From 562060841891249173c5f155de5b473a0797d8eb Mon Sep 17 00:00:00 2001 From: astaxie Date: Sun, 21 Jul 2019 22:58:28 +0800 Subject: [PATCH 01/16] Update README.md --- README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/README.md b/README.md index 5063645c..aa5d8e19 100644 --- a/README.md +++ b/README.md @@ -4,8 +4,6 @@ beego is used for rapid development of RESTful APIs, web apps and backend services in Go. It is inspired by Tornado, Sinatra and Flask. beego has some Go-specific features such as interfaces and struct embedding. - Response time ranking: [web-frameworks](https://github.com/the-benchmarker/web-frameworks). - ###### More info at [beego.me](http://beego.me). ## Quick Start From 4348356d0aadd86f5f9c570d3fc362b37fd1c0f7 Mon Sep 17 00:00:00 2001 From: Razil Date: Mon, 9 Sep 2019 00:47:20 +0800 Subject: [PATCH 02/16] fix annotation on orm/utils --- orm/utils.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/orm/utils.go b/orm/utils.go index 78392771..3ff76772 100644 --- a/orm/utils.go +++ b/orm/utils.go @@ -129,7 +129,7 @@ func (f StrTo) Uint16() (uint16, error) { return uint16(v), err } -// Uint32 string to uint31 +// Uint32 string to uint32 func (f StrTo) Uint32() (uint32, error) { v, err := strconv.ParseUint(f.String(), 10, 32) return uint32(v), err From 11774c87a57136c075b1eb30c5dcfc87c1680a22 Mon Sep 17 00:00:00 2001 From: astaxie Date: Thu, 19 Sep 2019 00:19:33 +0800 Subject: [PATCH 03/16] update version 1.13 --- .travis.yml | 2 +- go.mod | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 1bb121a2..a7a06733 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,7 +1,7 @@ language: go go: - - "1.11.x" + - "1.13.x" services: - redis-server - mysql diff --git a/go.mod b/go.mod index fbdec124..00f5bdce 100644 --- a/go.mod +++ b/go.mod @@ -37,3 +37,5 @@ require ( replace golang.org/x/crypto v0.0.0-20181127143415-eb0de9b17e85 => github.com/golang/crypto v0.0.0-20181127143415-eb0de9b17e85 replace gopkg.in/yaml.v2 v2.2.1 => github.com/go-yaml/yaml v0.0.0-20180328195020-5420a8b6744d + +go 1.13 From 5a5482c77fefb28fadb20a2f79f4d20374087a72 Mon Sep 17 00:00:00 2001 From: cloudzhou Date: Fri, 27 Sep 2019 19:27:44 +0800 Subject: [PATCH 04/16] leak opened file should defer file.Close() --- utils/mail.go | 1 + 1 file changed, 1 insertion(+) diff --git a/utils/mail.go b/utils/mail.go index 42b1e4d4..80a366ca 100644 --- a/utils/mail.go +++ b/utils/mail.go @@ -175,6 +175,7 @@ func (e *Email) AttachFile(args ...string) (a *Attachment, err error) { if err != nil { return } + defer f.Close() ct := mime.TypeByExtension(filepath.Ext(filename)) basename := path.Base(filename) return e.Attach(f, basename, ct, id) From 2a6ceca8611407d435f3ce055c2f68d59f2686b5 Mon Sep 17 00:00:00 2001 From: astaxie Date: Thu, 10 Oct 2019 11:23:19 +0800 Subject: [PATCH 05/16] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index aa5d8e19..4c0e3716 100644 --- a/README.md +++ b/README.md @@ -54,6 +54,7 @@ Congratulations! You've just built your first **beego** app. * [http://beego.me/community](http://beego.me/community) * Welcome to join us in Slack: [https://beego.slack.com](https://beego.slack.com), you can get invited from [here](https://github.com/beego/beedoc/issues/232) +* QQ Group Group ID:523992905 ## License From b8d626bbeae55330f06ae138c0a251d2380a75a7 Mon Sep 17 00:00:00 2001 From: Allen <934932687@qq.com> Date: Tue, 22 Oct 2019 16:28:19 +0800 Subject: [PATCH 06/16] =?UTF-8?q?=E6=B7=BB=E5=8A=A016=E5=BC=80=E5=A4=B4?= =?UTF-8?q?=E6=89=8B=E6=9C=BA=E5=8F=B7=E9=AA=8C=E8=AF=81=EF=BC=8C162?= =?UTF-8?q?=E7=94=B5=E4=BF=A1=EF=BC=8C165=E7=A7=BB=E5=8A=A8=EF=BC=8C166/16?= =?UTF-8?q?7=E8=81=94=E9=80=9A=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- validation/validators.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/validation/validators.go b/validation/validators.go index dc18b11e..4f166a68 100644 --- a/validation/validators.go +++ b/validation/validators.go @@ -632,7 +632,7 @@ func (b Base64) GetLimitValue() interface{} { } // just for chinese mobile phone number -var mobilePattern = regexp.MustCompile(`^((\+86)|(86))?(1(([35][0-9])|[8][0-9]|[7][01356789]|[4][579]))\d{8}$`) +var mobilePattern = regexp.MustCompile(`^((\+86)|(86))?(1(([35][0-9])|[8][0-9]|[7][01356789]|[6][2567]|[4][579]))\d{8}$`) // Mobile check struct type Mobile struct { From 241f10b4296af8dc4ccb984c253d7427166e84e5 Mon Sep 17 00:00:00 2001 From: Allen <934932687@qq.com> Date: Tue, 22 Oct 2019 16:58:05 +0800 Subject: [PATCH 07/16] =?UTF-8?q?=E6=B7=BB=E5=8A=A016=E5=BC=80=E5=A4=B4?= =?UTF-8?q?=E6=89=8B=E6=9C=BA=E5=8F=B7=E9=AA=8C=E8=AF=81=EF=BC=8C162?= =?UTF-8?q?=E7=94=B5=E4=BF=A1=EF=BC=8C165=E7=A7=BB=E5=8A=A8=EF=BC=8C166/16?= =?UTF-8?q?7=E8=81=94=E9=80=9A=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- validation/validators.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/validation/validators.go b/validation/validators.go index 4f166a68..ac00a72c 100644 --- a/validation/validators.go +++ b/validation/validators.go @@ -632,7 +632,7 @@ func (b Base64) GetLimitValue() interface{} { } // just for chinese mobile phone number -var mobilePattern = regexp.MustCompile(`^((\+86)|(86))?(1(([35][0-9])|[8][0-9]|[7][01356789]|[6][2567]|[4][579]))\d{8}$`) +var mobilePattern = regexp.MustCompile(`^((\+86)|(86))?(1(([35][0-9])|[8][0-9]|[7][01356789]|[4][579]|[6][2567]))\d{8}$`) // Mobile check struct type Mobile struct { From fb640f00755616438ba49be5a7844e1bc5a10ab4 Mon Sep 17 00:00:00 2001 From: Allen <934932687@qq.com> Date: Tue, 22 Oct 2019 17:07:22 +0800 Subject: [PATCH 08/16] =?UTF-8?q?=E6=9B=B4=E6=96=B016=E5=BC=80=E5=A4=B4?= =?UTF-8?q?=E6=89=8B=E6=9C=BA=E5=8F=B7=E7=9A=84=E6=AD=A3=E5=88=99=E6=B5=8B?= =?UTF-8?q?=E8=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- validation/validation_test.go | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/validation/validation_test.go b/validation/validation_test.go index 3146766b..bae48d37 100644 --- a/validation/validation_test.go +++ b/validation/validation_test.go @@ -280,6 +280,18 @@ func TestMobile(t *testing.T) { if valid.Mobile("8617400008888", "mobile").Ok { t.Error("\"8617400008888\" is a valid mobile phone number should be false") } + if !valid.Mobile("16200008888", "mobile").Ok { + t.Error("\"16200008888\" is a valid mobile phone number should be true") + } + if !valid.Mobile("16500008888", "mobile").Ok { + t.Error("\"16500008888\" is a valid mobile phone number should be true") + } + if !valid.Mobile("16600008888", "mobile").Ok { + t.Error("\"16600008888\" is a valid mobile phone number should be true") + } + if !valid.Mobile("16700008888", "mobile").Ok { + t.Error("\"16700008888\" is a valid mobile phone number should be true") + } } func TestTel(t *testing.T) { From 793047097c8495dfb8421e9dbb72b7a8d289c359 Mon Sep 17 00:00:00 2001 From: Wenkai Yin Date: Tue, 19 Nov 2019 18:55:54 +0800 Subject: [PATCH 09/16] Abort with the pre-defined status code when handling XSRF error As the status codes(422 and 417) are set in the error map, abort with them directly to active the pre-defined error handlers Signed-off-by: Wenkai Yin --- context/context.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/context/context.go b/context/context.go index bbd58299..e1262018 100644 --- a/context/context.go +++ b/context/context.go @@ -169,11 +169,11 @@ func (ctx *Context) CheckXSRFCookie() bool { token = ctx.Request.Header.Get("X-Csrftoken") } if token == "" { - ctx.Abort(403, "'_xsrf' argument missing from POST") + ctx.Abort(422, "422") return false } if ctx._xsrfToken != token { - ctx.Abort(403, "XSRF cookie does not match POST argument") + ctx.Abort(417, "417") return false } return true From 38a144c68f9cc8f0720edb7b0cdd4d2bef021317 Mon Sep 17 00:00:00 2001 From: holtyuzhuyanbo Date: Tue, 19 Nov 2019 21:25:30 +0800 Subject: [PATCH 10/16] fix: session destory --- session/session.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/session/session.go b/session/session.go index 46a9f1f0..eb85360a 100644 --- a/session/session.go +++ b/session/session.go @@ -270,7 +270,8 @@ func (manager *Manager) SessionDestroy(w http.ResponseWriter, r *http.Request) { Path: "/", HttpOnly: !manager.config.DisableHTTPOnly, Expires: expiration, - MaxAge: -1} + MaxAge: -1, + Domain: manager.config.Domain} http.SetCookie(w, cookie) } From 92a4119258a8717b44c4180bc4caf8fa6c87d0ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=A4=A7=E7=9B=96=E6=96=87?= <812568591@qq.com> Date: Wed, 11 Dec 2019 16:50:08 +0800 Subject: [PATCH 11/16] Update cmd_utils.go [Fix] Fix create table with SQLite not supporting COMMENT syntax --- orm/cmd_utils.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/orm/cmd_utils.go b/orm/cmd_utils.go index 7c9aa51e..61f17346 100644 --- a/orm/cmd_utils.go +++ b/orm/cmd_utils.go @@ -198,7 +198,7 @@ func getDbCreateSQL(al *alias) (sqls []string, tableIndexes map[string][]dbIndex column = strings.Replace(column, "%COL%", fi.column, -1) } - if fi.description != "" { + if fi.description != "" && al.Driver!=DRSqlite { column += " " + fmt.Sprintf("COMMENT '%s'",fi.description) } From dc5c42e9818de1a60cbf696235c023b84d48d043 Mon Sep 17 00:00:00 2001 From: axx Date: Mon, 30 Dec 2019 11:24:55 +0800 Subject: [PATCH 12/16] httplib:fixes network request failed to create an invalid file and automatically created file directory --- httplib/httplib.go | 33 +++++++++++++++++++++++++++------ httplib/httplib_test.go | 14 ++++++++++++++ 2 files changed, 41 insertions(+), 6 deletions(-) diff --git a/httplib/httplib.go b/httplib/httplib.go index 074cf661..9d63505f 100644 --- a/httplib/httplib.go +++ b/httplib/httplib.go @@ -47,9 +47,11 @@ import ( "net/http/httputil" "net/url" "os" + "path" "strings" "sync" "time" + "gopkg.in/yaml.v2" ) @@ -558,12 +560,6 @@ func (b *BeegoHTTPRequest) Bytes() ([]byte, error) { // ToFile saves the body data in response to one file. // it calls Response inner. func (b *BeegoHTTPRequest) ToFile(filename string) error { - f, err := os.Create(filename) - if err != nil { - return err - } - defer f.Close() - resp, err := b.getResponse() if err != nil { return err @@ -572,10 +568,35 @@ func (b *BeegoHTTPRequest) ToFile(filename string) error { return nil } defer resp.Body.Close() + err = pathExistAndMkdir(filename) + if err != nil { + return err + } + f, err := os.Create(filename) + if err != nil { + return err + } + defer f.Close() _, err = io.Copy(f, resp.Body) return err } +//Check that the file directory exists, there is no automatically created +func pathExistAndMkdir(filename string) (err error) { + filename = path.Dir(filename) + _, err = os.Stat(filename) + if err == nil { + return nil + } + if os.IsNotExist(err) { + err = os.MkdirAll(filename, os.ModePerm) + if err == nil { + return nil + } + } + return err +} + // ToJSON returns the map that marshals from the body bytes as json in response . // it calls Response inner. func (b *BeegoHTTPRequest) ToJSON(v interface{}) error { diff --git a/httplib/httplib_test.go b/httplib/httplib_test.go index 7314ae01..dd2a4f1c 100644 --- a/httplib/httplib_test.go +++ b/httplib/httplib_test.go @@ -232,6 +232,20 @@ func TestToFile(t *testing.T) { } } +func TestToFileDir(t *testing.T) { + f := "./files/beego_testfile" + req := Get("http://httpbin.org/ip") + err := req.ToFile(f) + if err != nil { + t.Fatal(err) + } + defer os.RemoveAll("./files") + b, err := ioutil.ReadFile(f) + if n := strings.Index(string(b), "origin"); n == -1 { + t.Fatal(err) + } +} + func TestHeader(t *testing.T) { req := Get("http://httpbin.org/headers") req.Header("User-Agent", "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36") From 5a02c556b291977be5fab9ada71492c71f8a6a13 Mon Sep 17 00:00:00 2001 From: Wenkai Yin Date: Fri, 10 Jan 2020 17:28:06 +0800 Subject: [PATCH 13/16] Send the request from context rather than the original one to handlers The filters may do some changes to the request, such as putting values in the request's context Signed-off-by: Wenkai Yin --- router.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/router.go b/router.go index 3593be4c..e71366b4 100644 --- a/router.go +++ b/router.go @@ -773,7 +773,7 @@ func (p *ControllerRegister) ServeHTTP(rw http.ResponseWriter, r *http.Request) } } else if routerInfo.routerType == routerTypeHandler { isRunnable = true - routerInfo.handler.ServeHTTP(rw, r) + routerInfo.handler.ServeHTTP(context.ResponseWriter, context.Request) } else { runRouter = routerInfo.controllerType methodParams = routerInfo.methodParams From 034599ca1db597b6441aad6dcf62fe7aca9fd16c Mon Sep 17 00:00:00 2001 From: Liu Zhang Date: Fri, 17 Jan 2020 16:47:19 +0800 Subject: [PATCH 14/16] =?UTF-8?q?=E9=AA=8C=E8=AF=81=E8=B0=83=E6=95=B4?= =?UTF-8?q?=EF=BC=8C=E5=A2=9E=E5=8A=A0label=EF=BC=8C=20xx=E4=B8=8D?= =?UTF-8?q?=E8=83=BD=E4=B8=BA=E7=A9=BA?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- go.mod | 4 ++-- go.sum | 12 ++++++++++++ validation/util.go | 11 +++++++---- validation/validation.go | 9 +++++---- 4 files changed, 26 insertions(+), 10 deletions(-) diff --git a/go.mod b/go.mod index 00f5bdce..9468c1b6 100644 --- a/go.mod +++ b/go.mod @@ -29,8 +29,8 @@ require ( github.com/ssdb/gossdb v0.0.0-20180723034631-88f6b59b84ec github.com/syndtr/goleveldb v0.0.0-20181127023241-353a9fca669c // indirect github.com/wendal/errors v0.0.0-20130201093226-f66c77a7882b // indirect - golang.org/x/crypto v0.0.0-20181127143415-eb0de9b17e85 - golang.org/x/net v0.0.0-20181114220301-adae6a3d119a // indirect + golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 + golang.org/x/tools v0.0.0-20200117065230-39095c1d176c gopkg.in/yaml.v2 v2.2.1 ) diff --git a/go.sum b/go.sum index ab233162..1fe5e032 100644 --- a/go.sum +++ b/go.sum @@ -61,8 +61,20 @@ github.com/wendal/errors v0.0.0-20130201093226-f66c77a7882b h1:0Ve0/CCjiAiyKddUM github.com/wendal/errors v0.0.0-20130201093226-f66c77a7882b/go.mod h1:Q12BUT7DqIlHRmgv3RskH+UCM/4eqVMgI0EMmlSpAXc= golang.org/x/crypto v0.0.0-20181127143415-eb0de9b17e85 h1:et7+NAX3lLIk5qUCTA9QelBjGE/NkhzYw/mhnr0s7nI= golang.org/x/crypto v0.0.0-20181127143415-eb0de9b17e85/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a h1:gOpx8G595UYyvj8UK4+OFyY4rx037g3fmfhe5SasG3U= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/tools v0.0.0-20200117065230-39095c1d176c h1:FodBYPZKH5tAN2O60HlglMwXGAeV/4k+NKbli79M/2c= +golang.org/x/tools v0.0.0-20200117065230-39095c1d176c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= diff --git a/validation/util.go b/validation/util.go index 66fce283..e2cfb3b7 100644 --- a/validation/util.go +++ b/validation/util.go @@ -26,6 +26,8 @@ const ( // ValidTag struct tag ValidTag = "valid" + LabelTag = "label" + wordsize = 32 << (^uint(0) >> 32 & 1) ) @@ -124,6 +126,7 @@ func isStructPtr(t reflect.Type) bool { func getValidFuncs(f reflect.StructField) (vfs []ValidFunc, err error) { tag := f.Tag.Get(ValidTag) + label := f.Tag.Get(LabelTag) if len(tag) == 0 { return } @@ -136,7 +139,7 @@ func getValidFuncs(f reflect.StructField) (vfs []ValidFunc, err error) { if len(vfunc) == 0 { continue } - vf, err = parseFunc(vfunc, f.Name) + vf, err = parseFunc(vfunc, f.Name, label) if err != nil { return } @@ -168,7 +171,7 @@ func getRegFuncs(tag, key string) (vfs []ValidFunc, str string, err error) { return } -func parseFunc(vfunc, key string) (v ValidFunc, err error) { +func parseFunc(vfunc, key string, label string) (v ValidFunc, err error) { defer func() { if r := recover(); r != nil { err = fmt.Errorf("%v", r) @@ -188,7 +191,7 @@ func parseFunc(vfunc, key string) (v ValidFunc, err error) { err = fmt.Errorf("%s require %d parameters", vfunc, num) return } - v = ValidFunc{vfunc, []interface{}{key + "." + vfunc}} + v = ValidFunc{vfunc, []interface{}{key + "." + vfunc + "." + label}} return } @@ -210,7 +213,7 @@ func parseFunc(vfunc, key string) (v ValidFunc, err error) { return } - tParams, err := trim(name, key+"."+name, params) + tParams, err := trim(name, key+"."+ name + "." + label, params) if err != nil { return } diff --git a/validation/validation.go b/validation/validation.go index ca1e211f..a3e4b571 100644 --- a/validation/validation.go +++ b/validation/validation.go @@ -267,15 +267,16 @@ func (v *Validation) apply(chk Validator, obj interface{}) *Result { key := chk.GetKey() Name := key Field := "" - + Label := "" parts := strings.Split(key, ".") - if len(parts) == 2 { + if len(parts) == 3 { Field = parts[0] Name = parts[1] + Label = parts[2] } err := &Error{ - Message: chk.DefaultMessage(), + Message: Label + chk.DefaultMessage(), Key: key, Name: Name, Field: Field, @@ -298,7 +299,7 @@ func (v *Validation) AddError(key, message string) { Field := "" parts := strings.Split(key, ".") - if len(parts) == 2 { + if len(parts) == 3 { Field = parts[0] Name = parts[1] } From a768bf8f00030e627f4546b421f9242b0de56c01 Mon Sep 17 00:00:00 2001 From: wang yan Date: Thu, 6 Feb 2020 17:26:04 +0800 Subject: [PATCH 15/16] update hash algorithm for signing the cookie for xsrf token Due to the chosen-prefix collision in SHA-1(details at https://sha-mbles.github.io/), SHA-1 hash functions should to be deprecated and SHA-2/SHA-3 should be used instead. Signed-off-by: wang yan --- context/context.go | 6 +++--- session/sess_utils.go | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/context/context.go b/context/context.go index e1262018..de248ed2 100644 --- a/context/context.go +++ b/context/context.go @@ -25,7 +25,7 @@ package context import ( "bufio" "crypto/hmac" - "crypto/sha1" + "crypto/sha256" "encoding/base64" "errors" "fmt" @@ -123,7 +123,7 @@ func (ctx *Context) GetSecureCookie(Secret, key string) (string, bool) { timestamp := parts[1] sig := parts[2] - h := hmac.New(sha1.New, []byte(Secret)) + h := hmac.New(sha256.New, []byte(Secret)) fmt.Fprintf(h, "%s%s", vs, timestamp) if fmt.Sprintf("%02x", h.Sum(nil)) != sig { @@ -137,7 +137,7 @@ func (ctx *Context) GetSecureCookie(Secret, key string) (string, bool) { func (ctx *Context) SetSecureCookie(Secret, name, value string, others ...interface{}) { vs := base64.URLEncoding.EncodeToString([]byte(value)) timestamp := strconv.FormatInt(time.Now().UnixNano(), 10) - h := hmac.New(sha1.New, []byte(Secret)) + h := hmac.New(sha256.New, []byte(Secret)) fmt.Fprintf(h, "%s%s", vs, timestamp) sig := fmt.Sprintf("%02x", h.Sum(nil)) cookie := strings.Join([]string{vs, timestamp, sig}, "|") diff --git a/session/sess_utils.go b/session/sess_utils.go index 2e3376c7..20915bb6 100644 --- a/session/sess_utils.go +++ b/session/sess_utils.go @@ -19,7 +19,7 @@ import ( "crypto/cipher" "crypto/hmac" "crypto/rand" - "crypto/sha1" + "crypto/sha256" "crypto/subtle" "encoding/base64" "encoding/gob" @@ -129,7 +129,7 @@ func encodeCookie(block cipher.Block, hashKey, name string, value map[interface{ b = encode(b) // 3. Create MAC for "name|date|value". Extra pipe to be used later. b = []byte(fmt.Sprintf("%s|%d|%s|", name, time.Now().UTC().Unix(), b)) - h := hmac.New(sha1.New, []byte(hashKey)) + h := hmac.New(sha256.New, []byte(hashKey)) h.Write(b) sig := h.Sum(nil) // Append mac, remove name. @@ -153,7 +153,7 @@ func decodeCookie(block cipher.Block, hashKey, name, value string, gcmaxlifetime } b = append([]byte(name+"|"), b[:len(b)-len(parts[2])]...) - h := hmac.New(sha1.New, []byte(hashKey)) + h := hmac.New(sha256.New, []byte(hashKey)) h.Write(b) sig := h.Sum(nil) if len(sig) != len(parts[2]) || subtle.ConstantTimeCompare(sig, parts[2]) != 1 { From de5650b7230083f957045890af942ffdac87c782 Mon Sep 17 00:00:00 2001 From: astaxie Date: Fri, 7 Feb 2020 16:23:57 +0800 Subject: [PATCH 16/16] version 1.12.1 --- beego.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/beego.go b/beego.go index 66b19f36..3ed3bdd0 100644 --- a/beego.go +++ b/beego.go @@ -23,7 +23,7 @@ import ( const ( // VERSION represent beego web framework version. - VERSION = "1.12.0" + VERSION = "1.12.1" // DEV is for develop DEV = "dev"