Commit Graph

106 Commits

Author SHA1 Message Date
Sergio Benitez 9b7f58448a New version: 0.2.5. 2017-04-16 14:29:04 -07:00
Sergio Benitez 8a789c5d04 Update minimum nightly version in codegen. 2017-04-16 14:23:34 -07:00
Sergio Benitez 08fbe06b10 Fix lints for latest nightly. 2017-04-16 14:13:18 -07:00
Sergio Benitez 2e54a1f74d Don't use &str where RawStr is now preferred. 2017-04-14 00:43:57 -07:00
Sergio Benitez 5259e3fd5c Disallow invalid form field names. 2017-04-04 17:00:48 -07:00
Sergio Benitez 7c19bf784d Allow form field renaming via #[form(field = "name")] attribute. 2017-04-03 19:06:30 -07:00
Sergio Benitez 351658801e Allow unreachable_code in generated route functions for new ! error types. 2017-04-03 16:46:13 -07:00
Sergio Benitez f5ec470a7d Use the `RawStr` type for raw parameter strings.
This is a breaking change.

The `&str` type no longer implements `FromParam`. The `&RawStr` type
should be used in its place.
2017-03-31 00:18:58 -07:00
Sergio Benitez 0c44e44641 Use the `RawStr` type for all form raw strings.
This is a breaking change.

This commit introduces `RawStr` to forms. In particular, after this
commit, the `&str` type no longer implements `FromFormValue`, and so it
cannot be used as a field in forms. Instad, the `&RawStr` can be used.

The `FormItems` iterator now returns an `(&RawStr, &RawStr)` pair.
2017-03-30 23:06:53 -07:00
Sergio Benitez f57d984e2e New version: 0.2.4. 2017-03-30 19:56:12 -07:00
Sergio Benitez f7bc1ce24f Update codegen for latest nightly. 2017-03-30 19:56:12 -07:00
Sergio Benitez 1fb1cdfc58 Use MediaType instead of ContentType for Route format. 2017-03-28 00:12:59 -07:00
Sergio Benitez 13359d4f50 Reformulate ContentType as a wrapper around MediaType. 2017-03-23 22:41:42 -07:00
Sergio Benitez 09550b6e7c New version: 0.2.3. 2017-03-22 19:47:52 -07:00
Sergio Benitez bf67a32cd9 Update minimum rustc version for codegen. 2017-03-22 18:57:46 -07:00
Sergio Benitez 7808ad1649 Update codegen for latest nightly. 2017-03-20 13:55:40 -07:00
Sergio Benitez 393225cedf Use ansi_term::Color, not Colour. 2017-03-08 15:08:13 -08:00
Sergio Benitez 722ee93f8b Update to cookie 0.7. Use 256-bit session_keys.
This commit involves several breaking changes:
  * `session_key` config param must be a 256-bit base64 encoded string.
  * `FromRequest` is implemented for `Cookies`, not `Cookie`.
  * Only a single `Cookies` instance can be retrieved at a time.
  * `Config::take_session_key` returns a `Vec<u8>`.
  * `Into<Header>` is implemented for `&Cookie`, not `Cookie`.
2017-03-07 01:19:06 -08:00
Sergio Benitez 6be902162d New version: 0.2.2. 2017-02-26 18:31:15 -08:00
Sergio Benitez 56a631d4ba Update codegen for latest nightly. 2017-02-26 18:26:02 -08:00
Sergio Benitez d99de8e05b New version: 0.2.1. 2017-02-24 13:57:33 -08:00
Sergio Benitez 7d2695d19f Use type index to find type span in unmanaged_state lint.
Fixes #179.
2017-02-08 00:56:17 -08:00
Sergio Benitez c7db553286 New version: 0.2.0. 2017-02-06 05:35:19 -08:00
Sergio Benitez 8eef42a256 Compile-time enforce paths as absolute, non-empty, valid segments. 2017-02-06 04:03:30 -08:00
Sergio Benitez 92f22ca63b Fix false positives in unmounted_routes lint due to 'launch'. 2017-02-05 02:11:32 -08:00
Sergio Benitez e966925455 Use full URI in codegen routes; log query params in routes. 2017-02-05 01:34:48 -08:00
Sergio Benitez ecd72f686e Record instances in lint from launch calls. 2017-02-04 13:52:23 -08:00
Sergio Benitez d23a0fa80a Move lint note message to correct spot. 2017-02-03 17:38:51 -08:00
Sergio Benitez a6c27b7243 Document codegen lints. 2017-02-02 23:06:35 -08:00
Sergio Benitez b69527c392 Reenable the options decorator. 2017-02-02 15:02:32 -08:00
Sergio Benitez 58678e53fb Update codegen for latest nightly. 2017-02-02 14:45:43 -08:00
Sergio Benitez d4eda278a2 Parallelize testing. Fix compiletest dependencies. 2017-02-02 00:41:47 -08:00
Sergio Benitez ed429cd487 Change FromForm signature. Emit 422 form errors on bad form strings.
This commit changes the way Rocket parses form items. In particular, it now
(liberally) validates form strings, returning a Bad Request on malformed inputs
and Unprocessable Entity on bad parses.

The 'FormItems' iterator was modified to accomodate this. The iterator is now
initialized using 'from': 'FormItems::from(form_string)'. The iterator can be
queried to check for a complete parse using either 'completed()' or
'exhausted()', the latter of which will consume valid keys/values and return
true only if the entire string was consumed.

The 'FromForm' trait now takes a mutable borrow to a 'FormItems' iterator.

The 'Form' and 'FormForm' implementation for 'Form' were modified to use the new
iterfaces and check for 'exhausted' after a parse, returning a Bad Request error
if the iterator cannot be exhausted.

Resolves #46.
2017-02-01 18:22:51 -08:00
Sergio Benitez 3235e1e5e6 Make 'false' the default value for bools in forms. 2017-02-01 00:12:11 -08:00
Sergio Benitez c0235d0cde Condense cases in 'def_id_opt'. 2017-01-31 17:38:25 -08:00
Sergio Benitez c1697509ba Improve lints: gather info on per-instance basis. 2017-01-31 02:01:30 -08:00
Sergio Benitez 4eaf9ba9c5 Add lints to catch unmanaged state and unmounted routes.
* The `unmanaged_state` lint emits a warning when a `State<T>` request
    guard is used without an accompanying `manage` call for `T`.

  * The `unmounted_route` lint emits a warning when a route declared via
    a Rocket attribute is not mounted via a call to `mount`.

There is one known shortcoming of these lints at present: _any_ call to
`manage` or `mount` marks state/routes as managed/mounted. This can be
an issue when an application uses more than one `Rocket` instance, with
different calls to `mount` and `manage` in each. The lints should
perform their analyses on a per-instance basis.
2017-01-29 01:13:52 -08:00
Sergio Benitez 0063f2524e Remove unused macro_use in codegen. 2017-01-27 00:06:16 -08:00
Sergio Benitez 0a0b64b9b6 New version: 0.1.6. 2017-01-26 11:26:50 -08:00
Sergio Benitez 307469dc3a Refuse to build on non-nightly with a nice message. 2017-01-15 01:16:47 -08:00
Sergio Benitez 08278e8f0e New version: 0.1.5. 2017-01-14 08:45:03 -08:00
Sergio Benitez 4bc5c20a45 Fix security checks in `PathBuf::FromSegments`.
In #134, @tunz discovered that Rocket does not properly prevent path traversal
or local file inclusion attacks. The issue is caused by a failure to check for
some dangerous characters after decoding. In this case, the path separator '/'
was left as-is after decoding. As such, an attacker could construct a path with
containing any number of `..%2f..` sequences to traverse the file system.

This commit resolves the issue by ensuring that the decoded segment does not
contains any `/` characters. It further hardens the `FromSegments`
implementation by checking for additional risky characters: ':', '>', '<' as the
last character, and '\' on Windows. This is in addition to the already present
checks for '.' and '*' as the first character.

The behavior for a failing check has also changed. Previously, Rocket would skip
segments that contained illegal characters. In this commit, the implementation
instead return an error.

The `Error` type of the `PathBuf::FromSegment` implementations was changed to a
new `SegmentError` type that indicates the condition that failed.

Closes #134.
2017-01-13 13:25:33 -08:00
Sergio Benitez b109bb41ff One more clippy warning (in FromForm derive). 2017-01-09 20:45:34 -08:00
Josh Holmer 59043e262a Fix more codegen clippy warnings. 2017-01-09 20:33:54 -08:00
Josh Holmer 17bbd41f73 Fix clippy warnings caused by codegen. 2017-01-09 17:36:47 -08:00
Sergio Benitez e230ce9b95 Don't overwrite catcher response status if it is set.
Resolves #113.
2017-01-06 01:32:43 -06:00
Sergio Benitez 2da08a975c Make Content-Type case-preserving; add 'params' method. 2017-01-05 02:14:44 -06:00
Sergio Benitez 855d9b7b00 New version: 0.1.4. 2017-01-04 11:18:49 -06:00
Sergio Benitez b202fb9748 Update codegen for 2017-01-03 nightly. 2017-01-04 11:18:22 -06:00
Sergio Benitez 6fdc6f025f New version: 0.1.3. 2016-12-31 01:31:11 -06:00