Commit Graph

286 Commits

Author SHA1 Message Date
Sergio Benitez
08278e8f0e New version: 0.1.5. 2017-01-14 08:45:03 -08:00
Eijebong
1398626710 Fix typo in Redirect documentation. 2017-01-14 07:58:28 -08:00
Sergio Benitez
d4d5c5dd29 Override config parameters via environment variables.
Resolves #37.
2017-01-14 07:55:08 -08:00
Sergio Benitez
4bc5c20a45 Fix security checks in PathBuf::FromSegments.
In #134, @tunz discovered that Rocket does not properly prevent path traversal
or local file inclusion attacks. The issue is caused by a failure to check for
some dangerous characters after decoding. In this case, the path separator '/'
was left as-is after decoding. As such, an attacker could construct a path with
containing any number of `..%2f..` sequences to traverse the file system.

This commit resolves the issue by ensuring that the decoded segment does not
contains any `/` characters. It further hardens the `FromSegments`
implementation by checking for additional risky characters: ':', '>', '<' as the
last character, and '\' on Windows. This is in addition to the already present
checks for '.' and '*' as the first character.

The behavior for a failing check has also changed. Previously, Rocket would skip
segments that contained illegal characters. In this commit, the implementation
instead return an error.

The `Error` type of the `PathBuf::FromSegment` implementations was changed to a
new `SegmentError` type that indicates the condition that failed.

Closes #134.
2017-01-13 13:25:33 -08:00
Sergio Benitez
41aecc3e7f Expose the remote address via remote() in Request.
This commit also includes the following changes:

  * `FromRequest` for `SocketAddr` implemented: extracts remote address.
  * All built-in `FromRequest` implementations are documented.
  * Request preprocessing overrides remote IP with value from X-Real-IP header.
  * `MockRequest` allows setting the remote address with `remote()`.

Resolves #38.
2017-01-13 07:50:51 -08:00
Sergio Benitez
c6fbc44888 Add TODO about improving builder finalize error. 2017-01-12 02:43:00 -08:00
Sergio Benitez
ddda8fe79b Add workers config parameter. 2017-01-12 02:38:14 -08:00
Sergio Benitez
fb24ee315c Overhaul configuration and custom ignition.
* Add Config::new() and Config::build() for simpler Config creation.
  * Add set_{param} methods to Config.
  * Add ConfigBuilder type for easy building of configurations.
  * Remove builder methods from Config.
  * PartialEq in Config doesn't consider path or session key.
  * Rocket::custom takes Config by value.
  * Rocket::custom takes second (enable_logging) boolean argument.
  * Rocket::custom properly sets the custom config as the active config.
2017-01-11 18:35:09 -08:00
Dru Sellers
a6084ab3e2 Change the type for port to u16 in config. 2017-01-09 16:48:27 -08:00
Sergio Benitez
e230ce9b95 Don't overwrite catcher response status if it is set.
Resolves #113.
2017-01-06 01:32:43 -06:00
Sergio Benitez
21a1bde7c0 Add Header methods to get name and value as strs. 2017-01-06 01:03:08 -06:00
Sergio Benitez
6165a6705c Add more comments on dispatch logic. 2017-01-06 00:42:24 -06:00
Sergio Benitez
8f8dde812d Remove unnecessary fields in Redirect Response. 2017-01-06 00:42:10 -06:00
Sergio Benitez
042dcadf43 Expose DataStream directly to allow for stream composition. 2017-01-05 15:13:13 -06:00
Sergio Benitez
069f09cb7e Make 'cargo test' work without '--all-features'. 2017-01-05 14:51:00 -06:00
Sergio Benitez
2da08a975c Make Content-Type case-preserving; add 'params' method. 2017-01-05 02:14:44 -06:00
Sergio Benitez
855d9b7b00 New version: 0.1.4. 2017-01-04 11:18:49 -06:00
Sergio Benitez
24805bbf16 Treat header names as case-preserving in HeaderMap.
Fixes #92.
2017-01-02 21:33:36 -06:00
Sergio Benitez
82f6f78189 Add UncasedAscii{Ref} type(s) that are case-preserving strings. 2017-01-02 21:32:29 -06:00
Sergio Benitez
6fdc6f025f New version: 0.1.3. 2016-12-31 01:31:11 -06:00
Liigo Zhuang
0af01abe5f Fix decoding of String form values.
@liigo originated a fix and found the problem in #82.
2016-12-31 01:06:22 -06:00
Sergio Benitez
83bbea7d4a Fix decoding of form value Strings. 2016-12-31 00:48:31 -06:00
Greg Edwards
d19cb0349c Only override request methods via '_method' on POST. 2016-12-31 00:00:47 -06:00
Sergio Benitez
a1878ad080 Properly resolve dynamic segments, take 2.
Fixes #86.
2016-12-30 23:51:23 -06:00
Sergio Benitez
1f373cc83a Rename 'content_type' Route field to 'format'. 2016-12-30 20:15:28 -06:00
Sergio Benitez
20f13f0bc1 Add CSV as a known Content-Type. 2016-12-27 15:42:27 -06:00
Sergio Benitez
1e3f1961cd Remove unnecessary new line.
(really just trying to trigger Travis)
2016-12-26 18:46:14 -06:00
Sergio Benitez
2299a3e5a6 Don't depend on path separator in segments tests. 2016-12-26 17:18:15 -06:00
Sergio Benitez
71419933a5 Ignore _method field in derived FromForm.
Fixes #45.
2016-12-26 02:41:57 -06:00
Sean Griffin
eb8d973abd Fix typo in Outcome formatting: Succcess -> Success. 2016-12-25 21:37:06 -06:00
Sergio Benitez
fb7a756cf1 New version: 0.1.2. 2016-12-24 14:15:00 -08:00
Sergio Benitez
9cebab5037 Fix get_raw_segments index argument in route codegen.
Fixes #41.
2016-12-24 11:58:24 -08:00
Sergio Benitez
14f79c3733 New version: 0.1.1. NamedFile hotfix. 2016-12-23 12:30:44 -08:00
Sergio Benitez
591963106e Update NamedFile documentation. 2016-12-23 12:02:17 -08:00
Sergio Benitez
16f70480f5 Actually send the file via NamedFile. 2016-12-23 11:51:11 -08:00
Sergio Benitez
a94fcf41db New version: 0.1.0. First public release! 2016-12-23 05:03:07 -08:00
Sergio Benitez
22a058d2d5 Add Cargo metadata to contrib and codegen crates. 2016-12-23 04:20:46 -08:00
Sergio Benitez
25a4469791 Add Cargo metadata for packaging. 2016-12-23 03:36:26 -08:00
Sergio Benitez
12302bcadb Document default FromParam impls. 2016-12-23 02:39:34 -08:00
Sergio Benitez
7d97bf04ea Prepend http:// to address:port in launch message. 2016-12-22 05:27:23 -08:00
Sergio Benitez
595cc5be57 Emit warning about disabled session keys. 2016-12-22 01:29:58 -08:00
Sergio Benitez
76073718c7 New version: 0.1.0 release candidate. 2016-12-22 00:05:05 -08:00
Sergio Benitez
2dc1ba29f0 Adds tests for JSON example. Emit warning from JSON FromData.
This also includes a tiny change to the `mk-docs` script to build a
blank index at the root of the docs.
2016-12-21 22:56:58 -08:00
Sergio Benitez
b9742c1202 Fix broken links in docs. 2016-12-21 01:33:45 -08:00
Sergio Benitez
80632689f4 Document Request. 2016-12-21 01:30:45 -08:00
Sergio Benitez
dedf5094fe Remove URIBuf. 2016-12-21 00:20:14 -08:00
Sergio Benitez
62fe734492 URI uses Cow iternally. 2016-12-21 00:09:22 -08:00
Sergio Benitez
f3b7b7db5e Add example for FromData. 2016-12-20 18:07:14 -08:00
Sergio Benitez
c61e40f5a3 Document config ParsingError. 2016-12-20 17:27:46 -08:00
Sergio Benitez
0acb9eab83 Document Response. Update Config tests. 2016-12-20 17:27:31 -08:00
Sergio Benitez
6e2913fc5c Cleanup Responder documentation. 2016-12-20 13:40:02 -08:00
Sergio Benitez
abdb8c2aa1 Document ResponseBuilder. 2016-12-19 23:29:20 -08:00
Sergio Benitez
d44c61f1af Redocument ContentType. 2016-12-19 20:40:21 -08:00
Sergio Benitez
ddbd7966f7 Document Body. Derive Clone/Copy/PartialEq appropriately in response module. 2016-12-19 20:10:24 -08:00
Sergio Benitez
1851187a2d Reword http module documentation. 2016-12-19 19:50:27 -08:00
Sergio Benitez
f101069610 Document Status and StatusClass. 2016-12-19 19:46:49 -08:00
Sergio Benitez
3414266a8a Document Header and HeaderMap. 2016-12-19 18:04:31 -08:00
Sergio Benitez
8d8d504b59 Document Config. Cleaner lib/handler docs. 2016-12-19 16:51:59 -08:00
Sergio Benitez
dd7e95b3c5 Panic on illegal, dynamic mount points. 2016-12-17 10:51:44 -08:00
Sergio Benitez
f1c7d3e27c Minor code improvements via clippy. 2016-12-17 09:18:30 -08:00
Sergio Benitez
d39c47aaf2 Hyper has merged Rocket changes. Update to mainline. 2016-12-16 15:48:16 -08:00
Sergio Benitez
e2fcd75325 Use forked compiletest for latest nightly. 2016-12-16 15:14:11 -08:00
Sergio Benitez
2e25ce04dc Automatically handle HEAD requests. 2016-12-16 05:17:16 -08:00
Sergio Benitez
6815a56cb5 Rework Request: add lifetime to future proof, remove unsafe. 2016-12-16 03:07:23 -08:00
Sergio Benitez
5f311c3654 Implement Responder for Response. 2016-12-15 20:57:14 -08:00
Sergio Benitez
368e5105a9 Return a Response from testing's dispatch_with. 2016-12-15 20:53:54 -08:00
Sergio Benitez
77cfed0d21 Fix minor README/comment typos. 2016-12-15 17:22:33 -08:00
Sergio Benitez
08f41816d1 Remove dependence from Hyper in Request/MockRequest. 2016-12-15 16:34:19 -08:00
Sergio Benitez
a73a082153 New HeaderMap type for grouping Headers. 2016-12-15 12:37:17 -08:00
Sergio Benitez
d3e2d829c7 Remove all Hyper* types in favor of hyper::*. 2016-12-15 09:24:29 -08:00
Sergio Benitez
0cc379b82f Parse and test params in ContentType. 2016-12-15 08:49:10 -08:00
Sergio Benitez
44f5f1998d New HTTP types: ContentType, Status. Responder/Handler/ErrorHandler changed.
This is a complete rework of `Responder`s and of the http backend in
general. This gets Rocket one step closer to HTTP library independence,
enabling many future features such as transparent async I/O, automatic
HEAD request parsing, pre/post hooks, and more.

Summary of changes:

  * `Responder::response` no longer takes in `FreshHyperResponse`.
    Instead, it returns a new `Response` type.
  * The new `Response` type now encapsulates a full HTTP response. As a
    result, `Responder`s now return it.
  * The `Handler` type now returns an `Outcome` directly.
  * The `ErrorHandler` returns a `Result`. It can no longer forward,
    which made no sense previously.
  * `Stream` accepts a chunked size parameter.
  * `StatusCode` removed in favor of new `Status` type.
  * `ContentType` significantly modified.
  * New, lightweight `Header` type that plays nicely with `Response`.
2016-12-15 00:47:31 -08:00
Sergio Benitez
5fca86c84f New version: 0.0.11. 2016-12-11 22:23:08 -08:00
Sergio Benitez
6bc0fa8871 Make note about implementing auto HEAD handling. 2016-12-11 21:20:30 -08:00
Sergio Benitez
e6fa01607f Link to Stream in Responder docs. 2016-12-11 01:40:03 -08:00
Sergio Benitez
3dc82e2349 HTML escape < in Responder docs. 2016-12-10 17:58:52 -08:00
Sergio Benitez
4f89e232aa HTML escape < in FromParam docs. 2016-12-10 17:41:44 -08:00
Sergio Benitez
470dc7f63c Improve FromParam documentation. 2016-12-10 02:55:25 -08:00
Sergio Benitez
a818976b08 Add example implementation for Responder. 2016-12-09 20:59:58 -08:00
Sergio Benitez
d0136235d7 Remove with_status and StatusResponder in favor of status module. 2016-12-09 19:53:13 -08:00
Sergio Benitez
a2e99985b0 Fix data buffer indexing bug. Add from_request example. 2016-11-21 00:45:44 -08:00
Sergio Benitez
b38942ad00 Avoid double logger initialization by removing logger init in Rocket::custom. 2016-11-11 14:04:00 -08:00
Sergio Benitez
ba88fcdc95 Document FromRequest. Clarify FromFormValue::default. 2016-11-06 17:07:47 +01:00
Sergio Benitez
006a35a8a9 Add an example to Rocket::catch docs. 2016-11-05 19:35:21 +01:00
Sergio Benitez
2cc0251a22 Further document the Catcher type. Register a catcher in the manual example. 2016-11-05 19:31:50 +01:00
Sergio Benitez
a5599aac9c Hide all of the logger macros, for now. 2016-11-04 15:38:06 +01:00
Sergio Benitez
4d189df884 Fix the tests for latest changes. 2016-11-04 15:11:59 +01:00
Sergio Benitez
d7353c8c2d Document the Rocket type. Add expect method to Outcome. Add custom method to Rocket. 2016-11-04 14:35:04 +01:00
Sergio Benitez
dd030334e4 Document the Error type. 2016-11-03 19:00:52 +01:00
Sergio Benitez
32e22fc8e1 Document the content module, complete response documentation. 2016-11-03 18:54:37 +01:00
Sergio Benitez
553082f026 Document all of the core response types. 2016-11-03 17:05:41 +01:00
Sergio Benitez
129268506e Document Responder. Further document Flash. Implement Debug for most Responder types. 2016-11-03 15:09:01 +01:00
Sergio Benitez
c2d3bdccdb Document the Failure and Flash responses. 2016-11-02 18:48:43 +01:00
Sergio Benitez
004cae7627 Fix codegen tests for new lib. Make UTF8 charset the default for text content types. 2016-11-02 17:39:41 +01:00
Sergio Benitez
c98d047038 Add URI::percent_decoding helper method. Safeguard Pathbuf FromSegments implementation. 2016-11-02 16:55:56 +01:00
Sergio Benitez
4326c9103e Propogate error types in FromParam and FromSegment parses. 2016-10-31 18:51:19 +01:00
Sergio Benitez
639cd425ee Add Debug bound to associated parsing Errors. 2016-10-31 18:31:39 +01:00
Sergio Benitez
785d0d2a6a Fix URI display for root path. 2016-10-31 17:32:43 +01:00
Sergio Benitez
d91e3e0454 Add the [global] psuedo-environment for global configuration. 2016-10-31 17:00:32 +01:00
Sergio Benitez
da7cb44671 Add more testing module documentation. Fix test for latest nightly. 2016-10-31 10:21:19 +01:00