Most recent version is listed first.
- ong/mux: add flexible pattern that allows a handler to serve almost all request URIs: #481
- ong/cry: use constant parameters for argon key generation: #477
- ong/cry: refactor aead implementation: #476
- ong/middleware: logFunc should not be passed a http.ResponseWriter: #474
- ong/middleware: Make loadshed percentile configurable: #473
- Update go version; #469
- ong/cry: Replace scrypt with argon2id: #471
- ong/middleware: Give users control over what and how logging happens in the middlewares: #472
- Bump versions of dependencies used
- ong/errors: Fix panic when an error is already wrapped: #467
- ong/errors: Do not panic when joining stack errors that have used errorf: #464
- ong/errors: Join error should be formatted correctly: #462
- ong/middleware: Fix a number of CORS issues: #442
- ong/middleware: Eliminate panics: #459
- ong/middleware: AntiReplay function should not take a pointer to request: #460
- ong/middleware: Rename security middleware to csp: #461
- ong/middleware: do not show hint: #457
- ong/errors: handle stacktraces for more error types: #455
- ong/errors: retain stack traces when errors are wrapped with fmt: #452
- ong/mux: detect route conflicts in more cases: #453
- ong/errors: add equivalent functions from standard library: #449
- ong/middleware: disable reload protector middleware : #448 That middleware is not working as intended. This PR mitigates until we can implement a proper fix.
- ong/acme: verify the requested acme challenge token: #440 This is a bug fix for v0.0.95
- ong/acme: verify the requested acme challenge token: #439
- ong/sync: simplify API: #435
- ong/sync: limit export surface of package: #434
- Update docs on id generation: #420
- Update dependencies: #428
- ong/sync: concat errors: #429
- ong/sync: rename WaitGroup to Group: #430
- ong/sync: propagate panics: #431
- ong/sync: remove unlimited concurrency from sync: #433
- Upgrade to Go v1.22: #408 #409
- Replace math/rand with math/rand/v2: #411
- ong/id: Improve id generation: #415 #416
- ong/log: Improve conformance with slog.Handler interface: #417
- ong/middleware: a http subdomain should be redirected to the same subdomain at https: #406
- Improve documentation: #407
- ong/server: Do not create certificate directory unless certificate fetch succeeded: #404
- Update dependencies: #401
- ong/server: Add ability to specify the exact domains to use for TLS as well as wildcards: #402
- ong/sync: Fix bug in sync Waitgroup: #399
- ong/sync: Make it possible to call Waitgroup concurrently: #398
- Update dependencies: #397
- Do not loadshed based on latency from pprof endpoints: #392
- ong/cookies: Fix name of antiReplay mechanism that uses client fingerprint: #390
- ong/cookies: Do not use IP address and TLS fingerprint to validate cookies by default: #388
- ong/sync: Add new package that has a more intuitive WaitGroup: #387
- ong/config: Move middleware.ClientIPstrategy to config.ClientIPstrategy: #386
- ong/middleware: Add support for CORS allowCredentials: #385
- ong/middleware: Validate secretKeys a bit more: #384
- ong/middleware: Try and prevent path traversal attacks: #382
- ong/middleware: Add 'self' to CSP policy: #379
- ong/middleware: Add support for http.NewResponseController: #368
- ong/middleware: Improve formatting of some types: #370
- ong/mux: Remove logger from mux: #371
- ong/mux: Add internal/mux: #372
- ong/config: Create common config options: #374
- ong/config: Add config.secureKey: #376
- ong/server: Serve pprof using the same server as the application: #375
- ong/middleware: Configure what percentage of ratelimited or loadshed responses should be logged: #364
- ong/middleware: Make more middleware configurable: #362
- ong/log: Conform to log/slog: #357 Eliminate duplicate logIDs
- ong/log: Integrate ong packages with new logger: #358
- ong/log: Improve log perfomance: #359
- Remove /ex/exp: #352
- ong/log: Use slog from stdlib: #349
- ong/xcontext: Remove the package since Go v1.21 has similar functionality: #350
- Use testing.Testing() where appropriate: #351
- Only use test dependencies in test files: #348
- ong/middleware: Fix DNS rebinding via http: https://github.com/komuw/ong/compare/issues/337
- ong/server: Dynamically assign port for pprof: #343
- And test util: #344
- ong/middleware: Send Allow http header when we respond with http 405 status code: #345
- ong/middleware: Return http 404 instead of 400 for bad host header: #346
- ong/id: Use crypto/rand in id.New(): #347
- ong/server: Bugfix; add ability to use mutual TLS authentication: #335
- ong/server: Add ability to use mutual TLS authentication: #334
- ong/middleware: Update security headers: #330
- ong: Make sure that the secretKey has some minimum security properties: #329
- ong/acme: Bugfix, fetch certficate for subdomain beginning with number: #328
- ong/id: Do not use crypto/rand: #322
- ong/middleware: Fix logging of ratelimited/loadshedded requests: #325
- ong/acme: When an acme challenge request is malformed, fail the request: #326
- ong/acme: Limit size of certificate allowed for download: #321
- ong/middleware: Log unexpected http HOST header: #315
- Update dependencies: #318
- ong/log: Do not duplicate logID: #317
- ong/log: Log source attribute in one line: #319
- ong/acme: Check acme.HostPolicy before making request to ACME servers: #313
- ong/acme: add context cancellation: #314
- ong/server: Log http.Server.ErrorLog at Info by default: #312
- ong/acme: Refuse to fetch certificates for IP addresses: #306
- ong/acme: If fetch certificates fails, log the clientIP and clientFingerPrint: #310
- ong/acme: Add a fastpath(for certs that are already in memory) while fetching certificates: #311
- ong/acme: Fix bug where acme certificates were not cached in memory: #304
- ong/acme: Tighten check cert validity script: #303
- ong/acme: Add own ACME client implementation: #294
- Work around bug in checklocks static analyzer: #298
- Make tests fast by pinging port: #299
- Synchronize automax tests: #300
- Improve rate limit tests: #301
- ong/middleware: Fix superfluous response.WriteHeader call: #302
- ong/server: Set appropriate log level for http.Server.ErrorLog: #288
- ong/acme: Move acme handler to ong/middleware: #290
- ong/id: Add uuid support: #292
- ong/middleware: Validate domain in middleware: #283
- ong/acme: Add acme server that will handle requests from ACME CA: #281
- ong/server: Bugfix; match number of log arguments: #275
- ong/middleware: Add protection against DNS rebinding attacks: #276
- ong/acme: Add a http timeout when calling ACME for certificates: #272
- ong/acme: Make certificate management from ACME to be agnostic of the CA: #273
- Fix documentation linking: https://github.com/komuw/ong/commit/4cd5d47a3a431d25e84ffb04242d5b57eb2a803e
- ong/mux: Add mux Resolve function: #268
- ong/middleware: Use http.Handler as the http middleware instead of http.HandlerFunc: #269
- ong/client: Add optional http timeout: #270
- Use Go cache in CI: #271
- Change attest import path: #265
- ong/server: Leave http.server.DisableGeneralOptionsHandler at its default value: #255
- ong/middleware: Validate expiry of csrf tokens: #257
- ong/middleware: Add support for PROXY protocol in clientIP: #258
- Add nilness vet check: #259
- ong/server: Add option to restrict size of request bodies: #261
- ong/server: Gracefully handle application termniation in kubernetes: #263
- ong/log: Update to latest exp/slog: #262
- ong/cookie: Include TLS fingerprint in encrypted cookies: #250
- ong/log: Update to latest exp/slog: #251
- Run all tests in CI: #248
- Organise imports: #245
- Create an internal/octx that houses context keys used by multiple ong packages: #246
- ong/middleware: Add support for TLS fingerprinting: #244
- ong/middleware: Add precision to ratelimiting: #239
- ong/middleware: ClientIP, use remoteAddress if IP is local adress: #238
- Remove pid from logs: #230
- Update to latest exp/slog changes: #229
- Make gvisor/checklocks analyzer ignore tests: #228
- Run integration tests in CI: #225
- Create dev certs only if they do not exists or are expired: #224
- Remove log.Handler.StdLogger(), upstream slog now has an analogous function: #219
- ong/middleware: Loadshedder should not re-order latencies: #218
- Bugfix; immediately log when server gets os/interrupt signal: https://github.com/komuw/ong/commit/b9ed83a98e7bba0350a473b668ddc2ba8d4677cd
- Update to Go v1.20: #209
- ong/client: Use net.Dialer.ControlContext instead of use net.Dialer.Control: #212
- Re-enable golangci-lint: #214
- ong/log: Use the new stdlib structured logger: #208
- ong/log: Replace custom logger with slog: #215
- ong/middleware; Add a trace middleware: #216
- ong/log: WithCtx should only use the id from context, if that ctx actually contains an Id: #196
- ong/errors: wrap as deep as possible: #199
- ong/errors: add errors.Dwrap: #200
- ong/id: bug fix where ids generated were not always of the requested length; #201
- ong/cry: Do not use math/rand in encryption: #203
- Improve examples: #204
- ong/middleware: Do not duplicate session cookies: #206
- Fix changelog versions: #207
- ong/id: Should generate strings of the exact requested length: #192
- ong/log: Do not quote special characters: #193
- ong/cookie: Add Get cookie function: #189
- ong/middleware: Create middleware that adds the "real" client IP address: #187
Note that this is on a best effort basis.
Finding the true client IP address is a precarious process 1
- ong/sess: Set session cookie only if non-empty: #170
- ong/middleware: Add ReloadProtector middleware: #171
- ong/mux: Creating a new route should panic if handler is already wrapped in an ong middleware: #172
- ong/client: Add log id http header: #166
- ong/middleware: Panic/recoverer middleware should include correct stack trace: #164
- ong/middleware: Log client address without port: #165
- ong/cry: Improve performance of calling Csrf middleware multiple times: #161
- ong/mux: Bugfix: When a route conflict is detected, report the correct file & line number: #160
- ong/mux: Fix false positive/negative/whatever route conflict: #157
- Update documentation
- Update documentation
- ong/cookie: Add support for http sessions: #154
- ong/mux: Add ability to specify a custom 404 handler: #155
- ong/cookie: Make encrypted cookies more performant: #152
- Update documentation: #151
- ong/automax: Fix bug in parsing cgroup mem values from files: #148
- ong/errors: Prefix errors produced by ong with a constant string: #147
- ong/cookie: Try and mitigate cookie replay attacks: #146
- ong/cookie; Add secure/encrypted cookies: #143
- ong/log: Remove ctx from log.Logger struct: #142
- ong/cry: Add password hashing capabilities: #137
- ong/middleware: Simplify loadshedding implementation: #138
- ong/automax: Make automax to be a stand-alone package: #139
- ong/mux: Add a router/muxer with a bit more functionality: #140
- Improve documentation.
- ong/middleware: Implement io.ReaderFrom & http.Pusher: #131
- ong/client: Replace use of net.Ip with net/netip: #132
- Improve documentation.
- ong/cry: use key derivation in the
encecryption/decryption package: #119 - fix vulnerabilities: #123
- ong/client: add a http client: #120
- ong/cry: add new encryption/decryption package: #118
- ong/xcontext: add an xcontext package: #109
- use latest semgrep-go linter: #111
- add semgrep linter: #113
- ong/middleware: add ability to handle csrf tokens in a distributed setting: #112
- ong/middleware: redirect csrf failures to same url: #117
- ong/automax: automatically set GOMAXPROCS in container environments, using internal package: #106
- added some middlewares: #22
- add build/test cache: #24
- harmonize timeouts: #25
- add panic middleware: #26
- cookies: #27
- csrf middleware: #32
- cors middleware: #33
- gzip middleware: #36
- errors: https://github.com/komuw/ong/commit/2603c06ca1257d75fb170872124b2afd81eb3f3e
- logger: #39
- logging middleware: #41
- quality of life improvements: #45
- add unique id generator: #50
- try mitigate breach attack: #51
- add load shedding: #52
- fix memory leak in tests: #53
- add ratelimiter: #55
- add naive mux: #57
- handle tls: #58
- expvar metrics: #64
- fix some races: #66
- resuse address/port for pprof and redirect servers: #67
- rename: #68
- make some updates to circular buffer: #71
- use acme for certificates: #69
- issues/73: bind on 0.0.0.0 or localhost conditionally: #74
- redirect IP to domain: #75
- dont require csrf for POST requests that have no cookies and arent http auth: #77
- remove http: #79
- make the redirector a proper middleware: #80
- bugfix, gzip error: #82
- gzip almost everthing: #83
- pass logger as an arg to the middlewares: #84
- disable gzip: #86
- a more efficient error stack trace: #87
- update go.akshayshah.org/attest: #93
- update to Go 1.19: #102
- remove rlimit code, go1.19 does automatically: #104
- automatically set GOMEMLIMIT in container environments: #105