* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* fix(middleware/cors): Config, lists as list types.
Improve insecure config error text.
* chore: Add tests for CORS preflight requests with Access-Control-Request-Headers
* test(middleware/cors): explicit wildcard in test
---------
Co-authored-by: Juan Calderon-Perez <835733+gaby@users.noreply.github.com>
* Update pull_request_template.md
* Update v3-changes.md
* Update CONTRIBUTING.md (#2752)
Grammar correction.
* chore(encryptcookie)!: update default config (#2753)
* chore(encryptcookie)!: update default config
docs(encryptcookie): enhance documentation and examples
BREAKING CHANGE: removed the hardcoded "csrf_" from the Except.
* docs(encryptcookie): reads or modifies cookies
* chore(encryptcookie): csrf config example
* docs(encryptcookie): md table spacing
* build(deps): bump actions/setup-go from 4 to 5 (#2754)
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4 to 5.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v4...v5)
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* 🩹 middleware/logger/: log client IP address by default (#2755)
* middleware/logger: Log client IP address by default.
* Update doc.
* fix: don't constrain middlewares' context-keys to strings 🐛 (#2751)
* Revert "Revert "🐛 requestid.Config.ContextKey is interface{} (#2369)" (#2742)"
This reverts commit 28be17f929cfa7d3c27dd292fc3956f2f9882e22.
* fix: request ContextKey default value condition
Should check for `nil` since it is `any`.
* fix: don't constrain middlewares' context-keys to strings
`context` recommends using "unexported type" as context keys to avoid
collisions https://pkg.go.dev/github.com/gofiber/fiber/v2#Ctx.Locals.
The official go blog also recommends this https://go.dev/blog/context.
`fiber.Ctx.Locals(key any, value any)` correctly allows consumers to
use unexported types or e.g. strings.
But some fiber middlewares constrain their context-keys to `string` in
their "default config structs", making it impossible to use unexported
types.
This PR removes the `string` _constraint_ from all middlewares, allowing
to now use unexported types as per the official guidelines. However
the default value is still a string, so it's not a breaking change, and
anyone still using strings as context keys is not affected.
* 📚 Update app.md for indentation (#2761)
Update app.md for indentation
* build(deps): bump github.com/google/uuid from 1.4.0 to 1.5.0 (#2762)
Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/uuid/compare/v1.4.0...v1.5.0)
---
updated-dependencies:
- dependency-name: github.com/google/uuid
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* build(deps): bump github/codeql-action from 2 to 3 (#2763)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v2...v3)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Changing default log output (#2730)
changing default log output
Closes#2729
* Update hooks.md
fix wrong hooks signature
* 🩹 Fix: CORS middleware should use the defined AllowedOriginsFunc config when AllowedOrigins is empty (#2771)
* 🐛 [Bug]: Adaptator + otelfiber issue #2641 (#2772)
* 🩹🚨 - fix for redirect with query params (#2748)
* redirect with query params did not work, fix it and add test for it
* redirect middleware - fix test typo
* ♻️ logger/middleware colorize logger error message #2593 (#2773)
* ✨ feat: add liveness and readiness checks (#2509)
* ✨ feat: add liveness and readiness checkers
* 📝 docs: add docs for liveness and readiness
* ✨ feat: add options method for probe checkers
* ✅ tests: add tests for liveness and readiness
* ♻️ refactor: change default endpoint values
* ♻️ refactor: change default value for liveness endpoint
* 📝 docs: add return status for liveness and readiness probes
* ♻️ refactor: change probechecker to middleware
* 📝 docs: move docs to middleware session
* ♻️ refactor: apply gofumpt formatting
* ♻️ refactor: remove unused parameter
* split config and apply a review
* apply reviews and add testcases
* add benchmark
* cleanup
* rename middleware
* fix linter
* Update docs and config values
* Revert change to IsReady
* Updates based on code review
* Update docs to match other middlewares
---------
Co-authored-by: Muhammed Efe Cetin <efectn@protonmail.com>
Co-authored-by: Juan Calderon-Perez <835733+gaby@users.noreply.github.com>
Co-authored-by: Juan Calderon-Perez <jgcalderonperez@protonmail.com>
* prepare release v2.52.0
- add more Parser tests
* fix healthcheck.md
* configure workflows for V2 branch
* configure workflows for V2 branch
* Fix default value to false in docs of QueryBool (#2811)
fix default value to false in docs of QueryBool
* update queryParser config
* Update ctx.md
* Update routing.md
* 📚 Doc: Fix code snippet indentation in /docs/api/middleware/keyauth.md
Removes an an extra level of indentation in line 51 of
`keyauth.md` [here](https://github.com/gofiber/fiber/blob/v2/docs/api/middleware/keyauth.md?plain=1#L51)
* fix: healthcheck middleware not working with route group (#2863)
* fix: healthcheck middleware not working with route group
* perf: change verification method to improve perf
* Update healthcheck_test.go
* test: add not matching route test for strict routing
* add more test cases
* correct tests
* correct test helpers
* correct tests
* correct tests
---------
Co-authored-by: Juan Calderon-Perez <835733+gaby@users.noreply.github.com>
Co-authored-by: René Werner <rene@gofiber.io>
* Merge pull request from GHSA-fmg4-x8pw-hjhg
* Enforce Wildcard Origins with AllowCredentials check
* Expand unit-tests, fix issues with subdomains logic, update docs
* Update cors.md
* Added test using localhost, ipv4, and ipv6 address
* improve documentation markdown
---------
Co-authored-by: René Werner <rene@gofiber.io>
* Update app.go
prepare release v2.52.1
* fix cors domain normalize
* fix sync-docs workflow
* fix sync-docs workflow
* fix(middleware/cors): Validation of multiple Origins (#2883)
* fix: allow origins check
Refactor CORS origin validation and normalization to trim leading or trailing whitespace in the cfg.AllowOrigins string [list]. URLs with whitespace inside the URL are invalid, so the normalizeOrigin will return false because url.Parse will fail, and the middleware will panic.
fixes#2882
* test: AllowOrigins with whitespace
* test(middleware/cors): add benchmarks
* chore: fix linter errors
* test(middleware/cors): use h() instead of app.Test()
* test(middleware/cors): add miltiple origins in Test_CORS_AllowOriginScheme
* chore: refactor validate and normalize
* test(cors/middleware): add more benchmarks
* prepare release v2.52.2
* refactor(docs): deactivate docs sync for v2
* refactor(docs): deactivate docs sync for v2
* fix(middleware/cors): Handling and wildcard subdomain matching (#2915)
* fix: allow origins check
Refactor CORS origin validation and normalization to trim leading or trailing whitespace in the cfg.AllowOrigins string [list]. URLs with whitespace inside the URL are invalid, so the normalizeOrigin will return false because url.Parse will fail, and the middleware will panic.
fixes#2882
* test: AllowOrigins with whitespace
* test(middleware/cors): add benchmarks
* chore: fix linter errors
* test(middleware/cors): use h() instead of app.Test()
* test(middleware/cors): add miltiple origins in Test_CORS_AllowOriginScheme
* chore: refactor validate and normalize
* test(cors/middleware): add more benchmarks
* fix(middleware/cors): handling and wildcard subdomain matching
docs(middleware/cors): add How it works and Security Considerations
* chore: grammar
* Apply suggestions from code review
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* chore: fix misspelling
* test(middleware/cors): combine Invalid_Origins tests
* refactor(middleware/cors): headers handling
* docs(middleware/cors): Update AllowOrigins description
* chore: merge
* perf(middleware/cors): optimize handler
* perf(middleware/cors): optimize handler
* chore(middleware/cors): ipdate origin handling logic
* chore(middleware/cors): fix header capitalization
* docs(middleware/cors): improve sercuity notes
* docs(middleware/cors): Improve security notes
* docs(middleware/cors): improve CORS overview
* docs(middleware/cors): fix ordering of how it works
* docs(middleware/cors): add additional info to How to works
* docs(middleware/cors): rm space
* docs(middleware/cors): add validation for AllowOrigins origins to overview
* docs(middleware/cors): update ExposeHeaders and MaxAge descriptions
* docs(middleware/cors): Add dynamic origin validation example
* docs(middleware/cors): Improve security notes and fix header capitalization
* docs(middleware/cors): configuration examples
* docs(middleware/cors): `"*"`
---------
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* fix(middleware/cors): Categorize requests correctly (#2921)
* fix(middleware/cors): categorise requests correctly
* test(middleware/cors): improve test coverage for request types
* test(middleware/cors): Add subdomain matching tests
* test(middleware/cors): parallel tests for CORS headers based on request type
* test(middleware/cors): Add benchmark for CORS subdomain matching
* test(middleware/cors): cover additiona test cases
* refactor(middleware/cors): origin validation and normalization
* test(middleware/csrf): Fix Benchmark Tests (#2932)
* test(middleware/csrf): fix Benchmark_Middleware_CSRF_*
* fix(middleware/csrf): update refererMatchesHost()
* Prepare release v2.52.3
* fix(middleware/cors): CORS handling (#2937)
* fix(middleware/cors): CORS handling
* fix(middleware/cors): Vary header handling
* test(middleware/cors): Ensure Vary Headers checked
* fix(middleware/cors): Vary header handling non-cors OPTIONS requests (#2939)
* fix(middleware/cors): Vary header handling non-cors OPTIONS requests
* chore(middleware/cors): Add Vary header for non-CORS OPTIONS requests comment
* prepare release v2.52.4
* merge v2 in main(v3)
* merge v2 in main(v3)
* merge v2 in main(v3)
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: tokelo-12 <113810058+tokelo-12@users.noreply.github.com>
Co-authored-by: Jason McNeil <sixcolors@mac.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: iRedMail <2048991+iredmail@users.noreply.github.com>
Co-authored-by: Benjamin Grosse <ste3ls@gmail.com>
Co-authored-by: Mehmet Firat KOMURCU <mehmetfiratkomurcu@hotmail.com>
Co-authored-by: Bruno <bdm2943@icloud.com>
Co-authored-by: Muhammad Kholid B <muhammadkholidb@gmail.com>
Co-authored-by: gilwo <gilwo@users.noreply.github.com>
Co-authored-by: Lucas Lemos <lucashenriqueblemos@gmail.com>
Co-authored-by: Muhammed Efe Cetin <efectn@protonmail.com>
Co-authored-by: Juan Calderon-Perez <835733+gaby@users.noreply.github.com>
Co-authored-by: Juan Calderon-Perez <jgcalderonperez@protonmail.com>
Co-authored-by: Jongmin Kim <kjongmin26@gmail.com>
Co-authored-by: Giovanni Rivera <rivera.giovanni271@gmail.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Add support for Access-Control-Allow-Private-Network in CORS middleware
* Access-Control-Allow-Private-Network in CORS middleware documentation update
* Access-Control-Allow-Private-Network in CORS middleware tests
* Fix lint issues
* Fix formatting
* Rename config option, add more unit-tests
* Fix syntax issue
* Fix conditional
* Fix formatting, add more unit-tests
* chore(middleware/cors): Update middleware/cors/cors.go
* chore(middleware/cors): add HeaderAccessControlRequestPrivateNetowkr
* test(middleware/cors): fix CORS headers
* docs(middleware/cors): table order and alignment
---------
Co-authored-by: Juan Calderon-Perez <835733+gaby@users.noreply.github.com>
Co-authored-by: Juan Calderon-Perez <jgcalderonperez@protonmail.com>
Co-authored-by: Jason McNeil <sixcolors@mac.com>
* feature: implement generic params function
* update: add ctx generic params benchmark function
* fix: fix linter errors on boolean types
* fix: fix linter errors on float variable types
* tests: add Test_Params_TypeAssertFail
Co-authored-by: Jason McNeil <sixcolors@mac.com>
* Update ctx_test.go
* typo: change genericType typo to GenericType in documents
* remove ParamsInt method and rewrite Params method
* add genericParseType tests and benchmarks and simplify genericQuery and genericParams tests and benchmarks
* added GetReqHeader generic function
* added tests for params generic function
* add tests for GetReqHeader generic function
* added GetReqHeader generic function
* Revert "added GetReqHeader generic function"
This reverts commit a63cebb7121fdd315c53b6f0aa3042612a0d23ac.
* fix tests and benchamarks of generic tests
* added default value to array test genericParse
* fix Params generic function on default value and fixes some tests and typos
* remove Test_Params_TypeAssertFail function(it didn't panic anyway)
* fix bad usage on parallel tests
* add convert function
* fix generic tests
* fix fail tests on use parallel multiple time
* fix typo on params comment section
* remove pointer refer on Convert
* update generic benchmarks
* reslove conflicts1
* add specific tests to integer and unsigned integer
generic parser
* fix typo on Convert document
* change uint tests of Test_genericParseTypeInts
* move generic types to utils.go file and change
bitsize of int value type to 0
* update genericParseInt unit tests
* update generic uint tests and pass value type in
check functions
* reverse dependency of Params and genericParams
* update convert docs
---------
Co-authored-by: Jason McNeil <sixcolors@mac.com>
Co-authored-by: Juan Calderon-Perez <835733+gaby@users.noreply.github.com>
Co-authored-by: RW <rene@gofiber.io>
* 🧹 [v3 Maintenance]: Update docs to reflect fiber.Ctx struct to interface change
Summary:
- Update `Static.Next()` in `/docs/api/app.md` to use the `Ctx` interface
- Update `/docs/api/ctx.md` to use the `Ctx` interface
Related Issues:
#2879
* 🧹 [v3 Maintenance]: Update Ctx struct description to interface
Related Issues:
#2879
* Update pull_request_template.md
* Update v3-changes.md
* Update CONTRIBUTING.md (#2752)
Grammar correction.
* chore(encryptcookie)!: update default config (#2753)
* chore(encryptcookie)!: update default config
docs(encryptcookie): enhance documentation and examples
BREAKING CHANGE: removed the hardcoded "csrf_" from the Except.
* docs(encryptcookie): reads or modifies cookies
* chore(encryptcookie): csrf config example
* docs(encryptcookie): md table spacing
* build(deps): bump actions/setup-go from 4 to 5 (#2754)
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4 to 5.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v4...v5)
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* 🩹 middleware/logger/: log client IP address by default (#2755)
* middleware/logger: Log client IP address by default.
* Update doc.
* fix: don't constrain middlewares' context-keys to strings 🐛 (#2751)
* Revert "Revert "🐛 requestid.Config.ContextKey is interface{} (#2369)" (#2742)"
This reverts commit 28be17f929cfa7d3c27dd292fc3956f2f9882e22.
* fix: request ContextKey default value condition
Should check for `nil` since it is `any`.
* fix: don't constrain middlewares' context-keys to strings
`context` recommends using "unexported type" as context keys to avoid
collisions https://pkg.go.dev/github.com/gofiber/fiber/v2#Ctx.Locals.
The official go blog also recommends this https://go.dev/blog/context.
`fiber.Ctx.Locals(key any, value any)` correctly allows consumers to
use unexported types or e.g. strings.
But some fiber middlewares constrain their context-keys to `string` in
their "default config structs", making it impossible to use unexported
types.
This PR removes the `string` _constraint_ from all middlewares, allowing
to now use unexported types as per the official guidelines. However
the default value is still a string, so it's not a breaking change, and
anyone still using strings as context keys is not affected.
* 📚 Update app.md for indentation (#2761)
Update app.md for indentation
* build(deps): bump github.com/google/uuid from 1.4.0 to 1.5.0 (#2762)
Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/uuid/compare/v1.4.0...v1.5.0)
---
updated-dependencies:
- dependency-name: github.com/google/uuid
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* build(deps): bump github/codeql-action from 2 to 3 (#2763)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v2...v3)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Changing default log output (#2730)
changing default log output
Closes#2729
* Update hooks.md
fix wrong hooks signature
* 🩹 Fix: CORS middleware should use the defined AllowedOriginsFunc config when AllowedOrigins is empty (#2771)
* 🐛 [Bug]: Adaptator + otelfiber issue #2641 (#2772)
* 🩹🚨 - fix for redirect with query params (#2748)
* redirect with query params did not work, fix it and add test for it
* redirect middleware - fix test typo
* ♻️ logger/middleware colorize logger error message #2593 (#2773)
* ✨ feat: add liveness and readiness checks (#2509)
* ✨ feat: add liveness and readiness checkers
* 📝 docs: add docs for liveness and readiness
* ✨ feat: add options method for probe checkers
* ✅ tests: add tests for liveness and readiness
* ♻️ refactor: change default endpoint values
* ♻️ refactor: change default value for liveness endpoint
* 📝 docs: add return status for liveness and readiness probes
* ♻️ refactor: change probechecker to middleware
* 📝 docs: move docs to middleware session
* ♻️ refactor: apply gofumpt formatting
* ♻️ refactor: remove unused parameter
* split config and apply a review
* apply reviews and add testcases
* add benchmark
* cleanup
* rename middleware
* fix linter
* Update docs and config values
* Revert change to IsReady
* Updates based on code review
* Update docs to match other middlewares
---------
Co-authored-by: Muhammed Efe Cetin <efectn@protonmail.com>
Co-authored-by: Juan Calderon-Perez <835733+gaby@users.noreply.github.com>
Co-authored-by: Juan Calderon-Perez <jgcalderonperez@protonmail.com>
* prepare release v2.52.0
- add more Parser tests
* fix healthcheck.md
* configure workflows for V2 branch
* configure workflows for V2 branch
* Fix default value to false in docs of QueryBool (#2811)
fix default value to false in docs of QueryBool
* update queryParser config
* Update ctx.md
* Update routing.md
* merge v2 in v3
* merge v2 in v3
* lint fixes
* 📚 Doc: Fix code snippet indentation in /docs/api/middleware/keyauth.md
Removes an an extra level of indentation in line 51 of
`keyauth.md` [here](https://github.com/gofiber/fiber/blob/v2/docs/api/middleware/keyauth.md?plain=1#L51)
* fix: healthcheck middleware not working with route group (#2863)
* fix: healthcheck middleware not working with route group
* perf: change verification method to improve perf
* Update healthcheck_test.go
* test: add not matching route test for strict routing
* add more test cases
* correct tests
* correct test helpers
* correct tests
* correct tests
---------
Co-authored-by: Juan Calderon-Perez <835733+gaby@users.noreply.github.com>
Co-authored-by: René Werner <rene@gofiber.io>
* merge v2 in v3
* Merge pull request from GHSA-fmg4-x8pw-hjhg
* Enforce Wildcard Origins with AllowCredentials check
* Expand unit-tests, fix issues with subdomains logic, update docs
* Update cors.md
* Added test using localhost, ipv4, and ipv6 address
* improve documentation markdown
---------
Co-authored-by: René Werner <rene@gofiber.io>
* Update app.go
prepare release v2.52.1
* fix cors domain normalize
* fix sync-docs workflow
* test: fix failing tests
* fix sync-docs workflow
* test: cors middleware use testify require
* chore: fix lint warnings
* chore: revert test isolation.
* feat: migrate healthchecker to v3
* fix: use Get instead of Use for better router matching
* docs: update docs to v3 info
* fixed the fasthttp ctx race condition problem
* Update middleware/cors/utils.go
Co-authored-by: Renan Bastos <renanbastos.tec@gmail.com>
* fix sync_docs.sh
* fix review comments/hints
* fix review comments/hints
* stabilize Test_Proxy_Timeout_Slow_Server test
* stabilize Test_Proxy_.* tests
* ignore bodyclose linter for tests
use http.NoBody instead of nil
* Add parallel benchmark
* Update healthcheck_test.go
* docs: add comments for next behavior when there are no other handlers defined
* revert(tests): undo http.NoBody usage
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: RW <rene@gofiber.io>
Co-authored-by: tokelo-12 <113810058+tokelo-12@users.noreply.github.com>
Co-authored-by: Jason McNeil <sixcolors@mac.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: iRedMail <2048991+iredmail@users.noreply.github.com>
Co-authored-by: Benjamin Grosse <ste3ls@gmail.com>
Co-authored-by: Mehmet Firat KOMURCU <mehmetfiratkomurcu@hotmail.com>
Co-authored-by: Bruno <bdm2943@icloud.com>
Co-authored-by: Muhammad Kholid B <muhammadkholidb@gmail.com>
Co-authored-by: gilwo <gilwo@users.noreply.github.com>
Co-authored-by: Muhammed Efe Cetin <efectn@protonmail.com>
Co-authored-by: Juan Calderon-Perez <835733+gaby@users.noreply.github.com>
Co-authored-by: Juan Calderon-Perez <jgcalderonperez@protonmail.com>
Co-authored-by: Jongmin Kim <kjongmin26@gmail.com>
Co-authored-by: Giovanni Rivera <rivera.giovanni271@gmail.com>
Co-authored-by: Renan Bastos <renanbastos.tec@gmail.com>
* Update pull_request_template.md
* Update v3-changes.md
* Update CONTRIBUTING.md (#2752)
Grammar correction.
* chore(encryptcookie)!: update default config (#2753)
* chore(encryptcookie)!: update default config
docs(encryptcookie): enhance documentation and examples
BREAKING CHANGE: removed the hardcoded "csrf_" from the Except.
* docs(encryptcookie): reads or modifies cookies
* chore(encryptcookie): csrf config example
* docs(encryptcookie): md table spacing
* build(deps): bump actions/setup-go from 4 to 5 (#2754)
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4 to 5.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v4...v5)
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* 🩹 middleware/logger/: log client IP address by default (#2755)
* middleware/logger: Log client IP address by default.
* Update doc.
* fix: don't constrain middlewares' context-keys to strings 🐛 (#2751)
* Revert "Revert "🐛 requestid.Config.ContextKey is interface{} (#2369)" (#2742)"
This reverts commit 28be17f929cfa7d3c27dd292fc3956f2f9882e22.
* fix: request ContextKey default value condition
Should check for `nil` since it is `any`.
* fix: don't constrain middlewares' context-keys to strings
`context` recommends using "unexported type" as context keys to avoid
collisions https://pkg.go.dev/github.com/gofiber/fiber/v2#Ctx.Locals.
The official go blog also recommends this https://go.dev/blog/context.
`fiber.Ctx.Locals(key any, value any)` correctly allows consumers to
use unexported types or e.g. strings.
But some fiber middlewares constrain their context-keys to `string` in
their "default config structs", making it impossible to use unexported
types.
This PR removes the `string` _constraint_ from all middlewares, allowing
to now use unexported types as per the official guidelines. However
the default value is still a string, so it's not a breaking change, and
anyone still using strings as context keys is not affected.
* 📚 Update app.md for indentation (#2761)
Update app.md for indentation
* build(deps): bump github.com/google/uuid from 1.4.0 to 1.5.0 (#2762)
Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/uuid/compare/v1.4.0...v1.5.0)
---
updated-dependencies:
- dependency-name: github.com/google/uuid
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* build(deps): bump github/codeql-action from 2 to 3 (#2763)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v2...v3)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Changing default log output (#2730)
changing default log output
Closes#2729
* Update hooks.md
fix wrong hooks signature
* 🩹 Fix: CORS middleware should use the defined AllowedOriginsFunc config when AllowedOrigins is empty (#2771)
* 🐛 [Bug]: Adaptator + otelfiber issue #2641 (#2772)
* 🩹🚨 - fix for redirect with query params (#2748)
* redirect with query params did not work, fix it and add test for it
* redirect middleware - fix test typo
* ♻️ logger/middleware colorize logger error message #2593 (#2773)
* ✨ feat: add liveness and readiness checks (#2509)
* ✨ feat: add liveness and readiness checkers
* 📝 docs: add docs for liveness and readiness
* ✨ feat: add options method for probe checkers
* ✅ tests: add tests for liveness and readiness
* ♻️ refactor: change default endpoint values
* ♻️ refactor: change default value for liveness endpoint
* 📝 docs: add return status for liveness and readiness probes
* ♻️ refactor: change probechecker to middleware
* 📝 docs: move docs to middleware session
* ♻️ refactor: apply gofumpt formatting
* ♻️ refactor: remove unused parameter
* split config and apply a review
* apply reviews and add testcases
* add benchmark
* cleanup
* rename middleware
* fix linter
* Update docs and config values
* Revert change to IsReady
* Updates based on code review
* Update docs to match other middlewares
---------
Co-authored-by: Muhammed Efe Cetin <efectn@protonmail.com>
Co-authored-by: Juan Calderon-Perez <835733+gaby@users.noreply.github.com>
Co-authored-by: Juan Calderon-Perez <jgcalderonperez@protonmail.com>
* prepare release v2.52.0
- add more Parser tests
* fix healthcheck.md
* configure workflows for V2 branch
* configure workflows for V2 branch
* Fix default value to false in docs of QueryBool (#2811)
fix default value to false in docs of QueryBool
* update queryParser config
* Update ctx.md
* Update routing.md
* merge v2 in v3
* merge v2 in v3
* lint fixes
* 📚 Doc: Fix code snippet indentation in /docs/api/middleware/keyauth.md
Removes an an extra level of indentation in line 51 of
`keyauth.md` [here](https://github.com/gofiber/fiber/blob/v2/docs/api/middleware/keyauth.md?plain=1#L51)
* fix: healthcheck middleware not working with route group (#2863)
* fix: healthcheck middleware not working with route group
* perf: change verification method to improve perf
* Update healthcheck_test.go
* test: add not matching route test for strict routing
* add more test cases
* correct tests
* correct test helpers
* correct tests
* correct tests
---------
Co-authored-by: Juan Calderon-Perez <835733+gaby@users.noreply.github.com>
Co-authored-by: René Werner <rene@gofiber.io>
* merge v2 in v3
* Merge pull request from GHSA-fmg4-x8pw-hjhg
* Enforce Wildcard Origins with AllowCredentials check
* Expand unit-tests, fix issues with subdomains logic, update docs
* Update cors.md
* Added test using localhost, ipv4, and ipv6 address
* improve documentation markdown
---------
Co-authored-by: René Werner <rene@gofiber.io>
* Update app.go
prepare release v2.52.1
* fix cors domain normalize
* fix sync-docs workflow
* test: fix failing tests
* fix sync-docs workflow
* test: cors middleware use testify require
* chore: fix lint warnings
* chore: revert test isolation.
* fixed the fasthttp ctx race condition problem
* Update middleware/cors/utils.go
Co-authored-by: Renan Bastos <renanbastos.tec@gmail.com>
* fix sync_docs.sh
* fix review comments/hints
* fix review comments/hints
* stabilize Test_Proxy_Timeout_Slow_Server test
* stabilize Test_Proxy_.* tests
* ignore bodyclose linter for tests
use http.NoBody instead of nil
* revert(tests): undo http.NoBody usage
* fix(ctx pool): postpone the reset for some values
shortly before the release in the pool
* refactor(tests): use testify panic method instead of custom solution
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: tokelo-12 <113810058+tokelo-12@users.noreply.github.com>
Co-authored-by: Jason McNeil <sixcolors@mac.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: iRedMail <2048991+iredmail@users.noreply.github.com>
Co-authored-by: Benjamin Grosse <ste3ls@gmail.com>
Co-authored-by: Mehmet Firat KOMURCU <mehmetfiratkomurcu@hotmail.com>
Co-authored-by: Bruno <bdm2943@icloud.com>
Co-authored-by: Muhammad Kholid B <muhammadkholidb@gmail.com>
Co-authored-by: gilwo <gilwo@users.noreply.github.com>
Co-authored-by: Lucas Lemos <lucashenriqueblemos@gmail.com>
Co-authored-by: Muhammed Efe Cetin <efectn@protonmail.com>
Co-authored-by: Juan Calderon-Perez <835733+gaby@users.noreply.github.com>
Co-authored-by: Juan Calderon-Perez <jgcalderonperez@protonmail.com>
Co-authored-by: Jongmin Kim <kjongmin26@gmail.com>
Co-authored-by: Giovanni Rivera <rivera.giovanni271@gmail.com>
Co-authored-by: Renan Bastos <renanbastos.tec@gmail.com>
* 📚 Docs: Update version numbers for v3
* 📚 Docs: Update template docs to reflect changes in #2848
---------
Co-authored-by: Juan Calderon-Perez <835733+gaby@users.noreply.github.com>
chore!: Update CSRF and Limiter to remove repetitive names
The `exported` rule of revive warns to not repeat the package name in
method names. For example, prefer `csrf.FromCookie` over
`csrf.CsrfFromCookie`.
This is a breaking change for v3.
It appears that these issues will not be caught by the linter until the
`exported` rule is reenabled. This requires comments on all exported
symbols, which is a much broader effort.
While not all implementations of io.Write will be goroutine safe, the
vast majority of users of the logger middleware are likely to use
os.File, which does implement safe concurrent writes. If users require
locking, they can implement this on an as-needed basis. The risk of
having global locking is that a slow write can hold up the entire
server.
* Add type-specific local value handling with generics in Ctx
Introduced a new function, Locals, that utilizes Go's generics to handle and retrieve type-specific local values within a request context. This enhancement provides more accurate data type control within the context. Included are tests for generic and custom struct use-cases to ensure the function performs as expected.
* Update documentation for Go generics in Locals method
Added documentation to explain the new version of the Locals method that uses Go's generics feature. This version allows for better control of data types when manipulating and retrieving local values within a request's context. Examples are provided, along with a caution on using correct data types to prevent a runtime panic.
* update ctx.md
* Correct indentation in API documentation
* Refactor Locals function and add new test case
* Refactor Locals function and add new test case
---------
Co-authored-by: Deza Farras Tsany <deza.ftsany@gmail.com>
* Add QueryParser method and tests
Introduced a new method, QueryParser, to parse query parameters from a given context into specified types: integer, boolean, float, and string. The method provides default values for empty or invalid keys. Corresponding tests for each type have also been added to validate the functionality.
* Refactor QueryParser and add string support
Refactored the existing QueryParser method in the code to simplify its structure. Instead of reflecting on types, it now uses explicit type checking. In addition to the existing support for integers, booleans, and floats, the QueryParser method now also supports string parsing. Corresponding tests for the updated method and new feature were added as well.
* Update example call in method comment
Updated the method call example in the comment for the Query function in the ctx.go file. Previously, it was incorrectly demonstrating a call to "QueryParser("wanna_cake", 1)", but this has been updated to correctly represent the method it is commenting, resulting in "Query("wanna_cake", 1)".
* Refactor Query function in ctx.go
The update introduces better type assertion handling in the Query function. A switch statement is now employed to determine the type of the value as opposed to the previous if clauses. In addition, a validation step has been added to ensure the context passed into the function is of the correct type.
* Refactor type handling in Query function
The Query function in ctx.go has been refactored for better and clearer type handling. The code now uses a 'QueryType' interface, replacing explicit string, bool, float, and int declarations. This change also improves the error message when a type assertion fails, making it more descriptive about the specific failure.
* Add type assertion check in ctx.go
Updated the code in ctx.go to add a type assertion check for all case statements. The function now checks if the returned value is of the expected type, and if not, it throws a panic with a description of the failed type assertion.
* Refactor Query function to support more data types
The Query function has been expanded to support a broader range of data types. This includes support for extracting query parameters as different types of integers (both signed and unsigned), strings, floats, and booleans from the request's URI. The function now includes comprehensive parsing capabilities that allow for improved handling of different data types.
* Refactor Query function documentation
The documentation for the Query function has been updated to emphasize its versatility in handling various data types. The changes also clarify how the function operates and demonstrates the usage and benefits of providing a defaultValue. The different variations of QueryBool, QueryFloat, and QueryInt were removed, as they are now encompassed by the enhanced Query function.
* Add benchmark tests for Query function
Benchmark tests have been added to evaluate the performance of the Query function for different data types. These tests will help in assessing the efficiency of the function when processing various queries. The addition of these benchmarks will aid in future optimizations and enhancements of the function.
* Update generic Query function signature
The signature of the generic Query function has been updated to accept different types of data as arguments. The change improves flexibility of the function by allowing it to handle different data types, effectively making it a versatile tool in processing various queries.
* Modify `ctx.Query()` calls in documentation
`ctx.Query()` calls in the ctx.md documentation file were updated to remove the `ctx.` prefix. This is consistent with the typical use cases and makes the code examples more clear and easy to understand.
* Refactored assertValueType function and improved query parameter documentation
Updated the assertValueType function to utilize the utils.UnsafeBytes method for byte conversion. Enhanced the documentation for query parameter types to offer clearer, more comprehensive explanations and examples, including QueryTypeInteger, QueryTypeFloat, and subcategories.
* Update Query method calls to use new fiber.Query syntax
In this commit, the conventional `c.Query()` calls across multiple middleware and document files are updated to use the new `fiber.Query` syntax. The changes align with the updated function signatures in Fiber library that provides type-specific querying. These enhancements contribute to the project's overall robustness and consistency.
* Add Query method to get query string parameters
* Replace 'utils.UnsafeBytes' with 'ctx.app.getBytes'
In the query method, the utils.UnsafeBytes function was replaced with the ctx.app.getBytes method. This change enhances the extraction of query string parameters by making it safer and more context-specific.
* Refactor parsing functions in query handlers
The parsing functions in query handlers have been refactored to simplify the process. Parsing code has been extracted into dedicated functions like 'parseIntWithDefault' and 'parseFloatWithDefault', and they now reside in a new utils file. This modularization improves readability and maintainability of the code. Additionally, documentation is updated to reflect the changes.
* Refactor parsing functions in ctx.go
The parsing functions have been restructured to enhance readability and reduce repetition in the ctx.go file. This was achieved by creating generalised parsing functions that handle defaults and ensure the correct value type is returned. As a result, various single-use parsing functions in the utils.go file have been removed.
* Refactor code to centralize parsing functions
* 🔥 v3: update Ctx.Format to match Express's res.format
While the existing Ctx.Format provides a concise convenience method for
basic content negotiation on simple structures, res.format allows
developers to set their own custom handlers for each content type.
The existing Ctx.Format is renamed to Ctx.AutoFormat.
* doc: add docs for Ctx.Format
* refactor: update based on code review feedback
- Rename Fmt to ResFmt
- Add comments in several places
- Return errors instead of panicking in Format
- Add 'Accept' to the Vary header in Format to match res.format
* chore: improve docs and tests for AutoFormat and Format
* ✨ feat: add support for parameters in content negotiation
Attempts to approach the level of support offered by express,
but behavior may differ in unusual corner cases.
Some key behaviors from Express that are implemented:
- If an offer does not have every parameter listed in the given Accept,
it is rejected.
- Parameters do not affect specificity.
- In a given specificity, more parameters gives greater precedence
- Parameters are unordered
- Matching is case-insensitive
- Surrounding quotes for parameter values are stripped
- If an Accept type specifies a parameter more than once, the last
value provided is taken.
- Parameters after q are not processed.
https://www.rfc-editor.org/rfc/rfc9110#name-parameters
* doc: properly attribute reader.go for validHeaderFieldByte
* fix: remove underscores from fuzz test name
* test(forEachParameter): improve coverage
* doc: add comment clarifying RFC 9110 non-compliance for corner case
* Update ctx.md
Added additional information to why GetReqHeaders returns a map where the values are slices of strings (instead of a single string as one might expect)
* Update ctx.md
added the same explanation to GetRespHeaders too
