gofiber/fiber
 Watch   
 Star   
 Fork   
2024-07-01 04:11:08
fiber

v2.52.5

👮 Security

Middleware/session: Session Middleware Token Injection Vulnerability - GHSA-98j2-3j3p-fw2v

https://docs.gofiber.io/api/middleware/session

🧹 Updates

  • Middleware/session: Remove extra release and aquire ctx calls in session_test.go (#3043)

🐛 Bug Fixes

  • Middleware/monitor: middleware reporting of CPU usage (#2984)
  • Middleware/session: mutex for thread safety (#3050)

📚 Documentation

  • Improve ctx.Locals method description and example (#3030)
  • Improve ctx.Locals method documentation (#3033)
  • Update README_id.md (#3045)

Full Changelog: https://github.com/gofiber/fiber/compare/v2.52.4...v2.52.5

Thank you @nyufeng, @PaulTitto and @sixcolors for making this update possible.

2024-07-01 04:08:19
fiber

v3.0.0-beta.3

🚀 New Features

  • Middleware/static: add static middleware (#3006)
  • Middleware/cache: Add Cache Invalidation Option to Cache Middleware (#3036)
  • Middleware/keyauth: Add support for custom KeyLookup functions in the Keyauth middleware (#3028)
  • Add support for zstd compression (#3041)
  • Add configuration support to c.SendFile() (#3017)
  • Add support for longtests during CI (#3054)
  • Add CHIPS support to Cookie (#3047)

🧹 Updates

  • Middleware/cors: Config, lists as list types (#2962)
  • Middleware/session: Remove extra release and acquire ctx calls in session_test.go (#3044)
  • Optimize Cache middleware handler (#3031)
  • Adding a generator to generate the CTX interface (#3024)
  • Add Benchmarks for IsProxyTrusted() (#2933)

🐛 Bug Fixes

  • Fix some struct names in comments (#2974)
  • Fixes #3038 "v3 Flash Message with redirect is not working" (#3046)
  • Middleware/session: mutex for thread safety (#3049)
  • Middleware/session: fix data-race with sync.Pool (#3051)

🛠️ Maintenance

  • Bump github.com/valyala/fasthttp from 1.52.0 to 1.53.0 (#3000)
  • Bump github.com/valyala/fasthttp from 1.54.0 to 1.55.0 (#3037)
  • Updated fasthttp to 1.54.0 release (#3010)

📚 Documentation

  • Add docs for new client (#2991)
  • Consolidate and Document Core Changes in v3 (#2934)
  • Fix broken link to slim template in FAQ (#2969)
  • Fix merge conflict in documentation (#2957)
  • Fix some comments (#2983)
  • Update intro.md to make clear fiber.Ctx is not thread-safe. (#3014)
  • Improve ctx.Locals method description, godoc and example (#3032)
  • Add zero-allocation section to README (#3039)
  • Middleware/csrf: Update config TrustedOrigin comments (#2963)
  • Middleware/cors middleware (#2979)

Full Changelog: https://github.com/gofiber/fiber/compare/v3.0.0-beta.2...v3.0.0-beta.3

Thank you @efectn, @gaby, @hcancelik, @dave-gray101, @sixcolors, @ReneWerner87, @orvillesimba, @deferdeter, @rabarar, @dockercui and @omaskery for making this update possible.

2024-04-08 02:34:23
fiber

v3.0.0-beta.2

🚀 New

  • Binding: Initial support for binding (#1981)
  • Addon: add retry mechanism (#1972)
  • Client: client refactor (#1986)
  • Middleware/csrf: Add support for trusted origins (#2910)
  • Middleware/csrf: TrustedOrigins using https://*.example.com style subdomains (#2925)
  • Middleware/cors: Add support for Access-Control-Allow-Private-Network (#2908)
  • Middleware/proxy: Add DialDualStack option for upstream IPv6 support (#2900)
  • Convert fiber.Ctx type to interface (#1928)
  • Merge Listen methods & ListenConfig (#1930)
  • New Route method (#2065)
  • Router interface changes (#2176)
  • New redirection methods (#2014)
  • New mounting system (#2022)
  • Generate msgp tests (#2263)
  • Make app.Test accept a time.Duration timeout (#2269)
  • Add QueryParser for get query using generic (#2776)
  • Addition of Locals Function with Go Generics as an Alternative to c.Locals (#2813)
  • Add support for custom constraints (#2807)
  • Adding GetReqHeaders and GetRespHeaders (#2831)
  • Implement new generic functions: Params, Get and Convert (#2850)

🧹 Updates

  • Middleware/adpator: Add parallel benchmarks to adaptor middleware (#2870)
  • Middleware/csrf,limiter: Update CSRF and Limiter to remove repetitive names (#2846)
  • Middleware/earlydata (#2270)
  • Middleware/filesystem: Refactor filesystem middleware with io/fs (#2027)
  • Middleware/healthchecker: Migrate HealthChecker to v3 (#2884)
  • Middleware/idempotency (#2253)
  • Middleware/logger: Remove mutex lock in logger middleware (#2840)
  • Middleware/logger: refactor logger middleware (#1979)
  • Client: Rename "ClientNew" Function to "New" (#2896)
  • Router: return status 501 instead of 400 on unknown method (#2220)
  • Add []byte support to utils.EqualFold (#2029)
  • Remove utils.Trim* because stdlib has same performance in go1.19 (#2030)
  • Use testify for assertion (#2036)
  • Change startup message (#2041)
  • Cleanup (#2255)
  • Update Ctx.Format to match Express's res.format (#2766)
  • Change interface{} to any (#2796)
  • Clean up errcheck config (#2841)
  • Update startup message formatting (#2847)
  • Add inamedparam linter (#2848)
  • Simplify content negotiation code (#2865)
  • Expand Tests and Benchmarks for Log package (#2886)
  • Performance optimizations (#2838, #2947)

🐛 Fixes

  • Middleware/cors: CORS handling (#2938)
  • Middleware/logger: Fix logger benchmarks (#2074)
  • Middleware/logger: Print to stderr if log fails for default format (#2830)
  • Fix benchmark results (#1982, #2130)
  • Rename WithTlsConfig method to WithTLSConfig (#2570)
  • ContextKey collisions (#2781)
  • Fix testifylint errors in middleware (#2805)
  • Fix remaining testifylint errors (#2806)
  • Fix force type assertions in session_test.go (#2815)
  • Added respects body immutability to ctx.Body() and ctx.BodyRaw() functions. (#2812)
  • Testifylint failure that fell through the cracks (#2821)
  • Inconsistent and flaky unit-tests (#2892)
  • Improper query/body parsing with embedded structs (#2906)

🛠️ Maintenance

  • Bump minimum version of Go to 1.21 (#2911)
  • Add go1.22 to test matrix (#2835)
  • Update to use gofiber/utils/v2 (#2184)
  • Speed up addon/retry tests (#2800)
  • Re-enable tparallel linter (#2801)
  • Do not retry flaky tests (#2875)
  • Update test workflow to use gotestsum (#2895)
  • Enabling shuffling, cleanup and consistency across tests (#2931)
  • Run tests against Apple M1 platform (#2852)
  • Merge V2 to v3 (#2864, #2944)
  • Middleware/cors: Merge changes from v2 (#2922)
  • Update golangci-lint to v1.55.2 (#2817)
  • Address multiple lint rules (#2869)
  • Make golangci-lint config stricter (#2874)
  • Update golangci-lint to enable more lint rules (#2923)
  • Bump golangci-lint to v1.56.1 (#2842)
  • Bump golangci-lint to v1.56.2 (#2862)
  • Bump golangci-lint to v1.57.1 (#2929)
  • Bump github.com/google/uuid from 1.5.0 to 1.6.0 (#2810)
  • Bump github.com/valyala/fasthttp from 1.51.0 to 1.52.0 (#2857)
  • Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#2888)
  • Bump github.com/gofiber/utils/v2 from 2.0.0-beta.3 to 2.0.0-beta.4 (#2935)

📚 Documentation

  • Update handler signature for v3 (#2794)
  • Undocumented function in session.md (#2795)
  • Fix typo in documentation (#2802)
  • Fix a misspelled comment (#2809)
  • Update Typo documentation (#2820)
  • Fix typo in routing.md (#2836)
  • Add CODEOWNERS file (#2851)
  • Update Version Numbers in Docs (#2853)
  • Fix code snippet indentation in /docs/api/middleware/keyauth.md (#2868)
  • Update docs to reflect fiber.Ctx struct to interface change (#2880)
  • Fix TrustedProxies documentation related to IP ranges (#2887)
  • Improve translation (#2899)
  • Refactor Documenation for HealthCheck (#2905)
  • Fixed a typo in app.go (#2912)
  • Cleanup and updates to README files (#2914)
  • Remove repetitive words (#2917)

Full Changelog: https://github.com/gofiber/fiber/compare/v2.52.4...v3.0.0-beta.2

Thank you @efectn, @Behzad-Khokher, @the-hotmann, @gozeloglu, @trim21, @wangjq4214, @KrisCarr, @pjebs, @balcieren, @leonklingele, @sixcolors, @nickajacks1, @gandaldf, @StrawHatHacker, @ryanbekhen, @theleeeo, @nnnkkk7, @canks69, @asyslinux, @brunodmartins, @gaby, @linogomez, @Fenny, @grivera64, @ReneWerner87, @luk3skyw4lker, @dreamscached, @emirhansirkeci, @sebytza23, @techerfan, @racerole, @negrel, @devhsoj, @dozheiny for making this update possible.

2024-03-27 05:40:09
fiber

v2.52.4

🐛 Fixes

Full Changelog: https://github.com/gofiber/fiber/compare/v2.52.3...v2.52.4

2024-03-26 03:26:29
fiber

v2.52.3

🐛 Fixes

Full Changelog: https://github.com/gofiber/fiber/compare/v2.52.2...v2.52.3

2024-03-03 01:56:50
fiber

v2.52.2

🐛 Fixes

Full Changelog: https://github.com/gofiber/fiber/compare/v2.52.1...v2.52.2

2024-02-22 04:18:56
fiber

v2.52.1

👮 Security

Middleware/cors: Insecure CORS Configuration Allowing Wildcard Origin with Credentials - GHSA-fmg4-x8pw-hjhg

https://docs.gofiber.io/api/middleware/cors

🐛 Fixes

  • Middleware/healthcheck: Not working with route group(#2863)

📚 Documentation

  • Fix default value to false in docs of QueryBool (#2811)
  • Fix code snippet indentation in /docs/api/middleware/keyauth.md (#2867)

Full Changelog: https://github.com/gofiber/fiber/compare/v2.52.0...v2.52.1

Thank you @luk3skyw4lker, @CAEL0, @grivera64, @gaby and @sixcolors for making this update possible.

2024-01-05 21:36:18
fiber

v2.52.0

🚀 New

// Direct usage with default config
app.Use(healthcheck.New())

// Or extend your config for customization
app.Use(healthcheck.New(healthcheck.Config{
    LivenessEndpoint: "/live",
    LivenessProbe: func(c *fiber.Ctx) bool {
        return true
    },
    ReadinessEndpoint: "/ready",
    ReadinessProbe: func(c *fiber.Ctx) bool {
        return serviceA.Ready() && serviceB.Ready() && ...
    },
}))

🧹 Updates

  • Middlewares: don't constrain middlewares context-keys to strings (#2751)
  • Middleware/logger: colorize logger error message #2593 (#2773)
  • Middleware/logger: changing default log output (#2730)
  • Middleware/logger: log client IP address by default (#2755)
  • Middleware/encryptcookie: update default config (#2753)
  • Improve benchmarks for getOffer (#2739)

🛠️ Maintenance

  • Bump github/codeql-action from 2 to 3 (#2763)
  • Bump github.com/google/uuid from 1.4.0 to 1.5.0 (#2762)
  • Bump actions/setup-go from 4 to 5 (#2754)
  • Bump golang.org/x/sys from 0.14.0 to 0.15.0 (#2744)
  • Bump github.com/valyala/fasthttp from 1.50.0 to 1.51.0 (#2721)

🐛 Fixes

  • Middleware/redirect : fix for redirect with query params (#2748)
  • Middleware/adaptor: Adaptor + otelfiber issue #2641 (#2772)
  • Middleware/cors: Should use the defined AllowedOriginsFunc config when AllowedOrigins is empty (#2771)
  • Middleware/session: Race in session middleware tests (#2740)
  • Middleware/csrf: Fix failing CSRF tests (#2720)
  • Fix race condition in parallel tests (#2734)
  • utils.IsIPv4 and net.ParseIP have inconsistent results #2735 (#2736)

📚 Documentation

  • Middleware/csrf: Improve csrf docs (#2726)
  • Update app.md for indentation (#2761)
  • Update default config (#2753)
  • Update CONTRIBUTING.md (#2752)

Full Changelog: https://github.com/gofiber/fiber/compare/v2.51.0...v2.52.0

Thank you @MehmetFiratKomurcu, @benjajaja, @brunodmartins, @gilwo, @iredmail, @itswcg, @luk3skyw4lker, @muhammadkholidb, @nickajacks1, @sixcolors and @tokelo-12 for making this update possible.

2023-11-14 15:18:46
fiber

v2.51.0

🚀 New

// Consideration of parameters in the accepted headers
// Accept: text/plain, application/json; version=1; foo=bar

app.Get("/", func(c *fiber.Ctx) error {
  // Extra parameters in the accept are ignored
  c.Accepts("text/plain;format=flowed") // "text/plain;format=flowed"

  // An offer must contain all parameters present in the Accept type
  c.Accepts("application/json") // ""

  // Parameter order and capitalization does not matter. Quotes on values are stripped.
  c.Accepts(`application/json;foo="bar";VERSION=1`) // "application/json;foo="bar";VERSION=1"
})
// Passing a custom json type
ctx.JSON(fiber.Map{
    "type": "https://example.com/probs/out-of-credit",
    "title": "You do not have enough credit.",
    "status": 403,
    "detail": "Your current balance is 30, but that costs 50.",
    "instance": "/account/12345/msgs/abc",
  }, fiber.)

🧹 Updates

  • Ctx.Range: reduce allocations (#2705)
  • Middleware/pprof: improve performance (#2709)

🛠️ Maintenance

  • Bump golang.org/x/sys from 0.13.0 to 0.14.0 (#2707)
  • Bump github.com/google/uuid from 1.3.1 to 1.4.0 (#2693)
  • Bump actions/setup-node from 3 to 4 (#2690)
  • Bbump github.com/mattn/go-isatty from 0.0.19 to 0.0.20 (#2679)

🐛 Fixes

  • Middleware/limiter: fix intermittent failures (#2716)
  • Naming of routes works wrong after mount #2688 (#2689)
  • Fix method validation on route naming (#2686)

📚 Documentation

  • Changed "Twitter" to "X (Twitter)" in README.md Contribute Section (#2696)
  • Add additional information as to why GetReqHeaders returns a map where the values are slices of strings (#2698)
  • Enhance csrf.md (#2692)

Full Changelog: https://github.com/gofiber/fiber/compare/v2.50.0...v2.51.0

Thank you @BandhiyaHardik, @database64128, @efectn, @moritz157, @nickajacks1, @rhburt and @sixcolors for making this update possible.

2023-10-16 16:35:42
fiber

v2.50.0

❗ Breaking Changes

  • Change signatures of GetReqHeaders and GetRespHeaders (#2650)

To allow single and list values under headers according to the rfc standard

- func (c *Ctx) GetReqHeaders() map[string]string
+ func (c *Ctx) GetReqHeaders() map[string][]string
- func (c *Ctx) GetRespHeaders() map[string]string
+ func (c *Ctx) GetRespHeaders() map[string][]string

👮 Security

Middleware/csrf: Token Vulnerability (GHSA-mv73-f69x-444p, GHSA-94w9-97p3-p368)

https://docs.gofiber.io/api/middleware/csrf

🚀 Improvements to the CSRF middleware:

  • Added support for single-use tokens through the SingleUseToken configuration option.
  • Optional integration with GoFiber session middleware through the Session and SessionKey configuration options.
  • Introduction of origin checks for HTTPS connections to verify referer headers.
  • Implementation of a Double Submit Cookie approach for CSRF token generation and validation when used without Session.
  • Enhancement of error handling with more descriptive error messages.
  • The documentation for the CSRF middleware has been enhanced with the addition of the new options and best practices to improve security.

Thank you @sixcolors

🚀 New

// Field names should start with an uppercase letter
type Person struct {
    Name     string  `cookie:"name"`
    Age      int     `cookie:"age"`
    Job      bool    `cookie:"job"`
}
// Example route
app.Get("/", func(c *fiber.Ctx) error {
    p := new(Person)
    // This method is similar to BodyParser, but for cookie parameters
    if err := c.CookieParser(p); err != nil {
        return err
    }
    
    log.Println(p.Name)     // Joseph
    log.Println(p.Age)      // 23
    log.Println(p.Job)      // true
})
// To disable caching completely, pass MaxAge value negative. It will set the Access-Control-Max-Age header 0.
app.Use(cors.New(cors.Config{MaxAge: -1})) 
// Provide more flexibility in session management, especially in scenarios like repeated user logins
func (s *Session) Reset() error

Example usage:

// Initialize default config
// This stores all of your app's sessions
store := session.New()

app.Post("/login", func(c *fiber.Ctx) error {
    // Get session from storage
    sess, err := store.Get(c)
    if err != nil {
        panic(err)
    }
    
    // ... validate login ...
    
    // Check if the session is fresh
    if !sess.Fresh() {
        // If the session is not fresh, reset it
        if err := sess.Reset(); err != nil {
            panic(err)
        }
    }
    // Set new session data
    sess.Set("user_id", user.ID)
    // Save session
    if err := sess.Save(); err != nil {
        panic(err)
    }

    return c.SendString(fmt.Sprintf("Welcome %v", user.ID))
})
// Provide more control over individual session management, especially in scenarios 
// like administrator-enforced user logout or user-initiated logout from a specific device session
func (s *Store) Delete(id string) error

Example usage:

app.Post("/admin/session/:id/logout", func(c *fiber.Ctx) error {
    // Get session id from request
    sessionID := c.Params("id")

    // Delete the session
    if err := store.Delete(sessionID); err != nil {
        return c.Status(500).SendString(err.Error())
    }

    return c.SendString("Logout successful")
})

🧹 Updates

  • Middleware/filesystem: Improve status for SendFile (#2664)
  • Middleware/filesystem: Set response code (#2632)
  • Refactor Ctx.Method func to improve code readability (#2647)

🛠️ Maintenance

  • Fix loop variable captured by func literal (#2660)
  • Run gofumpt and goimports (#2662)
  • Use utils.AssertEqual instead of t.Fatal on some tests (#2653)
  • Apply go fix ./... with latest version of go in repository (#2661)
  • Bump github.com/valyala/fasthttp from 1.49.0 to 1.50.0 (#2634)
  • Bump golang.org/x/sys from 0.12.0 to 0.13.0 (#2665)

🐛 Fixes

  • Path checking on route naming (#2676)
  • Incorrect log depth when use log.WithContext (#2666)
  • Jsonp ignoring custom json encoder (#2658)
  • PassLocalsToView when bind parameter is nil (#2651)
  • Parse ips return invalid in abnormal case (#2642)
  • Bug parse custom header (#2638)
  • Middleware/adaptor: Reduce memory usage by replacing io.ReadAll() with io.Copy() (#2637)
  • Middleware/idempotency: Nil pointer dereference issue on idempotency middleware (#2668)

📚 Documentation

  • Incorrect status code source (#2667)
  • Middleware/requestid: Typo in requestid.md (#2675)
  • Middleware/cors: Update docs to better explain AllowOriginsFunc (#2652)

Full Changelog: https://github.com/gofiber/fiber/compare/v2.49.2...v2.50.0

Thank you @KaptinLin, @Skyenought, @cuipeiyu, @dairlair, @efectn, @gaby, @geerew, @huykn, @jimmyl02, @joey1123455, @joshlarsen, @jscappini, @peczenyj and @sixcolors for making this update possible.