v1.5.0 RC2

Hey there, just a small bugfix with minor improvements...

Note

Use ghcr.io/codeshelldev/secured-signal-api:v1.5.0-rc2 to test out the 2nd release candidate of v1.5.0

What's Changed

• added deprecation messages for @authorization
• switched to using basic colors
• fixed the /auth=TOKEN/ not being stripped
• bumped go to v1.25.6
• updated deps
• Authorization header will now be stripped before passing to downstream api
• fixed default auth methods being ignored

Full Changelog: v1.5.0-rc1...v1.5.0-rc2

CodeShell out 👋

v1.4.5 Bugfix

Hello everyone 📣,
this is a small but IMPORTANT bugfix.

What's Changed

• fixed a major bug in token parsing

Full Changelog: v1.4.4...v1.4.5

CodeShell out 👋

v1.5.0 RC1 – Testing is Open

Hey there folks 📣

As 31.01 is approaching we have released a sneak-peek in form of a release candidate v1.5.0-rc1.

Note

To test out this new release candidate you need to use ghcr.io/codeshelldev/secured-signal-api:v1.5.0-rc1 as the image

Important

Found a bug? Oops... please open up an issue to let me know! Thanks ❤️

What's Changed

A ton of new cool features have been added:

• new auth methods: Path and Body Auth
• separate port per Token Config (See docs)
• separate log level per Token Config (See docs)
• Ratelimiting: Prevent spam or DOS on the API (See docs)
• IP filters: Block and allow IPs and CIDR ranges (See docs)
• restrict access by hostname (See docs)
• regex in Field Policies and endpoints
• enable and disable auth methods (See docs)

Documentation

• [v1.5.0] Integration: Home Assistant
• [*] Reverse Proxy: Apache

🚨 Breaking Changes

• /.../?@authorization=API_TOKEN => /.../?@auth=API_TOKEN
• Path and Query auth are disabled by default, enable them in api.auth.methods
• settings.access.endpoints no longer support glob-style patterns, use regex instead

🚧 Deprecation

• token and tokens at root of Token Configs are now deprecated, use api.tokens instead
• auth.token and api.token will be removed in favor of auth.tokens and api.tokens
• overrides at the root of Token Configs are deprecated, use settings instead

PRs

• Automated README update by @github-actions[bot] in #159
• Automated README update by @github-actions[bot] in #161
• Automated README update by @github-actions[bot] in #164
• Automated README update by @github-actions[bot] in #165
• Automated README update by @github-actions[bot] in #166
• Automated README update by @github-actions[bot] in #167
• Automated README update by @github-actions[bot] in #168
• feat: Path Auth by @CodeShellDev in #170
• feat: Body auth by @CodeShellDev in #172
• feat: Port per Token Config by @CodeShellDev in #174
• feat: Log Level per Token by @CodeShellDev in #176
• feat: Rate Limiting by @CodeShellDev in #178
• DEPRECATION: @authorization => @auth by @CodeShellDev in #184
• feat: IP Filtering by @CodeShellDev in #181
• misc: Santa is Dead by @CodeShellDev in #186
• DEPRECATION: .token, .tokens, .overrides by @CodeShellDev in #187
• feat: Hostnames by @CodeShellDev in #188
• feat: Regex in Field Policies by @CodeShellDev in #193
• chore: Improved Logger Performance by @CodeShellDev in #204
• chore: Prevent Caching by @CodeShellDev in #205
• feat: Select allowed Auth Methods by @CodeShellDev in #207
• feat: Regex in Endpoints by @CodeShellDev in #209
• feat: Regex in Endpoints (#2) by @CodeShellDev in #212

Full Changelog: v1.4.4...v1.5.0-rc1

CodeShell out 👋

v1.4.4 Bugfix

Hey ho! 📣
Back again, with a small bugfix, that somehow flew under my radar 🤔...

What's Changed

Fixed #192:

Modified request bodies could not be read after successful writes occured and no Content-Type header was present.
This is due to GetReqBody() relying on Content-Type, to determine wether json or form.

So when using Query-to-Body Injection there would often not be a Content-Type header set, this meant that even tho the query was injected, the next time the body would be read, it would result in a seemingly empty Body struct.

PRs

• fix: Query-to-Body Injection without Content-Type by @CodeShellDev in #192
• Update copyright year in LICENSE file by @CodeShellDev in #154

Full Changelog: v1.4.3...v1.4.4

This is the 2nd release of v1.4.4 since I had forgotten to update the © notice for the LICENSE

CSD out 👋

v1.4.3 Bugfix & Backend

Hi there everyone 📣,
I'm back after, what? Like almost 2 months!?

This release brings a few bugfixes, but mostly includes major backend changes.

What's Changed

• fixed placeholders in endpoints for access rules #140
• updated token configs to share the same struct with the main config
• added new aliases to improve env variables (See new Aliases)

🚨 Deprecation

Since the backend change many token config specific key names were renamed:

• overrides => settings
• tokens => api.tokens

Note

For now we've included temporary aliases, so your config should still be compatible,
but note that these aliases will be removed in the following release.

New Aliases

This release adds a few environment aliases:

• API__TOKENS => API_TOKENS
• API_TOKEN => API_TOKENS
• API__URL => API_URL

These may be used instead of the original environment variables, but dom't have to.

PRs

• Automated README update by @github-actions[bot] in #135
• Enhance bug report template with config section by @CodeShellDev in #148
• migrate: to gotl by @CodeShellDev in #136
• chore: restructure and move by @CodeShellDev in #147
• Automated README update by @github-actions[bot] in #153
• chore/refactor: configs by @CodeShellDev in #150
• fix: template before block by @CodeShellDev in #144
• Thank You! by @CodeShellDev in #155

Full Changelog: v1.4.2...v1.4.3

CodeShell out👋 and happy holidays 🎄

v1.4.2 Bugfix & Improvements

Hello everyone📣,
back again with a small bugfix 🐞 and improvements ⬆️ release.

What's Changed

• can now use dictonaries and arrays for field policies
• improved body serialisation
• restructured logger and improved DevEx
• fixed mutation in VARIABLES

Integrations

• new Gitea integration (See Docs)
• new Authentik integration (See Docs)

PRs

• chore: improve body reading by @CodeShellDev in #123
• chore: restructure logger by @CodeShellDev in #124
• feat: field policies deep equal for nested data by @CodeShellDev in #122
• feat: print body using dev loglevel by @CodeShellDev in #125
• fix: improve body reading by @CodeShellDev in #127
• fix: VARIABLES mutating by @CodeShellDev in #130

Full Changelog: v1.4.1...v1.4.2

CodeShell out👋

v1.4.1 Hotfix

Hello everyone 📣,
Just a quick hotfix, nothing special…

What‘s Changed

• Added glob-like matching for endpoints. (See Docs).
• Fixed pretty old bug with BasicAuth (token wasn‘t being used for token configs)
• Removed /v1/about from blocklist

Breaking Changes

Endpoints are no longer matched by checking if the requested endpoint starts with one of the configured ones,
instead you must use glob-like patterns for more complicated setups. (See Docs)

PRs

• fix: endpoints middleware by @CodeShellDev in #116
• hotfix: added missing return value in endpoints by @CodeShellDev in #118
• fix: set authToken in BasicAuth by @CodeShellDev in #115
• Automated README update by @github-actions[bot] in #119

Full Changelog: v1.4.0...v1.4.1

CodeShell out 👋

v1.4.0 Release

Hey there 📣,

I know it has been a few weeks, but here I am back with another exciting 🤩 Release: v1.4.0

💡 What's Changed

This release brings ONE single feature, an important one might I add: Field Policies

Field Policies help you block certain values from being used with your configs,
this can be useful when you want to allow only one number for a given token and block any request using a different number.

Read more...

And of course some bugfixes.

🚨 Breaking Changes

There have been quite a few naming / config changes, before updating you must update your configs:

Data Alias Rename

dataAliases have been renamed to fieldMappings. (details)

Access

endpoints and Field Policies have been moved into settings.access.

Message

fieldMappings, variables and messageTemplates are now located under settings.message

Endpoint Merge

blockedEndpoints and allowedEndpoints have been merged,
use ! for blocking (remember to quote "" endpoints, details)

📖 Documentation

We also finally have an Official Documentation #86,
where we will be adding Integrations and more detailed instructions.

⚙️ PRs

• chore: update README workflow by @CodeShellDev in #77
• Update docs-deploy.yml by @CodeShellDev in #78
• Update docs-update.yml by @CodeShellDev in #79
• Automated update of README.md by @github-actions[bot] in #82 #83 #84 #85 #88 #93 #100 #113
• chore: cleanup code by @CodeShellDev in #75
• chore: restructure config by @CodeShellDev in #90
• fix: mapping middleware in chain by @CodeShellDev in #92
• feat: field policy by @CodeShellDev in #94
• chore: move config to internals by @CodeShellDev in #102
• chore: added requestkeys module by @CodeShellDev in #101
• fix: normalize field policy by @CodeShellDev in #105
• fix: token configs & field policies by @CodeShellDev in #108
• fix/improve: custom dev loglevel by @CodeShellDev in #107
• feat: pretty print by @CodeShellDev in #109
• fix: pretty print by @CodeShellDev in #110
• fix: change reload func by @CodeShellDev in #111

New Contributors

• @github-actions[bot] made their first contribution in #82

Full Changelog: v1.3.2...v1.4.0

CodeShell out 👋

v1.3.2 Advanced Templating

Greetings everyone, v1.3.2 is here with a hell 🔥 of a Templating Update...

What's Changed

Improved Templating:

• allow for using Headers as Variables with #
• added logic to remove possible collision between Header, Variable and Body Variables
• reworked data templating: now using Recursive Value Templating instead of json string
• fixed issues regarding advanced go templates (See Documentation, issue #61)
• updated regex' due to new changes

PR

• feat: improve templating by @CodeShellDev in #65

Full Changelog: v1.3.1...v1.3.2

Alternate Description: v1.3.2 is here with the end of a Development Nightmare🤣

CodeShell out👋

v1.3.1 Hotfix

Fixed #64

Full Changelog: v1.3.0...v1.3.1