* feat!(middleware/session): re-write session middleware with handler
* test(middleware/session): refactor to IdleTimeout
* fix: lint errors
* test: Save session after setting or deleting raw data in CSRF middleware
* Update middleware/session/middleware.go
Co-authored-by: Renan Bastos <renanbastos.tec@gmail.com>
* fix: mutex and globals order
* feat: Re-Add read lock to session Get method
* feat: Migrate New() to return middleware
* chore: Refactor session middleware to improve session handling
* chore: Private get on store
* chore: Update session middleware to use saveSession instead of save
* chore: Update session middleware to use getSession instead of get
* chore: Remove unused error handler in session middleware config
* chore: Update session middleware to use NewWithStore in CSRF tests
* test: add test
* fix: destroyed session and GHSA-98j2-3j3p-fw2v
* chore: Refactor session_test.go to use newStore() instead of New()
* feat: Improve session middleware test coverage and error handling
This commit improves the session middleware test coverage by adding assertions for the presence of the Set-Cookie header and the token value. It also enhances error handling by checking for the expected number of parts in the Set-Cookie header.
* chore: fix lint issues
* chore: Fix session middleware locking issue and improve error handling
* test: improve middleware test coverage and error handling
* test: Add idle timeout test case to session middleware test
* feat: add GetSession(id string) (*Session, error)
* chore: lint
* docs: Update session middleware docs
* docs: Security Note to examples
* docs: Add recommendation for CSRF protection in session middleware
* chore: markdown lint
* docs: Update session middleware docs
* docs: makrdown lint
* test(middleware/session): Add unit tests for session config.go
* test(middleware/session): Add unit tests for store.go
* test(middleware/session): Add data.go unit tests
* refactor(middleware/session): session tests and add session release test
- Refactor session tests to improve readability and maintainability.
- Add a new test case to ensure proper session release functionality.
- Update session.md
* refactor: session data locking in middleware/session/data.go
* refactor(middleware/session): Add unit test for session middleware store
* test: fix session_test.go and store_test.go unit tests
* refactor(docs): Update session.md with v3 changes to Expiration
* refactor(middleware/session): Improve data pool handling and locking
* chore(middleware/session): TODO for Expiration field in session config
* refactor(middleware/session): Improve session data pool handling and locking
* refactor(middleware/session): Improve session data pool handling and locking
* test(middleware/csrf): add session middleware coverage
* chroe(middleware/session): TODO for unregistered session middleware
* refactor(middleware/session): Update session middleware for v3 changes
* refactor(middleware/session): Update session middleware for v3 changes
* refactor(middleware/session): Update session middleware idle timeout
- Update the default idle timeout for session middleware from 24 hours to 30 minutes.
- Add a note in the session middleware documentation about the importance of the middleware order.
* docws(middleware/session): Add note about IdleTimeout requiring save using legacy approach
* refactor(middleware/session): Update session middleware idle timeout
Update the idle timeout for the session middleware to 30 minutes. This ensures that the session expires after a period of inactivity. The previous value was 24 hours, which is too long for most use cases. This change improves the security and efficiency of the session management.
* docs(middleware/session): Update session middleware idle timeout and configuration
* test(middleware/session): Fix tests for updated panics
* refactor(middleware/session): Update session middleware initialization and saving
* refactor(middleware/session): Remove unnecessary comment about negative IdleTimeout value
* refactor(middleware/session): Update session middleware make NewStore public
* refactor(middleware/session): Update session middleware Set, Get, and Delete methods
Refactor the Set, Get, and Delete methods in the session middleware to use more descriptive parameter names. Instead of using "middlewareContextKey", the methods now use "key" to represent the key of the session value. This improves the readability and clarity of the code.
* feat(middleware/session): AbsoluteTimeout and key any
* fix(middleware/session): locking issues and lint errors
* chore(middleware/session): Regenerate code in data_msgp.go
* refactor(middleware/session): rename GetSessionByID to GetByID
This commit also includes changes to the session_test.go and store_test.go files to add test cases for the new GetByID method.
* docs(middleware/session): AbsoluteTimeout
* refactor(middleware/csrf): Rename Expiration to IdleTimeout
* docs(whats-new): CSRF Rename Expiration to IdleTimeout and remove SessionKey field
* refactor(middleware/session): Rename expirationKeyType to absExpirationKeyType and update related functions
* refactor(middleware/session): rename Test_Session_Save_Absolute to Test_Session_Save_AbsoluteTimeout
* chore(middleware/session): update as per PR comments
* docs(middlware/session): fix indent lint
* fix(middleware/session): Address EfeCtn Comments
* refactor(middleware/session): Move bytesBuffer to it's own pool
* test(middleware/session): add decodeSessionData error coverage
* refactor(middleware/session): Update absolute timeout handling
- Update absolute timeout handling in getSession function
- Set absolute expiration time in getSession function
- Delete expired session in GetByID function
* refactor(session/middleware): fix *Session nil ctx when using Store.GetByID
* refactor(middleware/session): Remove unnecessary line in session_test.go
* fix(middleware/session): *Session lifecycle issues
* docs(middleware/session): Update GetByID method documentation
* docs(middleware/session): Update GetByID method documentation
* docs(middleware/session): markdown lint
* refactor(middleware/session): Simplify error handling in DefaultErrorHandler
* fix( middleware/session/config.go
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* add ctx releases for the test cases
---------
Co-authored-by: Renan Bastos <renanbastos.tec@gmail.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: Juan Calderon-Perez <835733+gaby@users.noreply.github.com>
Co-authored-by: René <rene@gofiber.io>
* Use composites for internal structures. Fix alignment of structures across Fiber
* Update struct alignment in test files
* Enable alignment check with govet
* Fix ctx autoformat unit-test
* Revert app Config struct. Add betteralign to Makefile
* Disable comment on alert since it wont work for forks
* Update benchmark.yml
* Update benchmark.yml
* Remove warning from using positional fields
* Update router.go
* feat: Add session mutex lock for thread safety
* chore: Refactor releaseSession mutex
* docs: Improve session.Save() function
The changes include updating the comments to provide clearer explanations of the function's behavior.
* fix(middleware/session): mutex for thread safety
* chore: Remove extra release and acquire ctx calls in session_test.go
* feat: Remove unnecessary session mutex lock in decodeSessionData function
* fix: token injection vulnerability GHSA-98j2-3j3p-fw2v
- Ensure session IDs are securely generated server-side.
- Add validation to prevent user-supplied session IDs.
- Update tests to verify correct session token use.
This update addresses the critical session middleware vulnerability identified in versions 2 and above of GoFiber.
* chore: Remove unused code and dependencies in session store
* test(middleware/csrf): Save session after generating new session ID
This commit saves the session after generating a new session ID to ensure that the updated session ID is persisted. This change is necessary to address a critical session middleware vulnerability identified in versions 2 and above of GoFiber.
* chore: Save session ID in context for middleware chain
The code changes add functionality to save the newly generated session ID in the context, allowing it to be accessible to subsequent middlewares in the chain. This improvement ensures that the session ID is available for use throughout the middleware stack.
* refactor(session.go): general clean-up
* chore: Revert session freshness behavior
The code changes in `session_test.go` fix the session freshness check by updating the assertions for `sess.Fresh()` and `sess.ID()`. The previous assertions were incorrect and have been corrected to ensure the session ID remains the same and the session is not fresh.
* chore: Update session.Get method signature to use fiber.Ctx instead of *fiber.Ctx
* Add QueryParser method and tests
Introduced a new method, QueryParser, to parse query parameters from a given context into specified types: integer, boolean, float, and string. The method provides default values for empty or invalid keys. Corresponding tests for each type have also been added to validate the functionality.
* Refactor QueryParser and add string support
Refactored the existing QueryParser method in the code to simplify its structure. Instead of reflecting on types, it now uses explicit type checking. In addition to the existing support for integers, booleans, and floats, the QueryParser method now also supports string parsing. Corresponding tests for the updated method and new feature were added as well.
* Update example call in method comment
Updated the method call example in the comment for the Query function in the ctx.go file. Previously, it was incorrectly demonstrating a call to "QueryParser("wanna_cake", 1)", but this has been updated to correctly represent the method it is commenting, resulting in "Query("wanna_cake", 1)".
* Refactor Query function in ctx.go
The update introduces better type assertion handling in the Query function. A switch statement is now employed to determine the type of the value as opposed to the previous if clauses. In addition, a validation step has been added to ensure the context passed into the function is of the correct type.
* Refactor type handling in Query function
The Query function in ctx.go has been refactored for better and clearer type handling. The code now uses a 'QueryType' interface, replacing explicit string, bool, float, and int declarations. This change also improves the error message when a type assertion fails, making it more descriptive about the specific failure.
* Add type assertion check in ctx.go
Updated the code in ctx.go to add a type assertion check for all case statements. The function now checks if the returned value is of the expected type, and if not, it throws a panic with a description of the failed type assertion.
* Refactor Query function to support more data types
The Query function has been expanded to support a broader range of data types. This includes support for extracting query parameters as different types of integers (both signed and unsigned), strings, floats, and booleans from the request's URI. The function now includes comprehensive parsing capabilities that allow for improved handling of different data types.
* Refactor Query function documentation
The documentation for the Query function has been updated to emphasize its versatility in handling various data types. The changes also clarify how the function operates and demonstrates the usage and benefits of providing a defaultValue. The different variations of QueryBool, QueryFloat, and QueryInt were removed, as they are now encompassed by the enhanced Query function.
* Add benchmark tests for Query function
Benchmark tests have been added to evaluate the performance of the Query function for different data types. These tests will help in assessing the efficiency of the function when processing various queries. The addition of these benchmarks will aid in future optimizations and enhancements of the function.
* Update generic Query function signature
The signature of the generic Query function has been updated to accept different types of data as arguments. The change improves flexibility of the function by allowing it to handle different data types, effectively making it a versatile tool in processing various queries.
* Modify `ctx.Query()` calls in documentation
`ctx.Query()` calls in the ctx.md documentation file were updated to remove the `ctx.` prefix. This is consistent with the typical use cases and makes the code examples more clear and easy to understand.
* Refactored assertValueType function and improved query parameter documentation
Updated the assertValueType function to utilize the utils.UnsafeBytes method for byte conversion. Enhanced the documentation for query parameter types to offer clearer, more comprehensive explanations and examples, including QueryTypeInteger, QueryTypeFloat, and subcategories.
* Update Query method calls to use new fiber.Query syntax
In this commit, the conventional `c.Query()` calls across multiple middleware and document files are updated to use the new `fiber.Query` syntax. The changes align with the updated function signatures in Fiber library that provides type-specific querying. These enhancements contribute to the project's overall robustness and consistency.
* Add Query method to get query string parameters
* Replace 'utils.UnsafeBytes' with 'ctx.app.getBytes'
In the query method, the utils.UnsafeBytes function was replaced with the ctx.app.getBytes method. This change enhances the extraction of query string parameters by making it safer and more context-specific.
* Refactor parsing functions in query handlers
The parsing functions in query handlers have been refactored to simplify the process. Parsing code has been extracted into dedicated functions like 'parseIntWithDefault' and 'parseFloatWithDefault', and they now reside in a new utils file. This modularization improves readability and maintainability of the code. Additionally, documentation is updated to reflect the changes.
* Refactor parsing functions in ctx.go
The parsing functions have been restructured to enhance readability and reduce repetition in the ctx.go file. This was achieved by creating generalised parsing functions that handle defaults and ensure the correct value type is returned. As a result, various single-use parsing functions in the utils.go file have been removed.
* Refactor code to centralize parsing functions
* internal: revert linting changes
Changes to the internal package should not have been made in 167a8b5e94.
* middleware/monitor: revert changes to exported field "ChartJSURL"
This is a breaking change introduced in 167a8b5e94.
* middleware/monitor: fix error checking
Fix the errorenous error checking introduced in 167a8b5e94.
* 🐛 Bug: Fix issues introduced in linting PR #2319
* 🐛 Bug: Fix issues introduced in linting PR #2319
* Bug: Fix issues introduced in linting PR #2319
---------
Co-authored-by: René Werner <rene@gofiber.io>
* golangci-lint: add and apply more stricter linting rules
* github: drop security workflow now that we use gosec linter inside golangci-lint
* github: use official golangci-lint CI linter
* Add editorconfig and gitattributes file
* Update session.go
Fix: Session.Regenerate does not set Session.fresh to be true.
* Fix: Session should be regenerated if the session can not be found in the storage
https://github.com/gofiber/fiber/issues/1408
* Add test for session and store in session middleware.
* Clean up code
* Update middleware/session/session.go
Co-authored-by: hi019 <65871571+hi019@users.noreply.github.com>
* 🔥 Feature: Define KeyLookup configuration (#1110)
* 🔥 Feature: Allow session ID to be written in header (#1110)
* 🔥 Feature: Allow session ID to be obtained from different sources (#1110)
* 📚 Doc: Add Source configuration (#1110)
Jason McNeil
Juan Calderon-Perez
René
nickajacks1
leonklingele
Nicholas Jackson
ACHMAD IRIANTO EKA PUTRA
Muhammed Efe Cetin
KaptinLin
Kris Carr
Diego Parisi
Bhurinat Wangsutthitham
Spedoske
hi019
LeoZhan
SianLoong
tianjipeng
Fenny