From b6ff55662e0281c0d6e111f9307625ef695df2fa Mon Sep 17 00:00:00 2001
From: kim <grufwub@gmail.com>
Date: Thu, 22 May 2025 16:27:55 +0200
Subject: [chore] update dependencies (#4188)

Update dependencies:
- github.com/gin-gonic/gin v1.10.0 -> v1.10.1
- github.com/gin-contrib/sessions v1.10.3 -> v1.10.4
- github.com/jackc/pgx/v5 v5.7.4 -> v5.7.5
- github.com/minio/minio-go/v7 v7.0.91 -> v7.0.92
- github.com/pquerna/otp v1.4.0 -> v1.5.0
- github.com/tdewolff/minify/v2 v2.23.5 -> v2.23.8
- github.com/yuin/goldmark v1.7.11 -> v1.7.12
- go.opentelemetry.io/otel{,/*} v1.35.0 -> v1.36.0
- modernc.org/sqlite v1.37.0 -> v1.37.1

Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4188
Reviewed-by: Daenney <daenney@noreply.codeberg.org>
Co-authored-by: kim <grufwub@gmail.com>
Co-committed-by: kim <grufwub@gmail.com>
---
 vendor/github.com/minio/minio-go/v7/api.go | 68 +++++++++++++++++++++++-------
 1 file changed, 52 insertions(+), 16 deletions(-)

(limited to 'vendor/github.com/minio/minio-go/v7/api.go')

diff --git a/vendor/github.com/minio/minio-go/v7/api.go b/vendor/github.com/minio/minio-go/v7/api.go
index 39cd5fd53..cc00f92a3 100644
--- a/vendor/github.com/minio/minio-go/v7/api.go
+++ b/vendor/github.com/minio/minio-go/v7/api.go
@@ -40,8 +40,10 @@ import (
 
 	md5simd "github.com/minio/md5-simd"
 	"github.com/minio/minio-go/v7/pkg/credentials"
+	"github.com/minio/minio-go/v7/pkg/kvcache"
 	"github.com/minio/minio-go/v7/pkg/s3utils"
 	"github.com/minio/minio-go/v7/pkg/signer"
+	"github.com/minio/minio-go/v7/pkg/singleflight"
 	"golang.org/x/net/publicsuffix"
 )
 
@@ -68,9 +70,11 @@ type Client struct {
 	secure bool
 
 	// Needs allocation.
-	httpClient     *http.Client
-	httpTrace      *httptrace.ClientTrace
-	bucketLocCache *bucketLocationCache
+	httpClient         *http.Client
+	httpTrace          *httptrace.ClientTrace
+	bucketLocCache     *kvcache.Cache[string, string]
+	bucketSessionCache *kvcache.Cache[string, credentials.Value]
+	credsGroup         singleflight.Group[string, credentials.Value]
 
 	// Advanced functionality.
 	isTraceEnabled  bool
@@ -155,7 +159,7 @@ type Options struct {
 // Global constants.
 const (
 	libraryName    = "minio-go"
-	libraryVersion = "v7.0.91"
+	libraryVersion = "v7.0.92"
 )
 
 // User Agent should always following the below style.
@@ -280,8 +284,11 @@ func privateNew(endpoint string, opts *Options) (*Client, error) {
 	}
 	clnt.region = opts.Region
 
-	// Instantiate bucket location cache.
-	clnt.bucketLocCache = newBucketLocationCache()
+	// Initialize bucket region cache.
+	clnt.bucketLocCache = &kvcache.Cache[string, string]{}
+
+	// Initialize bucket session cache (s3 express).
+	clnt.bucketSessionCache = &kvcache.Cache[string, credentials.Value]{}
 
 	// Introduce a new locked random seed.
 	clnt.random = rand.New(&lockedRandSource{src: rand.NewSource(time.Now().UTC().UnixNano())})
@@ -818,14 +825,21 @@ func (c *Client) newRequest(ctx context.Context, method string, metadata request
 		ctx = httptrace.WithClientTrace(ctx, c.httpTrace)
 	}
 
-	// Initialize a new HTTP request for the method.
-	req, err = http.NewRequestWithContext(ctx, method, targetURL.String(), nil)
+	// make sure to de-dup calls to credential services, this reduces
+	// the overall load to the endpoint generating credential service.
+	value, err, _ := c.credsGroup.Do(metadata.bucketName, func() (credentials.Value, error) {
+		if s3utils.IsS3ExpressBucket(metadata.bucketName) && s3utils.IsAmazonEndpoint(*c.endpointURL) {
+			return c.CreateSession(ctx, metadata.bucketName, SessionReadWrite)
+		}
+		// Get credentials from the configured credentials provider.
+		return c.credsProvider.GetWithContext(c.CredContext())
+	})
 	if err != nil {
 		return nil, err
 	}
 
-	// Get credentials from the configured credentials provider.
-	value, err := c.credsProvider.GetWithContext(c.CredContext())
+	// Initialize a new HTTP request for the method.
+	req, err = http.NewRequestWithContext(ctx, method, targetURL.String(), nil)
 	if err != nil {
 		return nil, err
 	}
@@ -837,6 +851,10 @@ func (c *Client) newRequest(ctx context.Context, method string, metadata request
 		sessionToken    = value.SessionToken
 	)
 
+	if s3utils.IsS3ExpressBucket(metadata.bucketName) && sessionToken != "" {
+		req.Header.Set("x-amz-s3session-token", sessionToken)
+	}
+
 	// Custom signer set then override the behavior.
 	if c.overrideSignerType != credentials.SignatureDefault {
 		signerType = c.overrideSignerType
@@ -922,8 +940,13 @@ func (c *Client) newRequest(ctx context.Context, method string, metadata request
 		// Streaming signature is used by default for a PUT object request.
 		// Additionally, we also look if the initialized client is secure,
 		// if yes then we don't need to perform streaming signature.
-		req = signer.StreamingSignV4(req, accessKeyID,
-			secretAccessKey, sessionToken, location, metadata.contentLength, time.Now().UTC(), c.sha256Hasher())
+		if s3utils.IsAmazonExpressRegionalEndpoint(*c.endpointURL) {
+			req = signer.StreamingSignV4Express(req, accessKeyID,
+				secretAccessKey, sessionToken, location, metadata.contentLength, time.Now().UTC(), c.sha256Hasher())
+		} else {
+			req = signer.StreamingSignV4(req, accessKeyID,
+				secretAccessKey, sessionToken, location, metadata.contentLength, time.Now().UTC(), c.sha256Hasher())
+		}
 	default:
 		// Set sha256 sum for signature calculation only with signature version '4'.
 		shaHeader := unsignedPayload
@@ -938,8 +961,12 @@ func (c *Client) newRequest(ctx context.Context, method string, metadata request
 		}
 		req.Header.Set("X-Amz-Content-Sha256", shaHeader)
 
-		// Add signature version '4' authorization header.
-		req = signer.SignV4Trailer(*req, accessKeyID, secretAccessKey, sessionToken, location, metadata.trailer)
+		if s3utils.IsAmazonExpressRegionalEndpoint(*c.endpointURL) {
+			req = signer.SignV4TrailerExpress(*req, accessKeyID, secretAccessKey, sessionToken, location, metadata.trailer)
+		} else {
+			// Add signature version '4' authorization header.
+			req = signer.SignV4Trailer(*req, accessKeyID, secretAccessKey, sessionToken, location, metadata.trailer)
+		}
 	}
 
 	// Return request.
@@ -972,8 +999,17 @@ func (c *Client) makeTargetURL(bucketName, objectName, bucketLocation string, is
 		} else {
 			// Do not change the host if the endpoint URL is a FIPS S3 endpoint or a S3 PrivateLink interface endpoint
 			if !s3utils.IsAmazonFIPSEndpoint(*c.endpointURL) && !s3utils.IsAmazonPrivateLinkEndpoint(*c.endpointURL) {
-				// Fetch new host based on the bucket location.
-				host = getS3Endpoint(bucketLocation, c.s3DualstackEnabled)
+				if s3utils.IsAmazonExpressRegionalEndpoint(*c.endpointURL) {
+					if bucketName == "" {
+						host = getS3ExpressEndpoint(bucketLocation, false)
+					} else {
+						// Fetch new host based on the bucket location.
+						host = getS3ExpressEndpoint(bucketLocation, s3utils.IsS3ExpressBucket(bucketName))
+					}
+				} else {
+					// Fetch new host based on the bucket location.
+					host = getS3Endpoint(bucketLocation, c.s3DualstackEnabled)
+				}
 			}
 		}
 	}
-- 
cgit v1.2.3