From 7fc093a2d7b3de8c1e1f6c5dc4826fd1a22f1c97 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 15 Mar 2026 05:14:10 +0000 Subject: [PATCH] Bump the go-modules-updates group across 1 directory with 4 updates Bumps the go-modules-updates group with 4 updates in the /backend directory: [github.com/go-pkgz/lgr](https://github.com/go-pkgz/lgr), [github.com/go-pkgz/rest](https://github.com/go-pkgz/rest), [go.mongodb.org/mongo-driver](https://github.com/mongodb/mongo-go-driver) and [golang.org/x/net](https://github.com/golang/net). Updates `github.com/go-pkgz/lgr` from 0.12.1 to 0.12.2 - [Release notes](https://github.com/go-pkgz/lgr/releases) - [Commits](https://github.com/go-pkgz/lgr/compare/v0.12.1...v0.12.2) Updates `github.com/go-pkgz/rest` from 1.20.6 to 1.21.0 - [Release notes](https://github.com/go-pkgz/rest/releases) - [Commits](https://github.com/go-pkgz/rest/compare/v1.20.6...v1.21.0) Updates `go.mongodb.org/mongo-driver` from 1.17.6 to 1.17.9 - [Release notes](https://github.com/mongodb/mongo-go-driver/releases) - [Commits](https://github.com/mongodb/mongo-go-driver/compare/v1.17.6...v1.17.9) Updates `golang.org/x/net` from 0.48.0 to 0.51.0 - [Commits](https://github.com/golang/net/compare/v0.48.0...v0.51.0) --- updated-dependencies: - dependency-name: github.com/go-pkgz/lgr dependency-version: 0.12.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-modules-updates - dependency-name: github.com/go-pkgz/rest dependency-version: 1.21.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-modules-updates - dependency-name: go.mongodb.org/mongo-driver dependency-version: 1.17.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-modules-updates - dependency-name: golang.org/x/net dependency-version: 0.51.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-modules-updates ... Signed-off-by: dependabot[bot] --- backend/go.mod | 16 +- backend/go.sum | 36 +-- .../vendor/github.com/go-pkgz/lgr/logger.go | 7 +- backend/vendor/github.com/go-pkgz/lgr/slog.go | 32 +-- .../github.com/go-pkgz/rest/.golangci.yml | 2 + .../vendor/github.com/go-pkgz/rest/README.md | 141 +++++++++++ .../github.com/go-pkgz/rest/benchmarks.go | 5 +- .../vendor/github.com/go-pkgz/rest/cors.go | 180 ++++++++++++++ .../vendor/github.com/go-pkgz/rest/csrf.go | 207 ++++++++++++++++ .../github.com/go-pkgz/rest/csrf_go125.go | 111 +++++++++ .../vendor/github.com/go-pkgz/rest/gzip.go | 2 +- .../github.com/go-pkgz/rest/logger/logger.go | 4 +- .../github.com/go-pkgz/rest/middleware.go | 11 +- .../github.com/go-pkgz/rest/realip/real.go | 3 +- .../vendor/github.com/go-pkgz/rest/rest.go | 9 +- .../vendor/github.com/go-pkgz/rest/rewrite.go | 73 ++++++ .../vendor/github.com/go-pkgz/rest/secure.go | 207 ++++++++++++++++ .../mongo/options/clientoptions.go | 3 - .../mongo-driver/version/version.go | 2 +- .../driver/auth/internal/gssapi/gss_wrapper.c | 8 +- .../x/mongo/driver/topology/rtt_monitor.go | 2 +- .../golang.org/x/crypto/scrypt/scrypt.go | 3 + backend/vendor/golang.org/x/net/html/iter.go | 2 - backend/vendor/golang.org/x/net/html/node.go | 1 + .../golang.org/x/net/html/nodetype_string.go | 31 +++ .../x/sync/singleflight/singleflight.go | 14 +- .../x/sys/cpu/asm_darwin_arm64_gc.s | 12 + .../vendor/golang.org/x/sys/cpu/cpu_arm64.go | 9 +- .../golang.org/x/sys/cpu/cpu_darwin_arm64.go | 67 +++++ .../x/sys/cpu/cpu_darwin_arm64_other.go | 29 +++ .../golang.org/x/sys/cpu/cpu_gccgo_arm64.go | 1 + .../golang.org/x/sys/cpu/cpu_other_arm64.go | 6 +- .../golang.org/x/sys/cpu/cpu_windows_arm64.go | 42 ++++ .../x/sys/cpu/syscall_darwin_arm64_gc.go | 54 +++++ .../golang.org/x/sys/unix/ioctl_signed.go | 11 +- .../golang.org/x/sys/unix/ioctl_unsigned.go | 11 +- .../golang.org/x/sys/unix/syscall_solaris.go | 8 - .../golang.org/x/sys/unix/syscall_unix.go | 10 +- .../golang.org/x/sys/unix/ztypes_linux.go | 229 ++++++++++-------- .../golang.org/x/sys/windows/aliases.go | 1 + .../x/sys/windows/syscall_windows.go | 15 +- .../golang.org/x/sys/windows/types_windows.go | 85 +++++++ .../x/sys/windows/zsyscall_windows.go | 7 + backend/vendor/modules.txt | 26 +- 44 files changed, 1486 insertions(+), 249 deletions(-) create mode 100644 backend/vendor/github.com/go-pkgz/rest/cors.go create mode 100644 backend/vendor/github.com/go-pkgz/rest/csrf.go create mode 100644 backend/vendor/github.com/go-pkgz/rest/csrf_go125.go create mode 100644 backend/vendor/github.com/go-pkgz/rest/secure.go create mode 100644 backend/vendor/golang.org/x/net/html/nodetype_string.go create mode 100644 backend/vendor/golang.org/x/sys/cpu/asm_darwin_arm64_gc.s create mode 100644 backend/vendor/golang.org/x/sys/cpu/cpu_darwin_arm64.go create mode 100644 backend/vendor/golang.org/x/sys/cpu/cpu_darwin_arm64_other.go create mode 100644 backend/vendor/golang.org/x/sys/cpu/cpu_windows_arm64.go create mode 100644 backend/vendor/golang.org/x/sys/cpu/syscall_darwin_arm64_gc.go diff --git a/backend/go.mod b/backend/go.mod index fdeb794f..5f230baf 100644 --- a/backend/go.mod +++ b/backend/go.mod @@ -4,16 +4,16 @@ go 1.25.0 require ( github.com/PuerkitoBio/goquery v1.11.0 - github.com/go-pkgz/lgr v0.12.1 - github.com/go-pkgz/rest v1.20.6 + github.com/go-pkgz/lgr v0.12.2 + github.com/go-pkgz/rest v1.21.0 github.com/go-pkgz/routegroup v1.6.0 github.com/go-pkgz/testutils v0.5.0 github.com/jessevdk/go-flags v1.6.1 github.com/kennygrant/sanitize v1.2.4 github.com/mauidude/go-readability v0.0.0-20220221173116-a9b3620098b7 github.com/stretchr/testify v1.11.1 - go.mongodb.org/mongo-driver v1.17.6 - golang.org/x/net v0.49.0 + go.mongodb.org/mongo-driver v1.17.9 + golang.org/x/net v0.52.0 ) require ( @@ -98,10 +98,10 @@ require ( go.opentelemetry.io/otel/sdk v1.39.0 // indirect go.opentelemetry.io/otel/sdk/metric v1.39.0 // indirect go.opentelemetry.io/otel/trace v1.39.0 // indirect - golang.org/x/crypto v0.47.0 // indirect - golang.org/x/sync v0.19.0 // indirect - golang.org/x/sys v0.40.0 // indirect - golang.org/x/text v0.34.0 // indirect + golang.org/x/crypto v0.49.0 // indirect + golang.org/x/sync v0.20.0 // indirect + golang.org/x/sys v0.42.0 // indirect + golang.org/x/text v0.35.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20260311181403-84a4fc48630c // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20260311181403-84a4fc48630c // indirect google.golang.org/grpc v1.79.1 // indirect diff --git a/backend/go.sum b/backend/go.sum index f937f334..bb45433f 100644 --- a/backend/go.sum +++ b/backend/go.sum @@ -128,10 +128,10 @@ github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= github.com/go-ole/go-ole v1.3.0 h1:Dt6ye7+vXGIKZ7Xtk4s6/xVdGDQynvom7xCFEdWr6uE= github.com/go-ole/go-ole v1.3.0/go.mod h1:5LS6F96DhAwUc7C+1HLexzMXY1xGRSryjyPPKW6zv78= -github.com/go-pkgz/lgr v0.12.1 h1:8GVfG2rSARq3Eaj5PP158rtBR2LHVGkwioIkQBGbvKg= -github.com/go-pkgz/lgr v0.12.1/go.mod h1:A4AxjOthFVFK6jRnVYMeusno5SeDAxcLVHd0kI/lN/Y= -github.com/go-pkgz/rest v1.20.6 h1:O/IhQ3I2cS4bJYvL1TLcy63w2OcXZTTBG3R+wTIqPS4= -github.com/go-pkgz/rest v1.20.6/go.mod h1:NY+MX1is2kJckJt+nHDNovS/5j9jmF4yQuSno4qg7XU= +github.com/go-pkgz/lgr v0.12.2 h1:EZ5NNdJuXdi4Yt3Yz1jcaRGVQYEG5j9vGgd7BYTiKbw= +github.com/go-pkgz/lgr v0.12.2/go.mod h1:lpCDgVvCIxBHZp8+sGCj9MPctIzKZyZ3QdE19ddqd54= +github.com/go-pkgz/rest v1.21.0 h1:Y/C4d/TpclJJDxqnH1RAcS6Hmox0RIReAlkwMcUWXK4= +github.com/go-pkgz/rest v1.21.0/go.mod h1:+AHzjHazq7Z3Tk/kRWOhbbAz/YZlUV40feC1Hf4NtbE= github.com/go-pkgz/routegroup v1.6.0 h1:44XHZgF6JIIldRlv+zjg6SygULASmjifnfIQjwCT0e4= github.com/go-pkgz/routegroup v1.6.0/go.mod h1:Pmu04fhgWhRtBMIJ8HXppnnzOPjnL/IEPBIdO2zmeqg= github.com/go-pkgz/testutils v0.5.0 h1:VTPlAeRP9m1T+FJh+FrMRUfRGQ69vGwmHONwUnEJXIs= @@ -357,8 +357,8 @@ github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5t github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo0= github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= -go.mongodb.org/mongo-driver v1.17.6 h1:87JUG1wZfWsr6rIz3ZmpH90rL5tea7O3IHuSwHUpsss= -go.mongodb.org/mongo-driver v1.17.6/go.mod h1:Hy04i7O2kC4RS06ZrhPRqj/u4DTYkFDAAccj+rVKqgQ= +go.mongodb.org/mongo-driver v1.17.9 h1:IexDdCuuNJ3BHrELgBlyaH9p60JXAvdzWR128q+U5tU= +go.mongodb.org/mongo-driver v1.17.9/go.mod h1:LlOhpH5NUEfhxcAwG0UEkMqwYcc4JU18gtCdGudk/tQ= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64= @@ -396,8 +396,8 @@ golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliY golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= -golang.org/x/crypto v0.47.0 h1:V6e3FRj+n4dbpw86FJ8Fv7XVOql7TEwpHapKoMJ/GO8= -golang.org/x/crypto v0.47.0/go.mod h1:ff3Y9VzzKbwSSEzWqJsJVBnWmRwRSHt/6Op5n9bQc4A= +golang.org/x/crypto v0.49.0 h1:+Ng2ULVvLHnJ/ZFEq4KdcDd/cfjrrjjNSXNzxg0Y4U4= +golang.org/x/crypto v0.49.0/go.mod h1:ErX4dUh2UM+CFYiXZRTcMpEcN8b/1gxEuv3nODoYtCA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -450,8 +450,8 @@ golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= -golang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o= -golang.org/x/net v0.49.0/go.mod h1:/ysNB2EvaqvesRkuLAyjI1ycPZlQHM3q01F02UY/MV8= +golang.org/x/net v0.52.0 h1:He/TN1l0e4mmR3QqHMT2Xab3Aj3L9qjbhRm78/6jrW0= +golang.org/x/net v0.52.0/go.mod h1:R1MAz7uMZxVMualyPXb+VaqGSa3LIaUqk0eEt3w36Sw= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -468,8 +468,8 @@ golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4= -golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= +golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4= +golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -499,8 +499,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ= -golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo= +golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -510,8 +510,8 @@ golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= -golang.org/x/term v0.39.0 h1:RclSuaJf32jOqZz74CkPA9qFuVTX7vhLlpfj/IGWlqY= -golang.org/x/term v0.39.0/go.mod h1:yxzUCTP/U+FzoxfdKmLaA0RV1WgE0VY7hXBwKtY/4ww= +golang.org/x/term v0.41.0 h1:QCgPso/Q3RTJx2Th4bDLqML4W6iJiaXFq2/ftQF13YU= +golang.org/x/term v0.41.0/go.mod h1:3pfBgksrReYfZ5lvYM0kSO0LIkAl4Yl2bXOkKP7Ec2A= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= @@ -524,8 +524,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= -golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk= -golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA= +golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8= +golang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 h1:vVKdlvoWBphwdxWKrFZEuM0kGgGLxUOYcY4U/2Vjg44= diff --git a/backend/vendor/github.com/go-pkgz/lgr/logger.go b/backend/vendor/github.com/go-pkgz/lgr/logger.go index 2d8471ca..14ae39ca 100644 --- a/backend/vendor/github.com/go-pkgz/lgr/logger.go +++ b/backend/vendor/github.com/go-pkgz/lgr/logger.go @@ -166,9 +166,10 @@ func (l *Logger) logf(format string, args ...interface{}) { // if slog handler is set, use it if l.slogHandler != nil { - // use NewRecord for consistency with adapter setup - // skip=0 because we don't need caller information from this context - record := slog.NewRecord(l.now(), stringToLevel(lv), msg, 0) + // get the caller's PC so slog handlers can resolve source info when AddSource is enabled + var pcs [1]uintptr + runtime.Callers(3+l.callerDepth, pcs[:]) // skip runtime.Callers, logf, Logf (+ any extra depth) + record := slog.NewRecord(l.now(), stringToLevel(lv), msg, pcs[0]) _ = l.slogHandler.Handle(context.Background(), record) // handle FATAL and PANIC levels as they have special behavior diff --git a/backend/vendor/github.com/go-pkgz/lgr/slog.go b/backend/vendor/github.com/go-pkgz/lgr/slog.go index b68af07a..3b121986 100644 --- a/backend/vendor/github.com/go-pkgz/lgr/slog.go +++ b/backend/vendor/github.com/go-pkgz/lgr/slog.go @@ -115,39 +115,15 @@ type slogLgrAdapter struct { // Logf implements lgr.L interface func (a *slogLgrAdapter) Logf(format string, args ...interface{}) { - // parse log level from the beginning of the message msg := fmt.Sprintf(format, args...) level, msg := extractLevel(msg) - // create a record with caller information - // skip level is critical: - // - 0 = this line - // - 1 = this function (Logf) - // - 2 = caller of Logf (user code) - // - // note: We use PC=0 to ensure slog.Record.PC() returns 0, - // which causes slog to skip obtaining the caller info itself - record := slog.NewRecord(time.Now(), stringToLevel(level), msg, 2) - - // we need to manually add the source information ourselves, since - // slog.Handler might have AddSource=true but won't get the caller - // right due to how we're adapting lgr → slog - pc, file, line, ok := runtime.Caller(2) // skip to caller of Logf - if ok { - // only add source info if we can find it - funcName := runtime.FuncForPC(pc).Name() - record.AddAttrs( - slog.Group("source", - slog.String("function", funcName), - slog.String("file", file), - slog.Int("line", line), - ), - ) - } + // get the caller's PC so slog handlers can resolve source info when AddSource is enabled + var pcs [1]uintptr + runtime.Callers(2, pcs[:]) // skip runtime.Callers and Logf + record := slog.NewRecord(time.Now(), stringToLevel(level), msg, pcs[0]) - // handle the record if err := a.handler.Handle(context.Background(), record); err != nil { - // if handling fails, fallback to stderr fmt.Fprintf(os.Stderr, "slog handler error: %v\n", err) } } diff --git a/backend/vendor/github.com/go-pkgz/rest/.golangci.yml b/backend/vendor/github.com/go-pkgz/rest/.golangci.yml index bd6fb4ac..7e71eafe 100644 --- a/backend/vendor/github.com/go-pkgz/rest/.golangci.yml +++ b/backend/vendor/github.com/go-pkgz/rest/.golangci.yml @@ -19,6 +19,8 @@ linters: - unconvert - unparam - unused + - modernize + - testifylint settings: goconst: min-len: 2 diff --git a/backend/vendor/github.com/go-pkgz/rest/README.md b/backend/vendor/github.com/go-pkgz/rest/README.md index 1260cf80..749e0dac 100644 --- a/backend/vendor/github.com/go-pkgz/rest/README.md +++ b/backend/vendor/github.com/go-pkgz/rest/README.md @@ -143,6 +143,22 @@ The `Rewrite` middleware is designed to rewrite the URL path based on a given ru For example, `Rewrite("^/sites/(.*)/settings/$", "/sites/settings/$1")` will change request's URL from `/sites/id1/settings/` to `/sites/settings/id1` +### CleanPath middleware + +Cleans double slashes from URL path. For example, requests to `/users//1` or `//users////1` will be cleaned to `/users/1` before routing. Trailing slashes are preserved: `/api//v1/` becomes `/api/v1/`. Note: dot segments (`.` and `..`) are intentionally not cleaned to preserve routing semantics. + +```go +router.Use(rest.CleanPath) +``` + +### StripSlashes middleware + +Removes trailing slashes from URL path. For example, `/users/` becomes `/users`. The root path `/` is preserved. + +```go +router.Use(rest.StripSlashes) +``` + ### NoCache middleware Sets a number of HTTP headers to prevent a router (handler's) response from being cached by an upstream proxy and/or client. @@ -166,6 +182,131 @@ RealIP is a middleware that sets a http.Request's RemoteAddr to the results of p Only public IPs are accepted from headers; private/loopback/link-local IPs are skipped. This makes the middleware compatible with CDN setups like Cloudflare where the leftmost IP in `X-Forwarded-For` is the actual client. +### CORS middleware + +Handles Cross-Origin Resource Sharing, allowing controlled access from different origins. + +```go +// allow all origins (default) +router.Use(rest.CORS()) + +// specific origins with credentials +router.Use(rest.CORS( + rest.CorsAllowedOrigins("https://app.example.com", "https://admin.example.com"), + rest.CorsAllowCredentials(true), + rest.CorsMaxAge(86400), +)) + +// full configuration +router.Use(rest.CORS( + rest.CorsAllowedOrigins("https://app.example.com"), + rest.CorsAllowedMethods("GET", "POST", "PUT", "DELETE"), + rest.CorsAllowedHeaders("Authorization", "Content-Type", "X-Custom-Header"), + rest.CorsExposedHeaders("X-Request-Id", "X-Total-Count"), + rest.CorsAllowCredentials(true), + rest.CorsMaxAge(3600), +)) +``` + +Features: +- Automatic preflight (OPTIONS) handling +- Origin validation with case-insensitive matching +- Credentials support (reflects origin instead of `*`) +- Configurable cache duration for preflight results + +Available options: +- `CorsAllowedOrigins(origins...)` - allowed origins (default: `*`) +- `CorsAllowedMethods(methods...)` - allowed HTTP methods (default: GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD) +- `CorsAllowedHeaders(headers...)` - allowed request headers (default: Accept, Content-Type, Authorization, X-Requested-With) +- `CorsExposedHeaders(headers...)` - headers exposed to client +- `CorsAllowCredentials(bool)` - enable credentials (cookies, auth headers) +- `CorsMaxAge(seconds)` - preflight cache duration + +### Secure middleware + +Adds security headers to responses. By default sets: `X-Frame-Options`, `X-Content-Type-Options`, `Referrer-Policy`, `X-XSS-Protection`, and `Strict-Transport-Security` (for HTTPS only). + +```go +// with sensible defaults +router.Use(rest.Secure()) + +// with full security headers for web apps (adds CSP and Permissions-Policy) +router.Use(rest.Secure(rest.SecAllHeaders())) + +// with custom options +router.Use(rest.Secure( + rest.SecFrameOptions("SAMEORIGIN"), + rest.SecReferrerPolicy("no-referrer"), + rest.SecHSTS(86400, true, true), + rest.SecContentSecurityPolicy("default-src 'self'"), + rest.SecPermissionsPolicy("geolocation=(), camera=()"), +)) +``` + +Default headers: +- `X-Frame-Options: DENY` - prevents clickjacking +- `X-Content-Type-Options: nosniff` - prevents MIME-type sniffing +- `Referrer-Policy: strict-origin-when-cross-origin` - controls referrer information +- `X-XSS-Protection: 1; mode=block` - enables XSS filtering (legacy browsers) +- `Strict-Transport-Security: max-age=31536000; includeSubDomains` - enforces HTTPS (only sent over HTTPS) + +Available options: +- `SecFrameOptions(value)` - set X-Frame-Options (DENY, SAMEORIGIN) +- `SecContentTypeNosniff(enable)` - enable/disable nosniff +- `SecReferrerPolicy(policy)` - set Referrer-Policy +- `SecContentSecurityPolicy(policy)` - set Content-Security-Policy +- `SecPermissionsPolicy(policy)` - set Permissions-Policy +- `SecHSTS(maxAge, includeSubdomains, preload)` - configure HSTS +- `SecXSSProtection(value)` - set X-XSS-Protection +- `SecAllHeaders()` - convenience option that sets CSP and Permissions-Policy with restrictive defaults + +### CSRF middleware + +Provides Cross-Site Request Forgery protection using modern browser Fetch metadata headers (`Sec-Fetch-Site`, `Origin`). For Go 1.25+, this wraps the stdlib's `http.CrossOriginProtection`. For earlier versions, a compatible custom implementation is used. + +```go +// basic protection +protection := rest.NewCrossOriginProtection() +router.Use(protection.Handler) + +// with trusted origins for cross-origin requests +protection := rest.NewCrossOriginProtection() +if err := protection.AddTrustedOrigin("https://mobile.example.com"); err != nil { + log.Fatal(err) +} +if err := protection.AddTrustedOrigin("https://admin.example.com"); err != nil { + log.Fatal(err) +} +router.Use(protection.Handler) + +// with bypass patterns for webhooks or OAuth +protection := rest.NewCrossOriginProtection() +protection.AddBypassPattern("/api/webhook") +protection.AddBypassPattern("/oauth/") +router.Use(protection.Handler) + +// with custom deny handler +protection := rest.NewCrossOriginProtection() +protection.SetDenyHandler(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + http.Error(w, "CSRF validation failed", http.StatusForbidden) +})) +router.Use(protection.Handler) +``` + +How it works: +- Safe methods (GET, HEAD, OPTIONS) are always allowed +- Checks `Sec-Fetch-Site` header for "same-origin" or "none" +- Falls back to comparing `Origin` header with request `Host` +- Requests without these headers are assumed same-origin (non-browser clients) + +Available methods: +- `NewCrossOriginProtection()` - creates new CSRF protection middleware +- `AddTrustedOrigin(origin)` - adds origin allowed for cross-origin requests (format: "scheme://host[:port]") +- `AddBypassPattern(pattern)` - adds URL pattern that bypasses protection (for webhooks, OAuth, etc.) +- `SetDenyHandler(handler)` - sets custom handler for rejected requests (default: 403 Forbidden) +- `Check(request)` - manually validates a request, returns error if blocked +- `Handler(handler)` - wraps an http.Handler with CSRF protection + ### Maybe middleware Maybe middleware allows changing the flow of the middleware stack execution depending on the return diff --git a/backend/vendor/github.com/go-pkgz/rest/benchmarks.go b/backend/vendor/github.com/go-pkgz/rest/benchmarks.go index 24e1dea9..e422d0ea 100644 --- a/backend/vendor/github.com/go-pkgz/rest/benchmarks.go +++ b/backend/vendor/github.com/go-pkgz/rest/benchmarks.go @@ -156,10 +156,7 @@ func (b *Benchmarks) Stats(interval time.Duration) BenchmarkStats { } // ensure we calculate rate based on actual interval - actualInterval := fnInterval.Sub(stInterval) - if actualInterval < time.Second { - actualInterval = time.Second - } + actualInterval := max(fnInterval.Sub(stInterval), time.Second) return BenchmarkStats{ Requests: requests, diff --git a/backend/vendor/github.com/go-pkgz/rest/cors.go b/backend/vendor/github.com/go-pkgz/rest/cors.go new file mode 100644 index 00000000..df7d8f9c --- /dev/null +++ b/backend/vendor/github.com/go-pkgz/rest/cors.go @@ -0,0 +1,180 @@ +package rest + +import ( + "net/http" + "strconv" + "strings" +) + +// CORSConfig defines CORS middleware configuration. +// Use CorsOpt functions to customize. +type CORSConfig struct { + // AllowedOrigins is a list of origins that may access the resource. + // use "*" to allow all origins (not recommended with credentials). + // default: ["*"] + AllowedOrigins []string + // AllowedMethods is a list of methods the client is allowed to use. + // default: GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD + AllowedMethods []string + // AllowedHeaders is a list of headers the client is allowed to send. + // default: Accept, Content-Type, Authorization, X-Requested-With + AllowedHeaders []string + // ExposedHeaders is a list of headers that are safe to expose to the client. + // default: empty + ExposedHeaders []string + // AllowCredentials indicates whether the request can include credentials. + // when true, AllowedOrigins cannot be "*" (browser security restriction). + // default: false + AllowCredentials bool + // MaxAge indicates how long (in seconds) the results of a preflight can be cached. + // default: 0 (no caching) + MaxAge int +} + +// CorsOpt is a functional option for CORSConfig +type CorsOpt func(*CORSConfig) + +// defaultCORSConfig returns config with sensible defaults +func defaultCORSConfig() CORSConfig { + return CORSConfig{ + AllowedOrigins: []string{"*"}, + AllowedMethods: []string{"GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS", "HEAD"}, + AllowedHeaders: []string{"Accept", "Content-Type", "Authorization", "X-Requested-With"}, + ExposedHeaders: []string{}, + AllowCredentials: false, + MaxAge: 0, + } +} + +// CorsAllowedOrigins sets the list of allowed origins. +// Use "*" to allow all origins (not recommended with credentials). +func CorsAllowedOrigins(origins ...string) CorsOpt { + return func(c *CORSConfig) { + c.AllowedOrigins = origins + } +} + +// CorsAllowedMethods sets the list of allowed HTTP methods. +func CorsAllowedMethods(methods ...string) CorsOpt { + return func(c *CORSConfig) { + c.AllowedMethods = methods + } +} + +// CorsAllowedHeaders sets the list of allowed request headers. +func CorsAllowedHeaders(headers ...string) CorsOpt { + return func(c *CORSConfig) { + c.AllowedHeaders = headers + } +} + +// CorsExposedHeaders sets the list of headers exposed to the client. +func CorsExposedHeaders(headers ...string) CorsOpt { + return func(c *CORSConfig) { + c.ExposedHeaders = headers + } +} + +// CorsAllowCredentials enables or disables credentials. +// When true, AllowedOrigins cannot be "*". +func CorsAllowCredentials(allow bool) CorsOpt { + return func(c *CORSConfig) { + c.AllowCredentials = allow + } +} + +// CorsMaxAge sets how long (in seconds) preflight results can be cached. +func CorsMaxAge(seconds int) CorsOpt { + return func(c *CORSConfig) { + c.MaxAge = seconds + } +} + +// CORS is middleware that handles Cross-Origin Resource Sharing. +// It handles preflight OPTIONS requests and sets appropriate headers. +// By default allows all origins with common methods and headers. +func CORS(opts ...CorsOpt) func(http.Handler) http.Handler { + cfg := defaultCORSConfig() + for _, opt := range opts { + opt(&cfg) + } + + // pre-compute joined strings for performance + methodsStr := strings.Join(cfg.AllowedMethods, ", ") + headersStr := strings.Join(cfg.AllowedHeaders, ", ") + exposedStr := strings.Join(cfg.ExposedHeaders, ", ") + + // check if wildcard is used + allowAll := len(cfg.AllowedOrigins) == 1 && cfg.AllowedOrigins[0] == "*" + + // build origin lookup for O(1) check (only when not allowing all) + var originSet map[string]bool + if !allowAll { + originSet = make(map[string]bool, len(cfg.AllowedOrigins)) + for _, o := range cfg.AllowedOrigins { + originSet[strings.ToLower(o)] = true + } + } + + return func(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + origin := r.Header.Get("Origin") + + // no origin header means same-origin or non-browser request + if origin == "" { + next.ServeHTTP(w, r) + return + } + + // check if origin is allowed + var allowed bool + if allowAll { + allowed = true + } else { + allowed = originSet[strings.ToLower(origin)] + } + if !allowed { + // origin not allowed, proceed without CORS headers + next.ServeHTTP(w, r) + return + } + + // set Vary header for caching + w.Header().Add("Vary", "Origin") + + // set allowed origin + if allowAll && !cfg.AllowCredentials { + w.Header().Set("Access-Control-Allow-Origin", "*") + } else { + // reflect the specific origin (required for credentials) + w.Header().Set("Access-Control-Allow-Origin", origin) + } + + // set credentials header if enabled + if cfg.AllowCredentials { + w.Header().Set("Access-Control-Allow-Credentials", "true") + } + + // handle preflight request + if r.Method == http.MethodOptions && r.Header.Get("Access-Control-Request-Method") != "" { + // preflight request + w.Header().Set("Access-Control-Allow-Methods", methodsStr) + w.Header().Set("Access-Control-Allow-Headers", headersStr) + + if cfg.MaxAge > 0 { + w.Header().Set("Access-Control-Max-Age", strconv.Itoa(cfg.MaxAge)) + } + + w.WriteHeader(http.StatusNoContent) + return + } + + // actual request - set exposed headers + if exposedStr != "" { + w.Header().Set("Access-Control-Expose-Headers", exposedStr) + } + + next.ServeHTTP(w, r) + }) + } +} diff --git a/backend/vendor/github.com/go-pkgz/rest/csrf.go b/backend/vendor/github.com/go-pkgz/rest/csrf.go new file mode 100644 index 00000000..0f1f930b --- /dev/null +++ b/backend/vendor/github.com/go-pkgz/rest/csrf.go @@ -0,0 +1,207 @@ +//go:build !go1.25 + +package rest + +import ( + "fmt" + "net/http" + "net/url" + "strings" + "sync" +) + +// CrossOriginProtection provides CSRF protection using modern browser Fetch metadata. +// It validates requests using Sec-Fetch-Site and Origin headers, rejecting cross-origin +// state-changing requests. Safe methods (GET, HEAD, OPTIONS) are always allowed. +// +// For Go 1.25+, this wraps the stdlib http.CrossOriginProtection. +// For earlier versions, it provides an equivalent custom implementation. +type CrossOriginProtection struct { + mu sync.RWMutex + trustedOrigins map[string]bool + bypassPatterns []string + denyHandler http.Handler +} + +// NewCrossOriginProtection creates a new CSRF protection middleware. +func NewCrossOriginProtection() *CrossOriginProtection { + return &CrossOriginProtection{ + trustedOrigins: make(map[string]bool), + } +} + +// AddTrustedOrigin adds an origin that should be allowed to make cross-origin requests. +// The origin must be in the format "scheme://host" or "scheme://host:port". +// Returns an error if the origin format is invalid. +func (c *CrossOriginProtection) AddTrustedOrigin(origin string) error { + u, err := url.Parse(origin) + if err != nil { + return fmt.Errorf("invalid origin: %w", err) + } + if u.Scheme == "" || u.Host == "" { + return fmt.Errorf("origin must have scheme and host: %s", origin) + } + if u.Path != "" && u.Path != "/" { + return fmt.Errorf("origin must not have path: %s", origin) + } + if u.RawQuery != "" || u.Fragment != "" { + return fmt.Errorf("origin must not have query or fragment: %s", origin) + } + + normalized := strings.ToLower(u.Scheme) + "://" + strings.ToLower(u.Host) + + c.mu.Lock() + c.trustedOrigins[normalized] = true + c.mu.Unlock() + return nil +} + +// AddBypassPattern adds a URL pattern that should bypass CSRF protection. +// Patterns follow the same syntax as http.ServeMux (e.g., "/api/webhook", "/oauth/"). +// Use sparingly and only for endpoints that have alternative authentication. +func (c *CrossOriginProtection) AddBypassPattern(pattern string) { + c.mu.Lock() + c.bypassPatterns = append(c.bypassPatterns, pattern) + c.mu.Unlock() +} + +// SetDenyHandler sets a custom handler for rejected requests. +// If not set, rejected requests receive a 403 Forbidden response. +func (c *CrossOriginProtection) SetDenyHandler(h http.Handler) { + c.mu.Lock() + c.denyHandler = h + c.mu.Unlock() +} + +// Check validates a request against CSRF protection rules. +// Returns nil if the request is allowed, or an error describing why it was rejected. +func (c *CrossOriginProtection) Check(r *http.Request) error { + // safe methods are always allowed + if isSafeMethod(r.Method) { + return nil + } + + // check bypass patterns + if c.matchesBypassPattern(r.URL.Path) { + return nil + } + + // check Sec-Fetch-Site header (modern browsers) + secFetchSite := r.Header.Get("Sec-Fetch-Site") + if secFetchSite != "" { + switch secFetchSite { + case "same-origin", "none": + return nil + case "cross-site", "same-site": + // check if origin is trusted + origin := r.Header.Get("Origin") + if origin != "" && c.isOriginTrusted(origin) { + return nil + } + return fmt.Errorf("cross-origin request blocked: Sec-Fetch-Site=%s", secFetchSite) + } + } + + // fallback: check Origin header against Host + origin := r.Header.Get("Origin") + if origin != "" { + // check if origin is trusted + if c.isOriginTrusted(origin) { + return nil + } + + // compare origin host with request host + originURL, err := url.Parse(origin) + if err != nil { + return fmt.Errorf("invalid Origin header: %w", err) + } + + requestHost := r.Host + if requestHost == "" { + requestHost = r.URL.Host + } + + // normalize hosts for comparison + originHost := strings.ToLower(originURL.Host) + requestHost = strings.ToLower(requestHost) + + if originHost != requestHost { + return fmt.Errorf("cross-origin request blocked: origin %s does not match host %s", originHost, requestHost) + } + return nil + } + + // no Sec-Fetch-Site or Origin headers - assume same-origin or non-browser request + return nil +} + +// Handler wraps an http.Handler with CSRF protection. +// Rejected requests receive a 403 Forbidden response (or custom deny handler). +func (c *CrossOriginProtection) Handler(h http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if err := c.Check(r); err != nil { + c.mu.RLock() + deny := c.denyHandler + c.mu.RUnlock() + + if deny != nil { + deny.ServeHTTP(w, r) + return + } + http.Error(w, "Forbidden - CSRF check failed", http.StatusForbidden) + return + } + h.ServeHTTP(w, r) + }) +} + +// isSafeMethod returns true for HTTP methods that don't modify state. +func isSafeMethod(method string) bool { + switch method { + case http.MethodGet, http.MethodHead, http.MethodOptions: + return true + } + return false +} + +// isOriginTrusted checks if the origin is in the trusted list. +func (c *CrossOriginProtection) isOriginTrusted(origin string) bool { + u, err := url.Parse(origin) + if err != nil { + return false + } + normalized := strings.ToLower(u.Scheme) + "://" + strings.ToLower(u.Host) + + c.mu.RLock() + trusted := c.trustedOrigins[normalized] + c.mu.RUnlock() + return trusted +} + +// matchesBypassPattern checks if the path matches any bypass pattern. +func (c *CrossOriginProtection) matchesBypassPattern(path string) bool { + c.mu.RLock() + patterns := make([]string, len(c.bypassPatterns)) + copy(patterns, c.bypassPatterns) + c.mu.RUnlock() + + for _, pattern := range patterns { + if matchPattern(pattern, path) { + return true + } + } + return false +} + +// matchPattern implements simple pattern matching similar to http.ServeMux. +func matchPattern(pattern, path string) bool { + // exact match + if pattern == path { + return true + } + // prefix match for patterns ending with / + if strings.HasSuffix(pattern, "/") && strings.HasPrefix(path, pattern) { + return true + } + return false +} diff --git a/backend/vendor/github.com/go-pkgz/rest/csrf_go125.go b/backend/vendor/github.com/go-pkgz/rest/csrf_go125.go new file mode 100644 index 00000000..d229f0d8 --- /dev/null +++ b/backend/vendor/github.com/go-pkgz/rest/csrf_go125.go @@ -0,0 +1,111 @@ +//go:build go1.25 + +package rest + +import ( + "fmt" + "net/http" + "net/url" + "strings" +) + +// CrossOriginProtection provides CSRF protection using modern browser Fetch metadata. +// It validates requests using Sec-Fetch-Site and Origin headers, rejecting cross-origin +// state-changing requests. Safe methods (GET, HEAD, OPTIONS) are always allowed. +// +// For Go 1.25+, this wraps the stdlib http.CrossOriginProtection. +// For earlier versions, it provides an equivalent custom implementation. +type CrossOriginProtection struct { + stdlib *http.CrossOriginProtection +} + +// NewCrossOriginProtection creates a new CSRF protection middleware. +func NewCrossOriginProtection() *CrossOriginProtection { + return &CrossOriginProtection{ + stdlib: http.NewCrossOriginProtection(), + } +} + +// AddTrustedOrigin adds an origin that should be allowed to make cross-origin requests. +// The origin must be in the format "scheme://host" or "scheme://host:port". +// Returns an error if the origin format is invalid. +func (c *CrossOriginProtection) AddTrustedOrigin(origin string) error { + u, err := url.Parse(origin) + if err != nil { + return fmt.Errorf("invalid origin: %w", err) + } + if u.Scheme == "" || u.Host == "" { + return fmt.Errorf("origin must have scheme and host: %s", origin) + } + if u.Path != "" && u.Path != "/" { + return fmt.Errorf("origin must not have path: %s", origin) + } + if u.RawQuery != "" || u.Fragment != "" { + return fmt.Errorf("origin must not have query or fragment: %s", origin) + } + + // normalize to lowercase for consistent case-insensitive matching + normalized := strings.ToLower(u.Scheme) + "://" + strings.ToLower(u.Host) + return c.stdlib.AddTrustedOrigin(normalized) +} + +// AddBypassPattern adds a URL pattern that should bypass CSRF protection. +// Patterns follow the same syntax as http.ServeMux (e.g., "/api/webhook", "/oauth/"). +// Use sparingly and only for endpoints that have alternative authentication. +func (c *CrossOriginProtection) AddBypassPattern(pattern string) { + c.stdlib.AddInsecureBypassPattern(pattern) +} + +// SetDenyHandler sets a custom handler for rejected requests. +// If not set, rejected requests receive a 403 Forbidden response. +func (c *CrossOriginProtection) SetDenyHandler(h http.Handler) { + c.stdlib.SetDenyHandler(h) +} + +// Check validates a request against CSRF protection rules. +// Returns nil if the request is allowed, or an error describing why it was rejected. +func (c *CrossOriginProtection) Check(r *http.Request) error { + // the stdlib Check method panics or returns void, so we use our own check logic + // by creating a test handler and seeing if it gets called + + // safe methods are always allowed + switch r.Method { + case http.MethodGet, http.MethodHead, http.MethodOptions: + return nil + } + + // use a test to determine if request would be allowed + allowed := false + testHandler := http.HandlerFunc(func(_ http.ResponseWriter, _ *http.Request) { + allowed = true + }) + + // create a response recorder to capture the result + rec := &discardResponseWriter{} + c.stdlib.Handler(testHandler).ServeHTTP(rec, r) + + if !allowed { + return fmt.Errorf("cross-origin request blocked by CSRF protection") + } + return nil +} + +// Handler wraps an http.Handler with CSRF protection. +// Rejected requests receive a 403 Forbidden response (or custom deny handler). +func (c *CrossOriginProtection) Handler(h http.Handler) http.Handler { + return c.stdlib.Handler(h) +} + +// discardResponseWriter is a minimal ResponseWriter for testing. +type discardResponseWriter struct { + header http.Header +} + +func (d *discardResponseWriter) Header() http.Header { + if d.header == nil { + d.header = make(http.Header) + } + return d.header +} +func (d *discardResponseWriter) Write(b []byte) (int, error) { return len(b), nil } +func (d *discardResponseWriter) WriteHeader(_ int) {} diff --git a/backend/vendor/github.com/go-pkgz/rest/gzip.go b/backend/vendor/github.com/go-pkgz/rest/gzip.go index a7328b05..67cac265 100644 --- a/backend/vendor/github.com/go-pkgz/rest/gzip.go +++ b/backend/vendor/github.com/go-pkgz/rest/gzip.go @@ -20,7 +20,7 @@ var gzDefaultContentTypes = []string{ } var gzPool = sync.Pool{ - New: func() interface{} { return gzip.NewWriter(io.Discard) }, + New: func() any { return gzip.NewWriter(io.Discard) }, } type gzipResponseWriter struct { diff --git a/backend/vendor/github.com/go-pkgz/rest/logger/logger.go b/backend/vendor/github.com/go-pkgz/rest/logger/logger.go index d93342c5..df409320 100644 --- a/backend/vendor/github.com/go-pkgz/rest/logger/logger.go +++ b/backend/vendor/github.com/go-pkgz/rest/logger/logger.go @@ -32,7 +32,7 @@ type Middleware struct { // Backend is logging backend type Backend interface { - Logf(format string, args ...interface{}) + Logf(format string, args ...any) } type logParts struct { @@ -51,7 +51,7 @@ type logParts struct { type stdBackend struct{} -func (s stdBackend) Logf(format string, args ...interface{}) { +func (s stdBackend) Logf(format string, args ...any) { log.Printf(format, args...) } diff --git a/backend/vendor/github.com/go-pkgz/rest/middleware.go b/backend/vendor/github.com/go-pkgz/rest/middleware.go index c130a462..59e9f069 100644 --- a/backend/vendor/github.com/go-pkgz/rest/middleware.go +++ b/backend/vendor/github.com/go-pkgz/rest/middleware.go @@ -36,14 +36,17 @@ func AppInfo(app, author, version string) func(http.Handler) http.Handler { return f } -// Ping middleware response with pong to /ping. Stops chain if ping request detected +// Ping middleware response with pong to /ping. Stops chain if ping request detected. +// Handles both GET and HEAD methods - HEAD returns headers only without body, +// which is useful for lightweight health checks by monitoring tools. func Ping(next http.Handler) http.Handler { fn := func(w http.ResponseWriter, r *http.Request) { - - if r.Method == "GET" && strings.HasSuffix(strings.ToLower(r.URL.Path), "/ping") { + if (r.Method == "GET" || r.Method == "HEAD") && strings.HasSuffix(strings.ToLower(r.URL.Path), "/ping") { w.Header().Set("Content-Type", "text/plain") w.WriteHeader(http.StatusOK) - _, _ = w.Write([]byte("pong")) + if r.Method == "GET" { + _, _ = w.Write([]byte("pong")) + } return } next.ServeHTTP(w, r) diff --git a/backend/vendor/github.com/go-pkgz/rest/realip/real.go b/backend/vendor/github.com/go-pkgz/rest/realip/real.go index ad10149f..cb492b19 100644 --- a/backend/vendor/github.com/go-pkgz/rest/realip/real.go +++ b/backend/vendor/github.com/go-pkgz/rest/realip/real.go @@ -58,8 +58,7 @@ func Get(r *http.Request) (string, error) { // check X-Forwarded-For, find leftmost public IP if xff := r.Header.Get("X-Forwarded-For"); xff != "" { - addresses := strings.Split(xff, ",") - for _, addr := range addresses { + for addr := range strings.SplitSeq(xff, ",") { ip := strings.TrimSpace(addr) if parsedIP := net.ParseIP(ip); isPublicIP(parsedIP) { return ip, nil diff --git a/backend/vendor/github.com/go-pkgz/rest/rest.go b/backend/vendor/github.com/go-pkgz/rest/rest.go index d8181f3e..94b3e9d8 100644 --- a/backend/vendor/github.com/go-pkgz/rest/rest.go +++ b/backend/vendor/github.com/go-pkgz/rest/rest.go @@ -13,7 +13,7 @@ import ( type JSON map[string]any // RenderJSON sends data as json -func RenderJSON(w http.ResponseWriter, data interface{}) { +func RenderJSON(w http.ResponseWriter, data any) { buf := &bytes.Buffer{} enc := json.NewEncoder(buf) enc.SetEscapeHTML(true) @@ -35,9 +35,8 @@ func RenderJSONFromBytes(w http.ResponseWriter, r *http.Request, data []byte) er } // RenderJSONWithHTML allows html tags and forces charset=utf-8 -func RenderJSONWithHTML(w http.ResponseWriter, r *http.Request, v interface{}) error { - - encodeJSONWithHTML := func(v interface{}) ([]byte, error) { +func RenderJSONWithHTML(w http.ResponseWriter, r *http.Request, v any) error { + encodeJSONWithHTML := func(v any) ([]byte, error) { buf := &bytes.Buffer{} enc := json.NewEncoder(buf) enc.SetEscapeHTML(false) @@ -55,7 +54,7 @@ func RenderJSONWithHTML(w http.ResponseWriter, r *http.Request, v interface{}) e } // renderJSONWithStatus sends data as json and enforces status code -func renderJSONWithStatus(w http.ResponseWriter, data interface{}, code int) { +func renderJSONWithStatus(w http.ResponseWriter, data any, code int) { buf := &bytes.Buffer{} enc := json.NewEncoder(buf) enc.SetEscapeHTML(true) diff --git a/backend/vendor/github.com/go-pkgz/rest/rewrite.go b/backend/vendor/github.com/go-pkgz/rest/rewrite.go index f3286bd2..d9e9537c 100644 --- a/backend/vendor/github.com/go-pkgz/rest/rewrite.go +++ b/backend/vendor/github.com/go-pkgz/rest/rewrite.go @@ -9,6 +9,79 @@ import ( "strings" ) +// CleanPath middleware cleans double slashes from URL path. +// For example, if a request is made to /users//1 or //users////1, +// it will be cleaned to /users/1 before routing. +// Trailing slashes are preserved: /users//1/ becomes /users/1/. +// Dot segments (. and ..) are intentionally NOT cleaned to preserve routing semantics. +func CleanPath(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + rctx := r.Context() + // skip if already cleaned + if _, ok := rctx.Value(contextKey("cleanpath")).(bool); ok { + next.ServeHTTP(w, r) + return + } + + p := r.URL.Path + cleaned := cleanDoubleSlashes(p) + + if cleaned != p { + r.URL.Path = cleaned + if r.URL.RawPath != "" { + // clean double slashes in RawPath separately to preserve percent-encoding + r.URL.RawPath = cleanDoubleSlashes(r.URL.RawPath) + } + rctx = context.WithValue(rctx, contextKey("cleanpath"), true) + r = r.WithContext(rctx) + } + next.ServeHTTP(w, r) + }) +} + +// cleanDoubleSlashes removes consecutive slashes from path while preserving +// trailing slashes and dot segments (. and ..). +func cleanDoubleSlashes(p string) string { + if p == "" || p == "/" { + return p + } + + var b strings.Builder + b.Grow(len(p)) + + prevSlash := false + for i := 0; i < len(p); i++ { + c := p[i] + if c == '/' { + if !prevSlash { + b.WriteByte(c) + } + prevSlash = true + } else { + b.WriteByte(c) + prevSlash = false + } + } + + return b.String() +} + +// StripSlashes middleware removes trailing slashes from URL path. +// For example, /users/1/ becomes /users/1. +// The root path "/" is preserved. +func StripSlashes(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + p := r.URL.Path + if len(p) > 1 && p[len(p)-1] == '/' { + r.URL.Path = p[:len(p)-1] + if r.URL.RawPath != "" { + r.URL.RawPath = strings.TrimSuffix(r.URL.RawPath, "/") + } + } + next.ServeHTTP(w, r) + }) +} + // Rewrite middleware with from->to rule. Supports regex (like nginx) and prevents multiple rewrites // example: Rewrite(`^/sites/(.*)/settings/$`, `/sites/settings/$1` func Rewrite(from, to string) func(http.Handler) http.Handler { diff --git a/backend/vendor/github.com/go-pkgz/rest/secure.go b/backend/vendor/github.com/go-pkgz/rest/secure.go new file mode 100644 index 00000000..19d4eb04 --- /dev/null +++ b/backend/vendor/github.com/go-pkgz/rest/secure.go @@ -0,0 +1,207 @@ +package rest + +import ( + "net/http" + "strconv" + "strings" +) + +// SecureConfig defines security headers configuration. +// Use SecOpt functions to customize. +type SecureConfig struct { + // xFrameOptions sets X-Frame-Options header. Default: DENY + XFrameOptions string + // xContentTypeOptions sets X-Content-Type-Options. Default: nosniff + XContentTypeOptions string + // ReferrerPolicy sets Referrer-Policy header. Default: strict-origin-when-cross-origin + ReferrerPolicy string + // ContentSecurityPolicy sets Content-Security-Policy header. Default: empty (not set) + ContentSecurityPolicy string + // PermissionsPolicy sets Permissions-Policy header. Default: empty (not set) + PermissionsPolicy string + // sTSSeconds sets max-age for Strict-Transport-Security. 0 disables. + // only sent when request uses HTTPS. Default: 31536000 (1 year) + STSSeconds int + // sTSIncludeSubdomains adds includeSubDomains to HSTS. Default: true + STSIncludeSubdomains bool + // sTSPreload adds preload flag to HSTS. Default: false + STSPreload bool + // xSSProtection sets X-XSS-Protection header. Default: 1; mode=block + // note: this header is deprecated in modern browsers but still useful for older ones + XSSProtection string +} + +// SecOpt is a functional option for SecureConfig +type SecOpt func(*SecureConfig) + +// defaultSecureConfig returns config with sensible defaults +func defaultSecureConfig() SecureConfig { + return SecureConfig{ + XFrameOptions: "DENY", + XContentTypeOptions: "nosniff", + ReferrerPolicy: "strict-origin-when-cross-origin", + STSSeconds: 31536000, // 1 year + STSIncludeSubdomains: true, + STSPreload: false, + XSSProtection: "1; mode=block", + } +} + +// SecFrameOptions sets X-Frame-Options header. +// Common values: "DENY", "SAMEORIGIN" +func SecFrameOptions(value string) SecOpt { + return func(c *SecureConfig) { + c.XFrameOptions = value + } +} + +// SecContentTypeNosniff enables or disables X-Content-Type-Options: nosniff +func SecContentTypeNosniff(enable bool) SecOpt { + return func(c *SecureConfig) { + if enable { + c.XContentTypeOptions = "nosniff" + } else { + c.XContentTypeOptions = "" + } + } +} + +// SecReferrerPolicy sets Referrer-Policy header. +// Common values: "no-referrer", "same-origin", "strict-origin", "strict-origin-when-cross-origin" +func SecReferrerPolicy(policy string) SecOpt { + return func(c *SecureConfig) { + c.ReferrerPolicy = policy + } +} + +// SecContentSecurityPolicy sets Content-Security-Policy header. +// Example: "default-src 'self'; script-src 'self'" +func SecContentSecurityPolicy(policy string) SecOpt { + return func(c *SecureConfig) { + c.ContentSecurityPolicy = policy + } +} + +// SecPermissionsPolicy sets Permissions-Policy header. +// Example: "geolocation=(), microphone=()" +func SecPermissionsPolicy(policy string) SecOpt { + return func(c *SecureConfig) { + c.PermissionsPolicy = policy + } +} + +// SecHSTS configures Strict-Transport-Security header. +// maxAge is in seconds (0 disables HSTS), includeSubdomains and preload are optional flags. +// Note: HSTS header is only sent when the request is over HTTPS. +func SecHSTS(maxAge int, includeSubdomains, preload bool) SecOpt { + return func(c *SecureConfig) { + c.STSSeconds = maxAge + c.STSIncludeSubdomains = includeSubdomains + c.STSPreload = preload + } +} + +// SecXSSProtection sets X-XSS-Protection header. +// Set to empty string to disable. Common values: "0", "1", "1; mode=block" +func SecXSSProtection(value string) SecOpt { + return func(c *SecureConfig) { + c.XSSProtection = value + } +} + +// SecAllHeaders is a convenience option to set common headers for secure web applications. +// Sets CSP with self-only policy and restrictive permissions. +func SecAllHeaders() SecOpt { + return func(c *SecureConfig) { + c.ContentSecurityPolicy = "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; form-action 'self'; frame-ancestors 'none'" + c.PermissionsPolicy = "geolocation=(), microphone=(), camera=()" + } +} + +// Secure is middleware that adds security headers to responses. +// By default it sets: X-Frame-Options, X-Content-Type-Options, Referrer-Policy, +// X-XSS-Protection, and Strict-Transport-Security (for HTTPS only). +// Use SecOpt functions to customize the configuration. +func Secure(opts ...SecOpt) func(http.Handler) http.Handler { + cfg := defaultSecureConfig() + for _, opt := range opts { + opt(&cfg) + } + + return func(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + // set security headers + if cfg.XFrameOptions != "" { + w.Header().Set("X-Frame-Options", cfg.XFrameOptions) + } + if cfg.XContentTypeOptions != "" { + w.Header().Set("X-Content-Type-Options", cfg.XContentTypeOptions) + } + if cfg.ReferrerPolicy != "" { + w.Header().Set("Referrer-Policy", cfg.ReferrerPolicy) + } + if cfg.XSSProtection != "" { + w.Header().Set("X-XSS-Protection", cfg.XSSProtection) + } + if cfg.ContentSecurityPolicy != "" { + w.Header().Set("Content-Security-Policy", cfg.ContentSecurityPolicy) + } + if cfg.PermissionsPolicy != "" { + w.Header().Set("Permissions-Policy", cfg.PermissionsPolicy) + } + + // HSTS only for HTTPS connections + if cfg.STSSeconds > 0 && isHTTPS(r) { + sts := "max-age=" + strconv.Itoa(cfg.STSSeconds) + if cfg.STSIncludeSubdomains { + sts += "; includeSubDomains" + } + if cfg.STSPreload { + sts += "; preload" + } + w.Header().Set("Strict-Transport-Security", sts) + } + + next.ServeHTTP(w, r) + }) + } +} + +// isHTTPS checks if the request is over HTTPS by examining TLS state and common proxy headers +func isHTTPS(r *http.Request) bool { + // direct TLS connection + if r.TLS != nil { + return true + } + // check common proxy headers (case-insensitive) + if strings.EqualFold(r.Header.Get("X-Forwarded-Proto"), "https") { + return true + } + // check RFC 7239 Forwarded header + if forwarded := r.Header.Get("Forwarded"); forwarded != "" { + if forwardedProtoIsHTTPS(forwarded) { + return true + } + } + return false +} + +// forwardedProtoIsHTTPS parses RFC 7239 Forwarded header to check for proto=https. +// The header format is: Forwarded: for=1.2.3.4;proto=https;by=proxy, for=5.6.7.8 +// Parameters are separated by semicolons, multiple forwarded elements by commas. +func forwardedProtoIsHTTPS(header string) bool { + // split by comma to get individual forwarded elements + for element := range strings.SplitSeq(header, ",") { + // split by semicolon to get parameters within element + for param := range strings.SplitSeq(element, ";") { + param = strings.TrimSpace(param) + // check for proto=https (case-insensitive per RFC 7239) + if len(param) > 6 && strings.EqualFold(param[:6], "proto=") { + if strings.EqualFold(strings.TrimSpace(param[6:]), "https") { + return true + } + } + } + } + return false +} diff --git a/backend/vendor/go.mongodb.org/mongo-driver/mongo/options/clientoptions.go b/backend/vendor/go.mongodb.org/mongo-driver/mongo/options/clientoptions.go index c3a9d439..b1dc0b6a 100644 --- a/backend/vendor/go.mongodb.org/mongo-driver/mongo/options/clientoptions.go +++ b/backend/vendor/go.mongodb.org/mongo-driver/mongo/options/clientoptions.go @@ -1062,9 +1062,6 @@ func (c *ClientOptions) SetSRVServiceName(srvName string) *ClientOptions { // MergeClientOptions combines the given *ClientOptions into a single *ClientOptions in a last one wins fashion. // The specified options are merged with the existing options on the client, with the specified options taking // precedence. -// -// Deprecated: Merging options structs will not be supported in Go Driver 2.0. Users should create a -// single options struct instead. func MergeClientOptions(opts ...*ClientOptions) *ClientOptions { c := Client() diff --git a/backend/vendor/go.mongodb.org/mongo-driver/version/version.go b/backend/vendor/go.mongodb.org/mongo-driver/version/version.go index ace11008..a727d0fb 100644 --- a/backend/vendor/go.mongodb.org/mongo-driver/version/version.go +++ b/backend/vendor/go.mongodb.org/mongo-driver/version/version.go @@ -11,4 +11,4 @@ package version // Driver is the current version of the driver. -var Driver = "1.17.6" +var Driver = "1.17.9" diff --git a/backend/vendor/go.mongodb.org/mongo-driver/x/mongo/driver/auth/internal/gssapi/gss_wrapper.c b/backend/vendor/go.mongodb.org/mongo-driver/x/mongo/driver/auth/internal/gssapi/gss_wrapper.c index 68b72541..e426037e 100644 --- a/backend/vendor/go.mongodb.org/mongo-driver/x/mongo/driver/auth/internal/gssapi/gss_wrapper.c +++ b/backend/vendor/go.mongodb.org/mongo-driver/x/mongo/driver/auth/internal/gssapi/gss_wrapper.c @@ -72,8 +72,8 @@ int gssapi_error_desc( free(*desc); } - *desc = malloc(desc_buffer.length+1); - memcpy(*desc, desc_buffer.value, desc_buffer.length+1); + *desc = calloc(1, desc_buffer.length + 1); + memcpy(*desc, desc_buffer.value, desc_buffer.length); gss_release_buffer(&local_min_stat, &desc_buffer); } @@ -144,8 +144,8 @@ int gssapi_client_username( return GSSAPI_ERROR; } - *username = malloc(name_buffer.length+1); - memcpy(*username, name_buffer.value, name_buffer.length+1); + *username = calloc(1, name_buffer.length + 1); + memcpy(*username, name_buffer.value, name_buffer.length); gss_release_buffer(&ignored, &name_buffer); gss_release_name(&ignored, &name); diff --git a/backend/vendor/go.mongodb.org/mongo-driver/x/mongo/driver/topology/rtt_monitor.go b/backend/vendor/go.mongodb.org/mongo-driver/x/mongo/driver/topology/rtt_monitor.go index c7b168dc..cc37db59 100644 --- a/backend/vendor/go.mongodb.org/mongo-driver/x/mongo/driver/topology/rtt_monitor.go +++ b/backend/vendor/go.mongodb.org/mongo-driver/x/mongo/driver/topology/rtt_monitor.go @@ -119,7 +119,7 @@ func (r *rttMonitor) start() { defer ticker.Stop() for { - conn := r.cfg.createConnectionFn() + conn = r.cfg.createConnectionFn() err := conn.connect(r.ctx) // Add an RTT sample from the new connection handshake and start a runHellos() loop if we diff --git a/backend/vendor/golang.org/x/crypto/scrypt/scrypt.go b/backend/vendor/golang.org/x/crypto/scrypt/scrypt.go index 76fa40fb..b422b7d7 100644 --- a/backend/vendor/golang.org/x/crypto/scrypt/scrypt.go +++ b/backend/vendor/golang.org/x/crypto/scrypt/scrypt.go @@ -196,6 +196,9 @@ func Key(password, salt []byte, N, r, p, keyLen int) ([]byte, error) { if N <= 1 || N&(N-1) != 0 { return nil, errors.New("scrypt: N must be > 1 and a power of 2") } + if r <= 0 || p <= 0 { + return nil, errors.New("scrypt: parameters must be > 0") + } if uint64(r)*uint64(p) >= 1<<30 || r > maxInt/128/p || r > maxInt/256 || N > maxInt/128/r { return nil, errors.New("scrypt: parameters are too large") } diff --git a/backend/vendor/golang.org/x/net/html/iter.go b/backend/vendor/golang.org/x/net/html/iter.go index 54be8fd3..349ef73e 100644 --- a/backend/vendor/golang.org/x/net/html/iter.go +++ b/backend/vendor/golang.org/x/net/html/iter.go @@ -2,8 +2,6 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build go1.23 - package html import "iter" diff --git a/backend/vendor/golang.org/x/net/html/node.go b/backend/vendor/golang.org/x/net/html/node.go index 77741a19..253e4679 100644 --- a/backend/vendor/golang.org/x/net/html/node.go +++ b/backend/vendor/golang.org/x/net/html/node.go @@ -11,6 +11,7 @@ import ( // A NodeType is the type of a Node. type NodeType uint32 +//go:generate stringer -type NodeType const ( ErrorNode NodeType = iota TextNode diff --git a/backend/vendor/golang.org/x/net/html/nodetype_string.go b/backend/vendor/golang.org/x/net/html/nodetype_string.go new file mode 100644 index 00000000..8253af49 --- /dev/null +++ b/backend/vendor/golang.org/x/net/html/nodetype_string.go @@ -0,0 +1,31 @@ +// Code generated by "stringer -type NodeType"; DO NOT EDIT. + +package html + +import "strconv" + +func _() { + // An "invalid array index" compiler error signifies that the constant values have changed. + // Re-run the stringer command to generate them again. + var x [1]struct{} + _ = x[ErrorNode-0] + _ = x[TextNode-1] + _ = x[DocumentNode-2] + _ = x[ElementNode-3] + _ = x[CommentNode-4] + _ = x[DoctypeNode-5] + _ = x[RawNode-6] + _ = x[scopeMarkerNode-7] +} + +const _NodeType_name = "ErrorNodeTextNodeDocumentNodeElementNodeCommentNodeDoctypeNodeRawNodescopeMarkerNode" + +var _NodeType_index = [...]uint8{0, 9, 17, 29, 40, 51, 62, 69, 84} + +func (i NodeType) String() string { + idx := int(i) - 0 + if i < 0 || idx >= len(_NodeType_index)-1 { + return "NodeType(" + strconv.FormatInt(int64(i), 10) + ")" + } + return _NodeType_name[_NodeType_index[idx]:_NodeType_index[idx+1]] +} diff --git a/backend/vendor/golang.org/x/sync/singleflight/singleflight.go b/backend/vendor/golang.org/x/sync/singleflight/singleflight.go index 40518309..90ca138a 100644 --- a/backend/vendor/golang.org/x/sync/singleflight/singleflight.go +++ b/backend/vendor/golang.org/x/sync/singleflight/singleflight.go @@ -22,7 +22,7 @@ var errGoexit = errors.New("runtime.Goexit was called") // A panicError is an arbitrary value recovered from a panic // with the stack trace during the execution of given function. type panicError struct { - value interface{} + value any stack []byte } @@ -40,7 +40,7 @@ func (p *panicError) Unwrap() error { return err } -func newPanicError(v interface{}) error { +func newPanicError(v any) error { stack := debug.Stack() // The first line of the stack trace is of the form "goroutine N [status]:" @@ -58,7 +58,7 @@ type call struct { // These fields are written once before the WaitGroup is done // and are only read after the WaitGroup is done. - val interface{} + val any err error // These fields are read and written with the singleflight @@ -78,7 +78,7 @@ type Group struct { // Result holds the results of Do, so they can be passed // on a channel. type Result struct { - Val interface{} + Val any Err error Shared bool } @@ -88,7 +88,7 @@ type Result struct { // time. If a duplicate comes in, the duplicate caller waits for the // original to complete and receives the same results. // The return value shared indicates whether v was given to multiple callers. -func (g *Group) Do(key string, fn func() (interface{}, error)) (v interface{}, err error, shared bool) { +func (g *Group) Do(key string, fn func() (any, error)) (v any, err error, shared bool) { g.mu.Lock() if g.m == nil { g.m = make(map[string]*call) @@ -118,7 +118,7 @@ func (g *Group) Do(key string, fn func() (interface{}, error)) (v interface{}, e // results when they are ready. // // The returned channel will not be closed. -func (g *Group) DoChan(key string, fn func() (interface{}, error)) <-chan Result { +func (g *Group) DoChan(key string, fn func() (any, error)) <-chan Result { ch := make(chan Result, 1) g.mu.Lock() if g.m == nil { @@ -141,7 +141,7 @@ func (g *Group) DoChan(key string, fn func() (interface{}, error)) <-chan Result } // doCall handles the single call for a key. -func (g *Group) doCall(c *call, key string, fn func() (interface{}, error)) { +func (g *Group) doCall(c *call, key string, fn func() (any, error)) { normalReturn := false recovered := false diff --git a/backend/vendor/golang.org/x/sys/cpu/asm_darwin_arm64_gc.s b/backend/vendor/golang.org/x/sys/cpu/asm_darwin_arm64_gc.s new file mode 100644 index 00000000..e07fa75e --- /dev/null +++ b/backend/vendor/golang.org/x/sys/cpu/asm_darwin_arm64_gc.s @@ -0,0 +1,12 @@ +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build darwin && arm64 && gc + +#include "textflag.h" + +TEXT libc_sysctlbyname_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_sysctlbyname(SB) +GLOBL ·libc_sysctlbyname_trampoline_addr(SB), RODATA, $8 +DATA ·libc_sysctlbyname_trampoline_addr(SB)/8, $libc_sysctlbyname_trampoline<>(SB) diff --git a/backend/vendor/golang.org/x/sys/cpu/cpu_arm64.go b/backend/vendor/golang.org/x/sys/cpu/cpu_arm64.go index af2aa99f..5fc09e29 100644 --- a/backend/vendor/golang.org/x/sys/cpu/cpu_arm64.go +++ b/backend/vendor/golang.org/x/sys/cpu/cpu_arm64.go @@ -44,14 +44,11 @@ func initOptions() { } func archInit() { - switch runtime.GOOS { - case "freebsd": + if runtime.GOOS == "freebsd" { readARM64Registers() - case "linux", "netbsd", "openbsd": + } else { + // Most platforms don't seem to allow directly reading these registers. doinit() - default: - // Many platforms don't seem to allow reading these registers. - setMinimalFeatures() } } diff --git a/backend/vendor/golang.org/x/sys/cpu/cpu_darwin_arm64.go b/backend/vendor/golang.org/x/sys/cpu/cpu_darwin_arm64.go new file mode 100644 index 00000000..0b470744 --- /dev/null +++ b/backend/vendor/golang.org/x/sys/cpu/cpu_darwin_arm64.go @@ -0,0 +1,67 @@ +// Copyright 2026 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build darwin && arm64 && gc + +package cpu + +func doinit() { + setMinimalFeatures() + + // The feature flags are explained in [Instruction Set Detection]. + // There are some differences between MacOS versions: + // + // MacOS 11 and 12 do not have "hw.optional" sysctl values for some of the features. + // + // MacOS 13 changed some of the naming conventions to align with ARM Architecture Reference Manual. + // For example "hw.optional.armv8_2_sha512" became "hw.optional.arm.FEAT_SHA512". + // It currently checks both to stay compatible with MacOS 11 and 12. + // The old names also work with MacOS 13, however it's not clear whether + // they will continue working with future OS releases. + // + // Once MacOS 12 is no longer supported the old names can be removed. + // + // [Instruction Set Detection]: https://developer.apple.com/documentation/kernel/1387446-sysctlbyname/determining_instruction_set_characteristics + + // Encryption, hashing and checksum capabilities + + // For the following flags there are no MacOS 11 sysctl flags. + ARM64.HasAES = true || darwinSysctlEnabled([]byte("hw.optional.arm.FEAT_AES\x00")) + ARM64.HasPMULL = true || darwinSysctlEnabled([]byte("hw.optional.arm.FEAT_PMULL\x00")) + ARM64.HasSHA1 = true || darwinSysctlEnabled([]byte("hw.optional.arm.FEAT_SHA1\x00")) + ARM64.HasSHA2 = true || darwinSysctlEnabled([]byte("hw.optional.arm.FEAT_SHA256\x00")) + + ARM64.HasSHA3 = darwinSysctlEnabled([]byte("hw.optional.armv8_2_sha3\x00")) || darwinSysctlEnabled([]byte("hw.optional.arm.FEAT_SHA3\x00")) + ARM64.HasSHA512 = darwinSysctlEnabled([]byte("hw.optional.armv8_2_sha512\x00")) || darwinSysctlEnabled([]byte("hw.optional.arm.FEAT_SHA512\x00")) + + ARM64.HasCRC32 = darwinSysctlEnabled([]byte("hw.optional.armv8_crc32\x00")) + + // Atomic and memory ordering + ARM64.HasATOMICS = darwinSysctlEnabled([]byte("hw.optional.armv8_1_atomics\x00")) || darwinSysctlEnabled([]byte("hw.optional.arm.FEAT_LSE\x00")) + ARM64.HasLRCPC = darwinSysctlEnabled([]byte("hw.optional.arm.FEAT_LRCPC\x00")) + + // SIMD and floating point capabilities + ARM64.HasFPHP = darwinSysctlEnabled([]byte("hw.optional.neon_fp16\x00")) || darwinSysctlEnabled([]byte("hw.optional.arm.FEAT_FP16\x00")) + ARM64.HasASIMDHP = darwinSysctlEnabled([]byte("hw.optional.neon_hpfp\x00")) || darwinSysctlEnabled([]byte("hw.optional.AdvSIMD_HPFPCvt\x00")) + ARM64.HasASIMDRDM = darwinSysctlEnabled([]byte("hw.optional.arm.FEAT_RDM\x00")) + ARM64.HasASIMDDP = darwinSysctlEnabled([]byte("hw.optional.arm.FEAT_DotProd\x00")) + ARM64.HasASIMDFHM = darwinSysctlEnabled([]byte("hw.optional.armv8_2_fhm\x00")) || darwinSysctlEnabled([]byte("hw.optional.arm.FEAT_FHM\x00")) + ARM64.HasI8MM = darwinSysctlEnabled([]byte("hw.optional.arm.FEAT_I8MM\x00")) + + ARM64.HasJSCVT = darwinSysctlEnabled([]byte("hw.optional.arm.FEAT_JSCVT\x00")) + ARM64.HasFCMA = darwinSysctlEnabled([]byte("hw.optional.armv8_3_compnum\x00")) || darwinSysctlEnabled([]byte("hw.optional.arm.FEAT_FCMA\x00")) + + // Miscellaneous + ARM64.HasDCPOP = darwinSysctlEnabled([]byte("hw.optional.arm.FEAT_DPB\x00")) + ARM64.HasEVTSTRM = darwinSysctlEnabled([]byte("hw.optional.arm.FEAT_ECV\x00")) + ARM64.HasDIT = darwinSysctlEnabled([]byte("hw.optional.arm.FEAT_DIT\x00")) + + // Not supported, but added for completeness + ARM64.HasCPUID = false + + ARM64.HasSM3 = false // darwinSysctlEnabled([]byte("hw.optional.arm.FEAT_SM3\x00")) + ARM64.HasSM4 = false // darwinSysctlEnabled([]byte("hw.optional.arm.FEAT_SM4\x00")) + ARM64.HasSVE = false // darwinSysctlEnabled([]byte("hw.optional.arm.FEAT_SVE\x00")) + ARM64.HasSVE2 = false // darwinSysctlEnabled([]byte("hw.optional.arm.FEAT_SVE2\x00")) +} diff --git a/backend/vendor/golang.org/x/sys/cpu/cpu_darwin_arm64_other.go b/backend/vendor/golang.org/x/sys/cpu/cpu_darwin_arm64_other.go new file mode 100644 index 00000000..4ee68e38 --- /dev/null +++ b/backend/vendor/golang.org/x/sys/cpu/cpu_darwin_arm64_other.go @@ -0,0 +1,29 @@ +// Copyright 2026 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build darwin && arm64 && !gc + +package cpu + +func doinit() { + setMinimalFeatures() + + ARM64.HasASIMD = true + ARM64.HasFP = true + + // Go already assumes these to be available because they were on the M1 + // and these are supported on all Apple arm64 chips. + ARM64.HasAES = true + ARM64.HasPMULL = true + ARM64.HasSHA1 = true + ARM64.HasSHA2 = true + + if runtime.GOOS != "ios" { + // Apple A7 processors do not support these, however + // M-series SoCs are at least armv8.4-a + ARM64.HasCRC32 = true // armv8.1 + ARM64.HasATOMICS = true // armv8.2 + ARM64.HasJSCVT = true // armv8.3, if HasFP + } +} diff --git a/backend/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go b/backend/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go index 7f194678..05913081 100644 --- a/backend/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go +++ b/backend/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go @@ -9,3 +9,4 @@ package cpu func getisar0() uint64 { return 0 } func getisar1() uint64 { return 0 } func getpfr0() uint64 { return 0 } +func getzfr0() uint64 { return 0 } diff --git a/backend/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go b/backend/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go index 5341e7f8..6c7c5bfd 100644 --- a/backend/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go +++ b/backend/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go @@ -2,8 +2,10 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build !linux && !netbsd && !openbsd && arm64 +//go:build !darwin && !linux && !netbsd && !openbsd && !windows && arm64 package cpu -func doinit() {} +func doinit() { + setMinimalFeatures() +} diff --git a/backend/vendor/golang.org/x/sys/cpu/cpu_windows_arm64.go b/backend/vendor/golang.org/x/sys/cpu/cpu_windows_arm64.go new file mode 100644 index 00000000..d09e85a3 --- /dev/null +++ b/backend/vendor/golang.org/x/sys/cpu/cpu_windows_arm64.go @@ -0,0 +1,42 @@ +// Copyright 2026 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package cpu + +import ( + "golang.org/x/sys/windows" +) + +func doinit() { + // set HasASIMD and HasFP to true as per + // https://learn.microsoft.com/en-us/cpp/build/arm64-windows-abi-conventions?view=msvc-170#base-requirements + // + // The ARM64 version of Windows always presupposes that it's running on an ARMv8 or later architecture. + // Both floating-point and NEON support are presumed to be present in hardware. + // + ARM64.HasASIMD = true + ARM64.HasFP = true + + if windows.IsProcessorFeaturePresent(windows.PF_ARM_V8_CRYPTO_INSTRUCTIONS_AVAILABLE) { + ARM64.HasAES = true + ARM64.HasPMULL = true + ARM64.HasSHA1 = true + ARM64.HasSHA2 = true + } + ARM64.HasSHA3 = windows.IsProcessorFeaturePresent(windows.PF_ARM_SHA3_INSTRUCTIONS_AVAILABLE) + ARM64.HasCRC32 = windows.IsProcessorFeaturePresent(windows.PF_ARM_V8_CRC32_INSTRUCTIONS_AVAILABLE) + ARM64.HasSHA512 = windows.IsProcessorFeaturePresent(windows.PF_ARM_SHA512_INSTRUCTIONS_AVAILABLE) + ARM64.HasATOMICS = windows.IsProcessorFeaturePresent(windows.PF_ARM_V81_ATOMIC_INSTRUCTIONS_AVAILABLE) + if windows.IsProcessorFeaturePresent(windows.PF_ARM_V82_DP_INSTRUCTIONS_AVAILABLE) { + ARM64.HasASIMDDP = true + ARM64.HasASIMDRDM = true + } + if windows.IsProcessorFeaturePresent(windows.PF_ARM_V83_LRCPC_INSTRUCTIONS_AVAILABLE) { + ARM64.HasLRCPC = true + ARM64.HasSM3 = true + } + ARM64.HasSVE = windows.IsProcessorFeaturePresent(windows.PF_ARM_SVE_INSTRUCTIONS_AVAILABLE) + ARM64.HasSVE2 = windows.IsProcessorFeaturePresent(windows.PF_ARM_SVE2_INSTRUCTIONS_AVAILABLE) + ARM64.HasJSCVT = windows.IsProcessorFeaturePresent(windows.PF_ARM_V83_JSCVT_INSTRUCTIONS_AVAILABLE) +} diff --git a/backend/vendor/golang.org/x/sys/cpu/syscall_darwin_arm64_gc.go b/backend/vendor/golang.org/x/sys/cpu/syscall_darwin_arm64_gc.go new file mode 100644 index 00000000..7b4e67ff --- /dev/null +++ b/backend/vendor/golang.org/x/sys/cpu/syscall_darwin_arm64_gc.go @@ -0,0 +1,54 @@ +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Minimal copy from internal/cpu and runtime to make sysctl calls. + +//go:build darwin && arm64 && gc + +package cpu + +import ( + "syscall" + "unsafe" +) + +type Errno = syscall.Errno + +// adapted from internal/cpu/cpu_arm64_darwin.go +func darwinSysctlEnabled(name []byte) bool { + out := int32(0) + nout := unsafe.Sizeof(out) + if ret := sysctlbyname(&name[0], (*byte)(unsafe.Pointer(&out)), &nout, nil, 0); ret != nil { + return false + } + return out > 0 +} + +//go:cgo_import_dynamic libc_sysctl sysctl "/usr/lib/libSystem.B.dylib" + +var libc_sysctlbyname_trampoline_addr uintptr + +// adapted from runtime/sys_darwin.go in the pattern of sysctl() above, as defined in x/sys/unix +func sysctlbyname(name *byte, old *byte, oldlen *uintptr, new *byte, newlen uintptr) error { + if _, _, err := syscall_syscall6( + libc_sysctlbyname_trampoline_addr, + uintptr(unsafe.Pointer(name)), + uintptr(unsafe.Pointer(old)), + uintptr(unsafe.Pointer(oldlen)), + uintptr(unsafe.Pointer(new)), + uintptr(newlen), + 0, + ); err != 0 { + return err + } + + return nil +} + +//go:cgo_import_dynamic libc_sysctlbyname sysctlbyname "/usr/lib/libSystem.B.dylib" + +// Implemented in the runtime package (runtime/sys_darwin.go) +func syscall_syscall6(fn, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err Errno) + +//go:linkname syscall_syscall6 syscall.syscall6 diff --git a/backend/vendor/golang.org/x/sys/unix/ioctl_signed.go b/backend/vendor/golang.org/x/sys/unix/ioctl_signed.go index 5b0759bd..be0f3fba 100644 --- a/backend/vendor/golang.org/x/sys/unix/ioctl_signed.go +++ b/backend/vendor/golang.org/x/sys/unix/ioctl_signed.go @@ -6,9 +6,7 @@ package unix -import ( - "unsafe" -) +import "unsafe" // ioctl itself should not be exposed directly, but additional get/set // functions for specific types are permissible. @@ -28,6 +26,13 @@ func IoctlSetPointerInt(fd int, req int, value int) error { return ioctlPtr(fd, req, unsafe.Pointer(&v)) } +// IoctlSetString performs an ioctl operation which sets a string value +// on fd, using the specified request number. +func IoctlSetString(fd int, req int, value string) error { + bs := append([]byte(value), 0) + return ioctlPtr(fd, req, unsafe.Pointer(&bs[0])) +} + // IoctlSetWinsize performs an ioctl on fd with a *Winsize argument. // // To change fd's window size, the req argument should be TIOCSWINSZ. diff --git a/backend/vendor/golang.org/x/sys/unix/ioctl_unsigned.go b/backend/vendor/golang.org/x/sys/unix/ioctl_unsigned.go index 20f470b9..f0c28213 100644 --- a/backend/vendor/golang.org/x/sys/unix/ioctl_unsigned.go +++ b/backend/vendor/golang.org/x/sys/unix/ioctl_unsigned.go @@ -6,9 +6,7 @@ package unix -import ( - "unsafe" -) +import "unsafe" // ioctl itself should not be exposed directly, but additional get/set // functions for specific types are permissible. @@ -28,6 +26,13 @@ func IoctlSetPointerInt(fd int, req uint, value int) error { return ioctlPtr(fd, req, unsafe.Pointer(&v)) } +// IoctlSetString performs an ioctl operation which sets a string value +// on fd, using the specified request number. +func IoctlSetString(fd int, req uint, value string) error { + bs := append([]byte(value), 0) + return ioctlPtr(fd, req, unsafe.Pointer(&bs[0])) +} + // IoctlSetWinsize performs an ioctl on fd with a *Winsize argument. // // To change fd's window size, the req argument should be TIOCSWINSZ. diff --git a/backend/vendor/golang.org/x/sys/unix/syscall_solaris.go b/backend/vendor/golang.org/x/sys/unix/syscall_solaris.go index 18a3d9bd..a6a2ea0c 100644 --- a/backend/vendor/golang.org/x/sys/unix/syscall_solaris.go +++ b/backend/vendor/golang.org/x/sys/unix/syscall_solaris.go @@ -1052,14 +1052,6 @@ func IoctlSetIntRetInt(fd int, req int, arg int) (int, error) { return ioctlRet(fd, req, uintptr(arg)) } -func IoctlSetString(fd int, req int, val string) error { - bs := make([]byte, len(val)+1) - copy(bs[:len(bs)-1], val) - err := ioctlPtr(fd, req, unsafe.Pointer(&bs[0])) - runtime.KeepAlive(&bs[0]) - return err -} - // Lifreq Helpers func (l *Lifreq) SetName(name string) error { diff --git a/backend/vendor/golang.org/x/sys/unix/syscall_unix.go b/backend/vendor/golang.org/x/sys/unix/syscall_unix.go index 4e92e5aa..de6fccf9 100644 --- a/backend/vendor/golang.org/x/sys/unix/syscall_unix.go +++ b/backend/vendor/golang.org/x/sys/unix/syscall_unix.go @@ -367,7 +367,9 @@ func Recvmsg(fd int, p, oob []byte, flags int) (n, oobn int, recvflags int, from iov[0].SetLen(len(p)) } var rsa RawSockaddrAny - n, oobn, recvflags, err = recvmsgRaw(fd, iov[:], oob, flags, &rsa) + if n, oobn, recvflags, err = recvmsgRaw(fd, iov[:], oob, flags, &rsa); err != nil { + return + } // source address is only specified if the socket is unconnected if rsa.Addr.Family != AF_UNSPEC { from, err = anyToSockaddr(fd, &rsa) @@ -389,8 +391,10 @@ func RecvmsgBuffers(fd int, buffers [][]byte, oob []byte, flags int) (n, oobn in } } var rsa RawSockaddrAny - n, oobn, recvflags, err = recvmsgRaw(fd, iov, oob, flags, &rsa) - if err == nil && rsa.Addr.Family != AF_UNSPEC { + if n, oobn, recvflags, err = recvmsgRaw(fd, iov, oob, flags, &rsa); err != nil { + return + } + if rsa.Addr.Family != AF_UNSPEC { from, err = anyToSockaddr(fd, &rsa) } return diff --git a/backend/vendor/golang.org/x/sys/unix/ztypes_linux.go b/backend/vendor/golang.org/x/sys/unix/ztypes_linux.go index c1a46701..45476a73 100644 --- a/backend/vendor/golang.org/x/sys/unix/ztypes_linux.go +++ b/backend/vendor/golang.org/x/sys/unix/ztypes_linux.go @@ -593,110 +593,115 @@ const ( ) const ( - NDA_UNSPEC = 0x0 - NDA_DST = 0x1 - NDA_LLADDR = 0x2 - NDA_CACHEINFO = 0x3 - NDA_PROBES = 0x4 - NDA_VLAN = 0x5 - NDA_PORT = 0x6 - NDA_VNI = 0x7 - NDA_IFINDEX = 0x8 - NDA_MASTER = 0x9 - NDA_LINK_NETNSID = 0xa - NDA_SRC_VNI = 0xb - NTF_USE = 0x1 - NTF_SELF = 0x2 - NTF_MASTER = 0x4 - NTF_PROXY = 0x8 - NTF_EXT_LEARNED = 0x10 - NTF_OFFLOADED = 0x20 - NTF_ROUTER = 0x80 - NUD_INCOMPLETE = 0x1 - NUD_REACHABLE = 0x2 - NUD_STALE = 0x4 - NUD_DELAY = 0x8 - NUD_PROBE = 0x10 - NUD_FAILED = 0x20 - NUD_NOARP = 0x40 - NUD_PERMANENT = 0x80 - NUD_NONE = 0x0 - IFA_UNSPEC = 0x0 - IFA_ADDRESS = 0x1 - IFA_LOCAL = 0x2 - IFA_LABEL = 0x3 - IFA_BROADCAST = 0x4 - IFA_ANYCAST = 0x5 - IFA_CACHEINFO = 0x6 - IFA_MULTICAST = 0x7 - IFA_FLAGS = 0x8 - IFA_RT_PRIORITY = 0x9 - IFA_TARGET_NETNSID = 0xa - IFAL_LABEL = 0x2 - IFAL_ADDRESS = 0x1 - RT_SCOPE_UNIVERSE = 0x0 - RT_SCOPE_SITE = 0xc8 - RT_SCOPE_LINK = 0xfd - RT_SCOPE_HOST = 0xfe - RT_SCOPE_NOWHERE = 0xff - RT_TABLE_UNSPEC = 0x0 - RT_TABLE_COMPAT = 0xfc - RT_TABLE_DEFAULT = 0xfd - RT_TABLE_MAIN = 0xfe - RT_TABLE_LOCAL = 0xff - RT_TABLE_MAX = 0xffffffff - RTA_UNSPEC = 0x0 - RTA_DST = 0x1 - RTA_SRC = 0x2 - RTA_IIF = 0x3 - RTA_OIF = 0x4 - RTA_GATEWAY = 0x5 - RTA_PRIORITY = 0x6 - RTA_PREFSRC = 0x7 - RTA_METRICS = 0x8 - RTA_MULTIPATH = 0x9 - RTA_FLOW = 0xb - RTA_CACHEINFO = 0xc - RTA_TABLE = 0xf - RTA_MARK = 0x10 - RTA_MFC_STATS = 0x11 - RTA_VIA = 0x12 - RTA_NEWDST = 0x13 - RTA_PREF = 0x14 - RTA_ENCAP_TYPE = 0x15 - RTA_ENCAP = 0x16 - RTA_EXPIRES = 0x17 - RTA_PAD = 0x18 - RTA_UID = 0x19 - RTA_TTL_PROPAGATE = 0x1a - RTA_IP_PROTO = 0x1b - RTA_SPORT = 0x1c - RTA_DPORT = 0x1d - RTN_UNSPEC = 0x0 - RTN_UNICAST = 0x1 - RTN_LOCAL = 0x2 - RTN_BROADCAST = 0x3 - RTN_ANYCAST = 0x4 - RTN_MULTICAST = 0x5 - RTN_BLACKHOLE = 0x6 - RTN_UNREACHABLE = 0x7 - RTN_PROHIBIT = 0x8 - RTN_THROW = 0x9 - RTN_NAT = 0xa - RTN_XRESOLVE = 0xb - SizeofNlMsghdr = 0x10 - SizeofNlMsgerr = 0x14 - SizeofRtGenmsg = 0x1 - SizeofNlAttr = 0x4 - SizeofRtAttr = 0x4 - SizeofIfInfomsg = 0x10 - SizeofIfAddrmsg = 0x8 - SizeofIfAddrlblmsg = 0xc - SizeofIfaCacheinfo = 0x10 - SizeofRtMsg = 0xc - SizeofRtNexthop = 0x8 - SizeofNdUseroptmsg = 0x10 - SizeofNdMsg = 0xc + NDA_UNSPEC = 0x0 + NDA_DST = 0x1 + NDA_LLADDR = 0x2 + NDA_CACHEINFO = 0x3 + NDA_PROBES = 0x4 + NDA_VLAN = 0x5 + NDA_PORT = 0x6 + NDA_VNI = 0x7 + NDA_IFINDEX = 0x8 + NDA_MASTER = 0x9 + NDA_LINK_NETNSID = 0xa + NDA_SRC_VNI = 0xb + NTF_USE = 0x1 + NTF_SELF = 0x2 + NTF_MASTER = 0x4 + NTF_PROXY = 0x8 + NTF_EXT_LEARNED = 0x10 + NTF_OFFLOADED = 0x20 + NTF_ROUTER = 0x80 + NUD_INCOMPLETE = 0x1 + NUD_REACHABLE = 0x2 + NUD_STALE = 0x4 + NUD_DELAY = 0x8 + NUD_PROBE = 0x10 + NUD_FAILED = 0x20 + NUD_NOARP = 0x40 + NUD_PERMANENT = 0x80 + NUD_NONE = 0x0 + IFA_UNSPEC = 0x0 + IFA_ADDRESS = 0x1 + IFA_LOCAL = 0x2 + IFA_LABEL = 0x3 + IFA_BROADCAST = 0x4 + IFA_ANYCAST = 0x5 + IFA_CACHEINFO = 0x6 + IFA_MULTICAST = 0x7 + IFA_FLAGS = 0x8 + IFA_RT_PRIORITY = 0x9 + IFA_TARGET_NETNSID = 0xa + IFAL_LABEL = 0x2 + IFAL_ADDRESS = 0x1 + RT_SCOPE_UNIVERSE = 0x0 + RT_SCOPE_SITE = 0xc8 + RT_SCOPE_LINK = 0xfd + RT_SCOPE_HOST = 0xfe + RT_SCOPE_NOWHERE = 0xff + RT_TABLE_UNSPEC = 0x0 + RT_TABLE_COMPAT = 0xfc + RT_TABLE_DEFAULT = 0xfd + RT_TABLE_MAIN = 0xfe + RT_TABLE_LOCAL = 0xff + RT_TABLE_MAX = 0xffffffff + RTA_UNSPEC = 0x0 + RTA_DST = 0x1 + RTA_SRC = 0x2 + RTA_IIF = 0x3 + RTA_OIF = 0x4 + RTA_GATEWAY = 0x5 + RTA_PRIORITY = 0x6 + RTA_PREFSRC = 0x7 + RTA_METRICS = 0x8 + RTA_MULTIPATH = 0x9 + RTA_FLOW = 0xb + RTA_CACHEINFO = 0xc + RTA_TABLE = 0xf + RTA_MARK = 0x10 + RTA_MFC_STATS = 0x11 + RTA_VIA = 0x12 + RTA_NEWDST = 0x13 + RTA_PREF = 0x14 + RTA_ENCAP_TYPE = 0x15 + RTA_ENCAP = 0x16 + RTA_EXPIRES = 0x17 + RTA_PAD = 0x18 + RTA_UID = 0x19 + RTA_TTL_PROPAGATE = 0x1a + RTA_IP_PROTO = 0x1b + RTA_SPORT = 0x1c + RTA_DPORT = 0x1d + RTN_UNSPEC = 0x0 + RTN_UNICAST = 0x1 + RTN_LOCAL = 0x2 + RTN_BROADCAST = 0x3 + RTN_ANYCAST = 0x4 + RTN_MULTICAST = 0x5 + RTN_BLACKHOLE = 0x6 + RTN_UNREACHABLE = 0x7 + RTN_PROHIBIT = 0x8 + RTN_THROW = 0x9 + RTN_NAT = 0xa + RTN_XRESOLVE = 0xb + PREFIX_UNSPEC = 0x0 + PREFIX_ADDRESS = 0x1 + PREFIX_CACHEINFO = 0x2 + SizeofNlMsghdr = 0x10 + SizeofNlMsgerr = 0x14 + SizeofRtGenmsg = 0x1 + SizeofNlAttr = 0x4 + SizeofRtAttr = 0x4 + SizeofIfInfomsg = 0x10 + SizeofPrefixmsg = 0xc + SizeofPrefixCacheinfo = 0x8 + SizeofIfAddrmsg = 0x8 + SizeofIfAddrlblmsg = 0xc + SizeofIfaCacheinfo = 0x10 + SizeofRtMsg = 0xc + SizeofRtNexthop = 0x8 + SizeofNdUseroptmsg = 0x10 + SizeofNdMsg = 0xc ) type NlMsghdr struct { @@ -735,6 +740,22 @@ type IfInfomsg struct { Change uint32 } +type Prefixmsg struct { + Family uint8 + Pad1 uint8 + Pad2 uint16 + Ifindex int32 + Type uint8 + Len uint8 + Flags uint8 + Pad3 uint8 +} + +type PrefixCacheinfo struct { + Preferred_time uint32 + Valid_time uint32 +} + type IfAddrmsg struct { Family uint8 Prefixlen uint8 diff --git a/backend/vendor/golang.org/x/sys/windows/aliases.go b/backend/vendor/golang.org/x/sys/windows/aliases.go index 16f90560..96317966 100644 --- a/backend/vendor/golang.org/x/sys/windows/aliases.go +++ b/backend/vendor/golang.org/x/sys/windows/aliases.go @@ -8,5 +8,6 @@ package windows import "syscall" +type Signal = syscall.Signal type Errno = syscall.Errno type SysProcAttr = syscall.SysProcAttr diff --git a/backend/vendor/golang.org/x/sys/windows/syscall_windows.go b/backend/vendor/golang.org/x/sys/windows/syscall_windows.go index 69439df2..d7664365 100644 --- a/backend/vendor/golang.org/x/sys/windows/syscall_windows.go +++ b/backend/vendor/golang.org/x/sys/windows/syscall_windows.go @@ -900,6 +900,7 @@ const socket_error = uintptr(^uint32(0)) //sys NotifyRouteChange2(family uint16, callback uintptr, callerContext unsafe.Pointer, initialNotification bool, notificationHandle *Handle) (errcode error) = iphlpapi.NotifyRouteChange2 //sys NotifyUnicastIpAddressChange(family uint16, callback uintptr, callerContext unsafe.Pointer, initialNotification bool, notificationHandle *Handle) (errcode error) = iphlpapi.NotifyUnicastIpAddressChange //sys CancelMibChangeNotify2(notificationHandle Handle) (errcode error) = iphlpapi.CancelMibChangeNotify2 +//sys IsProcessorFeaturePresent(ProcessorFeature uint32) (ret bool) = kernel32.IsProcessorFeaturePresent // For testing: clients can set this flag to force // creation of IPv6 sockets to return EAFNOSUPPORT. @@ -1489,20 +1490,6 @@ func Getgid() (gid int) { return -1 } func Getegid() (egid int) { return -1 } func Getgroups() (gids []int, err error) { return nil, syscall.EWINDOWS } -type Signal int - -func (s Signal) Signal() {} - -func (s Signal) String() string { - if 0 <= s && int(s) < len(signals) { - str := signals[s] - if str != "" { - return str - } - } - return "signal " + itoa(int(s)) -} - func LoadCreateSymbolicLink() error { return procCreateSymbolicLinkW.Find() } diff --git a/backend/vendor/golang.org/x/sys/windows/types_windows.go b/backend/vendor/golang.org/x/sys/windows/types_windows.go index 6e4f50eb..d5658a13 100644 --- a/backend/vendor/golang.org/x/sys/windows/types_windows.go +++ b/backend/vendor/golang.org/x/sys/windows/types_windows.go @@ -3938,3 +3938,88 @@ const ( MOUSE_EVENT = 0x0002 WINDOW_BUFFER_SIZE_EVENT = 0x0004 ) + +// The processor features to be tested for IsProcessorFeaturePresent, see +// https://learn.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-isprocessorfeaturepresent +const ( + PF_ARM_64BIT_LOADSTORE_ATOMIC = 25 + PF_ARM_DIVIDE_INSTRUCTION_AVAILABLE = 24 + PF_ARM_EXTERNAL_CACHE_AVAILABLE = 26 + PF_ARM_FMAC_INSTRUCTIONS_AVAILABLE = 27 + PF_ARM_VFP_32_REGISTERS_AVAILABLE = 18 + PF_3DNOW_INSTRUCTIONS_AVAILABLE = 7 + PF_CHANNELS_ENABLED = 16 + PF_COMPARE_EXCHANGE_DOUBLE = 2 + PF_COMPARE_EXCHANGE128 = 14 + PF_COMPARE64_EXCHANGE128 = 15 + PF_FASTFAIL_AVAILABLE = 23 + PF_FLOATING_POINT_EMULATED = 1 + PF_FLOATING_POINT_PRECISION_ERRATA = 0 + PF_MMX_INSTRUCTIONS_AVAILABLE = 3 + PF_NX_ENABLED = 12 + PF_PAE_ENABLED = 9 + PF_RDTSC_INSTRUCTION_AVAILABLE = 8 + PF_RDWRFSGSBASE_AVAILABLE = 22 + PF_SECOND_LEVEL_ADDRESS_TRANSLATION = 20 + PF_SSE3_INSTRUCTIONS_AVAILABLE = 13 + PF_SSSE3_INSTRUCTIONS_AVAILABLE = 36 + PF_SSE4_1_INSTRUCTIONS_AVAILABLE = 37 + PF_SSE4_2_INSTRUCTIONS_AVAILABLE = 38 + PF_AVX_INSTRUCTIONS_AVAILABLE = 39 + PF_AVX2_INSTRUCTIONS_AVAILABLE = 40 + PF_AVX512F_INSTRUCTIONS_AVAILABLE = 41 + PF_VIRT_FIRMWARE_ENABLED = 21 + PF_XMMI_INSTRUCTIONS_AVAILABLE = 6 + PF_XMMI64_INSTRUCTIONS_AVAILABLE = 10 + PF_XSAVE_ENABLED = 17 + PF_ARM_V8_INSTRUCTIONS_AVAILABLE = 29 + PF_ARM_V8_CRYPTO_INSTRUCTIONS_AVAILABLE = 30 + PF_ARM_V8_CRC32_INSTRUCTIONS_AVAILABLE = 31 + PF_ARM_V81_ATOMIC_INSTRUCTIONS_AVAILABLE = 34 + PF_ARM_V82_DP_INSTRUCTIONS_AVAILABLE = 43 + PF_ARM_V83_JSCVT_INSTRUCTIONS_AVAILABLE = 44 + PF_ARM_V83_LRCPC_INSTRUCTIONS_AVAILABLE = 45 + PF_ARM_SVE_INSTRUCTIONS_AVAILABLE = 46 + PF_ARM_SVE2_INSTRUCTIONS_AVAILABLE = 47 + PF_ARM_SVE2_1_INSTRUCTIONS_AVAILABLE = 48 + PF_ARM_SVE_AES_INSTRUCTIONS_AVAILABLE = 49 + PF_ARM_SVE_PMULL128_INSTRUCTIONS_AVAILABLE = 50 + PF_ARM_SVE_BITPERM_INSTRUCTIONS_AVAILABLE = 51 + PF_ARM_SVE_BF16_INSTRUCTIONS_AVAILABLE = 52 + PF_ARM_SVE_EBF16_INSTRUCTIONS_AVAILABLE = 53 + PF_ARM_SVE_B16B16_INSTRUCTIONS_AVAILABLE = 54 + PF_ARM_SVE_SHA3_INSTRUCTIONS_AVAILABLE = 55 + PF_ARM_SVE_SM4_INSTRUCTIONS_AVAILABLE = 56 + PF_ARM_SVE_I8MM_INSTRUCTIONS_AVAILABLE = 57 + PF_ARM_SVE_F32MM_INSTRUCTIONS_AVAILABLE = 58 + PF_ARM_SVE_F64MM_INSTRUCTIONS_AVAILABLE = 59 + PF_BMI2_INSTRUCTIONS_AVAILABLE = 60 + PF_MOVDIR64B_INSTRUCTION_AVAILABLE = 61 + PF_ARM_LSE2_AVAILABLE = 62 + PF_ARM_SHA3_INSTRUCTIONS_AVAILABLE = 64 + PF_ARM_SHA512_INSTRUCTIONS_AVAILABLE = 65 + PF_ARM_V82_I8MM_INSTRUCTIONS_AVAILABLE = 66 + PF_ARM_V82_FP16_INSTRUCTIONS_AVAILABLE = 67 + PF_ARM_V86_BF16_INSTRUCTIONS_AVAILABLE = 68 + PF_ARM_V86_EBF16_INSTRUCTIONS_AVAILABLE = 69 + PF_ARM_SME_INSTRUCTIONS_AVAILABLE = 70 + PF_ARM_SME2_INSTRUCTIONS_AVAILABLE = 71 + PF_ARM_SME2_1_INSTRUCTIONS_AVAILABLE = 72 + PF_ARM_SME2_2_INSTRUCTIONS_AVAILABLE = 73 + PF_ARM_SME_AES_INSTRUCTIONS_AVAILABLE = 74 + PF_ARM_SME_SBITPERM_INSTRUCTIONS_AVAILABLE = 75 + PF_ARM_SME_SF8MM4_INSTRUCTIONS_AVAILABLE = 76 + PF_ARM_SME_SF8MM8_INSTRUCTIONS_AVAILABLE = 77 + PF_ARM_SME_SF8DP2_INSTRUCTIONS_AVAILABLE = 78 + PF_ARM_SME_SF8DP4_INSTRUCTIONS_AVAILABLE = 79 + PF_ARM_SME_SF8FMA_INSTRUCTIONS_AVAILABLE = 80 + PF_ARM_SME_F8F32_INSTRUCTIONS_AVAILABLE = 81 + PF_ARM_SME_F8F16_INSTRUCTIONS_AVAILABLE = 82 + PF_ARM_SME_F16F16_INSTRUCTIONS_AVAILABLE = 83 + PF_ARM_SME_B16B16_INSTRUCTIONS_AVAILABLE = 84 + PF_ARM_SME_F64F64_INSTRUCTIONS_AVAILABLE = 85 + PF_ARM_SME_I16I64_INSTRUCTIONS_AVAILABLE = 86 + PF_ARM_SME_LUTv2_INSTRUCTIONS_AVAILABLE = 87 + PF_ARM_SME_FA64_INSTRUCTIONS_AVAILABLE = 88 + PF_UMONITOR_INSTRUCTION_AVAILABLE = 89 +) diff --git a/backend/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/backend/vendor/golang.org/x/sys/windows/zsyscall_windows.go index f25b7308..fe7a4ea1 100644 --- a/backend/vendor/golang.org/x/sys/windows/zsyscall_windows.go +++ b/backend/vendor/golang.org/x/sys/windows/zsyscall_windows.go @@ -320,6 +320,7 @@ var ( procGetVolumePathNamesForVolumeNameW = modkernel32.NewProc("GetVolumePathNamesForVolumeNameW") procGetWindowsDirectoryW = modkernel32.NewProc("GetWindowsDirectoryW") procInitializeProcThreadAttributeList = modkernel32.NewProc("InitializeProcThreadAttributeList") + procIsProcessorFeaturePresent = modkernel32.NewProc("IsProcessorFeaturePresent") procIsWow64Process = modkernel32.NewProc("IsWow64Process") procIsWow64Process2 = modkernel32.NewProc("IsWow64Process2") procLoadLibraryExW = modkernel32.NewProc("LoadLibraryExW") @@ -2786,6 +2787,12 @@ func initializeProcThreadAttributeList(attrlist *ProcThreadAttributeList, attrco return } +func IsProcessorFeaturePresent(ProcessorFeature uint32) (ret bool) { + r0, _, _ := syscall.SyscallN(procIsProcessorFeaturePresent.Addr(), uintptr(ProcessorFeature)) + ret = r0 != 0 + return +} + func IsWow64Process(handle Handle, isWow64 *bool) (err error) { var _p0 uint32 if *isWow64 { diff --git a/backend/vendor/modules.txt b/backend/vendor/modules.txt index 8700a9d1..790f9964 100644 --- a/backend/vendor/modules.txt +++ b/backend/vendor/modules.txt @@ -223,10 +223,10 @@ github.com/go-logr/stdr ## explicit; go 1.12 github.com/go-ole/go-ole github.com/go-ole/go-ole/oleutil -# github.com/go-pkgz/lgr v0.12.1 +# github.com/go-pkgz/lgr v0.12.2 ## explicit; go 1.21 github.com/go-pkgz/lgr -# github.com/go-pkgz/rest v1.20.6 +# github.com/go-pkgz/rest v1.21.0 ## explicit; go 1.24.0 github.com/go-pkgz/rest github.com/go-pkgz/rest/logger @@ -386,7 +386,7 @@ github.com/youmark/pkcs8 # github.com/yusufpapurcu/wmi v1.2.4 ## explicit; go 1.16 github.com/yusufpapurcu/wmi -# go.mongodb.org/mongo-driver v1.17.6 +# go.mongodb.org/mongo-driver v1.17.9 ## explicit; go 1.18 go.mongodb.org/mongo-driver/bson go.mongodb.org/mongo-driver/bson/bsoncodec @@ -474,8 +474,8 @@ go.opentelemetry.io/otel/trace go.opentelemetry.io/otel/trace/embedded go.opentelemetry.io/otel/trace/internal/telemetry go.opentelemetry.io/otel/trace/noop -# golang.org/x/crypto v0.47.0 -## explicit; go 1.24.0 +# golang.org/x/crypto v0.49.0 +## explicit; go 1.25.0 golang.org/x/crypto/argon2 golang.org/x/crypto/bcrypt golang.org/x/crypto/blake2b @@ -489,22 +489,22 @@ golang.org/x/crypto/pbkdf2 golang.org/x/crypto/scrypt golang.org/x/crypto/ssh golang.org/x/crypto/ssh/internal/bcrypt_pbkdf -# golang.org/x/net v0.49.0 -## explicit; go 1.24.0 +# golang.org/x/net v0.52.0 +## explicit; go 1.25.0 golang.org/x/net/html golang.org/x/net/html/atom golang.org/x/net/html/charset -# golang.org/x/sync v0.19.0 -## explicit; go 1.24.0 +# golang.org/x/sync v0.20.0 +## explicit; go 1.25.0 golang.org/x/sync/errgroup golang.org/x/sync/singleflight -# golang.org/x/sys v0.40.0 -## explicit; go 1.24.0 +# golang.org/x/sys v0.42.0 +## explicit; go 1.25.0 golang.org/x/sys/cpu golang.org/x/sys/unix golang.org/x/sys/windows -# golang.org/x/text v0.34.0 -## explicit; go 1.24.0 +# golang.org/x/text v0.35.0 +## explicit; go 1.25.0 golang.org/x/text/encoding golang.org/x/text/encoding/charmap golang.org/x/text/encoding/htmlindex