Releases: pilinux/gorest
v1.6.17
new feature
- now it is possible to use secret (optional) when hashing using Argon2id
by setting value to the new environment variableHASH_SECRET - [fully backward compatible] for all existing applications in production,
keepingHASH_SECRETempty will not break the auth functionality
ci
- do static analysis and test build process for all major OS
(Linux, Mac, Windows) and CPU architectures (arm64, amd64)
v1.6.16
v1.6.15
dependency update
chore(deps): bump go.mongodb.org/mongo-driver from 1.12.0 to 1.12.1
improvement
- return error message from JWT middleware
- option to concatenate access and refresh tokens in authorization header [Authorization: Bearer
accessrefresh]
refactor
JWT middleware
v1.6.14
indirect dependencies update
- github.com/bytedance/sonic: v1.9.1 -> v1.9.2
- github.com/go-playground/validator/v10: v10.14.0 -> v10.14.1
- github.com/montanaflynn/stats: v0.7.1
- github.com/pelletier/go-toml/v2: v2.0.8 -> v2.0.9
- github.com/tilinna/clock: v1.0.2 -> v1.1.0
- golang.org/x/arch: v0.3.0 -> v0.4.0
- golang.org/x/crypto: v0.9.0 -> v0.11.0
- golang.org/x/net: v0.10.0 -> v0.12.0
- golang.org/x/sync: v0.1.0 -> v0.3.0
- golang.org/x/sys: v0.8.0 -> v0.10.0
- golang.org/x/text: v0.9.0 -> v0.11.0
- google.golang.org/protobuf: v1.30.0 -> v1.31.0
Refresh JWT
Client can send the refresh token from HttpOnly cookie, as a Bearer token in the Authorization header, or in the body as JSON.
.env file
User can remove all unused variables from the .env file to keep it clean
v1.6.13
dependencies update
Bumps github.com/qiniu/qmgo from 1.1.7 to 1.1.8.
Bumps go.mongodb.org/mongo-driver from 1.11.7 to 1.12.0.
Bumps github.com/mediocregopher/radix/v4 from 4.1.2 to 4.1.3.
Bumps gorm.io/gorm from 1.25.1 to 1.25.2.
Bumps gorm.io/driver/sqlite from 1.5.1 to 1.5.2.
Bumps github.com/alexedwards/argon2id from v0.0.0-20211130144151-3585854a6387 to v0.0.0-20230305115115-4b3c3280a736.
Bumps github.com/lib/pq from v1.10.4 to v1.10.9.
Bumps github.com/rogpeppe/go-internal from v1.10.0 to v1.11.0.
v1.6.12
dependency update
⚡ github.com/qiniu/qmgo: v1.1.6 -> v1.1.7
supported JWT signing algorithms
- HS256: HMAC-SHA256
- HS384: HMAC-SHA384
- HS512: HMAC-SHA512
- ES256: ECDSA Signature with SHA-256
- ES384: ECDSA Signature with SHA-384
- ES512: ECDSA Signature with SHA-512
- RS256: RSA Signature with SHA-256
- RS384: RSA Signature with SHA-384
- RS512: RSA Signature with SHA-512
CI
gosecsecurity scanner Github action added
modified
⚡ ValidateAccessJWT and ValidateRefreshJWT functions are now exported
v1.6.11
v1.6.10
v1.6.9
new feature
⚡ handle authentication tokens on client devices' cookies
⚡ logout (individually enable option - delete tokens from cookies, ban active tokens)
dependency update
- gorm.io/gorm: v1.24.5 -> v1.25.1
- gorm.io/driver/mysql: v1.4.7 -> v1.5.1
- gorm.io/driver/postgres: v1.4.8 -> v1.5.2
- gorm.io/driver/sqlite: v1.4.4 -> v1.5.1
- github.com/go-sql-driver/mysql: v1.7.0 -> v1.7.1
- go.mongodb.org/mongo-driver: v1.11.2 -> v1.11.6
- github.com/qiniu/qmgo: v1.1.5 -> v1.1.6
- github.com/sirupsen/logrus: v1.9.0 -> v1.9.2
- github.com/mrz1836/postmark: v1.3.0 -> v1.4.0
v1.6.8
new feature
⚡ option to use encrypted connections to MySQL instance
please check newly added environment variables for .env file
dependency update
⚡ bumped gin from v1.8.2 to v1.9.0
⚡ bumped golang-jwt/jwt/v4 from v4.4.3 to v4.5.0
improvement
⚡ when environment variables are loaded during config settings,
remove leading and trailing whitespaces
test file
⚡ new test files added for lib middleware