Commit Graph

90 Commits

Author SHA1 Message Date
Sergio Benitez 7b48ca7103 Add optional input for IntoOutcome. Add mapper methods to Outcome.
This is a breaking change to `IntoOutcome`.

The MsgPack and JSON types now use `into_outcome` to generate the final
`Outcome` from their `FromData` implementations.

Resolves #98.
2017-04-18 21:56:21 -07:00
Sergio Benitez 1524b9a6b2 Document size limits. 2017-04-18 00:36:39 -07:00
Sergio Benitez 6dc21e5380 Add support for configurable size limits. 2017-04-18 00:25:13 -07:00
Sergio Benitez 6641e9b92d Add Response::content_type() method. 2017-04-14 14:35:22 -07:00
Sergio Benitez 0d674c57fd Return `HeaderMap` from Response::headers(). Remove Response::header_values().
This is a breaking change. A call to `Response::headers()` can be
replaced with `Response::headers().iter()`. A call to
`Response::header_values()` can be replaced with
`Response::headers().get()`.
2017-04-14 01:21:06 -07:00
Sergio Benitez 2e54a1f74d Don't use &str where RawStr is now preferred. 2017-04-14 00:43:57 -07:00
Sergio Benitez a25a3c69c6 Cache parsed ContentType and Accept headers.
This is a breaking change. `Request::content_type` now returns a borrow
to `ContentType`. `FromRequest` for `ContentType` is no longer
implemented. Instead, `FromRequest` for `&ContentType` is implemented.
2017-04-13 02:44:47 -07:00
Sergio Benitez f5ec470a7d Use the `RawStr` type for raw parameter strings.
This is a breaking change.

The `&str` type no longer implements `FromParam`. The `&RawStr` type
should be used in its place.
2017-03-31 00:18:58 -07:00
Sergio Benitez 0c44e44641 Use the `RawStr` type for all form raw strings.
This is a breaking change.

This commit introduces `RawStr` to forms. In particular, after this
commit, the `&str` type no longer implements `FromFormValue`, and so it
cannot be used as a field in forms. Instad, the `&RawStr` can be used.

The `FormItems` iterator now returns an `(&RawStr, &RawStr)` pair.
2017-03-30 23:06:53 -07:00
Sergio Benitez 10306c3b7e Clarify segment handling for '..'. 2017-03-30 18:15:36 -07:00
Sergio Benitez cb21fbf6af Small typo: parse -> parsed. 2017-03-29 21:06:15 -07:00
Sergio Benitez 8f997a2a39 Rewrite some markdown for commonmark. 2017-03-29 19:05:49 -07:00
Sergio Benitez b102a6a497 Implement FromRequest for Accept. 2017-03-29 04:21:18 -07:00
Sergio Benitez c58ca894b7 Initial implementation of content negotiation via `Accept`.
This is a breaking change.

This commit changes the meaning of the `format` route attribute when
used on non-payload carrying requests (GET, HEAD, CONNECT, TRACE, and
OPTIONS) so that it matches against the preferred media type in the
`Accept` header of the request. The preferred media type is computed
according to the HTTP 1.1 RFC, barring a few specificty rules to come.
2017-03-29 04:08:53 -07:00
Sergio Benitez fb29b37f30 Reorganize extra request state. Add 'accept' and 'accept_first' methods to Request. 2017-03-28 03:10:18 -07:00
Sergio Benitez 65da988962 Return a `LaunchError` from `launch` when launching fails.
This is a (minor) breaking change. If `rocket.launch()` is the last expression
in a function, the return type will change from `()` to `LaunchError`. A simple
workaround that preserves the previous functionality is to simply add a
semicolon after `launch()`: `rocket.launch();`.

resolves #34
2017-03-15 22:10:09 -07:00
Sergio Benitez da157a061d Don't use hyper directly in request tests. 2017-03-15 20:30:07 -07:00
Sergio Benitez ca30e5e901 Cleanup request tests; move into separate file. 2017-03-15 19:20:20 -07:00
Scott Schroeder 47fe659ebe Preserve multiple incoming header values. 2017-03-15 18:25:37 -07:00
Sergio Benitez 16cb7297ab Initial session support.
This commit includes the following additions:
  * A `session` example was added.
  * `Config::take_session_key` was removed.
  * If a `session_key` is not supplied, one is automatically generated.
  * The `Session` type implements signed, encrypted sessions.
  * A `Session` can be retrieved via its request guard.
2017-03-08 03:28:12 -08:00
Sergio Benitez 722ee93f8b Update to cookie 0.7. Use 256-bit session_keys.
This commit involves several breaking changes:
  * `session_key` config param must be a 256-bit base64 encoded string.
  * `FromRequest` is implemented for `Cookies`, not `Cookie`.
  * Only a single `Cookies` instance can be retrieved at a time.
  * `Config::take_session_key` returns a `Vec<u8>`.
  * `Into<Header>` is implemented for `&Cookie`, not `Cookie`.
2017-03-07 01:19:06 -08:00
Sergio Benitez 3c8dd0fad8 Fix fallout from latest cargo nightly. 2017-02-08 00:55:22 -08:00
Sergio Benitez 0e82eb0b31 Fixup forms documentation for new features. 2017-02-03 16:56:29 -08:00
Sergio Benitez aefa2f1494 Use pub(crate) to enforce doc(hidden). 2017-02-03 02:17:06 -08:00
Sergio Benitez 988236f272 Add documentation for State request guard. 2017-02-02 18:01:00 -08:00
Sergio Benitez a9c3b8a919 Silence warnings during testing. 2017-02-02 02:16:21 -08:00
Sergio Benitez ed429cd487 Change FromForm signature. Emit 422 form errors on bad form strings.
This commit changes the way Rocket parses form items. In particular, it now
(liberally) validates form strings, returning a Bad Request on malformed inputs
and Unprocessable Entity on bad parses.

The 'FormItems' iterator was modified to accomodate this. The iterator is now
initialized using 'from': 'FormItems::from(form_string)'. The iterator can be
queried to check for a complete parse using either 'completed()' or
'exhausted()', the latter of which will consume valid keys/values and return
true only if the entire string was consumed.

The 'FromForm' trait now takes a mutable borrow to a 'FormItems' iterator.

The 'Form' and 'FormForm' implementation for 'Form' were modified to use the new
iterfaces and check for 'exhausted' after a parse, returning a Bad Request error
if the iterator cannot be exhausted.

Resolves #46.
2017-02-01 18:22:51 -08:00
Sergio Benitez cc22836867 Precisely route formats. Make 'content_type' an 'Option' in 'Request'.
This commit changes the routing algorithm. In particular, it enforces
precise matching of formats. With this change, a route with a specified
format only matches requests that have the same format specified. A
route with no format specified matches any request's format. This is
contrast to the previous behavior, where a route without a specified
format would match requests regardless of their format or whether one
was specified.

This commit also changes the following:
  * The return type of the 'content_type' method of 'Request' is now
    'Option<ContentType>'.
  * The 'ContentType' request guard forwards when the request has no
    specified ContentType.
  * The 'add_header' and 'replace_header' methods take the header
    argument generically.

Closes #120.
2017-02-01 03:12:24 -08:00
Sergio Benitez 3235e1e5e6 Make 'false' the default value for bools in forms. 2017-02-01 00:12:11 -08:00
Sergio Benitez 06a7317fd9 Update to Hyper 0.10. Use cookie crate directly.
A few interesting notes on this breakage:

  * `Cookie` how has a lifetime. It should be `'static'` everywhere.
  * The `SetCookie` header is no longer reexported.
  * Instead, `Cookie` implements `Into<Header>` for Set-Cookie.
2017-01-26 23:08:15 -08:00
Sergio Benitez c815911705 Introduce Managed State. 2017-01-20 23:17:28 -08:00
Sergio Benitez cf82469c52 Document encoding behavior for FormItems. 2017-01-15 02:21:28 -08:00
Sergio Benitez bb295dc230 Extend FormFormValue docs with details and built-in impls.
Closes #129.
2017-01-15 02:05:17 -08:00
Sergio Benitez 4bc5c20a45 Fix security checks in `PathBuf::FromSegments`.
In #134, @tunz discovered that Rocket does not properly prevent path traversal
or local file inclusion attacks. The issue is caused by a failure to check for
some dangerous characters after decoding. In this case, the path separator '/'
was left as-is after decoding. As such, an attacker could construct a path with
containing any number of `..%2f..` sequences to traverse the file system.

This commit resolves the issue by ensuring that the decoded segment does not
contains any `/` characters. It further hardens the `FromSegments`
implementation by checking for additional risky characters: ':', '>', '<' as the
last character, and '\' on Windows. This is in addition to the already present
checks for '.' and '*' as the first character.

The behavior for a failing check has also changed. Previously, Rocket would skip
segments that contained illegal characters. In this commit, the implementation
instead return an error.

The `Error` type of the `PathBuf::FromSegment` implementations was changed to a
new `SegmentError` type that indicates the condition that failed.

Closes #134.
2017-01-13 13:25:33 -08:00
Sergio Benitez 41aecc3e7f Expose the remote address via `remote()` in `Request`.
This commit also includes the following changes:

  * `FromRequest` for `SocketAddr` implemented: extracts remote address.
  * All built-in `FromRequest` implementations are documented.
  * Request preprocessing overrides remote IP with value from X-Real-IP header.
  * `MockRequest` allows setting the remote address with `remote()`.

Resolves #38.
2017-01-13 07:50:51 -08:00
Liigo Zhuang 0af01abe5f Fix decoding of String form values.
@liigo originated a fix and found the problem in #82.
2016-12-31 01:06:22 -06:00
Sergio Benitez 83bbea7d4a Fix decoding of form value Strings. 2016-12-31 00:48:31 -06:00
Sergio Benitez a1878ad080 Properly resolve dynamic segments, take 2.
Fixes #86.
2016-12-30 23:51:23 -06:00
Sergio Benitez 71419933a5 Ignore _method field in derived FromForm.
Fixes #45.
2016-12-26 02:41:57 -06:00
Sergio Benitez 12302bcadb Document default FromParam impls. 2016-12-23 02:39:34 -08:00
Sergio Benitez 80632689f4 Document Request. 2016-12-21 01:30:45 -08:00
Sergio Benitez 62fe734492 URI uses Cow iternally. 2016-12-21 00:09:22 -08:00
Sergio Benitez f1c7d3e27c Minor code improvements via clippy. 2016-12-17 09:18:30 -08:00
Sergio Benitez 6815a56cb5 Rework Request: add lifetime to future proof, remove unsafe. 2016-12-16 03:07:23 -08:00
Sergio Benitez 08f41816d1 Remove dependence from Hyper in Request/MockRequest. 2016-12-15 16:34:19 -08:00
Sergio Benitez d3e2d829c7 Remove all Hyper* types in favor of hyper::*. 2016-12-15 09:24:29 -08:00
Sergio Benitez 44f5f1998d New HTTP types: ContentType, Status. Responder/Handler/ErrorHandler changed.
This is a complete rework of `Responder`s and of the http backend in
general. This gets Rocket one step closer to HTTP library independence,
enabling many future features such as transparent async I/O, automatic
HEAD request parsing, pre/post hooks, and more.

Summary of changes:

  * `Responder::response` no longer takes in `FreshHyperResponse`.
    Instead, it returns a new `Response` type.
  * The new `Response` type now encapsulates a full HTTP response. As a
    result, `Responder`s now return it.
  * The `Handler` type now returns an `Outcome` directly.
  * The `ErrorHandler` returns a `Result`. It can no longer forward,
    which made no sense previously.
  * `Stream` accepts a chunked size parameter.
  * `StatusCode` removed in favor of new `Status` type.
  * `ContentType` significantly modified.
  * New, lightweight `Header` type that plays nicely with `Response`.
2016-12-15 00:47:31 -08:00
Sergio Benitez 4f89e232aa HTML escape < in FromParam docs. 2016-12-10 17:41:44 -08:00
Sergio Benitez 470dc7f63c Improve FromParam documentation. 2016-12-10 02:55:25 -08:00
Sergio Benitez a2e99985b0 Fix data buffer indexing bug. Add from_request example. 2016-11-21 00:45:44 -08:00