gofiber/fiber v2.50.0 on GitHub

❗ Breaking Changes

Change signatures of GetReqHeaders and GetRespHeaders (#2650)

To allow single and list values under headers according to the rfc standard

- func (c *Ctx) GetReqHeaders() map[string]string
+ func (c *Ctx) GetReqHeaders() map[string][]string

- func (c *Ctx) GetRespHeaders() map[string]string
+ func (c *Ctx) GetRespHeaders() map[string][]string

👮 Security

Middleware/csrf: Token Vulnerability (GHSA-mv73-f69x-444p, GHSA-94w9-97p3-p368)

https://docs.gofiber.io/api/middleware/csrf

🚀 Improvements to the CSRF middleware:

Added support for single-use tokens through the SingleUseToken configuration option.
Optional integration with GoFiber session middleware through the Session and SessionKey configuration options.
Introduction of origin checks for HTTPS connections to verify referer headers.
Implementation of a Double Submit Cookie approach for CSRF token generation and validation when used without Session.
Enhancement of error handling with more descriptive error messages.
The documentation for the CSRF middleware has been enhanced with the addition of the new options and best practices to improve security.

Thank you @sixcolors

🚀 New

Cookie parser (#2656)
https://docs.gofiber.io/api/ctx#cookieparser

// Field names should start with an uppercase letter
type Person struct {
    Name     string  `cookie:"name"`
    Age      int     `cookie:"age"`
    Job      bool    `cookie:"job"`
}
// Example route
app.Get("/", func(c *fiber.Ctx) error {
    p := new(Person)
    // This method is similar to BodyParser, but for cookie parameters
    if err := c.CookieParser(p); err != nil {
        return err
    }
    
    log.Println(p.Name)     // Joseph
    log.Println(p.Age)      // 23
    log.Println(p.Job)      // true
})

Middleware/cors: Allow disabling caching in preflight requests (#2649)
https://docs.gofiber.io/api/middleware/cors#config

// To disable caching completely, pass MaxAge value negative. It will set the Access-Control-Max-Age header 0.
app.Use(cors.New(cors.Config{MaxAge: -1}))

Middleware/session: Add Reset method to Session struct in session middleware (#2654)
https://docs.gofiber.io/api/middleware/session#signatures

// Provide more flexibility in session management, especially in scenarios like repeated user logins
func (s *Session) Reset() error

Example usage:

// Initialize default config
// This stores all of your app's sessions
store := session.New()

app.Post("/login", func(c *fiber.Ctx) error {
    // Get session from storage
    sess, err := store.Get(c)
    if err != nil {
        panic(err)
    }
    
    // ... validate login ...
    
    // Check if the session is fresh
    if !sess.Fresh() {
        // If the session is not fresh, reset it
        if err := sess.Reset(); err != nil {
            panic(err)
        }
    }
    // Set new session data
    sess.Set("user_id", user.ID)
    // Save session
    if err := sess.Save(); err != nil {
        panic(err)
    }

    return c.SendString(fmt.Sprintf("Welcome %v", user.ID))
})

Middleware/session: Add Delete method to Store struct in session middleware (#2655)
https://docs.gofiber.io/api/middleware/session#signatures

// Provide more control over individual session management, especially in scenarios 
// like administrator-enforced user logout or user-initiated logout from a specific device session
func (s *Store) Delete(id string) error

Example usage:

app.Post("/admin/session/:id/logout", func(c *fiber.Ctx) error {
    // Get session id from request
    sessionID := c.Params("id")

    // Delete the session
    if err := store.Delete(sessionID); err != nil {
        return c.Status(500).SendString(err.Error())
    }

    return c.SendString("Logout successful")
})

🧹 Updates

Middleware/filesystem: Improve status for SendFile (#2664)
Middleware/filesystem: Set response code (#2632)
Refactor Ctx.Method func to improve code readability (#2647)

🛠️ Maintenance

Fix loop variable captured by func literal (#2660)
Run gofumpt and goimports (#2662)
Use utils.AssertEqual instead of t.Fatal on some tests (#2653)
Apply go fix ./... with latest version of go in repository (#2661)
Bump github.com/valyala/fasthttp from 1.49.0 to 1.50.0 (#2634)
Bump golang.org/x/sys from 0.12.0 to 0.13.0 (#2665)

🐛 Fixes

Path checking on route naming (#2676)
Incorrect log depth when use log.WithContext (#2666)
Jsonp ignoring custom json encoder (#2658)
PassLocalsToView when bind parameter is nil (#2651)
Parse ips return invalid in abnormal case (#2642)
Bug parse custom header (#2638)
Middleware/adaptor: Reduce memory usage by replacing io.ReadAll() with io.Copy() (#2637)
Middleware/idempotency: Nil pointer dereference issue on idempotency middleware (#2668)

📚 Documentation

Incorrect status code source (#2667)
Middleware/requestid: Typo in requestid.md (#2675)
Middleware/cors: Update docs to better explain AllowOriginsFunc (#2652)

Full Changelog: v2.49.2...v2.50.0

Thank you @KaptinLin, @Skyenought, @cuipeiyu, @dairlair, @efectn, @gaby, @geerew, @huykn, @jimmyl02, @joey1123455, @joshlarsen, @jscappini, @peczenyj and @sixcolors for making this update possible.