profile
viewpoint

laumann/compiletest-rs 156

An extraction of the compiletest utility from the Rust compiler

SergioBenitez/cookie-rs 139

HTTP cookie parsing and cookie jar management for Rust.

SergioBenitez/homebrew-osxct 56

OS X Cross Compilers

SergioBenitez/Figment 15

A hierarchical configuration library so con-free, it's unreal.

SergioBenitez/Devise 4

Library for devising derives and other procedural macros.

SergioBenitez/hyper-sync-rustls 4

Like hyper-rustls, but for synchronous hyper.

SergioBenitez/bower-send 2

A simple multi-account mail sending script designed for Bower.

SergioBenitez/GoFS 2

A virtual file system written in Go.

SergioBenitez/native_versioning 2

An experiment for simple versioning of C, C++, and assembly symbols in Rust code.

alect/TaskSprint 1

Distributed computation system for performing both deterministic and non-deterministic computations.

PR closed SergioBenitez/Rocket

Implement FromRequest for IpAddr

which maps to request.client_ip()

Closes #1414

+20 -1

1 comment

1 changed file

Gerhut

pr closed time in an hour

pull request commentSergioBenitez/Rocket

Implement FromRequest for IpAddr

Merged in 0673986c3222a44cdf7779552ec184a0491af9c9. Thank you!

Gerhut

comment created time in an hour

PR closed SergioBenitez/Rocket

Added DerefMut impl to Form and LenientForm

I ran into a limitation with Form where I needed to modify the inner data, but the DerefMut implementation was missing. I have also added DerefMut to LenientForm for consistency.

+16 -4

3 comments

2 changed files

ThouCheese

pr closed time in an hour

pull request commentSergioBenitez/Rocket

Added DerefMut impl to Form and LenientForm

Merged in 080d586a356b7ffc3617b98ecbc57457f1d9acaa. Thank you!

ThouCheese

comment created time in an hour

PR closed SergioBenitez/Rocket

Add AVIF mime type

AVIF is a new image format by the Alliance for Open Media. Desktop Chrome supports it already per default, Firefox requires image.avif.enabled to be set to true.

The AVIF Mime type is defined in section 7 of the AVIF specification (linking to the current draft).

+2 -0

1 comment

1 changed file

est31

pr closed time in an hour

pull request commentSergioBenitez/Rocket

Add AVIF mime type

Merged in b18cd6460ef49ee2e7d940b718dca345741594f5. Thank you!

est31

comment created time in an hour

push eventSergioBenitez/Rocket

est31

commit sha b18cd6460ef49ee2e7d940b718dca345741594f5

Add AVIF (image/avif) as a known media type.

view details

ThouCheese

commit sha 080d586a356b7ffc3617b98ecbc57457f1d9acaa

Impl 'DerefMut' for 'Form', 'LenientForm'.

view details

George Cheng

commit sha 0673986c3222a44cdf7779552ec184a0491af9c9

Impl 'FromRequest' for 'IpAddr'. Closes #1414.

view details

Sergio Benitez

commit sha 4b4e918a70dfee49077f91b28a844473a615bb1b

Manage state, not 'lazy_static', in 'uuid' example.

view details

push time in an hour

issue closedSergioBenitez/Rocket

Add `FromRequest for IpAddr` which maps to `Request.client_ip()`

Feature Requests

Feature requests must include:

  1. Why you believe this feature is necessary.

The client_ip is pretty useful for logging or subnet filtering as long as the X-Real-IP is trusted, and it's very straight to user about mapping IpAddr to client_ip.

As we implemented, there are 2 addresses the server can get, remote: SocketAddr and client_ip: IpAddr, the former one already have a guard so I think provide another guard for the latter one looks good.

  1. A convincing use-case for this feature.

Display user's IP at the footer of the page.

  1. Why this feature can't or shouldn't exist outside of Rocket.

It's not possible to implement FromRequest for IpAddr outside of Rocket.

closed time in an hour

Gerhut

PR closed SergioBenitez/Rocket

replace lazy_static with serial_test

Hi, thanks for such a awesome project ! I sincerely appreciate your efforts for maintenance.

I found lazy_static is used just to run tests in serial. To do it, serial_test is better.

serial_test includes lazy_static as dependency, but serial_test can make codes cleaner.

+22 -52

1 comment

2 changed files

komi1230

pr closed time in an hour

pull request commentSergioBenitez/Rocket

replace lazy_static with serial_test

We no longer use lazy_static, instead using Figment's Jail. Thanks!

komi1230

comment created time in an hour

pull request commentSergioBenitez/Rocket

Implement Clone on State

@jontymorris Ping!

jontymorris

comment created time in an hour

push eventSergioBenitez/Rocket

Sergio Benitez

commit sha 730a2dcdbe2f4e0bd1348633c939f5f049acb374

Implement 'Serialize' for 'Flash'. Resolves #184.

view details

push time in 2 hours

issue closedSergioBenitez/Rocket

FlashMessage should implement Serialize

It would be convenient if FlashMessage implemented Serialize, so I could stick it in my context struct that I pass to a template.

closed time in 2 hours

lilyball

push eventSergioBenitez/Rocket

Sergio Benitez

commit sha 7337321efbf9b7663d1cb6ee261321f0b3766d1b

Take '&mut Data' in 'on_request' fairings. Resolves #1438.

view details

push time in 2 hours

issue closedSergioBenitez/Rocket

Peeking into data in on_request fairing

Hello, on master, Data::peek requires &mut self, so it's no longer possible to peek into it in on_request fairing.

I'm using it to extract CSRF token from POST data.

Any suggestions how to work around that? Or can we change the signature for on_request to make it &mut Data? At least until #775 is solved?

Thank you

closed time in 2 hours

mjanda

push eventSergioBenitez/Rocket

Sergio Benitez

commit sha 1fb061496d0234f84495723e6c95590064778785

Revamp configuration. This commit completely overhauls Rocket's configuration systems, basing it on the new Figment library. It includes many breaking changes pertaining to configuration. They are: * "Environments" are replaced by "profiles". * 'ROCKET_PROFILE' takes the place of 'ROCKET_ENV'. * Profile names are now arbitrary, but 'debug' and 'release' are given special treatment as default profiles for the debug and release compilation profiles. * A 'default' profile now sits along-side the meta 'global' profile. * The concept of "extras" is no longer present; users can extract any values they want from the configured 'Figment'. * The 'Poolable' trait takes an '&Config'. * The 'secrets' feature is disabled by default. * It is a hard error if 'secrets' is enabled under the 'release' profile and no 'secret_key' is configured. * 'ConfigBuilder' no longer exists: all fields of 'Config' are public with public constructors for each type. * 'keep_alive' is disabled with '0', not 'false' or 'off'. * Inlined error variants into the 'Error' structure. * 'LoggingLevel' is now 'LogLevel'. * Limits can now be specified in SI units: "1 MiB". The summary of other changes are: * The default config file can be configured with 'ROCKET_CONFIG'. * HTTP/1 and HTTP/2 keep-alive configuration is restored. * 'ctrlc' is now a recognized config option. * 'serde' is now a core dependency. * TLS misconfiguration errors are improved. * Several example use '_' as the return type of '#[launch]' fns. * 'AdHoc::config()' was added for simple config extraction. * Added more documentation for using 'Limits'. * Launch information is no longer treated specially. * The configuration guide was rewritten. Resolves #852. Resolves #209. Closes #1404. Closes #652.

view details

push time in 3 hours

issue closedSergioBenitez/Rocket

Shouln't https be on port 443?

I notice that no matter if a server is launched (ROCKET_ENV=prod) with or without TLS support, it i hosted on port 80. But shouldn't a https server default to port 443?

closed time in 3 hours

dedani

issue closedSergioBenitez/Rocket

Stabilizing TLS Support

rusttls recently recieved a formal security audit. The outcome of the audit seems pretty encouraging. Specifically:

Cure53 was unable to uncover any application-breaking security flaws. After spending thirty days on the scope in late May and early June of 2020, the team of auditors considered the general code quality to be exceptional and can attest to a solid impression left consistently by all scope items

At this point, would it make sense to remove some of the scary warnings regarding TLS support?

closed time in 3 hours

klnusbaum

issue closedSergioBenitez/Rocket

Launching multiple rockets on the same port does not report an error.

To begin with, thank you for this project! The documentation and introduction is fantastic.

I tried to start two processes of the hello world example and expected the second one to fail with some error like "Address already in use" but instead the second process reports success on the same hostname and port as the first process.

I looked through the code for rocket 0.2.0 and hyper 0.10.4 but did not find the problem. When instead trying std::net::TcpListener I do get the expected error.

closed time in 3 hours

anderejd

issue closedSergioBenitez/Rocket

Revamp Configuration

As per discussion on IRC, I think the config file handling should be revamped. The current three fixed environment system doesn't scale and if you need more you have to work around that limit. That's not nice. Also, the current extras aren't typed and are cumbersome to use.

Below are some general goals that a new system should fulfill.

Goals

  • [ ] Get rid of the current rigid enum Environment structure.
  • [ ] Allow the config to be provided via environment variables, a single config file, separate config files, or plain code.
  • [ ] Allow for default environments still but you should easily be able to define your own set of environments.
  • [ ] Allow for strongly typed user configs (instead of the current extras).

Considerations

  • Maybe use config-rs?

  • The current three environments fulfill the purposes of providing a bunch of defaults as well as safety checks. If we get rid of those rigid environments and if the environment are dynamic, it won't be possible to do this for a specific pre-defined environment anymore. Therefore, in order to keep a safety switch on by default, I propose we make everything safe by default. For local development (and perhaps tests and such) where we don't care about safe defaults, we can have a ROCKET_DEBUG env var. Since the configs are isomorphic, this will translate to config.debug in code.

  • Generally speaking, I don't think we should be talking about Rocket configuration but about app configuration and Rocket should then just be able to take what it needs from the app configuration.

    Currently the user is supposed to stuff all of their custom config into Rocket like it's a weird thing to have extra config. I think this is the wrong way around. Rather than that, there should some general app config and Rocket should just take from that whatever it needs (like port, address, etc). For instance, if we provided a TOML config file, we might have this in our new, Rocket-unspecific app.toml:

    [general]
    app_name = "hello"
    twitter_api_key = "something"
    
    [rocket]
    address = "0.0.0.0"
    port = 8080
    

    This illustration obviously glances over the problem with environments but it's how I imagine this to work. Likewise, if we're talking about environment variables, the above example would look like this:

    APP_NAME="hello"
    TWITTER_API_KEY="something"
    ROCKET_ADDRESS="0.0.0.0"
    ROCKET_PORT=8080
    
  • Provide sane default environments and stay compatible with the current solution by having rocket::ignite() do essentially the same thing as now but then also have rocket::ignite_with_config(???) which would allow for custom configuration. I'm not quite sure what to pass in there yet as I do not just want it to be a single file of some sort. Perhaps a HashMap as provided by config-rs?

Past discussions

This issue takes some inspiration from #145 and #317. There are also #290 and #677 which would be addressed by this.

closed time in 3 hours

svenstaro

delete branch SergioBenitez/Rocket

delete branch : config-revamp

delete time in 3 hours

issue closedSergioBenitez/Rocket

[Feature] ContentType helpers

Feature Requests

Currently on ContentType there are several helpers already provided, is_javascript, is_png etc.

Having an is_image and is_video would be useful as a way to group together png, gif,... etc

https://api.rocket.rs/rocket/http/struct.ContentType.html

closed time in 3 hours

alexbowers

issue commentSergioBenitez/Rocket

[Feature] ContentType helpers

I agree with @jebrosen that this is possible today without too much of a difficulty.

alexbowers

comment created time in 3 hours

push eventSergioBenitez/Rocket

Sergio Benitez

commit sha 7e89b285c0cd9fbc78226030b84ceaa5274b5250

Fix tests for Windows, secrets.

view details

push time in 4 hours

create barnchSergioBenitez/Rocket

branch : config-revamp

created branch time in 17 hours

push eventSergioBenitez/Figment

Sergio Benitez

commit sha ec0d4c19d38860111506c050b54a9222ad046a9f

Add 'Env::global()'.

view details

Sergio Benitez

commit sha b5f700bc6349feb0316ffc4eaa8f6456347fc4a4

New version: 0.9.2.

view details

push time in 18 hours

push eventSergioBenitez/cookie-rs

Sergio Benitez

commit sha 1c3ca838543b60a4448d279dc4b903cc7a2bc22a

Implement constant time 'PartialEq' for 'Key'.

view details

push time in 20 hours

push eventSergioBenitez/Figment

Sergio Benitez

commit sha eb327b05fc29d8c41552d7a6fa1b01ddb756767a

Keep unused 'magic' feature for backwards compatibility.

view details

push time in a day

issue commentSergioBenitez/Rocket

tokio = "0.3.0"

We need hyper to upgrade first. In general, we're aware of new releases and will upgrade as soon as possible.

incker

comment created time in 4 days

push eventSergioBenitez/Figment

Sergio Benitez

commit sha a8bd67171151617797bb6d301a2a017fae350884

Add 'Profile::const_new().' Remove 'magic' feature. The 'magic' values no longer use serde's 'derive'. Without the introduction of the derive dependencies, there is no need for a 'magic' feature, so the feature was removed.

view details

Sergio Benitez

commit sha 45193656ad41ec7d15270720891f193ec7513930

New version: 0.9.1.

view details

push time in 4 days

PullRequestReviewEvent

push eventSergioBenitez/Rocket

Sergio Benitez

commit sha 8da034ab835ef1d599cd146164dffda960275c06

Update 'devise'.

view details

push time in 6 days

push eventSergioBenitez/Rocket

Sergio Benitez

commit sha 5615767ca6c5b3357f691ccd65622470fc0185a5

Add proper 'cfg' to 'get_private_pending()'.

view details

push time in 6 days

push eventSergioBenitez/Devise

Sergio Benitez

commit sha 3648468a9ede9ca896cd35bc1eb818c7a9fb3047

Use released 'proc-macro2-diagnostics'. Also don't depend on 'rocket' in examples.

view details

push time in 6 days

push eventSergioBenitez/Rocket

Sergio Benitez

commit sha 5d9035ddc1346c43ae1b1038500e548ef46d61d4

Keep an op-log for sync 'CookieJar'. In brief, this commit: * Updates to the latest upstream 'cookie', fixing a memory leak. * Make changes to 'CookieJar' observable only through 'pending()'. * Deprecates 'Client::new()' in favor of 'Client::tracked()'. * Makes 'dispatch()' on tracked 'Client's synchronize on cookies. * Makes 'Client::untracked()' actually untracked. This commit updates to the latest 'cookie' which removes support for 'Sync' cookie jars. Instead of relying on 'cookie', this commit implements an op-log based 'CookieJar' which internally keeps track of changes. The API is such that changes are only observable through specialized '_pending()' methods.

view details

Sergio Benitez

commit sha 079e458b62c471aac07fc6c554b301dbd85531a6

Add (un)tracked 'Client' integration tests.

view details

Sergio Benitez

commit sha 5cf249581f5bbedf2f9382d892aa21980716d6f0

Add 'const' constructor for 'MediaType'.

view details

push time in 6 days

push eventSergioBenitez/rust-smallvec

Pratyush Mishra

commit sha 47d33b170cac9b20d45107d8374f0441293ca143

Add no_std support

view details

bors-servo

commit sha b7f5fe5931499729f4bf37f1b981ac25d4fb55c1

Auto merge of #49 - Pratyush:master, r=mbrubeck Add no_std support This library can easily support `no_std` code on `nightly`; it does require the `collections` feature, however. This PR adds support for this feature by enabling a on-by-default `std` feature. This feature can be turned off to support `no_std` mode. <!-- Reviewable:start --> --- This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/rust-smallvec/49) <!-- Reviewable:end -->

view details

Thomas Heck

commit sha e96793e571a84a0e98656c2cf1361c324f29bd3b

impl std::io::Write for SmallVec

view details

bors-servo

commit sha 062733901d775fcb481381151ed29b072945e199

Auto merge of #52 - chpio:master, r=mbrubeck impl std::io::Write for SmallVec <!-- Reviewable:start --> This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/rust-smallvec/52) <!-- Reviewable:end -->

view details

Vurich

commit sha 226730c3ead276342f7a5d68c13b01296ed624ee

Add ExtendFromSlice trait

view details

bors-servo

commit sha 2549c2a946243f4a6ccbb606c2cf434ad9a39b01

Auto merge of #54 - Vurich:master, r=mbrubeck Add ExtendFromSlice trait At Parity we tried to switch from our internal `elastic-array` crate (which has soundness and ergonomics issues) to `smallvec` but the PR that attempted this replaced `extend_from_slice` calls with `push` loops (which are much slower). We could fix this internally, but the discussion around it made me wonder if this would be something that could be useful upstream. <!-- Reviewable:start --> --- This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/rust-smallvec/54) <!-- Reviewable:end -->

view details

Matt Brubeck

commit sha 498d0f1354af8c32fa15f955199dbac8b51fc4e3

Use liballoc instead of libcollections in no_std mode libcollections was deprecated in rust-lang/rust#42648 and its contents were moved to liballoc.

view details

Matt Brubeck

commit sha 47cbda7705fbcb0273e31af605896b7af22aa1c3

Make tests work without libstd

view details

Matt Brubeck

commit sha ae5b61591ce8ef65e1ba347790d9d9826606dc3f

Point to docs.rs for documentation (because Servo isn't always using the latest version of this crate)

view details

Matt Brubeck

commit sha f747b48e3a245631a068c0e69b360b5672f1ed90

Document no_std support

view details

Matt Brubeck

commit sha bf9ac18e48696ee7e967fd77a3ebff5f08db2d34

Release version 0.4.1 New features: * `no_std` support (#49). * `SmallVec<[u8; N]>` implements the `Write` trait (#52). * Add an `ExtendFromSlice` trait for both `Vec` and `SmallVec` (#54).

view details

bors-servo

commit sha 7bda53289845583c0db4518c18ec19989b1a108a

Auto merge of #53 - mbrubeck:no_std, r=emilio Document and test no_std support This builds on the new "std" Cargo feature added in #49. <!-- Reviewable:start --> --- This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/rust-smallvec/53) <!-- Reviewable:end -->

view details

Vurich

commit sha 534532dfe9fd713b96b84b62dd83394ad2584944

Add from_buf method

view details

bors-servo

commit sha ecc90078f4523a9cb30ec95e3c1f211b67da6416

Auto merge of #56 - Vurich:master, r=jdm Add from_buf method If you have an `A` on the stack already this allows you to create a `SmallVec<A>` with zero copying. <!-- Reviewable:start --> --- This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/rust-smallvec/56) <!-- Reviewable:end -->

view details

Jacob Kiesel

commit sha 99c02d25bded9b5defb96220785e042d3e9ef738

Add serde support

view details

Jacob Kiesel

commit sha d2998612979a13b101881bc90052918199382adc

Make travis test with all features enabled

view details

Jacob Kiesel

commit sha 40cfbb4772f13c0f7a1a9e8a650f14906e7bdddc

Change serde_support to serde

view details

bors-servo

commit sha e162ecc948c7be3644a4626e127024e9731e5718

Auto merge of #57 - Xaeroxe:serde, r=mbrubeck Add serde support Things done in this PR: - Add optional serde dependency - Add Serialize and Deserialize implementations to SmallVec - Add test_serde to verify functionality. <!-- Reviewable:start --> --- This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/rust-smallvec/57) <!-- Reviewable:end -->

view details

Matt Brubeck

commit sha 03d53408ef0a42033aabf39fd246da433256d05e

Release version 0.4.2. * Add `SmallVec::from_buf` constructor (#56). * Add optional `serde` (de-)serialization support (#57).

view details

bors-servo

commit sha a39aaea191fa6371074efd40835529738c071110

Auto merge of #58 - mbrubeck:bump, r=jdm Release version 0.4.2. * Add `SmallVec::from_buf` constructor (#56). * Add optional `serde` (de-)serialization support (#57). <!-- Reviewable:start --> --- This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/rust-smallvec/58) <!-- Reviewable:end -->

view details

push time in 6 days

issue closedSergioBenitez/cookie-rs

Is it possible to encrypt cookies without using a jar?

I don't think I need to store cookies. I guess the jar is useful to revoke cookies.

In my case I think I would just prefer not storing them and rotate the key from time to time.

Is this possible?

closed time in 6 days

bbigras

issue commentSergioBenitez/cookie-rs

Is it possible to encrypt cookies without using a jar?

Closing due to inactivity. Still happy to accept a PR.

bbigras

comment created time in 6 days

issue closedSergioBenitez/cookie-rs

How to iterate over cookies of SignedJar?

The SignedJar doesn't have iteration methods. How to iterate over cookies in this case?

closed time in 6 days

XX

issue commentSergioBenitez/cookie-rs

How to iterate over cookies of SignedJar?

In master, you can now do:

// assuming `parent` is the parent cookie jar:
for cookie in parent.iter().filter_map(|c| SignedJar::verify(c.clone()).ok()) { .. }
XX

comment created time in 6 days

push eventSergioBenitez/cookie-rs

Sergio Benitez

commit sha 96759448004cc9bdb76a58cfacee815da5617f8b

Split child jars by mutability. Add 'Cookie::make_removal()'. This commit splits the 'CookieJar::private()' method into 'CookieJar::private()' and 'CookieJar::private_mut()', allowing for immutable-only access to child jars.

view details

push time in 7 days

push eventSergioBenitez/cookie-rs

Sergio Benitez

commit sha e009dfa2fb50aa8a9ce35acc3dbb156e29a3f605

Add 'SignedJar::verify()' and 'PrivateJar::decrypt()'.

view details

push time in 7 days

PR closed SergioBenitez/cookie-rs

Allow filling CookieJars from a Cookie header string

I needed this ability so that I could use this library with Hyper. Contemporary Hyper has no cookie parsing logic, so the ability to parse a &str into a CookieJar is very helpful for making stateful manipulations of cookies. Since this is only useful for a &str with a lifetime that isn't 'static, I needed CookieJars to be able to hold Cookies with lifetimes that aren't 'static, hence the sweeping addition of lifetimes to those structs. (thank you very much for the no-allocation parsing!)

The actual method is at src/jar.rs:126.

I did not bump the version, as I'm not quite sure how this interacts with semver requirements; I didn't have to modify anything in the test suite, but I can see how the addition of lifetime parameters might be a breaking change (e.g. if a SignedJar was a struct field).

Feel free to mention any tasks I can do to help merge this! I'm still fairly new to Rust so let me know if there's anything to improve.

+101 -47

3 comments

4 changed files

groomble

pr closed time in 7 days

pull request commentSergioBenitez/cookie-rs

Allow filling CookieJars from a Cookie header string

Closing due to inactivity.

groomble

comment created time in 7 days

pull request commentSergioBenitez/cookie-rs

Create parse_string method that returns an iterator over cookies

@SergioBenitez is this something you would think about adding to Cookie?

Yes. However, this seems much more complicated than it need be. Why not something like:

raw_str.split(';')
    .map(|s| s.trim())
    .filter(|s| !s.is_empty())
    .map(Cookie::parse) // or `parse_encoded`

What's more, if we implement FromIterator for CookieJar (likely calling add_original), we recover the original intent in #137 with a much more flexible solution:

let jar: Result<CookieJar, _> = CookieJar::split(foo).collect();

In terms of method names, I think maybe split()/split_encoded() or parse()/parse_encoded() would be preferred; or perhaps three: split()/parse()/parse_encoded(), where split() does everything except call Cookie::parse.

rsnakard-r7

comment created time in 7 days

pull request commentSergioBenitez/cookie-rs

SignedJar: add key-rotatable version

I quite like the idea - it's something I'd been desiring for some time.

My take is that rotation should be a feature of the Key structure, not of individual child jars. This likely means that Key becomes an enum, or that we create two ~Key structures that implement a unifying trait. It would be nice to have a shift() method on RotatingKey (or whatever you want to call it) that pushes in a new key; it would also be nice if you could set a maximum number of keys that RotatingKey kept around.

The trait approach would be quite nice as it would allow the jars to be totally unaware of where the key material is coming from or whether rotation is occurring. The trait/impls might look like:

trait Key {
    fn from(key: &[u8]) -> Self;
    fn derive_from(material: &[u8]) -> Self;
    fn try_generate() -> Option<Key>;
    fn generate() -> Option<Key> {
        Self::try_generate().expect("failed to generate key")
    }

    fn signing(&self) -> &[u8];
    fn encryption(&self) -> &[u8];
    fn master(&self) -> &[u8];
}

struct StaticKey { .. }
impl Key for StaticKey { .. }

struct RotatingKey { .. }
impl Key for RotatingKey { .. }

I think it would then make sense for the child jars to keep around a dynamic trait object:

struct PrivateJar<'k, 'j> {
    key: &'k dyn Key,
    jar: &'j CookieJar<'static>
}
Fishrock123

comment created time in 7 days

PR closed SergioBenitez/cookie-rs

Add domain to hash function of DeltaCookie

Since cookies were hashed by their names, cookies with the same name but different domains were getting overwritten. If the cookie has a domain, we should use it to create a hash, or is there some reason not to?

Thanks!

+3 -0

2 comments

1 changed file

saskenuba

pr closed time in 7 days

pull request commentSergioBenitez/cookie-rs

Add domain to hash function of DeltaCookie

Closing due to inactivity.

saskenuba

comment created time in 7 days

pull request commentSergioBenitez/cookie-rs

Bump base64 to 0.13

Merged in f3508789e2c045e952af720c1d6f2a434ebda644. Thank you!

paolobarbolini

comment created time in 7 days

PR closed SergioBenitez/cookie-rs

update `aes-gcm` to `v0.7.0`

This removes a duplicate dependency on opaque-debug.

$ cargo tree -d --all-features
opaque-debug v0.2.3
└── aes-soft v0.4.0
    └── aes v0.4.0
        └── aes-gcm v0.6.0
            └── cookie v0.15.0-dev 

opaque-debug v0.3.0
└── sha2 v0.9.1
    └── cookie v0.15.0-dev
+1 -1

1 comment

1 changed file

peddermaster2

pr closed time in 7 days

pull request commentSergioBenitez/cookie-rs

update `aes-gcm` to `v0.7.0`

Merged in fdc60d17a0c2b7272a2948488624b6432ac6f120. Thank you!

peddermaster2

comment created time in 7 days

push eventSergioBenitez/cookie-rs

Peter Wischer

commit sha fdc60d17a0c2b7272a2948488624b6432ac6f120

Update 'aes-gcm' to '0.7.0'.

view details

Paolo Barbolini

commit sha f3508789e2c045e952af720c1d6f2a434ebda644

Update 'base64' to '0.13'.

view details

push time in 7 days

issue commentSergioBenitez/cookie-rs

Avoid polluting signed cookies

I think an additional child jar, or perhaps a setting on the existing Signed jar, that enables this functionality would be great.

Fishrock123

comment created time in 7 days

issue closedSergioBenitez/cookie-rs

Use a >= dependency for *ring*

This will help ensure that breakages due to ring changes are quickly found so they can be corrected.

closed time in 7 days

DemiMarie

issue commentSergioBenitez/cookie-rs

Use a >= dependency for *ring*

As of 0.14, cookie no longer depends on ring.

DemiMarie

comment created time in 7 days

push eventSergioBenitez/cookie-rs

Sergio Benitez

commit sha 13b0894b7cb6b1a166ca69a569999e4f1cc5906f

Switch to GitHub Actions for CI.

view details

push time in 7 days

push eventSergioBenitez/cookie-rs

Sergio Benitez

commit sha c045b44a14c5032d91f052fce9aaabc628bebc03

Revert "Make 'CookieJar' thread-safe." This reverts commit 0d379c038dd4cea5266a31fbe40b4557bd05f9bb.

view details

Sergio Benitez

commit sha 610da3e1764f89391985bcfb68deb81e5902373c

Switch to GitHub Actions for CI.

view details

push time in 7 days

push eventSergioBenitez/Rocket

Sergio Benitez

commit sha 092e03f7207941f9585db4a2d04dbc08c731e5db

Generate a proxy structure for better namespacing. Prior to this commit, it was impossible to 'use' a route from a separate namespace for use in a 'routes!' macro. Naturally, this was a common source of confusion amongst users. This commit obviates this deficiency by generating a "proxy" structure that can be imported and converted into a 'Route'/'Catcher' or their static variants. This change is largely backwards compatible but can break existing code when routes are named identically to other types in the namespace.

view details

Sergio Benitez

commit sha 2f330d2967a5396d218c9a4c09cf2225e9ee86fe

Allow return type of '#[launch]' fn to be elided.

view details

push time in 8 days

push eventSergioBenitez/Figment

Sergio Benitez

commit sha 25f581245abc5f0221fad81a01bfa819ca03cc11

Install 'coreutils' on macOS. Add '.gitattributes'.

view details

push time in 8 days

push eventSergioBenitez/Figment

Sergio Benitez

commit sha 6886e0385748ba90aaa3051b37f2f1584aea56f7

Install 'coreutils' on macOS CI.

view details

push time in 8 days

push eventSergioBenitez/Figment

Sergio Benitez

commit sha 0f1e59db84d62c1870af2f0f4aa2cab4040c543c

Remove spurious wording in README.

view details

Sergio Benitez

commit sha c470db9ba83c53f45ebe93aba4c9035e1818b805

Running testing script in CI.

view details

Sergio Benitez

commit sha fa6a5c0ee5a2fc261258b4c287f21857aa15ae0f

Add 'html_root_url' doc attribute.

view details

Sergio Benitez

commit sha 95ed1ce55842a476f741adbed04d85eb4b1b3018

Track profiles via 'Tag'. New version: 0.9.0.

view details

push time in 8 days

created tagSergioBenitez/Figment

tagv0.8.1

A hierarchical configuration library so con-free, it's unreal.

created time in 11 days

push eventSergioBenitez/Figment

Sergio Benitez

commit sha 60eca236f43ee98675990b2b4b82b553abedf458

New version: 0.8.1.

view details

push time in 11 days

push eventSergioBenitez/Figment

Sergio Benitez

commit sha 9862ec749af61fafb815093df741222541beed58

Build docs with all features enabled.

view details

push time in 11 days

push eventSergioBenitez/Figment

Sergio Benitez

commit sha 28320e2b4b1563da8af04972b04d384c682ffd2b

Add Cargo metadata.

view details

push time in 11 days

delete tag SergioBenitez/Figment

delete tag : v0.8

delete time in 11 days

created tagSergioBenitez/Figment

tagv0.8.0

A hierarchical configuration library so con-free, it's unreal.

created time in 11 days

created tagSergioBenitez/Figment

tagv0.8

A hierarchical configuration library so con-free, it's unreal.

created time in 11 days

push eventSergioBenitez/Figment

Sergio Benitez

commit sha 0bece9e8a8ba56b9419aa08f3e74c59dd56c75c2

Initial commit: Figment.

view details

push time in 11 days

push eventSergioBenitez/Figment

Sergio Benitez

commit sha ee61e6f0f2d82e14198c716c3514fad5a904f00c

Initial commit: Figment.

view details

push time in 11 days

push eventSergioBenitez/Figment

Sergio Benitez

commit sha 1a38c075f1e6b5fb5c028c31a43585a6e0a31e76

Initial commit: Figment.

view details

push time in 11 days

push eventSergioBenitez/Figment

Sergio Benitez

commit sha 8fb1d37ac85efe6e20a9107490578613604fd637

Fix tests for Windows.

view details

push time in 11 days

push eventSergioBenitez/Figment

Sergio Benitez

commit sha 9770afa7feab88498f92c20756f66bcc3c67442d

Initial commit: Figment.

view details

push time in 11 days

push eventSergioBenitez/Figment

Sergio Benitez

commit sha d4cab95780d70a4dd739e9da261d383825d96b56

Test with all features enabled.

view details

push time in 11 days

create barnchSergioBenitez/Figment

branch : master

created branch time in 11 days

created repositorySergioBenitez/Figment

A hierarchical configuration library so con-free, it's unreal.

created time in 11 days

created tagSergioBenitez/Pear

tagv0.2.0

A pear is a fruit.

created time in 11 days

push eventSergioBenitez/Pear

Sergio Benitez

commit sha 2466ca7f7925ee64f5d4a159a8f4de03491f3590

Bump to 0.2.0.

view details

push time in 11 days

push eventSergioBenitez/Pear

Sergio Benitez

commit sha 2ed3aa4f5501407af5351b92c1616db6c4c63a38

Add 'succeeds' combinator.

view details

Sergio Benitez

commit sha 83c433abf5fde48afd4d8344d8e9b13830830b38

Bring back HTTP example.

view details

push time in 11 days

push eventSergioBenitez/proc-macro2-diagnostics

Sergio Benitez

commit sha 10fb10d098623d4d93f1cde371f423552cdf65ef

Set version as 0.9.

view details

push time in 11 days

push eventSergioBenitez/proc-macro2-diagnostics

Sergio Benitez

commit sha 48def38348c985416ec18eb1773e4bc1348bb865

Add docs and CI.

view details

push time in 11 days

push eventSergioBenitez/proc-macro2-diagnostics

Sergio Benitez

commit sha 427cf9bf169314d8a0060552322a989782fd17b4

Add docs and CI.

view details

push time in 11 days

push eventSergioBenitez/proc-macro2-diagnostics

Sergio Benitez

commit sha 258b9b9ca94ade47e7685cac39bfaf5a36e96a24

Add docs and CI.

view details

push time in 11 days

push eventSergioBenitez/proc-macro2-diagnostics

Sergio Benitez

commit sha 08b802e0a8751828ab789f5f1cb29c44a681c1e8

Improve colors on stable.

view details

Sergio Benitez

commit sha b1e6cfab0b01652cbd96a272987515f6ce5995c7

Fix up license files.

view details

push time in 11 days

push eventSergioBenitez/proc-macro2-diagnostics

Sergio Benitez

commit sha f80525e9b3c1e2bad493ddf058abf613504dd7aa

Improve colors on stable.

view details

push time in 11 days

created tagSergioBenitez/uncased

tag0.9.3

Case-preserving, ASCII case-insensitive `no_std` string types for Rust.

created time in 11 days

push eventSergioBenitez/uncased

Sergio Benitez

commit sha 14f24b9099a6c56e38f48d12a88487356836c59a

New version: 0.9.3.

view details

push time in 11 days

push eventSergioBenitez/uncased

Sergio Benitez

commit sha c6ce5d4f2ae189ce0d42955afd8be426e9b25aff

Add 'len()', 'starts_with()', and 'into_owned()' methods.

view details

push time in 11 days

pull request commentSergioBenitez/Rocket

Implement Clone on State

Will the derive generate the implementation we want (a copy) without adding a T: Clone bounds? We should add a test to confirm; we should be able to clone a State<T> for any T.

jontymorris

comment created time in 19 days

pull request commentSergioBenitez/Rocket

SSE for Rocket 0.4.x

Should I do a null rebase and re-force-push to retry the failing CI tests?

Please do!

ijackson

comment created time in 20 days

pull request commentxacrimon/dashmap

V4

@xacrimon Where, perhaps a branch or a tag or something else, is the current source code for v4? I've identified a memory leak in the latest published versions and I'd like to help track it down.

xacrimon

comment created time in 20 days

issue closedSergioBenitez/Rocket

Cargo Audit Dependencies

Rocket seems to be using outdated dependencies. This leads to two "security" problems found by cargo-audit:

$ cargo audit
[...]
warning: 1 warning found

Crate:  block-cipher-trait
Title:  crate has been renamed to `block-cipher`
Date:   2020-05-26
URL:    https://rustsec.org/advisories/RUSTSEC-2020-0018
Dependency tree: 
block-cipher-trait 0.6.2
├── aesni 0.6.0
│   └── aes 0.3.2
│       └── aes-gcm 0.5.0
│           └── cookie 0.11.3
│               └── rocket_http 0.4.5
│                   ├── rocket_codegen 0.4.5
│                   │   └── rocket 0.4.5
│                   │       ├── rocket_contrib 0.4.5
│                   │       │   └── my-lovely-crate x.x.x
│                   │       └── my-lovely-crate x.x.x
│                   └── rocket 0.4.5
├── aes-soft 0.3.3
│   └── aes 0.3.2
├── aes-gcm 0.5.0
└── aes 0.3.2

Crate:  net2
Title:  `net2` crate has been deprecated; use `socket2` instead
Date:   2020-05-01
URL:    https://rustsec.org/advisories/RUSTSEC-2020-0016
Dependency tree: 
net2 0.2.35
├── miow 0.2.1
│   └── mio 0.6.22
│       ├── notify 4.0.15
│       │   └── rocket_contrib 0.4.5
│       │       └── my-lovely-crate x.x.x
│       └── mio-extras 2.0.6
│           └── notify 4.0.15
└── mio 0.6.22

warning: 1 warning found!

However, the new versions do not only change patch level, but may contain breaking changes. Maybe some kind of CI check would be helpful, e.g. using cargo-audit or even cargo-deny.

Rocket version: 0.4.5 (latest as of writing) OS: Linux

closed time in 20 days

Turakar

issue commentSergioBenitez/Rocket

Cargo Audit Dependencies

net2 is a dependency of mio which itself is a dependency of tokio; there is nothing we can do to remove our transitive dependency outside of not depending on hyper or tokio. As such, I'm closing this issue. I would suggest raising this issue in the appropriate issue tracker, mio's.

Turakar

comment created time in 20 days

created tagSergioBenitez/uncased

tag0.9.2

Case-preserving, ASCII case-insensitive `no_std` string types for Rust.

created time in a month

push eventSergioBenitez/uncased

Sergio Benitez

commit sha df93dcf4d4cb361517407ab7777a405ab9962564

Add slice indexing operations.

view details

Sergio Benitez

commit sha 94b69e2eeac70455ae5557afe3d2cb470915caa2

New version: 0.9.2.

view details

push time in a month

pull request commentSergioBenitez/Rocket

Refector TLS implementation

Your changes looks good. How about your commit yours first? I can work on this next step. This PR can be rebase after your change then. I like the idea to completely move TLS out. I can try to play with it.

See my reply on Matrix:

howard0su: I would take those changes and build on top of them. When I do push them, you'll be able to rebase more easily.

howard0su

comment created time in a month

pull request commentSergioBenitez/Rocket

Refector TLS implementation

oh, one thing worth noting, openssl take PATH as the cert parameter.

It can also take structures, just like rustls. The parses are provided as well. See https://docs.rs/openssl/0.10.30/openssl/ssl/struct.SslConnectorBuilder.html.

howard0su

comment created time in a month

issue closedSergioBenitez/Rocket

How do I pass a mysql connection to endpoint controller?

Hi. Learning Rust and trying to create a simple application with Rocket - basically call an endpoint(/orgs) that fetches a bunch of records in a MySQL database. Pretty basic stuff, but I can't seem to make it work together. I'm coming from programming in Go mostly.

Heres's my current code, pretty stuck at the moment:

#![feature(decl_macro)]
#[macro_use] extern crate rocket;
#[macro_use] extern crate rocket_contrib;

use serde::Serialize;
use rocket_contrib::json::Json;

#[macro_use]
extern crate mysql;
use mysql as my;
use mysql::Pool;
use mysql::consts::ColumnType::MYSQL_TYPE_DATE;
use mysql::prelude::Queryable;

#[get("/orgs")]
fn get_orgs(conn: MyDb) -> Json<Vec<Org>> {
    // I need to have the db connection here to pass it to get_all.
    let o = match Org::get_all() {
        Ok(o) => o,
        Err(e) => panic!(e),
    };

    Json(o)
}


#[derive(Serialize)]
pub struct Org {
    pub id: Option<i32>,
    pub name: String,
}

fn main() {
    let url = "mysql://root:mysql@(localhost:33061)/rustdb";
    let pool = Pool::new(url)?;
    let mut conn = pool.get_conn();
    // I need to pass "conn" around, first to get_orgs, then to Org::get_all.
    rocket::ignite()
        .mount("/", routes![get_orgs])
        .launch();
}

impl Org {
    fn get_all(mut conn: mysql::Conn) -> Result<Vec<Org>, Err> {
        let all_orgs = conn
            .query_map(
                "SELECT id, name from organization",
                |(id, name)| {
                    Org { id, name }
                },
            )?;

        return match all_orgs() {
            Ok(all_orgs) => all_orgs,
            Err(e) => e,
        };
    }
}

So, when using #[get("/orgs")] it probably does a bunch of code generation(assumption on my side - again, I'm new!). Googling around, I found this: https://rocket.rs/v0.4/guide/state/#databases - which looks correct. I just cannot for the life of me figure out a working example to connect to my local mysql instance.

Here are my dependencies:

[dependencies]
rocket = "0.4.2"
rocket_codegen = "0.4.2"
rocket_contrib = "0.4.2"
serde = {version = "1.0", features = ["derive"]}
serde_json = {version = "1.0"}
mysql = "*"

I looked in the 0.4 tag of the repository and went to examples. I think this is a widely popular use-case. Would it perhaps be an idea to make an example of how to set up an endpoint with a database connection parsed into it, be that via postgres or mysql? Would be awesome, I'm sure a lot - especially myself - would appreciate it!

closed time in a month

ChristianLindLarsen
more