• Support fasthttp KeepHijackedConns option. See fasthttp docs for more.
• Fix determineHandler bug for reflect handlers.
• grypto/salt generator now supports retry if crypto.Reader fails

• ctx.Sanitize(), ctx.Sanitizer() and app.SetSanitizerPolicy() introduced thanks to bluemonday. See third_party_licenses/bluemonday for bluemonday's license.

• The Behind interface, that should allow proper IP detection as soon as you provide proper unwrapper.
• First Behind unwrapper for Akamai. NOTE: they do not provide support for that unwrapper. If you have any bugs, please contact our support or open an issue.
• When registering route, in the handler path github.com/gramework/gramework/ replaced with #gramework for short.

• Check gql json content type with space
• Fix minor grypto lint warning
• gocsv vendor fix

• Copy logger level from Logger.Level in New() by default

• grypto package rewritten and will use scrypt instead of bcrypt by default, allowing you to still verify both hashes with MCF. This closes the bcrypt vulnerability of long passwords (>56 characters).
• Refactoring and vendor fixes (1.5.4-rc1)

• Refactoring and vendor fixes
• Backported 1.6.2 patch: Check JSON content type with space

• Refactoring and vendor fixes

• metrics middleware refactored and fixed (#61)

• Gramework Environments refactored. You can find the list of supported environment names below:

environments := map[string]Environment{
    "prod":        PROD,
    "production":  PROD,
    "stage":       STAGE,
    "staging":     STAGE,
    "dev":         DEV,
    "development": DEV,
}

• Modify context.go to make it clearer
• Fix typos
• Unify docs/CHANGELOG.md

• Separate store static route. Allows both /post/:id and /post/about routes
• Health checks module added
• Fix resource usage leak in ctx.Proxy()
• Sub() now allows converting App's root router to a SubRouter type

• Set function for the cookie path fixed

• Regression fixed: empty app name. Now if no OptAppName provided App.name will fallback to default setting

• Add OptAppName option for App initializer
• Fix ability to set empty "" server name
• Fix fasthttp.Server name set via App.SetName()
• Method App.SetName() market as deprecated in favor of OptAppName
• App.ListenAndServeAllDev() and App.ListenAndServeAutoTLSDev() methods marked as deprecated and from now is simple aliases of App.ListenAndServeAll() and App.ListenAndServeAutoTLS() accordingly
• Fix go.mod dependencies and go mod vendor apply to support older versions of GO

• Add SubRouter.Handle() method with the same behaviour as Router.Handle() and App.Handle().

• Fix health check formatting
• Unify docs/CHANGELOG.md style

• Introduce reflective handler support. Can be useful for any POSTs, including multi-typed JSON requests, etc.

• Gramework serving static pre-defined JSON as a handler, see gramework.JSON() for more info

• Introduce app.SetCookiePath()

• Introduce app.SetCookieExpire() and fix cookie logic.

• Add support for PORT environment
• Add support for Gramework Environments. We have three environments: DEV, STAGE and PROD. You can switch them with GRAMEWORK_ENV or via gramework.SetEnv().

• Codestyle fixes
• Log gramework version and system information on startup
• Handler name: show the path to file starting from GOPATH
• Gramework now supports serving static pre-defined HTML as a handler, see gramework.HTML() for more info

• Minor vendor fixes
• Fix router bug
• Env fix
• Router issue fixed
• GQLHandler now can deny introspection requests
• Fix internal logger
• Log handler names
• Support methods for handlers
• Environment support
• Default panic handler introduced along with new app options:
  • NoDefaultPanicHandler bool - disables default panic handler. You may also overwrite it with custom panic handler by setting it classically.
  • PanicHandlerNoPoweredBy bool - disables "Powered by Gramework" block
  • PanicHandlerCustomLayout string - Custom layout sent after default page layout. You may use it for analytics etc.
• Request tracing enabled by default. You can disable it by setting the log level to anything better than DebugLevel.
• GraphIQL released
• ctx.MWKill() introduced. This function kills the current context and stops any user-defined processing. This function intended for use in middlewares.
• mw/xhostname: middleware package created and initialized with xhostname. This middleware provides X-Hostname header in each request and useful when using scalable container platform to see which host sent you current response.
• app.SetCookieDomain(), ctx.GetCookieDomain() and ContextFromValue(context.Context) bringed in. Those features simplify working with github.com/graph-gophers/graphql-go and give you ability to run your own SSO, if you'd like to.
• gramework.New() now supports Opts. See OptUseServer and OptMaxRequestBodySize in opts.go for examples
• Add ToContext, DecodeGQL and ContentType functions in Context
• SPAIndex now supports handlers, that can be useful with template engines of your choice
• Add to Context "knowledge" about Sub's (see issue #35)
• BREAKING CHANGE: client and sqlgen experimental packages moved to x subpackage!
• travis config updated: we supported go 1.9.2, 1.9.x, 1.10.x and tip before, now we removing obsolete versions and extend our support list:
  • 1.9.4
  • 1.9.5
  • 1.9.6
  • 1.9.x
  • 1.10.1
  • 1.10.2
  • 1.10.3
• Gramework Protection now doesn't uses any hash algo to compute remote ip hash, if ip is valid we using the ip directly. That also fixes a minor security issue
• DisableFlags() - DisableFlags globally disables default gramework flags, which is useful when using custom flag libraries like pflag.
• Protect enables Gramework Protection for routes registered after Protect() call.

Protects all routes, that prefixed with given enpointPrefix. For example:

app := gramework.New()
app.GET("/internal/status", serveStatus) // will **not be** protected, .Protected() isn't called yet
app.Protect("/internal")
registerYourInternalRoutes(app.Sub("/internal")) // all routes here **are** protected

Any blacklisted ip can't access protected enpoints via any method. The blacklist can work automatically, manually or both. To disable automatic blacklist do App.MaxHackAttemts(-1). Automatic blacklist bans suspected IP after App.MaxHackAttempts(). This behavior disabled for whitelisted IP.

• Brand new Gramework Protection:
  • app.Protect(): enables Gramework Protection for routes registered after Protect() call.
  • app.Whitelist(): adds given ip to Gramework Protection trustedIP list.
  • app.Untrust(): removes given ip from trustedIP list, that enables protection of Gramework Protection enabled endpoints for given IP too. Opposite of app.Whitelist.
  • app.Blacklist(): adds given IP to untrustedIP list, if it's not whitelisted. Any IP blacklisted with Gramework Protection can't access protected endpoints via any method.
  • app.Suspect(): adds given IP to Gramework Protection suspectedIP list.
  • app.MaxHackAttempts(): sets new max hack attempts for blacklist triggering in The Gramework Protection. If 0 passed, MaxHackAttempts returns current value without setting a new one. If -1 passed, automatic blacklist disabled. See ctx.Whitelist(), ctx.Blacklist() and ctx.Suspect() for manual Gramework Protection control.
  • ctx.IsWhitelisted(): checks if we have current client in Gramework Protection trustedIP list. Use ctx.Whitelist() to add current client to trusted list.
  • ctx.IsBlacklisted(): checks if we have current client in Gramework Protection untrustedIP list. Use ctx.Blacklist() to add current client to untrustedIP list.
  • ctx.IsSuspect(): checks if we have current client in Gramework Protection suspectedIP list. Use ctx.Suspect() to add current client to suspectedIP list.
  • ctx.Whitelist(): adds given ip to trustedIP list of the Gramework Protection. To remove IP from whitelist, call App.Untrust()
  • ctx.Untrust(): deletes given ip from trustedIP list, that enables protection of Gramework Protection enabled endpoints for given ip too. Opposite of ctx.Whitelist().
  • ctx.Blacklist(): adds given ip to untrustedIP list, if it's not whitelisted. Any blacklisted ip can't access protected enpoints via any method.
  • ctx.Suspect(): adds current client ip to Gramework Protection suspectedIP list.
  • ctx.HackAttemptDetected(): Suspect adds given ip to Gramework Protection suspectedIP list. Use it when you detected app-level hack attempt from current client.
  • ctx.SuspectsHackAttempts(): SuspectsHackAttempts returns hack attempts detected with Gramework Protection both automatically and manually by calling Context.HackAttemptDetected(). For any whitelisted ip this function will return 0.
• Test fix: use letsencrypt stage environment instead of production one
• ctx.Encode() now supports csv marshaling
• ctx.ToCSV() and ctx.CSV() added
• Fix documentation for ctx.RequestID()
• Default context logger (ctx.Logger) now prints request id
• Panic handler now can catch more request id generation panics from google's uuid if any
• Full X-Request-ID support in requests. Added support of X-Request-ID in request headers that have the following logic:
  • When X-Request-ID received in headers, use it as ctx.requestID
  • When X-Request-ID was not received in headers, generate it with Google's UUID and save it as ctx.requestID
• Source code layout refactoring
• Third-party licenses moved to /third_party_licenses
• Changelog wording fixes
• Improved router's stability, fixed an issue that might cause a potential denial of service. We recommend you to update
• Added apex/log adapter for valyala/fasthttp.Logger
• Linter's fixes
• Basic Auth support via ctx.Auth() which returns *gramework.Auth
• ctx.BadRequest() introduced
• Supported GetStringFlag(name string) (value string, ok bool)
• Support of func(*Context) map[string]interface{} and func() map[string]interface{} to JSON encoding
• Support of func(*Context) (r map[string]interface{}, err error) and func() (r map[string]interface{}, err error) if r == nil && err == nil then client receive HTTP/1.1 204 No Content

• Minor vendor fixes
• Fix router bug

• Env fix
• Router issue fixed
• GQLHandler now can deny introspection requests

• Fix internal logger
• Log handler names
• Support methods for handlers
• Environment support

• Default panic handler introduced along with new app options:
  • NoDefaultPanicHandler bool - disables default panic handler. You may also overwrite it with custom panic handler by setting it classically.
  • PanicHandlerNoPoweredBy bool - disables "Powered by Gramework" block
  • PanicHandlerCustomLayout string - Custom layout sent after default page layout. You may use it for analytics etc.
• Requests tracing is now by default. You can disable it by setting the log level to anything better than DebugLevel.
• GraphIQL released

• ctx.MWKill() introduced. This function kills current context and stop any user-defined processing. This function intended for use in middlewares.

• mw/xhostname: middleware package created and initialized with xhostname. This middleware provides X-Hostname header in each request and useful when using scalable container platform to see which host sent you current response.

• app.SetCookieDomain(), ctx.GetCookieDomain() and ContextFromValue(context.Context) bringed in. Those features simplify working with github.com/graph-gophers/graphql-go and give you ability to run your own SSO, if you'd like to.

• gramework.New() now supports Opts. See OptUseServer and OptMaxRequestBodySize in opts.go for examples

• Add ToContext, DecodeGQL and ContentType functions in Context
• SPAIndex now supports handlers, that can be useful with template engines of your choice

• Add to Context "knowledge" about Sub's (see issue #35)

• BREAKING CHANGE: client and sqlgen experimental packages moved to x subpackage!
• travis config updated: we supported go 1.9.2, 1.9.x, 1.10.x and tip before, now we removing obsolete versions and extend our support list:
  • 1.9.4
  • 1.9.5
  • 1.9.6
  • 1.9.x
  • 1.10.1
  • 1.10.2
  • 1.10.3

• Gramework Protection now doesn't use any hash algo to compute remote IP hash, if IP is valid we using the IP directly. That also fixes a minor security issue.

• DisableFlags() - DisableFlags globally disables default gramework flags, which is useful when using custom flag libraries like pflag.

Protect enables Gramework Protection for routes registered after Protect() call.

Protects all routes, that prefixed with given enpointPrefix. For example:

app := gramework.New()
app.GET("/internal/status", serveStatus) // will **not be** protected, .Protected() isn't called yet
app.Protect("/internal")
registerYourInternalRoutes(app.Sub("/internal")) // all routes here **are** protected

Any blacklisted ip can't access protected enpoints via any method. The blacklist can work automatically, manually or both. To disable automatic blacklist do App.MaxHackAttemts(-1). Automatic blacklist bans suspected IP after App.MaxHackAttempts(). This behavior disabled for whitelisted IP.

• Brand new Gramework Protection:
  • app.Protect(): enables Gramework Protection for routes registered after Protect() call.
  • app.Whitelist(): adds given ip to Gramework Protection trustedIP list.
  • app.Untrust(): removes given ip from trustedIP list, that enables protection of Gramework Protection enabled endpoints for given IP too. Opposite of app.Whitelist.
  • app.Blacklist(): adds given IP to untrustedIP list, if it's not whitelisted. Any IP blacklisted with Gramework Protection can't access protected endpoints via any method.
  • app.Suspect(): adds given IP to Gramework Protection suspectedIP list.
  • app.MaxHackAttempts(): sets new max hack attempts for blacklist triggering in The Gramework Protection. If 0 passed, MaxHackAttempts returns current value without setting a new one. If -1 passed, automatic blacklist disabled. See ctx.Whitelist(), ctx.Blacklist() and ctx.Suspect() for manual Gramework Protection control.
  • ctx.IsWhitelisted(): checks if we have current client in Gramework Protection trustedIP list. Use ctx.Whitelist() to add current client to trusted list.
  • ctx.IsBlacklisted(): checks if we have current client in Gramework Protection untrustedIP list. Use ctx.Blacklist() to add current client to untrustedIP list.
  • ctx.IsSuspect(): checks if we have current client in Gramework Protection suspectedIP list. Use ctx.Suspect() to add current client to suspectedIP list.
  • ctx.Whitelist(): adds given ip to trustedIP list of the Gramework Protection. To remove IP from whitelist, call App.Untrust()
  • ctx.Untrust(): deletes given ip from trustedIP list, that enables protection of Gramework Protection enabled endpoints for given ip too. Opposite of ctx.Whitelist().
  • ctx.Blacklist(): adds given ip to untrustedIP list, if it's not whitelisted. Any blacklisted ip can't access protected enpoints via any method.
  • ctx.Suspect(): adds current client ip to Gramework Protection suspectedIP list.
  • ctx.HackAttemptDetected(): Suspect adds given ip to Gramework Protection suspectedIP list. Use it when you detected app-level hack attempt from current client.
  • ctx.SuspectsHackAttempts(): SuspectsHackAttempts returns hack attempts detected with Gramework Protection both automatically and manually by calling Context.HackAttemptDetected(). For any whitelisted IP, this function returns 0.
• Test fix: use letsencrypt stage environment instead of production one

• ctx.Encode() now supports csv marshaling
• ctx.ToCSV() and ctx.CSV() added
• Fix documentation for ctx.RequestID()

• Default context logger (ctx.Logger) now prints request id
• Panic handler now can catch more request id generation panics from google's UUID if any

• Full X-Request-ID support in requests. Added support of X-Request-ID in request headers that have the following logic:
  • When X-Request-ID received in headers, use it as ctx.requestID
  • When X-Request-ID was not received in headers, generate it with Google's UUID and save it as ctx.requestID
• Source code layout refactoring
• Third-party licenses moved to /third_party_licenses
• Changelog wording fixes

• Improved router's stability, fixed an issue that might cause a potential denial of service. We recommend you to update
• Added apex/log adapter for valyala/fasthttp.Logger
• Linter's fixes

• Basic Auth support via ctx.Auth() which returns *gramework.Auth
• ctx.BadRequest() introduced

• Supported GetStringFlag(name string) (value string, ok bool)

• Support of func(*Context) map[string]interface{} and func() map[string]interface{} to JSON encoding
• Support of func(*Context) (r map[string]interface{}, err error) and func() (r map[string]interface{}, err error) if r == nil && err == nil then client receive HTTP/1.1 204 No Content

• Initial release