Avoid exposure of type names by QueryRejection (#1171)

tokio-rs · Jul 25, 2022 · 9b620e6 · 9b620e6
1 parent b7e70a2
commit 9b620e6
Show file tree

Hide file tree

Showing 6 changed files with 23 additions and 15 deletions.
diff --git a/axum-extra/src/extract/form.rs b/axum-extra/src/extract/form.rs
@@ -67,7 +67,7 @@ where
         if req.method() == Method::GET {
             let query = req.uri().query().unwrap_or_default();
             let value = serde_html_form::from_str(query)
-                .map_err(FailedToDeserializeQueryString::__private_new::<T, _>)?;
+                .map_err(FailedToDeserializeQueryString::__private_new)?;
             Ok(Form(value))
         } else {
             if !has_content_type(req, &mime::APPLICATION_WWW_FORM_URLENCODED) {
@@ -76,7 +76,7 @@ where
 
             let bytes = Bytes::from_request(req).await?;
             let value = serde_html_form::from_bytes(&bytes)
-                .map_err(FailedToDeserializeQueryString::__private_new::<T, _>)?;
+                .map_err(FailedToDeserializeQueryString::__private_new)?;
 
             Ok(Form(value))
         }

diff --git a/axum-extra/src/extract/query.rs b/axum-extra/src/extract/query.rs
@@ -68,7 +68,7 @@ where
     async fn from_request(req: &mut RequestParts<B>) -> Result<Self, Self::Rejection> {
         let query = req.uri().query().unwrap_or_default();
         let value = serde_html_form::from_str(query)
-            .map_err(FailedToDeserializeQueryString::__private_new::<T, _>)?;
+            .map_err(FailedToDeserializeQueryString::__private_new)?;
         Ok(Query(value))
     }
 }

diff --git a/axum/CHANGELOG.md b/axum/CHANGELOG.md
@@ -7,7 +7,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 # Unreleased
 
-- None.
+- **fixed:** Don't expose internal type names in `QueryRejection` response. ([#1171])
+
+[#1171]: https://github.com/tokio-rs/axum/pull/1171
 
 # 0.5.13 (15. July, 2022)
 
@@ -32,6 +34,18 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   `NoMatchingMethodFilter` error in case of failure ([#1130])
 - **added:** Document how to run extractors from middleware ([#1140])
 
+=======
+  `axum-macros`
+- **added:** Support any middleware response that implements `IntoResponse` ([#1152])
+- **breaking:** Require middleware added with `Handler::layer` to have
+  `Infallible` as the error type ([#1152])
+
+[#1171]: https://github.com/tokio-rs/axum/pull/1171
+[#1077]: https://github.com/tokio-rs/axum/pull/1077
+[#1088]: https://github.com/tokio-rs/axum/pull/1088
+[#1102]: https://github.com/tokio-rs/axum/pull/1102
+[#1119]: https://github.com/tokio-rs/axum/pull/1119
+>>>>>>> 73041c8 (Avoid exposure of type names by QueryRejection (#1171))
 [#1130]: https://github.com/tokio-rs/axum/pull/1130
 [#1140]: https://github.com/tokio-rs/axum/pull/1140
 

diff --git a/axum/src/extract/query.rs b/axum/src/extract/query.rs
@@ -59,7 +59,7 @@ where
     async fn from_request(req: &mut RequestParts<B>) -> Result<Self, Self::Rejection> {
         let query = req.uri().query().unwrap_or_default();
         let value = serde_urlencoded::from_str(query)
-            .map_err(FailedToDeserializeQueryString::__private_new::<T, _>)?;
+            .map_err(FailedToDeserializeQueryString::__private_new)?;
         Ok(Query(value))
     }
 }

diff --git a/axum/src/extract/rejection.rs b/axum/src/extract/rejection.rs
@@ -100,18 +100,16 @@ define_rejection! {
 #[derive(Debug)]
 pub struct FailedToDeserializeQueryString {
     error: Error,
-    type_name: &'static str,
 }
 
 impl FailedToDeserializeQueryString {
     #[doc(hidden)]
-    pub fn __private_new<T, E>(error: E) -> Self
+    pub fn __private_new<E>(error: E) -> Self
     where
         E: Into<BoxError>,
     {
         FailedToDeserializeQueryString {
             error: Error::new(error),
-            type_name: std::any::type_name::<T>(),
         }
     }
 }
@@ -124,11 +122,7 @@ impl IntoResponse for FailedToDeserializeQueryString {
 
 impl std::fmt::Display for FailedToDeserializeQueryString {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        write!(
-            f,
-            "Failed to deserialize query string. Expected something of type `{}`. Error: {}",
-            self.type_name, self.error,
-        )
+        write!(f, "Failed to deserialize query string: {}", self.error,)
     }
 }
 

diff --git a/axum/src/form.rs b/axum/src/form.rs
@@ -69,7 +69,7 @@ where
         if req.method() == Method::GET {
             let query = req.uri().query().unwrap_or_default();
             let value = serde_urlencoded::from_str(query)
-                .map_err(FailedToDeserializeQueryString::__private_new::<T, _>)?;
+                .map_err(FailedToDeserializeQueryString::__private_new)?;
             Ok(Form(value))
         } else {
             if !has_content_type(req, &mime::APPLICATION_WWW_FORM_URLENCODED) {
@@ -78,7 +78,7 @@ where
 
             let bytes = Bytes::from_request(req).await?;
             let value = serde_urlencoded::from_bytes(&bytes)
-                .map_err(FailedToDeserializeQueryString::__private_new::<T, _>)?;
+                .map_err(FailedToDeserializeQueryString::__private_new)?;
 
             Ok(Form(value))
         }