diff --git a/Makefile b/Makefile index 39ed94f0..74fd858c 100644 --- a/Makefile +++ b/Makefile @@ -297,8 +297,8 @@ quic-deps: .PHONY: vet vet: - go vet -v -mod=vendor ./... + go vet -v -mod=vendor github.com/cloudflare/cloudflared/... -.PHONY: goimports -goimports: - for d in $$(go list -mod=readonly -f '{{.Dir}}' -a ./... | fgrep -v tunnelrpc) ; do goimports -format-only -local github.com/cloudflare/cloudflared -w $$d ; done +.PHONY: fmt +fmt: + goimports -l -w -local github.com/cloudflare/cloudflared $$(go list -mod=vendor -f '{{.Dir}}' -a ./... | fgrep -v tunnelrpc) diff --git a/carrier/carrier.go b/carrier/carrier.go index 152430d1..b44e1324 100644 --- a/carrier/carrier.go +++ b/carrier/carrier.go @@ -1,6 +1,6 @@ -//Package carrier provides a WebSocket proxy to carry or proxy a connection -//from the local client to the edge. See it as a wrapper around any protocol -//that it packages up in a WebSocket connection to the edge. +// Package carrier provides a WebSocket proxy to carry or proxy a connection +// from the local client to the edge. See it as a wrapper around any protocol +// that it packages up in a WebSocket connection to the edge. package carrier import ( diff --git a/cfsetup.yaml b/cfsetup.yaml index 40082245..89d4512b 100644 --- a/cfsetup.yaml +++ b/cfsetup.yaml @@ -1,23 +1,29 @@ -pinned_go: &pinned_go go=1.18.6-1 -pinned_go_fips: &pinned_go_fips go-boring=1.18.6-1 +pinned_go: &pinned_go go=1.19.3-1 +pinned_go_fips: &pinned_go_fips go-boring=1.19.3-1 build_dir: &build_dir /cfsetup_build default-flavor: bullseye stretch: &stretch build: build_dir: *build_dir - builddeps: + builddeps: &build_deps - *pinned_go - build-essential + - gotest-to-teamcity + pre-cache: &build_pre_cache + - export GOCACHE=/cfsetup_build/.cache/go-build + - go install golang.org/x/tools/cmd/goimports@latest post-cache: - export GOOS=linux - export GOARCH=amd64 - make cloudflared build-fips: build_dir: *build_dir - builddeps: + builddeps: &build_deps_fips - *pinned_go_fips - build-essential + - gotest-to-teamcity + pre-cache: *build_pre_cache post-cache: - export GOOS=linux - export GOARCH=amd64 @@ -163,12 +169,8 @@ stretch: &stretch - make github-windows-upload test: build_dir: *build_dir - builddeps: - - *pinned_go - - build-essential - - gotest-to-teamcity - pre-cache: &test_pre_cache - - go install golang.org/x/tools/cmd/goimports@latest + builddeps: *build_deps + pre-cache: *build_pre_cache post-cache: - export GOOS=linux - export GOARCH=amd64 @@ -177,11 +179,8 @@ stretch: &stretch - make test | gotest-to-teamcity test-fips: build_dir: *build_dir - builddeps: - - *pinned_go_fips - - build-essential - - gotest-to-teamcity - pre-cache: *test_pre_cache + builddeps: *build_deps_fips + pre-cache: *build_pre_cache post-cache: - export GOOS=linux - export GOARCH=amd64 diff --git a/dev.Dockerfile b/dev.Dockerfile index d02e04bf..5c078cfd 100644 --- a/dev.Dockerfile +++ b/dev.Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.18 as builder +FROM golang:1.19 as builder ENV GO111MODULE=on \ CGO_ENABLED=0 WORKDIR /go/src/github.com/cloudflare/cloudflared/ diff --git a/edgediscovery/allregions/discovery.go b/edgediscovery/allregions/discovery.go index 35f464f8..dafaac13 100644 --- a/edgediscovery/allregions/discovery.go +++ b/edgediscovery/allregions/discovery.go @@ -71,11 +71,14 @@ type EdgeAddr struct { // If the call to net.LookupSRV fails, try to fall back to DoT from Cloudflare directly. // // Note: Instead of DoT, we could also have used DoH. Either of these: -// - directly via the JSON API (https://1.1.1.1/dns-query?ct=application/dns-json&name=_origintunneld._tcp.argotunnel.com&type=srv) -// - indirectly via `tunneldns.NewUpstreamHTTPS()` +// - directly via the JSON API (https://1.1.1.1/dns-query?ct=application/dns-json&name=_origintunneld._tcp.argotunnel.com&type=srv) +// - indirectly via `tunneldns.NewUpstreamHTTPS()` +// // But both of these cases miss out on a key feature from the stdlib: -// "The returned records are sorted by priority and randomized by weight within a priority." -// (https://golang.org/pkg/net/#Resolver.LookupSRV) +// +// "The returned records are sorted by priority and randomized by weight within a priority." +// (https://golang.org/pkg/net/#Resolver.LookupSRV) +// // Does this matter? I don't know. It may someday. Let's use DoT so we don't need to worry about it. // See also: Go feature request for stdlib-supported DoH: https://github.com/golang/go/issues/27552 var fallbackLookupSRV = lookupSRVWithDOT diff --git a/fmt-check.sh b/fmt-check.sh index 8b64765e..31fc7abc 100755 --- a/fmt-check.sh +++ b/fmt-check.sh @@ -2,12 +2,12 @@ set -e -o pipefail -OUTPUT=$(for d in $(go list -mod=vendor -f '{{.Dir}}' -a ./... | fgrep -v tunnelrpc) ; do goimports -format-only -local github.com/cloudflare/cloudflared -d $d ; done) +OUTPUT=$(goimports -l -d -local github.com/cloudflare/cloudflared $(go list -mod=vendor -f '{{.Dir}}' -a ./... | fgrep -v tunnelrpc)) if [ -n "$OUTPUT" ] ; then PAGER=$(which colordiff || echo cat) echo - echo "Code formatting issues found, use 'goimports -format-only -local github.com/cloudflare/cloudflared' to correct them" + echo "Code formatting issues found, use 'make fmt' to correct them" echo echo "$OUTPUT" | $PAGER exit 1 diff --git a/go.mod b/go.mod index d55b4b2a..02422fbf 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/cloudflare/cloudflared -go 1.18 +go 1.19 require ( github.com/cloudflare/brotli-go v0.0.0-20191101163834-d34379f7ff93 diff --git a/ingress/config.go b/ingress/config.go index 7b00a429..212180e6 100644 --- a/ingress/config.go +++ b/ingress/config.go @@ -435,10 +435,11 @@ func (defaults *OriginRequestConfig) setAccess(overrides config.OriginRequestCon // SetConfig gets config for the requests that cloudflared sends to origins. // Each field has a setter method which sets a value for the field by trying to find: -// 1. The user config for this rule -// 2. The user config for the overall ingress config -// 3. Defaults chosen by the cloudflared team -// 4. Golang zero values for that type +// 1. The user config for this rule +// 2. The user config for the overall ingress config +// 3. Defaults chosen by the cloudflared team +// 4. Golang zero values for that type +// // If an earlier option isn't set, it will try the next option down. func setConfig(defaults OriginRequestConfig, overrides config.OriginRequestConfig) OriginRequestConfig { cfg := defaults diff --git a/ingress/icmp_windows.go b/ingress/icmp_windows.go index 10f5bf58..816ed383 100644 --- a/ingress/icmp_windows.go +++ b/ingress/icmp_windows.go @@ -376,20 +376,20 @@ func (ip *icmpProxy) icmpEchoRoundtrip(dst netip.Addr, echo *icmp.Echo) (echoRes } /* - Wrapper to call https://docs.microsoft.com/en-us/windows/win32/api/icmpapi/nf-icmpapi-icmpsendecho - Parameters: - - IcmpHandle: Handle created by IcmpCreateFile - - DestinationAddress: IPv4 in the form of https://docs.microsoft.com/en-us/windows/win32/api/inaddr/ns-inaddr-in_addr#syntax - - RequestData: A pointer to echo data - - RequestSize: Number of bytes in buffer pointed by echo data - - RequestOptions: IP header options - - ReplyBuffer: A pointer to the buffer for echoReply, options and data - - ReplySize: Number of bytes allocated for ReplyBuffer - - Timeout: Timeout in milliseconds to wait for a reply - Returns: - - the number of replies in uint32 https://docs.microsoft.com/en-us/windows/win32/api/icmpapi/nf-icmpapi-icmpsendecho#return-value - To retain the reference allocated objects, conversion from pointer to uintptr must happen as arguments to the - syscall function +Wrapper to call https://docs.microsoft.com/en-us/windows/win32/api/icmpapi/nf-icmpapi-icmpsendecho +Parameters: +- IcmpHandle: Handle created by IcmpCreateFile +- DestinationAddress: IPv4 in the form of https://docs.microsoft.com/en-us/windows/win32/api/inaddr/ns-inaddr-in_addr#syntax +- RequestData: A pointer to echo data +- RequestSize: Number of bytes in buffer pointed by echo data +- RequestOptions: IP header options +- ReplyBuffer: A pointer to the buffer for echoReply, options and data +- ReplySize: Number of bytes allocated for ReplyBuffer +- Timeout: Timeout in milliseconds to wait for a reply +Returns: +- the number of replies in uint32 https://docs.microsoft.com/en-us/windows/win32/api/icmpapi/nf-icmpapi-icmpsendecho#return-value +To retain the reference allocated objects, conversion from pointer to uintptr must happen as arguments to the +syscall function */ func (ip *icmpProxy) icmpSendEcho(dst netip.Addr, echo *icmp.Echo) (*echoV4Resp, error) { dataSize := len(echo.Data) diff --git a/ingress/icmp_windows_test.go b/ingress/icmp_windows_test.go index a98d74d2..8d7ad6b3 100644 --- a/ingress/icmp_windows_test.go +++ b/ingress/icmp_windows_test.go @@ -125,7 +125,7 @@ func TestParseEchoV6Reply(t *testing.T) { } } -// TestSendEchoErrors makes sure icmpSendEcho handles error cases +// TestSendEchoErrors makes sure icmpSendEcho handles error cases func TestSendEchoErrors(t *testing.T) { testSendEchoErrors(t, netip.IPv4Unspecified()) testSendEchoErrors(t, netip.IPv6Unspecified()) diff --git a/token/encrypt.go b/token/encrypt.go index 793dc93a..ce1a55c6 100644 --- a/token/encrypt.go +++ b/token/encrypt.go @@ -3,26 +3,26 @@ // tldr is it uses Elliptic Curves (Curve25519) for the keys, XSalsa20 and Poly1305 for encryption. // You can read more here https://godoc.org/golang.org/x/crypto/nacl/box. // -// msg := []byte("super safe message.") -// alice, err := NewEncrypter("alice_priv_key.pem", "alice_pub_key.pem") -// if err != nil { -// log.Fatal(err) -// } +// msg := []byte("super safe message.") +// alice, err := NewEncrypter("alice_priv_key.pem", "alice_pub_key.pem") +// if err != nil { +// log.Fatal(err) +// } // -// bob, err := NewEncrypter("bob_priv_key.pem", "bob_pub_key.pem") -// if err != nil { -// log.Fatal(err) -// } -// encrypted, err := alice.Encrypt(msg, bob.PublicKey()) -// if err != nil { -// log.Fatal(err) -// } +// bob, err := NewEncrypter("bob_priv_key.pem", "bob_pub_key.pem") +// if err != nil { +// log.Fatal(err) +// } +// encrypted, err := alice.Encrypt(msg, bob.PublicKey()) +// if err != nil { +// log.Fatal(err) +// } // -// data, err := bob.Decrypt(encrypted, alice.PublicKey()) -// if err != nil { -// log.Fatal(err) -// } -// fmt.Println(string(data)) +// data, err := bob.Decrypt(encrypted, alice.PublicKey()) +// if err != nil { +// log.Fatal(err) +// } +// fmt.Println(string(data)) package token import ( diff --git a/tunnelrpc/pogs/auth_outcome.go b/tunnelrpc/pogs/auth_outcome.go index 4620cea0..fcbb7186 100644 --- a/tunnelrpc/pogs/auth_outcome.go +++ b/tunnelrpc/pogs/auth_outcome.go @@ -40,7 +40,6 @@ func (ar AuthenticateResponse) Outcome() AuthOutcome { } // AuthOutcome is a programmer-friendly sum type denoting the possible outcomes of Authenticate. -//go-sumtype:decl AuthOutcome type AuthOutcome interface { isAuthOutcome() // Serialize into an AuthenticateResponse which can be sent via Capnp diff --git a/validation/validation.go b/validation/validation.go index a9f66893..395e6883 100644 --- a/validation/validation.go +++ b/validation/validation.go @@ -61,9 +61,13 @@ func ValidateHostname(hostname string) (string, error) { // ValidateUrl returns a validated version of `originUrl` with a scheme prepended (by default http://). // Note: when originUrl contains a scheme, the path is removed: -// ValidateUrl("https://localhost:8080/api/") => "https://localhost:8080" +// +// ValidateUrl("https://localhost:8080/api/") => "https://localhost:8080" +// // but when it does not, the path is preserved: -// ValidateUrl("localhost:8080/api/") => "http://localhost:8080/api/" +// +// ValidateUrl("localhost:8080/api/") => "http://localhost:8080/api/" +// // This is arguably a bug, but changing it might break some cloudflared users. func ValidateUrl(originUrl string) (*url.URL, error) { urlStr, err := validateUrlString(originUrl)