wemake-services/django-modern-rest 0.8.0

Version 0.8.0

on GitHub

In this version we focused on reworking on throttling internal API and our DjangoSession auth support.

Breaking changes

• Breaking: Renamed APIRedirectError to RedirectTo, #922
• Breaking: Split BaseThrottleBackend into BaseThrottleAsyncBackend
  and BaseThrottleSyncBackend, #942
• Breaking: Renamed DjangoCache into SyncDjangoCache,
  added AsyncDjangoCache, #942
• Breaking: Changed BaseThrottleBackend API: now it requires
  .incr and .get methods, the first one should ideally
  be an atomic increment, the second one is for reading objects only, #942
• Breaking: Removed BaseThrottleAlgorithm.record method,
  now BaseThrottleAlgorithm.access must also record accesses.
  This will help to make throttling more atomic, #942

Migrations prompt

User-facing changes:

Apply this change to the code that uses `django-modern-rest`:
1. Replace `dmr.response.APIRedirectError` with `dmr.response.RedirectTo`
2. Replace `dmr.throttling.backend.DjangoCache`
   with `dmr.throttling.backend.SyncDjangoCache` for sync throttles 
   and with `dmr.throttling.backend.AsyncDjangoCache` for async throttles

Features

• Added SyncRedis and AsyncRedis throttling backends, #977
• Added RefreshTokenSyncController and RefreshTokenAsyncController
  to issue new access/refresh token pairs from a valid refresh token, #907
• Added validate_negotiation metadata flag, so we can explicitly validate,
  that returned response followed the negotiation process, #711
• Added accepted_header as a faster alternative
  to django's HttpRequest.accepts, #854

Bugfixes

• Fixed OpenAPI schema for Django session auth
  when CSRF_USE_SESSIONS=True, #674
• Fixed that itemSchema was possible to be rendered
  in OpenAPI 3.0.0 and 3.1.0, #908
• Fixed response validation when global error handler returns
  HttpResponse with a different content type than the negotiated
  renderer, #711
• Fixed collectstatic failure when using ManifestStaticFilesStorage, #927
• Fixed datetime validation when using .to_response, #938
• Fixed a bug that ObtainTokensAsyncController was not setting
  the request.auser attribute, #953
• Fixed a bug that JWTSyncAuth was not setting request.auser, #953
• Fixed ResponseNegotiator raising NotAcceptableError on streaming
  endpoints when Accept: text/event-stream was sent without
  application/json (the default browser EventSource case), which
  made 4xx/5xx error bodies and response validation crash with a 500
  instead of rendering the configured non-streaming default, #962
• Fixed that original traceback was not shown
  for BaseSchemaGenerator.get_schema, #961

Misc

• Optimized dmr_client and dmr_rf test fixtures to use msgspec
  for JSON encoding and decoding when available, #889 and #976
• Optimized how per-endpoint throttle locks are used, #942

New Contributors

• @sh1rokovs made their first contribution in #711
• @azad-mammedov made their first contribution in #913
• @Stranger6667 made their first contribution in #917
• @hydrauluu made their first contribution in #940
• @Peopl3s made their first contribution in #947
• @mvanhorn made their first contribution in #950
• @MikeVL made their first contribution in #964

Full Changelog: 0.7.0...0.8.0