This crate provides a Cross-Site Request Forgery protection layer and middleware for use with the axum web framework.
The middleware implements the CSRF Synchronizer Token Pattern for AJAX backends and API endpoints as described in the OWASP CSRF prevention cheat sheet.
* provide links to axum-sessions and axum-login
* Update ECOSYSTEM.md
Co-authored-by: Jonas Platte <jplatte+git@posteo.de>
Co-authored-by: David Pedersen <david.pdrsn@gmail.com>
Co-authored-by: Jonas Platte <jplatte+git@posteo.de>
* Improve `debug_handler` to use the correct span for specific bounds
This results in better localised error messages, as they now point
directly to the corresponding argument instead of to the macro itself.
* Improve some error messages behind a `nightly-error-messages` feature
flag
This uses the nightly only `rustc_on_unimplemented` attribute to improve
some error messages when users try to use invalid handler functions.
This should be seen as prove of concept, not as full solution for all
potential error cases.
The underlying feature is currently marked as permanently unstable, but
I'm working on getting this specific attribute (or an attribute with
different name, similar functionality) ready to work on a stable compiler.
* Apply suggestions from code review
Co-authored-by: Jonas Platte <jplatte+git@posteo.de>
* Enable the `nightly-error-messages` feature unconditionally for nightly compilers
* Use a nightly compiler to run the axum-marcos compile fail tests
* update to newer nightly
* Run axum-macros tests on nightly
* tweak compile error hints a bit
* more tweaks
* update test
Co-authored-by: Jonas Platte <jplatte+git@posteo.de>
Co-authored-by: David Pedersen <david.pdrsn@gmail.com>
* Add `on_failed_upgrade` callback to `WebSocket`
Previously if upgrading a connection to a WebSocket connection failed
the background task would panic. There was no way to customize that so
users that might wanna report the error was out of luck.
Panicking also wasn't great because users might abort on panics which
would bring down the server.
* changelog
* Apply suggestions from code review
Co-authored-by: Jonas Platte <jplatte+git@posteo.de>
Co-authored-by: Jonas Platte <jplatte+git@posteo.de>
Previously
```rust
handler.layer(RequestBodyLimitLayer::new(...)).with_state(...)
```
didn't work because we required the same request body all the way
through.
* New release candidates
* Update axum/Cargo.toml
Co-authored-by: Jonas Platte <jplatte+git@posteo.de>
Co-authored-by: Jonas Platte <jplatte+git@posteo.de>
* Don't allow extracting `MatchedPath` for nested paths
* misc clean up
* Update docs
* changelog
* Apply suggestions from code review
Co-authored-by: Jonas Platte <jplatte+git@posteo.de>
* Add test for nested handler service
* change to `debug_assert`
* apply suggestions from review
Co-authored-by: Jonas Platte <jplatte+git@posteo.de>
* Change `FailedToDeserializeQueryString` rejection for `Form`
Its now called `FailedToDeserializeForm`.
* changelog
* Make dedicate rejection type for axum-extra's `Form`
* update trybuild test
* Make dedicate rejection type for axum-extra's `Query`
* add example of static-file-seriver using serve dit with handler as service
* update handle return type in example
Co-authored-by: David Pedersen <david.pdrsn@gmail.com>
* cargo fmt fix
* change error mapping
Co-authored-by: David Pedersen <david.pdrsn@gmail.com>
* Add example for `Router::inherit_state`
* clarification
* Update axum/src/routing/mod.rs
Co-authored-by: Jonas Platte <jplatte+git@posteo.de>
Co-authored-by: Jonas Platte <jplatte+git@posteo.de>
* Add RawForm extractor
* Change RawForm(String) to RawForm(Option<String>)
* Fix tests
* Use Bytes instead of Option<String> and add tests
* Add test for empty body
* Update CHANGELOG
* small docs tweaks
* changelog nit
Co-authored-by: David Pedersen <david.pdrsn@gmail.com>
* add `#[derive(FromRef)]`
* tests
* don't support skipping fields
probably wouldn't work at all since the whole state likely needs `Clone`
* UI tests
* changelog
* changelog link
* revert hello-world example, used for testing
* Re-export `#[derive(FromRef)]`
* Don't need to return `Result`
* use `collect` instead of quoting the iterator
* Mention it in axum's changelog