remove unused dependency

Replace use of try!() with ?

CHANGES.md

@@ -1,5 +1,18 @@
 # Changes
 
+## 0.5.4 (2018-04-19)
+
+* Add identity service middleware
+
+* Middleware response() is not invoked if there was an error in async handler #187
+
+* Use Display formatting for InternalError Display implementation #188
+
+
+## 0.5.3 (2018-04-18)
+
+* Impossible to quote slashes in path parameters #182
+
 
 ## 0.5.2 (2018-04-16)
 

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "actix-web"
-version = "0.5.2"
+version = "0.5.4"
 authors = ["Nikolay Kim <fafhrd91@gmail.com>"]
 description = "Actix web is a simple, pragmatic and extremely fast web framework for Rust."
 readme = "README.md"
@@ -81,7 +81,6 @@ futures = "0.1"
 futures-cpupool = "0.1"
 tokio-io = "0.1"
 tokio-core = "0.1"
-trust-dns-resolver = "0.8"
 
 # native-tls
 native-tls = { version="0.1", optional = true }

src/application.rs

@@ -177,6 +177,13 @@ where
     ///
     /// State is shared with all resources within same application and
     /// could be accessed with `HttpRequest::state()` method.
+    ///
+    /// **Note**: http server accepts an application factory rather than
+    /// an application instance. Http server constructs an application
+    /// instance for each thread, thus application state must be constructed
+    /// multiple times. If you want to share state between different
+    /// threads, a shared object should be used, e.g. `Arc`. Application
+    /// state does not need to be `Send` and `Sync`.
     pub fn with_state(state: S) -> App<S> {
         App {
             parts: Some(ApplicationParts {
@@ -314,7 +321,7 @@ where
     ///
     /// fn main() {
     ///     let app = App::new()
-    ///         .resource("/test", |r| {
+    ///         .resource("/users/{userid}/{friend}", |r| {
     ///              r.get().f(|_| HttpResponse::Ok());
     ///              r.head().f(|_| HttpResponse::MethodNotAllowed());
     ///         });
@@ -418,6 +425,8 @@ where
     /// `/app/test` would match, but the path `/application` would
     /// not.
     ///
+    /// Path tail is available as `tail` parameter in request's match_dict.
+    ///
     /// ```rust
     /// # extern crate actix_web;
     /// use actix_web::{http, App, HttpRequest, HttpResponse};

src/error.rs

@@ -580,7 +580,7 @@ impl<T> InternalError<T> {
 
 impl<T> Fail for InternalError<T>
 where
-    T: Send + Sync + fmt::Debug + 'static,
+    T: Send + Sync + fmt::Debug + fmt::Display + 'static,
 {
     fn backtrace(&self) -> Option<&Backtrace> {
         Some(&self.backtrace)
@@ -598,16 +598,16 @@ where
 
 impl<T> fmt::Display for InternalError<T>
 where
-    T: Send + Sync + fmt::Debug + 'static,
+    T: Send + Sync + fmt::Display + 'static,
 {
     fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
-        fmt::Debug::fmt(&self.cause, f)
+        fmt::Display::fmt(&self.cause, f)
     }
 }
 
 impl<T> ResponseError for InternalError<T>
 where
-    T: Send + Sync + fmt::Debug + 'static,
+    T: Send + Sync + fmt::Debug + fmt::Display + 'static,
 {
     fn error_response(&self) -> HttpResponse {
         match self.status {
@@ -625,7 +625,7 @@ where
 
 impl<T> Responder for InternalError<T>
 where
-    T: Send + Sync + fmt::Debug + 'static,
+    T: Send + Sync + fmt::Debug + fmt::Display + 'static,
 {
     type Item = HttpResponse;
     type Error = Error;
@@ -640,7 +640,7 @@ where
 #[allow(non_snake_case)]
 pub fn ErrorBadRequest<T>(err: T) -> Error
 where
-    T: Send + Sync + fmt::Debug + 'static,
+    T: Send + Sync + fmt::Debug + fmt::Display + 'static,
 {
     InternalError::new(err, StatusCode::BAD_REQUEST).into()
 }
@@ -650,7 +650,7 @@ where
 #[allow(non_snake_case)]
 pub fn ErrorUnauthorized<T>(err: T) -> Error
 where
-    T: Send + Sync + fmt::Debug + 'static,
+    T: Send + Sync + fmt::Debug + fmt::Display + 'static,
 {
     InternalError::new(err, StatusCode::UNAUTHORIZED).into()
 }
@@ -660,7 +660,7 @@ where
 #[allow(non_snake_case)]
 pub fn ErrorForbidden<T>(err: T) -> Error
 where
-    T: Send + Sync + fmt::Debug + 'static,
+    T: Send + Sync + fmt::Debug + fmt::Display + 'static,
 {
     InternalError::new(err, StatusCode::FORBIDDEN).into()
 }
@@ -670,7 +670,7 @@ where
 #[allow(non_snake_case)]
 pub fn ErrorNotFound<T>(err: T) -> Error
 where
-    T: Send + Sync + fmt::Debug + 'static,
+    T: Send + Sync + fmt::Debug + fmt::Display + 'static,
 {
     InternalError::new(err, StatusCode::NOT_FOUND).into()
 }
@@ -680,7 +680,7 @@ where
 #[allow(non_snake_case)]
 pub fn ErrorMethodNotAllowed<T>(err: T) -> Error
 where
-    T: Send + Sync + fmt::Debug + 'static,
+    T: Send + Sync + fmt::Debug + fmt::Display + 'static,
 {
     InternalError::new(err, StatusCode::METHOD_NOT_ALLOWED).into()
 }
@@ -690,7 +690,7 @@ where
 #[allow(non_snake_case)]
 pub fn ErrorRequestTimeout<T>(err: T) -> Error
 where
-    T: Send + Sync + fmt::Debug + 'static,
+    T: Send + Sync + fmt::Debug + fmt::Display + 'static,
 {
     InternalError::new(err, StatusCode::REQUEST_TIMEOUT).into()
 }
@@ -700,7 +700,7 @@ where
 #[allow(non_snake_case)]
 pub fn ErrorConflict<T>(err: T) -> Error
 where
-    T: Send + Sync + fmt::Debug + 'static,
+    T: Send + Sync + fmt::Debug + fmt::Display + 'static,
 {
     InternalError::new(err, StatusCode::CONFLICT).into()
 }
@@ -710,7 +710,7 @@ where
 #[allow(non_snake_case)]
 pub fn ErrorGone<T>(err: T) -> Error
 where
-    T: Send + Sync + fmt::Debug + 'static,
+    T: Send + Sync + fmt::Debug + fmt::Display + 'static,
 {
     InternalError::new(err, StatusCode::GONE).into()
 }
@@ -720,7 +720,7 @@ where
 #[allow(non_snake_case)]
 pub fn ErrorPreconditionFailed<T>(err: T) -> Error
 where
-    T: Send + Sync + fmt::Debug + 'static,
+    T: Send + Sync + fmt::Debug + fmt::Display + 'static,
 {
     InternalError::new(err, StatusCode::PRECONDITION_FAILED).into()
 }
@@ -730,7 +730,7 @@ where
 #[allow(non_snake_case)]
 pub fn ErrorExpectationFailed<T>(err: T) -> Error
 where
-    T: Send + Sync + fmt::Debug + 'static,
+    T: Send + Sync + fmt::Debug + fmt::Display + 'static,
 {
     InternalError::new(err, StatusCode::EXPECTATION_FAILED).into()
 }
@@ -740,7 +740,7 @@ where
 #[allow(non_snake_case)]
 pub fn ErrorInternalServerError<T>(err: T) -> Error
 where
-    T: Send + Sync + fmt::Debug + 'static,
+    T: Send + Sync + fmt::Debug + fmt::Display + 'static,
 {
     InternalError::new(err, StatusCode::INTERNAL_SERVER_ERROR).into()
 }
@@ -888,7 +888,9 @@ mod tests {
     #[test]
     fn test_internal_error() {
         let err = InternalError::from_response(
-            ExpectError::Encoding, HttpResponse::Ok().into());
+            ExpectError::Encoding,
+            HttpResponse::Ok().into(),
+        );
         let resp: HttpResponse = err.error_response();
         assert_eq!(resp.status(), StatusCode::OK);
     }

src/extractor.rs

@@ -25,7 +25,7 @@ use httprequest::HttpRequest;
 /// # extern crate futures;
 /// use actix_web::{App, Path, Result, http};
 ///
-/// /// extract path info from "/{username}/{count}/?index.html" url
+/// /// extract path info from "/{username}/{count}/index.html" url
 /// /// {username} - deserializes to a String
 /// /// {count} -  - deserializes to a u32
 /// fn index(info: Path<(String, u32)>) -> Result<String> {
@@ -34,7 +34,7 @@ use httprequest::HttpRequest;
 ///
 /// fn main() {
 ///     let app = App::new().resource(
-///        "/{username}/{count}/?index.html",       // <- define path parameters
+///        "/{username}/{count}/index.html",              // <- define path parameters
 ///        |r| r.method(http::Method::GET).with(index));  // <- use `with` extractor
 /// }
 /// ```
@@ -195,9 +195,6 @@ where
 ///
 /// ## Example
 ///
-/// It is possible to extract path information to a specific type that
-/// implements `Deserialize` trait from *serde*.
-///
 /// ```rust
 /// # extern crate actix_web;
 /// #[macro_use] extern crate serde_derive;

src/fs.rs

@@ -15,7 +15,6 @@ use bytes::{BufMut, Bytes, BytesMut};
 use futures::{Async, Future, Poll, Stream};
 use futures_cpupool::{CpuFuture, CpuPool};
 use mime_guess::get_mime_type;
-use percent_encoding::percent_decode;
 
 use error::Error;
 use handler::{Handler, Reply, Responder, RouteHandler, WrapHandler};
@@ -457,7 +456,7 @@ lazy_static! {
                     error!("Can not parse ACTIX_FS_POOL value");
                     20
                 }
-            },
+            }
             Err(_) => 20,
         };
         Mutex::new(CpuPool::new(default))
@@ -477,7 +476,8 @@ impl<S: 'static> StaticFiles<S> {
         StaticFiles::with_pool(dir, pool)
     }
 
-    /// Create new `StaticFiles` instance for specified base directory and `CpuPool`.
+    /// Create new `StaticFiles` instance for specified base directory and
+    /// `CpuPool`.
     pub fn with_pool<T: Into<PathBuf>>(dir: T, pool: CpuPool) -> StaticFiles<S> {
         let dir = dir.into();
 
@@ -543,8 +543,7 @@ impl<S: 'static> Handler<S> for StaticFiles<S> {
         } else {
             let relpath = match req.match_info()
                 .get("tail")
-                .map(|tail| percent_decode(tail.as_bytes()).decode_utf8().unwrap())
-                .map(|tail| PathBuf::from_param(tail.as_ref()))
+                .map(|tail| PathBuf::from_param(tail))
             {
                 Some(Ok(path)) => path,
                 _ => return Ok(self.default.handle(req)),

src/header/common/content_range.rs

@@ -171,16 +171,16 @@ impl Display for ContentRangeSpec {
                 range,
                 instance_length,
             } => {
-                try!(f.write_str("bytes "));
+                f.write_str("bytes ")?;
                 match range {
                     Some((first_byte, last_byte)) => {
-                        try!(write!(f, "{}-{}", first_byte, last_byte));
+                        write!(f, "{}-{}", first_byte, last_byte)?;
                     }
                     None => {
-                        try!(f.write_str("*"));
+                        f.write_str("*")?;
                     }
                 };
-                try!(f.write_str("/"));
+                f.write_str("/")?;
                 if let Some(v) = instance_length {
                     write!(f, "{}", v)
                 } else {
@@ -191,8 +191,8 @@ impl Display for ContentRangeSpec {
                 ref unit,
                 ref resp,
             } => {
-                try!(f.write_str(unit));
-                try!(f.write_str(" "));
+                f.write_str(unit)?;
+                f.write_str(" ")?;
                 f.write_str(resp)
             }
         }

src/header/shared/quality_item.rs

@@ -59,7 +59,7 @@ impl<T: PartialEq> cmp::PartialOrd for QualityItem<T> {
 
 impl<T: fmt::Display> fmt::Display for QualityItem<T> {
     fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
-        try!(fmt::Display::fmt(&self.item, f));
+        fmt::Display::fmt(&self.item, f)?;
         match self.quality.0 {
             1000 => Ok(()),
             0 => f.write_str("; q=0"),

src/httprequest.rs

@@ -6,8 +6,6 @@ use futures::future::{result, FutureResult};
 use futures::{Async, Poll, Stream};
 use futures_cpupool::CpuPool;
 use http::{header, Extensions, HeaderMap, Method, StatusCode, Uri, Version};
-use percent_encoding::percent_decode;
-use std::borrow::Cow;
 use std::net::SocketAddr;
 use std::rc::Rc;
 use std::{cmp, fmt, io, mem, str};
@@ -24,11 +22,12 @@ use param::Params;
 use payload::Payload;
 use router::{Resource, Router};
 use server::helpers::SharedHttpInnerMessage;
+use uri::Url as InnerUrl;
 
 pub struct HttpInnerMessage {
     pub version: Version,
     pub method: Method,
-    pub uri: Uri,
+    pub(crate) url: InnerUrl,
     pub headers: HeaderMap,
     pub extensions: Extensions,
     pub params: Params<'static>,
@@ -51,7 +50,7 @@ impl Default for HttpInnerMessage {
     fn default() -> HttpInnerMessage {
         HttpInnerMessage {
             method: Method::GET,
-            uri: Uri::default(),
+            url: InnerUrl::default(),
             version: Version::HTTP_11,
             headers: HeaderMap::with_capacity(16),
             params: Params::new(),
@@ -116,10 +115,11 @@ impl HttpRequest<()> {
         method: Method, uri: Uri, version: Version, headers: HeaderMap,
         payload: Option<Payload>,
     ) -> HttpRequest {
+        let url = InnerUrl::new(uri);
         HttpRequest(
             SharedHttpInnerMessage::from_message(HttpInnerMessage {
                 method,
-                uri,
+                url,
                 version,
                 headers,
                 payload,
@@ -201,6 +201,19 @@ impl<S> HttpRequest<S> {
         &mut self.as_mut().extensions
     }
 
+    /// Request extensions
+    #[inline]
+    #[doc(hidden)]
+    pub fn extensions_ro(&self) -> &Extensions {
+        &self.as_ref().extensions
+    }
+
+    /// Mutable refernece to a the request's extensions
+    #[inline]
+    pub fn extensions_mut(&mut self) -> &mut Extensions {
+        &mut self.as_mut().extensions
+    }
+
     /// Default `CpuPool`
     #[inline]
     #[doc(hidden)]
@@ -241,15 +254,17 @@ impl<S> HttpRequest<S> {
     /// Read the Request Uri.
     #[inline]
     pub fn uri(&self) -> &Uri {
-        &self.as_ref().uri
+        self.as_ref().url.uri()
     }
 
+    #[doc(hidden)]
+    #[deprecated(since = "0.5.3")]
     /// Returns mutable the Request Uri.
     ///
     /// This might be useful for middlewares, e.g. path normalization.
     #[inline]
     pub fn uri_mut(&mut self) -> &mut Uri {
-        &mut self.as_mut().uri
+        self.as_mut().url.uri_mut()
     }
 
     /// Read the Request method.
@@ -275,15 +290,7 @@ impl<S> HttpRequest<S> {
     /// The target path of this Request.
     #[inline]
     pub fn path(&self) -> &str {
-        self.uri().path()
-    }
-
-    /// Percent decoded path of this Request.
-    #[inline]
-    pub fn path_decoded(&self) -> Cow<str> {
-        percent_decode(self.uri().path().as_bytes())
-            .decode_utf8()
-            .unwrap()
+        self.as_ref().url.path()
     }
 
     /// Get *ConnectionInfo* for correct request.
@@ -438,9 +445,9 @@ impl<S> HttpRequest<S> {
     /// Get a reference to the Params object.
     ///
     /// Params is a container for url parameters.
-    /// Route supports glob patterns: * for a single wildcard segment and :param
-    /// for matching storing that segment of the request url in the Params
-    /// object.
+    /// A variable segment is specified in the form `{identifier}`,
+    /// where the identifier can be used later in a request handler to
+    /// access the matched value for that segment.
     #[inline]
     pub fn match_info(&self) -> &Params {
         unsafe { mem::transmute(&self.as_ref().params) }
@@ -578,7 +585,7 @@ impl<S> fmt::Debug for HttpRequest<S> {
             "\nHttpRequest {:?} {}:{}",
             self.as_ref().version,
             self.as_ref().method,
-            self.path_decoded()
+            self.path()
         );
         if !self.query_string().is_empty() {
             let _ = writeln!(f, "  query: ?{:?}", self.query_string());
@@ -596,6 +603,8 @@ impl<S> fmt::Debug for HttpRequest<S> {
 
 #[cfg(test)]
 mod tests {
+    #![allow(deprecated)]
+
     use super::*;
     use http::{HttpTryFrom, Uri};
     use resource::ResourceHandler;

src/json.rs

@@ -2,8 +2,8 @@ use bytes::{Bytes, BytesMut};
 use futures::{Future, Poll, Stream};
 use http::header::CONTENT_LENGTH;
 use std::fmt;
-use std::rc::Rc;
 use std::ops::{Deref, DerefMut};
+use std::rc::Rc;
 
 use mime;
 use serde::Serialize;
@@ -193,7 +193,7 @@ impl<S> JsonConfig<S> {
     /// Set custom error handler
     pub fn error_handler<F>(&mut self, f: F) -> &mut Self
     where
-        F: Fn(JsonPayloadError, HttpRequest<S>) -> Error + 'static
+        F: Fn(JsonPayloadError, HttpRequest<S>) -> Error + 'static,
     {
         self.ehandler = Rc::new(f);
         self
@@ -202,8 +202,10 @@ impl<S> JsonConfig<S> {
 
 impl<S> Default for JsonConfig<S> {
     fn default() -> Self {
-        JsonConfig { limit: 262_144,
-                     ehandler: Rc::new(|e, _| e.into()) }
+        JsonConfig {
+            limit: 262_144,
+            ehandler: Rc::new(|e, _| e.into()),
+        }
     }
 }
 

src/lib.rs

@@ -110,7 +110,6 @@ extern crate percent_encoding;
 extern crate serde_json;
 extern crate serde_urlencoded;
 extern crate smallvec;
-extern crate trust_dns_resolver;
 #[macro_use]
 extern crate actix;
 
@@ -147,6 +146,7 @@ mod pipeline;
 mod resource;
 mod route;
 mod router;
+mod uri;
 mod with;
 
 pub mod client;

src/middleware/cors.rs

@@ -7,8 +7,8 @@
 //!
 //!   1. Call [`Cors::build`](struct.Cors.html#method.build) to start building.
 //!   2. Use any of the builder methods to set fields in the backend.
-//! 3. Call [finish](struct.Cors.html#method.finish) to retrieve the
-//! constructed backend.
+//!   3. Call [finish](struct.Cors.html#method.finish) to retrieve the
+//!      constructed backend.
 //!
 //! Cors middleware could be used as parameter for `App::middleware()` or
 //! `ResourceHandler::middleware()` methods. But you have to use

src/middleware/identity.rs

@@ -0,0 +1,389 @@
+//! Request identity service for Actix applications.
+//!
+//! [**IdentityService**](struct.IdentityService.html) middleware can be
+//! used with different policies types to store identity information.
+//!
+//! Bu default, only cookie identity policy is implemented. Other backend
+//! implementations can be added separately.
+//!
+//! [**CookieIdentityPolicy**](struct.CookieIdentityPolicy.html)
+//! uses cookies as identity storage.
+//!
+//! To access current request identity
+//! [**RequestIdentity**](trait.RequestIdentity.html) should be used.
+//! *HttpRequest* implements *RequestIdentity* trait.
+//!
+//! ```rust
+//! use actix_web::middleware::identity::RequestIdentity;
+//! use actix_web::middleware::identity::{CookieIdentityPolicy, IdentityService};
+//! use actix_web::*;
+//!
+//! fn index(req: HttpRequest) -> Result<String> {
+//!     // access request identity
+//!     if let Some(id) = req.identity() {
+//!         Ok(format!("Welcome! {}", id))
+//!     } else {
+//!         Ok("Welcome Anonymous!".to_owned())
+//!     }
+//! }
+//!
+//! fn login(mut req: HttpRequest) -> HttpResponse {
+//!     req.remember("User1".to_owned()); // <- remember identity
+//!     HttpResponse::Ok().finish()
+//! }
+//!
+//! fn logout(mut req: HttpRequest) -> HttpResponse {
+//!     req.forget(); // <- remove identity
+//!     HttpResponse::Ok().finish()
+//! }
+//!
+//! fn main() {
+//!     let app = App::new().middleware(IdentityService::new(
+//!         // <- create identity middleware
+//!         CookieIdentityPolicy::new(&[0; 32])    // <- create cookie session backend
+//!               .name("auth-cookie")
+//!               .secure(false),
+//!     ));
+//! }
+//! ```
+use std::rc::Rc;
+
+use cookie::{Cookie, CookieJar, Key};
+use futures::Future;
+use futures::future::{FutureResult, err as FutErr, ok as FutOk};
+use time::Duration;
+
+use error::{Error, Result};
+use http::header::{self, HeaderValue};
+use httprequest::HttpRequest;
+use httpresponse::HttpResponse;
+use middleware::{Middleware, Response, Started};
+
+/// The helper trait to obtain your identity from a request.
+///
+/// ```rust
+/// use actix_web::*;
+/// use actix_web::middleware::identity::RequestIdentity;
+///
+/// fn index(req: HttpRequest) -> Result<String> {
+///     // access request identity
+///     if let Some(id) = req.identity() {
+///         Ok(format!("Welcome! {}", id))
+///     } else {
+///         Ok("Welcome Anonymous!".to_owned())
+///     }
+/// }
+///
+/// fn login(mut req: HttpRequest) -> HttpResponse {
+///     req.remember("User1".to_owned()); // <- remember identity
+///     HttpResponse::Ok().finish()
+/// }
+///
+/// fn logout(mut req: HttpRequest) -> HttpResponse {
+///     req.forget();                     // <- remove identity
+///     HttpResponse::Ok().finish()
+/// }
+/// # fn main() {}
+/// ```
+pub trait RequestIdentity {
+    /// Return the claimed identity of the user associated request or
+    /// ``None`` if no identity can be found associated with the request.
+    fn identity(&self) -> Option<&str>;
+
+    /// Remember identity.
+    fn remember(&mut self, identity: String);
+
+    /// This method is used to 'forget' the current identity on subsequent
+    /// requests.
+    fn forget(&mut self);
+}
+
+impl<S> RequestIdentity for HttpRequest<S> {
+    fn identity(&self) -> Option<&str> {
+        if let Some(id) = self.extensions_ro().get::<IdentityBox>() {
+            return id.0.identity();
+        }
+        None
+    }
+
+    fn remember(&mut self, identity: String) {
+        if let Some(id) = self.extensions_mut().get_mut::<IdentityBox>() {
+            return id.0.remember(identity);
+        }
+    }
+
+    fn forget(&mut self) {
+        if let Some(id) = self.extensions_mut().get_mut::<IdentityBox>() {
+            return id.0.forget();
+        }
+    }
+}
+
+/// An identity
+pub trait Identity: 'static {
+    fn identity(&self) -> Option<&str>;
+
+    fn remember(&mut self, key: String);
+
+    fn forget(&mut self);
+
+    /// Write session to storage backend.
+    fn write(&mut self, resp: HttpResponse) -> Result<Response>;
+}
+
+/// Identity policy definition.
+pub trait IdentityPolicy<S>: Sized + 'static {
+    type Identity: Identity;
+    type Future: Future<Item = Self::Identity, Error = Error>;
+
+    /// Parse the session from request and load data from a service identity.
+    fn from_request(&self, request: &mut HttpRequest<S>) -> Self::Future;
+}
+
+/// Request identity middleware
+///
+/// ```rust
+/// # extern crate actix;
+/// # extern crate actix_web;
+/// use actix_web::App;
+/// use actix_web::middleware::identity::{IdentityService, CookieIdentityPolicy};
+///
+/// fn main() {
+///    let app = App::new().middleware(
+///        IdentityService::new(                      // <- create identity middleware
+///            CookieIdentityPolicy::new(&[0; 32])    // <- create cookie session backend
+///               .name("auth-cookie")
+///               .secure(false))
+///    );
+/// }
+/// ```
+pub struct IdentityService<T> {
+    backend: T,
+}
+
+impl<T> IdentityService<T> {
+    /// Create new identity service with specified backend.
+    pub fn new(backend: T) -> Self {
+        IdentityService { backend }
+    }
+}
+
+struct IdentityBox(Box<Identity>);
+
+#[doc(hidden)]
+unsafe impl Send for IdentityBox {}
+#[doc(hidden)]
+unsafe impl Sync for IdentityBox {}
+
+impl<S: 'static, T: IdentityPolicy<S>> Middleware<S> for IdentityService<T> {
+    fn start(&self, req: &mut HttpRequest<S>) -> Result<Started> {
+        let mut req = req.clone();
+
+        let fut = self.backend
+            .from_request(&mut req)
+            .then(move |res| match res {
+                Ok(id) => {
+                    req.extensions().insert(IdentityBox(Box::new(id)));
+                    FutOk(None)
+                }
+                Err(err) => FutErr(err),
+            });
+        Ok(Started::Future(Box::new(fut)))
+    }
+
+    fn response(
+        &self, req: &mut HttpRequest<S>, resp: HttpResponse
+    ) -> Result<Response> {
+        if let Some(mut id) = req.extensions().remove::<IdentityBox>() {
+            id.0.write(resp)
+        } else {
+            Ok(Response::Done(resp))
+        }
+    }
+}
+
+#[doc(hidden)]
+/// Identity that uses private cookies as identity storage.
+pub struct CookieIdentity {
+    changed: bool,
+    identity: Option<String>,
+    inner: Rc<CookieIdentityInner>,
+}
+
+impl Identity for CookieIdentity {
+    fn identity(&self) -> Option<&str> {
+        self.identity.as_ref().map(|s| s.as_ref())
+    }
+
+    fn remember(&mut self, value: String) {
+        self.changed = true;
+        self.identity = Some(value);
+    }
+
+    fn forget(&mut self) {
+        self.changed = true;
+        self.identity = None;
+    }
+
+    fn write(&mut self, mut resp: HttpResponse) -> Result<Response> {
+        if self.changed {
+            let _ = self.inner.set_cookie(&mut resp, self.identity.take());
+        }
+        Ok(Response::Done(resp))
+    }
+}
+
+struct CookieIdentityInner {
+    key: Key,
+    name: String,
+    path: String,
+    domain: Option<String>,
+    secure: bool,
+    max_age: Option<Duration>,
+}
+
+impl CookieIdentityInner {
+    fn new(key: &[u8]) -> CookieIdentityInner {
+        CookieIdentityInner {
+            key: Key::from_master(key),
+            name: "actix-identity".to_owned(),
+            path: "/".to_owned(),
+            domain: None,
+            secure: true,
+            max_age: None,
+        }
+    }
+
+    fn set_cookie(&self, resp: &mut HttpResponse, id: Option<String>) -> Result<()> {
+        let some = id.is_some();
+        {
+            let id = id.unwrap_or_else(String::new);
+            let mut cookie = Cookie::new(self.name.clone(), id);
+            cookie.set_path(self.path.clone());
+            cookie.set_secure(self.secure);
+            cookie.set_http_only(true);
+
+            if let Some(ref domain) = self.domain {
+                cookie.set_domain(domain.clone());
+            }
+
+            if let Some(max_age) = self.max_age {
+                cookie.set_max_age(max_age);
+            }
+
+            let mut jar = CookieJar::new();
+            if some {
+                jar.private(&self.key).add(cookie);
+            } else {
+                jar.add_original(cookie.clone());
+                jar.private(&self.key).remove(cookie);
+            }
+
+            for cookie in jar.delta() {
+                let val = HeaderValue::from_str(&cookie.to_string())?;
+                resp.headers_mut().append(header::SET_COOKIE, val);
+            }
+        }
+
+        Ok(())
+    }
+
+    fn load<S>(&self, req: &mut HttpRequest<S>) -> Option<String> {
+        if let Ok(cookies) = req.cookies() {
+            for cookie in cookies {
+                if cookie.name() == self.name {
+                    let mut jar = CookieJar::new();
+                    jar.add_original(cookie.clone());
+
+                    let cookie_opt = jar.private(&self.key).get(&self.name);
+                    if let Some(cookie) = cookie_opt {
+                        return Some(cookie.value().into());
+                    }
+                }
+            }
+        }
+        None
+    }
+}
+
+/// Use cookies for request identity storage.
+///
+/// The constructors take a key as an argument.
+/// This is the private key for cookie - when this value is changed,
+/// all identities are lost. The constructors will panic if the key is less
+/// than 32 bytes in length.
+///
+/// # Example
+///
+/// ```rust
+/// # extern crate actix_web;
+/// use actix_web::App;
+/// use actix_web::middleware::identity::{IdentityService, CookieIdentityPolicy};
+///
+/// fn main() {
+///    let app = App::new().middleware(
+///        IdentityService::new(                    // <- create identity middleware
+///            CookieIdentityPolicy::new(&[0; 32])  // <- construct cookie policy
+///                .domain("www.rust-lang.org")
+///                .name("actix_auth")
+///                .path("/")
+///                .secure(true)));
+/// }
+/// ```
+pub struct CookieIdentityPolicy(Rc<CookieIdentityInner>);
+
+impl CookieIdentityPolicy {
+    /// Construct new `CookieIdentityPolicy` instance.
+    ///
+    /// Panics if key length is less than 32 bytes.
+    pub fn new(key: &[u8]) -> CookieIdentityPolicy {
+        CookieIdentityPolicy(Rc::new(CookieIdentityInner::new(key)))
+    }
+
+    /// Sets the `path` field in the session cookie being built.
+    pub fn path<S: Into<String>>(mut self, value: S) -> CookieIdentityPolicy {
+        Rc::get_mut(&mut self.0).unwrap().path = value.into();
+        self
+    }
+
+    /// Sets the `name` field in the session cookie being built.
+    pub fn name<S: Into<String>>(mut self, value: S) -> CookieIdentityPolicy {
+        Rc::get_mut(&mut self.0).unwrap().name = value.into();
+        self
+    }
+
+    /// Sets the `domain` field in the session cookie being built.
+    pub fn domain<S: Into<String>>(mut self, value: S) -> CookieIdentityPolicy {
+        Rc::get_mut(&mut self.0).unwrap().domain = Some(value.into());
+        self
+    }
+
+    /// Sets the `secure` field in the session cookie being built.
+    ///
+    /// If the `secure` field is set, a cookie will only be transmitted when the
+    /// connection is secure - i.e. `https`
+    pub fn secure(mut self, value: bool) -> CookieIdentityPolicy {
+        Rc::get_mut(&mut self.0).unwrap().secure = value;
+        self
+    }
+
+    /// Sets the `max-age` field in the session cookie being built.
+    pub fn max_age(mut self, value: Duration) -> CookieIdentityPolicy {
+        Rc::get_mut(&mut self.0).unwrap().max_age = Some(value);
+        self
+    }
+}
+
+impl<S> IdentityPolicy<S> for CookieIdentityPolicy {
+    type Identity = CookieIdentity;
+    type Future = FutureResult<CookieIdentity, Error>;
+
+    fn from_request(&self, req: &mut HttpRequest<S>) -> Self::Future {
+        let identity = self.0.load(req);
+        FutOk(CookieIdentity {
+            identity,
+            changed: false,
+            inner: Rc::clone(&self.0),
+        })
+    }
+}

src/middleware/logger.rs

@@ -14,6 +14,7 @@ use httpresponse::HttpResponse;
 use middleware::{Finished, Middleware, Started};
 
 /// `Middleware` for logging request and response info to the terminal.
+///
 /// `Logger` middleware uses standard log crate to log information. You should
 /// enable logger for `actix_web` package to see access log.
 /// ([`env_logger`](https://docs.rs/env_logger/*/env_logger/) or similar)

src/middleware/mod.rs

@@ -12,12 +12,17 @@ pub mod csrf;
 mod defaultheaders;
 mod errhandlers;
 #[cfg(feature = "session")]
-mod session;
+pub mod identity;
+#[cfg(feature = "session")]
+pub mod session;
 pub use self::defaultheaders::DefaultHeaders;
 pub use self::errhandlers::ErrorHandlers;
 pub use self::logger::Logger;
 
 #[cfg(feature = "session")]
+#[doc(hidden)]
+#[deprecated(since = "0.5.4",
+             note = "please use `actix_web::middleware::session` instead")]
 pub use self::session::{CookieSessionBackend, CookieSessionError, RequestSession,
                         Session, SessionBackend, SessionImpl, SessionStorage};
 

src/middleware/session.rs

@@ -1,3 +1,68 @@
+//! User sessions.
+//!
+//! Actix provides a general solution for session management. The
+//! [**SessionStorage**](struct.SessionStorage.html)
+//! middleware can be used with different backend types to store session
+//! data in different backends.
+//!
+//! By default, only cookie session backend is implemented. Other
+//! backend implementations can be added.
+//!
+//! [**CookieSessionBackend**](struct.CookieSessionBackend.html)
+//! uses cookies as session storage. `CookieSessionBackend` creates sessions
+//! which are limited to storing fewer than 4000 bytes of data, as the payload
+//! must fit into a single cookie. An internal server error is generated if a
+//! session contains more than 4000 bytes.
+//!
+//! A cookie may have a security policy of *signed* or *private*. Each has
+//! a respective `CookieSessionBackend` constructor.
+//!
+//! A *signed* cookie may be viewed but not modified by the client. A *private*
+//! cookie may neither be viewed nor modified by the client.
+//!
+//! The constructors take a key as an argument. This is the private key
+//! for cookie session - when this value is changed, all session data is lost.
+//!
+//! In general, you create a `SessionStorage` middleware and initialize it
+//! with specific backend implementation, such as a `CookieSessionBackend`.
+//! To access session data,
+//! [*HttpRequest::session()*](trait.RequestSession.html#tymethod.session)
+//! must be used. This method returns a
+//! [*Session*](struct.Session.html) object, which allows us to get or set
+//! session data.
+//!
+//! ```rust
+//! # extern crate actix;
+//! # extern crate actix_web;
+//! use actix_web::{server, App, HttpRequest, Result};
+//! use actix_web::middleware::{RequestSession, SessionStorage, CookieSessionBackend};
+//!
+//! fn index(mut req: HttpRequest) -> Result<&'static str> {
+//!     // access session data
+//!     if let Some(count) = req.session().get::<i32>("counter")? {
+//!         println!("SESSION value: {}", count);
+//!         req.session().set("counter", count+1)?;
+//!     } else {
+//!         req.session().set("counter", 1)?;
+//!     }
+//!
+//!     Ok("Welcome!")
+//! }
+//!
+//! fn main() {
+//!     let sys = actix::System::new("basic-example");
+//!     server::new(
+//!       || App::new().middleware(
+//!           SessionStorage::new(          // <- create session middleware
+//!             CookieSessionBackend::signed(&[0; 32]) // <- create signed cookie session backend
+//!                 .secure(false)
+//!          )))
+//!         .bind("127.0.0.1:59880").unwrap()
+//!         .start();
+//! #     actix::Arbiter::system().do_send(actix::msgs::SystemExit(0));
+//!     let _ = sys.run();
+//! }
+//! ```
 use std::collections::HashMap;
 use std::marker::PhantomData;
 use std::rc::Rc;

src/pipeline.rs

@@ -328,7 +328,7 @@ impl<S: 'static, H> WaitingResponse<S, H> {
         match self.fut.poll() {
             Ok(Async::NotReady) => None,
             Ok(Async::Ready(response)) => Some(RunMiddlewares::init(info, response)),
-            Err(err) => Some(ProcessResponse::init(err.into())),
+            Err(err) => Some(RunMiddlewares::init(info, err.into())),
         }
     }
 }

src/route.rs

@@ -420,7 +420,7 @@ impl<S: 'static> WaitingResponse<S> {
         match self.fut.poll() {
             Ok(Async::NotReady) => None,
             Ok(Async::Ready(response)) => Some(RunMiddlewares::init(info, response)),
-            Err(err) => Some(Response::init(err.into())),
+            Err(err) => Some(RunMiddlewares::init(info, err.into())),
         }
     }
 }

src/router.rs

@@ -3,7 +3,6 @@ use std::hash::{Hash, Hasher};
 use std::mem;
 use std::rc::Rc;
 
-use percent_encoding::percent_decode;
 use regex::{escape, Regex};
 
 use error::UrlGenerationError;
@@ -82,12 +81,9 @@ impl Router {
         }
         let path: &str = unsafe { mem::transmute(&req.path()[self.0.prefix_len..]) };
         let route_path = if path.is_empty() { "/" } else { path };
-        let p = percent_decode(route_path.as_bytes())
-            .decode_utf8()
-            .unwrap();
 
         for (idx, pattern) in self.0.patterns.iter().enumerate() {
-            if pattern.match_with_params(p.as_ref(), req.match_info_mut()) {
+            if pattern.match_with_params(route_path, req.match_info_mut()) {
                 req.set_resource(idx);
                 return Some(idx);
             }

src/server/h1.rs

@@ -19,6 +19,7 @@ use httprequest::HttpRequest;
 use httpresponse::HttpResponse;
 use payload::{Payload, PayloadStatus, PayloadWriter};
 use pipeline::Pipeline;
+use uri::Url;
 
 use super::encoding::PayloadType;
 use super::h1writer::H1Writer;
@@ -527,7 +528,7 @@ impl Reader {
                     httparse::Status::Complete(len) => {
                         let method = Method::from_bytes(req.method.unwrap().as_bytes())
                             .map_err(|_| ParseError::Method)?;
-                        let path = Uri::try_from(req.path.unwrap())?;
+                        let path = Url::new(Uri::try_from(req.path.unwrap())?);
                         let version = if req.version.unwrap() == 1 {
                             Version::HTTP_11
                         } else {
@@ -563,7 +564,7 @@ impl Reader {
                     }
                 }
 
-                msg_mut.uri = path;
+                msg_mut.url = path;
                 msg_mut.method = method;
                 msg_mut.version = version;
             }

src/server/h2.rs

@@ -22,6 +22,7 @@ use httprequest::HttpRequest;
 use httpresponse::HttpResponse;
 use payload::{Payload, PayloadStatus, PayloadWriter};
 use pipeline::Pipeline;
+use uri::Url;
 
 use super::encoding::PayloadType;
 use super::h2writer::H2Writer;
@@ -304,7 +305,7 @@ impl<H: 'static> Entry<H> {
         let (psender, payload) = Payload::new(false);
 
         let msg = settings.get_http_message();
-        msg.get_mut().uri = parts.uri;
+        msg.get_mut().url = Url::new(parts.uri);
         msg.get_mut().method = parts.method;
         msg.get_mut().version = parts.version;
         msg.get_mut().headers = parts.headers;

src/uri.rs

@@ -0,0 +1,175 @@
+use http::Uri;
+
+#[allow(dead_code)]
+const GEN_DELIMS: &[u8] = b":/?#[]@";
+#[allow(dead_code)]
+const SUB_DELIMS_WITHOUT_QS: &[u8] = b"!$'()*,";
+#[allow(dead_code)]
+const SUB_DELIMS: &[u8] = b"!$'()*,+?=;";
+#[allow(dead_code)]
+const RESERVED: &[u8] = b":/?#[]@!$'()*,+?=;";
+#[allow(dead_code)]
+const UNRESERVED: &[u8] = b"abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ
+    1234567890
+    -._~";
+const ALLOWED: &[u8] = b"abcdefghijklmnopqrstuvwxyz
+    ABCDEFGHIJKLMNOPQRSTUVWXYZ
+    1234567890
+    -._~
+    !$'()*,";
+const QS: &[u8] = b"+&=;b";
+
+#[inline]
+fn bit_at(array: &[u8], ch: u8) -> bool {
+    array[(ch >> 3) as usize] & (1 << (ch & 7)) != 0
+}
+
+#[inline]
+fn set_bit(array: &mut [u8], ch: u8) {
+    array[(ch >> 3) as usize] |= 1 << (ch & 7)
+}
+
+lazy_static! {
+    static ref DEFAULT_QUOTER: Quoter = { Quoter::new(b"@:", b"/+") };
+}
+
+#[derive(Default)]
+pub(crate) struct Url {
+    uri: Uri,
+    path: Option<String>,
+}
+
+impl Url {
+    pub fn new(uri: Uri) -> Url {
+        let path = DEFAULT_QUOTER.requote(uri.path().as_bytes());
+
+        Url { uri, path }
+    }
+
+    pub fn uri(&self) -> &Uri {
+        &self.uri
+    }
+
+    pub fn uri_mut(&mut self) -> &mut Uri {
+        &mut self.uri
+    }
+
+    pub fn path(&self) -> &str {
+        if let Some(ref s) = self.path {
+            s
+        } else {
+            self.uri.path()
+        }
+    }
+}
+
+pub(crate) struct Quoter {
+    safe_table: [u8; 16],
+    protected_table: [u8; 16],
+}
+
+impl Quoter {
+    pub fn new(safe: &[u8], protected: &[u8]) -> Quoter {
+        let mut q = Quoter {
+            safe_table: [0; 16],
+            protected_table: [0; 16],
+        };
+
+        // prepare safe table
+        for i in 0..128 {
+            if ALLOWED.contains(&i) {
+                set_bit(&mut q.safe_table, i);
+            }
+            if QS.contains(&i) {
+                set_bit(&mut q.safe_table, i);
+            }
+        }
+
+        for ch in safe {
+            set_bit(&mut q.safe_table, *ch)
+        }
+
+        // prepare protected table
+        for ch in protected {
+            set_bit(&mut q.safe_table, *ch);
+            set_bit(&mut q.protected_table, *ch);
+        }
+
+        q
+    }
+
+    pub fn requote(&self, val: &[u8]) -> Option<String> {
+        let mut has_pct = 0;
+        let mut pct = [b'%', 0, 0];
+        let mut idx = 0;
+        let mut cloned: Option<Vec<u8>> = None;
+
+        let len = val.len();
+        while idx < len {
+            let ch = val[idx];
+
+            if has_pct != 0 {
+                pct[has_pct] = val[idx];
+                has_pct += 1;
+                if has_pct == 3 {
+                    has_pct = 0;
+                    let buf = cloned.as_mut().unwrap();
+
+                    if let Some(ch) = restore_ch(pct[1], pct[2]) {
+                        if ch < 128 {
+                            if bit_at(&self.protected_table, ch) {
+                                buf.extend_from_slice(&pct);
+                                idx += 1;
+                                continue;
+                            }
+
+                            if bit_at(&self.safe_table, ch) {
+                                buf.push(ch);
+                                idx += 1;
+                                continue;
+                            }
+                        }
+                        buf.push(ch);
+                    } else {
+                        buf.extend_from_slice(&pct[..]);
+                    }
+                }
+            } else if ch == b'%' {
+                has_pct = 1;
+                if cloned.is_none() {
+                    let mut c = Vec::with_capacity(len);
+                    c.extend_from_slice(&val[..idx]);
+                    cloned = Some(c);
+                }
+            } else if let Some(ref mut cloned) = cloned {
+                cloned.push(ch)
+            }
+            idx += 1;
+        }
+
+        if let Some(data) = cloned {
+            Some(unsafe { String::from_utf8_unchecked(data) })
+        } else {
+            None
+        }
+    }
+}
+
+#[inline]
+fn from_hex(v: u8) -> Option<u8> {
+    if v >= b'0' && v <= b'9' {
+        Some(v - 0x30) // ord('0') == 0x30
+    } else if v >= b'A' && v <= b'F' {
+        Some(v - 0x41 + 10) // ord('A') == 0x41
+    } else if v > b'a' && v <= b'f' {
+        Some(v - 0x61 + 10) // ord('a') == 0x61
+    } else {
+        None
+    }
+}
+
+#[inline]
+fn restore_ch(d1: u8, d2: u8) -> Option<u8> {
+    from_hex(d1).and_then(|d1| from_hex(d2).and_then(move |d2| Some(d1 << 4 | d2)))
+}

tests/test_handlers.rs

@@ -148,3 +148,27 @@ fn test_non_ascii_route() {
     let bytes = srv.execute(response.body()).unwrap();
     assert_eq!(bytes, Bytes::from_static(b"success"));
 }
+
+#[test]
+fn test_unsafe_path_route() {
+    let mut srv = test::TestServer::new(|app| {
+        app.resource("/test/{url}", |r| {
+            r.f(|r| format!("success: {}", &r.match_info()["url"]))
+        });
+    });
+
+    // client request
+    let request = srv.get()
+        .uri(srv.url("/test/http%3A%2F%2Fexample.com"))
+        .finish()
+        .unwrap();
+    let response = srv.execute(request.send()).unwrap();
+    assert!(response.status().is_success());
+
+    // read response
+    let bytes = srv.execute(response.body()).unwrap();
+    assert_eq!(
+        bytes,
+        Bytes::from_static(b"success: http:%2F%2Fexample.com")
+    );
+}

tests/test_server.rs

@@ -18,7 +18,7 @@ use flate2::Compression;
 use flate2::read::GzDecoder;
 use flate2::write::{DeflateDecoder, DeflateEncoder, GzEncoder};
 use futures::stream::once;
-use futures::{Future, Stream};
+use futures::{future, Future, Stream};
 use h2::client as h2client;
 use modhttp::Request;
 use rand::Rng;
@@ -915,3 +915,34 @@ fn test_resource_middlewares() {
     assert_eq!(num2.load(Ordering::Relaxed), 1);
     // assert_eq!(num3.load(Ordering::Relaxed), 1);
 }
+
+fn index_test_middleware_async_error(_: HttpRequest) -> FutureResponse<HttpResponse> {
+    future::result(Err(error::ErrorBadRequest("TEST"))).responder()
+}
+
+#[test]
+fn test_middleware_async_error() {
+    let req = Arc::new(AtomicUsize::new(0));
+    let resp = Arc::new(AtomicUsize::new(0));
+    let fin = Arc::new(AtomicUsize::new(0));
+
+    let act_req = Arc::clone(&req);
+    let act_resp = Arc::clone(&resp);
+    let act_fin = Arc::clone(&fin);
+
+    let mut srv = test::TestServer::new(move |app| {
+        app.middleware(MiddlewareTest {
+            start: Arc::clone(&act_req),
+            response: Arc::clone(&act_resp),
+            finish: Arc::clone(&act_fin),
+        }).handler(index_test_middleware_async_error)
+    });
+
+    let request = srv.get().finish().unwrap();
+    let response = srv.execute(request.send()).unwrap();
+    assert_eq!(response.status(), http::StatusCode::BAD_REQUEST);
+
+    assert_eq!(req.load(Ordering::Relaxed), 1);
+    assert_eq!(resp.load(Ordering::Relaxed), 1);
+    assert_eq!(fin.load(Ordering::Relaxed), 1);
+}