Commit Graph

148 Commits

Author SHA1 Message Date
Sergio Benitez 72c91958b7 Support routes that match any method.
This commit introduces support for method-less routes and route
attributes, which match _any_ valid method: `#[route("/")]`. The `Route`
structure's `method` field is now accordingly of type `Option<Route>`.

The syntax for the `route` attribute has changed in a breaking manner.
To set a method, a key/value of `method = NAME` must be introduced:

```rust
#[route("/", method = GET)]
```

If the method's name is a valid identifier, it can be used without
quotes. Otherwise it must be quoted:

```rust
// `GET` is a valid identifier, but `VERSION-CONTROL` is not
#[route("/", method = "VERSION-CONTROL")]
```

Closes #2731.
2024-08-24 03:00:52 -07:00
Sergio Benitez 39ed4a4909 Enforce using 'MsgPack<T>' to deserialize.
This commit enforces using 'MsgPack<T>', and not 'MsgPack<T, Foo>' or
'Compact<T>', to deserialize MsgPack-encoded data. It also simplifies
the round-trip msgpack test and removes the dev-dependency on `rmp`.
2024-08-09 23:10:33 -07:00
Matthew Pomes db598be3a8
Change default, and use `MsgPack` in place of `Named` 2024-08-09 23:13:53 -05:00
Artemis df71f79bd9
Allow responding with named MessagePack data.
Closes #2107
2024-08-09 23:13:52 -05:00
Sergio Benitez f50b6043e8 Improve FileServer rewrite API.
Finalizes the FileServer rewrite API implementation. Primarily reworks
how the built-in rewriters are written (now as structs instead of free
functions) and reorganizes the `fs` module.

Co-authored-by: Matthew Pomes <matthew.pomes@pm.me>
2024-07-06 15:34:21 +02:00
Matthew Pomes 65e3b87d6b Implement FileServer rewrite API.
Implements the FileServer API proposed in
https://github.com/rwf2/Rocket/pull/2716#issuecomment-1930893889.

Closes #2716.
2024-07-06 15:33:43 +02:00
Sergio Benitez 926e06ef3c Finalize 'tracing' migration.
This commit complete the migration to 'tracing' for all logging. Below
is a summary of all relevant commits, including this one:

Log improvements:
  - All log (trace) messages are structured which means they contain fields
    that can formatted by any subscriber.
  - Logging can be disabled entirely by disabling the default `trace` feature.
  - Routes and catchers now contain location (file/line) information.
  - Two log format kinds: pretty and compact via ROCKET_LOG_FORMAT
  - Coloring is not disabled globally. Thus applications can color even if
    Rocket is configured not to.
  - Rocket is more conservative about 'warn' and 'error' messages, reserving
    those log levels for messages useful in production.
  - Errors from guards logged by codegen now use the 'Display' implementation of
    those errors when one exists.
  - Secrets are never logged, even when directly asked for.

New features:
  - Many Rocket types know how to trace themselves via a new `Trace` trait.
  - `Either` types can now be used in `uri!()` calls.
  - A `RequestIdLayer` tags all requests with a unique ID.

Breaking changes to configuration:
  - `Config::log_level` is of type `Option<Level>`. `None` disables tracing.
  - `log_level` now uses the traditional log level names: "off", "error",
    "warn", "info", "debug", "trace", or 0-5. This replace the Rocket-specific
    "normal", "debug", "critical".
  - A new option, `log_format`, which is either `compact` or `pretty`,
    determines how Rocket's tracing subscriber log trace messages.

Breaking changes:
  - Hidden `rocket::Either` is now publicly available at `rocket::either::Either`.
  - `rocket::Error` no longer panics when dropped.
  - `main` generated by `#[launch]` returns an `ExitCode`.
  - `FromParam` `Err` now always returns the actual error as opposed to the
    string that failed to parse. To recover the original string, use `Either<T,
    &str>`, where `T: FromParam`, as a parameter guard.
  - Many types that implemented `Display` now instead implement `Trace`.
  - `Error::pretty_print()` was removed. Use `Error::trace()` via `Trace` impl.

Internal improvements:
  - Made more space in CI machines for tasks.
  - Cleaned up testbench code using `inventory`.

Resolves #21.
2024-06-03 15:02:44 -07:00
Sergio Benitez d767694861 Remove 'Error' panic-on-drop behavior.
Instead, the `#[launch]` attribute traces the error and panics,
replicating the old behavior in the common case.
2024-06-03 14:38:34 -07:00
Sergio Benitez 3079dbfa85 Use workspace lints. Resolve new nightly warnings. 2024-05-20 13:39:14 -05:00
Sergio Benitez 836e64fec3 Rename 'Rocket::configure()' to 'reconfigure()'. 2024-04-25 14:47:43 -07:00
Sergio Benitez b34085392d Add 'Method' variants for all registered methods.
This commit allow routes to be declared for methods outside of the
standard HTTP method set. Specifically, it enables declaring routes for
any method in the IANA Method Registry:

```rust
#[route(LINK, uri = "/<foo>")]
fn link() { ... }

#[route("VERSION-CONTROL", uri = "/<foo>")]
fn version_control() { ... }
```

The `Method` type has gained variants for each registered method.

Breaking changes:

  - `Method::from_str()` no longer parses mixed-case method names.
  - `Method` is marked as non-exhaustive.
  - `Method::supports_payload()` removed in favor of
    `Method::allows_request_body()`.

Resolves #232.
2024-04-24 19:22:03 -07:00
Sergio Benitez 3bfc4ca644 Simplify 'Bind'. Allow try-launching on Futures. 2024-04-22 17:26:51 -07:00
Sergio Benitez 7cc818cd85 Introduce dynamic TLS resolvers.
This commit introduces the ability to dynamically select a TLS
configuration based on the client's TLS hello via the new `Resolver`
trait. In support of this, it also makes the following changes:

  * Added `Authority::set_port()`.
  * `UdsListener` is now `UnixListener`.
  * `Bindable` removed in favor of new `Bind`.
  * All built-in listeners now implement `Bind<&Rocket>`.
  * `Connection` requires `AsyncRead + AsyncWrite`.
  * The `Debug` impl for `Endpoint` displays the underlying address.
  * `Listener` must be `Sized`.
  * The TLS listener was moved to `tls::TlsListener`.
  * The preview `quic` listener no longer implements `Listener`.
  * Added `TlsConfig::server_config()`.
  * Added `race` future helpers.
  * Added `Rocket::launch_with()`, `Rocket::bind_launch()`.
  * Added a default `client.pem` to the TLS example.
  * Various unnecessary listener `Config` structures removed.

In addition, the testbench was revamped to support more scenarios. This
resulted in the following issues being found and fixed:

  * Fix an issue where the logger would ignore color requests.
  * Clarified docs for `mtls::Certificate` guard.
  * Improved error messages on listener misconfiguration.

Resolves #2730.
Resolves #2363.
Closes #2748.
Closes #2683.
Closes #2577.
2024-04-16 23:50:28 -07:00
Tau 35a1cf12b6 Fix and always set Content-Length header.
Previously, the header was erroneously set as 'Content-Type' and not
visible to local clients. This commit fixes both of these issues.
2024-03-21 16:42:09 -07:00
Sergio Benitez 02011a1307 Clean up codebase: fix reasonable clippy warnings.
This commit is a codebase-wide cleanup driven by clippy warnings. In
addition to fixing every reasonable warning, the following new
functionality was introduced:

  * `Accept::new()` now takes any `T: Into<QMediaType>` iterator.
  * `TempFile::is_empty()` was added.
  * `HeaderMap` now implements `IntoIterator`.

This commit makes the following breaking changes:

  * The `IntoCollection` trait is gone. Generics previously bound by the
    trait are now bound by `IntoIterator`. This affects:
    - `Accept::new()`
    - `ContentType::with_params()`
    - `Permission::{allow, allowed}()`
  * `MediaType`, `QMediaType`, and `Allow` implement `IntoIterator`,
    enabling most existing code to continue working without change.
  * The inherent `HeaderMap::into_iter()` method was removed.
  * The `Ok` variant in ErrorKind::Liftoff` is now `Box<Rocket<Orbit>>`.
2024-03-20 00:47:38 -07:00
Sergio Benitez d9249db6d6 Address new nightly compiler warnings. 2024-03-19 14:08:14 -07:00
Sergio Benitez 1619bbbddc Support QUIC and HTTP/3.
This commit adds support for HTTP/3 and QUIC under a disabled-by-default
feature `http3-preview`. The current implementation depends on modified
versions of h3 and s2n-quic-h3 which will need to be upstreamed and
published before a release is possible.

During the course of development various facets of Rocket's internal
connection handling and recent listener APIs were improved. The complete
list of changes included in this PR is:

  * A `shutdown` module was introduced.
  * `config::Shutdown` was renamed to `ShutdownConfig` and moved to
    `shutdown` while being re-exported from `config`.
  * `ListenerAddr` is now called `Endpoint`. Various methods which
    previously referred to "addresses" now refer to "endpoints".
  * `Rocket::endpoint()` was renamed to `Rocket::endpoints()` and now
    returns an iterator over the endpoints Rocket is listening on.
  * `Endpoint` acquired various query utility methods.
  * The `{set_}remote()` methods now take/produce `Endpoint`s.
  * `TlsBindable` only accepts single-phase internal interfaces.
  * Bind error messages include candidate endpoint info when possible.
  * The warning message when a secret key is not configured now includes
    information about its effect on private cookies.

Internal changes include:

  * Config module tests were moved to `config/tests.rs`.
  * The cancellable I/O implementation was significantly simplified.
  * The `TripWire` implementation was simplified.
  * Individual shutdown stages can now be awaited on via `Stages`.
  * The `Shield` implementation was simplified.

Resolves #2723.
2024-03-18 20:23:22 -07:00
Sergio Benitez fd294049c7 Update to hyper 1. Enable custom + unix listeners.
This commit completely rewrites Rocket's HTTP serving. In addition to
significant internal cleanup, this commit introduces the following major
features:

  * Support for custom, external listeners in the `listener` module.

    The new `listener` module contains new `Bindable`, `Listener`, and
    `Connection` traits which enable composable, external
    implementations of connection listeners. Rocket can launch on any
    `Listener`, or anything that can be used to create a listener
    (`Bindable`), via a new `launch_on()` method.

  * Support for Unix domain socket listeners out of the box.

    The default listener backwards compatibly supports listening on Unix
    domain sockets. To do so, configure an `address` of
    `unix:path/to/socket` and optional set `reuse` to `true` (the
    default) or `false` which controls whether Rocket will handle
    creating and deleting the unix domain socket.

In addition to these new features, this commit makes the following major
improvements:

  * Rocket now depends on hyper 1.

  * Rocket no longer depends on hyper to handle connections. This allows
    us to handle more connection failure conditions which results in an
    overall more robust server with fewer dependencies.

  * Logic to work around hyper's inability to reference incoming request
    data in the response results in a 15% performance improvement.

  * `Client`s can be marked secure with `Client::{un}tracked_secure()`,
    allowing Rocket to treat local connections as running under TLS.

  * The `macros` feature of `tokio` is no longer used by Rocket itself.
    Dependencies can take advantage of this reduction in compile-time
    cost by disabling the new default feature `tokio-macros`.

  * A new `TlsConfig::validate()` method allows checking a TLS config.

  * New `TlsConfig::{certs,key}_reader()`,
    `MtlsConfig::ca_certs_reader()` methods return `BufReader`s, which
    allow reading the configured certs and key directly.

  * A new `NamedFile::open_with()` constructor allows specifying
    `OpenOptions`.

These improvements resulted in the following breaking changes:

  * The MSRV is now 1.74.
  * `hyper` is no longer exported from `rocket::http`.
  * `IoHandler::io` takes `Box<Self>` instead of `Pin<Box<Self>>`.
    - Use `Box::into_pin(self)` to recover the previous type.
  * `Response::upgrade()` now returns an `&mut dyn IoHandler`, not
    `Pin<& mut _>`.
  * `Config::{address,port,tls,mtls}` methods have been removed.
    - Use methods on `Rocket::endpoint()` instead.
  * `TlsConfig` was moved to `tls::TlsConfig`.
  * `MutualTls` was renamed and moved to `mtls::MtlsConfig`.
  * `ErrorKind::TlsBind` was removed.
  * The second field of `ErrorKind::Shutdown` was removed.
  * `{Local}Request::{set_}remote()` methods take/return an `Endpoint`.
  * `Client::new()` was removed; it was previously deprecated.

Internally, the following major changes were made:

  * A new `async_bound` attribute macro was introduced to allow setting
    bounds on futures returned by `async fn`s in traits while
    maintaining good docs.

  * All utility functionality was moved to a new `util` module.

Resolves #2671.
Resolves #1070.
2024-01-29 22:38:55 -08:00
Sergio Benitez e9b568d9b2 Fixup docs for 'proxy_proto_header'. 2024-01-22 18:41:20 -08:00
Arjen 5c85ea3db5 Support configurable 'X-Forwarded-Proto'.
Co-authored-by: Sergio Benitez <sb@sergio.bz>
2024-01-22 18:41:20 -08:00
Sergio Benitez 915c1181da Forward whole-form errors in 'FromForm' derive.
Resolves #2672.
2024-01-17 12:15:01 -08:00
Sergio Benitez 124ec94b46 Fix typos.
Co-authored-by: cui fliter <imcusg@gmail.com>
2023-11-17 17:04:49 +01:00
Sergio Benitez 5d31ad4efb Update 'cookie' to 0.18. 2023-09-28 23:50:29 -07:00
Sergio Benitez c337f75f32 Fix 'get_pending()' docs, functionality.
The `get_pending()` method now properly decrypts private cookies that were
present in the jar originally.

Resolves #2591.
2023-08-10 16:22:28 -04:00
Sergio Benitez f1f533c1e5 Improve and fix panic in 'AdHoc::normalizer()'.
The normalizer now handles more cases.
2023-05-05 11:41:44 -07:00
Sergio Benitez d24b5d4d6d Handle more cases in 'AdHoc::normalizer()'.
The compatibility normalizer previously missed or was overly egregious
in several cases. This commit resolves those issue. In particular:

  * Only request URIs that would not match any route are normalized.

  * Synthetic routes are added to the igniting `Rocket` so that requests
    with URIs of the form `/foo` match routes with URIs of the form
    `/foo/<b..>`, as they did prior to the trailing slash overhaul.

Tests are added for all of these cases.
2023-05-04 17:30:37 -07:00
Sergio Benitez 9b0564ed27 Tidy custom forward status changes, update docs. 2023-04-11 12:55:57 -07:00
Benedikt Weber 055ad107df Allow status customization in 'Forward' outcomes.
Prior to this commit, all forward outcomes resulted in a 404. This
commit changes request and data guards so that they are able to provide
a `Status` on `Forward` outcomes. The router uses this status, if the
final outcome is to forward, to identify the catcher to invoke.

The net effect is that guards can now customize the status code of a
forward and thus the error catcher invoked if the final outcome of a
request is to forward.

Resolves #1560.
2023-04-11 12:47:20 -07:00
Sergio Benitez 3a44b1b28e Hide 'RouteUri' fields to ensure URI coherence.
Prior to this commit, several `RouteUri` fields were public, allowing
those values to be changed at will. These changes were at times not
reflected by the rest of the library, meaning that the values in the
route URI structure for a route became incoherent with the reflected
values. This commit makes all fields private, forcing all changes to go
through methods that can ensure coherence. All values remain accessible
via getter methods.
2023-04-10 13:26:54 -07:00
Sergio Benitez 51ed332127 Make trailing slashes significant during routing.
This commit modifies request routing in a backwards incompatible manner.
The change is summarized as: trailing slashes are now significant and
never transparently disregarded. This has the following implications,
all representing behavior that differs from that before this change:

  * Route URIs with trailing slashes (`/foo/`, `/<a>/`) are legal.
  * A request `/foo/` is routed to route `/foo/` but not `/foo`.
  * Similarly, a request `/bar/` is routed to `/<a>/` but not `/<a>`.
  * A request `/bar/foo` is not routed to `/<a>/<b>/<c..>`.

A new `AdHoc::uri_normalizer()` fairing was added that recovers the
previous behavior.

In addition to the above, the `Options::NormalizeDirs` `FileServer`
option is now enabled by default to remain consistent with the above
changes and reduce breaking changes at the `FileServer` level.
2023-04-10 12:40:39 -07:00
Sergio Benitez a474fde85b Implement 'De(Serialize)' for 'Status'.
Resolves #2366.
2023-03-26 19:18:04 -07:00
Jacob Sharf 89919aa3cb Fix several typos. 2023-03-23 16:27:08 -07:00
badoken 569bc09a1d Support raw byte slices '&[u8]' in form fields.
Resolves #2148.
2023-03-23 15:31:24 -07:00
Sergio Benitez 9377af5978 Make real IP header configurable via 'ip_header'.
Adds an `ip_header` configuration parameter that allows modifying the
header Rocket attempts to use to retrieve the "real IP" address of the
client via `Request` methods like `client_ip()`. Additionally allows
disabling the use of any such header.
2023-03-20 12:57:21 -07:00
Sergio Benitez 162fafa0f1 Update UI tests for nightly. 2022-11-18 19:30:35 -08:00
Sergio Benitez 7e913eb8ac Report as many form errors as possible. 2022-11-12 04:11:18 -08:00
Kevin Wang f7e703bc5e Fix 'Limits' deserialization.
Fixes #2268.
2022-08-01 13:11:02 -07:00
pennae 7275df9fdf Make data guards eligible to be sentinels.
Prior to this commit, data guards were not being considered as eligible
to be sentinels. This commit resolves that.
2022-06-23 16:15:11 -07:00
Sergio Benitez 7908dc43ca Introduce shutdown fairings.
Also adds 'Client::terminate()' to run graceful shutdown in testing.

Resolves #1707.
2022-05-07 06:12:32 -05:00
Sergio Benitez ee4aa81847 Allow '[' and ']' in URI paths.
This is strictly noncompliant and they should be encoded, but browsers
routinely send them unencoded, so we allow them to avoid trouble.
2022-05-04 09:44:24 -07:00
Sergio Benitez 82cd53de36 Add 'must_use' to 'Rocket'.
Closes #2146.
2022-04-19 13:03:58 -07:00
Sergio Benitez 1b37d571c2 Rework 'local_cache!' so it returns unique refs.
Fixes #1987.
2022-04-18 18:12:54 -07:00
arlecchino 1ba41b3990 Remove 'CookieJar::get_private_pending()'.
This commit removes the 'CookieJar::get_private_pending()' method in
favor of the already existing and correct 'CookieJar::get_pending()'
method. Previously, the 'CookieJar::get_private_pending()' method
attempted to decrypt the value of a pending cookie, which in reality is
plaintext, thus failing. Because the pending value is plaintext, the
'CookieJar::get_pending()' method suffices.

Documentation has been updated to refer to 'CookieJar::get_pending()'.

Fixes #2063.
2022-02-17 11:04:30 -08:00
Sergio Benitez 0ba5aac53e Update codebase for latest nightly and stable. 2022-02-16 10:08:55 -08:00
Sergio Benitez cc0621626b Prefix 'content' responder names with 'Raw'.
The primary aim of this commit is to reduce confusion between
'content::Json' and 'rocket::serde::json::Json' be renaming the former
to 'content::RawJson'. The complete changes in this PR are:

  * All responders in the 'content' module are prefixed with 'Raw'.
  * The 'content::Custom' responder was removed entirely.
  * The 'Plain' responder is now 'RawText'.
  * The 'content' API docs point to the 'serde' responders.
  * The docs and examples were updated accordingly.
2021-07-20 02:09:11 -07:00
Sergio Benitez 614f8ab46c Condition TLS config types on 'tls' feature.
Previously, TLS, via 'Config::tls', was configurable even if the 'tls'
feature was disabled. This commit changes this so that the 'Config::tls'
field and TLS config structures are only available if 'tls' is enabled.
2021-07-05 13:46:37 -07:00
Sergio Benitez 3ec58c3ca2 Ensure launch occurs with minimal ciphersuites.
Co-authored-by: Abdullah Alyan <AbdullahAlyan@yahoo.com>
2021-06-29 11:27:54 -07:00
Sergio Benitez 686a0ed964 Fix wording in 'config' docs. 2021-06-26 17:11:53 -07:00
Sergio Benitez c3ee34e295 Drop sender to prevent async client read deadlock.
Fixes #1729.

Co-authored-by: Wesley Norris <repnop@outlook.com>
2021-06-25 09:27:36 -07:00
Sergio Benitez d2c2725689 Implement 'De(Serialize)' for 'Method'. 2021-06-09 17:07:26 -07:00