Swagger builder and input validation for Go servers

Jake Coffman

Last update: Jan 5, 2023

Overview

crud

A Swagger/OpenAPI builder and validation library for building HTTP/REST APIs.

Heavily inspired by hapi and the hapi-swagger projects.

No additional dependencies besides the router you choose.

Status

This project is not stable yet, API is still changing occasionally and there are missing features.

That being said, it's already pretty useful! If you are not risk averse then use it and pitch in.

Why

Swagger is great, but up until now your options to use swagger are:

Write it by hand and then make your server match your spec.
Write it by hand and generate your server.
Generate it from comments in your code.

None of these options seems like a great idea.

This project takes another approach: make a specification in Go code using nice builders where possible. The swagger is generated from this spec and validation is done before your handler gets called.

This reduces boilerplate that you have to write and gives you nice documentation too!

Examples

Getting started

Check the example directory under the adapters for a simple example.

Start by getting the package go get github.com/jakecoffman/crud

Then in your main.go:

Create a router with NewRouter, use an adapter from the adapters sub-package or write you own.
Add routes with Add.
Then call Serve.

Routes are specifications that look like this:

crud.Spec{
	Method:      "PATCH",
	Path:        "/widgets/{id}",
	PreHandlers: Auth,
	Handler:     CreateHandler,
	Description: "Adds a widget",
	Tags:        []string{"Widgets"},
	Validate: crud.Validate{
		Path: crud.Object(map[string]crud.Field{
			"id": crud.Number().Required().Description("ID of the widget"),
        }),
		Body: crud.Object(map[string]crud.Field{
			"owner": crud.String().Required().Example("Bob").Description("Widget owner's name"),
			"quantity": crud.Integer().Min(1).Default(1).Description("The amount requested")
		}),
	},
}

This will add a route /widgets/:id that responds to the PATCH method. It generates swagger and serves it at the root of the web application. It validates that the ID in the path is a number, so you don't have to. It also validates that the body is an object and has an "owner" property that is a string, again so you won't have to.

It mounts the swagger-ui at / and loads up the generated swagger.json:

The PreHandlers run before validation, and the Handler runs after validation is successful.

Comments

Json Array in Body field of Validate does not return wrong type for Json Object
Describe the bug

Validation of a json object body works, but validation of a json array body does not work.

To reproduce the bug

Create a validation spec similar to the following:

Validate: crud.Validate{ Body: crud.Array().Items(crud.String()), },

Then send a request body with something like {}. I would expect the error body validation failed for field body: wrong type passed, but no validation error occurs.

Any other details

On the flip side, passing a json array for a json object body does fail validation correctly. For example:

Validate: crud.Validate{ Body: crud.Object(map[string]crud.Field{ "test": crud.String(), }), },

Then send a request body with something like []. I get the following validation error:

body validation failed for field body: wrong type passed

which is what I would expect.
bug
opened by matthewtylerwood 6
Nested KindObjects not populated in the generated Swagger
Is your feature request related to a problem? Please describe. I noticed today nested object fields are not populated in the swagger output because of the following TODO in the code:

if field.kind == KindObject { // TODO }

Describe the solution you'd like Is this because of an issue you ran into? I was thinking about trying to take a stab at it, but I wasn't sure if you were currently working on it or had ideas about how you wanted to implement.
enhancement
opened by matthewtylerwood 4
Bump github.com/gin-gonic/gin from 1.7.7 to 1.8.0
Bumps github.com/gin-gonic/gin from 1.7.7 to 1.8.0.

Release notes

Sourced from github.com/gin-gonic/gin's releases.

v1.8.0

Changelog

BUGFIXES

Fixed SetOutput() panics on go 1.17 #2861

Fix: wrong when wildcard follows named param #2983

Fix: missing sameSite when do context.reset() #3123

ENHANCEMENTS

Use Header() instead of deprecated HeaderMap #2694

RouterGroup.Handle regular match optimization of http method #2685

Add support go-json, another drop-in json replacement #2680

Use errors.New to replace fmt.Errorf will much better #2707

Use Duration.Truncate for truncating precision #2711

Get client IP when using Cloudflare #2723

Optimize code adjust #2700

Optimize code and reduce code cyclomatic complexity #2737

gin.Context with fallback value from gin.Context.Request.Context() #2751

Improve sliceValidateError.Error performance #2765

Support custom struct tag #2720

Improve router group tests #2787

Fallback Context.Deadline() Context.Done() Context.Err() to Context.Request.Context() #2769

Some codes optimize #2830 #2834 #2838 #2837 #2788 #2848 #2851 #2701

TrustedProxies: Add default IPv6 support and refactor #2967

Test(route): expose performRequest func #3012

Support h2c with prior knowledge #1398

Feat attachment filename support utf8 #3071

Feat: add StaticFileFS #2749

Feat(context): return GIN Context from Value method #2825

Feat: automatically SetMode to TestMode when run go test #3139

Add TOML bining for gin #3081

IPv6 add default trusted proxies #3033

DOCS

Add note about nomsgpack tag to the readme #2703

Changelog

Sourced from github.com/gin-gonic/gin's changelog.

Gin v1.8.0

BUGFIXES

Fixed SetOutput() panics on go 1.17 #2861

Fix: wrong when wildcard follows named param #2983

Fix: missing sameSite when do context.reset() #3123

ENHANCEMENTS

Use Header() instead of deprecated HeaderMap #2694

RouterGroup.Handle regular match optimization of http method #2685

Add support go-json, another drop-in json replacement #2680

Use errors.New to replace fmt.Errorf will much better #2707

Use Duration.Truncate for truncating precision #2711

Get client IP when using Cloudflare #2723

Optimize code adjust #2700

Optimize code and reduce code cyclomatic complexity #2737

gin.Context with fallback value from gin.Context.Request.Context() #2751

Improve sliceValidateError.Error performance #2765

Support custom struct tag #2720

Improve router group tests #2787

Fallback Context.Deadline() Context.Done() Context.Err() to Context.Request.Context() #2769

Some codes optimize #2830 #2834 #2838 #2837 #2788 #2848 #2851 #2701

TrustedProxies: Add default IPv6 support and refactor #2967

Test(route): expose performRequest func #3012

Support h2c with prior knowledge #1398

Feat attachment filename support utf8 #3071

Feat: add StaticFileFS #2749

Feat(context): return GIN Context from Value method #2825

Feat: automatically SetMode to TestMode when run go test #3139

Add TOML bining for gin #3081

IPv6 add default trusted proxies #3033

DOCS

Add note about nomsgpack tag to the readme #2703

Commits

38eb5ac add v1.8.0 changelog (#3160)

60e24d5 chore(CI/CD): add go version release flow (#3159)

4b68a5f chore: update go.mod and remove space from copyright (#3158)

ed03102 [GIN-001] - Add TOML bining for gin (#3081)

aa60021 Fix intercepting headers in middlewares (#1271)

87811a9 fix: the trusted proxies should support ipv6 address by default (#3033)

f1e9428 chore(deps): bump golangci/golangci-lint-action from 3.1.0 to 3.2.0 (#3150)

ef687e0 feat: automatically SetMode to TestMode when run go test. (#3139)

90e7073 chore(deps): bump github/codeql-action from 1 to 2 (#3132)

c131704 chore(deps): bump github.com/goccy/go-json from 0.9.6 to 0.9.7 (#3131)

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies
opened by dependabot[bot] 1

Support pattern for String fields

Is your feature request related to a problem? Please describe. Currently there is no way to enforce a pattern on a string field similar to the pattern regex field in the Swagger 2.0 spec.

Describe the solution you'd like String fields could use a new .Pattern() to supply a regex and enforce a pattern on string fields. I think fields of other types would just ignore this helper?

This could look something like the following (I didn't show it below, but could also add Pattern to the Parameter/JsonSchema structs so that field also gets included in the swagger):

Let me know what you think. If you accept PRs, I could also try to put something together after the holiday week.

// Field allows specification of swagger or json schema types using the builder pattern.
type Field struct {
	kind        string
	obj         map[string]Field
	max         *float64
	min         *float64
	// TODO: New pattern field
	pattern     *regexp.Regexp
	required    *bool
	example     interface{}
	description string
	enum        enum
	_default    interface{}
	arr         *Field
	allow       enum
	strip       *bool
	unknown     *bool
}

...

var (
	errRequired     = fmt.Errorf("value is required")
	errWrongType    = fmt.Errorf("wrong type passed")
	errMaximum      = fmt.Errorf("maximum exceeded")
	errMinimum      = fmt.Errorf("minimum exceeded")
	errEnumNotFound = fmt.Errorf("value not in enum")
	errUnknown      = fmt.Errorf("unknown value")
	// TODO: New Error
	errPattern      = fmt.Errorf("value does not match pattern")
)

...

	case string:
		if f.kind != KindString {
			return errWrongType
		}
		if f.required != nil && *f.required && v == "" && !f.allow.has("") {
			return errRequired
		}
		if f.max != nil && len(v) > int(*f.max) {
			return errMaximum
		}
		if f.min != nil && len(v) < int(*f.min) {
			return errMinimum
		}
		// TODO: This would be a new check
		if !f.pattern.MatchString(v) {
			return errPattern
		}

...

// Pattern specifies a regex pattern value for this field
func (f Field) Pattern(pattern string) Field {
	f.pattern = regexp.MustCompile(pattern)
	return f
}

enhancement

opened by matthewtylerwood 1

minLength and maxLength not supported for String fields
Is your feature request related to a problem? Please describe. Currently there is no way to enforce a min and max character length on a string field.

Describe the solution you'd like String fields should use .Min() and .Max() to enforce a character length on string fields.

This could look something like the following:

case string: if f.kind != "string" { return errWrongType } if f.required != nil && *f.required && v == "" && !f.allow.has("") { return errRequired } // These checks would be new if f.max != nil && len(v) > *f.max { return errMaximum } if f.min != nil && len(v) < *f.min { return errMinimum }
enhancement
opened by matthewtylerwood 1
Bump github.com/labstack/echo/v4 from 4.9.0 to 4.9.1
Bumps github.com/labstack/echo/v4 from 4.9.0 to 4.9.1.

Release notes

Sourced from github.com/labstack/echo/v4's releases.

v4.9.1

Fixes

Fix logger panicing (when template is set to empty) by bumping dependency version #2295

Enhancements

Improve CORS documentation #2272

Update readme about supported Go versions #2291

Tests: improve error handling on closing body #2254

Tests: refactor some of the assertions in tests #2275

Tests: refactor assertions #2301

Changelog

Sourced from github.com/labstack/echo/v4's changelog.

v4.9.1 - 2022-10-12

Fixes

Fix logger panicing (when template is set to empty) by bumping dependency version #2295

Enhancements

Improve CORS documentation #2272

Update readme about supported Go versions #2291

Tests: improve error handling on closing body #2254

Tests: refactor some of the assertions in tests #2275

Tests: refactor assertions #2301

Commits

8ad2230 Changelog for v4.9.1

56f63c3 bump github.com/labstack/gommon dependency version

1d5f335 refactor assertions (#2301)

4c44305 update tests (#2275)

79221d9 Update readme about supported Go versions (#2291)

666938e tests: error handling on closing body (#2254)

50e7e56 Improve CORS documentation

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies
opened by dependabot[bot] 0
Bump github.com/labstack/echo/v4 from 4.8.0 to 4.9.0
Bumps github.com/labstack/echo/v4 from 4.8.0 to 4.9.0.

Release notes

Sourced from github.com/labstack/echo/v4's releases.

v4.9.0

Security

Fix open redirect vulnerability in handlers serving static directories (e.Static, e.StaticFs, echo.StaticDirectoryHandler) #2260

Enhancements

Allow configuring ErrorHandler in CSRF middleware #2257

Replace HTTP method constants in tests with stdlib constants #2247

Changelog

Sourced from github.com/labstack/echo/v4's changelog.

v4.9.0 - 2022-09-04

Security

Fix open redirect vulnerability in handlers serving static directories (e.Static, e.StaticFs, echo.StaticDirectoryHandler) #2260

Enhancements

Allow configuring ErrorHandler in CSRF middleware #2257

Replace HTTP method constants in tests with stdlib constants #2247

Commits

16d3b65 Changelog for 4.9.0

0ac4d74 Fix #2259 open redirect vulnerability in echo.StaticDirectoryHandler (used by...

d77e8c0 Added ErrorHandler and ErrorHandlerWithContext in CSRF middleware (#2257)

534bbb8 replace POST constance with stdlib constance

fb57d96 replace GET constance with stdlib constance

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies
opened by dependabot[bot] 0
Bump github.com/labstack/echo/v4 from 4.7.2 to 4.8.0
Bumps github.com/labstack/echo/v4 from 4.7.2 to 4.8.0.

Release notes

Sourced from github.com/labstack/echo/v4's releases.

v4.8.0

Most notable things

You can now add any arbitrary HTTP method type as a route #2237

e.Add("COPY", "/*", func(c echo.Context) error return c.String(http.StatusOK, "OK COPY") })

You can add custom 404 handler for specific paths #2217

e.RouteNotFound("/*", func(c echo.Context) error { return c.NoContent(http.StatusNotFound) })
g := e.Group("/images") g.RouteNotFound("/*", func(c echo.Context) error { return c.NoContent(http.StatusNotFound) })

Enhancements

Add new value binding methods (UnixTimeMilli,TextUnmarshaler,JSONUnmarshaler) to Valuebinder #2127

Refactor: body_limit middleware unit test #2145

Refactor: Timeout mw: rework how test waits for timeout. #2187

BasicAuth middleware returns 500 InternalServerError on invalid base64 strings but should return 400 #2191

Refactor: duplicated findStaticChild process at findChildWithLabel #2176

Allow different param names in different methods with same path scheme #2209

Add support for registering handlers for different 404 routes #2217

Middlewares should use errors.As() instead of type assertion on HTTPError #2227

Allow arbitrary HTTP method types to be added as routes #2237

Changelog

Sourced from github.com/labstack/echo/v4's changelog.

v4.8.0 - 2022-08-10

Most notable things

You can now add any arbitrary HTTP method type as a route #2237

e.Add("COPY", "/*", func(c echo.Context) error return c.String(http.StatusOK, "OK COPY") })

You can add custom 404 handler for specific paths #2217

e.RouteNotFound("/*", func(c echo.Context) error { return c.NoContent(http.StatusNotFound) })
g := e.Group("/images") g.RouteNotFound("/*", func(c echo.Context) error { return c.NoContent(http.StatusNotFound) })

Enhancements

Add new value binding methods (UnixTimeMilli,TextUnmarshaler,JSONUnmarshaler) to Valuebinder #2127

Refactor: body_limit middleware unit test #2145

Refactor: Timeout mw: rework how test waits for timeout. #2187

BasicAuth middleware returns 500 InternalServerError on invalid base64 strings but should return 400 #2191

Refactor: duplicated findStaticChild process at findChildWithLabel #2176

Allow different param names in different methods with same path scheme #2209

Add support for registering handlers for different 404 routes #2217

Middlewares should use errors.As() instead of type assertion on HTTPError #2227

Allow arbitrary HTTP method types to be added as routes #2237

Commits

d48197d Changelog for 4.8.0

cba12a5 Allow arbitrary HTTP method types to be added as routes

a327884 add:README.md-Third-party middlewares-github.com/go-woo/protoc-gen-echo

61422dd Update CI-flow (Go 1.19 +deps)

a9879ff Middlewares should use errors.As() instead of type assertion on HTTPError

70acd57 Fix case when routeNotFound handler is lost when new route is added to the ro...

690e339 Add support for registering handlers for 404 routes (#2217)

9bf1e3c Allow different param names in different methods with same path scheme (#2209)

ddb66e1 Add logger middleware template variables: ${time_unix_milli} and `${time_un...

0644cd6 fix: duplicated findStaticChild process at findChildWithLabel (#2176)

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies
opened by dependabot[bot] 0
Bump github.com/gin-gonic/gin from 1.7.7 to 1.8.1
Bumps github.com/gin-gonic/gin from 1.7.7 to 1.8.1.

Release notes

Sourced from github.com/gin-gonic/gin's releases.

v1.8.1

Changelog

Features

f197a8b feat(context): add ContextWithFallback feature flag (#3166) (#3172)

v1.8.0

Changelog

Break Changes

TrustedProxies: Add default IPv6 support and refactor #2967. Please replace RemoteIP() (net.IP, bool) with RemoteIP() net.IP

gin.Context with fallback value from gin.Context.Request.Context() #2751

BUGFIXES

Fixed SetOutput() panics on go 1.17 #2861

Fix: wrong when wildcard follows named param #2983

Fix: missing sameSite when do context.reset() #3123

ENHANCEMENTS

Use Header() instead of deprecated HeaderMap #2694

RouterGroup.Handle regular match optimization of http method #2685

Add support go-json, another drop-in json replacement #2680

Use errors.New to replace fmt.Errorf will much better #2707

Use Duration.Truncate for truncating precision #2711

Get client IP when using Cloudflare #2723

Optimize code adjust #2700

Optimize code and reduce code cyclomatic complexity #2737

gin.Context with fallback value from gin.Context.Request.Context() #2751

Improve sliceValidateError.Error performance #2765

Support custom struct tag #2720

Improve router group tests #2787

Fallback Context.Deadline() Context.Done() Context.Err() to Context.Request.Context() #2769

Some codes optimize #2830 #2834 #2838 #2837 #2788 #2848 #2851 #2701

Test(route): expose performRequest func #3012

Support h2c with prior knowledge #1398

Feat attachment filename support utf8 #3071

Feat: add StaticFileFS #2749

Feat(context): return GIN Context from Value method #2825

Feat: automatically SetMode to TestMode when run go test #3139

Add TOML bining for gin #3081

IPv6 add default trusted proxies #3033

DOCS

Add note about nomsgpack tag to the readme #2703

... (truncated)

Changelog

Sourced from github.com/gin-gonic/gin's changelog.

Gin v1.8.1

ENHANCEMENTS

feat(context): add ContextWithFallback feature flag #3172

Gin v1.8.0

Break Changes

TrustedProxies: Add default IPv6 support and refactor #2967. Please replace RemoteIP() (net.IP, bool) with RemoteIP() net.IP

gin.Context with fallback value from gin.Context.Request.Context() #2751

BUGFIXES

Fixed SetOutput() panics on go 1.17 #2861

Fix: wrong when wildcard follows named param #2983

Fix: missing sameSite when do context.reset() #3123

ENHANCEMENTS

Use Header() instead of deprecated HeaderMap #2694

RouterGroup.Handle regular match optimization of http method #2685

Add support go-json, another drop-in json replacement #2680

Use errors.New to replace fmt.Errorf will much better #2707

Use Duration.Truncate for truncating precision #2711

Get client IP when using Cloudflare #2723

Optimize code adjust #2700

Optimize code and reduce code cyclomatic complexity #2737

Improve sliceValidateError.Error performance #2765

Support custom struct tag #2720

Improve router group tests #2787

Fallback Context.Deadline() Context.Done() Context.Err() to Context.Request.Context() #2769

Some codes optimize #2830 #2834 #2838 #2837 #2788 #2848 #2851 #2701

TrustedProxies: Add default IPv6 support and refactor #2967

Test(route): expose performRequest func #3012

Support h2c with prior knowledge #1398

Feat attachment filename support utf8 #3071

Feat: add StaticFileFS #2749

Feat(context): return GIN Context from Value method #2825

Feat: automatically SetMode to TestMode when run go test #3139

Add TOML bining for gin #3081

IPv6 add default trusted proxies #3033

DOCS

Add note about nomsgpack tag to the readme #2703

Commits

ed049dd docs: release v1.8.1 version (#3176)

f197a8b feat(context): add ContextWithFallback feature flag (#3166) (#3172)

92ba8e1 fix: typo (#3171)

58303bd docs(changelog): add break changes section (#3170)

5fa3452 chore(deps): bump goreleaser/goreleaser-action from 2 to 3 (#3163)

38eb5ac add v1.8.0 changelog (#3160)

60e24d5 chore(CI/CD): add go version release flow (#3159)

4b68a5f chore: update go.mod and remove space from copyright (#3158)

ed03102 [GIN-001] - Add TOML bining for gin (#3081)

aa60021 Fix intercepting headers in middlewares (#1271)

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies
opened by dependabot[bot] 0
Bump github.com/labstack/echo/v4 from 4.6.3 to 4.7.2
Bumps github.com/labstack/echo/v4 from 4.6.3 to 4.7.2.

Release notes

Sourced from github.com/labstack/echo/v4's releases.

v4.7.2

Fixes

Fix nil pointer exception when calling Start again after address binding error #2131

Fix CSRF middleware not being able to extract token from multipart/form-data form #2136

Fix Timeout middleware write race #2126

Enhancements

Recover middleware should not log panic for aborted handler #2134

v4.7.1

Fixes

Fix e.Static, .File(), c.Attachment() being picky with paths starting with ./, ../ and / after 4.7.0 introduced echo.Filesystem support (Go1.16+) #2123

Enhancements

Remove some unused code #2116

v4.7.0 - 2022-03-01

Enhancements

Add JWT, KeyAuth, CSRF multivalue extractors #2060

Add LogErrorFunc to recover middleware #2072

Add support for HEAD method query params binding #2027

Improve filesystem support with echo.FileFS, echo.StaticFS, group.FileFS, group.StaticFS #2064

Fixes

Fix X-Real-IP bug, improve tests #2007

Minor syntax fixes #1994, #2102, #2102

General

Add cache-control and connection headers #2103

Add Retry-After header constant #2078

Upgrade go directive in go.mod to 1.17 #2049

Add Pagoda #2077 and Souin #2069 to 3rd-party middlewares in README

Changelog

Sourced from github.com/labstack/echo/v4's changelog.

v4.7.2 - 2022-03-16

Fixes

Fix nil pointer exception when calling Start again after address binding error #2131

Fix CSRF middleware not being able to extract token from multipart/form-data form #2136

Fix Timeout middleware write race #2126

Enhancements

Recover middleware should not log panic for aborted handler #2134

v4.7.1 - 2022-03-13

Fixes

Fix e.Static, .File(), c.Attachment() being picky with paths starting with ./, ../ and / after 4.7.0 introduced echo.Filesystem support (Go1.16+) #2123

Enhancements

Remove some unused code #2116

v4.7.0 - 2022-03-01

Enhancements

Add JWT, KeyAuth, CSRF multivalue extractors #2060

Add LogErrorFunc to recover middleware #2072

Add support for HEAD method query params binding #2027

Improve filesystem support with echo.FileFS, echo.StaticFS, group.FileFS, group.StaticFS #2064

Fixes

Fix X-Real-IP bug, improve tests #2007

Minor syntax fixes #1994, #2102, #2102

General

Add cache-control and connection headers #2103

Add Retry-After header constant #2078

Upgrade go directive in go.mod to 1.17 #2049

Add Pagoda #2077 and Souin #2069 to 3rd-party middlewares in README

Commits

ec92fed Update version and changelog for 4.7.2

1919cf4 Timeout middleware write race

01d7d01 Fix CSRF middleware not being able to extract token from `multipart/form-data...

5c38c3b Recover middleware should not log panic for aborted handler (#2134, fixes #2133)

05df10c fix nil pointer exception when calling Start again after address binding error

b445958 Update version and changelog for 4.7.1

54efc38 remove some unused code (#2116)

3f5b733 Fix e.Static, .File(), c.Attachment() being picky with paths starting w...

5ebed44 Update version to v4.7.0

da85d23 Revert "Update direct golang deps"

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies
opened by dependabot[bot] 0
Bump github.com/gin-gonic/gin from 1.6.3 to 1.7.0
Bumps github.com/gin-gonic/gin from 1.6.3 to 1.7.0.

Release notes

Sourced from github.com/gin-gonic/gin's releases.

Release v1.7.0

BUGFIXES

fix compile error from #2572 (#2600)

fix: print headers without Authorization header on broken pipe (#2528)

fix(tree): reassign fullpath when register new node (#2366)

ENHANCEMENTS

Support params and exact routes without creating conflicts (#2663)

chore: improve render string performance (#2365)

Sync route tree to httprouter latest code (#2368)

chore: rename getQueryCache/getFormCache to initQueryCache/initFormCa (#2375)

chore(performance): improve countParams (#2378)

Remove some functions that have the same effect as the bytes package (#2387)

update:SetMode function (#2321)

remove a unused type SecureJSONPrefix (#2391)

Add a redirect sample for POST method (#2389)

Add CustomRecovery builtin middleware (#2322)

binding: avoid 2038 problem on 32-bit architectures (#2450)

Prevent panic in Context.GetQuery() when there is no Request (#2412)

Add GetUint and GetUint64 method on gin.context (#2487)

update content-disposition header to MIME-style (#2512)

reduce allocs and improve the render WriteString (#2508)

implement ".Unwrap() error" on Error type (#2525) (#2526)

Allow bind with a map[string]string (#2484)

chore: update tree (#2371)

Support binding for slice/array obj [Rewrite] (#2302)

basic auth: fix timing oracle (#2609)

Add mixed param and non-param paths (port of httprouter#329) (#2663)

feat(engine): add trustedproxies and remoteIP (#2632)

Changelog

Sourced from github.com/gin-gonic/gin's changelog.

Gin v1.7.0

BUGFIXES

fix compile error from #2572 (#2600)

fix: print headers without Authorization header on broken pipe (#2528)

fix(tree): reassign fullpath when register new node (#2366)

ENHANCEMENTS

Support params and exact routes without creating conflicts (#2663)

chore: improve render string performance (#2365)

Sync route tree to httprouter latest code (#2368)

chore: rename getQueryCache/getFormCache to initQueryCache/initFormCa (#2375)

chore(performance): improve countParams (#2378)

Remove some functions that have the same effect as the bytes package (#2387)

update:SetMode function (#2321)

remove a unused type SecureJSONPrefix (#2391)

Add a redirect sample for POST method (#2389)

Add CustomRecovery builtin middleware (#2322)

binding: avoid 2038 problem on 32-bit architectures (#2450)

Prevent panic in Context.GetQuery() when there is no Request (#2412)

Add GetUint and GetUint64 method on gin.context (#2487)

update content-disposition header to MIME-style (#2512)

reduce allocs and improve the render WriteString (#2508)

implement ".Unwrap() error" on Error type (#2525) (#2526)

Allow bind with a map[string]string (#2484)

chore: update tree (#2371)

Support binding for slice/array obj [Rewrite] (#2302)

basic auth: fix timing oracle (#2609)

Add mixed param and non-param paths (port of httprouter#329) (#2663)

feat(engine): add trustedproxies and remoteIP (#2632)

Commits

d496f64 bump to v1.7.0 version (#2672)

bfc8ca2 feat(engine): add trustedproxies and remoteIP (#2632)

f3de813 Add mixed param and non-param paths (port of httprouter#329) (#2663)

a331dc6 chore: remove duplicate test 'assert.Equal' (#2617)

ed6f85c build: convert to go:build directives (#2664)

1bdf86b Remove the tedious named return value (#2620)

e899771 chore: Deleted spaces (#2622)

b01605b basic auth: fix timing oracle (#2609)

46ddd42 Fixes to the graceful shutdown example (#2552)

f4bc259 fix error gin support min Go version (#2584)

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump github.com/labstack/echo/v4 from 4.9.1 to 4.10.0
Bumps github.com/labstack/echo/v4 from 4.9.1 to 4.10.0.

Release notes

Sourced from github.com/labstack/echo/v4's releases.

v4.10.0

Security

We are deprecating JWT middleware in this repository. Please use https://github.com/labstack/echo-jwt instead.

JWT middleware is moved to separate repository to allow us to bump/upgrade version of JWT implementation (github.com/golang-jwt/jwt) we are using which we can not do in Echo core because this would break backwards compatibility guarantees we try to maintain.

This minor version bumps minimum Go version to 1.17 (from 1.16) due golang.org/x/ packages we depend on. There are several vulnerabilities fixed in these libraries.

Echo still tries to support last 4 Go versions but there are occasions we can not guarantee this promise.

Enhancements

Bump x/text to 0.3.8 #2305

Bump dependencies and add notes about Go releases we support #2336

Add helper interface for ProxyBalancer interface #2316

Expose middleware.CreateExtractors function so we can use it from echo-contrib repository #2338

Refactor func(Context) error to HandlerFunc #2315

Improve function comments #2329

Add new method HTTPError.WithInternal #2340

Replace io/ioutil package usages #2342

Add staticcheck to CI flow #2343

Replace relative path determination from proprietary to std #2345

Remove square brackets from ipv6 addresses in XFF (X-Forwarded-For header) #2182

Add testcases for some BodyLimit middleware configuration options #2350

Additional configuration options for RequestLogger and Logger middleware #2341

Add route to request log #2162

GitHub Workflows security hardening #2358

Add govulncheck to CI and bump dependencies #2362

Fix rate limiter docs #2366

Refactor how e.Routes() work and introduce e.OnAddRouteHandler callback #2337

Changelog

Sourced from github.com/labstack/echo/v4's changelog.

v4.10.0 - 2022-12-27

Security

We are deprecating JWT middleware in this repository. Please use https://github.com/labstack/echo-jwt instead.

JWT middleware is moved to separate repository to allow us to bump/upgrade version of JWT implementation (github.com/golang-jwt/jwt) we are using which we can not do in Echo core because this would break backwards compatibility guarantees we try to maintain.

This minor version bumps minimum Go version to 1.17 (from 1.16) due golang.org/x/ packages we depend on. There are several vulnerabilities fixed in these libraries.

Echo still tries to support last 4 Go versions but there are occasions we can not guarantee this promise.

Enhancements

Bump x/text to 0.3.8 #2305

Bump dependencies and add notes about Go releases we support #2336

Add helper interface for ProxyBalancer interface #2316

Expose middleware.CreateExtractors function so we can use it from echo-contrib repository #2338

Refactor func(Context) error to HandlerFunc #2315

Improve function comments #2329

Add new method HTTPError.WithInternal #2340

Replace io/ioutil package usages #2342

Add staticcheck to CI flow #2343

Replace relative path determination from proprietary to std #2345

Remove square brackets from ipv6 addresses in XFF (X-Forwarded-For header) #2182

Add testcases for some BodyLimit middleware configuration options #2350

Additional configuration options for RequestLogger and Logger middleware #2341

Add route to request log #2162

GitHub Workflows security hardening #2358

Add govulncheck to CI and bump dependencies #2362

Fix rate limiter docs #2366

Refactor how e.Routes() work and introduce e.OnAddRouteHandler callback #2337

Commits

f36d566 Changelog for 4.10.0

a69727e Mark JWT middleware deprecated

0056cc8 Improve comments wording

45402bb Add echo.OnAddRouteHandler field. As name says - this handler is called when ...

f1cf1ec Fix adding route with host overwrites default host route with same method+pat...

895121d Fix rate limiter docs (#2366)

abecadc Merge pull request #2362 from aldas/add_govulncheck_2_ci

bc75cc2 Add govulncheck to CI and bump dependencies. Refactor GitHub workflows.

40eb889 build: harden echo.yml permissions

135c511 Add request route with "route" tag to logger middleware (#2162)

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies
opened by dependabot[bot] 0
Bump github.com/gin-gonic/gin from 1.8.1 to 1.8.2
Bumps github.com/gin-gonic/gin from 1.8.1 to 1.8.2.

Release notes

Sourced from github.com/gin-gonic/gin's releases.

v1.8.2

Changelog

Bug fixes

0c2a691 fix(engine): missing route params for CreateTestContext (#2778) (#2803)

e305e21 fix(route): redirectSlash bug (#3227)

Others

6a2a260 Fix the GO-2022-1144 vulnerability (#3432)

Changelog

Sourced from github.com/gin-gonic/gin's changelog.

Gin v1.8.2

Bugs

fix(route): redirectSlash bug (#3227)

fix(engine): missing route params for CreateTestContext (#2778) (#2803)

Security

Fix the GO-2022-1144 vulnerability (#3432)

Commits

6a2a260 Fix the GO-2022-1144 vulnerability (#3432)

f38c9c8 docs(readme): release v1.8.2 version (#3420)

0c2a691 fix(engine): missing route params for CreateTestContext (#2778) (#2803)

e305e21 fix(route): redirectSlash bug (#3227)

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies
opened by dependabot[bot] 0

Releases(v1.3.0)

v1.3.0(Dec 8, 2021)
#9 Pattern support and validation

#12 Nested objects are modeled correctly

Source code(tar.gz)
Source code(zip)
v1.2.0(Dec 1, 2021)

Full Changelog: https://github.com/jakecoffman/crud/compare/v1.1.0...v1.2.0

Fixes a few issues with validation and adds subtypes date and datetime.
Source code(tar.gz)
Source code(zip)
v1.1.0(Nov 12, 2021)
Fixes #6 - Min/Max not working for String types

Adds a Gorilla Mux adapter

Fixes the echo adapter

Source code(tar.gz)
Source code(zip)
v1.0.0(Aug 24, 2021)

Source code(tar.gz)
Source code(zip)