Commit Graph

1396 Commits

Author SHA1 Message Date
Sergio Benitez 35bbb8b60b Use 'to_string' to format Hyper headers. 2017-01-31 17:32:35 -08:00
Sergio Benitez 5fabb43a1b Update to serde 0.9, handlebars 0.25. Move from `map!` to `json!` macro.
Resolves #154.
2017-01-31 17:15:42 -08:00
Sergio Benitez 52d627cf44 Use only 'Request' parameter in content_types example catcher. 2017-01-31 02:46:28 -08:00
Sergio Benitez 374593c2f0 Use 'ContentType::Plain' for 'String' responses.
Resolves #49.
2017-01-31 02:43:19 -08:00
Sergio Benitez 724446cda4 Add categories to Cargo.toml. 2017-01-31 02:01:51 -08:00
Sergio Benitez c1697509ba Improve lints: gather info on per-instance basis. 2017-01-31 02:01:30 -08:00
Sergio Benitez 4eaf9ba9c5 Add lints to catch unmanaged state and unmounted routes.
* The `unmanaged_state` lint emits a warning when a `State<T>` request
    guard is used without an accompanying `manage` call for `T`.

  * The `unmounted_route` lint emits a warning when a route declared via
    a Rocket attribute is not mounted via a call to `mount`.

There is one known shortcoming of these lints at present: _any_ call to
`manage` or `mount` marks state/routes as managed/mounted. This can be
an issue when an application uses more than one `Rocket` instance, with
different calls to `mount` and `manage` in each. The lints should
perform their analyses on a per-instance basis.
2017-01-29 01:13:52 -08:00
Sergio Benitez 5f04beaafc Use pegged Tera. 2017-01-28 21:52:36 -08:00
Sergio Benitez 0063f2524e Remove unused macro_use in codegen. 2017-01-27 00:06:16 -08:00
Lori Holden f230d43fd5 Add example for the contrib UUID type. 2017-01-26 23:20:05 -08:00
Sergio Benitez 06a7317fd9 Update to Hyper 0.10. Use cookie crate directly.
A few interesting notes on this breakage:

  * `Cookie` how has a lifetime. It should be `'static'` everywhere.
  * The `SetCookie` header is no longer reexported.
  * Instead, `Cookie` implements `Into<Header>` for Set-Cookie.
2017-01-26 23:08:15 -08:00
Sergio Benitez 8fd19cce4f Use upstream Tera. Emit warning on conflicting templates. 2017-01-26 12:47:20 -08:00
Sergio Benitez c61e740572 Allow any Serialize type in RHS of map macro. 2017-01-26 11:56:06 -08:00
Sergio Benitez 0a0b64b9b6 New version: 0.1.6. 2017-01-26 11:26:50 -08:00
Sergio Benitez 466b58970e Pin Hyper to 0.9.14 due to non-semver breaking change. 2017-01-26 11:11:43 -08:00
Sergio Benitez 9de118c5f2 Update license years for 2017. 2017-01-23 14:58:09 -08:00
Sergio Benitez c815911705 Introduce Managed State. 2017-01-20 23:17:28 -08:00
Giovanni Capuano 9ef65a8c91 Don't use any features from toml crate. 2017-01-20 16:38:50 -08:00
Sergio Benitez 72b91dfa41 Use shorthand version for hyper dependency. 2017-01-20 16:36:55 -08:00
Sergio Benitez 44e367c64c Remove authorship from all examples. 2017-01-19 17:14:01 -08:00
Ernestas Poskus 59b7cb006f Add SVG as a known Content-Type. 2017-01-19 12:29:39 -08:00
Sergio Benitez b164da1a01 Rename JSON::unwrap() to JSON::into_inner(). 2017-01-15 03:00:46 -08:00
Sergio Benitez c6f8b251cb Clean Rocket crates before testing to avoid versioning/rebuild issues. 2017-01-15 02:33:45 -08:00
Sergio Benitez cf82469c52 Document encoding behavior for FormItems. 2017-01-15 02:21:28 -08:00
Sergio Benitez bb295dc230 Extend FormFormValue docs with details and built-in impls.
Closes #129.
2017-01-15 02:05:17 -08:00
Sergio Benitez 307469dc3a Refuse to build on non-nightly with a nice message. 2017-01-15 01:16:47 -08:00
Sergio Benitez 08278e8f0e New version: 0.1.5. 2017-01-14 08:45:03 -08:00
Sergio Benitez 77ae330212 Minor style changes to UUID contrib. 2017-01-14 08:20:15 -08:00
Lori Holden 8f39d3399e Add UUID type to contrib. 2017-01-14 08:08:01 -08:00
Eijebong 1398626710 Fix typo in `Redirect` documentation. 2017-01-14 07:58:28 -08:00
Sergio Benitez d4d5c5dd29 Override config parameters via environment variables.
Resolves #37.
2017-01-14 07:55:08 -08:00
Sergio Benitez 4bc5c20a45 Fix security checks in `PathBuf::FromSegments`.
In #134, @tunz discovered that Rocket does not properly prevent path traversal
or local file inclusion attacks. The issue is caused by a failure to check for
some dangerous characters after decoding. In this case, the path separator '/'
was left as-is after decoding. As such, an attacker could construct a path with
containing any number of `..%2f..` sequences to traverse the file system.

This commit resolves the issue by ensuring that the decoded segment does not
contains any `/` characters. It further hardens the `FromSegments`
implementation by checking for additional risky characters: ':', '>', '<' as the
last character, and '\' on Windows. This is in addition to the already present
checks for '.' and '*' as the first character.

The behavior for a failing check has also changed. Previously, Rocket would skip
segments that contained illegal characters. In this commit, the implementation
instead return an error.

The `Error` type of the `PathBuf::FromSegment` implementations was changed to a
new `SegmentError` type that indicates the condition that failed.

Closes #134.
2017-01-13 13:25:33 -08:00
Sergio Benitez 41aecc3e7f Expose the remote address via `remote()` in `Request`.
This commit also includes the following changes:

  * `FromRequest` for `SocketAddr` implemented: extracts remote address.
  * All built-in `FromRequest` implementations are documented.
  * Request preprocessing overrides remote IP with value from X-Real-IP header.
  * `MockRequest` allows setting the remote address with `remote()`.

Resolves #38.
2017-01-13 07:50:51 -08:00
Sergio Benitez 725191d3c3 Adjust spacing in handlebars_templates example. 2017-01-13 00:22:16 -08:00
FliegendeWurst 99a17b42ae Add tests for handlebars_templates example. 2017-01-13 00:19:58 -08:00
Seth Lopez dec585dbd4 Add tests for content_types example. 2017-01-13 00:05:58 -08:00
Sergio Benitez 6fd0503cea Expose SerdeError. 2017-01-12 23:07:01 -08:00
Sergio Benitez bea9727f44 Correct variance in Iron benchmarks. 2017-01-12 02:56:02 -08:00
Sergio Benitez 3c07cf96df Overhaul templating contrib library: use `register` callback.
This commit improves and changes the templating library in the following ways:

  * Templates are now registered/loaded at initialization.
  * No synchronization is required to read templates.
  * All templates are properly loaded (fixes #122).
  * Tera templates are given the proper name: `index`, not `index.html.tera`.
  * Rendering tests added for both templating engines.

There is one breaking change:

  * Tera templates are given the proper name: `index`, not `index.html.tera`.
2017-01-12 02:52:23 -08:00
Sergio Benitez 36bf704673 Fix config example tests for new Config structure. 2017-01-12 02:47:25 -08:00
Sergio Benitez c6fbc44888 Add TODO about improving builder finalize error. 2017-01-12 02:43:00 -08:00
Sergio Benitez a2f378ab88 Fixed Hyper version number. 2017-01-12 02:39:42 -08:00
Sergio Benitez ddda8fe79b Add workers config parameter. 2017-01-12 02:38:14 -08:00
Sergio Benitez fb24ee315c Overhaul configuration and custom ignition.
* Add Config::new() and Config::build() for simpler Config creation.
  * Add set_{param} methods to Config.
  * Add ConfigBuilder type for easy building of configurations.
  * Remove builder methods from Config.
  * PartialEq in Config doesn't consider path or session key.
  * Rocket::custom takes Config by value.
  * Rocket::custom takes second (enable_logging) boolean argument.
  * Rocket::custom properly sets the custom config as the active config.
2017-01-11 18:35:09 -08:00
Sergio Benitez 31e80cb07b Add Iron to the benchmark mix. 2017-01-11 14:53:04 -08:00
Sergio Benitez dbd427b433 Add Matrix as an official support channel. Add chat badges. 2017-01-11 14:32:12 -08:00
Sergio Benitez 5db5e9f688 Update handlebars to 0.24. 2017-01-10 15:06:00 -08:00
Sergio Benitez b109bb41ff One more clippy warning (in FromForm derive). 2017-01-09 20:45:34 -08:00
Josh Holmer 59043e262a Fix more codegen clippy warnings. 2017-01-09 20:33:54 -08:00
Josh Holmer 17bbd41f73 Fix clippy warnings caused by codegen. 2017-01-09 17:36:47 -08:00