Bump github.com/spf13/cobra from 1.8.1 to 1.9.1

Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.8.1 to 1.9.1.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](https://github.com/spf13/cobra/compare/v1.8.1...v1.9.1)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

.github/ISSUE_TEMPLATE/BUG.md

@@ -3,8 +3,8 @@ name: Bug report
 about: Report a problem with rest-server to help us resolve it and improve
 ---
 
-
 <!--
+
 Welcome! - We kindly ask that you:
 
   1. Fill out the issue template below - not doing so needs a good reason.
@@ -24,6 +24,7 @@ for tracking bugs and feature requests directly relating to the development of
 the software itself, rather than the project.
 
 Thanks for understanding, and for contributing to the project!
+
 -->
 
 
@@ -31,24 +32,26 @@ Output of `rest-server --version` <!-- If using docker, output of `docker images
 ---------------------------------
 
 
-How did you run rest-server exactly?
-------------------------------------
+
+Problem description / Steps to reproduce
+----------------------------------------
 
 <!--
 This section should include at least:
 
+ * A description of the problem you are having with rest-server.
+
  * The complete command line and any environment variables you used to
-   configure rest-server's backend access. Make sure to replace sensitive values!
+   configure rest-server. Make sure to replace sensitive values!
 
  * The output of the commands, what rest-server prints gives may give us much
    information to diagnose the problem!
+
+ * The more time you spend describing an easy way to reproduce the behavior (if
+   this is possible), the easier it is for the project developers to fix it!
 -->
 
 
-What backend/server/service did you use to store the repository?
-----------------------------------------------------------------
-
-
 Expected behavior
 -----------------
 
@@ -56,30 +59,20 @@ Expected behavior
 Describe what you'd like rest-server to do differently.
 -->
 
-
 Actual behavior
 ---------------
 
 <!--
-Please try to concentrate on observations, so only describe what you observed directly.
+In this section, please try to concentrate on observations, so only describe
+what you observed directly.
 -->
 
-
-Steps to reproduce the behavior
--------------------------------
-
-<!--
-The more time you spend describing an easy way to reproduce the behavior (if
-this is possible), the easier it is for the project developers to fix it!
--->
-
-
 Do you have any idea what may have caused this?
 -----------------------------------------------
 
-
-Do you have an idea how to solve the issue?
--------------------------------------------
+<!--
+Did something noteworthy happen on your system, Internet connection, backend services, etc?
+-->
 
 
 Did rest-server help you today? Did it make you happy in any way?

.github/ISSUE_TEMPLATE/FEATURE.md

@@ -1,10 +1,10 @@
 ---
-name: Feature request/enhancement
+name: Feature request
 about: Suggest a new feature or enhancement for rest-server
 ---
 
-
 <!--
+
 Welcome! - We kindly ask that you:
 
   1. Fill out the issue template below - not doing so needs a good reason.
@@ -18,6 +18,7 @@ for tracking bugs and feature requests directly relating to the development of
 the software itself, rather than the project.
 
 Thanks for understanding, and for contributing to the project!
+
 -->
 
 
@@ -30,24 +31,22 @@ later to see what has changed in rest-server when we revisit this issue after so
 time.
 -->
 
-
-What should rest-server do differently?
----------------------------------------
+What should rest-server do differently? Which functionality do you think we should add?
+---------------------------------------------------------------------------------------
 
 <!--
-Please describe the feature you'd like to see added or changed here.
+Please describe the feature you'd like us to add here.
 -->
 
 
-What are you trying to do? What is your use case?
--------------------------------------------------
+What are you trying to do? What problem would this solve?
+---------------------------------------------------------
 
 <!--
 This section should contain a brief description what you're trying to do, which
 would be possible after implementing the new feature.
 -->
 
-
 Did rest-server help you today? Did it make you happy in any way?
 -----------------------------------------------------------------
 

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,42 +1,41 @@
 <!--
-Thank you very much for contributing code or documentation to rest-server!
-
-Please note that each PR should be preceded by an issue where the suggested
-change can be discussed in general and without focus on specific code. That
-way, work done in the PR will better match what's been agreed in the issue.
-
-Please fill out the following questions to make it easier for us to review
-your changes. You don't have to check all the checkboxes at once, instead
-feel free to add more commits over time.
+Thank you very much for contributing code or documentation to rest-server! Please
+fill out the following questions to make it easier for us to review your
+changes.
 -->
 
-
-What is the purpose of this change? What does it change?
---------------------------------------------------------
+What does this PR change? What problem does it solve?
+-----------------------------------------------------
 
 <!--
-Describe the changes here, as detailed as needed.
+Describe the changes and their purpose here, as detailed as needed.
 -->
 
-
-Was the change discussed in an issue or in the forum before?
-------------------------------------------------------------
+Was the change previously discussed in an issue or on the forum?
+----------------------------------------------------------------
 
 <!--
 Link issues and relevant forum posts here.
 
-If this PR resolves an issue on GitHub, write "Closes #1234" such
-that the issue is closed automatically when this PR is merged.
+If this PR resolves an issue on GitHub, use "Closes #1234" so that the issue
+is closed automatically when this PR is merged.
 -->
 
-
 Checklist
 ---------
 
-- [ ] I have enabled [maintainer edits for this PR](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/allowing-changes-to-a-pull-request-branch-created-from-a-fork)
-- [ ] I have added tests for all changes in this PR
-- [ ] I have added documentation for the changes (in the manual)
-- [ ] There's a new file in `changelog/unreleased/` that describes the changes for our users (template [here](https://github.com/restic/rest-server/blob/master/changelog/TEMPLATE))
-- [ ] I have run `gofmt` on the code in all commits
-- [ ] All commit messages are formatted in the same style as [the other commits in the repo](https://github.com/restic/rest-server/commits/master)
-- [ ] I'm done, this Pull Request is ready for review
+<!--
+You do not need to check all the boxes below all at once. Feel free to take
+your time and add more commits. If you're done and ready for review, please
+check the last box. Enable a checkbox by replacing [ ] with [x].
+
+Please always follow these steps:
+- Enable [maintainer edits](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/allowing-changes-to-a-pull-request-branch-created-from-a-fork).
+- Run `gofmt` on the code in all commits.
+- Format all commit messages in the same style as [the other commits in the repository](https://github.com/restic/rest-server/blob/master/CONTRIBUTING.md#git-commits).
+-->
+
+- [ ] I have added tests for all code changes.
+- [ ] I have added documentation for relevant changes (in the manual).
+- [ ] There's a new file in `changelog/unreleased/` that describes the changes for our users (see [template](https://github.com/restic/rest-server/blob/master/changelog/TEMPLATE)).
+- [ ] I'm done! This pull request is ready for review.

.github/workflows/tests.yml

@@ -7,9 +7,13 @@ on:
 
   # run tests for all pull requests
   pull_request:
+  merge_group:
+
+permissions:
+  contents: read
 
 env:
-  latest_go: "1.21.x"
+  latest_go: "1.23.x"
   GO111MODULE: on
 
 jobs:
@@ -17,10 +21,8 @@ jobs:
     strategy:
       matrix:
         go:
-          - 1.18.x
-          - 1.19.x
-          - 1.20.x
-          - 1.21.x
+          - 1.23.x
+          - 1.22.x
     runs-on: ubuntu-latest
     name: Go ${{ matrix.go }}
 
@@ -28,25 +30,21 @@ jobs:
       GOPROXY: https://proxy.golang.org
 
     steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+
       - name: Set up Go ${{ matrix.go }}
         uses: actions/setup-go@v5
         with:
           go-version: ${{ matrix.go }}
 
-      - name: Check out code
-        uses: actions/checkout@v4
-
-      - name: Build
-        run: |
-          go build ./cmd/rest-server
-
       - name: Build with build.go
         run: |
           go run build.go --goos linux
           go run build.go --goos windows
           go run build.go --goos darwin
 
-      - name: Run tests
+      - name: Run local Tests
         run: |
           go test ./...
 
@@ -61,23 +59,25 @@ jobs:
   lint:
     name: lint
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      # allow annotating code in the PR
+      checks: write
     steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+
       - name: Set up Go ${{ env.latest_go }}
         uses: actions/setup-go@v5
         with:
           go-version: ${{ env.latest_go }}
 
-      - name: Check out code
-        uses: actions/checkout@v4
-
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v6
         with:
           # Required: the version of golangci-lint is required and must be specified without patch version: we always use the latest patch version.
-          version: v1.51
-          # Optional: show only new issues if it's a pull request. The default value is `false`.
-          only-new-issues: true
-          args: --verbose --timeout 10m
+          version: v1.63.4
+          args: --verbose --timeout 5m
 
         # only run golangci-lint for pull requests, otherwise ALL hints get
         # reported. We need to slowly address all issues until we can enable
@@ -89,3 +89,18 @@ jobs:
           echo "check if go.mod and go.sum are up to date"
           go mod tidy
           git diff --exit-code go.mod go.sum
+
+  analyze:
+    name: Analyze results
+    needs: [test, lint]
+    if: always()
+
+    permissions: # no need to access code
+      contents: none
+
+    runs-on: ubuntu-latest
+    steps:
+      - name: Decide whether the needed jobs succeeded or failed
+        uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe
+        with:
+          jobs: ${{ toJSON(needs) }}

.golangci.yml

@@ -10,13 +10,10 @@ linters:
     # make sure all errors returned by functions are handled
     - errcheck
 
-    # find unused code
-    - deadcode
-
     # show how code can be simplified
     - gosimple
 
-    # # make sure code is formatted
+    # make sure code is formatted
     - gofmt
 
     # examine code and report suspicious constructs, such as Printf calls whose
@@ -35,15 +32,14 @@ linters:
     # find unused variables, functions, structs, types, etc.
     - unused
 
-    # find unused struct fields
-    - structcheck
-
-    # find unused global variables
-    - varcheck
-
     # parse and typecheck code
     - typecheck
 
+    # ensure that http response bodies are closed
+    - bodyclose
+
+    - importas
+
 issues:
   # don't use the default exclude rules, this hides (among others) ignored
   # errors from Close() calls
@@ -55,3 +51,6 @@ issues:
     - exported (function|method|var|type|const) .* should have comment or be unexported
     # revive: ignore constants in all caps
     - don't use ALL_CAPS in Go names; use CamelCase
+    # revive: lots of packages don't have such a comment
+    - "package-comments: should have a package comment"
+    - "redefines-builtin-id:"

.goreleaser.yml

@@ -79,13 +79,13 @@ archives:
     # add these files to all archives
     files:
       - src: LICENSE
-        dst: .
+        dst: LICENSE
         info: *archive_file_info
       - src: README.md
-        dst: .
+        dst: README.md
         info: *archive_file_info
       - src: CHANGELOG.md
-        dst: .
+        dst: CHANGELOG.md
         info: *archive_file_info
 
 # also build an archive of the source code

CHANGELOG.md

@@ -1,3 +1,65 @@
+Changelog for rest-server 0.13.0 (2024-07-26)
+============================================
+
+The following sections list the changes in rest-server 0.13.0 relevant
+to users. The changes are ordered by importance.
+
+Summary
+-------
+
+ * Chg #267: Update dependencies and require Go 1.18 or newer
+ * Chg #273: Shut down cleanly on TERM and INT signals
+ * Enh #271: Print listening address after start-up
+ * Enh #272: Support listening on a unix socket
+
+Details
+-------
+
+ * Change #267: Update dependencies and require Go 1.18 or newer
+
+   Most dependencies have been updated. Since some libraries require newer language
+   features, support for Go 1.17 has been dropped, which means that rest-server now
+   requires at least Go 1.18 to build.
+
+   https://github.com/restic/rest-server/pull/267
+
+ * Change #273: Shut down cleanly on TERM and INT signals
+
+   Rest-server now listens for TERM and INT signals and cleanly closes down the
+   http.Server and listener when receiving either of them.
+
+   This is particularly useful when listening on a unix socket, as the server will
+   now remove the socket file when it shuts down.
+
+   https://github.com/restic/rest-server/pull/273
+
+ * Enhancement #271: Print listening address after start-up
+
+   When started with `--listen :0`, rest-server would print `start server on :0`
+
+   The message now also includes the actual address listened on, for example `start
+   server on 0.0.0.0:37333`. This is useful when starting a server with an
+   auto-allocated free port number (port 0).
+
+   https://github.com/restic/rest-server/pull/271
+
+ * Enhancement #272: Support listening on a unix socket
+
+   It is now possible to make rest-server listen on a unix socket by prefixing the
+   socket filename with `unix:` and passing it to the `--listen` option, for
+   example `--listen unix:/tmp/foo`.
+
+   This is useful in combination with remote port forwarding to enable a remote
+   server to backup locally, e.g.:
+
+   ```
+   rest-server --listen unix:/tmp/foo &
+   ssh -R /tmp/foo:/tmp/foo user@host restic -r rest:http+unix:///tmp/foo:/repo backup
+   ```
+
+   https://github.com/restic/rest-server/pull/272
+
+
 Changelog for rest-server 0.12.1 (2023-07-09)
 ============================================
 
@@ -16,33 +78,34 @@ Details
 
  * Bugfix #230: Fix erroneous warnings about unsupported fsync
 
-   Due to a regression in rest-server 0.12.0, it continuously printed `WARNING: fsync is not
-   supported by the data storage. This can lead to data loss, if the system crashes or the storage is
-   unexpectedly disconnected.` for systems that support fsync. We have fixed the warning.
+   Due to a regression in rest-server 0.12.0, it continuously printed `WARNING:
+   fsync is not supported by the data storage. This can lead to data loss, if the
+   system crashes or the storage is unexpectedly disconnected.` for systems that
+   support fsync. We have fixed the warning.
 
    https://github.com/restic/rest-server/issues/230
    https://github.com/restic/rest-server/pull/231
 
  * Bugfix #238: API: Return empty array when listing empty folders
 
-   Rest-server returned `null` when listing an empty folder. This has been changed to returning
-   an empty array in accordance with the REST protocol specification. This change has no impact on
-   restic users.
+   Rest-server returned `null` when listing an empty folder. This has been changed
+   to returning an empty array in accordance with the REST protocol specification.
+   This change has no impact on restic users.
 
    https://github.com/restic/rest-server/issues/238
    https://github.com/restic/rest-server/pull/239
 
  * Enhancement #217: Log to stdout using the `--log -` option
 
-   Logging to stdout was possible using `--log /dev/stdout`. However, when the rest server is run
-   as a different user, for example, using
+   Logging to stdout was possible using `--log /dev/stdout`. However, when the rest
+   server is run as a different user, for example, using
 
    `sudo -u restic rest-server [...] --log /dev/stdout`
 
    This did not work due to permission issues.
 
-   For logging to stdout, the `--log` option now supports the special filename `-` which also
-   works in these cases.
+   For logging to stdout, the `--log` option now supports the special filename `-`
+   which also works in these cases.
 
    https://github.com/restic/rest-server/pull/217
 
@@ -69,68 +132,69 @@ Details
 
  * Bugfix #183: Allow usernames containing underscore and more
 
-   The security fix in rest-server 0.11.0 (#131) disallowed usernames containing and
-   underscore "_". The list of allowed characters has now been changed to include Unicode
-   characters, numbers, "_", "-", "." and "@".
+   The security fix in rest-server 0.11.0 (#131) disallowed usernames containing
+   and underscore "_". The list of allowed characters has now been changed to
+   include Unicode characters, numbers, "_", "-", "." and "@".
 
    https://github.com/restic/rest-server/issues/183
    https://github.com/restic/rest-server/pull/184
 
  * Bugfix #219: Ignore unexpected files in the data/ folder
 
-   If the data folder of a repository contained files, this would prevent restic from retrieving a
-   list of file data files. This has been fixed. As a workaround remove the files that are directly
-   contained in the data folder (e.g., `.DS_Store` files).
+   If the data folder of a repository contained files, this would prevent restic
+   from retrieving a list of file data files. This has been fixed. As a workaround
+   remove the files that are directly contained in the data folder (e.g.,
+   `.DS_Store` files).
 
    https://github.com/restic/rest-server/issues/219
    https://github.com/restic/rest-server/pull/221
 
  * Bugfix #1871: Return 500 "Internal server error" if files cannot be read
 
-   When files in a repository cannot be read by rest-server, for example after running `restic
-   prune` directly on the server hosting the repositories in a way that causes filesystem
-   permissions to be wrong, rest-server previously returned 404 "Not Found" as status code. This
-   was causing confusing for users.
+   When files in a repository cannot be read by rest-server, for example after
+   running `restic prune` directly on the server hosting the repositories in a way
+   that causes filesystem permissions to be wrong, rest-server previously returned
+   404 "Not Found" as status code. This was causing confusing for users.
 
-   The error handling has now been fixed to only return 404 "Not Found" if the file actually does not
-   exist. Otherwise a 500 "Internal server error" is reported to the client and the underlying
-   error is logged at the server side.
+   The error handling has now been fixed to only return 404 "Not Found" if the file
+   actually does not exist. Otherwise a 500 "Internal server error" is reported to
+   the client and the underlying error is logged at the server side.
 
    https://github.com/restic/rest-server/issues/1871
    https://github.com/restic/rest-server/pull/195
 
  * Change #207: Return error if command-line arguments are specified
 
-   Command line arguments are ignored by rest-server, but there was previously no indication of
-   this when they were supplied anyway.
+   Command line arguments are ignored by rest-server, but there was previously no
+   indication of this when they were supplied anyway.
 
-   To prevent usage errors an error is now printed when command line arguments are supplied,
-   instead of them being silently ignored.
+   To prevent usage errors an error is now printed when command line arguments are
+   supplied, instead of them being silently ignored.
 
    https://github.com/restic/rest-server/pull/207
 
  * Change #208: Update dependencies and require Go 1.17 or newer
 
-   Most dependencies have been updated. Since some libraries require newer language features,
-   support for Go 1.15-1.16 has been dropped, which means that rest-server now requires at least
-   Go 1.17 to build.
+   Most dependencies have been updated. Since some libraries require newer language
+   features, support for Go 1.15-1.16 has been dropped, which means that
+   rest-server now requires at least Go 1.17 to build.
 
    https://github.com/restic/rest-server/pull/208
 
  * Enhancement #133: Cache basic authentication credentials
 
-   To speed up the verification of basic auth credentials, rest-server now caches passwords for a
-   minute in memory. That way the expensive verification of basic auth credentials can be skipped
-   for most requests issued by a single restic run. The password is kept in memory in a hashed form
-   and not as plaintext.
+   To speed up the verification of basic auth credentials, rest-server now caches
+   passwords for a minute in memory. That way the expensive verification of basic
+   auth credentials can be skipped for most requests issued by a single restic run.
+   The password is kept in memory in a hashed form and not as plaintext.
 
    https://github.com/restic/rest-server/issues/133
    https://github.com/restic/rest-server/pull/138
 
  * Enhancement #187: Allow configurable location for `.htpasswd` file
 
-   It is now possible to specify the location of the `.htpasswd` file using the `--htpasswd-file`
-   option.
+   It is now possible to specify the location of the `.htpasswd` file using the
+   `--htpasswd-file` option.
 
    https://github.com/restic/rest-server/issues/187
    https://github.com/restic/rest-server/pull/188
@@ -161,11 +225,12 @@ Details
 
  * Security #131: Prevent loading of usernames containing a slash
 
-   "/" is valid char in HTTP authorization headers, but is also used in rest-server to map
-   usernames to private repos.
+   "/" is valid char in HTTP authorization headers, but is also used in rest-server
+   to map usernames to private repos.
 
-   This commit prevents loading maliciously composed usernames like "/foo/config" by
-   restricting the allowed characters to the unicode character class, numbers, "-", "." and "@".
+   This commit prevents loading maliciously composed usernames like "/foo/config"
+   by restricting the allowed characters to the unicode character class, numbers,
+   "-", "." and "@".
 
    This prevents requests to other users files like:
 
@@ -177,64 +242,71 @@ Details
 
  * Bugfix #119: Fix Docker configuration for `DISABLE_AUTHENTICATION`
 
-   Rest-server 0.10.0 introduced a regression which caused the `DISABLE_AUTHENTICATION`
-   environment variable to stop working for the Docker container. This has been fixed by
-   automatically setting the option `--no-auth` to disable authentication.
+   Rest-server 0.10.0 introduced a regression which caused the
+   `DISABLE_AUTHENTICATION` environment variable to stop working for the Docker
+   container. This has been fixed by automatically setting the option `--no-auth`
+   to disable authentication.
 
    https://github.com/restic/rest-server/issues/119
    https://github.com/restic/rest-server/pull/124
 
  * Bugfix #142: Fix possible data loss due to interrupted network connections
 
-   When rest-server was run without `--append-only` it was possible to lose uploaded files in a
-   specific scenario in which a network connection was interrupted.
+   When rest-server was run without `--append-only` it was possible to lose
+   uploaded files in a specific scenario in which a network connection was
+   interrupted.
 
-   For the data loss to occur a file upload by restic would have to be interrupted such that restic
-   notices the interrupted network connection before the rest-server. Then restic would have to
-   retry the file upload and finish it before the rest-server notices that the initial upload has
-   failed. Then the uploaded file would be accidentally removed by rest-server when trying to
+   For the data loss to occur a file upload by restic would have to be interrupted
+   such that restic notices the interrupted network connection before the
+   rest-server. Then restic would have to retry the file upload and finish it
+   before the rest-server notices that the initial upload has failed. Then the
+   uploaded file would be accidentally removed by rest-server when trying to
    cleanup the failed upload.
 
-   This has been fixed by always uploading to a temporary file first which is moved in position only
-   once it was uploaded completely.
+   This has been fixed by always uploading to a temporary file first which is moved
+   in position only once it was uploaded completely.
 
    https://github.com/restic/rest-server/pull/142
 
  * Bugfix #155: Reply "insufficient storage" on disk full or over-quota
 
-   When there was no space left on disk, or any other write-related error occurred, rest-server
-   replied with HTTP status code 400 (Bad request). This is misleading (restic client will dump
-   the status code to the user).
+   When there was no space left on disk, or any other write-related error occurred,
+   rest-server replied with HTTP status code 400 (Bad request). This is misleading
+   (restic client will dump the status code to the user).
 
-   Rest-server now replies with two different status codes in these situations: * HTTP 507
-   "Insufficient storage" is the status on disk full or repository over-quota * HTTP 500
-   "Internal server error" is used for other disk-related errors
+   Rest-server now replies with two different status codes in these situations: *
+   HTTP 507 "Insufficient storage" is the status on disk full or repository
+   over-quota * HTTP 500 "Internal server error" is used for other disk-related
+   errors
 
    https://github.com/restic/rest-server/issues/155
    https://github.com/restic/rest-server/pull/160
 
  * Bugfix #157: Use platform-specific temporary directory as default data directory
 
-   If no data directory is specificed, then rest-server now uses the Go standard library
-   functions to retrieve the standard temporary directory path for the current platform.
+   If no data directory is specificed, then rest-server now uses the Go standard
+   library functions to retrieve the standard temporary directory path for the
+   current platform.
 
    https://github.com/restic/rest-server/issues/157
    https://github.com/restic/rest-server/pull/158
 
  * Change #112: Add subrepo support and refactor server code
 
-   Support for multi-level repositories has been added, so now each user can have its own
-   subrepositories. This feature is always enabled.
+   Support for multi-level repositories has been added, so now each user can have
+   its own subrepositories. This feature is always enabled.
 
-   Authentication for the Prometheus /metrics endpoint can now be disabled with the new
-   `--prometheus-no-auth` flag.
+   Authentication for the Prometheus /metrics endpoint can now be disabled with the
+   new `--prometheus-no-auth` flag.
 
-   We have split out all HTTP handling to a separate `repo` subpackage to cleanly separate the
-   server code from the code that handles a single repository. The new RepoHandler also makes it
-   easier to reuse rest-server as a Go component in any other HTTP server.
+   We have split out all HTTP handling to a separate `repo` subpackage to cleanly
+   separate the server code from the code that handles a single repository. The new
+   RepoHandler also makes it easier to reuse rest-server as a Go component in any
+   other HTTP server.
 
-   The refactoring makes the code significantly easier to follow and understand, which in turn
-   makes it easier to add new features, audit for security and debug issues.
+   The refactoring makes the code significantly easier to follow and understand,
+   which in turn makes it easier to add new features, audit for security and debug
+   issues.
 
    https://github.com/restic/rest-server/issues/109
    https://github.com/restic/rest-server/issues/107
@@ -242,27 +314,28 @@ Details
 
  * Change #146: Build rest-server at docker container build time
 
-   The Dockerfile now includes a build stage such that the latest rest-server is always built and
-   packaged. This is done in a standard golang container to ensure a clean build environment and
-   only the final binary is shipped rather than the whole build environment.
+   The Dockerfile now includes a build stage such that the latest rest-server is
+   always built and packaged. This is done in a standard golang container to ensure
+   a clean build environment and only the final binary is shipped rather than the
+   whole build environment.
 
    https://github.com/restic/rest-server/issues/146
    https://github.com/restic/rest-server/pull/145
 
  * Enhancement #122: Verify uploaded files
 
-   The rest-server now by default verifies that the hash of content of uploaded files matches
-   their filename. This ensures that transmission errors are detected and forces restic to retry
-   the upload. On low-power devices it can make sense to disable this check by passing the
-   `--no-verify-upload` flag.
+   The rest-server now by default verifies that the hash of content of uploaded
+   files matches their filename. This ensures that transmission errors are detected
+   and forces restic to retry the upload. On low-power devices it can make sense to
+   disable this check by passing the `--no-verify-upload` flag.
 
    https://github.com/restic/rest-server/issues/122
    https://github.com/restic/rest-server/pull/130
 
  * Enhancement #126: Allow running rest-server via systemd socket activation
 
-   We've added the option to have systemd create the listening socket and start the rest-server on
-   demand.
+   We've added the option to have systemd create the listening socket and start the
+   rest-server on demand.
 
    https://github.com/restic/rest-server/issues/126
    https://github.com/restic/rest-server/pull/151
@@ -270,9 +343,9 @@ Details
 
  * Enhancement #148: Expand use of security features in example systemd unit file
 
-   The example systemd unit file now enables additional systemd features to mitigate potential
-   security vulnerabilities in rest-server and the various packages and operating system
-   components which it relies upon.
+   The example systemd unit file now enables additional systemd features to
+   mitigate potential security vulnerabilities in rest-server and the various
+   packages and operating system components which it relies upon.
 
    https://github.com/restic/rest-server/issues/148
    https://github.com/restic/rest-server/pull/149
@@ -298,49 +371,53 @@ Details
 
  * Security #60: Require auth by default, add --no-auth flag
 
-   In order to prevent users from accidentally exposing rest-server without authentication,
-   rest-server now defaults to requiring a .htpasswd. If you want to disable authentication, you
-   need to explicitly pass the new --no-auth flag.
+   In order to prevent users from accidentally exposing rest-server without
+   authentication, rest-server now defaults to requiring a .htpasswd. If you want
+   to disable authentication, you need to explicitly pass the new --no-auth flag.
 
    https://github.com/restic/rest-server/issues/60
    https://github.com/restic/rest-server/pull/61
 
  * Security #64: Refuse overwriting config file in append-only mode
 
-   While working on the `rclone serve restic` command we noticed that is currently possible to
-   overwrite the config file in a repo even if `--append-only` is specified. The first commit adds
-   proper tests, and the second commit fixes the issue.
+   While working on the `rclone serve restic` command we noticed that is currently
+   possible to overwrite the config file in a repo even if `--append-only` is
+   specified. The first commit adds proper tests, and the second commit fixes the
+   issue.
 
    https://github.com/restic/rest-server/pull/64
 
  * Security #117: Stricter path sanitization
 
-   The framework we're using in rest-server to decode paths to repositories allowed specifying
-   URL-encoded characters in paths, including sensitive characters such as `/` (encoded as
-   `%2F`).
+   The framework we're using in rest-server to decode paths to repositories allowed
+   specifying URL-encoded characters in paths, including sensitive characters such
+   as `/` (encoded as `%2F`).
 
-   We've changed this unintended behavior, such that rest-server now rejects such paths. In
-   particular, it is no longer possible to specify sub-repositories for users by encoding the
-   path with `%2F`, such as `http://localhost:8000/foo%2Fbar`, which means that this will
-   unfortunately be a breaking change in that case.
+   We've changed this unintended behavior, such that rest-server now rejects such
+   paths. In particular, it is no longer possible to specify sub-repositories for
+   users by encoding the path with `%2F`, such as
+   `http://localhost:8000/foo%2Fbar`, which means that this will unfortunately be a
+   breaking change in that case.
 
-   If using sub-repositories for users is important to you, please let us know in the forum, so we
-   can learn about your use case and implement this properly. As it currently stands, the ability
-   to use sub-repositories was an unintentional feature made possible by the URL decoding
-   framework used, and hence never meant to be supported in the first place. If we wish to have this
-   feature in rest-server, we'd like to have it implemented properly and intentionally.
+   If using sub-repositories for users is important to you, please let us know in
+   the forum, so we can learn about your use case and implement this properly. As
+   it currently stands, the ability to use sub-repositories was an unintentional
+   feature made possible by the URL decoding framework used, and hence never meant
+   to be supported in the first place. If we wish to have this feature in
+   rest-server, we'd like to have it implemented properly and intentionally.
 
    https://github.com/restic/rest-server/issues/117
 
  * Change #102: Remove vendored dependencies
 
-   We've removed the vendored dependencies (in the subdir `vendor/`) similar to what we did for
-   `restic` itself. When building restic, the Go compiler automatically fetches the
-   dependencies. It will also cryptographically verify that the correct code has been fetched by
-   using the hashes in `go.sum` (see the link to the documentation below).
+   We've removed the vendored dependencies (in the subdir `vendor/`) similar to
+   what we did for `restic` itself. When building restic, the Go compiler
+   automatically fetches the dependencies. It will also cryptographically verify
+   that the correct code has been fetched by using the hashes in `go.sum` (see the
+   link to the documentation below).
 
-   Building the rest-server now requires Go 1.11 or newer, since we're using Go Modules for
-   dependency management. Older Go versions are not supported any more.
+   Building the rest-server now requires Go 1.11 or newer, since we're using Go
+   Modules for dependency management. Older Go versions are not supported any more.
 
    https://github.com/restic/rest-server/issues/102
    https://golang.org/cmd/go/#hdr-Module_downloading_and_verification

README.md

@@ -11,7 +11,7 @@ Rest Server is a high performance HTTP server that implements restic's [REST bac
 
 ## Requirements
 
-Rest Server requires Go 1.18 or higher to build.  The only tested compiler is the official Go compiler.  Building server with `gccgo` may work, but is not supported.
+Rest Server requires Go 1.22 or higher to build.  The only tested compiler is the official Go compiler.
 
 The required version of restic backup client to use with `rest-server` is [v0.7.1](https://github.com/restic/restic/releases/tag/v0.7.1) or higher.
 

VERSION

@@ -1 +1 @@
-0.12.1
+0.13.0

build.go

@@ -58,7 +58,7 @@ var config = Config{
 	Namespace:  "github.com/restic/rest-server",                 // subdir of GOPATH, e.g. "github.com/foo/bar"
 	Main:       "github.com/restic/rest-server/cmd/rest-server", // package name for the main package
 	Tests:      []string{"./..."},                               // tests to run
-	MinVersion: GoVersion{Major: 1, Minor: 15, Patch: 0},        // minimum Go version supported
+	MinVersion: GoVersion{Major: 1, Minor: 22, Patch: 0},        // minimum Go version supported
 }
 
 // Config configures the build.

changelog/unreleased/pull-295

@@ -0,0 +1,5 @@
+Enhancement: Output status of append only mode on startup
+
+Rest-server now outputs whether append only mode has been enabled on startup.
+
+https://github.com/restic/rest-server/pull/295

changelog/unreleased/pull-322

@@ -0,0 +1,9 @@
+Change: Update dependencies and require Go 1.22 or newer
+
+We have updated all dependencies. Since some libraries require newer Go standard
+library features, support for Go 1.18 to 1.21 has been dropped, which means
+that rest-server now requires at least Go 1.22 to build.
+
+This also disables support for TLS versions older than TLS 1.2.
+
+https://github.com/restic/rest-server/pull/322

cmd/rest-server/listener_unix_test.go

@@ -61,7 +61,10 @@ func TestUnixSocket(t *testing.T) {
 				if err != nil {
 					return err
 				}
-				resp.Body.Close()
+				err = resp.Body.Close()
+				if err != nil {
+					return err
+				}
 				if resp.StatusCode != test.StatusCode {
 					return fmt.Errorf("expected %d from server, instead got %d (path %s)", test.StatusCode, resp.StatusCode, test.Path)
 				}

cmd/rest-server/main.go

@@ -22,7 +22,7 @@ import (
 type restServerApp struct {
 	CmdRoot    *cobra.Command
 	Server     restserver.Server
-	CpuProfile string
+	CPUProfile string
 
 	listenerAddressMu sync.Mutex
 	listenerAddress   net.Addr // set after startup
@@ -36,7 +36,7 @@ func newRestServerApp() *restServerApp {
 			Short:         "Run a REST server for use with restic",
 			SilenceErrors: true,
 			SilenceUsage:  true,
-			Args: func(cmd *cobra.Command, args []string) error {
+			Args: func(_ *cobra.Command, args []string) error {
 				if len(args) != 0 {
 					return fmt.Errorf("rest-server expects no arguments - unknown argument: %s", args[0])
 				}
@@ -52,7 +52,7 @@ func newRestServerApp() *restServerApp {
 	rv.CmdRoot.RunE = rv.runRoot
 	flags := rv.CmdRoot.Flags()
 
-	flags.StringVar(&rv.CpuProfile, "cpu-profile", rv.CpuProfile, "write CPU profile to file")
+	flags.StringVar(&rv.CPUProfile, "cpu-profile", rv.CPUProfile, "write CPU profile to file")
 	flags.BoolVar(&rv.Server.Debug, "debug", rv.Server.Debug, "output debug messages")
 	flags.StringVar(&rv.Server.Listen, "listen", rv.Server.Listen, "listen address")
 	flags.StringVar(&rv.Server.Log, "log", rv.Server.Log, "write HTTP requests in the combined log format to the specified `filename` (use \"-\" for logging to stdout)")
@@ -73,7 +73,7 @@ func newRestServerApp() *restServerApp {
 	return rv
 }
 
-var version = "0.12.1-dev"
+var version = "0.13.0"
 
 func (app *restServerApp) tlsSettings() (bool, string, string, error) {
 	var key, cert string
@@ -103,17 +103,19 @@ func (app *restServerApp) ListenerAddress() net.Addr {
 	return app.listenerAddress
 }
 
-func (app *restServerApp) runRoot(cmd *cobra.Command, args []string) error {
+func (app *restServerApp) runRoot(_ *cobra.Command, _ []string) error {
 	log.SetFlags(0)
 
 	log.Printf("Data directory: %s", app.Server.Path)
 
-	if app.CpuProfile != "" {
-		f, err := os.Create(app.CpuProfile)
+	if app.CPUProfile != "" {
+		f, err := os.Create(app.CPUProfile)
 		if err != nil {
 			return err
 		}
-		defer f.Close()
+		defer func() {
+			_ = f.Close()
+		}()
 
 		if err := pprof.StartCPUProfile(f); err != nil {
 			return err
@@ -135,6 +137,12 @@ func (app *restServerApp) runRoot(cmd *cobra.Command, args []string) error {
 		log.Fatalf("error: %v", err)
 	}
 
+	if app.Server.AppendOnly {
+		log.Println("Append only mode enabled")
+	} else {
+		log.Println("Append only mode disabled")
+	}
+
 	if app.Server.PrivateRepos {
 		log.Println("Private repositories enabled")
 	} else {

cmd/rest-server/main_test.go

@@ -4,7 +4,6 @@ import (
 	"context"
 	"errors"
 	"fmt"
-	"io/ioutil"
 	"net/http"
 	"net/url"
 	"os"
@@ -94,7 +93,7 @@ func TestTLSSettings(t *testing.T) {
 }
 
 func TestGetHandler(t *testing.T) {
-	dir, err := ioutil.TempDir("", "rest-server-test")
+	dir, err := os.MkdirTemp("", "rest-server-test")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -120,7 +119,7 @@ func TestGetHandler(t *testing.T) {
 	}
 
 	// With NoAuth = false and custom .htpasswd
-	htpFile, err := ioutil.TempFile(dir, "custom")
+	htpFile, err := os.CreateTemp(dir, "custom")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -137,7 +136,7 @@ func TestGetHandler(t *testing.T) {
 
 	// Create .htpasswd
 	htpasswd := filepath.Join(dir, ".htpasswd")
-	err = ioutil.WriteFile(htpasswd, []byte(""), 0644)
+	err = os.WriteFile(htpasswd, []byte(""), 0644)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -262,7 +261,10 @@ func TestHttpListen(t *testing.T) {
 				if err != nil {
 					return err
 				}
-				resp.Body.Close()
+				err = resp.Body.Close()
+				if err != nil {
+					return err
+				}
 				if resp.StatusCode != test.StatusCode {
 					return fmt.Errorf("expected %d from server, instead got %d (path %s)", test.StatusCode, resp.StatusCode, test.Path)
 				}

go.mod

@@ -1,28 +1,29 @@
 module github.com/restic/rest-server
 
-go 1.18
+go 1.22
 
 require (
 	github.com/coreos/go-systemd/v22 v22.5.0
 	github.com/gorilla/handlers v1.5.2
 	github.com/minio/sha256-simd v1.0.1
 	github.com/miolini/datacounter v1.0.3
-	github.com/prometheus/client_golang v1.18.0
-	github.com/spf13/cobra v1.8.1
-	golang.org/x/crypto v0.25.0
+	github.com/prometheus/client_golang v1.20.5
+	github.com/spf13/cobra v1.9.1
+	golang.org/x/crypto v0.32.0
 )
 
 require (
 	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/cespare/xxhash/v2 v2.2.0 // indirect
-	github.com/felixge/httpsnoop v1.0.3 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
-	github.com/klauspost/cpuid/v2 v2.2.5 // indirect
-	github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect
-	github.com/prometheus/client_model v0.5.0 // indirect
-	github.com/prometheus/common v0.45.0 // indirect
-	github.com/prometheus/procfs v0.12.0 // indirect
-	github.com/spf13/pflag v1.0.5 // indirect
-	golang.org/x/sys v0.22.0 // indirect
-	google.golang.org/protobuf v1.33.0 // indirect
+	github.com/klauspost/compress v1.17.9 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.9 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/prometheus/client_model v0.6.1 // indirect
+	github.com/prometheus/common v0.62.0 // indirect
+	github.com/prometheus/procfs v0.15.1 // indirect
+	github.com/spf13/pflag v1.0.6 // indirect
+	golang.org/x/sys v0.30.0 // indirect
+	google.golang.org/protobuf v1.36.5 // indirect
 )

go.sum

@@ -1,46 +1,56 @@
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
-github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
-github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
-github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk=
-github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
+github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/gorilla/handlers v1.5.2 h1:cLTUSsNkgcwhgRqvCNmdbRWG0A3N4F+M2nWKdScwyEE=
 github.com/gorilla/handlers v1.5.2/go.mod h1:dX+xVpaxdSw+q0Qek8SSsl3dfMk3jNddUkMzo0GtH0w=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
-github.com/klauspost/cpuid/v2 v2.2.5 h1:0E5MSMDEoAulmXNFquVs//DdoomxaoTY1kUhbc/qbZg=
-github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
-github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg=
-github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k=
+github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA=
+github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
+github.com/klauspost/cpuid/v2 v2.2.9 h1:66ze0taIn2H33fBvCkXuv9BmCwDfafmiIVpKV9kKGuY=
+github.com/klauspost/cpuid/v2 v2.2.9/go.mod h1:rqkxqrZ1EhYM9G+hXH7YdowN5R5RGN6NK4QwQ3WMXF8=
+github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
+github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
 github.com/minio/sha256-simd v1.0.1 h1:6kaan5IFmwTNynnKKpDHe6FWHohJOHhCPchzK49dzMM=
 github.com/minio/sha256-simd v1.0.1/go.mod h1:Pz6AKMiUdngCLpeTL/RJY1M9rUuPMYujV5xJjtbRSN8=
 github.com/miolini/datacounter v1.0.3 h1:tanOZPVblGXQl7/bSZWoEM8l4KK83q24qwQLMrO/HOA=
 github.com/miolini/datacounter v1.0.3/go.mod h1:C45dc2hBumHjDpEU64IqPwR6TDyPVpzOqqRTN7zmBUA=
-github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+FoDDqP5Tbk=
-github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA=
-github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw=
-github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI=
-github.com/prometheus/common v0.45.0 h1:2BGz0eBc2hdMDLnO/8n0jeB3oPrt2D08CekT0lneoxM=
-github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGyv9MZjVOJsY=
-github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo=
-github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y=
+github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE=
+github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
+github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
+github.com/prometheus/common v0.62.0 h1:xasJaQlnWAeyHdUBeGjXmutelfJHWMRr+Fg4QszZ2Io=
+github.com/prometheus/common v0.62.0/go.mod h1:vyBcEuLSvWos9B1+CyL7JZ2up+uFzXhkqml0W5zIY1I=
+github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
+github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM=
-github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y=
-github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
-github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
-golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
-golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
-golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
-google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+github.com/spf13/cobra v1.9.1 h1:CXSaggrXdbHK9CF+8ywj8Amf7PBRmPCOJugH954Nnlo=
+github.com/spf13/cobra v1.9.1/go.mod h1:nDyEzZ8ogv936Cinf6g1RU9MRY64Ir93oCnqb9wxYW0=
+github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o=
+github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc=
+golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc=
+golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
+golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM=
+google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

handlers.go

@@ -158,7 +158,8 @@ func join(base string, names ...string) (string, error) {
 // splitURLPath splits the URL path into a folderPath of the subrepo, and
 // a remainder that can be passed to repo.Handler.
 // Example: /foo/bar/locks/0123... will be split into:
-//          ["foo", "bar"] and "/locks/0123..."
+//
+//	["foo", "bar"] and "/locks/0123..."
 func splitURLPath(urlPath string, maxDepth int) (folderPath []string, remainder string) {
 	if !strings.HasPrefix(urlPath, "/") {
 		// Really should start with "/"

handlers_test.go

@@ -6,7 +6,6 @@ import (
 	"encoding/hex"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net/http"
 	"net/http/httptest"
 	"os"
@@ -165,7 +164,7 @@ func createOverwriteDeleteSeq(t testing.TB, path string, data string) []TestRequ
 	return req
 }
 
-func createTestHandler(t *testing.T, conf Server) (http.Handler, string, string, string, func()) {
+func createTestHandler(t *testing.T, conf *Server) (http.Handler, string, string, string, func()) {
 	buf := make([]byte, 32)
 	_, err := io.ReadFull(rand.Reader, buf)
 	if err != nil {
@@ -176,7 +175,7 @@ func createTestHandler(t *testing.T, conf Server) (http.Handler, string, string,
 	fileID := hex.EncodeToString(dataHash[:])
 
 	// setup the server with a local backend in a temporary directory
-	tempdir, err := ioutil.TempDir("", "rest-server-test-")
+	tempdir, err := os.MkdirTemp("", "rest-server-test-")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -190,7 +189,7 @@ func createTestHandler(t *testing.T, conf Server) (http.Handler, string, string,
 	}
 
 	conf.Path = tempdir
-	mux, err := NewHandler(&conf)
+	mux, err := NewHandler(conf)
 	if err != nil {
 		t.Fatalf("error from NewHandler: %v", err)
 	}
@@ -199,7 +198,7 @@ func createTestHandler(t *testing.T, conf Server) (http.Handler, string, string,
 
 // TestResticAppendOnlyHandler runs tests on the restic handler code, especially in append-only mode.
 func TestResticAppendOnlyHandler(t *testing.T) {
-	mux, data, fileID, _, cleanup := createTestHandler(t, Server{
+	mux, data, fileID, _, cleanup := createTestHandler(t, &Server{
 		AppendOnly:   true,
 		NoAuth:       true,
 		Debug:        true,
@@ -300,7 +299,7 @@ func createIdempotentDeleteSeq(t testing.TB, path string, data string) []TestReq
 
 // TestResticHandler runs tests on the restic handler code, especially in append-only mode.
 func TestResticHandler(t *testing.T) {
-	mux, data, fileID, _, cleanup := createTestHandler(t, Server{
+	mux, data, fileID, _, cleanup := createTestHandler(t, &Server{
 		NoAuth:       true,
 		Debug:        true,
 		PanicOnError: true,
@@ -331,7 +330,7 @@ func TestResticHandler(t *testing.T) {
 
 // TestResticErrorHandler runs tests on the restic handler error handling.
 func TestResticErrorHandler(t *testing.T) {
-	mux, _, _, tempdir, cleanup := createTestHandler(t, Server{
+	mux, _, _, tempdir, cleanup := createTestHandler(t, &Server{
 		AppendOnly: true,
 		NoAuth:     true,
 		Debug:      true,
@@ -380,7 +379,7 @@ func TestResticErrorHandler(t *testing.T) {
 }
 
 func TestEmptyList(t *testing.T) {
-	mux, _, _, _, cleanup := createTestHandler(t, Server{
+	mux, _, _, _, cleanup := createTestHandler(t, &Server{
 		AppendOnly: true,
 		NoAuth:     true,
 		Debug:      true,
@@ -404,7 +403,7 @@ func TestEmptyList(t *testing.T) {
 }
 
 func TestListWithUnexpectedFiles(t *testing.T) {
-	mux, _, _, tempdir, cleanup := createTestHandler(t, Server{
+	mux, _, _, tempdir, cleanup := createTestHandler(t, &Server{
 		AppendOnly: true,
 		NoAuth:     true,
 		Debug:      true,
@@ -510,7 +509,7 @@ func newDelayedErrorReader(err error) *delayErrorReader {
 	}
 }
 
-func (d *delayErrorReader) Read(p []byte) (int, error) {
+func (d *delayErrorReader) Read(_ []byte) (int, error) {
 	d.firstReadOnce.Do(func() {
 		// close the channel to signal that the first read has happened
 		close(d.FirstRead)
@@ -522,7 +521,7 @@ func (d *delayErrorReader) Read(p []byte) (int, error) {
 // TestAbortedRequest runs tests with concurrent upload requests for the same file.
 func TestAbortedRequest(t *testing.T) {
 	// the race condition doesn't happen for append-only repositories
-	mux, _, _, _, cleanup := createTestHandler(t, Server{
+	mux, _, _, _, cleanup := createTestHandler(t, &Server{
 		NoAuth:       true,
 		Debug:        true,
 		PanicOnError: true,

htpasswd_test.go

@@ -1,7 +1,6 @@
 package restserver
 
 import (
-	"io/ioutil"
 	"os"
 	"testing"
 )
@@ -12,7 +11,7 @@ func TestValidate(t *testing.T) {
 	rawPwd := "test"
 	wrongPwd := "wrong"
 
-	tmpfile, err := ioutil.TempFile("", "rest-validate-")
+	tmpfile, err := os.CreateTemp("", "rest-validate-")
 	if err != nil {
 		t.Fatal(err)
 	}

quota/quota.go

@@ -113,7 +113,7 @@ func tallySize(path string) (int64, error) {
 		path = "."
 	}
 	var size int64
-	err := filepath.Walk(path, func(path string, info os.FileInfo, err error) error {
+	err := filepath.Walk(path, func(_ string, info os.FileInfo, err error) error {
 		if err != nil {
 			return err
 		}

repo/repo.go

@@ -6,7 +6,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"log"
 	"math/rand"
 	"net/http"
@@ -251,7 +250,7 @@ func (h *Handler) wrapFileWriter(r *http.Request, w io.Writer) (io.Writer, int,
 }
 
 // checkConfig checks whether a configuration exists.
-func (h *Handler) checkConfig(w http.ResponseWriter, r *http.Request) {
+func (h *Handler) checkConfig(w http.ResponseWriter, _ *http.Request) {
 	if h.opt.Debug {
 		log.Println("checkConfig()")
 	}
@@ -267,13 +266,13 @@ func (h *Handler) checkConfig(w http.ResponseWriter, r *http.Request) {
 }
 
 // getConfig allows for a config to be retrieved.
-func (h *Handler) getConfig(w http.ResponseWriter, r *http.Request) {
+func (h *Handler) getConfig(w http.ResponseWriter, _ *http.Request) {
 	if h.opt.Debug {
 		log.Println("getConfig()")
 	}
 	cfg := h.getSubPath("config")
 
-	bytes, err := ioutil.ReadFile(cfg)
+	bytes, err := os.ReadFile(cfg)
 	if err != nil {
 		h.fileAccessError(w, err)
 		return
@@ -314,7 +313,7 @@ func (h *Handler) saveConfig(w http.ResponseWriter, r *http.Request) {
 }
 
 // deleteConfig removes a config.
-func (h *Handler) deleteConfig(w http.ResponseWriter, r *http.Request) {
+func (h *Handler) deleteConfig(w http.ResponseWriter, _ *http.Request) {
 	if h.opt.Debug {
 		log.Println("deleteConfig()")
 	}
@@ -369,7 +368,7 @@ func (h *Handler) listBlobsV1(w http.ResponseWriter, r *http.Request) {
 	}
 	path := h.getSubPath(objectType)
 
-	items, err := ioutil.ReadDir(path)
+	items, err := os.ReadDir(path)
 	if err != nil {
 		h.fileAccessError(w, err)
 		return
@@ -383,8 +382,8 @@ func (h *Handler) listBlobsV1(w http.ResponseWriter, r *http.Request) {
 				continue
 			}
 			subpath := filepath.Join(path, i.Name())
-			var subitems []os.FileInfo
-			subitems, err = ioutil.ReadDir(subpath)
+			var subitems []os.DirEntry
+			subitems, err = os.ReadDir(subpath)
 			if err != nil {
 				h.fileAccessError(w, err)
 				return
@@ -428,7 +427,7 @@ func (h *Handler) listBlobsV2(w http.ResponseWriter, r *http.Request) {
 	}
 	path := h.getSubPath(objectType)
 
-	items, err := ioutil.ReadDir(path)
+	items, err := os.ReadDir(path)
 	if err != nil {
 		h.fileAccessError(w, err)
 		return
@@ -442,17 +441,27 @@ func (h *Handler) listBlobsV2(w http.ResponseWriter, r *http.Request) {
 				continue
 			}
 			subpath := filepath.Join(path, i.Name())
-			var subitems []os.FileInfo
-			subitems, err = ioutil.ReadDir(subpath)
+			var subitems []os.DirEntry
+			subitems, err = os.ReadDir(subpath)
 			if err != nil {
 				h.fileAccessError(w, err)
 				return
 			}
 			for _, f := range subitems {
-				blobs = append(blobs, Blob{Name: f.Name(), Size: f.Size()})
+				fi, err := f.Info()
+				if err != nil {
+					h.fileAccessError(w, err)
+					return
+				}
+				blobs = append(blobs, Blob{Name: f.Name(), Size: fi.Size()})
 			}
 		} else {
-			blobs = append(blobs, Blob{Name: i.Name(), Size: i.Size()})
+			fi, err := i.Info()
+			if err != nil {
+				h.fileAccessError(w, err)
+				return
+			}
+			blobs = append(blobs, Blob{Name: i.Name(), Size: fi.Size()})
 		}
 	}
 
@@ -652,7 +661,7 @@ func (h *Handler) saveBlob(w http.ResponseWriter, r *http.Request) {
 	h.sendMetric(objectType, BlobWrite, uint64(written))
 }
 
-// tempFile implements a custom version of ioutil.TempFile which allows modifying the file permissions
+// tempFile implements a custom version of os.CreateTemp which allows modifying the file permissions
 func tempFile(fn string, perm os.FileMode) (f *os.File, err error) {
 	for i := 0; i < 10; i++ {
 		name := fn + strconv.FormatInt(rand.Int63(), 10)