* enhancement: use msgp for flash message encoding/decoding
* add msgp tests
* improve test coverage
* improve test coverage
* fix linter
* update makefile
* extend go generation process
---------
Co-authored-by: Juan Calderon-Perez <835733+gaby@users.noreply.github.com>
Co-authored-by: René <rene@gofiber.io>
* feat: add max calculator to limiter middleware
* docs: update docs including the new parameter
* refactor: add new line before go code in docs
* fix: use crypto/rand instead of math/rand on tests
* test: add new test with zero set as limit
* fix: repeated tests failing when generating random limits
* fix: wrong type of MaxCalculator in docs
* feat: include max calculator in limiter_sliding
* refactor: rename MaxCalculator to MaxFunc
* docs: update docs with MaxFunc parameter
* tests: rename tests and add test for limiter sliding
* Use composites for internal structures. Fix alignment of structures across Fiber
* Update struct alignment in test files
* Enable alignment check with govet
* Fix ctx autoformat unit-test
* Revert app Config struct. Add betteralign to Makefile
* Disable comment on alert since it wont work for forks
* Update benchmark.yml
* Update benchmark.yml
* Remove warning from using positional fields
* Update router.go
* added startup default probe endpoint
* added test case
* updated docs
* updated test order
* added test case
* fixed go fmt and md lint
* fixed go fmt and md lint
* updated doc as per coderabbitai suggestions
* changed healhtcheck route register to use default const instead of string for test cases
* updated whats new with healthcheck content
* updated whats new doc with coderabbitai sugg
* updated migration guide
* Add support for consistent documentation using markdownlint
* Only run workflow during changes to markdown files
* Fix more inconsistencies
* Fixes to markdown under .github/
* More fixes
* Apply suggestions from code review
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Fix typo in limiter docs
* Add missing space before code-block
* Add check for dead-links
* Add write-good
* Remove legacy README files
* Fix glob for skipping .md files
* Use paths-ignore instead
---------
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Support for key length, Add benchmarks for EncryptCookie middleware
* Format tests
* Add tests for panics and key check in Encryptor and Decryptor functions
* Add tests for base64 decoding errors
* Update docs/middleware/encryptcookie.md
Co-authored-by: Jason McNeil <sixcolors@mac.com>
* Update middleware/encryptcookie/utils.go
Co-authored-by: Jason McNeil <sixcolors@mac.com>
* Add suggestions from code review
---------
Co-authored-by: Jason McNeil <sixcolors@mac.com>
* feat: Add session mutex lock for thread safety
* chore: Refactor releaseSession mutex
* docs: Improve session.Save() function
The changes include updating the comments to provide clearer explanations of the function's behavior.
* fix(middleware/session): mutex for thread safety
* chore: Remove extra release and acquire ctx calls in session_test.go
* feat: Remove unnecessary session mutex lock in decodeSessionData function
* port over FallbackKeyLookups from v2 middleware to v3
Signed-off-by: Dave Lee <dave@gray101.com>
* bot pointed out that I missed the format variable
Signed-off-by: Dave Lee <dave@gray101.com>
* fix lint and gofumpt issues
Signed-off-by: Dave Lee <dave@gray101.com>
* major revision: instead of FallbackKeyLookups, expose CustomKeyLookup as function, with utility functions to make creating these easy
Signed-off-by: Dave Lee <dave@gray101.com>
* add more tests to boost coverage
Signed-off-by: Dave Lee <dave@gray101.com>
* teardown code and cleanup
Signed-off-by: Dave Lee <dave@gray101.com>
* test fixes
Signed-off-by: Dave Lee <dave@gray101.com>
* slight boost to test coverage
Signed-off-by: Dave Lee <dave@gray101.com>
* docs: fix md table alignment
* fix comments - change some names, expose functions, improve docs
Signed-off-by: Dave Lee <dave@gray101.com>
* missed one old name
Signed-off-by: Dave Lee <dave@gray101.com>
* fix some suggestions from the bot - error messages, test coverage, mark purely defensive code
Signed-off-by: Dave Lee <dave@gray101.com>
---------
Signed-off-by: Dave Lee <dave@gray101.com>
Co-authored-by: Juan Calderon-Perez <835733+gaby@users.noreply.github.com>
Co-authored-by: Jason McNeil <sixcolors@mac.com>
Co-authored-by: RW <rene@gofiber.io>
* Add an option to invalidate cache
* Add a summary about the cache middleware update
* Rename the option to make it clearer
* Rename hard tab
* Fix markdown formatting
* Revert unnecessary change
* Clarify the description of cache invalidator
* Add empty line
---------
Co-authored-by: RW <rene@gofiber.io>
* fix: token injection vulnerability GHSA-98j2-3j3p-fw2v
- Ensure session IDs are securely generated server-side.
- Add validation to prevent user-supplied session IDs.
- Update tests to verify correct session token use.
This update addresses the critical session middleware vulnerability identified in versions 2 and above of GoFiber.
* chore: Remove unused code and dependencies in session store
* test(middleware/csrf): Save session after generating new session ID
This commit saves the session after generating a new session ID to ensure that the updated session ID is persisted. This change is necessary to address a critical session middleware vulnerability identified in versions 2 and above of GoFiber.
* chore: Save session ID in context for middleware chain
The code changes add functionality to save the newly generated session ID in the context, allowing it to be accessible to subsequent middlewares in the chain. This improvement ensures that the session ID is available for use throughout the middleware stack.
* refactor(session.go): general clean-up
* chore: Revert session freshness behavior
The code changes in `session_test.go` fix the session freshness check by updating the assertions for `sess.Fresh()` and `sess.ID()`. The previous assertions were incorrect and have been corrected to ensure the session ID remains the same and the session is not fresh.
* chore: Update session.Get method signature to use fiber.Ctx instead of *fiber.Ctx
* fix(middleware/cors): Config, lists as list types.
Improve insecure config error text.
* chore: Add tests for CORS preflight requests with Access-Control-Request-Headers
* test(middleware/cors): explicit wildcard in test
---------
Co-authored-by: Juan Calderon-Perez <835733+gaby@users.noreply.github.com>
* Update pull_request_template.md
* Update v3-changes.md
* Update CONTRIBUTING.md (#2752)
Grammar correction.
* chore(encryptcookie)!: update default config (#2753)
* chore(encryptcookie)!: update default config
docs(encryptcookie): enhance documentation and examples
BREAKING CHANGE: removed the hardcoded "csrf_" from the Except.
* docs(encryptcookie): reads or modifies cookies
* chore(encryptcookie): csrf config example
* docs(encryptcookie): md table spacing
* build(deps): bump actions/setup-go from 4 to 5 (#2754)
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4 to 5.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v4...v5)
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* 🩹 middleware/logger/: log client IP address by default (#2755)
* middleware/logger: Log client IP address by default.
* Update doc.
* fix: don't constrain middlewares' context-keys to strings 🐛 (#2751)
* Revert "Revert "🐛 requestid.Config.ContextKey is interface{} (#2369)" (#2742)"
This reverts commit 28be17f929.
* fix: request ContextKey default value condition
Should check for `nil` since it is `any`.
* fix: don't constrain middlewares' context-keys to strings
`context` recommends using "unexported type" as context keys to avoid
collisions https://pkg.go.dev/github.com/gofiber/fiber/v2#Ctx.Locals.
The official go blog also recommends this https://go.dev/blog/context.
`fiber.Ctx.Locals(key any, value any)` correctly allows consumers to
use unexported types or e.g. strings.
But some fiber middlewares constrain their context-keys to `string` in
their "default config structs", making it impossible to use unexported
types.
This PR removes the `string` _constraint_ from all middlewares, allowing
to now use unexported types as per the official guidelines. However
the default value is still a string, so it's not a breaking change, and
anyone still using strings as context keys is not affected.
* 📚 Update app.md for indentation (#2761)
Update app.md for indentation
* build(deps): bump github.com/google/uuid from 1.4.0 to 1.5.0 (#2762)
Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/uuid/compare/v1.4.0...v1.5.0)
---
updated-dependencies:
- dependency-name: github.com/google/uuid
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* build(deps): bump github/codeql-action from 2 to 3 (#2763)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v2...v3)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Changing default log output (#2730)
changing default log output
Closes#2729
* Update hooks.md
fix wrong hooks signature
* 🩹 Fix: CORS middleware should use the defined AllowedOriginsFunc config when AllowedOrigins is empty (#2771)
* 🐛 [Bug]: Adaptator + otelfiber issue #2641 (#2772)
* 🩹🚨 - fix for redirect with query params (#2748)
* redirect with query params did not work, fix it and add test for it
* redirect middleware - fix test typo
* ♻️ logger/middleware colorize logger error message #2593 (#2773)
* ✨ feat: add liveness and readiness checks (#2509)
* ✨ feat: add liveness and readiness checkers
* 📝 docs: add docs for liveness and readiness
* ✨ feat: add options method for probe checkers
* ✅ tests: add tests for liveness and readiness
* ♻️ refactor: change default endpoint values
* ♻️ refactor: change default value for liveness endpoint
* 📝 docs: add return status for liveness and readiness probes
* ♻️ refactor: change probechecker to middleware
* 📝 docs: move docs to middleware session
* ♻️ refactor: apply gofumpt formatting
* ♻️ refactor: remove unused parameter
* split config and apply a review
* apply reviews and add testcases
* add benchmark
* cleanup
* rename middleware
* fix linter
* Update docs and config values
* Revert change to IsReady
* Updates based on code review
* Update docs to match other middlewares
---------
Co-authored-by: Muhammed Efe Cetin <efectn@protonmail.com>
Co-authored-by: Juan Calderon-Perez <835733+gaby@users.noreply.github.com>
Co-authored-by: Juan Calderon-Perez <jgcalderonperez@protonmail.com>
* prepare release v2.52.0
- add more Parser tests
* fix healthcheck.md
* configure workflows for V2 branch
* configure workflows for V2 branch
* Fix default value to false in docs of QueryBool (#2811)
fix default value to false in docs of QueryBool
* update queryParser config
* Update ctx.md
* Update routing.md
* 📚 Doc: Fix code snippet indentation in /docs/api/middleware/keyauth.md
Removes an an extra level of indentation in line 51 of
`keyauth.md` [here](https://github.com/gofiber/fiber/blob/v2/docs/api/middleware/keyauth.md?plain=1#L51)
* fix: healthcheck middleware not working with route group (#2863)
* fix: healthcheck middleware not working with route group
* perf: change verification method to improve perf
* Update healthcheck_test.go
* test: add not matching route test for strict routing
* add more test cases
* correct tests
* correct test helpers
* correct tests
* correct tests
---------
Co-authored-by: Juan Calderon-Perez <835733+gaby@users.noreply.github.com>
Co-authored-by: René Werner <rene@gofiber.io>
* Merge pull request from GHSA-fmg4-x8pw-hjhg
* Enforce Wildcard Origins with AllowCredentials check
* Expand unit-tests, fix issues with subdomains logic, update docs
* Update cors.md
* Added test using localhost, ipv4, and ipv6 address
* improve documentation markdown
---------
Co-authored-by: René Werner <rene@gofiber.io>
* Update app.go
prepare release v2.52.1
* fix cors domain normalize
* fix sync-docs workflow
* fix sync-docs workflow
* fix(middleware/cors): Validation of multiple Origins (#2883)
* fix: allow origins check
Refactor CORS origin validation and normalization to trim leading or trailing whitespace in the cfg.AllowOrigins string [list]. URLs with whitespace inside the URL are invalid, so the normalizeOrigin will return false because url.Parse will fail, and the middleware will panic.
fixes#2882
* test: AllowOrigins with whitespace
* test(middleware/cors): add benchmarks
* chore: fix linter errors
* test(middleware/cors): use h() instead of app.Test()
* test(middleware/cors): add miltiple origins in Test_CORS_AllowOriginScheme
* chore: refactor validate and normalize
* test(cors/middleware): add more benchmarks
* prepare release v2.52.2
* refactor(docs): deactivate docs sync for v2
* refactor(docs): deactivate docs sync for v2
* fix(middleware/cors): Handling and wildcard subdomain matching (#2915)
* fix: allow origins check
Refactor CORS origin validation and normalization to trim leading or trailing whitespace in the cfg.AllowOrigins string [list]. URLs with whitespace inside the URL are invalid, so the normalizeOrigin will return false because url.Parse will fail, and the middleware will panic.
fixes#2882
* test: AllowOrigins with whitespace
* test(middleware/cors): add benchmarks
* chore: fix linter errors
* test(middleware/cors): use h() instead of app.Test()
* test(middleware/cors): add miltiple origins in Test_CORS_AllowOriginScheme
* chore: refactor validate and normalize
* test(cors/middleware): add more benchmarks
* fix(middleware/cors): handling and wildcard subdomain matching
docs(middleware/cors): add How it works and Security Considerations
* chore: grammar
* Apply suggestions from code review
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* chore: fix misspelling
* test(middleware/cors): combine Invalid_Origins tests
* refactor(middleware/cors): headers handling
* docs(middleware/cors): Update AllowOrigins description
* chore: merge
* perf(middleware/cors): optimize handler
* perf(middleware/cors): optimize handler
* chore(middleware/cors): ipdate origin handling logic
* chore(middleware/cors): fix header capitalization
* docs(middleware/cors): improve sercuity notes
* docs(middleware/cors): Improve security notes
* docs(middleware/cors): improve CORS overview
* docs(middleware/cors): fix ordering of how it works
* docs(middleware/cors): add additional info to How to works
* docs(middleware/cors): rm space
* docs(middleware/cors): add validation for AllowOrigins origins to overview
* docs(middleware/cors): update ExposeHeaders and MaxAge descriptions
* docs(middleware/cors): Add dynamic origin validation example
* docs(middleware/cors): Improve security notes and fix header capitalization
* docs(middleware/cors): configuration examples
* docs(middleware/cors): `"*"`
---------
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* fix(middleware/cors): Categorize requests correctly (#2921)
* fix(middleware/cors): categorise requests correctly
* test(middleware/cors): improve test coverage for request types
* test(middleware/cors): Add subdomain matching tests
* test(middleware/cors): parallel tests for CORS headers based on request type
* test(middleware/cors): Add benchmark for CORS subdomain matching
* test(middleware/cors): cover additiona test cases
* refactor(middleware/cors): origin validation and normalization
* test(middleware/csrf): Fix Benchmark Tests (#2932)
* test(middleware/csrf): fix Benchmark_Middleware_CSRF_*
* fix(middleware/csrf): update refererMatchesHost()
* Prepare release v2.52.3
* fix(middleware/cors): CORS handling (#2937)
* fix(middleware/cors): CORS handling
* fix(middleware/cors): Vary header handling
* test(middleware/cors): Ensure Vary Headers checked
* fix(middleware/cors): Vary header handling non-cors OPTIONS requests (#2939)
* fix(middleware/cors): Vary header handling non-cors OPTIONS requests
* chore(middleware/cors): Add Vary header for non-CORS OPTIONS requests comment
* prepare release v2.52.4
* merge v2 in main(v3)
* merge v2 in main(v3)
* merge v2 in main(v3)
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: tokelo-12 <113810058+tokelo-12@users.noreply.github.com>
Co-authored-by: Jason McNeil <sixcolors@mac.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: iRedMail <2048991+iredmail@users.noreply.github.com>
Co-authored-by: Benjamin Grosse <ste3ls@gmail.com>
Co-authored-by: Mehmet Firat KOMURCU <mehmetfiratkomurcu@hotmail.com>
Co-authored-by: Bruno <bdm2943@icloud.com>
Co-authored-by: Muhammad Kholid B <muhammadkholidb@gmail.com>
Co-authored-by: gilwo <gilwo@users.noreply.github.com>
Co-authored-by: Lucas Lemos <lucashenriqueblemos@gmail.com>
Co-authored-by: Muhammed Efe Cetin <efectn@protonmail.com>
Co-authored-by: Juan Calderon-Perez <835733+gaby@users.noreply.github.com>
Co-authored-by: Juan Calderon-Perez <jgcalderonperez@protonmail.com>
Co-authored-by: Jongmin Kim <kjongmin26@gmail.com>
Co-authored-by: Giovanni Rivera <rivera.giovanni271@gmail.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Add support for Access-Control-Allow-Private-Network in CORS middleware
* Access-Control-Allow-Private-Network in CORS middleware documentation update
* Access-Control-Allow-Private-Network in CORS middleware tests
* Fix lint issues
* Fix formatting
* Rename config option, add more unit-tests
* Fix syntax issue
* Fix conditional
* Fix formatting, add more unit-tests
* chore(middleware/cors): Update middleware/cors/cors.go
* chore(middleware/cors): add HeaderAccessControlRequestPrivateNetowkr
* test(middleware/cors): fix CORS headers
* docs(middleware/cors): table order and alignment
---------
Co-authored-by: Juan Calderon-Perez <835733+gaby@users.noreply.github.com>
Co-authored-by: Juan Calderon-Perez <jgcalderonperez@protonmail.com>
Co-authored-by: Jason McNeil <sixcolors@mac.com>
* Fixes for some of the failing tests
* Add readiness check to serverStart()
* Use net/http client for tests listen test
* Use different key for this test
* Run Proxy Middleware tests in parallel. Add nil checks for potential issues pointed by nilaway
* Enable parallel client tests
* Do not run timing sensitive tests in parallel
* Remove TODO
* Revert Test_Proxy_DoTimeout_Timeout, and remove t.Parallel() for it
* Do not calculate favicon len on each handler call
* Revert logic change
* Increase timeout of SaveFile tests
* Do not run time sensitive tests in parallel
* The Agent can't be run in parallel
* Do not run time sensitive tests in parallel
* Fixes based on uber/nilaway
* Revert change to Client test
* Run parallel
* Update client_test.go
* Update client_test.go
* Update cache_test.go
* Update cookiejar_test.go
* Remove parallel for test using timeouts
* Remove t.Parallel() from logger middleware tests
* Do not use testify.require in a goroutine
* Fix import, and update golangci-lint
* Remove changes to template_chain.go
* Run more tests in parallel
* Add more parallel tests
* Add more parallel tests
* SetLogger can't run in parallel
* Run more tests in parallel, fix issue with goroutine in limiter middleware
* Update internal/storage/memory, add more benchmarks
* Increase sleep for csrf test by 100 milliseconds. Implement asserted and parallel benchmarks for Session middleware
* Add 100 milliseconds to sleep during test
* Revert name change
* fix: Inconsistent and flaky unit-tests
* fix: Inconsistent and flaky unit-tests
* fix: Inconsistent and flaky unit-tests
* fix: Inconsistent and flaky unit-tests
* fix: Inconsistent and flaky unit-tests
* fix: Inconsistent and flaky unit-tests
* fix: Inconsistent and flaky unit-tests
* fix: Inconsistent and flaky unit-tests
* fix: Inconsistent and flaky unit-tests
* fix: Inconsistent and flaky unit-tests
---------
Co-authored-by: M. Efe Çetin <efectn@protonmail.com>
Co-authored-by: René <rene@gofiber.io>
* ✨ v3: Move the client module to the client folder and fix the error
* ✨ v3: add xml encoder and decoder
* 🚧 v3: design plugin and hook mechanism, complete simple get request
* 🚧 v3: reset add some field
* 🚧 v3: add doc and fix some error
* 🚧 v3: add header merge
* 🚧 v3: add query param
* 🚧 v3: change to fasthttp's header and args
* ✨ v3: add body and ua setting
* 🚧 v3: add cookie support
* 🚧 v3: add path param support
* ✅ v3: fix error test case
* 🚧 v3: add formdata and file support
* 🚧 v3: referer support
* 🚧 v3: reponse unmarshal
* ✨ v3: finish API design
* 🔥 v3: remove plugin mechanism
* 🚧 v3: add timeout
* 🚧 v3: change path params pattern and add unit test for core
* ✏️ v3: error spell
* ✅ v3: improve test coverage
* ✅ perf: change test func name to fit project format
* 🚧 v3: handle error
* 🚧 v3: add unit test and fix error
* ⚡️ chore: change func to improve performance
* ✅ v3: add some unit test
* ✅ v3: fix error test
* 🐛 fix: add cookie to response
* ✅ v3: add unit test
* ✨ v3: export raw field
* 🐛 fix: fix data race
* 🔒️ chore: change package
* 🐛 fix: data race
* 🐛 fix: test fail
* ✨ feat: move core to req
* 🐛 fix: connection reuse
* 🐛 fix: data race
* 🐛 fix: data race
* 🔀 fix: change to testify
* ✅ fix: fail test in windows
* ✨ feat: response body save to file
* ✨ feat: support tls config
* 🐛 fix: add err check
* 🎨 perf: fix some static check
* ✨ feat: add proxy support
* ✨ feat: add retry feature
* 🐛 fix: static check error
* 🎨 refactor: move som code
* docs: change readme
* ✨ feat: extend axios API
* perf: change field to export field
* ✅ chore: disable startup message
* 🐛 fix: fix test error
* chore: fix error test
* chore: fix test case
* feat: add some test to client
* chore: add test case
* chore: add test case
* ✨ feat: add peek for client
* ✅ chore: add test case
* ⚡️ feat: lazy generate rand string
* 🚧 perf: add config test case
* 🐛 fix: fix merge error
* 🐛 fix utils error
* ✨ add redirection
* 🔥 chore: delete deps
* perf: fix spell error
* 🎨 perf: spell error
* ✨ feat: add logger
* ✨ feat: add cookie jar
* ✨ feat: logger with level
* 🎨 perf: change the field name
* perf: add jar test
* fix proxy test
* improve test coverage
* fix proxy tests
* add cookiejar support from pending fasthttp PR
* fix some lint errors.
* add benchmark for SetValWithStruct
* optimize
* update
* fix proxy middleware
* use panicf instead of errorf and fix panic on default logger
* update
* update
* cleanup comments
* cleanup comments
* fix golang-lint errors
* Update helper_test.go
* add more test cases
* add hostclient pool
* make it more thread safe
-> there is still something which is shared between the requests
* fixed some golangci-lint errors
* fix Test_Request_FormData test
* create new test suite
* just create client for once
* use random port instead of 3000
* remove client pooling and fix test suite
* fix data races on logger tests
* fix proxy tests
* fix global tests
* remove unused code
* fix logger test
* fix proxy tests
* fix linter
* use lock instead of rlock
* fix cookiejar data-race
* fix(client): race conditions
* fix(client): race conditions
* apply some reviews
* change client property name
* apply review
* add parallel benchmark for simple request
* apply review
* apply review
* fix log tests
* fix linter
* fix(client): return error in SetProxyURL instead of panic
---------
Co-authored-by: Muhammed Efe Çetin <efectn@protonmail.com>
Co-authored-by: René Werner <rene.werner@verivox.com>
Co-authored-by: Joey <fenny@gofiber.io>
Co-authored-by: René <rene@gofiber.io>
* fix: allow origins check
Refactor CORS origin validation and normalization to trim leading or trailing whitespace in the cfg.AllowOrigins string [list]. URLs with whitespace inside the URL are invalid, so the normalizeOrigin will return false because url.Parse will fail, and the middleware will panic.
fixes#2882
* test: AllowOrigins with whitespace
* test(middleware/cors): add benchmarks
* chore: fix linter errors
* test(middleware/cors): use h() instead of app.Test()
* test(middleware/cors): add miltiple origins in Test_CORS_AllowOriginScheme
* chore: refactor validate and normalize
* test(cors/middleware): add more benchmarks
(cherry picked from commit d456e7d82e)
* Update pull_request_template.md
* Update v3-changes.md
* Update CONTRIBUTING.md (#2752)
Grammar correction.
* chore(encryptcookie)!: update default config (#2753)
* chore(encryptcookie)!: update default config
docs(encryptcookie): enhance documentation and examples
BREAKING CHANGE: removed the hardcoded "csrf_" from the Except.
* docs(encryptcookie): reads or modifies cookies
* chore(encryptcookie): csrf config example
* docs(encryptcookie): md table spacing
* build(deps): bump actions/setup-go from 4 to 5 (#2754)
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4 to 5.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v4...v5)
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* 🩹 middleware/logger/: log client IP address by default (#2755)
* middleware/logger: Log client IP address by default.
* Update doc.
* fix: don't constrain middlewares' context-keys to strings 🐛 (#2751)
* Revert "Revert "🐛 requestid.Config.ContextKey is interface{} (#2369)" (#2742)"
This reverts commit 28be17f929.
* fix: request ContextKey default value condition
Should check for `nil` since it is `any`.
* fix: don't constrain middlewares' context-keys to strings
`context` recommends using "unexported type" as context keys to avoid
collisions https://pkg.go.dev/github.com/gofiber/fiber/v2#Ctx.Locals.
The official go blog also recommends this https://go.dev/blog/context.
`fiber.Ctx.Locals(key any, value any)` correctly allows consumers to
use unexported types or e.g. strings.
But some fiber middlewares constrain their context-keys to `string` in
their "default config structs", making it impossible to use unexported
types.
This PR removes the `string` _constraint_ from all middlewares, allowing
to now use unexported types as per the official guidelines. However
the default value is still a string, so it's not a breaking change, and
anyone still using strings as context keys is not affected.
* 📚 Update app.md for indentation (#2761)
Update app.md for indentation
* build(deps): bump github.com/google/uuid from 1.4.0 to 1.5.0 (#2762)
Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/uuid/compare/v1.4.0...v1.5.0)
---
updated-dependencies:
- dependency-name: github.com/google/uuid
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* build(deps): bump github/codeql-action from 2 to 3 (#2763)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v2...v3)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Changing default log output (#2730)
changing default log output
Closes#2729
* Update hooks.md
fix wrong hooks signature
* 🩹 Fix: CORS middleware should use the defined AllowedOriginsFunc config when AllowedOrigins is empty (#2771)
* 🐛 [Bug]: Adaptator + otelfiber issue #2641 (#2772)
* 🩹🚨 - fix for redirect with query params (#2748)
* redirect with query params did not work, fix it and add test for it
* redirect middleware - fix test typo
* ♻️ logger/middleware colorize logger error message #2593 (#2773)
* ✨ feat: add liveness and readiness checks (#2509)
* ✨ feat: add liveness and readiness checkers
* 📝 docs: add docs for liveness and readiness
* ✨ feat: add options method for probe checkers
* ✅ tests: add tests for liveness and readiness
* ♻️ refactor: change default endpoint values
* ♻️ refactor: change default value for liveness endpoint
* 📝 docs: add return status for liveness and readiness probes
* ♻️ refactor: change probechecker to middleware
* 📝 docs: move docs to middleware session
* ♻️ refactor: apply gofumpt formatting
* ♻️ refactor: remove unused parameter
* split config and apply a review
* apply reviews and add testcases
* add benchmark
* cleanup
* rename middleware
* fix linter
* Update docs and config values
* Revert change to IsReady
* Updates based on code review
* Update docs to match other middlewares
---------
Co-authored-by: Muhammed Efe Cetin <efectn@protonmail.com>
Co-authored-by: Juan Calderon-Perez <835733+gaby@users.noreply.github.com>
Co-authored-by: Juan Calderon-Perez <jgcalderonperez@protonmail.com>
* prepare release v2.52.0
- add more Parser tests
* fix healthcheck.md
* configure workflows for V2 branch
* configure workflows for V2 branch
* Fix default value to false in docs of QueryBool (#2811)
fix default value to false in docs of QueryBool
* update queryParser config
* Update ctx.md
* Update routing.md
* merge v2 in v3
* merge v2 in v3
* lint fixes
* 📚 Doc: Fix code snippet indentation in /docs/api/middleware/keyauth.md
Removes an an extra level of indentation in line 51 of
`keyauth.md` [here](https://github.com/gofiber/fiber/blob/v2/docs/api/middleware/keyauth.md?plain=1#L51)
* fix: healthcheck middleware not working with route group (#2863)
* fix: healthcheck middleware not working with route group
* perf: change verification method to improve perf
* Update healthcheck_test.go
* test: add not matching route test for strict routing
* add more test cases
* correct tests
* correct test helpers
* correct tests
* correct tests
---------
Co-authored-by: Juan Calderon-Perez <835733+gaby@users.noreply.github.com>
Co-authored-by: René Werner <rene@gofiber.io>
* merge v2 in v3
* Merge pull request from GHSA-fmg4-x8pw-hjhg
* Enforce Wildcard Origins with AllowCredentials check
* Expand unit-tests, fix issues with subdomains logic, update docs
* Update cors.md
* Added test using localhost, ipv4, and ipv6 address
* improve documentation markdown
---------
Co-authored-by: René Werner <rene@gofiber.io>
* Update app.go
prepare release v2.52.1
* fix cors domain normalize
* fix sync-docs workflow
* test: fix failing tests
* fix sync-docs workflow
* test: cors middleware use testify require
* chore: fix lint warnings
* chore: revert test isolation.
* feat: migrate healthchecker to v3
* fix: use Get instead of Use for better router matching
* docs: update docs to v3 info
* fixed the fasthttp ctx race condition problem
* Update middleware/cors/utils.go
Co-authored-by: Renan Bastos <renanbastos.tec@gmail.com>
* fix sync_docs.sh
* fix review comments/hints
* fix review comments/hints
* stabilize Test_Proxy_Timeout_Slow_Server test
* stabilize Test_Proxy_.* tests
* ignore bodyclose linter for tests
use http.NoBody instead of nil
* Add parallel benchmark
* Update healthcheck_test.go
* docs: add comments for next behavior when there are no other handlers defined
* revert(tests): undo http.NoBody usage
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: RW <rene@gofiber.io>
Co-authored-by: tokelo-12 <113810058+tokelo-12@users.noreply.github.com>
Co-authored-by: Jason McNeil <sixcolors@mac.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: iRedMail <2048991+iredmail@users.noreply.github.com>
Co-authored-by: Benjamin Grosse <ste3ls@gmail.com>
Co-authored-by: Mehmet Firat KOMURCU <mehmetfiratkomurcu@hotmail.com>
Co-authored-by: Bruno <bdm2943@icloud.com>
Co-authored-by: Muhammad Kholid B <muhammadkholidb@gmail.com>
Co-authored-by: gilwo <gilwo@users.noreply.github.com>
Co-authored-by: Muhammed Efe Cetin <efectn@protonmail.com>
Co-authored-by: Juan Calderon-Perez <835733+gaby@users.noreply.github.com>
Co-authored-by: Juan Calderon-Perez <jgcalderonperez@protonmail.com>
Co-authored-by: Jongmin Kim <kjongmin26@gmail.com>
Co-authored-by: Giovanni Rivera <rivera.giovanni271@gmail.com>
Co-authored-by: Renan Bastos <renanbastos.tec@gmail.com>
* Update pull_request_template.md
* Update v3-changes.md
* Update CONTRIBUTING.md (#2752)
Grammar correction.
* chore(encryptcookie)!: update default config (#2753)
* chore(encryptcookie)!: update default config
docs(encryptcookie): enhance documentation and examples
BREAKING CHANGE: removed the hardcoded "csrf_" from the Except.
* docs(encryptcookie): reads or modifies cookies
* chore(encryptcookie): csrf config example
* docs(encryptcookie): md table spacing
* build(deps): bump actions/setup-go from 4 to 5 (#2754)
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4 to 5.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v4...v5)
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* 🩹 middleware/logger/: log client IP address by default (#2755)
* middleware/logger: Log client IP address by default.
* Update doc.
* fix: don't constrain middlewares' context-keys to strings 🐛 (#2751)
* Revert "Revert "🐛 requestid.Config.ContextKey is interface{} (#2369)" (#2742)"
This reverts commit 28be17f929.
* fix: request ContextKey default value condition
Should check for `nil` since it is `any`.
* fix: don't constrain middlewares' context-keys to strings
`context` recommends using "unexported type" as context keys to avoid
collisions https://pkg.go.dev/github.com/gofiber/fiber/v2#Ctx.Locals.
The official go blog also recommends this https://go.dev/blog/context.
`fiber.Ctx.Locals(key any, value any)` correctly allows consumers to
use unexported types or e.g. strings.
But some fiber middlewares constrain their context-keys to `string` in
their "default config structs", making it impossible to use unexported
types.
This PR removes the `string` _constraint_ from all middlewares, allowing
to now use unexported types as per the official guidelines. However
the default value is still a string, so it's not a breaking change, and
anyone still using strings as context keys is not affected.
* 📚 Update app.md for indentation (#2761)
Update app.md for indentation
* build(deps): bump github.com/google/uuid from 1.4.0 to 1.5.0 (#2762)
Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/uuid/compare/v1.4.0...v1.5.0)
---
updated-dependencies:
- dependency-name: github.com/google/uuid
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* build(deps): bump github/codeql-action from 2 to 3 (#2763)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v2...v3)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Changing default log output (#2730)
changing default log output
Closes#2729
* Update hooks.md
fix wrong hooks signature
* 🩹 Fix: CORS middleware should use the defined AllowedOriginsFunc config when AllowedOrigins is empty (#2771)
* 🐛 [Bug]: Adaptator + otelfiber issue #2641 (#2772)
* 🩹🚨 - fix for redirect with query params (#2748)
* redirect with query params did not work, fix it and add test for it
* redirect middleware - fix test typo
* ♻️ logger/middleware colorize logger error message #2593 (#2773)
* ✨ feat: add liveness and readiness checks (#2509)
* ✨ feat: add liveness and readiness checkers
* 📝 docs: add docs for liveness and readiness
* ✨ feat: add options method for probe checkers
* ✅ tests: add tests for liveness and readiness
* ♻️ refactor: change default endpoint values
* ♻️ refactor: change default value for liveness endpoint
* 📝 docs: add return status for liveness and readiness probes
* ♻️ refactor: change probechecker to middleware
* 📝 docs: move docs to middleware session
* ♻️ refactor: apply gofumpt formatting
* ♻️ refactor: remove unused parameter
* split config and apply a review
* apply reviews and add testcases
* add benchmark
* cleanup
* rename middleware
* fix linter
* Update docs and config values
* Revert change to IsReady
* Updates based on code review
* Update docs to match other middlewares
---------
Co-authored-by: Muhammed Efe Cetin <efectn@protonmail.com>
Co-authored-by: Juan Calderon-Perez <835733+gaby@users.noreply.github.com>
Co-authored-by: Juan Calderon-Perez <jgcalderonperez@protonmail.com>
* prepare release v2.52.0
- add more Parser tests
* fix healthcheck.md
* configure workflows for V2 branch
* configure workflows for V2 branch
* Fix default value to false in docs of QueryBool (#2811)
fix default value to false in docs of QueryBool
* update queryParser config
* Update ctx.md
* Update routing.md
* merge v2 in v3
* merge v2 in v3
* lint fixes
* 📚 Doc: Fix code snippet indentation in /docs/api/middleware/keyauth.md
Removes an an extra level of indentation in line 51 of
`keyauth.md` [here](https://github.com/gofiber/fiber/blob/v2/docs/api/middleware/keyauth.md?plain=1#L51)
* fix: healthcheck middleware not working with route group (#2863)
* fix: healthcheck middleware not working with route group
* perf: change verification method to improve perf
* Update healthcheck_test.go
* test: add not matching route test for strict routing
* add more test cases
* correct tests
* correct test helpers
* correct tests
* correct tests
---------
Co-authored-by: Juan Calderon-Perez <835733+gaby@users.noreply.github.com>
Co-authored-by: René Werner <rene@gofiber.io>
* merge v2 in v3
* Merge pull request from GHSA-fmg4-x8pw-hjhg
* Enforce Wildcard Origins with AllowCredentials check
* Expand unit-tests, fix issues with subdomains logic, update docs
* Update cors.md
* Added test using localhost, ipv4, and ipv6 address
* improve documentation markdown
---------
Co-authored-by: René Werner <rene@gofiber.io>
* Update app.go
prepare release v2.52.1
* fix cors domain normalize
* fix sync-docs workflow
* test: fix failing tests
* fix sync-docs workflow
* test: cors middleware use testify require
* chore: fix lint warnings
* chore: revert test isolation.
* fixed the fasthttp ctx race condition problem
* Update middleware/cors/utils.go
Co-authored-by: Renan Bastos <renanbastos.tec@gmail.com>
* fix sync_docs.sh
* fix review comments/hints
* fix review comments/hints
* stabilize Test_Proxy_Timeout_Slow_Server test
* stabilize Test_Proxy_.* tests
* ignore bodyclose linter for tests
use http.NoBody instead of nil
* revert(tests): undo http.NoBody usage
* fix(ctx pool): postpone the reset for some values
shortly before the release in the pool
* refactor(tests): use testify panic method instead of custom solution
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: tokelo-12 <113810058+tokelo-12@users.noreply.github.com>
Co-authored-by: Jason McNeil <sixcolors@mac.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: iRedMail <2048991+iredmail@users.noreply.github.com>
Co-authored-by: Benjamin Grosse <ste3ls@gmail.com>
Co-authored-by: Mehmet Firat KOMURCU <mehmetfiratkomurcu@hotmail.com>
Co-authored-by: Bruno <bdm2943@icloud.com>
Co-authored-by: Muhammad Kholid B <muhammadkholidb@gmail.com>
Co-authored-by: gilwo <gilwo@users.noreply.github.com>
Co-authored-by: Lucas Lemos <lucashenriqueblemos@gmail.com>
Co-authored-by: Muhammed Efe Cetin <efectn@protonmail.com>
Co-authored-by: Juan Calderon-Perez <835733+gaby@users.noreply.github.com>
Co-authored-by: Juan Calderon-Perez <jgcalderonperez@protonmail.com>
Co-authored-by: Jongmin Kim <kjongmin26@gmail.com>
Co-authored-by: Giovanni Rivera <rivera.giovanni271@gmail.com>
Co-authored-by: Renan Bastos <renanbastos.tec@gmail.com>
Muhammed Efe Cetin
Juan Calderon-Perez
RW
Lucas Lemos
Bruno
kirankumar-grootan
Jason McNeil
Dave
Can Celik
Orville Simba
dockercui
Behzad Khokher
nickajacks1
leonklingele
Alexandre Negrel
Jinquan Wang