Commit Graph

318 Commits

Author SHA1 Message Date
Corey Daley 705b04d977
Update LICENSE
Signed-off-by: Corey Daley <cdaley@redhat.com>
2023-11-05 16:55:18 -05:00
Corey Daley ac0789be11
update GitHub workflows (#857)
<!--
For Work In Progress Pull Requests, please use the Draft PR feature,
see https://github.blog/2019-02-14-introducing-draft-pull-requests/ for
further details.

     For a timely review/response, please avoid force-pushing additional
     commits if your PR already received reviews or comments.

     Before submitting a Pull Request, please ensure that you have:
- 📖 Read the Contributing guide:
https://github.com/gorilla/.github/blob/main/CONTRIBUTING.md
- 📖 Read the Code of Conduct:
https://github.com/gorilla/.github/blob/main/CODE_OF_CONDUCT.md

     - Provide tests for your changes.
     - Use descriptive commit messages.
	 - Comment your code where appropriate.
	 - Squash your commits
     - Update any related documentation.

     - Add gorilla/pull-request-reviewers as a Reviewer
-->

## What type of PR is this? (check all applicable)

- [x] Refactor
- [ ] Feature
- [ ] Bug Fix
- [ ] Optimization
- [ ] Documentation Update
- [ ] Go Version Update
- [ ] Dependency Update

## Description

## Related Tickets & Documents

<!--
For pull requests that relate or close an issue, please include them
below. We like to follow [Github's guidance on linking issues to pull
requests](https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue).

For example having the text: "closes #1234" would connect the current
pull
request to issue 1234.  And when we merge the pull request, Github will
automatically close the issue.
-->

- Related Issue #
- Closes #

## Added/updated tests?

- [ ] Yes
- [ ] No, and this is why: _please replace this line with details on why
tests
      have not been included_
- [ ] I need help with writing tests

## Run verifications and test

- [x] `make verify` is passing
- [x] `make test` is passing
2023-10-18 17:57:41 +05:30
Corey Daley 78c34874c8
update golang.org/x/net (#856)
<!--
For Work In Progress Pull Requests, please use the Draft PR feature,
see https://github.blog/2019-02-14-introducing-draft-pull-requests/ for
further details.

     For a timely review/response, please avoid force-pushing additional
     commits if your PR already received reviews or comments.

     Before submitting a Pull Request, please ensure that you have:
- 📖 Read the Contributing guide:
https://github.com/gorilla/.github/blob/main/CONTRIBUTING.md
- 📖 Read the Code of Conduct:
https://github.com/gorilla/.github/blob/main/CODE_OF_CONDUCT.md

     - Provide tests for your changes.
     - Use descriptive commit messages.
	 - Comment your code where appropriate.
	 - Squash your commits
     - Update any related documentation.

     - Add gorilla/pull-request-reviewers as a Reviewer
-->

## What type of PR is this? (check all applicable)

- [ ] Refactor
- [ ] Feature
- [ ] Bug Fix
- [ ] Optimization
- [ ] Documentation Update
- [ ] Go Version Update
- [x] Dependency Update

## Description

## Related Tickets & Documents

<!--
For pull requests that relate or close an issue, please include them
below. We like to follow [Github's guidance on linking issues to pull
requests](https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue).

For example having the text: "closes #1234" would connect the current
pull
request to issue 1234.  And when we merge the pull request, Github will
automatically close the issue.
-->

- Related Issue #
- Closes #

## Added/updated tests?

- [ ] Yes
- [ ] No, and this is why: _please replace this line with details on why
tests
      have not been included_
- [ ] I need help with writing tests

## Run verifications and test

- [ ] `make verify` is passing
- [ ] `make test` is passing
2023-10-17 19:57:41 -04:00
Corey Daley 666c197fc9
Update go version & add verification/testing tools (#840)
Fixes #

**Summary of Changes**

1.
2. 
3.

> PS: Make sure your PR includes/updates tests! If you need help with
this part, just ask!
2023-08-27 01:31:45 +05:30
LiuYang 80393295c1
Correct way to save memory using write buffer pool and freeing net.http default buffers (#761)
**Summary of Changes**

1. Add an example that uses the write buffer pool

The loop process of the websocket connection is inner the http handler
at existing examples, This usage will cause the 8k buffer(4k read buffer
+ 4k write buffer) allocated by net.http can't be GC(Observed by heap
profiling, see picture below) . The purpose of saving memory is not
achieved even if the WriteBufferPool is used.

In example bufferpool, server process websocket connection in a new
goroutine, and the goroutine created by the net.http will exit, then the
8k buffer will be GC.


![heap](https://user-images.githubusercontent.com/12793501/148676918-872d1a6d-ce10-4146-ba01-7de114db09f5.png)

Co-authored-by: hakunaliu <hakunaliu@tencent.com>
Co-authored-by: Corey Daley <cdaley@redhat.com>
2023-08-17 11:25:09 -04:00
Corey Daley 8983b96324
Merge pull request #839 from gorilla/coreydaley-patch-1
Update README.md
2023-07-15 16:04:06 -04:00
Corey Daley 931041c5ee
Update README.md
Signed-off-by: Corey Daley <cdaley@redhat.com>
2023-07-15 10:54:14 -04:00
Matt Silverlock 76ecc29eff
archive mode 2022-12-09 11:03:16 -05:00
Ye Sijun af47554f34 check error before GotConn for trace
Signed-off-by: Ye Sijun <junnplus@gmail.com>
2022-07-12 08:37:30 -07:00
Chan Kang bc7ce893c3
Check for and report bad protocol in TLSClientConfig.NextProtos (#788)
* return an error when Dialer.TLSClientConfig.NextProtos contains a protocol that is not http/1.1

* include the likely cause of the error in the error message

* check for nil-ness of Dialer.TLSClientConfig before attempting to run the check

* addressing the review

* move the NextProtos test into a separate file so that it can be run conditionally on go versions >= 1.14

* moving the new error check into existing http response error block to reduce the possibility of false positives

* wrapping the error in %w

* using %v instead of %w for compatibility with older versions of go

* Revert "using %v instead of %w for compatibility with older versions of go"

This reverts commit d34dd940ee.

* move the unit test back into the existing test code since golang build constraint is no longer necessary

Co-authored-by: Chan Kang <chankang@chankang17@gmail.com>
2022-06-21 10:54:14 -07:00
Chan Kang 27d91a9be5 drop the versions of go that are no longer supported + add 1.18 to ci 2022-06-20 16:42:42 -07:00
JWSong 78cf1bc733
Changed the method name UnderlyingConn to NetConn to align the methods names with Go 1.18 standard library (#773) 2022-04-17 06:01:17 -07:00
Yuki Hirasawa 69d0eb9187
Add check for Sec-WebSocket-Key header (#752)
* add Sec-WebSocket-Key header verification

* add testcase to Sec-WebSocket-Key header verification
2022-02-15 17:15:20 -08:00
Lluis Campos 9111bb834a
Dialer: add optional method NetDialTLSContext (#746)
Fixes issue: https://github.com/gorilla/websocket/issues/745

With the previous interface, NetDial and NetDialContext were used for
both TLS and non-TLS TCP connections, and afterwards TLSClientConfig was
used to do the TLS handshake.

While this API works for most cases, it prevents from using more advance
authentication methods during the TLS handshake, as this is out of the
control of the user.

This commits introduces another a new dial method, NetDialTLSContext,
which is used when dialing for TLS/TCP. The code then assumes that the
handshake is done there and TLSClientConfig is not used.

This API change is fully backwards compatible and it better aligns with
net/http.Transport API, which has these two dial flavors. See:
https://pkg.go.dev/net/http#Transport

Signed-off-by: Lluis Campos <lluis.campos@northern.tech>
2022-01-03 17:59:52 -08:00
Gary Burd 2f25f7843d
Update README (#757)
- Note that a new maintainer is needed.
- Remove comparison with x/net/websocket. There's no need to describe
  the issues with that package now that the package's documentation
  points people here and elsewhere.
2022-01-03 17:49:10 -08:00
Gary Burd 4fad403619
Remove support for Go 1.8 2022-01-02 15:53:55 -08:00
Gary Burd f0643a3a18
Improve protocol error messages
To aid protocol error debugging, report all errors found in the first two bytes of a message header.
2022-01-02 12:16:08 -08:00
Gary Burd 2d6ee4c55c
Update autobahn example
- Update instructions to use docker.
- Cleanup config file.
2022-01-02 11:21:21 -08:00
Alexander Emelin beca1d3940
Fix broadcast benchmarks (#542)
* do not use cached PreparedMessage in broadcast benchmarks

* pick better name for benchmark method
2022-01-02 07:35:34 -08:00
Gary Burd bcef8431c9
Use context.Context in TLS handshake (#751)
Continued work on #730.
2022-01-01 08:43:22 -08:00
Rn 2c89656910
Modify http Method String Literal to Variable (#728) 2021-12-19 11:21:45 -05:00
Gary Burd 1905f7e442
Update source to match output from gofmt 1.17 2021-12-17 22:48:51 -05:00
Gary Burd b4b5d887ad
Document the allowed concurrency on Upgrader and Dialer (#636)
* Document allowed concurrency on Dialer.
* Document allowed concurrency on Upgrader.
2021-12-16 11:07:50 -08:00
hellflame e8629af678
improve echo example (#671) 2021-04-24 09:20:22 -07:00
Matt Silverlock c3dd95aea9
build: use build matrix; drop Go <= 1.10 (#629) 2020-09-12 12:32:13 -07:00
Matt Silverlock 78ab81e242
docs: clarify that sub protocols are not set via responseHeader arg. 2020-08-22 14:03:32 -07:00
Ran Benita 873e67e4d5
Fix how the client checks for presence of Upgrade: websocket, Connection: upgrade (#604)
The values of the `Upgrade` and `Connection` response headers can
contain multiple tokens, for example

    Connection: upgrade, keep-alive

The WebSocket RFC describes the checking of these as follows:

   2.  If the response lacks an |Upgrade| header field or the |Upgrade|
       header field contains a value that is not an ASCII case-
       insensitive match for the value "websocket", the client MUST
       _Fail the WebSocket Connection_.

   3.  If the response lacks a |Connection| header field or the
       |Connection| header field doesn't contain a token that is an
       ASCII case-insensitive match for the value "Upgrade", the client
       MUST _Fail the WebSocket Connection_.

It is careful to note "contains a value", "contains a token".

Previously, the client would reject with "bad handshake" if the header
doesn't contain exactly the value it looks for.

Change the checks to use `tokenListContainsValue` instead, which is
incidentally what the server is already doing for similar checks.
2020-08-20 06:43:18 -07:00
Matt Silverlock b65e62901f
build: clean up go.sum (#584) 2020-03-19 10:50:51 -07:00
Jon Gillham 8c288dca3e
docs: Fix typo. (#568) 2020-03-19 10:45:00 -07:00
Maxim Fominykh d11356942f
Duration order consistency when multiplying number by time unit (#570) 2020-03-19 07:01:23 -07:00
Sry Back I 81cef7da56
echo example: handle received messages as text, not HTML (#563) 2020-03-19 06:53:02 -07:00
ferhat elmas 015e196e21
Use empty struct to protect writing (#566)
Using empty struct for signaling is more idiomatic
compared to booleans because users might wonder
what happens on false or true. Empty struct removes
this problem.

There is also a side benefit of occupying less memory
but it should be negligible in this case.
2020-03-19 06:52:00 -07:00
Rubi e90f6db575
input autofocus (#564) 2020-03-19 06:50:48 -07:00
John Johnson III 0a093fcde5
Fix a couple of small typo's (#567)
Fixes a couple of small typo's in the example test docs.
2020-03-19 06:49:51 -07:00
Dave Baker ed9368d0b7
typo (#583) 2020-03-19 06:46:44 -07:00
prophecy 836e821143
Changed the link of API references to pkg.go.dev (#577) 2020-03-19 06:46:16 -07:00
Matt Silverlock c3e18be99d
Create release-drafter.yml (#538) 2019-08-24 18:20:11 -07:00
Matt Silverlock 5b740c2926
Read Limit Fix (#537)
This fix addresses a potential denial-of-service (DoS) vector that can cause an integer overflow in the presence of malicious WebSocket frames.

The fix adds additional checks against the remaining bytes on a connection, as well as a test to prevent regression.

Credit to Max Justicz (https://justi.cz/) for discovering and reporting this, as well as providing a robust PoC and review.

* build: go.mod to go1.12
* bugfix: fix DoS vector caused by readLimit bypass
* test: update TestReadLimit sub-test
* bugfix: payload length 127 should read bytes as uint64
* bugfix: defend against readLength overflows
2019-08-24 18:17:28 -07:00
xiaobogaga 7e9819d926 fix typos (#532) 2019-08-23 06:05:46 -07:00
Matt Silverlock ae1634f6a9
Create CircleCI config.yml (#519)
* Create config.yml
* Delete .travis.yml
* Added CircleCI badge to README
* Add golint; run on latest only
2019-06-29 11:55:28 -07:00
Jürgen Etzlstorfer 80c2d40e9b fix autobahn test suite link (#503) 2019-04-26 23:03:06 -05:00
Tariq Ibrahim 6a67f44b69 remove redundant err!=nil check in conn.go Close method (#505) 2019-04-26 23:02:11 -05:00
Gary Burd 0ec3d1bd7f
Fix typo 2019-03-05 16:42:57 -08:00
Steven Scott 856ca61301 Add buffer commentary 2019-03-05 16:15:07 -08:00
Saddam H 7c8e298727 Add support for go-module 2019-02-04 16:44:14 -08:00
Steven Scott 8ab6030ad9 Add JoinMessages
Fixes #441.

Issue #441 specified a message separator. This PR has a message terminator. A message terminator can be read immediately following a message. A message separator cannot be read until the start of the next message. The message terminator is more useful when the reader is scanning to the terminator before performing some action.
2019-02-04 16:42:47 -08:00
Ankur Gupta 95ba29eb98 Updated autobahn test suite URL
Fixes #436
2018-12-05 23:02:39 -08:00
kanozec 483fb8d7c3 Add "in bytes" to sizes in documentation 2018-10-30 07:45:53 -07:00
Jeff R. Allen 76e4896901 Fix formatting problem in the docs. (#435)
Sorry for the dumbest PR ever, but this tiny addition of a period changes the formatting of this sentence from a header to a regular paragraph in godoc.
2018-10-11 19:01:31 -07:00
Steven Scott a51a35ae32 Improve header parsing code
Because the net/http server removes \r\n from multi-line header values,
there's no need to to check for \r or \n when skipping whitespace in
headers (see https://godoc.org/net/textproto#Reader.ReadMIMEHeader).
Given this fact, the whitespace test can be simplified to b == ' ' || b
== '\t'.  There's no need for the isSpaceOctet bit field in octetTypes.

The isTokenOctet bit field is the only bit field remaining after the
removal of isSpaceOctet.  Simplify the code by replacing the
isTokenOctet bit test in octetTypes with an array of booleans called
isTokenOctet.

Declare isTokenOctet as a composite literal instead of constructing it
at runtime.

Add documentation to core functions for parsing HTTP headers.
2018-10-06 11:35:33 -04:00