Releases: pilinux/gorest
v1.6.16
v1.6.15
dependency update
chore(deps): bump go.mongodb.org/mongo-driver from 1.12.0 to 1.12.1
improvement
- return error message from JWT middleware
- option to concatenate access and refresh tokens in authorization header [Authorization: Bearer
accessrefresh]
refactor
JWT middleware
v1.6.14
indirect dependencies update
- github.com/bytedance/sonic: v1.9.1 -> v1.9.2
- github.com/go-playground/validator/v10: v10.14.0 -> v10.14.1
- github.com/montanaflynn/stats: v0.7.1
- github.com/pelletier/go-toml/v2: v2.0.8 -> v2.0.9
- github.com/tilinna/clock: v1.0.2 -> v1.1.0
- golang.org/x/arch: v0.3.0 -> v0.4.0
- golang.org/x/crypto: v0.9.0 -> v0.11.0
- golang.org/x/net: v0.10.0 -> v0.12.0
- golang.org/x/sync: v0.1.0 -> v0.3.0
- golang.org/x/sys: v0.8.0 -> v0.10.0
- golang.org/x/text: v0.9.0 -> v0.11.0
- google.golang.org/protobuf: v1.30.0 -> v1.31.0
Refresh JWT
Client can send the refresh token from HttpOnly cookie, as a Bearer token in the Authorization header, or in the body as JSON.
.env file
User can remove all unused variables from the .env file to keep it clean
v1.6.13
dependencies update
Bumps github.com/qiniu/qmgo from 1.1.7 to 1.1.8.
Bumps go.mongodb.org/mongo-driver from 1.11.7 to 1.12.0.
Bumps github.com/mediocregopher/radix/v4 from 4.1.2 to 4.1.3.
Bumps gorm.io/gorm from 1.25.1 to 1.25.2.
Bumps gorm.io/driver/sqlite from 1.5.1 to 1.5.2.
Bumps github.com/alexedwards/argon2id from v0.0.0-20211130144151-3585854a6387 to v0.0.0-20230305115115-4b3c3280a736.
Bumps github.com/lib/pq from v1.10.4 to v1.10.9.
Bumps github.com/rogpeppe/go-internal from v1.10.0 to v1.11.0.
v1.6.12
dependency update
⚡ github.com/qiniu/qmgo: v1.1.6 -> v1.1.7
supported JWT signing algorithms
- HS256: HMAC-SHA256
- HS384: HMAC-SHA384
- HS512: HMAC-SHA512
- ES256: ECDSA Signature with SHA-256
- ES384: ECDSA Signature with SHA-384
- ES512: ECDSA Signature with SHA-512
- RS256: RSA Signature with SHA-256
- RS384: RSA Signature with SHA-384
- RS512: RSA Signature with SHA-512
CI
gosecsecurity scanner Github action added
modified
⚡ ValidateAccessJWT and ValidateRefreshJWT functions are now exported
v1.6.11
v1.6.10
v1.6.9
new feature
⚡ handle authentication tokens on client devices' cookies
⚡ logout (individually enable option - delete tokens from cookies, ban active tokens)
dependency update
- gorm.io/gorm: v1.24.5 -> v1.25.1
- gorm.io/driver/mysql: v1.4.7 -> v1.5.1
- gorm.io/driver/postgres: v1.4.8 -> v1.5.2
- gorm.io/driver/sqlite: v1.4.4 -> v1.5.1
- github.com/go-sql-driver/mysql: v1.7.0 -> v1.7.1
- go.mongodb.org/mongo-driver: v1.11.2 -> v1.11.6
- github.com/qiniu/qmgo: v1.1.5 -> v1.1.6
- github.com/sirupsen/logrus: v1.9.0 -> v1.9.2
- github.com/mrz1836/postmark: v1.3.0 -> v1.4.0
v1.6.8
new feature
⚡ option to use encrypted connections to MySQL instance
please check newly added environment variables for .env file
dependency update
⚡ bumped gin from v1.8.2 to v1.9.0
⚡ bumped golang-jwt/jwt/v4 from v4.4.3 to v4.5.0
improvement
⚡ when environment variables are loaded during config settings,
remove leading and trailing whitespaces
test file
⚡ new test files added for lib middleware
v1.6.7
direct dependencies
⚡ github.com/qiniu/qmgo from v1.1.4 to v1.1.5
⚡ github.com/mediocregopher/radix/v4 from v4.1.1 to v4.1.2
⚡ gorm.io/gorm from v1.24.3 to v1.24.5
⚡ github.com/joho/godotenv from v1.4.0 to v1.5.1
⚡ gorm.io/driver/mysql from v1.4.5 to v1.4.7
⚡ gorm.io/driver/postgres from v1.4.6 to v1.4.8
⚡ go.mongodb.org/mongo-driver from v1.11.1 to v1.11.2
indirect dependencies
⚡ github.com/jackc/pgx/v5 from v5.2.0 to v5.3.0
⚡ github.com/lib/pq from v1.10.2 to v1.10.4
⚡ github.com/youmark/pkcs8 set to v0.0.0-20181117223130-1be2e3e5546d
⚡ golang.org/x/crypto from v0.4.0 to v0.6.0
⚡ golang.org/x/net from v0.4.0 to v0.7.0
⚡ golang.org/x/sync from v0.0.0-20220923202941-7f9b1623fab7 to v0.1.0
⚡ golang.org/x/sys from v0.3.0 to v0.5.0
⚡ golang.org/x/text from v0.5.0 to v0.7.0
security fix
CWE-400
Details: https://cwe.mitre.org/data/definitions/400.html
test files
added test files for middleware package