v5.7.1

This patch:

• Fixes a build error when using Kiota without any OpenAPI references.
• Fixes compatibility with MongoDB.
• Removes the Experimental attribute from the AddOpenApiForJsonApi extension method.
• Reverts an unintentional binary breaking change in QueryTokenizer.

Merged PRs

• Publish packages to feedz.io by @bkoelman in #1719
• Improve detection of collection element type by @bkoelman in #1720
• Fixed: build error after adding reference to JADNC.Kiota package by @bkoelman in #1721
• Remove Experimental attribute from AddOpenApiForJsonApi by @bkoelman in #1724

Full Changelog: v5.7.0...v5.7.1

v5.7.0

New features and enhancements

After years of work, we're finally ready to ship the first preview release of OpenAPI support for JSON:API!

Now you can generate a documentation website from your models. And generate typed client libraries using NSwag and Microsoft Kiota. See the documentation to get started. In this preview, all JsonApiDotNetCore features work with OpenAPI, except for the following:

• Custom controllers and custom action methods are ignored.
• Controllers that use ID obfuscation don't work.
• The usage of [DisableQueryString] on controllers is ignored.

As part of the OpenAPI work, basic support for third-party JSON:API extensions was added. We also introduced our own extension to enhance the OpenAPI experience.

Next to the existing IAtomicOperationFilter, IJsonApiEndpointFilter was added, which enables to remove controller action methods at runtime.

Breaking changes

• This version requires .NET 8 or higher, because official support for .NET 6 has ended.
• Properties on HeaderConstants have been obsoleted; see their message for the replacement.
• The relaxed form "atomic-operations" for the Atomic Operations JSON:API extension was renamed to "atomic" for consistency.

Bugfixes

• A proper error is now returned when the ID in a request body is an empty string or whitespace.
• Resource inheritance: Atomic operations enabled on a base type are implicitly enabled on all derived types.
• Resource inheritance: Pagination on inluded derived types wasn't being applied.
• Resource inheritance: A post-resource request with ?include used to fail.
• The calculation of the total resource count on a secondary/relationship endpoint could crash when resource definitions are involved.

Merged PRs

• Fixed: Produce error on invalid ID in request body by @bkoelman in #1593
• Basic support for third-party JSON:API extensions by @bkoelman in #1623
• Fix resource inheritance with atomic operations by @bkoelman in #1628
• Refactorings for JSON:API extensions to unblock OpenAPI support by @bkoelman in #1629
• Resource inheritance fixes by @bkoelman in #1641
• Content negotiation: Enable override of chosen media type when Accept header is missing by @bkoelman in #1644
• IJsonApiEndpointFilter: remove controller action methods at runtime by @bkoelman in #1646
• Drop support for .NET 6, test against .NET 9 by @bkoelman in #1656
• Breaking: rename relaxed form of Atomic Operations extension by @bkoelman in #1664
• Add note about shared models by @bkoelman in #1679
• Refactor internal-only JSON:API extensions support by @bkoelman in #1687
• Marshall JsonApiException thrown from JsonConverter by @bkoelman in #1690
• Fix invalid expression for total count on inverse relationship filter from resource definition by @bkoelman in #1711
• Merge experimental OpenAPI support into master by @bkoelman in #1716

Full Changelog: v5.6.0...v5.7.0

v5.6.0

New features and enhancements

Aside from a new logo (which was needed to enable dark mode on the documentation website), most of the changes involve unblocking our ongoing development of OpenAPI support for JSON:API. Please read the docs and give it a try (see the instructions for NSwag and Kiota), we'd love to hear your feedback.

• The describedby top-level link has been added, whose visibility can be configured at various levels. Its value can be set by implementing IDocumentDescriptionLinkProvider.
• Controller action methods have been enriched with [Required], pipeline methods with [DisallowNull] for id parameters.
• A relaxed variant of the atomic operations media type can be used, to workaround deficiencies in OpenAPI client generators.

Breaking changes

• When your project contains an atomic operations controller, earlier versions would always expose all operations for all resource types, despite the use of [Resource(GenerateControllerEndpoints = ...)] to constrain endpoints. The new behavior is to block operations whose endpoints are blocked using GenerateControllerEndpoints. If you're using custom controllers (or just want to override this default), implement IAtomicOperationFilter. To revert to the old behavior, use IAtomicOperationFilter.AlwaysEnabled.

Bugfixes

• Fix crash on empty query string parameter name. For example: http://localhost:5065/people?=.
• Fix percent-encoding of whitespace in response links. For example: equals(city,%27New York%27) equals(city,%27New%20York%27).
• Return empty object ({}) instead of { "data": null } in atomic operation results.
• Do not allow lid in atomic operations request when a client-generated ID is required.
• Take options.UseRelativeLinks into account when rendering HTTP Location header.

Merged PRs

• Replace CreateTupleAccessExpressionForConstant with simpler implementation by @bkoelman in #1469
• Don't crash on empty query string parameter name by @verdie-g in #1484
• Drop dependency on EF Core internals by @bkoelman in #1492
• Enable setting the "describedby" top-level link by @bkoelman in #1495
• Controller attribute changes by @bkoelman in #1503
• Move back [FromBody] and [Required] to derived controllers by @bkoelman in #1506
• Move [FromBody] back on base controllers, to prevent a breaking change by @bkoelman in #1508
• Revert "Resharper: Replace async method with Task return" by @bkoelman in #1513
• Add support for configuring the visibility of the "describedby" link by @bkoelman in #1516
• Fix whitespace in query string parameters within pagination links by @bkoelman in #1526
• New logo, dark mode on landing page by @bkoelman in #1549
• Allow relaxed Content-Type for atomic operations by @bkoelman in #1553
• Filter operations based on GenerateControllerEndpoints usage by @bkoelman in #1561
• Return Forbidden when operation is inaccessible, to match resource endpoint status code by @bkoelman in #1562
• Fixed: return empty object instead of data:null in operation results by @bkoelman in #1564
• Fixed: Do not allow the use of 'lid' when client-generated IDs are required by @bkoelman in #1581
• Fixed: send absolute/relative URL in location header, depending on options.UseRelativeLinks by @bkoelman in #1582
• Add [DisallowNull] on TId in pipeline parameters by @bkoelman in #1583

Full Changelog: v5.5.1...v5.6.0

v5.5.1

This patch eliminates building an intermediate ServiceProvider at startup, which unblocks usage in Aspire (more specifically, its usage of AddNpgsqlDataSource) and improves Serilog compatibility.

Furthermore, this patch makes methods on FilterParser overridable, which enables plugging in custom parsing of constant values (text surrounded by single quotes) inside a filter query string value.

Merged PRs

• Allow to override valueconverter on FilterParser by @bjornharrtell in #1401
• Remove building an intermediate service provider at startup by @bkoelman in #1431

Full Changelog: v5.5.0...v5.5.1

v5.5.0

New features and enhancements

• This release adds support for .NET 8 and Entity Framework Core 8.
• A new example was added that uses Dapper instead of Entity Framework Core. It demonstrates how to produce SQL for nearly all JSON:API features, such as side-loading related resources and compound nested filters, as well as applying resource changes and atomic operations. The produced SQL works on PostgreSQL, MySQL, and SQL Server.
• We now use TryAdd[Singleton/Scoped/Transient] internally, which makes it easier to replace built-in dependencies with your own.

Bugfixes

• Fix crash on atomic operations request when trace logging is turned on.

Merged PRs

• Make it easier to register custom services in the IoC container by @bkoelman in #1352
• Example to produce SQL without Entity Framework Core! by @bkoelman in #1361
• Fix crash on operations requests when trace logging is turned on by @bkoelman in #1396
• Multi-target against .NET 6 and .NET 8 by @bkoelman in #1349

Full Changelog: v5.4.0...v5.5.0

v5.4.0

New features and enhancements

• The usage of client-generated IDs can now be overruled per resource type. The new choices are: Forbidden/Allowed/Required (both per type and globally). See the documentation for details.
• New example for using generic scopes-based authorization (see here).
• Continuous integration builds use GitHub Actions on Windows, Ubuntu and macOS. This includes dependabot updates and CodeQL vulnerability scanning. It comes with a new NuGet feed for trying out the latest builds.
• You can now sponsor our project with one-time and monthly donations.

Breaking changes

The boolean AllowClientGeneratedIds in options has been obsoleted in favor of the new IJsonApiOptions.ClientIdGeneration (see above)

Bugfixes

• Correct examples in the documentation for AddJsonApi calls.
• Correct nullability in the return value of the QueryExpressionRewriter.VisitResourceFieldChain method.
• Change inheritdoc usage to correct IntelliSense/documentation on classes.
• Sanitize user input to prevent a malicious user from forging log entries.

Merged PRs

• Docs: Add missing parameter name to AddJsonApi calls by @bkoelman in #1296
• Add example for scopes-based authorization by @bkoelman in #1303
• Replace AppVeyor with GitHub Actions by @bkoelman in #1294
• Client-generated IDs per resource type by @bkoelman in #1305
• Add sponsoring by @bkoelman in #1340

Full Changelog: v5.3.0...v5.4.0

v5.3.0

New features and enhancements

This release opens up query string parsing plus LINQ expression building for extensibility. This means that you can now define and plug in your own functions, available for use in query strings. Also, errors for invalid query string values now include the failure position, along with the ^ marker. See #1286 for details and examples.

Breaking changes

Related to the above, the query string parsers, LINQ builders, and RuntimeTypeConverter have been moved out of .Internal namespaces.

Bugfixes

• Do not execute unneeded SQL query in 1-to-1 relationship update, which fails on EF Core 8 preview.
• Query strings: do not allow comparison of count() with null; do not treat null as a possible field name.

Merged PRs

• Package updates by @bkoelman in #1274
• Corrected HTTP method in updating.md by @boginw in #1278
• Remove workaround for RSRP-491451 by @bkoelman in #1276
• Add sponsor credits by @bkoelman in #1292
• Fix exception thrown by EF Core 8 preview by @bkoelman in #1289
• Extensible query string functions by @bkoelman in #1286

New Contributors

• @boginw made their first contribution in #1278

Full Changelog: v5.2.0...v5.3.0

v5.2.0

Enhancements

• Improve resource change tracking performance.
• Improve performance of response serialization for large number of included resources.
• Auto-feed includes from query string to the serializer when custom resource service is used.
• Refreshed examples: connection strings, API namespaces, seed with sample data, use long IDs, detailed logging.
  • NoEntityFrameworkExample now uses a hardcoded in-memory dataset, demonstrating how to implement a custom read-only resource service and resource repository, which compiles the produced LINQ query and executes it against the dataset.
• Harden Attr/Relationship attributes against invalid input.
• Updated Ember sample to use latest versions and include tests. Special thanks to @briarsweetbriar and @rtablada!

Bugfixes

• On secondary endpoint, the incoming filter from query string was not applied when determining total resource count via inverse relationship.
• A duplicate trailing slash was rendered in Location header when request path ended with a slash.
• Minor corrections in documentation.
• Do not emit unused namespace import in controller source generator.
• Use deterministic culture when converting to string.
• Fixes for using include and fields with EF Core owned entities.

Breaking changes

• Minor changes in the QueryExpression model shape, to make it easier to understand and consume.
• Removed resource ID from error message, as the error is unrelated to any specific record.
• Disable EF Core Change Tracking on read-only requests (can be reverted by overriding a virtual method on the resource repository).

Merged PRs

• Fixed: incorrect meta:total on secondary endpoint with filter by @bart-vmware in #1259
• Query tweaks by @bkoelman in #1257
• Fix namespace imports in controller source generator by @bkoelman in #1261
• Improve serializer performance by @bkoelman in #1265
• Use deterministic culture when converting to string by @bkoelman in #1267
• Update examples by @bkoelman in #1269
• Harden Attr/Relationship attributes against invalid input by @bkoelman in #1268
• Fixes for EF Core owned entities by @bkoelman in #1272

Full Changelog: v5.1.2...v5.2.0

v5.1.2

Enhancements

• New documentation sections: FAQ and Common Pitfalls.
• Entity Framework Core 7 table-per-concrete-type (TPC) inheritance is now supported.
• Added support for DateOnly and TimeOnly. This works out of the box when using .NET 7. But when using .NET 6, additional steps are required.
• Support for [ApiController] has improved, though its use is not recommended because it degrades JSON:API compliance. Therefore we now log a warning when found.

Bugfixes

• Fixed whitespace handling in query string parameters.
• Fixed ModelState validation in atomic operations when using custom validators with injected dependencies.
• Fixed incorrect ModelState validation error when using [Range] that does not include the type's default value.

Breaking changes

• Parsing query string parameters used to rely on the current culture, which is no longer the case. To revert to the old behavior, add the following at startup:

  AppContext.SetSwitch("JsonApiDotNetCore.ParseQueryStringsUsingCurrentCulture", true);

Merged PRs

• Fix missing HttpContext on ValidationContext during atomic operations by @Tommy228 in #1251
• Better handling of [ApiController] usage by @bkoelman in #1246
• Package updates; run tests against EF Core 7 by @bkoelman in #1249
• Fixed: fail on non-leading whitespace in field chains by @bkoelman in #1252
• Fixed: ModelState validation failed when [Range] does not include property default value by @bkoelman in #1253
• Documentation: FAQ and Common Pitfalls by @bkoelman in #1245
• Add support for DateOnly/TimeOnly by @bkoelman in #1169

New Contributors

• @Tommy228 made their first contribution in #1251

Full Changelog: v5.1.1...v5.1.2

v5.1.1

This patch relaxes the requirements for the any() filter function: Instead of requiring at least two constants, now a single constant works as well.

Merged PRs

• Allow at least one constant instead of two in any() filter function by @bkoelman in #1234

Full Changelog: v5.1.0...v5.1.1