Prior to this commit, the conversion 'T -> Option<T>' was applied in
both the path and query parts of a URI in the 'uri' macro via the
'FromUriParam' trait with no implementation for 'Option<T>' directly.
This meant that it was impossible to directly render an 'Option<T>'.
This was exactly desired for the path part, where rendering a 'None'
would yield an incorrect URI, but the restriction was too strict for the
query part, where a 'None' is entirely valid. This commit makes changes
the conversion so that it only applied to path parts and adds the
identity conversions for 'Option<T>' and 'Result<T, E>' for query parts.
The side effect is a breaking change: due to conflicting impls, the 'T'
to 'Option<T>' conversion was removed for query parts. Thus, all 'uri!'
query route arguments of type 'Option' or 'Result' must now be wrapped
in 'Some' or 'Ok'. Due to new 'Option<T> <-> Result<T, E>' conversions,
either 'Some' _and_ 'Ok' work in both contexts.
Closes#1420.
This commit reverts most of dea940c7 and d89c7024. The "fix" is to run
attach fairings on a new thread. If a runtime is already running, it is
used. Otherwise, the future is executed in a single-threaded executor.
This commit completely overhauls Rocket's configuration systems, basing
it on the new Figment library. It includes many breaking changes
pertaining to configuration. They are:
* "Environments" are replaced by "profiles".
* 'ROCKET_PROFILE' takes the place of 'ROCKET_ENV'.
* Profile names are now arbitrary, but 'debug' and 'release' are given
special treatment as default profiles for the debug and release
compilation profiles.
* A 'default' profile now sits along-side the meta 'global' profile.
* The concept of "extras" is no longer present; users can extract any
values they want from the configured 'Figment'.
* The 'Poolable' trait takes an '&Config'.
* The 'secrets' feature is disabled by default.
* It is a hard error if 'secrets' is enabled under the 'release'
profile and no 'secret_key' is configured.
* 'ConfigBuilder' no longer exists: all fields of 'Config' are public
with public constructors for each type.
* 'keep_alive' is disabled with '0', not 'false' or 'off'.
* Inlined error variants into the 'Error' structure.
* 'LoggingLevel' is now 'LogLevel'.
* Limits can now be specified in SI units: "1 MiB".
The summary of other changes are:
* The default config file can be configured with 'ROCKET_CONFIG'.
* HTTP/1 and HTTP/2 keep-alive configuration is restored.
* 'ctrlc' is now a recognized config option.
* 'serde' is now a core dependency.
* TLS misconfiguration errors are improved.
* Several example use '_' as the return type of '#[launch]' fns.
* 'AdHoc::config()' was added for simple config extraction.
* Added more documentation for using 'Limits'.
* Launch information is no longer treated specially.
* The configuration guide was rewritten.
Resolves#852.
Resolves#209.
Closes#1404.
Closes#652.
In brief, this commit:
* Updates to the latest upstream 'cookie', fixing a memory leak.
* Make changes to 'CookieJar' observable only through 'pending()'.
* Deprecates 'Client::new()' in favor of 'Client::tracked()'.
* Makes 'dispatch()' on tracked 'Client's synchronize on cookies.
* Makes 'Client::untracked()' actually untracked.
This commit updates to the latest 'cookie' which removes support for
'Sync' cookie jars. Instead of relying on 'cookie', this commit
implements an op-log based 'CookieJar' which internally keeps track of
changes. The API is such that changes are only observable through
specialized '_pending()' methods.
Prior to this commit, it was impossible to 'use' a route from a separate
namespace for use in a 'routes!' macro. Naturally, this was a common
source of confusion amongst users. This commit obviates this deficiency
by generating a "proxy" structure that can be imported and converted
into a 'Route'/'Catcher' or their static variants.
This change is largely backwards compatible but can break existing code
when routes are named identically to other types in the namespace.
The user-facing changes effected by this commit are:
* The 'http::Cookies<'_>' guard is now '&http::CookieJar<'_>'.
* The "one-at-a-time" jar restriction is no longer imposed.
* 'CookieJar' retrieval methods return 'http::CookieCrumb'.
* The 'private-cookies' feature is now called 'secrets'.
* Docs flag private cookie methods with feature cfg.
* Local, async request dispatching is never serialized.
* 'Client::cookies()' returns the tracked 'CookieJar'.
* 'LocalResponse::cookies()' returns a 'CookieJar'.
* 'Response::cookies()' returns an 'impl Iterator'.
* A path of '/' is set by default on all cookies.
* 'SameSite=strict' is set by default on all cookies.
* 'LocalRequest::cookies()' accepts any 'Cookie' iterator.
* The 'Debug' impl for 'Request' prints the cookie jar.
Resolves#1332.
The bulk of the changes in this commit are for creating an
'ErrorHandler' trait that works like the 'Handler' trait, but for
errors. Furthermore, Rocket's default catcher now responds with a JSON
payload if the preferred 'Accept' media type is JSON.
This commit also fixes a bug in 'LocalRequest' where the internal
'Request' contained an correct 'URI'.
This commit aims to make it impossible to modify a 'Route' structure in
a way that violates expectations of a code-generated 'Route'. It removes
'Route::set_uri()' in favor of 'Route::map_base()', which allows for
safe modifications of the route's base.
In a similar vain, this commit also includes the following changes:
* 'Route::path()' was added to safely retrieve the route's 'path'.
* The base of a 'Route' is underlined during launch printing.
* 'Origin::into_normalized()' replaces 'Origin::to_normalized()'.
Fixes#1262.
This commits makes the following high-level changes:
* 'ShutdownHandle' is renamed to 'Shutdown'.
* 'Rocket::shutdown_handle()' is renamed to 'Rocket::shutdown()'.
* '#[launch]` is preferred to '#[rocket::launch]'.
* Various docs phrasings are improved.
* Fixed various broken links in docs.
This commits rearranges top-level exports as follows:
* 'shutdown' module is no longer exported.
* 'Shutdown' is exported from the crate root.
* 'Outcome' is not longer exported from the root.
* 'Handler', 'ErrorHandler' are no longer exported from the root.
To the Rust teams, Rust's contributors, Rocket's contributors, the
entire Rust and Rocket communities, my colleagues at Stanford and
beyond, and Jeb: thank you all. Sincerely.
To the next ~4 years of Rocket!
Closes#19.
Prior to this commit, codegen used 'Span' information to generate a
unique id for a given route. This commit changes the id generation to
instead use 1) the route's name and path, 2) a an per-generation
atomically increasing ID, and 3) the ids of the process/thread the
proc-macro is running in. Together, these values should provide a unique
id for a given route, even in the face of the reused processes and
threads, while also removing the dependence on unstable Span features.
Fixes#1373.
This commit adds the 'local::blocking' module and moves the existing
asynchronous testing to 'local::asynchronous'. It also includes several
changes to improve the local API, bringing it to parity (and beyond)
with master. These changes are:
* 'LocalRequest' implements 'Clone'.
* 'LocalResponse' doesn't implement 'DerefMut<Target=Response>'.
Instead, direct methods on the type, such as 'into_string()', can
be used to read the 'Response'.
* 'Response::body()' returns an '&ResponseBody' as opposed to '&mut
ResponseBody', which is returned by a new 'Response::body_mut()'.
* '&ResponseBody' implements 'known_size()` to retrieve a body's size,
if it is known.
Co-authored-by: Jeb Rosen <jeb@jebrosen.com>
This removes the 'ctrl_c_shutdown' feature opting instead for a 'ctrlc'
configuration option. To avoid further merge conflicts with the master
branch, the option is currently read as an extra.
Co-authored-by: Jeb Rosen <jeb@jebrosen.com>
This is largely an internal change. Prior to this commit, the 'Manifest'
type, now replaced with the 'Cargo' type, robbed responsibility from the
core 'Rocket' type. This new construction restores the previous
responsibility and makes it clear that 'Cargo' is _only_ for freezing,
and representing the stability of, Rocket's internal state.
Previously, 'NamedFile::open()' called a synchronous I/O method. This
commit changes it to instead use tokio's 'File' for async I/O.
To allow this to change, the 'Handler' trait was fixed to enforce that
the lifetime of '&self', the reference to the handler, outlives the
incoming request. As a result, futures returned from a handler can hold
a reference to 'self'.
In summary, this commit modifies 'Responder' so that:
* ..it is no longer 'async'. To accommodate, the 'sized_body' methods
in 'Response' and 'ResponseBuilder' are no longer 'async' and accept
an optional size directly. If none is supplied, Rocket will attempt
to compute the size, by seeking, before writing out the response.
The 'Body' type was also changed to differentiate between its sized
'Seek' and chunked body variants.
* ..'&Request' gains a lifetime: 'r, and the returned 'Response' is
parameterized by a new 'o: 'r. This allows responders to return
references from the request or those that live longer.
The attribute is applied everywhere it can be across the codebase and is
the newly preferred method for launching an application. This commit
also makes '#[rocket::main]` stricter by warning when it is applied to
functions other than 'main'.
observed.
This is a prerequisite for async on_attach fairings. 'Rocket' is now a
builder wrapper around the 'Manifest' type, with operations being
applied when needed by 'launch()', 'Client::new()', or 'inspect()'.
'inspect()' returns an '&Manifest', which now provides the methods that
could be called on an '&Rocket'.
Prior to this commit, codegen emitted tokens containing bare types like
'Result' and 'Box' as well as presumed imported variants such as 'None'
and 'Ok'. However, users are free to shadow these, and if they do, the
generated code will fail to compile, or worse, be incorrect. To avoid
this, this commit makes all references to these core types and imports
absolute.
Also:
* Remove 'response::ResultFuture'.
* Re-export 'tokio' and 'futures' from the crate root.
* Make 'ResponseBuilder::sized_body()' and 'async fn'.
* Remove the 'Future' implementation for 'ResponseBuilder'.
* Add 'ResponseBuilder::finalize()' for finalizing the builder.
* Implement `std::error::Error` for the new Error type.
* Document the new Error type.
* Remove `LaunchError`'s implementation of `Error::description`, which is deprecated.
In order to avoid making 'ResponseBuilder::sized_body' an asynchronous
function, the seeking is deferred until finalization. 'finalize()' is
replaced with '.await', and 'ResponseBuilder::ok()' is an 'async fn'.
* Update 'tokio', 'tokio-rustls', and 'hyper'.
* Remove unused dependencies on some `futures-*` crates.
* Rework 'spawn_on', which is now 'serve'.
* Simplify Ctrl-C handling.
Use I/O traits and types from 'tokio-io' as much as possible.
A few adapters only exist in futures-io-preview and use
futures-tokio-compat as a bridge for now.
Types can now implement the new 'Listener' trait, which means they can
report the address they are listening on and asynchronously accept
connections. 'Connection's are read/write streams that can additionally
report the remote address.
Listener is implemented for 'tokio_net::tcp::TcpListener' and for
the new 'rocket_http::tls::TlsListener' based on 'tokio-rustls'.
The new private function 'Rocket::listen_on()' now does the main setup
for launch and is generic over a Listener. In the future, a more refined
version of the API can be exposed so that applications can implement
their own listeners.
* body_string_wait and body_bytes_wait are removed; use `.await` instead
* `dispatch()` is now an async fn and must be .await-ed
* Add `#[rocket::async_test]` macro, similar in purpose to `tokio::test`
* Tests now use either `rocket::async_test(async { })` or
`#[rocket::async_test]` in order to `.await` the futures returned
from `dispatch()` and `body_{string,bytes}()`
* Update 'test.sh' to reflect the tests that should be passing.
Broken:
* Cloned dispatch and mut_dispatch() with a live previous response now both fail, due to a (partial) check for mutable aliasing in LocalRequest.
* Some tests are still failing and need example-specific changes.
This is required to be able to do anything useful with the body in the
outgoing response. Request fairings do not appear to need to be async
as everything on Data that returns a future moves self and on_request only
gets &Data, but the same change in this commit should work for on_request
if desired.
The former method allows constructing a 'Config' in the exact manner
Rocket does internally: reading the active environment's properties from
'Rocket.toml' and overriding values from environment variables. The
'read_from()' property does the same except it allows a custom config
file path.
This PR also improves the internal structure of the configuration code.
The existing implementation of 'LocalRequest::clone()' mistakenly copied
the internal 'Request' pointer from the existing 'LocalRequest' to the
cloned 'LocalRequest'. This resulted in an aliased '*mut Request'
pointer, a clear soundness issue. The fix in this commit is to clone the
internal 'Request', replacing the internal pointer with the newly cloned
'Request' when producing the cloned 'LocalRequest'. A fix that removes
all 'unsafe' code should be explored.
Fixes#1312.
Every code example is now fully runnable and testable. As a result, all
examples are now tested and include imports. Relevant imports are shown
by default. Code examples can be expanded to show all imports.
Fixes#432.
Prior to this commit, codegen emitted tokens containing bare types like
'Result' and 'Box' as well as presumed imported variants such as 'None'
and 'Ok'. However, users are free to shadow these, and if they do, the
generated code will fail to compile, or worse, be incorrect. To avoid
this, this commit makes all references to these core types and imports
absolute.
This commit introduces the sealed `UriPart` marker trait as well as the
implementing `Path` and `Query` marker types, allowing for parts of a
URI to be distinguished at the type level. Consequently, `UriDisplay`
has been parameterized with `P: UriPart`, creating `UriDisplay<Path>`
and `UriDisplay<Query>`. The effect of this change is improved type
safely for URI rendering as well as the ability to omit rendering values
in query parts via `Option` and `Result`.
The `UriDisplay` derive was replaced by `UriDisplayQuery` and
`UriDisplayPath` which derive implementations for `UriDisplay<Path>`
and `UriDisplay<Query>`, respectively.
This commit also works around a rustdoc visibility issue by creating a
hidden `http::private` module.
Finally, this commit also removes the now vestigial use of the
`rustc_private` feature in codegen.
Fixes#827.
Prior to this change, Rocket emitted "white" text in much of its logging
output. On terminals with light backgrounds, the text was nearly
illegible. This PR stops using white coloring altogether, opting instead
to use the terminal's default color albeit with bold styling. On dark
terminals, this will likely be a light color, and on light terminals,
this will likely be a dark color. The end result is that Rocket's
logging output should be readable everywhere.
Resolves#639.
This commit includes several breaking changes:
* `Config{new,development,staging,production}` constructors return a
`Config` instead of a `Result<Config>`.
* `Config.root()` returns an `Option<&Path>` instead of `&Path`.
* `ConfigError::BadCWD` was removed.
* `Config` no longer exposes a `config_path` field.
Resolves#809.
This regression was introduced in ad0ba0d5, where the buffer was
being copied from Hyper instead of being 'taken', resulting in
double-bufferred contents.
This commits also implement the query reform from #608. It also consists
of many, many breaking changes. Among them are:
* Query parts in route paths use new query reform syntax.
* Routing for queries is now lenient.
- Default ranking has changed to reflect query reform.
* Format routing matching has been fixed.
- Routes with formats matching "accept" will always collide.
- Routes with formats matching "content-type" require requests to
have an equivalent content-type header to match.
- Requests with imprecise content-types are treated as not having a
content-type.
* Generated routes and catchers respect visibility modifiers.
* Raw getter methods from request were renamed and retooled.
- In particular, the index parameter is based on segments in the
route path, not dynamic parameters.
* The method-based attributes no longer accept a keyed 'path'.
* The 'rocket_codegen' crate is gone and will no longer be public.
* The 'FormItems' iterator emits values of type 'FormItem'.
- The internal form items' string can no longer be retrieved.
* In general, routes are more strictly validated.
* Logging from codegen now funnels through logging infrastructure.
* Routing has been optimized by caching routing metadata.
Resolves#93.
Resolves#608.
Resolves#693.
Resolves#476.
The new 'FromData' trait allows an implementor to instruct the caller to
maintain state on its stack and later pass a borrow for processing.
Among other things, it greatly simplifies the 'Form' type, removing a
use of unsafe, and allows references in deserialized data guards.
Previously, when a request's body data exceeded the expected length,
Rocket would shutdown both ends of the corresponding connection. This PR
changes the behavior so that only the read end of the connection, on
Rocket's side, is shutdown. This allows a response to be sent in the
future while still preventing DoS attacks due to exuberant data.
Fixes#386.
This completes the migration of custom derives to proc-macros, removing
the need for the `custom_derive` feature in consumer code. This commit
also includes documentation, unit tests, and compile UI tests for each
of the derives.
Additionally, this commit improves the existing `FromForm` and
`FromFormValue` derives. The generated code for `FromForm` now returns
an error value indicating the error condition. The `FromFormValue`
derive now accepts a `form` attribute on variants for specifying the
exact value string to match against.
Closes#590.
Closes#670.
This is fairly large commit with several entangled logical changes.
The primary change in this commit is to completely overhaul how URI
handling in Rocket works. Prior to this commit, the `Uri` type acted as
an origin API. Its parser was minimal and lenient, allowing URIs that
were invalid according to RFC 7230. By contrast, the new `Uri` type
brings with it a strict RFC 7230 compliant parser. The `Uri` type now
represents any kind of valid URI, not simply `Origin` types. Three new
URI types were introduced:
* `Origin` - represents valid origin URIs
* `Absolute` - represents valid absolute URIs
* `Authority` - represents valid authority URIs
The `Origin` type replaces `Uri` in many cases:
* As fields and method inputs of `Route`
* The `&Uri` request guard is now `&Origin`
* The `uri!` macro produces an `Origin` instead of a `Uri`
The strict nature of URI parsing cascaded into the following changes:
* Several `Route` methods now `panic!` on invalid URIs
* The `Rocket::mount()` method is (correctly) stricter with URIs
* The `Redirect` constructors take a `TryInto<Uri>` type
* Dispatching of a `LocalRequest` correctly validates URIs
Overall, URIs are now properly and uniformly handled throughout Rocket's
codebase, resulting in a more reliable and correct system.
In addition to these URI changes, the following changes are also part of
this commit:
* The `LocalRequest::cloned_dispatch()` method was removed in favor of
chaining `.clone().dispatch()`.
* The entire Rocket codebase uses `crate` instead of `pub(crate)` as a
visibility modifier.
* Rocket uses the `crate_visibility_modifier` and `try_from` features.
A note on unsafety: this commit introduces many uses of `unsafe` in the
URI parser. All of these uses are a result of unsafely transforming byte
slices (`&[u8]` or similar) into strings (`&str`). The parser ensures
that these casts are safe, but of course, we must label their use
`unsafe`. The parser was written to be as generic and efficient as
possible and thus can parse directly from byte sources. Rocket, however,
does not make use of this fact and so would be able to remove all uses
of `unsafe` by parsing from an existing `&str`. This should be
considered in the future.
Fixes#443.
Resolves#263.
This resolves a warning introduced in rust-lang/rust#51952 that will
eventually become a hard error, the latter of which is being tracked
in rust-lang/rust#50504.
All uses of `unsafe` are now thoroughly documented with arguments and
informal proofs of correctness as well as conditions that must hold for
these arguments to pass.
This commit also reduces the number of `unsafe` uses by 7, bringing the
count to ~10 non-test uses of `unsafe`.
The directory structure has changed to better isolate crates serving
core and contrib. The new directory structure is:
contrib/
lib/ - the contrib library
core/
lib/ - the core Rocket library
codegen/ - the "compile extension" codegen library
codegen_next/ - the new proc-macro library
examples/ - unchanged
scripts/ - unchanged
site/ - unchanged
This commit also removes the following files:
appveyor.yml - AppVeyor (Rust on Windows) is far too spotty for use
rustfmt.toml - rustfmt is, unfortunately, not mature enough for use
Finally, all example Cargo crates were marked with 'publish = false'.
Sergio Benitez
Jonty
George Cheng
ThouCheese
est31
Edwin Svensson
Jeb Rosen
lewis
Jonathan Dickinson
Necmettin Karakaya
Jakub Wieczorek
Michael Howell
Paolo Barbolini
Follpvosten
Jacob Pratt
Marc Schreiber
gcarq
Yusuke Kominami
Nia Watts
Alex Macleod
Thiago Veronezi
Sorin Davidoi
A. L
Matt Brubeck
Dmitry Murzin
Thomas Lent
Brenden Matthews
Richard Petrie
lu4nm3
Konrad Borowski
Oliver Scherer
Chris Foster
Alva Snædís
Linus Unnebäck
messense
Alex Bowers
Rukai
Divyahans Gupta
Richo Healey
Tal
Eric Dattore
Sean Stangl
Ryan
kryptan
Marc Mettke
Ville Hakulinen
Beatriz Rizental
Imron Alston