Update jsonrpc dependencies and rewrite dapps to futures. (#6522)

* Bump version.

* Fix RPC crate.

* Fix BoxFuture in crates.

* Compiles and passes tests!

* Get rid of .boxed()

* Fixing issues with the UI.

* Remove minihttp. Support threads.

* Reimplement files serving to do it in chunks.

* Increase chunk size.

* Remove some unecessary copying.

* Fix tests.

* Fix stratum warning and ipfs todo.

* Switch to proper branch of jsonrpc.

* Update Cargo.lock.

* Update docs.

* Include dapps-glue in workspace.

* fixed merge artifacts

* Fix test compilation.

dapps/src/handlers/mod.rs

@@ -16,80 +16,79 @@
 
 //! Hyper handlers implementations.
 
-mod async;
 mod content;
 mod echo;
 mod fetch;
+mod reader;
 mod redirect;
 mod streaming;
 
-pub use self::async::AsyncHandler;
 pub use self::content::ContentHandler;
 pub use self::echo::EchoHandler;
 pub use self::fetch::{ContentFetcherHandler, ContentValidator, FetchControl, ValidatorResponse};
+pub use self::reader::Reader;
 pub use self::redirect::Redirection;
 pub use self::streaming::StreamingHandler;
 
 use std::iter;
 use itertools::Itertools;
-use url::Url;
-use hyper::{server, header, net, uri};
+use hyper::header;
 use {apps, address, Embeddable};
 
 /// Adds security-related headers to the Response.
 pub fn add_security_headers(headers: &mut header::Headers, embeddable_on: Embeddable) {
-	headers.set_raw("X-XSS-Protection", vec![b"1; mode=block".to_vec()]);
-	headers.set_raw("X-Content-Type-Options", vec![b"nosniff".to_vec()]);
+	headers.set_raw("X-XSS-Protection", "1; mode=block");
+	headers.set_raw("X-Content-Type-Options", "nosniff");
 
 	// Embedding header:
 	if let None = embeddable_on {
-		headers.set_raw("X-Frame-Options",  vec![b"SAMEORIGIN".to_vec()]);
+		headers.set_raw("X-Frame-Options",  "SAMEORIGIN");
 	}
 
 	// Content Security Policy headers
-	headers.set_raw("Content-Security-Policy", vec![
+	headers.set_raw("Content-Security-Policy", String::new()
 		// Allow connecting to WS servers and HTTP(S) servers.
 		// We could be more restrictive and allow only RPC server URL.
-		b"connect-src http: https: ws: wss:;".to_vec(),
+		+ "connect-src http: https: ws: wss:;"
 		// Allow framing any content from HTTP(S).
 		// Again we could only allow embedding from RPC server URL.
 		// (deprecated)
-		b"frame-src 'self' http: https:;".to_vec(),
+		+ "frame-src 'self' http: https:;"
 		// Allow framing and web workers from HTTP(S).
-		b"child-src 'self' http: https:;".to_vec(),
+		+ "child-src 'self' http: https:;"
 		// We allow data: blob: and HTTP(s) images.
 		// We could get rid of wildcarding HTTP and only allow RPC server URL.
 		// (http required for local dapps icons)
-		b"img-src 'self' 'unsafe-inline' data: blob: http: https:;".to_vec(),
+		+ "img-src 'self' 'unsafe-inline' data: blob: http: https:;"
 		// Allow style from data: blob: and HTTPS.
-		b"style-src 'self' 'unsafe-inline' data: blob: https:;".to_vec(),
+		+ "style-src 'self' 'unsafe-inline' data: blob: https:;"
 		// Allow fonts from data: and HTTPS.
-		b"font-src 'self' data: https:;".to_vec(),
+		+ "font-src 'self' data: https:;"
 		// Allow inline scripts and scripts eval (webpack/jsconsole)
-		{
+		+ {
 			let script_src = embeddable_on.as_ref()
 				.map(|e| e.extra_script_src.iter()
 					 .map(|&(ref host, port)| address(host, port))
 					 .join(" ")
 				).unwrap_or_default();
-			format!(
+			&format!(
 				"script-src 'self' 'unsafe-inline' 'unsafe-eval' {};",
 				script_src
-			).into_bytes()
-		},
+			)
+		}
 		// Same restrictions as script-src with additional
 		// blob: that is required for camera access (worker)
-		b"worker-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:;".to_vec(),
+		+ "worker-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:;"
 		// Restrict everything else to the same origin.
-		b"default-src 'self';".to_vec(),
+		+ "default-src 'self';"
 		// Run in sandbox mode (although it's not fully safe since we allow same-origin and script)
-		b"sandbox allow-same-origin allow-forms allow-modals allow-popups allow-presentation allow-scripts;".to_vec(),
+		+ "sandbox allow-same-origin allow-forms allow-modals allow-popups allow-presentation allow-scripts;"
 		// Disallow subitting forms from any dapps
-		b"form-action 'none';".to_vec(),
+		+ "form-action 'none';"
 		// Never allow mixed content
-		b"block-all-mixed-content;".to_vec(),
+		+ "block-all-mixed-content;"
 		// Specify if the site can be embedded.
-		match embeddable_on {
+		+ &match embeddable_on {
 			Some(ref embed) => {
 				let std = address(&embed.host, embed.port);
 				let proxy = format!("{}.{}", apps::HOME_PAGE, embed.dapps_domain);
@@ -112,43 +111,6 @@ pub fn add_security_headers(headers: &mut header::Headers, embeddable_on: Embedd
 				format!("frame-ancestors {};", ancestors)
 			},
 			None => format!("frame-ancestors 'self';"),
-		}.into_bytes(),
-	]);
-}
-
-
-/// Extracts URL part from the Request.
-pub fn extract_url(req: &server::Request<net::HttpStream>) -> Option<Url> {
-	convert_uri_to_url(req.uri(), req.headers().get::<header::Host>())
-}
-
-/// Extracts URL given URI and Host header.
-pub fn convert_uri_to_url(uri: &uri::RequestUri, host: Option<&header::Host>) -> Option<Url> {
-	match *uri {
-		uri::RequestUri::AbsoluteUri(ref url) => {
-			match Url::from_generic_url(url.clone()) {
-				Ok(url) => Some(url),
-				_ => None,
-			}
-		},
-		uri::RequestUri::AbsolutePath { ref path, ref query } => {
-			let query = match *query {
-				Some(ref query) => format!("?{}", query),
-				None => "".into(),
-			};
-			// Attempt to prepend the Host header (mandatory in HTTP/1.1)
-			let url_string = match host {
-				Some(ref host) => {
-					format!("http://{}:{}{}{}", host.hostname, host.port.unwrap_or(80), path, query)
-				},
-				None => return None,
-			};
-
-			match Url::parse(&url_string) {
-				Ok(url) => Some(url),
-				_ => None,
-			}
-		},
-		_ => None,
-	}
+		}
+	);
 }