chio-http-core 0.1.0

Protocol-agnostic HTTP security types for the Chio kernel
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82

//! HTTP method enumeration for Chio request evaluation.

use serde::{Deserialize, Serialize};

/// HTTP method. Used to determine default policy (GET = session-scoped allow,
/// POST/PUT/PATCH/DELETE = deny without capability).
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash, Serialize, Deserialize)]
#[serde(rename_all = "UPPERCASE")]
pub enum HttpMethod {
    Get,
    Post,
    Put,
    Patch,
    Delete,
    Head,
    Options,
}

impl HttpMethod {
    /// Whether this method is considered side-effect-free by default.
    /// Side-effect-free methods get session-scoped allow; others require
    /// explicit capability grants.
    #[must_use]
    pub fn is_safe(&self) -> bool {
        matches!(self, Self::Get | Self::Head | Self::Options)
    }

    /// Whether this method requires an explicit capability grant by default.
    #[must_use]
    pub fn requires_capability(&self) -> bool {
        !self.is_safe()
    }
}

impl std::fmt::Display for HttpMethod {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        match self {
            Self::Get => write!(f, "GET"),
            Self::Post => write!(f, "POST"),
            Self::Put => write!(f, "PUT"),
            Self::Patch => write!(f, "PATCH"),
            Self::Delete => write!(f, "DELETE"),
            Self::Head => write!(f, "HEAD"),
            Self::Options => write!(f, "OPTIONS"),
        }
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn safe_methods() {
        assert!(HttpMethod::Get.is_safe());
        assert!(HttpMethod::Head.is_safe());
        assert!(HttpMethod::Options.is_safe());
    }

    #[test]
    fn unsafe_methods_require_capability() {
        assert!(HttpMethod::Post.requires_capability());
        assert!(HttpMethod::Put.requires_capability());
        assert!(HttpMethod::Patch.requires_capability());
        assert!(HttpMethod::Delete.requires_capability());
    }

    #[test]
    fn display_uppercase() {
        assert_eq!(HttpMethod::Get.to_string(), "GET");
        assert_eq!(HttpMethod::Delete.to_string(), "DELETE");
    }

    #[test]
    fn serde_roundtrip() {
        let method = HttpMethod::Post;
        let json = serde_json::to_string(&method).unwrap();
        assert_eq!(json, "\"POST\"");
        let back: HttpMethod = serde_json::from_str(&json).unwrap();
        assert_eq!(back, method);
    }
}