Httptest and similar callers often leave Host unset; fall back to URL
for scheme, host, port, and addr substitution.
jsonstore drops the IsTest load short-circuit and duplicate loadNS map
registration; tests isolate storesPath. Skip MaxMind background updates
when IsTest. Tests restore APISkipOriginCheck, use app-scoped OIDC
state cookies, attach route context in middleware helpers, and use
locked buffers for concurrent log capture.
Implement Signed Double Submit Cookie pattern to prevent CSRF attacks.
Adds CSRF token generation, validation, and middleware for API endpoints.
Safe methods (GET/HEAD/OPTIONS) automatically receive CSRF cookies, while
unsafe methods require X-CSRF-Token header matching the cookie value with
valid HMAC signature. Includes same-origin exemption for login/callback
endpoints to support browser-based authentication flows.
This is a large-scale refactoring across the codebase that replaces the custom
`gperr.Error` type with Go's standard `error` interface. The changes include:
- Replacing `gperr.Error` return types with `error` in function signatures
- Using `errors.New()` and `fmt.Errorf()` instead of `gperr.New()` and `gperr.Errorf()`
- Using `%w` format verb for error wrapping instead of `.With()` method
- Replacing `gperr.Subject()` calls with `gperr.PrependSubject()`
- Converting error logging from `gperr.Log*()` functions to zerolog's `.Err().Msg()` pattern
- Update NewLogger to handle multiline error message
- Updating `goutils` submodule to latest commit
This refactoring aligns with Go idioms and removes the dependency on
custom error handling abstractions in favor of standard library patterns.
- Introduced a new handler for unknown paths in the OIDCProvider to prevent fallback to the default login page.
- Forced OIDC middleware to treat unknown path as logic path to redirect to login property when bypass rules is declared.
- Refactored OIDC path constants.
- Updated checkBypass middleware to enforce path prefixes for bypass rules, ensuring proper request handling.
* Add comprehensive post-request rules support for response phase
* Enable response body, status, and header manipulation via set commands
* Refactor command handlers to support both request and response phases
* Implement response modifier system for post-request template execution
* Support response-based rule matching with status and header checks
* Add comprehensive benchmarks for matcher performance
* Refactor authentication and proxying commands for unified error handling
* Support negated conditions with !
* Enhance error handling, error formatting and validation
* Routes: add `rule_file` field with rule preset support
* Environment variable substitution: now supports variables without `GODOXY_` prefix
* new conditions:
* `on resp_header <key> [<value>]`
* `on status <status>`
* new commands:
* `require_auth`
* `set resp_header <key> <template>`
* `set resp_body <template>`
* `set status <code>`
* `log <level> <path> <template>`
* `notify <level> <provider> <title_template> <body_template>`
- These changes makes the API incombatible with previous versions
- Added new types for error handling, success responses, and health checks.
- Updated health check logic to utilize the new types for better clarity and structure.
- Refactored existing handlers to improve response consistency and error handling.
- Updated Makefile to include a new target for generating API types from Swagger.
- Updated "new agent" API to respond an encrypted cert pair
* refactor: simplify io code and make utils module independent
* fix(docker): agent and socket-proxy docker event flushing with modified reverse proxy handler
* refactor: remove unused code
* refactor: remove the use of logging module in most code
* refactor: streamline domain mismatch check in certState function
* tweak: use ecdsa p-256 for autocert
* fix(tests): update health check tests for invalid host and add case for port in host
* feat(acme): custom acme directory
* refactor: code refactor and improved context and error handling
* tweak: optimize memory usage under load
* fix(oidc): restore old user matching behavior
* docs: add ChatGPT assistant to README
---------
Co-authored-by: yusing <yusing@6uo.me>
