Commit Graph

1158 Commits

Author SHA1 Message Date
Sergio Benitez ecc62beeac Update uuid in contrib to 0.4. 2017-02-02 14:51:04 -08:00
Sergio Benitez 1a18c73970 Update to todo example to diesel 0.10. 2017-02-02 14:47:53 -08:00
Sergio Benitez 58678e53fb Update codegen for latest nightly. 2017-02-02 14:45:43 -08:00
Sergio Benitez a9c3b8a919 Silence warnings during testing. 2017-02-02 02:16:21 -08:00
Sergio Benitez 7b8d104ae0 Silence cargo and diesel in todo bootstrap. 2017-02-02 01:08:43 -08:00
Sergio Benitez d4eda278a2 Parallelize testing. Fix compiletest dependencies. 2017-02-02 00:41:47 -08:00
Sergio Benitez 4d2f695db0 Add more bad form tests to forms example. 2017-02-01 18:35:54 -08:00
Garrett Squire 11e90f525f Update status code for form processing failure. 2017-02-01 18:29:29 -08:00
Sergio Benitez ed429cd487 Change FromForm signature. Emit 422 form errors on bad form strings.
This commit changes the way Rocket parses form items. In particular, it now
(liberally) validates form strings, returning a Bad Request on malformed inputs
and Unprocessable Entity on bad parses.

The 'FormItems' iterator was modified to accomodate this. The iterator is now
initialized using 'from': 'FormItems::from(form_string)'. The iterator can be
queried to check for a complete parse using either 'completed()' or
'exhausted()', the latter of which will consume valid keys/values and return
true only if the entire string was consumed.

The 'FromForm' trait now takes a mutable borrow to a 'FormItems' iterator.

The 'Form' and 'FormForm' implementation for 'Form' were modified to use the new
iterfaces and check for 'exhausted' after a parse, returning a Bad Request error
if the iterator cannot be exhausted.

Resolves #46.
2017-02-01 18:22:51 -08:00
Sergio Benitez cc22836867 Precisely route formats. Make 'content_type' an 'Option' in 'Request'.
This commit changes the routing algorithm. In particular, it enforces
precise matching of formats. With this change, a route with a specified
format only matches requests that have the same format specified. A
route with no format specified matches any request's format. This is
contrast to the previous behavior, where a route without a specified
format would match requests regardless of their format or whether one
was specified.

This commit also changes the following:
  * The return type of the 'content_type' method of 'Request' is now
    'Option<ContentType>'.
  * The 'ContentType' request guard forwards when the request has no
    specified ContentType.
  * The 'add_header' and 'replace_header' methods take the header
    argument generically.

Closes #120.
2017-02-01 03:12:24 -08:00
Sergio Benitez 3235e1e5e6 Make 'false' the default value for bools in forms. 2017-02-01 00:12:11 -08:00
Sergio Benitez c0235d0cde Condense cases in 'def_id_opt'. 2017-01-31 17:38:25 -08:00
Sergio Benitez 35bbb8b60b Use 'to_string' to format Hyper headers. 2017-01-31 17:32:35 -08:00
Sergio Benitez 5fabb43a1b Update to serde 0.9, handlebars 0.25. Move from `map!` to `json!` macro.
Resolves #154.
2017-01-31 17:15:42 -08:00
Sergio Benitez 52d627cf44 Use only 'Request' parameter in content_types example catcher. 2017-01-31 02:46:28 -08:00
Sergio Benitez 374593c2f0 Use 'ContentType::Plain' for 'String' responses.
Resolves #49.
2017-01-31 02:43:19 -08:00
Sergio Benitez 724446cda4 Add categories to Cargo.toml. 2017-01-31 02:01:51 -08:00
Sergio Benitez c1697509ba Improve lints: gather info on per-instance basis. 2017-01-31 02:01:30 -08:00
Sergio Benitez 4eaf9ba9c5 Add lints to catch unmanaged state and unmounted routes.
* The `unmanaged_state` lint emits a warning when a `State<T>` request
    guard is used without an accompanying `manage` call for `T`.

  * The `unmounted_route` lint emits a warning when a route declared via
    a Rocket attribute is not mounted via a call to `mount`.

There is one known shortcoming of these lints at present: _any_ call to
`manage` or `mount` marks state/routes as managed/mounted. This can be
an issue when an application uses more than one `Rocket` instance, with
different calls to `mount` and `manage` in each. The lints should
perform their analyses on a per-instance basis.
2017-01-29 01:13:52 -08:00
Sergio Benitez 5f04beaafc Use pegged Tera. 2017-01-28 21:52:36 -08:00
Sergio Benitez 0063f2524e Remove unused macro_use in codegen. 2017-01-27 00:06:16 -08:00
Lori Holden f230d43fd5 Add example for the contrib UUID type. 2017-01-26 23:20:05 -08:00
Sergio Benitez 06a7317fd9 Update to Hyper 0.10. Use cookie crate directly.
A few interesting notes on this breakage:

  * `Cookie` how has a lifetime. It should be `'static'` everywhere.
  * The `SetCookie` header is no longer reexported.
  * Instead, `Cookie` implements `Into<Header>` for Set-Cookie.
2017-01-26 23:08:15 -08:00
Sergio Benitez 8fd19cce4f Use upstream Tera. Emit warning on conflicting templates. 2017-01-26 12:47:20 -08:00
Sergio Benitez c61e740572 Allow any Serialize type in RHS of map macro. 2017-01-26 11:56:06 -08:00
Sergio Benitez 0a0b64b9b6 New version: 0.1.6. 2017-01-26 11:26:50 -08:00
Sergio Benitez 466b58970e Pin Hyper to 0.9.14 due to non-semver breaking change. 2017-01-26 11:11:43 -08:00
Sergio Benitez 9de118c5f2 Update license years for 2017. 2017-01-23 14:58:09 -08:00
Sergio Benitez c815911705 Introduce Managed State. 2017-01-20 23:17:28 -08:00
Giovanni Capuano 9ef65a8c91 Don't use any features from toml crate. 2017-01-20 16:38:50 -08:00
Sergio Benitez 72b91dfa41 Use shorthand version for hyper dependency. 2017-01-20 16:36:55 -08:00
Sergio Benitez 44e367c64c Remove authorship from all examples. 2017-01-19 17:14:01 -08:00
Ernestas Poskus 59b7cb006f Add SVG as a known Content-Type. 2017-01-19 12:29:39 -08:00
Sergio Benitez b164da1a01 Rename JSON::unwrap() to JSON::into_inner(). 2017-01-15 03:00:46 -08:00
Sergio Benitez c6f8b251cb Clean Rocket crates before testing to avoid versioning/rebuild issues. 2017-01-15 02:33:45 -08:00
Sergio Benitez cf82469c52 Document encoding behavior for FormItems. 2017-01-15 02:21:28 -08:00
Sergio Benitez bb295dc230 Extend FormFormValue docs with details and built-in impls.
Closes #129.
2017-01-15 02:05:17 -08:00
Sergio Benitez 307469dc3a Refuse to build on non-nightly with a nice message. 2017-01-15 01:16:47 -08:00
Sergio Benitez 08278e8f0e New version: 0.1.5. 2017-01-14 08:45:03 -08:00
Sergio Benitez 77ae330212 Minor style changes to UUID contrib. 2017-01-14 08:20:15 -08:00
Lori Holden 8f39d3399e Add UUID type to contrib. 2017-01-14 08:08:01 -08:00
Eijebong 1398626710 Fix typo in `Redirect` documentation. 2017-01-14 07:58:28 -08:00
Sergio Benitez d4d5c5dd29 Override config parameters via environment variables.
Resolves #37.
2017-01-14 07:55:08 -08:00
Sergio Benitez 4bc5c20a45 Fix security checks in `PathBuf::FromSegments`.
In #134, @tunz discovered that Rocket does not properly prevent path traversal
or local file inclusion attacks. The issue is caused by a failure to check for
some dangerous characters after decoding. In this case, the path separator '/'
was left as-is after decoding. As such, an attacker could construct a path with
containing any number of `..%2f..` sequences to traverse the file system.

This commit resolves the issue by ensuring that the decoded segment does not
contains any `/` characters. It further hardens the `FromSegments`
implementation by checking for additional risky characters: ':', '>', '<' as the
last character, and '\' on Windows. This is in addition to the already present
checks for '.' and '*' as the first character.

The behavior for a failing check has also changed. Previously, Rocket would skip
segments that contained illegal characters. In this commit, the implementation
instead return an error.

The `Error` type of the `PathBuf::FromSegment` implementations was changed to a
new `SegmentError` type that indicates the condition that failed.

Closes #134.
2017-01-13 13:25:33 -08:00
Sergio Benitez 41aecc3e7f Expose the remote address via `remote()` in `Request`.
This commit also includes the following changes:

  * `FromRequest` for `SocketAddr` implemented: extracts remote address.
  * All built-in `FromRequest` implementations are documented.
  * Request preprocessing overrides remote IP with value from X-Real-IP header.
  * `MockRequest` allows setting the remote address with `remote()`.

Resolves #38.
2017-01-13 07:50:51 -08:00
Sergio Benitez 725191d3c3 Adjust spacing in handlebars_templates example. 2017-01-13 00:22:16 -08:00
FliegendeWurst 99a17b42ae Add tests for handlebars_templates example. 2017-01-13 00:19:58 -08:00
Seth Lopez dec585dbd4 Add tests for content_types example. 2017-01-13 00:05:58 -08:00
Sergio Benitez 6fd0503cea Expose SerdeError. 2017-01-12 23:07:01 -08:00
Sergio Benitez bea9727f44 Correct variance in Iron benchmarks. 2017-01-12 02:56:02 -08:00