Commit Graph

425 Commits

Author SHA1 Message Date
Lori Holden 655864658c Documented from_param and made the example runnable 2017-01-13 20:06:15 -05:00
Lori Holden 1919ab8317 Expose UuidParseError 2017-01-13 19:14:53 -05:00
Lori Holden 21198bd3cf Merge branch 'master' into uuid_support_v2 2017-01-13 19:06:30 -05:00
Sergio Benitez 4bc5c20a45 Fix security checks in `PathBuf::FromSegments`.
In #134, @tunz discovered that Rocket does not properly prevent path traversal
or local file inclusion attacks. The issue is caused by a failure to check for
some dangerous characters after decoding. In this case, the path separator '/'
was left as-is after decoding. As such, an attacker could construct a path with
containing any number of `..%2f..` sequences to traverse the file system.

This commit resolves the issue by ensuring that the decoded segment does not
contains any `/` characters. It further hardens the `FromSegments`
implementation by checking for additional risky characters: ':', '>', '<' as the
last character, and '\' on Windows. This is in addition to the already present
checks for '.' and '*' as the first character.

The behavior for a failing check has also changed. Previously, Rocket would skip
segments that contained illegal characters. In this commit, the implementation
instead return an error.

The `Error` type of the `PathBuf::FromSegment` implementations was changed to a
new `SegmentError` type that indicates the condition that failed.

Closes #134.
2017-01-13 13:25:33 -08:00
Sergio Benitez 41aecc3e7f Expose the remote address via `remote()` in `Request`.
This commit also includes the following changes:

  * `FromRequest` for `SocketAddr` implemented: extracts remote address.
  * All built-in `FromRequest` implementations are documented.
  * Request preprocessing overrides remote IP with value from X-Real-IP header.
  * `MockRequest` allows setting the remote address with `remote()`.

Resolves #38.
2017-01-13 07:50:51 -08:00
Sergio Benitez 725191d3c3 Adjust spacing in handlebars_templates example. 2017-01-13 00:22:16 -08:00
FliegendeWurst 99a17b42ae Add tests for handlebars_templates example. 2017-01-13 00:19:58 -08:00
Seth Lopez dec585dbd4 Add tests for content_types example. 2017-01-13 00:05:58 -08:00
Sergio Benitez 6fd0503cea Expose SerdeError. 2017-01-12 23:07:01 -08:00
Lori Holden 3032ff65c7 Kill the spare newline 2017-01-12 11:15:32 -05:00
Lori Holden ea619f4337 PartialEQ for UUID and additional cleanup 2017-01-12 11:09:53 -05:00
Lori Holden 39e9234f5f Merge branch 'master' into uuid_support_v2 2017-01-12 10:19:19 -05:00
Lori Holden feefb9a29b Comments and minor cleanup 2017-01-12 10:16:58 -05:00
Sergio Benitez bea9727f44 Correct variance in Iron benchmarks. 2017-01-12 02:56:02 -08:00
Sergio Benitez 3c07cf96df Overhaul templating contrib library: use `register` callback.
This commit improves and changes the templating library in the following ways:

  * Templates are now registered/loaded at initialization.
  * No synchronization is required to read templates.
  * All templates are properly loaded (fixes #122).
  * Tera templates are given the proper name: `index`, not `index.html.tera`.
  * Rendering tests added for both templating engines.

There is one breaking change:

  * Tera templates are given the proper name: `index`, not `index.html.tera`.
2017-01-12 02:52:23 -08:00
Sergio Benitez 36bf704673 Fix config example tests for new Config structure. 2017-01-12 02:47:25 -08:00
Sergio Benitez c6fbc44888 Add TODO about improving builder finalize error. 2017-01-12 02:43:00 -08:00
Sergio Benitez a2f378ab88 Fixed Hyper version number. 2017-01-12 02:39:42 -08:00
Sergio Benitez ddda8fe79b Add workers config parameter. 2017-01-12 02:38:14 -08:00
Sergio Benitez fb24ee315c Overhaul configuration and custom ignition.
* Add Config::new() and Config::build() for simpler Config creation.
  * Add set_{param} methods to Config.
  * Add ConfigBuilder type for easy building of configurations.
  * Remove builder methods from Config.
  * PartialEq in Config doesn't consider path or session key.
  * Rocket::custom takes Config by value.
  * Rocket::custom takes second (enable_logging) boolean argument.
  * Rocket::custom properly sets the custom config as the active config.
2017-01-11 18:35:09 -08:00
Sergio Benitez 31e80cb07b Add Iron to the benchmark mix. 2017-01-11 14:53:04 -08:00
Sergio Benitez dbd427b433 Add Matrix as an official support channel. Add chat badges. 2017-01-11 14:32:12 -08:00
Lori Holden 8f57b384ce Fix up formatting and add a little more documentation 2017-01-11 16:25:16 -05:00
Lori Holden 8c11a10456 Added documentation and the Display trait for UUID 2017-01-11 16:17:33 -05:00
Sergio Benitez 5db5e9f688 Update handlebars to 0.24. 2017-01-10 15:06:00 -08:00
Lori Holden d6464f23dc Add UUID type 2017-01-10 16:33:30 -05:00
Sergio Benitez b109bb41ff One more clippy warning (in FromForm derive). 2017-01-09 20:45:34 -08:00
Josh Holmer 59043e262a Fix more codegen clippy warnings. 2017-01-09 20:33:54 -08:00
Josh Holmer 17bbd41f73 Fix clippy warnings caused by codegen. 2017-01-09 17:36:47 -08:00
Sergio Benitez e2f342a384 Rearrange formatting in cookies test. 2017-01-09 17:23:04 -08:00
Seth Lopez da7026c781 Add tests for cookies example. 2017-01-09 17:21:19 -08:00
Cliff H 83e33cf0be Add tests for redirect example. 2017-01-09 17:17:47 -08:00
Dru Sellers a6084ab3e2 Change the type for port to u16 in config. 2017-01-09 16:48:27 -08:00
Sergio Benitez 44296980fc Remove proc_macro as a feature - it's stabilized! 2017-01-07 20:59:35 -08:00
Robert e4006c56c8 Add tests for hello_alt_methods example. 2017-01-06 01:41:48 -06:00
Sergio Benitez e230ce9b95 Don't overwrite catcher response status if it is set.
Resolves #113.
2017-01-06 01:32:43 -06:00
Sergio Benitez 21a1bde7c0 Add Header methods to get name and value as strs. 2017-01-06 01:03:08 -06:00
Reilly Tucker Siemens 5e30262378 Add tests for errors example. 2017-01-06 00:43:20 -06:00
Sergio Benitez 6165a6705c Add more comments on dispatch logic. 2017-01-06 00:42:24 -06:00
Sergio Benitez 8f8dde812d Remove unnecessary fields in Redirect Response. 2017-01-06 00:42:10 -06:00
Sergio Benitez ef7d18f15a Add IRC channel to README. 2017-01-06 00:19:01 -06:00
Sergio Benitez 042dcadf43 Expose DataStream directly to allow for stream composition. 2017-01-05 15:13:13 -06:00
Sergio Benitez 069f09cb7e Make 'cargo test' work without '--all-features'. 2017-01-05 14:51:00 -06:00
Sergio Benitez 2da08a975c Make Content-Type case-preserving; add 'params' method. 2017-01-05 02:14:44 -06:00
Sergio Benitez 855d9b7b00 New version: 0.1.4. 2017-01-04 11:18:49 -06:00
Sergio Benitez b202fb9748 Update codegen for 2017-01-03 nightly. 2017-01-04 11:18:22 -06:00
Sergio Benitez 24805bbf16 Treat header names as case-preserving in HeaderMap.
Fixes #92.
2017-01-02 21:33:36 -06:00
Sergio Benitez 82f6f78189 Add UncasedAscii{Ref} type(s) that are case-preserving strings. 2017-01-02 21:32:29 -06:00
Sergio Benitez 2852c526c3 Fix minor typos in CHANGELOG. 2016-12-31 02:08:43 -06:00
Sergio Benitez 16c42289a9 Add crates.io badge. 2016-12-31 02:02:58 -06:00