Commit Graph

510 Commits

Author SHA1 Message Date
Sergio Benitez dcde224648 Update dependencies and fix nightly warnings. 2024-04-11 18:09:21 -07:00
Sergio Benitez edce8bd656 Use default 'CryptoProvider' for all TLS ops.
Prior to this commit, some TLS related operations used 'ring' even when
a different default 'CryptoProvider' was installed. This commit fixes
that by refactoring 'TlsConfig' such that all utility methods are
required to use the default 'CryptoProvider'.

This commit also cleans up code related to the rustls 0.23 update.
2024-03-31 11:46:56 -07:00
Abdullah Alyan ce92c5dd76 Update rustls to 0.23. Support 'CryptoProvider's.
This commit updates rustls to 0.23 and adds support for custom
'CryptoProvider's installable via 'CryptoProvider::install_default()'.
In particular, this enables using `aws-lc-rs` for cryptography related
operation in TLS. The 'TLS' example was updated to test use of
'aws-lc-rs' on Unix.
2024-03-31 11:46:56 -07:00
Sergio Benitez 02011a1307 Clean up codebase: fix reasonable clippy warnings.
This commit is a codebase-wide cleanup driven by clippy warnings. In
addition to fixing every reasonable warning, the following new
functionality was introduced:

  * `Accept::new()` now takes any `T: Into<QMediaType>` iterator.
  * `TempFile::is_empty()` was added.
  * `HeaderMap` now implements `IntoIterator`.

This commit makes the following breaking changes:

  * The `IntoCollection` trait is gone. Generics previously bound by the
    trait are now bound by `IntoIterator`. This affects:
    - `Accept::new()`
    - `ContentType::with_params()`
    - `Permission::{allow, allowed}()`
  * `MediaType`, `QMediaType`, and `Allow` implement `IntoIterator`,
    enabling most existing code to continue working without change.
  * The inherent `HeaderMap::into_iter()` method was removed.
  * The `Ok` variant in ErrorKind::Liftoff` is now `Box<Rocket<Orbit>>`.
2024-03-20 00:47:38 -07:00
Sergio Benitez 1619bbbddc Support QUIC and HTTP/3.
This commit adds support for HTTP/3 and QUIC under a disabled-by-default
feature `http3-preview`. The current implementation depends on modified
versions of h3 and s2n-quic-h3 which will need to be upstreamed and
published before a release is possible.

During the course of development various facets of Rocket's internal
connection handling and recent listener APIs were improved. The complete
list of changes included in this PR is:

  * A `shutdown` module was introduced.
  * `config::Shutdown` was renamed to `ShutdownConfig` and moved to
    `shutdown` while being re-exported from `config`.
  * `ListenerAddr` is now called `Endpoint`. Various methods which
    previously referred to "addresses" now refer to "endpoints".
  * `Rocket::endpoint()` was renamed to `Rocket::endpoints()` and now
    returns an iterator over the endpoints Rocket is listening on.
  * `Endpoint` acquired various query utility methods.
  * The `{set_}remote()` methods now take/produce `Endpoint`s.
  * `TlsBindable` only accepts single-phase internal interfaces.
  * Bind error messages include candidate endpoint info when possible.
  * The warning message when a secret key is not configured now includes
    information about its effect on private cookies.

Internal changes include:

  * Config module tests were moved to `config/tests.rs`.
  * The cancellable I/O implementation was significantly simplified.
  * The `TripWire` implementation was simplified.
  * Individual shutdown stages can now be awaited on via `Stages`.
  * The `Shield` implementation was simplified.

Resolves #2723.
2024-03-18 20:23:22 -07:00
Sergio Benitez 7c702a5b01 Update yansi to 1.0.1. 2024-03-14 15:26:03 -07:00
Sergio Benitez fd294049c7 Update to hyper 1. Enable custom + unix listeners.
This commit completely rewrites Rocket's HTTP serving. In addition to
significant internal cleanup, this commit introduces the following major
features:

  * Support for custom, external listeners in the `listener` module.

    The new `listener` module contains new `Bindable`, `Listener`, and
    `Connection` traits which enable composable, external
    implementations of connection listeners. Rocket can launch on any
    `Listener`, or anything that can be used to create a listener
    (`Bindable`), via a new `launch_on()` method.

  * Support for Unix domain socket listeners out of the box.

    The default listener backwards compatibly supports listening on Unix
    domain sockets. To do so, configure an `address` of
    `unix:path/to/socket` and optional set `reuse` to `true` (the
    default) or `false` which controls whether Rocket will handle
    creating and deleting the unix domain socket.

In addition to these new features, this commit makes the following major
improvements:

  * Rocket now depends on hyper 1.

  * Rocket no longer depends on hyper to handle connections. This allows
    us to handle more connection failure conditions which results in an
    overall more robust server with fewer dependencies.

  * Logic to work around hyper's inability to reference incoming request
    data in the response results in a 15% performance improvement.

  * `Client`s can be marked secure with `Client::{un}tracked_secure()`,
    allowing Rocket to treat local connections as running under TLS.

  * The `macros` feature of `tokio` is no longer used by Rocket itself.
    Dependencies can take advantage of this reduction in compile-time
    cost by disabling the new default feature `tokio-macros`.

  * A new `TlsConfig::validate()` method allows checking a TLS config.

  * New `TlsConfig::{certs,key}_reader()`,
    `MtlsConfig::ca_certs_reader()` methods return `BufReader`s, which
    allow reading the configured certs and key directly.

  * A new `NamedFile::open_with()` constructor allows specifying
    `OpenOptions`.

These improvements resulted in the following breaking changes:

  * The MSRV is now 1.74.
  * `hyper` is no longer exported from `rocket::http`.
  * `IoHandler::io` takes `Box<Self>` instead of `Pin<Box<Self>>`.
    - Use `Box::into_pin(self)` to recover the previous type.
  * `Response::upgrade()` now returns an `&mut dyn IoHandler`, not
    `Pin<& mut _>`.
  * `Config::{address,port,tls,mtls}` methods have been removed.
    - Use methods on `Rocket::endpoint()` instead.
  * `TlsConfig` was moved to `tls::TlsConfig`.
  * `MutualTls` was renamed and moved to `mtls::MtlsConfig`.
  * `ErrorKind::TlsBind` was removed.
  * The second field of `ErrorKind::Shutdown` was removed.
  * `{Local}Request::{set_}remote()` methods take/return an `Endpoint`.
  * `Client::new()` was removed; it was previously deprecated.

Internally, the following major changes were made:

  * A new `async_bound` attribute macro was introduced to allow setting
    bounds on futures returned by `async fn`s in traits while
    maintaining good docs.

  * All utility functionality was moved to a new `util` module.

Resolves #2671.
Resolves #1070.
2024-01-29 22:38:55 -08:00
Alessandro Campeis dca3afcd77 Update 'handlebars' to v5.1. 2024-01-17 21:41:25 -08:00
Failpark 3690412aba Fix fairing naming in database MySQL example. 2023-12-19 14:33:40 -08:00
Sergio Benitez 9c2b74b23c Upgrade 'rustls' to '0.22'.
In the process, the following improvements were also made:

  * Error messages related to TLS were improved.
  * 'Redirector' in 'tls' example was improved.
2023-12-15 16:50:08 -08:00
Sergio Benitez 1df854e13a Add a "clear message" button to cookies example. 2023-11-01 12:08:57 -05:00
Sergio Benitez 48d1b82e84 Qualm various emerging unused warnings. 2023-11-01 01:16:28 -05:00
Sergio Benitez fbd1a0d069 Improve forwarding status code precision.
Previously, the `NotFound` status code was used to signal many kinds of
recoverable, forwarding errors. This included validation errors, incorrect
Content-Type errors, and more.

This commit modifies the status code used to forward in these instances to more
precisely indicate the forwarding condition. In particular:

  * Parameter `FromParam` errors now forward as 422 (`UnprocessableEntity`).
  * Query paramater errors now forward as 422 (`UnprocessableEntity`).
  * Use of incorrect form content-type forwards as 413 (`UnsupportedMediaType`).
  * `WebSocket` guard now forwards as 400 (`BadRequest`).
  * `&Host`, `&Accept`, `&ContentType`, `IpAddr`, and `SocketAddr` all forward
    with a 500 (`InternalServerError`).

Additionally, the `IntoOutcome` trait was overhauled to support functionality
previously offered by methods on `Outcome`. The `Outcome::forward()` method now
requires a status code to use for the forwarding outcome.

Finally, logging of `Outcome`s now includes the relevant status code.

Resolves #2626.
2023-10-31 18:44:37 -05:00
Sergio Benitez c90812051e Rename 'Outcome::Failure' to 'Outcome::Error'.
The primary motivation is to deconflate the leading `F`s in `Failure` and
`Forward`. In particular, when using a generics, we used `F` for forward, which
could easily be confused for `F` for `Failure`. This resolves the conflation.
2023-10-31 12:17:28 -05:00
Steven Murdoch 11c9c3cbcd Fix off-by-one, improve style in forms example. 2023-10-27 15:19:48 -05:00
Sergio Benitez 5d31ad4efb Update 'cookie' to 0.18. 2023-09-28 23:50:29 -07:00
Sergio Benitez 498af3d9d0 Improve chat example JavaScript code.
Resolves #2617.
2023-09-20 13:55:59 -07:00
Sergio Benitez 26a3f00f82 Work around bug in sqlx database example. 2023-08-25 17:59:29 -07:00
Sergio Benitez fc76bf7b68 Update 'databases' example README.
The README now more completely documents the example.

All implementations now make use of 'RETURNING'.
2023-08-25 15:19:15 -07:00
Manuel Transfeld aa7805a5f8 Update 'sqlx' to '0.7'. 2023-08-25 14:02:44 -07:00
Sergio Benitez 9a9cd76c01 Add support for 'diesel-async' to 'db_pools'. 2023-06-09 16:47:06 -07:00
Sergio Benitez 6db63d6bb3 Use 'resolver = 2' across workspaces. 2023-06-09 16:46:58 -07:00
Sergio Benitez 9b0564ed27 Tidy custom forward status changes, update docs. 2023-04-11 12:55:57 -07:00
Benedikt Weber 055ad107df Allow status customization in 'Forward' outcomes.
Prior to this commit, all forward outcomes resulted in a 404. This
commit changes request and data guards so that they are able to provide
a `Status` on `Forward` outcomes. The router uses this status, if the
final outcome is to forward, to identify the catcher to invoke.

The net effect is that guards can now customize the status code of a
forward and thus the error catcher invoked if the final outcome of a
request is to forward.

Resolves #1560.
2023-04-11 12:47:20 -07:00
Sergio Benitez 51ed332127 Make trailing slashes significant during routing.
This commit modifies request routing in a backwards incompatible manner.
The change is summarized as: trailing slashes are now significant and
never transparently disregarded. This has the following implications,
all representing behavior that differs from that before this change:

  * Route URIs with trailing slashes (`/foo/`, `/<a>/`) are legal.
  * A request `/foo/` is routed to route `/foo/` but not `/foo`.
  * Similarly, a request `/bar/` is routed to `/<a>/` but not `/<a>`.
  * A request `/bar/foo` is not routed to `/<a>/<b>/<c..>`.

A new `AdHoc::uri_normalizer()` fairing was added that recovers the
previous behavior.

In addition to the above, the `Options::NormalizeDirs` `FileServer`
option is now enabled by default to remain consistent with the above
changes and reduce breaking changes at the `FileServer` level.
2023-04-10 12:40:39 -07:00
Sergio Benitez ac0a77bae2 Allow dynamic parameters to match empty segments.
The net effect of this commit is three-fold:

  * A request to `/` now matches `/<a>`. `/foo/` matches `/<a>/<b>`.
  * A segment matched to a dynamic parameter may be empty.
  * A request to `/foo/` no longer matches `/foo` or `/<a>`. Instead,
    such a request would match `/foo/<a>` or `/foo/`.

The `&str` and `String` parameter guards were updated to reflect this
change: they now error, with a newly introduced error type `Empty` in
the `rocket::error` module, when the parameter is empty. As this was the
only built-in parameter guard that would be effected by this change (all
other guards already required nonempty parameters to succeed), the
majority of applications will see no effect as a result.

For applications wanting the previous functionality, a new
`AdHoc::uri_normalizer()` fairing was introduced.
2023-04-07 20:00:09 -07:00
Sergio Benitez 0a56312607 Implement more conservative URI normalization.
* Trailing slashes are now allowed in all normalized URI paths, except
    for route attribute URIs: `/foo/` is considered normalized.
  * Query parts of URIs may now be empty: `/foo?` and `/foo/?` are now
    considered normalized.
  * The `base` field of `Catcher` is now only accessible via a new
    getter method: `Catcher::base()`.
  * `RawStr::split()` returns a `DoubleEndedIterator`.
  * Introduced a second normalization for `Origin`, "nontrailing", and
    associated methods: `Origin::normalize_nontrailing()`, and
    `Origin::is_normalized_nontrailing()`.
  * Added `Origin::has_trailing_slash()`.
  * The `Segments<Path>` iterator will now return an empty string if
    there is a trailing slash in the referenced path.
  * `Segments::len()` is now `Segments::num()`.
  * Added `RawStr::trim()`.

Resolves #2512.
2023-04-07 19:59:57 -07:00
Sergio Benitez a82508b403 Set 'Secure' cookie flag by default under TLS.
If TLS is enabled and active, Rocket will now set the `Secure` cookie
attribute by default.

Resolves #2425.
2023-04-05 13:15:24 -07:00
Sergio Benitez d9f86d8647 Fully document the 'ws' contrib crate. 2023-04-03 16:09:45 -07:00
Sergio Benitez 7d895eb9f6 Add initial implementation of 'rocket_ws'.
This provides WebSocket support in Rocket's official 'contrib'.
2023-04-01 15:02:24 -07:00
Sergio Benitez aa6ad7030a Allow setting mTLS certificates on local 'Client'.
This allows testing with client certificates.

Co-authored-by: Brett Buford <blbuford@gmail.com>
2023-03-31 11:13:40 -07:00
Sergio Benitez 847e87d5c9 Make 'ws::Stream![]' mean 'ws::Stream!['static]'.
This is in line with the stream macros in Rocket core.
2023-03-31 08:34:45 -07:00
Sergio Benitez 1d2cc257dc Preprocess tungstenite 'ConnectionClosed' errors.
Tungstenite abuses `Err(ConnectionClosed)` to indicate the non-error
condition of a websocket closing. This commit changes error processing
such that the error is caught and converted into a successful
termination of websocket handling.
2023-03-30 16:08:31 -07:00
Sergio Benitez 64a7bfb37c Fix header lookups for connection upgrades. 2023-03-30 16:08:14 -07:00
Sergio Benitez 2abddd923e Implement stream websocket API in upgrade example. 2023-03-30 12:48:20 -07:00
Sergio Benitez bd482081ad Add 'upgrade' example with WebSocket support.
This is an initial example that showcases using the new connection
upgrade API to implement WebSocket support outside of Rocket's core.
2023-03-29 17:07:01 -07:00
Sergio Benitez 9c052be2dc Fix HTML field label in forms example template.
Fixes #2256.
2023-03-26 19:26:12 -07:00
Sergio Benitez 7155ad229a Add HTTP to HTTPs redirector to TLS example. 2023-03-26 17:57:31 -07:00
Sergio Benitez 0a0f540988 Support TLS keys in SEC1 format. 2023-03-23 14:57:54 -07:00
Sergio Benitez daa157f872 Ignore data before TLS key encapsulation boundary.
Resolves #2281.

Co-authored-by: Julian Büttner <me@julianbuettner.dev>
2023-03-23 14:57:54 -07:00
Kian-Meng Ang 06d255b52b Fix a whole bunch of typos.
Found via `codespell -L crate,ser,fo,noo,nd,cappable,pard,te,ans`.
2023-03-23 14:57:54 -07:00
Sergio Benitez 0ed6d82d10 Defend against configured known secret keys.
This is a two-prong effort. First, we warn on launch if a known key is
used. Second, we document using invalid keys where possible.

Co-authored-by: Jonas Møller <jonas@moesys.no>
2023-03-23 14:57:54 -07:00
Sergio Benitez 9377af5978 Make real IP header configurable via 'ip_header'.
Adds an `ip_header` configuration parameter that allows modifying the
header Rocket attempts to use to retrieve the "real IP" address of the
client via `Request` methods like `client_ip()`. Additionally allows
disabling the use of any such header.
2023-03-20 12:57:21 -07:00
Tilen Pintarič f0d678d464 Update diesel to 2.0, sqlx to 0.6.
Closes #2209.
Closes #2335.
Closes #2249.
2022-09-18 01:24:57 -07:00
Sergio Benitez a34edc4de9 Silence false positive warnings.
Use `allow(deadcode)` on structs that exist solely to be debug-printed.
2022-08-04 17:45:53 -07:00
Sergio Benitez 78aad3aa95 Fix 'PasteId' 'use' in pastebin tutorial. 2022-05-08 18:30:13 -05:00
Sergio Benitez fccb5759db Revamp pastebin tutorial for Rocket v0.5.
Closes #1756.
2022-05-08 01:57:49 -05:00
Sergio Benitez 6fc24789e9 Fix SSE heartbeat so it never interrupts events.
Previously, the heartbeat message, in its raw form, was ":\n\n". This
commit changes the message to be ":\n".

The former message, when parsed as Server-Sent Events, contained an
empty comment (as desired) _and_ a new line (erroneously). The new line
resulted in emitting any event that was presently being emitted, even if
it wasn't complete. That is, emitting an event partly, such as the
event's data but not its name. Removing the extra new line resolves this
issue and ensures that events aren't interrupted by the heartbeat.

Fixes #2152.
2022-04-27 13:59:03 -07:00
Konrad Borowski 4d258739f5 Migrate Rocket to Rust 2021 edition. 2022-04-19 18:35:38 -07:00
xelivous 13d8e74655 Fix flash message display in todo example. 2022-02-23 13:55:02 -08:00