v0.14.0

@testinfected testinfected released this Feb 28, 2018 · 6 commits to master since this release

Added

  • The ability to load mustache view templates from the classpath, in situations where they're bundled in a jar. (#72)
  • An additional clause to route definitions for routing requests based on the HTTP Accept header. (#70)
  • A way to do simple static routing based on HTTP verbs using Predicates.
    A set of basic predicates is provided out-of-the-box. (#70)

Changed

  • Drop Matcher interface in favor of Java 8 Predicate. (#69)
  • As a consequence to introduction of static routing, DynamicRoutes has been renamed to Routes. (#70)

Fixed

  • An error occurring when compressing responses without a content type. (#71)

v0.13.0 - Application as a Function

@testinfected testinfected released this Sep 30, 2017 · 38 commits to master since this release

This version introduces a major breaking change in the API. It implements a more functional
programming style.

Added

  • Simplified request URI handling with a new Uri class to manipulate and deconstruct URIs.
    It is immutable and replaces individual URI components in Request. (#67)

Changed

  • Application are now simple functions of Request -> Response. Middlewares become simple functions of
    Application -> Application. (#64)
  • Request uri is now the full URI, reconstructed from server host and port. (#67)
  • HttpStatus is now a class rather than an enum, which means custom HTTP statuses are supported. (#66)

v0.12.0

@testinfected testinfected released this Sep 22, 2017 · 109 commits to master since this release

Added

  • A middleware to force SSL connections. It does permanent redirects and adds the HSTS header (#36)

Changed

  • Session cookies are now encrypted using SHA256 instead of SHA1 by default (#60)
  • Session cookies are now encoded in RFC4648 base64 (#61)

Fixed

  • URL Map middleware was failing to dispatch to root mount. /foo is now matched if mounted to / (#62)

v0.11.0 - The Undertow Edition

@testinfected testinfected released this Nov 18, 2016 · 124 commits to master since this release

Added

  • A basic authentication middleware with pluggable authentication providers. (#28)
  • A server adapter for powering Molecule with Undertow. Undertow is fast! (#53)
  • The possibility to check for the presence of a given request parameter.
    This avoids checks against null for boolean parameters. See Request#hasParameter. (#49)
  • The request query string. See Request#query. (#54)
  • The server host name and the request host name, the latter taken from the HOST header.
    See Request#serverHost and Request#hostname. (#55)
  • The server port and the request port, the latter taken from the HOST header.
    See Request#serverPort and Request#port. (#56)
  • The request scheme. See Request#scheme. (#58)
  • The reconstructed request URL. See Request#url. (#57)

Changed

  • The testing package, which contains helpers for testing applications built with Molecule, is now included in the main jar.
    The test jar is no longer distributed. (#51)
  • Request input streams are now closed automatically at the end of the request cycle. This includes file uploads. (#52)

Fixed

  • The test HTTP client no longer loses the Content-Type header when creating a fresh request from
    a prototype request. (#50)
  • ETag middleware now properly closes original body after computing ETag.

v0.10

@testinfected testinfected released this Jun 29, 2016 · 199 commits to master since this release

Added

  • Add a cookie session storage mechanism, as an alternative to the in-memory session pool.
    Sessions stored on the client include a secure digest of the content to prevent against session forgery. (#4)
  • Cookie session storage supports secret key rotation. (#48)
  • Add an hex decoder that decodes hexadecimal representations to their bytes form.
    HexEncoder does encoding and decoding to/from hex representations. (#47)
  • Add a flash hash as a way of passing messages through redirection.
    Anything in the flash is exposed to the very next request and then cleared out. (#44)
  • Session pool can now renew a session id whenever the session changes.
    This helps prevent from session fixation attacks. (#41)

Changed

  • SessionIdentifierPolicy now receives the session data to support more complex use cases of session id generation

Fixed

  • ConditionalGet middleware no longer throws an exception when Modified-Since header has unsupported format

v0.9.1

@testinfected testinfected released this Jun 29, 2016 · 224 commits to master since this release

Added

  • It is now possible to replace the session bound to the request by a fresh new session to avoid session fixation attacks. (#43)
  • Session pool now sweeps sessions that have exceeded the maximum lifetime. The maximum lifetime is configurable. (#42)
    This helps prevent sessions from being maintained and kept alive forever.
  • Session pool can now renew a session id whenever the session changes. This helps prevent from session fixation attacks. (#41)
  • Session pool now sweeps stale sessions.
    Sessions are considered stale when they have been inactive for longer than the configurable idle timeout. (#40)
  • It is now possible to boot the application with a warm-up sequence
  • Add an URLMap middleware for dispatching requests to different apps based on the request URI. (#38)
  • Add support for logging in Apache Combine Format to logger middleware (@ensonik in #37)

Changed

  • Write multiple cookie values as distinct Set-Cookie headers instead of single one - as per rfc6265 recommendation. (@gbranchaudrubenovitch in #46)
  • Session keys are automatically converted to their string representations
  • Default session cookie name is now molecule.session

Removed

  • PlainErrorReporter is no longer provided - you have to write your own reporters

Fixed

  • MiddlewareStack no longer mixes up middlewares and mount points when several mount points are defined
  • ApacheLoggers will now correctly log request parameters as they were received, in case they are modified down the middleware chain

v0.9

@testinfected testinfected released this Jun 29, 2016 · 274 commits to master since this release

Added

  • It is now possible to serve content asynchronously in a separate thread to the original servicing thread. (#35)
  • Filters can now be set using custom RequestMatchers

Fixed

  • ApacheCommonLogger now correctly logs request parameters as they were received, in case they are modified down the middleware chain