v1.53.0

Release v1.53.0

🚀 Features

🔹 Amazon SQS PubSub Support

GoFr now supports Amazon SQS as a messaging backend, enabling seamless integration with AWS Simple Queue Service for building resilient, distributed microservices.

• Supports both Publishing and Subscribing to SQS standard queues
• Configurable Behavior:
  • Support for custom message attributes
  • Configurable visibility timeouts and wait times
  • Support for standard queues

Usage Example

To use Amazon SQS, import the driver and add it to your application:

import (
    "gofr.dev/pkg/gofr"
    "gofr.dev/pkg/gofr/datasource/pubsub/sqs"
)

func main() {
    app := gofr.New()

    app.AddPubSub(sqs.New(&sqs.Config{
        Region:          "us-east-1",
        AccessKeyID:     "your-access-key-id",     // optional if using IAM roles
        SecretAccessKey: "your-secret-access-key", // optional if using IAM roles
        // Endpoint:     "http://localhost:4566", // optional: for LocalStack
    }))

    app.Subscribe("my-queue", func(ctx *gofr.Context) error {
        // Process message
        return nil
    })

    app.Run()
}

🚀 Enhancements

🔹 Metrics for HTTP Service Resilience

Enhanced observability for inter-service communication by adding dedicated metrics for resilience patterns.

• New metric app_http_retry_count: Tracks the total number of retries performed for each downstream service
• New metric app_http_circuit_breaker_state: A gauge tracking the current state (0 for Closed, 1 for Open) of the circuit breaker
• Updated Grafana Dashboards: Included new panels to visualize retry events and circuit breaker transitions, providing immediate insights into service stability and failure patterns. You can refer : https://github.com/gofr-dev/gofr/tree/main/examples/http-server/docker/provisioning/dashboards/gofr-dashboard

🔹 Configurable Metrics Server

Added the ability to disable the internal metrics server by setting the METRICS_PORT environment variable to 0. This provides greater flexibility for users who prefer to handle metrics collection through external agents or in environments where a separate metrics port is not required.

🛠️ Fixes

🔹 Zip Slip Vulnerability Protection

Improved the security of the file/zip package by implementing protection against Zip Slip (path traversal) attacks.

• Automatically validates file paths during extraction to ensure they remain within the target directory
• Rejects zip entries containing absolute paths or parent directory traversal sequences (..)
• Ensures safe handling of compressed files from untrusted sources

v1.52.0

Release v1.52.0

🚀 Features

🔹 Redis PubSub Support

GoFr now supports Redis PubSub as a messaging backend, providing seamless integration with Redis for publish-subscribe patterns in microservices.

• Supports both Redis Channels (traditional PubSub) and Redis Streams modes
• Configurable via REDIS_PUBSUB_MODE environment variable (defaults to streams)
• Redis Streams features:
  • Consumer groups for load balancing and message distribution
  • Automatic consumer group creation with MKSTREAM support
  • Configurable PEL (Pending Entry List) ratio for balancing pending vs new messages (default: 0.7, i.e., 70% PEL, 30% new messages)
  • Stream length management with MaxLen configuration
  • Automatic message acknowledgment handling
• Redis Channels features:
  • Traditional PubSub channel support for simple messaging patterns
  • Automatic channel creation on first publish/subscribe
• Separate database support via REDIS_PUBSUB_DB to prevent keyspace collisions (defaults to database 15)
• Configurable buffer size, query timeout, and query limits
• Automatic connection monitoring and resubscription on reconnection
• Full observability with metrics, logging, and distributed tracing
• Graceful error handling with permanent failure detection

---

🚀 Enhancements

🔹 HTTP Router Path Normalization

Router now normalizes paths before routing to handle edge cases with double slashes and malformed paths.

• Automatically cleans and normalizes request paths using path.Clean()
• Handles empty paths, double slashes, and trailing slashes consistently
• Ensures proper routing behavior regardless of path formatting in requests
• Improves compatibility with various HTTP clients and reverse proxies

---

🛠️ Fixes

🔹 JSON Encoding Error Handling for NaN Values

Fixed a bug where math.NaN() values in responses caused incorrect error handling. The responder now properly handles JSON encoding failures by:

• Detecting encoding errors before writing response headers
• Returning appropriate 500 Internal Server Error status code for encoding failures

🔹 Grafana Dashboard Configuration

Fixed Grafana dashboard configuration to ensure proper metrics visualization and monitoring capabilities.

v1.51.0

Release v1.51.0

🚀 Features

🔐 Role-Based Access Control (RBAC)

GoFr introduces a config-driven RBAC middleware for enforcing authorization across HTTP APIs without adding role or permission logic inside handlers.

---

Key Highlights

• Authorization defined entirely via JSON/YAML configuration

• Permission-based model

  • Roles define permissions
  • Endpoints require permissions

• Header-based and JWT-based role extraction

  • JWT-based RBAC supported via GoFr OAuth
  • JWT takes precedence when both are configured

• Role inheritance support

• Exact permission matching (no wildcards)

• Gorilla/mux-compatible route matching

  • Supports path variables and constraints

• Safe-by-default enforcement

  • Only routes defined in RBAC config are enforced

---

Usage

Enable RBAC using default config paths:

app := gofr.New()
app.EnableRBAC()

Or specify a custom RBAC config file:

app.EnableRBAC("configs/rbac.json")

---

JWT Integration

RBAC integrates with GoFr OAuth for JWT-based authorization:

app.EnableOAuth("https://auth.example.com/.well-known/jwks.json", 10)
app.EnableRBAC("configs/rbac.json")

Roles are extracted from JWT claims using configurable claim paths.

---

Observability

• Debug logs include route matching and authorization decision details.
• Roles are excluded from traces to avoid PII leakage.

📚 Documentation
Refer to the RBAC documentation for configuration details and advanced usage.

v1.50.2

Release v1.50.2

🚀 Enhancements

🔹 HTTP Connection Pool Configuration

GoFr now supports configurable HTTP connection pool settings to optimize performance for high-frequency HTTP requests in microservices.

New ConnectionPoolConfig option for AddHTTPService() method

Configurable settings:

• MaxIdleConns: Maximum idle connections across all hosts (default: 100)
• MaxIdleConnsPerHost: Maximum idle connections per host (default: 2, recommended: 10-20)
• IdleConnTimeout: Connection keep-alive duration (default: 90 seconds)
• Addresses the limitation where Go's default MaxIdleConnsPerHost: 2 is insufficient for microservices
• Important: ConnectionPoolConfig must be applied first when using multiple options

🔹 OpenTSDB Metrics Support

Added metrics instrumentation for OpenTSDB operations to provide better observability.

New metrics:

• app_opentsdb_operation_duration: Duration of OpenTSDB operations in milliseconds
• app_opentsdb_operation_total: Total OpenTSDB operations
• Enables monitoring and alerting on OpenTSDB data operations

---

🛠️ Fixes

🔹 Panic Recovery for OnStart Hooks
Added panic recovery mechanism for OnStart hooks to prevent entire application crash. If a hook panics, the error is logged and the application continues with other hooks, improving application stability and resilience.

🔹 GCS Provider Name for Observability
Added provider name "GCS" to Google Cloud Storage file store for improved logging and metrics identification. Previously it used common logging semantics "COMMON" shared across file storage providers leading to improper visibilty of the underlying file storage being used,

🔹 Zipkin Trace Exporter Error Handling
Fixed error logging for successful trace exports (2xx status codes). Zipkin exporter now correctly ignores 201 status codes and other 2xx responses, reducing noise in error logs for successful operations.

v1.50.1

Release v1.50.1

🚀 Enhancements

🔹 TLS / SSL Support for Database Connections

GoFr now supports secure TLS/SSL connections for relational databases(MySQL / MariaDB/PostgreSQL), improving security and compliance for production deployments.

• New configuration DB_SSL_MODE with supported modes:

  • disable, preferred, require, skip-verify, verify-ca, verify-full

• New environment variables for TLS configuration:

  • DB_TLS_CA_CERT

  • DB_TLS_CLIENT_CERT

  • DB_TLS_CLIENT_KEY

• verify-ca and verify-full modes enforce CA certificate validation

• Mutual TLS (mTLS) supported via client certificate & key

• Refer Documentation : Tracing In GoFr for more info.

---

🔹 Custom Authentication Headers for Tracing Exporters

GoFr now allows configuring custom authentication headers for OpenTelemetry exporters, enabling better compatibility with hosted observability platforms.

Key Highlights:

• New configuration: TRACER_HEADERS

  • Accepts comma-separated key=value pairs

  • Example: X-Api-Key=secret,Authorization=Bearer token

• TRACER_HEADERS takes priority over the existing TRACER_AUTH_KEY

• Refer Documentation : Connecting MySQL for more info.

🛠️ Fixes

🔹 Mock HTTP Services Deduplication in Tests

Fixed an issue where registering multiple mock HTTP services could result in deduplication, causing missing mocks and lost expectations during tests.

Fix Details:

• Each service registered via WithMockHTTPService(...) now receives a distinct mock instance

• Expectations must be set per service using: mocks.HTTPServices["serviceName"]

• Refer Documentation : Testing in GoFr for more info.

v1.50.0

Release v1.50.0

🚀Features

🔹 Azure File Storage Support — New File-Store Provider

GoFr now introduces native Azure File Storage integration through a new provider at
gofr.dev/pkg/gofr/datasource/file/azure.

Key Highlights:

• Supports configuration via AccountName, AccountKey, and ShareName (optional: Endpoint)
• Automatic connection retry loop with connection-status logging
• Native directory support — Chdir, ReadDir, and Stat behave like a real filesystem
• Automatic parent-directory creation for nested file paths
• Built-in content-type detection based on extension (json, txt, csv, xml, html, pdf, etc.)
• One file share per file-store instance (explicitly documented)
• Complete documentation & examples added under Official File Handling in GoFr Documentation

Example

// Create Azure File Storage filesystem
fs, err := azure.New(&azure.Config{
    AccountName: "mystorageaccount",
    AccountKey:  "myaccountkey",
    ShareName:   "myshare",
    // Endpoint is optional, defaults to https://{AccountName}.file.core.windows.net
    // Endpoint: "https://custom-endpoint.file.core.windows.net",
})

if err != nil {
    app.Logger().Fatalf("Failed to initialize Azure File Storage: %v", err)
}

app.AddFileStore(fs)

app.Run()

🔹 CLI Improvements

• More helpful ErrCommandNotFound message showing the invalid command entered
• Better help formatting with aligned command–description columns
• Enhanced behavior for no-command scenarios: prints help + clearer messaging if added.

Bug Fixes

• Basic Auth Header Normalization
  Authorization header now correctly uses "Basic " instead of "basic " adhering to RFC standard for Basic Authorization Headers.

v1.49.0

Release v1.49.0

🚀 New Features

🔹 DB Resolver for MySQL Read/Write Splitting

GoFr introduces a powerful, production-ready DBResolver module that enables automatic read/write splitting between a primary database and multiple replicas.

Key Highlights:

• Automatic routing based on HTTP methods:

  • Writes (POST, PUT, PATCH, DELETE) → Primary
  • Reads (GET, HEAD, OPTIONS) → Replicas

• Route-based overrides using PrimaryRoutes for strongly consistent paths

• Pluggable read-balancing strategies:

  • Round-robin
  • Random

• Built-in circuit breaker for tracking replica failures & recovery

• Full integration through dbresolver.InitDBResolver()

• Unlocks horizontal scaling for read-heavy services

• Significantly reduces read latency

• Ensures high resilience with automatic failover to primary when replicas are down

Additional Details:

Installation

go get gofr.dev/pkg/gofr/datasource/dbresolver@latest

Initializing DBResolver

import (
    "gofr.dev/pkg/gofr"
    "gofr.dev/pkg/gofr/datasource/dbresolver"
)

func main() {
    a := gofr.New()

    err := dbresolver.InitDBResolver(a, &dbresolver.Config{
        Strategy:     dbresolver.StrategyRoundRobin,
        ReadFallback: true,     // fallback to primary if all replicas fail
        MaxFailures:  3,        // mark replica down after 3 failures
        TimeoutSec:   30,       // cooldown before retrying
        PrimaryRoutes: []string{
            "/admin",
            "/api/payments/*",
        },
        Replicas: []dbresolver.ReplicaCredential{
            {Host: "localhost:3307", User: "replica_user1", Password: "pass1"},
            {Host: "replica2.example.com:3308", User: "replica_user2", Password: "pass2"},
            {Host: "replica3.example.com:3309", User: "replica_user3", Password: "pass3"},
        },
    })

    if err != nil {
        a.Logger().Errorf("failed to initialize db resolver: %v", err)
    }

    a.Run()
}

Read Endpoint (Auto → Replica)

a.GET("/customers", func(c *gofr.Context) (any, error) {
    var out []Customer
    c.SQL.Select(c, &out, "SELECT id, name FROM customers")
    return out, nil
})

Write Endpoint (Auto → Primary)

a.POST("/customers", func(c *gofr.Context) (any, error) {
    var cust Customer
    c.Bind(&cust)

    _, err := c.SQL.Exec("INSERT INTO customers (name) VALUES (?)", cust.Name)
    return cust, err
})

Forced Primary Route

a.GET("/admin/customers", func(c *gofr.Context) (any, error) {
    var out []Customer
    c.SQL.Select(c, &out, "SELECT id, name FROM customers")
    return out, nil
})

🔹 XML Responses (response.XML)

GoFr now supports raw XML responses without JSON encoding by using response.XML.

Key Highlights:

• Writes raw XML bytes directly to the client
• Default Content-Type = application/xml
• Perfect for legacy and enterprise XML-based systems

Example:

app.GET("/legacy/xml", func(ctx *gofr.Context) (any, error) {
    content := []byte(`<Response status="ok"><Message>Hello</Message></Response>`)
    return response.XML{Content: content}, nil
})

XML Output

<Response status="ok"><Message>Hello</Message></Response>

📦 Improvements

🔹 Responder Improvements

• Special response types (Raw, File, Template, XML, Redirect) now follow a unified handling flow
• Avoids incorrect 206 Partial Content responses
• Ensures default JSON Content-Type

🔹 DBResolver Pooling Controls

Replica pools now scale relative to primary pools. Defaults:

• Primary: DB_MAX_IDLE_CONNECTION=2 → Replicas default to 8
• Primary: DB_MAX_OPEN_CONNECTION=20 → Replicas default to 40

Optional overrides:

DB_REPLICA_MAX_IDLE_CAP=100
DB_REPLICA_MIN_IDLE=5
DB_REPLICA_DEFAULT_IDLE=15
DB_REPLICA_MAX_OPEN_CAP=500
DB_REPLICA_MIN_OPEN=20
DB_REPLICA_DEFAULT_OPEN=150

🐛 Bug Fixes & Small Changes

🔹 Authentication Timing Attack Protection

• API Key and Basic Auth now use consistent time comparisons

Refer : GoFr Official Documentation
https://gofr.dev/docs

v1.48.0

Release v1.48.0

🚀 New Features

🔹 Unified Token-Bucket Rate Limiter for HTTP Clients

GoFr introduces a brand-new, pluggable rate limiter that works across all HTTP client calls.

Key Highlights:

• Supports in-memory and Redis-backed stores
• Simple drop-in integration via RateLimiterConfig or AddOption
• Integer-only token bucket with burst support
• Background cleanup for local buckets
• Customizable request grouping using KeyFunc

Why this matters:

• Ensures consistent throttling across all downstream HTTP services
• Distributed apps can now safely rate-limit using Redis

Additional Details :

• Default limit: 60 req/min, burst 10
• Returns RateLimitError (429) with RetryAfter for easy handling.

📦 Improvements

🔹 HTTP Client Enhancements with Rate Limiting

• Rate limiter now acts as an HTTP wrapper, intercepting all Get/Post/Put/Delete calls (including header variants)

• Service key normalization improved via default keying (scheme://host)

• Cleaner validation through RateLimiterConfig.Validate() with automatic sane defaults

🔹 SQL Operation Normalization

• SQL operation detection now always returns UPPERCASE keywords. Improves reliability for middleware and query inspection logic.

🔹 OAuth Token URL Validation Cleanup

• Switched to shared scheme constants (http / https). Reduces duplicated literals and improves code clarity

🐛 Bug Fixes & Small Changes

🔹 Consistent SQL Operation Detection

• getOperationType() now normalizes to uppercase, preventing case-sensitivity issues across modules

🔹 Documentation Updates

• HTTP communication guide adds all details to add rate-limiter in your registered HTTP Services. Added examples for:
  • In-memory usage
  • Redis-backed multi-instance usage
  • Custom keying functions
• Added Documentation to setup gRPC Streaming Services/Clients using GoFr.

Refer : GoFr Official Documentation

v1.47.1

Release v1.47.1

📊 Enhancements

🔹 Unified Datasource Histogram Buckets

GoFr now uses a shared getDefaultDatasourceBuckets() across SQL, Redis, and other datasources.
Benefits:

• Standardized buckets from 0.05ms → 30s
• Consistent observability across datasources
• Improved monitoring fidelity in Prometheus/Grafana
• Easier cross-datasource latency comparison

🔹 ArangoDB v2.1.6 Compatibility & API Upgrade

Updated GoFr’s ArangoDB datasource to align with the latest github.com/arangodb/go-driver/v2 v2.1.6 driver. This upgrade ensures smooth integration with modern ArangoDB clusters and removes legacy API inconsistencies.

Key Highlights:

• Migrated collection creation to CreateCollectionV2 / CreateCollectionWithOptionsV2
• Ensures correct handling of edge and document collection types

🛠️ Bug Fixes

ArangoDB Database Creation – No More False Failures

Previously, calling CreateDatabase() on an existing DB caused unnecessary user-visible errors.
Fix Summary:

• Added an existence check before creating databases
• Prevents duplicate-create errors
• Ensures smooth provisioning flows during app startup or migrations

ArangoDB Collection Type Handling Corrected

Edge collections were previously misconfigured due to missing or incorrect Type assignment.
Fix Summary -

• Explicit Type handling added for edge vs document collections
• Ensures correct metadata and relationship behavior
• Updated tests to validate collection-type correctness

v1.47.0

Release v1.47.0

✨ Features

🔹 GCS File System Integration

Introduced Google Cloud Storage (GCS) File System as a new implementation of the GoFr FileSystem interface. This enables seamless integration with GCS while maintaining consistent behavior across existing backends like S3, FTP, and SFTP.

Supported Methods:

type FileSystem interface {
    Create(name string) (File, error)
    Mkdir(name string, perm os.FileMode) error
    MkdirAll(path string, perm os.FileMode) error
    Open(name string) (File, error)
    OpenFile(name string, flag int, perm os.FileMode) (File, error)
    Remove(name string) error
    RemoveAll(path string) error
    Rename(oldname string, newname string) error
    ReadDir(dir string) ([]FileInfo, error)
    Stat(name string) (FileInfo, error)
    ChDir(dirname string) error
    Getwd() (string, error)
}

• Consistent and unified interface for GCS, S3, FTP, and SFTP file operations.
• Plug-and-play compatibility with GoFr’s file abstraction layer.
• Production-ready with proper error wrapping, retries, and structured logging.
• Simplifies backend switching without changing application logic.

For detailed usage, visit 👉 GoFr Docs — GCS File System

---

🛠️ Bug Fixes

Remote Logger — Improper JSON Log Formatting

Previously, ANSI color codes and non-ASCII characters appeared in JSON logs, breaking downstream log parsers.

Example of affected log output:

{"level":"DEBUG","time":"2025-09-17T17:54:30.625115633Z","message":"\u001b[38;5;8m5460fd91feac021fd633b5989abdeb26 \u001b[38;5;34m200   \u001b[0m     5855\u001b[38;5;8mµs\u001b[0m GET https://myurl","gofrVersion":"v1.45.0"}

Fix Summary:

• Removed ANSI color codes and non-ASCII characters from JSON logs.
• Preserved terminal log colors for local debugging.
• Ensured all remote JSON logs are now ASCII-safe and parseable by log processors (ELK, Loki, Cloud Logging, etc.).