zio/zio-http v3.0.0-RC10

on GitHub

Breaking changes

Query Codec

QueryCodec is now Schema based. Therefore calls that would before look like HttpCodec.queryInt or HttpCodec.queryTo[Int] become HttpCodec.query[Int]. (See the docs for more details)
This also enables using a case class to extract multiple parameters.

Client

The ZClient got some rework done. Most important is, that there is now an explicit streaming and non-streaming API.
The reason is, that for streaming bodies we depended on Scope for which some users used the default application scope.
To reduce possible errors, we offer now batched requests. They do not need a scope. For the streaming ones, please use for example ZIO.scoped to set boundaries in which the streaming body is available. See the docs for more details.

Replaced Endpoint Middleware with explicit security concept

An example says more then 1000 words.

  private val basicAuthContext = HandlerAspect.customAuthProviding[AuthContext] { r =>
    {
      r.headers.get(Header.Authorization).flatMap {
        case Header.Authorization.Basic(uname, password) if Secret(uname.reverse) == password =>
          Some(AuthContext(uname))
        case _                                                                                =>
          None
      }

    }
  }
  
    val endpoint = Endpoint(Method.GET / "test").out[String](MediaType.text.`plain`).auth(AuthType.Basic)
    val routes   =
      Routes(
        endpoint.implementHandler(handler((_: Unit) => withContext((ctx: AuthContext) => ctx.value))),
      ) @@ basicAuthContext

    val response = for {
      client <- ZIO.service[Client]
      locator    = EndpointLocator.fromURL(url"http://localhost:8080")
      executor   = EndpointExecutor(client, locator, Header.Authorization.Basic("admin", "admin".reverse))
      invocation = endpoint(())
      response <- ZIO.scoped(executor(invocation))
    } yield response

This endpoint has a clear auth requirement and uses an aspect to extract information from the headers to be provided to the handler.
Note that the providing works on the level of Routes, so multiple routes can request AuthContext and you need to add the aspect only once.

The endpoint client call requires an EndpointExecutor, that can provide the authentication requirement set on the endpoint.
Either via a value like in the example or an effect.

Replaced Warning header and beautifyErrors with more explicit error config

The default way to handover errors has been the warning header so far. That had multiple problems.
Therefore we replaced it with ErrorResponseConfig. Which should be set globally in the application bootstrap via ErrorResponseConfig.configLayer and can be locally overwritten via the handler aspects ErrorResponseConfig.debug or ErrorResponseConfig.withConfig.

What's Changed

• Use Exit.succeed when body extraction is side-effect free by @kyri-petrou in #2938
• Override URL's toString with encode by @guersam in #2939
• Reorg driver layers by @eyalfa in #2936
• Use ZIO Assistant to Update Readme by @khajavi in #2949
• Update README.md by @zio-assistant in #2950
• Fix application shutdown issue when Server#install is not called by @kyri-petrou in #2966
• Streaming response body content type by @eyalfa in #2967
• Multi-value segments for PathCodecs by @987Nabil in #2959
• Fixes issue #2971 by @gregor-rayman in #2972
• Fix WebSockets when request streaming is enabled by @kyri-petrou in #2978
• Reduce verbosity of test suites by @kyri-petrou in #2979
• Encode SSE based on HttpContentCodec (#2695) by @987Nabil in #2951
• Fix doc typo by @guizmaii in #2989
• Allow nesting Routes with unhandled errors (#2934) by @987Nabil in #2986
• Handle content new lines in fromFormAST (#2976) by @987Nabil in #2983
• Body content type by @eyalfa in #2969
• Remove deprecated App (#2984) by @987Nabil in #2990
• just fail instead of throwing if a relative url is provided by @jgulotta in #2995
• Fix fromZSchemaMulti by @pawelsadlo in #2996
• Generic ServerSentEvents (#2952) by @987Nabil in #2985
• fixes #2963: PartialBooleanAttribute (support no value) by @jgoday in #2973
• Tags for Endpoint and OpenAPI generation (#2716) by @987Nabil in #2930
• Schema based query codecs including validation (#2937) by @987Nabil in #2991
• ServerSentEvents client support (#2953) by @987Nabil in #2987
• Fix sbt module compilation issue when using IntelliJ IDE by @kyri-petrou in #2970
• test for #2652 (issue already fixed in #2935) by @hochgi in #3004
• Fix uuid SegmentCodec matches by @narma in #3007
• Update dependencies by @kyri-petrou in #3010
• Fix ClassCastException: class zio.schema.Schema$Lazy cannot be cast to class zio.schema.Schema$Record by @guizmaii in #3013
• Cache parsing of content-type header by @kyri-petrou in #3011
• Remove stray debug statement from asServerSentEvents by @frekw in #3016
• Expose config option for avoiding context switching when handling requests by @kyri-petrou in #2944
• Validation for OpenAPI generated endpoints (#2786) by @987Nabil in #2968
• [gen] newtype aliases by @hochgi in #3002
• Rework Endpoint authentication by @987Nabil in #2947
• Efficient query optional encoding (#2942) by @987Nabil in #3000
• Add convenient AuthType.Basic and AuthType.Bearer type aliases by @guizmaii in #3020
• Add test for generating OpenAPI for generic payload (#2767) by @987Nabil in #3022
• [gen] clean whitespace noise in generated code by @hochgi in #3021
• Simplify the interface of URL.decode by only returning one possible Exception, instead of all possible Exception by @guizmaii in #3017
• #2941: Cors, accessControlAllowHeaders in option request (prepend pre… by @jgoday in #2943
• QueryParameter validation for OpenAPI (#2993) by @987Nabil in #3025
• Add streaming body constructors with env access (#2817) by @987Nabil in #3018
• Fix doc typo by @geeeezmo in #3027
• Add missing case on the Method implementations by @guizmaii in #3034
• clean some tests repetitive boilerplate by @hochgi in #3038
• Expose additional server config by @kyri-petrou in #3037
• Fix some Endpoint::doc field usages && Rename it to documentation to avoid this kind of mistake in the future by @guizmaii in #3044
• Simplify Encoderdecoder by @pablf in #2998
• Fix Map representation in generated OpenAPI specs by @guizmaii in #3049
• Provide Authentication information via EndpointExecutor (#3019) by @987Nabil in #3026
• Add a batched API to ZClient by @kyri-petrou in #3008
• Improve error handling for collect and ignore methods by @kyri-petrou in #3056
• Optimize ServerInboundHandler#writeResponse by @kyri-petrou in #3057
• Update README.md by @zio-assistant in #3055
• exclude fragments when encoding a url for an http request path by @jgulotta in #2974
• [OpenAPI] case class field being an Option of an ADT are not rendered as nullable by @guizmaii in #3053
• Security audit by @pablf in #3039
• fix OpenAPI doc for Endpoint not rendered by @geeeezmo in #3046
• Configurable EndpointAPI codecs (#2911) by @987Nabil in #3032
• Fix Route with literal path segment makes route with variable path segment unavailable by @narma in #3040
• Remove warning header; Configurable generated error responses (#2955) by @987Nabil in #3050
• Fixed #3058 - added securityRequirementSchema to ignore securitySchem… by @kdelija in #3059
• Use an unbounded queue in AsyncBody#asStream by @kyri-petrou in #3060
• Avoid secondary super type-checking on UnsafeBytes by @kyri-petrou in #3061
• fix User-Agent header parsing by @geeeezmo in #3041
• Update zio to 2.1.9 by @kyri-petrou in #3062
• Added HybridContentLengthHandler by @Ahmadkhan02 in #3003
• Sending to websocket before handshake completed by @guymers in #3028
• [gen] dictionaries with referenced keys extension by @hochgi in #3043
• Add missing methods to set ErrorResponseConfig by @987Nabil in #3072

New Contributors

• @zio-assistant made their first contribution in #2950
• @pawelsadlo made their first contribution in #2996
• @geeeezmo made their first contribution in #3027
• @kdelija made their first contribution in #3059
• @Ahmadkhan02 made their first contribution in #3003

Full Changelog: v3.0.0-RC9...v3.0.0-RC10