Commit Graph

547 Commits

Author SHA1 Message Date
Sergio Benitez
c0235d0cde Condense cases in 'def_id_opt'. 2017-01-31 17:38:25 -08:00
Sergio Benitez
35bbb8b60b Use 'to_string' to format Hyper headers. 2017-01-31 17:32:35 -08:00
Sergio Benitez
5fabb43a1b Update to serde 0.9, handlebars 0.25. Move from map! to json! macro.
Resolves #154.
2017-01-31 17:15:42 -08:00
Sergio Benitez
52d627cf44 Use only 'Request' parameter in content_types example catcher. 2017-01-31 02:46:28 -08:00
Sergio Benitez
374593c2f0 Use 'ContentType::Plain' for 'String' responses.
Resolves #49.
2017-01-31 02:43:19 -08:00
Sergio Benitez
724446cda4 Add categories to Cargo.toml. 2017-01-31 02:01:51 -08:00
Sergio Benitez
c1697509ba Improve lints: gather info on per-instance basis. 2017-01-31 02:01:30 -08:00
Sergio Benitez
4eaf9ba9c5 Add lints to catch unmanaged state and unmounted routes.
* The `unmanaged_state` lint emits a warning when a `State<T>` request
    guard is used without an accompanying `manage` call for `T`.

  * The `unmounted_route` lint emits a warning when a route declared via
    a Rocket attribute is not mounted via a call to `mount`.

There is one known shortcoming of these lints at present: _any_ call to
`manage` or `mount` marks state/routes as managed/mounted. This can be
an issue when an application uses more than one `Rocket` instance, with
different calls to `mount` and `manage` in each. The lints should
perform their analyses on a per-instance basis.
2017-01-29 01:13:52 -08:00
Sergio Benitez
5f04beaafc Use pegged Tera. 2017-01-28 21:52:36 -08:00
Sergio Benitez
0063f2524e Remove unused macro_use in codegen. 2017-01-27 00:06:16 -08:00
Lori Holden
f230d43fd5 Add example for the contrib UUID type. 2017-01-26 23:20:05 -08:00
Sergio Benitez
06a7317fd9 Update to Hyper 0.10. Use cookie crate directly.
A few interesting notes on this breakage:

  * `Cookie` how has a lifetime. It should be `'static'` everywhere.
  * The `SetCookie` header is no longer reexported.
  * Instead, `Cookie` implements `Into<Header>` for Set-Cookie.
2017-01-26 23:08:15 -08:00
Sergio Benitez
8fd19cce4f Use upstream Tera. Emit warning on conflicting templates. 2017-01-26 12:47:20 -08:00
Sergio Benitez
c61e740572 Allow any Serialize type in RHS of map macro. 2017-01-26 11:56:06 -08:00
Sergio Benitez
0a0b64b9b6 New version: 0.1.6. 2017-01-26 11:26:50 -08:00
Sergio Benitez
466b58970e Pin Hyper to 0.9.14 due to non-semver breaking change. 2017-01-26 11:11:43 -08:00
Sergio Benitez
9de118c5f2 Update license years for 2017. 2017-01-23 14:58:09 -08:00
Sergio Benitez
c815911705 Introduce Managed State. 2017-01-20 23:17:28 -08:00
Giovanni Capuano
9ef65a8c91 Don't use any features from toml crate. 2017-01-20 16:38:50 -08:00
Sergio Benitez
72b91dfa41 Use shorthand version for hyper dependency. 2017-01-20 16:36:55 -08:00
Sergio Benitez
44e367c64c Remove authorship from all examples. 2017-01-19 17:14:01 -08:00
Ernestas Poskus
59b7cb006f Add SVG as a known Content-Type. 2017-01-19 12:29:39 -08:00
Sergio Benitez
b164da1a01 Rename JSON::unwrap() to JSON::into_inner(). 2017-01-15 03:00:46 -08:00
Sergio Benitez
c6f8b251cb Clean Rocket crates before testing to avoid versioning/rebuild issues. 2017-01-15 02:33:45 -08:00
Sergio Benitez
cf82469c52 Document encoding behavior for FormItems. 2017-01-15 02:21:28 -08:00
Sergio Benitez
bb295dc230 Extend FormFormValue docs with details and built-in impls.
Closes #129.
2017-01-15 02:05:17 -08:00
Sergio Benitez
307469dc3a Refuse to build on non-nightly with a nice message. 2017-01-15 01:16:47 -08:00
Sergio Benitez
08278e8f0e New version: 0.1.5. 2017-01-14 08:45:03 -08:00
Sergio Benitez
77ae330212 Minor style changes to UUID contrib. 2017-01-14 08:20:15 -08:00
Lori Holden
8f39d3399e Add UUID type to contrib. 2017-01-14 08:08:01 -08:00
Eijebong
1398626710 Fix typo in Redirect documentation. 2017-01-14 07:58:28 -08:00
Sergio Benitez
d4d5c5dd29 Override config parameters via environment variables.
Resolves #37.
2017-01-14 07:55:08 -08:00
Sergio Benitez
4bc5c20a45 Fix security checks in PathBuf::FromSegments.
In #134, @tunz discovered that Rocket does not properly prevent path traversal
or local file inclusion attacks. The issue is caused by a failure to check for
some dangerous characters after decoding. In this case, the path separator '/'
was left as-is after decoding. As such, an attacker could construct a path with
containing any number of `..%2f..` sequences to traverse the file system.

This commit resolves the issue by ensuring that the decoded segment does not
contains any `/` characters. It further hardens the `FromSegments`
implementation by checking for additional risky characters: ':', '>', '<' as the
last character, and '\' on Windows. This is in addition to the already present
checks for '.' and '*' as the first character.

The behavior for a failing check has also changed. Previously, Rocket would skip
segments that contained illegal characters. In this commit, the implementation
instead return an error.

The `Error` type of the `PathBuf::FromSegment` implementations was changed to a
new `SegmentError` type that indicates the condition that failed.

Closes #134.
2017-01-13 13:25:33 -08:00
Sergio Benitez
41aecc3e7f Expose the remote address via remote() in Request.
This commit also includes the following changes:

  * `FromRequest` for `SocketAddr` implemented: extracts remote address.
  * All built-in `FromRequest` implementations are documented.
  * Request preprocessing overrides remote IP with value from X-Real-IP header.
  * `MockRequest` allows setting the remote address with `remote()`.

Resolves #38.
2017-01-13 07:50:51 -08:00
Sergio Benitez
725191d3c3 Adjust spacing in handlebars_templates example. 2017-01-13 00:22:16 -08:00
FliegendeWurst
99a17b42ae Add tests for handlebars_templates example. 2017-01-13 00:19:58 -08:00
Seth Lopez
dec585dbd4 Add tests for content_types example. 2017-01-13 00:05:58 -08:00
Sergio Benitez
6fd0503cea Expose SerdeError. 2017-01-12 23:07:01 -08:00
Sergio Benitez
bea9727f44 Correct variance in Iron benchmarks. 2017-01-12 02:56:02 -08:00
Sergio Benitez
3c07cf96df Overhaul templating contrib library: use register callback.
This commit improves and changes the templating library in the following ways:

  * Templates are now registered/loaded at initialization.
  * No synchronization is required to read templates.
  * All templates are properly loaded (fixes #122).
  * Tera templates are given the proper name: `index`, not `index.html.tera`.
  * Rendering tests added for both templating engines.

There is one breaking change:

  * Tera templates are given the proper name: `index`, not `index.html.tera`.
2017-01-12 02:52:23 -08:00
Sergio Benitez
36bf704673 Fix config example tests for new Config structure. 2017-01-12 02:47:25 -08:00
Sergio Benitez
c6fbc44888 Add TODO about improving builder finalize error. 2017-01-12 02:43:00 -08:00
Sergio Benitez
a2f378ab88 Fixed Hyper version number. 2017-01-12 02:39:42 -08:00
Sergio Benitez
ddda8fe79b Add workers config parameter. 2017-01-12 02:38:14 -08:00
Sergio Benitez
fb24ee315c Overhaul configuration and custom ignition.
* Add Config::new() and Config::build() for simpler Config creation.
  * Add set_{param} methods to Config.
  * Add ConfigBuilder type for easy building of configurations.
  * Remove builder methods from Config.
  * PartialEq in Config doesn't consider path or session key.
  * Rocket::custom takes Config by value.
  * Rocket::custom takes second (enable_logging) boolean argument.
  * Rocket::custom properly sets the custom config as the active config.
2017-01-11 18:35:09 -08:00
Sergio Benitez
31e80cb07b Add Iron to the benchmark mix. 2017-01-11 14:53:04 -08:00
Sergio Benitez
dbd427b433 Add Matrix as an official support channel. Add chat badges. 2017-01-11 14:32:12 -08:00
Sergio Benitez
5db5e9f688 Update handlebars to 0.24. 2017-01-10 15:06:00 -08:00
Sergio Benitez
b109bb41ff One more clippy warning (in FromForm derive). 2017-01-09 20:45:34 -08:00
Josh Holmer
59043e262a Fix more codegen clippy warnings. 2017-01-09 20:33:54 -08:00