I realized, a lot of people depends on actix. And it would be unfair to just delete repos. I promote @JohnTitor to project leader. He did very good job helping me for the last year. I hope new community of developers emerge. And good luck!

Connection are not closed correctly by default What I means is: if you do a "netstat -ano" you will see connection list growing and growing. Not all old connection get closed.

Tested with StaticFile handler ( HTTP2 or not ) on a website with ~20k+ daily users

With the default config -> Not closed correctly With .keep_alive(None) -> Not closed correctly With .keep_alive(server::KeepAlive::Timeout(5)) -> All connections are closed correctly

Initially detected in this ticket #426 but it was not the main issue

Hi, I am playing a bit with rust/actix-web on my personal website. The code is very basic https://git.neowutran.ovh:8080/neowutran/Website/src/master/src/main.rs

  server::new(|| {
    App::new()
     // .middleware(middleware::Logger::default())
      .resource("/store_stats", |r| {
        r.method(Method::POST)
          .with_config(store_statistics, |config| {
            config.limit(MAX_SIZE_STATS);
          })
      })
    .resource("/store_packets", |r| {
      r.method(Method::POST)
        .with_config(store_packets, |config| {
            config.0.limit(MAX_SIZE_PACKET);
        })
    })
    .handler("/updates",StaticFiles::new("/home/gl0/updates/").unwrap().show_files_listing())
    .handler("/others",StaticFiles::new("/home/gl0/others/").unwrap().show_files_listing())
    .handler("/teraDB",StaticFiles::new("/home/gl0/teraDB/").unwrap().show_files_listing())
    .handler("/",StaticFiles::new("/home/http/neowutran/").unwrap().show_files_listing().index_file("index.html"))
  })

I run 2 instance of this exact same code. One on port 443, one on port 8083

On port 8083, only /store_packets and /store_stats are used. 0.2% of server memory, stable. Actively used ( ~thousands request by hours, gigabytes uploaded ). Ok.

On port 443, only the StaticFiles handler are used: /updates, /others, /teraDB, / ( TLS + HTTP2 ) Very actively used (~15k user use the /updates to download things). When I launched it yesterday, it used 0.2% of server memory. Memory used increased over time. Now, after ~15h, it now use 10% of server memory. With the command netstat -ano, I see that a lot of connections (hundreds) are "ESTABLISHED" on the service. Maybe in the case of HTTP2 / TLS, some issues with connection not being released or something like that ? ( For the same thing with apache httpd, ~0.2% of server memory, stable )

Thanks

I am planing to move 0.7 to separate branch and move 1.0 to master in 1 week.

Any thoughts, concerns?

High level tasks:

• [x] Move 0.7 to separate branch
• [x] Move 1.0 to master
• [x] actix-files tidy up #730
• [x] Migration guide 0.7 -> 1.0
• [x] Upgrade the book
• [x] Upgrade example

I'm creating a simple API and put it under stress using loadtest. The API consumes 3MB when idling and not under stress. With the command: loadtest -c 1000 --rps 10000 http://localhost:4000/hello/world the memory consumption goes to ~100MB.

Expected Behavior

After the stress test done, the memory consumption goes back to a normal level (~3MB)

Current Behavior

After the stress test done, the memory consumption doesn't decrease.

Possible Solution

Sorry I can't find any solution for this.

Steps to Reproduce (for bugs)

1. Implement a simple API and call the exposed route.

Context

I tried to make a benchmark of an API made in Rust vs a one in Spring, and while the rust version is memory efficient, it does show some leaks that are problematic.

Code used for exposing the route.

use actix_web::{middleware, web, App, HttpServer, Responder, HttpResponse};

async fn hello_world(
    name: web::Path<String>
) -> impl Responder {
    HttpResponse::Ok().json(format!("{}", name))
}

#[actix_web::main]
async fn main() -> std::io::Result<()> {

    println!("Launching server...");

    std::env::set_var("RUST_LOG", "actix_web=info,actix_server=info");
    env_logger::init();
    dotenv::dotenv().ok();

    let port = match std::env::var("PORT") {
        Ok(port) => port,
        _ => String::from("4000")
    };
    let address = format!("0.0.0.0:{}", port);

    let http_server = HttpServer::new(move || {
        App::new()
            // .wrap(middleware::Logger::default())
            .route("/hello/{name}", web::get().to(hello_world))
    })
        .bind(address.clone())?;

    println!("Will listen to {}", address);

    http_server
        .run()
        .await
}

Using LeakSanitizer it does confirm that there's a little problem:

==68512==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 256 byte(s) in 8 object(s) allocated from:
    #0 0x564cae1e4255  (/home/lperreau/workspace/hello-world/target/x86_64-unknown-linux-gnu/debug/hello_world+0xd6255)
    #1 0x564cae2f830b  (/home/lperreau/workspace/hello-world/target/x86_64-unknown-linux-gnu/debug/hello_world+0x1ea30b)

Direct leak of 192 byte(s) in 8 object(s) allocated from:
    #0 0x564cae1e4255  (/home/lperreau/workspace/hello-world/target/x86_64-unknown-linux-gnu/debug/hello_world+0xd6255)
    #1 0x564cae40bf8b  (/home/lperreau/workspace/hello-world/target/x86_64-unknown-linux-gnu/debug/hello_world+0x2fdf8b)

Indirect leak of 8192 byte(s) in 8 object(s) allocated from:
    #0 0x564cae1e4255  (/home/lperreau/workspace/hello-world/target/x86_64-unknown-linux-gnu/debug/hello_world+0xd6255)
    #1 0x564cae2f830b  (/home/lperreau/workspace/hello-world/target/x86_64-unknown-linux-gnu/debug/hello_world+0x1ea30b)

Indirect leak of 32 byte(s) in 8 object(s) allocated from:
    #0 0x564cae1e4255  (/home/lperreau/workspace/hello-world/target/x86_64-unknown-linux-gnu/debug/hello_world+0xd6255)
    #1 0x564cae565a5b  (/home/lperreau/workspace/hello-world/target/x86_64-unknown-linux-gnu/debug/hello_world+0x457a5b)

SUMMARY: LeakSanitizer: 8672 byte(s) leaked in 32 allocation(s).

Your Environment

• Rust Version (I.e, output of rustc -V): rustc 1.45.1 (c367798cf 2020-07-26)
• Actix Web Version: 3.2.0

This PR removes several different usages of unsafe (specifically, UnsafeCell), and replaces them with safe code. While these changes technically add some amount of overhead (Copying a type instead of taking a reference, and runtime RefCell checks), it should be so small as to be invisible on any benchmark.

By replacing UnsafeCell with the safe Cell/UnsafeCell types, we ensure that any mistakes will lead to a panic! at worst, instead of undefined behavior.

Each commit modifies a single file, and describes the changes made.

use actix_web::{middleware, web, App, HttpRequest, HttpServer};

async fn index(_req: HttpRequest) -> &'static str { "Hello world!" }

#[tokio::main] #[cfg(unix)] async fn main() -> std::io::Result<()> { ::std::env::set_var("RUST_LOG", "actix_server=info,actix_web=info"); env_logger::init();

HttpServer::new(|| {
    App::new()
        // enable logger - always register actix-web Logger middleware last
        .wrap(middleware::Logger::default())
        .service(
            web::resource("/index.html")
                .route(web::get().to(|| async { "Hello world!" })),
        )
        .service(web::resource("/").to(index))
})
.bind_uds("/tmp/actix-uds.socket")?
.run()
.await

}

#[cfg(not(unix))] fn main() -> std::io::Result<()> { println!("not supported"); Ok(()) }

Following example code always produces Error: Connect(Timeout):

use actix_rt::System;
use awc::Client;
use futures::future::{
    Future,
    lazy
};

fn main() {
    System::new("weight_version").block_on(lazy(|| {

        awc::Client::new().get("https://google.com") //any address here
            .header("User-Agent", "Actix-web")
            .send()
            .map_err(|error| {
                println!("Error: {:?}", error);
            })
            .and_then(|response| {
                println!("Response: {:?}", response);
                Ok(())
            })
    }));
}

actix_web::client::Client also produces same error:

use actix_rt::System;
use actix_web::client::Client;
use futures::future::{
    Future,
    lazy
};

fn main() {
    System::new("weight_version").block_on(lazy(|| {
        let client = Client::default();

        client.get("https://www.rust-lang.org/")
            .header("User-Agent", "Actix-web")
            .send()
            .map_err(|error| {
                println!("Error: {:?}", error);
                //Err(error)
            })
            .and_then(|response| {
                println!("Response: {:?}", response);
                Ok(())
            })
    }));
}

Tested on 3 totally different windows machines with following:

openssl version
OpenSSL 1.1.1c  28 May 2019

Until now i made most of project related decisions. But unfortunately, i dont have much time anymore, also i'd like to spend more time outside of opensource. supporting of this large and complex project is time consuming so i'd like to hand it to contributors, who'd like to spend some time on the project. I am still planing to work on actix, but can not afford to spend that much time as before.

@actix/contributors

Users should be able to define structures that hold parameters that need to be passed to a request handler. We could use the serde Deserialize trait. The goal is to make it easier for users to access parameters without having to deal with error-handling themselves, and hopefully to avoid the current situation where making a typo in your handler vs your route means that you get a runtime error instead of a compile-time error.

The goal is to somehow allow the user to type this:

#[derive(Deserialize)]
struct MyParams {
    name: String,
}

and then, define a handler like this:

fn my_handler(req: HttpRequest<_>, my_params: MyParams) -> _ {
}

or, alternatively:

fn my_hadler(req: HttpRequest<_>) -> _ {
    let my_params = req.get_params::<MyParams>();
}

This will require some way to declare the route for my_handler with MyParams.

I have a service that after ~18 - 24 hours runs out of file descriptors after a lot of investigation and some production debugging we were able to track it down to being leaked UDP sockets. My first thought is something about DNS resolution is wrong. When caught in the act the server had 418 UDP sockets open and it climbs up to the ulimit of 1024 and then server CPU spikes and the health check fails and the container is cycled.

PR Type

Features

PR Checklist

• [x] Tests for the changes have been added / updated.
• [ ] Documentation comments have been added / updated.
• [x] A changelog entry has been made for the appropriate packages.
• [x] Format code with the latest stable rustfmt.
• [x] (Team) Label with affected crates and semver status.

Overview

This is a quick change to allow the user to set a port instead of forcing a random assignment every time.

this is a tiny thing that I need in my own project. Might be nice for others.

This only exists on windows platforms.

Expected Behavior

Panic if can not bind to port

Current Behavior

continue runs, but can not really listen

Steps to Reproduce (for bugs)

1. build
2. run at least 2

Context

My code: HttpServer::new(|| { App::new() .service(echo) .service(user::login_request) .service(user::register_request) .service(user::verify_email_request) }).bind(("0.0.0.0", unsafe { &CONFIG }["connection"]["serverPort"].as_i64().unwrap() as u16)).expect("Can not bind server to port").run().await.expect("Can not start server");

Your Environment

Windows 10 22H2 19045.2364

• Rust Version (I.e, output of rustc -V): rustc 1.68.0-nightly (77429957a 2023-01-01)
• Actix-* crate(s) Version: { version = "4.2.1", features = ["rustls"] }

PR Type

Bug fix

PR Checklist

• [X] Tests for the changes have been added / updated.
• [X] Documentation comments have been added / updated.
• [X] A changelog entry has been made for the appropriate packages.
• [X] Format code with the latest stable rustfmt.
• [x] (Team) Label with affected crates and semver status.

Overview

Hides Authorization header from HTTPRequest Debug output. In the case of HTTP Basic Authentication, this header would have the username and password of the authenticated user. Preventing this header from showing up in debug would prevent this password leakage into the logs. In other schemes the value may not be as sensitive, but still in most cases would allow impersonation of the user in some form.

Whether or not you want this conditional or not is of course up to you. Willing to consider other locations for this check if you want a more general approach to prevent all debug outputs of sensitive headers.

Thanks for a great library, keep it up!

PR Type

Other

PR Checklist

• [x] ~Tests for the changes have been added / updated.~
• [x] ~Documentation comments have been added / updated.~
• [x] ~A changelog entry has been made for the appropriate packages.~
• [X] Format code with the latest stable rustfmt.
• [x] (Team) Label with affected crates and semver status.

Overview

No behavior change. Just an optimization.

No breaking changes.

PR Type

Feature

PR Checklist

• [ ] Tests for the changes have been added / updated.
• [ ] Documentation comments have been added / updated.
• [ ] A changelog entry has been made for the appropriate packages.
• [x] Format code with the latest stable rustfmt.
• [ ] (Team) Label with affected crates and semver status.

Overview