2953d75824
fix: only use x-forwarded-for
2024-02-04 10:39:19 +01:00
949e5df17e
fix: always override default proxies
...
Gin trusts all proxies by default. This is a security problem.
2024-02-04 10:39:19 +01:00
c68b2b5a72
Add trusted proxies property and find a solution to unix sockets
2024-02-04 10:33:25 +01:00
d32d131d08
Merge pull request #621 from LaurenceJJones/master
...
Unix socket implementation
2024-01-20 10:40:00 +01:00
8bd514a84e
ci: update golangci-lint
2024-01-20 10:17:51 +01:00
d0b3271880
feat: listen on unix sockets
...
With this you can configure a unix socket in server.listenaddr and
server.ssl.listenaddr by prefixing the socket path with unix:
Co-authored-by: Jannis Mattheis <contact@jmattheis.de>
2024-01-20 10:17:51 +01:00
0bfa5ca4d9
perf: avoid allocations with `(*regexp.Regexp).MatchString` ( #604 )
...
We should use `(*regexp.Regexp).MatchString` instead of
`(*regexp.Regexp).Match([]byte(...))` when matching string to avoid
unnecessary `[]byte` conversions and reduce allocations.
Example benchmark:
var allowedOrigin = regexp.MustCompile(".*.example.com")
func BenchmarkMatch(b *testing.B) {
for i := 0; i < b.N; i++ {
if match := allowedOrigin.Match([]byte("www.example.com")); !match {
b.Fail()
}
}
}
func BenchmarkMatchString(b *testing.B) {
for i := 0; i < b.N; i++ {
if match := allowedOrigin.MatchString("wwww.example.com"); !match {
b.Fail()
}
}
}
goos: linux
goarch: amd64
pkg: github.com/gotify/server/v2/api/stream
cpu: AMD Ryzen 7 PRO 4750U with Radeon Graphics
BenchmarkMatch-16 2076819 647.7 ns/op 16 B/op 1 allocs/op
BenchmarkMatchString-16 2536326 442.0 ns/op 0 B/op 0 allocs/op
PASS
ok github.com/gotify/server/v2/api/stream 3.552s
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
2023-10-23 15:57:15 +00:00
92916f0117
Add applications icons in sidebar ( #602 )
2023-10-22 09:24:53 +00:00
97f180b650
Merge pull request #592 from gotify/build
...
Build
2023-09-17 09:43:04 +02:00
101c542186
fix: update go deps
2023-09-17 09:05:15 +02:00
a2b2f856e0
test: don't run tests twice
2023-09-17 09:05:15 +02:00
e0f86b6ba1
build: update golangci-lint
2023-09-16 21:06:54 +02:00
dec762f9ed
fix: remove unused code
2023-09-16 21:06:54 +02:00
f1ac16640f
build: remove deprecated linters
2023-09-16 21:06:54 +02:00
1adfaa6448
build: disable depguard
2023-09-16 21:06:54 +02:00
9592cc95c9
fix: update go-swagger
2023-09-16 21:06:54 +02:00
4728e995bc
fix: update build deps
2023-09-16 21:06:54 +02:00
8c0f7a9499
Merge pull request #582 from eternal-flame-AD/lastping
...
add last seen field to client (fixes #400 )
2023-08-06 12:43:26 +02:00
a3ce298729
Fix stream_test flakiness
2023-08-06 12:30:22 +02:00
7bf80ee6f1
Add last used to client & application
2023-08-06 12:30:22 +02:00
a44418265a
Merge pull request #584 from gotify/update-deps
...
Update deps
2023-07-30 18:58:49 +02:00
835adeec79
Fix test assertions
2023-07-30 15:39:19 +02:00
bda27946da
Update deps
2023-07-30 15:39:15 +02:00
72bd8c8ba6
Add default message priority for applications
...
Co-authored-by: Jannis Mattheis <contact@jmattheis.de>
2023-07-19 18:15:01 +00:00
aedc3e2ba6
Migrate from packr to go:embed ( #581 )
2023-07-15 08:32:31 +00:00
5cd2d5411f
Add delete application image endpoint
2023-05-28 13:59:49 +00:00
a37afcebfc
Improve log format ( #567 )
2023-05-24 16:25:51 +00:00
8f51a2c72d
Suppress /health request logging from localhost
2023-05-24 16:03:12 +00:00
62a1c99841
Merge pull request #561 from Zlendy/master
...
Add copy app token button in web gui
2023-05-09 21:02:42 +02:00
8cfd827814
Add copy secret button
2023-05-09 20:48:35 +02:00
a18970ea19
Merge pull request #560 from mateuscelio/master
...
Adds ClientParams strcut to handle creation and update params
2023-04-28 16:22:57 +02:00
f3d121bd61
Adds ClientParams strcut to handle creation and update params
2023-04-28 16:11:40 +02:00
9d4e37aa87
Fix swagger-ui style
2023-01-10 19:14:41 +01:00
5852bbb4ac
Unify display of app icon
2023-01-10 17:41:36 +00:00
a261d8cd9f
Merge pull request #541 from gotify/swagger-ui-xss
...
Update swagger (Fix XSS in swagger-ui)
2023-01-10 18:31:42 +01:00
501aa95347
Update swagger (Fix XSS in swagger-ui)
...
GHSA-3244-8mff-w398
https://www.vidocsecurity.com/blog/hacking-swagger-ui-from-xss-to-account-takeovers/
2023-01-10 18:21:38 +01:00
056cd5ecb7
Merge pull request #535 from gotify/xss
...
Only serve image files on ./image
2022-12-29 12:03:02 +00:00
33d86e41c2
Only serve image files on ./image
...
This is an addition to the existing XSS fix in the previous commit.
2022-12-29 12:46:41 +01:00
022603ddf9
Merge pull request #534 from gotify/fix-xss
...
Fix file upload XSS
2022-12-28 19:38:05 +00:00
925fb7e2c9
Fix file upload XSS
...
The application image file upload allowed authenticated users to upload
malious .html files. Opening such a file like
https://push.gotify.net/image/ViaxrjzNowdgL-xnEfVV-Ggv5.html
would allow the attacker to execute client side scripts.
The application image upload will now only allow the upload of files
with the following extensions: .gif, .png, .jpg and .jpeg.
2022-12-28 20:13:35 +01:00
c8f78e8469
Merge pull request #529 from gotify/redirect
...
Fix Redirect to https
2022-12-03 10:59:12 +00:00
522d7fbf4c
Update golang ci action
2022-12-03 11:42:19 +01:00
615aa5ce1c
Fix redirect to https with default http port
...
Fixes #528
2022-12-03 11:42:19 +01:00
fe8a80d82f
Merge pull request #527 from mateuscelio/add-authorization-header-auth
...
Adds Authorization header auth method
2022-12-03 10:02:18 +00:00
0fb584d7f7
Update docs
2022-12-03 10:45:07 +01:00
70e1fd1863
Add authorization bearer token auth method
2022-12-03 10:45:07 +01:00
c869052764
Merge pull request #517 from olof-nord/add-riscv64-support
...
Add linux/riscv64 docker builds
2022-11-09 18:26:28 +00:00
3fa1cffde3
Add linux/riscv64 project support
2022-11-09 19:01:20 +01:00
a8049f5138
Merge pull request #516 from Tert0/feature/priority-color
...
Added Different notification color for priority
2022-10-21 18:50:29 +00:00
2fce3bdcac
Add priority colors
2022-10-21 20:39:50 +02:00
Jannis Mattheis