├── .editorconfig
├── .eslintignore
├── .eslintrc.yml
├── .github
└── workflows
│ └── ci.yml
├── .gitignore
├── HISTORY.md
├── LICENSE
├── README.md
├── SECURITY.md
├── index.js
├── logo
├── horizontal.png
├── icon.png
└── vertical.png
├── package.json
└── test
├── app.listen.js
├── fqdn.js
├── mounting.js
├── server.js
└── support
├── env.js
└── rawagent.js
/.editorconfig:
--------------------------------------------------------------------------------
1 | # http://editorconfig.org
2 | root = true
3 |
4 | [*]
5 | charset = utf-8
6 | insert_final_newline = true
7 | trim_trailing_whitespace = true
8 |
9 | [{*.js,*.json,*.yml}]
10 | indent_size = 2
11 | indent_style = space
12 |
--------------------------------------------------------------------------------
/.eslintignore:
--------------------------------------------------------------------------------
1 | .nyc_output
2 | coverage
3 | node_modules
4 |
--------------------------------------------------------------------------------
/.eslintrc.yml:
--------------------------------------------------------------------------------
1 | root: true
2 | rules:
3 | eol-last: error
4 | indent: ["error", 2, { "SwitchCase": 1 }]
5 | no-trailing-spaces: error
6 | no-unused-vars: ["error", { "args": "none" }]
7 |
--------------------------------------------------------------------------------
/.github/workflows/ci.yml:
--------------------------------------------------------------------------------
1 | name: ci
2 |
3 | on:
4 | - pull_request
5 | - push
6 |
7 | jobs:
8 | test:
9 | runs-on: ubuntu-latest
10 | strategy:
11 | matrix:
12 | name:
13 | - Node.js 0.10
14 | - Node.js 0.12
15 | - io.js 1.x
16 | - io.js 2.x
17 | - io.js 3.x
18 | - Node.js 4.x
19 | - Node.js 5.x
20 | - Node.js 6.x
21 | - Node.js 7.x
22 | - Node.js 8.x
23 | - Node.js 9.x
24 | - Node.js 10.x
25 | - Node.js 11.x
26 | - Node.js 12.x
27 | - Node.js 13.x
28 | - Node.js 14.x
29 | - Node.js 15.x
30 | - Node.js 16.x
31 | - Node.js 17.x
32 | - Node.js 18.x
33 | - Node.js 20.x
34 | - Node.js 21.x
35 |
36 | include:
37 | - name: Node.js 0.10
38 | node-version: "0.10"
39 | npm-i: mocha@3.5.3 nyc@10.3.2 supertest@2.0.0
40 |
41 | - name: Node.js 0.12
42 | node-version: "0.12"
43 | npm-i: mocha@3.5.3 nyc@10.3.2 supertest@2.0.0
44 |
45 | - name: io.js 1.x
46 | node-version: "1.8"
47 | npm-i: mocha@3.5.3 nyc@10.3.2 supertest@2.0.0
48 |
49 | - name: io.js 2.x
50 | node-version: "2.5"
51 | npm-i: mocha@3.5.3 nyc@10.3.2 supertest@2.0.0
52 |
53 | - name: io.js 3.x
54 | node-version: "3.3"
55 | npm-i: mocha@3.5.3 nyc@10.3.2 supertest@2.0.0
56 |
57 | - name: Node.js 4.x
58 | node-version: "4.9"
59 | npm-i: mocha@5.2.0 nyc@11.9.0 supertest@3.4.2
60 |
61 | - name: Node.js 5.x
62 | node-version: "5.12"
63 | npm-i: mocha@5.2.0 nyc@11.9.0 supertest@3.4.2
64 |
65 | - name: Node.js 6.x
66 | node-version: "6.17"
67 | npm-i: mocha@6.2.2 nyc@14.1.1 supertest@6.1.6
68 |
69 | - name: Node.js 7.x
70 | node-version: "7.10"
71 | npm-i: mocha@6.2.2 nyc@14.1.1 supertest@6.1.6
72 |
73 | - name: Node.js 8.x
74 | node-version: "8.17"
75 | npm-i: mocha@7.2.0 nyc@14.1.1
76 |
77 | - name: Node.js 9.x
78 | node-version: "9.11"
79 | npm-i: mocha@7.2.0 nyc@14.1.1
80 |
81 | - name: Node.js 10.x
82 | node-version: "10.24"
83 | npm-i: mocha@8.4.0 nyc@15.1.0
84 |
85 | - name: Node.js 11.x
86 | node-version: "11.15"
87 | npm-i: mocha@8.4.0 nyc@15.1.0
88 |
89 | - name: Node.js 12.x
90 | node-version: "12.22"
91 | npm-i: mocha@9.2.2 nyc@15.1.0
92 |
93 | - name: Node.js 13.x
94 | node-version: "13.14"
95 | npm-i: mocha@9.2.2 nyc@15.1.0
96 |
97 | - name: Node.js 14.x
98 | node-version: "14.21"
99 | npm-i: nyc@15.1.0
100 |
101 | - name: Node.js 15.x
102 | node-version: "15.14"
103 | npm-i: nyc@15.1.0
104 |
105 | - name: Node.js 16.x
106 | node-version: "16.20"
107 | npm-i: nyc@15.1.0
108 |
109 | - name: Node.js 17.x
110 | node-version: "17.9"
111 | npm-i: nyc@15.1.0
112 |
113 | - name: Node.js 18.x
114 | node-version: "18.19"
115 |
116 | - name: Node.js 20.x
117 | node-version: "20.11"
118 |
119 | - name: Node.js 21.x
120 | node-version: "21.6"
121 |
122 | steps:
123 | - uses: actions/checkout@v4
124 |
125 | - name: Install Node.js ${{ matrix.node-version }}
126 | shell: bash -eo pipefail -l {0}
127 | run: |
128 | nvm install --default ${{ matrix.node-version }}
129 | dirname "$(nvm which ${{ matrix.node-version }})" >> "$GITHUB_PATH"
130 |
131 | - name: Configure npm
132 | run: |
133 | if [[ "$(npm config get package-lock)" == "true" ]]; then
134 | npm config set package-lock false
135 | else
136 | npm config set shrinkwrap false
137 | fi
138 |
139 | - name: Remove npm module(s) ${{ matrix.npm-rm }}
140 | run: npm rm --silent --save-dev ${{ matrix.npm-rm }}
141 | if: matrix.npm-rm != ''
142 |
143 | - name: Install npm module(s) ${{ matrix.npm-i }}
144 | run: npm install --save-dev ${{ matrix.npm-i }}
145 | if: matrix.npm-i != ''
146 |
147 | - name: Setup Node.js version-specific dependencies
148 | shell: bash
149 | run: |
150 | # eslint for linting
151 | # - remove on Node.js < 12
152 | if [[ "$(cut -d. -f1 <<< "${{ matrix.node-version }}")" -lt 12 ]]; then
153 | node -pe 'Object.keys(require("./package").devDependencies).join("\n")' | \
154 | grep -E '^eslint(-|$)' | \
155 | sort -r | \
156 | xargs -n1 npm rm --silent --save-dev
157 | fi
158 |
159 | - name: Install Node.js dependencies
160 | run: npm install
161 |
162 | - name: List environment
163 | id: list_env
164 | shell: bash
165 | run: |
166 | echo "node@$(node -v)"
167 | echo "npm@$(npm -v)"
168 | npm -s ls ||:
169 | (npm -s ls --depth=0 ||:) | awk -F'[ @]' 'NR>1 && $2 { print $2 "=" $3 }' >> "$GITHUB_OUTPUT"
170 |
171 | - name: Run tests
172 | shell: bash
173 | run: |
174 | if npm -ps ls nyc | grep -q nyc; then
175 | npm run test-ci
176 | else
177 | npm test
178 | fi
179 |
180 | - name: Lint code
181 | if: steps.list_env.outputs.eslint != ''
182 | run: npm run lint
183 |
184 | - name: Collect code coverage
185 | uses: coverallsapp/github-action@master
186 | if: steps.list_env.outputs.nyc != ''
187 | with:
188 | github-token: ${{ secrets.GITHUB_TOKEN }}
189 | flag-name: run-${{ matrix.test_number }}
190 | parallel: true
191 |
192 | coverage:
193 | needs: test
194 | runs-on: ubuntu-latest
195 | steps:
196 | - name: Uploade code coverage
197 | uses: coverallsapp/github-action@master
198 | with:
199 | github-token: ${{ secrets.github_token }}
200 | parallel-finished: true
201 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | .nyc_output/
2 | coverage/
3 | node_modules/
4 | npm-debug.log
5 | package-lock.json
6 |
--------------------------------------------------------------------------------
/HISTORY.md:
--------------------------------------------------------------------------------
1 | 3.7.0 / 2019-05-17
2 | ==================
3 |
4 | * deps: finalhandler@1.1.2
5 | - Set stricter `Content-Security-Policy` header
6 | - Fix 404 output for bad / missing pathnames
7 | - deps: encodeurl@~1.0.2
8 | - deps: parseurl@~1.3.3
9 | - deps: statuses@~1.4.0
10 | * deps: parseurl@~1.3.3
11 | * perf: remove substr call from FQDN mapping
12 |
13 | 3.6.6 / 2018-02-14
14 | ==================
15 |
16 | * deps: finalhandler@1.1.0
17 | - Use `res.headersSent` when available
18 | * perf: remove array read-past-end
19 |
20 | 3.6.5 / 2017-09-22
21 | ==================
22 |
23 | * deps: debug@2.6.9
24 | * deps: finalhandler@1.0.6
25 | - deps: debug@2.6.9
26 |
27 | 3.6.4 / 2017-09-20
28 | ==================
29 |
30 | * deps: finalhandler@1.0.5
31 | - deps: parseurl@~1.3.2
32 | * deps: parseurl@~1.3.2
33 | - perf: reduce overhead for full URLs
34 | - perf: unroll the "fast-path" `RegExp`
35 | * deps: utils-merge@1.0.1
36 |
37 | 3.6.3 / 2017-08-03
38 | ==================
39 |
40 | * deps: debug@2.6.8
41 | * deps: finalhandler@1.0.4
42 | - deps: debug@2.6.8
43 |
44 | 3.6.2 / 2017-05-16
45 | ==================
46 |
47 | * deps: finalhandler@1.0.3
48 | - deps: debug@2.6.7
49 | * deps: debug@2.6.7
50 | - deps: ms@2.0.0
51 |
52 | 3.6.1 / 2017-04-19
53 | ==================
54 |
55 | * deps: debug@2.6.3
56 | - Fix `DEBUG_MAX_ARRAY_LENGTH`
57 | * deps: finalhandler@1.0.1
58 | - Fix missing `</html>` in HTML document
59 | - deps: debug@2.6.3
60 |
61 | 3.6.0 / 2017-02-17
62 | ==================
63 |
64 | * deps: debug@2.6.1
65 | - Allow colors in workers
66 | - Deprecated `DEBUG_FD` environment variable set to `3` or higher
67 | - Fix error when running under React Native
68 | - Use same color for same namespace
69 | - deps: ms@0.7.2
70 | * deps: finalhandler@1.0.0
71 | - Fix exception when `err` cannot be converted to a string
72 | - Fully URL-encode the pathname in the 404
73 | - Only include the pathname in the 404 message
74 | - Send complete HTML document
75 | - Set `Content-Security-Policy: default-src 'self'` header
76 | - deps: debug@2.6.1
77 |
78 | 3.5.1 / 2017-02-12
79 | ==================
80 |
81 | * deps: finalhandler@0.5.1
82 | - Fix exception when `err.headers` is not an object
83 | - deps: statuses@~1.3.1
84 | - perf: hoist regular expressions
85 | - perf: remove duplicate validation path
86 |
87 | 3.5.0 / 2016-09-09
88 | ==================
89 |
90 | * deps: finalhandler@0.5.0
91 | - Change invalid or non-numeric status code to 500
92 | - Overwrite status message to match set status code
93 | - Prefer `err.statusCode` if `err.status` is invalid
94 | - Set response headers from `err.headers` object
95 | - Use `statuses` instead of `http` module for status messages
96 |
97 | 3.4.1 / 2016-01-23
98 | ==================
99 |
100 | * deps: finalhandler@0.4.1
101 | - deps: escape-html@~1.0.3
102 | * deps: parseurl@~1.3.1
103 | - perf: enable strict mode
104 |
105 | 3.4.0 / 2015-06-18
106 | ==================
107 |
108 | * deps: debug@~2.2.0
109 | - deps: ms@0.7.1
110 | * deps: finalhandler@0.4.0
111 | - Fix a false-positive when unpiping in Node.js 0.8
112 | - Support `statusCode` property on `Error` objects
113 | - Use `unpipe` module for unpiping requests
114 | - deps: debug@~2.2.0
115 | - deps: escape-html@1.0.2
116 | - deps: on-finished@~2.3.0
117 | - perf: enable strict mode
118 | - perf: remove argument reassignment
119 | * perf: enable strict mode
120 | * perf: remove argument reassignments
121 |
122 | 3.3.5 / 2015-03-16
123 | ==================
124 |
125 | * deps: debug@~2.1.3
126 | - Fix high intensity foreground color for bold
127 | - deps: ms@0.7.0
128 | * deps: finalhandler@0.3.4
129 | - deps: debug@~2.1.3
130 |
131 | 3.3.4 / 2015-01-07
132 | ==================
133 |
134 | * deps: debug@~2.1.1
135 | * deps: finalhandler@0.3.3
136 | - deps: debug@~2.1.1
137 | - deps: on-finished@~2.2.0
138 |
139 | 3.3.3 / 2014-11-09
140 | ==================
141 |
142 | * Correctly invoke async callback asynchronously
143 |
144 | 3.3.2 / 2014-10-28
145 | ==================
146 |
147 | * Fix handling of URLs containing `://` in the path
148 |
149 | 3.3.1 / 2014-10-22
150 | ==================
151 |
152 | * deps: finalhandler@0.3.2
153 | - deps: on-finished@~2.1.1
154 |
155 | 3.3.0 / 2014-10-17
156 | ==================
157 |
158 | * deps: debug@~2.1.0
159 | - Implement `DEBUG_FD` env variable support
160 | * deps: finalhandler@0.3.1
161 | - Terminate in progress response only on error
162 | - Use `on-finished` to determine request status
163 | - deps: debug@~2.1.0
164 |
165 | 3.2.0 / 2014-09-08
166 | ==================
167 |
168 | * deps: debug@~2.0.0
169 | * deps: finalhandler@0.2.0
170 | - Set `X-Content-Type-Options: nosniff` header
171 | - deps: debug@~2.0.0
172 |
173 | 3.1.1 / 2014-08-10
174 | ==================
175 |
176 | * deps: parseurl@~1.3.0
177 |
178 | 3.1.0 / 2014-07-22
179 | ==================
180 |
181 | * deps: debug@1.0.4
182 | * deps: finalhandler@0.1.0
183 | - Respond after request fully read
184 | - deps: debug@1.0.4
185 | * deps: parseurl@~1.2.0
186 | - Cache URLs based on original value
187 | - Remove no-longer-needed URL mis-parse work-around
188 | - Simplify the "fast-path" `RegExp`
189 | * perf: reduce executed logic in routing
190 | * perf: refactor location of `try` block
191 |
192 | 3.0.2 / 2014-07-10
193 | ==================
194 |
195 | * deps: debug@1.0.3
196 | - Add support for multiple wildcards in namespaces
197 | * deps: parseurl@~1.1.3
198 | - faster parsing of href-only URLs
199 |
200 | 3.0.1 / 2014-06-19
201 | ==================
202 |
203 | * use `finalhandler` for final response handling
204 | * deps: debug@1.0.2
205 |
206 | 3.0.0 / 2014-05-29
207 | ==================
208 |
209 | * No changes
210 |
211 | 3.0.0-rc.2 / 2014-05-04
212 | =======================
213 |
214 | * Call error stack even when response has been sent
215 | * Prevent default 404 handler after response sent
216 | * dep: debug@0.8.1
217 | * encode stack in HTML for default error handler
218 | * remove `proto` export
219 |
220 | 3.0.0-rc.1 / 2014-03-06
221 | =======================
222 |
223 | * move middleware to separate repos
224 | * remove docs
225 | * remove node patches
226 | * remove connect(middleware...)
227 | * remove the old `connect.createServer()` method
228 | * remove various private `connect.utils` functions
229 | * drop node.js 0.8 support
230 |
231 | 2.30.2 / 2015-07-31
232 | ===================
233 |
234 | * deps: body-parser@~1.13.3
235 | - deps: type-is@~1.6.6
236 | * deps: compression@~1.5.2
237 | - deps: accepts@~1.2.12
238 | - deps: compressible@~2.0.5
239 | - deps: vary@~1.0.1
240 | * deps: errorhandler@~1.4.2
241 | - deps: accepts@~1.2.12
242 | * deps: method-override@~2.3.5
243 | - deps: vary@~1.0.1
244 | - perf: enable strict mode
245 | * deps: serve-index@~1.7.2
246 | - deps: accepts@~1.2.12
247 | - deps: mime-types@~2.1.4
248 | * deps: type-is@~1.6.6
249 | - deps: mime-types@~2.1.4
250 | * deps: vhost@~3.0.1
251 | - perf: enable strict mode
252 |
253 | 2.30.1 / 2015-07-05
254 | ===================
255 |
256 | * deps: body-parser@~1.13.2
257 | - deps: iconv-lite@0.4.11
258 | - deps: qs@4.0.0
259 | - deps: raw-body@~2.1.2
260 | - deps: type-is@~1.6.4
261 | * deps: compression@~1.5.1
262 | - deps: accepts@~1.2.10
263 | - deps: compressible@~2.0.4
264 | * deps: errorhandler@~1.4.1
265 | - deps: accepts@~1.2.10
266 | * deps: qs@4.0.0
267 | - Fix dropping parameters like `hasOwnProperty`
268 | - Fix various parsing edge cases
269 | * deps: morgan@~1.6.1
270 | - deps: basic-auth@~1.0.3
271 | * deps: pause@0.1.0
272 | - Re-emit events with all original arguments
273 | - Refactor internals
274 | - perf: enable strict mode
275 | * deps: serve-index@~1.7.1
276 | - deps: accepts@~1.2.10
277 | - deps: mime-types@~2.1.2
278 | * deps: type-is@~1.6.4
279 | - deps: mime-types@~2.1.2
280 | - perf: enable strict mode
281 | - perf: remove argument reassignment
282 |
283 | 2.30.0 / 2015-06-18
284 | ===================
285 |
286 | * deps: body-parser@~1.13.1
287 | - Add `statusCode` property on `Error`s, in addition to `status`
288 | - Change `type` default to `application/json` for JSON parser
289 | - Change `type` default to `application/x-www-form-urlencoded` for urlencoded parser
290 | - Provide static `require` analysis
291 | - Use the `http-errors` module to generate errors
292 | - deps: bytes@2.1.0
293 | - deps: iconv-lite@0.4.10
294 | - deps: on-finished@~2.3.0
295 | - deps: raw-body@~2.1.1
296 | - deps: type-is@~1.6.3
297 | - perf: enable strict mode
298 | - perf: remove argument reassignment
299 | - perf: remove delete call
300 | * deps: bytes@2.1.0
301 | - Slight optimizations
302 | - Units no longer case sensitive when parsing
303 | * deps: compression@~1.5.0
304 | - Fix return value from `.end` and `.write` after end
305 | - Improve detection of zero-length body without `Content-Length`
306 | - deps: accepts@~1.2.9
307 | - deps: bytes@2.1.0
308 | - deps: compressible@~2.0.3
309 | - perf: enable strict mode
310 | - perf: remove flush reassignment
311 | - perf: simplify threshold detection
312 | * deps: cookie@0.1.3
313 | - Slight optimizations
314 | * deps: cookie-parser@~1.3.5
315 | - deps: cookie@0.1.3
316 | * deps: csurf@~1.8.3
317 | - Add `sessionKey` option
318 | - deps: cookie@0.1.3
319 | - deps: csrf@~3.0.0
320 | * deps: errorhandler@~1.4.0
321 | - Add charset to the `Content-Type` header
322 | - Support `statusCode` property on `Error` objects
323 | - deps: accepts@~1.2.9
324 | - deps: escape-html@1.0.2
325 | * deps: express-session@~1.11.3
326 | - Support an array in `secret` option for key rotation
327 | - deps: cookie@0.1.3
328 | - deps: crc@3.3.0
329 | - deps: debug@~2.2.0
330 | - deps: depd@~1.0.1
331 | - deps: uid-safe@~2.0.0
332 | * deps: finalhandler@0.4.0
333 | - Fix a false-positive when unpiping in Node.js 0.8
334 | - Support `statusCode` property on `Error` objects
335 | - Use `unpipe` module for unpiping requests
336 | - deps: escape-html@1.0.2
337 | - deps: on-finished@~2.3.0
338 | - perf: enable strict mode
339 | - perf: remove argument reassignment
340 | * deps: fresh@0.3.0
341 | - Add weak `ETag` matching support
342 | * deps: morgan@~1.6.0
343 | - Add `morgan.compile(format)` export
344 | - Do not color 1xx status codes in `dev` format
345 | - Fix `response-time` token to not include response latency
346 | - Fix `status` token incorrectly displaying before response in `dev` format
347 | - Fix token return values to be `undefined` or a string
348 | - Improve representation of multiple headers in `req` and `res` tokens
349 | - Use `res.getHeader` in `res` token
350 | - deps: basic-auth@~1.0.2
351 | - deps: on-finished@~2.3.0
352 | - pref: enable strict mode
353 | - pref: reduce function closure scopes
354 | - pref: remove dynamic compile on every request for `dev` format
355 | - pref: remove an argument reassignment
356 | - pref: skip function call without `skip` option
357 | * deps: serve-favicon@~2.3.0
358 | - Send non-chunked response for `OPTIONS`
359 | - deps: etag@~1.7.0
360 | - deps: fresh@0.3.0
361 | - perf: enable strict mode
362 | - perf: remove argument reassignment
363 | - perf: remove bitwise operations
364 | * deps: serve-index@~1.7.0
365 | - Accept `function` value for `template` option
366 | - Send non-chunked response for `OPTIONS`
367 | - Stat parent directory when necessary
368 | - Use `Date.prototype.toLocaleDateString` to format date
369 | - deps: accepts@~1.2.9
370 | - deps: escape-html@1.0.2
371 | - deps: mime-types@~2.1.1
372 | - perf: enable strict mode
373 | - perf: remove argument reassignment
374 | * deps: serve-static@~1.10.0
375 | - Add `fallthrough` option
376 | - Fix reading options from options prototype
377 | - Improve the default redirect response headers
378 | - Malformed URLs now `next()` instead of 400
379 | - deps: escape-html@1.0.2
380 | - deps: send@0.13.0
381 | - perf: enable strict mode
382 | - perf: remove argument reassignment
383 | * deps: type-is@~1.6.3
384 | - deps: mime-types@~2.1.1
385 | - perf: reduce try block size
386 | - perf: remove bitwise operations
387 |
388 | 2.29.2 / 2015-05-14
389 | ===================
390 |
391 | * deps: body-parser@~1.12.4
392 | - Slight efficiency improvement when not debugging
393 | - deps: debug@~2.2.0
394 | - deps: depd@~1.0.1
395 | - deps: iconv-lite@0.4.8
396 | - deps: on-finished@~2.2.1
397 | - deps: qs@2.4.2
398 | - deps: raw-body@~2.0.1
399 | - deps: type-is@~1.6.2
400 | * deps: compression@~1.4.4
401 | - deps: accepts@~1.2.7
402 | - deps: debug@~2.2.0
403 | * deps: connect-timeout@~1.6.2
404 | - deps: debug@~2.2.0
405 | - deps: ms@0.7.1
406 | * deps: debug@~2.2.0
407 | - deps: ms@0.7.1
408 | * deps: depd@~1.0.1
409 | * deps: errorhandler@~1.3.6
410 | - deps: accepts@~1.2.7
411 | * deps: finalhandler@0.3.6
412 | - deps: debug@~2.2.0
413 | - deps: on-finished@~2.2.1
414 | * deps: method-override@~2.3.3
415 | - deps: debug@~2.2.0
416 | * deps: morgan@~1.5.3
417 | - deps: basic-auth@~1.0.1
418 | - deps: debug@~2.2.0
419 | - deps: depd@~1.0.1
420 | - deps: on-finished@~2.2.1
421 | * deps: qs@2.4.2
422 | - Fix allowing parameters like `constructor`
423 | * deps: response-time@~2.3.1
424 | - deps: depd@~1.0.1
425 | * deps: serve-favicon@~2.2.1
426 | - deps: etag@~1.6.0
427 | - deps: ms@0.7.1
428 | * deps: serve-index@~1.6.4
429 | - deps: accepts@~1.2.7
430 | - deps: debug@~2.2.0
431 | - deps: mime-types@~2.0.11
432 | * deps: serve-static@~1.9.3
433 | - deps: send@0.12.3
434 | * deps: type-is@~1.6.2
435 | - deps: mime-types@~2.0.11
436 |
437 | 2.29.1 / 2015-03-16
438 | ===================
439 |
440 | * deps: body-parser@~1.12.2
441 | - deps: debug@~2.1.3
442 | - deps: qs@2.4.1
443 | - deps: type-is@~1.6.1
444 | * deps: compression@~1.4.3
445 | - Fix error when code calls `res.end(str, encoding)`
446 | - deps: accepts@~1.2.5
447 | - deps: debug@~2.1.3
448 | * deps: connect-timeout@~1.6.1
449 | - deps: debug@~2.1.3
450 | * deps: debug@~2.1.3
451 | - Fix high intensity foreground color for bold
452 | - deps: ms@0.7.0
453 | * deps: errorhandler@~1.3.5
454 | - deps: accepts@~1.2.5
455 | * deps: express-session@~1.10.4
456 | - deps: debug@~2.1.3
457 | * deps: finalhandler@0.3.4
458 | - deps: debug@~2.1.3
459 | * deps: method-override@~2.3.2
460 | - deps: debug@~2.1.3
461 | * deps: morgan@~1.5.2
462 | - deps: debug@~2.1.3
463 | * deps: qs@2.4.1
464 | - Fix error when parameter `hasOwnProperty` is present
465 | * deps: serve-index@~1.6.3
466 | - Properly escape file names in HTML
467 | - deps: accepts@~1.2.5
468 | - deps: debug@~2.1.3
469 | - deps: escape-html@1.0.1
470 | - deps: mime-types@~2.0.10
471 | * deps: serve-static@~1.9.2
472 | - deps: send@0.12.2
473 | * deps: type-is@~1.6.1
474 | - deps: mime-types@~2.0.10
475 |
476 | 2.29.0 / 2015-02-17
477 | ===================
478 |
479 | * Use `content-type` to parse `Content-Type` headers
480 | * deps: body-parser@~1.12.0
481 | - add `debug` messages
482 | - accept a function for the `type` option
483 | - make internal `extended: true` depth limit infinity
484 | - use `content-type` to parse `Content-Type` headers
485 | - deps: iconv-lite@0.4.7
486 | - deps: raw-body@1.3.3
487 | - deps: type-is@~1.6.0
488 | * deps: compression@~1.4.1
489 | - Prefer `gzip` over `deflate` on the server
490 | - deps: accepts@~1.2.4
491 | * deps: connect-timeout@~1.6.0
492 | - deps: http-errors@~1.3.1
493 | * deps: cookie-parser@~1.3.4
494 | - deps: cookie-signature@1.0.6
495 | * deps: cookie-signature@1.0.6
496 | * deps: csurf@~1.7.0
497 | - Accept `CSRF-Token` and `XSRF-Token` request headers
498 | - Default `cookie.path` to `'/'`, if using cookies
499 | - deps: cookie-signature@1.0.6
500 | - deps: csrf@~2.0.6
501 | - deps: http-errors@~1.3.1
502 | * deps: errorhandler@~1.3.4
503 | - deps: accepts@~1.2.4
504 | * deps: express-session@~1.10.3
505 | - deps: cookie-signature@1.0.6
506 | - deps: uid-safe@1.1.0
507 | * deps: http-errors@~1.3.1
508 | - Construct errors using defined constructors from `createError`
509 | - Fix error names that are not identifiers
510 | - Set a meaningful `name` property on constructed errors
511 | * deps: response-time@~2.3.0
512 | - Add function argument to support recording of response time
513 | * deps: serve-index@~1.6.2
514 | - deps: accepts@~1.2.4
515 | - deps: http-errors@~1.3.1
516 | - deps: mime-types@~2.0.9
517 | * deps: serve-static@~1.9.1
518 | - deps: send@0.12.1
519 | * deps: type-is@~1.6.0
520 | - fix argument reassignment
521 | - fix false-positives in `hasBody` `Transfer-Encoding` check
522 | - support wildcard for both type and subtype (`*/*`)
523 | - deps: mime-types@~2.0.9
524 |
525 | 2.28.3 / 2015-01-31
526 | ===================
527 |
528 | * deps: compression@~1.3.1
529 | - deps: accepts@~1.2.3
530 | - deps: compressible@~2.0.2
531 | * deps: csurf@~1.6.6
532 | - deps: csrf@~2.0.5
533 | * deps: errorhandler@~1.3.3
534 | - deps: accepts@~1.2.3
535 | * deps: express-session@~1.10.2
536 | - deps: uid-safe@1.0.3
537 | * deps: serve-index@~1.6.1
538 | - deps: accepts@~1.2.3
539 | - deps: mime-types@~2.0.8
540 | * deps: type-is@~1.5.6
541 | - deps: mime-types@~2.0.8
542 |
543 | 2.28.2 / 2015-01-20
544 | ===================
545 |
546 | * deps: body-parser@~1.10.2
547 | - deps: iconv-lite@0.4.6
548 | - deps: raw-body@1.3.2
549 | * deps: serve-static@~1.8.1
550 | - Fix redirect loop in Node.js 0.11.14
551 | - Fix root path disclosure
552 | - deps: send@0.11.1
553 |
554 | 2.28.1 / 2015-01-08
555 | ===================
556 |
557 | * deps: csurf@~1.6.5
558 | - deps: csrf@~2.0.4
559 | * deps: express-session@~1.10.1
560 | - deps: uid-safe@~1.0.2
561 |
562 | 2.28.0 / 2015-01-05
563 | ===================
564 |
565 | * deps: body-parser@~1.10.1
566 | - Make internal `extended: true` array limit dynamic
567 | - deps: on-finished@~2.2.0
568 | - deps: type-is@~1.5.5
569 | * deps: compression@~1.3.0
570 | - Export the default `filter` function for wrapping
571 | - deps: accepts@~1.2.2
572 | - deps: debug@~2.1.1
573 | * deps: connect-timeout@~1.5.0
574 | - deps: debug@~2.1.1
575 | - deps: http-errors@~1.2.8
576 | - deps: ms@0.7.0
577 | * deps: csurf@~1.6.4
578 | - deps: csrf@~2.0.3
579 | - deps: http-errors@~1.2.8
580 | * deps: debug@~2.1.1
581 | * deps: errorhandler@~1.3.2
582 | - Add `log` option
583 | - Fix heading content to not include stack
584 | - deps: accepts@~1.2.2
585 | * deps: express-session@~1.10.0
586 | - Add `store.touch` interface for session stores
587 | - Fix `MemoryStore` expiration with `resave: false`
588 | - deps: debug@~2.1.1
589 | * deps: finalhandler@0.3.3
590 | - deps: debug@~2.1.1
591 | - deps: on-finished@~2.2.0
592 | * deps: method-override@~2.3.1
593 | - deps: debug@~2.1.1
594 | - deps: methods@~1.1.1
595 | * deps: morgan@~1.5.1
596 | - Add multiple date formats `clf`, `iso`, and `web`
597 | - Deprecate `buffer` option
598 | - Fix date format in `common` and `combined` formats
599 | - Fix token arguments to accept values with `"`
600 | - deps: debug@~2.1.1
601 | - deps: on-finished@~2.2.0
602 | * deps: serve-favicon@~2.2.0
603 | - Support query string in the URL
604 | - deps: etag@~1.5.1
605 | - deps: ms@0.7.0
606 | * deps: serve-index@~1.6.0
607 | - Add link to root directory
608 | - deps: accepts@~1.2.2
609 | - deps: batch@0.5.2
610 | - deps: debug@~2.1.1
611 | - deps: mime-types@~2.0.7
612 | * deps: serve-static@~1.8.0
613 | - Fix potential open redirect when mounted at root
614 | - deps: send@0.11.0
615 | * deps: type-is@~1.5.5
616 | - deps: mime-types@~2.0.7
617 |
618 | 2.27.6 / 2014-12-10
619 | ===================
620 |
621 | * deps: serve-index@~1.5.3
622 | - deps: accepts@~1.1.4
623 | - deps: http-errors@~1.2.8
624 | - deps: mime-types@~2.0.4
625 |
626 | 2.27.5 / 2014-12-10
627 | ===================
628 |
629 | * deps: compression@~1.2.2
630 | - Fix `.end` to only proxy to `.end`
631 | - deps: accepts@~1.1.4
632 | * deps: express-session@~1.9.3
633 | - Fix error when `req.sessionID` contains a non-string value
634 | * deps: http-errors@~1.2.8
635 | - Fix stack trace from exported function
636 | - Remove `arguments.callee` usage
637 | * deps: serve-index@~1.5.2
638 | - Fix icon name background alignment on mobile view
639 | * deps: type-is@~1.5.4
640 | - deps: mime-types@~2.0.4
641 |
642 | 2.27.4 / 2014-11-23
643 | ===================
644 |
645 | * deps: body-parser@~1.9.3
646 | - deps: iconv-lite@0.4.5
647 | - deps: qs@2.3.3
648 | - deps: raw-body@1.3.1
649 | - deps: type-is@~1.5.3
650 | * deps: compression@~1.2.1
651 | - deps: accepts@~1.1.3
652 | * deps: errorhandler@~1.2.3
653 | - deps: accepts@~1.1.3
654 | * deps: express-session@~1.9.2
655 | - deps: crc@3.2.1
656 | * deps: qs@2.3.3
657 | - Fix `arrayLimit` behavior
658 | * deps: serve-favicon@~2.1.7
659 | - Avoid errors from enumerables on `Object.prototype`
660 | * deps: serve-index@~1.5.1
661 | - deps: accepts@~1.1.3
662 | - deps: mime-types@~2.0.3
663 | * deps: type-is@~1.5.3
664 | - deps: mime-types@~2.0.3
665 |
666 | 2.27.3 / 2014-11-09
667 | ===================
668 |
669 | * Correctly invoke async callback asynchronously
670 | * deps: csurf@~1.6.3
671 | - bump csrf
672 | - bump http-errors
673 |
674 | 2.27.2 / 2014-10-28
675 | ===================
676 |
677 | * Fix handling of URLs containing `://` in the path
678 | * deps: body-parser@~1.9.2
679 | - deps: qs@2.3.2
680 | * deps: qs@2.3.2
681 | - Fix parsing of mixed objects and values
682 |
683 | 2.27.1 / 2014-10-22
684 | ===================
685 |
686 | * deps: body-parser@~1.9.1
687 | - deps: on-finished@~2.1.1
688 | - deps: qs@2.3.0
689 | - deps: type-is@~1.5.2
690 | * deps: express-session@~1.9.1
691 | - Remove unnecessary empty write call
692 | * deps: finalhandler@0.3.2
693 | - deps: on-finished@~2.1.1
694 | * deps: morgan@~1.4.1
695 | - deps: on-finished@~2.1.1
696 | * deps: qs@2.3.0
697 | - Fix parsing of mixed implicit and explicit arrays
698 | * deps: serve-static@~1.7.1
699 | - deps: send@0.10.1
700 |
701 | 2.27.0 / 2014-10-16
702 | ===================
703 |
704 | * Use `http-errors` module for creating errors
705 | * Use `utils-merge` module for merging objects
706 | * deps: body-parser@~1.9.0
707 | - include the charset in "unsupported charset" error message
708 | - include the encoding in "unsupported content encoding" error message
709 | - deps: depd@~1.0.0
710 | * deps: compression@~1.2.0
711 | - deps: debug@~2.1.0
712 | * deps: connect-timeout@~1.4.0
713 | - Create errors with `http-errors`
714 | - deps: debug@~2.1.0
715 | * deps: debug@~2.1.0
716 | - Implement `DEBUG_FD` env variable support
717 | * deps: depd@~1.0.0
718 | * deps: express-session@~1.9.0
719 | - deps: debug@~2.1.0
720 | - deps: depd@~1.0.0
721 | * deps: finalhandler@0.3.1
722 | - Terminate in progress response only on error
723 | - Use `on-finished` to determine request status
724 | - deps: debug@~2.1.0
725 | * deps: method-override@~2.3.0
726 | - deps: debug@~2.1.0
727 | * deps: morgan@~1.4.0
728 | - Add `debug` messages
729 | - deps: depd@~1.0.0
730 | * deps: response-time@~2.2.0
731 | - Add `header` option for custom header name
732 | - Add `suffix` option
733 | - Change `digits` argument to an `options` argument
734 | - deps: depd@~1.0.0
735 | * deps: serve-favicon@~2.1.6
736 | - deps: etag@~1.5.0
737 | * deps: serve-index@~1.5.0
738 | - Add `dir` argument to `filter` function
739 | - Add icon for mkv files
740 | - Create errors with `http-errors`
741 | - Fix incorrect 403 on Windows and Node.js 0.11
742 | - Lookup icon by mime type for greater icon support
743 | - Support using tokens multiple times
744 | - deps: accepts@~1.1.2
745 | - deps: debug@~2.1.0
746 | - deps: mime-types@~2.0.2
747 | * deps: serve-static@~1.7.0
748 | - deps: send@0.10.0
749 |
750 | 2.26.6 / 2014-10-15
751 | ===================
752 |
753 | * deps: compression@~1.1.2
754 | - deps: accepts@~1.1.2
755 | - deps: compressible@~2.0.1
756 | * deps: csurf@~1.6.2
757 | - bump http-errors
758 | - fix cookie name when using `cookie: true`
759 | * deps: errorhandler@~1.2.2
760 | - deps: accepts@~1.1.2
761 |
762 | 2.26.5 / 2014-10-08
763 | ===================
764 |
765 | * Fix accepting non-object arguments to `logger`
766 | * deps: serve-static@~1.6.4
767 | - Fix redirect loop when index file serving disabled
768 |
769 | 2.26.4 / 2014-10-02
770 | ===================
771 |
772 | * deps: morgan@~1.3.2
773 | - Fix `req.ip` integration when `immediate: false`
774 | * deps: type-is@~1.5.2
775 | - deps: mime-types@~2.0.2
776 |
777 | 2.26.3 / 2014-09-24
778 | ===================
779 |
780 | * deps: body-parser@~1.8.4
781 | - fix content encoding to be case-insensitive
782 | * deps: serve-favicon@~2.1.5
783 | - deps: etag@~1.4.0
784 | * deps: serve-static@~1.6.3
785 | - deps: send@0.9.3
786 |
787 | 2.26.2 / 2014-09-19
788 | ===================
789 |
790 | * deps: body-parser@~1.8.3
791 | - deps: qs@2.2.4
792 | * deps: qs@2.2.4
793 | - Fix issue with object keys starting with numbers truncated
794 |
795 | 2.26.1 / 2014-09-15
796 | ===================
797 |
798 | * deps: body-parser@~1.8.2
799 | - deps: depd@0.4.5
800 | * deps: depd@0.4.5
801 | * deps: express-session@~1.8.2
802 | - Use `crc` instead of `buffer-crc32` for speed
803 | - deps: depd@0.4.5
804 | * deps: morgan@~1.3.1
805 | - Remove un-used `bytes` dependency
806 | - deps: depd@0.4.5
807 | * deps: serve-favicon@~2.1.4
808 | - Fix content headers being sent in 304 response
809 | - deps: etag@~1.3.1
810 | * deps: serve-static@~1.6.2
811 | - deps: send@0.9.2
812 |
813 | 2.26.0 / 2014-09-08
814 | ===================
815 |
816 | * deps: body-parser@~1.8.1
817 | - add `parameterLimit` option to `urlencoded` parser
818 | - change `urlencoded` extended array limit to 100
819 | - make empty-body-handling consistent between chunked requests
820 | - respond with 415 when over `parameterLimit` in `urlencoded`
821 | - deps: media-typer@0.3.0
822 | - deps: qs@2.2.3
823 | - deps: type-is@~1.5.1
824 | * deps: compression@~1.1.0
825 | - deps: accepts@~1.1.0
826 | - deps: compressible@~2.0.0
827 | - deps: debug@~2.0.0
828 | * deps: connect-timeout@~1.3.0
829 | - deps: debug@~2.0.0
830 | * deps: cookie-parser@~1.3.3
831 | - deps: cookie-signature@1.0.5
832 | * deps: cookie-signature@1.0.5
833 | * deps: csurf@~1.6.1
834 | - add `ignoreMethods` option
835 | - bump cookie-signature
836 | - csrf-tokens -> csrf
837 | - set `code` property on CSRF token errors
838 | * deps: debug@~2.0.0
839 | * deps: errorhandler@~1.2.0
840 | - Display error using `util.inspect` if no other representation
841 | - deps: accepts@~1.1.0
842 | * deps: express-session@~1.8.1
843 | - Do not resave already-saved session at end of request
844 | - Prevent session prototype methods from being overwritten
845 | - deps: cookie-signature@1.0.5
846 | - deps: debug@~2.0.0
847 | * deps: finalhandler@0.2.0
848 | - Set `X-Content-Type-Options: nosniff` header
849 | - deps: debug@~2.0.0
850 | * deps: fresh@0.2.4
851 | * deps: media-typer@0.3.0
852 | - Throw error when parameter format invalid on parse
853 | * deps: method-override@~2.2.0
854 | - deps: debug@~2.0.0
855 | * deps: morgan@~1.3.0
856 | - Assert if `format` is not a function or string
857 | * deps: qs@2.2.3
858 | - Fix issue where first empty value in array is discarded
859 | * deps: serve-favicon@~2.1.3
860 | - Accept string for `maxAge` (converted by `ms`)
861 | - Use `etag` to generate `ETag` header
862 | - deps: fresh@0.2.4
863 | * deps: serve-index@~1.2.1
864 | - Add `debug` messages
865 | - Resolve relative paths at middleware setup
866 | - deps: accepts@~1.1.0
867 | * deps: serve-static@~1.6.1
868 | - Add `lastModified` option
869 | - deps: send@0.9.1
870 | * deps: type-is@~1.5.1
871 | - fix `hasbody` to be true for `content-length: 0`
872 | - deps: media-typer@0.3.0
873 | - deps: mime-types@~2.0.1
874 | * deps: vhost@~3.0.0
875 |
876 | 2.25.10 / 2014-09-04
877 | ====================
878 |
879 | * deps: serve-static@~1.5.4
880 | - deps: send@0.8.5
881 |
882 | 2.25.9 / 2014-08-29
883 | ===================
884 |
885 | * deps: body-parser@~1.6.7
886 | - deps: qs@2.2.2
887 | * deps: qs@2.2.2
888 |
889 | 2.25.8 / 2014-08-27
890 | ===================
891 |
892 | * deps: body-parser@~1.6.6
893 | - deps: qs@2.2.0
894 | * deps: csurf@~1.4.1
895 | * deps: qs@2.2.0
896 | - Array parsing fix
897 | - Performance improvements
898 |
899 | 2.25.7 / 2014-08-18
900 | ===================
901 |
902 | * deps: body-parser@~1.6.5
903 | - deps: on-finished@2.1.0
904 | * deps: express-session@~1.7.6
905 | - Fix exception on `res.end(null)` calls
906 | * deps: morgan@~1.2.3
907 | - deps: on-finished@2.1.0
908 | * deps: serve-static@~1.5.3
909 | - deps: send@0.8.3
910 |
911 | 2.25.6 / 2014-08-14
912 | ===================
913 |
914 | * deps: body-parser@~1.6.4
915 | - deps: qs@1.2.2
916 | * deps: qs@1.2.2
917 | * deps: serve-static@~1.5.2
918 | - deps: send@0.8.2
919 |
920 | 2.25.5 / 2014-08-11
921 | ===================
922 |
923 | * Fix backwards compatibility in `logger`
924 |
925 | 2.25.4 / 2014-08-10
926 | ===================
927 |
928 | * Fix `query` middleware breaking with argument
929 | - It never really took one in the first place
930 | * deps: body-parser@~1.6.3
931 | - deps: qs@1.2.1
932 | * deps: compression@~1.0.11
933 | - deps: on-headers@~1.0.0
934 | - deps: parseurl@~1.3.0
935 | * deps: connect-timeout@~1.2.2
936 | - deps: on-headers@~1.0.0
937 | * deps: express-session@~1.7.5
938 | - Fix parsing original URL
939 | - deps: on-headers@~1.0.0
940 | - deps: parseurl@~1.3.0
941 | * deps: method-override@~2.1.3
942 | * deps: on-headers@~1.0.0
943 | * deps: parseurl@~1.3.0
944 | * deps: qs@1.2.1
945 | * deps: response-time@~2.0.1
946 | - deps: on-headers@~1.0.0
947 | * deps: serve-index@~1.1.6
948 | - Fix URL parsing
949 | * deps: serve-static@~1.5.1
950 | - Fix parsing of weird `req.originalUrl` values
951 | - deps: parseurl@~1.3.0
952 | = deps: utils-merge@1.0.0
953 |
954 | 2.25.3 / 2014-08-07
955 | ===================
956 |
957 | * deps: multiparty@3.3.2
958 | - Fix potential double-callback
959 |
960 | 2.25.2 / 2014-08-07
961 | ===================
962 |
963 | * deps: body-parser@~1.6.2
964 | - deps: qs@1.2.0
965 | * deps: qs@1.2.0
966 | - Fix parsing array of objects
967 |
968 | 2.25.1 / 2014-08-06
969 | ===================
970 |
971 | * deps: body-parser@~1.6.1
972 | - deps: qs@1.1.0
973 | * deps: qs@1.1.0
974 | - Accept urlencoded square brackets
975 | - Accept empty values in implicit array notation
976 |
977 | 2.25.0 / 2014-08-05
978 | ===================
979 |
980 | * deps: body-parser@~1.6.0
981 | - deps: qs@1.0.2
982 | * deps: compression@~1.0.10
983 | - Fix upper-case Content-Type characters prevent compression
984 | - deps: compressible@~1.1.1
985 | * deps: csurf@~1.4.0
986 | - Support changing `req.session` after `csurf` middleware
987 | - Calling `res.csrfToken()` after `req.session.destroy()` will now work
988 | * deps: express-session@~1.7.4
989 | - Fix `res.end` patch to call correct upstream `res.write`
990 | - Fix response end delay for non-chunked responses
991 | * deps: qs@1.0.2
992 | - Complete rewrite
993 | - Limits array length to 20
994 | - Limits object depth to 5
995 | - Limits parameters to 1,000
996 | * deps: serve-static@~1.5.0
997 | - Add `extensions` option
998 | - deps: send@0.8.1
999 |
1000 | 2.24.3 / 2014-08-04
1001 | ===================
1002 |
1003 | * deps: serve-index@~1.1.5
1004 | - Fix Content-Length calculation for multi-byte file names
1005 | - deps: accepts@~1.0.7
1006 | * deps: serve-static@~1.4.4
1007 | - Fix incorrect 403 on Windows and Node.js 0.11
1008 | - deps: send@0.7.4
1009 |
1010 | 2.24.2 / 2014-07-27
1011 | ===================
1012 |
1013 | * deps: body-parser@~1.5.2
1014 | * deps: depd@0.4.4
1015 | - Work-around v8 generating empty stack traces
1016 | * deps: express-session@~1.7.2
1017 | * deps: morgan@~1.2.2
1018 | * deps: serve-static@~1.4.2
1019 |
1020 | 2.24.1 / 2014-07-26
1021 | ===================
1022 |
1023 | * deps: body-parser@~1.5.1
1024 | * deps: depd@0.4.3
1025 | - Fix exception when global `Error.stackTraceLimit` is too low
1026 | * deps: express-session@~1.7.1
1027 | * deps: morgan@~1.2.1
1028 | * deps: serve-index@~1.1.4
1029 | * deps: serve-static@~1.4.1
1030 |
1031 | 2.24.0 / 2014-07-22
1032 | ===================
1033 |
1034 | * deps: body-parser@~1.5.0
1035 | - deps: depd@0.4.2
1036 | - deps: iconv-lite@0.4.4
1037 | - deps: raw-body@1.3.0
1038 | - deps: type-is@~1.3.2
1039 | * deps: compression@~1.0.9
1040 | - Add `debug` messages
1041 | - deps: accepts@~1.0.7
1042 | * deps: connect-timeout@~1.2.1
1043 | - Accept string for `time` (converted by `ms`)
1044 | - deps: debug@1.0.4
1045 | * deps: debug@1.0.4
1046 | * deps: depd@0.4.2
1047 | - Add `TRACE_DEPRECATION` environment variable
1048 | - Remove non-standard grey color from color output
1049 | - Support `--no-deprecation` argument
1050 | - Support `--trace-deprecation` argument
1051 | * deps: express-session@~1.7.0
1052 | - Improve session-ending error handling
1053 | - deps: debug@1.0.4
1054 | - deps: depd@0.4.2
1055 | * deps: finalhandler@0.1.0
1056 | - Respond after request fully read
1057 | - deps: debug@1.0.4
1058 | * deps: method-override@~2.1.2
1059 | - deps: debug@1.0.4
1060 | - deps: parseurl@~1.2.0
1061 | * deps: morgan@~1.2.0
1062 | - Add `:remote-user` token
1063 | - Add `combined` log format
1064 | - Add `common` log format
1065 | - Remove non-standard grey color from `dev` format
1066 | * deps: multiparty@3.3.1
1067 | * deps: parseurl@~1.2.0
1068 | - Cache URLs based on original value
1069 | - Remove no-longer-needed URL mis-parse work-around
1070 | - Simplify the "fast-path" `RegExp`
1071 | * deps: serve-static@~1.4.0
1072 | - Add `dotfiles` option
1073 | - deps: parseurl@~1.2.0
1074 | - deps: send@0.7.0
1075 |
1076 | 2.23.0 / 2014-07-10
1077 | ===================
1078 |
1079 | * deps: debug@1.0.3
1080 | - Add support for multiple wildcards in namespaces
1081 | * deps: express-session@~1.6.4
1082 | * deps: method-override@~2.1.0
1083 | - add simple debug output
1084 | - deps: methods@1.1.0
1085 | - deps: parseurl@~1.1.3
1086 | * deps: parseurl@~1.1.3
1087 | - faster parsing of href-only URLs
1088 | * deps: serve-static@~1.3.1
1089 | - deps: parseurl@~1.1.3
1090 |
1091 | 2.22.0 / 2014-07-03
1092 | ===================
1093 |
1094 | * deps: csurf@~1.3.0
1095 | - Fix `cookie.signed` option to actually sign cookie
1096 | * deps: express-session@~1.6.1
1097 | - Fix `res.end` patch to return correct value
1098 | - Fix `res.end` patch to handle multiple `res.end` calls
1099 | - Reject cookies with missing signatures
1100 | * deps: multiparty@3.3.0
1101 | - Always emit close after all parts ended
1102 | - Fix callback hang in node.js 0.8 on errors
1103 | * deps: serve-static@~1.3.0
1104 | - Accept string for `maxAge` (converted by `ms`)
1105 | - Add `setHeaders` option
1106 | - Include HTML link in redirect response
1107 | - deps: send@0.5.0
1108 |
1109 | 2.21.1 / 2014-06-26
1110 | ===================
1111 |
1112 | * deps: cookie-parser@1.3.2
1113 | - deps: cookie-signature@1.0.4
1114 | * deps: cookie-signature@1.0.4
1115 | - fix for timing attacks
1116 | * deps: express-session@~1.5.2
1117 | - deps: cookie-signature@1.0.4
1118 | * deps: type-is@~1.3.2
1119 | - more mime types
1120 |
1121 | 2.21.0 / 2014-06-20
1122 | ===================
1123 |
1124 | * deprecate `connect(middleware)` -- use `app.use(middleware)` instead
1125 | * deprecate `connect.createServer()` -- use `connect()` instead
1126 | * fix `res.setHeader()` patch to work with get -> append -> set pattern
1127 | * deps: compression@~1.0.8
1128 | * deps: errorhandler@~1.1.1
1129 | * deps: express-session@~1.5.0
1130 | - Deprecate integration with `cookie-parser` middleware
1131 | - Deprecate looking for secret in `req.secret`
1132 | - Directly read cookies; `cookie-parser` no longer required
1133 | - Directly set cookies; `res.cookie` no longer required
1134 | - Generate session IDs with `uid-safe`, faster and even less collisions
1135 | * deps: serve-index@~1.1.3
1136 |
1137 | 2.20.2 / 2014-06-19
1138 | ===================
1139 |
1140 | * deps: body-parser@1.4.3
1141 | - deps: type-is@1.3.1
1142 |
1143 | 2.20.1 / 2014-06-19
1144 | ===================
1145 |
1146 | * deps: type-is@1.3.1
1147 | - fix global variable leak
1148 |
1149 | 2.20.0 / 2014-06-19
1150 | ===================
1151 |
1152 | * deprecate `verify` option to `json` -- use `body-parser` npm module instead
1153 | * deprecate `verify` option to `urlencoded` -- use `body-parser` npm module instead
1154 | * deprecate things with `depd` module
1155 | * use `finalhandler` for final response handling
1156 | * use `media-typer` to parse `content-type` for charset
1157 | * deps: body-parser@1.4.2
1158 | - check accepted charset in content-type (accepts utf-8)
1159 | - check accepted encoding in content-encoding (accepts identity)
1160 | - deprecate `urlencoded()` without provided `extended` option
1161 | - lazy-load urlencoded parsers
1162 | - support gzip and deflate bodies
1163 | - set `inflate: false` to turn off
1164 | - deps: raw-body@1.2.2
1165 | - deps: type-is@1.3.0
1166 | - Support all encodings from `iconv-lite`
1167 | * deps: connect-timeout@1.1.1
1168 | - deps: debug@1.0.2
1169 | * deps: cookie-parser@1.3.1
1170 | - export parsing functions
1171 | - `req.cookies` and `req.signedCookies` are now plain objects
1172 | - slightly faster parsing of many cookies
1173 | * deps: csurf@1.2.2
1174 | * deps: errorhandler@1.1.0
1175 | - Display error on console formatted like `throw`
1176 | - Escape HTML in stack trace
1177 | - Escape HTML in title
1178 | - Fix up edge cases with error sent in response
1179 | - Set `X-Content-Type-Options: nosniff` header
1180 | - Use accepts for negotiation
1181 | * deps: express-session@1.4.0
1182 | - Add `genid` option to generate custom session IDs
1183 | - Add `saveUninitialized` option to control saving uninitialized sessions
1184 | - Add `unset` option to control unsetting `req.session`
1185 | - Generate session IDs with `rand-token` by default; reduce collisions
1186 | - Integrate with express "trust proxy" by default
1187 | - deps: buffer-crc32@0.2.3
1188 | - deps: debug@1.0.2
1189 | * deps: multiparty@3.2.9
1190 | * deps: serve-index@1.1.2
1191 | - deps: batch@0.5.1
1192 | * deps: type-is@1.3.0
1193 | - improve type parsing
1194 | * deps: vhost@2.0.0
1195 | - Accept `RegExp` object for `hostname`
1196 | - Provide `req.vhost` object
1197 | - Support IPv6 literal in `Host` header
1198 |
1199 | 2.19.6 / 2014-06-11
1200 | ===================
1201 |
1202 | * deps: body-parser@1.3.1
1203 | - deps: type-is@1.2.1
1204 | * deps: compression@1.0.7
1205 | - use vary module for better `Vary` behavior
1206 | - deps: accepts@1.0.3
1207 | - deps: compressible@1.1.0
1208 | * deps: debug@1.0.2
1209 | * deps: serve-index@1.1.1
1210 | - deps: accepts@1.0.3
1211 | * deps: serve-static@1.2.3
1212 | - Do not throw un-catchable error on file open race condition
1213 | - deps: send@0.4.3
1214 |
1215 | 2.19.5 / 2014-06-09
1216 | ===================
1217 |
1218 | * deps: csurf@1.2.1
1219 | - refactor to use csrf-tokens@~1.0.2
1220 | * deps: debug@1.0.1
1221 | * deps: serve-static@1.2.2
1222 | - fix "event emitter leak" warnings
1223 | - deps: send@0.4.2
1224 | * deps: type-is@1.2.1
1225 | - Switch dependency from `mime` to `mime-types@1.0.0`
1226 |
1227 | 2.19.4 / 2014-06-05
1228 | ===================
1229 |
1230 | * deps: errorhandler@1.0.2
1231 | - Pass on errors from reading error files
1232 | * deps: method-override@2.0.2
1233 | - use vary module for better `Vary` behavior
1234 | * deps: serve-favicon@2.0.1
1235 | - Reduce byte size of `ETag` header
1236 |
1237 | 2.19.3 / 2014-06-03
1238 | ===================
1239 |
1240 | * deps: compression@1.0.6
1241 | - fix listeners for delayed stream creation
1242 | - fix regression for certain `stream.pipe(res)` situations
1243 | - fix regression when negotiation fails
1244 |
1245 | 2.19.2 / 2014-06-03
1246 | ===================
1247 |
1248 | * deps: compression@1.0.4
1249 | - fix adding `Vary` when value stored as array
1250 | - fix back-pressure behavior
1251 | - fix length check for `res.end`
1252 |
1253 | 2.19.1 / 2014-06-02
1254 | ===================
1255 |
1256 | * fix deprecated `utils.escape`
1257 |
1258 | 2.19.0 / 2014-06-02
1259 | ===================
1260 |
1261 | * deprecate `methodOverride()` -- use `method-override` npm module instead
1262 | * deps: body-parser@1.3.0
1263 | - add `extended` option to urlencoded parser
1264 | * deps: method-override@2.0.1
1265 | - set `Vary` header
1266 | - deps: methods@1.0.1
1267 | * deps: multiparty@3.2.8
1268 | * deps: response-time@2.0.0
1269 | - add `digits` argument
1270 | - do not override existing `X-Response-Time` header
1271 | - timer not subject to clock drift
1272 | - timer resolution down to nanoseconds
1273 | * deps: serve-static@1.2.1
1274 | - send max-age in Cache-Control in correct format
1275 | - use `escape-html` for escaping
1276 | - deps: send@0.4.1
1277 |
1278 | 2.18.0 / 2014-05-29
1279 | ===================
1280 |
1281 | * deps: compression@1.0.3
1282 | * deps: serve-index@1.1.0
1283 | - Fix content negotiation when no `Accept` header
1284 | - Properly support all HTTP methods
1285 | - Support vanilla node.js http servers
1286 | - Treat `ENAMETOOLONG` as code 414
1287 | - Use accepts for negotiation
1288 | * deps: serve-static@1.2.0
1289 | - Calculate ETag with md5 for reduced collisions
1290 | - Fix wrong behavior when index file matches directory
1291 | - Ignore stream errors after request ends
1292 | - Skip directories in index file search
1293 | - deps: send@0.4.0
1294 |
1295 | 2.17.3 / 2014-05-27
1296 | ===================
1297 |
1298 | * deps: express-session@1.2.1
1299 | - Fix `resave` such that `resave: true` works
1300 |
1301 | 2.17.2 / 2014-05-27
1302 | ===================
1303 |
1304 | * deps: body-parser@1.2.2
1305 | - invoke `next(err)` after request fully read
1306 | - deps: raw-body@1.1.6
1307 | * deps: method-override@1.0.2
1308 | - Handle `req.body` key referencing array or object
1309 | - Handle multiple HTTP headers
1310 |
1311 | 2.17.1 / 2014-05-21
1312 | ===================
1313 |
1314 | * fix `res.charset` appending charset when `content-type` has one
1315 |
1316 | 2.17.0 / 2014-05-20
1317 | ===================
1318 |
1319 | * deps: express-session@1.2.0
1320 | - Add `resave` option to control saving unmodified sessions
1321 | * deps: morgan@1.1.1
1322 | - "dev" format will use same tokens as other formats
1323 | - `:response-time` token is now empty when immediate used
1324 | - `:response-time` token is now monotonic
1325 | - `:response-time` token has precision to 1 μs
1326 | - fix `:status` + immediate output in node.js 0.8
1327 | - improve `buffer` option to prevent indefinite event loop holding
1328 | - simplify method to get remote address
1329 | - deps: bytes@1.0.0
1330 | * deps: serve-index@1.0.3
1331 | - Fix error from non-statable files in HTML view
1332 |
1333 | 2.16.2 / 2014-05-18
1334 | ===================
1335 |
1336 | * fix edge-case in `res.appendHeader` that would append in wrong order
1337 | * deps: method-override@1.0.1
1338 |
1339 | 2.16.1 / 2014-05-17
1340 | ===================
1341 |
1342 | * remove usages of `res.headerSent` from core
1343 |
1344 | 2.16.0 / 2014-05-17
1345 | ===================
1346 |
1347 | * deprecate `res.headerSent` -- use `res.headersSent`
1348 | * deprecate `res.on("header")` -- use on-headers module instead
1349 | * fix `connect.version` to reflect the actual version
1350 | * json: use body-parser
1351 | - add `type` option
1352 | - fix repeated limit parsing with every request
1353 | - improve parser speed
1354 | * urlencoded: use body-parser
1355 | - add `type` option
1356 | - fix repeated limit parsing with every request
1357 | * dep: bytes@1.0.0
1358 | * add negative support
1359 | * dep: cookie-parser@1.1.0
1360 | - deps: cookie@0.1.2
1361 | * dep: csurf@1.2.0
1362 | - add support for double-submit cookie
1363 | * dep: express-session@1.1.0
1364 | - Add `name` option; replacement for `key` option
1365 | - Use `setImmediate` in MemoryStore for node.js >= 0.10
1366 |
1367 | 2.15.0 / 2014-05-04
1368 | ===================
1369 |
1370 | * Add simple `res.cookie` support
1371 | * Add `res.appendHeader`
1372 | * Call error stack even when response has been sent
1373 | * Patch `res.headerSent` to return Boolean
1374 | * Patch `res.headersSent` for node.js 0.8
1375 | * Prevent default 404 handler after response sent
1376 | * dep: compression@1.0.2
1377 | * support headers given to `res.writeHead`
1378 | * deps: bytes@0.3.0
1379 | * deps: negotiator@0.4.3
1380 | * dep: connect-timeout@1.1.0
1381 | * Add `req.timedout` property
1382 | * Add `respond` option to constructor
1383 | * Clear timer on socket destroy
1384 | * deps: debug@0.8.1
1385 | * dep: debug@^0.8.0
1386 | * add `enable()` method
1387 | * change from stderr to stdout
1388 | * dep: errorhandler@1.0.1
1389 | * Clean up error CSS
1390 | * Do not respond after headers sent
1391 | * dep: express-session@1.0.4
1392 | * Remove import of `setImmediate`
1393 | * Use `res.cookie()` instead of `res.setHeader()`
1394 | * deps: cookie@0.1.2
1395 | * deps: debug@0.8.1
1396 | * dep: morgan@1.0.1
1397 | * Make buffer unique per morgan instance
1398 | * deps: bytes@0.3.0
1399 | * dep: serve-favicon@2.0.0
1400 | * Accept `Buffer` of icon as first argument
1401 | * Non-GET and HEAD requests are denied
1402 | * Send valid max-age value
1403 | * Support conditional requests
1404 | * Support max-age=0
1405 | * Support OPTIONS method
1406 | * Throw if `path` argument is directory
1407 | * dep: serve-index@1.0.2
1408 | * Add stylesheet option
1409 | * deps: negotiator@0.4.3
1410 |
1411 | 2.14.5 / 2014-04-24
1412 | ===================
1413 |
1414 | * dep: raw-body@1.1.4
1415 | * allow true as an option
1416 | * deps: bytes@0.3.0
1417 | * dep: serve-static@1.1.0
1418 | * Accept options directly to `send` module
1419 | * deps: send@0.3.0
1420 |
1421 | 2.14.4 / 2014-04-07
1422 | ===================
1423 |
1424 | * dep: bytes@0.3.0
1425 | * added terabyte support
1426 | * dep: csurf@1.1.0
1427 | * add constant-time string compare
1428 | * dep: serve-static@1.0.4
1429 | * Resolve relative paths at middleware setup
1430 | * Use parseurl to parse the URL from request
1431 | * fix node.js 0.8 compatibility with memory session
1432 |
1433 | 2.14.3 / 2014-03-18
1434 | ===================
1435 |
1436 | * dep: static-favicon@1.0.2
1437 | * Fixed content of default icon
1438 |
1439 | 2.14.2 / 2014-03-11
1440 | ===================
1441 |
1442 | * dep: static-favicon@1.0.1
1443 | * Fixed path to default icon
1444 |
1445 | 2.14.1 / 2014-03-06
1446 | ===================
1447 |
1448 | * dep: fresh@0.2.2
1449 | * no real changes
1450 | * dep: serve-index@1.0.1
1451 | * deps: negotiator@0.4.2
1452 | * dep: serve-static@1.0.2
1453 | * deps: send@0.2.0
1454 |
1455 | 2.14.0 / 2014-03-05
1456 | ===================
1457 |
1458 | * basicAuth: use basic-auth-connect
1459 | * cookieParser: use cookie-parser
1460 | * compress: use compression
1461 | * csrf: use csurf
1462 | * dep: cookie-signature@1.0.3
1463 | * directory: use serve-index
1464 | * errorHandler: use errorhandler
1465 | * favicon: use static-favicon
1466 | * logger: use morgan
1467 | * methodOverride: use method-override
1468 | * responseTime: use response-time
1469 | * session: use express-session
1470 | * static: use serve-static
1471 | * timeout: use connect-timeout
1472 | * vhost: use vhost
1473 |
1474 | 2.13.1 / 2014-03-05
1475 | ===================
1476 |
1477 | * cookieSession: compare full value rather than crc32
1478 | * deps: raw-body@1.1.3
1479 |
1480 | 2.13.0 / 2014-02-14
1481 | ===================
1482 |
1483 | * fix typo in memory store warning #974 @rvagg
1484 | * compress: use compressible
1485 | * directory: add template option #990 @gottaloveit @Earl-Brown
1486 | * csrf: prevent deprecated warning with old sessions
1487 |
1488 | 2.12.0 / 2013-12-10
1489 | ===================
1490 |
1491 | * bump qs
1492 | * directory: sort folders before files
1493 | * directory: add folder icons
1494 | * directory: de-duplicate icons, details/mobile views #968 @simov
1495 | * errorHandler: end default 404 handler with a newline #972 @rlidwka
1496 | * session: remove long cookie expire check #870 @undoZen
1497 |
1498 | 2.11.2 / 2013-12-01
1499 | ===================
1500 |
1501 | * bump raw-body
1502 |
1503 | 2.11.1 / 2013-11-27
1504 | ===================
1505 |
1506 | * bump raw-body
1507 | * errorHandler: use `res.setHeader()` instead of `res.writeHead()` #949 @lo1tuma
1508 |
1509 | 2.11.0 / 2013-10-29
1510 | ===================
1511 |
1512 | * update bytes
1513 | * update uid2
1514 | * update negotiator
1515 | * sessions: add rolling session option #944 @ilmeo
1516 | * sessions: property set cookies when given FQDN
1517 | * cookieSessions: properly set cookies when given FQDN #948 @bmancini55
1518 | * proto: fix FQDN mounting when multiple handlers #945 @bmancini55
1519 |
1520 | 2.10.1 / 2013-10-23
1521 | ===================
1522 |
1523 | * fixed; fixed a bug with static middleware at root and trailing slashes #942 (@dougwilson)
1524 |
1525 | 2.10.0 / 2013-10-22
1526 | ===================
1527 |
1528 | * fixed: set headers written by writeHead before emitting 'header'
1529 | * fixed: mounted path should ignore querystrings on FQDNs #940 (@dougwilson)
1530 | * fixed: parsing protocol-relative URLs with @ as pathnames #938 (@dougwilson)
1531 | * fixed: fix static directory redirect for mount's root #937 (@dougwilson)
1532 | * fixed: setting set-cookie header when mixing arrays and strings #893 (@anuj123)
1533 | * bodyParser: optional verify function for urlencoded and json parsers for signing request bodies
1534 | * compress: compress checks content-length to check threshold
1535 | * compress: expose `res.flush()` for flushing responses
1536 | * cookieParser: pass options into node-cookie #803 (@cauldrath)
1537 | * errorHandler: replace `\n`s with `<br/>`s in error handler
1538 |
1539 | 2.9.2 / 2013-10-18
1540 | ==================
1541 |
1542 | * warn about multiparty and limit middleware deprecation for v3
1543 | * fix fully qualified domain name mounting. #920 (@dougwilson)
1544 | * directory: Fix potential security issue with serving files outside the root. #929 (@dougwilson)
1545 | * logger: store IP at beginning in case socket prematurely closes #930 (@dougwilson)
1546 |
1547 | 2.9.1 / 2013-10-15
1548 | ==================
1549 |
1550 | * update multiparty
1551 | * compress: Set vary header only if Content-Type passes filter #904
1552 | * directory: Fix directory middleware URI escaping #917 (@dougwilson)
1553 | * directory: Fix directory seperators for Windows #914 (@dougwilson)
1554 | * directory: Keep query string intact during directory redirect #913 (@dougwilson)
1555 | * directory: Fix paths in links #730 (@JacksonTian)
1556 | * errorHandler: Don't escape text/plain as HTML #875 (@johan)
1557 | * logger: Write '0' instead of '-' when response time is zero #910 (@dougwilson)
1558 | * logger: Log even when connections are aborted #760 (@dylanahsmith)
1559 | * methodOverride: Check req.body is an object #907 (@kbjr)
1560 | * multipart: Add .type back to file parts for backwards compatibility #912 (@dougwilson)
1561 | * multipart: Allow passing options to the Multiparty constructor #902 (@niftylettuce)
1562 |
1563 | 2.9.0 / 2013-09-07
1564 | ==================
1565 |
1566 | * multipart: add docs regarding tmpfiles
1567 | * multipart: add .name back to file parts
1568 | * multipart: use multiparty instead of formidable
1569 |
1570 | 2.8.8 / 2013-09-02
1571 | ==================
1572 |
1573 | * csrf: change to math.random() salt and remove csrfToken() callback
1574 |
1575 | 2.8.7 / 2013-08-28
1576 | ==================
1577 |
1578 | * csrf: prevent salt generation on every request, and add async req.csrfToken(fn)
1579 |
1580 | 2.8.6 / 2013-08-28
1581 | ==================
1582 |
1583 | * csrf: refactor to use HMAC tokens (BREACH attack)
1584 | * compress: add compression of SVG and common font files by default.
1585 |
1586 | 2.8.5 / 2013-08-11
1587 | ==================
1588 |
1589 | * add: compress Dart source files by default
1590 | * update fresh
1591 |
1592 | 2.8.4 / 2013-07-08
1593 | ==================
1594 |
1595 | * update send
1596 |
1597 | 2.8.3 / 2013-07-04
1598 | ==================
1599 |
1600 | * add a name back to static middleware ("staticMiddleware")
1601 | * fix .hasBody() utility to require transfer-encoding or content-length
1602 |
1603 | 2.8.2 / 2013-07-03
1604 | ==================
1605 |
1606 | * update send
1607 | * update cookie dep.
1608 | * add better debug() for middleware
1609 | * add whitelisting of supported methods to methodOverride()
1610 |
1611 | 2.8.1 / 2013-06-27
1612 | ==================
1613 |
1614 | * fix: escape req.method in 404 response
1615 |
1616 | 2.8.0 / 2013-06-26
1617 | ==================
1618 |
1619 | * add `threshold` option to `compress()` to prevent compression of small responses
1620 | * add support for vendor JSON mime types in json()
1621 | * add X-Forwarded-Proto initial https proxy support
1622 | * change static redirect to 303
1623 | * change octal escape sequences for strict mode
1624 | * change: replace utils.uid() with uid2 lib
1625 | * remove other "static" function name. Fixes #794
1626 | * fix: hasBody() should return false if Content-Length: 0
1627 |
1628 | 2.7.11 / 2013-06-02
1629 | ==================
1630 |
1631 | * update send
1632 |
1633 | 2.7.10 / 2013-05-21
1634 | ==================
1635 |
1636 | * update qs
1637 | * update formidable
1638 | * fix: write/end to noop() when request aborted
1639 |
1640 | 2.7.9 / 2013-05-07
1641 | ==================
1642 |
1643 | * update qs
1644 | * drop support for node < v0.8
1645 |
1646 | 2.7.8 / 2013-05-03
1647 | ==================
1648 |
1649 | * update qs
1650 |
1651 | 2.7.7 / 2013-04-29
1652 | ==================
1653 |
1654 | * update qs dependency
1655 | * remove "static" function name. Closes #794
1656 | * update node-formidable
1657 | * update buffer-crc32
1658 |
1659 | 2.7.6 / 2013-04-15
1660 | ==================
1661 |
1662 | * revert cookie signature which was creating session race conditions
1663 |
1664 | 2.7.5 / 2013-04-12
1665 | ==================
1666 |
1667 | * update cookie-signature
1668 | * limit: do not consume request in node 0.10.x
1669 |
1670 | 2.7.4 / 2013-04-01
1671 | ==================
1672 |
1673 | * session: add long expires check and prevent excess set-cookie
1674 | * session: add console.error() of session#save() errors
1675 |
1676 | 2.7.3 / 2013-02-19
1677 | ==================
1678 |
1679 | * add name to compress middleware
1680 | * add appending Accept-Encoding to Vary when set but missing
1681 | * add tests for csrf middleware
1682 | * add 'next' support for connect() server handler
1683 | * change utils.uid() to return url-safe chars. Closes #753
1684 | * fix treating '.' as a regexp in vhost()
1685 | * fix duplicate bytes dep in package.json. Closes #743
1686 | * fix #733 - parse x-forwarded-proto in a more generally compatibly way
1687 | * revert "add support for `next(status[, msg])`"; makes composition hard
1688 |
1689 | 2.7.2 / 2013-01-04
1690 | ==================
1691 |
1692 | * add support for `next(status[, msg])` back
1693 | * add utf-8 meta tag to support foreign characters in filenames/directories
1694 | * change `timeout()` 408 to 503
1695 | * replace 'node-crc' with 'buffer-crc32', fixes licensing
1696 | * fix directory.html IE support
1697 |
1698 | 2.7.1 / 2012-12-05
1699 | ==================
1700 |
1701 | * add directory() tests
1702 | * add support for bodyParser to ignore Content-Type if no body is present (jquery primarily does this poorely)
1703 | * fix errorHandler signature
1704 |
1705 | 2.7.0 / 2012-11-13
1706 | ==================
1707 |
1708 | * add support for leading JSON whitespace
1709 | * add logging of `req.ip` when present
1710 | * add basicAuth support for `:`-delimited string
1711 | * update cookie module. Closes #688
1712 |
1713 | 2.6.2 / 2012-11-01
1714 | ==================
1715 |
1716 | * add `debug()` for disconnected session store
1717 | * fix session regeneration bug. Closes #681
1718 |
1719 | 2.6.1 / 2012-10-25
1720 | ==================
1721 |
1722 | * add passing of `connect.timeout()` errors to `next()`
1723 | * replace signature utils with cookie-signature module
1724 |
1725 | 2.6.0 / 2012-10-09
1726 | ==================
1727 |
1728 | * add `defer` option to `multipart()` [Blake Miner]
1729 | * fix mount path case sensitivity. Closes #663
1730 | * fix default of ascii encoding from `logger()`, now utf8. Closes #293
1731 |
1732 | 2.5.0 / 2012-09-27
1733 | ==================
1734 |
1735 | * add `err.status = 400` to multipart() errors
1736 | * add double-encoding protection to `compress()`. Closes #659
1737 | * add graceful handling cookie parsing errors [shtylman]
1738 | * fix typo X-Response-time to X-Response-Time
1739 |
1740 | 2.4.6 / 2012-09-18
1741 | ==================
1742 |
1743 | * update qs
1744 |
1745 | 2.4.5 / 2012-09-03
1746 | ==================
1747 |
1748 | * add session store "connect" / "disconnect" support [louischatriot]
1749 | * fix `:url` log token
1750 |
1751 | 2.4.4 / 2012-08-21
1752 | ==================
1753 |
1754 | * fix `static()` pause regression from "send" integration
1755 |
1756 | 2.4.3 / 2012-08-07
1757 | ==================
1758 |
1759 | * fix `.write()` encoding for zlib inconstancy. Closes #561
1760 |
1761 | 2.4.2 / 2012-07-25
1762 | ==================
1763 |
1764 | * remove limit default from `urlencoded()`
1765 | * remove limit default from `json()`
1766 | * remove limit default from `multipart()`
1767 | * fix `cookieSession()` clear cookie path / domain bug. Closes #636
1768 |
1769 | 2.4.1 / 2012-07-24
1770 | ==================
1771 |
1772 | * fix `options` mutation in `static()`
1773 |
1774 | 2.4.0 / 2012-07-23
1775 | ==================
1776 |
1777 | * add `connect.timeout()`
1778 | * add __GET__ / __HEAD__ check to `directory()`. Closes #634
1779 | * add "pause" util dep
1780 | * update send dep for normalization bug
1781 |
1782 | 2.3.9 / 2012-07-16
1783 | ==================
1784 |
1785 | * add more descriptive invalid json error message
1786 | * update send dep for root normalization regression
1787 | * fix staticCache fresh dep
1788 |
1789 | 2.3.8 / 2012-07-12
1790 | ==================
1791 |
1792 | * fix `connect.static()` 404 regression, pass `next()`. Closes #629
1793 |
1794 | 2.3.7 / 2012-07-05
1795 | ==================
1796 |
1797 | * add `json()` utf-8 illustration test. Closes #621
1798 | * add "send" dependency
1799 | * change `connect.static()` internals to use "send"
1800 | * fix `session()` req.session generation with pathname mismatch
1801 | * fix `cookieSession()` req.session generation with pathname mismatch
1802 | * fix mime export. Closes #618
1803 |
1804 | 2.3.6 / 2012-07-03
1805 | ==================
1806 |
1807 | * Fixed cookieSession() with cookieParser() secret regression. Closes #602
1808 | * Fixed set-cookie header fields on cookie.path mismatch. Closes #615
1809 |
1810 | 2.3.5 / 2012-06-28
1811 | ==================
1812 |
1813 | * Remove `logger()` mount check
1814 | * Fixed `staticCache()` dont cache responses with set-cookie. Closes #607
1815 | * Fixed `staticCache()` when Cookie is present
1816 |
1817 | 2.3.4 / 2012-06-22
1818 | ==================
1819 |
1820 | * Added `err.buf` to urlencoded() and json()
1821 | * Update cookie to 0.0.4. Closes #604
1822 | * Fixed: only send 304 if original response in 2xx or 304 [timkuijsten]
1823 |
1824 | 2.3.3 / 2012-06-11
1825 | ==================
1826 |
1827 | * Added ETags back to `static()` [timkuijsten]
1828 | * Replaced `utils.parseRange()` with `range-parser` module
1829 | * Replaced `utils.parseBytes()` with `bytes` module
1830 | * Replaced `utils.modified()` with `fresh` module
1831 | * Fixed `cookieSession()` regression with invalid cookie signing [shtylman]
1832 |
1833 | 2.3.2 / 2012-06-08
1834 | ==================
1835 |
1836 | * expose mime module
1837 | * Update crc dep (which bundled nodeunit)
1838 |
1839 | 2.3.1 / 2012-06-06
1840 | ==================
1841 |
1842 | * Added `secret` option to `cookieSession` middleware [shtylman]
1843 | * Added `secret` option to `session` middleware [shtylman]
1844 | * Added `req.remoteUser` back to `basicAuth()` as alias of `req.user`
1845 | * Performance: improve signed cookie parsing
1846 | * Update `cookie` dependency [shtylman]
1847 |
1848 | 2.3.0 / 2012-05-20
1849 | ==================
1850 |
1851 | * Added limit option to `json()`
1852 | * Added limit option to `urlencoded()`
1853 | * Added limit option to `multipart()`
1854 | * Fixed: remove socket error event listener on callback
1855 | * Fixed __ENOTDIR__ error on `static` middleware
1856 |
1857 | 2.2.2 / 2012-05-07
1858 | ==================
1859 |
1860 | * Added support to csrf middle for pre-flight CORS requests
1861 | * Updated `engines` to allow newer version of node
1862 | * Removed duplicate repo prop. Closes #560
1863 |
1864 | 2.2.1 / 2012-04-28
1865 | ==================
1866 |
1867 | * Fixed `static()` redirect when mounted. Closes #554
1868 |
1869 | 2.2.0 / 2012-04-25
1870 | ==================
1871 |
1872 | * Added `make benchmark`
1873 | * Perf: memoize url parsing (~20% increase)
1874 | * Fixed `connect(fn, fn2, ...)`. Closes #549
1875 |
1876 | 2.1.3 / 2012-04-20
1877 | ==================
1878 |
1879 | * Added optional json() `reviver` function to be passed to JSON.parse [jed]
1880 | * Fixed: emit drain in compress middleware [nsabovic]
1881 |
1882 | 2.1.2 / 2012-04-11
1883 | ==================
1884 |
1885 | * Fixed cookieParser() `req.cookies` regression
1886 |
1887 | 2.1.1 / 2012-04-11
1888 | ==================
1889 |
1890 | * Fixed `session()` browser-session length cookies & examples
1891 | * Fixed: make `query()` "self-aware" [jed]
1892 |
1893 | 2.1.0 / 2012-04-05
1894 | ==================
1895 |
1896 | * Added `debug()` calls to `.use()` (`DEBUG=connect:displatcher`)
1897 | * Added `urlencoded()` support for GET
1898 | * Added `json()` support for GET. Closes #497
1899 | * Added `strict` option to `json()`
1900 | * Changed: `session()` only set-cookie when modified
1901 | * Removed `Session#lastAccess` property. Closes #399
1902 |
1903 | 2.0.3 / 2012-03-20
1904 | ==================
1905 |
1906 | * Added: `cookieSession()` only sets cookie on change. Closes #442
1907 | * Added `connect:dispatcher` debug() probes
1908 |
1909 | 2.0.2 / 2012-03-04
1910 | ==================
1911 |
1912 | * Added test for __ENAMETOOLONG__ now that node is fixed
1913 | * Fixed static() index "/" check on windows. Closes #498
1914 | * Fixed Content-Range behaviour to match RFC2616 [matthiasdg / visionmedia]
1915 |
1916 | 2.0.1 / 2012-02-29
1917 | ==================
1918 |
1919 | * Added test coverage for `vhost()` middleware
1920 | * Changed `cookieParser()` signed cookie support to use SHA-2 [senotrusov]
1921 | * Fixed `static()` Range: respond with 416 when unsatisfiable
1922 | * Fixed `vhost()` middleware. Closes #494
1923 |
1924 | 2.0.0 / 2011-10-05
1925 | ==================
1926 |
1927 | * Added `cookieSession()` middleware for cookie-only sessions
1928 | * Added `compress()` middleware for gzip / deflate support
1929 | * Added `session()` "proxy" setting to trust `X-Forwarded-Proto`
1930 | * Added `json()` middleware to parse "application/json"
1931 | * Added `urlencoded()` middleware to parse "application/x-www-form-urlencoded"
1932 | * Added `multipart()` middleware to parse "multipart/form-data"
1933 | * Added `cookieParser(secret)` support so anything using this middleware may access signed cookies
1934 | * Added signed cookie support to `cookieParser()`
1935 | * Added support for JSON-serialized cookies to `cookieParser()`
1936 | * Added `err.status` support in Connect's default end-point
1937 | * Added X-Cache MISS / HIT to `staticCache()`
1938 | * Added public `res.headerSent` checking nodes `res._headerSent` until node does
1939 | * Changed `basicAuth()` req.remoteUser to req.user
1940 | * Changed: default `session()` to a browser-session cookie. Closes #475
1941 | * Changed: no longer lowercase cookie names
1942 | * Changed `bodyParser()` to use `json()`, `urlencoded()`, and `multipart()`
1943 | * Changed: `errorHandler()` is now a development-only middleware
1944 | * Changed middleware to `next()` errors when possible so applications can unify logging / handling
1945 | * Removed `http[s].Server` inheritance, now just a function, making it easy to have an app providing both http and https
1946 | * Removed `.createServer()` (use `connect()`)
1947 | * Removed `secret` option from `session()`, use `cookieParser(secret)`
1948 | * Removed `connect.session.ignore` array support
1949 | * Removed `router()` middleware. Closes #262
1950 | * Fixed: set-cookie only once for browser-session cookies
1951 | * Fixed FQDN support. dont add leading "/"
1952 | * Fixed 404 XSS attack vector. Closes #473
1953 | * Fixed __HEAD__ support for 404s and 500s generated by Connect's end-point
1954 |
1955 | 1.8.5 / 2011-12-22
1956 | ==================
1957 |
1958 | * Fixed: actually allow empty body for json
1959 |
1960 | 1.8.4 / 2011-12-22
1961 | ==================
1962 |
1963 | * Changed: allow empty body for json/urlencoded requests. Backport for #443
1964 |
1965 | 1.8.3 / 2011-12-16
1966 | ==================
1967 |
1968 | * Fixed `static()` _index.html_ support on windows
1969 |
1970 | 1.8.2 / 2011-12-03
1971 | ==================
1972 |
1973 | * Fixed potential security issue, store files in req.files. Closes #431 [reported by dobesv]
1974 |
1975 | 1.8.1 / 2011-11-21
1976 | ==================
1977 |
1978 | * Added nesting support for _multipart/form-data_ [jackyz]
1979 |
1980 | 1.8.0 / 2011-11-17
1981 | ==================
1982 |
1983 | * Added _multipart/form-data_ support to `bodyParser()` using formidable
1984 |
1985 | 1.7.3 / 2011-11-11
1986 | ==================
1987 |
1988 | * Fixed `req.body`, always default to {}
1989 | * Fixed HEAD support for 404s and 500s
1990 |
1991 | 1.7.2 / 2011-10-24
1992 | ==================
1993 |
1994 | * "node": ">= 0.4.1 < 0.7.0"
1995 | * Added `static()` redirect option. Closes #398
1996 | * Changed `limit()`: respond with 413 when content-length exceeds the limit
1997 | * Removed socket error listener in static(). Closes #389
1998 | * Fixed `staticCache()` Age header field
1999 | * Fixed race condition causing errors reported in #329.
2000 |
2001 | 1.7.1 / 2011-09-12
2002 | ==================
2003 |
2004 | * Added: make `Store` inherit from `EventEmitter`
2005 | * Added session `Store#load(sess, fn)` to fetch a `Session` instance
2006 | * Added backpressure support to `staticCache()`
2007 | * Changed `res.socket.destroy()` to `req.socket.destroy()`
2008 |
2009 | 1.7.0 / 2011-08-31
2010 | ==================
2011 |
2012 | * Added `staticCache()` middleware, a memory cache for `static()`
2013 | * Added public `res.headerSent` checking nodes `res._headerSent` (remove when node adds this)
2014 | * Changed: ignore error handling middleware when header is sent
2015 | * Changed: dispatcher errors after header is sent destroy the sock
2016 |
2017 | 1.6.4 / 2011-08-26
2018 | ==================
2019 |
2020 | * Revert "Added double-next reporting"
2021 |
2022 | 1.6.3 / 2011-08-26
2023 | ==================
2024 |
2025 | * Added double-`next()` reporting
2026 | * Added `immediate` option to `logger()`. Closes #321
2027 | * Dependency `qs >= 0.3.1`
2028 |
2029 | 1.6.2 / 2011-08-11
2030 | ==================
2031 |
2032 | * Fixed `connect.static()` null byte vulnerability
2033 | * Fixed `connect.directory()` null byte vulnerability
2034 | * Changed: 301 redirect in `static()` to postfix "/" on directory. Closes #289
2035 |
2036 | 1.6.1 / 2011-08-03
2037 | ==================
2038 |
2039 | * Added: allow retval `== null` from logger callback to ignore line
2040 | * Added `getOnly` option to `connect.static.send()`
2041 | * Added response "header" event allowing augmentation
2042 | * Added `X-CSRF-Token` header field check
2043 | * Changed dep `qs >= 0.3.0`
2044 | * Changed: persist csrf token. Closes #322
2045 | * Changed: sort directory middleware files alphabetically
2046 |
2047 | 1.6.0 / 2011-07-10
2048 | ==================
2049 |
2050 | * Added :response-time to "dev" logger format
2051 | * Added simple `csrf()` middleware. Closes #315
2052 | * Fixed `res._headers` logger regression. Closes #318
2053 | * Removed support for multiple middleware being passed to `.use()`
2054 |
2055 | 1.5.2 / 2011-07-06
2056 | ==================
2057 |
2058 | * Added `filter` function option to `directory()` [David Rio Deiros]
2059 | * Changed: re-write of the `logger()` middleware, with extensible tokens and formats
2060 | * Changed: `static.send()` ".." in path without root considered malicious
2061 | * Fixed quotes in docs. Closes #312
2062 | * Fixed urls when mounting `directory()`, use `originalUrl` [Daniel Dickison]
2063 |
2064 |
2065 | 1.5.1 / 2011-06-20
2066 | ==================
2067 |
2068 | * Added malicious path check to `directory()` middleware
2069 | * Added `utils.forbidden(res)`
2070 | * Added `connect.query()` middleware
2071 |
2072 | 1.5.0 / 2011-06-20
2073 | ==================
2074 |
2075 | * Added `connect.directory()` middleware for serving directory listings
2076 |
2077 | 1.4.6 / 2011-06-18
2078 | ==================
2079 |
2080 | * Fixed `connect.static()` root with `..`
2081 | * Fixed `connect.static()` __EBADF__
2082 |
2083 | 1.4.5 / 2011-06-17
2084 | ==================
2085 |
2086 | * Fixed EBADF in `connect.static()`. Closes #297
2087 |
2088 | 1.4.4 / 2011-06-16
2089 | ==================
2090 |
2091 | * Changed `connect.static()` to check resolved dirname. Closes #294
2092 |
2093 | 1.4.3 / 2011-06-06
2094 | ==================
2095 |
2096 | * Fixed fd leak in `connect.static()` when the socket is closed
2097 | * Fixed; `bodyParser()` ignoring __GET/HEAD__. Closes #285
2098 |
2099 | 1.4.2 / 2011-05-27
2100 | ==================
2101 |
2102 | * Changed to `devDependencies`
2103 | * Fixed stream creation on `static()` __HEAD__ request. [Andreas Lind Petersen]
2104 | * Fixed Win32 support for `static()`
2105 | * Fixed monkey-patch issue. Closes #261
2106 |
2107 | 1.4.1 / 2011-05-08
2108 | ==================
2109 |
2110 | * Added "hidden" option to `static()`. ignores hidden files by default. Closes * Added; expose `connect.static.mime.define()`. Closes #251
2111 | * Fixed `errorHandler` middleware for missing stack traces. [aseemk]
2112 | #274
2113 |
2114 | 1.4.0 / 2011-04-25
2115 | ==================
2116 |
2117 | * Added route-middleware `next('route')` support to jump passed the route itself
2118 | * Added Content-Length support to `limit()`
2119 | * Added route-specific middleware support (used to be in express)
2120 | * Changed; refactored duplicate session logic
2121 | * Changed; prevent redefining `store.generate` per request
2122 | * Fixed; `static()` does not set Content-Type when explicitly set [nateps]
2123 | * Fixed escape `errorHandler()` {error} contents
2124 | * NOTE: `router` will be removed in 2.0
2125 |
2126 |
2127 | 1.3.0 / 2011-04-06
2128 | ==================
2129 |
2130 | * Added `router.remove(path[, method])` to remove a route
2131 |
2132 | 1.2.3 / 2011-04-05
2133 | ==================
2134 |
2135 | * Fixed basicAuth realm issue when passing strings. Closes #253
2136 |
2137 | 1.2.2 / 2011-04-05
2138 | ==================
2139 |
2140 | * Added `basicAuth(username, password)` support
2141 | * Added `errorHandler.title` defaulting to "Connect"
2142 | * Changed `errorHandler` css
2143 |
2144 | 1.2.1 / 2011-03-30
2145 | ==================
2146 |
2147 | * Fixed `logger()` https `remoteAddress` logging [Alexander Simmerl]
2148 |
2149 | 1.2.0 / 2011-03-30
2150 | ==================
2151 |
2152 | * Added `router.lookup(path[, method])`
2153 | * Added `router.match(url[, method])`
2154 | * Added basicAuth async support. Closes #223
2155 |
2156 | 1.1.5 / 2011-03-27
2157 | ==================
2158 |
2159 | * Added; allow `logger()` callback function to return an empty string to ignore logging
2160 | * Fixed; utilizing `mime.charsets.lookup()` for `static()`. Closes 245
2161 |
2162 | 1.1.4 / 2011-03-23
2163 | ==================
2164 |
2165 | * Added `logger()` support for format function
2166 | * Fixed `logger()` to support mess of writeHead()/progressive api for node 0.4.x
2167 |
2168 | 1.1.3 / 2011-03-21
2169 | ==================
2170 |
2171 | * Changed; `limit()` now calls `req.destroy()`
2172 |
2173 | 1.1.2 / 2011-03-21
2174 | ==================
2175 |
2176 | * Added request "limit" event to `limit()` middleware
2177 | * Changed; `limit()` middleware will `next(err)` on failure
2178 |
2179 | 1.1.1 / 2011-03-18
2180 | ==================
2181 |
2182 | * Fixed session middleware for HTTPS. Closes #241 [reported by mt502]
2183 |
2184 | 1.1.0 / 2011-03-17
2185 | ==================
2186 |
2187 | * Added `Session#reload(fn)`
2188 |
2189 | 1.0.6 / 2011-03-09
2190 | ==================
2191 |
2192 | * Fixed `res.setHeader()` patch, preserve casing
2193 |
2194 | 1.0.5 / 2011-03-09
2195 | ==================
2196 |
2197 | * Fixed; `logger()` using `req.originalUrl` instead of `req.url`
2198 |
2199 | 1.0.4 / 2011-03-09
2200 | ==================
2201 |
2202 | * Added `res.charset`
2203 | * Added conditional sessions example
2204 | * Added support for `session.ignore` to be replaced. Closes #227
2205 | * Fixed `Cache-Control` delimiters. Closes #228
2206 |
2207 | 1.0.3 / 2011-03-03
2208 | ==================
2209 |
2210 | * Fixed; `static.send()` invokes callback with connection error
2211 |
2212 | 1.0.2 / 2011-03-02
2213 | ==================
2214 |
2215 | * Fixed exported connect function
2216 | * Fixed package.json; node ">= 0.4.1 < 0.5.0"
2217 |
2218 | 1.0.1 / 2011-03-02
2219 | ==================
2220 |
2221 | * Added `Session#save(fn)`. Closes #213
2222 | * Added callback support to `connect.static.send()` for express
2223 | * Added `connect.static.send()` "path" option
2224 | * Fixed content-type in `static()` for _index.html_
2225 |
2226 | 1.0.0 / 2011-03-01
2227 | ==================
2228 |
2229 | * Added `stack`, `message`, and `dump` errorHandler option aliases
2230 | * Added `req.originalMethod` to methodOverride
2231 | * Added `favicon()` maxAge option support
2232 | * Added `connect()` alternative to `connect.createServer()`
2233 | * Added new [documentation](http://senchalabs.github.com/connect)
2234 | * Added Range support to `static()`
2235 | * Added HTTPS support
2236 | * Rewrote session middleware. The session API now allows for
2237 | session-specific cookies, so you may alter each individually.
2238 | Click to view the new [session api](http://senchalabs.github.com/connect/middleware-session.html).
2239 | * Added middleware self-awareness. This helps prevent
2240 | middleware breakage when used within mounted servers.
2241 | For example `cookieParser()` will not parse cookies more
2242 | than once even when within a mounted server.
2243 | * Added new examples in the `./examples` directory
2244 | * Added [limit()](http://senchalabs.github.com/connect/middleware-limit.html) middleware
2245 | * Added [profiler()](http://senchalabs.github.com/connect/middleware-profiler.html) middleware
2246 | * Added [responseTime()](http://senchalabs.github.com/connect/middleware-responseTime.html) middleware
2247 | * Renamed `staticProvider` to `static`
2248 | * Renamed `bodyDecoder` to `bodyParser`
2249 | * Renamed `cookieDecoder` to `cookieParser`
2250 | * Fixed ETag quotes. [reported by papandreou]
2251 | * Fixed If-None-Match comma-delimited ETag support. [reported by papandreou]
2252 | * Fixed; only set req.originalUrl once. Closes #124
2253 | * Fixed symlink support for `static()`. Closes #123
2254 |
2255 | 0.5.10 / 2011-02-14
2256 | ==================
2257 |
2258 | * Fixed SID space issue. Closes #196
2259 | * Fixed; proxy `res.end()` to commit session data
2260 | * Fixed directory traversal attack in `staticProvider`. Closes #198
2261 |
2262 | 0.5.9 / 2011-02-09
2263 | ==================
2264 |
2265 | * qs >= 0.0.4
2266 |
2267 | 0.5.8 / 2011-02-04
2268 | ==================
2269 |
2270 | * Added `qs` dependency
2271 | * Fixed router race-condition causing possible failure
2272 | when `next()`ing to one or more routes with parallel
2273 | requests
2274 |
2275 | 0.5.7 / 2011-02-01
2276 | ==================
2277 |
2278 | * Added `onvhost()` call so Express (and others) can know when they are
2279 | * Revert "Added stylus support" (use the middleware which ships with stylus)
2280 | * Removed custom `Server#listen()` to allow regular `http.Server#listen()` args to work properly
2281 | * Fixed long standing router issue (#83) that causes '.' to be disallowed within named placeholders in routes [Andreas Lind Petersen]
2282 | * Fixed `utils.uid()` length error [Jxck]
2283 | mounted
2284 |
2285 | 0.5.6 / 2011-01-23
2286 | ==================
2287 |
2288 | * Added stylus support to `compiler`
2289 | * _favicon.js_ cleanup
2290 | * _compiler.js_ cleanup
2291 | * _bodyDecoder.js_ cleanup
2292 |
2293 | 0.5.5 / 2011-01-13
2294 | ==================
2295 |
2296 | * Changed; using sha256 HMAC instead of md5. [Paul Querna]
2297 | * Changed; generated a longer random UID, without time influence. [Paul Querna]
2298 | * Fixed; session middleware throws when secret is not present. [Paul Querna]
2299 |
2300 | 0.5.4 / 2011-01-07
2301 | ==================
2302 |
2303 | * Added; throw when router path or callback is missing
2304 | * Fixed; `next(err)` on cookie parse exception instead of ignoring
2305 | * Revert "Added utils.pathname(), memoized url.parse(str).pathname"
2306 |
2307 | 0.5.3 / 2011-01-05
2308 | ==================
2309 |
2310 | * Added _docs/api.html_
2311 | * Added `utils.pathname()`, memoized url.parse(str).pathname
2312 | * Fixed `session.id` issue. Closes #183
2313 | * Changed; Defaulting `staticProvider` maxAge to 0 not 1 year. Closes #179
2314 | * Removed bad outdated docs, we need something new / automated eventually
2315 |
2316 | 0.5.2 / 2010-12-28
2317 | ==================
2318 |
2319 | * Added default __OPTIONS__ support to _router_ middleware
2320 |
2321 | 0.5.1 / 2010-12-28
2322 | ==================
2323 |
2324 | * Added `req.session.id` mirroring `req.sessionID`
2325 | * Refactored router, exposing `connect.router.methods`
2326 | * Exclude non-lib files from npm
2327 | * Removed imposed headers `X-Powered-By`, `Server`, etc
2328 |
2329 | 0.5.0 / 2010-12-06
2330 | ==================
2331 |
2332 | * Added _./index.js_
2333 | * Added route segment precondition support and example
2334 | * Added named capture group support to router
2335 |
2336 | 0.4.0 / 2010-11-29
2337 | ==================
2338 |
2339 | * Added `basicAuth` middleware
2340 | * Added more HTTP methods to the `router` middleware
2341 |
2342 | 0.3.0 / 2010-07-21
2343 | ==================
2344 |
2345 | * Added _staticGzip_ middleware
2346 | * Added `connect.utils` to expose utils
2347 | * Added `connect.session.Session`
2348 | * Added `connect.session.Store`
2349 | * Added `connect.session.MemoryStore`
2350 | * Added `connect.middleware` to expose the middleware getters
2351 | * Added `buffer` option to _logger_ for performance increase
2352 | * Added _favicon_ middleware for serving your own favicon or the connect default
2353 | * Added option support to _staticProvider_, can now pass _root_ and _lifetime_.
2354 | * Added; mounted `Server` instances now have the `route` property exposed for reflection
2355 | * Added support for callback as first arg to `Server#use()`
2356 | * Added support for `next(true)` in _router_ to bypass match attempts
2357 | * Added `Server#listen()` _host_ support
2358 | * Added `Server#route` when `Server#use()` is called with a route on a `Server` instance
2359 | * Added _methodOverride_ X-HTTP-Method-Override support
2360 | * Refactored session internals, adds _secret_ option
2361 | * Renamed `lifetime` option to `maxAge` in _staticProvider_
2362 | * Removed connect(1), it is now [spark(1)](http://github.com/senchalabs/spark)
2363 | * Removed connect(1) dependency on examples, they can all now run with node(1)
2364 | * Remove a typo that was leaking a global.
2365 | * Removed `Object.prototype` forEach() and map() methods
2366 | * Removed a few utils not used
2367 | * Removed `connect.createApp()`
2368 | * Removed `res.simpleBody()`
2369 | * Removed _format_ middleware
2370 | * Removed _flash_ middleware
2371 | * Removed _redirect_ middleware
2372 | * Removed _jsonrpc_ middleware, use [visionmedia/connect-jsonrpc](http://github.com/visionmedia/connect-jsonrpc)
2373 | * Removed _pubsub_ middleware
2374 | * Removed need for `params.{captures,splat}` in _router_ middleware, `params` is an array
2375 | * Changed; _compiler_ no longer 404s
2376 | * Changed; _router_ signature now matches connect middleware signature
2377 | * Fixed a require in _session_ for default `MemoryStore`
2378 | * Fixed nasty request body bug in _router_. Closes #54
2379 | * Fixed _less_ support in _compiler_
2380 | * Fixed bug preventing proper bubbling of exceptions in mounted servers
2381 | * Fixed bug in `Server#use()` preventing `Server` instances as the first arg
2382 | * Fixed **ENOENT** special case, is now treated as any other exception
2383 | * Fixed spark env support
2384 |
2385 | 0.2.1 / 2010-07-09
2386 | ==================
2387 |
2388 | * Added support for _router_ `next()` to continue calling matched routes
2389 | * Added mime type for _cache.manifest_ files.
2390 | * Changed _compiler_ middleware to use async require
2391 | * Changed session api, stores now only require `#get()`, and `#set()`
2392 | * Fixed _cacheManifest_ by adding `utils.find()` back
2393 |
2394 | 0.2.0 / 2010-07-01
2395 | ==================
2396 |
2397 | * Added calls to `Session()` casts the given object as a `Session` instance
2398 | * Added passing of `next()` to _router_ callbacks. Closes #46
2399 | * Changed; `MemoryStore#destroy()` removes `req.session`
2400 | * Changed `res.redirect("back")` to default to "/" when Referr?er is not present
2401 | * Fixed _staticProvider_ urlencoded paths issue. Closes #47
2402 | * Fixed _staticProvider_ middleware responding to **GET** requests
2403 | * Fixed _jsonrpc_ middleware `Accept` header check. Closes #43
2404 | * Fixed _logger_ format option
2405 | * Fixed typo in _compiler_ middleware preventing the _dest_ option from working
2406 |
2407 | 0.1.0 / 2010-06-25
2408 | ==================
2409 |
2410 | * Revamped the api, view the [Connect documentation](http://extjs.github.com/Connect/index.html#Middleware-Authoring) for more info (hover on the right for menu)
2411 | * Added [extended api docs](http://extjs.github.com/Connect/api.html)
2412 | * Added docs for several more middleware layers
2413 | * Added `connect.Server#use()`
2414 | * Added _compiler_ middleware which provides arbitrary static compilation
2415 | * Added `req.originalUrl`
2416 | * Removed _blog_ example
2417 | * Removed _sass_ middleware (use _compiler_)
2418 | * Removed _less_ middleware (use _compiler_)
2419 | * Renamed middleware to be camelcase, _body-decoder_ is now _bodyDecoder_ etc.
2420 | * Fixed `req.url` mutation bug when matching `connect.Server#use()` routes
2421 | * Fixed `mkdir -p` implementation used in _bin/connect_. Closes #39
2422 | * Fixed bug in _bodyDecoder_ throwing exceptions on request empty bodies
2423 | * `make install` installing lib to $LIB_PREFIX aka $HOME/.node_libraries
2424 |
2425 | 0.0.6 / 2010-06-22
2426 | ==================
2427 |
2428 | * Added _static_ middleware usage example
2429 | * Added support for regular expressions as paths for _router_
2430 | * Added `util.merge()`
2431 | * Increased performance of _static_ by ~ 200 rps
2432 | * Renamed the _rest_ middleware to _router_
2433 | * Changed _rest_ api to accept a callback function
2434 | * Removed _router_ middleware
2435 | * Removed _proto.js_, only `Object#forEach()` remains
2436 |
2437 | 0.0.5 / 2010-06-21
2438 | ==================
2439 |
2440 | * Added Server#use() which contains the Layer normalization logic
2441 | * Added documentation for several middleware
2442 | * Added several new examples
2443 | * Added _less_ middleware
2444 | * Added _repl_ middleware
2445 | * Added _vhost_ middleware
2446 | * Added _flash_ middleware
2447 | * Added _cookie_ middleware
2448 | * Added _session_ middleware
2449 | * Added `utils.htmlEscape()`
2450 | * Added `utils.base64Decode()`
2451 | * Added `utils.base64Encode()`
2452 | * Added `utils.uid()`
2453 | * Added bin/connect app path and --config path support for .js suffix, although optional. Closes #26
2454 | * Moved mime code to `utils.mime`, ex `utils.mime.types`, and `utils.mime.type()`
2455 | * Renamed req.redirect() to res.redirect(). Closes #29
2456 | * Fixed _sass_ 404 on **ENOENT**
2457 | * Fixed +new Date duplication. Closes #24
2458 |
2459 | 0.0.4 / 2010-06-16
2460 | ==================
2461 |
2462 | * Added workerPidfile() to bin/connect
2463 | * Added --workers support to bin/connect stop and status commands
2464 | * Added _redirect_ middleware
2465 | * Added better --config support to bin/connect. All flags can be utilized
2466 | * Added auto-detection of _./config.js_
2467 | * Added config example
2468 | * Added `net.Server` support to bin/connect
2469 | * Writing worker pids relative to `env.pidfile`
2470 | * s/parseQuery/parse/g
2471 | * Fixed npm support
2472 |
2473 | 0.0.3 / 2010-06-16
2474 | ==================
2475 |
2476 | * Fixed node dependency in package.json, now _">= 0.1.98-0"_ to support __HEAD__
2477 |
2478 | 0.0.2 / 2010-06-15
2479 | ==================
2480 |
2481 | * Added `-V, --version` to bin/connect
2482 | * Added `utils.parseCookie()`
2483 | * Added `utils.serializeCookie()`
2484 | * Added `utils.toBoolean()`
2485 | * Added _sass_ middleware
2486 | * Added _cookie_ middleware
2487 | * Added _format_ middleware
2488 | * Added _lint_ middleware
2489 | * Added _rest_ middleware
2490 | * Added _./package.json_ (npm install connect)
2491 | * Added `handleError()` support
2492 | * Added `process.connectEnv`
2493 | * Added custom log format support to _log_ middleware
2494 | * Added arbitrary env variable support to bin/connect (ext: --logFormat ":method :url")
2495 | * Added -w, --workers to bin/connect
2496 | * Added bin/connect support for --user NAME and --group NAME
2497 | * Fixed url re-writing support
2498 |
2499 | 0.0.1 / 2010-06-03
2500 | ==================
2501 |
2502 | * Initial release
2503 |
2504 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | (The MIT License)
2 |
3 | Copyright (c) 2010 Sencha Inc.
4 | Copyright (c) 2011 LearnBoost
5 | Copyright (c) 2011-2014 TJ Holowaychuk
6 | Copyright (c) 2015 Douglas Christopher Wilson
7 |
8 | Permission is hereby granted, free of charge, to any person obtaining
9 | a copy of this software and associated documentation files (the
10 | 'Software'), to deal in the Software without restriction, including
11 | without limitation the rights to use, copy, modify, merge, publish,
12 | distribute, sublicense, and/or sell copies of the Software, and to
13 | permit persons to whom the Software is furnished to do so, subject to
14 | the following conditions:
15 |
16 | The above copyright notice and this permission notice shall be
17 | included in all copies or substantial portions of the Software.
18 |
19 | THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
20 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
21 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
22 | IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
23 | CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
24 | TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
25 | SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
26 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | <div align="center">
2 |
3 | <img src="logo/horizontal.png" alt="connect logo" width="450px">
4 |
5 | [![NPM Version][npm-version-image]][npm-url]
6 | [![NPM Downloads][npm-downloads-image]][npm-url]
7 | [![Build Status][github-actions-ci-image]][github-actions-ci-url]
8 | [![Test Coverage][coveralls-image]][coveralls-url]
9 |
10 | </div>
11 |
12 | Connect is an extensible HTTP server framework for [node](http://nodejs.org) using "plugins" known as _middleware_.
13 |
14 | ```js
15 | var connect = require('connect');
16 | var http = require('http');
17 |
18 | var app = connect();
19 |
20 | // gzip/deflate outgoing responses
21 | var compression = require('compression');
22 | app.use(compression());
23 |
24 | // store session state in browser cookie
25 | var cookieSession = require('cookie-session');
26 | app.use(cookieSession({
27 | keys: ['secret1', 'secret2']
28 | }));
29 |
30 | // parse urlencoded request bodies into req.body
31 | var bodyParser = require('body-parser');
32 | app.use(bodyParser.urlencoded({extended: false}));
33 |
34 | // respond to all requests
35 | app.use(function(req, res){
36 | res.end('Hello from Connect!\n');
37 | });
38 |
39 | //create node.js http server and listen on port
40 | http.createServer(app).listen(3000);
41 | ```
42 |
43 | ## Getting Started
44 |
45 | Connect is a simple framework to glue together various "middleware" to handle requests.
46 |
47 | ### Install Connect
48 |
49 | ```sh
50 | $ npm install connect
51 | ```
52 |
53 | ### Create an app
54 |
55 | The main component is a Connect "app". This will store all the middleware
56 | added and is, itself, a function.
57 |
58 | ```js
59 | var app = connect();
60 | ```
61 |
62 | ### Use middleware
63 |
64 | The core of Connect is "using" middleware. Middleware are added as a "stack"
65 | where incoming requests will execute each middleware one-by-one until a middleware
66 | does not call `next()` within it.
67 |
68 | ```js
69 | app.use(function middleware1(req, res, next) {
70 | // middleware 1
71 | next();
72 | });
73 | app.use(function middleware2(req, res, next) {
74 | // middleware 2
75 | next();
76 | });
77 | ```
78 |
79 | ### Mount middleware
80 |
81 | The `.use()` method also takes an optional path string that is matched against
82 | the beginning of the incoming request URL. This allows for basic routing.
83 |
84 | ```js
85 | app.use('/foo', function fooMiddleware(req, res, next) {
86 | // req.url starts with "/foo"
87 | next();
88 | });
89 | app.use('/bar', function barMiddleware(req, res, next) {
90 | // req.url starts with "/bar"
91 | next();
92 | });
93 | ```
94 |
95 | ### Error middleware
96 |
97 | There are special cases of "error-handling" middleware. There are middleware
98 | where the function takes exactly 4 arguments. When a middleware passes an error
99 | to `next`, the app will proceed to look for the error middleware that was declared
100 | after that middleware and invoke it, skipping any error middleware above that
101 | middleware and any non-error middleware below.
102 |
103 | ```js
104 | // regular middleware
105 | app.use(function (req, res, next) {
106 | // i had an error
107 | next(new Error('boom!'));
108 | });
109 |
110 | // error middleware for errors that occurred in middleware
111 | // declared before this
112 | app.use(function onerror(err, req, res, next) {
113 | // an error occurred!
114 | });
115 | ```
116 |
117 | ### Create a server from the app
118 |
119 | The last step is to actually use the Connect app in a server. The `.listen()` method
120 | is a convenience to start a HTTP server (and is identical to the `http.Server`'s `listen`
121 | method in the version of Node.js you are running).
122 |
123 | ```js
124 | var server = app.listen(port);
125 | ```
126 |
127 | The app itself is really just a function with three arguments, so it can also be handed
128 | to `.createServer()` in Node.js.
129 |
130 | ```js
131 | var server = http.createServer(app);
132 | ```
133 |
134 | ## Middleware
135 |
136 | These middleware and libraries are officially supported by the Connect/Express team:
137 |
138 | - [body-parser](https://www.npmjs.com/package/body-parser) - previous `bodyParser`, `json`, and `urlencoded`. You may also be interested in:
139 | - [body](https://www.npmjs.com/package/body)
140 | - [co-body](https://www.npmjs.com/package/co-body)
141 | - [raw-body](https://www.npmjs.com/package/raw-body)
142 | - [compression](https://www.npmjs.com/package/compression) - previously `compress`
143 | - [connect-timeout](https://www.npmjs.com/package/connect-timeout) - previously `timeout`
144 | - [cookie-parser](https://www.npmjs.com/package/cookie-parser) - previously `cookieParser`
145 | - [cookie-session](https://www.npmjs.com/package/cookie-session) - previously `cookieSession`
146 | - [csurf](https://www.npmjs.com/package/csurf) - previously `csrf`
147 | - [errorhandler](https://www.npmjs.com/package/errorhandler) - previously `error-handler`
148 | - [express-session](https://www.npmjs.com/package/express-session) - previously `session`
149 | - [method-override](https://www.npmjs.com/package/method-override) - previously `method-override`
150 | - [morgan](https://www.npmjs.com/package/morgan) - previously `logger`
151 | - [response-time](https://www.npmjs.com/package/response-time) - previously `response-time`
152 | - [serve-favicon](https://www.npmjs.com/package/serve-favicon) - previously `favicon`
153 | - [serve-index](https://www.npmjs.com/package/serve-index) - previously `directory`
154 | - [serve-static](https://www.npmjs.com/package/serve-static) - previously `static`
155 | - [vhost](https://www.npmjs.com/package/vhost) - previously `vhost`
156 |
157 | Most of these are exact ports of their Connect 2.x equivalents. The primary exception is `cookie-session`.
158 |
159 | Some middleware previously included with Connect are no longer supported by the Connect/Express team, are replaced by an alternative module, or should be superseded by a better module. Use one of these alternatives instead:
160 |
161 | - `cookieParser`
162 | - [cookies](https://www.npmjs.com/package/cookies) and [keygrip](https://www.npmjs.com/package/keygrip)
163 | - `limit`
164 | - [raw-body](https://www.npmjs.com/package/raw-body)
165 | - `multipart`
166 | - [connect-multiparty](https://www.npmjs.com/package/connect-multiparty)
167 | - [connect-busboy](https://www.npmjs.com/package/connect-busboy)
168 | - `query`
169 | - [qs](https://www.npmjs.com/package/qs)
170 | - `staticCache`
171 | - [st](https://www.npmjs.com/package/st)
172 | - [connect-static](https://www.npmjs.com/package/connect-static)
173 |
174 | Checkout [http-framework](https://github.com/Raynos/http-framework/wiki/Modules) for many other compatible middleware!
175 |
176 | ## API
177 |
178 | The Connect API is very minimalist, enough to create an app and add a chain
179 | of middleware.
180 |
181 | When the `connect` module is required, a function is returned that will construct
182 | a new app when called.
183 |
184 | ```js
185 | // require module
186 | var connect = require('connect')
187 |
188 | // create app
189 | var app = connect()
190 | ```
191 |
192 | ### app(req, res[, next])
193 |
194 | The `app` itself is a function. This is just an alias to `app.handle`.
195 |
196 | ### app.handle(req, res[, out])
197 |
198 | Calling the function will run the middleware stack against the given Node.js
199 | http request (`req`) and response (`res`) objects. An optional function `out`
200 | can be provided that will be called if the request (or error) was not handled
201 | by the middleware stack.
202 |
203 | ### app.listen([...])
204 |
205 | Start the app listening for requests. This method will internally create a Node.js
206 | HTTP server and call `.listen()` on it.
207 |
208 | This is an alias to the `server.listen()` method in the version of Node.js running,
209 | so consult the Node.js documentation for all the different variations. The most
210 | common signature is [`app.listen(port)`](https://nodejs.org/dist/latest-v6.x/docs/api/http.html#http_server_listen_port_hostname_backlog_callback).
211 |
212 | ### app.use(fn)
213 |
214 | Use a function on the app, where the function represents a middleware. The function
215 | will be invoked for every request in the order that `app.use` is called. The function
216 | is called with three arguments:
217 |
218 | ```js
219 | app.use(function (req, res, next) {
220 | // req is the Node.js http request object
221 | // res is the Node.js http response object
222 | // next is a function to call to invoke the next middleware
223 | })
224 | ```
225 |
226 | In addition to a plan function, the `fn` argument can also be a Node.js HTTP server
227 | instance or another Connect app instance.
228 |
229 | ### app.use(route, fn)
230 |
231 | Use a function on the app, where the function represents a middleware. The function
232 | will be invoked for every request in which the URL (`req.url` property) starts with
233 | the given `route` string in the order that `app.use` is called. The function is
234 | called with three arguments:
235 |
236 | ```js
237 | app.use('/foo', function (req, res, next) {
238 | // req is the Node.js http request object
239 | // res is the Node.js http response object
240 | // next is a function to call to invoke the next middleware
241 | })
242 | ```
243 |
244 | In addition to a plan function, the `fn` argument can also be a Node.js HTTP server
245 | instance or another Connect app instance.
246 |
247 | The `route` is always terminated at a path separator (`/`) or a dot (`.`) character.
248 | This means the given routes `/foo/` and `/foo` are the same and both will match requests
249 | with the URLs `/foo`, `/foo/`, `/foo/bar`, and `/foo.bar`, but not match a request with
250 | the URL `/foobar`.
251 |
252 | The `route` is matched in a case-insensitive manner.
253 |
254 | In order to make middleware easier to write to be agnostic of the `route`, when the
255 | `fn` is invoked, the `req.url` will be altered to remove the `route` part (and the
256 | original will be available as `req.originalUrl`). For example, if `fn` is used at the
257 | route `/foo`, the request for `/foo/bar` will invoke `fn` with `req.url === '/bar'`
258 | and `req.originalUrl === '/foo/bar'`.
259 |
260 | ## Running Tests
261 |
262 | ```bash
263 | npm install
264 | npm test
265 | ```
266 |
267 | ## People
268 |
269 | The Connect project would not be the same without all the people involved.
270 |
271 | The original author of Connect is [TJ Holowaychuk](https://github.com/tj)
272 |
273 | The current lead maintainer is [Douglas Christopher Wilson](https://github.com/dougwilson)
274 |
275 | [List of all contributors](https://github.com/senchalabs/connect/graphs/contributors)
276 |
277 | ## License
278 |
279 | [MIT](LICENSE)
280 |
281 | [coveralls-image]: https://badgen.net/coveralls/c/github/senchalabs/connect/master
282 | [coveralls-url]: https://coveralls.io/r/senchalabs/connect?branch=master
283 | [github-actions-ci-image]: https://badgen.net/github/checks/senchalabs/connect/master?label=ci
284 | [github-actions-ci-url]: https://github.com/jshttp/senchalabs/connect?query=workflow%3Aci
285 | [npm-downloads-image]: https://badgen.net/npm/dm/connect
286 | [npm-url]: https://npmjs.org/package/connect
287 | [npm-version-image]: https://badgen.net/npm/v/connect
288 |
--------------------------------------------------------------------------------
/SECURITY.md:
--------------------------------------------------------------------------------
1 | # Security Policies and Procedures
2 |
3 | This document outlines security procedures and general policies for the Connect
4 | project.
5 |
6 | * [Reporting a Bug](#reporting-a-bug)
7 | * [Disclosure Policy](#disclosure-policy)
8 | * [Comments on this Policy](#comments-on-this-policy)
9 |
10 | ## Reporting a Bug
11 |
12 | The Connect team and community take all security bugs in Connect seriously.
13 | Thank you for improving the security of Connect. We appreciate your efforts and
14 | responsible disclosure and will make every effort to acknowledge your
15 | contributions.
16 |
17 | Report security bugs by emailing the lead maintainer in the README.md file.
18 |
19 | The lead maintainer will acknowledge your email within 48 hours, and will send a
20 | more detailed response within 48 hours indicating the next steps in handling
21 | your report. After the initial reply to your report, the security team will
22 | endeavor to keep you informed of the progress towards a fix and full
23 | announcement, and may ask for additional information or guidance.
24 |
25 | Report security bugs in third-party modules to the person or team maintaining
26 | the module. You can also report a vulnerability through the
27 | [Node Security Project](https://nodesecurity.io/report).
28 |
29 | ## Disclosure Policy
30 |
31 | When the security team receives a security bug report, they will assign it to a
32 | primary handler. This person will coordinate the fix and release process,
33 | involving the following steps:
34 |
35 | * Confirm the problem and determine the affected versions.
36 | * Audit code to find any potential similar problems.
37 | * Prepare fixes for all releases still under maintenance. These fixes will be
38 | released as fast as possible to npm.
39 |
40 | ## Comments on this Policy
41 |
42 | If you have suggestions on how this process could be improved please submit a
43 | pull request.
44 |
--------------------------------------------------------------------------------
/index.js:
--------------------------------------------------------------------------------
1 | /*!
2 | * connect
3 | * Copyright(c) 2010 Sencha Inc.
4 | * Copyright(c) 2011 TJ Holowaychuk
5 | * Copyright(c) 2015 Douglas Christopher Wilson
6 | * MIT Licensed
7 | */
8 |
9 | 'use strict';
10 |
11 | /**
12 | * Module dependencies.
13 | * @private
14 | */
15 |
16 | var debug = require('debug')('connect:dispatcher');
17 | var EventEmitter = require('events').EventEmitter;
18 | var finalhandler = require('finalhandler');
19 | var http = require('http');
20 | var merge = require('utils-merge');
21 | var parseUrl = require('parseurl');
22 |
23 | /**
24 | * Module exports.
25 | * @public
26 | */
27 |
28 | module.exports = createServer;
29 |
30 | /**
31 | * Module variables.
32 | * @private
33 | */
34 |
35 | var env = process.env.NODE_ENV || 'development';
36 | var proto = {};
37 |
38 | /* istanbul ignore next */
39 | var defer = typeof setImmediate === 'function'
40 | ? setImmediate
41 | : function(fn){ process.nextTick(fn.bind.apply(fn, arguments)) }
42 |
43 | /**
44 | * Create a new connect server.
45 | *
46 | * @return {function}
47 | * @public
48 | */
49 |
50 | function createServer() {
51 | function app(req, res, next){ app.handle(req, res, next); }
52 | merge(app, proto);
53 | merge(app, EventEmitter.prototype);
54 | app.route = '/';
55 | app.stack = [];
56 | return app;
57 | }
58 |
59 | /**
60 | * Utilize the given middleware `handle` to the given `route`,
61 | * defaulting to _/_. This "route" is the mount-point for the
62 | * middleware, when given a value other than _/_ the middleware
63 | * is only effective when that segment is present in the request's
64 | * pathname.
65 | *
66 | * For example if we were to mount a function at _/admin_, it would
67 | * be invoked on _/admin_, and _/admin/settings_, however it would
68 | * not be invoked for _/_, or _/posts_.
69 | *
70 | * @param {String|Function|Server} route, callback or server
71 | * @param {Function|Server} callback or server
72 | * @return {Server} for chaining
73 | * @public
74 | */
75 |
76 | proto.use = function use(route, fn) {
77 | var handle = fn;
78 | var path = route;
79 |
80 | // default route to '/'
81 | if (typeof route !== 'string') {
82 | handle = route;
83 | path = '/';
84 | }
85 |
86 | // wrap sub-apps
87 | if (typeof handle.handle === 'function') {
88 | var server = handle;
89 | server.route = path;
90 | handle = function (req, res, next) {
91 | server.handle(req, res, next);
92 | };
93 | }
94 |
95 | // wrap vanilla http.Servers
96 | if (handle instanceof http.Server) {
97 | handle = handle.listeners('request')[0];
98 | }
99 |
100 | // strip trailing slash
101 | if (path[path.length - 1] === '/') {
102 | path = path.slice(0, -1);
103 | }
104 |
105 | // add the middleware
106 | debug('use %s %s', path || '/', handle.name || 'anonymous');
107 | this.stack.push({ route: path, handle: handle });
108 |
109 | return this;
110 | };
111 |
112 | /**
113 | * Handle server requests, punting them down
114 | * the middleware stack.
115 | *
116 | * @private
117 | */
118 |
119 | proto.handle = function handle(req, res, out) {
120 | var index = 0;
121 | var protohost = getProtohost(req.url) || '';
122 | var removed = '';
123 | var slashAdded = false;
124 | var stack = this.stack;
125 |
126 | // final function handler
127 | var done = out || finalhandler(req, res, {
128 | env: env,
129 | onerror: logerror
130 | });
131 |
132 | // store the original URL
133 | req.originalUrl = req.originalUrl || req.url;
134 |
135 | function next(err) {
136 | if (slashAdded) {
137 | req.url = req.url.substr(1);
138 | slashAdded = false;
139 | }
140 |
141 | if (removed.length !== 0) {
142 | req.url = protohost + removed + req.url.substr(protohost.length);
143 | removed = '';
144 | }
145 |
146 | // next callback
147 | var layer = stack[index++];
148 |
149 | // all done
150 | if (!layer) {
151 | defer(done, err);
152 | return;
153 | }
154 |
155 | // route data
156 | var path = parseUrl(req).pathname || '/';
157 | var route = layer.route;
158 |
159 | // skip this layer if the route doesn't match
160 | if (path.toLowerCase().substr(0, route.length) !== route.toLowerCase()) {
161 | return next(err);
162 | }
163 |
164 | // skip if route match does not border "/", ".", or end
165 | var c = path.length > route.length && path[route.length];
166 | if (c && c !== '/' && c !== '.') {
167 | return next(err);
168 | }
169 |
170 | // trim off the part of the url that matches the route
171 | if (route.length !== 0 && route !== '/') {
172 | removed = route;
173 | req.url = protohost + req.url.substr(protohost.length + removed.length);
174 |
175 | // ensure leading slash
176 | if (!protohost && req.url[0] !== '/') {
177 | req.url = '/' + req.url;
178 | slashAdded = true;
179 | }
180 | }
181 |
182 | // call the layer handle
183 | call(layer.handle, route, err, req, res, next);
184 | }
185 |
186 | next();
187 | };
188 |
189 | /**
190 | * Listen for connections.
191 | *
192 | * This method takes the same arguments
193 | * as node's `http.Server#listen()`.
194 | *
195 | * HTTP and HTTPS:
196 | *
197 | * If you run your application both as HTTP
198 | * and HTTPS you may wrap them individually,
199 | * since your Connect "server" is really just
200 | * a JavaScript `Function`.
201 | *
202 | * var connect = require('connect')
203 | * , http = require('http')
204 | * , https = require('https');
205 | *
206 | * var app = connect();
207 | *
208 | * http.createServer(app).listen(80);
209 | * https.createServer(options, app).listen(443);
210 | *
211 | * @return {http.Server}
212 | * @api public
213 | */
214 |
215 | proto.listen = function listen() {
216 | var server = http.createServer(this);
217 | return server.listen.apply(server, arguments);
218 | };
219 |
220 | /**
221 | * Invoke a route handle.
222 | * @private
223 | */
224 |
225 | function call(handle, route, err, req, res, next) {
226 | var arity = handle.length;
227 | var error = err;
228 | var hasError = Boolean(err);
229 |
230 | debug('%s %s : %s', handle.name || '<anonymous>', route, req.originalUrl);
231 |
232 | try {
233 | if (hasError && arity === 4) {
234 | // error-handling middleware
235 | handle(err, req, res, next);
236 | return;
237 | } else if (!hasError && arity < 4) {
238 | // request-handling middleware
239 | handle(req, res, next);
240 | return;
241 | }
242 | } catch (e) {
243 | // replace the error
244 | error = e;
245 | }
246 |
247 | // continue
248 | next(error);
249 | }
250 |
251 | /**
252 | * Log error using console.error.
253 | *
254 | * @param {Error} err
255 | * @private
256 | */
257 |
258 | function logerror(err) {
259 | if (env !== 'test') console.error(err.stack || err.toString());
260 | }
261 |
262 | /**
263 | * Get get protocol + host for a URL.
264 | *
265 | * @param {string} url
266 | * @private
267 | */
268 |
269 | function getProtohost(url) {
270 | if (url.length === 0 || url[0] === '/') {
271 | return undefined;
272 | }
273 |
274 | var fqdnIndex = url.indexOf('://')
275 |
276 | return fqdnIndex !== -1 && url.lastIndexOf('?', fqdnIndex) === -1
277 | ? url.substr(0, url.indexOf('/', 3 + fqdnIndex))
278 | : undefined;
279 | }
280 |
--------------------------------------------------------------------------------
/logo/horizontal.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/senchalabs/connect/98ab0c435852b311ed57fe48a1846c2dae84e266/logo/horizontal.png
--------------------------------------------------------------------------------
/logo/icon.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/senchalabs/connect/98ab0c435852b311ed57fe48a1846c2dae84e266/logo/icon.png
--------------------------------------------------------------------------------
/logo/vertical.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/senchalabs/connect/98ab0c435852b311ed57fe48a1846c2dae84e266/logo/vertical.png
--------------------------------------------------------------------------------
/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "connect",
3 | "description": "High performance middleware framework",
4 | "version": "3.7.0",
5 | "author": "TJ Holowaychuk <tj@vision-media.ca> (http://tjholowaychuk.com)",
6 | "contributors": [
7 | "Douglas Christopher Wilson <doug@somethingdoug.com>",
8 | "Jonathan Ong <me@jongleberry.com>",
9 | "Tim Caswell <tim@creationix.com>"
10 | ],
11 | "keywords": [
12 | "framework",
13 | "web",
14 | "middleware",
15 | "connect",
16 | "rack"
17 | ],
18 | "repository": "senchalabs/connect",
19 | "dependencies": {
20 | "debug": "2.6.9",
21 | "finalhandler": "1.1.2",
22 | "parseurl": "~1.3.3",
23 | "utils-merge": "1.0.1"
24 | },
25 | "devDependencies": {
26 | "eslint": "8.57.0",
27 | "mocha": "10.7.3",
28 | "nyc": "17.1.0",
29 | "supertest": "6.3.4"
30 | },
31 | "license": "MIT",
32 | "files": [
33 | "LICENSE",
34 | "HISTORY.md",
35 | "README.md",
36 | "SECURITY.md",
37 | "index.js"
38 | ],
39 | "engines": {
40 | "node": ">= 0.10.0"
41 | },
42 | "scripts": {
43 | "lint": "eslint .",
44 | "test": "mocha --require test/support/env --reporter spec --bail --check-leaks test/",
45 | "test-ci": "nyc --reporter=lcov --reporter=text npm test",
46 | "test-cov": "nyc --reporter=html --reporter=text npm test"
47 | }
48 | }
49 |
--------------------------------------------------------------------------------
/test/app.listen.js:
--------------------------------------------------------------------------------
1 |
2 | var assert = require('assert')
3 | var connect = require('..');
4 | var request = require('supertest');
5 |
6 | describe('app.listen()', function(){
7 | it('should wrap in an http.Server', function(done){
8 | var app = connect();
9 |
10 | app.use(function(req, res){
11 | res.end();
12 | });
13 |
14 | var server = app.listen(0, function () {
15 | assert.ok(server)
16 | request(server)
17 | .get('/')
18 | .expect(200, function (err) {
19 | server.close(function () {
20 | done(err)
21 | })
22 | })
23 | });
24 | });
25 | });
26 |
--------------------------------------------------------------------------------
/test/fqdn.js:
--------------------------------------------------------------------------------
1 |
2 | var connect = require('..');
3 | var rawrequest = require('./support/rawagent')
4 |
5 | describe('app.use()', function(){
6 | var app;
7 |
8 | beforeEach(function(){
9 | app = connect();
10 | });
11 |
12 | it('should not obscure FQDNs', function(done){
13 | app.use(function(req, res){
14 | res.end(req.url);
15 | });
16 |
17 | rawrequest(app)
18 | .get('http://example.com/foo')
19 | .expect(200, 'http://example.com/foo', done)
20 | });
21 |
22 | describe('with a connect app', function(){
23 | it('should ignore FQDN in search', function (done) {
24 | app.use('/proxy', function (req, res) {
25 | res.end(req.url);
26 | });
27 |
28 | rawrequest(app)
29 | .get('/proxy?url=http://example.com/blog/post/1')
30 | .expect(200, '/?url=http://example.com/blog/post/1', done)
31 | });
32 |
33 | it('should ignore FQDN in path', function (done) {
34 | app.use('/proxy', function (req, res) {
35 | res.end(req.url);
36 | });
37 |
38 | rawrequest(app)
39 | .get('/proxy/http://example.com/blog/post/1')
40 | .expect(200, '/http://example.com/blog/post/1', done)
41 | });
42 |
43 | it('should adjust FQDN req.url', function(done){
44 | app.use('/blog', function(req, res){
45 | res.end(req.url);
46 | });
47 |
48 | rawrequest(app)
49 | .get('http://example.com/blog/post/1')
50 | .expect(200, 'http://example.com/post/1', done)
51 | });
52 |
53 | it('should adjust FQDN req.url with multiple handlers', function(done){
54 | app.use(function(req,res,next) {
55 | next();
56 | });
57 |
58 | app.use('/blog', function(req, res){
59 | res.end(req.url);
60 | });
61 |
62 | rawrequest(app)
63 | .get('http://example.com/blog/post/1')
64 | .expect(200, 'http://example.com/post/1', done)
65 | });
66 |
67 | it('should adjust FQDN req.url with multiple routed handlers', function(done) {
68 | app.use('/blog', function(req,res,next) {
69 | next();
70 | });
71 | app.use('/blog', function(req, res) {
72 | res.end(req.url);
73 | });
74 |
75 | rawrequest(app)
76 | .get('http://example.com/blog/post/1')
77 | .expect(200, 'http://example.com/post/1', done)
78 | });
79 | });
80 | });
81 |
--------------------------------------------------------------------------------
/test/mounting.js:
--------------------------------------------------------------------------------
1 |
2 | var assert = require('assert');
3 | var connect = require('..');
4 | var http = require('http');
5 | var request = require('supertest');
6 |
7 | describe('app.use()', function(){
8 | var app;
9 |
10 | beforeEach(function(){
11 | app = connect();
12 | });
13 |
14 | it('should match all paths with "/"', function (done) {
15 | app.use('/', function (req, res) {
16 | res.end(req.url);
17 | });
18 |
19 | request(app)
20 | .get('/blog')
21 | .expect(200, '/blog', done)
22 | });
23 |
24 | it('should match full path', function (done) {
25 | app.use('/blog', function (req, res) {
26 | res.end(req.url);
27 | });
28 |
29 | request(app)
30 | .get('/blog')
31 | .expect(200, '/', done)
32 | });
33 |
34 | it('should match left-side of path', function (done) {
35 | app.use('/blog', function (req, res) {
36 | res.end(req.url);
37 | });
38 |
39 | request(app)
40 | .get('/blog/article/1')
41 | .expect(200, '/article/1', done)
42 | });
43 |
44 | it('should match up to dot', function (done) {
45 | app.use('/blog', function (req, res) {
46 | res.end(req.url)
47 | })
48 |
49 | request(app)
50 | .get('/blog.json')
51 | .expect(200, done)
52 | })
53 |
54 | it('should not match shorter path', function (done) {
55 | app.use('/blog-o-rama', function (req, res) {
56 | res.end(req.url);
57 | });
58 |
59 | request(app)
60 | .get('/blog')
61 | .expect(404, done)
62 | });
63 |
64 | it('should not end match in middle of component', function (done) {
65 | app.use('/blog', function (req, res) {
66 | res.end(req.url);
67 | });
68 |
69 | request(app)
70 | .get('/blog-o-rama/article/1')
71 | .expect(404, done)
72 | });
73 |
74 | it('should be case insensitive (lower-case route, mixed-case request)', function(done){
75 | var blog = http.createServer(function(req, res){
76 | assert.equal(req.url, '/');
77 | res.end('blog');
78 | });
79 |
80 | app.use('/blog', blog);
81 |
82 | request(app)
83 | .get('/BLog')
84 | .expect('blog', done)
85 | });
86 |
87 | it('should be case insensitive (mixed-case route, lower-case request)', function(done){
88 | var blog = http.createServer(function(req, res){
89 | assert.equal(req.url, '/');
90 | res.end('blog');
91 | });
92 |
93 | app.use('/BLog', blog);
94 |
95 | request(app)
96 | .get('/blog')
97 | .expect('blog', done)
98 | });
99 |
100 | it('should be case insensitive (mixed-case route, mixed-case request)', function(done){
101 | var blog = http.createServer(function(req, res){
102 | assert.equal(req.url, '/');
103 | res.end('blog');
104 | });
105 |
106 | app.use('/BLog', blog);
107 |
108 | request(app)
109 | .get('/blOG')
110 | .expect('blog', done)
111 | });
112 |
113 | it('should ignore fn.arity > 4', function(done){
114 | var invoked = [];
115 |
116 | app.use(function(req, res, next, _a, _b){
117 | invoked.push(0)
118 | next();
119 | });
120 | app.use(function(req, res, next){
121 | invoked.push(1)
122 | next(new Error('err'));
123 | });
124 | app.use(function(err, req, res, next){
125 | invoked.push(2);
126 | res.end(invoked.join(','));
127 | });
128 |
129 | request(app)
130 | .get('/')
131 | .expect(200, '1,2', done)
132 | });
133 |
134 | describe('with a connect app', function(){
135 | it('should mount', function(done){
136 | var blog = connect();
137 |
138 | blog.use(function(req, res){
139 | assert.equal(req.url, '/');
140 | res.end('blog');
141 | });
142 |
143 | app.use('/blog', blog);
144 |
145 | request(app)
146 | .get('/blog')
147 | .expect(200, 'blog', done)
148 | });
149 |
150 | it('should retain req.originalUrl', function(done){
151 | var app = connect();
152 |
153 | app.use('/blog', function(req, res){
154 | res.end(req.originalUrl);
155 | });
156 |
157 | request(app)
158 | .get('/blog/post/1')
159 | .expect(200, '/blog/post/1', done)
160 | });
161 |
162 | it('should adjust req.url', function(done){
163 | app.use('/blog', function(req, res){
164 | res.end(req.url);
165 | });
166 |
167 | request(app)
168 | .get('/blog/post/1')
169 | .expect(200, '/post/1', done)
170 | });
171 |
172 | it('should strip trailing slash', function(done){
173 | var blog = connect();
174 |
175 | blog.use(function(req, res){
176 | assert.equal(req.url, '/');
177 | res.end('blog');
178 | });
179 |
180 | app.use('/blog/', blog);
181 |
182 | request(app)
183 | .get('/blog')
184 | .expect('blog', done)
185 | });
186 |
187 | it('should set .route', function(){
188 | var blog = connect();
189 | var admin = connect();
190 | app.use('/blog', blog);
191 | blog.use('/admin', admin);
192 | assert.equal(app.route, '/');
193 | assert.equal(blog.route, '/blog');
194 | assert.equal(admin.route, '/admin');
195 | });
196 |
197 | it('should not add trailing slash to req.url', function(done) {
198 | app.use('/admin', function(req, res, next) {
199 | next();
200 | });
201 |
202 | app.use(function(req, res, next) {
203 | res.end(req.url);
204 | });
205 |
206 | request(app)
207 | .get('/admin')
208 | .expect('/admin', done)
209 | })
210 | })
211 |
212 | describe('with a node app', function(){
213 | it('should mount', function(done){
214 | var blog = http.createServer(function(req, res){
215 | assert.equal(req.url, '/');
216 | res.end('blog');
217 | });
218 |
219 | app.use('/blog', blog);
220 |
221 | request(app)
222 | .get('/blog')
223 | .expect('blog', done)
224 | });
225 | });
226 |
227 | describe('error handling', function(){
228 | it('should send errors to airty 4 fns', function(done){
229 | app.use(function(req, res, next){
230 | next(new Error('msg'));
231 | })
232 | app.use(function(err, req, res, next){
233 | res.end('got error ' + err.message);
234 | });
235 |
236 | request(app)
237 | .get('/')
238 | .expect('got error msg', done)
239 | })
240 |
241 | it('should skip to non-error middleware', function(done){
242 | var invoked = false;
243 |
244 | app.use(function(req, res, next){
245 | next(new Error('msg'));
246 | })
247 | app.use(function(req, res, next){
248 | invoked = true;
249 | next();
250 | });
251 | app.use(function(err, req, res, next){
252 | res.end(invoked ? 'invoked' : err.message);
253 | });
254 |
255 | request(app)
256 | .get('/')
257 | .expect(200, 'msg', done)
258 | })
259 |
260 | it('should start at error middleware declared after error', function(done){
261 | app.use(function(err, req, res, next){
262 | res.end('fail: ' + err.message);
263 | });
264 | app.use(function(req, res, next){
265 | next(new Error('boom!'));
266 | });
267 | app.use(function(err, req, res, next){
268 | res.end('pass: ' + err.message);
269 | });
270 |
271 | request(app)
272 | .get('/')
273 | .expect(200, 'pass: boom!', done)
274 | })
275 |
276 | it('should stack error fns', function(done){
277 | app.use(function(req, res, next){
278 | next(new Error('msg'));
279 | })
280 | app.use(function(err, req, res, next){
281 | res.setHeader('X-Error', err.message);
282 | next(err);
283 | });
284 | app.use(function(err, req, res, next){
285 | res.end('got error ' + err.message);
286 | });
287 |
288 | request(app)
289 | .get('/')
290 | .expect('X-Error', 'msg')
291 | .expect(200, 'got error msg', done)
292 | })
293 |
294 | it('should invoke error stack even when headers sent', function(done){
295 | app.use(function(req, res, next){
296 | res.end('0');
297 | next(new Error('msg'));
298 | });
299 | app.use(function(err, req, res, next){
300 | done();
301 | });
302 |
303 | request(app)
304 | .get('/')
305 | .end(function () {})
306 | })
307 | })
308 | });
309 |
--------------------------------------------------------------------------------
/test/server.js:
--------------------------------------------------------------------------------
1 |
2 | var assert = require('assert');
3 | var connect = require('..');
4 | var http = require('http');
5 | var rawrequest = require('./support/rawagent')
6 | var request = require('supertest');
7 |
8 | describe('app', function(){
9 | var app;
10 |
11 | beforeEach(function(){
12 | app = connect();
13 | });
14 |
15 | it('should inherit from event emitter', function(done){
16 | app.on('foo', done);
17 | app.emit('foo');
18 | });
19 |
20 | it('should work in http.createServer', function(done){
21 | var app = connect();
22 |
23 | app.use(function (req, res) {
24 | res.end('hello, world!');
25 | });
26 |
27 | var server = http.createServer(app);
28 |
29 | request(server)
30 | .get('/')
31 | .expect(200, 'hello, world!', done)
32 | })
33 |
34 | it('should be a callable function', function(done){
35 | var app = connect();
36 |
37 | app.use(function (req, res) {
38 | res.end('hello, world!');
39 | });
40 |
41 | function handler(req, res) {
42 | res.write('oh, ');
43 | app(req, res);
44 | }
45 |
46 | var server = http.createServer(handler);
47 |
48 | request(server)
49 | .get('/')
50 | .expect(200, 'oh, hello, world!', done)
51 | })
52 |
53 | it('should invoke callback if request not handled', function(done){
54 | var app = connect();
55 |
56 | app.use('/foo', function (req, res) {
57 | res.end('hello, world!');
58 | });
59 |
60 | function handler(req, res) {
61 | res.write('oh, ');
62 | app(req, res, function() {
63 | res.end('no!');
64 | });
65 | }
66 |
67 | var server = http.createServer(handler);
68 |
69 | request(server)
70 | .get('/')
71 | .expect(200, 'oh, no!', done)
72 | })
73 |
74 | it('should invoke callback on error', function(done){
75 | var app = connect();
76 |
77 | app.use(function (req, res) {
78 | throw new Error('boom!');
79 | });
80 |
81 | function handler(req, res) {
82 | res.write('oh, ');
83 | app(req, res, function(err) {
84 | res.end(err.message);
85 | });
86 | }
87 |
88 | var server = http.createServer(handler);
89 |
90 | request(server)
91 | .get('/')
92 | .expect(200, 'oh, boom!', done)
93 | })
94 |
95 | it('should work as middleware', function(done){
96 | // custom server handler array
97 | var handlers = [connect(), function(req, res, next){
98 | res.writeHead(200, {'Content-Type': 'text/plain'});
99 | res.end('Ok');
100 | }];
101 |
102 | // execute callbacks in sequence
103 | var n = 0;
104 | function run(req, res){
105 | if (handlers[n]) {
106 | handlers[n++](req, res, function(){
107 | run(req, res);
108 | });
109 | }
110 | }
111 |
112 | // create a non-connect server
113 | var server = http.createServer(run);
114 |
115 | request(server)
116 | .get('/')
117 | .expect(200, 'Ok', done)
118 | });
119 |
120 | it('should escape the 500 response body', function(done){
121 | app.use(function(req, res, next){
122 | next(new Error('error!'));
123 | });
124 | request(app)
125 | .get('/')
126 | .expect(/Error: error!<br>/)
127 | .expect(/<br> at/)
128 | .expect(500, done)
129 | })
130 |
131 | describe('404 handler', function(){
132 | it('should escape the 404 response body', function(done){
133 | rawrequest(app)
134 | .get('/foo/<script>stuff\'n</script>')
135 | .expect(404, />Cannot GET \/foo\/%3Cscript%3Estuff'n%3C\/script%3E</, done)
136 | });
137 |
138 | it('shoud not fire after headers sent', function(done){
139 | var app = connect();
140 |
141 | app.use(function(req, res, next){
142 | res.write('body');
143 | res.end();
144 | process.nextTick(next);
145 | })
146 |
147 | request(app)
148 | .get('/')
149 | .expect(200, done)
150 | })
151 |
152 | it('shoud have no body for HEAD', function(done){
153 | var app = connect();
154 |
155 | request(app)
156 | .head('/')
157 | .expect(404)
158 | .expect(shouldHaveNoBody())
159 | .end(done)
160 | })
161 | })
162 |
163 | describe('error handler', function(){
164 | it('should have escaped response body', function(done){
165 | var app = connect();
166 |
167 | app.use(function(req, res, next){
168 | throw new Error('<script>alert()</script>');
169 | })
170 |
171 | request(app)
172 | .get('/')
173 | .expect(500, /<script>alert\(\)<\/script>/, done)
174 | })
175 |
176 | it('should use custom error code', function(done){
177 | var app = connect();
178 |
179 | app.use(function(req, res, next){
180 | var err = new Error('ack!');
181 | err.status = 503;
182 | throw err;
183 | })
184 |
185 | request(app)
186 | .get('/')
187 | .expect(503, done)
188 | })
189 |
190 | it('should keep error statusCode', function(done){
191 | var app = connect();
192 |
193 | app.use(function(req, res, next){
194 | res.statusCode = 503;
195 | throw new Error('ack!');
196 | })
197 |
198 | request(app)
199 | .get('/')
200 | .expect(503, done)
201 | })
202 |
203 | it('shoud not fire after headers sent', function(done){
204 | var app = connect();
205 |
206 | app.use(function(req, res, next){
207 | res.write('body');
208 | res.end();
209 | process.nextTick(function() {
210 | next(new Error('ack!'));
211 | });
212 | })
213 |
214 | request(app)
215 | .get('/')
216 | .expect(200, done)
217 | })
218 |
219 | it('shoud have no body for HEAD', function(done){
220 | var app = connect();
221 |
222 | app.use(function(req, res, next){
223 | throw new Error('ack!');
224 | });
225 |
226 | request(app)
227 | .head('/')
228 | .expect(500)
229 | .expect(shouldHaveNoBody())
230 | .end(done)
231 | });
232 | });
233 | });
234 |
235 | function shouldHaveNoBody () {
236 | return function (res) {
237 | assert.ok(res.text === '' || res.text === undefined)
238 | }
239 | }
240 |
--------------------------------------------------------------------------------
/test/support/env.js:
--------------------------------------------------------------------------------
1 |
2 | process.env.NODE_ENV = 'test';
3 |
--------------------------------------------------------------------------------
/test/support/rawagent.js:
--------------------------------------------------------------------------------
1 | 'use strict'
2 |
3 | var assert = require('assert')
4 | var http = require('http')
5 |
6 | module.exports = createRawAgent
7 |
8 | function createRawAgent (app) {
9 | return new RawAgent(app)
10 | }
11 |
12 | function RawAgent (app) {
13 | this.app = app
14 |
15 | this._open = 0
16 | this._port = null
17 | this._server = null
18 | }
19 |
20 | RawAgent.prototype.get = function get (path) {
21 | return new RawRequest(this, 'GET', path)
22 | }
23 |
24 | RawAgent.prototype._close = function _close (cb) {
25 | if (--this._open) {
26 | return process.nextTick(cb)
27 | }
28 |
29 | this._server.close(cb)
30 | }
31 |
32 | RawAgent.prototype._start = function _start (cb) {
33 | this._open++
34 |
35 | if (this._port) {
36 | return process.nextTick(cb)
37 | }
38 |
39 | if (!this._server) {
40 | this._server = http.createServer(this.app).listen()
41 | }
42 |
43 | var agent = this
44 | this._server.on('listening', function onListening () {
45 | agent._port = this.address().port
46 | cb()
47 | })
48 | }
49 |
50 | function RawRequest (agent, method, path) {
51 | this.agent = agent
52 | this.method = method
53 | this.path = path
54 | }
55 |
56 | RawRequest.prototype.expect = function expect (status, body, callback) {
57 | var request = this
58 | this.agent._start(function onStart () {
59 | var req = http.request({
60 | host: '127.0.0.1',
61 | method: request.method,
62 | path: request.path,
63 | port: request.agent._port
64 | })
65 |
66 | req.on('response', function (res) {
67 | var buf = ''
68 |
69 | res.setEncoding('utf8')
70 | res.on('data', function onData (s) { buf += s })
71 | res.on('end', function onEnd () {
72 | var err = null
73 |
74 | try {
75 | assert.equal(res.statusCode, status, 'expected ' + status + ' status, got ' + res.statusCode)
76 |
77 | if (body instanceof RegExp) {
78 | assert.ok(body.test(buf), 'expected body ' + buf + ' to match ' + body)
79 | } else {
80 | assert.equal(buf, body, 'expected ' + body + ' response body, got ' + buf)
81 | }
82 | } catch (e) {
83 | err = e
84 | }
85 |
86 | request.agent._close(function onClose () {
87 | callback(err)
88 | })
89 | })
90 | })
91 |
92 | req.end()
93 | })
94 | }
95 |
--------------------------------------------------------------------------------