Sergio Benitez
08278e8f0e
New version: 0.1.5.
2017-01-14 08:45:03 -08:00
Eijebong
1398626710
Fix typo in Redirect
documentation.
2017-01-14 07:58:28 -08:00
Sergio Benitez
d4d5c5dd29
Override config parameters via environment variables.
...
Resolves #37 .
2017-01-14 07:55:08 -08:00
Sergio Benitez
4bc5c20a45
Fix security checks in PathBuf::FromSegments
.
...
In #134 , @tunz discovered that Rocket does not properly prevent path traversal
or local file inclusion attacks. The issue is caused by a failure to check for
some dangerous characters after decoding. In this case, the path separator '/'
was left as-is after decoding. As such, an attacker could construct a path with
containing any number of `..%2f..` sequences to traverse the file system.
This commit resolves the issue by ensuring that the decoded segment does not
contains any `/` characters. It further hardens the `FromSegments`
implementation by checking for additional risky characters: ':', '>', '<' as the
last character, and '\' on Windows. This is in addition to the already present
checks for '.' and '*' as the first character.
The behavior for a failing check has also changed. Previously, Rocket would skip
segments that contained illegal characters. In this commit, the implementation
instead return an error.
The `Error` type of the `PathBuf::FromSegment` implementations was changed to a
new `SegmentError` type that indicates the condition that failed.
Closes #134 .
2017-01-13 13:25:33 -08:00
Sergio Benitez
41aecc3e7f
Expose the remote address via remote()
in Request
.
...
This commit also includes the following changes:
* `FromRequest` for `SocketAddr` implemented: extracts remote address.
* All built-in `FromRequest` implementations are documented.
* Request preprocessing overrides remote IP with value from X-Real-IP header.
* `MockRequest` allows setting the remote address with `remote()`.
Resolves #38 .
2017-01-13 07:50:51 -08:00
Sergio Benitez
c6fbc44888
Add TODO about improving builder finalize error.
2017-01-12 02:43:00 -08:00
Sergio Benitez
ddda8fe79b
Add workers config parameter.
2017-01-12 02:38:14 -08:00
Sergio Benitez
fb24ee315c
Overhaul configuration and custom ignition.
...
* Add Config::new() and Config::build() for simpler Config creation.
* Add set_{param} methods to Config.
* Add ConfigBuilder type for easy building of configurations.
* Remove builder methods from Config.
* PartialEq in Config doesn't consider path or session key.
* Rocket::custom takes Config by value.
* Rocket::custom takes second (enable_logging) boolean argument.
* Rocket::custom properly sets the custom config as the active config.
2017-01-11 18:35:09 -08:00
Dru Sellers
a6084ab3e2
Change the type for port to u16 in config.
2017-01-09 16:48:27 -08:00
Sergio Benitez
e230ce9b95
Don't overwrite catcher response status if it is set.
...
Resolves #113 .
2017-01-06 01:32:43 -06:00
Sergio Benitez
21a1bde7c0
Add Header methods to get name and value as strs.
2017-01-06 01:03:08 -06:00
Sergio Benitez
6165a6705c
Add more comments on dispatch logic.
2017-01-06 00:42:24 -06:00
Sergio Benitez
8f8dde812d
Remove unnecessary fields in Redirect Response.
2017-01-06 00:42:10 -06:00
Sergio Benitez
042dcadf43
Expose DataStream directly to allow for stream composition.
2017-01-05 15:13:13 -06:00
Sergio Benitez
069f09cb7e
Make 'cargo test' work without '--all-features'.
2017-01-05 14:51:00 -06:00
Sergio Benitez
2da08a975c
Make Content-Type case-preserving; add 'params' method.
2017-01-05 02:14:44 -06:00
Sergio Benitez
855d9b7b00
New version: 0.1.4.
2017-01-04 11:18:49 -06:00
Sergio Benitez
24805bbf16
Treat header names as case-preserving in HeaderMap.
...
Fixes #92 .
2017-01-02 21:33:36 -06:00
Sergio Benitez
82f6f78189
Add UncasedAscii{Ref} type(s) that are case-preserving strings.
2017-01-02 21:32:29 -06:00
Sergio Benitez
6fdc6f025f
New version: 0.1.3.
2016-12-31 01:31:11 -06:00
Liigo Zhuang
0af01abe5f
Fix decoding of String form values.
...
@liigo originated a fix and found the problem in #82 .
2016-12-31 01:06:22 -06:00
Sergio Benitez
83bbea7d4a
Fix decoding of form value Strings.
2016-12-31 00:48:31 -06:00
Greg Edwards
d19cb0349c
Only override request methods via '_method' on POST.
2016-12-31 00:00:47 -06:00
Sergio Benitez
a1878ad080
Properly resolve dynamic segments, take 2.
...
Fixes #86 .
2016-12-30 23:51:23 -06:00
Sergio Benitez
1f373cc83a
Rename 'content_type' Route field to 'format'.
2016-12-30 20:15:28 -06:00
Sergio Benitez
20f13f0bc1
Add CSV as a known Content-Type.
2016-12-27 15:42:27 -06:00
Sergio Benitez
1e3f1961cd
Remove unnecessary new line.
...
(really just trying to trigger Travis)
2016-12-26 18:46:14 -06:00
Sergio Benitez
2299a3e5a6
Don't depend on path separator in segments tests.
2016-12-26 17:18:15 -06:00
Sergio Benitez
71419933a5
Ignore _method field in derived FromForm.
...
Fixes #45 .
2016-12-26 02:41:57 -06:00
Sean Griffin
eb8d973abd
Fix typo in Outcome formatting: Succcess -> Success.
2016-12-25 21:37:06 -06:00
Sergio Benitez
fb7a756cf1
New version: 0.1.2.
2016-12-24 14:15:00 -08:00
Sergio Benitez
9cebab5037
Fix get_raw_segments index argument in route codegen.
...
Fixes #41 .
2016-12-24 11:58:24 -08:00
Sergio Benitez
14f79c3733
New version: 0.1.1. NamedFile hotfix.
2016-12-23 12:30:44 -08:00
Sergio Benitez
591963106e
Update NamedFile documentation.
2016-12-23 12:02:17 -08:00
Sergio Benitez
16f70480f5
Actually send the file via NamedFile.
2016-12-23 11:51:11 -08:00
Sergio Benitez
a94fcf41db
New version: 0.1.0. First public release!
2016-12-23 05:03:07 -08:00
Sergio Benitez
22a058d2d5
Add Cargo metadata to contrib and codegen crates.
2016-12-23 04:20:46 -08:00
Sergio Benitez
25a4469791
Add Cargo metadata for packaging.
2016-12-23 03:36:26 -08:00
Sergio Benitez
12302bcadb
Document default FromParam impls.
2016-12-23 02:39:34 -08:00
Sergio Benitez
7d97bf04ea
Prepend http:// to address:port in launch message.
2016-12-22 05:27:23 -08:00
Sergio Benitez
595cc5be57
Emit warning about disabled session keys.
2016-12-22 01:29:58 -08:00
Sergio Benitez
76073718c7
New version: 0.1.0 release candidate.
2016-12-22 00:05:05 -08:00
Sergio Benitez
2dc1ba29f0
Adds tests for JSON example. Emit warning from JSON FromData.
...
This also includes a tiny change to the `mk-docs` script to build a
blank index at the root of the docs.
2016-12-21 22:56:58 -08:00
Sergio Benitez
b9742c1202
Fix broken links in docs.
2016-12-21 01:33:45 -08:00
Sergio Benitez
80632689f4
Document Request.
2016-12-21 01:30:45 -08:00
Sergio Benitez
dedf5094fe
Remove URIBuf.
2016-12-21 00:20:14 -08:00
Sergio Benitez
62fe734492
URI uses Cow iternally.
2016-12-21 00:09:22 -08:00
Sergio Benitez
f3b7b7db5e
Add example for FromData.
2016-12-20 18:07:14 -08:00
Sergio Benitez
c61e40f5a3
Document config ParsingError.
2016-12-20 17:27:46 -08:00
Sergio Benitez
0acb9eab83
Document Response. Update Config tests.
2016-12-20 17:27:31 -08:00
Sergio Benitez
6e2913fc5c
Cleanup Responder documentation.
2016-12-20 13:40:02 -08:00
Sergio Benitez
abdb8c2aa1
Document ResponseBuilder.
2016-12-19 23:29:20 -08:00
Sergio Benitez
d44c61f1af
Redocument ContentType.
2016-12-19 20:40:21 -08:00
Sergio Benitez
ddbd7966f7
Document Body. Derive Clone/Copy/PartialEq appropriately in response module.
2016-12-19 20:10:24 -08:00
Sergio Benitez
1851187a2d
Reword http module documentation.
2016-12-19 19:50:27 -08:00
Sergio Benitez
f101069610
Document Status and StatusClass.
2016-12-19 19:46:49 -08:00
Sergio Benitez
3414266a8a
Document Header and HeaderMap.
2016-12-19 18:04:31 -08:00
Sergio Benitez
8d8d504b59
Document Config. Cleaner lib/handler docs.
2016-12-19 16:51:59 -08:00
Sergio Benitez
dd7e95b3c5
Panic on illegal, dynamic mount points.
2016-12-17 10:51:44 -08:00
Sergio Benitez
f1c7d3e27c
Minor code improvements via clippy.
2016-12-17 09:18:30 -08:00
Sergio Benitez
d39c47aaf2
Hyper has merged Rocket changes. Update to mainline.
2016-12-16 15:48:16 -08:00
Sergio Benitez
e2fcd75325
Use forked compiletest for latest nightly.
2016-12-16 15:14:11 -08:00
Sergio Benitez
2e25ce04dc
Automatically handle HEAD requests.
2016-12-16 05:17:16 -08:00
Sergio Benitez
6815a56cb5
Rework Request: add lifetime to future proof, remove unsafe.
2016-12-16 03:07:23 -08:00
Sergio Benitez
5f311c3654
Implement Responder for Response.
2016-12-15 20:57:14 -08:00
Sergio Benitez
368e5105a9
Return a Response from testing's dispatch_with.
2016-12-15 20:53:54 -08:00
Sergio Benitez
77cfed0d21
Fix minor README/comment typos.
2016-12-15 17:22:33 -08:00
Sergio Benitez
08f41816d1
Remove dependence from Hyper in Request/MockRequest.
2016-12-15 16:34:19 -08:00
Sergio Benitez
a73a082153
New HeaderMap type for grouping Headers.
2016-12-15 12:37:17 -08:00
Sergio Benitez
d3e2d829c7
Remove all Hyper* types in favor of hyper::*.
2016-12-15 09:24:29 -08:00
Sergio Benitez
0cc379b82f
Parse and test params in ContentType.
2016-12-15 08:49:10 -08:00
Sergio Benitez
44f5f1998d
New HTTP types: ContentType, Status. Responder/Handler/ErrorHandler changed.
...
This is a complete rework of `Responder`s and of the http backend in
general. This gets Rocket one step closer to HTTP library independence,
enabling many future features such as transparent async I/O, automatic
HEAD request parsing, pre/post hooks, and more.
Summary of changes:
* `Responder::response` no longer takes in `FreshHyperResponse`.
Instead, it returns a new `Response` type.
* The new `Response` type now encapsulates a full HTTP response. As a
result, `Responder`s now return it.
* The `Handler` type now returns an `Outcome` directly.
* The `ErrorHandler` returns a `Result`. It can no longer forward,
which made no sense previously.
* `Stream` accepts a chunked size parameter.
* `StatusCode` removed in favor of new `Status` type.
* `ContentType` significantly modified.
* New, lightweight `Header` type that plays nicely with `Response`.
2016-12-15 00:47:31 -08:00
Sergio Benitez
5fca86c84f
New version: 0.0.11.
2016-12-11 22:23:08 -08:00
Sergio Benitez
6bc0fa8871
Make note about implementing auto HEAD handling.
2016-12-11 21:20:30 -08:00
Sergio Benitez
e6fa01607f
Link to Stream in Responder docs.
2016-12-11 01:40:03 -08:00
Sergio Benitez
3dc82e2349
HTML escape < in Responder docs.
2016-12-10 17:58:52 -08:00
Sergio Benitez
4f89e232aa
HTML escape < in FromParam docs.
2016-12-10 17:41:44 -08:00
Sergio Benitez
470dc7f63c
Improve FromParam documentation.
2016-12-10 02:55:25 -08:00
Sergio Benitez
a818976b08
Add example implementation for Responder.
2016-12-09 20:59:58 -08:00
Sergio Benitez
d0136235d7
Remove with_status and StatusResponder in favor of status module.
2016-12-09 19:53:13 -08:00
Sergio Benitez
a2e99985b0
Fix data buffer indexing bug. Add from_request example.
2016-11-21 00:45:44 -08:00
Sergio Benitez
b38942ad00
Avoid double logger initialization by removing logger init in Rocket::custom.
2016-11-11 14:04:00 -08:00
Sergio Benitez
ba88fcdc95
Document FromRequest. Clarify FromFormValue::default.
2016-11-06 17:07:47 +01:00
Sergio Benitez
006a35a8a9
Add an example to Rocket::catch docs.
2016-11-05 19:35:21 +01:00
Sergio Benitez
2cc0251a22
Further document the Catcher type. Register a catcher in the manual example.
2016-11-05 19:31:50 +01:00
Sergio Benitez
a5599aac9c
Hide all of the logger macros, for now.
2016-11-04 15:38:06 +01:00
Sergio Benitez
4d189df884
Fix the tests for latest changes.
2016-11-04 15:11:59 +01:00
Sergio Benitez
d7353c8c2d
Document the Rocket type. Add expect method to Outcome. Add custom method to Rocket.
2016-11-04 14:35:04 +01:00
Sergio Benitez
dd030334e4
Document the Error type.
2016-11-03 19:00:52 +01:00
Sergio Benitez
32e22fc8e1
Document the content module, complete response documentation.
2016-11-03 18:54:37 +01:00
Sergio Benitez
553082f026
Document all of the core response types.
2016-11-03 17:05:41 +01:00
Sergio Benitez
129268506e
Document Responder. Further document Flash. Implement Debug for most Responder types.
2016-11-03 15:09:01 +01:00
Sergio Benitez
c2d3bdccdb
Document the Failure and Flash responses.
2016-11-02 18:48:43 +01:00
Sergio Benitez
004cae7627
Fix codegen tests for new lib. Make UTF8 charset the default for text content types.
2016-11-02 17:39:41 +01:00
Sergio Benitez
c98d047038
Add URI::percent_decoding helper method. Safeguard Pathbuf FromSegments implementation.
2016-11-02 16:55:56 +01:00
Sergio Benitez
4326c9103e
Propogate error types in FromParam and FromSegment parses.
2016-10-31 18:51:19 +01:00
Sergio Benitez
639cd425ee
Add Debug bound to associated parsing Errors.
2016-10-31 18:31:39 +01:00
Sergio Benitez
785d0d2a6a
Fix URI display for root path.
2016-10-31 17:32:43 +01:00
Sergio Benitez
d91e3e0454
Add the [global] psuedo-environment for global configuration.
2016-10-31 17:00:32 +01:00
Sergio Benitez
da7cb44671
Add more testing module documentation. Fix test for latest nightly.
2016-10-31 10:21:19 +01:00