Commit Graph

56 Commits

Author SHA1 Message Date
Sergio Benitez 9160483554 A route with unspecified query parameters accepts any.
This is a breaking change. It modifies collisions with respect to query
parameters as well as the default ranking of routes.

A route that does not specify query parameters will now match against
requests with _and without_ query parameters, assuming all other
elements of the route match as well. A route that _does_ specify query
parameters will only match requests with query parameters; this remains
true.

To accommodate this change in the most natural manner possible, the
default rankings of routes have changed as illustrated below:

  |-------------+-------+----------+---------------|
  | static path | query | new rank | previous rank |
  |-------------+-------+----------+---------------|
  | yes         | yes   | -4       | 0             |
  | yes         | no    | -3       | 0             |
  | no          | yes   | -2       | 1             |
  | no          | no    | -1       | 1             |
  |-------------+-------+----------+---------------|

In other words, the most specific routes, with preference for paths over
queries, are ranked highest (lower number).
2017-03-27 03:52:26 -07:00
Sergio Benitez c09644b270 Add the Accept ContentType structure. 2017-03-27 01:53:45 -07:00
Sergio Benitez 13359d4f50 Reformulate ContentType as a wrapper around MediaType. 2017-03-23 22:41:42 -07:00
Sergio Benitez e006f3f83e Spruce up MediaType docs. Use new Pear features in MediaType parser. 2017-03-23 03:28:53 -07:00
Sergio Benitez 7076ae3c1d Move parsing tests to parse module. 2017-03-21 20:30:56 -07:00
Sergio Benitez d09b4138d9 Implement the (currently unused) MediaType struct. 2017-03-21 02:04:07 -07:00
Sergio Benitez 65da988962 Return a `LaunchError` from `launch` when launching fails.
This is a (minor) breaking change. If `rocket.launch()` is the last expression
in a function, the return type will change from `()` to `LaunchError`. A simple
workaround that preserves the previous functionality is to simply add a
semicolon after `launch()`: `rocket.launch();`.

resolves #34
2017-03-15 22:10:09 -07:00
Josh Holmer d43678c35e Add MsgPack implementation to contrib. 2017-03-08 15:12:00 -08:00
Sergio Benitez 63e89b04b4 Rename Session::add to Session::set.
Also set a default expiration of 3 hours for session cookies.
2017-03-08 14:25:58 -08:00
Sergio Benitez 4f8894f645 Don't allocate a String into after parsing a cookie. 2017-03-08 03:39:57 -08:00
Sergio Benitez 16cb7297ab Initial session support.
This commit includes the following additions:
  * A `session` example was added.
  * `Config::take_session_key` was removed.
  * If a `session_key` is not supplied, one is automatically generated.
  * The `Session` type implements signed, encrypted sessions.
  * A `Session` can be retrieved via its request guard.
2017-03-08 03:28:12 -08:00
Sergio Benitez 722ee93f8b Update to cookie 0.7. Use 256-bit session_keys.
This commit involves several breaking changes:
  * `session_key` config param must be a 256-bit base64 encoded string.
  * `FromRequest` is implemented for `Cookies`, not `Cookie`.
  * Only a single `Cookies` instance can be retrieved at a time.
  * `Config::take_session_key` returns a `Vec<u8>`.
  * `Into<Header>` is implemented for `&Cookie`, not `Cookie`.
2017-03-07 01:19:06 -08:00
Michael Aaron Murphy 4161949a1c Add webp, ttf, otf, woff, and woff2 as known Content-Types. 2017-02-17 19:13:45 -08:00
Sergio Benitez 20a548b11b Add percent_encode method to URI. 2017-02-06 03:41:12 -08:00
Sergio Benitez e966925455 Use full URI in codegen routes; log query params in routes. 2017-02-05 01:34:48 -08:00
Sergio Benitez aefa2f1494 Use pub(crate) to enforce doc(hidden). 2017-02-03 02:17:06 -08:00
Sergio Benitez bf1b9e76fd Tweak http module docs. 2017-02-03 01:27:41 -08:00
Sergio Benitez a9c3b8a919 Silence warnings during testing. 2017-02-02 02:16:21 -08:00
Sergio Benitez cc22836867 Precisely route formats. Make 'content_type' an 'Option' in 'Request'.
This commit changes the routing algorithm. In particular, it enforces
precise matching of formats. With this change, a route with a specified
format only matches requests that have the same format specified. A
route with no format specified matches any request's format. This is
contrast to the previous behavior, where a route without a specified
format would match requests regardless of their format or whether one
was specified.

This commit also changes the following:
  * The return type of the 'content_type' method of 'Request' is now
    'Option<ContentType>'.
  * The 'ContentType' request guard forwards when the request has no
    specified ContentType.
  * The 'add_header' and 'replace_header' methods take the header
    argument generically.

Closes #120.
2017-02-01 03:12:24 -08:00
Sergio Benitez 35bbb8b60b Use 'to_string' to format Hyper headers. 2017-01-31 17:32:35 -08:00
Sergio Benitez 06a7317fd9 Update to Hyper 0.10. Use cookie crate directly.
A few interesting notes on this breakage:

  * `Cookie` how has a lifetime. It should be `'static'` everywhere.
  * The `SetCookie` header is no longer reexported.
  * Instead, `Cookie` implements `Into<Header>` for Set-Cookie.
2017-01-26 23:08:15 -08:00
Ernestas Poskus 59b7cb006f Add SVG as a known Content-Type. 2017-01-19 12:29:39 -08:00
Sergio Benitez 4bc5c20a45 Fix security checks in `PathBuf::FromSegments`.
In #134, @tunz discovered that Rocket does not properly prevent path traversal
or local file inclusion attacks. The issue is caused by a failure to check for
some dangerous characters after decoding. In this case, the path separator '/'
was left as-is after decoding. As such, an attacker could construct a path with
containing any number of `..%2f..` sequences to traverse the file system.

This commit resolves the issue by ensuring that the decoded segment does not
contains any `/` characters. It further hardens the `FromSegments`
implementation by checking for additional risky characters: ':', '>', '<' as the
last character, and '\' on Windows. This is in addition to the already present
checks for '.' and '*' as the first character.

The behavior for a failing check has also changed. Previously, Rocket would skip
segments that contained illegal characters. In this commit, the implementation
instead return an error.

The `Error` type of the `PathBuf::FromSegment` implementations was changed to a
new `SegmentError` type that indicates the condition that failed.

Closes #134.
2017-01-13 13:25:33 -08:00
Sergio Benitez 21a1bde7c0 Add Header methods to get name and value as strs. 2017-01-06 01:03:08 -06:00
Sergio Benitez 2da08a975c Make Content-Type case-preserving; add 'params' method. 2017-01-05 02:14:44 -06:00
Sergio Benitez 24805bbf16 Treat header names as case-preserving in HeaderMap.
Fixes #92.
2017-01-02 21:33:36 -06:00
Sergio Benitez 82f6f78189 Add UncasedAscii{Ref} type(s) that are case-preserving strings. 2017-01-02 21:32:29 -06:00
Sergio Benitez a1878ad080 Properly resolve dynamic segments, take 2.
Fixes #86.
2016-12-30 23:51:23 -06:00
Sergio Benitez 20f13f0bc1 Add CSV as a known Content-Type. 2016-12-27 15:42:27 -06:00
Sergio Benitez 80632689f4 Document Request. 2016-12-21 01:30:45 -08:00
Sergio Benitez dedf5094fe Remove URIBuf. 2016-12-21 00:20:14 -08:00
Sergio Benitez 62fe734492 URI uses Cow iternally. 2016-12-21 00:09:22 -08:00
Sergio Benitez d44c61f1af Redocument ContentType. 2016-12-19 20:40:21 -08:00
Sergio Benitez 1851187a2d Reword http module documentation. 2016-12-19 19:50:27 -08:00
Sergio Benitez f101069610 Document Status and StatusClass. 2016-12-19 19:46:49 -08:00
Sergio Benitez 3414266a8a Document Header and HeaderMap. 2016-12-19 18:04:31 -08:00
Sergio Benitez f1c7d3e27c Minor code improvements via clippy. 2016-12-17 09:18:30 -08:00
Sergio Benitez 6815a56cb5 Rework Request: add lifetime to future proof, remove unsafe. 2016-12-16 03:07:23 -08:00
Sergio Benitez 08f41816d1 Remove dependence from Hyper in Request/MockRequest. 2016-12-15 16:34:19 -08:00
Sergio Benitez a73a082153 New HeaderMap type for grouping Headers. 2016-12-15 12:37:17 -08:00
Sergio Benitez d3e2d829c7 Remove all Hyper* types in favor of hyper::*. 2016-12-15 09:24:29 -08:00
Sergio Benitez 0cc379b82f Parse and test params in ContentType. 2016-12-15 08:49:10 -08:00
Sergio Benitez 44f5f1998d New HTTP types: ContentType, Status. Responder/Handler/ErrorHandler changed.
This is a complete rework of `Responder`s and of the http backend in
general. This gets Rocket one step closer to HTTP library independence,
enabling many future features such as transparent async I/O, automatic
HEAD request parsing, pre/post hooks, and more.

Summary of changes:

  * `Responder::response` no longer takes in `FreshHyperResponse`.
    Instead, it returns a new `Response` type.
  * The new `Response` type now encapsulates a full HTTP response. As a
    result, `Responder`s now return it.
  * The `Handler` type now returns an `Outcome` directly.
  * The `ErrorHandler` returns a `Result`. It can no longer forward,
    which made no sense previously.
  * `Stream` accepts a chunked size parameter.
  * `StatusCode` removed in favor of new `Status` type.
  * `ContentType` significantly modified.
  * New, lightweight `Header` type that plays nicely with `Response`.
2016-12-15 00:47:31 -08:00
Sergio Benitez 32e22fc8e1 Document the content module, complete response documentation. 2016-11-03 18:54:37 +01:00
Sergio Benitez 553082f026 Document all of the core response types. 2016-11-03 17:05:41 +01:00
Sergio Benitez 004cae7627 Fix codegen tests for new lib. Make UTF8 charset the default for text content types. 2016-11-02 17:39:41 +01:00
Sergio Benitez c98d047038 Add URI::percent_decoding helper method. Safeguard Pathbuf FromSegments implementation. 2016-11-02 16:55:56 +01:00
Sergio Benitez 785d0d2a6a Fix URI display for root path. 2016-10-31 17:32:43 +01:00
Sergio Benitez 5a1a303c59 Document the http module. 2016-10-17 19:29:58 -07:00
Sergio Benitez 762b38efe9 Add fragment support to URI type. 2016-10-17 17:21:29 -07:00