remove pointless dependency on ancient http router; use std library instead

Author: crewjam

example/idp/idp.go

@@ -6,9 +6,9 @@ import (
 	"crypto/x509"
 	"encoding/pem"
 	"flag"
+	"net/http"
 	"net/url"
 
-	"github.com/zenazn/goji"
 	"golang.org/x/crypto/bcrypt"
 
 	"github.com/crewjam/saml/logger"
@@ -118,6 +118,5 @@ func main() {
 		logr.Fatalf("%s", err)
 	}
 
-	goji.Handle("/*", idpServer)
-	goji.Serve()
+	http.ListenAndServe(":8080", idpServer)
 }

example/service.go

@@ -14,12 +14,9 @@ import (
 	"net/url"
 	"strings"
 
+	"github.com/crewjam/saml/samlsp"
 	"github.com/dchest/uniuri"
 	"github.com/kr/pretty"
-	"github.com/zenazn/goji"
-	"github.com/zenazn/goji/web"
-
-	"github.com/crewjam/saml/samlsp"
 )
 
 var links = map[string]Link{}
@@ -32,7 +29,7 @@ type Link struct {
 }
 
 // CreateLink handles requests to create links
-func CreateLink(_ web.C, w http.ResponseWriter, r *http.Request) {
+func CreateLink(w http.ResponseWriter, r *http.Request) {
 	account := r.Header.Get("X-Remote-User")
 	l := Link{
 		ShortLink: uniuri.New(),
@@ -45,7 +42,7 @@ func CreateLink(_ web.C, w http.ResponseWriter, r *http.Request) {
 }
 
 // ServeLink handles requests to redirect to a link
-func ServeLink(_ web.C, w http.ResponseWriter, r *http.Request) {
+func ServeLink(w http.ResponseWriter, r *http.Request) {
 	l, ok := links[strings.TrimPrefix(r.URL.Path, "/")]
 	if !ok {
 		http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)
@@ -55,7 +52,7 @@ func ServeLink(_ web.C, w http.ResponseWriter, r *http.Request) {
 }
 
 // ListLinks returns a list of the current user's links
-func ListLinks(_ web.C, w http.ResponseWriter, r *http.Request) {
+func ListLinks(w http.ResponseWriter, r *http.Request) {
 	account := r.Header.Get("X-Remote-User")
 	for _, l := range links {
 		if l.Owner == account {
@@ -140,11 +137,9 @@ func main() {
 
 	// register with the service provider
 	spMetadataBuf, _ := xml.MarshalIndent(samlSP.ServiceProvider.Metadata(), "", "  ")
-
 	spURL := *idpMetadataURL
 	spURL.Path = "/services/sp"
 	resp, err := http.Post(spURL.String(), "text/xml", bytes.NewReader(spMetadataBuf))
-
 	if err != nil {
 		panic(err)
 	}
@@ -153,20 +148,17 @@ func main() {
 		panic(err)
 	}
 
-	goji.Handle("/saml/*", samlSP)
-
-	authMux := web.New()
-	authMux.Use(samlSP.RequireAccount)
-	authMux.Get("/whoami", func(w http.ResponseWriter, r *http.Request) {
-		if _, err := pretty.Fprintf(w, "%# v", r); err != nil {
-			panic(err)
-		}
-	})
-	authMux.Post("/", CreateLink)
-	authMux.Get("/", ListLinks)
-
-	goji.Handle("/*", authMux)
-	goji.Get("/:link", ServeLink)
-
-	goji.Serve()
+	mux := http.NewServeMux()
+	mux.Handle("GET /saml/", samlSP)
+	mux.HandleFunc("GET /{link}", ServeLink)
+	mux.Handle("GET /whoami", samlSP.RequireAccount(http.HandlerFunc(
+		func(w http.ResponseWriter, r *http.Request) {
+			if _, err := pretty.Fprintf(w, "%# v", r); err != nil {
+				panic(err)
+			}
+		})))
+	mux.Handle("POST /", samlSP.RequireAccount(http.HandlerFunc(CreateLink)))
+	mux.Handle("GET /", samlSP.RequireAccount(http.HandlerFunc(ListLinks)))
+
+	http.ListenAndServe(":8080", mux)
 }

go.mod

@@ -14,7 +14,6 @@ require (
 	github.com/mattermost/xml-roundtrip-validator v0.1.0
 	github.com/russellhaering/goxmldsig v1.4.0
 	github.com/stretchr/testify v1.10.0
-	github.com/zenazn/goji v1.0.1
 	golang.org/x/crypto v0.18.0
 	gotest.tools v2.2.0+incompatible
 )

go.sum

@@ -43,8 +43,6 @@ github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81P
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
-github.com/zenazn/goji v1.0.1 h1:4lbD8Mx2h7IvloP7r2C0D6ltZP6Ufip8Hn0wmSK5LR8=
-github.com/zenazn/goji v1.0.1/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q=
 golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc=
 golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=

samlidp/samlidp.go

@@ -8,12 +8,9 @@ import (
 	"html/template"
 	"net/http"
 	"net/url"
-	"regexp"
 	"strings"
 	"sync"
 
-	"github.com/zenazn/goji/web"
-
 	"github.com/crewjam/saml"
 	"github.com/crewjam/saml/logger"
 )
@@ -94,40 +91,39 @@ func New(opts Options) (*Server, error) {
 // is called automatically for you by New, but you may need to call it
 // yourself if you don't create the object using New.)
 func (s *Server) InitializeHTTP() {
-	mux := web.New()
+	mux := http.NewServeMux()
 	s.Handler = mux
 
-	mux.Get("/metadata", func(w http.ResponseWriter, r *http.Request) {
+	mux.HandleFunc("GET /metadata", func(w http.ResponseWriter, r *http.Request) {
 		s.idpConfigMu.RLock()
 		defer s.idpConfigMu.RUnlock()
 		s.IDP.ServeMetadata(w, r)
 	})
-	mux.Handle("/sso", func(w http.ResponseWriter, r *http.Request) {
+	mux.HandleFunc("/sso", func(w http.ResponseWriter, r *http.Request) {
 		s.IDP.ServeSSO(w, r)
 	})
 
-	mux.Handle("/login", s.HandleLogin)
-	mux.Handle("/login/:shortcut", s.HandleIDPInitiated)
-	mux.Handle("/login/:shortcut/*", s.HandleIDPInitiated)
-
-	mux.Get("/services/", s.HandleListServices)
-	mux.Get("/services/:id", s.HandleGetService)
-	mux.Put("/services/:id", s.HandlePutService)
-	mux.Post("/services/:id", s.HandlePutService)
-	mux.Delete("/services/:id", s.HandleDeleteService)
-
-	mux.Get("/users/", s.HandleListUsers)
-	mux.Get("/users/:id", s.HandleGetUser)
-	mux.Put("/users/:id", s.HandlePutUser)
-	mux.Delete("/users/:id", s.HandleDeleteUser)
-
-	sessionPath := regexp.MustCompile("/sessions/(?P<id>.*)")
-	mux.Get("/sessions/", s.HandleListSessions)
-	mux.Get(sessionPath, s.HandleGetSession)
-	mux.Delete(sessionPath, s.HandleDeleteSession)
-
-	mux.Get("/shortcuts/", s.HandleListShortcuts)
-	mux.Get("/shortcuts/:id", s.HandleGetShortcut)
-	mux.Put("/shortcuts/:id", s.HandlePutShortcut)
-	mux.Delete("/shortcuts/:id", s.HandleDeleteShortcut)
+	mux.HandleFunc("/login", s.HandleLogin)
+	mux.HandleFunc("/login/{shortcut}", s.HandleIDPInitiated)
+	mux.HandleFunc("/login/{shortcut}/{suffix}", s.HandleIDPInitiated)
+
+	mux.HandleFunc("GET /services/", s.HandleListServices)
+	mux.HandleFunc("GET /services/{id}", s.HandleGetService)
+	mux.HandleFunc("PUT /services/{id}", s.HandlePutService)
+	mux.HandleFunc("POST /services/{id}", s.HandlePutService)
+	mux.HandleFunc("DELETE /services/{id}", s.HandleDeleteService)
+
+	mux.HandleFunc("GET /users/", s.HandleListUsers)
+	mux.HandleFunc("GET /users/{id}", s.HandleGetUser)
+	mux.HandleFunc("PUT /users/{id}", s.HandlePutUser)
+	mux.HandleFunc("DELETE /users/{id}", s.HandleDeleteUser)
+
+	mux.HandleFunc("GET /sessions/", s.HandleListSessions)
+	mux.HandleFunc("GET /sessions/{id}", s.HandleGetSession)
+	mux.HandleFunc("DELETE /sessions/{id}", s.HandleDeleteSession)
+
+	mux.HandleFunc("GET /shortcuts/", s.HandleListShortcuts)
+	mux.HandleFunc("GET /shortcuts/{id}", s.HandleGetShortcut)
+	mux.HandleFunc("PUT /shortcuts/{id}", s.HandlePutShortcut)
+	mux.HandleFunc("DELETE /shortcuts/{id}", s.HandleDeleteShortcut)
 }

samlidp/service.go

@@ -7,8 +7,6 @@ import (
 	"net/http"
 	"os"
 
-	"github.com/zenazn/goji/web"
-
 	"github.com/crewjam/saml"
 )
 
@@ -37,7 +35,7 @@ func (s *Server) GetServiceProvider(_ *http.Request, serviceProviderID string) (
 
 // HandleListServices handles the `GET /services/` request and responds with a JSON formatted list
 // of service names.
-func (s *Server) HandleListServices(_ web.C, w http.ResponseWriter, _ *http.Request) {
+func (s *Server) HandleListServices(w http.ResponseWriter, _ *http.Request) {
 	services, err := s.Store.List("/services/")
 	if err != nil {
 		s.logger.Printf("ERROR: %s", err)
@@ -56,9 +54,9 @@ func (s *Server) HandleListServices(_ web.C, w http.ResponseWriter, _ *http.Requ
 
 // HandleGetService handles the `GET /services/:id` request and responds with the service
 // metadata in XML format.
-func (s *Server) HandleGetService(c web.C, w http.ResponseWriter, _ *http.Request) {
+func (s *Server) HandleGetService(w http.ResponseWriter, r *http.Request) {
 	service := Service{}
-	err := s.Store.Get(fmt.Sprintf("/services/%s", c.URLParams["id"]), &service)
+	err := s.Store.Get(fmt.Sprintf("/services/%s", r.PathValue("id")), &service)
 	if err != nil {
 		s.logger.Printf("ERROR: %s", err)
 		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
@@ -73,7 +71,7 @@ func (s *Server) HandleGetService(c web.C, w http.ResponseWriter, _ *http.Reques
 
 // HandlePutService handles the `PUT /shortcuts/:id` request. It accepts the XML-formatted
 // service metadata in the request body and stores it.
-func (s *Server) HandlePutService(c web.C, w http.ResponseWriter, r *http.Request) {
+func (s *Server) HandlePutService(w http.ResponseWriter, r *http.Request) {
 	service := Service{}
 
 	metadata, err := getSPMetadata(r.Body)
@@ -85,7 +83,7 @@ func (s *Server) HandlePutService(c web.C, w http.ResponseWriter, r *http.Reques
 
 	service.Metadata = *metadata
 
-	err = s.Store.Put(fmt.Sprintf("/services/%s", c.URLParams["id"]), &service)
+	err = s.Store.Put(fmt.Sprintf("/services/%s", r.PathValue("id")), &service)
 	if err != nil {
 		s.logger.Printf("ERROR: %s", err)
 		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
@@ -100,16 +98,16 @@ func (s *Server) HandlePutService(c web.C, w http.ResponseWriter, r *http.Reques
 }
 
 // HandleDeleteService handles the `DELETE /services/:id` request.
-func (s *Server) HandleDeleteService(c web.C, w http.ResponseWriter, _ *http.Request) {
+func (s *Server) HandleDeleteService(w http.ResponseWriter, r *http.Request) {
 	service := Service{}
-	err := s.Store.Get(fmt.Sprintf("/services/%s", c.URLParams["id"]), &service)
+	err := s.Store.Get(fmt.Sprintf("/services/%s", r.PathValue("id")), &service)
 	if err != nil {
 		s.logger.Printf("ERROR: %s", err)
 		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
 		return
 	}
 
-	if err := s.Store.Delete(fmt.Sprintf("/services/%s", c.URLParams["id"])); err != nil {
+	if err := s.Store.Delete(fmt.Sprintf("/services/%s", r.PathValue("id"))); err != nil {
 		s.logger.Printf("ERROR: %s", err)
 		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
 		return

samlidp/session.go

@@ -11,8 +11,6 @@ import (
 
 	"golang.org/x/crypto/bcrypt"
 
-	"github.com/zenazn/goji/web"
-
 	"github.com/crewjam/saml"
 )
 
@@ -145,7 +143,7 @@ func (s *Server) sendLoginForm(w http.ResponseWriter, req *saml.IdpAuthnRequest,
 // in the request body, then they are validated. For valid credentials, the response is a
 // 200 OK and the JSON session object. For invalid credentials, the HTML login prompt form
 // is sent.
-func (s *Server) HandleLogin(_ web.C, w http.ResponseWriter, r *http.Request) {
+func (s *Server) HandleLogin(w http.ResponseWriter, r *http.Request) {
 	if err := r.ParseForm(); err != nil {
 		http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
 		return
@@ -162,7 +160,7 @@ func (s *Server) HandleLogin(_ web.C, w http.ResponseWriter, r *http.Request) {
 
 // HandleListSessions handles the `GET /sessions/` request and responds with a JSON formatted list
 // of session names.
-func (s *Server) HandleListSessions(_ web.C, w http.ResponseWriter, _ *http.Request) {
+func (s *Server) HandleListSessions(w http.ResponseWriter, _ *http.Request) {
 	sessions, err := s.Store.List("/sessions/")
 	if err != nil {
 		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
@@ -180,9 +178,9 @@ func (s *Server) HandleListSessions(_ web.C, w http.ResponseWriter, _ *http.Requ
 
 // HandleGetSession handles the `GET /sessions/:id` request and responds with the session
 // object in JSON format.
-func (s *Server) HandleGetSession(c web.C, w http.ResponseWriter, _ *http.Request) {
+func (s *Server) HandleGetSession(w http.ResponseWriter, r *http.Request) {
 	session := saml.Session{}
-	err := s.Store.Get(fmt.Sprintf("/sessions/%s", c.URLParams["id"]), &session)
+	err := s.Store.Get(fmt.Sprintf("/sessions/%s", r.PathValue("id")), &session)
 	if err != nil {
 		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
 		return
@@ -195,8 +193,8 @@ func (s *Server) HandleGetSession(c web.C, w http.ResponseWriter, _ *http.Reques
 
 // HandleDeleteSession handles the `DELETE /sessions/:id` request. It invalidates the
 // specified session.
-func (s *Server) HandleDeleteSession(c web.C, w http.ResponseWriter, _ *http.Request) {
-	err := s.Store.Delete(fmt.Sprintf("/sessions/%s", c.URLParams["id"]))
+func (s *Server) HandleDeleteSession(w http.ResponseWriter, r *http.Request) {
+	err := s.Store.Delete(fmt.Sprintf("/sessions/%s", r.PathValue("id")))
 	if err != nil {
 		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
 		return