Fair point. The "automatic 404 when a database record is not found" is purely optional and something you choose to use or not, like all the other helpers. For example, see below code:
Yes there are quite a lot of features added to the package:
- Request validation
- Localization (for validation error messages and regular text)
- Authentication (with built-in Basic Auth and JWT authenticators, directly using your User model. You can easily implement your own authenticators too)
- CORS
- Status handlers (for default responses depending on the response status when the body is empty, handy for error handling)
- Logging (using Common or Combined log format. You can implement your own formatters too)
- Advanced testing with test suites making it easy to write functional tests, unit tests for your middleware, etc.
- Database testing with record generators and seeders
- Many helpers to make your life easier (that includes multi-values header parsing, file management, automatic 404 when a database record is not found, etc). There are a lot of small things!
- An extensive and pretty documentation. This aspect very important to me.
I try to make it as flexible as possible to let developers implement things for their specific needs without having to fork the framework.
You can give a path to your SSL cert in the config, and set "protocol" to "https" and you're done. If you're using Certbot, give the path to the live cert and it will work even after renewal.
About CSRF, as the framework is focused on APIs, the use of cookies is possible but not recommended, so you won't need CSRF protection when using Goyave.
