Commit Graph

268 Commits

Author SHA1 Message Date
Sergio Benitez 91f6288ea4 New version: 0.5.0-rc.3.
New contrib versions: 0.1.0-rc.3.
2023-03-23 16:56:17 -07:00
Sergio Benitez 219a8a5468 Fix a bunch of typos. 2023-03-23 16:27:08 -07:00
Sergio Benitez 0a0f540988 Support TLS keys in SEC1 format. 2023-03-23 14:57:54 -07:00
Sergio Benitez daa157f872 Ignore data before TLS key encapsulation boundary.
Resolves #2281.

Co-authored-by: Julian Büttner <me@julianbuettner.dev>
2023-03-23 14:57:54 -07:00
Kian-Meng Ang 06d255b52b Fix a whole bunch of typos.
Found via `codespell -L crate,ser,fo,noo,nd,cappable,pard,te,ans`.
2023-03-23 14:57:54 -07:00
Alexander van Ratingen 2191369b37 Fix typos in docs. 2023-03-23 14:57:54 -07:00
Sergio Benitez bbbb927ac2 Update dependencies without observable breakages.
The following dependencies were updated:
  * `criterion` from 0.3 to 0.4
  * `deadpool-redis` from 0.10 to 0.11
  * `normpath` from 0.3 to 1
  * `cookie` from 0.16 to 0.17
2023-03-22 13:44:16 -07:00
Sergio Benitez 9377af5978 Make real IP header configurable via 'ip_header'.
Adds an `ip_header` configuration parameter that allows modifying the
header Rocket attempts to use to retrieve the "real IP" address of the
client via `Request` methods like `client_ip()`. Additionally allows
disabling the use of any such header.
2023-03-20 12:57:21 -07:00
Aaron Leopold c8b8b2b022 Add several new known media types:
* CBZ: application/vnd.comicbook+zip, .cbz
  * CBR: application/vnd.comicbook-rar, .cbr
  * RAR: application/vnd.rar, .rar
  * EPUB: application/epub+zip, .epub
  * OPF: application/oebps-package+xml, .opf
  * XHTML: application/xhtml+xml, .xhtml
2022-06-13 15:29:32 -07:00
James Tai 2fc4b156eb Add MP3 (audio/mpeg) as a known media type. 2022-06-03 07:30:22 -07:00
Konrad Borowski e390423083 Enable 'cookie' 'secure' feature conditionally.
This was incorrectly enabled unconditionally in 442b668.
2022-05-18 17:29:52 -07:00
Sergio Benitez 68185ce0e2 Update comment in 'Listener' sleep code. 2022-05-18 17:29:21 -07:00
Sergio Benitez 4dcd92837f New version: 0.5.0-rc.2.
New contrib versions: 0.1.0-rc.2.
2022-05-09 06:32:46 -05:00
Sergio Benitez 4c8bd61c4f Unhide 'http' exports that shouldn't be hidden. 2022-05-08 01:08:22 -05:00
Sergio Benitez 0ba56ccbb3 Revamp shutdown to recover shutdown 'Rocket'.
The core improvement is that `Rocket::launch()` now resolves to
`Ok(Rocket<Ignite>)` on nominal shutdown. Furthermore, shutdown never
terminates the running process.

Other changes directly related to shutdown:

  * Runtime worker thread names are now irrelevant to graceful shutdown.
  * `ErrorKind::Runtime` was removed; `ErrorKind::Shutdown` was added.
  * The `force` config value is only read from the default provider.
  * If `force`, Rocket's constructed async runtime is terminated.

Other related changes:

  * The exported `hyper` module docs properly reflect public re-exports.
2022-05-07 06:12:24 -05:00
Arthur Woimbée 4df97f0e25 Improve unrecognized TLS key header error message.
Resolves #2128.
2022-05-05 08:00:24 -05:00
Sergio Benitez 54224618b2 Switch to upstream 'tokio-rustls'. 2022-05-04 09:44:26 -07:00
Sergio Benitez ee4aa81847 Allow '[' and ']' in URI paths.
This is strictly noncompliant and they should be encoded, but browsers
routinely send them unencoded, so we allow them to avoid trouble.
2022-05-04 09:44:24 -07:00
Sergio Benitez 07460df279 Rework TLS listener/connection implementations.
The previous implementation allowed a trivial DoS attack in which the
client need simply maintain open connections with incomplete handshakes.
This commit resolves that by allowing a server worker to progress as
soon as a TCP connection has been established. This comes at the expense
of a more complex implementation necessitated by deficiencies in Hyper.

Potentially resolves #2118.
2022-05-03 13:56:25 -07:00
Sergio Benitez e9d46b917e Fully 'drop()' I/O struct in 'CancellableIo'.
This should improve the reliability of graceful shutdown.
2022-05-03 13:55:43 -07:00
Sergio Benitez bf84b1cdb5 Enable TCP_NODELAY on TCP-based connections.
We may want a more fine-grained approach to immediately transmitting
application data, but Hyper does not yet expose a suitable API.

Resolves #2062.
2022-04-28 13:22:06 -07:00
Sergio Benitez b117210ca6 Update 'rustls-pemfile' to 1.0. 2022-04-26 22:09:10 -07:00
Sergio Benitez 810f472524 Update 'uuid' to 1.0. 2022-04-26 22:04:47 -07:00
Konrad Borowski 7bbe0457a5 Use new 2021 edition functionality.
* Remove `TryInto` and `TryFrom` imports.
  * Replace `IntoIter::new()` with `.into_iter()`.
2022-04-19 18:35:55 -07:00
Konrad Borowski 4d258739f5 Migrate Rocket to Rust 2021 edition. 2022-04-19 18:35:38 -07:00
Sergio Benitez 4d83f73f86 Implement 'Eq' for 'MediaType', 'ContentType'.
This also fixes the 'Hash' implementation to match the docs.

Resolves #2132.
2022-04-19 13:58:30 -07:00
Sergio Benitez 2a7eac01bb Fix 'Segments::to_path_buf()' on Windows. 2022-04-19 13:06:02 -07:00
Sergio Benitez ccf0b802bc Disallow ':' in `PathBuf` guard on Windows.
Fixes #1949.
2022-04-18 18:27:41 -07:00
Edgar Onghena ff7cf68461 Make HTTP/2 optional via 'http2' feature.
Closes #2030.
2022-03-08 15:13:24 -08:00
=?UTF-8?q?R=C3=A9mi=20Lauzier?= f82d760b52 Use 'matches!' macro where possible. 2022-02-23 14:11:44 -08:00
Sergio Benitez fda05bddd2 Update 'rustls' to 0.20.
Also updates 'tokio-rustls' to a compatible version.

Additionally depends on 'rustls-pemfile' which includes functionality
that was previously part of 'rustls' itself.
2022-02-22 17:30:42 -08:00
Sergio Benitez 502b11c177 Update 'x509-parser' to 0.13. 2022-02-22 13:01:05 -08:00
Sergio Benitez 2f59515752 Update 'x509-parser' to 0.12.
Closes #2100.
2022-02-22 12:51:59 -08:00
arlecchino 1ba41b3990 Remove 'CookieJar::get_private_pending()'.
This commit removes the 'CookieJar::get_private_pending()' method in
favor of the already existing and correct 'CookieJar::get_pending()'
method. Previously, the 'CookieJar::get_private_pending()' method
attempted to decrypt the value of a pending cookie, which in reality is
plaintext, thus failing. Because the pending value is plaintext, the
'CookieJar::get_pending()' method suffices.

Documentation has been updated to refer to 'CookieJar::get_pending()'.

Fixes #2063.
2022-02-17 11:04:30 -08:00
arlecchino 442b668a7a Update 'cookie' to '0.16'. 2022-02-17 10:57:37 -08:00
Sergio Benitez 0ba5aac53e Update codebase for latest nightly and stable. 2022-02-16 10:08:55 -08:00
Sergio Benitez 3616f25c0b Update 'time' to 0.3, 'cookie' to 0.16.
Also reexport 'time' from the crate root.
2021-08-19 19:49:23 -07:00
Sergio Benitez 74be9c68b1 Add missing newline for better doc rendering. 2021-08-19 19:49:23 -07:00
Sergio Benitez be3ceef4e3 Use 'hyper' instead of 'http' where possible. 2021-08-19 19:49:23 -07:00
Sergio Benitez 6d2059f9eb Remove unused 'mime' dependency. 2021-08-19 19:49:23 -07:00
Sergio Benitez 1a8574e491 Remove unused 'parking_lot' 'http' dependency. 2021-08-19 19:43:34 -07:00
Sergio Benitez 7ffe3a7360 Complete mTLS implementation.
Resolves #254.
2021-07-09 00:05:44 -07:00
Sergio Benitez bbc36ba27f Initial implementation of mTLS.
Co-authored-by: Howard Su <howard0su@gmail.com>
Co-authored-by: Mikail Bagishov <bagishov.mikail@yandex.ru>
2021-07-09 00:05:20 -07:00
Sergio Benitez 76fab37e29 Rename 'remote_addr' to 'peer_address'. 2021-07-04 15:37:27 -07:00
Sergio Benitez b5e3569554 Split TLS module into logical submodules. 2021-07-04 15:25:49 -07:00
Sergio Benitez de4b3e3891 Make 'tls' its own module. 2021-07-04 15:01:55 -07:00
Sergio Benitez efce2bc958 Make 'MediaType::with_params()' a builder method.
Instead of a constructor, 'MediaType::with_params()' and
'ContentType::with_params()' are now both builder methods. This allow
chaining the method to associated constants.
2021-07-04 13:50:19 -07:00
Sergio Benitez 75d851d011 Sync core 'UriDisplay' and 'FromUriParam' impls. 2021-07-02 08:17:22 -07:00
Sergio Benitez c58b43700c Add type-safe 'Host' type, 'Request::host()'.
Closes #1699.
2021-07-02 06:48:40 -07:00
Mikail Bagishov be933ce398 Apply clippy suggestions. 2021-06-30 14:13:19 -07:00
Sergio Benitez e141ac8a19 Add 'RawStr::percent_encode_bytes()'. 2021-06-30 06:46:01 -07:00
Sergio Benitez f818702f9b Propagate TLS ciphersuite config to rustls.
Closes #1563.
2021-06-29 11:17:59 -07:00
Sergio Benitez 7c8c06522c Impl 'UriDisplay' for 'Vec', maps, nonzero ints. 2021-06-29 03:31:31 -07:00
Sergio Benitez f3e08bf3f6 Add Markdown (text/markdown) as a known media type. 2021-06-26 12:02:19 -07:00
Sergio Benitez c2960e7e6f Uniformly implement utility traits on URI types. 2021-06-09 17:44:12 -07:00
Sergio Benitez d2c2725689 Implement 'De(Serialize)' for 'Method'. 2021-06-09 17:07:26 -07:00
Sergio Benitez c028d63e5b New version: 0.5.0-rc.1.
New contrib versions: 0.1.0-rc.1.
2021-06-09 09:52:37 -07:00
Sergio Benitez 6961a717d8 Use crates.io compatible internal package names. 2021-06-09 09:47:21 -07:00
Sergio Benitez 01436d2d24 Fix a ton of broken links. 2021-06-09 04:51:46 -07:00
Jeb Rosen 3b5f5afc6e Advertise HTTP/2 support via ALPN. 2021-06-09 04:51:33 -07:00
Sergio Benitez 128234d9a8 Allow customizing and removing 'Server' header. 2021-06-08 23:09:57 -07:00
Sergio Benitez 6206a46222 Try to preserve header casing in HTTP/1.1.
Unfortunately, this doesn't actually do anything at the moment due to
what appears to be a bug in hyper.
2021-06-08 23:00:59 -07:00
Sergio Benitez 7595450adc Use published 'state'. 2021-06-07 20:34:27 -07:00
Sergio Benitez 723afa317a Remove 'Copy' impl on 'Segments' iterator.
This ideally prevents logic bugs where one thinks they've modified the
iterator where, in reality, a new iterator has been returned.
2021-06-07 20:34:27 -07:00
Sergio Benitez 78352c787d Add 'ContentType::EventStream' known media type.
The value maps to "text/event-stream".
2021-06-01 11:46:47 -07:00
Sergio Benitez e73ff8c614 Impl 'PartialEq<Cow<RawStr>>' for 'RawStr'. 2021-06-01 11:16:40 -07:00
Sergio Benitez 6b4c1b71d7 Update 'tokio' to 1.6.1. 2021-05-29 15:33:15 -07:00
Sergio Benitez 1f1976f8bf Avoid Tokio 1.6 due to tokio-rs/tokio#3803. 2021-05-27 15:25:57 -07:00
Sergio Benitez faaa9c9065 Fixup URI (de)serialization. 2021-05-24 12:16:03 -07:00
Matthew Pomes 1233518733 Implement (De)Serialize for all URI variants.
Closes #1593.
2021-05-24 12:15:52 -07:00
Sergio Benitez a78814f1c5 Graduate contrib 'uuid' into core.
This has the following nice benefits:

  * The 'Uuid' wrapper type is gone.
  * 'Uuid' implements 'UriDisplay', 'FromUriParam'.
  * The 'serialization' example merges in 'uuid'.

Resolves #1299.
2021-05-22 11:01:00 -07:00
Sergio Benitez f6a7087c84 Graduate 'helmet' as 'shield' into core.
The 'SpaceHelmet' fairing is now called 'Shield'. It features the
following changes and improvements:

  * Headers which are now ignored by browsers are removed.
  * 'XssFilter' is no longer an on-by-default policy.
  * A new 'Permission' policy is introduced.
  * 'Shield' is attached to all 'Rocket' instances by default.
  * Default headers never allocate on 'Clone'.
  * Policy headers are rendered once and cached at start-up.
  * Improved use of typed URIs in policy types.
2021-05-22 11:01:00 -07:00
Sergio Benitez 28ba04b47b Impl 'IntoCollection' for '[T; N]'.
This introduces const generics into the codebase for a more efficient,
clone-free 'IntoCollection' for arrays.
2021-05-22 11:01:00 -07:00
Matthew Pomes 471e2eb90b Remove use of unsafe in 'parse_owned()'.
This fixes a soundness issue where a returned error may refer to a
long-lived borrow and removes the potential for any such infraction in
the future.
2021-05-21 22:58:19 -07:00
Sergio Benitez fa3e0334c1 Overhaul URI types, parsers, 'uri!' macro.
This commit entirely rewrites Rocket's URI parsing routines and
overhauls the 'uri!' macro resolving all known issues and removing any
potential limitations for compile-time URI creation. This commit:

  * Introduces a new 'Reference' URI variant for URI-references.
  * Modifies 'Redirect' to accept 'TryFrom<Reference>'.
  * Introduces a new 'Asterisk' URI variant for parity.
  * Allows creation of any URI type from a string literal via 'uri!'.
  * Enables dynamic/static prefixing/suffixing of route URIs in 'uri!'.
  * Unifies 'Segments' and 'QuerySegments' into one generic 'Segments'.
  * Consolidates URI formatting types/traits into a 'uri::fmt' module.
  * Makes APIs more symmetric across URI types.

It also includes the following less-relevant changes:

  * Implements 'FromParam' for a single-segment 'PathBuf'.
  * Adds 'FileName::is_safe()'.
  * No longer reparses upstream request URIs.

Resolves #842.
Resolves #853.
Resolves #998.
2021-05-19 18:47:11 -07:00
Sergio Benitez 15b1cf59dd Properly document 'RawStr' 'Cow' conversions. 2021-05-19 18:18:44 -07:00
Sergio Benitez ad8d80907b Remove unused reason phrase in 'Status'.
Closes #534.

Co-authored-by: YetAnotherMinion <yam@thinkalexandria.com>
2021-04-28 21:26:41 -07:00
Sergio Benitez a72e8da735 Implement graceful shutdown.
The crux of the implementation is as follows:

  * Configurable ctrl-c, signals that trigger a graceful shutdown.
  * Configurable grace period before forced I/O termination.
  * Programatic triggering via an application-wide method.
  * A future (`Shutdown`) that resolves only when shutdown is requested.

Resolves #180.
2021-04-28 03:20:44 -07:00
Sergio Benitez 8d40450f36 Add 'Text', 'Bytes' known media types.
These are aliases to the existing 'Plain' and 'Binary'.
2021-04-28 01:19:30 -07:00
Sergio Benitez 3c8f5708ea Reject invalid URIs that begin with ':'. 2021-04-27 20:19:35 -07:00
Sergio Benitez 4f3511786c Introduce statically-enforced 'Rocket' phasing.
The core 'Rocket' type is parameterized: 'Rocket<P: Phase>', where
'Phase' is a newly introduced, sealed marker trait. The trait is
implemented by three new marker types representing the three launch
phases: 'Build', 'Ignite', and 'Orbit'. Progression through these three
phases, in order, is enforced, as are the invariants guaranteed by each
phase. In particular, an instance of 'Rocket' is guaranteed to be in its
final configuration after the 'Build' phase and represent a running
local or public server in the 'Orbit' phase. The 'Ignite' phase serves
as an intermediate, enabling inspection of a finalized but stationary
instance. Transition between phases validates the invariants required
by the transition.

All APIs have been adjusted appropriately, requiring either an instance
of 'Rocket' in a particular phase ('Rocket<Build>', 'Rocket<Ignite>', or
'Rocket<Orbit>') or operating generically on a 'Rocket<P>'.
Documentation is also updated and substantially improved to mention
required and guaranteed invariants.

Additionally, this commit makes the following relevant changes:

  * 'Rocket::ignite()' is now a public interface.
  * 'Rocket::{build,custom}' methods can no longer panic.
  * 'Launch' fairings are now 'ignite' fairings.
  * 'Liftoff' fairings are always run, even in local mode.
  * All 'ignite' fairings run concurrently at ignition.
  * Launch logging occurs on launch, not any point prior.
  * Launch log messages have improved formatting.
  * A new launch error kind, 'Config', was added.
  * A 'fairing::Result' type alias was introduced.
  * 'Shutdown::shutdown()' is now 'Shutdown::notify()'.

Some internal changes were also introduced:

  * Fairing 'Info' name for 'Templates' is now 'Templating'.
  * Shutdown is implemented using 'tokio::sync::Notify'.
  * 'Client::debug()' is used nearly universally in tests.

Resolves #1154.
Resolves #1136.
2021-04-13 19:26:45 -07:00
Sergio Benitez c924ff7591 Impl 'Hash', 'Eq', 'PartialEq<&str>' for 'Origin'. 2021-04-13 17:45:41 -07:00
Sergio Benitez dd1b51f681 Optimistically wait-free retry failed 'accept()'. 2021-04-13 17:42:05 -07:00
Sergio Benitez e157904524 Parse empty bool values as 'true'.
This allows a field 'f: bool' to parse as true for the query '?f'.
2021-04-07 23:09:05 -07:00
Sergio Benitez cb4b8a3fef Add 'percent_encode', 'strip' methods to 'RawStr'. 2021-04-07 23:09:05 -07:00
Sergio Benitez e92b2adeaa Introduce 'RawStrBuf', use in 'Origin::map_path()'.
'RawStrBuf' is the owned analog of 'RawStr'. Thus, 'Cow<RawStr>' is
either 'RawStr' or 'RawStrBuf'.
2021-04-07 23:09:05 -07:00
Sergio Benitez 0bdb6b7bc7 Remove 'attach' fairings. Add 'liftoff' fairings.
Launch fairings are now fallible and take the place of attach fairings,
but they are only run, as the name implies, at launch time.

This is is a fundamental shift from eager execution of set-up routines,
including the now defunct attach fairings, to lazy execution,
precipitated by the transition to `async`. The previous functionality,
while simple, caused grave issues:

  1. A instance of 'Rocket' with async attach fairings requires an async
     runtime to be constructed.
  2. The instance is accessible in non-async contexts.
  3. The async attach fairings have no runtime in which to be run.

Here's an example:

```rust
let rocket = rocket::ignite()
    .attach(AttachFairing::from(|rocket| async {
        Ok(rocket.manage(load_from_network::<T>().await))
    }));

let state = rocket.state::<T>();
```

This had no real meaning previously yet was accepted by running the
attach fairing future in an isolated runtime. In isolation, this causes
no issue, but when attach fairing futures share reactor state with other
futures in Rocket, panics ensue.

The new Rocket application lifecycle is this:

  * Build - A Rocket instance is constructed. No fairings are run.
  * Ignition - All launch fairings are run.
  * Liftoff - If all launch fairings succeeded, the server is started.

New 'liftoff' fairings are run in this third phase.
2021-04-07 23:09:00 -07:00
Sergio Benitez 2893ce754d Introduce scoped catchers.
Catchers can now be scoped to paths, with preference given to the
longest-prefix, then the status code. This a breaking change for all
applications that register catchers:

  * `Rocket::register()` takes a base path to scope catchers under.
    - The previous behavior is recovered with `::register("/", ...)`.
  * Catchers now fallibly, instead of silently, collide.
  * `ErrorKind::Collision` is now `ErrorKind::Collisions`.

Related changes:

  * `Origin` implements `TryFrom<String>`, `TryFrom<&str>`.
  * All URI variants implement `TryFrom<Uri>`.
  * Added `Segments::prefix_of()`.
  * `Rocket::mount()` takes a  `TryInto<Origin<'_>>` instead of `&str`
    for the base mount point.
  * Extended `errors` example with scoped catchers.
  * Added scoped sections to catchers guide.

Internal changes:

  * Moved router code to `router/router.rs`.
2021-03-28 13:57:33 -07:00
Sergio Benitez 3119e6f453 Redesign routing benchmarks.
The new benchmarks use routes from real-world project. This is much more
realistic than the previous benchmarks.

The new benchmarks use `criterion` and exist in their own Cargo project.
2021-03-26 20:02:49 -07:00
Sergio Benitez b3021e2acb Fix all broken links. Update some outdated docs. 2021-03-19 18:09:13 -07:00
Abdullah Alyan af48d1f2e6 Support more TLS key types in PKCS format.
Closes #1449.
Resolves #1461.
2021-03-17 18:23:15 -07:00
Sergio Benitez f254504dc9 Depend on a single revision of 'state'.
Closes #1577.
2021-03-15 02:46:34 -07:00
Sergio Benitez 83ffe0f7bc Remove 'Config::profile()'. CFG 'secret_key' field.
This commit makes the `Config.secret_key` conditionally compile on the
`secrets` feature. The net effect is simplified internal code, fewer
corner-cases, and easier to write tests.

This commit removes the `Provider::profile()` implementation of
`Config`. This means that the `Config` provider no longer sets a
profile, a likely confusing behavior. The `Config::figment()` continues
to function as before.
2021-03-09 21:40:53 -08:00
Sergio Benitez a3946377f7 Use 'UriPart::Kind' to avoid unreachable match arms. 2021-03-04 02:48:07 -08:00
Sergio Benitez 78e2f8a3c9 Revamp codegen, fixing inconscpicuous bugs.
This commit completely revamps the way that codegen handles route URI
"parameters". The changes are largely internal. In summary, codegen code
is better organized, better written, and less subject to error.

There are three breaking changes:
  * `path` is now `uri` in `route` attribute: `#[route(GET, path = "..")]`
    becomes `#[route(GET, uri = "..")]`.
  * the order of execution for path and query guards relative to
    each-other is now unspecified
  * URI normalization now normalizes the query part as well.

Several error messages were improved. A couple of bugs were fixed:
  * Prior to this commit, Rocket would optimistically try to parse every
    segment of a URI as an ident, in case one was needed in the future.
    A bug in rustc results in codegen "panicking" if the segment
    couldn't _lex_ as an ident. This panic didn't manifest until far
    after expansion, unfortunately. This wasn't a problem before as we
    only allowed ident-like segments (ASCII), but now that we allow any
    UTF-8, the bug surfaced. This was fixed by never attempting to parse
    non-idents as idents.
  * Prior to this commit, it was impossible to generate typed URIs for
    paths that ignored path parameters via the recently added syntax
    `<_>`: the macro would panic. This was fixed by, well, handling
    these ignored parameters.

Some minor additions:
  * Added `RawStr::find()`, expanding its `Pattern`-based API.
  * Added an internal mechanism to dynamically determine if a `UriPart`
    is `Path` or `Query`.
2021-03-04 02:01:25 -08:00
Sergio Benitez 63a14525d8 UTF-8 routes. Forms revamp. Temp files. Capped.
So. Many. Changes.

This is an insane commit: simultaneously one of the best (because of all
the wonderful improvements!) and one of the worst (because it is just
massive) in the project's history.

Routing:
  * All UTF-8 characters are accepted everywhere in route paths. (#998)
  * `path` is now `uri` in `route` attribute: `#[route(GET, path = "..")]`
    becomes `#[route(GET, uri = "..")]`.

Forms Revamp
  * All form related types now reside in a new `form` module.
  * Multipart forms are supported. (resolves #106)
  * Collections are supported in forms and queries. (resolves #205)
  * Nested structures in forms and queries are supported. (resolves #313)
  * Form fields can be ad-hoc validated with `#[field(validate = expr)]`.
  * `FromFormValue` is now `FromFormField`, blanket implements `FromForm`.
  * Form field values are always percent-decoded apriori.

Temporary Files
  * A new `TempFile` data and form guard allows streaming data directly to a
    file which can then be persisted.
  * A new `temp_dir` config parameter specifies where to store `TempFile`.
  * The limits `file` and `file/$ext`, where `$ext` is the file extension,
    determines the data limit for a `TempFile`.

Capped
  * A new `Capped` type is used to indicate when data has been truncated due to
    incoming data limits. It allows checking whether data is complete or
    truncated.
  * `DataStream` methods return `Capped` types.
  * `DataStream` API has been revamped to account for `Capped` types.
  * Several `Capped<T>` types implement `FromData`, `FromForm`.
  * HTTP 413 (Payload Too Large) errors are now returned when data limits are
    exceeded. (resolves #972)

Hierarchical Limits
  * Data limits are now hierarchical, delimited with `/`. A limit of `a/b/c`
    falls back to `a/b` then `a`.

Core
  * `&RawStr` no longer implements `FromParam`.
  * `&str` implements `FromParam`, `FromData`, `FromForm`.
  * `FromTransformedData` was removed.
  * `FromData` gained a lifetime for use with request-local data.
  * The default error HTML is more compact.
  * `&Config` is a request guard.
  * The `DataStream` interface was entirely revamped.
  * `State` is only exported via `rocket::State`.
  * A `request::local_cache!()` macro was added for storing values in
    request-local cache without consideration for type uniqueness by using a
    locally generated anonymous type.
  * `Request::get_param()` is now `Request::param()`.
  * `Request::get_segments()` is now `Request::segments()`, takes a range.
  * `Request::get_query_value()` is now `Request::query_value()`, can parse any
    `FromForm` including sequences.
  * `std::io::Error` implements `Responder` like `Debug<std::io::Error>`.
  * `(Status, R)` where `R: Responder` implements `Responder` by overriding the
    `Status` of `R`.
  * The name of a route is printed first during route matching.
  * `FlashMessage` now only has one lifetime generic.

HTTP
  * `RawStr` implements `serde::{Serialize, Deserialize}`.
  * `RawStr` implements _many_ more methods, in particular, those related to the
    `Pattern` API.
  * `RawStr::from_str()` is now `RawStr::new()`.
  * `RawStr::url_decode()` and `RawStr::url_decode_lossy()` only allocate as
    necessary, return `Cow`.
  * `Status` implements `Default` with `Status::Ok`.
  * `Status` implements `PartialEq`, `Eq`, `Hash`, `PartialOrd`, `Ord`.
  * Authority and origin part of `Absolute` can be modified with new
    `Absolute::{with,set}_authority()`, `Absolute::{with,set}_origin()` methods.
  * `Origin::segments()` was removed in favor of methods split into query and
    path parts and into raw and decoded versions.
  * The `Segments` iterator is smarter, returns decoded `&str` items.
  * `Segments::into_path_buf()` is now `Segments::to_path_buf()`.
  * A new `QuerySegments` is the analogous query segment iterator.
  * Once set, `expires` on private cookies is not overwritten. (resolves #1506)
  * `Origin::path()` and `Origin::query()` return `&RawStr`, not `&str`.

Codegen
  * Preserve more spans in `uri!` macro.
  * Preserve spans `FromForm` field types.
  * All dynamic parameters in a query string must typecheck as `FromForm`.
  * `FromFormValue` derive removed; `FromFormField` added.
  * The `form` `FromForm` and `FromFormField` field attribute is now named
    `field`. `#[form(field = ..)]` is now `#[field(name = ..)]`.

Contrib
  * `Json` implements `FromForm`.
  * `MsgPack` implements `FromForm`.
  * The `json!` macro is exported as `rocket_contrib::json::json!`.
  * Added clarifying docs to `StaticFiles`.

Examples
  * `form_validation` and `form_kitchen_sink` removed in favor of `forms`.
  * The `hello_world` example uses unicode in paths.
  * The `json` example only allocates as necessary.

Internal
  * Codegen uses new `exports` module with the following conventions:
    - Locals starts with `__` and are lowercased.
    - Rocket modules start with `_` and are lowercased.
    - `std` types start with `_` and are titlecased.
    - Rocket types are titlecased.
  * A `header` module was added to `http`, contains header types.
  * `SAFETY` is used as doc-string keyword for `unsafe` related comments.
  * The `Uri` parser no longer recognizes Rocket route URIs.
2021-03-04 01:51:21 -08:00
Jeb Rosen 87f03d3b26 Update UI tests for latest nightly and 'pear' error messages. 2021-02-26 22:15:37 -08:00
Sergio Benitez e325e2fce4 Fix soundness issue: make 'Formatter' panic-safe.
Fixes #1534.
2021-02-09 16:58:34 -08:00
Sergio Benitez 28976a5bd3 Preserve 'secret_key' in 'Config' provider data.
Also fixes emission of 'secret_key' warnings when 'secrets' feature is
disabled.

Resolves #1505.
Fixes #1510.
2021-01-13 16:01:39 -08:00
Jeb Rosen 92af8fca72 Update to 'tokio' 1.0, 'hyper' 0.14. 2021-01-13 15:22:16 -08:00