try to fix body missing on prod

[j03-dev]

when i used in prod ,find bug that the body is missing

Summary by CodeRabbit

• New Features

  • Route parameters now use curly braces (e.g., /hello/{name}) for consistency.
  • Improved HTTP request handling with support for optional request bodies and clearer error feedback.
  • Streamlined routing for more efficient path matching.
  • Added project description in metadata.

• Documentation

  • Updated examples and usage guides to reflect the new route syntax.

• Chores

  • Version bumped to 0.1.3 with updated project metadata and additional dependencies (httparse and matchit).

[coderabbitai]

Walkthrough

The changes update several core components of the OxHTTP project. Configuration files have been revised with a new package version and additional dependencies, along with a project description. Route definitions in both documentation and examples have been modified to use curly braces for path parameters. Core server logic has been improved by updating the request parsing to utilize httparse, simplifying route matching with a new router structure, and enhancing the Request struct handling by adding content details and optional body support.

Changes

Files	Change Summary
Cargo.toml, pyproject.toml	Cargo.toml: Updated package version from 0.1.1 to 0.1.3 and added dependencies: httparse (1.10.0) and matchit (0.8.6). pyproject.toml: Added description field in the [project] section.
README.md, examples/main.py	Updated route definitions by replacing angle bracket syntax (<name>) with curly braces ({name}) in route configurations.
src/lib.rs, src/request.rs, src/request_parser.rs, src/routing.rs	Revised HTTP handling and routing logic: - Updated RequestParser::parse to return a Result using httparse. - Simplified request parsing and route matching in the HttpServer. - Enhanced the Request struct with additional fields and made the body optional. - Overhauled Router and Route design using matchit.
src/into_response.rs, src/response.rs	Renamed convert function to convert_to_response in src/into_response.rs and updated its signature. Adjusted import statements in src/response.rs to reflect this change and reordered some imports.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant HttpServer
    participant RequestParser
    participant Router
    participant Handler

    Client->>HttpServer: Send HTTP request
    HttpServer->>RequestParser: Parse request string
    RequestParser-->>HttpServer: Return parsed Request (Ok/Err)
    HttpServer->>Router: Match route using request URL
    Router-->>HttpServer: Return matched Route & params
    HttpServer->>Handler: Invoke route handler
    Handler-->>HttpServer: Return response
    HttpServer->>Client: Send HTTP response

Loading

Possibly related PRs

• Improve readme #1: The changes in the main PR, specifically the updates to the route definitions in the README.md, are directly related to the modifications in the same file in the retrieved PR, which also involves route handling syntax.

Poem

I'm a rabbit hopping through code so bright,
New dependencies and routes feel just right.
My ears perk up at the parse that's now clear,
And matchit guides paths without any fear.
With every tweak, my heart does skip a beat,
Celebrating changes that make our server complete!
🐇✨

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 577039f and 12ecca2.

📒 Files selected for processing (1)

• src/response.rs (2 hunks)

🔇 Additional comments (2)

src/response.rs (2)

23-24: Confirm error handling best practices with direct object return.
By returning Self directly, the method lacks a way to propagate errors or logs if extract fails. Ensure that this fits the current design philosophy and that missing bodies are handled gracefully upstream.

---

28-33: Consider improving fallback handling or logging.
Falling back to body.to_string() silently loses information on extraction errors. Logging or explicitly handling the error would help with debugging and robustness.

✨ Finishing Touches

• 📝 Generate Docstrings (Beta)

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (13)

src/request_parser.rs (3)

7-9: Use a more descriptive error type if possible.

Switching from Option<Request> to Result<Request, httparse::Error> is good for more granular error handling. However, httparse::Error is sometimes too narrow to capture potential parsing issues (e.g., malformed headers). If you foresee other parsing errors, consider creating a custom error type or wrapping httparse::Error for more descriptive feedback.

---

16-18: Consider user-defined defaults for Content-Type.

Using "text/plain" as a default for content_type is okay, but for robust usage, you might let consumers override this default, especially for APIs returning JSON or binary.

---

20-33: Validate header usage beyond Content-Type and Content-Length.

Storing headers in a HashMap is good, but consider rejecting or sanitizing suspicious or malformed headers (like repeated content length). If any security constraints exist, ensure filtering or validation steps are in place before storing.

src/routing.rs (5)

30-31: Catch potential attribute extraction errors.

Extracting parameter names could fail if the Python logic changes. For safety, consider more robust error handling (e.g., ignoring non-string names).

---

34-37: Check for overshadowed fields.

When creating the Route, confirm that the previous fields (method, path, handler) aren’t overshadowed with local variables of the same name. Current usage looks correct, but keep an eye on expansions in the future.

---

44-44: Consider documenting the macro usage.

The macro is helpful, but might be confusing for unfamiliar contributors. Add inline doc comments or examples.

---

63-68: Use consistent constructor approach.

#[new] -> Router::default() is concise. Validate that more complex init logic (e.g., setting telemetry or middlewares) doesn’t need additional arguments.

---

107-107: Clarify route pattern.

Using /{path}/{{*path}} can be confusing to new adopters. Ensure your docs highlight that the second {{*path}} captures all subsequent path segments.

src/lib.rs (4)

81-90: Short-circuit approach is fine; logs can help debug.

Once you successfully match a route, you break out of the loop. Consider some debug logging if multiple routers are attached to aid troubleshoot.

---

111-112: Extract route & params once.

Cloning these each request might be inexpensive for small usage, but consider referencing them if performance becomes an issue under high load.

---

123-123: Add param logging.

Iterating over params is helpful. Possibly log or handle unexpected dynamic segments.

---

130-136: Body param matching logic clarity.

Skipping "app_data" is clear, but the chain of filters on lines 131-135 might be confusing to maintainers. Consider extracting to a small helper function or direct membership check for improved readability.

src/request.rs (1)

80-82: Consider adding content validation in set_body.

The new set_body method is crucial for fixing the missing body issue, but it could benefit from additional validation.

Consider adding these validations:

 pub fn set_body(&mut self, body: String) {
+    if body.len() != self.content_length {
+        // Either update content_length or warn about mismatch
+        self.content_length = body.len();
+    }
     self.body = Some(body);
 }

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 09498e1 and da94149.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (8)

• Cargo.toml (2 hunks)
• README.md (1 hunks)
• examples/main.py (1 hunks)
• pyproject.toml (1 hunks)
• src/lib.rs (4 hunks)
• src/request.rs (4 hunks)
• src/request_parser.rs (1 hunks)
• src/routing.rs (3 hunks)

✅ Files skipped from review due to trivial changes (2)

• pyproject.toml
• examples/main.py

🔇 Additional comments (19)

src/request_parser.rs (3)

11-15: Double-check default values for method/URL.

Falling back to "GET" and "/" is convenient, but might mask unintended parse failures when the request is incomplete. If that's intentional, consider clearly documenting it or logging a warning.

---

35-36: Confirm field ordering in Request::new.

You've extended Request::new with new parameters (content type, content length, etc). Verify that the argument order in Request::new remains consistent with the struct definition to avoid subtle mismatches.

---

38-41: Guard against inaccurate body slicing.

When content_length > 0, the substring is taken using [header_size..]. Confirm that header_size indeed marks the start of the body under all circumstances (e.g., unusual or malformed headers). Otherwise, you might slice out partial or incorrect data.

src/routing.rs (8)

3-3: Remove unused imports if not needed.

ffi::c_str may not be needed unless you're using it for C-FFI bridging. Verify that each imported item is used.

---

5-5: Kudos on adding Debug trait.

Deriving Debug is helpful for logging and troubleshooting.

---

9-9: Clarify path usage.

Renaming regex to path is simpler, but confirm all references to the old format (<dynamic>) are removed in other files or docs.

---

17-18: Ensure method and path alignment.

You’re now coupling method and path in Route::new. Validate that no additional route info (like query parameters) needs capturing.

---

47-48: Verify dynamic method creation.

This approach elegantly generates get, post, etc. methods. It’s recommended to confirm the uppercase conversion logic matches all HTTP verbs in use.

---

54-54: Great method coverage.

Providing macros for the core HTTP methods is a clean approach that promotes consistency.

---

57-60: Leverage Default for router initialization.

The derived Default and Clone are a neat approach for easy instantiation & copying.

---

70-72: Beware of concurrency.

Storing the middleware as an Arc is safe, but confirm it’s read-only or properly synchronized if mutated.

src/lib.rs (2)

9-9: Confirm the new dependency usage.

use matchit::Match; is part of your new router structure. Make sure to remove any references to older router logic in the codebase or docs.

---

106-107: Method signature alignment.

You replaced params: HashMap<String, String> with match_route: &Match<'_, '_, &Route>. Verify that all internal references to params are updated accordingly.

src/request.rs (3)

10-13: LGTM! The Request struct changes improve body handling.

The changes to make body optional and add content_type and content_length fields improve the robustness of request handling, especially for requests that may or may not have bodies.

---

19-33: Consider validating content_length against actual body size.

While the constructor changes align with the new struct fields, there's potential for inconsistency between the declared content_length and actual body size when set later.

Consider adding validation in set_body to ensure the body length matches the declared content_length.

---

40-47: LGTM! Improved JSON handling for optional bodies.

The updated json method now safely handles cases where the body is missing by returning an empty dictionary instead of failing.

Cargo.toml (2)

3-3: Verify version bump follows semantic versioning.

The version has been bumped from 0.1.1 to 0.1.3. Since these changes fix a production bug and add new features, this appears appropriate.

---

13-14:

Details

❓ Verification inconclusive

Verify compatibility of new dependencies.

The addition of httparse and matchit appears to support improved request parsing and routing.

---

🏁 Script executed:

#!/bin/bash
# Check for any known vulnerabilities in the new dependencies
cargo audit

Length of output: 109

---

Action Required: Manually Verify Dependency Vulnerabilities

The new dependencies (httparse = "1.10.0" and matchit = "0.8.6") are added to enhance request parsing and routing. However, the automated vulnerability check using cargo audit did not run because the Cargo toolchain is not available in the current environment.

• Next Steps:
  • Ensure that you have the Cargo toolchain installed in your local development environment.
  • Run cargo audit manually in a suitable environment to verify that these dependencies do not introduce any known vulnerabilities.

Please verify these items and confirm that the changes meet our security standards before merging.

README.md (1)

23-23: LGTM! Documentation updated to reflect new routing syntax.

The route parameter syntax has been updated from <name> to {name} to match the new implementation using the matchit router.

[coderabbitai]

Actionable comments posted: 0

🔭 Outside diff range comments (1)

src/lib.rs (1)

76-93: ⚠️ Potential issue

Fix critical request handling issues.

Several critical issues in the request handling logic:

1. request_str is used before it's created (defined later on line 94)
2. The error handling branch has incorrect syntax
3. Duplicate request handling logic exists between this block and lines 94-119

Apply this diff to fix the issues:

-            if let Ok(ref request) = RequestParser::parse(&request_str) {
-                let mut response = Status::NOT_FOUND().into_response();
-
-                for router in &self.routers {
-                    if let Ok(route) = &router.router.at(&request.url) {
-                        response = match self.process_response(py, router, route, request) {
-                            Ok(response) => response,
-                            Err(e) => Status::INTERNAL_SERVER_ERROR()
-                                .into_response()
-                                .body(e.to_string()),
-                        };
-                        break;
-                    }
-                    Err(_) => {
-                        break;
-                    }
-                }
-            }
             if let Ok(request_str) = String::from_utf8(request_data) {
-                if let Some(ref request) = RequestParser::parse(&request_str) {
+                if let Ok(ref request) = RequestParser::parse(&request_str) {
                     let mut response = Status::NOT_FOUND().into_response();
 
                     for router in &self.routers {
-                        for route in &router.routes {
-                            if route.method == request.method {
-                                if let Some(params) = route.match_path(&request.url) {
-                                    response = match self
-                                        .process_response(py, router, route, request, params)
-                                    {
-                                        Ok(response) => response,
-                                        Err(e) => Status::INTERNAL_SERVER_ERROR()
-                                            .into_response()
-                                            .body(e.to_string()),
-                                    };
-                                    break;
-                                }
-                            }
+                        if let Ok(route) = router.router.at(&request.url) {
+                            response = match self.process_response(py, router, &route, request) {
+                                Ok(response) => response,
+                                Err(e) => Status::INTERNAL_SERVER_ERROR()
+                                    .into_response()
+                                    .body(e.to_string()),
+                            };
+                            break;
                         }
                     }

♻️ Duplicate comments (1)

src/lib.rs (1)

73-75: ⚠️ Potential issue

Ensure complete request data is read.

The current implementation might not handle large requests correctly as it uses a fixed buffer size and doesn't check for complete request data.

Consider implementing proper request buffering:

1. Read the Content-Length header
2. Continue reading until all data is received
3. Handle chunked transfer encoding

This could be the root cause of the "body missing on prod" issue mentioned in the PR objectives.

🧹 Nitpick comments (1)

src/lib.rs (1)

154-165: Simplify body parameter detection logic.

The current implementation uses a complex filtering approach to check for body parameters. This can be simplified for better readability and performance.

Consider this simpler approach:

-        for key in route.args.clone() {
-            if key != "app_data"
-                && params
-                    .iter()
-                    .filter(|(k, _)| *k == key)
-                    .collect::<Vec<_>>()
-                    .is_empty()
-            {
-                body_param_name = Some(key);
-                break;
-            }
-        }
+        body_param_name = route.args.iter()
+            .find(|key| *key != "app_data" && !params.contains_key(*key))
+            .cloned();

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between da94149 and 31edb7a.

📒 Files selected for processing (1)

• src/lib.rs (4 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: windows (x86)
• GitHub Check: windows (x64)

[coderabbitai]

Actionable comments posted: 1

🔭 Outside diff range comments (1)

src/into_response.rs (1)

71-73: 🛠️ Refactor suggestion

Improve error handling for type conversion failures.

To better diagnose production issues with missing bodies, consider:

1. Including the actual type in the error message.
2. Adding logging before throwing the error.

-        return Err(pyo3::exceptions::PyException::new_err(
-            "Failed to convert this type to response",
-        ));
+        let type_name = result.get_type().name()?;
+        return Err(pyo3::exceptions::PyException::new_err(
+            format!("Failed to convert type '{}' to response", type_name),
+        ));

♻️ Duplicate comments (1)

src/lib.rs (1)

73-77: ⚠️ Potential issue

Critical: Improve request reading to handle large and partial requests.

The current implementation has several issues:

1. Fixed 1024-byte buffer can truncate large requests
2. No handling of partial requests that span multiple TCP packets
3. No validation against Content-Length header

Consider this safer implementation:

-            let mut buffer = [0; 1024];
-            let n = socket.read(&mut buffer)?;
-            let request_str = String::from_utf8_lossy(&buffer[..n]);
+            let mut buffer = Vec::new();
+            let mut reader = std::io::BufReader::new(&mut socket);
+            reader.read_to_end(&mut buffer)?;
+            if let Ok(request_str) = String::from_utf8(buffer) {

🧹 Nitpick comments (1)

src/lib.rs (1)

149-150: Add error context to response conversion.

The error handling could be improved by providing more context about what failed during response conversion.

-            return convert_to_response(result, py);
+            return convert_to_response(result, py)
+                .map_err(|e| PyErr::new::<pyo3::exceptions::PyValueError, _>(
+                    format!("Failed to convert middleware response: {}", e)
+                ));

-        convert_to_response(result, py)
+        convert_to_response(result, py)
+            .map_err(|e| PyErr::new::<pyo3::exceptions::PyValueError, _>(
+                format!("Failed to convert handler response: {}", e)
+            ))

Also applies to: 155-156

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 31edb7a and 577039f.

📒 Files selected for processing (3)

• src/into_response.rs (2 hunks)
• src/lib.rs (5 hunks)
• src/response.rs (2 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (7)

• GitHub Check: linux (armv7)
• GitHub Check: windows (x86)
• GitHub Check: musllinux (armv7)
• GitHub Check: windows (x64)
• GitHub Check: musllinux (aarch64)
• GitHub Check: musllinux (x86)
• GitHub Check: musllinux (x86_64)

🔇 Additional comments (6)

src/lib.rs (2)

8-9: LGTM! Import changes align with the new functionality.

The new imports support the enhanced routing and response handling capabilities.

---

106-113: LGTM! Improved routing with matchit.

The change to use matchit::Match provides a more efficient and type-safe way to handle route matching and parameters.

src/response.rs (2)

1-1: LGTM! Import changes look good.

The imports have been reorganized and updated to use the renamed convert_to_response function.

Also applies to: 3-3

---

25-31: LGTM! Response creation and conversion look good.

The variable renaming improves readability, and the function call has been correctly updated to use convert_to_response.

src/into_response.rs (2)

1-1: LGTM! Import changes look good.

The imports have been reorganized and the explicit Py import has been added.

Also applies to: 5-5

---

77-77: LGTM! Function rename improves clarity.

The function rename from convert to convert_to_response better describes its purpose.