version 1.12.1

Merge pull request #3868 from holtyuzhuyanbo/fix_session_destory
fix: session destory
2025-07-11 17:01:01 +00:00 · 2020-02-07 16:23:57 +08:00 · 2020-02-07 11:49:54 +08:00 · 2020-02-07 11:46:52 +08:00 · 2020-02-07 11:10:56 +08:00 · 2020-02-07 11:05:01 +08:00
18 changed files with 99 additions and 33 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -1,7 +1,7 @@
 language: go

 go:
-  - "1.11.x"
+  - "1.13.x"
 services:
  - redis-server
  - mysql
--- a/README.md
+++ b/README.md
@ -4,8 +4,6 @@
 beego is used for rapid development of RESTful APIs, web apps and backend services in Go.
 It is inspired by Tornado, Sinatra and Flask. beego has some Go-specific features such as interfaces and struct embedding.

- Response time ranking: [web-frameworks](https://github.com/the-benchmarker/web-frameworks).
-
 ###### More info at [beego.me](http://beego.me).

 ## Quick Start
@ -56,6 +54,7 @@ Congratulations! You've just built your first **beego** app.

 * [http://beego.me/community](http://beego.me/community)
 * Welcome to join us in Slack: [https://beego.slack.com](https://beego.slack.com), you can get invited from [here](https://github.com/beego/beedoc/issues/232)
+* QQ Group Group ID:523992905

 ## License

--- a/beego.go
+++ b/beego.go
@ -23,7 +23,7 @@ import (

 const (
 	// VERSION represent beego web framework version.
-	VERSION = "1.12.0"
+	VERSION = "1.12.1"

 	// DEV is for develop
 	DEV = "dev"
--- a/context/context.go
+++ b/context/context.go
@ -25,7 +25,7 @@ package context
 import (
 	"bufio"
 	"crypto/hmac"
-	"crypto/sha1"
+	"crypto/sha256"
 	"encoding/base64"
 	"errors"
 	"fmt"
@ -123,7 +123,7 @@ func (ctx *Context) GetSecureCookie(Secret, key string) (string, bool) {
 	timestamp := parts[1]
 	sig := parts[2]

-	h := hmac.New(sha1.New, []byte(Secret))
+	h := hmac.New(sha256.New, []byte(Secret))
 	fmt.Fprintf(h, "%s%s", vs, timestamp)

 	if fmt.Sprintf("%02x", h.Sum(nil)) != sig {
@ -137,7 +137,7 @@ func (ctx *Context) GetSecureCookie(Secret, key string) (string, bool) {
 func (ctx *Context) SetSecureCookie(Secret, name, value string, others ...interface{}) {
 	vs := base64.URLEncoding.EncodeToString([]byte(value))
 	timestamp := strconv.FormatInt(time.Now().UnixNano(), 10)
-	h := hmac.New(sha1.New, []byte(Secret))
+	h := hmac.New(sha256.New, []byte(Secret))
 	fmt.Fprintf(h, "%s%s", vs, timestamp)
 	sig := fmt.Sprintf("%02x", h.Sum(nil))
 	cookie := strings.Join([]string{vs, timestamp, sig}, "|")
@ -169,11 +169,11 @@ func (ctx *Context) CheckXSRFCookie() bool {
 		token = ctx.Request.Header.Get("X-Csrftoken")
 	}
 	if token == "" {
-		ctx.Abort(403, "'_xsrf' argument missing from POST")
+		ctx.Abort(422, "422")
 		return false
 	}
 	if ctx._xsrfToken != token {
-		ctx.Abort(403, "XSRF cookie does not match POST argument")
+		ctx.Abort(417, "417")
 		return false
 	}
 	return true
--- a/go.mod
+++ b/go.mod
@ -29,11 +29,13 @@ require (
 	github.com/ssdb/gossdb v0.0.0-20180723034631-88f6b59b84ec
 	github.com/syndtr/goleveldb v0.0.0-20181127023241-353a9fca669c // indirect
 	github.com/wendal/errors v0.0.0-20130201093226-f66c77a7882b // indirect
-	golang.org/x/crypto v0.0.0-20181127143415-eb0de9b17e85
-	golang.org/x/net v0.0.0-20181114220301-adae6a3d119a // indirect
+	golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550
+	golang.org/x/tools v0.0.0-20200117065230-39095c1d176c
 	gopkg.in/yaml.v2 v2.2.1
 )

 replace golang.org/x/crypto v0.0.0-20181127143415-eb0de9b17e85 => github.com/golang/crypto v0.0.0-20181127143415-eb0de9b17e85

 replace gopkg.in/yaml.v2 v2.2.1 => github.com/go-yaml/yaml v0.0.0-20180328195020-5420a8b6744d
+
+go 1.13
--- a/go.sum
+++ b/go.sum
@ -61,8 +61,20 @@ github.com/wendal/errors v0.0.0-20130201093226-f66c77a7882b h1:0Ve0/CCjiAiyKddUM
 github.com/wendal/errors v0.0.0-20130201093226-f66c77a7882b/go.mod h1:Q12BUT7DqIlHRmgv3RskH+UCM/4eqVMgI0EMmlSpAXc=
 golang.org/x/crypto v0.0.0-20181127143415-eb0de9b17e85 h1:et7+NAX3lLIk5qUCTA9QelBjGE/NkhzYw/mhnr0s7nI=
 golang.org/x/crypto v0.0.0-20181127143415-eb0de9b17e85/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a h1:gOpx8G595UYyvj8UK4+OFyY4rx037g3fmfhe5SasG3U=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/tools v0.0.0-20200117065230-39095c1d176c h1:FodBYPZKH5tAN2O60HlglMwXGAeV/4k+NKbli79M/2c=
+golang.org/x/tools v0.0.0-20200117065230-39095c1d176c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
--- a/httplib/httplib.go
+++ b/httplib/httplib.go
@ -47,9 +47,11 @@ import (
 	"net/http/httputil"
 	"net/url"
 	"os"
+	"path"
 	"strings"
 	"sync"
 	"time"
+
 	"gopkg.in/yaml.v2"
 )

@ -558,12 +560,6 @@ func (b *BeegoHTTPRequest) Bytes() ([]byte, error) {
 // ToFile saves the body data in response to one file.
 // it calls Response inner.
 func (b *BeegoHTTPRequest) ToFile(filename string) error {
-	f, err := os.Create(filename)
-	if err != nil {
-		return err
-	}
-	defer f.Close()
-
 	resp, err := b.getResponse()
 	if err != nil {
 		return err
@ -572,10 +568,35 @@ func (b *BeegoHTTPRequest) ToFile(filename string) error {
 		return nil
 	}
 	defer resp.Body.Close()
+	err = pathExistAndMkdir(filename)
+	if err != nil {
+		return err
+	}
+	f, err := os.Create(filename)
+	if err != nil {
+		return err
+	}
+	defer f.Close()
 	_, err = io.Copy(f, resp.Body)
 	return err
 }

+//Check that the file directory exists, there is no automatically created
+func pathExistAndMkdir(filename string) (err error) {
+	filename = path.Dir(filename)
+	_, err = os.Stat(filename)
+	if err == nil {
+		return nil
+	}
+	if os.IsNotExist(err) {
+		err = os.MkdirAll(filename, os.ModePerm)
+		if err == nil {
+			return nil
+		}
+	}
+	return err
+}
+
 // ToJSON returns the map that marshals from the body bytes as json in response .
 // it calls Response inner.
 func (b *BeegoHTTPRequest) ToJSON(v interface{}) error {
--- a/httplib/httplib_test.go
+++ b/httplib/httplib_test.go
@ -232,6 +232,20 @@ func TestToFile(t *testing.T) {
 	}
 }

+func TestToFileDir(t *testing.T) {
+	f := "./files/beego_testfile"
+	req := Get("http://httpbin.org/ip")
+	err := req.ToFile(f)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll("./files")
+	b, err := ioutil.ReadFile(f)
+	if n := strings.Index(string(b), "origin"); n == -1 {
+		t.Fatal(err)
+	}
+}
+
 func TestHeader(t *testing.T) {
 	req := Get("http://httpbin.org/headers")
 	req.Header("User-Agent", "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36")
--- a/orm/cmd_utils.go
+++ b/orm/cmd_utils.go
@ -198,7 +198,7 @@ func getDbCreateSQL(al *alias) (sqls []string, tableIndexes map[string][]dbIndex
 				column = strings.Replace(column, "%COL%", fi.column, -1)
 			}
 			
-			if fi.description != "" {
+			if fi.description != "" && al.Driver!=DRSqlite {
 				column += " " + fmt.Sprintf("COMMENT '%s'",fi.description)
 			}

--- a/orm/utils.go
+++ b/orm/utils.go
@ -129,7 +129,7 @@ func (f StrTo) Uint16() (uint16, error) {
 	return uint16(v), err
 }

-// Uint32 string to uint31
+// Uint32 string to uint32
 func (f StrTo) Uint32() (uint32, error) {
 	v, err := strconv.ParseUint(f.String(), 10, 32)
 	return uint32(v), err
--- a/router.go
+++ b/router.go
@ -773,7 +773,7 @@ func (p *ControllerRegister) ServeHTTP(rw http.ResponseWriter, r *http.Request)
 			}
 		} else if routerInfo.routerType == routerTypeHandler {
 			isRunnable = true
-			routerInfo.handler.ServeHTTP(rw, r)
+			routerInfo.handler.ServeHTTP(context.ResponseWriter, context.Request)
 		} else {
 			runRouter = routerInfo.controllerType
 			methodParams = routerInfo.methodParams
--- a/session/sess_utils.go
+++ b/session/sess_utils.go
@ -19,7 +19,7 @@ import (
 	"crypto/cipher"
 	"crypto/hmac"
 	"crypto/rand"
-	"crypto/sha1"
+	"crypto/sha256"
 	"crypto/subtle"
 	"encoding/base64"
 	"encoding/gob"
@ -129,7 +129,7 @@ func encodeCookie(block cipher.Block, hashKey, name string, value map[interface{
 	b = encode(b)
 	// 3. Create MAC for "name|date|value". Extra pipe to be used later.
 	b = []byte(fmt.Sprintf("%s|%d|%s|", name, time.Now().UTC().Unix(), b))
-	h := hmac.New(sha1.New, []byte(hashKey))
+	h := hmac.New(sha256.New, []byte(hashKey))
 	h.Write(b)
 	sig := h.Sum(nil)
 	// Append mac, remove name.
@ -153,7 +153,7 @@ func decodeCookie(block cipher.Block, hashKey, name, value string, gcmaxlifetime
 	}

 	b = append([]byte(name+"|"), b[:len(b)-len(parts[2])]...)
-	h := hmac.New(sha1.New, []byte(hashKey))
+	h := hmac.New(sha256.New, []byte(hashKey))
 	h.Write(b)
 	sig := h.Sum(nil)
 	if len(sig) != len(parts[2]) || subtle.ConstantTimeCompare(sig, parts[2]) != 1 {
--- a/session/session.go
+++ b/session/session.go
@ -270,7 +270,8 @@ func (manager *Manager) SessionDestroy(w http.ResponseWriter, r *http.Request) {
 			Path:     "/",
 			HttpOnly: !manager.config.DisableHTTPOnly,
 			Expires:  expiration,
-			MaxAge:   -1}
+			MaxAge:   -1,
+			Domain:   manager.config.Domain}

 		http.SetCookie(w, cookie)
 	}
--- a/utils/mail.go
+++ b/utils/mail.go
@ -175,6 +175,7 @@ func (e *Email) AttachFile(args ...string) (a *Attachment, err error) {
 	if err != nil {
 		return
 	}
+	defer f.Close()
 	ct := mime.TypeByExtension(filepath.Ext(filename))
 	basename := path.Base(filename)
 	return e.Attach(f, basename, ct, id)
--- a/validation/util.go
+++ b/validation/util.go
@ -26,6 +26,8 @@ const (
 	// ValidTag struct tag
 	ValidTag = "valid"

+	LabelTag = "label"
+
 	wordsize = 32 << (^uint(0) >> 32 & 1)
 )

@ -124,6 +126,7 @@ func isStructPtr(t reflect.Type) bool {

 func getValidFuncs(f reflect.StructField) (vfs []ValidFunc, err error) {
 	tag := f.Tag.Get(ValidTag)
+	label := f.Tag.Get(LabelTag)
 	if len(tag) == 0 {
 		return
 	}
@ -136,7 +139,7 @@ func getValidFuncs(f reflect.StructField) (vfs []ValidFunc, err error) {
 		if len(vfunc) == 0 {
 			continue
 		}
-		vf, err = parseFunc(vfunc, f.Name)
+		vf, err = parseFunc(vfunc, f.Name, label)
 		if err != nil {
 			return
 		}
@ -168,7 +171,7 @@ func getRegFuncs(tag, key string) (vfs []ValidFunc, str string, err error) {
 	return
 }

-func parseFunc(vfunc, key string) (v ValidFunc, err error) {
+func parseFunc(vfunc, key string, label string) (v ValidFunc, err error) {
 	defer func() {
 		if r := recover(); r != nil {
 			err = fmt.Errorf("%v", r)
@ -188,7 +191,7 @@ func parseFunc(vfunc, key string) (v ValidFunc, err error) {
 			err = fmt.Errorf("%s require %d parameters", vfunc, num)
 			return
 		}
-		v = ValidFunc{vfunc, []interface{}{key + "." + vfunc}}
+		v = ValidFunc{vfunc, []interface{}{key + "." + vfunc + "." + label}}
 		return
 	}

@ -210,7 +213,7 @@ func parseFunc(vfunc, key string) (v ValidFunc, err error) {
 		return
 	}

-	tParams, err := trim(name, key+"."+name, params)
+	tParams, err := trim(name, key+"."+ name + "." + label, params)
 	if err != nil {
 		return
 	}
--- a/validation/validation.go
+++ b/validation/validation.go
@ -267,15 +267,16 @@ func (v *Validation) apply(chk Validator, obj interface{}) *Result {
 	key := chk.GetKey()
 	Name := key
 	Field := ""
-
+	Label := ""
 	parts := strings.Split(key, ".")
-	if len(parts) == 2 {
+	if len(parts) == 3 {
 		Field = parts[0]
 		Name = parts[1]
+		Label = parts[2]
 	}

 	err := &Error{
-		Message:    chk.DefaultMessage(),
+		Message:    Label + chk.DefaultMessage(),
 		Key:        key,
 		Name:       Name,
 		Field:      Field,
@ -298,7 +299,7 @@ func (v *Validation) AddError(key, message string) {
 	Field := ""

 	parts := strings.Split(key, ".")
-	if len(parts) == 2 {
+	if len(parts) == 3 {
 		Field = parts[0]
 		Name = parts[1]
 	}
--- a/validation/validation_test.go
+++ b/validation/validation_test.go
@ -280,6 +280,18 @@ func TestMobile(t *testing.T) {
 	if valid.Mobile("8617400008888", "mobile").Ok {
 		t.Error("\"8617400008888\" is a valid mobile phone number should be false")
 	}
+	if !valid.Mobile("16200008888", "mobile").Ok {
+		t.Error("\"16200008888\" is a valid mobile phone number should be true")
+	}
+	if !valid.Mobile("16500008888", "mobile").Ok {
+		t.Error("\"16500008888\" is a valid mobile phone number should be true")
+	}
+	if !valid.Mobile("16600008888", "mobile").Ok {
+		t.Error("\"16600008888\" is a valid mobile phone number should be true")
+	}
+	if !valid.Mobile("16700008888", "mobile").Ok {
+		t.Error("\"16700008888\" is a valid mobile phone number should be true")
+	}
 }

 func TestTel(t *testing.T) {
--- a/validation/validators.go
+++ b/validation/validators.go
@ -632,7 +632,7 @@ func (b Base64) GetLimitValue() interface{} {
 }

 // just for chinese mobile phone number
-var mobilePattern = regexp.MustCompile(`^((\+86)|(86))?(1(([35][0-9])|[8][0-9]|[7][01356789]|[4][579]))\d{8}$`)
+var mobilePattern = regexp.MustCompile(`^((\+86)|(86))?(1(([35][0-9])|[8][0-9]|[7][01356789]|[4][579]|[6][2567]))\d{8}$`)

 // Mobile check struct
 type Mobile struct {
Author	SHA1	Message	Date
astaxie	de5650b723	version 1.12.1	2020-02-07 16:23:57 +08:00
astaxie	e5e4a3bea7	Merge pull request #3868 from holtyuzhuyanbo/fix_session_destory fix: session destory	2020-02-07 11:49:54 +08:00
astaxie	90d0b43f34	Merge pull request #3888 from gavin2014/develop [Fix] Fix create table with SQLite not supporting COMMENT syntax	2020-02-07 11:46:52 +08:00
astaxie	1b7f5ba2c4	Merge pull request #3900 from aixiaoxiang/develop httplib:fixes network request failed to create an invalid file and automatically created file directory	2020-02-07 11:10:56 +08:00
astaxie	96f01079cb	Merge pull request #3905 from ywk253100/200110_context Send the request from context rather than the original one to handlers	2020-02-07 11:05:01 +08:00
astaxie	9d4b5b313f	Merge pull request #3911 from liuzhang/develop 验证调整，增加label， xx不能为空	2020-02-07 11:04:11 +08:00
astaxie	b882009979	Merge pull request #3919 from wy65701436/develop-sha256 update hash algorithm for signing the cookie for xsrf token	2020-02-07 11:01:10 +08:00
wang yan	a768bf8f00	update hash algorithm for signing the cookie for xsrf token Due to the chosen-prefix collision in SHA-1(details at https://sha-mbles.github.io/), SHA-1 hash functions should to be deprecated and SHA-2/SHA-3 should be used instead. Signed-off-by: wang yan <wangyan@vmware.com>	2020-02-06 17:31:24 +08:00
Liu Zhang	034599ca1d	验证调整，增加label， xx不能为空	2020-01-17 16:47:19 +08:00
Wenkai Yin	5a02c556b2	Send the request from context rather than the original one to handlers The filters may do some changes to the request, such as putting values in the request's context Signed-off-by: Wenkai Yin <yinw@vmware.com>	2020-01-10 17:58:00 +08:00
axx	dc5c42e981	httplib:fixes network request failed to create an invalid file and automatically created file directory	2019-12-30 11:24:55 +08:00
大盖文	92a4119258	Update cmd_utils.go [Fix] Fix create table with SQLite not supporting COMMENT syntax	2019-12-11 16:50:08 +08:00
astaxie	aa90c67a75	Merge pull request #3867 from ywk253100/191119_xsrf Abort with the pre-defined status code when handling XSRF error	2019-11-29 18:43:02 +08:00
holtyuzhuyanbo	38a144c68f	fix: session destory	2019-11-19 21:25:30 +08:00
Wenkai Yin	793047097c	Abort with the pre-defined status code when handling XSRF error As the status codes(422 and 417) are set in the error map, abort with them directly to active the pre-defined error handlers Signed-off-by: Wenkai Yin <yinw@vmware.com>	2019-11-19 18:55:54 +08:00
astaxie	1923b8c767	Merge pull request #3841 from HKail/develop 添加16开头手机号验证	2019-10-23 22:22:52 +08:00
Allen	fb640f0075	更新16开头手机号的正则测试	2019-10-22 17:07:22 +08:00
Allen	241f10b429	添加16开头手机号验证，162电信，165移动，166/167联通。	2019-10-22 16:58:05 +08:00
Allen	b8d626bbea	添加16开头手机号验证，162电信，165移动，166/167联通。	2019-10-22 16:28:19 +08:00
astaxie	2a6ceca861	Update README.md	2019-10-10 11:23:19 +08:00
astaxie	10236b9f2d	Merge pull request #3814 from cloudzhou/patch-2 leak opened file	2019-10-10 00:48:24 +08:00
cloudzhou	5a5482c77f	leak opened file should defer file.Close()	2019-09-27 19:27:44 +08:00
astaxie	11774c87a5	update version 1.13	2019-09-19 00:19:33 +08:00
Dennis	8395a26061	Merge pull request #3801 from DennisMao/develop fix annotation on orm/utils #3777	2019-09-09 00:46:36 +08:00
Razil	4348356d0a	fix annotation on orm/utils	2019-09-09 00:47:20 +08:00
astaxie	5620608418	Update README.md	2019-07-21 22:58:28 +08:00