mirrors/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-06-03 05:59:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

[GITEA] Use maintained gziphandler

Browse source 
- https://github.com/NYTimes/gziphandler doesn't seems to be maintained
anymore and Forgejo already includes
https://github.com/klauspost/compress which provides a maintained and
faster gzip handler fork.
- Enables Jitter to prevent BREACH attacks, as this *seems* to be
possible in the context of Forgejo.

(cherry picked from commit cc2847241d)
(cherry picked from commit 99ba56a876)

Conflicts:
	go.sum
	https://codeberg.org/forgejo/forgejo/pulls/1581
(cherry picked from commit 711638193d)
This commit is contained in:
Gusted 2023-10-01 00:09:25 +02:00 committed by Earl Warren
parent 8064130344
commit 9c12a37fde
No known key found for this signature in database
GPG key ID: 0579CB2928A78A00
6 changed files with 23 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
assets/go-licenses.json generated
View file

File diff suppressed because one or more lines are too long

1
go.mod
View file

@ -15,7 +15,6 @@ require (
gitea.com/lunny/levelqueue v0.4.2-0.20230414023320-3c0159fe0fe4 gitea.com/lunny/levelqueue v0.4.2-0.20230414023320-3c0159fe0fe4
github.com/42wim/sshsig v0.0.0-20211121163825-841cf5bbc121 github.com/42wim/sshsig v0.0.0-20211121163825-841cf5bbc121
github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
github.com/NYTimes/gziphandler v1.1.1
github.com/PuerkitoBio/goquery v1.8.1 github.com/PuerkitoBio/goquery v1.8.1
github.com/alecthomas/chroma/v2 v2.9.1 github.com/alecthomas/chroma/v2 v2.9.1
github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb

2
go.sum
View file

@ -101,8 +101,6 @@ github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBa
github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I=
github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c=
github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c h1:kMFnB0vCcX7IL/m9Y5LO+KQYv+t1CQOiFe6+SV2J7bE= github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c h1:kMFnB0vCcX7IL/m9Y5LO+KQYv+t1CQOiFe6+SV2J7bE=
github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
github.com/PuerkitoBio/goquery v1.8.1 h1:uQxhNlArOIdbrH1tr0UXwdVFgDcZDrZVdcpygAcwmWM= github.com/PuerkitoBio/goquery v1.8.1 h1:uQxhNlArOIdbrH1tr0UXwdVFgDcZDrZVdcpygAcwmWM=

10
modules/web/handler.go
View file

@ -147,6 +147,16 @@ func toHandlerProvider(handler any) func(next http.Handler) http.Handler {
} }
} }
if hp, ok := handler.(func(next http.Handler) http.HandlerFunc); ok {
return func(next http.Handler) http.Handler {
h := hp(next) // this handle could be dynamically generated, so we can't use it for debug info
return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {
routing.UpdateFuncInfo(req.Context(), funcInfo)
h.ServeHTTP(resp, req)
})
}
}
provider := func(next http.Handler) http.Handler { provider := func(next http.Handler) http.Handler {
return http.HandlerFunc(func(respOrig http.ResponseWriter, req *http.Request) { return http.HandlerFunc(func(respOrig http.ResponseWriter, req *http.Request) {
// wrap the response writer to check whether the response has been written // wrap the response writer to check whether the response has been written

13
routers/web/web.go
View file

@ -49,17 +49,12 @@ import (
_ "code.gitea.io/gitea/modules/session" // to registers all internal adapters _ "code.gitea.io/gitea/modules/session" // to registers all internal adapters
"gitea.com/go-chi/captcha" "gitea.com/go-chi/captcha"
"github.com/NYTimes/gziphandler"
chi_middleware "github.com/go-chi/chi/v5/middleware" chi_middleware "github.com/go-chi/chi/v5/middleware"
"github.com/go-chi/cors" "github.com/go-chi/cors"
"github.com/klauspost/compress/gzhttp"
"github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus"
) )
const (
// GzipMinSize represents min size to compress for the body size of response
GzipMinSize = 1400
)
// CorsHandler return a http handler who set CORS options if enabled by config // CorsHandler return a http handler who set CORS options if enabled by config
func CorsHandler() func(next http.Handler) http.Handler { func CorsHandler() func(next http.Handler) http.Handler {
if setting.CORSConfig.Enabled { if setting.CORSConfig.Enabled {
@ -230,11 +225,11 @@ func Routes() *web.Route {
var mid []any var mid []any
if setting.EnableGzip { if setting.EnableGzip {
h, err := gziphandler.GzipHandlerWithOpts(gziphandler.MinSize(GzipMinSize)) wrapper, err := gzhttp.NewWrapper(gzhttp.RandomJitter(32, 0, false))
if err != nil { if err != nil {
log.Fatal("GzipHandlerWithOpts failed: %v", err) log.Fatal("gzhttp.NewWrapper failed: %v", err)
} }
mid = append(mid, h) mid = append(mid, wrapper)
} }
if setting.Service.EnableCaptcha { if setting.Service.EnableCaptcha {

8
tests/integration/lfs_getobject_test.go
View file

@ -18,9 +18,9 @@ import (
"code.gitea.io/gitea/modules/json" "code.gitea.io/gitea/modules/json"
"code.gitea.io/gitea/modules/lfs" "code.gitea.io/gitea/modules/lfs"
"code.gitea.io/gitea/modules/setting" "code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/routers/web"
"code.gitea.io/gitea/tests" "code.gitea.io/gitea/tests"
"github.com/klauspost/compress/gzhttp"
gzipp "github.com/klauspost/compress/gzip" gzipp "github.com/klauspost/compress/gzip"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
) )
@ -132,7 +132,7 @@ func TestGetLFSSmallTokenFail(t *testing.T) {
func TestGetLFSLarge(t *testing.T) { func TestGetLFSLarge(t *testing.T) {
defer tests.PrepareTestEnv(t)() defer tests.PrepareTestEnv(t)()
content := make([]byte, web.GzipMinSize*10) content := make([]byte, gzhttp.DefaultMinSize*10)
for i := range content { for i := range content {
content[i] = byte(i % 256) content[i] = byte(i % 256)
} }
@ -143,7 +143,7 @@ func TestGetLFSLarge(t *testing.T) {
func TestGetLFSGzip(t *testing.T) { func TestGetLFSGzip(t *testing.T) {
defer tests.PrepareTestEnv(t)() defer tests.PrepareTestEnv(t)()
b := make([]byte, web.GzipMinSize*10) b := make([]byte, gzhttp.DefaultMinSize*10)
for i := range b { for i := range b {
b[i] = byte(i % 256) b[i] = byte(i % 256)
} }
@ -159,7 +159,7 @@ func TestGetLFSGzip(t *testing.T) {
func TestGetLFSZip(t *testing.T) { func TestGetLFSZip(t *testing.T) {
defer tests.PrepareTestEnv(t)() defer tests.PrepareTestEnv(t)()
b := make([]byte, web.GzipMinSize*10) b := make([]byte, gzhttp.DefaultMinSize*10)
for i := range b { for i := range b {
b[i] = byte(i % 256) b[i] = byte(i % 256)
} }