From 908fb2606ecd42450b31eb5b19aa186d5b0cd882 Mon Sep 17 00:00:00 2001 From: Kristian Gaylord Date: Wed, 19 Jul 2023 12:48:43 -0400 Subject: [PATCH 1/3] allow configuring number of test server workers (#3069) Co-authored-by: Rob Ede --- actix-test/CHANGES.md | 1 + actix-test/src/lib.rs | 15 ++++++++++++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/actix-test/CHANGES.md b/actix-test/CHANGES.md index e3a66c663..2a30ee95b 100644 --- a/actix-test/CHANGES.md +++ b/actix-test/CHANGES.md @@ -2,6 +2,7 @@ ## Unreleased - 2023-xx-xx +- Add `TestServerConfig::workers()` setter method - Minimum supported Rust version (MSRV) is now 1.65 due to transitive `time` dependency. ## 0.1.1 - 2023-02-26 diff --git a/actix-test/src/lib.rs b/actix-test/src/lib.rs index 7781edab4..c667e564d 100644 --- a/actix-test/src/lib.rs +++ b/actix-test/src/lib.rs @@ -154,7 +154,10 @@ where let srv_cfg = cfg.clone(); let timeout = cfg.client_request_timeout; - let builder = Server::build().workers(1).disable_signals().system_exit(); + let builder = Server::build() + .workers(cfg.workers) + .disable_signals() + .system_exit(); let srv = match srv_cfg.stream { StreamType::Tcp => match srv_cfg.tp { @@ -367,6 +370,7 @@ pub struct TestServerConfig { stream: StreamType, client_request_timeout: Duration, port: u16, + workers: usize, } impl Default for TestServerConfig { @@ -383,6 +387,7 @@ impl TestServerConfig { stream: StreamType::Tcp, client_request_timeout: Duration::from_secs(5), port: 0, + workers: 1, } } @@ -425,6 +430,14 @@ impl TestServerConfig { self.port = port; self } + + /// Sets number of workers in the test server process. + /// + /// By default, the server boots with 1 worker + pub fn workers(mut self, workers: usize) -> Self { + self.workers = workers; + self + } } /// A basic HTTP server controller that simplifies the process of writing integration tests for From 4272510261844dbef1e9ef5c9ee01574bd16a9b7 Mon Sep 17 00:00:00 2001 From: Rob Ede Date: Wed, 19 Jul 2023 19:27:20 +0100 Subject: [PATCH 2/3] doc amendments --- actix-test/CHANGES.md | 2 +- actix-test/src/lib.rs | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/actix-test/CHANGES.md b/actix-test/CHANGES.md index 2a30ee95b..aba27dbfc 100644 --- a/actix-test/CHANGES.md +++ b/actix-test/CHANGES.md @@ -2,7 +2,7 @@ ## Unreleased - 2023-xx-xx -- Add `TestServerConfig::workers()` setter method +- Add `TestServerConfig::workers()` setter method. - Minimum supported Rust version (MSRV) is now 1.65 due to transitive `time` dependency. ## 0.1.1 - 2023-02-26 diff --git a/actix-test/src/lib.rs b/actix-test/src/lib.rs index c667e564d..751ab3161 100644 --- a/actix-test/src/lib.rs +++ b/actix-test/src/lib.rs @@ -431,9 +431,9 @@ impl TestServerConfig { self } - /// Sets number of workers in the test server process. + /// Sets number of workers for the test server. /// - /// By default, the server boots with 1 worker + /// By default, the server uses 1 worker pub fn workers(mut self, workers: usize) -> Self { self.workers = workers; self From 80185ce741729108301d26d2cd18598baf1f9af3 Mon Sep 17 00:00:00 2001 From: Nathan Shaaban <86252985+ctrlaltf24@users.noreply.github.com> Date: Wed, 19 Jul 2023 18:51:17 +0000 Subject: [PATCH 3/3] Hide authorization header in httprequest debug output (#2953) Co-authored-by: Nathan Shaaban <86252985+nshaaban-cPacket@users.noreply.github.com> Co-authored-by: Rob Ede --- actix-web/CHANGES.md | 1 + actix-web/src/request.rs | 57 +++++++++++++++++++++++++++++++++++++++- 2 files changed, 57 insertions(+), 1 deletion(-) diff --git a/actix-web/CHANGES.md b/actix-web/CHANGES.md index 6c83d129b..7e82d095a 100644 --- a/actix-web/CHANGES.md +++ b/actix-web/CHANGES.md @@ -10,6 +10,7 @@ ### Changed - Handler functions can now receive up to 16 extractor parameters. +- Hide sensitive header values in `HttpRequest`'s `Debug` output. - Minimum supported Rust version (MSRV) is now 1.65 due to transitive `time` dependency. ## 4.3.1 - 2023-02-26 diff --git a/actix-web/src/request.rs b/actix-web/src/request.rs index 543c9dfbe..ece36a388 100644 --- a/actix-web/src/request.rs +++ b/actix-web/src/request.rs @@ -435,16 +435,28 @@ impl fmt::Debug for HttpRequest { self.inner.head.method, self.path() )?; + if !self.query_string().is_empty() { writeln!(f, " query: ?{:?}", self.query_string())?; } + if !self.match_info().is_empty() { writeln!(f, " params: {:?}", self.match_info())?; } + writeln!(f, " headers:")?; + for (key, val) in self.headers().iter() { - writeln!(f, " {:?}: {:?}", key, val)?; + match key { + // redact sensitive header values from debug output + &crate::http::header::AUTHORIZATION + | &crate::http::header::PROXY_AUTHORIZATION + | &crate::http::header::COOKIE => writeln!(f, " {:?}: {:?}", key, "*redacted*")?, + + _ => writeln!(f, " {:?}: {:?}", key, val)?, + } } + Ok(()) } } @@ -908,4 +920,47 @@ mod tests { let body = read_body(bar_resp).await; assert_eq!(body, "http://localhost:8080/bar/nested"); } + + #[test] + fn authorization_header_hidden_in_debug() { + let authorization_header = "Basic bXkgdXNlcm5hbWU6bXkgcGFzc3dvcmQK"; + let req = TestRequest::get() + .insert_header((crate::http::header::AUTHORIZATION, authorization_header)) + .to_http_request(); + + assert!(!format!("{:?}", req).contains(authorization_header)); + } + + #[test] + fn proxy_authorization_header_hidden_in_debug() { + let proxy_authorization_header = "secret value"; + let req = TestRequest::get() + .insert_header(( + crate::http::header::PROXY_AUTHORIZATION, + proxy_authorization_header, + )) + .to_http_request(); + + assert!(!format!("{:?}", req).contains(proxy_authorization_header)); + } + + #[test] + fn cookie_header_hidden_in_debug() { + let cookie_header = "secret"; + let req = TestRequest::get() + .insert_header((crate::http::header::COOKIE, cookie_header)) + .to_http_request(); + + assert!(!format!("{:?}", req).contains(cookie_header)); + } + + #[test] + fn other_header_visible_in_debug() { + let location_header = "192.0.0.1"; + let req = TestRequest::get() + .insert_header((crate::http::header::LOCATION, location_header)) + .to_http_request(); + + assert!(format!("{:?}", req).contains(location_header)); + } }