Piccolo-api

------

* Streamlined the ``CSRFMiddleware`` code, and added missing type annotations.
* If using the ``__visible_fields`` parameter with ``PiccoloCRUD``, and the
field name is unrecognised, the error response will list the correct field
names.
* Improved test coverage (courtesy sinisaos).

-------------------------------------------------------------------------------

------

We recently added the ``__visible_fields`` GET parameter to ``PiccoloCRUD``,
which allows the user to determine which fields are returned by the API.

However, there was no way of the user knowing which fields were supported. This
is now possible by visiting the ``/schema`` endpoint, which has a
``visible_fields_options`` field which lists the columns available on the table
and related tables (courtesy sinisaos).

-------------------------------------------------------------------------------

------

Fixed a bug with the OpenAPI docs when using ``Array`` columns. Thanks to gmos
for reporting this issue, and sinisaos for fixing it.

-------------------------------------------------------------------------------

------

The ``__visible_fields`` filter on ``PiccoloCRUD`` now works on the detail
endpoint (courtesy sinisaos). For example:

.. code-block:: text

GET /1/?__visible_fields=id,name,director.name

We also modified a type annotation in ``FastAPIWrapper``, so you can use it
with FastAPI's ``APIRouter`` without getting a type warning. Thanks to gmos
for reporting this issue.

-------------------------------------------------------------------------------

------

Added a ``__visible_fields`` filter to ``PiccoloCRUD``. It's a very powerful
feature which lets us specify which fields we want the API to return from a
GET request (courtesy sinisaos).

It can even support joins, but we must supply a ``max_joins`` parameter:

.. code-block:: python

app = PiccoloCRUD(Movie, max_joins=1)
uvicorn(app)

Then we can do:

.. code-block:: text

GET /?__visible_fields=id,name,director.name

Which will return:

.. code-block:: javascript

{
"rows": [
{
"id": 17,
"name": "The Hobbit: The Battle of the Five Armies",
"director": {
"name": "Peter Jackson"
}
},
...
]
}

By specifying exactly which data we want returned, it is much more efficient,
especially when fetching large numbers of rows, or with tables with lots of
columns.

-------------------------------------------------------------------------------

------

Fixed a bug with the delete endpoint of ``PiccoloCRUD``. It was returning a 204
response with a body (this isn't allowed, and could cause an exception to be
raised in the web server). Thanks to trondhindenes for reporting this issue.

Updated Swagger UI to the latest version.

-------------------------------------------------------------------------------