The latest version of `rustls` acts on the SNI extension to TLS without
the apparent ability to disable the behavior. `rustls` requires that the
server's certificate match the client's requested server. The matching
is done by looking at DNS names in the `subjectAltName` extension and
checking if the requested server name is present. Since the certificate
in the `tls` example did not have the `subjectAltName` extension, this
check always failed, and the TLS connection was aborted. This commit
adds the extension to the certificate with a DNS name of `localhost`,
ensuring that TLS succeeds on `localhost`.
Prior to this commit, a 'json!' invocation returned a value of type
'Value' from 'serde_json'. Because 'Value' does not implement
'Responder', most uses of 'json!' were wrapped in 'Json':
'Json(json!(..))`. By returning a crate-local 'JsonValue' type that
implements 'Responder', this repetition is resolved, and a 'json!' can
appear unwrapped.
This commit also removes the reexport of 'Value' from 'rocket_contrib'
as well as the default type of 'Value' for 'T' in 'Json<T>'.
Rust's linting API is incredibly unstable, resulting in unnecessary
breakage to `rocket_codegen`. Rocket's lints are also not as
conservative as would be desired, resulting in spurious warnings. For
these reasons, this commit removes linting from `rocket_codegen`.
These lints will likely be reintroduced as part of a 'rocket_lints'
crate. Factoring the lints out to a separate crate means that lint
breakage can be dealt with by uncommenting the dependency instead of
waiting for a new release or backtracking nightlies. In the same vein,
it will likely improve stability of the 'rocket_codegen' crate.
The 'try' impl for 'Outcome' allows the '?' operator to be used with
'Outcome' values. This is likely to make 'FromRequest' and 'FromData'
implementations more ergonomic.
This commit also expands the 'IntoOutcome' trait. It is now
implemented for 'Option'. It also now includes an additional
'or_forward' method.
Sessions
--------
This commit removes the `Session` type in favor of methods on the
`Cookies` types that allow for adding, removing, and getting private
(signed and encrypted) cookies. These methods provide a superset of
the functionality of `Session` while also being a minimal addition to
the existing API. They can be used to implement the previous `Session`
type as well as other forms of session storage. The new methods are:
* Cookie::add_private(&mut self, Cookie)
* Cookie::remove_private(&mut self, Cookie)
* Cookie::get_private(&self, &str)
Resolves#20
Testing
-------
This commit removes the `rocket::testing` module. It adds the
`rocket::local` module which provides a `Client` type for local
dispatching of requests against a `Rocket` instance. This `local`
package subsumes the previous `testing` package.
Rocket Examples
---------------
The `forms`, `optional_result`, and `hello_alt_methods` examples have
been removed. The following example have been renamed:
* extended_validation -> form_validation
* hello_ranks -> ranking
* from_request -> request_guard
* hello_tls -> tls
Other Changes
-------------
This commit also includes the following smaller changes:
* Config::{development, staging, production} constructors have been
added for easier creation of default `Config` structures.
* The `Config` type is exported from the root.
* `Request` implements `Clone` and `Debug`.
* `Request::new` is no longer exported.
* A `Response::body_bytes` method was added to easily retrieve a
response's body as a `Vec<u8>`.
This commit also adds the `base` field to `Route` which allows the
base mount point to be retrieved. Finally, this commits adds an
implementation of `FromRequest` for `Route` which returns the active
route if one is available or forwards otherwise.
This commit is a breaking change: it makes `Request` and `MockRequest`
invariant over the lifetime `'r`. While this shouldn't affect most
applications, it may affect some.
Resolves#108.
This commit includes two major changes to core:
1. Configuration state is no longer global. The `config::active()`
function has been removed. The active configuration can be
retrieved via the `config` method on a `Rocket` instance.
2. The `Responder` trait has changed. `Responder::respond(self)` has
been removed in favor of `Responder::respond_to(self, &Request)`.
This allows responders to dynamically adjust their response based
on the incoming request.
Additionally, it includes the following changes to core and codegen:
* The `Request::guard` method was added to allow for simple
retrivial of request guards.
* The `Request::limits` method was added to retrieve configured
limits.
* The `File` `Responder` implementation now uses a fixed size body
instead of a chunked body.
* The `Outcome::of<R: Responder>(R)` method was removed while
`Outcome::from<R: Responder(&Request, R)` was added.
* The unmounted and unmanaged limits are more cautious: they will only
emit warnings when the `Rocket` receiver is known.
This commit includes one major change to contrib:
1. To use contrib's templating, the fairing returned by
`Template::fairing()` must be attached to the running Rocket
instance.
Additionally, the `Display` implementation of `Template` was removed. To
directly render a template to a `String`, the new `Template::show`
method can be used.
Modifying the `Rocket` structure just before launch doesn't make sense for
several reasons: 1) those affects can't influence the launch, and 2) they won't
be observed in tests. Thus, an `Attach` fairing kind was added that ameliorates
these issues.
This is a breaking change.
The `testing` feature no longer exists. Testing structures can now be
accessed without any features enabled.
Prior to this change, Rocket would panic when draining from a network
stream failed. With this change, Rocket force closes the stream on any
error.
This change also ensures that the `Fairings` launch output only prints
if at least one fairing has been attached.
This is a breaking change. A call to `Response::headers()` can be
replaced with `Response::headers().iter()`. A call to
`Response::header_values()` can be replaced with
`Response::headers().get()`.
This commit introduces TLS support, provided by `rustls` and a fork of
`hyper-rustls`. TLS support is enabled via the `tls` feature and
activated when the `tls` configuration parameter is set. A new
`hello_tls` example illustrates its usage.
This commit also introduces more robust and complete configuration
settings via environment variables. In particular, quoted string,
array, and table (dictionaries) based configuration parameters can now
be set via environment variables.
Resolves#28.
This is a breaking change.
This commit introduces `RawStr` to forms. In particular, after this
commit, the `&str` type no longer implements `FromFormValue`, and so it
cannot be used as a field in forms. Instad, the `&RawStr` can be used.
The `FormItems` iterator now returns an `(&RawStr, &RawStr)` pair.
This is a breaking change.
This commit changes the meaning of the `format` route attribute when
used on non-payload carrying requests (GET, HEAD, CONNECT, TRACE, and
OPTIONS) so that it matches against the preferred media type in the
`Accept` header of the request. The preferred media type is computed
according to the HTTP 1.1 RFC, barring a few specificty rules to come.
This is a breaking change. It modifies collisions with respect to query
parameters as well as the default ranking of routes.
A route that does not specify query parameters will now match against
requests with _and without_ query parameters, assuming all other
elements of the route match as well. A route that _does_ specify query
parameters will only match requests with query parameters; this remains
true.
To accommodate this change in the most natural manner possible, the
default rankings of routes have changed as illustrated below:
|-------------+-------+----------+---------------|
| static path | query | new rank | previous rank |
|-------------+-------+----------+---------------|
| yes | yes | -4 | 0 |
| yes | no | -3 | 0 |
| no | yes | -2 | 1 |
| no | no | -1 | 1 |
|-------------+-------+----------+---------------|
In other words, the most specific routes, with preference for paths over
queries, are ranked highest (lower number).