1
0
mirror of https://github.com/actix/actix-extras.git synced 2025-01-22 14:55:56 +01:00

rename private-network-access feature (#320)

* update CI with concurrency options

* cors: rename private-network => local-network

* modernize CI

* clippy

* run api diff job on all features
This commit is contained in:
Rob Ede 2023-04-09 19:35:30 +01:00 committed by GitHub
parent 8729f60f79
commit 111d95eaea
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 163 additions and 166 deletions

View File

@ -1,8 +1,14 @@
name: CI (post-merge)
on:
push:
branches: [master]
push: { branches: [master] }
permissions:
contents: read # to fetch code (actions/checkout)
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
build_and_test_linux_nightly:
@ -27,39 +33,26 @@ jobs:
steps:
- uses: actions/checkout@v3
- name: Install ${{ matrix.version }}
uses: actions-rs/toolchain@v1
- name: Install Rust (${{ matrix.version }})
uses: actions-rust-lang/setup-rust-toolchain@v1
with:
toolchain: ${{ matrix.version }}-${{ matrix.target.triple }}
profile: minimal
override: true
toolchain: ${{ matrix.version }}
- name: Install cargo-hack
uses: taiki-e/install-action@cargo-hack
- name: Generate Cargo.lock
uses: actions-rs/cargo@v1
with:
command: generate-lockfile
- name: Cache Dependencies
uses: Swatinem/rust-cache@v2.1.0
- uses: taiki-e/cache-cargo-install-action@v1
with: { tool: cargo-hack }
- name: check minimal
uses: actions-rs/cargo@v1
with: { command: ci-min }
run: cargo ci-min
- name: check minimal + examples
uses: actions-rs/cargo@v1
with: { command: ci-check-min-examples }
run: cargo ci-check-min-examples
- name: check default
uses: actions-rs/cargo@v1
with: { command: ci-check }
run: cargo ci-check
- name: tests
uses: actions-rs/cargo@v1
timeout-minutes: 40
with: { command: ci-test }
run: cargo ci-test
- name: Clear the cargo caches
run: |
@ -86,18 +79,13 @@ jobs:
steps:
- uses: actions/checkout@v3
- name: Install ${{ matrix.version }}
run: |
rustup install ${{ matrix.version }}-${{ matrix.target.triple }}
rustup override set ${{ matrix.version }}-${{ matrix.target.triple }}
- name: Install Rust (${{ matrix.version }})
uses: actions-rust-lang/setup-rust-toolchain@v1
with:
toolchain: ${{ matrix.version }}
- name: Install cargo-hack
uses: taiki-e/install-action@cargo-hack
- name: Generate Cargo.lock
run: cargo generate-lockfile
- name: Cache Dependencies
uses: Swatinem/rust-cache@v2.1.0
- uses: taiki-e/cache-cargo-install-action@v1
with: { tool: cargo-hack }
- name: check minimal
run: cargo ci-min

View File

@ -1,10 +1,15 @@
name: CI
on:
pull_request:
types: [opened, synchronize, reopened]
push:
branches: [master]
pull_request: {}
push: { branches: [master] }
permissions:
contents: read # to fetch code (actions/checkout)
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
build_and_test_linux:
@ -35,33 +40,18 @@ jobs:
steps:
- uses: actions/checkout@v3
- name: Install ${{ matrix.version }}
run: |
rustup install ${{ matrix.version }}-${{ matrix.target.triple }}
rustup override set ${{ matrix.version }}-${{ matrix.target.triple }}
- name: Install Rust (${{ matrix.version }})
uses: actions-rust-lang/setup-rust-toolchain@v1
with:
toolchain: ${{ matrix.version }}
- name: Install cargo-hack
uses: taiki-e/install-action@cargo-hack
- uses: taiki-e/cache-cargo-install-action@v1
with: { tool: cargo-hack }
- name: workaround MSRV issues
if: matrix.version != 'stable'
run: |
cargo install cargo-edit --version=0.8.0
cargo add env_logger@0.9 --dev -p=actix-cors
cargo add env_logger@0.9 --dev -p=actix-identity
cargo add env_logger@0.9 --dev -p=actix-redis
cargo add env_logger@0.9 --dev -p=actix-session
cargo add env_logger@0.9 --dev -p=actix-settings
- name: Generate Cargo.lock
run: cargo generate-lockfile
- name: Cache Dependencies
uses: Swatinem/rust-cache@v2.1.0
- name: workaround MSRV issues
if: matrix.version != 'stable'
run: |
cargo update -p=time --precise=0.3.13
cargo update -p=time:0.3.20 --precise=0.3.16
- name: check minimal
run: cargo ci-min
@ -102,33 +92,21 @@ jobs:
steps:
- uses: actions/checkout@v3
- name: Install ${{ matrix.version }}
run: |
rustup install ${{ matrix.version }}-${{ matrix.target.triple }}
rustup override set ${{ matrix.version }}-${{ matrix.target.triple }}
- name: Install Rust (${{ matrix.version }})
uses: actions-rust-lang/setup-rust-toolchain@v1
with:
toolchain: ${{ matrix.version }}
- name: Install cargo-hack
uses: taiki-e/install-action@cargo-hack
- uses: taiki-e/cache-cargo-install-action@v1
with: { tool: cargo-hack }
- uses: taiki-e/cache-cargo-install-action@v1
with: { tool: cargo-hack }
- name: workaround MSRV issues
if: matrix.version != 'stable'
run: |
cargo install cargo-edit --version=0.8.0
cargo add env_logger@0.9 --dev -p=actix-cors
cargo add env_logger@0.9 --dev -p=actix-identity
cargo add env_logger@0.9 --dev -p=actix-redis
cargo add env_logger@0.9 --dev -p=actix-session
cargo add env_logger@0.9 --dev -p=actix-settings
- name: Generate Cargo.lock
run: cargo generate-lockfile
- name: Cache Dependencies
uses: Swatinem/rust-cache@v2.1.0
- name: workaround MSRV issues
if: matrix.version != 'stable'
run: |
cargo update -p=time --precise=0.3.13
cargo update -p=time:0.3.20 --precise=0.3.16
- name: check minimal
run: cargo ci-min
@ -155,14 +133,8 @@ jobs:
- uses: actions/checkout@v3
- name: Install Rust (nightly)
run: |
rustup install nightly
rustup override set nightly
- name: Generate Cargo.lock
run: cargo generate-lockfile
- name: Cache Dependencies
uses: Swatinem/rust-cache@v2.1.0
uses: actions-rust-lang/setup-rust-toolchain@v1
with: { toolchain: nightly }
- name: doc tests
timeout-minutes: 40

View File

@ -3,8 +3,14 @@
name: Coverage
on:
push:
branches: [master]
push: { branches: [master] }
permissions:
contents: read # to fetch code (actions/checkout)
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
coverage:

View File

@ -1,8 +1,13 @@
name: Lint
on:
pull_request:
types: [opened, synchronize, reopened]
on: [pull_request]
permissions:
contents: read # to fetch code (actions/checkout)
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
fmt:
@ -10,11 +15,12 @@ jobs:
steps:
- uses: actions/checkout@v3
- name: Install Rust
run: |
rustup override set nightly
rustup update nightly
rustup component add rustfmt
- name: Install Rust (nightly)
uses: actions-rust-lang/setup-rust-toolchain@v1
with:
toolchain: nightly
components: rustfmt
- name: Check with rustfmt
run: cargo fmt --all -- --check
@ -24,9 +30,31 @@ jobs:
- uses: actions/checkout@v3
- name: Install Rust
run: |
rustup override set stable
rustup update stable
rustup component add rustfmt
uses: actions-rust-lang/setup-rust-toolchain@v1
with: { components: clippy }
- name: Check with Clippy
run: cargo clippy --workspace --tests --all-features
public-api-diff:
runs-on: ubuntu-latest
steps:
- name: checkout ${{ github.base_ref }}
uses: actions/checkout@v3
with:
ref: ${{ github.base_ref }}
- name: checkout ${{ github.head_ref }}
uses: actions/checkout@v3
- uses: actions-rust-lang/setup-rust-toolchain@v1
with: { toolchain: nightly }
- uses: taiki-e/cache-cargo-install-action@v1
with: { tool: cargo-public-api }
- name: generate API diff
run: |
for f in $(find -mindepth 2 -maxdepth 2 -name Cargo.toml); do
cargo public-api --manifest-path "$f" --all-features diff ${{ github.event.pull_request.base.sha }}..${{ github.sha }}
done

View File

@ -1,8 +1,14 @@
name: Upload Documentation
on:
push:
branches: [master]
push: { branches: [master] }
permissions:
contents: read # to fetch code (actions/checkout)
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
build:

View File

@ -2,6 +2,7 @@
## Unreleased - 2022-xx-xx
- Rename `Cors::{allow_private_network_access => allow_local_network_access}()` and its unstable flag (`draft-private-network-access` => `draft-local-network-access`).
- Minimum supported Rust version (MSRV) is now 1.60.
## 0.6.4 - 2022-10-28

View File

@ -18,7 +18,7 @@ rustdoc-args = ["--cfg", "docsrs"]
all-features = true
[features]
draft-private-network-access = []
draft-local-network-access = []
[dependencies]
actix-utils = "3"

View File

@ -101,8 +101,8 @@ impl Cors {
preflight: true,
send_wildcard: false,
supports_credentials: true,
#[cfg(feature = "draft-private-network-access")]
allow_private_network_access: false,
#[cfg(feature = "draft-local-network-access")]
allow_local_network_access: false,
vary_header: true,
block_on_origin_mismatch: true,
};
@ -422,19 +422,19 @@ impl Cors {
/// Allow private network access.
///
/// If true, injects the `Access-Control-Allow-Private-Network: true` header in responses if the
/// request contained the `Access-Control-Request-Private-Network: true` header.
/// If true, injects the `Access-Control-Allow-Local-Network: true` header in responses if the
/// request contained the `Access-Control-Request-Local-Network: true` header.
///
/// For more information on this behavior, see the draft [Private Network Access] spec.
/// For more information on this behavior, see the draft [Local Network Access] spec.
///
/// Defaults to `false`.
///
/// [Private Network Access]: https://wicg.github.io/private-network-access
#[cfg(feature = "draft-private-network-access")]
#[cfg_attr(docsrs, doc(cfg(feature = "draft-private-network-access")))]
pub fn allow_private_network_access(mut self) -> Cors {
/// [Private Network Access]: https://wicg.github.io/local-network-access
#[cfg(feature = "draft-local-network-access")]
#[cfg_attr(docsrs, doc(cfg(feature = "draft-local-network-access")))]
pub fn allow_local_network_access(mut self) -> Cors {
if let Some(cors) = cors(&mut self.inner, &self.error) {
cors.allow_private_network_access = true;
cors.allow_local_network_access = true;
}
self
@ -514,8 +514,8 @@ impl Default for Cors {
preflight: true,
send_wildcard: false,
supports_credentials: false,
#[cfg(feature = "draft-private-network-access")]
allow_private_network_access: false,
#[cfg(feature = "draft-local-network-access")]
allow_local_network_access: false,
vary_header: true,
block_on_origin_mismatch: true,
};

View File

@ -64,8 +64,8 @@ pub(crate) struct Inner {
pub(crate) preflight: bool,
pub(crate) send_wildcard: bool,
pub(crate) supports_credentials: bool,
#[cfg(feature = "draft-private-network-access")]
pub(crate) allow_private_network_access: bool,
#[cfg(feature = "draft-local-network-access")]
pub(crate) allow_local_network_access: bool,
pub(crate) vary_header: bool,
pub(crate) block_on_origin_mismatch: bool,
}
@ -222,19 +222,19 @@ pub(crate) fn add_vary_header(headers: &mut HeaderMap) {
val.extend(hdr.as_bytes());
val.extend(b", Origin, Access-Control-Request-Method, Access-Control-Request-Headers");
#[cfg(feature = "draft-private-network-access")]
val.extend(b", Access-Control-Allow-Private-Network");
#[cfg(feature = "draft-local-network-access")]
val.extend(b", Access-Control-Allow-Local-Network");
val.try_into().unwrap()
}
#[cfg(feature = "draft-private-network-access")]
#[cfg(feature = "draft-local-network-access")]
None => HeaderValue::from_static(
"Origin, Access-Control-Request-Method, Access-Control-Request-Headers, \
Access-Control-Allow-Private-Network",
Access-Control-Allow-Local-Network",
),
#[cfg(not(feature = "draft-private-network-access"))]
#[cfg(not(feature = "draft-local-network-access"))]
None => HeaderValue::from_static(
"Origin, Access-Control-Request-Method, Access-Control-Request-Headers",
),

View File

@ -7,9 +7,9 @@
//! This CORS middleware automatically handles `OPTIONS` preflight requests.
//!
//! # Crate Features
//! - `draft-private-network-access`: ⚠️ Unstable. Adds opt-in support for the [Private Network
//! Access] spec extensions. This feature is unstable since it will follow any breaking changes in
//! the draft spec until it is finalized.
//! - `draft-local-network-access`: ⚠️ Unstable. Adds opt-in support for the [Local Network Access]
//! spec extensions. This feature is unstable since it will follow any breaking changes in the
//! draft spec until it is finalized.
//!
//! # Example
//! ```no_run
@ -46,7 +46,7 @@
//! }
//! ```
//!
//! [Private Network Access]: https://wicg.github.io/private-network-access
//! [Local Network Access]: https://wicg.github.io/local-network-access
#![forbid(unsafe_code)]
#![deny(rust_2018_idioms, nonstandard_style)]

View File

@ -93,14 +93,14 @@ impl<S> CorsMiddleware<S> {
res.insert_header((header::ACCESS_CONTROL_ALLOW_HEADERS, headers.clone()));
}
#[cfg(feature = "draft-private-network-access")]
if inner.allow_private_network_access
#[cfg(feature = "draft-local-network-access")]
if inner.allow_local_network_access
&& req
.headers()
.contains_key("access-control-request-private-network")
.contains_key("access-control-request-local-network")
{
res.insert_header((
header::HeaderName::from_static("access-control-allow-private-network"),
header::HeaderName::from_static("access-control-allow-local-network"),
HeaderValue::from_static("true"),
));
}
@ -149,7 +149,6 @@ impl<S> CorsMiddleware<S> {
let expose_all_request_headers = res
.headers()
.keys()
.into_iter()
.map(|name| name.as_str())
.collect::<HashSet<_>>();
@ -174,15 +173,15 @@ impl<S> CorsMiddleware<S> {
);
}
#[cfg(feature = "draft-private-network-access")]
if inner.allow_private_network_access
#[cfg(feature = "draft-local-network-access")]
if inner.allow_local_network_access
&& res
.request()
.headers()
.contains_key("access-control-request-private-network")
.contains_key("access-control-request-local-network")
{
res.headers_mut().insert(
header::HeaderName::from_static("access-control-allow-private-network"),
header::HeaderName::from_static("access-control-allow-local-network"),
HeaderValue::from_static("true"),
);
}

View File

@ -264,15 +264,15 @@ async fn test_response() {
.get(header::ACCESS_CONTROL_ALLOW_ORIGIN)
.map(HeaderValue::as_bytes)
);
#[cfg(not(feature = "draft-private-network-access"))]
#[cfg(not(feature = "draft-local-network-access"))]
assert_eq!(
resp.headers().get(header::VARY).map(HeaderValue::as_bytes),
Some(&b"Origin, Access-Control-Request-Method, Access-Control-Request-Headers"[..]),
);
#[cfg(feature = "draft-private-network-access")]
#[cfg(feature = "draft-local-network-access")]
assert_eq!(
resp.headers().get(header::VARY).map(HeaderValue::as_bytes),
Some(&b"Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Private-Network"[..]),
Some(&b"Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Local-Network"[..]),
);
#[allow(clippy::needless_collect)]
@ -317,7 +317,7 @@ async fn test_response() {
.method(Method::OPTIONS)
.to_srv_request();
let resp = test::call_service(&cors, req).await;
#[cfg(not(feature = "draft-private-network-access"))]
#[cfg(not(feature = "draft-local-network-access"))]
assert_eq!(
resp.headers()
.get(header::VARY)
@ -325,10 +325,10 @@ async fn test_response() {
.unwrap(),
b"Accept, Origin, Access-Control-Request-Method, Access-Control-Request-Headers",
);
#[cfg(feature = "draft-private-network-access")]
#[cfg(feature = "draft-local-network-access")]
assert_eq!(
resp.headers().get(header::VARY).map(HeaderValue::as_bytes).unwrap(),
b"Accept, Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Private-Network",
b"Accept, Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Local-Network",
);
let cors = Cors::default()
@ -478,7 +478,7 @@ async fn vary_header_on_all_handled_responses() {
assert!(resp
.headers()
.contains_key(header::ACCESS_CONTROL_ALLOW_METHODS));
#[cfg(not(feature = "draft-private-network-access"))]
#[cfg(not(feature = "draft-local-network-access"))]
assert_eq!(
resp.headers()
.get(header::VARY)
@ -487,14 +487,14 @@ async fn vary_header_on_all_handled_responses() {
.unwrap(),
"Origin, Access-Control-Request-Method, Access-Control-Request-Headers",
);
#[cfg(feature = "draft-private-network-access")]
#[cfg(feature = "draft-local-network-access")]
assert_eq!(
resp.headers()
.get(header::VARY)
.expect("response should have Vary header")
.to_str()
.unwrap(),
"Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Private-Network",
"Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Local-Network",
);
// follow-up regular request
@ -504,7 +504,7 @@ async fn vary_header_on_all_handled_responses() {
.to_srv_request();
let resp = test::call_service(&cors, req).await;
assert_eq!(resp.status(), StatusCode::OK);
#[cfg(not(feature = "draft-private-network-access"))]
#[cfg(not(feature = "draft-local-network-access"))]
assert_eq!(
resp.headers()
.get(header::VARY)
@ -513,14 +513,14 @@ async fn vary_header_on_all_handled_responses() {
.unwrap(),
"Origin, Access-Control-Request-Method, Access-Control-Request-Headers",
);
#[cfg(feature = "draft-private-network-access")]
#[cfg(feature = "draft-local-network-access")]
assert_eq!(
resp.headers()
.get(header::VARY)
.expect("response should have Vary header")
.to_str()
.unwrap(),
"Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Private-Network",
"Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Local-Network",
);
let cors = Cors::default()
@ -536,7 +536,7 @@ async fn vary_header_on_all_handled_responses() {
.to_srv_request();
let resp = test::call_service(&cors, req).await;
assert_eq!(resp.status(), StatusCode::BAD_REQUEST);
#[cfg(not(feature = "draft-private-network-access"))]
#[cfg(not(feature = "draft-local-network-access"))]
assert_eq!(
resp.headers()
.get(header::VARY)
@ -545,21 +545,21 @@ async fn vary_header_on_all_handled_responses() {
.unwrap(),
"Origin, Access-Control-Request-Method, Access-Control-Request-Headers",
);
#[cfg(feature = "draft-private-network-access")]
#[cfg(feature = "draft-local-network-access")]
assert_eq!(
resp.headers()
.get(header::VARY)
.expect("response should have Vary header")
.to_str()
.unwrap(),
"Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Private-Network",
"Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Local-Network",
);
// regular request no origin
let req = TestRequest::default().method(Method::PUT).to_srv_request();
let resp = test::call_service(&cors, req).await;
assert_eq!(resp.status(), StatusCode::OK);
#[cfg(not(feature = "draft-private-network-access"))]
#[cfg(not(feature = "draft-local-network-access"))]
assert_eq!(
resp.headers()
.get(header::VARY)
@ -568,14 +568,14 @@ async fn vary_header_on_all_handled_responses() {
.unwrap(),
"Origin, Access-Control-Request-Method, Access-Control-Request-Headers",
);
#[cfg(feature = "draft-private-network-access")]
#[cfg(feature = "draft-local-network-access")]
assert_eq!(
resp.headers()
.get(header::VARY)
.expect("response should have Vary header")
.to_str()
.unwrap(),
"Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Private-Network",
"Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Access-Control-Allow-Local-Network",
);
}
@ -634,12 +634,12 @@ async fn expose_all_request_header_values() {
assert!(cd_hdr.contains("access-control-allow-origin"));
}
#[cfg(feature = "draft-private-network-access")]
#[cfg(feature = "draft-local-network-access")]
#[actix_web::test]
async fn private_network_access() {
let cors = Cors::permissive()
.allowed_origin("https://public.site")
.allow_private_network_access()
.allow_local_network_access()
.new_transform(fn_service(|req: ServiceRequest| async move {
let res = req.into_response(
HttpResponse::Ok()
@ -664,11 +664,11 @@ async fn private_network_access() {
.insert_header((header::ORIGIN, "https://public.site"))
.insert_header((header::ACCESS_CONTROL_REQUEST_METHOD, "POST"))
.insert_header((header::ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"))
.insert_header(("Access-Control-Request-Private-Network", "true"))
.insert_header(("Access-Control-Request-Local-Network", "true"))
.to_srv_request();
let res = test::call_service(&cors, req).await;
assert!(res.headers().contains_key("access-control-allow-origin"));
assert!(res
.headers()
.contains_key("access-control-allow-private-network"));
.contains_key("access-control-allow-local-network"));
}

View File

@ -726,10 +726,7 @@ pub mod test_helpers {
impl ServiceResponseExt for ServiceResponse {
fn get_cookie(&self, cookie_name: &str) -> Option<actix_web::cookie::Cookie<'_>> {
self.response()
.cookies()
.into_iter()
.find(|c| c.name() == cookie_name)
self.response().cookies().find(|c| c.name() == cookie_name)
}
}
}