Commit Graph

185 Commits

Author SHA1 Message Date
Sergio Benitez
0b7d9f4602 Remove unused doc comments. 2017-08-02 17:48:00 -07:00
Sergio Benitez
95452af449 Improve form field name error message. 2017-08-02 17:41:10 -07:00
Sergio Benitez
952c98fc04 Allow the full range of valid form field renames.
Closes #337.
2017-08-02 17:37:20 -07:00
Sergio Benitez
72bed509b9 Handle 'TypeRelative' qualified paths in lints.
Fixes #367.
2017-08-02 02:40:37 -07:00
Alex Burka
02794db2cd Allow unreachable patterns in generated matches. 2017-07-27 00:09:54 -04:00
Sergio Benitez
cdacda0896 New version: 0.3.0. 2017-07-14 11:30:48 -07:00
Sergio Benitez
0bbfa5e21a Update 'version_check' to 0.1.3. 2017-07-12 04:15:30 -07:00
Sergio Benitez
ed14f59c44 Add documentation for the 'FromForm' derive. 2017-07-10 03:41:45 -07:00
Sergio Benitez
7e0cbe4842 Restrict compilation to rustc >= 2017-07-09. 2017-07-09 22:34:29 -07:00
Sergio Benitez
6050eb5169 Update for 2017-07-09. 'associated_consts' is stable. 2017-07-09 22:00:01 -07:00
Sergio Benitez
9dd83a9c39 Use 'eprintln' instead of custom 'printerr'. 2017-07-03 02:59:47 -07:00
Sergio Benitez
3f87b16d75 Update minimum nightly to '2017-06-19'. 2017-06-19 22:58:31 -07:00
Sergio Benitez
539a7fc55b Remove 'struct_field_attributes' feature: it's been stabilized. 2017-06-19 17:44:01 -07:00
Sergio Benitez
6a7fde6d70 Initial cleanup of 'http' docs. Add 'handler::Outcome' docs.
This commit also changes the signature of the 'ContentType'
'from_extension" method so that it returns an 'Option<ContentType>' as
opposed to 'ContentType'.

This commit also disallows negative quality values in 'Accept' media
types.
2017-06-19 17:32:33 -07:00
Sergio Benitez
cdf9ff9bde Remove 'LoggingLevel' from root. Add ConfigError::Io.
This tentatively completes the 'config' rustdocs.
2017-06-18 21:06:41 -07:00
Sergio Benitez
43a4028085 Use a less confusing version number during dev. 2017-06-18 02:25:26 -07:00
Sergio Benitez
a3ea9d0f9a Add support for lenient forms via 'LenientForm'.
This commit changes the 'FromForm' trait in two ways:

  1. The singular method is now named 'from_form'.
  2. The method takes a second parameter: 'strict: bool'.

The 'strict' parameter is used to specify whether form parsing should
be strict or not (i.e. lenient). When parsing is lenient, extra form
fields do not result in an error. This lenient behavior is used by a
new 'LenientForm' data guard type to request lenient form parsing. The
behavior for 'Form' remains unchanged.

Resolves #242.
2017-06-18 01:59:22 -07:00
Sergio Benitez
504a7fe583 Update to yansi 0.3 for proper Debug formatting.
This commit also improves the format of TOML parsing error messages.

Fixes #310.
2017-06-06 13:56:13 -07:00
Sergio Benitez
fa31b6ae42 Support the 'dev' channel during build.
Resolves #306.
2017-06-02 17:41:15 -07:00
Sergio Benitez
a6c4d053ad Switch to 'yansi' for all terminal coloring.
Resolves #299.
2017-06-01 22:10:05 -07:00
Sergio Benitez
73fed03ef4 New version: 0.2.8. 2017-06-01 22:10:05 -07:00
Sergio Benitez
614297eb9b Update codegen lints for latest nightly. 2017-06-01 22:10:05 -07:00
Sergio Benitez
5f2b2ee3df New version: 0.2.7. 2017-05-26 20:37:54 -07:00
Sergio Benitez
cdc866665c Update codegen for latest nightly. 2017-05-26 20:37:40 -07:00
Sergio Benitez
299a422cbc Optimize MediaType::Display, ContentType::Into<Header>, and precheck.
Differential and causal profiling determined that 35% of `Hello, world!`
dispatch time was spent rendering `Content-Type` due to many calls to `fmt` in
`MediaType::Display` and an allocation in `ContentType::Into<Header>`. This
change reduces the number of calls to `fmt` to 1 in `MediaType::Display` and
removes the allocation in `Into<Header>` for known media types.

This change also caches a `Rocket` "precheck" so that pre-dispatch checks are
done only a single time for a given `Rocket` instance, further reducing
`MockRequest::dispatch_with` time for "Hello, world!" by roughly 15%.
2017-05-23 16:41:38 -07:00
Sergio Benitez
9b955747e4 Remove config global state. Use Responder::respond_to.
This commit includes two major changes to core:

  1. Configuration state is no longer global. The `config::active()`
     function has been removed. The active configuration can be
     retrieved via the `config` method on a `Rocket` instance.

  2. The `Responder` trait has changed. `Responder::respond(self)` has
     been removed in favor of `Responder::respond_to(self, &Request)`.
     This allows responders to dynamically adjust their response based
     on the incoming request.

Additionally, it includes the following changes to core and codegen:

  * The `Request::guard` method was added to allow for simple
    retrivial of request guards.
  * The `Request::limits` method was added to retrieve configured
    limits.
  * The `File` `Responder` implementation now uses a fixed size body
    instead of a chunked body.
  * The `Outcome::of<R: Responder>(R)` method was removed while
    `Outcome::from<R: Responder(&Request, R)` was added.
  * The unmounted and unmanaged limits are more cautious: they will only
    emit warnings when the `Rocket` receiver is known.

This commit includes one major change to contrib:

  1. To use contrib's templating, the fairing returned by
     `Template::fairing()` must be attached to the running Rocket
     instance.

Additionally, the `Display` implementation of `Template` was removed. To
directly render a template to a `String`, the new `Template::show`
method can be used.
2017-05-19 03:29:08 -07:00
Sergio Benitez
0d18faf91e Add a docstring to the emitted static route info.
Resolves #258.
2017-04-18 22:05:56 -07:00
Sergio Benitez
e6bbeacb1c New version: 0.2.6. 2017-04-17 16:21:56 -07:00
Sergio Benitez
3c51d30e66 Avoid collision in FromForm derive by using weird names.
Fixes #265.
2017-04-17 16:11:44 -07:00
Sergio Benitez
9b7f58448a New version: 0.2.5. 2017-04-16 14:29:04 -07:00
Sergio Benitez
8a789c5d04 Update minimum nightly version in codegen. 2017-04-16 14:23:34 -07:00
Sergio Benitez
08fbe06b10 Fix lints for latest nightly. 2017-04-16 14:13:18 -07:00
Sergio Benitez
2e54a1f74d Don't use &str where RawStr is now preferred. 2017-04-14 00:43:57 -07:00
Sergio Benitez
5259e3fd5c Disallow invalid form field names. 2017-04-04 17:00:48 -07:00
Sergio Benitez
7c19bf784d Allow form field renaming via #[form(field = "name")] attribute. 2017-04-03 19:06:30 -07:00
Sergio Benitez
351658801e Allow unreachable_code in generated route functions for new ! error types. 2017-04-03 16:46:13 -07:00
Sergio Benitez
f5ec470a7d Use the RawStr type for raw parameter strings.
This is a breaking change.

The `&str` type no longer implements `FromParam`. The `&RawStr` type
should be used in its place.
2017-03-31 00:18:58 -07:00
Sergio Benitez
0c44e44641 Use the RawStr type for all form raw strings.
This is a breaking change.

This commit introduces `RawStr` to forms. In particular, after this
commit, the `&str` type no longer implements `FromFormValue`, and so it
cannot be used as a field in forms. Instad, the `&RawStr` can be used.

The `FormItems` iterator now returns an `(&RawStr, &RawStr)` pair.
2017-03-30 23:06:53 -07:00
Sergio Benitez
f57d984e2e New version: 0.2.4. 2017-03-30 19:56:12 -07:00
Sergio Benitez
f7bc1ce24f Update codegen for latest nightly. 2017-03-30 19:56:12 -07:00
Sergio Benitez
1fb1cdfc58 Use MediaType instead of ContentType for Route format. 2017-03-28 00:12:59 -07:00
Sergio Benitez
13359d4f50 Reformulate ContentType as a wrapper around MediaType. 2017-03-23 22:41:42 -07:00
Sergio Benitez
09550b6e7c New version: 0.2.3. 2017-03-22 19:47:52 -07:00
Sergio Benitez
bf67a32cd9 Update minimum rustc version for codegen. 2017-03-22 18:57:46 -07:00
Sergio Benitez
7808ad1649 Update codegen for latest nightly. 2017-03-20 13:55:40 -07:00
Sergio Benitez
393225cedf Use ansi_term::Color, not Colour. 2017-03-08 15:08:13 -08:00
Sergio Benitez
722ee93f8b Update to cookie 0.7. Use 256-bit session_keys.
This commit involves several breaking changes:
  * `session_key` config param must be a 256-bit base64 encoded string.
  * `FromRequest` is implemented for `Cookies`, not `Cookie`.
  * Only a single `Cookies` instance can be retrieved at a time.
  * `Config::take_session_key` returns a `Vec<u8>`.
  * `Into<Header>` is implemented for `&Cookie`, not `Cookie`.
2017-03-07 01:19:06 -08:00
Sergio Benitez
6be902162d New version: 0.2.2. 2017-02-26 18:31:15 -08:00
Sergio Benitez
56a631d4ba Update codegen for latest nightly. 2017-02-26 18:26:02 -08:00
Sergio Benitez
d99de8e05b New version: 0.2.1. 2017-02-24 13:57:33 -08:00
Sergio Benitez
7d2695d19f Use type index to find type span in unmanaged_state lint.
Fixes #179.
2017-02-08 00:56:17 -08:00
Sergio Benitez
c7db553286 New version: 0.2.0. 2017-02-06 05:35:19 -08:00
Sergio Benitez
8eef42a256 Compile-time enforce paths as absolute, non-empty, valid segments. 2017-02-06 04:03:30 -08:00
Sergio Benitez
92f22ca63b Fix false positives in unmounted_routes lint due to 'launch'. 2017-02-05 02:11:32 -08:00
Sergio Benitez
e966925455 Use full URI in codegen routes; log query params in routes. 2017-02-05 01:34:48 -08:00
Sergio Benitez
ecd72f686e Record instances in lint from launch calls. 2017-02-04 13:52:23 -08:00
Sergio Benitez
d23a0fa80a Move lint note message to correct spot. 2017-02-03 17:38:51 -08:00
Sergio Benitez
a6c27b7243 Document codegen lints. 2017-02-02 23:06:35 -08:00
Sergio Benitez
b69527c392 Reenable the options decorator. 2017-02-02 15:02:32 -08:00
Sergio Benitez
58678e53fb Update codegen for latest nightly. 2017-02-02 14:45:43 -08:00
Sergio Benitez
d4eda278a2 Parallelize testing. Fix compiletest dependencies. 2017-02-02 00:41:47 -08:00
Sergio Benitez
ed429cd487 Change FromForm signature. Emit 422 form errors on bad form strings.
This commit changes the way Rocket parses form items. In particular, it now
(liberally) validates form strings, returning a Bad Request on malformed inputs
and Unprocessable Entity on bad parses.

The 'FormItems' iterator was modified to accomodate this. The iterator is now
initialized using 'from': 'FormItems::from(form_string)'. The iterator can be
queried to check for a complete parse using either 'completed()' or
'exhausted()', the latter of which will consume valid keys/values and return
true only if the entire string was consumed.

The 'FromForm' trait now takes a mutable borrow to a 'FormItems' iterator.

The 'Form' and 'FormForm' implementation for 'Form' were modified to use the new
iterfaces and check for 'exhausted' after a parse, returning a Bad Request error
if the iterator cannot be exhausted.

Resolves #46.
2017-02-01 18:22:51 -08:00
Sergio Benitez
3235e1e5e6 Make 'false' the default value for bools in forms. 2017-02-01 00:12:11 -08:00
Sergio Benitez
c0235d0cde Condense cases in 'def_id_opt'. 2017-01-31 17:38:25 -08:00
Sergio Benitez
c1697509ba Improve lints: gather info on per-instance basis. 2017-01-31 02:01:30 -08:00
Sergio Benitez
4eaf9ba9c5 Add lints to catch unmanaged state and unmounted routes.
* The `unmanaged_state` lint emits a warning when a `State<T>` request
    guard is used without an accompanying `manage` call for `T`.

  * The `unmounted_route` lint emits a warning when a route declared via
    a Rocket attribute is not mounted via a call to `mount`.

There is one known shortcoming of these lints at present: _any_ call to
`manage` or `mount` marks state/routes as managed/mounted. This can be
an issue when an application uses more than one `Rocket` instance, with
different calls to `mount` and `manage` in each. The lints should
perform their analyses on a per-instance basis.
2017-01-29 01:13:52 -08:00
Sergio Benitez
0063f2524e Remove unused macro_use in codegen. 2017-01-27 00:06:16 -08:00
Sergio Benitez
0a0b64b9b6 New version: 0.1.6. 2017-01-26 11:26:50 -08:00
Sergio Benitez
307469dc3a Refuse to build on non-nightly with a nice message. 2017-01-15 01:16:47 -08:00
Sergio Benitez
08278e8f0e New version: 0.1.5. 2017-01-14 08:45:03 -08:00
Sergio Benitez
4bc5c20a45 Fix security checks in PathBuf::FromSegments.
In #134, @tunz discovered that Rocket does not properly prevent path traversal
or local file inclusion attacks. The issue is caused by a failure to check for
some dangerous characters after decoding. In this case, the path separator '/'
was left as-is after decoding. As such, an attacker could construct a path with
containing any number of `..%2f..` sequences to traverse the file system.

This commit resolves the issue by ensuring that the decoded segment does not
contains any `/` characters. It further hardens the `FromSegments`
implementation by checking for additional risky characters: ':', '>', '<' as the
last character, and '\' on Windows. This is in addition to the already present
checks for '.' and '*' as the first character.

The behavior for a failing check has also changed. Previously, Rocket would skip
segments that contained illegal characters. In this commit, the implementation
instead return an error.

The `Error` type of the `PathBuf::FromSegment` implementations was changed to a
new `SegmentError` type that indicates the condition that failed.

Closes #134.
2017-01-13 13:25:33 -08:00
Sergio Benitez
b109bb41ff One more clippy warning (in FromForm derive). 2017-01-09 20:45:34 -08:00
Josh Holmer
59043e262a Fix more codegen clippy warnings. 2017-01-09 20:33:54 -08:00
Josh Holmer
17bbd41f73 Fix clippy warnings caused by codegen. 2017-01-09 17:36:47 -08:00
Sergio Benitez
e230ce9b95 Don't overwrite catcher response status if it is set.
Resolves #113.
2017-01-06 01:32:43 -06:00
Sergio Benitez
2da08a975c Make Content-Type case-preserving; add 'params' method. 2017-01-05 02:14:44 -06:00
Sergio Benitez
855d9b7b00 New version: 0.1.4. 2017-01-04 11:18:49 -06:00
Sergio Benitez
b202fb9748 Update codegen for 2017-01-03 nightly. 2017-01-04 11:18:22 -06:00
Sergio Benitez
6fdc6f025f New version: 0.1.3. 2016-12-31 01:31:11 -06:00
Sergio Benitez
a1878ad080 Properly resolve dynamic segments, take 2.
Fixes #86.
2016-12-30 23:51:23 -06:00
Sergio Benitez
524a2d889d Fix typo in build warning message. 2016-12-30 20:06:48 -06:00
Sergio Benitez
366eb5d158 Test methods via route attribute. 2016-12-30 01:46:47 -06:00
Sergio Benitez
2de006d9f9 Allow head decorator and options via route decorator. 2016-12-30 01:41:46 -06:00
Sergio Benitez
bad0c20cda Check for rustc version incompatibility when building codegen. 2016-12-30 00:22:05 -06:00
Sergio Benitez
337173eaf4 Use register_custom_derive to remove custom_derive deprecation warning. 2016-12-29 22:06:35 -06:00
Sergio Benitez
9da512c60c Warn, but don't error, on unknown route formats.
Partially fixes #66.
2016-12-27 15:30:33 -06:00
Sergio Benitez
71419933a5 Ignore _method field in derived FromForm.
Fixes #45.
2016-12-26 02:41:57 -06:00
Sergio Benitez
fb7a756cf1 New version: 0.1.2. 2016-12-24 14:15:00 -08:00
Sergio Benitez
9cebab5037 Fix get_raw_segments index argument in route codegen.
Fixes #41.
2016-12-24 11:58:24 -08:00
Sergio Benitez
14f79c3733 New version: 0.1.1. NamedFile hotfix. 2016-12-23 12:30:44 -08:00
Sergio Benitez
2a1426779c Limit keywords for crates.io. 2016-12-23 05:12:39 -08:00
Sergio Benitez
a94fcf41db New version: 0.1.0. First public release! 2016-12-23 05:03:07 -08:00
Sergio Benitez
22a058d2d5 Add Cargo metadata to contrib and codegen crates. 2016-12-23 04:20:46 -08:00
Sergio Benitez
d56ea65f27 Fix versions for packaging. 2016-12-23 03:55:59 -08:00
Sergio Benitez
b6e3cb6c05 Document segments and debug env var in codegen. 2016-12-23 02:37:57 -08:00
Sergio Benitez
2c26777c75 Expose a single function in codegen to docs build. 2016-12-22 04:15:29 -08:00
Sergio Benitez
7da41112cf Document the codegen crate. 2016-12-22 02:26:02 -08:00
Sergio Benitez
7cf3cb6bc6 Only enable codegen logging with env var. 2016-12-22 00:53:43 -08:00
Sergio Benitez
76073718c7 New version: 0.1.0 release candidate. 2016-12-22 00:05:05 -08:00
Sergio Benitez
62fe734492 URI uses Cow iternally. 2016-12-21 00:09:22 -08:00