.com/gorilla/securecookie/doc.go deleted file mode 100644 index ae89408..0000000 --- a/vendor/github.com/gorilla/securecookie/doc.go +++ /dev/null @@ -1,61 +0,0 @@ -// Copyright 2012 The Gorilla Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -/* -Package securecookie encodes and decodes authenticated and optionally -encrypted cookie values. - -Secure cookies can't be forged, because their values are validated using HMAC. -When encrypted, the content is also inaccessible to malicious eyes. - -To use it, first create a new SecureCookie instance: - - var hashKey = []byte("very-secret") - var blockKey = []byte("a-lot-secret") - var s = securecookie.New(hashKey, blockKey) - -The hashKey is required, used to authenticate the cookie value using HMAC. -It is recommended to use a key with 32 or 64 bytes. - -The blockKey is optional, used to encrypt the cookie value -- set it to nil -to not use encryption. If set, the length must correspond to the block size -of the encryption algorithm. For AES, used by default, valid lengths are -16, 24, or 32 bytes to select AES-128, AES-192, or AES-256. - -Strong keys can be created using the convenience function GenerateRandomKey(). - -Once a SecureCookie instance is set, use it to encode a cookie value: - - func SetCookieHandler(w http.ResponseWriter, r *http.Request) { - value := map[string]string{ - "foo": "bar", - } - if encoded, err := s.Encode("cookie-name", value); err == nil { - cookie := &http.Cookie{ - Name: "cookie-name", - Value: encoded, - Path: "/", - } - http.SetCookie(w, cookie) - } - } - -Later, use the same SecureCookie instance to decode and validate a cookie -value: - - func ReadCookieHandler(w http.ResponseWriter, r *http.Request) { - if cookie, err := r.Cookie("cookie-name"); err == nil { - value := make(map[string]string) - if err = s2.Decode("cookie-name", cookie.Value, &value); err == nil { - fmt.Fprintf(w, "The value of foo is %q", value["foo"]) - } - } - } - -We stored a map[string]string, but secure cookies can hold any value that -can be encoded using encoding/gob. To store custom types, they must be -registered first using gob.Register(). For basic types this is not needed; -it works out of the box. -*/ -package securecookie diff --git a/vendor/github.com/gorilla/securecookie/fuzz.go b/vendor/github.com/gorilla/securecookie/fuzz.go deleted file mode 100644 index e4d0534..0000000 --- a/vendor/github.com/gorilla/securecookie/fuzz.go +++ /dev/null @@ -1,25 +0,0 @@ -// +build gofuzz - -package securecookie - -var hashKey = []byte("very-secret12345") -var blockKey = []byte("a-lot-secret1234") -var s = New(hashKey, blockKey) - -type Cookie struct { - B bool - I int - S string -} - -func Fuzz(data []byte) int { - datas := string(data) - var c Cookie - if err := s.Decode("fuzz", datas, &c); err != nil { - return 0 - } - if _, err := s.Encode("fuzz", c); err != nil { - panic(err) - } - return 1 -} diff --git a/vendor/github.com/gorilla/securecookie/fuzz/gencorpus.go b/vendor/github.com/gorilla/securecookie/fuzz/gencorpus.go deleted file mode 100644 index 368192b..0000000 --- a/vendor/github.com/gorilla/securecookie/fuzz/gencorpus.go +++ /dev/null @@ -1,47 +0,0 @@ -package main - -import ( - "fmt" - "io" - "math/rand" - "os" - "reflect" - "testing/quick" - - "github.com/gorilla/securecookie" -) - -var hashKey = []byte("very-secret12345") -var blockKey = []byte("a-lot-secret1234") -var s = securecookie.New(hashKey, blockKey) - -type Cookie struct { - B bool - I int - S string -} - -func main() { - var c Cookie - t := reflect.TypeOf(c) - rnd := rand.New(rand.NewSource(0)) - for i := 0; i < 100; i++ { - v, ok := quick.Value(t, rnd) - if !ok { - panic("couldn't generate value") - } - encoded, err := s.Encode("fuzz", v.Interface()) - if err != nil { - panic(err) - } - f, err := os.Create(fmt.Sprintf("corpus/%d.sc", i)) - if err != nil { - panic(err) - } - _, err = io.WriteString(f, encoded) - if err != nil { - panic(err) - } - f.Close() - } -} diff --git a/vendor/github.com/gorilla/securecookie/securecookie.go b/vendor/github.com/gorilla/securecookie/securecookie.go deleted file mode 100644 index 83dd606..0000000 --- a/vendor/github.com/gorilla/securecookie/securecookie.go +++ /dev/null @@ -1,646 +0,0 @@ -// Copyright 2012 The Gorilla Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package securecookie - -import ( - "bytes" - "crypto/aes" - "crypto/cipher" - "crypto/hmac" - "crypto/rand" - "crypto/sha256" - "crypto/subtle" - "encoding/base64" - "encoding/gob" - "encoding/json" - "fmt" - "hash" - "io" - "strconv" - "strings" - "time" -) - -// Error is the interface of all errors returned by functions in this library. -type Error interface { - error - - // IsUsage returns true for errors indicating the client code probably - // uses this library incorrectly. For example, the client may have - // failed to provide a valid hash key, or may have failed to configure - // the Serializer adequately for encoding value. - IsUsage() bool - - // IsDecode returns true for errors indicating that a cookie could not - // be decoded and validated. Since cookies are usually untrusted - // user-provided input, errors of this type should be expected. - // Usually, the proper action is simply to reject the request. - IsDecode() bool - - // IsInternal returns true for unexpected errors occurring in the - // securecookie implementation. - IsInternal() bool - - // Cause, if it returns a non-nil value, indicates that this error was - // propagated from some underlying library. If this method returns nil, - // this error was raised directly by this library. - // - // Cause is provided principally for debugging/logging purposes; it is - // rare that application logic should perform meaningfully different - // logic based on Cause. See, for example, the caveats described on - // (MultiError).Cause(). - Cause() error -} - -// errorType is a bitmask giving the error type(s) of an cookieError value. -type errorType int - -const ( - usageError = errorType(1 << iota) - decodeError - internalError -) - -type cookieError struct { - typ errorType - msg string - cause error -} - -func (e cookieError) IsUsage() bool { return (e.typ & usageError) != 0 } -func (e cookieError) IsDecode() bool { return (e.typ & decodeError) != 0 } -func (e cookieError) IsInternal() bool { return (e.typ & internalError) != 0 } - -func (e cookieError) Cause() error { return e.cause } - -func (e cookieError) Error() string { - parts := []string{"securecookie: "} - if e.msg == "" { - parts = append(parts, "error") - } else { - parts = append(parts, e.msg) - } - if c := e.Cause(); c != nil { - parts = append(parts, " - caused by: ", c.Error()) - } - return strings.Join(parts, "") -} - -var ( - errGeneratingIV = cookieError{typ: internalError, msg: "failed to generate random iv"} - - errNoCodecs = cookieError{typ: usageError, msg: "no codecs provided"} - errHashKeyNotSet = cookieError{typ: usageError, msg: "hash key is not set"} - errBlockKeyNotSet = cookieError{typ: usageError, msg: "block key is not set"} - errEncodedValueTooLong = cookieError{typ: usageError, msg: "the value is too long"} - - errValueToDecodeTooLong = cookieError{typ: decodeError, msg: "the value is too long"} - errTimestampInvalid = cookieError{typ: decodeError, msg: "invalid timestamp"} - errTimestampTooNew = cookieError{typ: decodeError, msg: "timestamp is too new"} - errTimestampExpired = cookieError{typ: decodeError, msg: "expired timestamp"} - errDecryptionFailed = cookieError{typ: decodeError, msg: "the value could not be decrypted"} - errValueNotByte = cookieError{typ: decodeError, msg: "value not a []byte."} - - // ErrMacInvalid indicates that cookie decoding failed because the HMAC - // could not be extracted and verified. Direct use of this error - // variable is deprecated; it is public only for legacy compatibility, - // and may be privatized in the future, as it is rarely useful to - // distinguish between this error and other Error implementations. - ErrMacInvalid = cookieError{typ: decodeError, msg: "the value is not valid"} -) - -// Codec defines an interface to encode and decode cookie values. -type Codec interface { - Encode(name string, value interface{}) (string, error) - Decode(name, value string, dst interface{}) error -} - -// New returns a new SecureCookie. -// -// hashKey is required, used to authenticate values using HMAC. Create it using -// GenerateRandomKey(). It is recommended to use a key with 32 or 64 bytes. -// -// blockKey is optional, used to encrypt values. Create it using -// GenerateRandomKey(). The key length must correspond to the block size -// of the encryption algorithm. For AES, used by default, valid lengths are -// 16, 24, or 32 bytes to select AES-128, AES-192, or AES-256. -// The default encoder used for cookie serialization is encoding/gob. -// -// Note that keys created using GenerateRandomKey() are not automatically -// persisted. New keys will be created when the application is restarted, and -// previously issued cookies will not be able to be decoded. -func New(hashKey, blockKey []byte) *SecureCookie { - s := &SecureCookie{ - hashKey: hashKey, - blockKey: blockKey, - hashFunc: sha256.New, - maxAge: 86400 * 30, - maxLength: 4096, - sz: GobEncoder{}, - } - if hashKey == nil { - s.err = errHashKeyNotSet - } - if blockKey != nil { - s.BlockFunc(aes.NewCipher) - } - return s -} - -// SecureCookie encodes and decodes authenticated and optionally encrypted -// cookie values. -type SecureCookie struct { - hashKey []byte - hashFunc func() hash.Hash - blockKey []byte - block cipher.Block - maxLength int - maxAge int64 - minAge int64 - err error - sz Serializer - // For testing purposes, the function that returns the current timestamp. - // If not set, it will use time.Now().UTC().Unix(). - timeFunc func() int64 -} - -// Serializer provides an interface for providing custom serializers for cookie -// values. -type Serializer interface { - Serialize(src interface{}) ([]byte, error) - Deserialize(src []byte, dst interface{}) error -} - -// GobEncoder encodes cookie values using encoding/gob. This is the simplest -// encoder and can handle complex types via gob.Register. -type GobEncoder struct{} - -// JSONEncoder encodes cookie values using encoding/json. Users who wish to -// encode complex types need to satisfy the json.Marshaller and -// json.Unmarshaller interfaces. -type JSONEncoder struct{} - -// NopEncoder does not encode cookie values, and instead simply accepts a []byte -// (as an interface{}) and returns a []byte. This is particularly useful when -// you encoding an object upstream and do not wish to re-encode it. -type NopEncoder struct{} - -// MaxLength restricts the maximum length, in bytes, for the cookie value. -// -// Default is 4096, which is the maximum value accepted by Internet Explorer. -func (s *SecureCookie) MaxLength(value int) *SecureCookie { - s.maxLength = value - return s -} - -// MaxAge restricts the maximum age, in seconds, for the cookie value. -// -// Default is 86400 * 30. Set it to 0 for no restriction. -func (s *SecureCookie) MaxAge(value int) *SecureCookie { - s.maxAge = int64(value) - return s -} - -// MinAge restricts the minimum age, in seconds, for the cookie value. -// -// Default is 0 (no restriction). -func (s *SecureCookie) MinAge(value int) *SecureCookie { - s.minAge = int64(value) - return s -} - -// HashFunc sets the hash function used to create HMAC. -// -// Default is crypto/sha256.New. -func (s *SecureCookie) HashFunc(f func() hash.Hash) *SecureCookie { - s.hashFunc = f - return s -} - -// BlockFunc sets the encryption function used to create a cipher.Block. -// -// Default is crypto/aes.New. -func (s *SecureCookie) BlockFunc(f func([]byte) (cipher.Block, error)) *SecureCookie { - if s.blockKey == nil { - s.err = errBlockKeyNotSet - } else if block, err := f(s.blockKey); err == nil { - s.block = block - } else { - s.err = cookieError{cause: err, typ: usageError} - } - return s -} - -// Encoding sets the encoding/serialization method for cookies. -// -// Default is encoding/gob. To encode special structures using encoding/gob, -// they must be registered first using gob.Register(). -func (s *SecureCookie) SetSerializer(sz Serializer) *SecureCookie { - s.sz = sz - - return s -} - -// Encode encodes a cookie value. -// -// It serializes, optionally encrypts, signs with a message authentication code, -// and finally encodes the value. -// -// The name argument is the cookie name. It is stored with the encoded value. -// The value argument is the value to be encoded. It can be any value that can -// be encoded using the currently selected serializer; see SetSerializer(). -// -// It is the client's responsibility to ensure that value, when encoded using -// the current serialization/encryption settings on s and then base64-encoded, -// is shorter than the maximum permissible length. -func (s *SecureCookie) Encode(name string, value interface{}) (string, error) { - if s.err != nil { - return "", s.err - } - if s.hashKey == nil { - s.err = errHashKeyNotSet - return "", s.err - } - var err error - var b []byte - // 1. Serialize. - if b, err = s.sz.Serialize(value); err != nil { - return "", cookieError{cause: err, typ: usageError} - } - // 2. Encrypt (optional). - if s.block != nil { - if b, err = encrypt(s.block, b); err != nil { - return "", cookieError{cause: err, typ: usageError} - } - } - b = encode(b) - // 3. Create MAC for "name|date|value". Extra pipe to be used later. - b = []byte(fmt.Sprintf("%s|%d|%s|", name, s.timestamp(), b)) - mac := createMac(hmac.New(s.hashFunc, s.hashKey), b[:len(b)-1]) - // Append mac, remove name. - b = append(b, mac...)[len(name)+1:] - // 4. Encode to base64. - b = encode(b) - // 5. Check length. - if s.maxLength != 0 && len(b) > s.maxLength { - return "", errEncodedValueTooLong - } - // Done. - return string(b), nil -} - -// Decode decodes a cookie value. -// -// It decodes, verifies a message authentication code, optionally decrypts and -// finally deserializes the value. -// -// The name argument is the cookie name. It must be the same name used when -// it was stored. The value argument is the encoded cookie value. The dst -// argument is where the cookie will be decoded. It must be a pointer. -func (s *SecureCookie) Decode(name, value string, dst interface{}) error { - if s.err != nil { - return s.err - } - if s.hashKey == nil { - s.err = errHashKeyNotSet - return s.err - } - // 1. Check length. - if s.maxLength != 0 && len(value) > s.maxLength { - return errValueToDecodeTooLong - } - // 2. Decode from base64. - b, err := decode([]byte(value)) - if err != nil { - return err - } - // 3. Verify MAC. Value is "date|value|mac". - parts := bytes.SplitN(b, []byte("|"), 3) - if len(parts) != 3 { - return ErrMacInvalid - } - h := hmac.New(s.hashFunc, s.hashKey) - b = append([]byte(name+"|"), b[:len(b)-len(parts[2])-1]...) - if err = verifyMac(h, b, parts[2]); err != nil { - return err - } - // 4. Verify date ranges. - var t1 int64 - if t1, err = strconv.ParseInt(string(parts[0]), 10, 64); err != nil { - return errTimestampInvalid - } - t2 := s.timestamp() - if s.minAge != 0 && t1 > t2-s.minAge { - return errTimestampTooNew - } - if s.maxAge != 0 && t1 < t2-s.maxAge { - return errTimestampExpired - } - // 5. Decrypt (optional). - b, err = decode(parts[1]) - if err != nil { - return err - } - if s.block != nil { - if b, err = decrypt(s.block, b); err != nil { - return err - } - } - // 6. Deserialize. - if err = s.sz.Deserialize(b, dst); err != nil { - return cookieError{cause: err, typ: decodeError} - } - // Done. - return nil -} - -// timestamp returns the current timestamp, in seconds. -// -// For testing purposes, the function that generates the timestamp can be -// overridden. If not set, it will return time.Now().UTC().Unix(). -func (s *SecureCookie) timestamp() int64 { - if s.timeFunc == nil { - return time.Now().UTC().Unix() - } - return s.timeFunc() -} - -// Authentication ------------------------------------------------------------- - -// createMac creates a message authentication code (MAC). -func createMac(h hash.Hash, value []byte) []byte { - h.Write(value) - return h.Sum(nil) -} - -// verifyMac verifies that a message authentication code (MAC) is valid. -func verifyMac(h hash.Hash, value []byte, mac []byte) error { - mac2 := createMac(h, value) - // Check that both MACs are of equal length, as subtle.ConstantTimeCompare - // does not do this prior to Go 1.4. - if len(mac) == len(mac2) && subtle.ConstantTimeCompare(mac, mac2) == 1 { - return nil - } - return ErrMacInvalid -} - -// Encryption ----------------------------------------------------------------- - -// encrypt encrypts a value using the given block in counter mode. -// -// A random initialization vector (http://goo.gl/zF67k) with the length of the -// block size is prepended to the resulting ciphertext. -func encrypt(block cipher.Block, value []byte) ([]byte, error) { - iv := GenerateRandomKey(block.BlockSize()) - if iv == nil { - return nil, errGeneratingIV - } - // Encrypt it. - stream := cipher.NewCTR(block, iv) - stream.XORKeyStream(value, value) - // Return iv + ciphertext. - return append(iv, value...), nil -} - -// decrypt decrypts a value using the given block in counter mode. -// -// The value to be decrypted must be prepended by a initialization vector -// (http://goo.gl/zF67k) with the length of the block size. -func decrypt(block cipher.Block, value []byte) ([]byte, error) { - size := block.BlockSize() - if len(value) > size { - // Extract iv. - iv := value[:size] - // Extract ciphertext. - value = value[size:] - // Decrypt it. - stream := cipher.NewCTR(block, iv) - stream.XORKeyStream(value, value) - return value, nil - } - return nil, errDecryptionFailed -} - -// Serialization -------------------------------------------------------------- - -// Serialize encodes a value using gob. -func (e GobEncoder) Serialize(src interface{}) ([]byte, error) { - buf := new(bytes.Buffer) - enc := gob.NewEncoder(buf) - if err := enc.Encode(src); err != nil { - return nil, cookieError{cause: err, typ: usageError} - } - return buf.Bytes(), nil -} - -// Deserialize decodes a value using gob. -func (e GobEncoder) Deserialize(src []byte, dst interface{}) error { - dec := gob.NewDecoder(bytes.NewBuffer(src)) - if err := dec.Decode(dst); err != nil { - return cookieError{cause: err, typ: decodeError} - } - return nil -} - -// Serialize encodes a value using encoding/json. -func (e JSONEncoder) Serialize(src interface{}) ([]byte, error) { - buf := new(bytes.Buffer) - enc := json.NewEncoder(buf) - if err := enc.Encode(src); err != nil { - return nil, cookieError{cause: err, typ: usageError} - } - return buf.Bytes(), nil -} - -// Deserialize decodes a value using encoding/json. -func (e JSONEncoder) Deserialize(src []byte, dst interface{}) error { - dec := json.NewDecoder(bytes.NewReader(src)) - if err := dec.Decode(dst); err != nil { - return cookieError{cause: err, typ: decodeError} - } - return nil -} - -// Serialize passes a []byte through as-is. -func (e NopEncoder) Serialize(src interface{}) ([]byte, error) { - if b, ok := src.([]byte); ok { - return b, nil - } - - return nil, errValueNotByte -} - -// Deserialize passes a []byte through as-is. -func (e NopEncoder) Deserialize(src []byte, dst interface{}) error { - if _, ok := dst.([]byte); ok { - dst = src - return nil - } - - return errValueNotByte -} - -// Encoding ------------------------------------------------------------------- - -// encode encodes a value using base64. -func encode(value []byte) []byte { - encoded := make([]byte, base64.URLEncoding.EncodedLen(len(value))) - base64.URLEncoding.Encode(encoded, value) - return encoded -} - -// decode decodes a cookie using base64. -func decode(value []byte) ([]byte, error) { - decoded := make([]byte, base64.URLEncoding.DecodedLen(len(value))) - b, err := base64.URLEncoding.Decode(decoded, value) - if err != nil { - return nil, cookieError{cause: err, typ: decodeError, msg: "base64 decode failed"} - } - return decoded[:b], nil -} - -// Helpers -------------------------------------------------------------------- - -// GenerateRandomKey creates a random key with the given length in bytes. -// On failure, returns nil. -// -// Callers should explicitly check for the possibility of a nil return, treat -// it as a failure of the system random number generator, and not continue. -func GenerateRandomKey(length int) []byte { - k := make([]byte, length) - if _, err := io.ReadFull(rand.Reader, k); err != nil { - return nil - } - return k -} - -// CodecsFromPairs returns a slice of SecureCookie instances. -// -// It is a convenience function to create a list of codecs for key rotation. Note -// that the generated Codecs will have the default options applied: callers -// should iterate over each Codec and type-assert the underlying *SecureCookie to -// change these. -// -// Example: -// -// codecs := securecookie.CodecsFromPairs( -// []byte("new-hash-key"), -// []byte("new-block-key"), -// []byte("old-hash-key"), -// []byte("old-block-key"), -// ) -// -// // Modify each instance. -// for _, s := range codecs { -// if cookie, ok := s.(*securecookie.SecureCookie); ok { -// cookie.MaxAge(86400 * 7) -// cookie.SetSerializer(securecookie.JSONEncoder{}) -// cookie.HashFunc(sha512.New512_256) -// } -// } -// -func CodecsFromPairs(keyPairs ...[]byte) []Codec { - codecs := make([]Codec, len(keyPairs)/2+len(keyPairs)%2) - for i := 0; i < len(keyPairs); i += 2 { - var blockKey []byte - if i+1 < len(keyPairs) { - blockKey = keyPairs[i+1] - } - codecs[i/2] = New(keyPairs[i], blockKey) - } - return codecs -} - -// EncodeMulti encodes a cookie value using a group of codecs. -// -// The codecs are tried in order. Multiple codecs are accepted to allow -// key rotation. -// -// On error, may return a MultiError. -func EncodeMulti(name string, value interface{}, codecs ...Codec) (string, error) { - if len(codecs) == 0 { - return "", errNoCodecs - } - - var errors MultiError - for _, codec := range codecs { - encoded, err := codec.Encode(name, value) - if err == nil { - return encoded, nil - } - errors = append(errors, err) - } - return "", errors -} - -// DecodeMulti decodes a cookie value using a group of codecs. -// -// The codecs are tried in order. Multiple codecs are accepted to allow -// key rotation. -// -// On error, may return a MultiError. -func DecodeMulti(name string, value string, dst interface{}, codecs ...Codec) error { - if len(codecs) == 0 { - return errNoCodecs - } - - var errors MultiError - for _, codec := range codecs { - err := codec.Decode(name, value, dst) - if err == nil { - return nil - } - errors = append(errors, err) - } - return errors -} - -// MultiError groups multiple errors. -type MultiError []error - -func (m MultiError) IsUsage() bool { return m.any(func(e Error) bool { return e.IsUsage() }) } -func (m MultiError) IsDecode() bool { return m.any(func(e Error) bool { return e.IsDecode() }) } -func (m MultiError) IsInternal() bool { return m.any(func(e Error) bool { return e.IsInternal() }) } - -// Cause returns nil for MultiError; there is no unique underlying cause in the -// general case. -// -// Note: we could conceivably return a non-nil Cause only when there is exactly -// one child error with a Cause. However, it would be brittle for client code -// to rely on the arity of causes inside a MultiError, so we have opted not to -// provide this functionality. Clients which really wish to access the Causes -// of the underlying errors are free to iterate through the errors themselves. -func (m MultiError) Cause() error { return nil } - -func (m MultiError) Error() string { - s, n := "", 0 - for _, e := range m { - if e != nil { - if n == 0 { - s = e.Error() - } - n++ - } - } - switch n { - case 0: - return "(0 errors)" - case 1: - return s - case 2: - return s + " (and 1 other error)" - } - return fmt.Sprintf("%s (and %d other errors)", s, n-1) -} - -// any returns true if any element of m is an Error for which pred returns true. -func (m MultiError) any(pred func(Error) bool) bool { - for _, e := range m { - if ourErr, ok := e.(Error); ok && pred(ourErr) { - return true - } - } - return false -} diff --git a/vendor/github.com/gorilla/securecookie/securecookie_test.go b/vendor/github.com/gorilla/securecookie/securecookie_test.go deleted file mode 100644 index 33ce4fc..0000000 --- a/vendor/github.com/gorilla/securecookie/securecookie_test.go +++ /dev/null @@ -1,274 +0,0 @@ -// Copyright 2012 The Gorilla Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package securecookie - -import ( - "crypto/aes" - "crypto/hmac" - "crypto/sha256" - "encoding/base64" - "fmt" - "reflect" - "strings" - "testing" -) - -// Asserts that cookieError and MultiError are Error implementations. -var _ Error = cookieError{} -var _ Error = MultiError{} - -var testCookies = []interface{}{ - map[string]string{"foo": "bar"}, - map[string]string{"baz": "ding"}, -} - -var testStrings = []string{"foo", "bar", "baz"} - -func TestSecureCookie(t *testing.T) { - // TODO test too old / too new timestamps - s1 := New([]byte("12345"), []byte("1234567890123456")) - s2 := New([]byte("54321"), []byte("6543210987654321")) - value := map[string]interface{}{ - "foo": "bar", - "baz": 128, - } - - for i := 0; i < 50; i++ { - // Running this multiple times to check if any special character - // breaks encoding/decoding. - encoded, err1 := s1.Encode("sid", value) - if err1 != nil { - t.Error(err1) - continue - } - dst := make(map[string]interface{}) - err2 := s1.Decode("sid", encoded, &dst) - if err2 != nil { - t.Fatalf("%v: %v", err2, encoded) - } - if !reflect.DeepEqual(dst, value) { - t.Fatalf("Expected %v, got %v.", value, dst) - } - dst2 := make(map[string]interface{}) - err3 := s2.Decode("sid", encoded, &dst2) - if err3 == nil { - t.Fatalf("Expected failure decoding.") - } - err4, ok := err3.(Error) - if !ok { - t.Fatalf("Expected error to implement Error, got: %#v", err3) - } - if !err4.IsDecode() { - t.Fatalf("Expected DecodeError, got: %#v", err4) - } - - // Test other error type flags. - if err4.IsUsage() { - t.Fatalf("Expected IsUsage() == false, got: %#v", err4) - } - if err4.IsInternal() { - t.Fatalf("Expected IsInternal() == false, got: %#v", err4) - } - } -} - -func TestSecureCookieNilKey(t *testing.T) { - s1 := New(nil, nil) - value := map[string]interface{}{ - "foo": "bar", - "baz": 128, - } - _, err := s1.Encode("sid", value) - if err != errHashKeyNotSet { - t.Fatal("Wrong error returned:", err) - } -} - -func TestDecodeInvalid(t *testing.T) { - // List of invalid cookies, which must not be accepted, base64-decoded - // (they will be encoded before passing to Decode). - invalidCookies := []string{ - "", - " ", - "\n", - "||", - "|||", - "cookie", - } - s := New([]byte("12345"), nil) - var dst string - for i, v := range invalidCookies { - for _, enc := range []*base64.Encoding{ - base64.StdEncoding, - base64.URLEncoding, - } { - err := s.Decode("name", enc.EncodeToString([]byte(v)), &dst) - if err == nil { - t.Fatalf("%d: expected failure decoding", i) - } - err2, ok := err.(Error) - if !ok || !err2.IsDecode() { - t.Fatalf("%d: Expected IsDecode(), got: %#v", i, err) - } - } - } -} - -func TestAuthentication(t *testing.T) { - hash := hmac.New(sha256.New, []byte("secret-key")) - for _, value := range testStrings { - hash.Reset() - signed := createMac(hash, []byte(value)) - hash.Reset() - err := verifyMac(hash, []byte(value), signed) - if err != nil { - t.Error(err) - } - } -} - -func TestEncryption(t *testing.T) { - block, err := aes.NewCipher([]byte("1234567890123456")) - if err != nil { - t.Fatalf("Block could not be created") - } - var encrypted, decrypted []byte - for _, value := range testStrings { - if encrypted, err = encrypt(block, []byte(value)); err != nil { - t.Error(err) - } else { - if decrypted, err = decrypt(block, encrypted); err != nil { - t.Error(err) - } - if string(decrypted) != value { - t.Errorf("Expected %v, got %v.", value, string(decrypted)) - } - } - } -} - -func TestGobSerialization(t *testing.T) { - var ( - sz GobEncoder - serialized []byte - deserialized map[string]string - err error - ) - for _, value := range testCookies { - if serialized, err = sz.Serialize(value); err != nil { - t.Error(err) - } else { - deserialized = make(map[string]string) - if err = sz.Deserialize(serialized, &deserialized); err != nil { - t.Error(err) - } - if fmt.Sprintf("%v", deserialized) != fmt.Sprintf("%v", value) { - t.Errorf("Expected %v, got %v.", value, deserialized) - } - } - } -} - -func TestJSONSerialization(t *testing.T) { - var ( - sz JSONEncoder - serialized []byte - deserialized map[string]string - err error - ) - for _, value := range testCookies { - if serialized, err = sz.Serialize(value); err != nil { - t.Error(err) - } else { - deserialized = make(map[string]string) - if err = sz.Deserialize(serialized, &deserialized); err != nil { - t.Error(err) - } - if fmt.Sprintf("%v", deserialized) != fmt.Sprintf("%v", value) { - t.Errorf("Expected %v, got %v.", value, deserialized) - } - } - } -} - -func TestEncoding(t *testing.T) { - for _, value := range testStrings { - encoded := encode([]byte(value)) - decoded, err := decode(encoded) - if err != nil { - t.Error(err) - } else if string(decoded) != value { - t.Errorf("Expected %v, got %s.", value, string(decoded)) - } - } -} - -func TestMultiError(t *testing.T) { - s1, s2 := New(nil, nil), New(nil, nil) - _, err := EncodeMulti("sid", "value", s1, s2) - if len(err.(MultiError)) != 2 { - t.Errorf("Expected 2 errors, got %s.", err) - } else { - if strings.Index(err.Error(), "hash key is not set") == -1 { - t.Errorf("Expected missing hash key error, got %s.", err.Error()) - } - ourErr, ok := err.(Error) - if !ok || !ourErr.IsUsage() { - t.Fatalf("Expected error to be a usage error; got %#v", err) - } - if ourErr.IsDecode() { - t.Errorf("Expected error NOT to be a decode error; got %#v", ourErr) - } - if ourErr.IsInternal() { - t.Errorf("Expected error NOT to be an internal error; got %#v", ourErr) - } - } -} - -func TestMultiNoCodecs(t *testing.T) { - _, err := EncodeMulti("foo", "bar") - if err != errNoCodecs { - t.Errorf("EncodeMulti: bad value for error, got: %v", err) - } - - var dst []byte - err = DecodeMulti("foo", "bar", &dst) - if err != errNoCodecs { - t.Errorf("DecodeMulti: bad value for error, got: %v", err) - } -} - -func TestMissingKey(t *testing.T) { - s1 := New(nil, nil) - - var dst []byte - err := s1.Decode("sid", "value", &dst) - if err != errHashKeyNotSet { - t.Fatalf("Expected %#v, got %#v", errHashKeyNotSet, err) - } - if err2, ok := err.(Error); !ok || !err2.IsUsage() { - t.Errorf("Expected missing hash key to be IsUsage(); was %#v", err) - } -} - -// ---------------------------------------------------------------------------- - -type FooBar struct { - Foo int - Bar string -} - -func TestCustomType(t *testing.T) { - s1 := New([]byte("12345"), []byte("1234567890123456")) - // Type is not registered in gob. (!!!) - src := &FooBar{42, "bar"} - encoded, _ := s1.Encode("sid", src) - - dst := &FooBar{} - _ = s1.Decode("sid", encoded, dst) - if dst.Foo != 42 || dst.Bar != "bar" { - t.Fatalf("Expected %#v, got %#v", src, dst) - } -} diff --git a/vendor/github.com/gorilla/sessions/.travis.yml b/vendor/github.com/gorilla/sessions/.travis.yml deleted file mode 100644 index db17dd3..0000000 --- a/vendor/github.com/gorilla/sessions/.travis.yml +++ /dev/null @@ -1,22 +0,0 @@ -language: go -sudo: false - -matrix: - include: - - go: 1.3 - - go: 1.4 - - go: 1.5 - - go: 1.6 - - go: 1.7 - - go: tip - allow_failures: - - go: tip - -install: - - # skip - -script: - - go get -t -v ./... - - diff -u <(echo -n) <(gofmt -d .) - - go vet $(go list ./... | grep -v /vendor/) - - go test -v -race ./... diff --git a/vendor/github.com/gorilla/sessions/LICENSE b/vendor/github.com/gorilla/sessions/LICENSE deleted file mode 100644 index 0e5fb87..0000000 --- a/vendor/github.com/gorilla/sessions/LICENSE +++ /dev/null @@ -1,27 +0,0 @@ -Copyright (c) 2012 Rodrigo Moraes. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - - * Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above -copyright notice, this list of conditions and the following disclaimer -in the documentation and/or other materials provided with the -distribution. - * Neither the name of Google Inc. nor the names of its -contributors may be used to endorse or promote products derived from -this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/vendor/github.com/gorilla/sessions/README.md b/vendor/github.com/gorilla/sessions/README.md deleted file mode 100644 index 65e5e1b..0000000 --- a/vendor/github.com/gorilla/sessions/README.md +++ /dev/null @@ -1,79 +0,0 @@ -sessions -======== -[![GoDoc](https://godoc.org/github.com/gorilla/sessions?status.svg)](https://godoc.org/github.com/gorilla/sessions) [![Build Status](https://travis-ci.org/gorilla/sessions.png?branch=master)](https://travis-ci.org/gorilla/sessions) - -gorilla/sessions provides cookie and filesystem sessions and infrastructure for -custom session backends. - -The key features are: - -* Simple API: use it as an easy way to set signed (and optionally - encrypted) cookies. -* Built-in backends to store sessions in cookies or the filesystem. -* Flash messages: session values that last until read. -* Convenient way to switch session persistency (aka "remember me") and set - other attributes. -* Mechanism to rotate authentication and encryption keys. -* Multiple sessions per request, even using different backends. -* Interfaces and infrastructure for custom session backends: sessions from - different stores can be retrieved and batch-saved using a common API. - -Let's start with an example that shows the sessions API in a nutshell: - -```go - import ( - "net/http" - "github.com/gorilla/sessions" - ) - - var store = sessions.NewCookieStore([]byte("something-very-secret")) - - func MyHandler(w http.ResponseWriter, r *http.Request) { - // Get a session. We're ignoring the error resulted from decoding an - // existing session: Get() always returns a session, even if empty. - session, _ := store.Get(r, "session-name") - // Set some session values. - session.Values["foo"] = "bar" - session.Values[42] = 43 - // Save it before we write to the response/return from the handler. - session.Save(r, w) - } -``` - -First we initialize a session store calling `NewCookieStore()` and passing a -secret key used to authenticate the session. Inside the handler, we call -`store.Get()` to retrieve an existing session or a new one. Then we set some -session values in session.Values, which is a `map[interface{}]interface{}`. -And finally we call `session.Save()` to save the session in the response. - -Important Note: If you aren't using gorilla/mux, you need to wrap your handlers -with -[`context.ClearHandler`](http://www.gorillatoolkit.org/pkg/context#ClearHandler) -as or else you will leak memory! An easy way to do this is to wrap the top-level -mux when calling http.ListenAndServe: - -More examples are available [on the Gorilla -website](http://www.gorillatoolkit.org/pkg/sessions). - -## Store Implementations - -Other implementations of the `sessions.Store` interface: - -* [github.com/starJammer/gorilla-sessions-arangodb](https://github.com/starJammer/gorilla-sessions-arangodb) - ArangoDB -* [github.com/yosssi/boltstore](https://github.com/yosssi/boltstore) - Bolt -* [github.com/srinathgs/couchbasestore](https://github.com/srinathgs/couchbasestore) - Couchbase -* [github.com/denizeren/dynamostore](https://github.com/denizeren/dynamostore) - Dynamodb on AWS -* [github.com/bradleypeabody/gorilla-sessions-memcache](https://github.com/bradleypeabody/gorilla-sessions-memcache) - Memcache -* [github.com/dsoprea/go-appengine-sessioncascade](https://github.com/dsoprea/go-appengine-sessioncascade) - Memcache/Datastore/Context in AppEngine -* [github.com/kidstuff/mongostore](https://github.com/kidstuff/mongostore) - MongoDB -* [github.com/srinathgs/mysqlstore](https://github.com/srinathgs/mysqlstore) - MySQL -* [github.com/antonlindstrom/pgstore](https://github.com/antonlindstrom/pgstore) - PostgreSQL -* [github.com/boj/redistore](https://github.com/boj/redistore) - Redis -* [github.com/boj/rethinkstore](https://github.com/boj/rethinkstore) - RethinkDB -* [github.com/boj/riakstore](https://github.com/boj/riakstore) - Riak -* [github.com/michaeljs1990/sqlitestore](https://github.com/michaeljs1990/sqlitestore) - SQLite -* [github.com/wader/gormstore](https://github.com/wader/gormstore) - GORM (MySQL, PostgreSQL, SQLite) - -## License - -BSD licensed. See the LICENSE file for details. diff --git a/vendor/github.com/gorilla/sessions/doc.go b/vendor/github.com/gorilla/sessions/doc.go deleted file mode 100644 index 668e05e..0000000 --- a/vendor/github.com/gorilla/sessions/doc.go +++ /dev/null @@ -1,199 +0,0 @@ -// Copyright 2012 The Gorilla Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -/* -Package sessions provides cookie and filesystem sessions and -infrastructure for custom session backends. - -The key features are: - - * Simple API: use it as an easy way to set signed (and optionally - encrypted) cookies. - * Built-in backends to store sessions in cookies or the filesystem. - * Flash messages: session values that last until read. - * Convenient way to switch session persistency (aka "remember me") and set - other attributes. - * Mechanism to rotate authentication and encryption keys. - * Multiple sessions per request, even using different backends. - * Interfaces and infrastructure for custom session backends: sessions from - different stores can be retrieved and batch-saved using a common API. - -Let's start with an example that shows the sessions API in a nutshell: - - import ( - "net/http" - "github.com/gorilla/sessions" - ) - - var store = sessions.NewCookieStore([]byte("something-very-secret")) - - func MyHandler(w http.ResponseWriter, r *http.Request) { - // Get a session. We're ignoring the error resulted from decoding an - // existing session: Get() always returns a session, even if empty. - session, err := store.Get(r, "session-name") - if err != nil { - http.Error(w, err.Error(), http.StatusInternalServerError) - return - } - - // Set some session values. - session.Values["foo"] = "bar" - session.Values[42] = 43 - // Save it before we write to the response/return from the handler. - session.Save(r, w) - } - -First we initialize a session store calling NewCookieStore() and passing a -secret key used to authenticate the session. Inside the handler, we call -store.Get() to retrieve an existing session or a new one. Then we set some -session values in session.Values, which is a map[interface{}]interface{}. -And finally we call session.Save() to save the session in the response. - -Note that in production code, we should check for errors when calling -session.Save(r, w), and either display an error message or otherwise handle it. - -Save must be called before writing to the response, otherwise the session -cookie will not be sent to the client. - -Important Note: If you aren't using gorilla/mux, you need to wrap your handlers -with context.ClearHandler as or else you will leak memory! An easy way to do this -is to wrap the top-level mux when calling http.ListenAndServe: - - http.ListenAndServe(":8080", context.ClearHandler(http.DefaultServeMux)) - -The ClearHandler function is provided by the gorilla/context package. - -That's all you need to know for the basic usage. Let's take a look at other -options, starting with flash messages. - -Flash messages are session values that last until read. The term appeared with -Ruby On Rails a few years back. When we request a flash message, it is removed -from the session. To add a flash, call session.AddFlash(), and to get all -flashes, call session.Flashes(). Here is an example: - - func MyHandler(w http.ResponseWriter, r *http.Request) { - // Get a session. - session, err := store.Get(r, "session-name") - if err != nil { - http.Error(w, err.Error(), http.StatusInternalServerError) - return - } - - // Get the previously flashes, if any. - if flashes := session.Flashes(); len(flashes) > 0 { - // Use the flash values. - } else { - // Set a new flash. - session.AddFlash("Hello, flash messages world!") - } - session.Save(r, w) - } - -Flash messages are useful to set information to be read after a redirection, -like after form submissions. - -There may also be cases where you want to store a complex datatype within a -session, such as a struct. Sessions are serialised using the encoding/gob package, -so it is easy to register new datatypes for storage in sessions: - - import( - "encoding/gob" - "github.com/gorilla/sessions" - ) - - type Person struct { - FirstName string - LastName string - Email string - Age int - } - - type M map[string]interface{} - - func init() { - - gob.Register(&Person{}) - gob.Register(&M{}) - } - -As it's not possible to pass a raw type as a parameter to a function, gob.Register() -relies on us passing it a value of the desired type. In the example above we've passed -it a pointer to a struct and a pointer to a custom type representing a -map[string]interface. (We could have passed non-pointer values if we wished.) This will -then allow us to serialise/deserialise values of those types to and from our sessions. - -Note that because session values are stored in a map[string]interface{}, there's -a need to type-assert data when retrieving it. We'll use the Person struct we registered above: - - func MyHandler(w http.ResponseWriter, r *http.Request) { - session, err := store.Get(r, "session-name") - if err != nil { - http.Error(w, err.Error(), http.StatusInternalServerError) - return - } - - // Retrieve our struct and type-assert it - val := session.Values["person"] - var person = &Person{} - if person, ok := val.(*Person); !ok { - // Handle the case that it's not an expected type - } - - // Now we can use our person object - } - -By default, session cookies last for a month. This is probably too long for -some cases, but it is easy to change this and other attributes during -runtime. Sessions can be configured individually or the store can be -configured and then all sessions saved using it will use that configuration. -We access session.Options or store.Options to set a new configuration. The -fields are basically a subset of http.Cookie fields. Let's change the -maximum age of a session to one week: - - session.Options = &sessions.Options{ - Path: "/", - MaxAge: 86400 * 7, - HttpOnly: true, - } - -Sometimes we may want to change authentication and/or encryption keys without -breaking existing sessions. The CookieStore supports key rotation, and to use -it you just need to set multiple authentication and encryption keys, in pairs, -to be tested in order: - - var store = sessions.NewCookieStore( - []byte("new-authentication-key"), - []byte("new-encryption-key"), - []byte("old-authentication-key"), - []byte("old-encryption-key"), - ) - -New sessions will be saved using the first pair. Old sessions can still be -read because the first pair will fail, and the second will be tested. This -makes it easy to "rotate" secret keys and still be able to validate existing -sessions. Note: for all pairs the encryption key is optional; set it to nil -or omit it and and encryption won't be used. - -Multiple sessions can be used in the same request, even with different -session backends. When this happens, calling Save() on each session -individually would be cumbersome, so we have a way to save all sessions -at once: it's sessions.Save(). Here's an example: - - var store = sessions.NewCookieStore([]byte("something-very-secret")) - - func MyHandler(w http.ResponseWriter, r *http.Request) { - // Get a session and set a value. - session1, _ := store.Get(r, "session-one") - session1.Values["foo"] = "bar" - // Get another session and set another value. - session2, _ := store.Get(r, "session-two") - session2.Values[42] = 43 - // Save all sessions. - sessions.Save(r, w) - } - -This is possible because when we call Get() from a session store, it adds the -session to a common registry. Save() uses it to save all registered sessions. -*/ -package sessions diff --git a/vendor/github.com/gorilla/sessions/lex.go b/vendor/github.com/gorilla/sessions/lex.go deleted file mode 100644 index 4bbbe10..0000000 --- a/vendor/github.com/gorilla/sessions/lex.go +++ /dev/null @@ -1,102 +0,0 @@ -// This file contains code adapted from the Go standard library -// https://github.com/golang/go/blob/39ad0fd0789872f9469167be7fe9578625ff246e/src/net/http/lex.go - -package sessions - -import "strings" - -var isTokenTable = [127]bool{ - '!': true, - '#': true, - '$': true, - '%': true, - '&': true, - '\'': true, - '*': true, - '+': true, - '-': true, - '.': true, - '0': true, - '1': true, - '2': true, - '3': true, - '4': true, - '5': true, - '6': true, - '7': true, - '8': true, - '9': true, - 'A': true, - 'B': true, - 'C': true, - 'D': true, - 'E': true, - 'F': true, - 'G': true, - 'H': true, - 'I': true, - 'J': true, - 'K': true, - 'L': true, - 'M': true, - 'N': true, - 'O': true, - 'P': true, - 'Q': true, - 'R': true, - 'S': true, - 'T': true, - 'U': true, - 'W': true, - 'V': true, - 'X': true, - 'Y': true, - 'Z': true, - '^': true, - '_': true, - '`': true, - 'a': true, - 'b': true, - 'c': true, - 'd': true, - 'e': true, - 'f': true, - 'g': true, - 'h': true, - 'i': true, - 'j': true, - 'k': true, - 'l': true, - 'm': true, - 'n': true, - 'o': true, - 'p': true, - 'q': true, - 'r': true, - 's': true, - 't': true, - 'u': true, - 'v': true, - 'w': true, - 'x': true, - 'y': true, - 'z': true, - '|': true, - '~': true, -} - -func isToken(r rune) bool { - i := int(r) - return i < len(isTokenTable) && isTokenTable[i] -} - -func isNotToken(r rune) bool { - return !isToken(r) -} - -func isCookieNameValid(raw string) bool { - if raw == "" { - return false - } - return strings.IndexFunc(raw, isNotToken) < 0 -} diff --git a/vendor/github.com/gorilla/sessions/sessions.go b/vendor/github.com/gorilla/sessions/sessions.go deleted file mode 100644 index fe0d2bc..0000000 --- a/vendor/github.com/gorilla/sessions/sessions.go +++ /dev/null @@ -1,241 +0,0 @@ -// Copyright 2012 The Gorilla Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package sessions - -import ( - "encoding/gob" - "fmt" - "net/http" - "time" - - "github.com/gorilla/context" -) - -// Default flashes key. -const flashesKey = "_flash" - -// Options -------------------------------------------------------------------- - -// Options stores configuration for a session or session store. -// -// Fields are a subset of http.Cookie fields. -type Options struct { - Path string - Domain string - // MaxAge=0 means no 'Max-Age' attribute specified. - // MaxAge<0 means delete cookie now, equivalently 'Max-Age: 0'. - // MaxAge>0 means Max-Age attribute present and given in seconds. - MaxAge int - Secure bool - HttpOnly bool -} - -// Session -------------------------------------------------------------------- - -// NewSession is called by session stores to create a new session instance. -func NewSession(store Store, name string) *Session { - return &Session{ - Values: make(map[interface{}]interface{}), - store: store, - name: name, - } -} - -// Session stores the values and optional configuration for a session. -type Session struct { - // The ID of the session, generated by stores. It should not be used for - // user data. - ID string - // Values contains the user-data for the session. - Values map[interface{}]interface{} - Options *Options - IsNew bool - store Store - name string -} - -// Flashes returns a slice of flash messages from the session. -// -// A single variadic argument is accepted, and it is optional: it defines -// the flash key. If not defined "_flash" is used by default. -func (s *Session) Flashes(vars ...string) []interface{} { - var flashes []interface{} - key := flashesKey - if len(vars) > 0 { - key = vars[0] - } - if v, ok := s.Values[key]; ok { - // Drop the flashes and return it. - delete(s.Values, key) - flashes = v.([]interface{}) - } - return flashes -} - -// AddFlash adds a flash message to the session. -// -// A single variadic argument is accepted, and it is optional: it defines -// the flash key. If not defined "_flash" is used by default. -func (s *Session) AddFlash(value interface{}, vars ...string) { - key := flashesKey - if len(vars) > 0 { - key = vars[0] - } - var flashes []interface{} - if v, ok := s.Values[key]; ok { - flashes = v.([]interface{}) - } - s.Values[key] = append(flashes, value) -} - -// Save is a convenience method to save this session. It is the same as calling -// store.Save(request, response, session). You should call Save before writing to -// the response or returning from the handler. -func (s *Session) Save(r *http.Request, w http.ResponseWriter) error { - return s.store.Save(r, w, s) -} - -// Name returns the name used to register the session. -func (s *Session) Name() string { - return s.name -} - -// Store returns the session store used to register the session. -func (s *Session) Store() Store { - return s.store -} - -// Registry ------------------------------------------------------------------- - -// sessionInfo stores a session tracked by the registry. -type sessionInfo struct { - s *Session - e error -} - -// contextKey is the type used to store the registry in the context. -type contextKey int - -// registryKey is the key used to store the registry in the context. -const registryKey contextKey = 0 - -// GetRegistry returns a registry instance for the current request. -func GetRegistry(r *http.Request) *Registry { - registry := context.Get(r, registryKey) - if registry != nil { - return registry.(*Registry) - } - newRegistry := &Registry{ - request: r, - sessions: make(map[string]sessionInfo), - } - context.Set(r, registryKey, newRegistry) - return newRegistry -} - -// Registry stores sessions used during a request. -type Registry struct { - request *http.Request - sessions map[string]sessionInfo -} - -// Get registers and returns a session for the given name and session store. -// -// It returns a new session if there are no sessions registered for the name. -func (s *Registry) Get(store Store, name string) (session *Session, err error) { - if !isCookieNameValid(name) { - return nil, fmt.Errorf("sessions: invalid character in cookie name: %s", name) - } - if info, ok := s.sessions[name]; ok { - session, err = info.s, info.e - } else { - session, err = store.New(s.request, name) - session.name = name - s.sessions[name] = sessionInfo{s: session, e: err} - } - session.store = store - return -} - -// Save saves all sessions registered for the current request. -func (s *Registry) Save(w http.ResponseWriter) error { - var errMulti MultiError - for name, info := range s.sessions { - session := info.s - if session.store == nil { - errMulti = append(errMulti, fmt.Errorf( - "sessions: missing store for session %q", name)) - } else if err := session.store.Save(s.request, w, session); err != nil { - errMulti = append(errMulti, fmt.Errorf( - "sessions: error saving session %q -- %v", name, err)) - } - } - if errMulti != nil { - return errMulti - } - return nil -} - -// Helpers -------------------------------------------------------------------- - -func init() { - gob.Register([]interface{}{}) -} - -// Save saves all sessions used during the current request. -func Save(r *http.Request, w http.ResponseWriter) error { - return GetRegistry(r).Save(w) -} - -// NewCookie returns an http.Cookie with the options set. It also sets -// the Expires field calculated based on the MaxAge value, for Internet -// Explorer compatibility. -func NewCookie(name, value string, options *Options) *http.Cookie { - cookie := &http.Cookie{ - Name: name, - Value: value, - Path: options.Path, - Domain: options.Domain, - MaxAge: options.MaxAge, - Secure: options.Secure, - HttpOnly: options.HttpOnly, - } - if options.MaxAge > 0 { - d := time.Duration(options.MaxAge) * time.Second - cookie.Expires = time.Now().Add(d) - } else if options.MaxAge < 0 { - // Set it to the past to expire now. - cookie.Expires = time.Unix(1, 0) - } - return cookie -} - -// Error ---------------------------------------------------------------------- - -// MultiError stores multiple errors. -// -// Borrowed from the App Engine SDK. -type MultiError []error - -func (m MultiError) Error() string { - s, n := "", 0 - for _, e := range m { - if e != nil { - if n == 0 { - s = e.Error() - } - n++ - } - } - switch n { - case 0: - return "(0 errors)" - case 1: - return s - case 2: - return s + " (and 1 other error)" - } - return fmt.Sprintf("%s (and %d other errors)", s, n-1) -} diff --git a/vendor/github.com/gorilla/sessions/sessions_test.go b/vendor/github.com/gorilla/sessions/sessions_test.go deleted file mode 100644 index c166b05..0000000 --- a/vendor/github.com/gorilla/sessions/sessions_test.go +++ /dev/null @@ -1,160 +0,0 @@ -// Copyright 2012 The Gorilla Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package sessions - -import ( - "bytes" - "encoding/gob" - "net/http" - "net/http/httptest" - "testing" -) - -// NewRecorder returns an initialized ResponseRecorder. -func NewRecorder() *httptest.ResponseRecorder { - return &httptest.ResponseRecorder{ - HeaderMap: make(http.Header), - Body: new(bytes.Buffer), - } -} - -// DefaultRemoteAddr is the default remote address to return in RemoteAddr if -// an explicit DefaultRemoteAddr isn't set on ResponseRecorder. -const DefaultRemoteAddr = "1.2.3.4" - -// ---------------------------------------------------------------------------- - -type FlashMessage struct { - Type int - Message string -} - -func TestFlashes(t *testing.T) { - var req *http.Request - var rsp *httptest.ResponseRecorder - var hdr http.Header - var err error - var ok bool - var cookies []string - var session *Session - var flashes []interface{} - - store := NewCookieStore([]byte("secret-key")) - - // Round 1 ---------------------------------------------------------------- - - req, _ = http.NewRequest("GET", "http://localhost:8080/", nil) - rsp = NewRecorder() - // Get a session. - if session, err = store.Get(req, "session-key"); err != nil { - t.Fatalf("Error getting session: %v", err) - } - // Get a flash. - flashes = session.Flashes() - if len(flashes) != 0 { - t.Errorf("Expected empty flashes; Got %v", flashes) - } - // Add some flashes. - session.AddFlash("foo") - session.AddFlash("bar") - // Custom key. - session.AddFlash("baz", "custom_key") - // Save. - if err = Save(req, rsp); err != nil { - t.Fatalf("Error saving session: %v", err) - } - hdr = rsp.Header() - cookies, ok = hdr["Set-Cookie"] - if !ok || len(cookies) != 1 { - t.Fatal("No cookies. Header:", hdr) - } - - if _, err = store.Get(req, "session:key"); err.Error() != "sessions: invalid character in cookie name: session:key" { - t.Fatalf("Expected error due to invalid cookie name") - } - - // Round 2 ---------------------------------------------------------------- - - req, _ = http.NewRequest("GET", "http://localhost:8080/", nil) - req.Header.Add("Cookie", cookies[0]) - rsp = NewRecorder() - // Get a session. - if session, err = store.Get(req, "session-key"); err != nil { - t.Fatalf("Error getting session: %v", err) - } - // Check all saved values. - flashes = session.Flashes() - if len(flashes) != 2 { - t.Fatalf("Expected flashes; Got %v", flashes) - } - if flashes[0] != "foo" || flashes[1] != "bar" { - t.Errorf("Expected foo,bar; Got %v", flashes) - } - flashes = session.Flashes() - if len(flashes) != 0 { - t.Errorf("Expected dumped flashes; Got %v", flashes) - } - // Custom key. - flashes = session.Flashes("custom_key") - if len(flashes) != 1 { - t.Errorf("Expected flashes; Got %v", flashes) - } else if flashes[0] != "baz" { - t.Errorf("Expected baz; Got %v", flashes) - } - flashes = session.Flashes("custom_key") - if len(flashes) != 0 { - t.Errorf("Expected dumped flashes; Got %v", flashes) - } - - // Round 3 ---------------------------------------------------------------- - // Custom type - - req, _ = http.NewRequest("GET", "http://localhost:8080/", nil) - rsp = NewRecorder() - // Get a session. - if session, err = store.Get(req, "session-key"); err != nil { - t.Fatalf("Error getting session: %v", err) - } - // Get a flash. - flashes = session.Flashes() - if len(flashes) != 0 { - t.Errorf("Expected empty flashes; Got %v", flashes) - } - // Add some flashes. - session.AddFlash(&FlashMessage{42, "foo"}) - // Save. - if err = Save(req, rsp); err != nil { - t.Fatalf("Error saving session: %v", err) - } - hdr = rsp.Header() - cookies, ok = hdr["Set-Cookie"] - if !ok || len(cookies) != 1 { - t.Fatal("No cookies. Header:", hdr) - } - - // Round 4 ---------------------------------------------------------------- - // Custom type - - req, _ = http.NewRequest("GET", "http://localhost:8080/", nil) - req.Header.Add("Cookie", cookies[0]) - rsp = NewRecorder() - // Get a session. - if session, err = store.Get(req, "session-key"); err != nil { - t.Fatalf("Error getting session: %v", err) - } - // Check all saved values. - flashes = session.Flashes() - if len(flashes) != 1 { - t.Fatalf("Expected flashes; Got %v", flashes) - } - custom := flashes[0].(FlashMessage) - if custom.Type != 42 || custom.Message != "foo" { - t.Errorf("Expected %#v, got %#v", FlashMessage{42, "foo"}, custom) - } -} - -func init() { - gob.Register(FlashMessage{}) -} diff --git a/vendor/github.com/gorilla/sessions/store.go b/vendor/github.com/gorilla/sessions/store.go deleted file mode 100644 index 4ff6b6c..0000000 --- a/vendor/github.com/gorilla/sessions/store.go +++ /dev/null @@ -1,295 +0,0 @@ -// Copyright 2012 The Gorilla Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package sessions - -import ( - "encoding/base32" - "io/ioutil" - "net/http" - "os" - "path/filepath" - "strings" - "sync" - - "github.com/gorilla/securecookie" -) - -// Store is an interface for custom session stores. -// -// See CookieStore and FilesystemStore for examples. -type Store interface { - // Get should return a cached session. - Get(r *http.Request, name string) (*Session, error) - - // New should create and return a new session. - // - // Note that New should never return a nil session, even in the case of - // an error if using the Registry infrastructure to cache the session. - New(r *http.Request, name string) (*Session, error) - - // Save should persist session to the underlying store implementation. - Save(r *http.Request, w http.ResponseWriter, s *Session) error -} - -// CookieStore ---------------------------------------------------------------- - -// NewCookieStore returns a new CookieStore. -// -// Keys are defined in pairs to allow key rotation, but the common case is -// to set a single authentication key and optionally an encryption key. -// -// The first key in a pair is used for authentication and the second for -// encryption. The encryption key can be set to nil or omitted in the last -// pair, but the authentication key is required in all pairs. -// -// It is recommended to use an authentication key with 32 or 64 bytes. -// The encryption key, if set, must be either 16, 24, or 32 bytes to select -// AES-128, AES-192, or AES-256 modes. -// -// Use the convenience function securecookie.GenerateRandomKey() to create -// strong keys. -func NewCookieStore(keyPairs ...[]byte) *CookieStore { - cs := &CookieStore{ - Codecs: securecookie.CodecsFromPairs(keyPairs...), - Options: &Options{ - Path: "/", - MaxAge: 86400 * 30, - }, - } - - cs.MaxAge(cs.Options.MaxAge) - return cs -} - -// CookieStore stores sessions using secure cookies. -type CookieStore struct { - Codecs []securecookie.Codec - Options *Options // default configuration -} - -// Get returns a session for the given name after adding it to the registry. -// -// It returns a new session if the sessions doesn't exist. Access IsNew on -// the session to check if it is an existing session or a new one. -// -// It returns a new session and an error if the session exists but could -// not be decoded. -func (s *CookieStore) Get(r *http.Request, name string) (*Session, error) { - return GetRegistry(r).Get(s, name) -} - -// New returns a session for the given name without adding it to the registry. -// -// The difference between New() and Get() is that calling New() twice will -// decode the session data twice, while Get() registers and reuses the same -// decoded session after the first call. -func (s *CookieStore) New(r *http.Request, name string) (*Session, error) { - session := NewSession(s, name) - opts := *s.Options - session.Options = &opts - session.IsNew = true - var err error - if c, errCookie := r.Cookie(name); errCookie == nil { - err = securecookie.DecodeMulti(name, c.Value, &session.Values, - s.Codecs...) - if err == nil { - session.IsNew = false - } - } - return session, err -} - -// Save adds a single session to the response. -func (s *CookieStore) Save(r *http.Request, w http.ResponseWriter, - session *Session) error { - encoded, err := securecookie.EncodeMulti(session.Name(), session.Values, - s.Codecs...) - if err != nil { - return err - } - http.SetCookie(w, NewCookie(session.Name(), encoded, session.Options)) - return nil -} - -// MaxAge sets the maximum age for the store and the underlying cookie -// implementation. Individual sessions can be deleted by setting Options.MaxAge -// = -1 for that session. -func (s *CookieStore) MaxAge(age int) { - s.Options.MaxAge = age - - // Set the maxAge for each securecookie instance. - for _, codec := range s.Codecs { - if sc, ok := codec.(*securecookie.SecureCookie); ok { - sc.MaxAge(age) - } - } -} - -// FilesystemStore ------------------------------------------------------------ - -var fileMutex sync.RWMutex - -// NewFilesystemStore returns a new FilesystemStore. -// -// The path argument is the directory where sessions will be saved. If empty -// it will use os.TempDir(). -// -// See NewCookieStore() for a description of the other parameters. -func NewFilesystemStore(path string, keyPairs ...[]byte) *FilesystemStore { - if path == "" { - path = os.TempDir() - } - fs := &FilesystemStore{ - Codecs: securecookie.CodecsFromPairs(keyPairs...), - Options: &Options{ - Path: "/", - MaxAge: 86400 * 30, - }, - path: path, - } - - fs.MaxAge(fs.Options.MaxAge) - return fs -} - -// FilesystemStore stores sessions in the filesystem. -// -// It also serves as a reference for custom stores. -// -// This store is still experimental and not well tested. Feedback is welcome. -type FilesystemStore struct { - Codecs []securecookie.Codec - Options *Options // default configuration - path string -} - -// MaxLength restricts the maximum length of new sessions to l. -// If l is 0 there is no limit to the size of a session, use with caution. -// The default for a new FilesystemStore is 4096. -func (s *FilesystemStore) MaxLength(l int) { - for _, c := range s.Codecs { - if codec, ok := c.(*securecookie.SecureCookie); ok { - codec.MaxLength(l) - } - } -} - -// Get returns a session for the given name after adding it to the registry. -// -// See CookieStore.Get(). -func (s *FilesystemStore) Get(r *http.Request, name string) (*Session, error) { - return GetRegistry(r).Get(s, name) -} - -// New returns a session for the given name without adding it to the registry. -// -// See CookieStore.New(). -func (s *FilesystemStore) New(r *http.Request, name string) (*Session, error) { - session := NewSession(s, name) - opts := *s.Options - session.Options = &opts - session.IsNew = true - var err error - if c, errCookie := r.Cookie(name); errCookie == nil { - err = securecookie.DecodeMulti(name, c.Value, &session.ID, s.Codecs...) - if err == nil { - err = s.load(session) - if err == nil { - session.IsNew = false - } - } - } - return session, err -} - -// Save adds a single session to the response. -// -// If the Options.MaxAge of the session is <= 0 then the session file will be -// deleted from the store path. With this process it enforces the properly -// session cookie handling so no need to trust in the cookie management in the -// web browser. -func (s *FilesystemStore) Save(r *http.Request, w http.ResponseWriter, - session *Session) error { - // Delete if max-age is <= 0 - if session.Options.MaxAge <= 0 { - if err := s.erase(session); err != nil { - return err - } - http.SetCookie(w, NewCookie(session.Name(), "", session.Options)) - return nil - } - - if session.ID == "" { - // Because the ID is used in the filename, encode it to - // use alphanumeric characters only. - session.ID = strings.TrimRight( - base32.StdEncoding.EncodeToString( - securecookie.GenerateRandomKey(32)), "=") - } - if err := s.save(session); err != nil { - return err - } - encoded, err := securecookie.EncodeMulti(session.Name(), session.ID, - s.Codecs...) - if err != nil { - return err - } - http.SetCookie(w, NewCookie(session.Name(), encoded, session.Options)) - return nil -} - -// MaxAge sets the maximum age for the store and the underlying cookie -// implementation. Individual sessions can be deleted by setting Options.MaxAge -// = -1 for that session. -func (s *FilesystemStore) MaxAge(age int) { - s.Options.MaxAge = age - - // Set the maxAge for each securecookie instance. - for _, codec := range s.Codecs { - if sc, ok := codec.(*securecookie.SecureCookie); ok { - sc.MaxAge(age) - } - } -} - -// save writes encoded session.Values to a file. -func (s *FilesystemStore) save(session *Session) error { - encoded, err := securecookie.EncodeMulti(session.Name(), session.Values, - s.Codecs...) - if err != nil { - return err - } - filename := filepath.Join(s.path, "session_"+session.ID) - fileMutex.Lock() - defer fileMutex.Unlock() - return ioutil.WriteFile(filename, []byte(encoded), 0600) -} - -// load reads a file and decodes its content into session.Values. -func (s *FilesystemStore) load(session *Session) error { - filename := filepath.Join(s.path, "session_"+session.ID) - fileMutex.RLock() - defer fileMutex.RUnlock() - fdata, err := ioutil.ReadFile(filename) - if err != nil { - return err - } - if err = securecookie.DecodeMulti(session.Name(), string(fdata), - &session.Values, s.Codecs...); err != nil { - return err - } - return nil -} - -// delete session file -func (s *FilesystemStore) erase(session *Session) error { - filename := filepath.Join(s.path, "session_"+session.ID) - - fileMutex.RLock() - defer fileMutex.RUnlock() - - err := os.Remove(filename) - return err -} diff --git a/vendor/github.com/gorilla/sessions/store_test.go b/vendor/github.com/gorilla/sessions/store_test.go deleted file mode 100644 index bfc53fa..0000000 --- a/vendor/github.com/gorilla/sessions/store_test.go +++ /dev/null @@ -1,125 +0,0 @@ -package sessions - -import ( - "encoding/base64" - "net/http" - "net/http/httptest" - "testing" -) - -// Test for GH-8 for CookieStore -func TestGH8CookieStore(t *testing.T) { - originalPath := "/" - store := NewCookieStore() - store.Options.Path = originalPath - req, err := http.NewRequest("GET", "http://www.example.com", nil) - if err != nil { - t.Fatal("failed to create request", err) - } - - session, err := store.New(req, "hello") - if err != nil { - t.Fatal("failed to create session", err) - } - - store.Options.Path = "/foo" - if session.Options.Path != originalPath { - t.Fatalf("bad session path: got %q, want %q", session.Options.Path, originalPath) - } -} - -// Test for GH-8 for FilesystemStore -func TestGH8FilesystemStore(t *testing.T) { - originalPath := "/" - store := NewFilesystemStore("") - store.Options.Path = originalPath - req, err := http.NewRequest("GET", "http://www.example.com", nil) - if err != nil { - t.Fatal("failed to create request", err) - } - - session, err := store.New(req, "hello") - if err != nil { - t.Fatal("failed to create session", err) - } - - store.Options.Path = "/foo" - if session.Options.Path != originalPath { - t.Fatalf("bad session path: got %q, want %q", session.Options.Path, originalPath) - } -} - -// Test for GH-2. -func TestGH2MaxLength(t *testing.T) { - store := NewFilesystemStore("", []byte("some key")) - req, err := http.NewRequest("GET", "http://www.example.com", nil) - if err != nil { - t.Fatal("failed to create request", err) - } - w := httptest.NewRecorder() - - session, err := store.New(req, "my session") - session.Values["big"] = make([]byte, base64.StdEncoding.DecodedLen(4096*2)) - err = session.Save(req, w) - if err == nil { - t.Fatal("expected an error, got nil") - } - - store.MaxLength(4096 * 3) // A bit more than the value size to account for encoding overhead. - err = session.Save(req, w) - if err != nil { - t.Fatal("failed to Save:", err) - } -} - -// Test delete filesystem store with max-age: -1 -func TestGH8FilesystemStoreDelete(t *testing.T) { - store := NewFilesystemStore("", []byte("some key")) - req, err := http.NewRequest("GET", "http://www.example.com", nil) - if err != nil { - t.Fatal("failed to create request", err) - } - w := httptest.NewRecorder() - - session, err := store.New(req, "hello") - if err != nil { - t.Fatal("failed to create session", err) - } - - err = session.Save(req, w) - if err != nil { - t.Fatal("failed to save session", err) - } - - session.Options.MaxAge = -1 - err = session.Save(req, w) - if err != nil { - t.Fatal("failed to delete session", err) - } -} - -// Test delete filesystem store with max-age: 0 -func TestGH8FilesystemStoreDelete2(t *testing.T) { - store := NewFilesystemStore("", []byte("some key")) - req, err := http.NewRequest("GET", "http://www.example.com", nil) - if err != nil { - t.Fatal("failed to create request", err) - } - w := httptest.NewRecorder() - - session, err := store.New(req, "hello") - if err != nil { - t.Fatal("failed to create session", err) - } - - err = session.Save(req, w) - if err != nil { - t.Fatal("failed to save session", err) - } - - session.Options.MaxAge = 0 - err = session.Save(req, w) - if err != nil { - t.Fatal("failed to delete session", err) - } -}