Commit 0224e767 authored by Bastien ROUCARIÈS's avatar Bastien ROUCARIÈS

Update upstream source from tag 'upstream/3.6.7'

Update to upstream version '3.6.7'
with Debian dir 6584a54af41e2f6f1542ca970f10435b8b7a4c9a
parents 7cb09ff6 9b0652f2
# http://editorconfig.org
root = true
[*]
charset = utf-8
insert_final_newline = true
trim_trailing_whitespace = true
[{*.js,*.json,*.yml}]
indent_size = 2
indent_style = space
.nyc_output
coverage
node_modules
{
"rules": {
"eol-last": "error",
"indent": ["error", 2, { "SwitchCase": 1 }],
"no-trailing-spaces": "error"
}
}
.nyc_output/
coverage/
.DS_Store
pids
logs
results
*.pid
*.gz
*.log
test/fixtures/foo.bar.baz.css
test/fixtures/style.css
test/fixtures/script.js
test.js
docs/*.html
docs/*.json
node_modules
.idea
*.iml
node_modules/
npm-debug.log
package-lock.json
......@@ -5,10 +5,22 @@ node_js:
- "1.8"
- "2.5"
- "3.3"
- "4.2"
- "5.5"
- "4.8"
- "5.12"
- "6.12"
- "7.10"
- "8.9"
- "9.5"
sudo: false
cache:
directories:
- node_modules
before_install:
- "npm config set shrinkwrap false"
- "test ! -d node_modules || npm prune"
- "test ! -d node_modules || npm rebuild"
script:
- "npm run-script test-travis"
- "npm run-script lint"
after_script:
- "npm install coveralls@2 && cat ./coverage/lcov.info | coveralls"
- "test -d .nyc_output && npm install coveralls@2 && nyc report --reporter=text-lcov | coveralls"
3.6.7 / 2018-03-06
==================
* deps: finalhandler@1.1.1
- Fix 404 output for bad / missing pathnames
- deps: encodeurl@~1.0.2
- deps: statuses@~1.4.0
3.6.6 / 2018-02-14
==================
* deps: finalhandler@1.1.0
- Use `res.headersSent` when available
* perf: remove array read-past-end
3.6.5 / 2017-09-22
==================
* deps: debug@2.6.9
* deps: finalhandler@1.0.6
- deps: debug@2.6.9
3.6.4 / 2017-09-20
==================
* deps: finalhandler@1.0.5
- deps: parseurl@~1.3.2
* deps: parseurl@~1.3.2
- perf: reduce overhead for full URLs
- perf: unroll the "fast-path" `RegExp`
* deps: utils-merge@1.0.1
3.6.3 / 2017-08-03
==================
* deps: debug@2.6.8
* deps: finalhandler@1.0.4
- deps: debug@2.6.8
3.6.2 / 2017-05-16
==================
* deps: finalhandler@1.0.3
- deps: debug@2.6.7
* deps: debug@2.6.7
- deps: ms@2.0.0
3.6.1 / 2017-04-19
==================
* deps: debug@2.6.3
- Fix `DEBUG_MAX_ARRAY_LENGTH`
* deps: finalhandler@1.0.1
- Fix missing `</html>` in HTML document
- deps: debug@2.6.3
3.6.0 / 2017-02-17
==================
* deps: debug@2.6.1
- Allow colors in workers
- Deprecated `DEBUG_FD` environment variable set to `3` or higher
- Fix error when running under React Native
- Use same color for same namespace
- deps: ms@0.7.2
* deps: finalhandler@1.0.0
- Fix exception when `err` cannot be converted to a string
- Fully URL-encode the pathname in the 404
- Only include the pathname in the 404 message
- Send complete HTML document
- Set `Content-Security-Policy: default-src 'self'` header
- deps: debug@2.6.1
3.5.1 / 2017-02-12
==================
* deps: finalhandler@0.5.1
- Fix exception when `err.headers` is not an object
- deps: statuses@~1.3.1
- perf: hoist regular expressions
- perf: remove duplicate validation path
3.5.0 / 2016-09-09
==================
* deps: finalhandler@0.5.0
- Change invalid or non-numeric status code to 500
- Overwrite status message to match set status code
- Prefer `err.statusCode` if `err.status` is invalid
- Set response headers from `err.headers` object
- Use `statuses` instead of `http` module for status messages
3.4.1 / 2016-01-23
==================
......
......@@ -4,7 +4,6 @@
[![NPM Downloads][downloads-image]][downloads-url]
[![Build Status][travis-image]][travis-url]
[![Test Coverage][coveralls-image]][coveralls-url]
[![Gratipay][gratipay-image]][gratipay-url]
Connect is an extensible HTTP server framework for [node](http://nodejs.org) using "plugins" known as _middleware_.
......@@ -26,7 +25,7 @@ app.use(cookieSession({
// parse urlencoded request bodies into req.body
var bodyParser = require('body-parser');
app.use(bodyParser.urlencoded());
app.use(bodyParser.urlencoded({extended: false}));
// respond to all requests
app.use(function(req, res){
......@@ -92,10 +91,20 @@ app.use('/bar', function barMiddleware(req, res, next) {
### Error middleware
There are special cases of "error-handling" middleware. There are middleware
where the function takes exactly 4 arguments. Errors that occur in the middleware
added before the error middleware will invoke this middleware when errors occur.
where the function takes exactly 4 arguments. When a middleware passes an error
to `next`, the app will proceed to look for the error middleware that was declared
after that middleware and invoke it, skipping any error middleware above that
middleware and any non-error middleware below.
```js
// regular middleware
app.use(function (req, res, next) {
// i had an error
next(new Error('boom!'));
});
// error middleware for errors that occurred in middleware
// declared before this
app.use(function onerror(err, req, res, next) {
// an error occurred!
});
......@@ -104,7 +113,8 @@ app.use(function onerror(err, req, res, next) {
### Create a server from the app
The last step is to actually use the Connect app in a server. The `.listen()` method
is a convenience to start a HTTP server.
is a convenience to start a HTTP server (and is identical to the `http.Server`'s `listen`
method in the version of Node.js you are running).
```js
var server = app.listen(port);
......@@ -157,7 +167,91 @@ Some middleware previously included with Connect are no longer supported by the
- [st](https://www.npmjs.com/package/st)
- [connect-static](https://www.npmjs.com/package/connect-static)
Checkout [http-framework](https://github.com/Raynos/http-framework/wiki/Modules) for many other compatible middleware!
Checkout [http-framework](https://github.com/Raynos/http-framework/wiki/Modules) for many other compatible middleware!
## API
The Connect API is very minimalist, enough to create an app and add a chain
of middleware.
When the `connect` module is required, a function is returned that will construct
a new app when called.
```js
// require module
var connect = require('connect')
// create app
var app = connect()
```
### app(req, res[, next])
The `app` itself is a function. This is just an alias to `app.handle`.
### app.handle(req, res[, out])
Calling the function will run the middleware stack against the given Node.js
http request (`req`) and response (`res`) objects. An optional function `out`
can be provided that will be called if the request (or error) was not handled
by the middleware stack.
### app.listen([...])
Start the app listening for requests. This method will internally create a Node.js
HTTP server and call `.listen()` on it.
This is an alias to the `server.listen()` method in the version of Node.js running,
so consult the Node.js documentation for all the different variations. The most
common signature is [`app.listen(port)`](https://nodejs.org/dist/latest-v6.x/docs/api/http.html#http_server_listen_port_hostname_backlog_callback).
### app.use(fn)
Use a function on the app, where the function represents a middleware. The function
will be invoked for every request in the order that `app.use` is called. The function
is called with three arguments:
```js
app.use(function (req, res, next) {
// req is the Node.js http request object
// res is the Node.js http response object
// next is a function to call to invoke the next middleware
})
```
In addition to a plan function, the `fn` argument can also be a Node.js HTTP server
instance or another Connect app instance.
### app.use(route, fn)
Use a function on the app, where the function represents a middleware. The function
will be invoked for every request in which the URL (`req.url` property) starts with
the given `route` string in the order that `app.use` is called. The function is
called with three arguments:
```js
app.use('/foo', function (req, res, next) {
// req is the Node.js http request object
// res is the Node.js http response object
// next is a function to call to invoke the next middleware
})
```
In addition to a plan function, the `fn` argument can also be a Node.js HTTP server
instance or another Connect app instance.
The `route` is always terminated at a path separator (`/`) or a dot (`.`) character.
This means the given routes `/foo/` and `/foo` are the same and both will match requests
with the URLs `/foo`, `/foo/`, `/foo/bar`, and `/foo.bar`, but not match a request with
the URL `/foobar`.
The `route` is matched in a case-insensitive manor.
In order to make middleware easier to write to be agnostic of the `route`, when the
`fn` is invoked, the `req.url` will be altered to remove the `route` part (and the
original will be available as `req.originalUrl`). For example, if `fn` is used at the
route `/foo`, the request for `/foo/bar` will invoke `fn` with `req.url === '/bar'`
and `req.originalUrl === '/foo/bar'`.
## Running Tests
......@@ -166,9 +260,15 @@ npm install
npm test
```
## Contributors
## People
The Connect project would not be the same without all the people involved.
The original author of Connect is [TJ Holowaychuk](https://github.com/tj)
The current lead maintainer is [Douglas Christopher Wilson](https://github.com/dougwilson)
https://github.com/senchalabs/connect/graphs/contributors
[List of all contributors](https://github.com/senchalabs/connect/graphs/contributors)
## Node Compatibility
......@@ -176,7 +276,7 @@ npm test
- Connect `1.x` - node `0.4`
- Connect `< 2.8` - node `0.6`
- Connect `>= 2.8 < 3` - node `0.8`
- Connect `>= 3` - node `0.10`, `0.12`; io.js `1.x`, `2.x`
- Connect `>= 3` - node `0.10`, `0.12`, `4.x`, `5.x`, `6.x`, `7.x`, `8.x`; io.js `1.x`, `2.x`, `3.x`
## License
......@@ -190,5 +290,3 @@ npm test
[coveralls-url]: https://coveralls.io/r/senchalabs/connect
[downloads-image]: https://img.shields.io/npm/dm/connect.svg
[downloads-url]: https://npmjs.org/package/connect
[gratipay-image]: https://img.shields.io/gratipay/dougwilson.svg
[gratipay-url]: https://www.gratipay.com/dougwilson/
# Security Policies and Procedures
This document outlines security procedures and general policies for the Connect
project.
* [Reporting a Bug](#reporting-a-bug)
* [Disclosure Policy](#disclosure-policy)
* [Comments on this Policy](#comments-on-this-policy)
## Reporting a Bug
The Connect team and community take all security bugs in Connect seriously.
Thank you for improving the security of Connect. We appreciate your efforts and
responsible disclosure and will make every effort to acknowledge your
contributions.
Report security bugs by emailing the lead maintainer in the README.md file.
The lead maintainer will acknowledge your email within 48 hours, and will send a
more detailed response within 48 hours indicating the next steps in handling
your report. After the initial reply to your report, the security team will
endeavor to keep you informed of the progress towards a fix and full
announcement, and may ask for additional information or guidance.
Report security bugs in third-party modules to the person or team maintaining
the module. You can also report a vulnerability through the
[Node Security Project](https://nodesecurity.io/report).
## Disclosure Policy
When the security team receives a security bug report, they will assign it to a
primary handler. This person will coordinate the fix and release process,
involving the following steps:
* Confirm the problem and determine the affected versions.
* Audit code to find any potential similar problems.
* Prepare fixes for all releases still under maintenance. These fixes will be
released as fast as possible to npm.
## Comments on this Policy
If you have suggestions on how this process could be improved please submit a
pull request.
......@@ -162,8 +162,8 @@ proto.handle = function handle(req, res, out) {
}
// skip if route match does not border "/", ".", or end
var c = path[route.length];
if (c !== undefined && '/' !== c && '.' !== c) {
var c = path.length > route.length && path[route.length];
if (c && c !== '/' && c !== '.') {
return next(err);
}
......
{
"name": "connect",
"description": "High performance middleware framework",
"version": "3.4.1",
"version": "3.6.7",
"author": "TJ Holowaychuk <tj@vision-media.ca> (http://tjholowaychuk.com)",
"contributors": [
"Douglas Christopher Wilson <doug@somethingdoug.com>",
......@@ -17,29 +17,32 @@
],
"repository": "senchalabs/connect",
"dependencies": {
"debug": "~2.2.0",
"finalhandler": "0.4.1",
"parseurl": "~1.3.1",
"utils-merge": "1.0.0"
"debug": "2.6.9",
"finalhandler": "1.1.1",
"parseurl": "~1.3.2",
"utils-merge": "1.0.1"
},
"devDependencies": {
"istanbul": "0.4.2",
"mocha": "2.3.4",
"supertest": "1.1.0"
"eslint": "2.13.1",
"mocha": "3.5.3",
"nyc": "10.3.2",
"supertest": "2.0.0"
},
"license": "MIT",
"files": [
"LICENSE",
"History.md",
"Readme.md",
"HISTORY.md",
"README.md",
"SECURITY.md",
"index.js"
],
"engines": {
"node": ">= 0.10.0"
},
"scripts": {
"lint": "eslint .",
"test": "mocha --require test/support/env --reporter spec --bail --check-leaks test/",
"test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --require test/support/env --reporter dot --check-leaks test/",
"test-travis": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --require test/support/env --reporter spec --check-leaks test/"
"test-cov": "nyc --reporter=text npm test",
"test-travis": "nyc --reporter=html --reporter=text npm test"
}
}
......@@ -2,7 +2,7 @@
var assert = require('assert');
var connect = require('..');
var http = require('http');
var request = require('supertest');
var rawrequest = require('./support/rawagent')
describe('app.use()', function(){
var app;
......@@ -80,53 +80,3 @@ describe('app.use()', function(){
});
});
});
function rawrequest(app) {
var _path;
var server = http.createServer(app);
function expect(status, body, callback) {
server.listen(function(){
var addr = this.address();
var hostname = addr.family === 'IPv6' ? '::1' : '127.0.0.1';
var port = addr.port;
var req = http.get({
host: hostname,
path: _path,
port: port
});
req.on('response', function(res){
var buf = '';
res.setEncoding('utf8');
res.on('data', function(s){ buf += s });
res.on('end', function(){
var err = null;
try {
assert.equal(res.statusCode, status);
assert.equal(buf, body);
} catch (e) {
err = e;
}
server.close();
callback(err);
});
});
});
}
function get(path) {
_path = path;
return {
expect: expect
};
}
return {
get: get
};
}
......@@ -41,6 +41,16 @@ describe('app.use()', function(){
.expect(200, '/article/1', done);
});
it('should match up to dot', function (done) {
app.use('/blog', function (req, res) {
res.end(req.url)
})
request(app)
.get('/blog.json')
.expect(200, done)
})
it('should not match shorter path', function (done) {
app.use('/blog-o-rama', function (req, res) {
res.end(req.url);
......@@ -161,12 +171,12 @@ describe('app.use()', function(){
it('should strip trailing slash', function(done){
var blog = connect();
blog.use(function(req, res){
assert.equal(req.url, '/');
res.end('blog');
});
app.use('/blog/', blog);
request(app)
......@@ -247,6 +257,24 @@ describe('app.use()', function(){
.expect(200, 'msg', done);
})
it('should start at error middleware declared after error', function(done){
var invoked = false;
app.use(function(err, req, res, next){
res.end('fail: ' + err.message);
});
app.use(function(req, res, next){
next(new Error('boom!'));
});
app.use(function(err, req, res, next){
res.end('pass: ' + err.message);
});
request(app)
.get('/')
.expect(200, 'pass: boom!', done);
})
it('should stack error fns', function(done){
app.use(function(req, res, next){
next(new Error('msg'));
......
......@@ -2,6 +2,7 @@
var assert = require('assert');
var connect = require('..');
var http = require('http');
var rawrequest = require('./support/rawagent')
var request = require('supertest');
describe('app', function(){
......@@ -130,8 +131,8 @@ describe('app', function(){
describe('404 handler', function(){
it('should escape the 404 response body', function(done){
rawrequest(app)
.get('/foo/<script>stuff</script>')
.expect(404, 'Cannot GET /foo/&lt;script&gt;stuff&lt;/script&gt;\n', done);
.get('/foo/<script>stuff\'n</script>')
.expect(404, />Cannot GET \/foo\/%3Cscript%3Estuff&#39;n%3C\/script%3E</, done)
});
it('shoud not fire after headers sent', function(done){
......@@ -226,53 +227,3 @@ describe('app', function(){
});
});
});
function rawrequest(app) {
var _path;
var server = http.createServer(app);
function expect(status, body, callback) {
server.listen(function(){
var addr = this.address();
var hostname = addr.family === 'IPv6' ? '::1' : '127.0.0.1';
var port = addr.port;
var req = http.get({
host: hostname,
path: _path,
port: port
});
req.on('response', function(res){
var buf = '';
res.setEncoding('utf8');
res.on('data', function(s){ buf += s });
res.on('end', function(){
var err = null;
try {
assert.equal(res.statusCode, status);
assert.equal(buf, body);
} catch (e) {
err = e;
}
server.close();
callback(err);
});
});
});
}
function get(path) {
_path = path;
return {
expect: expect
};
}
return {
get: get
};
}
'use strict'
var assert = require('assert')
var http = require('http')
module.exports = createRawAgent
function createRawAgent (app) {
return new RawAgent(app)
}
function RawAgent (app) {
this.app = app
this._open = 0
this._port = null
this._server = null
}
RawAgent.prototype.get = function get (path) {
return new RawRequest(this, 'GET', path)
}
RawAgent.prototype._close = function _close (cb) {
if (--this._open) {
return process.nextTick(cb)
}
this._server.close(cb)
}
RawAgent.prototype._start = function _start (cb) {
this._open++
if (this._port) {
return process.nextTick(cb)
}
if (!this._server) {
this._server = http.createServer(this.app).listen()
}
var agent = this
this._server.on('listening', function onListening () {
agent._port = this.address().port
cb()
})
}
function RawRequest (agent, method, path) {
this.agent = agent
this.method = method
this.path = path
}
RawRequest.prototype.expect = function expect (status, body, callback) {
var request = this
this.agent._start(function onStart () {
var req = http.request({
host: '127.0.0.1',
method: request.method,
path: request.path,
port: request.agent._port
})
req.on('response', function (res) {
var buf = ''
res.setEncoding('utf8')
res.on('data', function onData (s) { buf += s })
res.on('end', function onEnd () {
var err = null
try {
assert.equal(res.statusCode, status, 'expected ' + status + ' status, got ' + res.statusCode)
if (body instanceof RegExp) {
assert.ok(body.test(buf), 'expected body ' + buf + ' to match ' + body)
} else {
assert.equal(buf, body, 'expected ' + body + ' response body, got ' + buf)
}
} catch (e) {
err = e
}
request.agent._close(function onClose () {
callback(err)
})
})
})
req.end()
})
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment