v0.12.0
Changelog for rest-server 0.12.0 (2023-04-24)
The following sections list the changes in rest-server 0.12.0 relevant to users. The changes are ordered by importance.
Summary
- Fix #183: Allow usernames containing underscore and more
- Fix #219: Ignore unexpected files in the data/ folder
- Fix #1871: Return 500 "Internal server error" if files cannot be read
- Chg #207: Return error if command-line arguments are specified
- Chg #208: Update dependencies and require Go 1.17 or newer
- Enh #133: Cache basic authentication credentials
- Enh #187: Allow configurable location for
.htpasswd
file
Details
-
Bugfix #183: Allow usernames containing underscore and more
The security fix in rest-server 0.11.0 (#131) disallowed usernames containing and underscore "". The list of allowed characters has now been changed to include Unicode characters, numbers, "", "-", "." and "@".
-
Bugfix #219: Ignore unexpected files in the data/ folder
If the data folder of a repository contained files, this would prevent restic from retrieving a list of file data files. This has been fixed. As a workaround remove the files that are directly contained in the data folder (e.g.,
.DS_Store
files). -
Bugfix #1871: Return 500 "Internal server error" if files cannot be read
When files in a repository cannot be read by rest-server, for example after running
restic prune
directly on the server hosting the repositories in a way that causes filesystem permissions to be wrong, rest-server previously returned 404 "Not Found" as status code. This was causing confusing for users.The error handling has now been fixed to only return 404 "Not Found" if the file actually does not exist. Otherwise a 500 "Internal server error" is reported to the client and the underlying error is logged at the server side.
-
Change #207: Return error if command-line arguments are specified
Command line arguments are ignored by rest-server, but there was previously no indication of this when they were supplied anyway.
To prevent usage errors an error is now printed when command line arguments are supplied, instead of them being silently ignored.
-
Change #208: Update dependencies and require Go 1.17 or newer
Most dependencies have been updated. Since some libraries require newer language features, support for Go 1.15-1.16 has been dropped, which means that rest-server now requires at least Go 1.17 to build.
-
Enhancement #133: Cache basic authentication credentials
To speed up the verification of basic auth credentials, rest-server now caches passwords for a minute in memory. That way the expensive verification of basic auth credentials can be skipped for most requests issued by a single restic run. The password is kept in memory in a hashed form and not as plaintext.
-
Enhancement #187: Allow configurable location for
.htpasswd
fileIt is now possible to specify the location of the
.htpasswd
file using the--htpasswd-file
option.