pax_global_header00006660000000000000000000000064134676541170014530gustar00rootroot0000000000000052 comment=fa8916e6350e01262e86ccee82f490c65e04c728 connect-3.7.0/000077500000000000000000000000001346765411700131705ustar00rootroot00000000000000connect-3.7.0/.editorconfig000066400000000000000000000002631346765411700156460ustar00rootroot00000000000000# http://editorconfig.org root = true [*] charset = utf-8 insert_final_newline = true trim_trailing_whitespace = true [{*.js,*.json,*.yml}] indent_size = 2 indent_style = space connect-3.7.0/.eslintignore000066400000000000000000000000421346765411700156670ustar00rootroot00000000000000.nyc_output coverage node_modules connect-3.7.0/.eslintrc.yml000066400000000000000000000001541346765411700156140ustar00rootroot00000000000000root: true rules: eol-last: error indent: ["error", 2, { "SwitchCase": 1 }] no-trailing-spaces: error connect-3.7.0/.gitignore000066400000000000000000000001051346765411700151540ustar00rootroot00000000000000.nyc_output/ coverage/ node_modules/ npm-debug.log package-lock.json connect-3.7.0/.travis.yml000066400000000000000000000047641346765411700153140ustar00rootroot00000000000000language: node_js node_js: - "0.10" - "0.12" - "1.8" - "2.5" - "3.3" - "4.9" - "5.12" - "6.17" - "7.10" - "8.16" - "9.11" - "10.15" - "11.15" - "12.2" sudo: false cache: directories: - node_modules before_install: - | # Setup utility functions function node_version_lt () { [[ "$(v "$TRAVIS_NODE_VERSION")" -lt "$(v "${1}")" ]] } function npm_remove_module_re () { node -e ' fs = require("fs"); p = JSON.parse(fs.readFileSync("package.json", "utf8")); r = RegExp(process.argv[1]); for (k in p.devDependencies) { if (r.test(k)) delete p.devDependencies[k]; } fs.writeFileSync("package.json", JSON.stringify(p, null, 2) + "\n"); ' "$@" } function npm_use_module () { node -e ' fs = require("fs"); p = JSON.parse(fs.readFileSync("package.json", "utf8")); p.devDependencies[process.argv[1]] = process.argv[2]; fs.writeFileSync("package.json", JSON.stringify(p, null, 2) + "\n"); ' "$@" } function v () { tr '.' '\n' <<< "${1}" \ | awk '{ printf "%03d", $0 }' \ | sed 's/^0*//' } # Configure npm - | # Skip updating shrinkwrap / lock npm config set shrinkwrap false # Setup Node.js version-specific dependencies - | # Configure eslint for linting if node_version_lt '4.0'; then npm_remove_module_re '^eslint(-|$)' fi - | # Configure mocha for testing if node_version_lt '4.0'; then npm_use_module 'mocha' '3.5.3' elif node_version_lt '6.0'; then npm_use_module 'mocha' '5.2.0' fi - | # Configure nyc for testing if node_version_lt '4.0'; then npm_use_module 'nyc' '10.3.2' elif node_version_lt '6.0'; then npm_use_module 'nyc' '11.9.0' fi - | # Configure supertest for http calls if node_version_lt '4.0'; then npm_use_module 'supertest' '2.0.0' elif node_version_lt '6.0'; then npm_use_module 'supertest' '3.4.2' fi # Update Node.js modules - | # Prune & rebuild node_modules if [[ -d node_modules ]]; then npm prune npm rebuild fi before_scrpt: - | # Contents of node_modules npm -s ls ||: script: - | # Run test script npm run-script test-travis - | # Run linting, depending on eslint install if npm_module_installed 'eslint'; then npm run-script lint fi after_script: - | # Upload coverage to coveralls npm install coveralls@2 nyc report --reporter=text-lcov | coveralls connect-3.7.0/HISTORY.md000066400000000000000000002222731346765411700146630ustar00rootroot000000000000003.7.0 / 2019-05-17 ================== * deps: finalhandler@1.1.2 - Set stricter `Content-Security-Policy` header - Fix 404 output for bad / missing pathnames - deps: encodeurl@~1.0.2 - deps: parseurl@~1.3.3 - deps: statuses@~1.4.0 * deps: parseurl@~1.3.3 * perf: remove substr call from FQDN mapping 3.6.6 / 2018-02-14 ================== * deps: finalhandler@1.1.0 - Use `res.headersSent` when available * perf: remove array read-past-end 3.6.5 / 2017-09-22 ================== * deps: debug@2.6.9 * deps: finalhandler@1.0.6 - deps: debug@2.6.9 3.6.4 / 2017-09-20 ================== * deps: finalhandler@1.0.5 - deps: parseurl@~1.3.2 * deps: parseurl@~1.3.2 - perf: reduce overhead for full URLs - perf: unroll the "fast-path" `RegExp` * deps: utils-merge@1.0.1 3.6.3 / 2017-08-03 ================== * deps: debug@2.6.8 * deps: finalhandler@1.0.4 - deps: debug@2.6.8 3.6.2 / 2017-05-16 ================== * deps: finalhandler@1.0.3 - deps: debug@2.6.7 * deps: debug@2.6.7 - deps: ms@2.0.0 3.6.1 / 2017-04-19 ================== * deps: debug@2.6.3 - Fix `DEBUG_MAX_ARRAY_LENGTH` * deps: finalhandler@1.0.1 - Fix missing `` in HTML document - deps: debug@2.6.3 3.6.0 / 2017-02-17 ================== * deps: debug@2.6.1 - Allow colors in workers - Deprecated `DEBUG_FD` environment variable set to `3` or higher - Fix error when running under React Native - Use same color for same namespace - deps: ms@0.7.2 * deps: finalhandler@1.0.0 - Fix exception when `err` cannot be converted to a string - Fully URL-encode the pathname in the 404 - Only include the pathname in the 404 message - Send complete HTML document - Set `Content-Security-Policy: default-src 'self'` header - deps: debug@2.6.1 3.5.1 / 2017-02-12 ================== * deps: finalhandler@0.5.1 - Fix exception when `err.headers` is not an object - deps: statuses@~1.3.1 - perf: hoist regular expressions - perf: remove duplicate validation path 3.5.0 / 2016-09-09 ================== * deps: finalhandler@0.5.0 - Change invalid or non-numeric status code to 500 - Overwrite status message to match set status code - Prefer `err.statusCode` if `err.status` is invalid - Set response headers from `err.headers` object - Use `statuses` instead of `http` module for status messages 3.4.1 / 2016-01-23 ================== * deps: finalhandler@0.4.1 - deps: escape-html@~1.0.3 * deps: parseurl@~1.3.1 - perf: enable strict mode 3.4.0 / 2015-06-18 ================== * deps: debug@~2.2.0 - deps: ms@0.7.1 * deps: finalhandler@0.4.0 - Fix a false-positive when unpiping in Node.js 0.8 - Support `statusCode` property on `Error` objects - Use `unpipe` module for unpiping requests - deps: debug@~2.2.0 - deps: escape-html@1.0.2 - deps: on-finished@~2.3.0 - perf: enable strict mode - perf: remove argument reassignment * perf: enable strict mode * perf: remove argument reassignments 3.3.5 / 2015-03-16 ================== * deps: debug@~2.1.3 - Fix high intensity foreground color for bold - deps: ms@0.7.0 * deps: finalhandler@0.3.4 - deps: debug@~2.1.3 3.3.4 / 2015-01-07 ================== * deps: debug@~2.1.1 * deps: finalhandler@0.3.3 - deps: debug@~2.1.1 - deps: on-finished@~2.2.0 3.3.3 / 2014-11-09 ================== * Correctly invoke async callback asynchronously 3.3.2 / 2014-10-28 ================== * Fix handling of URLs containing `://` in the path 3.3.1 / 2014-10-22 ================== * deps: finalhandler@0.3.2 - deps: on-finished@~2.1.1 3.3.0 / 2014-10-17 ================== * deps: debug@~2.1.0 - Implement `DEBUG_FD` env variable support * deps: finalhandler@0.3.1 - Terminate in progress response only on error - Use `on-finished` to determine request status - deps: debug@~2.1.0 3.2.0 / 2014-09-08 ================== * deps: debug@~2.0.0 * deps: finalhandler@0.2.0 - Set `X-Content-Type-Options: nosniff` header - deps: debug@~2.0.0 3.1.1 / 2014-08-10 ================== * deps: parseurl@~1.3.0 3.1.0 / 2014-07-22 ================== * deps: debug@1.0.4 * deps: finalhandler@0.1.0 - Respond after request fully read - deps: debug@1.0.4 * deps: parseurl@~1.2.0 - Cache URLs based on original value - Remove no-longer-needed URL mis-parse work-around - Simplify the "fast-path" `RegExp` * perf: reduce executed logic in routing * perf: refactor location of `try` block 3.0.2 / 2014-07-10 ================== * deps: debug@1.0.3 - Add support for multiple wildcards in namespaces * deps: parseurl@~1.1.3 - faster parsing of href-only URLs 3.0.1 / 2014-06-19 ================== * use `finalhandler` for final response handling * deps: debug@1.0.2 3.0.0 / 2014-05-29 ================== * No changes 3.0.0-rc.2 / 2014-05-04 ======================= * Call error stack even when response has been sent * Prevent default 404 handler after response sent * dep: debug@0.8.1 * encode stack in HTML for default error handler * remove `proto` export 3.0.0-rc.1 / 2014-03-06 ======================= * move middleware to separate repos * remove docs * remove node patches * remove connect(middleware...) * remove the old `connect.createServer()` method * remove various private `connect.utils` functions * drop node.js 0.8 support 2.30.2 / 2015-07-31 =================== * deps: body-parser@~1.13.3 - deps: type-is@~1.6.6 * deps: compression@~1.5.2 - deps: accepts@~1.2.12 - deps: compressible@~2.0.5 - deps: vary@~1.0.1 * deps: errorhandler@~1.4.2 - deps: accepts@~1.2.12 * deps: method-override@~2.3.5 - deps: vary@~1.0.1 - perf: enable strict mode * deps: serve-index@~1.7.2 - deps: accepts@~1.2.12 - deps: mime-types@~2.1.4 * deps: type-is@~1.6.6 - deps: mime-types@~2.1.4 * deps: vhost@~3.0.1 - perf: enable strict mode 2.30.1 / 2015-07-05 =================== * deps: body-parser@~1.13.2 - deps: iconv-lite@0.4.11 - deps: qs@4.0.0 - deps: raw-body@~2.1.2 - deps: type-is@~1.6.4 * deps: compression@~1.5.1 - deps: accepts@~1.2.10 - deps: compressible@~2.0.4 * deps: errorhandler@~1.4.1 - deps: accepts@~1.2.10 * deps: qs@4.0.0 - Fix dropping parameters like `hasOwnProperty` - Fix various parsing edge cases * deps: morgan@~1.6.1 - deps: basic-auth@~1.0.3 * deps: pause@0.1.0 - Re-emit events with all original arguments - Refactor internals - perf: enable strict mode * deps: serve-index@~1.7.1 - deps: accepts@~1.2.10 - deps: mime-types@~2.1.2 * deps: type-is@~1.6.4 - deps: mime-types@~2.1.2 - perf: enable strict mode - perf: remove argument reassignment 2.30.0 / 2015-06-18 =================== * deps: body-parser@~1.13.1 - Add `statusCode` property on `Error`s, in addition to `status` - Change `type` default to `application/json` for JSON parser - Change `type` default to `application/x-www-form-urlencoded` for urlencoded parser - Provide static `require` analysis - Use the `http-errors` module to generate errors - deps: bytes@2.1.0 - deps: iconv-lite@0.4.10 - deps: on-finished@~2.3.0 - deps: raw-body@~2.1.1 - deps: type-is@~1.6.3 - perf: enable strict mode - perf: remove argument reassignment - perf: remove delete call * deps: bytes@2.1.0 - Slight optimizations - Units no longer case sensitive when parsing * deps: compression@~1.5.0 - Fix return value from `.end` and `.write` after end - Improve detection of zero-length body without `Content-Length` - deps: accepts@~1.2.9 - deps: bytes@2.1.0 - deps: compressible@~2.0.3 - perf: enable strict mode - perf: remove flush reassignment - perf: simplify threshold detection * deps: cookie@0.1.3 - Slight optimizations * deps: cookie-parser@~1.3.5 - deps: cookie@0.1.3 * deps: csurf@~1.8.3 - Add `sessionKey` option - deps: cookie@0.1.3 - deps: csrf@~3.0.0 * deps: errorhandler@~1.4.0 - Add charset to the `Content-Type` header - Support `statusCode` property on `Error` objects - deps: accepts@~1.2.9 - deps: escape-html@1.0.2 * deps: express-session@~1.11.3 - Support an array in `secret` option for key rotation - deps: cookie@0.1.3 - deps: crc@3.3.0 - deps: debug@~2.2.0 - deps: depd@~1.0.1 - deps: uid-safe@~2.0.0 * deps: finalhandler@0.4.0 - Fix a false-positive when unpiping in Node.js 0.8 - Support `statusCode` property on `Error` objects - Use `unpipe` module for unpiping requests - deps: escape-html@1.0.2 - deps: on-finished@~2.3.0 - perf: enable strict mode - perf: remove argument reassignment * deps: fresh@0.3.0 - Add weak `ETag` matching support * deps: morgan@~1.6.0 - Add `morgan.compile(format)` export - Do not color 1xx status codes in `dev` format - Fix `response-time` token to not include response latency - Fix `status` token incorrectly displaying before response in `dev` format - Fix token return values to be `undefined` or a string - Improve representation of multiple headers in `req` and `res` tokens - Use `res.getHeader` in `res` token - deps: basic-auth@~1.0.2 - deps: on-finished@~2.3.0 - pref: enable strict mode - pref: reduce function closure scopes - pref: remove dynamic compile on every request for `dev` format - pref: remove an argument reassignment - pref: skip function call without `skip` option * deps: serve-favicon@~2.3.0 - Send non-chunked response for `OPTIONS` - deps: etag@~1.7.0 - deps: fresh@0.3.0 - perf: enable strict mode - perf: remove argument reassignment - perf: remove bitwise operations * deps: serve-index@~1.7.0 - Accept `function` value for `template` option - Send non-chunked response for `OPTIONS` - Stat parent directory when necessary - Use `Date.prototype.toLocaleDateString` to format date - deps: accepts@~1.2.9 - deps: escape-html@1.0.2 - deps: mime-types@~2.1.1 - perf: enable strict mode - perf: remove argument reassignment * deps: serve-static@~1.10.0 - Add `fallthrough` option - Fix reading options from options prototype - Improve the default redirect response headers - Malformed URLs now `next()` instead of 400 - deps: escape-html@1.0.2 - deps: send@0.13.0 - perf: enable strict mode - perf: remove argument reassignment * deps: type-is@~1.6.3 - deps: mime-types@~2.1.1 - perf: reduce try block size - perf: remove bitwise operations 2.29.2 / 2015-05-14 =================== * deps: body-parser@~1.12.4 - Slight efficiency improvement when not debugging - deps: debug@~2.2.0 - deps: depd@~1.0.1 - deps: iconv-lite@0.4.8 - deps: on-finished@~2.2.1 - deps: qs@2.4.2 - deps: raw-body@~2.0.1 - deps: type-is@~1.6.2 * deps: compression@~1.4.4 - deps: accepts@~1.2.7 - deps: debug@~2.2.0 * deps: connect-timeout@~1.6.2 - deps: debug@~2.2.0 - deps: ms@0.7.1 * deps: debug@~2.2.0 - deps: ms@0.7.1 * deps: depd@~1.0.1 * deps: errorhandler@~1.3.6 - deps: accepts@~1.2.7 * deps: finalhandler@0.3.6 - deps: debug@~2.2.0 - deps: on-finished@~2.2.1 * deps: method-override@~2.3.3 - deps: debug@~2.2.0 * deps: morgan@~1.5.3 - deps: basic-auth@~1.0.1 - deps: debug@~2.2.0 - deps: depd@~1.0.1 - deps: on-finished@~2.2.1 * deps: qs@2.4.2 - Fix allowing parameters like `constructor` * deps: response-time@~2.3.1 - deps: depd@~1.0.1 * deps: serve-favicon@~2.2.1 - deps: etag@~1.6.0 - deps: ms@0.7.1 * deps: serve-index@~1.6.4 - deps: accepts@~1.2.7 - deps: debug@~2.2.0 - deps: mime-types@~2.0.11 * deps: serve-static@~1.9.3 - deps: send@0.12.3 * deps: type-is@~1.6.2 - deps: mime-types@~2.0.11 2.29.1 / 2015-03-16 =================== * deps: body-parser@~1.12.2 - deps: debug@~2.1.3 - deps: qs@2.4.1 - deps: type-is@~1.6.1 * deps: compression@~1.4.3 - Fix error when code calls `res.end(str, encoding)` - deps: accepts@~1.2.5 - deps: debug@~2.1.3 * deps: connect-timeout@~1.6.1 - deps: debug@~2.1.3 * deps: debug@~2.1.3 - Fix high intensity foreground color for bold - deps: ms@0.7.0 * deps: errorhandler@~1.3.5 - deps: accepts@~1.2.5 * deps: express-session@~1.10.4 - deps: debug@~2.1.3 * deps: finalhandler@0.3.4 - deps: debug@~2.1.3 * deps: method-override@~2.3.2 - deps: debug@~2.1.3 * deps: morgan@~1.5.2 - deps: debug@~2.1.3 * deps: qs@2.4.1 - Fix error when parameter `hasOwnProperty` is present * deps: serve-index@~1.6.3 - Properly escape file names in HTML - deps: accepts@~1.2.5 - deps: debug@~2.1.3 - deps: escape-html@1.0.1 - deps: mime-types@~2.0.10 * deps: serve-static@~1.9.2 - deps: send@0.12.2 * deps: type-is@~1.6.1 - deps: mime-types@~2.0.10 2.29.0 / 2015-02-17 =================== * Use `content-type` to parse `Content-Type` headers * deps: body-parser@~1.12.0 - add `debug` messages - accept a function for the `type` option - make internal `extended: true` depth limit infinity - use `content-type` to parse `Content-Type` headers - deps: iconv-lite@0.4.7 - deps: raw-body@1.3.3 - deps: type-is@~1.6.0 * deps: compression@~1.4.1 - Prefer `gzip` over `deflate` on the server - deps: accepts@~1.2.4 * deps: connect-timeout@~1.6.0 - deps: http-errors@~1.3.1 * deps: cookie-parser@~1.3.4 - deps: cookie-signature@1.0.6 * deps: cookie-signature@1.0.6 * deps: csurf@~1.7.0 - Accept `CSRF-Token` and `XSRF-Token` request headers - Default `cookie.path` to `'/'`, if using cookies - deps: cookie-signature@1.0.6 - deps: csrf@~2.0.6 - deps: http-errors@~1.3.1 * deps: errorhandler@~1.3.4 - deps: accepts@~1.2.4 * deps: express-session@~1.10.3 - deps: cookie-signature@1.0.6 - deps: uid-safe@1.1.0 * deps: http-errors@~1.3.1 - Construct errors using defined constructors from `createError` - Fix error names that are not identifiers - Set a meaningful `name` property on constructed errors * deps: response-time@~2.3.0 - Add function argument to support recording of response time * deps: serve-index@~1.6.2 - deps: accepts@~1.2.4 - deps: http-errors@~1.3.1 - deps: mime-types@~2.0.9 * deps: serve-static@~1.9.1 - deps: send@0.12.1 * deps: type-is@~1.6.0 - fix argument reassignment - fix false-positives in `hasBody` `Transfer-Encoding` check - support wildcard for both type and subtype (`*/*`) - deps: mime-types@~2.0.9 2.28.3 / 2015-01-31 =================== * deps: compression@~1.3.1 - deps: accepts@~1.2.3 - deps: compressible@~2.0.2 * deps: csurf@~1.6.6 - deps: csrf@~2.0.5 * deps: errorhandler@~1.3.3 - deps: accepts@~1.2.3 * deps: express-session@~1.10.2 - deps: uid-safe@1.0.3 * deps: serve-index@~1.6.1 - deps: accepts@~1.2.3 - deps: mime-types@~2.0.8 * deps: type-is@~1.5.6 - deps: mime-types@~2.0.8 2.28.2 / 2015-01-20 =================== * deps: body-parser@~1.10.2 - deps: iconv-lite@0.4.6 - deps: raw-body@1.3.2 * deps: serve-static@~1.8.1 - Fix redirect loop in Node.js 0.11.14 - Fix root path disclosure - deps: send@0.11.1 2.28.1 / 2015-01-08 =================== * deps: csurf@~1.6.5 - deps: csrf@~2.0.4 * deps: express-session@~1.10.1 - deps: uid-safe@~1.0.2 2.28.0 / 2015-01-05 =================== * deps: body-parser@~1.10.1 - Make internal `extended: true` array limit dynamic - deps: on-finished@~2.2.0 - deps: type-is@~1.5.5 * deps: compression@~1.3.0 - Export the default `filter` function for wrapping - deps: accepts@~1.2.2 - deps: debug@~2.1.1 * deps: connect-timeout@~1.5.0 - deps: debug@~2.1.1 - deps: http-errors@~1.2.8 - deps: ms@0.7.0 * deps: csurf@~1.6.4 - deps: csrf@~2.0.3 - deps: http-errors@~1.2.8 * deps: debug@~2.1.1 * deps: errorhandler@~1.3.2 - Add `log` option - Fix heading content to not include stack - deps: accepts@~1.2.2 * deps: express-session@~1.10.0 - Add `store.touch` interface for session stores - Fix `MemoryStore` expiration with `resave: false` - deps: debug@~2.1.1 * deps: finalhandler@0.3.3 - deps: debug@~2.1.1 - deps: on-finished@~2.2.0 * deps: method-override@~2.3.1 - deps: debug@~2.1.1 - deps: methods@~1.1.1 * deps: morgan@~1.5.1 - Add multiple date formats `clf`, `iso`, and `web` - Deprecate `buffer` option - Fix date format in `common` and `combined` formats - Fix token arguments to accept values with `"` - deps: debug@~2.1.1 - deps: on-finished@~2.2.0 * deps: serve-favicon@~2.2.0 - Support query string in the URL - deps: etag@~1.5.1 - deps: ms@0.7.0 * deps: serve-index@~1.6.0 - Add link to root directory - deps: accepts@~1.2.2 - deps: batch@0.5.2 - deps: debug@~2.1.1 - deps: mime-types@~2.0.7 * deps: serve-static@~1.8.0 - Fix potential open redirect when mounted at root - deps: send@0.11.0 * deps: type-is@~1.5.5 - deps: mime-types@~2.0.7 2.27.6 / 2014-12-10 =================== * deps: serve-index@~1.5.3 - deps: accepts@~1.1.4 - deps: http-errors@~1.2.8 - deps: mime-types@~2.0.4 2.27.5 / 2014-12-10 =================== * deps: compression@~1.2.2 - Fix `.end` to only proxy to `.end` - deps: accepts@~1.1.4 * deps: express-session@~1.9.3 - Fix error when `req.sessionID` contains a non-string value * deps: http-errors@~1.2.8 - Fix stack trace from exported function - Remove `arguments.callee` usage * deps: serve-index@~1.5.2 - Fix icon name background alignment on mobile view * deps: type-is@~1.5.4 - deps: mime-types@~2.0.4 2.27.4 / 2014-11-23 =================== * deps: body-parser@~1.9.3 - deps: iconv-lite@0.4.5 - deps: qs@2.3.3 - deps: raw-body@1.3.1 - deps: type-is@~1.5.3 * deps: compression@~1.2.1 - deps: accepts@~1.1.3 * deps: errorhandler@~1.2.3 - deps: accepts@~1.1.3 * deps: express-session@~1.9.2 - deps: crc@3.2.1 * deps: qs@2.3.3 - Fix `arrayLimit` behavior * deps: serve-favicon@~2.1.7 - Avoid errors from enumerables on `Object.prototype` * deps: serve-index@~1.5.1 - deps: accepts@~1.1.3 - deps: mime-types@~2.0.3 * deps: type-is@~1.5.3 - deps: mime-types@~2.0.3 2.27.3 / 2014-11-09 =================== * Correctly invoke async callback asynchronously * deps: csurf@~1.6.3 - bump csrf - bump http-errors 2.27.2 / 2014-10-28 =================== * Fix handling of URLs containing `://` in the path * deps: body-parser@~1.9.2 - deps: qs@2.3.2 * deps: qs@2.3.2 - Fix parsing of mixed objects and values 2.27.1 / 2014-10-22 =================== * deps: body-parser@~1.9.1 - deps: on-finished@~2.1.1 - deps: qs@2.3.0 - deps: type-is@~1.5.2 * deps: express-session@~1.9.1 - Remove unnecessary empty write call * deps: finalhandler@0.3.2 - deps: on-finished@~2.1.1 * deps: morgan@~1.4.1 - deps: on-finished@~2.1.1 * deps: qs@2.3.0 - Fix parsing of mixed implicit and explicit arrays * deps: serve-static@~1.7.1 - deps: send@0.10.1 2.27.0 / 2014-10-16 =================== * Use `http-errors` module for creating errors * Use `utils-merge` module for merging objects * deps: body-parser@~1.9.0 - include the charset in "unsupported charset" error message - include the encoding in "unsupported content encoding" error message - deps: depd@~1.0.0 * deps: compression@~1.2.0 - deps: debug@~2.1.0 * deps: connect-timeout@~1.4.0 - Create errors with `http-errors` - deps: debug@~2.1.0 * deps: debug@~2.1.0 - Implement `DEBUG_FD` env variable support * deps: depd@~1.0.0 * deps: express-session@~1.9.0 - deps: debug@~2.1.0 - deps: depd@~1.0.0 * deps: finalhandler@0.3.1 - Terminate in progress response only on error - Use `on-finished` to determine request status - deps: debug@~2.1.0 * deps: method-override@~2.3.0 - deps: debug@~2.1.0 * deps: morgan@~1.4.0 - Add `debug` messages - deps: depd@~1.0.0 * deps: response-time@~2.2.0 - Add `header` option for custom header name - Add `suffix` option - Change `digits` argument to an `options` argument - deps: depd@~1.0.0 * deps: serve-favicon@~2.1.6 - deps: etag@~1.5.0 * deps: serve-index@~1.5.0 - Add `dir` argument to `filter` function - Add icon for mkv files - Create errors with `http-errors` - Fix incorrect 403 on Windows and Node.js 0.11 - Lookup icon by mime type for greater icon support - Support using tokens multiple times - deps: accepts@~1.1.2 - deps: debug@~2.1.0 - deps: mime-types@~2.0.2 * deps: serve-static@~1.7.0 - deps: send@0.10.0 2.26.6 / 2014-10-15 =================== * deps: compression@~1.1.2 - deps: accepts@~1.1.2 - deps: compressible@~2.0.1 * deps: csurf@~1.6.2 - bump http-errors - fix cookie name when using `cookie: true` * deps: errorhandler@~1.2.2 - deps: accepts@~1.1.2 2.26.5 / 2014-10-08 =================== * Fix accepting non-object arguments to `logger` * deps: serve-static@~1.6.4 - Fix redirect loop when index file serving disabled 2.26.4 / 2014-10-02 =================== * deps: morgan@~1.3.2 - Fix `req.ip` integration when `immediate: false` * deps: type-is@~1.5.2 - deps: mime-types@~2.0.2 2.26.3 / 2014-09-24 =================== * deps: body-parser@~1.8.4 - fix content encoding to be case-insensitive * deps: serve-favicon@~2.1.5 - deps: etag@~1.4.0 * deps: serve-static@~1.6.3 - deps: send@0.9.3 2.26.2 / 2014-09-19 =================== * deps: body-parser@~1.8.3 - deps: qs@2.2.4 * deps: qs@2.2.4 - Fix issue with object keys starting with numbers truncated 2.26.1 / 2014-09-15 =================== * deps: body-parser@~1.8.2 - deps: depd@0.4.5 * deps: depd@0.4.5 * deps: express-session@~1.8.2 - Use `crc` instead of `buffer-crc32` for speed - deps: depd@0.4.5 * deps: morgan@~1.3.1 - Remove un-used `bytes` dependency - deps: depd@0.4.5 * deps: serve-favicon@~2.1.4 - Fix content headers being sent in 304 response - deps: etag@~1.3.1 * deps: serve-static@~1.6.2 - deps: send@0.9.2 2.26.0 / 2014-09-08 =================== * deps: body-parser@~1.8.1 - add `parameterLimit` option to `urlencoded` parser - change `urlencoded` extended array limit to 100 - make empty-body-handling consistent between chunked requests - respond with 415 when over `parameterLimit` in `urlencoded` - deps: media-typer@0.3.0 - deps: qs@2.2.3 - deps: type-is@~1.5.1 * deps: compression@~1.1.0 - deps: accepts@~1.1.0 - deps: compressible@~2.0.0 - deps: debug@~2.0.0 * deps: connect-timeout@~1.3.0 - deps: debug@~2.0.0 * deps: cookie-parser@~1.3.3 - deps: cookie-signature@1.0.5 * deps: cookie-signature@1.0.5 * deps: csurf@~1.6.1 - add `ignoreMethods` option - bump cookie-signature - csrf-tokens -> csrf - set `code` property on CSRF token errors * deps: debug@~2.0.0 * deps: errorhandler@~1.2.0 - Display error using `util.inspect` if no other representation - deps: accepts@~1.1.0 * deps: express-session@~1.8.1 - Do not resave already-saved session at end of request - Prevent session prototype methods from being overwritten - deps: cookie-signature@1.0.5 - deps: debug@~2.0.0 * deps: finalhandler@0.2.0 - Set `X-Content-Type-Options: nosniff` header - deps: debug@~2.0.0 * deps: fresh@0.2.4 * deps: media-typer@0.3.0 - Throw error when parameter format invalid on parse * deps: method-override@~2.2.0 - deps: debug@~2.0.0 * deps: morgan@~1.3.0 - Assert if `format` is not a function or string * deps: qs@2.2.3 - Fix issue where first empty value in array is discarded * deps: serve-favicon@~2.1.3 - Accept string for `maxAge` (converted by `ms`) - Use `etag` to generate `ETag` header - deps: fresh@0.2.4 * deps: serve-index@~1.2.1 - Add `debug` messages - Resolve relative paths at middleware setup - deps: accepts@~1.1.0 * deps: serve-static@~1.6.1 - Add `lastModified` option - deps: send@0.9.1 * deps: type-is@~1.5.1 - fix `hasbody` to be true for `content-length: 0` - deps: media-typer@0.3.0 - deps: mime-types@~2.0.1 * deps: vhost@~3.0.0 2.25.10 / 2014-09-04 ==================== * deps: serve-static@~1.5.4 - deps: send@0.8.5 2.25.9 / 2014-08-29 =================== * deps: body-parser@~1.6.7 - deps: qs@2.2.2 * deps: qs@2.2.2 2.25.8 / 2014-08-27 =================== * deps: body-parser@~1.6.6 - deps: qs@2.2.0 * deps: csurf@~1.4.1 * deps: qs@2.2.0 - Array parsing fix - Performance improvements 2.25.7 / 2014-08-18 =================== * deps: body-parser@~1.6.5 - deps: on-finished@2.1.0 * deps: express-session@~1.7.6 - Fix exception on `res.end(null)` calls * deps: morgan@~1.2.3 - deps: on-finished@2.1.0 * deps: serve-static@~1.5.3 - deps: send@0.8.3 2.25.6 / 2014-08-14 =================== * deps: body-parser@~1.6.4 - deps: qs@1.2.2 * deps: qs@1.2.2 * deps: serve-static@~1.5.2 - deps: send@0.8.2 2.25.5 / 2014-08-11 =================== * Fix backwards compatibility in `logger` 2.25.4 / 2014-08-10 =================== * Fix `query` middleware breaking with argument - It never really took one in the first place * deps: body-parser@~1.6.3 - deps: qs@1.2.1 * deps: compression@~1.0.11 - deps: on-headers@~1.0.0 - deps: parseurl@~1.3.0 * deps: connect-timeout@~1.2.2 - deps: on-headers@~1.0.0 * deps: express-session@~1.7.5 - Fix parsing original URL - deps: on-headers@~1.0.0 - deps: parseurl@~1.3.0 * deps: method-override@~2.1.3 * deps: on-headers@~1.0.0 * deps: parseurl@~1.3.0 * deps: qs@1.2.1 * deps: response-time@~2.0.1 - deps: on-headers@~1.0.0 * deps: serve-index@~1.1.6 - Fix URL parsing * deps: serve-static@~1.5.1 - Fix parsing of weird `req.originalUrl` values - deps: parseurl@~1.3.0 = deps: utils-merge@1.0.0 2.25.3 / 2014-08-07 =================== * deps: multiparty@3.3.2 - Fix potential double-callback 2.25.2 / 2014-08-07 =================== * deps: body-parser@~1.6.2 - deps: qs@1.2.0 * deps: qs@1.2.0 - Fix parsing array of objects 2.25.1 / 2014-08-06 =================== * deps: body-parser@~1.6.1 - deps: qs@1.1.0 * deps: qs@1.1.0 - Accept urlencoded square brackets - Accept empty values in implicit array notation 2.25.0 / 2014-08-05 =================== * deps: body-parser@~1.6.0 - deps: qs@1.0.2 * deps: compression@~1.0.10 - Fix upper-case Content-Type characters prevent compression - deps: compressible@~1.1.1 * deps: csurf@~1.4.0 - Support changing `req.session` after `csurf` middleware - Calling `res.csrfToken()` after `req.session.destroy()` will now work * deps: express-session@~1.7.4 - Fix `res.end` patch to call correct upstream `res.write` - Fix response end delay for non-chunked responses * deps: qs@1.0.2 - Complete rewrite - Limits array length to 20 - Limits object depth to 5 - Limits parameters to 1,000 * deps: serve-static@~1.5.0 - Add `extensions` option - deps: send@0.8.1 2.24.3 / 2014-08-04 =================== * deps: serve-index@~1.1.5 - Fix Content-Length calculation for multi-byte file names - deps: accepts@~1.0.7 * deps: serve-static@~1.4.4 - Fix incorrect 403 on Windows and Node.js 0.11 - deps: send@0.7.4 2.24.2 / 2014-07-27 =================== * deps: body-parser@~1.5.2 * deps: depd@0.4.4 - Work-around v8 generating empty stack traces * deps: express-session@~1.7.2 * deps: morgan@~1.2.2 * deps: serve-static@~1.4.2 2.24.1 / 2014-07-26 =================== * deps: body-parser@~1.5.1 * deps: depd@0.4.3 - Fix exception when global `Error.stackTraceLimit` is too low * deps: express-session@~1.7.1 * deps: morgan@~1.2.1 * deps: serve-index@~1.1.4 * deps: serve-static@~1.4.1 2.24.0 / 2014-07-22 =================== * deps: body-parser@~1.5.0 - deps: depd@0.4.2 - deps: iconv-lite@0.4.4 - deps: raw-body@1.3.0 - deps: type-is@~1.3.2 * deps: compression@~1.0.9 - Add `debug` messages - deps: accepts@~1.0.7 * deps: connect-timeout@~1.2.1 - Accept string for `time` (converted by `ms`) - deps: debug@1.0.4 * deps: debug@1.0.4 * deps: depd@0.4.2 - Add `TRACE_DEPRECATION` environment variable - Remove non-standard grey color from color output - Support `--no-deprecation` argument - Support `--trace-deprecation` argument * deps: express-session@~1.7.0 - Improve session-ending error handling - deps: debug@1.0.4 - deps: depd@0.4.2 * deps: finalhandler@0.1.0 - Respond after request fully read - deps: debug@1.0.4 * deps: method-override@~2.1.2 - deps: debug@1.0.4 - deps: parseurl@~1.2.0 * deps: morgan@~1.2.0 - Add `:remote-user` token - Add `combined` log format - Add `common` log format - Remove non-standard grey color from `dev` format * deps: multiparty@3.3.1 * deps: parseurl@~1.2.0 - Cache URLs based on original value - Remove no-longer-needed URL mis-parse work-around - Simplify the "fast-path" `RegExp` * deps: serve-static@~1.4.0 - Add `dotfiles` option - deps: parseurl@~1.2.0 - deps: send@0.7.0 2.23.0 / 2014-07-10 =================== * deps: debug@1.0.3 - Add support for multiple wildcards in namespaces * deps: express-session@~1.6.4 * deps: method-override@~2.1.0 - add simple debug output - deps: methods@1.1.0 - deps: parseurl@~1.1.3 * deps: parseurl@~1.1.3 - faster parsing of href-only URLs * deps: serve-static@~1.3.1 - deps: parseurl@~1.1.3 2.22.0 / 2014-07-03 =================== * deps: csurf@~1.3.0 - Fix `cookie.signed` option to actually sign cookie * deps: express-session@~1.6.1 - Fix `res.end` patch to return correct value - Fix `res.end` patch to handle multiple `res.end` calls - Reject cookies with missing signatures * deps: multiparty@3.3.0 - Always emit close after all parts ended - Fix callback hang in node.js 0.8 on errors * deps: serve-static@~1.3.0 - Accept string for `maxAge` (converted by `ms`) - Add `setHeaders` option - Include HTML link in redirect response - deps: send@0.5.0 2.21.1 / 2014-06-26 =================== * deps: cookie-parser@1.3.2 - deps: cookie-signature@1.0.4 * deps: cookie-signature@1.0.4 - fix for timing attacks * deps: express-session@~1.5.2 - deps: cookie-signature@1.0.4 * deps: type-is@~1.3.2 - more mime types 2.21.0 / 2014-06-20 =================== * deprecate `connect(middleware)` -- use `app.use(middleware)` instead * deprecate `connect.createServer()` -- use `connect()` instead * fix `res.setHeader()` patch to work with get -> append -> set pattern * deps: compression@~1.0.8 * deps: errorhandler@~1.1.1 * deps: express-session@~1.5.0 - Deprecate integration with `cookie-parser` middleware - Deprecate looking for secret in `req.secret` - Directly read cookies; `cookie-parser` no longer required - Directly set cookies; `res.cookie` no longer required - Generate session IDs with `uid-safe`, faster and even less collisions * deps: serve-index@~1.1.3 2.20.2 / 2014-06-19 =================== * deps: body-parser@1.4.3 - deps: type-is@1.3.1 2.20.1 / 2014-06-19 =================== * deps: type-is@1.3.1 - fix global variable leak 2.20.0 / 2014-06-19 =================== * deprecate `verify` option to `json` -- use `body-parser` npm module instead * deprecate `verify` option to `urlencoded` -- use `body-parser` npm module instead * deprecate things with `depd` module * use `finalhandler` for final response handling * use `media-typer` to parse `content-type` for charset * deps: body-parser@1.4.2 - check accepted charset in content-type (accepts utf-8) - check accepted encoding in content-encoding (accepts identity) - deprecate `urlencoded()` without provided `extended` option - lazy-load urlencoded parsers - support gzip and deflate bodies - set `inflate: false` to turn off - deps: raw-body@1.2.2 - deps: type-is@1.3.0 - Support all encodings from `iconv-lite` * deps: connect-timeout@1.1.1 - deps: debug@1.0.2 * deps: cookie-parser@1.3.1 - export parsing functions - `req.cookies` and `req.signedCookies` are now plain objects - slightly faster parsing of many cookies * deps: csurf@1.2.2 * deps: errorhandler@1.1.0 - Display error on console formatted like `throw` - Escape HTML in stack trace - Escape HTML in title - Fix up edge cases with error sent in response - Set `X-Content-Type-Options: nosniff` header - Use accepts for negotiation * deps: express-session@1.4.0 - Add `genid` option to generate custom session IDs - Add `saveUninitialized` option to control saving uninitialized sessions - Add `unset` option to control unsetting `req.session` - Generate session IDs with `rand-token` by default; reduce collisions - Integrate with express "trust proxy" by default - deps: buffer-crc32@0.2.3 - deps: debug@1.0.2 * deps: multiparty@3.2.9 * deps: serve-index@1.1.2 - deps: batch@0.5.1 * deps: type-is@1.3.0 - improve type parsing * deps: vhost@2.0.0 - Accept `RegExp` object for `hostname` - Provide `req.vhost` object - Support IPv6 literal in `Host` header 2.19.6 / 2014-06-11 =================== * deps: body-parser@1.3.1 - deps: type-is@1.2.1 * deps: compression@1.0.7 - use vary module for better `Vary` behavior - deps: accepts@1.0.3 - deps: compressible@1.1.0 * deps: debug@1.0.2 * deps: serve-index@1.1.1 - deps: accepts@1.0.3 * deps: serve-static@1.2.3 - Do not throw un-catchable error on file open race condition - deps: send@0.4.3 2.19.5 / 2014-06-09 =================== * deps: csurf@1.2.1 - refactor to use csrf-tokens@~1.0.2 * deps: debug@1.0.1 * deps: serve-static@1.2.2 - fix "event emitter leak" warnings - deps: send@0.4.2 * deps: type-is@1.2.1 - Switch dependency from `mime` to `mime-types@1.0.0` 2.19.4 / 2014-06-05 =================== * deps: errorhandler@1.0.2 - Pass on errors from reading error files * deps: method-override@2.0.2 - use vary module for better `Vary` behavior * deps: serve-favicon@2.0.1 - Reduce byte size of `ETag` header 2.19.3 / 2014-06-03 =================== * deps: compression@1.0.6 - fix listeners for delayed stream creation - fix regression for certain `stream.pipe(res)` situations - fix regression when negotiation fails 2.19.2 / 2014-06-03 =================== * deps: compression@1.0.4 - fix adding `Vary` when value stored as array - fix back-pressure behavior - fix length check for `res.end` 2.19.1 / 2014-06-02 =================== * fix deprecated `utils.escape` 2.19.0 / 2014-06-02 =================== * deprecate `methodOverride()` -- use `method-override` npm module instead * deps: body-parser@1.3.0 - add `extended` option to urlencoded parser * deps: method-override@2.0.1 - set `Vary` header - deps: methods@1.0.1 * deps: multiparty@3.2.8 * deps: response-time@2.0.0 - add `digits` argument - do not override existing `X-Response-Time` header - timer not subject to clock drift - timer resolution down to nanoseconds * deps: serve-static@1.2.1 - send max-age in Cache-Control in correct format - use `escape-html` for escaping - deps: send@0.4.1 2.18.0 / 2014-05-29 =================== * deps: compression@1.0.3 * deps: serve-index@1.1.0 - Fix content negotiation when no `Accept` header - Properly support all HTTP methods - Support vanilla node.js http servers - Treat `ENAMETOOLONG` as code 414 - Use accepts for negotiation * deps: serve-static@1.2.0 - Calculate ETag with md5 for reduced collisions - Fix wrong behavior when index file matches directory - Ignore stream errors after request ends - Skip directories in index file search - deps: send@0.4.0 2.17.3 / 2014-05-27 =================== * deps: express-session@1.2.1 - Fix `resave` such that `resave: true` works 2.17.2 / 2014-05-27 =================== * deps: body-parser@1.2.2 - invoke `next(err)` after request fully read - deps: raw-body@1.1.6 * deps: method-override@1.0.2 - Handle `req.body` key referencing array or object - Handle multiple HTTP headers 2.17.1 / 2014-05-21 =================== * fix `res.charset` appending charset when `content-type` has one 2.17.0 / 2014-05-20 =================== * deps: express-session@1.2.0 - Add `resave` option to control saving unmodified sessions * deps: morgan@1.1.1 - "dev" format will use same tokens as other formats - `:response-time` token is now empty when immediate used - `:response-time` token is now monotonic - `:response-time` token has precision to 1 μs - fix `:status` + immediate output in node.js 0.8 - improve `buffer` option to prevent indefinite event loop holding - simplify method to get remote address - deps: bytes@1.0.0 * deps: serve-index@1.0.3 - Fix error from non-statable files in HTML view 2.16.2 / 2014-05-18 =================== * fix edge-case in `res.appendHeader` that would append in wrong order * deps: method-override@1.0.1 2.16.1 / 2014-05-17 =================== * remove usages of `res.headerSent` from core 2.16.0 / 2014-05-17 =================== * deprecate `res.headerSent` -- use `res.headersSent` * deprecate `res.on("header")` -- use on-headers module instead * fix `connect.version` to reflect the actual version * json: use body-parser - add `type` option - fix repeated limit parsing with every request - improve parser speed * urlencoded: use body-parser - add `type` option - fix repeated limit parsing with every request * dep: bytes@1.0.0 * add negative support * dep: cookie-parser@1.1.0 - deps: cookie@0.1.2 * dep: csurf@1.2.0 - add support for double-submit cookie * dep: express-session@1.1.0 - Add `name` option; replacement for `key` option - Use `setImmediate` in MemoryStore for node.js >= 0.10 2.15.0 / 2014-05-04 =================== * Add simple `res.cookie` support * Add `res.appendHeader` * Call error stack even when response has been sent * Patch `res.headerSent` to return Boolean * Patch `res.headersSent` for node.js 0.8 * Prevent default 404 handler after response sent * dep: compression@1.0.2 * support headers given to `res.writeHead` * deps: bytes@0.3.0 * deps: negotiator@0.4.3 * dep: connect-timeout@1.1.0 * Add `req.timedout` property * Add `respond` option to constructor * Clear timer on socket destroy * deps: debug@0.8.1 * dep: debug@^0.8.0 * add `enable()` method * change from stderr to stdout * dep: errorhandler@1.0.1 * Clean up error CSS * Do not respond after headers sent * dep: express-session@1.0.4 * Remove import of `setImmediate` * Use `res.cookie()` instead of `res.setHeader()` * deps: cookie@0.1.2 * deps: debug@0.8.1 * dep: morgan@1.0.1 * Make buffer unique per morgan instance * deps: bytes@0.3.0 * dep: serve-favicon@2.0.0 * Accept `Buffer` of icon as first argument * Non-GET and HEAD requests are denied * Send valid max-age value * Support conditional requests * Support max-age=0 * Support OPTIONS method * Throw if `path` argument is directory * dep: serve-index@1.0.2 * Add stylesheet option * deps: negotiator@0.4.3 2.14.5 / 2014-04-24 =================== * dep: raw-body@1.1.4 * allow true as an option * deps: bytes@0.3.0 * dep: serve-static@1.1.0 * Accept options directly to `send` module * deps: send@0.3.0 2.14.4 / 2014-04-07 =================== * dep: bytes@0.3.0 * added terabyte support * dep: csurf@1.1.0 * add constant-time string compare * dep: serve-static@1.0.4 * Resolve relative paths at middleware setup * Use parseurl to parse the URL from request * fix node.js 0.8 compatibility with memory session 2.14.3 / 2014-03-18 =================== * dep: static-favicon@1.0.2 * Fixed content of default icon 2.14.2 / 2014-03-11 =================== * dep: static-favicon@1.0.1 * Fixed path to default icon 2.14.1 / 2014-03-06 =================== * dep: fresh@0.2.2 * no real changes * dep: serve-index@1.0.1 * deps: negotiator@0.4.2 * dep: serve-static@1.0.2 * deps: send@0.2.0 2.14.0 / 2014-03-05 =================== * basicAuth: use basic-auth-connect * cookieParser: use cookie-parser * compress: use compression * csrf: use csurf * dep: cookie-signature@1.0.3 * directory: use serve-index * errorHandler: use errorhandler * favicon: use static-favicon * logger: use morgan * methodOverride: use method-override * responseTime: use response-time * session: use express-session * static: use serve-static * timeout: use connect-timeout * vhost: use vhost 2.13.1 / 2014-03-05 =================== * cookieSession: compare full value rather than crc32 * deps: raw-body@1.1.3 2.13.0 / 2014-02-14 =================== * fix typo in memory store warning #974 @rvagg * compress: use compressible * directory: add template option #990 @gottaloveit @Earl-Brown * csrf: prevent deprecated warning with old sessions 2.12.0 / 2013-12-10 =================== * bump qs * directory: sort folders before files * directory: add folder icons * directory: de-duplicate icons, details/mobile views #968 @simov * errorHandler: end default 404 handler with a newline #972 @rlidwka * session: remove long cookie expire check #870 @undoZen 2.11.2 / 2013-12-01 =================== * bump raw-body 2.11.1 / 2013-11-27 =================== * bump raw-body * errorHandler: use `res.setHeader()` instead of `res.writeHead()` #949 @lo1tuma 2.11.0 / 2013-10-29 =================== * update bytes * update uid2 * update negotiator * sessions: add rolling session option #944 @ilmeo * sessions: property set cookies when given FQDN * cookieSessions: properly set cookies when given FQDN #948 @bmancini55 * proto: fix FQDN mounting when multiple handlers #945 @bmancini55 2.10.1 / 2013-10-23 =================== * fixed; fixed a bug with static middleware at root and trailing slashes #942 (@dougwilson) 2.10.0 / 2013-10-22 =================== * fixed: set headers written by writeHead before emitting 'header' * fixed: mounted path should ignore querystrings on FQDNs #940 (@dougwilson) * fixed: parsing protocol-relative URLs with @ as pathnames #938 (@dougwilson) * fixed: fix static directory redirect for mount's root #937 (@dougwilson) * fixed: setting set-cookie header when mixing arrays and strings #893 (@anuj123) * bodyParser: optional verify function for urlencoded and json parsers for signing request bodies * compress: compress checks content-length to check threshold * compress: expose `res.flush()` for flushing responses * cookieParser: pass options into node-cookie #803 (@cauldrath) * errorHandler: replace `\n`s with `
`s in error handler 2.9.2 / 2013-10-18 ================== * warn about multiparty and limit middleware deprecation for v3 * fix fully qualified domain name mounting. #920 (@dougwilson) * directory: Fix potential security issue with serving files outside the root. #929 (@dougwilson) * logger: store IP at beginning in case socket prematurely closes #930 (@dougwilson) 2.9.1 / 2013-10-15 ================== * update multiparty * compress: Set vary header only if Content-Type passes filter #904 * directory: Fix directory middleware URI escaping #917 (@dougwilson) * directory: Fix directory seperators for Windows #914 (@dougwilson) * directory: Keep query string intact during directory redirect #913 (@dougwilson) * directory: Fix paths in links #730 (@JacksonTian) * errorHandler: Don't escape text/plain as HTML #875 (@johan) * logger: Write '0' instead of '-' when response time is zero #910 (@dougwilson) * logger: Log even when connections are aborted #760 (@dylanahsmith) * methodOverride: Check req.body is an object #907 (@kbjr) * multipart: Add .type back to file parts for backwards compatibility #912 (@dougwilson) * multipart: Allow passing options to the Multiparty constructor #902 (@niftylettuce) 2.9.0 / 2013-09-07 ================== * multipart: add docs regarding tmpfiles * multipart: add .name back to file parts * multipart: use multiparty instead of formidable 2.8.8 / 2013-09-02 ================== * csrf: change to math.random() salt and remove csrfToken() callback 2.8.7 / 2013-08-28 ================== * csrf: prevent salt generation on every request, and add async req.csrfToken(fn) 2.8.6 / 2013-08-28 ================== * csrf: refactor to use HMAC tokens (BREACH attack) * compress: add compression of SVG and common font files by default. 2.8.5 / 2013-08-11 ================== * add: compress Dart source files by default * update fresh 2.8.4 / 2013-07-08 ================== * update send 2.8.3 / 2013-07-04 ================== * add a name back to static middleware ("staticMiddleware") * fix .hasBody() utility to require transfer-encoding or content-length 2.8.2 / 2013-07-03 ================== * update send * update cookie dep. * add better debug() for middleware * add whitelisting of supported methods to methodOverride() 2.8.1 / 2013-06-27 ================== * fix: escape req.method in 404 response 2.8.0 / 2013-06-26 ================== * add `threshold` option to `compress()` to prevent compression of small responses * add support for vendor JSON mime types in json() * add X-Forwarded-Proto initial https proxy support * change static redirect to 303 * change octal escape sequences for strict mode * change: replace utils.uid() with uid2 lib * remove other "static" function name. Fixes #794 * fix: hasBody() should return false if Content-Length: 0 2.7.11 / 2013-06-02 ================== * update send 2.7.10 / 2013-05-21 ================== * update qs * update formidable * fix: write/end to noop() when request aborted 2.7.9 / 2013-05-07 ================== * update qs * drop support for node < v0.8 2.7.8 / 2013-05-03 ================== * update qs 2.7.7 / 2013-04-29 ================== * update qs dependency * remove "static" function name. Closes #794 * update node-formidable * update buffer-crc32 2.7.6 / 2013-04-15 ================== * revert cookie signature which was creating session race conditions 2.7.5 / 2013-04-12 ================== * update cookie-signature * limit: do not consume request in node 0.10.x 2.7.4 / 2013-04-01 ================== * session: add long expires check and prevent excess set-cookie * session: add console.error() of session#save() errors 2.7.3 / 2013-02-19 ================== * add name to compress middleware * add appending Accept-Encoding to Vary when set but missing * add tests for csrf middleware * add 'next' support for connect() server handler * change utils.uid() to return url-safe chars. Closes #753 * fix treating '.' as a regexp in vhost() * fix duplicate bytes dep in package.json. Closes #743 * fix #733 - parse x-forwarded-proto in a more generally compatibly way * revert "add support for `next(status[, msg])`"; makes composition hard 2.7.2 / 2013-01-04 ================== * add support for `next(status[, msg])` back * add utf-8 meta tag to support foreign characters in filenames/directories * change `timeout()` 408 to 503 * replace 'node-crc' with 'buffer-crc32', fixes licensing * fix directory.html IE support 2.7.1 / 2012-12-05 ================== * add directory() tests * add support for bodyParser to ignore Content-Type if no body is present (jquery primarily does this poorely) * fix errorHandler signature 2.7.0 / 2012-11-13 ================== * add support for leading JSON whitespace * add logging of `req.ip` when present * add basicAuth support for `:`-delimited string * update cookie module. Closes #688 2.6.2 / 2012-11-01 ================== * add `debug()` for disconnected session store * fix session regeneration bug. Closes #681 2.6.1 / 2012-10-25 ================== * add passing of `connect.timeout()` errors to `next()` * replace signature utils with cookie-signature module 2.6.0 / 2012-10-09 ================== * add `defer` option to `multipart()` [Blake Miner] * fix mount path case sensitivity. Closes #663 * fix default of ascii encoding from `logger()`, now utf8. Closes #293 2.5.0 / 2012-09-27 ================== * add `err.status = 400` to multipart() errors * add double-encoding protection to `compress()`. Closes #659 * add graceful handling cookie parsing errors [shtylman] * fix typo X-Response-time to X-Response-Time 2.4.6 / 2012-09-18 ================== * update qs 2.4.5 / 2012-09-03 ================== * add session store "connect" / "disconnect" support [louischatriot] * fix `:url` log token 2.4.4 / 2012-08-21 ================== * fix `static()` pause regression from "send" integration 2.4.3 / 2012-08-07 ================== * fix `.write()` encoding for zlib inconstancy. Closes #561 2.4.2 / 2012-07-25 ================== * remove limit default from `urlencoded()` * remove limit default from `json()` * remove limit default from `multipart()` * fix `cookieSession()` clear cookie path / domain bug. Closes #636 2.4.1 / 2012-07-24 ================== * fix `options` mutation in `static()` 2.4.0 / 2012-07-23 ================== * add `connect.timeout()` * add __GET__ / __HEAD__ check to `directory()`. Closes #634 * add "pause" util dep * update send dep for normalization bug 2.3.9 / 2012-07-16 ================== * add more descriptive invalid json error message * update send dep for root normalization regression * fix staticCache fresh dep 2.3.8 / 2012-07-12 ================== * fix `connect.static()` 404 regression, pass `next()`. Closes #629 2.3.7 / 2012-07-05 ================== * add `json()` utf-8 illustration test. Closes #621 * add "send" dependency * change `connect.static()` internals to use "send" * fix `session()` req.session generation with pathname mismatch * fix `cookieSession()` req.session generation with pathname mismatch * fix mime export. Closes #618 2.3.6 / 2012-07-03 ================== * Fixed cookieSession() with cookieParser() secret regression. Closes #602 * Fixed set-cookie header fields on cookie.path mismatch. Closes #615 2.3.5 / 2012-06-28 ================== * Remove `logger()` mount check * Fixed `staticCache()` dont cache responses with set-cookie. Closes #607 * Fixed `staticCache()` when Cookie is present 2.3.4 / 2012-06-22 ================== * Added `err.buf` to urlencoded() and json() * Update cookie to 0.0.4. Closes #604 * Fixed: only send 304 if original response in 2xx or 304 [timkuijsten] 2.3.3 / 2012-06-11 ================== * Added ETags back to `static()` [timkuijsten] * Replaced `utils.parseRange()` with `range-parser` module * Replaced `utils.parseBytes()` with `bytes` module * Replaced `utils.modified()` with `fresh` module * Fixed `cookieSession()` regression with invalid cookie signing [shtylman] 2.3.2 / 2012-06-08 ================== * expose mime module * Update crc dep (which bundled nodeunit) 2.3.1 / 2012-06-06 ================== * Added `secret` option to `cookieSession` middleware [shtylman] * Added `secret` option to `session` middleware [shtylman] * Added `req.remoteUser` back to `basicAuth()` as alias of `req.user` * Performance: improve signed cookie parsing * Update `cookie` dependency [shtylman] 2.3.0 / 2012-05-20 ================== * Added limit option to `json()` * Added limit option to `urlencoded()` * Added limit option to `multipart()` * Fixed: remove socket error event listener on callback * Fixed __ENOTDIR__ error on `static` middleware 2.2.2 / 2012-05-07 ================== * Added support to csrf middle for pre-flight CORS requests * Updated `engines` to allow newer version of node * Removed duplicate repo prop. Closes #560 2.2.1 / 2012-04-28 ================== * Fixed `static()` redirect when mounted. Closes #554 2.2.0 / 2012-04-25 ================== * Added `make benchmark` * Perf: memoize url parsing (~20% increase) * Fixed `connect(fn, fn2, ...)`. Closes #549 2.1.3 / 2012-04-20 ================== * Added optional json() `reviver` function to be passed to JSON.parse [jed] * Fixed: emit drain in compress middleware [nsabovic] 2.1.2 / 2012-04-11 ================== * Fixed cookieParser() `req.cookies` regression 2.1.1 / 2012-04-11 ================== * Fixed `session()` browser-session length cookies & examples * Fixed: make `query()` "self-aware" [jed] 2.1.0 / 2012-04-05 ================== * Added `debug()` calls to `.use()` (`DEBUG=connect:displatcher`) * Added `urlencoded()` support for GET * Added `json()` support for GET. Closes #497 * Added `strict` option to `json()` * Changed: `session()` only set-cookie when modified * Removed `Session#lastAccess` property. Closes #399 2.0.3 / 2012-03-20 ================== * Added: `cookieSession()` only sets cookie on change. Closes #442 * Added `connect:dispatcher` debug() probes 2.0.2 / 2012-03-04 ================== * Added test for __ENAMETOOLONG__ now that node is fixed * Fixed static() index "/" check on windows. Closes #498 * Fixed Content-Range behaviour to match RFC2616 [matthiasdg / visionmedia] 2.0.1 / 2012-02-29 ================== * Added test coverage for `vhost()` middleware * Changed `cookieParser()` signed cookie support to use SHA-2 [senotrusov] * Fixed `static()` Range: respond with 416 when unsatisfiable * Fixed `vhost()` middleware. Closes #494 2.0.0 / 2011-10-05 ================== * Added `cookieSession()` middleware for cookie-only sessions * Added `compress()` middleware for gzip / deflate support * Added `session()` "proxy" setting to trust `X-Forwarded-Proto` * Added `json()` middleware to parse "application/json" * Added `urlencoded()` middleware to parse "application/x-www-form-urlencoded" * Added `multipart()` middleware to parse "multipart/form-data" * Added `cookieParser(secret)` support so anything using this middleware may access signed cookies * Added signed cookie support to `cookieParser()` * Added support for JSON-serialized cookies to `cookieParser()` * Added `err.status` support in Connect's default end-point * Added X-Cache MISS / HIT to `staticCache()` * Added public `res.headerSent` checking nodes `res._headerSent` until node does * Changed `basicAuth()` req.remoteUser to req.user * Changed: default `session()` to a browser-session cookie. Closes #475 * Changed: no longer lowercase cookie names * Changed `bodyParser()` to use `json()`, `urlencoded()`, and `multipart()` * Changed: `errorHandler()` is now a development-only middleware * Changed middleware to `next()` errors when possible so applications can unify logging / handling * Removed `http[s].Server` inheritance, now just a function, making it easy to have an app providing both http and https * Removed `.createServer()` (use `connect()`) * Removed `secret` option from `session()`, use `cookieParser(secret)` * Removed `connect.session.ignore` array support * Removed `router()` middleware. Closes #262 * Fixed: set-cookie only once for browser-session cookies * Fixed FQDN support. dont add leading "/" * Fixed 404 XSS attack vector. Closes #473 * Fixed __HEAD__ support for 404s and 500s generated by Connect's end-point 1.8.5 / 2011-12-22 ================== * Fixed: actually allow empty body for json 1.8.4 / 2011-12-22 ================== * Changed: allow empty body for json/urlencoded requests. Backport for #443 1.8.3 / 2011-12-16 ================== * Fixed `static()` _index.html_ support on windows 1.8.2 / 2011-12-03 ================== * Fixed potential security issue, store files in req.files. Closes #431 [reported by dobesv] 1.8.1 / 2011-11-21 ================== * Added nesting support for _multipart/form-data_ [jackyz] 1.8.0 / 2011-11-17 ================== * Added _multipart/form-data_ support to `bodyParser()` using formidable 1.7.3 / 2011-11-11 ================== * Fixed `req.body`, always default to {} * Fixed HEAD support for 404s and 500s 1.7.2 / 2011-10-24 ================== * "node": ">= 0.4.1 < 0.7.0" * Added `static()` redirect option. Closes #398 * Changed `limit()`: respond with 413 when content-length exceeds the limit * Removed socket error listener in static(). Closes #389 * Fixed `staticCache()` Age header field * Fixed race condition causing errors reported in #329. 1.7.1 / 2011-09-12 ================== * Added: make `Store` inherit from `EventEmitter` * Added session `Store#load(sess, fn)` to fetch a `Session` instance * Added backpressure support to `staticCache()` * Changed `res.socket.destroy()` to `req.socket.destroy()` 1.7.0 / 2011-08-31 ================== * Added `staticCache()` middleware, a memory cache for `static()` * Added public `res.headerSent` checking nodes `res._headerSent` (remove when node adds this) * Changed: ignore error handling middleware when header is sent * Changed: dispatcher errors after header is sent destroy the sock 1.6.4 / 2011-08-26 ================== * Revert "Added double-next reporting" 1.6.3 / 2011-08-26 ================== * Added double-`next()` reporting * Added `immediate` option to `logger()`. Closes #321 * Dependency `qs >= 0.3.1` 1.6.2 / 2011-08-11 ================== * Fixed `connect.static()` null byte vulnerability * Fixed `connect.directory()` null byte vulnerability * Changed: 301 redirect in `static()` to postfix "/" on directory. Closes #289 1.6.1 / 2011-08-03 ================== * Added: allow retval `== null` from logger callback to ignore line * Added `getOnly` option to `connect.static.send()` * Added response "header" event allowing augmentation * Added `X-CSRF-Token` header field check * Changed dep `qs >= 0.3.0` * Changed: persist csrf token. Closes #322 * Changed: sort directory middleware files alphabetically 1.6.0 / 2011-07-10 ================== * Added :response-time to "dev" logger format * Added simple `csrf()` middleware. Closes #315 * Fixed `res._headers` logger regression. Closes #318 * Removed support for multiple middleware being passed to `.use()` 1.5.2 / 2011-07-06 ================== * Added `filter` function option to `directory()` [David Rio Deiros] * Changed: re-write of the `logger()` middleware, with extensible tokens and formats * Changed: `static.send()` ".." in path without root considered malicious * Fixed quotes in docs. Closes #312 * Fixed urls when mounting `directory()`, use `originalUrl` [Daniel Dickison] 1.5.1 / 2011-06-20 ================== * Added malicious path check to `directory()` middleware * Added `utils.forbidden(res)` * Added `connect.query()` middleware 1.5.0 / 2011-06-20 ================== * Added `connect.directory()` middleware for serving directory listings 1.4.6 / 2011-06-18 ================== * Fixed `connect.static()` root with `..` * Fixed `connect.static()` __EBADF__ 1.4.5 / 2011-06-17 ================== * Fixed EBADF in `connect.static()`. Closes #297 1.4.4 / 2011-06-16 ================== * Changed `connect.static()` to check resolved dirname. Closes #294 1.4.3 / 2011-06-06 ================== * Fixed fd leak in `connect.static()` when the socket is closed * Fixed; `bodyParser()` ignoring __GET/HEAD__. Closes #285 1.4.2 / 2011-05-27 ================== * Changed to `devDependencies` * Fixed stream creation on `static()` __HEAD__ request. [Andreas Lind Petersen] * Fixed Win32 support for `static()` * Fixed monkey-patch issue. Closes #261 1.4.1 / 2011-05-08 ================== * Added "hidden" option to `static()`. ignores hidden files by default. Closes * Added; expose `connect.static.mime.define()`. Closes #251 * Fixed `errorHandler` middleware for missing stack traces. [aseemk] #274 1.4.0 / 2011-04-25 ================== * Added route-middleware `next('route')` support to jump passed the route itself * Added Content-Length support to `limit()` * Added route-specific middleware support (used to be in express) * Changed; refactored duplicate session logic * Changed; prevent redefining `store.generate` per request * Fixed; `static()` does not set Content-Type when explicitly set [nateps] * Fixed escape `errorHandler()` {error} contents * NOTE: `router` will be removed in 2.0 1.3.0 / 2011-04-06 ================== * Added `router.remove(path[, method])` to remove a route 1.2.3 / 2011-04-05 ================== * Fixed basicAuth realm issue when passing strings. Closes #253 1.2.2 / 2011-04-05 ================== * Added `basicAuth(username, password)` support * Added `errorHandler.title` defaulting to "Connect" * Changed `errorHandler` css 1.2.1 / 2011-03-30 ================== * Fixed `logger()` https `remoteAddress` logging [Alexander Simmerl] 1.2.0 / 2011-03-30 ================== * Added `router.lookup(path[, method])` * Added `router.match(url[, method])` * Added basicAuth async support. Closes #223 1.1.5 / 2011-03-27 ================== * Added; allow `logger()` callback function to return an empty string to ignore logging * Fixed; utilizing `mime.charsets.lookup()` for `static()`. Closes 245 1.1.4 / 2011-03-23 ================== * Added `logger()` support for format function * Fixed `logger()` to support mess of writeHead()/progressive api for node 0.4.x 1.1.3 / 2011-03-21 ================== * Changed; `limit()` now calls `req.destroy()` 1.1.2 / 2011-03-21 ================== * Added request "limit" event to `limit()` middleware * Changed; `limit()` middleware will `next(err)` on failure 1.1.1 / 2011-03-18 ================== * Fixed session middleware for HTTPS. Closes #241 [reported by mt502] 1.1.0 / 2011-03-17 ================== * Added `Session#reload(fn)` 1.0.6 / 2011-03-09 ================== * Fixed `res.setHeader()` patch, preserve casing 1.0.5 / 2011-03-09 ================== * Fixed; `logger()` using `req.originalUrl` instead of `req.url` 1.0.4 / 2011-03-09 ================== * Added `res.charset` * Added conditional sessions example * Added support for `session.ignore` to be replaced. Closes #227 * Fixed `Cache-Control` delimiters. Closes #228 1.0.3 / 2011-03-03 ================== * Fixed; `static.send()` invokes callback with connection error 1.0.2 / 2011-03-02 ================== * Fixed exported connect function * Fixed package.json; node ">= 0.4.1 < 0.5.0" 1.0.1 / 2011-03-02 ================== * Added `Session#save(fn)`. Closes #213 * Added callback support to `connect.static.send()` for express * Added `connect.static.send()` "path" option * Fixed content-type in `static()` for _index.html_ 1.0.0 / 2011-03-01 ================== * Added `stack`, `message`, and `dump` errorHandler option aliases * Added `req.originalMethod` to methodOverride * Added `favicon()` maxAge option support * Added `connect()` alternative to `connect.createServer()` * Added new [documentation](http://senchalabs.github.com/connect) * Added Range support to `static()` * Added HTTPS support * Rewrote session middleware. The session API now allows for session-specific cookies, so you may alter each individually. Click to view the new [session api](http://senchalabs.github.com/connect/middleware-session.html). * Added middleware self-awareness. This helps prevent middleware breakage when used within mounted servers. For example `cookieParser()` will not parse cookies more than once even when within a mounted server. * Added new examples in the `./examples` directory * Added [limit()](http://senchalabs.github.com/connect/middleware-limit.html) middleware * Added [profiler()](http://senchalabs.github.com/connect/middleware-profiler.html) middleware * Added [responseTime()](http://senchalabs.github.com/connect/middleware-responseTime.html) middleware * Renamed `staticProvider` to `static` * Renamed `bodyDecoder` to `bodyParser` * Renamed `cookieDecoder` to `cookieParser` * Fixed ETag quotes. [reported by papandreou] * Fixed If-None-Match comma-delimited ETag support. [reported by papandreou] * Fixed; only set req.originalUrl once. Closes #124 * Fixed symlink support for `static()`. Closes #123 0.5.10 / 2011-02-14 ================== * Fixed SID space issue. Closes #196 * Fixed; proxy `res.end()` to commit session data * Fixed directory traversal attack in `staticProvider`. Closes #198 0.5.9 / 2011-02-09 ================== * qs >= 0.0.4 0.5.8 / 2011-02-04 ================== * Added `qs` dependency * Fixed router race-condition causing possible failure when `next()`ing to one or more routes with parallel requests 0.5.7 / 2011-02-01 ================== * Added `onvhost()` call so Express (and others) can know when they are * Revert "Added stylus support" (use the middleware which ships with stylus) * Removed custom `Server#listen()` to allow regular `http.Server#listen()` args to work properly * Fixed long standing router issue (#83) that causes '.' to be disallowed within named placeholders in routes [Andreas Lind Petersen] * Fixed `utils.uid()` length error [Jxck] mounted 0.5.6 / 2011-01-23 ================== * Added stylus support to `compiler` * _favicon.js_ cleanup * _compiler.js_ cleanup * _bodyDecoder.js_ cleanup 0.5.5 / 2011-01-13 ================== * Changed; using sha256 HMAC instead of md5. [Paul Querna] * Changed; generated a longer random UID, without time influence. [Paul Querna] * Fixed; session middleware throws when secret is not present. [Paul Querna] 0.5.4 / 2011-01-07 ================== * Added; throw when router path or callback is missing * Fixed; `next(err)` on cookie parse exception instead of ignoring * Revert "Added utils.pathname(), memoized url.parse(str).pathname" 0.5.3 / 2011-01-05 ================== * Added _docs/api.html_ * Added `utils.pathname()`, memoized url.parse(str).pathname * Fixed `session.id` issue. Closes #183 * Changed; Defaulting `staticProvider` maxAge to 0 not 1 year. Closes #179 * Removed bad outdated docs, we need something new / automated eventually 0.5.2 / 2010-12-28 ================== * Added default __OPTIONS__ support to _router_ middleware 0.5.1 / 2010-12-28 ================== * Added `req.session.id` mirroring `req.sessionID` * Refactored router, exposing `connect.router.methods` * Exclude non-lib files from npm * Removed imposed headers `X-Powered-By`, `Server`, etc 0.5.0 / 2010-12-06 ================== * Added _./index.js_ * Added route segment precondition support and example * Added named capture group support to router 0.4.0 / 2010-11-29 ================== * Added `basicAuth` middleware * Added more HTTP methods to the `router` middleware 0.3.0 / 2010-07-21 ================== * Added _staticGzip_ middleware * Added `connect.utils` to expose utils * Added `connect.session.Session` * Added `connect.session.Store` * Added `connect.session.MemoryStore` * Added `connect.middleware` to expose the middleware getters * Added `buffer` option to _logger_ for performance increase * Added _favicon_ middleware for serving your own favicon or the connect default * Added option support to _staticProvider_, can now pass _root_ and _lifetime_. * Added; mounted `Server` instances now have the `route` property exposed for reflection * Added support for callback as first arg to `Server#use()` * Added support for `next(true)` in _router_ to bypass match attempts * Added `Server#listen()` _host_ support * Added `Server#route` when `Server#use()` is called with a route on a `Server` instance * Added _methodOverride_ X-HTTP-Method-Override support * Refactored session internals, adds _secret_ option * Renamed `lifetime` option to `maxAge` in _staticProvider_ * Removed connect(1), it is now [spark(1)](http://github.com/senchalabs/spark) * Removed connect(1) dependency on examples, they can all now run with node(1) * Remove a typo that was leaking a global. * Removed `Object.prototype` forEach() and map() methods * Removed a few utils not used * Removed `connect.createApp()` * Removed `res.simpleBody()` * Removed _format_ middleware * Removed _flash_ middleware * Removed _redirect_ middleware * Removed _jsonrpc_ middleware, use [visionmedia/connect-jsonrpc](http://github.com/visionmedia/connect-jsonrpc) * Removed _pubsub_ middleware * Removed need for `params.{captures,splat}` in _router_ middleware, `params` is an array * Changed; _compiler_ no longer 404s * Changed; _router_ signature now matches connect middleware signature * Fixed a require in _session_ for default `MemoryStore` * Fixed nasty request body bug in _router_. Closes #54 * Fixed _less_ support in _compiler_ * Fixed bug preventing proper bubbling of exceptions in mounted servers * Fixed bug in `Server#use()` preventing `Server` instances as the first arg * Fixed **ENOENT** special case, is now treated as any other exception * Fixed spark env support 0.2.1 / 2010-07-09 ================== * Added support for _router_ `next()` to continue calling matched routes * Added mime type for _cache.manifest_ files. * Changed _compiler_ middleware to use async require * Changed session api, stores now only require `#get()`, and `#set()` * Fixed _cacheManifest_ by adding `utils.find()` back 0.2.0 / 2010-07-01 ================== * Added calls to `Session()` casts the given object as a `Session` instance * Added passing of `next()` to _router_ callbacks. Closes #46 * Changed; `MemoryStore#destroy()` removes `req.session` * Changed `res.redirect("back")` to default to "/" when Referr?er is not present * Fixed _staticProvider_ urlencoded paths issue. Closes #47 * Fixed _staticProvider_ middleware responding to **GET** requests * Fixed _jsonrpc_ middleware `Accept` header check. Closes #43 * Fixed _logger_ format option * Fixed typo in _compiler_ middleware preventing the _dest_ option from working 0.1.0 / 2010-06-25 ================== * Revamped the api, view the [Connect documentation](http://extjs.github.com/Connect/index.html#Middleware-Authoring) for more info (hover on the right for menu) * Added [extended api docs](http://extjs.github.com/Connect/api.html) * Added docs for several more middleware layers * Added `connect.Server#use()` * Added _compiler_ middleware which provides arbitrary static compilation * Added `req.originalUrl` * Removed _blog_ example * Removed _sass_ middleware (use _compiler_) * Removed _less_ middleware (use _compiler_) * Renamed middleware to be camelcase, _body-decoder_ is now _bodyDecoder_ etc. * Fixed `req.url` mutation bug when matching `connect.Server#use()` routes * Fixed `mkdir -p` implementation used in _bin/connect_. Closes #39 * Fixed bug in _bodyDecoder_ throwing exceptions on request empty bodies * `make install` installing lib to $LIB_PREFIX aka $HOME/.node_libraries 0.0.6 / 2010-06-22 ================== * Added _static_ middleware usage example * Added support for regular expressions as paths for _router_ * Added `util.merge()` * Increased performance of _static_ by ~ 200 rps * Renamed the _rest_ middleware to _router_ * Changed _rest_ api to accept a callback function * Removed _router_ middleware * Removed _proto.js_, only `Object#forEach()` remains 0.0.5 / 2010-06-21 ================== * Added Server#use() which contains the Layer normalization logic * Added documentation for several middleware * Added several new examples * Added _less_ middleware * Added _repl_ middleware * Added _vhost_ middleware * Added _flash_ middleware * Added _cookie_ middleware * Added _session_ middleware * Added `utils.htmlEscape()` * Added `utils.base64Decode()` * Added `utils.base64Encode()` * Added `utils.uid()` * Added bin/connect app path and --config path support for .js suffix, although optional. Closes #26 * Moved mime code to `utils.mime`, ex `utils.mime.types`, and `utils.mime.type()` * Renamed req.redirect() to res.redirect(). Closes #29 * Fixed _sass_ 404 on **ENOENT** * Fixed +new Date duplication. Closes #24 0.0.4 / 2010-06-16 ================== * Added workerPidfile() to bin/connect * Added --workers support to bin/connect stop and status commands * Added _redirect_ middleware * Added better --config support to bin/connect. All flags can be utilized * Added auto-detection of _./config.js_ * Added config example * Added `net.Server` support to bin/connect * Writing worker pids relative to `env.pidfile` * s/parseQuery/parse/g * Fixed npm support 0.0.3 / 2010-06-16 ================== * Fixed node dependency in package.json, now _">= 0.1.98-0"_ to support __HEAD__ 0.0.2 / 2010-06-15 ================== * Added `-V, --version` to bin/connect * Added `utils.parseCookie()` * Added `utils.serializeCookie()` * Added `utils.toBoolean()` * Added _sass_ middleware * Added _cookie_ middleware * Added _format_ middleware * Added _lint_ middleware * Added _rest_ middleware * Added _./package.json_ (npm install connect) * Added `handleError()` support * Added `process.connectEnv` * Added custom log format support to _log_ middleware * Added arbitrary env variable support to bin/connect (ext: --logFormat ":method :url") * Added -w, --workers to bin/connect * Added bin/connect support for --user NAME and --group NAME * Fixed url re-writing support 0.0.1 / 2010-06-03 ================== * Initial release connect-3.7.0/LICENSE000066400000000000000000000022451346765411700142000ustar00rootroot00000000000000(The MIT License) Copyright (c) 2010 Sencha Inc. Copyright (c) 2011 LearnBoost Copyright (c) 2011-2014 TJ Holowaychuk Copyright (c) 2015 Douglas Christopher Wilson Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. connect-3.7.0/README.md000066400000000000000000000236351346765411700144600ustar00rootroot00000000000000
connect logo [![NPM Version][npm-version-image]][npm-url] [![NPM Downloads][npm-downloads-image]][npm-url] [![Build Status][travis-image]][travis-url] [![Test Coverage][coveralls-image]][coveralls-url]
Connect is an extensible HTTP server framework for [node](http://nodejs.org) using "plugins" known as _middleware_. ```js var connect = require('connect'); var http = require('http'); var app = connect(); // gzip/deflate outgoing responses var compression = require('compression'); app.use(compression()); // store session state in browser cookie var cookieSession = require('cookie-session'); app.use(cookieSession({ keys: ['secret1', 'secret2'] })); // parse urlencoded request bodies into req.body var bodyParser = require('body-parser'); app.use(bodyParser.urlencoded({extended: false})); // respond to all requests app.use(function(req, res){ res.end('Hello from Connect!\n'); }); //create node.js http server and listen on port http.createServer(app).listen(3000); ``` ## Getting Started Connect is a simple framework to glue together various "middleware" to handle requests. ### Install Connect ```sh $ npm install connect ``` ### Create an app The main component is a Connect "app". This will store all the middleware added and is, itself, a function. ```js var app = connect(); ``` ### Use middleware The core of Connect is "using" middleware. Middleware are added as a "stack" where incoming requests will execute each middleware one-by-one until a middleware does not call `next()` within it. ```js app.use(function middleware1(req, res, next) { // middleware 1 next(); }); app.use(function middleware2(req, res, next) { // middleware 2 next(); }); ``` ### Mount middleware The `.use()` method also takes an optional path string that is matched against the beginning of the incoming request URL. This allows for basic routing. ```js app.use('/foo', function fooMiddleware(req, res, next) { // req.url starts with "/foo" next(); }); app.use('/bar', function barMiddleware(req, res, next) { // req.url starts with "/bar" next(); }); ``` ### Error middleware There are special cases of "error-handling" middleware. There are middleware where the function takes exactly 4 arguments. When a middleware passes an error to `next`, the app will proceed to look for the error middleware that was declared after that middleware and invoke it, skipping any error middleware above that middleware and any non-error middleware below. ```js // regular middleware app.use(function (req, res, next) { // i had an error next(new Error('boom!')); }); // error middleware for errors that occurred in middleware // declared before this app.use(function onerror(err, req, res, next) { // an error occurred! }); ``` ### Create a server from the app The last step is to actually use the Connect app in a server. The `.listen()` method is a convenience to start a HTTP server (and is identical to the `http.Server`'s `listen` method in the version of Node.js you are running). ```js var server = app.listen(port); ``` The app itself is really just a function with three arguments, so it can also be handed to `.createServer()` in Node.js. ```js var server = http.createServer(app); ``` ## Middleware These middleware and libraries are officially supported by the Connect/Express team: - [body-parser](https://www.npmjs.com/package/body-parser) - previous `bodyParser`, `json`, and `urlencoded`. You may also be interested in: - [body](https://www.npmjs.com/package/body) - [co-body](https://www.npmjs.com/package/co-body) - [raw-body](https://www.npmjs.com/package/raw-body) - [compression](https://www.npmjs.com/package/compression) - previously `compress` - [connect-timeout](https://www.npmjs.com/package/connect-timeout) - previously `timeout` - [cookie-parser](https://www.npmjs.com/package/cookie-parser) - previously `cookieParser` - [cookie-session](https://www.npmjs.com/package/cookie-session) - previously `cookieSession` - [csurf](https://www.npmjs.com/package/csurf) - previously `csrf` - [errorhandler](https://www.npmjs.com/package/errorhandler) - previously `error-handler` - [express-session](https://www.npmjs.com/package/express-session) - previously `session` - [method-override](https://www.npmjs.com/package/method-override) - previously `method-override` - [morgan](https://www.npmjs.com/package/morgan) - previously `logger` - [response-time](https://www.npmjs.com/package/response-time) - previously `response-time` - [serve-favicon](https://www.npmjs.com/package/serve-favicon) - previously `favicon` - [serve-index](https://www.npmjs.com/package/serve-index) - previously `directory` - [serve-static](https://www.npmjs.com/package/serve-static) - previously `static` - [vhost](https://www.npmjs.com/package/vhost) - previously `vhost` Most of these are exact ports of their Connect 2.x equivalents. The primary exception is `cookie-session`. Some middleware previously included with Connect are no longer supported by the Connect/Express team, are replaced by an alternative module, or should be superseded by a better module. Use one of these alternatives instead: - `cookieParser` - [cookies](https://www.npmjs.com/package/cookies) and [keygrip](https://www.npmjs.com/package/keygrip) - `limit` - [raw-body](https://www.npmjs.com/package/raw-body) - `multipart` - [connect-multiparty](https://www.npmjs.com/package/connect-multiparty) - [connect-busboy](https://www.npmjs.com/package/connect-busboy) - `query` - [qs](https://www.npmjs.com/package/qs) - `staticCache` - [st](https://www.npmjs.com/package/st) - [connect-static](https://www.npmjs.com/package/connect-static) Checkout [http-framework](https://github.com/Raynos/http-framework/wiki/Modules) for many other compatible middleware! ## API The Connect API is very minimalist, enough to create an app and add a chain of middleware. When the `connect` module is required, a function is returned that will construct a new app when called. ```js // require module var connect = require('connect') // create app var app = connect() ``` ### app(req, res[, next]) The `app` itself is a function. This is just an alias to `app.handle`. ### app.handle(req, res[, out]) Calling the function will run the middleware stack against the given Node.js http request (`req`) and response (`res`) objects. An optional function `out` can be provided that will be called if the request (or error) was not handled by the middleware stack. ### app.listen([...]) Start the app listening for requests. This method will internally create a Node.js HTTP server and call `.listen()` on it. This is an alias to the `server.listen()` method in the version of Node.js running, so consult the Node.js documentation for all the different variations. The most common signature is [`app.listen(port)`](https://nodejs.org/dist/latest-v6.x/docs/api/http.html#http_server_listen_port_hostname_backlog_callback). ### app.use(fn) Use a function on the app, where the function represents a middleware. The function will be invoked for every request in the order that `app.use` is called. The function is called with three arguments: ```js app.use(function (req, res, next) { // req is the Node.js http request object // res is the Node.js http response object // next is a function to call to invoke the next middleware }) ``` In addition to a plan function, the `fn` argument can also be a Node.js HTTP server instance or another Connect app instance. ### app.use(route, fn) Use a function on the app, where the function represents a middleware. The function will be invoked for every request in which the URL (`req.url` property) starts with the given `route` string in the order that `app.use` is called. The function is called with three arguments: ```js app.use('/foo', function (req, res, next) { // req is the Node.js http request object // res is the Node.js http response object // next is a function to call to invoke the next middleware }) ``` In addition to a plan function, the `fn` argument can also be a Node.js HTTP server instance or another Connect app instance. The `route` is always terminated at a path separator (`/`) or a dot (`.`) character. This means the given routes `/foo/` and `/foo` are the same and both will match requests with the URLs `/foo`, `/foo/`, `/foo/bar`, and `/foo.bar`, but not match a request with the URL `/foobar`. The `route` is matched in a case-insensitive manor. In order to make middleware easier to write to be agnostic of the `route`, when the `fn` is invoked, the `req.url` will be altered to remove the `route` part (and the original will be available as `req.originalUrl`). For example, if `fn` is used at the route `/foo`, the request for `/foo/bar` will invoke `fn` with `req.url === '/bar'` and `req.originalUrl === '/foo/bar'`. ## Running Tests ```bash npm install npm test ``` ## People The Connect project would not be the same without all the people involved. The original author of Connect is [TJ Holowaychuk](https://github.com/tj) The current lead maintainer is [Douglas Christopher Wilson](https://github.com/dougwilson) [List of all contributors](https://github.com/senchalabs/connect/graphs/contributors) ## Node Compatibility - Connect `< 1.x` - node `0.2` - Connect `1.x` - node `0.4` - Connect `< 2.8` - node `0.6` - Connect `>= 2.8 < 3` - node `0.8` - Connect `>= 3` - node `0.10`, `0.12`, `4.x`, `5.x`, `6.x`, `7.x`, `8.x`, `9.x`, `10.x`, `11.x`, `12.x`; io.js `1.x`, `2.x`, `3.x` ## License [MIT](LICENSE) [coveralls-image]: https://badgen.net/coveralls/c/github/senchalabs/connect/master [coveralls-url]: https://coveralls.io/r/senchalabs/connect?branch=master [npm-downloads-image]: https://badgen.net/npm/dm/connect [npm-url]: https://npmjs.org/package/connect [npm-version-image]: https://badgen.net/npm/v/connect [travis-image]: https://badgen.net/travis/senchalabs/connect/master [travis-url]: https://travis-ci.org/senchalabs/connect connect-3.7.0/SECURITY.md000066400000000000000000000033121346765411700147600ustar00rootroot00000000000000# Security Policies and Procedures This document outlines security procedures and general policies for the Connect project. * [Reporting a Bug](#reporting-a-bug) * [Disclosure Policy](#disclosure-policy) * [Comments on this Policy](#comments-on-this-policy) ## Reporting a Bug The Connect team and community take all security bugs in Connect seriously. Thank you for improving the security of Connect. We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions. Report security bugs by emailing the lead maintainer in the README.md file. The lead maintainer will acknowledge your email within 48 hours, and will send a more detailed response within 48 hours indicating the next steps in handling your report. After the initial reply to your report, the security team will endeavor to keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance. Report security bugs in third-party modules to the person or team maintaining the module. You can also report a vulnerability through the [Node Security Project](https://nodesecurity.io/report). ## Disclosure Policy When the security team receives a security bug report, they will assign it to a primary handler. This person will coordinate the fix and release process, involving the following steps: * Confirm the problem and determine the affected versions. * Audit code to find any potential similar problems. * Prepare fixes for all releases still under maintenance. These fixes will be released as fast as possible to npm. ## Comments on this Policy If you have suggestions on how this process could be improved please submit a pull request. connect-3.7.0/index.js000066400000000000000000000136671346765411700146520ustar00rootroot00000000000000/*! * connect * Copyright(c) 2010 Sencha Inc. * Copyright(c) 2011 TJ Holowaychuk * Copyright(c) 2015 Douglas Christopher Wilson * MIT Licensed */ 'use strict'; /** * Module dependencies. * @private */ var debug = require('debug')('connect:dispatcher'); var EventEmitter = require('events').EventEmitter; var finalhandler = require('finalhandler'); var http = require('http'); var merge = require('utils-merge'); var parseUrl = require('parseurl'); /** * Module exports. * @public */ module.exports = createServer; /** * Module variables. * @private */ var env = process.env.NODE_ENV || 'development'; var proto = {}; /* istanbul ignore next */ var defer = typeof setImmediate === 'function' ? setImmediate : function(fn){ process.nextTick(fn.bind.apply(fn, arguments)) } /** * Create a new connect server. * * @return {function} * @public */ function createServer() { function app(req, res, next){ app.handle(req, res, next); } merge(app, proto); merge(app, EventEmitter.prototype); app.route = '/'; app.stack = []; return app; } /** * Utilize the given middleware `handle` to the given `route`, * defaulting to _/_. This "route" is the mount-point for the * middleware, when given a value other than _/_ the middleware * is only effective when that segment is present in the request's * pathname. * * For example if we were to mount a function at _/admin_, it would * be invoked on _/admin_, and _/admin/settings_, however it would * not be invoked for _/_, or _/posts_. * * @param {String|Function|Server} route, callback or server * @param {Function|Server} callback or server * @return {Server} for chaining * @public */ proto.use = function use(route, fn) { var handle = fn; var path = route; // default route to '/' if (typeof route !== 'string') { handle = route; path = '/'; } // wrap sub-apps if (typeof handle.handle === 'function') { var server = handle; server.route = path; handle = function (req, res, next) { server.handle(req, res, next); }; } // wrap vanilla http.Servers if (handle instanceof http.Server) { handle = handle.listeners('request')[0]; } // strip trailing slash if (path[path.length - 1] === '/') { path = path.slice(0, -1); } // add the middleware debug('use %s %s', path || '/', handle.name || 'anonymous'); this.stack.push({ route: path, handle: handle }); return this; }; /** * Handle server requests, punting them down * the middleware stack. * * @private */ proto.handle = function handle(req, res, out) { var index = 0; var protohost = getProtohost(req.url) || ''; var removed = ''; var slashAdded = false; var stack = this.stack; // final function handler var done = out || finalhandler(req, res, { env: env, onerror: logerror }); // store the original URL req.originalUrl = req.originalUrl || req.url; function next(err) { if (slashAdded) { req.url = req.url.substr(1); slashAdded = false; } if (removed.length !== 0) { req.url = protohost + removed + req.url.substr(protohost.length); removed = ''; } // next callback var layer = stack[index++]; // all done if (!layer) { defer(done, err); return; } // route data var path = parseUrl(req).pathname || '/'; var route = layer.route; // skip this layer if the route doesn't match if (path.toLowerCase().substr(0, route.length) !== route.toLowerCase()) { return next(err); } // skip if route match does not border "/", ".", or end var c = path.length > route.length && path[route.length]; if (c && c !== '/' && c !== '.') { return next(err); } // trim off the part of the url that matches the route if (route.length !== 0 && route !== '/') { removed = route; req.url = protohost + req.url.substr(protohost.length + removed.length); // ensure leading slash if (!protohost && req.url[0] !== '/') { req.url = '/' + req.url; slashAdded = true; } } // call the layer handle call(layer.handle, route, err, req, res, next); } next(); }; /** * Listen for connections. * * This method takes the same arguments * as node's `http.Server#listen()`. * * HTTP and HTTPS: * * If you run your application both as HTTP * and HTTPS you may wrap them individually, * since your Connect "server" is really just * a JavaScript `Function`. * * var connect = require('connect') * , http = require('http') * , https = require('https'); * * var app = connect(); * * http.createServer(app).listen(80); * https.createServer(options, app).listen(443); * * @return {http.Server} * @api public */ proto.listen = function listen() { var server = http.createServer(this); return server.listen.apply(server, arguments); }; /** * Invoke a route handle. * @private */ function call(handle, route, err, req, res, next) { var arity = handle.length; var error = err; var hasError = Boolean(err); debug('%s %s : %s', handle.name || '', route, req.originalUrl); try { if (hasError && arity === 4) { // error-handling middleware handle(err, req, res, next); return; } else if (!hasError && arity < 4) { // request-handling middleware handle(req, res, next); return; } } catch (e) { // replace the error error = e; } // continue next(error); } /** * Log error using console.error. * * @param {Error} err * @private */ function logerror(err) { if (env !== 'test') console.error(err.stack || err.toString()); } /** * Get get protocol + host for a URL. * * @param {string} url * @private */ function getProtohost(url) { if (url.length === 0 || url[0] === '/') { return undefined; } var fqdnIndex = url.indexOf('://') return fqdnIndex !== -1 && url.lastIndexOf('?', fqdnIndex) === -1 ? url.substr(0, url.indexOf('/', 3 + fqdnIndex)) : undefined; } connect-3.7.0/logo/000077500000000000000000000000001346765411700141305ustar00rootroot00000000000000connect-3.7.0/logo/horizontal.png000066400000000000000000000314501346765411700170320ustar00rootroot00000000000000PNG  IHDR[T pHYs  tEXtSoftwareAdobe ImageReadyqe<2IDATxMnI^H;>V@U@aS鱩YS hZA;&wS!F+aYY?Ȋȟx##3/ pB G'P>';YJR@?`YrXq<}̽Y)X( Wb]>by7] |#Jw} @0F( c9qzϑ|By mmVO}u9 ['xp0T5)c)x˝ e2) ggܨP~@ma,w˪IO^Y'!^Sdm9E'\  cg\xN S?xk\ d@ ',3)>"rZx6paFܫP^` @ ƲXʩ/AܪP^a @ ǹ۬ϸ՞Oa;IxA*؟ xmN>)NS9a\3rܸdʮܡ8f՘kir) Lx6G=*d&1 c3;KLqg,+Y߻$R9mb2 ["g>c9JJF}qƓ*tQ@ '*3ur՞vN4nY5Ϲ aQ>_^%H@Va0@.EDűb3O6\%Wns5%duTDrBerQlrtZq]?z!K1ͪ1Wo۱ĸm؟ i dg\4V9'1bgY@_l{xi1lاqKc%Sd`ȝd–Hql~aDP1))Yr~"x~ĖF- LWV? dW"(O]~bj>[Ǻ|?ܫ_xS@sJZ( @ (rF oy(w"C-S8yoQ$"&RK wCc֯mgܺPP?wN@ %D4X>KJieiAs**-OCrۂGJh۔"x mZmp"k7qpvb_i7⸺7?~:h?=Zǹ"f?q] H Ǐ*θ6|#Cf_dv˼|伢 ,nB aq, m_S:H+4 IɎ}/x6-i{xA n9+] ^ Ν@13:iRRp5ޕ۲͍i^qn  ;kyKűpVV^ëEkx{ cQ'mVW4N',shr[Lca7,rq,63FG!fkҴpV߽"zYƕKa<@##TMN0y>kg0Q1wRpGp~ ~%֡Cƥ0^_D`r]GYq86oN~!f0 :\e=1z~c]0 ZN.0ns,q0jKU k|6cL&X OÃ8 s8 rs$dAYzl=K g$x)&[ ` KLm&hz[ 3e ZUy d=2DO@  d^3&:"HEsP/7?X vD%XT=Մt߭q]>+nsE}p@P"%|_{T;R*}-Xmxe/˼Ϭ>&?^%AҢg}-f!l_U_|i||WK m&ۚ蕿v5fV?wYw//ӹoW!B7}'?+@F1ɗtj؋_{ƵUl%F:^r_"u?6=іF|zWKD}7qDюm ݸ(u[1E?fL|^\ݩǏ{2d:ƍ RƳy ~鹣#ȇ}ڬAfl^V㡫ɁZ,j<#h|T܆ ݑ׽EuX߮Ng~1ri I^$Җ2w5`1ysF$xA9c~"&;}cq`O`5mVb]/ 0SGU[' "z k҆9d AD#_)WCa5k13~ՅqPrw"l]YSO#B~ w˜?m"LW 2#]IS~P%[k7* NGzJ+~kK4YIxsCM_b;AFc=J6yd5/MTj?F=~Fo/n3vm{`_Ǻtv+o&a gQ_ARTâ'M=ȈOX"haaLd}-؍E 6QuL:T$5ns:*QL~ØYn5N1gӪ!1x* "_Te)%\[ =wCOm:DS";qV#Rˮ. 'oXXߗ{dh#!A(VRjYmUS}gV$kr"$¥k>\CA C zCDETA.@)Kud %|PcI66&ׯU׸l^> rbhXV \#~1SV ㊊1W{̵uh;zVKIr|KgzN/%H_S :\<@]2vu`oBzZbՇSUP򽂥Pumjdܪ(z[/__<˵wHkh{ kBK2Xo\m=p@6 )찃N"5}8INbE: l ǏҾC)(w|*rIrjw5Y"D8fʪW\n#&W69W(cv"uy*BVkbڡ/@/ت">,v6[Hfd%#>Y |53'}\6taj=Gy>{D sdxyp`f'*k0MRW-ߡZH*,4i>DV+qo@"9OTw, (} "PunuNO`X )b߷8v^ʝ0q"%`)va!9M JuĿ1Ie8$К~:FO~rE@߲_)>IIIʧu KDr/-K)ZzMWCuv,+ڣ߯/g5[w :RG5,]û=tvJ]]$Xv.F8MR&/1t)n@m{vX ̳.B3ƱFj08PB;#ɓlʮQ'8t4Xkq&Opϙ~Fuy<=]MЋZbd#g.k0J')}8fq$ݯcUrP[?}{xL܏|>WK "'G}Z{](V+5p.%)|7-2oku,;O .5>ϑZѴ>'}w:A5^wCُĨc cӬw 1XVC.6bM Dz\Rk)>6~JmI*C<_b{[lk5c,>vb1ފ8~&/:<Ϭ${'#J':_K SY)⮢λ IGޫHh?ZhB{cyr, jU+[?-d_șkq%+* G_;iyo;^Y|zJߕDŽdQ}-?^);'9U2]fg])RByQK,H}nk=oqkԁ _+[2|1!uc*Cb_Ȗ4椮&|"R"`\X? ;}ķ$fl쟞ym'4Ȼw˅PY؋+ď;bYرNCmC稟-?,솻 ;~-#sLJv#n5=0iņdT[y%RSɚ/ƾȧ풲8EmCx`a@J򼧮Sv=N+O[ 仹'sڂ})_N>V)L9*a Y@9X+'>7LN,%/}kKT뭕Y%X:'}HMТ02u(r4BrФ1DWz'Z,XA bߧ|wk:f,9rHY1 ,+XHv%D0;Y}}cC67wAJxܔ6xW[o⹂= FO{9, Gl3< bfEq28]cW;%~r:Tԙѽe CT HO,4s; Dlܿ؂9=BV06H]в>9BHXA5V\HK, U) @ޏIY;'DIs1 !9c qeq ڇ8  M)s=a z uBǀ@Qžz8Yc(tO@ok)g:}ƃ=x&Eǟ?@Wg7LNѣlz#Xb"{/0.VUۗŀ&)y1͜cY9f 4f/ f\ȁMg27 j?XAX8 t&s<@ L㹽pc|%,z`」YDt$aZ|y+5@F&N ,n3V~qck>m14,??c1Hww3ĻQ#Rʡ%Gyv3=+aAy8&W'(h=/A6{ Rf܁8 &(N)<p $@_y+Ȁ@LN GQ`F,v?&`N nI? ú$[!u )C.3Ya_@c1D>Ā@m93XT#KfEˉ~'"CLp( 3GP_x5h37̀@ѓo=Ym,̨J_$"LA*UX+I܃ 3ߟ!fX]+mʶmq-^&ù׹,gafl,cʒGi۵e)1luV09~ϹYmXAks"Tz?~ IY쓌-u q\E%_h#SjYϸ\ڛ&Wg=Q>nF)9 `s:- C'&V,%COW)|_3d*abSSchR)+N$[Z[Oֳi|miҮ/n[$Yd;l EN㯏tEY[,;'!3 ƨU?6[_ЕNMp#NϮY?s:94+L`ʡvMPQ 3Xi T^bk2?s>ҵ%-lo-Cuo/#3m/wjm)&0%DN^_&(`?h'z ݋Cz'3.k50[YW}n1ApKU12X^%ԩqEkĵ/1Y;L܈dz+sFZD]$ʟG<{XQ +"F )u?}KrdLN (=]0@3w"y^"y"@^X8ֻ8EY9#&=9!1-HH]ðH@ց984^q,m;e*i e _!1-b^ B$$s@V?oNAYB8+܉CۛIJH |#`1|ϊ€*Lq@,i0!\ra _\6UЀO&FV7xO_7M39|ҠdD7JYvh\j \O_q;22vd15i!pip +kjd^{ڢİ}O _!Ȭ"L\ш cg|׺gEIqA6Ii;\2tϱ6AFA2SH2fJrsU$ǣ{D?޼{OX_ߢCg|N"zIJƍag,iQv0>N" #z{mt_r_Jڊ1k;Y$31^{)xučYXq3~[O]BRfR*kF-iKSA Nmm'⳨m}}ƴѤ[6YD+wi&WfR[QtΓ .- Wmk3uqܭ8HH"{f]Zh<40*mVFRYݯo(Zf `jfw\ض<U|ɩPSV2$W'[ׯi0_Έ+:ƙN'߷kF_C)j JύZ03ds?ɢVW|}O-)d?-'vażr_C<ļ mɩY_B:=o!fF#Ư c#A9a`/ZIE=Y[IB B99s^OV*yH"K2M/VF"&. LT &OT"f:1=_/dLCJfƁ"99KǁŞc@1JH{isĵS]kaX\/ H>*h[#WL\2R 2Q9sRKe_]|Ln$)oسH&AP5!Ȗ"Co,RI< r3c[R9'mXڟ6 Rջ@MLKg{OŮܫ! :!16ڮ}!@|_BcV{>:e_k[=PqENV71tX67O}CWcB#H9ae(xLW@oA}~77 1Ӯ@NP$0.X! >hn+ Ɉ_>]ƙ}ǭ.Mm֔VguN@ )~䀥 㶸Qűckl$?U!`P B9i&imBO( ~*q\sp`xdUnT*y_4pvﵭsBߏ ȭ Lөq;]`b˾ʁg d)Wl]<Gfsm@ {RR~[8]߻*x>[BX5_*nrMhe\k8wٛJpY8s u]@D UYߟ|B٤ 3~>c0'kmBd*{ c8wwlĚV1y8Sa}@V6Pdn dB.spmSg +ɞ D]P&j@ $S/?)˜@ ]$ |.mt]@ ?/3ʧ_mVFZDű 7i ĸ[0Lx1o".IXg|ȇ ۬x{(KY~A.H^ ׄr(5NNH^ ׄr6G=:Z? HɲByV䷅P& Xc @ !s9)a}reS)Hconf՘}@\(f5" m=Sqk3LdB9WLu3nSʩH'_bu}+L4mVEϰƳܫ0^` @ C(g叙ZG3L~ e).\'_9t䋞\۔Ȱ-nSv=JU*xPA^O}r/mJacɲ?YV\ύ3өxІP /+*xC(*cݟ,ʦo(>crBYJU1ǷXQ^c"p)X 9+ yy*ZIENDB`connect-3.7.0/logo/icon.png000066400000000000000000000074641346765411700156010ustar00rootroot00000000000000PNG  IHDROW pHYs  tEXtSoftwareAdobe ImageReadyqe<IDATxMr9FER9'c|U^^R1^:4u&O0nrVV])B&`m~;=]2 R@vz?yN5Ne-YմQDʛ]K]N(d]5m:ﰍ'nVyN\`[_`Ā2lvjgVGt`(l>½wh#y.席.l֍GtmY{!n3 l3{{zf.;o-. lIr4nWW mϺt ۉm鍭t5]t7V鍽=oFW6DŽ-X7螃mH)6O[){G Cgcu Q-lKAɍx/,KJCƛ(!r q,\'q%Utk඄tJʠY/Չw WZj+蜔lW%D.sRrӉ[BMJinu^ia^Bd:G%7Q.!2^b tJnQQ:so3%DBDI 9tx$Ks t% Ş xzIMVd:r]Gzw _]PՑ&t k<-Q6:ɶJf†aC'9 yc_lŃeԚu hM QSKz<:G-#WdA~N֏YOdthnp=G WͼBg8ޗ֯)w 7۠ͽ :;5t/&q؆jrxNm]ʬJnÙ-AKg, Ww[{u?W#q%7'+N76t@\J 7Ku{_~+ \*z瑻ܤ̣g:$QY7syuejuPr CKxOuOd3tT$%7r%Nu߱.:ҥb lJz _grܤmJU^'d$nh`\MgzaWՌQVN)=sl7Z^Ovˡ\:Kպ+~:moEp%Xb'ЩkslY>BoZV&]A.Ia/YbD ׆.-Mcݮ[A'n٩;QP n kKtʙdPIN1I+3 @^Ҁ.בs9*Б}bV't]Kl2CB@!!CIQE*P4xGС--Oe!:8ҾE%g&}8: wС8Mp/rd,PF@W7.;~PEN^GaPwRC' ҡ8mRYCQԺu \IC\ɺ.KC6RW37CV+Itj>$n Pn6b6KfbʙԠiCmϯsnsm& >&$ktM[V5rԶ`7D|6~ɪwNۢʳlW]5Mg?] JhB(|HI5l'&xHuS?~ҩU{pwCiP.SЂx 2{IZnv&q-L(DKhu`g __.Ӿ:("l' N2YFb7l.@{>"NӉ[<}Y%0(5z`=W7; {x퍝.[LI(ݬ,hYCA t!"db:{t([^22w]I"CX6CQul@F]]t[ɹT?:qK4P8ݪuÕ:If%]t놀Ε.݀őL Zt%nC!It$Umt PTɕ %IyupX:OW l݀C!C@pSxs8C@Ii9H\!\JttEZ:!tN ,a ήH22tS+^}y+VMF,d4%a+Iqt/qV8VZ;=,gƑntCa5 Ld~pta%G+7j>>;++p#:}y8l%k%`&Dt+U:Lb‰gwsAn_t\M7$ܸX'*}KuQMWdhhF{i'% @Y?v5YInw2\;iL,l'Mw?=W[%<lLx</h :NneE7$mΏ9.7Et:粓_f'y} mVl =>5M㶙m /-ʯ^z8I0/6&×Bݗw 9J*lΐTi)UA 8Fئkk?2sip6ROrm`~lܥԩ 6ս7hgҵ:DV՜Ej^Y'iL Isu'`qހ :[q۩9S$t]YyK\ɸqf(joD{_[́)ŋZ%7VAnE6菷u4:Rf}T.CrM;3>7.p5;js;py䆀 е:.jf!j݂yAA[u;Rtfе:BF6Rׂxo[Kzӑ@50&{JZ)ձBh9qW65`eaydu漏x xZX)|6(|+t-s툁# Э`^IVr@3X-hl!,ctW`9{x>d#%>7&ꤡ[Y'gB6;v< Э3P}Yݖü;n8.( }Du\,H@|^\ql|\ox̥6е&bYoC:s4lods ] ]=t8C7ewZ6Э>zTЅNǺ @>XB/3˯|TA_U + ..kR]~򦺖r NOTlkAf~uѭV !@]VȄ{oh1`]p%t۟4#gpT%*sZp2y;ypŻ - "܅ ̏ ) Hb`/@Ros8@2-'Sk @b 9؉ S 1l Qz5<Ϗ/1J*X5*kLX]pBζ37p3e@z܎?/v_37([ t¤W37([ ,#vXVU繇~iPx&2ARl|0dkŨWy W9([ 8D 2*b˖/b^ dٌq@!3+ˎ eKTs(qF8p{d89ur([ 8@KOۧ2NGR@|=DG.Ć9̏Spȅ0y2lHYe B3Gwt>D_ElC8xeI`ma?W!tr;9uB&S3n)X`>I'38}˜,!QTF;J o rUggX!`hL-sakJ=!N:Xݐf2p%ӬN'fZ7X8a>ɼ V}A@.*kwzANp x198c5: cOsljje":TsC ל{H~p@! WPe93pƘpp058CZ~OZ2cCrdu p@p|p*NE %  @@88$&eK xd8$$rP5 pW9:#8}/ , p˜;@:2yD Cx x kt{b8{V}|AҁElnV x|N@z00LV#dph}5 U ɺjdxu#dp sp9  Ϫ=oA 2\Ξn<3  8ynjuh˪Z9<^'v 1F\ODeZ5 =U^F*l^m.q<Xg%s,鵩lzvYIs\WT&BXqYMUF|I; uG dfV=ǪG=[-"CJ1}W\3ÅaLEVnF@ w!cͶ>T$ç.⤂T2<^7;wo i= ы4x}5\! N.K;l?hhL Њ{t=R>x>־K[xp}8pR+X n< QoiGD#9`D@[NA$Xbp6~ `꒡ϑ? 6Upg&2]BC0,h{*8/0CP}U`lwp.se'!tZ_w\b`(wIڈ11MK }D;)T[BWU K;xϪM"}x8De>2&u&rˬ: ~#KyՒHldW dD𨟪kF@[2=KпUZɎr.ԔyL>5U>No@ 3ߏ <} ހ"Y]/1gܫTSݞxb {|vōC6A>䰗<oh4@!<2mŕa8,qߐ!sٕ0E\u5 tR_'qYVrܩ݆-e?2rU*Gµy>% i- 83 q:k8 0KFðmR׸v]ѪC L a¤HV!Xۉ&(lB Jr=V#^0(cY\&?29y$IdOym@ 0$!%K mFApW?;^S<, f >l[Q|([v#OA8@"9m&MO !~QVȩEMHXE]% U<j\r3z 80ylj fǟglb]Ka%CO`r\hnP8HG&8@'!/L%3S28p,k*Pp*⹔-| Q4,>!/LeKCBO K'rxX8@_BKe/PHBs([ | Ix},P9HZG&BO +!/LDzRVK)  Bs)[8 |d,[JO;28l yiW(@ !!X[B^H[]rUrˢd8؉x(m @ٹO駰lqhk6  88 8 ?磎_+ ^យ*倥hвf. !n&zƳ,]=KWk WWDlW;3jF{փ ?ilj[h6VwXxu_?8յwV7 PkyS_yL9cjm&ˈyZ}̪rS]e u|jZFhginc2Dh\g_WU+{mc˯|mn;7g̪g]xp흖p=?4<ebELy_10sg*Qfݟ͗|ꇧoFԨОMٱS&!Y$\oSZ]]M5hrcIh:=<6# =_¨6&6ec0 ssH͵HƹϷ9sŻzSמܳG<}V yQ v`ɺ;u[kBVJhJfi\*v;w}S Zg'VyZ5]+;j9t/6k0>b^Sv;ԽEὃg-ECelG13/7! HHPy/lW;=H|ћϵ9n[4#]0V;##a o2o"a{&)$G6$3nw,\`N,gy"i+ +`^Nl~_Iߪ]g$kA TlɑܪMgwfIWjeb_ޮ s!]VI2~I[_vxgob/J\և?t˖.#_e5tu"-‘bRwxq0$p}[MY u+.} vHی`E]57!Vod\޶@tE}. ">o{ыѯȼwPn.؝oAt a]³꩜?t"CaCGeȦϟȭ^T]2 h+XgWF/m6YD߹X;h;M9vl,6m>q8rh. dex o; )R۽1# .^ңdфzx3 zo<Ëρ}~lW;3.lIP/鑋ɘ#ǎ炵Jbێ͍6 c@+(t:`RvA[]wlMQ{K`;QKA|LrV,6U; Eaf~wnm=M<:( \f\l첉=̊RPbFƞ}>DxsL]4<7invю ImzH=ucsЙg984KB4^/7fۦ ! m\Z:?N8l/M,z_v#ȩ8 L퓭]dXzqL+>>yu`.F]iοr`{jK\"KGnpC߶=09A!nhg6Hd8]PΉ{d.0P]lW\. W"|W7m'Өj'͖?h@] i`ǓDxGwR\) ꌛ}8ޕ9}9Bbl84?MZjRWv; 5 UnY]P_$՗"U:ܑ]!>3I!g,CI_/CӮ1֕NQ45$a_eQO (W>_m8Y}6!AAώnfU{BIWA8Jҳ&e-1_ G[ r$TMyh6ܻlי:ؓSOm{ѻM5 YHcw=ޓzDv_{疁nZ&=6ߦ¬wnN50L{~P@B^:Vq^'JutAK`xp!*KٸPp6%BZֽi:tvDb{pk`mm|ޣ^l\O𤓒Wu  ͺ].ZNW{sv[1wokH f.}9|]B}ggNOfWFԉ8A;v՞!xRc}7eR2w2 $~ieX֑$(L NƢ/A=}F,y,Y{e:MewDc}=`=SM0:W+1=?׹}Asy1F=8/}Em"+@{&pmΫ"꺇wޚ$ *f+TN]]q87с>8p^Ӑm2t[8ECh igᛞ;Fw;{La}M}k&U> @_vtq*=V !w*{v2v{ܥ5\U7K.S\2YBf璞<:2(H0n& >d&qE6VǹD68wԢsK  w\e듯 Ed0=|Բsq"C987 g%jkfmq.зŹ99Ј1zIZ}CxÀ\2TxY`AHl7e}QF%zۧHsO u0`zKX%Y.l-dD4tnLf;k,@#JGcbλE`xk_Iz񊡷s]XM?]0r g, Iv}B#8FxԆ+|8lNG#{]G>bXxE}D*]G1r[n_b<Q&rև4GqYg,1tz l3!g[,5oE f%늦]ϠYwcU{+9F6XWx]ds?===9 ".Ë#c<]GH0̳Ћ5=X-EZPim$ ꫥ1u$5%7_vwjEgv{^{𭗶4Ti"TVQ74u.A@o;>aOck֡E{H_QGj>ґڻűlw߈uk8ثxy j;])*ܲKaw ,xF}@՝}`67{ p-}w*Hj3T1[^wa+XyfK&/<4H/:O!UFSpÃ&,`TkÚbSَimwefkAc&# A.IENDB`connect-3.7.0/package.json000066400000000000000000000021651346765411700154620ustar00rootroot00000000000000{ "name": "connect", "description": "High performance middleware framework", "version": "3.7.0", "author": "TJ Holowaychuk (http://tjholowaychuk.com)", "contributors": [ "Douglas Christopher Wilson ", "Jonathan Ong ", "Tim Caswell " ], "keywords": [ "framework", "web", "middleware", "connect", "rack" ], "repository": "senchalabs/connect", "dependencies": { "debug": "2.6.9", "finalhandler": "1.1.2", "parseurl": "~1.3.3", "utils-merge": "1.0.1" }, "devDependencies": { "eslint": "4.19.1", "mocha": "6.1.4", "nyc": "14.1.1", "supertest": "4.0.2" }, "license": "MIT", "files": [ "LICENSE", "HISTORY.md", "README.md", "SECURITY.md", "index.js" ], "engines": { "node": ">= 0.10.0" }, "scripts": { "lint": "eslint .", "test": "mocha --require test/support/env --reporter spec --bail --check-leaks test/", "test-cov": "nyc --reporter=html --reporter=text npm test", "test-travis": "nyc --reporter=text npm test" } } connect-3.7.0/test/000077500000000000000000000000001346765411700141475ustar00rootroot00000000000000connect-3.7.0/test/app.listen.js000066400000000000000000000010111346765411700165530ustar00rootroot00000000000000 var assert = require('assert') var connect = require('..'); var request = require('supertest'); describe('app.listen()', function(){ it('should wrap in an http.Server', function(done){ var app = connect(); app.use(function(req, res){ res.end(); }); var server = app.listen(0, function () { assert.ok(server) request(server) .get('/') .expect(200, function (err) { server.close(function () { done(err) }) }) }); }); }); connect-3.7.0/test/fqdn.js000066400000000000000000000040611346765411700154360ustar00rootroot00000000000000 var assert = require('assert'); var connect = require('..'); var http = require('http'); var rawrequest = require('./support/rawagent') describe('app.use()', function(){ var app; beforeEach(function(){ app = connect(); }); it('should not obscure FQDNs', function(done){ app.use(function(req, res){ res.end(req.url); }); rawrequest(app) .get('http://example.com/foo') .expect(200, 'http://example.com/foo', done) }); describe('with a connect app', function(){ it('should ignore FQDN in search', function (done) { app.use('/proxy', function (req, res) { res.end(req.url); }); rawrequest(app) .get('/proxy?url=http://example.com/blog/post/1') .expect(200, '/?url=http://example.com/blog/post/1', done) }); it('should ignore FQDN in path', function (done) { app.use('/proxy', function (req, res) { res.end(req.url); }); rawrequest(app) .get('/proxy/http://example.com/blog/post/1') .expect(200, '/http://example.com/blog/post/1', done) }); it('should adjust FQDN req.url', function(done){ app.use('/blog', function(req, res){ res.end(req.url); }); rawrequest(app) .get('http://example.com/blog/post/1') .expect(200, 'http://example.com/post/1', done) }); it('should adjust FQDN req.url with multiple handlers', function(done){ app.use(function(req,res,next) { next(); }); app.use('/blog', function(req, res){ res.end(req.url); }); rawrequest(app) .get('http://example.com/blog/post/1') .expect(200, 'http://example.com/post/1', done) }); it('should adjust FQDN req.url with multiple routed handlers', function(done) { app.use('/blog', function(req,res,next) { next(); }); app.use('/blog', function(req, res) { res.end(req.url); }); rawrequest(app) .get('http://example.com/blog/post/1') .expect(200, 'http://example.com/post/1', done) }); }); }); connect-3.7.0/test/mounting.js000066400000000000000000000155551346765411700163600ustar00rootroot00000000000000 var assert = require('assert'); var connect = require('..'); var http = require('http'); var request = require('supertest'); describe('app.use()', function(){ var app; beforeEach(function(){ app = connect(); }); it('should match all paths with "/"', function (done) { app.use('/', function (req, res) { res.end(req.url); }); request(app) .get('/blog') .expect(200, '/blog', done) }); it('should match full path', function (done) { app.use('/blog', function (req, res) { res.end(req.url); }); request(app) .get('/blog') .expect(200, '/', done) }); it('should match left-side of path', function (done) { app.use('/blog', function (req, res) { res.end(req.url); }); request(app) .get('/blog/article/1') .expect(200, '/article/1', done) }); it('should match up to dot', function (done) { app.use('/blog', function (req, res) { res.end(req.url) }) request(app) .get('/blog.json') .expect(200, done) }) it('should not match shorter path', function (done) { app.use('/blog-o-rama', function (req, res) { res.end(req.url); }); request(app) .get('/blog') .expect(404, done) }); it('should not end match in middle of component', function (done) { app.use('/blog', function (req, res) { res.end(req.url); }); request(app) .get('/blog-o-rama/article/1') .expect(404, done) }); it('should be case insensitive (lower-case route, mixed-case request)', function(done){ var blog = http.createServer(function(req, res){ assert.equal(req.url, '/'); res.end('blog'); }); app.use('/blog', blog); request(app) .get('/BLog') .expect('blog', done) }); it('should be case insensitive (mixed-case route, lower-case request)', function(done){ var blog = http.createServer(function(req, res){ assert.equal(req.url, '/'); res.end('blog'); }); app.use('/BLog', blog); request(app) .get('/blog') .expect('blog', done) }); it('should be case insensitive (mixed-case route, mixed-case request)', function(done){ var blog = http.createServer(function(req, res){ assert.equal(req.url, '/'); res.end('blog'); }); app.use('/BLog', blog); request(app) .get('/blOG') .expect('blog', done) }); it('should ignore fn.arity > 4', function(done){ var invoked = []; app.use(function(req, res, next, _a, _b){ invoked.push(0) next(); }); app.use(function(req, res, next){ invoked.push(1) next(new Error('err')); }); app.use(function(err, req, res, next){ invoked.push(2); res.end(invoked.join(',')); }); request(app) .get('/') .expect(200, '1,2', done) }); describe('with a connect app', function(){ it('should mount', function(done){ var blog = connect(); blog.use(function(req, res){ assert.equal(req.url, '/'); res.end('blog'); }); app.use('/blog', blog); request(app) .get('/blog') .expect(200, 'blog', done) }); it('should retain req.originalUrl', function(done){ var app = connect(); app.use('/blog', function(req, res){ res.end(req.originalUrl); }); request(app) .get('/blog/post/1') .expect(200, '/blog/post/1', done) }); it('should adjust req.url', function(done){ app.use('/blog', function(req, res){ res.end(req.url); }); request(app) .get('/blog/post/1') .expect(200, '/post/1', done) }); it('should strip trailing slash', function(done){ var blog = connect(); blog.use(function(req, res){ assert.equal(req.url, '/'); res.end('blog'); }); app.use('/blog/', blog); request(app) .get('/blog') .expect('blog', done) }); it('should set .route', function(){ var blog = connect(); var admin = connect(); app.use('/blog', blog); blog.use('/admin', admin); assert.equal(app.route, '/'); assert.equal(blog.route, '/blog'); assert.equal(admin.route, '/admin'); }); it('should not add trailing slash to req.url', function(done) { app.use('/admin', function(req, res, next) { next(); }); app.use(function(req, res, next) { res.end(req.url); }); request(app) .get('/admin') .expect('/admin', done) }) }) describe('with a node app', function(){ it('should mount', function(done){ var blog = http.createServer(function(req, res){ assert.equal(req.url, '/'); res.end('blog'); }); app.use('/blog', blog); request(app) .get('/blog') .expect('blog', done) }); }); describe('error handling', function(){ it('should send errors to airty 4 fns', function(done){ app.use(function(req, res, next){ next(new Error('msg')); }) app.use(function(err, req, res, next){ res.end('got error ' + err.message); }); request(app) .get('/') .expect('got error msg', done) }) it('should skip to non-error middleware', function(done){ var invoked = false; app.use(function(req, res, next){ next(new Error('msg')); }) app.use(function(req, res, next){ invoked = true; next(); }); app.use(function(err, req, res, next){ res.end(invoked ? 'invoked' : err.message); }); request(app) .get('/') .expect(200, 'msg', done) }) it('should start at error middleware declared after error', function(done){ var invoked = false; app.use(function(err, req, res, next){ res.end('fail: ' + err.message); }); app.use(function(req, res, next){ next(new Error('boom!')); }); app.use(function(err, req, res, next){ res.end('pass: ' + err.message); }); request(app) .get('/') .expect(200, 'pass: boom!', done) }) it('should stack error fns', function(done){ app.use(function(req, res, next){ next(new Error('msg')); }) app.use(function(err, req, res, next){ res.setHeader('X-Error', err.message); next(err); }); app.use(function(err, req, res, next){ res.end('got error ' + err.message); }); request(app) .get('/') .expect('X-Error', 'msg') .expect(200, 'got error msg', done) }) it('should invoke error stack even when headers sent', function(done){ app.use(function(req, res, next){ res.end('0'); next(new Error('msg')); }); app.use(function(err, req, res, next){ done(); }); request(app) .get('/') .end(function () {}) }) }) }); connect-3.7.0/test/server.js000066400000000000000000000120721346765411700160150ustar00rootroot00000000000000 var assert = require('assert'); var connect = require('..'); var http = require('http'); var rawrequest = require('./support/rawagent') var request = require('supertest'); describe('app', function(){ var app; beforeEach(function(){ app = connect(); }); it('should inherit from event emitter', function(done){ app.on('foo', done); app.emit('foo'); }); it('should work in http.createServer', function(done){ var app = connect(); app.use(function (req, res) { res.end('hello, world!'); }); var server = http.createServer(app); request(server) .get('/') .expect(200, 'hello, world!', done) }) it('should be a callable function', function(done){ var app = connect(); app.use(function (req, res) { res.end('hello, world!'); }); function handler(req, res) { res.write('oh, '); app(req, res); } var server = http.createServer(handler); request(server) .get('/') .expect(200, 'oh, hello, world!', done) }) it('should invoke callback if request not handled', function(done){ var app = connect(); app.use('/foo', function (req, res) { res.end('hello, world!'); }); function handler(req, res) { res.write('oh, '); app(req, res, function() { res.end('no!'); }); } var server = http.createServer(handler); request(server) .get('/') .expect(200, 'oh, no!', done) }) it('should invoke callback on error', function(done){ var app = connect(); app.use(function (req, res) { throw new Error('boom!'); }); function handler(req, res) { res.write('oh, '); app(req, res, function(err) { res.end(err.message); }); } var server = http.createServer(handler); request(server) .get('/') .expect(200, 'oh, boom!', done) }) it('should work as middleware', function(done){ // custom server handler array var handlers = [connect(), function(req, res, next){ res.writeHead(200, {'Content-Type': 'text/plain'}); res.end('Ok'); }]; // execute callbacks in sequence var n = 0; function run(req, res){ if (handlers[n]) { handlers[n++](req, res, function(){ run(req, res); }); } } // create a non-connect server var server = http.createServer(run); request(server) .get('/') .expect(200, 'Ok', done) }); it('should escape the 500 response body', function(done){ app.use(function(req, res, next){ next(new Error('error!')); }); request(app) .get('/') .expect(/Error: error!
/) .expect(/
   at/) .expect(500, done) }) describe('404 handler', function(){ it('should escape the 404 response body', function(done){ rawrequest(app) .get('/foo/') .expect(404, />Cannot GET \/foo\/%3Cscript%3Estuff'n%3C\/script%3Ealert()'); }) request(app) .get('/') .expect(500, /<script>alert\(\)<\/script>/, done) }) it('should use custom error code', function(done){ var app = connect(); app.use(function(req, res, next){ var err = new Error('ack!'); err.status = 503; throw err; }) request(app) .get('/') .expect(503, done) }) it('should keep error statusCode', function(done){ var app = connect(); app.use(function(req, res, next){ res.statusCode = 503; throw new Error('ack!'); }) request(app) .get('/') .expect(503, done) }) it('shoud not fire after headers sent', function(done){ var app = connect(); app.use(function(req, res, next){ res.write('body'); res.end(); process.nextTick(function() { next(new Error('ack!')); }); }) request(app) .get('/') .expect(200, done) }) it('shoud have no body for HEAD', function(done){ var app = connect(); app.use(function(req, res, next){ throw new Error('ack!'); }); request(app) .head('/') .expect(500) .expect(shouldHaveNoBody()) .end(done) }); }); }); function shouldHaveNoBody () { return function (res) { assert.ok(res.text === '' || res.text === undefined) } } connect-3.7.0/test/support/000077500000000000000000000000001346765411700156635ustar00rootroot00000000000000connect-3.7.0/test/support/env.js000066400000000000000000000000401346765411700170030ustar00rootroot00000000000000 process.env.NODE_ENV = 'test'; connect-3.7.0/test/support/rawagent.js000066400000000000000000000037011346765411700200320ustar00rootroot00000000000000'use strict' var assert = require('assert') var http = require('http') module.exports = createRawAgent function createRawAgent (app) { return new RawAgent(app) } function RawAgent (app) { this.app = app this._open = 0 this._port = null this._server = null } RawAgent.prototype.get = function get (path) { return new RawRequest(this, 'GET', path) } RawAgent.prototype._close = function _close (cb) { if (--this._open) { return process.nextTick(cb) } this._server.close(cb) } RawAgent.prototype._start = function _start (cb) { this._open++ if (this._port) { return process.nextTick(cb) } if (!this._server) { this._server = http.createServer(this.app).listen() } var agent = this this._server.on('listening', function onListening () { agent._port = this.address().port cb() }) } function RawRequest (agent, method, path) { this.agent = agent this.method = method this.path = path } RawRequest.prototype.expect = function expect (status, body, callback) { var request = this this.agent._start(function onStart () { var req = http.request({ host: '127.0.0.1', method: request.method, path: request.path, port: request.agent._port }) req.on('response', function (res) { var buf = '' res.setEncoding('utf8') res.on('data', function onData (s) { buf += s }) res.on('end', function onEnd () { var err = null try { assert.equal(res.statusCode, status, 'expected ' + status + ' status, got ' + res.statusCode) if (body instanceof RegExp) { assert.ok(body.test(buf), 'expected body ' + buf + ' to match ' + body) } else { assert.equal(buf, body, 'expected ' + body + ' response body, got ' + buf) } } catch (e) { err = e } request.agent._close(function onClose () { callback(err) }) }) }) req.end() }) }