Permalink
Switch branches/tags
Nothing to show
Commits on Aug 9, 2016
  1. Merge pull request #207 from hoisie/key-cleanup

    hoisie committed Aug 9, 2016
    Move encKey and signKey from ServerConfig to Server
  2. Move encKey and signKey from ServerConfig to Server

    hoisie committed Aug 9, 2016
    Belonging to the `Server` struct seems more appropriate than
    `ServerConfig`. The `ServerConfig` is mainly for user-defined
    configuration, and the keys are generated during runtime.
  3. Merge pull request #206 from hoisie/cleanup-spacing

    hoisie committed Aug 9, 2016
    Remove superfluous newlines in secure_cookie.go
  4. Remove superfluous newlines in secure_cookie.go

    hoisie committed Aug 9, 2016
    Whitespace only change. I forgot to add this file when amending the
    commit.
  5. Merge pull request #204 from hoisie/encrypted-cookie

    hoisie committed Aug 9, 2016
    Switch secure cookie implementation
  6. Switch secure cookie implementation

    hoisie committed Aug 9, 2016
    Previously, secure cookies in web.go were only cryptographically signed.
    This prevented them from being tampered with. However, the contents of
    the cookies were still transmitted in plain text to the client.
    
    Instead of only signing the contents of the cookie, encrypt the contents
    as well. This prevents any kind of information leakage.
    
    Secure cookies are now encrypted with AES counter mode with a 32 bit
    key. The contents are still signed using HMAC. Both the encryption key
    and the signature key are generated using pbkdf2 using the CookieSecret
    config option as the password source. The ciphertext, initialization
    vector, and signature are now transmitted to the client.
    
    Although the API is the same, cookies previously stored will not be
    readable. Unfortunately there is no smooth upgrade process.
    
    An example of using secure cookies has been added as well.
    
    Fixes #160
Commits on Aug 8, 2016
  1. Merge pull request #203 from hoisie/simplify-base64

    hoisie committed Aug 8, 2016
    Simplify base64 encoding logic in SetSecureCookie
  2. Simplify base64 encoding logic in SetSecureCookie

    hoisie committed Aug 8, 2016
    Use `EncodeToString` instead of setting up a separate buffer.
    This code was likely written before `EncodeToString` existed.
Commits on Aug 6, 2016
  1. Merge pull request #202 from hoisie/tty-colors

    hoisie committed Aug 6, 2016
    Clean up the logic for color logging
  2. Clean up the logic for color logging

    hoisie committed Aug 6, 2016
    Previously, the escape sequences for terminal colors were included
    directly in the log string. This made it difficult to understand what
    was being logged. Add some wrapper methods to clean up the abstraction
    of the color output logic. Also, avoid using color logging if web.go
    isn't running in a terminal (e.g the output is being piped).
Commits on Aug 5, 2016
  1. Merge pull request #201 from hoisie/bad-request

    hoisie committed Aug 5, 2016
    Add a helper method for returning HTTP 400
  2. Add a helper method for returning HTTP 400

    hoisie committed Aug 5, 2016
    This will cause HTTP 400 Bad Request to be returned.
    
    Resolves #180
Commits on Aug 2, 2016
  1. Merge pull request #200 from hoisie/discard-output

    hoisie committed Aug 2, 2016
    Discard log output during TestCustomHandlerContentType
  2. Discard log output during TestCustomHandlerContentType

    hoisie committed Aug 2, 2016
    The request log wasn't being discarded.
  3. Merge pull request #199 from hoisie/malformed-scgi

    hoisie committed Aug 2, 2016
    Gracefully handle malformed SCGI requests
  4. Gracefully handle malformed SCGI requests

    hoisie committed Aug 2, 2016
    Previously, malformed SCGI requests would cause a panic when they were
    processed. Gracefully handle malformed SCGI requests. Also, add some
    additional error checking when parsing the length of the request, and
    clean up the code related to logging SCGI errors.
    
    Fixes #166
  5. Merge pull request #198 from hoisie/travis-tweaks

    hoisie committed Aug 2, 2016
    Travis tweaks
  6. Specify go versions for Travis

    hoisie committed Aug 2, 2016
    This should help maintain backwards compatibility with older go
    versions.
  7. Simplify gofmt check in Travis

    hoisie committed Aug 2, 2016
    Instead of providing a custom script, the check can be replaced with a
    handy one-liner:
    
    `diff -u <(echo -n) <(gofmt -d -s .)`
Commits on Jul 31, 2016
  1. Merge pull request #197 from hoisie/content-type-custom-handler

    hoisie committed Jul 31, 2016
    Content type custom handler
  2. Stop setting a 'Content-Type' header for custom HTTP handlers

    hoisie committed Jul 31, 2016
    Previously, when using web.Handle, the `Content-Type` HTTP header was
    set by default to `text/html; charset=utf-8`. This does not play
    nicely well with Go's FileHandler. If a `Content-Type` header is set,
    Go's FileHandler will not overwrite it. This breaks serving static
    assets with a FileHandler.
    
    This resolves #158
  3. Rename 'web.Handler' to 'web.Handle'

    hoisie committed Jul 31, 2016
    Most other functions in `web` are in the imperative tense. Rename
    `Handler` to `Handle` for consistency.
    
    Perform a similar rename for the 'Server' type.
    
    Also, simplify the comment a bit.
Commits on Jul 30, 2016
  1. Merge pull request #196 from hoisie/secure-cookie-crash

    hoisie committed Jul 30, 2016
    Secure cookie crash
  2. Add trailing newlines to many of the 'hello world' examples

    hoisie committed Jul 30, 2016
    This makes them more curl-friendly.
  3. Add check for secure cookie structure

    hoisie committed Jul 30, 2016
    A secure cookie has three parts separated by the pipe ("|") character.
    Before trying to parse it, ensure there are actually three parts.
    
    This is a potential fix for #163
  4. Merge pull request #195 from hoisie/basic-auth-crash

    hoisie committed Jul 30, 2016
    Add check for 'Authorization' header in GetBasicAuth
  5. Add check for 'Authorization' header in GetBasicAuth

    hoisie committed Jul 30, 2016
    Previously, if the `Authorization` header was not provided, the method
    would crash.  Add a check for the presence a header, and a test case
    as well.
    
    Resolves #174
  6. Add gofmt check for Travis

    hoisie committed Jul 30, 2016
    This will help ensure that code is properly formatted.
  7. Update build badge

    hoisie committed Jul 30, 2016
    The CI has been moved from Drone to Travis.
  8. Override install script for travis

    hoisie committed Jul 30, 2016
    Update the `install` script to a more simple `go get`. The Travis
    default `go get ./...` has problems with the examples directory.
  9. Override test script for Travis

    hoisie committed Jul 30, 2016
    By default Travis runs `go test ./...` as the test script, which fails
    on the examples. Change it to `go test -short`.
  10. Add .travis.yml file

    hoisie committed Jul 30, 2016
    Because Drone doesn't seem to be able to set pull request build
    statuses, I'd like to give Travis a try.
  11. Merge pull request #194 from hoisie/color-output

    hoisie committed Jul 30, 2016
    Add the 'ColorOutput' server config option
  12. Add the 'ColorOutput' server config option

    hoisie committed Jul 30, 2016
    When this option is set to true, the log output will contain color
    escape sequences. Set it to false to disable color escape sequences.
    
    Inspired by xyproto@88b1a31
    
    Resolves #153
  13. Fix formatting of web_test.go

    hoisie committed Jul 30, 2016
    There was an extra space before the call to http.StatusText. A check has
    been added to Drone to catch these issues.