func siteRoot(u *url.URL) string {
uu := url.URL{
Scheme: u.Scheme,
Host: u.Host,
}
return uu.String()
}
func (s *Client) doGet(u url.URL) (*FileReader, error) {
r, e := http.NewRequest("GET", u.String(), nil)
if e != nil {
return nil, e
}
return doRequest(r, s.AppToken, s.AccessToken)
}
func addTrailingSlash(u *url.URL) {
if l := len(u.Path); l > 0 && !strings.HasSuffix(u.Path, "/") {
u.Path += "/"
} else if l = len(u.Host); l > 0 && !strings.HasSuffix(u.Host, "/") {
u.Host += "/"
}
}
func NewClientHandler(c *oidc.Client, issuer string, cbURL url.URL) http.Handler {
mux := http.NewServeMux()
oob := cbURL.String() == client.OOBRedirectURI
issuerURL, err := url.Parse(issuer)
if err != nil {
log.Fatalf("Could not parse issuer url: %v", err)
}
mux.HandleFunc("/", handleIndexFunc(oob))
mux.HandleFunc("/login", handleLoginFunc(c))
mux.HandleFunc("/register", handleRegisterFunc(c))
if cbURL.String() != client.OOBRedirectURI {
mux.HandleFunc(cbURL.Path, handleCallbackFunc(c))
} else {
mux.HandleFunc("/callback", handleCallbackFunc(c))
}
resendURL := *issuerURL
resendURL.Path = "/resend-verify-email"
mux.HandleFunc("/resend", handleResendFunc(c, *issuerURL, resendURL, cbURL))
return mux
}
func removeTrailingSlash(u *url.URL) {
if l := len(u.Path); l > 0 && strings.HasSuffix(u.Path, "/") {
u.Path = u.Path[:l-1]
} else if l = len(u.Host); l > 0 && strings.HasSuffix(u.Host, "/") {
u.Host = u.Host[:l-1]
}
}
func (c Client) ValidRedirectURL(u *url.URL) (url.URL, error) {
if c.Public {
if u == nil {
return url.URL{}, ErrorInvalidRedirectURL
}
if u.String() == OOBRedirectURI {
return *u, nil
}
if u.Scheme != "http" {
return url.URL{}, ErrorInvalidRedirectURL
}
hostPort := strings.Split(u.Host, ":")
if len(hostPort) != 2 {
return url.URL{}, ErrorInvalidRedirectURL
}
if hostPort[0] != "localhost" || u.Path != "" || u.RawPath != "" || u.RawQuery != "" || u.Fragment != "" {
return url.URL{}, ErrorInvalidRedirectURL
}
return *u, nil
}
return ValidRedirectURL(u, c.Metadata.RedirectURIs)
}
func main() {
flag.Parse()
log.SetFlags(0)
interrupt := make(chan os.Signal, 1)
signal.Notify(interrupt, os.Interrupt)
u := url.URL{Scheme: "ws", Host: *addr, Path: "/echo"}
log.Printf("connecting to %s", u.String())
c, _, err := websocket.DefaultDialer.Dial(u.String(), nil)
if err != nil {
log.Fatal("dial:", err)
}
defer c.Close()
done := make(chan struct{})
go func() {
defer c.Close()
defer close(done)
for {
_, message, err := c.ReadMessage()
if err != nil {
log.Println("read:", err)
return
}
log.Printf("recv: %s", message)
}
}()
ticker := time.NewTicker(time.Second)
defer ticker.Stop()
for {
select {
case t := <-ticker.C:
err := c.WriteMessage(websocket.TextMessage, []byte(t.String()))
if err != nil {
log.Println("write:", err)
return
}
case <-interrupt:
log.Println("interrupt")
// To cleanly close a connection, a client should send a close
// frame and wait for the server to close the connection.
err := c.WriteMessage(websocket.CloseMessage, websocket.FormatCloseMessage(websocket.CloseNormalClosure, ""))
if err != nil {
log.Println("write close:", err)
return
}
select {
case <-done:
case <-time.After(time.Second):
}
c.Close()
return
}
}
}
func SignAmazonUrl(origUrl *url.URL, api AmazonProductAPI) (signedUrl string, err error) {
escapeUrl := strings.Replace(origUrl.RawQuery, ",", "%2C", -1)
escapeUrl = strings.Replace(escapeUrl, ":", "%3A", -1)
params := strings.Split(escapeUrl, "&")
sort.Strings(params)
sortedParams := strings.Join(params, "&")
toSign := fmt.Sprintf("GET\n%s\n%s\n%s", origUrl.Host, origUrl.Path, sortedParams)
hasher := hmac.New(sha256.New, []byte(api.SecretKey))
_, err = hasher.Write([]byte(toSign))
if err != nil {
return "", err
}
hash := base64.StdEncoding.EncodeToString(hasher.Sum(nil))
hash = url.QueryEscape(hash)
newParams := fmt.Sprintf("%s&Signature=%s", sortedParams, hash)
origUrl.RawQuery = newParams
return origUrl.String(), nil
}
// connectStream is the internal version of ConnectStream. It differs from
// ConnectStream only in that it will not retry the connection if it encounters
// discharge-required error.
func (st *state) connectStream(path string, attrs url.Values) (base.Stream, error) {
path, err := apiPath(st.modelTag, path)
if err != nil {
return nil, errors.Trace(err)
}
target := url.URL{
Scheme: "wss",
Host: st.addr,
Path: path,
RawQuery: attrs.Encode(),
}
cfg, err := websocket.NewConfig(target.String(), "http://localhost/")
if st.tag != "" {
cfg.Header = utils.BasicAuthHeader(st.tag, st.password)
}
if st.nonce != "" {
cfg.Header.Set(params.MachineNonceHeader, st.nonce)
}
// Add any cookies because they will not be sent to websocket
// connections by default.
st.addCookiesToHeader(cfg.Header)
cfg.TlsConfig = st.tlsConfig
connection, err := websocketDialConfig(cfg)
if err != nil {
return nil, err
}
if err := readInitialStreamError(connection); err != nil {
return nil, errors.Trace(err)
}
return connection, nil
}
func getConfigOverrides(uri *url.URL) (*kube_client_cmd.ConfigOverrides, error) {
kubeConfigOverride := kube_client_cmd.ConfigOverrides{
ClusterInfo: kube_client_cmd_api.Cluster{
APIVersion: APIVersion,
},
}
if len(uri.Scheme) != 0 && len(uri.Host) != 0 {
kubeConfigOverride.ClusterInfo.Server = fmt.Sprintf("%s://%s", uri.Scheme, uri.Host)
}
opts := uri.Query()
if len(opts["apiVersion"]) >= 1 {
kubeConfigOverride.ClusterInfo.APIVersion = opts["apiVersion"][0]
}
if len(opts["insecure"]) > 0 {
insecure, err := strconv.ParseBool(opts["insecure"][0])
if err != nil {
return nil, err
}
kubeConfigOverride.ClusterInfo.InsecureSkipTLSVerify = insecure
}
return &kubeConfigOverride, nil
}
func performHandshakeAndValidation(conn *tls.Conn, uri *url.URL) error {
if err := conn.Handshake(); err != nil {
return err
}
cs := conn.ConnectionState()
if !cs.NegotiatedProtocolIsMutual || cs.NegotiatedProtocol != protocol.ProtocolName {
return fmt.Errorf("protocol negotiation error")
}
q := uri.Query()
relayIDs := q.Get("id")
if relayIDs != "" {
relayID, err := syncthingprotocol.DeviceIDFromString(relayIDs)
if err != nil {
return fmt.Errorf("relay address contains invalid verification id: %s", err)
}
certs := cs.PeerCertificates
if cl := len(certs); cl != 1 {
return fmt.Errorf("unexpected certificate count: %d", cl)
}
remoteID := syncthingprotocol.NewDeviceID(certs[0].Raw)
if remoteID != relayID {
return fmt.Errorf("relay id does not match. Expected %v got %v", relayID, remoteID)
}
}
return nil
}
func createDeployment(c *Configuration, deploymentURL *url.URL, data url.Values) (string, error) {
req, err := http.NewRequest("POST", deploymentURL.String(), bytes.NewBufferString(data.Encode()))
req.Header.Set(apiTokenHeaderName, c.ApiToken)
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
resp, err := http.DefaultTransport.RoundTrip(req)
if err != nil {
return "", err
}
if resp.StatusCode != http.StatusSeeOther {
defer resp.Body.Close()
body, err := ioutil.ReadAll(resp.Body)
if err != nil {
return "", err
}
return "", UnexpectedResponse{resp.StatusCode, string(body)}
}
location := resp.Header.Get("Location")
if location == "" {
return "", fmt.Errorf("createDeployment: no Location header is response")
}
return location, nil
}
func streamDeploymentLog(c *Configuration, deploymentLogURL *url.URL) error {
urlStr := deploymentLogURL.String()
wsHeaders := http.Header{"Origin": {c.Host}, apiTokenHeaderName: {c.ApiToken}}
wsConn, _, err := websocket.DefaultDialer.Dial(urlStr, wsHeaders)
if err != nil {
return err
}
logs := make(chan deploy.LogEntry)
defer func() {
close(logs)
}()
go deploy.ConsoleLogger(logs)
for {
entry := deploy.LogEntry{}
err := wsConn.ReadJSON(&entry)
if err == io.EOF {
break
}
if err != nil {
return err
}
logs <- entry
}
return nil
}
func killDeployment(c *Configuration, deploymentKillURL *url.URL) error {
req, err := http.NewRequest("POST", deploymentKillURL.String(), &bytes.Buffer{})
req.Header.Set(apiTokenHeaderName, c.ApiToken)
_, err = http.DefaultTransport.RoundTrip(req)
return err
}
func (f *dockerFetcher) fetchImageFrom(u *url.URL, latest bool) (string, error) {
if !f.InsecureFlags.SkipImageCheck() {
return "", fmt.Errorf("signature verification for docker images is not supported (try --insecure-options=image)")
}
if f.Debug {
log.Printf("fetching image from %s", u.String())
}
aciFile, err := f.fetch(u)
if err != nil {
return "", err
}
// At this point, the ACI file is removed, but it is kept
// alive, because we have an fd to it opened.
defer aciFile.Close()
key, err := f.S.WriteACI(aciFile, latest)
if err != nil {
return "", err
}
// TODO(krnowak): Consider dropping the signature URL part
// from store.Remote. It is not used anywhere and the data
// stored here is useless.
newRem := store.NewRemote(u.String(), ascURLFromImgURL(u).String())
newRem.BlobKey = key
newRem.DownloadTime = time.Now()
err = f.S.WriteRemote(newRem)
if err != nil {
return "", err
}
return key, nil
}
func lookup(uri *url.URL, q string, suffix bool) (refResult *RefererResult) {
refResult = &RefererResult{URI: uri, Medium: "unknown"}
for medium, mediumData := range data {
for refName, refconfig := range mediumData {
for _, domain := range refconfig["domains"] {
if (!suffix && q == domain) || (suffix && (strings.HasSuffix(q, domain) || strings.HasPrefix(q, domain))) {
refResult.Known = true
refResult.Referer = refName
refResult.Medium = medium
params, paramExists := refconfig["parameters"]
if paramExists {
for _, param := range params {
sterm := uri.Query().Get(param)
if sterm != "" {
refResult.SearchParameter = param
refResult.SearchTerm = sterm
}
}
}
return refResult
}
}
}
}
return
}
func (f *dockerFetcher) fetch(u *url.URL) (*os.File, error) {
tmpDir, err := f.getTmpDir()
if err != nil {
return nil, err
}
defer os.RemoveAll(tmpDir)
registryURL := strings.TrimPrefix(u.String(), "docker://")
user, password := f.getCreds(registryURL)
config := docker2aci.RemoteConfig{
Username: user,
Password: password,
Insecure: f.InsecureFlags.AllowHTTP(),
CommonConfig: docker2aci.CommonConfig{
Squash: true,
OutputDir: tmpDir,
TmpDir: tmpDir,
Compression: d2acommon.NoCompression,
},
}
acis, err := docker2aci.ConvertRemoteRepo(registryURL, config)
if err != nil {
return nil, errwrap.Wrap(errors.New("error converting docker image to ACI"), err)
}
aciFile, err := os.Open(acis[0])
if err != nil {
return nil, errwrap.Wrap(errors.New("error opening squashed ACI file"), err)
}
return aciFile, nil
}
// makeCheck creates a Consul Check Registration struct
func (c *ConsulService) makeCheck(service *structs.Service, check *structs.ServiceCheck, ip string, port int) *consul.AgentCheckRegistration {
if check.Name == "" {
check.Name = fmt.Sprintf("service: %s check", service.Name)
}
check.Id = check.Hash(service.Id)
cr := &consul.AgentCheckRegistration{
ID: check.Id,
Name: check.Name,
ServiceID: service.Id,
}
cr.Interval = check.Interval.String()
cr.Timeout = check.Timeout.String()
switch check.Type {
case structs.ServiceCheckHTTP:
if check.Protocol == "" {
check.Protocol = "http"
}
url := url.URL{
Scheme: check.Protocol,
Host: fmt.Sprintf("%s:%d", ip, port),
Path: check.Path,
}
cr.HTTP = url.String()
case structs.ServiceCheckTCP:
cr.TCP = fmt.Sprintf("%s:%d", ip, port)
case structs.ServiceCheckScript:
cr.Script = check.Script // TODO This needs to include the path of the alloc dir and based on driver types
}
return cr
}
// NewMPSClient constructs a MPSClient from the provided baseURL and
// TLS config.
// If TLS config is nil, the default configuration is used.
func NewMPSClient(baseURL string, tlsConfig *tls.Config) (*MPSClient, error) {
u, err := url.Parse(baseURL)
if err != nil {
return nil, fmt.Errorf("could not parse url: %v", err)
}
t := &http.Transport{TLSClientConfig: tlsConfig}
client := &http.Client{Transport: t}
if (u.Scheme != "http") && (u.Scheme != "https") {
return nil, fmt.Errorf("base url must have scheme 'http' or 'https'")
}
if u.Host == "" {
return nil, fmt.Errorf("no host in url")
}
var wsURL url.URL
wsURL = *u
wsURL.Scheme = "ws"
if u.Scheme == "https" {
wsURL.Scheme = "wss"
}
httpProxy := httputil.NewSingleHostReverseProxy(u)
wsProxy := wsutil.NewSingleHostReverseProxy(&wsURL)
httpProxy.Transport = t
wsProxy.TLSClientConfig = t.TLSClientConfig
return &MPSClient{baseURL, client, httpProxy, wsProxy, t}, nil
}
// ParseConnectionString will parse a string to create a valid connection URL
func ParseConnectionString(path string, ssl bool) (url.URL, error) {
var host string
var port int
h, p, err := net.SplitHostPort(path)
if err != nil {
if path == "" {
host = DefaultHost
} else {
host = path
}
// If they didn't specify a port, always use the default port
port = DefaultPort
} else {
host = h
port, err = strconv.Atoi(p)
if err != nil {
return url.URL{}, fmt.Errorf("invalid port number %q: %s\n", path, err)
}
}
u := url.URL{
Scheme: "http",
}
if ssl {
u.Scheme = "https"
}
u.Host = net.JoinHostPort(host, strconv.Itoa(port))
return u, nil
}
func dirList(w http.ResponseWriter, f http.File, name string) {
w.Header().Set("Content-Type", "text/html; charset=utf-8")
fmt.Fprintf(w, "<pre>\n")
switch name {
case "/":
fmt.Fprintf(w, "<a href=\"%s\">%s</a>\n", "/", ".")
default:
fmt.Fprintf(w, "<a href=\"%s\">%s</a>\n", path.Clean(name+"/.."), "..")
}
for {
dirs, err := f.Readdir(100)
if err != nil || len(dirs) == 0 {
break
}
sort.Sort(byName(dirs))
for _, d := range dirs {
name := d.Name()
if d.IsDir() {
name += "/"
}
// name may contain '?' or '#', which must be escaped to remain
// part of the URL path, and not indicate the start of a query
// string or fragment.
url := url.URL{Path: name}
fmt.Fprintf(w, "<a href=\"%s\">%s</a>\n", url.String(), html.EscapeString(name))
}
}
fmt.Fprintf(w, "</pre>\n")
}
func sortQuery(u *url.URL) {
q := u.Query()
if len(q) == 0 {
return
}
arKeys := make([]string, len(q))
i := 0
for k, _ := range q {
arKeys[i] = k
i++
}
sort.Strings(arKeys)
buf := new(bytes.Buffer)
for _, k := range arKeys {
sort.Strings(q[k])
for _, v := range q[k] {
if buf.Len() > 0 {
buf.WriteRune('&')
}
buf.WriteString(fmt.Sprintf("%s=%s", k, url.QueryEscape(v)))
}
}
// Rebuild the raw query string
u.RawQuery = buf.String()
}
func tcpAddr(host string) string {
u := url.URL{
Scheme: "tcp",
Host: host,
}
return u.String()
}
// moveBucketToHost moves the bucket name from the URI path to URL host.
func moveBucketToHost(u *url.URL, bucket string) {
u.Host = bucket + "." + u.Host
u.Path = strings.Replace(u.Path, "/{Bucket}", "", -1)
if u.Path == "" {
u.Path = "/"
}
}
func (r *fakeRouter) RemoveRoute(name string, address *url.URL) error {
backendName, err := router.Retrieve(name)
if err != nil {
return err
}
if !r.HasBackend(backendName) {
return router.ErrBackendNotFound
}
r.mutex.Lock()
defer r.mutex.Unlock()
if r.failuresByIp[address.String()] {
return ErrForcedFailure
}
index := -1
routes := r.backends[backendName]
for i := range routes {
if routes[i] == address.String() {
index = i
break
}
}
if index < 0 {
return router.ErrRouteNotFound
}
routes[index] = routes[len(routes)-1]
r.backends[backendName] = routes[:len(routes)-1]
return nil
}
func (d *UDPClient) Start(uri *url.URL) error {
d.url = uri
d.stop = make(chan struct{})
params := uri.Query()
// The address must not have a port, as otherwise both announce and lookup
// sockets would try to bind to the same port.
addr, err := net.ResolveUDPAddr(d.url.Scheme, params.Get("listenaddress")+":0")
if err != nil {
return err
}
d.listenAddress = addr
broadcastSeconds, err := strconv.ParseUint(params.Get("broadcast"), 0, 0)
if err != nil {
d.globalBroadcastInterval = DefaultGlobalBroadcastInterval
} else {
d.globalBroadcastInterval = time.Duration(broadcastSeconds) * time.Second
}
retrySeconds, err := strconv.ParseUint(params.Get("retry"), 0, 0)
if err != nil {
d.errorRetryInterval = DefaultErrorRetryInternval
} else {
d.errorRetryInterval = time.Duration(retrySeconds) * time.Second
}
d.wg.Add(1)
go d.broadcast()
return nil
}
// ParseConnectionString will parse a string to create a valid connection URL
func ParseConnectionString(path string, ssl bool) (url.URL, error) {
var host string
var port int
if strings.Contains(path, ":") {
h := strings.Split(path, ":")
i, e := strconv.Atoi(h[1])
if e != nil {
return url.URL{}, fmt.Errorf("invalid port number %q: %s\n", path, e)
}
port = i
if h[0] == "" {
host = DefaultHost
} else {
host = h[0]
}
} else {
host = path
// If they didn't specify a port, always use the default port
port = DefaultPort
}
u := url.URL{
Scheme: "http",
}
if ssl {
u.Scheme = "https"
}
u.Host = net.JoinHostPort(host, strconv.Itoa(port))
return u, nil
}
func Detect_language(q string) string {
var Url *url.URL
Url, err := url.Parse("https://www.googleapis.com")
if err != nil {
fmt.Println(err)
}
Url.Path += "/language/translate/v2/detect"
parameters := url.Values{}
parameters.Add("q", q)
parameters.Add("key", Google_key())
Url.RawQuery = parameters.Encode()
resp, err := http.Get(Url.String())
if err != nil {
fmt.Println(err)
}
defer resp.Body.Close()
body, err := ioutil.ReadAll(resp.Body)
var data gtresponse
json.Unmarshal(body, &data)
lang := data.Data.Detections[0][0].Language
return lang
}
// NewRemoteContext returns a context that gives access to the production
// APIs for the application at the given host. All communication will be
// performed over SSL unless the host is localhost.
func NewRemoteContext(host string, client *http.Client) (appengine.Context, error) {
// Add an appcfg header to outgoing requests.
t := client.Transport
if t == nil {
t = http.DefaultTransport
}
client.Transport = &headerAddingRoundTripper{t}
url := url.URL{
Scheme: "https",
Host: host,
Path: "/_ah/remote_api",
}
if host == "localhost" || strings.HasPrefix(host, "localhost:") {
url.Scheme = "http"
}
u := url.String()
appID, err := getAppID(client, u)
if err != nil {
return nil, fmt.Errorf("unable to contact server: %v", err)
}
return &context{
client: client,
url: u,
appID: appID,
}, nil
}
// DoHTTPProbe checks if a GET request to the url succeeds.
// If the HTTP response code is successful (i.e. 400 > code >= 200), it returns Success.
// If the HTTP response code is unsuccessful or HTTP communication fails, it returns Failure.
// This is exported because some other packages may want to do direct HTTP probes.
func DoHTTPProbe(url *url.URL, headers http.Header, client HTTPGetInterface) (probe.Result, string, error) {
req, err := http.NewRequest("GET", url.String(), nil)
if err != nil {
// Convert errors into failures to catch timeouts.
return probe.Failure, err.Error(), nil
}
req.Header = headers
res, err := client.Do(req)
if err != nil {
// Convert errors into failures to catch timeouts.
return probe.Failure, err.Error(), nil
}
defer res.Body.Close()
b, err := ioutil.ReadAll(res.Body)
if err != nil {
return probe.Failure, "", err
}
body := string(b)
if res.StatusCode >= http.StatusOK && res.StatusCode < http.StatusBadRequest {
glog.V(4).Infof("Probe succeeded for %s, Response: %v", url.String(), *res)
return probe.Success, body, nil
}
glog.V(4).Infof("Probe failed for %s with request headers %v, response body: %v", url.String(), headers, body)
return probe.Failure, fmt.Sprintf("HTTP probe failed with statuscode: %d", res.StatusCode), nil
}