♻️ fix!: context key collisions

[sixcolors]

Fixes context key collisions mentioned in issue gofiber/fiber#2684

related to gofiber/fiber#2781

BREAKING CHANGE

Intended for v3

[nickajacks1]

The FromContext pattern is a lot easier to use! 👍
Are these the only middlewares in this repo that need updating?

[sixcolors]

The FromContext pattern is a lot easier to use! 👍 Are these the only middlewares in this repo that need updating?

Appears that way. At least in core and contrib. 3rd party middleware were not reviewed.

[sixcolors]

@ReneWerner87 I created a v3-beta branch, you can merge this into that. (PR set to merge there)

[gaby]

/gemini review

[gemini-code-assist]

Code Review

This pull request addresses context key collisions by using unexported key types, which is a great improvement. However, the new FromContext function in the jwt package introduces a critical bug that can cause a panic. Additionally, the examples in the paseto README demonstrate an unsafe usage of its new FromContext function, which can also lead to panics. I've provided suggestions to fix these issues.

[ReneWerner87]

@sixcolors can you solve the merge conflicts

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

🗂️ Base branches to auto review (2)

• master
• main

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch 2684-context-key-collisions-v3

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai or @coderabbitai title anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[sixcolors]

@sixcolors can you solve the merge conflicts

Okay done.

[sixcolors]

/gemini review

[Copilot]

Pull Request Overview

This PR addresses context key collisions by replacing string-based context keys with unexported typed context keys in both JWT and PASETO middleware packages. The changes prevent potential conflicts when multiple packages store values in the Fiber context using the same string keys.

• Introduces unexported contextKey type and typed constants for context storage
• Removes configurable ContextKey field from middleware configuration
• Adds FromContext helper functions for type-safe context value retrieval

Reviewed Changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
jwt/jwt.go	Implements typed context keys and FromContext helper function
jwt/config.go	Removes ContextKey configuration field and related logic
jwt/config_test.go	Removes test for deprecated ContextKey configuration
jwt/jwt_test.go	Adds test for new FromContext function
jwt/README.md	Updates documentation to reflect API changes and removes ContextKey references
paseto/paseto.go	Implements typed context keys and FromContext helper function
paseto/config.go	Removes ContextKey configuration field and related logic
paseto/config_test.go	Removes test for deprecated ContextKey configuration
paseto/paseto_test.go	Updates tests to use new FromContext function
paseto/README.md	Updates documentation to reflect API changes and adds usage examples

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[gemini-code-assist]

Code Review

This pull request correctly addresses context key collisions by using unexported key types for storing data in the context, a recommended practice in Go. The changes are applied to both the jwt and paseto middleware. However, I've identified a critical issue in the jwt package where the new FromContext function can cause a panic if the token is not found in the context. Additionally, the usage examples in the jwt README have not been updated to reflect the API changes, which will lead to runtime panics for users who copy the code. The changes for the paseto package appear to be correct and well-documented.

[sixcolors]

/gemini review

[gemini-code-assist]

Code Review

This pull request refactors the JWT and Paseto middleware to use unexported context keys, which is a great improvement to prevent key collisions. The implementation is solid and follows Go best practices. My review focuses on improving the documentation to match the code changes and to promote safer usage patterns in the examples. I've pointed out some inconsistencies in the JWT README's configuration table and suggested making the code examples in the Paseto README more robust by adding checks for nil values before type assertions to prevent potential panics.

[sixcolors]

@ReneWerner87
We should probably migrate:

| TokenLookup    | `string`                        | TokenLookup is a string in the form of `<source>:<name>` that is used   

To Extractor pattern.