* Fix audit issue logging by default peer address
By default log format include remote address that is taken from headers.
This is very easy to replace making log untrusted.
Changing default log format value `%a` to peer address we are getting
this trusted data always. Also, remote address option is maintianed and
relegated to `%{r}a` value.
Related kanidm/kanidm#191.
* Rename peer/remote to remote_addr/realip_remote_addr
Change names to avoid naming confusions. I choose this accord to Nginx
variables and
[ngx_http_realip_module](https://nginx.org/en/docs/http/ngx_http_realip_module.html).
Add more specific documentation about security concerns of using Real IP
in logger.
* Rename security advertise header in doc
* Add fix audit issue logging by default peer adress to changelog
Co-authored-by: Rob Ede <robjtede@icloud.com>
For allowing a more ergonomic use and better integration on the
ecosystem, this adds the `std::error::Error` `impl` for our custom
errors.
We intent to drop this hand made code once `derive_more` finishes the
addition of the Error derive support[1]. Until that is available, we
need to live with that.
1. https://github.com/JelteF/derive_more/issues/92
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
* Use `OffsetDateTime` instead of `PrimitiveDateTime`
* Parse time strings with `PrimitiveDateTime::parse` instead of `OffsetDateTime::parse`
* Remove unused `time` dependency from actix-multipart
* Fix a few errors with time related tests from the `time` upgrade
* Implement logic to convert a RFC 850 two-digit year into a full length year, and organize time parsing related functions
* Upgrade `time` to 0.2.2
* Correctly parse C's asctime time format using time 0.2's new format patterns
* Update CHANGES.md
* Use `time` without any of its deprecated functions
* Enforce a UTC time offset when converting an `OffsetDateTime` into a Header value
* Use the more readable version of `Duration::seconds(0)`, `Duration::zero()`
* Remove unneeded conversion of time::Duration to std::time::Duration
* Use `OffsetDateTime::as_seconds_f64` instead of manually calculating the amount of seconds from nanoseconds
* Replace a few additional instances of `Duration::seconds(0)` with `Duration::zero()`
* Truncate any nanoseconds from a supplied `Duration` within `Cookie::set_max_age` to ensure two Cookies with the same amount whole seconds equate to one another
* Fix the actix-http:🍪:do_not_panic_on_large_max_ages test
* Convert `Cookie::max_age` and `Cookie::expires` examples to `time` 0.2
Mainly minor changes. Type inference can be used alongside the new
`time::parse` method, such that the type doesn't need to be specified.
This will be useful if a refactoring takes place that changes the type.
There are also new macros, which are used where possible.
One change that is not immediately obvious, in `HttpDate`, there was an
unnecessary conditional. As the time crate allows for negative durations
(and can perform arithmetic with such), the if/else can be removed
entirely.
Time v0.2.3 also has some bug fixes, which is why I am not using a more
general v0.2 in Cargo.toml.
v0.2.3 has been yanked, as it was backwards imcompatible. This version
reverts the breaking change, while still supporting rustc back to
1.34.0.
* Add missing `time::offset` macro import
* Fix type confusion when using `time::parse` followed by `using_offset`
* Update `time` to 0.2.5
* Update CHANGES.md
Co-authored-by: Jacob Pratt <the.z.cuber@gmail.com>
* Skip empty chucks for BodyStream and SizedStream when streaming response (#1267)
* Fix tests to fail on previous implementation
Co-authored-by: Yuki Okushi <huyuumi.dev@gmail.com>
* Replace sha1 dependency with sha-1
This other crate is being maintained, and it offers better performances
when using the `asm` feature (especially [on
AArch64](https://github.com/RustCrypto/hashes/pull/97)).
* Update CHANGES.md with the sha-1 migration
* Add a test for hash_key()
