diff --git a/.golangci.yaml b/.golangci.yaml index c1039ee1b..73cb8fac0 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -7,7 +7,7 @@ linters: - nlreturn - wsl - depguard - - exportloopref + - tenv # deprecated issues: exclude-rules: diff --git a/cmd/config/testdata/validate/success/nhost/nhost.toml b/cmd/config/testdata/validate/success/nhost/nhost.toml index f81cd579e..dabbb0e19 100644 --- a/cmd/config/testdata/validate/success/nhost/nhost.toml +++ b/cmd/config/testdata/validate/success/nhost/nhost.toml @@ -28,7 +28,7 @@ httpPoolSize = 100 [functions] [functions.node] -version = 18 +version = 22 [auth] version = '0.20.0' diff --git a/cmd/config/validate_test.go b/cmd/config/validate_test.go index b0bd14809..85facef11 100644 --- a/cmd/config/validate_test.go +++ b/cmd/config/validate_test.go @@ -54,7 +54,7 @@ func expectedConfig() *model.ConfigConfig { Logs: &model.ConfigHasuraLogs{Level: ptr("warn")}, Events: &model.ConfigHasuraEvents{HttpPoolSize: ptr(uint32(100))}, }, - Functions: &model.ConfigFunctions{Node: &model.ConfigFunctionsNode{Version: ptr(18)}}, + Functions: &model.ConfigFunctions{Node: &model.ConfigFunctionsNode{Version: ptr(22)}}, Auth: &model.ConfigAuth{ Version: ptr("0.20.0"), Misc: &model.ConfigAuthMisc{ diff --git a/cmd/configserver/local_test.go b/cmd/configserver/local_test.go index 71195907e..86c808a80 100644 --- a/cmd/configserver/local_test.go +++ b/cmd/configserver/local_test.go @@ -1,7 +1,6 @@ package configserver_test import ( - "context" "os" "testing" @@ -195,7 +194,7 @@ func TestLocalUpdateConfig(t *testing.T) { //nolint:dupl ) if err := st.UpdateConfig( - context.Background(), + t.Context(), nil, tc.newApp, nil, @@ -265,7 +264,7 @@ func TestLocalUpdateSecrets(t *testing.T) { //nolint:dupl ) if err := st.UpdateSecrets( - context.Background(), + t.Context(), nil, tc.newApp, nil, diff --git a/dockercompose/main_test.go b/dockercompose/main_test.go index 3c876d432..e0621d7c9 100644 --- a/dockercompose/main_test.go +++ b/dockercompose/main_test.go @@ -266,7 +266,7 @@ func getConfig() *model.ConfigConfig { //nolint:maintidx }, Functions: &model.ConfigFunctions{ Node: &model.ConfigFunctionsNode{ - Version: ptr(18), + Version: ptr(22), }, RateLimit: nil, Resources: &model.ConfigFunctionsResources{ diff --git a/flake.lock b/flake.lock index a52f31089..d45d8469b 100644 --- a/flake.lock +++ b/flake.lock @@ -40,11 +40,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1744208138, - "narHash": "sha256-znAU9GzsaOzBLVV7Bt15LpL0oGZUO+S3DrKwwwkPgZc=", + "lastModified": 1745925792, + "narHash": "sha256-tSN3G8dAm4cX6vG6Agm/jXGhBrsHgewHCHVF0LR52fQ=", "owner": "nhost", "repo": "nixops", - "rev": "26ffd815901ff89ac057684e64efe011961710be", + "rev": "555a2f79e2a0187c0e2f33d519c8e79041b681e1", "type": "github" }, "original": { @@ -55,17 +55,17 @@ }, "nixpkgs": { "locked": { - "lastModified": 1734564965, - "narHash": "sha256-6l6u8lKwDEUSOY66WQqyzpCVVLgRSu2aNlDHEubcjh4=", + "lastModified": 1745804731, + "narHash": "sha256-v/sK3AS0QKu/Tu5sHIfddiEHCvrbNYPv8X10Fpux68g=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9e2f27689a02e0ec978b92c1c4f775a41108c28d", + "rev": "29335f23bea5e34228349ea739f31ee79e267b88", "type": "github" }, "original": { "owner": "NixOS", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", - "rev": "9e2f27689a02e0ec978b92c1c4f775a41108c28d", "type": "github" } }, diff --git a/go.mod b/go.mod index 1ba61f82a..ddc66b9fe 100644 --- a/go.mod +++ b/go.mod @@ -1,78 +1,79 @@ module github.com/nhost/cli -go 1.23.8 +go 1.24.2 replace cuelang.org/go => cuelang.org/go v0.4.3 require ( - github.com/99designs/gqlgen v0.17.70 - github.com/Yamashou/gqlgenc v0.31.0 + github.com/99designs/gqlgen v0.17.73 + github.com/Yamashou/gqlgenc v0.32.1 github.com/charmbracelet/lipgloss v1.1.0 github.com/creack/pty v1.1.24 github.com/gin-gonic/gin v1.10.0 - github.com/go-git/go-git/v5 v5.14.0 + github.com/go-git/go-git/v5 v5.16.0 github.com/google/go-cmp v0.7.0 github.com/google/uuid v1.6.0 github.com/hashicorp/go-getter v1.7.8 - github.com/nhost/be v0.0.0-20250424140218-1be7f62eade6 - github.com/pelletier/go-toml/v2 v2.2.3 + github.com/nhost/be v0.0.0-20250506064156-ba09da107493 + github.com/pelletier/go-toml/v2 v2.2.4 github.com/rs/cors/wrapper/gin v0.0.0-20240830163046-1084d89a1692 github.com/sirupsen/logrus v1.9.3 github.com/urfave/cli/v2 v2.27.6 github.com/wI2L/jsondiff v0.6.1 golang.org/x/mod v0.24.0 - golang.org/x/term v0.30.0 + golang.org/x/term v0.32.0 gopkg.in/evanphx/json-patch.v5 v5.9.11 gopkg.in/yaml.v3 v3.0.1 ) require ( - cel.dev/expr v0.22.1 // indirect - cloud.google.com/go v0.120.0 // indirect - cloud.google.com/go/auth v0.15.0 // indirect + cel.dev/expr v0.23.1 // indirect + cloud.google.com/go v0.121.0 // indirect + cloud.google.com/go/auth v0.16.1 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect cloud.google.com/go/compute/metadata v0.6.0 // indirect - cloud.google.com/go/iam v1.4.2 // indirect - cloud.google.com/go/monitoring v1.24.1 // indirect - cloud.google.com/go/storage v1.51.0 // indirect + cloud.google.com/go/iam v1.5.2 // indirect + cloud.google.com/go/monitoring v1.24.2 // indirect + cloud.google.com/go/storage v1.53.0 // indirect cuelang.org/go v0.11.2 // indirect dario.cat/mergo v1.0.1 // indirect github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.27.0 // indirect github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.51.0 // indirect github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.51.0 // indirect github.com/Microsoft/go-winio v0.6.2 // indirect - github.com/ProtonMail/go-crypto v1.1.6 // indirect + github.com/ProtonMail/go-crypto v1.2.0 // indirect github.com/agnivade/levenshtein v1.2.1 // indirect - github.com/aws/aws-sdk-go v1.55.6 // indirect + github.com/aws/aws-sdk-go v1.55.7 // indirect github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect github.com/bytedance/sonic v1.13.2 // indirect github.com/bytedance/sonic/loader v0.2.4 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect - github.com/charmbracelet/colorprofile v0.3.0 // indirect - github.com/charmbracelet/x/ansi v0.8.0 // indirect + github.com/charmbracelet/colorprofile v0.3.1 // indirect + github.com/charmbracelet/x/ansi v0.9.2 // indirect github.com/charmbracelet/x/cellbuf v0.0.13 // indirect github.com/charmbracelet/x/term v0.2.1 // indirect - github.com/cloudflare/circl v1.6.0 // indirect + github.com/cloudflare/circl v1.6.1 // indirect github.com/cloudwego/base64x v0.1.5 // indirect - github.com/cncf/xds/go v0.0.0-20250326154945-ae57f3c0d45f // indirect + github.com/cncf/xds/go v0.0.0-20250501225837-2ac532fd4443 // indirect github.com/cockroachdb/apd/v2 v2.0.2 // indirect - github.com/cpuguy83/go-md2man/v2 v2.0.6 // indirect + github.com/cpuguy83/go-md2man/v2 v2.0.7 // indirect github.com/cyphar/filepath-securejoin v0.4.1 // indirect github.com/emirpasic/gods v1.18.1 // indirect github.com/envoyproxy/go-control-plane/envoy v1.32.4 // indirect github.com/envoyproxy/protoc-gen-validate v1.2.1 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect - github.com/gabriel-vasile/mimetype v1.4.8 // indirect - github.com/gin-contrib/sse v1.0.0 // indirect + github.com/gabriel-vasile/mimetype v1.4.9 // indirect + github.com/gin-contrib/sse v1.1.0 // indirect github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect github.com/go-git/go-billy/v5 v5.6.2 // indirect + github.com/go-jose/go-jose/v4 v4.1.0 // indirect github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-playground/locales v0.14.1 // indirect github.com/go-playground/universal-translator v0.18.1 // indirect - github.com/go-playground/validator/v10 v10.25.0 // indirect + github.com/go-playground/validator/v10 v10.26.0 // indirect github.com/go-viper/mapstructure/v2 v2.2.1 // indirect github.com/goccy/go-json v0.10.5 // indirect github.com/golang-jwt/jwt/v5 v5.2.2 // indirect @@ -108,16 +109,17 @@ require ( github.com/pjbgf/sha1cd v0.3.2 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect - github.com/prometheus/client_golang v1.21.1 // indirect - github.com/prometheus/client_model v0.6.1 // indirect + github.com/prometheus/client_golang v1.22.0 // indirect + github.com/prometheus/client_model v0.6.2 // indirect github.com/prometheus/common v0.63.0 // indirect - github.com/prometheus/procfs v0.16.0 // indirect + github.com/prometheus/procfs v0.16.1 // indirect github.com/rivo/uniseg v0.4.7 // indirect github.com/rs/cors v1.11.1 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect github.com/skeema/knownhosts v1.3.1 // indirect github.com/sosodev/duration v1.3.1 // indirect + github.com/spiffe/go-spiffe/v2 v2.5.0 // indirect github.com/tidwall/gjson v1.18.0 // indirect github.com/tidwall/match v1.1.1 // indirect github.com/tidwall/pretty v1.2.1 // indirect @@ -127,10 +129,11 @@ require ( github.com/ulikunitz/xz v0.5.12 // indirect github.com/valyala/bytebufferpool v1.0.0 // indirect github.com/valyala/fasttemplate v1.2.2 // indirect - github.com/vektah/gqlparser/v2 v2.5.23 // indirect + github.com/vektah/gqlparser/v2 v2.5.26 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect + github.com/zeebo/errs v1.4.0 // indirect go.opentelemetry.io/auto/sdk v1.1.0 // indirect go.opentelemetry.io/contrib/detectors/gcp v1.35.0 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0 // indirect @@ -140,19 +143,19 @@ require ( go.opentelemetry.io/otel/sdk v1.35.0 // indirect go.opentelemetry.io/otel/sdk/metric v1.35.0 // indirect go.opentelemetry.io/otel/trace v1.35.0 // indirect - golang.org/x/arch v0.15.0 // indirect - golang.org/x/crypto v0.36.0 // indirect - golang.org/x/net v0.38.0 // indirect - golang.org/x/oauth2 v0.28.0 // indirect - golang.org/x/sync v0.12.0 // indirect - golang.org/x/sys v0.31.0 // indirect - golang.org/x/text v0.23.0 // indirect + golang.org/x/arch v0.17.0 // indirect + golang.org/x/crypto v0.38.0 // indirect + golang.org/x/net v0.40.0 // indirect + golang.org/x/oauth2 v0.30.0 // indirect + golang.org/x/sync v0.14.0 // indirect + golang.org/x/sys v0.33.0 // indirect + golang.org/x/text v0.25.0 // indirect golang.org/x/time v0.11.0 // indirect - google.golang.org/api v0.228.0 // indirect - google.golang.org/genproto v0.0.0-20250324211829-b45e905df463 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20250324211829-b45e905df463 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250324211829-b45e905df463 // indirect - google.golang.org/grpc v1.71.0 // indirect + google.golang.org/api v0.231.0 // indirect + google.golang.org/genproto v0.0.0-20250505200425-f936aa4a68b2 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20250505200425-f936aa4a68b2 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250505200425-f936aa4a68b2 // indirect + google.golang.org/grpc v1.72.0 // indirect google.golang.org/protobuf v1.36.6 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect ) diff --git a/go.sum b/go.sum index 3763fb478..53d245023 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,5 @@ -cel.dev/expr v0.22.1 h1:xoFEsNh972Yzey8N9TCPx2nDvMN7TMhQEzxLuj/iRrI= -cel.dev/expr v0.22.1/go.mod h1:MrpN08Q+lEBs+bGYdLxxHkZoUSsCp0nSKTs0nTymJgw= +cel.dev/expr v0.23.1 h1:K4KOtPCJQjVggkARsjG9RWXP6O4R73aHeJMa/dmCQQg= +cel.dev/expr v0.23.1/go.mod h1:hLPLo1W4QUmuYdA72RBX06QTs6MXw941piREPl3Yfiw= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= @@ -38,8 +38,8 @@ cloud.google.com/go v0.104.0/go.mod h1:OO6xxXdJyvuJPcEPBLN9BJPD+jep5G1+2U5B5gkRY cloud.google.com/go v0.105.0/go.mod h1:PrLgOJNe5nfE9UMxKxgXj4mD3voiP+YQ6gdt6KMFOKM= cloud.google.com/go v0.107.0/go.mod h1:wpc2eNrD7hXUTy8EKS10jkxpZBjASrORK7goS+3YX2I= cloud.google.com/go v0.110.0/go.mod h1:SJnCLqQ0FCFGSZMUNUf84MV3Aia54kn7pi8st7tMzaY= -cloud.google.com/go v0.120.0 h1:wc6bgG9DHyKqF5/vQvX1CiZrtHnxJjBlKUyF9nP6meA= -cloud.google.com/go v0.120.0/go.mod h1:/beW32s8/pGRuj4IILWQNd4uuebeT4dkOhKmkfit64Q= +cloud.google.com/go v0.121.0 h1:pgfwva8nGw7vivjZiRfrmglGWiCJBP+0OmDpenG/Fwg= +cloud.google.com/go v0.121.0/go.mod h1:rS7Kytwheu/y9buoDmu5EIpMMCI4Mb8ND4aeN4Vwj7Q= cloud.google.com/go/accessapproval v1.4.0/go.mod h1:zybIuC3KpDOvotz59lFe5qxRZx6C75OtwbisN56xYB4= cloud.google.com/go/accessapproval v1.5.0/go.mod h1:HFy3tuiGvMdcd/u+Cu5b9NkO1pEICJ46IR82PoUdplw= cloud.google.com/go/accessapproval v1.6.0/go.mod h1:R0EiYnwV5fsRFiKZkPHr6mwyk2wxUJ30nL4j2pcFY2E= @@ -101,8 +101,8 @@ cloud.google.com/go/assuredworkloads v1.7.0/go.mod h1:z/736/oNmtGAyU47reJgGN+KVo cloud.google.com/go/assuredworkloads v1.8.0/go.mod h1:AsX2cqyNCOvEQC8RMPnoc0yEarXQk6WEKkxYfL6kGIo= cloud.google.com/go/assuredworkloads v1.9.0/go.mod h1:kFuI1P78bplYtT77Tb1hi0FMxM0vVpRC7VVoJC3ZoT0= cloud.google.com/go/assuredworkloads v1.10.0/go.mod h1:kwdUQuXcedVdsIaKgKTp9t0UJkE5+PAVNhdQm4ZVq2E= -cloud.google.com/go/auth v0.15.0 h1:Ly0u4aA5vG/fsSsxu98qCQBemXtAtJf+95z9HK+cxps= -cloud.google.com/go/auth v0.15.0/go.mod h1:WJDGqZ1o9E9wKIL+IwStfyn/+s59zl4Bi+1KQNVXLZ8= +cloud.google.com/go/auth v0.16.1 h1:XrXauHMd30LhQYVRHLGvJiYeczweKQXZxsTbV9TiguU= +cloud.google.com/go/auth v0.16.1/go.mod h1:1howDHJ5IETh/LwYs3ZxvlkXF48aSqqJUM+5o02dNOI= cloud.google.com/go/auth/oauth2adapt v0.2.8 h1:keo8NaayQZ6wimpNSmW5OPc283g65QNIiLpZnkHRbnc= cloud.google.com/go/auth/oauth2adapt v0.2.8/go.mod h1:XQ9y31RkqZCcwJWNSx2Xvric3RrU88hAYYbjDWYDL+c= cloud.google.com/go/automl v1.5.0/go.mod h1:34EjfoFGMZ5sgJ9EoLsRtdPSNZLcfflJR39VbVNS2M0= @@ -319,8 +319,8 @@ cloud.google.com/go/iam v0.8.0/go.mod h1:lga0/y3iH6CX7sYqypWJ33hf7kkfXJag67naqGE cloud.google.com/go/iam v0.11.0/go.mod h1:9PiLDanza5D+oWFZiH1uG+RnRCfEGKoyl6yo4cgWZGY= cloud.google.com/go/iam v0.12.0/go.mod h1:knyHGviacl11zrtZUoDuYpDgLjvr28sLQaG0YB2GYAY= cloud.google.com/go/iam v0.13.0/go.mod h1:ljOg+rcNfzZ5d6f1nAUJ8ZIxOaZUVoS14bKCtaLZ/D0= -cloud.google.com/go/iam v1.4.2 h1:4AckGYAYsowXeHzsn/LCKWIwSWLkdb0eGjH8wWkd27Q= -cloud.google.com/go/iam v1.4.2/go.mod h1:REGlrt8vSlh4dfCJfSEcNjLGq75wW75c5aU3FLOYq34= +cloud.google.com/go/iam v1.5.2 h1:qgFRAGEmd8z6dJ/qyEchAuL9jpswyODjA2lS+w234g8= +cloud.google.com/go/iam v1.5.2/go.mod h1:SE1vg0N81zQqLzQEwxL2WI6yhetBdbNQuTvIKCSkUHE= cloud.google.com/go/iap v1.4.0/go.mod h1:RGFwRJdihTINIe4wZ2iCP0zF/qu18ZwyKxrhMhygBEc= cloud.google.com/go/iap v1.5.0/go.mod h1:UH/CGgKd4KyohZL5Pt0jSKE4m3FR51qg6FKQ/z/Ix9A= cloud.google.com/go/iap v1.6.0/go.mod h1:NSuvI9C/j7UdjGjIde7t7HBz+QTwBcapPE07+sSRcLk= @@ -355,8 +355,8 @@ cloud.google.com/go/logging v1.13.0/go.mod h1:36CoKh6KA/M0PbhPKMq6/qety2DCAErbhX cloud.google.com/go/longrunning v0.1.1/go.mod h1:UUFxuDWkv22EuY93jjmDMFT5GPQKeFVJBIF6QlTqdsE= cloud.google.com/go/longrunning v0.3.0/go.mod h1:qth9Y41RRSUE69rDcOn6DdK3HfQfsUI0YSmW3iIlLJc= cloud.google.com/go/longrunning v0.4.1/go.mod h1:4iWDqhBZ70CvZ6BfETbvam3T8FMvLK+eFj0E6AaRQTo= -cloud.google.com/go/longrunning v0.6.5 h1:sD+t8DO8j4HKW4QfouCklg7ZC1qC4uzVZt8iz3uTW+Q= -cloud.google.com/go/longrunning v0.6.5/go.mod h1:Et04XK+0TTLKa5IPYryKf5DkpwImy6TluQ1QTLwlKmY= +cloud.google.com/go/longrunning v0.6.7 h1:IGtfDWHhQCgCjwQjV9iiLnUta9LBCo8R9QmAFsS/PrE= +cloud.google.com/go/longrunning v0.6.7/go.mod h1:EAFV3IZAKmM56TyiE6VAP3VoTzhZzySwI/YI1s/nRsY= cloud.google.com/go/managedidentities v1.3.0/go.mod h1:UzlW3cBOiPrzucO5qWkNkh0w33KFtBJU281hacNvsdE= cloud.google.com/go/managedidentities v1.4.0/go.mod h1:NWSBYbEMgqmbZsLIyKvxrYbtqOsxY1ZrGM+9RgDqInM= cloud.google.com/go/managedidentities v1.5.0/go.mod h1:+dWcZ0JlUmpuxpIDfyP5pP5y0bLdRwOS4Lp7gMni/LA= @@ -380,8 +380,8 @@ cloud.google.com/go/monitoring v1.7.0/go.mod h1:HpYse6kkGo//7p6sT0wsIC6IBDET0RhI cloud.google.com/go/monitoring v1.8.0/go.mod h1:E7PtoMJ1kQXWxPjB6mv2fhC5/15jInuulFdYYtlcvT4= cloud.google.com/go/monitoring v1.12.0/go.mod h1:yx8Jj2fZNEkL/GYZyTLS4ZtZEZN8WtDEiEqG4kLK50w= cloud.google.com/go/monitoring v1.13.0/go.mod h1:k2yMBAB1H9JT/QETjNkgdCGD9bPF712XiLTVr+cBrpw= -cloud.google.com/go/monitoring v1.24.1 h1:vKiypZVFD/5a3BbQMvI4gZdl8445ITzXFh257XBgrS0= -cloud.google.com/go/monitoring v1.24.1/go.mod h1:Z05d1/vn9NaujqY2voG6pVQXoJGbp+r3laV+LySt9K0= +cloud.google.com/go/monitoring v1.24.2 h1:5OTsoJ1dXYIiMiuL+sYscLc9BumrL3CarVLL7dd7lHM= +cloud.google.com/go/monitoring v1.24.2/go.mod h1:x7yzPWcgDRnPEv3sI+jJGBkwl5qINf+6qY4eq0I9B4U= cloud.google.com/go/networkconnectivity v1.4.0/go.mod h1:nOl7YL8odKyAOtzNX73/M5/mGZgqqMeryi6UPZTk/rA= cloud.google.com/go/networkconnectivity v1.5.0/go.mod h1:3GzqJx7uhtlM3kln0+x5wyFvuVH1pIBJjhCpjzSt75o= cloud.google.com/go/networkconnectivity v1.6.0/go.mod h1:OJOoEXW+0LAxHh89nXd64uGG+FbQoeH8DtxCHVOMlaM= @@ -545,8 +545,8 @@ cloud.google.com/go/storage v1.23.0/go.mod h1:vOEEDNFnciUMhBeT6hsJIn3ieU5cFRmzeL cloud.google.com/go/storage v1.27.0/go.mod h1:x9DOL8TK/ygDUMieqwfhdpQryTeEkhGKMi80i/iqR2s= cloud.google.com/go/storage v1.28.1/go.mod h1:Qnisd4CqDdo6BGs2AD5LLnEsmSQ80wQ5ogcBBKhU86Y= cloud.google.com/go/storage v1.29.0/go.mod h1:4puEjyTKnku6gfKoTfNOU/W+a9JyuVNxjpS5GBrB8h4= -cloud.google.com/go/storage v1.51.0 h1:ZVZ11zCiD7b3k+cH5lQs/qcNaoSz3U9I0jgwVzqDlCw= -cloud.google.com/go/storage v1.51.0/go.mod h1:YEJfu/Ki3i5oHC/7jyTgsGZwdQ8P9hqMqvpi5kRKGgc= +cloud.google.com/go/storage v1.53.0 h1:gg0ERZwL17pJ+Cz3cD2qS60w1WMDnwcm5YPAIQBHUAw= +cloud.google.com/go/storage v1.53.0/go.mod h1:7/eO2a/srr9ImZW9k5uufcNahT2+fPb8w5it1i5boaA= cloud.google.com/go/storagetransfer v1.5.0/go.mod h1:dxNzUopWy7RQevYFHewchb29POFv3/AaBgnhqzqiK0w= cloud.google.com/go/storagetransfer v1.6.0/go.mod h1:y77xm4CQV/ZhFZH75PLEXY0ROiS7Gh6pSKrM8dJyg6I= cloud.google.com/go/storagetransfer v1.7.0/go.mod h1:8Giuj1QNb1kfLAiWM1bN6dHzfdlDAVC9rv9abHot2W4= @@ -566,8 +566,8 @@ cloud.google.com/go/trace v1.3.0/go.mod h1:FFUE83d9Ca57C+K8rDl/Ih8LwOzWIV1krKgxg cloud.google.com/go/trace v1.4.0/go.mod h1:UG0v8UBqzusp+z63o7FK74SdFE+AXpCLdFb1rshXG+Y= cloud.google.com/go/trace v1.8.0/go.mod h1:zH7vcsbAhklH8hWFig58HvxcxyQbaIqMarMg9hn5ECA= cloud.google.com/go/trace v1.9.0/go.mod h1:lOQqpE5IaWY0Ixg7/r2SjixMuc6lfTFeO4QGM4dQWOk= -cloud.google.com/go/trace v1.11.3 h1:c+I4YFjxRQjvAhRmSsmjpASUKq88chOX854ied0K/pE= -cloud.google.com/go/trace v1.11.3/go.mod h1:pt7zCYiDSQjC9Y2oqCsh9jF4GStB/hmjrYLsxRR27q8= +cloud.google.com/go/trace v1.11.6 h1:2O2zjPzqPYAHrn3OKl029qlqG6W8ZdYaOWRyr8NgMT4= +cloud.google.com/go/trace v1.11.6/go.mod h1:GA855OeDEBiBMzcckLPE2kDunIpC72N+Pq8WFieFjnI= cloud.google.com/go/translate v1.3.0/go.mod h1:gzMUwRjvOqj5i69y/LYLd8RrNQk+hOmIXTi9+nb3Djs= cloud.google.com/go/translate v1.4.0/go.mod h1:06Dn/ppvLD6WvA5Rhdp029IX2Mi3Mn7fpMRLPvXT5Wg= cloud.google.com/go/translate v1.5.0/go.mod h1:29YDSYveqqpA1CQFD7NQuP49xymq17RXNaUDdc0mNu0= @@ -621,8 +621,8 @@ dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= gioui.org v0.0.0-20210308172011-57750fc8a0a6/go.mod h1:RSH6KIUZ0p2xy5zHDxgAM4zumjgTw83q2ge/PI+yyw8= git.sr.ht/~sbinet/gg v0.3.1/go.mod h1:KGYtlADtqsqANL9ueOFkWymvzUvLMQllU5Ixo+8v3pc= -github.com/99designs/gqlgen v0.17.70 h1:xgLIgQuG+Q2L/AE9cW595CT7xCWCe/bpPIFGSfsGSGs= -github.com/99designs/gqlgen v0.17.70/go.mod h1:fvCiqQAu2VLhKXez2xFvLmE47QgAPf/KTPN5XQ4rsHQ= +github.com/99designs/gqlgen v0.17.73 h1:A3Ki+rHWqKbAOlg5fxiZBnz6OjW3nwupDHEG15gEsrg= +github.com/99designs/gqlgen v0.17.73/go.mod h1:2RyGWjy2k7W9jxrs8MOQthXGkD3L3oGr0jXW3Pu8lGg= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.27.0 h1:ErKg/3iS1AKcTkf3yixlZ54f9U1rljCkQyEXWUnIUxc= @@ -638,12 +638,12 @@ github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= -github.com/ProtonMail/go-crypto v1.1.6 h1:ZcV+Ropw6Qn0AX9brlQLAUXfqLBc7Bl+f/DmNxpLfdw= -github.com/ProtonMail/go-crypto v1.1.6/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= -github.com/PuerkitoBio/goquery v1.10.2 h1:7fh2BdHcG6VFZsK7toXBT/Bh1z5Wmy8Q9MV9HqT2AM8= -github.com/PuerkitoBio/goquery v1.10.2/go.mod h1:0guWGjcLu9AYC7C1GHnpysHy056u9aEkUHwhdnePMCU= -github.com/Yamashou/gqlgenc v0.31.0 h1:t54Gi6Zx9Ub1oa/RvJ+DkOC1c2wdK1R4n7wyRBuQkyc= -github.com/Yamashou/gqlgenc v0.31.0/go.mod h1:0VNZtzXhyDofkNNZXXPw8LSLvi3vyG6LXo7XvcWv2X4= +github.com/ProtonMail/go-crypto v1.2.0 h1:+PhXXn4SPGd+qk76TlEePBfOfivE0zkWFenhGhFLzWs= +github.com/ProtonMail/go-crypto v1.2.0/go.mod h1:9whxjD8Rbs29b4XWbB8irEcE8KHMqaR2e7GWU1R+/PE= +github.com/PuerkitoBio/goquery v1.10.3 h1:pFYcNSqHxBD06Fpj/KsbStFRsgRATgnf3LeXiUkhzPo= +github.com/PuerkitoBio/goquery v1.10.3/go.mod h1:tMUX0zDMHXYlAQk6p35XxQMqMweEKB7iK7iLNd4RH4Y= +github.com/Yamashou/gqlgenc v0.32.1 h1:EHs9//xQxXlyltkSFXM+fhO2rTXcWNw6FPKRJ6t+iQQ= +github.com/Yamashou/gqlgenc v0.32.1/go.mod h1:o5SxKt9d3+oUZ2i0V3CW8lHFyunfLR+KcKHubS4zf5E= github.com/agnivade/levenshtein v1.2.1 h1:EHBY3UOn1gwdy/VbFwgo4cxecRznFk7fKWN1KOX7eoM= github.com/agnivade/levenshtein v1.2.1/go.mod h1:QVVI16kDrtSuwcpd0p1+xMC6Z/VfhtCyDIjcwga4/DU= github.com/ajstarks/deck v0.0.0-20200831202436-30c9fc6549a9/go.mod h1:JynElWSGnm/4RlzPXRlREEwqTHAN3T56Bv2ITsFT3gY= @@ -666,8 +666,8 @@ github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdK github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/aws/aws-sdk-go v1.44.122/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= -github.com/aws/aws-sdk-go v1.55.6 h1:cSg4pvZ3m8dgYcgqB97MrcdjUmZ1BeMYKUxMMB89IPk= -github.com/aws/aws-sdk-go v1.55.6/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= +github.com/aws/aws-sdk-go v1.55.7 h1:UJrkFq7es5CShfBwlWAC8DA077vp8PyVbQd3lqLiztE= +github.com/aws/aws-sdk-go v1.55.7/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k= github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -689,12 +689,12 @@ github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XL github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/charmbracelet/colorprofile v0.3.0 h1:KtLh9uuu1RCt+Hml4s6Hz+kB1PfV3wi++1h5ia65yKQ= -github.com/charmbracelet/colorprofile v0.3.0/go.mod h1:oHJ340RS2nmG1zRGPmhJKJ/jf4FPNNk0P39/wBPA1G0= +github.com/charmbracelet/colorprofile v0.3.1 h1:k8dTHMd7fgw4bnFd7jXTLZrSU/CQrKnL3m+AxCzDz40= +github.com/charmbracelet/colorprofile v0.3.1/go.mod h1:/GkGusxNs8VB/RSOh3fu0TJmQ4ICMMPApIIVn0KszZ0= github.com/charmbracelet/lipgloss v1.1.0 h1:vYXsiLHVkK7fp74RkV7b2kq9+zDLoEU4MZoFqR/noCY= github.com/charmbracelet/lipgloss v1.1.0/go.mod h1:/6Q8FR2o+kj8rz4Dq0zQc3vYf7X+B0binUUBwA0aL30= -github.com/charmbracelet/x/ansi v0.8.0 h1:9GTq3xq9caJW8ZrBTe0LIe2fvfLR/bYXKTx2llXn7xE= -github.com/charmbracelet/x/ansi v0.8.0/go.mod h1:wdYl/ONOLHLIVmQaxbIYEC/cRKOQyjTkowiI4blgS9Q= +github.com/charmbracelet/x/ansi v0.9.2 h1:92AGsQmNTRMzuzHEYfCdjQeUzTrgE1vfO5/7fEVoXdY= +github.com/charmbracelet/x/ansi v0.9.2/go.mod h1:3RQDQ6lDnROptfpWuUVIUG64bD2g2BgntdxH0Ya5TeE= github.com/charmbracelet/x/cellbuf v0.0.13 h1:/KBBKHuVRbq1lYx5BzEHBAFBP8VcQzJejZ/IA3iR28k= github.com/charmbracelet/x/cellbuf v0.0.13/go.mod h1:xe0nKWGd3eJgtqZRaN9RjMtK7xUYchjzPr7q6kcvCCs= github.com/charmbracelet/x/term v0.2.1 h1:AQeHeLZ1OqSXhrAWpYUtZyX1T3zVxfpZuEQMIQaGIAQ= @@ -704,8 +704,8 @@ github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWR github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cloudflare/circl v1.6.0 h1:cr5JKic4HI+LkINy2lg3W2jF8sHCVTBncJr5gIIq7qk= -github.com/cloudflare/circl v1.6.0/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs= +github.com/cloudflare/circl v1.6.1 h1:zqIqSPIndyBh1bjLVVDHMPpVKqp8Su/V+6MeDzzQBQ0= +github.com/cloudflare/circl v1.6.1/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs= github.com/cloudwego/base64x v0.1.5 h1:XPciSp1xaq2VCSt6lF0phncD4koWyULpl5bUxbfCyP4= github.com/cloudwego/base64x v0.1.5/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w= github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY= @@ -722,12 +722,12 @@ github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWH github.com/cncf/xds/go v0.0.0-20220314180256-7f1daf1720fc/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20230105202645-06c439db220b/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20250326154945-ae57f3c0d45f h1:C5bqEmzEPLsHm9Mv73lSE9e9bKV23aB1vxOsmZrkl3k= -github.com/cncf/xds/go v0.0.0-20250326154945-ae57f3c0d45f/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8= +github.com/cncf/xds/go v0.0.0-20250501225837-2ac532fd4443 h1:aQ3y1lwWyqYPiWZThqv1aFbZMiM9vblcSArJRf2Irls= +github.com/cncf/xds/go v0.0.0-20250501225837-2ac532fd4443/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8= github.com/cockroachdb/apd/v2 v2.0.2 h1:weh8u7Cneje73dDh+2tEVLUvyBc89iwepWCD8b8034E= github.com/cockroachdb/apd/v2 v2.0.2/go.mod h1:DDxRlzC2lo3/vSlmSoS7JkqbbrARPuFOGr0B9pvN3Gw= -github.com/cpuguy83/go-md2man/v2 v2.0.6 h1:XJtiaUW6dEEqVuZiMTn1ldk455QWwEIsMIJlo5vtkx0= -github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= +github.com/cpuguy83/go-md2man/v2 v2.0.7 h1:zbFlGlXEAKlwXpmvle3d8Oe3YnkKIK4xSRTd3sHPnBo= +github.com/cpuguy83/go-md2man/v2 v2.0.7/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.24 h1:bJrF4RRfyJnbTJqzRLHzcGaZK1NeM5kTC9jGgovnR1s= github.com/creack/pty v1.1.24/go.mod h1:08sCNb52WyoAwi2QDyzUCTgcvVFhUzewun7wtTfvcwE= @@ -775,11 +775,11 @@ github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= github.com/fogleman/gg v1.3.0/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= -github.com/gabriel-vasile/mimetype v1.4.8 h1:FfZ3gj38NjllZIeJAmMhr+qKL8Wu+nOoI3GqacKw1NM= -github.com/gabriel-vasile/mimetype v1.4.8/go.mod h1:ByKUIKGjh1ODkGM1asKUbQZOLGrPjydw3hYPU2YU9t8= +github.com/gabriel-vasile/mimetype v1.4.9 h1:5k+WDwEsD9eTLL8Tz3L0VnmVh9QxGjRmjBvAG7U/oYY= +github.com/gabriel-vasile/mimetype v1.4.9/go.mod h1:WnSQhFKJuBlRyLiKohA/2DtIlPFAbguNaG7QCHcyGok= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/gin-contrib/sse v1.0.0 h1:y3bT1mUWUxDpW4JLQg/HnTqV4rozuW4tC9eFKTxYI9E= -github.com/gin-contrib/sse v1.0.0/go.mod h1:zNuFdwarAygJBht0NTKiSi3jRf6RbqeILZ9Sp6Slhe0= +github.com/gin-contrib/sse v1.1.0 h1:n0w2GMuUpWDVp7qSpvze6fAu9iRxJY4Hmj6AmBOU05w= +github.com/gin-contrib/sse v1.1.0/go.mod h1:hxRZ5gVpWMT7Z0B0gSNYqqsSCNIJMjzvm6fqCz9vjwM= github.com/gin-gonic/gin v1.10.0 h1:nTuyha1TYqgedzytsKYqna+DfLos46nTv2ygFy86HFU= github.com/gin-gonic/gin v1.10.0/go.mod h1:4PMNQiOhvDRa013RKVbsiNwoyezlm2rm0uX/T7kzp5Y= github.com/gliderlabs/ssh v0.3.8 h1:a4YXD1V7xMF9g5nTkdfnja3Sxy1PVDCj1Zg4Wb8vY6c= @@ -795,11 +795,13 @@ github.com/go-git/go-billy/v5 v5.6.2 h1:6Q86EsPXMa7c3YZ3aLAQsMA0VlWmy43r6FHqa/UN github.com/go-git/go-billy/v5 v5.6.2/go.mod h1:rcFC2rAsp/erv7CMz9GczHcuD0D32fWzH+MJAU+jaUU= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII= -github.com/go-git/go-git/v5 v5.14.0 h1:/MD3lCrGjCen5WfEAzKg00MJJffKhC8gzS80ycmCi60= -github.com/go-git/go-git/v5 v5.14.0/go.mod h1:Z5Xhoia5PcWA3NF8vRLURn9E5FRhSl7dGj9ItW3Wk5k= +github.com/go-git/go-git/v5 v5.16.0 h1:k3kuOEpkc0DeY7xlL6NaaNg39xdgQbtH5mwCafHO9AQ= +github.com/go-git/go-git/v5 v5.16.0/go.mod h1:4Ge4alE/5gPs30F2H1esi2gPd69R0C39lolkucHBOp8= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= +github.com/go-jose/go-jose/v4 v4.1.0 h1:cYSYxd3pw5zd2FSXk2vGdn9igQU2PS8MuxrCOCl0FdY= +github.com/go-jose/go-jose/v4 v4.1.0/go.mod h1:GG/vqmYm3Von2nYiB2vGTXzdoNKE5tix5tuc6iAd+sw= github.com/go-latex/latex v0.0.0-20210118124228-b3d85cf34e07/go.mod h1:CO1AlKB2CSIqUrmQPqA0gdRIlnLEY0gK5JGjh37zN5U= github.com/go-latex/latex v0.0.0-20210823091927-c0d11ff05a81/go.mod h1:SX0U8uGpxhq9o2S/CELCSUxEWWAuoCUcVCQWv7G2OCk= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= @@ -815,8 +817,8 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= -github.com/go-playground/validator/v10 v10.25.0 h1:5Dh7cjvzR7BRZadnsVOzPhWsrwUr0nmsZJxEAnFLNO8= -github.com/go-playground/validator/v10 v10.25.0/go.mod h1:GGzBIJMuE98Ic/kJsBXbz1x/7cByt++cQ+YOuDM5wus= +github.com/go-playground/validator/v10 v10.26.0 h1:SP05Nqhjcvz81uJaRfEV0YBSSSGMc/iMaVtFbr3Sw2k= +github.com/go-playground/validator/v10 v10.26.0/go.mod h1:I5QpIEbmr8On7W0TktmJAumgzX4CA1XNl4ZmDuVHKKo= github.com/go-viper/mapstructure/v2 v2.2.1 h1:ZAaOCxANMuZx5RCeg0mBdEZk7DZasvvZIxtHqx8aGss= github.com/go-viper/mapstructure/v2 v2.2.1/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM= github.com/goccy/go-json v0.9.11/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= @@ -1042,14 +1044,12 @@ github.com/muesli/termenv v0.16.0 h1:S5AlUN9dENB57rsbnkPyfdGuWIlkmzJjbFf0Tf5FWUc github.com/muesli/termenv v0.16.0/go.mod h1:ZRfOIKPFDYQoDFF4Olj7/QJbW60Ol/kL1pU3VfY/Cnk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/nhost/be v0.0.0-20250422101003-abc23b01cf94 h1:6LHDqiuJ7PPYgJLgPx1h0aawmAfUq22aRZQf0Xmqn5Q= -github.com/nhost/be v0.0.0-20250422101003-abc23b01cf94/go.mod h1:iCDJSYqKoUYJrO2/bRJBRltPweMnrKZKsfzgzS7z1/M= -github.com/nhost/be v0.0.0-20250424140218-1be7f62eade6 h1:N3fk5163vs93510svymHslBoH/RziWEVB+h/yBAiYgE= -github.com/nhost/be v0.0.0-20250424140218-1be7f62eade6/go.mod h1:iCDJSYqKoUYJrO2/bRJBRltPweMnrKZKsfzgzS7z1/M= +github.com/nhost/be v0.0.0-20250506064156-ba09da107493 h1:zu4fe9HBPvWGaJpfp2QG2ncIdERmUbNIyJLVRR2kntk= +github.com/nhost/be v0.0.0-20250506064156-ba09da107493/go.mod h1:6cXrYoPv/GuHNC+wzvOMyK/ou53HZlMT2FTq4zZEVUs= github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY= -github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M= -github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc= +github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0t5Ec4= +github.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY= github.com/phpdave11/gofpdf v1.4.2/go.mod h1:zpO6xFn9yxo3YLyMvW8HcKWVdbNqgIfOOp2dXMnm1mY= github.com/phpdave11/gofpdi v1.0.12/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI= github.com/phpdave11/gofpdi v1.0.13/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI= @@ -1068,17 +1068,17 @@ github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10/go.mod h1 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_golang v1.21.1 h1:DOvXXTqVzvkIewV/CDPFdejpMCGeMcbGCQ8YOmu+Ibk= -github.com/prometheus/client_golang v1.21.1/go.mod h1:U9NM32ykUErtVBxdvD3zfi+EuFkkaBvMb09mIfe0Zgg= +github.com/prometheus/client_golang v1.22.0 h1:rb93p9lokFEsctTys46VnV1kLCDpVZ0a/Y92Vm0Zc6Q= +github.com/prometheus/client_golang v1.22.0/go.mod h1:R7ljNsLXhuQXYZYtw6GAE9AZg8Y7vEW5scdCXrWRXC0= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w= -github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= -github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= +github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk= +github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE= github.com/prometheus/common v0.63.0 h1:YR/EIY1o3mEFP/kZCD7iDMnLPlGyuU2Gb3HIcXnA98k= github.com/prometheus/common v0.63.0/go.mod h1:VVFF/fBIoToEnWRVkYoXEkq3R3paCoxG9PXP74SnV18= -github.com/prometheus/procfs v0.16.0 h1:xh6oHhKwnOJKMYiYBDWmkHqQPyiY40sny36Cmx2bbsM= -github.com/prometheus/procfs v0.16.0/go.mod h1:8veyXUu3nGP7oaCxhX6yeaM5u4stL2FeMXnCqhDthZg= +github.com/prometheus/procfs v0.16.1 h1:hZ15bTNuirocR6u0JZ6BAHHmwS1p8B4P6MRqxtzMyRg= +github.com/prometheus/procfs v0.16.1/go.mod h1:teAbpZRB1iIAJYREa1LsoWUXykVXA1KlTmWl8x/U+Is= github.com/protocolbuffers/txtpbfmt v0.0.0-20241112170944-20d2c9ebc01d h1:HWfigq7lB31IeJL8iy7jkUmU/PG1Sr8jVGhS749dbUA= github.com/protocolbuffers/txtpbfmt v0.0.0-20241112170944-20d2c9ebc01d/go.mod h1:jgxiZysxFPM+iWKwQwPR+y+Jvo54ARd4EisXxKYpB5c= github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo= @@ -1112,10 +1112,11 @@ github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasO github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY520V4= github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I= github.com/spf13/afero v1.9.2/go.mod h1:iUV7ddyEEZPO5gA3zD4fJt6iStLlL+Lg4m2cihcDf8Y= +github.com/spiffe/go-spiffe/v2 v2.5.0 h1:N2I01KCUkv1FAjZXJMwh95KK1ZIQLYbPfhaxw8WS0hE= +github.com/spiffe/go-spiffe/v2 v2.5.0/go.mod h1:P+NxobPc6wXhVtINNtFjNWGBTreew1GBUCwT2wPmb7g= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= -github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= @@ -1126,7 +1127,6 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= -github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/tidwall/gjson v1.14.2/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= @@ -1152,8 +1152,8 @@ github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6Kllzaw github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= github.com/valyala/fasttemplate v1.2.2 h1:lxLXG0uE3Qnshl9QyaK6XJxMXlQZELvChBOCmQD0Loo= github.com/valyala/fasttemplate v1.2.2/go.mod h1:KHLXt3tVN2HBp8eijSv/kGJopbvo7S+qRAEEKiv+SiQ= -github.com/vektah/gqlparser/v2 v2.5.23 h1:PurJ9wpgEVB7tty1seRUwkIDa/QH5RzkzraiKIjKLfA= -github.com/vektah/gqlparser/v2 v2.5.23/go.mod h1:D1/VCZtV3LPnQrcPBeR/q5jkSQIPti0uYCP/RI0gIeo= +github.com/vektah/gqlparser/v2 v2.5.26 h1:REqqFkO8+SOEgZHR/eHScjjVjGS8Nk3RMO/juiTobN4= +github.com/vektah/gqlparser/v2 v2.5.26/go.mod h1:D1/VCZtV3LPnQrcPBeR/q5jkSQIPti0uYCP/RI0gIeo= github.com/wI2L/jsondiff v0.6.1 h1:ISZb9oNWbP64LHnu4AUhsMF5W0FIj5Ok3Krip9Shqpw= github.com/wI2L/jsondiff v0.6.1/go.mod h1:KAEIojdQq66oJiHhDyQez2x+sRit0vIzC9KeK0yizxM= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= @@ -1170,6 +1170,8 @@ github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1 github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/zeebo/assert v1.3.0/go.mod h1:Pq9JiuJQpG8JLJdtkwrJESF0Foym2/D9XMU5ciN/wJ0= +github.com/zeebo/errs v1.4.0 h1:XNdoD/RRMKP7HD0UhJnIzUy74ISdGGxURlYG8HSWSfM= +github.com/zeebo/errs v1.4.0/go.mod h1:sgbWHsvVuTPHcqJJGQ1WhI5KbWlHYz+2+2C/LSEtCw4= github.com/zeebo/xxh3 v1.0.2/go.mod h1:5NWz9Sef7zIDm2JHfFlcQvNekmcEl9ekUZQQKCYaDcA= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= @@ -1189,8 +1191,8 @@ go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 h1:sbiXRND go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0/go.mod h1:69uWxva0WgAA/4bu2Yy70SLDBwZXuQ6PbBpbsa5iZrQ= go.opentelemetry.io/otel v1.35.0 h1:xKWKPxrxB6OtMCbmMY021CqC45J+3Onta9MqjhnusiQ= go.opentelemetry.io/otel v1.35.0/go.mod h1:UEqy8Zp11hpkUrL73gSlELM0DupHoiq72dR+Zqel/+Y= -go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.29.0 h1:WDdP9acbMYjbKIyJUhTvtzj601sVJOqgWdUxSdR/Ysc= -go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.29.0/go.mod h1:BLbf7zbNIONBLPwvFnwNHGj4zge8uTCM/UPIVW1Mq2I= +go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.35.0 h1:PB3Zrjs1sG1GBX51SXyTSoOTqcDglmsk7nT6tkKPb/k= +go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.35.0/go.mod h1:U2R3XyVPzn0WX7wOIypPuptulsMcPDPs/oiSVOMVnHY= go.opentelemetry.io/otel/metric v1.35.0 h1:0znxYu2SNyuMSQT4Y9WDWej0VpcsxkuklLa4/siN90M= go.opentelemetry.io/otel/metric v1.35.0/go.mod h1:nKVFgxBZ2fReX6IlyW28MgZojkoAkJGaE8CpgeAU3oE= go.opentelemetry.io/otel/sdk v1.35.0 h1:iPctf8iprVySXSKJffSS79eOjl9pvxV9ZqOWT0QejKY= @@ -1204,8 +1206,8 @@ go.opentelemetry.io/proto/otlp v0.15.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI go.opentelemetry.io/proto/otlp v0.19.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= go.uber.org/mock v0.5.0 h1:KAMbZvZPyBPWgD14IrIQ38QCyjwpvVVV6K/bHl1IwQU= go.uber.org/mock v0.5.0/go.mod h1:ge71pBPLYDk7QIi1LupWxdAykm7KIEFchiOqd6z7qMM= -golang.org/x/arch v0.15.0 h1:QtOrQd0bTUnhNVNndMpLHNWrDmYzZ2KDqSrEymqInZw= -golang.org/x/arch v0.15.0/go.mod h1:JmwW7aLIoRUKgaTzhkiEFxvcEiQGyOg9BMonBJUS7EE= +golang.org/x/arch v0.17.0 h1:4O3dfLzd+lQewptAHqjewQZQDyEdejz3VwgeYwkZneU= +golang.org/x/arch v0.17.0/go.mod h1:bdwinDaKcfZUGpH09BB7ZmOfhalA8lQdzl62l8gGWsk= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= @@ -1220,8 +1222,8 @@ golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliY golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc= -golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34= -golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc= +golang.org/x/crypto v0.38.0 h1:jt+WWG8IZlBnVbomuhg2Mdq0+BBQaHbtqHEFEigjUV8= +golang.org/x/crypto v0.38.0/go.mod h1:MvrbAqul58NNYPKnOra203SB9vpuZW0e+RRZV+Ggqjw= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -1237,8 +1239,8 @@ golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= golang.org/x/exp v0.0.0-20220827204233-334a2380cb91/go.mod h1:cyybsKvd6eL0RnXn6p/Grxp8F5bW7iYuBgsNCOHpMYE= -golang.org/x/exp v0.0.0-20250106191152-7588d65b2ba8 h1:yqrTHse8TCMW1M1ZCP+VAR/l0kKxwaAIqN/il7x4voA= -golang.org/x/exp v0.0.0-20250106191152-7588d65b2ba8/go.mod h1:tujkw807nyEEAamNbDrEGzRav+ilXA7PCRAd6xsmwiU= +golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= +golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= @@ -1349,8 +1351,8 @@ golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k= -golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8= -golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8= +golang.org/x/net v0.40.0 h1:79Xs7wF06Gbdcg4kdCCIQArK11Z1hr5POQ6+fIYHNuY= +golang.org/x/net v0.40.0/go.mod h1:y0hY0exeL2Pku80/zKK7tpntoX23cqL3Oa6njdgRtds= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1380,8 +1382,8 @@ golang.org/x/oauth2 v0.4.0/go.mod h1:RznEsdpjGAINPTOF0UH/t+xJ75L18YO3Ho6Pyn+uRec golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I= golang.org/x/oauth2 v0.6.0/go.mod h1:ycmewcwgD4Rpr3eZJLSB4Kyyljb3qDh40vJ8STE5HKw= golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4= -golang.org/x/oauth2 v0.28.0 h1:CrgCKl8PPAVtLnU3c+EDw6x11699EWlsDeWNWKdIOkc= -golang.org/x/oauth2 v0.28.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8= +golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI= +golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1402,8 +1404,8 @@ golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw= -golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= +golang.org/x/sync v0.14.0 h1:woo0S4Yywslg6hp4eUFjTVOyKt0RookbpAHG4c1HmhQ= +golang.org/x/sync v0.14.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1489,8 +1491,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik= -golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw= +golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -1505,8 +1507,8 @@ golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek= -golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y= -golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g= +golang.org/x/term v0.32.0 h1:DR4lr0TjUs3epypdhTOkMmuF5CDFJ/8pOnbzMZPQ7bg= +golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1527,8 +1529,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= -golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY= -golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4= +golang.org/x/text v0.25.0 h1:qVyWApTSYLk/drJRO5mDlNYskwQznZmkpV2c8q9zls4= +golang.org/x/text v0.25.0/go.mod h1:WEdwpYrmk1qmdHvhkSTNPm3app7v4rsT8F2UD6+VHIA= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -1600,8 +1602,8 @@ golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= -golang.org/x/tools v0.31.0 h1:0EedkvKDbh+qistFTd0Bcwe/YLh4vHwWEkiI0toFIBU= -golang.org/x/tools v0.31.0/go.mod h1:naFTU+Cev749tSJRXJlna0T3WxKvb1kWEx15xA4SdmQ= +golang.org/x/tools v0.32.0 h1:Q7N1vhpkQv7ybVzLFtTjvQya2ewbwNDZzUgfXGqtMWU= +golang.org/x/tools v0.32.0/go.mod h1:ZxrU41P/wAbZD8EDa6dDCa6XfpkhJ7HFMjHJXfBDu8s= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1675,8 +1677,8 @@ google.golang.org/api v0.108.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/ google.golang.org/api v0.110.0/go.mod h1:7FC4Vvx1Mooxh8C5HWjzZHcavuS2f6pmJpZx60ca7iI= google.golang.org/api v0.111.0/go.mod h1:qtFHvU9mhgTJegR31csQ+rwxyUTHOKFqCKWp1J0fdw0= google.golang.org/api v0.114.0/go.mod h1:ifYI2ZsFK6/uGddGfAD5BMxlnkBqCmqHSDUVi45N5Yg= -google.golang.org/api v0.228.0 h1:X2DJ/uoWGnY5obVjewbp8icSL5U4FzuCfy9OjbLSnLs= -google.golang.org/api v0.228.0/go.mod h1:wNvRS1Pbe8r4+IfBIniV8fwCpGwTrYa+kMUDiC5z5a4= +google.golang.org/api v0.231.0 h1:LbUD5FUl0C4qwia2bjXhCMH65yz1MLPzA/0OYEsYY7Q= +google.golang.org/api v0.231.0/go.mod h1:H52180fPI/QQlUc0F4xWfGZILdv09GCWKt2bcsn164A= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1816,12 +1818,12 @@ google.golang.org/genproto v0.0.0-20230323212658-478b75c54725/go.mod h1:UUQDJDOl google.golang.org/genproto v0.0.0-20230330154414-c0448cd141ea/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak= google.golang.org/genproto v0.0.0-20230331144136-dcfb400f0633/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak= google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU= -google.golang.org/genproto v0.0.0-20250324211829-b45e905df463 h1:qEFnJI6AnfZk0NNe8YTyXQh5i//Zxi4gBHwRgp76qpw= -google.golang.org/genproto v0.0.0-20250324211829-b45e905df463/go.mod h1:SqIx1NV9hcvqdLHo7uNZDS5lrUJybQ3evo3+z/WBfA0= -google.golang.org/genproto/googleapis/api v0.0.0-20250324211829-b45e905df463 h1:hE3bRWtU6uceqlh4fhrSnUyjKHMKB9KrTLLG+bc0ddM= -google.golang.org/genproto/googleapis/api v0.0.0-20250324211829-b45e905df463/go.mod h1:U90ffi8eUL9MwPcrJylN5+Mk2v3vuPDptd5yyNUiRR8= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250324211829-b45e905df463 h1:e0AIkUUhxyBKh6ssZNrAMeqhA7RKUj42346d1y02i2g= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250324211829-b45e905df463/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= +google.golang.org/genproto v0.0.0-20250505200425-f936aa4a68b2 h1:1tXaIXCracvtsRxSBsYDiSBN0cuJvM7QYW+MrpIRY78= +google.golang.org/genproto v0.0.0-20250505200425-f936aa4a68b2/go.mod h1:49MsLSx0oWMOZqcpB3uL8ZOkAh1+TndpJ8ONoCBWiZk= +google.golang.org/genproto/googleapis/api v0.0.0-20250505200425-f936aa4a68b2 h1:vPV0tzlsK6EzEDHNNH5sa7Hs9bd7iXR7B1tSiPepkV0= +google.golang.org/genproto/googleapis/api v0.0.0-20250505200425-f936aa4a68b2/go.mod h1:pKLAc5OolXC3ViWGI62vvC0n10CpwAtRcTNCFwTKBEw= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250505200425-f936aa4a68b2 h1:IqsN8hx+lWLqlN+Sc3DoMy/watjofWiU8sRFgQ8fhKM= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250505200425-f936aa4a68b2/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1863,8 +1865,8 @@ google.golang.org/grpc v1.52.3/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5v google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw= google.golang.org/grpc v1.54.0/go.mod h1:PUSEXI6iWghWaB6lXM4knEgpJNu2qUcKfDtNci3EC2g= google.golang.org/grpc v1.56.3/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= -google.golang.org/grpc v1.71.0 h1:kF77BGdPTQ4/JZWMlb9VpJ5pa25aqvVqogsxNHHdeBg= -google.golang.org/grpc v1.71.0/go.mod h1:H0GRtasmQOh9LkFoCPDu3ZrwUtD1YGE+b2vYBYd/8Ec= +google.golang.org/grpc v1.72.0 h1:S7UkcVa60b5AAQTaO6ZKamFp1zMZSU0fGDK2WZLbBnM= +google.golang.org/grpc v1.72.0/go.mod h1:wH5Aktxcg25y1I3w7H69nHfXdOG3UiadoBtjh3izSDM= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= diff --git a/nhostclient/request_test.go b/nhostclient/request_test.go index 3128b432e..bcb8426d0 100644 --- a/nhostclient/request_test.go +++ b/nhostclient/request_test.go @@ -1,7 +1,6 @@ package nhostclient_test import ( - "context" "encoding/json" "errors" "net/http" @@ -95,7 +94,7 @@ func TestMakeJSONRequest(t *testing.T) { var responsePayload any err := nhostclient.MakeJSONRequest( - context.Background(), + t.Context(), &http.Client{}, //nolint: exhaustruct ts.URL, http.MethodPost, diff --git a/ssl/.ssl/local-fullchain.pem b/ssl/.ssl/local-fullchain.pem index 2c1e2c333..1e3d21378 100644 --- a/ssl/.ssl/local-fullchain.pem +++ b/ssl/.ssl/local-fullchain.pem @@ -1,52 +1,52 @@ -----BEGIN CERTIFICATE----- -MIIEZzCCA+2gAwIBAgISBnf0iiTMA88y/JlLTM7zmJUwMAoGCCqGSM49BAMDMDIx +MIIEajCCA++gAwIBAgISBh4LsKNnliTZ6F2XwobFNqA6MAoGCCqGSM49BAMDMDIx CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF -NjAeFw0yNTAzMjgwNzU1MDVaFw0yNTA2MjYwNzU1MDRaMB8xHTAbBgNVBAMTFGxv -Y2FsLmF1dGgubmhvc3QucnVuMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwf7Q -MI+YwtjRGGgQcGrKOiz3Cxay2CYKVwWm7TlG9f2MFxm8o7xMsYJ81houmtWUGLkt -5OUNJ9rGWLShDHtiIqOCAvQwggLwMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAU -BggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUWhb7 -yuZpsN1u651HYIEg4/h53YYwHwYDVR0jBBgwFoAUkydGmAOpUWiOmNbEQkjbI79Y -lNIwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8vZTYuby5sZW5j -ci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9lNi5pLmxlbmNyLm9yZy8wgc4GA1Ud +NTAeFw0yNTA0MjkwNzQ1MTlaFw0yNTA3MjgwNzQ1MThaMB8xHTAbBgNVBAMTFGxv +Y2FsLmF1dGgubmhvc3QucnVuMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEjM7w +4oMoF6KpjQS6GqgR+LJJDKDo93uARhSWMoGygBr8Sk3VIHXgH3cJyT7OQJ4P4UNH +a0Guga6/ykdPpJVT/KOCAvYwggLyMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAU +BggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUCMWn +UaGvoXmYnlyH6/BamATvc4AwHwYDVR0jBBgwFoAUnytfzzwhT50Et+0rLMTGcIvS +1w0wVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8vZTUuby5sZW5j +ci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9lNS5pLmxlbmNyLm9yZy8wgc4GA1Ud EQSBxjCBw4IUbG9jYWwuYXV0aC5uaG9zdC5ydW6CGWxvY2FsLmRhc2hib2FyZC5u aG9zdC5ydW6CEmxvY2FsLmRiLm5ob3N0LnJ1boIZbG9jYWwuZnVuY3Rpb25zLm5o b3N0LnJ1boIXbG9jYWwuZ3JhcGhxbC5uaG9zdC5ydW6CFmxvY2FsLmhhc3VyYS5u aG9zdC5ydW6CF2xvY2FsLm1haWxob2cubmhvc3QucnVughdsb2NhbC5zdG9yYWdl Lm5ob3N0LnJ1bjATBgNVHSAEDDAKMAgGBmeBDAECATAtBgNVHR8EJjAkMCKgIKAe -hhxodHRwOi8vZTYuYy5sZW5jci5vcmcvNDkuY3JsMIIBAwYKKwYBBAHWeQIEAgSB -9ASB8QDvAHYAfVkeEuF4KnscYWd8Xv340IdcFKBOlZ65Ay/ZDowuebgAAAGV2/Tr -AQAABAMARzBFAiAJoF3NE2NhDQZgl/k/AqC2KCQ08ZdMVRZ8A38XMIzt5AIhAN/L -bBlYo6Quth2xy85el/qdj9HVQ6A+P5Uu9k8p1SGKAHUAzPsPaoVxCWX+lZtTzumy -fCLphVwNl422qX5UwP5MDbAAAAGV2/TrCgAABAMARjBEAiAo3Spfc7LSSvyqzERj -OcFQYImny4+bTTVOpUpQU+p+oAIgT/i16P6K9ZI+vZnikFkxNgEOQDpwxVgL3jCJ -1oUHt28wCgYIKoZIzj0EAwMDaAAwZQIxANYvU6EEyxAWSfL3MGtUstrIf7W0UaRx -JRuFxmWTjN2mr0TqOekdk++savWDvveywwIwfGym79dTtLylegN3S3cAoV2RBJdR -JTsI1hNO3JAnEZpH8Edyj2OIRV+sOClgUlHf +hhxodHRwOi8vZTUuYy5sZW5jci5vcmcvNTkuY3JsMIIBBQYKKwYBBAHWeQIEAgSB +9gSB8wDxAHcADeHyMCvTDcFAYhIJ6lUu/Ed0fLHX6TDvDkIetH5OqjQAAAGWgLd6 +SgAABAMASDBGAiEA2IY0senkwlgCihk6yQTDhC6s3dvykzrSy0O8ZAiuVt8CIQC7 +u/SEoy7ZjWOAALnEat9zmPjL258TOquNTOzNLJmZwgB2AKRCxQZJYGFUjw/U6pz7 +ei0mRU2HqX8v30VZ9idPOoRUAAABloC3ghkAAAQDAEcwRQIgRAADUcOfI9lgehYp +3AmogSWZKu6DrgR4H6OCeJdtYwkCIQDwQ/Wt9Lkeb4ThY7R4moXv7u+k5Ntmys1E +ZwkTvkPlZTAKBggqhkjOPQQDAwNpADBmAjEAhZXhVI4d0t6vQcbzoti2UFWSw/6I +IEQdZ3Ra03IwaQ76+QmgGKpZwqF2tZn6TgoVAjEA5k3Xz4D48DMIpJ/2Wl9mMOjD +im5o6V9Y026XQ9E7NvdmL1zxUtMPw2j2d/1R14CU -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIEVzCCAj+gAwIBAgIRALBXPpFzlydw27SHyzpFKzgwDQYJKoZIhvcNAQELBQAw +MIIEVzCCAj+gAwIBAgIRAIOPbGPOsTmMYgZigxXJ/d4wDQYJKoZIhvcNAQELBQAw TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg -RW5jcnlwdDELMAkGA1UEAxMCRTYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ8Z5G -h/ghcWCoJuuj+rnq2h25EqfUJtlRFLFhfHWWvyILOR/VvtEKRqotPEoJhC6+QJVV -6RlAN2Z17TJOdwRJ+HB7wxjnzvdxEP6sdNgA1O1tHHMWMxCcOrLqbGL0vbijgfgw +RW5jcnlwdDELMAkGA1UEAxMCRTUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNCzqK +a2GOtu/cX1jnxkJFVKtj9mZhSAouWXW0gQI3ULc/FnncmOyhKJdyIBwsz9V8UiBO +VHhbhBRrwJCuhezAUUE8Wod/Bk3U/mDR+mwt4X2VEIiiCFQPmRpM5uoKrNijgfgw gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD -ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTJ0aYA6lRaI6Y1sRCSNsj -v1iU0jAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB +ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSfK1/PPCFPnQS37SssxMZw +i9LXDTAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu -Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAfYt7SiA1sgWGCIpunk46r4AExIRc -MxkKgUhNlrrv1B21hOaXN/5miE+LOTbrcmU/M9yvC6MVY730GNFoL8IhJ8j8vrOL -pMY22OP6baS1k9YMrtDTlwJHoGby04ThTUeBDksS9RiuHvicZqBedQdIF65pZuhp -eDcGBcLiYasQr/EO5gxxtLyTmgsHSOVSBcFOn9lgv7LECPq9i7mfH3mpxgrRKSxH -pOoZ0KXMcB+hHuvlklHntvcI0mMMQ0mhYj6qtMFStkF1RpCG3IPdIwpVCQqu8GV7 -s8ubknRzs+3C/Bm19RFOoiPpDkwvyNfvmQ14XkyqqKK5oZ8zhD32kFRQkxa8uZSu -h4aTImFxknu39waBxIRXE4jKxlAmQc4QjFZoq1KmQqQg0J/1JF8RlFvJas1VcjLv -YlvUB2t6npO6oQjB3l+PNf0DpQH7iUx3Wz5AjQCi6L25FjyE06q6BZ/QlmtYdl/8 -ZYao4SRqPEs/6cAiF+Qf5zg2UkaWtDphl1LKMuTNLotvsX99HP69V2faNyegodQ0 -LyTApr/vT01YPE46vNsDLgK+4cL6TrzC/a4WcmF5SRJ938zrv/duJHLXQIku5v0+ -EwOy59Hdm0PT/Er/84dDV0CSjdR/2XuZM3kpysSKLgD1cKiDA+IRguODCxfO9cyY -Ig46v9mFmBvyH04= +Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAH3KdNEVCQdqk0LKyuNImTKdRJY1C +2uw2SJajuhqkyGPY8C+zzsufZ+mgnhnq1A2KVQOSykOEnUbx1cy637rBAihx97r+ +bcwbZM6sTDIaEriR/PLk6LKs9Be0uoVxgOKDcpG9svD33J+G9Lcfv1K9luDmSTgG +6XNFIN5vfI5gs/lMPyojEMdIzK9blcl2/1vKxO8WGCcjvsQ1nJ/Pwt8LQZBfOFyV +XP8ubAp/au3dc4EKWG9MO5zcx1qT9+NXRGdVWxGvmBFRAajciMfXME1ZuGmk3/GO +koAM7ZkjZmleyokP1LGzmfJcUd9s7eeu1/9/eg5XlXd/55GtYjAM+C4DG5i7eaNq +cm2F+yxYIPt6cbbtYVNJCGfHWqHEQ4FYStUyFnv8sjyqU8ypgZaNJ9aVcWSICLOI +E1/Qv/7oKsnZCWJ926wU6RqG1OYPGOi1zuABhLw61cuPVDT28nQS/e6z95cJXq0e +K1BcaJ6fJZsmbjRgD5p3mvEf5vdQM7MCEvU0tHbsx2I5mHHJoABHb8KVBgWp/lcX +GWiWaeOyB7RP+OfDtvi2OsapxXiV7vNVs7fMlrRjY1joKaqmmycnBvAq14AEbtyL +sVfOS66B8apkeFX2NY4XPEYV4ZSCe8VHPrdrERk2wILG3T/EGmSIkCYVUMSnjmJd +VQD9F6Na/+zmXCc= -----END CERTIFICATE----- diff --git a/ssl/.ssl/local-privkey.pem b/ssl/.ssl/local-privkey.pem index a816db4e9..b03a93d5e 100644 --- a/ssl/.ssl/local-privkey.pem +++ b/ssl/.ssl/local-privkey.pem @@ -1,5 +1,5 @@ -----BEGIN PRIVATE KEY----- -MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgTferyDZjXu/qa2w3 -g/ncvULlRlceEHm3Kn2BMC3B9KahRANCAATB/tAwj5jC2NEYaBBwaso6LPcLFrLY -JgpXBabtOUb1/YwXGbyjvEyxgnzWGi6a1ZQYuS3k5Q0n2sZYtKEMe2Ii +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgLuAXLEIKdCYmTFMZ +plmoIKuLZse1FPe1pjASqpYhIfahRANCAASMzvDigygXoqmNBLoaqBH4skkMoOj3 +e4BGFJYygbKAGvxKTdUgdeAfdwnJPs5Ang/hQ0drQa6Brr/KR0+klVP8 -----END PRIVATE KEY----- diff --git a/ssl/.ssl/sub-fullchain.pem b/ssl/.ssl/sub-fullchain.pem index 9c28c978c..82a05d82b 100644 --- a/ssl/.ssl/sub-fullchain.pem +++ b/ssl/.ssl/sub-fullchain.pem @@ -1,12 +1,12 @@ -----BEGIN CERTIFICATE----- -MIIEejCCA/+gAwIBAgISBRenPqFcBWz466R2Jm3E86axMAoGCCqGSM49BAMDMDIx +MIIEfDCCBAKgAwIBAgISBiGeIo67c1Mv7QN0yWi/4s4JMAoGCCqGSM49BAMDMDIx CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF -NjAeFw0yNTAzMjgwNzU2MjhaFw0yNTA2MjYwNzU2MjdaMCExHzAdBgNVBAMMFiou -YXV0aC5sb2NhbC5uaG9zdC5ydW4wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARe -/L/iSDsKOSE8zfRR1NoVoVz8zsRtBFnD/43djxcx6tGdMK4jxBTkruaPo+Egd2kB -kcMl4DEhTB2Bqsp78ej/o4IDBDCCAwAwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQW -MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQx -CyOg6kpHPMveiMHVpz/u3pXAnjAfBgNVHSMEGDAWgBSTJ0aYA6lRaI6Y1sRCSNsj +NjAeFw0yNTA0MjkwNzQ2MjlaFw0yNTA3MjgwNzQ2MjhaMCExHzAdBgNVBAMMFiou +YXV0aC5sb2NhbC5uaG9zdC5ydW4wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQR +S6m0TXJBhtGJylcgVzSmmTvnxXhwpAj6hfwPkniNiVhk5nllWHtd271tOFMBZDdL +wwScoPy0rnEv3+eL//PGo4IDBzCCAwMwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQW +MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBS6 +JXl2jeJ4LjWt85DjymmkawPa/zAfBgNVHSMEGDAWgBSTJ0aYA6lRaI6Y1sRCSNsj v1iU0jBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9lNi5vLmxl bmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL2U2LmkubGVuY3Iub3JnLzCB3gYD VR0RBIHWMIHTghYqLmF1dGgubG9jYWwubmhvc3QucnVughsqLmRhc2hib2FyZC5s @@ -14,15 +14,15 @@ b2NhbC5uaG9zdC5ydW6CFCouZGIubG9jYWwubmhvc3QucnVughsqLmZ1bmN0aW9u cy5sb2NhbC5uaG9zdC5ydW6CGSouZ3JhcGhxbC5sb2NhbC5uaG9zdC5ydW6CGCou aGFzdXJhLmxvY2FsLm5ob3N0LnJ1boIZKi5tYWlsaG9nLmxvY2FsLm5ob3N0LnJ1 boIZKi5zdG9yYWdlLmxvY2FsLm5ob3N0LnJ1bjATBgNVHSAEDDAKMAgGBmeBDAEC -ATAtBgNVHR8EJjAkMCKgIKAehhxodHRwOi8vZTYuYy5sZW5jci5vcmcvNTAuY3Js -MIIBAwYKKwYBBAHWeQIEAgSB9ASB8QDvAHYAzxFW7tUufK/zh1vZaS6b6RpxZ0qw -F+ysAdJbd87MOwgAAAGV2/YuTQAABAMARzBFAiB4Yo+De/7Cgq6szdu7VtyqsNOF -dJT9RkuPZdVVOjpsbgIhAIxSx1yKdiJXA0M/+Mk7QKQGgYQ3R4mFK5SsSk/W+VKv -AHUA5tIxY0B3jMEQQQbXcbnOwdJA9paEhvu6hzId/R43jlAAAAGV2/YuNAAABAMA -RjBEAiBan5/3DyMT/vUf3oTJGgTiqEkA/0ag7rJG0jNPqOgFbgIgNE2dWGmeWJSI -V7AQWANir2imuer4XQEJsrkhQoqbhP8wCgYIKoZIzj0EAwMDaQAwZgIxALJf3u7m -MC6yqWkdcjdq0MAyt1nSo2MP+K08WoMDVl11AdOHBD0CljTdsruA7fOn4AIxAKGm -9iRgKy8xZzL9NY7kQ3fva1GJj7DiCMlaEcCMhhiaJFvZ1IHITJy+KPM/QKENQw== +ATAtBgNVHR8EJjAkMCKgIKAehhxodHRwOi8vZTYuYy5sZW5jci5vcmcvMTAuY3Js +MIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcAzPsPaoVxCWX+lZtTzumyfCLphVwN +l422qX5UwP5MDbAAAAGWgLiIuQAABAMASDBGAiEApZBa3aVjSUCMnndzUNkjDKOE +V/Hwb9lHNtTRbESoEN8CIQC88p15F0TPnLkxSZI+iXYdOVvR0xJ/KaW73bQuLGHl +kQB3ABLxTjS9U3JMhAYZw48/ehP457Vih4icbTAFhOvlhiY6AAABloC4kGIAAAQD +AEgwRgIhAJAOz9hKZtFFRz6bjpKyOCoKidhiZrdBVVIWf+tk4yFTAiEAlu5LxPgH +/C+z5Kqe5pxnvGqYB8jsjTQ/nfCsr+ZkQGYwCgYIKoZIzj0EAwMDaAAwZQIwIm9a +Mu/7dhHjJFo5xxZzuPphpdS+GTAqyh8AX+Ti3ifq+I9POAKTqEQLaEiQN4s+AjEA +7QXtc/1IwNaOc0qP679/HLc0jn8OdWkFHxuIS4PjZWB/h12zDz6O8EsdmYAAaepX -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEVzCCAj+gAwIBAgIRALBXPpFzlydw27SHyzpFKzgwDQYJKoZIhvcNAQELBQAw diff --git a/ssl/.ssl/sub-privkey.pem b/ssl/.ssl/sub-privkey.pem index c693a76c3..4e674d45b 100644 --- a/ssl/.ssl/sub-privkey.pem +++ b/ssl/.ssl/sub-privkey.pem @@ -1,5 +1,5 @@ -----BEGIN PRIVATE KEY----- -MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgGHO2rzsNhn7xg/V9 -IkRol4s2YfMXFDUE2tekMxEa1c2hRANCAARe/L/iSDsKOSE8zfRR1NoVoVz8zsRt -BFnD/43djxcx6tGdMK4jxBTkruaPo+Egd2kBkcMl4DEhTB2Bqsp78ej/ +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgw888GEN0kwOhAnHR +mD/DHV90Ss2ItSbYiAVZbzSkzKOhRANCAAQRS6m0TXJBhtGJylcgVzSmmTvnxXhw +pAj6hfwPkniNiVhk5nllWHtd271tOFMBZDdLwwScoPy0rnEv3+eL//PG -----END PRIVATE KEY----- diff --git a/vendor/cel.dev/expr/MODULE.bazel b/vendor/cel.dev/expr/MODULE.bazel index c0a631316..85ac9ff61 100644 --- a/vendor/cel.dev/expr/MODULE.bazel +++ b/vendor/cel.dev/expr/MODULE.bazel @@ -8,7 +8,7 @@ bazel_dep( ) bazel_dep( name = "gazelle", - version = "0.36.0", + version = "0.39.1", repo_name = "bazel_gazelle", ) bazel_dep( @@ -35,11 +35,11 @@ bazel_dep( ) bazel_dep( name = "rules_cc", - version = "0.0.9", + version = "0.0.17", ) bazel_dep( name = "rules_go", - version = "0.50.1", + version = "0.53.0", repo_name = "io_bazel_rules_go", ) bazel_dep( @@ -48,7 +48,7 @@ bazel_dep( ) bazel_dep( name = "rules_proto", - version = "6.0.0", + version = "7.0.2", ) bazel_dep( name = "rules_python", @@ -63,7 +63,7 @@ python.toolchain( ) go_sdk = use_extension("@io_bazel_rules_go//go:extensions.bzl", "go_sdk") -go_sdk.download(version = "1.21.1") +go_sdk.download(version = "1.22.0") go_deps = use_extension("@bazel_gazelle//:extensions.bzl", "go_deps") go_deps.from_file(go_mod = "//:go.mod") diff --git a/vendor/cloud.google.com/go/auth/CHANGES.md b/vendor/cloud.google.com/go/auth/CHANGES.md index 500c34cf4..fd6f06233 100644 --- a/vendor/cloud.google.com/go/auth/CHANGES.md +++ b/vendor/cloud.google.com/go/auth/CHANGES.md @@ -1,5 +1,26 @@ # Changelog +## [0.16.1](https://github.com/googleapis/google-cloud-go/compare/auth/v0.16.0...auth/v0.16.1) (2025-04-23) + + +### Bug Fixes + +* **auth:** Clone detectopts before assigning TokenBindingType ([#11881](https://github.com/googleapis/google-cloud-go/issues/11881)) ([2167b02](https://github.com/googleapis/google-cloud-go/commit/2167b020fdc43b517c2b6ecca264a10e357ea035)) + +## [0.16.0](https://github.com/googleapis/google-cloud-go/compare/auth/v0.15.0...auth/v0.16.0) (2025-04-14) + + +### Features + +* **auth/credentials:** Return X.509 certificate chain as subject token ([#11948](https://github.com/googleapis/google-cloud-go/issues/11948)) ([d445a3f](https://github.com/googleapis/google-cloud-go/commit/d445a3f66272ffd5c39c4939af9bebad4582631c)), refs [#11757](https://github.com/googleapis/google-cloud-go/issues/11757) +* **auth:** Configure DirectPath bound credentials from AllowedHardBoundTokens ([#11665](https://github.com/googleapis/google-cloud-go/issues/11665)) ([0fc40bc](https://github.com/googleapis/google-cloud-go/commit/0fc40bcf4e4673704df0973e9fa65957395d7bb4)) + + +### Bug Fixes + +* **auth:** Allow non-default SA credentials for DP ([#11828](https://github.com/googleapis/google-cloud-go/issues/11828)) ([3a996b4](https://github.com/googleapis/google-cloud-go/commit/3a996b4129e6d0a34dfda6671f535d5aefb26a82)) +* **auth:** Restore calling DialContext ([#11930](https://github.com/googleapis/google-cloud-go/issues/11930)) ([9ec9a29](https://github.com/googleapis/google-cloud-go/commit/9ec9a29494e93197edbaf45aba28984801e9770a)), refs [#11118](https://github.com/googleapis/google-cloud-go/issues/11118) + ## [0.15.0](https://github.com/googleapis/google-cloud-go/compare/auth/v0.14.1...auth/v0.15.0) (2025-02-19) diff --git a/vendor/cloud.google.com/go/auth/credentials/internal/externalaccount/externalaccount.go b/vendor/cloud.google.com/go/auth/credentials/internal/externalaccount/externalaccount.go index a82206423..f4f49f175 100644 --- a/vendor/cloud.google.com/go/auth/credentials/internal/externalaccount/externalaccount.go +++ b/vendor/cloud.google.com/go/auth/credentials/internal/externalaccount/externalaccount.go @@ -413,7 +413,10 @@ func newSubjectTokenProvider(o *Options) (subjectTokenProvider, error) { if cert.UseDefaultCertificateConfig && cert.CertificateConfigLocation != "" { return nil, errors.New("credentials: \"certificate\" object cannot specify both a certificate_config_location and use_default_certificate_config=true") } - return &x509Provider{}, nil + return &x509Provider{ + TrustChainPath: o.CredentialSource.Certificate.TrustChainPath, + ConfigFilePath: o.CredentialSource.Certificate.CertificateConfigLocation, + }, nil } return nil, errors.New("credentials: unable to parse credential source") } diff --git a/vendor/cloud.google.com/go/auth/credentials/internal/externalaccount/x509_provider.go b/vendor/cloud.google.com/go/auth/credentials/internal/externalaccount/x509_provider.go index 115df5881..d86ca593c 100644 --- a/vendor/cloud.google.com/go/auth/credentials/internal/externalaccount/x509_provider.go +++ b/vendor/cloud.google.com/go/auth/credentials/internal/externalaccount/x509_provider.go @@ -17,27 +17,184 @@ package externalaccount import ( "context" "crypto/tls" + "crypto/x509" + "encoding/base64" + "encoding/json" + "encoding/pem" + "errors" + "fmt" + "io/fs" "net/http" + "os" + "strings" "time" "cloud.google.com/go/auth/internal/transport/cert" ) -// x509Provider implements the subjectTokenProvider type for -// x509 workload identity credentials. Because x509 credentials -// rely on an mTLS connection to represent the 3rd party identity -// rather than a subject token, this provider will always return -// an empty string when a subject token is requested by the external account -// token provider. +// x509Provider implements the subjectTokenProvider type for x509 workload +// identity credentials. This provider retrieves and formats a JSON array +// containing the leaf certificate and trust chain (if provided) as +// base64-encoded strings. This JSON array serves as the subject token for +// mTLS authentication. type x509Provider struct { + // TrustChainPath is the path to the file containing the trust chain certificates. + // The file should contain one or more PEM-encoded certificates. + TrustChainPath string + // ConfigFilePath is the path to the configuration file containing the path + // to the leaf certificate file. + ConfigFilePath string } +const pemCertificateHeader = "-----BEGIN CERTIFICATE-----" + func (xp *x509Provider) providerType() string { return x509ProviderType } -func (xp *x509Provider) subjectToken(ctx context.Context) (string, error) { - return "", nil +// loadLeafCertificate loads and parses the leaf certificate from the specified +// configuration file. It retrieves the certificate path from the config file, +// reads the certificate file, and parses the certificate data. +func loadLeafCertificate(configFilePath string) (*x509.Certificate, error) { + // Get the path to the certificate file from the configuration file. + path, err := cert.GetCertificatePath(configFilePath) + if err != nil { + return nil, fmt.Errorf("failed to get certificate path from config file: %w", err) + } + leafCertBytes, err := os.ReadFile(path) + if err != nil { + return nil, fmt.Errorf("failed to read leaf certificate file: %w", err) + } + // Parse the certificate bytes. + return parseCertificate(leafCertBytes) +} + +// encodeCert encodes a x509.Certificate to a base64 string. +func encodeCert(cert *x509.Certificate) string { + // cert.Raw contains the raw DER-encoded certificate. Encode the raw certificate bytes to base64. + return base64.StdEncoding.EncodeToString(cert.Raw) +} + +// parseCertificate parses a PEM-encoded certificate from the given byte slice. +func parseCertificate(certData []byte) (*x509.Certificate, error) { + if len(certData) == 0 { + return nil, errors.New("invalid certificate data: empty input") + } + // Decode the PEM-encoded data. + block, _ := pem.Decode(certData) + if block == nil { + return nil, errors.New("invalid PEM-encoded certificate data: no PEM block found") + } + if block.Type != "CERTIFICATE" { + return nil, fmt.Errorf("invalid PEM-encoded certificate data: expected CERTIFICATE block type, got %s", block.Type) + } + // Parse the DER-encoded certificate. + certificate, err := x509.ParseCertificate(block.Bytes) + if err != nil { + return nil, fmt.Errorf("failed to parse certificate: %w", err) + } + return certificate, nil +} + +// readTrustChain reads a file of PEM-encoded X.509 certificates and returns a slice of parsed certificates. +// It splits the file content into PEM certificate blocks and parses each one. +func readTrustChain(trustChainPath string) ([]*x509.Certificate, error) { + certificateTrustChain := []*x509.Certificate{} + + // If no trust chain path is provided, return an empty slice. + if trustChainPath == "" { + return certificateTrustChain, nil + } + + // Read the trust chain file. + trustChainData, err := os.ReadFile(trustChainPath) + if err != nil { + if errors.Is(err, fs.ErrNotExist) { + return nil, fmt.Errorf("trust chain file not found: %w", err) + } + return nil, fmt.Errorf("failed to read trust chain file: %w", err) + } + + // Split the file content into PEM certificate blocks. + certBlocks := strings.Split(string(trustChainData), pemCertificateHeader) + + // Iterate over each certificate block. + for _, certBlock := range certBlocks { + // Trim whitespace from the block. + certBlock = strings.TrimSpace(certBlock) + + if certBlock != "" { + // Add the PEM header to the block. + certData := pemCertificateHeader + "\n" + certBlock + + // Parse the certificate data. + cert, err := parseCertificate([]byte(certData)) + if err != nil { + return nil, fmt.Errorf("error parsing certificate from trust chain file: %w", err) + } + + // Append the certificate to the trust chain. + certificateTrustChain = append(certificateTrustChain, cert) + } + } + + return certificateTrustChain, nil +} + +// subjectToken retrieves the X.509 subject token. It loads the leaf +// certificate and, if a trust chain path is configured, the trust chain +// certificates. It then constructs a JSON array containing the base64-encoded +// leaf certificate and each base64-encoded certificate in the trust chain. +// The leaf certificate must be at the top of the trust chain file. This JSON +// array is used as the subject token for mTLS authentication. +func (xp *x509Provider) subjectToken(context.Context) (string, error) { + // Load the leaf certificate. + leafCert, err := loadLeafCertificate(xp.ConfigFilePath) + if err != nil { + return "", fmt.Errorf("failed to load leaf certificate: %w", err) + } + + // Read the trust chain. + trustChain, err := readTrustChain(xp.TrustChainPath) + if err != nil { + return "", fmt.Errorf("failed to read trust chain: %w", err) + } + + // Initialize the certificate chain with the leaf certificate. + certChain := []string{encodeCert(leafCert)} + + // If there is a trust chain, add certificates to the certificate chain. + if len(trustChain) > 0 { + firstCert := encodeCert(trustChain[0]) + + // If the first certificate in the trust chain is not the same as the leaf certificate, add it to the chain. + if firstCert != certChain[0] { + certChain = append(certChain, firstCert) + } + + // Iterate over the remaining certificates in the trust chain. + for i := 1; i < len(trustChain); i++ { + encoded := encodeCert(trustChain[i]) + + // Return an error if the current certificate is the same as the leaf certificate. + if encoded == certChain[0] { + return "", errors.New("the leaf certificate must be at the top of the trust chain file") + } + + // Add the current certificate to the chain. + certChain = append(certChain, encoded) + } + } + + // Convert the certificate chain to a JSON array of base64-encoded strings. + jsonChain, err := json.Marshal(certChain) + if err != nil { + return "", fmt.Errorf("failed to format certificate data: %w", err) + } + + // Return the JSON-formatted certificate chain. + return string(jsonChain), nil + } // createX509Client creates a new client that is configured with mTLS, using the diff --git a/vendor/cloud.google.com/go/auth/grpctransport/directpath.go b/vendor/cloud.google.com/go/auth/grpctransport/directpath.go index d781c3e49..db487b7e5 100644 --- a/vendor/cloud.google.com/go/auth/grpctransport/directpath.go +++ b/vendor/cloud.google.com/go/auth/grpctransport/directpath.go @@ -22,6 +22,7 @@ import ( "strings" "cloud.google.com/go/auth" + "cloud.google.com/go/auth/credentials" "cloud.google.com/go/auth/internal/compute" "google.golang.org/grpc" grpcgoogle "google.golang.org/grpc/credentials/google" @@ -55,7 +56,7 @@ func checkDirectPathEndPoint(endpoint string) bool { return true } -func isTokenProviderDirectPathCompatible(tp auth.TokenProvider, o *Options) bool { +func isTokenProviderComputeEngine(tp auth.TokenProvider) bool { if tp == nil { return false } @@ -69,15 +70,22 @@ func isTokenProviderDirectPathCompatible(tp auth.TokenProvider, o *Options) bool if tok.MetadataString("auth.google.tokenSource") != "compute-metadata" { return false } - if o.InternalOptions != nil && o.InternalOptions.EnableNonDefaultSAForDirectPath { - return true - } if tok.MetadataString("auth.google.serviceAccount") != "default" { return false } return true } +func isTokenProviderDirectPathCompatible(tp auth.TokenProvider, o *Options) bool { + if tp == nil { + return false + } + if o.InternalOptions != nil && o.InternalOptions.EnableNonDefaultSAForDirectPath { + return true + } + return isTokenProviderComputeEngine(tp) +} + func isDirectPathXdsUsed(o *Options) bool { // Method 1: Enable DirectPath xDS by env; if b, _ := strconv.ParseBool(os.Getenv(enableDirectPathXdsEnvVar)); b { @@ -90,14 +98,33 @@ func isDirectPathXdsUsed(o *Options) bool { return false } +func isDirectPathBoundTokenEnabled(opts *InternalOptions) bool { + for _, ev := range opts.AllowHardBoundTokens { + if ev == "ALTS" { + return true + } + } + return false +} + // configureDirectPath returns some dial options and an endpoint to use if the // configuration allows the use of direct path. If it does not the provided // grpcOpts and endpoint are returned. -func configureDirectPath(grpcOpts []grpc.DialOption, opts *Options, endpoint string, creds *auth.Credentials) ([]grpc.DialOption, string) { +func configureDirectPath(grpcOpts []grpc.DialOption, opts *Options, endpoint string, creds *auth.Credentials) ([]grpc.DialOption, string, error) { if isDirectPathEnabled(endpoint, opts) && compute.OnComputeEngine() && isTokenProviderDirectPathCompatible(creds, opts) { // Overwrite all of the previously specific DialOptions, DirectPath uses its own set of credentials and certificates. + defaultCredetialsOptions := grpcgoogle.DefaultCredentialsOptions{PerRPCCreds: &grpcCredentialsProvider{creds: creds}} + if isDirectPathBoundTokenEnabled(opts.InternalOptions) && isTokenProviderComputeEngine(creds) { + optsClone := opts.resolveDetectOptions() + optsClone.TokenBindingType = credentials.ALTSHardBinding + altsCreds, err := credentials.DetectDefault(optsClone) + if err != nil { + return nil, "", err + } + defaultCredetialsOptions.ALTSPerRPCCreds = &grpcCredentialsProvider{creds: altsCreds} + } grpcOpts = []grpc.DialOption{ - grpc.WithCredentialsBundle(grpcgoogle.NewDefaultCredentialsWithOptions(grpcgoogle.DefaultCredentialsOptions{PerRPCCreds: &grpcCredentialsProvider{creds: creds}}))} + grpc.WithCredentialsBundle(grpcgoogle.NewDefaultCredentialsWithOptions(defaultCredetialsOptions))} if timeoutDialerOption != nil { grpcOpts = append(grpcOpts, timeoutDialerOption) } @@ -122,5 +149,5 @@ func configureDirectPath(grpcOpts []grpc.DialOption, opts *Options, endpoint str } // TODO: add support for system parameters (quota project, request reason) via chained interceptor. } - return grpcOpts, endpoint + return grpcOpts, endpoint, nil } diff --git a/vendor/cloud.google.com/go/auth/grpctransport/grpctransport.go b/vendor/cloud.google.com/go/auth/grpctransport/grpctransport.go index 4610a4855..834aef41c 100644 --- a/vendor/cloud.google.com/go/auth/grpctransport/grpctransport.go +++ b/vendor/cloud.google.com/go/auth/grpctransport/grpctransport.go @@ -304,17 +304,18 @@ func dial(ctx context.Context, secure bool, opts *Options) (*grpc.ClientConn, er // This condition is only met for non-DirectPath clients because // TransportTypeMTLSS2A is used only when InternalOptions.EnableDirectPath // is false. + optsClone := opts.resolveDetectOptions() if transportCreds.TransportType == transport.TransportTypeMTLSS2A { // Check that the client allows requesting hard-bound token for the transport type mTLS using S2A. for _, ev := range opts.InternalOptions.AllowHardBoundTokens { if ev == "MTLS_S2A" { - opts.DetectOpts.TokenBindingType = credentials.MTLSHardBinding + optsClone.TokenBindingType = credentials.MTLSHardBinding break } } } var err error - creds, err = credentials.DetectDefault(opts.resolveDetectOptions()) + creds, err = credentials.DetectDefault(optsClone) if err != nil { return nil, err } @@ -341,7 +342,10 @@ func dial(ctx context.Context, secure bool, opts *Options) (*grpc.ClientConn, er }), ) // Attempt Direct Path - grpcOpts, transportCreds.Endpoint = configureDirectPath(grpcOpts, opts, transportCreds.Endpoint, creds) + grpcOpts, transportCreds.Endpoint, err = configureDirectPath(grpcOpts, opts, transportCreds.Endpoint, creds) + if err != nil { + return nil, err + } } // Add tracing, but before the other options, so that clients can override the @@ -350,7 +354,7 @@ func dial(ctx context.Context, secure bool, opts *Options) (*grpc.ClientConn, er grpcOpts = addOpenTelemetryStatsHandler(grpcOpts, opts) grpcOpts = append(grpcOpts, opts.GRPCDialOpts...) - return grpc.Dial(transportCreds.Endpoint, grpcOpts...) + return grpc.DialContext(ctx, transportCreds.Endpoint, grpcOpts...) } // grpcKeyProvider satisfies https://pkg.go.dev/google.golang.org/grpc/credentials#PerRPCCredentials. diff --git a/vendor/cloud.google.com/go/auth/internal/credsfile/filetype.go b/vendor/cloud.google.com/go/auth/internal/credsfile/filetype.go index 3be6e5bbb..606347304 100644 --- a/vendor/cloud.google.com/go/auth/internal/credsfile/filetype.go +++ b/vendor/cloud.google.com/go/auth/internal/credsfile/filetype.go @@ -127,6 +127,7 @@ type ExecutableConfig struct { type CertificateConfig struct { UseDefaultCertificateConfig bool `json:"use_default_certificate_config"` CertificateConfigLocation string `json:"certificate_config_location"` + TrustChainPath string `json:"trust_chain_path"` } // ServiceAccountImpersonationInfo has impersonation configuration. diff --git a/vendor/cloud.google.com/go/auth/internal/transport/cert/workload_cert.go b/vendor/cloud.google.com/go/auth/internal/transport/cert/workload_cert.go index 347aaced7..b2a3be23c 100644 --- a/vendor/cloud.google.com/go/auth/internal/transport/cert/workload_cert.go +++ b/vendor/cloud.google.com/go/auth/internal/transport/cert/workload_cert.go @@ -37,6 +37,36 @@ type certificateConfig struct { CertConfigs certConfigs `json:"cert_configs"` } +// getconfigFilePath determines the path to the certificate configuration file. +// It first checks for the presence of an environment variable that specifies +// the file path. If the environment variable is not set, it falls back to +// a default configuration file path. +func getconfigFilePath() string { + envFilePath := util.GetConfigFilePathFromEnv() + if envFilePath != "" { + return envFilePath + } + return util.GetDefaultConfigFilePath() + +} + +// GetCertificatePath retrieves the certificate file path from the provided +// configuration file. If the configFilePath is empty, it attempts to load +// the configuration from a well-known gcloud location. +// This function is exposed to allow other packages, such as the +// externalaccount package, to retrieve the certificate path without needing +// to load the entire certificate configuration. +func GetCertificatePath(configFilePath string) (string, error) { + if configFilePath == "" { + configFilePath = getconfigFilePath() + } + certFile, _, err := getCertAndKeyFiles(configFilePath) + if err != nil { + return "", err + } + return certFile, nil +} + // NewWorkloadX509CertProvider creates a certificate source // that reads a certificate and private key file from the local file system. // This is intended to be used for workload identity federation. @@ -47,14 +77,8 @@ type certificateConfig struct { // a well-known gcloud location. func NewWorkloadX509CertProvider(configFilePath string) (Provider, error) { if configFilePath == "" { - envFilePath := util.GetConfigFilePathFromEnv() - if envFilePath != "" { - configFilePath = envFilePath - } else { - configFilePath = util.GetDefaultConfigFilePath() - } + configFilePath = getconfigFilePath() } - certFile, keyFile, err := getCertAndKeyFiles(configFilePath) if err != nil { return nil, err diff --git a/vendor/cloud.google.com/go/iam/CHANGES.md b/vendor/cloud.google.com/go/iam/CHANGES.md index e2c753f54..7839f3b89 100644 --- a/vendor/cloud.google.com/go/iam/CHANGES.md +++ b/vendor/cloud.google.com/go/iam/CHANGES.md @@ -1,6 +1,29 @@ # Changes +## [1.5.2](https://github.com/googleapis/google-cloud-go/compare/iam/v1.5.1...iam/v1.5.2) (2025-04-15) + + +### Bug Fixes + +* **iam:** Update google.golang.org/api to 0.229.0 ([3319672](https://github.com/googleapis/google-cloud-go/commit/3319672f3dba84a7150772ccb5433e02dab7e201)) + +## [1.5.1](https://github.com/googleapis/google-cloud-go/compare/iam/v1.5.0...iam/v1.5.1) (2025-04-15) + + +### Documentation + +* **iam:** Formatting update for ListPolicyBindingsRequest ([dfdf404](https://github.com/googleapis/google-cloud-go/commit/dfdf404138728724aa6305c5c465ecc6fe5b1264)) +* **iam:** Minor doc update for ListPrincipalAccessBoundaryPoliciesResponse ([20f762c](https://github.com/googleapis/google-cloud-go/commit/20f762c528726a3f038d3e1f37e8a4952118badf)) +* **iam:** Minor doc update for ListPrincipalAccessBoundaryPoliciesResponse ([20f762c](https://github.com/googleapis/google-cloud-go/commit/20f762c528726a3f038d3e1f37e8a4952118badf)) + +## [1.5.0](https://github.com/googleapis/google-cloud-go/compare/iam/v1.4.2...iam/v1.5.0) (2025-03-31) + + +### Features + +* **iam:** New client(s) ([#11933](https://github.com/googleapis/google-cloud-go/issues/11933)) ([d5cb2e5](https://github.com/googleapis/google-cloud-go/commit/d5cb2e58334c6963cc46885f565fe3b19c52cb63)) + ## [1.4.2](https://github.com/googleapis/google-cloud-go/compare/iam/v1.4.1...iam/v1.4.2) (2025-03-13) diff --git a/vendor/cloud.google.com/go/internal/.repo-metadata-full.json b/vendor/cloud.google.com/go/internal/.repo-metadata-full.json index d72e82329..9dfae7977 100644 --- a/vendor/cloud.google.com/go/internal/.repo-metadata-full.json +++ b/vendor/cloud.google.com/go/internal/.repo-metadata-full.json @@ -1069,16 +1069,6 @@ "release_level": "preview", "library_type": "GAPIC_AUTO" }, - "cloud.google.com/go/debugger/apiv2": { - "api_shortname": "clouddebugger", - "distribution_name": "cloud.google.com/go/debugger/apiv2", - "description": "Stackdriver Debugger API", - "language": "go", - "client_library_type": "generated", - "client_documentation": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/latest/debugger/apiv2", - "release_level": "preview", - "library_type": "GAPIC_AUTO" - }, "cloud.google.com/go/deploy/apiv1": { "api_shortname": "clouddeploy", "distribution_name": "cloud.google.com/go/deploy/apiv1", @@ -1099,6 +1089,16 @@ "release_level": "preview", "library_type": "GAPIC_AUTO" }, + "cloud.google.com/go/devicestreaming/apiv1": { + "api_shortname": "devicestreaming", + "distribution_name": "cloud.google.com/go/devicestreaming/apiv1", + "description": "Device Streaming API", + "language": "go", + "client_library_type": "generated", + "client_documentation": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/devicestreaming/latest/apiv1", + "release_level": "preview", + "library_type": "GAPIC_AUTO" + }, "cloud.google.com/go/dialogflow/apiv2": { "api_shortname": "dialogflow", "distribution_name": "cloud.google.com/go/dialogflow/apiv2", @@ -1459,6 +1459,26 @@ "release_level": "stable", "library_type": "GAPIC_AUTO" }, + "cloud.google.com/go/iam/apiv3": { + "api_shortname": "iam", + "distribution_name": "cloud.google.com/go/iam/apiv3", + "description": "Identity and Access Management (IAM) API", + "language": "go", + "client_library_type": "generated", + "client_documentation": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/iam/latest/apiv3", + "release_level": "preview", + "library_type": "GAPIC_AUTO" + }, + "cloud.google.com/go/iam/apiv3beta": { + "api_shortname": "iam", + "distribution_name": "cloud.google.com/go/iam/apiv3beta", + "description": "Identity and Access Management (IAM) API", + "language": "go", + "client_library_type": "generated", + "client_documentation": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/iam/latest/apiv3beta", + "release_level": "preview", + "library_type": "GAPIC_AUTO" + }, "cloud.google.com/go/iam/credentials/apiv1": { "api_shortname": "iamcredentials", "distribution_name": "cloud.google.com/go/iam/credentials/apiv1", @@ -1599,6 +1619,16 @@ "release_level": "stable", "library_type": "GAPIC_AUTO" }, + "cloud.google.com/go/lustre/apiv1": { + "api_shortname": "lustre", + "distribution_name": "cloud.google.com/go/lustre/apiv1", + "description": "Google Cloud Managed Lustre API", + "language": "go", + "client_library_type": "generated", + "client_documentation": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/lustre/latest/apiv1", + "release_level": "preview", + "library_type": "GAPIC_AUTO" + }, "cloud.google.com/go/managedidentities/apiv1": { "api_shortname": "managedidentities", "distribution_name": "cloud.google.com/go/managedidentities/apiv1", @@ -1632,7 +1662,7 @@ "cloud.google.com/go/maps/areainsights/apiv1": { "api_shortname": "areainsights", "distribution_name": "cloud.google.com/go/maps/areainsights/apiv1", - "description": "Places Insights API", + "description": "Places Aggregate API", "language": "go", "client_library_type": "generated", "client_documentation": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/maps/latest/areainsights/apiv1", @@ -2139,13 +2169,13 @@ "release_level": "stable", "library_type": "GAPIC_MANUAL" }, - "cloud.google.com/go/pubsub/apiv1": { + "cloud.google.com/go/pubsub/v2/apiv1": { "api_shortname": "pubsub", - "distribution_name": "cloud.google.com/go/pubsub/apiv1", + "distribution_name": "cloud.google.com/go/pubsub/v2/apiv1", "description": "Cloud Pub/Sub API", "language": "go", "client_library_type": "generated", - "client_documentation": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/pubsub/latest/apiv1", + "client_documentation": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/pubsub/latest/v2/apiv1", "release_level": "stable", "library_type": "GAPIC_AUTO" }, @@ -2282,7 +2312,7 @@ "cloud.google.com/go/retail/apiv2": { "api_shortname": "retail", "distribution_name": "cloud.google.com/go/retail/apiv2", - "description": "Vertex AI Search for Retail API", + "description": "Vertex AI Search for commerce API", "language": "go", "client_library_type": "generated", "client_documentation": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/retail/latest/apiv2", @@ -2292,7 +2322,7 @@ "cloud.google.com/go/retail/apiv2alpha": { "api_shortname": "retail", "distribution_name": "cloud.google.com/go/retail/apiv2alpha", - "description": "Vertex AI Search for Retail API", + "description": "Vertex AI Search for commerce API", "language": "go", "client_library_type": "generated", "client_documentation": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/retail/latest/apiv2alpha", @@ -2302,7 +2332,7 @@ "cloud.google.com/go/retail/apiv2beta": { "api_shortname": "retail", "distribution_name": "cloud.google.com/go/retail/apiv2beta", - "description": "Vertex AI Search for Retail API", + "description": "Vertex AI Search for commerce API", "language": "go", "client_library_type": "generated", "client_documentation": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/retail/latest/apiv2beta", @@ -2599,6 +2629,16 @@ "release_level": "preview", "library_type": "GAPIC_AUTO" }, + "cloud.google.com/go/shopping/merchant/issueresolution/apiv1beta": { + "api_shortname": "merchantapi", + "distribution_name": "cloud.google.com/go/shopping/merchant/issueresolution/apiv1beta", + "description": "Merchant API", + "language": "go", + "client_library_type": "generated", + "client_documentation": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/shopping/latest/merchant/issueresolution/apiv1beta", + "release_level": "preview", + "library_type": "GAPIC_AUTO" + }, "cloud.google.com/go/shopping/merchant/lfp/apiv1beta": { "api_shortname": "merchantapi", "distribution_name": "cloud.google.com/go/shopping/merchant/lfp/apiv1beta", @@ -2619,6 +2659,16 @@ "release_level": "preview", "library_type": "GAPIC_AUTO" }, + "cloud.google.com/go/shopping/merchant/ordertracking/apiv1beta": { + "api_shortname": "merchantapi", + "distribution_name": "cloud.google.com/go/shopping/merchant/ordertracking/apiv1beta", + "description": "Merchant API", + "language": "go", + "client_library_type": "generated", + "client_documentation": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/shopping/latest/merchant/ordertracking/apiv1beta", + "release_level": "preview", + "library_type": "GAPIC_AUTO" + }, "cloud.google.com/go/shopping/merchant/products/apiv1beta": { "api_shortname": "merchantapi", "distribution_name": "cloud.google.com/go/shopping/merchant/products/apiv1beta", @@ -2679,6 +2729,16 @@ "release_level": "stable", "library_type": "GAPIC_MANUAL" }, + "cloud.google.com/go/spanner/adapter/apiv1": { + "api_shortname": "spanner", + "distribution_name": "cloud.google.com/go/spanner/adapter/apiv1", + "description": "Cloud Spanner API", + "language": "go", + "client_library_type": "generated", + "client_documentation": "https://cloud.google.com/go/docs/reference/cloud.google.com/go/spanner/latest/adapter/apiv1", + "release_level": "preview", + "library_type": "GAPIC_AUTO" + }, "cloud.google.com/go/spanner/admin/database/apiv1": { "api_shortname": "spanner", "distribution_name": "cloud.google.com/go/spanner/admin/database/apiv1", diff --git a/vendor/cloud.google.com/go/monitoring/internal/version.go b/vendor/cloud.google.com/go/monitoring/internal/version.go index 3e6c62c92..e199c1168 100644 --- a/vendor/cloud.google.com/go/monitoring/internal/version.go +++ b/vendor/cloud.google.com/go/monitoring/internal/version.go @@ -15,4 +15,4 @@ package internal // Version is the current tagged release of the library. -const Version = "1.24.1" +const Version = "1.24.2" diff --git a/vendor/cloud.google.com/go/storage/CHANGES.md b/vendor/cloud.google.com/go/storage/CHANGES.md index f04efaaa6..cc0452c6a 100644 --- a/vendor/cloud.google.com/go/storage/CHANGES.md +++ b/vendor/cloud.google.com/go/storage/CHANGES.md @@ -1,6 +1,50 @@ # Changes +## [1.53.0](https://github.com/googleapis/google-cloud-go/compare/storage/v1.52.0...storage/v1.53.0) (2025-05-02) + + +### Features + +* **storage/control:** Add Anywhere cache control APIs ([83ae06c](https://github.com/googleapis/google-cloud-go/commit/83ae06c3ec7d190e38856ba4cfd8a13f08356b4d)) + + +### Bug Fixes + +* **storage:** Fix append edge cases ([#12074](https://github.com/googleapis/google-cloud-go/issues/12074)) ([0eee1f9](https://github.com/googleapis/google-cloud-go/commit/0eee1f99a7dc0d1bfc36fa43d78933cae47962ee)) +* **storage:** Fix retries for redirection errors. ([#12093](https://github.com/googleapis/google-cloud-go/issues/12093)) ([3e177e7](https://github.com/googleapis/google-cloud-go/commit/3e177e755f5bf6aa96e8712cc4adcba7eb6f04f6)) +* **storage:** Handle gRPC deadlines in tests. ([#12092](https://github.com/googleapis/google-cloud-go/issues/12092)) ([30b7cd2](https://github.com/googleapis/google-cloud-go/commit/30b7cd27771ccbd49b70ee106da36362ba8f1e87)) +* **storage:** Update offset on resumable upload retry ([#12086](https://github.com/googleapis/google-cloud-go/issues/12086)) ([6ce8fe5](https://github.com/googleapis/google-cloud-go/commit/6ce8fe5aec0ec7916eda4d1405cab5f5f65a5de8)) +* **storage:** Validate Bidi option for MRD ([#12033](https://github.com/googleapis/google-cloud-go/issues/12033)) ([d9018cf](https://github.com/googleapis/google-cloud-go/commit/d9018cf640a9ac25e2b23b75b3bcfa734379ab09)) + + +### Documentation + +* **storage/control:** Added comments for Anywhere cache messages ([83ae06c](https://github.com/googleapis/google-cloud-go/commit/83ae06c3ec7d190e38856ba4cfd8a13f08356b4d)) + +## [1.52.0](https://github.com/googleapis/google-cloud-go/compare/storage/v1.51.0...storage/v1.52.0) (2025-04-22) + + +### Features + +* **storage/control:** Add Anywhere cache control APIs ([#11807](https://github.com/googleapis/google-cloud-go/issues/11807)) ([12bfa98](https://github.com/googleapis/google-cloud-go/commit/12bfa984f87099dbfbd5abf3436e440e62b04bad)) +* **storage:** Add CurrentState function to determine state of stream in MRD ([#11688](https://github.com/googleapis/google-cloud-go/issues/11688)) ([14e8e13](https://github.com/googleapis/google-cloud-go/commit/14e8e132d9d5808d1ca789792e7e39f0857991da)) +* **storage:** Add OwnerEntity to bucketAttrs ([#11857](https://github.com/googleapis/google-cloud-go/issues/11857)) ([4cd4a0c](https://github.com/googleapis/google-cloud-go/commit/4cd4a0ca1f6132ea6ed9df7b27310a3238a9c3fd)) +* **storage:** Takeover appendable object ([#11977](https://github.com/googleapis/google-cloud-go/issues/11977)) ([513b937](https://github.com/googleapis/google-cloud-go/commit/513b937420b945c4a76e20711f305c6ad8a77812)) +* **storage:** Unfinalized appendable objects. ([#11647](https://github.com/googleapis/google-cloud-go/issues/11647)) ([52c0218](https://github.com/googleapis/google-cloud-go/commit/52c02183fabf43fcba3893f493140ac28a7836d1)) + + +### Bug Fixes + +* **storage:** Fix Attrs for append takeover ([#11989](https://github.com/googleapis/google-cloud-go/issues/11989)) ([6db35b1](https://github.com/googleapis/google-cloud-go/commit/6db35b10567b7f1463bfef722b0fd72257190ee7)) +* **storage:** Fix panic when Flush called early ([#11934](https://github.com/googleapis/google-cloud-go/issues/11934)) ([7d0b8a7](https://github.com/googleapis/google-cloud-go/commit/7d0b8a75ae55731ae765c01f24920f9f11038f44)) +* **storage:** Fix unfinalized write size ([#12016](https://github.com/googleapis/google-cloud-go/issues/12016)) ([6217f8f](https://github.com/googleapis/google-cloud-go/commit/6217f8fd3cd8680a7e6b7b46fc9b7bda6ee6292e)) +* **storage:** Force first message on next sendBuffer when nothing sent on current ([#11871](https://github.com/googleapis/google-cloud-go/issues/11871)) ([a1a2292](https://github.com/googleapis/google-cloud-go/commit/a1a22927d6a4399e7392787bccb9707bc9e8f149)) +* **storage:** Populate Writer.Attrs after Flush() ([#12021](https://github.com/googleapis/google-cloud-go/issues/12021)) ([8e56f74](https://github.com/googleapis/google-cloud-go/commit/8e56f745e7f2175660838f96c1a12a46841cac40)) +* **storage:** Remove check for FinalizeOnClose ([#11992](https://github.com/googleapis/google-cloud-go/issues/11992)) ([2664b8c](https://github.com/googleapis/google-cloud-go/commit/2664b8cec00a606001184cb17c074fd0e79e66b8)) +* **storage:** Wrap read response parsing errors ([#11951](https://github.com/googleapis/google-cloud-go/issues/11951)) ([d2e6583](https://github.com/googleapis/google-cloud-go/commit/d2e658387b80ec8a3e41e048a9d520b8dd13dd00)) + + ## [1.51.0](https://github.com/googleapis/google-cloud-go/compare/storage/v1.50.0...storage/v1.51.0) (2025-03-07) diff --git a/vendor/cloud.google.com/go/storage/bucket.go b/vendor/cloud.google.com/go/storage/bucket.go index 6c14b3a18..c2934a8c4 100644 --- a/vendor/cloud.google.com/go/storage/bucket.go +++ b/vendor/cloud.google.com/go/storage/bucket.go @@ -514,6 +514,9 @@ type BucketAttrs struct { // It cannot be modified after bucket creation time. // UniformBucketLevelAccess must also also be enabled on the bucket. HierarchicalNamespace *HierarchicalNamespace + + // OwnerEntity contains entity information in the form "project-owner-projectId". + OwnerEntity string } // BucketPolicyOnly is an alias for UniformBucketLevelAccess. @@ -864,6 +867,7 @@ func newBucket(b *raw.Bucket) (*BucketAttrs, error) { Autoclass: toAutoclassFromRaw(b.Autoclass), SoftDeletePolicy: toSoftDeletePolicyFromRaw(b.SoftDeletePolicy), HierarchicalNamespace: toHierarchicalNamespaceFromRaw(b.HierarchicalNamespace), + OwnerEntity: ownerEntityFromRaw(b.Owner), }, nil } @@ -900,6 +904,7 @@ func newBucketFromProto(b *storagepb.Bucket) *BucketAttrs { Autoclass: toAutoclassFromProto(b.GetAutoclass()), SoftDeletePolicy: toSoftDeletePolicyFromProto(b.SoftDeletePolicy), HierarchicalNamespace: toHierarchicalNamespaceFromProto(b.HierarchicalNamespace), + OwnerEntity: ownerEntityFromProto(b.GetOwner()), } } @@ -2224,6 +2229,20 @@ func toHierarchicalNamespaceFromRaw(r *raw.BucketHierarchicalNamespace) *Hierarc } } +func ownerEntityFromRaw(r *raw.BucketOwner) string { + if r == nil { + return "" + } + return r.Entity +} + +func ownerEntityFromProto(p *storagepb.Owner) string { + if p == nil { + return "" + } + return p.GetEntity() +} + // Objects returns an iterator over the objects in the bucket that match the // Query q. If q is nil, no filtering is done. Objects will be iterated over // lexicographically by name. diff --git a/vendor/cloud.google.com/go/storage/client.go b/vendor/cloud.google.com/go/storage/client.go index 7ce762d5a..4c17b602e 100644 --- a/vendor/cloud.google.com/go/storage/client.go +++ b/vendor/cloud.google.com/go/storage/client.go @@ -257,6 +257,9 @@ type openWriterParams struct { // conds - see `Writer.o.conds`. // Optional. conds *Conditions + // appendGen -- object generation to write to. + // Optional; required for taking over appendable objects only + appendGen int64 // encryptionKey - see `Writer.o.encryptionKey` // Optional. encryptionKey []byte @@ -266,6 +269,10 @@ type openWriterParams struct { // append - Write with appendable object semantics. // Optional. append bool + // finalizeOnClose - Finalize the object when the storage.Writer is closed + // successfully. + // Optional. + finalizeOnClose bool // Writer callbacks @@ -281,11 +288,15 @@ type openWriterParams struct { // setObj callback for reporting the resulting object - see `Writer.obj`. // Required. setObj func(*ObjectAttrs) + // setSize callback for updated the persisted size in Writer.obj. + setSize func(int64) // setFlush callback for providing a Flush function implementation - see `Writer.Flush`. // Required. setFlush func(func() (int64, error)) // setPipeWriter callback for reseting `Writer.pw` if needed. setPipeWriter func(*io.PipeWriter) + // setTakeoverOffset callback for returning offset to start writing from to Writer. + setTakeoverOffset func(int64) } type newMultiRangeDownloaderParams struct { diff --git a/vendor/cloud.google.com/go/storage/doc.go b/vendor/cloud.google.com/go/storage/doc.go index 4fcfb7326..ec801fb54 100644 --- a/vendor/cloud.google.com/go/storage/doc.go +++ b/vendor/cloud.google.com/go/storage/doc.go @@ -333,12 +333,13 @@ to add a [custom audit logging] header: # gRPC API -This package includes support for the Cloud Storage gRPC API. The -implementation uses gRPC rather than the Default -JSON & XML APIs to make requests to Cloud Storage. -The Go Storage gRPC client is generally available. -The Notifications, Serivce Account HMAC -and GetServiceAccount RPCs are not supported through the gRPC client. +This package includes support for the [Cloud Storage gRPC API]. This +implementation uses gRPC rather than the default JSON & XML APIs +to make requests to Cloud Storage. All methods on the [Client] support +the gRPC API, with the exception of [GetServiceAccount], [Notification], +and [HMACKey] methods. + +The Cloud Storage gRPC API is generally available. To create a client which will use gRPC, use the alternate constructor: @@ -349,43 +350,31 @@ To create a client which will use gRPC, use the alternate constructor: } // Use client as usual. -Using the gRPC API inside GCP with a bucket in the same region can allow for -[Direct Connectivity] (enabling requests to skip some proxy steps and reducing -response latency). A warning is emmitted if gRPC is not used within GCP to -warn that Direct Connectivity could not be initialized. Direct Connectivity -is not required to access the gRPC API. +One major advantage of the gRPC API is that it can use [Direct Connectivity], +enabling requests to skip some proxy steps and reducing responce latency. +Requirements to use Direct Connectivity include: + + - Your application must be running inside Google Cloud. + - Your Cloud Storage [bucket location] must overlap with your VM or compute + environment zone. For example, if your VM is in us-east1a, your bucket + must be located in either us-east1 (single region), nam4 (dual region), + or us (multi-region). + - Your client must use service account authentication. + +Additional requirements for Direct Connectivity are documented in the +[Cloud Storage gRPC docs]. Dependencies for the gRPC API may slightly increase the size of binaries for applications depending on this package. If you are not using gRPC, you can use the build tag `disable_grpc_modules` to opt out of these dependencies and reduce the binary size. -The gRPC client emits metrics by default and will export the -gRPC telemetry discussed in [gRFC/66] and [gRFC/78] to -[Google Cloud Monitoring]. The metrics are accessible through Cloud Monitoring -API and you incur no additional cost for publishing the metrics. Google Cloud -Support can use this information to more quickly diagnose problems related to -GCS and gRPC. -Sending this data does not incur any billing charges, and requires minimal -CPU (a single RPC every minute) or memory (a few KiB to batch the -telemetry). - -To access the metrics you can view them through Cloud Monitoring -[metric explorer] with the prefix `storage.googleapis.com/client`. Metrics are emitted -every minute. - -You can disable metrics using the following example when creating a new gRPC -client using [WithDisabledClientMetrics]. - -The metrics exporter uses Cloud Monitoring API which determines -project ID and credentials doing the following: - -* Project ID is determined using OTel Resource Detector for the environment -otherwise it falls back to the project provided by [google.FindCredentials]. - -* Credentials are determined using [Application Default Credentials]. The -principal must have `roles/monitoring.metricWriter` role granted. If not a -logged warning will be emitted. Subsequent are silenced to prevent noisy logs. +The gRPC client is instrumented with Open Telemetry metrics which export to +Cloud Monitoring by default. More information is available in the +[gRPC client-side metrics] documentation, including information about +roles which must be enabled in order to do the export successfully. To +disable this export, you can use the [WithDisabledClientMetrics] client +option. # Storage Control API @@ -394,11 +383,6 @@ and Managed Folder operations) are supported via the autogenerated Storage Contr client, which is available as a subpackage in this module. See package docs at [cloud.google.com/go/storage/control/apiv2] or reference the [Storage Control API] docs. -[Application Default Credentials]: https://cloud.google.com/docs/authentication/application-default-credentials -[google.FindCredentials]: https://pkg.go.dev/golang.org/x/oauth2/google#FindDefaultCredentials -[gRFC/66]: https://github.com/grpc/proposal/blob/master/A66-otel-stats.md -[gRFC/78]: https://github.com/grpc/proposal/blob/master/A78-grpc-metrics-wrr-pf-xds.md -[Google Cloud Monitoring]: https://cloud.google.com/monitoring/docs [Cloud Storage IAM docs]: https://cloud.google.com/storage/docs/access-control/iam [XML POST Object docs]: https://cloud.google.com/storage/docs/xml-api/post-object [Cloud Storage retry docs]: https://cloud.google.com/storage/docs/retry-strategy @@ -408,7 +392,10 @@ client, which is available as a subpackage in this module. See package docs at [IAM Service Account Credentials API]: https://console.developers.google.com/apis/api/iamcredentials.googleapis.com/overview [custom audit logging]: https://cloud.google.com/storage/docs/audit-logging#add-custom-metadata [Storage Control API]: https://cloud.google.com/storage/docs/reference/rpc/google.storage.control.v2 -[metric explorer]: https://console.cloud.google.com/projectselector/monitoring/metrics-explorer +[Cloud Storage gRPC API]: https://cloud.google.com/storage/docs/enable-grpc-api [Direct Connectivity]: https://cloud.google.com/vpc-service-controls/docs/set-up-private-connectivity#direct-connectivity +[bucket location]: https://cloud.google.com/storage/docs/locations +[Cloud Storage gRPC docs]: https://cloud.google.com/storage/docs/enable-grpc-api#limitations +[gRPC client-side metrics]: https://cloud.google.com/storage/docs/client-side-metrics */ package storage // import "cloud.google.com/go/storage" diff --git a/vendor/cloud.google.com/go/storage/grpc_client.go b/vendor/cloud.google.com/go/storage/grpc_client.go index e3f697509..2b0a4b4f9 100644 --- a/vendor/cloud.google.com/go/storage/grpc_client.go +++ b/vendor/cloud.google.com/go/storage/grpc_client.go @@ -22,7 +22,6 @@ import ( "hash/crc32" "io" "log" - "net/url" "os" "sync" @@ -31,7 +30,6 @@ import ( gapic "cloud.google.com/go/storage/internal/apiv2" "cloud.google.com/go/storage/internal/apiv2/storagepb" "github.com/googleapis/gax-go/v2" - "google.golang.org/api/googleapi" "google.golang.org/api/iterator" "google.golang.org/api/option" "google.golang.org/api/option/internaloption" @@ -57,12 +55,6 @@ const ( // This is only used for the gRPC client. defaultConnPoolSize = 1 - // maxPerMessageWriteSize is the maximum amount of content that can be sent - // per WriteObjectRequest message. A buffer reaching this amount will - // precipitate a flush of the buffer. It is only used by the gRPC Writer - // implementation. - maxPerMessageWriteSize int = int(storagepb.ServiceConstants_MAX_WRITE_CHUNK_BYTES) - // globalProjectAlias is the project ID alias used for global buckets. // // This is only used for the gRPC API. @@ -105,6 +97,7 @@ func defaultGRPCOptions() []option.ClientOption { // Only enable DirectPath when the emulator is not being targeted. defaults = append(defaults, internaloption.EnableDirectPath(true), + internaloption.AllowNonDefaultServiceAccount(true), internaloption.EnableDirectPathXds()) } @@ -1061,17 +1054,11 @@ func contextMetadataFromBidiReadObject(req *storagepb.BidiReadObjectRequest) []s return []string{"x-goog-request-params", fmt.Sprintf("bucket=%s", req.GetReadObjectSpec().GetBucket())} } -type rangeSpec struct { - readID int64 - writer io.Writer - offset int64 - limit int64 - currentBytesWritten int64 - totalBytesWritten int64 - callback func(int64, int64, error) -} - func (c *grpcStorageClient) NewMultiRangeDownloader(ctx context.Context, params *newMultiRangeDownloaderParams, opts ...storageOption) (mr *MultiRangeDownloader, err error) { + if !c.config.grpcBidiReads { + return nil, errors.New("storage: MultiRangeDownloader requires the experimental.WithGRPCBidiReads option") + } + ctx = trace.StartSpan(ctx, "cloud.google.com/go/storage.grpcStorageClient.NewMultiRangeDownloader") defer func() { trace.EndSpan(ctx, err) }() s := callSettings(c.settings, opts...) @@ -1082,7 +1069,7 @@ func (c *grpcStorageClient) NewMultiRangeDownloader(ctx context.Context, params b := bucketResourceName(globalProjectAlias, params.bucket) object := params.object - r := &storagepb.BidiReadObjectSpec{ + bidiObject := &storagepb.BidiReadObjectSpec{ Bucket: b, Object: object, CommonObjectRequestParams: toProtoCommonObjectRequestParams(params.encryptionKey), @@ -1090,22 +1077,22 @@ func (c *grpcStorageClient) NewMultiRangeDownloader(ctx context.Context, params // The default is a negative value, which means latest. if params.gen >= 0 { - r.Generation = params.gen + bidiObject.Generation = params.gen } if params.handle != nil && len(*params.handle) != 0 { - r.ReadHandle = &storagepb.BidiReadHandle{ + bidiObject.ReadHandle = &storagepb.BidiReadHandle{ Handle: *params.handle, } } req := &storagepb.BidiReadObjectRequest{ - ReadObjectSpec: r, + ReadObjectSpec: bidiObject, } ctx = gax.InsertMetadataIntoOutgoingContext(ctx, contextMetadataFromBidiReadObject(req)...) openStream := func(readHandle ReadHandle) (*bidiReadStreamResponse, context.CancelFunc, error) { - if err := applyCondsProto("grpcStorageClient.BidiReadObject", params.gen, params.conds, r); err != nil { + if err := applyCondsProto("grpcStorageClient.BidiReadObject", params.gen, params.conds, bidiObject); err != nil { return nil, nil, err } if len(readHandle) != 0 { @@ -1125,9 +1112,9 @@ func (c *grpcStorageClient) NewMultiRangeDownloader(ctx context.Context, params details := rpcStatus.Details() for _, detail := range details { if bidiError, ok := detail.(*storagepb.BidiReadObjectRedirectedError); ok { - r.ReadHandle = bidiError.ReadHandle - r.RoutingToken = bidiError.RoutingToken - req.ReadObjectSpec = r + bidiObject.ReadHandle = bidiError.ReadHandle + bidiObject.RoutingToken = bidiError.RoutingToken + req.ReadObjectSpec = bidiObject ctx = gax.InsertMetadataIntoOutgoingContext(ctx, contextMetadataFromBidiReadObject(req)...) } } @@ -1167,58 +1154,58 @@ func (c *grpcStorageClient) NewMultiRangeDownloader(ctx context.Context, params // This is the size of the entire object, even if only a range was requested. size := obj.GetSize() - rr := &gRPCBidiReader{ + mrd := &gRPCBidiReader{ stream: resp.stream, cancel: cancel, settings: s, readHandle: msg.GetReadHandle().GetHandle(), - readID: 1, + readIDGenerator: &readIDGenerator{}, reopen: openStream, - readSpec: r, - data: make(chan []rangeSpec, 100), + readSpec: bidiObject, + rangesToRead: make(chan []mrdRange, 100), ctx: ctx, closeReceiver: make(chan bool, 10), - closeManager: make(chan bool, 10), - managerRetry: make(chan bool), // create unbuffered channel for closing the streamManager goroutine. + closeSender: make(chan bool, 10), + senderRetry: make(chan bool), // create unbuffered channel for closing the streamManager goroutine. receiverRetry: make(chan bool), // create unbuffered channel for closing the streamReceiver goroutine. - mp: make(map[int64]rangeSpec), + activeRanges: make(map[int64]mrdRange), done: false, - activeTask: 0, + numActiveRanges: 0, streamRecreation: false, } - // streamManager goroutine runs in background where we send message to gcs and process response. - streamManager := func() { - var currentSpec []rangeSpec + // sender receives ranges from user adds and requests these ranges from GCS. + sender := func() { + var currentSpec []mrdRange for { select { - case <-rr.ctx.Done(): - rr.mu.Lock() - rr.done = true - rr.mu.Unlock() + case <-mrd.ctx.Done(): + mrd.mu.Lock() + mrd.done = true + mrd.mu.Unlock() return - case <-rr.managerRetry: + case <-mrd.senderRetry: return - case <-rr.closeManager: - rr.mu.Lock() - if len(rr.mp) != 0 { - for key := range rr.mp { - rr.mp[key].callback(rr.mp[key].offset, rr.mp[key].totalBytesWritten, fmt.Errorf("stream closed early")) - delete(rr.mp, key) + case <-mrd.closeSender: + mrd.mu.Lock() + if len(mrd.activeRanges) != 0 { + for key := range mrd.activeRanges { + mrd.activeRanges[key].callback(mrd.activeRanges[key].offset, mrd.activeRanges[key].totalBytesWritten, fmt.Errorf("stream closed early")) + delete(mrd.activeRanges, key) } } - rr.activeTask = 0 - rr.mu.Unlock() + mrd.numActiveRanges = 0 + mrd.mu.Unlock() return - case currentSpec = <-rr.data: + case currentSpec = <-mrd.rangesToRead: var readRanges []*storagepb.ReadRange var err error - rr.mu.Lock() + mrd.mu.Lock() for _, v := range currentSpec { - rr.mp[v.readID] = v + mrd.activeRanges[v.readID] = v readRanges = append(readRanges, &storagepb.ReadRange{ReadOffset: v.offset, ReadLength: v.limit, ReadId: v.readID}) } - rr.mu.Unlock() + mrd.mu.Unlock() // We can just send 100 request to gcs in one request. // In case of Add we will send only one range request to gcs but in case of retry we can have more than 100 ranges. // Hence be will divide the request in chunk of 100. @@ -1234,13 +1221,13 @@ func (c *grpcStorageClient) NewMultiRangeDownloader(ctx context.Context, params end = len(readRanges) } curReq := readRanges[start:end] - err = rr.stream.Send(&storagepb.BidiReadObjectRequest{ + err = mrd.stream.Send(&storagepb.BidiReadObjectRequest{ ReadRanges: curReq, }) if err != nil { // cancel stream and reopen the stream again. // Incase again an error is thrown close the streamManager goroutine. - rr.retrier(err, "manager") + mrd.retrier(err, "manager") break } } @@ -1249,24 +1236,25 @@ func (c *grpcStorageClient) NewMultiRangeDownloader(ctx context.Context, params } } - streamReceiver := func() { + // receives ranges responses on the stream and executes the callback. + receiver := func() { var resp *storagepb.BidiReadObjectResponse var err error for { select { - case <-rr.ctx.Done(): - rr.done = true + case <-mrd.ctx.Done(): + mrd.done = true return - case <-rr.receiverRetry: + case <-mrd.receiverRetry: return - case <-rr.closeReceiver: + case <-mrd.closeReceiver: return default: // This function reads the data sent for a particular range request and has a callback // to indicate that output buffer is filled. - resp, err = rr.stream.Recv() + resp, err = mrd.stream.Recv() if resp.GetReadHandle().GetHandle() != nil { - rr.readHandle = resp.GetReadHandle().GetHandle() + mrd.readHandle = resp.GetReadHandle().GetHandle() } if err == io.EOF { err = nil @@ -1274,101 +1262,100 @@ func (c *grpcStorageClient) NewMultiRangeDownloader(ctx context.Context, params if err != nil { // cancel stream and reopen the stream again. // Incase again an error is thrown close the streamManager goroutine. - rr.retrier(err, "receiver") + mrd.retrier(err, "receiver") } if err == nil { - rr.mu.Lock() - if len(rr.mp) == 0 && rr.activeTask == 0 { - rr.closeReceiver <- true - rr.closeManager <- true + mrd.mu.Lock() + if len(mrd.activeRanges) == 0 && mrd.numActiveRanges == 0 { + mrd.closeReceiver <- true + mrd.closeSender <- true return } - rr.mu.Unlock() + mrd.mu.Unlock() arr := resp.GetObjectDataRanges() for _, val := range arr { id := val.GetReadRange().GetReadId() - rr.mu.Lock() - _, ok := rr.mp[id] + mrd.mu.Lock() + _, ok := mrd.activeRanges[id] if !ok { // it's ok to ignore responses for read_id not in map as user would have been notified by callback. continue } - _, err = rr.mp[id].writer.Write(val.GetChecksummedData().GetContent()) + _, err = mrd.activeRanges[id].writer.Write(val.GetChecksummedData().GetContent()) if err != nil { - rr.mp[id].callback(rr.mp[id].offset, rr.mp[id].totalBytesWritten, err) - rr.activeTask-- - delete(rr.mp, id) + mrd.activeRanges[id].callback(mrd.activeRanges[id].offset, mrd.activeRanges[id].totalBytesWritten, err) + mrd.numActiveRanges-- + delete(mrd.activeRanges, id) } else { - rr.mp[id] = rangeSpec{ - readID: rr.mp[id].readID, - writer: rr.mp[id].writer, - offset: rr.mp[id].offset, - limit: rr.mp[id].limit, - currentBytesWritten: rr.mp[id].currentBytesWritten + int64(len(val.GetChecksummedData().GetContent())), - totalBytesWritten: rr.mp[id].totalBytesWritten + int64(len(val.GetChecksummedData().GetContent())), - callback: rr.mp[id].callback, + mrd.activeRanges[id] = mrdRange{ + readID: mrd.activeRanges[id].readID, + writer: mrd.activeRanges[id].writer, + offset: mrd.activeRanges[id].offset, + limit: mrd.activeRanges[id].limit, + currentBytesWritten: mrd.activeRanges[id].currentBytesWritten + int64(len(val.GetChecksummedData().GetContent())), + totalBytesWritten: mrd.activeRanges[id].totalBytesWritten + int64(len(val.GetChecksummedData().GetContent())), + callback: mrd.activeRanges[id].callback, } } if val.GetRangeEnd() { - rr.mp[id].callback(rr.mp[id].offset, rr.mp[id].totalBytesWritten, nil) - rr.activeTask-- - delete(rr.mp, id) + mrd.activeRanges[id].callback(mrd.activeRanges[id].offset, mrd.activeRanges[id].totalBytesWritten, nil) + mrd.numActiveRanges-- + delete(mrd.activeRanges, id) } - rr.mu.Unlock() + mrd.mu.Unlock() } } - } } } - rr.retrier = func(err error, thread string) { - rr.mu.Lock() - if !rr.streamRecreation { - rr.streamRecreation = true + mrd.retrier = func(err error, thread string) { + mrd.mu.Lock() + if !mrd.streamRecreation { + mrd.streamRecreation = true } else { - rr.mu.Unlock() + mrd.mu.Unlock() return } - rr.mu.Unlock() + mrd.mu.Unlock() // close both the go routines to make the stream recreation syncronous. if thread == "receiver" { - rr.managerRetry <- true + mrd.senderRetry <- true } else { - rr.receiverRetry <- true + mrd.receiverRetry <- true } - err = rr.retryStream(err) + err = mrd.retryStream(err) if err != nil { - rr.mu.Lock() - for key := range rr.mp { - rr.mp[key].callback(rr.mp[key].offset, rr.mp[key].totalBytesWritten, err) - delete(rr.mp, key) + mrd.mu.Lock() + for key := range mrd.activeRanges { + mrd.activeRanges[key].callback(mrd.activeRanges[key].offset, mrd.activeRanges[key].totalBytesWritten, err) + delete(mrd.activeRanges, key) } // In case we hit an permanent error, delete entries from map and remove active tasks. - rr.activeTask = 0 - rr.mu.Unlock() - rr.close() + mrd.numActiveRanges = 0 + mrd.mu.Unlock() + mrd.close() } else { // If stream recreation happened successfully lets again start // both the goroutine making the whole flow asynchronous again. if thread == "receiver" { - go streamManager() + go sender() } else { - go streamReceiver() + go receiver() } } - rr.mu.Lock() - rr.streamRecreation = false - rr.mu.Unlock() + mrd.mu.Lock() + mrd.streamRecreation = false + mrd.mu.Unlock() } - rr.mu.Lock() - rr.objectSize = size - rr.mu.Unlock() + mrd.mu.Lock() + mrd.objectSize = size + mrd.mu.Unlock() - go streamManager() - go streamReceiver() + go sender() + go receiver() return &MultiRangeDownloader{ Attrs: ReaderObjectAttrs{ @@ -1380,16 +1367,43 @@ func (c *grpcStorageClient) NewMultiRangeDownloader(ctx context.Context, params Metageneration: obj.GetMetageneration(), Generation: obj.GetGeneration(), }, - reader: rr, + reader: mrd, }, nil } -func getActiveRange(r *gRPCBidiReader) []rangeSpec { - r.mu.Lock() - defer r.mu.Unlock() - var activeRange []rangeSpec - for k, v := range r.mp { - activeRange = append(activeRange, rangeSpec{ +type gRPCBidiReader struct { + ctx context.Context + stream storagepb.Storage_BidiReadObjectClient + cancel context.CancelFunc + settings *settings + readHandle ReadHandle + readIDGenerator *readIDGenerator + reopen func(ReadHandle) (*bidiReadStreamResponse, context.CancelFunc, error) + readSpec *storagepb.BidiReadObjectSpec + objectSize int64 // always use the mutex when accessing this variable + closeReceiver chan bool + closeSender chan bool + senderRetry chan bool + receiverRetry chan bool + // rangesToRead are ranges that have not yet been sent or have been sent but + // must be retried. + rangesToRead chan []mrdRange + // activeRanges are ranges that are currently being sent or are waiting for + // a response from GCS. + activeRanges map[int64]mrdRange // always use the mutex when accessing the map + numActiveRanges int64 // always use the mutex when accessing this variable + done bool // always use the mutex when accessing this variable, indicates whether stream is closed or not. + mu sync.Mutex // protects all vars in gRPCBidiReader from concurrent access + retrier func(error, string) + streamRecreation bool // This helps us identify if stream recreation is in progress or not. If stream recreation gets called from two goroutine then this will stop second one. +} + +func (mrd *gRPCBidiReader) activeRange() []mrdRange { + mrd.mu.Lock() + defer mrd.mu.Unlock() + var activeRange []mrdRange + for k, v := range mrd.activeRanges { + activeRange = append(activeRange, mrdRange{ readID: k, writer: v.writer, offset: (v.offset + v.currentBytesWritten), @@ -1398,105 +1412,120 @@ func getActiveRange(r *gRPCBidiReader) []rangeSpec { currentBytesWritten: 0, totalBytesWritten: v.totalBytesWritten, }) - r.mp[k] = activeRange[len(activeRange)-1] + mrd.activeRanges[k] = activeRange[len(activeRange)-1] } return activeRange } // retryStream cancel's stream and reopen the stream again. -func (r *gRPCBidiReader) retryStream(err error) error { - var shouldRetry = ShouldRetry - if r.settings.retry != nil && r.settings.retry.shouldRetry != nil { - shouldRetry = r.settings.retry.shouldRetry - } - if shouldRetry(err) { +func (mrd *gRPCBidiReader) retryStream(err error) error { + if mrd.settings.retry.runShouldRetry(err) { // This will "close" the existing stream and immediately attempt to // reopen the stream, but will backoff if further attempts are necessary. // When Reopening the stream only failed readID will be added to stream. - return r.reopenStream(getActiveRange(r)) + return mrd.reopenStream(mrd.activeRange()) } return err } // reopenStream "closes" the existing stream and attempts to reopen a stream and // sets the Reader's stream and cancelStream properties in the process. -func (r *gRPCBidiReader) reopenStream(failSpec []rangeSpec) error { +func (mrd *gRPCBidiReader) reopenStream(failSpec []mrdRange) error { // Close existing stream and initialize new stream with updated offset. - if r.cancel != nil { - r.cancel() + if mrd.cancel != nil { + mrd.cancel() } - res, cancel, err := r.reopen(r.readHandle) + res, cancel, err := mrd.reopen(mrd.readHandle) if err != nil { return err } - r.stream = res.stream - r.cancel = cancel - r.readHandle = res.response.GetReadHandle().GetHandle() + mrd.stream = res.stream + mrd.cancel = cancel + mrd.readHandle = res.response.GetReadHandle().GetHandle() if failSpec != nil { - r.data <- failSpec + mrd.rangesToRead <- failSpec } return nil } // Add will add current range to stream. -func (mr *gRPCBidiReader) add(output io.Writer, offset, limit int64, callback func(int64, int64, error)) { - mr.mu.Lock() - objectSize := mr.objectSize - mr.mu.Unlock() +func (mrd *gRPCBidiReader) add(output io.Writer, offset, limit int64, callback func(int64, int64, error)) { + mrd.mu.Lock() + objectSize := mrd.objectSize + mrd.mu.Unlock() if offset > objectSize { - callback(offset, 0, fmt.Errorf("offset larger than size of object: %v", objectSize)) + callback(offset, 0, fmt.Errorf("storage: offset should not be larger than the size of object (%v)", objectSize)) return } if limit < 0 { - callback(offset, 0, fmt.Errorf("limit can't be negative")) + callback(offset, 0, errors.New("storage: cannot add range because the limit cannot be negative")) return } - mr.mu.Lock() - currentID := (*mr).readID - (*mr).readID++ - if !mr.done { - spec := rangeSpec{readID: currentID, writer: output, offset: offset, limit: limit, currentBytesWritten: 0, totalBytesWritten: 0, callback: callback} - mr.activeTask++ - mr.data <- []rangeSpec{spec} + + id := mrd.readIDGenerator.Next() + if !mrd.done { + spec := mrdRange{readID: id, writer: output, offset: offset, limit: limit, currentBytesWritten: 0, totalBytesWritten: 0, callback: callback} + mrd.mu.Lock() + mrd.numActiveRanges++ + mrd.rangesToRead <- []mrdRange{spec} + mrd.mu.Unlock() } else { - callback(offset, 0, fmt.Errorf("stream is closed, can't add range")) + callback(offset, 0, errors.New("storage: cannot add range because the stream is closed")) } - mr.mu.Unlock() } -func (mr *gRPCBidiReader) wait() { - mr.mu.Lock() +func (mrd *gRPCBidiReader) wait() { + mrd.mu.Lock() // we should wait until there is active task or an entry in the map. // there can be a scenario we have nothing in map for a moment or too but still have active task. // hence in case we have permanent errors we reduce active task to 0 so that this does not block wait. - keepWaiting := len(mr.mp) != 0 || mr.activeTask != 0 - mr.mu.Unlock() + keepWaiting := len(mrd.activeRanges) != 0 || mrd.numActiveRanges != 0 + mrd.mu.Unlock() for keepWaiting { - mr.mu.Lock() - keepWaiting = len(mr.mp) != 0 || mr.activeTask != 0 - mr.mu.Unlock() + mrd.mu.Lock() + keepWaiting = len(mrd.activeRanges) != 0 || mrd.numActiveRanges != 0 + mrd.mu.Unlock() } } // Close will notify stream manager goroutine that the reader has been closed, if it's still running. -func (mr *gRPCBidiReader) close() error { - if mr.cancel != nil { - mr.cancel() - } - mr.mu.Lock() - mr.done = true - mr.activeTask = 0 - mr.mu.Unlock() - mr.closeReceiver <- true - mr.closeManager <- true +func (mrd *gRPCBidiReader) close() error { + if mrd.cancel != nil { + mrd.cancel() + } + mrd.mu.Lock() + mrd.done = true + mrd.numActiveRanges = 0 + mrd.mu.Unlock() + mrd.closeReceiver <- true + mrd.closeSender <- true return nil } -func (mrr *gRPCBidiReader) getHandle() []byte { - return mrr.readHandle +func (mrd *gRPCBidiReader) getHandle() []byte { + return mrd.readHandle +} + +func (mrd *gRPCBidiReader) error() error { + mrd.mu.Lock() + defer mrd.mu.Unlock() + if mrd.done { + return errors.New("storage: stream is permanently closed") + } + return nil +} + +type mrdRange struct { + readID int64 + writer io.Writer + offset int64 + limit int64 + currentBytesWritten int64 + totalBytesWritten int64 + callback func(int64, int64, error) } func (c *grpcStorageClient) NewRangeReader(ctx context.Context, params *newRangeReaderParams, opts ...storageOption) (r *Reader, err error) { @@ -1699,94 +1728,6 @@ func (c *grpcStorageClient) NewRangeReader(ctx context.Context, params *newRange return r, nil } -func (c *grpcStorageClient) OpenWriter(params *openWriterParams, opts ...storageOption) (*io.PipeWriter, error) { - var offset int64 - errorf := params.setError - setObj := params.setObj - setFlush := params.setFlush - pr, pw := io.Pipe() - - s := callSettings(c.settings, opts...) - - retryDeadline := defaultWriteChunkRetryDeadline - if params.chunkRetryDeadline != 0 { - retryDeadline = params.chunkRetryDeadline - } - if s.retry == nil { - s.retry = defaultRetry.clone() - } - s.retry.maxRetryDuration = retryDeadline - - // This function reads the data sent to the pipe and sends sets of messages - // on the gRPC client-stream as the buffer is filled. - go func() { - err := func() error { - // Unless the user told us the content type, we have to determine it from - // the first read. - var r io.Reader = pr - if params.attrs.ContentType == "" && !params.forceEmptyContentType { - r, params.attrs.ContentType = gax.DetermineContentType(r) - } - - var gw *gRPCWriter - gw, err := newGRPCWriter(c, s, params, r, pw, params.setPipeWriter) - if err != nil { - return err - } - - // Set Flush func for use by exported Writer.Flush. - setFlush(func() (int64, error) { - return gw.flush() - }) - - // Loop until there is an error or the Object has been finalized. - for { - // Note: This blocks until either the buffer is full or EOF is read. - recvd, doneReading, err := gw.read() - if err != nil { - return err - } - - var o *storagepb.Object - uploadBuff := func(ctx context.Context) error { - obj, err := gw.uploadBuffer(ctx, recvd, offset, doneReading) - o = obj - return err - } - - // Add routing headers to the context metadata for single-shot and resumable - // writes. Append writes need to set this at a lower level to pass the routing - // token. - bctx := gw.ctx - if !gw.append { - bctx = bucketContext(bctx, gw.bucket) - } - err = run(bctx, uploadBuff, gw.settings.retry, s.idempotent) - if err != nil { - return err - } - offset += int64(recvd) - - // When we are done reading data without errors, set the object and - // finish. - if doneReading { - // Build Object from server's response. - setObj(newObjectFromProto(o)) - return nil - } - } - }() - - // These calls are still valid if err is nil - err = checkCanceled(err) - errorf(err) - pr.CloseWithError(err) - close(params.donec) - }() - - return pw, nil -} - // IAM methods. func (c *grpcStorageClient) GetIamPolicy(ctx context.Context, resource string, version int32, opts ...storageOption) (*iampb.Policy, error) { @@ -1910,29 +1851,6 @@ type bidiReadStreamResponse struct { response *storagepb.BidiReadObjectResponse } -type gRPCBidiReader struct { - stream storagepb.Storage_BidiReadObjectClient - cancel context.CancelFunc - settings *settings - readHandle ReadHandle - readID int64 - reopen func(ReadHandle) (*bidiReadStreamResponse, context.CancelFunc, error) - readSpec *storagepb.BidiReadObjectSpec - data chan []rangeSpec - ctx context.Context - closeReceiver chan bool - closeManager chan bool - managerRetry chan bool - receiverRetry chan bool - mu sync.Mutex // protects all vars in gRPCBidiReader from concurrent access - mp map[int64]rangeSpec // always use the mutex when accessing the map - done bool // always use the mutex when accessing this variable - activeTask int64 // always use the mutex when accessing this variable - objectSize int64 // always use the mutex when accessing this variable - retrier func(error, string) - streamRecreation bool // This helps us identify if stream recreation is in progress or not. If stream recreation gets called from two goroutine then this will stop second one. -} - // gRPCReader is used by storage.Reader if the experimental option WithGRPCBidiReads is passed. type gRPCReader struct { seen, size int64 @@ -2110,11 +2028,7 @@ func (r *gRPCReader) Close() error { func (r *gRPCReader) recv() error { databufs := mem.BufferSlice{} err := r.stream.RecvMsg(&databufs) - var shouldRetry = ShouldRetry - if r.settings.retry != nil && r.settings.retry.shouldRetry != nil { - shouldRetry = r.settings.retry.shouldRetry - } - if err != nil && shouldRetry(err) { + if err != nil && r.settings.retry.runShouldRetry(err) { // This will "close" the existing stream and immediately attempt to // reopen the stream, but will backoff if further attempts are necessary. // Reopening the stream Recvs the first message, so if retrying is @@ -2471,7 +2385,7 @@ func (d *readResponseDecoder) readFullObjectResponse() error { msg.ObjectDataRanges = []*storagepb.ObjectRangeData{{ChecksummedData: &storagepb.ChecksummedData{}, ReadRange: &storagepb.ReadRange{}}} bytesFieldLen, err := d.consumeVarint() if err != nil { - return fmt.Errorf("consuming bytes: %v", err) + return fmt.Errorf("consuming bytes: %w", err) } var contentEndOff = d.off + bytesFieldLen for d.off < contentEndOff { @@ -2484,7 +2398,7 @@ func (d *readResponseDecoder) readFullObjectResponse() error { case gotNum == checksummedDataField && gotTyp == protowire.BytesType: checksummedDataFieldLen, err := d.consumeVarint() if err != nil { - return fmt.Errorf("consuming bytes: %v", err) + return fmt.Errorf("consuming bytes: %w", err) } var checksummedDataEndOff = d.off + checksummedDataFieldLen for d.off < checksummedDataEndOff { @@ -2515,7 +2429,7 @@ func (d *readResponseDecoder) readFullObjectResponse() error { case gotNum == readRangeField && gotTyp == protowire.BytesType: buf, err := d.consumeBytesCopy() if err != nil { - return fmt.Errorf("invalid ObjectDataRange.ReadRange: %v", err) + return fmt.Errorf("invalid ObjectDataRange.ReadRange: %w", err) } if err := proto.Unmarshal(buf, msg.ObjectDataRanges[0].ReadRange); err != nil { @@ -2534,7 +2448,7 @@ func (d *readResponseDecoder) readFullObjectResponse() error { msg.Metadata = &storagepb.Object{} buf, err := d.consumeBytesCopy() if err != nil { - return fmt.Errorf("invalid BidiReadObjectResponse.Metadata: %v", err) + return fmt.Errorf("invalid BidiReadObjectResponse.Metadata: %w", err) } if err := proto.Unmarshal(buf, msg.Metadata); err != nil { @@ -2544,7 +2458,7 @@ func (d *readResponseDecoder) readFullObjectResponse() error { msg.ReadHandle = &storagepb.BidiReadHandle{} buf, err := d.consumeBytesCopy() if err != nil { - return fmt.Errorf("invalid BidiReadObjectResponse.ReadHandle: %v", err) + return fmt.Errorf("invalid BidiReadObjectResponse.ReadHandle: %w", err) } if err := proto.Unmarshal(buf, msg.ReadHandle); err != nil { @@ -2577,444 +2491,3 @@ func (r *gRPCReader) reopenStream() error { r.cancel = cancel return nil } - -func newGRPCWriter(c *grpcStorageClient, s *settings, params *openWriterParams, r io.Reader, pw *io.PipeWriter, setPipeWriter func(*io.PipeWriter)) (*gRPCWriter, error) { - if params.attrs.Retention != nil { - // TO-DO: remove once ObjectRetention is available - see b/308194853 - return nil, status.Errorf(codes.Unimplemented, "storage: object retention is not supported in gRPC") - } - - size := googleapi.MinUploadChunkSize - // A completely bufferless upload (params.chunkSize <= 0) is not possible in - // gRPC because the buffer must be provided to the message. Use the minimum - // size possible. - if params.chunkSize > 0 { - size = params.chunkSize - } - - // Round up chunksize to nearest 256KiB - if size%googleapi.MinUploadChunkSize != 0 { - size += googleapi.MinUploadChunkSize - (size % googleapi.MinUploadChunkSize) - } - - if s.userProject != "" { - params.ctx = setUserProjectMetadata(params.ctx, s.userProject) - } - - spec := &storagepb.WriteObjectSpec{ - Resource: params.attrs.toProtoObject(params.bucket), - Appendable: proto.Bool(params.append), - } - // WriteObject doesn't support the generation condition, so use default. - if err := applyCondsProto("WriteObject", defaultGen, params.conds, spec); err != nil { - return nil, err - } - - return &gRPCWriter{ - buf: make([]byte, size), - c: c, - ctx: params.ctx, - reader: r, - pw: pw, - bucket: params.bucket, - attrs: params.attrs, - conds: params.conds, - spec: spec, - encryptionKey: params.encryptionKey, - settings: s, - progress: params.progress, - sendCRC32C: params.sendCRC32C, - forceOneShot: params.chunkSize <= 0, - forceEmptyContentType: params.forceEmptyContentType, - append: params.append, - setPipeWriter: setPipeWriter, - flushComplete: make(chan int64), - }, nil -} - -// gRPCWriter is a wrapper around the the gRPC client-stream API that manages -// sending chunks of data provided by the user over the stream. -type gRPCWriter struct { - c *grpcStorageClient - buf []byte - reader io.Reader - pw *io.PipeWriter - setPipeWriter func(*io.PipeWriter) // used to set in parent storage.Writer - - ctx context.Context - - bucket string - attrs *ObjectAttrs - conds *Conditions - spec *storagepb.WriteObjectSpec - encryptionKey []byte - settings *settings - progress func(int64) - - sendCRC32C bool - forceOneShot bool - forceEmptyContentType bool - append bool - - streamSender gRPCBidiWriteBufferSender - flushInProgress bool // true when the pipe is being recreated for a flush. - flushComplete chan int64 // use to signal back to flush call that flush to server was completed. -} - -func bucketContext(ctx context.Context, bucket string) context.Context { - hds := []string{"x-goog-request-params", fmt.Sprintf("bucket=projects/_/buckets/%s", url.QueryEscape(bucket))} - return gax.InsertMetadataIntoOutgoingContext(ctx, hds...) -} - -// drainInboundStream calls stream.Recv() repeatedly until an error is returned. -// It returns the last Resource received on the stream, or nil if no Resource -// was returned. drainInboundStream always returns a non-nil error. io.EOF -// indicates all messages were successfully read. -func drainInboundStream(stream storagepb.Storage_BidiWriteObjectClient) (object *storagepb.Object, err error) { - for err == nil { - var resp *storagepb.BidiWriteObjectResponse - resp, err = stream.Recv() - // GetResource() returns nil on a nil response - if resp.GetResource() != nil { - object = resp.GetResource() - } - } - return object, err -} - -func bidiWriteObjectRequest(buf []byte, offset int64, flush, finishWrite bool) *storagepb.BidiWriteObjectRequest { - return &storagepb.BidiWriteObjectRequest{ - Data: &storagepb.BidiWriteObjectRequest_ChecksummedData{ - ChecksummedData: &storagepb.ChecksummedData{ - Content: buf, - }, - }, - WriteOffset: offset, - FinishWrite: finishWrite, - Flush: flush, - StateLookup: flush, - } -} - -type gRPCBidiWriteBufferSender interface { - // sendBuffer implementations should upload buf, respecting flush and - // finishWrite. Callers must guarantee that buf is not too long to fit in a - // gRPC message. - // - // If flush is true, implementations must not return until the data in buf is - // stable. If finishWrite is true, implementations must return the object on - // success. - sendBuffer(ctx context.Context, buf []byte, offset int64, flush, finishWrite bool) (*storagepb.Object, error) -} - -type gRPCOneshotBidiWriteBufferSender struct { - firstMessage *storagepb.BidiWriteObjectRequest - raw *gapic.Client - stream storagepb.Storage_BidiWriteObjectClient - settings *settings -} - -func (w *gRPCWriter) newGRPCOneshotBidiWriteBufferSender() (*gRPCOneshotBidiWriteBufferSender, error) { - firstMessage := &storagepb.BidiWriteObjectRequest{ - FirstMessage: &storagepb.BidiWriteObjectRequest_WriteObjectSpec{ - WriteObjectSpec: w.spec, - }, - CommonObjectRequestParams: toProtoCommonObjectRequestParams(w.encryptionKey), - // For a non-resumable upload, checksums must be sent in this message. - // TODO: Currently the checksums are only sent on the first message - // of the stream, but in the future, we must also support sending it - // on the *last* message of the stream (instead of the first). - ObjectChecksums: toProtoChecksums(w.sendCRC32C, w.attrs), - } - - return &gRPCOneshotBidiWriteBufferSender{ - firstMessage: firstMessage, - raw: w.c.raw, - settings: w.settings, - }, nil -} - -func (s *gRPCOneshotBidiWriteBufferSender) sendBuffer(ctx context.Context, buf []byte, offset int64, flush, finishWrite bool) (obj *storagepb.Object, err error) { - var firstMessage *storagepb.BidiWriteObjectRequest - if s.stream == nil { - s.stream, err = s.raw.BidiWriteObject(ctx, s.settings.gax...) - if err != nil { - return - } - firstMessage = s.firstMessage - } - req := bidiWriteObjectRequest(buf, offset, flush, finishWrite) - if firstMessage != nil { - proto.Merge(req, firstMessage) - } - - sendErr := s.stream.Send(req) - if sendErr != nil { - obj, err = drainInboundStream(s.stream) - s.stream = nil - if sendErr != io.EOF { - err = sendErr - } - return - } - // Oneshot uploads assume all flushes succeed - - if finishWrite { - s.stream.CloseSend() - // Oneshot uploads only read from the response stream on completion or - // failure - obj, err = drainInboundStream(s.stream) - s.stream = nil - if err == io.EOF { - err = nil - } - } - return -} - -type gRPCResumableBidiWriteBufferSender struct { - queryRetry *retryConfig - upid string - progress func(int64) - raw *gapic.Client - forceFirstMessage bool - stream storagepb.Storage_BidiWriteObjectClient - flushOffset int64 - settings *settings -} - -func (w *gRPCWriter) newGRPCResumableBidiWriteBufferSender(ctx context.Context) (*gRPCResumableBidiWriteBufferSender, error) { - req := &storagepb.StartResumableWriteRequest{ - WriteObjectSpec: w.spec, - CommonObjectRequestParams: toProtoCommonObjectRequestParams(w.encryptionKey), - // TODO: Currently the checksums are only sent on the request to initialize - // the upload, but in the future, we must also support sending it - // on the *last* message of the stream. - ObjectChecksums: toProtoChecksums(w.sendCRC32C, w.attrs), - } - - var upid string - err := run(ctx, func(ctx context.Context) error { - upres, err := w.c.raw.StartResumableWrite(ctx, req, w.settings.gax...) - upid = upres.GetUploadId() - return err - }, w.settings.retry, w.settings.idempotent) - if err != nil { - return nil, err - } - - // Set up an initial connection for the 0 offset, so we don't query state - // unnecessarily for the first buffer. If we fail, we'll just retry in the - // normal connect path. - stream, err := w.c.raw.BidiWriteObject(ctx, w.settings.gax...) - if err != nil { - stream = nil - } - - return &gRPCResumableBidiWriteBufferSender{ - queryRetry: w.settings.retry, - upid: upid, - progress: w.progress, - raw: w.c.raw, - forceFirstMessage: true, - stream: stream, - settings: w.settings, - }, nil -} - -// queryProgress is a helper that queries the status of the resumable upload -// associated with the given upload ID. -func (s *gRPCResumableBidiWriteBufferSender) queryProgress(ctx context.Context) (int64, error) { - var persistedSize int64 - err := run(ctx, func(ctx context.Context) error { - q, err := s.raw.QueryWriteStatus(ctx, &storagepb.QueryWriteStatusRequest{ - UploadId: s.upid, - }, s.settings.gax...) - // q.GetPersistedSize() will return 0 if q is nil. - persistedSize = q.GetPersistedSize() - return err - }, s.queryRetry, true) - - return persistedSize, err -} - -func (s *gRPCResumableBidiWriteBufferSender) sendBuffer(ctx context.Context, buf []byte, offset int64, flush, finishWrite bool) (obj *storagepb.Object, err error) { - reconnected := false - if s.stream == nil { - // Determine offset and reconnect - s.flushOffset, err = s.queryProgress(ctx) - if err != nil { - return - } - s.stream, err = s.raw.BidiWriteObject(ctx, s.settings.gax...) - if err != nil { - return - } - reconnected = true - } - - // clean up buf. We'll still write the message if a flush/finishWrite was - // requested. - if offset < s.flushOffset { - trim := s.flushOffset - offset - if int64(len(buf)) <= trim { - trim = int64(len(buf)) - } - buf = buf[trim:] - } - if len(buf) == 0 && !flush && !finishWrite { - // no need to send anything - return nil, nil - } - - req := bidiWriteObjectRequest(buf, offset, flush, finishWrite) - if s.forceFirstMessage || reconnected { - req.FirstMessage = &storagepb.BidiWriteObjectRequest_UploadId{UploadId: s.upid} - s.forceFirstMessage = false - } - - sendErr := s.stream.Send(req) - if sendErr != nil { - obj, err = drainInboundStream(s.stream) - s.stream = nil - if err == io.EOF { - // This is unexpected - we got an error on Send(), but not on Recv(). - // Bubble up the sendErr. - err = sendErr - } - return - } - - if finishWrite { - s.stream.CloseSend() - obj, err = drainInboundStream(s.stream) - s.stream = nil - if err == io.EOF { - err = nil - if obj.GetSize() > s.flushOffset { - s.progress(obj.GetSize()) - } - } - return - } - - if flush { - resp, err := s.stream.Recv() - if err != nil { - return nil, err - } - persistedOffset := resp.GetPersistedSize() - if persistedOffset > s.flushOffset { - s.flushOffset = persistedOffset - s.progress(s.flushOffset) - } - } - return -} - -// uploadBuffer uploads the buffer at the given offset using a bi-directional -// Write stream. It will open a new stream if necessary (on the first call or -// after resuming from failure) and chunk the buffer per maxPerMessageWriteSize. -// The final Object is returned on success if doneReading is true. -// -// Returns object and any error that is not retriable. -func (w *gRPCWriter) uploadBuffer(ctx context.Context, recvd int, start int64, doneReading bool) (obj *storagepb.Object, err error) { - if w.streamSender == nil { - if w.append { - // Appendable object semantics - w.streamSender, err = w.newGRPCAppendBidiWriteBufferSender() - } else if doneReading || w.forceOneShot { - // One shot semantics - w.streamSender, err = w.newGRPCOneshotBidiWriteBufferSender() - } else { - // Resumable write semantics - w.streamSender, err = w.newGRPCResumableBidiWriteBufferSender(ctx) - } - if err != nil { - return - } - } - - data := w.buf[:recvd] - offset := start - // We want to go through this loop at least once, in case we have to - // finishWrite with an empty buffer. - for { - // Send as much as we can fit into a single gRPC message. Only flush once, - // when sending the very last message. - l := maxPerMessageWriteSize - flush := false - if len(data) <= l { - l = len(data) - flush = true - } - obj, err = w.streamSender.sendBuffer(ctx, data[:l], offset, flush, flush && doneReading) - if err != nil { - return nil, err - } - data = data[l:] - offset += int64(l) - if len(data) == 0 { - break - } - } - if w.flushInProgress { - w.flushInProgress = false - w.flushComplete <- offset - } - return -} - -// read copies the data in the reader to the given buffer and reports how much -// data was read into the buffer and if there is no more data to read (EOF). -// read returns when either 1. the buffer is full, 2. Writer.Flush was called, -// or 3. Writer.Close was called. -func (w *gRPCWriter) read() (int, bool, error) { - // Set n to -1 to start the Read loop. - var n, recvd int = -1, 0 - var err error - for err == nil && n != 0 { - // The routine blocks here until data is received. - n, err = w.reader.Read(w.buf[recvd:]) - recvd += n - } - var done bool - if err == io.EOF { - err = nil - // EOF can come from Writer.Flush or Writer.Close. - if w.flushInProgress { - // Reset pipe for additional writes after the flush. - pr, pw := io.Pipe() - w.reader = pr - w.pw = pw - w.setPipeWriter(pw) - } else { - done = true - } - } - return recvd, done, err -} - -// flush flushes the current buffer regardless of whether it is full or not. -// It's the implementation for Writer.Flush. -func (w *gRPCWriter) flush() (int64, error) { - if !w.append { - return 0, errors.New("Flush is supported only if Writer.Append is set to true") - } - - // Close PipeWriter to trigger EOF on read side of the stream. - w.flushInProgress = true - w.pw.Close() - - // Wait for flush to complete - offset := <-w.flushComplete - return offset, nil -} - -func checkCanceled(err error) error { - if status.Code(err) == codes.Canceled { - return context.Canceled - } - - return err -} diff --git a/vendor/cloud.google.com/go/storage/grpc_reader.go b/vendor/cloud.google.com/go/storage/grpc_reader.go index eaa35fea6..099e6a615 100644 --- a/vendor/cloud.google.com/go/storage/grpc_reader.go +++ b/vendor/cloud.google.com/go/storage/grpc_reader.go @@ -424,11 +424,7 @@ func (r *gRPCReadObjectReader) recv() error { databufs := mem.BufferSlice{} err := r.stream.RecvMsg(&databufs) - var shouldRetry = ShouldRetry - if r.settings.retry != nil && r.settings.retry.shouldRetry != nil { - shouldRetry = r.settings.retry.shouldRetry - } - if err != nil && shouldRetry(err) { + if err != nil && r.settings.retry.runShouldRetry(err) { // This will "close" the existing stream and immediately attempt to // reopen the stream, but will backoff if further attempts are necessary. // Reopening the stream Recvs the first message, so if retrying is @@ -775,7 +771,7 @@ func (d *readObjectResponseDecoder) readFullObjectResponse() error { bytesFieldLen, err := d.consumeVarint() if err != nil { - return fmt.Errorf("consuming bytes: %v", err) + return fmt.Errorf("consuming bytes: %w", err) } var contentEndOff = d.off + bytesFieldLen @@ -811,7 +807,7 @@ func (d *readObjectResponseDecoder) readFullObjectResponse() error { // Consume the bytes and copy them into a single buffer if they are split across buffers. buf, err := d.consumeBytesCopy() if err != nil { - return fmt.Errorf("invalid ReadObjectResponse.ObjectChecksums: %v", err) + return fmt.Errorf("invalid ReadObjectResponse.ObjectChecksums: %w", err) } // Unmarshal. if err := proto.Unmarshal(buf, msg.ObjectChecksums); err != nil { @@ -821,7 +817,7 @@ func (d *readObjectResponseDecoder) readFullObjectResponse() error { msg.ContentRange = &storagepb.ContentRange{} buf, err := d.consumeBytesCopy() if err != nil { - return fmt.Errorf("invalid ReadObjectResponse.ContentRange: %v", err) + return fmt.Errorf("invalid ReadObjectResponse.ContentRange: %w", err) } if err := proto.Unmarshal(buf, msg.ContentRange); err != nil { return err @@ -831,7 +827,7 @@ func (d *readObjectResponseDecoder) readFullObjectResponse() error { buf, err := d.consumeBytesCopy() if err != nil { - return fmt.Errorf("invalid ReadObjectResponse.Metadata: %v", err) + return fmt.Errorf("invalid ReadObjectResponse.Metadata: %w", err) } if err := proto.Unmarshal(buf, msg.Metadata); err != nil { diff --git a/vendor/cloud.google.com/go/storage/grpc_reader_multi_range.go b/vendor/cloud.google.com/go/storage/grpc_reader_multi_range.go new file mode 100644 index 000000000..14b78e1a1 --- /dev/null +++ b/vendor/cloud.google.com/go/storage/grpc_reader_multi_range.go @@ -0,0 +1,40 @@ +// Copyright 2025 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package storage + +import "sync" + +// readIDGenerator generates unique read IDs for multi-range reads. +// Call readIDGenerator.Next to get the next ID. Safe to be called concurrently. +type readIDGenerator struct { + initOnce sync.Once + nextID chan int64 // do not use this field directly +} + +func (g *readIDGenerator) init() { + g.nextID = make(chan int64, 1) + g.nextID <- 1 +} + +// Next returns the Next read ID. It initializes the readIDGenerator if needed. +func (g *readIDGenerator) Next() int64 { + g.initOnce.Do(g.init) + + id := <-g.nextID + n := id + 1 + g.nextID <- n + + return id +} diff --git a/vendor/cloud.google.com/go/storage/grpc_writer.go b/vendor/cloud.google.com/go/storage/grpc_writer.go index 2047cd23f..c74d1ff31 100644 --- a/vendor/cloud.google.com/go/storage/grpc_writer.go +++ b/vendor/cloud.google.com/go/storage/grpc_writer.go @@ -19,17 +19,646 @@ import ( "errors" "fmt" "io" + "net/url" "time" gapic "cloud.google.com/go/storage/internal/apiv2" "cloud.google.com/go/storage/internal/apiv2/storagepb" gax "github.com/googleapis/gax-go/v2" + "google.golang.org/api/googleapi" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" "google.golang.org/protobuf/proto" ) -const defaultWriteChunkRetryDeadline = 32 * time.Second +const ( + // defaultWriteChunkRetryDeadline is the default deadline for the upload + // of a single chunk. It can be overwritten by Writer.ChunkRetryDeadline. + defaultWriteChunkRetryDeadline = 32 * time.Second + // maxPerMessageWriteSize is the maximum amount of content that can be sent + // per WriteObjectRequest message. A buffer reaching this amount will + // precipitate a flush of the buffer. It is only used by the gRPC Writer + // implementation. + maxPerMessageWriteSize int = int(storagepb.ServiceConstants_MAX_WRITE_CHUNK_BYTES) +) + +func withBidiWriteObjectRedirectionErrorRetries(s *settings) (newr *retryConfig) { + oldr := s.retry + newr = oldr.clone() + if newr == nil { + newr = &retryConfig{} + } + if (oldr.policy == RetryIdempotent && !s.idempotent) || oldr.policy == RetryNever { + // We still retry redirection errors even when settings indicate not to + // retry. + // + // The protocol requires us to respect redirection errors, so RetryNever has + // to ignore them. + // + // Idempotency is always protected by redirection errors: they either + // contain a handle which can be used as idempotency information, or they do + // not contain a handle and are "affirmative failures" which indicate that + // no server-side action occurred. + newr.policy = RetryAlways + newr.shouldRetry = func(err error) bool { + return errors.Is(err, bidiWriteObjectRedirectionError{}) + } + return newr + } + // If retry settings allow retries normally, fall back to that behavior. + newr.shouldRetry = func(err error) bool { + if errors.Is(err, bidiWriteObjectRedirectionError{}) { + return true + } + v := oldr.runShouldRetry(err) + return v + } + return newr +} + +func (c *grpcStorageClient) OpenWriter(params *openWriterParams, opts ...storageOption) (*io.PipeWriter, error) { + var offset int64 + errorf := params.setError + setObj := params.setObj + setFlush := params.setFlush + pr, pw := io.Pipe() + + s := callSettings(c.settings, opts...) + + retryDeadline := defaultWriteChunkRetryDeadline + if params.chunkRetryDeadline != 0 { + retryDeadline = params.chunkRetryDeadline + } + if s.retry == nil { + s.retry = defaultRetry.clone() + } + if params.append { + s.retry = withBidiWriteObjectRedirectionErrorRetries(s) + } + s.retry.maxRetryDuration = retryDeadline + + // Set Flush func for use by exported Writer.Flush. + var gw *gRPCWriter + setFlush(func() (int64, error) { + return gw.flush() + }) + gw, err := newGRPCWriter(c, s, params, pr, pw, params.setPipeWriter) + if err != nil { + errorf(err) + pr.CloseWithError(err) + close(params.donec) + return nil, err + } + + var o *storagepb.Object + + // If we are taking over an appendable object, send the first message here + // to get the append offset. + if params.appendGen > 0 { + // Create the buffer sender. This opens a stream and blocks until we + // get a response that tells us what offset to write from. + wbs, err := gw.newGRPCAppendTakeoverWriteBufferSender(params.ctx) + if err != nil { + return nil, fmt.Errorf("storage: creating buffer sender: %w", err) + } + // Propagate append offset to caller and buffer sending logic below. + params.setTakeoverOffset(wbs.takeoverOffset) + offset = wbs.takeoverOffset + gw.streamSender = wbs + o = wbs.objResource + setObj(newObjectFromProto(o)) + } + + // This function reads the data sent to the pipe and sends sets of messages + // on the gRPC client-stream as the buffer is filled. + go func() { + err := func() error { + // Unless the user told us the content type, we have to determine it from + // the first read. + if params.attrs.ContentType == "" && !params.forceEmptyContentType { + gw.reader, gw.spec.Resource.ContentType = gax.DetermineContentType(gw.reader) + } + + // Loop until there is an error or the Object has been finalized. + for { + // Note: This blocks until either the buffer is full or EOF is read. + recvd, doneReading, err := gw.read() + if err != nil { + return err + } + + uploadBuff := func(ctx context.Context) error { + obj, err := gw.uploadBuffer(ctx, recvd, offset, doneReading) + if obj != nil { + o = obj + setObj(newObjectFromProto(o)) + } + return err + } + + // Add routing headers to the context metadata for single-shot and resumable + // writes. Append writes need to set this at a lower level to pass the routing + // token. + bctx := gw.ctx + if !gw.append { + bctx = bucketContext(bctx, gw.bucket) + } + err = run(bctx, uploadBuff, gw.settings.retry, s.idempotent) + offset += int64(recvd) + // If this buffer upload was triggered by a flush, reset and + // communicate back the result. + if gw.flushInProgress { + gw.setSize(offset) + gw.flushInProgress = false + gw.flushComplete <- flushResult{offset: offset, err: err} + } + if err != nil { + return err + } + // When we are done reading data without errors, set the object and + // finish. + if doneReading { + // Build Object from server's response. + setObj(newObjectFromProto(o)) + return nil + } + } + }() + + // These calls are still valid if err is nil + err = checkCanceled(err) + errorf(err) + pr.CloseWithError(err) + close(params.donec) + }() + + return pw, nil +} + +func newGRPCWriter(c *grpcStorageClient, s *settings, params *openWriterParams, r io.Reader, pw *io.PipeWriter, setPipeWriter func(*io.PipeWriter)) (*gRPCWriter, error) { + if params.attrs.Retention != nil { + // TO-DO: remove once ObjectRetention is available - see b/308194853 + return nil, status.Errorf(codes.Unimplemented, "storage: object retention is not supported in gRPC") + } + + size := googleapi.MinUploadChunkSize + // A completely bufferless upload (params.chunkSize <= 0) is not possible in + // gRPC because the buffer must be provided to the message. Use the minimum + // size possible. + if params.chunkSize > 0 { + size = params.chunkSize + } + + // Round up chunksize to nearest 256KiB + if size%googleapi.MinUploadChunkSize != 0 { + size += googleapi.MinUploadChunkSize - (size % googleapi.MinUploadChunkSize) + } + + if s.userProject != "" { + params.ctx = setUserProjectMetadata(params.ctx, s.userProject) + } + + spec := &storagepb.WriteObjectSpec{ + Resource: params.attrs.toProtoObject(params.bucket), + Appendable: proto.Bool(params.append), + } + var appendSpec *storagepb.AppendObjectSpec + if params.appendGen > 0 { + appendSpec = &storagepb.AppendObjectSpec{ + Bucket: bucketResourceName(globalProjectAlias, params.bucket), + Object: params.attrs.Name, + Generation: params.appendGen, + } + } + // WriteObject doesn't support the generation condition, so use default. + if err := applyCondsProto("WriteObject", defaultGen, params.conds, spec); err != nil { + return nil, err + } + + return &gRPCWriter{ + buf: make([]byte, size), + c: c, + ctx: params.ctx, + reader: r, + pw: pw, + bucket: params.bucket, + attrs: params.attrs, + conds: params.conds, + spec: spec, + appendSpec: appendSpec, + encryptionKey: params.encryptionKey, + settings: s, + progress: params.progress, + setSize: params.setSize, + sendCRC32C: params.sendCRC32C, + forceOneShot: params.chunkSize <= 0, + forceEmptyContentType: params.forceEmptyContentType, + append: params.append, + finalizeOnClose: params.finalizeOnClose, + setPipeWriter: setPipeWriter, + flushComplete: make(chan flushResult), + }, nil +} + +// gRPCWriter is a wrapper around the the gRPC client-stream API that manages +// sending chunks of data provided by the user over the stream. +type gRPCWriter struct { + c *grpcStorageClient + buf []byte + reader io.Reader + pw *io.PipeWriter + setPipeWriter func(*io.PipeWriter) // used to set in parent storage.Writer + + ctx context.Context + + bucket string + attrs *ObjectAttrs + conds *Conditions + spec *storagepb.WriteObjectSpec + appendSpec *storagepb.AppendObjectSpec + encryptionKey []byte + settings *settings + progress func(int64) + setSize func(int64) + + sendCRC32C bool + forceOneShot bool + forceEmptyContentType bool + append bool + finalizeOnClose bool + + streamSender gRPCBidiWriteBufferSender + flushInProgress bool // true when the pipe is being recreated for a flush. + flushComplete chan flushResult // use to signal back to flush call that flush to server was completed. +} + +type flushResult struct { + err error + offset int64 +} + +func bucketContext(ctx context.Context, bucket string) context.Context { + hds := []string{"x-goog-request-params", fmt.Sprintf("bucket=projects/_/buckets/%s", url.QueryEscape(bucket))} + return gax.InsertMetadataIntoOutgoingContext(ctx, hds...) +} + +// drainInboundStream calls stream.Recv() repeatedly until an error is returned. +// It returns the last Resource received on the stream, or nil if no Resource +// was returned. drainInboundStream always returns a non-nil error. io.EOF +// indicates all messages were successfully read. +func drainInboundStream(stream storagepb.Storage_BidiWriteObjectClient) (object *storagepb.Object, err error) { + for err == nil { + var resp *storagepb.BidiWriteObjectResponse + resp, err = stream.Recv() + // GetResource() returns nil on a nil response + if resp.GetResource() != nil { + object = resp.GetResource() + } + } + return object, err +} + +func bidiWriteObjectRequest(buf []byte, offset int64, flush, finishWrite bool) *storagepb.BidiWriteObjectRequest { + var data *storagepb.BidiWriteObjectRequest_ChecksummedData + if buf != nil { + data = &storagepb.BidiWriteObjectRequest_ChecksummedData{ + ChecksummedData: &storagepb.ChecksummedData{ + Content: buf, + }, + } + } + req := &storagepb.BidiWriteObjectRequest{ + Data: data, + WriteOffset: offset, + FinishWrite: finishWrite, + Flush: flush, + StateLookup: flush, + } + return req +} + +type gRPCBidiWriteBufferSender interface { + // sendBuffer implementations should upload buf, respecting flush and + // finishWrite. Callers must guarantee that buf is not too long to fit in a + // gRPC message. + // + // If flush is true, implementations must not return until the data in buf is + // stable. If finishWrite is true, implementations must return the object on + // success. + sendBuffer(ctx context.Context, buf []byte, offset int64, flush, finishWrite bool) (*storagepb.Object, error) +} + +type gRPCOneshotBidiWriteBufferSender struct { + firstMessage *storagepb.BidiWriteObjectRequest + raw *gapic.Client + stream storagepb.Storage_BidiWriteObjectClient + settings *settings +} + +func (w *gRPCWriter) newGRPCOneshotBidiWriteBufferSender() (*gRPCOneshotBidiWriteBufferSender, error) { + firstMessage := &storagepb.BidiWriteObjectRequest{ + FirstMessage: &storagepb.BidiWriteObjectRequest_WriteObjectSpec{ + WriteObjectSpec: w.spec, + }, + CommonObjectRequestParams: toProtoCommonObjectRequestParams(w.encryptionKey), + // For a non-resumable upload, checksums must be sent in this message. + // TODO: Currently the checksums are only sent on the first message + // of the stream, but in the future, we must also support sending it + // on the *last* message of the stream (instead of the first). + ObjectChecksums: toProtoChecksums(w.sendCRC32C, w.attrs), + } + + return &gRPCOneshotBidiWriteBufferSender{ + firstMessage: firstMessage, + raw: w.c.raw, + settings: w.settings, + }, nil +} + +func (s *gRPCOneshotBidiWriteBufferSender) sendBuffer(ctx context.Context, buf []byte, offset int64, flush, finishWrite bool) (obj *storagepb.Object, err error) { + var firstMessage *storagepb.BidiWriteObjectRequest + if s.stream == nil { + s.stream, err = s.raw.BidiWriteObject(ctx, s.settings.gax...) + if err != nil { + return + } + firstMessage = s.firstMessage + } + req := bidiWriteObjectRequest(buf, offset, flush, finishWrite) + if firstMessage != nil { + proto.Merge(req, firstMessage) + } + + sendErr := s.stream.Send(req) + if sendErr != nil { + obj, err = drainInboundStream(s.stream) + s.stream = nil + if sendErr != io.EOF { + err = sendErr + } + return + } + // Oneshot uploads assume all flushes succeed + + if finishWrite { + s.stream.CloseSend() + // Oneshot uploads only read from the response stream on completion or + // failure + obj, err = drainInboundStream(s.stream) + s.stream = nil + if err == io.EOF { + err = nil + } + } + return +} + +type gRPCResumableBidiWriteBufferSender struct { + queryRetry *retryConfig + upid string + progress func(int64) + raw *gapic.Client + forceFirstMessage bool + stream storagepb.Storage_BidiWriteObjectClient + flushOffset int64 + settings *settings +} + +func (w *gRPCWriter) newGRPCResumableBidiWriteBufferSender(ctx context.Context) (*gRPCResumableBidiWriteBufferSender, error) { + req := &storagepb.StartResumableWriteRequest{ + WriteObjectSpec: w.spec, + CommonObjectRequestParams: toProtoCommonObjectRequestParams(w.encryptionKey), + // TODO: Currently the checksums are only sent on the request to initialize + // the upload, but in the future, we must also support sending it + // on the *last* message of the stream. + ObjectChecksums: toProtoChecksums(w.sendCRC32C, w.attrs), + } + + var upid string + err := run(ctx, func(ctx context.Context) error { + upres, err := w.c.raw.StartResumableWrite(ctx, req, w.settings.gax...) + upid = upres.GetUploadId() + return err + }, w.settings.retry, w.settings.idempotent) + if err != nil { + return nil, err + } + + // Set up an initial connection for the 0 offset, so we don't query state + // unnecessarily for the first buffer. If we fail, we'll just retry in the + // normal connect path. + stream, err := w.c.raw.BidiWriteObject(ctx, w.settings.gax...) + if err != nil { + stream = nil + } + + return &gRPCResumableBidiWriteBufferSender{ + queryRetry: w.settings.retry, + upid: upid, + progress: w.progress, + raw: w.c.raw, + forceFirstMessage: true, + stream: stream, + settings: w.settings, + }, nil +} + +// queryProgress is a helper that queries the status of the resumable upload +// associated with the given upload ID. +func (s *gRPCResumableBidiWriteBufferSender) queryProgress(ctx context.Context) (int64, error) { + var persistedSize int64 + err := run(ctx, func(ctx context.Context) error { + q, err := s.raw.QueryWriteStatus(ctx, &storagepb.QueryWriteStatusRequest{ + UploadId: s.upid, + }, s.settings.gax...) + // q.GetPersistedSize() will return 0 if q is nil. + persistedSize = q.GetPersistedSize() + return err + }, s.queryRetry, true) + + return persistedSize, err +} + +func (s *gRPCResumableBidiWriteBufferSender) sendBuffer(ctx context.Context, buf []byte, offset int64, flush, finishWrite bool) (obj *storagepb.Object, err error) { + if s.stream == nil { + // Determine offset and reconnect + s.flushOffset, err = s.queryProgress(ctx) + if err != nil { + return + } + s.stream, err = s.raw.BidiWriteObject(ctx, s.settings.gax...) + if err != nil { + return + } + s.forceFirstMessage = true + } + + // clean up buf. We'll still write the message if a flush/finishWrite was + // requested. + if offset < s.flushOffset { + trim := s.flushOffset - offset + if int64(len(buf)) <= trim { + trim = int64(len(buf)) + } + buf = buf[trim:] + offset += trim + } + if len(buf) == 0 && !flush && !finishWrite { + // no need to send anything + return nil, nil + } + + req := bidiWriteObjectRequest(buf, offset, flush, finishWrite) + if s.forceFirstMessage { + req.FirstMessage = &storagepb.BidiWriteObjectRequest_UploadId{UploadId: s.upid} + s.forceFirstMessage = false + } + + sendErr := s.stream.Send(req) + if sendErr != nil { + obj, err = drainInboundStream(s.stream) + s.stream = nil + if err == io.EOF { + // This is unexpected - we got an error on Send(), but not on Recv(). + // Bubble up the sendErr. + err = sendErr + } + return + } + + if finishWrite { + s.stream.CloseSend() + obj, err = drainInboundStream(s.stream) + s.stream = nil + if err == io.EOF { + err = nil + if obj.GetSize() > s.flushOffset { + s.progress(obj.GetSize()) + } + } + return + } + + if flush { + resp, err := s.stream.Recv() + if err != nil { + return nil, err + } + persistedOffset := resp.GetPersistedSize() + if persistedOffset > s.flushOffset { + s.flushOffset = persistedOffset + s.progress(s.flushOffset) + } + } + return +} + +// uploadBuffer uploads the buffer at the given offset using a bi-directional +// Write stream. It will open a new stream if necessary (on the first call or +// after resuming from failure) and chunk the buffer per maxPerMessageWriteSize. +// The final Object is returned on success if doneReading is true. +// +// Returns object and any error that is not retriable. +func (w *gRPCWriter) uploadBuffer(ctx context.Context, recvd int, start int64, doneReading bool) (obj *storagepb.Object, err error) { + if w.streamSender == nil { + if w.append { + // Appendable object semantics + w.streamSender, err = w.newGRPCAppendableObjectBufferSender() + } else if doneReading || w.forceOneShot { + // One shot semantics + w.streamSender, err = w.newGRPCOneshotBidiWriteBufferSender() + } else { + // Resumable write semantics + w.streamSender, err = w.newGRPCResumableBidiWriteBufferSender(ctx) + } + if err != nil { + return + } + } + + data := w.buf[:recvd] + offset := start + // We want to go through this loop at least once, in case we have to + // finishWrite with an empty buffer. + for { + // Send as much as we can fit into a single gRPC message. Only flush once, + // when sending the very last message. + l := maxPerMessageWriteSize + flush := false + if len(data) <= l { + l = len(data) + flush = true + } + obj, err = w.streamSender.sendBuffer(ctx, data[:l], offset, flush, flush && doneReading) + if err != nil { + return nil, err + } + data = data[l:] + offset += int64(l) + if len(data) == 0 { + // Update object size to match persisted offset. + if obj != nil { + obj.Size = offset + } + break + } + } + return +} + +// read copies the data in the reader to the given buffer and reports how much +// data was read into the buffer and if there is no more data to read (EOF). +// read returns when either 1. the buffer is full, 2. Writer.Flush was called, +// or 3. Writer.Close was called. +func (w *gRPCWriter) read() (int, bool, error) { + // Set n to -1 to start the Read loop. + var n, recvd int = -1, 0 + var err error + for err == nil && n != 0 { + // The routine blocks here until data is received. + n, err = w.reader.Read(w.buf[recvd:]) + recvd += n + } + var done bool + if err == io.EOF { + err = nil + // EOF can come from Writer.Flush or Writer.Close. + if w.flushInProgress { + // Reset pipe for additional writes after the flush. + pr, pw := io.Pipe() + w.reader = pr + w.pw = pw + w.setPipeWriter(pw) + } else { + done = true + } + } + return recvd, done, err +} + +// flush flushes the current buffer regardless of whether it is full or not. +// It's the implementation for Writer.Flush. +func (w *gRPCWriter) flush() (int64, error) { + if !w.append { + return 0, errors.New("Flush is supported only if Writer.Append is set to true") + } + + // Close PipeWriter to trigger EOF on read side of the stream. + w.flushInProgress = true + w.pw.Close() + + // Wait for flush to complete + result := <-w.flushComplete + return result.offset, result.err +} + +func checkCanceled(err error) error { + if status.Code(err) == codes.Canceled { + return context.Canceled + } + + return err +} type gRPCAppendBidiWriteBufferSender struct { bucket string @@ -40,9 +669,13 @@ type gRPCAppendBidiWriteBufferSender struct { firstMessage *storagepb.BidiWriteObjectRequest objectChecksums *storagepb.ObjectChecksums + finalizeOnClose bool + forceFirstMessage bool progress func(int64) flushOffset int64 + takeoverOffset int64 + objResource *storagepb.Object // Captures received obj to set w.Attrs. // Fields used to report responses from the receive side of the stream // recvs is closed when the current recv goroutine is complete. recvErr is set @@ -51,11 +684,12 @@ type gRPCAppendBidiWriteBufferSender struct { recvErr error } -func (w *gRPCWriter) newGRPCAppendBidiWriteBufferSender() (*gRPCAppendBidiWriteBufferSender, error) { +// Use for a newly created appendable object. +func (w *gRPCWriter) newGRPCAppendableObjectBufferSender() (*gRPCAppendBidiWriteBufferSender, error) { s := &gRPCAppendBidiWriteBufferSender{ bucket: w.spec.GetResource().GetBucket(), raw: w.c.raw, - settings: w.c.settings, + settings: w.settings, firstMessage: &storagepb.BidiWriteObjectRequest{ FirstMessage: &storagepb.BidiWriteObjectRequest_WriteObjectSpec{ WriteObjectSpec: w.spec, @@ -63,12 +697,51 @@ func (w *gRPCWriter) newGRPCAppendBidiWriteBufferSender() (*gRPCAppendBidiWriteB CommonObjectRequestParams: toProtoCommonObjectRequestParams(w.encryptionKey), }, objectChecksums: toProtoChecksums(w.sendCRC32C, w.attrs), + finalizeOnClose: w.finalizeOnClose, forceFirstMessage: true, progress: w.progress, } return s, nil } +// Use for a takeover of an appendable object. +// Unlike newGRPCAppendableObjectBufferSender, this blocks until the stream is +// open because it needs to get the append offset from the server. +func (w *gRPCWriter) newGRPCAppendTakeoverWriteBufferSender(ctx context.Context) (*gRPCAppendBidiWriteBufferSender, error) { + s := &gRPCAppendBidiWriteBufferSender{ + bucket: w.spec.GetResource().GetBucket(), + raw: w.c.raw, + settings: w.settings, + firstMessage: &storagepb.BidiWriteObjectRequest{ + FirstMessage: &storagepb.BidiWriteObjectRequest_AppendObjectSpec{ + AppendObjectSpec: w.appendSpec, + }, + }, + objectChecksums: toProtoChecksums(w.sendCRC32C, w.attrs), + finalizeOnClose: w.finalizeOnClose, + forceFirstMessage: true, + progress: w.progress, + } + if err := s.connect(ctx); err != nil { + return nil, fmt.Errorf("storage: opening appendable write stream: %w", err) + } + _, err := s.sendOnConnectedStream(nil, 0, false, false, true) + if err != nil { + return nil, err + } + firstResp := <-s.recvs + // Check recvErr after getting the response. + if s.recvErr != nil { + return nil, s.recvErr + } + + // Object resource is returned in the first response on takeover, so capture + // this now. + s.objResource = firstResp.GetResource() + s.takeoverOffset = firstResp.GetResource().GetSize() + return s, nil +} + func (s *gRPCAppendBidiWriteBufferSender) connect(ctx context.Context) (err error) { err = func() error { // If this is a forced first message, we've already determined it's safe to @@ -83,6 +756,14 @@ func (s *gRPCAppendBidiWriteBufferSender) connect(ctx context.Context) (err erro if s.firstMessage.GetAppendObjectSpec().GetWriteHandle() != nil { return nil } + // Also always okay to reconnect if there is a generation. + if s.firstMessage.GetAppendObjectSpec().GetGeneration() != 0 { + return nil + } + // Also always ok to reconnect if we've seen a redirect token + if s.routingToken != nil { + return nil + } // We can also reconnect if the first message has an if_generation_match or // if_metageneration_match condition. Note that negative conditions like @@ -165,7 +846,7 @@ func (s *gRPCAppendBidiWriteBufferSender) maybeUpdateFirstMessage(resp *storagep type bidiWriteObjectRedirectionError struct{} func (e bidiWriteObjectRedirectionError) Error() string { - return "BidiWriteObjectRedirectedError" + return "" } func (s *gRPCAppendBidiWriteBufferSender) handleRedirectionError(e *storagepb.BidiWriteObjectRedirectedError) bool { @@ -210,10 +891,10 @@ func (s *gRPCAppendBidiWriteBufferSender) receiveMessages(resps chan<- *storagep if st, ok := status.FromError(err); ok && st.Code() == codes.Aborted { for _, d := range st.Details() { if e, ok := d.(*storagepb.BidiWriteObjectRedirectedError); ok { - // If we can handle this error, replace it with the sentinel. Otherwise, - // report it to the user. + // If we can handle this error, wrap it with the sentinel so it gets + // retried. if ok := s.handleRedirectionError(e); ok { - err = bidiWriteObjectRedirectionError{} + err = fmt.Errorf("%w%w", bidiWriteObjectRedirectionError{}, err) } } } @@ -226,9 +907,16 @@ func (s *gRPCAppendBidiWriteBufferSender) receiveMessages(resps chan<- *storagep } func (s *gRPCAppendBidiWriteBufferSender) sendOnConnectedStream(buf []byte, offset int64, flush, finishWrite, sendFirstMessage bool) (obj *storagepb.Object, err error) { - req := bidiWriteObjectRequest(buf, offset, flush, finishWrite) + var req *storagepb.BidiWriteObjectRequest + finalizeObject := finishWrite && s.finalizeOnClose if finishWrite { - // appendable objects pass checksums on the last message only + // Always flush when finishing the Write, even if not finalizing. + req = bidiWriteObjectRequest(buf, offset, true, finalizeObject) + } else { + req = bidiWriteObjectRequest(buf, offset, flush, false) + } + if finalizeObject { + // appendable objects pass checksums on the finalize message only req.ObjectChecksums = s.objectChecksums } if sendFirstMessage { @@ -245,6 +933,12 @@ func (s *gRPCAppendBidiWriteBufferSender) sendOnConnectedStream(buf []byte, offs if resp.GetResource() != nil { obj = resp.GetResource() } + // When closing the stream, update the object resource to reflect + // the persisted size. We get a new object from the stream if + // the object was finalized, but not if it's unfinalized. + if s.objResource != nil && resp.GetPersistedSize() > 0 { + s.objResource.Size = resp.GetPersistedSize() + } } if s.recvErr != io.EOF { return nil, s.recvErr @@ -260,7 +954,10 @@ func (s *gRPCAppendBidiWriteBufferSender) sendOnConnectedStream(buf []byte, offs // We don't necessarily expect multiple responses for a single flush, but // this allows the server to send multiple responses if it wants to. flushOffset := s.flushOffset - for flushOffset < offset+int64(len(buf)) { + + // Await a response on the stream. Loop at least once or until the + // persisted offset matches the flush offset. + for { resp, ok := <-s.recvs if !ok { return nil, s.recvErr @@ -273,13 +970,20 @@ func (s *gRPCAppendBidiWriteBufferSender) sendOnConnectedStream(buf []byte, offs if flushOffset < rSize { flushOffset = rSize } + // On the first flush, we expect to get an object resource back and + // should return it. + if resp.GetResource() != nil { + obj = resp.GetResource() + } + if flushOffset <= offset+int64(len(buf)) { + break + } } if s.flushOffset < flushOffset { s.flushOffset = flushOffset s.progress(s.flushOffset) } } - return } @@ -294,6 +998,9 @@ func (s *gRPCAppendBidiWriteBufferSender) sendBuffer(ctx context.Context, buf [] } obj, err = s.sendOnConnectedStream(buf, offset, flush, finishWrite, sendFirstMessage) + if obj != nil { + s.objResource = obj + } if err == nil { return } @@ -305,13 +1012,6 @@ func (s *gRPCAppendBidiWriteBufferSender) sendBuffer(ctx context.Context, buf [] err = s.recvErr } s.stream = nil - - // Retry transparently on a redirection error - if _, ok := err.(bidiWriteObjectRedirectionError); ok { - s.forceFirstMessage = true - continue - } - return } } diff --git a/vendor/cloud.google.com/go/storage/http_client.go b/vendor/cloud.google.com/go/storage/http_client.go index 46f34769d..eafa1a3b1 100644 --- a/vendor/cloud.google.com/go/storage/http_client.go +++ b/vendor/cloud.google.com/go/storage/http_client.go @@ -21,7 +21,6 @@ import ( "fmt" "hash/crc32" "io" - "io/ioutil" "log" "net/http" "net/url" @@ -34,6 +33,7 @@ import ( "cloud.google.com/go/iam/apiv1/iampb" "cloud.google.com/go/internal/optional" "cloud.google.com/go/internal/trace" + "github.com/google/uuid" "github.com/googleapis/gax-go/v2/callctx" "golang.org/x/oauth2/google" "google.golang.org/api/googleapi" @@ -857,6 +857,7 @@ func (c *httpStorageClient) NewRangeReader(ctx context.Context, params *newRange } func (c *httpStorageClient) newRangeReaderXML(ctx context.Context, params *newRangeReaderParams, s *settings) (r *Reader, err error) { + requestID := uuid.New() u := &url.URL{ Scheme: c.scheme, Host: c.xmlHost, @@ -914,7 +915,7 @@ func (c *httpStorageClient) newRangeReaderXML(ctx context.Context, params *newRa timer := time.After(stallTimeout) select { case <-timer: - log.Printf("stalled read-req (%p) cancelled after %fs", req, stallTimeout.Seconds()) + log.Printf("[%s] stalled read-req cancelled after %fs", requestID, stallTimeout.Seconds()) cancel() <-done if res != nil && res.Body != nil { @@ -1426,7 +1427,7 @@ func readerReopen(ctx context.Context, header http.Header, params *newRangeReade // https://cloud.google.com/storage/docs/transcoding#range, // thus we have to manually move the body forward by seen bytes. if decompressiveTranscoding(res) && seen > 0 { - _, _ = io.CopyN(ioutil.Discard, res.Body, seen) + _, _ = io.CopyN(io.Discard, res.Body, seen) } // If a generation hasn't been specified, and this is the first response we get, let's record the diff --git a/vendor/cloud.google.com/go/storage/internal/version.go b/vendor/cloud.google.com/go/storage/internal/version.go index 6e2e4fcde..215f04cde 100644 --- a/vendor/cloud.google.com/go/storage/internal/version.go +++ b/vendor/cloud.google.com/go/storage/internal/version.go @@ -15,4 +15,4 @@ package internal // Version is the current tagged release of the library. -const Version = "1.51.0" +const Version = "1.53.0" diff --git a/vendor/cloud.google.com/go/storage/invoke.go b/vendor/cloud.google.com/go/storage/invoke.go index 34b676c5f..609d01223 100644 --- a/vendor/cloud.google.com/go/storage/invoke.go +++ b/vendor/cloud.google.com/go/storage/invoke.go @@ -53,6 +53,13 @@ var ( }) ) +func (r *retryConfig) runShouldRetry(err error) bool { + if r == nil || r.shouldRetry == nil { + return ShouldRetry(err) + } + return r.shouldRetry(err) +} + // run determines whether a retry is necessary based on the config and // idempotency information. It then calls the function with or without retries // as appropriate, using the configured settings. @@ -73,10 +80,6 @@ func run(ctx context.Context, call func(ctx context.Context) error, retry *retry bo.Initial = retry.backoff.Initial bo.Max = retry.backoff.Max } - var errorFunc func(err error) bool = ShouldRetry - if retry.shouldRetry != nil { - errorFunc = retry.shouldRetry - } var quitAfterTimer *time.Timer if retry.maxRetryDuration != 0 { @@ -103,7 +106,7 @@ func run(ctx context.Context, call func(ctx context.Context) error, retry *retry return true, fmt.Errorf("storage: retry failed after %v attempts; last error: %w", *retry.maxAttempts, lastErr) } attempts++ - retryable := errorFunc(lastErr) + retryable := retry.runShouldRetry(lastErr) // Explicitly check context cancellation so that we can distinguish between a // DEADLINE_EXCEEDED error from the server and a user-set context deadline. // Unfortunately gRPC will codes.DeadlineExceeded (which may be retryable if it's diff --git a/vendor/cloud.google.com/go/storage/reader.go b/vendor/cloud.google.com/go/storage/reader.go index 634abbeef..e1a8b9b67 100644 --- a/vendor/cloud.google.com/go/storage/reader.go +++ b/vendor/cloud.google.com/go/storage/reader.go @@ -161,7 +161,8 @@ func (o *ObjectHandle) NewRangeReader(ctx context.Context, offset, length int64) // Must be called on a gRPC client created using [NewGRPCClient]. // // This uses the gRPC-specific bi-directional read API, which is in private -// preview; please contact your account manager if interested. +// preview; please contact your account manager if interested. The option +// [experimental.WithGRPCBidiReads] must be selected in order to use this API. func (o *ObjectHandle) NewMultiRangeDownloader(ctx context.Context) (mrd *MultiRangeDownloader, err error) { // This span covers the life of the reader. It is closed via the context // in Reader.Close. @@ -393,6 +394,7 @@ type multiRangeDownloader interface { wait() close() error getHandle() []byte + error() error } // Add adds a new range to MultiRangeDownloader. @@ -443,3 +445,10 @@ func (mrd *MultiRangeDownloader) Wait() { func (mrd *MultiRangeDownloader) GetHandle() []byte { return mrd.reader.getHandle() } + +// Error returns an error if the MultiRangeDownloader is in a permanent failure +// state. It returns a nil error if the MultiRangeDownloader is open and can be +// used. +func (mrd *MultiRangeDownloader) Error() error { + return mrd.reader.error() +} diff --git a/vendor/cloud.google.com/go/storage/storage.go b/vendor/cloud.google.com/go/storage/storage.go index c6f18c63f..a820666a4 100644 --- a/vendor/cloud.google.com/go/storage/storage.go +++ b/vendor/cloud.google.com/go/storage/storage.go @@ -1241,6 +1241,83 @@ func (o *ObjectHandle) NewWriter(ctx context.Context) *Writer { } } +// NewWriterFromAppendableObject opens a new Writer to an object which has been +// partially flushed to GCS, but not finalized. It returns the Writer as well +// as the current end offset of the object. All bytes written will be appended +// continuing from the offset. +// +// Generation must be set on the ObjectHandle or an error will be returned. +// +// Writer fields such as ChunkSize or ChunkRetryDuration can be set only +// by setting the equivalent field in [AppendableWriterOpts]. Attributes set +// on the returned Writer will not be honored since the stream to GCS has +// already been opened. Some fields such as ObjectAttrs and checksums cannot +// be set on a takeover for append. +// +// It is the caller's responsibility to call Close when writing is complete to +// close the stream. +// Calling Close or Flush is necessary to sync any data in the pipe to GCS. +// +// The returned Writer is not safe to use across multiple go routines. In +// addition, if you attempt to append to the same object from multiple +// Writers at the same time, an error will be returned on Flush or Close. +// +// NewWriterFromAppendableObject is supported only for gRPC clients and only for +// objects which were created append semantics and not finalized. +// This feature is in preview and is not yet available for general use. +func (o *ObjectHandle) NewWriterFromAppendableObject(ctx context.Context, opts *AppendableWriterOpts) (*Writer, int64, error) { + ctx = trace.StartSpan(ctx, "cloud.google.com/go/storage.Object.Writer") + if o.gen < 0 { + return nil, 0, errors.New("storage: ObjectHandle.Generation must be set to use NewWriterFromAppendableObject") + } + w := &Writer{ + ctx: ctx, + o: o, + donec: make(chan struct{}), + ObjectAttrs: ObjectAttrs{Name: o.object}, + Append: true, + } + opts.apply(w) + if w.ChunkSize == 0 { + w.ChunkSize = googleapi.DefaultUploadChunkSize + } + err := w.openWriter() + if err != nil { + return nil, 0, err + } + return w, w.takeoverOffset, nil +} + +// AppendableWriterOpts provides options to set on a Writer initialized +// by [NewWriterFromAppendableObject]. Writer options must be set via this +// struct rather than being modified on the returned Writer. All Writer +// fields not present in this struct cannot be set when taking over an +// appendable object. +// +// AppendableWriterOpts is supported only for gRPC clients and only for +// objects which were created append semantics and not finalized. +// This feature is in preview and is not yet available for general use. +type AppendableWriterOpts struct { + // ChunkSize: See Writer.ChunkSize. + ChunkSize int + // ChunkRetryDeadline: See Writer.ChunkRetryDeadline. + ChunkRetryDeadline time.Duration + // ProgressFunc: See Writer.ProgressFunc. + ProgressFunc func(int64) + // FinalizeOnClose: See Writer.FinalizeOnClose. + FinalizeOnClose bool +} + +func (opts *AppendableWriterOpts) apply(w *Writer) { + if opts == nil { + return + } + w.ChunkRetryDeadline = opts.ChunkRetryDeadline + w.ProgressFunc = opts.ProgressFunc + w.ChunkSize = opts.ChunkSize + w.FinalizeOnClose = opts.FinalizeOnClose +} + func (o *ObjectHandle) validate() error { if o.bucket == "" { return errors.New("storage: bucket name is empty") diff --git a/vendor/cloud.google.com/go/storage/writer.go b/vendor/cloud.google.com/go/storage/writer.go index 5778a263b..d43f28d28 100644 --- a/vendor/cloud.google.com/go/storage/writer.go +++ b/vendor/cloud.google.com/go/storage/writer.go @@ -107,12 +107,25 @@ type Writer struct { // Append is a parameter to indicate whether the writer should use appendable // object semantics for the new object generation. Appendable objects are // visible on the first Write() call, and can be appended to until they are - // finalized. The object is finalized on a call to Close(). + // finalized. If Writer.FinalizeOnClose is set to true, the object is finalized + // when Writer.Close() is called; otherwise, the object is left unfinalized + // and can be appended to later. // // Append is only supported for gRPC. This feature is in preview and is not // yet available for general use. Append bool + // FinalizeOnClose indicates whether the Writer should finalize an object when + // closing the write stream. This only applies to Writers where Append is + // true, since append semantics allow a prefix of the object to be durable and + // readable. By default, objects written with Append semantics will not be + // finalized, which means they can be appended to later. If Append is set + // to false, this parameter will be ignored; non-appendable objects will + // always be finalized when Writer.Close returns without error. + // + // This feature is in preview and is not yet available for general use. + FinalizeOnClose bool + // ProgressFunc can be used to monitor the progress of a large write // operation. If ProgressFunc is not nil and writing requires multiple // calls to the underlying service (see @@ -133,9 +146,10 @@ type Writer struct { donec chan struct{} // closed after err and obj are set. obj *ObjectAttrs - mu sync.Mutex - err error - flush func() (int64, error) + mu sync.Mutex + err error + flush func() (int64, error) + takeoverOffset int64 // offset from which the writer started appending to the object. } // Write appends to w. It implements the io.Writer interface. @@ -186,6 +200,9 @@ func (w *Writer) Write(p []byte) (n int, err error) { // Do not call Flush concurrently with Write or Close. A single Writer is not // safe for unsynchronized use across threads. // +// Note that calling Flush very early (before 512 bytes) may interfere with +// automatic content sniffing in the Writer. +// // Flush is supported only on gRPC clients where [Writer.Append] is set // to true. This feature is in preview and is not yet available for general use. func (w *Writer) Flush() (int64, error) { @@ -207,8 +224,10 @@ func (w *Writer) Flush() (int64, error) { // at zero bytes. This will make the object visible with zero length data. if !w.opened { err := w.openWriter() + if err != nil { + return 0, err + } w.progress(0) - return 0, err } return w.flush() @@ -241,29 +260,37 @@ func (w *Writer) openWriter() (err error) { if err := w.validateWriteAttrs(); err != nil { return err } - if w.o.gen != defaultGen { - return fmt.Errorf("storage: generation not supported on Writer, got %v", w.o.gen) + if w.o.gen != defaultGen && !w.Append { + return fmt.Errorf("storage: generation supported on Writer for appendable objects only, got %v", w.o.gen) } isIdempotent := w.o.conds != nil && (w.o.conds.GenerationMatch >= 0 || w.o.conds.DoesNotExist) opts := makeStorageOpts(isIdempotent, w.o.retry, w.o.userProject) params := &openWriterParams{ - ctx: w.ctx, - chunkSize: w.ChunkSize, - chunkRetryDeadline: w.ChunkRetryDeadline, - chunkTransferTimeout: w.ChunkTransferTimeout, - bucket: w.o.bucket, - attrs: &w.ObjectAttrs, - conds: w.o.conds, - encryptionKey: w.o.encryptionKey, - sendCRC32C: w.SendCRC32C, - append: w.Append, - donec: w.donec, - setError: w.error, - progress: w.progress, - setObj: func(o *ObjectAttrs) { w.obj = o }, - setFlush: func(f func() (int64, error)) { w.flush = f }, + ctx: w.ctx, + chunkSize: w.ChunkSize, + chunkRetryDeadline: w.ChunkRetryDeadline, + chunkTransferTimeout: w.ChunkTransferTimeout, + bucket: w.o.bucket, + attrs: &w.ObjectAttrs, + conds: w.o.conds, + appendGen: w.o.gen, + encryptionKey: w.o.encryptionKey, + sendCRC32C: w.SendCRC32C, + append: w.Append, + finalizeOnClose: w.FinalizeOnClose, + donec: w.donec, + setError: w.error, + progress: w.progress, + setObj: func(o *ObjectAttrs) { w.obj = o }, + setFlush: func(f func() (int64, error)) { w.flush = f }, + setSize: func(n int64) { + if w.obj != nil { + w.obj.Size = n + } + }, setPipeWriter: func(pw *io.PipeWriter) { w.pw = pw }, + setTakeoverOffset: func(n int64) { w.takeoverOffset = n }, forceEmptyContentType: w.ForceEmptyContentType, } if err := w.ctx.Err(); err != nil { diff --git a/vendor/github.com/99designs/gqlgen/complexity/complexity.go b/vendor/github.com/99designs/gqlgen/complexity/complexity.go index 288bb539b..3e88413ad 100644 --- a/vendor/github.com/99designs/gqlgen/complexity/complexity.go +++ b/vendor/github.com/99designs/gqlgen/complexity/complexity.go @@ -1,18 +1,20 @@ package complexity import ( + "context" + "github.com/vektah/gqlparser/v2/ast" "github.com/99designs/gqlgen/graphql" ) -func Calculate(es graphql.ExecutableSchema, op *ast.OperationDefinition, vars map[string]any) int { +func Calculate(ctx context.Context, es graphql.ExecutableSchema, op *ast.OperationDefinition, vars map[string]any) int { walker := complexityWalker{ es: es, schema: es.Schema(), vars: vars, } - return walker.selectionSetComplexity(op.SelectionSet) + return walker.selectionSetComplexity(ctx, op.SelectionSet) } type complexityWalker struct { @@ -21,7 +23,7 @@ type complexityWalker struct { vars map[string]any } -func (cw complexityWalker) selectionSetComplexity(selectionSet ast.SelectionSet) int { +func (cw complexityWalker) selectionSetComplexity(ctx context.Context, selectionSet ast.SelectionSet) int { var complexity int for _, selection := range selectionSet { switch s := selection.(type) { @@ -35,35 +37,35 @@ func (cw complexityWalker) selectionSetComplexity(selectionSet ast.SelectionSet) var childComplexity int switch fieldDefinition.Kind { case ast.Object, ast.Interface, ast.Union: - childComplexity = cw.selectionSetComplexity(s.SelectionSet) + childComplexity = cw.selectionSetComplexity(ctx, s.SelectionSet) } args := s.ArgumentMap(cw.vars) var fieldComplexity int if s.ObjectDefinition.Kind == ast.Interface { - fieldComplexity = cw.interfaceFieldComplexity(s.ObjectDefinition, s.Name, childComplexity, args) + fieldComplexity = cw.interfaceFieldComplexity(ctx, s.ObjectDefinition, s.Name, childComplexity, args) } else { - fieldComplexity = cw.fieldComplexity(s.ObjectDefinition.Name, s.Name, childComplexity, args) + fieldComplexity = cw.fieldComplexity(ctx, s.ObjectDefinition.Name, s.Name, childComplexity, args) } complexity = safeAdd(complexity, fieldComplexity) case *ast.FragmentSpread: - complexity = safeAdd(complexity, cw.selectionSetComplexity(s.Definition.SelectionSet)) + complexity = safeAdd(complexity, cw.selectionSetComplexity(ctx, s.Definition.SelectionSet)) case *ast.InlineFragment: - complexity = safeAdd(complexity, cw.selectionSetComplexity(s.SelectionSet)) + complexity = safeAdd(complexity, cw.selectionSetComplexity(ctx, s.SelectionSet)) } } return complexity } -func (cw complexityWalker) interfaceFieldComplexity(def *ast.Definition, field string, childComplexity int, args map[string]any) int { +func (cw complexityWalker) interfaceFieldComplexity(ctx context.Context, def *ast.Definition, field string, childComplexity int, args map[string]any) int { // Interfaces don't have their own separate field costs, so they have to assume the worst case. // We iterate over all implementors and choose the most expensive one. maxComplexity := 0 implementors := cw.schema.GetPossibleTypes(def) for _, t := range implementors { - fieldComplexity := cw.fieldComplexity(t.Name, field, childComplexity, args) + fieldComplexity := cw.fieldComplexity(ctx, t.Name, field, childComplexity, args) if fieldComplexity > maxComplexity { maxComplexity = fieldComplexity } @@ -71,8 +73,8 @@ func (cw complexityWalker) interfaceFieldComplexity(def *ast.Definition, field s return maxComplexity } -func (cw complexityWalker) fieldComplexity(object, field string, childComplexity int, args map[string]any) int { - if customComplexity, ok := cw.es.Complexity(object, field, childComplexity, args); ok && customComplexity >= childComplexity { +func (cw complexityWalker) fieldComplexity(ctx context.Context, object, field string, childComplexity int, args map[string]any) int { + if customComplexity, ok := cw.es.Complexity(ctx, object, field, childComplexity, args); ok && customComplexity >= childComplexity { return customComplexity } // default complexity calculation diff --git a/vendor/github.com/99designs/gqlgen/graphql/executable_schema.go b/vendor/github.com/99designs/gqlgen/graphql/executable_schema.go index 03d25aabc..89d64dc56 100644 --- a/vendor/github.com/99designs/gqlgen/graphql/executable_schema.go +++ b/vendor/github.com/99designs/gqlgen/graphql/executable_schema.go @@ -12,7 +12,7 @@ import ( type ExecutableSchema interface { Schema() *ast.Schema - Complexity(typeName, fieldName string, childComplexity int, args map[string]any) (int, bool) + Complexity(ctx context.Context, typeName, fieldName string, childComplexity int, args map[string]any) (int, bool) Exec(ctx context.Context) ResponseHandler } diff --git a/vendor/github.com/99designs/gqlgen/graphql/executable_schema_mock.go b/vendor/github.com/99designs/gqlgen/graphql/executable_schema_mock.go index c4c411897..90bdc9b3b 100644 --- a/vendor/github.com/99designs/gqlgen/graphql/executable_schema_mock.go +++ b/vendor/github.com/99designs/gqlgen/graphql/executable_schema_mock.go @@ -19,7 +19,7 @@ var _ ExecutableSchema = &ExecutableSchemaMock{} // // // make and configure a mocked ExecutableSchema // mockedExecutableSchema := &ExecutableSchemaMock{ -// ComplexityFunc: func(typeName string, fieldName string, childComplexity int, args map[string]any) (int, bool) { +// ComplexityFunc: func(ctx context.Context, typeName string, fieldName string, childComplexity int, args map[string]any) (int, bool) { // panic("mock out the Complexity method") // }, // ExecFunc: func(ctx context.Context) ResponseHandler { @@ -36,7 +36,7 @@ var _ ExecutableSchema = &ExecutableSchemaMock{} // } type ExecutableSchemaMock struct { // ComplexityFunc mocks the Complexity method. - ComplexityFunc func(typeName string, fieldName string, childComplexity int, args map[string]any) (int, bool) + ComplexityFunc func(ctx context.Context, typeName string, fieldName string, childComplexity int, args map[string]any) (int, bool) // ExecFunc mocks the Exec method. ExecFunc func(ctx context.Context) ResponseHandler @@ -48,6 +48,8 @@ type ExecutableSchemaMock struct { calls struct { // Complexity holds details about calls to the Complexity method. Complexity []struct { + // Ctx is the ctx argument value. + Ctx context.Context // TypeName is the typeName argument value. TypeName string // FieldName is the fieldName argument value. @@ -72,16 +74,18 @@ type ExecutableSchemaMock struct { } // Complexity calls ComplexityFunc. -func (mock *ExecutableSchemaMock) Complexity(typeName string, fieldName string, childComplexity int, args map[string]any) (int, bool) { +func (mock *ExecutableSchemaMock) Complexity(ctx context.Context, typeName string, fieldName string, childComplexity int, args map[string]any) (int, bool) { if mock.ComplexityFunc == nil { panic("ExecutableSchemaMock.ComplexityFunc: method is nil but ExecutableSchema.Complexity was just called") } callInfo := struct { + Ctx context.Context TypeName string FieldName string ChildComplexity int Args map[string]any }{ + Ctx: ctx, TypeName: typeName, FieldName: fieldName, ChildComplexity: childComplexity, @@ -90,7 +94,7 @@ func (mock *ExecutableSchemaMock) Complexity(typeName string, fieldName string, mock.lockComplexity.Lock() mock.calls.Complexity = append(mock.calls.Complexity, callInfo) mock.lockComplexity.Unlock() - return mock.ComplexityFunc(typeName, fieldName, childComplexity, args) + return mock.ComplexityFunc(ctx, typeName, fieldName, childComplexity, args) } // ComplexityCalls gets all the calls that were made to Complexity. @@ -98,12 +102,14 @@ func (mock *ExecutableSchemaMock) Complexity(typeName string, fieldName string, // // len(mockedExecutableSchema.ComplexityCalls()) func (mock *ExecutableSchemaMock) ComplexityCalls() []struct { + Ctx context.Context TypeName string FieldName string ChildComplexity int Args map[string]any } { var calls []struct { + Ctx context.Context TypeName string FieldName string ChildComplexity int diff --git a/vendor/github.com/99designs/gqlgen/graphql/handler/extension/complexity.go b/vendor/github.com/99designs/gqlgen/graphql/handler/extension/complexity.go index 3684f0786..b24494a7c 100644 --- a/vendor/github.com/99designs/gqlgen/graphql/handler/extension/complexity.go +++ b/vendor/github.com/99designs/gqlgen/graphql/handler/extension/complexity.go @@ -60,7 +60,7 @@ func (c *ComplexityLimit) Validate(schema graphql.ExecutableSchema) error { func (c ComplexityLimit) MutateOperationContext(ctx context.Context, opCtx *graphql.OperationContext) *gqlerror.Error { op := opCtx.Doc.Operations.ForName(opCtx.OperationName) - complexityCalcs := complexity.Calculate(c.es, op, opCtx.Variables) + complexityCalcs := complexity.Calculate(ctx, c.es, op, opCtx.Variables) limit := c.Func(ctx, opCtx) diff --git a/vendor/github.com/99designs/gqlgen/graphql/omittable.go b/vendor/github.com/99designs/gqlgen/graphql/omittable.go index 89716400b..58c21c8c5 100644 --- a/vendor/github.com/99designs/gqlgen/graphql/omittable.go +++ b/vendor/github.com/99designs/gqlgen/graphql/omittable.go @@ -1,6 +1,10 @@ package graphql -import "encoding/json" +import ( + "context" + "encoding/json" + "io" +) // Omittable is a wrapper around a value that also stores whether it is set // or not. @@ -41,11 +45,23 @@ func (o Omittable[T]) IsSet() bool { return o.set } +// IsZero returns true then json.Marshal will omit this value. +// > The "omitzero" option specifies that the field should be omitted from the encoding if the field has a zero value, according to rules: +// > 1) If the field type has an "IsZero() bool" method, that will be used to determine whether the value is zero. +// > 2) Otherwise, the value is zero if it is the zero value for its type. +// https://pkg.go.dev/encoding/json#Marshal +func (o Omittable[T]) IsZero() bool { + return !o.set +} + func (o Omittable[T]) MarshalJSON() ([]byte, error) { + var value any = o.value if !o.set { - return []byte("null"), nil + var zero T + value = zero } - return json.Marshal(o.value) + + return json.Marshal(value) } func (o *Omittable[T]) UnmarshalJSON(bytes []byte) error { @@ -56,3 +72,81 @@ func (o *Omittable[T]) UnmarshalJSON(bytes []byte) error { o.set = true return nil } + +func (o Omittable[T]) MarshalGQL(w io.Writer) { + var value any = o.value + if !o.set { + var zero T + value = zero + } + + switch marshaler := value.(type) { + case Marshaler: + marshaler.MarshalGQL(w) + case ContextMarshaler: + _ = marshaler.MarshalGQLContext(context.Background(), w) + default: + b, _ := json.Marshal(value) + w.Write(b) + } +} + +func (o *Omittable[T]) UnmarshalGQL(bytes []byte) error { + switch unmarshaler := any(o.value).(type) { + case Unmarshaler: + if err := unmarshaler.UnmarshalGQL(bytes); err != nil { + return err + } + o.set = true + case ContextUnmarshaler: + if err := unmarshaler.UnmarshalGQLContext(context.Background(), bytes); err != nil { + return err + } + o.set = true + default: + if err := json.Unmarshal(bytes, &o.value); err != nil { + return err + } + o.set = true + } + return nil +} + +func (o Omittable[T]) MarshalGQLContext(ctx context.Context, w io.Writer) { + var value any = o.value + if !o.set { + var zero T + value = zero + } + + switch marshaler := value.(type) { + case ContextMarshaler: + _ = marshaler.MarshalGQLContext(ctx, w) + case Marshaler: + marshaler.MarshalGQL(w) + default: + b, _ := json.Marshal(value) + w.Write(b) + } +} + +func (o *Omittable[T]) UnmarshalGQLContext(ctx context.Context, bytes []byte) error { + switch unmarshaler := any(o.value).(type) { + case ContextUnmarshaler: + if err := unmarshaler.UnmarshalGQLContext(ctx, bytes); err != nil { + return err + } + o.set = true + case Unmarshaler: + if err := unmarshaler.UnmarshalGQL(bytes); err != nil { + return err + } + o.set = true + default: + if err := json.Unmarshal(bytes, &o.value); err != nil { + return err + } + o.set = true + } + return nil +} diff --git a/vendor/github.com/99designs/gqlgen/graphql/version.go b/vendor/github.com/99designs/gqlgen/graphql/version.go index 4373df3ba..821a51261 100644 --- a/vendor/github.com/99designs/gqlgen/graphql/version.go +++ b/vendor/github.com/99designs/gqlgen/graphql/version.go @@ -1,3 +1,3 @@ package graphql -const Version = "v0.17.70" +const Version = "v0.17.73" diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/aead_config.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/aead_config.go index fec41a0e7..ef100d372 100644 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/aead_config.go +++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/aead_config.go @@ -37,7 +37,7 @@ func (conf *AEADConfig) Mode() AEADMode { // ChunkSizeByte returns the byte indicating the chunk size. The effective // chunk size is computed with the formula uint64(1) << (chunkSizeByte + 6) -// limit to 16 = 4 MiB +// limit chunkSizeByte to 16 which equals to 2^22 = 4 MiB // https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#section-5.13.2 func (conf *AEADConfig) ChunkSizeByte() byte { if conf == nil || conf.ChunkSize == 0 { @@ -49,8 +49,8 @@ func (conf *AEADConfig) ChunkSizeByte() byte { switch { case exponent < 6: exponent = 6 - case exponent > 16: - exponent = 16 + case exponent > 22: + exponent = 22 } return byte(exponent - 6) diff --git a/vendor/github.com/Yamashou/gqlgenc/clientv2/client.go b/vendor/github.com/Yamashou/gqlgenc/clientv2/client.go index 245918369..6e9c714c3 100644 --- a/vendor/github.com/Yamashou/gqlgenc/clientv2/client.go +++ b/vendor/github.com/Yamashou/gqlgenc/clientv2/client.go @@ -12,6 +12,7 @@ import ( "mime/multipart" "net/http" "reflect" + "slices" "strconv" "strings" @@ -462,84 +463,41 @@ func (c *Client) unmarshal(data []byte, res any) error { return err } -// contextKey is a type for context keys -type contextKey string - -const ( - // EnableInputJsonOmitemptyTagKey is a context key for EnableInputJsonOmitemptyTag - EnableInputJsonOmitemptyTagKey contextKey = "enable_input_json_omitempty_tag" -) - -// WithEnableInputJsonOmitemptyTag returns a new context with EnableInputJsonOmitemptyTag value -func WithEnableInputJsonOmitemptyTag(ctx context.Context, enable bool) context.Context { - return context.WithValue(ctx, EnableInputJsonOmitemptyTagKey, enable) -} - -// getEnableInputJsonOmitemptyTagFromContext retrieves the EnableInputJsonOmitemptyTag value from context -func getEnableInputJsonOmitemptyTagFromContext(ctx context.Context) bool { - enableClientJsonOmitemptyTag := true - if ctx != nil { - enable, ok := ctx.Value(EnableInputJsonOmitemptyTagKey).(bool) - if ok { - enableClientJsonOmitemptyTag = enable - } - } - return enableClientJsonOmitemptyTag -} - -func MarshalJSON(ctx context.Context, v any) ([]byte, error) { - if v == nil { - return []byte("null"), nil - } - - val := reflect.ValueOf(v) - if !val.IsValid() || (val.Kind() == reflect.Ptr && val.IsNil()) { - return []byte("null"), nil - } - - encoder := &Encoder{ - EnableInputJsonOmitemptyTag: getEnableInputJsonOmitemptyTagFromContext(ctx), - } - - return encoder.Encode(val) -} - -func checkImplements[I any](v reflect.Value) bool { - t := v.Type() - interfaceType := reflect.TypeOf((*I)(nil)).Elem() - - return t.Implements(interfaceType) || (t.Kind() == reflect.Ptr && reflect.PointerTo(t).Implements(interfaceType)) +func MarshalJSON(_ context.Context, v any) ([]byte, error) { + encoder := &Encoder{} + return encoder.Encode(reflect.ValueOf(v)) } // Encoder is a struct for encoding GraphQL requests to JSON -type Encoder struct { - EnableInputJsonOmitemptyTag bool -} +type Encoder struct{} // fieldInfo holds field information of a struct type fieldInfo struct { name string // field name jsonName string // field name in JSON omitempty bool // omitempty flag + omitzero bool // omitzero flag typ reflect.Type // field type } // Encode encodes any value to JSON func (e *Encoder) Encode(v reflect.Value) ([]byte, error) { - if !v.IsValid() || (v.Kind() == reflect.Ptr && v.IsNil()) { + if !v.IsValid() || isNil(v) { return []byte("null"), nil } - if checkImplements[graphql.Marshaler](v) { - return e.encodeGQLMarshaler(v.Interface()) + vi := v.Interface() + if marshaler, ok := vi.(graphql.ContextMarshaler); ok { + return e.encodeGQLContextMarshaler(context.Background(), marshaler) } - - if checkImplements[json.Marshaler](v) { - return e.encodeJsonMarshaler(v.Interface()) + if marshaler, ok := vi.(graphql.Marshaler); ok { + return e.encodeGQLMarshaler(marshaler) } - - if checkImplements[encoding.TextMarshaler](v) { - return e.encodeTextMarshaler(v.Interface()) + if marshaler, ok := vi.(json.Marshaler); ok { + return e.encodeJsonMarshaler(marshaler) + } + if marshaler, ok := vi.(encoding.TextMarshaler); ok { + return e.encodeTextMarshaler(marshaler) } t := v.Type() @@ -574,36 +532,44 @@ func (e *Encoder) Encode(v reflect.Value) ([]byte, error) { } } -// encodeGQLMarshaler encodes a value that implements graphql.Marshaler interface -func (e *Encoder) encodeGQLMarshaler(v any) ([]byte, error) { - if v == nil { +// encodeGQLContextMarshaler encodes a value that implements graphql.ContextMarshaler interface +func (e *Encoder) encodeGQLContextMarshaler(ctx context.Context, v graphql.ContextMarshaler) ([]byte, error) { + if isNil(reflect.ValueOf(v)) { return []byte("null"), nil } var buf bytes.Buffer - if val, ok := v.(graphql.Marshaler); ok { - val.MarshalGQL(&buf) - } else { - return nil, fmt.Errorf("failed to encode graphql.Marshaler: %v", v) + if err := v.MarshalGQLContext(ctx, &buf); err != nil { + return nil, err } + return buf.Bytes(), nil +} +// encodeGQLMarshaler encodes a value that implements graphql.Marshaler interface +func (e *Encoder) encodeGQLMarshaler(v graphql.Marshaler) ([]byte, error) { + if isNil(reflect.ValueOf(v)) { + return []byte("null"), nil + } + + var buf bytes.Buffer + v.MarshalGQL(&buf) return buf.Bytes(), nil } // encodeJsonMarshaler encodes a value that implements json.Marshaler interface -func (e *Encoder) encodeJsonMarshaler(v any) ([]byte, error) { - if val, ok := v.(json.Marshaler); ok { - return val.MarshalJSON() +func (e *Encoder) encodeJsonMarshaler(v json.Marshaler) ([]byte, error) { + if isNil(reflect.ValueOf(v)) { + return []byte("null"), nil } - return nil, fmt.Errorf("failed to encode json.Marshaler: %v", v) + return v.MarshalJSON() } // encodeTextMarshaler encodes a value that implements encoding.TextMarshaler interface -func (e *Encoder) encodeTextMarshaler(v any) ([]byte, error) { - if _, ok := v.(encoding.TextMarshaler); ok { - return json.Marshal(v) +func (e *Encoder) encodeTextMarshaler(v encoding.TextMarshaler) ([]byte, error) { + if isNil(reflect.ValueOf(v)) { + return []byte("null"), nil } - return nil, fmt.Errorf("failed to encode encoding.TextMarshaler: %v", v) + return json.Marshal(v) } // encodeBool encodes a boolean value @@ -617,17 +583,17 @@ func (e *Encoder) encodeBool(v reflect.Value) ([]byte, error) { // encodeInt encodes an integer value func (e *Encoder) encodeInt(v reflect.Value) ([]byte, error) { - return []byte(fmt.Sprintf("%d", v.Int())), nil + return fmt.Appendf(nil, "%d", v.Int()), nil } // encodeUint encodes an unsigned integer value func (e *Encoder) encodeUint(v reflect.Value) ([]byte, error) { - return []byte(fmt.Sprintf("%d", v.Uint())), nil + return fmt.Appendf(nil, "%d", v.Uint()), nil } // encodeFloat encodes a floating-point value func (e *Encoder) encodeFloat(v reflect.Value) ([]byte, error) { - return []byte(fmt.Sprintf("%f", v.Float())), nil + return fmt.Appendf(nil, "%f", v.Float()), nil } // encodeString encodes a string value @@ -647,24 +613,86 @@ func (e *Encoder) trimQuotes(s string) string { return s } -func (e *Encoder) isSkipOmitemptyField(v reflect.Value, field fieldInfo) bool { - if !e.EnableInputJsonOmitemptyTag { - return false +func isSkipField(omitempty, omitzero bool, v reflect.Value) bool { + if !v.IsValid() { + return true } - if !field.omitempty { - return false + var skipByOmitEmpty bool + if omitempty { + skipByOmitEmpty = isEmptyValue(v) } - if !v.IsValid() { - return true + var skipByOmitZero bool + if omitzero { + skipByOmitZero = isZeroValue(v) } - if v.Kind() == reflect.Ptr && v.IsNil() { - return true + return skipByOmitEmpty || skipByOmitZero +} + +// https://cs.opensource.google/go/go/+/refs/tags/go1.24.2:src/encoding/json/encode.go;l=318-330 +func isEmptyValue(v reflect.Value) bool { + switch v.Kind() { + case reflect.Array, reflect.Map, reflect.Slice, reflect.String: + return v.Len() == 0 + case reflect.Bool, + reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64, + reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr, + reflect.Float32, reflect.Float64, + reflect.Interface, reflect.Pointer: + return v.IsZero() } + return false +} - return v.IsZero() +type isZeroer interface { + IsZero() bool +} + +var isZeroerType = reflect.TypeFor[isZeroer]() + +func isZeroValue(v reflect.Value) bool { + // https://cs.opensource.google/go/go/+/refs/tags/go1.24.2:src/encoding/json/encode.go;l=1187-1219 + var isZero func(v reflect.Value) bool + t := v.Type() + // Provide a function that uses a type's IsZero method. + switch { + case t.Kind() == reflect.Interface && t.Implements(isZeroerType): + isZero = func(v reflect.Value) bool { + // Avoid panics calling IsZero on a nil interface or + // non-nil interface with nil pointer. + return v.IsNil() || + (v.Elem().Kind() == reflect.Pointer && v.Elem().IsNil()) || + //nolint:forcetypeassert + v.Interface().(isZeroer).IsZero() + } + case t.Kind() == reflect.Pointer && t.Implements(isZeroerType): + //nolint:forcetypeassert + isZero = func(v reflect.Value) bool { + // Avoid panics calling IsZero on nil pointer. + return v.IsNil() || v.Interface().(isZeroer).IsZero() + } + case t.Implements(isZeroerType): + //nolint:forcetypeassert + isZero = func(v reflect.Value) bool { + return v.Interface().(isZeroer).IsZero() + } + case reflect.PointerTo(t).Implements(isZeroerType): + isZero = func(v reflect.Value) bool { + if !v.CanAddr() { + // Temporarily box v so we can take the address. + v2 := reflect.New(v.Type()).Elem() + v2.Set(v) + v = v2 + } + //nolint:forcetypeassert + return v.Addr().Interface().(isZeroer).IsZero() + } + } + + // https://cs.opensource.google/go/go/+/refs/tags/go1.24.2:src/encoding/json/encode.go;l=716 + return isZero == nil && v.IsZero() || (isZero != nil && isZero(v)) } // encodeStruct encodes a struct value @@ -673,7 +701,7 @@ func (e *Encoder) encodeStruct(v reflect.Value) ([]byte, error) { result := make(map[string]json.RawMessage) for _, field := range fields { fieldValue := v.FieldByName(field.name) - if e.isSkipOmitemptyField(fieldValue, field) { + if isSkipField(field.omitempty, field.omitzero, fieldValue) { continue } @@ -770,21 +798,18 @@ func (e *Encoder) prepareFields(t reflect.Type) []fieldInfo { if jsonTag == "-" { continue } - - jsonName := f.Name - if jsonTag != "" { - parts := strings.Split(jsonTag, ",") - jsonName = parts[0] - } - fi := fieldInfo{ name: f.Name, - jsonName: jsonName, + jsonName: f.Name, typ: f.Type, } - - if strings.Contains(jsonTag, "omitempty") { - fi.omitempty = true + if jsonTag != "" { + parts := strings.Split(jsonTag, ",") + fi.jsonName = parts[0] + if len(parts) > 1 { + fi.omitempty = slices.Contains(parts[1:], "omitempty") + fi.omitzero = slices.Contains(parts[1:], "omitzero") + } } fields = append(fields, fi) @@ -792,3 +817,12 @@ func (e *Encoder) prepareFields(t reflect.Type) []fieldInfo { return fields } + +func isNil(v reflect.Value) bool { + switch v.Kind() { + case reflect.Ptr, reflect.Map, reflect.Slice, reflect.Chan, reflect.Func, reflect.Interface: + return v.IsNil() + default: + return false + } +} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/version.go b/vendor/github.com/aws/aws-sdk-go/aws/version.go index 7ab65bae7..e72db4de1 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/version.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/version.go @@ -5,4 +5,4 @@ package aws const SDKName = "aws-sdk-go" // SDKVersion is the version of this SDK -const SDKVersion = "1.55.6" +const SDKVersion = "1.55.7" diff --git a/vendor/github.com/charmbracelet/colorprofile/.golangci.yml b/vendor/github.com/charmbracelet/colorprofile/.golangci.yml index 90c5c08bd..be61d89ba 100644 --- a/vendor/github.com/charmbracelet/colorprofile/.golangci.yml +++ b/vendor/github.com/charmbracelet/colorprofile/.golangci.yml @@ -1,17 +1,6 @@ +version: "2" run: tests: false - -issues: - include: - - EXC0001 - - EXC0005 - - EXC0011 - - EXC0012 - - EXC0013 - - max-issues-per-linter: 0 - max-same-issues: 0 - linters: enable: - bodyclose @@ -19,8 +8,6 @@ linters: - goconst - godot - godox - - gofumpt - - goimports - gomoddirectives - goprintffuncname - gosec @@ -39,3 +26,16 @@ linters: - unparam - whitespace - wrapcheck + exclusions: + generated: lax + presets: + - common-false-positives +issues: + max-issues-per-linter: 0 + max-same-issues: 0 +formatters: + enable: + - gofumpt + - goimports + exclusions: + generated: lax diff --git a/vendor/github.com/charmbracelet/colorprofile/doc.go b/vendor/github.com/charmbracelet/colorprofile/doc.go new file mode 100644 index 000000000..bd522e903 --- /dev/null +++ b/vendor/github.com/charmbracelet/colorprofile/doc.go @@ -0,0 +1,4 @@ +// Package colorprofile provides a way to downsample ANSI escape sequence +// colors and styles automatically based on output, environment variables, and +// Terminfo databases. +package colorprofile diff --git a/vendor/github.com/charmbracelet/colorprofile/env.go b/vendor/github.com/charmbracelet/colorprofile/env.go index 341241cc0..749f989e2 100644 --- a/vendor/github.com/charmbracelet/colorprofile/env.go +++ b/vendor/github.com/charmbracelet/colorprofile/env.go @@ -33,8 +33,8 @@ func Detect(output io.Writer, env []string) Profile { out, ok := output.(term.File) environ := newEnviron(env) isatty := isTTYForced(environ) || (ok && term.IsTerminal(out.Fd())) - term := environ.get("TERM") - isDumb := term == dumbTerm + term, ok := environ.lookup("TERM") + isDumb := !ok || term == dumbTerm envp := colorProfile(isatty, environ) if envp == TrueColor || envNoColor(environ) { // We already know we have TrueColor, or NO_COLOR is set. @@ -71,7 +71,8 @@ func Env(env []string) (p Profile) { } func colorProfile(isatty bool, env environ) (p Profile) { - isDumb := env.get("TERM") == dumbTerm + term, ok := env.lookup("TERM") + isDumb := (!ok && runtime.GOOS != "windows") || term == dumbTerm envp := envColorProfile(env) if !isatty || isDumb { // Check if the output is a terminal. @@ -191,6 +192,11 @@ func envColorProfile(env environ) (p Profile) { p = ANSI256 } + // Direct color terminals support true colors. + if strings.HasSuffix(term, "direct") { + return TrueColor + } + return //nolint:nakedret } diff --git a/vendor/github.com/charmbracelet/colorprofile/profile.go b/vendor/github.com/charmbracelet/colorprofile/profile.go index 97e37ac36..2bcb37c6e 100644 --- a/vendor/github.com/charmbracelet/colorprofile/profile.go +++ b/vendor/github.com/charmbracelet/colorprofile/profile.go @@ -12,15 +12,15 @@ import ( type Profile byte const ( - // NoTTY, not a terminal profile. + // NoTTY is a profile with no terminal support. NoTTY Profile = iota - // Ascii, uncolored profile. + // Ascii is a profile with no color support. Ascii //nolint:revive - // ANSI, 4-bit color profile. + // ANSI is a profile with 16 colors (4-bit). ANSI - // ANSI256, 8-bit color profile. + // ANSI256 is a profile with 256 colors (8-bit). ANSI256 - // TrueColor, 24-bit color profile. + // TrueColor is a profile with 16 million colors (24-bit). TrueColor ) diff --git a/vendor/github.com/charmbracelet/x/ansi/color.go b/vendor/github.com/charmbracelet/x/ansi/color.go index 77f8a08d1..09feb9759 100644 --- a/vendor/github.com/charmbracelet/x/ansi/color.go +++ b/vendor/github.com/charmbracelet/x/ansi/color.go @@ -2,34 +2,9 @@ package ansi import ( "image/color" -) -// Technically speaking, the 16 basic ANSI colors are arbitrary and can be -// customized at the terminal level. Given that, we're returning what we feel -// are good defaults. -// -// This could also be a slice, but we use a map to make the mappings very -// explicit. -// -// See: https://www.ditig.com/publications/256-colors-cheat-sheet -var lowANSI = map[uint32]uint32{ - 0: 0x000000, // black - 1: 0x800000, // red - 2: 0x008000, // green - 3: 0x808000, // yellow - 4: 0x000080, // blue - 5: 0x800080, // magenta - 6: 0x008080, // cyan - 7: 0xc0c0c0, // white - 8: 0x808080, // bright black - 9: 0xff0000, // bright red - 10: 0x00ff00, // bright green - 11: 0xffff00, // bright yellow - 12: 0x0000ff, // bright blue - 13: 0xff00ff, // bright magenta - 14: 0x00ffff, // bright cyan - 15: 0xffffff, // bright white -} + "github.com/lucasb-eyer/go-colorful" +) // Color is a color that can be used in a terminal. ANSI (including // ANSI256) and 24-bit "true colors" fall under this category. @@ -100,28 +75,33 @@ func (c BasicColor) RGBA() (uint32, uint32, uint32, uint32) { return 0, 0, 0, 0xffff } - r, g, b := ansiToRGB(ansi) - return toRGBA(r, g, b) + return ansiToRGB(byte(ansi)).RGBA() } -// ExtendedColor is an ANSI 256 (8-bit) color with a value from 0 to 255. -type ExtendedColor uint8 +// IndexedColor is an ANSI 256 (8-bit) color with a value from 0 to 255. +type IndexedColor uint8 -var _ Color = ExtendedColor(0) +var _ Color = IndexedColor(0) // RGBA returns the red, green, blue and alpha components of the color. It // satisfies the color.Color interface. -func (c ExtendedColor) RGBA() (uint32, uint32, uint32, uint32) { - r, g, b := ansiToRGB(uint32(c)) - return toRGBA(r, g, b) +func (c IndexedColor) RGBA() (uint32, uint32, uint32, uint32) { + return ansiToRGB(byte(c)).RGBA() } +// ExtendedColor is an ANSI 256 (8-bit) color with a value from 0 to 255. +// +// Deprecated: use [IndexedColor] instead. +type ExtendedColor = IndexedColor + // TrueColor is a 24-bit color that can be used in the terminal. // This can be used to represent RGB colors. // // For example, the color red can be represented as: // // TrueColor(0xff0000) +// +// Deprecated: use [RGBColor] instead. type TrueColor uint32 var _ Color = TrueColor(0) @@ -133,44 +113,25 @@ func (c TrueColor) RGBA() (uint32, uint32, uint32, uint32) { return toRGBA(r, g, b) } +// RGBColor is a 24-bit color that can be used in the terminal. +// This can be used to represent RGB colors. +type RGBColor struct { + R uint8 + G uint8 + B uint8 +} + +// RGBA returns the red, green, blue and alpha components of the color. It +// satisfies the color.Color interface. +func (c RGBColor) RGBA() (uint32, uint32, uint32, uint32) { + return toRGBA(uint32(c.R), uint32(c.G), uint32(c.B)) +} + // ansiToRGB converts an ANSI color to a 24-bit RGB color. // // r, g, b := ansiToRGB(57) -func ansiToRGB(ansi uint32) (uint32, uint32, uint32) { - // For out-of-range values return black. - if ansi > 255 { - return 0, 0, 0 - } - - // Low ANSI. - if ansi < 16 { - h, ok := lowANSI[ansi] - if !ok { - return 0, 0, 0 - } - r, g, b := hexToRGB(h) - return r, g, b - } - - // Grays. - if ansi > 231 { - s := (ansi-232)*10 + 8 - return s, s, s - } - - // ANSI256. - n := ansi - 16 - b := n % 6 - g := (n - b) / 6 % 6 - r := (n - b - g*6) / 36 % 6 - for _, v := range []*uint32{&r, &g, &b} { - if *v > 0 { - c := *v*40 + 55 - *v = c - } - } - - return r, g, b +func ansiToRGB(ansi byte) color.Color { + return ansiHex[ansi] } // hexToRGB converts a number in hexadecimal format to red, green, and blue @@ -194,3 +155,630 @@ func toRGBA(r, g, b uint32) (uint32, uint32, uint32, uint32) { b |= b << 8 return r, g, b, 0xffff } + +//nolint:unused +func distSq(r1, g1, b1, r2, g2, b2 int) int { + return ((r1-r2)*(r1-r2) + (g1-g2)*(g1-g2) + (b1-b2)*(b1-b2)) +} + +func to6Cube[T int | float64](v T) int { + if v < 48 { + return 0 + } + if v < 115 { + return 1 + } + return int((v - 35) / 40) +} + +// Convert256 converts a [color.Color], usually a 24-bit color, to xterm(1) 256 +// color palette. +// +// xterm provides a 6x6x6 color cube (16 - 231) and 24 greys (232 - 255). We +// map our RGB color to the closest in the cube, also work out the closest +// grey, and use the nearest of the two based on the lightness of the color. +// +// Note that the xterm has much lower resolution for darker colors (they are +// not evenly spread out), so our 6 levels are not evenly spread: 0x0, 0x5f +// (95), 0x87 (135), 0xaf (175), 0xd7 (215) and 0xff (255). Greys are more +// evenly spread (8, 18, 28 ... 238). +func Convert256(c color.Color) IndexedColor { + // If the color is already an IndexedColor, return it. + if i, ok := c.(IndexedColor); ok { + return i + } + + // Note: this is mostly ported from tmux/colour.c. + col, ok := colorful.MakeColor(c) + if !ok { + return IndexedColor(0) + } + + r := col.R * 255 + g := col.G * 255 + b := col.B * 255 + + q2c := [6]int{0x00, 0x5f, 0x87, 0xaf, 0xd7, 0xff} + + // Map RGB to 6x6x6 cube. + qr := to6Cube(r) + cr := q2c[qr] + qg := to6Cube(g) + cg := q2c[qg] + qb := to6Cube(b) + cb := q2c[qb] + + // If we have hit the color exactly, return early. + ci := (36 * qr) + (6 * qg) + qb + if cr == int(r) && cg == int(g) && cb == int(b) { + return IndexedColor(16 + ci) //nolint:gosec + } + + // Work out the closest grey (average of RGB). + greyAvg := int(r+g+b) / 3 + var greyIdx int + if greyAvg > 238 { + greyIdx = 23 + } else { + greyIdx = (greyAvg - 3) / 10 + } + grey := 8 + (10 * greyIdx) + + // Return the one which is nearer to the original input rgb value + // XXX: This is where it differs from tmux's implementation, we prefer the + // closer color to the original in terms of light distances rather than the + // cube distance. + c2 := colorful.Color{R: float64(cr) / 255.0, G: float64(cg) / 255.0, B: float64(cb) / 255.0} + g2 := colorful.Color{R: float64(grey) / 255.0, G: float64(grey) / 255.0, B: float64(grey) / 255.0} + colorDist := col.DistanceHSLuv(c2) + grayDist := col.DistanceHSLuv(g2) + + if colorDist <= grayDist { + return IndexedColor(16 + ci) //nolint:gosec + } + return IndexedColor(232 + greyIdx) //nolint:gosec + + // // Is grey or 6x6x6 color closest? + // d := distSq(cr, cg, cb, int(r), int(g), int(b)) + // if distSq(grey, grey, grey, int(r), int(g), int(b)) < d { + // return IndexedColor(232 + greyIdx) //nolint:gosec + // } + // return IndexedColor(16 + ci) //nolint:gosec +} + +// Convert16 converts a [color.Color] to a 16-color ANSI color. It will first +// try to find a match in the 256 xterm(1) color palette, and then map that to +// the 16-color ANSI palette. +func Convert16(c color.Color) BasicColor { + switch c := c.(type) { + case BasicColor: + // If the color is already a BasicColor, return it. + return c + case IndexedColor: + // If the color is already an IndexedColor, return the corresponding + // BasicColor. + return ansi256To16[c] + default: + c256 := Convert256(c) + return ansi256To16[c256] + } +} + +// RGB values of ANSI colors (0-255). +var ansiHex = [...]color.RGBA{ + 0: {R: 0x00, G: 0x00, B: 0x00, A: 0xff}, // "#000000" + 1: {R: 0x80, G: 0x00, B: 0x00, A: 0xff}, // "#800000" + 2: {R: 0x00, G: 0x80, B: 0x00, A: 0xff}, // "#008000" + 3: {R: 0x80, G: 0x80, B: 0x00, A: 0xff}, // "#808000" + 4: {R: 0x00, G: 0x00, B: 0x80, A: 0xff}, // "#000080" + 5: {R: 0x80, G: 0x00, B: 0x80, A: 0xff}, // "#800080" + 6: {R: 0x00, G: 0x80, B: 0x80, A: 0xff}, // "#008080" + 7: {R: 0xc0, G: 0xc0, B: 0xc0, A: 0xff}, // "#c0c0c0" + 8: {R: 0x80, G: 0x80, B: 0x80, A: 0xff}, // "#808080" + 9: {R: 0xff, G: 0x00, B: 0x00, A: 0xff}, // "#ff0000" + 10: {R: 0x00, G: 0xff, B: 0x00, A: 0xff}, // "#00ff00" + 11: {R: 0xff, G: 0xff, B: 0x00, A: 0xff}, // "#ffff00" + 12: {R: 0x00, G: 0x00, B: 0xff, A: 0xff}, // "#0000ff" + 13: {R: 0xff, G: 0x00, B: 0xff, A: 0xff}, // "#ff00ff" + 14: {R: 0x00, G: 0xff, B: 0xff, A: 0xff}, // "#00ffff" + 15: {R: 0xff, G: 0xff, B: 0xff, A: 0xff}, // "#ffffff" + 16: {R: 0x00, G: 0x00, B: 0x00, A: 0xff}, // "#000000" + 17: {R: 0x00, G: 0x00, B: 0x5f, A: 0xff}, // "#00005f" + 18: {R: 0x00, G: 0x00, B: 0x87, A: 0xff}, // "#000087" + 19: {R: 0x00, G: 0x00, B: 0xaf, A: 0xff}, // "#0000af" + 20: {R: 0x00, G: 0x00, B: 0xd7, A: 0xff}, // "#0000d7" + 21: {R: 0x00, G: 0x00, B: 0xff, A: 0xff}, // "#0000ff" + 22: {R: 0x00, G: 0x5f, B: 0x00, A: 0xff}, // "#005f00" + 23: {R: 0x00, G: 0x5f, B: 0x5f, A: 0xff}, // "#005f5f" + 24: {R: 0x00, G: 0x5f, B: 0x87, A: 0xff}, // "#005f87" + 25: {R: 0x00, G: 0x5f, B: 0xaf, A: 0xff}, // "#005faf" + 26: {R: 0x00, G: 0x5f, B: 0xd7, A: 0xff}, // "#005fd7" + 27: {R: 0x00, G: 0x5f, B: 0xff, A: 0xff}, // "#005fff" + 28: {R: 0x00, G: 0x87, B: 0x00, A: 0xff}, // "#008700" + 29: {R: 0x00, G: 0x87, B: 0x5f, A: 0xff}, // "#00875f" + 30: {R: 0x00, G: 0x87, B: 0x87, A: 0xff}, // "#008787" + 31: {R: 0x00, G: 0x87, B: 0xaf, A: 0xff}, // "#0087af" + 32: {R: 0x00, G: 0x87, B: 0xd7, A: 0xff}, // "#0087d7" + 33: {R: 0x00, G: 0x87, B: 0xff, A: 0xff}, // "#0087ff" + 34: {R: 0x00, G: 0xaf, B: 0x00, A: 0xff}, // "#00af00" + 35: {R: 0x00, G: 0xaf, B: 0x5f, A: 0xff}, // "#00af5f" + 36: {R: 0x00, G: 0xaf, B: 0x87, A: 0xff}, // "#00af87" + 37: {R: 0x00, G: 0xaf, B: 0xaf, A: 0xff}, // "#00afaf" + 38: {R: 0x00, G: 0xaf, B: 0xd7, A: 0xff}, // "#00afd7" + 39: {R: 0x00, G: 0xaf, B: 0xff, A: 0xff}, // "#00afff" + 40: {R: 0x00, G: 0xd7, B: 0x00, A: 0xff}, // "#00d700" + 41: {R: 0x00, G: 0xd7, B: 0x5f, A: 0xff}, // "#00d75f" + 42: {R: 0x00, G: 0xd7, B: 0x87, A: 0xff}, // "#00d787" + 43: {R: 0x00, G: 0xd7, B: 0xaf, A: 0xff}, // "#00d7af" + 44: {R: 0x00, G: 0xd7, B: 0xd7, A: 0xff}, // "#00d7d7" + 45: {R: 0x00, G: 0xd7, B: 0xff, A: 0xff}, // "#00d7ff" + 46: {R: 0x00, G: 0xff, B: 0x00, A: 0xff}, // "#00ff00" + 47: {R: 0x00, G: 0xff, B: 0x5f, A: 0xff}, // "#00ff5f" + 48: {R: 0x00, G: 0xff, B: 0x87, A: 0xff}, // "#00ff87" + 49: {R: 0x00, G: 0xff, B: 0xaf, A: 0xff}, // "#00ffaf" + 50: {R: 0x00, G: 0xff, B: 0xd7, A: 0xff}, // "#00ffd7" + 51: {R: 0x00, G: 0xff, B: 0xff, A: 0xff}, // "#00ffff" + 52: {R: 0x5f, G: 0x00, B: 0x00, A: 0xff}, // "#5f0000" + 53: {R: 0x5f, G: 0x00, B: 0x5f, A: 0xff}, // "#5f005f" + 54: {R: 0x5f, G: 0x00, B: 0x87, A: 0xff}, // "#5f0087" + 55: {R: 0x5f, G: 0x00, B: 0xaf, A: 0xff}, // "#5f00af" + 56: {R: 0x5f, G: 0x00, B: 0xd7, A: 0xff}, // "#5f00d7" + 57: {R: 0x5f, G: 0x00, B: 0xff, A: 0xff}, // "#5f00ff" + 58: {R: 0x5f, G: 0x5f, B: 0x00, A: 0xff}, // "#5f5f00" + 59: {R: 0x5f, G: 0x5f, B: 0x5f, A: 0xff}, // "#5f5f5f" + 60: {R: 0x5f, G: 0x5f, B: 0x87, A: 0xff}, // "#5f5f87" + 61: {R: 0x5f, G: 0x5f, B: 0xaf, A: 0xff}, // "#5f5faf" + 62: {R: 0x5f, G: 0x5f, B: 0xd7, A: 0xff}, // "#5f5fd7" + 63: {R: 0x5f, G: 0x5f, B: 0xff, A: 0xff}, // "#5f5fff" + 64: {R: 0x5f, G: 0x87, B: 0x00, A: 0xff}, // "#5f8700" + 65: {R: 0x5f, G: 0x87, B: 0x5f, A: 0xff}, // "#5f875f" + 66: {R: 0x5f, G: 0x87, B: 0x87, A: 0xff}, // "#5f8787" + 67: {R: 0x5f, G: 0x87, B: 0xaf, A: 0xff}, // "#5f87af" + 68: {R: 0x5f, G: 0x87, B: 0xd7, A: 0xff}, // "#5f87d7" + 69: {R: 0x5f, G: 0x87, B: 0xff, A: 0xff}, // "#5f87ff" + 70: {R: 0x5f, G: 0xaf, B: 0x00, A: 0xff}, // "#5faf00" + 71: {R: 0x5f, G: 0xaf, B: 0x5f, A: 0xff}, // "#5faf5f" + 72: {R: 0x5f, G: 0xaf, B: 0x87, A: 0xff}, // "#5faf87" + 73: {R: 0x5f, G: 0xaf, B: 0xaf, A: 0xff}, // "#5fafaf" + 74: {R: 0x5f, G: 0xaf, B: 0xd7, A: 0xff}, // "#5fafd7" + 75: {R: 0x5f, G: 0xaf, B: 0xff, A: 0xff}, // "#5fafff" + 76: {R: 0x5f, G: 0xd7, B: 0x00, A: 0xff}, // "#5fd700" + 77: {R: 0x5f, G: 0xd7, B: 0x5f, A: 0xff}, // "#5fd75f" + 78: {R: 0x5f, G: 0xd7, B: 0x87, A: 0xff}, // "#5fd787" + 79: {R: 0x5f, G: 0xd7, B: 0xaf, A: 0xff}, // "#5fd7af" + 80: {R: 0x5f, G: 0xd7, B: 0xd7, A: 0xff}, // "#5fd7d7" + 81: {R: 0x5f, G: 0xd7, B: 0xff, A: 0xff}, // "#5fd7ff" + 82: {R: 0x5f, G: 0xff, B: 0x00, A: 0xff}, // "#5fff00" + 83: {R: 0x5f, G: 0xff, B: 0x5f, A: 0xff}, // "#5fff5f" + 84: {R: 0x5f, G: 0xff, B: 0x87, A: 0xff}, // "#5fff87" + 85: {R: 0x5f, G: 0xff, B: 0xaf, A: 0xff}, // "#5fffaf" + 86: {R: 0x5f, G: 0xff, B: 0xd7, A: 0xff}, // "#5fffd7" + 87: {R: 0x5f, G: 0xff, B: 0xff, A: 0xff}, // "#5fffff" + 88: {R: 0x87, G: 0x00, B: 0x00, A: 0xff}, // "#870000" + 89: {R: 0x87, G: 0x00, B: 0x5f, A: 0xff}, // "#87005f" + 90: {R: 0x87, G: 0x00, B: 0x87, A: 0xff}, // "#870087" + 91: {R: 0x87, G: 0x00, B: 0xaf, A: 0xff}, // "#8700af" + 92: {R: 0x87, G: 0x00, B: 0xd7, A: 0xff}, // "#8700d7" + 93: {R: 0x87, G: 0x00, B: 0xff, A: 0xff}, // "#8700ff" + 94: {R: 0x87, G: 0x5f, B: 0x00, A: 0xff}, // "#875f00" + 95: {R: 0x87, G: 0x5f, B: 0x5f, A: 0xff}, // "#875f5f" + 96: {R: 0x87, G: 0x5f, B: 0x87, A: 0xff}, // "#875f87" + 97: {R: 0x87, G: 0x5f, B: 0xaf, A: 0xff}, // "#875faf" + 98: {R: 0x87, G: 0x5f, B: 0xd7, A: 0xff}, // "#875fd7" + 99: {R: 0x87, G: 0x5f, B: 0xff, A: 0xff}, // "#875fff" + 100: {R: 0x87, G: 0x87, B: 0x00, A: 0xff}, // "#878700" + 101: {R: 0x87, G: 0x87, B: 0x5f, A: 0xff}, // "#87875f" + 102: {R: 0x87, G: 0x87, B: 0x87, A: 0xff}, // "#878787" + 103: {R: 0x87, G: 0x87, B: 0xaf, A: 0xff}, // "#8787af" + 104: {R: 0x87, G: 0x87, B: 0xd7, A: 0xff}, // "#8787d7" + 105: {R: 0x87, G: 0x87, B: 0xff, A: 0xff}, // "#8787ff" + 106: {R: 0x87, G: 0xaf, B: 0x00, A: 0xff}, // "#87af00" + 107: {R: 0x87, G: 0xaf, B: 0x5f, A: 0xff}, // "#87af5f" + 108: {R: 0x87, G: 0xaf, B: 0x87, A: 0xff}, // "#87af87" + 109: {R: 0x87, G: 0xaf, B: 0xaf, A: 0xff}, // "#87afaf" + 110: {R: 0x87, G: 0xaf, B: 0xd7, A: 0xff}, // "#87afd7" + 111: {R: 0x87, G: 0xaf, B: 0xff, A: 0xff}, // "#87afff" + 112: {R: 0x87, G: 0xd7, B: 0x00, A: 0xff}, // "#87d700" + 113: {R: 0x87, G: 0xd7, B: 0x5f, A: 0xff}, // "#87d75f" + 114: {R: 0x87, G: 0xd7, B: 0x87, A: 0xff}, // "#87d787" + 115: {R: 0x87, G: 0xd7, B: 0xaf, A: 0xff}, // "#87d7af" + 116: {R: 0x87, G: 0xd7, B: 0xd7, A: 0xff}, // "#87d7d7" + 117: {R: 0x87, G: 0xd7, B: 0xff, A: 0xff}, // "#87d7ff" + 118: {R: 0x87, G: 0xff, B: 0x00, A: 0xff}, // "#87ff00" + 119: {R: 0x87, G: 0xff, B: 0x5f, A: 0xff}, // "#87ff5f" + 120: {R: 0x87, G: 0xff, B: 0x87, A: 0xff}, // "#87ff87" + 121: {R: 0x87, G: 0xff, B: 0xaf, A: 0xff}, // "#87ffaf" + 122: {R: 0x87, G: 0xff, B: 0xd7, A: 0xff}, // "#87ffd7" + 123: {R: 0x87, G: 0xff, B: 0xff, A: 0xff}, // "#87ffff" + 124: {R: 0xaf, G: 0x00, B: 0x00, A: 0xff}, // "#af0000" + 125: {R: 0xaf, G: 0x00, B: 0x5f, A: 0xff}, // "#af005f" + 126: {R: 0xaf, G: 0x00, B: 0x87, A: 0xff}, // "#af0087" + 127: {R: 0xaf, G: 0x00, B: 0xaf, A: 0xff}, // "#af00af" + 128: {R: 0xaf, G: 0x00, B: 0xd7, A: 0xff}, // "#af00d7" + 129: {R: 0xaf, G: 0x00, B: 0xff, A: 0xff}, // "#af00ff" + 130: {R: 0xaf, G: 0x5f, B: 0x00, A: 0xff}, // "#af5f00" + 131: {R: 0xaf, G: 0x5f, B: 0x5f, A: 0xff}, // "#af5f5f" + 132: {R: 0xaf, G: 0x5f, B: 0x87, A: 0xff}, // "#af5f87" + 133: {R: 0xaf, G: 0x5f, B: 0xaf, A: 0xff}, // "#af5faf" + 134: {R: 0xaf, G: 0x5f, B: 0xd7, A: 0xff}, // "#af5fd7" + 135: {R: 0xaf, G: 0x5f, B: 0xff, A: 0xff}, // "#af5fff" + 136: {R: 0xaf, G: 0x87, B: 0x00, A: 0xff}, // "#af8700" + 137: {R: 0xaf, G: 0x87, B: 0x5f, A: 0xff}, // "#af875f" + 138: {R: 0xaf, G: 0x87, B: 0x87, A: 0xff}, // "#af8787" + 139: {R: 0xaf, G: 0x87, B: 0xaf, A: 0xff}, // "#af87af" + 140: {R: 0xaf, G: 0x87, B: 0xd7, A: 0xff}, // "#af87d7" + 141: {R: 0xaf, G: 0x87, B: 0xff, A: 0xff}, // "#af87ff" + 142: {R: 0xaf, G: 0xaf, B: 0x00, A: 0xff}, // "#afaf00" + 143: {R: 0xaf, G: 0xaf, B: 0x5f, A: 0xff}, // "#afaf5f" + 144: {R: 0xaf, G: 0xaf, B: 0x87, A: 0xff}, // "#afaf87" + 145: {R: 0xaf, G: 0xaf, B: 0xaf, A: 0xff}, // "#afafaf" + 146: {R: 0xaf, G: 0xaf, B: 0xd7, A: 0xff}, // "#afafd7" + 147: {R: 0xaf, G: 0xaf, B: 0xff, A: 0xff}, // "#afafff" + 148: {R: 0xaf, G: 0xd7, B: 0x00, A: 0xff}, // "#afd700" + 149: {R: 0xaf, G: 0xd7, B: 0x5f, A: 0xff}, // "#afd75f" + 150: {R: 0xaf, G: 0xd7, B: 0x87, A: 0xff}, // "#afd787" + 151: {R: 0xaf, G: 0xd7, B: 0xaf, A: 0xff}, // "#afd7af" + 152: {R: 0xaf, G: 0xd7, B: 0xd7, A: 0xff}, // "#afd7d7" + 153: {R: 0xaf, G: 0xd7, B: 0xff, A: 0xff}, // "#afd7ff" + 154: {R: 0xaf, G: 0xff, B: 0x00, A: 0xff}, // "#afff00" + 155: {R: 0xaf, G: 0xff, B: 0x5f, A: 0xff}, // "#afff5f" + 156: {R: 0xaf, G: 0xff, B: 0x87, A: 0xff}, // "#afff87" + 157: {R: 0xaf, G: 0xff, B: 0xaf, A: 0xff}, // "#afffaf" + 158: {R: 0xaf, G: 0xff, B: 0xd7, A: 0xff}, // "#afffd7" + 159: {R: 0xaf, G: 0xff, B: 0xff, A: 0xff}, // "#afffff" + 160: {R: 0xd7, G: 0x00, B: 0x00, A: 0xff}, // "#d70000" + 161: {R: 0xd7, G: 0x00, B: 0x5f, A: 0xff}, // "#d7005f" + 162: {R: 0xd7, G: 0x00, B: 0x87, A: 0xff}, // "#d70087" + 163: {R: 0xd7, G: 0x00, B: 0xaf, A: 0xff}, // "#d700af" + 164: {R: 0xd7, G: 0x00, B: 0xd7, A: 0xff}, // "#d700d7" + 165: {R: 0xd7, G: 0x00, B: 0xff, A: 0xff}, // "#d700ff" + 166: {R: 0xd7, G: 0x5f, B: 0x00, A: 0xff}, // "#d75f00" + 167: {R: 0xd7, G: 0x5f, B: 0x5f, A: 0xff}, // "#d75f5f" + 168: {R: 0xd7, G: 0x5f, B: 0x87, A: 0xff}, // "#d75f87" + 169: {R: 0xd7, G: 0x5f, B: 0xaf, A: 0xff}, // "#d75faf" + 170: {R: 0xd7, G: 0x5f, B: 0xd7, A: 0xff}, // "#d75fd7" + 171: {R: 0xd7, G: 0x5f, B: 0xff, A: 0xff}, // "#d75fff" + 172: {R: 0xd7, G: 0x87, B: 0x00, A: 0xff}, // "#d78700" + 173: {R: 0xd7, G: 0x87, B: 0x5f, A: 0xff}, // "#d7875f" + 174: {R: 0xd7, G: 0x87, B: 0x87, A: 0xff}, // "#d78787" + 175: {R: 0xd7, G: 0x87, B: 0xaf, A: 0xff}, // "#d787af" + 176: {R: 0xd7, G: 0x87, B: 0xd7, A: 0xff}, // "#d787d7" + 177: {R: 0xd7, G: 0x87, B: 0xff, A: 0xff}, // "#d787ff" + 178: {R: 0xd7, G: 0xaf, B: 0x00, A: 0xff}, // "#d7af00" + 179: {R: 0xd7, G: 0xaf, B: 0x5f, A: 0xff}, // "#d7af5f" + 180: {R: 0xd7, G: 0xaf, B: 0x87, A: 0xff}, // "#d7af87" + 181: {R: 0xd7, G: 0xaf, B: 0xaf, A: 0xff}, // "#d7afaf" + 182: {R: 0xd7, G: 0xaf, B: 0xd7, A: 0xff}, // "#d7afd7" + 183: {R: 0xd7, G: 0xaf, B: 0xff, A: 0xff}, // "#d7afff" + 184: {R: 0xd7, G: 0xd7, B: 0x00, A: 0xff}, // "#d7d700" + 185: {R: 0xd7, G: 0xd7, B: 0x5f, A: 0xff}, // "#d7d75f" + 186: {R: 0xd7, G: 0xd7, B: 0x87, A: 0xff}, // "#d7d787" + 187: {R: 0xd7, G: 0xd7, B: 0xaf, A: 0xff}, // "#d7d7af" + 188: {R: 0xd7, G: 0xd7, B: 0xd7, A: 0xff}, // "#d7d7d7" + 189: {R: 0xd7, G: 0xd7, B: 0xff, A: 0xff}, // "#d7d7ff" + 190: {R: 0xd7, G: 0xff, B: 0x00, A: 0xff}, // "#d7ff00" + 191: {R: 0xd7, G: 0xff, B: 0x5f, A: 0xff}, // "#d7ff5f" + 192: {R: 0xd7, G: 0xff, B: 0x87, A: 0xff}, // "#d7ff87" + 193: {R: 0xd7, G: 0xff, B: 0xaf, A: 0xff}, // "#d7ffaf" + 194: {R: 0xd7, G: 0xff, B: 0xd7, A: 0xff}, // "#d7ffd7" + 195: {R: 0xd7, G: 0xff, B: 0xff, A: 0xff}, // "#d7ffff" + 196: {R: 0xff, G: 0x00, B: 0x00, A: 0xff}, // "#ff0000" + 197: {R: 0xff, G: 0x00, B: 0x5f, A: 0xff}, // "#ff005f" + 198: {R: 0xff, G: 0x00, B: 0x87, A: 0xff}, // "#ff0087" + 199: {R: 0xff, G: 0x00, B: 0xaf, A: 0xff}, // "#ff00af" + 200: {R: 0xff, G: 0x00, B: 0xd7, A: 0xff}, // "#ff00d7" + 201: {R: 0xff, G: 0x00, B: 0xff, A: 0xff}, // "#ff00ff" + 202: {R: 0xff, G: 0x5f, B: 0x00, A: 0xff}, // "#ff5f00" + 203: {R: 0xff, G: 0x5f, B: 0x5f, A: 0xff}, // "#ff5f5f" + 204: {R: 0xff, G: 0x5f, B: 0x87, A: 0xff}, // "#ff5f87" + 205: {R: 0xff, G: 0x5f, B: 0xaf, A: 0xff}, // "#ff5faf" + 206: {R: 0xff, G: 0x5f, B: 0xd7, A: 0xff}, // "#ff5fd7" + 207: {R: 0xff, G: 0x5f, B: 0xff, A: 0xff}, // "#ff5fff" + 208: {R: 0xff, G: 0x87, B: 0x00, A: 0xff}, // "#ff8700" + 209: {R: 0xff, G: 0x87, B: 0x5f, A: 0xff}, // "#ff875f" + 210: {R: 0xff, G: 0x87, B: 0x87, A: 0xff}, // "#ff8787" + 211: {R: 0xff, G: 0x87, B: 0xaf, A: 0xff}, // "#ff87af" + 212: {R: 0xff, G: 0x87, B: 0xd7, A: 0xff}, // "#ff87d7" + 213: {R: 0xff, G: 0x87, B: 0xff, A: 0xff}, // "#ff87ff" + 214: {R: 0xff, G: 0xaf, B: 0x00, A: 0xff}, // "#ffaf00" + 215: {R: 0xff, G: 0xaf, B: 0x5f, A: 0xff}, // "#ffaf5f" + 216: {R: 0xff, G: 0xaf, B: 0x87, A: 0xff}, // "#ffaf87" + 217: {R: 0xff, G: 0xaf, B: 0xaf, A: 0xff}, // "#ffafaf" + 218: {R: 0xff, G: 0xaf, B: 0xd7, A: 0xff}, // "#ffafd7" + 219: {R: 0xff, G: 0xaf, B: 0xff, A: 0xff}, // "#ffafff" + 220: {R: 0xff, G: 0xd7, B: 0x00, A: 0xff}, // "#ffd700" + 221: {R: 0xff, G: 0xd7, B: 0x5f, A: 0xff}, // "#ffd75f" + 222: {R: 0xff, G: 0xd7, B: 0x87, A: 0xff}, // "#ffd787" + 223: {R: 0xff, G: 0xd7, B: 0xaf, A: 0xff}, // "#ffd7af" + 224: {R: 0xff, G: 0xd7, B: 0xd7, A: 0xff}, // "#ffd7d7" + 225: {R: 0xff, G: 0xd7, B: 0xff, A: 0xff}, // "#ffd7ff" + 226: {R: 0xff, G: 0xff, B: 0x00, A: 0xff}, // "#ffff00" + 227: {R: 0xff, G: 0xff, B: 0x5f, A: 0xff}, // "#ffff5f" + 228: {R: 0xff, G: 0xff, B: 0x87, A: 0xff}, // "#ffff87" + 229: {R: 0xff, G: 0xff, B: 0xaf, A: 0xff}, // "#ffffaf" + 230: {R: 0xff, G: 0xff, B: 0xd7, A: 0xff}, // "#ffffd7" + 231: {R: 0xff, G: 0xff, B: 0xff, A: 0xff}, // "#ffffff" + 232: {R: 0x08, G: 0x08, B: 0x08, A: 0xff}, // "#080808" + 233: {R: 0x12, G: 0x12, B: 0x12, A: 0xff}, // "#121212" + 234: {R: 0x1c, G: 0x1c, B: 0x1c, A: 0xff}, // "#1c1c1c" + 235: {R: 0x26, G: 0x26, B: 0x26, A: 0xff}, // "#262626" + 236: {R: 0x30, G: 0x30, B: 0x30, A: 0xff}, // "#303030" + 237: {R: 0x3a, G: 0x3a, B: 0x3a, A: 0xff}, // "#3a3a3a" + 238: {R: 0x44, G: 0x44, B: 0x44, A: 0xff}, // "#444444" + 239: {R: 0x4e, G: 0x4e, B: 0x4e, A: 0xff}, // "#4e4e4e" + 240: {R: 0x58, G: 0x58, B: 0x58, A: 0xff}, // "#585858" + 241: {R: 0x62, G: 0x62, B: 0x62, A: 0xff}, // "#626262" + 242: {R: 0x6c, G: 0x6c, B: 0x6c, A: 0xff}, // "#6c6c6c" + 243: {R: 0x76, G: 0x76, B: 0x76, A: 0xff}, // "#767676" + 244: {R: 0x80, G: 0x80, B: 0x80, A: 0xff}, // "#808080" + 245: {R: 0x8a, G: 0x8a, B: 0x8a, A: 0xff}, // "#8a8a8a" + 246: {R: 0x94, G: 0x94, B: 0x94, A: 0xff}, // "#949494" + 247: {R: 0x9e, G: 0x9e, B: 0x9e, A: 0xff}, // "#9e9e9e" + 248: {R: 0xa8, G: 0xa8, B: 0xa8, A: 0xff}, // "#a8a8a8" + 249: {R: 0xb2, G: 0xb2, B: 0xb2, A: 0xff}, // "#b2b2b2" + 250: {R: 0xbc, G: 0xbc, B: 0xbc, A: 0xff}, // "#bcbcbc" + 251: {R: 0xc6, G: 0xc6, B: 0xc6, A: 0xff}, // "#c6c6c6" + 252: {R: 0xd0, G: 0xd0, B: 0xd0, A: 0xff}, // "#d0d0d0" + 253: {R: 0xda, G: 0xda, B: 0xda, A: 0xff}, // "#dadada" + 254: {R: 0xe4, G: 0xe4, B: 0xe4, A: 0xff}, // "#e4e4e4" + 255: {R: 0xee, G: 0xee, B: 0xee, A: 0xff}, // "#eeeeee" +} + +var ansi256To16 = [...]BasicColor{ + 0: 0, + 1: 1, + 2: 2, + 3: 3, + 4: 4, + 5: 5, + 6: 6, + 7: 7, + 8: 8, + 9: 9, + 10: 10, + 11: 11, + 12: 12, + 13: 13, + 14: 14, + 15: 15, + 16: 0, + 17: 4, + 18: 4, + 19: 4, + 20: 12, + 21: 12, + 22: 2, + 23: 6, + 24: 4, + 25: 4, + 26: 12, + 27: 12, + 28: 2, + 29: 2, + 30: 6, + 31: 4, + 32: 12, + 33: 12, + 34: 2, + 35: 2, + 36: 2, + 37: 6, + 38: 12, + 39: 12, + 40: 10, + 41: 10, + 42: 10, + 43: 10, + 44: 14, + 45: 12, + 46: 10, + 47: 10, + 48: 10, + 49: 10, + 50: 10, + 51: 14, + 52: 1, + 53: 5, + 54: 4, + 55: 4, + 56: 12, + 57: 12, + 58: 3, + 59: 8, + 60: 4, + 61: 4, + 62: 12, + 63: 12, + 64: 2, + 65: 2, + 66: 6, + 67: 4, + 68: 12, + 69: 12, + 70: 2, + 71: 2, + 72: 2, + 73: 6, + 74: 12, + 75: 12, + 76: 10, + 77: 10, + 78: 10, + 79: 10, + 80: 14, + 81: 12, + 82: 10, + 83: 10, + 84: 10, + 85: 10, + 86: 10, + 87: 14, + 88: 1, + 89: 1, + 90: 5, + 91: 4, + 92: 12, + 93: 12, + 94: 1, + 95: 1, + 96: 5, + 97: 4, + 98: 12, + 99: 12, + 100: 3, + 101: 3, + 102: 8, + 103: 4, + 104: 12, + 105: 12, + 106: 2, + 107: 2, + 108: 2, + 109: 6, + 110: 12, + 111: 12, + 112: 10, + 113: 10, + 114: 10, + 115: 10, + 116: 14, + 117: 12, + 118: 10, + 119: 10, + 120: 10, + 121: 10, + 122: 10, + 123: 14, + 124: 1, + 125: 1, + 126: 1, + 127: 5, + 128: 12, + 129: 12, + 130: 1, + 131: 1, + 132: 1, + 133: 5, + 134: 12, + 135: 12, + 136: 1, + 137: 1, + 138: 1, + 139: 5, + 140: 12, + 141: 12, + 142: 3, + 143: 3, + 144: 3, + 145: 7, + 146: 12, + 147: 12, + 148: 10, + 149: 10, + 150: 10, + 151: 10, + 152: 14, + 153: 12, + 154: 10, + 155: 10, + 156: 10, + 157: 10, + 158: 10, + 159: 14, + 160: 9, + 161: 9, + 162: 9, + 163: 9, + 164: 13, + 165: 12, + 166: 9, + 167: 9, + 168: 9, + 169: 9, + 170: 13, + 171: 12, + 172: 9, + 173: 9, + 174: 9, + 175: 9, + 176: 13, + 177: 12, + 178: 9, + 179: 9, + 180: 9, + 181: 9, + 182: 13, + 183: 12, + 184: 11, + 185: 11, + 186: 11, + 187: 11, + 188: 7, + 189: 12, + 190: 10, + 191: 10, + 192: 10, + 193: 10, + 194: 10, + 195: 14, + 196: 9, + 197: 9, + 198: 9, + 199: 9, + 200: 9, + 201: 13, + 202: 9, + 203: 9, + 204: 9, + 205: 9, + 206: 9, + 207: 13, + 208: 9, + 209: 9, + 210: 9, + 211: 9, + 212: 9, + 213: 13, + 214: 9, + 215: 9, + 216: 9, + 217: 9, + 218: 9, + 219: 13, + 220: 9, + 221: 9, + 222: 9, + 223: 9, + 224: 9, + 225: 13, + 226: 11, + 227: 11, + 228: 11, + 229: 11, + 230: 11, + 231: 15, + 232: 0, + 233: 0, + 234: 0, + 235: 0, + 236: 0, + 237: 0, + 238: 8, + 239: 8, + 240: 8, + 241: 8, + 242: 8, + 243: 8, + 244: 7, + 245: 7, + 246: 7, + 247: 7, + 248: 7, + 249: 7, + 250: 15, + 251: 15, + 252: 15, + 253: 15, + 254: 15, + 255: 15, +} diff --git a/vendor/github.com/charmbracelet/x/ansi/cursor.go b/vendor/github.com/charmbracelet/x/ansi/cursor.go index 0c364d608..2a74c483c 100644 --- a/vendor/github.com/charmbracelet/x/ansi/cursor.go +++ b/vendor/github.com/charmbracelet/x/ansi/cursor.go @@ -1,6 +1,8 @@ package ansi -import "strconv" +import ( + "strconv" +) // SaveCursor (DECSC) is an escape sequence that saves the current cursor // position. @@ -260,7 +262,7 @@ func CHA(col int) string { // See: https://vt100.net/docs/vt510-rm/CUP.html func CursorPosition(col, row int) string { if row <= 0 && col <= 0 { - return HomeCursorPosition + return CursorHomePosition } var r, c string diff --git a/vendor/github.com/charmbracelet/x/ansi/finalterm.go b/vendor/github.com/charmbracelet/x/ansi/finalterm.go new file mode 100644 index 000000000..2c2834728 --- /dev/null +++ b/vendor/github.com/charmbracelet/x/ansi/finalterm.go @@ -0,0 +1,67 @@ +package ansi + +import "strings" + +// FinalTerm returns an escape sequence that is used for shell integrations. +// Originally, FinalTerm designed the protocol hence the name. +// +// OSC 133 ; Ps ; Pm ST +// OSC 133 ; Ps ; Pm BEL +// +// See: https://iterm2.com/documentation-shell-integration.html +func FinalTerm(pm ...string) string { + return "\x1b]133;" + strings.Join(pm, ";") + "\x07" +} + +// FinalTermPrompt returns an escape sequence that is used for shell +// integrations prompt marks. This is sent just before the start of the shell +// prompt. +// +// This is an alias for FinalTerm("A"). +func FinalTermPrompt(pm ...string) string { + if len(pm) == 0 { + return FinalTerm("A") + } + return FinalTerm(append([]string{"A"}, pm...)...) +} + +// FinalTermCmdStart returns an escape sequence that is used for shell +// integrations command start marks. This is sent just after the end of the +// shell prompt, before the user enters a command. +// +// This is an alias for FinalTerm("B"). +func FinalTermCmdStart(pm ...string) string { + if len(pm) == 0 { + return FinalTerm("B") + } + return FinalTerm(append([]string{"B"}, pm...)...) +} + +// FinalTermCmdExecuted returns an escape sequence that is used for shell +// integrations command executed marks. This is sent just before the start of +// the command output. +// +// This is an alias for FinalTerm("C"). +func FinalTermCmdExecuted(pm ...string) string { + if len(pm) == 0 { + return FinalTerm("C") + } + return FinalTerm(append([]string{"C"}, pm...)...) +} + +// FinalTermCmdFinished returns an escape sequence that is used for shell +// integrations command finished marks. +// +// If the command was sent after +// [FinalTermCmdStart], it indicates that the command was aborted. If the +// command was sent after [FinalTermCmdExecuted], it indicates the end of the +// command output. If neither was sent, [FinalTermCmdFinished] should be +// ignored. +// +// This is an alias for FinalTerm("D"). +func FinalTermCmdFinished(pm ...string) string { + if len(pm) == 0 { + return FinalTerm("D") + } + return FinalTerm(append([]string{"D"}, pm...)...) +} diff --git a/vendor/github.com/charmbracelet/x/ansi/graphics.go b/vendor/github.com/charmbracelet/x/ansi/graphics.go index 604fef47c..b5b1dc82f 100644 --- a/vendor/github.com/charmbracelet/x/ansi/graphics.go +++ b/vendor/github.com/charmbracelet/x/ansi/graphics.go @@ -8,11 +8,49 @@ import ( "image" "io" "os" + "strconv" "strings" "github.com/charmbracelet/x/ansi/kitty" ) +// SixelGraphics returns a sequence that encodes the given sixel image payload to +// a DCS sixel sequence. +// +// DCS p1; p2; p3; q [sixel payload] ST +// +// p1 = pixel aspect ratio, deprecated and replaced by pixel metrics in the payload +// +// p2 = This is supposed to be 0 for transparency, but terminals don't seem to +// to use it properly. Value 0 leaves an unsightly black bar on all terminals +// I've tried and looks correct with value 1. +// +// p3 = Horizontal grid size parameter. Everyone ignores this and uses a fixed grid +// size, as far as I can tell. +// +// See https://shuford.invisible-island.net/all_about_sixels.txt +func SixelGraphics(p1, p2, p3 int, payload []byte) string { + var buf bytes.Buffer + + buf.WriteString("\x1bP") + if p1 >= 0 { + buf.WriteString(strconv.Itoa(p1)) + } + buf.WriteByte(';') + if p2 >= 0 { + buf.WriteString(strconv.Itoa(p2)) + } + if p3 > 0 { + buf.WriteByte(';') + buf.WriteString(strconv.Itoa(p3)) + } + buf.WriteByte('q') + buf.Write(payload) + buf.WriteString("\x1b\\") + + return buf.String() +} + // KittyGraphics returns a sequence that encodes the given image in the Kitty // graphics protocol. // @@ -43,7 +81,7 @@ var ( KittyGraphicsTempPattern = "tty-graphics-protocol-*" ) -// WriteKittyGraphics writes an image using the Kitty Graphics protocol with +// EncodeKittyGraphics writes an image using the Kitty Graphics protocol with // the given options to w. It chunks the written data if o.Chunk is true. // // You can omit m and use nil when rendering an image from a file. In this @@ -54,7 +92,7 @@ var ( // the terminal. // // See https://sw.kovidgoyal.net/kitty/graphics-protocol/ -func WriteKittyGraphics(w io.Writer, m image.Image, o *kitty.Options) error { +func EncodeKittyGraphics(w io.Writer, m image.Image, o *kitty.Options) error { if o == nil { o = &kitty.Options{} } diff --git a/vendor/github.com/charmbracelet/x/ansi/mode.go b/vendor/github.com/charmbracelet/x/ansi/mode.go index 57f3f0a8e..b57b09cc7 100644 --- a/vendor/github.com/charmbracelet/x/ansi/mode.go +++ b/vendor/github.com/charmbracelet/x/ansi/mode.go @@ -243,6 +243,21 @@ const ( RequestInsertReplaceMode = "\x1b[4$p" ) +// BiDirectional Support Mode (BDSM) is a mode that determines whether the +// terminal supports bidirectional text. When enabled, the terminal supports +// bidirectional text and is set to implicit bidirectional mode. When disabled, +// the terminal does not support bidirectional text. +// +// See ECMA-48 7.2.1. +const ( + BiDirectionalSupportMode = ANSIMode(8) + BDSM = BiDirectionalSupportMode + + SetBiDirectionalSupportMode = "\x1b[8h" + ResetBiDirectionalSupportMode = "\x1b[8l" + RequestBiDirectionalSupportMode = "\x1b[8$p" +) + // Send Receive Mode (SRM) or Local Echo Mode is a mode that determines whether // the terminal echoes characters back to the host. When enabled, the terminal // sends characters to the host as they are typed. diff --git a/vendor/github.com/charmbracelet/x/ansi/modes.go b/vendor/github.com/charmbracelet/x/ansi/modes.go index 1bec5bc80..6856d35e4 100644 --- a/vendor/github.com/charmbracelet/x/ansi/modes.go +++ b/vendor/github.com/charmbracelet/x/ansi/modes.go @@ -4,12 +4,6 @@ package ansi // all modes are [ModeNotRecognized]. type Modes map[Mode]ModeSetting -// NewModes creates a new Modes map. By default, all modes are -// [ModeNotRecognized]. -func NewModes() Modes { - return make(Modes) -} - // Get returns the setting of a terminal mode. If the mode is not set, it // returns [ModeNotRecognized]. func (m Modes) Get(mode Mode) ModeSetting { diff --git a/vendor/github.com/charmbracelet/x/ansi/sgr.go b/vendor/github.com/charmbracelet/x/ansi/sgr.go index 1a18c98ef..c4bd2afad 100644 --- a/vendor/github.com/charmbracelet/x/ansi/sgr.go +++ b/vendor/github.com/charmbracelet/x/ansi/sgr.go @@ -1,7 +1,5 @@ package ansi -import "strconv" - // Select Graphic Rendition (SGR) is a command that sets display attributes. // // Default is 0. @@ -14,20 +12,7 @@ func SelectGraphicRendition(ps ...Attr) string { return ResetStyle } - var s Style - for _, p := range ps { - attr, ok := attrStrings[p] - if ok { - s = append(s, attr) - } else { - if p < 0 { - p = 0 - } - s = append(s, strconv.Itoa(p)) - } - } - - return s.String() + return NewStyle(ps...).String() } // SGR is an alias for [SelectGraphicRendition]. @@ -36,60 +21,59 @@ func SGR(ps ...Attr) string { } var attrStrings = map[int]string{ - ResetAttr: "0", - BoldAttr: "1", - FaintAttr: "2", - ItalicAttr: "3", - UnderlineAttr: "4", - SlowBlinkAttr: "5", - RapidBlinkAttr: "6", - ReverseAttr: "7", - ConcealAttr: "8", - StrikethroughAttr: "9", - NoBoldAttr: "21", - NormalIntensityAttr: "22", - NoItalicAttr: "23", - NoUnderlineAttr: "24", - NoBlinkAttr: "25", - NoReverseAttr: "27", - NoConcealAttr: "28", - NoStrikethroughAttr: "29", - BlackForegroundColorAttr: "30", - RedForegroundColorAttr: "31", - GreenForegroundColorAttr: "32", - YellowForegroundColorAttr: "33", - BlueForegroundColorAttr: "34", - MagentaForegroundColorAttr: "35", - CyanForegroundColorAttr: "36", - WhiteForegroundColorAttr: "37", - ExtendedForegroundColorAttr: "38", - DefaultForegroundColorAttr: "39", - BlackBackgroundColorAttr: "40", - RedBackgroundColorAttr: "41", - GreenBackgroundColorAttr: "42", - YellowBackgroundColorAttr: "43", - BlueBackgroundColorAttr: "44", - MagentaBackgroundColorAttr: "45", - CyanBackgroundColorAttr: "46", - WhiteBackgroundColorAttr: "47", - ExtendedBackgroundColorAttr: "48", - DefaultBackgroundColorAttr: "49", - ExtendedUnderlineColorAttr: "58", - DefaultUnderlineColorAttr: "59", - BrightBlackForegroundColorAttr: "90", - BrightRedForegroundColorAttr: "91", - BrightGreenForegroundColorAttr: "92", - BrightYellowForegroundColorAttr: "93", - BrightBlueForegroundColorAttr: "94", - BrightMagentaForegroundColorAttr: "95", - BrightCyanForegroundColorAttr: "96", - BrightWhiteForegroundColorAttr: "97", - BrightBlackBackgroundColorAttr: "100", - BrightRedBackgroundColorAttr: "101", - BrightGreenBackgroundColorAttr: "102", - BrightYellowBackgroundColorAttr: "103", - BrightBlueBackgroundColorAttr: "104", - BrightMagentaBackgroundColorAttr: "105", - BrightCyanBackgroundColorAttr: "106", - BrightWhiteBackgroundColorAttr: "107", + ResetAttr: resetAttr, + BoldAttr: boldAttr, + FaintAttr: faintAttr, + ItalicAttr: italicAttr, + UnderlineAttr: underlineAttr, + SlowBlinkAttr: slowBlinkAttr, + RapidBlinkAttr: rapidBlinkAttr, + ReverseAttr: reverseAttr, + ConcealAttr: concealAttr, + StrikethroughAttr: strikethroughAttr, + NormalIntensityAttr: normalIntensityAttr, + NoItalicAttr: noItalicAttr, + NoUnderlineAttr: noUnderlineAttr, + NoBlinkAttr: noBlinkAttr, + NoReverseAttr: noReverseAttr, + NoConcealAttr: noConcealAttr, + NoStrikethroughAttr: noStrikethroughAttr, + BlackForegroundColorAttr: blackForegroundColorAttr, + RedForegroundColorAttr: redForegroundColorAttr, + GreenForegroundColorAttr: greenForegroundColorAttr, + YellowForegroundColorAttr: yellowForegroundColorAttr, + BlueForegroundColorAttr: blueForegroundColorAttr, + MagentaForegroundColorAttr: magentaForegroundColorAttr, + CyanForegroundColorAttr: cyanForegroundColorAttr, + WhiteForegroundColorAttr: whiteForegroundColorAttr, + ExtendedForegroundColorAttr: extendedForegroundColorAttr, + DefaultForegroundColorAttr: defaultForegroundColorAttr, + BlackBackgroundColorAttr: blackBackgroundColorAttr, + RedBackgroundColorAttr: redBackgroundColorAttr, + GreenBackgroundColorAttr: greenBackgroundColorAttr, + YellowBackgroundColorAttr: yellowBackgroundColorAttr, + BlueBackgroundColorAttr: blueBackgroundColorAttr, + MagentaBackgroundColorAttr: magentaBackgroundColorAttr, + CyanBackgroundColorAttr: cyanBackgroundColorAttr, + WhiteBackgroundColorAttr: whiteBackgroundColorAttr, + ExtendedBackgroundColorAttr: extendedBackgroundColorAttr, + DefaultBackgroundColorAttr: defaultBackgroundColorAttr, + ExtendedUnderlineColorAttr: extendedUnderlineColorAttr, + DefaultUnderlineColorAttr: defaultUnderlineColorAttr, + BrightBlackForegroundColorAttr: brightBlackForegroundColorAttr, + BrightRedForegroundColorAttr: brightRedForegroundColorAttr, + BrightGreenForegroundColorAttr: brightGreenForegroundColorAttr, + BrightYellowForegroundColorAttr: brightYellowForegroundColorAttr, + BrightBlueForegroundColorAttr: brightBlueForegroundColorAttr, + BrightMagentaForegroundColorAttr: brightMagentaForegroundColorAttr, + BrightCyanForegroundColorAttr: brightCyanForegroundColorAttr, + BrightWhiteForegroundColorAttr: brightWhiteForegroundColorAttr, + BrightBlackBackgroundColorAttr: brightBlackBackgroundColorAttr, + BrightRedBackgroundColorAttr: brightRedBackgroundColorAttr, + BrightGreenBackgroundColorAttr: brightGreenBackgroundColorAttr, + BrightYellowBackgroundColorAttr: brightYellowBackgroundColorAttr, + BrightBlueBackgroundColorAttr: brightBlueBackgroundColorAttr, + BrightMagentaBackgroundColorAttr: brightMagentaBackgroundColorAttr, + BrightCyanBackgroundColorAttr: brightCyanBackgroundColorAttr, + BrightWhiteBackgroundColorAttr: brightWhiteBackgroundColorAttr, } diff --git a/vendor/github.com/charmbracelet/x/ansi/style.go b/vendor/github.com/charmbracelet/x/ansi/style.go index 46ddcaa99..c8663f32b 100644 --- a/vendor/github.com/charmbracelet/x/ansi/style.go +++ b/vendor/github.com/charmbracelet/x/ansi/style.go @@ -17,6 +17,26 @@ type Attr = int // Style represents an ANSI SGR (Select Graphic Rendition) style. type Style []string +// NewStyle returns a new style with the given attributes. +func NewStyle(attrs ...Attr) Style { + if len(attrs) == 0 { + return Style{} + } + s := make(Style, 0, len(attrs)) + for _, a := range attrs { + attr, ok := attrStrings[a] + if ok { + s = append(s, attr) + } else { + if a < 0 { + a = 0 + } + s = append(s, strconv.Itoa(a)) + } + } + return s +} + // String returns the ANSI SGR (Select Graphic Rendition) style sequence for // the given style. func (s Style) String() string { @@ -127,11 +147,6 @@ func (s Style) Strikethrough() Style { return append(s, strikethroughAttr) } -// NoBold appends the no bold style attribute to the style. -func (s Style) NoBold() Style { - return append(s, noBoldAttr) -} - // NormalIntensity appends the normal intensity style attribute to the style. func (s Style) NormalIntensity() Style { return append(s, normalIntensityAttr) @@ -236,7 +251,6 @@ const ( ReverseAttr Attr = 7 ConcealAttr Attr = 8 StrikethroughAttr Attr = 9 - NoBoldAttr Attr = 21 // Some terminals treat this as double underline. NormalIntensityAttr Attr = 22 NoItalicAttr Attr = 23 NoUnderlineAttr Attr = 24 @@ -298,7 +312,6 @@ const ( reverseAttr = "7" concealAttr = "8" strikethroughAttr = "9" - noBoldAttr = "21" normalIntensityAttr = "22" noItalicAttr = "23" noUnderlineAttr = "24" diff --git a/vendor/github.com/charmbracelet/x/ansi/title.go b/vendor/github.com/charmbracelet/x/ansi/title.go index 8fd8bf98d..54ef94235 100644 --- a/vendor/github.com/charmbracelet/x/ansi/title.go +++ b/vendor/github.com/charmbracelet/x/ansi/title.go @@ -30,3 +30,19 @@ func SetIconName(s string) string { func SetWindowTitle(s string) string { return "\x1b]2;" + s + "\x07" } + +// DECSWT is a sequence for setting the window title. +// +// This is an alias for [SetWindowTitle]("1;"). +// See: EK-VT520-RM 5–156 https://vt100.net/dec/ek-vt520-rm.pdf +func DECSWT(name string) string { + return SetWindowTitle("1;" + name) +} + +// DECSIN is a sequence for setting the icon name. +// +// This is an alias for [SetWindowTitle]("L;"). +// See: EK-VT520-RM 5–134 https://vt100.net/dec/ek-vt520-rm.pdf +func DECSIN(name string) string { + return SetWindowTitle("L;" + name) +} diff --git a/vendor/github.com/charmbracelet/x/ansi/truncate.go b/vendor/github.com/charmbracelet/x/ansi/truncate.go index 1fa3efefe..3f541fa56 100644 --- a/vendor/github.com/charmbracelet/x/ansi/truncate.go +++ b/vendor/github.com/charmbracelet/x/ansi/truncate.go @@ -10,8 +10,7 @@ import ( // Cut the string, without adding any prefix or tail strings. This function is // aware of ANSI escape codes and will not break them, and accounts for -// wide-characters (such as East-Asian characters and emojis). Note that the -// [left] parameter is inclusive, while [right] isn't. +// wide-characters (such as East-Asian characters and emojis). // This treats the text as a sequence of graphemes. func Cut(s string, left, right int) string { return cut(GraphemeWidth, s, left, right) @@ -19,8 +18,10 @@ func Cut(s string, left, right int) string { // CutWc the string, without adding any prefix or tail strings. This function is // aware of ANSI escape codes and will not break them, and accounts for -// wide-characters (such as East-Asian characters and emojis). Note that the -// [left] parameter is inclusive, while [right] isn't. +// wide-characters (such as East-Asian characters and emojis). +// Note that the [left] parameter is inclusive, while [right] isn't, +// which is to say it'll return `[left, right)`. +// // This treats the text as a sequence of wide characters and runes. func CutWc(s string, left, right int) string { return cut(WcWidth, s, left, right) @@ -41,7 +42,7 @@ func cut(m Method, s string, left, right int) string { if left == 0 { return truncate(s, right, "") } - return truncateLeft(Truncate(s, right, ""), left, "") + return truncateLeft(truncate(s, right, ""), left, "") } // Truncate truncates a string to a given length, adding a tail to the end if @@ -99,6 +100,7 @@ func truncate(m Method, s string, length int, tail string) string { // increment the index by the length of the cluster i += len(cluster) + curWidth += width // Are we ignoring? Skip to the next byte if ignoring { @@ -107,16 +109,15 @@ func truncate(m Method, s string, length int, tail string) string { // Is this gonna be too wide? // If so write the tail and stop collecting. - if curWidth+width > length && !ignoring { + if curWidth > length && !ignoring { ignoring = true buf.WriteString(tail) } - if curWidth+width > length { + if curWidth > length { continue } - curWidth += width buf.Write(cluster) // Done collecting, now we're back in the ground state. @@ -142,6 +143,14 @@ func truncate(m Method, s string, length int, tail string) string { // collects printable ASCII curWidth++ fallthrough + case parser.ExecuteAction: + // execute action will be things like \n, which, if outside the cut, + // should be ignored. + if ignoring { + i++ + continue + } + fallthrough default: buf.WriteByte(b[i]) i++ @@ -214,14 +223,14 @@ func truncateLeft(m Method, s string, n int, prefix string) string { buf.WriteString(prefix) } - if ignoring { - continue - } - if curWidth > n { buf.Write(cluster) } + if ignoring { + continue + } + pstate = parser.GroundState continue } @@ -240,6 +249,14 @@ func truncateLeft(m Method, s string, n int, prefix string) string { continue } + fallthrough + case parser.ExecuteAction: + // execute action will be things like \n, which, if outside the cut, + // should be ignored. + if ignoring { + i++ + continue + } fallthrough default: buf.WriteByte(b[i]) diff --git a/vendor/github.com/charmbracelet/x/ansi/util.go b/vendor/github.com/charmbracelet/x/ansi/util.go index 301ef15ff..0f5cea787 100644 --- a/vendor/github.com/charmbracelet/x/ansi/util.go +++ b/vendor/github.com/charmbracelet/x/ansi/util.go @@ -10,7 +10,7 @@ import ( ) // colorToHexString returns a hex string representation of a color. -func colorToHexString(c color.Color) string { +func colorToHexString(c color.Color) string { //nolint:unused if c == nil { return "" } @@ -28,7 +28,7 @@ func colorToHexString(c color.Color) string { // rgbToHex converts red, green, and blue values to a hexadecimal value. // // hex := rgbToHex(0, 0, 255) // 0x0000FF -func rgbToHex(r, g, b uint32) uint32 { +func rgbToHex(r, g, b uint32) uint32 { //nolint:unused return r<<16 + g<<8 + b } diff --git a/vendor/github.com/cloudflare/circl/ecc/goldilocks/curve.go b/vendor/github.com/cloudflare/circl/ecc/goldilocks/curve.go index 5a939100d..1f165141a 100644 --- a/vendor/github.com/cloudflare/circl/ecc/goldilocks/curve.go +++ b/vendor/github.com/cloudflare/circl/ecc/goldilocks/curve.go @@ -18,6 +18,9 @@ func (Curve) Identity() *Point { func (Curve) IsOnCurve(P *Point) bool { x2, y2, t, t2, z2 := &fp.Elt{}, &fp.Elt{}, &fp.Elt{}, &fp.Elt{}, &fp.Elt{} rhs, lhs := &fp.Elt{}, &fp.Elt{} + // Check z != 0 + eq0 := !fp.IsZero(&P.z) + fp.Mul(t, &P.ta, &P.tb) // t = ta*tb fp.Sqr(x2, &P.x) // x^2 fp.Sqr(y2, &P.y) // y^2 @@ -27,13 +30,14 @@ func (Curve) IsOnCurve(P *Point) bool { fp.Mul(rhs, t2, ¶mD) // dt^2 fp.Add(rhs, rhs, z2) // z^2 + dt^2 fp.Sub(lhs, lhs, rhs) // x^2 + y^2 - (z^2 + dt^2) - eq0 := fp.IsZero(lhs) + eq1 := fp.IsZero(lhs) fp.Mul(lhs, &P.x, &P.y) // xy fp.Mul(rhs, t, &P.z) // tz fp.Sub(lhs, lhs, rhs) // xy - tz - eq1 := fp.IsZero(lhs) - return eq0 && eq1 + eq2 := fp.IsZero(lhs) + + return eq0 && eq1 && eq2 } // Generator returns the generator point. diff --git a/vendor/github.com/cloudflare/circl/sign/ed25519/point.go b/vendor/github.com/cloudflare/circl/sign/ed25519/point.go index 374a69503..d1c3b146b 100644 --- a/vendor/github.com/cloudflare/circl/sign/ed25519/point.go +++ b/vendor/github.com/cloudflare/circl/sign/ed25519/point.go @@ -164,7 +164,7 @@ func (P *pointR1) isEqual(Q *pointR1) bool { fp.Mul(r, r, &P.z) fp.Sub(l, l, r) b = b && fp.IsZero(l) - return b + return b && !fp.IsZero(&P.z) && !fp.IsZero(&Q.z) } func (P *pointR3) neg() { diff --git a/vendor/github.com/cncf/xds/go/xds/type/matcher/v3/matcher.pb.go b/vendor/github.com/cncf/xds/go/xds/type/matcher/v3/matcher.pb.go index ac8dd4f19..1d1607b9c 100644 --- a/vendor/github.com/cncf/xds/go/xds/type/matcher/v3/matcher.pb.go +++ b/vendor/github.com/cncf/xds/go/xds/type/matcher/v3/matcher.pb.go @@ -120,7 +120,8 @@ type Matcher_OnMatch struct { // // *Matcher_OnMatch_Matcher // *Matcher_OnMatch_Action - OnMatch isMatcher_OnMatch_OnMatch `protobuf_oneof:"on_match"` + OnMatch isMatcher_OnMatch_OnMatch `protobuf_oneof:"on_match"` + KeepMatching bool `protobuf:"varint,3,opt,name=keep_matching,json=keepMatching,proto3" json:"keep_matching,omitempty"` } func (x *Matcher_OnMatch) Reset() { @@ -176,6 +177,13 @@ func (x *Matcher_OnMatch) GetAction() *v3.TypedExtensionConfig { return nil } +func (x *Matcher_OnMatch) GetKeepMatching() bool { + if x != nil { + return x.KeepMatching + } + return false +} + type isMatcher_OnMatch_OnMatch interface { isMatcher_OnMatch_OnMatch() } @@ -703,7 +711,7 @@ var file_xds_type_matcher_v3_matcher_proto_rawDesc = []byte{ 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2f, 0x76, 0x33, 0x2f, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x17, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x2f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x22, 0xf6, 0x0f, 0x0a, 0x07, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x12, 0x4d, 0x0a, 0x0c, + 0x22, 0x9b, 0x10, 0x0a, 0x07, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x12, 0x4d, 0x0a, 0x0c, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x78, 0x64, 0x73, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x76, 0x33, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, @@ -718,7 +726,7 @@ var file_xds_type_matcher_v3_matcher_proto_rawDesc = []byte{ 0x24, 0x2e, 0x78, 0x64, 0x73, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x76, 0x33, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x4f, 0x6e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x09, 0x6f, 0x6e, 0x4e, 0x6f, 0x4d, 0x61, 0x74, 0x63, 0x68, - 0x1a, 0x91, 0x01, 0x0a, 0x07, 0x4f, 0x6e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x38, 0x0a, 0x07, + 0x1a, 0xb6, 0x01, 0x0a, 0x07, 0x4f, 0x6e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x38, 0x0a, 0x07, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x78, 0x64, 0x73, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x76, 0x33, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x48, 0x00, 0x52, 0x07, 0x6d, @@ -726,117 +734,120 @@ var file_xds_type_matcher_v3_matcher_proto_rawDesc = []byte{ 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x78, 0x64, 0x73, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x33, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x64, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x48, 0x00, 0x52, 0x06, 0x61, 0x63, 0x74, - 0x69, 0x6f, 0x6e, 0x42, 0x0f, 0x0a, 0x08, 0x6f, 0x6e, 0x5f, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x12, - 0x03, 0xf8, 0x42, 0x01, 0x1a, 0xb6, 0x08, 0x0a, 0x0b, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, - 0x4c, 0x69, 0x73, 0x74, 0x12, 0x5b, 0x0a, 0x08, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x73, - 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x78, 0x64, 0x73, 0x2e, 0x74, 0x79, 0x70, - 0x65, 0x2e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x76, 0x33, 0x2e, 0x4d, 0x61, 0x74, - 0x63, 0x68, 0x65, 0x72, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x4c, 0x69, 0x73, 0x74, - 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x42, 0x08, 0xfa, - 0x42, 0x05, 0x92, 0x01, 0x02, 0x08, 0x01, 0x52, 0x08, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, - 0x73, 0x1a, 0x91, 0x06, 0x0a, 0x09, 0x50, 0x72, 0x65, 0x64, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, - 0x6f, 0x0a, 0x10, 0x73, 0x69, 0x6e, 0x67, 0x6c, 0x65, 0x5f, 0x70, 0x72, 0x65, 0x64, 0x69, 0x63, - 0x61, 0x74, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x42, 0x2e, 0x78, 0x64, 0x73, 0x2e, + 0x69, 0x6f, 0x6e, 0x12, 0x23, 0x0a, 0x0d, 0x6b, 0x65, 0x65, 0x70, 0x5f, 0x6d, 0x61, 0x74, 0x63, + 0x68, 0x69, 0x6e, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0c, 0x6b, 0x65, 0x65, 0x70, + 0x4d, 0x61, 0x74, 0x63, 0x68, 0x69, 0x6e, 0x67, 0x42, 0x0f, 0x0a, 0x08, 0x6f, 0x6e, 0x5f, 0x6d, + 0x61, 0x74, 0x63, 0x68, 0x12, 0x03, 0xf8, 0x42, 0x01, 0x1a, 0xb6, 0x08, 0x0a, 0x0b, 0x4d, 0x61, + 0x74, 0x63, 0x68, 0x65, 0x72, 0x4c, 0x69, 0x73, 0x74, 0x12, 0x5b, 0x0a, 0x08, 0x6d, 0x61, 0x74, + 0x63, 0x68, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x78, 0x64, + 0x73, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x76, + 0x33, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, + 0x72, 0x4c, 0x69, 0x73, 0x74, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4d, 0x61, 0x74, 0x63, 0x68, + 0x65, 0x72, 0x42, 0x08, 0xfa, 0x42, 0x05, 0x92, 0x01, 0x02, 0x08, 0x01, 0x52, 0x08, 0x6d, 0x61, + 0x74, 0x63, 0x68, 0x65, 0x72, 0x73, 0x1a, 0x91, 0x06, 0x0a, 0x09, 0x50, 0x72, 0x65, 0x64, 0x69, + 0x63, 0x61, 0x74, 0x65, 0x12, 0x6f, 0x0a, 0x10, 0x73, 0x69, 0x6e, 0x67, 0x6c, 0x65, 0x5f, 0x70, + 0x72, 0x65, 0x64, 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x42, + 0x2e, 0x78, 0x64, 0x73, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, + 0x72, 0x2e, 0x76, 0x33, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x4d, 0x61, 0x74, + 0x63, 0x68, 0x65, 0x72, 0x4c, 0x69, 0x73, 0x74, 0x2e, 0x50, 0x72, 0x65, 0x64, 0x69, 0x63, 0x61, + 0x74, 0x65, 0x2e, 0x53, 0x69, 0x6e, 0x67, 0x6c, 0x65, 0x50, 0x72, 0x65, 0x64, 0x69, 0x63, 0x61, + 0x74, 0x65, 0x48, 0x00, 0x52, 0x0f, 0x73, 0x69, 0x6e, 0x67, 0x6c, 0x65, 0x50, 0x72, 0x65, 0x64, + 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x61, 0x0a, 0x0a, 0x6f, 0x72, 0x5f, 0x6d, 0x61, 0x74, 0x63, + 0x68, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x78, 0x64, 0x73, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x76, 0x33, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x4c, - 0x69, 0x73, 0x74, 0x2e, 0x50, 0x72, 0x65, 0x64, 0x69, 0x63, 0x61, 0x74, 0x65, 0x2e, 0x53, 0x69, - 0x6e, 0x67, 0x6c, 0x65, 0x50, 0x72, 0x65, 0x64, 0x69, 0x63, 0x61, 0x74, 0x65, 0x48, 0x00, 0x52, - 0x0f, 0x73, 0x69, 0x6e, 0x67, 0x6c, 0x65, 0x50, 0x72, 0x65, 0x64, 0x69, 0x63, 0x61, 0x74, 0x65, - 0x12, 0x61, 0x0a, 0x0a, 0x6f, 0x72, 0x5f, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x78, 0x64, 0x73, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, - 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x76, 0x33, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, - 0x65, 0x72, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x4c, 0x69, 0x73, 0x74, 0x2e, 0x50, - 0x72, 0x65, 0x64, 0x69, 0x63, 0x61, 0x74, 0x65, 0x2e, 0x50, 0x72, 0x65, 0x64, 0x69, 0x63, 0x61, - 0x74, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x48, 0x00, 0x52, 0x09, 0x6f, 0x72, 0x4d, 0x61, 0x74, 0x63, - 0x68, 0x65, 0x72, 0x12, 0x63, 0x0a, 0x0b, 0x61, 0x6e, 0x64, 0x5f, 0x6d, 0x61, 0x74, 0x63, 0x68, - 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x78, 0x64, 0x73, 0x2e, 0x74, - 0x79, 0x70, 0x65, 0x2e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x76, 0x33, 0x2e, 0x4d, - 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x4c, 0x69, - 0x73, 0x74, 0x2e, 0x50, 0x72, 0x65, 0x64, 0x69, 0x63, 0x61, 0x74, 0x65, 0x2e, 0x50, 0x72, 0x65, - 0x64, 0x69, 0x63, 0x61, 0x74, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x48, 0x00, 0x52, 0x0a, 0x61, 0x6e, - 0x64, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x12, 0x55, 0x0a, 0x0b, 0x6e, 0x6f, 0x74, 0x5f, - 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, + 0x69, 0x73, 0x74, 0x2e, 0x50, 0x72, 0x65, 0x64, 0x69, 0x63, 0x61, 0x74, 0x65, 0x2e, 0x50, 0x72, + 0x65, 0x64, 0x69, 0x63, 0x61, 0x74, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x48, 0x00, 0x52, 0x09, 0x6f, + 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x12, 0x63, 0x0a, 0x0b, 0x61, 0x6e, 0x64, 0x5f, + 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x78, 0x64, 0x73, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x76, 0x33, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x4c, 0x69, 0x73, 0x74, 0x2e, 0x50, 0x72, 0x65, 0x64, 0x69, 0x63, 0x61, 0x74, - 0x65, 0x48, 0x00, 0x52, 0x0a, 0x6e, 0x6f, 0x74, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x1a, - 0xf3, 0x01, 0x0a, 0x0f, 0x53, 0x69, 0x6e, 0x67, 0x6c, 0x65, 0x50, 0x72, 0x65, 0x64, 0x69, 0x63, - 0x61, 0x74, 0x65, 0x12, 0x41, 0x0a, 0x05, 0x69, 0x6e, 0x70, 0x75, 0x74, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x78, 0x64, 0x73, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x33, - 0x2e, 0x54, 0x79, 0x70, 0x65, 0x64, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x43, - 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x42, 0x08, 0xfa, 0x42, 0x05, 0x8a, 0x01, 0x02, 0x10, 0x01, 0x52, - 0x05, 0x69, 0x6e, 0x70, 0x75, 0x74, 0x12, 0x45, 0x0a, 0x0b, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x5f, - 0x6d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x78, 0x64, - 0x73, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x76, - 0x33, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x48, - 0x00, 0x52, 0x0a, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x46, 0x0a, - 0x0c, 0x63, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x5f, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x78, 0x64, 0x73, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x76, - 0x33, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x64, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, - 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x48, 0x00, 0x52, 0x0b, 0x63, 0x75, 0x73, 0x74, 0x6f, 0x6d, - 0x4d, 0x61, 0x74, 0x63, 0x68, 0x42, 0x0e, 0x0a, 0x07, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, - 0x12, 0x03, 0xf8, 0x42, 0x01, 0x1a, 0x6b, 0x0a, 0x0d, 0x50, 0x72, 0x65, 0x64, 0x69, 0x63, 0x61, - 0x74, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x12, 0x5a, 0x0a, 0x09, 0x70, 0x72, 0x65, 0x64, 0x69, 0x63, - 0x61, 0x74, 0x65, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x78, 0x64, 0x73, 0x2e, - 0x74, 0x79, 0x70, 0x65, 0x2e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x76, 0x33, 0x2e, - 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x4c, - 0x69, 0x73, 0x74, 0x2e, 0x50, 0x72, 0x65, 0x64, 0x69, 0x63, 0x61, 0x74, 0x65, 0x42, 0x08, 0xfa, - 0x42, 0x05, 0x92, 0x01, 0x02, 0x08, 0x02, 0x52, 0x09, 0x70, 0x72, 0x65, 0x64, 0x69, 0x63, 0x61, - 0x74, 0x65, 0x42, 0x11, 0x0a, 0x0a, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x74, 0x79, 0x70, 0x65, - 0x12, 0x03, 0xf8, 0x42, 0x01, 0x1a, 0xb5, 0x01, 0x0a, 0x0c, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4d, - 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x12, 0x5a, 0x0a, 0x09, 0x70, 0x72, 0x65, 0x64, 0x69, 0x63, - 0x61, 0x74, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x78, 0x64, 0x73, 0x2e, - 0x74, 0x79, 0x70, 0x65, 0x2e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x76, 0x33, 0x2e, - 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x4c, - 0x69, 0x73, 0x74, 0x2e, 0x50, 0x72, 0x65, 0x64, 0x69, 0x63, 0x61, 0x74, 0x65, 0x42, 0x08, 0xfa, - 0x42, 0x05, 0x8a, 0x01, 0x02, 0x10, 0x01, 0x52, 0x09, 0x70, 0x72, 0x65, 0x64, 0x69, 0x63, 0x61, - 0x74, 0x65, 0x12, 0x49, 0x0a, 0x08, 0x6f, 0x6e, 0x5f, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x78, 0x64, 0x73, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, - 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x76, 0x33, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, - 0x65, 0x72, 0x2e, 0x4f, 0x6e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x42, 0x08, 0xfa, 0x42, 0x05, 0x8a, - 0x01, 0x02, 0x10, 0x01, 0x52, 0x07, 0x6f, 0x6e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x1a, 0xa9, 0x04, - 0x0a, 0x0b, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x54, 0x72, 0x65, 0x65, 0x12, 0x41, 0x0a, - 0x05, 0x69, 0x6e, 0x70, 0x75, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x78, - 0x64, 0x73, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x33, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x64, - 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x42, - 0x08, 0xfa, 0x42, 0x05, 0x8a, 0x01, 0x02, 0x10, 0x01, 0x52, 0x05, 0x69, 0x6e, 0x70, 0x75, 0x74, - 0x12, 0x5b, 0x0a, 0x0f, 0x65, 0x78, 0x61, 0x63, 0x74, 0x5f, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x5f, - 0x6d, 0x61, 0x70, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x78, 0x64, 0x73, 0x2e, + 0x65, 0x2e, 0x50, 0x72, 0x65, 0x64, 0x69, 0x63, 0x61, 0x74, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x48, + 0x00, 0x52, 0x0a, 0x61, 0x6e, 0x64, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x12, 0x55, 0x0a, + 0x0b, 0x6e, 0x6f, 0x74, 0x5f, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x18, 0x04, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x78, 0x64, 0x73, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x6d, 0x61, + 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x76, 0x33, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, + 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x4c, 0x69, 0x73, 0x74, 0x2e, 0x50, 0x72, 0x65, + 0x64, 0x69, 0x63, 0x61, 0x74, 0x65, 0x48, 0x00, 0x52, 0x0a, 0x6e, 0x6f, 0x74, 0x4d, 0x61, 0x74, + 0x63, 0x68, 0x65, 0x72, 0x1a, 0xf3, 0x01, 0x0a, 0x0f, 0x53, 0x69, 0x6e, 0x67, 0x6c, 0x65, 0x50, + 0x72, 0x65, 0x64, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x41, 0x0a, 0x05, 0x69, 0x6e, 0x70, 0x75, + 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x78, 0x64, 0x73, 0x2e, 0x63, 0x6f, + 0x72, 0x65, 0x2e, 0x76, 0x33, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x64, 0x45, 0x78, 0x74, 0x65, 0x6e, + 0x73, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x42, 0x08, 0xfa, 0x42, 0x05, 0x8a, + 0x01, 0x02, 0x10, 0x01, 0x52, 0x05, 0x69, 0x6e, 0x70, 0x75, 0x74, 0x12, 0x45, 0x0a, 0x0b, 0x76, + 0x61, 0x6c, 0x75, 0x65, 0x5f, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x22, 0x2e, 0x78, 0x64, 0x73, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x6d, 0x61, 0x74, 0x63, + 0x68, 0x65, 0x72, 0x2e, 0x76, 0x33, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, + 0x63, 0x68, 0x65, 0x72, 0x48, 0x00, 0x52, 0x0a, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x74, + 0x63, 0x68, 0x12, 0x46, 0x0a, 0x0c, 0x63, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x5f, 0x6d, 0x61, 0x74, + 0x63, 0x68, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x78, 0x64, 0x73, 0x2e, 0x63, + 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x33, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x64, 0x45, 0x78, 0x74, 0x65, + 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x48, 0x00, 0x52, 0x0b, 0x63, + 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x42, 0x0e, 0x0a, 0x07, 0x6d, 0x61, + 0x74, 0x63, 0x68, 0x65, 0x72, 0x12, 0x03, 0xf8, 0x42, 0x01, 0x1a, 0x6b, 0x0a, 0x0d, 0x50, 0x72, + 0x65, 0x64, 0x69, 0x63, 0x61, 0x74, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x12, 0x5a, 0x0a, 0x09, 0x70, + 0x72, 0x65, 0x64, 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x32, + 0x2e, 0x78, 0x64, 0x73, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, + 0x72, 0x2e, 0x76, 0x33, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x4d, 0x61, 0x74, + 0x63, 0x68, 0x65, 0x72, 0x4c, 0x69, 0x73, 0x74, 0x2e, 0x50, 0x72, 0x65, 0x64, 0x69, 0x63, 0x61, + 0x74, 0x65, 0x42, 0x08, 0xfa, 0x42, 0x05, 0x92, 0x01, 0x02, 0x08, 0x02, 0x52, 0x09, 0x70, 0x72, + 0x65, 0x64, 0x69, 0x63, 0x61, 0x74, 0x65, 0x42, 0x11, 0x0a, 0x0a, 0x6d, 0x61, 0x74, 0x63, 0x68, + 0x5f, 0x74, 0x79, 0x70, 0x65, 0x12, 0x03, 0xf8, 0x42, 0x01, 0x1a, 0xb5, 0x01, 0x0a, 0x0c, 0x46, + 0x69, 0x65, 0x6c, 0x64, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x12, 0x5a, 0x0a, 0x09, 0x70, + 0x72, 0x65, 0x64, 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, + 0x2e, 0x78, 0x64, 0x73, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, + 0x72, 0x2e, 0x76, 0x33, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x4d, 0x61, 0x74, + 0x63, 0x68, 0x65, 0x72, 0x4c, 0x69, 0x73, 0x74, 0x2e, 0x50, 0x72, 0x65, 0x64, 0x69, 0x63, 0x61, + 0x74, 0x65, 0x42, 0x08, 0xfa, 0x42, 0x05, 0x8a, 0x01, 0x02, 0x10, 0x01, 0x52, 0x09, 0x70, 0x72, + 0x65, 0x64, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x49, 0x0a, 0x08, 0x6f, 0x6e, 0x5f, 0x6d, 0x61, + 0x74, 0x63, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x78, 0x64, 0x73, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x76, 0x33, 0x2e, - 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x54, - 0x72, 0x65, 0x65, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x61, 0x70, 0x48, 0x00, 0x52, 0x0d, - 0x65, 0x78, 0x61, 0x63, 0x74, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x61, 0x70, 0x12, 0x5d, 0x0a, - 0x10, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x5f, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6d, 0x61, - 0x70, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x78, 0x64, 0x73, 0x2e, 0x74, 0x79, - 0x70, 0x65, 0x2e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x76, 0x33, 0x2e, 0x4d, 0x61, - 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x54, 0x72, 0x65, - 0x65, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x61, 0x70, 0x48, 0x00, 0x52, 0x0e, 0x70, 0x72, - 0x65, 0x66, 0x69, 0x78, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x61, 0x70, 0x12, 0x46, 0x0a, 0x0c, - 0x63, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x5f, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x04, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x78, 0x64, 0x73, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x33, - 0x2e, 0x54, 0x79, 0x70, 0x65, 0x64, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x43, - 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x48, 0x00, 0x52, 0x0b, 0x63, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x4d, - 0x61, 0x74, 0x63, 0x68, 0x1a, 0xc0, 0x01, 0x0a, 0x08, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x61, - 0x70, 0x12, 0x56, 0x0a, 0x03, 0x6d, 0x61, 0x70, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3a, + 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x4f, 0x6e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x42, + 0x08, 0xfa, 0x42, 0x05, 0x8a, 0x01, 0x02, 0x10, 0x01, 0x52, 0x07, 0x6f, 0x6e, 0x4d, 0x61, 0x74, + 0x63, 0x68, 0x1a, 0xa9, 0x04, 0x0a, 0x0b, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x54, 0x72, + 0x65, 0x65, 0x12, 0x41, 0x0a, 0x05, 0x69, 0x6e, 0x70, 0x75, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x21, 0x2e, 0x78, 0x64, 0x73, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x33, 0x2e, + 0x54, 0x79, 0x70, 0x65, 0x64, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x43, 0x6f, + 0x6e, 0x66, 0x69, 0x67, 0x42, 0x08, 0xfa, 0x42, 0x05, 0x8a, 0x01, 0x02, 0x10, 0x01, 0x52, 0x05, + 0x69, 0x6e, 0x70, 0x75, 0x74, 0x12, 0x5b, 0x0a, 0x0f, 0x65, 0x78, 0x61, 0x63, 0x74, 0x5f, 0x6d, + 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6d, 0x61, 0x70, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x78, 0x64, 0x73, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x76, 0x33, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x54, 0x72, 0x65, 0x65, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x61, - 0x70, 0x2e, 0x4d, 0x61, 0x70, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x08, 0xfa, 0x42, 0x05, 0x9a, - 0x01, 0x02, 0x08, 0x01, 0x52, 0x03, 0x6d, 0x61, 0x70, 0x1a, 0x5c, 0x0a, 0x08, 0x4d, 0x61, 0x70, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x3a, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x78, 0x64, 0x73, 0x2e, 0x74, 0x79, 0x70, - 0x65, 0x2e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x76, 0x33, 0x2e, 0x4d, 0x61, 0x74, - 0x63, 0x68, 0x65, 0x72, 0x2e, 0x4f, 0x6e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x05, 0x76, 0x61, - 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x42, 0x10, 0x0a, 0x09, 0x74, 0x72, 0x65, 0x65, 0x5f, - 0x74, 0x79, 0x70, 0x65, 0x12, 0x03, 0xf8, 0x42, 0x01, 0x42, 0x0e, 0x0a, 0x0c, 0x6d, 0x61, 0x74, - 0x63, 0x68, 0x65, 0x72, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x42, 0x5c, 0x0a, 0x1e, 0x63, 0x6f, 0x6d, - 0x2e, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x78, 0x64, 0x73, 0x2e, 0x74, 0x79, 0x70, 0x65, - 0x2e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x76, 0x33, 0x42, 0x0c, 0x4d, 0x61, 0x74, - 0x63, 0x68, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2a, 0x67, 0x69, 0x74, - 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6e, 0x63, 0x66, 0x2f, 0x78, 0x64, 0x73, - 0x2f, 0x67, 0x6f, 0x2f, 0x78, 0x64, 0x73, 0x2f, 0x74, 0x79, 0x70, 0x65, 0x2f, 0x6d, 0x61, 0x74, - 0x63, 0x68, 0x65, 0x72, 0x2f, 0x76, 0x33, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x70, 0x48, 0x00, 0x52, 0x0d, 0x65, 0x78, 0x61, 0x63, 0x74, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, + 0x61, 0x70, 0x12, 0x5d, 0x0a, 0x10, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x5f, 0x6d, 0x61, 0x74, + 0x63, 0x68, 0x5f, 0x6d, 0x61, 0x70, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x78, + 0x64, 0x73, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, + 0x76, 0x33, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, + 0x65, 0x72, 0x54, 0x72, 0x65, 0x65, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x61, 0x70, 0x48, + 0x00, 0x52, 0x0e, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4d, 0x61, + 0x70, 0x12, 0x46, 0x0a, 0x0c, 0x63, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x5f, 0x6d, 0x61, 0x74, 0x63, + 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x78, 0x64, 0x73, 0x2e, 0x63, 0x6f, + 0x72, 0x65, 0x2e, 0x76, 0x33, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x64, 0x45, 0x78, 0x74, 0x65, 0x6e, + 0x73, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x48, 0x00, 0x52, 0x0b, 0x63, 0x75, + 0x73, 0x74, 0x6f, 0x6d, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x1a, 0xc0, 0x01, 0x0a, 0x08, 0x4d, 0x61, + 0x74, 0x63, 0x68, 0x4d, 0x61, 0x70, 0x12, 0x56, 0x0a, 0x03, 0x6d, 0x61, 0x70, 0x18, 0x01, 0x20, + 0x03, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x78, 0x64, 0x73, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x6d, + 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x76, 0x33, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, + 0x72, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x54, 0x72, 0x65, 0x65, 0x2e, 0x4d, 0x61, + 0x74, 0x63, 0x68, 0x4d, 0x61, 0x70, 0x2e, 0x4d, 0x61, 0x70, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x42, + 0x08, 0xfa, 0x42, 0x05, 0x9a, 0x01, 0x02, 0x08, 0x01, 0x52, 0x03, 0x6d, 0x61, 0x70, 0x1a, 0x5c, + 0x0a, 0x08, 0x4d, 0x61, 0x70, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, + 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x3a, 0x0a, 0x05, + 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x78, 0x64, + 0x73, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x76, + 0x33, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x4f, 0x6e, 0x4d, 0x61, 0x74, 0x63, + 0x68, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x42, 0x10, 0x0a, 0x09, + 0x74, 0x72, 0x65, 0x65, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x12, 0x03, 0xf8, 0x42, 0x01, 0x42, 0x0e, + 0x0a, 0x0c, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x42, 0x5c, + 0x0a, 0x1e, 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x78, 0x64, 0x73, + 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x76, 0x33, + 0x42, 0x0c, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, + 0x5a, 0x2a, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6e, 0x63, + 0x66, 0x2f, 0x78, 0x64, 0x73, 0x2f, 0x67, 0x6f, 0x2f, 0x78, 0x64, 0x73, 0x2f, 0x74, 0x79, 0x70, + 0x65, 0x2f, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2f, 0x76, 0x33, 0x62, 0x06, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/vendor/github.com/cncf/xds/go/xds/type/matcher/v3/matcher.pb.validate.go b/vendor/github.com/cncf/xds/go/xds/type/matcher/v3/matcher.pb.validate.go index 60b721f5f..edd1dd8aa 100644 --- a/vendor/github.com/cncf/xds/go/xds/type/matcher/v3/matcher.pb.validate.go +++ b/vendor/github.com/cncf/xds/go/xds/type/matcher/v3/matcher.pb.validate.go @@ -271,6 +271,8 @@ func (m *Matcher_OnMatch) validate(all bool) error { var errors []error + // no validation rules for KeepMatching + oneofOnMatchPresent := false switch v := m.OnMatch.(type) { case *Matcher_OnMatch_Matcher: diff --git a/vendor/github.com/cpuguy83/go-md2man/v2/md2man/md2man.go b/vendor/github.com/cpuguy83/go-md2man/v2/md2man/md2man.go index 62d91b77d..5673f5c0b 100644 --- a/vendor/github.com/cpuguy83/go-md2man/v2/md2man/md2man.go +++ b/vendor/github.com/cpuguy83/go-md2man/v2/md2man/md2man.go @@ -1,3 +1,4 @@ +// Package md2man aims in converting markdown into roff (man pages). package md2man import ( diff --git a/vendor/github.com/cpuguy83/go-md2man/v2/md2man/roff.go b/vendor/github.com/cpuguy83/go-md2man/v2/md2man/roff.go index 96a80c99b..4f1070fc5 100644 --- a/vendor/github.com/cpuguy83/go-md2man/v2/md2man/roff.go +++ b/vendor/github.com/cpuguy83/go-md2man/v2/md2man/roff.go @@ -47,13 +47,13 @@ const ( tableStart = "\n.TS\nallbox;\n" tableEnd = ".TE\n" tableCellStart = "T{\n" - tableCellEnd = "\nT}\n" + tableCellEnd = "\nT}" tablePreprocessor = `'\" t` ) // NewRoffRenderer creates a new blackfriday Renderer for generating roff documents // from markdown -func NewRoffRenderer() *roffRenderer { // nolint: golint +func NewRoffRenderer() *roffRenderer { return &roffRenderer{} } @@ -316,9 +316,8 @@ func (r *roffRenderer) handleTableCell(w io.Writer, node *blackfriday.Node, ente } else if nodeLiteralSize(node) > 30 { end = tableCellEnd } - if node.Next == nil && end != tableCellEnd { - // Last cell: need to carriage return if we are at the end of the - // header row and content isn't wrapped in a "tablecell" + if node.Next == nil { + // Last cell: need to carriage return if we are at the end of the header row. end += crTag } out(w, end) @@ -356,7 +355,7 @@ func countColumns(node *blackfriday.Node) int { } func out(w io.Writer, output string) { - io.WriteString(w, output) // nolint: errcheck + io.WriteString(w, output) //nolint:errcheck } func escapeSpecialChars(w io.Writer, text []byte) { @@ -395,7 +394,7 @@ func escapeSpecialCharsLine(w io.Writer, text []byte) { i++ } if i > org { - w.Write(text[org:i]) // nolint: errcheck + w.Write(text[org:i]) //nolint:errcheck } // escape a character @@ -403,7 +402,7 @@ func escapeSpecialCharsLine(w io.Writer, text []byte) { break } - w.Write([]byte{'\\', text[i]}) // nolint: errcheck + w.Write([]byte{'\\', text[i]}) //nolint:errcheck } } diff --git a/vendor/github.com/gabriel-vasile/mimetype/.golangci.yml b/vendor/github.com/gabriel-vasile/mimetype/.golangci.yml new file mode 100644 index 000000000..f2058ccc5 --- /dev/null +++ b/vendor/github.com/gabriel-vasile/mimetype/.golangci.yml @@ -0,0 +1,5 @@ +version: "2" +linters: + exclusions: + presets: + - std-error-handling diff --git a/vendor/github.com/gabriel-vasile/mimetype/internal/json/parser.go b/vendor/github.com/gabriel-vasile/mimetype/internal/json/parser.go new file mode 100644 index 000000000..fd8dd5202 --- /dev/null +++ b/vendor/github.com/gabriel-vasile/mimetype/internal/json/parser.go @@ -0,0 +1,464 @@ +package json + +import ( + "bytes" + "sync" +) + +const ( + QueryNone = "json" + QueryGeo = "geo" + QueryHAR = "har" + QueryGLTF = "gltf" + maxRecursion = 4096 +) + +var queries = map[string][]query{ + QueryNone: nil, + QueryGeo: {{ + SearchPath: [][]byte{[]byte("type")}, + SearchVals: [][]byte{ + []byte(`"Feature"`), + []byte(`"FeatureCollection"`), + []byte(`"Point"`), + []byte(`"LineString"`), + []byte(`"Polygon"`), + []byte(`"MultiPoint"`), + []byte(`"MultiLineString"`), + []byte(`"MultiPolygon"`), + []byte(`"GeometryCollection"`), + }, + }}, + QueryHAR: {{ + SearchPath: [][]byte{[]byte("log"), []byte("version")}, + }, { + SearchPath: [][]byte{[]byte("log"), []byte("creator")}, + }, { + SearchPath: [][]byte{[]byte("log"), []byte("entries")}, + }}, + QueryGLTF: {{ + SearchPath: [][]byte{[]byte("asset"), []byte("version")}, + SearchVals: [][]byte{[]byte(`"1.0"`), []byte(`"2.0"`)}, + }}, +} + +var parserPool = sync.Pool{ + New: func() any { + return &parserState{maxRecursion: maxRecursion} + }, +} + +// parserState holds the state of JSON parsing. The number of inspected bytes, +// the current path inside the JSON object, etc. +type parserState struct { + // ib represents the number of inspected bytes. + // Because mimetype limits itself to only reading the header of the file, + // it means sometimes the input JSON can be truncated. In that case, we want + // to still detect it as JSON, even if it's invalid/truncated. + // When ib == len(input) it means the JSON was valid (at least the header). + ib int + maxRecursion int + // currPath keeps a track of the JSON keys parsed up. + // It works only for JSON objects. JSON arrays are ignored + // mainly because the functionality is not needed. + currPath [][]byte + // firstToken stores the first JSON token encountered in input. + // TODO: performance would be better if we would stop parsing as soon + // as we see that first token is not what we are interested in. + firstToken int + // querySatisfied is true if both path and value of any queries passed to + // consumeAny are satisfied. + querySatisfied bool +} + +// query holds information about a combination of {"key": "val"} that we're trying +// to search for inside the JSON. +type query struct { + // SearchPath represents the whole path to look for inside the JSON. + // ex: [][]byte{[]byte("foo"), []byte("bar")} matches {"foo": {"bar": "baz"}} + SearchPath [][]byte + // SearchVals represents values to look for when the SearchPath is found. + // Each SearchVal element is tried until one of them matches (logical OR.) + SearchVals [][]byte +} + +func eq(path1, path2 [][]byte) bool { + if len(path1) != len(path2) { + return false + } + for i := range path1 { + if !bytes.Equal(path1[i], path2[i]) { + return false + } + } + return true +} + +// LooksLikeObjectOrArray reports if first non white space character from raw +// is either { or [. Parsing raw as JSON is a heavy operation. When receiving some +// text input we can skip parsing if the input does not even look like JSON. +func LooksLikeObjectOrArray(raw []byte) bool { + for i := range raw { + if isSpace(raw[i]) { + continue + } + return raw[i] == '{' || raw[i] == '[' + } + + return false +} + +// Parse will take out a parser from the pool depending on queryType and tries +// to parse raw bytes as JSON. +func Parse(queryType string, raw []byte) (parsed, inspected, firstToken int, querySatisfied bool) { + p := parserPool.Get().(*parserState) + defer func() { + // Avoid hanging on to too much memory in extreme input cases. + if len(p.currPath) > 128 { + p.currPath = nil + } + parserPool.Put(p) + }() + p.reset() + + qs := queries[queryType] + got := p.consumeAny(raw, qs, 0) + return got, p.ib, p.firstToken, p.querySatisfied +} + +func (p *parserState) reset() { + p.ib = 0 + p.currPath = p.currPath[0:0] + p.firstToken = TokInvalid + p.querySatisfied = false +} + +func (p *parserState) consumeSpace(b []byte) (n int) { + for len(b) > 0 && isSpace(b[0]) { + b = b[1:] + n++ + p.ib++ + } + return n +} + +func (p *parserState) consumeConst(b, cnst []byte) int { + lb := len(b) + for i, c := range cnst { + if lb > i && b[i] == c { + p.ib++ + } else { + return 0 + } + } + return len(cnst) +} + +func (p *parserState) consumeString(b []byte) (n int) { + var c byte + for len(b[n:]) > 0 { + c, n = b[n], n+1 + p.ib++ + switch c { + case '\\': + if len(b[n:]) == 0 { + return 0 + } + switch b[n] { + case '"', '\\', '/', 'b', 'f', 'n', 'r', 't': + n++ + p.ib++ + continue + case 'u': + n++ + p.ib++ + for j := 0; j < 4 && len(b[n:]) > 0; j++ { + if !isXDigit(b[n]) { + return 0 + } + n++ + p.ib++ + } + continue + default: + return 0 + } + case '"': + return n + default: + continue + } + } + return 0 +} + +func (p *parserState) consumeNumber(b []byte) (n int) { + got := false + var i int + + if len(b) == 0 { + goto out + } + if b[0] == '-' { + b, i = b[1:], i+1 + p.ib++ + } + + for len(b) > 0 { + if !isDigit(b[0]) { + break + } + got = true + b, i = b[1:], i+1 + p.ib++ + } + if len(b) == 0 { + goto out + } + if b[0] == '.' { + b, i = b[1:], i+1 + p.ib++ + } + for len(b) > 0 { + if !isDigit(b[0]) { + break + } + got = true + b, i = b[1:], i+1 + p.ib++ + } + if len(b) == 0 { + goto out + } + if got && (b[0] == 'e' || b[0] == 'E') { + b, i = b[1:], i+1 + p.ib++ + got = false + if len(b) == 0 { + goto out + } + if b[0] == '+' || b[0] == '-' { + b, i = b[1:], i+1 + p.ib++ + } + for len(b) > 0 { + if !isDigit(b[0]) { + break + } + got = true + b, i = b[1:], i+1 + p.ib++ + } + } +out: + if got { + return i + } + return 0 +} + +func (p *parserState) consumeArray(b []byte, qs []query, lvl int) (n int) { + p.currPath = append(p.currPath, []byte{'['}) + if len(b) == 0 { + return 0 + } + + for n < len(b) { + n += p.consumeSpace(b[n:]) + if len(b[n:]) == 0 { + return 0 + } + if b[n] == ']' { + p.ib++ + p.currPath = p.currPath[:len(p.currPath)-1] + return n + 1 + } + innerParsed := p.consumeAny(b[n:], qs, lvl) + if innerParsed == 0 { + return 0 + } + n += innerParsed + if len(b[n:]) == 0 { + return 0 + } + switch b[n] { + case ',': + n += 1 + p.ib++ + continue + case ']': + p.ib++ + return n + 1 + default: + return 0 + } + } + return 0 +} + +func queryPathMatch(qs []query, path [][]byte) int { + for i := range qs { + if eq(qs[i].SearchPath, path) { + return i + } + } + return -1 +} + +func (p *parserState) consumeObject(b []byte, qs []query, lvl int) (n int) { + for n < len(b) { + n += p.consumeSpace(b[n:]) + if len(b[n:]) == 0 { + return 0 + } + if b[n] == '}' { + p.ib++ + return n + 1 + } + if b[n] != '"' { + return 0 + } else { + n += 1 + p.ib++ + } + // queryMatched stores the index of the query satisfying the current path. + queryMatched := -1 + if keyLen := p.consumeString(b[n:]); keyLen == 0 { + return 0 + } else { + p.currPath = append(p.currPath, b[n:n+keyLen-1]) + if !p.querySatisfied { + queryMatched = queryPathMatch(qs, p.currPath) + } + n += keyLen + } + n += p.consumeSpace(b[n:]) + if len(b[n:]) == 0 { + return 0 + } + if b[n] != ':' { + return 0 + } else { + n += 1 + p.ib++ + } + n += p.consumeSpace(b[n:]) + if len(b[n:]) == 0 { + return 0 + } + + if valLen := p.consumeAny(b[n:], qs, lvl); valLen == 0 { + return 0 + } else { + if queryMatched != -1 { + q := qs[queryMatched] + if len(q.SearchVals) == 0 { + p.querySatisfied = true + } + for _, val := range q.SearchVals { + if bytes.Equal(val, bytes.TrimSpace(b[n:n+valLen])) { + p.querySatisfied = true + } + } + } + n += valLen + } + if len(b[n:]) == 0 { + return 0 + } + switch b[n] { + case ',': + p.currPath = p.currPath[:len(p.currPath)-1] + n++ + p.ib++ + continue + case '}': + p.currPath = p.currPath[:len(p.currPath)-1] + p.ib++ + return n + 1 + default: + return 0 + } + } + return 0 +} + +func (p *parserState) consumeAny(b []byte, qs []query, lvl int) (n int) { + // Avoid too much recursion. + if p.maxRecursion != 0 && lvl > p.maxRecursion { + return 0 + } + n += p.consumeSpace(b) + if len(b[n:]) == 0 { + return 0 + } + + var t, rv int + switch b[n] { + case '"': + n++ + p.ib++ + rv = p.consumeString(b[n:]) + t = TokString + case '[': + n++ + p.ib++ + rv = p.consumeArray(b[n:], qs, lvl+1) + t = TokArray + case '{': + n++ + p.ib++ + rv = p.consumeObject(b[n:], qs, lvl+1) + t = TokObject + case 't': + rv = p.consumeConst(b[n:], []byte("true")) + t = TokTrue + case 'f': + rv = p.consumeConst(b[n:], []byte("false")) + t = TokFalse + case 'n': + rv = p.consumeConst(b[n:], []byte("null")) + t = TokNull + default: + rv = p.consumeNumber(b[n:]) + t = TokNumber + } + if lvl == 0 { + p.firstToken = t + } + if len(qs) == 0 { + p.querySatisfied = true + } + if rv <= 0 { + return n + } + n += rv + n += p.consumeSpace(b[n:]) + return n +} + +func isSpace(c byte) bool { + return c == ' ' || c == '\t' || c == '\r' || c == '\n' +} +func isDigit(c byte) bool { + return '0' <= c && c <= '9' +} + +func isXDigit(c byte) bool { + if isDigit(c) { + return true + } + return ('a' <= c && c <= 'f') || ('A' <= c && c <= 'F') +} + +const ( + TokInvalid = 0 + TokNull = 1 << iota + TokTrue + TokFalse + TokNumber + TokString + TokArray + TokObject + TokComma +) diff --git a/vendor/github.com/gabriel-vasile/mimetype/internal/magic/archive.go b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/archive.go index 068d00f79..dd7f2417c 100644 --- a/vendor/github.com/gabriel-vasile/mimetype/internal/magic/archive.go +++ b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/archive.go @@ -137,7 +137,7 @@ func tarParseOctal(b []byte) int64 { if b == 0 { break } - if !(b >= '0' && b <= '7') { + if b < '0' || b > '7' { return -1 } ret = (ret << 3) | int64(b-'0') diff --git a/vendor/github.com/gabriel-vasile/mimetype/internal/magic/binary.go b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/binary.go index 769732018..70599b342 100644 --- a/vendor/github.com/gabriel-vasile/mimetype/internal/magic/binary.go +++ b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/binary.go @@ -71,7 +71,7 @@ func Dbf(raw []byte, limit uint32) bool { } // 3rd and 4th bytes contain the last update month and day of month. - if !(0 < raw[2] && raw[2] < 13 && 0 < raw[3] && raw[3] < 32) { + if raw[2] == 0 || raw[2] > 12 || raw[3] == 0 || raw[3] > 31 { return false } @@ -153,7 +153,7 @@ func Marc(raw []byte, limit uint32) bool { return bytes.Contains(raw[:min(2048, len(raw))], []byte{0x1E}) } -// Glb matches a glTF model format file. +// GLB matches a glTF model format file. // GLB is the binary file format representation of 3D models saved in // the GL transmission Format (glTF). // GLB uses little endian and its header structure is as follows: @@ -168,7 +168,7 @@ func Marc(raw []byte, limit uint32) bool { // // [glTF specification]: https://registry.khronos.org/glTF/specs/2.0/glTF-2.0.html // [IANA glTF entry]: https://www.iana.org/assignments/media-types/model/gltf-binary -var Glb = prefix([]byte("\x67\x6C\x54\x46\x02\x00\x00\x00"), +var GLB = prefix([]byte("\x67\x6C\x54\x46\x02\x00\x00\x00"), []byte("\x67\x6C\x54\x46\x01\x00\x00\x00")) // TzIf matches a Time Zone Information Format (TZif) file. diff --git a/vendor/github.com/gabriel-vasile/mimetype/internal/magic/geo.go b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/geo.go index f077e1672..cade91f18 100644 --- a/vendor/github.com/gabriel-vasile/mimetype/internal/magic/geo.go +++ b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/geo.go @@ -12,13 +12,13 @@ func Shp(raw []byte, limit uint32) bool { return false } - if !(binary.BigEndian.Uint32(raw[0:4]) == 9994 && - binary.BigEndian.Uint32(raw[4:8]) == 0 && - binary.BigEndian.Uint32(raw[8:12]) == 0 && - binary.BigEndian.Uint32(raw[12:16]) == 0 && - binary.BigEndian.Uint32(raw[16:20]) == 0 && - binary.BigEndian.Uint32(raw[20:24]) == 0 && - binary.LittleEndian.Uint32(raw[28:32]) == 1000) { + if binary.BigEndian.Uint32(raw[0:4]) != 9994 || + binary.BigEndian.Uint32(raw[4:8]) != 0 || + binary.BigEndian.Uint32(raw[8:12]) != 0 || + binary.BigEndian.Uint32(raw[12:16]) != 0 || + binary.BigEndian.Uint32(raw[16:20]) != 0 || + binary.BigEndian.Uint32(raw[20:24]) != 0 || + binary.LittleEndian.Uint32(raw[28:32]) != 1000 { return false } diff --git a/vendor/github.com/gabriel-vasile/mimetype/internal/magic/text.go b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/text.go index cf6446397..8178e4707 100644 --- a/vendor/github.com/gabriel-vasile/mimetype/internal/magic/text.go +++ b/vendor/github.com/gabriel-vasile/mimetype/internal/magic/text.go @@ -2,7 +2,6 @@ package magic import ( "bytes" - "strings" "time" "github.com/gabriel-vasile/mimetype/internal/charset" @@ -154,145 +153,75 @@ func Php(raw []byte, limit uint32) bool { // JSON matches a JavaScript Object Notation file. func JSON(raw []byte, limit uint32) bool { - raw = trimLWS(raw) // #175 A single JSON string, number or bool is not considered JSON. // JSON objects and arrays are reported as JSON. - if len(raw) < 2 || (raw[0] != '[' && raw[0] != '{') { - return false - } - parsed, err := json.Scan(raw) - // If the full file content was provided, check there is no error. - if limit == 0 || len(raw) < int(limit) { - return err == nil - } - - // If a section of the file was provided, check if all of it was parsed. - return parsed == len(raw) && len(raw) > 0 + return jsonHelper(raw, limit, json.QueryNone, json.TokObject|json.TokArray) } // GeoJSON matches a RFC 7946 GeoJSON file. // // GeoJSON detection implies searching for key:value pairs like: `"type": "Feature"` // in the input. -// BUG(gabriel-vasile): The "type" key should be searched for in the root object. func GeoJSON(raw []byte, limit uint32) bool { - raw = trimLWS(raw) - if len(raw) == 0 { - return false - } - // GeoJSON is always a JSON object, not a JSON array or any other JSON value. - if raw[0] != '{' { - return false - } + return jsonHelper(raw, limit, json.QueryGeo, json.TokObject) +} - s := []byte(`"type"`) - si, sl := bytes.Index(raw, s), len(s) +// HAR matches a HAR Spec file. +// Spec: http://www.softwareishard.com/blog/har-12-spec/ +func HAR(raw []byte, limit uint32) bool { + return jsonHelper(raw, limit, json.QueryHAR, json.TokObject) +} - if si == -1 { - return false - } +// GLTF matches a GL Transmission Format (JSON) file. +// Visit [glTF specification] and [IANA glTF entry] for more details. +// +// [glTF specification]: https://registry.khronos.org/glTF/specs/2.0/glTF-2.0.html +// [IANA glTF entry]: https://www.iana.org/assignments/media-types/model/gltf+json +func GLTF(raw []byte, limit uint32) bool { + return jsonHelper(raw, limit, json.QueryGLTF, json.TokObject) +} - // If the "type" string is the suffix of the input, - // there is no need to search for the value of the key. - if si+sl == len(raw) { +func jsonHelper(raw []byte, limit uint32, q string, wantTok int) bool { + if !json.LooksLikeObjectOrArray(raw) { return false } - // Skip the "type" part. - raw = raw[si+sl:] - // Skip any whitespace before the colon. - raw = trimLWS(raw) - // Check for colon. - if len(raw) == 0 || raw[0] != ':' { + lraw := len(raw) + parsed, inspected, firstToken, querySatisfied := json.Parse(q, raw) + if !querySatisfied || firstToken&wantTok == 0 { return false } - // Skip any whitespace after the colon. - raw = trimLWS(raw[1:]) - geoJSONTypes := [][]byte{ - []byte(`"Feature"`), - []byte(`"FeatureCollection"`), - []byte(`"Point"`), - []byte(`"LineString"`), - []byte(`"Polygon"`), - []byte(`"MultiPoint"`), - []byte(`"MultiLineString"`), - []byte(`"MultiPolygon"`), - []byte(`"GeometryCollection"`), - } - for _, t := range geoJSONTypes { - if bytes.HasPrefix(raw, t) { - return true - } + // If the full file content was provided, check that the whole input was parsed. + if limit == 0 || lraw < int(limit) { + return parsed == lraw } - return false + // If a section of the file was provided, check if all of it was inspected. + // In other words, check that if there was a problem parsing, that problem + // occured at the last byte in the input. + return inspected == lraw && lraw > 0 } // NdJSON matches a Newline delimited JSON file. All complete lines from raw // must be valid JSON documents meaning they contain one of the valid JSON data // types. func NdJSON(raw []byte, limit uint32) bool { - lCount, hasObjOrArr := 0, false + lCount, objOrArr := 0, 0 raw = dropLastLine(raw, limit) var l []byte for len(raw) != 0 { l, raw = scanLine(raw) - // Empty lines are allowed in NDJSON. - if l = trimRWS(trimLWS(l)); len(l) == 0 { - continue - } - _, err := json.Scan(l) - if err != nil { + _, inspected, firstToken, _ := json.Parse(json.QueryNone, l) + if len(l) != inspected { return false } - if l[0] == '[' || l[0] == '{' { - hasObjOrArr = true + if firstToken == json.TokArray || firstToken == json.TokObject { + objOrArr++ } lCount++ } - return lCount > 1 && hasObjOrArr -} - -// HAR matches a HAR Spec file. -// Spec: http://www.softwareishard.com/blog/har-12-spec/ -func HAR(raw []byte, limit uint32) bool { - s := []byte(`"log"`) - si, sl := bytes.Index(raw, s), len(s) - - if si == -1 { - return false - } - - // If the "log" string is the suffix of the input, - // there is no need to search for the value of the key. - if si+sl == len(raw) { - return false - } - // Skip the "log" part. - raw = raw[si+sl:] - // Skip any whitespace before the colon. - raw = trimLWS(raw) - // Check for colon. - if len(raw) == 0 || raw[0] != ':' { - return false - } - // Skip any whitespace after the colon. - raw = trimLWS(raw[1:]) - - harJSONTypes := [][]byte{ - []byte(`"version"`), - []byte(`"creator"`), - []byte(`"entries"`), - } - for _, t := range harJSONTypes { - si := bytes.Index(raw, t) - if si > -1 { - return true - } - } - - return false + return lCount > 1 && objOrArr > 0 } // Svg matches a SVG file. @@ -305,32 +234,31 @@ func Srt(raw []byte, _ uint32) bool { line, raw := scanLine(raw) // First line must be 1. - if string(line) != "1" { + if len(line) != 1 || line[0] != '1' { return false } line, raw = scanLine(raw) - secondLine := string(line) - // Timestamp format (e.g: 00:02:16,612 --> 00:02:19,376) limits secondLine + // Timestamp format (e.g: 00:02:16,612 --> 00:02:19,376) limits second line // length to exactly 29 characters. - if len(secondLine) != 29 { + if len(line) != 29 { return false } // Decimal separator of fractional seconds in the timestamps must be a // comma, not a period. - if strings.Contains(secondLine, ".") { + if bytes.IndexByte(line, '.') != -1 { return false } - // Second line must be a time range. - ts := strings.Split(secondLine, " --> ") - if len(ts) != 2 { + sep := []byte(" --> ") + i := bytes.Index(line, sep) + if i == -1 { return false } const layout = "15:04:05,000" - t0, err := time.Parse(layout, ts[0]) + t0, err := time.Parse(layout, string(line[:i])) if err != nil { return false } - t1, err := time.Parse(layout, ts[1]) + t1, err := time.Parse(layout, string(line[i+len(sep):])) if err != nil { return false } diff --git a/vendor/github.com/gabriel-vasile/mimetype/supported_mimes.md b/vendor/github.com/gabriel-vasile/mimetype/supported_mimes.md index f9bf03cba..6f45bfbb6 100644 --- a/vendor/github.com/gabriel-vasile/mimetype/supported_mimes.md +++ b/vendor/github.com/gabriel-vasile/mimetype/supported_mimes.md @@ -1,4 +1,4 @@ -## 178 Supported MIME types +## 179 Supported MIME types This file is automatically generated when running tests. Do not edit manually. Extension | MIME type | Aliases @@ -171,6 +171,7 @@ Extension | MIME type | Aliases **.json** | application/json | - **.geojson** | application/geo+json | - **.har** | application/json | - +**.gltf** | model/gltf+json | - **.ndjson** | application/x-ndjson | - **.rtf** | text/rtf | application/rtf **.srt** | application/x-subrip | application/x-srt, text/x-srt diff --git a/vendor/github.com/gabriel-vasile/mimetype/tree.go b/vendor/github.com/gabriel-vasile/mimetype/tree.go index b5f566227..63a2093a4 100644 --- a/vendor/github.com/gabriel-vasile/mimetype/tree.go +++ b/vendor/github.com/gabriel-vasile/mimetype/tree.go @@ -83,7 +83,7 @@ var ( text = newMIME("text/plain", ".txt", magic.Text, html, svg, xml, php, js, lua, perl, python, json, ndJSON, rtf, srt, tcl, csv, tsv, vCard, iCalendar, warc, vtt) xml = newMIME("text/xml", ".xml", magic.XML, rss, atom, x3d, kml, xliff, collada, gml, gpx, tcx, amf, threemf, xfdf, owl2). alias("application/xml") - json = newMIME("application/json", ".json", magic.JSON, geoJSON, har) + json = newMIME("application/json", ".json", magic.JSON, geoJSON, har, gltf) har = newMIME("application/json", ".har", magic.HAR) csv = newMIME("text/csv", ".csv", magic.Csv) tsv = newMIME("text/tab-separated-values", ".tsv", magic.Tsv) @@ -262,7 +262,8 @@ var ( pat = newMIME("image/x-gimp-pat", ".pat", magic.Pat) gbr = newMIME("image/x-gimp-gbr", ".gbr", magic.Gbr) xfdf = newMIME("application/vnd.adobe.xfdf", ".xfdf", magic.Xfdf) - glb = newMIME("model/gltf-binary", ".glb", magic.Glb) + glb = newMIME("model/gltf-binary", ".glb", magic.GLB) + gltf = newMIME("model/gltf+json", ".gltf", magic.GLTF) jxr = newMIME("image/jxr", ".jxr", magic.Jxr).alias("image/vnd.ms-photo") parquet = newMIME("application/vnd.apache.parquet", ".parquet", magic.Par1). alias("application/x-parquet") diff --git a/vendor/github.com/gin-contrib/sse/.golangci.yml b/vendor/github.com/gin-contrib/sse/.golangci.yml index 4c44c5fae..47094ac61 100644 --- a/vendor/github.com/gin-contrib/sse/.golangci.yml +++ b/vendor/github.com/gin-contrib/sse/.golangci.yml @@ -1,3 +1,50 @@ +version: "2" linters: - disable: + default: none + enable: + - bodyclose + - dogsled + - dupl - errcheck + - exhaustive + - gochecknoinits + - goconst + - gocritic + - gocyclo + - goprintffuncname + - gosec + - govet + - ineffassign + - lll + - misspell + - nakedret + - noctx + - nolintlint + - rowserrcheck + - staticcheck + - unconvert + - unparam + - unused + - whitespace + exclusions: + generated: lax + presets: + - comments + - common-false-positives + - legacy + - std-error-handling + paths: + - third_party$ + - builtin$ + - examples$ +formatters: + enable: + - gofmt + - gofumpt + - goimports + exclusions: + generated: lax + paths: + - third_party$ + - builtin$ + - examples$ diff --git a/vendor/github.com/gin-contrib/sse/sse-decoder.go b/vendor/github.com/gin-contrib/sse/sse-decoder.go index fd49b9c37..da2c2d4b6 100644 --- a/vendor/github.com/gin-contrib/sse/sse-decoder.go +++ b/vendor/github.com/gin-contrib/sse/sse-decoder.go @@ -7,7 +7,6 @@ package sse import ( "bytes" "io" - "io/ioutil" ) type decoder struct { @@ -22,7 +21,8 @@ func Decode(r io.Reader) ([]Event, error) { func (d *decoder) dispatchEvent(event Event, data string) { dataLength := len(data) if dataLength > 0 { - //If the data buffer's last character is a U+000A LINE FEED (LF) character, then remove the last character from the data buffer. + // If the data buffer's last character is a U+000A LINE FEED (LF) character, + // then remove the last character from the data buffer. data = data[:dataLength-1] dataLength-- } @@ -37,13 +37,13 @@ func (d *decoder) dispatchEvent(event Event, data string) { } func (d *decoder) decode(r io.Reader) ([]Event, error) { - buf, err := ioutil.ReadAll(r) + buf, err := io.ReadAll(r) if err != nil { return nil, err } var currentEvent Event - var dataBuffer *bytes.Buffer = new(bytes.Buffer) + dataBuffer := new(bytes.Buffer) // TODO (and unit tests) // Lines must be separated by either a U+000D CARRIAGE RETURN U+000A LINE FEED (CRLF) character pair, // a single U+000A LINE FEED (LF) character, @@ -96,7 +96,8 @@ func (d *decoder) decode(r io.Reader) ([]Event, error) { currentEvent.Id = string(value) case "retry": // If the field value consists of only characters in the range U+0030 DIGIT ZERO (0) to U+0039 DIGIT NINE (9), - // then interpret the field value as an integer in base ten, and set the event stream's reconnection time to that integer. + // then interpret the field value as an integer in base ten, and set the event stream's + // reconnection time to that integer. // Otherwise, ignore the field. currentEvent.Id = string(value) case "data": @@ -105,7 +106,7 @@ func (d *decoder) decode(r io.Reader) ([]Event, error) { // then append a single U+000A LINE FEED (LF) character to the data buffer. dataBuffer.WriteString("\n") default: - //Otherwise. The field is ignored. + // Otherwise. The field is ignored. continue } } diff --git a/vendor/github.com/gin-contrib/sse/sse-encoder.go b/vendor/github.com/gin-contrib/sse/sse-encoder.go index 0d26c82f0..9ebb49f41 100644 --- a/vendor/github.com/gin-contrib/sse/sse-encoder.go +++ b/vendor/github.com/gin-contrib/sse/sse-encoder.go @@ -20,8 +20,10 @@ import ( const ContentType = "text/event-stream;charset=utf-8" -var contentType = []string{ContentType} -var noCache = []string{"no-cache"} +var ( + contentType = []string{ContentType} + noCache = []string{"no-cache"} +) var fieldReplacer = strings.NewReplacer( "\n", "\\n", @@ -48,48 +50,48 @@ func Encode(writer io.Writer, event Event) error { func writeId(w stringWriter, id string) { if len(id) > 0 { - w.WriteString("id:") - fieldReplacer.WriteString(w, id) - w.WriteString("\n") + _, _ = w.WriteString("id:") + _, _ = fieldReplacer.WriteString(w, id) + _, _ = w.WriteString("\n") } } func writeEvent(w stringWriter, event string) { if len(event) > 0 { - w.WriteString("event:") - fieldReplacer.WriteString(w, event) - w.WriteString("\n") + _, _ = w.WriteString("event:") + _, _ = fieldReplacer.WriteString(w, event) + _, _ = w.WriteString("\n") } } func writeRetry(w stringWriter, retry uint) { if retry > 0 { - w.WriteString("retry:") - w.WriteString(strconv.FormatUint(uint64(retry), 10)) - w.WriteString("\n") + _, _ = w.WriteString("retry:") + _, _ = w.WriteString(strconv.FormatUint(uint64(retry), 10)) + _, _ = w.WriteString("\n") } } func writeData(w stringWriter, data interface{}) error { - w.WriteString("data:") + _, _ = w.WriteString("data:") bData, ok := data.([]byte) if ok { - dataReplacer.WriteString(w, string(bData)) - w.WriteString("\n\n") + _, _ = dataReplacer.WriteString(w, string(bData)) + _, _ = w.WriteString("\n\n") return nil } - switch kindOfData(data) { + switch kindOfData(data) { //nolint:exhaustive case reflect.Struct, reflect.Slice, reflect.Map: err := json.NewEncoder(w).Encode(data) if err != nil { return err } - w.WriteString("\n") + _, _ = w.WriteString("\n") default: - dataReplacer.WriteString(w, fmt.Sprint(data)) - w.WriteString("\n\n") + _, _ = dataReplacer.WriteString(w, fmt.Sprint(data)) + _, _ = w.WriteString("\n\n") } return nil } diff --git a/vendor/github.com/gin-contrib/sse/writer.go b/vendor/github.com/gin-contrib/sse/writer.go index 6f9806c55..724d9d07d 100644 --- a/vendor/github.com/gin-contrib/sse/writer.go +++ b/vendor/github.com/gin-contrib/sse/writer.go @@ -12,7 +12,7 @@ type stringWrapper struct { } func (w stringWrapper) WriteString(str string) (int, error) { - return w.Writer.Write([]byte(str)) + return w.Write([]byte(str)) } func checkWriter(writer io.Writer) stringWriter { diff --git a/vendor/github.com/go-git/go-git/v5/options.go b/vendor/github.com/go-git/go-git/v5/options.go index 3cd0f952c..e2c77edca 100644 --- a/vendor/github.com/go-git/go-git/v5/options.go +++ b/vendor/github.com/go-git/go-git/v5/options.go @@ -8,6 +8,7 @@ import ( "time" "github.com/ProtonMail/go-crypto/openpgp" + "github.com/go-git/go-git/v5/config" "github.com/go-git/go-git/v5/plumbing" formatcfg "github.com/go-git/go-git/v5/plumbing/format/config" @@ -72,9 +73,16 @@ type CloneOptions struct { // Tags describe how the tags will be fetched from the remote repository, // by default is AllTags. Tags TagMode - // InsecureSkipTLS skips ssl verify if protocol is https + // InsecureSkipTLS skips SSL verification if protocol is HTTPS. InsecureSkipTLS bool - // CABundle specify additional ca bundle with system cert pool + // ClientCert is the client certificate to use for mutual TLS authentication + // over the HTTPS protocol. + ClientCert []byte + // ClientKey is the client key to use for mutual TLS authentication over + // the HTTPS protocol. + ClientKey []byte + // CABundle specifies an additional CA bundle to use together with the + // system cert pool. CABundle []byte // ProxyOptions provides info required for connecting to a proxy. ProxyOptions transport.ProxyOptions @@ -153,9 +161,16 @@ type PullOptions struct { // Force allows the pull to update a local branch even when the remote // branch does not descend from it. Force bool - // InsecureSkipTLS skips ssl verify if protocol is https + // InsecureSkipTLS skips SSL verification if protocol is HTTPS. InsecureSkipTLS bool - // CABundle specify additional ca bundle with system cert pool + // ClientCert is the client certificate to use for mutual TLS authentication + // over the HTTPS protocol. + ClientCert []byte + // ClientKey is the client key to use for mutual TLS authentication over + // the HTTPS protocol. + ClientKey []byte + // CABundle specifies an additional CA bundle to use together with the + // system cert pool. CABundle []byte // ProxyOptions provides info required for connecting to a proxy. ProxyOptions transport.ProxyOptions @@ -211,9 +226,16 @@ type FetchOptions struct { // Force allows the fetch to update a local branch even when the remote // branch does not descend from it. Force bool - // InsecureSkipTLS skips ssl verify if protocol is https + // InsecureSkipTLS skips SSL verification if protocol is HTTPS. InsecureSkipTLS bool - // CABundle specify additional ca bundle with system cert pool + // ClientCert is the client certificate to use for mutual TLS authentication + // over the HTTPS protocol. + ClientCert []byte + // ClientKey is the client key to use for mutual TLS authentication over + // the HTTPS protocol. + ClientKey []byte + // CABundle specifies an additional CA bundle to use together with the + // system cert pool. CABundle []byte // ProxyOptions provides info required for connecting to a proxy. ProxyOptions transport.ProxyOptions @@ -267,9 +289,16 @@ type PushOptions struct { // Force allows the push to update a remote branch even when the local // branch does not descend from it. Force bool - // InsecureSkipTLS skips ssl verify if protocol is https + // InsecureSkipTLS skips SSL verification if protocol is HTTPS. InsecureSkipTLS bool - // CABundle specify additional ca bundle with system cert pool + // ClientCert is the client certificate to use for mutual TLS authentication + // over the HTTPS protocol. + ClientCert []byte + // ClientKey is the client key to use for mutual TLS authentication over + // the HTTPS protocol. + ClientKey []byte + // CABundle specifies an additional CA bundle to use together with the + // system cert pool. CABundle []byte // RequireRemoteRefs only allows a remote ref to be updated if its current // value is the one specified here. @@ -693,9 +722,16 @@ func (o *CreateTagOptions) loadConfigTagger(r *Repository) error { type ListOptions struct { // Auth credentials, if required, to use with the remote repository. Auth transport.AuthMethod - // InsecureSkipTLS skips ssl verify if protocol is https + // InsecureSkipTLS skips SSL verification if protocol is HTTPS. InsecureSkipTLS bool - // CABundle specify additional ca bundle with system cert pool + // ClientCert is the client certificate to use for mutual TLS authentication + // over the HTTPS protocol. + ClientCert []byte + // ClientKey is the client key to use for mutual TLS authentication over + // the HTTPS protocol. + ClientKey []byte + // CABundle specifies an additional CA bundle to use together with the + // system cert pool. CABundle []byte // PeelingOption defines how peeled objects are handled during a // remote list. diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/transport/common.go b/vendor/github.com/go-git/go-git/v5/plumbing/transport/common.go index fae1aa98c..b4c5e98be 100644 --- a/vendor/github.com/go-git/go-git/v5/plumbing/transport/common.go +++ b/vendor/github.com/go-git/go-git/v5/plumbing/transport/common.go @@ -113,9 +113,17 @@ type Endpoint struct { Port int // Path is the repository path. Path string - // InsecureSkipTLS skips ssl verify if protocol is https + // InsecureSkipTLS skips SSL verification if Protocol is HTTPS. InsecureSkipTLS bool - // CaBundle specify additional ca bundle with system cert pool + // ClientCert specifies an optional client certificate to use for mutual + // TLS authentication if Protocol is HTTPS. + ClientCert []byte + // ClientKey specifies an optional client key to use for mutual TLS + // authentication if Protocol is HTTPS. + ClientKey []byte + // CaBundle specifies an optional CA bundle to use for SSL verification + // if Protocol is HTTPS. The bundle is added in addition to the system + // CA bundle. CaBundle []byte // Proxy provides info required for connecting to a proxy. Proxy ProxyOptions diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/transport/http/common.go b/vendor/github.com/go-git/go-git/v5/plumbing/transport/http/common.go index df01890b2..5dd2e311f 100644 --- a/vendor/github.com/go-git/go-git/v5/plumbing/transport/http/common.go +++ b/vendor/github.com/go-git/go-git/v5/plumbing/transport/http/common.go @@ -15,12 +15,13 @@ import ( "strings" "sync" + "github.com/golang/groupcache/lru" + "github.com/go-git/go-git/v5/plumbing" "github.com/go-git/go-git/v5/plumbing/protocol/packp" "github.com/go-git/go-git/v5/plumbing/protocol/packp/capability" "github.com/go-git/go-git/v5/plumbing/transport" "github.com/go-git/go-git/v5/utils/ioutil" - "github.com/golang/groupcache/lru" ) // it requires a bytes.Buffer, because we need to know the length @@ -185,6 +186,18 @@ func transportWithInsecureTLS(transport *http.Transport) { transport.TLSClientConfig.InsecureSkipVerify = true } +func transportWithClientCert(transport *http.Transport, cert, key []byte) error { + keyPair, err := tls.X509KeyPair(cert, key) + if err != nil { + return err + } + if transport.TLSClientConfig == nil { + transport.TLSClientConfig = &tls.Config{} + } + transport.TLSClientConfig.Certificates = []tls.Certificate{keyPair} + return nil +} + func transportWithCABundle(transport *http.Transport, caBundle []byte) error { rootCAs, err := x509.SystemCertPool() if err != nil { @@ -206,6 +219,11 @@ func transportWithProxy(transport *http.Transport, proxyURL *url.URL) { } func configureTransport(transport *http.Transport, ep *transport.Endpoint) error { + if len(ep.ClientCert) > 0 && len(ep.ClientKey) > 0 { + if err := transportWithClientCert(transport, ep.ClientCert, ep.ClientKey); err != nil { + return err + } + } if len(ep.CaBundle) > 0 { if err := transportWithCABundle(transport, ep.CaBundle); err != nil { return err @@ -230,7 +248,7 @@ func newSession(c *client, ep *transport.Endpoint, auth transport.AuthMethod) (* // We need to configure the http transport if there are transport specific // options present in the endpoint. - if len(ep.CaBundle) > 0 || ep.InsecureSkipTLS || ep.Proxy.URL != "" { + if len(ep.ClientKey) > 0 || len(ep.ClientCert) > 0 || len(ep.CaBundle) > 0 || ep.InsecureSkipTLS || ep.Proxy.URL != "" { var transport *http.Transport // if the client wasn't configured to have a cache for transports then just configure // the transport and use it directly, otherwise try to use the cache. @@ -242,9 +260,13 @@ func newSession(c *client, ep *transport.Endpoint, auth transport.AuthMethod) (* } transport = tr.Clone() - configureTransport(transport, ep) + if err := configureTransport(transport, ep); err != nil { + return nil, err + } } else { transportOpts := transportOptions{ + clientCert: string(ep.ClientCert), + clientKey: string(ep.ClientKey), caBundle: string(ep.CaBundle), insecureSkipTLS: ep.InsecureSkipTLS, } @@ -260,7 +282,9 @@ func newSession(c *client, ep *transport.Endpoint, auth transport.AuthMethod) (* if !found { transport = c.client.Transport.(*http.Transport).Clone() - configureTransport(transport, ep) + if err := configureTransport(transport, ep); err != nil { + return nil, err + } c.addTransport(transportOpts, transport) } } diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/transport/http/transport.go b/vendor/github.com/go-git/go-git/v5/plumbing/transport/http/transport.go index c8db38920..1991d0512 100644 --- a/vendor/github.com/go-git/go-git/v5/plumbing/transport/http/transport.go +++ b/vendor/github.com/go-git/go-git/v5/plumbing/transport/http/transport.go @@ -9,8 +9,10 @@ import ( type transportOptions struct { insecureSkipTLS bool // []byte is not comparable. - caBundle string - proxyURL url.URL + clientCert string + clientKey string + caBundle string + proxyURL url.URL } func (c *client) addTransport(opts transportOptions, transport *http.Transport) { diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/auth_method.go b/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/auth_method.go index ac4e3583c..a61610601 100644 --- a/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/auth_method.go +++ b/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/auth_method.go @@ -54,7 +54,7 @@ func (a *KeyboardInteractive) String() string { } func (a *KeyboardInteractive) ClientConfig() (*ssh.ClientConfig, error) { - return a.SetHostKeyCallback(&ssh.ClientConfig{ + return a.SetHostKeyCallbackAndAlgorithms(&ssh.ClientConfig{ User: a.User, Auth: []ssh.AuthMethod{ a.Challenge, @@ -78,7 +78,7 @@ func (a *Password) String() string { } func (a *Password) ClientConfig() (*ssh.ClientConfig, error) { - return a.SetHostKeyCallback(&ssh.ClientConfig{ + return a.SetHostKeyCallbackAndAlgorithms(&ssh.ClientConfig{ User: a.User, Auth: []ssh.AuthMethod{ssh.Password(a.Password)}, }) @@ -101,7 +101,7 @@ func (a *PasswordCallback) String() string { } func (a *PasswordCallback) ClientConfig() (*ssh.ClientConfig, error) { - return a.SetHostKeyCallback(&ssh.ClientConfig{ + return a.SetHostKeyCallbackAndAlgorithms(&ssh.ClientConfig{ User: a.User, Auth: []ssh.AuthMethod{ssh.PasswordCallback(a.Callback)}, }) @@ -150,7 +150,7 @@ func (a *PublicKeys) String() string { } func (a *PublicKeys) ClientConfig() (*ssh.ClientConfig, error) { - return a.SetHostKeyCallback(&ssh.ClientConfig{ + return a.SetHostKeyCallbackAndAlgorithms(&ssh.ClientConfig{ User: a.User, Auth: []ssh.AuthMethod{ssh.PublicKeys(a.Signer)}, }) @@ -211,7 +211,7 @@ func (a *PublicKeysCallback) String() string { } func (a *PublicKeysCallback) ClientConfig() (*ssh.ClientConfig, error) { - return a.SetHostKeyCallback(&ssh.ClientConfig{ + return a.SetHostKeyCallbackAndAlgorithms(&ssh.ClientConfig{ User: a.User, Auth: []ssh.AuthMethod{ssh.PublicKeysCallback(a.Callback)}, }) @@ -230,11 +230,26 @@ func (a *PublicKeysCallback) ClientConfig() (*ssh.ClientConfig, error) { // ~/.ssh/known_hosts // /etc/ssh/ssh_known_hosts func NewKnownHostsCallback(files ...string) (ssh.HostKeyCallback, error) { - kh, err := newKnownHosts(files...) - return ssh.HostKeyCallback(kh), err + kh, err := NewKnownHostsDb(files...) + if err != nil { + return nil, err + } + return kh.HostKeyCallback(), nil } -func newKnownHosts(files ...string) (knownhosts.HostKeyCallback, error) { +// NewKnownHostsDb returns knownhosts.HostKeyDB based on a file based on a +// known_hosts file. http://man.openbsd.org/sshd#SSH_KNOWN_HOSTS_FILE_FORMAT +// +// If list of files is empty, then it will be read from the SSH_KNOWN_HOSTS +// environment variable, example: +// +// /home/foo/custom_known_hosts_file:/etc/custom_known/hosts_file +// +// If SSH_KNOWN_HOSTS is not set the following file locations will be used: +// +// ~/.ssh/known_hosts +// /etc/ssh/ssh_known_hosts +func NewKnownHostsDb(files ...string) (*knownhosts.HostKeyDB, error) { var err error if len(files) == 0 { @@ -247,7 +262,7 @@ func newKnownHosts(files ...string) (knownhosts.HostKeyCallback, error) { return nil, err } - return knownhosts.New(files...) + return knownhosts.NewDB(files...) } func getDefaultKnownHostsFiles() ([]string, error) { @@ -289,25 +304,50 @@ func filterKnownHostsFiles(files ...string) ([]string, error) { } // HostKeyCallbackHelper is a helper that provides common functionality to -// configure HostKeyCallback into a ssh.ClientConfig. +// configure HostKeyCallback and HostKeyAlgorithms into a ssh.ClientConfig. type HostKeyCallbackHelper struct { // HostKeyCallback is the function type used for verifying server keys. - // If nil default callback will be create using NewKnownHostsCallback + // If nil, a default callback will be created using NewKnownHostsDb // without argument. HostKeyCallback ssh.HostKeyCallback + + // HostKeyAlgorithms is a list of supported host key algorithms that will + // be used for host key verification. + HostKeyAlgorithms []string + + // fallback allows for injecting the fallback call, which is called + // when a HostKeyCallback is not set. + fallback func(files ...string) (ssh.HostKeyCallback, error) } -// SetHostKeyCallback sets the field HostKeyCallback in the given cfg. If -// HostKeyCallback is empty a default callback is created using -// NewKnownHostsCallback. -func (m *HostKeyCallbackHelper) SetHostKeyCallback(cfg *ssh.ClientConfig) (*ssh.ClientConfig, error) { - var err error +// SetHostKeyCallbackAndAlgorithms sets the field HostKeyCallback and HostKeyAlgorithms in the given cfg. +// If the host key callback or algorithms is empty it is left empty. It will be handled by the dial method, +// falling back to knownhosts. +func (m *HostKeyCallbackHelper) SetHostKeyCallbackAndAlgorithms(cfg *ssh.ClientConfig) (*ssh.ClientConfig, error) { + if cfg == nil { + cfg = &ssh.ClientConfig{} + } + if m.HostKeyCallback == nil { - if m.HostKeyCallback, err = NewKnownHostsCallback(); err != nil { - return cfg, err + if m.fallback == nil { + m.fallback = NewKnownHostsCallback } + + hkcb, err := m.fallback() + if err != nil { + return nil, fmt.Errorf("cannot create known hosts callback: %w", err) + } + + cfg.HostKeyCallback = hkcb + cfg.HostKeyAlgorithms = m.HostKeyAlgorithms + return cfg, err } cfg.HostKeyCallback = m.HostKeyCallback + cfg.HostKeyAlgorithms = m.HostKeyAlgorithms return cfg, nil } + +func (m *HostKeyCallbackHelper) SetHostKeyCallback(cfg *ssh.ClientConfig) (*ssh.ClientConfig, error) { + return m.SetHostKeyCallbackAndAlgorithms(cfg) +} diff --git a/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/common.go b/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/common.go index 05dea448f..ae6f2174a 100644 --- a/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/common.go +++ b/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/common.go @@ -11,7 +11,6 @@ import ( "github.com/go-git/go-git/v5/plumbing/transport" "github.com/go-git/go-git/v5/plumbing/transport/internal/common" - "github.com/skeema/knownhosts" "github.com/kevinburke/ssh_config" "golang.org/x/crypto/ssh" @@ -127,17 +126,17 @@ func (c *command) connect() error { } hostWithPort := c.getHostWithPort() if config.HostKeyCallback == nil { - kh, err := newKnownHosts() + db, err := NewKnownHostsDb() if err != nil { return err } - config.HostKeyCallback = kh.HostKeyCallback() - config.HostKeyAlgorithms = kh.HostKeyAlgorithms(hostWithPort) - } else if len(config.HostKeyAlgorithms) == 0 { - // Set the HostKeyAlgorithms based on HostKeyCallback. - // For background see https://github.com/go-git/go-git/issues/411 as well as - // https://github.com/golang/go/issues/29286 for root cause. - config.HostKeyAlgorithms = knownhosts.HostKeyAlgorithms(config.HostKeyCallback, hostWithPort) + config.HostKeyCallback = db.HostKeyCallback() + config.HostKeyAlgorithms = db.HostKeyAlgorithms(hostWithPort) + } else { + // If the user gave a custom HostKeyCallback, we do not try to detect host key algorithms + // based on knownhosts functionality, as the user may be requesting a FixedKey or using a + // different key approval strategy. In that case, the user is responsible for populating + // HostKeyAlgorithms appropriately } overrideConfig(c.config, config) diff --git a/vendor/github.com/go-git/go-git/v5/remote.go b/vendor/github.com/go-git/go-git/v5/remote.go index e2c734e75..730812797 100644 --- a/vendor/github.com/go-git/go-git/v5/remote.go +++ b/vendor/github.com/go-git/go-git/v5/remote.go @@ -114,7 +114,7 @@ func (r *Remote) PushContext(ctx context.Context, o *PushOptions) (err error) { o.RemoteURL = r.c.URLs[len(r.c.URLs)-1] } - s, err := newSendPackSession(o.RemoteURL, o.Auth, o.InsecureSkipTLS, o.CABundle, o.ProxyOptions) + s, err := newSendPackSession(o.RemoteURL, o.Auth, o.InsecureSkipTLS, o.ClientCert, o.ClientKey, o.CABundle, o.ProxyOptions) if err != nil { return err } @@ -416,7 +416,7 @@ func (r *Remote) fetch(ctx context.Context, o *FetchOptions) (sto storer.Referen o.RemoteURL = r.c.URLs[0] } - s, err := newUploadPackSession(o.RemoteURL, o.Auth, o.InsecureSkipTLS, o.CABundle, o.ProxyOptions) + s, err := newUploadPackSession(o.RemoteURL, o.Auth, o.InsecureSkipTLS, o.ClientCert, o.ClientKey, o.CABundle, o.ProxyOptions) if err != nil { return nil, err } @@ -532,8 +532,8 @@ func depthChanged(before []plumbing.Hash, s storage.Storer) (bool, error) { return false, nil } -func newUploadPackSession(url string, auth transport.AuthMethod, insecure bool, cabundle []byte, proxyOpts transport.ProxyOptions) (transport.UploadPackSession, error) { - c, ep, err := newClient(url, insecure, cabundle, proxyOpts) +func newUploadPackSession(url string, auth transport.AuthMethod, insecure bool, clientCert, clientKey, caBundle []byte, proxyOpts transport.ProxyOptions) (transport.UploadPackSession, error) { + c, ep, err := newClient(url, insecure, clientCert, clientKey, caBundle, proxyOpts) if err != nil { return nil, err } @@ -541,8 +541,8 @@ func newUploadPackSession(url string, auth transport.AuthMethod, insecure bool, return c.NewUploadPackSession(ep, auth) } -func newSendPackSession(url string, auth transport.AuthMethod, insecure bool, cabundle []byte, proxyOpts transport.ProxyOptions) (transport.ReceivePackSession, error) { - c, ep, err := newClient(url, insecure, cabundle, proxyOpts) +func newSendPackSession(url string, auth transport.AuthMethod, insecure bool, clientCert, clientKey, caBundle []byte, proxyOpts transport.ProxyOptions) (transport.ReceivePackSession, error) { + c, ep, err := newClient(url, insecure, clientCert, clientKey, caBundle, proxyOpts) if err != nil { return nil, err } @@ -550,13 +550,15 @@ func newSendPackSession(url string, auth transport.AuthMethod, insecure bool, ca return c.NewReceivePackSession(ep, auth) } -func newClient(url string, insecure bool, cabundle []byte, proxyOpts transport.ProxyOptions) (transport.Transport, *transport.Endpoint, error) { +func newClient(url string, insecure bool, clientCert, clientKey, caBundle []byte, proxyOpts transport.ProxyOptions) (transport.Transport, *transport.Endpoint, error) { ep, err := transport.NewEndpoint(url) if err != nil { return nil, nil, err } ep.InsecureSkipTLS = insecure - ep.CaBundle = cabundle + ep.ClientCert = clientCert + ep.ClientKey = clientKey + ep.CaBundle = caBundle ep.Proxy = proxyOpts c, err := client.NewClient(ep) @@ -1356,7 +1358,7 @@ func (r *Remote) list(ctx context.Context, o *ListOptions) (rfs []*plumbing.Refe return nil, ErrEmptyUrls } - s, err := newUploadPackSession(r.c.URLs[0], o.Auth, o.InsecureSkipTLS, o.CABundle, o.ProxyOptions) + s, err := newUploadPackSession(r.c.URLs[0], o.Auth, o.InsecureSkipTLS, o.ClientCert, o.ClientKey, o.CABundle, o.ProxyOptions) if err != nil { return nil, err } diff --git a/vendor/github.com/go-git/go-git/v5/repository.go b/vendor/github.com/go-git/go-git/v5/repository.go index 200098e7a..401590544 100644 --- a/vendor/github.com/go-git/go-git/v5/repository.go +++ b/vendor/github.com/go-git/go-git/v5/repository.go @@ -19,6 +19,7 @@ import ( "github.com/go-git/go-billy/v5" "github.com/go-git/go-billy/v5/osfs" "github.com/go-git/go-billy/v5/util" + "github.com/go-git/go-git/v5/config" "github.com/go-git/go-git/v5/internal/path_util" "github.com/go-git/go-git/v5/internal/revision" @@ -930,6 +931,8 @@ func (r *Repository) clone(ctx context.Context, o *CloneOptions) error { Tags: o.Tags, RemoteName: o.RemoteName, InsecureSkipTLS: o.InsecureSkipTLS, + ClientCert: o.ClientCert, + ClientKey: o.ClientKey, CABundle: o.CABundle, ProxyOptions: o.ProxyOptions, }, o.ReferenceName) diff --git a/vendor/github.com/go-git/go-git/v5/worktree.go b/vendor/github.com/go-git/go-git/v5/worktree.go index dded08e99..479904e0c 100644 --- a/vendor/github.com/go-git/go-git/v5/worktree.go +++ b/vendor/github.com/go-git/go-git/v5/worktree.go @@ -12,6 +12,7 @@ import ( "github.com/go-git/go-billy/v5" "github.com/go-git/go-billy/v5/util" + "github.com/go-git/go-git/v5/config" "github.com/go-git/go-git/v5/plumbing" "github.com/go-git/go-git/v5/plumbing/filemode" @@ -79,6 +80,8 @@ func (w *Worktree) PullContext(ctx context.Context, o *PullOptions) error { Progress: o.Progress, Force: o.Force, InsecureSkipTLS: o.InsecureSkipTLS, + ClientCert: o.ClientCert, + ClientKey: o.ClientKey, CABundle: o.CABundle, ProxyOptions: o.ProxyOptions, }) diff --git a/vendor/github.com/go-jose/go-jose/v4/.gitignore b/vendor/github.com/go-jose/go-jose/v4/.gitignore new file mode 100644 index 000000000..eb29ebaef --- /dev/null +++ b/vendor/github.com/go-jose/go-jose/v4/.gitignore @@ -0,0 +1,2 @@ +jose-util/jose-util +jose-util.t.err \ No newline at end of file diff --git a/vendor/github.com/go-jose/go-jose/v4/.golangci.yml b/vendor/github.com/go-jose/go-jose/v4/.golangci.yml new file mode 100644 index 000000000..2a577a8f9 --- /dev/null +++ b/vendor/github.com/go-jose/go-jose/v4/.golangci.yml @@ -0,0 +1,53 @@ +# https://github.com/golangci/golangci-lint + +run: + skip-files: + - doc_test.go + modules-download-mode: readonly + +linters: + enable-all: true + disable: + - gochecknoglobals + - goconst + - lll + - maligned + - nakedret + - scopelint + - unparam + - funlen # added in 1.18 (requires go-jose changes before it can be enabled) + +linters-settings: + gocyclo: + min-complexity: 35 + +issues: + exclude-rules: + - text: "don't use ALL_CAPS in Go names" + linters: + - golint + - text: "hardcoded credentials" + linters: + - gosec + - text: "weak cryptographic primitive" + linters: + - gosec + - path: json/ + linters: + - dupl + - errcheck + - gocritic + - gocyclo + - golint + - govet + - ineffassign + - staticcheck + - structcheck + - stylecheck + - unused + - path: _test\.go + linters: + - scopelint + - path: jwk.go + linters: + - gocyclo diff --git a/vendor/github.com/go-jose/go-jose/v4/.travis.yml b/vendor/github.com/go-jose/go-jose/v4/.travis.yml new file mode 100644 index 000000000..48de631b0 --- /dev/null +++ b/vendor/github.com/go-jose/go-jose/v4/.travis.yml @@ -0,0 +1,33 @@ +language: go + +matrix: + fast_finish: true + allow_failures: + - go: tip + +go: + - "1.13.x" + - "1.14.x" + - tip + +before_script: + - export PATH=$HOME/.local/bin:$PATH + +before_install: + - go get -u github.com/mattn/goveralls github.com/wadey/gocovmerge + - curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(go env GOPATH)/bin v1.18.0 + - pip install cram --user + +script: + - go test -v -covermode=count -coverprofile=profile.cov . + - go test -v -covermode=count -coverprofile=cryptosigner/profile.cov ./cryptosigner + - go test -v -covermode=count -coverprofile=cipher/profile.cov ./cipher + - go test -v -covermode=count -coverprofile=jwt/profile.cov ./jwt + - go test -v ./json # no coverage for forked encoding/json package + - golangci-lint run + - cd jose-util && go build && PATH=$PWD:$PATH cram -v jose-util.t # cram tests jose-util + - cd .. + +after_success: + - gocovmerge *.cov */*.cov > merged.coverprofile + - goveralls -coverprofile merged.coverprofile -service=travis-ci diff --git a/vendor/github.com/go-jose/go-jose/v4/CHANGELOG.md b/vendor/github.com/go-jose/go-jose/v4/CHANGELOG.md new file mode 100644 index 000000000..66a8a0f89 --- /dev/null +++ b/vendor/github.com/go-jose/go-jose/v4/CHANGELOG.md @@ -0,0 +1,101 @@ +## Changed + + - Defined a custom error, ErrUnexpectedSignatureAlgorithm, returned when a JWS + header contains an unsupported signature algorithm. + +# v4.0.4 + +## Fixed + + - Reverted "Allow unmarshalling JSONWebKeySets with unsupported key types" as a + breaking change. See #136 / #137. + +# v4.0.3 + +## Changed + + - Allow unmarshalling JSONWebKeySets with unsupported key types (#130) + - Document that OpaqueKeyEncrypter can't be implemented (for now) (#129) + - Dependency updates + +# v4.0.2 + +## Changed + + - Improved documentation of Verify() to note that JSONWebKeySet is a supported + argument type (#104) + - Defined exported error values for missing x5c header and unsupported elliptic + curves error cases (#117) + +# v4.0.1 + +## Fixed + + - An attacker could send a JWE containing compressed data that used large + amounts of memory and CPU when decompressed by `Decrypt` or `DecryptMulti`. + Those functions now return an error if the decompressed data would exceed + 250kB or 10x the compressed size (whichever is larger). Thanks to + Enze Wang@Alioth and Jianjun Chen@Zhongguancun Lab (@zer0yu and @chenjj) + for reporting. + +# v4.0.0 + +This release makes some breaking changes in order to more thoroughly +address the vulnerabilities discussed in [Three New Attacks Against JSON Web +Tokens][1], "Sign/encrypt confusion", "Billion hash attack", and "Polyglot +token". + +## Changed + + - Limit JWT encryption types (exclude password or public key types) (#78) + - Enforce minimum length for HMAC keys (#85) + - jwt: match any audience in a list, rather than requiring all audiences (#81) + - jwt: accept only Compact Serialization (#75) + - jws: Add expected algorithms for signatures (#74) + - Require specifying expected algorithms for ParseEncrypted, + ParseSigned, ParseDetached, jwt.ParseEncrypted, jwt.ParseSigned, + jwt.ParseSignedAndEncrypted (#69, #74) + - Usually there is a small, known set of appropriate algorithms for a program + to use and it's a mistake to allow unexpected algorithms. For instance the + "billion hash attack" relies in part on programs accepting the PBES2 + encryption algorithm and doing the necessary work even if they weren't + specifically configured to allow PBES2. + - Revert "Strip padding off base64 strings" (#82) + - The specs require base64url encoding without padding. + - Minimum supported Go version is now 1.21 + +## Added + + - ParseSignedCompact, ParseSignedJSON, ParseEncryptedCompact, ParseEncryptedJSON. + - These allow parsing a specific serialization, as opposed to ParseSigned and + ParseEncrypted, which try to automatically detect which serialization was + provided. It's common to require a specific serialization for a specific + protocol - for instance JWT requires Compact serialization. + +[1]: https://i.blackhat.com/BH-US-23/Presentations/US-23-Tervoort-Three-New-Attacks-Against-JSON-Web-Tokens.pdf + +# v3.0.2 + +## Fixed + + - DecryptMulti: handle decompression error (#19) + +## Changed + + - jwe/CompactSerialize: improve performance (#67) + - Increase the default number of PBKDF2 iterations to 600k (#48) + - Return the proper algorithm for ECDSA keys (#45) + +## Added + + - Add Thumbprint support for opaque signers (#38) + +# v3.0.1 + +## Fixed + + - Security issue: an attacker specifying a large "p2c" value can cause + JSONWebEncryption.Decrypt and JSONWebEncryption.DecryptMulti to consume large + amounts of CPU, causing a DoS. Thanks to Matt Schwager (@mschwager) for the + disclosure and to Tom Tervoort for originally publishing the category of attack. + https://i.blackhat.com/BH-US-23/Presentations/US-23-Tervoort-Three-New-Attacks-Against-JSON-Web-Tokens.pdf diff --git a/vendor/github.com/go-jose/go-jose/v4/CONTRIBUTING.md b/vendor/github.com/go-jose/go-jose/v4/CONTRIBUTING.md new file mode 100644 index 000000000..4b4805add --- /dev/null +++ b/vendor/github.com/go-jose/go-jose/v4/CONTRIBUTING.md @@ -0,0 +1,9 @@ +# Contributing + +If you would like to contribute code to go-jose you can do so through GitHub by +forking the repository and sending a pull request. + +When submitting code, please make every effort to follow existing conventions +and style in order to keep the code as readable as possible. Please also make +sure all tests pass by running `go test`, and format your code with `go fmt`. +We also recommend using `golint` and `errcheck`. diff --git a/vendor/github.com/go-jose/go-jose/v4/LICENSE b/vendor/github.com/go-jose/go-jose/v4/LICENSE new file mode 100644 index 000000000..d64569567 --- /dev/null +++ b/vendor/github.com/go-jose/go-jose/v4/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/vendor/github.com/go-jose/go-jose/v4/README.md b/vendor/github.com/go-jose/go-jose/v4/README.md new file mode 100644 index 000000000..02b574954 --- /dev/null +++ b/vendor/github.com/go-jose/go-jose/v4/README.md @@ -0,0 +1,106 @@ +# Go JOSE + +[![godoc](https://pkg.go.dev/badge/github.com/go-jose/go-jose/v4.svg)](https://pkg.go.dev/github.com/go-jose/go-jose/v4) +[![godoc](https://pkg.go.dev/badge/github.com/go-jose/go-jose/v4/jwt.svg)](https://pkg.go.dev/github.com/go-jose/go-jose/v4/jwt) +[![license](https://img.shields.io/badge/license-apache_2.0-blue.svg?style=flat)](https://raw.githubusercontent.com/go-jose/go-jose/master/LICENSE) +[![test](https://img.shields.io/github/checks-status/go-jose/go-jose/v4)](https://github.com/go-jose/go-jose/actions) + +Package jose aims to provide an implementation of the Javascript Object Signing +and Encryption set of standards. This includes support for JSON Web Encryption, +JSON Web Signature, and JSON Web Token standards. + +## Overview + +The implementation follows the +[JSON Web Encryption](https://dx.doi.org/10.17487/RFC7516) (RFC 7516), +[JSON Web Signature](https://dx.doi.org/10.17487/RFC7515) (RFC 7515), and +[JSON Web Token](https://dx.doi.org/10.17487/RFC7519) (RFC 7519) specifications. +Tables of supported algorithms are shown below. The library supports both +the compact and JWS/JWE JSON Serialization formats, and has optional support for +multiple recipients. It also comes with a small command-line utility +([`jose-util`](https://pkg.go.dev/github.com/go-jose/go-jose/jose-util)) +for dealing with JOSE messages in a shell. + +**Note**: We use a forked version of the `encoding/json` package from the Go +standard library which uses case-sensitive matching for member names (instead +of [case-insensitive matching](https://www.ietf.org/mail-archive/web/json/current/msg03763.html)). +This is to avoid differences in interpretation of messages between go-jose and +libraries in other languages. + +### Versions + +[Version 4](https://github.com/go-jose/go-jose) +([branch](https://github.com/go-jose/go-jose/tree/main), +[doc](https://pkg.go.dev/github.com/go-jose/go-jose/v4), [releases](https://github.com/go-jose/go-jose/releases)) is the current stable version: + + import "github.com/go-jose/go-jose/v4" + +The old [square/go-jose](https://github.com/square/go-jose) repo contains the prior v1 and v2 versions, which +are still useable but not actively developed anymore. + +Version 3, in this repo, is still receiving security fixes but not functionality +updates. + +### Supported algorithms + +See below for a table of supported algorithms. Algorithm identifiers match +the names in the [JSON Web Algorithms](https://dx.doi.org/10.17487/RFC7518) +standard where possible. The Godoc reference has a list of constants. + + Key encryption | Algorithm identifier(s) + :------------------------- | :------------------------------ + RSA-PKCS#1v1.5 | RSA1_5 + RSA-OAEP | RSA-OAEP, RSA-OAEP-256 + AES key wrap | A128KW, A192KW, A256KW + AES-GCM key wrap | A128GCMKW, A192GCMKW, A256GCMKW + ECDH-ES + AES key wrap | ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW + ECDH-ES (direct) | ECDH-ES1 + Direct encryption | dir1 + +1. Not supported in multi-recipient mode + + Signing / MAC | Algorithm identifier(s) + :------------------------- | :------------------------------ + RSASSA-PKCS#1v1.5 | RS256, RS384, RS512 + RSASSA-PSS | PS256, PS384, PS512 + HMAC | HS256, HS384, HS512 + ECDSA | ES256, ES384, ES512 + Ed25519 | EdDSA2 + +2. Only available in version 2 of the package + + Content encryption | Algorithm identifier(s) + :------------------------- | :------------------------------ + AES-CBC+HMAC | A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 + AES-GCM | A128GCM, A192GCM, A256GCM + + Compression | Algorithm identifiers(s) + :------------------------- | ------------------------------- + DEFLATE (RFC 1951) | DEF + +### Supported key types + +See below for a table of supported key types. These are understood by the +library, and can be passed to corresponding functions such as `NewEncrypter` or +`NewSigner`. Each of these keys can also be wrapped in a JWK if desired, which +allows attaching a key id. + + Algorithm(s) | Corresponding types + :------------------------- | ------------------------------- + RSA | *[rsa.PublicKey](https://pkg.go.dev/crypto/rsa/#PublicKey), *[rsa.PrivateKey](https://pkg.go.dev/crypto/rsa/#PrivateKey) + ECDH, ECDSA | *[ecdsa.PublicKey](https://pkg.go.dev/crypto/ecdsa/#PublicKey), *[ecdsa.PrivateKey](https://pkg.go.dev/crypto/ecdsa/#PrivateKey) + EdDSA1 | [ed25519.PublicKey](https://pkg.go.dev/crypto/ed25519#PublicKey), [ed25519.PrivateKey](https://pkg.go.dev/crypto/ed25519#PrivateKey) + AES, HMAC | []byte + +1. Only available in version 2 or later of the package + +## Examples + +[![godoc](https://pkg.go.dev/badge/github.com/go-jose/go-jose/v4.svg)](https://pkg.go.dev/github.com/go-jose/go-jose/v4) +[![godoc](https://pkg.go.dev/badge/github.com/go-jose/go-jose/v4/jwt.svg)](https://pkg.go.dev/github.com/go-jose/go-jose/v4/jwt) + +Examples can be found in the Godoc +reference for this package. The +[`jose-util`](https://github.com/go-jose/go-jose/tree/main/jose-util) +subdirectory also contains a small command-line utility which might be useful +as an example as well. diff --git a/vendor/github.com/go-jose/go-jose/v4/SECURITY.md b/vendor/github.com/go-jose/go-jose/v4/SECURITY.md new file mode 100644 index 000000000..2f18a75a8 --- /dev/null +++ b/vendor/github.com/go-jose/go-jose/v4/SECURITY.md @@ -0,0 +1,13 @@ +# Security Policy +This document explains how to contact the Let's Encrypt security team to report security vulnerabilities. + +## Supported Versions +| Version | Supported | +| ------- | ----------| +| >= v3 | ✓ | +| v2 | ✗ | +| v1 | ✗ | + +## Reporting a vulnerability + +Please see [https://letsencrypt.org/contact/#security](https://letsencrypt.org/contact/#security) for the email address to report a vulnerability. Ensure that the subject line for your report contains the word `vulnerability` and is descriptive. Your email should be acknowledged within 24 hours. If you do not receive a response within 24 hours, please follow-up again with another email. diff --git a/vendor/github.com/go-jose/go-jose/v4/asymmetric.go b/vendor/github.com/go-jose/go-jose/v4/asymmetric.go new file mode 100644 index 000000000..f8d5774ef --- /dev/null +++ b/vendor/github.com/go-jose/go-jose/v4/asymmetric.go @@ -0,0 +1,595 @@ +/*- + * Copyright 2014 Square Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package jose + +import ( + "crypto" + "crypto/aes" + "crypto/ecdsa" + "crypto/ed25519" + "crypto/rand" + "crypto/rsa" + "crypto/sha1" + "crypto/sha256" + "errors" + "fmt" + "math/big" + + josecipher "github.com/go-jose/go-jose/v4/cipher" + "github.com/go-jose/go-jose/v4/json" +) + +// A generic RSA-based encrypter/verifier +type rsaEncrypterVerifier struct { + publicKey *rsa.PublicKey +} + +// A generic RSA-based decrypter/signer +type rsaDecrypterSigner struct { + privateKey *rsa.PrivateKey +} + +// A generic EC-based encrypter/verifier +type ecEncrypterVerifier struct { + publicKey *ecdsa.PublicKey +} + +type edEncrypterVerifier struct { + publicKey ed25519.PublicKey +} + +// A key generator for ECDH-ES +type ecKeyGenerator struct { + size int + algID string + publicKey *ecdsa.PublicKey +} + +// A generic EC-based decrypter/signer +type ecDecrypterSigner struct { + privateKey *ecdsa.PrivateKey +} + +type edDecrypterSigner struct { + privateKey ed25519.PrivateKey +} + +// newRSARecipient creates recipientKeyInfo based on the given key. +func newRSARecipient(keyAlg KeyAlgorithm, publicKey *rsa.PublicKey) (recipientKeyInfo, error) { + // Verify that key management algorithm is supported by this encrypter + switch keyAlg { + case RSA1_5, RSA_OAEP, RSA_OAEP_256: + default: + return recipientKeyInfo{}, ErrUnsupportedAlgorithm + } + + if publicKey == nil { + return recipientKeyInfo{}, errors.New("invalid public key") + } + + return recipientKeyInfo{ + keyAlg: keyAlg, + keyEncrypter: &rsaEncrypterVerifier{ + publicKey: publicKey, + }, + }, nil +} + +// newRSASigner creates a recipientSigInfo based on the given key. +func newRSASigner(sigAlg SignatureAlgorithm, privateKey *rsa.PrivateKey) (recipientSigInfo, error) { + // Verify that key management algorithm is supported by this encrypter + switch sigAlg { + case RS256, RS384, RS512, PS256, PS384, PS512: + default: + return recipientSigInfo{}, ErrUnsupportedAlgorithm + } + + if privateKey == nil { + return recipientSigInfo{}, errors.New("invalid private key") + } + + return recipientSigInfo{ + sigAlg: sigAlg, + publicKey: staticPublicKey(&JSONWebKey{ + Key: privateKey.Public(), + }), + signer: &rsaDecrypterSigner{ + privateKey: privateKey, + }, + }, nil +} + +func newEd25519Signer(sigAlg SignatureAlgorithm, privateKey ed25519.PrivateKey) (recipientSigInfo, error) { + if sigAlg != EdDSA { + return recipientSigInfo{}, ErrUnsupportedAlgorithm + } + + if privateKey == nil { + return recipientSigInfo{}, errors.New("invalid private key") + } + return recipientSigInfo{ + sigAlg: sigAlg, + publicKey: staticPublicKey(&JSONWebKey{ + Key: privateKey.Public(), + }), + signer: &edDecrypterSigner{ + privateKey: privateKey, + }, + }, nil +} + +// newECDHRecipient creates recipientKeyInfo based on the given key. +func newECDHRecipient(keyAlg KeyAlgorithm, publicKey *ecdsa.PublicKey) (recipientKeyInfo, error) { + // Verify that key management algorithm is supported by this encrypter + switch keyAlg { + case ECDH_ES, ECDH_ES_A128KW, ECDH_ES_A192KW, ECDH_ES_A256KW: + default: + return recipientKeyInfo{}, ErrUnsupportedAlgorithm + } + + if publicKey == nil || !publicKey.Curve.IsOnCurve(publicKey.X, publicKey.Y) { + return recipientKeyInfo{}, errors.New("invalid public key") + } + + return recipientKeyInfo{ + keyAlg: keyAlg, + keyEncrypter: &ecEncrypterVerifier{ + publicKey: publicKey, + }, + }, nil +} + +// newECDSASigner creates a recipientSigInfo based on the given key. +func newECDSASigner(sigAlg SignatureAlgorithm, privateKey *ecdsa.PrivateKey) (recipientSigInfo, error) { + // Verify that key management algorithm is supported by this encrypter + switch sigAlg { + case ES256, ES384, ES512: + default: + return recipientSigInfo{}, ErrUnsupportedAlgorithm + } + + if privateKey == nil { + return recipientSigInfo{}, errors.New("invalid private key") + } + + return recipientSigInfo{ + sigAlg: sigAlg, + publicKey: staticPublicKey(&JSONWebKey{ + Key: privateKey.Public(), + }), + signer: &ecDecrypterSigner{ + privateKey: privateKey, + }, + }, nil +} + +// Encrypt the given payload and update the object. +func (ctx rsaEncrypterVerifier) encryptKey(cek []byte, alg KeyAlgorithm) (recipientInfo, error) { + encryptedKey, err := ctx.encrypt(cek, alg) + if err != nil { + return recipientInfo{}, err + } + + return recipientInfo{ + encryptedKey: encryptedKey, + header: &rawHeader{}, + }, nil +} + +// Encrypt the given payload. Based on the key encryption algorithm, +// this will either use RSA-PKCS1v1.5 or RSA-OAEP (with SHA-1 or SHA-256). +func (ctx rsaEncrypterVerifier) encrypt(cek []byte, alg KeyAlgorithm) ([]byte, error) { + switch alg { + case RSA1_5: + return rsa.EncryptPKCS1v15(RandReader, ctx.publicKey, cek) + case RSA_OAEP: + return rsa.EncryptOAEP(sha1.New(), RandReader, ctx.publicKey, cek, []byte{}) + case RSA_OAEP_256: + return rsa.EncryptOAEP(sha256.New(), RandReader, ctx.publicKey, cek, []byte{}) + } + + return nil, ErrUnsupportedAlgorithm +} + +// Decrypt the given payload and return the content encryption key. +func (ctx rsaDecrypterSigner) decryptKey(headers rawHeader, recipient *recipientInfo, generator keyGenerator) ([]byte, error) { + return ctx.decrypt(recipient.encryptedKey, headers.getAlgorithm(), generator) +} + +// Decrypt the given payload. Based on the key encryption algorithm, +// this will either use RSA-PKCS1v1.5 or RSA-OAEP (with SHA-1 or SHA-256). +func (ctx rsaDecrypterSigner) decrypt(jek []byte, alg KeyAlgorithm, generator keyGenerator) ([]byte, error) { + // Note: The random reader on decrypt operations is only used for blinding, + // so stubbing is meanlingless (hence the direct use of rand.Reader). + switch alg { + case RSA1_5: + defer func() { + // DecryptPKCS1v15SessionKey sometimes panics on an invalid payload + // because of an index out of bounds error, which we want to ignore. + // This has been fixed in Go 1.3.1 (released 2014/08/13), the recover() + // only exists for preventing crashes with unpatched versions. + // See: https://groups.google.com/forum/#!topic/golang-dev/7ihX6Y6kx9k + // See: https://code.google.com/p/go/source/detail?r=58ee390ff31602edb66af41ed10901ec95904d33 + _ = recover() + }() + + // Perform some input validation. + keyBytes := ctx.privateKey.PublicKey.N.BitLen() / 8 + if keyBytes != len(jek) { + // Input size is incorrect, the encrypted payload should always match + // the size of the public modulus (e.g. using a 2048 bit key will + // produce 256 bytes of output). Reject this since it's invalid input. + return nil, ErrCryptoFailure + } + + cek, _, err := generator.genKey() + if err != nil { + return nil, ErrCryptoFailure + } + + // When decrypting an RSA-PKCS1v1.5 payload, we must take precautions to + // prevent chosen-ciphertext attacks as described in RFC 3218, "Preventing + // the Million Message Attack on Cryptographic Message Syntax". We are + // therefore deliberately ignoring errors here. + _ = rsa.DecryptPKCS1v15SessionKey(rand.Reader, ctx.privateKey, jek, cek) + + return cek, nil + case RSA_OAEP: + // Use rand.Reader for RSA blinding + return rsa.DecryptOAEP(sha1.New(), rand.Reader, ctx.privateKey, jek, []byte{}) + case RSA_OAEP_256: + // Use rand.Reader for RSA blinding + return rsa.DecryptOAEP(sha256.New(), rand.Reader, ctx.privateKey, jek, []byte{}) + } + + return nil, ErrUnsupportedAlgorithm +} + +// Sign the given payload +func (ctx rsaDecrypterSigner) signPayload(payload []byte, alg SignatureAlgorithm) (Signature, error) { + var hash crypto.Hash + + switch alg { + case RS256, PS256: + hash = crypto.SHA256 + case RS384, PS384: + hash = crypto.SHA384 + case RS512, PS512: + hash = crypto.SHA512 + default: + return Signature{}, ErrUnsupportedAlgorithm + } + + hasher := hash.New() + + // According to documentation, Write() on hash never fails + _, _ = hasher.Write(payload) + hashed := hasher.Sum(nil) + + var out []byte + var err error + + switch alg { + case RS256, RS384, RS512: + // TODO(https://github.com/go-jose/go-jose/issues/40): As of go1.20, the + // random parameter is legacy and ignored, and it can be nil. + // https://cs.opensource.google/go/go/+/refs/tags/go1.20:src/crypto/rsa/pkcs1v15.go;l=263;bpv=0;bpt=1 + out, err = rsa.SignPKCS1v15(RandReader, ctx.privateKey, hash, hashed) + case PS256, PS384, PS512: + out, err = rsa.SignPSS(RandReader, ctx.privateKey, hash, hashed, &rsa.PSSOptions{ + SaltLength: rsa.PSSSaltLengthEqualsHash, + }) + } + + if err != nil { + return Signature{}, err + } + + return Signature{ + Signature: out, + protected: &rawHeader{}, + }, nil +} + +// Verify the given payload +func (ctx rsaEncrypterVerifier) verifyPayload(payload []byte, signature []byte, alg SignatureAlgorithm) error { + var hash crypto.Hash + + switch alg { + case RS256, PS256: + hash = crypto.SHA256 + case RS384, PS384: + hash = crypto.SHA384 + case RS512, PS512: + hash = crypto.SHA512 + default: + return ErrUnsupportedAlgorithm + } + + hasher := hash.New() + + // According to documentation, Write() on hash never fails + _, _ = hasher.Write(payload) + hashed := hasher.Sum(nil) + + switch alg { + case RS256, RS384, RS512: + return rsa.VerifyPKCS1v15(ctx.publicKey, hash, hashed, signature) + case PS256, PS384, PS512: + return rsa.VerifyPSS(ctx.publicKey, hash, hashed, signature, nil) + } + + return ErrUnsupportedAlgorithm +} + +// Encrypt the given payload and update the object. +func (ctx ecEncrypterVerifier) encryptKey(cek []byte, alg KeyAlgorithm) (recipientInfo, error) { + switch alg { + case ECDH_ES: + // ECDH-ES mode doesn't wrap a key, the shared secret is used directly as the key. + return recipientInfo{ + header: &rawHeader{}, + }, nil + case ECDH_ES_A128KW, ECDH_ES_A192KW, ECDH_ES_A256KW: + default: + return recipientInfo{}, ErrUnsupportedAlgorithm + } + + generator := ecKeyGenerator{ + algID: string(alg), + publicKey: ctx.publicKey, + } + + switch alg { + case ECDH_ES_A128KW: + generator.size = 16 + case ECDH_ES_A192KW: + generator.size = 24 + case ECDH_ES_A256KW: + generator.size = 32 + } + + kek, header, err := generator.genKey() + if err != nil { + return recipientInfo{}, err + } + + block, err := aes.NewCipher(kek) + if err != nil { + return recipientInfo{}, err + } + + jek, err := josecipher.KeyWrap(block, cek) + if err != nil { + return recipientInfo{}, err + } + + return recipientInfo{ + encryptedKey: jek, + header: &header, + }, nil +} + +// Get key size for EC key generator +func (ctx ecKeyGenerator) keySize() int { + return ctx.size +} + +// Get a content encryption key for ECDH-ES +func (ctx ecKeyGenerator) genKey() ([]byte, rawHeader, error) { + priv, err := ecdsa.GenerateKey(ctx.publicKey.Curve, RandReader) + if err != nil { + return nil, rawHeader{}, err + } + + out := josecipher.DeriveECDHES(ctx.algID, []byte{}, []byte{}, priv, ctx.publicKey, ctx.size) + + b, err := json.Marshal(&JSONWebKey{ + Key: &priv.PublicKey, + }) + if err != nil { + return nil, nil, err + } + + headers := rawHeader{ + headerEPK: makeRawMessage(b), + } + + return out, headers, nil +} + +// Decrypt the given payload and return the content encryption key. +func (ctx ecDecrypterSigner) decryptKey(headers rawHeader, recipient *recipientInfo, generator keyGenerator) ([]byte, error) { + epk, err := headers.getEPK() + if err != nil { + return nil, errors.New("go-jose/go-jose: invalid epk header") + } + if epk == nil { + return nil, errors.New("go-jose/go-jose: missing epk header") + } + + publicKey, ok := epk.Key.(*ecdsa.PublicKey) + if publicKey == nil || !ok { + return nil, errors.New("go-jose/go-jose: invalid epk header") + } + + if !ctx.privateKey.Curve.IsOnCurve(publicKey.X, publicKey.Y) { + return nil, errors.New("go-jose/go-jose: invalid public key in epk header") + } + + apuData, err := headers.getAPU() + if err != nil { + return nil, errors.New("go-jose/go-jose: invalid apu header") + } + apvData, err := headers.getAPV() + if err != nil { + return nil, errors.New("go-jose/go-jose: invalid apv header") + } + + deriveKey := func(algID string, size int) []byte { + return josecipher.DeriveECDHES(algID, apuData.bytes(), apvData.bytes(), ctx.privateKey, publicKey, size) + } + + var keySize int + + algorithm := headers.getAlgorithm() + switch algorithm { + case ECDH_ES: + // ECDH-ES uses direct key agreement, no key unwrapping necessary. + return deriveKey(string(headers.getEncryption()), generator.keySize()), nil + case ECDH_ES_A128KW: + keySize = 16 + case ECDH_ES_A192KW: + keySize = 24 + case ECDH_ES_A256KW: + keySize = 32 + default: + return nil, ErrUnsupportedAlgorithm + } + + key := deriveKey(string(algorithm), keySize) + block, err := aes.NewCipher(key) + if err != nil { + return nil, err + } + + return josecipher.KeyUnwrap(block, recipient.encryptedKey) +} + +func (ctx edDecrypterSigner) signPayload(payload []byte, alg SignatureAlgorithm) (Signature, error) { + if alg != EdDSA { + return Signature{}, ErrUnsupportedAlgorithm + } + + sig, err := ctx.privateKey.Sign(RandReader, payload, crypto.Hash(0)) + if err != nil { + return Signature{}, err + } + + return Signature{ + Signature: sig, + protected: &rawHeader{}, + }, nil +} + +func (ctx edEncrypterVerifier) verifyPayload(payload []byte, signature []byte, alg SignatureAlgorithm) error { + if alg != EdDSA { + return ErrUnsupportedAlgorithm + } + ok := ed25519.Verify(ctx.publicKey, payload, signature) + if !ok { + return errors.New("go-jose/go-jose: ed25519 signature failed to verify") + } + return nil +} + +// Sign the given payload +func (ctx ecDecrypterSigner) signPayload(payload []byte, alg SignatureAlgorithm) (Signature, error) { + var expectedBitSize int + var hash crypto.Hash + + switch alg { + case ES256: + expectedBitSize = 256 + hash = crypto.SHA256 + case ES384: + expectedBitSize = 384 + hash = crypto.SHA384 + case ES512: + expectedBitSize = 521 + hash = crypto.SHA512 + } + + curveBits := ctx.privateKey.Curve.Params().BitSize + if expectedBitSize != curveBits { + return Signature{}, fmt.Errorf("go-jose/go-jose: expected %d bit key, got %d bits instead", expectedBitSize, curveBits) + } + + hasher := hash.New() + + // According to documentation, Write() on hash never fails + _, _ = hasher.Write(payload) + hashed := hasher.Sum(nil) + + r, s, err := ecdsa.Sign(RandReader, ctx.privateKey, hashed) + if err != nil { + return Signature{}, err + } + + keyBytes := curveBits / 8 + if curveBits%8 > 0 { + keyBytes++ + } + + // We serialize the outputs (r and s) into big-endian byte arrays and pad + // them with zeros on the left to make sure the sizes work out. Both arrays + // must be keyBytes long, and the output must be 2*keyBytes long. + rBytes := r.Bytes() + rBytesPadded := make([]byte, keyBytes) + copy(rBytesPadded[keyBytes-len(rBytes):], rBytes) + + sBytes := s.Bytes() + sBytesPadded := make([]byte, keyBytes) + copy(sBytesPadded[keyBytes-len(sBytes):], sBytes) + + out := append(rBytesPadded, sBytesPadded...) + + return Signature{ + Signature: out, + protected: &rawHeader{}, + }, nil +} + +// Verify the given payload +func (ctx ecEncrypterVerifier) verifyPayload(payload []byte, signature []byte, alg SignatureAlgorithm) error { + var keySize int + var hash crypto.Hash + + switch alg { + case ES256: + keySize = 32 + hash = crypto.SHA256 + case ES384: + keySize = 48 + hash = crypto.SHA384 + case ES512: + keySize = 66 + hash = crypto.SHA512 + default: + return ErrUnsupportedAlgorithm + } + + if len(signature) != 2*keySize { + return fmt.Errorf("go-jose/go-jose: invalid signature size, have %d bytes, wanted %d", len(signature), 2*keySize) + } + + hasher := hash.New() + + // According to documentation, Write() on hash never fails + _, _ = hasher.Write(payload) + hashed := hasher.Sum(nil) + + r := big.NewInt(0).SetBytes(signature[:keySize]) + s := big.NewInt(0).SetBytes(signature[keySize:]) + + match := ecdsa.Verify(ctx.publicKey, hashed, r, s) + if !match { + return errors.New("go-jose/go-jose: ecdsa signature failed to verify") + } + + return nil +} diff --git a/vendor/github.com/go-jose/go-jose/v4/cipher/cbc_hmac.go b/vendor/github.com/go-jose/go-jose/v4/cipher/cbc_hmac.go new file mode 100644 index 000000000..af029cec0 --- /dev/null +++ b/vendor/github.com/go-jose/go-jose/v4/cipher/cbc_hmac.go @@ -0,0 +1,196 @@ +/*- + * Copyright 2014 Square Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package josecipher + +import ( + "bytes" + "crypto/cipher" + "crypto/hmac" + "crypto/sha256" + "crypto/sha512" + "crypto/subtle" + "encoding/binary" + "errors" + "hash" +) + +const ( + nonceBytes = 16 +) + +// NewCBCHMAC instantiates a new AEAD based on CBC+HMAC. +func NewCBCHMAC(key []byte, newBlockCipher func([]byte) (cipher.Block, error)) (cipher.AEAD, error) { + keySize := len(key) / 2 + integrityKey := key[:keySize] + encryptionKey := key[keySize:] + + blockCipher, err := newBlockCipher(encryptionKey) + if err != nil { + return nil, err + } + + var hash func() hash.Hash + switch keySize { + case 16: + hash = sha256.New + case 24: + hash = sha512.New384 + case 32: + hash = sha512.New + } + + return &cbcAEAD{ + hash: hash, + blockCipher: blockCipher, + authtagBytes: keySize, + integrityKey: integrityKey, + }, nil +} + +// An AEAD based on CBC+HMAC +type cbcAEAD struct { + hash func() hash.Hash + authtagBytes int + integrityKey []byte + blockCipher cipher.Block +} + +func (ctx *cbcAEAD) NonceSize() int { + return nonceBytes +} + +func (ctx *cbcAEAD) Overhead() int { + // Maximum overhead is block size (for padding) plus auth tag length, where + // the length of the auth tag is equivalent to the key size. + return ctx.blockCipher.BlockSize() + ctx.authtagBytes +} + +// Seal encrypts and authenticates the plaintext. +func (ctx *cbcAEAD) Seal(dst, nonce, plaintext, data []byte) []byte { + // Output buffer -- must take care not to mangle plaintext input. + ciphertext := make([]byte, uint64(len(plaintext))+uint64(ctx.Overhead()))[:len(plaintext)] + copy(ciphertext, plaintext) + ciphertext = padBuffer(ciphertext, ctx.blockCipher.BlockSize()) + + cbc := cipher.NewCBCEncrypter(ctx.blockCipher, nonce) + + cbc.CryptBlocks(ciphertext, ciphertext) + authtag := ctx.computeAuthTag(data, nonce, ciphertext) + + ret, out := resize(dst, uint64(len(dst))+uint64(len(ciphertext))+uint64(len(authtag))) + copy(out, ciphertext) + copy(out[len(ciphertext):], authtag) + + return ret +} + +// Open decrypts and authenticates the ciphertext. +func (ctx *cbcAEAD) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) { + if len(ciphertext) < ctx.authtagBytes { + return nil, errors.New("go-jose/go-jose: invalid ciphertext (too short)") + } + + offset := len(ciphertext) - ctx.authtagBytes + expectedTag := ctx.computeAuthTag(data, nonce, ciphertext[:offset]) + match := subtle.ConstantTimeCompare(expectedTag, ciphertext[offset:]) + if match != 1 { + return nil, errors.New("go-jose/go-jose: invalid ciphertext (auth tag mismatch)") + } + + cbc := cipher.NewCBCDecrypter(ctx.blockCipher, nonce) + + // Make copy of ciphertext buffer, don't want to modify in place + buffer := append([]byte{}, ciphertext[:offset]...) + + if len(buffer)%ctx.blockCipher.BlockSize() > 0 { + return nil, errors.New("go-jose/go-jose: invalid ciphertext (invalid length)") + } + + cbc.CryptBlocks(buffer, buffer) + + // Remove padding + plaintext, err := unpadBuffer(buffer, ctx.blockCipher.BlockSize()) + if err != nil { + return nil, err + } + + ret, out := resize(dst, uint64(len(dst))+uint64(len(plaintext))) + copy(out, plaintext) + + return ret, nil +} + +// Compute an authentication tag +func (ctx *cbcAEAD) computeAuthTag(aad, nonce, ciphertext []byte) []byte { + buffer := make([]byte, uint64(len(aad))+uint64(len(nonce))+uint64(len(ciphertext))+8) + n := 0 + n += copy(buffer, aad) + n += copy(buffer[n:], nonce) + n += copy(buffer[n:], ciphertext) + binary.BigEndian.PutUint64(buffer[n:], uint64(len(aad))*8) + + // According to documentation, Write() on hash.Hash never fails. + hmac := hmac.New(ctx.hash, ctx.integrityKey) + _, _ = hmac.Write(buffer) + + return hmac.Sum(nil)[:ctx.authtagBytes] +} + +// resize ensures that the given slice has a capacity of at least n bytes. +// If the capacity of the slice is less than n, a new slice is allocated +// and the existing data will be copied. +func resize(in []byte, n uint64) (head, tail []byte) { + if uint64(cap(in)) >= n { + head = in[:n] + } else { + head = make([]byte, n) + copy(head, in) + } + + tail = head[len(in):] + return +} + +// Apply padding +func padBuffer(buffer []byte, blockSize int) []byte { + missing := blockSize - (len(buffer) % blockSize) + ret, out := resize(buffer, uint64(len(buffer))+uint64(missing)) + padding := bytes.Repeat([]byte{byte(missing)}, missing) + copy(out, padding) + return ret +} + +// Remove padding +func unpadBuffer(buffer []byte, blockSize int) ([]byte, error) { + if len(buffer)%blockSize != 0 { + return nil, errors.New("go-jose/go-jose: invalid padding") + } + + last := buffer[len(buffer)-1] + count := int(last) + + if count == 0 || count > blockSize || count > len(buffer) { + return nil, errors.New("go-jose/go-jose: invalid padding") + } + + padding := bytes.Repeat([]byte{last}, count) + if !bytes.HasSuffix(buffer, padding) { + return nil, errors.New("go-jose/go-jose: invalid padding") + } + + return buffer[:len(buffer)-count], nil +} diff --git a/vendor/github.com/go-jose/go-jose/v4/cipher/concat_kdf.go b/vendor/github.com/go-jose/go-jose/v4/cipher/concat_kdf.go new file mode 100644 index 000000000..f62c3bdba --- /dev/null +++ b/vendor/github.com/go-jose/go-jose/v4/cipher/concat_kdf.go @@ -0,0 +1,75 @@ +/*- + * Copyright 2014 Square Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package josecipher + +import ( + "crypto" + "encoding/binary" + "hash" + "io" +) + +type concatKDF struct { + z, info []byte + i uint32 + cache []byte + hasher hash.Hash +} + +// NewConcatKDF builds a KDF reader based on the given inputs. +func NewConcatKDF(hash crypto.Hash, z, algID, ptyUInfo, ptyVInfo, supPubInfo, supPrivInfo []byte) io.Reader { + buffer := make([]byte, uint64(len(algID))+uint64(len(ptyUInfo))+uint64(len(ptyVInfo))+uint64(len(supPubInfo))+uint64(len(supPrivInfo))) + n := 0 + n += copy(buffer, algID) + n += copy(buffer[n:], ptyUInfo) + n += copy(buffer[n:], ptyVInfo) + n += copy(buffer[n:], supPubInfo) + copy(buffer[n:], supPrivInfo) + + hasher := hash.New() + + return &concatKDF{ + z: z, + info: buffer, + hasher: hasher, + cache: []byte{}, + i: 1, + } +} + +func (ctx *concatKDF) Read(out []byte) (int, error) { + copied := copy(out, ctx.cache) + ctx.cache = ctx.cache[copied:] + + for copied < len(out) { + ctx.hasher.Reset() + + // Write on a hash.Hash never fails + _ = binary.Write(ctx.hasher, binary.BigEndian, ctx.i) + _, _ = ctx.hasher.Write(ctx.z) + _, _ = ctx.hasher.Write(ctx.info) + + hash := ctx.hasher.Sum(nil) + chunkCopied := copy(out[copied:], hash) + copied += chunkCopied + ctx.cache = hash[chunkCopied:] + + ctx.i++ + } + + return copied, nil +} diff --git a/vendor/github.com/go-jose/go-jose/v4/cipher/ecdh_es.go b/vendor/github.com/go-jose/go-jose/v4/cipher/ecdh_es.go new file mode 100644 index 000000000..093c64674 --- /dev/null +++ b/vendor/github.com/go-jose/go-jose/v4/cipher/ecdh_es.go @@ -0,0 +1,86 @@ +/*- + * Copyright 2014 Square Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package josecipher + +import ( + "bytes" + "crypto" + "crypto/ecdsa" + "crypto/elliptic" + "encoding/binary" +) + +// DeriveECDHES derives a shared encryption key using ECDH/ConcatKDF as described in JWE/JWA. +// It is an error to call this function with a private/public key that are not on the same +// curve. Callers must ensure that the keys are valid before calling this function. Output +// size may be at most 1<<16 bytes (64 KiB). +func DeriveECDHES(alg string, apuData, apvData []byte, priv *ecdsa.PrivateKey, pub *ecdsa.PublicKey, size int) []byte { + if size > 1<<16 { + panic("ECDH-ES output size too large, must be less than or equal to 1<<16") + } + + // algId, partyUInfo, partyVInfo inputs must be prefixed with the length + algID := lengthPrefixed([]byte(alg)) + ptyUInfo := lengthPrefixed(apuData) + ptyVInfo := lengthPrefixed(apvData) + + // suppPubInfo is the encoded length of the output size in bits + supPubInfo := make([]byte, 4) + binary.BigEndian.PutUint32(supPubInfo, uint32(size)*8) + + if !priv.PublicKey.Curve.IsOnCurve(pub.X, pub.Y) { + panic("public key not on same curve as private key") + } + + z, _ := priv.Curve.ScalarMult(pub.X, pub.Y, priv.D.Bytes()) + zBytes := z.Bytes() + + // Note that calling z.Bytes() on a big.Int may strip leading zero bytes from + // the returned byte array. This can lead to a problem where zBytes will be + // shorter than expected which breaks the key derivation. Therefore we must pad + // to the full length of the expected coordinate here before calling the KDF. + octSize := dSize(priv.Curve) + if len(zBytes) != octSize { + zBytes = append(bytes.Repeat([]byte{0}, octSize-len(zBytes)), zBytes...) + } + + reader := NewConcatKDF(crypto.SHA256, zBytes, algID, ptyUInfo, ptyVInfo, supPubInfo, []byte{}) + key := make([]byte, size) + + // Read on the KDF will never fail + _, _ = reader.Read(key) + + return key +} + +// dSize returns the size in octets for a coordinate on a elliptic curve. +func dSize(curve elliptic.Curve) int { + order := curve.Params().P + bitLen := order.BitLen() + size := bitLen / 8 + if bitLen%8 != 0 { + size++ + } + return size +} + +func lengthPrefixed(data []byte) []byte { + out := make([]byte, len(data)+4) + binary.BigEndian.PutUint32(out, uint32(len(data))) + copy(out[4:], data) + return out +} diff --git a/vendor/github.com/go-jose/go-jose/v4/cipher/key_wrap.go b/vendor/github.com/go-jose/go-jose/v4/cipher/key_wrap.go new file mode 100644 index 000000000..b9effbca8 --- /dev/null +++ b/vendor/github.com/go-jose/go-jose/v4/cipher/key_wrap.go @@ -0,0 +1,109 @@ +/*- + * Copyright 2014 Square Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package josecipher + +import ( + "crypto/cipher" + "crypto/subtle" + "encoding/binary" + "errors" +) + +var defaultIV = []byte{0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6} + +// KeyWrap implements NIST key wrapping; it wraps a content encryption key (cek) with the given block cipher. +func KeyWrap(block cipher.Block, cek []byte) ([]byte, error) { + if len(cek)%8 != 0 { + return nil, errors.New("go-jose/go-jose: key wrap input must be 8 byte blocks") + } + + n := len(cek) / 8 + r := make([][]byte, n) + + for i := range r { + r[i] = make([]byte, 8) + copy(r[i], cek[i*8:]) + } + + buffer := make([]byte, 16) + tBytes := make([]byte, 8) + copy(buffer, defaultIV) + + for t := 0; t < 6*n; t++ { + copy(buffer[8:], r[t%n]) + + block.Encrypt(buffer, buffer) + + binary.BigEndian.PutUint64(tBytes, uint64(t+1)) + + for i := 0; i < 8; i++ { + buffer[i] ^= tBytes[i] + } + copy(r[t%n], buffer[8:]) + } + + out := make([]byte, (n+1)*8) + copy(out, buffer[:8]) + for i := range r { + copy(out[(i+1)*8:], r[i]) + } + + return out, nil +} + +// KeyUnwrap implements NIST key unwrapping; it unwraps a content encryption key (cek) with the given block cipher. +func KeyUnwrap(block cipher.Block, ciphertext []byte) ([]byte, error) { + if len(ciphertext)%8 != 0 { + return nil, errors.New("go-jose/go-jose: key wrap input must be 8 byte blocks") + } + + n := (len(ciphertext) / 8) - 1 + r := make([][]byte, n) + + for i := range r { + r[i] = make([]byte, 8) + copy(r[i], ciphertext[(i+1)*8:]) + } + + buffer := make([]byte, 16) + tBytes := make([]byte, 8) + copy(buffer[:8], ciphertext[:8]) + + for t := 6*n - 1; t >= 0; t-- { + binary.BigEndian.PutUint64(tBytes, uint64(t+1)) + + for i := 0; i < 8; i++ { + buffer[i] ^= tBytes[i] + } + copy(buffer[8:], r[t%n]) + + block.Decrypt(buffer, buffer) + + copy(r[t%n], buffer[8:]) + } + + if subtle.ConstantTimeCompare(buffer[:8], defaultIV) == 0 { + return nil, errors.New("go-jose/go-jose: failed to unwrap key") + } + + out := make([]byte, n*8) + for i := range r { + copy(out[i*8:], r[i]) + } + + return out, nil +} diff --git a/vendor/github.com/go-jose/go-jose/v4/crypter.go b/vendor/github.com/go-jose/go-jose/v4/crypter.go new file mode 100644 index 000000000..d81b03b44 --- /dev/null +++ b/vendor/github.com/go-jose/go-jose/v4/crypter.go @@ -0,0 +1,599 @@ +/*- + * Copyright 2014 Square Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package jose + +import ( + "crypto/ecdsa" + "crypto/rsa" + "errors" + "fmt" + + "github.com/go-jose/go-jose/v4/json" +) + +// Encrypter represents an encrypter which produces an encrypted JWE object. +type Encrypter interface { + Encrypt(plaintext []byte) (*JSONWebEncryption, error) + EncryptWithAuthData(plaintext []byte, aad []byte) (*JSONWebEncryption, error) + Options() EncrypterOptions +} + +// A generic content cipher +type contentCipher interface { + keySize() int + encrypt(cek []byte, aad, plaintext []byte) (*aeadParts, error) + decrypt(cek []byte, aad []byte, parts *aeadParts) ([]byte, error) +} + +// A key generator (for generating/getting a CEK) +type keyGenerator interface { + keySize() int + genKey() ([]byte, rawHeader, error) +} + +// A generic key encrypter +type keyEncrypter interface { + encryptKey(cek []byte, alg KeyAlgorithm) (recipientInfo, error) // Encrypt a key +} + +// A generic key decrypter +type keyDecrypter interface { + decryptKey(headers rawHeader, recipient *recipientInfo, generator keyGenerator) ([]byte, error) // Decrypt a key +} + +// A generic encrypter based on the given key encrypter and content cipher. +type genericEncrypter struct { + contentAlg ContentEncryption + compressionAlg CompressionAlgorithm + cipher contentCipher + recipients []recipientKeyInfo + keyGenerator keyGenerator + extraHeaders map[HeaderKey]interface{} +} + +type recipientKeyInfo struct { + keyID string + keyAlg KeyAlgorithm + keyEncrypter keyEncrypter +} + +// EncrypterOptions represents options that can be set on new encrypters. +type EncrypterOptions struct { + Compression CompressionAlgorithm + + // Optional map of name/value pairs to be inserted into the protected + // header of a JWS object. Some specifications which make use of + // JWS require additional values here. + // + // Values will be serialized by [json.Marshal] and must be valid inputs to + // that function. + // + // [json.Marshal]: https://pkg.go.dev/encoding/json#Marshal + ExtraHeaders map[HeaderKey]interface{} +} + +// WithHeader adds an arbitrary value to the ExtraHeaders map, initializing it +// if necessary, and returns the updated EncrypterOptions. +// +// The v parameter will be serialized by [json.Marshal] and must be a valid +// input to that function. +// +// [json.Marshal]: https://pkg.go.dev/encoding/json#Marshal +func (eo *EncrypterOptions) WithHeader(k HeaderKey, v interface{}) *EncrypterOptions { + if eo.ExtraHeaders == nil { + eo.ExtraHeaders = map[HeaderKey]interface{}{} + } + eo.ExtraHeaders[k] = v + return eo +} + +// WithContentType adds a content type ("cty") header and returns the updated +// EncrypterOptions. +func (eo *EncrypterOptions) WithContentType(contentType ContentType) *EncrypterOptions { + return eo.WithHeader(HeaderContentType, contentType) +} + +// WithType adds a type ("typ") header and returns the updated EncrypterOptions. +func (eo *EncrypterOptions) WithType(typ ContentType) *EncrypterOptions { + return eo.WithHeader(HeaderType, typ) +} + +// Recipient represents an algorithm/key to encrypt messages to. +// +// PBES2Count and PBES2Salt correspond with the "p2c" and "p2s" headers used +// on the password-based encryption algorithms PBES2-HS256+A128KW, +// PBES2-HS384+A192KW, and PBES2-HS512+A256KW. If they are not provided a safe +// default of 100000 will be used for the count and a 128-bit random salt will +// be generated. +type Recipient struct { + Algorithm KeyAlgorithm + // Key must have one of these types: + // - ed25519.PublicKey + // - *ecdsa.PublicKey + // - *rsa.PublicKey + // - *JSONWebKey + // - JSONWebKey + // - []byte (a symmetric key) + // - Any type that satisfies the OpaqueKeyEncrypter interface + // + // The type of Key must match the value of Algorithm. + Key interface{} + KeyID string + PBES2Count int + PBES2Salt []byte +} + +// NewEncrypter creates an appropriate encrypter based on the key type +func NewEncrypter(enc ContentEncryption, rcpt Recipient, opts *EncrypterOptions) (Encrypter, error) { + encrypter := &genericEncrypter{ + contentAlg: enc, + recipients: []recipientKeyInfo{}, + cipher: getContentCipher(enc), + } + if opts != nil { + encrypter.compressionAlg = opts.Compression + encrypter.extraHeaders = opts.ExtraHeaders + } + + if encrypter.cipher == nil { + return nil, ErrUnsupportedAlgorithm + } + + var keyID string + var rawKey interface{} + switch encryptionKey := rcpt.Key.(type) { + case JSONWebKey: + keyID, rawKey = encryptionKey.KeyID, encryptionKey.Key + case *JSONWebKey: + keyID, rawKey = encryptionKey.KeyID, encryptionKey.Key + case OpaqueKeyEncrypter: + keyID, rawKey = encryptionKey.KeyID(), encryptionKey + default: + rawKey = encryptionKey + } + + switch rcpt.Algorithm { + case DIRECT: + // Direct encryption mode must be treated differently + keyBytes, ok := rawKey.([]byte) + if !ok { + return nil, ErrUnsupportedKeyType + } + if encrypter.cipher.keySize() != len(keyBytes) { + return nil, ErrInvalidKeySize + } + encrypter.keyGenerator = staticKeyGenerator{ + key: keyBytes, + } + recipientInfo, _ := newSymmetricRecipient(rcpt.Algorithm, keyBytes) + recipientInfo.keyID = keyID + if rcpt.KeyID != "" { + recipientInfo.keyID = rcpt.KeyID + } + encrypter.recipients = []recipientKeyInfo{recipientInfo} + return encrypter, nil + case ECDH_ES: + // ECDH-ES (w/o key wrapping) is similar to DIRECT mode + keyDSA, ok := rawKey.(*ecdsa.PublicKey) + if !ok { + return nil, ErrUnsupportedKeyType + } + encrypter.keyGenerator = ecKeyGenerator{ + size: encrypter.cipher.keySize(), + algID: string(enc), + publicKey: keyDSA, + } + recipientInfo, _ := newECDHRecipient(rcpt.Algorithm, keyDSA) + recipientInfo.keyID = keyID + if rcpt.KeyID != "" { + recipientInfo.keyID = rcpt.KeyID + } + encrypter.recipients = []recipientKeyInfo{recipientInfo} + return encrypter, nil + default: + // Can just add a standard recipient + encrypter.keyGenerator = randomKeyGenerator{ + size: encrypter.cipher.keySize(), + } + err := encrypter.addRecipient(rcpt) + return encrypter, err + } +} + +// NewMultiEncrypter creates a multi-encrypter based on the given parameters +func NewMultiEncrypter(enc ContentEncryption, rcpts []Recipient, opts *EncrypterOptions) (Encrypter, error) { + cipher := getContentCipher(enc) + + if cipher == nil { + return nil, ErrUnsupportedAlgorithm + } + if len(rcpts) == 0 { + return nil, fmt.Errorf("go-jose/go-jose: recipients is nil or empty") + } + + encrypter := &genericEncrypter{ + contentAlg: enc, + recipients: []recipientKeyInfo{}, + cipher: cipher, + keyGenerator: randomKeyGenerator{ + size: cipher.keySize(), + }, + } + + if opts != nil { + encrypter.compressionAlg = opts.Compression + encrypter.extraHeaders = opts.ExtraHeaders + } + + for _, recipient := range rcpts { + err := encrypter.addRecipient(recipient) + if err != nil { + return nil, err + } + } + + return encrypter, nil +} + +func (ctx *genericEncrypter) addRecipient(recipient Recipient) (err error) { + var recipientInfo recipientKeyInfo + + switch recipient.Algorithm { + case DIRECT, ECDH_ES: + return fmt.Errorf("go-jose/go-jose: key algorithm '%s' not supported in multi-recipient mode", recipient.Algorithm) + } + + recipientInfo, err = makeJWERecipient(recipient.Algorithm, recipient.Key) + if recipient.KeyID != "" { + recipientInfo.keyID = recipient.KeyID + } + + switch recipient.Algorithm { + case PBES2_HS256_A128KW, PBES2_HS384_A192KW, PBES2_HS512_A256KW: + if sr, ok := recipientInfo.keyEncrypter.(*symmetricKeyCipher); ok { + sr.p2c = recipient.PBES2Count + sr.p2s = recipient.PBES2Salt + } + } + + if err == nil { + ctx.recipients = append(ctx.recipients, recipientInfo) + } + return err +} + +func makeJWERecipient(alg KeyAlgorithm, encryptionKey interface{}) (recipientKeyInfo, error) { + switch encryptionKey := encryptionKey.(type) { + case *rsa.PublicKey: + return newRSARecipient(alg, encryptionKey) + case *ecdsa.PublicKey: + return newECDHRecipient(alg, encryptionKey) + case []byte: + return newSymmetricRecipient(alg, encryptionKey) + case string: + return newSymmetricRecipient(alg, []byte(encryptionKey)) + case *JSONWebKey: + recipient, err := makeJWERecipient(alg, encryptionKey.Key) + recipient.keyID = encryptionKey.KeyID + return recipient, err + case OpaqueKeyEncrypter: + return newOpaqueKeyEncrypter(alg, encryptionKey) + } + return recipientKeyInfo{}, ErrUnsupportedKeyType +} + +// newDecrypter creates an appropriate decrypter based on the key type +func newDecrypter(decryptionKey interface{}) (keyDecrypter, error) { + switch decryptionKey := decryptionKey.(type) { + case *rsa.PrivateKey: + return &rsaDecrypterSigner{ + privateKey: decryptionKey, + }, nil + case *ecdsa.PrivateKey: + return &ecDecrypterSigner{ + privateKey: decryptionKey, + }, nil + case []byte: + return &symmetricKeyCipher{ + key: decryptionKey, + }, nil + case string: + return &symmetricKeyCipher{ + key: []byte(decryptionKey), + }, nil + case JSONWebKey: + return newDecrypter(decryptionKey.Key) + case *JSONWebKey: + return newDecrypter(decryptionKey.Key) + case OpaqueKeyDecrypter: + return &opaqueKeyDecrypter{decrypter: decryptionKey}, nil + default: + return nil, ErrUnsupportedKeyType + } +} + +// Implementation of encrypt method producing a JWE object. +func (ctx *genericEncrypter) Encrypt(plaintext []byte) (*JSONWebEncryption, error) { + return ctx.EncryptWithAuthData(plaintext, nil) +} + +// Implementation of encrypt method producing a JWE object. +func (ctx *genericEncrypter) EncryptWithAuthData(plaintext, aad []byte) (*JSONWebEncryption, error) { + obj := &JSONWebEncryption{} + obj.aad = aad + + obj.protected = &rawHeader{} + err := obj.protected.set(headerEncryption, ctx.contentAlg) + if err != nil { + return nil, err + } + + obj.recipients = make([]recipientInfo, len(ctx.recipients)) + + if len(ctx.recipients) == 0 { + return nil, fmt.Errorf("go-jose/go-jose: no recipients to encrypt to") + } + + cek, headers, err := ctx.keyGenerator.genKey() + if err != nil { + return nil, err + } + + obj.protected.merge(&headers) + + for i, info := range ctx.recipients { + recipient, err := info.keyEncrypter.encryptKey(cek, info.keyAlg) + if err != nil { + return nil, err + } + + err = recipient.header.set(headerAlgorithm, info.keyAlg) + if err != nil { + return nil, err + } + + if info.keyID != "" { + err = recipient.header.set(headerKeyID, info.keyID) + if err != nil { + return nil, err + } + } + obj.recipients[i] = recipient + } + + if len(ctx.recipients) == 1 { + // Move per-recipient headers into main protected header if there's + // only a single recipient. + obj.protected.merge(obj.recipients[0].header) + obj.recipients[0].header = nil + } + + if ctx.compressionAlg != NONE { + plaintext, err = compress(ctx.compressionAlg, plaintext) + if err != nil { + return nil, err + } + + err = obj.protected.set(headerCompression, ctx.compressionAlg) + if err != nil { + return nil, err + } + } + + for k, v := range ctx.extraHeaders { + b, err := json.Marshal(v) + if err != nil { + return nil, err + } + (*obj.protected)[k] = makeRawMessage(b) + } + + authData := obj.computeAuthData() + parts, err := ctx.cipher.encrypt(cek, authData, plaintext) + if err != nil { + return nil, err + } + + obj.iv = parts.iv + obj.ciphertext = parts.ciphertext + obj.tag = parts.tag + + return obj, nil +} + +func (ctx *genericEncrypter) Options() EncrypterOptions { + return EncrypterOptions{ + Compression: ctx.compressionAlg, + ExtraHeaders: ctx.extraHeaders, + } +} + +// Decrypt and validate the object and return the plaintext. This +// function does not support multi-recipient. If you desire multi-recipient +// decryption use DecryptMulti instead. +// +// The decryptionKey argument must contain a private or symmetric key +// and must have one of these types: +// - *ecdsa.PrivateKey +// - *rsa.PrivateKey +// - *JSONWebKey +// - JSONWebKey +// - *JSONWebKeySet +// - JSONWebKeySet +// - []byte (a symmetric key) +// - string (a symmetric key) +// - Any type that satisfies the OpaqueKeyDecrypter interface. +// +// Note that ed25519 is only available for signatures, not encryption, so is +// not an option here. +// +// Automatically decompresses plaintext, but returns an error if the decompressed +// data would be >250kB or >10x the size of the compressed data, whichever is larger. +func (obj JSONWebEncryption) Decrypt(decryptionKey interface{}) ([]byte, error) { + headers := obj.mergedHeaders(nil) + + if len(obj.recipients) > 1 { + return nil, errors.New("go-jose/go-jose: too many recipients in payload; expecting only one") + } + + critical, err := headers.getCritical() + if err != nil { + return nil, fmt.Errorf("go-jose/go-jose: invalid crit header") + } + + if len(critical) > 0 { + return nil, fmt.Errorf("go-jose/go-jose: unsupported crit header") + } + + key, err := tryJWKS(decryptionKey, obj.Header) + if err != nil { + return nil, err + } + decrypter, err := newDecrypter(key) + if err != nil { + return nil, err + } + + cipher := getContentCipher(headers.getEncryption()) + if cipher == nil { + return nil, fmt.Errorf("go-jose/go-jose: unsupported enc value '%s'", string(headers.getEncryption())) + } + + generator := randomKeyGenerator{ + size: cipher.keySize(), + } + + parts := &aeadParts{ + iv: obj.iv, + ciphertext: obj.ciphertext, + tag: obj.tag, + } + + authData := obj.computeAuthData() + + var plaintext []byte + recipient := obj.recipients[0] + recipientHeaders := obj.mergedHeaders(&recipient) + + cek, err := decrypter.decryptKey(recipientHeaders, &recipient, generator) + if err == nil { + // Found a valid CEK -- let's try to decrypt. + plaintext, err = cipher.decrypt(cek, authData, parts) + } + + if plaintext == nil { + return nil, ErrCryptoFailure + } + + // The "zip" header parameter may only be present in the protected header. + if comp := obj.protected.getCompression(); comp != "" { + plaintext, err = decompress(comp, plaintext) + if err != nil { + return nil, fmt.Errorf("go-jose/go-jose: failed to decompress plaintext: %v", err) + } + } + + return plaintext, nil +} + +// DecryptMulti decrypts and validates the object and returns the plaintexts, +// with support for multiple recipients. It returns the index of the recipient +// for which the decryption was successful, the merged headers for that recipient, +// and the plaintext. +// +// The decryptionKey argument must have one of the types allowed for the +// decryptionKey argument of Decrypt(). +// +// Automatically decompresses plaintext, but returns an error if the decompressed +// data would be >250kB or >3x the size of the compressed data, whichever is larger. +func (obj JSONWebEncryption) DecryptMulti(decryptionKey interface{}) (int, Header, []byte, error) { + globalHeaders := obj.mergedHeaders(nil) + + critical, err := globalHeaders.getCritical() + if err != nil { + return -1, Header{}, nil, fmt.Errorf("go-jose/go-jose: invalid crit header") + } + + if len(critical) > 0 { + return -1, Header{}, nil, fmt.Errorf("go-jose/go-jose: unsupported crit header") + } + + key, err := tryJWKS(decryptionKey, obj.Header) + if err != nil { + return -1, Header{}, nil, err + } + decrypter, err := newDecrypter(key) + if err != nil { + return -1, Header{}, nil, err + } + + encryption := globalHeaders.getEncryption() + cipher := getContentCipher(encryption) + if cipher == nil { + return -1, Header{}, nil, fmt.Errorf("go-jose/go-jose: unsupported enc value '%s'", string(encryption)) + } + + generator := randomKeyGenerator{ + size: cipher.keySize(), + } + + parts := &aeadParts{ + iv: obj.iv, + ciphertext: obj.ciphertext, + tag: obj.tag, + } + + authData := obj.computeAuthData() + + index := -1 + var plaintext []byte + var headers rawHeader + + for i, recipient := range obj.recipients { + recipientHeaders := obj.mergedHeaders(&recipient) + + cek, err := decrypter.decryptKey(recipientHeaders, &recipient, generator) + if err == nil { + // Found a valid CEK -- let's try to decrypt. + plaintext, err = cipher.decrypt(cek, authData, parts) + if err == nil { + index = i + headers = recipientHeaders + break + } + } + } + + if plaintext == nil { + return -1, Header{}, nil, ErrCryptoFailure + } + + // The "zip" header parameter may only be present in the protected header. + if comp := obj.protected.getCompression(); comp != "" { + plaintext, err = decompress(comp, plaintext) + if err != nil { + return -1, Header{}, nil, fmt.Errorf("go-jose/go-jose: failed to decompress plaintext: %v", err) + } + } + + sanitized, err := headers.sanitized() + if err != nil { + return -1, Header{}, nil, fmt.Errorf("go-jose/go-jose: failed to sanitize header: %v", err) + } + + return index, sanitized, plaintext, err +} diff --git a/vendor/github.com/go-jose/go-jose/v4/doc.go b/vendor/github.com/go-jose/go-jose/v4/doc.go new file mode 100644 index 000000000..0ad40ca08 --- /dev/null +++ b/vendor/github.com/go-jose/go-jose/v4/doc.go @@ -0,0 +1,25 @@ +/*- + * Copyright 2014 Square Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/* +Package jose aims to provide an implementation of the Javascript Object Signing +and Encryption set of standards. It implements encryption and signing based on +the JSON Web Encryption and JSON Web Signature standards, with optional JSON Web +Token support available in a sub-package. The library supports both the compact +and JWS/JWE JSON Serialization formats, and has optional support for multiple +recipients. +*/ +package jose diff --git a/vendor/github.com/go-jose/go-jose/v4/encoding.go b/vendor/github.com/go-jose/go-jose/v4/encoding.go new file mode 100644 index 000000000..4f6e0d4a5 --- /dev/null +++ b/vendor/github.com/go-jose/go-jose/v4/encoding.go @@ -0,0 +1,228 @@ +/*- + * Copyright 2014 Square Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package jose + +import ( + "bytes" + "compress/flate" + "encoding/base64" + "encoding/binary" + "fmt" + "io" + "math/big" + "strings" + "unicode" + + "github.com/go-jose/go-jose/v4/json" +) + +// Helper function to serialize known-good objects. +// Precondition: value is not a nil pointer. +func mustSerializeJSON(value interface{}) []byte { + out, err := json.Marshal(value) + if err != nil { + panic(err) + } + // We never want to serialize the top-level value "null," since it's not a + // valid JOSE message. But if a caller passes in a nil pointer to this method, + // MarshalJSON will happily serialize it as the top-level value "null". If + // that value is then embedded in another operation, for instance by being + // base64-encoded and fed as input to a signing algorithm + // (https://github.com/go-jose/go-jose/issues/22), the result will be + // incorrect. Because this method is intended for known-good objects, and a nil + // pointer is not a known-good object, we are free to panic in this case. + // Note: It's not possible to directly check whether the data pointed at by an + // interface is a nil pointer, so we do this hacky workaround. + // https://groups.google.com/forum/#!topic/golang-nuts/wnH302gBa4I + if string(out) == "null" { + panic("Tried to serialize a nil pointer.") + } + return out +} + +// Strip all newlines and whitespace +func stripWhitespace(data string) string { + buf := strings.Builder{} + buf.Grow(len(data)) + for _, r := range data { + if !unicode.IsSpace(r) { + buf.WriteRune(r) + } + } + return buf.String() +} + +// Perform compression based on algorithm +func compress(algorithm CompressionAlgorithm, input []byte) ([]byte, error) { + switch algorithm { + case DEFLATE: + return deflate(input) + default: + return nil, ErrUnsupportedAlgorithm + } +} + +// Perform decompression based on algorithm +func decompress(algorithm CompressionAlgorithm, input []byte) ([]byte, error) { + switch algorithm { + case DEFLATE: + return inflate(input) + default: + return nil, ErrUnsupportedAlgorithm + } +} + +// deflate compresses the input. +func deflate(input []byte) ([]byte, error) { + output := new(bytes.Buffer) + + // Writing to byte buffer, err is always nil + writer, _ := flate.NewWriter(output, 1) + _, _ = io.Copy(writer, bytes.NewBuffer(input)) + + err := writer.Close() + return output.Bytes(), err +} + +// inflate decompresses the input. +// +// Errors if the decompressed data would be >250kB or >10x the size of the +// compressed data, whichever is larger. +func inflate(input []byte) ([]byte, error) { + output := new(bytes.Buffer) + reader := flate.NewReader(bytes.NewBuffer(input)) + + maxCompressedSize := max(250_000, 10*int64(len(input))) + + limit := maxCompressedSize + 1 + n, err := io.CopyN(output, reader, limit) + if err != nil && err != io.EOF { + return nil, err + } + if n == limit { + return nil, fmt.Errorf("uncompressed data would be too large (>%d bytes)", maxCompressedSize) + } + + err = reader.Close() + return output.Bytes(), err +} + +// byteBuffer represents a slice of bytes that can be serialized to url-safe base64. +type byteBuffer struct { + data []byte +} + +func newBuffer(data []byte) *byteBuffer { + if data == nil { + return nil + } + return &byteBuffer{ + data: data, + } +} + +func newFixedSizeBuffer(data []byte, length int) *byteBuffer { + if len(data) > length { + panic("go-jose/go-jose: invalid call to newFixedSizeBuffer (len(data) > length)") + } + pad := make([]byte, length-len(data)) + return newBuffer(append(pad, data...)) +} + +func newBufferFromInt(num uint64) *byteBuffer { + data := make([]byte, 8) + binary.BigEndian.PutUint64(data, num) + return newBuffer(bytes.TrimLeft(data, "\x00")) +} + +func (b *byteBuffer) MarshalJSON() ([]byte, error) { + return json.Marshal(b.base64()) +} + +func (b *byteBuffer) UnmarshalJSON(data []byte) error { + var encoded string + err := json.Unmarshal(data, &encoded) + if err != nil { + return err + } + + if encoded == "" { + return nil + } + + decoded, err := base64.RawURLEncoding.DecodeString(encoded) + if err != nil { + return err + } + + *b = *newBuffer(decoded) + + return nil +} + +func (b *byteBuffer) base64() string { + return base64.RawURLEncoding.EncodeToString(b.data) +} + +func (b *byteBuffer) bytes() []byte { + // Handling nil here allows us to transparently handle nil slices when serializing. + if b == nil { + return nil + } + return b.data +} + +func (b byteBuffer) bigInt() *big.Int { + return new(big.Int).SetBytes(b.data) +} + +func (b byteBuffer) toInt() int { + return int(b.bigInt().Int64()) +} + +func base64EncodeLen(sl []byte) int { + return base64.RawURLEncoding.EncodedLen(len(sl)) +} + +func base64JoinWithDots(inputs ...[]byte) string { + if len(inputs) == 0 { + return "" + } + + // Count of dots. + totalCount := len(inputs) - 1 + + for _, input := range inputs { + totalCount += base64EncodeLen(input) + } + + out := make([]byte, totalCount) + startEncode := 0 + for i, input := range inputs { + base64.RawURLEncoding.Encode(out[startEncode:], input) + + if i == len(inputs)-1 { + continue + } + + startEncode += base64EncodeLen(input) + out[startEncode] = '.' + startEncode++ + } + + return string(out) +} diff --git a/vendor/github.com/go-jose/go-jose/v4/json/LICENSE b/vendor/github.com/go-jose/go-jose/v4/json/LICENSE new file mode 100644 index 000000000..744875676 --- /dev/null +++ b/vendor/github.com/go-jose/go-jose/v4/json/LICENSE @@ -0,0 +1,27 @@ +Copyright (c) 2012 The Go Authors. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + * Neither the name of Google Inc. nor the names of its +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/vendor/github.com/go-jose/go-jose/v4/json/README.md b/vendor/github.com/go-jose/go-jose/v4/json/README.md new file mode 100644 index 000000000..86de5e558 --- /dev/null +++ b/vendor/github.com/go-jose/go-jose/v4/json/README.md @@ -0,0 +1,13 @@ +# Safe JSON + +This repository contains a fork of the `encoding/json` package from Go 1.6. + +The following changes were made: + +* Object deserialization uses case-sensitive member name matching instead of + [case-insensitive matching](https://www.ietf.org/mail-archive/web/json/current/msg03763.html). + This is to avoid differences in the interpretation of JOSE messages between + go-jose and libraries written in other languages. +* When deserializing a JSON object, we check for duplicate keys and reject the + input whenever we detect a duplicate. Rather than trying to work with malformed + data, we prefer to reject it right away. diff --git a/vendor/github.com/go-jose/go-jose/v4/json/decode.go b/vendor/github.com/go-jose/go-jose/v4/json/decode.go new file mode 100644 index 000000000..50634dd84 --- /dev/null +++ b/vendor/github.com/go-jose/go-jose/v4/json/decode.go @@ -0,0 +1,1216 @@ +// Copyright 2010 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Represents JSON data structure using native Go types: booleans, floats, +// strings, arrays, and maps. + +package json + +import ( + "bytes" + "encoding" + "encoding/base64" + "errors" + "fmt" + "math" + "reflect" + "runtime" + "strconv" + "unicode" + "unicode/utf16" + "unicode/utf8" +) + +// Unmarshal parses the JSON-encoded data and stores the result +// in the value pointed to by v. +// +// Unmarshal uses the inverse of the encodings that +// Marshal uses, allocating maps, slices, and pointers as necessary, +// with the following additional rules: +// +// To unmarshal JSON into a pointer, Unmarshal first handles the case of +// the JSON being the JSON literal null. In that case, Unmarshal sets +// the pointer to nil. Otherwise, Unmarshal unmarshals the JSON into +// the value pointed at by the pointer. If the pointer is nil, Unmarshal +// allocates a new value for it to point to. +// +// To unmarshal JSON into a struct, Unmarshal matches incoming object +// keys to the keys used by Marshal (either the struct field name or its tag), +// preferring an exact match but also accepting a case-insensitive match. +// Unmarshal will only set exported fields of the struct. +// +// To unmarshal JSON into an interface value, +// Unmarshal stores one of these in the interface value: +// +// bool, for JSON booleans +// float64, for JSON numbers +// string, for JSON strings +// []interface{}, for JSON arrays +// map[string]interface{}, for JSON objects +// nil for JSON null +// +// To unmarshal a JSON array into a slice, Unmarshal resets the slice length +// to zero and then appends each element to the slice. +// As a special case, to unmarshal an empty JSON array into a slice, +// Unmarshal replaces the slice with a new empty slice. +// +// To unmarshal a JSON array into a Go array, Unmarshal decodes +// JSON array elements into corresponding Go array elements. +// If the Go array is smaller than the JSON array, +// the additional JSON array elements are discarded. +// If the JSON array is smaller than the Go array, +// the additional Go array elements are set to zero values. +// +// To unmarshal a JSON object into a string-keyed map, Unmarshal first +// establishes a map to use, If the map is nil, Unmarshal allocates a new map. +// Otherwise Unmarshal reuses the existing map, keeping existing entries. +// Unmarshal then stores key-value pairs from the JSON object into the map. +// +// If a JSON value is not appropriate for a given target type, +// or if a JSON number overflows the target type, Unmarshal +// skips that field and completes the unmarshaling as best it can. +// If no more serious errors are encountered, Unmarshal returns +// an UnmarshalTypeError describing the earliest such error. +// +// The JSON null value unmarshals into an interface, map, pointer, or slice +// by setting that Go value to nil. Because null is often used in JSON to mean +// “not present,” unmarshaling a JSON null into any other Go type has no effect +// on the value and produces no error. +// +// When unmarshaling quoted strings, invalid UTF-8 or +// invalid UTF-16 surrogate pairs are not treated as an error. +// Instead, they are replaced by the Unicode replacement +// character U+FFFD. +func Unmarshal(data []byte, v interface{}) error { + // Check for well-formedness. + // Avoids filling out half a data structure + // before discovering a JSON syntax error. + var d decodeState + err := checkValid(data, &d.scan) + if err != nil { + return err + } + + d.init(data) + return d.unmarshal(v) +} + +// Unmarshaler is the interface implemented by objects +// that can unmarshal a JSON description of themselves. +// The input can be assumed to be a valid encoding of +// a JSON value. UnmarshalJSON must copy the JSON data +// if it wishes to retain the data after returning. +type Unmarshaler interface { + UnmarshalJSON([]byte) error +} + +// An UnmarshalTypeError describes a JSON value that was +// not appropriate for a value of a specific Go type. +type UnmarshalTypeError struct { + Value string // description of JSON value - "bool", "array", "number -5" + Type reflect.Type // type of Go value it could not be assigned to + Offset int64 // error occurred after reading Offset bytes +} + +func (e *UnmarshalTypeError) Error() string { + return "json: cannot unmarshal " + e.Value + " into Go value of type " + e.Type.String() +} + +// An UnmarshalFieldError describes a JSON object key that +// led to an unexported (and therefore unwritable) struct field. +// (No longer used; kept for compatibility.) +type UnmarshalFieldError struct { + Key string + Type reflect.Type + Field reflect.StructField +} + +func (e *UnmarshalFieldError) Error() string { + return "json: cannot unmarshal object key " + strconv.Quote(e.Key) + " into unexported field " + e.Field.Name + " of type " + e.Type.String() +} + +// An InvalidUnmarshalError describes an invalid argument passed to Unmarshal. +// (The argument to Unmarshal must be a non-nil pointer.) +type InvalidUnmarshalError struct { + Type reflect.Type +} + +func (e *InvalidUnmarshalError) Error() string { + if e.Type == nil { + return "json: Unmarshal(nil)" + } + + if e.Type.Kind() != reflect.Ptr { + return "json: Unmarshal(non-pointer " + e.Type.String() + ")" + } + return "json: Unmarshal(nil " + e.Type.String() + ")" +} + +func (d *decodeState) unmarshal(v interface{}) (err error) { + defer func() { + if r := recover(); r != nil { + if _, ok := r.(runtime.Error); ok { + panic(r) + } + err = r.(error) + } + }() + + rv := reflect.ValueOf(v) + if rv.Kind() != reflect.Ptr || rv.IsNil() { + return &InvalidUnmarshalError{reflect.TypeOf(v)} + } + + d.scan.reset() + // We decode rv not rv.Elem because the Unmarshaler interface + // test must be applied at the top level of the value. + d.value(rv) + return d.savedError +} + +// A Number represents a JSON number literal. +type Number string + +// String returns the literal text of the number. +func (n Number) String() string { return string(n) } + +// Float64 returns the number as a float64. +func (n Number) Float64() (float64, error) { + return strconv.ParseFloat(string(n), 64) +} + +// Int64 returns the number as an int64. +func (n Number) Int64() (int64, error) { + return strconv.ParseInt(string(n), 10, 64) +} + +// isValidNumber reports whether s is a valid JSON number literal. +func isValidNumber(s string) bool { + // This function implements the JSON numbers grammar. + // See https://tools.ietf.org/html/rfc7159#section-6 + // and http://json.org/number.gif + + if s == "" { + return false + } + + // Optional - + if s[0] == '-' { + s = s[1:] + if s == "" { + return false + } + } + + // Digits + switch { + default: + return false + + case s[0] == '0': + s = s[1:] + + case '1' <= s[0] && s[0] <= '9': + s = s[1:] + for len(s) > 0 && '0' <= s[0] && s[0] <= '9' { + s = s[1:] + } + } + + // . followed by 1 or more digits. + if len(s) >= 2 && s[0] == '.' && '0' <= s[1] && s[1] <= '9' { + s = s[2:] + for len(s) > 0 && '0' <= s[0] && s[0] <= '9' { + s = s[1:] + } + } + + // e or E followed by an optional - or + and + // 1 or more digits. + if len(s) >= 2 && (s[0] == 'e' || s[0] == 'E') { + s = s[1:] + if s[0] == '+' || s[0] == '-' { + s = s[1:] + if s == "" { + return false + } + } + for len(s) > 0 && '0' <= s[0] && s[0] <= '9' { + s = s[1:] + } + } + + // Make sure we are at the end. + return s == "" +} + +type NumberUnmarshalType int + +const ( + // unmarshal a JSON number into an interface{} as a float64 + UnmarshalFloat NumberUnmarshalType = iota + // unmarshal a JSON number into an interface{} as a `json.Number` + UnmarshalJSONNumber + // unmarshal a JSON number into an interface{} as a int64 + // if value is an integer otherwise float64 + UnmarshalIntOrFloat +) + +// decodeState represents the state while decoding a JSON value. +type decodeState struct { + data []byte + off int // read offset in data + scan scanner + nextscan scanner // for calls to nextValue + savedError error + numberType NumberUnmarshalType +} + +// errPhase is used for errors that should not happen unless +// there is a bug in the JSON decoder or something is editing +// the data slice while the decoder executes. +var errPhase = errors.New("JSON decoder out of sync - data changing underfoot?") + +func (d *decodeState) init(data []byte) *decodeState { + d.data = data + d.off = 0 + d.savedError = nil + return d +} + +// error aborts the decoding by panicking with err. +func (d *decodeState) error(err error) { + panic(err) +} + +// saveError saves the first err it is called with, +// for reporting at the end of the unmarshal. +func (d *decodeState) saveError(err error) { + if d.savedError == nil { + d.savedError = err + } +} + +// next cuts off and returns the next full JSON value in d.data[d.off:]. +// The next value is known to be an object or array, not a literal. +func (d *decodeState) next() []byte { + c := d.data[d.off] + item, rest, err := nextValue(d.data[d.off:], &d.nextscan) + if err != nil { + d.error(err) + } + d.off = len(d.data) - len(rest) + + // Our scanner has seen the opening brace/bracket + // and thinks we're still in the middle of the object. + // invent a closing brace/bracket to get it out. + if c == '{' { + d.scan.step(&d.scan, '}') + } else { + d.scan.step(&d.scan, ']') + } + + return item +} + +// scanWhile processes bytes in d.data[d.off:] until it +// receives a scan code not equal to op. +// It updates d.off and returns the new scan code. +func (d *decodeState) scanWhile(op int) int { + var newOp int + for { + if d.off >= len(d.data) { + newOp = d.scan.eof() + d.off = len(d.data) + 1 // mark processed EOF with len+1 + } else { + c := d.data[d.off] + d.off++ + newOp = d.scan.step(&d.scan, c) + } + if newOp != op { + break + } + } + return newOp +} + +// value decodes a JSON value from d.data[d.off:] into the value. +// it updates d.off to point past the decoded value. +func (d *decodeState) value(v reflect.Value) { + if !v.IsValid() { + _, rest, err := nextValue(d.data[d.off:], &d.nextscan) + if err != nil { + d.error(err) + } + d.off = len(d.data) - len(rest) + + // d.scan thinks we're still at the beginning of the item. + // Feed in an empty string - the shortest, simplest value - + // so that it knows we got to the end of the value. + if d.scan.redo { + // rewind. + d.scan.redo = false + d.scan.step = stateBeginValue + } + d.scan.step(&d.scan, '"') + d.scan.step(&d.scan, '"') + + n := len(d.scan.parseState) + if n > 0 && d.scan.parseState[n-1] == parseObjectKey { + // d.scan thinks we just read an object key; finish the object + d.scan.step(&d.scan, ':') + d.scan.step(&d.scan, '"') + d.scan.step(&d.scan, '"') + d.scan.step(&d.scan, '}') + } + + return + } + + switch op := d.scanWhile(scanSkipSpace); op { + default: + d.error(errPhase) + + case scanBeginArray: + d.array(v) + + case scanBeginObject: + d.object(v) + + case scanBeginLiteral: + d.literal(v) + } +} + +type unquotedValue struct{} + +// valueQuoted is like value but decodes a +// quoted string literal or literal null into an interface value. +// If it finds anything other than a quoted string literal or null, +// valueQuoted returns unquotedValue{}. +func (d *decodeState) valueQuoted() interface{} { + switch op := d.scanWhile(scanSkipSpace); op { + default: + d.error(errPhase) + + case scanBeginArray: + d.array(reflect.Value{}) + + case scanBeginObject: + d.object(reflect.Value{}) + + case scanBeginLiteral: + switch v := d.literalInterface().(type) { + case nil, string: + return v + } + } + return unquotedValue{} +} + +// indirect walks down v allocating pointers as needed, +// until it gets to a non-pointer. +// if it encounters an Unmarshaler, indirect stops and returns that. +// if decodingNull is true, indirect stops at the last pointer so it can be set to nil. +func (d *decodeState) indirect(v reflect.Value, decodingNull bool) (Unmarshaler, encoding.TextUnmarshaler, reflect.Value) { + // If v is a named type and is addressable, + // start with its address, so that if the type has pointer methods, + // we find them. + if v.Kind() != reflect.Ptr && v.Type().Name() != "" && v.CanAddr() { + v = v.Addr() + } + for { + // Load value from interface, but only if the result will be + // usefully addressable. + if v.Kind() == reflect.Interface && !v.IsNil() { + e := v.Elem() + if e.Kind() == reflect.Ptr && !e.IsNil() && (!decodingNull || e.Elem().Kind() == reflect.Ptr) { + v = e + continue + } + } + + if v.Kind() != reflect.Ptr { + break + } + + if v.Elem().Kind() != reflect.Ptr && decodingNull && v.CanSet() { + break + } + if v.IsNil() { + v.Set(reflect.New(v.Type().Elem())) + } + if v.Type().NumMethod() > 0 { + if u, ok := v.Interface().(Unmarshaler); ok { + return u, nil, reflect.Value{} + } + if u, ok := v.Interface().(encoding.TextUnmarshaler); ok { + return nil, u, reflect.Value{} + } + } + v = v.Elem() + } + return nil, nil, v +} + +// array consumes an array from d.data[d.off-1:], decoding into the value v. +// the first byte of the array ('[') has been read already. +func (d *decodeState) array(v reflect.Value) { + // Check for unmarshaler. + u, ut, pv := d.indirect(v, false) + if u != nil { + d.off-- + err := u.UnmarshalJSON(d.next()) + if err != nil { + d.error(err) + } + return + } + if ut != nil { + d.saveError(&UnmarshalTypeError{"array", v.Type(), int64(d.off)}) + d.off-- + d.next() + return + } + + v = pv + + // Check type of target. + switch v.Kind() { + case reflect.Interface: + if v.NumMethod() == 0 { + // Decoding into nil interface? Switch to non-reflect code. + v.Set(reflect.ValueOf(d.arrayInterface())) + return + } + // Otherwise it's invalid. + fallthrough + default: + d.saveError(&UnmarshalTypeError{"array", v.Type(), int64(d.off)}) + d.off-- + d.next() + return + case reflect.Array: + case reflect.Slice: + break + } + + i := 0 + for { + // Look ahead for ] - can only happen on first iteration. + op := d.scanWhile(scanSkipSpace) + if op == scanEndArray { + break + } + + // Back up so d.value can have the byte we just read. + d.off-- + d.scan.undo(op) + + // Get element of array, growing if necessary. + if v.Kind() == reflect.Slice { + // Grow slice if necessary + if i >= v.Cap() { + newcap := v.Cap() + v.Cap()/2 + if newcap < 4 { + newcap = 4 + } + newv := reflect.MakeSlice(v.Type(), v.Len(), newcap) + reflect.Copy(newv, v) + v.Set(newv) + } + if i >= v.Len() { + v.SetLen(i + 1) + } + } + + if i < v.Len() { + // Decode into element. + d.value(v.Index(i)) + } else { + // Ran out of fixed array: skip. + d.value(reflect.Value{}) + } + i++ + + // Next token must be , or ]. + op = d.scanWhile(scanSkipSpace) + if op == scanEndArray { + break + } + if op != scanArrayValue { + d.error(errPhase) + } + } + + if i < v.Len() { + if v.Kind() == reflect.Array { + // Array. Zero the rest. + z := reflect.Zero(v.Type().Elem()) + for ; i < v.Len(); i++ { + v.Index(i).Set(z) + } + } else { + v.SetLen(i) + } + } + if i == 0 && v.Kind() == reflect.Slice { + v.Set(reflect.MakeSlice(v.Type(), 0, 0)) + } +} + +var nullLiteral = []byte("null") + +// object consumes an object from d.data[d.off-1:], decoding into the value v. +// the first byte ('{') of the object has been read already. +func (d *decodeState) object(v reflect.Value) { + // Check for unmarshaler. + u, ut, pv := d.indirect(v, false) + if u != nil { + d.off-- + err := u.UnmarshalJSON(d.next()) + if err != nil { + d.error(err) + } + return + } + if ut != nil { + d.saveError(&UnmarshalTypeError{"object", v.Type(), int64(d.off)}) + d.off-- + d.next() // skip over { } in input + return + } + v = pv + + // Decoding into nil interface? Switch to non-reflect code. + if v.Kind() == reflect.Interface && v.NumMethod() == 0 { + v.Set(reflect.ValueOf(d.objectInterface())) + return + } + + // Check type of target: struct or map[string]T + switch v.Kind() { + case reflect.Map: + // map must have string kind + t := v.Type() + if t.Key().Kind() != reflect.String { + d.saveError(&UnmarshalTypeError{"object", v.Type(), int64(d.off)}) + d.off-- + d.next() // skip over { } in input + return + } + if v.IsNil() { + v.Set(reflect.MakeMap(t)) + } + case reflect.Struct: + + default: + d.saveError(&UnmarshalTypeError{"object", v.Type(), int64(d.off)}) + d.off-- + d.next() // skip over { } in input + return + } + + var mapElem reflect.Value + keys := map[string]bool{} + + for { + // Read opening " of string key or closing }. + op := d.scanWhile(scanSkipSpace) + if op == scanEndObject { + // closing } - can only happen on first iteration. + break + } + if op != scanBeginLiteral { + d.error(errPhase) + } + + // Read key. + start := d.off - 1 + op = d.scanWhile(scanContinue) + item := d.data[start : d.off-1] + key, ok := unquote(item) + if !ok { + d.error(errPhase) + } + + // Check for duplicate keys. + _, ok = keys[key] + if !ok { + keys[key] = true + } else { + d.error(fmt.Errorf("json: duplicate key '%s' in object", key)) + } + + // Figure out field corresponding to key. + var subv reflect.Value + destring := false // whether the value is wrapped in a string to be decoded first + + if v.Kind() == reflect.Map { + elemType := v.Type().Elem() + if !mapElem.IsValid() { + mapElem = reflect.New(elemType).Elem() + } else { + mapElem.Set(reflect.Zero(elemType)) + } + subv = mapElem + } else { + var f *field + fields := cachedTypeFields(v.Type()) + for i := range fields { + ff := &fields[i] + if bytes.Equal(ff.nameBytes, []byte(key)) { + f = ff + break + } + } + if f != nil { + subv = v + destring = f.quoted + for _, i := range f.index { + if subv.Kind() == reflect.Ptr { + if subv.IsNil() { + subv.Set(reflect.New(subv.Type().Elem())) + } + subv = subv.Elem() + } + subv = subv.Field(i) + } + } + } + + // Read : before value. + if op == scanSkipSpace { + op = d.scanWhile(scanSkipSpace) + } + if op != scanObjectKey { + d.error(errPhase) + } + + // Read value. + if destring { + switch qv := d.valueQuoted().(type) { + case nil: + d.literalStore(nullLiteral, subv, false) + case string: + d.literalStore([]byte(qv), subv, true) + default: + d.saveError(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal unquoted value into %v", subv.Type())) + } + } else { + d.value(subv) + } + + // Write value back to map; + // if using struct, subv points into struct already. + if v.Kind() == reflect.Map { + kv := reflect.ValueOf(key).Convert(v.Type().Key()) + v.SetMapIndex(kv, subv) + } + + // Next token must be , or }. + op = d.scanWhile(scanSkipSpace) + if op == scanEndObject { + break + } + if op != scanObjectValue { + d.error(errPhase) + } + } +} + +// literal consumes a literal from d.data[d.off-1:], decoding into the value v. +// The first byte of the literal has been read already +// (that's how the caller knows it's a literal). +func (d *decodeState) literal(v reflect.Value) { + // All bytes inside literal return scanContinue op code. + start := d.off - 1 + op := d.scanWhile(scanContinue) + + // Scan read one byte too far; back up. + d.off-- + d.scan.undo(op) + + d.literalStore(d.data[start:d.off], v, false) +} + +// convertNumber converts the number literal s to a float64, int64 or a Number +// depending on d.numberDecodeType. +func (d *decodeState) convertNumber(s string) (interface{}, error) { + switch d.numberType { + + case UnmarshalJSONNumber: + return Number(s), nil + case UnmarshalIntOrFloat: + v, err := strconv.ParseInt(s, 10, 64) + if err == nil { + return v, nil + } + + // tries to parse integer number in scientific notation + f, err := strconv.ParseFloat(s, 64) + if err != nil { + return nil, &UnmarshalTypeError{"number " + s, reflect.TypeOf(0.0), int64(d.off)} + } + + // if it has no decimal value use int64 + if fi, fd := math.Modf(f); fd == 0.0 { + return int64(fi), nil + } + return f, nil + default: + f, err := strconv.ParseFloat(s, 64) + if err != nil { + return nil, &UnmarshalTypeError{"number " + s, reflect.TypeOf(0.0), int64(d.off)} + } + return f, nil + } + +} + +var numberType = reflect.TypeOf(Number("")) + +// literalStore decodes a literal stored in item into v. +// +// fromQuoted indicates whether this literal came from unwrapping a +// string from the ",string" struct tag option. this is used only to +// produce more helpful error messages. +func (d *decodeState) literalStore(item []byte, v reflect.Value, fromQuoted bool) { + // Check for unmarshaler. + if len(item) == 0 { + //Empty string given + d.saveError(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type())) + return + } + wantptr := item[0] == 'n' // null + u, ut, pv := d.indirect(v, wantptr) + if u != nil { + err := u.UnmarshalJSON(item) + if err != nil { + d.error(err) + } + return + } + if ut != nil { + if item[0] != '"' { + if fromQuoted { + d.saveError(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type())) + } else { + d.saveError(&UnmarshalTypeError{"string", v.Type(), int64(d.off)}) + } + return + } + s, ok := unquoteBytes(item) + if !ok { + if fromQuoted { + d.error(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type())) + } else { + d.error(errPhase) + } + } + err := ut.UnmarshalText(s) + if err != nil { + d.error(err) + } + return + } + + v = pv + + switch c := item[0]; c { + case 'n': // null + switch v.Kind() { + case reflect.Interface, reflect.Ptr, reflect.Map, reflect.Slice: + v.Set(reflect.Zero(v.Type())) + // otherwise, ignore null for primitives/string + } + case 't', 'f': // true, false + value := c == 't' + switch v.Kind() { + default: + if fromQuoted { + d.saveError(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type())) + } else { + d.saveError(&UnmarshalTypeError{"bool", v.Type(), int64(d.off)}) + } + case reflect.Bool: + v.SetBool(value) + case reflect.Interface: + if v.NumMethod() == 0 { + v.Set(reflect.ValueOf(value)) + } else { + d.saveError(&UnmarshalTypeError{"bool", v.Type(), int64(d.off)}) + } + } + + case '"': // string + s, ok := unquoteBytes(item) + if !ok { + if fromQuoted { + d.error(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type())) + } else { + d.error(errPhase) + } + } + switch v.Kind() { + default: + d.saveError(&UnmarshalTypeError{"string", v.Type(), int64(d.off)}) + case reflect.Slice: + if v.Type().Elem().Kind() != reflect.Uint8 { + d.saveError(&UnmarshalTypeError{"string", v.Type(), int64(d.off)}) + break + } + b := make([]byte, base64.StdEncoding.DecodedLen(len(s))) + n, err := base64.StdEncoding.Decode(b, s) + if err != nil { + d.saveError(err) + break + } + v.SetBytes(b[:n]) + case reflect.String: + v.SetString(string(s)) + case reflect.Interface: + if v.NumMethod() == 0 { + v.Set(reflect.ValueOf(string(s))) + } else { + d.saveError(&UnmarshalTypeError{"string", v.Type(), int64(d.off)}) + } + } + + default: // number + if c != '-' && (c < '0' || c > '9') { + if fromQuoted { + d.error(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type())) + } else { + d.error(errPhase) + } + } + s := string(item) + switch v.Kind() { + default: + if v.Kind() == reflect.String && v.Type() == numberType { + v.SetString(s) + if !isValidNumber(s) { + d.error(fmt.Errorf("json: invalid number literal, trying to unmarshal %q into Number", item)) + } + break + } + if fromQuoted { + d.error(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type())) + } else { + d.error(&UnmarshalTypeError{"number", v.Type(), int64(d.off)}) + } + case reflect.Interface: + n, err := d.convertNumber(s) + if err != nil { + d.saveError(err) + break + } + if v.NumMethod() != 0 { + d.saveError(&UnmarshalTypeError{"number", v.Type(), int64(d.off)}) + break + } + v.Set(reflect.ValueOf(n)) + + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + n, err := strconv.ParseInt(s, 10, 64) + if err != nil || v.OverflowInt(n) { + d.saveError(&UnmarshalTypeError{"number " + s, v.Type(), int64(d.off)}) + break + } + v.SetInt(n) + + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: + n, err := strconv.ParseUint(s, 10, 64) + if err != nil || v.OverflowUint(n) { + d.saveError(&UnmarshalTypeError{"number " + s, v.Type(), int64(d.off)}) + break + } + v.SetUint(n) + + case reflect.Float32, reflect.Float64: + n, err := strconv.ParseFloat(s, v.Type().Bits()) + if err != nil || v.OverflowFloat(n) { + d.saveError(&UnmarshalTypeError{"number " + s, v.Type(), int64(d.off)}) + break + } + v.SetFloat(n) + } + } +} + +// The xxxInterface routines build up a value to be stored +// in an empty interface. They are not strictly necessary, +// but they avoid the weight of reflection in this common case. + +// valueInterface is like value but returns interface{} +func (d *decodeState) valueInterface() interface{} { + switch d.scanWhile(scanSkipSpace) { + default: + d.error(errPhase) + panic("unreachable") + case scanBeginArray: + return d.arrayInterface() + case scanBeginObject: + return d.objectInterface() + case scanBeginLiteral: + return d.literalInterface() + } +} + +// arrayInterface is like array but returns []interface{}. +func (d *decodeState) arrayInterface() []interface{} { + var v = make([]interface{}, 0) + for { + // Look ahead for ] - can only happen on first iteration. + op := d.scanWhile(scanSkipSpace) + if op == scanEndArray { + break + } + + // Back up so d.value can have the byte we just read. + d.off-- + d.scan.undo(op) + + v = append(v, d.valueInterface()) + + // Next token must be , or ]. + op = d.scanWhile(scanSkipSpace) + if op == scanEndArray { + break + } + if op != scanArrayValue { + d.error(errPhase) + } + } + return v +} + +// objectInterface is like object but returns map[string]interface{}. +func (d *decodeState) objectInterface() map[string]interface{} { + m := make(map[string]interface{}) + keys := map[string]bool{} + + for { + // Read opening " of string key or closing }. + op := d.scanWhile(scanSkipSpace) + if op == scanEndObject { + // closing } - can only happen on first iteration. + break + } + if op != scanBeginLiteral { + d.error(errPhase) + } + + // Read string key. + start := d.off - 1 + op = d.scanWhile(scanContinue) + item := d.data[start : d.off-1] + key, ok := unquote(item) + if !ok { + d.error(errPhase) + } + + // Check for duplicate keys. + _, ok = keys[key] + if !ok { + keys[key] = true + } else { + d.error(fmt.Errorf("json: duplicate key '%s' in object", key)) + } + + // Read : before value. + if op == scanSkipSpace { + op = d.scanWhile(scanSkipSpace) + } + if op != scanObjectKey { + d.error(errPhase) + } + + // Read value. + m[key] = d.valueInterface() + + // Next token must be , or }. + op = d.scanWhile(scanSkipSpace) + if op == scanEndObject { + break + } + if op != scanObjectValue { + d.error(errPhase) + } + } + return m +} + +// literalInterface is like literal but returns an interface value. +func (d *decodeState) literalInterface() interface{} { + // All bytes inside literal return scanContinue op code. + start := d.off - 1 + op := d.scanWhile(scanContinue) + + // Scan read one byte too far; back up. + d.off-- + d.scan.undo(op) + item := d.data[start:d.off] + + switch c := item[0]; c { + case 'n': // null + return nil + + case 't', 'f': // true, false + return c == 't' + + case '"': // string + s, ok := unquote(item) + if !ok { + d.error(errPhase) + } + return s + + default: // number + if c != '-' && (c < '0' || c > '9') { + d.error(errPhase) + } + n, err := d.convertNumber(string(item)) + if err != nil { + d.saveError(err) + } + return n + } +} + +// getu4 decodes \uXXXX from the beginning of s, returning the hex value, +// or it returns -1. +func getu4(s []byte) rune { + if len(s) < 6 || s[0] != '\\' || s[1] != 'u' { + return -1 + } + r, err := strconv.ParseUint(string(s[2:6]), 16, 64) + if err != nil { + return -1 + } + return rune(r) +} + +// unquote converts a quoted JSON string literal s into an actual string t. +// The rules are different than for Go, so cannot use strconv.Unquote. +func unquote(s []byte) (t string, ok bool) { + s, ok = unquoteBytes(s) + t = string(s) + return +} + +func unquoteBytes(s []byte) (t []byte, ok bool) { + if len(s) < 2 || s[0] != '"' || s[len(s)-1] != '"' { + return + } + s = s[1 : len(s)-1] + + // Check for unusual characters. If there are none, + // then no unquoting is needed, so return a slice of the + // original bytes. + r := 0 + for r < len(s) { + c := s[r] + if c == '\\' || c == '"' || c < ' ' { + break + } + if c < utf8.RuneSelf { + r++ + continue + } + rr, size := utf8.DecodeRune(s[r:]) + if rr == utf8.RuneError && size == 1 { + break + } + r += size + } + if r == len(s) { + return s, true + } + + b := make([]byte, len(s)+2*utf8.UTFMax) + w := copy(b, s[0:r]) + for r < len(s) { + // Out of room? Can only happen if s is full of + // malformed UTF-8 and we're replacing each + // byte with RuneError. + if w >= len(b)-2*utf8.UTFMax { + nb := make([]byte, (len(b)+utf8.UTFMax)*2) + copy(nb, b[0:w]) + b = nb + } + switch c := s[r]; { + case c == '\\': + r++ + if r >= len(s) { + return + } + switch s[r] { + default: + return + case '"', '\\', '/', '\'': + b[w] = s[r] + r++ + w++ + case 'b': + b[w] = '\b' + r++ + w++ + case 'f': + b[w] = '\f' + r++ + w++ + case 'n': + b[w] = '\n' + r++ + w++ + case 'r': + b[w] = '\r' + r++ + w++ + case 't': + b[w] = '\t' + r++ + w++ + case 'u': + r-- + rr := getu4(s[r:]) + if rr < 0 { + return + } + r += 6 + if utf16.IsSurrogate(rr) { + rr1 := getu4(s[r:]) + if dec := utf16.DecodeRune(rr, rr1); dec != unicode.ReplacementChar { + // A valid pair; consume. + r += 6 + w += utf8.EncodeRune(b[w:], dec) + break + } + // Invalid surrogate; fall back to replacement rune. + rr = unicode.ReplacementChar + } + w += utf8.EncodeRune(b[w:], rr) + } + + // Quote, control characters are invalid. + case c == '"', c < ' ': + return + + // ASCII + case c < utf8.RuneSelf: + b[w] = c + r++ + w++ + + // Coerce to well-formed UTF-8. + default: + rr, size := utf8.DecodeRune(s[r:]) + r += size + w += utf8.EncodeRune(b[w:], rr) + } + } + return b[0:w], true +} diff --git a/vendor/github.com/go-jose/go-jose/v4/json/encode.go b/vendor/github.com/go-jose/go-jose/v4/json/encode.go new file mode 100644 index 000000000..98de68ce1 --- /dev/null +++ b/vendor/github.com/go-jose/go-jose/v4/json/encode.go @@ -0,0 +1,1197 @@ +// Copyright 2010 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package json implements encoding and decoding of JSON objects as defined in +// RFC 4627. The mapping between JSON objects and Go values is described +// in the documentation for the Marshal and Unmarshal functions. +// +// See "JSON and Go" for an introduction to this package: +// https://golang.org/doc/articles/json_and_go.html +package json + +import ( + "bytes" + "encoding" + "encoding/base64" + "fmt" + "math" + "reflect" + "runtime" + "sort" + "strconv" + "strings" + "sync" + "unicode" + "unicode/utf8" +) + +// Marshal returns the JSON encoding of v. +// +// Marshal traverses the value v recursively. +// If an encountered value implements the Marshaler interface +// and is not a nil pointer, Marshal calls its MarshalJSON method +// to produce JSON. If no MarshalJSON method is present but the +// value implements encoding.TextMarshaler instead, Marshal calls +// its MarshalText method. +// The nil pointer exception is not strictly necessary +// but mimics a similar, necessary exception in the behavior of +// UnmarshalJSON. +// +// Otherwise, Marshal uses the following type-dependent default encodings: +// +// Boolean values encode as JSON booleans. +// +// Floating point, integer, and Number values encode as JSON numbers. +// +// String values encode as JSON strings coerced to valid UTF-8, +// replacing invalid bytes with the Unicode replacement rune. +// The angle brackets "<" and ">" are escaped to "\u003c" and "\u003e" +// to keep some browsers from misinterpreting JSON output as HTML. +// Ampersand "&" is also escaped to "\u0026" for the same reason. +// +// Array and slice values encode as JSON arrays, except that +// []byte encodes as a base64-encoded string, and a nil slice +// encodes as the null JSON object. +// +// Struct values encode as JSON objects. Each exported struct field +// becomes a member of the object unless +// - the field's tag is "-", or +// - the field is empty and its tag specifies the "omitempty" option. +// +// The empty values are false, 0, any +// nil pointer or interface value, and any array, slice, map, or string of +// length zero. The object's default key string is the struct field name +// but can be specified in the struct field's tag value. The "json" key in +// the struct field's tag value is the key name, followed by an optional comma +// and options. Examples: +// +// // Field is ignored by this package. +// Field int `json:"-"` +// +// // Field appears in JSON as key "myName". +// Field int `json:"myName"` +// +// // Field appears in JSON as key "myName" and +// // the field is omitted from the object if its value is empty, +// // as defined above. +// Field int `json:"myName,omitempty"` +// +// // Field appears in JSON as key "Field" (the default), but +// // the field is skipped if empty. +// // Note the leading comma. +// Field int `json:",omitempty"` +// +// The "string" option signals that a field is stored as JSON inside a +// JSON-encoded string. It applies only to fields of string, floating point, +// integer, or boolean types. This extra level of encoding is sometimes used +// when communicating with JavaScript programs: +// +// Int64String int64 `json:",string"` +// +// The key name will be used if it's a non-empty string consisting of +// only Unicode letters, digits, dollar signs, percent signs, hyphens, +// underscores and slashes. +// +// Anonymous struct fields are usually marshaled as if their inner exported fields +// were fields in the outer struct, subject to the usual Go visibility rules amended +// as described in the next paragraph. +// An anonymous struct field with a name given in its JSON tag is treated as +// having that name, rather than being anonymous. +// An anonymous struct field of interface type is treated the same as having +// that type as its name, rather than being anonymous. +// +// The Go visibility rules for struct fields are amended for JSON when +// deciding which field to marshal or unmarshal. If there are +// multiple fields at the same level, and that level is the least +// nested (and would therefore be the nesting level selected by the +// usual Go rules), the following extra rules apply: +// +// 1) Of those fields, if any are JSON-tagged, only tagged fields are considered, +// even if there are multiple untagged fields that would otherwise conflict. +// 2) If there is exactly one field (tagged or not according to the first rule), that is selected. +// 3) Otherwise there are multiple fields, and all are ignored; no error occurs. +// +// Handling of anonymous struct fields is new in Go 1.1. +// Prior to Go 1.1, anonymous struct fields were ignored. To force ignoring of +// an anonymous struct field in both current and earlier versions, give the field +// a JSON tag of "-". +// +// Map values encode as JSON objects. +// The map's key type must be string; the map keys are used as JSON object +// keys, subject to the UTF-8 coercion described for string values above. +// +// Pointer values encode as the value pointed to. +// A nil pointer encodes as the null JSON object. +// +// Interface values encode as the value contained in the interface. +// A nil interface value encodes as the null JSON object. +// +// Channel, complex, and function values cannot be encoded in JSON. +// Attempting to encode such a value causes Marshal to return +// an UnsupportedTypeError. +// +// JSON cannot represent cyclic data structures and Marshal does not +// handle them. Passing cyclic structures to Marshal will result in +// an infinite recursion. +func Marshal(v interface{}) ([]byte, error) { + e := &encodeState{} + err := e.marshal(v) + if err != nil { + return nil, err + } + return e.Bytes(), nil +} + +// MarshalIndent is like Marshal but applies Indent to format the output. +func MarshalIndent(v interface{}, prefix, indent string) ([]byte, error) { + b, err := Marshal(v) + if err != nil { + return nil, err + } + var buf bytes.Buffer + err = Indent(&buf, b, prefix, indent) + if err != nil { + return nil, err + } + return buf.Bytes(), nil +} + +// HTMLEscape appends to dst the JSON-encoded src with <, >, &, U+2028 and U+2029 +// characters inside string literals changed to \u003c, \u003e, \u0026, \u2028, \u2029 +// so that the JSON will be safe to embed inside HTML