Commit Graph

120 Commits

Author SHA1 Message Date
Sergio Benitez 4e06ee64aa Test 'secret_key' validation, now on pre-launch.
Prior to this commit, it was not possible to test Rocket crates in
production mode without setting a global secret key or bypassing secret
key checking - the testing script did the latter. The consequence is
that it became impossible to test secret key related failures because
the tests passed regardless.

This commit undoes this. As a consequence, all tests are now aware of
the difference between debug and release configurations, the latter of
which validates 'secret_key' by default. New 'Client::debug()' and
'Client::debug_with()' simplify creating an instance of 'Client' with
configuration in debug mode to avoid undesired test failures.

The summary of changes in this commit are:

  * Config 'secret_key' success and failure are now tested.
  * 'secret_key' validation was moved to pre-launch from 'Config:from()'.
  * 'Config::from()' only extracts the config.
  * Added 'Config::try_from()' for non-panicking extraction.
  * 'Config' now knows the profile it was extracted from.
  * The 'Config' provider sets a profile of 'Config.profile'.
  * 'Rocket', 'Client', 'Fairings', implement 'Debug'.
  * 'fairing::Info' implements 'Copy', 'Clone'.
  * 'Fairings' keeps track of, logs attach fairings.
  * 'Rocket::reconfigure()' was added to allow modifying a config.

Internally, the testing script was refactored to properly test the
codebase with the new changes. In particular, it no longer sets a rustc
'cfg' to avoid secret-key checking.

Resolves #1543.
Fixes #1564.
2021-03-09 21:57:26 -08:00
Sergio Benitez 08ae0d0b8c Use upstream 'async-trait'. 2021-03-04 22:10:59 -08:00
Sergio Benitez 63a14525d8 UTF-8 routes. Forms revamp. Temp files. Capped.
So. Many. Changes.

This is an insane commit: simultaneously one of the best (because of all
the wonderful improvements!) and one of the worst (because it is just
massive) in the project's history.

Routing:
  * All UTF-8 characters are accepted everywhere in route paths. (#998)
  * `path` is now `uri` in `route` attribute: `#[route(GET, path = "..")]`
    becomes `#[route(GET, uri = "..")]`.

Forms Revamp
  * All form related types now reside in a new `form` module.
  * Multipart forms are supported. (resolves #106)
  * Collections are supported in forms and queries. (resolves #205)
  * Nested structures in forms and queries are supported. (resolves #313)
  * Form fields can be ad-hoc validated with `#[field(validate = expr)]`.
  * `FromFormValue` is now `FromFormField`, blanket implements `FromForm`.
  * Form field values are always percent-decoded apriori.

Temporary Files
  * A new `TempFile` data and form guard allows streaming data directly to a
    file which can then be persisted.
  * A new `temp_dir` config parameter specifies where to store `TempFile`.
  * The limits `file` and `file/$ext`, where `$ext` is the file extension,
    determines the data limit for a `TempFile`.

Capped
  * A new `Capped` type is used to indicate when data has been truncated due to
    incoming data limits. It allows checking whether data is complete or
    truncated.
  * `DataStream` methods return `Capped` types.
  * `DataStream` API has been revamped to account for `Capped` types.
  * Several `Capped<T>` types implement `FromData`, `FromForm`.
  * HTTP 413 (Payload Too Large) errors are now returned when data limits are
    exceeded. (resolves #972)

Hierarchical Limits
  * Data limits are now hierarchical, delimited with `/`. A limit of `a/b/c`
    falls back to `a/b` then `a`.

Core
  * `&RawStr` no longer implements `FromParam`.
  * `&str` implements `FromParam`, `FromData`, `FromForm`.
  * `FromTransformedData` was removed.
  * `FromData` gained a lifetime for use with request-local data.
  * The default error HTML is more compact.
  * `&Config` is a request guard.
  * The `DataStream` interface was entirely revamped.
  * `State` is only exported via `rocket::State`.
  * A `request::local_cache!()` macro was added for storing values in
    request-local cache without consideration for type uniqueness by using a
    locally generated anonymous type.
  * `Request::get_param()` is now `Request::param()`.
  * `Request::get_segments()` is now `Request::segments()`, takes a range.
  * `Request::get_query_value()` is now `Request::query_value()`, can parse any
    `FromForm` including sequences.
  * `std::io::Error` implements `Responder` like `Debug<std::io::Error>`.
  * `(Status, R)` where `R: Responder` implements `Responder` by overriding the
    `Status` of `R`.
  * The name of a route is printed first during route matching.
  * `FlashMessage` now only has one lifetime generic.

HTTP
  * `RawStr` implements `serde::{Serialize, Deserialize}`.
  * `RawStr` implements _many_ more methods, in particular, those related to the
    `Pattern` API.
  * `RawStr::from_str()` is now `RawStr::new()`.
  * `RawStr::url_decode()` and `RawStr::url_decode_lossy()` only allocate as
    necessary, return `Cow`.
  * `Status` implements `Default` with `Status::Ok`.
  * `Status` implements `PartialEq`, `Eq`, `Hash`, `PartialOrd`, `Ord`.
  * Authority and origin part of `Absolute` can be modified with new
    `Absolute::{with,set}_authority()`, `Absolute::{with,set}_origin()` methods.
  * `Origin::segments()` was removed in favor of methods split into query and
    path parts and into raw and decoded versions.
  * The `Segments` iterator is smarter, returns decoded `&str` items.
  * `Segments::into_path_buf()` is now `Segments::to_path_buf()`.
  * A new `QuerySegments` is the analogous query segment iterator.
  * Once set, `expires` on private cookies is not overwritten. (resolves #1506)
  * `Origin::path()` and `Origin::query()` return `&RawStr`, not `&str`.

Codegen
  * Preserve more spans in `uri!` macro.
  * Preserve spans `FromForm` field types.
  * All dynamic parameters in a query string must typecheck as `FromForm`.
  * `FromFormValue` derive removed; `FromFormField` added.
  * The `form` `FromForm` and `FromFormField` field attribute is now named
    `field`. `#[form(field = ..)]` is now `#[field(name = ..)]`.

Contrib
  * `Json` implements `FromForm`.
  * `MsgPack` implements `FromForm`.
  * The `json!` macro is exported as `rocket_contrib::json::json!`.
  * Added clarifying docs to `StaticFiles`.

Examples
  * `form_validation` and `form_kitchen_sink` removed in favor of `forms`.
  * The `hello_world` example uses unicode in paths.
  * The `json` example only allocates as necessary.

Internal
  * Codegen uses new `exports` module with the following conventions:
    - Locals starts with `__` and are lowercased.
    - Rocket modules start with `_` and are lowercased.
    - `std` types start with `_` and are titlecased.
    - Rocket types are titlecased.
  * A `header` module was added to `http`, contains header types.
  * `SAFETY` is used as doc-string keyword for `unsafe` related comments.
  * The `Uri` parser no longer recognizes Rocket route URIs.
2021-03-04 01:51:21 -08:00
Jeb Rosen 9d45e786bb Update 'rand' dependency to 0.8. 2021-02-28 16:34:38 -08:00
Sergio Benitez c24f15c18f Add regression test for #1503.
Closes #1503.
2021-01-14 15:15:57 -08:00
Jeb Rosen 92af8fca72 Update to 'tokio' 1.0, 'hyper' 0.14. 2021-01-13 15:22:16 -08:00
Sergio Benitez 9671115796 Use 'workers' value from 'Config::figment()'.
This commit also improves config pretty-printing and warning messages.
It also fixes an issue that resulted in config value deprecation
warnings not being emitted. The 'workers' value is now a 'usize', not a
'u16'; contrib pool sizes now default to 'workers * 2'.

Closes #1470.
2020-12-24 15:58:48 -08:00
Sergio Benitez bbfe2ba5cc Point all docs and doc links to 'master' branch. 2020-10-21 04:54:24 -07:00
Sergio Benitez 1fb061496d Revamp configuration.
This commit completely overhauls Rocket's configuration systems, basing
it on the new Figment library. It includes many breaking changes
pertaining to configuration. They are:

  * "Environments" are replaced by "profiles".
  * 'ROCKET_PROFILE' takes the place of 'ROCKET_ENV'.
  * Profile names are now arbitrary, but 'debug' and 'release' are given
    special treatment as default profiles for the debug and release
    compilation profiles.
  * A 'default' profile now sits along-side the meta 'global' profile.
  * The concept of "extras" is no longer present; users can extract any
    values they want from the configured 'Figment'.
  * The 'Poolable' trait takes an '&Config'.
  * The 'secrets' feature is disabled by default.
  * It is a hard error if 'secrets' is enabled under the 'release'
    profile and no 'secret_key' is configured.
  * 'ConfigBuilder' no longer exists: all fields of 'Config' are public
    with public constructors for each type.
  * 'keep_alive' is disabled with '0', not 'false' or 'off'.
  * Inlined error variants into the 'Error' structure.
  * 'LoggingLevel' is now 'LogLevel'.
  * Limits can now be specified in SI units: "1 MiB".

The summary of other changes are:

  * The default config file can be configured with 'ROCKET_CONFIG'.
  * HTTP/1 and HTTP/2 keep-alive configuration is restored.
  * 'ctrlc' is now a recognized config option.
  * 'serde' is now a core dependency.
  * TLS misconfiguration errors are improved.
  * Several example use '_' as the return type of '#[launch]' fns.
  * 'AdHoc::config()' was added for simple config extraction.
  * Added more documentation for using 'Limits'.
  * Launch information is no longer treated specially.
  * The configuration guide was rewritten.

Resolves #852.
Resolves #209.
Closes #1404.
Closes #652.
2020-10-20 19:21:56 -07:00
Sergio Benitez 5d9035ddc1 Keep an op-log for sync 'CookieJar'.
In brief, this commit:

  * Updates to the latest upstream 'cookie', fixing a memory leak.
  * Make changes to 'CookieJar' observable only through 'pending()'.
  * Deprecates 'Client::new()' in favor of 'Client::tracked()'.
  * Makes 'dispatch()' on tracked 'Client's synchronize on cookies.
  * Makes 'Client::untracked()' actually untracked.

This commit updates to the latest 'cookie' which removes support for
'Sync' cookie jars. Instead of relying on 'cookie', this commit
implements an op-log based 'CookieJar' which internally keeps track of
changes. The API is such that changes are only observable through
specialized '_pending()' methods.
2020-10-14 21:37:16 -07:00
Sergio Benitez 1369dc47a3 Update 'atomic' and 'ubyte' dependencies. 2020-09-11 01:20:44 -07:00
Sergio Benitez 52320020bc Use thread-safe 'CookieJar's.
The user-facing changes effected by this commit are:

  * The 'http::Cookies<'_>' guard is now '&http::CookieJar<'_>'.
  * The "one-at-a-time" jar restriction is no longer imposed.
  * 'CookieJar' retrieval methods return 'http::CookieCrumb'.
  * The 'private-cookies' feature is now called 'secrets'.
  * Docs flag private cookie methods with feature cfg.
  * Local, async request dispatching is never serialized.
  * 'Client::cookies()' returns the tracked 'CookieJar'.
  * 'LocalResponse::cookies()' returns a 'CookieJar'.
  * 'Response::cookies()' returns an 'impl Iterator'.
  * A path of '/' is set by default on all cookies.
  * 'SameSite=strict' is set by default on all cookies.
  * 'LocalRequest::cookies()' accepts any 'Cookie' iterator.
  * The 'Debug' impl for 'Request' prints the cookie jar.

Resolves #1332.
2020-08-16 02:19:45 -07:00
Sergio Benitez 549c9241c4 Require data limits on 'Data::open()'.
Closes #1325.
2020-08-06 02:46:04 -05:00
Sergio Benitez b47d1b8f0f Rework docs for stable and async support. 2020-07-21 16:15:13 -07:00
Sergio Benitez cd7e99a535 Use 'bencher' for benchmarks on stable. 2020-07-21 15:31:44 -07:00
Sergio Benitez 67efe143c5 Improve diagnostics, especially on stable. 2020-07-21 15:31:42 -07:00
Sergio Benitez 95a4b442cc Update Pear to 0.2. 2020-07-21 15:11:07 -07:00
Jeb Rosen 27b26188c4 Update 'toml' to '0.5'. 2020-07-21 15:11:07 -07:00
Sergio Benitez f4c82d7ffe Remove unnecessary 'dev-dependencies'. 2020-07-11 11:27:23 -07:00
Sergio Benitez 832408ea9b Add example requiring async testing. 2020-07-11 09:24:30 -07:00
Sergio Benitez 03127f4dae Add blocking variant of 'local'.
This commit adds the 'local::blocking' module and moves the existing
asynchronous testing to 'local::asynchronous'. It also includes several
changes to improve the local API, bringing it to parity (and beyond)
with master. These changes are:

  * 'LocalRequest' implements 'Clone'.
  * 'LocalResponse' doesn't implement 'DerefMut<Target=Response>'.
    Instead, direct methods on the type, such as 'into_string()', can
    be used to read the 'Response'.
  * 'Response::body()' returns an '&ResponseBody' as opposed to '&mut
    ResponseBody', which is returned by a new 'Response::body_mut()'.
  * '&ResponseBody' implements 'known_size()` to retrieve a body's size,
    if it is known.

Co-authored-by: Jeb Rosen <jeb@jebrosen.com>
2020-07-11 09:24:30 -07:00
Sergio Benitez 824de061c3 Enable configurable 'ctrl-c' shutdown by default.
This removes the 'ctrl_c_shutdown' feature opting instead for a 'ctrlc'
configuration option. To avoid further merge conflicts with the master
branch, the option is currently read as an extra.

Co-authored-by: Jeb Rosen <jeb@jebrosen.com>
2020-07-11 09:24:30 -07:00
Sergio Benitez 3ced188f7d Use 'ref-cast' for safer transparent casting. 2020-07-11 09:24:30 -07:00
Jeb Rosen c7c371910b Remove extraneous dependency on 'futures-util'. 2020-07-11 09:24:29 -07:00
Sergio Benitez c0c6c79a7f Use 'async_trait' for 'Responder'.
Also:

  * Remove 'response::ResultFuture'.
  * Re-export 'tokio' and 'futures' from the crate root.
  * Make 'ResponseBuilder::sized_body()' and 'async fn'.
  * Remove the 'Future' implementation for 'ResponseBuilder'.
  * Add 'ResponseBuilder::finalize()' for finalizing the builder.
2020-07-11 09:24:29 -07:00
Sergio Benitez 48c333721c Use 'async_trait' for 'Fairing' trait.
Also re-exports the 'async_trait' attribute from 'rocket'.
2020-07-11 09:24:29 -07:00
Michael Howell c9d0af09d6 Use 'AsyncSeek' for sized bodies in 'Response's.
In order to avoid making 'ResponseBuilder::sized_body' an asynchronous
function, the seeking is deferred until finalization. 'finalize()' is
replaced with '.await', and 'ResponseBuilder::ok()' is an 'async fn'.
2020-07-11 09:24:29 -07:00
Paolo Barbolini 003bf77c29 Upgrade to tokio 0.2.0.
* Update 'tokio', 'tokio-rustls', and 'hyper'.
* Remove unused dependencies on some `futures-*` crates.
* Rework 'spawn_on', which is now 'serve'.
* Simplify Ctrl-C handling.
2020-07-11 09:24:29 -07:00
Jeb Rosen ea06878581 Update 'hyper', 'futures-*-preview', and 'tokio-*' dependencies.
Use I/O traits and types from 'tokio-io' as much as possible.

A few adapters only exist in futures-io-preview and use
futures-tokio-compat as a bridge for now.
2020-07-11 09:24:29 -07:00
Jeb Rosen d1815e527f Update 'hyper', 'tokio', and 'tokio-rustls'.
* hyper -> 0.13.0-alpha.2
* tokio -> 0.2.0-alpha.5
* tokio-rustls -> 0.12.0-alpha.3
2020-07-11 09:24:28 -07:00
Jacob Pratt cd6a80c230 Implement an API to request a graceful shutdown.
Additionally listen for Ctrl-C as a shutdown signal by default.
2020-07-11 09:24:28 -07:00
Jeb Rosen 047b1620f9 Update pinned hyper and tokio versions. 2020-07-11 09:24:28 -07:00
Jacob Pratt 05426881b0 Use 'File' from 'async_std' instead of from 'tokio'.
Additionally pin tokio to '=0.2.0-alpha.2'; before this change cargo
selects '0.2.0-alpha.3' which hyper does not compile against.
2020-07-11 09:24:28 -07:00
Jeb Rosen af95129590 Use futures 0.3-compatible hyper and tokio and the tokio runtime instead
of futures-rs executor.

Despite this change, using body_bytes_wait on (for example) a File will
still fail due to tokio-rs/tokio#1356.
2020-07-11 09:24:28 -07:00
Jeb Rosen aee7f35095 Use read_to_string (from futures-preview 0.3.0-alpha.18) to more closely match the pre-async code. 2020-07-11 09:24:28 -07:00
Jeb Rosen 5d439bafc0 Convert core to async and add support for async routes.
Minimum rustc bump required for rust-lang/rust#61775
2020-07-11 09:24:28 -07:00
Marc Schreiber 96b4142156 Upgrade to hyper 0.12.
* Use hyper's 'MakeService' implementation with futures API.
  * Use tokio runtime to serve HTTP backend.
2020-07-11 09:24:03 -07:00
Sergio Benitez 3f20e4ac93 Use proper SPDX license expression in 'Cargo.toml'. 2020-06-03 23:02:05 -07:00
Yusuke Kominami a21221aeb6 Replace deprecated 'OffsetDateTime::now' with 'OffsetDateTime::now_utc'.
Update 'time' dependency accordingly.
2020-05-30 11:13:40 -07:00
Sergio Benitez 06e146e7d1 Update 'time' to 0.2 in 'contrib'. 2020-03-25 14:39:55 -07:00
Sergio Benitez 385b69cf69 Migrate to 'binascii' for base 16, 64 decoding. 2020-02-14 17:14:37 -08:00
Sergio Benitez 7c1b8dc9ad Update 'cookie' to 0.13, 'rustls' to 0.16. 2020-01-21 16:10:04 -08:00
Paolo Barbolini cd5f96ae15 Update 'uuid', 'unicode-xid', and 'base64' dependencies. 2019-11-30 09:33:14 -08:00
Michael Howell 121210c55c Add support for base16-encoded (a.k.a. hex-encoded) secret keys. 2019-11-29 12:06:55 -08:00
Jeb Rosen 34cb1c14b8 Migrate core to Rust 2018. 2019-06-25 13:45:23 -04:00
Sergio Benitez e458df094f Update 'version_check' to 0.9. 2019-05-24 01:48:42 -07:00
Sergio Benitez 1caf87eb21 Move to 0.5.0-dev on master. 2019-05-13 16:18:48 -07:00
Richard Petrie 75d2ea96d9 Replace deprecated 'isatty' with 'atty'. 2019-05-10 18:21:58 -07:00
Sergio Benitez a4dcb0cf4c New version: 0.4.0. 2018-12-06 09:19:11 -08:00
Sergio Benitez 90a6749313 New version: 0.4.0-rc.2. 2018-11-30 21:00:18 -08:00
Sergio Benitez 7919ceac39 Strip dev-dependencies more reliably. 2018-11-30 20:58:29 -08:00
Sergio Benitez 5ec21d5ba0 Update dependencies to published versions. 2018-11-30 09:00:16 -08:00
Sergio Benitez abb434f228 Stop using white for legible logging everywhere.
Prior to this change, Rocket emitted "white" text in much of its logging
output. On terminals with light backgrounds, the text was nearly
illegible. This PR stops using white coloring altogether, opting instead
to use the terminal's default color albeit with bold styling. On dark
terminals, this will likely be a light color, and on light terminals,
this will likely be a dark color. The end result is that Rocket's
logging output should be readable everywhere.

Resolves #639.
2018-11-19 02:11:38 -08:00
Sergio Benitez 76c830a467 Update 'base64', 'crossbeam', 'rand' dependencies. 2018-11-18 03:47:12 -08:00
Sergio Benitez 4224419e63 Reduce 'cfg' usage for 'private-cookies' feature. 2018-11-08 23:56:15 -08:00
Linus Unnebäck 53758c6dd7 Introduce the 'private-cookies' feature. 2018-11-08 23:38:18 -08:00
Sergio Benitez 4dbd87a36f New version: 0.4.0-rc.1. 2018-10-31 14:35:30 -07:00
Sergio Benitez 7b2b6aba81 Use published version of 'pear'. 2018-10-28 20:17:44 -07:00
Sergio Benitez 556206e8b3 Version all URLs to 'rocket.rs'. 2018-10-26 21:20:12 -07:00
Sergio Benitez 9ef0b731c8 Rename 'codegen_next' to 'codegen'. 2018-10-22 00:01:41 -07:00
Sergio Benitez 05eee14d90 Update pear to latest revision. 2018-10-14 23:49:02 -07:00
Sergio Benitez 8b1e93192e Version documentation. 2018-10-09 04:31:09 -07:00
Sergio Benitez 2839aca8ce Update features for latest nightly. 2018-10-09 04:31:09 -07:00
Sergio Benitez 360b0e80b0 Port all codegen tests to codegen_next. 2018-10-09 04:31:08 -07:00
Sergio Benitez 633d37bc97 Fix invalid TOML test for updated 'toml' dependency. 2018-09-25 19:41:59 -07:00
Sergio Benitez 19d8569cdb Update core, codegen for 2018-07-16 nightly. 2018-07-17 14:06:32 -07:00
Sergio Benitez df7111143e Split the 'http' module into its own 'rocket_http' crate. 2018-06-07 15:34:47 +02:00
Sergio Benitez 900e716ea6 Update to Pear 0.1. 2018-06-04 18:06:08 +02:00
Sergio Benitez 1e8e4cc553 Fix Cargo.toml path to README. 2018-06-03 19:39:32 +02:00
Sergio Benitez f171dc9d09 Reorganize repository.
The directory structure has changed to better isolate crates serving
core and contrib. The new directory structure is:

  contrib/
    lib/ - the contrib library
  core/
    lib/ - the core Rocket library
    codegen/ - the "compile extension" codegen library
    codegen_next/ - the new proc-macro library
  examples/ - unchanged
  scripts/ - unchanged
  site/ - unchanged

This commit also removes the following files:

  appveyor.yml - AppVeyor (Rust on Windows) is far too spotty for use
  rustfmt.toml - rustfmt is, unfortunately, not mature enough for use

Finally, all example Cargo crates were marked with 'publish = false'.
2018-06-03 18:44:38 +02:00