bump base64 from 0.13.0 to 0.21.0

poem-web · Feb 2, 2023 · a29ad29 · a29ad29
1 parent 953361e
commit a29ad29
Show file tree

Hide file tree

Showing 8 changed files with 26 additions and 24 deletions.
diff --git a/poem-grpc/src/metadata.rs b/poem-grpc/src/metadata.rs
@@ -2,6 +2,7 @@
 
 use std::str::FromStr;
 
+use base64::engine::{general_purpose::STANDARD_NO_PAD, Engine};
 use hyper::header::HeaderName;
 use poem::http::{HeaderMap, HeaderValue};
 
@@ -75,7 +76,7 @@ impl Metadata {
     pub fn get_bin(&self, key: impl AsRef<str>) -> Option<Vec<u8>> {
         self.headers
             .get(format!("{}-bin", key.as_ref()))
-            .and_then(|value| base64::decode_config(value.as_bytes(), base64::STANDARD_NO_PAD).ok())
+            .and_then(|value| STANDARD_NO_PAD.decode(value.as_bytes()).ok())
     }
 
     /// Returns a view of all ascii values associated with a key.
@@ -123,8 +124,7 @@ impl Metadata {
     pub fn append_bin(&mut self, key: impl AsRef<str>, value: impl AsRef<[u8]>) {
         self.headers.append(
             HeaderName::from_str(&format!("{}-bin", key.as_ref())).expect("valid name"),
-            HeaderValue::from_maybe_shared(base64::encode_config(value, base64::STANDARD_NO_PAD))
-                .expect("valid value"),
+            HeaderValue::from_maybe_shared(STANDARD_NO_PAD.encode(value)).expect("valid value"),
         );
     }
 
@@ -140,8 +140,7 @@ impl Metadata {
     pub fn insert_bin(&mut self, key: impl AsRef<str>, value: impl AsRef<[u8]>) {
         self.headers.insert(
             HeaderName::from_str(&format!("{}-bin", key.as_ref())).expect("valid name"),
-            HeaderValue::from_maybe_shared(base64::encode_config(value, base64::STANDARD_NO_PAD))
-                .expect("valid value"),
+            HeaderValue::from_maybe_shared(STANDARD_NO_PAD.encode(value)).expect("valid value"),
         );
     }
 }
@@ -174,7 +173,7 @@ impl<'a> Iterator for GetBinaryAll<'a> {
 
     fn next(&mut self) -> Option<Self::Item> {
         for value in &mut self.iter {
-            if let Ok(value) = base64::decode_config(value.as_bytes(), base64::STANDARD_NO_PAD) {
+            if let Ok(value) = STANDARD_NO_PAD.decode(value.as_bytes()) {
                 return Some(value);
             }
         }

diff --git a/poem-openapi/src/payload/mod.rs b/poem-openapi/src/payload/mod.rs
@@ -25,6 +25,7 @@ pub use self::{
     plain_text::PlainText,
     response::Response,
     xml::Xml,
+    yaml::Yaml,
 };
 use crate::registry::{MetaSchemaRef, Registry};
 

diff --git a/poem/Cargo.toml b/poem/Cargo.toml
@@ -151,7 +151,7 @@ x509-parser = { version = "0.14.0", optional = true }
 tokio-metrics = { version = "0.1.0", optional = true }
 rust-embed = { version = "6.3", optional = true }
 hex = { version = "0.4", optional = true }
-quick-xml = { version = "0.27.1", optional = true, features = ["serialize"] }
+quick-xml = { version = "0.26.0", optional = true, features = ["serialize"] }
 serde_yaml = { version = "0.9", optional = true }
 
 # Feature optional dependencies

diff --git a/poem/src/listener/acme/client.rs b/poem/src/listener/acme/client.rs
@@ -3,7 +3,7 @@ use std::{
     sync::Arc,
 };
 
-use base64::URL_SAFE_NO_PAD;
+use base64::{engine::general_purpose::URL_SAFE_NO_PAD, Engine};
 use http::{header, Uri};
 use hyper::{client::HttpConnector, Client};
 use hyper_rustls::{HttpsConnector, HttpsConnectorBuilder};
@@ -158,7 +158,7 @@ impl AcmeClient {
             &nonce,
             url,
             Some(CsrRequest {
-                csr: base64::encode_config(csr, URL_SAFE_NO_PAD),
+                csr: URL_SAFE_NO_PAD.encode(csr),
             }),
         )
         .await

diff --git a/poem/src/listener/acme/jose.rs b/poem/src/listener/acme/jose.rs
@@ -1,6 +1,6 @@
 use std::io::{Error as IoError, ErrorKind, Result as IoResult};
 
-use base64::URL_SAFE_NO_PAD;
+use base64::{engine::general_purpose::URL_SAFE_NO_PAD, Engine};
 use http::{Method, Uri};
 use hyper::{client::HttpConnector, Client};
 use hyper_rustls::HttpsConnector;
@@ -37,7 +37,7 @@ impl<'a> Protected<'a> {
         let protected = serde_json::to_vec(&protected).map_err(|err| {
             IoError::new(ErrorKind::Other, format!("failed to encode jwt: {err}"))
         })?;
-        Ok(base64::encode_config(protected, URL_SAFE_NO_PAD))
+        Ok(URL_SAFE_NO_PAD.encode(protected))
     }
 }
 
@@ -60,8 +60,8 @@ impl Jwk {
             crv: "P-256",
             kty: "EC",
             u: "sig",
-            x: base64::encode_config(x, URL_SAFE_NO_PAD),
-            y: base64::encode_config(y, URL_SAFE_NO_PAD),
+            x: URL_SAFE_NO_PAD.encode(x),
+            y: URL_SAFE_NO_PAD.encode(y),
         }
     }
 
@@ -84,7 +84,7 @@ impl Jwk {
             IoError::new(ErrorKind::Other, format!("failed to encode jwt: {err}"))
         })?;
         let hash = sha256(json);
-        Ok(base64::encode_config(hash, URL_SAFE_NO_PAD))
+        Ok(URL_SAFE_NO_PAD.encode(hash))
     }
 }
 
@@ -118,9 +118,9 @@ pub(crate) async fn request(
         })?,
         None => Vec::new(),
     };
-    let payload = base64::encode_config(payload, URL_SAFE_NO_PAD);
+    let payload = URL_SAFE_NO_PAD.encode(payload);
     let combined = format!("{}.{}", &protected, &payload);
-    let signature = base64::encode_config(key_pair.sign(combined.as_bytes())?, URL_SAFE_NO_PAD);
+    let signature = URL_SAFE_NO_PAD.encode(key_pair.sign(combined.as_bytes())?);
     let body = serde_json::to_vec(&Body {
         protected,
         payload,

diff --git a/poem/src/middleware/csrf.rs b/poem/src/middleware/csrf.rs
@@ -1,5 +1,6 @@
 use std::{sync::Arc, time::Duration};
 
+use base64::{engine::general_purpose::STANDARD, Engine};
 use libcsrf::{
     AesGcmCsrfProtection, CsrfCookie as RawCsrfCookie, CsrfProtection, CsrfToken as RawCsrfToken,
     UnencryptedCsrfCookie,
@@ -206,13 +207,13 @@ impl<E: Endpoint> Endpoint for CsrfEndpoint<E> {
         let existing_cookie = req
             .cookie()
             .get(&self.cookie_name)
-            .and_then(|cookie| base64::decode(cookie.value_str()).ok())
+            .and_then(|cookie| STANDARD.decode(cookie.value_str()).ok())
             .and_then(|value| self.protect.parse_cookie(&value).ok());
 
         let (token, cookie) = self.generate_token(existing_cookie.as_ref());
         let csrf_cookie = {
             let mut cookie =
-                Cookie::new_with_str(&self.cookie_name, base64::encode(cookie.value()));
+                Cookie::new_with_str(&self.cookie_name, STANDARD.encode(cookie.value()));
             cookie.set_secure(self.secure);
             cookie.set_http_only(self.http_only);
             cookie.set_same_site(self.same_site);
@@ -222,7 +223,7 @@ impl<E: Endpoint> Endpoint for CsrfEndpoint<E> {
 
         req.cookie().add(csrf_cookie);
         req.extensions_mut()
-            .insert(CsrfToken(base64::encode(token.value())));
+            .insert(CsrfToken(STANDARD.encode(token.value())));
         req.extensions_mut()
             .insert(CsrfVerifier::new(existing_cookie, self.protect.clone()));
 
@@ -291,14 +292,14 @@ mod tests {
             .unwrap();
         let token = resp.into_body().into_string().await.unwrap();
 
-        let mut token = base64::decode(token).unwrap();
+        let mut token = STANDARD.decode(token).unwrap();
         token[0] = token[0].wrapping_add(1);
 
         assert_eq!(
             app.call(
                 Request::builder()
                     .method(Method::POST)
-                    .header(CSRF_TOKEN_NAME, base64::encode(token))
+                    .header(CSRF_TOKEN_NAME, STANDARD.encode(token))
                     .header(header::COOKIE, cookie)
                     .finish(),
             )

diff --git a/poem/src/session/server_session.rs b/poem/src/session/server_session.rs
@@ -1,6 +1,6 @@
 use std::sync::Arc;
 
-use base64::URL_SAFE_NO_PAD;
+use base64::{engine::general_purpose::URL_SAFE_NO_PAD, Engine};
 use rand::{thread_rng, Rng};
 
 use crate::{
@@ -42,7 +42,7 @@ impl<T: SessionStorage, E: Endpoint> Middleware<E> for ServerSession<T> {
 /// [OWASP recommendations]: https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#session-id-entropy
 fn generate_session_id() -> String {
     let random_bytes = thread_rng().gen::<[u8; 32]>();
-    base64::encode_config(random_bytes, URL_SAFE_NO_PAD)
+    URL_SAFE_NO_PAD.encode(random_bytes)
 }
 
 /// Endpoint for `ServerSession` middleware.

diff --git a/poem/src/web/csrf.rs b/poem/src/web/csrf.rs
@@ -1,5 +1,6 @@
 use std::{ops::Deref, sync::Arc};
 
+use base64::engine::{general_purpose::STANDARD, Engine};
 use libcsrf::{AesGcmCsrfProtection, CsrfProtection, UnencryptedCsrfCookie};
 
 use crate::{FromRequest, Request, RequestBody, Result};
@@ -65,7 +66,7 @@ impl CsrfVerifier {
             None => return false,
         };
 
-        let token_data = match base64::decode(token) {
+        let token_data = match STANDARD.decode(token) {
             Ok(data) => data,
             Err(_) => return false,
         };