This is a two-prong effort. First, we warn on launch if a known key is
used. Second, we document using invalid keys where possible.
Co-authored-by: Jonas Møller <jonas@moesys.no>
The following dependencies were updated:
* `criterion` from 0.3 to 0.4
* `deadpool-redis` from 0.10 to 0.11
* `normpath` from 0.3 to 1
* `cookie` from 0.16 to 0.17
Adds an `ip_header` configuration parameter that allows modifying the
header Rocket attempts to use to retrieve the "real IP" address of the
client via `Request` methods like `client_ip()`. Additionally allows
disabling the use of any such header.
Previously, if a module used or defined a type alias for Result,
FromFormField derives would fail to compile as it would use the type
alias instead of the fully qualified type.
This commit makes passing compile UI tests optional, allowing the CI to
succeed even when UI tests fail. This change was made because UI tests
are highly susceptible to false negatives due to benign rustc compiler
output changes. A failure resulting from such a benign change inhibits
progress in the main branch due to failing PR testing which would have
otherwise passed.
Prior to this commit, the `FromForm` derive could pair the incorrect
field name with a failing validation. The bug was caused by using two
mismatched iterators in a `quote!()` invocation. Specifically, the first
iterator emitted validation calls for all fields that had validation
applied, while the second emitted field names for all fields,
irrespective of whether the field had any validation applied. The two
iterators were effectively zipped to create the final error, creating
the bug.
This commit fixes the issue by correctly matching field names with their
validators at the expense of an additional allocation, necessitated by
the `quote` crate's inability to access subfields in a repetition.
Fixes#2394.
Users experience confusion when the server appears to do "nothing" when
compiled in release mode. In reality, the server has started, but it
offers no indication in that direction via log message. Often users
misconfigure the port or address, but that information isn't displayed.
This commit makes it such that only the final "Rocket has launched!"
log message is displayed, which includes the listening address, port,
and protocol.
Due to tokio-rs/tokio#4780, a panicking top-level future combined with
an uncooperative background task prevents runtime shutdown. To avoid
this in the case of `Rocket::launch()` returning an `Error`, which
panics on drop if it isn't inspected, we return the `Result` to the
caller (i.e., `main`) instead of the `block_on` future. This prevent the
panic from occuring inside of the `block_on` future and so the runtime
terminates even with uncooperative I/O.
Generates a new method on attributed types, `pool()`, which returns an
opaque reference to a type that can be used to get pooled connections.
Also adds a code-generated example to the crate docs which includes
real, proper function signatures and fully checked examples.
Resolves#1884.
Closes#1972.
Remove 'must_use' on the generic 'Rocket<P>', which was overly
conservative. This change, in effect, marks only 'Rocket<Build>'
'must_use', which is a much more precise implementation of the intended
safety guard.
The core improvement is that `Rocket::launch()` now resolves to
`Ok(Rocket<Ignite>)` on nominal shutdown. Furthermore, shutdown never
terminates the running process.
Other changes directly related to shutdown:
* Runtime worker thread names are now irrelevant to graceful shutdown.
* `ErrorKind::Runtime` was removed; `ErrorKind::Shutdown` was added.
* The `force` config value is only read from the default provider.
* If `force`, Rocket's constructed async runtime is terminated.
Other related changes:
* The exported `hyper` module docs properly reflect public re-exports.
The previous implementation allowed a trivial DoS attack in which the
client need simply maintain open connections with incomplete handshakes.
This commit resolves that by allowing a server worker to progress as
soon as a TCP connection has been established. This comes at the expense
of a more complex implementation necessitated by deficiencies in Hyper.
Potentially resolves#2118.
Previously, the heartbeat message, in its raw form, was ":\n\n". This
commit changes the message to be ":\n".
The former message, when parsed as Server-Sent Events, contained an
empty comment (as desired) _and_ a new line (erroneously). The new line
resulted in emitting any event that was presently being emitted, even if
it wasn't complete. That is, emitting an event partly, such as the
event's data but not its name. Removing the extra new line resolves this
issue and ensures that events aren't interrupted by the heartbeat.
Fixes#2152.
Prior to this commit, 'Vec', 'HashMap', and 'BTreeMap' would parse
leniently irrespetive of the requested parsing strategy. This commit
changes their behavior so that the parsing strategy is respected.
Resolves#2131.
In cc98f98, logging was changed to use a new 'write_out!' macro that
internally used 'write!' instead of 'print!' to log. This had an
unfortunate side-effect: 'libtest' via 'cargo test' no longer captures
the log output of tests.
The reason this occurs is due to the way that Cargo, or rather
`libtest`, captures log output: it uses hidden, unstable functions that
replace a special sink that `print!`, and _only_ `print!` writes to.
Using `write!` directly, as the commit does, bypasses this sink, and so
`cargo` never captures the output.
As a compromise, we only use the better implementation when we're not
compiled with `debug_assertions` or running tests, so at least tests run
in debug-mode won't spew output.
Also updates 'tokio-rustls' to a compatible version.
Additionally depends on 'rustls-pemfile' which includes functionality
that was previously part of 'rustls' itself.
This commit removes the 'CookieJar::get_private_pending()' method in
favor of the already existing and correct 'CookieJar::get_pending()'
method. Previously, the 'CookieJar::get_private_pending()' method
attempted to decrypt the value of a pending cookie, which in reality is
plaintext, thus failing. Because the pending value is plaintext, the
'CookieJar::get_pending()' method suffices.
Documentation has been updated to refer to 'CookieJar::get_pending()'.
Fixes#2063.
This commit implements a workaround for an [issue within rustc]. The
problem showed itself when using e.g. a `Vec<&str>` argument in an async
route handler (but not `&str`), which resulted in a "implementation of
`FromForm` is not general enough" error. The workaround itself works by
gathering all invocations of `FromForm`'s methods inside a block without
any `.await` points [ref].
[issue within rustc]: https://github.com/rust-lang/rust/issues/69663
[ref]: https://github.com/rust-lang/rust/issues/57478#issuecomment-501186084
The primary aim of this commit is to reduce confusion between
'content::Json' and 'rocket::serde::json::Json' be renaming the former
to 'content::RawJson'. The complete changes in this PR are:
* All responders in the 'content' module are prefixed with 'Raw'.
* The 'content::Custom' responder was removed entirely.
* The 'Plain' responder is now 'RawText'.
* The 'content' API docs point to the 'serde' responders.
* The docs and examples were updated accordingly.
Previously, TLS, via 'Config::tls', was configurable even if the 'tls'
feature was disabled. This commit changes this so that the 'Config::tls'
field and TLS config structures are only available if 'tls' is enabled.
Instead of a constructor, 'MediaType::with_params()' and
'ContentType::with_params()' are now both builder methods. This allow
chaining the method to associated constants.
