Generate CHANGELOG.md for 0.11.0

Honour repo.FileMode permissions

.github/ISSUE_TEMPLATE/BUG.md

@@ -0,0 +1,92 @@
+---
+name: Bug report
+about: Report a problem with rest-server to help us resolve it and improve
+---
+
+
+<!--
+Welcome! - We kindly ask that you:
+
+  1. Fill out the issue template below - not doing so needs a good reason.
+  2. Use the forum if you have a question rather than a bug or feature request.
+
+The forum is at: https://forum.restic.net
+
+NOTE: Not filling out the issue template needs a good reason, as otherwise it
+may take a lot longer to find the problem, not to mention it can take up a lot
+more time which can otherwise be spent on development. Please also take the
+time to help us debug the issue by collecting relevant information, even if
+it doesn't seem to be relevant to you. Thanks!
+
+The forum is a better place for questions about rest-server or general suggestions
+and topics, e.g. usage or documentation questions! This issue tracker is mainly
+for tracking bugs and feature requests directly relating to the development of
+the software itself, rather than the project.
+
+Thanks for understanding, and for contributing to the project!
+-->
+
+
+Output of `rest-server --version` <!-- If using docker, output of `docker images restic/rest-server:latest -q` -->
+---------------------------------
+
+
+How did you run rest-server exactly?
+------------------------------------
+
+<!--
+This section should include at least:
+
+ * The complete command line and any environment variables you used to
+   configure rest-server's backend access. Make sure to replace sensitive values!
+
+ * The output of the commands, what rest-server prints gives may give us much
+   information to diagnose the problem!
+-->
+
+
+What backend/server/service did you use to store the repository?
+----------------------------------------------------------------
+
+
+Expected behavior
+-----------------
+
+<!--
+Describe what you'd like rest-server to do differently.
+-->
+
+
+Actual behavior
+---------------
+
+<!--
+Please try to concentrate on observations, so only describe what you observed directly.
+-->
+
+
+Steps to reproduce the behavior
+-------------------------------
+
+<!--
+The more time you spend describing an easy way to reproduce the behavior (if
+this is possible), the easier it is for the project developers to fix it!
+-->
+
+
+Do you have any idea what may have caused this?
+-----------------------------------------------
+
+
+Do you have an idea how to solve the issue?
+-------------------------------------------
+
+
+Did rest-server help you today? Did it make you happy in any way?
+-----------------------------------------------------------------
+
+<!--
+Answering this question is not required, but if you have anything positive to share, please do so here!
+Sometimes we get tired of reading bug reports all day and a little positive end note does wonders.
+Idea by Joey Hess, https://joeyh.name/blog/entry/two_holiday_stories/
+-->

.github/ISSUE_TEMPLATE/FEATURE.md

@@ -0,0 +1,58 @@
+---
+name: Feature request/enhancement
+about: Suggest a new feature or enhancement for rest-server
+---
+
+
+<!--
+Welcome! - We kindly ask that you:
+
+  1. Fill out the issue template below - not doing so needs a good reason.
+  2. Use the forum if you have a question rather than a bug or feature request.
+
+The forum is at: https://forum.restic.net
+
+The forum is a better place for questions about rest-server or general suggestions
+and topics, e.g. usage or documentation questions! This issue tracker is mainly
+for tracking bugs and feature requests directly relating to the development of
+the software itself, rather than the project.
+
+Thanks for understanding, and for contributing to the project!
+-->
+
+
+Output of `rest-server --version` <!-- If using docker, output of `docker images restic/rest-server:latest -q` -->
+---------------------------------
+
+<!--
+Please add the version of rest-server you're currently using here, this helps us
+later to see what has changed in rest-server when we revisit this issue after some
+time.
+-->
+
+
+What should rest-server do differently?
+---------------------------------------
+
+<!--
+Please describe the feature you'd like to see added or changed here.
+-->
+
+
+What are you trying to do? What is your use case?
+-------------------------------------------------
+
+<!--
+This section should contain a brief description what you're trying to do, which
+would be possible after implementing the new feature.
+-->
+
+
+Did rest-server help you today? Did it make you happy in any way?
+-----------------------------------------------------------------
+
+<!--
+Answering this question is not required, but if you have anything positive to share, please do so here!
+Sometimes we get tired of reading bug reports all day and a little positive end note does wonders.
+Idea by Joey Hess, https://joeyh.name/blog/entry/two_holiday_stories/
+-->

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,4 @@
+contact_links:
+  - name: restic forum
+    url: https://forum.restic.net
+    about: Please ask questions about using restic here, do not open an issue for questions.

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,42 @@
+<!--
+Thank you very much for contributing code or documentation to rest-server!
+
+Please note that each PR should be preceded by an issue where the suggested
+change can be discussed in general and without focus on specific code. That
+way, work done in the PR will better match what's been agreed in the issue.
+
+Please fill out the following questions to make it easier for us to review
+your changes. You don't have to check all the checkboxes at once, instead
+feel free to add more commits over time.
+-->
+
+
+What is the purpose of this change? What does it change?
+--------------------------------------------------------
+
+<!--
+Describe the changes here, as detailed as needed.
+-->
+
+
+Was the change discussed in an issue or in the forum before?
+------------------------------------------------------------
+
+<!--
+Link issues and relevant forum posts here.
+
+If this PR resolves an issue on GitHub, write "Closes #1234" such
+that the issue is closed automatically when this PR is merged.
+-->
+
+
+Checklist
+---------
+
+- [ ] I have enabled [maintainer edits for this PR](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/allowing-changes-to-a-pull-request-branch-created-from-a-fork)
+- [ ] I have added tests for all changes in this PR
+- [ ] I have added documentation for the changes (in the manual)
+- [ ] There's a new file in `changelog/unreleased/` that describes the changes for our users (template [here](https://github.com/restic/rest-server/blob/master/changelog/TEMPLATE))
+- [ ] I have run `gofmt` on the code in all commits
+- [ ] All commit messages are formatted in the same style as [the other commits in the repo](https://github.com/restic/rest-server/commits/master)
+- [ ] I'm done, this Pull Request is ready for review

.github/workflows/tests.yml

@@ -0,0 +1,67 @@
+name: test
+on:
+  # run tests on push to master, but not when other branches are pushed to
+  push:
+    branches:
+      - master
+
+  # run tests for all pull requests
+  pull_request:
+
+jobs:
+  test:
+    strategy:
+      matrix:
+        go:
+          - 1.14.x
+          - 1.15.x
+          - 1.16.x
+          - 1.17.x
+    runs-on: ubuntu-latest
+    name: Go ${{ matrix.go }}
+
+    env:
+      GOPROXY: https://proxy.golang.org
+
+    steps:
+      - name: Set up Go ${{ matrix.go }}
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ matrix.go }}
+
+      - name: Check out code
+        uses: actions/checkout@v2
+
+      - name: Build
+        run: |
+          go build ./cmd/rest-server
+
+      - name: Build with build.go
+        run: |
+          go run build.go --goos linux
+          go run build.go --goos windows
+          go run build.go --goos darwin
+
+      - name: Run tests
+        run: |
+          go test ./...
+
+  lint:
+    name: lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v2
+
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v2
+        with:
+          # Required: the version of golangci-lint is required and must be specified without patch version: we always use the latest patch version.
+          version: v1.41
+          args: --verbose --timeout 5m
+
+      - name: Check go.mod/go.sum
+        run: |
+          echo "check if go.mod and go.sum are up to date"
+          go mod tidy
+          git diff --exit-code go.mod go.sum

.gitignore

@@ -1,5 +1 @@
-*~
-\#*\#
-.\#*
-
 /rest-server

.golangci.yml

@@ -0,0 +1,57 @@
+# This is the configuration for golangci-lint for the restic project.
+#
+# A sample config with all settings is here:
+# https://github.com/golangci/golangci-lint/blob/master/.golangci.example.yml
+
+linters:
+  # only enable the linters listed below
+  disable-all: true
+  enable:
+    # make sure all errors returned by functions are handled
+    - errcheck
+
+    # find unused code
+    - deadcode
+
+    # show how code can be simplified
+    - gosimple
+
+    # # make sure code is formatted
+    - gofmt
+
+    # examine code and report suspicious constructs, such as Printf calls whose
+    # arguments do not align with the format string
+    - govet
+
+    # make sure names and comments are used according to the conventions
+    - revive
+
+    # detect when assignments to existing variables are not used
+    - ineffassign
+
+    # run static analysis and find errors
+    - staticcheck
+
+    # find unused variables, functions, structs, types, etc.
+    - unused
+
+    # find unused struct fields
+    - structcheck
+
+    # find unused global variables
+    - varcheck
+
+    # parse and typecheck code
+    - typecheck
+
+issues:
+  # don't use the default exclude rules, this hides (among others) ignored
+  # errors from Close() calls
+  exclude-use-default: false
+
+  # list of things to not warn about
+  exclude:
+    # golint: do not warn about missing comments for exported stuff
+    - exported (function|method|var|type|const) `.*` should have comment or be unexported
+    # golint: ignore constants in all caps
+    - don't use ALL_CAPS in Go names; use CamelCase

.goreleaser.yml

@@ -0,0 +1,109 @@
+---
+before:
+  # Run a few commands to check the state of things. When anything is changed
+  # in files commited to the repo, goreleaser will abort before building
+  # anything because the git checkout is dirty.
+  hooks:
+    # make sure all modules are available
+    - go mod download
+    # make sure all generated code is up to date
+    - go generate ./...
+    # check that $VERSION is set
+    - test -n "{{ .Env.VERSION }}"
+    # make sure the file VERSION contains the latest version (used for build.go)
+    - bash -c 'echo "{{ .Env.VERSION }}" > VERSION'
+    # make sure that main.go contains the latest version
+    - echo sed -i 's/var version = "[^"]*"/var version = "{{ .Env.VERSION }}"/' cmd/rest-server/main.go
+    # make sure the file CHANGELOG.md is up to date
+    - calens --output CHANGELOG.md
+
+# build a single binary
+builds:
+  -
+    # make sure everything is statically linked by disabling cgo altogether
+    env:
+      - CGO_ENABLED=0
+
+    # set the package for the main binary
+    main: ./cmd/rest-server
+
+    flags:
+      # don't include any paths to source files in the resulting binary
+      - -trimpath
+
+    ldflags:
+      # set the version variable in the main package
+      - "-s -w -X main.version={{ .Version }}"
+
+    # list all operating systems and architectures we build binaries for
+    goos:
+      - linux
+      - darwin
+      - windows
+      - freebsd
+      - netbsd
+      - openbsd
+      - dragonfly
+      - plan9
+      - solaris
+
+    goarch:
+      - amd64
+      - 386
+      - arm
+      - arm64
+      - mips
+      - mips64
+      - mips64le
+      - ppc64
+      - ppc64le
+    goarm:
+      - 6
+      - 7
+
+# configure the resulting archives to create
+archives:
+  -
+    # package a directory which contains the source file
+    wrap_in_directory: true
+
+    # add these files to all archives
+    files:
+      - LICENSE
+      - README.md
+      - CHANGELOG.md
+
+# also build an archive of the source code
+source:
+  enabled: true
+
+# build a file containing the SHA256 hashes
+checksum:
+  name_template: 'SHA256SUMS'
+
+# sign the checksum file
+signs:
+  - artifacts: checksum
+    signature: "${artifact}.asc"
+    args:
+      - "--armor"
+      - "--output"
+      - "${signature}"
+      - "--detach-sign"
+      - "${artifact}"
+
+# do not generate a changelog file, we're using calens for that
+changelog:
+  skip: true
+
+# configure building the rest-server docker image
+dockers:
+  - image_templates:
+      - restic/rest-server:latest
+      - restic/rest-server:{{ .Version }}
+    build_flag_templates:
+      - "--pull"
+    extra_files:
+      - docker/create_user
+      - docker/delete_user
+      - docker/entrypoint.sh

.travis.yml

@@ -1,35 +0,0 @@
-os: linux
-sudo: false
-language: go
-
-go:
-  - 1.7.6
-  - 1.8.3
-  - tip
-
-matrix:
-  allow_failures:
-    - go: tip
-
-branches:
-  only:
-    - master
-
-notifications:
-  email:
-    on_success: always
-
-install:
-  - export GOBIN="$GOPATH/bin"
-  - export PATH="$PATH:$GOBIN"
-  - go get -u github.com/golang/lint/golint
-  - go get golang.org/x/tools/cmd/goimports
-
-script:
-  - go install
-  - go test -v .
-  - go run build.go -v -T
-  - diff <(goimports -d *.go) <(printf "")
-
-after_success:
-  - diff <(golint *.go) <(printf "")

AUTHORS

@@ -0,0 +1,16 @@
+# This is the official list of Rest Server authors for copyright purposes.
+
+Aaron Bieber <aaron@bolddaemon.com>
+Alexander Neumann <alexander@bumpern.de>
+Bertil Chapuis <bchapuis@agimem.com>
+Brice Waegeneire <brice.wge@gmail.com>
+Bruno Clermont <bruno@robotinfra.com>
+Chapuis Bertil <bchapuis@agimem.com>
+Kenny Keslar <r3dey3@r3dey3.com>
+Konrad Wojas <github@m.wojas.nl>
+Matthew Holt <mholt@users.noreply.github.com>
+Mebus <mebus.inbox@googlemail.com>
+Wayne Scott <wsc9tt@gmail.com>
+Zlatko Čalušić <zcalusic@bitsync.net>
+cgonzalez <chgonzalezg@gmail.com>
+n0npax <marcin@niemira.net>

CHANGELOG.md

@@ -0,0 +1,215 @@
+Changelog for rest-server 0.11.0 (2022-02-10)
+============================================
+
+The following sections list the changes in rest-server 0.11.0 relevant
+to users. The changes are ordered by importance.
+
+Summary
+-------
+
+ * Sec #131: Prevent loading of usernames containing a slash
+ * Fix #119: Fix Docker configuration for `DISABLE_AUTHENTICATION`
+ * Fix #142: Fix possible data loss due to interrupted network connections
+ * Fix #157: Use platform-specific temporary directory as default data directory
+ * Fix #155: Reply "insufficient storage" on disk full or over-quota
+ * Chg #146: Build rest-server at docker container build time
+ * Chg #112: Add subrepo support and refactor server code
+ * Enh #122: Verify uploaded files
+ * Enh #126: Allow running rest-server via systemd socket activation
+ * Enh #148: Expand use of security features in example systemd unit file
+
+Details
+-------
+
+ * Security #131: Prevent loading of usernames containing a slash
+
+   "/" is valid char in HTTP authorization headers, but is also used in rest-server to map
+   usernames to private repos.
+
+   This commit prevents loading maliciously composed usernames like "/foo/config" by
+   restricting the allowed characters to the unicode character class, numbers, "-", "." and "@".
+
+   This prevents requests to other users files like:
+
+   Curl -v -X DELETE -u foo/config:attack http://localhost:8000/foo/config
+
+   https://github.com/restic/rest-server/issues/131
+   https://github.com/restic/rest-server/pull/132
+   https://github.com/restic/rest-server/pull/137
+
+ * Bugfix #119: Fix Docker configuration for `DISABLE_AUTHENTICATION`
+
+   Rest-server 0.10.0 introduced a regression which caused the `DISABLE_AUTHENTICATION`
+   environment variable to stop working for the Docker container. This has been fixed by
+   automatically setting the option `--no-auth` to disable authentication.
+
+   https://github.com/restic/rest-server/issues/119
+   https://github.com/restic/rest-server/pull/124
+
+ * Bugfix #142: Fix possible data loss due to interrupted network connections
+
+   When rest-server was run without `--append-only` it was possible to lose uploaded files in a
+   specific scenario in which a network connection was interrupted.
+
+   For the data loss to occur a file upload by restic would have to be interrupted such that restic
+   notices the interrupted network connection before the rest-server. Then restic would have to
+   retry the file upload and finish it before the rest-server notices that the initial upload has
+   failed. Then the uploaded file would be accidentally removed by rest-server when trying to
+   cleanup the failed upload.
+
+   This has been fixed by always uploading to a temporary file first which is moved in position only
+   once it was uploaded completely.
+
+   https://github.com/restic/rest-server/pull/142
+
+ * Bugfix #157: Use platform-specific temporary directory as default data directory
+
+   If no data directory is specificed, then rest-server now uses the Go standard library
+   functions to retrieve the standard temporary directory path for the current platform.
+
+   https://github.com/restic/rest-server/issues/157
+   https://github.com/restic/rest-server/pull/158
+
+ * Bugfix #155: Reply "insufficient storage" on disk full or over-quota
+
+   When there was no space left on disk, or any other write-related error occurred, rest-server
+   replied with HTTP status code 400 (Bad request). This is misleading (restic client will dump
+   the status code to the user).
+
+   Rest-server now replies with two different status codes in these situations: * HTTP 507
+   "Insufficient storage" is the status on disk full or repository over-quota * HTTP 500
+   "Internal server error" is used for other disk-related errors
+
+   https://github.com/restic/rest-server/issues/155
+   https://github.com/restic/rest-server/pull/160
+
+ * Change #146: Build rest-server at docker container build time
+
+   The Dockerfile now includes a build stage such that the latest rest-server is always built and
+   packaged. This is done in a standard golang container to ensure a clean build environment and
+   only the final binary is shipped rather than the whole build environment.
+
+   https://github.com/restic/rest-server/issues/146
+   https://github.com/restic/rest-server/pull/145
+
+ * Change #112: Add subrepo support and refactor server code
+
+   Support for multi-level repositories has been added, so now each user can have its own
+   subrepositories. This feature is always enabled.
+
+   Authentication for the Prometheus /metrics endpoint can now be disabled with the new
+   `--prometheus-no-auth` flag.
+
+   We have split out all HTTP handling to a separate `repo` subpackage to cleanly separate the
+   server code from the code that handles a single repository. The new RepoHandler also makes it
+   easier to reuse rest-server as a Go component in any other HTTP server.
+
+   The refactoring makes the code significantly easier to follow and understand, which in turn
+   makes it easier to add new features, audit for security and debug issues.
+
+   https://github.com/restic/rest-server/issues/109
+   https://github.com/restic/rest-server/issues/107
+   https://github.com/restic/rest-server/pull/112
+
+ * Enhancement #122: Verify uploaded files
+
+   The rest-server now by default verifies that the hash of content of uploaded files matches
+   their filename. This ensures that transmission errors are detected and forces restic to retry
+   the upload. On low-power devices it can make sense to disable this check by passing the
+   `--no-verify-upload` flag.
+
+   https://github.com/restic/rest-server/issues/122
+   https://github.com/restic/rest-server/pull/130
+
+ * Enhancement #126: Allow running rest-server via systemd socket activation
+
+   We've added the option to have systemd create the listening socket and start the rest-server on
+   demand.
+
+   https://github.com/restic/rest-server/issues/126
+   https://github.com/restic/rest-server/pull/151
+   https://github.com/restic/rest-server/pull/127
+
+ * Enhancement #148: Expand use of security features in example systemd unit file
+
+   The example systemd unit file now enables additional systemd features to mitigate potential
+   security vulnerabilities in rest-server and the various packages and operating system
+   components which it relies upon.
+
+   https://github.com/restic/rest-server/issues/148
+   https://github.com/restic/rest-server/pull/149
+
+
+Changelog for rest-server 0.10.0 (2020-09-13)
+============================================
+
+The following sections list the changes in rest-server 0.10.0 relevant
+to users. The changes are ordered by importance.
+
+Summary
+-------
+
+ * Sec #117: Stricter path sanitization
+ * Sec #60: Require auth by default, add --no-auth flag
+ * Sec #64: Refuse overwriting config file in append-only mode
+ * Chg #102: Remove vendored dependencies
+ * Enh #44: Add changelog file
+
+Details
+-------
+
+ * Security #117: Stricter path sanitization
+
+   The framework we're using in rest-server to decode paths to repositories allowed specifying
+   URL-encoded characters in paths, including sensitive characters such as `/` (encoded as
+   `%2F`).
+
+   We've changed this unintended behavior, such that rest-server now rejects such paths. In
+   particular, it is no longer possible to specify sub-repositories for users by encoding the
+   path with `%2F`, such as `http://localhost:8000/foo%2Fbar`, which means that this will
+   unfortunately be a breaking change in that case.
+
+   If using sub-repositories for users is important to you, please let us know in the forum, so we
+   can learn about your use case and implement this properly. As it currently stands, the ability
+   to use sub-repositories was an unintentional feature made possible by the URL decoding
+   framework used, and hence never meant to be supported in the first place. If we wish to have this
+   feature in rest-server, we'd like to have it implemented properly and intentionally.
+
+   https://github.com/restic/rest-server/issues/117
+
+ * Security #60: Require auth by default, add --no-auth flag
+
+   In order to prevent users from accidentally exposing rest-server without authentication,
+   rest-server now defaults to requiring a .htpasswd. If you want to disable authentication, you
+   need to explicitly pass the new --no-auth flag.
+
+   https://github.com/restic/rest-server/issues/60
+   https://github.com/restic/rest-server/pull/61
+
+ * Security #64: Refuse overwriting config file in append-only mode
+
+   While working on the `rclone serve restic` command we noticed that is currently possible to
+   overwrite the config file in a repo even if `--append-only` is specified. The first commit adds
+   proper tests, and the second commit fixes the issue.
+
+   https://github.com/restic/rest-server/pull/64
+
+ * Change #102: Remove vendored dependencies
+
+   We've removed the vendored dependencies (in the subdir `vendor/`) similar to what we did for
+   `restic` itself. When building restic, the Go compiler automatically fetches the
+   dependencies. It will also cryptographically verify that the correct code has been fetched by
+   using the hashes in `go.sum` (see the link to the documentation below).
+
+   Building the rest-server now requires Go 1.11 or newer, since we're using Go Modules for
+   dependency management. Older Go versions are not supported any more.
+
+   https://github.com/restic/rest-server/issues/102
+   https://golang.org/cmd/go/#hdr-Module_downloading_and_verification
+
+ * Enhancement #44: Add changelog file
+
+   https://github.com/restic/rest-server/issues/44
+   https://github.com/restic/rest-server/pull/62
+
+

Dockerfile

@@ -0,0 +1,27 @@
+FROM golang:alpine AS builder
+
+ENV CGO_ENABLED 0
+
+COPY . /build
+WORKDIR /build
+RUN go build -o rest-server ./cmd/rest-server
+
+
+
+
+FROM alpine
+
+ENV DATA_DIRECTORY /data
+ENV PASSWORD_FILE /data/.htpasswd
+
+RUN apk add --no-cache --update apache2-utils
+
+COPY docker/create_user /usr/bin/
+COPY docker/delete_user /usr/bin/
+COPY docker/entrypoint.sh /entrypoint.sh
+COPY --from=builder /build/rest-server /usr/bin
+
+VOLUME /data
+EXPOSE 8000
+
+CMD [ "/entrypoint.sh" ]

LICENSE

@@ -2,6 +2,7 @@ The BSD 2-Clause License
 
 Copyright © 2015, Bertil Chapuis
 Copyright © 2016, Zlatko Čalušić, Alexander Neumann
+Copyright © 2017, The Rest Server Authors
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

README.md

@@ -1,118 +1,160 @@
 # Rest Server
 
-[![Build Status](https://travis-ci.org/restic/rest-server.svg?branch=master)](https://travis-ci.org/restic/rest-server)
+
+[![Status badge for CI tests](https://github.com/restic/rest-server/workflows/test/badge.svg)](https://github.com/restic/rest-server/actions?query=workflow%3Atest)
 [![Go Report Card](https://goreportcard.com/badge/github.com/restic/rest-server)](https://goreportcard.com/report/github.com/restic/rest-server)
 [![GoDoc](https://godoc.org/github.com/restic/rest-server?status.svg)](https://godoc.org/github.com/restic/rest-server)
 [![License](https://img.shields.io/badge/license-BSD%20%282--Clause%29-003262.svg?maxAge=2592000)](https://github.com/restic/rest-server/blob/master/LICENSE)
 [![Powered by](https://img.shields.io/badge/powered_by-Go-5272b4.svg?maxAge=2592000)](https://golang.org/)
 
-Rest Server is a high performance HTTP server that implements restic's [REST backend
-API](https://github.com/restic/restic/blob/master/doc/rest_backend.rst).  It provides secure and efficient way to backup
-data remotely, using [restic](https://github.com/restic/restic) backup client.
+Rest Server is a high performance HTTP server that implements restic's [REST backend API](https://restic.readthedocs.io/en/latest/100_references.html#rest-backend).  It provides secure and efficient way to backup data remotely, using [restic](https://github.com/restic/restic) backup client via the [rest: URL](https://restic.readthedocs.io/en/latest/030_preparing_a_new_repo.html#rest-server).
 
 ## Requirements
 
-Rest Server requires Go 1.7 or higher to build.  The only tested compiler is the official Go compiler.  Building server
-with gccgo may work, but is not supported.
+Rest Server requires Go 1.14 or higher to build.  The only tested compiler is the official Go compiler.  Building server with `gccgo` may work, but is not supported.
 
-The required version of restic backup client to use with rest-server is
-[v0.6.1](https://github.com/restic/restic/releases/tag/v0.6.1) or higher, due to some
-[changes](https://github.com/restic/restic/commit/1a538509d0232f1a532266e07da509875fe9e0d6) in the REST backend API and
-performance [improvements](https://github.com/restic/restic/commit/04b262d8f10ba9eacde041734c08f806c4685e7f).
+The required version of restic backup client to use with `rest-server` is [v0.7.1](https://github.com/restic/restic/releases/tag/v0.7.1) or higher.
 
-## Installation
+## Build
 
-Run ```go run build.go```, afterwards you'll find the binary in the current directory.  You can move it anywhere you
-want.  There's also an [example systemd service
-file](https://github.com/restic/rest-server/blob/master/etc/rest-server.service) included, so you can get it up &
-running as a proper service in no time.  Of course, you can also test it from the command line.
+For building the `rest-server` binary run `CGO_ENABLED=0 go build -o rest-server ./cmd/rest-server`
 
-```
-% go run build.go
+## Usage
+
+To learn how to use restic backup client with REST backend, please consult [restic manual](https://restic.readthedocs.io/en/latest/030_preparing_a_new_repo.html#rest-server).
+
+```console
+$ rest-server --help
 
-% ./rest-server --help
 Run a REST server for use with restic
 
 Usage:
   rest-server [flags]
 
 Flags:
-      --cpuprofile string   write CPU profile to file
-      --debug               output debug messages
-  -h, --help                help for rest-server
-      --listen string       listen address (default ":8000")
-      --log string          log HTTP requests in the combined log format
-      --path string         data directory (default "/tmp/restic")
-      --tls                 turn on TLS support
+      --append-only          enable append only mode
+      --cpu-profile string   write CPU profile to file
+      --debug                output debug messages
+  -h, --help                 help for rest-server
+      --listen string        listen address (default ":8000")
+      --log string           log HTTP requests in the combined log format
+      --max-size int         the maximum size of the repository in bytes
+      --no-auth              disable .htpasswd authentication
+      --no-verify-upload     do not verify the integrity of uploaded data. DO NOT enable unless the rest-server runs on a very low-power device
+      --path string          data directory (default "/tmp/restic")
+      --private-repos        users can only access their private repo
+      --prometheus           enable Prometheus metrics
+      --prometheus-no-auth   disable auth for Prometheus /metrics endpoint
+      --tls                  turn on TLS support
+      --tls-cert string      TLS certificate path
+      --tls-key string       TLS key path
+  -v, --version              version for rest-server
 ```
 
-Alternatively, you can compile and install it in your $GOBIN with a standard `go install`.  But, beware, you won't have
-version info built into binary, when compiled that way.
+By default the server persists backup data in the OS temporary directory (`/tmp/restic` on Linux/BSD and others, in `%TEMP%\\restic` in Windows, etc). **If `rest-server` is launched using the default path, all backups will be lost**. To start the server with a custom persistence directory and with authentication disabled:
 
-## Getting started
-
-By default the server persists backup data in `/tmp/restic`.  Start the server with a custom persistence directory:
-
-```
-% rest-server --path /user/home/backup
+```sh
+rest-server --path /user/home/backup --no-auth
 ```
 
-The server uses an `.htpasswd` file to specify users.  You can create such a file at the root of the persistence
-directory by executing the following command.  In order to append new user to the file, just omit the `-c` argument.
+To authenticate users (for access to the rest-server), the server supports using a `.htpasswd` file to specify users. You can create such a file at the root of the persistence directory by executing the following command (note that you need the `htpasswd` program from Apache's http-tools).  In order to append new user to the file, just omit the `-c` argument.  Only bcrypt and SHA encryption methods are supported, so use -B (very secure) or -s (insecure by today's standards) when adding/changing passwords.
 
-```
-% htpasswd -s -c .htpasswd username
+```sh
+htpasswd -B -c .htpasswd username
 ```
 
-By default the server uses HTTP protocol.  This is not very secure since with Basic Authentication, username and
-passwords will travel in cleartext in every request.  In order to enable TLS support just add the `-tls` argument and
-add a private and public key at the root of your persistence directory.
+If you want to disable authentication, you must add the `--no-auth` flag. If this flag is not specified and the `.htpasswd` cannot be opened, rest-server will refuse to start.
 
-Signed certificate is required by the restic backend, but if you just want to test the feature you can generate unsigned
-keys with the following commands:
+NOTE: In older versions of rest-server (up to 0.9.7), this flag does not exist and the server disables authentication if `.htpasswd` is missing or cannot be opened.
 
-```
-% openssl genrsa -out private_key 2048
-% openssl req -new -x509 -key private_key -out public_key -days 365
+By default the server uses HTTP protocol.  This is not very secure since with Basic Authentication, user name and passwords will be sent in clear text in every request.  In order to enable TLS support just add the `--tls` argument and add a private and public key at the root of your persistence directory. You may also specify private and public keys by `--tls-cert` and `--tls-key`.
+
+Signed certificate is normally required by the restic backend, but if you just want to test the feature you can generate password-less unsigned keys with the following command:
+
+```sh
+openssl req -newkey rsa:2048 -nodes -x509 -keyout private_key -out public_key -days 365 -addext "subjectAltName = IP:127.0.0.1,DNS:yourdomain.com"
 ```
 
-Rest Server uses exactly the same directory structure as local backend, so you should be able to access it both locally
-and via HTTP, even simultaneously.
+Omit the `IP:127.0.0.1` if you don't need your server be accessed via SSH Tunnels. No need to change default values in the openssl dialog, hitting enter every time is sufficient. To access this server via restic use `--cacert public_key`, meaning with a self-signed certificate you have to distribute your `public_key` file to every restic client.
 
-To learn how to use restic backup client with REST backend, please consult [restic
-manual](https://restic.readthedocs.io/en/latest/manual.html#rest-server).
+The `--append-only` mode allows creation of new backups but prevents deletion and modification of existing backups. This can be useful when backing up systems that have a potential of being hacked.
+
+To prevent your users from accessing each others' repositories, you may use the `--private-repos` flag which grants access only when a subdirectory with the same name as the user is specified in the repository URL. For example, user "foo" using the repository URLs `rest:https://foo:pass@host:8000/foo` or `rest:https://foo:pass@host:8000/foo/` would be granted access, but the same user using repository URLs `rest:https://foo:pass@host:8000/` or `rest:https://foo:pass@host:8000/foobar/` would be denied access. Users can also create their own subrepositories, like `/foo/bar/`.
+
+Rest Server uses exactly the same directory structure as local backend, so you should be able to access it both locally and via HTTP, even simultaneously.
+
+### Systemd
+
+There's an example [systemd service file](https://github.com/restic/rest-server/blob/master/examples/systemd/rest-server.service) included with the source, so you can get Rest Server up & running as a proper Systemd service in no time.  Before installing, adapt paths and options to your environment.
+
+### Docker
+
+Rest Server works well inside a container, images are [published to Docker Hub](https://hub.docker.com/r/restic/rest-server). 
+
+#### Start server
+
+You can run the server with any container runtime, like Docker:
+
+```sh
+    docker pull restic/rest-server:latest
+    docker run -p 8000:8000 -v /my/data:/data --name rest_server restic/rest-server
+```
+
+Note that:
+
+- **contrary to the defaults** of `rest-server`, the persistent data volume is located to `/data`.
+- By default, the image uses authentication.  To turn it off, set environment variable `DISABLE_AUTHENTICATION` to any value.
+- It's suggested to set a container name to more easily manage users (`--name` parameter to `docker run`).
+- You can set environment variable `OPTIONS` to any extra flags you'd like to pass to rest-server.
+
+#### Customize the image
+
+The [published image](https://hub.docker.com/r/restic/rest-server) is built from the `Dockerfile` available on this repository, which you may use as a basis for building your own customized images.
+
+```sh
+    git clone https://github.com/restic/rest-server.git 
+    cd rest-server
+    docker build -t restic/rest-server:latest .
+```
+
+#### Manage users
+
+##### Add user
+
+```sh
+docker exec -it rest_server create_user myuser
+```
+
+or
+
+```sh
+docker exec -it rest_server create_user myuser mypassword
+```
+
+##### Delete user
+
+```sh
+docker exec -it rest_server delete_user myuser
+```
+
+
+## Prometheus support and Grafana dashboard
+
+The server can be started with `--prometheus` to expose [Prometheus](https://prometheus.io/) metrics at `/metrics`. If authentication is enabled, this endpoint requires authentication for the 'metrics' user, but this can be overridden with the `--prometheus-no-auth` flag.
+
+This repository contains an example full stack Docker Compose setup with a Grafana dashboard in [examples/compose-with-grafana/](examples/compose-with-grafana/).
+
+
+## Why use Rest Server?
+
+Compared to the SFTP backend, the REST backend has better performance, especially so if you can skip additional crypto overhead by using plain HTTP transport (restic already properly encrypts all data it sends, so using HTTPS is mostly about authentication).
+
+But, even if you use HTTPS transport, the REST protocol should be faster and more scalable, due to some inefficiencies of the SFTP protocol (everything needs to be transferred in chunks of 32 KiB at most, each packet needs to be acknowledged by the server).
+
+One important safety feature that Rest Server adds is the optional ability to run in append-only mode. This prevents an attacker from wiping your server backups when access is gained to the server being backed up.
+
+Finally, the Rest Server implementation is really simple and as such could be used on the low-end devices, no problem.  Also, in some cases, for example behind corporate firewalls, HTTP/S might be the only protocol allowed.  Here too REST backend might be the perfect option for your backup needs.
 
 ## Contributors
 
 Contributors are welcome, just open a new issue / pull request.
-
-## License
-
-```
-The BSD 2-Clause License
-
-Copyright © 2015, Bertil Chapuis
-Copyright © 2016, Zlatko Čalušić, Alexander Neumann
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-
-* Redistributions of source code must retain the above copyright notice, this
-  list of conditions and the following disclaimer.
-
-* Redistributions in binary form must reproduce the above copyright notice,
-  this list of conditions and the following disclaimer in the documentation
-  and/or other materials provided with the distribution.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-```

Release.md

@@ -0,0 +1,43 @@
+1. Export `$VERSION`:
+
+        export VERSION=0.10.0
+
+2. Add new version to file `VERSION` and `main.go` and commit the result:
+
+        echo "${VERSION}" | tee VERSION
+        sed -i "s/var version = \"[^\"]*\"/var version = \"${VERSION}\"/" cmd/rest-server/main.go
+        git commit -m "Update VERSION files for ${VERSION}" VERSION cmd/rest-server/main.go
+
+3. Move changelog files for `calens`:
+
+        mv changelog/unreleased "changelog/${VERSION}_$(date +%Y-%m-%d)"
+        rm -f "changelog/${VERSION}_$(date +%Y-%m-%d)/.gitkeep"
+        git add "changelog/${VERSION}"*
+        git rm -r changelog/unreleased
+        mkdir changelog/unreleased
+        touch changelog/unreleased/.gitkeep
+        git add changelog/unreleased/.gitkeep
+        git commit -m "Move changelog files for ${VERSION}" changelog/{unreleased,"${VERSION}"*}
+
+4. Generate changelog:
+
+        calens > CHANGELOG.md
+        git add CHANGELOG.md
+        git commit -m "Generate CHANGELOG.md for ${VERSION}" CHANGELOG.md
+
+5. Tag new version and push the tag:
+
+        git tag -a -s -m "v${VERSION}" "v${VERSION}"
+        git push --tags
+
+6. Build the project (use `--skip-publish` for testing, or pass `--config` to
+   use another config file):
+
+        goreleaser \
+          release \
+          --release-notes <(calens --template changelog/CHANGELOG-GitHub.tmpl --version "${VERSION}")
+
+7. Set a new version in `main.go` and commit the result:
+
+        sed -i "s/var version = \"[^\"]*\"/var version = \"${VERSION}-dev\"/" cmd/rest-server/main.go
+        git commit -m "Update version for development" cmd/rest-server/main.go

VERSION

@@ -1 +1 @@
-0.9.2
+0.11.0

build.go

@@ -1,4 +1,42 @@
-// +build ignore
+// Description
+//
+// This program aims to make building Go programs for end users easier by just
+// calling it with `go run`, without having to setup a GOPATH.
+//
+// This program needs Go >= 1.12. It'll use Go modules for compilation. It
+// builds the package configured as Main in the Config struct.
+
+// BSD 2-Clause License
+//
+// Copyright (c) 2016-2018, Alexander Neumann <alexander@bumpern.de>
+// All rights reserved.
+//
+// This file has been derived from the repository at:
+// https://github.com/fd0/build-go
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// * Redistributions of source code must retain the above copyright notice, this
+//   list of conditions and the following disclaimer.
+//
+// * Redistributions in binary form must reproduce the above copyright notice,
+//   this list of conditions and the following disclaimer in the documentation
+//   and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+//go:build ignore_build_go
+// +build ignore_build_go
 
 package main
 
@@ -6,147 +44,46 @@ import (
 	"fmt"
 	"io"
 	"io/ioutil"
-	"log"
 	"os"
 	"os/exec"
-	"path"
 	"path/filepath"
 	"runtime"
+	"strconv"
 	"strings"
 )
 
+// config contains the configuration for the program to build.
+var config = Config{
+	Name:       "rest-server",                                   // name of the program executable and directory
+	Namespace:  "github.com/restic/rest-server",                 // subdir of GOPATH, e.g. "github.com/foo/bar"
+	Main:       "github.com/restic/rest-server/cmd/rest-server", // package name for the main package
+	Tests:      []string{"./..."},                               // tests to run
+	MinVersion: GoVersion{Major: 1, Minor: 14, Patch: 0},        // minimum Go version supported
+}
+
+// Config configures the build.
+type Config struct {
+	Name             string
+	Namespace        string
+	Main             string
+	DefaultBuildTags []string
+	Tests            []string
+	MinVersion       GoVersion
+}
+
 var (
-	verbose    bool
-	keepGopath bool
-	runTests   bool
-	enableCGO  bool
+	verbose   bool
+	runTests  bool
+	enableCGO bool
+	enablePIE bool
+	goVersion = ParseGoVersion(runtime.Version())
 )
 
-var config = struct {
-	Name      string
-	Namespace string
-	Main      string
-	Tests     []string
-}{
-	Name:      "rest-server",                             // name of the program executable and directory
-	Namespace: "github.com/restic/rest-server",           // subdir of GOPATH, e.g. "github.com/foo/bar"
-	Main:      "github.com/restic/rest-server",           // package name for the main package
-	Tests:     []string{"github.com/restic/rest-server"}, // tests to run
-}
-
-// specialDir returns true if the file begins with a special character ('.' or '_').
-func specialDir(name string) bool {
-	if name == "." {
-		return false
-	}
-
-	base := filepath.Base(name)
-	if base[0] == '_' || base[0] == '.' {
-		return true
-	}
-
-	return false
-}
-
-// excludePath returns true if the file should not be copied to the new GOPATH.
-func excludePath(name string) bool {
-	ext := path.Ext(name)
-	if ext == ".go" || ext == ".s" || ext == ".h" {
-		return false
-	}
-
-	parentDir := filepath.Base(filepath.Dir(name))
-	if parentDir == "testdata" {
-		return false
-	}
-
-	return true
-}
-
-// updateGopath builds a valid GOPATH at dst, with all Go files in src/ copied to dst/prefix/, so calling
-//
-//   updateGopath("/tmp/gopath", "/home/u/rest-server", "github.com/restic/rest-server")
-//
-// with "/home/u/restic" containing the file "foo.go" yields the following tree at "/tmp/gopath":
-//
-//   /tmp/gopath
-//   └── src
-//       └── github.com
-//           └── restic
-//               └── rest-server
-//                   └── foo.go
-func updateGopath(dst, src, prefix string) error {
-	return filepath.Walk(src, func(name string, fi os.FileInfo, err error) error {
-		if specialDir(name) {
-			if fi.IsDir() {
-				return filepath.SkipDir
-			}
-
-			return nil
-		}
-
-		if fi.IsDir() {
-			return nil
-		}
-
-		if excludePath(name) {
-			return nil
-		}
-
-		intermediatePath, err := filepath.Rel(src, name)
-		if err != nil {
-			return err
-		}
-
-		fileSrc := filepath.Join(src, intermediatePath)
-		fileDst := filepath.Join(dst, "src", prefix, intermediatePath)
-
-		return copyFile(fileDst, fileSrc)
-	})
-}
-
-func directoryExists(dirname string) bool {
-	stat, err := os.Stat(dirname)
-	if err != nil && os.IsNotExist(err) {
-		return false
-	}
-
-	return stat.IsDir()
-}
-
-// copyFile creates dst from src, preserving file attributes and timestamps.
-func copyFile(dst, src string) error {
-	fi, err := os.Stat(src)
-	if err != nil {
-		return err
-	}
-
-	fsrc, err := os.Open(src)
-	if err != nil {
-		return err
-	}
-	defer fsrc.Close()
-
-	if err = os.MkdirAll(filepath.Dir(dst), 0755); err != nil {
-		fmt.Printf("MkdirAll(%v)\n", filepath.Dir(dst))
-		return err
-	}
-
-	fdst, err := os.Create(dst)
-	if err != nil {
-		return err
-	}
-	defer fdst.Close()
-
-	_, err = io.Copy(fdst, fsrc)
-	if err == nil {
-		err = os.Chmod(dst, fi.Mode())
-	}
-	if err == nil {
-		err = os.Chtimes(dst, fi.ModTime(), fi.ModTime())
-	}
-
-	return err
+// die prints the message with fmt.Fprintf() to stderr and exits with an error
+// code.
+func die(message string, args ...interface{}) {
+	fmt.Fprintf(os.Stderr, message, args...)
+	os.Exit(1)
 }
 
 func showUsage(output io.Writer) {
@@ -155,12 +92,13 @@ func showUsage(output io.Writer) {
 	fmt.Fprintf(output, "OPTIONS:\n")
 	fmt.Fprintf(output, "  -v     --verbose       output more messages\n")
 	fmt.Fprintf(output, "  -t     --tags          specify additional build tags\n")
-	fmt.Fprintf(output, "  -k     --keep-gopath   do not remove the GOPATH after build\n")
 	fmt.Fprintf(output, "  -T     --test          run tests\n")
 	fmt.Fprintf(output, "  -o     --output        set output file name\n")
 	fmt.Fprintf(output, "         --enable-cgo    use CGO to link against libc\n")
+	fmt.Fprintf(output, "         --enable-pie    use PIE buildmode\n")
 	fmt.Fprintf(output, "         --goos value    set GOOS for cross-compilation\n")
 	fmt.Fprintf(output, "         --goarch value  set GOARCH for cross-compilation\n")
+	fmt.Fprintf(output, "         --goarm value   set GOARM for cross-compilation\n")
 }
 
 func verbosePrintf(message string, args ...interface{}) {
@@ -171,53 +109,74 @@ func verbosePrintf(message string, args ...interface{}) {
 	fmt.Printf("build: "+message, args...)
 }
 
-// cleanEnv returns a clean environment with GOPATH and GOBIN removed (if present).
-func cleanEnv() (env []string) {
-	for _, v := range os.Environ() {
-		if strings.HasPrefix(v, "GOPATH=") || strings.HasPrefix(v, "GOBIN=") {
+// printEnv prints Go-relevant environment variables in a nice way using verbosePrintf.
+func printEnv(env []string) {
+	verbosePrintf("environment (GO*):\n")
+	for _, v := range env {
+		// ignore environment variables which do not start with GO*.
+		if !strings.HasPrefix(v, "GO") {
 			continue
 		}
-
-		env = append(env, v)
+		verbosePrintf("  %s\n", v)
 	}
-
-	return env
 }
 
 // build runs "go build args..." with GOPATH set to gopath.
-func build(cwd, goos, goarch, gopath string, args ...string) error {
-	a := []string{"build"}
-	a = append(a, "-asmflags", fmt.Sprintf("-trimpath=%s", gopath))
-	a = append(a, "-gcflags", fmt.Sprintf("-trimpath=%s", gopath))
+func build(cwd string, env map[string]string, args ...string) error {
+	// -trimpath removes all absolute paths from the binary.
+	a := []string{"build", "-trimpath"}
+
+	if enablePIE {
+		a = append(a, "-buildmode=pie")
+	}
+
 	a = append(a, args...)
 	cmd := exec.Command("go", a...)
-	cmd.Env = append(cleanEnv(), "GOPATH="+gopath, "GOARCH="+goarch, "GOOS="+goos)
+	cmd.Env = os.Environ()
+	for k, v := range env {
+		cmd.Env = append(cmd.Env, k+"="+v)
+	}
 	if !enableCGO {
 		cmd.Env = append(cmd.Env, "CGO_ENABLED=0")
 	}
 
+	printEnv(cmd.Env)
+
 	cmd.Dir = cwd
 	cmd.Stdout = os.Stdout
 	cmd.Stderr = os.Stderr
-	verbosePrintf("go %s\n", args)
+
+	verbosePrintf("chdir %q\n", cwd)
+	verbosePrintf("go %q\n", a)
 
 	return cmd.Run()
 }
 
 // test runs "go test args..." with GOPATH set to gopath.
-func test(cwd, gopath string, args ...string) error {
-	args = append([]string{"test"}, args...)
+func test(cwd string, env map[string]string, args ...string) error {
+	args = append([]string{"test", "-count", "1"}, args...)
 	cmd := exec.Command("go", args...)
-	cmd.Env = append(cleanEnv(), "GOPATH="+gopath)
+	cmd.Env = os.Environ()
+	for k, v := range env {
+		cmd.Env = append(cmd.Env, k+"="+v)
+	}
+	if !enableCGO {
+		cmd.Env = append(cmd.Env, "CGO_ENABLED=0")
+	}
 	cmd.Dir = cwd
 	cmd.Stdout = os.Stdout
 	cmd.Stderr = os.Stderr
-	verbosePrintf("go %s\n", args)
+
+	printEnv(cmd.Env)
+
+	verbosePrintf("chdir %q\n", cwd)
+	verbosePrintf("go %q\n", args)
 
 	return cmd.Run()
 }
 
-// getVersion returns the version string from the file VERSION in the current directory.
+// getVersion returns the version string from the file VERSION in the current
+// directory.
 func getVersionFromFile() string {
 	buf, err := ioutil.ReadFile("VERSION")
 	if err != nil {
@@ -228,8 +187,9 @@ func getVersionFromFile() string {
 	return strings.TrimSpace(string(buf))
 }
 
-// getVersion returns a version string which is a combination of the contents of the file VERSION in the current
-// directory and the version from git (if available).
+// getVersion returns a version string which is a combination of the contents
+// of the file VERSION in the current directory and the version from git (if
+// available).
 func getVersion() string {
 	versionFile := getVersionFromFile()
 	versionGit := getVersionFromGit()
@@ -247,7 +207,8 @@ func getVersion() string {
 	return fmt.Sprintf("%s (%s)", versionFile, versionGit)
 }
 
-// getVersionFromGit returns a version string that identifies the currently checked out git commit.
+// getVersionFromGit returns a version string that identifies the currently
+// checked out git commit.
 func getVersionFromGit() string {
 	cmd := exec.Command("git", "describe",
 		"--long", "--tags", "--dirty", "--always")
@@ -262,7 +223,8 @@ func getVersionFromGit() string {
 	return version
 }
 
-// Constants represents a set of constants that are set in the final binary to the given value via compiler flags.
+// Constants represents a set of constants that are set in the final binary to
+// the given value via compiler flags.
 type Constants map[string]string
 
 // LDFlags returns the string that can be passed to go build's `-ldflags`.
@@ -276,21 +238,106 @@ func (cs Constants) LDFlags() string {
 	return strings.Join(l, " ")
 }
 
-func main() {
-	log.SetFlags(0)
+// GoVersion is the version of Go used to compile the project.
+type GoVersion struct {
+	Major int
+	Minor int
+	Patch int
+}
 
-	ver := runtime.Version()
-	if strings.HasPrefix(ver, "go1") && ver < "go1.7" {
-		log.Fatalf("Go version %s detected, rest-server requires at least Go 1.7\n", ver)
+// ParseGoVersion parses the Go version s. If s cannot be parsed, the returned GoVersion is null.
+func ParseGoVersion(s string) (v GoVersion) {
+	if !strings.HasPrefix(s, "go") {
+		return
 	}
 
-	buildTags := []string{}
+	s = s[2:]
+	data := strings.Split(s, ".")
+	if len(data) < 2 || len(data) > 3 {
+		// invalid version
+		return GoVersion{}
+	}
+
+	var err error
+
+	v.Major, err = strconv.Atoi(data[0])
+	if err != nil {
+		return GoVersion{}
+	}
+
+	// try to parse the minor version while removing an eventual suffix (like
+	// "rc2" or so)
+	for s := data[1]; s != ""; s = s[:len(s)-1] {
+		v.Minor, err = strconv.Atoi(s)
+		if err == nil {
+			break
+		}
+	}
+
+	if v.Minor == 0 {
+		// no minor version found
+		return GoVersion{}
+	}
+
+	if len(data) >= 3 {
+		v.Patch, err = strconv.Atoi(data[2])
+		if err != nil {
+			return GoVersion{}
+		}
+	}
+
+	return
+}
+
+// AtLeast returns true if v is at least as new as other. If v is empty, true is returned.
+func (v GoVersion) AtLeast(other GoVersion) bool {
+	var empty GoVersion
+
+	// the empty version satisfies all versions
+	if v == empty {
+		return true
+	}
+
+	if v.Major < other.Major {
+		return false
+	}
+
+	if v.Minor < other.Minor {
+		return false
+	}
+
+	if v.Patch < other.Patch {
+		return false
+	}
+
+	return true
+}
+
+func (v GoVersion) String() string {
+	return fmt.Sprintf("Go %d.%d.%d", v.Major, v.Minor, v.Patch)
+}
+
+func main() {
+	if !goVersion.AtLeast(GoVersion{1, 12, 0}) {
+		die("Go version (%v) is too old, restic requires Go >= 1.12\n", goVersion)
+	}
+
+	if !goVersion.AtLeast(config.MinVersion) {
+		fmt.Fprintf(os.Stderr, "%s detected, this program requires at least %s\n", goVersion, config.MinVersion)
+		os.Exit(1)
+	}
+
+	buildTags := config.DefaultBuildTags
 
 	skipNext := false
 	params := os.Args[1:]
 
-	targetGOOS := runtime.GOOS
-	targetGOARCH := runtime.GOARCH
+	env := map[string]string{
+		"GO111MODULE": "on", // make sure we build in Module mode
+		"GOOS":        runtime.GOOS,
+		"GOARCH":      runtime.GOARCH,
+		"GOARM":       "",
+	}
 
 	var outputFilename string
 
@@ -303,14 +350,12 @@ func main() {
 		switch arg {
 		case "-v", "--verbose":
 			verbose = true
-		case "-k", "--keep-gopath":
-			keepGopath = true
 		case "-t", "-tags", "--tags":
 			if i+1 >= len(params) {
-				log.Fatal("-t given but no tag specified")
+				die("-t given but no tag specified")
 			}
 			skipNext = true
-			buildTags = strings.Split(params[i+1], " ")
+			buildTags = append(buildTags, strings.Split(params[i+1], " ")...)
 		case "-o", "--output":
 			skipNext = true
 			outputFilename = params[i+1]
@@ -318,104 +363,103 @@ func main() {
 			runTests = true
 		case "--enable-cgo":
 			enableCGO = true
+		case "--enable-pie":
+			enablePIE = true
 		case "--goos":
 			skipNext = true
-			targetGOOS = params[i+1]
+			env["GOOS"] = params[i+1]
 		case "--goarch":
 			skipNext = true
-			targetGOARCH = params[i+1]
+			env["GOARCH"] = params[i+1]
+		case "--goarm":
+			skipNext = true
+			env["GOARM"] = params[i+1]
 		case "-h":
 			showUsage(os.Stdout)
 			return
 		default:
-			log.Printf("Error: unknown option %q\n\n", arg)
+			fmt.Fprintf(os.Stderr, "Error: unknown option %q\n\n", arg)
 			showUsage(os.Stderr)
 			os.Exit(1)
 		}
 	}
 
-	if len(buildTags) == 0 {
-		verbosePrintf("adding build-tag release\n")
-		buildTags = []string{"release"}
-	}
+	verbosePrintf("detected Go version %v\n", goVersion)
 
+	preserveSymbols := false
 	for i := range buildTags {
 		buildTags[i] = strings.TrimSpace(buildTags[i])
+		if buildTags[i] == "debug" || buildTags[i] == "profile" {
+			preserveSymbols = true
+		}
 	}
 
 	verbosePrintf("build tags: %s\n", buildTags)
 
 	root, err := os.Getwd()
 	if err != nil {
-		log.Fatalf("Getwd(): %v\n", err)
+		die("Getwd(): %v\n", err)
 	}
 
-	gopath, err := ioutil.TempDir("", fmt.Sprintf("%v-build-", config.Name))
-	if err != nil {
-		log.Fatalf("TempDir(): %v\n", err)
-	}
-
-	verbosePrintf("create GOPATH at %v\n", gopath)
-	if err = updateGopath(gopath, root, config.Namespace); err != nil {
-		log.Fatalf("copying files from %v/src to %v/src failed: %v\n", root, gopath, err)
-	}
-
-	vendor := filepath.Join(root, "vendor")
-	if directoryExists(vendor) {
-		if err = updateGopath(gopath, vendor, ""); err != nil {
-			log.Fatalf("copying files from %v to %v failed: %v\n", root, gopath, err)
-		}
-	}
-
-	defer func() {
-		if !keepGopath {
-			verbosePrintf("remove %v\n", gopath)
-			if err = os.RemoveAll(gopath); err != nil {
-				log.Fatalf("remove GOPATH at %s failed: %v\n", gopath, err)
-			}
-		} else {
-			verbosePrintf("leaving temporary GOPATH at %v\n", gopath)
-		}
-	}()
-
 	if outputFilename == "" {
 		outputFilename = config.Name
-		if targetGOOS == "windows" {
+		if env["GOOS"] == "windows" {
 			outputFilename += ".exe"
 		}
 	}
 
-	cwd, err := os.Getwd()
-	if err != nil {
-		log.Fatalf("Getwd() returned %v\n", err)
+	output := outputFilename
+	if !filepath.IsAbs(output) {
+		output = filepath.Join(root, output)
 	}
-	output := filepath.Join(cwd, outputFilename)
 
 	version := getVersion()
 	constants := Constants{}
 	if version != "" {
 		constants["main.version"] = version
 	}
-	ldflags := "-s -w " + constants.LDFlags()
+	ldflags := constants.LDFlags()
+	if !preserveSymbols {
+		// Strip debug symbols.
+		ldflags = "-s -w " + ldflags
+	}
 	verbosePrintf("ldflags: %s\n", ldflags)
 
-	args := []string{
-		"-tags", strings.Join(buildTags, " "),
-		"-ldflags", ldflags,
-		"-o", output, config.Main,
+	var (
+		buildArgs []string
+		testArgs  []string
+	)
+
+	mainPackage := config.Main
+	if strings.HasPrefix(mainPackage, config.Namespace) {
+		mainPackage = strings.Replace(mainPackage, config.Namespace, "./", 1)
 	}
 
-	err = build(filepath.Join(gopath, "src"), targetGOOS, targetGOARCH, gopath, args...)
+	buildTarget := filepath.FromSlash(mainPackage)
+	buildCWD, err := os.Getwd()
 	if err != nil {
-		log.Fatalf("build failed: %v\n", err)
+		die("unable to determine current working directory: %v\n", err)
+	}
+
+	buildArgs = append(buildArgs,
+		"-tags", strings.Join(buildTags, " "),
+		"-ldflags", ldflags,
+		"-o", output, buildTarget,
+	)
+
+	err = build(buildCWD, env, buildArgs...)
+	if err != nil {
+		die("build failed: %v\n", err)
 	}
 
 	if runTests {
 		verbosePrintf("running tests\n")
 
-		err = test(cwd, gopath, config.Tests...)
+		testArgs = append(testArgs, config.Tests...)
+
+		err = test(buildCWD, env, testArgs...)
 		if err != nil {
-			log.Fatalf("running tests failed: %v\n", err)
+			die("running tests failed: %v\n", err)
 		}
 	}
 }

changelog/0.10.0_2020-09-13/issue-102

@@ -0,0 +1,14 @@
+Change: Remove vendored dependencies
+
+We've removed the vendored dependencies (in the subdir `vendor/`) similar to
+what we did for `restic` itself. When building restic, the Go compiler
+automatically fetches the dependencies. It will also cryptographically verify
+that the correct code has been fetched by using the hashes in `go.sum` (see the
+link to the documentation below).
+
+Building the rest-server now requires Go 1.11 or newer, since we're using Go
+Modules for dependency management. Older Go versions are not supported any more.
+
+https://github.com/restic/rest-server/issues/102
+https://golang.org/cmd/go/#hdr-Module_downloading_and_verification
+

changelog/0.10.0_2020-09-13/issue-117

@@ -0,0 +1,19 @@
+Security: Stricter path sanitization
+
+The framework we're using in rest-server to decode paths to repositories
+allowed specifying URL-encoded characters in paths, including sensitive
+characters such as `/` (encoded as `%2F`).
+
+We've changed this unintended behavior, such that rest-server now rejects
+such paths. In particular, it is no longer possible to specify sub-repositories
+for users by encoding the path with `%2F`, such as `http://localhost:8000/foo%2Fbar`,
+which means that this will unfortunately be a breaking change in that case.
+
+If using sub-repositories for users is important to you, please let us know in
+the forum, so we can learn about your use case and implement this properly. As
+it currently stands, the ability to use sub-repositories was an unintentional
+feature made possible by the URL decoding framework used, and hence never meant
+to be supported in the first place. If we wish to have this feature in
+rest-server, we'd like to have it implemented properly and intentionally.
+
+https://github.com/restic/rest-server/issues/117

changelog/0.10.0_2020-09-13/issue-44

@@ -0,0 +1,4 @@
+Enhancement: Add changelog file
+
+https://github.com/restic/rest-server/issues/44
+https://github.com/restic/rest-server/pull/62

changelog/0.10.0_2020-09-13/issue-60

@@ -0,0 +1,8 @@
+Security: Require auth by default, add --no-auth flag
+
+In order to prevent users from accidentally exposing rest-server without
+authentication, rest-server now defaults to requiring a .htpasswd. If you want
+to disable authentication, you need to explicitly pass the new --no-auth flag.
+
+https://github.com/restic/rest-server/issues/60
+https://github.com/restic/rest-server/pull/61

changelog/0.10.0_2020-09-13/pull-64

@@ -0,0 +1,8 @@
+Security: Refuse overwriting config file in append-only mode
+
+While working on the `rclone serve restic` command we noticed that is currently
+possible to overwrite the config file in a repo even if `--append-only` is
+specified. The first commit adds proper tests, and the second commit fixes the
+issue.
+
+https://github.com/restic/rest-server/pull/64

changelog/0.11.0_2022-02-10/issue-119

@@ -0,0 +1,9 @@
+Bugfix: Fix Docker configuration for `DISABLE_AUTHENTICATION`
+
+rest-server 0.10.0 introduced a regression which caused the
+`DISABLE_AUTHENTICATION` environment variable to stop working for the Docker
+container. This has been fixed by automatically setting the option `--no-auth`
+to disable authentication.
+
+https://github.com/restic/rest-server/issues/119
+https://github.com/restic/rest-server/pull/124

changelog/0.11.0_2022-02-10/issue-122

@@ -0,0 +1,9 @@
+Enhancement: Verify uploaded files
+
+The rest-server now by default verifies that the hash of content of uploaded
+files matches their filename. This ensures that transmission errors are
+detected and forces restic to retry the upload. On low-power devices it can
+make sense to disable this check by passing the `--no-verify-upload` flag.
+
+https://github.com/restic/rest-server/issues/122
+https://github.com/restic/rest-server/pull/130

changelog/0.11.0_2022-02-10/issue-126

@@ -0,0 +1,7 @@
+Enhancement: Allow running rest-server via systemd socket activation
+
+We've added the option to have systemd create the listening socket and start the rest-server on demand.
+
+https://github.com/restic/rest-server/issues/126
+https://github.com/restic/rest-server/pull/151
+https://github.com/restic/rest-server/pull/127

changelog/0.11.0_2022-02-10/issue-131

@@ -0,0 +1,16 @@
+Security: Prevent loading of usernames containing a slash
+
+"/" is valid char in HTTP authorization headers, but is also used in
+rest-server to map usernames to private repos.
+
+This commit prevents loading maliciously composed usernames like
+"/foo/config" by restricting the allowed characters to the unicode
+character class, numbers, "-", "." and "@".
+
+This prevents requests to other users files like:
+
+curl -v  -X DELETE -u foo/config:attack  http://localhost:8000/foo/config
+
+https://github.com/restic/rest-server/issues/131
+https://github.com/restic/rest-server/pull/132
+https://github.com/restic/rest-server/pull/137

changelog/0.11.0_2022-02-10/issue-146

@@ -0,0 +1,9 @@
+Change: Build rest-server at docker container build time
+
+The Dockerfile now includes a build stage such that the latest rest-server is
+always built and packaged. This is done in a standard golang container to
+ensure a clean build environment and only the final binary is shipped rather
+than the whole build environment.
+
+https://github.com/restic/rest-server/issues/146
+https://github.com/restic/rest-server/pull/145

changelog/0.11.0_2022-02-10/issue-148

@@ -0,0 +1,8 @@
+Enhancement: Expand use of security features in example systemd unit file
+
+The example systemd unit file now enables additional systemd features to
+mitigate potential security vulnerabilities in rest-server and the various
+packages and operating system components which it relies upon.
+
+https://github.com/restic/rest-server/issues/148
+https://github.com/restic/rest-server/pull/149

changelog/0.11.0_2022-02-10/pull-112

@@ -0,0 +1,20 @@
+Change: Add subrepo support and refactor server code
+
+Support for multi-level repositories has been added, so now each user can have
+its own subrepositories. This feature is always enabled.
+
+Authentication for the Prometheus /metrics endpoint can now be disabled with the
+new `--prometheus-no-auth` flag.
+
+We have split out all HTTP handling to a separate `repo` subpackage to cleanly
+separate the server code from the code that handles a single repository. The new
+RepoHandler also makes it easier to reuse rest-server as a Go component in
+any other HTTP server.
+
+The refactoring makes the code significantly easier to follow and understand,
+which in turn makes it easier to add new features, audit for security and debug
+issues.
+
+https://github.com/restic/restic/pull/112
+https://github.com/restic/restic/issues/109
+https://github.com/restic/restic/issues/107

changelog/0.11.0_2022-02-10/pull-142

@@ -0,0 +1,16 @@
+Bugfix: Fix possible data loss due to interrupted network connections
+
+When rest-server was run without `--append-only` it was possible to lose uploaded
+files in a specific scenario in which a network connection was interrupted.
+
+For the data loss to occur a file upload by restic would have to be interrupted
+such that restic notices the interrupted network connection before the
+rest-server. Then restic would have to retry the file upload and finish it
+before the rest-server notices that the initial upload has failed. Then the
+uploaded file would be accidentally removed by rest-server when trying to
+cleanup the failed upload.
+
+This has been fixed by always uploading to a temporary file first which is moved
+in position only once it was uploaded completely.
+
+https://github.com/restic/rest-server/pull/142

changelog/0.11.0_2022-02-10/pull-158

@@ -0,0 +1,8 @@
+Bugfix: Use platform-specific temporary directory as default data directory
+
+If no data directory is specificed, then rest-server now uses the Go standard
+library functions to retrieve the standard temporary directory path for the
+current platform.
+
+https://github.com/restic/rest-server/issues/157
+https://github.com/restic/rest-server/pull/158

changelog/0.11.0_2022-02-10/pull-160

@@ -0,0 +1,13 @@
+Bugfix: Reply "insufficient storage" on disk full or over-quota
+
+When there was no space left on disk, or any other write-related error
+occurred, rest-server replied with HTTP status code 400 (Bad request).
+This is misleading (restic client will dump the status code to the user).
+
+rest-server now replies with two different status codes in these situations:
+* HTTP 507 "Insufficient storage" is the status on disk full or repository
+  over-quota
+* HTTP 500 "Internal server error" is used for other disk-related errors
+
+https://github.com/restic/rest-server/issues/155
+https://github.com/restic/rest-server/pull/160

changelog/CHANGELOG-GitHub.tmpl

@@ -0,0 +1,31 @@
+{{- range $changes := . }}{{ with $changes -}}
+Changelog for rest-server {{ .Version }} ({{ .Date }})
+=========================================
+
+The following sections list the changes in rest-server {{ .Version }} relevant to users. The changes are ordered by importance.
+
+Summary
+-------
+{{ range $entry := .Entries }}{{ with $entry }}
+ * {{ .TypeShort }} [#{{ .PrimaryID }}]({{ .PrimaryURL }}): {{ .Title }}
+{{- end }}{{ end }}
+
+Details
+-------
+{{ range $entry := .Entries }}{{ with $entry }}
+ * {{ .Type }} #{{ .PrimaryID }}: {{ .Title }}
+{{ range $par := .Paragraphs }}
+   {{ $par }}
+{{ end }}
+   {{ range $id := .Issues -}}
+{{ ` ` }}[#{{ $id }}](https://github.com/restic/rest-server/issues/{{ $id -}})
+{{- end -}}
+{{ range $id := .PRs -}}
+{{ ` ` }}[#{{ $id }}](https://github.com/restic/rest-server/pull/{{ $id -}})
+{{- end -}}
+{{ ` ` }}{{ range $url := .OtherURLs -}}
+{{ $url -}}
+{{- end }}
+{{ end }}{{ end }}
+
+{{ end }}{{ end -}}

changelog/CHANGELOG.tmpl

@@ -0,0 +1,32 @@
+{{- range $changes := . }}{{ with $changes -}}
+Changelog for rest-server {{ .Version }} ({{ .Date }})
+============================================
+
+The following sections list the changes in rest-server {{ .Version }} relevant
+to users. The changes are ordered by importance.
+
+Summary
+-------
+{{ range $entry := .Entries }}{{ with $entry }}
+ * {{ .TypeShort }} #{{ .PrimaryID }}: {{ .Title }}
+{{- end }}{{ end }}
+
+Details
+-------
+{{ range $entry := .Entries }}{{ with $entry }}
+ * {{ .Type }} #{{ .PrimaryID }}: {{ .Title }}
+{{ range $par := .Paragraphs }}
+   {{ wrapIndent $par 80 3 }}
+{{ end -}}
+{{ range $id := .Issues }}
+   https://github.com/restic/rest-server/issues/{{ $id -}}
+{{ end -}}
+{{ range $id := .PRs }}
+   https://github.com/restic/rest-server/pull/{{ $id -}}
+{{ end -}}
+{{ range $url := .OtherURLs }}
+   {{ $url -}}
+{{ end }}
+{{ end }}{{ end }}
+
+{{ end }}{{ end -}}

changelog/TEMPLATE

@@ -0,0 +1,12 @@
+Bugfix: Fix behavior for foobar (in present tense)
+
+We've fixed the behavior for foobar, a long-standing annoyance for rest-server
+users.
+
+The text in the paragraphs is written in past tense. The last section is a list
+of issue URLs, PR URLs and other URLs. The first issue ID (or the first PR ID,
+in case there aren't any issue links) is used as the primary ID.
+
+https://github.com/restic/restic/issues/1234
+https://github.com/restic/restic/pull/55555
+https://forum.restic/.net/foo/bar/baz

cmd/rest-server/listener_unix.go

@@ -0,0 +1,45 @@
+// +build !windows
+
+package main
+
+import (
+	"fmt"
+	"log"
+	"net"
+
+	"github.com/coreos/go-systemd/activation"
+)
+
+// findListener tries to find a listener via systemd socket activation. If that
+// fails, it tries to create a listener on addr.
+func findListener(addr string) (listener net.Listener, err error) {
+	// try systemd socket activation
+	listeners, err := activation.Listeners()
+	if err != nil {
+		panic(err)
+	}
+
+	switch len(listeners) {
+	case 0:
+		// no listeners found, listen manually
+		listener, err = net.Listen("tcp", addr)
+		if err != nil {
+			return nil, fmt.Errorf("listen on %v failed: %w", addr, err)
+		}
+
+		log.Printf("start server on %v", addr)
+		return listener, nil
+
+	case 1:
+		// one listener supplied by systemd, use that one
+		//
+		// for testing, run rest-server with systemd-socket-activate as follows:
+		//
+		//    systemd-socket-activate -l 8080 ./rest-server
+		log.Printf("systemd socket activation mode")
+		return listeners[0], nil
+
+	default:
+		return nil, fmt.Errorf("got %d listeners from systemd, expected one", len(listeners))
+	}
+}

cmd/rest-server/listener_windows.go

@@ -0,0 +1,19 @@
+package main
+
+import (
+	"fmt"
+	"log"
+	"net"
+)
+
+// findListener creates a listener.
+func findListener(addr string) (listener net.Listener, err error) {
+	// listen manually
+	listener, err = net.Listen("tcp", addr)
+	if err != nil {
+		return nil, fmt.Errorf("listen on %v failed: %w", addr, err)
+	}
+
+	log.Printf("start server on %v", addr)
+	return listener, nil
+}

cmd/rest-server/main.go

@@ -0,0 +1,152 @@
+package main
+
+import (
+	"errors"
+	"fmt"
+	"log"
+	"net/http"
+	"os"
+	"os/signal"
+	"path/filepath"
+	"runtime"
+	"runtime/pprof"
+	"syscall"
+
+	restserver "github.com/restic/rest-server"
+	"github.com/spf13/cobra"
+)
+
+// cmdRoot is the base command when no other command has been specified.
+var cmdRoot = &cobra.Command{
+	Use:           "rest-server",
+	Short:         "Run a REST server for use with restic",
+	SilenceErrors: true,
+	SilenceUsage:  true,
+	RunE:          runRoot,
+	Version:       fmt.Sprintf("rest-server %s compiled with %v on %v/%v\n", version, runtime.Version(), runtime.GOOS, runtime.GOARCH),
+}
+
+var server = restserver.Server{
+	Path:   filepath.Join(os.TempDir(), "restic"),
+	Listen: ":8000",
+}
+
+var (
+	cpuProfile string
+)
+
+func init() {
+	flags := cmdRoot.Flags()
+	flags.StringVar(&cpuProfile, "cpu-profile", cpuProfile, "write CPU profile to file")
+	flags.BoolVar(&server.Debug, "debug", server.Debug, "output debug messages")
+	flags.StringVar(&server.Listen, "listen", server.Listen, "listen address")
+	flags.StringVar(&server.Log, "log", server.Log, "log HTTP requests in the combined log format")
+	flags.Int64Var(&server.MaxRepoSize, "max-size", server.MaxRepoSize, "the maximum size of the repository in bytes")
+	flags.StringVar(&server.Path, "path", server.Path, "data directory")
+	flags.BoolVar(&server.TLS, "tls", server.TLS, "turn on TLS support")
+	flags.StringVar(&server.TLSCert, "tls-cert", server.TLSCert, "TLS certificate path")
+	flags.StringVar(&server.TLSKey, "tls-key", server.TLSKey, "TLS key path")
+	flags.BoolVar(&server.NoAuth, "no-auth", server.NoAuth, "disable .htpasswd authentication")
+	flags.BoolVar(&server.NoVerifyUpload, "no-verify-upload", server.NoVerifyUpload,
+		"do not verify the integrity of uploaded data. DO NOT enable unless the rest-server runs on a very low-power device")
+	flags.BoolVar(&server.AppendOnly, "append-only", server.AppendOnly, "enable append only mode")
+	flags.BoolVar(&server.PrivateRepos, "private-repos", server.PrivateRepos, "users can only access their private repo")
+	flags.BoolVar(&server.Prometheus, "prometheus", server.Prometheus, "enable Prometheus metrics")
+	flags.BoolVar(&server.PrometheusNoAuth, "prometheus-no-auth", server.PrometheusNoAuth, "disable auth for Prometheus /metrics endpoint")
+}
+
+var version = "0.11.0"
+
+func tlsSettings() (bool, string, string, error) {
+	var key, cert string
+	if !server.TLS && (server.TLSKey != "" || server.TLSCert != "") {
+		return false, "", "", errors.New("requires enabled TLS")
+	} else if !server.TLS {
+		return false, "", "", nil
+	}
+	if server.TLSKey != "" {
+		key = server.TLSKey
+	} else {
+		key = filepath.Join(server.Path, "private_key")
+	}
+	if server.TLSCert != "" {
+		cert = server.TLSCert
+	} else {
+		cert = filepath.Join(server.Path, "public_key")
+	}
+	return server.TLS, key, cert, nil
+}
+
+func runRoot(cmd *cobra.Command, args []string) error {
+	log.SetFlags(0)
+
+	log.Printf("Data directory: %s", server.Path)
+
+	if cpuProfile != "" {
+		f, err := os.Create(cpuProfile)
+		if err != nil {
+			return err
+		}
+		if err := pprof.StartCPUProfile(f); err != nil {
+			return err
+		}
+		log.Println("CPU profiling enabled")
+
+		// clean profiling shutdown on sigint
+		sigintCh := make(chan os.Signal, 1)
+		go func() {
+			for range sigintCh {
+				pprof.StopCPUProfile()
+				log.Println("Stopped CPU profiling")
+				err := f.Close()
+				if err != nil {
+					log.Printf("error closing CPU profile file: %v", err)
+				}
+				os.Exit(130)
+			}
+		}()
+		signal.Notify(sigintCh, syscall.SIGINT)
+	}
+
+	if server.NoAuth {
+		log.Println("Authentication disabled")
+	} else {
+		log.Println("Authentication enabled")
+	}
+
+	handler, err := restserver.NewHandler(&server)
+	if err != nil {
+		log.Fatalf("error: %v", err)
+	}
+
+	if server.PrivateRepos {
+		log.Println("Private repositories enabled")
+	} else {
+		log.Println("Private repositories disabled")
+	}
+
+	enabledTLS, privateKey, publicKey, err := tlsSettings()
+	if err != nil {
+		return err
+	}
+
+	listener, err := findListener(server.Listen)
+	if err != nil {
+		return fmt.Errorf("unable to listen: %w", err)
+	}
+
+	if !enabledTLS {
+		err = http.Serve(listener, handler)
+	} else {
+		log.Printf("TLS enabled, private key %s, pubkey %v", privateKey, publicKey)
+		err = http.ServeTLS(listener, handler, publicKey, privateKey)
+	}
+
+	return err
+}
+
+func main() {
+	if err := cmdRoot.Execute(); err != nil {
+		log.Fatalf("error: %v", err)
+	}
+}

cmd/rest-server/main_test.go

@@ -0,0 +1,121 @@
+package main
+
+import (
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"testing"
+
+	restserver "github.com/restic/rest-server"
+)
+
+func TestTLSSettings(t *testing.T) {
+	type expected struct {
+		TLSKey  string
+		TLSCert string
+		Error   bool
+	}
+	type passed struct {
+		Path    string
+		TLS     bool
+		TLSKey  string
+		TLSCert string
+	}
+
+	var tests = []struct {
+		passed   passed
+		expected expected
+	}{
+		{passed{TLS: false}, expected{"", "", false}},
+		{passed{TLS: true}, expected{"/tmp/restic/private_key", "/tmp/restic/public_key", false}},
+		{passed{Path: "/tmp", TLS: true}, expected{"/tmp/private_key", "/tmp/public_key", false}},
+		{passed{Path: "/tmp", TLS: true, TLSKey: "/etc/restic/key", TLSCert: "/etc/restic/cert"}, expected{"/etc/restic/key", "/etc/restic/cert", false}},
+		{passed{Path: "/tmp", TLS: false, TLSKey: "/etc/restic/key", TLSCert: "/etc/restic/cert"}, expected{"", "", true}},
+		{passed{Path: "/tmp", TLS: false, TLSKey: "/etc/restic/key"}, expected{"", "", true}},
+		{passed{Path: "/tmp", TLS: false, TLSCert: "/etc/restic/cert"}, expected{"", "", true}},
+	}
+
+	for _, test := range tests {
+
+		t.Run("", func(t *testing.T) {
+			// defer func() { restserver.Server = defaultConfig }()
+			if test.passed.Path != "" {
+				server.Path = test.passed.Path
+			}
+			server.TLS = test.passed.TLS
+			server.TLSKey = test.passed.TLSKey
+			server.TLSCert = test.passed.TLSCert
+
+			gotTLS, gotKey, gotCert, err := tlsSettings()
+			if err != nil && !test.expected.Error {
+				t.Fatalf("tls_settings returned err (%v)", err)
+			}
+			if test.expected.Error {
+				if err == nil {
+					t.Fatalf("Error not returned properly (%v)", test)
+				} else {
+					return
+				}
+			}
+			if gotTLS != test.passed.TLS {
+				t.Errorf("TLS enabled, want (%v), got (%v)", test.passed.TLS, gotTLS)
+			}
+			wantKey := test.expected.TLSKey
+			if gotKey != wantKey {
+				t.Errorf("wrong TLSPrivPath path, want (%v), got (%v)", wantKey, gotKey)
+			}
+
+			wantCert := test.expected.TLSCert
+			if gotCert != wantCert {
+				t.Errorf("wrong TLSCertPath path, want (%v), got (%v)", wantCert, gotCert)
+			}
+
+		})
+	}
+}
+
+func TestGetHandler(t *testing.T) {
+	dir, err := ioutil.TempDir("", "rest-server-test")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		err := os.Remove(dir)
+		if err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	getHandler := restserver.NewHandler
+
+	// With NoAuth = false and no .htpasswd
+	_, err = getHandler(&restserver.Server{Path: dir})
+	if err == nil {
+		t.Errorf("NoAuth=false: expected error, got nil")
+	}
+
+	// With NoAuth = true and no .htpasswd
+	_, err = getHandler(&restserver.Server{NoAuth: true, Path: dir})
+	if err != nil {
+		t.Errorf("NoAuth=true: expected no error, got %v", err)
+	}
+
+	// Create .htpasswd
+	htpasswd := filepath.Join(dir, ".htpasswd")
+	err = ioutil.WriteFile(htpasswd, []byte(""), 0644)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		err := os.Remove(htpasswd)
+		if err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	// With NoAuth = false and with .htpasswd
+	_, err = getHandler(&restserver.Server{Path: dir})
+	if err != nil {
+		t.Errorf("NoAuth=false with .htpasswd: expected no error, got %v", err)
+	}
+}

docker/create_user

@@ -0,0 +1,16 @@
+#!/bin/sh
+
+if [ -z "$1" ]; then
+    echo "create_user [username]"
+    echo "or"
+    echo "create_user [username] [password]"
+    exit 1
+fi
+
+if [ -z "$2" ]; then
+    # password from prompt
+    htpasswd -B $PASSWORD_FILE $1
+else
+    # read password from command line
+    htpasswd -B -b $PASSWORD_FILE $1 $2
+fi

docker/delete_user

@@ -0,0 +1,8 @@
+#!/bin/sh
+
+if [ -z "$1" ]; then
+    echo "delete_user [username]"
+    exit 1
+fi
+
+htpasswd -D $PASSWORD_FILE $1

docker/entrypoint.sh

@@ -0,0 +1,19 @@
+#!/bin/sh
+
+set -e
+
+if [ -n "$DISABLE_AUTHENTICATION" ]; then
+    OPTIONS="--no-auth $OPTIONS"
+else
+    if [ ! -f "$PASSWORD_FILE" ]; then
+        touch "$PASSWORD_FILE"
+    fi
+
+    if [ ! -s "$PASSWORD_FILE" ]; then
+        echo
+        echo "**WARNING** No user exists, please 'docker exec -it \$CONTAINER_ID create_user'"
+        echo
+    fi
+fi
+
+exec rest-server --path "$DATA_DIRECTORY" $OPTIONS

etc/rest-server.service

@@ -1,16 +0,0 @@
-[Unit]
-Description=Rest Server
-After=syslog.target
-After=network.target
-
-[Service]
-Type=simple
-User=www-data
-Group=www-data
-ExecStart=/usr/local/bin/rest-server --path /tmp/restic
-Restart=always
-RestartSec=5
-StartLimitInterval=0
-
-[Install]
-WantedBy=multi-user.target

examples/bsd/freebsd

@@ -0,0 +1,26 @@
+#!/bin/sh
+
+. /etc/rc.subr
+
+name=restserver
+rcvar=restserver_enable
+
+start_cmd="${name}_start"
+stop_cmd=":"
+
+load_rc_config $name
+: ${restserver_enable:=no}
+: ${restserver_msg="Nothing started."}
+
+datadir="/backups"
+
+restserver_start()
+{
+	rest-server --path $datadir				\
+		--private-repos					\
+		--tls						\
+		--tls-cert "/etc/ssl/rest-server.crt"		\
+		--tls-key "/etc/ssl/private/rest-server.key"	&
+}
+
+run_rc_command "$1"

examples/bsd/openbsd

@@ -0,0 +1,14 @@
+#!/bin/ksh
+#
+# $OpenBSD: $
+
+daemon="/usr/local/bin/rest-server"
+daemon_flags="--path /var/restic"
+daemon_user="_restic"
+
+. /etc/rc.d/rc.subr
+
+rc_bg=YES
+rc_reload=NO
+
+rc_cmd $1

examples/compose-with-grafana/README.md

@@ -0,0 +1,35 @@
+# Rest Server Grafana Dashboard
+
+This is a demo [Docker Compose](https://docs.docker.com/compose/) setup for [Rest Server](https://github.com/restic/rest-server) with [Prometheus](https://prometheus.io/) and [Grafana](https://grafana.com/).
+
+![Grafana dashboard screenshot](screenshot.png)
+
+## Quickstart
+
+Build `rest-server` in Docker:
+
+    cd ../..
+    make docker_build
+    cd -
+
+Bring up the Docker Compose stack:
+
+    docker-compose build
+    docker-compose up -d
+
+Check if everything is up and running:
+
+    docker-compose ps
+
+Grafana will be running on [http://localhost:8030/](http://localhost:8030/) with username "admin" and password "admin".  The first time you access it you will be asked to setup a data source. Configure it like this (make sure you name it "prometheus", as this is hardcoded in the example dashboard):
+
+![Add data source](datasource.png)
+
+The Rest Server dashboard can be accessed on [http://localhost:8030/dashboard/file/rest-server.json](http://localhost:8030/dashboard/file/rest-server.json).
+
+Prometheus can be accessed on [http://localhost:8020/](http://localhost:8020/).
+
+If you do a backup like this, some graphs should show up:
+
+    restic -r rest:http://127.0.0.1:8010/demo1 -p ./demo-passwd init
+    restic -r rest:http://127.0.0.1:8010/demo1 -p ./demo-passwd backup .

examples/compose-with-grafana/dashboards/rest-server.json

@@ -0,0 +1,627 @@
+{
+  "__requires": [
+    {
+      "type": "grafana",
+      "id": "grafana",
+      "name": "Grafana",
+      "version": "4.6.0"
+    },
+    {
+      "type": "panel",
+      "id": "graph",
+      "name": "Graph",
+      "version": ""
+    },
+    {
+      "type": "datasource",
+      "id": "prometheus",
+      "name": "Prometheus",
+      "version": "1.0.0"
+    }
+  ],
+  "annotations": {
+    "list": [
+      {
+        "builtIn": 1,
+        "datasource": "-- Grafana --",
+        "enable": true,
+        "hide": true,
+        "iconColor": "rgba(0, 211, 255, 1)",
+        "name": "Annotations & Alerts",
+        "type": "dashboard"
+      }
+    ]
+  },
+  "editable": true,
+  "gnetId": null,
+  "graphTooltip": 0,
+  "hideControls": false,
+  "id": null,
+  "links": [],
+  "refresh": "10s",
+  "rows": [
+    {
+      "collapse": false,
+      "height": 244,
+      "panels": [
+        {
+          "aliasColors": {},
+          "bars": false,
+          "dashLength": 10,
+          "dashes": false,
+          "datasource": "prometheus",
+          "fill": 1,
+          "id": 1,
+          "legend": {
+            "avg": false,
+            "current": false,
+            "max": false,
+            "min": false,
+            "show": true,
+            "total": false,
+            "values": false
+          },
+          "lines": true,
+          "linewidth": 1,
+          "links": [],
+          "nullPointMode": "null",
+          "percentage": false,
+          "pointradius": 5,
+          "points": false,
+          "renderer": "flot",
+          "seriesOverrides": [],
+          "spaceLength": 10,
+          "span": 6,
+          "stack": false,
+          "steppedLine": false,
+          "targets": [
+            {
+              "expr": "sum(rate(rest_server_blob_write_bytes_total{instance=\"$instance\"}[15s])) by ($group)",
+              "format": "time_series",
+              "interval": "",
+              "intervalFactor": 1,
+              "legendFormat": "{{$group}}",
+              "refId": "A"
+            }
+          ],
+          "thresholds": [],
+          "timeFrom": null,
+          "timeShift": null,
+          "title": "Blob Write Throughput by $group",
+          "tooltip": {
+            "shared": true,
+            "sort": 0,
+            "value_type": "individual"
+          },
+          "type": "graph",
+          "xaxis": {
+            "buckets": null,
+            "mode": "time",
+            "name": null,
+            "show": true,
+            "values": []
+          },
+          "yaxes": [
+            {
+              "format": "Bps",
+              "label": null,
+              "logBase": 1,
+              "max": null,
+              "min": "0",
+              "show": true
+            },
+            {
+              "format": "short",
+              "label": null,
+              "logBase": 1,
+              "max": null,
+              "min": null,
+              "show": true
+            }
+          ]
+        },
+        {
+          "aliasColors": {},
+          "bars": false,
+          "dashLength": 10,
+          "dashes": false,
+          "datasource": "prometheus",
+          "fill": 1,
+          "id": 4,
+          "legend": {
+            "avg": false,
+            "current": false,
+            "max": false,
+            "min": false,
+            "show": true,
+            "total": false,
+            "values": false
+          },
+          "lines": true,
+          "linewidth": 1,
+          "links": [],
+          "nullPointMode": "null",
+          "percentage": false,
+          "pointradius": 5,
+          "points": false,
+          "renderer": "flot",
+          "seriesOverrides": [],
+          "spaceLength": 10,
+          "span": 6,
+          "stack": false,
+          "steppedLine": false,
+          "targets": [
+            {
+              "expr": "sum(rate(rest_server_blob_write_total{instance=\"$instance\"}[15s])) by ($group)",
+              "format": "time_series",
+              "interval": "",
+              "intervalFactor": 1,
+              "legendFormat": "{{$group}}",
+              "refId": "A"
+            }
+          ],
+          "thresholds": [],
+          "timeFrom": null,
+          "timeShift": null,
+          "title": "Blob Write Operations by $group",
+          "tooltip": {
+            "shared": true,
+            "sort": 0,
+            "value_type": "individual"
+          },
+          "type": "graph",
+          "xaxis": {
+            "buckets": null,
+            "mode": "time",
+            "name": null,
+            "show": true,
+            "values": []
+          },
+          "yaxes": [
+            {
+              "format": "ops",
+              "label": null,
+              "logBase": 1,
+              "max": null,
+              "min": "0",
+              "show": true
+            },
+            {
+              "format": "short",
+              "label": null,
+              "logBase": 1,
+              "max": null,
+              "min": null,
+              "show": true
+            }
+          ]
+        }
+      ],
+      "repeat": null,
+      "repeatIteration": null,
+      "repeatRowId": null,
+      "showTitle": false,
+      "title": "Dashboard Row",
+      "titleSize": "h6"
+    },
+    {
+      "collapse": false,
+      "height": 258,
+      "panels": [
+        {
+          "aliasColors": {},
+          "bars": false,
+          "dashLength": 10,
+          "dashes": false,
+          "datasource": "prometheus",
+          "fill": 1,
+          "id": 2,
+          "legend": {
+            "avg": false,
+            "current": false,
+            "max": false,
+            "min": false,
+            "show": true,
+            "total": false,
+            "values": false
+          },
+          "lines": true,
+          "linewidth": 1,
+          "links": [],
+          "nullPointMode": "null",
+          "percentage": false,
+          "pointradius": 5,
+          "points": false,
+          "renderer": "flot",
+          "seriesOverrides": [],
+          "spaceLength": 10,
+          "span": 6,
+          "stack": false,
+          "steppedLine": false,
+          "targets": [
+            {
+              "expr": "sum(rate(rest_server_blob_read_bytes_total{instance=\"$instance\"}[15s])) by ($group)",
+              "format": "time_series",
+              "interval": "",
+              "intervalFactor": 1,
+              "legendFormat": "{{$group}}",
+              "refId": "A"
+            }
+          ],
+          "thresholds": [],
+          "timeFrom": null,
+          "timeShift": null,
+          "title": "Blob Read Throughput by $group",
+          "tooltip": {
+            "shared": true,
+            "sort": 0,
+            "value_type": "individual"
+          },
+          "type": "graph",
+          "xaxis": {
+            "buckets": null,
+            "mode": "time",
+            "name": null,
+            "show": true,
+            "values": []
+          },
+          "yaxes": [
+            {
+              "format": "Bps",
+              "label": null,
+              "logBase": 1,
+              "max": null,
+              "min": "0",
+              "show": true
+            },
+            {
+              "format": "short",
+              "label": null,
+              "logBase": 1,
+              "max": null,
+              "min": null,
+              "show": true
+            }
+          ]
+        },
+        {
+          "aliasColors": {},
+          "bars": false,
+          "dashLength": 10,
+          "dashes": false,
+          "datasource": "prometheus",
+          "fill": 1,
+          "id": 5,
+          "legend": {
+            "avg": false,
+            "current": false,
+            "max": false,
+            "min": false,
+            "show": true,
+            "total": false,
+            "values": false
+          },
+          "lines": true,
+          "linewidth": 1,
+          "links": [],
+          "nullPointMode": "null",
+          "percentage": false,
+          "pointradius": 5,
+          "points": false,
+          "renderer": "flot",
+          "seriesOverrides": [],
+          "spaceLength": 10,
+          "span": 6,
+          "stack": false,
+          "steppedLine": false,
+          "targets": [
+            {
+              "expr": "sum(rate(rest_server_blob_read_total{instance=\"$instance\"}[15s])) by ($group)",
+              "format": "time_series",
+              "interval": "",
+              "intervalFactor": 1,
+              "legendFormat": "{{$group}}",
+              "refId": "A"
+            }
+          ],
+          "thresholds": [],
+          "timeFrom": null,
+          "timeShift": null,
+          "title": "Blob Read Operations by $group",
+          "tooltip": {
+            "shared": true,
+            "sort": 0,
+            "value_type": "individual"
+          },
+          "type": "graph",
+          "xaxis": {
+            "buckets": null,
+            "mode": "time",
+            "name": null,
+            "show": true,
+            "values": []
+          },
+          "yaxes": [
+            {
+              "format": "ops",
+              "label": null,
+              "logBase": 1,
+              "max": null,
+              "min": "0",
+              "show": true
+            },
+            {
+              "format": "short",
+              "label": null,
+              "logBase": 1,
+              "max": null,
+              "min": null,
+              "show": true
+            }
+          ]
+        }
+      ],
+      "repeat": null,
+      "repeatIteration": null,
+      "repeatRowId": null,
+      "showTitle": false,
+      "title": "Dashboard Row",
+      "titleSize": "h6"
+    },
+    {
+      "collapse": false,
+      "height": 250,
+      "panels": [
+        {
+          "aliasColors": {},
+          "bars": false,
+          "dashLength": 10,
+          "dashes": false,
+          "datasource": "prometheus",
+          "fill": 1,
+          "id": 3,
+          "legend": {
+            "avg": false,
+            "current": false,
+            "max": false,
+            "min": false,
+            "show": true,
+            "total": false,
+            "values": false
+          },
+          "lines": true,
+          "linewidth": 1,
+          "links": [],
+          "nullPointMode": "null",
+          "percentage": false,
+          "pointradius": 5,
+          "points": false,
+          "renderer": "flot",
+          "seriesOverrides": [],
+          "spaceLength": 10,
+          "span": 6,
+          "stack": false,
+          "steppedLine": false,
+          "targets": [
+            {
+              "expr": "sum(rate(rest_server_blob_delete_bytes_total{instance=\"$instance\"}[15s])) by ($group)",
+              "format": "time_series",
+              "interval": "",
+              "intervalFactor": 1,
+              "legendFormat": "{{$group}}",
+              "refId": "A"
+            }
+          ],
+          "thresholds": [],
+          "timeFrom": null,
+          "timeShift": null,
+          "title": "Blob Delete Throughput by $group",
+          "tooltip": {
+            "shared": true,
+            "sort": 0,
+            "value_type": "individual"
+          },
+          "type": "graph",
+          "xaxis": {
+            "buckets": null,
+            "mode": "time",
+            "name": null,
+            "show": true,
+            "values": []
+          },
+          "yaxes": [
+            {
+              "format": "Bps",
+              "label": null,
+              "logBase": 1,
+              "max": null,
+              "min": "0",
+              "show": true
+            },
+            {
+              "format": "short",
+              "label": null,
+              "logBase": 1,
+              "max": null,
+              "min": null,
+              "show": true
+            }
+          ]
+        },
+        {
+          "aliasColors": {},
+          "bars": false,
+          "dashLength": 10,
+          "dashes": false,
+          "datasource": "prometheus",
+          "fill": 1,
+          "id": 6,
+          "legend": {
+            "avg": false,
+            "current": false,
+            "max": false,
+            "min": false,
+            "show": true,
+            "total": false,
+            "values": false
+          },
+          "lines": true,
+          "linewidth": 1,
+          "links": [],
+          "nullPointMode": "null",
+          "percentage": false,
+          "pointradius": 5,
+          "points": false,
+          "renderer": "flot",
+          "seriesOverrides": [],
+          "spaceLength": 10,
+          "span": 6,
+          "stack": false,
+          "steppedLine": false,
+          "targets": [
+            {
+              "expr": "sum(rate(rest_server_blob_delete_total{instance=\"$instance\"}[15s])) by ($group)",
+              "format": "time_series",
+              "interval": "",
+              "intervalFactor": 1,
+              "legendFormat": "{{$group}}",
+              "refId": "A"
+            }
+          ],
+          "thresholds": [],
+          "timeFrom": null,
+          "timeShift": null,
+          "title": "Blob Delete Operations by $group",
+          "tooltip": {
+            "shared": true,
+            "sort": 0,
+            "value_type": "individual"
+          },
+          "type": "graph",
+          "xaxis": {
+            "buckets": null,
+            "mode": "time",
+            "name": null,
+            "show": true,
+            "values": []
+          },
+          "yaxes": [
+            {
+              "format": "ops",
+              "label": null,
+              "logBase": 1,
+              "max": null,
+              "min": "0",
+              "show": true
+            },
+            {
+              "format": "short",
+              "label": null,
+              "logBase": 1,
+              "max": null,
+              "min": null,
+              "show": true
+            }
+          ]
+        }
+      ],
+      "repeat": null,
+      "repeatIteration": null,
+      "repeatRowId": null,
+      "showTitle": false,
+      "title": "Dashboard Row",
+      "titleSize": "h6"
+    }
+  ],
+  "schemaVersion": 14,
+  "style": "dark",
+  "tags": [],
+  "templating": {
+    "list": [
+      {
+        "allValue": null,
+        "current": {},
+        "datasource": "prometheus",
+        "hide": 0,
+        "includeAll": false,
+        "label": "Instance",
+        "multi": false,
+        "name": "instance",
+        "options": [],
+        "query": "label_values(process_start_time_seconds{job=\"rest_server\"}, instance)",
+        "refresh": 2,
+        "regex": "",
+        "sort": 1,
+        "tagValuesQuery": "",
+        "tags": [],
+        "tagsQuery": "",
+        "type": "query",
+        "useTags": false
+      },
+      {
+        "allValue": null,
+        "current": {
+          "tags": [],
+          "text": "type",
+          "value": "type"
+        },
+        "hide": 0,
+        "includeAll": false,
+        "label": "Group By",
+        "multi": false,
+        "name": "group",
+        "options": [
+          {
+            "selected": true,
+            "text": "type",
+            "value": "type"
+          },
+          {
+            "selected": false,
+            "text": "repo",
+            "value": "repo"
+          },
+          {
+            "selected": false,
+            "text": "user",
+            "value": "user"
+          }
+        ],
+        "query": "type,repo,user",
+        "type": "custom"
+      }
+    ]
+  },
+  "time": {
+    "from": "now-5m",
+    "to": "now"
+  },
+  "timepicker": {
+    "refresh_intervals": [
+      "5s",
+      "10s",
+      "30s",
+      "1m",
+      "5m",
+      "15m",
+      "30m",
+      "1h",
+      "2h",
+      "1d"
+    ],
+    "time_options": [
+      "5m",
+      "15m",
+      "1h",
+      "6h",
+      "12h",
+      "24h",
+      "2d",
+      "7d",
+      "30d"
+    ]
+  },
+  "timezone": "",
+  "title": "Restic Rest Server",
+  "version": 8
+}

examples/compose-with-grafana/demo-passwd

@@ -0,0 +1 @@
+demo-passwd

examples/compose-with-grafana/docker-compose.yml

@@ -0,0 +1,59 @@
+# Demo of rest-server with prometheus and grafana
+version: '2'
+
+services:
+  restserver:
+    # NOTE: You must run `make docker_build` in the repo root first
+    # If you want to run this in production, you want auth and tls!
+    build:
+      context: ../..
+      dockerfile: Dockerfile
+    volumes:
+      - data:/data
+    environment:
+      DISABLE_AUTHENTICATION: 1
+      OPTIONS: "--prometheus"
+    ports:
+      - "127.0.0.1:8010:8000"
+    networks:
+      - net
+
+  prometheus:
+    image: prom/prometheus
+    ports:
+      - "127.0.0.1:8020:9090"
+    volumes:
+      - prometheusdata:/prometheus
+      - ./prometheus.yml:/etc/prometheus/prometheus.yml:ro
+    depends_on:
+      - restserver
+    networks:
+      - net
+
+  grafana:
+    image: grafana/grafana
+    volumes:
+      - grafanadata:/var/lib/grafana
+      - ./dashboards:/dashboards
+      - ./grafana.ini:/etc/grafana/grafana.ini
+    ports:
+      - "127.0.0.1:8030:3000"
+    environment:
+      GF_USERS_DEFAULT_THEME: light
+    #  GF_INSTALL_PLUGINS: grafana-clock-panel,grafana-simple-json-datasource
+    depends_on:
+      - prometheus
+    networks:
+      - net
+
+networks:
+  net:
+
+volumes:
+  data:
+    driver: local
+  prometheusdata:
+    driver: local
+  grafanadata:
+    driver: local
+

examples/compose-with-grafana/grafana.ini

@@ -0,0 +1,313 @@
+##################### Grafana Configuration Example #####################
+#
+# Everything has defaults so you only need to uncomment things you want to
+# change
+
+# possible values : production, development
+; app_mode = production
+
+# instance name, defaults to HOSTNAME environment variable value or hostname if HOSTNAME var is empty
+; instance_name = ${HOSTNAME}
+
+#################################### Paths ####################################
+[paths]
+# Path to where grafana can store temp files, sessions, and the sqlite3 db (if that is used)
+#
+;data = /var/lib/grafana
+#
+# Directory where grafana can store logs
+#
+;logs = /var/log/grafana
+#
+# Directory where grafana will automatically scan and look for plugins
+#
+;plugins = /var/lib/grafana/plugins
+
+#
+#################################### Server ####################################
+[server]
+# Protocol (http or https)
+;protocol = http
+
+# The ip address to bind to, empty will bind to all interfaces
+;http_addr =
+
+# The http port  to use
+;http_port = 3000
+
+# The public facing domain name used to access grafana from a browser
+;domain = localhost
+
+# Redirect to correct domain if host header does not match domain
+# Prevents DNS rebinding attacks
+;enforce_domain = false
+
+# The full public facing url
+;root_url = %(protocol)s://%(domain)s:%(http_port)s/
+
+# Log web requests
+;router_logging = false
+
+# the path relative working path
+;static_root_path = public
+
+# enable gzip
+;enable_gzip = false
+
+# https certs & key file
+;cert_file =
+;cert_key =
+
+#################################### Database ####################################
+[database]
+# Either "mysql", "postgres" or "sqlite3", it's your choice
+;type = sqlite3
+;host = 127.0.0.1:3306
+;name = grafana
+;user = root
+;password =
+
+# For "postgres" only, either "disable", "require" or "verify-full"
+;ssl_mode = disable
+
+# For "sqlite3" only, path relative to data_path setting
+;path = grafana.db
+
+#################################### Session ####################################
+[session]
+# Either "memory", "file", "redis", "mysql", "postgres", default is "file"
+;provider = file
+
+# Provider config options
+# memory: not have any config yet
+# file: session dir path, is relative to grafana data_path
+# redis: config like redis server e.g. `addr=127.0.0.1:6379,pool_size=100,db=grafana`
+# mysql: go-sql-driver/mysql dsn config string, e.g. `user:password@tcp(127.0.0.1:3306)/database_name`
+# postgres: user=a password=b host=localhost port=5432 dbname=c sslmode=disable
+;provider_config = sessions
+
+# Session cookie name
+;cookie_name = grafana_sess
+
+# If you use session in https only, default is false
+;cookie_secure = false
+
+# Session life time, default is 86400
+;session_life_time = 86400
+
+#################################### Analytics ####################################
+[analytics]
+# Server reporting, sends usage counters to stats.grafana.org every 24 hours.
+# No ip addresses are being tracked, only simple counters to track
+# running instances, dashboard and error counts. It is very helpful to us.
+# Change this option to false to disable reporting.
+;reporting_enabled = true
+
+# Set to false to disable all checks to https://grafana.net
+# for new vesions (grafana itself and plugins), check is used
+# in some UI views to notify that grafana or plugin update exists
+# This option does not cause any auto updates, nor send any information
+# only a GET request to http://grafana.net to get latest versions
+check_for_updates = true
+
+# Google Analytics universal tracking code, only enabled if you specify an id here
+;google_analytics_ua_id =
+
+#################################### Security ####################################
+[security]
+# default admin user, created on startup
+;admin_user = admin
+
+# default admin password, can be changed before first start of grafana,  or in profile settings
+;admin_password = admin
+
+# used for signing
+;secret_key = SW2YcwTIb9zpOOhoPsMm
+
+# Auto-login remember days
+;login_remember_days = 7
+;cookie_username = grafana_user
+;cookie_remember_name = grafana_remember
+
+# disable gravatar profile images
+;disable_gravatar = false
+
+# data source proxy whitelist (ip_or_domain:port separated by spaces)
+;data_source_proxy_whitelist =
+
+[snapshots]
+# snapshot sharing options
+;external_enabled = true
+;external_snapshot_url = https://snapshots-origin.raintank.io
+;external_snapshot_name = Publish to snapshot.raintank.io
+
+#################################### Users ####################################
+[users]
+# disable user signup / registration
+;allow_sign_up = true
+
+# Allow non admin users to create organizations
+;allow_org_create = true
+
+# Set to true to automatically assign new users to the default organization (id 1)
+;auto_assign_org = true
+
+# Default role new users will be automatically assigned (if disabled above is set to true)
+;auto_assign_org_role = Viewer
+
+# Background text for the user field on the login page
+;login_hint = email or username
+
+# Default UI theme ("dark" or "light")
+default_theme = dark
+
+#################################### Anonymous Auth ##########################
+[auth.anonymous]
+# enable anonymous access
+;enabled = false
+
+# specify organization name that should be used for unauthenticated users
+;org_name = Main Org.
+
+# specify role for unauthenticated users
+;org_role = Viewer
+
+#################################### Github Auth ##########################
+[auth.github]
+;enabled = false
+;allow_sign_up = false
+;client_id = some_id
+;client_secret = some_secret
+;scopes = user:email,read:org
+;auth_url = https://github.com/login/oauth/authorize
+;token_url = https://github.com/login/oauth/access_token
+;api_url = https://api.github.com/user
+;team_ids =
+;allowed_organizations =
+
+#################################### Google Auth ##########################
+[auth.google]
+;enabled = false
+;allow_sign_up = false
+;client_id = some_client_id
+;client_secret = some_client_secret
+;scopes = https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email
+;auth_url = https://accounts.google.com/o/oauth2/auth
+;token_url = https://accounts.google.com/o/oauth2/token
+;api_url = https://www.googleapis.com/oauth2/v1/userinfo
+;allowed_domains =
+
+#################################### Auth Proxy ##########################
+[auth.proxy]
+;enabled = false
+;header_name = X-WEBAUTH-USER
+;header_property = username
+;auto_sign_up = true
+
+#################################### Basic Auth ##########################
+[auth.basic]
+;enabled = true
+
+#################################### Auth LDAP ##########################
+[auth.ldap]
+;enabled = false
+;config_file = /etc/grafana/ldap.toml
+
+#################################### SMTP / Emailing ##########################
+[smtp]
+;enabled = false
+;host = localhost:25
+;user =
+;password =
+;cert_file =
+;key_file =
+;skip_verify = false
+;from_address = admin@grafana.localhost
+
+[emails]
+;welcome_email_on_sign_up = false
+
+#################################### Logging ##########################
+[log]
+# Either "console", "file", "syslog". Default is console and  file
+# Use space to separate multiple modes, e.g. "console file"
+;mode = console, file
+
+# Either "trace", "debug", "info", "warn", "error", "critical", default is "info"
+;level = info
+
+# For "console" mode only
+[log.console]
+;level =
+
+# log line format, valid options are text, console and json
+;format = console
+
+# For "file" mode only
+[log.file]
+;level =
+
+# log line format, valid options are text, console and json
+;format = text
+
+# This enables automated log rotate(switch of following options), default is true
+;log_rotate = true
+
+# Max line number of single file, default is 1000000
+;max_lines = 1000000
+
+# Max size shift of single file, default is 28 means 1 << 28, 256MB
+;max_size_shift = 28
+
+# Segment log daily, default is true
+;daily_rotate = true
+
+# Expired days of log file(delete after max days), default is 7
+;max_days = 7
+
+[log.syslog]
+;level =
+
+# log line format, valid options are text, console and json
+;format = text
+
+# Syslog network type and address. This can be udp, tcp, or unix. If left blank, the default unix endpoints will be used.
+;network =
+;address =
+
+# Syslog facility. user, daemon and local0 through local7 are valid.
+;facility =
+
+# Syslog tag. By default, the process' argv[0] is used.
+;tag =
+
+
+#################################### AMQP Event Publisher ##########################
+[event_publisher]
+;enabled = false
+;rabbitmq_url = amqp://localhost/
+;exchange = grafana_events
+
+;#################################### Dashboard JSON files ##########################
+[dashboards.json]
+enabled = true
+path = /dashboards
+
+#################################### Internal Grafana Metrics ##########################
+# Metrics available at HTTP API Url /api/metrics
+[metrics]
+# Disable / Enable internal metrics
+;enabled           = true
+
+# Publish interval
+;interval_seconds  = 10
+
+# Send internal metrics to Graphite
+; [metrics.graphite]
+; address = localhost:2003
+; prefix = prod.grafana.%(instance_name)s.
+
+#################################### Internal Grafana Metrics ##########################
+# Url used to to import dashboards directly from Grafana.net
+[grafana_net]
+url = https://grafana.net

examples/compose-with-grafana/prometheus.yml

@@ -0,0 +1,23 @@
+global:
+  scrape_interval:     15s # By default, scrape targets every 15 seconds.
+
+  # Attach these labels to any time series or alerts when communicating with
+  # external systems (federation, remote storage, Alertmanager).
+  external_labels:
+    monitor: 'restic-rest-server-demo'
+
+scrape_configs:
+  - job_name: 'prometheus' # monitor self
+    scrape_interval: 5s
+    static_configs:
+      - targets: ['localhost:9090']
+  
+  - job_name: 'rest_server'
+    scrape_interval: 5s
+    # Uncomment these if you use auth and/or https
+    #basic_auth:
+    #  username: test
+    #  password: test
+    #scheme: https
+    static_configs:
+      - targets: ['restserver:8000']

examples/systemd/rest-server.service

@@ -0,0 +1,75 @@
+[Unit]
+Description=Rest Server
+After=syslog.target
+After=network.target
+
+# if you want to use socket activation, make sure to require the socket here
+#Requires=rest-server.socket
+
+[Service]
+Type=simple
+# You may prefer to use a different user or group on your system.
+User=www-data
+Group=www-data
+ExecStart=/usr/local/bin/rest-server --path /path/to/backups
+Restart=always
+RestartSec=5
+
+# The following options are available (in systemd v247) to restrict the
+# actions of the rest-server.
+
+# As a whole, the purpose of these are to provide an additional layer of
+# security by mitigating any unknown security vulnerabilities which may exist
+# in rest-server or in the libraries, tools and operating system components
+# which it relies upon.
+
+# IMPORTANT!
+# The following line must be customised to your individual requirements.
+ReadWritePaths=/path/to/backups
+
+# Makes created files group-readable, but inaccessible by others
+UMask=027
+
+# If your system doesn't support all of the features below (e.g. because of
+# the use of an older version of systemd), you may wish to comment-out
+# some of the lines below as appropriate.
+CapabilityBoundingSet=
+LockPersonality=true
+MemoryDenyWriteExecute=true
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=true
+PrivateUsers=true
+ProtectSystem=strict
+ProtectHome=yes
+ProtectClock=true
+ProtectControlGroups=true
+ProtectKernelLogs=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectProc=invisible
+ProtectHostname=true
+RemoveIPC=true
+RestrictNamespaces=true
+RestrictAddressFamilies=AF_INET AF_INET6
+RestrictSUIDSGID=true
+RestrictRealtime=true
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+
+# Additionally, you may wish to use some of the systemd options documented in
+# systemd.resource-control(5) to limit the CPU, memory, file-system I/O and
+# network I/O that the rest-server is permitted to consume according to the
+# individual requirements of your installation.
+#CPUQuota=25%
+#MemoryMax=bytes
+#MemorySwapMax=bytes
+#TasksMax=N
+#IOReadBandwidthMax=device bytes
+#IOWriteBandwidthMax=device bytes
+#IOReadIOPSMax=device IOPS, IOWriteIOPSMax=device IOPS
+#IPAccounting=true
+#IPAddressAllow=
+
+[Install]
+WantedBy=multi-user.target

examples/systemd/rest-server.socket

@@ -0,0 +1,5 @@
+[Socket]
+ListenStream = 8080
+
+[Install]
+WantedBy = sockets.target

glide.lock

@@ -1,25 +0,0 @@
-hash: 2a84da35c7f6887fc08d80cd20da4e38731a81ea9845e1f137f1ba9913d0268d
-updated: 2017-05-31T23:28:23.41107346+02:00
-imports:
-- name: github.com/gorilla/handlers
-  version: a4043c62cc2329bacda331d33fc908ab11ef0ec3
-- name: github.com/inconshreveable/mousetrap
-  version: 76626ae9c91c4f2a10f34cad8ce83ea42c93bb75
-- name: github.com/spf13/cobra
-  version: 8d4ce3549a0bf0e3569df3aae7423b7743cd05a9
-- name: github.com/spf13/pflag
-  version: e57e3eeb33f795204c1ca35f56c44f83227c6e66
-- name: goji.io
-  version: 0d89ff54b2c18c9c4ba530e32496aef902d3c6cd
-  repo: https://github.com/goji/goji
-  vcs: git
-  subpackages:
-  - internal
-  - middleware
-  - pat
-  - pattern
-- name: golang.org/x/net
-  version: 45e771701b814666a7eb299e6c7a57d0b1799e91
-  repo: https://github.com/golang/net
-  vcs: git
-testImports: []

glide.yaml

@@ -1,12 +0,0 @@
-package: github.com/restic/rest-server
-import:
-- package: goji.io
-  version: v2.0
-  repo: https://github.com/goji/goji
-  vcs: git
-- package: golang.org/x/net
-  version: 45e771701b814666a7eb299e6c7a57d0b1799e91
-  repo: https://github.com/golang/net
-  vcs: git
-- package: github.com/spf13/cobra
-- package: github.com/spf13/pflag

go.mod

@@ -0,0 +1,13 @@
+module github.com/restic/rest-server
+
+go 1.14
+
+require (
+	github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf
+	github.com/gorilla/handlers v1.5.1
+	github.com/minio/sha256-simd v1.0.0
+	github.com/miolini/datacounter v1.0.2
+	github.com/prometheus/client_golang v1.12.1
+	github.com/spf13/cobra v1.3.0
+	golang.org/x/crypto v0.0.0-20220208050332-20e1d8d225ab
+)

go.sum

@@ -0,0 +1,813 @@
+cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
+cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
+cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
+cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
+cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
+cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
+cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
+cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
+cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
+cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
+cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
+cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
+cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
+cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI=
+cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk=
+cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg=
+cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8=
+cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0=
+cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY=
+cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM=
+cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY=
+cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ=
+cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI=
+cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4=
+cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc=
+cloud.google.com/go v0.98.0/go.mod h1:ua6Ush4NALrHk5QXDWnjvZHN93OuF0HfuEPq9I1X0cM=
+cloud.google.com/go v0.99.0/go.mod h1:w0Xx2nLzqWJPuozYQX+hFfCSI8WioryfRDzkoI/Y2ZA=
+cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
+cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
+cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
+cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
+cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
+cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
+cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
+cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
+cloud.google.com/go/firestore v1.6.1/go.mod h1:asNXNOzBdyVQmEU+ggO8UPodTkEVFW5Qx+rwHnAz+EY=
+cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
+cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
+cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
+cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
+cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
+cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
+cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
+cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
+cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
+dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
+github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
+github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
+github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
+github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
+github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
+github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
+github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
+github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
+github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
+github.com/armon/go-metrics v0.3.10/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc=
+github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
+github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
+github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
+github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
+github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
+github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
+github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
+github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
+github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
+github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE=
+github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
+github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
+github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
+github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag=
+github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I=
+github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
+github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
+github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
+github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
+github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20211130200136-a8f946100490/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
+github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf h1:iW4rZ826su+pqaw19uhpSCzhj44qo35pNgKFGqzDKkU=
+github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
+github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
+github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
+github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po=
+github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
+github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
+github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
+github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
+github.com/envoyproxy/go-control-plane v0.10.1/go.mod h1:AY7fTTXNdv/aJ2O5jwpxAPOWUZ7hQAEvzN5Pf27BkQQ=
+github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/envoyproxy/protoc-gen-validate v0.6.2/go.mod h1:2t7qjJNvHPx8IjnBOzl9E9/baC+qXE/TeeyBRzgJDws=
+github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
+github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
+github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
+github.com/felixge/httpsnoop v1.0.1 h1:lvB5Jl89CsZtGIWuTcDM1E/vkVs49/Ml7JJe07l8SPQ=
+github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
+github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU=
+github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
+github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
+github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
+github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
+github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
+github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
+github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
+github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
+github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
+github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
+github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
+github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
+github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
+github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
+github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
+github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8=
+github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
+github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
+github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
+github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
+github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
+github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
+github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
+github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM=
+github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
+github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
+github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ=
+github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
+github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
+github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
+github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk=
+github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
+github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
+github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
+github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0=
+github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0eJc8R6ouapiM=
+github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=
+github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q=
+github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
+github.com/hashicorp/consul/api v1.11.0/go.mod h1:XjsvQN+RJGWI2TWy1/kqaE16HrR2J/FWgkYjdZQsX9M=
+github.com/hashicorp/consul/sdk v0.8.0/go.mod h1:GBvyrGALthsZObzUGsfgHZQDXjg4lOjagTIwIR1vPms=
+github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
+github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
+github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
+github.com/hashicorp/go-hclog v0.12.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
+github.com/hashicorp/go-hclog v1.0.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
+github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
+github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
+github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
+github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
+github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA=
+github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs=
+github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
+github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
+github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
+github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
+github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
+github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
+github.com/hashicorp/mdns v1.0.1/go.mod h1:4gW7WsVCke5TE7EPeYliwHlRUyBtfCwuFwuMg2DmyNY=
+github.com/hashicorp/mdns v1.0.4/go.mod h1:mtBihi+LeNXGtG8L9dX59gAEa12BDtBQSp4v/YAJqrc=
+github.com/hashicorp/memberlist v0.2.2/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE=
+github.com/hashicorp/memberlist v0.3.0/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE=
+github.com/hashicorp/serf v0.9.5/go.mod h1:UWDWwZeL5cuWDJdl0C6wrvrUwEqtQ4ZKBKKENpqIUyk=
+github.com/hashicorp/serf v0.9.6/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4=
+github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho=
+github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
+github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
+github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
+github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
+github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
+github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
+github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
+github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
+github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
+github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
+github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
+github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
+github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/klauspost/cpuid/v2 v2.0.4 h1:g0I61F2K2DjRHz1cnxlkNSBIaePVoJIjjnHui8QHbiw=
+github.com/klauspost/cpuid/v2 v2.0.4/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
+github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
+github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/lyft/protoc-gen-star v0.5.3/go.mod h1:V0xaHgaf5oCCqmcxYcWiDfTiKsZsRc87/1qhoTACD8w=
+github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
+github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
+github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
+github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
+github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
+github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
+github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
+github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
+github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84=
+github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE=
+github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
+github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
+github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
+github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
+github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
+github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso=
+github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI=
+github.com/minio/sha256-simd v1.0.0 h1:v1ta+49hkWZyvaKwrQB8elexRqm6Y0aMLjCNsrYxo6g=
+github.com/minio/sha256-simd v1.0.0/go.mod h1:OuYzVNI5vcoYIAmbIvHPl3N3jUzVedXbKy5RFepssQM=
+github.com/miolini/datacounter v1.0.2 h1:mGTL0vqEAtH7mwNJS1JIpd6jwTAP6cBQQ2P8apaCIm8=
+github.com/miolini/datacounter v1.0.2/go.mod h1:C45dc2hBumHjDpEU64IqPwR6TDyPVpzOqqRTN7zmBUA=
+github.com/mitchellh/cli v1.1.0/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI=
+github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
+github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
+github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
+github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
+github.com/mitchellh/mapstructure v1.4.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
+github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
+github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
+github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
+github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
+github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
+github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s=
+github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
+github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
+github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=
+github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
+github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
+github.com/prometheus/client_golang v1.12.1 h1:ZiaPsmm9uiBeaSMRznKsCDNtPCS0T3JVDGF+06gjBzk=
+github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
+github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
+github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M=
+github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
+github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4=
+github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
+github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
+github.com/prometheus/common v0.32.1 h1:hWIdL3N2HoUx3B8j3YN9mWor0qhY/NlEKZEaXxuIRh4=
+github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
+github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
+github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
+github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
+github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
+github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
+github.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0VU=
+github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
+github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
+github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
+github.com/sagikazarmark/crypt v0.3.0/go.mod h1:uD/D+6UF4SrIR1uGEv7bBNkNqLGqUr43MRiaGWX1Nig=
+github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
+github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
+github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
+github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
+github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
+github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY520V4=
+github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I=
+github.com/spf13/cast v1.4.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
+github.com/spf13/cobra v1.3.0 h1:R7cSvGu+Vv+qX0gW5R/85dx2kmmJT5z5NM8ifdYjdn0=
+github.com/spf13/cobra v1.3.0/go.mod h1:BrRVncBjOJa/eUcVVm9CE+oC6as8k+VYr4NY7WCi9V4=
+github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
+github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
+github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/viper v1.10.0/go.mod h1:SoyBPwAtKDzypXNDFKN5kzH7ppppbGZtls1UpIy5AsM=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
+github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
+github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
+go.etcd.io/etcd/api/v3 v3.5.1/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs=
+go.etcd.io/etcd/client/pkg/v3 v3.5.1/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g=
+go.etcd.io/etcd/client/v2 v2.305.1/go.mod h1:pMEacxZW7o8pg4CrFE7pquyCJJzZvkvdD2RibOCCCGs=
+go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
+go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
+go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
+go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
+go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
+go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
+go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
+go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
+golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20220208050332-20e1d8d225ab h1:lnZ4LoV0UMdibeCUfIB2a4uFwRu491WX/VB2reB8xNc=
+golang.org/x/crypto v0.0.0-20220208050332-20e1d8d225ab/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
+golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
+golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
+golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
+golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
+golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
+golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
+golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
+golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
+golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
+golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
+golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
+golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
+golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
+golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
+golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
+golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
+golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8=
+golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210816183151-1e6c022a8912/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211205182925-97ca703d548d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 h1:XfKQ4OlFl8okEOr5UvAqFRVj8pY/4yfcXrddB8qAbU0=
+golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
+golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
+golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
+golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
+golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE=
+golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
+golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
+google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
+google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
+google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
+google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
+google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
+google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
+google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
+google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg=
+google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE=
+google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8=
+google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU=
+google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94=
+google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo=
+google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4=
+google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw=
+google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU=
+google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k=
+google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE=
+google.golang.org/api v0.56.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE=
+google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI=
+google.golang.org/api v0.59.0/go.mod h1:sT2boj7M9YJxZzgeZqXogmhfmRWDtPzT31xkieUbuZU=
+google.golang.org/api v0.61.0/go.mod h1:xQRti5UdCmoCEqFxcz93fTl338AVqDgyaDRuOZ3hg9I=
+google.golang.org/api v0.62.0/go.mod h1:dKmwPCydfsad4qCH08MSdgWjfHOyfpd4VtDGgRFdavw=
+google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
+google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
+google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
+google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
+google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
+google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
+google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
+google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A=
+google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A=
+google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
+google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
+google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
+google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24=
+google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k=
+google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k=
+google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48=
+google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48=
+google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w=
+google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
+google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
+google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
+google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
+google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY=
+google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20211008145708-270636b82663/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20211028162531-8db9c33dc351/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20211129164237-f09f9a12af12/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20211203200212-54befc351ae9/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
+google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
+google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
+google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
+google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
+google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=
+google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
+google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
+google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
+google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8=
+google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
+google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
+google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
+google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
+google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
+google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
+google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
+google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
+google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
+google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
+google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
+google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
+google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
+google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
+google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
+google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
+google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
+google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
+google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
+google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.27.1 h1:SnqbnDw1V7RiZcXPx5MEeqPv2s79L9i7BJUlG/+RurQ=
+google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/ini.v1 v1.66.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
+honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
+honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
+rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
+rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
+rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=

handlers.go

@@ -1,339 +1,194 @@
-package main
+package restserver
 
 import (
-	"encoding/json"
-	"fmt"
-	"io"
-	"io/ioutil"
+	"errors"
 	"log"
 	"net/http"
-	"os"
+	"path"
 	"path/filepath"
 	"strings"
-	"time"
 
-	"goji.io/middleware"
-	"goji.io/pat"
+	"github.com/restic/rest-server/quota"
+	"github.com/restic/rest-server/repo"
 )
 
-func isHashed(dir string) bool {
-	return dir == "data"
+// Server encapsulates the rest-server's settings and repo management logic
+type Server struct {
+	Path             string
+	Listen           string
+	Log              string
+	CPUProfile       string
+	TLSKey           string
+	TLSCert          string
+	TLS              bool
+	NoAuth           bool
+	AppendOnly       bool
+	PrivateRepos     bool
+	Prometheus       bool
+	PrometheusNoAuth bool
+	Debug            bool
+	MaxRepoSize      int64
+	PanicOnError     bool
+	NoVerifyUpload   bool
+
+	htpasswdFile *HtpasswdFile
+	quotaManager *quota.Manager
 }
 
-func getRepo(r *http.Request) string {
-	if strings.HasPrefix(fmt.Sprintf("%s", middleware.Pattern(r.Context())), "/:repo") {
-		return filepath.Join(config.path, pat.Param(r, "repo"))
-	}
+// MaxFolderDepth is the maxDepth param passed to splitURLPath.
+// A max depth of 2 mean that we accept folders like: '/', '/foo' and '/foo/bar'
+// TODO: Move to a Server option
+const MaxFolderDepth = 2
 
-	return config.path
+// httpDefaultError write a HTTP error with the default description
+func httpDefaultError(w http.ResponseWriter, code int) {
+	http.Error(w, http.StatusText(code), code)
 }
 
-// AuthHandler wraps h with a http.HandlerFunc that performs basic authentication against the user/passwords pairs
-// stored in f and returns the http.HandlerFunc.
-func AuthHandler(f *HtpasswdFile, h http.Handler) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		if username, password, ok := r.BasicAuth(); !ok || !f.Validate(username, password) {
-			http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
-			return
-		}
-
-		h.ServeHTTP(w, r)
-	}
-}
-
-// CheckConfig checks whether a configuration exists.
-func CheckConfig(w http.ResponseWriter, r *http.Request) {
-	if config.debug {
-		log.Println("CheckConfig()")
-	}
-	cfg := filepath.Join(getRepo(r), "config")
-	st, err := os.Stat(cfg)
-	if err != nil {
-		if config.debug {
-			log.Print(err)
-		}
-		http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)
+// ServeHTTP makes this server an http.Handler. It handlers the administrative
+// part of the request (figuring out the filesystem location, performing
+// authentication, etc) and then passes it on to repo.Handler for actual
+// REST API processing.
+func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	// First of all, check auth (will always pass if NoAuth is set)
+	username, ok := s.checkAuth(r)
+	if !ok {
+		httpDefaultError(w, http.StatusUnauthorized)
 		return
 	}
 
-	w.Header().Add("Content-Length", fmt.Sprint(st.Size()))
-}
-
-// GetConfig allows for a config to be retrieved.
-func GetConfig(w http.ResponseWriter, r *http.Request) {
-	if config.debug {
-		log.Println("GetConfig()")
-	}
-	cfg := filepath.Join(getRepo(r), "config")
-
-	bytes, err := ioutil.ReadFile(cfg)
-	if err != nil {
-		if config.debug {
-			log.Print(err)
-		}
-		http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)
+	// Perform the path parsing to determine the repo folder and remainder for the
+	// repo handler.
+	folderPath, remainder := splitURLPath(r.URL.Path, MaxFolderDepth)
+	if !folderPathValid(folderPath) {
+		log.Printf("Invalid request path: %s", r.URL.Path)
+		httpDefaultError(w, http.StatusNotFound)
 		return
 	}
 
-	w.Write(bytes)
-}
-
-// SaveConfig allows for a config to be saved.
-func SaveConfig(w http.ResponseWriter, r *http.Request) {
-	if config.debug {
-		log.Println("SaveConfig()")
-	}
-	cfg := filepath.Join(getRepo(r), "config")
-
-	bytes, err := ioutil.ReadAll(r.Body)
-	if err != nil {
-		if config.debug {
-			log.Print(err)
-		}
-		http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
-		return
-	}
-
-	if err := ioutil.WriteFile(cfg, bytes, 0600); err != nil {
-		if config.debug {
-			log.Print(err)
-		}
-		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
-		return
-	}
-}
-
-// DeleteConfig removes a config.
-func DeleteConfig(w http.ResponseWriter, r *http.Request) {
-	if config.debug {
-		log.Println("DeleteConfig()")
-	}
-
-	if err := os.Remove(filepath.Join(getRepo(r), "config")); err != nil {
-		if config.debug {
-			log.Print(err)
-		}
-		if os.IsNotExist(err) {
-			http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)
-		} else {
-			http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
-		}
-		return
-	}
-}
-
-// ListBlobs lists all blobs of a given type in an arbitrary order.
-func ListBlobs(w http.ResponseWriter, r *http.Request) {
-	if config.debug {
-		log.Println("ListBlobs()")
-	}
-	dir := pat.Param(r, "type")
-	path := filepath.Join(getRepo(r), dir)
-
-	items, err := ioutil.ReadDir(path)
-	if err != nil {
-		if config.debug {
-			log.Print(err)
-		}
-		http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)
-		return
-	}
-
-	var names []string
-	for _, i := range items {
-		if isHashed(dir) {
-			subpath := filepath.Join(path, i.Name())
-			subitems, err := ioutil.ReadDir(subpath)
-			if err != nil {
-				if config.debug {
-					log.Print(err)
-				}
-				http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)
-				return
-			}
-			for _, f := range subitems {
-				names = append(names, f.Name())
-			}
-		} else {
-			names = append(names, i.Name())
-		}
-	}
-
-	data, err := json.Marshal(names)
-	if err != nil {
-		if config.debug {
-			log.Print(err)
-		}
-		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
-		return
-	}
-
-	w.Write(data)
-}
-
-// CheckBlob tests whether a blob exists.
-func CheckBlob(w http.ResponseWriter, r *http.Request) {
-	if config.debug {
-		log.Println("CheckBlob()")
-	}
-	dir := pat.Param(r, "type")
-	name := pat.Param(r, "name")
-
-	if isHashed(dir) {
-		name = filepath.Join(name[:2], name)
-	}
-	path := filepath.Join(getRepo(r), dir, name)
-
-	st, err := os.Stat(path)
-	if err != nil {
-		if config.debug {
-			log.Print(err)
-		}
-		http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)
-		return
-	}
-
-	w.Header().Add("Content-Length", fmt.Sprint(st.Size()))
-}
-
-// GetBlob retrieves a blob from the repository.
-func GetBlob(w http.ResponseWriter, r *http.Request) {
-	if config.debug {
-		log.Println("GetBlob()")
-	}
-	dir := pat.Param(r, "type")
-	name := pat.Param(r, "name")
-
-	if isHashed(dir) {
-		name = filepath.Join(name[:2], name)
-	}
-	path := filepath.Join(getRepo(r), dir, name)
-
-	file, err := os.Open(path)
-	if err != nil {
-		if config.debug {
-			log.Print(err)
-		}
-		http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)
-		return
-	}
-
-	http.ServeContent(w, r, "", time.Unix(0, 0), file)
-	file.Close()
-}
-
-// SaveBlob saves a blob to the repository.
-func SaveBlob(w http.ResponseWriter, r *http.Request) {
-	if config.debug {
-		log.Println("SaveBlob()")
-	}
-	repo := getRepo(r)
-	dir := pat.Param(r, "type")
-	name := pat.Param(r, "name")
-
-	if isHashed(dir) {
-		name = filepath.Join(name[:2], name)
-	}
-	path := filepath.Join(repo, dir, name)
-
-	tf, err := os.OpenFile(path, os.O_CREATE|os.O_WRONLY|os.O_EXCL, 0600)
-	if err != nil {
-		if config.debug {
-			log.Print(err)
-		}
-		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
-		return
-	}
-
-	if _, err := io.Copy(tf, r.Body); err != nil {
-		tf.Close()
-		os.Remove(path)
-		if config.debug {
-			log.Print(err)
-		}
-		http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
-		return
-	}
-
-	if err := tf.Sync(); err != nil {
-		tf.Close()
-		os.Remove(path)
-		if config.debug {
-			log.Print(err)
-		}
-		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
-		return
-	}
-
-	if err := tf.Close(); err != nil {
-		os.Remove(path)
-		if config.debug {
-			log.Print(err)
-		}
-		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
-		return
-	}
-}
-
-// DeleteBlob deletes a blob from the repository.
-func DeleteBlob(w http.ResponseWriter, r *http.Request) {
-	if config.debug {
-		log.Println("DeleteBlob()")
-	}
-	dir := pat.Param(r, "type")
-	name := pat.Param(r, "name")
-
-	if isHashed(dir) {
-		name = filepath.Join(name[:2], name)
-	}
-	path := filepath.Join(getRepo(r), dir, name)
-
-	if err := os.Remove(path); err != nil {
-		if config.debug {
-			log.Print(err)
-		}
-		if os.IsNotExist(err) {
-			http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)
-		} else {
-			http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
-		}
-		return
-	}
-}
-
-// CreateRepo creates repository directories.
-func CreateRepo(w http.ResponseWriter, r *http.Request) {
-	if config.debug {
-		log.Println("CreateRepo()")
-	}
-	repo := getRepo(r)
-
-	if r.URL.Query().Get("create") != "true" {
-		http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
-		return
-	}
-
-	log.Printf("Creating repository directories in %s\n", repo)
-
-	if err := os.MkdirAll(repo, 0700); err != nil {
-		log.Print(err)
-		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
-		return
-	}
-
-	for _, d := range []string{"data", "index", "keys", "locks", "snapshots", "tmp"} {
-		if err := os.MkdirAll(filepath.Join(repo, d), 0700); err != nil {
-			log.Print(err)
-			http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+	// Check if the current user is allowed to access this path
+	if !s.NoAuth && s.PrivateRepos {
+		if len(folderPath) == 0 || folderPath[0] != username {
+			httpDefaultError(w, http.StatusUnauthorized)
 			return
 		}
 	}
 
-	for i := 0; i < 256; i++ {
-		if err := os.MkdirAll(filepath.Join(repo, "data", fmt.Sprintf("%02x", i)), 0700); err != nil {
-			log.Print(err)
-			http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
-			return
+	// Determine filesystem path for this repo
+	fsPath, err := join(s.Path, folderPath...)
+	if err != nil {
+		// We did not expect an error at this stage, because we just checked the path
+		log.Printf("Unexpected join error for path %q", r.URL.Path)
+		httpDefaultError(w, http.StatusNotFound)
+		return
+	}
+
+	// Pass the request to the repo.Handler
+	opt := repo.Options{
+		AppendOnly:     s.AppendOnly,
+		Debug:          s.Debug,
+		QuotaManager:   s.quotaManager, // may be nil
+		PanicOnError:   s.PanicOnError,
+		NoVerifyUpload: s.NoVerifyUpload,
+	}
+	if s.Prometheus {
+		opt.BlobMetricFunc = makeBlobMetricFunc(username, folderPath)
+	}
+	repoHandler, err := repo.New(fsPath, opt)
+	if err != nil {
+		log.Printf("repo.New error: %v", err)
+		httpDefaultError(w, http.StatusInternalServerError)
+		return
+	}
+	r.URL.Path = remainder // strip folderPath for next handler
+	repoHandler.ServeHTTP(w, r)
+}
+
+func valid(name string) bool {
+	// taken from net/http.Dir
+	if strings.Contains(name, "\x00") {
+		return false
+	}
+
+	if filepath.Separator != '/' && strings.ContainsRune(name, filepath.Separator) {
+		return false
+	}
+
+	return true
+}
+
+func isValidType(name string) bool {
+	for _, tpe := range repo.ObjectTypes {
+		if name == tpe {
+			return true
 		}
 	}
+	for _, tpe := range repo.FileTypes {
+		if name == tpe {
+			return true
+		}
+	}
+	return false
+}
+
+// join takes a number of path names, sanitizes them, and returns them joined
+// with base for the current operating system to use (dirs separated by
+// filepath.Separator). The returned path is always either equal to base or a
+// subdir of base.
+func join(base string, names ...string) (string, error) {
+	clean := make([]string, 0, len(names)+1)
+	clean = append(clean, base)
+
+	// taken from net/http.Dir
+	for _, name := range names {
+		if !valid(name) {
+			return "", errors.New("invalid character in path")
+		}
+
+		clean = append(clean, filepath.FromSlash(path.Clean("/"+name)))
+	}
+
+	return filepath.Join(clean...), nil
+}
+
+// splitURLPath splits the URL path into a folderPath of the subrepo, and
+// a remainder that can be passed to repo.Handler.
+// Example: /foo/bar/locks/0123... will be split into:
+//          ["foo", "bar"] and "/locks/0123..."
+func splitURLPath(urlPath string, maxDepth int) (folderPath []string, remainder string) {
+	if !strings.HasPrefix(urlPath, "/") {
+		// Really should start with "/"
+		return nil, urlPath
+	}
+	p := strings.SplitN(urlPath, "/", maxDepth+2)
+	// Skip the empty first one and the remainder in the last one
+	for _, name := range p[1 : len(p)-1] {
+		if isValidType(name) {
+			// We found a part that is a special repo file or dir
+			break
+		}
+		folderPath = append(folderPath, name)
+	}
+	// If the folder path is empty, the whole path is the remainder (do not strip '/')
+	if len(folderPath) == 0 {
+		return nil, urlPath
+	}
+	// Check that the urlPath starts with the reconstructed path, which should
+	// always be the case.
+	fullFolderPath := "/" + strings.Join(folderPath, "/")
+	if !strings.HasPrefix(urlPath, fullFolderPath) {
+		return nil, urlPath
+	}
+	return folderPath, urlPath[len(fullFolderPath):]
+}
+
+// folderPathValid checks if a folderPath returned by splitURLPath is valid and
+// safe.
+func folderPathValid(folderPath []string) bool {
+	for _, name := range folderPath {
+		if name == "" || name == ".." || name == "." || !valid(name) {
+			return false
+		}
+	}
+	return true
 }

handlers_test.go

@@ -0,0 +1,449 @@
+package restserver
+
+import (
+	"bytes"
+	"crypto/rand"
+	"encoding/hex"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"path/filepath"
+	"reflect"
+	"strings"
+	"sync"
+	"testing"
+
+	"github.com/minio/sha256-simd"
+)
+
+func TestJoin(t *testing.T) {
+	var tests = []struct {
+		base   string
+		names  []string
+		result string
+	}{
+		{"/", []string{"foo", "bar"}, "/foo/bar"},
+		{"/srv/server", []string{"foo", "bar"}, "/srv/server/foo/bar"},
+		{"/srv/server", []string{"foo", "..", "bar"}, "/srv/server/foo/bar"},
+		{"/srv/server", []string{"..", "bar"}, "/srv/server/bar"},
+		{"/srv/server", []string{".."}, "/srv/server"},
+		{"/srv/server", []string{"..", ".."}, "/srv/server"},
+		{"/srv/server", []string{"repo", "data"}, "/srv/server/repo/data"},
+		{"/srv/server", []string{"repo", "data", "..", ".."}, "/srv/server/repo/data"},
+		{"/srv/server", []string{"repo", "data", "..", "data", "..", "..", ".."}, "/srv/server/repo/data/data"},
+	}
+
+	for _, test := range tests {
+		t.Run("", func(t *testing.T) {
+			got, err := join(filepath.FromSlash(test.base), test.names...)
+			if err != nil {
+				t.Fatal(err)
+			}
+
+			want := filepath.FromSlash(test.result)
+			if got != want {
+				t.Fatalf("wrong result returned, want %v, got %v", want, got)
+			}
+		})
+	}
+}
+
+// declare a few helper functions
+
+// wantFunc tests the HTTP response in res and calls t.Error() if something is incorrect.
+type wantFunc func(t testing.TB, res *httptest.ResponseRecorder)
+
+// newRequest returns a new HTTP request with the given params. On error, t.Fatal is called.
+func newRequest(t testing.TB, method, path string, body io.Reader) *http.Request {
+	req, err := http.NewRequest(method, path, body)
+	if err != nil {
+		t.Fatal(err)
+	}
+	return req
+}
+
+// wantCode returns a function which checks that the response has the correct HTTP status code.
+func wantCode(code int) wantFunc {
+	return func(t testing.TB, res *httptest.ResponseRecorder) {
+		t.Helper()
+		if res.Code != code {
+			t.Errorf("wrong response code, want %v, got %v", code, res.Code)
+		}
+	}
+}
+
+// wantBody returns a function which checks that the response has the data in the body.
+func wantBody(body string) wantFunc {
+	return func(t testing.TB, res *httptest.ResponseRecorder) {
+		t.Helper()
+		if res.Body == nil {
+			t.Errorf("body is nil, want %q", body)
+			return
+		}
+
+		if !bytes.Equal(res.Body.Bytes(), []byte(body)) {
+			t.Errorf("wrong response body, want:\n  %q\ngot:\n  %q", body, res.Body.Bytes())
+		}
+	}
+}
+
+// checkRequest uses f to process the request and runs the checker functions on the result.
+func checkRequest(t testing.TB, f http.HandlerFunc, req *http.Request, want []wantFunc) {
+	t.Helper()
+	rr := httptest.NewRecorder()
+	f(rr, req)
+
+	for _, fn := range want {
+		fn(t, rr)
+	}
+}
+
+// TestRequest is a sequence of HTTP requests with (optional) tests for the response.
+type TestRequest struct {
+	req  *http.Request
+	want []wantFunc
+}
+
+// createOverwriteDeleteSeq returns a sequence which will create a new file at
+// path, and then try to overwrite and delete it.
+func createOverwriteDeleteSeq(t testing.TB, path string, data string) []TestRequest {
+	// add a file, try to overwrite and delete it
+	req := []TestRequest{
+		{
+			req:  newRequest(t, "GET", path, nil),
+			want: []wantFunc{wantCode(http.StatusNotFound)},
+		},
+	}
+
+	if !strings.HasSuffix(path, "/config") {
+		req = append(req, TestRequest{
+			// broken upload must fail
+			req:  newRequest(t, "POST", path, strings.NewReader(data+"broken")),
+			want: []wantFunc{wantCode(http.StatusBadRequest)},
+		})
+	}
+
+	req = append(req,
+		TestRequest{
+			req:  newRequest(t, "POST", path, strings.NewReader(data)),
+			want: []wantFunc{wantCode(http.StatusOK)},
+		},
+		TestRequest{
+			req: newRequest(t, "GET", path, nil),
+			want: []wantFunc{
+				wantCode(http.StatusOK),
+				wantBody(data),
+			},
+		},
+		TestRequest{
+			req:  newRequest(t, "POST", path, strings.NewReader(data+"other stuff")),
+			want: []wantFunc{wantCode(http.StatusForbidden)},
+		},
+		TestRequest{
+			req: newRequest(t, "GET", path, nil),
+			want: []wantFunc{
+				wantCode(http.StatusOK),
+				wantBody(data),
+			},
+		},
+		TestRequest{
+			req:  newRequest(t, "DELETE", path, nil),
+			want: []wantFunc{wantCode(http.StatusForbidden)},
+		},
+		TestRequest{
+			req: newRequest(t, "GET", path, nil),
+			want: []wantFunc{
+				wantCode(http.StatusOK),
+				wantBody(data),
+			},
+		},
+	)
+	return req
+}
+
+// TestResticHandler runs tests on the restic handler code, especially in append-only mode.
+func TestResticHandler(t *testing.T) {
+	buf := make([]byte, 32)
+	_, err := io.ReadFull(rand.Reader, buf)
+	if err != nil {
+		t.Fatal(err)
+	}
+	data := "random data file " + hex.EncodeToString(buf)
+	dataHash := sha256.Sum256([]byte(data))
+	fileID := hex.EncodeToString(dataHash[:])
+
+	var tests = []struct {
+		seq []TestRequest
+	}{
+		{createOverwriteDeleteSeq(t, "/config", data)},
+		{createOverwriteDeleteSeq(t, "/data/"+fileID, data)},
+		{
+			// ensure we can add and remove lock files
+			[]TestRequest{
+				{
+					req:  newRequest(t, "GET", "/locks/"+fileID, nil),
+					want: []wantFunc{wantCode(http.StatusNotFound)},
+				},
+				{
+					req:  newRequest(t, "POST", "/locks/"+fileID, strings.NewReader(data+"broken")),
+					want: []wantFunc{wantCode(http.StatusBadRequest)},
+				},
+				{
+					req:  newRequest(t, "POST", "/locks/"+fileID, strings.NewReader(data)),
+					want: []wantFunc{wantCode(http.StatusOK)},
+				},
+				{
+					req: newRequest(t, "GET", "/locks/"+fileID, nil),
+					want: []wantFunc{
+						wantCode(http.StatusOK),
+						wantBody(data),
+					},
+				},
+				{
+					req:  newRequest(t, "POST", "/locks/"+fileID, strings.NewReader(data+"other data")),
+					want: []wantFunc{wantCode(http.StatusForbidden)},
+				},
+				{
+					req:  newRequest(t, "DELETE", "/locks/"+fileID, nil),
+					want: []wantFunc{wantCode(http.StatusOK)},
+				},
+				{
+					req:  newRequest(t, "GET", "/locks/"+fileID, nil),
+					want: []wantFunc{wantCode(http.StatusNotFound)},
+				},
+			},
+		},
+
+		// Test subrepos
+		{createOverwriteDeleteSeq(t, "/parent1/sub1/config", "foobar")},
+		{createOverwriteDeleteSeq(t, "/parent1/sub1/data/"+fileID, data)},
+		{createOverwriteDeleteSeq(t, "/parent1/config", "foobar")},
+		{createOverwriteDeleteSeq(t, "/parent1/data/"+fileID, data)},
+		{createOverwriteDeleteSeq(t, "/parent2/config", "foobar")},
+		{createOverwriteDeleteSeq(t, "/parent2/data/"+fileID, data)},
+	}
+
+	// setup the server with a local backend in a temporary directory
+	tempdir, err := ioutil.TempDir("", "rest-server-test-")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// make sure the tempdir is properly removed
+	defer func() {
+		err := os.RemoveAll(tempdir)
+		if err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	// set append-only mode and configure path
+	mux, err := NewHandler(&Server{
+		AppendOnly:   true,
+		Path:         tempdir,
+		NoAuth:       true,
+		Debug:        true,
+		PanicOnError: true,
+	})
+	if err != nil {
+		t.Fatalf("error from NewHandler: %v", err)
+	}
+
+	// create the repos
+	for _, path := range []string{"/", "/parent1/sub1/", "/parent1/", "/parent2/"} {
+		checkRequest(t, mux.ServeHTTP,
+			newRequest(t, "POST", path+"?create=true", nil),
+			[]wantFunc{wantCode(http.StatusOK)})
+	}
+
+	for _, test := range tests {
+		t.Run("", func(t *testing.T) {
+			for i, seq := range test.seq {
+				t.Logf("request %v: %v %v", i, seq.req.Method, seq.req.URL.Path)
+				checkRequest(t, mux.ServeHTTP, seq.req, seq.want)
+			}
+		})
+	}
+}
+
+func TestSplitURLPath(t *testing.T) {
+	var tests = []struct {
+		// Params
+		urlPath  string
+		maxDepth int
+		// Expected result
+		folderPath []string
+		remainder  string
+	}{
+		{"/", 0, nil, "/"},
+		{"/", 2, nil, "/"},
+		{"/foo/bar/locks/0123", 0, nil, "/foo/bar/locks/0123"},
+		{"/foo/bar/locks/0123", 1, []string{"foo"}, "/bar/locks/0123"},
+		{"/foo/bar/locks/0123", 2, []string{"foo", "bar"}, "/locks/0123"},
+		{"/foo/bar/locks/0123", 3, []string{"foo", "bar"}, "/locks/0123"},
+		{"/foo/bar/zzz/locks/0123", 2, []string{"foo", "bar"}, "/zzz/locks/0123"},
+		{"/foo/bar/zzz/locks/0123", 3, []string{"foo", "bar", "zzz"}, "/locks/0123"},
+		{"/foo/bar/locks/", 2, []string{"foo", "bar"}, "/locks/"},
+		{"/foo/locks/", 2, []string{"foo"}, "/locks/"},
+		{"/foo/data/", 2, []string{"foo"}, "/data/"},
+		{"/foo/index/", 2, []string{"foo"}, "/index/"},
+		{"/foo/keys/", 2, []string{"foo"}, "/keys/"},
+		{"/foo/snapshots/", 2, []string{"foo"}, "/snapshots/"},
+		{"/foo/config", 2, []string{"foo"}, "/config"},
+		{"/foo/", 2, []string{"foo"}, "/"},
+		{"/foo/bar/", 2, []string{"foo", "bar"}, "/"},
+		{"/foo/bar", 2, []string{"foo"}, "/bar"},
+		{"/locks/", 2, nil, "/locks/"},
+		// This function only splits, it does not check the path components!
+		{"/././locks/", 2, []string{".", "."}, "/locks/"},
+		{"/../../locks/", 2, []string{"..", ".."}, "/locks/"},
+		{"///locks/", 2, []string{"", ""}, "/locks/"},
+		{"////locks/", 2, []string{"", ""}, "//locks/"},
+		// Robustness against broken input
+		{"/", -42, nil, "/"},
+		{"foo", 2, nil, "foo"},
+		{"foo/bar", 2, nil, "foo/bar"},
+		{"", 2, nil, ""},
+	}
+
+	for i, test := range tests {
+		t.Run(fmt.Sprintf("test-%d", i), func(t *testing.T) {
+			folderPath, remainder := splitURLPath(test.urlPath, test.maxDepth)
+
+			var fpEqual bool
+			if len(test.folderPath) == 0 && len(folderPath) == 0 {
+				fpEqual = true // this check allows for nil vs empty slice
+			} else {
+				fpEqual = reflect.DeepEqual(test.folderPath, folderPath)
+			}
+			if !fpEqual {
+				t.Errorf("wrong folderPath: want %v, got %v", test.folderPath, folderPath)
+			}
+
+			if test.remainder != remainder {
+				t.Errorf("wrong remainder: want %v, got %v", test.remainder, remainder)
+			}
+		})
+	}
+}
+
+// delayErrorReader blocks until Continue is closed, closes the channel FirstRead and then returns Err.
+type delayErrorReader struct {
+	FirstRead     chan struct{}
+	firstReadOnce sync.Once
+
+	Err error
+
+	Continue chan struct{}
+}
+
+func newDelayedErrorReader(err error) *delayErrorReader {
+	return &delayErrorReader{
+		Err:       err,
+		Continue:  make(chan struct{}),
+		FirstRead: make(chan struct{}),
+	}
+}
+
+func (d *delayErrorReader) Read(p []byte) (int, error) {
+	d.firstReadOnce.Do(func() {
+		// close the channel to signal that the first read has happened
+		close(d.FirstRead)
+	})
+	<-d.Continue
+	return 0, d.Err
+}
+
+// TestAbortedRequest runs tests with concurrent upload requests for the same file.
+func TestAbortedRequest(t *testing.T) {
+	// setup the server with a local backend in a temporary directory
+	tempdir, err := ioutil.TempDir("", "rest-server-test-")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// make sure the tempdir is properly removed
+	defer func() {
+		err := os.RemoveAll(tempdir)
+		if err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	// configure path, the race condition doesn't happen for append-only repositories
+	mux, err := NewHandler(&Server{
+		AppendOnly:   false,
+		Path:         tempdir,
+		NoAuth:       true,
+		Debug:        true,
+		PanicOnError: true,
+	})
+	if err != nil {
+		t.Fatalf("error from NewHandler: %v", err)
+	}
+
+	// create the repo
+	checkRequest(t, mux.ServeHTTP,
+		newRequest(t, "POST", "/?create=true", nil),
+		[]wantFunc{wantCode(http.StatusOK)})
+
+	var (
+		id = "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c"
+		wg sync.WaitGroup
+	)
+
+	// the first request is an upload to a file which blocks while reading the
+	// body and then after some data returns an error
+	rd := newDelayedErrorReader(io.ErrUnexpectedEOF)
+
+	wg.Add(1)
+	go func() {
+		defer wg.Done()
+
+		// first, read some string, then read from rd (which blocks and then
+		// returns an error)
+		dataReader := io.MultiReader(strings.NewReader("invalid data from aborted request\n"), rd)
+
+		t.Logf("start first upload")
+		req := newRequest(t, "POST", "/data/"+id, dataReader)
+		rr := httptest.NewRecorder()
+		mux.ServeHTTP(rr, req)
+		t.Logf("first upload done, response %v (%v)", rr.Code, rr.Result().Status)
+	}()
+
+	// wait until the first request starts reading from the body
+	<-rd.FirstRead
+
+	// then while the first request is blocked we send a second request to
+	// delete the file and a third request to upload to the file again, only
+	// then the first request is unblocked.
+
+	t.Logf("delete file")
+	checkRequest(t, mux.ServeHTTP,
+		newRequest(t, "DELETE", "/data/"+id, nil),
+		nil) // don't check anything, restic also ignores errors here
+
+	t.Logf("upload again")
+	checkRequest(t, mux.ServeHTTP,
+		newRequest(t, "POST", "/data/"+id, strings.NewReader("foo\n")),
+		[]wantFunc{wantCode(http.StatusOK)})
+
+	// unblock the reader for the first request now so it can continue
+	close(rd.Continue)
+
+	// wait for the first request to continue
+	wg.Wait()
+
+	// request the file again, it must exist and contain the string from the
+	// second request
+	checkRequest(t, mux.ServeHTTP,
+		newRequest(t, "GET", "/data/"+id, nil),
+		[]wantFunc{
+			wantCode(http.StatusOK),
+			wantBody("foo\n"),
+		},
+	)
+}

htpasswd.go

@@ -1,7 +1,7 @@
-package main
+package restserver
 
 /*
-Copied from: github.com/bitly/oauth2_proxy
+Original version copied from: github.com/bitly/oauth2_proxy
 
 MIT License
 
@@ -28,63 +28,179 @@ import (
 	"crypto/sha1"
 	"encoding/base64"
 	"encoding/csv"
-	"io"
 	"log"
 	"os"
+	"os/signal"
+	"regexp"
+	"sync"
+	"syscall"
+	"time"
+
+	"golang.org/x/crypto/bcrypt"
 )
 
+// CheckInterval represents how often we check for changes in htpasswd file.
+const CheckInterval = 30 * time.Second
+
 // Lookup passwords in a htpasswd file.  The entries must have been created with -s for SHA encryption.
 
 // HtpasswdFile is a map for usernames to passwords.
 type HtpasswdFile struct {
-	Users map[string]string
+	mutex    sync.Mutex
+	path     string
+	stat     os.FileInfo
+	throttle chan struct{}
+	Users    map[string]string
 }
 
 // NewHtpasswdFromFile reads the users and passwords from a htpasswd file and returns them.  If an error is encountered,
 // it is returned, together with a nil-Pointer for the HtpasswdFile.
 func NewHtpasswdFromFile(path string) (*HtpasswdFile, error) {
-	r, err := os.Open(path)
+	c := make(chan os.Signal, 1)
+	signal.Notify(c, syscall.SIGHUP)
+	stat, err := os.Stat(path)
 	if err != nil {
 		return nil, err
 	}
-	defer r.Close()
-	return NewHtpasswd(r)
+
+	h := &HtpasswdFile{
+		mutex:    sync.Mutex{},
+		path:     path,
+		stat:     stat,
+		throttle: make(chan struct{}),
+	}
+
+	if err := h.Reload(); err != nil {
+		return nil, err
+	}
+
+	// Start a goroutine that limits reload checks to once per CheckInterval
+	go h.throttleTimer()
+
+	go func() {
+		for range c {
+			err := h.Reload()
+			if err == nil {
+				log.Printf("Reloaded htpasswd file")
+			} else {
+				log.Printf("Could not reload htpasswd file: %v", err)
+			}
+		}
+	}()
+
+	return h, nil
 }
 
-// NewHtpasswd reads the users and passwords from a htpasswd datastream in file and returns them.  If an error is
-// encountered, it is returned, together with a nil-Pointer for the HtpasswdFile.
-func NewHtpasswd(file io.Reader) (*HtpasswdFile, error) {
-	cr := csv.NewReader(file)
+// throttleTimer sends at most one message per CheckInterval to throttle file change checks.
+func (h *HtpasswdFile) throttleTimer() {
+	var check struct{}
+	for {
+		time.Sleep(CheckInterval)
+		h.throttle <- check
+	}
+}
+
+var validUsernameRegexp = regexp.MustCompile(`^[\p{L}\d@.-]+$`)
+
+// Reload reloads the htpasswd file. If the reload fails, the Users map is not changed and the error is returned.
+func (h *HtpasswdFile) Reload() error {
+	r, err := os.Open(h.path)
+	if err != nil {
+		return err
+	}
+
+	cr := csv.NewReader(r)
 	cr.Comma = ':'
 	cr.Comment = '#'
 	cr.TrimLeadingSpace = true
 
 	records, err := cr.ReadAll()
 	if err != nil {
-		return nil, err
+		_ = r.Close()
+		return err
 	}
-	h := &HtpasswdFile{Users: make(map[string]string)}
+	users := make(map[string]string)
 	for _, record := range records {
-		h.Users[record[0]] = record[1]
+		if !validUsernameRegexp.MatchString(record[0]) {
+			log.Printf("Ignoring invalid username %q in htpasswd, consists of characters other than letters", record[0])
+			continue
+		}
+		users[record[0]] = record[1]
 	}
-	return h, nil
+
+	// Replace the Users map
+	h.mutex.Lock()
+	h.Users = users
+	h.mutex.Unlock()
+
+	_ = r.Close()
+	return nil
+}
+
+// ReloadCheck checks at most once per CheckInterval if the file changed and will reload the file if it did.
+// It logs errors and successful reloads, and returns an error if any was encountered.
+func (h *HtpasswdFile) ReloadCheck() error {
+	select {
+	case <-h.throttle:
+		stat, err := os.Stat(h.path)
+		if err != nil {
+			log.Printf("Could not stat htpasswd file: %v", err)
+			return err
+		}
+
+		reload := false
+
+		h.mutex.Lock()
+		if stat.ModTime() != h.stat.ModTime() || stat.Size() != h.stat.Size() {
+			reload = true
+			h.stat = stat
+		}
+		h.mutex.Unlock()
+
+		if reload {
+			err := h.Reload()
+			if err == nil {
+				log.Printf("Reloaded htpasswd file")
+			} else {
+				log.Printf("Could not reload htpasswd file: %v", err)
+				return err
+			}
+		}
+	default:
+		// No need to check
+	}
+	return nil
 }
 
 // Validate returns true if password matches the stored password for user.  If no password for user is stored, or the
 // password is wrong, false is returned.
 func (h *HtpasswdFile) Validate(user string, password string) bool {
+	_ = h.ReloadCheck()
+
+	h.mutex.Lock()
 	realPassword, exists := h.Users[user]
+	h.mutex.Unlock()
+
 	if !exists {
 		return false
 	}
-	if realPassword[:5] == "{SHA}" {
+
+	var shaRe = regexp.MustCompile(`^{SHA}`)
+	var bcrRe = regexp.MustCompile(`^\$2b\$|^\$2a\$|^\$2y\$`)
+
+	switch {
+	case shaRe.MatchString(realPassword):
 		d := sha1.New()
-		d.Write([]byte(password))
+		_, _ = d.Write([]byte(password))
 		if realPassword[5:] == base64.StdEncoding.EncodeToString(d.Sum(nil)) {
 			return true
 		}
-	} else {
-		log.Printf("Invalid htpasswd entry for %s. Must be a SHA entry.", user)
+	case bcrRe.MatchString(realPassword):
+		err := bcrypt.CompareHashAndPassword([]byte(realPassword), []byte(password))
+		if err == nil {
+			return true
+		}
 	}
+	log.Printf("Invalid htpasswd entry for %s.", user)
 	return false
 }

main.go

@@ -1,154 +0,0 @@
-package main
-
-import (
-	"log"
-	"net/http"
-	"os"
-	"path/filepath"
-	"runtime"
-	"runtime/pprof"
-
-	"github.com/gorilla/handlers"
-	"github.com/spf13/cobra"
-	"goji.io"
-	"goji.io/pat"
-)
-
-// cmdRoot is the base command when no other command has been specified.
-var cmdRoot = &cobra.Command{
-	Use:           "rest-server",
-	Short:         "Run a REST server for use with restic",
-	SilenceErrors: true,
-	SilenceUsage:  true,
-	RunE:          runRoot,
-}
-
-var config = struct {
-	path       string
-	listen     string
-	tls        bool
-	log        string
-	cpuprofile string
-	debug      bool
-}{}
-
-func init() {
-	flags := cmdRoot.Flags()
-	flags.StringVar(&config.cpuprofile, "cpuprofile", "", "write CPU profile to file")
-	flags.BoolVar(&config.debug, "debug", false, "output debug messages")
-	flags.StringVar(&config.listen, "listen", ":8000", "listen address")
-	flags.StringVar(&config.log, "log", "", "log HTTP requests in the combined log format")
-	flags.StringVar(&config.path, "path", "/tmp/restic", "data directory")
-	flags.BoolVar(&config.tls, "tls", false, "turn on TLS support")
-}
-
-func debugHandler(next http.Handler) http.Handler {
-	return http.HandlerFunc(
-		func(w http.ResponseWriter, r *http.Request) {
-			log.Printf("%s %s", r.Method, r.URL)
-			next.ServeHTTP(w, r)
-		})
-}
-
-func logHandler(next http.Handler) http.Handler {
-	accessLog, err := os.OpenFile(config.log, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0644)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	return handlers.CombinedLoggingHandler(accessLog, next)
-}
-
-func setupMux() *goji.Mux {
-	mux := goji.NewMux()
-
-	if config.debug {
-		mux.Use(debugHandler)
-	}
-
-	if config.log != "" {
-		mux.Use(logHandler)
-	}
-
-	mux.HandleFunc(pat.Head("/config"), CheckConfig)
-	mux.HandleFunc(pat.Head("/:repo/config"), CheckConfig)
-	mux.HandleFunc(pat.Get("/config"), GetConfig)
-	mux.HandleFunc(pat.Get("/:repo/config"), GetConfig)
-	mux.HandleFunc(pat.Post("/config"), SaveConfig)
-	mux.HandleFunc(pat.Post("/:repo/config"), SaveConfig)
-	mux.HandleFunc(pat.Delete("/config"), DeleteConfig)
-	mux.HandleFunc(pat.Delete("/:repo/config"), DeleteConfig)
-	mux.HandleFunc(pat.Get("/:type/"), ListBlobs)
-	mux.HandleFunc(pat.Get("/:repo/:type/"), ListBlobs)
-	mux.HandleFunc(pat.Head("/:type/:name"), CheckBlob)
-	mux.HandleFunc(pat.Head("/:repo/:type/:name"), CheckBlob)
-	mux.HandleFunc(pat.Get("/:type/:name"), GetBlob)
-	mux.HandleFunc(pat.Get("/:repo/:type/:name"), GetBlob)
-	mux.HandleFunc(pat.Post("/:type/:name"), SaveBlob)
-	mux.HandleFunc(pat.Post("/:repo/:type/:name"), SaveBlob)
-	mux.HandleFunc(pat.Delete("/:type/:name"), DeleteBlob)
-	mux.HandleFunc(pat.Delete("/:repo/:type/:name"), DeleteBlob)
-	mux.HandleFunc(pat.Post("/"), CreateRepo)
-	mux.HandleFunc(pat.Post("/:repo"), CreateRepo)
-	mux.HandleFunc(pat.Post("/:repo/"), CreateRepo)
-
-	return mux
-}
-
-var version = "manually"
-
-func runRoot(cmd *cobra.Command, args []string) error {
-	log.SetFlags(0)
-
-	log.Printf("rest-server %s compiled with %v on %v/%v\n", version, runtime.Version(), runtime.GOOS, runtime.GOARCH)
-	log.Printf("Data directory: %s", config.path)
-
-	if config.cpuprofile != "" {
-		f, err := os.Create(config.cpuprofile)
-		if err != nil {
-			log.Fatal(err)
-		}
-		if err := pprof.StartCPUProfile(f); err != nil {
-			log.Fatal(err)
-		}
-		log.Println("CPU profiling enabled")
-		defer pprof.StopCPUProfile()
-	}
-
-	mux := setupMux()
-
-	var handler http.Handler
-	htpasswdFile, err := NewHtpasswdFromFile(filepath.Join(config.path, ".htpasswd"))
-	if err != nil {
-		handler = mux
-		log.Println("Authentication disabled")
-	} else {
-		handler = AuthHandler(htpasswdFile, mux)
-		log.Println("Authentication enabled")
-	}
-
-	if !config.tls {
-		log.Printf("Starting server on %s\n", config.listen)
-		err = http.ListenAndServe(config.listen, handler)
-	} else {
-		privateKey := filepath.Join(config.path, "private_key")
-		publicKey := filepath.Join(config.path, "public_key")
-		log.Println("TLS enabled")
-		log.Printf("Private key: %s", privateKey)
-		log.Printf("Public key: %s", publicKey)
-		log.Printf("Starting server on %s\n", config.listen)
-		err = http.ListenAndServeTLS(config.listen, publicKey, privateKey, handler)
-	}
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	return nil
-
-}
-
-func main() {
-	if err := cmdRoot.Execute(); err != nil {
-		log.Fatalf("error: %v", err)
-	}
-}

metrics.go

@@ -0,0 +1,92 @@
+package restserver
+
+import (
+	"strings"
+
+	"github.com/prometheus/client_golang/prometheus"
+	"github.com/restic/rest-server/repo"
+)
+
+var metricLabelList = []string{"user", "repo", "type"}
+
+var metricBlobWriteTotal = prometheus.NewCounterVec(
+	prometheus.CounterOpts{
+		Name: "rest_server_blob_write_total",
+		Help: "Total number of blobs written",
+	},
+	metricLabelList,
+)
+
+var metricBlobWriteBytesTotal = prometheus.NewCounterVec(
+	prometheus.CounterOpts{
+		Name: "rest_server_blob_write_bytes_total",
+		Help: "Total number of bytes written to blobs",
+	},
+	metricLabelList,
+)
+
+var metricBlobReadTotal = prometheus.NewCounterVec(
+	prometheus.CounterOpts{
+		Name: "rest_server_blob_read_total",
+		Help: "Total number of blobs read",
+	},
+	metricLabelList,
+)
+
+var metricBlobReadBytesTotal = prometheus.NewCounterVec(
+	prometheus.CounterOpts{
+		Name: "rest_server_blob_read_bytes_total",
+		Help: "Total number of bytes read from blobs",
+	},
+	metricLabelList,
+)
+
+var metricBlobDeleteTotal = prometheus.NewCounterVec(
+	prometheus.CounterOpts{
+		Name: "rest_server_blob_delete_total",
+		Help: "Total number of blobs deleted",
+	},
+	metricLabelList,
+)
+
+var metricBlobDeleteBytesTotal = prometheus.NewCounterVec(
+	prometheus.CounterOpts{
+		Name: "rest_server_blob_delete_bytes_total",
+		Help: "Total number of bytes of blobs deleted",
+	},
+	metricLabelList,
+)
+
+// makeBlobMetricFunc creates a metrics callback function that increments the
+// Prometheus metrics.
+func makeBlobMetricFunc(username string, folderPath []string) repo.BlobMetricFunc {
+	var f repo.BlobMetricFunc = func(objectType string, operation repo.BlobOperation, nBytes uint64) {
+		labels := prometheus.Labels{
+			"user": username,
+			"repo": strings.Join(folderPath, "/"),
+			"type": objectType,
+		}
+		switch operation {
+		case repo.BlobRead:
+			metricBlobReadTotal.With(labels).Inc()
+			metricBlobReadBytesTotal.With(labels).Add(float64(nBytes))
+		case repo.BlobWrite:
+			metricBlobWriteTotal.With(labels).Inc()
+			metricBlobWriteBytesTotal.With(labels).Add(float64(nBytes))
+		case repo.BlobDelete:
+			metricBlobDeleteTotal.With(labels).Inc()
+			metricBlobDeleteBytesTotal.With(labels).Add(float64(nBytes))
+		}
+	}
+	return f
+}
+
+func init() {
+	// These are always initialized, but only updated if Config.Prometheus is set
+	prometheus.MustRegister(metricBlobWriteTotal)
+	prometheus.MustRegister(metricBlobWriteBytesTotal)
+	prometheus.MustRegister(metricBlobReadTotal)
+	prometheus.MustRegister(metricBlobReadBytesTotal)
+	prometheus.MustRegister(metricBlobDeleteTotal)
+	prometheus.MustRegister(metricBlobDeleteBytesTotal)
+}

mux.go

@@ -0,0 +1,99 @@
+package restserver
+
+import (
+	"fmt"
+	"log"
+	"net/http"
+	"os"
+	"path/filepath"
+
+	"github.com/gorilla/handlers"
+	"github.com/prometheus/client_golang/prometheus/promhttp"
+	"github.com/restic/rest-server/quota"
+)
+
+func (s *Server) debugHandler(next http.Handler) http.Handler {
+	return http.HandlerFunc(
+		func(w http.ResponseWriter, r *http.Request) {
+			log.Printf("%s %s", r.Method, r.URL)
+			next.ServeHTTP(w, r)
+		})
+}
+
+func (s *Server) logHandler(next http.Handler) http.Handler {
+	accessLog, err := os.OpenFile(s.Log, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0644)
+	if err != nil {
+		log.Fatalf("error: %v", err)
+	}
+
+	return handlers.CombinedLoggingHandler(accessLog, next)
+}
+
+func (s *Server) checkAuth(r *http.Request) (username string, ok bool) {
+	if s.NoAuth {
+		return username, true
+	}
+	var password string
+	username, password, ok = r.BasicAuth()
+	if !ok || !s.htpasswdFile.Validate(username, password) {
+		return "", false
+	}
+	return username, true
+}
+
+func (s *Server) wrapMetricsAuth(f http.HandlerFunc) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		username, ok := s.checkAuth(r)
+		if !ok {
+			httpDefaultError(w, http.StatusUnauthorized)
+			return
+		}
+		if s.PrivateRepos && username != "metrics" {
+			httpDefaultError(w, http.StatusUnauthorized)
+			return
+		}
+		f(w, r)
+	}
+}
+
+// NewHandler returns the master HTTP multiplexer/router.
+func NewHandler(server *Server) (http.Handler, error) {
+	if !server.NoAuth {
+		var err error
+		server.htpasswdFile, err = NewHtpasswdFromFile(filepath.Join(server.Path, ".htpasswd"))
+		if err != nil {
+			return nil, fmt.Errorf("cannot load .htpasswd (use --no-auth to disable): %v", err)
+		}
+	}
+
+	const GiB = 1024 * 1024 * 1024
+
+	if server.MaxRepoSize > 0 {
+		log.Printf("Initializing quota (can take a while)...")
+		qm, err := quota.New(server.Path, server.MaxRepoSize)
+		if err != nil {
+			return nil, err
+		}
+		server.quotaManager = qm
+		log.Printf("Quota initialized, currently using %.2f GiB", float64(qm.SpaceUsed())/GiB)
+	}
+
+	mux := http.NewServeMux()
+	if server.Prometheus {
+		if server.PrometheusNoAuth {
+			mux.Handle("/metrics", promhttp.Handler())
+		} else {
+			mux.HandleFunc("/metrics", server.wrapMetricsAuth(promhttp.Handler().ServeHTTP))
+		}
+	}
+	mux.Handle("/", server)
+
+	var handler http.Handler = mux
+	if server.Debug {
+		handler = server.debugHandler(handler)
+	}
+	if server.Log != "" {
+		handler = server.logHandler(handler)
+	}
+	return handler, nil
+}

quota/quota.go

@@ -0,0 +1,124 @@
+package quota
+
+import (
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+	"path/filepath"
+	"strconv"
+	"sync/atomic"
+)
+
+// New creates a new quota Manager for given path.
+// It will tally the current disk usage before returning.
+func New(path string, maxSize int64) (*Manager, error) {
+	m := &Manager{
+		path:        path,
+		maxRepoSize: maxSize,
+	}
+	if err := m.updateSize(); err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+// Manager manages the repo quota for given filesystem root path, including subrepos
+type Manager struct {
+	path        string
+	maxRepoSize int64
+	repoSize    int64 // must be accessed using sync/atomic
+}
+
+// WrapWriter limits the number of bytes written
+// to the space that is currently available as given by
+// the server's MaxRepoSize. This type is safe for use
+// by multiple goroutines sharing the same *Server.
+type maxSizeWriter struct {
+	io.Writer
+	m *Manager
+}
+
+func (w maxSizeWriter) Write(p []byte) (n int, err error) {
+	if int64(len(p)) > w.m.SpaceRemaining() {
+		return 0, fmt.Errorf("repository has reached maximum size (%d bytes)", w.m.maxRepoSize)
+	}
+	n, err = w.Writer.Write(p)
+	w.m.IncUsage(int64(n))
+	return n, err
+}
+
+func (m *Manager) updateSize() error {
+	// if we haven't yet computed the size of the repo, do so now
+	initialSize, err := tallySize(m.path)
+	if err != nil {
+		return err
+	}
+	atomic.StoreInt64(&m.repoSize, initialSize)
+	return nil
+}
+
+// WrapWriter wraps w in a writer that enforces s.MaxRepoSize.
+// If there is an error, a status code and the error are returned.
+func (m *Manager) WrapWriter(req *http.Request, w io.Writer) (io.Writer, int, error) {
+	currentSize := atomic.LoadInt64(&m.repoSize)
+
+	// if content-length is set and is trustworthy, we can save some time
+	// and issue a polite error if it declares a size that's too big; since
+	// we expect the vast majority of clients will be honest, so this check
+	// can only help save time
+	if contentLenStr := req.Header.Get("Content-Length"); contentLenStr != "" {
+		contentLen, err := strconv.ParseInt(contentLenStr, 10, 64)
+		if err != nil {
+			return nil, http.StatusLengthRequired, err
+		}
+		if currentSize+contentLen > m.maxRepoSize {
+			err := fmt.Errorf("incoming blob (%d bytes) would exceed maximum size of repository (%d bytes)",
+				contentLen, m.maxRepoSize)
+			return nil, http.StatusInsufficientStorage, err
+		}
+	}
+
+	// since we can't always trust content-length, we will wrap the writer
+	// in a custom writer that enforces the size limit during writes
+	return maxSizeWriter{Writer: w, m: m}, 0, nil
+}
+
+// SpaceRemaining returns how much space is available in the repo
+// according to s.MaxRepoSize. s.repoSize must already be set.
+// If there is no limit, -1 is returned.
+func (m *Manager) SpaceRemaining() int64 {
+	if m.maxRepoSize == 0 {
+		return -1
+	}
+	maxSize := m.maxRepoSize
+	currentSize := atomic.LoadInt64(&m.repoSize)
+	return maxSize - currentSize
+}
+
+// SpaceUsed returns how much space is used in the repo.
+func (m *Manager) SpaceUsed() int64 {
+	return atomic.LoadInt64(&m.repoSize)
+}
+
+// IncUsage increments the current repo size (which
+// must already be initialized).
+func (m *Manager) IncUsage(by int64) {
+	atomic.AddInt64(&m.repoSize, by)
+}
+
+// tallySize counts the size of the contents of path.
+func tallySize(path string) (int64, error) {
+	if path == "" {
+		path = "."
+	}
+	var size int64
+	err := filepath.Walk(path, func(path string, info os.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+		size += info.Size()
+		return nil
+	})
+	return size, err
+}

repo/repo.go

@@ -0,0 +1,782 @@
+package repo
+
+import (
+	"encoding/hex"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"log"
+	"math/rand"
+	"net/http"
+	"os"
+	"path/filepath"
+	"regexp"
+	"runtime"
+	"strconv"
+	"strings"
+	"syscall"
+	"time"
+
+	"github.com/minio/sha256-simd"
+	"github.com/miolini/datacounter"
+	"github.com/restic/rest-server/quota"
+)
+
+// Options are options for the Handler accepted by New
+type Options struct {
+	AppendOnly     bool // if set, delete actions are not allowed
+	Debug          bool
+	DirMode        os.FileMode
+	FileMode       os.FileMode
+	NoVerifyUpload bool
+
+	// If set, we will panic when an internal server error happens. This
+	// makes it easier to debug such errors.
+	PanicOnError bool
+
+	BlobMetricFunc BlobMetricFunc
+	QuotaManager   *quota.Manager
+}
+
+// DefaultDirMode is the file mode used for directory creation if not
+// overridden in the Options
+const DefaultDirMode os.FileMode = 0700
+
+// DefaultFileMode is the file mode used for file creation if not
+// overridden in the Options
+const DefaultFileMode os.FileMode = 0600
+
+// New creates a new Handler for a single Restic backup repo.
+// path is the full filesystem path to this repo directory.
+// opt is a set of options.
+func New(path string, opt Options) (*Handler, error) {
+	if path == "" {
+		return nil, fmt.Errorf("path is required")
+	}
+	if opt.DirMode == 0 {
+		opt.DirMode = DefaultDirMode
+	}
+	if opt.FileMode == 0 {
+		opt.FileMode = DefaultFileMode
+	}
+	h := Handler{
+		path: path,
+		opt:  opt,
+	}
+	return &h, nil
+}
+
+// Handler handles all REST API requests for a single Restic backup repo
+// Spec: https://restic.readthedocs.io/en/latest/100_references.html#rest-backend
+type Handler struct {
+	path string // filesystem path of repo
+	opt  Options
+}
+
+// httpDefaultError write a HTTP error with the default description
+func httpDefaultError(w http.ResponseWriter, code int) {
+	http.Error(w, http.StatusText(code), code)
+}
+
+// httpMethodNotAllowed writes a 405 Method Not Allowed HTTP error with
+// the required Allow header listing the methods that are allowed.
+func httpMethodNotAllowed(w http.ResponseWriter, allowed []string) {
+	w.Header().Set("Allow", strings.Join(allowed, ", "))
+	httpDefaultError(w, http.StatusMethodNotAllowed)
+}
+
+// errFileContentDoesntMatchHash is the error raised when the file content hash
+// doesn't match the hash provided in the URL
+var errFileContentDoesntMatchHash = errors.New("file content does not match hash")
+
+// BlobPathRE matches valid blob URI paths with optional object IDs
+var BlobPathRE = regexp.MustCompile(`^/(data|index|keys|locks|snapshots)/([0-9a-f]{64})?$`)
+
+// ObjectTypes are subdirs that are used for object storage
+var ObjectTypes = []string{"data", "index", "keys", "locks", "snapshots"}
+
+// FileTypes are files stored directly under the repo direct that are accessible
+// through a request
+var FileTypes = []string{"config"}
+
+func isHashed(objectType string) bool {
+	return objectType == "data"
+}
+
+// BlobOperation describe the current blob operation in the BlobMetricFunc callback.
+type BlobOperation byte
+
+// Define all valid operations.
+const (
+	BlobRead   = 'R' // A blob has been read
+	BlobWrite  = 'W' // A blob has been written
+	BlobDelete = 'D' // A blob has been deleted
+)
+
+// BlobMetricFunc is the callback signature for blob metrics. Such a callback
+// can be passed in the Options to keep track of various metrics.
+// objectType: one of ObjectTypes
+// operation: one of the BlobOperations above
+// nBytes: the number of bytes affected, or 0 if not relevant
+// TODO: Perhaps add http.Request for the username so that this can be cached?
+type BlobMetricFunc func(objectType string, operation BlobOperation, nBytes uint64)
+
+// ServeHTTP performs strict matching on the repo part of the URL path and
+// dispatches the request to the appropriate handler.
+func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	urlPath := r.URL.Path
+	if urlPath == "/" {
+		// TODO: add HEAD and GET
+		switch r.Method {
+		case "POST":
+			h.createRepo(w, r)
+		default:
+			httpMethodNotAllowed(w, []string{"POST"})
+		}
+		return
+	} else if urlPath == "/config" {
+		switch r.Method {
+		case "HEAD":
+			h.checkConfig(w, r)
+		case "GET":
+			h.getConfig(w, r)
+		case "POST":
+			h.saveConfig(w, r)
+		case "DELETE":
+			h.deleteConfig(w, r)
+		default:
+			httpMethodNotAllowed(w, []string{"HEAD", "GET", "POST", "DELETE"})
+		}
+		return
+	} else if objectType, objectID := h.getObject(urlPath); objectType != "" {
+		if objectID == "" {
+			// TODO: add HEAD
+			switch r.Method {
+			case "GET":
+				h.listBlobs(w, r)
+			default:
+				httpMethodNotAllowed(w, []string{"GET"})
+			}
+
+			return
+		}
+
+		switch r.Method {
+		case "HEAD":
+			h.checkBlob(w, r)
+		case "GET":
+			h.getBlob(w, r)
+		case "POST":
+			h.saveBlob(w, r)
+		case "DELETE":
+			h.deleteBlob(w, r)
+		default:
+			httpMethodNotAllowed(w, []string{"HEAD", "GET", "POST", "DELETE"})
+		}
+
+		return
+	}
+	httpDefaultError(w, http.StatusNotFound)
+}
+
+// getObject parses the URL path and returns the objectType and objectID,
+// if any. The objectID is optional.
+func (h *Handler) getObject(urlPath string) (objectType, objectID string) {
+	m := BlobPathRE.FindStringSubmatch(urlPath)
+	if len(m) == 0 {
+		return "", "" // no match
+	}
+	if len(m) == 2 || m[2] == "" {
+		return m[1], "" // no objectID
+	}
+	return m[1], m[2]
+}
+
+// getSubPath returns the path for a file or subdir in the root of the repo.
+func (h *Handler) getSubPath(name string) string {
+	return filepath.Join(h.path, name)
+}
+
+// getObjectPath returns the path for an object file in the repo.
+// The passed in objectType and objectID must be valid due to earlier validation
+func (h *Handler) getObjectPath(objectType, objectID string) string {
+	// If we hit an error, this is a programming error, because all of these
+	// must have been validated before. We still check them here as a safeguard.
+	if objectType == "" || objectID == "" {
+		panic("invalid objectType or objectID")
+	}
+	if isHashed(objectType) {
+		if len(objectID) < 2 {
+			// Should never happen, because BlobPathRE checked this
+			panic("getObjectPath: objectID shorter than 2 chars")
+		}
+		// Added another dir in between with the first two characters of the hash
+		return filepath.Join(h.path, objectType, objectID[:2], objectID)
+	}
+
+	return filepath.Join(h.path, objectType, objectID)
+}
+
+// sendMetric calls op.BlobMetricFunc if set. See its signature for details.
+func (h *Handler) sendMetric(objectType string, operation BlobOperation, nBytes uint64) {
+	if f := h.opt.BlobMetricFunc; f != nil {
+		f(objectType, operation, nBytes)
+	}
+}
+
+// needSize tells you if we need the file size for metrics of quota accounting
+func (h *Handler) needSize() bool {
+	return h.opt.BlobMetricFunc != nil || h.opt.QuotaManager != nil
+}
+
+// incrementRepoSpaceUsage increments the repo space usage if quota are enabled
+func (h *Handler) incrementRepoSpaceUsage(by int64) {
+	if h.opt.QuotaManager != nil {
+		h.opt.QuotaManager.IncUsage(by)
+	}
+}
+
+// wrapFileWriter wraps the file writer if repo quota are enabled, and returns it
+// as is if not.
+// If an error occurs, it returns both an error and the appropriate HTTP error code.
+func (h *Handler) wrapFileWriter(r *http.Request, w io.Writer) (io.Writer, int, error) {
+	if h.opt.QuotaManager == nil {
+		return w, 0, nil // unmodified
+	}
+	return h.opt.QuotaManager.WrapWriter(r, w)
+}
+
+// checkConfig checks whether a configuration exists.
+func (h *Handler) checkConfig(w http.ResponseWriter, r *http.Request) {
+	if h.opt.Debug {
+		log.Println("checkConfig()")
+	}
+	cfg := h.getSubPath("config")
+
+	st, err := os.Stat(cfg)
+	if err != nil {
+		if h.opt.Debug {
+			log.Print(err)
+		}
+		httpDefaultError(w, http.StatusNotFound)
+		return
+	}
+
+	w.Header().Add("Content-Length", fmt.Sprint(st.Size()))
+}
+
+// getConfig allows for a config to be retrieved.
+func (h *Handler) getConfig(w http.ResponseWriter, r *http.Request) {
+	if h.opt.Debug {
+		log.Println("getConfig()")
+	}
+	cfg := h.getSubPath("config")
+
+	bytes, err := ioutil.ReadFile(cfg)
+	if err != nil {
+		if h.opt.Debug {
+			log.Print(err)
+		}
+		httpDefaultError(w, http.StatusNotFound)
+		return
+	}
+
+	_, _ = w.Write(bytes)
+}
+
+// saveConfig allows for a config to be saved.
+func (h *Handler) saveConfig(w http.ResponseWriter, r *http.Request) {
+	if h.opt.Debug {
+		log.Println("saveConfig()")
+	}
+	cfg := h.getSubPath("config")
+
+	f, err := os.OpenFile(cfg, os.O_CREATE|os.O_WRONLY|os.O_EXCL, h.opt.FileMode)
+	if err != nil && os.IsExist(err) {
+		if h.opt.Debug {
+			log.Print(err)
+		}
+		httpDefaultError(w, http.StatusForbidden)
+		return
+	}
+
+	_, err = io.Copy(f, r.Body)
+	if err != nil {
+		h.internalServerError(w, err)
+		return
+	}
+
+	err = f.Close()
+	if err != nil {
+		h.internalServerError(w, err)
+		return
+	}
+
+	_ = r.Body.Close()
+}
+
+// deleteConfig removes a config.
+func (h *Handler) deleteConfig(w http.ResponseWriter, r *http.Request) {
+	if h.opt.Debug {
+		log.Println("deleteConfig()")
+	}
+
+	if h.opt.AppendOnly {
+		httpDefaultError(w, http.StatusForbidden)
+		return
+	}
+
+	cfg := h.getSubPath("config")
+
+	if err := os.Remove(cfg); err != nil {
+		if h.opt.Debug {
+			log.Print(err)
+		}
+		if os.IsNotExist(err) {
+			httpDefaultError(w, http.StatusNotFound)
+		} else {
+			h.internalServerError(w, err)
+		}
+		return
+	}
+}
+
+const (
+	mimeTypeAPIV1 = "application/vnd.x.restic.rest.v1"
+	mimeTypeAPIV2 = "application/vnd.x.restic.rest.v2"
+)
+
+// listBlobs lists all blobs of a given type in an arbitrary order.
+func (h *Handler) listBlobs(w http.ResponseWriter, r *http.Request) {
+	if h.opt.Debug {
+		log.Println("listBlobs()")
+	}
+
+	switch r.Header.Get("Accept") {
+	case mimeTypeAPIV2:
+		h.listBlobsV2(w, r)
+	default:
+		h.listBlobsV1(w, r)
+	}
+}
+
+// listBlobsV1 lists all blobs of a given type in an arbitrary order.
+// TODO: unify listBlobsV1 and listBlobsV2
+func (h *Handler) listBlobsV1(w http.ResponseWriter, r *http.Request) {
+	if h.opt.Debug {
+		log.Println("listBlobsV1()")
+	}
+	objectType, _ := h.getObject(r.URL.Path)
+	if objectType == "" {
+		h.internalServerError(w, fmt.Errorf(
+			"cannot determine object type: %s", r.URL.Path))
+		return
+	}
+	path := h.getSubPath(objectType)
+
+	items, err := ioutil.ReadDir(path)
+	if err != nil {
+		if h.opt.Debug {
+			log.Print(err)
+		}
+		httpDefaultError(w, http.StatusNotFound)
+		return
+	}
+
+	var names []string
+	for _, i := range items {
+		if isHashed(objectType) {
+			subpath := filepath.Join(path, i.Name())
+			var subitems []os.FileInfo
+			subitems, err = ioutil.ReadDir(subpath)
+			if err != nil {
+				if h.opt.Debug {
+					log.Print(err)
+				}
+				httpDefaultError(w, http.StatusNotFound)
+				return
+			}
+			for _, f := range subitems {
+				names = append(names, f.Name())
+			}
+		} else {
+			names = append(names, i.Name())
+		}
+	}
+
+	data, err := json.Marshal(names)
+	if err != nil {
+		h.internalServerError(w, err)
+		return
+	}
+
+	w.Header().Set("Content-Type", mimeTypeAPIV1)
+	_, _ = w.Write(data)
+}
+
+// Blob represents a single blob, its name and its size.
+type Blob struct {
+	Name string `json:"name"`
+	Size int64  `json:"size"`
+}
+
+// listBlobsV2 lists all blobs of a given type, together with their sizes, in an arbitrary order.
+// TODO: unify listBlobsV1 and listBlobsV2
+func (h *Handler) listBlobsV2(w http.ResponseWriter, r *http.Request) {
+	if h.opt.Debug {
+		log.Println("listBlobsV2()")
+	}
+
+	objectType, _ := h.getObject(r.URL.Path)
+	if objectType == "" {
+		h.internalServerError(w, fmt.Errorf(
+			"cannot determine object type: %s", r.URL.Path))
+		return
+	}
+	path := h.getSubPath(objectType)
+
+	items, err := ioutil.ReadDir(path)
+	if err != nil {
+		if h.opt.Debug {
+			log.Print(err)
+		}
+		httpDefaultError(w, http.StatusNotFound)
+		return
+	}
+
+	var blobs []Blob
+	for _, i := range items {
+		if isHashed(objectType) {
+			subpath := filepath.Join(path, i.Name())
+			var subitems []os.FileInfo
+			subitems, err = ioutil.ReadDir(subpath)
+			if err != nil {
+				if h.opt.Debug {
+					log.Print(err)
+				}
+				httpDefaultError(w, http.StatusNotFound)
+				return
+			}
+			for _, f := range subitems {
+				blobs = append(blobs, Blob{Name: f.Name(), Size: f.Size()})
+			}
+		} else {
+			blobs = append(blobs, Blob{Name: i.Name(), Size: i.Size()})
+		}
+	}
+
+	data, err := json.Marshal(blobs)
+	if err != nil {
+		h.internalServerError(w, err)
+		return
+	}
+
+	w.Header().Set("Content-Type", mimeTypeAPIV2)
+	_, _ = w.Write(data)
+}
+
+// checkBlob tests whether a blob exists.
+func (h *Handler) checkBlob(w http.ResponseWriter, r *http.Request) {
+	if h.opt.Debug {
+		log.Println("checkBlob()")
+	}
+
+	objectType, objectID := h.getObject(r.URL.Path)
+	if objectType == "" || objectID == "" {
+		h.internalServerError(w, fmt.Errorf(
+			"cannot determine object type or id: %s", r.URL.Path))
+		return
+	}
+	path := h.getObjectPath(objectType, objectID)
+
+	st, err := os.Stat(path)
+	if err != nil {
+		if h.opt.Debug {
+			log.Print(err)
+		}
+		httpDefaultError(w, http.StatusNotFound)
+		return
+	}
+
+	w.Header().Add("Content-Length", fmt.Sprint(st.Size()))
+}
+
+// getBlob retrieves a blob from the repository.
+func (h *Handler) getBlob(w http.ResponseWriter, r *http.Request) {
+	if h.opt.Debug {
+		log.Println("getBlob()")
+	}
+
+	objectType, objectID := h.getObject(r.URL.Path)
+	if objectType == "" || objectID == "" {
+		h.internalServerError(w, fmt.Errorf(
+			"cannot determine object type or id: %s", r.URL.Path))
+		return
+	}
+	path := h.getObjectPath(objectType, objectID)
+
+	file, err := os.Open(path)
+	if err != nil {
+		if h.opt.Debug {
+			log.Print(err)
+		}
+		httpDefaultError(w, http.StatusNotFound)
+		return
+	}
+
+	wc := datacounter.NewResponseWriterCounter(w)
+	http.ServeContent(wc, r, "", time.Unix(0, 0), file)
+
+	if err = file.Close(); err != nil {
+		h.internalServerError(w, err)
+		return
+	}
+
+	h.sendMetric(objectType, BlobRead, wc.Count())
+}
+
+// saveBlob saves a blob to the repository.
+func (h *Handler) saveBlob(w http.ResponseWriter, r *http.Request) {
+	if h.opt.Debug {
+		log.Println("saveBlob()")
+	}
+
+	objectType, objectID := h.getObject(r.URL.Path)
+	if objectType == "" || objectID == "" {
+		h.internalServerError(w, fmt.Errorf(
+			"cannot determine object type or id: %s", r.URL.Path))
+		return
+	}
+	path := h.getObjectPath(objectType, objectID)
+
+	_, err := os.Stat(path)
+	if err == nil {
+		httpDefaultError(w, http.StatusForbidden)
+		return
+	}
+	if !os.IsNotExist(err) {
+		h.internalServerError(w, err)
+		return
+	}
+
+	tmpFn := filepath.Join(filepath.Dir(path), objectID+".rest-server-temp")
+	tf, err := tempFile(tmpFn, h.opt.FileMode)
+	if os.IsNotExist(err) {
+		// the error is caused by a missing directory, create it and retry
+		mkdirErr := os.MkdirAll(filepath.Dir(path), h.opt.DirMode)
+		if mkdirErr != nil {
+			log.Print(mkdirErr)
+		} else {
+			// try again
+			tf, err = tempFile(tmpFn, h.opt.FileMode)
+		}
+	}
+	if err != nil {
+		h.internalServerError(w, err)
+		return
+	}
+
+	// ensure this blob does not put us over the quota size limit (if there is one)
+	outFile, errCode, err := h.wrapFileWriter(r, tf)
+	if err != nil {
+		if h.opt.Debug {
+			log.Println(err)
+		}
+		httpDefaultError(w, errCode)
+		return
+	}
+
+	var written int64
+
+	if h.opt.NoVerifyUpload {
+		// just write the file without checking the contents
+		written, err = io.Copy(outFile, r.Body)
+	} else {
+		// calculate hash for current request
+		hasher := sha256.New()
+		written, err = io.Copy(outFile, io.TeeReader(r.Body, hasher))
+
+		// reject if file content doesn't match file name
+		if err == nil && hex.EncodeToString(hasher.Sum(nil)) != objectID {
+			err = errFileContentDoesntMatchHash
+		}
+	}
+
+	if err != nil {
+		_ = tf.Close()
+		_ = os.Remove(tf.Name())
+		h.incrementRepoSpaceUsage(-written)
+		if h.opt.Debug {
+			log.Print(err)
+		}
+		var pathError *os.PathError
+		if errors.As(err, &pathError) && (pathError.Err == syscall.ENOSPC ||
+			pathError.Err == syscall.EDQUOT) {
+			// The error is disk-related (no space left, no quota left),
+			// notify the client using the correct HTTP status
+			httpDefaultError(w, http.StatusInsufficientStorage)
+		} else if errors.Is(err, errFileContentDoesntMatchHash) ||
+			errors.Is(err, io.ErrUnexpectedEOF) ||
+			errors.Is(err, http.ErrMissingBoundary) ||
+			errors.Is(err, http.ErrNotMultipart) {
+			// The error is connection-related, send a client-side HTTP status
+			httpDefaultError(w, http.StatusBadRequest)
+		} else {
+			// Otherwise we have a different internal error, reply with
+			// server-side HTTP status
+			h.internalServerError(w, err)
+		}
+		return
+	}
+
+	if err := tf.Sync(); err != nil {
+		_ = tf.Close()
+		_ = os.Remove(tf.Name())
+		h.incrementRepoSpaceUsage(-written)
+		h.internalServerError(w, err)
+		return
+	}
+
+	if err := tf.Close(); err != nil {
+		_ = os.Remove(tf.Name())
+		h.incrementRepoSpaceUsage(-written)
+		h.internalServerError(w, err)
+		return
+	}
+
+	if err := os.Rename(tf.Name(), path); err != nil {
+		_ = os.Remove(tf.Name())
+		h.incrementRepoSpaceUsage(-written)
+		h.internalServerError(w, err)
+		return
+	}
+
+	if err := syncDir(filepath.Dir(path)); err != nil {
+		// Don't call os.Remove(path) as this is prone to race conditions with parallel upload retries
+		h.internalServerError(w, err)
+		return
+	}
+
+	h.sendMetric(objectType, BlobWrite, uint64(written))
+}
+
+// tempFile implements a custom version of ioutil.TempFile which allows modifying the file permissions
+func tempFile(fn string, perm os.FileMode) (f *os.File, err error) {
+	for i := 0; i < 10; i++ {
+		name := fn + strconv.FormatInt(rand.Int63(), 10)
+		f, err = os.OpenFile(name, os.O_RDWR|os.O_CREATE|os.O_EXCL, perm)
+		if os.IsExist(err) {
+			continue
+		}
+		break
+	}
+	return
+}
+
+func syncDir(dirname string) error {
+	if runtime.GOOS == "windows" {
+		// syncing a directory is not possible on windows
+		return nil
+	}
+
+	dir, err := os.Open(dirname)
+	if err != nil {
+		return err
+	}
+	err = dir.Sync()
+	if err != nil {
+		_ = dir.Close()
+		return err
+	}
+	return dir.Close()
+}
+
+// deleteBlob deletes a blob from the repository.
+func (h *Handler) deleteBlob(w http.ResponseWriter, r *http.Request) {
+	if h.opt.Debug {
+		log.Println("deleteBlob()")
+	}
+
+	objectType, objectID := h.getObject(r.URL.Path)
+	if objectType == "" || objectID == "" {
+		h.internalServerError(w, fmt.Errorf(
+			"cannot determine object type or id: %s", r.URL.Path))
+		return
+	}
+	if h.opt.AppendOnly && objectType != "locks" {
+		httpDefaultError(w, http.StatusForbidden)
+		return
+	}
+
+	path := h.getObjectPath(objectType, objectID)
+
+	var size int64
+	if h.needSize() {
+		stat, err := os.Stat(path)
+		if err == nil {
+			size = stat.Size()
+		}
+	}
+
+	if err := os.Remove(path); err != nil {
+		if h.opt.Debug {
+			log.Print(err)
+		}
+		if os.IsNotExist(err) {
+			httpDefaultError(w, http.StatusNotFound)
+		} else {
+			h.internalServerError(w, err)
+		}
+		return
+	}
+
+	h.incrementRepoSpaceUsage(-size)
+	h.sendMetric(objectType, BlobDelete, uint64(size))
+}
+
+// createRepo creates repository directories.
+func (h *Handler) createRepo(w http.ResponseWriter, r *http.Request) {
+	if h.opt.Debug {
+		log.Println("createRepo()")
+	}
+
+	if r.URL.Query().Get("create") != "true" {
+		httpDefaultError(w, http.StatusBadRequest)
+		return
+	}
+
+	log.Printf("Creating repository directories in %s\n", h.path)
+
+	if err := os.MkdirAll(h.path, h.opt.DirMode); err != nil {
+		h.internalServerError(w, err)
+		return
+	}
+
+	for _, d := range ObjectTypes {
+		if err := os.Mkdir(filepath.Join(h.path, d), h.opt.DirMode); err != nil && !os.IsExist(err) {
+			h.internalServerError(w, err)
+			return
+		}
+	}
+
+	for i := 0; i < 256; i++ {
+		dirPath := filepath.Join(h.path, "data", fmt.Sprintf("%02x", i))
+		if err := os.Mkdir(dirPath, h.opt.DirMode); err != nil && !os.IsExist(err) {
+			h.internalServerError(w, err)
+			return
+		}
+	}
+}
+
+// internalServerError is called to repot an internal server error.
+// The error message will be reported in the server logs. If PanicOnError
+// is set, this will panic instead, which makes debugging easier.
+func (h *Handler) internalServerError(w http.ResponseWriter, err error) {
+	log.Printf("ERROR: %v", err)
+	if h.opt.PanicOnError {
+		panic(fmt.Sprintf("internal server error: %v", err))
+	}
+	httpDefaultError(w, http.StatusInternalServerError)
+}

vendor/github.com/gorilla/handlers/.travis.yml

@@ -1,18 +0,0 @@
-language: go
-sudo: false
-
-matrix:
-  include:
-    - go: 1.4
-    - go: 1.5
-    - go: 1.6
-    - go: 1.7
-    - go: tip
-  allow_failures:
-    - go: tip
-
-script:
-  - go get -t -v ./...
-  - diff -u <(echo -n) <(gofmt -d .)
-  - go vet $(go list ./... | grep -v /vendor/)
-  - go test -v -race ./...

vendor/github.com/gorilla/handlers/LICENSE

@@ -1,22 +0,0 @@
-Copyright (c) 2013 The Gorilla Handlers Authors. All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-
-  Redistributions of source code must retain the above copyright notice, this
-  list of conditions and the following disclaimer.
-
-  Redistributions in binary form must reproduce the above copyright notice,
-  this list of conditions and the following disclaimer in the documentation
-  and/or other materials provided with the distribution.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

vendor/github.com/gorilla/handlers/README.md

@@ -1,55 +0,0 @@
-gorilla/handlers
-================
-[![GoDoc](https://godoc.org/github.com/gorilla/handlers?status.svg)](https://godoc.org/github.com/gorilla/handlers) [![Build Status](https://travis-ci.org/gorilla/handlers.svg?branch=master)](https://travis-ci.org/gorilla/handlers)
-[![Sourcegraph](https://sourcegraph.com/github.com/gorilla/handlers/-/badge.svg)](https://sourcegraph.com/github.com/gorilla/handlers?badge)
-
-
-Package handlers is a collection of handlers (aka "HTTP middleware") for use
-with Go's `net/http` package (or any framework supporting `http.Handler`), including:
-
-* [**LoggingHandler**](https://godoc.org/github.com/gorilla/handlers#LoggingHandler) for logging HTTP requests in the Apache [Common Log
-  Format](http://httpd.apache.org/docs/2.2/logs.html#common).
-* [**CombinedLoggingHandler**](https://godoc.org/github.com/gorilla/handlers#CombinedLoggingHandler) for logging HTTP requests in the Apache [Combined Log
-  Format](http://httpd.apache.org/docs/2.2/logs.html#combined) commonly used by
-  both Apache and nginx.
-* [**CompressHandler**](https://godoc.org/github.com/gorilla/handlers#CompressHandler) for gzipping responses.
-* [**ContentTypeHandler**](https://godoc.org/github.com/gorilla/handlers#ContentTypeHandler) for validating requests against a list of accepted
-  content types.
-* [**MethodHandler**](https://godoc.org/github.com/gorilla/handlers#MethodHandler) for matching HTTP methods against handlers in a
-  `map[string]http.Handler`
-* [**ProxyHeaders**](https://godoc.org/github.com/gorilla/handlers#ProxyHeaders) for populating `r.RemoteAddr` and `r.URL.Scheme` based on the
-  `X-Forwarded-For`, `X-Real-IP`, `X-Forwarded-Proto` and RFC7239 `Forwarded`
-  headers when running a Go server behind a HTTP reverse proxy.
-* [**CanonicalHost**](https://godoc.org/github.com/gorilla/handlers#CanonicalHost) for re-directing to the preferred host when handling multiple 
-  domains (i.e. multiple CNAME aliases).
-* [**RecoveryHandler**](https://godoc.org/github.com/gorilla/handlers#RecoveryHandler) for recovering from unexpected panics.
-
-Other handlers are documented [on the Gorilla
-website](http://www.gorillatoolkit.org/pkg/handlers).
-
-## Example
-
-A simple example using `handlers.LoggingHandler` and `handlers.CompressHandler`:
-
-```go
-import (
-    "net/http"
-    "github.com/gorilla/handlers"
-)
-
-func main() {
-    r := http.NewServeMux()
-
-    // Only log requests to our admin dashboard to stdout
-    r.Handle("/admin", handlers.LoggingHandler(os.Stdout, http.HandlerFunc(ShowAdminDashboard)))
-    r.HandleFunc("/", ShowIndex)
-
-    // Wrap our server with our gzip handler to gzip compress all responses.
-    http.ListenAndServe(":8000", handlers.CompressHandler(r))
-}
-```
-
-## License
-
-BSD licensed. See the included LICENSE file for details.
-

vendor/github.com/gorilla/handlers/canonical.go

@@ -1,74 +0,0 @@
-package handlers
-
-import (
-	"net/http"
-	"net/url"
-	"strings"
-)
-
-type canonical struct {
-	h      http.Handler
-	domain string
-	code   int
-}
-
-// CanonicalHost is HTTP middleware that re-directs requests to the canonical
-// domain. It accepts a domain and a status code (e.g. 301 or 302) and
-// re-directs clients to this domain. The existing request path is maintained.
-//
-// Note: If the provided domain is considered invalid by url.Parse or otherwise
-// returns an empty scheme or host, clients are not re-directed.
-//
-// Example:
-//
-//  r := mux.NewRouter()
-//  canonical := handlers.CanonicalHost("http://www.gorillatoolkit.org", 302)
-//  r.HandleFunc("/route", YourHandler)
-//
-//  log.Fatal(http.ListenAndServe(":7000", canonical(r)))
-//
-func CanonicalHost(domain string, code int) func(h http.Handler) http.Handler {
-	fn := func(h http.Handler) http.Handler {
-		return canonical{h, domain, code}
-	}
-
-	return fn
-}
-
-func (c canonical) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	dest, err := url.Parse(c.domain)
-	if err != nil {
-		// Call the next handler if the provided domain fails to parse.
-		c.h.ServeHTTP(w, r)
-		return
-	}
-
-	if dest.Scheme == "" || dest.Host == "" {
-		// Call the next handler if the scheme or host are empty.
-		// Note that url.Parse won't fail on in this case.
-		c.h.ServeHTTP(w, r)
-		return
-	}
-
-	if !strings.EqualFold(cleanHost(r.Host), dest.Host) {
-		// Re-build the destination URL
-		dest := dest.Scheme + "://" + dest.Host + r.URL.Path
-		if r.URL.RawQuery != "" {
-			dest += "?" + r.URL.RawQuery
-		}
-		http.Redirect(w, r, dest, c.code)
-		return
-	}
-
-	c.h.ServeHTTP(w, r)
-}
-
-// cleanHost cleans invalid Host headers by stripping anything after '/' or ' '.
-// This is backported from Go 1.5 (in response to issue #11206) and attempts to
-// mitigate malformed Host headers that do not match the format in RFC7230.
-func cleanHost(in string) string {
-	if i := strings.IndexAny(in, " /"); i != -1 {
-		return in[:i]
-	}
-	return in
-}

vendor/github.com/gorilla/handlers/canonical_test.go

@@ -1,127 +0,0 @@
-package handlers
-
-import (
-	"bufio"
-	"bytes"
-	"log"
-	"net/http"
-	"net/http/httptest"
-	"net/url"
-	"strings"
-	"testing"
-)
-
-func TestCleanHost(t *testing.T) {
-	tests := []struct {
-		in, want string
-	}{
-		{"www.google.com", "www.google.com"},
-		{"www.google.com foo", "www.google.com"},
-		{"www.google.com/foo", "www.google.com"},
-		{" first character is a space", ""},
-	}
-	for _, tt := range tests {
-		got := cleanHost(tt.in)
-		if tt.want != got {
-			t.Errorf("cleanHost(%q) = %q, want %q", tt.in, got, tt.want)
-		}
-	}
-}
-
-func TestCanonicalHost(t *testing.T) {
-	gorilla := "http://www.gorillatoolkit.org"
-
-	rr := httptest.NewRecorder()
-	r := newRequest("GET", "http://www.example.com/")
-
-	testHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
-
-	// Test a re-direct: should return a 302 Found.
-	CanonicalHost(gorilla, http.StatusFound)(testHandler).ServeHTTP(rr, r)
-
-	if rr.Code != http.StatusFound {
-		t.Fatalf("bad status: got %v want %v", rr.Code, http.StatusFound)
-	}
-
-	if rr.Header().Get("Location") != gorilla+r.URL.Path {
-		t.Fatalf("bad re-direct: got %q want %q", rr.Header().Get("Location"), gorilla+r.URL.Path)
-	}
-
-}
-
-func TestKeepsQueryString(t *testing.T) {
-	google := "https://www.google.com"
-
-	rr := httptest.NewRecorder()
-	querystring := url.Values{"q": {"golang"}, "format": {"json"}}.Encode()
-	r := newRequest("GET", "http://www.example.com/search?"+querystring)
-
-	testHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
-	CanonicalHost(google, http.StatusFound)(testHandler).ServeHTTP(rr, r)
-
-	want := google + r.URL.Path + "?" + querystring
-	if rr.Header().Get("Location") != want {
-		t.Fatalf("bad re-direct: got %q want %q", rr.Header().Get("Location"), want)
-	}
-}
-
-func TestBadDomain(t *testing.T) {
-	rr := httptest.NewRecorder()
-	r := newRequest("GET", "http://www.example.com/")
-
-	testHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
-
-	// Test a bad domain - should return 200 OK.
-	CanonicalHost("%", http.StatusFound)(testHandler).ServeHTTP(rr, r)
-
-	if rr.Code != http.StatusOK {
-		t.Fatalf("bad status: got %v want %v", rr.Code, http.StatusOK)
-	}
-}
-
-func TestEmptyHost(t *testing.T) {
-	rr := httptest.NewRecorder()
-	r := newRequest("GET", "http://www.example.com/")
-
-	testHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
-
-	// Test a domain that returns an empty url.Host from url.Parse.
-	CanonicalHost("hello.com", http.StatusFound)(testHandler).ServeHTTP(rr, r)
-
-	if rr.Code != http.StatusOK {
-		t.Fatalf("bad status: got %v want %v", rr.Code, http.StatusOK)
-	}
-}
-
-func TestHeaderWrites(t *testing.T) {
-	gorilla := "http://www.gorillatoolkit.org"
-
-	testHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.WriteHeader(200)
-	})
-
-	// Catch the log output to ensure we don't write multiple headers.
-	var b bytes.Buffer
-	buf := bufio.NewWriter(&b)
-	tl := log.New(buf, "test: ", log.Lshortfile)
-
-	srv := httptest.NewServer(
-		CanonicalHost(gorilla, http.StatusFound)(testHandler))
-	defer srv.Close()
-	srv.Config.ErrorLog = tl
-
-	_, err := http.Get(srv.URL)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	err = buf.Flush()
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	// We rely on the error not changing: net/http does not export it.
-	if strings.Contains(b.String(), "multiple response.WriteHeader calls") {
-		t.Fatalf("re-direct did not return early: multiple header writes")
-	}
-}

vendor/github.com/gorilla/handlers/compress.go

@@ -1,148 +0,0 @@
-// Copyright 2013 The Gorilla Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package handlers
-
-import (
-	"compress/flate"
-	"compress/gzip"
-	"io"
-	"net/http"
-	"strings"
-)
-
-type compressResponseWriter struct {
-	io.Writer
-	http.ResponseWriter
-	http.Hijacker
-	http.Flusher
-	http.CloseNotifier
-}
-
-func (w *compressResponseWriter) WriteHeader(c int) {
-	w.ResponseWriter.Header().Del("Content-Length")
-	w.ResponseWriter.WriteHeader(c)
-}
-
-func (w *compressResponseWriter) Header() http.Header {
-	return w.ResponseWriter.Header()
-}
-
-func (w *compressResponseWriter) Write(b []byte) (int, error) {
-	h := w.ResponseWriter.Header()
-	if h.Get("Content-Type") == "" {
-		h.Set("Content-Type", http.DetectContentType(b))
-	}
-	h.Del("Content-Length")
-
-	return w.Writer.Write(b)
-}
-
-type flusher interface {
-	Flush() error
-}
-
-func (w *compressResponseWriter) Flush() {
-	// Flush compressed data if compressor supports it.
-	if f, ok := w.Writer.(flusher); ok {
-		f.Flush()
-	}
-	// Flush HTTP response.
-	if w.Flusher != nil {
-		w.Flusher.Flush()
-	}
-}
-
-// CompressHandler gzip compresses HTTP responses for clients that support it
-// via the 'Accept-Encoding' header.
-//
-// Compressing TLS traffic may leak the page contents to an attacker if the
-// page contains user input: http://security.stackexchange.com/a/102015/12208
-func CompressHandler(h http.Handler) http.Handler {
-	return CompressHandlerLevel(h, gzip.DefaultCompression)
-}
-
-// CompressHandlerLevel gzip compresses HTTP responses with specified compression level
-// for clients that support it via the 'Accept-Encoding' header.
-//
-// The compression level should be gzip.DefaultCompression, gzip.NoCompression,
-// or any integer value between gzip.BestSpeed and gzip.BestCompression inclusive.
-// gzip.DefaultCompression is used in case of invalid compression level.
-func CompressHandlerLevel(h http.Handler, level int) http.Handler {
-	if level < gzip.DefaultCompression || level > gzip.BestCompression {
-		level = gzip.DefaultCompression
-	}
-
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-	L:
-		for _, enc := range strings.Split(r.Header.Get("Accept-Encoding"), ",") {
-			switch strings.TrimSpace(enc) {
-			case "gzip":
-				w.Header().Set("Content-Encoding", "gzip")
-				w.Header().Add("Vary", "Accept-Encoding")
-
-				gw, _ := gzip.NewWriterLevel(w, level)
-				defer gw.Close()
-
-				h, hok := w.(http.Hijacker)
-				if !hok { /* w is not Hijacker... oh well... */
-					h = nil
-				}
-
-				f, fok := w.(http.Flusher)
-				if !fok {
-					f = nil
-				}
-
-				cn, cnok := w.(http.CloseNotifier)
-				if !cnok {
-					cn = nil
-				}
-
-				w = &compressResponseWriter{
-					Writer:         gw,
-					ResponseWriter: w,
-					Hijacker:       h,
-					Flusher:        f,
-					CloseNotifier:  cn,
-				}
-
-				break L
-			case "deflate":
-				w.Header().Set("Content-Encoding", "deflate")
-				w.Header().Add("Vary", "Accept-Encoding")
-
-				fw, _ := flate.NewWriter(w, level)
-				defer fw.Close()
-
-				h, hok := w.(http.Hijacker)
-				if !hok { /* w is not Hijacker... oh well... */
-					h = nil
-				}
-
-				f, fok := w.(http.Flusher)
-				if !fok {
-					f = nil
-				}
-
-				cn, cnok := w.(http.CloseNotifier)
-				if !cnok {
-					cn = nil
-				}
-
-				w = &compressResponseWriter{
-					Writer:         fw,
-					ResponseWriter: w,
-					Hijacker:       h,
-					Flusher:        f,
-					CloseNotifier:  cn,
-				}
-
-				break L
-			}
-		}
-
-		h.ServeHTTP(w, r)
-	})
-}

vendor/github.com/gorilla/handlers/compress_test.go

@@ -1,154 +0,0 @@
-// Copyright 2013 The Gorilla Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package handlers
-
-import (
-	"bufio"
-	"io"
-	"net"
-	"net/http"
-	"net/http/httptest"
-	"strconv"
-	"testing"
-)
-
-var contentType = "text/plain; charset=utf-8"
-
-func compressedRequest(w *httptest.ResponseRecorder, compression string) {
-	CompressHandler(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("Content-Length", strconv.Itoa(9*1024))
-		w.Header().Set("Content-Type", contentType)
-		for i := 0; i < 1024; i++ {
-			io.WriteString(w, "Gorilla!\n")
-		}
-	})).ServeHTTP(w, &http.Request{
-		Method: "GET",
-		Header: http.Header{
-			"Accept-Encoding": []string{compression},
-		},
-	})
-
-}
-
-func TestCompressHandlerNoCompression(t *testing.T) {
-	w := httptest.NewRecorder()
-	compressedRequest(w, "")
-	if enc := w.HeaderMap.Get("Content-Encoding"); enc != "" {
-		t.Errorf("wrong content encoding, got %q want %q", enc, "")
-	}
-	if ct := w.HeaderMap.Get("Content-Type"); ct != contentType {
-		t.Errorf("wrong content type, got %q want %q", ct, contentType)
-	}
-	if w.Body.Len() != 1024*9 {
-		t.Errorf("wrong len, got %d want %d", w.Body.Len(), 1024*9)
-	}
-	if l := w.HeaderMap.Get("Content-Length"); l != "9216" {
-		t.Errorf("wrong content-length. got %q expected %d", l, 1024*9)
-	}
-}
-
-func TestCompressHandlerGzip(t *testing.T) {
-	w := httptest.NewRecorder()
-	compressedRequest(w, "gzip")
-	if w.HeaderMap.Get("Content-Encoding") != "gzip" {
-		t.Errorf("wrong content encoding, got %q want %q", w.HeaderMap.Get("Content-Encoding"), "gzip")
-	}
-	if w.HeaderMap.Get("Content-Type") != "text/plain; charset=utf-8" {
-		t.Errorf("wrong content type, got %s want %s", w.HeaderMap.Get("Content-Type"), "text/plain; charset=utf-8")
-	}
-	if w.Body.Len() != 72 {
-		t.Errorf("wrong len, got %d want %d", w.Body.Len(), 72)
-	}
-	if l := w.HeaderMap.Get("Content-Length"); l != "" {
-		t.Errorf("wrong content-length. got %q expected %q", l, "")
-	}
-}
-
-func TestCompressHandlerDeflate(t *testing.T) {
-	w := httptest.NewRecorder()
-	compressedRequest(w, "deflate")
-	if w.HeaderMap.Get("Content-Encoding") != "deflate" {
-		t.Fatalf("wrong content encoding, got %q want %q", w.HeaderMap.Get("Content-Encoding"), "deflate")
-	}
-	if w.HeaderMap.Get("Content-Type") != "text/plain; charset=utf-8" {
-		t.Fatalf("wrong content type, got %s want %s", w.HeaderMap.Get("Content-Type"), "text/plain; charset=utf-8")
-	}
-	if w.Body.Len() != 54 {
-		t.Fatalf("wrong len, got %d want %d", w.Body.Len(), 54)
-	}
-}
-
-func TestCompressHandlerGzipDeflate(t *testing.T) {
-	w := httptest.NewRecorder()
-	compressedRequest(w, "gzip, deflate ")
-	if w.HeaderMap.Get("Content-Encoding") != "gzip" {
-		t.Fatalf("wrong content encoding, got %q want %q", w.HeaderMap.Get("Content-Encoding"), "gzip")
-	}
-	if w.HeaderMap.Get("Content-Type") != "text/plain; charset=utf-8" {
-		t.Fatalf("wrong content type, got %s want %s", w.HeaderMap.Get("Content-Type"), "text/plain; charset=utf-8")
-	}
-}
-
-type fullyFeaturedResponseWriter struct{}
-
-// Header/Write/WriteHeader implement the http.ResponseWriter interface.
-func (fullyFeaturedResponseWriter) Header() http.Header {
-	return http.Header{}
-}
-func (fullyFeaturedResponseWriter) Write([]byte) (int, error) {
-	return 0, nil
-}
-func (fullyFeaturedResponseWriter) WriteHeader(int) {}
-
-// Flush implements the http.Flusher interface.
-func (fullyFeaturedResponseWriter) Flush() {}
-
-// Hijack implements the http.Hijacker interface.
-func (fullyFeaturedResponseWriter) Hijack() (net.Conn, *bufio.ReadWriter, error) {
-	return nil, nil, nil
-}
-
-// CloseNotify implements the http.CloseNotifier interface.
-func (fullyFeaturedResponseWriter) CloseNotify() <-chan bool {
-	return nil
-}
-
-func TestCompressHandlerPreserveInterfaces(t *testing.T) {
-	// Compile time validation fullyFeaturedResponseWriter implements all the
-	// interfaces we're asserting in the test case below.
-	var (
-		_ http.Flusher       = fullyFeaturedResponseWriter{}
-		_ http.CloseNotifier = fullyFeaturedResponseWriter{}
-		_ http.Hijacker      = fullyFeaturedResponseWriter{}
-	)
-	var h http.Handler = http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
-		comp := r.Header.Get("Accept-Encoding")
-		if _, ok := rw.(*compressResponseWriter); !ok {
-			t.Fatalf("ResponseWriter wasn't wrapped by compressResponseWriter, got %T type", rw)
-		}
-		if _, ok := rw.(http.Flusher); !ok {
-			t.Errorf("ResponseWriter lost http.Flusher interface for %q", comp)
-		}
-		if _, ok := rw.(http.CloseNotifier); !ok {
-			t.Errorf("ResponseWriter lost http.CloseNotifier interface for %q", comp)
-		}
-		if _, ok := rw.(http.Hijacker); !ok {
-			t.Errorf("ResponseWriter lost http.Hijacker interface for %q", comp)
-		}
-	})
-	h = CompressHandler(h)
-	var (
-		rw fullyFeaturedResponseWriter
-	)
-	r, err := http.NewRequest("GET", "/", nil)
-	if err != nil {
-		t.Fatalf("Failed to create test request: %v", err)
-	}
-	r.Header.Set("Accept-Encoding", "gzip")
-	h.ServeHTTP(rw, r)
-
-	r.Header.Set("Accept-Encoding", "deflate")
-	h.ServeHTTP(rw, r)
-}

vendor/github.com/gorilla/handlers/cors.go

@@ -1,317 +0,0 @@
-package handlers
-
-import (
-	"net/http"
-	"strconv"
-	"strings"
-)
-
-// CORSOption represents a functional option for configuring the CORS middleware.
-type CORSOption func(*cors) error
-
-type cors struct {
-	h                      http.Handler
-	allowedHeaders         []string
-	allowedMethods         []string
-	allowedOrigins         []string
-	allowedOriginValidator OriginValidator
-	exposedHeaders         []string
-	maxAge                 int
-	ignoreOptions          bool
-	allowCredentials       bool
-}
-
-// OriginValidator takes an origin string and returns whether or not that origin is allowed.
-type OriginValidator func(string) bool
-
-var (
-	defaultCorsMethods = []string{"GET", "HEAD", "POST"}
-	defaultCorsHeaders = []string{"Accept", "Accept-Language", "Content-Language", "Origin"}
-	// (WebKit/Safari v9 sends the Origin header by default in AJAX requests)
-)
-
-const (
-	corsOptionMethod           string = "OPTIONS"
-	corsAllowOriginHeader      string = "Access-Control-Allow-Origin"
-	corsExposeHeadersHeader    string = "Access-Control-Expose-Headers"
-	corsMaxAgeHeader           string = "Access-Control-Max-Age"
-	corsAllowMethodsHeader     string = "Access-Control-Allow-Methods"
-	corsAllowHeadersHeader     string = "Access-Control-Allow-Headers"
-	corsAllowCredentialsHeader string = "Access-Control-Allow-Credentials"
-	corsRequestMethodHeader    string = "Access-Control-Request-Method"
-	corsRequestHeadersHeader   string = "Access-Control-Request-Headers"
-	corsOriginHeader           string = "Origin"
-	corsVaryHeader             string = "Vary"
-	corsOriginMatchAll         string = "*"
-)
-
-func (ch *cors) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	origin := r.Header.Get(corsOriginHeader)
-	if !ch.isOriginAllowed(origin) {
-		ch.h.ServeHTTP(w, r)
-		return
-	}
-
-	if r.Method == corsOptionMethod {
-		if ch.ignoreOptions {
-			ch.h.ServeHTTP(w, r)
-			return
-		}
-
-		if _, ok := r.Header[corsRequestMethodHeader]; !ok {
-			w.WriteHeader(http.StatusBadRequest)
-			return
-		}
-
-		method := r.Header.Get(corsRequestMethodHeader)
-		if !ch.isMatch(method, ch.allowedMethods) {
-			w.WriteHeader(http.StatusMethodNotAllowed)
-			return
-		}
-
-		requestHeaders := strings.Split(r.Header.Get(corsRequestHeadersHeader), ",")
-		allowedHeaders := []string{}
-		for _, v := range requestHeaders {
-			canonicalHeader := http.CanonicalHeaderKey(strings.TrimSpace(v))
-			if canonicalHeader == "" || ch.isMatch(canonicalHeader, defaultCorsHeaders) {
-				continue
-			}
-
-			if !ch.isMatch(canonicalHeader, ch.allowedHeaders) {
-				w.WriteHeader(http.StatusForbidden)
-				return
-			}
-
-			allowedHeaders = append(allowedHeaders, canonicalHeader)
-		}
-
-		if len(allowedHeaders) > 0 {
-			w.Header().Set(corsAllowHeadersHeader, strings.Join(allowedHeaders, ","))
-		}
-
-		if ch.maxAge > 0 {
-			w.Header().Set(corsMaxAgeHeader, strconv.Itoa(ch.maxAge))
-		}
-
-		if !ch.isMatch(method, defaultCorsMethods) {
-			w.Header().Set(corsAllowMethodsHeader, method)
-		}
-	} else {
-		if len(ch.exposedHeaders) > 0 {
-			w.Header().Set(corsExposeHeadersHeader, strings.Join(ch.exposedHeaders, ","))
-		}
-	}
-
-	if ch.allowCredentials {
-		w.Header().Set(corsAllowCredentialsHeader, "true")
-	}
-
-	if len(ch.allowedOrigins) > 1 {
-		w.Header().Set(corsVaryHeader, corsOriginHeader)
-	}
-
-	w.Header().Set(corsAllowOriginHeader, origin)
-
-	if r.Method == corsOptionMethod {
-		return
-	}
-	ch.h.ServeHTTP(w, r)
-}
-
-// CORS provides Cross-Origin Resource Sharing middleware.
-// Example:
-//
-//  import (
-//      "net/http"
-//
-//      "github.com/gorilla/handlers"
-//      "github.com/gorilla/mux"
-//  )
-//
-//  func main() {
-//      r := mux.NewRouter()
-//      r.HandleFunc("/users", UserEndpoint)
-//      r.HandleFunc("/projects", ProjectEndpoint)
-//
-//      // Apply the CORS middleware to our top-level router, with the defaults.
-//      http.ListenAndServe(":8000", handlers.CORS()(r))
-//  }
-//
-func CORS(opts ...CORSOption) func(http.Handler) http.Handler {
-	return func(h http.Handler) http.Handler {
-		ch := parseCORSOptions(opts...)
-		ch.h = h
-		return ch
-	}
-}
-
-func parseCORSOptions(opts ...CORSOption) *cors {
-	ch := &cors{
-		allowedMethods: defaultCorsMethods,
-		allowedHeaders: defaultCorsHeaders,
-		allowedOrigins: []string{corsOriginMatchAll},
-	}
-
-	for _, option := range opts {
-		option(ch)
-	}
-
-	return ch
-}
-
-//
-// Functional options for configuring CORS.
-//
-
-// AllowedHeaders adds the provided headers to the list of allowed headers in a
-// CORS request.
-// This is an append operation so the headers Accept, Accept-Language,
-// and Content-Language are always allowed.
-// Content-Type must be explicitly declared if accepting Content-Types other than
-// application/x-www-form-urlencoded, multipart/form-data, or text/plain.
-func AllowedHeaders(headers []string) CORSOption {
-	return func(ch *cors) error {
-		for _, v := range headers {
-			normalizedHeader := http.CanonicalHeaderKey(strings.TrimSpace(v))
-			if normalizedHeader == "" {
-				continue
-			}
-
-			if !ch.isMatch(normalizedHeader, ch.allowedHeaders) {
-				ch.allowedHeaders = append(ch.allowedHeaders, normalizedHeader)
-			}
-		}
-
-		return nil
-	}
-}
-
-// AllowedMethods can be used to explicitly allow methods in the
-// Access-Control-Allow-Methods header.
-// This is a replacement operation so you must also
-// pass GET, HEAD, and POST if you wish to support those methods.
-func AllowedMethods(methods []string) CORSOption {
-	return func(ch *cors) error {
-		ch.allowedMethods = []string{}
-		for _, v := range methods {
-			normalizedMethod := strings.ToUpper(strings.TrimSpace(v))
-			if normalizedMethod == "" {
-				continue
-			}
-
-			if !ch.isMatch(normalizedMethod, ch.allowedMethods) {
-				ch.allowedMethods = append(ch.allowedMethods, normalizedMethod)
-			}
-		}
-
-		return nil
-	}
-}
-
-// AllowedOrigins sets the allowed origins for CORS requests, as used in the
-// 'Allow-Access-Control-Origin' HTTP header.
-// Note: Passing in a []string{"*"} will allow any domain.
-func AllowedOrigins(origins []string) CORSOption {
-	return func(ch *cors) error {
-		for _, v := range origins {
-			if v == corsOriginMatchAll {
-				ch.allowedOrigins = []string{corsOriginMatchAll}
-				return nil
-			}
-		}
-
-		ch.allowedOrigins = origins
-		return nil
-	}
-}
-
-// AllowedOriginValidator sets a function for evaluating allowed origins in CORS requests, represented by the
-// 'Allow-Access-Control-Origin' HTTP header.
-func AllowedOriginValidator(fn OriginValidator) CORSOption {
-	return func(ch *cors) error {
-		ch.allowedOriginValidator = fn
-		return nil
-	}
-}
-
-// ExposeHeaders can be used to specify headers that are available
-// and will not be stripped out by the user-agent.
-func ExposedHeaders(headers []string) CORSOption {
-	return func(ch *cors) error {
-		ch.exposedHeaders = []string{}
-		for _, v := range headers {
-			normalizedHeader := http.CanonicalHeaderKey(strings.TrimSpace(v))
-			if normalizedHeader == "" {
-				continue
-			}
-
-			if !ch.isMatch(normalizedHeader, ch.exposedHeaders) {
-				ch.exposedHeaders = append(ch.exposedHeaders, normalizedHeader)
-			}
-		}
-
-		return nil
-	}
-}
-
-// MaxAge determines the maximum age (in seconds) between preflight requests. A
-// maximum of 10 minutes is allowed. An age above this value will default to 10
-// minutes.
-func MaxAge(age int) CORSOption {
-	return func(ch *cors) error {
-		// Maximum of 10 minutes.
-		if age > 600 {
-			age = 600
-		}
-
-		ch.maxAge = age
-		return nil
-	}
-}
-
-// IgnoreOptions causes the CORS middleware to ignore OPTIONS requests, instead
-// passing them through to the next handler. This is useful when your application
-// or framework has a pre-existing mechanism for responding to OPTIONS requests.
-func IgnoreOptions() CORSOption {
-	return func(ch *cors) error {
-		ch.ignoreOptions = true
-		return nil
-	}
-}
-
-// AllowCredentials can be used to specify that the user agent may pass
-// authentication details along with the request.
-func AllowCredentials() CORSOption {
-	return func(ch *cors) error {
-		ch.allowCredentials = true
-		return nil
-	}
-}
-
-func (ch *cors) isOriginAllowed(origin string) bool {
-	if origin == "" {
-		return false
-	}
-
-	if ch.allowedOriginValidator != nil {
-		return ch.allowedOriginValidator(origin)
-	}
-
-	for _, allowedOrigin := range ch.allowedOrigins {
-		if allowedOrigin == origin || allowedOrigin == corsOriginMatchAll {
-			return true
-		}
-	}
-
-	return false
-}
-
-func (ch *cors) isMatch(needle string, haystack []string) bool {
-	for _, v := range haystack {
-		if v == needle {
-			return true
-		}
-	}
-
-	return false
-}

vendor/github.com/gorilla/handlers/cors_test.go

@@ -1,336 +0,0 @@
-package handlers
-
-import (
-	"net/http"
-	"net/http/httptest"
-	"strings"
-	"testing"
-)
-
-func TestDefaultCORSHandlerReturnsOk(t *testing.T) {
-	r := newRequest("GET", "http://www.example.com/")
-	rr := httptest.NewRecorder()
-
-	testHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
-
-	CORS()(testHandler).ServeHTTP(rr, r)
-
-	if status := rr.Code; status != http.StatusOK {
-		t.Fatalf("bad status: got %v want %v", status, http.StatusFound)
-	}
-}
-
-func TestDefaultCORSHandlerReturnsOkWithOrigin(t *testing.T) {
-	r := newRequest("GET", "http://www.example.com/")
-	r.Header.Set("Origin", r.URL.String())
-
-	rr := httptest.NewRecorder()
-
-	testHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
-
-	CORS()(testHandler).ServeHTTP(rr, r)
-
-	if status := rr.Code; status != http.StatusOK {
-		t.Fatalf("bad status: got %v want %v", status, http.StatusFound)
-	}
-}
-
-func TestCORSHandlerIgnoreOptionsFallsThrough(t *testing.T) {
-	r := newRequest("OPTIONS", "http://www.example.com/")
-	r.Header.Set("Origin", r.URL.String())
-
-	rr := httptest.NewRecorder()
-
-	testHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.WriteHeader(http.StatusTeapot)
-	})
-
-	CORS(IgnoreOptions())(testHandler).ServeHTTP(rr, r)
-
-	if status := rr.Code; status != http.StatusTeapot {
-		t.Fatalf("bad status: got %v want %v", status, http.StatusTeapot)
-	}
-}
-
-func TestCORSHandlerSetsExposedHeaders(t *testing.T) {
-	// Test default configuration.
-	r := newRequest("GET", "http://www.example.com/")
-	r.Header.Set("Origin", r.URL.String())
-
-	rr := httptest.NewRecorder()
-
-	testHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
-
-	CORS(ExposedHeaders([]string{"X-CORS-TEST"}))(testHandler).ServeHTTP(rr, r)
-
-	if status := rr.Code; status != http.StatusOK {
-		t.Fatalf("bad status: got %v want %v", status, http.StatusOK)
-	}
-
-	header := rr.HeaderMap.Get(corsExposeHeadersHeader)
-	if header != "X-Cors-Test" {
-		t.Fatal("bad header: expected X-Cors-Test header, got empty header for method.")
-	}
-}
-
-func TestCORSHandlerUnsetRequestMethodForPreflightBadRequest(t *testing.T) {
-	r := newRequest("OPTIONS", "http://www.example.com/")
-	r.Header.Set("Origin", r.URL.String())
-
-	rr := httptest.NewRecorder()
-
-	testHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
-
-	CORS(AllowedMethods([]string{"DELETE"}))(testHandler).ServeHTTP(rr, r)
-
-	if status := rr.Code; status != http.StatusBadRequest {
-		t.Fatalf("bad status: got %v want %v", status, http.StatusBadRequest)
-	}
-}
-
-func TestCORSHandlerInvalidRequestMethodForPreflightMethodNotAllowed(t *testing.T) {
-	r := newRequest("OPTIONS", "http://www.example.com/")
-	r.Header.Set("Origin", r.URL.String())
-	r.Header.Set(corsRequestMethodHeader, "DELETE")
-
-	rr := httptest.NewRecorder()
-
-	testHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
-
-	CORS()(testHandler).ServeHTTP(rr, r)
-
-	if status := rr.Code; status != http.StatusMethodNotAllowed {
-		t.Fatalf("bad status: got %v want %v", status, http.StatusMethodNotAllowed)
-	}
-}
-
-func TestCORSHandlerOptionsRequestMustNotBePassedToNextHandler(t *testing.T) {
-	r := newRequest("OPTIONS", "http://www.example.com/")
-	r.Header.Set("Origin", r.URL.String())
-	r.Header.Set(corsRequestMethodHeader, "GET")
-
-	rr := httptest.NewRecorder()
-
-	testHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		t.Fatal("Options request must not be passed to next handler")
-	})
-
-	CORS()(testHandler).ServeHTTP(rr, r)
-
-	if status := rr.Code; status != http.StatusOK {
-		t.Fatalf("bad status: got %v want %v", status, http.StatusOK)
-	}
-}
-
-func TestCORSHandlerAllowedMethodForPreflight(t *testing.T) {
-	r := newRequest("OPTIONS", "http://www.example.com/")
-	r.Header.Set("Origin", r.URL.String())
-	r.Header.Set(corsRequestMethodHeader, "DELETE")
-
-	rr := httptest.NewRecorder()
-
-	testHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
-
-	CORS(AllowedMethods([]string{"DELETE"}))(testHandler).ServeHTTP(rr, r)
-
-	if status := rr.Code; status != http.StatusOK {
-		t.Fatalf("bad status: got %v want %v", status, http.StatusOK)
-	}
-
-	header := rr.HeaderMap.Get(corsAllowMethodsHeader)
-	if header != "DELETE" {
-		t.Fatalf("bad header: expected DELETE method header, got empty header.")
-	}
-}
-
-func TestCORSHandlerAllowMethodsNotSetForSimpleRequestPreflight(t *testing.T) {
-	for _, method := range defaultCorsMethods {
-		r := newRequest("OPTIONS", "http://www.example.com/")
-		r.Header.Set("Origin", r.URL.String())
-		r.Header.Set(corsRequestMethodHeader, method)
-
-		rr := httptest.NewRecorder()
-
-		testHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
-
-		CORS()(testHandler).ServeHTTP(rr, r)
-
-		if status := rr.Code; status != http.StatusOK {
-			t.Fatalf("bad status: got %v want %v", status, http.StatusOK)
-		}
-
-		header := rr.HeaderMap.Get(corsAllowMethodsHeader)
-		if header != "" {
-			t.Fatalf("bad header: expected empty method header, got %s.", header)
-		}
-	}
-}
-
-func TestCORSHandlerAllowedHeaderNotSetForSimpleRequestPreflight(t *testing.T) {
-	for _, simpleHeader := range defaultCorsHeaders {
-		r := newRequest("OPTIONS", "http://www.example.com/")
-		r.Header.Set("Origin", r.URL.String())
-		r.Header.Set(corsRequestMethodHeader, "GET")
-		r.Header.Set(corsRequestHeadersHeader, simpleHeader)
-
-		rr := httptest.NewRecorder()
-
-		testHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
-
-		CORS()(testHandler).ServeHTTP(rr, r)
-
-		if status := rr.Code; status != http.StatusOK {
-			t.Fatalf("bad status: got %v want %v", status, http.StatusOK)
-		}
-
-		header := rr.HeaderMap.Get(corsAllowHeadersHeader)
-		if header != "" {
-			t.Fatalf("bad header: expected empty header, got %s.", header)
-		}
-	}
-}
-
-func TestCORSHandlerAllowedHeaderForPreflight(t *testing.T) {
-	r := newRequest("OPTIONS", "http://www.example.com/")
-	r.Header.Set("Origin", r.URL.String())
-	r.Header.Set(corsRequestMethodHeader, "POST")
-	r.Header.Set(corsRequestHeadersHeader, "Content-Type")
-
-	rr := httptest.NewRecorder()
-
-	testHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
-
-	CORS(AllowedHeaders([]string{"Content-Type"}))(testHandler).ServeHTTP(rr, r)
-
-	if status := rr.Code; status != http.StatusOK {
-		t.Fatalf("bad status: got %v want %v", status, http.StatusOK)
-	}
-
-	header := rr.HeaderMap.Get(corsAllowHeadersHeader)
-	if header != "Content-Type" {
-		t.Fatalf("bad header: expected Content-Type header, got empty header.")
-	}
-}
-
-func TestCORSHandlerInvalidHeaderForPreflightForbidden(t *testing.T) {
-	r := newRequest("OPTIONS", "http://www.example.com/")
-	r.Header.Set("Origin", r.URL.String())
-	r.Header.Set(corsRequestMethodHeader, "POST")
-	r.Header.Set(corsRequestHeadersHeader, "Content-Type")
-
-	rr := httptest.NewRecorder()
-
-	testHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
-
-	CORS()(testHandler).ServeHTTP(rr, r)
-
-	if status := rr.Code; status != http.StatusForbidden {
-		t.Fatalf("bad status: got %v want %v", status, http.StatusForbidden)
-	}
-}
-
-func TestCORSHandlerMaxAgeForPreflight(t *testing.T) {
-	r := newRequest("OPTIONS", "http://www.example.com/")
-	r.Header.Set("Origin", r.URL.String())
-	r.Header.Set(corsRequestMethodHeader, "POST")
-
-	rr := httptest.NewRecorder()
-
-	testHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
-
-	CORS(MaxAge(3500))(testHandler).ServeHTTP(rr, r)
-
-	if status := rr.Code; status != http.StatusOK {
-		t.Fatalf("bad status: got %v want %v", status, http.StatusOK)
-	}
-
-	header := rr.HeaderMap.Get(corsMaxAgeHeader)
-	if header != "600" {
-		t.Fatalf("bad header: expected %s to be %s, got %s.", corsMaxAgeHeader, "600", header)
-	}
-}
-
-func TestCORSHandlerAllowedCredentials(t *testing.T) {
-	r := newRequest("GET", "http://www.example.com/")
-	r.Header.Set("Origin", r.URL.String())
-
-	rr := httptest.NewRecorder()
-
-	testHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
-
-	CORS(AllowCredentials())(testHandler).ServeHTTP(rr, r)
-
-	if status := rr.Code; status != http.StatusOK {
-		t.Fatalf("bad status: got %v want %v", status, http.StatusOK)
-	}
-
-	header := rr.HeaderMap.Get(corsAllowCredentialsHeader)
-	if header != "true" {
-		t.Fatalf("bad header: expected %s to be %s, got %s.", corsAllowCredentialsHeader, "true", header)
-	}
-}
-
-func TestCORSHandlerMultipleAllowOriginsSetsVaryHeader(t *testing.T) {
-	r := newRequest("GET", "http://www.example.com/")
-	r.Header.Set("Origin", r.URL.String())
-
-	rr := httptest.NewRecorder()
-
-	testHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
-
-	CORS(AllowedOrigins([]string{r.URL.String(), "http://google.com"}))(testHandler).ServeHTTP(rr, r)
-
-	if status := rr.Code; status != http.StatusOK {
-		t.Fatalf("bad status: got %v want %v", status, http.StatusOK)
-	}
-
-	header := rr.HeaderMap.Get(corsVaryHeader)
-	if header != corsOriginHeader {
-		t.Fatalf("bad header: expected %s to be %s, got %s.", corsVaryHeader, corsOriginHeader, header)
-	}
-}
-
-func TestCORSWithMultipleHandlers(t *testing.T) {
-	var lastHandledBy string
-	corsMiddleware := CORS()
-
-	testHandler1 := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		lastHandledBy = "testHandler1"
-	})
-	testHandler2 := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		lastHandledBy = "testHandler2"
-	})
-
-	r1 := newRequest("GET", "http://www.example.com/")
-	rr1 := httptest.NewRecorder()
-	handler1 := corsMiddleware(testHandler1)
-
-	corsMiddleware(testHandler2)
-
-	handler1.ServeHTTP(rr1, r1)
-	if lastHandledBy != "testHandler1" {
-		t.Fatalf("bad CORS() registration: Handler served should be Handler registered")
-	}
-}
-
-func TestCORSHandlerWithCustomValidator(t *testing.T) {
-	r := newRequest("GET", "http://a.example.com")
-	r.Header.Set("Origin", r.URL.String())
-	rr := httptest.NewRecorder()
-
-	testHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
-
-	originValidator := func(origin string) bool {
-		if strings.HasSuffix(origin, ".example.com") {
-			return true
-		}
-		return false
-	}
-
-	CORS(AllowedOriginValidator(originValidator))(testHandler).ServeHTTP(rr, r)
-	header := rr.HeaderMap.Get(corsAllowOriginHeader)
-	if header != r.URL.String() {
-		t.Fatalf("bad header: expected %s to be %s, got %s.", corsAllowOriginHeader, r.URL.String(), header)
-	}
-
-}

vendor/github.com/gorilla/handlers/doc.go

@@ -1,9 +0,0 @@
-/*
-Package handlers is a collection of handlers (aka "HTTP middleware") for use
-with Go's net/http package (or any framework supporting http.Handler).
-
-The package includes handlers for logging in standardised formats, compressing
-HTTP responses, validating content types and other useful tools for manipulating
-requests and responses.
-*/
-package handlers

vendor/github.com/gorilla/handlers/handlers.go

@@ -1,399 +0,0 @@
-// Copyright 2013 The Gorilla Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package handlers
-
-import (
-	"bufio"
-	"fmt"
-	"io"
-	"net"
-	"net/http"
-	"net/url"
-	"sort"
-	"strconv"
-	"strings"
-	"time"
-	"unicode/utf8"
-)
-
-// MethodHandler is an http.Handler that dispatches to a handler whose key in the
-// MethodHandler's map matches the name of the HTTP request's method, eg: GET
-//
-// If the request's method is OPTIONS and OPTIONS is not a key in the map then
-// the handler responds with a status of 200 and sets the Allow header to a
-// comma-separated list of available methods.
-//
-// If the request's method doesn't match any of its keys the handler responds
-// with a status of HTTP 405 "Method Not Allowed" and sets the Allow header to a
-// comma-separated list of available methods.
-type MethodHandler map[string]http.Handler
-
-func (h MethodHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
-	if handler, ok := h[req.Method]; ok {
-		handler.ServeHTTP(w, req)
-	} else {
-		allow := []string{}
-		for k := range h {
-			allow = append(allow, k)
-		}
-		sort.Strings(allow)
-		w.Header().Set("Allow", strings.Join(allow, ", "))
-		if req.Method == "OPTIONS" {
-			w.WriteHeader(http.StatusOK)
-		} else {
-			http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
-		}
-	}
-}
-
-// loggingHandler is the http.Handler implementation for LoggingHandlerTo and its
-// friends
-type loggingHandler struct {
-	writer  io.Writer
-	handler http.Handler
-}
-
-// combinedLoggingHandler is the http.Handler implementation for LoggingHandlerTo
-// and its friends
-type combinedLoggingHandler struct {
-	writer  io.Writer
-	handler http.Handler
-}
-
-func (h loggingHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
-	t := time.Now()
-	logger := makeLogger(w)
-	url := *req.URL
-	h.handler.ServeHTTP(logger, req)
-	writeLog(h.writer, req, url, t, logger.Status(), logger.Size())
-}
-
-func (h combinedLoggingHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
-	t := time.Now()
-	logger := makeLogger(w)
-	url := *req.URL
-	h.handler.ServeHTTP(logger, req)
-	writeCombinedLog(h.writer, req, url, t, logger.Status(), logger.Size())
-}
-
-func makeLogger(w http.ResponseWriter) loggingResponseWriter {
-	var logger loggingResponseWriter = &responseLogger{w: w, status: http.StatusOK}
-	if _, ok := w.(http.Hijacker); ok {
-		logger = &hijackLogger{responseLogger{w: w, status: http.StatusOK}}
-	}
-	h, ok1 := logger.(http.Hijacker)
-	c, ok2 := w.(http.CloseNotifier)
-	if ok1 && ok2 {
-		return hijackCloseNotifier{logger, h, c}
-	}
-	if ok2 {
-		return &closeNotifyWriter{logger, c}
-	}
-	return logger
-}
-
-type commonLoggingResponseWriter interface {
-	http.ResponseWriter
-	http.Flusher
-	Status() int
-	Size() int
-}
-
-// responseLogger is wrapper of http.ResponseWriter that keeps track of its HTTP
-// status code and body size
-type responseLogger struct {
-	w      http.ResponseWriter
-	status int
-	size   int
-}
-
-func (l *responseLogger) Header() http.Header {
-	return l.w.Header()
-}
-
-func (l *responseLogger) Write(b []byte) (int, error) {
-	size, err := l.w.Write(b)
-	l.size += size
-	return size, err
-}
-
-func (l *responseLogger) WriteHeader(s int) {
-	l.w.WriteHeader(s)
-	l.status = s
-}
-
-func (l *responseLogger) Status() int {
-	return l.status
-}
-
-func (l *responseLogger) Size() int {
-	return l.size
-}
-
-func (l *responseLogger) Flush() {
-	f, ok := l.w.(http.Flusher)
-	if ok {
-		f.Flush()
-	}
-}
-
-type hijackLogger struct {
-	responseLogger
-}
-
-func (l *hijackLogger) Hijack() (net.Conn, *bufio.ReadWriter, error) {
-	h := l.responseLogger.w.(http.Hijacker)
-	conn, rw, err := h.Hijack()
-	if err == nil && l.responseLogger.status == 0 {
-		// The status will be StatusSwitchingProtocols if there was no error and
-		// WriteHeader has not been called yet
-		l.responseLogger.status = http.StatusSwitchingProtocols
-	}
-	return conn, rw, err
-}
-
-type closeNotifyWriter struct {
-	loggingResponseWriter
-	http.CloseNotifier
-}
-
-type hijackCloseNotifier struct {
-	loggingResponseWriter
-	http.Hijacker
-	http.CloseNotifier
-}
-
-const lowerhex = "0123456789abcdef"
-
-func appendQuoted(buf []byte, s string) []byte {
-	var runeTmp [utf8.UTFMax]byte
-	for width := 0; len(s) > 0; s = s[width:] {
-		r := rune(s[0])
-		width = 1
-		if r >= utf8.RuneSelf {
-			r, width = utf8.DecodeRuneInString(s)
-		}
-		if width == 1 && r == utf8.RuneError {
-			buf = append(buf, `\x`...)
-			buf = append(buf, lowerhex[s[0]>>4])
-			buf = append(buf, lowerhex[s[0]&0xF])
-			continue
-		}
-		if r == rune('"') || r == '\\' { // always backslashed
-			buf = append(buf, '\\')
-			buf = append(buf, byte(r))
-			continue
-		}
-		if strconv.IsPrint(r) {
-			n := utf8.EncodeRune(runeTmp[:], r)
-			buf = append(buf, runeTmp[:n]...)
-			continue
-		}
-		switch r {
-		case '\a':
-			buf = append(buf, `\a`...)
-		case '\b':
-			buf = append(buf, `\b`...)
-		case '\f':
-			buf = append(buf, `\f`...)
-		case '\n':
-			buf = append(buf, `\n`...)
-		case '\r':
-			buf = append(buf, `\r`...)
-		case '\t':
-			buf = append(buf, `\t`...)
-		case '\v':
-			buf = append(buf, `\v`...)
-		default:
-			switch {
-			case r < ' ':
-				buf = append(buf, `\x`...)
-				buf = append(buf, lowerhex[s[0]>>4])
-				buf = append(buf, lowerhex[s[0]&0xF])
-			case r > utf8.MaxRune:
-				r = 0xFFFD
-				fallthrough
-			case r < 0x10000:
-				buf = append(buf, `\u`...)
-				for s := 12; s >= 0; s -= 4 {
-					buf = append(buf, lowerhex[r>>uint(s)&0xF])
-				}
-			default:
-				buf = append(buf, `\U`...)
-				for s := 28; s >= 0; s -= 4 {
-					buf = append(buf, lowerhex[r>>uint(s)&0xF])
-				}
-			}
-		}
-	}
-	return buf
-
-}
-
-// buildCommonLogLine builds a log entry for req in Apache Common Log Format.
-// ts is the timestamp with which the entry should be logged.
-// status and size are used to provide the response HTTP status and size.
-func buildCommonLogLine(req *http.Request, url url.URL, ts time.Time, status int, size int) []byte {
-	username := "-"
-	if url.User != nil {
-		if name := url.User.Username(); name != "" {
-			username = name
-		}
-	}
-
-	host, _, err := net.SplitHostPort(req.RemoteAddr)
-
-	if err != nil {
-		host = req.RemoteAddr
-	}
-
-	uri := req.RequestURI
-
-	// Requests using the CONNECT method over HTTP/2.0 must use
-	// the authority field (aka r.Host) to identify the target.
-	// Refer: https://httpwg.github.io/specs/rfc7540.html#CONNECT
-	if req.ProtoMajor == 2 && req.Method == "CONNECT" {
-		uri = req.Host
-	}
-	if uri == "" {
-		uri = url.RequestURI()
-	}
-
-	buf := make([]byte, 0, 3*(len(host)+len(username)+len(req.Method)+len(uri)+len(req.Proto)+50)/2)
-	buf = append(buf, host...)
-	buf = append(buf, " - "...)
-	buf = append(buf, username...)
-	buf = append(buf, " ["...)
-	buf = append(buf, ts.Format("02/Jan/2006:15:04:05 -0700")...)
-	buf = append(buf, `] "`...)
-	buf = append(buf, req.Method...)
-	buf = append(buf, " "...)
-	buf = appendQuoted(buf, uri)
-	buf = append(buf, " "...)
-	buf = append(buf, req.Proto...)
-	buf = append(buf, `" `...)
-	buf = append(buf, strconv.Itoa(status)...)
-	buf = append(buf, " "...)
-	buf = append(buf, strconv.Itoa(size)...)
-	return buf
-}
-
-// writeLog writes a log entry for req to w in Apache Common Log Format.
-// ts is the timestamp with which the entry should be logged.
-// status and size are used to provide the response HTTP status and size.
-func writeLog(w io.Writer, req *http.Request, url url.URL, ts time.Time, status, size int) {
-	buf := buildCommonLogLine(req, url, ts, status, size)
-	buf = append(buf, '\n')
-	w.Write(buf)
-}
-
-// writeCombinedLog writes a log entry for req to w in Apache Combined Log Format.
-// ts is the timestamp with which the entry should be logged.
-// status and size are used to provide the response HTTP status and size.
-func writeCombinedLog(w io.Writer, req *http.Request, url url.URL, ts time.Time, status, size int) {
-	buf := buildCommonLogLine(req, url, ts, status, size)
-	buf = append(buf, ` "`...)
-	buf = appendQuoted(buf, req.Referer())
-	buf = append(buf, `" "`...)
-	buf = appendQuoted(buf, req.UserAgent())
-	buf = append(buf, '"', '\n')
-	w.Write(buf)
-}
-
-// CombinedLoggingHandler return a http.Handler that wraps h and logs requests to out in
-// Apache Combined Log Format.
-//
-// See http://httpd.apache.org/docs/2.2/logs.html#combined for a description of this format.
-//
-// LoggingHandler always sets the ident field of the log to -
-func CombinedLoggingHandler(out io.Writer, h http.Handler) http.Handler {
-	return combinedLoggingHandler{out, h}
-}
-
-// LoggingHandler return a http.Handler that wraps h and logs requests to out in
-// Apache Common Log Format (CLF).
-//
-// See http://httpd.apache.org/docs/2.2/logs.html#common for a description of this format.
-//
-// LoggingHandler always sets the ident field of the log to -
-//
-// Example:
-//
-//  r := mux.NewRouter()
-//  r.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
-//  	w.Write([]byte("This is a catch-all route"))
-//  })
-//  loggedRouter := handlers.LoggingHandler(os.Stdout, r)
-//  http.ListenAndServe(":1123", loggedRouter)
-//
-func LoggingHandler(out io.Writer, h http.Handler) http.Handler {
-	return loggingHandler{out, h}
-}
-
-// isContentType validates the Content-Type header matches the supplied
-// contentType. That is, its type and subtype match.
-func isContentType(h http.Header, contentType string) bool {
-	ct := h.Get("Content-Type")
-	if i := strings.IndexRune(ct, ';'); i != -1 {
-		ct = ct[0:i]
-	}
-	return ct == contentType
-}
-
-// ContentTypeHandler wraps and returns a http.Handler, validating the request
-// content type is compatible with the contentTypes list. It writes a HTTP 415
-// error if that fails.
-//
-// Only PUT, POST, and PATCH requests are considered.
-func ContentTypeHandler(h http.Handler, contentTypes ...string) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if !(r.Method == "PUT" || r.Method == "POST" || r.Method == "PATCH") {
-			h.ServeHTTP(w, r)
-			return
-		}
-
-		for _, ct := range contentTypes {
-			if isContentType(r.Header, ct) {
-				h.ServeHTTP(w, r)
-				return
-			}
-		}
-		http.Error(w, fmt.Sprintf("Unsupported content type %q; expected one of %q", r.Header.Get("Content-Type"), contentTypes), http.StatusUnsupportedMediaType)
-	})
-}
-
-const (
-	// HTTPMethodOverrideHeader is a commonly used
-	// http header to override a request method.
-	HTTPMethodOverrideHeader = "X-HTTP-Method-Override"
-	// HTTPMethodOverrideFormKey is a commonly used
-	// HTML form key to override a request method.
-	HTTPMethodOverrideFormKey = "_method"
-)
-
-// HTTPMethodOverrideHandler wraps and returns a http.Handler which checks for
-// the X-HTTP-Method-Override header or the _method form key, and overrides (if
-// valid) request.Method with its value.
-//
-// This is especially useful for HTTP clients that don't support many http verbs.
-// It isn't secure to override e.g a GET to a POST, so only POST requests are
-// considered.  Likewise, the override method can only be a "write" method: PUT,
-// PATCH or DELETE.
-//
-// Form method takes precedence over header method.
-func HTTPMethodOverrideHandler(h http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if r.Method == "POST" {
-			om := r.FormValue(HTTPMethodOverrideFormKey)
-			if om == "" {
-				om = r.Header.Get(HTTPMethodOverrideHeader)
-			}
-			if om == "PUT" || om == "PATCH" || om == "DELETE" {
-				r.Method = om
-			}
-		}
-		h.ServeHTTP(w, r)
-	})
-}

vendor/github.com/gorilla/handlers/handlers_go18.go

@@ -1,21 +0,0 @@
-// +build go1.8
-
-package handlers
-
-import (
-	"fmt"
-	"net/http"
-)
-
-type loggingResponseWriter interface {
-	commonLoggingResponseWriter
-	http.Pusher
-}
-
-func (l *responseLogger) Push(target string, opts *http.PushOptions) error {
-	p, ok := l.w.(http.Pusher)
-	if !ok {
-		return fmt.Errorf("responseLogger does not implement http.Pusher")
-	}
-	return p.Push(target, opts)
-}

vendor/github.com/gorilla/handlers/handlers_go18_test.go

@@ -1,34 +0,0 @@
-// +build go1.8
-
-package handlers
-
-import (
-	"io/ioutil"
-	"net/http"
-	"net/http/httptest"
-	"testing"
-)
-
-func TestLoggingHandlerWithPush(t *testing.T) {
-	handler := http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
-		if _, ok := w.(http.Pusher); !ok {
-			t.Fatalf("%T from LoggingHandler does not satisfy http.Pusher interface when built with Go >=1.8", w)
-		}
-		w.WriteHeader(200)
-	})
-
-	logger := LoggingHandler(ioutil.Discard, handler)
-	logger.ServeHTTP(httptest.NewRecorder(), newRequest("GET", "/"))
-}
-
-func TestCombinedLoggingHandlerWithPush(t *testing.T) {
-	handler := http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
-		if _, ok := w.(http.Pusher); !ok {
-			t.Fatalf("%T from CombinedLoggingHandler does not satisfy http.Pusher interface when built with Go >=1.8", w)
-		}
-		w.WriteHeader(200)
-	})
-
-	logger := CombinedLoggingHandler(ioutil.Discard, handler)
-	logger.ServeHTTP(httptest.NewRecorder(), newRequest("GET", "/"))
-}

vendor/github.com/gorilla/handlers/handlers_pre18.go

@@ -1,7 +0,0 @@
-// +build !go1.8
-
-package handlers
-
-type loggingResponseWriter interface {
-	commonLoggingResponseWriter
-}

vendor/github.com/gorilla/handlers/handlers_test.go

@@ -1,378 +0,0 @@
-// Copyright 2013 The Gorilla Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package handlers
-
-import (
-	"bytes"
-	"net"
-	"net/http"
-	"net/http/httptest"
-	"net/url"
-	"strings"
-	"testing"
-	"time"
-)
-
-const (
-	ok         = "ok\n"
-	notAllowed = "Method not allowed\n"
-)
-
-var okHandler = http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
-	w.Write([]byte(ok))
-})
-
-func newRequest(method, url string) *http.Request {
-	req, err := http.NewRequest(method, url, nil)
-	if err != nil {
-		panic(err)
-	}
-	return req
-}
-
-func TestMethodHandler(t *testing.T) {
-	tests := []struct {
-		req     *http.Request
-		handler http.Handler
-		code    int
-		allow   string // Contents of the Allow header
-		body    string
-	}{
-		// No handlers
-		{newRequest("GET", "/foo"), MethodHandler{}, http.StatusMethodNotAllowed, "", notAllowed},
-		{newRequest("OPTIONS", "/foo"), MethodHandler{}, http.StatusOK, "", ""},
-
-		// A single handler
-		{newRequest("GET", "/foo"), MethodHandler{"GET": okHandler}, http.StatusOK, "", ok},
-		{newRequest("POST", "/foo"), MethodHandler{"GET": okHandler}, http.StatusMethodNotAllowed, "GET", notAllowed},
-
-		// Multiple handlers
-		{newRequest("GET", "/foo"), MethodHandler{"GET": okHandler, "POST": okHandler}, http.StatusOK, "", ok},
-		{newRequest("POST", "/foo"), MethodHandler{"GET": okHandler, "POST": okHandler}, http.StatusOK, "", ok},
-		{newRequest("DELETE", "/foo"), MethodHandler{"GET": okHandler, "POST": okHandler}, http.StatusMethodNotAllowed, "GET, POST", notAllowed},
-		{newRequest("OPTIONS", "/foo"), MethodHandler{"GET": okHandler, "POST": okHandler}, http.StatusOK, "GET, POST", ""},
-
-		// Override OPTIONS
-		{newRequest("OPTIONS", "/foo"), MethodHandler{"OPTIONS": okHandler}, http.StatusOK, "", ok},
-	}
-
-	for i, test := range tests {
-		rec := httptest.NewRecorder()
-		test.handler.ServeHTTP(rec, test.req)
-		if rec.Code != test.code {
-			t.Fatalf("%d: wrong code, got %d want %d", i, rec.Code, test.code)
-		}
-		if allow := rec.HeaderMap.Get("Allow"); allow != test.allow {
-			t.Fatalf("%d: wrong Allow, got %s want %s", i, allow, test.allow)
-		}
-		if body := rec.Body.String(); body != test.body {
-			t.Fatalf("%d: wrong body, got %q want %q", i, body, test.body)
-		}
-	}
-}
-
-func TestMakeLogger(t *testing.T) {
-	rec := httptest.NewRecorder()
-	logger := makeLogger(rec)
-	// initial status
-	if logger.Status() != http.StatusOK {
-		t.Fatalf("wrong status, got %d want %d", logger.Status(), http.StatusOK)
-	}
-	// WriteHeader
-	logger.WriteHeader(http.StatusInternalServerError)
-	if logger.Status() != http.StatusInternalServerError {
-		t.Fatalf("wrong status, got %d want %d", logger.Status(), http.StatusInternalServerError)
-	}
-	// Write
-	logger.Write([]byte(ok))
-	if logger.Size() != len(ok) {
-		t.Fatalf("wrong size, got %d want %d", logger.Size(), len(ok))
-	}
-	// Header
-	logger.Header().Set("key", "value")
-	if val := logger.Header().Get("key"); val != "value" {
-		t.Fatalf("wrong header, got %s want %s", val, "value")
-	}
-}
-
-func TestWriteLog(t *testing.T) {
-	loc, err := time.LoadLocation("Europe/Warsaw")
-	if err != nil {
-		panic(err)
-	}
-	ts := time.Date(1983, 05, 26, 3, 30, 45, 0, loc)
-
-	// A typical request with an OK response
-	req := newRequest("GET", "http://example.com")
-	req.RemoteAddr = "192.168.100.5"
-
-	buf := new(bytes.Buffer)
-	writeLog(buf, req, *req.URL, ts, http.StatusOK, 100)
-	log := buf.String()
-
-	expected := "192.168.100.5 - - [26/May/1983:03:30:45 +0200] \"GET / HTTP/1.1\" 200 100\n"
-	if log != expected {
-		t.Fatalf("wrong log, got %q want %q", log, expected)
-	}
-
-	// CONNECT request over http/2.0
-	req = &http.Request{
-		Method:     "CONNECT",
-		Proto:      "HTTP/2.0",
-		ProtoMajor: 2,
-		ProtoMinor: 0,
-		URL:        &url.URL{Host: "www.example.com:443"},
-		Host:       "www.example.com:443",
-		RemoteAddr: "192.168.100.5",
-	}
-
-	buf = new(bytes.Buffer)
-	writeLog(buf, req, *req.URL, ts, http.StatusOK, 100)
-	log = buf.String()
-
-	expected = "192.168.100.5 - - [26/May/1983:03:30:45 +0200] \"CONNECT www.example.com:443 HTTP/2.0\" 200 100\n"
-	if log != expected {
-		t.Fatalf("wrong log, got %q want %q", log, expected)
-	}
-
-	// Request with an unauthorized user
-	req = newRequest("GET", "http://example.com")
-	req.RemoteAddr = "192.168.100.5"
-	req.URL.User = url.User("kamil")
-
-	buf.Reset()
-	writeLog(buf, req, *req.URL, ts, http.StatusUnauthorized, 500)
-	log = buf.String()
-
-	expected = "192.168.100.5 - kamil [26/May/1983:03:30:45 +0200] \"GET / HTTP/1.1\" 401 500\n"
-	if log != expected {
-		t.Fatalf("wrong log, got %q want %q", log, expected)
-	}
-
-	// Request with url encoded parameters
-	req = newRequest("GET", "http://example.com/test?abc=hello%20world&a=b%3F")
-	req.RemoteAddr = "192.168.100.5"
-
-	buf.Reset()
-	writeLog(buf, req, *req.URL, ts, http.StatusOK, 100)
-	log = buf.String()
-
-	expected = "192.168.100.5 - - [26/May/1983:03:30:45 +0200] \"GET /test?abc=hello%20world&a=b%3F HTTP/1.1\" 200 100\n"
-	if log != expected {
-		t.Fatalf("wrong log, got %q want %q", log, expected)
-	}
-}
-
-func TestWriteCombinedLog(t *testing.T) {
-	loc, err := time.LoadLocation("Europe/Warsaw")
-	if err != nil {
-		panic(err)
-	}
-	ts := time.Date(1983, 05, 26, 3, 30, 45, 0, loc)
-
-	// A typical request with an OK response
-	req := newRequest("GET", "http://example.com")
-	req.RemoteAddr = "192.168.100.5"
-	req.Header.Set("Referer", "http://example.com")
-	req.Header.Set(
-		"User-Agent",
-		"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.33 "+
-			"(KHTML, like Gecko) Chrome/27.0.1430.0 Safari/537.33",
-	)
-
-	buf := new(bytes.Buffer)
-	writeCombinedLog(buf, req, *req.URL, ts, http.StatusOK, 100)
-	log := buf.String()
-
-	expected := "192.168.100.5 - - [26/May/1983:03:30:45 +0200] \"GET / HTTP/1.1\" 200 100 \"http://example.com\" " +
-		"\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) " +
-		"AppleWebKit/537.33 (KHTML, like Gecko) Chrome/27.0.1430.0 Safari/537.33\"\n"
-	if log != expected {
-		t.Fatalf("wrong log, got %q want %q", log, expected)
-	}
-
-	// CONNECT request over http/2.0
-	req1 := &http.Request{
-		Method:     "CONNECT",
-		Host:       "www.example.com:443",
-		Proto:      "HTTP/2.0",
-		ProtoMajor: 2,
-		ProtoMinor: 0,
-		RemoteAddr: "192.168.100.5",
-		Header:     http.Header{},
-		URL:        &url.URL{Host: "www.example.com:443"},
-	}
-	req1.Header.Set("Referer", "http://example.com")
-	req1.Header.Set(
-		"User-Agent",
-		"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.33 "+
-			"(KHTML, like Gecko) Chrome/27.0.1430.0 Safari/537.33",
-	)
-
-	buf = new(bytes.Buffer)
-	writeCombinedLog(buf, req1, *req1.URL, ts, http.StatusOK, 100)
-	log = buf.String()
-
-	expected = "192.168.100.5 - - [26/May/1983:03:30:45 +0200] \"CONNECT www.example.com:443 HTTP/2.0\" 200 100 \"http://example.com\" " +
-		"\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) " +
-		"AppleWebKit/537.33 (KHTML, like Gecko) Chrome/27.0.1430.0 Safari/537.33\"\n"
-	if log != expected {
-		t.Fatalf("wrong log, got %q want %q", log, expected)
-	}
-
-	// Request with an unauthorized user
-	req.URL.User = url.User("kamil")
-
-	buf.Reset()
-	writeCombinedLog(buf, req, *req.URL, ts, http.StatusUnauthorized, 500)
-	log = buf.String()
-
-	expected = "192.168.100.5 - kamil [26/May/1983:03:30:45 +0200] \"GET / HTTP/1.1\" 401 500 \"http://example.com\" " +
-		"\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) " +
-		"AppleWebKit/537.33 (KHTML, like Gecko) Chrome/27.0.1430.0 Safari/537.33\"\n"
-	if log != expected {
-		t.Fatalf("wrong log, got %q want %q", log, expected)
-	}
-
-	// Test with remote ipv6 address
-	req.RemoteAddr = "::1"
-
-	buf.Reset()
-	writeCombinedLog(buf, req, *req.URL, ts, http.StatusOK, 100)
-	log = buf.String()
-
-	expected = "::1 - kamil [26/May/1983:03:30:45 +0200] \"GET / HTTP/1.1\" 200 100 \"http://example.com\" " +
-		"\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) " +
-		"AppleWebKit/537.33 (KHTML, like Gecko) Chrome/27.0.1430.0 Safari/537.33\"\n"
-	if log != expected {
-		t.Fatalf("wrong log, got %q want %q", log, expected)
-	}
-
-	// Test remote ipv6 addr, with port
-	req.RemoteAddr = net.JoinHostPort("::1", "65000")
-
-	buf.Reset()
-	writeCombinedLog(buf, req, *req.URL, ts, http.StatusOK, 100)
-	log = buf.String()
-
-	expected = "::1 - kamil [26/May/1983:03:30:45 +0200] \"GET / HTTP/1.1\" 200 100 \"http://example.com\" " +
-		"\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) " +
-		"AppleWebKit/537.33 (KHTML, like Gecko) Chrome/27.0.1430.0 Safari/537.33\"\n"
-	if log != expected {
-		t.Fatalf("wrong log, got %q want %q", log, expected)
-	}
-}
-
-func TestLogPathRewrites(t *testing.T) {
-	var buf bytes.Buffer
-
-	handler := http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
-		req.URL.Path = "/" // simulate http.StripPrefix and friends
-		w.WriteHeader(200)
-	})
-	logger := LoggingHandler(&buf, handler)
-
-	logger.ServeHTTP(httptest.NewRecorder(), newRequest("GET", "/subdir/asdf"))
-
-	if !strings.Contains(buf.String(), "GET /subdir/asdf HTTP") {
-		t.Fatalf("Got log %#v, wanted substring %#v", buf.String(), "GET /subdir/asdf HTTP")
-	}
-}
-
-func BenchmarkWriteLog(b *testing.B) {
-	loc, err := time.LoadLocation("Europe/Warsaw")
-	if err != nil {
-		b.Fatalf(err.Error())
-	}
-	ts := time.Date(1983, 05, 26, 3, 30, 45, 0, loc)
-
-	req := newRequest("GET", "http://example.com")
-	req.RemoteAddr = "192.168.100.5"
-
-	b.ResetTimer()
-
-	buf := &bytes.Buffer{}
-	for i := 0; i < b.N; i++ {
-		buf.Reset()
-		writeLog(buf, req, *req.URL, ts, http.StatusUnauthorized, 500)
-	}
-}
-
-func TestContentTypeHandler(t *testing.T) {
-	tests := []struct {
-		Method            string
-		AllowContentTypes []string
-		ContentType       string
-		Code              int
-	}{
-		{"POST", []string{"application/json"}, "application/json", http.StatusOK},
-		{"POST", []string{"application/json", "application/xml"}, "application/json", http.StatusOK},
-		{"POST", []string{"application/json"}, "application/json; charset=utf-8", http.StatusOK},
-		{"POST", []string{"application/json"}, "application/json+xxx", http.StatusUnsupportedMediaType},
-		{"POST", []string{"application/json"}, "text/plain", http.StatusUnsupportedMediaType},
-		{"GET", []string{"application/json"}, "", http.StatusOK},
-		{"GET", []string{}, "", http.StatusOK},
-	}
-	for _, test := range tests {
-		r, err := http.NewRequest(test.Method, "/", nil)
-		if err != nil {
-			t.Error(err)
-			continue
-		}
-
-		h := ContentTypeHandler(okHandler, test.AllowContentTypes...)
-		r.Header.Set("Content-Type", test.ContentType)
-		w := httptest.NewRecorder()
-		h.ServeHTTP(w, r)
-		if w.Code != test.Code {
-			t.Errorf("expected %d, got %d", test.Code, w.Code)
-		}
-	}
-}
-
-func TestHTTPMethodOverride(t *testing.T) {
-	var tests = []struct {
-		Method         string
-		OverrideMethod string
-		ExpectedMethod string
-	}{
-		{"POST", "PUT", "PUT"},
-		{"POST", "PATCH", "PATCH"},
-		{"POST", "DELETE", "DELETE"},
-		{"PUT", "DELETE", "PUT"},
-		{"GET", "GET", "GET"},
-		{"HEAD", "HEAD", "HEAD"},
-		{"GET", "PUT", "GET"},
-		{"HEAD", "DELETE", "HEAD"},
-	}
-
-	for _, test := range tests {
-		h := HTTPMethodOverrideHandler(okHandler)
-		reqs := make([]*http.Request, 0, 2)
-
-		rHeader, err := http.NewRequest(test.Method, "/", nil)
-		if err != nil {
-			t.Error(err)
-		}
-		rHeader.Header.Set(HTTPMethodOverrideHeader, test.OverrideMethod)
-		reqs = append(reqs, rHeader)
-
-		f := url.Values{HTTPMethodOverrideFormKey: []string{test.OverrideMethod}}
-		rForm, err := http.NewRequest(test.Method, "/", strings.NewReader(f.Encode()))
-		if err != nil {
-			t.Error(err)
-		}
-		rForm.Header.Set("Content-Type", "application/x-www-form-urlencoded")
-		reqs = append(reqs, rForm)
-
-		for _, r := range reqs {
-			w := httptest.NewRecorder()
-			h.ServeHTTP(w, r)
-			if r.Method != test.ExpectedMethod {
-				t.Errorf("Expected %s, got %s", test.ExpectedMethod, r.Method)
-			}
-		}
-	}
-}

vendor/github.com/gorilla/handlers/proxy_headers.go

@@ -1,120 +0,0 @@
-package handlers
-
-import (
-	"net/http"
-	"regexp"
-	"strings"
-)
-
-var (
-	// De-facto standard header keys.
-	xForwardedFor    = http.CanonicalHeaderKey("X-Forwarded-For")
-	xForwardedHost   = http.CanonicalHeaderKey("X-Forwarded-Host")
-	xForwardedProto  = http.CanonicalHeaderKey("X-Forwarded-Proto")
-	xForwardedScheme = http.CanonicalHeaderKey("X-Forwarded-Scheme")
-	xRealIP          = http.CanonicalHeaderKey("X-Real-IP")
-)
-
-var (
-	// RFC7239 defines a new "Forwarded: " header designed to replace the
-	// existing use of X-Forwarded-* headers.
-	// e.g. Forwarded: for=192.0.2.60;proto=https;by=203.0.113.43
-	forwarded = http.CanonicalHeaderKey("Forwarded")
-	// Allows for a sub-match of the first value after 'for=' to the next
-	// comma, semi-colon or space. The match is case-insensitive.
-	forRegex = regexp.MustCompile(`(?i)(?:for=)([^(;|,| )]+)`)
-	// Allows for a sub-match for the first instance of scheme (http|https)
-	// prefixed by 'proto='. The match is case-insensitive.
-	protoRegex = regexp.MustCompile(`(?i)(?:proto=)(https|http)`)
-)
-
-// ProxyHeaders inspects common reverse proxy headers and sets the corresponding
-// fields in the HTTP request struct. These are X-Forwarded-For and X-Real-IP
-// for the remote (client) IP address, X-Forwarded-Proto or X-Forwarded-Scheme
-// for the scheme (http|https) and the RFC7239 Forwarded header, which may
-// include both client IPs and schemes.
-//
-// NOTE: This middleware should only be used when behind a reverse
-// proxy like nginx, HAProxy or Apache. Reverse proxies that don't (or are
-// configured not to) strip these headers from client requests, or where these
-// headers are accepted "as is" from a remote client (e.g. when Go is not behind
-// a proxy), can manifest as a vulnerability if your application uses these
-// headers for validating the 'trustworthiness' of a request.
-func ProxyHeaders(h http.Handler) http.Handler {
-	fn := func(w http.ResponseWriter, r *http.Request) {
-		// Set the remote IP with the value passed from the proxy.
-		if fwd := getIP(r); fwd != "" {
-			r.RemoteAddr = fwd
-		}
-
-		// Set the scheme (proto) with the value passed from the proxy.
-		if scheme := getScheme(r); scheme != "" {
-			r.URL.Scheme = scheme
-		}
-		// Set the host with the value passed by the proxy
-		if r.Header.Get(xForwardedHost) != "" {
-			r.Host = r.Header.Get(xForwardedHost)
-		}
-		// Call the next handler in the chain.
-		h.ServeHTTP(w, r)
-	}
-
-	return http.HandlerFunc(fn)
-}
-
-// getIP retrieves the IP from the X-Forwarded-For, X-Real-IP and RFC7239
-// Forwarded headers (in that order).
-func getIP(r *http.Request) string {
-	var addr string
-
-	if fwd := r.Header.Get(xForwardedFor); fwd != "" {
-		// Only grab the first (client) address. Note that '192.168.0.1,
-		// 10.1.1.1' is a valid key for X-Forwarded-For where addresses after
-		// the first may represent forwarding proxies earlier in the chain.
-		s := strings.Index(fwd, ", ")
-		if s == -1 {
-			s = len(fwd)
-		}
-		addr = fwd[:s]
-	} else if fwd := r.Header.Get(xRealIP); fwd != "" {
-		// X-Real-IP should only contain one IP address (the client making the
-		// request).
-		addr = fwd
-	} else if fwd := r.Header.Get(forwarded); fwd != "" {
-		// match should contain at least two elements if the protocol was
-		// specified in the Forwarded header. The first element will always be
-		// the 'for=' capture, which we ignore. In the case of multiple IP
-		// addresses (for=8.8.8.8, 8.8.4.4,172.16.1.20 is valid) we only
-		// extract the first, which should be the client IP.
-		if match := forRegex.FindStringSubmatch(fwd); len(match) > 1 {
-			// IPv6 addresses in Forwarded headers are quoted-strings. We strip
-			// these quotes.
-			addr = strings.Trim(match[1], `"`)
-		}
-	}
-
-	return addr
-}
-
-// getScheme retrieves the scheme from the X-Forwarded-Proto and RFC7239
-// Forwarded headers (in that order).
-func getScheme(r *http.Request) string {
-	var scheme string
-
-	// Retrieve the scheme from X-Forwarded-Proto.
-	if proto := r.Header.Get(xForwardedProto); proto != "" {
-		scheme = strings.ToLower(proto)
-	} else if proto = r.Header.Get(xForwardedScheme); proto != "" {
-		scheme = strings.ToLower(proto)
-	} else if proto = r.Header.Get(forwarded); proto != "" {
-		// match should contain at least two elements if the protocol was
-		// specified in the Forwarded header. The first element will always be
-		// the 'proto=' capture, which we ignore. In the case of multiple proto
-		// parameters (invalid) we only extract the first.
-		if match := protoRegex.FindStringSubmatch(proto); len(match) > 1 {
-			scheme = strings.ToLower(match[1])
-		}
-	}
-
-	return scheme
-}

vendor/github.com/gorilla/handlers/proxy_headers_test.go

@@ -1,111 +0,0 @@
-package handlers
-
-import (
-	"net/http"
-	"net/http/httptest"
-	"testing"
-)
-
-type headerTable struct {
-	key      string // header key
-	val      string // header val
-	expected string // expected result
-}
-
-func TestGetIP(t *testing.T) {
-	headers := []headerTable{
-		{xForwardedFor, "8.8.8.8", "8.8.8.8"},                                         // Single address
-		{xForwardedFor, "8.8.8.8, 8.8.4.4", "8.8.8.8"},                                // Multiple
-		{xForwardedFor, "[2001:db8:cafe::17]:4711", "[2001:db8:cafe::17]:4711"},       // IPv6 address
-		{xForwardedFor, "", ""},                                                       // None
-		{xRealIP, "8.8.8.8", "8.8.8.8"},                                               // Single address
-		{xRealIP, "8.8.8.8, 8.8.4.4", "8.8.8.8, 8.8.4.4"},                             // Multiple
-		{xRealIP, "[2001:db8:cafe::17]:4711", "[2001:db8:cafe::17]:4711"},             // IPv6 address
-		{xRealIP, "", ""},                                                             // None
-		{forwarded, `for="_gazonk"`, "_gazonk"},                                       // Hostname
-		{forwarded, `For="[2001:db8:cafe::17]:4711`, `[2001:db8:cafe::17]:4711`},      // IPv6 address
-		{forwarded, `for=192.0.2.60;proto=http;by=203.0.113.43`, `192.0.2.60`},        // Multiple params
-		{forwarded, `for=192.0.2.43, for=198.51.100.17`, "192.0.2.43"},                // Multiple params
-		{forwarded, `for="workstation.local",for=198.51.100.17`, "workstation.local"}, // Hostname
-	}
-
-	for _, v := range headers {
-		req := &http.Request{
-			Header: http.Header{
-				v.key: []string{v.val},
-			}}
-		res := getIP(req)
-		if res != v.expected {
-			t.Fatalf("wrong header for %s: got %s want %s", v.key, res,
-				v.expected)
-		}
-	}
-}
-
-func TestGetScheme(t *testing.T) {
-	headers := []headerTable{
-		{xForwardedProto, "https", "https"},
-		{xForwardedProto, "http", "http"},
-		{xForwardedProto, "HTTP", "http"},
-		{xForwardedScheme, "https", "https"},
-		{xForwardedScheme, "http", "http"},
-		{xForwardedScheme, "HTTP", "http"},
-		{forwarded, `For="[2001:db8:cafe::17]:4711`, ""},                      // No proto
-		{forwarded, `for=192.0.2.43, for=198.51.100.17;proto=https`, "https"}, // Multiple params before proto
-		{forwarded, `for=172.32.10.15; proto=https;by=127.0.0.1`, "https"},    // Space before proto
-		{forwarded, `for=192.0.2.60;proto=http;by=203.0.113.43`, "http"},      // Multiple params
-	}
-
-	for _, v := range headers {
-		req := &http.Request{
-			Header: http.Header{
-				v.key: []string{v.val},
-			},
-		}
-		res := getScheme(req)
-		if res != v.expected {
-			t.Fatalf("wrong header for %s: got %s want %s", v.key, res,
-				v.expected)
-		}
-	}
-}
-
-// Test the middleware end-to-end
-func TestProxyHeaders(t *testing.T) {
-	rr := httptest.NewRecorder()
-	r := newRequest("GET", "/")
-
-	r.Header.Set(xForwardedFor, "8.8.8.8")
-	r.Header.Set(xForwardedProto, "https")
-	r.Header.Set(xForwardedHost, "google.com")
-	var (
-		addr  string
-		proto string
-		host  string
-	)
-	ProxyHeaders(http.HandlerFunc(
-		func(w http.ResponseWriter, r *http.Request) {
-			addr = r.RemoteAddr
-			proto = r.URL.Scheme
-			host = r.Host
-		})).ServeHTTP(rr, r)
-
-	if rr.Code != http.StatusOK {
-		t.Fatalf("bad status: got %d want %d", rr.Code, http.StatusOK)
-	}
-
-	if addr != r.Header.Get(xForwardedFor) {
-		t.Fatalf("wrong address: got %s want %s", addr,
-			r.Header.Get(xForwardedFor))
-	}
-
-	if proto != r.Header.Get(xForwardedProto) {
-		t.Fatalf("wrong address: got %s want %s", proto,
-			r.Header.Get(xForwardedProto))
-	}
-	if host != r.Header.Get(xForwardedHost) {
-		t.Fatalf("wrong address: got %s want %s", host,
-			r.Header.Get(xForwardedHost))
-	}
-
-}

vendor/github.com/gorilla/handlers/recovery.go

@@ -1,91 +0,0 @@
-package handlers
-
-import (
-	"log"
-	"net/http"
-	"runtime/debug"
-)
-
-// RecoveryHandlerLogger is an interface used by the recovering handler to print logs.
-type RecoveryHandlerLogger interface {
-	Println(...interface{})
-}
-
-type recoveryHandler struct {
-	handler    http.Handler
-	logger     RecoveryHandlerLogger
-	printStack bool
-}
-
-// RecoveryOption provides a functional approach to define
-// configuration for a handler; such as setting the logging
-// whether or not to print strack traces on panic.
-type RecoveryOption func(http.Handler)
-
-func parseRecoveryOptions(h http.Handler, opts ...RecoveryOption) http.Handler {
-	for _, option := range opts {
-		option(h)
-	}
-
-	return h
-}
-
-// RecoveryHandler is HTTP middleware that recovers from a panic,
-// logs the panic, writes http.StatusInternalServerError, and
-// continues to the next handler.
-//
-// Example:
-//
-//  r := mux.NewRouter()
-//  r.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
-//  	panic("Unexpected error!")
-//  })
-//
-//  http.ListenAndServe(":1123", handlers.RecoveryHandler()(r))
-func RecoveryHandler(opts ...RecoveryOption) func(h http.Handler) http.Handler {
-	return func(h http.Handler) http.Handler {
-		r := &recoveryHandler{handler: h}
-		return parseRecoveryOptions(r, opts...)
-	}
-}
-
-// RecoveryLogger is a functional option to override
-// the default logger
-func RecoveryLogger(logger RecoveryHandlerLogger) RecoveryOption {
-	return func(h http.Handler) {
-		r := h.(*recoveryHandler)
-		r.logger = logger
-	}
-}
-
-// PrintRecoveryStack is a functional option to enable
-// or disable printing stack traces on panic.
-func PrintRecoveryStack(print bool) RecoveryOption {
-	return func(h http.Handler) {
-		r := h.(*recoveryHandler)
-		r.printStack = print
-	}
-}
-
-func (h recoveryHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
-	defer func() {
-		if err := recover(); err != nil {
-			w.WriteHeader(http.StatusInternalServerError)
-			h.log(err)
-		}
-	}()
-
-	h.handler.ServeHTTP(w, req)
-}
-
-func (h recoveryHandler) log(v ...interface{}) {
-	if h.logger != nil {
-		h.logger.Println(v...)
-	} else {
-		log.Println(v...)
-	}
-
-	if h.printStack {
-		debug.PrintStack()
-	}
-}

vendor/github.com/gorilla/handlers/recovery_test.go

@@ -1,44 +0,0 @@
-package handlers
-
-import (
-	"bytes"
-	"log"
-	"net/http"
-	"net/http/httptest"
-	"strings"
-	"testing"
-)
-
-func TestRecoveryLoggerWithDefaultOptions(t *testing.T) {
-	var buf bytes.Buffer
-	log.SetOutput(&buf)
-
-	handler := RecoveryHandler()
-	handlerFunc := http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
-		panic("Unexpected error!")
-	})
-
-	recovery := handler(handlerFunc)
-	recovery.ServeHTTP(httptest.NewRecorder(), newRequest("GET", "/subdir/asdf"))
-
-	if !strings.Contains(buf.String(), "Unexpected error!") {
-		t.Fatalf("Got log %#v, wanted substring %#v", buf.String(), "Unexpected error!")
-	}
-}
-
-func TestRecoveryLoggerWithCustomLogger(t *testing.T) {
-	var buf bytes.Buffer
-	var logger = log.New(&buf, "", log.LstdFlags)
-
-	handler := RecoveryHandler(RecoveryLogger(logger), PrintRecoveryStack(false))
-	handlerFunc := http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
-		panic("Unexpected error!")
-	})
-
-	recovery := handler(handlerFunc)
-	recovery.ServeHTTP(httptest.NewRecorder(), newRequest("GET", "/subdir/asdf"))
-
-	if !strings.Contains(buf.String(), "Unexpected error!") {
-		t.Fatalf("Got log %#v, wanted substring %#v", buf.String(), "Unexpected error!")
-	}
-}

vendor/github.com/inconshreveable/mousetrap/LICENSE

@@ -1,13 +0,0 @@
-Copyright 2014 Alan Shreve
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-   http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.

vendor/github.com/inconshreveable/mousetrap/README.md

@@ -1,23 +0,0 @@
-# mousetrap
-
-mousetrap is a tiny library that answers a single question.
-
-On a Windows machine, was the process invoked by someone double clicking on
-the executable file while browsing in explorer?
-
-### Motivation
-
-Windows developers unfamiliar with command line tools will often "double-click"
-the executable for a tool. Because most CLI tools print the help and then exit
-when invoked without arguments, this is often very frustrating for those users.
-
-mousetrap provides a way to detect these invocations so that you can provide
-more helpful behavior and instructions on how to run the CLI tool. To see what
-this looks like, both from an organizational and a technical perspective, see
-https://inconshreveable.com/09-09-2014/sweat-the-small-stuff/
-
-### The interface
-
-The library exposes a single interface:
-
-    func StartedByExplorer() (bool)

vendor/github.com/inconshreveable/mousetrap/trap_others.go

@@ -1,15 +0,0 @@
-// +build !windows
-
-package mousetrap
-
-// StartedByExplorer returns true if the program was invoked by the user
-// double-clicking on the executable from explorer.exe
-//
-// It is conservative and returns false if any of the internal calls fail.
-// It does not guarantee that the program was run from a terminal. It only can tell you
-// whether it was launched from explorer.exe
-//
-// On non-Windows platforms, it always returns false.
-func StartedByExplorer() bool {
-	return false
-}

vendor/github.com/inconshreveable/mousetrap/trap_windows.go

@@ -1,98 +0,0 @@
-// +build windows
-// +build !go1.4
-
-package mousetrap
-
-import (
-	"fmt"
-	"os"
-	"syscall"
-	"unsafe"
-)
-
-const (
-	// defined by the Win32 API
-	th32cs_snapprocess uintptr = 0x2
-)
-
-var (
-	kernel                   = syscall.MustLoadDLL("kernel32.dll")
-	CreateToolhelp32Snapshot = kernel.MustFindProc("CreateToolhelp32Snapshot")
-	Process32First           = kernel.MustFindProc("Process32FirstW")
-	Process32Next            = kernel.MustFindProc("Process32NextW")
-)
-
-// ProcessEntry32 structure defined by the Win32 API
-type processEntry32 struct {
-	dwSize              uint32
-	cntUsage            uint32
-	th32ProcessID       uint32
-	th32DefaultHeapID   int
-	th32ModuleID        uint32
-	cntThreads          uint32
-	th32ParentProcessID uint32
-	pcPriClassBase      int32
-	dwFlags             uint32
-	szExeFile           [syscall.MAX_PATH]uint16
-}
-
-func getProcessEntry(pid int) (pe *processEntry32, err error) {
-	snapshot, _, e1 := CreateToolhelp32Snapshot.Call(th32cs_snapprocess, uintptr(0))
-	if snapshot == uintptr(syscall.InvalidHandle) {
-		err = fmt.Errorf("CreateToolhelp32Snapshot: %v", e1)
-		return
-	}
-	defer syscall.CloseHandle(syscall.Handle(snapshot))
-
-	var processEntry processEntry32
-	processEntry.dwSize = uint32(unsafe.Sizeof(processEntry))
-	ok, _, e1 := Process32First.Call(snapshot, uintptr(unsafe.Pointer(&processEntry)))
-	if ok == 0 {
-		err = fmt.Errorf("Process32First: %v", e1)
-		return
-	}
-
-	for {
-		if processEntry.th32ProcessID == uint32(pid) {
-			pe = &processEntry
-			return
-		}
-
-		ok, _, e1 = Process32Next.Call(snapshot, uintptr(unsafe.Pointer(&processEntry)))
-		if ok == 0 {
-			err = fmt.Errorf("Process32Next: %v", e1)
-			return
-		}
-	}
-}
-
-func getppid() (pid int, err error) {
-	pe, err := getProcessEntry(os.Getpid())
-	if err != nil {
-		return
-	}
-
-	pid = int(pe.th32ParentProcessID)
-	return
-}
-
-// StartedByExplorer returns true if the program was invoked by the user double-clicking
-// on the executable from explorer.exe
-//
-// It is conservative and returns false if any of the internal calls fail.
-// It does not guarantee that the program was run from a terminal. It only can tell you
-// whether it was launched from explorer.exe
-func StartedByExplorer() bool {
-	ppid, err := getppid()
-	if err != nil {
-		return false
-	}
-
-	pe, err := getProcessEntry(ppid)
-	if err != nil {
-		return false
-	}
-
-	name := syscall.UTF16ToString(pe.szExeFile[:])
-	return name == "explorer.exe"
-}

vendor/github.com/inconshreveable/mousetrap/trap_windows_1.4.go

@@ -1,46 +0,0 @@
-// +build windows
-// +build go1.4
-
-package mousetrap
-
-import (
-	"os"
-	"syscall"
-	"unsafe"
-)
-
-func getProcessEntry(pid int) (*syscall.ProcessEntry32, error) {
-	snapshot, err := syscall.CreateToolhelp32Snapshot(syscall.TH32CS_SNAPPROCESS, 0)
-	if err != nil {
-		return nil, err
-	}
-	defer syscall.CloseHandle(snapshot)
-	var procEntry syscall.ProcessEntry32
-	procEntry.Size = uint32(unsafe.Sizeof(procEntry))
-	if err = syscall.Process32First(snapshot, &procEntry); err != nil {
-		return nil, err
-	}
-	for {
-		if procEntry.ProcessID == uint32(pid) {
-			return &procEntry, nil
-		}
-		err = syscall.Process32Next(snapshot, &procEntry)
-		if err != nil {
-			return nil, err
-		}
-	}
-}
-
-// StartedByExplorer returns true if the program was invoked by the user double-clicking
-// on the executable from explorer.exe
-//
-// It is conservative and returns false if any of the internal calls fail.
-// It does not guarantee that the program was run from a terminal. It only can tell you
-// whether it was launched from explorer.exe
-func StartedByExplorer() bool {
-	pe, err := getProcessEntry(os.Getppid())
-	if err != nil {
-		return false
-	}
-	return "explorer.exe" == syscall.UTF16ToString(pe.ExeFile[:])
-}

vendor/github.com/spf13/cobra/.gitignore

@@ -1,36 +0,0 @@
-# Compiled Object files, Static and Dynamic libs (Shared Objects)
-*.o
-*.a
-*.so
-
-# Folders
-_obj
-_test
-
-# Architecture specific extensions/prefixes
-*.[568vq]
-[568vq].out
-
-*.cgo1.go
-*.cgo2.c
-_cgo_defun.c
-_cgo_gotypes.go
-_cgo_export.*
-
-_testmain.go
-
-# Vim files https://github.com/github/gitignore/blob/master/Global/Vim.gitignore
-# swap
-[._]*.s[a-w][a-z]
-[._]s[a-w][a-z]
-# session
-Session.vim
-# temporary
-.netrwhist
-*~
-# auto-generated tag files
-tags
-
-*.exe
-
-cobra.test

vendor/github.com/spf13/cobra/.mailmap

@@ -1,3 +0,0 @@
-Steve Francia <steve.francia@gmail.com>
-Bjørn Erik Pedersen <bjorn.erik.pedersen@gmail.com>
-Fabiano Franz <ffranz@redhat.com>                   <contact@fabianofranz.com>

vendor/github.com/spf13/cobra/.travis.yml

@@ -1,21 +0,0 @@
-language: go
-
-matrix:
-  include:
-    - go: 1.7.5
-    - go: 1.8.1
-    - go: tip
-  allow_failures:
-    - go: tip
-
-before_install:
-  - mkdir -p bin
-  - curl -Lso bin/shellcheck https://github.com/caarlos0/shellcheck-docker/releases/download/v0.4.3/shellcheck
-  - chmod +x bin/shellcheck
-script:
-  - PATH=$PATH:$PWD/bin go test -v ./...
-  - go build
-  - diff -u <(echo -n) <(gofmt -d -s .)
-  - if [ -z $NOVET ]; then
-      diff -u <(echo -n) <(go tool vet . 2>&1 | grep -vE 'ExampleCommand|bash_completions.*Fprint');
-    fi

vendor/github.com/spf13/cobra/LICENSE.txt

@@ -1,174 +0,0 @@
-                                Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.

vendor/github.com/spf13/cobra/README.md

@@ -1,935 +0,0 @@
-![cobra logo](https://cloud.githubusercontent.com/assets/173412/10886352/ad566232-814f-11e5-9cd0-aa101788c117.png)
-
-Cobra is both a library for creating powerful modern CLI applications as well as a program to generate applications and command files.
-
-Many of the most widely used Go projects are built using Cobra including:
-
-* [Kubernetes](http://kubernetes.io/)
-* [Hugo](http://gohugo.io)
-* [rkt](https://github.com/coreos/rkt)
-* [etcd](https://github.com/coreos/etcd)
-* [Moby (former Docker)](https://github.com/moby/moby)
-* [Docker (distribution)](https://github.com/docker/distribution)
-* [OpenShift](https://www.openshift.com/)
-* [Delve](https://github.com/derekparker/delve)
-* [GopherJS](http://www.gopherjs.org/)
-* [CockroachDB](http://www.cockroachlabs.com/)
-* [Bleve](http://www.blevesearch.com/)
-* [ProjectAtomic (enterprise)](http://www.projectatomic.io/)
-* [GiantSwarm's swarm](https://github.com/giantswarm/cli)
-* [Nanobox](https://github.com/nanobox-io/nanobox)/[Nanopack](https://github.com/nanopack)
-* [rclone](http://rclone.org/)
-
-
-[![Build Status](https://travis-ci.org/spf13/cobra.svg "Travis CI status")](https://travis-ci.org/spf13/cobra)
-[![CircleCI status](https://circleci.com/gh/spf13/cobra.png?circle-token=:circle-token "CircleCI status")](https://circleci.com/gh/spf13/cobra)
-[![GoDoc](https://godoc.org/github.com/spf13/cobra?status.svg)](https://godoc.org/github.com/spf13/cobra)
-
-![cobra](https://cloud.githubusercontent.com/assets/173412/10911369/84832a8e-8212-11e5-9f82-cc96660a4794.gif)
-
-# Overview
-
-Cobra is a library providing a simple interface to create powerful modern CLI
-interfaces similar to git & go tools.
-
-Cobra is also an application that will generate your application scaffolding to rapidly
-develop a Cobra-based application.
-
-Cobra provides:
-* Easy subcommand-based CLIs: `app server`, `app fetch`, etc.
-* Fully POSIX-compliant flags (including short & long versions)
-* Nested subcommands
-* Global, local and cascading flags
-* Easy generation of applications & commands with `cobra init appname` & `cobra add cmdname`
-* Intelligent suggestions (`app srver`... did you mean `app server`?)
-* Automatic help generation for commands and flags
-* Automatic detailed help for `app help [command]`
-* Automatic help flag recognition of `-h`, `--help`, etc.
-* Automatically generated bash autocomplete for your application
-* Automatically generated man pages for your application
-* Command aliases so you can change things without breaking them
-* The flexibility to define your own help, usage, etc.
-* Optional tight integration with [viper](http://github.com/spf13/viper) for 12-factor apps
-
-Cobra has an exceptionally clean interface and simple design without needless
-constructors or initialization methods.
-
-Applications built with Cobra commands are designed to be as user-friendly as
-possible. Flags can be placed before or after the command (as long as a
-confusing space isn’t provided). Both short and long flags can be used. A
-command need not even be fully typed.  Help is automatically generated and
-available for the application or for a specific command using either the help
-command or the `--help` flag.
-
-# Concepts
-
-Cobra is built on a structure of commands, arguments & flags.
-
-**Commands** represent actions, **Args** are things and **Flags** are modifiers for those actions.
-
-The best applications will read like sentences when used. Users will know how
-to use the application because they will natively understand how to use it.
-
-The pattern to follow is
-`APPNAME VERB NOUN --ADJECTIVE.`
-    or
-`APPNAME COMMAND ARG --FLAG`
-
-A few good real world examples may better illustrate this point.
-
-In the following example, 'server' is a command, and 'port' is a flag:
-
-    hugo server --port=1313
-
-In this command we are telling Git to clone the url bare.
-
-    git clone URL --bare
-
-## Commands
-
-Command is the central point of the application. Each interaction that
-the application supports will be contained in a Command. A command can
-have children commands and optionally run an action.
-
-In the example above, 'server' is the command.
-
-A Command has the following structure:
-
-```go
-type Command struct {
-    Use string // The one-line usage message.
-    Short string // The short description shown in the 'help' output.
-    Long string // The long message shown in the 'help <this-command>' output.
-    Run func(cmd *Command, args []string) // Run runs the command.
-}
-```
-
-## Flags
-
-A Flag is a way to modify the behavior of a command. Cobra supports
-fully POSIX-compliant flags as well as the Go [flag package](https://golang.org/pkg/flag/).
-A Cobra command can define flags that persist through to children commands
-and flags that are only available to that command.
-
-In the example above, 'port' is the flag.
-
-Flag functionality is provided by the [pflag
-library](https://github.com/spf13/pflag), a fork of the flag standard library
-which maintains the same interface while adding POSIX compliance.
-
-## Usage
-
-Cobra works by creating a set of commands and then organizing them into a tree.
-The tree defines the structure of the application.
-
-Once each command is defined with its corresponding flags, then the
-tree is assigned to the commander which is finally executed.
-
-# Installing
-Using Cobra is easy. First, use `go get` to install the latest version
-of the library. This command will install the `cobra` generator executable
-along with the library and its dependencies:
-
-    go get -u github.com/spf13/cobra/cobra
-
-Next, include Cobra in your application:
-
-```go
-import "github.com/spf13/cobra"
-```
-
-# Getting Started
-
-While you are welcome to provide your own organization, typically a Cobra based
-application will follow the following organizational structure.
-
-```
-  ▾ appName/
-    ▾ cmd/
-        add.go
-        your.go
-        commands.go
-        here.go
-      main.go
-```
-
-In a Cobra app, typically the main.go file is very bare. It serves, one purpose, to initialize Cobra.
-
-```go
-package main
-
-import (
-	"fmt"
-	"os"
-
-	"{pathToYourApp}/cmd"
-)
-
-func main() {
-	if err := cmd.RootCmd.Execute(); err != nil {
-		fmt.Println(err)
-		os.Exit(1)
-	}
-}
-```
-
-## Using the Cobra Generator
-
-Cobra provides its own program that will create your application and add any
-commands you want. It's the easiest way to incorporate Cobra into your application.
-
-In order to use the cobra command, compile it using the following command:
-
-    go get github.com/spf13/cobra/cobra
-
-This will create the cobra executable under your `$GOPATH/bin` directory.
-
-### cobra init
-
-The `cobra init [yourApp]` command will create your initial application code
-for you. It is a very powerful application that will populate your program with
-the right structure so you can immediately enjoy all the benefits of Cobra. It
-will also automatically apply the license you specify to your application.
-
-Cobra init is pretty smart. You can provide it a full path, or simply a path
-similar to what is expected in the import.
-
-```
-cobra init github.com/spf13/newAppName
-```
-
-### cobra add
-
-Once an application is initialized Cobra can create additional commands for you.
-Let's say you created an app and you wanted the following commands for it:
-
-* app serve
-* app config
-* app config create
-
-In your project directory (where your main.go file is) you would run the following:
-
-```
-cobra add serve
-cobra add config
-cobra add create -p 'configCmd'
-```
-
-*Note: Use camelCase (not snake_case/snake-case) for command names.
-Otherwise, you will become unexpected errors.
-For example, `cobra add add-user` is incorrect, but `cobra add addUser` is valid.*
-
-Once you have run these three commands you would have an app structure that would look like:
-
-```
-  ▾ app/
-    ▾ cmd/
-        serve.go
-        config.go
-        create.go
-      main.go
-```
-
-At this point you can run `go run main.go` and it would run your app. `go run
-main.go serve`, `go run main.go config`, `go run main.go config create` along
-with `go run main.go help serve`, etc would all work.
-
-Obviously you haven't added your own code to these yet, the commands are ready
-for you to give them their tasks. Have fun!
-
-### Configuring the cobra generator
-
-The cobra generator will be easier to use if you provide a simple configuration
-file which will help you eliminate providing a bunch of repeated information in
-flags over and over.
-
-An example ~/.cobra.yaml file:
-
-```yaml
-author: Steve Francia <spf@spf13.com>
-license: MIT
-```
-
-You can specify no license by setting `license` to `none` or you can specify
-a custom license:
-
-```yaml
-license:
-  header: This file is part of {{ .appName }}.
-  text: |
-    {{ .copyright }}
-
-    This is my license. There are many like it, but this one is mine.
-    My license is my best friend. It is my life. I must master it as I must
-    master my life.
-```
-
-You can also use built-in licenses. For example, **GPLv2**, **GPLv3**, **LGPL**,
-**AGPL**, **MIT**, **2-Clause BSD** or **3-Clause BSD**.
-
-## Manually implementing Cobra
-
-To manually implement cobra you need to create a bare main.go file and a RootCmd file.
-You will optionally provide additional commands as you see fit.
-
-### Create the root command
-
-The root command represents your binary itself.
-
-#### Manually create rootCmd
-
-Cobra doesn't require any special constructors. Simply create your commands.
-
-Ideally you place this in app/cmd/root.go:
-
-```go
-var RootCmd = &cobra.Command{
-	Use:   "hugo",
-	Short: "Hugo is a very fast static site generator",
-	Long: `A Fast and Flexible Static Site Generator built with
-                love by spf13 and friends in Go.
-                Complete documentation is available at http://hugo.spf13.com`,
-	Run: func(cmd *cobra.Command, args []string) {
-		// Do Stuff Here
-	},
-}
-```
-
-You will additionally define flags and handle configuration in your init() function.
-
-For example cmd/root.go:
-
-```go
-import (
-	"fmt"
-	"os"
-
-	homedir "github.com/mitchellh/go-homedir"
-	"github.com/spf13/cobra"
-	"github.com/spf13/viper"
-)
-
-func init() {
-	cobra.OnInitialize(initConfig)
-	RootCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "config file (default is $HOME/.cobra.yaml)")
-	RootCmd.PersistentFlags().StringVarP(&projectBase, "projectbase", "b", "", "base project directory eg. github.com/spf13/")
-	RootCmd.PersistentFlags().StringP("author", "a", "YOUR NAME", "Author name for copyright attribution")
-	RootCmd.PersistentFlags().StringVarP(&userLicense, "license", "l", "", "Name of license for the project (can provide `licensetext` in config)")
-	RootCmd.PersistentFlags().Bool("viper", true, "Use Viper for configuration")
-	viper.BindPFlag("author", RootCmd.PersistentFlags().Lookup("author"))
-	viper.BindPFlag("projectbase", RootCmd.PersistentFlags().Lookup("projectbase"))
-	viper.BindPFlag("useViper", RootCmd.PersistentFlags().Lookup("viper"))
-	viper.SetDefault("author", "NAME HERE <EMAIL ADDRESS>")
-	viper.SetDefault("license", "apache")
-}
-
-func main() {
-  // Don't forget to read config either from cfgFile or from home directory!
-	if cfgFile != "" {
-		// Use config file from the flag.
-		viper.SetConfigFile(cfgFile)
-	} else {
-		// Find home directory.
-		home, err := homedir.Dir()
-		if err != nil {
-			fmt.Println(home)
-			os.Exit(1)
-		}
-
-		// Search config in home directory with name ".cobra" (without extension).
-		viper.AddConfigPath(home)
-		viper.SetConfigName(".cobra")
-	}
-
-	if err := viper.ReadInConfig(); err != nil {
-		fmt.Println("Can't read config:", err)
-    os.Exit(1)
-	}
-}
-```
-
-### Create your main.go
-
-With the root command you need to have your main function execute it.
-Execute should be run on the root for clarity, though it can be called on any command.
-
-In a Cobra app, typically the main.go file is very bare. It serves, one purpose, to initialize Cobra.
-
-```go
-package main
-
-import (
-	"fmt"
-	"os"
-
-	"{pathToYourApp}/cmd"
-)
-
-func main() {
-	if err := cmd.RootCmd.Execute(); err != nil {
-		fmt.Println(err)
-		os.Exit(1)
-	}
-}
-```
-
-### Create additional commands
-
-Additional commands can be defined and typically are each given their own file
-inside of the cmd/ directory.
-
-If you wanted to create a version command you would create cmd/version.go and
-populate it with the following:
-
-```go
-package cmd
-
-import (
-	"github.com/spf13/cobra"
-	"fmt"
-)
-
-func init() {
-	RootCmd.AddCommand(versionCmd)
-}
-
-var versionCmd = &cobra.Command{
-	Use:   "version",
-	Short: "Print the version number of Hugo",
-	Long:  `All software has versions. This is Hugo's`,
-	Run: func(cmd *cobra.Command, args []string) {
-		fmt.Println("Hugo Static Site Generator v0.9 -- HEAD")
-	},
-}
-```
-
-### Attach command to its parent
-
-
-If you notice in the above example we attach the command to its parent. In
-this case the parent is the rootCmd. In this example we are attaching it to the
-root, but commands can be attached at any level.
-
-```go
-RootCmd.AddCommand(versionCmd)
-```
-
-### Remove a command from its parent
-
-Removing a command is not a common action in simple programs, but it allows 3rd
-parties to customize an existing command tree.
-
-In this example, we remove the existing `VersionCmd` command of an existing
-root command, and we replace it with our own version:
-
-```go
-mainlib.RootCmd.RemoveCommand(mainlib.VersionCmd)
-mainlib.RootCmd.AddCommand(versionCmd)
-```
-
-## Working with Flags
-
-Flags provide modifiers to control how the action command operates.
-
-### Assign flags to a command
-
-Since the flags are defined and used in different locations, we need to
-define a variable outside with the correct scope to assign the flag to
-work with.
-
-```go
-var Verbose bool
-var Source string
-```
-
-There are two different approaches to assign a flag.
-
-### Persistent Flags
-
-A flag can be 'persistent' meaning that this flag will be available to the
-command it's assigned to as well as every command under that command. For
-global flags, assign a flag as a persistent flag on the root.
-
-```go
-RootCmd.PersistentFlags().BoolVarP(&Verbose, "verbose", "v", false, "verbose output")
-```
-
-### Local Flags
-
-A flag can also be assigned locally which will only apply to that specific command.
-
-```go
-RootCmd.Flags().StringVarP(&Source, "source", "s", "", "Source directory to read from")
-```
-
-### Bind Flags with Config
-
-You can also bind your flags with [viper](https://github.com/spf13/viper):
-```go
-var author string
-
-func init() {
-	RootCmd.PersistentFlags().StringVar(&author, "author", "YOUR NAME", "Author name for copyright attribution")
-	viper.BindPFlag("author", RootCmd.PersistentFlags().Lookup("author"))
-}
-```
-
-In this example the persistent flag `author` is bound with `viper`.
-**Note**, that the variable `author` will not be set to the value from config,
-when the `--author` flag is not provided by user.
-
-More in [viper documentation](https://github.com/spf13/viper#working-with-flags).
-
-## Example
-
-In the example below, we have defined three commands. Two are at the top level
-and one (cmdTimes) is a child of one of the top commands. In this case the root
-is not executable meaning that a subcommand is required. This is accomplished
-by not providing a 'Run' for the 'rootCmd'.
-
-We have only defined one flag for a single command.
-
-More documentation about flags is available at https://github.com/spf13/pflag
-
-```go
-package main
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/spf13/cobra"
-)
-
-func main() {
-
-	var echoTimes int
-
-	var cmdPrint = &cobra.Command{
-		Use:   "print [string to print]",
-		Short: "Print anything to the screen",
-		Long: `print is for printing anything back to the screen.
-            For many years people have printed back to the screen.
-            `,
-		Run: func(cmd *cobra.Command, args []string) {
-			fmt.Println("Print: " + strings.Join(args, " "))
-		},
-	}
-
-	var cmdEcho = &cobra.Command{
-		Use:   "echo [string to echo]",
-		Short: "Echo anything to the screen",
-		Long: `echo is for echoing anything back.
-            Echo works a lot like print, except it has a child command.
-            `,
-		Run: func(cmd *cobra.Command, args []string) {
-			fmt.Println("Print: " + strings.Join(args, " "))
-		},
-	}
-
-	var cmdTimes = &cobra.Command{
-		Use:   "times [# times] [string to echo]",
-		Short: "Echo anything to the screen more times",
-		Long: `echo things multiple times back to the user by providing
-            a count and a string.`,
-		Run: func(cmd *cobra.Command, args []string) {
-			for i := 0; i < echoTimes; i++ {
-				fmt.Println("Echo: " + strings.Join(args, " "))
-			}
-		},
-	}
-
-	cmdTimes.Flags().IntVarP(&echoTimes, "times", "t", 1, "times to echo the input")
-
-	var rootCmd = &cobra.Command{Use: "app"}
-	rootCmd.AddCommand(cmdPrint, cmdEcho)
-	cmdEcho.AddCommand(cmdTimes)
-	rootCmd.Execute()
-}
-```
-
-For a more complete example of a larger application, please checkout [Hugo](http://gohugo.io/).
-
-## The Help Command
-
-Cobra automatically adds a help command to your application when you have subcommands.
-This will be called when a user runs 'app help'. Additionally, help will also
-support all other commands as input. Say, for instance, you have a command called
-'create' without any additional configuration; Cobra will work when 'app help
-create' is called.  Every command will automatically have the '--help' flag added.
-
-### Example
-
-The following output is automatically generated by Cobra. Nothing beyond the
-command and flag definitions are needed.
-
-    > hugo help
-
-    hugo is the main command, used to build your Hugo site.
-
-    Hugo is a Fast and Flexible Static Site Generator
-    built with love by spf13 and friends in Go.
-
-    Complete documentation is available at http://gohugo.io/.
-
-    Usage:
-      hugo [flags]
-      hugo [command]
-
-    Available Commands:
-      server          Hugo runs its own webserver to render the files
-      version         Print the version number of Hugo
-      config          Print the site configuration
-      check           Check content in the source directory
-      benchmark       Benchmark hugo by building a site a number of times.
-      convert         Convert your content to different formats
-      new             Create new content for your site
-      list            Listing out various types of content
-      undraft         Undraft changes the content's draft status from 'True' to 'False'
-      genautocomplete Generate shell autocompletion script for Hugo
-      gendoc          Generate Markdown documentation for the Hugo CLI.
-      genman          Generate man page for Hugo
-      import          Import your site from others.
-
-    Flags:
-      -b, --baseURL="": hostname (and path) to the root, e.g. http://spf13.com/
-      -D, --buildDrafts[=false]: include content marked as draft
-      -F, --buildFuture[=false]: include content with publishdate in the future
-          --cacheDir="": filesystem path to cache directory. Defaults: $TMPDIR/hugo_cache/
-          --canonifyURLs[=false]: if true, all relative URLs will be canonicalized using baseURL
-          --config="": config file (default is path/config.yaml|json|toml)
-      -d, --destination="": filesystem path to write files to
-          --disableRSS[=false]: Do not build RSS files
-          --disableSitemap[=false]: Do not build Sitemap file
-          --editor="": edit new content with this editor, if provided
-          --ignoreCache[=false]: Ignores the cache directory for reading but still writes to it
-          --log[=false]: Enable Logging
-          --logFile="": Log File path (if set, logging enabled automatically)
-          --noTimes[=false]: Don't sync modification time of files
-          --pluralizeListTitles[=true]: Pluralize titles in lists using inflect
-          --preserveTaxonomyNames[=false]: Preserve taxonomy names as written ("Gérard Depardieu" vs "gerard-depardieu")
-      -s, --source="": filesystem path to read files relative from
-          --stepAnalysis[=false]: display memory and timing of different steps of the program
-      -t, --theme="": theme to use (located in /themes/THEMENAME/)
-          --uglyURLs[=false]: if true, use /filename.html instead of /filename/
-      -v, --verbose[=false]: verbose output
-          --verboseLog[=false]: verbose logging
-      -w, --watch[=false]: watch filesystem for changes and recreate as needed
-
-    Use "hugo [command] --help" for more information about a command.
-
-
-Help is just a command like any other. There is no special logic or behavior
-around it. In fact, you can provide your own if you want.
-
-### Defining your own help
-
-You can provide your own Help command or your own template for the default command to use.
-
-The default help command is
-
-```go
-func (c *Command) initHelp() {
-	if c.helpCommand == nil {
-		c.helpCommand = &Command{
-			Use:   "help [command]",
-			Short: "Help about any command",
-			Long: `Help provides help for any command in the application.
-        Simply type ` + c.Name() + ` help [path to command] for full details.`,
-			Run: c.HelpFunc(),
-		}
-	}
-	c.AddCommand(c.helpCommand)
-}
-```
-
-You can provide your own command, function or template through the following methods:
-
-```go
-command.SetHelpCommand(cmd *Command)
-
-command.SetHelpFunc(f func(*Command, []string))
-
-command.SetHelpTemplate(s string)
-```
-
-The latter two will also apply to any children commands.
-
-## Usage
-
-When the user provides an invalid flag or invalid command, Cobra responds by
-showing the user the 'usage'.
-
-### Example
-You may recognize this from the help above. That's because the default help
-embeds the usage as part of its output.
-
-    Usage:
-      hugo [flags]
-      hugo [command]
-
-    Available Commands:
-      server          Hugo runs its own webserver to render the files
-      version         Print the version number of Hugo
-      config          Print the site configuration
-      check           Check content in the source directory
-      benchmark       Benchmark hugo by building a site a number of times.
-      convert         Convert your content to different formats
-      new             Create new content for your site
-      list            Listing out various types of content
-      undraft         Undraft changes the content's draft status from 'True' to 'False'
-      genautocomplete Generate shell autocompletion script for Hugo
-      gendoc          Generate Markdown documentation for the Hugo CLI.
-      genman          Generate man page for Hugo
-      import          Import your site from others.
-
-    Flags:
-      -b, --baseURL="": hostname (and path) to the root, e.g. http://spf13.com/
-      -D, --buildDrafts[=false]: include content marked as draft
-      -F, --buildFuture[=false]: include content with publishdate in the future
-          --cacheDir="": filesystem path to cache directory. Defaults: $TMPDIR/hugo_cache/
-          --canonifyURLs[=false]: if true, all relative URLs will be canonicalized using baseURL
-          --config="": config file (default is path/config.yaml|json|toml)
-      -d, --destination="": filesystem path to write files to
-          --disableRSS[=false]: Do not build RSS files
-          --disableSitemap[=false]: Do not build Sitemap file
-          --editor="": edit new content with this editor, if provided
-          --ignoreCache[=false]: Ignores the cache directory for reading but still writes to it
-          --log[=false]: Enable Logging
-          --logFile="": Log File path (if set, logging enabled automatically)
-          --noTimes[=false]: Don't sync modification time of files
-          --pluralizeListTitles[=true]: Pluralize titles in lists using inflect
-          --preserveTaxonomyNames[=false]: Preserve taxonomy names as written ("Gérard Depardieu" vs "gerard-depardieu")
-      -s, --source="": filesystem path to read files relative from
-          --stepAnalysis[=false]: display memory and timing of different steps of the program
-      -t, --theme="": theme to use (located in /themes/THEMENAME/)
-          --uglyURLs[=false]: if true, use /filename.html instead of /filename/
-      -v, --verbose[=false]: verbose output
-          --verboseLog[=false]: verbose logging
-      -w, --watch[=false]: watch filesystem for changes and recreate as needed
-
-### Defining your own usage
-You can provide your own usage function or template for Cobra to use.
-
-The default usage function is:
-
-```go
-return func(c *Command) error {
-	err := tmpl(c.Out(), c.UsageTemplate(), c)
-	return err
-}
-```
-
-Like help, the function and template are overridable through public methods:
-
-```go
-command.SetUsageFunc(f func(*Command) error)
-
-command.SetUsageTemplate(s string)
-```
-
-## PreRun or PostRun Hooks
-
-It is possible to run functions before or after the main `Run` function of your command. The `PersistentPreRun` and `PreRun` functions will be executed before `Run`. `PersistentPostRun` and `PostRun` will be executed after `Run`.  The `Persistent*Run` functions will be inherited by children if they do not declare their own.  These functions are run in the following order:
-
-- `PersistentPreRun`
-- `PreRun`
-- `Run`
-- `PostRun`
-- `PersistentPostRun`
-
-An example of two commands which use all of these features is below.  When the subcommand is executed, it will run the root command's `PersistentPreRun` but not the root command's `PersistentPostRun`:
-
-```go
-package main
-
-import (
-	"fmt"
-
-	"github.com/spf13/cobra"
-)
-
-func main() {
-
-	var rootCmd = &cobra.Command{
-		Use:   "root [sub]",
-		Short: "My root command",
-		PersistentPreRun: func(cmd *cobra.Command, args []string) {
-			fmt.Printf("Inside rootCmd PersistentPreRun with args: %v\n", args)
-		},
-		PreRun: func(cmd *cobra.Command, args []string) {
-			fmt.Printf("Inside rootCmd PreRun with args: %v\n", args)
-		},
-		Run: func(cmd *cobra.Command, args []string) {
-			fmt.Printf("Inside rootCmd Run with args: %v\n", args)
-		},
-		PostRun: func(cmd *cobra.Command, args []string) {
-			fmt.Printf("Inside rootCmd PostRun with args: %v\n", args)
-		},
-		PersistentPostRun: func(cmd *cobra.Command, args []string) {
-			fmt.Printf("Inside rootCmd PersistentPostRun with args: %v\n", args)
-		},
-	}
-
-	var subCmd = &cobra.Command{
-		Use:   "sub [no options!]",
-		Short: "My subcommand",
-		PreRun: func(cmd *cobra.Command, args []string) {
-			fmt.Printf("Inside subCmd PreRun with args: %v\n", args)
-		},
-		Run: func(cmd *cobra.Command, args []string) {
-			fmt.Printf("Inside subCmd Run with args: %v\n", args)
-		},
-		PostRun: func(cmd *cobra.Command, args []string) {
-			fmt.Printf("Inside subCmd PostRun with args: %v\n", args)
-		},
-		PersistentPostRun: func(cmd *cobra.Command, args []string) {
-			fmt.Printf("Inside subCmd PersistentPostRun with args: %v\n", args)
-		},
-	}
-
-	rootCmd.AddCommand(subCmd)
-
-	rootCmd.SetArgs([]string{""})
-	_ = rootCmd.Execute()
-	fmt.Print("\n")
-	rootCmd.SetArgs([]string{"sub", "arg1", "arg2"})
-	_ = rootCmd.Execute()
-}
-```
-
-
-## Alternative Error Handling
-
-Cobra also has functions where the return signature is an error. This allows for errors to bubble up to the top,
-providing a way to handle the errors in one location. The current list of functions that return an error is:
-
-* PersistentPreRunE
-* PreRunE
-* RunE
-* PostRunE
-* PersistentPostRunE
-
-If you would like to silence the default `error` and `usage` output in favor of your own, you can set `SilenceUsage`
-and `SilenceErrors` to `true` on the command. A child command respects these flags if they are set on the parent
-command.
-
-**Example Usage using RunE:**
-
-```go
-package main
-
-import (
-	"errors"
-	"log"
-
-	"github.com/spf13/cobra"
-)
-
-func main() {
-	var rootCmd = &cobra.Command{
-		Use:   "hugo",
-		Short: "Hugo is a very fast static site generator",
-		Long: `A Fast and Flexible Static Site Generator built with
-                love by spf13 and friends in Go.
-                Complete documentation is available at http://hugo.spf13.com`,
-		RunE: func(cmd *cobra.Command, args []string) error {
-			// Do Stuff Here
-			return errors.New("some random error")
-		},
-	}
-
-	if err := rootCmd.Execute(); err != nil {
-		log.Fatal(err)
-	}
-}
-```
-
-## Suggestions when "unknown command" happens
-
-Cobra will print automatic suggestions when "unknown command" errors happen. This allows Cobra to behave similarly to the `git` command when a typo happens. For example:
-
-```
-$ hugo srever
-Error: unknown command "srever" for "hugo"
-
-Did you mean this?
-        server
-
-Run 'hugo --help' for usage.
-```
-
-Suggestions are automatic based on every subcommand registered and use an implementation of [Levenshtein distance](http://en.wikipedia.org/wiki/Levenshtein_distance). Every registered command that matches a minimum distance of 2 (ignoring case) will be displayed as a suggestion.
-
-If you need to disable suggestions or tweak the string distance in your command, use:
-
-```go
-command.DisableSuggestions = true
-```
-
-or
-
-```go
-command.SuggestionsMinimumDistance = 1
-```
-
-You can also explicitly set names for which a given command will be suggested using the `SuggestFor` attribute. This allows suggestions for strings that are not close in terms of string distance, but makes sense in your set of commands and for some which you don't want aliases. Example:
-
-```
-$ kubectl remove
-Error: unknown command "remove" for "kubectl"
-
-Did you mean this?
-        delete
-
-Run 'kubectl help' for usage.
-```
-
-## Generating Markdown-formatted documentation for your command
-
-Cobra can generate a Markdown-formatted document based on the subcommands, flags, etc. A simple example of how to do this for your command can be found in [Markdown Docs](doc/md_docs.md).
-
-## Generating man pages for your command
-
-Cobra can generate a man page based on the subcommands, flags, etc. A simple example of how to do this for your command can be found in [Man Docs](doc/man_docs.md).
-
-## Generating bash completions for your command
-
-Cobra can generate a bash-completion file. If you add more information to your command, these completions can be amazingly powerful and flexible.  Read more about it in [Bash Completions](bash_completions.md).
-
-## Debugging
-
-Cobra provides a ‘DebugFlags’ method on a command which, when called, will print
-out everything Cobra knows about the flags for each command.
-
-### Example
-
-```go
-command.DebugFlags()
-```
-
-## Extensions
-
-Libraries for extending Cobra:
-
-* [cmdns](https://github.com/gosuri/cmdns): Enables name spacing a command's immediate children. It provides an alternative way to structure subcommands, similar to `heroku apps:create` and `ovrclk clusters:launch`.
-
-## Contributing
-
-1. Fork it
-2. Create your feature branch (`git checkout -b my-new-feature`)
-3. Commit your changes (`git commit -am 'Add some feature'`)
-4. Push to the branch (`git push origin my-new-feature`)
-5. Create new Pull Request
-
-## Contributors
-
-Names in no particular order:
-
-* [spf13](https://github.com/spf13),
-[eparis](https://github.com/eparis),
-[bep](https://github.com/bep), and many more!
-
-## License
-
-Cobra is released under the Apache 2.0 license. See [LICENSE.txt](https://github.com/spf13/cobra/blob/master/LICENSE.txt)

vendor/github.com/spf13/cobra/bash_completions.go

@@ -1,534 +0,0 @@
-package cobra
-
-import (
-	"bytes"
-	"fmt"
-	"io"
-	"os"
-	"sort"
-	"strings"
-
-	"github.com/spf13/pflag"
-)
-
-// Annotations for Bash completion.
-const (
-	BashCompFilenameExt     = "cobra_annotation_bash_completion_filename_extensions"
-	BashCompCustom          = "cobra_annotation_bash_completion_custom"
-	BashCompOneRequiredFlag = "cobra_annotation_bash_completion_one_required_flag"
-	BashCompSubdirsInDir    = "cobra_annotation_bash_completion_subdirs_in_dir"
-)
-
-func writePreamble(buf *bytes.Buffer, name string) {
-	buf.WriteString(fmt.Sprintf("# bash completion for %-36s -*- shell-script -*-\n", name))
-	buf.WriteString(`
-__debug()
-{
-    if [[ -n ${BASH_COMP_DEBUG_FILE} ]]; then
-        echo "$*" >> "${BASH_COMP_DEBUG_FILE}"
-    fi
-}
-
-# Homebrew on Macs have version 1.3 of bash-completion which doesn't include
-# _init_completion. This is a very minimal version of that function.
-__my_init_completion()
-{
-    COMPREPLY=()
-    _get_comp_words_by_ref "$@" cur prev words cword
-}
-
-__index_of_word()
-{
-    local w word=$1
-    shift
-    index=0
-    for w in "$@"; do
-        [[ $w = "$word" ]] && return
-        index=$((index+1))
-    done
-    index=-1
-}
-
-__contains_word()
-{
-    local w word=$1; shift
-    for w in "$@"; do
-        [[ $w = "$word" ]] && return
-    done
-    return 1
-}
-
-__handle_reply()
-{
-    __debug "${FUNCNAME[0]}"
-    case $cur in
-        -*)
-            if [[ $(type -t compopt) = "builtin" ]]; then
-                compopt -o nospace
-            fi
-            local allflags
-            if [ ${#must_have_one_flag[@]} -ne 0 ]; then
-                allflags=("${must_have_one_flag[@]}")
-            else
-                allflags=("${flags[*]} ${two_word_flags[*]}")
-            fi
-            COMPREPLY=( $(compgen -W "${allflags[*]}" -- "$cur") )
-            if [[ $(type -t compopt) = "builtin" ]]; then
-                [[ "${COMPREPLY[0]}" == *= ]] || compopt +o nospace
-            fi
-
-            # complete after --flag=abc
-            if [[ $cur == *=* ]]; then
-                if [[ $(type -t compopt) = "builtin" ]]; then
-                    compopt +o nospace
-                fi
-
-                local index flag
-                flag="${cur%%=*}"
-                __index_of_word "${flag}" "${flags_with_completion[@]}"
-                COMPREPLY=()
-                if [[ ${index} -ge 0 ]]; then
-                    PREFIX=""
-                    cur="${cur#*=}"
-                    ${flags_completion[${index}]}
-                    if [ -n "${ZSH_VERSION}" ]; then
-                        # zfs completion needs --flag= prefix
-                        eval "COMPREPLY=( \"\${COMPREPLY[@]/#/${flag}=}\" )"
-                    fi
-                fi
-            fi
-            return 0;
-            ;;
-    esac
-
-    # check if we are handling a flag with special work handling
-    local index
-    __index_of_word "${prev}" "${flags_with_completion[@]}"
-    if [[ ${index} -ge 0 ]]; then
-        ${flags_completion[${index}]}
-        return
-    fi
-
-    # we are parsing a flag and don't have a special handler, no completion
-    if [[ ${cur} != "${words[cword]}" ]]; then
-        return
-    fi
-
-    local completions
-    completions=("${commands[@]}")
-    if [[ ${#must_have_one_noun[@]} -ne 0 ]]; then
-        completions=("${must_have_one_noun[@]}")
-    fi
-    if [[ ${#must_have_one_flag[@]} -ne 0 ]]; then
-        completions+=("${must_have_one_flag[@]}")
-    fi
-    COMPREPLY=( $(compgen -W "${completions[*]}" -- "$cur") )
-
-    if [[ ${#COMPREPLY[@]} -eq 0 && ${#noun_aliases[@]} -gt 0 && ${#must_have_one_noun[@]} -ne 0 ]]; then
-        COMPREPLY=( $(compgen -W "${noun_aliases[*]}" -- "$cur") )
-    fi
-
-    if [[ ${#COMPREPLY[@]} -eq 0 ]]; then
-        declare -F __custom_func >/dev/null && __custom_func
-    fi
-
-    __ltrim_colon_completions "$cur"
-}
-
-# The arguments should be in the form "ext1|ext2|extn"
-__handle_filename_extension_flag()
-{
-    local ext="$1"
-    _filedir "@(${ext})"
-}
-
-__handle_subdirs_in_dir_flag()
-{
-    local dir="$1"
-    pushd "${dir}" >/dev/null 2>&1 && _filedir -d && popd >/dev/null 2>&1
-}
-
-__handle_flag()
-{
-    __debug "${FUNCNAME[0]}: c is $c words[c] is ${words[c]}"
-
-    # if a command required a flag, and we found it, unset must_have_one_flag()
-    local flagname=${words[c]}
-    local flagvalue
-    # if the word contained an =
-    if [[ ${words[c]} == *"="* ]]; then
-        flagvalue=${flagname#*=} # take in as flagvalue after the =
-        flagname=${flagname%%=*} # strip everything after the =
-        flagname="${flagname}=" # but put the = back
-    fi
-    __debug "${FUNCNAME[0]}: looking for ${flagname}"
-    if __contains_word "${flagname}" "${must_have_one_flag[@]}"; then
-        must_have_one_flag=()
-    fi
-
-    # if you set a flag which only applies to this command, don't show subcommands
-    if __contains_word "${flagname}" "${local_nonpersistent_flags[@]}"; then
-      commands=()
-    fi
-
-    # keep flag value with flagname as flaghash
-    if [ -n "${flagvalue}" ] ; then
-        flaghash[${flagname}]=${flagvalue}
-    elif [ -n "${words[ $((c+1)) ]}" ] ; then
-        flaghash[${flagname}]=${words[ $((c+1)) ]}
-    else
-        flaghash[${flagname}]="true" # pad "true" for bool flag
-    fi
-
-    # skip the argument to a two word flag
-    if __contains_word "${words[c]}" "${two_word_flags[@]}"; then
-        c=$((c+1))
-        # if we are looking for a flags value, don't show commands
-        if [[ $c -eq $cword ]]; then
-            commands=()
-        fi
-    fi
-
-    c=$((c+1))
-
-}
-
-__handle_noun()
-{
-    __debug "${FUNCNAME[0]}: c is $c words[c] is ${words[c]}"
-
-    if __contains_word "${words[c]}" "${must_have_one_noun[@]}"; then
-        must_have_one_noun=()
-    elif __contains_word "${words[c]}" "${noun_aliases[@]}"; then
-        must_have_one_noun=()
-    fi
-
-    nouns+=("${words[c]}")
-    c=$((c+1))
-}
-
-__handle_command()
-{
-    __debug "${FUNCNAME[0]}: c is $c words[c] is ${words[c]}"
-
-    local next_command
-    if [[ -n ${last_command} ]]; then
-        next_command="_${last_command}_${words[c]//:/__}"
-    else
-        if [[ $c -eq 0 ]]; then
-            next_command="_$(basename "${words[c]//:/__}")"
-        else
-            next_command="_${words[c]//:/__}"
-        fi
-    fi
-    c=$((c+1))
-    __debug "${FUNCNAME[0]}: looking for ${next_command}"
-    declare -F "$next_command" >/dev/null && $next_command
-}
-
-__handle_word()
-{
-    if [[ $c -ge $cword ]]; then
-        __handle_reply
-        return
-    fi
-    __debug "${FUNCNAME[0]}: c is $c words[c] is ${words[c]}"
-    if [[ "${words[c]}" == -* ]]; then
-        __handle_flag
-    elif __contains_word "${words[c]}" "${commands[@]}"; then
-        __handle_command
-    elif [[ $c -eq 0 ]] && __contains_word "$(basename "${words[c]}")" "${commands[@]}"; then
-        __handle_command
-    else
-        __handle_noun
-    fi
-    __handle_word
-}
-
-`)
-}
-
-func writePostscript(buf *bytes.Buffer, name string) {
-	name = strings.Replace(name, ":", "__", -1)
-	buf.WriteString(fmt.Sprintf("__start_%s()\n", name))
-	buf.WriteString(fmt.Sprintf(`{
-    local cur prev words cword
-    declare -A flaghash 2>/dev/null || :
-    if declare -F _init_completion >/dev/null 2>&1; then
-        _init_completion -s || return
-    else
-        __my_init_completion -n "=" || return
-    fi
-
-    local c=0
-    local flags=()
-    local two_word_flags=()
-    local local_nonpersistent_flags=()
-    local flags_with_completion=()
-    local flags_completion=()
-    local commands=("%s")
-    local must_have_one_flag=()
-    local must_have_one_noun=()
-    local last_command
-    local nouns=()
-
-    __handle_word
-}
-
-`, name))
-	buf.WriteString(fmt.Sprintf(`if [[ $(type -t compopt) = "builtin" ]]; then
-    complete -o default -F __start_%s %s
-else
-    complete -o default -o nospace -F __start_%s %s
-fi
-
-`, name, name, name, name))
-	buf.WriteString("# ex: ts=4 sw=4 et filetype=sh\n")
-}
-
-func writeCommands(buf *bytes.Buffer, cmd *Command) {
-	buf.WriteString("    commands=()\n")
-	for _, c := range cmd.Commands() {
-		if !c.IsAvailableCommand() || c == cmd.helpCommand {
-			continue
-		}
-		buf.WriteString(fmt.Sprintf("    commands+=(%q)\n", c.Name()))
-	}
-	buf.WriteString("\n")
-}
-
-func writeFlagHandler(buf *bytes.Buffer, name string, annotations map[string][]string) {
-	for key, value := range annotations {
-		switch key {
-		case BashCompFilenameExt:
-			buf.WriteString(fmt.Sprintf("    flags_with_completion+=(%q)\n", name))
-
-			var ext string
-			if len(value) > 0 {
-				ext = "__handle_filename_extension_flag " + strings.Join(value, "|")
-			} else {
-				ext = "_filedir"
-			}
-			buf.WriteString(fmt.Sprintf("    flags_completion+=(%q)\n", ext))
-		case BashCompCustom:
-			buf.WriteString(fmt.Sprintf("    flags_with_completion+=(%q)\n", name))
-			if len(value) > 0 {
-				handlers := strings.Join(value, "; ")
-				buf.WriteString(fmt.Sprintf("    flags_completion+=(%q)\n", handlers))
-			} else {
-				buf.WriteString("    flags_completion+=(:)\n")
-			}
-		case BashCompSubdirsInDir:
-			buf.WriteString(fmt.Sprintf("    flags_with_completion+=(%q)\n", name))
-
-			var ext string
-			if len(value) == 1 {
-				ext = "__handle_subdirs_in_dir_flag " + value[0]
-			} else {
-				ext = "_filedir -d"
-			}
-			buf.WriteString(fmt.Sprintf("    flags_completion+=(%q)\n", ext))
-		}
-	}
-}
-
-func writeShortFlag(buf *bytes.Buffer, flag *pflag.Flag) {
-	name := flag.Shorthand
-	format := "    "
-	if len(flag.NoOptDefVal) == 0 {
-		format += "two_word_"
-	}
-	format += "flags+=(\"-%s\")\n"
-	buf.WriteString(fmt.Sprintf(format, name))
-	writeFlagHandler(buf, "-"+name, flag.Annotations)
-}
-
-func writeFlag(buf *bytes.Buffer, flag *pflag.Flag) {
-	name := flag.Name
-	format := "    flags+=(\"--%s"
-	if len(flag.NoOptDefVal) == 0 {
-		format += "="
-	}
-	format += "\")\n"
-	buf.WriteString(fmt.Sprintf(format, name))
-	writeFlagHandler(buf, "--"+name, flag.Annotations)
-}
-
-func writeLocalNonPersistentFlag(buf *bytes.Buffer, flag *pflag.Flag) {
-	name := flag.Name
-	format := "    local_nonpersistent_flags+=(\"--%s"
-	if len(flag.NoOptDefVal) == 0 {
-		format += "="
-	}
-	format += "\")\n"
-	buf.WriteString(fmt.Sprintf(format, name))
-}
-
-func writeFlags(buf *bytes.Buffer, cmd *Command) {
-	buf.WriteString(`    flags=()
-    two_word_flags=()
-    local_nonpersistent_flags=()
-    flags_with_completion=()
-    flags_completion=()
-
-`)
-	localNonPersistentFlags := cmd.LocalNonPersistentFlags()
-	cmd.NonInheritedFlags().VisitAll(func(flag *pflag.Flag) {
-		if nonCompletableFlag(flag) {
-			return
-		}
-		writeFlag(buf, flag)
-		if len(flag.Shorthand) > 0 {
-			writeShortFlag(buf, flag)
-		}
-		if localNonPersistentFlags.Lookup(flag.Name) != nil {
-			writeLocalNonPersistentFlag(buf, flag)
-		}
-	})
-	cmd.InheritedFlags().VisitAll(func(flag *pflag.Flag) {
-		if nonCompletableFlag(flag) {
-			return
-		}
-		writeFlag(buf, flag)
-		if len(flag.Shorthand) > 0 {
-			writeShortFlag(buf, flag)
-		}
-	})
-
-	buf.WriteString("\n")
-}
-
-func writeRequiredFlag(buf *bytes.Buffer, cmd *Command) {
-	buf.WriteString("    must_have_one_flag=()\n")
-	flags := cmd.NonInheritedFlags()
-	flags.VisitAll(func(flag *pflag.Flag) {
-		if nonCompletableFlag(flag) {
-			return
-		}
-		for key := range flag.Annotations {
-			switch key {
-			case BashCompOneRequiredFlag:
-				format := "    must_have_one_flag+=(\"--%s"
-				if flag.Value.Type() != "bool" {
-					format += "="
-				}
-				format += "\")\n"
-				buf.WriteString(fmt.Sprintf(format, flag.Name))
-
-				if len(flag.Shorthand) > 0 {
-					buf.WriteString(fmt.Sprintf("    must_have_one_flag+=(\"-%s\")\n", flag.Shorthand))
-				}
-			}
-		}
-	})
-}
-
-func writeRequiredNouns(buf *bytes.Buffer, cmd *Command) {
-	buf.WriteString("    must_have_one_noun=()\n")
-	sort.Sort(sort.StringSlice(cmd.ValidArgs))
-	for _, value := range cmd.ValidArgs {
-		buf.WriteString(fmt.Sprintf("    must_have_one_noun+=(%q)\n", value))
-	}
-}
-
-func writeArgAliases(buf *bytes.Buffer, cmd *Command) {
-	buf.WriteString("    noun_aliases=()\n")
-	sort.Sort(sort.StringSlice(cmd.ArgAliases))
-	for _, value := range cmd.ArgAliases {
-		buf.WriteString(fmt.Sprintf("    noun_aliases+=(%q)\n", value))
-	}
-}
-
-func gen(buf *bytes.Buffer, cmd *Command) {
-	for _, c := range cmd.Commands() {
-		if !c.IsAvailableCommand() || c == cmd.helpCommand {
-			continue
-		}
-		gen(buf, c)
-	}
-	commandName := cmd.CommandPath()
-	commandName = strings.Replace(commandName, " ", "_", -1)
-	commandName = strings.Replace(commandName, ":", "__", -1)
-	buf.WriteString(fmt.Sprintf("_%s()\n{\n", commandName))
-	buf.WriteString(fmt.Sprintf("    last_command=%q\n", commandName))
-	writeCommands(buf, cmd)
-	writeFlags(buf, cmd)
-	writeRequiredFlag(buf, cmd)
-	writeRequiredNouns(buf, cmd)
-	writeArgAliases(buf, cmd)
-	buf.WriteString("}\n\n")
-}
-
-// GenBashCompletion generates bash completion file and writes to the passed writer.
-func (cmd *Command) GenBashCompletion(w io.Writer) error {
-	buf := new(bytes.Buffer)
-	writePreamble(buf, cmd.Name())
-	if len(cmd.BashCompletionFunction) > 0 {
-		buf.WriteString(cmd.BashCompletionFunction + "\n")
-	}
-	gen(buf, cmd)
-	writePostscript(buf, cmd.Name())
-
-	_, err := buf.WriteTo(w)
-	return err
-}
-
-func nonCompletableFlag(flag *pflag.Flag) bool {
-	return flag.Hidden || len(flag.Deprecated) > 0
-}
-
-// GenBashCompletionFile generates bash completion file.
-func (cmd *Command) GenBashCompletionFile(filename string) error {
-	outFile, err := os.Create(filename)
-	if err != nil {
-		return err
-	}
-	defer outFile.Close()
-
-	return cmd.GenBashCompletion(outFile)
-}
-
-// MarkFlagRequired adds the BashCompOneRequiredFlag annotation to the named flag, if it exists.
-func (cmd *Command) MarkFlagRequired(name string) error {
-	return MarkFlagRequired(cmd.Flags(), name)
-}
-
-// MarkPersistentFlagRequired adds the BashCompOneRequiredFlag annotation to the named persistent flag, if it exists.
-func (cmd *Command) MarkPersistentFlagRequired(name string) error {
-	return MarkFlagRequired(cmd.PersistentFlags(), name)
-}
-
-// MarkFlagRequired adds the BashCompOneRequiredFlag annotation to the named flag in the flag set, if it exists.
-func MarkFlagRequired(flags *pflag.FlagSet, name string) error {
-	return flags.SetAnnotation(name, BashCompOneRequiredFlag, []string{"true"})
-}
-
-// MarkFlagFilename adds the BashCompFilenameExt annotation to the named flag, if it exists.
-// Generated bash autocompletion will select filenames for the flag, limiting to named extensions if provided.
-func (cmd *Command) MarkFlagFilename(name string, extensions ...string) error {
-	return MarkFlagFilename(cmd.Flags(), name, extensions...)
-}
-
-// MarkFlagCustom adds the BashCompCustom annotation to the named flag, if it exists.
-// Generated bash autocompletion will call the bash function f for the flag.
-func (cmd *Command) MarkFlagCustom(name string, f string) error {
-	return MarkFlagCustom(cmd.Flags(), name, f)
-}
-
-// MarkPersistentFlagFilename adds the BashCompFilenameExt annotation to the named persistent flag, if it exists.
-// Generated bash autocompletion will select filenames for the flag, limiting to named extensions if provided.
-func (cmd *Command) MarkPersistentFlagFilename(name string, extensions ...string) error {
-	return MarkFlagFilename(cmd.PersistentFlags(), name, extensions...)
-}
-
-// MarkFlagFilename adds the BashCompFilenameExt annotation to the named flag in the flag set, if it exists.
-// Generated bash autocompletion will select filenames for the flag, limiting to named extensions if provided.
-func MarkFlagFilename(flags *pflag.FlagSet, name string, extensions ...string) error {
-	return flags.SetAnnotation(name, BashCompFilenameExt, extensions)
-}
-
-// MarkFlagCustom adds the BashCompCustom annotation to the named flag in the flag set, if it exists.
-// Generated bash autocompletion will call the bash function f for the flag.
-func MarkFlagCustom(flags *pflag.FlagSet, name string, f string) error {
-	return flags.SetAnnotation(name, BashCompCustom, []string{f})
-}

vendor/github.com/spf13/cobra/bash_completions.md

@@ -1,206 +0,0 @@
-# Generating Bash Completions For Your Own cobra.Command
-
-Generating bash completions from a cobra command is incredibly easy. An actual program which does so for the kubernetes kubectl binary is as follows:
-
-```go
-package main
-
-import (
-        "io/ioutil"
-        "os"
-
-        "github.com/GoogleCloudPlatform/kubernetes/pkg/kubectl/cmd"
-)
-
-func main() {
-        kubectl := cmd.NewFactory(nil).NewKubectlCommand(os.Stdin, ioutil.Discard, ioutil.Discard)
-        kubectl.GenBashCompletionFile("out.sh")
-}
-```
-
-`out.sh` will get you completions of subcommands and flags. Copy it to `/etc/bash_completion.d/` as described [here](https://debian-administration.org/article/316/An_introduction_to_bash_completion_part_1) and reset your terminal to use autocompletion. If you make additional annotations to your code, you can get even more intelligent and flexible behavior.
-
-## Creating your own custom functions
-
-Some more actual code that works in kubernetes:
-
-```bash
-const (
-        bash_completion_func = `__kubectl_parse_get()
-{
-    local kubectl_output out
-    if kubectl_output=$(kubectl get --no-headers "$1" 2>/dev/null); then
-        out=($(echo "${kubectl_output}" | awk '{print $1}'))
-        COMPREPLY=( $( compgen -W "${out[*]}" -- "$cur" ) )
-    fi
-}
-
-__kubectl_get_resource()
-{
-    if [[ ${#nouns[@]} -eq 0 ]]; then
-        return 1
-    fi
-    __kubectl_parse_get ${nouns[${#nouns[@]} -1]}
-    if [[ $? -eq 0 ]]; then
-        return 0
-    fi
-}
-
-__custom_func() {
-    case ${last_command} in
-        kubectl_get | kubectl_describe | kubectl_delete | kubectl_stop)
-            __kubectl_get_resource
-            return
-            ;;
-        *)
-            ;;
-    esac
-}
-`)
-```
-
-And then I set that in my command definition:
-
-```go
-cmds := &cobra.Command{
-	Use:   "kubectl",
-	Short: "kubectl controls the Kubernetes cluster manager",
-	Long: `kubectl controls the Kubernetes cluster manager.
-
-Find more information at https://github.com/GoogleCloudPlatform/kubernetes.`,
-	Run: runHelp,
-	BashCompletionFunction: bash_completion_func,
-}
-```
-
-The `BashCompletionFunction` option is really only valid/useful on the root command. Doing the above will cause `__custom_func()` to be called when the built in processor was unable to find a solution. In the case of kubernetes a valid command might look something like `kubectl get pod [mypod]`. If you type `kubectl get pod [tab][tab]` the `__customc_func()` will run because the cobra.Command only understood "kubectl" and "get." `__custom_func()` will see that the cobra.Command is "kubectl_get" and will thus call another helper `__kubectl_get_resource()`.  `__kubectl_get_resource` will look at the 'nouns' collected. In our example the only noun will be `pod`.  So it will call `__kubectl_parse_get pod`.  `__kubectl_parse_get` will actually call out to kubernetes and get any pods.  It will then set `COMPREPLY` to valid pods!
-
-## Have the completions code complete your 'nouns'
-
-In the above example "pod" was assumed to already be typed. But if you want `kubectl get [tab][tab]` to show a list of valid "nouns" you have to set them. Simplified code from `kubectl get` looks like:
-
-```go
-validArgs []string = { "pod", "node", "service", "replicationcontroller" }
-
-cmd := &cobra.Command{
-	Use:     "get [(-o|--output=)json|yaml|template|...] (RESOURCE [NAME] | RESOURCE/NAME ...)",
-	Short:   "Display one or many resources",
-	Long:    get_long,
-	Example: get_example,
-	Run: func(cmd *cobra.Command, args []string) {
-		err := RunGet(f, out, cmd, args)
-		util.CheckErr(err)
-	},
-	ValidArgs: validArgs,
-}
-```
-
-Notice we put the "ValidArgs" on the "get" subcommand. Doing so will give results like
-
-```bash
-# kubectl get [tab][tab]
-node                 pod                    replicationcontroller  service
-```
-
-## Plural form and shortcuts for nouns
-
-If your nouns have a number of aliases, you can define them alongside `ValidArgs` using `ArgAliases`:
-
-```go
-argAliases []string = { "pods", "nodes", "services", "svc", "replicationcontrollers", "rc" }
-
-cmd := &cobra.Command{
-    ...
-	ValidArgs:  validArgs,
-	ArgAliases: argAliases
-}
-```
-
-The aliases are not shown to the user on tab completion, but they are accepted as valid nouns by
-the completion algorithm if entered manually, e.g. in:
-
-```bash
-# kubectl get rc [tab][tab]
-backend        frontend       database 
-```
-
-Note that without declaring `rc` as an alias, the completion algorithm would show the list of nouns
-in this example again instead of the replication controllers.
-
-## Mark flags as required
-
-Most of the time completions will only show subcommands. But if a flag is required to make a subcommand work, you probably want it to show up when the user types [tab][tab].  Marking a flag as 'Required' is incredibly easy.
-
-```go
-cmd.MarkFlagRequired("pod")
-cmd.MarkFlagRequired("container")
-```
-
-and you'll get something like
-
-```bash
-# kubectl exec [tab][tab][tab]
--c            --container=  -p            --pod=  
-```
-
-# Specify valid filename extensions for flags that take a filename
-
-In this example we use --filename= and expect to get a json or yaml file as the argument. To make this easier we annotate the --filename flag with valid filename extensions.
-
-```go
-	annotations := []string{"json", "yaml", "yml"}
-	annotation := make(map[string][]string)
-	annotation[cobra.BashCompFilenameExt] = annotations
-
-	flag := &pflag.Flag{
-		Name:        "filename",
-		Shorthand:   "f",
-		Usage:       usage,
-		Value:       value,
-		DefValue:    value.String(),
-		Annotations: annotation,
-	}
-	cmd.Flags().AddFlag(flag)
-```
-
-Now when you run a command with this filename flag you'll get something like
-
-```bash
-# kubectl create -f 
-test/                         example/                      rpmbuild/
-hello.yml                     test.json
-```
-
-So while there are many other files in the CWD it only shows me subdirs and those with valid extensions.
-
-# Specifiy custom flag completion
-
-Similar to the filename completion and filtering using cobra.BashCompFilenameExt, you can specifiy
-a custom flag completion function with cobra.BashCompCustom:
-
-```go
-	annotation := make(map[string][]string)
-	annotation[cobra.BashCompFilenameExt] = []string{"__kubectl_get_namespaces"}
-
-	flag := &pflag.Flag{
-		Name:        "namespace",
-		Usage:       usage,
-		Annotations: annotation,
-	}
-	cmd.Flags().AddFlag(flag)
-```
-
-In addition add the `__handle_namespace_flag` implementation in the `BashCompletionFunction`
-value, e.g.:
-
-```bash
-__kubectl_get_namespaces()
-{
-    local template
-    template="{{ range .items  }}{{ .metadata.name }} {{ end }}"
-    local kubectl_out
-    if kubectl_out=$(kubectl get -o template --template="${template}" namespace 2>/dev/null); then
-        COMPREPLY=( $( compgen -W "${kubectl_out}[*]" -- "$cur" ) )
-    fi
-}
-```

vendor/github.com/spf13/cobra/bash_completions_test.go

@@ -1,196 +0,0 @@
-package cobra
-
-import (
-	"bytes"
-	"io/ioutil"
-	"os"
-	"os/exec"
-	"strings"
-	"testing"
-)
-
-func checkOmit(t *testing.T, found, unexpected string) {
-	if strings.Contains(found, unexpected) {
-		t.Errorf("Unexpected response.\nGot: %q\nBut should not have!\n", unexpected)
-	}
-}
-
-func check(t *testing.T, found, expected string) {
-	if !strings.Contains(found, expected) {
-		t.Errorf("Unexpected response.\nExpecting to contain: \n %q\nGot:\n %q\n", expected, found)
-	}
-}
-
-func runShellCheck(s string) error {
-	excluded := []string{
-		"SC2034", // PREFIX appears unused. Verify it or export it.
-	}
-	cmd := exec.Command("shellcheck", "-s", "bash", "-", "-e", strings.Join(excluded, ","))
-	cmd.Stderr = os.Stderr
-	cmd.Stdout = os.Stdout
-
-	stdin, err := cmd.StdinPipe()
-	if err != nil {
-		return err
-	}
-	go func() {
-		defer stdin.Close()
-		stdin.Write([]byte(s))
-	}()
-
-	return cmd.Run()
-}
-
-// World worst custom function, just keep telling you to enter hello!
-const (
-	bashCompletionFunc = `__custom_func() {
-COMPREPLY=( "hello" )
-}
-`
-)
-
-func TestBashCompletions(t *testing.T) {
-	c := initializeWithRootCmd()
-	cmdEcho.AddCommand(cmdTimes)
-	c.AddCommand(cmdEcho, cmdPrint, cmdDeprecated, cmdColon)
-
-	// custom completion function
-	c.BashCompletionFunction = bashCompletionFunc
-
-	// required flag
-	c.MarkFlagRequired("introot")
-
-	// valid nouns
-	validArgs := []string{"pod", "node", "service", "replicationcontroller"}
-	c.ValidArgs = validArgs
-
-	// noun aliases
-	argAliases := []string{"pods", "nodes", "services", "replicationcontrollers", "po", "no", "svc", "rc"}
-	c.ArgAliases = argAliases
-
-	// filename
-	var flagval string
-	c.Flags().StringVar(&flagval, "filename", "", "Enter a filename")
-	c.MarkFlagFilename("filename", "json", "yaml", "yml")
-
-	// persistent filename
-	var flagvalPersistent string
-	c.PersistentFlags().StringVar(&flagvalPersistent, "persistent-filename", "", "Enter a filename")
-	c.MarkPersistentFlagFilename("persistent-filename")
-	c.MarkPersistentFlagRequired("persistent-filename")
-
-	// filename extensions
-	var flagvalExt string
-	c.Flags().StringVar(&flagvalExt, "filename-ext", "", "Enter a filename (extension limited)")
-	c.MarkFlagFilename("filename-ext")
-
-	// filename extensions
-	var flagvalCustom string
-	c.Flags().StringVar(&flagvalCustom, "custom", "", "Enter a filename (extension limited)")
-	c.MarkFlagCustom("custom", "__complete_custom")
-
-	// subdirectories in a given directory
-	var flagvalTheme string
-	c.Flags().StringVar(&flagvalTheme, "theme", "", "theme to use (located in /themes/THEMENAME/)")
-	c.Flags().SetAnnotation("theme", BashCompSubdirsInDir, []string{"themes"})
-
-	out := new(bytes.Buffer)
-	c.GenBashCompletion(out)
-	str := out.String()
-
-	check(t, str, "_cobra-test")
-	check(t, str, "_cobra-test_echo")
-	check(t, str, "_cobra-test_echo_times")
-	check(t, str, "_cobra-test_print")
-	check(t, str, "_cobra-test_cmd__colon")
-
-	// check for required flags
-	check(t, str, `must_have_one_flag+=("--introot=")`)
-	check(t, str, `must_have_one_flag+=("--persistent-filename=")`)
-	// check for custom completion function
-	check(t, str, `COMPREPLY=( "hello" )`)
-	// check for required nouns
-	check(t, str, `must_have_one_noun+=("pod")`)
-	// check for noun aliases
-	check(t, str, `noun_aliases+=("pods")`)
-	check(t, str, `noun_aliases+=("rc")`)
-	checkOmit(t, str, `must_have_one_noun+=("pods")`)
-	// check for filename extension flags
-	check(t, str, `flags_completion+=("_filedir")`)
-	// check for filename extension flags
-	check(t, str, `flags_completion+=("__handle_filename_extension_flag json|yaml|yml")`)
-	// check for custom flags
-	check(t, str, `flags_completion+=("__complete_custom")`)
-	// check for subdirs_in_dir flags
-	check(t, str, `flags_completion+=("__handle_subdirs_in_dir_flag themes")`)
-
-	checkOmit(t, str, cmdDeprecated.Name())
-
-	// if available, run shellcheck against the script
-	if err := exec.Command("which", "shellcheck").Run(); err != nil {
-		return
-	}
-	err := runShellCheck(str)
-	if err != nil {
-		t.Fatalf("shellcheck failed: %v", err)
-	}
-}
-
-func TestBashCompletionHiddenFlag(t *testing.T) {
-	var cmdTrue = &Command{
-		Use: "does nothing",
-		Run: func(cmd *Command, args []string) {},
-	}
-
-	const flagName = "hidden-foo-bar-baz"
-
-	var flagValue bool
-	cmdTrue.Flags().BoolVar(&flagValue, flagName, false, "hidden flag")
-	cmdTrue.Flags().MarkHidden(flagName)
-
-	out := new(bytes.Buffer)
-	cmdTrue.GenBashCompletion(out)
-	bashCompletion := out.String()
-	if strings.Contains(bashCompletion, flagName) {
-		t.Errorf("expected completion to not include %q flag: Got %v", flagName, bashCompletion)
-	}
-}
-
-func TestBashCompletionDeprecatedFlag(t *testing.T) {
-	var cmdTrue = &Command{
-		Use: "does nothing",
-		Run: func(cmd *Command, args []string) {},
-	}
-
-	const flagName = "deprecated-foo-bar-baz"
-
-	var flagValue bool
-	cmdTrue.Flags().BoolVar(&flagValue, flagName, false, "hidden flag")
-	cmdTrue.Flags().MarkDeprecated(flagName, "use --does-not-exist instead")
-
-	out := new(bytes.Buffer)
-	cmdTrue.GenBashCompletion(out)
-	bashCompletion := out.String()
-	if strings.Contains(bashCompletion, flagName) {
-		t.Errorf("expected completion to not include %q flag: Got %v", flagName, bashCompletion)
-	}
-}
-
-func BenchmarkBashCompletion(b *testing.B) {
-	c := initializeWithRootCmd()
-	cmdEcho.AddCommand(cmdTimes)
-	c.AddCommand(cmdEcho, cmdPrint, cmdDeprecated, cmdColon)
-
-	file, err := ioutil.TempFile("", "")
-	if err != nil {
-		b.Fatal(err)
-	}
-	defer os.Remove(file.Name())
-
-	b.ResetTimer()
-	for i := 0; i < b.N; i++ {
-		if err := c.GenBashCompletion(file); err != nil {
-			b.Fatal(err)
-		}
-	}
-}