Skip to content

1.6.0 Now functoweb is much more powerful

Latest
Latest

Choose a tag to compare

View all tags
@offerrall offerrall released this 06 Jun 12:49
v1.6.0
6516c56

v1.6.0

Versions 1.0.2 and 1.5.0 were never shipped to PyPI, so these notes describe
where FuncToWeb stands today rather than a diff against an older published
build.

FuncToWeb turns a typed Python function into a web UI, an HTTP endpoint and an
embeddable form, all at once. Three ways to use it: standalone (run), mounted
inside an existing FastAPI app (create_app), or embedded into any site via
<iframe> with URL prefill. Inputs and outputs are derived from your type
hints; auto-generated API docs live at /doc.

Still pre-2.0.0 and fast-moving — pin your version (func-to-web==1.6.0) and
read the CHANGELOG before upgrading.

Security

  • Fixed a path traversal vulnerability in file uploads. The original filename
    from the multipart request was joined into the save path without
    sanitization, allowing ../ sequences to escape uploads_dir. Filenames are
    now reduced to their final path component.

Summary of changes since the last published release

Added

  • create_app() — build the app without starting a server: mount it inside a
    larger FastAPI app, or serve by import string to unlock --workers /
    --reload. All internal URLs adapt to any prefix automatically.

Changed

  • Params subclasses are now frozen dataclasses: constructible anywhere,
    comparable, hashable, immutable; cross-field validation via __post_init__.
  • Static CSS/JS bundles are built in memory and served from routes (no temp-dir
    files), browser-cacheable with ETag.
  • Returned-file cleanup is opportunistic (on save/download, throttled) instead
    of a per-process background timer.
  • Default uploads/returns directories moved to the OS temp folder.
  • Swagger UI / ReDoc / OpenAPI schema are off by default; /doc is the honest
    machine-readable description (re-enable via fastapi_config).
  • Multi-function pages show a "back to index" button instead of a sidebar.

Removed

  • Built-in auth (use a reverse proxy), front_dir/assets_dir (compose with
    StaticFiles), keep_uploads, ActionTable, HiddenFunction, function
    groups, and the aiofiles dependency.

Fixed

  • Internal URLs work under any mount prefix or reverse-proxy root_path.
  • workers/reload passed to run() now raise a clear error instead of being
    silently ignored (use create_app() + import string).
  • The package no longer ships unrelated top-level folders into site-packages.
  • Returned files are stream-copied instead of loaded fully into RAM.
  • Result serialization no longer blocks the event loop.
  • Concurrent requests no longer race on a shared mutable param list.
  • Invalid Params setups (duplicate field names, nested or optional Params)
    are rejected at startup with a clear error.
  • Server-side validation errors (422/400) are now shown in the UI instead of
    being silently dropped.

See the CHANGELOG for full details and migration notes.

Full docs: see the docs/ folder · Made by Beltrán Offerrall

Assets 2
Loading