This commit changes the way Rocket parses form items. In particular, it now
(liberally) validates form strings, returning a Bad Request on malformed inputs
and Unprocessable Entity on bad parses.
The 'FormItems' iterator was modified to accomodate this. The iterator is now
initialized using 'from': 'FormItems::from(form_string)'. The iterator can be
queried to check for a complete parse using either 'completed()' or
'exhausted()', the latter of which will consume valid keys/values and return
true only if the entire string was consumed.
The 'FromForm' trait now takes a mutable borrow to a 'FormItems' iterator.
The 'Form' and 'FormForm' implementation for 'Form' were modified to use the new
iterfaces and check for 'exhausted' after a parse, returning a Bad Request error
if the iterator cannot be exhausted.
Resolves#46.
This commit changes the routing algorithm. In particular, it enforces
precise matching of formats. With this change, a route with a specified
format only matches requests that have the same format specified. A
route with no format specified matches any request's format. This is
contrast to the previous behavior, where a route without a specified
format would match requests regardless of their format or whether one
was specified.
This commit also changes the following:
* The return type of the 'content_type' method of 'Request' is now
'Option<ContentType>'.
* The 'ContentType' request guard forwards when the request has no
specified ContentType.
* The 'add_header' and 'replace_header' methods take the header
argument generically.
Closes#120.
A few interesting notes on this breakage:
* `Cookie` how has a lifetime. It should be `'static'` everywhere.
* The `SetCookie` header is no longer reexported.
* Instead, `Cookie` implements `Into<Header>` for Set-Cookie.
In #134, @tunz discovered that Rocket does not properly prevent path traversal
or local file inclusion attacks. The issue is caused by a failure to check for
some dangerous characters after decoding. In this case, the path separator '/'
was left as-is after decoding. As such, an attacker could construct a path with
containing any number of `..%2f..` sequences to traverse the file system.
This commit resolves the issue by ensuring that the decoded segment does not
contains any `/` characters. It further hardens the `FromSegments`
implementation by checking for additional risky characters: ':', '>', '<' as the
last character, and '\' on Windows. This is in addition to the already present
checks for '.' and '*' as the first character.
The behavior for a failing check has also changed. Previously, Rocket would skip
segments that contained illegal characters. In this commit, the implementation
instead return an error.
The `Error` type of the `PathBuf::FromSegment` implementations was changed to a
new `SegmentError` type that indicates the condition that failed.
Closes#134.
This commit also includes the following changes:
* `FromRequest` for `SocketAddr` implemented: extracts remote address.
* All built-in `FromRequest` implementations are documented.
* Request preprocessing overrides remote IP with value from X-Real-IP header.
* `MockRequest` allows setting the remote address with `remote()`.
Resolves#38.
* Add Config::new() and Config::build() for simpler Config creation.
* Add set_{param} methods to Config.
* Add ConfigBuilder type for easy building of configurations.
* Remove builder methods from Config.
* PartialEq in Config doesn't consider path or session key.
* Rocket::custom takes Config by value.
* Rocket::custom takes second (enable_logging) boolean argument.
* Rocket::custom properly sets the custom config as the active config.
This is a complete rework of `Responder`s and of the http backend in
general. This gets Rocket one step closer to HTTP library independence,
enabling many future features such as transparent async I/O, automatic
HEAD request parsing, pre/post hooks, and more.
Summary of changes:
* `Responder::response` no longer takes in `FreshHyperResponse`.
Instead, it returns a new `Response` type.
* The new `Response` type now encapsulates a full HTTP response. As a
result, `Responder`s now return it.
* The `Handler` type now returns an `Outcome` directly.
* The `ErrorHandler` returns a `Result`. It can no longer forward,
which made no sense previously.
* `Stream` accepts a chunked size parameter.
* `StatusCode` removed in favor of new `Status` type.
* `ContentType` significantly modified.
* New, lightweight `Header` type that plays nicely with `Response`.
This commit includes the following important API changes:
* The `form` route parameter has been removed.
* The `data` route parameter has been added.
* Forms are not handled via the `data` parameter and `Form` type.
* Removed the `data` parameter from `Request`.
* Added `FromData` conversion trate and default implementation.
* Added `DataOutcome` enum, which is the return type of `from_data`.
* 'FromData' is now used to automatically derive the `data` parameter.
* Moved `form` into `request` module.
* Removed `Failure::new` in favor of direct value construction.
This commit includes the following important package additions:
* Added a 'raw_upload' example.
* `manual_routes` example uses `Data` parameter.
* Now building and running tests with `--all-features` flag.
* All exmaples have been updated to latest API.
* Now using upstream Tera.
This commit includes the following important fixes:
* Any valid ident is now allowed in single-parameter route parameters.
* Lifetimes are now properly stripped in code generation.
* `FromForm` derive now works on empty structs.
Summary of changes:
* Request no longer has a lifetime parameter.
* Handler type now includes a `Data` parameter.
* Response is now an enum that is either `Complete` or `Forward`.
* Outcome enum is now one of: Success, Failure, Forward.
* Outcome::Foward for Responses must include StatusCode.
* Responders are now final: they cannot forward to requests. (!!)
* Responsers may only forward to catchers. (!!)
* Response no longer provides wrapping methods.
* Route is now cloneable.
This change is fundamental to enabling streaming requests.
Previously, a Request's only lifetime parameter referred to itself. This
causes many issues and is simply wrong. Instead, use `transmute` to make
the lifetime `static`. As long the contents inside Request don't move or
change, the references are valid. We keep the lifetime as a phantom in
`Request` for future use.
* All From* trait methods are now named like the trait.
* All From* traits have an associated Error type.
* Document all of the `form` module.
* Add codegen tests for auto-derived forms.
* The param parsing traits now live under Request.
Remove form_items function in favor of FormItems iterator.
Add specialized `bool` implementation of FromFormValue.
Add `&str` implementation of FromFormValue for debugging.
* Add content-type responsers for JSON, HTML, and plain text.
* Use content-type responders in content_type example.
* Conditionally create Request `from` HypRequest.
* Clean-up dispatching and handling in main rocket.
* Change Level enum to Logging Level and reexport.
* Allow users to set logging level before launch.
* Fix content_type example error handling.
* Percent decode params when user requests `String`.
The error function now takes in a "RoutingError" structure. The idea is that the
structure includes all of the information necessary for a user to processor the
error as they wish. This interface is very incomplete and may change. At a
minimum, the error structure should include:
1) The request that failed.
2) Why the request failed.
3) The chain of attempted route matches, if any.
4) Something else?
This means we have almost all of the infrastructure in place to properly use
ranked requests. At the moment, we only use this to allow user error handlers
when a responder fails. But, soon enough, we'll try the next highest ranked
route until there are no more matching routes. Yipee!
A few important things needs to get this to be 'right':
1a. Have a way to return a response with a status code.
1b. Use that mechanism in the default catchers.
2. Automatically fill in that code from the #[error] handler.
3. Have a way for a responder to say if responding succeeded.
4. Try next highest ranking route if responding with one handler fails.
Added `error` decorator and `errors` macro.
The current idea is that you can have "catchers" for all valid errors code (in
range [400, 500). At the moment, catchers are just request handlers, and the
decorator expected an empty function signature for the error handler. Obviously,
this is pretty useless. Not sure on what the API should be here. But, progress.
Oh, one more thing: who should handle forwarding a request to a catcher?
Probably not the router. So, the main Rocket should?
Here's the idea: under the `Rocket` namespace should live things critical to
writing simple Rocket apps: Request, Response, Error, etc. Nothing should be
nested more than one level deep. Only items required for more complex things
(implementing uncommon traits, etc.) should be nested one level deep.
This commit is the first attempt at realizing this.
There's something going on with Hyper. When a 303 (see other) response is sent
in response to a POST, the browser does a GET to the location header. Hyper
somehow misreads the method parameter here, resulting in a route failer.
I need to MITM the connection to see exactly what the browser is sending and
what Hyper is receiving to see who's wrong.
Experimented with the new impl specialization features of Rust. They work! But
they're not quite there yet. Specifically, I was able to specialize on
`Responder`, but when trying to remove the macro in `FromParam`, it didn't work.
See https://github.com/rust-lang/rust/issues/31844.