[chore] update dependencies (#4188)

Update dependencies: - github.com/gin-gonic/gin v1.10.0 -> v1.10.1 - github.com/gin-contrib/sessions v1.10.3 -> v1.10.4 - github.com/jackc/pgx/v5 v5.7.4 -> v5.7.5 - github.com/minio/minio-go/v7 v7.0.91 -> v7.0.92 - github.com/pquerna/otp v1.4.0 -> v1.5.0 - github.com/tdewolff/minify/v2 v2.23.5 -> v2.23.8 - github.com/yuin/goldmark v1.7.11 -> v1.7.12 - go.opentelemetry.io/otel{,/*} v1.35.0 -> v1.36.0 - modernc.org/sqlite v1.37.0 -> v1.37.1 Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4188 Reviewed-by: Daenney <daenney@noreply.codeberg.org> Co-authored-by: kim <grufwub@gmail.com> Co-committed-by: kim <grufwub@gmail.com>
2025-11-09 16:37:30 -06:00 · 2025-05-22 16:27:55 +02:00 · 2025-05-22 16:27:55 +02:00 · b6ff55662e
commit b6ff55662e
parent 20aad9be0f
214 changed files with 44839 additions and 32023 deletions
--- a/vendor/github.com/minio/minio-go/v7/pkg/signer/request-signature-streaming.go
+++ b/vendor/github.com/minio/minio-go/v7/pkg/signer/request-signature-streaming.go
@ -267,8 +267,8 @@ func (s *StreamingReader) addSignedTrailer(h http.Header) {

 // setStreamingAuthHeader - builds and sets authorization header value
 // for streaming signature.
-func (s *StreamingReader) setStreamingAuthHeader(req *http.Request) {
-	credential := GetCredential(s.accessKeyID, s.region, s.reqTime, ServiceTypeS3)
+func (s *StreamingReader) setStreamingAuthHeader(req *http.Request, serviceType string) {
+	credential := GetCredential(s.accessKeyID, s.region, s.reqTime, serviceType)
 	authParts := []string{
 		signV4Algorithm + " Credential=" + credential,
 		"SignedHeaders=" + getSignedHeaders(*req, ignoredStreamingHeaders),
@ -280,6 +280,54 @@ func (s *StreamingReader) setStreamingAuthHeader(req *http.Request) {
 	req.Header.Set("Authorization", auth)
 }

+// StreamingSignV4Express - provides chunked upload signatureV4 support by
+// implementing io.Reader.
+func StreamingSignV4Express(req *http.Request, accessKeyID, secretAccessKey, sessionToken,
+	region string, dataLen int64, reqTime time.Time, sh256 md5simd.Hasher,
+) *http.Request {
+	// Set headers needed for streaming signature.
+	prepareStreamingRequest(req, sessionToken, dataLen, reqTime)
+
+	if req.Body == nil {
+		req.Body = io.NopCloser(bytes.NewReader([]byte("")))
+	}
+
+	stReader := &StreamingReader{
+		baseReadCloser:  req.Body,
+		accessKeyID:     accessKeyID,
+		secretAccessKey: secretAccessKey,
+		sessionToken:    sessionToken,
+		region:          region,
+		reqTime:         reqTime,
+		chunkBuf:        make([]byte, payloadChunkSize),
+		contentLen:      dataLen,
+		chunkNum:        1,
+		totalChunks:     int((dataLen+payloadChunkSize-1)/payloadChunkSize) + 1,
+		lastChunkSize:   int(dataLen % payloadChunkSize),
+		sh256:           sh256,
+	}
+	if len(req.Trailer) > 0 {
+		stReader.trailer = req.Trailer
+		// Remove...
+		req.Trailer = nil
+	}
+
+	// Add the request headers required for chunk upload signing.
+
+	// Compute the seed signature.
+	stReader.setSeedSignature(req)
+
+	// Set the authorization header with the seed signature.
+	stReader.setStreamingAuthHeader(req, ServiceTypeS3Express)
+
+	// Set seed signature as prevSignature for subsequent
+	// streaming signing process.
+	stReader.prevSignature = stReader.seedSignature
+	req.Body = stReader
+
+	return req
+}
+
 // StreamingSignV4 - provides chunked upload signatureV4 support by
 // implementing io.Reader.
 func StreamingSignV4(req *http.Request, accessKeyID, secretAccessKey, sessionToken,
@ -318,7 +366,7 @@ func StreamingSignV4(req *http.Request, accessKeyID, secretAccessKey, sessionTok
 	stReader.setSeedSignature(req)

 	// Set the authorization header with the seed signature.
-	stReader.setStreamingAuthHeader(req)
+	stReader.setStreamingAuthHeader(req, ServiceTypeS3)

 	// Set seed signature as prevSignature for subsequent
 	// streaming signing process.
--- a/vendor/github.com/minio/minio-go/v7/pkg/signer/request-signature-v4.go
+++ b/vendor/github.com/minio/minio-go/v7/pkg/signer/request-signature-v4.go
@ -38,8 +38,9 @@ const (

 // Different service types
 const (
-	ServiceTypeS3  = "s3"
-	ServiceTypeSTS = "sts"
+	ServiceTypeS3        = "s3"
+	ServiceTypeSTS       = "sts"
+	ServiceTypeS3Express = "s3express"
 )

 // Excerpts from @lsegal -
@ -229,7 +230,11 @@ func PreSignV4(req http.Request, accessKeyID, secretAccessKey, sessionToken, loc
 	query.Set("X-Amz-Credential", credential)
 	// Set session token if available.
 	if sessionToken != "" {
-		query.Set("X-Amz-Security-Token", sessionToken)
+		if v := req.Header.Get("x-amz-s3session-token"); v != "" {
+			query.Set("X-Amz-S3session-Token", sessionToken)
+		} else {
+			query.Set("X-Amz-Security-Token", sessionToken)
+		}
 	}
 	req.URL.RawQuery = query.Encode()

@ -281,7 +286,11 @@ func signV4(req http.Request, accessKeyID, secretAccessKey, sessionToken, locati

 	// Set session token if available.
 	if sessionToken != "" {
-		req.Header.Set("X-Amz-Security-Token", sessionToken)
+		// S3 Express token if not set then set sessionToken
+		// with older x-amz-security-token header.
+		if v := req.Header.Get("x-amz-s3session-token"); v == "" {
+			req.Header.Set("X-Amz-Security-Token", sessionToken)
+		}
 	}

 	if len(trailer) > 0 {
@ -367,6 +376,18 @@ func SignV4(req http.Request, accessKeyID, secretAccessKey, sessionToken, locati
 	return signV4(req, accessKeyID, secretAccessKey, sessionToken, location, ServiceTypeS3, nil)
 }

+// SignV4Express sign the request before Do(), in accordance with
+// http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html.
+func SignV4Express(req http.Request, accessKeyID, secretAccessKey, sessionToken, location string) *http.Request {
+	return signV4(req, accessKeyID, secretAccessKey, sessionToken, location, ServiceTypeS3Express, nil)
+}
+
+// SignV4TrailerExpress sign the request before Do(), in accordance with
+// http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html
+func SignV4TrailerExpress(req http.Request, accessKeyID, secretAccessKey, sessionToken, location string, trailer http.Header) *http.Request {
+	return signV4(req, accessKeyID, secretAccessKey, sessionToken, location, ServiceTypeS3Express, trailer)
+}
+
 // SignV4Trailer sign the request before Do(), in accordance with
 // http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html
 func SignV4Trailer(req http.Request, accessKeyID, secretAccessKey, sessionToken, location string, trailer http.Header) *http.Request {