Problem:
To support Server-Side Events (SSE, aka JS EventSource) it is
necessary for the server to keep open an HTTP request and dribble out
data (the event stream) as it is generated.
Currently, Rocket handles this poorly. It likes to fill in complete
chunks. Also there is no way to force a flush of the underlying
stream: in particular, there is a BufWriter underneath hyper. hyper
would honour a flush request, but there is no way to send one.
Options:
Ideally the code which is producing the data would be able to
explicitly designate when a flush should occur. Certainly it would
not be acceptable to flush all the time for all readers.
1. Invent a new kind of Body (UnbufferedChunked) which translates the
data from each Read::read() call into a single call to the stream
write, and which always flushes. This would be a seriously invasive
change. And it would mean that SSE systems with fast event streams
might work poorly.
2. Invent a new kind of Body which doesn't use Read at all, and
instead has a more sophisticated API. This would be super-invasive
and heavyweight.
3. Find a way to encode the necessary information in the Read trait
protocol.
Chosen solution:
It turns out that option 3 is quite easy. The read() call can return
an io::Error. There are at least some errors that clearly ought not
to occur here. An obvious one is ErrorKind::WouldBlock.
Rocket expects the reader to block. WouldBlock is only applicable to
nonblocking objects. And indeed the reader will generally want to
return it (once) when it is about to block.
We have the Stream treat io::Error with ErrorKind::WouldBlock, from
its reader, as a request to flush. There are two effects: we stop
trying to accumulate a full chunk, and we issue a flush call to the
underlying writer (which, eventually, makes it all the way down into
hyper and BufWriter).
Implementation:
We provide a method ReadExt::read_max_wfs which is like read_max but
which handles the WouldBlock case specially. It tells its caller
whether a flush was wanted.
This is implemented by adding a new code to read_max_internal. with a
boolean to control it. This seemed better than inventing a trait or
something. (The other read_max call site is reading http headers in
data.rs, and I think it wants to tread WouldBlock as an error.)
Risks and downsides:
Obviously this ad-hoc extension to the Read protocol is not
particularly pretty. At least, people who aren't doing SSE (or
similar) won't need it and can ignore it.
If for some reason the data source is actually nonblocking, this new
arrangement would spin, rather than calling the situation a fatal
error. This possibility seems fairly remote, in production settings
at least. To migitate this it might be possible for the loop in
Rocket::issue_response to bomb out if it notices it is sending lots of
consecutive empty chunks.
It is possible that async Rocket will want to take a different
approach entirely. But it will definitely need to solve this problem
somehow, and naively it seems like the obvious transformation to eg
the Tokio read trait would have the same API limitation and admit the
same solution. (Having a flush occur every time the body stream
future returns Pending would not be good for performance, I think.)
The existing implementation of 'LocalRequest::clone()' mistakenly copied
the internal 'Request' pointer from the existing 'LocalRequest' to the
cloned 'LocalRequest'. This resulted in an aliased '*mut Request'
pointer, a clear soundness issue. The fix in this commit is to clone the
internal 'Request', replacing the internal pointer with the newly cloned
'Request' when producing the cloned 'LocalRequest'. A fix that removes
all 'unsafe' code should be explored.
Fixes#1312.
Prior to this commit, codegen emitted tokens containing bare types like
'Result' and 'Box' as well as presumed imported variants such as 'None'
and 'Ok'. However, users are free to shadow these, and if they do, the
generated code will fail to compile, or worse, be incorrect. To avoid
this, this commit makes all references to these core types and imports
absolute.
Every code example is now fully runnable and testable. As a result, all
examples are now tested and include imports. Relevant imports are shown
by default. Code examples can be expanded to show all imports.
Fixes#432.
