Update everything to Go 1.19 and fix potential Slowloris Attacks

pull/31/head
Jan-Lukas Else 4 months ago
parent 94222cb461
commit 93d176676f
  1. 4
      .golangci.yml
  2. 2
      docs/build.md
  3. 4
      go.mod
  4. 4
      go.sum
  5. 16
      http.go
  6. 6
      main.go
  7. 7
      tor.go
  8. 2
      updateDeps.sh

@ -32,10 +32,10 @@ linters:
- gosec
linters-settings:
gosimple:
go: "1.18"
go: "1.19"
checks: ["all"]
gostatichcheck:
go: "1.18"
go: "1.19"
checks: ["all"]
dupl:
threshold: 125

@ -30,7 +30,7 @@ Requirements:
- Linux
- git
- go >= 1.17
- go >= 1.19
- libsqlite3 with FTS5 enabled >= 3.31 (the newer the better)
Build command:

@ -1,6 +1,6 @@
module go.goblog.app/app
go 1.18
go 1.19
require (
git.jlel.se/jlelse/go-geouri v0.0.0-20210525190615-a9c1d50f42d6
@ -58,7 +58,7 @@ require (
// master
github.com/yuin/goldmark-emoji v1.0.2-0.20210607094911-0487583eca38
golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa
golang.org/x/net v0.0.0-20220728211354-c7608f3a8462
golang.org/x/net v0.0.0-20220805013720-a33c5aa5df48
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4
golang.org/x/text v0.3.7
gopkg.in/yaml.v3 v3.0.1

@ -617,8 +617,8 @@ golang.org/x/net v0.0.0-20210916014120-12bc252f5db8/go.mod h1:9nx3DQGgdP8bBQD5qx
golang.org/x/net v0.0.0-20210928044308-7d9f5e0b762b/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20211020060615-d418f374d309/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
golang.org/x/net v0.0.0-20220728211354-c7608f3a8462 h1:UreQrH7DbFXSi9ZFox6FNT3WBooWmdANpU+IfkT1T4I=
golang.org/x/net v0.0.0-20220728211354-c7608f3a8462/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
golang.org/x/net v0.0.0-20220805013720-a33c5aa5df48 h1:N9Vc/rorQUDes6B9CNdIxAn5jODGj2wzfrei2x4wNj4=
golang.org/x/net v0.0.0-20220805013720-a33c5aa5df48/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=

@ -56,9 +56,10 @@ func (a *goBlog) startServer() (err error) {
}
// Start server
s := &http.Server{
Handler: finalHandler,
ReadTimeout: 5 * time.Minute,
WriteTimeout: 5 * time.Minute,
Handler: finalHandler,
ReadHeaderTimeout: 1 * time.Minute,
ReadTimeout: 5 * time.Minute,
WriteTimeout: 5 * time.Minute,
}
a.shutdown.Add(shutdownServer(s, "main server"))
if a.cfg.Server.PublicHTTPS || a.cfg.Server.TailscaleHTTPS {
@ -69,10 +70,11 @@ func (a *goBlog) startServer() (err error) {
h = m.HTTPHandler(h)
}
httpServer := &http.Server{
Addr: ":80",
Handler: h,
ReadTimeout: 5 * time.Minute,
WriteTimeout: 5 * time.Minute,
Addr: ":80",
Handler: h,
ReadHeaderTimeout: 1 * time.Minute,
ReadTimeout: 5 * time.Minute,
WriteTimeout: 5 * time.Minute,
}
a.shutdown.Add(shutdownServer(httpServer, "http server"))
if err := a.listenAndServe(httpServer); err != nil && err != http.ErrServerClosed {

@ -9,6 +9,7 @@ import (
"os"
"runtime"
"runtime/pprof"
"time"
"github.com/pquerna/otp/totp"
)
@ -109,8 +110,9 @@ func main() {
pprofHandler.HandleFunc("/debug/pprof/trace", netpprof.Trace)
// Build server and listener
pprofServer := &http.Server{
Addr: defaultIfEmpty(pprofCfg.Address, "localhost:0"),
Handler: pprofHandler,
Addr: defaultIfEmpty(pprofCfg.Address, "localhost:0"),
Handler: pprofHandler,
ReadHeaderTimeout: 1 * time.Minute,
}
listener, err := net.Listen("tcp", pprofServer.Addr)
if err != nil {

@ -66,9 +66,10 @@ func (a *goBlog) startOnionService(h http.Handler) error {
a.cache.purge()
// Serve handler
s := &http.Server{
Handler: middleware.WithValue(torUsedKey, true)(h),
ReadTimeout: 5 * time.Minute,
WriteTimeout: 5 * time.Minute,
Handler: middleware.WithValue(torUsedKey, true)(h),
ReadHeaderTimeout: 1 * time.Minute,
ReadTimeout: 5 * time.Minute,
WriteTimeout: 5 * time.Minute,
}
a.shutdown.Add(shutdownServer(s, "tor"))
if err = s.Serve(onion); err != nil && err != http.ErrServerClosed {

@ -1,4 +1,4 @@
#!/bin/bash
GOFLAGS="-tags=linux,libsqlite3,sqlite_fts5" go get -d $(go list -f '{{if not (or .Main .Indirect)}}{{.Path}}{{end}}' -m all)
GOFLAGS="-tags=linux,libsqlite3,sqlite_fts5" go mod tidy -compat 1.18
GOFLAGS="-tags=linux,libsqlite3,sqlite_fts5" go mod tidy -compat 1.19
Loading…
Cancel
Save