Commit Graph

423 Commits

Author SHA1 Message Date
Sergio Benitez
1516ca4fb6 Initial TLS support.
This commit introduces TLS support, provided by `rustls` and a fork of
`hyper-rustls`. TLS support is enabled via the `tls` feature and
activated when the `tls` configuration parameter is set. A new
`hello_tls` example illustrates its usage.

This commit also introduces more robust and complete configuration
settings via environment variables. In particular, quoted string,
array, and table (dictionaries) based configuration parameters can now
be set via environment variables.

Resolves #28.
2017-04-13 00:18:31 -07:00
Sergio Benitez
a2a0aab541 Depend on cookie >= 0.7.4 for ring bugfix. 2017-04-11 16:56:10 -07:00
Sergio Benitez
982997dbad Add Rocket::routes() method to get all routes. Add some internal benchmarks. 2017-04-05 01:19:33 -07:00
Sergio Benitez
f5ec470a7d Use the RawStr type for raw parameter strings.
This is a breaking change.

The `&str` type no longer implements `FromParam`. The `&RawStr` type
should be used in its place.
2017-03-31 00:18:58 -07:00
Sergio Benitez
cff9901940 Implement FromData for Vec<u8>. 2017-03-30 23:17:28 -07:00
Sergio Benitez
0c44e44641 Use the RawStr type for all form raw strings.
This is a breaking change.

This commit introduces `RawStr` to forms. In particular, after this
commit, the `&str` type no longer implements `FromFormValue`, and so it
cannot be used as a field in forms. Instad, the `&RawStr` can be used.

The `FormItems` iterator now returns an `(&RawStr, &RawStr)` pair.
2017-03-30 23:06:53 -07:00
Sergio Benitez
f57d984e2e New version: 0.2.4. 2017-03-30 19:56:12 -07:00
Sergio Benitez
10306c3b7e Clarify segment handling for '..'. 2017-03-30 18:15:36 -07:00
Sergio Benitez
df19ef74db Add RawStr::url_decode. 2017-03-30 18:15:15 -07:00
Sergio Benitez
709acf18a4 Initial implementation of RawStr. 2017-03-30 17:56:24 -07:00
Sergio Benitez
b49c89af7a Rename UncasedAscii and UncasedAsciiRef to Uncased and UncasedStr. 2017-03-30 15:38:51 -07:00
Sergio Benitez
d4b9360f57 Remove the '...' in the launch message. 2017-03-30 00:14:45 -07:00
Ryan Leckey
ff3193a22a Fix spelling in Method docs: ff -> if. 2017-03-29 23:50:12 -07:00
Sergio Benitez
cb21fbf6af Small typo: parse -> parsed. 2017-03-29 21:06:15 -07:00
Sergio Benitez
8f997a2a39 Rewrite some markdown for commonmark. 2017-03-29 19:05:49 -07:00
Sergio Benitez
7d48944080 Handle specificity based preferences in Accept. Allow 3 decimals in q parameter. 2017-03-29 18:18:30 -07:00
Sergio Benitez
b102a6a497 Implement FromRequest for Accept. 2017-03-29 04:21:18 -07:00
Sergio Benitez
c58ca894b7 Initial implementation of content negotiation via Accept.
This is a breaking change.

This commit changes the meaning of the `format` route attribute when
used on non-payload carrying requests (GET, HEAD, CONNECT, TRACE, and
OPTIONS) so that it matches against the preferred media type in the
`Accept` header of the request. The preferred media type is computed
according to the HTTP 1.1 RFC, barring a few specificty rules to come.
2017-03-29 04:08:53 -07:00
Sergio Benitez
fb29b37f30 Reorganize extra request state. Add 'accept' and 'accept_first' methods to Request. 2017-03-28 03:10:18 -07:00
Sergio Benitez
1fb1cdfc58 Use MediaType instead of ContentType for Route format. 2017-03-28 00:12:59 -07:00
Sergio Benitez
9160483554 A route with unspecified query parameters accepts any.
This is a breaking change. It modifies collisions with respect to query
parameters as well as the default ranking of routes.

A route that does not specify query parameters will now match against
requests with _and without_ query parameters, assuming all other
elements of the route match as well. A route that _does_ specify query
parameters will only match requests with query parameters; this remains
true.

To accommodate this change in the most natural manner possible, the
default rankings of routes have changed as illustrated below:

  |-------------+-------+----------+---------------|
  | static path | query | new rank | previous rank |
  |-------------+-------+----------+---------------|
  | yes         | yes   | -4       | 0             |
  | yes         | no    | -3       | 0             |
  | no          | yes   | -2       | 1             |
  | no          | no    | -1       | 1             |
  |-------------+-------+----------+---------------|

In other words, the most specific routes, with preference for paths over
queries, are ranked highest (lower number).
2017-03-27 03:52:26 -07:00
Sergio Benitez
c09644b270 Add the Accept ContentType structure. 2017-03-27 01:53:45 -07:00
Sergio Benitez
13359d4f50 Reformulate ContentType as a wrapper around MediaType. 2017-03-23 22:41:42 -07:00
Sergio Benitez
d2c49e02c3 Fix 'Response::join' docs. 2017-03-23 03:56:02 -07:00
Sergio Benitez
e006f3f83e Spruce up MediaType docs. Use new Pear features in MediaType parser. 2017-03-23 03:28:53 -07:00
Sergio Benitez
09550b6e7c New version: 0.2.3. 2017-03-22 19:47:52 -07:00
Sergio Benitez
22062d1bbe Remove spurious new line. 2017-03-22 18:57:14 -07:00
Sergio Benitez
ae201b1577 Remove pub_restricted feature: it's stable! 2017-03-21 20:34:01 -07:00
Sergio Benitez
7076ae3c1d Move parsing tests to parse module. 2017-03-21 20:30:56 -07:00
Sergio Benitez
d09b4138d9 Implement the (currently unused) MediaType struct. 2017-03-21 02:04:07 -07:00
Sergio Benitez
ec92046d3a Clarify that rocket::launch doesn't return on success. 2017-03-16 00:51:28 -07:00
Sergio Benitez
65da988962 Return a LaunchError from launch when launching fails.
This is a (minor) breaking change. If `rocket.launch()` is the last expression
in a function, the return type will change from `()` to `LaunchError`. A simple
workaround that preserves the previous functionality is to simply add a
semicolon after `launch()`: `rocket.launch();`.

resolves #34
2017-03-15 22:10:09 -07:00
Sergio Benitez
da157a061d Don't use hyper directly in request tests. 2017-03-15 20:30:07 -07:00
Alan Stoate
9d10aa2329 Update Catcher example: returns Status::NotFound on 404. 2017-03-15 19:39:22 -07:00
Sergio Benitez
ca30e5e901 Cleanup request tests; move into separate file. 2017-03-15 19:20:20 -07:00
Scott Schroeder
47fe659ebe Preserve multiple incoming header values. 2017-03-15 18:25:37 -07:00
Artem Biryukov
c465109fb4 Add get_slice and get_table methods to Config. 2017-03-08 15:31:43 -08:00
Josh Holmer
d43678c35e Add MsgPack implementation to contrib. 2017-03-08 15:12:00 -08:00
Ryan Leckey
4f704e95f2 Capitalize Rocket in Server response header. 2017-03-08 15:08:50 -08:00
Sergio Benitez
393225cedf Use ansi_term::Color, not Colour. 2017-03-08 15:08:13 -08:00
Sergio Benitez
63e89b04b4 Rename Session::add to Session::set.
Also set a default expiration of 3 hours for session cookies.
2017-03-08 14:25:58 -08:00
Sergio Benitez
4f8894f645 Don't allocate a String into after parsing a cookie. 2017-03-08 03:39:57 -08:00
Sergio Benitez
16cb7297ab Initial session support.
This commit includes the following additions:
  * A `session` example was added.
  * `Config::take_session_key` was removed.
  * If a `session_key` is not supplied, one is automatically generated.
  * The `Session` type implements signed, encrypted sessions.
  * A `Session` can be retrieved via its request guard.
2017-03-08 03:28:12 -08:00
Sergio Benitez
722ee93f8b Update to cookie 0.7. Use 256-bit session_keys.
This commit involves several breaking changes:
  * `session_key` config param must be a 256-bit base64 encoded string.
  * `FromRequest` is implemented for `Cookies`, not `Cookie`.
  * Only a single `Cookies` instance can be retrieved at a time.
  * `Config::take_session_key` returns a `Vec<u8>`.
  * `Into<Header>` is implemented for `&Cookie`, not `Cookie`.
2017-03-07 01:19:06 -08:00
Sergio Benitez
6be902162d New version: 0.2.2. 2017-02-26 18:31:15 -08:00
Sergio Benitez
d99de8e05b New version: 0.2.1. 2017-02-24 13:57:33 -08:00
Sergio Benitez
efbfbd1045 Add 'into_bytes' and 'into_inner' methods to Body. 2017-02-24 13:20:35 -08:00
Sergio Benitez
62a75cdde6 Use append_raw to ensure all headers are set.
Fixes #206.
2017-02-22 11:25:30 -08:00
Sergio Benitez
d89c2a0cb5 Presort routes instead of sorting on each route. 2017-02-18 00:23:20 -08:00
Michael Aaron Murphy
4161949a1c Add webp, ttf, otf, woff, and woff2 as known Content-Types. 2017-02-17 19:13:45 -08:00
Sergio Benitez
d8afb4c7fa Implement Display and Error for ConfigError.
Closes #189.
2017-02-15 01:32:57 -08:00
Sergio Benitez
d8b90ebf5f Readd missing config address test. 2017-02-14 23:34:27 -08:00
Sergio Benitez
0c963da1fd Fix IPv6 address parsing and validation. 2017-02-14 23:10:36 -08:00
Sergio Benitez
1e1ff3bd23 Explicitly delete flash cookie so that path is set. 2017-02-08 23:53:29 -08:00
Sergio Benitez
3c8dd0fad8 Fix fallout from latest cargo nightly. 2017-02-08 00:55:22 -08:00
Sergio Benitez
46f753e128 Fix typo in manage docs: referes -> refers. 2017-02-06 10:40:43 -08:00
Sergio Benitez
c7db553286 New version: 0.2.0. 2017-02-06 05:35:19 -08:00
Sergio Benitez
20a548b11b Add percent_encode method to URI. 2017-02-06 03:41:12 -08:00
Sergio Benitez
ad8f55f64b Back to expressibility. 2017-02-05 20:21:57 -08:00
Sergio Benitez
0b69a5d8f7 Ensure routes with and without query params don't collide. 2017-02-05 01:43:53 -08:00
Sergio Benitez
e966925455 Use full URI in codegen routes; log query params in routes. 2017-02-05 01:34:48 -08:00
Sergio Benitez
8b39b88e46 We're searching for expressiveness. 2017-02-03 19:21:19 -08:00
Sergio Benitez
391628dea9 Fix broken link to IntoValue. 2017-02-03 17:15:29 -08:00
Sergio Benitez
0e82eb0b31 Fixup forms documentation for new features. 2017-02-03 16:56:29 -08:00
Sergio Benitez
aefa2f1494 Use pub(crate) to enforce doc(hidden). 2017-02-03 02:17:06 -08:00
Sergio Benitez
bf1b9e76fd Tweak http module docs. 2017-02-03 01:27:41 -08:00
Sergio Benitez
a8356de183 Fully document config module. Deprecate Config::{set, default_for}. 2017-02-03 01:15:01 -08:00
Sergio Benitez
5abb8d99b4 Clarify manage method docs. 2017-02-02 18:16:57 -08:00
Sergio Benitez
988236f272 Add documentation for State request guard. 2017-02-02 18:01:00 -08:00
Sergio Benitez
a9c3b8a919 Silence warnings during testing. 2017-02-02 02:16:21 -08:00
Garrett Squire
11e90f525f Update status code for form processing failure. 2017-02-01 18:29:29 -08:00
Sergio Benitez
ed429cd487 Change FromForm signature. Emit 422 form errors on bad form strings.
This commit changes the way Rocket parses form items. In particular, it now
(liberally) validates form strings, returning a Bad Request on malformed inputs
and Unprocessable Entity on bad parses.

The 'FormItems' iterator was modified to accomodate this. The iterator is now
initialized using 'from': 'FormItems::from(form_string)'. The iterator can be
queried to check for a complete parse using either 'completed()' or
'exhausted()', the latter of which will consume valid keys/values and return
true only if the entire string was consumed.

The 'FromForm' trait now takes a mutable borrow to a 'FormItems' iterator.

The 'Form' and 'FormForm' implementation for 'Form' were modified to use the new
iterfaces and check for 'exhausted' after a parse, returning a Bad Request error
if the iterator cannot be exhausted.

Resolves #46.
2017-02-01 18:22:51 -08:00
Sergio Benitez
cc22836867 Precisely route formats. Make 'content_type' an 'Option' in 'Request'.
This commit changes the routing algorithm. In particular, it enforces
precise matching of formats. With this change, a route with a specified
format only matches requests that have the same format specified. A
route with no format specified matches any request's format. This is
contrast to the previous behavior, where a route without a specified
format would match requests regardless of their format or whether one
was specified.

This commit also changes the following:
  * The return type of the 'content_type' method of 'Request' is now
    'Option<ContentType>'.
  * The 'ContentType' request guard forwards when the request has no
    specified ContentType.
  * The 'add_header' and 'replace_header' methods take the header
    argument generically.

Closes #120.
2017-02-01 03:12:24 -08:00
Sergio Benitez
3235e1e5e6 Make 'false' the default value for bools in forms. 2017-02-01 00:12:11 -08:00
Sergio Benitez
35bbb8b60b Use 'to_string' to format Hyper headers. 2017-01-31 17:32:35 -08:00
Sergio Benitez
374593c2f0 Use 'ContentType::Plain' for 'String' responses.
Resolves #49.
2017-01-31 02:43:19 -08:00
Sergio Benitez
724446cda4 Add categories to Cargo.toml. 2017-01-31 02:01:51 -08:00
Sergio Benitez
06a7317fd9 Update to Hyper 0.10. Use cookie crate directly.
A few interesting notes on this breakage:

  * `Cookie` how has a lifetime. It should be `'static'` everywhere.
  * The `SetCookie` header is no longer reexported.
  * Instead, `Cookie` implements `Into<Header>` for Set-Cookie.
2017-01-26 23:08:15 -08:00
Sergio Benitez
0a0b64b9b6 New version: 0.1.6. 2017-01-26 11:26:50 -08:00
Sergio Benitez
466b58970e Pin Hyper to 0.9.14 due to non-semver breaking change. 2017-01-26 11:11:43 -08:00
Sergio Benitez
c815911705 Introduce Managed State. 2017-01-20 23:17:28 -08:00
Giovanni Capuano
9ef65a8c91 Don't use any features from toml crate. 2017-01-20 16:38:50 -08:00
Sergio Benitez
72b91dfa41 Use shorthand version for hyper dependency. 2017-01-20 16:36:55 -08:00
Ernestas Poskus
59b7cb006f Add SVG as a known Content-Type. 2017-01-19 12:29:39 -08:00
Sergio Benitez
cf82469c52 Document encoding behavior for FormItems. 2017-01-15 02:21:28 -08:00
Sergio Benitez
bb295dc230 Extend FormFormValue docs with details and built-in impls.
Closes #129.
2017-01-15 02:05:17 -08:00
Sergio Benitez
307469dc3a Refuse to build on non-nightly with a nice message. 2017-01-15 01:16:47 -08:00
Sergio Benitez
08278e8f0e New version: 0.1.5. 2017-01-14 08:45:03 -08:00
Eijebong
1398626710 Fix typo in Redirect documentation. 2017-01-14 07:58:28 -08:00
Sergio Benitez
d4d5c5dd29 Override config parameters via environment variables.
Resolves #37.
2017-01-14 07:55:08 -08:00
Sergio Benitez
4bc5c20a45 Fix security checks in PathBuf::FromSegments.
In #134, @tunz discovered that Rocket does not properly prevent path traversal
or local file inclusion attacks. The issue is caused by a failure to check for
some dangerous characters after decoding. In this case, the path separator '/'
was left as-is after decoding. As such, an attacker could construct a path with
containing any number of `..%2f..` sequences to traverse the file system.

This commit resolves the issue by ensuring that the decoded segment does not
contains any `/` characters. It further hardens the `FromSegments`
implementation by checking for additional risky characters: ':', '>', '<' as the
last character, and '\' on Windows. This is in addition to the already present
checks for '.' and '*' as the first character.

The behavior for a failing check has also changed. Previously, Rocket would skip
segments that contained illegal characters. In this commit, the implementation
instead return an error.

The `Error` type of the `PathBuf::FromSegment` implementations was changed to a
new `SegmentError` type that indicates the condition that failed.

Closes #134.
2017-01-13 13:25:33 -08:00
Sergio Benitez
41aecc3e7f Expose the remote address via remote() in Request.
This commit also includes the following changes:

  * `FromRequest` for `SocketAddr` implemented: extracts remote address.
  * All built-in `FromRequest` implementations are documented.
  * Request preprocessing overrides remote IP with value from X-Real-IP header.
  * `MockRequest` allows setting the remote address with `remote()`.

Resolves #38.
2017-01-13 07:50:51 -08:00
Sergio Benitez
c6fbc44888 Add TODO about improving builder finalize error. 2017-01-12 02:43:00 -08:00
Sergio Benitez
ddda8fe79b Add workers config parameter. 2017-01-12 02:38:14 -08:00
Sergio Benitez
fb24ee315c Overhaul configuration and custom ignition.
* Add Config::new() and Config::build() for simpler Config creation.
  * Add set_{param} methods to Config.
  * Add ConfigBuilder type for easy building of configurations.
  * Remove builder methods from Config.
  * PartialEq in Config doesn't consider path or session key.
  * Rocket::custom takes Config by value.
  * Rocket::custom takes second (enable_logging) boolean argument.
  * Rocket::custom properly sets the custom config as the active config.
2017-01-11 18:35:09 -08:00
Dru Sellers
a6084ab3e2 Change the type for port to u16 in config. 2017-01-09 16:48:27 -08:00
Sergio Benitez
e230ce9b95 Don't overwrite catcher response status if it is set.
Resolves #113.
2017-01-06 01:32:43 -06:00
Sergio Benitez
21a1bde7c0 Add Header methods to get name and value as strs. 2017-01-06 01:03:08 -06:00
Sergio Benitez
6165a6705c Add more comments on dispatch logic. 2017-01-06 00:42:24 -06:00
Sergio Benitez
8f8dde812d Remove unnecessary fields in Redirect Response. 2017-01-06 00:42:10 -06:00
Sergio Benitez
042dcadf43 Expose DataStream directly to allow for stream composition. 2017-01-05 15:13:13 -06:00
Sergio Benitez
069f09cb7e Make 'cargo test' work without '--all-features'. 2017-01-05 14:51:00 -06:00
Sergio Benitez
2da08a975c Make Content-Type case-preserving; add 'params' method. 2017-01-05 02:14:44 -06:00
Sergio Benitez
855d9b7b00 New version: 0.1.4. 2017-01-04 11:18:49 -06:00
Sergio Benitez
24805bbf16 Treat header names as case-preserving in HeaderMap.
Fixes #92.
2017-01-02 21:33:36 -06:00
Sergio Benitez
82f6f78189 Add UncasedAscii{Ref} type(s) that are case-preserving strings. 2017-01-02 21:32:29 -06:00
Sergio Benitez
6fdc6f025f New version: 0.1.3. 2016-12-31 01:31:11 -06:00
Liigo Zhuang
0af01abe5f Fix decoding of String form values.
@liigo originated a fix and found the problem in #82.
2016-12-31 01:06:22 -06:00
Sergio Benitez
83bbea7d4a Fix decoding of form value Strings. 2016-12-31 00:48:31 -06:00
Greg Edwards
d19cb0349c Only override request methods via '_method' on POST. 2016-12-31 00:00:47 -06:00
Sergio Benitez
a1878ad080 Properly resolve dynamic segments, take 2.
Fixes #86.
2016-12-30 23:51:23 -06:00
Sergio Benitez
1f373cc83a Rename 'content_type' Route field to 'format'. 2016-12-30 20:15:28 -06:00
Sergio Benitez
20f13f0bc1 Add CSV as a known Content-Type. 2016-12-27 15:42:27 -06:00
Sergio Benitez
1e3f1961cd Remove unnecessary new line.
(really just trying to trigger Travis)
2016-12-26 18:46:14 -06:00
Sergio Benitez
2299a3e5a6 Don't depend on path separator in segments tests. 2016-12-26 17:18:15 -06:00
Sergio Benitez
71419933a5 Ignore _method field in derived FromForm.
Fixes #45.
2016-12-26 02:41:57 -06:00
Sean Griffin
eb8d973abd Fix typo in Outcome formatting: Succcess -> Success. 2016-12-25 21:37:06 -06:00
Sergio Benitez
fb7a756cf1 New version: 0.1.2. 2016-12-24 14:15:00 -08:00
Sergio Benitez
9cebab5037 Fix get_raw_segments index argument in route codegen.
Fixes #41.
2016-12-24 11:58:24 -08:00
Sergio Benitez
14f79c3733 New version: 0.1.1. NamedFile hotfix. 2016-12-23 12:30:44 -08:00
Sergio Benitez
591963106e Update NamedFile documentation. 2016-12-23 12:02:17 -08:00
Sergio Benitez
16f70480f5 Actually send the file via NamedFile. 2016-12-23 11:51:11 -08:00
Sergio Benitez
a94fcf41db New version: 0.1.0. First public release! 2016-12-23 05:03:07 -08:00
Sergio Benitez
22a058d2d5 Add Cargo metadata to contrib and codegen crates. 2016-12-23 04:20:46 -08:00
Sergio Benitez
25a4469791 Add Cargo metadata for packaging. 2016-12-23 03:36:26 -08:00
Sergio Benitez
12302bcadb Document default FromParam impls. 2016-12-23 02:39:34 -08:00
Sergio Benitez
7d97bf04ea Prepend http:// to address:port in launch message. 2016-12-22 05:27:23 -08:00
Sergio Benitez
595cc5be57 Emit warning about disabled session keys. 2016-12-22 01:29:58 -08:00
Sergio Benitez
76073718c7 New version: 0.1.0 release candidate. 2016-12-22 00:05:05 -08:00
Sergio Benitez
2dc1ba29f0 Adds tests for JSON example. Emit warning from JSON FromData.
This also includes a tiny change to the `mk-docs` script to build a
blank index at the root of the docs.
2016-12-21 22:56:58 -08:00
Sergio Benitez
b9742c1202 Fix broken links in docs. 2016-12-21 01:33:45 -08:00
Sergio Benitez
80632689f4 Document Request. 2016-12-21 01:30:45 -08:00
Sergio Benitez
dedf5094fe Remove URIBuf. 2016-12-21 00:20:14 -08:00
Sergio Benitez
62fe734492 URI uses Cow iternally. 2016-12-21 00:09:22 -08:00
Sergio Benitez
f3b7b7db5e Add example for FromData. 2016-12-20 18:07:14 -08:00
Sergio Benitez
c61e40f5a3 Document config ParsingError. 2016-12-20 17:27:46 -08:00
Sergio Benitez
0acb9eab83 Document Response. Update Config tests. 2016-12-20 17:27:31 -08:00
Sergio Benitez
6e2913fc5c Cleanup Responder documentation. 2016-12-20 13:40:02 -08:00
Sergio Benitez
abdb8c2aa1 Document ResponseBuilder. 2016-12-19 23:29:20 -08:00
Sergio Benitez
d44c61f1af Redocument ContentType. 2016-12-19 20:40:21 -08:00
Sergio Benitez
ddbd7966f7 Document Body. Derive Clone/Copy/PartialEq appropriately in response module. 2016-12-19 20:10:24 -08:00
Sergio Benitez
1851187a2d Reword http module documentation. 2016-12-19 19:50:27 -08:00
Sergio Benitez
f101069610 Document Status and StatusClass. 2016-12-19 19:46:49 -08:00
Sergio Benitez
3414266a8a Document Header and HeaderMap. 2016-12-19 18:04:31 -08:00
Sergio Benitez
8d8d504b59 Document Config. Cleaner lib/handler docs. 2016-12-19 16:51:59 -08:00
Sergio Benitez
dd7e95b3c5 Panic on illegal, dynamic mount points. 2016-12-17 10:51:44 -08:00
Sergio Benitez
f1c7d3e27c Minor code improvements via clippy. 2016-12-17 09:18:30 -08:00
Sergio Benitez
d39c47aaf2 Hyper has merged Rocket changes. Update to mainline. 2016-12-16 15:48:16 -08:00
Sergio Benitez
e2fcd75325 Use forked compiletest for latest nightly. 2016-12-16 15:14:11 -08:00
Sergio Benitez
2e25ce04dc Automatically handle HEAD requests. 2016-12-16 05:17:16 -08:00