Release v1.54.3

🚀 Enhancements

🔹 Migration Locking for SQL & Redis

GoFr now implements automatic migration locking for SQL and Redis datasources.

• Automatic Coordination: In multi-instance deployments (such as Kubernetes), instances effectively coordinate to ensure only one instance executes migrations at a time.
• Data Integrity: This mechanism effectively prevents race conditions and corrupted migration states during parallel deployments.

🛠️ Fixes

• Circuit Breaker Concurrency - Resolved an issue where the Circuit Breaker was erroneously enforcing sequential execution on parallel HTTP requests. This fix restores the expected concurrent behavior, significantly improving throughput for service calls.

• Datasource Resource Management - Fixed goroutine leaks that occurred during the shutdown process for SQL and Redis datasources. This ensures proper resource cleanup and cleaner application termination.

• Migration Version Consistency - Fixed a bug where the last migration version was not being correctly fetched across the entire chain of datasources. This ensures accurate migration state tracking, particularly in multi-datasource configurations.

Release v1.54.2

🚀 Enhancement

🔹 Smart HTTP Server Activation

GoFr now intelligently manages its internal server lifecycle, conditionally booting the HTTP stack only when relevant components are registered.

• Resource Efficiency: Drastically reduces memory and CPU overhead for gRPC-only services or background workers by keeping dormant server components inactive.
• Automated Discovery: Dynamically identifies the need for an HTTP server based on registered routes, static files, or custom handlers.
• Streamlined Footprint: Prevents unnecessary port occupancy and improves application startup time for specialized services.

🛠️ Fixes

• Panic Prevention in DB Metrics: Added essential nil checks in the database operations logic to prevent potential panics during telemetry collection.

• Migration Version Chaining: Fixed the chaining logic for fetching the last migration version to ensure consistency across complex deployments using multiple datasources.

• Docker Compose Port Mappings: Resolved incorrect port assignments for Redis and MySQL in the http-server example, streamlining the local development environment.

Release v1.54.1

🚀 Features

🔹 gRPC Authentication Middleware

Introduced comprehensive authentication support for gRPC services, bringing it on par with HTTP services.

• Supported Methods: Basic Authentication, API Key Authentication, and OAuth.
• Seamless Integration: Easily enable authentication for gRPC unary and streaming handlers.
• Unified Auth Interface: Leverages the existing authentication logic for consistency across protocols. Refer :

🔹 Standard OTEL Tracing for gRPC

Enabled standard OpenTelemetry tracing for gRPC services.

• Automatic Instrumentation: Automatically captures spans for gRPC requests and responses.
• Better Observability: Provides detailed insights into gRPC service performance and call chains.

🛠️ Fixes

🔹 EventHub Consumer Group Fix

• Resolved an issue where consumer groups were not being correctly interpreted in the EventHub datasource, ensuring reliable message consumption.

v1.54.0

🚀 Features

🔹 Server-Side Rate Limiter Middleware

GoFr now includes a built-in Rate Limiter Middleware to protect your APIs from abuse and ensure fair resource distribution.

• Token Bucket Algorithm: Implements smooth rate limiting with configurable burst capacity.
• Per-IP Rate Limiting: Support for independent limits per client IP with trusted proxy support (X-Forwarded-For, X-Real-IP).
• Observability: Automatically tracks rate limit violations with the app_http_rate_limit_exceeded_total metric.
• Exemptions: Built-in health check endpoints (/.well-known/alive, /.well-known/health) are automatically exempt.

Usage Example

    app.UseMiddleware(middleware.RateLimiter(middleware.RateLimiterConfig{
        RequestsPerSecond: 10,
        Burst:             20,
        PerIP:             true,
    }, app.Metrics()))

🛠️ Fixes

🔹 Circuit Breaker & Health Check Refinement

Improved the reliability of the Circuit Breaker and Health Check mechanisms:

• Custom Health Endpoints: Fixed an issue where custom health endpoints were not consistently used by the circuit breaker for recovery checks.

Release v1.53.0

🚀 Features

🔹 Amazon SQS PubSub Support

GoFr now supports Amazon SQS as a messaging backend, enabling seamless integration with AWS Simple Queue Service for building resilient, distributed microservices.

• Supports both Publishing and Subscribing to SQS standard queues
• Configurable Behavior:
  • Support for custom message attributes
  • Configurable visibility timeouts and wait times
  • Support for standard queues

Usage Example

To use Amazon SQS, import the driver and add it to your application:

import (
    "gofr.dev/pkg/gofr"
    "gofr.dev/pkg/gofr/datasource/pubsub/sqs"
)

func main() {
    app := gofr.New()

    app.AddPubSub(sqs.New(&sqs.Config{
        Region:          "us-east-1",
        AccessKeyID:     "your-access-key-id",     // optional if using IAM roles
        SecretAccessKey: "your-secret-access-key", // optional if using IAM roles
        // Endpoint:     "http://localhost:4566", // optional: for LocalStack
    }))

    app.Subscribe("my-queue", func(ctx *gofr.Context) error {
        // Process message
        return nil
    })

    app.Run()
}

🚀 Enhancements

🔹 Metrics for HTTP Service Resilience

Enhanced observability for inter-service communication by adding dedicated metrics for resilience patterns.

• New metric app_http_retry_count: Tracks the total number of retries performed for each downstream service
• New metric app_http_circuit_breaker_state: A gauge tracking the current state (0 for Closed, 1 for Open) of the circuit breaker
• Updated Grafana Dashboards: Included new panels to visualize retry events and circuit breaker transitions, providing immediate insights into service stability and failure patterns. You can refer : https://github.com/gofr-dev/gofr/tree/main/examples/http-server/docker/provisioning/dashboards/gofr-dashboard

🔹 Configurable Metrics Server

Added the ability to disable the internal metrics server by setting the METRICS_PORT environment variable to 0. This provides greater flexibility for users who prefer to handle metrics collection through external agents or in environments where a separate metrics port is not required.

🛠️ Fixes

🔹 Zip Slip Vulnerability Protection

Improved the security of the file/zip package by implementing protection against Zip Slip (path traversal) attacks.

• Automatically validates file paths during extraction to ensure they remain within the target directory
• Rejects zip entries containing absolute paths or parent directory traversal sequences (..)
• Ensures safe handling of compressed files from untrusted sources

Release v1.52.0

🚀 Features

🔹 Redis PubSub Support

GoFr now supports Redis PubSub as a messaging backend, providing seamless integration with Redis for publish-subscribe patterns in microservices.

• Supports both Redis Channels (traditional PubSub) and Redis Streams modes
• Configurable via REDIS_PUBSUB_MODE environment variable (defaults to streams)
• Redis Streams features:
  • Consumer groups for load balancing and message distribution
  • Automatic consumer group creation with MKSTREAM support
  • Configurable PEL (Pending Entry List) ratio for balancing pending vs new messages (default: 0.7, i.e., 70% PEL, 30% new messages)
  • Stream length management with MaxLen configuration
  • Automatic message acknowledgment handling
• Redis Channels features:
  • Traditional PubSub channel support for simple messaging patterns
  • Automatic channel creation on first publish/subscribe
• Separate database support via REDIS_PUBSUB_DB to prevent keyspace collisions (defaults to database 15)
• Configurable buffer size, query timeout, and query limits
• Automatic connection monitoring and resubscription on reconnection
• Full observability with metrics, logging, and distributed tracing
• Graceful error handling with permanent failure detection

🚀 Enhancements

🔹 HTTP Router Path Normalization

Router now normalizes paths before routing to handle edge cases with double slashes and malformed paths.

• Automatically cleans and normalizes request paths using path.Clean()
• Handles empty paths, double slashes, and trailing slashes consistently
• Ensures proper routing behavior regardless of path formatting in requests
• Improves compatibility with various HTTP clients and reverse proxies

🛠️ Fixes

🔹 JSON Encoding Error Handling for NaN Values

Fixed a bug where math.NaN() values in responses caused incorrect error handling. The responder now properly handles JSON encoding failures by:

• Detecting encoding errors before writing response headers
• Returning appropriate 500 Internal Server Error status code for encoding failures

🔹 Grafana Dashboard Configuration

Fixed Grafana dashboard configuration to ensure proper metrics visualization and monitoring capabilities.

Release v1.51.0

🚀 Features

🔐 Role-Based Access Control (RBAC)

GoFr introduces a config-driven RBAC middleware for enforcing authorization across HTTP APIs without adding role or permission logic inside handlers.

Key Highlights

• Authorization defined entirely via JSON/YAML configuration

• Permission-based model

  • Roles define permissions
  • Endpoints require permissions

• Header-based and JWT-based role extraction

  • JWT-based RBAC supported via GoFr OAuth
  • JWT takes precedence when both are configured

• Role inheritance support

• Exact permission matching (no wildcards)

• Gorilla/mux-compatible route matching

  • Supports path variables and constraints

• Safe-by-default enforcement

  • Only routes defined in RBAC config are enforced

Usage

Enable RBAC using default config paths:

app := gofr.New()
app.EnableRBAC()

Or specify a custom RBAC config file:

app.EnableRBAC("configs/rbac.json")

JWT Integration

RBAC integrates with GoFr OAuth for JWT-based authorization:

app.EnableOAuth("https://auth.example.com/.well-known/jwks.json", 10)
app.EnableRBAC("configs/rbac.json")

Roles are extracted from JWT claims using configurable claim paths.

Observability

• Debug logs include route matching and authorization decision details.
• Roles are excluded from traces to avoid PII leakage.

📚 Documentation
Refer to the RBAC documentation for configuration details and advanced usage.

Release v1.50.2

🚀 Enhancements

🔹 HTTP Connection Pool Configuration

GoFr now supports configurable HTTP connection pool settings to optimize performance for high-frequency HTTP requests in microservices.

New ConnectionPoolConfig option for AddHTTPService() method

Configurable settings:

• MaxIdleConns: Maximum idle connections across all hosts (default: 100)
• MaxIdleConnsPerHost: Maximum idle connections per host (default: 2, recommended: 10-20)
• IdleConnTimeout: Connection keep-alive duration (default: 90 seconds)
• Addresses the limitation where Go's default MaxIdleConnsPerHost: 2 is insufficient for microservices
• Important: ConnectionPoolConfig must be applied first when using multiple options

🔹 OpenTSDB Metrics Support

Added metrics instrumentation for OpenTSDB operations to provide better observability.

New metrics:

• app_opentsdb_operation_duration: Duration of OpenTSDB operations in milliseconds
• app_opentsdb_operation_total: Total OpenTSDB operations
• Enables monitoring and alerting on OpenTSDB data operations

🛠️ Fixes

🔹 Panic Recovery for OnStart Hooks
Added panic recovery mechanism for OnStart hooks to prevent entire application crash. If a hook panics, the error is logged and the application continues with other hooks, improving application stability and resilience.

🔹 GCS Provider Name for Observability
Added provider name "GCS" to Google Cloud Storage file store for improved logging and metrics identification. Previously it used common logging semantics "COMMON" shared across file storage providers leading to improper visibilty of the underlying file storage being used,

🔹 Zipkin Trace Exporter Error Handling
Fixed error logging for successful trace exports (2xx status codes). Zipkin exporter now correctly ignores 201 status codes and other 2xx responses, reducing noise in error logs for successful operations.

Release v1.50.1

🚀 Enhancements

🔹 TLS / SSL Support for Database Connections

GoFr now supports secure TLS/SSL connections for relational databases(MySQL / MariaDB/PostgreSQL), improving security and compliance for production deployments.

• New configuration DB_SSL_MODE with supported modes:

  • disable, preferred, require, skip-verify, verify-ca, verify-full

• New environment variables for TLS configuration:

  • DB_TLS_CA_CERT

  • DB_TLS_CLIENT_CERT

  • DB_TLS_CLIENT_KEY

• verify-ca and verify-full modes enforce CA certificate validation

• Mutual TLS (mTLS) supported via client certificate & key

• Refer Documentation : Tracing In GoFr for more info.

🔹 Custom Authentication Headers for Tracing Exporters

GoFr now allows configuring custom authentication headers for OpenTelemetry exporters, enabling better compatibility with hosted observability platforms.

Key Highlights:

• New configuration: TRACER_HEADERS

  • Accepts comma-separated key=value pairs

  • Example: X-Api-Key=secret,Authorization=Bearer token

• TRACER_HEADERS takes priority over the existing TRACER_AUTH_KEY

• Refer Documentation : Connecting MySQL for more info.

🛠️ Fixes

🔹 Mock HTTP Services Deduplication in Tests

Fixed an issue where registering multiple mock HTTP services could result in deduplication, causing missing mocks and lost expectations during tests.

Fix Details:

• Each service registered via WithMockHTTPService(...) now receives a distinct mock instance

• Expectations must be set per service using: mocks.HTTPServices["serviceName"]

• Refer Documentation : Testing in GoFr for more info.

Release v1.50.0

🚀Features

🔹 Azure File Storage Support — New File-Store Provider

GoFr now introduces native Azure File Storage integration through a new provider at
gofr.dev/pkg/gofr/datasource/file/azure.

Key Highlights:

• Supports configuration via AccountName, AccountKey, and ShareName (optional: Endpoint)
• Automatic connection retry loop with connection-status logging
• Native directory support — Chdir, ReadDir, and Stat behave like a real filesystem
• Automatic parent-directory creation for nested file paths
• Built-in content-type detection based on extension (json, txt, csv, xml, html, pdf, etc.)
• One file share per file-store instance (explicitly documented)
• Complete documentation & examples added under Official File Handling in GoFr Documentation

Example

// Create Azure File Storage filesystem
fs, err := azure.New(&azure.Config{
    AccountName: "mystorageaccount",
    AccountKey:  "myaccountkey",
    ShareName:   "myshare",
    // Endpoint is optional, defaults to https://{AccountName}.file.core.windows.net
    // Endpoint: "https://custom-endpoint.file.core.windows.net",
})

if err != nil {
    app.Logger().Fatalf("Failed to initialize Azure File Storage: %v", err)
}

app.AddFileStore(fs)

app.Run()

🔹 CLI Improvements

• More helpful ErrCommandNotFound message showing the invalid command entered
• Better help formatting with aligned command–description columns
• Enhanced behavior for no-command scenarios: prints help + clearer messaging if added.

Bug Fixes

• Basic Auth Header Normalization
  Authorization header now correctly uses "Basic " instead of "basic " adhering to RFC standard for Basic Authorization Headers.