Merge 31ff1ef12c into 8996198f2c

actix-files/CHANGES.md

@@ -2,6 +2,7 @@
 
 ## Unreleased
 
+- `PathBufWrap` & `UriSegmentError` made public.
 - Minimum supported Rust version (MSRV) is now 1.75.
 
 ## 0.6.6

actix-files/src/error.rs

@@ -21,6 +21,7 @@ impl ResponseError for FilesError {
     }
 }
 
+/// Error which can occur with parsing/validating a request-uri path
 #[derive(Debug, PartialEq, Eq, Display)]
 #[non_exhaustive]
 pub enum UriSegmentError {

actix-files/src/lib.rs

@@ -37,13 +37,12 @@ mod range;
 mod service;
 
 pub use self::{
-    chunked::ChunkedReadFile, directory::Directory, files::Files, named::NamedFile,
-    range::HttpRange, service::FilesService,
+    chunked::ChunkedReadFile, directory::Directory, error::UriSegmentError, files::Files,
+    named::NamedFile, path_buf::PathBufWrap, range::HttpRange, service::FilesService,
 };
 use self::{
     directory::{directory_listing, DirectoryRenderer},
     error::FilesError,
-    path_buf::PathBufWrap,
 };
 
 type HttpService = BoxService<ServiceRequest, ServiceResponse, Error>;

actix-files/src/path_buf.rs

@@ -8,8 +8,11 @@ use actix_web::{dev::Payload, FromRequest, HttpRequest};
 
 use crate::error::UriSegmentError;
 
+/// Secure Path Traversal Guard
+///
+/// This struct parses a request-uri [`PathBuf`](std::path::PathBuf)
 #[derive(Debug, PartialEq, Eq)]
-pub(crate) struct PathBufWrap(PathBuf);
+pub struct PathBufWrap(PathBuf);
 
 impl FromStr for PathBufWrap {
     type Err = UriSegmentError;
@@ -20,6 +23,15 @@ impl FromStr for PathBufWrap {
 }
 
 impl PathBufWrap {
+    /// Parse a safe path from a supplied [`HttpRequest`](actix_web::HttpRequest),
+    /// given the choice of allowing hiddden files to be considered valid segments.
+    ///
+    /// Path traversal is guarded by this method.
+    #[inline]
+    pub fn parse_req(req: &HttpRequest, hidden_files: bool) -> Result<Self, UriSegmentError> {
+        Self::parse_path(req.match_info().unprocessed(), hidden_files)
+    }
+
     /// Parse a path, giving the choice of allowing hidden files to be considered valid segments.
     ///
     /// Path traversal is guarded by this method.

actix-http/Cargo.toml

@@ -17,7 +17,6 @@ edition.workspace = true
 rust-version.workspace = true
 
 [package.metadata.docs.rs]
-rustdoc-args = ["--cfg", "docsrs"]
 features = [
   "http2",
   "ws",
@@ -119,7 +118,7 @@ tokio-util = { version = "0.7", features = ["io", "codec"] }
 tracing = { version = "0.1.30", default-features = false, features = ["log"] }
 
 # http2
-h2 = { version = "0.3.26", optional = true }
+h2 = { version = "0.3.27", optional = true }
 
 # websockets
 base64 = { version = "0.22", optional = true }

actix-multipart-derive/Cargo.toml

@@ -11,7 +11,6 @@ edition.workspace = true
 rust-version.workspace = true
 
 [package.metadata.docs.rs]
-rustdoc-args = ["--cfg", "docsrs"]
 all-features = true
 
 [lib]

actix-multipart/Cargo.toml

@@ -14,7 +14,6 @@ license.workspace = true
 edition.workspace = true
 
 [package.metadata.docs.rs]
-rustdoc-args = ["--cfg", "docsrs"]
 all-features = true
 
 [package.metadata.cargo_check_external_types]

actix-web/Cargo.toml

@@ -17,7 +17,6 @@ edition.workspace = true
 rust-version.workspace = true
 
 [package.metadata.docs.rs]
-rustdoc-args = ["--cfg", "docsrs"]
 features = [
   "macros",
   "openssl",

awc/Cargo.toml

@@ -16,7 +16,6 @@ license = "MIT OR Apache-2.0"
 edition = "2021"
 
 [package.metadata.docs.rs]
-rustdoc-args = ["--cfg", "docsrs"]
 features = [
     "cookies",
     "openssl",
@@ -109,7 +108,7 @@ cfg-if = "1"
 derive_more = { version = "2", features = ["display", "error", "from"] }
 futures-core = { version = "0.3.17", default-features = false, features = ["alloc"] }
 futures-util = { version = "0.3.17", default-features = false, features = ["alloc", "sink"] }
-h2 = "0.3.26"
+h2 = "0.3.27"
 http = "0.2.7"
 itoa = "1"
 log = "0.4"

scripts/bump

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # developed on macOS and probably doesn't work on Linux yet due to minor
 # differences in flags on sed

scripts/ci-test

@@ -1,38 +0,0 @@
-#!/bin/sh
-
-# run tests matching what CI does for non-linux feature sets
-
-set -x
-
-EXIT=0
-
-save_exit_code() {
-    eval $@
-    local CMD_EXIT=$?
-    [ "$CMD_EXIT" = "0" ] || EXIT=$CMD_EXIT
-}
-
-save_exit_code cargo test --lib --tests -p=actix-router --all-features -- --nocapture
-save_exit_code cargo test --lib --tests -p=actix-http --all-features -- --nocapture
-save_exit_code cargo test --lib --tests -p=actix-web --features=rustls,openssl -- --nocapture
-save_exit_code cargo test --lib --tests -p=actix-web-codegen --all-features -- --nocapture
-save_exit_code cargo test --lib --tests -p=awc --all-features -- --nocapture
-save_exit_code cargo test --lib --tests -p=actix-http-test --all-features -- --nocapture
-save_exit_code cargo test --lib --tests -p=actix-test --all-features -- --nocapture
-save_exit_code cargo test --lib --tests -p=actix-files -- --nocapture
-save_exit_code cargo test --lib --tests -p=actix-multipart --all-features -- --nocapture
-save_exit_code cargo test --lib --tests -p=actix-web-actors --all-features -- --nocapture
-
-save_exit_code cargo test --workspace --doc
-
-if [ "$EXIT" = "0" ]; then
-    PASSED="All tests passed!"
-
-    if [ "$(command -v figlet)" ]; then
-        figlet "$PASSED"
-    else
-        echo "$PASSED"
-    fi
-fi
-
-exit $EXIT

scripts/publish

@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+
+set -Euo pipefail
+
+for dir in $@; do
+    cd "$dir"
+    
+    cargo publish --dry-run
+
+    read -p "Look okay? "
+    read -p "Sure? "
+    
+    cargo publish
+
+    if [ $? -ne 0 ]; then
+        echo
+        read -p "Was the above error caused by cyclic dev-deps? Choosing yes will publish without a git backreference. (y/N) " publish_no_dev_deps
+
+        if [[ "$publish_no_dev_deps" == "y" || "$publish_no_dev_deps" == "Y" ]]; then
+            cargo hack --no-dev-deps publish --allow-dirty
+        fi
+    fi
+
+    cd ..
+done