pub struct CookieJar<'a> { /* private fields */ }
Expand description
Collection of one or more HTTP cookies.
CookieJar
allows for retrieval of cookies from an incoming request. It
also tracks modifications (additions and removals) and marks them as
pending.
§Pending
Changes to a CookieJar
are not visible via the normal get()
and
get_private()
methods. This is typically the desired effect as a
CookieJar
always reflects the cookies in an incoming request. In cases
where this is not desired, the get_pending()
method is available, which
always returns the latest changes.
use rocket::http::{CookieJar, Cookie};
#[get("/message")]
fn message(jar: &CookieJar<'_>) {
jar.add(("message", "hello!"));
jar.add(Cookie::build(("session", "bye!")).expires(None));
// `get()` does not reflect changes.
assert!(jar.get("session").is_none());
assert_eq!(jar.get("message").map(|c| c.value()), Some("hi"));
// `get_pending()` does.
let session_pending = jar.get_pending("session");
let message_pending = jar.get_pending("message");
assert_eq!(session_pending.as_ref().map(|c| c.value()), Some("bye!"));
assert_eq!(message_pending.as_ref().map(|c| c.value()), Some("hello!"));
}
§Usage
A type of &CookieJar
can be retrieved via its FromRequest
implementation
as a request guard or via the Request::cookies()
method. Individual
cookies can be retrieved via the get()
and get_private()
methods.
Pending changes can be observed via the get_pending()
method. Cookies
can be added or removed via the add()
, add_private()
, remove()
,
and remove_private()
methods.
§Examples
The following example shows &CookieJar
being used as a request guard in a
handler to retrieve the value of a “message” cookie.
use rocket::http::CookieJar;
#[get("/message")]
fn message<'a>(jar: &'a CookieJar<'_>) -> Option<&'a str> {
jar.get("message").map(|cookie| cookie.value())
}
The following snippet shows &CookieJar
being retrieved from a Request
in
a custom request guard implementation for User
. A private cookie
containing a user’s ID is retrieved. If the cookie exists and the ID parses
as an integer, a User
structure is validated. Otherwise, the guard
forwards.
use rocket::http::Status;
use rocket::request::{self, Request, FromRequest};
use rocket::outcome::IntoOutcome;
// In practice, we'd probably fetch the user from the database.
struct User(usize);
#[rocket::async_trait]
impl<'r> FromRequest<'r> for User {
type Error = std::convert::Infallible;
async fn from_request(request: &'r Request<'_>) -> request::Outcome<Self, Self::Error> {
request.cookies()
.get_private("user_id")
.and_then(|c| c.value().parse().ok())
.map(|id| User(id))
.or_forward(Status::Unauthorized)
}
}
§Private Cookies
Private cookies are just like regular cookies except that they are encrypted using authenticated encryption, a form of encryption which simultaneously provides confidentiality, integrity, and authenticity. This means that private cookies cannot be inspected, tampered with, or manufactured by clients. If you prefer, you can think of private cookies as being signed and encrypted.
Private cookies can be retrieved, added, and removed from a CookieJar
collection via the get_private()
, add_private()
, and
remove_private()
methods.
§Encryption Key
To encrypt private cookies, Rocket uses the 256-bit key specified in the
secret_key
configuration parameter. If one is not specified, Rocket will
automatically generate a fresh key. Note, however, that a private cookie can
only be decrypted with the same key with which it was encrypted. As such, it
is important to set a secret_key
configuration parameter when using
private cookies so that cookies decrypt properly after an application
restart. Rocket will emit a warning if an application is run in production
mode without a configured secret_key
.
Generating a string suitable for use as a secret_key
configuration value
is usually done through tools like openssl
. Using openssl
, for instance,
a 256-bit base64 key can be generated with the command openssl rand -base64 32
.
Implementations§
source§impl<'a> CookieJar<'a>
impl<'a> CookieJar<'a>
sourcepub fn get(&self, name: &str) -> Option<&Cookie<'static>>
pub fn get(&self, name: &str) -> Option<&Cookie<'static>>
Returns a reference to the original Cookie
inside this container
with the name name
. If no such cookie exists, returns None
.
Note: This method does not observe changes made via additions and
removals to the cookie jar. To observe those changes, use
CookieJar::get_pending()
.
§Example
use rocket::http::CookieJar;
#[get("/")]
fn handler(jar: &CookieJar<'_>) {
let cookie = jar.get("name");
}
sourcepub fn get_private(&self, name: &str) -> Option<Cookie<'static>>
Available on crate feature secrets
only.
pub fn get_private(&self, name: &str) -> Option<Cookie<'static>>
secrets
only.Retrieves the original Cookie
inside this collection with the name
name
and authenticates and decrypts the cookie’s value. If the cookie
cannot be found, or the cookie fails to authenticate or decrypt, None
is returned.
Note: This method does not observe changes made via additions and
removals to the cookie jar. To observe those changes, use
CookieJar::get_pending()
.
§Example
use rocket::http::CookieJar;
#[get("/")]
fn handler(jar: &CookieJar<'_>) {
let cookie = jar.get_private("name");
}
sourcepub fn get_pending(&self, name: &str) -> Option<Cookie<'static>>
pub fn get_pending(&self, name: &str) -> Option<Cookie<'static>>
Returns a reference to the original or pending Cookie
inside this
container with the name name
, irrespective of whether the cookie was
private or not. If no such cookie exists, returns None
.
In general, due to performance overhead, calling this method should be
avoided if it is known that a cookie called name
is not pending.
Instead, prefer to use CookieJar::get()
or
CookieJar::get_private()
.
§Example
use rocket::http::CookieJar;
#[get("/")]
fn handler(jar: &CookieJar<'_>) {
let pending_cookie = jar.get_pending("name");
}
sourcepub fn add<C: Into<Cookie<'static>>>(&self, cookie: C)
pub fn add<C: Into<Cookie<'static>>>(&self, cookie: C)
Adds cookie
to this collection.
Unless a value is set for the given property, the following defaults are
set on cookie
before being added to self
:
path
:"/"
SameSite
:Strict
Furthermore, if TLS is enabled, the Secure
cookie flag is set.
§Example
use rocket::http::{Cookie, SameSite, CookieJar};
#[get("/")]
fn handler(jar: &CookieJar<'_>) {
jar.add(("first", "value"));
let cookie = Cookie::build(("other", "value_two"))
.path("/")
.secure(true)
.same_site(SameSite::Lax);
jar.add(cookie);
}
sourcepub fn add_private<C: Into<Cookie<'static>>>(&self, cookie: C)
Available on crate feature secrets
only.
pub fn add_private<C: Into<Cookie<'static>>>(&self, cookie: C)
secrets
only.Adds cookie
to the collection. The cookie’s value is encrypted with
authenticated encryption assuring confidentiality, integrity, and
authenticity. The cookie can later be retrieved using
get_private
and removed using
remove_private
.
Unless a value is set for the given property, the following defaults are
set on cookie
before being added to self
:
path
:"/"
SameSite
:Strict
HttpOnly
:true
Expires
: 1 week from now
Furthermore, if TLS is enabled, the Secure
cookie flag is set. These
defaults ensure maximum usability and security. For additional security,
you may wish to set the secure
flag.
§Example
use rocket::http::CookieJar;
#[get("/")]
fn handler(jar: &CookieJar<'_>) {
jar.add_private(("name", "value"));
}
sourcepub fn remove<C: Into<Cookie<'static>>>(&self, cookie: C)
pub fn remove<C: Into<Cookie<'static>>>(&self, cookie: C)
Removes cookie
from this collection and generates a “removal” cookie
to send to the client on response. A “removal” cookie is a cookie that
has the same name as the original cookie but has an empty value, a
max-age of 0, and an expiration date far in the past.
For successful removal, cookie
must contain the same path
and
domain
as the cookie that was originally set. The cookie will fail to
be deleted if any other path
and domain
are provided. For
convenience, a path of "/"
is automatically set when one is not
specified. The full list of defaults when corresponding values aren’t
specified is:
path
:"/"
SameSite
:Lax
Note: a default setting of Lax
for SameSite
carries no
security implications: the removal cookie has expired, so it is never
transferred to any origin.
§Example
use rocket::http::{Cookie, CookieJar};
#[get("/")]
fn handler(jar: &CookieJar<'_>) {
// `path` and `SameSite` are set to defaults (`/` and `Lax`)
jar.remove("name");
// Use a custom-built cookie to set a custom path.
jar.remove(Cookie::build("name").path("/login"));
// Use a custom-built cookie to set a custom path and domain.
jar.remove(Cookie::build("id").path("/guide").domain("rocket.rs"));
}
sourcepub fn remove_private<C: Into<Cookie<'static>>>(&self, cookie: C)
Available on crate feature secrets
only.
pub fn remove_private<C: Into<Cookie<'static>>>(&self, cookie: C)
secrets
only.Removes the private cookie
from the collection.
For successful removal, cookie
must contain the same path
and
domain
as the cookie that was originally set. The cookie will fail to
be deleted if any other path
and domain
are provided. For
convenience, a path of "/"
is automatically set when one is not
specified. The full list of defaults when corresponding values aren’t
specified is:
path
:"/"
SameSite
:Lax
Note: a default setting of Lax
for SameSite
carries no
security implications: the removal cookie has expired, so it is never
transferred to any origin.
§Example
use rocket::http::{CookieJar, Cookie};
#[get("/")]
fn handler(jar: &CookieJar<'_>) {
// `path` and `SameSite` are set to defaults (`/` and `Lax`)
jar.remove_private("name");
// Use a custom-built cookie to set a custom path.
jar.remove_private(Cookie::build("name").path("/login"));
// Use a custom-built cookie to set a custom path and domain.
let cookie = Cookie::build("id").path("/guide").domain("rocket.rs");
jar.remove_private(cookie);
}
sourcepub fn iter(&self) -> impl Iterator<Item = &Cookie<'static>>
pub fn iter(&self) -> impl Iterator<Item = &Cookie<'static>>
Returns an iterator over all of the original cookies present in this collection.
Note: This method does not observe changes made via additions and removals to the cookie jar.
§Example
use rocket::http::CookieJar;
#[get("/")]
fn handler(jar: &CookieJar<'_>) {
for c in jar.iter() {
println!("Name: {:?}, Value: {:?}", c.name(), c.value());
}
}
Trait Implementations§
source§impl<'r> FromRequest<'r> for &'r CookieJar<'r>
impl<'r> FromRequest<'r> for &'r CookieJar<'r>
§type Error = Infallible
type Error = Infallible
Auto Trait Implementations§
impl<'a> !Freeze for CookieJar<'a>
impl<'a> !RefUnwindSafe for CookieJar<'a>
impl<'a> Send for CookieJar<'a>
impl<'a> Sync for CookieJar<'a>
impl<'a> Unpin for CookieJar<'a>
impl<'a> UnwindSafe for CookieJar<'a>
Blanket Implementations§
source§impl<'a, T> AsTaggedExplicit<'a> for Twhere
T: 'a,
impl<'a, T> AsTaggedExplicit<'a> for Twhere
T: 'a,
source§impl<'a, T> AsTaggedImplicit<'a> for Twhere
T: 'a,
impl<'a, T> AsTaggedImplicit<'a> for Twhere
T: 'a,
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
source§impl<T> Instrument for T
impl<T> Instrument for T
source§fn instrument(self, span: Span) -> Instrumented<Self> ⓘ
fn instrument(self, span: Span) -> Instrumented<Self> ⓘ
source§fn in_current_span(self) -> Instrumented<Self> ⓘ
fn in_current_span(self) -> Instrumented<Self> ⓘ
source§impl<T> IntoCollection<T> for T
impl<T> IntoCollection<T> for T
source§impl<T> IntoEither for T
impl<T> IntoEither for T
source§fn into_either(self, into_left: bool) -> Either<Self, Self> ⓘ
fn into_either(self, into_left: bool) -> Either<Self, Self> ⓘ
self
into a Left
variant of Either<Self, Self>
if into_left
is true
.
Converts self
into a Right
variant of Either<Self, Self>
otherwise. Read moresource§fn into_either_with<F>(self, into_left: F) -> Either<Self, Self> ⓘ
fn into_either_with<F>(self, into_left: F) -> Either<Self, Self> ⓘ
self
into a Left
variant of Either<Self, Self>
if into_left(&self)
returns true
.
Converts self
into a Right
variant of Either<Self, Self>
otherwise. Read moresource§impl<T> Paint for Twhere
T: ?Sized,
impl<T> Paint for Twhere
T: ?Sized,
source§fn fg(&self, value: Color) -> Painted<&T>
fn fg(&self, value: Color) -> Painted<&T>
Returns a styled value derived from self
with the foreground set to
value
.
This method should be used rarely. Instead, prefer to use color-specific
builder methods like red()
and
green()
, which have the same functionality but are
pithier.
§Example
Set foreground color to white using fg()
:
use yansi::{Paint, Color};
painted.fg(Color::White);
Set foreground color to white using white()
.
use yansi::Paint;
painted.white();
source§fn bright_black(&self) -> Painted<&T>
fn bright_black(&self) -> Painted<&T>
Returns self
with the
fg()
set to
Color::BrightBlack
.
§Example
println!("{}", value.bright_black());
source§fn bright_red(&self) -> Painted<&T>
fn bright_red(&self) -> Painted<&T>
source§fn bright_green(&self) -> Painted<&T>
fn bright_green(&self) -> Painted<&T>
Returns self
with the
fg()
set to
Color::BrightGreen
.
§Example
println!("{}", value.bright_green());
source§fn bright_yellow(&self) -> Painted<&T>
fn bright_yellow(&self) -> Painted<&T>
Returns self
with the
fg()
set to
Color::BrightYellow
.
§Example
println!("{}", value.bright_yellow());
source§fn bright_blue(&self) -> Painted<&T>
fn bright_blue(&self) -> Painted<&T>
source§fn bright_magenta(&self) -> Painted<&T>
fn bright_magenta(&self) -> Painted<&T>
Returns self
with the
fg()
set to
Color::BrightMagenta
.
§Example
println!("{}", value.bright_magenta());
source§fn bright_cyan(&self) -> Painted<&T>
fn bright_cyan(&self) -> Painted<&T>
source§fn bright_white(&self) -> Painted<&T>
fn bright_white(&self) -> Painted<&T>
Returns self
with the
fg()
set to
Color::BrightWhite
.
§Example
println!("{}", value.bright_white());
source§fn bg(&self, value: Color) -> Painted<&T>
fn bg(&self, value: Color) -> Painted<&T>
Returns a styled value derived from self
with the background set to
value
.
This method should be used rarely. Instead, prefer to use color-specific
builder methods like on_red()
and
on_green()
, which have the same functionality but
are pithier.
§Example
Set background color to red using fg()
:
use yansi::{Paint, Color};
painted.bg(Color::Red);
Set background color to red using on_red()
.
use yansi::Paint;
painted.on_red();
source§fn on_primary(&self) -> Painted<&T>
fn on_primary(&self) -> Painted<&T>
source§fn on_magenta(&self) -> Painted<&T>
fn on_magenta(&self) -> Painted<&T>
source§fn on_bright_black(&self) -> Painted<&T>
fn on_bright_black(&self) -> Painted<&T>
Returns self
with the
bg()
set to
Color::BrightBlack
.
§Example
println!("{}", value.on_bright_black());
source§fn on_bright_red(&self) -> Painted<&T>
fn on_bright_red(&self) -> Painted<&T>
source§fn on_bright_green(&self) -> Painted<&T>
fn on_bright_green(&self) -> Painted<&T>
Returns self
with the
bg()
set to
Color::BrightGreen
.
§Example
println!("{}", value.on_bright_green());
source§fn on_bright_yellow(&self) -> Painted<&T>
fn on_bright_yellow(&self) -> Painted<&T>
Returns self
with the
bg()
set to
Color::BrightYellow
.
§Example
println!("{}", value.on_bright_yellow());
source§fn on_bright_blue(&self) -> Painted<&T>
fn on_bright_blue(&self) -> Painted<&T>
Returns self
with the
bg()
set to
Color::BrightBlue
.
§Example
println!("{}", value.on_bright_blue());
source§fn on_bright_magenta(&self) -> Painted<&T>
fn on_bright_magenta(&self) -> Painted<&T>
Returns self
with the
bg()
set to
Color::BrightMagenta
.
§Example
println!("{}", value.on_bright_magenta());
source§fn on_bright_cyan(&self) -> Painted<&T>
fn on_bright_cyan(&self) -> Painted<&T>
Returns self
with the
bg()
set to
Color::BrightCyan
.
§Example
println!("{}", value.on_bright_cyan());
source§fn on_bright_white(&self) -> Painted<&T>
fn on_bright_white(&self) -> Painted<&T>
Returns self
with the
bg()
set to
Color::BrightWhite
.
§Example
println!("{}", value.on_bright_white());
source§fn attr(&self, value: Attribute) -> Painted<&T>
fn attr(&self, value: Attribute) -> Painted<&T>
Enables the styling Attribute
value
.
This method should be used rarely. Instead, prefer to use
attribute-specific builder methods like bold()
and
underline()
, which have the same functionality
but are pithier.
§Example
Make text bold using attr()
:
use yansi::{Paint, Attribute};
painted.attr(Attribute::Bold);
Make text bold using using bold()
.
use yansi::Paint;
painted.bold();
source§fn underline(&self) -> Painted<&T>
fn underline(&self) -> Painted<&T>
Returns self
with the
attr()
set to
Attribute::Underline
.
§Example
println!("{}", value.underline());
source§fn rapid_blink(&self) -> Painted<&T>
fn rapid_blink(&self) -> Painted<&T>
Returns self
with the
attr()
set to
Attribute::RapidBlink
.
§Example
println!("{}", value.rapid_blink());
source§fn quirk(&self, value: Quirk) -> Painted<&T>
fn quirk(&self, value: Quirk) -> Painted<&T>
Enables the yansi
Quirk
value
.
This method should be used rarely. Instead, prefer to use quirk-specific
builder methods like mask()
and
wrap()
, which have the same functionality but are
pithier.
§Example
Enable wrapping using .quirk()
:
use yansi::{Paint, Quirk};
painted.quirk(Quirk::Wrap);
Enable wrapping using wrap()
.
use yansi::Paint;
painted.wrap();
source§fn clear(&self) -> Painted<&T>
👎Deprecated since 1.0.1: renamed to resetting()
due to conflicts with Vec::clear()
.
The clear()
method will be removed in a future release.
fn clear(&self) -> Painted<&T>
resetting()
due to conflicts with Vec::clear()
.
The clear()
method will be removed in a future release.source§fn whenever(&self, value: Condition) -> Painted<&T>
fn whenever(&self, value: Condition) -> Painted<&T>
Conditionally enable styling based on whether the Condition
value
applies. Replaces any previous condition.
See the crate level docs for more details.
§Example
Enable styling painted
only when both stdout
and stderr
are TTYs:
use yansi::{Paint, Condition};
painted.red().on_yellow().whenever(Condition::STDOUTERR_ARE_TTY);