* Revert "Revert "🐛 requestid.Config.ContextKey is interface{} (#2369)" (#2742)"
This reverts commit 28be17f929cfa7d3c27dd292fc3956f2f9882e22.
* fix: request ContextKey default value condition
Should check for `nil` since it is `any`.
* fix: don't constrain middlewares' context-keys to strings
`context` recommends using "unexported type" as context keys to avoid
collisions https://pkg.go.dev/github.com/gofiber/fiber/v2#Ctx.Locals.
The official go blog also recommends this https://go.dev/blog/context.
`fiber.Ctx.Locals(key any, value any)` correctly allows consumers to
use unexported types or e.g. strings.
But some fiber middlewares constrain their context-keys to `string` in
their "default config structs", making it impossible to use unexported
types.
This PR removes the `string` _constraint_ from all middlewares, allowing
to now use unexported types as per the official guidelines. However
the default value is still a string, so it's not a breaking change, and
anyone still using strings as context keys is not affected.
* chore(encryptcookie)!: update default config
docs(encryptcookie): enhance documentation and examples
BREAKING CHANGE: removed the hardcoded "csrf_" from the Except.
* docs(encryptcookie): reads or modifies cookies
* chore(encryptcookie): csrf config example
* docs(encryptcookie): md table spacing
A Session must not be accessed after Save() is called, but a unit test
calls Session.ID() after Session.Save(), sometimes causing the test to
fail when -race is enabled. The assertions that ID() was being used in
were redundant with the previous two assertions (checking that the
session name header is empty), so we can just remove the offending code.
✅ test: fix failing csrf test
A test validating that expired tokens fail was hitting a race condition
with garbage collection. Sometimes, an assertion that expects memory
storage GC to have triggered happens too quickly, causing the assertion
to fail. Give the GC a little bit more time to process before asserting.
Tests that call SetParserDecoder were causing a race condition with
other tests that read from decoderPoolMap. Fix by making the offending
tests not run in parallel.
The limiter middleware unit tests are failing due to a race between the
storage garbage collector and the unit test itself. The sliding window
limiter tracks requests using memory storage. In several of the unit
tests, this storage expiry ends up being 4 seconds. The test waits for 4
seconds, then sends a request, expecting it to succeed. However, the
unit test occasionally wakes up before the storage GC kicks in. As an
effect of the very coarse timer (using seconds as units), the middleware
correctly rejects the request, causing the test to fail.
Update the sleep to 4.5 seconds. This will not slow down the execution
of the test suite, as these tests run in parallel with a separate 9
second long test.
I'm not 100% sure this solves the issue, and ideally we'd be able to
run tests without time.Sleep.
* perf(ctx.Range): reduce allocations
strings.Split was causing extra allocations where using
strings.IndexByte can suffice. ALso switch from strconv.Atoi because it
causes an allocation when parsing a non-integer, which is common for
Ranges.
* chore: fix lint
* ✨ feat: add support for parameters in content negotiation
Attempts to approach the level of support offered by express,
but behavior may differ in unusual corner cases.
Some key behaviors from Express that are implemented:
- If an offer does not have every parameter listed in the given Accept,
it is rejected.
- Parameters do not affect specificity.
- In a given specificity, more parameters gives greater precedence
- Parameters are unordered
- Matching is case-insensitive
- Surrounding quotes for parameter values are stripped
- If an Accept type specifies a parameter more than once, the last
value provided is taken.
- Parameters after q are not processed.
https://www.rfc-editor.org/rfc/rfc9110#name-parameters
* doc: properly attribute reader.go for validHeaderFieldByte
* fix: remove underscores from fuzz test name
* test(forEachParameter): improve coverage
* doc: add comment clarifying RFC 9110 non-compliance for corner case
* Update ctx.md
Added additional information to why GetReqHeaders returns a map where the values are slices of strings (instead of a single string as one might expect)
* Update ctx.md
added the same explanation to GetRespHeaders too
