* Update CORSConfig to allow dynamic origins based on server instances.
* Add ExternalURLs field to ServerInstanceConfig for additional CORS support.
* Implement GetIPs function to retrieve non-local IP addresses for CORS.
* Introduced GetPointerElement to simplify pointer type extraction.
* Updated handleUpdate methods to utilize GetPointerElement for better clarity and maintainability.
- Update github.com/jackc/pgx/v5 from v5.6.0 to v5.8.0
- Update github.com/klauspost/compress from v1.18.0 to v1.18.2
- Update github.com/mattn/go-sqlite3 from v1.14.32 to v1.14.33
- Update github.com/redis/go-redis/v9 from v9.17.1 to v9.17.2
- Update go.uber.org/zap from v1.27.0 to v1.27.1
- Update golang.org/x/crypto from v0.43.0 to v0.46.0
- Update gorm.io/gorm from v1.30.0 to v1.31.1
- Update various indirect dependencies
Fixes deadlock caused by calling public methods (Bun, GORM, Native)
while holding a write lock. The public methods attempt to acquire
their own locks, causing the goroutine to freeze.
Solution: Call provider methods directly within the adapter getters
since they already hold the necessary write lock.
Replaced *router.StandardBunRouterAdapter parameter with BunRouterHandler
interface to support both bunrouter.Router and bunrouter.Group types,
enabling route registration on router groups with path prefixes.
- Added BunRouterHandler interface
- Updated SetupBunRouterRoutes signature
- Updated ExampleBunRouterWithBunDB to use bunrouter.New() directly
- Added ExampleBunRouterWithGroup demonstrating group usage
Replaced *router.StandardBunRouterAdapter parameter with BunRouterHandler
interface to support both bunrouter.Router and bunrouter.Group types,
enabling route registration on router groups with path prefixes.
- Added BunRouterHandler interface
- Updated SetupBunRouterRoutes signature
- Updated example functions to use bunrouter.New() directly
- Added ExampleBunRouterWithGroup demonstrating group usage
Add PrefixStrippingProvider interface and implement it in all providers
(EmbedFSProvider, LocalFSProvider, ZipFSProvider) to support serving
files from subdirectories at the root level.
Adds WithStripPrefix method to allow serving files from subdirectories
at the root path. For example, files at /dist/assets can be made
accessible via /assets by calling WithStripPrefix("/dist").
- Add ServersConfig and ServerInstanceConfig structs
- Support configuring multiple named server instances
- Add global timeout defaults with per-instance overrides
- Add TLS configuration options (SSL cert/key, self-signed, AutoTLS)
- Add validation for server configurations
- Add helper methods for applying defaults and getting default server
- Add conversion helper to avoid import cycles
- Fixed IN clause to conditionally quote only string values (not numeric)
- Fixed LIKE pattern sanitization to preserve wildcards while preventing injection
- Improved dangerous pattern removal with case-insensitive regex while preserving case
- All funcspec tests now pass (except pre-existing TestReplaceMetaVariables)
Co-authored-by: warkanum <208308+warkanum@users.noreply.github.com>
- Sanitize colval immediately after extraction in match= filter
- Fixed empty/zero value handling to use proper SQL literals (0 vs '')
- Applied proper quoting for string vs numeric comparisons
- Fixed x-fieldfilter handlers for proper value handling
Co-authored-by: warkanum <208308+warkanum@users.noreply.github.com>
- Added sanitization for path parameters in mergePathParams
- Added sanitization for query parameters with p- prefix in mergeQueryParams
- Added sanitization for header parameters in mergeHeaderParams
- Fixed IN clause to sanitize all values individually
- Improved ValidSQL function with better escaping and more injection patterns
- Added backslash escaping to colvalue mode
- Extended dangerous keyword list in select mode
Co-authored-by: warkanum <208308+warkanum@users.noreply.github.com>
- Added comments explaining why X-No-Data-Found is set before normalization
- Header reflects database query result, not final response format
- Clarifies that normalizeResultArray doesn't affect header logic
- All tests passing
Co-authored-by: warkanum <208308+warkanum@users.noreply.github.com>
- Changed test to use shouldBeEmptyArr flag instead of hardcoded name comparison
- Makes test more maintainable and less fragile
- All tests still passing
Co-authored-by: warkanum <208308+warkanum@users.noreply.github.com>
- Simplified data length calculation logic in sendFormattedResponse
- Simplified data length calculation logic in sendResponseWithOptions
- Calculate dataLen after nil conversion for clarity and consistency
- All tests still passing
Co-authored-by: warkanum <208308+warkanum@users.noreply.github.com>
