Prior to this commit, some TLS related operations used 'ring' even when
a different default 'CryptoProvider' was installed. This commit fixes
that by refactoring 'TlsConfig' such that all utility methods are
required to use the default 'CryptoProvider'.
This commit also cleans up code related to the rustls 0.23 update.
This commit updates rustls to 0.23 and adds support for custom
'CryptoProvider's installable via 'CryptoProvider::install_default()'.
In particular, this enables using `aws-lc-rs` for cryptography related
operation in TLS. The 'TLS' example was updated to test use of
'aws-lc-rs' on Unix.
Adding `#[suppress(lint)]` for a known `lint` suppresses the
corresponding warning generated by Rocket's codegen. The lints are:
* `unknown_format`
* `dubious_payload`
* `segment_chars`
* `arbitrary_main`
* `sync_spawn`
For example, the following works as expected to suppress the warning
generated by the unknown media type "application/foo":
```rust
fn post_foo() -> &'static str { "post_foo" }
```
Resolves#1188.
This commit is a codebase-wide cleanup driven by clippy warnings. In
addition to fixing every reasonable warning, the following new
functionality was introduced:
* `Accept::new()` now takes any `T: Into<QMediaType>` iterator.
* `TempFile::is_empty()` was added.
* `HeaderMap` now implements `IntoIterator`.
This commit makes the following breaking changes:
* The `IntoCollection` trait is gone. Generics previously bound by the
trait are now bound by `IntoIterator`. This affects:
- `Accept::new()`
- `ContentType::with_params()`
- `Permission::{allow, allowed}()`
* `MediaType`, `QMediaType`, and `Allow` implement `IntoIterator`,
enabling most existing code to continue working without change.
* The inherent `HeaderMap::into_iter()` method was removed.
* The `Ok` variant in ErrorKind::Liftoff` is now `Box<Rocket<Orbit>>`.
This commit adds support for HTTP/3 and QUIC under a disabled-by-default
feature `http3-preview`. The current implementation depends on modified
versions of h3 and s2n-quic-h3 which will need to be upstreamed and
published before a release is possible.
During the course of development various facets of Rocket's internal
connection handling and recent listener APIs were improved. The complete
list of changes included in this PR is:
* A `shutdown` module was introduced.
* `config::Shutdown` was renamed to `ShutdownConfig` and moved to
`shutdown` while being re-exported from `config`.
* `ListenerAddr` is now called `Endpoint`. Various methods which
previously referred to "addresses" now refer to "endpoints".
* `Rocket::endpoint()` was renamed to `Rocket::endpoints()` and now
returns an iterator over the endpoints Rocket is listening on.
* `Endpoint` acquired various query utility methods.
* The `{set_}remote()` methods now take/produce `Endpoint`s.
* `TlsBindable` only accepts single-phase internal interfaces.
* Bind error messages include candidate endpoint info when possible.
* The warning message when a secret key is not configured now includes
information about its effect on private cookies.
Internal changes include:
* Config module tests were moved to `config/tests.rs`.
* The cancellable I/O implementation was significantly simplified.
* The `TripWire` implementation was simplified.
* Individual shutdown stages can now be awaited on via `Stages`.
* The `Shield` implementation was simplified.
Resolves#2723.
This commit completely rewrites Rocket's HTTP serving. In addition to
significant internal cleanup, this commit introduces the following major
features:
* Support for custom, external listeners in the `listener` module.
The new `listener` module contains new `Bindable`, `Listener`, and
`Connection` traits which enable composable, external
implementations of connection listeners. Rocket can launch on any
`Listener`, or anything that can be used to create a listener
(`Bindable`), via a new `launch_on()` method.
* Support for Unix domain socket listeners out of the box.
The default listener backwards compatibly supports listening on Unix
domain sockets. To do so, configure an `address` of
`unix:path/to/socket` and optional set `reuse` to `true` (the
default) or `false` which controls whether Rocket will handle
creating and deleting the unix domain socket.
In addition to these new features, this commit makes the following major
improvements:
* Rocket now depends on hyper 1.
* Rocket no longer depends on hyper to handle connections. This allows
us to handle more connection failure conditions which results in an
overall more robust server with fewer dependencies.
* Logic to work around hyper's inability to reference incoming request
data in the response results in a 15% performance improvement.
* `Client`s can be marked secure with `Client::{un}tracked_secure()`,
allowing Rocket to treat local connections as running under TLS.
* The `macros` feature of `tokio` is no longer used by Rocket itself.
Dependencies can take advantage of this reduction in compile-time
cost by disabling the new default feature `tokio-macros`.
* A new `TlsConfig::validate()` method allows checking a TLS config.
* New `TlsConfig::{certs,key}_reader()`,
`MtlsConfig::ca_certs_reader()` methods return `BufReader`s, which
allow reading the configured certs and key directly.
* A new `NamedFile::open_with()` constructor allows specifying
`OpenOptions`.
These improvements resulted in the following breaking changes:
* The MSRV is now 1.74.
* `hyper` is no longer exported from `rocket::http`.
* `IoHandler::io` takes `Box<Self>` instead of `Pin<Box<Self>>`.
- Use `Box::into_pin(self)` to recover the previous type.
* `Response::upgrade()` now returns an `&mut dyn IoHandler`, not
`Pin<& mut _>`.
* `Config::{address,port,tls,mtls}` methods have been removed.
- Use methods on `Rocket::endpoint()` instead.
* `TlsConfig` was moved to `tls::TlsConfig`.
* `MutualTls` was renamed and moved to `mtls::MtlsConfig`.
* `ErrorKind::TlsBind` was removed.
* The second field of `ErrorKind::Shutdown` was removed.
* `{Local}Request::{set_}remote()` methods take/return an `Endpoint`.
* `Client::new()` was removed; it was previously deprecated.
Internally, the following major changes were made:
* A new `async_bound` attribute macro was introduced to allow setting
bounds on futures returned by `async fn`s in traits while
maintaining good docs.
* All utility functionality was moved to a new `util` module.
Resolves#2671.
Resolves#1070.
Tokio's `File::write_all()` method has an unexpected quirk: it doesn't
actually write all the requested content to the file when the returned
future resolves. Instead, the write is attempted and queued. This means
that the `persist()` method can resolve without the data being persisted
to the file system. Subsequent reads of the ostensibly written-to file
can thus fail to contain the expected data.
An call to `flush()` following `write_all()` would circumvent the issue.
Alternatively, calling `fs::write()` actually writes to the file system
before returning and requires fewer lines of code. This commit thus
swaps the call to `write_all()` with `fs::write()`.
In the process, the following improvements were also made:
* Error messages related to TLS were improved.
* 'Redirector' in 'tls' example was improved.
Previously, the `NotFound` status code was used to signal many kinds of
recoverable, forwarding errors. This included validation errors, incorrect
Content-Type errors, and more.
This commit modifies the status code used to forward in these instances to more
precisely indicate the forwarding condition. In particular:
* Parameter `FromParam` errors now forward as 422 (`UnprocessableEntity`).
* Query paramater errors now forward as 422 (`UnprocessableEntity`).
* Use of incorrect form content-type forwards as 413 (`UnsupportedMediaType`).
* `WebSocket` guard now forwards as 400 (`BadRequest`).
* `&Host`, `&Accept`, `&ContentType`, `IpAddr`, and `SocketAddr` all forward
with a 500 (`InternalServerError`).
Additionally, the `IntoOutcome` trait was overhauled to support functionality
previously offered by methods on `Outcome`. The `Outcome::forward()` method now
requires a status code to use for the forwarding outcome.
Finally, logging of `Outcome`s now includes the relevant status code.
Resolves#2626.
The primary motivation is to deconflate the leading `F`s in `Failure` and
`Forward`. In particular, when using a generics, we used `F` for forward, which
could easily be confused for `F` for `Failure`. This resolves the conflation.
The warning is fairly conservative. Heuristics are used to determine if a call
to `tokio::spawn()` occurs in the `#[launch]` function.
Addresses #2547.
Previously, `async_main` would extract a full `Config`. This mean that values
like `address` were read and parsed even when they were unused. Should they
exist and be malformed, a configuration error would needlessly arise.
This commit fixes this by only extract values that are subsequently used.
The codegen for field validations previously included a closure that
could potentially partially borrow a 'Copy' field of the context
structure. To prevent this, 'let'-assign the field before the closure is
created, and use the assignment inside of the closure.
The compatibility normalizer previously missed or was overly egregious
in several cases. This commit resolves those issue. In particular:
* Only request URIs that would not match any route are normalized.
* Synthetic routes are added to the igniting `Rocket` so that requests
with URIs of the form `/foo` match routes with URIs of the form
`/foo/<b..>`, as they did prior to the trailing slash overhaul.
Tests are added for all of these cases.
Prior to this commit, a route with a URI of `/` could not be mounted in
such a way that the resulting effective URI contained a trailing slash.
This commit changes the semantics of mounting so that mounting such a
route to a mount point with a trailing slash yields an effective URI
with a trailing slash. When mounted to points without a trailing slash,
the effective URI does not have a trailing slash.
This commit also introduces the `Route::rebase()` and
`Catcher::rebase()` methods for easier rebasing of existing routes and
catchers.
Finally, this commit improves logging such that mount points of `/`
are underlined in the logs.
Tests and docs were added and modified as necessary.
Resolves#2533.
If a port part was missing, the 'Authority' parser previously set the
port to `0`. This is incorrect. As in RFC#3986 3.2.3:
> URI producers and normalizers should omit the port component and its
":" delimiter if port is empty [..]
This commit fixes the parser's behavior to align with the RFC.
'EXE' is IANA registered, and the registered media type is used here for
the '.exe' extension.
The '.iso' and '.dmg' extensions do not appear to correspond to any IANA
registered media type, but they have a de facto media type of
"application/octet-stream", and that media type is used by this commit.
Closes#2530.
Prior to this commit, all forward outcomes resulted in a 404. This
commit changes request and data guards so that they are able to provide
a `Status` on `Forward` outcomes. The router uses this status, if the
final outcome is to forward, to identify the catcher to invoke.
The net effect is that guards can now customize the status code of a
forward and thus the error catcher invoked if the final outcome of a
request is to forward.
Resolves#1560.
This commit exposes four new methods:
* `Route::collides_with(&Route)`
* `Route::matches(&Request)`
* `Catcher::collides_with(&Catcher)`
* `Catcher::matches(Status, &Request)`
Each method checks the corresponding condition: whether two routes
collide, whether a route matches a request, whether two catchers
collide, and whether a catcher matches an error arising from a request.
This functionality is used internally by Rocket to make routing
decisions. By exposing these methods, external libraries can use
guaranteed consistent logic to check the same routing conditions.
Resolves#1561.
Prior to this commit, several `RouteUri` fields were public, allowing
those values to be changed at will. These changes were at times not
reflected by the rest of the library, meaning that the values in the
route URI structure for a route became incoherent with the reflected
values. This commit makes all fields private, forcing all changes to go
through methods that can ensure coherence. All values remain accessible
via getter methods.
This commit modifies request routing in a backwards incompatible manner.
The change is summarized as: trailing slashes are now significant and
never transparently disregarded. This has the following implications,
all representing behavior that differs from that before this change:
* Route URIs with trailing slashes (`/foo/`, `/<a>/`) are legal.
* A request `/foo/` is routed to route `/foo/` but not `/foo`.
* Similarly, a request `/bar/` is routed to `/<a>/` but not `/<a>`.
* A request `/bar/foo` is not routed to `/<a>/<b>/<c..>`.
A new `AdHoc::uri_normalizer()` fairing was added that recovers the
previous behavior.
In addition to the above, the `Options::NormalizeDirs` `FileServer`
option is now enabled by default to remain consistent with the above
changes and reduce breaking changes at the `FileServer` level.
The fuzzing target introduced in this commit attemps to assert
"collision safety". Formally, this is the property that:
matches(request, route) := request is matched to route
collides(route1, route2) := there is a a collision between routes
forall requests req. !exist routes r1, r2 s.t.
matches(req, r1) AND matches(req, r2) AND not collides(r1, r2)
Alternatively:
forall requests req, routes r1, r2.
matches(req, r1) AND matches(req, r2) => collides(r1, r2)
The target was run for 20 CPU hours without failure.
The net effect of this commit is three-fold:
* A request to `/` now matches `/<a>`. `/foo/` matches `/<a>/<b>`.
* A segment matched to a dynamic parameter may be empty.
* A request to `/foo/` no longer matches `/foo` or `/<a>`. Instead,
such a request would match `/foo/<a>` or `/foo/`.
The `&str` and `String` parameter guards were updated to reflect this
change: they now error, with a newly introduced error type `Empty` in
the `rocket::error` module, when the parameter is empty. As this was the
only built-in parameter guard that would be effected by this change (all
other guards already required nonempty parameters to succeed), the
majority of applications will see no effect as a result.
For applications wanting the previous functionality, a new
`AdHoc::uri_normalizer()` fairing was introduced.
* Trailing slashes are now allowed in all normalized URI paths, except
for route attribute URIs: `/foo/` is considered normalized.
* Query parts of URIs may now be empty: `/foo?` and `/foo/?` are now
considered normalized.
* The `base` field of `Catcher` is now only accessible via a new
getter method: `Catcher::base()`.
* `RawStr::split()` returns a `DoubleEndedIterator`.
* Introduced a second normalization for `Origin`, "nontrailing", and
associated methods: `Origin::normalize_nontrailing()`, and
`Origin::is_normalized_nontrailing()`.
* Added `Origin::has_trailing_slash()`.
* The `Segments<Path>` iterator will now return an empty string if
there is a trailing slash in the referenced path.
* `Segments::len()` is now `Segments::num()`.
* Added `RawStr::trim()`.
Resolves#2512.
This commit modifies all of the non-empty responders in the
`response::status` module so that they look like `Status<R>(pub R)`.
Prior to this commit, some responders looked like this, while others
contained an `Option<R>`.
Resolves#2351.
This modifies the 'IoHandler::io()' method so that it takes a
'Pin<Box<Self>>', allowing handlers to move internally and assume that
the data is pinned.
The change is then used in the 'ws' contrib crate to allow 'FnOnce'
handlers instead of 'FnMut'. The net effect is that streams, such as
those crated by 'Stream!', are now allowed to move internally.