Record of historical changes and improvements to Autostrada. You can also see what's in store for the future in our roadmap.
Sessions now store data server-side in a database and use the alexedwards/scs package instead of gorilla/sessions. Sessions are no longer supported for generated codebases with no database.
The default session cookie name is now randomized on a per-application basis, in order to reduce the risk of cookie conflicts if you are developing multiple applications on the same machine. The default session cookie name now takes the form "session_{8 random characters}", and this can be configured to a different value at runtime via the --session-cookie-name flag or SESSION_COOKIE_NAME environment variable.
The approxDuration() template function has been refactored to simplify the logic and fix a potential rounding error when the duration is very close to 1 day or 1 year.
The upgradeable Makefile rule has been updated to use github.com/oligot/go-mod-upgrade.
The recoverPanic() middleware and backgroundTask() helper now use fmt.Errorf() with the %v verb to coerce the panic value into an error, rather than %s.
The admin makefile now includes an upgradeable rule, which lists all direct module dependencies that have a newer version available.
The contextGetAuthenticatedUser() function now returns an additional bool value to explicitly indicate whether the context contains a user value or not.
Generated codebases now default to listening on a random port number, different for every codebase. This is to reduce the potential for conflicts when working with multiple codebases generated by Autostrada.
The version.Get() function now returns the main module version number. This is automatically generated by Go based on your version control information, and will be either a version tag (e.g. v1.2.3) or a pseudo-version (e.g. v0.0.0-20250219190134-59bdb76fda0c).
A new version.GetRevision() function has been added to return just the latest version control revision number (e.g. Git commit hash).
We've tweaked the internal/tokens package to use the new Go 1.24 rand.Text() function to generate cryptographically secure tokens.
We've tweaked the decodeJSON() helper function to check for the http.MaxBytesError type instead of relying on string comparison.
We've added support for the standard library http.ServeMux as a router option.
We've updated the audit rule to use test -z "$(shell gofmt -l .)" and the Go 1.23 go mod tidy -diff command to check that .go files and modfiles are formatted and up-to-date.
We've added the option to use custom pages for error responses in web applications (e.g custom 404 Not Found and 500 Internal Server Error pages).
The SMTP feature has been updated to use the wneessen/go-mail package for sending emails, rather than go-mail/mail (which is no longer actively maintained).
Database SELECT operations which fetch a single data row now return a found boolean to explicitly indicate whether a matching row was found or not.
Based on feedback from users, Autostrada no longer automatically initializes a git repository in the generated codebase. The option to create a .gitignore file remains.
We've added lightweight user accounts to Autostrada so that you have permanent access to any paid features that you purchase, and can generate unlimited codebases.
We've added optional support for logging all requests, and corresponding response status code and body size.
SQL database connections are now established using sqlx.ConnectContext(), rather than sqlx.Connect(), meaning that a timeout is applied when sqlx pings the database to verify that the database connection credentials are valid.
New DecodeQueryString() and DecodeForm() helpers are now provided, in addition to the existing DecodePostForm() helper. The DecodeForm() helper decodes data from both URL query string values and the request POST body in one command.
All codebases now use the Go 1.21 log/slog package from the standard library.
The corresponding HTTP request method and URL is now included in all ERROR level log messages and email notifications.
All generated codebases now use the golang.org/x/exp/slog package for leveled logging, with the choice to log messages in JSON, plaintext, or colorized plaintext format.
We've made various improvements to the generated admin makefile, including updating the audit task to check for known vulnerabilities using govulncheck, adding a new text/cover task to run tests with code coverage profiling enabled, and updating the run/live task to not use an external air.toml configuration file.
The website UI has been improved so that the code-generation tool consists of fewer steps and takes up less on-screen space.
The HTTP server default timeout periods have been changed to: defaultIdleTimeout = time.Minute, defaultReadTimeout = 5 * time.Second, defaultWriteTimeout = 10 * time.Second, and defaultShutdownPeriod = 30*time.Second.
Generated files all now have the permission set 644.
Helpers for decoding JSON requests and writing JSON responses are now included by default in 'traditional web application' codebases, as well as 'JSON API' codebases.
We've added a new DecodeJSONStrict() helper, which will return an error if a JSON request contains unexpected fields.
We've added optional support for live reloading of your application when files are changed during development using Air.
We've added the option to read configuration settings from environment variables (instead of only supporting command-line flags).
We've added a backgroundTask() helper to all generated codebases by default. You can use this to run code in background goroutines and wait for it to complete during a graceful shutdown.
We've added the option to automatically send runtime error alerts to an admin email address.
We've added support for automatic HTTPS in production using Let's Encrypt and Autocert. HTTP to HTTPS redirects are also included.
Application initialization is now done in a run() function rather than main(). See this blog post for the rationale behind the change.
We've changed the generated code so that any messages logged by Go's http.Server are written to the same destination as all other log messages.
More validation checks have been added to disallow invalid module paths.
Generated codebases now include the README file in Markdown format (in addition to HTML).
We've added support for Gorilla Mux as a router option.
The confirmation pages and download links for the generated codebases are now permanent rather than temporary, and are now safe to bookmark and share.
The confirmation page now includes instructions for how to get started and run your application (as well as this information still being available in the README).
We've added the option to pick your own router, with support for Chi, Flow and HttpRouter.
We've improved the web application login functionality so that it now redirects to the previously requested page after failed authentication.
We created this changelog page that you're reading right now 😉
We've updated the Autostrada website to give it a lighter, fresher and slightly more polished design.
We've added a new 'secure cookies' option, providing out-of-the-box support for reading/writing signed and encrypted cookies.
We've tweaked the command-line flag names and variables to be more consistent in their style and naming, and started using hard-coded default values for all command-line flags (rather than reading some default values from environment variables).
We've added a roadmap page to help prioritize and keep track of potential features and improvements.
Autostrada is officially launched in open beta.