[GITEA] Use maintained gziphandler
- https://github.com/NYTimes/gziphandler doesn't seems to be maintained anymore and Forgejo already includes https://github.com/klauspost/compress which provides a maintained and faster gzip handler fork. - Enables Jitter to prevent BREACH attacks, as this *seems* to be possible in the context of Forgejo. (cherry picked from commit cc2847241d82001babd8d40c87d03169f21c14cd) (cherry picked from commit 99ba56a8761dd08e08d9499cab2ded1a6b7b970f) Conflicts: go.sum https://codeberg.org/forgejo/forgejo/pulls/1581 (cherry picked from commit 711638193daa2311e2ead6249a47dcec47b4e335) (cherry picked from commit 9c12a37fde6fa84414bf332ff4a066facdb92d38) (cherry picked from commit 91191aaaedaf999209695e2c6ca4fb256b396686) (cherry picked from commit 72be417f844713265a94ced6951f8f4b81d0ab1a) (cherry picked from commit 98497c84da205ec59079e42274aa61199444f7cd) (cherry picked from commit fba042adb5c1abcbd8eee6b5a4f735ccb2a5e394)
This commit is contained in:
parent
7e15173c16
commit
dd2414f226
6 changed files with 23 additions and 21 deletions
10
assets/go-licenses.json
generated
10
assets/go-licenses.json
generated
File diff suppressed because one or more lines are too long
1
go.mod
1
go.mod
|
@ -15,7 +15,6 @@ require (
|
|||
gitea.com/lunny/levelqueue v0.4.2-0.20230414023320-3c0159fe0fe4
|
||||
github.com/42wim/sshsig v0.0.0-20211121163825-841cf5bbc121
|
||||
github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
|
||||
github.com/NYTimes/gziphandler v1.1.1
|
||||
github.com/PuerkitoBio/goquery v1.8.1
|
||||
github.com/alecthomas/chroma/v2 v2.10.0
|
||||
github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb
|
||||
|
|
2
go.sum
2
go.sum
|
@ -101,8 +101,6 @@ github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBa
|
|||
github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
|
||||
github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
|
||||
github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
|
||||
github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I=
|
||||
github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c=
|
||||
github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c h1:kMFnB0vCcX7IL/m9Y5LO+KQYv+t1CQOiFe6+SV2J7bE=
|
||||
github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
|
||||
github.com/PuerkitoBio/goquery v1.8.1 h1:uQxhNlArOIdbrH1tr0UXwdVFgDcZDrZVdcpygAcwmWM=
|
||||
|
|
|
@ -147,6 +147,16 @@ func toHandlerProvider(handler any) func(next http.Handler) http.Handler {
|
|||
}
|
||||
}
|
||||
|
||||
if hp, ok := handler.(func(next http.Handler) http.HandlerFunc); ok {
|
||||
return func(next http.Handler) http.Handler {
|
||||
h := hp(next) // this handle could be dynamically generated, so we can't use it for debug info
|
||||
return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {
|
||||
routing.UpdateFuncInfo(req.Context(), funcInfo)
|
||||
h.ServeHTTP(resp, req)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
provider := func(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(respOrig http.ResponseWriter, req *http.Request) {
|
||||
// wrap the response writer to check whether the response has been written
|
||||
|
|
|
@ -48,17 +48,12 @@ import (
|
|||
_ "code.gitea.io/gitea/modules/session" // to registers all internal adapters
|
||||
|
||||
"gitea.com/go-chi/captcha"
|
||||
"github.com/NYTimes/gziphandler"
|
||||
chi_middleware "github.com/go-chi/chi/v5/middleware"
|
||||
"github.com/go-chi/cors"
|
||||
"github.com/klauspost/compress/gzhttp"
|
||||
"github.com/prometheus/client_golang/prometheus"
|
||||
)
|
||||
|
||||
const (
|
||||
// GzipMinSize represents min size to compress for the body size of response
|
||||
GzipMinSize = 1400
|
||||
)
|
||||
|
||||
// CorsHandler return a http handler who set CORS options if enabled by config
|
||||
func CorsHandler() func(next http.Handler) http.Handler {
|
||||
if setting.CORSConfig.Enabled {
|
||||
|
@ -229,11 +224,11 @@ func Routes() *web.Route {
|
|||
var mid []any
|
||||
|
||||
if setting.EnableGzip {
|
||||
h, err := gziphandler.GzipHandlerWithOpts(gziphandler.MinSize(GzipMinSize))
|
||||
wrapper, err := gzhttp.NewWrapper(gzhttp.RandomJitter(32, 0, false))
|
||||
if err != nil {
|
||||
log.Fatal("GzipHandlerWithOpts failed: %v", err)
|
||||
log.Fatal("gzhttp.NewWrapper failed: %v", err)
|
||||
}
|
||||
mid = append(mid, h)
|
||||
mid = append(mid, wrapper)
|
||||
}
|
||||
|
||||
if setting.Service.EnableCaptcha {
|
||||
|
|
|
@ -18,9 +18,9 @@ import (
|
|||
"code.gitea.io/gitea/modules/json"
|
||||
"code.gitea.io/gitea/modules/lfs"
|
||||
"code.gitea.io/gitea/modules/setting"
|
||||
"code.gitea.io/gitea/routers/web"
|
||||
"code.gitea.io/gitea/tests"
|
||||
|
||||
"github.com/klauspost/compress/gzhttp"
|
||||
gzipp "github.com/klauspost/compress/gzip"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
@ -132,7 +132,7 @@ func TestGetLFSSmallTokenFail(t *testing.T) {
|
|||
|
||||
func TestGetLFSLarge(t *testing.T) {
|
||||
defer tests.PrepareTestEnv(t)()
|
||||
content := make([]byte, web.GzipMinSize*10)
|
||||
content := make([]byte, gzhttp.DefaultMinSize*10)
|
||||
for i := range content {
|
||||
content[i] = byte(i % 256)
|
||||
}
|
||||
|
@ -143,7 +143,7 @@ func TestGetLFSLarge(t *testing.T) {
|
|||
|
||||
func TestGetLFSGzip(t *testing.T) {
|
||||
defer tests.PrepareTestEnv(t)()
|
||||
b := make([]byte, web.GzipMinSize*10)
|
||||
b := make([]byte, gzhttp.DefaultMinSize*10)
|
||||
for i := range b {
|
||||
b[i] = byte(i % 256)
|
||||
}
|
||||
|
@ -159,7 +159,7 @@ func TestGetLFSGzip(t *testing.T) {
|
|||
|
||||
func TestGetLFSZip(t *testing.T) {
|
||||
defer tests.PrepareTestEnv(t)()
|
||||
b := make([]byte, web.GzipMinSize*10)
|
||||
b := make([]byte, gzhttp.DefaultMinSize*10)
|
||||
for i := range b {
|
||||
b[i] = byte(i % 256)
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue