0.7.17 Bump

Due to actix & trust-dns requirement

CHANGES.md

@@ -1,5 +1,19 @@
 # Changes
 
+## [0.7.17] - 2018-12-25
+
+### Added
+
+* Support for custom content types in `JsonConfig`. #637
+
+* Send `HTTP/1.1 100 Continue` if request contains `expect: continue` header #634
+
+### Fixed
+
+* HTTP1 decoder should perform case-insentive comparison for client requests (e.g. `Keep-Alive`). #631
+
+* Access-Control-Allow-Origin header should only a return a single, matching origin. #603
+
 ## [0.7.16] - 2018-12-11
 
 ### Added

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "actix-web"
-version = "0.7.16"
+version = "0.7.17"
 authors = ["Nikolay Kim <fafhrd91@gmail.com>"]
 description = "Actix web is a simple, pragmatic and extremely fast web framework for Rust."
 readme = "README.md"
@@ -62,14 +62,14 @@ cell = ["actix-net/cell"]
 
 [dependencies]
 actix = "0.7.9"
-actix-net = "0.2.2"
+actix-net = "0.2.6"
 
 askama_escape = "0.1.0"
 base64 = "0.10"
 bitflags = "1.0"
 failure = "^0.1.2"
 h2 = "0.1"
-http = "^0.1.8"
+http = "^0.1.14"
 httparse = "1.3"
 log = "0.4"
 mime = "0.3"
@@ -105,7 +105,7 @@ slab = "0.4"
 tokio = "0.1"
 tokio-io = "0.1"
 tokio-tcp = "0.1"
-tokio-timer = "0.2"
+tokio-timer = "0.2.8"
 tokio-reactor = "0.1"
 tokio-current-thread = "0.1"
 

README.md

@@ -23,7 +23,7 @@ Actix web is a simple, pragmatic and extremely fast web framework for Rust.
 * [API Documentation (Releases)](https://actix.rs/api/actix-web/stable/actix_web/)
 * [Chat on gitter](https://gitter.im/actix/actix)
 * Cargo package: [actix-web](https://crates.io/crates/actix-web)
-* Minimum supported Rust version: 1.26 or later
+* Minimum supported Rust version: 1.31 or later
 
 ## Example
 

src/httpmessage.rs

@@ -200,7 +200,7 @@ pub trait HttpMessage: Sized {
     /// # fn main() {}
     /// ```
     fn json<T: DeserializeOwned>(&self) -> JsonBody<Self, T> {
-        JsonBody::new(self)
+        JsonBody::new::<()>(self, None)
     }
 
     /// Return stream to http payload processes as multipart.

src/json.rs

@@ -143,7 +143,7 @@ where
         let req2 = req.clone();
         let err = Rc::clone(&cfg.ehandler);
         Box::new(
-            JsonBody::new(req)
+            JsonBody::new(req, Some(cfg))
                 .limit(cfg.limit)
                 .map_err(move |e| (*err)(e, &req2))
                 .map(Json),
@@ -155,6 +155,7 @@ where
 ///
 /// ```rust
 /// # extern crate actix_web;
+/// extern crate mime;
 /// #[macro_use] extern crate serde_derive;
 /// use actix_web::{error, http, App, HttpResponse, Json, Result};
 ///
@@ -173,6 +174,9 @@ where
 ///         r.method(http::Method::POST)
 ///               .with_config(index, |cfg| {
 ///                   cfg.0.limit(4096)   // <- change json extractor configuration
+///                      .content_type(|mime| {  // <- accept text/plain content type
+///                          mime.type_() == mime::TEXT && mime.subtype() == mime::PLAIN
+///                      })
 ///                      .error_handler(|err, req| {  // <- create custom error response
 ///                          error::InternalError::from_response(
 ///                              err, HttpResponse::Conflict().finish()).into()
@@ -184,6 +188,7 @@ where
 pub struct JsonConfig<S> {
     limit: usize,
     ehandler: Rc<Fn(JsonPayloadError, &HttpRequest<S>) -> Error>,
+    content_type: Option<Box<Fn(mime::Mime) -> bool>>,
 }
 
 impl<S> JsonConfig<S> {
@@ -201,6 +206,15 @@ impl<S> JsonConfig<S> {
         self.ehandler = Rc::new(f);
         self
     }
+
+    /// Set predicate for allowed content types
+    pub fn content_type<F>(&mut self, predicate: F) -> &mut Self
+    where
+        F: Fn(mime::Mime) -> bool + 'static,
+    {
+        self.content_type = Some(Box::new(predicate));
+        self
+    }
 }
 
 impl<S> Default for JsonConfig<S> {
@@ -208,6 +222,7 @@ impl<S> Default for JsonConfig<S> {
         JsonConfig {
             limit: 262_144,
             ehandler: Rc::new(|e, _| e.into()),
+            content_type: None,
         }
     }
 }
@@ -217,6 +232,7 @@ impl<S> Default for JsonConfig<S> {
 /// Returns error:
 ///
 /// * content type is not `application/json`
+///   (unless specified in [`JsonConfig`](struct.JsonConfig.html))
 /// * content length is greater than 256k
 ///
 /// # Server example
@@ -253,10 +269,13 @@ pub struct JsonBody<T: HttpMessage, U: DeserializeOwned> {
 
 impl<T: HttpMessage, U: DeserializeOwned> JsonBody<T, U> {
     /// Create `JsonBody` for request.
-    pub fn new(req: &T) -> Self {
+    pub fn new<S>(req: &T, cfg: Option<&JsonConfig<S>>) -> Self {
         // check content-type
         let json = if let Ok(Some(mime)) = req.mime_type() {
-            mime.subtype() == mime::JSON || mime.suffix() == Some(mime::JSON)
+            mime.subtype() == mime::JSON || mime.suffix() == Some(mime::JSON) ||
+                cfg.map_or(false, |cfg| {
+                    cfg.content_type.as_ref().map_or(false, |predicate| predicate(mime))
+                })
         } else {
             false
         };
@@ -440,4 +459,61 @@ mod tests {
         .finish();
         assert!(handler.handle(&req).as_err().is_none())
     }
+
+    #[test]
+    fn test_with_json_and_bad_content_type() {
+        let mut cfg = JsonConfig::default();
+        cfg.limit(4096);
+        let handler = With::new(|data: Json<MyObject>| data, cfg);
+
+        let req = TestRequest::with_header(
+            header::CONTENT_TYPE,
+            header::HeaderValue::from_static("text/plain"),
+        ).header(
+            header::CONTENT_LENGTH,
+            header::HeaderValue::from_static("16"),
+        ).set_payload(Bytes::from_static(b"{\"name\": \"test\"}"))
+        .finish();
+        assert!(handler.handle(&req).as_err().is_some())
+    }
+
+    #[test]
+    fn test_with_json_and_good_custom_content_type() {
+        let mut cfg = JsonConfig::default();
+        cfg.limit(4096);
+        cfg.content_type(|mime: mime::Mime| {
+            mime.type_() == mime::TEXT && mime.subtype() == mime::PLAIN
+        });
+        let handler = With::new(|data: Json<MyObject>| data, cfg);
+
+        let req = TestRequest::with_header(
+            header::CONTENT_TYPE,
+            header::HeaderValue::from_static("text/plain"),
+        ).header(
+            header::CONTENT_LENGTH,
+            header::HeaderValue::from_static("16"),
+        ).set_payload(Bytes::from_static(b"{\"name\": \"test\"}"))
+        .finish();
+        assert!(handler.handle(&req).as_err().is_none())
+    }
+
+    #[test]
+    fn test_with_json_and_bad_custom_content_type() {
+        let mut cfg = JsonConfig::default();
+        cfg.limit(4096);
+        cfg.content_type(|mime: mime::Mime| {
+            mime.type_() == mime::TEXT && mime.subtype() == mime::PLAIN
+        });
+        let handler = With::new(|data: Json<MyObject>| data, cfg);
+
+        let req = TestRequest::with_header(
+            header::CONTENT_TYPE,
+            header::HeaderValue::from_static("text/html"),
+        ).header(
+            header::CONTENT_LENGTH,
+            header::HeaderValue::from_static("16"),
+        ).set_payload(Bytes::from_static(b"{\"name\": \"test\"}"))
+        .finish();
+        assert!(handler.handle(&req).as_err().is_some())
+    }
 }

src/middleware/cors.rs

@@ -442,11 +442,23 @@ impl<S> Middleware<S> for Cors {
                         .insert(header::ACCESS_CONTROL_ALLOW_ORIGIN, origin.clone());
                 }
             }
-            AllOrSome::Some(_) => {
-                resp.headers_mut().insert(
-                    header::ACCESS_CONTROL_ALLOW_ORIGIN,
-                    self.inner.origins_str.as_ref().unwrap().clone(),
-                );
+            AllOrSome::Some(ref origins) => {
+                if let Some(origin) = req.headers().get(header::ORIGIN).filter(|o| {
+                        match o.to_str() {
+                            Ok(os) => origins.contains(os),
+                            _ => false
+                        }
+                    }) {
+                    resp.headers_mut().insert(
+                        header::ACCESS_CONTROL_ALLOW_ORIGIN,
+                        origin.clone(),
+                    );
+                } else {
+                    resp.headers_mut().insert(
+                        header::ACCESS_CONTROL_ALLOW_ORIGIN,
+                        self.inner.origins_str.as_ref().unwrap().clone()
+                    );
+                };
             }
         }
 
@@ -1134,17 +1146,10 @@ mod tests {
             .to_str()
             .unwrap();
 
-        if origins_str.starts_with("https://www.example.com") {
-            assert_eq!(
-                "https://www.example.com, https://www.google.com",
-                origins_str
-            );
-        } else {
-            assert_eq!(
-                "https://www.google.com, https://www.example.com",
-                origins_str
-            );
-        }
+        assert_eq!(
+            "https://www.example.com",
+            origins_str
+        );
     }
 
     #[test]
@@ -1180,4 +1185,43 @@ mod tests {
         let response = srv.execute(request.send()).unwrap();
         assert_eq!(response.status(), StatusCode::OK);
     }
+
+    #[test]
+    fn test_multiple_origins() {
+        let cors = Cors::build()
+            .allowed_origin("https://example.com")
+            .allowed_origin("https://example.org")
+            .allowed_methods(vec![Method::GET])
+            .finish();
+
+
+        let req = TestRequest::with_header("Origin", "https://example.com")
+            .method(Method::GET)
+            .finish();
+        let resp: HttpResponse = HttpResponse::Ok().into();
+
+        let resp = cors.response(&req, resp).unwrap().response();
+        print!("{:?}", resp);
+        assert_eq!(
+            &b"https://example.com"[..],
+            resp.headers()
+                .get(header::ACCESS_CONTROL_ALLOW_ORIGIN)
+                .unwrap()
+                .as_bytes()
+        );
+
+        let req = TestRequest::with_header("Origin", "https://example.org")
+            .method(Method::GET)
+            .finish();
+        let resp: HttpResponse = HttpResponse::Ok().into();
+
+        let resp = cors.response(&req, resp).unwrap().response();
+        assert_eq!(
+            &b"https://example.org"[..],
+            resp.headers()
+                .get(header::ACCESS_CONTROL_ALLOW_ORIGIN)
+                .unwrap()
+                .as_bytes()
+        );
+    }
 }

src/server/h1.rs

@@ -7,6 +7,7 @@ use futures::{Async, Future, Poll};
 use tokio_current_thread::spawn;
 use tokio_timer::Delay;
 
+use body::Binary;
 use error::{Error, PayloadError};
 use http::{StatusCode, Version};
 use payload::{Payload, PayloadStatus, PayloadWriter};
@@ -50,32 +51,40 @@ pub struct Http1Dispatcher<T: IoStream, H: HttpHandler + 'static> {
 }
 
 enum Entry<H: HttpHandler> {
-    Task(H::Task),
+    Task(H::Task, Option<()>),
     Error(Box<HttpHandlerTask>),
 }
 
 impl<H: HttpHandler> Entry<H> {
     fn into_task(self) -> H::Task {
         match self {
-            Entry::Task(task) => task,
+            Entry::Task(task, _) => task,
             Entry::Error(_) => panic!(),
         }
     }
     fn disconnected(&mut self) {
         match *self {
-            Entry::Task(ref mut task) => task.disconnected(),
+            Entry::Task(ref mut task, _) => task.disconnected(),
             Entry::Error(ref mut task) => task.disconnected(),
         }
     }
     fn poll_io(&mut self, io: &mut Writer) -> Poll<bool, Error> {
         match *self {
-            Entry::Task(ref mut task) => task.poll_io(io),
+            Entry::Task(ref mut task, ref mut except) => {
+                match except {
+                    Some(_) => {
+                        let _ = io.write(&Binary::from("HTTP/1.1 100 Continue\r\n\r\n"));
+                    }
+                    _ => (),
+                };
+                task.poll_io(io)
+            }
             Entry::Error(ref mut task) => task.poll_io(io),
         }
     }
     fn poll_completed(&mut self) -> Poll<(), Error> {
         match *self {
-            Entry::Task(ref mut task) => task.poll_completed(),
+            Entry::Task(ref mut task, _) => task.poll_completed(),
             Entry::Error(ref mut task) => task.poll_completed(),
         }
     }
@@ -463,7 +472,11 @@ where
 
         'outer: loop {
             match self.decoder.decode(&mut self.buf, &self.settings) {
-                Ok(Some(Message::Message { mut msg, payload })) => {
+                Ok(Some(Message::Message {
+                    mut msg,
+                    mut expect,
+                    payload,
+                })) => {
                     updated = true;
                     self.flags.insert(Flags::STARTED);
 
@@ -484,6 +497,12 @@ where
                     match self.settings.handler().handle(msg) {
                         Ok(mut task) => {
                             if self.tasks.is_empty() {
+                                if expect {
+                                    expect = false;
+                                    let _ = self.stream.write(&Binary::from(
+                                        "HTTP/1.1 100 Continue\r\n\r\n",
+                                    ));
+                                }
                                 match task.poll_io(&mut self.stream) {
                                     Ok(Async::Ready(ready)) => {
                                         // override keep-alive state
@@ -510,7 +529,10 @@ where
                                     }
                                 }
                             }
-                            self.tasks.push_back(Entry::Task(task));
+                            self.tasks.push_back(Entry::Task(
+                                task,
+                                if expect { Some(()) } else { None },
+                            ));
                             continue 'outer;
                         }
                         Err(_) => {
@@ -608,13 +630,13 @@ mod tests {
     impl Message {
         fn message(self) -> Request {
             match self {
-                Message::Message { msg, payload: _ } => msg,
+                Message::Message { msg, .. } => msg,
                 _ => panic!("error"),
             }
         }
         fn is_payload(&self) -> bool {
             match *self {
-                Message::Message { msg: _, payload } => payload,
+                Message::Message { payload, .. } => payload,
                 _ => panic!("error"),
             }
         }
@@ -874,13 +896,13 @@ mod tests {
         let settings = wrk_settings();
 
         let mut reader = H1Decoder::new();
-        assert!{ reader.decode(&mut buf, &settings).unwrap().is_none() }
+        assert! { reader.decode(&mut buf, &settings).unwrap().is_none() }
 
         buf.extend(b"t");
-        assert!{ reader.decode(&mut buf, &settings).unwrap().is_none() }
+        assert! { reader.decode(&mut buf, &settings).unwrap().is_none() }
 
         buf.extend(b"es");
-        assert!{ reader.decode(&mut buf, &settings).unwrap().is_none() }
+        assert! { reader.decode(&mut buf, &settings).unwrap().is_none() }
 
         buf.extend(b"t: value\r\n\r\n");
         match reader.decode(&mut buf, &settings) {
@@ -942,6 +964,14 @@ mod tests {
         let req = parse_ready!(&mut buf);
 
         assert!(!req.keep_alive());
+
+        let mut buf = BytesMut::from(
+            "GET /test HTTP/1.1\r\n\
+             connection: Close\r\n\r\n",
+        );
+        let req = parse_ready!(&mut buf);
+
+        assert!(!req.keep_alive());
     }
 
     #[test]
@@ -953,10 +983,26 @@ mod tests {
         let req = parse_ready!(&mut buf);
 
         assert!(!req.keep_alive());
+
+        let mut buf = BytesMut::from(
+            "GET /test HTTP/1.0\r\n\
+             connection: Close\r\n\r\n",
+        );
+        let req = parse_ready!(&mut buf);
+
+        assert!(!req.keep_alive());
     }
 
     #[test]
     fn test_conn_keep_alive_1_0() {
+        let mut buf = BytesMut::from(
+            "GET /test HTTP/1.0\r\n\
+             connection: Keep-Alive\r\n\r\n",
+        );
+        let req = parse_ready!(&mut buf);
+
+        assert!(req.keep_alive());
+
         let mut buf = BytesMut::from(
             "GET /test HTTP/1.0\r\n\
              connection: keep-alive\r\n\r\n",
@@ -1009,6 +1055,15 @@ mod tests {
         let req = parse_ready!(&mut buf);
 
         assert!(req.upgrade());
+
+        let mut buf = BytesMut::from(
+            "GET /test HTTP/1.1\r\n\
+             upgrade: Websockets\r\n\
+             connection: Upgrade\r\n\r\n",
+        );
+        let req = parse_ready!(&mut buf);
+
+        assert!(req.upgrade());
     }
 
     #[test]

src/server/h1decoder.rs

@@ -20,7 +20,11 @@ pub(crate) struct H1Decoder {
 
 #[derive(Debug)]
 pub(crate) enum Message {
-    Message { msg: Request, payload: bool },
+    Message {
+        msg: Request,
+        payload: bool,
+        expect: bool,
+    },
     Chunk(Bytes),
     Eof,
 }
@@ -63,10 +67,11 @@ impl H1Decoder {
             .parse_message(src, settings)
             .map_err(DecoderError::Error)?
         {
-            Async::Ready((msg, decoder)) => {
+            Async::Ready((msg, expect, decoder)) => {
                 self.decoder = decoder;
                 Ok(Some(Message::Message {
                     msg,
+                    expect,
                     payload: self.decoder.is_some(),
                 }))
             }
@@ -85,11 +90,12 @@ impl H1Decoder {
         &self,
         buf: &mut BytesMut,
         settings: &ServiceConfig<H>,
-    ) -> Poll<(Request, Option<EncodingDecoder>), ParseError> {
+    ) -> Poll<(Request, bool, Option<EncodingDecoder>), ParseError> {
         // Parse http message
         let mut has_upgrade = false;
         let mut chunked = false;
         let mut content_length = None;
+        let mut expect_continue = false;
 
         let msg = {
             // Unsafe: we read only this data only after httparse parses headers into.
@@ -157,23 +163,25 @@ impl H1Decoder {
                             }
                             // transfer-encoding
                             header::TRANSFER_ENCODING => {
-                                if let Ok(s) = value.to_str() {
-                                    chunked = s.to_lowercase().contains("chunked");
+                                if let Ok(s) = value.to_str().map(|s| s.trim()) {
+                                    chunked = s.eq_ignore_ascii_case("chunked");
                                 } else {
                                     return Err(ParseError::Header);
                                 }
                             }
                             // connection keep-alive state
                             header::CONNECTION => {
-                                let ka = if let Ok(conn) = value.to_str() {
+                                let ka = if let Ok(conn) =
+                                    value.to_str().map(|conn| conn.trim())
+                                {
                                     if version == Version::HTTP_10
-                                        && conn.contains("keep-alive")
+                                        && conn.eq_ignore_ascii_case("keep-alive")
                                     {
                                         true
                                     } else {
-                                        version == Version::HTTP_11 && !(conn
-                                            .contains("close")
-                                            || conn.contains("upgrade"))
+                                        version == Version::HTTP_11
+                                            && !(conn.eq_ignore_ascii_case("close")
+                                                || conn.eq_ignore_ascii_case("upgrade"))
                                     }
                                 } else {
                                     false
@@ -184,12 +192,17 @@ impl H1Decoder {
                                 has_upgrade = true;
                                 // check content-length, some clients (dart)
                                 // sends "content-length: 0" with websocket upgrade
-                                if let Ok(val) = value.to_str() {
-                                    if val == "websocket" {
+                                if let Ok(val) = value.to_str().map(|val| val.trim()) {
+                                    if val.eq_ignore_ascii_case("websocket") {
                                         content_length = None;
                                     }
                                 }
                             }
+                            header::EXPECT => {
+                                if value == "100-continue" {
+                                    expect_continue = true
+                                }
+                            }
                             _ => (),
                         }
 
@@ -220,7 +233,7 @@ impl H1Decoder {
             None
         };
 
-        Ok(Async::Ready((msg, decoder)))
+        Ok(Async::Ready((msg, expect_continue, decoder)))
     }
 }