Permalink
Switch branches/tags
Nothing to show
Commits on Aug 9, 2016
  1. Merge pull request #207 from hoisie/key-cleanup

    Move encKey and signKey from ServerConfig to Server
    committed on GitHub Aug 9, 2016
  2. Move encKey and signKey from ServerConfig to Server

    Belonging to the `Server` struct seems more appropriate than
    `ServerConfig`. The `ServerConfig` is mainly for user-defined
    configuration, and the keys are generated during runtime.
    committed Aug 9, 2016
  3. Merge pull request #206 from hoisie/cleanup-spacing

    Remove superfluous newlines in secure_cookie.go
    committed on GitHub Aug 9, 2016
  4. Remove superfluous newlines in secure_cookie.go

    Whitespace only change. I forgot to add this file when amending the
    commit.
    committed Aug 9, 2016
  5. Merge pull request #204 from hoisie/encrypted-cookie

    Switch secure cookie implementation
    committed on GitHub Aug 9, 2016
  6. Switch secure cookie implementation

    Previously, secure cookies in web.go were only cryptographically signed.
    This prevented them from being tampered with. However, the contents of
    the cookies were still transmitted in plain text to the client.
    
    Instead of only signing the contents of the cookie, encrypt the contents
    as well. This prevents any kind of information leakage.
    
    Secure cookies are now encrypted with AES counter mode with a 32 bit
    key. The contents are still signed using HMAC. Both the encryption key
    and the signature key are generated using pbkdf2 using the CookieSecret
    config option as the password source. The ciphertext, initialization
    vector, and signature are now transmitted to the client.
    
    Although the API is the same, cookies previously stored will not be
    readable. Unfortunately there is no smooth upgrade process.
    
    An example of using secure cookies has been added as well.
    
    Fixes #160
    committed Aug 9, 2016
Commits on Aug 8, 2016
  1. Merge pull request #203 from hoisie/simplify-base64

    Simplify base64 encoding logic in SetSecureCookie
    committed on GitHub Aug 8, 2016
  2. Simplify base64 encoding logic in SetSecureCookie

    Use `EncodeToString` instead of setting up a separate buffer.
    This code was likely written before `EncodeToString` existed.
    committed Aug 8, 2016
Commits on Aug 6, 2016
  1. Merge pull request #202 from hoisie/tty-colors

    Clean up the logic for color logging
    committed on GitHub Aug 6, 2016
  2. Clean up the logic for color logging

    Previously, the escape sequences for terminal colors were included
    directly in the log string. This made it difficult to understand what
    was being logged. Add some wrapper methods to clean up the abstraction
    of the color output logic. Also, avoid using color logging if web.go
    isn't running in a terminal (e.g the output is being piped).
    committed Aug 6, 2016
Commits on Aug 5, 2016
  1. Merge pull request #201 from hoisie/bad-request

    Add a helper method for returning HTTP 400
    committed on GitHub Aug 5, 2016
  2. Add a helper method for returning HTTP 400

    This will cause HTTP 400 Bad Request to be returned.
    
    Resolves #180
    committed Aug 5, 2016
Commits on Aug 2, 2016
  1. Merge pull request #200 from hoisie/discard-output

    Discard log output during TestCustomHandlerContentType
    committed on GitHub Aug 2, 2016
  2. Discard log output during TestCustomHandlerContentType

    The request log wasn't being discarded.
    committed Aug 2, 2016
  3. Merge pull request #199 from hoisie/malformed-scgi

    Gracefully handle malformed SCGI requests
    committed on GitHub Aug 2, 2016
  4. Gracefully handle malformed SCGI requests

    Previously, malformed SCGI requests would cause a panic when they were
    processed. Gracefully handle malformed SCGI requests. Also, add some
    additional error checking when parsing the length of the request, and
    clean up the code related to logging SCGI errors.
    
    Fixes #166
    committed Aug 2, 2016
  5. Merge pull request #198 from hoisie/travis-tweaks

    Travis tweaks
    committed on GitHub Aug 2, 2016
  6. Specify go versions for Travis

    This should help maintain backwards compatibility with older go
    versions.
    committed Aug 2, 2016
  7. Simplify gofmt check in Travis

    Instead of providing a custom script, the check can be replaced with a
    handy one-liner:
    
    `diff -u <(echo -n) <(gofmt -d -s .)`
    committed Aug 2, 2016
Commits on Jul 31, 2016
  1. Merge pull request #197 from hoisie/content-type-custom-handler

    Content type custom handler
    committed on GitHub Jul 31, 2016
  2. Stop setting a 'Content-Type' header for custom HTTP handlers

    Previously, when using web.Handle, the `Content-Type` HTTP header was
    set by default to `text/html; charset=utf-8`. This does not play
    nicely well with Go's FileHandler. If a `Content-Type` header is set,
    Go's FileHandler will not overwrite it. This breaks serving static
    assets with a FileHandler.
    
    This resolves #158
    committed Jul 31, 2016
  3. Rename 'web.Handler' to 'web.Handle'

    Most other functions in `web` are in the imperative tense. Rename
    `Handler` to `Handle` for consistency.
    
    Perform a similar rename for the 'Server' type.
    
    Also, simplify the comment a bit.
    committed Jul 31, 2016
Commits on Jul 30, 2016
  1. Merge pull request #196 from hoisie/secure-cookie-crash

    Secure cookie crash
    committed on GitHub Jul 30, 2016
  2. Add trailing newlines to many of the 'hello world' examples

    This makes them more curl-friendly.
    committed Jul 30, 2016
  3. Add check for secure cookie structure

    A secure cookie has three parts separated by the pipe ("|") character.
    Before trying to parse it, ensure there are actually three parts.
    
    This is a potential fix for #163
    committed Jul 30, 2016
  4. Merge pull request #195 from hoisie/basic-auth-crash

    Add check for 'Authorization' header in GetBasicAuth
    committed on GitHub Jul 30, 2016
  5. Add check for 'Authorization' header in GetBasicAuth

    Previously, if the `Authorization` header was not provided, the method
    would crash.  Add a check for the presence a header, and a test case
    as well.
    
    Resolves #174
    committed Jul 30, 2016
  6. Add gofmt check for Travis

    This will help ensure that code is properly formatted.
    committed Jul 30, 2016
  7. Update build badge

    The CI has been moved from Drone to Travis.
    committed on GitHub Jul 30, 2016
  8. Override install script for travis

    Update the `install` script to a more simple `go get`. The Travis
    default `go get ./...` has problems with the examples directory.
    committed Jul 30, 2016
  9. Override test script for Travis

    By default Travis runs `go test ./...` as the test script, which fails
    on the examples. Change it to `go test -short`.
    committed Jul 30, 2016
  10. Add .travis.yml file

    Because Drone doesn't seem to be able to set pull request build
    statuses, I'd like to give Travis a try.
    committed Jul 30, 2016
  11. Merge pull request #194 from hoisie/color-output

    Add the 'ColorOutput' server config option
    committed on GitHub Jul 30, 2016
  12. Add the 'ColorOutput' server config option

    When this option is set to true, the log output will contain color
    escape sequences. Set it to false to disable color escape sequences.
    
    Inspired by xyproto@88b1a31
    
    Resolves #153
    committed Jul 30, 2016
  13. Fix formatting of web_test.go

    There was an extra space before the call to http.StatusText. A check has
    been added to Drone to catch these issues.
    committed Jul 30, 2016