Skip to content

v0.4.0 Release Notes

Release Date: 2026-03-23

Highlights

  • Backend for Frontend (BFF) Package: Complete BFF implementation with session management, rate limiting, and API proxy
  • Public Profile Fields: User and organization profiles for directory listings and public pages
  • Huma Integration: OpenAPI schema generation for BFF endpoints

Added

BFF Package (session/bff)

New Backend for Frontend implementation for secure browser-to-API communication:

  • Session Management: HTTP-only cookie sessions with configurable expiration
  • API Proxy: Automatic token injection for backend API calls
  • CSRF Protection: Origin validation for state-changing requests
  • Rate Limiting: Token bucket algorithm with per-endpoint overrides
  • Client IP Extraction: Support for Cloudflare and standard proxy headers
import "github.com/grokify/coreforge/session/bff"

handler := bff.NewHandler(bff.Config{
    Store:          sessionStore,
    AllowedOrigins: []string{"https://app.example.com"},
    SessionTTL:     24 * time.Hour,
    CookieDomain:   ".example.com",
})

Huma API Integration

OpenAPI schema generation for BFF endpoints:

import "github.com/grokify/coreforge/session/bff"

bff.RegisterHumaRoutes(api, handler)

Public Profile Fields

HumanMixin (identity/ent/mixin/identity.go):

  • slug: URL-safe username for public profile URLs
  • headline: Professional headline (max 120 chars)
  • bio: Public biography with Markdown support
  • linkedin_url, github_url, twitter_url, website_url: Social links
  • public_profile: Toggle for profile visibility

OrganizationBase (identity/ent/mixin/mixin.go):

  • tagline: Short tagline for display (max 200 chars)
  • description: Full description with Markdown support
  • website_url: External website URL
  • social_links: JSON array of social media URLs
  • public_listing: Toggle for directory visibility

Documentation

  • BFF pattern documentation with architecture overview and integration examples

Infrastructure

  • Updated shared CI workflows to Go 1.26.x only (dropped 1.25.x support)

Dependencies

  • github.com/authzed/spicedb: 1.49.2 → 1.50.0
  • google.golang.org/grpc: 1.79.2 → 1.79.3
  • github.com/mattn/go-sqlite3: 1.14.34 → 1.14.37

Migration Guide

Using the BFF Package

  1. Add the BFF handler to your router:
import (
    "github.com/grokify/coreforge/session/bff"
    "github.com/go-chi/chi/v5"
)

r := chi.NewRouter()

bffHandler := bff.NewHandler(bff.Config{
    Store:          yourSessionStore,
    AllowedOrigins: []string{"https://yourapp.com"},
    TokenService:   yourTokenService,
})

r.Mount("/bff", bffHandler)
  1. Configure rate limiting (optional):
limiter := bff.NewRateLimiter(bff.RateLimitConfig{
    RequestsPerMinute: 60,
    BurstSize:         10,
})

r.Use(limiter.Middleware)

Adding Public Profile Fields

Run Ent code generation after updating to v0.4.0:

go generate ./ent

The new fields will be available on your Human and Organization entities.