| Age | Commit message (Collapse) | Author |
|---|
|
== cmd/httpdfs
🌱 Add option to set base path and shutdown idle duration
The -base-path option set the URL prefix for serving HTTP request.
The -shutdown-idle option set the duration when server will stop
accepting new connections and shutting down.
== lib/dns
🪵 lib/dns: refactoring DoT and DoH to use address instead of port
Using port makes the IP address of DNS-over-TLS (DoT) and DNS-over-HTTPS
(DoH) listen on the same address with UDP. If we set ListenAddress to
0.0.0.0 and TLS termination is handled by proxy, this cause DoT and DoH
will also listen on all addresses (the ports open to public).
== lib/http
🌱 Add BasePath to the ServerOptions
The BasePath allow server to serve HTTP from custom prefix, other than
"/".
Each request that server received will remove the BasePath first from
the [http.Request.URL.Path] before passing to the handler. Each redirect
that server sent will add the BasePath as the prefix to redirect URL.
Any trailing slash in the BasePath will be removed.
🌱 Implement server auto shutdown when idle
In the ServerOptions, we add option ShutdownIdleDuration when set to
non-zero value it will start a timer. When the timer expired, the server
will stop accepting new connection and then shutting down.
This allow de-activating HTTP server when no connections received after
specific duration to reduce the system resources.
🌼 lib/http: fix possible data race in SSE connection
When server’s handler call Write or WriteRaw, there is possibility that
the worker for keeping the connection alive also call Write at the same
time, which cause the data race.
== lib/paseto
🪵 Move paseto v2 under sub directory "v2"
There are new versions of paseto standard: version 3 and version 4. To
minimize conflicts in the future, we move the old implementation of
paseto v2 to sub directory "v2" with package name "pasetov2".
🌱 lib/paseto/v4: new package that implements Paseto version 4
paseto/v4 provides a simple, ready to use, opinionated implementation of
Platform-Agnostic SEcurity TOkens (PASETO) version 4 as defined in
[paseto-v4].
[paseto-v4]: https://github.com/paseto-standard/paseto-spec/blob/master/docs/01-Protocol-Versions/Version4.md
== 🌱 lib/uuidv7
New package that implements UUID version 7.
The uuidv7 package provides type UUIDv7 as the container for UUID
version 7 that satisfy the [database/sql], [encoding/gob], and
[encoding/json].
The implementation follow RFC 9562.
|
|
There is an issue with current SSH client implementation.
Given a single host public key in the known_hosts file,
host ssh-ed25519 key...
Calling ssh.Dial(`tcp`, "host", ...) will return an error
knownhosts: key mismatch
from [handshakeTransport.enterKeyExchange], because only key
"mlkem768x25519-sha256" is checked on the client side.
This changes add DB interface for knownhosts that have two methods:
- HostKeyAlgorithms: return the host key that matches in known_hosts
based on the "host" name or address for
[ssh.ClientConfig.HostKeyAlgorithms].
- HostKeyCallback: return the ssh.HostKeyCallback for
[ssh.ClientConfig.HostKeyCallback].
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Now that Go has type parameter, we can use it to use the same function
that accept different types for working with slice of int, int64.
|
|
We will needs slices and maps packages that are available since Go 1.23.
|
|
Instead of depends on fork of crypto with CL that needs [proposal],
implement them in here so we can update crypto to the latest release.
[proposal]: https://go-review.googlesource.com/c/crypto/+/552435
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This changes require the fork of our golang.org/x/crypto.
|
|
|
|
|
|
|
|
|
|
Using replace directive does not works well if we install binary using
"go install".
One of the case that we found is when user installing awwan [1] that use
"share" module [2] with replace directive, the binary is not build with
git.sr.ht/~shulhan/go-x-crypto.
/Users/xxx/go/bin/awwan: go1.21.0
path git.sr.ht/~shulhan/awwan/cmd/awwan
mod git.sr.ht/~shulhan/awwan v0.7.1-0.20230925173020-40b9fe9b854c h1:629djcSfqM8ITX+CtgGyrybPnKQPpwJ/EceN967bKps=
dep git.sr.ht/~shulhan/asciidoctor-go v0.5.0 h1:TfcAjv+7EwBZ83ef8OhX9vfQ4vRFcaJh0P1XXgbsJv0=
dep git.sr.ht/~shulhan/ciigo v0.10.0 h1:s1SJ3/NzBcbOLmEZ4z1Cx9Vf7ZdDIvm45b7KMCZKzEY=
dep github.com/evanw/esbuild v0.19.3 h1:foPr0xwQM3lBWKBtscauTN9FrmJzRDVI2+EGOs82H/I=
dep github.com/shuLhan/share v0.49.2-0.20230923081600-77c41ce992e6 h1:REQDC2UKLaWT1WGd/Iw/rfKLkXb7vtKtyObkeZeHZRk=
dep github.com/yuin/goldmark v1.5.6 h1:COmQAWTCcGetChm3Ig7G/t8AFAN00t+o8Mt4cf7JpwA=
dep github.com/yuin/goldmark-meta v1.1.0 h1:pWw+JLHGZe8Rk0EGsMVssiNb/AaPMHfSRszZeUeiOUc=
dep golang.org/x/crypto v0.13.0 h1:mvySKfSWJ+UKUii46M40LOvyWfN0s2U+46/jDd0e6Ck=
dep golang.org/x/net v0.15.0 h1:ugBLEUaxABaB5AJqW9enI0ACdci2RUd4eP51NTBvuJ8=
dep golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o=
dep golang.org/x/term v0.12.0 h1:/ZfYdc3zq+q02Rv9vGqTeSItdzZTSNDmfTi0mBAuidU=
dep gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
build -buildmode=exe
build -compiler=gc
build DefaultGODEBUG=panicnil=1
build CGO_ENABLED=1
build CGO_CFLAGS=
build CGO_CPPFLAGS=
build CGO_CXXFLAGS=
build CGO_LDFLAGS=
build GOARCH=arm64
build GOOS=darwin
This changes require use to modify lib/cryto and lib/ssh that depends
on our patches.
[1] https://git.sr.ht/~shulhan/awwan
[2] https://github.com/shuLhan/share/commit/77c41ce992e6
|
|
This changes require update on go-x-crypto package, because the Is
method has not been merged upstream yet.
|
|
|
|
Previously, the ssh Client always use InsecureIgnoreHostKey in
HostKeyCallback.
This may post security issue, like man-in-the-middle attack, since we
did not check the server host key with one of key that known by client
from UserKnownHostFile (for example ~/.ssh/known_hosts).
This changes use the SSH section UserKnownHostFile from configuration
(default to ~/.ssh/known_hosts) to check if the server host key is
valid.
The NewClientInteractive will return an error, "key is unknown", if host
key not exist in UserKnownHostFile or "key is mismatch" if host key
not match with one registered in UserKnownHostFile.
This changes depends on patch of golang.org/x/crypto [1] that has not
reviewed yet, so we need to replace it with one that contains the patch.
[1] https://go-review.googlesource.com/c/crypto/+/523555
|
|
|
|
|
|
|
|
|
|
This clean up the other dependencies that we still recorded in go.sum.
|
|
This update use "go get all" which resolve to semver for each
dependencies.
|
|
|
|
|
|
|
|
While at it, update all dependencies.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
