Commit Graph

79 Commits

Author SHA1 Message Date
Sergio Benitez d7d7bb91ec Implement a more performant 'ReaderStream'. 2021-04-13 17:45:09 -07:00
Sergio Benitez cfd5af38fe Set better default 'diesel::SQLite' options.
The options set WAL, a 1s busy timeout, and enables foreign keys.

This also adds a focused 'databases::Config::figment()', used to
retrieve a focused figment for a given config.
2021-04-07 23:09:05 -07:00
Sergio Benitez 579508d58f Make 'FileName' a DST. Improve sanitization.
Resolves #1594.
2021-04-03 17:09:00 -07:00
Jonah Brüchert fa1b75ba74 Allow accessing raw file name from 'DataField'. 2021-04-03 17:07:20 -07:00
Sergio Benitez 78d749b265 Use explicit 'serde-1' 'indexmap' feature. 2021-03-27 14:10:38 -07:00
Sergio Benitez f7b32e0817 Update to latest 'multer'. 2021-03-27 03:37:37 -07:00
Sergio Benitez 4c0d66b6b1 Update 'pin-project-lite' to 0.2. 2021-03-27 01:03:46 -07:00
Sergio Benitez 3119e6f453 Redesign routing benchmarks.
The new benchmarks use routes from real-world project. This is much more
realistic than the previous benchmarks.

The new benchmarks use `criterion` and exist in their own Cargo project.
2021-03-26 20:02:49 -07:00
Sergio Benitez f254504dc9 Depend on a single revision of 'state'.
Closes #1577.
2021-03-15 02:46:34 -07:00
Sergio Benitez 4e06ee64aa Test 'secret_key' validation, now on pre-launch.
Prior to this commit, it was not possible to test Rocket crates in
production mode without setting a global secret key or bypassing secret
key checking - the testing script did the latter. The consequence is
that it became impossible to test secret key related failures because
the tests passed regardless.

This commit undoes this. As a consequence, all tests are now aware of
the difference between debug and release configurations, the latter of
which validates 'secret_key' by default. New 'Client::debug()' and
'Client::debug_with()' simplify creating an instance of 'Client' with
configuration in debug mode to avoid undesired test failures.

The summary of changes in this commit are:

  * Config 'secret_key' success and failure are now tested.
  * 'secret_key' validation was moved to pre-launch from 'Config:from()'.
  * 'Config::from()' only extracts the config.
  * Added 'Config::try_from()' for non-panicking extraction.
  * 'Config' now knows the profile it was extracted from.
  * The 'Config' provider sets a profile of 'Config.profile'.
  * 'Rocket', 'Client', 'Fairings', implement 'Debug'.
  * 'fairing::Info' implements 'Copy', 'Clone'.
  * 'Fairings' keeps track of, logs attach fairings.
  * 'Rocket::reconfigure()' was added to allow modifying a config.

Internally, the testing script was refactored to properly test the
codebase with the new changes. In particular, it no longer sets a rustc
'cfg' to avoid secret-key checking.

Resolves #1543.
Fixes #1564.
2021-03-09 21:57:26 -08:00
Sergio Benitez 08ae0d0b8c Use upstream 'async-trait'. 2021-03-04 22:10:59 -08:00
Sergio Benitez 63a14525d8 UTF-8 routes. Forms revamp. Temp files. Capped.
So. Many. Changes.

This is an insane commit: simultaneously one of the best (because of all
the wonderful improvements!) and one of the worst (because it is just
massive) in the project's history.

Routing:
  * All UTF-8 characters are accepted everywhere in route paths. (#998)
  * `path` is now `uri` in `route` attribute: `#[route(GET, path = "..")]`
    becomes `#[route(GET, uri = "..")]`.

Forms Revamp
  * All form related types now reside in a new `form` module.
  * Multipart forms are supported. (resolves #106)
  * Collections are supported in forms and queries. (resolves #205)
  * Nested structures in forms and queries are supported. (resolves #313)
  * Form fields can be ad-hoc validated with `#[field(validate = expr)]`.
  * `FromFormValue` is now `FromFormField`, blanket implements `FromForm`.
  * Form field values are always percent-decoded apriori.

Temporary Files
  * A new `TempFile` data and form guard allows streaming data directly to a
    file which can then be persisted.
  * A new `temp_dir` config parameter specifies where to store `TempFile`.
  * The limits `file` and `file/$ext`, where `$ext` is the file extension,
    determines the data limit for a `TempFile`.

Capped
  * A new `Capped` type is used to indicate when data has been truncated due to
    incoming data limits. It allows checking whether data is complete or
    truncated.
  * `DataStream` methods return `Capped` types.
  * `DataStream` API has been revamped to account for `Capped` types.
  * Several `Capped<T>` types implement `FromData`, `FromForm`.
  * HTTP 413 (Payload Too Large) errors are now returned when data limits are
    exceeded. (resolves #972)

Hierarchical Limits
  * Data limits are now hierarchical, delimited with `/`. A limit of `a/b/c`
    falls back to `a/b` then `a`.

Core
  * `&RawStr` no longer implements `FromParam`.
  * `&str` implements `FromParam`, `FromData`, `FromForm`.
  * `FromTransformedData` was removed.
  * `FromData` gained a lifetime for use with request-local data.
  * The default error HTML is more compact.
  * `&Config` is a request guard.
  * The `DataStream` interface was entirely revamped.
  * `State` is only exported via `rocket::State`.
  * A `request::local_cache!()` macro was added for storing values in
    request-local cache without consideration for type uniqueness by using a
    locally generated anonymous type.
  * `Request::get_param()` is now `Request::param()`.
  * `Request::get_segments()` is now `Request::segments()`, takes a range.
  * `Request::get_query_value()` is now `Request::query_value()`, can parse any
    `FromForm` including sequences.
  * `std::io::Error` implements `Responder` like `Debug<std::io::Error>`.
  * `(Status, R)` where `R: Responder` implements `Responder` by overriding the
    `Status` of `R`.
  * The name of a route is printed first during route matching.
  * `FlashMessage` now only has one lifetime generic.

HTTP
  * `RawStr` implements `serde::{Serialize, Deserialize}`.
  * `RawStr` implements _many_ more methods, in particular, those related to the
    `Pattern` API.
  * `RawStr::from_str()` is now `RawStr::new()`.
  * `RawStr::url_decode()` and `RawStr::url_decode_lossy()` only allocate as
    necessary, return `Cow`.
  * `Status` implements `Default` with `Status::Ok`.
  * `Status` implements `PartialEq`, `Eq`, `Hash`, `PartialOrd`, `Ord`.
  * Authority and origin part of `Absolute` can be modified with new
    `Absolute::{with,set}_authority()`, `Absolute::{with,set}_origin()` methods.
  * `Origin::segments()` was removed in favor of methods split into query and
    path parts and into raw and decoded versions.
  * The `Segments` iterator is smarter, returns decoded `&str` items.
  * `Segments::into_path_buf()` is now `Segments::to_path_buf()`.
  * A new `QuerySegments` is the analogous query segment iterator.
  * Once set, `expires` on private cookies is not overwritten. (resolves #1506)
  * `Origin::path()` and `Origin::query()` return `&RawStr`, not `&str`.

Codegen
  * Preserve more spans in `uri!` macro.
  * Preserve spans `FromForm` field types.
  * All dynamic parameters in a query string must typecheck as `FromForm`.
  * `FromFormValue` derive removed; `FromFormField` added.
  * The `form` `FromForm` and `FromFormField` field attribute is now named
    `field`. `#[form(field = ..)]` is now `#[field(name = ..)]`.

Contrib
  * `Json` implements `FromForm`.
  * `MsgPack` implements `FromForm`.
  * The `json!` macro is exported as `rocket_contrib::json::json!`.
  * Added clarifying docs to `StaticFiles`.

Examples
  * `form_validation` and `form_kitchen_sink` removed in favor of `forms`.
  * The `hello_world` example uses unicode in paths.
  * The `json` example only allocates as necessary.

Internal
  * Codegen uses new `exports` module with the following conventions:
    - Locals starts with `__` and are lowercased.
    - Rocket modules start with `_` and are lowercased.
    - `std` types start with `_` and are titlecased.
    - Rocket types are titlecased.
  * A `header` module was added to `http`, contains header types.
  * `SAFETY` is used as doc-string keyword for `unsafe` related comments.
  * The `Uri` parser no longer recognizes Rocket route URIs.
2021-03-04 01:51:21 -08:00
Jeb Rosen 9d45e786bb Update 'rand' dependency to 0.8. 2021-02-28 16:34:38 -08:00
Sergio Benitez c24f15c18f Add regression test for #1503.
Closes #1503.
2021-01-14 15:15:57 -08:00
Jeb Rosen 92af8fca72 Update to 'tokio' 1.0, 'hyper' 0.14. 2021-01-13 15:22:16 -08:00
Sergio Benitez 9671115796 Use 'workers' value from 'Config::figment()'.
This commit also improves config pretty-printing and warning messages.
It also fixes an issue that resulted in config value deprecation
warnings not being emitted. The 'workers' value is now a 'usize', not a
'u16'; contrib pool sizes now default to 'workers * 2'.

Closes #1470.
2020-12-24 15:58:48 -08:00
Sergio Benitez bbfe2ba5cc Point all docs and doc links to 'master' branch. 2020-10-21 04:54:24 -07:00
Sergio Benitez 1fb061496d Revamp configuration.
This commit completely overhauls Rocket's configuration systems, basing
it on the new Figment library. It includes many breaking changes
pertaining to configuration. They are:

  * "Environments" are replaced by "profiles".
  * 'ROCKET_PROFILE' takes the place of 'ROCKET_ENV'.
  * Profile names are now arbitrary, but 'debug' and 'release' are given
    special treatment as default profiles for the debug and release
    compilation profiles.
  * A 'default' profile now sits along-side the meta 'global' profile.
  * The concept of "extras" is no longer present; users can extract any
    values they want from the configured 'Figment'.
  * The 'Poolable' trait takes an '&Config'.
  * The 'secrets' feature is disabled by default.
  * It is a hard error if 'secrets' is enabled under the 'release'
    profile and no 'secret_key' is configured.
  * 'ConfigBuilder' no longer exists: all fields of 'Config' are public
    with public constructors for each type.
  * 'keep_alive' is disabled with '0', not 'false' or 'off'.
  * Inlined error variants into the 'Error' structure.
  * 'LoggingLevel' is now 'LogLevel'.
  * Limits can now be specified in SI units: "1 MiB".

The summary of other changes are:

  * The default config file can be configured with 'ROCKET_CONFIG'.
  * HTTP/1 and HTTP/2 keep-alive configuration is restored.
  * 'ctrlc' is now a recognized config option.
  * 'serde' is now a core dependency.
  * TLS misconfiguration errors are improved.
  * Several example use '_' as the return type of '#[launch]' fns.
  * 'AdHoc::config()' was added for simple config extraction.
  * Added more documentation for using 'Limits'.
  * Launch information is no longer treated specially.
  * The configuration guide was rewritten.

Resolves #852.
Resolves #209.
Closes #1404.
Closes #652.
2020-10-20 19:21:56 -07:00
Sergio Benitez 5d9035ddc1 Keep an op-log for sync 'CookieJar'.
In brief, this commit:

  * Updates to the latest upstream 'cookie', fixing a memory leak.
  * Make changes to 'CookieJar' observable only through 'pending()'.
  * Deprecates 'Client::new()' in favor of 'Client::tracked()'.
  * Makes 'dispatch()' on tracked 'Client's synchronize on cookies.
  * Makes 'Client::untracked()' actually untracked.

This commit updates to the latest 'cookie' which removes support for
'Sync' cookie jars. Instead of relying on 'cookie', this commit
implements an op-log based 'CookieJar' which internally keeps track of
changes. The API is such that changes are only observable through
specialized '_pending()' methods.
2020-10-14 21:37:16 -07:00
Sergio Benitez 1369dc47a3 Update 'atomic' and 'ubyte' dependencies. 2020-09-11 01:20:44 -07:00
Sergio Benitez 52320020bc Use thread-safe 'CookieJar's.
The user-facing changes effected by this commit are:

  * The 'http::Cookies<'_>' guard is now '&http::CookieJar<'_>'.
  * The "one-at-a-time" jar restriction is no longer imposed.
  * 'CookieJar' retrieval methods return 'http::CookieCrumb'.
  * The 'private-cookies' feature is now called 'secrets'.
  * Docs flag private cookie methods with feature cfg.
  * Local, async request dispatching is never serialized.
  * 'Client::cookies()' returns the tracked 'CookieJar'.
  * 'LocalResponse::cookies()' returns a 'CookieJar'.
  * 'Response::cookies()' returns an 'impl Iterator'.
  * A path of '/' is set by default on all cookies.
  * 'SameSite=strict' is set by default on all cookies.
  * 'LocalRequest::cookies()' accepts any 'Cookie' iterator.
  * The 'Debug' impl for 'Request' prints the cookie jar.

Resolves #1332.
2020-08-16 02:19:45 -07:00
Sergio Benitez 549c9241c4 Require data limits on 'Data::open()'.
Closes #1325.
2020-08-06 02:46:04 -05:00
Sergio Benitez b47d1b8f0f Rework docs for stable and async support. 2020-07-21 16:15:13 -07:00
Sergio Benitez cd7e99a535 Use 'bencher' for benchmarks on stable. 2020-07-21 15:31:44 -07:00
Sergio Benitez 67efe143c5 Improve diagnostics, especially on stable. 2020-07-21 15:31:42 -07:00
Sergio Benitez 95a4b442cc Update Pear to 0.2. 2020-07-21 15:11:07 -07:00
Jeb Rosen 27b26188c4 Update 'toml' to '0.5'. 2020-07-21 15:11:07 -07:00
Sergio Benitez f4c82d7ffe Remove unnecessary 'dev-dependencies'. 2020-07-11 11:27:23 -07:00
Sergio Benitez 832408ea9b Add example requiring async testing. 2020-07-11 09:24:30 -07:00
Sergio Benitez 03127f4dae Add blocking variant of 'local'.
This commit adds the 'local::blocking' module and moves the existing
asynchronous testing to 'local::asynchronous'. It also includes several
changes to improve the local API, bringing it to parity (and beyond)
with master. These changes are:

  * 'LocalRequest' implements 'Clone'.
  * 'LocalResponse' doesn't implement 'DerefMut<Target=Response>'.
    Instead, direct methods on the type, such as 'into_string()', can
    be used to read the 'Response'.
  * 'Response::body()' returns an '&ResponseBody' as opposed to '&mut
    ResponseBody', which is returned by a new 'Response::body_mut()'.
  * '&ResponseBody' implements 'known_size()` to retrieve a body's size,
    if it is known.

Co-authored-by: Jeb Rosen <jeb@jebrosen.com>
2020-07-11 09:24:30 -07:00
Sergio Benitez 824de061c3 Enable configurable 'ctrl-c' shutdown by default.
This removes the 'ctrl_c_shutdown' feature opting instead for a 'ctrlc'
configuration option. To avoid further merge conflicts with the master
branch, the option is currently read as an extra.

Co-authored-by: Jeb Rosen <jeb@jebrosen.com>
2020-07-11 09:24:30 -07:00
Sergio Benitez 3ced188f7d Use 'ref-cast' for safer transparent casting. 2020-07-11 09:24:30 -07:00
Jeb Rosen c7c371910b Remove extraneous dependency on 'futures-util'. 2020-07-11 09:24:29 -07:00
Sergio Benitez c0c6c79a7f Use 'async_trait' for 'Responder'.
Also:

  * Remove 'response::ResultFuture'.
  * Re-export 'tokio' and 'futures' from the crate root.
  * Make 'ResponseBuilder::sized_body()' and 'async fn'.
  * Remove the 'Future' implementation for 'ResponseBuilder'.
  * Add 'ResponseBuilder::finalize()' for finalizing the builder.
2020-07-11 09:24:29 -07:00
Sergio Benitez 48c333721c Use 'async_trait' for 'Fairing' trait.
Also re-exports the 'async_trait' attribute from 'rocket'.
2020-07-11 09:24:29 -07:00
Michael Howell c9d0af09d6 Use 'AsyncSeek' for sized bodies in 'Response's.
In order to avoid making 'ResponseBuilder::sized_body' an asynchronous
function, the seeking is deferred until finalization. 'finalize()' is
replaced with '.await', and 'ResponseBuilder::ok()' is an 'async fn'.
2020-07-11 09:24:29 -07:00
Paolo Barbolini 003bf77c29 Upgrade to tokio 0.2.0.
* Update 'tokio', 'tokio-rustls', and 'hyper'.
* Remove unused dependencies on some `futures-*` crates.
* Rework 'spawn_on', which is now 'serve'.
* Simplify Ctrl-C handling.
2020-07-11 09:24:29 -07:00
Jeb Rosen ea06878581 Update 'hyper', 'futures-*-preview', and 'tokio-*' dependencies.
Use I/O traits and types from 'tokio-io' as much as possible.

A few adapters only exist in futures-io-preview and use
futures-tokio-compat as a bridge for now.
2020-07-11 09:24:29 -07:00
Jeb Rosen d1815e527f Update 'hyper', 'tokio', and 'tokio-rustls'.
* hyper -> 0.13.0-alpha.2
* tokio -> 0.2.0-alpha.5
* tokio-rustls -> 0.12.0-alpha.3
2020-07-11 09:24:28 -07:00
Jacob Pratt cd6a80c230 Implement an API to request a graceful shutdown.
Additionally listen for Ctrl-C as a shutdown signal by default.
2020-07-11 09:24:28 -07:00
Jeb Rosen 047b1620f9 Update pinned hyper and tokio versions. 2020-07-11 09:24:28 -07:00
Jacob Pratt 05426881b0 Use 'File' from 'async_std' instead of from 'tokio'.
Additionally pin tokio to '=0.2.0-alpha.2'; before this change cargo
selects '0.2.0-alpha.3' which hyper does not compile against.
2020-07-11 09:24:28 -07:00
Jeb Rosen af95129590 Use futures 0.3-compatible hyper and tokio and the tokio runtime instead
of futures-rs executor.

Despite this change, using body_bytes_wait on (for example) a File will
still fail due to tokio-rs/tokio#1356.
2020-07-11 09:24:28 -07:00
Jeb Rosen aee7f35095 Use read_to_string (from futures-preview 0.3.0-alpha.18) to more closely match the pre-async code. 2020-07-11 09:24:28 -07:00
Jeb Rosen 5d439bafc0 Convert core to async and add support for async routes.
Minimum rustc bump required for rust-lang/rust#61775
2020-07-11 09:24:28 -07:00
Marc Schreiber 96b4142156 Upgrade to hyper 0.12.
* Use hyper's 'MakeService' implementation with futures API.
  * Use tokio runtime to serve HTTP backend.
2020-07-11 09:24:03 -07:00
Sergio Benitez 3f20e4ac93 Use proper SPDX license expression in 'Cargo.toml'. 2020-06-03 23:02:05 -07:00
Yusuke Kominami a21221aeb6 Replace deprecated 'OffsetDateTime::now' with 'OffsetDateTime::now_utc'.
Update 'time' dependency accordingly.
2020-05-30 11:13:40 -07:00
Sergio Benitez 06e146e7d1 Update 'time' to 0.2 in 'contrib'. 2020-03-25 14:39:55 -07:00
Sergio Benitez 385b69cf69 Migrate to 'binascii' for base 16, 64 decoding. 2020-02-14 17:14:37 -08:00