Commit Graph

882 Commits

Author SHA1 Message Date
Sergio Benitez dcde224648 Update dependencies and fix nightly warnings. 2024-04-11 18:09:21 -07:00
Wesley Rosenblum 07e4170b72 Use 's2n-quic' TLS server builder. 2024-04-10 14:06:58 -07:00
Łukasz Wojniłowicz a742d3da4f Symlink license files in all crate directories.
Resolves #2760.
2024-04-06 20:46:07 -07:00
Sergio Benitez edce8bd656 Use default 'CryptoProvider' for all TLS ops.
Prior to this commit, some TLS related operations used 'ring' even when
a different default 'CryptoProvider' was installed. This commit fixes
that by refactoring 'TlsConfig' such that all utility methods are
required to use the default 'CryptoProvider'.

This commit also cleans up code related to the rustls 0.23 update.
2024-03-31 11:46:56 -07:00
Abdullah Alyan ce92c5dd76 Update rustls to 0.23. Support 'CryptoProvider's.
This commit updates rustls to 0.23 and adds support for custom
'CryptoProvider's installable via 'CryptoProvider::install_default()'.
In particular, this enables using `aws-lc-rs` for cryptography related
operation in TLS. The 'TLS' example was updated to test use of
'aws-lc-rs' on Unix.
2024-03-31 11:46:56 -07:00
Sergio Benitez bd26ca462a Introduce #[suppress]: suppress Rocket lints.
Adding `#[suppress(lint)]` for a known `lint` suppresses the
corresponding warning generated by Rocket's codegen. The lints are:

  * `unknown_format`
  * `dubious_payload`
  * `segment_chars`
  * `arbitrary_main`
  * `sync_spawn`

For example, the following works as expected to suppress the warning
generated by the unknown media type "application/foo":

```rust
fn post_foo() -> &'static str { "post_foo" }
```

Resolves #1188.
2024-03-21 20:24:53 -07:00
Tau 35a1cf12b6 Fix and always set Content-Length header.
Previously, the header was erroneously set as 'Content-Type' and not
visible to local clients. This commit fixes both of these issues.
2024-03-21 16:42:09 -07:00
Sergio Benitez 8f3061ba40 Rename 'candidate_endpoint()', 'bind_endpoint()'. 2024-03-20 14:29:32 -07:00
Sergio Benitez 225655817a Update 'x509-parser' to 0.16. 2024-03-20 01:37:31 -07:00
Sergio Benitez 02011a1307 Clean up codebase: fix reasonable clippy warnings.
This commit is a codebase-wide cleanup driven by clippy warnings. In
addition to fixing every reasonable warning, the following new
functionality was introduced:

  * `Accept::new()` now takes any `T: Into<QMediaType>` iterator.
  * `TempFile::is_empty()` was added.
  * `HeaderMap` now implements `IntoIterator`.

This commit makes the following breaking changes:

  * The `IntoCollection` trait is gone. Generics previously bound by the
    trait are now bound by `IntoIterator`. This affects:
    - `Accept::new()`
    - `ContentType::with_params()`
    - `Permission::{allow, allowed}()`
  * `MediaType`, `QMediaType`, and `Allow` implement `IntoIterator`,
    enabling most existing code to continue working without change.
  * The inherent `HeaderMap::into_iter()` method was removed.
  * The `Ok` variant in ErrorKind::Liftoff` is now `Box<Rocket<Orbit>>`.
2024-03-20 00:47:38 -07:00
Sergio Benitez d9249db6d6 Address new nightly compiler warnings. 2024-03-19 14:08:14 -07:00
Sergio Benitez 1619bbbddc Support QUIC and HTTP/3.
This commit adds support for HTTP/3 and QUIC under a disabled-by-default
feature `http3-preview`. The current implementation depends on modified
versions of h3 and s2n-quic-h3 which will need to be upstreamed and
published before a release is possible.

During the course of development various facets of Rocket's internal
connection handling and recent listener APIs were improved. The complete
list of changes included in this PR is:

  * A `shutdown` module was introduced.
  * `config::Shutdown` was renamed to `ShutdownConfig` and moved to
    `shutdown` while being re-exported from `config`.
  * `ListenerAddr` is now called `Endpoint`. Various methods which
    previously referred to "addresses" now refer to "endpoints".
  * `Rocket::endpoint()` was renamed to `Rocket::endpoints()` and now
    returns an iterator over the endpoints Rocket is listening on.
  * `Endpoint` acquired various query utility methods.
  * The `{set_}remote()` methods now take/produce `Endpoint`s.
  * `TlsBindable` only accepts single-phase internal interfaces.
  * Bind error messages include candidate endpoint info when possible.
  * The warning message when a secret key is not configured now includes
    information about its effect on private cookies.

Internal changes include:

  * Config module tests were moved to `config/tests.rs`.
  * The cancellable I/O implementation was significantly simplified.
  * The `TripWire` implementation was simplified.
  * Individual shutdown stages can now be awaited on via `Stages`.
  * The `Shield` implementation was simplified.

Resolves #2723.
2024-03-18 20:23:22 -07:00
Sergio Benitez 50c44e8fdc Allow displaying [T; N], Vec<T>, [u8] via 'uri!'.
Resolves #2750.
2024-03-14 15:26:03 -07:00
Sergio Benitez 7c702a5b01 Update yansi to 1.0.1. 2024-03-14 15:26:03 -07:00
Sergio Benitez 3927c931b2 Fix various typos in rustdocs. 2024-03-14 15:25:53 -07:00
Sergio Benitez d7bcef6cf3 Fix incorrect 'Accept' swap in rustdocs.
Resolves #2743.
2024-03-04 21:42:01 -08:00
John Bampton fd739bab4e Fix WebSocket FAQ entry, typos. 2024-03-04 12:37:29 -08:00
Sergio Benitez 53c5166b6c Fix '#[async_bound]' for fns with no return type. 2024-01-30 20:36:40 -08:00
Sergio Benitez 38dbab8dd3 Bump MSRV to 1.75 for `async fn` in traits. 2024-01-30 09:18:43 -08:00
Sergio Benitez fd294049c7 Update to hyper 1. Enable custom + unix listeners.
This commit completely rewrites Rocket's HTTP serving. In addition to
significant internal cleanup, this commit introduces the following major
features:

  * Support for custom, external listeners in the `listener` module.

    The new `listener` module contains new `Bindable`, `Listener`, and
    `Connection` traits which enable composable, external
    implementations of connection listeners. Rocket can launch on any
    `Listener`, or anything that can be used to create a listener
    (`Bindable`), via a new `launch_on()` method.

  * Support for Unix domain socket listeners out of the box.

    The default listener backwards compatibly supports listening on Unix
    domain sockets. To do so, configure an `address` of
    `unix:path/to/socket` and optional set `reuse` to `true` (the
    default) or `false` which controls whether Rocket will handle
    creating and deleting the unix domain socket.

In addition to these new features, this commit makes the following major
improvements:

  * Rocket now depends on hyper 1.

  * Rocket no longer depends on hyper to handle connections. This allows
    us to handle more connection failure conditions which results in an
    overall more robust server with fewer dependencies.

  * Logic to work around hyper's inability to reference incoming request
    data in the response results in a 15% performance improvement.

  * `Client`s can be marked secure with `Client::{un}tracked_secure()`,
    allowing Rocket to treat local connections as running under TLS.

  * The `macros` feature of `tokio` is no longer used by Rocket itself.
    Dependencies can take advantage of this reduction in compile-time
    cost by disabling the new default feature `tokio-macros`.

  * A new `TlsConfig::validate()` method allows checking a TLS config.

  * New `TlsConfig::{certs,key}_reader()`,
    `MtlsConfig::ca_certs_reader()` methods return `BufReader`s, which
    allow reading the configured certs and key directly.

  * A new `NamedFile::open_with()` constructor allows specifying
    `OpenOptions`.

These improvements resulted in the following breaking changes:

  * The MSRV is now 1.74.
  * `hyper` is no longer exported from `rocket::http`.
  * `IoHandler::io` takes `Box<Self>` instead of `Pin<Box<Self>>`.
    - Use `Box::into_pin(self)` to recover the previous type.
  * `Response::upgrade()` now returns an `&mut dyn IoHandler`, not
    `Pin<& mut _>`.
  * `Config::{address,port,tls,mtls}` methods have been removed.
    - Use methods on `Rocket::endpoint()` instead.
  * `TlsConfig` was moved to `tls::TlsConfig`.
  * `MutualTls` was renamed and moved to `mtls::MtlsConfig`.
  * `ErrorKind::TlsBind` was removed.
  * The second field of `ErrorKind::Shutdown` was removed.
  * `{Local}Request::{set_}remote()` methods take/return an `Endpoint`.
  * `Client::new()` was removed; it was previously deprecated.

Internally, the following major changes were made:

  * A new `async_bound` attribute macro was introduced to allow setting
    bounds on futures returned by `async fn`s in traits while
    maintaining good docs.

  * All utility functionality was moved to a new `util` module.

Resolves #2671.
Resolves #1070.
2024-01-29 22:38:55 -08:00
Sergio Benitez e9b568d9b2 Fixup docs for 'proxy_proto_header'. 2024-01-22 18:41:20 -08:00
Arjen 5c85ea3db5 Support configurable 'X-Forwarded-Proto'.
Co-authored-by: Sergio Benitez <sb@sergio.bz>
2024-01-22 18:41:20 -08:00
Sergio Benitez 915c1181da Forward whole-form errors in 'FromForm' derive.
Resolves #2672.
2024-01-17 12:15:01 -08:00
Sergio Benitez b3abc760ae Introduce chainable data transformers.
Resolves #775.
2023-12-27 20:02:14 -08:00
Sergio Benitez a285625f80 Upgrade 'smallvec' to simplify 'Accept' impl. 2023-12-23 23:34:23 -08:00
Sergio Benitez 3e33cfe37c Remove custom 'docify!' macro: use '#[doc]`. 2023-12-22 23:42:55 -08:00
Paul Lietar 67ad8316dc Ensure 'TempFile' flushes when persisted.
Tokio's `File::write_all()` method has an unexpected quirk: it doesn't
actually write all the requested content to the file when the returned
future resolves. Instead, the write is attempted and queued. This means
that the `persist()` method can resolve without the data being persisted
to the file system. Subsequent reads of the ostensibly written-to file
can thus fail to contain the expected data.

An call to `flush()` following `write_all()` would circumvent the issue.
Alternatively, calling `fs::write()` actually writes to the file system
before returning and requires fewer lines of code. This commit thus
swaps the call to `write_all()` with `fs::write()`.
2023-12-19 16:01:00 -08:00
Martyn ae7e0040e8 Document "reconnect ad-infinitum" SSE pitfall. 2023-12-19 14:41:28 -08:00
Sergio Benitez 7cf8b1368f Doc, fix, and test 'cli_colors' deserialization. 2023-12-18 16:37:56 -08:00
Lev Kokotov f4e8987a46 Make 'cli_colors' an enum, add "always" option.
Resolves #2649.
2023-12-18 16:34:13 -08:00
cui fliter 485c490b1f Fix typos: 'preceeding', 'occured'. 2023-12-18 15:39:09 -08:00
Sergio Benitez 9c2b74b23c Upgrade 'rustls' to '0.22'.
In the process, the following improvements were also made:

  * Error messages related to TLS were improved.
  * 'Redirector' in 'tls' example was improved.
2023-12-15 16:50:08 -08:00
Sergio Benitez a59f3c4c1f Fix min dependency versions. Update MSRV to 1.64.
Also includes a work-around for a buggy `format_args!` macro found in
rustc 1.67 and 1.68.

Resolves #2670.
2023-12-13 17:49:05 -08:00
Sergio Benitez 8d9dfcecad Silence more warnings in generated code.
Resolves #2655.
2023-12-05 17:55:56 -08:00
Sergio Benitez e526fa04d4 Update 'SergioBenitez/Rocket' to 'rwf2/Rocket'.
Resolves rwf2/rwf2#5.
2023-11-21 16:32:25 +01:00
Sergio Benitez 44ac3f1eb6 Move to 0.6.0-dev on master. 2023-11-18 11:30:50 +01:00
Sergio Benitez 6d467564d6 Update version numbers for 0.5.0. 2023-11-17 17:04:59 +01:00
Sergio Benitez 124ec94b46 Fix typos.
Co-authored-by: cui fliter <imcusg@gmail.com>
2023-11-17 17:04:49 +01:00
Sergio Benitez a1c29c735c New version: 0.5.0-rc.4.
New contrib versions: 0.1.0-rc.4.
2023-11-17 17:04:44 +01:00
Sergio Benitez 15637186ba Document '&[u8]' form/data guard, limits. 2023-11-01 18:51:26 -05:00
Sergio Benitez fa0c778276 Set 'SameSite' to 'Lax' on removal cookies.
This avoids needless warnings from certain browsers.
2023-11-01 12:08:26 -05:00
Sergio Benitez 48d1b82e84 Qualm various emerging unused warnings. 2023-11-01 01:16:28 -05:00
Sergio Benitez fbd1a0d069 Improve forwarding status code precision.
Previously, the `NotFound` status code was used to signal many kinds of
recoverable, forwarding errors. This included validation errors, incorrect
Content-Type errors, and more.

This commit modifies the status code used to forward in these instances to more
precisely indicate the forwarding condition. In particular:

  * Parameter `FromParam` errors now forward as 422 (`UnprocessableEntity`).
  * Query paramater errors now forward as 422 (`UnprocessableEntity`).
  * Use of incorrect form content-type forwards as 413 (`UnsupportedMediaType`).
  * `WebSocket` guard now forwards as 400 (`BadRequest`).
  * `&Host`, `&Accept`, `&ContentType`, `IpAddr`, and `SocketAddr` all forward
    with a 500 (`InternalServerError`).

Additionally, the `IntoOutcome` trait was overhauled to support functionality
previously offered by methods on `Outcome`. The `Outcome::forward()` method now
requires a status code to use for the forwarding outcome.

Finally, logging of `Outcome`s now includes the relevant status code.

Resolves #2626.
2023-10-31 18:44:37 -05:00
Sergio Benitez c90812051e Rename 'Outcome::Failure' to 'Outcome::Error'.
The primary motivation is to deconflate the leading `F`s in `Failure` and
`Forward`. In particular, when using a generics, we used `F` for forward, which
could easily be confused for `F` for `Failure`. This resolves the conflation.
2023-10-31 12:17:28 -05:00
Sergio Benitez 260e671d43 Use mixed-site spans to avoid clippy 'uri!' error.
Closes #2630.
2023-10-27 14:50:48 -05:00
许杰友 Jieyou Xu (Joe) 07fe79796f Use Span::mixed_site to avoid let unit warnings.
Closes #2568.
2023-10-16 17:50:49 -07:00
Ruben Schmidmeister 58adc48965 Set 'color-scheme' in default catcher HTML. 2023-10-16 15:29:51 -07:00
Sergio Benitez ae68742048 Update dependencies.
* notify: 5 -> 6
  * indexmap: 1 -> 2
  * cookie: 0.18.0-rc.0 -> 0.18
2023-10-09 17:03:21 -07:00
Sergio Benitez 47faac6080 Document that '&[u8]' is a form guard. 2023-10-02 11:59:03 -07:00
Sergio Benitez 5d31ad4efb Update 'cookie' to 0.18. 2023-09-28 23:50:29 -07:00