rwf2
/
Rocket
mirror of https://github.com/rwf2/Rocket.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
668 Commits 7 Branches 63 Tags 23 MiB
Commit Graph

381 Commits

Author SHA1 Message Date
Sergio Benitez 586d46ae9c Use upstream smallvec. 2017-04-15 19:03:40 -07:00
Sergio Benitez 6641e9b92d Add Response::content_type() method. 2017-04-14 14:35:22 -07:00
Sergio Benitez 3bebdcc53d Add Response::body_string(). Use it in all tests. 2017-04-14 01:59:28 -07:00
Sergio Benitez 0d674c57fd Return `HeaderMap` from Response::headers(). Remove Response::header_values(). 
This is a breaking change. A call to `Response::headers()` can be
replaced with `Response::headers().iter()`. A call to
`Response::header_values()` can be replaced with
`Response::headers().get()`.
 2017-04-14 01:21:06 -07:00
Sergio Benitez 2e54a1f74d Don't use &str where RawStr is now preferred. 2017-04-14 00:43:57 -07:00
Sergio Benitez a25a3c69c6 Cache parsed ContentType and Accept headers. 
This is a breaking change. `Request::content_type` now returns a borrow
to `ContentType`. `FromRequest` for `ContentType` is no longer
implemented. Instead, `FromRequest` for `&ContentType` is implemented.
 2017-04-13 02:44:47 -07:00
Sergio Benitez e50164115b Only emit TLS disabled error on misconfig. 2017-04-13 01:30:48 -07:00
Sergio Benitez 6f29696b4f Make TLS misconfig an error. Always print launch message. 2017-04-13 01:16:09 -07:00
Sergio Benitez 1516ca4fb6 Initial TLS support. 
This commit introduces TLS support, provided by `rustls` and a fork of
`hyper-rustls`. TLS support is enabled via the `tls` feature and
activated when the `tls` configuration parameter is set. A new
`hello_tls` example illustrates its usage.

This commit also introduces more robust and complete configuration
settings via environment variables. In particular, quoted string,
array, and table (dictionaries) based configuration parameters can now
be set via environment variables.

Resolves #28.
 2017-04-13 00:18:31 -07:00
Sergio Benitez a2a0aab541 Depend on cookie >= 0.7.4 for ring bugfix. 2017-04-11 16:56:10 -07:00
Sergio Benitez 982997dbad Add Rocket::routes() method to get all routes. Add some internal benchmarks. 2017-04-05 01:19:33 -07:00
Sergio Benitez f5ec470a7d Use the `RawStr` type for raw parameter strings. 
This is a breaking change.

The `&str` type no longer implements `FromParam`. The `&RawStr` type
should be used in its place.
 2017-03-31 00:18:58 -07:00
Sergio Benitez cff9901940 Implement FromData for Vec<u8>. 2017-03-30 23:17:28 -07:00
Sergio Benitez 0c44e44641 Use the `RawStr` type for all form raw strings. 
This is a breaking change.

This commit introduces `RawStr` to forms. In particular, after this
commit, the `&str` type no longer implements `FromFormValue`, and so it
cannot be used as a field in forms. Instad, the `&RawStr` can be used.

The `FormItems` iterator now returns an `(&RawStr, &RawStr)` pair.
 2017-03-30 23:06:53 -07:00
Sergio Benitez f57d984e2e New version: 0.2.4. 2017-03-30 19:56:12 -07:00
Sergio Benitez 10306c3b7e Clarify segment handling for '..'. 2017-03-30 18:15:36 -07:00
Sergio Benitez df19ef74db Add RawStr::url_decode. 2017-03-30 18:15:15 -07:00
Sergio Benitez 709acf18a4 Initial implementation of RawStr. 2017-03-30 17:56:24 -07:00
Sergio Benitez b49c89af7a Rename UncasedAscii and UncasedAsciiRef to Uncased and UncasedStr. 2017-03-30 15:38:51 -07:00
Sergio Benitez d4b9360f57 Remove the '...' in the launch message. 2017-03-30 00:14:45 -07:00
Ryan Leckey ff3193a22a Fix spelling in Method docs: ff -> if. 2017-03-29 23:50:12 -07:00
Sergio Benitez cb21fbf6af Small typo: parse -> parsed. 2017-03-29 21:06:15 -07:00
Sergio Benitez 8f997a2a39 Rewrite some markdown for commonmark. 2017-03-29 19:05:49 -07:00
Sergio Benitez 7d48944080 Handle specificity based preferences in Accept. Allow 3 decimals in q parameter. 2017-03-29 18:18:30 -07:00
Sergio Benitez b102a6a497 Implement FromRequest for Accept. 2017-03-29 04:21:18 -07:00
Sergio Benitez c58ca894b7 Initial implementation of content negotiation via `Accept`. 
This is a breaking change.

This commit changes the meaning of the `format` route attribute when
used on non-payload carrying requests (GET, HEAD, CONNECT, TRACE, and
OPTIONS) so that it matches against the preferred media type in the
`Accept` header of the request. The preferred media type is computed
according to the HTTP 1.1 RFC, barring a few specificty rules to come.
 2017-03-29 04:08:53 -07:00
Sergio Benitez fb29b37f30 Reorganize extra request state. Add 'accept' and 'accept_first' methods to Request. 2017-03-28 03:10:18 -07:00
Sergio Benitez 1fb1cdfc58 Use MediaType instead of ContentType for Route format. 2017-03-28 00:12:59 -07:00
Sergio Benitez 9160483554 A route with unspecified query parameters accepts any. 
This is a breaking change. It modifies collisions with respect to query
parameters as well as the default ranking of routes.

A route that does not specify query parameters will now match against
requests with _and without_ query parameters, assuming all other
elements of the route match as well. A route that _does_ specify query
parameters will only match requests with query parameters; this remains
true.

To accommodate this change in the most natural manner possible, the
default rankings of routes have changed as illustrated below:

  |-------------+-------+----------+---------------|
  | static path | query | new rank | previous rank |
  |-------------+-------+----------+---------------|
  | yes         | yes   | -4       | 0             |
  | yes         | no    | -3       | 0             |
  | no          | yes   | -2       | 1             |
  | no          | no    | -1       | 1             |
  |-------------+-------+----------+---------------|

In other words, the most specific routes, with preference for paths over
queries, are ranked highest (lower number).
 2017-03-27 03:52:26 -07:00
Sergio Benitez c09644b270 Add the Accept ContentType structure. 2017-03-27 01:53:45 -07:00
Sergio Benitez 13359d4f50 Reformulate ContentType as a wrapper around MediaType. 2017-03-23 22:41:42 -07:00
Sergio Benitez d2c49e02c3 Fix 'Response::join' docs. 2017-03-23 03:56:02 -07:00
Sergio Benitez e006f3f83e Spruce up MediaType docs. Use new Pear features in MediaType parser. 2017-03-23 03:28:53 -07:00
Sergio Benitez 09550b6e7c New version: 0.2.3. 2017-03-22 19:47:52 -07:00
Sergio Benitez 22062d1bbe Remove spurious new line. 2017-03-22 18:57:14 -07:00
Sergio Benitez ae201b1577 Remove pub_restricted feature: it's stable! 2017-03-21 20:34:01 -07:00
Sergio Benitez 7076ae3c1d Move parsing tests to parse module. 2017-03-21 20:30:56 -07:00
Sergio Benitez d09b4138d9 Implement the (currently unused) MediaType struct. 2017-03-21 02:04:07 -07:00
Sergio Benitez ec92046d3a Clarify that rocket::launch doesn't return on success. 2017-03-16 00:51:28 -07:00
Sergio Benitez 65da988962 Return a `LaunchError` from `launch` when launching fails. 
This is a (minor) breaking change. If `rocket.launch()` is the last expression
in a function, the return type will change from `()` to `LaunchError`. A simple
workaround that preserves the previous functionality is to simply add a
semicolon after `launch()`: `rocket.launch();`.

resolves #34
 2017-03-15 22:10:09 -07:00
Sergio Benitez da157a061d Don't use hyper directly in request tests. 2017-03-15 20:30:07 -07:00
Alan Stoate 9d10aa2329 Update `Catcher` example: returns Status::NotFound on 404. 2017-03-15 19:39:22 -07:00
Sergio Benitez ca30e5e901 Cleanup request tests; move into separate file. 2017-03-15 19:20:20 -07:00
Scott Schroeder 47fe659ebe Preserve multiple incoming header values. 2017-03-15 18:25:37 -07:00
Artem Biryukov c465109fb4 Add `get_slice` and `get_table` methods to `Config`. 2017-03-08 15:31:43 -08:00
Josh Holmer d43678c35e Add MsgPack implementation to contrib. 2017-03-08 15:12:00 -08:00
Ryan Leckey 4f704e95f2 Capitalize Rocket in Server response header. 2017-03-08 15:08:50 -08:00
Sergio Benitez 393225cedf Use ansi_term::Color, not Colour. 2017-03-08 15:08:13 -08:00
Sergio Benitez 63e89b04b4 Rename Session::add to Session::set. 
Also set a default expiration of 3 hours for session cookies.
 2017-03-08 14:25:58 -08:00
Sergio Benitez 4f8894f645 Don't allocate a String into after parsing a cookie. 2017-03-08 03:39:57 -08:00
Sergio Benitez 16cb7297ab Initial session support. 
This commit includes the following additions:
  * A `session` example was added.
  * `Config::take_session_key` was removed.
  * If a `session_key` is not supplied, one is automatically generated.
  * The `Session` type implements signed, encrypted sessions.
  * A `Session` can be retrieved via its request guard.
 2017-03-08 03:28:12 -08:00
Sergio Benitez 722ee93f8b Update to cookie 0.7. Use 256-bit session_keys. 
This commit involves several breaking changes:
  * `session_key` config param must be a 256-bit base64 encoded string.
  * `FromRequest` is implemented for `Cookies`, not `Cookie`.
  * Only a single `Cookies` instance can be retrieved at a time.
  * `Config::take_session_key` returns a `Vec<u8>`.
  * `Into<Header>` is implemented for `&Cookie`, not `Cookie`.
 2017-03-07 01:19:06 -08:00
Sergio Benitez 6be902162d New version: 0.2.2. 2017-02-26 18:31:15 -08:00
Sergio Benitez d99de8e05b New version: 0.2.1. 2017-02-24 13:57:33 -08:00
Sergio Benitez efbfbd1045 Add 'into_bytes' and 'into_inner' methods to Body. 2017-02-24 13:20:35 -08:00
Sergio Benitez 62a75cdde6 Use `append_raw` to ensure all headers are set. 
Fixes #206.
 2017-02-22 11:25:30 -08:00
Sergio Benitez d89c2a0cb5 Presort routes instead of sorting on each route. 2017-02-18 00:23:20 -08:00
Michael Aaron Murphy 4161949a1c Add webp, ttf, otf, woff, and woff2 as known Content-Types. 2017-02-17 19:13:45 -08:00
Sergio Benitez d8afb4c7fa Implement Display and Error for ConfigError. 
Closes #189.
 2017-02-15 01:32:57 -08:00
Sergio Benitez d8b90ebf5f Readd missing config address test. 2017-02-14 23:34:27 -08:00
Sergio Benitez 0c963da1fd Fix IPv6 address parsing and validation. 2017-02-14 23:10:36 -08:00
Sergio Benitez 1e1ff3bd23 Explicitly delete flash cookie so that path is set. 2017-02-08 23:53:29 -08:00
Sergio Benitez 3c8dd0fad8 Fix fallout from latest cargo nightly. 2017-02-08 00:55:22 -08:00
Sergio Benitez 46f753e128 Fix typo in manage docs: referes -> refers. 2017-02-06 10:40:43 -08:00
Sergio Benitez c7db553286 New version: 0.2.0. 2017-02-06 05:35:19 -08:00
Sergio Benitez 20a548b11b Add percent_encode method to URI. 2017-02-06 03:41:12 -08:00
Sergio Benitez ad8f55f64b Back to expressibility. 2017-02-05 20:21:57 -08:00
Sergio Benitez 0b69a5d8f7 Ensure routes with and without query params don't collide. 2017-02-05 01:43:53 -08:00
Sergio Benitez e966925455 Use full URI in codegen routes; log query params in routes. 2017-02-05 01:34:48 -08:00
Sergio Benitez 8b39b88e46 We're searching for expressiveness. 2017-02-03 19:21:19 -08:00
Sergio Benitez 391628dea9 Fix broken link to IntoValue. 2017-02-03 17:15:29 -08:00
Sergio Benitez 0e82eb0b31 Fixup forms documentation for new features. 2017-02-03 16:56:29 -08:00
Sergio Benitez aefa2f1494 Use pub(crate) to enforce doc(hidden). 2017-02-03 02:17:06 -08:00
Sergio Benitez bf1b9e76fd Tweak http module docs. 2017-02-03 01:27:41 -08:00
Sergio Benitez a8356de183 Fully document `config` module. Deprecate Config::{set, default_for}. 2017-02-03 01:15:01 -08:00
Sergio Benitez 5abb8d99b4 Clarify manage method docs. 2017-02-02 18:16:57 -08:00
Sergio Benitez 988236f272 Add documentation for State request guard. 2017-02-02 18:01:00 -08:00
Sergio Benitez a9c3b8a919 Silence warnings during testing. 2017-02-02 02:16:21 -08:00
Garrett Squire 11e90f525f Update status code for form processing failure. 2017-02-01 18:29:29 -08:00
Sergio Benitez ed429cd487 Change FromForm signature. Emit 422 form errors on bad form strings. 
This commit changes the way Rocket parses form items. In particular, it now
(liberally) validates form strings, returning a Bad Request on malformed inputs
and Unprocessable Entity on bad parses.

The 'FormItems' iterator was modified to accomodate this. The iterator is now
initialized using 'from': 'FormItems::from(form_string)'. The iterator can be
queried to check for a complete parse using either 'completed()' or
'exhausted()', the latter of which will consume valid keys/values and return
true only if the entire string was consumed.

The 'FromForm' trait now takes a mutable borrow to a 'FormItems' iterator.

The 'Form' and 'FormForm' implementation for 'Form' were modified to use the new
iterfaces and check for 'exhausted' after a parse, returning a Bad Request error
if the iterator cannot be exhausted.

Resolves #46.
 2017-02-01 18:22:51 -08:00
Sergio Benitez cc22836867 Precisely route formats. Make 'content_type' an 'Option' in 'Request'. 
This commit changes the routing algorithm. In particular, it enforces
precise matching of formats. With this change, a route with a specified
format only matches requests that have the same format specified. A
route with no format specified matches any request's format. This is
contrast to the previous behavior, where a route without a specified
format would match requests regardless of their format or whether one
was specified.

This commit also changes the following:
  * The return type of the 'content_type' method of 'Request' is now
    'Option<ContentType>'.
  * The 'ContentType' request guard forwards when the request has no
    specified ContentType.
  * The 'add_header' and 'replace_header' methods take the header
    argument generically.

Closes #120.
 2017-02-01 03:12:24 -08:00
Sergio Benitez 3235e1e5e6 Make 'false' the default value for bools in forms. 2017-02-01 00:12:11 -08:00
Sergio Benitez 35bbb8b60b Use 'to_string' to format Hyper headers. 2017-01-31 17:32:35 -08:00
Sergio Benitez 374593c2f0 Use 'ContentType::Plain' for 'String' responses. 
Resolves #49.
 2017-01-31 02:43:19 -08:00
Sergio Benitez 724446cda4 Add categories to Cargo.toml. 2017-01-31 02:01:51 -08:00
Sergio Benitez 06a7317fd9 Update to Hyper 0.10. Use cookie crate directly. 
A few interesting notes on this breakage:

  * `Cookie` how has a lifetime. It should be `'static'` everywhere.
  * The `SetCookie` header is no longer reexported.
  * Instead, `Cookie` implements `Into<Header>` for Set-Cookie.
 2017-01-26 23:08:15 -08:00
Sergio Benitez 0a0b64b9b6 New version: 0.1.6. 2017-01-26 11:26:50 -08:00
Sergio Benitez 466b58970e Pin Hyper to 0.9.14 due to non-semver breaking change. 2017-01-26 11:11:43 -08:00
Sergio Benitez c815911705 Introduce Managed State. 2017-01-20 23:17:28 -08:00
Giovanni Capuano 9ef65a8c91 Don't use any features from toml crate. 2017-01-20 16:38:50 -08:00
Sergio Benitez 72b91dfa41 Use shorthand version for hyper dependency. 2017-01-20 16:36:55 -08:00
Ernestas Poskus 59b7cb006f Add SVG as a known Content-Type. 2017-01-19 12:29:39 -08:00
Sergio Benitez cf82469c52 Document encoding behavior for FormItems. 2017-01-15 02:21:28 -08:00
Sergio Benitez bb295dc230 Extend FormFormValue docs with details and built-in impls. 
Closes #129.
 2017-01-15 02:05:17 -08:00
Sergio Benitez 307469dc3a Refuse to build on non-nightly with a nice message. 2017-01-15 01:16:47 -08:00
Sergio Benitez 08278e8f0e New version: 0.1.5. 2017-01-14 08:45:03 -08:00
Eijebong 1398626710 Fix typo in `Redirect` documentation. 2017-01-14 07:58:28 -08:00
Sergio Benitez d4d5c5dd29 Override config parameters via environment variables. 
Resolves #37.
 2017-01-14 07:55:08 -08:00
Sergio Benitez 4bc5c20a45 Fix security checks in `PathBuf::FromSegments`. 
In #134, @tunz discovered that Rocket does not properly prevent path traversal
or local file inclusion attacks. The issue is caused by a failure to check for
some dangerous characters after decoding. In this case, the path separator '/'
was left as-is after decoding. As such, an attacker could construct a path with
containing any number of `..%2f..` sequences to traverse the file system.

This commit resolves the issue by ensuring that the decoded segment does not
contains any `/` characters. It further hardens the `FromSegments`
implementation by checking for additional risky characters: ':', '>', '<' as the
last character, and '\' on Windows. This is in addition to the already present
checks for '.' and '*' as the first character.

The behavior for a failing check has also changed. Previously, Rocket would skip
segments that contained illegal characters. In this commit, the implementation
instead return an error.

The `Error` type of the `PathBuf::FromSegment` implementations was changed to a
new `SegmentError` type that indicates the condition that failed.

Closes #134.
 2017-01-13 13:25:33 -08:00
Sergio Benitez 41aecc3e7f Expose the remote address via `remote()` in `Request`. 
This commit also includes the following changes:

  * `FromRequest` for `SocketAddr` implemented: extracts remote address.
  * All built-in `FromRequest` implementations are documented.
  * Request preprocessing overrides remote IP with value from X-Real-IP header.
  * `MockRequest` allows setting the remote address with `remote()`.

Resolves #38.
 2017-01-13 07:50:51 -08:00