This commit completely rewrites Rocket's HTTP serving. In addition to
significant internal cleanup, this commit introduces the following major
features:
* Support for custom, external listeners in the `listener` module.
The new `listener` module contains new `Bindable`, `Listener`, and
`Connection` traits which enable composable, external
implementations of connection listeners. Rocket can launch on any
`Listener`, or anything that can be used to create a listener
(`Bindable`), via a new `launch_on()` method.
* Support for Unix domain socket listeners out of the box.
The default listener backwards compatibly supports listening on Unix
domain sockets. To do so, configure an `address` of
`unix:path/to/socket` and optional set `reuse` to `true` (the
default) or `false` which controls whether Rocket will handle
creating and deleting the unix domain socket.
In addition to these new features, this commit makes the following major
improvements:
* Rocket now depends on hyper 1.
* Rocket no longer depends on hyper to handle connections. This allows
us to handle more connection failure conditions which results in an
overall more robust server with fewer dependencies.
* Logic to work around hyper's inability to reference incoming request
data in the response results in a 15% performance improvement.
* `Client`s can be marked secure with `Client::{un}tracked_secure()`,
allowing Rocket to treat local connections as running under TLS.
* The `macros` feature of `tokio` is no longer used by Rocket itself.
Dependencies can take advantage of this reduction in compile-time
cost by disabling the new default feature `tokio-macros`.
* A new `TlsConfig::validate()` method allows checking a TLS config.
* New `TlsConfig::{certs,key}_reader()`,
`MtlsConfig::ca_certs_reader()` methods return `BufReader`s, which
allow reading the configured certs and key directly.
* A new `NamedFile::open_with()` constructor allows specifying
`OpenOptions`.
These improvements resulted in the following breaking changes:
* The MSRV is now 1.74.
* `hyper` is no longer exported from `rocket::http`.
* `IoHandler::io` takes `Box<Self>` instead of `Pin<Box<Self>>`.
- Use `Box::into_pin(self)` to recover the previous type.
* `Response::upgrade()` now returns an `&mut dyn IoHandler`, not
`Pin<& mut _>`.
* `Config::{address,port,tls,mtls}` methods have been removed.
- Use methods on `Rocket::endpoint()` instead.
* `TlsConfig` was moved to `tls::TlsConfig`.
* `MutualTls` was renamed and moved to `mtls::MtlsConfig`.
* `ErrorKind::TlsBind` was removed.
* The second field of `ErrorKind::Shutdown` was removed.
* `{Local}Request::{set_}remote()` methods take/return an `Endpoint`.
* `Client::new()` was removed; it was previously deprecated.
Internally, the following major changes were made:
* A new `async_bound` attribute macro was introduced to allow setting
bounds on futures returned by `async fn`s in traits while
maintaining good docs.
* All utility functionality was moved to a new `util` module.
Resolves#2671.
Resolves#1070.
This has the following nice benefits:
* The 'Uuid' wrapper type is gone.
* 'Uuid' implements 'UriDisplay', 'FromUriParam'.
* The 'serialization' example merges in 'uuid'.
Resolves#1299.
The 'SpaceHelmet' fairing is now called 'Shield'. It features the
following changes and improvements:
* Headers which are now ignored by browsers are removed.
* 'XssFilter' is no longer an on-by-default policy.
* A new 'Permission' policy is introduced.
* 'Shield' is attached to all 'Rocket' instances by default.
* Default headers never allocate on 'Clone'.
* Policy headers are rendered once and cached at start-up.
* Improved use of typed URIs in policy types.
This has the following nice benefits:
* The 'JsonValue' wrapper type is gone.
* 'Local{Request, Response}' natively support JSON/MessagePack.
* The 'json' and 'msgpack' limits are officially recognized.
* Soon, Rocket application will not require an explicit 'serde' dep.
This marks the beginning of the end of 'rocket_contrib'.
The options set WAL, a 1s busy timeout, and enables foreign keys.
This also adds a focused 'databases::Config::figment()', used to
retrieve a focused figment for a given config.
The new benchmarks use routes from real-world project. This is much more
realistic than the previous benchmarks.
The new benchmarks use `criterion` and exist in their own Cargo project.
Prior to this commit, it was not possible to test Rocket crates in
production mode without setting a global secret key or bypassing secret
key checking - the testing script did the latter. The consequence is
that it became impossible to test secret key related failures because
the tests passed regardless.
This commit undoes this. As a consequence, all tests are now aware of
the difference between debug and release configurations, the latter of
which validates 'secret_key' by default. New 'Client::debug()' and
'Client::debug_with()' simplify creating an instance of 'Client' with
configuration in debug mode to avoid undesired test failures.
The summary of changes in this commit are:
* Config 'secret_key' success and failure are now tested.
* 'secret_key' validation was moved to pre-launch from 'Config:from()'.
* 'Config::from()' only extracts the config.
* Added 'Config::try_from()' for non-panicking extraction.
* 'Config' now knows the profile it was extracted from.
* The 'Config' provider sets a profile of 'Config.profile'.
* 'Rocket', 'Client', 'Fairings', implement 'Debug'.
* 'fairing::Info' implements 'Copy', 'Clone'.
* 'Fairings' keeps track of, logs attach fairings.
* 'Rocket::reconfigure()' was added to allow modifying a config.
Internally, the testing script was refactored to properly test the
codebase with the new changes. In particular, it no longer sets a rustc
'cfg' to avoid secret-key checking.
Resolves#1543.
Fixes#1564.
So. Many. Changes.
This is an insane commit: simultaneously one of the best (because of all
the wonderful improvements!) and one of the worst (because it is just
massive) in the project's history.
Routing:
* All UTF-8 characters are accepted everywhere in route paths. (#998)
* `path` is now `uri` in `route` attribute: `#[route(GET, path = "..")]`
becomes `#[route(GET, uri = "..")]`.
Forms Revamp
* All form related types now reside in a new `form` module.
* Multipart forms are supported. (resolves#106)
* Collections are supported in forms and queries. (resolves#205)
* Nested structures in forms and queries are supported. (resolves#313)
* Form fields can be ad-hoc validated with `#[field(validate = expr)]`.
* `FromFormValue` is now `FromFormField`, blanket implements `FromForm`.
* Form field values are always percent-decoded apriori.
Temporary Files
* A new `TempFile` data and form guard allows streaming data directly to a
file which can then be persisted.
* A new `temp_dir` config parameter specifies where to store `TempFile`.
* The limits `file` and `file/$ext`, where `$ext` is the file extension,
determines the data limit for a `TempFile`.
Capped
* A new `Capped` type is used to indicate when data has been truncated due to
incoming data limits. It allows checking whether data is complete or
truncated.
* `DataStream` methods return `Capped` types.
* `DataStream` API has been revamped to account for `Capped` types.
* Several `Capped<T>` types implement `FromData`, `FromForm`.
* HTTP 413 (Payload Too Large) errors are now returned when data limits are
exceeded. (resolves#972)
Hierarchical Limits
* Data limits are now hierarchical, delimited with `/`. A limit of `a/b/c`
falls back to `a/b` then `a`.
Core
* `&RawStr` no longer implements `FromParam`.
* `&str` implements `FromParam`, `FromData`, `FromForm`.
* `FromTransformedData` was removed.
* `FromData` gained a lifetime for use with request-local data.
* The default error HTML is more compact.
* `&Config` is a request guard.
* The `DataStream` interface was entirely revamped.
* `State` is only exported via `rocket::State`.
* A `request::local_cache!()` macro was added for storing values in
request-local cache without consideration for type uniqueness by using a
locally generated anonymous type.
* `Request::get_param()` is now `Request::param()`.
* `Request::get_segments()` is now `Request::segments()`, takes a range.
* `Request::get_query_value()` is now `Request::query_value()`, can parse any
`FromForm` including sequences.
* `std::io::Error` implements `Responder` like `Debug<std::io::Error>`.
* `(Status, R)` where `R: Responder` implements `Responder` by overriding the
`Status` of `R`.
* The name of a route is printed first during route matching.
* `FlashMessage` now only has one lifetime generic.
HTTP
* `RawStr` implements `serde::{Serialize, Deserialize}`.
* `RawStr` implements _many_ more methods, in particular, those related to the
`Pattern` API.
* `RawStr::from_str()` is now `RawStr::new()`.
* `RawStr::url_decode()` and `RawStr::url_decode_lossy()` only allocate as
necessary, return `Cow`.
* `Status` implements `Default` with `Status::Ok`.
* `Status` implements `PartialEq`, `Eq`, `Hash`, `PartialOrd`, `Ord`.
* Authority and origin part of `Absolute` can be modified with new
`Absolute::{with,set}_authority()`, `Absolute::{with,set}_origin()` methods.
* `Origin::segments()` was removed in favor of methods split into query and
path parts and into raw and decoded versions.
* The `Segments` iterator is smarter, returns decoded `&str` items.
* `Segments::into_path_buf()` is now `Segments::to_path_buf()`.
* A new `QuerySegments` is the analogous query segment iterator.
* Once set, `expires` on private cookies is not overwritten. (resolves#1506)
* `Origin::path()` and `Origin::query()` return `&RawStr`, not `&str`.
Codegen
* Preserve more spans in `uri!` macro.
* Preserve spans `FromForm` field types.
* All dynamic parameters in a query string must typecheck as `FromForm`.
* `FromFormValue` derive removed; `FromFormField` added.
* The `form` `FromForm` and `FromFormField` field attribute is now named
`field`. `#[form(field = ..)]` is now `#[field(name = ..)]`.
Contrib
* `Json` implements `FromForm`.
* `MsgPack` implements `FromForm`.
* The `json!` macro is exported as `rocket_contrib::json::json!`.
* Added clarifying docs to `StaticFiles`.
Examples
* `form_validation` and `form_kitchen_sink` removed in favor of `forms`.
* The `hello_world` example uses unicode in paths.
* The `json` example only allocates as necessary.
Internal
* Codegen uses new `exports` module with the following conventions:
- Locals starts with `__` and are lowercased.
- Rocket modules start with `_` and are lowercased.
- `std` types start with `_` and are titlecased.
- Rocket types are titlecased.
* A `header` module was added to `http`, contains header types.
* `SAFETY` is used as doc-string keyword for `unsafe` related comments.
* The `Uri` parser no longer recognizes Rocket route URIs.
This commit also improves config pretty-printing and warning messages.
It also fixes an issue that resulted in config value deprecation
warnings not being emitted. The 'workers' value is now a 'usize', not a
'u16'; contrib pool sizes now default to 'workers * 2'.
Closes#1470.
Sergio Benitez
Unpublished
Konrad Borowski
Edgar Onghena
Jeb Rosen
Jonah Brüchert