Commit Graph

704 Commits

Author SHA1 Message Date
Sergio Benitez
7b8d104ae0 Silence cargo and diesel in todo bootstrap. 2017-02-02 01:08:43 -08:00
Sergio Benitez
d4eda278a2 Parallelize testing. Fix compiletest dependencies. 2017-02-02 00:41:47 -08:00
Sergio Benitez
4d2f695db0 Add more bad form tests to forms example. 2017-02-01 18:35:54 -08:00
Garrett Squire
11e90f525f Update status code for form processing failure. 2017-02-01 18:29:29 -08:00
Sergio Benitez
ed429cd487 Change FromForm signature. Emit 422 form errors on bad form strings.
This commit changes the way Rocket parses form items. In particular, it now
(liberally) validates form strings, returning a Bad Request on malformed inputs
and Unprocessable Entity on bad parses.

The 'FormItems' iterator was modified to accomodate this. The iterator is now
initialized using 'from': 'FormItems::from(form_string)'. The iterator can be
queried to check for a complete parse using either 'completed()' or
'exhausted()', the latter of which will consume valid keys/values and return
true only if the entire string was consumed.

The 'FromForm' trait now takes a mutable borrow to a 'FormItems' iterator.

The 'Form' and 'FormForm' implementation for 'Form' were modified to use the new
iterfaces and check for 'exhausted' after a parse, returning a Bad Request error
if the iterator cannot be exhausted.

Resolves #46.
2017-02-01 18:22:51 -08:00
Sergio Benitez
cc22836867 Precisely route formats. Make 'content_type' an 'Option' in 'Request'.
This commit changes the routing algorithm. In particular, it enforces
precise matching of formats. With this change, a route with a specified
format only matches requests that have the same format specified. A
route with no format specified matches any request's format. This is
contrast to the previous behavior, where a route without a specified
format would match requests regardless of their format or whether one
was specified.

This commit also changes the following:
  * The return type of the 'content_type' method of 'Request' is now
    'Option<ContentType>'.
  * The 'ContentType' request guard forwards when the request has no
    specified ContentType.
  * The 'add_header' and 'replace_header' methods take the header
    argument generically.

Closes #120.
2017-02-01 03:12:24 -08:00
Sergio Benitez
3235e1e5e6 Make 'false' the default value for bools in forms. 2017-02-01 00:12:11 -08:00
Sergio Benitez
c0235d0cde Condense cases in 'def_id_opt'. 2017-01-31 17:38:25 -08:00
Sergio Benitez
35bbb8b60b Use 'to_string' to format Hyper headers. 2017-01-31 17:32:35 -08:00
Sergio Benitez
5fabb43a1b Update to serde 0.9, handlebars 0.25. Move from map! to json! macro.
Resolves #154.
2017-01-31 17:15:42 -08:00
Sergio Benitez
52d627cf44 Use only 'Request' parameter in content_types example catcher. 2017-01-31 02:46:28 -08:00
Sergio Benitez
374593c2f0 Use 'ContentType::Plain' for 'String' responses.
Resolves #49.
2017-01-31 02:43:19 -08:00
Sergio Benitez
724446cda4 Add categories to Cargo.toml. 2017-01-31 02:01:51 -08:00
Sergio Benitez
c1697509ba Improve lints: gather info on per-instance basis. 2017-01-31 02:01:30 -08:00
Sergio Benitez
4eaf9ba9c5 Add lints to catch unmanaged state and unmounted routes.
* The `unmanaged_state` lint emits a warning when a `State<T>` request
    guard is used without an accompanying `manage` call for `T`.

  * The `unmounted_route` lint emits a warning when a route declared via
    a Rocket attribute is not mounted via a call to `mount`.

There is one known shortcoming of these lints at present: _any_ call to
`manage` or `mount` marks state/routes as managed/mounted. This can be
an issue when an application uses more than one `Rocket` instance, with
different calls to `mount` and `manage` in each. The lints should
perform their analyses on a per-instance basis.
2017-01-29 01:13:52 -08:00
Sergio Benitez
5f04beaafc Use pegged Tera. 2017-01-28 21:52:36 -08:00
Sergio Benitez
0063f2524e Remove unused macro_use in codegen. 2017-01-27 00:06:16 -08:00
Lori Holden
f230d43fd5 Add example for the contrib UUID type. 2017-01-26 23:20:05 -08:00
Sergio Benitez
06a7317fd9 Update to Hyper 0.10. Use cookie crate directly.
A few interesting notes on this breakage:

  * `Cookie` how has a lifetime. It should be `'static'` everywhere.
  * The `SetCookie` header is no longer reexported.
  * Instead, `Cookie` implements `Into<Header>` for Set-Cookie.
2017-01-26 23:08:15 -08:00
Sergio Benitez
8fd19cce4f Use upstream Tera. Emit warning on conflicting templates. 2017-01-26 12:47:20 -08:00
Sergio Benitez
c61e740572 Allow any Serialize type in RHS of map macro. 2017-01-26 11:56:06 -08:00
Sergio Benitez
0a0b64b9b6 New version: 0.1.6. 2017-01-26 11:26:50 -08:00
Sergio Benitez
466b58970e Pin Hyper to 0.9.14 due to non-semver breaking change. 2017-01-26 11:11:43 -08:00
Sergio Benitez
9de118c5f2 Update license years for 2017. 2017-01-23 14:58:09 -08:00
Sergio Benitez
c815911705 Introduce Managed State. 2017-01-20 23:17:28 -08:00
Giovanni Capuano
9ef65a8c91 Don't use any features from toml crate. 2017-01-20 16:38:50 -08:00
Sergio Benitez
72b91dfa41 Use shorthand version for hyper dependency. 2017-01-20 16:36:55 -08:00
Sergio Benitez
44e367c64c Remove authorship from all examples. 2017-01-19 17:14:01 -08:00
Ernestas Poskus
59b7cb006f Add SVG as a known Content-Type. 2017-01-19 12:29:39 -08:00
Sergio Benitez
b164da1a01 Rename JSON::unwrap() to JSON::into_inner(). 2017-01-15 03:00:46 -08:00
Sergio Benitez
c6f8b251cb Clean Rocket crates before testing to avoid versioning/rebuild issues. 2017-01-15 02:33:45 -08:00
Sergio Benitez
cf82469c52 Document encoding behavior for FormItems. 2017-01-15 02:21:28 -08:00
Sergio Benitez
bb295dc230 Extend FormFormValue docs with details and built-in impls.
Closes #129.
2017-01-15 02:05:17 -08:00
Sergio Benitez
307469dc3a Refuse to build on non-nightly with a nice message. 2017-01-15 01:16:47 -08:00
Sergio Benitez
08278e8f0e New version: 0.1.5. 2017-01-14 08:45:03 -08:00
Sergio Benitez
77ae330212 Minor style changes to UUID contrib. 2017-01-14 08:20:15 -08:00
Lori Holden
8f39d3399e Add UUID type to contrib. 2017-01-14 08:08:01 -08:00
Eijebong
1398626710 Fix typo in Redirect documentation. 2017-01-14 07:58:28 -08:00
Sergio Benitez
d4d5c5dd29 Override config parameters via environment variables.
Resolves #37.
2017-01-14 07:55:08 -08:00
Sergio Benitez
4bc5c20a45 Fix security checks in PathBuf::FromSegments.
In #134, @tunz discovered that Rocket does not properly prevent path traversal
or local file inclusion attacks. The issue is caused by a failure to check for
some dangerous characters after decoding. In this case, the path separator '/'
was left as-is after decoding. As such, an attacker could construct a path with
containing any number of `..%2f..` sequences to traverse the file system.

This commit resolves the issue by ensuring that the decoded segment does not
contains any `/` characters. It further hardens the `FromSegments`
implementation by checking for additional risky characters: ':', '>', '<' as the
last character, and '\' on Windows. This is in addition to the already present
checks for '.' and '*' as the first character.

The behavior for a failing check has also changed. Previously, Rocket would skip
segments that contained illegal characters. In this commit, the implementation
instead return an error.

The `Error` type of the `PathBuf::FromSegment` implementations was changed to a
new `SegmentError` type that indicates the condition that failed.

Closes #134.
2017-01-13 13:25:33 -08:00
Sergio Benitez
41aecc3e7f Expose the remote address via remote() in Request.
This commit also includes the following changes:

  * `FromRequest` for `SocketAddr` implemented: extracts remote address.
  * All built-in `FromRequest` implementations are documented.
  * Request preprocessing overrides remote IP with value from X-Real-IP header.
  * `MockRequest` allows setting the remote address with `remote()`.

Resolves #38.
2017-01-13 07:50:51 -08:00
Sergio Benitez
725191d3c3 Adjust spacing in handlebars_templates example. 2017-01-13 00:22:16 -08:00
FliegendeWurst
99a17b42ae Add tests for handlebars_templates example. 2017-01-13 00:19:58 -08:00
Seth Lopez
dec585dbd4 Add tests for content_types example. 2017-01-13 00:05:58 -08:00
Sergio Benitez
6fd0503cea Expose SerdeError. 2017-01-12 23:07:01 -08:00
Sergio Benitez
bea9727f44 Correct variance in Iron benchmarks. 2017-01-12 02:56:02 -08:00
Sergio Benitez
3c07cf96df Overhaul templating contrib library: use register callback.
This commit improves and changes the templating library in the following ways:

  * Templates are now registered/loaded at initialization.
  * No synchronization is required to read templates.
  * All templates are properly loaded (fixes #122).
  * Tera templates are given the proper name: `index`, not `index.html.tera`.
  * Rendering tests added for both templating engines.

There is one breaking change:

  * Tera templates are given the proper name: `index`, not `index.html.tera`.
2017-01-12 02:52:23 -08:00
Sergio Benitez
36bf704673 Fix config example tests for new Config structure. 2017-01-12 02:47:25 -08:00
Sergio Benitez
c6fbc44888 Add TODO about improving builder finalize error. 2017-01-12 02:43:00 -08:00
Sergio Benitez
a2f378ab88 Fixed Hyper version number. 2017-01-12 02:39:42 -08:00