Releases: bcetienne/tools-go-token
Releases · bcetienne/tools-go-token
Release list
v4.1.0
- Add model/auth with User, UserInterface, Claim types (clean naming)
- Deprecate model/refresh-token aliases (AuthUser, AuthUserInterface, Claim, NewAuthUser)
- Update service/accessToken.go to use model/auth types directly
- Update README and CHANGELOG for v4.1.0
v4.0.0 - String-based user IDs with RFC 7519 compliant JWT has been successfully created.
BREAKING CHANGES:
- User IDs changed from int to string across all services
- AuthUser unified with single ID field (supports UUIDs and numeric IDs)
- JWT structure aligned with RFC 7519 (user ID in Subject claim)
- All service signatures updated to accept string user IDs
Benefits:
- Platform flexibility for UUID-based and numeric ID systems
- Standards compliance with RFC 7519
- Simplified API with single ID field
v3.2.0: Fix Go module path for v3 semantic versioning
- Update go.mod to use github.com/bcetienne/tools-go-token/v3 - Update all import paths in README examples to use /v3 suffix - Fixes pkg.go.dev indexing issue for versions >= 2.0.0 According to Go's semantic import versioning rules, modules with major version >= 2 must include the version suffix in the module path.
v3.1.0: Documentation and Test Improvements
Release v3.1.0: Documentation and Test Improvements
This release adds comprehensive godoc documentation and fixes failing tests.
Added
- Complete godoc documentation for all 36 public API elements
- Documentation follows godoc standards with examples
Fixed
- Config tests: missing otpSecret/otpTTL parameters
- OTP tests: validation error expectations
- All tests now pass (100% test suite success)
Technical Details
- Module: github.com/bcetienne/tools-go-token
- Go version: 1.22+
- Breaking changes: None
- Backward compatible: Yes
v3.0.0 - OTP Service
Release v3.0.0 - OTP Service with performance optimizations
Breaking changes:
- NewConfig() signature changed: added otpSecret and otpTTL parameters
- All existing NewConfig calls must be updated
New features:
- OTP (One-Time Password) service for passwordless authentication
- 6-digit codes with bcrypt hashing (cost 14)
- Rate limiting (5 attempts max per OTP)
- Single-use enforcement (auto-revoked after verification)
- Single active OTP per user
- Automatic expiration via Redis TTL (default: 10 minutes)
Improvements:
- Performance optimizations (hasher and duration caching)
- Fixed race condition in incrementAttempts
- Complete godoc documentation
- 40 new tests (116 total)
See CHANGELOG.md for full details.
Redis migration
🚀 Version 2.0.0 - Redis Migration
⚠️ Breaking Changes
This is a major version with breaking changes. Migration from v1.x requires:
- Redis instance instead of PostgreSQL
- Updated service initialization code
- New configuration structure
🎯 Major Changes
- Redis Backend: Complete migration from PostgreSQL to Redis for token storage
- Automatic Expiration: Leverages Redis TTL for automatic token cleanup
- Multi-Device Support: RefreshToken service now supports multiple active tokens per user
- Security Enhancement: Password reset enforces single active token per user
- Separate TTL Config: Independent expiry settings for refresh and password reset tokens
📦 Migration Guide
Before (v1.x):
// PostgreSQL-based
refreshTokenService := service.NewRefreshTokenService(db, config)
After (v2.0.0):
// Redis-based
refreshTokenService, err := service.NewRefreshTokenService(ctx, redisClient, config)
See README.md for complete documentation.Version 1.0.0 - First release
Added
- JWT Access Token service with secure authentication
- Refresh Tokens service with PostgreSQL persistence
- Password Reset service with temporary tokens
- Password validation (complexity, length, prohibited words)
- RFC-compliant email validation
- Secure password hashing with bcrypt
- Automatic management of PostgreSQL schemas and tables
- Comprehensive testing with TestContainers
- Complete documentation
Security
- Bcrypt with cost factor 14
- Cryptographically secure tokens
- Protection against SQL injection
- Strict validation of user input