* port over FallbackKeyLookups from v2 middleware to v3
Signed-off-by: Dave Lee <dave@gray101.com>
* bot pointed out that I missed the format variable
Signed-off-by: Dave Lee <dave@gray101.com>
* fix lint and gofumpt issues
Signed-off-by: Dave Lee <dave@gray101.com>
* major revision: instead of FallbackKeyLookups, expose CustomKeyLookup as function, with utility functions to make creating these easy
Signed-off-by: Dave Lee <dave@gray101.com>
* add more tests to boost coverage
Signed-off-by: Dave Lee <dave@gray101.com>
* teardown code and cleanup
Signed-off-by: Dave Lee <dave@gray101.com>
* test fixes
Signed-off-by: Dave Lee <dave@gray101.com>
* slight boost to test coverage
Signed-off-by: Dave Lee <dave@gray101.com>
* docs: fix md table alignment
* fix comments - change some names, expose functions, improve docs
Signed-off-by: Dave Lee <dave@gray101.com>
* missed one old name
Signed-off-by: Dave Lee <dave@gray101.com>
* fix some suggestions from the bot - error messages, test coverage, mark purely defensive code
Signed-off-by: Dave Lee <dave@gray101.com>
---------
Signed-off-by: Dave Lee <dave@gray101.com>
Co-authored-by: Juan Calderon-Perez <835733+gaby@users.noreply.github.com>
Co-authored-by: Jason McNeil <sixcolors@mac.com>
Co-authored-by: RW <rene@gofiber.io>
* Add an option to invalidate cache
* Add a summary about the cache middleware update
* Rename the option to make it clearer
* Rename hard tab
* Fix markdown formatting
* Revert unnecessary change
* Clarify the description of cache invalidator
* Add empty line
---------
Co-authored-by: RW <rene@gofiber.io>
* fix: token injection vulnerability GHSA-98j2-3j3p-fw2v
- Ensure session IDs are securely generated server-side.
- Add validation to prevent user-supplied session IDs.
- Update tests to verify correct session token use.
This update addresses the critical session middleware vulnerability identified in versions 2 and above of GoFiber.
* chore: Remove unused code and dependencies in session store
* test(middleware/csrf): Save session after generating new session ID
This commit saves the session after generating a new session ID to ensure that the updated session ID is persisted. This change is necessary to address a critical session middleware vulnerability identified in versions 2 and above of GoFiber.
* chore: Save session ID in context for middleware chain
The code changes add functionality to save the newly generated session ID in the context, allowing it to be accessible to subsequent middlewares in the chain. This improvement ensures that the session ID is available for use throughout the middleware stack.
* refactor(session.go): general clean-up
* chore: Revert session freshness behavior
The code changes in `session_test.go` fix the session freshness check by updating the assertions for `sess.Fresh()` and `sess.ID()`. The previous assertions were incorrect and have been corrected to ensure the session ID remains the same and the session is not fresh.
* chore: Update session.Get method signature to use fiber.Ctx instead of *fiber.Ctx
* docs: Improve ctx.Locals method description, godoc and example
* docs: Update ctx.md to use value receiver for fiber.Ctx in app.Use and app.Get
* chore: Update userKey type in ctx.md
* docs: Update ctx.md
* chore: Add description for Locals method in Ctx interface
* docs: add docs for new client
* Add docs for client hooks
* Add docs for client examples
* Some fixes.
* docs: add docs for new client
* docs: add docs for new client
* Add more examples for methods
* Update docs/client/examples.md
Co-authored-by: Jason McNeil <sixcolors@mac.com>
* Add one more example for cookiejar
* apply review
* apply review
* apply review
* docs: add docs for new client
* docs: add docs for new client
---------
Co-authored-by: René <rene@gofiber.io>
Co-authored-by: Jason McNeil <sixcolors@mac.com>
* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* [v3 Maintenance]: Consolidate and Document Core Changes in v3
* fix(middleware/cors): Config, lists as list types.
Improve insecure config error text.
* chore: Add tests for CORS preflight requests with Access-Control-Request-Headers
* test(middleware/cors): explicit wildcard in test
---------
Co-authored-by: Juan Calderon-Perez <835733+gaby@users.noreply.github.com>
* performance optimizations
* add a new benchmark that tests the simple flow
this will be used to make differences between version 2 and 3 directly visible
* remove redundant ctx.Reset call
* Add a new benchmark that tests the ctx acquire and release flow
this will be used to show differences between version 2 and 3 directly
* Add a new benchmark that tests the ctx acquire and release flow
this will be used to show differences between version 2 and 3 directly
Muhammed Efe Cetin
RW
Dave
Can Celik
Juan Calderon-Perez
Jason McNeil
dependabot[bot]
Oliver Maskery
Orville Simba
Rob Baruch
dockercui
deferdeter