mirrors/gotosocial
1
0
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial.git synced 2025-10-29 20:32:26 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

[chore] update go dependencies (#4304)

Browse source 
- github.com/KimMachineGun/automemlimit v0.7.2 => v0.7.3
- github.com/gin-contrib/cors v1.7.5 => v1.7.6
- github.com/minio/minio-go/v7 v7.0.92 => v7.0.94
- github.com/spf13/cast v1.8.0 => v1.9.2
- github.com/uptrace/bun{,/*} v1.2.11 => v1.2.14
- golang.org/x/image v0.27.0 => v0.28.0
- golang.org/x/net v0.40.0 => v0.41.0
- code.superseriousbusiness.org/go-swagger v0.31.0-gts-go1.23-fix => v0.32.3-gts-go1.23-fix

Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4304
Co-authored-by: kim <grufwub@gmail.com>
Co-committed-by: kim <grufwub@gmail.com>
This commit is contained in:
kim 2025-06-30 15:19:09 +02:00 committed by kim
commit 8b0ea56027
294 changed files with 139999 additions and 21873 deletions
Download patch file Download diff file Expand all files Collapse all files

215
vendor/github.com/gin-contrib/cors/README.md generated vendored
View file

@ -1,47 +1,89 @@
# CORS gin's middleware
# gin-contrib/cors
[![Run Tests](https://github.com/gin-contrib/cors/actions/workflows/go.yml/badge.svg)](https://github.com/gin-contrib/cors/actions/workflows/go.yml)
[![codecov](https://codecov.io/gh/gin-contrib/cors/branch/master/graph/badge.svg)](https://codecov.io/gh/gin-contrib/cors)
[![Go Report Card](https://goreportcard.com/badge/github.com/gin-contrib/cors)](https://goreportcard.com/report/github.com/gin-contrib/cors)
[![GoDoc](https://godoc.org/github.com/gin-contrib/cors?status.svg)](https://godoc.org/github.com/gin-contrib/cors)
Gin middleware/handler to enable CORS support.
- [gin-contrib/cors](#gin-contribcors)
- [Overview](#overview)
- [Installation](#installation)
- [Quick Start](#quick-start)
- [Advanced Usage](#advanced-usage)
- [Custom Configuration](#custom-configuration)
- [DefaultConfig Reference](#defaultconfig-reference)
- [Default() Convenience](#default-convenience)
- [Configuration Reference](#configuration-reference)
- [Notes on Configuration](#notes-on-configuration)
- [Examples](#examples)
- [Advanced Options](#advanced-options)
- [Custom Origin Validation](#custom-origin-validation)
- [With Gin Context](#with-gin-context)
- [Helper Methods](#helper-methods)
- [Validation \& Error Handling](#validation--error-handling)
- [Important Notes](#important-notes)
## Usage
---
### Start using it
## Overview
Download and install it:
**CORS (Cross-Origin Resource Sharing)** middleware for [Gin](https://github.com/gin-gonic/gin).
- Enables flexible CORS handling for your Gin-based APIs.
- Highly configurable: origins, methods, headers, credentials, and more.
---
## Installation
```sh
go get github.com/gin-contrib/cors
```
Import it in your code:
Import in your Go code:
```go
import "github.com/gin-contrib/cors"
```
### Canonical example
---
## Quick Start
Allow all origins (default):
```go
package main
import (
"time"
"github.com/gin-contrib/cors"
"github.com/gin-gonic/gin"
)
func main() {
router := gin.Default()
// CORS for https://foo.com and https://github.com origins, allowing:
// - PUT and PATCH methods
// - Origin header
// - Credentials share
// - Preflight requests cached for 12 hours
router.Use(cors.Default()) // All origins allowed by default
router.Run()
}
```
> ⚠️ **Warning:** Allowing all origins disables cookies for clients. For credentialed requests, **do not** allow all origins.
---
## Advanced Usage
### Custom Configuration
Configure allowed origins, methods, headers, and more:
```go
import (
"time"
"github.com/gin-contrib/cors"
"github.com/gin-gonic/gin"
)
func main() {
router := gin.Default()
router.Use(cors.New(cors.Config{
AllowOrigins: []string{"https://foo.com"},
AllowMethods: []string{"PUT", "PATCH"},
@ -57,15 +99,20 @@ func main() {
}
```
### Using DefaultConfig as start point
---
### DefaultConfig Reference
Start with library defaults and customize as needed:
```go
import (
"github.com/gin-contrib/cors"
"github.com/gin-gonic/gin"
)
func main() {
router := gin.Default()
// - No origin allowed by default
// - GET,POST, PUT, HEAD methods
// - Credentials share disabled
// - Preflight requests cached for 12 hours
config := cors.DefaultConfig()
config.AllowOrigins = []string{"http://google.com"}
// config.AllowOrigins = []string{"http://google.com", "http://facebook.com"}
@ -76,20 +123,124 @@ func main() {
}
```
Note: while Default() allows all origins, DefaultConfig() does not and you will still have to use AllowAllOrigins.
> **Note:** `Default()` allows all origins, but `DefaultConfig()` does **not**. To allow all origins, set `AllowAllOrigins = true`.
### Default() allows all origins
---
### Default() Convenience
Enable all origins with a single call:
```go
func main() {
router := gin.Default()
// same as
// config := cors.DefaultConfig()
// config.AllowAllOrigins = true
// router.Use(cors.New(config))
router.Use(cors.Default())
router.Run()
router.Use(cors.Default()) // Equivalent to AllowAllOrigins = true
```
---
## Configuration Reference
The middleware is controlled via the `cors.Config` struct. All fields are optional unless otherwise stated.
| Field | Type | Default | Description |
|-------------------------------|-----------------------------|-----------------------------------------------------------|-----------------------------------------------------------------------------------------------|
| `AllowAllOrigins` | `bool` | `false` | If true, allows all origins. Credentials **cannot** be used. |
| `AllowOrigins` | `[]string` | `[]` | List of allowed origins. Supports exact match, `*`, and wildcards. |
| `AllowOriginFunc` | `func(string) bool` | `nil` | Custom function to validate origin. If set, `AllowOrigins` is ignored. |
| `AllowOriginWithContextFunc` | `func(*gin.Context,string)bool` | `nil` | Like `AllowOriginFunc`, but with request context. |
| `AllowMethods` | `[]string` | `[]string{"GET", "POST", "PUT", "PATCH", "DELETE", "HEAD", "OPTIONS"}` | Allowed HTTP methods. |
| `AllowPrivateNetwork` | `bool` | `false` | Adds [Private Network Access](https://wicg.github.io/private-network-access/) CORS header. |
| `AllowHeaders` | `[]string` | `[]` | List of non-simple headers permitted in requests. |
| `AllowCredentials` | `bool` | `false` | Allow cookies, HTTP auth, or client certs. Only if precise origins are used. |
| `ExposeHeaders` | `[]string` | `[]` | Headers exposed to the browser. |
| `MaxAge` | `time.Duration` | `12 * time.Hour` | Cache time for preflight requests. |
| `AllowWildcard` | `bool` | `false` | Enables wildcards in origins (e.g. `https://*.example.com`). |
| `AllowBrowserExtensions` | `bool` | `false` | Allow browser extension schemes as origins (e.g. `chrome-extension://`). |
| `CustomSchemas` | `[]string` | `nil` | Additional allowed URI schemes (e.g. `tauri://`). |
| `AllowWebSockets` | `bool` | `false` | Allow `ws://` and `wss://` schemas. |
| `AllowFiles` | `bool` | `false` | Allow `file://` origins (dangerous; use only if necessary). |
| `OptionsResponseStatusCode` | `int` | `204` | Custom status code for `OPTIONS` responses. |
---
### Notes on Configuration
- Only one of `AllowAllOrigins`, `AllowOrigins`, `AllowOriginFunc`, or `AllowOriginWithContextFunc` should be set.
- If `AllowAllOrigins` is true, other origin settings are ignored and credentialed requests are not allowed.
- If `AllowWildcard` is enabled, only one `*` is allowed per origin string.
- Use `AllowBrowserExtensions`, `AllowWebSockets`, or `AllowFiles` to permit non-HTTP(s) protocols as origins.
- Custom schemas allow, for example, usage in desktop apps via custom URI schemes (`tauri://`, etc.).
- If both `AllowOriginFunc` and `AllowOriginWithContextFunc` are set, the context-specific function is preferred.
---
### Examples
#### Advanced Options
```go
config := cors.Config{
AllowOrigins: []string{"https://*.foo.com", "https://bar.com"},
AllowWildcard: true,
AllowMethods: []string{"GET", "POST"},
AllowHeaders: []string{"Authorization", "Content-Type"},
AllowCredentials: true,
AllowBrowserExtensions: true,
AllowWebSockets: true,
AllowFiles: false,
CustomSchemas: []string{"tauri://"},
MaxAge: 24 * time.Hour,
ExposeHeaders: []string{"X-Custom-Header"},
AllowPrivateNetwork: true,
}
```
Using all origins disables the ability for Gin to set cookies for clients. When dealing with credentials, don't allow all origins.
#### Custom Origin Validation
```go
config := cors.Config{
AllowOriginFunc: func(origin string) bool {
// Allow any github.com subdomain or a custom rule
return strings.HasSuffix(origin, "github.com")
},
}
```
#### With Gin Context
```go
config := cors.Config{
AllowOriginWithContextFunc: func(c *gin.Context, origin string) bool {
// Allow only if a certain header is present
return c.Request.Header.Get("X-Allow-CORS") == "yes"
},
}
```
---
## Helper Methods
Dynamically add methods or headers to the config:
```go
config.AddAllowMethods("DELETE", "OPTIONS")
config.AddAllowHeaders("X-My-Header")
config.AddExposeHeaders("X-Other-Header")
```
---
## Validation & Error Handling
- Calling `Validate()` on a `Config` checks for misconfiguration (called internally).
- If `AllowAllOrigins` is set, you cannot also set `AllowOrigins` or any `AllowOriginFunc`.
- If neither `AllowAllOrigins`, `AllowOriginFunc`, nor `AllowOrigins` is set, an error is raised.
- If an `AllowOrigin` contains a wildcard but `AllowWildcard` is not enabled, or more than one `*` is present, a panic is triggered.
- Invalid origin schemas or unsupported wildcards are rejected.
---
## Important Notes
- **Enabling all origins disables cookies:** When `AllowAllOrigins` is enabled, Gin cannot set cookies for clients. If you need credential sharing (cookies, authentication headers), **do not** allow all origins.
- For detailed documentation and configuration options, see the [GoDoc](https://godoc.org/github.com/gin-contrib/cors).

2
vendor/github.com/gin-contrib/cors/config.go generated vendored
View file

@ -87,7 +87,7 @@ func (cors *cors) applyCors(c *gin.Context) {
return
}
if c.Request.Method == "OPTIONS" {
if c.Request.Method == http.MethodOptions {
cors.handlePreflight(c)
defer c.AbortWithStatus(cors.optionsResponseStatusCode)
} else {

49
vendor/github.com/gin-contrib/sse/.golangci.yml generated vendored
View file

@ -1,3 +1,50 @@
version: "2"
linters:
disable:
default: none
enable:
- bodyclose
- dogsled
- dupl
- errcheck
- exhaustive
- gochecknoinits
- goconst
- gocritic
- gocyclo
- goprintffuncname
- gosec
- govet
- ineffassign
- lll
- misspell
- nakedret
- noctx
- nolintlint
- rowserrcheck
- staticcheck
- unconvert
- unparam
- unused
- whitespace
exclusions:
generated: lax
presets:
- comments
- common-false-positives
- legacy
- std-error-handling
paths:
- third_party$
- builtin$
- examples$
formatters:
enable:
- gofmt
- gofumpt
- goimports
exclusions:
generated: lax
paths:
- third_party$
- builtin$
- examples$

13
vendor/github.com/gin-contrib/sse/sse-decoder.go generated vendored
View file

@ -7,7 +7,6 @@ package sse
import (
"bytes"
"io"
"io/ioutil"
)
type decoder struct {
@ -22,7 +21,8 @@ func Decode(r io.Reader) ([]Event, error) {
func (d *decoder) dispatchEvent(event Event, data string) {
dataLength := len(data)
if dataLength > 0 {
//If the data buffer's last character is a U+000A LINE FEED (LF) character, then remove the last character from the data buffer.
// If the data buffer's last character is a U+000A LINE FEED (LF) character,
// then remove the last character from the data buffer.
data = data[:dataLength-1]
dataLength--
}
@ -37,13 +37,13 @@ func (d *decoder) dispatchEvent(event Event, data string) {
}
func (d *decoder) decode(r io.Reader) ([]Event, error) {
buf, err := ioutil.ReadAll(r)
buf, err := io.ReadAll(r)
if err != nil {
return nil, err
}
var currentEvent Event
var dataBuffer *bytes.Buffer = new(bytes.Buffer)
dataBuffer := new(bytes.Buffer)
// TODO (and unit tests)
// Lines must be separated by either a U+000D CARRIAGE RETURN U+000A LINE FEED (CRLF) character pair,
// a single U+000A LINE FEED (LF) character,
@ -96,7 +96,8 @@ func (d *decoder) decode(r io.Reader) ([]Event, error) {
currentEvent.Id = string(value)
case "retry":
// If the field value consists of only characters in the range U+0030 DIGIT ZERO (0) to U+0039 DIGIT NINE (9),
// then interpret the field value as an integer in base ten, and set the event stream's reconnection time to that integer.
// then interpret the field value as an integer in base ten, and set the event stream's
// reconnection time to that integer.
// Otherwise, ignore the field.
currentEvent.Id = string(value)
case "data":
@ -105,7 +106,7 @@ func (d *decoder) decode(r io.Reader) ([]Event, error) {
// then append a single U+000A LINE FEED (LF) character to the data buffer.
dataBuffer.WriteString("\n")
default:
//Otherwise. The field is ignored.
// Otherwise. The field is ignored.
continue
}
}

38
vendor/github.com/gin-contrib/sse/sse-encoder.go generated vendored
View file

@ -20,8 +20,10 @@ import (
const ContentType = "text/event-stream;charset=utf-8"
var contentType = []string{ContentType}
var noCache = []string{"no-cache"}
var (
contentType = []string{ContentType}
noCache = []string{"no-cache"}
)
var fieldReplacer = strings.NewReplacer(
"\n", "\\n",
@ -48,48 +50,48 @@ func Encode(writer io.Writer, event Event) error {
func writeId(w stringWriter, id string) {
if len(id) > 0 {
w.WriteString("id:")
fieldReplacer.WriteString(w, id)
w.WriteString("\n")
_, _ = w.WriteString("id:")
_, _ = fieldReplacer.WriteString(w, id)
_, _ = w.WriteString("\n")
}
}
func writeEvent(w stringWriter, event string) {
if len(event) > 0 {
w.WriteString("event:")
fieldReplacer.WriteString(w, event)
w.WriteString("\n")
_, _ = w.WriteString("event:")
_, _ = fieldReplacer.WriteString(w, event)
_, _ = w.WriteString("\n")
}
}
func writeRetry(w stringWriter, retry uint) {
if retry > 0 {
w.WriteString("retry:")
w.WriteString(strconv.FormatUint(uint64(retry), 10))
w.WriteString("\n")
_, _ = w.WriteString("retry:")
_, _ = w.WriteString(strconv.FormatUint(uint64(retry), 10))
_, _ = w.WriteString("\n")
}
}
func writeData(w stringWriter, data interface{}) error {
w.WriteString("data:")
_, _ = w.WriteString("data:")
bData, ok := data.([]byte)
if ok {
dataReplacer.WriteString(w, string(bData))
w.WriteString("\n\n")
_, _ = dataReplacer.WriteString(w, string(bData))
_, _ = w.WriteString("\n\n")
return nil
}
switch kindOfData(data) {
switch kindOfData(data) { //nolint:exhaustive
case reflect.Struct, reflect.Slice, reflect.Map:
err := json.NewEncoder(w).Encode(data)
if err != nil {
return err
}
w.WriteString("\n")
_, _ = w.WriteString("\n")
default:
dataReplacer.WriteString(w, fmt.Sprint(data))
w.WriteString("\n\n")
_, _ = dataReplacer.WriteString(w, fmt.Sprint(data))
_, _ = w.WriteString("\n\n")
}
return nil
}

2
vendor/github.com/gin-contrib/sse/writer.go generated vendored
View file

@ -12,7 +12,7 @@ type stringWrapper struct {
}
func (w stringWrapper) WriteString(str string) (int, error) {
return w.Writer.Write([]byte(str))
return w.Write([]byte(str))
}
func checkWriter(writer io.Writer) stringWriter {