Last week, the team at Rocket released Rocket 0.4, a web framework for Rust which focuses on usability, security, and performance. With Rocket, it is possible to write secure web applications quickly and without sacrificing flexibility or type safety.
Features of Rocket 0.4
Typed URIs
Rocket 0.4 comes with uri! macro that helps in building URIs to route in the application in a robust, type-safe, and URI-safe manner. The type or route parameter that is mismatched are caught at compile-time. With the help of Rocket 0.4, changes to the route URIs get reflected in the generated URIs, automatically.
ORM agnostic database support.
Rocket 0.4 comes with a built-in, ORM-agnostic support for databases. It provides a procedural macro that helps in connecting Rocket application to databases through connection pools. Rocket 0.4 gets databases configured individually through configuration mechanisms like Rocket.toml file or environment variables.
Request-local state
Rocket 0.4 features request-local state which is local to a given request and is carried along with the request. It gets dropped once the request is completed. Whenever a request is available, a request-local state can be used. Request-local state is cached which lets the stored data to be reused. Request-local state is used for request guards which get invoked multiple times during routing and processing of a single request.
Live template reloading
In this version of Rocket, when an application is compiled in debug mode, templates automatically get reloaded on getting modified. To view the template changes, one has to simply refresh and there is no need of rebuilding the application.
Major Improvements
- Rocket 0.4 introduces SpaceHelmet that provides a typed interface for HTTP security headers.
- This release features mountable static-file serving via StaticFiles.
- With this version of Rocket, cookies can automatically get tracked and propagated by client.
- This version also introduces revamped query string handling that allows any number of dynamic query segments.
- Rocket 0.4 comes with transforming data guards that transform incoming data before processing it via an implementation of the FromData::transform() method.
- This version comes with Template::custom() which helps in customizing template engines including registering filters and helpers.
- With this version, applications can be launched without a working directory.
- In Rocket 0.4, the log messages refer to routes by name.
- A default catcher for 504: Gateway Timeout has been added.
- All derives, macros, and attributes are individually documented in rocket_codegen.
- To retrieve paths relative to the configuration file, Rocket 0.4 has added Config::root_relative()
- The private cookies are now set to Http and are also given an expiration date of 1 week by default.
What can be expected from Rocket 0.5?
Support for Rust
Rocket 0.5 will run and compile on stable versions of the Rust compiler.
Asynchronous Request Handling
Rocket 0.5 will feature the latest asynchronous version that will support asynchronous request handling.
Multipart Form Support
The lack of built-in multipart form support makes handling file uploads and other submissions difficult. With Rocket 0.5 it will be easy to handle multipart forms.
Stronger CSRF and XSS Protection
Rocket 0.5 will protect against CSRF using effective robust techniques. It will come with added support for automatic, browser-based XSS protection.
Users have been giving some good feedback on the Rocket 0.4 release and are highly appreciative of the Rocket team for the efforts they have taken. A user commented on HackerNews, “This release isn’t just about new features or rewrites. It’s about passion for one’s work. It’s about grit. It’s about uncompromising commitment to excellence.”
Sergio Benitez, a computer science PhD student at Stanford, has been appreciated a lot for his efforts towards the development of Rocket 0.4. A HackerNews user commented, “While there will ever be only one Sergio in the world, there are many others in the broader Rust community who are signaling many of the same positive qualities.”
This release has also been appreciated for its feel which is similar to Flask and for its capability of using code generation and function’s type signatures to automatically check the incoming parameters. The fact that the next release will be asynchronous has created a lot of curiosity in the developer community and users are now looking forward to Rocket 0.5.
Read more about Rocket 0.4 in the official release notes.
