pax_global_header00006660000000000000000000000064124203244600014507gustar00rootroot0000000000000052 comment=863839a3f88150f127a127a998cb5c067d37a5e1 connect-3.3.0/000077500000000000000000000000001242032446000131435ustar00rootroot00000000000000connect-3.3.0/.gitignore000066400000000000000000000002761242032446000151400ustar00rootroot00000000000000coverage/ .DS_Store pids logs results *.pid *.gz *.log test/fixtures/foo.bar.baz.css test/fixtures/style.css test/fixtures/script.js test.js docs/*.html docs/*.json node_modules .idea *.iml connect-3.3.0/.npmignore000066400000000000000000000000421242032446000151360ustar00rootroot00000000000000coverage/ docs/ test/ .travis.yml connect-3.3.0/.travis.yml000066400000000000000000000003571242032446000152610ustar00rootroot00000000000000language: node_js node_js: - "0.10" - "0.11" matrix: allow_failures: - node_js: "0.11" fast_finish: true script: "npm run-script test-travis" after_script: "npm install coveralls@2.10.0 && cat ./coverage/lcov.info | coveralls" connect-3.3.0/History.md000066400000000000000000001574711242032446000151450ustar00rootroot000000000000003.3.0 / 2014-10-17 ================== * deps: debug@~2.1.0 - Implement `DEBUG_FD` env variable support * deps: finalhandler@0.3.1 - Terminate in progress response only on error - Use `on-finished` to determine request status - deps: debug@~2.1.0 3.2.0 / 2014-09-08 ================== * deps: debug@~2.0.0 * deps: finalhandler@0.2.0 - Set `X-Content-Type-Options: nosniff` header - deps: debug@~2.0.0 3.1.1 / 2014-08-10 ================== * deps: parseurl@~1.3.0 3.1.0 / 2014-07-22 ================== * deps: debug@1.0.4 * deps: finalhandler@0.1.0 - Respond after request fully read - deps: debug@1.0.4 * deps: parseurl@~1.2.0 - Cache URLs based on original value - Remove no-longer-needed URL mis-parse work-around - Simplify the "fast-path" `RegExp` * perf: reduce executed logic in routing * perf: refactor location of `try` block 3.0.2 / 2014-07-10 ================== * deps: debug@1.0.3 - Add support for multiple wildcards in namespaces * deps: parseurl@~1.1.3 - faster parsing of href-only URLs 3.0.1 / 2014-06-19 ================== * use `finalhandler` for final response handling * deps: debug@1.0.2 3.0.0 / 2014-05-29 ================== * No changes 3.0.0-rc.2 / 2014-05-04 ======================= * Call error stack even when response has been sent * Prevent default 404 handler after response sent * dep: debug@0.8.1 * encode stack in HTML for default error handler * remove `proto` export 3.0.0-rc.1 / 2014-03-06 ======================= * move middleware to separate repos * remove docs * remove node patches * remove connect(middleware...) * remove the old `connect.createServer()` method * remove various private `connect.utils` functions * drop node.js 0.8 support 2.27.0 / 2014-10-16 =================== * Use `http-errors` module for creating errors * Use `utils-merge` module for merging objects * deps: body-parser@~1.9.0 - include the charset in "unsupported charset" error message - include the encoding in "unsupported content encoding" error message - deps: depd@~1.0.0 * deps: compression@~1.2.0 - deps: debug@~2.1.0 * deps: connect-timeout@~1.4.0 - Create errors with `http-errors` - deps: debug@~2.1.0 * deps: debug@~2.1.0 - Implement `DEBUG_FD` env variable support * deps: depd@~1.0.0 * deps: express-session@~1.9.0 - deps: debug@~2.1.0 - deps: depd@~1.0.0 * deps: finalhandler@0.3.1 - Terminate in progress response only on error - Use `on-finished` to determine request status - deps: debug@~2.1.0 * deps: method-override@~2.3.0 - deps: debug@~2.1.0 * deps: morgan@~1.4.0 - Add `debug` messages - deps: depd@~1.0.0 * deps: response-time@~2.2.0 - Add `header` option for custom header name - Add `suffix` option - Change `digits` argument to an `options` argument - deps: depd@~1.0.0 * deps: serve-favicon@~2.1.6 - deps: etag@~1.5.0 * deps: serve-index@~1.5.0 - Add `dir` argument to `filter` function - Add icon for mkv files - Create errors with `http-errors` - Fix incorrect 403 on Windows and Node.js 0.11 - Lookup icon by mime type for greater icon support - Support using tokens multiple times - deps: accepts@~1.1.2 - deps: debug@~2.1.0 - deps: mime-types@~2.0.2 * deps: serve-static@~1.7.0 - deps: send@0.10.0 2.26.6 / 2014-10-15 =================== * deps: compression@~1.1.2 - deps: accepts@~1.1.2 - deps: compressible@~2.0.1 * deps: csurf@~1.6.2 - bump http-errors - fix cookie name when using `cookie: true` * deps: errorhandler@~1.2.2 - deps: accepts@~1.1.2 2.26.5 / 2014-10-08 =================== * Fix accepting non-object arguments to `logger` * deps: serve-static@~1.6.4 - Fix redirect loop when index file serving disabled 2.26.4 / 2014-10-02 =================== * deps: morgan@~1.3.2 - Fix `req.ip` integration when `immediate: false` * deps: type-is@~1.5.2 - deps: mime-types@~2.0.2 2.26.3 / 2014-09-24 =================== * deps: body-parser@~1.8.4 - fix content encoding to be case-insensitive * deps: serve-favicon@~2.1.5 - deps: etag@~1.4.0 * deps: serve-static@~1.6.3 - deps: send@0.9.3 2.26.2 / 2014-09-19 =================== * deps: body-parser@~1.8.3 - deps: qs@2.2.4 * deps: qs@2.2.4 - Fix issue with object keys starting with numbers truncated 2.26.1 / 2014-09-15 =================== * deps: body-parser@~1.8.2 - deps: depd@0.4.5 * deps: depd@0.4.5 * deps: express-session@~1.8.2 - Use `crc` instead of `buffer-crc32` for speed - deps: depd@0.4.5 * deps: morgan@~1.3.1 - Remove un-used `bytes` dependency - deps: depd@0.4.5 * deps: serve-favicon@~2.1.4 - Fix content headers being sent in 304 response - deps: etag@~1.3.1 * deps: serve-static@~1.6.2 - deps: send@0.9.2 2.26.0 / 2014-09-08 =================== * deps: body-parser@~1.8.1 - add `parameterLimit` option to `urlencoded` parser - change `urlencoded` extended array limit to 100 - make empty-body-handling consistent between chunked requests - respond with 415 when over `parameterLimit` in `urlencoded` - deps: media-typer@0.3.0 - deps: qs@2.2.3 - deps: type-is@~1.5.1 * deps: compression@~1.1.0 - deps: accepts@~1.1.0 - deps: compressible@~2.0.0 - deps: debug@~2.0.0 * deps: connect-timeout@~1.3.0 - deps: debug@~2.0.0 * deps: cookie-parser@~1.3.3 - deps: cookie-signature@1.0.5 * deps: cookie-signature@1.0.5 * deps: csurf@~1.6.1 - add `ignoreMethods` option - bump cookie-signature - csrf-tokens -> csrf - set `code` property on CSRF token errors * deps: debug@~2.0.0 * deps: errorhandler@~1.2.0 - Display error using `util.inspect` if no other representation - deps: accepts@~1.1.0 * deps: express-session@~1.8.1 - Do not resave already-saved session at end of request - Prevent session prototype methods from being overwritten - deps: cookie-signature@1.0.5 - deps: debug@~2.0.0 * deps: finalhandler@0.2.0 - Set `X-Content-Type-Options: nosniff` header - deps: debug@~2.0.0 * deps: fresh@0.2.4 * deps: media-typer@0.3.0 - Throw error when parameter format invalid on parse * deps: method-override@~2.2.0 - deps: debug@~2.0.0 * deps: morgan@~1.3.0 - Assert if `format` is not a function or string * deps: qs@2.2.3 - Fix issue where first empty value in array is discarded * deps: serve-favicon@~2.1.3 - Accept string for `maxAge` (converted by `ms`) - Use `etag` to generate `ETag` header - deps: fresh@0.2.4 * deps: serve-index@~1.2.1 - Add `debug` messages - Resolve relative paths at middleware setup - deps: accepts@~1.1.0 * deps: serve-static@~1.6.1 - Add `lastModified` option - deps: send@0.9.1 * deps: type-is@~1.5.1 - fix `hasbody` to be true for `content-length: 0` - deps: media-typer@0.3.0 - deps: mime-types@~2.0.1 * deps: vhost@~3.0.0 2.25.10 / 2014-09-04 ==================== * deps: serve-static@~1.5.4 - deps: send@0.8.5 2.25.9 / 2014-08-29 =================== * deps: body-parser@~1.6.7 - deps: qs@2.2.2 * deps: qs@2.2.2 2.25.8 / 2014-08-27 =================== * deps: body-parser@~1.6.6 - deps: qs@2.2.0 * deps: csurf@~1.4.1 * deps: qs@2.2.0 - Array parsing fix - Performance improvements 2.25.7 / 2014-08-18 =================== * deps: body-parser@~1.6.5 - deps: on-finished@2.1.0 * deps: express-session@~1.7.6 - Fix exception on `res.end(null)` calls * deps: morgan@~1.2.3 - deps: on-finished@2.1.0 * deps: serve-static@~1.5.3 - deps: send@0.8.3 2.25.6 / 2014-08-14 =================== * deps: body-parser@~1.6.4 - deps: qs@1.2.2 * deps: qs@1.2.2 * deps: serve-static@~1.5.2 - deps: send@0.8.2 2.25.5 / 2014-08-11 =================== * Fix backwards compatibility in `logger` 2.25.4 / 2014-08-10 =================== * Fix `query` middleware breaking with argument - It never really took one in the first place * deps: body-parser@~1.6.3 - deps: qs@1.2.1 * deps: compression@~1.0.11 - deps: on-headers@~1.0.0 - deps: parseurl@~1.3.0 * deps: connect-timeout@~1.2.2 - deps: on-headers@~1.0.0 * deps: express-session@~1.7.5 - Fix parsing original URL - deps: on-headers@~1.0.0 - deps: parseurl@~1.3.0 * deps: method-override@~2.1.3 * deps: on-headers@~1.0.0 * deps: parseurl@~1.3.0 * deps: qs@1.2.1 * deps: response-time@~2.0.1 - deps: on-headers@~1.0.0 * deps: serve-index@~1.1.6 - Fix URL parsing * deps: serve-static@~1.5.1 - Fix parsing of weird `req.originalUrl` values - deps: parseurl@~1.3.0 = deps: utils-merge@1.0.0 2.25.3 / 2014-08-07 =================== * deps: multiparty@3.3.2 - Fix potential double-callback 2.25.2 / 2014-08-07 =================== * deps: body-parser@~1.6.2 - deps: qs@1.2.0 * deps: qs@1.2.0 - Fix parsing array of objects 2.25.1 / 2014-08-06 =================== * deps: body-parser@~1.6.1 - deps: qs@1.1.0 * deps: qs@1.1.0 - Accept urlencoded square brackets - Accept empty values in implicit array notation 2.25.0 / 2014-08-05 =================== * deps: body-parser@~1.6.0 - deps: qs@1.0.2 * deps: compression@~1.0.10 - Fix upper-case Content-Type characters prevent compression - deps: compressible@~1.1.1 * deps: csurf@~1.4.0 - Support changing `req.session` after `csurf` middleware - Calling `res.csrfToken()` after `req.session.destroy()` will now work * deps: express-session@~1.7.4 - Fix `res.end` patch to call correct upstream `res.write` - Fix response end delay for non-chunked responses * deps: qs@1.0.2 - Complete rewrite - Limits array length to 20 - Limits object depth to 5 - Limits parameters to 1,000 * deps: serve-static@~1.5.0 - Add `extensions` option - deps: send@0.8.1 2.24.3 / 2014-08-04 =================== * deps: serve-index@~1.1.5 - Fix Content-Length calculation for multi-byte file names - deps: accepts@~1.0.7 * deps: serve-static@~1.4.4 - Fix incorrect 403 on Windows and Node.js 0.11 - deps: send@0.7.4 2.24.2 / 2014-07-27 =================== * deps: body-parser@~1.5.2 * deps: depd@0.4.4 - Work-around v8 generating empty stack traces * deps: express-session@~1.7.2 * deps: morgan@~1.2.2 * deps: serve-static@~1.4.2 2.24.1 / 2014-07-26 =================== * deps: body-parser@~1.5.1 * deps: depd@0.4.3 - Fix exception when global `Error.stackTraceLimit` is too low * deps: express-session@~1.7.1 * deps: morgan@~1.2.1 * deps: serve-index@~1.1.4 * deps: serve-static@~1.4.1 2.24.0 / 2014-07-22 =================== * deps: body-parser@~1.5.0 - deps: depd@0.4.2 - deps: iconv-lite@0.4.4 - deps: raw-body@1.3.0 - deps: type-is@~1.3.2 * deps: compression@~1.0.9 - Add `debug` messages - deps: accepts@~1.0.7 * deps: connect-timeout@~1.2.1 - Accept string for `time` (converted by `ms`) - deps: debug@1.0.4 * deps: debug@1.0.4 * deps: depd@0.4.2 - Add `TRACE_DEPRECATION` environment variable - Remove non-standard grey color from color output - Support `--no-deprecation` argument - Support `--trace-deprecation` argument * deps: express-session@~1.7.0 - Improve session-ending error handling - deps: debug@1.0.4 - deps: depd@0.4.2 * deps: finalhandler@0.1.0 - Respond after request fully read - deps: debug@1.0.4 * deps: method-override@~2.1.2 - deps: debug@1.0.4 - deps: parseurl@~1.2.0 * deps: morgan@~1.2.0 - Add `:remote-user` token - Add `combined` log format - Add `common` log format - Remove non-standard grey color from `dev` format * deps: multiparty@3.3.1 * deps: parseurl@~1.2.0 - Cache URLs based on original value - Remove no-longer-needed URL mis-parse work-around - Simplify the "fast-path" `RegExp` * deps: serve-static@~1.4.0 - Add `dotfiles` option - deps: parseurl@~1.2.0 - deps: send@0.7.0 2.23.0 / 2014-07-10 =================== * deps: debug@1.0.3 - Add support for multiple wildcards in namespaces * deps: express-session@~1.6.4 * deps: method-override@~2.1.0 - add simple debug output - deps: methods@1.1.0 - deps: parseurl@~1.1.3 * deps: parseurl@~1.1.3 - faster parsing of href-only URLs * deps: serve-static@~1.3.1 - deps: parseurl@~1.1.3 2.22.0 / 2014-07-03 =================== * deps: csurf@~1.3.0 - Fix `cookie.signed` option to actually sign cookie * deps: express-session@~1.6.1 - Fix `res.end` patch to return correct value - Fix `res.end` patch to handle multiple `res.end` calls - Reject cookies with missing signatures * deps: multiparty@3.3.0 - Always emit close after all parts ended - Fix callback hang in node.js 0.8 on errors * deps: serve-static@~1.3.0 - Accept string for `maxAge` (converted by `ms`) - Add `setHeaders` option - Include HTML link in redirect response - deps: send@0.5.0 2.21.1 / 2014-06-26 =================== * deps: cookie-parser@1.3.2 - deps: cookie-signature@1.0.4 * deps: cookie-signature@1.0.4 - fix for timing attacks * deps: express-session@~1.5.2 - deps: cookie-signature@1.0.4 * deps: type-is@~1.3.2 - more mime types 2.21.0 / 2014-06-20 =================== * deprecate `connect(middleware)` -- use `app.use(middleware)` instead * deprecate `connect.createServer()` -- use `connect()` instead * fix `res.setHeader()` patch to work with get -> append -> set pattern * deps: compression@~1.0.8 * deps: errorhandler@~1.1.1 * deps: express-session@~1.5.0 - Deprecate integration with `cookie-parser` middleware - Deprecate looking for secret in `req.secret` - Directly read cookies; `cookie-parser` no longer required - Directly set cookies; `res.cookie` no longer required - Generate session IDs with `uid-safe`, faster and even less collisions * deps: serve-index@~1.1.3 2.20.2 / 2014-06-19 =================== * deps: body-parser@1.4.3 - deps: type-is@1.3.1 2.20.1 / 2014-06-19 =================== * deps: type-is@1.3.1 - fix global variable leak 2.20.0 / 2014-06-19 =================== * deprecate `verify` option to `json` -- use `body-parser` npm module instead * deprecate `verify` option to `urlencoded` -- use `body-parser` npm module instead * deprecate things with `depd` module * use `finalhandler` for final response handling * use `media-typer` to parse `content-type` for charset * deps: body-parser@1.4.2 - check accepted charset in content-type (accepts utf-8) - check accepted encoding in content-encoding (accepts identity) - deprecate `urlencoded()` without provided `extended` option - lazy-load urlencoded parsers - support gzip and deflate bodies - set `inflate: false` to turn off - deps: raw-body@1.2.2 - deps: type-is@1.3.0 - Support all encodings from `iconv-lite` * deps: connect-timeout@1.1.1 - deps: debug@1.0.2 * deps: cookie-parser@1.3.1 - export parsing functions - `req.cookies` and `req.signedCookies` are now plain objects - slightly faster parsing of many cookies * deps: csurf@1.2.2 * deps: errorhandler@1.1.0 - Display error on console formatted like `throw` - Escape HTML in stack trace - Escape HTML in title - Fix up edge cases with error sent in response - Set `X-Content-Type-Options: nosniff` header - Use accepts for negotiation * deps: express-session@1.4.0 - Add `genid` option to generate custom session IDs - Add `saveUninitialized` option to control saving uninitialized sessions - Add `unset` option to control unsetting `req.session` - Generate session IDs with `rand-token` by default; reduce collisions - Integrate with express "trust proxy" by default - deps: buffer-crc32@0.2.3 - deps: debug@1.0.2 * deps: multiparty@3.2.9 * deps: serve-index@1.1.2 - deps: batch@0.5.1 * deps: type-is@1.3.0 - improve type parsing * deps: vhost@2.0.0 - Accept `RegExp` object for `hostname` - Provide `req.vhost` object - Support IPv6 literal in `Host` header 2.19.6 / 2014-06-11 =================== * deps: body-parser@1.3.1 - deps: type-is@1.2.1 * deps: compression@1.0.7 - use vary module for better `Vary` behavior - deps: accepts@1.0.3 - deps: compressible@1.1.0 * deps: debug@1.0.2 * deps: serve-index@1.1.1 - deps: accepts@1.0.3 * deps: serve-static@1.2.3 - Do not throw un-catchable error on file open race condition - deps: send@0.4.3 2.19.5 / 2014-06-09 =================== * deps: csurf@1.2.1 - refactor to use csrf-tokens@~1.0.2 * deps: debug@1.0.1 * deps: serve-static@1.2.2 - fix "event emitter leak" warnings - deps: send@0.4.2 * deps: type-is@1.2.1 - Switch dependency from `mime` to `mime-types@1.0.0` 2.19.4 / 2014-06-05 =================== * deps: errorhandler@1.0.2 - Pass on errors from reading error files * deps: method-override@2.0.2 - use vary module for better `Vary` behavior * deps: serve-favicon@2.0.1 - Reduce byte size of `ETag` header 2.19.3 / 2014-06-03 =================== * deps: compression@1.0.6 - fix listeners for delayed stream creation - fix regression for certain `stream.pipe(res)` situations - fix regression when negotiation fails 2.19.2 / 2014-06-03 =================== * deps: compression@1.0.4 - fix adding `Vary` when value stored as array - fix back-pressure behavior - fix length check for `res.end` 2.19.1 / 2014-06-02 =================== * fix deprecated `utils.escape` 2.19.0 / 2014-06-02 =================== * deprecate `methodOverride()` -- use `method-override` npm module instead * deps: body-parser@1.3.0 - add `extended` option to urlencoded parser * deps: method-override@2.0.1 - set `Vary` header - deps: methods@1.0.1 * deps: multiparty@3.2.8 * deps: response-time@2.0.0 - add `digits` argument - do not override existing `X-Response-Time` header - timer not subject to clock drift - timer resolution down to nanoseconds * deps: serve-static@1.2.1 - send max-age in Cache-Control in correct format - use `escape-html` for escaping - deps: send@0.4.1 2.18.0 / 2014-05-29 =================== * deps: compression@1.0.3 * deps: serve-index@1.1.0 - Fix content negotiation when no `Accept` header - Properly support all HTTP methods - Support vanilla node.js http servers - Treat `ENAMETOOLONG` as code 414 - Use accepts for negotiation * deps: serve-static@1.2.0 - Calculate ETag with md5 for reduced collisions - Fix wrong behavior when index file matches directory - Ignore stream errors after request ends - Skip directories in index file search - deps: send@0.4.0 2.17.3 / 2014-05-27 =================== * deps: express-session@1.2.1 - Fix `resave` such that `resave: true` works 2.17.2 / 2014-05-27 =================== * deps: body-parser@1.2.2 - invoke `next(err)` after request fully read - deps: raw-body@1.1.6 * deps: method-override@1.0.2 - Handle `req.body` key referencing array or object - Handle multiple HTTP headers 2.17.1 / 2014-05-21 =================== * fix `res.charset` appending charset when `content-type` has one 2.17.0 / 2014-05-20 =================== * deps: express-session@1.2.0 - Add `resave` option to control saving unmodified sessions * deps: morgan@1.1.1 - "dev" format will use same tokens as other formats - `:response-time` token is now empty when immediate used - `:response-time` token is now monotonic - `:response-time` token has precision to 1 μs - fix `:status` + immediate output in node.js 0.8 - improve `buffer` option to prevent indefinite event loop holding - simplify method to get remote address - deps: bytes@1.0.0 * deps: serve-index@1.0.3 - Fix error from non-statable files in HTML view 2.16.2 / 2014-05-18 =================== * fix edge-case in `res.appendHeader` that would append in wrong order * deps: method-override@1.0.1 2.16.1 / 2014-05-17 =================== * remove usages of `res.headerSent` from core 2.16.0 / 2014-05-17 =================== * deprecate `res.headerSent` -- use `res.headersSent` * deprecate `res.on("header")` -- use on-headers module instead * fix `connect.version` to reflect the actual version * json: use body-parser - add `type` option - fix repeated limit parsing with every request - improve parser speed * urlencoded: use body-parser - add `type` option - fix repeated limit parsing with every request * dep: bytes@1.0.0 * add negative support * dep: cookie-parser@1.1.0 - deps: cookie@0.1.2 * dep: csurf@1.2.0 - add support for double-submit cookie * dep: express-session@1.1.0 - Add `name` option; replacement for `key` option - Use `setImmediate` in MemoryStore for node.js >= 0.10 2.15.0 / 2014-05-04 =================== * Add simple `res.cookie` support * Add `res.appendHeader` * Call error stack even when response has been sent * Patch `res.headerSent` to return Boolean * Patch `res.headersSent` for node.js 0.8 * Prevent default 404 handler after response sent * dep: compression@1.0.2 * support headers given to `res.writeHead` * deps: bytes@0.3.0 * deps: negotiator@0.4.3 * dep: connect-timeout@1.1.0 * Add `req.timedout` property * Add `respond` option to constructor * Clear timer on socket destroy * deps: debug@0.8.1 * dep: debug@^0.8.0 * add `enable()` method * change from stderr to stdout * dep: errorhandler@1.0.1 * Clean up error CSS * Do not respond after headers sent * dep: express-session@1.0.4 * Remove import of `setImmediate` * Use `res.cookie()` instead of `res.setHeader()` * deps: cookie@0.1.2 * deps: debug@0.8.1 * dep: morgan@1.0.1 * Make buffer unique per morgan instance * deps: bytes@0.3.0 * dep: serve-favicon@2.0.0 * Accept `Buffer` of icon as first argument * Non-GET and HEAD requests are denied * Send valid max-age value * Support conditional requests * Support max-age=0 * Support OPTIONS method * Throw if `path` argument is directory * dep: serve-index@1.0.2 * Add stylesheet option * deps: negotiator@0.4.3 2.14.5 / 2014-04-24 =================== * dep: raw-body@1.1.4 * allow true as an option * deps: bytes@0.3.0 * dep: serve-static@1.1.0 * Accept options directly to `send` module * deps: send@0.3.0 2.14.4 / 2014-04-07 =================== * dep: bytes@0.3.0 * added terabyte support * dep: csurf@1.1.0 * add constant-time string compare * dep: serve-static@1.0.4 * Resolve relative paths at middleware setup * Use parseurl to parse the URL from request * fix node.js 0.8 compatibility with memory session 2.14.3 / 2014-03-18 =================== * dep: static-favicon@1.0.2 * Fixed content of default icon 2.14.2 / 2014-03-11 =================== * dep: static-favicon@1.0.1 * Fixed path to default icon 2.14.1 / 2014-03-06 =================== * dep: fresh@0.2.2 * no real changes * dep: serve-index@1.0.1 * deps: negotiator@0.4.2 * dep: serve-static@1.0.2 * deps: send@0.2.0 2.14.0 / 2014-03-05 =================== * basicAuth: use basic-auth-connect * cookieParser: use cookie-parser * compress: use compression * csrf: use csurf * dep: cookie-signature@1.0.3 * directory: use serve-index * errorHandler: use errorhandler * favicon: use static-favicon * logger: use morgan * methodOverride: use method-override * responseTime: use response-time * session: use express-session * static: use serve-static * timeout: use connect-timeout * vhost: use vhost 2.13.1 / 2014-03-05 =================== * cookieSession: compare full value rather than crc32 * deps: raw-body@1.1.3 2.13.0 / 2014-02-14 =================== * fix typo in memory store warning #974 @rvagg * compress: use compressible * directory: add template option #990 @gottaloveit @Earl-Brown * csrf: prevent deprecated warning with old sessions 2.12.0 / 2013-12-10 =================== * bump qs * directory: sort folders before files * directory: add folder icons * directory: de-duplicate icons, details/mobile views #968 @simov * errorHandler: end default 404 handler with a newline #972 @rlidwka * session: remove long cookie expire check #870 @undoZen 2.11.2 / 2013-12-01 =================== * bump raw-body 2.11.1 / 2013-11-27 =================== * bump raw-body * errorHandler: use `res.setHeader()` instead of `res.writeHead()` #949 @lo1tuma 2.11.0 / 2013-10-29 =================== * update bytes * update uid2 * update negotiator * sessions: add rolling session option #944 @ilmeo * sessions: property set cookies when given FQDN * cookieSessions: properly set cookies when given FQDN #948 @bmancini55 * proto: fix FQDN mounting when multiple handlers #945 @bmancini55 2.10.1 / 2013-10-23 =================== * fixed; fixed a bug with static middleware at root and trailing slashes #942 (@dougwilson) 2.10.0 / 2013-10-22 =================== * fixed: set headers written by writeHead before emitting 'header' * fixed: mounted path should ignore querystrings on FQDNs #940 (@dougwilson) * fixed: parsing protocol-relative URLs with @ as pathnames #938 (@dougwilson) * fixed: fix static directory redirect for mount's root #937 (@dougwilson) * fixed: setting set-cookie header when mixing arrays and strings #893 (@anuj123) * bodyParser: optional verify function for urlencoded and json parsers for signing request bodies * compress: compress checks content-length to check threshold * compress: expose `res.flush()` for flushing responses * cookieParser: pass options into node-cookie #803 (@cauldrath) * errorHandler: replace `\n`s with `
`s in error handler 2.9.2 / 2013-10-18 ================== * warn about multiparty and limit middleware deprecation for v3 * fix fully qualified domain name mounting. #920 (@dougwilson) * directory: Fix potential security issue with serving files outside the root. #929 (@dougwilson) * logger: store IP at beginning in case socket prematurely closes #930 (@dougwilson) 2.9.1 / 2013-10-15 ================== * update multiparty * compress: Set vary header only if Content-Type passes filter #904 * directory: Fix directory middleware URI escaping #917 (@dougwilson) * directory: Fix directory seperators for Windows #914 (@dougwilson) * directory: Keep query string intact during directory redirect #913 (@dougwilson) * directory: Fix paths in links #730 (@JacksonTian) * errorHandler: Don't escape text/plain as HTML #875 (@johan) * logger: Write '0' instead of '-' when response time is zero #910 (@dougwilson) * logger: Log even when connections are aborted #760 (@dylanahsmith) * methodOverride: Check req.body is an object #907 (@kbjr) * multipart: Add .type back to file parts for backwards compatibility #912 (@dougwilson) * multipart: Allow passing options to the Multiparty constructor #902 (@niftylettuce) 2.9.0 / 2013-09-07 ================== * multipart: add docs regarding tmpfiles * multipart: add .name back to file parts * multipart: use multiparty instead of formidable 2.8.8 / 2013-09-02 ================== * csrf: change to math.random() salt and remove csrfToken() callback 2.8.7 / 2013-08-28 ================== * csrf: prevent salt generation on every request, and add async req.csrfToken(fn) 2.8.6 / 2013-08-28 ================== * csrf: refactor to use HMAC tokens (BREACH attack) * compress: add compression of SVG and common font files by default. 2.8.5 / 2013-08-11 ================== * add: compress Dart source files by default * update fresh 2.8.4 / 2013-07-08 ================== * update send 2.8.3 / 2013-07-04 ================== * add a name back to static middleware ("staticMiddleware") * fix .hasBody() utility to require transfer-encoding or content-length 2.8.2 / 2013-07-03 ================== * update send * update cookie dep. * add better debug() for middleware * add whitelisting of supported methods to methodOverride() 2.8.1 / 2013-06-27 ================== * fix: escape req.method in 404 response 2.8.0 / 2013-06-26 ================== * add `threshold` option to `compress()` to prevent compression of small responses * add support for vendor JSON mime types in json() * add X-Forwarded-Proto initial https proxy support * change static redirect to 303 * change octal escape sequences for strict mode * change: replace utils.uid() with uid2 lib * remove other "static" function name. Fixes #794 * fix: hasBody() should return false if Content-Length: 0 2.7.11 / 2013-06-02 ================== * update send 2.7.10 / 2013-05-21 ================== * update qs * update formidable * fix: write/end to noop() when request aborted 2.7.9 / 2013-05-07 ================== * update qs * drop support for node < v0.8 2.7.8 / 2013-05-03 ================== * update qs 2.7.7 / 2013-04-29 ================== * update qs dependency * remove "static" function name. Closes #794 * update node-formidable * update buffer-crc32 2.7.6 / 2013-04-15 ================== * revert cookie signature which was creating session race conditions 2.7.5 / 2013-04-12 ================== * update cookie-signature * limit: do not consume request in node 0.10.x 2.7.4 / 2013-04-01 ================== * session: add long expires check and prevent excess set-cookie * session: add console.error() of session#save() errors 2.7.3 / 2013-02-19 ================== * add name to compress middleware * add appending Accept-Encoding to Vary when set but missing * add tests for csrf middleware * add 'next' support for connect() server handler * change utils.uid() to return url-safe chars. Closes #753 * fix treating '.' as a regexp in vhost() * fix duplicate bytes dep in package.json. Closes #743 * fix #733 - parse x-forwarded-proto in a more generally compatibly way * revert "add support for `next(status[, msg])`"; makes composition hard 2.7.2 / 2013-01-04 ================== * add support for `next(status[, msg])` back * add utf-8 meta tag to support foreign characters in filenames/directories * change `timeout()` 408 to 503 * replace 'node-crc' with 'buffer-crc32', fixes licensing * fix directory.html IE support 2.7.1 / 2012-12-05 ================== * add directory() tests * add support for bodyParser to ignore Content-Type if no body is present (jquery primarily does this poorely) * fix errorHandler signature 2.7.0 / 2012-11-13 ================== * add support for leading JSON whitespace * add logging of `req.ip` when present * add basicAuth support for `:`-delimited string * update cookie module. Closes #688 2.6.2 / 2012-11-01 ================== * add `debug()` for disconnected session store * fix session regeneration bug. Closes #681 2.6.1 / 2012-10-25 ================== * add passing of `connect.timeout()` errors to `next()` * replace signature utils with cookie-signature module 2.6.0 / 2012-10-09 ================== * add `defer` option to `multipart()` [Blake Miner] * fix mount path case sensitivity. Closes #663 * fix default of ascii encoding from `logger()`, now utf8. Closes #293 2.5.0 / 2012-09-27 ================== * add `err.status = 400` to multipart() errors * add double-encoding protection to `compress()`. Closes #659 * add graceful handling cookie parsing errors [shtylman] * fix typo X-Response-time to X-Response-Time 2.4.6 / 2012-09-18 ================== * update qs 2.4.5 / 2012-09-03 ================== * add session store "connect" / "disconnect" support [louischatriot] * fix `:url` log token 2.4.4 / 2012-08-21 ================== * fix `static()` pause regression from "send" integration 2.4.3 / 2012-08-07 ================== * fix `.write()` encoding for zlib inconstancy. Closes #561 2.4.2 / 2012-07-25 ================== * remove limit default from `urlencoded()` * remove limit default from `json()` * remove limit default from `multipart()` * fix `cookieSession()` clear cookie path / domain bug. Closes #636 2.4.1 / 2012-07-24 ================== * fix `options` mutation in `static()` 2.4.0 / 2012-07-23 ================== * add `connect.timeout()` * add __GET__ / __HEAD__ check to `directory()`. Closes #634 * add "pause" util dep * update send dep for normalization bug 2.3.9 / 2012-07-16 ================== * add more descriptive invalid json error message * update send dep for root normalization regression * fix staticCache fresh dep 2.3.8 / 2012-07-12 ================== * fix `connect.static()` 404 regression, pass `next()`. Closes #629 2.3.7 / 2012-07-05 ================== * add `json()` utf-8 illustration test. Closes #621 * add "send" dependency * change `connect.static()` internals to use "send" * fix `session()` req.session generation with pathname mismatch * fix `cookieSession()` req.session generation with pathname mismatch * fix mime export. Closes #618 2.3.6 / 2012-07-03 ================== * Fixed cookieSession() with cookieParser() secret regression. Closes #602 * Fixed set-cookie header fields on cookie.path mismatch. Closes #615 2.3.5 / 2012-06-28 ================== * Remove `logger()` mount check * Fixed `staticCache()` dont cache responses with set-cookie. Closes #607 * Fixed `staticCache()` when Cookie is present 2.3.4 / 2012-06-22 ================== * Added `err.buf` to urlencoded() and json() * Update cookie to 0.0.4. Closes #604 * Fixed: only send 304 if original response in 2xx or 304 [timkuijsten] 2.3.3 / 2012-06-11 ================== * Added ETags back to `static()` [timkuijsten] * Replaced `utils.parseRange()` with `range-parser` module * Replaced `utils.parseBytes()` with `bytes` module * Replaced `utils.modified()` with `fresh` module * Fixed `cookieSession()` regression with invalid cookie signing [shtylman] 2.3.2 / 2012-06-08 ================== * expose mime module * Update crc dep (which bundled nodeunit) 2.3.1 / 2012-06-06 ================== * Added `secret` option to `cookieSession` middleware [shtylman] * Added `secret` option to `session` middleware [shtylman] * Added `req.remoteUser` back to `basicAuth()` as alias of `req.user` * Performance: improve signed cookie parsing * Update `cookie` dependency [shtylman] 2.3.0 / 2012-05-20 ================== * Added limit option to `json()` * Added limit option to `urlencoded()` * Added limit option to `multipart()` * Fixed: remove socket error event listener on callback * Fixed __ENOTDIR__ error on `static` middleware 2.2.2 / 2012-05-07 ================== * Added support to csrf middle for pre-flight CORS requests * Updated `engines` to allow newer version of node * Removed duplicate repo prop. Closes #560 2.2.1 / 2012-04-28 ================== * Fixed `static()` redirect when mounted. Closes #554 2.2.0 / 2012-04-25 ================== * Added `make benchmark` * Perf: memoize url parsing (~20% increase) * Fixed `connect(fn, fn2, ...)`. Closes #549 2.1.3 / 2012-04-20 ================== * Added optional json() `reviver` function to be passed to JSON.parse [jed] * Fixed: emit drain in compress middleware [nsabovic] 2.1.2 / 2012-04-11 ================== * Fixed cookieParser() `req.cookies` regression 2.1.1 / 2012-04-11 ================== * Fixed `session()` browser-session length cookies & examples * Fixed: make `query()` "self-aware" [jed] 2.1.0 / 2012-04-05 ================== * Added `debug()` calls to `.use()` (`DEBUG=connect:displatcher`) * Added `urlencoded()` support for GET * Added `json()` support for GET. Closes #497 * Added `strict` option to `json()` * Changed: `session()` only set-cookie when modified * Removed `Session#lastAccess` property. Closes #399 2.0.3 / 2012-03-20 ================== * Added: `cookieSession()` only sets cookie on change. Closes #442 * Added `connect:dispatcher` debug() probes 2.0.2 / 2012-03-04 ================== * Added test for __ENAMETOOLONG__ now that node is fixed * Fixed static() index "/" check on windows. Closes #498 * Fixed Content-Range behaviour to match RFC2616 [matthiasdg / visionmedia] 2.0.1 / 2012-02-29 ================== * Added test coverage for `vhost()` middleware * Changed `cookieParser()` signed cookie support to use SHA-2 [senotrusov] * Fixed `static()` Range: respond with 416 when unsatisfiable * Fixed `vhost()` middleware. Closes #494 2.0.0 / 2011-10-05 ================== * Added `cookieSession()` middleware for cookie-only sessions * Added `compress()` middleware for gzip / deflate support * Added `session()` "proxy" setting to trust `X-Forwarded-Proto` * Added `json()` middleware to parse "application/json" * Added `urlencoded()` middleware to parse "application/x-www-form-urlencoded" * Added `multipart()` middleware to parse "multipart/form-data" * Added `cookieParser(secret)` support so anything using this middleware may access signed cookies * Added signed cookie support to `cookieParser()` * Added support for JSON-serialized cookies to `cookieParser()` * Added `err.status` support in Connect's default end-point * Added X-Cache MISS / HIT to `staticCache()` * Added public `res.headerSent` checking nodes `res._headerSent` until node does * Changed `basicAuth()` req.remoteUser to req.user * Changed: default `session()` to a browser-session cookie. Closes #475 * Changed: no longer lowercase cookie names * Changed `bodyParser()` to use `json()`, `urlencoded()`, and `multipart()` * Changed: `errorHandler()` is now a development-only middleware * Changed middleware to `next()` errors when possible so applications can unify logging / handling * Removed `http[s].Server` inheritance, now just a function, making it easy to have an app providing both http and https * Removed `.createServer()` (use `connect()`) * Removed `secret` option from `session()`, use `cookieParser(secret)` * Removed `connect.session.ignore` array support * Removed `router()` middleware. Closes #262 * Fixed: set-cookie only once for browser-session cookies * Fixed FQDN support. dont add leading "/" * Fixed 404 XSS attack vector. Closes #473 * Fixed __HEAD__ support for 404s and 500s generated by Connect's end-point 1.8.5 / 2011-12-22 ================== * Fixed: actually allow empty body for json 1.8.4 / 2011-12-22 ================== * Changed: allow empty body for json/urlencoded requests. Backport for #443 1.8.3 / 2011-12-16 ================== * Fixed `static()` _index.html_ support on windows 1.8.2 / 2011-12-03 ================== * Fixed potential security issue, store files in req.files. Closes #431 [reported by dobesv] 1.8.1 / 2011-11-21 ================== * Added nesting support for _multipart/form-data_ [jackyz] 1.8.0 / 2011-11-17 ================== * Added _multipart/form-data_ support to `bodyParser()` using formidable 1.7.3 / 2011-11-11 ================== * Fixed `req.body`, always default to {} * Fixed HEAD support for 404s and 500s 1.7.2 / 2011-10-24 ================== * "node": ">= 0.4.1 < 0.7.0" * Added `static()` redirect option. Closes #398 * Changed `limit()`: respond with 413 when content-length exceeds the limit * Removed socket error listener in static(). Closes #389 * Fixed `staticCache()` Age header field * Fixed race condition causing errors reported in #329. 1.7.1 / 2011-09-12 ================== * Added: make `Store` inherit from `EventEmitter` * Added session `Store#load(sess, fn)` to fetch a `Session` instance * Added backpressure support to `staticCache()` * Changed `res.socket.destroy()` to `req.socket.destroy()` 1.7.0 / 2011-08-31 ================== * Added `staticCache()` middleware, a memory cache for `static()` * Added public `res.headerSent` checking nodes `res._headerSent` (remove when node adds this) * Changed: ignore error handling middleware when header is sent * Changed: dispatcher errors after header is sent destroy the sock 1.6.4 / 2011-08-26 ================== * Revert "Added double-next reporting" 1.6.3 / 2011-08-26 ================== * Added double-`next()` reporting * Added `immediate` option to `logger()`. Closes #321 * Dependency `qs >= 0.3.1` 1.6.2 / 2011-08-11 ================== * Fixed `connect.static()` null byte vulnerability * Fixed `connect.directory()` null byte vulnerability * Changed: 301 redirect in `static()` to postfix "/" on directory. Closes #289 1.6.1 / 2011-08-03 ================== * Added: allow retval `== null` from logger callback to ignore line * Added `getOnly` option to `connect.static.send()` * Added response "header" event allowing augmentation * Added `X-CSRF-Token` header field check * Changed dep `qs >= 0.3.0` * Changed: persist csrf token. Closes #322 * Changed: sort directory middleware files alphabetically 1.6.0 / 2011-07-10 ================== * Added :response-time to "dev" logger format * Added simple `csrf()` middleware. Closes #315 * Fixed `res._headers` logger regression. Closes #318 * Removed support for multiple middleware being passed to `.use()` 1.5.2 / 2011-07-06 ================== * Added `filter` function option to `directory()` [David Rio Deiros] * Changed: re-write of the `logger()` middleware, with extensible tokens and formats * Changed: `static.send()` ".." in path without root considered malicious * Fixed quotes in docs. Closes #312 * Fixed urls when mounting `directory()`, use `originalUrl` [Daniel Dickison] 1.5.1 / 2011-06-20 ================== * Added malicious path check to `directory()` middleware * Added `utils.forbidden(res)` * Added `connect.query()` middleware 1.5.0 / 2011-06-20 ================== * Added `connect.directory()` middleware for serving directory listings 1.4.6 / 2011-06-18 ================== * Fixed `connect.static()` root with `..` * Fixed `connect.static()` __EBADF__ 1.4.5 / 2011-06-17 ================== * Fixed EBADF in `connect.static()`. Closes #297 1.4.4 / 2011-06-16 ================== * Changed `connect.static()` to check resolved dirname. Closes #294 1.4.3 / 2011-06-06 ================== * Fixed fd leak in `connect.static()` when the socket is closed * Fixed; `bodyParser()` ignoring __GET/HEAD__. Closes #285 1.4.2 / 2011-05-27 ================== * Changed to `devDependencies` * Fixed stream creation on `static()` __HEAD__ request. [Andreas Lind Petersen] * Fixed Win32 support for `static()` * Fixed monkey-patch issue. Closes #261 1.4.1 / 2011-05-08 ================== * Added "hidden" option to `static()`. ignores hidden files by default. Closes * Added; expose `connect.static.mime.define()`. Closes #251 * Fixed `errorHandler` middleware for missing stack traces. [aseemk] #274 1.4.0 / 2011-04-25 ================== * Added route-middleware `next('route')` support to jump passed the route itself * Added Content-Length support to `limit()` * Added route-specific middleware support (used to be in express) * Changed; refactored duplicate session logic * Changed; prevent redefining `store.generate` per request * Fixed; `static()` does not set Content-Type when explicitly set [nateps] * Fixed escape `errorHandler()` {error} contents * NOTE: `router` will be removed in 2.0 1.3.0 / 2011-04-06 ================== * Added `router.remove(path[, method])` to remove a route 1.2.3 / 2011-04-05 ================== * Fixed basicAuth realm issue when passing strings. Closes #253 1.2.2 / 2011-04-05 ================== * Added `basicAuth(username, password)` support * Added `errorHandler.title` defaulting to "Connect" * Changed `errorHandler` css 1.2.1 / 2011-03-30 ================== * Fixed `logger()` https `remoteAddress` logging [Alexander Simmerl] 1.2.0 / 2011-03-30 ================== * Added `router.lookup(path[, method])` * Added `router.match(url[, method])` * Added basicAuth async support. Closes #223 1.1.5 / 2011-03-27 ================== * Added; allow `logger()` callback function to return an empty string to ignore logging * Fixed; utilizing `mime.charsets.lookup()` for `static()`. Closes 245 1.1.4 / 2011-03-23 ================== * Added `logger()` support for format function * Fixed `logger()` to support mess of writeHead()/progressive api for node 0.4.x 1.1.3 / 2011-03-21 ================== * Changed; `limit()` now calls `req.destroy()` 1.1.2 / 2011-03-21 ================== * Added request "limit" event to `limit()` middleware * Changed; `limit()` middleware will `next(err)` on failure 1.1.1 / 2011-03-18 ================== * Fixed session middleware for HTTPS. Closes #241 [reported by mt502] 1.1.0 / 2011-03-17 ================== * Added `Session#reload(fn)` 1.0.6 / 2011-03-09 ================== * Fixed `res.setHeader()` patch, preserve casing 1.0.5 / 2011-03-09 ================== * Fixed; `logger()` using `req.originalUrl` instead of `req.url` 1.0.4 / 2011-03-09 ================== * Added `res.charset` * Added conditional sessions example * Added support for `session.ignore` to be replaced. Closes #227 * Fixed `Cache-Control` delimiters. Closes #228 1.0.3 / 2011-03-03 ================== * Fixed; `static.send()` invokes callback with connection error 1.0.2 / 2011-03-02 ================== * Fixed exported connect function * Fixed package.json; node ">= 0.4.1 < 0.5.0" 1.0.1 / 2011-03-02 ================== * Added `Session#save(fn)`. Closes #213 * Added callback support to `connect.static.send()` for express * Added `connect.static.send()` "path" option * Fixed content-type in `static()` for _index.html_ 1.0.0 / 2011-03-01 ================== * Added `stack`, `message`, and `dump` errorHandler option aliases * Added `req.originalMethod` to methodOverride * Added `favicon()` maxAge option support * Added `connect()` alternative to `connect.createServer()` * Added new [documentation](http://senchalabs.github.com/connect) * Added Range support to `static()` * Added HTTPS support * Rewrote session middleware. The session API now allows for session-specific cookies, so you may alter each individually. Click to view the new [session api](http://senchalabs.github.com/connect/middleware-session.html). * Added middleware self-awareness. This helps prevent middleware breakage when used within mounted servers. For example `cookieParser()` will not parse cookies more than once even when within a mounted server. * Added new examples in the `./examples` directory * Added [limit()](http://senchalabs.github.com/connect/middleware-limit.html) middleware * Added [profiler()](http://senchalabs.github.com/connect/middleware-profiler.html) middleware * Added [responseTime()](http://senchalabs.github.com/connect/middleware-responseTime.html) middleware * Renamed `staticProvider` to `static` * Renamed `bodyDecoder` to `bodyParser` * Renamed `cookieDecoder` to `cookieParser` * Fixed ETag quotes. [reported by papandreou] * Fixed If-None-Match comma-delimited ETag support. [reported by papandreou] * Fixed; only set req.originalUrl once. Closes #124 * Fixed symlink support for `static()`. Closes #123 0.5.10 / 2011-02-14 ================== * Fixed SID space issue. Closes #196 * Fixed; proxy `res.end()` to commit session data * Fixed directory traversal attack in `staticProvider`. Closes #198 0.5.9 / 2011-02-09 ================== * qs >= 0.0.4 0.5.8 / 2011-02-04 ================== * Added `qs` dependency * Fixed router race-condition causing possible failure when `next()`ing to one or more routes with parallel requests 0.5.7 / 2011-02-01 ================== * Added `onvhost()` call so Express (and others) can know when they are * Revert "Added stylus support" (use the middleware which ships with stylus) * Removed custom `Server#listen()` to allow regular `http.Server#listen()` args to work properly * Fixed long standing router issue (#83) that causes '.' to be disallowed within named placeholders in routes [Andreas Lind Petersen] * Fixed `utils.uid()` length error [Jxck] mounted 0.5.6 / 2011-01-23 ================== * Added stylus support to `compiler` * _favicon.js_ cleanup * _compiler.js_ cleanup * _bodyDecoder.js_ cleanup 0.5.5 / 2011-01-13 ================== * Changed; using sha256 HMAC instead of md5. [Paul Querna] * Changed; generated a longer random UID, without time influence. [Paul Querna] * Fixed; session middleware throws when secret is not present. [Paul Querna] 0.5.4 / 2011-01-07 ================== * Added; throw when router path or callback is missing * Fixed; `next(err)` on cookie parse exception instead of ignoring * Revert "Added utils.pathname(), memoized url.parse(str).pathname" 0.5.3 / 2011-01-05 ================== * Added _docs/api.html_ * Added `utils.pathname()`, memoized url.parse(str).pathname * Fixed `session.id` issue. Closes #183 * Changed; Defaulting `staticProvider` maxAge to 0 not 1 year. Closes #179 * Removed bad outdated docs, we need something new / automated eventually 0.5.2 / 2010-12-28 ================== * Added default __OPTIONS__ support to _router_ middleware 0.5.1 / 2010-12-28 ================== * Added `req.session.id` mirroring `req.sessionID` * Refactored router, exposing `connect.router.methods` * Exclude non-lib files from npm * Removed imposed headers `X-Powered-By`, `Server`, etc 0.5.0 / 2010-12-06 ================== * Added _./index.js_ * Added route segment precondition support and example * Added named capture group support to router 0.4.0 / 2010-11-29 ================== * Added `basicAuth` middleware * Added more HTTP methods to the `router` middleware 0.3.0 / 2010-07-21 ================== * Added _staticGzip_ middleware * Added `connect.utils` to expose utils * Added `connect.session.Session` * Added `connect.session.Store` * Added `connect.session.MemoryStore` * Added `connect.middleware` to expose the middleware getters * Added `buffer` option to _logger_ for performance increase * Added _favicon_ middleware for serving your own favicon or the connect default * Added option support to _staticProvider_, can now pass _root_ and _lifetime_. * Added; mounted `Server` instances now have the `route` property exposed for reflection * Added support for callback as first arg to `Server#use()` * Added support for `next(true)` in _router_ to bypass match attempts * Added `Server#listen()` _host_ support * Added `Server#route` when `Server#use()` is called with a route on a `Server` instance * Added _methodOverride_ X-HTTP-Method-Override support * Refactored session internals, adds _secret_ option * Renamed `lifetime` option to `maxAge` in _staticProvider_ * Removed connect(1), it is now [spark(1)](http://github.com/senchalabs/spark) * Removed connect(1) dependency on examples, they can all now run with node(1) * Remove a typo that was leaking a global. * Removed `Object.prototype` forEach() and map() methods * Removed a few utils not used * Removed `connect.createApp()` * Removed `res.simpleBody()` * Removed _format_ middleware * Removed _flash_ middleware * Removed _redirect_ middleware * Removed _jsonrpc_ middleware, use [visionmedia/connect-jsonrpc](http://github.com/visionmedia/connect-jsonrpc) * Removed _pubsub_ middleware * Removed need for `params.{captures,splat}` in _router_ middleware, `params` is an array * Changed; _compiler_ no longer 404s * Changed; _router_ signature now matches connect middleware signature * Fixed a require in _session_ for default `MemoryStore` * Fixed nasty request body bug in _router_. Closes #54 * Fixed _less_ support in _compiler_ * Fixed bug preventing proper bubbling of exceptions in mounted servers * Fixed bug in `Server#use()` preventing `Server` instances as the first arg * Fixed **ENOENT** special case, is now treated as any other exception * Fixed spark env support 0.2.1 / 2010-07-09 ================== * Added support for _router_ `next()` to continue calling matched routes * Added mime type for _cache.manifest_ files. * Changed _compiler_ middleware to use async require * Changed session api, stores now only require `#get()`, and `#set()` * Fixed _cacheManifest_ by adding `utils.find()` back 0.2.0 / 2010-07-01 ================== * Added calls to `Session()` casts the given object as a `Session` instance * Added passing of `next()` to _router_ callbacks. Closes #46 * Changed; `MemoryStore#destroy()` removes `req.session` * Changed `res.redirect("back")` to default to "/" when Referr?er is not present * Fixed _staticProvider_ urlencoded paths issue. Closes #47 * Fixed _staticProvider_ middleware responding to **GET** requests * Fixed _jsonrpc_ middleware `Accept` header check. Closes #43 * Fixed _logger_ format option * Fixed typo in _compiler_ middleware preventing the _dest_ option from working 0.1.0 / 2010-06-25 ================== * Revamped the api, view the [Connect documentation](http://extjs.github.com/Connect/index.html#Middleware-Authoring) for more info (hover on the right for menu) * Added [extended api docs](http://extjs.github.com/Connect/api.html) * Added docs for several more middleware layers * Added `connect.Server#use()` * Added _compiler_ middleware which provides arbitrary static compilation * Added `req.originalUrl` * Removed _blog_ example * Removed _sass_ middleware (use _compiler_) * Removed _less_ middleware (use _compiler_) * Renamed middleware to be camelcase, _body-decoder_ is now _bodyDecoder_ etc. * Fixed `req.url` mutation bug when matching `connect.Server#use()` routes * Fixed `mkdir -p` implementation used in _bin/connect_. Closes #39 * Fixed bug in _bodyDecoder_ throwing exceptions on request empty bodies * `make install` installing lib to $LIB_PREFIX aka $HOME/.node_libraries 0.0.6 / 2010-06-22 ================== * Added _static_ middleware usage example * Added support for regular expressions as paths for _router_ * Added `util.merge()` * Increased performance of _static_ by ~ 200 rps * Renamed the _rest_ middleware to _router_ * Changed _rest_ api to accept a callback function * Removed _router_ middleware * Removed _proto.js_, only `Object#forEach()` remains 0.0.5 / 2010-06-21 ================== * Added Server#use() which contains the Layer normalization logic * Added documentation for several middleware * Added several new examples * Added _less_ middleware * Added _repl_ middleware * Added _vhost_ middleware * Added _flash_ middleware * Added _cookie_ middleware * Added _session_ middleware * Added `utils.htmlEscape()` * Added `utils.base64Decode()` * Added `utils.base64Encode()` * Added `utils.uid()` * Added bin/connect app path and --config path support for .js suffix, although optional. Closes #26 * Moved mime code to `utils.mime`, ex `utils.mime.types`, and `utils.mime.type()` * Renamed req.redirect() to res.redirect(). Closes #29 * Fixed _sass_ 404 on **ENOENT** * Fixed +new Date duplication. Closes #24 0.0.4 / 2010-06-16 ================== * Added workerPidfile() to bin/connect * Added --workers support to bin/connect stop and status commands * Added _redirect_ middleware * Added better --config support to bin/connect. All flags can be utilized * Added auto-detection of _./config.js_ * Added config example * Added `net.Server` support to bin/connect * Writing worker pids relative to `env.pidfile` * s/parseQuery/parse/g * Fixed npm support 0.0.3 / 2010-06-16 ================== * Fixed node dependency in package.json, now _">= 0.1.98-0"_ to support __HEAD__ 0.0.2 / 2010-06-15 ================== * Added `-V, --version` to bin/connect * Added `utils.parseCookie()` * Added `utils.serializeCookie()` * Added `utils.toBoolean()` * Added _sass_ middleware * Added _cookie_ middleware * Added _format_ middleware * Added _lint_ middleware * Added _rest_ middleware * Added _./package.json_ (npm install connect) * Added `handleError()` support * Added `process.connectEnv` * Added custom log format support to _log_ middleware * Added arbitrary env variable support to bin/connect (ext: --logFormat ":method :url") * Added -w, --workers to bin/connect * Added bin/connect support for --user NAME and --group NAME * Fixed url re-writing support 0.0.1 / 2010-06-03 ================== * Initial release connect-3.3.0/LICENSE000066400000000000000000000021671242032446000141560ustar00rootroot00000000000000(The MIT License) Copyright (c) 2010 Sencha Inc. Copyright (c) 2011 LearnBoost Copyright (c) 2011-2014 TJ Holowaychuk Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. connect-3.3.0/Readme.md000066400000000000000000000121271242032446000146650ustar00rootroot00000000000000# Connect [![NPM Version][npm-image]][npm-url] [![NPM Downloads][downloads-image]][downloads-url] [![Build Status][travis-image]][travis-url] [![Test Coverage][coveralls-image]][coveralls-url] [![Gittip][gittip-image]][gittip-url] Connect is an extensible HTTP server framework for [node](http://nodejs.org) using "plugins" known as _middleware_. ```js var connect = require('connect') var http = require('http') var app = connect() // gzip/deflate outgoing responses var compression = require('compression') app.use(compression()) // store session state in browser cookie var cookieSession = require('cookie-session') app.use(cookieSession({ keys: ['secret1', 'secret2'] })) // parse urlencoded request bodies into req.body var bodyParser = require('body-parser') app.use(bodyParser.urlencoded()) // respond to all requests app.use(function(req, res){ res.end('Hello from Connect!\n'); }) //create node.js http server and listen on port http.createServer(app).listen(3000) ``` ## Connect 3.0 Connect 3.0 is in progress in the `master` branch. The main changes in Connect are: - Middleware will be moved to their own repositories in the [expressjs](http://github.com/expressjs) organization - All node patches will be removed - all middleware _should_ work without Connect and with similar frameworks like [restify](https://github.com/mcavage/node-restify) - Node `0.8` is no longer supported - The website documentation has been removed - view the markdown readmes instead If you would like to help maintain these middleware, please contact a [member of the expressjs team](https://github.com/orgs/expressjs/people). ## Middleware These middleware and libraries are officially supported by the Connect/Express team: - [body-parser](https://github.com/expressjs/body-parser) - previous `bodyParser`, `json`, and `urlencoded`. You may also be interested in: - [body](https://github.com/raynos/body) - [co-body](https://github.com/visionmedia/co-body) - [raw-body](https://github.com/stream-utils/raw-body) - [compression](https://github.com/expressjs/compression) - previously `compress` - [connect-timeout](https://github.com/expressjs/timeout) - previously `timeout` - [cookie-parser](https://github.com/expressjs/cookie-parser) - previously `cookieParser` - [cookie-session](https://github.com/expressjs/cookie-session) - previously `cookieSession` - [csurf](https://github.com/expressjs/csurf) - previously `csrf` - [errorhandler](https://github.com/expressjs/errorhandler) - previously `error-handler` - [express-session](https://github.com/expressjs/session) - previously `session` - [method-override](https://github.com/expressjs/method-override) - previously `method-override` - [morgan](https://github.com/expressjs/morgan) - previously `logger` - [response-time](https://github.com/expressjs/response-time) - previously `response-time` - [serve-favicon](https://github.com/expressjs/serve-favicon) - previously `favicon` - [serve-index](https://github.com/expressjs/serve-index) - previously `directory` - [serve-static](https://github.com/expressjs/serve-static) - previously `static` - [vhost](https://github.com/expressjs/vhost) - previously `vhost` Most of these are exact ports of their Connect 2.x equivalents. The primary exception is `cookie-session`. Some middleware previously included with Connect are no longer supported by the Connect/Express team, are replaced by an alternative module, or should be superseded by a better module. Use one of these alternatives instead: - `cookieParser` - [cookies](https://github.com/jed/cookies) and [keygrip](https://github.com/jed/keygrip) - `limit` - [raw-body](https://github.com/stream-utils/raw-body) - `multipart` - [connect-multiparty](https://github.com/superjoe30/connect-multiparty) - [connect-busboy](https://github.com/mscdex/connect-busboy) - `query` - [qs](https://github.com/visionmedia/node-querystring) - `staticCache` - [st](https://github.com/isaacs/st) - [connect-static](https://github.com/andrewrk/connect-static) Checkout [http-framework](https://github.com/Raynos/http-framework/wiki/Modules) for many other compatible middleware! ## Running Tests ```bash npm install npm test ``` ## Contributors https://github.com/senchalabs/connect/graphs/contributors ## Node Compatibility - Connect `< 1.x` - node `0.2` - Connect `1.x` - node `0.4` - Connect `< 2.8` - node `0.6` - Connect `>= 2.8 < 3` - node `0.8` - Connect `>= 3` - node `0.10` ## License [MIT](LICENSE) [npm-image]: https://img.shields.io/npm/v/connect.svg?style=flat [npm-url]: https://npmjs.org/package/connect [travis-image]: https://img.shields.io/travis/senchalabs/connect.svg?style=flat [travis-url]: https://travis-ci.org/senchalabs/connect [coveralls-image]: https://img.shields.io/coveralls/senchalabs/connect.svg?style=flat [coveralls-url]: https://coveralls.io/r/senchalabs/connect [downloads-image]: https://img.shields.io/npm/dm/connect.svg?style=flat [downloads-url]: https://npmjs.org/package/connect [gittip-image]: https://img.shields.io/gittip/dougwilson.svg?style=flat [gittip-url]: https://www.gittip.com/dougwilson/ connect-3.3.0/index.js000066400000000000000000000000541242032446000146070ustar00rootroot00000000000000 module.exports = require('./lib/connect'); connect-3.3.0/lib/000077500000000000000000000000001242032446000137115ustar00rootroot00000000000000connect-3.3.0/lib/connect.js000066400000000000000000000011431242032446000156770ustar00rootroot00000000000000/*! * Connect * Copyright(c) 2010 Sencha Inc. * Copyright(c) 2011 TJ Holowaychuk * MIT Licensed */ /** * Module dependencies. */ var EventEmitter = require('events').EventEmitter; var merge = require('utils-merge'); var proto = require('./proto'); // expose createServer() as the module module.exports = createServer; /** * Create a new connect server. * * @return {Function} * @api public */ function createServer() { function app(req, res, next){ app.handle(req, res, next); } merge(app, proto); merge(app, EventEmitter.prototype); app.route = '/'; app.stack = []; return app; } connect-3.3.0/lib/proto.js000066400000000000000000000120011242032446000154040ustar00rootroot00000000000000/*! * Connect - HTTPServer * Copyright(c) 2010 Sencha Inc. * Copyright(c) 2011 TJ Holowaychuk * MIT Licensed */ /** * Module dependencies. */ var finalhandler = require('finalhandler'); var http = require('http'); var debug = require('debug')('connect:dispatcher'); var parseUrl = require('parseurl'); // prototype var app = module.exports = {}; // environment var env = process.env.NODE_ENV || 'development'; /** * Utilize the given middleware `handle` to the given `route`, * defaulting to _/_. This "route" is the mount-point for the * middleware, when given a value other than _/_ the middleware * is only effective when that segment is present in the request's * pathname. * * For example if we were to mount a function at _/admin_, it would * be invoked on _/admin_, and _/admin/settings_, however it would * not be invoked for _/_, or _/posts_. * * @param {String|Function|Server} route, callback or server * @param {Function|Server} callback or server * @return {Server} for chaining * @api public */ app.use = function(route, fn){ // default route to '/' if ('string' != typeof route) { fn = route; route = '/'; } // wrap sub-apps if ('function' == typeof fn.handle) { var server = fn; server.route = route; fn = function(req, res, next){ server.handle(req, res, next); }; } // wrap vanilla http.Servers if (fn instanceof http.Server) { fn = fn.listeners('request')[0]; } // strip trailing slash if ('/' == route[route.length - 1]) { route = route.slice(0, -1); } // add the middleware debug('use %s %s', route || '/', fn.name || 'anonymous'); this.stack.push({ route: route, handle: fn }); return this; }; /** * Handle server requests, punting them down * the middleware stack. * * @api private */ app.handle = function(req, res, out) { var stack = this.stack , searchIndex = req.url.indexOf('?') , pathlength = searchIndex !== -1 ? searchIndex : req.url.length , fqdn = 1 + req.url.substr(0, pathlength).indexOf('://') , protohost = fqdn ? req.url.substr(0, req.url.indexOf('/', 2 + fqdn)) : '' , removed = '' , slashAdded = false , index = 0; // final function handler var done = out || finalhandler(req, res, { env: env, onerror: logerror }); // store the original URL req.originalUrl = req.originalUrl || req.url; function next(err) { if (slashAdded) { req.url = req.url.substr(1); slashAdded = false; } if (removed.length !== 0) { req.url = protohost + removed + req.url.substr(protohost.length); removed = ''; } // next callback var layer = stack[index++]; // all done if (!layer) { done(err); return; } // route data var path = parseUrl(req).pathname || '/'; var route = layer.route; // skip this layer if the route doesn't match if (path.toLowerCase().substr(0, route.length) !== route.toLowerCase()) { return next(err); } // skip if route match does not border "/", ".", or end var c = path[route.length]; if (c !== undefined && '/' !== c && '.' !== c) { return next(err); } // trim off the part of the url that matches the route if (route.length !== 0 && route !== '/') { removed = route; req.url = protohost + req.url.substr(protohost.length + removed.length); // ensure leading slash if (!fqdn && req.url[0] !== '/') { req.url = '/' + req.url; slashAdded = true; } } // call the layer handle call(layer.handle, route, err, req, res, next); } next(); }; /** * Listen for connections. * * This method takes the same arguments * as node's `http.Server#listen()`. * * HTTP and HTTPS: * * If you run your application both as HTTP * and HTTPS you may wrap them individually, * since your Connect "server" is really just * a JavaScript `Function`. * * var connect = require('connect') * , http = require('http') * , https = require('https'); * * var app = connect(); * * http.createServer(app).listen(80); * https.createServer(options, app).listen(443); * * @return {http.Server} * @api public */ app.listen = function(){ var server = http.createServer(this); return server.listen.apply(server, arguments); }; /** * Invoke a route handle. * * @api private */ function call(handle, route, err, req, res, next) { var arity = handle.length; var hasError = Boolean(err); debug('%s %s : %s', handle.name || '', route, req.originalUrl); try { if (hasError && arity === 4) { // error-handling middleware handle(err, req, res, next); return; } else if (!hasError && arity < 4) { // request-handling middleware handle(req, res, next); return; } } catch (e) { // reset the error err = e; } // continue next(err); } /** * Log error using console.error. * * @param {Error} err * @api public */ function logerror(err){ if (env !== 'test') console.error(err.stack || err.toString()); } connect-3.3.0/package.json000066400000000000000000000022451242032446000154340ustar00rootroot00000000000000{ "name": "connect", "description": "High performance middleware framework", "version": "3.3.0", "author": "TJ Holowaychuk (http://tjholowaychuk.com)", "contributors": [ "Douglas Christopher Wilson ", "Jonathan Ong ", "Tim Caswell " ], "keywords": [ "framework", "web", "middleware", "connect", "rack" ], "repository": "senchalabs/connect", "dependencies": { "debug": "~2.1.0", "finalhandler": "0.3.1", "parseurl": "~1.3.0", "utils-merge": "1.0.0" }, "devDependencies": { "istanbul": "0.3.2", "mocha": "~1.21.4", "should": "~4.0.0", "supertest": "~0.14.0" }, "license": "MIT", "engines": { "node": ">= 0.10.0" }, "scripts": { "test": "mocha --require test/support/env --reporter spec --bail --check-leaks test/", "test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --require test/support/env --reporter dot --check-leaks test/", "test-travis": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --require test/support/env --reporter spec --check-leaks test/" } } connect-3.3.0/test/000077500000000000000000000000001242032446000141225ustar00rootroot00000000000000connect-3.3.0/test/app.listen.js000066400000000000000000000005371242032446000165420ustar00rootroot00000000000000 var connect = require('..'); var request = require('supertest'); describe('app.listen()', function(){ it('should wrap in an http.Server', function(done){ var app = connect(); app.use(function(req, res){ res.end(); }); app.listen(0, function(){ request(app) .get('/') .expect(200, done); }); }); }); connect-3.3.0/test/fqdn.js000066400000000000000000000052711242032446000154150ustar00rootroot00000000000000 var assert = require('assert'); var connect = require('..'); var http = require('http'); var request = require('supertest'); describe('app.use()', function(){ var app; beforeEach(function(){ app = connect(); }); it('should not obscure FQDNs', function(done){ app.use(function(req, res){ res.end(req.url); }); rawrequest(app) .get('http://example.com/foo') .expect(200, 'http://example.com/foo', done); }); describe('with a connect app', function(){ it('should ignore FQDN in search', function (done) { app.use('/proxy', function (req, res) { res.end(req.url); }); rawrequest(app) .get('/proxy?url=http://example.com/blog/post/1') .expect(200, '/?url=http://example.com/blog/post/1', done); }); it('should adjust FQDN req.url', function(done){ app.use('/blog', function(req, res){ res.end(req.url); }); rawrequest(app) .get('http://example.com/blog/post/1') .expect(200, 'http://example.com/post/1', done); }); it('should adjust FQDN req.url with multiple handlers', function(done){ app.use(function(req,res,next) { next(); }); app.use('/blog', function(req, res){ res.end(req.url); }); rawrequest(app) .get('http://example.com/blog/post/1') .expect(200, 'http://example.com/post/1', done); }); it('should adjust FQDN req.url with multiple routed handlers', function(done) { app.use('/blog', function(req,res,next) { next(); }); app.use('/blog', function(req, res) { res.end(req.url); }); rawrequest(app) .get('http://example.com/blog/post/1') .expect(200, 'http://example.com/post/1', done); }); }); }); function rawrequest(app) { var _path; var server = http.createServer(app); function expect(status, body, callback) { server.listen(function(){ var addr = this.address(); var hostname = addr.family === 'IPv6' ? '[::1]' : '127.0.0.1'; var port = addr.port; var req = http.get({ host: hostname, path: _path, port: port }); req.on('response', function(res){ var buf = ''; res.setEncoding('utf8'); res.on('data', function(s){ buf += s }); res.on('end', function(){ var err = null; try { assert.equal(res.statusCode, status); assert.equal(buf, body); } catch (e) { err = e; } server.close(); callback(err); }); }); }); } function get(path) { _path = path; return { expect: expect }; } return { get: get }; } connect-3.3.0/test/mounting.js000066400000000000000000000142231242032446000163220ustar00rootroot00000000000000 var connect = require('..'); var http = require('http'); var request = require('supertest'); var should = require('should'); describe('app.use()', function(){ var app; beforeEach(function(){ app = connect(); }); it('should match all paths with "/"', function (done) { app.use('/', function (req, res) { res.end(req.url); }); request(app) .get('/blog') .expect(200, '/blog', done); }); it('should match full path', function (done) { app.use('/blog', function (req, res) { res.end(req.url); }); request(app) .get('/blog') .expect(200, '/', done); }); it('should match left-side of path', function (done) { app.use('/blog', function (req, res) { res.end(req.url); }); request(app) .get('/blog/article/1') .expect(200, '/article/1', done); }); it('should not match shorter path', function (done) { app.use('/blog-o-rama', function (req, res) { res.end(req.url); }); request(app) .get('/blog') .expect(404, done); }); it('should not end match in middle of component', function (done) { app.use('/blog', function (req, res) { res.end(req.url); }); request(app) .get('/blog-o-rama/article/1') .expect(404, done); }); it('should be case insensitive (lower-case route, mixed-case request)', function(done){ var blog = http.createServer(function(req, res){ req.url.should.equal('/'); res.end('blog'); }); app.use('/blog', blog); request(app) .get('/BLog') .expect('blog', done); }); it('should be case insensitive (mixed-case route, lower-case request)', function(done){ var blog = http.createServer(function(req, res){ req.url.should.equal('/'); res.end('blog'); }); app.use('/BLog', blog); request(app) .get('/blog') .expect('blog', done); }); it('should be case insensitive (mixed-case route, mixed-case request)', function(done){ var blog = http.createServer(function(req, res){ req.url.should.equal('/'); res.end('blog'); }); app.use('/BLog', blog); request(app) .get('/blOG') .expect('blog', done); }); it('should ignore fn.arity > 4', function(done){ var invoked = []; app.use(function(req, res, next, _a, _b){ invoked.push(0) next(); }); app.use(function(req, res, next){ invoked.push(1) next(new Error('err')); }); app.use(function(err, req, res, next){ invoked.push(2); res.end(invoked.join(',')); }); request(app) .get('/') .expect(200, '1,2', done); }); describe('with a connect app', function(){ it('should mount', function(done){ var blog = connect(); blog.use(function(req, res){ req.url.should.equal('/'); res.end('blog'); }); app.use('/blog', blog); request(app) .get('/blog') .expect(200, 'blog', done); }); it('should retain req.originalUrl', function(done){ var app = connect(); app.use('/blog', function(req, res){ res.end(req.originalUrl); }); request(app) .get('/blog/post/1') .expect(200, '/blog/post/1', done); }); it('should adjust req.url', function(done){ app.use('/blog', function(req, res){ res.end(req.url); }); request(app) .get('/blog/post/1') .expect(200, '/post/1', done); }); it('should strip trailing slash', function(done){ var blog = connect(); blog.use(function(req, res){ req.url.should.equal('/'); res.end('blog'); }); app.use('/blog/', blog); request(app) .get('/blog') .expect('blog', done); }); it('should set .route', function(){ var blog = connect(); var admin = connect(); app.use('/blog', blog); blog.use('/admin', admin); app.route.should.equal('/'); blog.route.should.equal('/blog'); admin.route.should.equal('/admin'); }); it('should not add trailing slash to req.url', function(done) { app.use('/admin', function(req, res, next) { next(); }); app.use(function(req, res, next) { res.end(req.url); }); request(app) .get('/admin') .expect('/admin', done); }) }) describe('with a node app', function(){ it('should mount', function(done){ var blog = http.createServer(function(req, res){ req.url.should.equal('/'); res.end('blog'); }); app.use('/blog', blog); request(app) .get('/blog') .expect('blog', done); }); }); describe('error handling', function(){ it('should send errors to airty 4 fns', function(done){ app.use(function(req, res, next){ next(new Error('msg')); }) app.use(function(err, req, res, next){ res.end('got error ' + err.message); }); request(app) .get('/') .expect('got error msg', done); }) it('should skip to non-error middleware', function(done){ var invoked = false; app.use(function(req, res, next){ next(new Error('msg')); }) app.use(function(req, res, next){ invoked = true; next(); }); app.use(function(err, req, res, next){ res.end(invoked ? 'invoked' : err.message); }); request(app) .get('/') .expect(200, 'msg', done); }) it('should stack error fns', function(done){ app.use(function(req, res, next){ next(new Error('msg')); }) app.use(function(err, req, res, next){ res.setHeader('X-Error', err.message); next(err); }); app.use(function(err, req, res, next){ res.end('got error ' + err.message); }); request(app) .get('/') .expect('X-Error', 'msg') .expect(200, 'got error msg', done); }) it('should invoke error stack even when headers sent', function(done){ app.use(function(req, res, next){ res.end('0'); next(new Error('msg')); }); app.use(function(err, req, res, next){ done(); }); request(app) .get('/') .end(function(){}); }) }) }); connect-3.3.0/test/server.js000066400000000000000000000110641242032446000157700ustar00rootroot00000000000000 var assert = require('assert'); var connect = require('..'); var http = require('http'); var request = require('supertest'); var should = require('should'); describe('app', function(){ var app; beforeEach(function(){ app = connect(); }); it('should inherit from event emitter', function(done){ app.on('foo', done); app.emit('foo'); }); it('should work as middleware', function(done){ // custom server handler array var handlers = [connect(), function(req, res, next){ res.writeHead(200, {'Content-Type': 'text/plain'}); res.end('Ok'); }]; // execute callbacks in sequence var n = 0; function run(req, res){ if (handlers[n]) { handlers[n++](req, res, function(){ run(req, res); }); } } // create a non-connect server var server = http.createServer(run).listen(5556, function(){ http.get({ host: 'localhost', port: 5556, path: '/' }, function(res){ var buf = ''; res.setEncoding('utf8'); res.on('data', function(s){ buf += s }); res.on('end', function(){ buf.should.eql('Ok'); server.close(); done(); }); }); }); }); it('should escape the 500 response body', function(done){ app.use(function(req, res, next){ next(new Error('error!')); }); request(app) .get('/') .expect(/Error: error!
/) .expect(/
   at/) .expect(500, done); }) describe('404 handler', function(){ it('should escape the 404 response body', function(done){ rawrequest(app) .get('/foo/') .expect(404, 'Cannot GET /foo/<script>stuff</script>\n', done); }); it('shoud not fire after headers sent', function(done){ var app = connect(); app.use(function(req, res, next){ res.write('body'); res.end(); process.nextTick(next); }) request(app) .get('/') .expect(200, done); }) it('shoud have no body for HEAD', function(done){ var app = connect(); request(app) .head('/') .expect(404, '', done); }) }) describe('error handler', function(){ it('should have escaped response body', function(done){ var app = connect(); app.use(function(req, res, next){ throw new Error(''); }) request(app) .get('/') .expect(500, /<script>alert\(\)<\/script>/, done); }) it('should use custom error code', function(done){ var app = connect(); app.use(function(req, res, next){ var err = new Error('ack!'); err.status = 503; throw err; }) request(app) .get('/') .expect(503, done); }) it('should keep error statusCode', function(done){ var app = connect(); app.use(function(req, res, next){ res.statusCode = 503; throw new Error('ack!'); }) request(app) .get('/') .expect(503, done); }) it('shoud not fire after headers sent', function(done){ var app = connect(); app.use(function(req, res, next){ res.write('body'); res.end(); process.nextTick(function() { next(new Error('ack!')); }); }) request(app) .get('/') .expect(200, done); }) it('shoud have no body for HEAD', function(done){ var app = connect(); app.use(function(req, res, next){ throw new Error('ack!'); }); request(app) .head('/') .expect(500, '', done); }); }); }); function rawrequest(app) { var _path; var server = http.createServer(app); function expect(status, body, callback) { server.listen(function(){ var addr = this.address(); var hostname = addr.family === 'IPv6' ? '[::1]' : '127.0.0.1'; var port = addr.port; var req = http.get({ host: hostname, path: _path, port: port }); req.on('response', function(res){ var buf = ''; res.setEncoding('utf8'); res.on('data', function(s){ buf += s }); res.on('end', function(){ var err = null; try { assert.equal(res.statusCode, status); assert.equal(buf, body); } catch (e) { err = e; } server.close(); callback(err); }); }); }); } function get(path) { _path = path; return { expect: expect }; } return { get: get }; } connect-3.3.0/test/support/000077500000000000000000000000001242032446000156365ustar00rootroot00000000000000connect-3.3.0/test/support/env.js000066400000000000000000000000401242032446000167560ustar00rootroot00000000000000 process.env.NODE_ENV = 'test';