diff options
| author |  kim <89579420+NyaaaWhatsUpDoc@users.noreply.github.com> | 2025-04-01 16:21:59 +0000 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2025-04-01 18:21:59 +0200 |
| commit | b0873972ecb6d9977a36898d8281649d38c17df7 (patch) | |
| tree | 1b0eb8a89c99058d443e6550e4dfa3ba347804a7 /vendor/github.com | |
| parent | update modernc.org/sqlite to v1.37.0-concurrrency-workaround (#3958) (diff) | |
| download | gotosocial-b0873972ecb6d9977a36898d8281649d38c17df7.tar.xz | |
[chore] bump golang.org/x/net@v0.38.0, github.com/gin-contrib/cors@v1.7.4, github.com/spf13/viper@v1.20.1, github.com/tdewolff/minify/v2@v2.22.4 (#3959)
Diffstat (limited to 'vendor/github.com')
| -rw-r--r-- | vendor/github.com/gin-contrib/cors/.golangci.yml | 1 | ||||
| -rw-r--r-- | vendor/github.com/gin-contrib/cors/config.go | 14 | ||||
| -rw-r--r-- | vendor/github.com/gin-contrib/cors/cors.go | 10 | ||||
| -rw-r--r-- | vendor/github.com/spf13/viper/viper.go | 32 |
4 files changed, 43 insertions, 14 deletions
diff --git a/vendor/github.com/gin-contrib/cors/.golangci.yml b/vendor/github.com/gin-contrib/cors/.golangci.yml index d59c99bd4..67edf0ac8 100644 --- a/vendor/github.com/gin-contrib/cors/.golangci.yml +++ b/vendor/github.com/gin-contrib/cors/.golangci.yml @@ -7,7 +7,6 @@ linters: - dogsled - dupl - errcheck - - exportloopref - exhaustive - gochecknoinits - goconst diff --git a/vendor/github.com/gin-contrib/cors/config.go b/vendor/github.com/gin-contrib/cors/config.go index 8a295e3db..a955c3171 100644 --- a/vendor/github.com/gin-contrib/cors/config.go +++ b/vendor/github.com/gin-contrib/cors/config.go @@ -2,6 +2,7 @@ package cors import ( "net/http" + "regexp" "strings" "github.com/gin-gonic/gin" @@ -122,21 +123,32 @@ func (cors *cors) isOriginValid(c *gin.Context, origin string) bool { return valid } +var originRegex = regexp.MustCompile(`^/(.+)/[gimuy]?$`) + func (cors *cors) validateOrigin(origin string) bool { if cors.allowAllOrigins { return true } + for _, value := range cors.allowOrigins { - if value == origin { + if !originRegex.MatchString(value) && value == origin { + return true + } + + if originRegex.MatchString(value) && + regexp.MustCompile(originRegex.FindStringSubmatch(value)[1]).MatchString(origin) { return true } } + if len(cors.wildcardOrigins) > 0 && cors.validateWildcardOrigin(origin) { return true } + if cors.allowOriginFunc != nil { return cors.allowOriginFunc(origin) } + return false } diff --git a/vendor/github.com/gin-contrib/cors/cors.go b/vendor/github.com/gin-contrib/cors/cors.go index 2261df759..cacb34a6c 100644 --- a/vendor/github.com/gin-contrib/cors/cors.go +++ b/vendor/github.com/gin-contrib/cors/cors.go @@ -3,6 +3,7 @@ package cors import ( "errors" "fmt" + "regexp" "strings" "time" @@ -103,8 +104,17 @@ func (c Config) getAllowedSchemas() []string { return allowedSchemas } +var regexpBasedOrigin = regexp.MustCompile(`^\/(.+)\/[gimuy]?$`) + func (c Config) validateAllowedSchemas(origin string) bool { allowedSchemas := c.getAllowedSchemas() + + if regexpBasedOrigin.MatchString(origin) { + // Normalize regexp-based origins + origin = regexpBasedOrigin.FindStringSubmatch(origin)[1] + origin = strings.Replace(origin, "?", "", 1) + } + for _, schema := range allowedSchemas { if strings.HasPrefix(origin, schema) { return true diff --git a/vendor/github.com/spf13/viper/viper.go b/vendor/github.com/spf13/viper/viper.go index f900e58b1..a58d757bd 100644 --- a/vendor/github.com/spf13/viper/viper.go +++ b/vendor/github.com/spf13/viper/viper.go @@ -1535,27 +1535,29 @@ func (v *Viper) MergeInConfig() error { func ReadConfig(in io.Reader) error { return v.ReadConfig(in) } func (v *Viper) ReadConfig(in io.Reader) error { - if v.configType == "" { - return errors.New("cannot decode configuration: config type is not set") + config := make(map[string]any) + + err := v.unmarshalReader(in, config) + if err != nil { + return err } - v.config = make(map[string]any) - return v.unmarshalReader(in, v.config) + v.config = config + + return nil } // MergeConfig merges a new configuration with an existing config. func MergeConfig(in io.Reader) error { return v.MergeConfig(in) } func (v *Viper) MergeConfig(in io.Reader) error { - if v.configType == "" { - return errors.New("cannot decode configuration: config type is not set") - } + config := make(map[string]any) - cfg := make(map[string]any) - if err := v.unmarshalReader(in, cfg); err != nil { + if err := v.unmarshalReader(in, config); err != nil { return err } - return v.MergeConfigMap(cfg) + + return v.MergeConfigMap(config) } // MergeConfigMap merges the configuration from the map given with an existing config. @@ -1662,15 +1664,21 @@ func (v *Viper) writeConfig(filename string, force bool) error { } func (v *Viper) unmarshalReader(in io.Reader, c map[string]any) error { + format := strings.ToLower(v.getConfigType()) + if format == "" { + return errors.New("cannot decode configuration: unable to determine config type") + } + buf := new(bytes.Buffer) buf.ReadFrom(in) - format := strings.ToLower(v.getConfigType()) - + // TODO: remove this once SupportedExts is deprecated/removed if !slices.Contains(SupportedExts, format) { return UnsupportedConfigError(format) } + // TODO: return [UnsupportedConfigError] if the registry does not contain the format + // TODO: consider deprecating this error type decoder, err := v.decoderRegistry.Decoder(format) if err != nil { return ConfigParseError{err} |