Commit Graph

2321 Commits

Author SHA1 Message Date
Benedikt Weber 055ad107df Allow status customization in 'Forward' outcomes.
Prior to this commit, all forward outcomes resulted in a 404. This
commit changes request and data guards so that they are able to provide
a `Status` on `Forward` outcomes. The router uses this status, if the
final outcome is to forward, to identify the catcher to invoke.

The net effect is that guards can now customize the status code of a
forward and thus the error catcher invoked if the final outcome of a
request is to forward.

Resolves #1560.
2023-04-11 12:47:20 -07:00
Sergio Benitez b61ac6eb18 Expose 'Route', 'Catcher' collision and matching.
This commit exposes four new methods:

  * `Route::collides_with(&Route)`
  * `Route::matches(&Request)`
  * `Catcher::collides_with(&Catcher)`
  * `Catcher::matches(Status, &Request)`

Each method checks the corresponding condition: whether two routes
collide, whether a route matches a request, whether two catchers
collide, and whether a catcher matches an error arising from a request.

This functionality is used internally by Rocket to make routing
decisions. By exposing these methods, external libraries can use
guaranteed consistent logic to check the same routing conditions.

Resolves #1561.
2023-04-10 22:00:54 -07:00
Sergio Benitez 0c80f7d9e0 Return 'Path' from 'Catcher::base()'. 2023-04-10 13:42:20 -07:00
Sergio Benitez c13a6c6a79 Emit warning when 'String' is used as a parameter.
The warning is only emitted when Rocket is compiled in debug.
2023-04-10 13:38:51 -07:00
Sergio Benitez 3a44b1b28e Hide 'RouteUri' fields to ensure URI coherence.
Prior to this commit, several `RouteUri` fields were public, allowing
those values to be changed at will. These changes were at times not
reflected by the rest of the library, meaning that the values in the
route URI structure for a route became incoherent with the reflected
values. This commit makes all fields private, forcing all changes to go
through methods that can ensure coherence. All values remain accessible
via getter methods.
2023-04-10 13:26:54 -07:00
Sergio Benitez 51ed332127 Make trailing slashes significant during routing.
This commit modifies request routing in a backwards incompatible manner.
The change is summarized as: trailing slashes are now significant and
never transparently disregarded. This has the following implications,
all representing behavior that differs from that before this change:

  * Route URIs with trailing slashes (`/foo/`, `/<a>/`) are legal.
  * A request `/foo/` is routed to route `/foo/` but not `/foo`.
  * Similarly, a request `/bar/` is routed to `/<a>/` but not `/<a>`.
  * A request `/bar/foo` is not routed to `/<a>/<b>/<c..>`.

A new `AdHoc::uri_normalizer()` fairing was added that recovers the
previous behavior.

In addition to the above, the `Options::NormalizeDirs` `FileServer`
option is now enabled by default to remain consistent with the above
changes and reduce breaking changes at the `FileServer` level.
2023-04-10 12:40:39 -07:00
Sergio Benitez 908a918e8b Fuzz to validate routing collision safety.
The fuzzing target introduced in this commit attemps to assert
"collision safety". Formally, this is the property that:

  matches(request, route) := request is matched to route
  collides(route1, route2) := there is a a collision between routes

  forall requests req. !exist routes r1, r2 s.t.
    matches(req, r1) AND matches(req, r2) AND not collides(r1, r2)

Alternatively:

  forall requests req, routes r1, r2.
    matches(req, r1) AND matches(req, r2) => collides(r1, r2)

The target was run for 20 CPU hours without failure.
2023-04-07 20:27:56 -07:00
Sergio Benitez ac0a77bae2 Allow dynamic parameters to match empty segments.
The net effect of this commit is three-fold:

  * A request to `/` now matches `/<a>`. `/foo/` matches `/<a>/<b>`.
  * A segment matched to a dynamic parameter may be empty.
  * A request to `/foo/` no longer matches `/foo` or `/<a>`. Instead,
    such a request would match `/foo/<a>` or `/foo/`.

The `&str` and `String` parameter guards were updated to reflect this
change: they now error, with a newly introduced error type `Empty` in
the `rocket::error` module, when the parameter is empty. As this was the
only built-in parameter guard that would be effected by this change (all
other guards already required nonempty parameters to succeed), the
majority of applications will see no effect as a result.

For applications wanting the previous functionality, a new
`AdHoc::uri_normalizer()` fairing was introduced.
2023-04-07 20:00:09 -07:00
Sergio Benitez 0a56312607 Implement more conservative URI normalization.
* Trailing slashes are now allowed in all normalized URI paths, except
    for route attribute URIs: `/foo/` is considered normalized.
  * Query parts of URIs may now be empty: `/foo?` and `/foo/?` are now
    considered normalized.
  * The `base` field of `Catcher` is now only accessible via a new
    getter method: `Catcher::base()`.
  * `RawStr::split()` returns a `DoubleEndedIterator`.
  * Introduced a second normalization for `Origin`, "nontrailing", and
    associated methods: `Origin::normalize_nontrailing()`, and
    `Origin::is_normalized_nontrailing()`.
  * Added `Origin::has_trailing_slash()`.
  * The `Segments<Path>` iterator will now return an empty string if
    there is a trailing slash in the referenced path.
  * `Segments::len()` is now `Segments::num()`.
  * Added `RawStr::trim()`.

Resolves #2512.
2023-04-07 19:59:57 -07:00
Sergio Benitez a82508b403 Set 'Secure' cookie flag by default under TLS.
If TLS is enabled and active, Rocket will now set the `Secure` cookie
attribute by default.

Resolves #2425.
2023-04-05 13:15:24 -07:00
Sergio Benitez 89534129de Add 'TempFile::open()' to stream its data.
Resolves #2296.
2023-04-05 12:45:48 -07:00
Sergio Benitez 80b7755317 Properly forward 'deprecated' items in codegen.
Resolves #2262.
2023-04-05 11:15:49 -07:00
Sergio Benitez c48ce64a77 Standardize 'response::status' responders.
This commit modifies all of the non-empty responders in the
`response::status` module so that they look like `Status<R>(pub R)`.
Prior to this commit, some responders looked like this, while others
contained an `Option<R>`.

Resolves #2351.
2023-04-05 10:51:05 -07:00
Sergio Benitez 07ea3df0c2 Fix links to 'Stream!' in 'ws' rustdocs. 2023-04-05 09:58:21 -07:00
Sergio Benitez 03433c10ea Allow specifying 'Status' in custom form errors.
Resolves #1694.
2023-04-05 09:56:49 -07:00
Sergio Benitez db96f670b7 Fix contrib 'ws' README formatting. 2023-04-04 15:37:22 -07:00
Sergio Benitez c3520fb4a1 Pin I/O handlers. Allow 'FnOnce' in 'ws' handlers.
This modifies the 'IoHandler::io()' method so that it takes a
'Pin<Box<Self>>', allowing handlers to move internally and assume that
the data is pinned.

The change is then used in the 'ws' contrib crate to allow 'FnOnce'
handlers instead of 'FnMut'. The net effect is that streams, such as
those crated by 'Stream!', are now allowed to move internally.
2023-04-04 15:33:46 -07:00
Sergio Benitez 5e7a75e1a5 Use 'parking_lot' 'Mutex' in fairing's 'Once'. 2023-04-04 15:11:09 -07:00
Sergio Benitez d9f86d8647 Fully document the 'ws' contrib crate. 2023-04-03 16:09:45 -07:00
Sergio Benitez 887558be60 Emit warnings when data limits are reached.
Aid in debugging incorrectly configured data limits.
2023-04-03 13:27:33 -07:00
Sergio Benitez 9c4ac79748 Use D: disk on Windows for more space.
This fixes the Windows CI: it was previously running out of disk space.
2023-04-03 13:27:31 -07:00
Sergio Benitez 7d895eb9f6 Add initial implementation of 'rocket_ws'.
This provides WebSocket support in Rocket's official 'contrib'.
2023-04-01 15:02:24 -07:00
Sergio Benitez fbb0ace529 Update 'rustls' to 0.21, 'tokio-rustls' to 0.24. 2023-03-31 12:08:45 -07:00
Sergio Benitez 1a66e50be0 Add Revolt to list of known projects in FAQ. 2023-03-31 11:40:31 -07:00
Sergio Benitez aa6ad7030a Allow setting mTLS certificates on local 'Client'.
This allows testing with client certificates.

Co-authored-by: Brett Buford <blbuford@gmail.com>
2023-03-31 11:13:40 -07:00
Sergio Benitez 847e87d5c9 Make 'ws::Stream![]' mean 'ws::Stream!['static]'.
This is in line with the stream macros in Rocket core.
2023-03-31 08:34:45 -07:00
Sergio Benitez 1d2cc257dc Preprocess tungstenite 'ConnectionClosed' errors.
Tungstenite abuses `Err(ConnectionClosed)` to indicate the non-error
condition of a websocket closing. This commit changes error processing
such that the error is caught and converted into a successful
termination of websocket handling.
2023-03-30 16:08:31 -07:00
Sergio Benitez 64a7bfb37c Fix header lookups for connection upgrades. 2023-03-30 16:08:14 -07:00
Sergio Benitez 2abddd923e Implement stream websocket API in upgrade example. 2023-03-30 12:48:20 -07:00
Sergio Benitez 2a63b1a41f Downgrade I/O stream closing to warning.
Since active I/O streams will be closed by graceful shutdown, an error,
as was previously emitted, was necessarily alarmist. This reduces the
severity of the log message to a warning.
2023-03-30 12:46:34 -07:00
Sergio Benitez bd482081ad Add 'upgrade' example with WebSocket support.
This is an initial example that showcases using the new connection
upgrade API to implement WebSocket support outside of Rocket's core.
2023-03-29 17:07:01 -07:00
Sergio Benitez d97c83d7e0 Finalize support for external connection upgrades. 2023-03-29 17:06:08 -07:00
Mai-Lapyst 19e7e82fd6 Initial connection upgrade API implementation. 2023-03-29 17:06:04 -07:00
Sergio Benitez 9584edcf59 Document fallible guards in requests guide.
Co-authored-by: Dimitri Sabadie <dimitri.sabadie@gmail.com>
2023-03-28 13:49:37 -07:00
Sergio Benitez 372e9671eb Clarify 'Responder' async I/O usage in docs.
Resolves #2286.
2023-03-26 19:32:49 -07:00
Sergio Benitez 9c052be2dc Fix HTML field label in forms example template.
Fixes #2256.
2023-03-26 19:26:12 -07:00
Sergio Benitez a474fde85b Implement 'De(Serialize)' for 'Status'.
Resolves #2366.
2023-03-26 19:18:04 -07:00
Sergio Benitez 8f2ee138ea Don't set master as current release. 2023-03-26 18:19:44 -07:00
Sergio Benitez 7155ad229a Add HTTP to HTTPs redirector to TLS example. 2023-03-26 17:57:31 -07:00
Sergio Benitez d22e093d92 Fix responder derive usage docs in response guide.
The guide previously erroneously stated that `Status` could be used as a
header field. This commit clarifies how to use `Status` in a custom
responder. It also expands the section with notes on how to make use of
the `Responder` derive with `enum`s.

Resolves #2484.
2023-03-26 17:41:24 -07:00
Sergio Benitez 0d8cb1457f Recognize the '.mjs' extension as JavaScript.
Resolves #2479.
2023-03-25 08:58:43 -07:00
Sergio Benitez 999787e3bb Update JavaScript media type to 'text/javascript'.
This reflects RFC9239 and the IANA registry updates.
2023-03-25 08:56:58 -07:00
Sergio Benitez 5f232d147c Fix, clarify driver version numbers in 'db_pools'. 2023-03-25 08:30:01 -07:00
Sergio Benitez 9314352eef Add CI step that frees disk space on Linux.
It seems Cargo generates so much data that the CI will occasionally fail
due to running out of disk space. This change increases the available
disk space by 20GB.
2023-03-25 08:14:19 -07:00
Sergio Benitez 91f6288ea4 New version: 0.5.0-rc.3.
New contrib versions: 0.1.0-rc.3.
2023-03-23 16:56:17 -07:00
Sergio Benitez f800d528d3 Update CHANGELOG, add news article for 0.5.0-rc.3. 2023-03-23 16:56:15 -07:00
Sergio Benitez cf1748def9 Add CHANGELOG for 0.5.0-rc.3. 2023-03-23 16:33:11 -07:00
Sergio Benitez 14b8a082b4 Fix doc re-export inlines in crate root. 2023-03-23 16:33:11 -07:00
Sergio Benitez 28569e8bee Improve section headings in README.md.
Co-authored-by: Dimitri Sabadie <dimitri.sabadie@gmail.com>
2023-03-23 16:27:08 -07:00
Jacob Sharf 89919aa3cb Fix several typos. 2023-03-23 16:27:08 -07:00