This commit introduces support for method-less routes and route
attributes, which match _any_ valid method: `#[route("/")]`. The `Route`
structure's `method` field is now accordingly of type `Option<Route>`.
The syntax for the `route` attribute has changed in a breaking manner.
To set a method, a key/value of `method = NAME` must be introduced:
```rust
#[route("/", method = GET)]
```
If the method's name is a valid identifier, it can be used without
quotes. Otherwise it must be quoted:
```rust
// `GET` is a valid identifier, but `VERSION-CONTROL` is not
#[route("/", method = "VERSION-CONTROL")]
```
Closes#2731.
This commit complete the migration to 'tracing' for all logging. Below
is a summary of all relevant commits, including this one:
Log improvements:
- All log (trace) messages are structured which means they contain fields
that can formatted by any subscriber.
- Logging can be disabled entirely by disabling the default `trace` feature.
- Routes and catchers now contain location (file/line) information.
- Two log format kinds: pretty and compact via ROCKET_LOG_FORMAT
- Coloring is not disabled globally. Thus applications can color even if
Rocket is configured not to.
- Rocket is more conservative about 'warn' and 'error' messages, reserving
those log levels for messages useful in production.
- Errors from guards logged by codegen now use the 'Display' implementation of
those errors when one exists.
- Secrets are never logged, even when directly asked for.
New features:
- Many Rocket types know how to trace themselves via a new `Trace` trait.
- `Either` types can now be used in `uri!()` calls.
- A `RequestIdLayer` tags all requests with a unique ID.
Breaking changes to configuration:
- `Config::log_level` is of type `Option<Level>`. `None` disables tracing.
- `log_level` now uses the traditional log level names: "off", "error",
"warn", "info", "debug", "trace", or 0-5. This replace the Rocket-specific
"normal", "debug", "critical".
- A new option, `log_format`, which is either `compact` or `pretty`,
determines how Rocket's tracing subscriber log trace messages.
Breaking changes:
- Hidden `rocket::Either` is now publicly available at `rocket::either::Either`.
- `rocket::Error` no longer panics when dropped.
- `main` generated by `#[launch]` returns an `ExitCode`.
- `FromParam` `Err` now always returns the actual error as opposed to the
string that failed to parse. To recover the original string, use `Either<T,
&str>`, where `T: FromParam`, as a parameter guard.
- Many types that implemented `Display` now instead implement `Trace`.
- `Error::pretty_print()` was removed. Use `Error::trace()` via `Trace` impl.
Internal improvements:
- Made more space in CI machines for tasks.
- Cleaned up testbench code using `inventory`.
Resolves#21.
This commit:
- Removes painting outside trace subscriber in core.
- Removes all non-subscriber uses of yansi.
- Removes all uses of old log macros.
- Fix trace exports.
This commit:
- Remove all traces of 'log'.
- Send all logs unedited via tracing.
- Parses and propagate log_level.
- Implements an initial formatting subscriber.
Co-authored-by: Eliza Weisman <eliza@buoyant.io>
Co-authored-by: Jeb Rosen <jeb@jebrosen.com>
This commit introduces the ability to dynamically select a TLS
configuration based on the client's TLS hello via the new `Resolver`
trait. In support of this, it also makes the following changes:
* Added `Authority::set_port()`.
* `UdsListener` is now `UnixListener`.
* `Bindable` removed in favor of new `Bind`.
* All built-in listeners now implement `Bind<&Rocket>`.
* `Connection` requires `AsyncRead + AsyncWrite`.
* The `Debug` impl for `Endpoint` displays the underlying address.
* `Listener` must be `Sized`.
* The TLS listener was moved to `tls::TlsListener`.
* The preview `quic` listener no longer implements `Listener`.
* Added `TlsConfig::server_config()`.
* Added `race` future helpers.
* Added `Rocket::launch_with()`, `Rocket::bind_launch()`.
* Added a default `client.pem` to the TLS example.
* Various unnecessary listener `Config` structures removed.
In addition, the testbench was revamped to support more scenarios. This
resulted in the following issues being found and fixed:
* Fix an issue where the logger would ignore color requests.
* Clarified docs for `mtls::Certificate` guard.
* Improved error messages on listener misconfiguration.
Resolves#2730.
Resolves#2363.
Closes#2748.
Closes#2683.
Closes#2577.
Prior to this commit, some TLS related operations used 'ring' even when
a different default 'CryptoProvider' was installed. This commit fixes
that by refactoring 'TlsConfig' such that all utility methods are
required to use the default 'CryptoProvider'.
This commit also cleans up code related to the rustls 0.23 update.
This commit updates rustls to 0.23 and adds support for custom
'CryptoProvider's installable via 'CryptoProvider::install_default()'.
In particular, this enables using `aws-lc-rs` for cryptography related
operation in TLS. The 'TLS' example was updated to test use of
'aws-lc-rs' on Unix.
This commit is a codebase-wide cleanup driven by clippy warnings. In
addition to fixing every reasonable warning, the following new
functionality was introduced:
* `Accept::new()` now takes any `T: Into<QMediaType>` iterator.
* `TempFile::is_empty()` was added.
* `HeaderMap` now implements `IntoIterator`.
This commit makes the following breaking changes:
* The `IntoCollection` trait is gone. Generics previously bound by the
trait are now bound by `IntoIterator`. This affects:
- `Accept::new()`
- `ContentType::with_params()`
- `Permission::{allow, allowed}()`
* `MediaType`, `QMediaType`, and `Allow` implement `IntoIterator`,
enabling most existing code to continue working without change.
* The inherent `HeaderMap::into_iter()` method was removed.
* The `Ok` variant in ErrorKind::Liftoff` is now `Box<Rocket<Orbit>>`.
This commit adds support for HTTP/3 and QUIC under a disabled-by-default
feature `http3-preview`. The current implementation depends on modified
versions of h3 and s2n-quic-h3 which will need to be upstreamed and
published before a release is possible.
During the course of development various facets of Rocket's internal
connection handling and recent listener APIs were improved. The complete
list of changes included in this PR is:
* A `shutdown` module was introduced.
* `config::Shutdown` was renamed to `ShutdownConfig` and moved to
`shutdown` while being re-exported from `config`.
* `ListenerAddr` is now called `Endpoint`. Various methods which
previously referred to "addresses" now refer to "endpoints".
* `Rocket::endpoint()` was renamed to `Rocket::endpoints()` and now
returns an iterator over the endpoints Rocket is listening on.
* `Endpoint` acquired various query utility methods.
* The `{set_}remote()` methods now take/produce `Endpoint`s.
* `TlsBindable` only accepts single-phase internal interfaces.
* Bind error messages include candidate endpoint info when possible.
* The warning message when a secret key is not configured now includes
information about its effect on private cookies.
Internal changes include:
* Config module tests were moved to `config/tests.rs`.
* The cancellable I/O implementation was significantly simplified.
* The `TripWire` implementation was simplified.
* Individual shutdown stages can now be awaited on via `Stages`.
* The `Shield` implementation was simplified.
Resolves#2723.
This commit completely rewrites Rocket's HTTP serving. In addition to
significant internal cleanup, this commit introduces the following major
features:
* Support for custom, external listeners in the `listener` module.
The new `listener` module contains new `Bindable`, `Listener`, and
`Connection` traits which enable composable, external
implementations of connection listeners. Rocket can launch on any
`Listener`, or anything that can be used to create a listener
(`Bindable`), via a new `launch_on()` method.
* Support for Unix domain socket listeners out of the box.
The default listener backwards compatibly supports listening on Unix
domain sockets. To do so, configure an `address` of
`unix:path/to/socket` and optional set `reuse` to `true` (the
default) or `false` which controls whether Rocket will handle
creating and deleting the unix domain socket.
In addition to these new features, this commit makes the following major
improvements:
* Rocket now depends on hyper 1.
* Rocket no longer depends on hyper to handle connections. This allows
us to handle more connection failure conditions which results in an
overall more robust server with fewer dependencies.
* Logic to work around hyper's inability to reference incoming request
data in the response results in a 15% performance improvement.
* `Client`s can be marked secure with `Client::{un}tracked_secure()`,
allowing Rocket to treat local connections as running under TLS.
* The `macros` feature of `tokio` is no longer used by Rocket itself.
Dependencies can take advantage of this reduction in compile-time
cost by disabling the new default feature `tokio-macros`.
* A new `TlsConfig::validate()` method allows checking a TLS config.
* New `TlsConfig::{certs,key}_reader()`,
`MtlsConfig::ca_certs_reader()` methods return `BufReader`s, which
allow reading the configured certs and key directly.
* A new `NamedFile::open_with()` constructor allows specifying
`OpenOptions`.
These improvements resulted in the following breaking changes:
* The MSRV is now 1.74.
* `hyper` is no longer exported from `rocket::http`.
* `IoHandler::io` takes `Box<Self>` instead of `Pin<Box<Self>>`.
- Use `Box::into_pin(self)` to recover the previous type.
* `Response::upgrade()` now returns an `&mut dyn IoHandler`, not
`Pin<& mut _>`.
* `Config::{address,port,tls,mtls}` methods have been removed.
- Use methods on `Rocket::endpoint()` instead.
* `TlsConfig` was moved to `tls::TlsConfig`.
* `MutualTls` was renamed and moved to `mtls::MtlsConfig`.
* `ErrorKind::TlsBind` was removed.
* The second field of `ErrorKind::Shutdown` was removed.
* `{Local}Request::{set_}remote()` methods take/return an `Endpoint`.
* `Client::new()` was removed; it was previously deprecated.
Internally, the following major changes were made:
* A new `async_bound` attribute macro was introduced to allow setting
bounds on futures returned by `async fn`s in traits while
maintaining good docs.
* All utility functionality was moved to a new `util` module.
Resolves#2671.
Resolves#1070.
In the process, the following improvements were also made:
* Error messages related to TLS were improved.
* 'Redirector' in 'tls' example was improved.
...because loading up a Rocket while it's ignited is a bad idea.
More seriously, because 'Rocket.ignite()' will become an "execute
everything up to here" method.
The new examples directory...
* Contains a `README.md` explaining each example.
* Consolidates examples into more complete chunks.
* Is just better.
Resolves#1447.
In brief, this commit:
* Updates to the latest upstream 'cookie', fixing a memory leak.
* Make changes to 'CookieJar' observable only through 'pending()'.
* Deprecates 'Client::new()' in favor of 'Client::tracked()'.
* Makes 'dispatch()' on tracked 'Client's synchronize on cookies.
* Makes 'Client::untracked()' actually untracked.
This commit updates to the latest 'cookie' which removes support for
'Sync' cookie jars. Instead of relying on 'cookie', this commit
implements an op-log based 'CookieJar' which internally keeps track of
changes. The API is such that changes are only observable through
specialized '_pending()' methods.
This commits makes the following high-level changes:
* 'ShutdownHandle' is renamed to 'Shutdown'.
* 'Rocket::shutdown_handle()' is renamed to 'Rocket::shutdown()'.
* '#[launch]` is preferred to '#[rocket::launch]'.
* Various docs phrasings are improved.
* Fixed various broken links in docs.
This commits rearranges top-level exports as follows:
* 'shutdown' module is no longer exported.
* 'Shutdown' is exported from the crate root.
* 'Outcome' is not longer exported from the root.
* 'Handler', 'ErrorHandler' are no longer exported from the root.
This commit adds the 'local::blocking' module and moves the existing
asynchronous testing to 'local::asynchronous'. It also includes several
changes to improve the local API, bringing it to parity (and beyond)
with master. These changes are:
* 'LocalRequest' implements 'Clone'.
* 'LocalResponse' doesn't implement 'DerefMut<Target=Response>'.
Instead, direct methods on the type, such as 'into_string()', can
be used to read the 'Response'.
* 'Response::body()' returns an '&ResponseBody' as opposed to '&mut
ResponseBody', which is returned by a new 'Response::body_mut()'.
* '&ResponseBody' implements 'known_size()` to retrieve a body's size,
if it is known.
Co-authored-by: Jeb Rosen <jeb@jebrosen.com>
The attribute is applied everywhere it can be across the codebase and is
the newly preferred method for launching an application. This commit
also makes '#[rocket::main]` stricter by warning when it is applied to
functions other than 'main'.
* body_string_wait and body_bytes_wait are removed; use `.await` instead
* `dispatch()` is now an async fn and must be .await-ed
* Add `#[rocket::async_test]` macro, similar in purpose to `tokio::test`
* Tests now use either `rocket::async_test(async { })` or
`#[rocket::async_test]` in order to `.await` the futures returned
from `dispatch()` and `body_{string,bytes}()`
* Update 'test.sh' to reflect the tests that should be passing.
Broken:
* Cloned dispatch and mut_dispatch() with a live previous response now both fail, due to a (partial) check for mutable aliasing in LocalRequest.
* Some tests are still failing and need example-specific changes.
This commits also implement the query reform from #608. It also consists
of many, many breaking changes. Among them are:
* Query parts in route paths use new query reform syntax.
* Routing for queries is now lenient.
- Default ranking has changed to reflect query reform.
* Format routing matching has been fixed.
- Routes with formats matching "accept" will always collide.
- Routes with formats matching "content-type" require requests to
have an equivalent content-type header to match.
- Requests with imprecise content-types are treated as not having a
content-type.
* Generated routes and catchers respect visibility modifiers.
* Raw getter methods from request were renamed and retooled.
- In particular, the index parameter is based on segments in the
route path, not dynamic parameters.
* The method-based attributes no longer accept a keyed 'path'.
* The 'rocket_codegen' crate is gone and will no longer be public.
* The 'FormItems' iterator emits values of type 'FormItem'.
- The internal form items' string can no longer be retrieved.
* In general, routes are more strictly validated.
* Logging from codegen now funnels through logging infrastructure.
* Routing has been optimized by caching routing metadata.
Resolves#93.
Resolves#608.
Resolves#693.
Resolves#476.
Sessions
--------
This commit removes the `Session` type in favor of methods on the
`Cookies` types that allow for adding, removing, and getting private
(signed and encrypted) cookies. These methods provide a superset of
the functionality of `Session` while also being a minimal addition to
the existing API. They can be used to implement the previous `Session`
type as well as other forms of session storage. The new methods are:
* Cookie::add_private(&mut self, Cookie)
* Cookie::remove_private(&mut self, Cookie)
* Cookie::get_private(&self, &str)
Resolves#20
Testing
-------
This commit removes the `rocket::testing` module. It adds the
`rocket::local` module which provides a `Client` type for local
dispatching of requests against a `Rocket` instance. This `local`
package subsumes the previous `testing` package.
Rocket Examples
---------------
The `forms`, `optional_result`, and `hello_alt_methods` examples have
been removed. The following example have been renamed:
* extended_validation -> form_validation
* hello_ranks -> ranking
* from_request -> request_guard
* hello_tls -> tls
Other Changes
-------------
This commit also includes the following smaller changes:
* Config::{development, staging, production} constructors have been
added for easier creation of default `Config` structures.
* The `Config` type is exported from the root.
* `Request` implements `Clone` and `Debug`.
* `Request::new` is no longer exported.
* A `Response::body_bytes` method was added to easily retrieve a
response's body as a `Vec<u8>`.