// ⚡️ Fiber is an Express inspired web framework written in Go with ☕️ // 🤖 Github Repository: https://github.com/gofiber/fiber // 📌 API Documentation: https://docs.gofiber.io package fiber import ( "bytes" "crypto/tls" "errors" "fmt" "io" "net" "os" "path/filepath" "reflect" "strings" "sync" "time" "unsafe" "github.com/gofiber/fiber/v3/log" "github.com/gofiber/utils/v2" "github.com/valyala/bytebufferpool" "github.com/valyala/fasthttp" ) // acceptType is a struct that holds the parsed value of an Accept header // along with quality, specificity, parameters, and order. // Used for sorting accept headers. type acceptedType struct { spec string quality float64 specificity int order int params headerParams } type headerParams map[string][]byte // getTLSConfig returns a net listener's tls config func getTLSConfig(ln net.Listener) *tls.Config { // Get listener type pointer := reflect.ValueOf(ln) // Is it a tls.listener? if pointer.String() != "<*tls.listener Value>" { return nil } // Copy value from pointer if val := reflect.Indirect(pointer); val.Type() != nil { // Get private field from value if field := val.FieldByName("config"); field.Type() != nil { // Copy value from pointer field (unsafe) newval := reflect.NewAt(field.Type(), unsafe.Pointer(field.UnsafeAddr())) //nolint:gosec // Probably the only way to extract the *tls.Config from a net.Listener. TODO: Verify there really is no easier way without using unsafe. if newval.Type() == nil { return nil } // Get element from pointer if elem := newval.Elem(); elem.Type() != nil { // Cast value to *tls.Config c, ok := elem.Interface().(*tls.Config) if !ok { panic(errors.New("failed to type-assert to *tls.Config")) } return c } } } return nil } // readContent opens a named file and read content from it func readContent(rf io.ReaderFrom, name string) (int64, error) { // Read file f, err := os.Open(filepath.Clean(name)) if err != nil { return 0, fmt.Errorf("failed to open: %w", err) } defer func() { if err = f.Close(); err != nil { log.Errorf("Error closing file: %s", err) } }() if n, err := rf.ReadFrom(f); err != nil { return n, fmt.Errorf("failed to read: %w", err) } return 0, nil } // quoteString escape special characters in a given string func (app *App) quoteString(raw string) string { bb := bytebufferpool.Get() quoted := app.getString(fasthttp.AppendQuotedArg(bb.B, app.getBytes(raw))) bytebufferpool.Put(bb) return quoted } // Scan stack if other methods match the request func (app *App) methodExist(c *DefaultCtx) bool { var exists bool methods := app.config.RequestMethods for i := 0; i < len(methods); i++ { // Skip original method if c.getMethodINT() == i { continue } // Reset stack index c.setIndexRoute(-1) tree, ok := c.App().treeStack[i][c.getTreePath()] if !ok { tree = c.App().treeStack[i][""] } // Get stack length lenr := len(tree) - 1 // Loop over the route stack starting from previous index for c.getIndexRoute() < lenr { // Increment route index c.setIndexRoute(c.getIndexRoute() + 1) // Get *Route route := tree[c.getIndexRoute()] // Skip use routes if route.use { continue } // Check if it matches the request path match := route.match(c.getDetectionPath(), c.Path(), c.getValues()) // No match, next route if match { // We matched exists = true // Add method to Allow header c.Append(HeaderAllow, methods[i]) // Break stack loop break } } } return exists } // Scan stack if other methods match the request func (app *App) methodExistCustom(c CustomCtx) bool { var exists bool methods := app.config.RequestMethods for i := 0; i < len(methods); i++ { // Skip original method if c.getMethodINT() == i { continue } // Reset stack index c.setIndexRoute(-1) tree, ok := c.App().treeStack[i][c.getTreePath()] if !ok { tree = c.App().treeStack[i][""] } // Get stack length lenr := len(tree) - 1 // Loop over the route stack starting from previous index for c.getIndexRoute() < lenr { // Increment route index c.setIndexRoute(c.getIndexRoute() + 1) // Get *Route route := tree[c.getIndexRoute()] // Skip use routes if route.use { continue } // Check if it matches the request path match := route.match(c.getDetectionPath(), c.Path(), c.getValues()) // No match, next route if match { // We matched exists = true // Add method to Allow header c.Append(HeaderAllow, methods[i]) // Break stack loop break } } } return exists } // uniqueRouteStack drop all not unique routes from the slice func uniqueRouteStack(stack []*Route) []*Route { var unique []*Route m := make(map[*Route]int) for _, v := range stack { if _, ok := m[v]; !ok { // Unique key found. Record position and collect // in result. m[v] = len(unique) unique = append(unique, v) } } return unique } // defaultString returns the value or a default value if it is set func defaultString(value string, defaultValue []string) string { if len(value) == 0 && len(defaultValue) > 0 { return defaultValue[0] } return value } func getGroupPath(prefix, path string) string { if len(path) == 0 { return prefix } if path[0] != '/' { path = "/" + path } return strings.TrimRight(prefix, "/") + path } // acceptsOffer This function determines if an offer matches a given specification. // It checks if the specification ends with a '*' or if the offer has the prefix of the specification. // Returns true if the offer matches the specification, false otherwise. func acceptsOffer(spec, offer string, _ headerParams) bool { if len(spec) >= 1 && spec[len(spec)-1] == '*' { return true } else if strings.HasPrefix(spec, offer) { return true } return false } // acceptsOfferType This function determines if an offer type matches a given specification. // It checks if the specification is equal to */* (i.e., all types are accepted). // It gets the MIME type of the offer (either from the offer itself or by its file extension). // It checks if the offer MIME type matches the specification MIME type or if the specification is of the form /* and the offer MIME type has the same MIME type. // It checks if the offer contains every parameter present in the specification. // Returns true if the offer type matches the specification, false otherwise. func acceptsOfferType(spec, offerType string, specParams headerParams) bool { var offerMime, offerParams string if i := strings.IndexByte(offerType, ';'); i == -1 { offerMime = offerType } else { offerMime = offerType[:i] offerParams = offerType[i:] } // Accept: */* if spec == "*/*" { return paramsMatch(specParams, offerParams) } var mimetype string if strings.IndexByte(offerMime, '/') != -1 { mimetype = offerMime // MIME type } else { mimetype = utils.GetMIME(offerMime) // extension } if spec == mimetype { // Accept: / return paramsMatch(specParams, offerParams) } s := strings.IndexByte(mimetype, '/') // Accept: /* if strings.HasPrefix(spec, mimetype[:s]) && (spec[s:] == "/*" || mimetype[s:] == "/*") { return paramsMatch(specParams, offerParams) } return false } // paramsMatch returns whether offerParams contains all parameters present in specParams. // Matching is case insensitive, and surrounding quotes are stripped. // To align with the behavior of res.format from Express, the order of parameters is // ignored, and if a parameter is specified twice in the incoming Accept, the last // provided value is given precedence. // In the case of quoted values, RFC 9110 says that we must treat any character escaped // by a backslash as equivalent to the character itself (e.g., "a\aa" is equivalent to "aaa"). // For the sake of simplicity, we forgo this and compare the value as-is. Besides, it would // be highly unusual for a client to escape something other than a double quote or backslash. // See https://www.rfc-editor.org/rfc/rfc9110#name-parameters func paramsMatch(specParamStr headerParams, offerParams string) bool { if len(specParamStr) == 0 { return true } allSpecParamsMatch := true for specParam, specVal := range specParamStr { foundParam := false fasthttp.VisitHeaderParams(utils.UnsafeBytes(offerParams), func(key, value []byte) bool { if utils.EqualFold(specParam, string(key)) { foundParam = true allSpecParamsMatch = utils.EqualFold(specVal, value) return false } return true }) if !foundParam || !allSpecParamsMatch { return false } } return allSpecParamsMatch } // getSplicedStrList function takes a string and a string slice as an argument, divides the string into different // elements divided by ',' and stores these elements in the string slice. // It returns the populated string slice as an output. // // If the given slice hasn't enough space, it will allocate more and return. func getSplicedStrList(headerValue string, dst []string) []string { if headerValue == "" { return nil } var ( index int character rune lastElementEndsAt uint8 insertIndex int ) for index, character = range headerValue + "$" { if character == ',' || index == len(headerValue) { if insertIndex >= len(dst) { oldSlice := dst dst = make([]string, len(dst)+(len(dst)>>1)+2) copy(dst, oldSlice) } dst[insertIndex] = strings.TrimLeft(headerValue[lastElementEndsAt:index], " ") lastElementEndsAt = uint8(index + 1) insertIndex++ } } if len(dst) > insertIndex { dst = dst[:insertIndex] } return dst } // forEachMediaRange parses an Accept or Content-Type header, calling functor // on each media range. // See: https://www.rfc-editor.org/rfc/rfc9110#name-content-negotiation-fields func forEachMediaRange(header []byte, functor func([]byte)) { hasDQuote := bytes.IndexByte(header, '"') != -1 for len(header) > 0 { n := 0 header = bytes.TrimLeft(header, " ") quotes := 0 escaping := false if hasDQuote { // Complex case. We need to keep track of quotes and quoted-pairs (i.e., characters escaped with \ ) loop: for n < len(header) { switch header[n] { case ',': if quotes%2 == 0 { break loop } case '"': if !escaping { quotes++ } case '\\': if quotes%2 == 1 { escaping = !escaping } } n++ } } else { // Simple case. Just look for the next comma. if n = bytes.IndexByte(header, ','); n == -1 { n = len(header) } } functor(header[:n]) if n >= len(header) { return } header = header[n+1:] } } // Pool for headerParams instances. The headerParams object *must* // be cleared before being returned to the pool. var headerParamPool = sync.Pool{ New: func() any { return make(headerParams) }, } // getOffer return valid offer for header negotiation. // Do not pass header using utils.UnsafeBytes - this can cause a panic due // to the use of utils.ToLowerBytes. func getOffer(header []byte, isAccepted func(spec, offer string, specParams headerParams) bool, offers ...string) string { if len(offers) == 0 { return "" } if len(header) == 0 { return offers[0] } acceptedTypes := make([]acceptedType, 0, 8) order := 0 // Parse header and get accepted types with their quality and specificity // See: https://www.rfc-editor.org/rfc/rfc9110#name-content-negotiation-fields forEachMediaRange(header, func(accept []byte) { order++ spec, quality := accept, 1.0 var params headerParams if i := bytes.IndexByte(accept, ';'); i != -1 { spec = accept[:i] // The vast majority of requests will have only the q parameter with // no whitespace. Check this first to see if we can skip // the more involved parsing. if bytes.HasPrefix(accept[i:], []byte(";q=")) && bytes.IndexByte(accept[i+3:], ';') == -1 { if q, err := fasthttp.ParseUfloat(bytes.TrimRight(accept[i+3:], " ")); err == nil { quality = q } } else { params, _ = headerParamPool.Get().(headerParams) //nolint:errcheck // only contains headerParams fasthttp.VisitHeaderParams(accept[i:], func(key, value []byte) bool { if string(key) == "q" { if q, err := fasthttp.ParseUfloat(value); err == nil { quality = q } return false } params[utils.UnsafeString(utils.ToLowerBytes(key))] = value return true }) } // Skip this accept type if quality is 0.0 // See: https://www.rfc-editor.org/rfc/rfc9110#quality.values if quality == 0.0 { return } } spec = bytes.TrimRight(spec, " ") // Get specificity var specificity int // check for wildcard this could be a mime */* or a wildcard character * switch { case string(spec) == "*/*" || string(spec) == "*": specificity = 1 case bytes.HasSuffix(spec, []byte("/*")): specificity = 2 case bytes.IndexByte(spec, '/') != -1: specificity = 3 default: specificity = 4 } // Add to accepted types acceptedTypes = append(acceptedTypes, acceptedType{utils.UnsafeString(spec), quality, specificity, order, params}) }) if len(acceptedTypes) > 1 { // Sort accepted types by quality and specificity, preserving order of equal elements sortAcceptedTypes(&acceptedTypes) } // Find the first offer that matches the accepted types ret := "" done := false for _, acceptedType := range acceptedTypes { if !done { for _, offer := range offers { if offer == "" { continue } if isAccepted(acceptedType.spec, offer, acceptedType.params) { ret = offer done = true break } } } if acceptedType.params != nil { for p := range acceptedType.params { delete(acceptedType.params, p) } headerParamPool.Put(acceptedType.params) } } return ret } // sortAcceptedTypes sorts accepted types by quality and specificity, preserving order of equal elements // A type with parameters has higher priority than an equivalent one without parameters. // e.g., text/html;a=1;b=2 comes before text/html;a=1 // See: https://www.rfc-editor.org/rfc/rfc9110#name-content-negotiation-fields func sortAcceptedTypes(acceptedTypes *[]acceptedType) { if acceptedTypes == nil || len(*acceptedTypes) < 2 { return } at := *acceptedTypes for i := 1; i < len(at); i++ { lo, hi := 0, i-1 for lo <= hi { mid := (lo + hi) / 2 if at[i].quality < at[mid].quality || (at[i].quality == at[mid].quality && at[i].specificity < at[mid].specificity) || (at[i].quality == at[mid].quality && at[i].specificity < at[mid].specificity && len(at[i].params) < len(at[mid].params)) || (at[i].quality == at[mid].quality && at[i].specificity == at[mid].specificity && len(at[i].params) == len(at[mid].params) && at[i].order > at[mid].order) { lo = mid + 1 } else { hi = mid - 1 } } for j := i; j > lo; j-- { at[j-1], at[j] = at[j], at[j-1] } } } func matchEtag(s, etag string) bool { if s == etag || s == "W/"+etag || "W/"+s == etag { return true } return false } func (app *App) isEtagStale(etag string, noneMatchBytes []byte) bool { var start, end int // Adapted from: // https://github.com/jshttp/fresh/blob/10e0471669dbbfbfd8de65bc6efac2ddd0bfa057/index.js#L110 for i := range noneMatchBytes { switch noneMatchBytes[i] { case 0x20: if start == end { start = i + 1 end = i + 1 } case 0x2c: if matchEtag(app.getString(noneMatchBytes[start:end]), etag) { return false } start = i + 1 end = i + 1 default: end = i + 1 } } return !matchEtag(app.getString(noneMatchBytes[start:end]), etag) } func parseAddr(raw string) (string, string) { //nolint:revive // Returns (host, port) if i := strings.LastIndex(raw, ":"); i != -1 { return raw[:i], raw[i+1:] } return raw, "" } const noCacheValue = "no-cache" // isNoCache checks if the cacheControl header value is a `no-cache`. func isNoCache(cacheControl string) bool { i := strings.Index(cacheControl, noCacheValue) if i == -1 { return false } // Xno-cache if i > 0 && !(cacheControl[i-1] == ' ' || cacheControl[i-1] == ',') { return false } // bla bla, no-cache if i+len(noCacheValue) == len(cacheControl) { return true } // bla bla, no-cacheX if cacheControl[i+len(noCacheValue)] != ',' { return false } // OK return true } type testConn struct { r bytes.Buffer w bytes.Buffer } func (c *testConn) Read(b []byte) (int, error) { return c.r.Read(b) } //nolint:wrapcheck // This must not be wrapped func (c *testConn) Write(b []byte) (int, error) { return c.w.Write(b) } //nolint:wrapcheck // This must not be wrapped func (*testConn) Close() error { return nil } func (*testConn) LocalAddr() net.Addr { return &net.TCPAddr{Port: 0, Zone: "", IP: net.IPv4zero} } func (*testConn) RemoteAddr() net.Addr { return &net.TCPAddr{Port: 0, Zone: "", IP: net.IPv4zero} } func (*testConn) SetDeadline(_ time.Time) error { return nil } func (*testConn) SetReadDeadline(_ time.Time) error { return nil } func (*testConn) SetWriteDeadline(_ time.Time) error { return nil } func getStringImmutable(b []byte) string { return string(b) } func getBytesImmutable(s string) []byte { return []byte(s) } // HTTP methods and their unique INTs func (app *App) methodInt(s string) int { // For better performance if len(app.configured.RequestMethods) == 0 { // TODO: Use iota instead switch s { case MethodGet: return 0 case MethodHead: return 1 case MethodPost: return 2 case MethodPut: return 3 case MethodDelete: return 4 case MethodConnect: return 5 case MethodOptions: return 6 case MethodTrace: return 7 case MethodPatch: return 8 default: return -1 } } // For method customization for i, v := range app.config.RequestMethods { if s == v { return i } } return -1 } // IsMethodSafe reports whether the HTTP method is considered safe. // See https://datatracker.ietf.org/doc/html/rfc9110#section-9.2.1 func IsMethodSafe(m string) bool { switch m { case MethodGet, MethodHead, MethodOptions, MethodTrace: return true default: return false } } // IsMethodIdempotent reports whether the HTTP method is considered idempotent. // See https://datatracker.ietf.org/doc/html/rfc9110#section-9.2.2 func IsMethodIdempotent(m string) bool { if IsMethodSafe(m) { return true } switch m { case MethodPut, MethodDelete: return true default: return false } } // HTTP methods were copied from net/http. const ( MethodGet = "GET" // RFC 7231, 4.3.1 MethodHead = "HEAD" // RFC 7231, 4.3.2 MethodPost = "POST" // RFC 7231, 4.3.3 MethodPut = "PUT" // RFC 7231, 4.3.4 MethodPatch = "PATCH" // RFC 5789 MethodDelete = "DELETE" // RFC 7231, 4.3.5 MethodConnect = "CONNECT" // RFC 7231, 4.3.6 MethodOptions = "OPTIONS" // RFC 7231, 4.3.7 MethodTrace = "TRACE" // RFC 7231, 4.3.8 methodUse = "USE" ) // MIME types that are commonly used const ( MIMETextXML = "text/xml" MIMETextHTML = "text/html" MIMETextPlain = "text/plain" MIMETextJavaScript = "text/javascript" MIMEApplicationXML = "application/xml" MIMEApplicationJSON = "application/json" // Deprecated: use MIMETextJavaScript instead MIMEApplicationJavaScript = "application/javascript" MIMEApplicationForm = "application/x-www-form-urlencoded" MIMEOctetStream = "application/octet-stream" MIMEMultipartForm = "multipart/form-data" MIMETextXMLCharsetUTF8 = "text/xml; charset=utf-8" MIMETextHTMLCharsetUTF8 = "text/html; charset=utf-8" MIMETextPlainCharsetUTF8 = "text/plain; charset=utf-8" MIMETextJavaScriptCharsetUTF8 = "text/javascript; charset=utf-8" MIMEApplicationXMLCharsetUTF8 = "application/xml; charset=utf-8" MIMEApplicationJSONCharsetUTF8 = "application/json; charset=utf-8" // Deprecated: use MIMETextJavaScriptCharsetUTF8 instead MIMEApplicationJavaScriptCharsetUTF8 = "application/javascript; charset=utf-8" ) // HTTP status codes were copied from net/http with the following updates: // - Rename StatusNonAuthoritativeInfo to StatusNonAuthoritativeInformation // - Add StatusSwitchProxy (306) // NOTE: Keep this list in sync with statusMessage const ( StatusContinue = 100 // RFC 9110, 15.2.1 StatusSwitchingProtocols = 101 // RFC 9110, 15.2.2 StatusProcessing = 102 // RFC 2518, 10.1 StatusEarlyHints = 103 // RFC 8297 StatusOK = 200 // RFC 9110, 15.3.1 StatusCreated = 201 // RFC 9110, 15.3.2 StatusAccepted = 202 // RFC 9110, 15.3.3 StatusNonAuthoritativeInformation = 203 // RFC 9110, 15.3.4 StatusNoContent = 204 // RFC 9110, 15.3.5 StatusResetContent = 205 // RFC 9110, 15.3.6 StatusPartialContent = 206 // RFC 9110, 15.3.7 StatusMultiStatus = 207 // RFC 4918, 11.1 StatusAlreadyReported = 208 // RFC 5842, 7.1 StatusIMUsed = 226 // RFC 3229, 10.4.1 StatusMultipleChoices = 300 // RFC 9110, 15.4.1 StatusMovedPermanently = 301 // RFC 9110, 15.4.2 StatusFound = 302 // RFC 9110, 15.4.3 StatusSeeOther = 303 // RFC 9110, 15.4.4 StatusNotModified = 304 // RFC 9110, 15.4.5 StatusUseProxy = 305 // RFC 9110, 15.4.6 StatusSwitchProxy = 306 // RFC 9110, 15.4.7 (Unused) StatusTemporaryRedirect = 307 // RFC 9110, 15.4.8 StatusPermanentRedirect = 308 // RFC 9110, 15.4.9 StatusBadRequest = 400 // RFC 9110, 15.5.1 StatusUnauthorized = 401 // RFC 9110, 15.5.2 StatusPaymentRequired = 402 // RFC 9110, 15.5.3 StatusForbidden = 403 // RFC 9110, 15.5.4 StatusNotFound = 404 // RFC 9110, 15.5.5 StatusMethodNotAllowed = 405 // RFC 9110, 15.5.6 StatusNotAcceptable = 406 // RFC 9110, 15.5.7 StatusProxyAuthRequired = 407 // RFC 9110, 15.5.8 StatusRequestTimeout = 408 // RFC 9110, 15.5.9 StatusConflict = 409 // RFC 9110, 15.5.10 StatusGone = 410 // RFC 9110, 15.5.11 StatusLengthRequired = 411 // RFC 9110, 15.5.12 StatusPreconditionFailed = 412 // RFC 9110, 15.5.13 StatusRequestEntityTooLarge = 413 // RFC 9110, 15.5.14 StatusRequestURITooLong = 414 // RFC 9110, 15.5.15 StatusUnsupportedMediaType = 415 // RFC 9110, 15.5.16 StatusRequestedRangeNotSatisfiable = 416 // RFC 9110, 15.5.17 StatusExpectationFailed = 417 // RFC 9110, 15.5.18 StatusTeapot = 418 // RFC 9110, 15.5.19 (Unused) StatusMisdirectedRequest = 421 // RFC 9110, 15.5.20 StatusUnprocessableEntity = 422 // RFC 9110, 15.5.21 StatusLocked = 423 // RFC 4918, 11.3 StatusFailedDependency = 424 // RFC 4918, 11.4 StatusTooEarly = 425 // RFC 8470, 5.2. StatusUpgradeRequired = 426 // RFC 9110, 15.5.22 StatusPreconditionRequired = 428 // RFC 6585, 3 StatusTooManyRequests = 429 // RFC 6585, 4 StatusRequestHeaderFieldsTooLarge = 431 // RFC 6585, 5 StatusUnavailableForLegalReasons = 451 // RFC 7725, 3 StatusInternalServerError = 500 // RFC 9110, 15.6.1 StatusNotImplemented = 501 // RFC 9110, 15.6.2 StatusBadGateway = 502 // RFC 9110, 15.6.3 StatusServiceUnavailable = 503 // RFC 9110, 15.6.4 StatusGatewayTimeout = 504 // RFC 9110, 15.6.5 StatusHTTPVersionNotSupported = 505 // RFC 9110, 15.6.6 StatusVariantAlsoNegotiates = 506 // RFC 2295, 8.1 StatusInsufficientStorage = 507 // RFC 4918, 11.5 StatusLoopDetected = 508 // RFC 5842, 7.2 StatusNotExtended = 510 // RFC 2774, 7 StatusNetworkAuthenticationRequired = 511 // RFC 6585, 6 ) // Errors var ( ErrBadRequest = NewError(StatusBadRequest) // 400 ErrUnauthorized = NewError(StatusUnauthorized) // 401 ErrPaymentRequired = NewError(StatusPaymentRequired) // 402 ErrForbidden = NewError(StatusForbidden) // 403 ErrNotFound = NewError(StatusNotFound) // 404 ErrMethodNotAllowed = NewError(StatusMethodNotAllowed) // 405 ErrNotAcceptable = NewError(StatusNotAcceptable) // 406 ErrProxyAuthRequired = NewError(StatusProxyAuthRequired) // 407 ErrRequestTimeout = NewError(StatusRequestTimeout) // 408 ErrConflict = NewError(StatusConflict) // 409 ErrGone = NewError(StatusGone) // 410 ErrLengthRequired = NewError(StatusLengthRequired) // 411 ErrPreconditionFailed = NewError(StatusPreconditionFailed) // 412 ErrRequestEntityTooLarge = NewError(StatusRequestEntityTooLarge) // 413 ErrRequestURITooLong = NewError(StatusRequestURITooLong) // 414 ErrUnsupportedMediaType = NewError(StatusUnsupportedMediaType) // 415 ErrRequestedRangeNotSatisfiable = NewError(StatusRequestedRangeNotSatisfiable) // 416 ErrExpectationFailed = NewError(StatusExpectationFailed) // 417 ErrTeapot = NewError(StatusTeapot) // 418 ErrMisdirectedRequest = NewError(StatusMisdirectedRequest) // 421 ErrUnprocessableEntity = NewError(StatusUnprocessableEntity) // 422 ErrLocked = NewError(StatusLocked) // 423 ErrFailedDependency = NewError(StatusFailedDependency) // 424 ErrTooEarly = NewError(StatusTooEarly) // 425 ErrUpgradeRequired = NewError(StatusUpgradeRequired) // 426 ErrPreconditionRequired = NewError(StatusPreconditionRequired) // 428 ErrTooManyRequests = NewError(StatusTooManyRequests) // 429 ErrRequestHeaderFieldsTooLarge = NewError(StatusRequestHeaderFieldsTooLarge) // 431 ErrUnavailableForLegalReasons = NewError(StatusUnavailableForLegalReasons) // 451 ErrInternalServerError = NewError(StatusInternalServerError) // 500 ErrNotImplemented = NewError(StatusNotImplemented) // 501 ErrBadGateway = NewError(StatusBadGateway) // 502 ErrServiceUnavailable = NewError(StatusServiceUnavailable) // 503 ErrGatewayTimeout = NewError(StatusGatewayTimeout) // 504 ErrHTTPVersionNotSupported = NewError(StatusHTTPVersionNotSupported) // 505 ErrVariantAlsoNegotiates = NewError(StatusVariantAlsoNegotiates) // 506 ErrInsufficientStorage = NewError(StatusInsufficientStorage) // 507 ErrLoopDetected = NewError(StatusLoopDetected) // 508 ErrNotExtended = NewError(StatusNotExtended) // 510 ErrNetworkAuthenticationRequired = NewError(StatusNetworkAuthenticationRequired) // 511 ) // HTTP Headers were copied from net/http. const ( HeaderAuthorization = "Authorization" HeaderProxyAuthenticate = "Proxy-Authenticate" HeaderProxyAuthorization = "Proxy-Authorization" HeaderWWWAuthenticate = "WWW-Authenticate" HeaderAge = "Age" HeaderCacheControl = "Cache-Control" HeaderClearSiteData = "Clear-Site-Data" HeaderExpires = "Expires" HeaderPragma = "Pragma" HeaderWarning = "Warning" HeaderAcceptCH = "Accept-CH" HeaderAcceptCHLifetime = "Accept-CH-Lifetime" HeaderContentDPR = "Content-DPR" HeaderDPR = "DPR" HeaderEarlyData = "Early-Data" HeaderSaveData = "Save-Data" HeaderViewportWidth = "Viewport-Width" HeaderWidth = "Width" HeaderETag = "ETag" HeaderIfMatch = "If-Match" HeaderIfModifiedSince = "If-Modified-Since" HeaderIfNoneMatch = "If-None-Match" HeaderIfUnmodifiedSince = "If-Unmodified-Since" HeaderLastModified = "Last-Modified" HeaderVary = "Vary" HeaderConnection = "Connection" HeaderKeepAlive = "Keep-Alive" HeaderAccept = "Accept" HeaderAcceptCharset = "Accept-Charset" HeaderAcceptEncoding = "Accept-Encoding" HeaderAcceptLanguage = "Accept-Language" HeaderCookie = "Cookie" HeaderExpect = "Expect" HeaderMaxForwards = "Max-Forwards" HeaderSetCookie = "Set-Cookie" HeaderAccessControlAllowCredentials = "Access-Control-Allow-Credentials" HeaderAccessControlAllowHeaders = "Access-Control-Allow-Headers" HeaderAccessControlAllowMethods = "Access-Control-Allow-Methods" HeaderAccessControlAllowOrigin = "Access-Control-Allow-Origin" HeaderAccessControlExposeHeaders = "Access-Control-Expose-Headers" HeaderAccessControlMaxAge = "Access-Control-Max-Age" HeaderAccessControlRequestHeaders = "Access-Control-Request-Headers" HeaderAccessControlRequestMethod = "Access-Control-Request-Method" HeaderOrigin = "Origin" HeaderTimingAllowOrigin = "Timing-Allow-Origin" HeaderXPermittedCrossDomainPolicies = "X-Permitted-Cross-Domain-Policies" HeaderDNT = "DNT" HeaderTk = "Tk" HeaderContentDisposition = "Content-Disposition" HeaderContentEncoding = "Content-Encoding" HeaderContentLanguage = "Content-Language" HeaderContentLength = "Content-Length" HeaderContentLocation = "Content-Location" HeaderContentType = "Content-Type" HeaderForwarded = "Forwarded" HeaderVia = "Via" HeaderXForwardedFor = "X-Forwarded-For" HeaderXForwardedHost = "X-Forwarded-Host" HeaderXForwardedProto = "X-Forwarded-Proto" HeaderXForwardedProtocol = "X-Forwarded-Protocol" HeaderXForwardedSsl = "X-Forwarded-Ssl" HeaderXUrlScheme = "X-Url-Scheme" HeaderLocation = "Location" HeaderFrom = "From" HeaderHost = "Host" HeaderReferer = "Referer" HeaderReferrerPolicy = "Referrer-Policy" HeaderUserAgent = "User-Agent" HeaderAllow = "Allow" HeaderServer = "Server" HeaderAcceptRanges = "Accept-Ranges" HeaderContentRange = "Content-Range" HeaderIfRange = "If-Range" HeaderRange = "Range" HeaderContentSecurityPolicy = "Content-Security-Policy" HeaderContentSecurityPolicyReportOnly = "Content-Security-Policy-Report-Only" HeaderCrossOriginResourcePolicy = "Cross-Origin-Resource-Policy" HeaderExpectCT = "Expect-CT" HeaderPermissionsPolicy = "Permissions-Policy" HeaderPublicKeyPins = "Public-Key-Pins" HeaderPublicKeyPinsReportOnly = "Public-Key-Pins-Report-Only" HeaderStrictTransportSecurity = "Strict-Transport-Security" HeaderUpgradeInsecureRequests = "Upgrade-Insecure-Requests" HeaderXContentTypeOptions = "X-Content-Type-Options" HeaderXDownloadOptions = "X-Download-Options" HeaderXFrameOptions = "X-Frame-Options" HeaderXPoweredBy = "X-Powered-By" HeaderXXSSProtection = "X-XSS-Protection" HeaderLastEventID = "Last-Event-ID" HeaderNEL = "NEL" HeaderPingFrom = "Ping-From" HeaderPingTo = "Ping-To" HeaderReportTo = "Report-To" HeaderTE = "TE" HeaderTrailer = "Trailer" HeaderTransferEncoding = "Transfer-Encoding" HeaderSecWebSocketAccept = "Sec-WebSocket-Accept" HeaderSecWebSocketExtensions = "Sec-WebSocket-Extensions" HeaderSecWebSocketKey = "Sec-WebSocket-Key" HeaderSecWebSocketProtocol = "Sec-WebSocket-Protocol" HeaderSecWebSocketVersion = "Sec-WebSocket-Version" HeaderAcceptPatch = "Accept-Patch" HeaderAcceptPushPolicy = "Accept-Push-Policy" HeaderAcceptSignature = "Accept-Signature" HeaderAltSvc = "Alt-Svc" HeaderDate = "Date" HeaderIndex = "Index" HeaderLargeAllocation = "Large-Allocation" HeaderLink = "Link" HeaderPushPolicy = "Push-Policy" HeaderRetryAfter = "Retry-After" HeaderServerTiming = "Server-Timing" HeaderSignature = "Signature" HeaderSignedHeaders = "Signed-Headers" HeaderSourceMap = "SourceMap" HeaderUpgrade = "Upgrade" HeaderXDNSPrefetchControl = "X-DNS-Prefetch-Control" HeaderXPingback = "X-Pingback" HeaderXRequestID = "X-Request-ID" HeaderXRequestedWith = "X-Requested-With" HeaderXRobotsTag = "X-Robots-Tag" HeaderXUACompatible = "X-UA-Compatible" HeaderAccessControlAllowPrivateNetwork = "Access-Control-Allow-Private-Network" HeaderAccessControlRequestPrivateNetwork = "Access-Control-Request-Private-Network" ) // Network types that are commonly used const ( NetworkTCP = "tcp" NetworkTCP4 = "tcp4" NetworkTCP6 = "tcp6" ) // Compression types const ( StrGzip = "gzip" StrBr = "br" StrDeflate = "deflate" StrBrotli = "brotli" ) // Cookie SameSite // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-03#section-4.1.2.7 const ( CookieSameSiteDisabled = "disabled" // not in RFC, just control "SameSite" attribute will not be set. CookieSameSiteLaxMode = "lax" CookieSameSiteStrictMode = "strict" CookieSameSiteNoneMode = "none" ) // Route Constraints const ( ConstraintInt = "int" ConstraintBool = "bool" ConstraintFloat = "float" ConstraintAlpha = "alpha" ConstraintGUID = "guid" ConstraintMinLen = "minLen" ConstraintMaxLen = "maxLen" ConstraintLen = "len" ConstraintBetweenLen = "betweenLen" ConstraintMinLenLower = "minlen" ConstraintMaxLenLower = "maxlen" ConstraintBetweenLenLower = "betweenlen" ConstraintMin = "min" ConstraintMax = "max" ConstraintRange = "range" ConstraintDatetime = "datetime" ConstraintRegex = "regex" ) func IndexRune(str string, needle int32) bool { for _, b := range str { if b == needle { return true } } return false }