v1.5.1 Misc

Well hello, long time no see 📣
Back again, this time with a small misc update, just some things that I thought could be improved.

What's Changed

• Message Templates are no longer applied on every request and instead are only triggered on /v2/send with method=POST,
  this only affects templates rendering with settings.message.template
• /v1/about now includes...
  
  

  {
      "versions": ["v1", "v2"], 
      "build": 2, 
      "mode": "normal", 
      "version": "0.97", 
      "capabilities": { "v2/send": ["quotes", "mentions"] },
      "secured-signal-api": {
         "version": "1.5.1",
         "auth_required": true
      }
  }

  • auth_required field is set depending on wether any API tokens were set.
  • version is gathered from a built-time env variable (IMAGE_TAG), it is stripped of any leading v,
    but may include additional -rc1

Full Changelog: v1.5.0...v1.5.1

As always,
CodeShell out👋

v1.5.0

Hello, hello 📣
Today is the 31st of January and with that my due date for v1.5.0 has finally hit 🎉.
So without further talking: Welcome to v1.5.0, let me show you around... 🌍️

What's Changed

A ton of new cool features 😎 have been added:

• new auth methods: Path and Body Auth
• separate port per Token Config (isolated realms, see docs)
• separate log level per Token Config (see docs)
• Ratelimiting: Prevent spam or DOS on the API (see docs)
• IP filters: Block and allow IPs and CIDR ranges (see docs)
• restrict access by hostname (isolated realms, see docs)
• regex in Field Policies and endpoints
• enable and disable auth methods (see docs)
• URL-to-Body Injection: inject params into the request body using Query and Path (see docs)

Doesn't seem like much, but a lot of backend changes were needed

Documentation

• [v1.5.0] Integration: Home Assistant
• [*] Reverse Proxy: Apache

🚨 Breaking Changes

• /.../?@authorization=API_TOKEN => /.../?@auth=API_TOKEN
• Path and Query auth are disabled by default, enable them in api.auth.methods
• settings.access.endpoints no longer support glob-style patterns, use regex instead
• Field Policies are now arrays, update your configs to change them to arrays

🚧 Deprecation

• token and tokens at root of Token Configs are now deprecated, use api.tokens instead
• auth.token and api.token will be removed in favor of auth.tokens and api.tokens
• overrides at the root of Token Configs are deprecated, use settings instead

PRs

• Automated README updates by @github-actions[bot] in #159, #161, #164
• feat: Path Auth by @CodeShellDev in #170
• feat: Body auth by @CodeShellDev in #172
• feat: Port per Token Config by @CodeShellDev in #174
• feat: Log Level per Token by @CodeShellDev in #176
• feat: Rate Limiting by @CodeShellDev in #178
• DEPRECATION: @authorization => @auth by @CodeShellDev in #184
• feat: IP Filtering by @CodeShellDev in #181
• misc: Santa is Dead by @CodeShellDev in #186
• DEPRECATION: .token, .tokens, .overrides by @CodeShellDev in #187
• feat: Hostnames by @CodeShellDev in #188
• feat: Regex in Field Policies by @CodeShellDev in #193
• chore: Improved Logger Performance by @CodeShellDev in #204
• chore: Prevent Caching by @CodeShellDev in #205
• feat: Select allowed Auth Methods by @CodeShellDev in #207
• feat: Regex in Endpoints by @CodeShellDev in #209
• feat: Regex in Endpoints (#2) by @CodeShellDev in #212
• feat: improve trusted proxy by @CodeShellDev in #223

Full Changelog: v1.4.4...v1.5.0

CodeShell out 👋

v1.5.0 RC5 – Quick Test before Release

Hey ho,
quick release candidate number 5.

Note

We are so close to releasing it for real, so I don't know why you'd want to test this rc out,
but here ya go: secured-signal-api:v1.5.0-rc5

PRs

• feat: URL to Body Injection by @CodeShellDev in #224

Full Changelog: v1.5.0-rc4...v1.5.0-rc5

CSD out :)

v1.5.0 RC4

Heyo! 📣
4th release candidate is here, with a small bugfix...

Note

Use this rc by setting image: ghcr.io/codeshelldev/secured-signal-api:v1.5.0-rc4

What's Changed

• 1.2.3.4/24 is no longer converted into 1.2.3.4/32, it is expected that the user meant to use 1.2.3.0/24 instead of a single IP

PR's

• feat: improve trusted proxy by @CodeShellDev in #223

Full Changelog: v1.5.0-rc3...v1.5.0-rc4

CSD out👋

v1.5.0 RC3

Yyyellow everyone,
I've go another quick release candidate for ya: v1.5.0-rc3.

What's Changed

• fixed unnecessary creation of sublogger for config.yml
• fixed port middleware stopping middleware chain due to not serving next middleware,
  when all checks pass
• includes bugfix from v1.4.5

Full Changelog: v1.5.0-rc2...v1.5.0-rc3

CodeShell out👋

v1.5.0 RC2

Hey there, just a small bugfix with minor improvements...

Note

Use ghcr.io/codeshelldev/secured-signal-api:v1.5.0-rc2 to test out the 2nd release candidate of v1.5.0

What's Changed

• added deprecation messages for @authorization
• switched to using basic colors
• fixed the /auth=TOKEN/ not being stripped
• bumped go to v1.25.6
• updated deps
• Authorization header will now be stripped before passing to downstream api
• fixed default auth methods being ignored

Full Changelog: v1.5.0-rc1...v1.5.0-rc2

CodeShell out 👋

v1.4.5 Bugfix

Hello everyone 📣,
this is a small but IMPORTANT bugfix.

What's Changed

• fixed a major bug in token parsing

Full Changelog: v1.4.4...v1.4.5

CodeShell out 👋

v1.5.0 RC1 – Testing is Open

Hey there folks 📣

As 31.01 is approaching we have released a sneak-peek in form of a release candidate v1.5.0-rc1.

Note

To test out this new release candidate you need to use ghcr.io/codeshelldev/secured-signal-api:v1.5.0-rc1 as the image

Important

Found a bug? Oops... please open up an issue to let me know! Thanks ❤️

What's Changed

A ton of new cool features have been added:

• new auth methods: Path and Body Auth
• separate port per Token Config (See docs)
• separate log level per Token Config (See docs)
• Ratelimiting: Prevent spam or DOS on the API (See docs)
• IP filters: Block and allow IPs and CIDR ranges (See docs)
• restrict access by hostname (See docs)
• regex in Field Policies and endpoints
• enable and disable auth methods (See docs)

Documentation

• [v1.5.0] Integration: Home Assistant
• [*] Reverse Proxy: Apache

🚨 Breaking Changes

• /.../?@authorization=API_TOKEN => /.../?@auth=API_TOKEN
• Path and Query auth are disabled by default, enable them in api.auth.methods
• settings.access.endpoints no longer support glob-style patterns, use regex instead

🚧 Deprecation

• token and tokens at root of Token Configs are now deprecated, use api.tokens instead
• auth.token and api.token will be removed in favor of auth.tokens and api.tokens
• overrides at the root of Token Configs are deprecated, use settings instead

PRs

• Automated README update by @github-actions[bot] in #159
• Automated README update by @github-actions[bot] in #161
• Automated README update by @github-actions[bot] in #164
• Automated README update by @github-actions[bot] in #165
• Automated README update by @github-actions[bot] in #166
• Automated README update by @github-actions[bot] in #167
• Automated README update by @github-actions[bot] in #168
• feat: Path Auth by @CodeShellDev in #170
• feat: Body auth by @CodeShellDev in #172
• feat: Port per Token Config by @CodeShellDev in #174
• feat: Log Level per Token by @CodeShellDev in #176
• feat: Rate Limiting by @CodeShellDev in #178
• DEPRECATION: @authorization => @auth by @CodeShellDev in #184
• feat: IP Filtering by @CodeShellDev in #181
• misc: Santa is Dead by @CodeShellDev in #186
• DEPRECATION: .token, .tokens, .overrides by @CodeShellDev in #187
• feat: Hostnames by @CodeShellDev in #188
• feat: Regex in Field Policies by @CodeShellDev in #193
• chore: Improved Logger Performance by @CodeShellDev in #204
• chore: Prevent Caching by @CodeShellDev in #205
• feat: Select allowed Auth Methods by @CodeShellDev in #207
• feat: Regex in Endpoints by @CodeShellDev in #209
• feat: Regex in Endpoints (#2) by @CodeShellDev in #212

Full Changelog: v1.4.4...v1.5.0-rc1

CodeShell out 👋

v1.4.4 Bugfix

Hey ho! 📣
Back again, with a small bugfix, that somehow flew under my radar 🤔...

What's Changed

Fixed #192:

Modified request bodies could not be read after successful writes occured and no Content-Type header was present.
This is due to GetReqBody() relying on Content-Type, to determine wether json or form.

So when using Query-to-Body Injection there would often not be a Content-Type header set, this meant that even tho the query was injected, the next time the body would be read, it would result in a seemingly empty Body struct.

PRs

• fix: Query-to-Body Injection without Content-Type by @CodeShellDev in #192
• Update copyright year in LICENSE file by @CodeShellDev in #154

Full Changelog: v1.4.3...v1.4.4

This is the 2nd release of v1.4.4 since I had forgotten to update the © notice for the LICENSE

CSD out 👋

v1.4.3 Bugfix & Backend

Hi there everyone 📣,
I'm back after, what? Like almost 2 months!?

This release brings a few bugfixes, but mostly includes major backend changes.

What's Changed

• fixed placeholders in endpoints for access rules #140
• updated token configs to share the same struct with the main config
• added new aliases to improve env variables (See new Aliases)

🚨 Deprecation

Since the backend change many token config specific key names were renamed:

• overrides => settings
• tokens => api.tokens

Note

For now we've included temporary aliases, so your config should still be compatible,
but note that these aliases will be removed in the following release.

New Aliases

This release adds a few environment aliases:

• API__TOKENS => API_TOKENS
• API_TOKEN => API_TOKENS
• API__URL => API_URL

These may be used instead of the original environment variables, but dom't have to.

PRs

• Automated README update by @github-actions[bot] in #135
• Enhance bug report template with config section by @CodeShellDev in #148
• migrate: to gotl by @CodeShellDev in #136
• chore: restructure and move by @CodeShellDev in #147
• Automated README update by @github-actions[bot] in #153
• chore/refactor: configs by @CodeShellDev in #150
• fix: template before block by @CodeShellDev in #144
• Thank You! by @CodeShellDev in #155

Full Changelog: v1.4.2...v1.4.3

CodeShell out👋 and happy holidays 🎄