This release introduces a backwards-incompatible change to the HTTP router's middleware semantics, the new behavior resolving a common point of confusion when dealing with authorization middleware. The release also contains many other bug fixes and tweaks.
Before this release, middleware applied with before and after
ran once a route was matched and after a request was processed by a
matched route. This made it impossible to apply authentication
middleware without an extra level of route/delegate, since the
authentication and authorization is handled as part of route matching.
The previous behavior (applying middleware only to a route that has been
matched) is preserved and renamed to before-matched and after-matched.
Therefore, any code can be adapated by replacing calls to before to
use before-matched, and replacing calls to after to after-matched.
The new before and after-applied middleware semantics result in a
route block returning the Cro composition of the before components,
followed by the route handler, followed by the after components - much
as happens when applying middleware at the server level.
Further, all middleware application in a route block will apply to all
routes inside of the block, not just those located textually after it as
was the case before. This is trivially the case for before and after
(there's no other way it could be, given the new semantics), but is also
now the case with before-matched and after-matched
The following changes were made to the Cro::HTTP distribution:
- New middleware semantics, as described above.
- Fix handling of cookies with the
expiresproperty defined instead ofmax-age. - Properly set a
Cro::HTTP::Requestobject to therequestattribute of a HTTP response received withCro::HTTP::Client. Also add arequestmethod to the client exception types as a shortcut for getting the request object that resulted in an error. - Add new
urimethod toCro::HTTP::Requestwhich gives the full request URI. This is especially useful if the HTTP client followed a redirect and one wishes to know exactly what URI was fetched in the end. - Fix an exception in
Cro::HTTP2::FrameParserrelated to data decoding of HTTP/2.0 frame. - Fix a bug that led to lowercasing of cookie values in HTTP/2.0. This in
turn fixes usage of
Cro::HTTP::Session::InMemoryunder HTTP/2.0. - Indicate with an exception situation when HTTP/2.0 client/server sends RST frame of stream that Cro server/client does not know about.
- Fix cookie setting path.
- Make session cookie be always set to
/path, so now Cro session mechanism correctly updates cookie with a new session after the old one expires. - Use the
Authorizationheader name instead ofAuthinCro::HTTP::Auth::WebToken::Bearer. - Fix compliance with the HTTP spec on the host header: now we append
Hostheader when non-standard HTTP port (not 80 nor 443) is used. - Force use of Perl 6.d semantics in the HTTP client, which avoids various ways that it might end up working slowly due to eating too many real threads.
- When a route fails to match with 400 or 401, and another route fails to match with a 405, perfer the 400 or 401 error.
The following changes were made to the Cro::WebSocket distribution:
- Do a
noteof unhandled exceptions in WebSocket handlers, instead of silently losing them.
The following changes were made to the Cro distribution:
- Document new router middleware semantics of
Cro::HTTP::Router. - Make
Cro::Tools::Template::HTTPServiceeasier to inherit by changing$include-websocketspecialised parameter into more generic%optionsone. - Fix indentation-related warning on Cro installation.
- Add a multipart/form-data body handling example on
Cro::HTTP::Routerdocumentation page. - Add document on structuring larger services/apps with Cro.
- Document
requestproperty of HTTP client exception. - Document using
CRO_TRACEwith the HTTP client. - Document
urimethod ofCro::HTTP::Request. - Fix a long-standing issue with instant restart of Cro service right
after its start with
cro run. - Issues with
.cro.ymlfile are now reported to user whencro runis being used, instead of too genericservice cannot be startedmessage. - Consider case when
.cro.ymlfile is created, but its content is not yet written, which could lead to an exception before. - Better document
Cro::WebSocket::Client. - Indicate cause of a service restart to the user to make it easier to discover which files to ignore if getting unwanted restarts.
This release was contributed to by Alexander Kiryuhin and Jonathan Worthington from Edument, together with the following community members: Xliff, lukasvalle, Rod Taylor, Lance Wicks, Nick Logan.
This release contains a number of minor new features (better support for
working with the less commonly used HTTP methods, and an ignore section in
the .cro.yml file). It also contains numerous fixes and tweaks, as well as
some documentation improvements.
The following changes were made to the Cro::Core distribution:
- Allow a trailing
;in media types - Fix media type parse error on many-dot subtype
The following changes were made to the Cro::HTTP distribution:
- Set default ciphers to Moz. Modern Compatibility
- Do not provide a default randomized cookie name for the persistent session
role, and instead give an error if the user does not set
cookie-name. It's useless to keep sessions in a database if the cookie name changes on every application restart, but providing a hardcoded default is a platform fingerprinting risk. Making the user specify a cookie name is thus a better way forward. - Fix WWWUrlEncode body parser applicability test to use
Cro::MediaTypeand so check more robustly (it used to do a string match on the header, and so would get confused by acharsetparameter). - Fix
staticmime type handling on serving index files - Use
original-targetinCro::HTTP::Log::File, so that delegated routes will produce the full request target in the logs - Provide
allowed-methodsonCro::HTTP::Serverin order to set the HTTP methods that will be accepted Cro::HTTP::Routernow exports ahttpsub, providing a more convenient way to write routes for some of the less widely used HTTP methods (or for implementing protocols based on HTTP)
The following changes were made to the Cro::WebSocket distribution:
- Don't force the
caargument to be passed in order to usewss://inCro::WebSocket::Client - Force HTTP/1.1 use in
Cro::WebSocket::Client(connecting to a secure endpoint hosted by a server supporting HTTP/2.0 could upgrade and then find itself unable to speak the WebSocket protocol, which is tied to HTTP/1.1) - Fix various issues with URI handling in
Cro::WebSocket::Client - Provide more detailed trace output for WebSocket frames and messages
The following changes were made to the Cro distribution:
- Remove
bin/crofrom theprovidessection ofMETA6.json - Implement support for the
envsection in the.cro.ymlfile, so that additional environment variables can be provided at development time - Implement an
ignoresection in the.cro.ymlfile to ignore certain paths from being watched to decide to make a service restart - Fix dependencies of a generated ZeroMQ project
- Clarify deployment documentation
- Document new
ignoresupport in.cro.yml - Document
allowed-methodsHTTP server option - Document new
httpsub for custom request methods in router - Text tweaks to HTTP client introduction text
- Document custom HTTP methods in the client
- Add a code example of .body in HTTP client docs
- Various typo fixes in the documentation
This release was contributed to by Alexander Kiryuhin and Jonathan Worthington from Edument, together with the following community members: cono, FCO, Fritz Zaucker, Lance Wicks, Moritz Lenz, Nick Logan.
This release brings two major new features:
- The
Cro::OpenAPI::RoutesFromDefinitionmodule, which supports implementing services specified using an OpenAPI v3 document without needing to repeat the routes, validation, and so forth from the document. This work was funded by Nick Logan (ugexe). Three modules for wider Perl 6 use were produced and released as part of this work:JSON::Pointer,OpenAPI::Model, andOpenAPI::Schema::Validate. - The
Cro::HTTP::Testmodule, which offers a convenient way to write tests for HTTP services. It is, of course, primarily aimed at those services built using Cro, but may also be provided with a URI as the test target rather than a Cro application, and thus can be used to write tests for any HTTP service. This work was funded by Oetiker+Partner.
The following changes were made to the Cro::Core distribution:
- Add
parse-relativeandparse-reftoCro::Uri, which parse a relative URI and a URI reference (either relative or absolute URI) respectively - Provide an
addmethod toCro::Uri, which implements relative URI reference resolution - When a
Cro::Uriis constructed with an authority component but no host, parse the authority component - The
Strmethod onCro::Urinow assembles the string from the URI components, rather than depending on retaining the original URI
The following changes were made to the Cro::HTTP distribution:
- Use the new
Cro::Uri.add(...)method to implement thebase-urifeature ofCro::HTTP::Client, making it vastly more correct - Make it possible to replace the
Cro::HTTP::Clientconnector pipeline component when subclassing the client - Make
:@queryparameters inCro::HTTP::Routerreflect the original query string order
The following changes were made to the Cro::WebSocket distribution:
- Make matching of the
Upgradeheader's value case-insensitive, so as to permit theWebSocketsome servers send instead ofwebsocket.
The following changes were made to the Cro distribution:
- Add documentation for
Cro::HTTP::Test - Add documentation for
Cro::OpenAPI::RoutesFromDefinition - Document new features for
Cro::Uri, as well as others that existed, but were missing from the documentation
This release was contributed to by Alexander Kiryuhin and Jonathan Worthington from Edument. We would like to thank Nick Logan (ugexe) and Oetiker+Partner for supporting the key new features found in this release.
This release brings a number of new features, along with some bug fixes. The
Cro team now provides Docker base images
for aiding deployment of Cro services. The cro stub command also generates a
Dockerfile that uses these base images, meaning stubbed services can be
built into a container without any further work.
The following changes were made to the Cro::Core distribution:
- Add relative URL parsing support to
Cro::Uri - Add
Cro::Iri, a class for parsing and working with Internationalized Resource Identifiers
The following changes were made to the Cro::HTTP distribution:
- Make the
staticrouter function accept anIO::Pathas the first (base directory) argument - Make the
staticrouter function slurp up the rest of its positional arguments and use them as the path below the base; previously, it took an optional array - Make the
staticrouter function support an:indexes[...]option, which configures files that should be served as a directory index - Switch to using the
DateTime::Parsemodule instead of having our own such parser - Make
Cro::HTTP::Router::RouteSetmore subclass-friendly, by making a number of attributes public and exposing theHandlerbase role - Implement
cookiesoption toCro::HTTP::Client, for setting cookies to be sent with the request - Make
Cro::HTTP::Clientmore tolerant of an SSL library with no ALPN support under default usage
The following changes were made to the Cro::WebSocket distribution:
- Make
Upgradeheader matching case-insensitive
The following changes were made to the cro distribution:
- Generate a
Dockerfilein HTTP projects produced bycro stub - Provide Docker deployment documentation
- Follow changes in Webpack 4.0 in the SPA tutorial
- Make
cro serveserve some common directory index files - Document new
staticfeatures - Correct session example in documentation to do
Cro::HTTP::Auth - Fix
watch-dirtest on OSX - Don't remove digits in environment variable names when mangling the service
ID in
cro stub - Write a
.gitignorefile as part ofcro stub - Be a bit more liberal with runner test timeout, for slower systems
This release was contributed to by Alexander Kiryuhin and Jonathan Worthington from Edument, together with the following community members: Geoffrey Broadwell, Itsuki Toyota, Nick Logan, scriplit, Tobias Leich.
This release brings a range of new features, fixes, and improvements. The key
new features include support for HTTP/2.0 push promises (both server side and
client side), HTTP session support (which makes authentication/authorization
far easier to handle), body parser/serialization support in WebSockets, and
a UI for manipulating inter-service links in cro web.
Body parsing has been refactored with this release, the Cro::HTTP::BodyParser
and Cro::HTTP::BodySerializer roles (and their related selector roles) now
living in Cro::Core (as Cro::BodyParser and so forth). Further, various
body-related infrastructure is in the new Cro::MessageWithBody role, which
is used in both the HTTP and WebSocket message objects. This is the only
intended backward-incompatible change in this release, and will only impact
those who have written custom body parsers and serializers. Thankfully, the
changes should be no more than simply deleting ::HTTP from the role names.
A more detailed summary of the changes follows.
The following changes were made to the Cro::Core distribution:
- Lower default limit of binary blob trace output to 512 bytes
- Add
Cro::BodyParser,Cro::BodyParserSelector,Cro::BodySerializer, andCro::BodySerializerSelectorroles, based on those previously in theCro::HTTPdistribution - Add
Cro::MessageWithBodyrole to factor out the commonalities of body handling between HTTP and WebSockets (and, in the future, ZeroMQ)
The following changes were made to the Cro::HTTP distribution:
- Add
authattribute toCro::HTTP::Request, which can be used to carry an "authority" object (session, authorization, etc.) - Support getting a request's
authinto an initial route argument in the router - Implement
Cro::HTTP::Session::InMemorymiddleware, for in-memory sessions - Provide a base role (
Cro::HTTP::Session::Persistent) for implementing persistent sessions - Implement
Cro::HTTP::Auth::Basicmiddleware - Implement JWT (JSON Web Token) authorization middleware
- Implement support for HTTP/2.0 push promises, both client and server side
- Correctly configure HTTPS for the HTTP/2.0 security profile when HTTP/2.0
is being used (improvements were contributed to the
IO::Socket::Async::SSLmodule also) - Various fixes to HTTP/2.0 header handling (fixes were contributed to the
HTTP::HPACKmodule also) - Correctly handle an empty HTTP/2.0 settings frame
- Refactor to use the body parser and serializer infrastructure now in the
Cro::Coredistribution, and removeCro::HTTP::BodyParser,Cro::HTTP::BodySerializer, and related roles
The following changes were made to the Cro::WebSocket distribution:
- Refactor to support body parsers and serializers, both client and server side
- Add JSON body parser and serializer for WebSockets
- Add
:jsonoption toweb-socketrouter plug-in andCro::WebSocket::Clientas a shortcut to use the JSON body parser and serializer - Fix a data race between the frame and message parser due to failing to create fresh frame objects
- Run WebSocket message handlers asynchronously, to avoid blocking on
awaitof a fragmented message body - Address an unreliable test
The following changes were made to the cro distribution:
- Refactor HTTP application templates for easier extensibility
- Add a
cro stubtemplate for React/Redux Single Page Applications - Implement adding and editing inter-service links in the
cro webUI - Workaround for a concurrency bug in YAML parsing, which caused tests (and,
less often,
cro run) to occasionally fail - Numerous documentation updates to cover the changes in this release
This release was contributed to by Alexander Kiryuhin and Jonathan Worthington
from Edument. The cro stub changes
(including the React/Redux stub) are thanks to Geoffrey Broadwell.
This release brings a number of new features making it easier to create and
consume HTTP middleware, as well as support for middleware at a route block
level. In tooling, the cro web tool now supports adding inter-service links
when stubbing, and there are improvements for those writing templates
for use with cro stub. Read on for details of the full set of improvements.
The following changes were made to the Cro::Core distribution:
- Factor out trace output repeated code
- Avoid trace output throwing exceptions on Windows
The following changes were made to the Cro::HTTP distribution:
- Add
Cro::HTTP::Middlewaremodule, with a range of roles to simplify the implementation of middleware. These includeConditional(for request middleware that may wish to send an early response) andRequestResponse(for middleware interested in both requests and responses). - Support
beforeandafterinrouteblocks taking a block argument for writing simple inline middleware, together with support forbeforemiddleware to itself produce a response - Pass named arguments to the
/route inCro::HTTP::Router - Fix
Cro::HTTP::Clienthandling of thehttp-onlyflag on cookies - Add the
PATCHHTTP method to the default set of those accepted by the request parser, add apatchmethod toCro::HTTP::Client, and apatchfunction toCro::HTTP::Router
The following changes were made to the cro distribution:
- Support creation of inter-service links when stubbing a service in the Cro web tool
- Allow F5 to work in the Cro web tool even after navigating to other pages
- Introduce the
Cro::Tools::Template::Commonrole to factor out many common tasks between stub templates, and use it - Make existing templates more possible to subclass, to ease adding further stubbing templates
- Fix HTTPS service stub generation
- Document new
Cro::HTTPmiddleware features - Document client and router support for the HTTP
PATCHmethod - A range of typo and layout fixes across the documentation
This release was contributed to by Alexander Kiryuhin and Jonathan Worthington from Edument, together with the following community members: dakkar, Geoffrey Broadwell, James Raspass, Michal Jurosz, Timo Paulssen, vendethiel.
This is the second public BETA release of Cro, and the first to be distributed on CPAN. While this doesn't change how you will install Cro, it does provide the safety of installing a version we've vetted rather than the latest development commits. This release contains numerous improvements, including new features, bug fixes, and better documentation.
The following changes were made to the Cro::Core distribution:
- Improve message tracing API and output, showing hex dump style output for binary data
- Provide a mode for machine-readable trace output
- Always flush handle after producing trace output
- Add a workaround for a
CLOSEphaser bug
The Cro::SSL distribution is deprecated in favor of Cro::TLS. In
Cro::TLS, the following changes were made:
- Eliminate a workaround for an older
IO::Socket::Async::SSLbug - The tests no longer assume the availability of an OpenSSL version with ALPN
- Add a workaround for a
CLOSEphaser bug
Furthermore, the Cro team contributed bug fixes to IO::Socket::Async::SSL.
The following changes were made to the Cro::HTTP distribution:
Cro::HTTP::Router- Reply with 204 instead of dying when no status is set
- Implement
include - Implement
delegate, with HTTP requests now carrying both theoriginal-targetand having a relativetarget - Properly handle
%sequences in URL segments in HTTP router - Partial implementation of per-
route-block middleware (beforeandafter)
Cro::HTTP::Client- Fix an HTTP/1.1 vs HTTP/2.0 detection bug
- Remove unused attributes in HTTP client internals
- Fix client to pass on the query string in the target URI
- Implement
base-uriconstructor argument, which will be prepended to all requests made with that client instance - Various fixes to HTTPS requests
- Fix hang in HTTP client on unexpected connection close
- HTTP/2.0 support fixes and improvements
- Answer HTTP/2.0 pings
- Don't try to negotiate HTTP/2.0 if ALPN is unavailable
- Don't run HTTP/2.0 tests without ALPN
- Don't rely on new HTTP/2.0 streams opening in order
- Fix a couple of occasional hangs in the HTTP/2.0 client
- Implement window size handling in HTTP/2.0
- General
- Correct misspelled body serializer class names
- Implement new
trace-outputAPI for better trace output - Fix missing
JSON::Fastdependency - Use
Cro::TLSinstead ofCro::SSL - Make urlencoded and multipart bodies associative, so they can be hash-indexed
- Avoid port conflicts in parallel test runs
The following changes were made to the cro distribution:
crotool- Add
cro web, which launches a web frontend that can perform most of the tasks that the command line interface can - Implemented tools for working with inter-service links, including link
templates and the new
cro linksub-command - Make
cro runinject environment variables with host/port for linked services - Implement
cro servicescommand to inspect known services - Output service STDOUT on runner's STDOUT, not STDERR
- Layout tweaks to trace output
- Correct HTTP service stub's
.cro.ymlgeneration - Default to "no" for HTTPS in HTTP service stub
- Disarm any Failure found in template locator, avoiding a lot of noise
- Add
- Documentation improvements
- Add a getting started page
- Add a tutorial showing how to build a single page application using Cro and React/Redux
- Clarify parser/serializer passing
- Document new
include,delegate,before, andafterfunctions in the HTTP router - Fix
createdexample - Add example of body byte stream use in HTTP client
- Clear up some confusions in cro-tool docs
- Correct method name in example for
header-list - Try to organize the docs in the index a bit better
- Fix many typos and various formatting errors
- Other
- Harden tests against potential hangs
This release was contributed to by Alexander Kiryuhin and Jonathan Worthington from Edument, together with the following community members: Alexander Hartmaier, Alex Chen, Curt Tilmes, Kai Carver, Karl Rune Nilsen, MasterDuke17, Nick Logan, Salve J. Nilsen, Simon Proctor, Steve Mynott, and Tom Browder.
This was the first public BETA release of Cro.