rwf2
/
Rocket
mirror of https://github.com/rwf2/Rocket.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
550 Commits 7 Branches 63 Tags 23 MiB
Commit Graph

304 Commits

Author SHA1 Message Date
Sergio Benitez a9c3b8a919 Silence warnings during testing. 2017-02-02 02:16:21 -08:00
Garrett Squire 11e90f525f Update status code for form processing failure. 2017-02-01 18:29:29 -08:00
Sergio Benitez ed429cd487 Change FromForm signature. Emit 422 form errors on bad form strings. 
This commit changes the way Rocket parses form items. In particular, it now
(liberally) validates form strings, returning a Bad Request on malformed inputs
and Unprocessable Entity on bad parses.

The 'FormItems' iterator was modified to accomodate this. The iterator is now
initialized using 'from': 'FormItems::from(form_string)'. The iterator can be
queried to check for a complete parse using either 'completed()' or
'exhausted()', the latter of which will consume valid keys/values and return
true only if the entire string was consumed.

The 'FromForm' trait now takes a mutable borrow to a 'FormItems' iterator.

The 'Form' and 'FormForm' implementation for 'Form' were modified to use the new
iterfaces and check for 'exhausted' after a parse, returning a Bad Request error
if the iterator cannot be exhausted.

Resolves #46.
 2017-02-01 18:22:51 -08:00
Sergio Benitez cc22836867 Precisely route formats. Make 'content_type' an 'Option' in 'Request'. 
This commit changes the routing algorithm. In particular, it enforces
precise matching of formats. With this change, a route with a specified
format only matches requests that have the same format specified. A
route with no format specified matches any request's format. This is
contrast to the previous behavior, where a route without a specified
format would match requests regardless of their format or whether one
was specified.

This commit also changes the following:
  * The return type of the 'content_type' method of 'Request' is now
    'Option<ContentType>'.
  * The 'ContentType' request guard forwards when the request has no
    specified ContentType.
  * The 'add_header' and 'replace_header' methods take the header
    argument generically.

Closes #120.
 2017-02-01 03:12:24 -08:00
Sergio Benitez 3235e1e5e6 Make 'false' the default value for bools in forms. 2017-02-01 00:12:11 -08:00
Sergio Benitez 35bbb8b60b Use 'to_string' to format Hyper headers. 2017-01-31 17:32:35 -08:00
Sergio Benitez 374593c2f0 Use 'ContentType::Plain' for 'String' responses. 
Resolves #49.
 2017-01-31 02:43:19 -08:00
Sergio Benitez 724446cda4 Add categories to Cargo.toml. 2017-01-31 02:01:51 -08:00
Sergio Benitez 06a7317fd9 Update to Hyper 0.10. Use cookie crate directly. 
A few interesting notes on this breakage:

  * `Cookie` how has a lifetime. It should be `'static'` everywhere.
  * The `SetCookie` header is no longer reexported.
  * Instead, `Cookie` implements `Into<Header>` for Set-Cookie.
 2017-01-26 23:08:15 -08:00
Sergio Benitez 0a0b64b9b6 New version: 0.1.6. 2017-01-26 11:26:50 -08:00
Sergio Benitez 466b58970e Pin Hyper to 0.9.14 due to non-semver breaking change. 2017-01-26 11:11:43 -08:00
Sergio Benitez c815911705 Introduce Managed State. 2017-01-20 23:17:28 -08:00
Giovanni Capuano 9ef65a8c91 Don't use any features from toml crate. 2017-01-20 16:38:50 -08:00
Sergio Benitez 72b91dfa41 Use shorthand version for hyper dependency. 2017-01-20 16:36:55 -08:00
Ernestas Poskus 59b7cb006f Add SVG as a known Content-Type. 2017-01-19 12:29:39 -08:00
Sergio Benitez cf82469c52 Document encoding behavior for FormItems. 2017-01-15 02:21:28 -08:00
Sergio Benitez bb295dc230 Extend FormFormValue docs with details and built-in impls. 
Closes #129.
 2017-01-15 02:05:17 -08:00
Sergio Benitez 307469dc3a Refuse to build on non-nightly with a nice message. 2017-01-15 01:16:47 -08:00
Sergio Benitez 08278e8f0e New version: 0.1.5. 2017-01-14 08:45:03 -08:00
Eijebong 1398626710 Fix typo in `Redirect` documentation. 2017-01-14 07:58:28 -08:00
Sergio Benitez d4d5c5dd29 Override config parameters via environment variables. 
Resolves #37.
 2017-01-14 07:55:08 -08:00
Sergio Benitez 4bc5c20a45 Fix security checks in `PathBuf::FromSegments`. 
In #134, @tunz discovered that Rocket does not properly prevent path traversal
or local file inclusion attacks. The issue is caused by a failure to check for
some dangerous characters after decoding. In this case, the path separator '/'
was left as-is after decoding. As such, an attacker could construct a path with
containing any number of `..%2f..` sequences to traverse the file system.

This commit resolves the issue by ensuring that the decoded segment does not
contains any `/` characters. It further hardens the `FromSegments`
implementation by checking for additional risky characters: ':', '>', '<' as the
last character, and '\' on Windows. This is in addition to the already present
checks for '.' and '*' as the first character.

The behavior for a failing check has also changed. Previously, Rocket would skip
segments that contained illegal characters. In this commit, the implementation
instead return an error.

The `Error` type of the `PathBuf::FromSegment` implementations was changed to a
new `SegmentError` type that indicates the condition that failed.

Closes #134.
 2017-01-13 13:25:33 -08:00
Sergio Benitez 41aecc3e7f Expose the remote address via `remote()` in `Request`. 
This commit also includes the following changes:

  * `FromRequest` for `SocketAddr` implemented: extracts remote address.
  * All built-in `FromRequest` implementations are documented.
  * Request preprocessing overrides remote IP with value from X-Real-IP header.
  * `MockRequest` allows setting the remote address with `remote()`.

Resolves #38.
 2017-01-13 07:50:51 -08:00
Sergio Benitez c6fbc44888 Add TODO about improving builder finalize error. 2017-01-12 02:43:00 -08:00
Sergio Benitez ddda8fe79b Add workers config parameter. 2017-01-12 02:38:14 -08:00
Sergio Benitez fb24ee315c Overhaul configuration and custom ignition. 
* Add Config::new() and Config::build() for simpler Config creation.
  * Add set_{param} methods to Config.
  * Add ConfigBuilder type for easy building of configurations.
  * Remove builder methods from Config.
  * PartialEq in Config doesn't consider path or session key.
  * Rocket::custom takes Config by value.
  * Rocket::custom takes second (enable_logging) boolean argument.
  * Rocket::custom properly sets the custom config as the active config.
 2017-01-11 18:35:09 -08:00
Dru Sellers a6084ab3e2 Change the type for port to u16 in config. 2017-01-09 16:48:27 -08:00
Sergio Benitez e230ce9b95 Don't overwrite catcher response status if it is set. 
Resolves #113.
 2017-01-06 01:32:43 -06:00
Sergio Benitez 21a1bde7c0 Add Header methods to get name and value as strs. 2017-01-06 01:03:08 -06:00
Sergio Benitez 6165a6705c Add more comments on dispatch logic. 2017-01-06 00:42:24 -06:00
Sergio Benitez 8f8dde812d Remove unnecessary fields in Redirect Response. 2017-01-06 00:42:10 -06:00
Sergio Benitez 042dcadf43 Expose DataStream directly to allow for stream composition. 2017-01-05 15:13:13 -06:00
Sergio Benitez 069f09cb7e Make 'cargo test' work without '--all-features'. 2017-01-05 14:51:00 -06:00
Sergio Benitez 2da08a975c Make Content-Type case-preserving; add 'params' method. 2017-01-05 02:14:44 -06:00
Sergio Benitez 855d9b7b00 New version: 0.1.4. 2017-01-04 11:18:49 -06:00
Sergio Benitez 24805bbf16 Treat header names as case-preserving in HeaderMap. 
Fixes #92.
 2017-01-02 21:33:36 -06:00
Sergio Benitez 82f6f78189 Add UncasedAscii{Ref} type(s) that are case-preserving strings. 2017-01-02 21:32:29 -06:00
Sergio Benitez 6fdc6f025f New version: 0.1.3. 2016-12-31 01:31:11 -06:00
Liigo Zhuang 0af01abe5f Fix decoding of String form values. 
@liigo originated a fix and found the problem in #82.
 2016-12-31 01:06:22 -06:00
Sergio Benitez 83bbea7d4a Fix decoding of form value Strings. 2016-12-31 00:48:31 -06:00
Greg Edwards d19cb0349c Only override request methods via '_method' on POST. 2016-12-31 00:00:47 -06:00
Sergio Benitez a1878ad080 Properly resolve dynamic segments, take 2. 
Fixes #86.
 2016-12-30 23:51:23 -06:00
Sergio Benitez 1f373cc83a Rename 'content_type' Route field to 'format'. 2016-12-30 20:15:28 -06:00
Sergio Benitez 20f13f0bc1 Add CSV as a known Content-Type. 2016-12-27 15:42:27 -06:00
Sergio Benitez 1e3f1961cd Remove unnecessary new line. 
(really just trying to trigger Travis)
 2016-12-26 18:46:14 -06:00
Sergio Benitez 2299a3e5a6 Don't depend on path separator in segments tests. 2016-12-26 17:18:15 -06:00
Sergio Benitez 71419933a5 Ignore _method field in derived FromForm. 
Fixes #45.
 2016-12-26 02:41:57 -06:00
Sean Griffin eb8d973abd Fix typo in Outcome formatting: Succcess -> Success. 2016-12-25 21:37:06 -06:00
Sergio Benitez fb7a756cf1 New version: 0.1.2. 2016-12-24 14:15:00 -08:00
Sergio Benitez 9cebab5037 Fix get_raw_segments index argument in route codegen. 
Fixes #41.
 2016-12-24 11:58:24 -08:00
Sergio Benitez 14f79c3733 New version: 0.1.1. NamedFile hotfix. 2016-12-23 12:30:44 -08:00
Sergio Benitez 591963106e Update NamedFile documentation. 2016-12-23 12:02:17 -08:00
Sergio Benitez 16f70480f5 Actually send the file via NamedFile. 2016-12-23 11:51:11 -08:00
Sergio Benitez a94fcf41db New version: 0.1.0. First public release! 2016-12-23 05:03:07 -08:00
Sergio Benitez 22a058d2d5 Add Cargo metadata to contrib and codegen crates. 2016-12-23 04:20:46 -08:00
Sergio Benitez 25a4469791 Add Cargo metadata for packaging. 2016-12-23 03:36:26 -08:00
Sergio Benitez 12302bcadb Document default FromParam impls. 2016-12-23 02:39:34 -08:00
Sergio Benitez 7d97bf04ea Prepend http:// to address:port in launch message. 2016-12-22 05:27:23 -08:00
Sergio Benitez 595cc5be57 Emit warning about disabled session keys. 2016-12-22 01:29:58 -08:00
Sergio Benitez 76073718c7 New version: 0.1.0 release candidate. 2016-12-22 00:05:05 -08:00
Sergio Benitez 2dc1ba29f0 Adds tests for JSON example. Emit warning from JSON FromData. 
This also includes a tiny change to the `mk-docs` script to build a
blank index at the root of the docs.
 2016-12-21 22:56:58 -08:00
Sergio Benitez b9742c1202 Fix broken links in docs. 2016-12-21 01:33:45 -08:00
Sergio Benitez 80632689f4 Document Request. 2016-12-21 01:30:45 -08:00
Sergio Benitez dedf5094fe Remove URIBuf. 2016-12-21 00:20:14 -08:00
Sergio Benitez 62fe734492 URI uses Cow iternally. 2016-12-21 00:09:22 -08:00
Sergio Benitez f3b7b7db5e Add example for FromData. 2016-12-20 18:07:14 -08:00
Sergio Benitez c61e40f5a3 Document config ParsingError. 2016-12-20 17:27:46 -08:00
Sergio Benitez 0acb9eab83 Document Response. Update Config tests. 2016-12-20 17:27:31 -08:00
Sergio Benitez 6e2913fc5c Cleanup Responder documentation. 2016-12-20 13:40:02 -08:00
Sergio Benitez abdb8c2aa1 Document ResponseBuilder. 2016-12-19 23:29:20 -08:00
Sergio Benitez d44c61f1af Redocument ContentType. 2016-12-19 20:40:21 -08:00
Sergio Benitez ddbd7966f7 Document Body. Derive Clone/Copy/PartialEq appropriately in response module. 2016-12-19 20:10:24 -08:00
Sergio Benitez 1851187a2d Reword http module documentation. 2016-12-19 19:50:27 -08:00
Sergio Benitez f101069610 Document Status and StatusClass. 2016-12-19 19:46:49 -08:00
Sergio Benitez 3414266a8a Document Header and HeaderMap. 2016-12-19 18:04:31 -08:00
Sergio Benitez 8d8d504b59 Document Config. Cleaner lib/handler docs. 2016-12-19 16:51:59 -08:00
Sergio Benitez dd7e95b3c5 Panic on illegal, dynamic mount points. 2016-12-17 10:51:44 -08:00
Sergio Benitez f1c7d3e27c Minor code improvements via clippy. 2016-12-17 09:18:30 -08:00
Sergio Benitez d39c47aaf2 Hyper has merged Rocket changes. Update to mainline. 2016-12-16 15:48:16 -08:00
Sergio Benitez e2fcd75325 Use forked compiletest for latest nightly. 2016-12-16 15:14:11 -08:00
Sergio Benitez 2e25ce04dc Automatically handle HEAD requests. 2016-12-16 05:17:16 -08:00
Sergio Benitez 6815a56cb5 Rework Request: add lifetime to future proof, remove unsafe. 2016-12-16 03:07:23 -08:00
Sergio Benitez 5f311c3654 Implement Responder for Response. 2016-12-15 20:57:14 -08:00
Sergio Benitez 368e5105a9 Return a Response from testing's dispatch_with. 2016-12-15 20:53:54 -08:00
Sergio Benitez 77cfed0d21 Fix minor README/comment typos. 2016-12-15 17:22:33 -08:00
Sergio Benitez 08f41816d1 Remove dependence from Hyper in Request/MockRequest. 2016-12-15 16:34:19 -08:00
Sergio Benitez a73a082153 New HeaderMap type for grouping Headers. 2016-12-15 12:37:17 -08:00
Sergio Benitez d3e2d829c7 Remove all Hyper* types in favor of hyper::*. 2016-12-15 09:24:29 -08:00
Sergio Benitez 0cc379b82f Parse and test params in ContentType. 2016-12-15 08:49:10 -08:00
Sergio Benitez 44f5f1998d New HTTP types: ContentType, Status. Responder/Handler/ErrorHandler changed. 
This is a complete rework of `Responder`s and of the http backend in
general. This gets Rocket one step closer to HTTP library independence,
enabling many future features such as transparent async I/O, automatic
HEAD request parsing, pre/post hooks, and more.

Summary of changes:

  * `Responder::response` no longer takes in `FreshHyperResponse`.
    Instead, it returns a new `Response` type.
  * The new `Response` type now encapsulates a full HTTP response. As a
    result, `Responder`s now return it.
  * The `Handler` type now returns an `Outcome` directly.
  * The `ErrorHandler` returns a `Result`. It can no longer forward,
    which made no sense previously.
  * `Stream` accepts a chunked size parameter.
  * `StatusCode` removed in favor of new `Status` type.
  * `ContentType` significantly modified.
  * New, lightweight `Header` type that plays nicely with `Response`.
 2016-12-15 00:47:31 -08:00
Sergio Benitez 5fca86c84f New version: 0.0.11. 2016-12-11 22:23:08 -08:00
Sergio Benitez 6bc0fa8871 Make note about implementing auto HEAD handling. 2016-12-11 21:20:30 -08:00
Sergio Benitez e6fa01607f Link to Stream in Responder docs. 2016-12-11 01:40:03 -08:00
Sergio Benitez 3dc82e2349 HTML escape < in Responder docs. 2016-12-10 17:58:52 -08:00
Sergio Benitez 4f89e232aa HTML escape < in FromParam docs. 2016-12-10 17:41:44 -08:00
Sergio Benitez 470dc7f63c Improve FromParam documentation. 2016-12-10 02:55:25 -08:00
Sergio Benitez a818976b08 Add example implementation for Responder. 2016-12-09 20:59:58 -08:00
Sergio Benitez d0136235d7 Remove with_status and StatusResponder in favor of status module. 2016-12-09 19:53:13 -08:00
Sergio Benitez a2e99985b0 Fix data buffer indexing bug. Add from_request example. 2016-11-21 00:45:44 -08:00
Sergio Benitez b38942ad00 Avoid double logger initialization by removing logger init in Rocket::custom. 2016-11-11 14:04:00 -08:00