Add to middleware in app's `src/main.zig`:
```zig
pub const jetzig_options = struct {
pub const middleware: []const type = &.{
jetzig.middleware.AntiCsrfMiddleware,
};
};
```
CSRF token available in Zmpl templates:
```
{{context.authenticityToken()}}
```
or render a hidden form element:
```
{{context.authenticityFormElement()}}
```
The following HTML requests are rejected (403 Forbidden) if the
submitted query param does not match the value stored in the encrypted
session (added automatically when the token is generated for a template
value):
* POST
* PUT
* PATCH
* DELETE
JSON requests are not impacted - users should either disable JSON
endpoints or implement a different authentication method to protect
them.
Eradication of `data` arg to requests. We no longer need to pass this
value around as we have a) type inference, b) nested object insertion
via `put` and `append`.
Fix `joinPath` numeric type coercion
Detect empty string params and treat them as blank with expectParams()
Fix error logging/stack trace printing.
Update Zmpl - includes debug tokens + error tracing to source template
in debug builds.
Implement `request.expectParams()` to coerce params to a given struct.
`request.paramsInfo()` provides information about each param (present,
blank, failed + original values and errors where applicable).
Use `request.file("form-field-name")` to try to find a multipart-encoded
form value for the given name. Returns `jetzig.http.File` if a match is
found which provides `content` (uploaded file content) and `filename`
(filename as passed by browser).
Add `jetzig test` command which runs build step `jetzig:test`.
Add `jetzig.testing` namespace which provides test helpers and a test
app.
Add tests to view generator (i.e. include tests for generated routes).
Permit setting template during view render with `request.setTemplate()`
Permit middleware to define custom routes to static content with
`pub const Routes` (implemented for something no longer needed but seems
useful anyway).
Implement globbing on custom routes, `/foo/:bar*` will glob all path
segments including and after `/foo/...`, e.g. `/foo/bar/baz/qux` will
pass invoke the custom view function with an array of `bar`, `baz`,
`qux` as first argument (instead of typical resource ID).
Use Karl Seguin's http.zig as HTTP server backend:
https://github.com/karlseguin/http.zig
Update loggers to use new `jetzig.loggers.LogQueue` to offload logging
to a background thread.
Numerous other optimizations to remove unneeded allocs.
Performance jump on a simple request from approx. 2k requests/second to
approx. 40k requests/second (Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz).
Color support for Windows
Zmpl partial arg type coercion
