See the documentation page for up-to-date information.
Rate limiting
A very simple util class for rate limiting has been added.
You can call it in the beginning of your endpoint Handler
functions:
app.get("/") { ctx ->
RateLimit(ctx).requestPerTimeUnit(5, TimeUnit.MINUTES) // throws if rate limit is exceeded
ctx.status("Hello, rate-limited World!")
}
Every rate limiter is independent (IP and Handler
based), so different endpoints can have different rate limits. It works as follows:
- A map of maps holds one IP/counter map per method/path combination (
Handler
). - On each request the counter for that IP is incremented.
- If the counter exceeds the number of requests specified, an exception is thrown.
- All counters are cleared periodically on every timeunit that you specified.
Case insensitive path matching
There is a new plugin, RedirectToLowercasePathPlugin
, which fills the void
left by removing case-insensitive matching that was present in Javalin 2.X.
The plugin redirects requests with uppercase/mixcase paths to lowercase paths.
For example, /Users/John
redirects to /users/John
(if endpoint is /users/:userId
).
It does not affect the casing of path-params and query-params, only static
URL fragments (Users
becomes users
above, but John
remains John
).
When using this plugin, you can only add paths with lowercase URL fragments.
It can be added like any other plugin:
config.registerPlugin(RedirectToLowercasePathPlugin())
Misc new features
- Added a
basicAuthCredentialsExists()
method toContext
(thanks to @mikexliu). - Added option to specify host (
start(port, host)
overload) toJavalin
(thanks to @rbygrave). - Added support for dynamic single page handlers (thanks to @pgross41).
- Added support for
anyOf
/oneOf
to OpenAPI plugin (thanks to @sealedtx). - Added a
Path
overload toJavalinVue#rootDirectory
method
Fixes
- Fixed
Instant
serialization in OpenAPI plugin (thanks to @TobiasWalle). - Fixed bug where
endpointHandlerPath()
method would throw if called in after/requestLogger on 404s. - Fixed bug in
config.enforceSsl
(now takes load balancers into account) - Fixed bug in content decoding, will now try specified charset instead of always UTF-8 (thanks to @thibaultmeyer).