Release v5.5.0

• Static file serving (router.Static())
  • Now rejects paths containing \, // with 404 Not Found.
  • Now rejects non-empty paths that don't start with a slash. An empty path will still return index.html like before.
  • Now rejects paths containing a ., .. or empty segment.
  • These changes fix a vulnerability when using osfs.FS as the file system for router.Static(): files outside of the base path of the file system were accessible to the clients if they requested a path containing ...
  • For the Content-Disposition header, the actual path is now used to get the name of the file instead of the raw input. This solves the issue of an invalid header value returned when the returned file is index.html.
• In response.File() and response.Download(), the file is now opened only once instead of thrice.
• fsutil changes:
  • Added fsutil.DetectContentType(), which sniffs directly from a reader instead of a file name.
  • Added fsutil.DetectContentTypeByExtension() for content type detection fallback.
  • Expanded the list of known file extensions for content type detection.
• Added testutil.Session(), a new testing utility used to mock the session.Session interface. This implementation is designed to provide a realistic, observable transaction system and help identify incorrect usage.

Release v5.4.3

• Exported the T field of testutil.LogWriter struct. This field not being exported was an oversight.

Release v5.4.2

• Fixed Distinct validation rule not passing for empty arrays.

Release v5.4.1

• The parse middleware is now skipped if the matched route is the special "not found" or "method not allowed" route.

Release v5.4.0

• Added a context.Context field to the validation.Options and validation.Context structures. If not provided, it defaults to context.Background().
• The built-in validation middleware now uses the request context in the validation options.
  • The DB instance used in the validation options by the built-in validation middleware was already injected with the request context. You don't need to update your custom validators.
  • You may want to update places where you are using manual validation. However, those will continue to work exactly like they used to if you don't change anything.

Full Changelog: v5.3.0...v5.4.0

Release v5.3.0

What's Changed

• Added slog.DiscardLogger(), which redirects logs to io.Discard. (#228 #229)
• testutil.TestServer now uses the discard logger by default instead of testutil.LogWriter.

This change was made so logs written during tests should usually be silent. To make it more convenient, this is now the default behavior. Sometimes it is still handy to see logs while writing or debugging a test. For this use-case, you can use testutil.LogWriter:

func TestSomething(t *testing.T) {
	opts := goyave.Options{
		Logger: slog.New(slog.NewHandler(true, &testutil.LogWriter{t: t})),
	}
	server := testutil.NewTestServerWithOptions(t, opts)
	//...
}

New Contributors

• @SallesCosta made their first contribution in #229

Full Changelog: v5.2.1...v5.3.0

Release v5.2.1

• Fixed a panic when a user service returned gorm.ErrRecordNotFound and a zero-value model in the auth.JWTController's Login handler. (#221 #224)

Full Changelog: v5.2.0...v5.2.1

Release v5.2.0

• Added support for response and chained writer flushing. (#215 #218)
• Added support for the clickhouse database dialect. (by @AidanKenney in #219, #195)
• Updated the UniqueArray/ExistsArray validators to support ClickHouse. ((by @AidanKenney)
• Changed the default status handler for code 400 Bad Request to the new goyave.ParseErrorStatusHandler. This status handler's behavior is identical to the previous one except it returns explicit error messages in the response when the parse middleware fails to parse a user's request. (by @BowlOfSoup in #217, #216)
• Added lang.Default global variable, which contains the builtin default en-US language. (#214 #213)
• Fixed a panic if no Language is given in the validation.Options when manually validating. Instead, lang.Default will be used. (#214 #213)
• Added deflate, lzw, br and zstd encoders for the compress middleware. (by @AidanKenney in #220, #197, #198, #199, #200)

New Contributors

• @AidanKenney made their first contribution in #219

Full Changelog: v5.1.1...v5.2.0

Release v5.1.1

• Validation:
  • Fixed a panic when validating a property of an object contained by a root array.
  • Fixed a panic when adding an error on a root array element.
  • FIxed incorrect error path when adding an error on a root array element.
• Response.SetWriter() will now Init() the given writer if it implements goyave.Composable.
• Fixed status handlers in subrouters not being used. Only the main router's status handlers were effective. For special routes (not found, method not allowed), the main router's status handler will be used.

Full Changelog: v5.1.0...v5.1.1

Release v5.1.0

• Validation:
  • new validator DoesntStartWith by @saltyFamiliar in #207
  • new validator DoesntEndWith by @bangadam in #209
  • new validator KeysIn by @bangadam in #208
• Configuration: added a Required flag for entries to prevent nil values by @BowlOfSoup in #211
• Compress middleware: the order of the Encoders now determines server-side priority, which will help chose an encoder when there are client priority ties.
• Optimization: use a sync.Pool for requests and responses for a small performance improvement.
• util/httputil.ParseMultiValuesHeader:
  • The input header is now trimmed
  • The function returns an empty slice if the input is empty
  • Minor optimization

New Contributors

• @saltyFamiliar made their first contribution in #207
• @bangadam made their first contribution in #209
• @BowlOfSoup made their first contribution in #211

Full Changelog: v5.0.1...v5.1.0