Merge 'v1.3.5'

2017-08-01 19:32:44 +02:00 · 2017-08-01 19:32:44 +02:00 · d456c2ce6a
commit d456c2ce6a
parent 94f922cd28 413ed62933
23 changed files with 1833 additions and 138 deletions
--- a/vendor/github.com/NYTimes/gziphandler/gzip.go
+++ b/vendor/github.com/NYTimes/gziphandler/gzip.go
@ -3,6 +3,7 @@ package gziphandler
 import (
 	"bufio"
 	"compress/gzip"
+	"errors"
 	"fmt"
 	"io"
 	"net"
@ -230,12 +231,22 @@ func NewGzipLevelHandler(level int) (func(http.Handler) http.Handler, error) {
 // NewGzipLevelAndMinSize behave as NewGzipLevelHandler except it let the caller
 // specify the minimum size before compression.
 func NewGzipLevelAndMinSize(level, minSize int) (func(http.Handler) http.Handler, error) {
+	return NewGzipHandler(level, minSize, &GzipResponseWriter{})
+}
+
+// NewGzipHandler behave as NewGzipLevelHandler except it let the caller
+// specify the minimum size before compression and a GzipWriter.
+func NewGzipHandler(level, minSize int, gw GzipWriter) (func(http.Handler) http.Handler, error) {
 	if level != gzip.DefaultCompression && (level < gzip.BestSpeed || level > gzip.BestCompression) {
 		return nil, fmt.Errorf("invalid compression level requested: %d", level)
 	}
 	if minSize < 0 {
-		return nil, fmt.Errorf("minimum size must be more than zero")
+		return nil, errors.New("minimum size must be more than zero")
 	}
+	if gw == nil {
+		return nil, errors.New("the GzipWriter must be defined")
+	}
+
 	return func(h http.Handler) http.Handler {
 		index := poolIndex(level)

@ -243,11 +254,9 @@ func NewGzipLevelAndMinSize(level, minSize int) (func(http.Handler) http.Handler
 			w.Header().Add(vary, acceptEncoding)

 			if acceptsGzip(r) {
-				gw := &GzipResponseWriter{
-					ResponseWriter: w,
-					index:          index,
-					minSize:        minSize,
-				}
+				gw.SetResponseWriter(w)
+				gw.setIndex(index)
+				gw.setMinSize(minSize)
 				defer gw.Close()

 				h.ServeHTTP(gw, r)
--- a/vendor/github.com/NYTimes/gziphandler/wrapper.go
+++ b/vendor/github.com/NYTimes/gziphandler/wrapper.go
@ -0,0 +1,58 @@
+package gziphandler
+
+import (
+	"bufio"
+	"net"
+	"net/http"
+)
+
+const (
+	contentEncodingHeader = "Content-Encoding"
+)
+
+// ----------
+
+// http.ResponseWriter
+// http.Hijacker
+type GzipWriter interface {
+	Header() http.Header
+	Write([]byte) (int, error)
+	WriteHeader(int)
+	Hijack() (net.Conn, *bufio.ReadWriter, error)
+	Close() error
+	SetResponseWriter(http.ResponseWriter)
+	setIndex(int)
+	setMinSize(int)
+}
+
+func (w *GzipResponseWriter) SetResponseWriter(rw http.ResponseWriter) {
+	w.ResponseWriter = rw
+}
+
+func (w *GzipResponseWriter) setIndex(index int) {
+	w.index = index
+}
+
+func (w *GzipResponseWriter) setMinSize(minSize int) {
+	w.minSize = minSize
+}
+
+// --------
+
+type GzipResponseWriterWrapper struct {
+	GzipResponseWriter
+}
+
+func (g *GzipResponseWriterWrapper) Write(b []byte) (int, error) {
+	if g.gw == nil && isEncoded(g.Header()) {
+		return g.ResponseWriter.Write(b)
+	}
+	return g.GzipResponseWriter.Write(b)
+}
+
+func isEncoded(headers http.Header) bool {
+	header := headers.Get(contentEncodingHeader)
+	// According to https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Encoding,
+	// content is not encoded if the header 'Content-Encoding' is empty or equals to 'identity'.
+	return header != "" && header != "identity"
+}
--- a/vendor/github.com/gorilla/websocket/doc.go
+++ b/vendor/github.com/gorilla/websocket/doc.go
@ -6,9 +6,8 @@
 //
 // Overview
 //
-// The Conn type represents a WebSocket connection. A server application uses
-// the Upgrade function from an Upgrader object with a HTTP request handler
-// to get a pointer to a Conn:
+// The Conn type represents a WebSocket connection. A server application calls
+// the Upgrader.Upgrade method from an HTTP request handler to get a *Conn:
 //
 //  var upgrader = websocket.Upgrader{
 //      ReadBufferSize:  1024,
@ -33,7 +32,7 @@
 //      if err != nil {
 //          return
 //      }
-//      if err = conn.WriteMessage(messageType, p); err != nil {
+//      if err := conn.WriteMessage(messageType, p); err != nil {
 //          return err
 //      }
 //  }
@ -147,9 +146,9 @@
 //      CheckOrigin: func(r *http.Request) bool { return true },
 //  }
 //
-// The deprecated Upgrade function does not enforce an origin policy. It's the
-// application's responsibility to check the Origin header before calling
-// Upgrade.
+// The deprecated package-level Upgrade function does not perform origin
+// checking. The application is responsible for checking the Origin header
+// before calling the Upgrade function.
 //
 // Compression EXPERIMENTAL
 //
--- a/vendor/github.com/gorilla/websocket/json.go
+++ b/vendor/github.com/gorilla/websocket/json.go
@ -9,12 +9,14 @@ import (
 	"io"
 )

-// WriteJSON is deprecated, use c.WriteJSON instead.
+// WriteJSON writes the JSON encoding of v as a message.
+//
+// Deprecated: Use c.WriteJSON instead.
 func WriteJSON(c *Conn, v interface{}) error {
 	return c.WriteJSON(v)
 }

-// WriteJSON writes the JSON encoding of v to the connection.
+// WriteJSON writes the JSON encoding of v as a message.
 //
 // See the documentation for encoding/json Marshal for details about the
 // conversion of Go values to JSON.
@ -31,7 +33,10 @@ func (c *Conn) WriteJSON(v interface{}) error {
 	return err2
 }

-// ReadJSON is deprecated, use c.ReadJSON instead.
+// ReadJSON reads the next JSON-encoded message from the connection and stores
+// it in the value pointed to by v.
+//
+// Deprecated: Use c.ReadJSON instead.
 func ReadJSON(c *Conn, v interface{}) error {
 	return c.ReadJSON(v)
 }
--- a/vendor/github.com/gorilla/websocket/server.go
+++ b/vendor/github.com/gorilla/websocket/server.go
@ -230,10 +230,11 @@ func (u *Upgrader) Upgrade(w http.ResponseWriter, r *http.Request, responseHeade

 // Upgrade upgrades the HTTP server connection to the WebSocket protocol.
 //
-// This function is deprecated, use websocket.Upgrader instead.
+// Deprecated: Use websocket.Upgrader instead.
 //
-// The application is responsible for checking the request origin before
-// calling Upgrade. An example implementation of the same origin policy is:
+// Upgrade does not perform origin checking. The application is responsible for
+// checking the Origin header before calling Upgrade. An example implementation
+// of the same origin policy check is:
 //
 //	if req.Header.Get("Origin") != "http://"+req.Host {
 //		http.Error(w, "Origin not allowed", 403)
--- a/vendor/github.com/gorilla/websocket/util.go
+++ b/vendor/github.com/gorilla/websocket/util.go
@ -111,14 +111,14 @@ func nextTokenOrQuoted(s string) (value string, rest string) {
 				case escape:
 					escape = false
 					p[j] = b
-					j += 1
+					j++
 				case b == '\\':
 					escape = true
 				case b == '"':
 					return string(p[:j]), s[i+1:]
 				default:
 					p[j] = b
-					j += 1
+					j++
 				}
 			}
 			return "", ""
--- a/vendor/github.com/vulcand/oxy/forward/fwd.go
+++ b/vendor/github.com/vulcand/oxy/forward/fwd.go
@ -4,18 +4,16 @@
 package forward

 import (
-	"bufio"
 	"crypto/tls"
 	"io"
-	"net"
 	"net/http"
 	"net/url"
 	"os"
-	"reflect"
 	"strconv"
 	"strings"
 	"time"

+	"github.com/gorilla/websocket"
 	"github.com/vulcand/oxy/utils"
 )

@ -255,77 +253,52 @@ func (f *httpForwarder) copyRequest(req *http.Request, u *url.URL) *http.Request
 // serveHTTP forwards websocket traffic
 func (f *websocketForwarder) serveHTTP(w http.ResponseWriter, req *http.Request, ctx *handlerContext) {
 	outReq := f.copyRequest(req, req.URL)
-	host := outReq.URL.Host
-	dial := net.Dial

-	// if host does not specify a port, use the default http port
-	if !strings.Contains(host, ":") {
-		if outReq.URL.Scheme == "wss" {
-			host = host + ":443"
-		} else {
-			host = host + ":80"
-		}
+	dialer := websocket.DefaultDialer
+	if outReq.URL.Scheme == "wss" && f.TLSClientConfig != nil {
+		dialer.TLSClientConfig = f.TLSClientConfig
 	}

-	if outReq.URL.Scheme == "wss" {
-		if f.TLSClientConfig == nil {
-			f.TLSClientConfig = http.DefaultTransport.(*http.Transport).TLSClientConfig
-		}
-		dial = func(network, address string) (net.Conn, error) {
-			return tls.Dial("tcp", host, f.TLSClientConfig)
-		}
-	}
-
-	targetConn, err := dial("tcp", host)
+	targetConn, resp, err := dialer.Dial(outReq.URL.String(), outReq.Header)
 	if err != nil {
-		ctx.log.Errorf("Error dialing `%v`: %v", host, err)
+		ctx.log.Errorf("Error dialing `%v`: %v", outReq.Host, err)
 		ctx.errHandler.ServeHTTP(w, req, err)
 		return
 	}
-	hijacker, ok := w.(http.Hijacker)
-	if !ok {
-		ctx.log.Errorf("Unable to hijack the connection: %v", reflect.TypeOf(w))
-		ctx.errHandler.ServeHTTP(w, req, nil)
-		return
-	}
-	underlyingConn, _, err := hijacker.Hijack()
+
+	//Only the targetConn choose to CheckOrigin or not
+	upgrader := websocket.Upgrader{CheckOrigin: func(r *http.Request) bool {
+		return true
+	}}
+
+	utils.RemoveHeaders(resp.Header, WebsocketUpgradeHeaders...)
+	underlyingConn, err := upgrader.Upgrade(w, req, resp.Header)
 	if err != nil {
-		ctx.log.Errorf("Unable to hijack the connection: %v %v", reflect.TypeOf(w), err)
-		ctx.errHandler.ServeHTTP(w, req, err)
+		ctx.log.Errorf("Error while upgrading connection : %v", err)
 		return
 	}
-	// it is now caller's responsibility to Close the underlying connection
 	defer underlyingConn.Close()
 	defer targetConn.Close()

-	ctx.log.Infof("Writing outgoing Websocket request to target connection: %+v", outReq)
-
-	// write the modified incoming request to the dialed connection
-	if err = outReq.Write(targetConn); err != nil {
-		ctx.log.Errorf("Unable to copy request to target: %v", err)
-		ctx.errHandler.ServeHTTP(w, req, err)
-		return
+	errc := make(chan error, 2)
+	replicate := func(dst io.Writer, src io.Reader) {
+		_, err := io.Copy(dst, src)
+		errc <- err
 	}

-	br := bufio.NewReader(targetConn)
-	resp, err := http.ReadResponse(br, req)
-	resp.Write(underlyingConn)
-	defer resp.Body.Close()
+	go replicate(targetConn.UnderlyingConn(), underlyingConn.UnderlyingConn())

-	// We connect the conn only if the switching protocol has not failed
-	if resp.StatusCode == http.StatusSwitchingProtocols {
-		ctx.log.Infof("Switching protocol success")
-		errc := make(chan error, 2)
-		replicate := func(dst io.Writer, src io.Reader) {
-			_, err := io.Copy(dst, src)
-			errc <- err
-		}
-		go replicate(targetConn, underlyingConn)
-		go replicate(underlyingConn, targetConn)
-		<-errc
+	// Try to read the first message
+	t, msg, err := targetConn.ReadMessage()
+	if err != nil {
+		ctx.log.Errorf("Couldn't read first message : %v", err)
 	} else {
-		ctx.log.Infof("Switching protocol failed")
+		underlyingConn.WriteMessage(t, msg)
 	}
+
+	go replicate(underlyingConn.UnderlyingConn(), targetConn.UnderlyingConn())
+	<-errc
+
 }

 // copyRequest makes a copy of the specified request.
@ -335,6 +308,7 @@ func (f *websocketForwarder) copyRequest(req *http.Request, u *url.URL) (outReq

 	outReq.URL = utils.CopyURL(req.URL)
 	outReq.URL.Scheme = u.Scheme
+	outReq.URL.Path = outReq.RequestURI

 	//sometimes backends might be registered as HTTP/HTTPS servers so translate URLs to websocket URLs.
 	switch u.Scheme {
@ -345,19 +319,14 @@ func (f *websocketForwarder) copyRequest(req *http.Request, u *url.URL) (outReq
 	}

 	outReq.URL.Host = u.Host
-	outReq.URL.Opaque = req.RequestURI
 	// raw query is already included in RequestURI, so ignore it to avoid dupes
 	outReq.URL.RawQuery = ""

-	outReq.Proto = "HTTP/1.1"
-	outReq.ProtoMajor = 1
-	outReq.ProtoMinor = 1
-
-	// Overwrite close flag so we can keep persistent connection for the backend servers
-	outReq.Close = false
-
 	outReq.Header = make(http.Header)
+	//gorilla websocket use this header to set the request.Host tested in checkSameOrigin
+	outReq.Header.Set("Host", outReq.Host)
 	utils.CopyHeaders(outReq.Header, req.Header)
+	utils.RemoveHeaders(outReq.Header, WebsocketDialHeaders...)

 	if f.rewriter != nil {
 		f.rewriter.Rewrite(outReq)
--- a/vendor/github.com/vulcand/oxy/forward/headers.go
+++ b/vendor/github.com/vulcand/oxy/forward/headers.go
@ -1,20 +1,25 @@
 package forward

 const (
-	XForwardedProto    = "X-Forwarded-Proto"
-	XForwardedFor      = "X-Forwarded-For"
-	XForwardedHost     = "X-Forwarded-Host"
-	XForwardedServer   = "X-Forwarded-Server"
-	Connection         = "Connection"
-	KeepAlive          = "Keep-Alive"
-	ProxyAuthenticate  = "Proxy-Authenticate"
-	ProxyAuthorization = "Proxy-Authorization"
-	Te                 = "Te" // canonicalized version of "TE"
-	Trailers           = "Trailers"
-	TransferEncoding   = "Transfer-Encoding"
-	Upgrade            = "Upgrade"
-	ContentLength      = "Content-Length"
-	ContentType        = "Content-Type"
+	XForwardedProto        = "X-Forwarded-Proto"
+	XForwardedFor          = "X-Forwarded-For"
+	XForwardedHost         = "X-Forwarded-Host"
+	XForwardedServer       = "X-Forwarded-Server"
+	Connection             = "Connection"
+	KeepAlive              = "Keep-Alive"
+	ProxyAuthenticate      = "Proxy-Authenticate"
+	ProxyAuthorization     = "Proxy-Authorization"
+	Te                     = "Te" // canonicalized version of "TE"
+	Trailers               = "Trailers"
+	TransferEncoding       = "Transfer-Encoding"
+	Upgrade                = "Upgrade"
+	ContentLength          = "Content-Length"
+	ContentType            = "Content-Type"
+	SecWebsocketKey        = "Sec-Websocket-Key"
+	SecWebsocketVersion    = "Sec-Websocket-Version"
+	SecWebsocketExtensions = "Sec-Websocket-Extensions"
+	SecWebsocketProtocol   = "Sec-Websocket-Protocol"
+	SecWebsocketAccept     = "Sec-Websocket-Accept"
 )

 // Hop-by-hop headers. These are removed when sent to the backend.
@ -30,3 +35,19 @@ var HopHeaders = []string{
 	TransferEncoding,
 	Upgrade,
 }
+
+var WebsocketDialHeaders = []string{
+	Upgrade,
+	Connection,
+	SecWebsocketKey,
+	SecWebsocketVersion,
+	SecWebsocketExtensions,
+	SecWebsocketProtocol,
+	SecWebsocketAccept,
+}
+
+var WebsocketUpgradeHeaders = []string{
+	Upgrade,
+	Connection,
+	SecWebsocketAccept,
+}