Commit Graph

545 Commits

Author SHA1 Message Date
Alex Sears 91e3b4397a Fix 'observe' and 'retrieve' typos in cookie docs. 2022-02-23 14:40:01 -08:00
Aurora 3bd65e7e18 Use docstring '///' comment in 'Responder' docs. 2022-02-23 14:36:03 -08:00
David Venhoek 83e7fe1157 Log launch messages at info level.
Fixes #1828.
Closes #1871.
2022-02-23 14:16:18 -08:00
Sergio Benitez 8825f936ef Add 'includeSubdomains' in HSTS preload header.
Resolves #2049.
Closes #2050.

Co-authored-by: Soham Roy <sohamroy@sohamroy.me>
2022-02-22 18:19:09 -08:00
Sergio Benitez fda05bddd2 Update 'rustls' to 0.20.
Also updates 'tokio-rustls' to a compatible version.

Additionally depends on 'rustls-pemfile' which includes functionality
that was previously part of 'rustls' itself.
2022-02-22 17:30:42 -08:00
arlecchino 1ba41b3990 Remove 'CookieJar::get_private_pending()'.
This commit removes the 'CookieJar::get_private_pending()' method in
favor of the already existing and correct 'CookieJar::get_pending()'
method. Previously, the 'CookieJar::get_private_pending()' method
attempted to decrypt the value of a pending cookie, which in reality is
plaintext, thus failing. Because the pending value is plaintext, the
'CookieJar::get_pending()' method suffices.

Documentation has been updated to refer to 'CookieJar::get_pending()'.

Fixes #2063.
2022-02-17 11:04:30 -08:00
Sergio Benitez 6345d2b888 Update dependencies in core to latest versions.
This updates:

 * rmp-serde to 1
 * pretty_assertions to 1
 * parking_lot to 0.12
 * tokio-util to 0.7
2022-02-16 10:26:24 -08:00
Sergio Benitez 0ba5aac53e Update codebase for latest nightly and stable. 2022-02-16 10:08:55 -08:00
Rodolphe Bréard 7a54a1293e Display launch address using 'SocketAddr' fmt.
This fixes IPv6 address display and future-proofs any such display.
2021-08-24 19:40:42 -07:00
Sergio Benitez dd43d68d28 Use cardinality-agnostic wording in error format.
Closes #1746.
2021-08-24 19:39:42 -07:00
Sergio Benitez 3616f25c0b Update 'time' to 0.3, 'cookie' to 0.16.
Also reexport 'time' from the crate root.
2021-08-19 19:49:23 -07:00
Sergio Benitez 80cd30086a Don't enable unused 'futures' features. 2021-08-19 19:49:23 -07:00
Sergio Benitez a16c66eae9 Propagate 'log_level' to SQLx logs.
Closes #1798.
2021-08-19 19:49:20 -07:00
Sergio Benitez a7f6fb2363 Track caller in 'mount' and 'register' calls. 2021-08-19 19:43:34 -07:00
Sergio Benitez b6448fc016 Clarify 'Options::Missing' exception in 'FileServer'. 2021-08-19 19:43:34 -07:00
Gonçalo Ribeiro df8cf4575a Fix typo in 'XssFilter' API documentation: 'enorce' -> 'enforce'. 2021-07-24 14:55:49 -07:00
Joscha 85c0759f1d Fix typos in 'DataField' API documentation. 2021-07-24 14:55:45 -07:00
Sergio Benitez 534f43c223 Point to 'mtls::Certificate' in mTLS config docs. 2021-07-20 14:56:30 -07:00
Sergio Benitez cc0621626b Prefix 'content' responder names with 'Raw'.
The primary aim of this commit is to reduce confusion between
'content::Json' and 'rocket::serde::json::Json' be renaming the former
to 'content::RawJson'. The complete changes in this PR are:

  * All responders in the 'content' module are prefixed with 'Raw'.
  * The 'content::Custom' responder was removed entirely.
  * The 'Plain' responder is now 'RawText'.
  * The 'content' API docs point to the 'serde' responders.
  * The docs and examples were updated accordingly.
2021-07-20 02:09:11 -07:00
Sergio Benitez 7ffe3a7360 Complete mTLS implementation.
Resolves #254.
2021-07-09 00:05:44 -07:00
Sergio Benitez bbc36ba27f Initial implementation of mTLS.
Co-authored-by: Howard Su <howard0su@gmail.com>
Co-authored-by: Mikail Bagishov <bagishov.mikail@yandex.ru>
2021-07-09 00:05:20 -07:00
Sergio Benitez 581b63da7e Restore 'doc(cfg)' labels for config items. 2021-07-05 14:02:19 -07:00
Sergio Benitez 614f8ab46c Condition TLS config types on 'tls' feature.
Previously, TLS, via 'Config::tls', was configurable even if the 'tls'
feature was disabled. This commit changes this so that the 'Config::tls'
field and TLS config structures are only available if 'tls' is enabled.
2021-07-05 13:46:37 -07:00
Sergio Benitez 76fab37e29 Rename 'remote_addr' to 'peer_address'. 2021-07-04 15:37:27 -07:00
Sergio Benitez b5e3569554 Split TLS module into logical submodules. 2021-07-04 15:25:49 -07:00
Sergio Benitez de4b3e3891 Make 'tls' its own module. 2021-07-04 15:01:55 -07:00
Sergio Benitez 6aecff39bc Warn on launch if a custom runtime is detected.
The warning is only emitted in debug profiles.
2021-07-02 11:35:59 -07:00
Sergio Benitez 8058798a4c Properly propagate profile to 'Config' on ignite. 2021-07-02 11:34:35 -07:00
Sergio Benitez 0ffcfae47b Warn on more deprecated config keys and profiles. 2021-07-02 11:31:50 -07:00
Sergio Benitez 8414d787d9 Impl 'FromUriParam' for 'Json'. 2021-07-02 10:36:57 -07:00
Sergio Benitez 2cee4b4594 Make '&Host' a request guard. 2021-07-02 06:57:43 -07:00
Sergio Benitez c58b43700c Add type-safe 'Host' type, 'Request::host()'.
Closes #1699.
2021-07-02 06:48:40 -07:00
Sergio Benitez f49ee7da00 Make 'FileName' danger more pronounced. 2021-07-02 06:48:09 -07:00
Mikail Bagishov be933ce398 Apply clippy suggestions. 2021-06-30 14:13:19 -07:00
ThouCheese 5ebefa97c9 Impl 'std::Error' for 'serde::json::Error'. 2021-06-30 11:22:31 -07:00
Joakim Soderlund 7b9363f981 Fix typo in 'Sentinel' docs: 'INner' -> 'Inner'. 2021-06-30 11:08:20 -07:00
John-John Tedro 0ddad7a6c1 Impl 'Responder' for 'Arc<T>', 'Box<T>'. 2021-06-30 10:44:30 -07:00
PROgrm_JARvis 4339c2af48 Make '<String as FromParam>::Error' 'Infallible'.
Fixes #1679.
2021-06-30 10:27:46 -07:00
Sergio Benitez 6a3d1ac1d5 Fix 'UriDisplay<Query>' 'Json', 'MsgPack', impls.
As 'FromForm' doesn't provide access to the raw, undecoded string,
'MsgPack' cannot implement 'FromForm::from_value()'. This means that it
is not presently possible to parse a MessagePack form from a query
string. As such, the 'UriDisplay<Query>' implementation was removed.

The 'UriDisplay<Query>' for JSON was fixed such that a round-trip of a
'Json<T>' as a form works as expected.
2021-06-30 06:46:03 -07:00
Sergio Benitez bad762b8c4 Add 'rocket::serde:json::to_string()' functions. 2021-06-30 06:46:03 -07:00
Sergio Benitez 3ec58c3ca2 Ensure launch occurs with minimal ciphersuites.
Co-authored-by: Abdullah Alyan <AbdullahAlyan@yahoo.com>
2021-06-29 11:27:54 -07:00
Sergio Benitez f818702f9b Propagate TLS ciphersuite config to rustls.
Closes #1563.
2021-06-29 11:17:59 -07:00
Sergio Benitez dd722cdcfc Add configurable TLS ciphersuite preferences. 2021-06-29 10:35:55 -07:00
Sergio Benitez 5a2535f865 Mark 'form::ErrorKind' 'non_exhaustive'. 2021-06-29 05:06:37 -07:00
Sergio Benitez 9ce2935fe1 Impl 'Len' field validator for 'Json', 'MsgPack'. 2021-06-29 03:37:52 -07:00
Sergio Benitez 9399841b0c Fix order of indices in 'FromForm' map notes. 2021-06-29 03:37:52 -07:00
Sergio Benitez 793f421712 Support type generics, unit structs in 'FromForm'.
The 'FromFrom' derive now allows type generics in all positions using
the same automatic discovery technique as with 'Responder'. (In fact,
the technique was created for this derive.) Furthermore, 'FromForm' can
now be derived for unit structs.

Also adds a new 'try_with' form field validator.

Resolves #1695.
2021-06-29 03:37:52 -07:00
Sergio Benitez 2727d7bb7b Automatically discover 'Responder' generic bounds.
This commit presents and applies a new technique for bounding type
generics in derives. In short, for a generic `T` used in a field type of
`Field<T>`, where an eventual bound of `Responder` required, the derive
generates a bound of `Field<T>: Responder`. This removes the need for
any manually provided bounds while simultaneously allowing more
structures to typecheck. For example, generics in header components are
now fully supported.
2021-06-29 03:31:31 -07:00
Sergio Benitez ae796b41ad Impl std traits, 'UriDisplay<Query>' on 'MsgPack'.
This brings the 'MsgPack' impls to parity with 'Json'.
2021-06-29 03:31:31 -07:00
Sergio Benitez f827367df0 Expose 'serde::msgpack::to_vec()' methods. 2021-06-29 03:31:31 -07:00
Sergio Benitez fb3ae9f7db Impl std traits, 'UriDisplay<Query>' for 'Json'.
The 'Json' type now implements:

  * Clone
  * PartialEq
  * Eq
  * PartialOrd
  * Ord
  * Hash
  * UriDisplay<Query>

Method calls that resolve to a method in the set of traits above
previously resolved to the `Deref` target. For example, `foo.clone()`,
where `foo: Json<T>`, previously resolved to `<T as Clone>::clone()` but
now resolves to `<Json<T> as Clone>::clone()`.
2021-06-29 03:31:27 -07:00
Sergio Benitez 0e98177973 Reexport 'serde::json::to_value()'. 2021-06-29 03:10:13 -07:00
Sergio Benitez 00e56c9822 Use higher contrast emojis for routes, catchers. 2021-06-26 17:11:56 -07:00
Sergio Benitez 7f34aacd60 Add 'Missing', 'IndexFile' 'FileServer' options.
'Missing' allows constructing a 'FileServer' even if the supplied path
does not exist. 'IndexFile' allows serving a single file as the index of
the mount path.
2021-06-26 17:11:56 -07:00
Sergio Benitez d18103358e Allow 'len()' form field validations on 'Capped'.
This also adds more doctests for the 'with' validator.
2021-06-26 17:11:56 -07:00
Sergio Benitez a249f26164 Fix link to 'FromForm' derive in 'FromForm' docs. 2021-06-26 17:11:56 -07:00
Sergio Benitez 686a0ed964 Fix wording in 'config' docs. 2021-06-26 17:11:53 -07:00
Sergio Benitez b00c89c22f Support lifetime bounds in typed stream macros.
The syntax 'TypedStream![T + '_]' expands to:

  impl TypedStream<Item = T> + '_

This allows seamlessly borrowing in typed streams.

Also adds 'Event::empty()', for convenience.
2021-06-26 16:37:21 -07:00
Sergio Benitez 770f332832 Improve 'Responder' API docs.
The improvements are:

  * Point directly and immediately to the 'Responder' derive.
  * Provide more discussion on lifetimes.
  * Format documentation for easier scanning.
2021-06-26 12:41:42 -07:00
Sergio Benitez d34195fe11 Warn, don't error, if remote hangs up. 2021-06-26 12:05:04 -07:00
Sergio Benitez ef303d44f8 Fix 'TempFile' data guard warning formatting. 2021-06-26 12:03:52 -07:00
Sergio Benitez 76ec847a58 Use 'RelativePathBuf' as 'Config.temp_dir' type.
This makes a relative 'temp_dir' declared in a config file relative to
the config file itself.
2021-06-25 11:42:49 -07:00
Sergio Benitez c3ee34e295 Drop sender to prevent async client read deadlock.
Fixes #1729.

Co-authored-by: Wesley Norris <repnop@outlook.com>
2021-06-25 09:27:36 -07:00
Sergio Benitez a875da1666 Always disable colors if requested or unavailable.
Resolves #1712.
2021-06-25 09:08:49 -07:00
timando c3dc7183f3 Fix Responder documentation: remove an outdated reference to 'Future'. 2021-06-17 17:20:04 -07:00
timando af1aa079d6 Fix a word in the 'Data::peek' docs: 'max' -> 'min'. 2021-06-14 19:36:03 -07:00
Sergio Benitez d2c2725689 Implement 'De(Serialize)' for 'Method'. 2021-06-09 17:07:26 -07:00
Sergio Benitez c028d63e5b New version: 0.5.0-rc.1.
New contrib versions: 0.1.0-rc.1.
2021-06-09 09:52:37 -07:00
Sergio Benitez 6961a717d8 Use crates.io compatible internal package names. 2021-06-09 09:47:21 -07:00
Sergio Benitez 1aa551ada6 Ignore heartbeats in non-heartbeat SSE test. 2021-06-09 04:51:46 -07:00
Sergio Benitez 01436d2d24 Fix a ton of broken links. 2021-06-09 04:51:46 -07:00
Sergio Benitez b19544c346 Fix doc typo: "Contracting" -> "Constructing". 2021-06-08 23:13:03 -07:00
Sergio Benitez 128234d9a8 Allow customizing and removing 'Server' header. 2021-06-08 23:09:57 -07:00
Sergio Benitez 6206a46222 Try to preserve header casing in HTTP/1.1.
Unfortunately, this doesn't actually do anything at the moment due to
what appears to be a bug in hyper.
2021-06-08 23:00:59 -07:00
Sergio Benitez 4c6562cd29 Drop 'Data' after sending a response, not before.
This allows responses to be sent to the client even when data is only
partially read, significantly improving the experience for the client
from one with a "connection closed" error to one with a proper response.
The consequence is a lifetime in 'Data'.

Though other non-lifetime-introducing solutions exist, the introduction
of a lifetime to 'Data' is a longstanding desire as it prevents
smuggling 'Data' into a longer-lived context. Use of 'Data' in that
context was unspecified with various runtime consequences. The addition
of a lifetime bound by the request prevents this error statically.

In summary, the changes are:
  * Clients receive responses even when data isn't fully read.
  * 'Data' becomes 'Data<'r>'. 'FromData' changes accordingly.
  * Route 'Outcome's are strictly tied to the request lifetime.

Tangentially, the invalid length form field validation error message has
improved to format length in byte units if it exceeds 1024.
2021-06-08 13:26:16 -07:00
Sergio Benitez 7595450adc Use published 'state'. 2021-06-07 20:34:27 -07:00
Sergio Benitez 333da45470 Allow non-breaking config additions.
If stars aligned properly, we might imagine writing this:

    #[non_exhaustive]
    struct Config {
        pub field: Foo,
        pub other: Bar,
    }

...with semantics that would allow the defining crate (here, Rocket), to
construct the structure directly while consumers would need to use
public constructors or struct update syntax:

    Config {
        field: Foo,
        other: Bar,
        ..Default::default()
    }

Alas, this is not the way `non_exhaustive` works on structs. You cannot
use field-update syntax to construct `Config` above. You must use public
constructors. This means builder methods or mutating an already built
struct. This is not what we want.

I don't know why it works this way. I don't see why it must. Something
something Drop.

So we have this hack from the pre-non_exhaustive era.
2021-06-07 19:31:23 -07:00
Sergio Benitez 5f50d5e232 Check for trailing new lines in testing script. 2021-06-07 19:31:23 -07:00
Sergio Benitez 0aa9a11ca4 Fix typos throughout codebase. 2021-06-07 19:31:21 -07:00
Sergio Benitez 94a5f5eca6 Fuzz URI parsing and display. 2021-06-06 21:52:44 -07:00
Sergio Benitez 0d53e23bf6 Discover sentinels in known type macros.
Resolves #1657.
2021-06-03 19:31:30 -07:00
Sergio Benitez dc5c57b624 Be even more tolerant in heartbeat testing. 2021-06-03 02:51:06 -07:00
Sergio Benitez 1e4db983e8 Fix, finish 'FromForm' derive field defaults.
Resolves #1536.
2021-06-03 00:05:02 -07:00
ThouCheese ebb9f3cfdd Allow field defaults in 'FromForm' derive. 2021-06-03 00:02:32 -07:00
Sergio Benitez 559320d155 Increase tolerance in SSE heartbeat test. 2021-06-02 22:35:50 -07:00
toshokan 27519a97ea Fix typo in 'Request' docs: no`n`th -> `n`th. 2021-06-02 17:43:15 -07:00
Sergio Benitez 0cd8bd2313 Initialize logger earlier to log more errors.
Specifically, errors that occurred _before_ ignite time went unlogged as
no logger was initialized. This commit rectifies the situation.
2021-06-02 17:25:07 -07:00
Sergio Benitez f8efa64ae2 Expose 'msgpack::from_slice', 'json::from_value'. 2021-06-02 16:59:42 -07:00
Sergio Benitez a8f6103b99 Introduce Server-Sent Event Streams.
Resolves #33.
2021-06-01 13:47:50 -07:00
Sergio Benitez 8029ea319f Expose 'serde::json::{from_str,from_slice}'. 2021-06-01 13:47:50 -07:00
Jeb Rosen 2076b693b1 Add initial Server-Sent Events implementation. 2021-06-01 13:19:58 -07:00
Sergio Benitez bcd62e5373 Add 'Join' stream combinator extension. 2021-06-01 11:46:17 -07:00
Sergio Benitez ed3cc13b84 Add internal '__typed_stream' proc-macro.
This resolves syntax ambiguity issues with public typed-stream macros.
Prior to this commit, greedy single-token matching by macro-rules macros
would result in certain tokens at the beginning of the macro input, such
as 'for', inadvertently triggering a '$ty' matching case resulting in
incorrect expansion.
2021-06-01 11:43:51 -07:00
Sergio Benitez 009be32a8c Improve request conversion performance, semantics.
This commit makes the following improvements to core request handling:

  * Absolute target URIs are not rejected. Instead, the path and query
    parts are passed through the application. This resolves an issue
    where certain HTTP/2 requests would be rejected by Rocket.
  * Data is never copied from the request. Previously, Rocket would copy
    and allocate for incoming headers.
  * Non-UTF-8 headers are dropped with a warning instead of being
    lossily, and thus perhaps incorrectly, decoded as UTF-8. The final
    fix is to properly support non-UTF-8 headers, no matter how in the
    minority they are.

Resolves #1498.
2021-06-01 11:36:57 -07:00
Sergio Benitez df286668b5 Add arbitrary function 'with' field validator. 2021-06-01 11:33:40 -07:00
Sergio Benitez 8214df4a56 Allow more types in 'contains' field validator.
The validator can now validate string contents with:

    * '&[char]'
    * 'F: FnMut(char) -> bool'
2021-06-01 11:30:34 -07:00
Sergio Benitez cf5ccc4b2e Fix MIME confusion attack URL in 'NoSniff' policy. 2021-06-01 11:27:43 -07:00
Sergio Benitez 1bf8862796 Move stream responders into their own module.
This is largely an internal change. However, this commit also renamed
the 'Once' stream to the more apt 'One', a visible breaking change.
2021-06-01 11:16:40 -07:00
Sergio Benitez 3a3d0ce518 Protect graceful shutdown against runaway I/O. 2021-05-31 23:47:52 -07:00
Sergio Benitez 6b4c1b71d7 Update 'tokio' to 1.6.1. 2021-05-29 15:33:15 -07:00