Skip to content

Changelog

[3.6.0] - Latest

Per-Domain API Versioning

  • (feat) - Implemented per-domain API versioning with independent version lifecycle per feature (Stripe/Shopify pattern)
  • (feat) - Added ApiVersionRegistry as single source of truth for all domain version metadata
  • (feat) - Added versionedRoute() DSL extension using route-scoped plugin for automatic version headers
  • (feat) - Added GET /api discovery endpoint listing all domains with current, supported, and deprecated versions
  • (feat) - Automatic X-Api-Version and X-Api-Domain response headers on every API response
  • (feat) - RFC 8594 compliant Sunset, Deprecation, and Link headers for deprecated versions
  • (feat) - HTTP 410 Gone response for unsupported API versions
  • (refactor) - Migrated all 18 route files from inner route() wrappers to parent versionedRoute() DSL
  • (refactor) - Refactored ConfigureRouting.kt to use per-domain versioned route registration
  • (docs) - Added API Versioning section to README with discovery endpoint and header documentation
  • (docs) - Updated error codes table with HTTP 410 Gone status

URL Migration: /api/v1/*/api/v1/* (backward-compatible, no breaking changes)

[3.5.0]

API Standardization & Pagination

  • (feat) - Standardized pagination across all collection-based endpoints using limit and offset query parameters
  • (feat) - Implemented a unified PaginatedResponse wrapper for consistent data delivery
  • (refactor) - Transitioned all database services to use Exposed DSL pattern (selectAll().limit().offset()) for robust positional pagination support
  • (fix) - Resolved "Too many arguments for limit" compilation errors by moving away from SizedIterable pagination
  • (docs) - Standardized OpenAPI documentation across all features with proper pagination metadata
  • (docs) - Updated README andMkDocs with the new pagination standard

[3.4.0] - Latest

Security & Bug Fixes

  • (security) - Implemented rate limiting on auth endpoints (5 req/10min) to prevent brute-force attacks
  • (security) - Added login attempt tracking with automatic account lockout after 5 failed attempts (30min lock)
  • (security) - Enforced password strength validation on registration and password reset
  • (security) - Converted forget-password and reset-password to POST endpoints with JSON body
  • (security) - Implemented refresh token system with hashed storage and automatic revocation
  • (security) - Added logout endpoint to revoke refresh tokens
  • (fix) - Fixed inventory concurrency race condition with atomic stock operations in transaction
  • (fix) - Fixed EntityID table references in ProductService for all foreign key lookups
  • (fix) - Fixed duplicate DELETE route in ProductRoutes (merged seller/admin handlers)
  • (fix) - Fixed searchProduct memory explosion with SQL-level filtering
  • (fix) - Fixed adjustWhere filter logic bug with proper incremental AND chain
  • (fix) - Fixed getShops memory explosion with SQL-level filtering
  • (fix) - Fixed stockQuantity defaulting to 0 in update (now preserves existing value)
  • (fix) - Fixed image upload null cast with file type validation
  • (fix) - Fixed CORS configuration to use allowed origins from environment

Code Improvements

  • Extracted helper methods in InventoryService.updateStock for cleaner maintenance
  • Flattened nested conditionals in AuthService.login with single-responsibility methods
  • Extracted reusable predicate in LoginAttemptRepository
  • Simplified InvalidCredentialsException with companion object builder

New Endpoints

  • POST /auth/refresh-token - Refresh access token
  • POST /auth/logout - Logout and revoke tokens

Documentation

  • Updated auth.md with rate limiting, account lockout, and refresh token documentation
  • Updated inventory.md with atomic stock operations documentation

Full Changelog: 3.3.0...3.4.0

[3.3.0] - Latest

What's Changed

  • Update user profile table and user profile readme by @piashcse in #48
  • (feat) - Implemented privacy policy and user consent feature by @piashcse in #49
  • Improve Privacy policy consent routes and optimization by @piashcse in #50
  • (feat) - Implemented single email register with multiple userType by @piashcse in #51
  • Re-Architecture the piashcse/ktor-E-Commerce structure to onion architecture by @piashcse in #53
  • Update ktor 3.1.3 by @piashcse in #54
  • Improved architecture structure and naming convention by @piashcse in #55
  • Update readme for smtp server setup sending otp to email address by @piashcse in #56
  • Separate enums values in constants package by @piashcse in #57
  • Removed serialization-kotlinx by @piashcse in #58
  • Centralize message by @piashcse in #59
  • Simplify order status by @piashcse in #60
  • Update kotlin 2.1.20 to 2.1.21 by @piashcse in #61
  • Improve request response by @piashcse in #62

Full Changelog: 3.2.0...3.3.0

[3.2.0] - April 12, 2024

What's Changed

Full Changelog: 3.1.0...3.2.0

[3.1.0] - March 16, 2024

What's Changed

Full Changelog: 3.0.2...3.1.0

[3.0.2] - December 6, 2024

What's Changed

Full Changelog: 2.0.1...3.0.2

[2.0.1] - November 18, 2024

What's Changed

Full Changelog: 2.0.0...2.0.1

[2.0.0] - October 26, 2024

What's Changed

Full Changelog: 1.1.1...2.0.0

[1.1.1] - October 19, 2024

What's Changed

  • Refactor upload urls in #23
  • Fixing login http method in #22
  • Update ktor-swagger-ui in #21
  • Commonize validation parameter in #20
  • Update shipping API in #18
  • Automate upload directory in #17

Full Changelog: 1.1.0...1.1.1

[1.1.0] - September 28, 2024

What's Changed

  • Add koin dependency injection
  • Add payment route
  • Optimize email sending API
  • Code optimization and performance improvement
  • Code clean up

Full Changelog: 1.0.0...1.1.0

[1.0.0] - September 2, 2024

What's Changed

  • Restructure the full piashcse/ktor-E-Commerce
  • Added swagger UI with smiley plugin for more understandability