This completes the migration of custom derives to proc-macros, removing
the need for the `custom_derive` feature in consumer code. This commit
also includes documentation, unit tests, and compile UI tests for each
of the derives.
Additionally, this commit improves the existing `FromForm` and
`FromFormValue` derives. The generated code for `FromForm` now returns
an error value indicating the error condition. The `FromFormValue`
derive now accepts a `form` attribute on variants for specifying the
exact value string to match against.
Closes#590.
Closes#670.
This is fairly large commit with several entangled logical changes.
The primary change in this commit is to completely overhaul how URI
handling in Rocket works. Prior to this commit, the `Uri` type acted as
an origin API. Its parser was minimal and lenient, allowing URIs that
were invalid according to RFC 7230. By contrast, the new `Uri` type
brings with it a strict RFC 7230 compliant parser. The `Uri` type now
represents any kind of valid URI, not simply `Origin` types. Three new
URI types were introduced:
* `Origin` - represents valid origin URIs
* `Absolute` - represents valid absolute URIs
* `Authority` - represents valid authority URIs
The `Origin` type replaces `Uri` in many cases:
* As fields and method inputs of `Route`
* The `&Uri` request guard is now `&Origin`
* The `uri!` macro produces an `Origin` instead of a `Uri`
The strict nature of URI parsing cascaded into the following changes:
* Several `Route` methods now `panic!` on invalid URIs
* The `Rocket::mount()` method is (correctly) stricter with URIs
* The `Redirect` constructors take a `TryInto<Uri>` type
* Dispatching of a `LocalRequest` correctly validates URIs
Overall, URIs are now properly and uniformly handled throughout Rocket's
codebase, resulting in a more reliable and correct system.
In addition to these URI changes, the following changes are also part of
this commit:
* The `LocalRequest::cloned_dispatch()` method was removed in favor of
chaining `.clone().dispatch()`.
* The entire Rocket codebase uses `crate` instead of `pub(crate)` as a
visibility modifier.
* Rocket uses the `crate_visibility_modifier` and `try_from` features.
A note on unsafety: this commit introduces many uses of `unsafe` in the
URI parser. All of these uses are a result of unsafely transforming byte
slices (`&[u8]` or similar) into strings (`&str`). The parser ensures
that these casts are safe, but of course, we must label their use
`unsafe`. The parser was written to be as generic and efficient as
possible and thus can parse directly from byte sources. Rocket, however,
does not make use of this fact and so would be able to remove all uses
of `unsafe` by parsing from an existing `&str`. This should be
considered in the future.
Fixes#443.
Resolves#263.
The directory structure has changed to better isolate crates serving
core and contrib. The new directory structure is:
contrib/
lib/ - the contrib library
core/
lib/ - the core Rocket library
codegen/ - the "compile extension" codegen library
codegen_next/ - the new proc-macro library
examples/ - unchanged
scripts/ - unchanged
site/ - unchanged
This commit also removes the following files:
appveyor.yml - AppVeyor (Rust on Windows) is far too spotty for use
rustfmt.toml - rustfmt is, unfortunately, not mature enough for use
Finally, all example Cargo crates were marked with 'publish = false'.
The 'codegen_next' crate will eventually be renamed 'codegen'. It
contains procedural macros written with the upcoming 'proc_macro' APIs,
which will eventually be stabilized. All compiler extensions in the
present 'codegen' crate will be rewritten as procedural macros and moved
to the 'codegen_next' crate.
At present, macros from 'codegen_next' are exported from the core
`rocket` crate automatically. In the future, we may wish to feature-gate
this export to allow using Rocket's core without codegen.
Resolves#16.
This completes the effort started in #431, allowing for direct
customization of the underlying templating engines of 'Template'.
Resolves#64. Closes#234. Closes#431. Closes#500.
The latest version of `rustls` acts on the SNI extension to TLS without
the apparent ability to disable the behavior. `rustls` requires that the
server's certificate match the client's requested server. The matching
is done by looking at DNS names in the `subjectAltName` extension and
checking if the requested server name is present. Since the certificate
in the `tls` example did not have the `subjectAltName` extension, this
check always failed, and the TLS connection was aborted. This commit
adds the extension to the certificate with a DNS name of `localhost`,
ensuring that TLS succeeds on `localhost`.
Prior to this commit, a 'json!' invocation returned a value of type
'Value' from 'serde_json'. Because 'Value' does not implement
'Responder', most uses of 'json!' were wrapped in 'Json':
'Json(json!(..))`. By returning a crate-local 'JsonValue' type that
implements 'Responder', this repetition is resolved, and a 'json!' can
appear unwrapped.
This commit also removes the reexport of 'Value' from 'rocket_contrib'
as well as the default type of 'Value' for 'T' in 'Json<T>'.
Rust's linting API is incredibly unstable, resulting in unnecessary
breakage to `rocket_codegen`. Rocket's lints are also not as
conservative as would be desired, resulting in spurious warnings. For
these reasons, this commit removes linting from `rocket_codegen`.
These lints will likely be reintroduced as part of a 'rocket_lints'
crate. Factoring the lints out to a separate crate means that lint
breakage can be dealt with by uncommenting the dependency instead of
waiting for a new release or backtracking nightlies. In the same vein,
it will likely improve stability of the 'rocket_codegen' crate.
The 'try' impl for 'Outcome' allows the '?' operator to be used with
'Outcome' values. This is likely to make 'FromRequest' and 'FromData'
implementations more ergonomic.
This commit also expands the 'IntoOutcome' trait. It is now
implemented for 'Option'. It also now includes an additional
'or_forward' method.
Sessions
--------
This commit removes the `Session` type in favor of methods on the
`Cookies` types that allow for adding, removing, and getting private
(signed and encrypted) cookies. These methods provide a superset of
the functionality of `Session` while also being a minimal addition to
the existing API. They can be used to implement the previous `Session`
type as well as other forms of session storage. The new methods are:
* Cookie::add_private(&mut self, Cookie)
* Cookie::remove_private(&mut self, Cookie)
* Cookie::get_private(&self, &str)
Resolves#20
Testing
-------
This commit removes the `rocket::testing` module. It adds the
`rocket::local` module which provides a `Client` type for local
dispatching of requests against a `Rocket` instance. This `local`
package subsumes the previous `testing` package.
Rocket Examples
---------------
The `forms`, `optional_result`, and `hello_alt_methods` examples have
been removed. The following example have been renamed:
* extended_validation -> form_validation
* hello_ranks -> ranking
* from_request -> request_guard
* hello_tls -> tls
Other Changes
-------------
This commit also includes the following smaller changes:
* Config::{development, staging, production} constructors have been
added for easier creation of default `Config` structures.
* The `Config` type is exported from the root.
* `Request` implements `Clone` and `Debug`.
* `Request::new` is no longer exported.
* A `Response::body_bytes` method was added to easily retrieve a
response's body as a `Vec<u8>`.
This commit also adds the `base` field to `Route` which allows the
base mount point to be retrieved. Finally, this commits adds an
implementation of `FromRequest` for `Route` which returns the active
route if one is available or forwards otherwise.
This commit is a breaking change: it makes `Request` and `MockRequest`
invariant over the lifetime `'r`. While this shouldn't affect most
applications, it may affect some.
Resolves#108.
This commit includes two major changes to core:
1. Configuration state is no longer global. The `config::active()`
function has been removed. The active configuration can be
retrieved via the `config` method on a `Rocket` instance.
2. The `Responder` trait has changed. `Responder::respond(self)` has
been removed in favor of `Responder::respond_to(self, &Request)`.
This allows responders to dynamically adjust their response based
on the incoming request.
Additionally, it includes the following changes to core and codegen:
* The `Request::guard` method was added to allow for simple
retrivial of request guards.
* The `Request::limits` method was added to retrieve configured
limits.
* The `File` `Responder` implementation now uses a fixed size body
instead of a chunked body.
* The `Outcome::of<R: Responder>(R)` method was removed while
`Outcome::from<R: Responder(&Request, R)` was added.
* The unmounted and unmanaged limits are more cautious: they will only
emit warnings when the `Rocket` receiver is known.
This commit includes one major change to contrib:
1. To use contrib's templating, the fairing returned by
`Template::fairing()` must be attached to the running Rocket
instance.
Additionally, the `Display` implementation of `Template` was removed. To
directly render a template to a `String`, the new `Template::show`
method can be used.
Modifying the `Rocket` structure just before launch doesn't make sense for
several reasons: 1) those affects can't influence the launch, and 2) they won't
be observed in tests. Thus, an `Attach` fairing kind was added that ameliorates
these issues.
This is a breaking change.
The `testing` feature no longer exists. Testing structures can now be
accessed without any features enabled.
Prior to this change, Rocket would panic when draining from a network
stream failed. With this change, Rocket force closes the stream on any
error.
This change also ensures that the `Fairings` launch output only prints
if at least one fairing has been attached.
This is a breaking change. A call to `Response::headers()` can be
replaced with `Response::headers().iter()`. A call to
`Response::header_values()` can be replaced with
`Response::headers().get()`.
This commit introduces TLS support, provided by `rustls` and a fork of
`hyper-rustls`. TLS support is enabled via the `tls` feature and
activated when the `tls` configuration parameter is set. A new
`hello_tls` example illustrates its usage.
This commit also introduces more robust and complete configuration
settings via environment variables. In particular, quoted string,
array, and table (dictionaries) based configuration parameters can now
be set via environment variables.
Resolves#28.
This is a breaking change.
This commit introduces `RawStr` to forms. In particular, after this
commit, the `&str` type no longer implements `FromFormValue`, and so it
cannot be used as a field in forms. Instad, the `&RawStr` can be used.
The `FormItems` iterator now returns an `(&RawStr, &RawStr)` pair.
This is a breaking change.
This commit changes the meaning of the `format` route attribute when
used on non-payload carrying requests (GET, HEAD, CONNECT, TRACE, and
OPTIONS) so that it matches against the preferred media type in the
`Accept` header of the request. The preferred media type is computed
according to the HTTP 1.1 RFC, barring a few specificty rules to come.
This is a breaking change. It modifies collisions with respect to query
parameters as well as the default ranking of routes.
A route that does not specify query parameters will now match against
requests with _and without_ query parameters, assuming all other
elements of the route match as well. A route that _does_ specify query
parameters will only match requests with query parameters; this remains
true.
To accommodate this change in the most natural manner possible, the
default rankings of routes have changed as illustrated below:
|-------------+-------+----------+---------------|
| static path | query | new rank | previous rank |
|-------------+-------+----------+---------------|
| yes | yes | -4 | 0 |
| yes | no | -3 | 0 |
| no | yes | -2 | 1 |
| no | no | -1 | 1 |
|-------------+-------+----------+---------------|
In other words, the most specific routes, with preference for paths over
queries, are ranked highest (lower number).
This is a (minor) breaking change. If `rocket.launch()` is the last expression
in a function, the return type will change from `()` to `LaunchError`. A simple
workaround that preserves the previous functionality is to simply add a
semicolon after `launch()`: `rocket.launch();`.
resolves#34
This commit includes the following additions:
* A `session` example was added.
* `Config::take_session_key` was removed.
* If a `session_key` is not supplied, one is automatically generated.
* The `Session` type implements signed, encrypted sessions.
* A `Session` can be retrieved via its request guard.
This commit involves several breaking changes:
* `session_key` config param must be a 256-bit base64 encoded string.
* `FromRequest` is implemented for `Cookies`, not `Cookie`.
* Only a single `Cookies` instance can be retrieved at a time.
* `Config::take_session_key` returns a `Vec<u8>`.
* `Into<Header>` is implemented for `&Cookie`, not `Cookie`.
This commit changes the routing algorithm. In particular, it enforces
precise matching of formats. With this change, a route with a specified
format only matches requests that have the same format specified. A
route with no format specified matches any request's format. This is
contrast to the previous behavior, where a route without a specified
format would match requests regardless of their format or whether one
was specified.
This commit also changes the following:
* The return type of the 'content_type' method of 'Request' is now
'Option<ContentType>'.
* The 'ContentType' request guard forwards when the request has no
specified ContentType.
* The 'add_header' and 'replace_header' methods take the header
argument generically.
Closes#120.
* The `unmanaged_state` lint emits a warning when a `State<T>` request
guard is used without an accompanying `manage` call for `T`.
* The `unmounted_route` lint emits a warning when a route declared via
a Rocket attribute is not mounted via a call to `mount`.
There is one known shortcoming of these lints at present: _any_ call to
`manage` or `mount` marks state/routes as managed/mounted. This can be
an issue when an application uses more than one `Rocket` instance, with
different calls to `mount` and `manage` in each. The lints should
perform their analyses on a per-instance basis.
A few interesting notes on this breakage:
* `Cookie` how has a lifetime. It should be `'static'` everywhere.
* The `SetCookie` header is no longer reexported.
* Instead, `Cookie` implements `Into<Header>` for Set-Cookie.
Sergio Benitez
jeb
Christophe Courtaut
Eric Dattore
Sean Stangl
Ville Hakulinen
Ashley Williams
David Darrell
Kyle Clemens
Eric Dattore
Donald Robertson
calhilcaw
Ning Sun
lerina
Lucas Kolstad
Rolf Sievers
Katrina Brock
Anton Pirker
Lance Carlson
Stephan Buys
Fabrice Desré
aStoate
Josh Holmer
mikejiang
Crazy-Owl
Garrett Squire
Lori Holden