chore: update k8s.io/client-go for security reason, go is upgrade to 1.16 (#1912)

* chore: fix jwt dependency security issue * chore: update clickhouse driver * chore: fix a security issue * chore: update dependencies
2022-05-21 14:34:01 +08:00
parent 6f86e5bff8
commit 6b1e15cab1
7 changed files with 134 additions and 77 deletions
--- a/rest/engine.go
+++ b/rest/engine.go
@@ -242,7 +242,7 @@ func (ng *engine) start(router httpx.Router) error {
 	}

 	if len(ng.conf.CertFile) == 0 && len(ng.conf.KeyFile) == 0 {
-		return internal.StartHttp(ng.conf.Host, ng.conf.Port, router)
+		return internal.StartHttp(ng.conf.Host, ng.conf.Port, router, ng.withTimeout())
 	}

 	return internal.StartHttps(ng.conf.Host, ng.conf.Port, ng.conf.CertFile,
@@ -250,13 +250,29 @@ func (ng *engine) start(router httpx.Router) error {
 			if ng.tlsConfig != nil {
 				svr.TLSConfig = ng.tlsConfig
 			}
-		})
+		}, ng.withTimeout())
 }

 func (ng *engine) use(middleware Middleware) {
 	ng.middlewares = append(ng.middlewares, middleware)
 }

+func (ng *engine) withTimeout() internal.StartOption {
+	return func(svr *http.Server) {
+		timeout := ng.conf.Timeout
+		if timeout > 0 {
+			// factor 0.8, to avoid clients send longer content-length than the actual content,
+			// without this timeout setting, the server will time out and respond 503 Service Unavailable,
+			// which triggers the circuit breaker.
+			svr.ReadTimeout = 4 * time.Duration(timeout) * time.Millisecond / 5
+			// factor 0.9, to avoid clients not reading the response
+			// without this timeout setting, the server will time out and respond 503 Service Unavailable,
+			// which triggers the circuit breaker.
+			svr.WriteTimeout = 9 * time.Duration(timeout) * time.Millisecond / 10
+		}
+	}
+}
+
 func convertMiddleware(ware Middleware) func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return ware(next.ServeHTTP)
--- a/rest/engine_test.go
+++ b/rest/engine_test.go
@@ -298,6 +298,37 @@ func TestEngine_notFoundHandlerNotNilWriteHeader(t *testing.T) {
 	assert.Equal(t, int32(1), atomic.LoadInt32(&called))
 }

+func TestEngine_withTimeout(t *testing.T) {
+	logx.Disable()
+
+	tests := []struct {
+		name    string
+		timeout int64
+	}{
+		{
+			name: "not set",
+		},
+		{
+			name:    "set",
+			timeout: 1000,
+		},
+	}
+
+	for _, test := range tests {
+		test := test
+		t.Run(test.name, func(t *testing.T) {
+			ng := newEngine(RestConf{Timeout: test.timeout})
+			svr := &http.Server{}
+			ng.withTimeout()(svr)
+
+			assert.Equal(t, time.Duration(test.timeout)*time.Millisecond*4/5, svr.ReadTimeout)
+			assert.Equal(t, time.Duration(0), svr.ReadHeaderTimeout)
+			assert.Equal(t, time.Duration(test.timeout)*time.Millisecond*9/10, svr.WriteTimeout)
+			assert.Equal(t, time.Duration(0), svr.IdleTimeout)
+		})
+	}
+}
+
 type mockedRouter struct{}

 func (m mockedRouter) ServeHTTP(_ http.ResponseWriter, _ *http.Request) {