diff options
Diffstat (limited to 'backend/node_modules/express')
| -rw-r--r-- | backend/node_modules/express/History.md | 3615 | ||||
| -rw-r--r-- | backend/node_modules/express/LICENSE | 24 | ||||
| -rw-r--r-- | backend/node_modules/express/Readme.md | 166 | ||||
| -rw-r--r-- | backend/node_modules/express/index.js | 11 | ||||
| -rw-r--r-- | backend/node_modules/express/lib/application.js | 661 | ||||
| -rw-r--r-- | backend/node_modules/express/lib/express.js | 116 | ||||
| -rw-r--r-- | backend/node_modules/express/lib/middleware/init.js | 43 | ||||
| -rw-r--r-- | backend/node_modules/express/lib/middleware/query.js | 47 | ||||
| -rw-r--r-- | backend/node_modules/express/lib/request.js | 525 | ||||
| -rw-r--r-- | backend/node_modules/express/lib/response.js | 1178 | ||||
| -rw-r--r-- | backend/node_modules/express/lib/router/index.js | 673 | ||||
| -rw-r--r-- | backend/node_modules/express/lib/router/layer.js | 181 | ||||
| -rw-r--r-- | backend/node_modules/express/lib/router/route.js | 230 | ||||
| -rw-r--r-- | backend/node_modules/express/lib/utils.js | 303 | ||||
| -rw-r--r-- | backend/node_modules/express/lib/view.js | 182 | ||||
| -rw-r--r-- | backend/node_modules/express/package.json | 98 |
16 files changed, 0 insertions, 8053 deletions
diff --git a/backend/node_modules/express/History.md b/backend/node_modules/express/History.md deleted file mode 100644 index ac2e7cf..0000000 --- a/backend/node_modules/express/History.md +++ /dev/null @@ -1,3615 +0,0 @@ -4.19.2 / 2024-03-25 -========== - - * Improved fix for open redirect allow list bypass - -4.19.1 / 2024-03-20 -========== - - * Allow passing non-strings to res.location with new encoding handling checks - -4.19.0 / 2024-03-20 -========== - - * Prevent open redirect allow list bypass due to encodeurl - * deps: cookie@0.6.0 - -4.18.3 / 2024-02-29 -========== - - * Fix routing requests without method - * deps: body-parser@1.20.2 - - Fix strict json error message on Node.js 19+ - - deps: content-type@~1.0.5 - - deps: raw-body@2.5.2 - * deps: cookie@0.6.0 - - Add `partitioned` option - -4.18.2 / 2022-10-08 -=================== - - * Fix regression routing a large stack in a single route - * deps: body-parser@1.20.1 - - deps: qs@6.11.0 - - perf: remove unnecessary object clone - * deps: qs@6.11.0 - -4.18.1 / 2022-04-29 -=================== - - * Fix hanging on large stack of sync routes - -4.18.0 / 2022-04-25 -=================== - - * Add "root" option to `res.download` - * Allow `options` without `filename` in `res.download` - * Deprecate string and non-integer arguments to `res.status` - * Fix behavior of `null`/`undefined` as `maxAge` in `res.cookie` - * Fix handling very large stacks of sync middleware - * Ignore `Object.prototype` values in settings through `app.set`/`app.get` - * Invoke `default` with same arguments as types in `res.format` - * Support proper 205 responses using `res.send` - * Use `http-errors` for `res.format` error - * deps: body-parser@1.20.0 - - Fix error message for json parse whitespace in `strict` - - Fix internal error when inflated body exceeds limit - - Prevent loss of async hooks context - - Prevent hanging when request already read - - deps: depd@2.0.0 - - deps: http-errors@2.0.0 - - deps: on-finished@2.4.1 - - deps: qs@6.10.3 - - deps: raw-body@2.5.1 - * deps: cookie@0.5.0 - - Add `priority` option - - Fix `expires` option to reject invalid dates - * deps: depd@2.0.0 - - Replace internal `eval` usage with `Function` constructor - - Use instance methods on `process` to check for listeners - * deps: finalhandler@1.2.0 - - Remove set content headers that break response - - deps: on-finished@2.4.1 - - deps: statuses@2.0.1 - * deps: on-finished@2.4.1 - - Prevent loss of async hooks context - * deps: qs@6.10.3 - * deps: send@0.18.0 - - Fix emitted 416 error missing headers property - - Limit the headers removed for 304 response - - deps: depd@2.0.0 - - deps: destroy@1.2.0 - - deps: http-errors@2.0.0 - - deps: on-finished@2.4.1 - - deps: statuses@2.0.1 - * deps: serve-static@1.15.0 - - deps: send@0.18.0 - * deps: statuses@2.0.1 - - Remove code 306 - - Rename `425 Unordered Collection` to standard `425 Too Early` - -4.17.3 / 2022-02-16 -=================== - - * deps: accepts@~1.3.8 - - deps: mime-types@~2.1.34 - - deps: negotiator@0.6.3 - * deps: body-parser@1.19.2 - - deps: bytes@3.1.2 - - deps: qs@6.9.7 - - deps: raw-body@2.4.3 - * deps: cookie@0.4.2 - * deps: qs@6.9.7 - * Fix handling of `__proto__` keys - * pref: remove unnecessary regexp for trust proxy - -4.17.2 / 2021-12-16 -=================== - - * Fix handling of `undefined` in `res.jsonp` - * Fix handling of `undefined` when `"json escape"` is enabled - * Fix incorrect middleware execution with unanchored `RegExp`s - * Fix `res.jsonp(obj, status)` deprecation message - * Fix typo in `res.is` JSDoc - * deps: body-parser@1.19.1 - - deps: bytes@3.1.1 - - deps: http-errors@1.8.1 - - deps: qs@6.9.6 - - deps: raw-body@2.4.2 - - deps: safe-buffer@5.2.1 - - deps: type-is@~1.6.18 - * deps: content-disposition@0.5.4 - - deps: safe-buffer@5.2.1 - * deps: cookie@0.4.1 - - Fix `maxAge` option to reject invalid values - * deps: proxy-addr@~2.0.7 - - Use `req.socket` over deprecated `req.connection` - - deps: forwarded@0.2.0 - - deps: ipaddr.js@1.9.1 - * deps: qs@6.9.6 - * deps: safe-buffer@5.2.1 - * deps: send@0.17.2 - - deps: http-errors@1.8.1 - - deps: ms@2.1.3 - - pref: ignore empty http tokens - * deps: serve-static@1.14.2 - - deps: send@0.17.2 - * deps: setprototypeof@1.2.0 - -4.17.1 / 2019-05-25 -=================== - - * Revert "Improve error message for `null`/`undefined` to `res.status`" - -4.17.0 / 2019-05-16 -=================== - - * Add `express.raw` to parse bodies into `Buffer` - * Add `express.text` to parse bodies into string - * Improve error message for non-strings to `res.sendFile` - * Improve error message for `null`/`undefined` to `res.status` - * Support multiple hosts in `X-Forwarded-Host` - * deps: accepts@~1.3.7 - * deps: body-parser@1.19.0 - - Add encoding MIK - - Add petabyte (`pb`) support - - Fix parsing array brackets after index - - deps: bytes@3.1.0 - - deps: http-errors@1.7.2 - - deps: iconv-lite@0.4.24 - - deps: qs@6.7.0 - - deps: raw-body@2.4.0 - - deps: type-is@~1.6.17 - * deps: content-disposition@0.5.3 - * deps: cookie@0.4.0 - - Add `SameSite=None` support - * deps: finalhandler@~1.1.2 - - Set stricter `Content-Security-Policy` header - - deps: parseurl@~1.3.3 - - deps: statuses@~1.5.0 - * deps: parseurl@~1.3.3 - * deps: proxy-addr@~2.0.5 - - deps: ipaddr.js@1.9.0 - * deps: qs@6.7.0 - - Fix parsing array brackets after index - * deps: range-parser@~1.2.1 - * deps: send@0.17.1 - - Set stricter CSP header in redirect & error responses - - deps: http-errors@~1.7.2 - - deps: mime@1.6.0 - - deps: ms@2.1.1 - - deps: range-parser@~1.2.1 - - deps: statuses@~1.5.0 - - perf: remove redundant `path.normalize` call - * deps: serve-static@1.14.1 - - Set stricter CSP header in redirect response - - deps: parseurl@~1.3.3 - - deps: send@0.17.1 - * deps: setprototypeof@1.1.1 - * deps: statuses@~1.5.0 - - Add `103 Early Hints` - * deps: type-is@~1.6.18 - - deps: mime-types@~2.1.24 - - perf: prevent internal `throw` on invalid type - -4.16.4 / 2018-10-10 -=================== - - * Fix issue where `"Request aborted"` may be logged in `res.sendfile` - * Fix JSDoc for `Router` constructor - * deps: body-parser@1.18.3 - - Fix deprecation warnings on Node.js 10+ - - Fix stack trace for strict json parse error - - deps: depd@~1.1.2 - - deps: http-errors@~1.6.3 - - deps: iconv-lite@0.4.23 - - deps: qs@6.5.2 - - deps: raw-body@2.3.3 - - deps: type-is@~1.6.16 - * deps: proxy-addr@~2.0.4 - - deps: ipaddr.js@1.8.0 - * deps: qs@6.5.2 - * deps: safe-buffer@5.1.2 - -4.16.3 / 2018-03-12 -=================== - - * deps: accepts@~1.3.5 - - deps: mime-types@~2.1.18 - * deps: depd@~1.1.2 - - perf: remove argument reassignment - * deps: encodeurl@~1.0.2 - - Fix encoding `%` as last character - * deps: finalhandler@1.1.1 - - Fix 404 output for bad / missing pathnames - - deps: encodeurl@~1.0.2 - - deps: statuses@~1.4.0 - * deps: proxy-addr@~2.0.3 - - deps: ipaddr.js@1.6.0 - * deps: send@0.16.2 - - Fix incorrect end tag in default error & redirects - - deps: depd@~1.1.2 - - deps: encodeurl@~1.0.2 - - deps: statuses@~1.4.0 - * deps: serve-static@1.13.2 - - Fix incorrect end tag in redirects - - deps: encodeurl@~1.0.2 - - deps: send@0.16.2 - * deps: statuses@~1.4.0 - * deps: type-is@~1.6.16 - - deps: mime-types@~2.1.18 - -4.16.2 / 2017-10-09 -=================== - - * Fix `TypeError` in `res.send` when given `Buffer` and `ETag` header set - * perf: skip parsing of entire `X-Forwarded-Proto` header - -4.16.1 / 2017-09-29 -=================== - - * deps: send@0.16.1 - * deps: serve-static@1.13.1 - - Fix regression when `root` is incorrectly set to a file - - deps: send@0.16.1 - -4.16.0 / 2017-09-28 -=================== - - * Add `"json escape"` setting for `res.json` and `res.jsonp` - * Add `express.json` and `express.urlencoded` to parse bodies - * Add `options` argument to `res.download` - * Improve error message when autoloading invalid view engine - * Improve error messages when non-function provided as middleware - * Skip `Buffer` encoding when not generating ETag for small response - * Use `safe-buffer` for improved Buffer API - * deps: accepts@~1.3.4 - - deps: mime-types@~2.1.16 - * deps: content-type@~1.0.4 - - perf: remove argument reassignment - - perf: skip parameter parsing when no parameters - * deps: etag@~1.8.1 - - perf: replace regular expression with substring - * deps: finalhandler@1.1.0 - - Use `res.headersSent` when available - * deps: parseurl@~1.3.2 - - perf: reduce overhead for full URLs - - perf: unroll the "fast-path" `RegExp` - * deps: proxy-addr@~2.0.2 - - Fix trimming leading / trailing OWS in `X-Forwarded-For` - - deps: forwarded@~0.1.2 - - deps: ipaddr.js@1.5.2 - - perf: reduce overhead when no `X-Forwarded-For` header - * deps: qs@6.5.1 - - Fix parsing & compacting very deep objects - * deps: send@0.16.0 - - Add 70 new types for file extensions - - Add `immutable` option - - Fix missing `</html>` in default error & redirects - - Set charset as "UTF-8" for .js and .json - - Use instance methods on steam to check for listeners - - deps: mime@1.4.1 - - perf: improve path validation speed - * deps: serve-static@1.13.0 - - Add 70 new types for file extensions - - Add `immutable` option - - Set charset as "UTF-8" for .js and .json - - deps: send@0.16.0 - * deps: setprototypeof@1.1.0 - * deps: utils-merge@1.0.1 - * deps: vary@~1.1.2 - - perf: improve header token parsing speed - * perf: re-use options object when generating ETags - * perf: remove dead `.charset` set in `res.jsonp` - -4.15.5 / 2017-09-24 -=================== - - * deps: debug@2.6.9 - * deps: finalhandler@~1.0.6 - - deps: debug@2.6.9 - - deps: parseurl@~1.3.2 - * deps: fresh@0.5.2 - - Fix handling of modified headers with invalid dates - - perf: improve ETag match loop - - perf: improve `If-None-Match` token parsing - * deps: send@0.15.6 - - Fix handling of modified headers with invalid dates - - deps: debug@2.6.9 - - deps: etag@~1.8.1 - - deps: fresh@0.5.2 - - perf: improve `If-Match` token parsing - * deps: serve-static@1.12.6 - - deps: parseurl@~1.3.2 - - deps: send@0.15.6 - - perf: improve slash collapsing - -4.15.4 / 2017-08-06 -=================== - - * deps: debug@2.6.8 - * deps: depd@~1.1.1 - - Remove unnecessary `Buffer` loading - * deps: finalhandler@~1.0.4 - - deps: debug@2.6.8 - * deps: proxy-addr@~1.1.5 - - Fix array argument being altered - - deps: ipaddr.js@1.4.0 - * deps: qs@6.5.0 - * deps: send@0.15.4 - - deps: debug@2.6.8 - - deps: depd@~1.1.1 - - deps: http-errors@~1.6.2 - * deps: serve-static@1.12.4 - - deps: send@0.15.4 - -4.15.3 / 2017-05-16 -=================== - - * Fix error when `res.set` cannot add charset to `Content-Type` - * deps: debug@2.6.7 - - Fix `DEBUG_MAX_ARRAY_LENGTH` - - deps: ms@2.0.0 - * deps: finalhandler@~1.0.3 - - Fix missing `</html>` in HTML document - - deps: debug@2.6.7 - * deps: proxy-addr@~1.1.4 - - deps: ipaddr.js@1.3.0 - * deps: send@0.15.3 - - deps: debug@2.6.7 - - deps: ms@2.0.0 - * deps: serve-static@1.12.3 - - deps: send@0.15.3 - * deps: type-is@~1.6.15 - - deps: mime-types@~2.1.15 - * deps: vary@~1.1.1 - - perf: hoist regular expression - -4.15.2 / 2017-03-06 -=================== - - * deps: qs@6.4.0 - - Fix regression parsing keys starting with `[` - -4.15.1 / 2017-03-05 -=================== - - * deps: send@0.15.1 - - Fix issue when `Date.parse` does not return `NaN` on invalid date - - Fix strict violation in broken environments - * deps: serve-static@1.12.1 - - Fix issue when `Date.parse` does not return `NaN` on invalid date - - deps: send@0.15.1 - -4.15.0 / 2017-03-01 -=================== - - * Add debug message when loading view engine - * Add `next("router")` to exit from router - * Fix case where `router.use` skipped requests routes did not - * Remove usage of `res._headers` private field - - Improves compatibility with Node.js 8 nightly - * Skip routing when `req.url` is not set - * Use `%o` in path debug to tell types apart - * Use `Object.create` to setup request & response prototypes - * Use `setprototypeof` module to replace `__proto__` setting - * Use `statuses` instead of `http` module for status messages - * deps: debug@2.6.1 - - Allow colors in workers - - Deprecated `DEBUG_FD` environment variable set to `3` or higher - - Fix error when running under React Native - - Use same color for same namespace - - deps: ms@0.7.2 - * deps: etag@~1.8.0 - - Use SHA1 instead of MD5 for ETag hashing - - Works with FIPS 140-2 OpenSSL configuration - * deps: finalhandler@~1.0.0 - - Fix exception when `err` cannot be converted to a string - - Fully URL-encode the pathname in the 404 - - Only include the pathname in the 404 message - - Send complete HTML document - - Set `Content-Security-Policy: default-src 'self'` header - - deps: debug@2.6.1 - * deps: fresh@0.5.0 - - Fix false detection of `no-cache` request directive - - Fix incorrect result when `If-None-Match` has both `*` and ETags - - Fix weak `ETag` matching to match spec - - perf: delay reading header values until needed - - perf: enable strict mode - - perf: hoist regular expressions - - perf: remove duplicate conditional - - perf: remove unnecessary boolean coercions - - perf: skip checking modified time if ETag check failed - - perf: skip parsing `If-None-Match` when no `ETag` header - - perf: use `Date.parse` instead of `new Date` - * deps: qs@6.3.1 - - Fix array parsing from skipping empty values - - Fix compacting nested arrays - * deps: send@0.15.0 - - Fix false detection of `no-cache` request directive - - Fix incorrect result when `If-None-Match` has both `*` and ETags - - Fix weak `ETag` matching to match spec - - Remove usage of `res._headers` private field - - Support `If-Match` and `If-Unmodified-Since` headers - - Use `res.getHeaderNames()` when available - - Use `res.headersSent` when available - - deps: debug@2.6.1 - - deps: etag@~1.8.0 - - deps: fresh@0.5.0 - - deps: http-errors@~1.6.1 - * deps: serve-static@1.12.0 - - Fix false detection of `no-cache` request directive - - Fix incorrect result when `If-None-Match` has both `*` and ETags - - Fix weak `ETag` matching to match spec - - Remove usage of `res._headers` private field - - Send complete HTML document in redirect response - - Set default CSP header in redirect response - - Support `If-Match` and `If-Unmodified-Since` headers - - Use `res.getHeaderNames()` when available - - Use `res.headersSent` when available - - deps: send@0.15.0 - * perf: add fast match path for `*` route - * perf: improve `req.ips` performance - -4.14.1 / 2017-01-28 -=================== - - * deps: content-disposition@0.5.2 - * deps: finalhandler@0.5.1 - - Fix exception when `err.headers` is not an object - - deps: statuses@~1.3.1 - - perf: hoist regular expressions - - perf: remove duplicate validation path - * deps: proxy-addr@~1.1.3 - - deps: ipaddr.js@1.2.0 - * deps: send@0.14.2 - - deps: http-errors@~1.5.1 - - deps: ms@0.7.2 - - deps: statuses@~1.3.1 - * deps: serve-static@~1.11.2 - - deps: send@0.14.2 - * deps: type-is@~1.6.14 - - deps: mime-types@~2.1.13 - -4.14.0 / 2016-06-16 -=================== - - * Add `acceptRanges` option to `res.sendFile`/`res.sendfile` - * Add `cacheControl` option to `res.sendFile`/`res.sendfile` - * Add `options` argument to `req.range` - - Includes the `combine` option - * Encode URL in `res.location`/`res.redirect` if not already encoded - * Fix some redirect handling in `res.sendFile`/`res.sendfile` - * Fix Windows absolute path check using forward slashes - * Improve error with invalid arguments to `req.get()` - * Improve performance for `res.json`/`res.jsonp` in most cases - * Improve `Range` header handling in `res.sendFile`/`res.sendfile` - * deps: accepts@~1.3.3 - - Fix including type extensions in parameters in `Accept` parsing - - Fix parsing `Accept` parameters with quoted equals - - Fix parsing `Accept` parameters with quoted semicolons - - Many performance improvements - - deps: mime-types@~2.1.11 - - deps: negotiator@0.6.1 - * deps: content-type@~1.0.2 - - perf: enable strict mode - * deps: cookie@0.3.1 - - Add `sameSite` option - - Fix cookie `Max-Age` to never be a floating point number - - Improve error message when `encode` is not a function - - Improve error message when `expires` is not a `Date` - - Throw better error for invalid argument to parse - - Throw on invalid values provided to `serialize` - - perf: enable strict mode - - perf: hoist regular expression - - perf: use for loop in parse - - perf: use string concatenation for serialization - * deps: finalhandler@0.5.0 - - Change invalid or non-numeric status code to 500 - - Overwrite status message to match set status code - - Prefer `err.statusCode` if `err.status` is invalid - - Set response headers from `err.headers` object - - Use `statuses` instead of `http` module for status messages - * deps: proxy-addr@~1.1.2 - - Fix accepting various invalid netmasks - - Fix IPv6-mapped IPv4 validation edge cases - - IPv4 netmasks must be contiguous - - IPv6 addresses cannot be used as a netmask - - deps: ipaddr.js@1.1.1 - * deps: qs@6.2.0 - - Add `decoder` option in `parse` function - * deps: range-parser@~1.2.0 - - Add `combine` option to combine overlapping ranges - - Fix incorrectly returning -1 when there is at least one valid range - - perf: remove internal function - * deps: send@0.14.1 - - Add `acceptRanges` option - - Add `cacheControl` option - - Attempt to combine multiple ranges into single range - - Correctly inherit from `Stream` class - - Fix `Content-Range` header in 416 responses when using `start`/`end` options - - Fix `Content-Range` header missing from default 416 responses - - Fix redirect error when `path` contains raw non-URL characters - - Fix redirect when `path` starts with multiple forward slashes - - Ignore non-byte `Range` headers - - deps: http-errors@~1.5.0 - - deps: range-parser@~1.2.0 - - deps: statuses@~1.3.0 - - perf: remove argument reassignment - * deps: serve-static@~1.11.1 - - Add `acceptRanges` option - - Add `cacheControl` option - - Attempt to combine multiple ranges into single range - - Fix redirect error when `req.url` contains raw non-URL characters - - Ignore non-byte `Range` headers - - Use status code 301 for redirects - - deps: send@0.14.1 - * deps: type-is@~1.6.13 - - Fix type error when given invalid type to match against - - deps: mime-types@~2.1.11 - * deps: vary@~1.1.0 - - Only accept valid field names in the `field` argument - * perf: use strict equality when possible - -4.13.4 / 2016-01-21 -=================== - - * deps: content-disposition@0.5.1 - - perf: enable strict mode - * deps: cookie@0.1.5 - - Throw on invalid values provided to `serialize` - * deps: depd@~1.1.0 - - Support web browser loading - - perf: enable strict mode - * deps: escape-html@~1.0.3 - - perf: enable strict mode - - perf: optimize string replacement - - perf: use faster string coercion - * deps: finalhandler@0.4.1 - - deps: escape-html@~1.0.3 - * deps: merge-descriptors@1.0.1 - - perf: enable strict mode - * deps: methods@~1.1.2 - - perf: enable strict mode - * deps: parseurl@~1.3.1 - - perf: enable strict mode - * deps: proxy-addr@~1.0.10 - - deps: ipaddr.js@1.0.5 - - perf: enable strict mode - * deps: range-parser@~1.0.3 - - perf: enable strict mode - * deps: send@0.13.1 - - deps: depd@~1.1.0 - - deps: destroy@~1.0.4 - - deps: escape-html@~1.0.3 - - deps: range-parser@~1.0.3 - * deps: serve-static@~1.10.2 - - deps: escape-html@~1.0.3 - - deps: parseurl@~1.3.0 - - deps: send@0.13.1 - -4.13.3 / 2015-08-02 -=================== - - * Fix infinite loop condition using `mergeParams: true` - * Fix inner numeric indices incorrectly altering parent `req.params` - -4.13.2 / 2015-07-31 -=================== - - * deps: accepts@~1.2.12 - - deps: mime-types@~2.1.4 - * deps: array-flatten@1.1.1 - - perf: enable strict mode - * deps: path-to-regexp@0.1.7 - - Fix regression with escaped round brackets and matching groups - * deps: type-is@~1.6.6 - - deps: mime-types@~2.1.4 - -4.13.1 / 2015-07-05 -=================== - - * deps: accepts@~1.2.10 - - deps: mime-types@~2.1.2 - * deps: qs@4.0.0 - - Fix dropping parameters like `hasOwnProperty` - - Fix various parsing edge cases - * deps: type-is@~1.6.4 - - deps: mime-types@~2.1.2 - - perf: enable strict mode - - perf: remove argument reassignment - -4.13.0 / 2015-06-20 -=================== - - * Add settings to debug output - * Fix `res.format` error when only `default` provided - * Fix issue where `next('route')` in `app.param` would incorrectly skip values - * Fix hiding platform issues with `decodeURIComponent` - - Only `URIError`s are a 400 - * Fix using `*` before params in routes - * Fix using capture groups before params in routes - * Simplify `res.cookie` to call `res.append` - * Use `array-flatten` module for flattening arrays - * deps: accepts@~1.2.9 - - deps: mime-types@~2.1.1 - - perf: avoid argument reassignment & argument slice - - perf: avoid negotiator recursive construction - - perf: enable strict mode - - perf: remove unnecessary bitwise operator - * deps: cookie@0.1.3 - - perf: deduce the scope of try-catch deopt - - perf: remove argument reassignments - * deps: escape-html@1.0.2 - * deps: etag@~1.7.0 - - Always include entity length in ETags for hash length extensions - - Generate non-Stats ETags using MD5 only (no longer CRC32) - - Improve stat performance by removing hashing - - Improve support for JXcore - - Remove base64 padding in ETags to shorten - - Support "fake" stats objects in environments without fs - - Use MD5 instead of MD4 in weak ETags over 1KB - * deps: finalhandler@0.4.0 - - Fix a false-positive when unpiping in Node.js 0.8 - - Support `statusCode` property on `Error` objects - - Use `unpipe` module for unpiping requests - - deps: escape-html@1.0.2 - - deps: on-finished@~2.3.0 - - perf: enable strict mode - - perf: remove argument reassignment - * deps: fresh@0.3.0 - - Add weak `ETag` matching support - * deps: on-finished@~2.3.0 - - Add defined behavior for HTTP `CONNECT` requests - - Add defined behavior for HTTP `Upgrade` requests - - deps: ee-first@1.1.1 - * deps: path-to-regexp@0.1.6 - * deps: send@0.13.0 - - Allow Node.js HTTP server to set `Date` response header - - Fix incorrectly removing `Content-Location` on 304 response - - Improve the default redirect response headers - - Send appropriate headers on default error response - - Use `http-errors` for standard emitted errors - - Use `statuses` instead of `http` module for status messages - - deps: escape-html@1.0.2 - - deps: etag@~1.7.0 - - deps: fresh@0.3.0 - - deps: on-finished@~2.3.0 - - perf: enable strict mode - - perf: remove unnecessary array allocations - * deps: serve-static@~1.10.0 - - Add `fallthrough` option - - Fix reading options from options prototype - - Improve the default redirect response headers - - Malformed URLs now `next()` instead of 400 - - deps: escape-html@1.0.2 - - deps: send@0.13.0 - - perf: enable strict mode - - perf: remove argument reassignment - * deps: type-is@~1.6.3 - - deps: mime-types@~2.1.1 - - perf: reduce try block size - - perf: remove bitwise operations - * perf: enable strict mode - * perf: isolate `app.render` try block - * perf: remove argument reassignments in application - * perf: remove argument reassignments in request prototype - * perf: remove argument reassignments in response prototype - * perf: remove argument reassignments in routing - * perf: remove argument reassignments in `View` - * perf: skip attempting to decode zero length string - * perf: use saved reference to `http.STATUS_CODES` - -4.12.4 / 2015-05-17 -=================== - - * deps: accepts@~1.2.7 - - deps: mime-types@~2.0.11 - - deps: negotiator@0.5.3 - * deps: debug@~2.2.0 - - deps: ms@0.7.1 - * deps: depd@~1.0.1 - * deps: etag@~1.6.0 - - Improve support for JXcore - - Support "fake" stats objects in environments without `fs` - * deps: finalhandler@0.3.6 - - deps: debug@~2.2.0 - - deps: on-finished@~2.2.1 - * deps: on-finished@~2.2.1 - - Fix `isFinished(req)` when data buffered - * deps: proxy-addr@~1.0.8 - - deps: ipaddr.js@1.0.1 - * deps: qs@2.4.2 - - Fix allowing parameters like `constructor` - * deps: send@0.12.3 - - deps: debug@~2.2.0 - - deps: depd@~1.0.1 - - deps: etag@~1.6.0 - - deps: ms@0.7.1 - - deps: on-finished@~2.2.1 - * deps: serve-static@~1.9.3 - - deps: send@0.12.3 - * deps: type-is@~1.6.2 - - deps: mime-types@~2.0.11 - -4.12.3 / 2015-03-17 -=================== - - * deps: accepts@~1.2.5 - - deps: mime-types@~2.0.10 - * deps: debug@~2.1.3 - - Fix high intensity foreground color for bold - - deps: ms@0.7.0 - * deps: finalhandler@0.3.4 - - deps: debug@~2.1.3 - * deps: proxy-addr@~1.0.7 - - deps: ipaddr.js@0.1.9 - * deps: qs@2.4.1 - - Fix error when parameter `hasOwnProperty` is present - * deps: send@0.12.2 - - Throw errors early for invalid `extensions` or `index` options - - deps: debug@~2.1.3 - * deps: serve-static@~1.9.2 - - deps: send@0.12.2 - * deps: type-is@~1.6.1 - - deps: mime-types@~2.0.10 - -4.12.2 / 2015-03-02 -=================== - - * Fix regression where `"Request aborted"` is logged using `res.sendFile` - -4.12.1 / 2015-03-01 -=================== - - * Fix constructing application with non-configurable prototype properties - * Fix `ECONNRESET` errors from `res.sendFile` usage - * Fix `req.host` when using "trust proxy" hops count - * Fix `req.protocol`/`req.secure` when using "trust proxy" hops count - * Fix wrong `code` on aborted connections from `res.sendFile` - * deps: merge-descriptors@1.0.0 - -4.12.0 / 2015-02-23 -=================== - - * Fix `"trust proxy"` setting to inherit when app is mounted - * Generate `ETag`s for all request responses - - No longer restricted to only responses for `GET` and `HEAD` requests - * Use `content-type` to parse `Content-Type` headers - * deps: accepts@~1.2.4 - - Fix preference sorting to be stable for long acceptable lists - - deps: mime-types@~2.0.9 - - deps: negotiator@0.5.1 - * deps: cookie-signature@1.0.6 - * deps: send@0.12.1 - - Always read the stat size from the file - - Fix mutating passed-in `options` - - deps: mime@1.3.4 - * deps: serve-static@~1.9.1 - - deps: send@0.12.1 - * deps: type-is@~1.6.0 - - fix argument reassignment - - fix false-positives in `hasBody` `Transfer-Encoding` check - - support wildcard for both type and subtype (`*/*`) - - deps: mime-types@~2.0.9 - -4.11.2 / 2015-02-01 -=================== - - * Fix `res.redirect` double-calling `res.end` for `HEAD` requests - * deps: accepts@~1.2.3 - - deps: mime-types@~2.0.8 - * deps: proxy-addr@~1.0.6 - - deps: ipaddr.js@0.1.8 - * deps: type-is@~1.5.6 - - deps: mime-types@~2.0.8 - -4.11.1 / 2015-01-20 -=================== - - * deps: send@0.11.1 - - Fix root path disclosure - * deps: serve-static@~1.8.1 - - Fix redirect loop in Node.js 0.11.14 - - Fix root path disclosure - - deps: send@0.11.1 - -4.11.0 / 2015-01-13 -=================== - - * Add `res.append(field, val)` to append headers - * Deprecate leading `:` in `name` for `app.param(name, fn)` - * Deprecate `req.param()` -- use `req.params`, `req.body`, or `req.query` instead - * Deprecate `app.param(fn)` - * Fix `OPTIONS` responses to include the `HEAD` method properly - * Fix `res.sendFile` not always detecting aborted connection - * Match routes iteratively to prevent stack overflows - * deps: accepts@~1.2.2 - - deps: mime-types@~2.0.7 - - deps: negotiator@0.5.0 - * deps: send@0.11.0 - - deps: debug@~2.1.1 - - deps: etag@~1.5.1 - - deps: ms@0.7.0 - - deps: on-finished@~2.2.0 - * deps: serve-static@~1.8.0 - - deps: send@0.11.0 - -4.10.8 / 2015-01-13 -=================== - - * Fix crash from error within `OPTIONS` response handler - * deps: proxy-addr@~1.0.5 - - deps: ipaddr.js@0.1.6 - -4.10.7 / 2015-01-04 -=================== - - * Fix `Allow` header for `OPTIONS` to not contain duplicate methods - * Fix incorrect "Request aborted" for `res.sendFile` when `HEAD` or 304 - * deps: debug@~2.1.1 - * deps: finalhandler@0.3.3 - - deps: debug@~2.1.1 - - deps: on-finished@~2.2.0 - * deps: methods@~1.1.1 - * deps: on-finished@~2.2.0 - * deps: serve-static@~1.7.2 - - Fix potential open redirect when mounted at root - * deps: type-is@~1.5.5 - - deps: mime-types@~2.0.7 - -4.10.6 / 2014-12-12 -=================== - - * Fix exception in `req.fresh`/`req.stale` without response headers - -4.10.5 / 2014-12-10 -=================== - - * Fix `res.send` double-calling `res.end` for `HEAD` requests - * deps: accepts@~1.1.4 - - deps: mime-types@~2.0.4 - * deps: type-is@~1.5.4 - - deps: mime-types@~2.0.4 - -4.10.4 / 2014-11-24 -=================== - - * Fix `res.sendfile` logging standard write errors - -4.10.3 / 2014-11-23 -=================== - - * Fix `res.sendFile` logging standard write errors - * deps: etag@~1.5.1 - * deps: proxy-addr@~1.0.4 - - deps: ipaddr.js@0.1.5 - * deps: qs@2.3.3 - - Fix `arrayLimit` behavior - -4.10.2 / 2014-11-09 -=================== - - * Correctly invoke async router callback asynchronously - * deps: accepts@~1.1.3 - - deps: mime-types@~2.0.3 - * deps: type-is@~1.5.3 - - deps: mime-types@~2.0.3 - -4.10.1 / 2014-10-28 -=================== - - * Fix handling of URLs containing `://` in the path - * deps: qs@2.3.2 - - Fix parsing of mixed objects and values - -4.10.0 / 2014-10-23 -=================== - - * Add support for `app.set('views', array)` - - Views are looked up in sequence in array of directories - * Fix `res.send(status)` to mention `res.sendStatus(status)` - * Fix handling of invalid empty URLs - * Use `content-disposition` module for `res.attachment`/`res.download` - - Sends standards-compliant `Content-Disposition` header - - Full Unicode support - * Use `path.resolve` in view lookup - * deps: debug@~2.1.0 - - Implement `DEBUG_FD` env variable support - * deps: depd@~1.0.0 - * deps: etag@~1.5.0 - - Improve string performance - - Slightly improve speed for weak ETags over 1KB - * deps: finalhandler@0.3.2 - - Terminate in progress response only on error - - Use `on-finished` to determine request status - - deps: debug@~2.1.0 - - deps: on-finished@~2.1.1 - * deps: on-finished@~2.1.1 - - Fix handling of pipelined requests - * deps: qs@2.3.0 - - Fix parsing of mixed implicit and explicit arrays - * deps: send@0.10.1 - - deps: debug@~2.1.0 - - deps: depd@~1.0.0 - - deps: etag@~1.5.0 - - deps: on-finished@~2.1.1 - * deps: serve-static@~1.7.1 - - deps: send@0.10.1 - -4.9.8 / 2014-10-17 -================== - - * Fix `res.redirect` body when redirect status specified - * deps: accepts@~1.1.2 - - Fix error when media type has invalid parameter - - deps: negotiator@0.4.9 - -4.9.7 / 2014-10-10 -================== - - * Fix using same param name in array of paths - -4.9.6 / 2014-10-08 -================== - - * deps: accepts@~1.1.1 - - deps: mime-types@~2.0.2 - - deps: negotiator@0.4.8 - * deps: serve-static@~1.6.4 - - Fix redirect loop when index file serving disabled - * deps: type-is@~1.5.2 - - deps: mime-types@~2.0.2 - -4.9.5 / 2014-09-24 -================== - - * deps: etag@~1.4.0 - * deps: proxy-addr@~1.0.3 - - Use `forwarded` npm module - * deps: send@0.9.3 - - deps: etag@~1.4.0 - * deps: serve-static@~1.6.3 - - deps: send@0.9.3 - -4.9.4 / 2014-09-19 -================== - - * deps: qs@2.2.4 - - Fix issue with object keys starting with numbers truncated - -4.9.3 / 2014-09-18 -================== - - * deps: proxy-addr@~1.0.2 - - Fix a global leak when multiple subnets are trusted - - deps: ipaddr.js@0.1.3 - -4.9.2 / 2014-09-17 -================== - - * Fix regression for empty string `path` in `app.use` - * Fix `router.use` to accept array of middleware without path - * Improve error message for bad `app.use` arguments - -4.9.1 / 2014-09-16 -================== - - * Fix `app.use` to accept array of middleware without path - * deps: depd@0.4.5 - * deps: etag@~1.3.1 - * deps: send@0.9.2 - - deps: depd@0.4.5 - - deps: etag@~1.3.1 - - deps: range-parser@~1.0.2 - * deps: serve-static@~1.6.2 - - deps: send@0.9.2 - -4.9.0 / 2014-09-08 -================== - - * Add `res.sendStatus` - * Invoke callback for sendfile when client aborts - - Applies to `res.sendFile`, `res.sendfile`, and `res.download` - - `err` will be populated with request aborted error - * Support IP address host in `req.subdomains` - * Use `etag` to generate `ETag` headers - * deps: accepts@~1.1.0 - - update `mime-types` - * deps: cookie-signature@1.0.5 - * deps: debug@~2.0.0 - * deps: finalhandler@0.2.0 - - Set `X-Content-Type-Options: nosniff` header - - deps: debug@~2.0.0 - * deps: fresh@0.2.4 - * deps: media-typer@0.3.0 - - Throw error when parameter format invalid on parse - * deps: qs@2.2.3 - - Fix issue where first empty value in array is discarded - * deps: range-parser@~1.0.2 - * deps: send@0.9.1 - - Add `lastModified` option - - Use `etag` to generate `ETag` header - - deps: debug@~2.0.0 - - deps: fresh@0.2.4 - * deps: serve-static@~1.6.1 - - Add `lastModified` option - - deps: send@0.9.1 - * deps: type-is@~1.5.1 - - fix `hasbody` to be true for `content-length: 0` - - deps: media-typer@0.3.0 - - deps: mime-types@~2.0.1 - * deps: vary@~1.0.0 - - Accept valid `Vary` header string as `field` - -4.8.8 / 2014-09-04 -================== - - * deps: send@0.8.5 - - Fix a path traversal issue when using `root` - - Fix malicious path detection for empty string path - * deps: serve-static@~1.5.4 - - deps: send@0.8.5 - -4.8.7 / 2014-08-29 -================== - - * deps: qs@2.2.2 - - Remove unnecessary cloning - -4.8.6 / 2014-08-27 -================== - - * deps: qs@2.2.0 - - Array parsing fix - - Performance improvements - -4.8.5 / 2014-08-18 -================== - - * deps: send@0.8.3 - - deps: destroy@1.0.3 - - deps: on-finished@2.1.0 - * deps: serve-static@~1.5.3 - - deps: send@0.8.3 - -4.8.4 / 2014-08-14 -================== - - * deps: qs@1.2.2 - * deps: send@0.8.2 - - Work around `fd` leak in Node.js 0.10 for `fs.ReadStream` - * deps: serve-static@~1.5.2 - - deps: send@0.8.2 - -4.8.3 / 2014-08-10 -================== - - * deps: parseurl@~1.3.0 - * deps: qs@1.2.1 - * deps: serve-static@~1.5.1 - - Fix parsing of weird `req.originalUrl` values - - deps: parseurl@~1.3.0 - - deps: utils-merge@1.0.0 - -4.8.2 / 2014-08-07 -================== - - * deps: qs@1.2.0 - - Fix parsing array of objects - -4.8.1 / 2014-08-06 -================== - - * fix incorrect deprecation warnings on `res.download` - * deps: qs@1.1.0 - - Accept urlencoded square brackets - - Accept empty values in implicit array notation - -4.8.0 / 2014-08-05 -================== - - * add `res.sendFile` - - accepts a file system path instead of a URL - - requires an absolute path or `root` option specified - * deprecate `res.sendfile` -- use `res.sendFile` instead - * support mounted app as any argument to `app.use()` - * deps: qs@1.0.2 - - Complete rewrite - - Limits array length to 20 - - Limits object depth to 5 - - Limits parameters to 1,000 - * deps: send@0.8.1 - - Add `extensions` option - * deps: serve-static@~1.5.0 - - Add `extensions` option - - deps: send@0.8.1 - -4.7.4 / 2014-08-04 -================== - - * fix `res.sendfile` regression for serving directory index files - * deps: send@0.7.4 - - Fix incorrect 403 on Windows and Node.js 0.11 - - Fix serving index files without root dir - * deps: serve-static@~1.4.4 - - deps: send@0.7.4 - -4.7.3 / 2014-08-04 -================== - - * deps: send@0.7.3 - - Fix incorrect 403 on Windows and Node.js 0.11 - * deps: serve-static@~1.4.3 - - Fix incorrect 403 on Windows and Node.js 0.11 - - deps: send@0.7.3 - -4.7.2 / 2014-07-27 -================== - - * deps: depd@0.4.4 - - Work-around v8 generating empty stack traces - * deps: send@0.7.2 - - deps: depd@0.4.4 - * deps: serve-static@~1.4.2 - -4.7.1 / 2014-07-26 -================== - - * deps: depd@0.4.3 - - Fix exception when global `Error.stackTraceLimit` is too low - * deps: send@0.7.1 - - deps: depd@0.4.3 - * deps: serve-static@~1.4.1 - -4.7.0 / 2014-07-25 -================== - - * fix `req.protocol` for proxy-direct connections - * configurable query parser with `app.set('query parser', parser)` - - `app.set('query parser', 'extended')` parse with "qs" module - - `app.set('query parser', 'simple')` parse with "querystring" core module - - `app.set('query parser', false)` disable query string parsing - - `app.set('query parser', true)` enable simple parsing - * deprecate `res.json(status, obj)` -- use `res.status(status).json(obj)` instead - * deprecate `res.jsonp(status, obj)` -- use `res.status(status).jsonp(obj)` instead - * deprecate `res.send(status, body)` -- use `res.status(status).send(body)` instead - * deps: debug@1.0.4 - * deps: depd@0.4.2 - - Add `TRACE_DEPRECATION` environment variable - - Remove non-standard grey color from color output - - Support `--no-deprecation` argument - - Support `--trace-deprecation` argument - * deps: finalhandler@0.1.0 - - Respond after request fully read - - deps: debug@1.0.4 - * deps: parseurl@~1.2.0 - - Cache URLs based on original value - - Remove no-longer-needed URL mis-parse work-around - - Simplify the "fast-path" `RegExp` - * deps: send@0.7.0 - - Add `dotfiles` option - - Cap `maxAge` value to 1 year - - deps: debug@1.0.4 - - deps: depd@0.4.2 - * deps: serve-static@~1.4.0 - - deps: parseurl@~1.2.0 - - deps: send@0.7.0 - * perf: prevent multiple `Buffer` creation in `res.send` - -4.6.1 / 2014-07-12 -================== - - * fix `subapp.mountpath` regression for `app.use(subapp)` - -4.6.0 / 2014-07-11 -================== - - * accept multiple callbacks to `app.use()` - * add explicit "Rosetta Flash JSONP abuse" protection - - previous versions are not vulnerable; this is just explicit protection - * catch errors in multiple `req.param(name, fn)` handlers - * deprecate `res.redirect(url, status)` -- use `res.redirect(status, url)` instead - * fix `res.send(status, num)` to send `num` as json (not error) - * remove unnecessary escaping when `res.jsonp` returns JSON response - * support non-string `path` in `app.use(path, fn)` - - supports array of paths - - supports `RegExp` - * router: fix optimization on router exit - * router: refactor location of `try` blocks - * router: speed up standard `app.use(fn)` - * deps: debug@1.0.3 - - Add support for multiple wildcards in namespaces - * deps: finalhandler@0.0.3 - - deps: debug@1.0.3 - * deps: methods@1.1.0 - - add `CONNECT` - * deps: parseurl@~1.1.3 - - faster parsing of href-only URLs - * deps: path-to-regexp@0.1.3 - * deps: send@0.6.0 - - deps: debug@1.0.3 - * deps: serve-static@~1.3.2 - - deps: parseurl@~1.1.3 - - deps: send@0.6.0 - * perf: fix arguments reassign deopt in some `res` methods - -4.5.1 / 2014-07-06 -================== - - * fix routing regression when altering `req.method` - -4.5.0 / 2014-07-04 -================== - - * add deprecation message to non-plural `req.accepts*` - * add deprecation message to `res.send(body, status)` - * add deprecation message to `res.vary()` - * add `headers` option to `res.sendfile` - - use to set headers on successful file transfer - * add `mergeParams` option to `Router` - - merges `req.params` from parent routes - * add `req.hostname` -- correct name for what `req.host` returns - * deprecate things with `depd` module - * deprecate `req.host` -- use `req.hostname` instead - * fix behavior when handling request without routes - * fix handling when `route.all` is only route - * invoke `router.param()` only when route matches - * restore `req.params` after invoking router - * use `finalhandler` for final response handling - * use `media-typer` to alter content-type charset - * deps: accepts@~1.0.7 - * deps: send@0.5.0 - - Accept string for `maxage` (converted by `ms`) - - Include link in default redirect response - * deps: serve-static@~1.3.0 - - Accept string for `maxAge` (converted by `ms`) - - Add `setHeaders` option - - Include HTML link in redirect response - - deps: send@0.5.0 - * deps: type-is@~1.3.2 - -4.4.5 / 2014-06-26 -================== - - * deps: cookie-signature@1.0.4 - - fix for timing attacks - -4.4.4 / 2014-06-20 -================== - - * fix `res.attachment` Unicode filenames in Safari - * fix "trim prefix" debug message in `express:router` - * deps: accepts@~1.0.5 - * deps: buffer-crc32@0.2.3 - -4.4.3 / 2014-06-11 -================== - - * fix persistence of modified `req.params[name]` from `app.param()` - * deps: accepts@1.0.3 - - deps: negotiator@0.4.6 - * deps: debug@1.0.2 - * deps: send@0.4.3 - - Do not throw uncatchable error on file open race condition - - Use `escape-html` for HTML escaping - - deps: debug@1.0.2 - - deps: finished@1.2.2 - - deps: fresh@0.2.2 - * deps: serve-static@1.2.3 - - Do not throw uncatchable error on file open race condition - - deps: send@0.4.3 - -4.4.2 / 2014-06-09 -================== - - * fix catching errors from top-level handlers - * use `vary` module for `res.vary` - * deps: debug@1.0.1 - * deps: proxy-addr@1.0.1 - * deps: send@0.4.2 - - fix "event emitter leak" warnings - - deps: debug@1.0.1 - - deps: finished@1.2.1 - * deps: serve-static@1.2.2 - - fix "event emitter leak" warnings - - deps: send@0.4.2 - * deps: type-is@1.2.1 - -4.4.1 / 2014-06-02 -================== - - * deps: methods@1.0.1 - * deps: send@0.4.1 - - Send `max-age` in `Cache-Control` in correct format - * deps: serve-static@1.2.1 - - use `escape-html` for escaping - - deps: send@0.4.1 - -4.4.0 / 2014-05-30 -================== - - * custom etag control with `app.set('etag', val)` - - `app.set('etag', function(body, encoding){ return '"etag"' })` custom etag generation - - `app.set('etag', 'weak')` weak tag - - `app.set('etag', 'strong')` strong etag - - `app.set('etag', false)` turn off - - `app.set('etag', true)` standard etag - * mark `res.send` ETag as weak and reduce collisions - * update accepts to 1.0.2 - - Fix interpretation when header not in request - * update send to 0.4.0 - - Calculate ETag with md5 for reduced collisions - - Ignore stream errors after request ends - - deps: debug@0.8.1 - * update serve-static to 1.2.0 - - Calculate ETag with md5 for reduced collisions - - Ignore stream errors after request ends - - deps: send@0.4.0 - -4.3.2 / 2014-05-28 -================== - - * fix handling of errors from `router.param()` callbacks - -4.3.1 / 2014-05-23 -================== - - * revert "fix behavior of multiple `app.VERB` for the same path" - - this caused a regression in the order of route execution - -4.3.0 / 2014-05-21 -================== - - * add `req.baseUrl` to access the path stripped from `req.url` in routes - * fix behavior of multiple `app.VERB` for the same path - * fix issue routing requests among sub routers - * invoke `router.param()` only when necessary instead of every match - * proper proxy trust with `app.set('trust proxy', trust)` - - `app.set('trust proxy', 1)` trust first hop - - `app.set('trust proxy', 'loopback')` trust loopback addresses - - `app.set('trust proxy', '10.0.0.1')` trust single IP - - `app.set('trust proxy', '10.0.0.1/16')` trust subnet - - `app.set('trust proxy', '10.0.0.1, 10.0.0.2')` trust list - - `app.set('trust proxy', false)` turn off - - `app.set('trust proxy', true)` trust everything - * set proper `charset` in `Content-Type` for `res.send` - * update type-is to 1.2.0 - - support suffix matching - -4.2.0 / 2014-05-11 -================== - - * deprecate `app.del()` -- use `app.delete()` instead - * deprecate `res.json(obj, status)` -- use `res.json(status, obj)` instead - - the edge-case `res.json(status, num)` requires `res.status(status).json(num)` - * deprecate `res.jsonp(obj, status)` -- use `res.jsonp(status, obj)` instead - - the edge-case `res.jsonp(status, num)` requires `res.status(status).jsonp(num)` - * fix `req.next` when inside router instance - * include `ETag` header in `HEAD` requests - * keep previous `Content-Type` for `res.jsonp` - * support PURGE method - - add `app.purge` - - add `router.purge` - - include PURGE in `app.all` - * update debug to 0.8.0 - - add `enable()` method - - change from stderr to stdout - * update methods to 1.0.0 - - add PURGE - -4.1.2 / 2014-05-08 -================== - - * fix `req.host` for IPv6 literals - * fix `res.jsonp` error if callback param is object - -4.1.1 / 2014-04-27 -================== - - * fix package.json to reflect supported node version - -4.1.0 / 2014-04-24 -================== - - * pass options from `res.sendfile` to `send` - * preserve casing of headers in `res.header` and `res.set` - * support unicode file names in `res.attachment` and `res.download` - * update accepts to 1.0.1 - - deps: negotiator@0.4.0 - * update cookie to 0.1.2 - - Fix for maxAge == 0 - - made compat with expires field - * update send to 0.3.0 - - Accept API options in options object - - Coerce option types - - Control whether to generate etags - - Default directory access to 403 when index disabled - - Fix sending files with dots without root set - - Include file path in etag - - Make "Can't set headers after they are sent." catchable - - Send full entity-body for multi range requests - - Set etags to "weak" - - Support "If-Range" header - - Support multiple index paths - - deps: mime@1.2.11 - * update serve-static to 1.1.0 - - Accept options directly to `send` module - - Resolve relative paths at middleware setup - - Use parseurl to parse the URL from request - - deps: send@0.3.0 - * update type-is to 1.1.0 - - add non-array values support - - add `multipart` as a shorthand - -4.0.0 / 2014-04-09 -================== - - * remove: - - node 0.8 support - - connect and connect's patches except for charset handling - - express(1) - moved to [express-generator](https://github.com/expressjs/generator) - - `express.createServer()` - it has been deprecated for a long time. Use `express()` - - `app.configure` - use logic in your own app code - - `app.router` - is removed - - `req.auth` - use `basic-auth` instead - - `req.accepted*` - use `req.accepts*()` instead - - `res.location` - relative URL resolution is removed - - `res.charset` - include the charset in the content type when using `res.set()` - - all bundled middleware except `static` - * change: - - `app.route` -> `app.mountpath` when mounting an express app in another express app - - `json spaces` no longer enabled by default in development - - `req.accepts*` -> `req.accepts*s` - i.e. `req.acceptsEncoding` -> `req.acceptsEncodings` - - `req.params` is now an object instead of an array - - `res.locals` is no longer a function. It is a plain js object. Treat it as such. - - `res.headerSent` -> `res.headersSent` to match node.js ServerResponse object - * refactor: - - `req.accepts*` with [accepts](https://github.com/expressjs/accepts) - - `req.is` with [type-is](https://github.com/expressjs/type-is) - - [path-to-regexp](https://github.com/component/path-to-regexp) - * add: - - `app.router()` - returns the app Router instance - - `app.route()` - Proxy to the app's `Router#route()` method to create a new route - - Router & Route - public API - -3.21.2 / 2015-07-31 -=================== - - * deps: connect@2.30.2 - - deps: body-parser@~1.13.3 - - deps: compression@~1.5.2 - - deps: errorhandler@~1.4.2 - - deps: method-override@~2.3.5 - - deps: serve-index@~1.7.2 - - deps: type-is@~1.6.6 - - deps: vhost@~3.0.1 - * deps: vary@~1.0.1 - - Fix setting empty header from empty `field` - - perf: enable strict mode - - perf: remove argument reassignments - -3.21.1 / 2015-07-05 -=================== - - * deps: basic-auth@~1.0.3 - * deps: connect@2.30.1 - - deps: body-parser@~1.13.2 - - deps: compression@~1.5.1 - - deps: errorhandler@~1.4.1 - - deps: morgan@~1.6.1 - - deps: pause@0.1.0 - - deps: qs@4.0.0 - - deps: serve-index@~1.7.1 - - deps: type-is@~1.6.4 - -3.21.0 / 2015-06-18 -=================== - - * deps: basic-auth@1.0.2 - - perf: enable strict mode - - perf: hoist regular expression - - perf: parse with regular expressions - - perf: remove argument reassignment - * deps: connect@2.30.0 - - deps: body-parser@~1.13.1 - - deps: bytes@2.1.0 - - deps: compression@~1.5.0 - - deps: cookie@0.1.3 - - deps: cookie-parser@~1.3.5 - - deps: csurf@~1.8.3 - - deps: errorhandler@~1.4.0 - - deps: express-session@~1.11.3 - - deps: finalhandler@0.4.0 - - deps: fresh@0.3.0 - - deps: morgan@~1.6.0 - - deps: serve-favicon@~2.3.0 - - deps: serve-index@~1.7.0 - - deps: serve-static@~1.10.0 - - deps: type-is@~1.6.3 - * deps: cookie@0.1.3 - - perf: deduce the scope of try-catch deopt - - perf: remove argument reassignments - * deps: escape-html@1.0.2 - * deps: etag@~1.7.0 - - Always include entity length in ETags for hash length extensions - - Generate non-Stats ETags using MD5 only (no longer CRC32) - - Improve stat performance by removing hashing - - Improve support for JXcore - - Remove base64 padding in ETags to shorten - - Support "fake" stats objects in environments without fs - - Use MD5 instead of MD4 in weak ETags over 1KB - * deps: fresh@0.3.0 - - Add weak `ETag` matching support - * deps: mkdirp@0.5.1 - - Work in global strict mode - * deps: send@0.13.0 - - Allow Node.js HTTP server to set `Date` response header - - Fix incorrectly removing `Content-Location` on 304 response - - Improve the default redirect response headers - - Send appropriate headers on default error response - - Use `http-errors` for standard emitted errors - - Use `statuses` instead of `http` module for status messages - - deps: escape-html@1.0.2 - - deps: etag@~1.7.0 - - deps: fresh@0.3.0 - - deps: on-finished@~2.3.0 - - perf: enable strict mode - - perf: remove unnecessary array allocations - -3.20.3 / 2015-05-17 -=================== - - * deps: connect@2.29.2 - - deps: body-parser@~1.12.4 - - deps: compression@~1.4.4 - - deps: connect-timeout@~1.6.2 - - deps: debug@~2.2.0 - - deps: depd@~1.0.1 - - deps: errorhandler@~1.3.6 - - deps: finalhandler@0.3.6 - - deps: method-override@~2.3.3 - - deps: morgan@~1.5.3 - - deps: qs@2.4.2 - - deps: response-time@~2.3.1 - - deps: serve-favicon@~2.2.1 - - deps: serve-index@~1.6.4 - - deps: serve-static@~1.9.3 - - deps: type-is@~1.6.2 - * deps: debug@~2.2.0 - - deps: ms@0.7.1 - * deps: depd@~1.0.1 - * deps: proxy-addr@~1.0.8 - - deps: ipaddr.js@1.0.1 - * deps: send@0.12.3 - - deps: debug@~2.2.0 - - deps: depd@~1.0.1 - - deps: etag@~1.6.0 - - deps: ms@0.7.1 - - deps: on-finished@~2.2.1 - -3.20.2 / 2015-03-16 -=================== - - * deps: connect@2.29.1 - - deps: body-parser@~1.12.2 - - deps: compression@~1.4.3 - - deps: connect-timeout@~1.6.1 - - deps: debug@~2.1.3 - - deps: errorhandler@~1.3.5 - - deps: express-session@~1.10.4 - - deps: finalhandler@0.3.4 - - deps: method-override@~2.3.2 - - deps: morgan@~1.5.2 - - deps: qs@2.4.1 - - deps: serve-index@~1.6.3 - - deps: serve-static@~1.9.2 - - deps: type-is@~1.6.1 - * deps: debug@~2.1.3 - - Fix high intensity foreground color for bold - - deps: ms@0.7.0 - * deps: merge-descriptors@1.0.0 - * deps: proxy-addr@~1.0.7 - - deps: ipaddr.js@0.1.9 - * deps: send@0.12.2 - - Throw errors early for invalid `extensions` or `index` options - - deps: debug@~2.1.3 - -3.20.1 / 2015-02-28 -=================== - - * Fix `req.host` when using "trust proxy" hops count - * Fix `req.protocol`/`req.secure` when using "trust proxy" hops count - -3.20.0 / 2015-02-18 -=================== - - * Fix `"trust proxy"` setting to inherit when app is mounted - * Generate `ETag`s for all request responses - - No longer restricted to only responses for `GET` and `HEAD` requests - * Use `content-type` to parse `Content-Type` headers - * deps: connect@2.29.0 - - Use `content-type` to parse `Content-Type` headers - - deps: body-parser@~1.12.0 - - deps: compression@~1.4.1 - - deps: connect-timeout@~1.6.0 - - deps: cookie-parser@~1.3.4 - - deps: cookie-signature@1.0.6 - - deps: csurf@~1.7.0 - - deps: errorhandler@~1.3.4 - - deps: express-session@~1.10.3 - - deps: http-errors@~1.3.1 - - deps: response-time@~2.3.0 - - deps: serve-index@~1.6.2 - - deps: serve-static@~1.9.1 - - deps: type-is@~1.6.0 - * deps: cookie-signature@1.0.6 - * deps: send@0.12.1 - - Always read the stat size from the file - - Fix mutating passed-in `options` - - deps: mime@1.3.4 - -3.19.2 / 2015-02-01 -=================== - - * deps: connect@2.28.3 - - deps: compression@~1.3.1 - - deps: csurf@~1.6.6 - - deps: errorhandler@~1.3.3 - - deps: express-session@~1.10.2 - - deps: serve-index@~1.6.1 - - deps: type-is@~1.5.6 - * deps: proxy-addr@~1.0.6 - - deps: ipaddr.js@0.1.8 - -3.19.1 / 2015-01-20 -=================== - - * deps: connect@2.28.2 - - deps: body-parser@~1.10.2 - - deps: serve-static@~1.8.1 - * deps: send@0.11.1 - - Fix root path disclosure - -3.19.0 / 2015-01-09 -=================== - - * Fix `OPTIONS` responses to include the `HEAD` method property - * Use `readline` for prompt in `express(1)` - * deps: commander@2.6.0 - * deps: connect@2.28.1 - - deps: body-parser@~1.10.1 - - deps: compression@~1.3.0 - - deps: connect-timeout@~1.5.0 - - deps: csurf@~1.6.4 - - deps: debug@~2.1.1 - - deps: errorhandler@~1.3.2 - - deps: express-session@~1.10.1 - - deps: finalhandler@0.3.3 - - deps: method-override@~2.3.1 - - deps: morgan@~1.5.1 - - deps: serve-favicon@~2.2.0 - - deps: serve-index@~1.6.0 - - deps: serve-static@~1.8.0 - - deps: type-is@~1.5.5 - * deps: debug@~2.1.1 - * deps: methods@~1.1.1 - * deps: proxy-addr@~1.0.5 - - deps: ipaddr.js@0.1.6 - * deps: send@0.11.0 - - deps: debug@~2.1.1 - - deps: etag@~1.5.1 - - deps: ms@0.7.0 - - deps: on-finished@~2.2.0 - -3.18.6 / 2014-12-12 -=================== - - * Fix exception in `req.fresh`/`req.stale` without response headers - -3.18.5 / 2014-12-11 -=================== - - * deps: connect@2.27.6 - - deps: compression@~1.2.2 - - deps: express-session@~1.9.3 - - deps: http-errors@~1.2.8 - - deps: serve-index@~1.5.3 - - deps: type-is@~1.5.4 - -3.18.4 / 2014-11-23 -=================== - - * deps: connect@2.27.4 - - deps: body-parser@~1.9.3 - - deps: compression@~1.2.1 - - deps: errorhandler@~1.2.3 - - deps: express-session@~1.9.2 - - deps: qs@2.3.3 - - deps: serve-favicon@~2.1.7 - - deps: serve-static@~1.5.1 - - deps: type-is@~1.5.3 - * deps: etag@~1.5.1 - * deps: proxy-addr@~1.0.4 - - deps: ipaddr.js@0.1.5 - -3.18.3 / 2014-11-09 -=================== - - * deps: connect@2.27.3 - - Correctly invoke async callback asynchronously - - deps: csurf@~1.6.3 - -3.18.2 / 2014-10-28 -=================== - - * deps: connect@2.27.2 - - Fix handling of URLs containing `://` in the path - - deps: body-parser@~1.9.2 - - deps: qs@2.3.2 - -3.18.1 / 2014-10-22 -=================== - - * Fix internal `utils.merge` deprecation warnings - * deps: connect@2.27.1 - - deps: body-parser@~1.9.1 - - deps: express-session@~1.9.1 - - deps: finalhandler@0.3.2 - - deps: morgan@~1.4.1 - - deps: qs@2.3.0 - - deps: serve-static@~1.7.1 - * deps: send@0.10.1 - - deps: on-finished@~2.1.1 - -3.18.0 / 2014-10-17 -=================== - - * Use `content-disposition` module for `res.attachment`/`res.download` - - Sends standards-compliant `Content-Disposition` header - - Full Unicode support - * Use `etag` module to generate `ETag` headers - * deps: connect@2.27.0 - - Use `http-errors` module for creating errors - - Use `utils-merge` module for merging objects - - deps: body-parser@~1.9.0 - - deps: compression@~1.2.0 - - deps: connect-timeout@~1.4.0 - - deps: debug@~2.1.0 - - deps: depd@~1.0.0 - - deps: express-session@~1.9.0 - - deps: finalhandler@0.3.1 - - deps: method-override@~2.3.0 - - deps: morgan@~1.4.0 - - deps: response-time@~2.2.0 - - deps: serve-favicon@~2.1.6 - - deps: serve-index@~1.5.0 - - deps: serve-static@~1.7.0 - * deps: debug@~2.1.0 - - Implement `DEBUG_FD` env variable support - * deps: depd@~1.0.0 - * deps: send@0.10.0 - - deps: debug@~2.1.0 - - deps: depd@~1.0.0 - - deps: etag@~1.5.0 - -3.17.8 / 2014-10-15 -=================== - - * deps: connect@2.26.6 - - deps: compression@~1.1.2 - - deps: csurf@~1.6.2 - - deps: errorhandler@~1.2.2 - -3.17.7 / 2014-10-08 -=================== - - * deps: connect@2.26.5 - - Fix accepting non-object arguments to `logger` - - deps: serve-static@~1.6.4 - -3.17.6 / 2014-10-02 -=================== - - * deps: connect@2.26.4 - - deps: morgan@~1.3.2 - - deps: type-is@~1.5.2 - -3.17.5 / 2014-09-24 -=================== - - * deps: connect@2.26.3 - - deps: body-parser@~1.8.4 - - deps: serve-favicon@~2.1.5 - - deps: serve-static@~1.6.3 - * deps: proxy-addr@~1.0.3 - - Use `forwarded` npm module - * deps: send@0.9.3 - - deps: etag@~1.4.0 - -3.17.4 / 2014-09-19 -=================== - - * deps: connect@2.26.2 - - deps: body-parser@~1.8.3 - - deps: qs@2.2.4 - -3.17.3 / 2014-09-18 -=================== - - * deps: proxy-addr@~1.0.2 - - Fix a global leak when multiple subnets are trusted - - deps: ipaddr.js@0.1.3 - -3.17.2 / 2014-09-15 -=================== - - * Use `crc` instead of `buffer-crc32` for speed - * deps: connect@2.26.1 - - deps: body-parser@~1.8.2 - - deps: depd@0.4.5 - - deps: express-session@~1.8.2 - - deps: morgan@~1.3.1 - - deps: serve-favicon@~2.1.3 - - deps: serve-static@~1.6.2 - * deps: depd@0.4.5 - * deps: send@0.9.2 - - deps: depd@0.4.5 - - deps: etag@~1.3.1 - - deps: range-parser@~1.0.2 - -3.17.1 / 2014-09-08 -=================== - - * Fix error in `req.subdomains` on empty host - -3.17.0 / 2014-09-08 -=================== - - * Support `X-Forwarded-Host` in `req.subdomains` - * Support IP address host in `req.subdomains` - * deps: connect@2.26.0 - - deps: body-parser@~1.8.1 - - deps: compression@~1.1.0 - - deps: connect-timeout@~1.3.0 - - deps: cookie-parser@~1.3.3 - - deps: cookie-signature@1.0.5 - - deps: csurf@~1.6.1 - - deps: debug@~2.0.0 - - deps: errorhandler@~1.2.0 - - deps: express-session@~1.8.1 - - deps: finalhandler@0.2.0 - - deps: fresh@0.2.4 - - deps: media-typer@0.3.0 - - deps: method-override@~2.2.0 - - deps: morgan@~1.3.0 - - deps: qs@2.2.3 - - deps: serve-favicon@~2.1.3 - - deps: serve-index@~1.2.1 - - deps: serve-static@~1.6.1 - - deps: type-is@~1.5.1 - - deps: vhost@~3.0.0 - * deps: cookie-signature@1.0.5 - * deps: debug@~2.0.0 - * deps: fresh@0.2.4 - * deps: media-typer@0.3.0 - - Throw error when parameter format invalid on parse - * deps: range-parser@~1.0.2 - * deps: send@0.9.1 - - Add `lastModified` option - - Use `etag` to generate `ETag` header - - deps: debug@~2.0.0 - - deps: fresh@0.2.4 - * deps: vary@~1.0.0 - - Accept valid `Vary` header string as `field` - -3.16.10 / 2014-09-04 -==================== - - * deps: connect@2.25.10 - - deps: serve-static@~1.5.4 - * deps: send@0.8.5 - - Fix a path traversal issue when using `root` - - Fix malicious path detection for empty string path - -3.16.9 / 2014-08-29 -=================== - - * deps: connect@2.25.9 - - deps: body-parser@~1.6.7 - - deps: qs@2.2.2 - -3.16.8 / 2014-08-27 -=================== - - * deps: connect@2.25.8 - - deps: body-parser@~1.6.6 - - deps: csurf@~1.4.1 - - deps: qs@2.2.0 - -3.16.7 / 2014-08-18 -=================== - - * deps: connect@2.25.7 - - deps: body-parser@~1.6.5 - - deps: express-session@~1.7.6 - - deps: morgan@~1.2.3 - - deps: serve-static@~1.5.3 - * deps: send@0.8.3 - - deps: destroy@1.0.3 - - deps: on-finished@2.1.0 - -3.16.6 / 2014-08-14 -=================== - - * deps: connect@2.25.6 - - deps: body-parser@~1.6.4 - - deps: qs@1.2.2 - - deps: serve-static@~1.5.2 - * deps: send@0.8.2 - - Work around `fd` leak in Node.js 0.10 for `fs.ReadStream` - -3.16.5 / 2014-08-11 -=================== - - * deps: connect@2.25.5 - - Fix backwards compatibility in `logger` - -3.16.4 / 2014-08-10 -=================== - - * Fix original URL parsing in `res.location` - * deps: connect@2.25.4 - - Fix `query` middleware breaking with argument - - deps: body-parser@~1.6.3 - - deps: compression@~1.0.11 - - deps: connect-timeout@~1.2.2 - - deps: express-session@~1.7.5 - - deps: method-override@~2.1.3 - - deps: on-headers@~1.0.0 - - deps: parseurl@~1.3.0 - - deps: qs@1.2.1 - - deps: response-time@~2.0.1 - - deps: serve-index@~1.1.6 - - deps: serve-static@~1.5.1 - * deps: parseurl@~1.3.0 - -3.16.3 / 2014-08-07 -=================== - - * deps: connect@2.25.3 - - deps: multiparty@3.3.2 - -3.16.2 / 2014-08-07 -=================== - - * deps: connect@2.25.2 - - deps: body-parser@~1.6.2 - - deps: qs@1.2.0 - -3.16.1 / 2014-08-06 -=================== - - * deps: connect@2.25.1 - - deps: body-parser@~1.6.1 - - deps: qs@1.1.0 - -3.16.0 / 2014-08-05 -=================== - - * deps: connect@2.25.0 - - deps: body-parser@~1.6.0 - - deps: compression@~1.0.10 - - deps: csurf@~1.4.0 - - deps: express-session@~1.7.4 - - deps: qs@1.0.2 - - deps: serve-static@~1.5.0 - * deps: send@0.8.1 - - Add `extensions` option - -3.15.3 / 2014-08-04 -=================== - - * fix `res.sendfile` regression for serving directory index files - * deps: connect@2.24.3 - - deps: serve-index@~1.1.5 - - deps: serve-static@~1.4.4 - * deps: send@0.7.4 - - Fix incorrect 403 on Windows and Node.js 0.11 - - Fix serving index files without root dir - -3.15.2 / 2014-07-27 -=================== - - * deps: connect@2.24.2 - - deps: body-parser@~1.5.2 - - deps: depd@0.4.4 - - deps: express-session@~1.7.2 - - deps: morgan@~1.2.2 - - deps: serve-static@~1.4.2 - * deps: depd@0.4.4 - - Work-around v8 generating empty stack traces - * deps: send@0.7.2 - - deps: depd@0.4.4 - -3.15.1 / 2014-07-26 -=================== - - * deps: connect@2.24.1 - - deps: body-parser@~1.5.1 - - deps: depd@0.4.3 - - deps: express-session@~1.7.1 - - deps: morgan@~1.2.1 - - deps: serve-index@~1.1.4 - - deps: serve-static@~1.4.1 - * deps: depd@0.4.3 - - Fix exception when global `Error.stackTraceLimit` is too low - * deps: send@0.7.1 - - deps: depd@0.4.3 - -3.15.0 / 2014-07-22 -=================== - - * Fix `req.protocol` for proxy-direct connections - * Pass options from `res.sendfile` to `send` - * deps: connect@2.24.0 - - deps: body-parser@~1.5.0 - - deps: compression@~1.0.9 - - deps: connect-timeout@~1.2.1 - - deps: debug@1.0.4 - - deps: depd@0.4.2 - - deps: express-session@~1.7.0 - - deps: finalhandler@0.1.0 - - deps: method-override@~2.1.2 - - deps: morgan@~1.2.0 - - deps: multiparty@3.3.1 - - deps: parseurl@~1.2.0 - - deps: serve-static@~1.4.0 - * deps: debug@1.0.4 - * deps: depd@0.4.2 - - Add `TRACE_DEPRECATION` environment variable - - Remove non-standard grey color from color output - - Support `--no-deprecation` argument - - Support `--trace-deprecation` argument - * deps: parseurl@~1.2.0 - - Cache URLs based on original value - - Remove no-longer-needed URL mis-parse work-around - - Simplify the "fast-path" `RegExp` - * deps: send@0.7.0 - - Add `dotfiles` option - - Cap `maxAge` value to 1 year - - deps: debug@1.0.4 - - deps: depd@0.4.2 - -3.14.0 / 2014-07-11 -=================== - - * add explicit "Rosetta Flash JSONP abuse" protection - - previous versions are not vulnerable; this is just explicit protection - * deprecate `res.redirect(url, status)` -- use `res.redirect(status, url)` instead - * fix `res.send(status, num)` to send `num` as json (not error) - * remove unnecessary escaping when `res.jsonp` returns JSON response - * deps: basic-auth@1.0.0 - - support empty password - - support empty username - * deps: connect@2.23.0 - - deps: debug@1.0.3 - - deps: express-session@~1.6.4 - - deps: method-override@~2.1.0 - - deps: parseurl@~1.1.3 - - deps: serve-static@~1.3.1 - * deps: debug@1.0.3 - - Add support for multiple wildcards in namespaces - * deps: methods@1.1.0 - - add `CONNECT` - * deps: parseurl@~1.1.3 - - faster parsing of href-only URLs - -3.13.0 / 2014-07-03 -=================== - - * add deprecation message to `app.configure` - * add deprecation message to `req.auth` - * use `basic-auth` to parse `Authorization` header - * deps: connect@2.22.0 - - deps: csurf@~1.3.0 - - deps: express-session@~1.6.1 - - deps: multiparty@3.3.0 - - deps: serve-static@~1.3.0 - * deps: send@0.5.0 - - Accept string for `maxage` (converted by `ms`) - - Include link in default redirect response - -3.12.1 / 2014-06-26 -=================== - - * deps: connect@2.21.1 - - deps: cookie-parser@1.3.2 - - deps: cookie-signature@1.0.4 - - deps: express-session@~1.5.2 - - deps: type-is@~1.3.2 - * deps: cookie-signature@1.0.4 - - fix for timing attacks - -3.12.0 / 2014-06-21 -=================== - - * use `media-typer` to alter content-type charset - * deps: connect@2.21.0 - - deprecate `connect(middleware)` -- use `app.use(middleware)` instead - - deprecate `connect.createServer()` -- use `connect()` instead - - fix `res.setHeader()` patch to work with get -> append -> set pattern - - deps: compression@~1.0.8 - - deps: errorhandler@~1.1.1 - - deps: express-session@~1.5.0 - - deps: serve-index@~1.1.3 - -3.11.0 / 2014-06-19 -=================== - - * deprecate things with `depd` module - * deps: buffer-crc32@0.2.3 - * deps: connect@2.20.2 - - deprecate `verify` option to `json` -- use `body-parser` npm module instead - - deprecate `verify` option to `urlencoded` -- use `body-parser` npm module instead - - deprecate things with `depd` module - - use `finalhandler` for final response handling - - use `media-typer` to parse `content-type` for charset - - deps: body-parser@1.4.3 - - deps: connect-timeout@1.1.1 - - deps: cookie-parser@1.3.1 - - deps: csurf@1.2.2 - - deps: errorhandler@1.1.0 - - deps: express-session@1.4.0 - - deps: multiparty@3.2.9 - - deps: serve-index@1.1.2 - - deps: type-is@1.3.1 - - deps: vhost@2.0.0 - -3.10.5 / 2014-06-11 -=================== - - * deps: connect@2.19.6 - - deps: body-parser@1.3.1 - - deps: compression@1.0.7 - - deps: debug@1.0.2 - - deps: serve-index@1.1.1 - - deps: serve-static@1.2.3 - * deps: debug@1.0.2 - * deps: send@0.4.3 - - Do not throw uncatchable error on file open race condition - - Use `escape-html` for HTML escaping - - deps: debug@1.0.2 - - deps: finished@1.2.2 - - deps: fresh@0.2.2 - -3.10.4 / 2014-06-09 -=================== - - * deps: connect@2.19.5 - - fix "event emitter leak" warnings - - deps: csurf@1.2.1 - - deps: debug@1.0.1 - - deps: serve-static@1.2.2 - - deps: type-is@1.2.1 - * deps: debug@1.0.1 - * deps: send@0.4.2 - - fix "event emitter leak" warnings - - deps: finished@1.2.1 - - deps: debug@1.0.1 - -3.10.3 / 2014-06-05 -=================== - - * use `vary` module for `res.vary` - * deps: connect@2.19.4 - - deps: errorhandler@1.0.2 - - deps: method-override@2.0.2 - - deps: serve-favicon@2.0.1 - * deps: debug@1.0.0 - -3.10.2 / 2014-06-03 -=================== - - * deps: connect@2.19.3 - - deps: compression@1.0.6 - -3.10.1 / 2014-06-03 -=================== - - * deps: connect@2.19.2 - - deps: compression@1.0.4 - * deps: proxy-addr@1.0.1 - -3.10.0 / 2014-06-02 -=================== - - * deps: connect@2.19.1 - - deprecate `methodOverride()` -- use `method-override` npm module instead - - deps: body-parser@1.3.0 - - deps: method-override@2.0.1 - - deps: multiparty@3.2.8 - - deps: response-time@2.0.0 - - deps: serve-static@1.2.1 - * deps: methods@1.0.1 - * deps: send@0.4.1 - - Send `max-age` in `Cache-Control` in correct format - -3.9.0 / 2014-05-30 -================== - - * custom etag control with `app.set('etag', val)` - - `app.set('etag', function(body, encoding){ return '"etag"' })` custom etag generation - - `app.set('etag', 'weak')` weak tag - - `app.set('etag', 'strong')` strong etag - - `app.set('etag', false)` turn off - - `app.set('etag', true)` standard etag - * Include ETag in HEAD requests - * mark `res.send` ETag as weak and reduce collisions - * update connect to 2.18.0 - - deps: compression@1.0.3 - - deps: serve-index@1.1.0 - - deps: serve-static@1.2.0 - * update send to 0.4.0 - - Calculate ETag with md5 for reduced collisions - - Ignore stream errors after request ends - - deps: debug@0.8.1 - -3.8.1 / 2014-05-27 -================== - - * update connect to 2.17.3 - - deps: body-parser@1.2.2 - - deps: express-session@1.2.1 - - deps: method-override@1.0.2 - -3.8.0 / 2014-05-21 -================== - - * keep previous `Content-Type` for `res.jsonp` - * set proper `charset` in `Content-Type` for `res.send` - * update connect to 2.17.1 - - fix `res.charset` appending charset when `content-type` has one - - deps: express-session@1.2.0 - - deps: morgan@1.1.1 - - deps: serve-index@1.0.3 - -3.7.0 / 2014-05-18 -================== - - * proper proxy trust with `app.set('trust proxy', trust)` - - `app.set('trust proxy', 1)` trust first hop - - `app.set('trust proxy', 'loopback')` trust loopback addresses - - `app.set('trust proxy', '10.0.0.1')` trust single IP - - `app.set('trust proxy', '10.0.0.1/16')` trust subnet - - `app.set('trust proxy', '10.0.0.1, 10.0.0.2')` trust list - - `app.set('trust proxy', false)` turn off - - `app.set('trust proxy', true)` trust everything - * update connect to 2.16.2 - - deprecate `res.headerSent` -- use `res.headersSent` - - deprecate `res.on("header")` -- use on-headers module instead - - fix edge-case in `res.appendHeader` that would append in wrong order - - json: use body-parser - - urlencoded: use body-parser - - dep: bytes@1.0.0 - - dep: cookie-parser@1.1.0 - - dep: csurf@1.2.0 - - dep: express-session@1.1.0 - - dep: method-override@1.0.1 - -3.6.0 / 2014-05-09 -================== - - * deprecate `app.del()` -- use `app.delete()` instead - * deprecate `res.json(obj, status)` -- use `res.json(status, obj)` instead - - the edge-case `res.json(status, num)` requires `res.status(status).json(num)` - * deprecate `res.jsonp(obj, status)` -- use `res.jsonp(status, obj)` instead - - the edge-case `res.jsonp(status, num)` requires `res.status(status).jsonp(num)` - * support PURGE method - - add `app.purge` - - add `router.purge` - - include PURGE in `app.all` - * update connect to 2.15.0 - * Add `res.appendHeader` - * Call error stack even when response has been sent - * Patch `res.headerSent` to return Boolean - * Patch `res.headersSent` for node.js 0.8 - * Prevent default 404 handler after response sent - * dep: compression@1.0.2 - * dep: connect-timeout@1.1.0 - * dep: debug@^0.8.0 - * dep: errorhandler@1.0.1 - * dep: express-session@1.0.4 - * dep: morgan@1.0.1 - * dep: serve-favicon@2.0.0 - * dep: serve-index@1.0.2 - * update debug to 0.8.0 - * add `enable()` method - * change from stderr to stdout - * update methods to 1.0.0 - - add PURGE - * update mkdirp to 0.5.0 - -3.5.3 / 2014-05-08 -================== - - * fix `req.host` for IPv6 literals - * fix `res.jsonp` error if callback param is object - -3.5.2 / 2014-04-24 -================== - - * update connect to 2.14.5 - * update cookie to 0.1.2 - * update mkdirp to 0.4.0 - * update send to 0.3.0 - -3.5.1 / 2014-03-25 -================== - - * pin less-middleware in generated app - -3.5.0 / 2014-03-06 -================== - - * bump deps - -3.4.8 / 2014-01-13 -================== - - * prevent incorrect automatic OPTIONS responses #1868 @dpatti - * update binary and examples for jade 1.0 #1876 @yossi, #1877 @reqshark, #1892 @matheusazzi - * throw 400 in case of malformed paths @rlidwka - -3.4.7 / 2013-12-10 -================== - - * update connect - -3.4.6 / 2013-12-01 -================== - - * update connect (raw-body) - -3.4.5 / 2013-11-27 -================== - - * update connect - * res.location: remove leading ./ #1802 @kapouer - * res.redirect: fix `res.redirect('toString') #1829 @michaelficarra - * res.send: always send ETag when content-length > 0 - * router: add Router.all() method - -3.4.4 / 2013-10-29 -================== - - * update connect - * update supertest - * update methods - * express(1): replace bodyParser() with urlencoded() and json() #1795 @chirag04 - -3.4.3 / 2013-10-23 -================== - - * update connect - -3.4.2 / 2013-10-18 -================== - - * update connect - * downgrade commander - -3.4.1 / 2013-10-15 -================== - - * update connect - * update commander - * jsonp: check if callback is a function - * router: wrap encodeURIComponent in a try/catch #1735 (@lxe) - * res.format: now includes charset @1747 (@sorribas) - * res.links: allow multiple calls @1746 (@sorribas) - -3.4.0 / 2013-09-07 -================== - - * add res.vary(). Closes #1682 - * update connect - -3.3.8 / 2013-09-02 -================== - - * update connect - -3.3.7 / 2013-08-28 -================== - - * update connect - -3.3.6 / 2013-08-27 -================== - - * Revert "remove charset from json responses. Closes #1631" (causes issues in some clients) - * add: req.accepts take an argument list - -3.3.4 / 2013-07-08 -================== - - * update send and connect - -3.3.3 / 2013-07-04 -================== - - * update connect - -3.3.2 / 2013-07-03 -================== - - * update connect - * update send - * remove .version export - -3.3.1 / 2013-06-27 -================== - - * update connect - -3.3.0 / 2013-06-26 -================== - - * update connect - * add support for multiple X-Forwarded-Proto values. Closes #1646 - * change: remove charset from json responses. Closes #1631 - * change: return actual booleans from req.accept* functions - * fix jsonp callback array throw - -3.2.6 / 2013-06-02 -================== - - * update connect - -3.2.5 / 2013-05-21 -================== - - * update connect - * update node-cookie - * add: throw a meaningful error when there is no default engine - * change generation of ETags with res.send() to GET requests only. Closes #1619 - -3.2.4 / 2013-05-09 -================== - - * fix `req.subdomains` when no Host is present - * fix `req.host` when no Host is present, return undefined - -3.2.3 / 2013-05-07 -================== - - * update connect / qs - -3.2.2 / 2013-05-03 -================== - - * update qs - -3.2.1 / 2013-04-29 -================== - - * add app.VERB() paths array deprecation warning - * update connect - * update qs and remove all ~ semver crap - * fix: accept number as value of Signed Cookie - -3.2.0 / 2013-04-15 -================== - - * add "view" constructor setting to override view behaviour - * add req.acceptsEncoding(name) - * add req.acceptedEncodings - * revert cookie signature change causing session race conditions - * fix sorting of Accept values of the same quality - -3.1.2 / 2013-04-12 -================== - - * add support for custom Accept parameters - * update cookie-signature - -3.1.1 / 2013-04-01 -================== - - * add X-Forwarded-Host support to `req.host` - * fix relative redirects - * update mkdirp - * update buffer-crc32 - * remove legacy app.configure() method from app template. - -3.1.0 / 2013-01-25 -================== - - * add support for leading "." in "view engine" setting - * add array support to `res.set()` - * add node 0.8.x to travis.yml - * add "subdomain offset" setting for tweaking `req.subdomains` - * add `res.location(url)` implementing `res.redirect()`-like setting of Location - * use app.get() for x-powered-by setting for inheritance - * fix colons in passwords for `req.auth` - -3.0.6 / 2013-01-04 -================== - - * add http verb methods to Router - * update connect - * fix mangling of the `res.cookie()` options object - * fix jsonp whitespace escape. Closes #1132 - -3.0.5 / 2012-12-19 -================== - - * add throwing when a non-function is passed to a route - * fix: explicitly remove Transfer-Encoding header from 204 and 304 responses - * revert "add 'etag' option" - -3.0.4 / 2012-12-05 -================== - - * add 'etag' option to disable `res.send()` Etags - * add escaping of urls in text/plain in `res.redirect()` - for old browsers interpreting as html - * change crc32 module for a more liberal license - * update connect - -3.0.3 / 2012-11-13 -================== - - * update connect - * update cookie module - * fix cookie max-age - -3.0.2 / 2012-11-08 -================== - - * add OPTIONS to cors example. Closes #1398 - * fix route chaining regression. Closes #1397 - -3.0.1 / 2012-11-01 -================== - - * update connect - -3.0.0 / 2012-10-23 -================== - - * add `make clean` - * add "Basic" check to req.auth - * add `req.auth` test coverage - * add cb && cb(payload) to `res.jsonp()`. Closes #1374 - * add backwards compat for `res.redirect()` status. Closes #1336 - * add support for `res.json()` to retain previously defined Content-Types. Closes #1349 - * update connect - * change `res.redirect()` to utilize a pathname-relative Location again. Closes #1382 - * remove non-primitive string support for `res.send()` - * fix view-locals example. Closes #1370 - * fix route-separation example - -3.0.0rc5 / 2012-09-18 -================== - - * update connect - * add redis search example - * add static-files example - * add "x-powered-by" setting (`app.disable('x-powered-by')`) - * add "application/octet-stream" redirect Accept test case. Closes #1317 - -3.0.0rc4 / 2012-08-30 -================== - - * add `res.jsonp()`. Closes #1307 - * add "verbose errors" option to error-pages example - * add another route example to express(1) so people are not so confused - * add redis online user activity tracking example - * update connect dep - * fix etag quoting. Closes #1310 - * fix error-pages 404 status - * fix jsonp callback char restrictions - * remove old OPTIONS default response - -3.0.0rc3 / 2012-08-13 -================== - - * update connect dep - * fix signed cookies to work with `connect.cookieParser()` ("s:" prefix was missing) [tnydwrds] - * fix `res.render()` clobbering of "locals" - -3.0.0rc2 / 2012-08-03 -================== - - * add CORS example - * update connect dep - * deprecate `.createServer()` & remove old stale examples - * fix: escape `res.redirect()` link - * fix vhost example - -3.0.0rc1 / 2012-07-24 -================== - - * add more examples to view-locals - * add scheme-relative redirects (`res.redirect("//foo.com")`) support - * update cookie dep - * update connect dep - * update send dep - * fix `express(1)` -h flag, use -H for hogan. Closes #1245 - * fix `res.sendfile()` socket error handling regression - -3.0.0beta7 / 2012-07-16 -================== - - * update connect dep for `send()` root normalization regression - -3.0.0beta6 / 2012-07-13 -================== - - * add `err.view` property for view errors. Closes #1226 - * add "jsonp callback name" setting - * add support for "/foo/:bar*" non-greedy matches - * change `res.sendfile()` to use `send()` module - * change `res.send` to use "response-send" module - * remove `app.locals.use` and `res.locals.use`, use regular middleware - -3.0.0beta5 / 2012-07-03 -================== - - * add "make check" support - * add route-map example - * add `res.json(obj, status)` support back for BC - * add "methods" dep, remove internal methods module - * update connect dep - * update auth example to utilize cores pbkdf2 - * updated tests to use "supertest" - -3.0.0beta4 / 2012-06-25 -================== - - * Added `req.auth` - * Added `req.range(size)` - * Added `res.links(obj)` - * Added `res.send(body, status)` support back for backwards compat - * Added `.default()` support to `res.format()` - * Added 2xx / 304 check to `req.fresh` - * Revert "Added + support to the router" - * Fixed `res.send()` freshness check, respect res.statusCode - -3.0.0beta3 / 2012-06-15 -================== - - * Added hogan `--hjs` to express(1) [nullfirm] - * Added another example to content-negotiation - * Added `fresh` dep - * Changed: `res.send()` always checks freshness - * Fixed: expose connects mime module. Closes #1165 - -3.0.0beta2 / 2012-06-06 -================== - - * Added `+` support to the router - * Added `req.host` - * Changed `req.param()` to check route first - * Update connect dep - -3.0.0beta1 / 2012-06-01 -================== - - * Added `res.format()` callback to override default 406 behaviour - * Fixed `res.redirect()` 406. Closes #1154 - -3.0.0alpha5 / 2012-05-30 -================== - - * Added `req.ip` - * Added `{ signed: true }` option to `res.cookie()` - * Removed `res.signedCookie()` - * Changed: dont reverse `req.ips` - * Fixed "trust proxy" setting check for `req.ips` - -3.0.0alpha4 / 2012-05-09 -================== - - * Added: allow `[]` in jsonp callback. Closes #1128 - * Added `PORT` env var support in generated template. Closes #1118 [benatkin] - * Updated: connect 2.2.2 - -3.0.0alpha3 / 2012-05-04 -================== - - * Added public `app.routes`. Closes #887 - * Added _view-locals_ example - * Added _mvc_ example - * Added `res.locals.use()`. Closes #1120 - * Added conditional-GET support to `res.send()` - * Added: coerce `res.set()` values to strings - * Changed: moved `static()` in generated apps below router - * Changed: `res.send()` only set ETag when not previously set - * Changed connect 2.2.1 dep - * Changed: `make test` now runs unit / acceptance tests - * Fixed req/res proto inheritance - -3.0.0alpha2 / 2012-04-26 -================== - - * Added `make benchmark` back - * Added `res.send()` support for `String` objects - * Added client-side data exposing example - * Added `res.header()` and `req.header()` aliases for BC - * Added `express.createServer()` for BC - * Perf: memoize parsed urls - * Perf: connect 2.2.0 dep - * Changed: make `expressInit()` middleware self-aware - * Fixed: use app.get() for all core settings - * Fixed redis session example - * Fixed session example. Closes #1105 - * Fixed generated express dep. Closes #1078 - -3.0.0alpha1 / 2012-04-15 -================== - - * Added `app.locals.use(callback)` - * Added `app.locals` object - * Added `app.locals(obj)` - * Added `res.locals` object - * Added `res.locals(obj)` - * Added `res.format()` for content-negotiation - * Added `app.engine()` - * Added `res.cookie()` JSON cookie support - * Added "trust proxy" setting - * Added `req.subdomains` - * Added `req.protocol` - * Added `req.secure` - * Added `req.path` - * Added `req.ips` - * Added `req.fresh` - * Added `req.stale` - * Added comma-delimited / array support for `req.accepts()` - * Added debug instrumentation - * Added `res.set(obj)` - * Added `res.set(field, value)` - * Added `res.get(field)` - * Added `app.get(setting)`. Closes #842 - * Added `req.acceptsLanguage()` - * Added `req.acceptsCharset()` - * Added `req.accepted` - * Added `req.acceptedLanguages` - * Added `req.acceptedCharsets` - * Added "json replacer" setting - * Added "json spaces" setting - * Added X-Forwarded-Proto support to `res.redirect()`. Closes #92 - * Added `--less` support to express(1) - * Added `express.response` prototype - * Added `express.request` prototype - * Added `express.application` prototype - * Added `app.path()` - * Added `app.render()` - * Added `res.type()` to replace `res.contentType()` - * Changed: `res.redirect()` to add relative support - * Changed: enable "jsonp callback" by default - * Changed: renamed "case sensitive routes" to "case sensitive routing" - * Rewrite of all tests with mocha - * Removed "root" setting - * Removed `res.redirect('home')` support - * Removed `req.notify()` - * Removed `app.register()` - * Removed `app.redirect()` - * Removed `app.is()` - * Removed `app.helpers()` - * Removed `app.dynamicHelpers()` - * Fixed `res.sendfile()` with non-GET. Closes #723 - * Fixed express(1) public dir for windows. Closes #866 - -2.5.9/ 2012-04-02 -================== - - * Added support for PURGE request method [pbuyle] - * Fixed `express(1)` generated app `app.address()` before `listening` [mmalecki] - -2.5.8 / 2012-02-08 -================== - - * Update mkdirp dep. Closes #991 - -2.5.7 / 2012-02-06 -================== - - * Fixed `app.all` duplicate DELETE requests [mscdex] - -2.5.6 / 2012-01-13 -================== - - * Updated hamljs dev dep. Closes #953 - -2.5.5 / 2012-01-08 -================== - - * Fixed: set `filename` on cached templates [matthewleon] - -2.5.4 / 2012-01-02 -================== - - * Fixed `express(1)` eol on 0.4.x. Closes #947 - -2.5.3 / 2011-12-30 -================== - - * Fixed `req.is()` when a charset is present - -2.5.2 / 2011-12-10 -================== - - * Fixed: express(1) LF -> CRLF for windows - -2.5.1 / 2011-11-17 -================== - - * Changed: updated connect to 1.8.x - * Removed sass.js support from express(1) - -2.5.0 / 2011-10-24 -================== - - * Added ./routes dir for generated app by default - * Added npm install reminder to express(1) app gen - * Added 0.5.x support - * Removed `make test-cov` since it wont work with node 0.5.x - * Fixed express(1) public dir for windows. Closes #866 - -2.4.7 / 2011-10-05 -================== - - * Added mkdirp to express(1). Closes #795 - * Added simple _json-config_ example - * Added shorthand for the parsed request's pathname via `req.path` - * Changed connect dep to 1.7.x to fix npm issue... - * Fixed `res.redirect()` __HEAD__ support. [reported by xerox] - * Fixed `req.flash()`, only escape args - * Fixed absolute path checking on windows. Closes #829 [reported by andrewpmckenzie] - -2.4.6 / 2011-08-22 -================== - - * Fixed multiple param callback regression. Closes #824 [reported by TroyGoode] - -2.4.5 / 2011-08-19 -================== - - * Added support for routes to handle errors. Closes #809 - * Added `app.routes.all()`. Closes #803 - * Added "basepath" setting to work in conjunction with reverse proxies etc. - * Refactored `Route` to use a single array of callbacks - * Added support for multiple callbacks for `app.param()`. Closes #801 -Closes #805 - * Changed: removed .call(self) for route callbacks - * Dependency: `qs >= 0.3.1` - * Fixed `res.redirect()` on windows due to `join()` usage. Closes #808 - -2.4.4 / 2011-08-05 -================== - - * Fixed `res.header()` intention of a set, even when `undefined` - * Fixed `*`, value no longer required - * Fixed `res.send(204)` support. Closes #771 - -2.4.3 / 2011-07-14 -================== - - * Added docs for `status` option special-case. Closes #739 - * Fixed `options.filename`, exposing the view path to template engines - -2.4.2. / 2011-07-06 -================== - - * Revert "removed jsonp stripping" for XSS - -2.4.1 / 2011-07-06 -================== - - * Added `res.json()` JSONP support. Closes #737 - * Added _extending-templates_ example. Closes #730 - * Added "strict routing" setting for trailing slashes - * Added support for multiple envs in `app.configure()` calls. Closes #735 - * Changed: `res.send()` using `res.json()` - * Changed: when cookie `path === null` don't default it - * Changed; default cookie path to "home" setting. Closes #731 - * Removed _pids/logs_ creation from express(1) - -2.4.0 / 2011-06-28 -================== - - * Added chainable `res.status(code)` - * Added `res.json()`, an explicit version of `res.send(obj)` - * Added simple web-service example - -2.3.12 / 2011-06-22 -================== - - * \#express is now on freenode! come join! - * Added `req.get(field, param)` - * Added links to Japanese documentation, thanks @hideyukisaito! - * Added; the `express(1)` generated app outputs the env - * Added `content-negotiation` example - * Dependency: connect >= 1.5.1 < 2.0.0 - * Fixed view layout bug. Closes #720 - * Fixed; ignore body on 304. Closes #701 - -2.3.11 / 2011-06-04 -================== - - * Added `npm test` - * Removed generation of dummy test file from `express(1)` - * Fixed; `express(1)` adds express as a dep - * Fixed; prune on `prepublish` - -2.3.10 / 2011-05-27 -================== - - * Added `req.route`, exposing the current route - * Added _package.json_ generation support to `express(1)` - * Fixed call to `app.param()` function for optional params. Closes #682 - -2.3.9 / 2011-05-25 -================== - - * Fixed bug-ish with `../' in `res.partial()` calls - -2.3.8 / 2011-05-24 -================== - - * Fixed `app.options()` - -2.3.7 / 2011-05-23 -================== - - * Added route `Collection`, ex: `app.get('/user/:id').remove();` - * Added support for `app.param(fn)` to define param logic - * Removed `app.param()` support for callback with return value - * Removed module.parent check from express(1) generated app. Closes #670 - * Refactored router. Closes #639 - -2.3.6 / 2011-05-20 -================== - - * Changed; using devDependencies instead of git submodules - * Fixed redis session example - * Fixed markdown example - * Fixed view caching, should not be enabled in development - -2.3.5 / 2011-05-20 -================== - - * Added export `.view` as alias for `.View` - -2.3.4 / 2011-05-08 -================== - - * Added `./examples/say` - * Fixed `res.sendfile()` bug preventing the transfer of files with spaces - -2.3.3 / 2011-05-03 -================== - - * Added "case sensitive routes" option. - * Changed; split methods supported per rfc [slaskis] - * Fixed route-specific middleware when using the same callback function several times - -2.3.2 / 2011-04-27 -================== - - * Fixed view hints - -2.3.1 / 2011-04-26 -================== - - * Added `app.match()` as `app.match.all()` - * Added `app.lookup()` as `app.lookup.all()` - * Added `app.remove()` for `app.remove.all()` - * Added `app.remove.VERB()` - * Fixed template caching collision issue. Closes #644 - * Moved router over from connect and started refactor - -2.3.0 / 2011-04-25 -================== - - * Added options support to `res.clearCookie()` - * Added `res.helpers()` as alias of `res.locals()` - * Added; json defaults to UTF-8 with `res.send()`. Closes #632. [Daniel * Dependency `connect >= 1.4.0` - * Changed; auto set Content-Type in res.attachement [Aaron Heckmann] - * Renamed "cache views" to "view cache". Closes #628 - * Fixed caching of views when using several apps. Closes #637 - * Fixed gotcha invoking `app.param()` callbacks once per route middleware. -Closes #638 - * Fixed partial lookup precedence. Closes #631 -Shaw] - -2.2.2 / 2011-04-12 -================== - - * Added second callback support for `res.download()` connection errors - * Fixed `filename` option passing to template engine - -2.2.1 / 2011-04-04 -================== - - * Added `layout(path)` helper to change the layout within a view. Closes #610 - * Fixed `partial()` collection object support. - Previously only anything with `.length` would work. - When `.length` is present one must still be aware of holes, - however now `{ collection: {foo: 'bar'}}` is valid, exposes - `keyInCollection` and `keysInCollection`. - - * Performance improved with better view caching - * Removed `request` and `response` locals - * Changed; errorHandler page title is now `Express` instead of `Connect` - -2.2.0 / 2011-03-30 -================== - - * Added `app.lookup.VERB()`, ex `app.lookup.put('/user/:id')`. Closes #606 - * Added `app.match.VERB()`, ex `app.match.put('/user/12')`. Closes #606 - * Added `app.VERB(path)` as alias of `app.lookup.VERB()`. - * Dependency `connect >= 1.2.0` - -2.1.1 / 2011-03-29 -================== - - * Added; expose `err.view` object when failing to locate a view - * Fixed `res.partial()` call `next(err)` when no callback is given [reported by aheckmann] - * Fixed; `res.send(undefined)` responds with 204 [aheckmann] - -2.1.0 / 2011-03-24 -================== - - * Added `<root>/_?<name>` partial lookup support. Closes #447 - * Added `request`, `response`, and `app` local variables - * Added `settings` local variable, containing the app's settings - * Added `req.flash()` exception if `req.session` is not available - * Added `res.send(bool)` support (json response) - * Fixed stylus example for latest version - * Fixed; wrap try/catch around `res.render()` - -2.0.0 / 2011-03-17 -================== - - * Fixed up index view path alternative. - * Changed; `res.locals()` without object returns the locals - -2.0.0rc3 / 2011-03-17 -================== - - * Added `res.locals(obj)` to compliment `res.local(key, val)` - * Added `res.partial()` callback support - * Fixed recursive error reporting issue in `res.render()` - -2.0.0rc2 / 2011-03-17 -================== - - * Changed; `partial()` "locals" are now optional - * Fixed `SlowBuffer` support. Closes #584 [reported by tyrda01] - * Fixed .filename view engine option [reported by drudge] - * Fixed blog example - * Fixed `{req,res}.app` reference when mounting [Ben Weaver] - -2.0.0rc / 2011-03-14 -================== - - * Fixed; expose `HTTPSServer` constructor - * Fixed express(1) default test charset. Closes #579 [reported by secoif] - * Fixed; default charset to utf-8 instead of utf8 for lame IE [reported by NickP] - -2.0.0beta3 / 2011-03-09 -================== - - * Added support for `res.contentType()` literal - The original `res.contentType('.json')`, - `res.contentType('application/json')`, and `res.contentType('json')` - will work now. - * Added `res.render()` status option support back - * Added charset option for `res.render()` - * Added `.charset` support (via connect 1.0.4) - * Added view resolution hints when in development and a lookup fails - * Added layout lookup support relative to the page view. - For example while rendering `./views/user/index.jade` if you create - `./views/user/layout.jade` it will be used in favour of the root layout. - * Fixed `res.redirect()`. RFC states absolute url [reported by unlink] - * Fixed; default `res.send()` string charset to utf8 - * Removed `Partial` constructor (not currently used) - -2.0.0beta2 / 2011-03-07 -================== - - * Added res.render() `.locals` support back to aid in migration process - * Fixed flash example - -2.0.0beta / 2011-03-03 -================== - - * Added HTTPS support - * Added `res.cookie()` maxAge support - * Added `req.header()` _Referrer_ / _Referer_ special-case, either works - * Added mount support for `res.redirect()`, now respects the mount-point - * Added `union()` util, taking place of `merge(clone())` combo - * Added stylus support to express(1) generated app - * Added secret to session middleware used in examples and generated app - * Added `res.local(name, val)` for progressive view locals - * Added default param support to `req.param(name, default)` - * Added `app.disabled()` and `app.enabled()` - * Added `app.register()` support for omitting leading ".", either works - * Added `res.partial()`, using the same interface as `partial()` within a view. Closes #539 - * Added `app.param()` to map route params to async/sync logic - * Added; aliased `app.helpers()` as `app.locals()`. Closes #481 - * Added extname with no leading "." support to `res.contentType()` - * Added `cache views` setting, defaulting to enabled in "production" env - * Added index file partial resolution, eg: partial('user') may try _views/user/index.jade_. - * Added `req.accepts()` support for extensions - * Changed; `res.download()` and `res.sendfile()` now utilize Connect's - static file server `connect.static.send()`. - * Changed; replaced `connect.utils.mime()` with npm _mime_ module - * Changed; allow `req.query` to be pre-defined (via middleware or other parent - * Changed view partial resolution, now relative to parent view - * Changed view engine signature. no longer `engine.render(str, options, callback)`, now `engine.compile(str, options) -> Function`, the returned function accepts `fn(locals)`. - * Fixed `req.param()` bug returning Array.prototype methods. Closes #552 - * Fixed; using `Stream#pipe()` instead of `sys.pump()` in `res.sendfile()` - * Fixed; using _qs_ module instead of _querystring_ - * Fixed; strip unsafe chars from jsonp callbacks - * Removed "stream threshold" setting - -1.0.8 / 2011-03-01 -================== - - * Allow `req.query` to be pre-defined (via middleware or other parent app) - * "connect": ">= 0.5.0 < 1.0.0". Closes #547 - * Removed the long deprecated __EXPRESS_ENV__ support - -1.0.7 / 2011-02-07 -================== - - * Fixed `render()` setting inheritance. - Mounted apps would not inherit "view engine" - -1.0.6 / 2011-02-07 -================== - - * Fixed `view engine` setting bug when period is in dirname - -1.0.5 / 2011-02-05 -================== - - * Added secret to generated app `session()` call - -1.0.4 / 2011-02-05 -================== - - * Added `qs` dependency to _package.json_ - * Fixed namespaced `require()`s for latest connect support - -1.0.3 / 2011-01-13 -================== - - * Remove unsafe characters from JSONP callback names [Ryan Grove] - -1.0.2 / 2011-01-10 -================== - - * Removed nested require, using `connect.router` - -1.0.1 / 2010-12-29 -================== - - * Fixed for middleware stacked via `createServer()` - previously the `foo` middleware passed to `createServer(foo)` - would not have access to Express methods such as `res.send()` - or props like `req.query` etc. - -1.0.0 / 2010-11-16 -================== - - * Added; deduce partial object names from the last segment. - For example by default `partial('forum/post', postObject)` will - give you the _post_ object, providing a meaningful default. - * Added http status code string representation to `res.redirect()` body - * Added; `res.redirect()` supporting _text/plain_ and _text/html_ via __Accept__. - * Added `req.is()` to aid in content negotiation - * Added partial local inheritance [suggested by masylum]. Closes #102 - providing access to parent template locals. - * Added _-s, --session[s]_ flag to express(1) to add session related middleware - * Added _--template_ flag to express(1) to specify the - template engine to use. - * Added _--css_ flag to express(1) to specify the - stylesheet engine to use (or just plain css by default). - * Added `app.all()` support [thanks aheckmann] - * Added partial direct object support. - You may now `partial('user', user)` providing the "user" local, - vs previously `partial('user', { object: user })`. - * Added _route-separation_ example since many people question ways - to do this with CommonJS modules. Also view the _blog_ example for - an alternative. - * Performance; caching view path derived partial object names - * Fixed partial local inheritance precedence. [reported by Nick Poulden] Closes #454 - * Fixed jsonp support; _text/javascript_ as per mailinglist discussion - -1.0.0rc4 / 2010-10-14 -================== - - * Added _NODE_ENV_ support, _EXPRESS_ENV_ is deprecated and will be removed in 1.0.0 - * Added route-middleware support (very helpful, see the [docs](http://expressjs.com/guide.html#Route-Middleware)) - * Added _jsonp callback_ setting to enable/disable jsonp autowrapping [Dav Glass] - * Added callback query check on response.send to autowrap JSON objects for simple webservice implementations [Dav Glass] - * Added `partial()` support for array-like collections. Closes #434 - * Added support for swappable querystring parsers - * Added session usage docs. Closes #443 - * Added dynamic helper caching. Closes #439 [suggested by maritz] - * Added authentication example - * Added basic Range support to `res.sendfile()` (and `res.download()` etc) - * Changed; `express(1)` generated app using 2 spaces instead of 4 - * Default env to "development" again [aheckmann] - * Removed _context_ option is no more, use "scope" - * Fixed; exposing _./support_ libs to examples so they can run without installs - * Fixed mvc example - -1.0.0rc3 / 2010-09-20 -================== - - * Added confirmation for `express(1)` app generation. Closes #391 - * Added extending of flash formatters via `app.flashFormatters` - * Added flash formatter support. Closes #411 - * Added streaming support to `res.sendfile()` using `sys.pump()` when >= "stream threshold" - * Added _stream threshold_ setting for `res.sendfile()` - * Added `res.send()` __HEAD__ support - * Added `res.clearCookie()` - * Added `res.cookie()` - * Added `res.render()` headers option - * Added `res.redirect()` response bodies - * Added `res.render()` status option support. Closes #425 [thanks aheckmann] - * Fixed `res.sendfile()` responding with 403 on malicious path - * Fixed `res.download()` bug; when an error occurs remove _Content-Disposition_ - * Fixed; mounted apps settings now inherit from parent app [aheckmann] - * Fixed; stripping Content-Length / Content-Type when 204 - * Fixed `res.send()` 204. Closes #419 - * Fixed multiple _Set-Cookie_ headers via `res.header()`. Closes #402 - * Fixed bug messing with error handlers when `listenFD()` is called instead of `listen()`. [thanks guillermo] - - -1.0.0rc2 / 2010-08-17 -================== - - * Added `app.register()` for template engine mapping. Closes #390 - * Added `res.render()` callback support as second argument (no options) - * Added callback support to `res.download()` - * Added callback support for `res.sendfile()` - * Added support for middleware access via `express.middlewareName()` vs `connect.middlewareName()` - * Added "partials" setting to docs - * Added default expresso tests to `express(1)` generated app. Closes #384 - * Fixed `res.sendfile()` error handling, defer via `next()` - * Fixed `res.render()` callback when a layout is used [thanks guillermo] - * Fixed; `make install` creating ~/.node_libraries when not present - * Fixed issue preventing error handlers from being defined anywhere. Closes #387 - -1.0.0rc / 2010-07-28 -================== - - * Added mounted hook. Closes #369 - * Added connect dependency to _package.json_ - - * Removed "reload views" setting and support code - development env never caches, production always caches. - - * Removed _param_ in route callbacks, signature is now - simply (req, res, next), previously (req, res, params, next). - Use _req.params_ for path captures, _req.query_ for GET params. - - * Fixed "home" setting - * Fixed middleware/router precedence issue. Closes #366 - * Fixed; _configure()_ callbacks called immediately. Closes #368 - -1.0.0beta2 / 2010-07-23 -================== - - * Added more examples - * Added; exporting `Server` constructor - * Added `Server#helpers()` for view locals - * Added `Server#dynamicHelpers()` for dynamic view locals. Closes #349 - * Added support for absolute view paths - * Added; _home_ setting defaults to `Server#route` for mounted apps. Closes #363 - * Added Guillermo Rauch to the contributor list - * Added support for "as" for non-collection partials. Closes #341 - * Fixed _install.sh_, ensuring _~/.node_libraries_ exists. Closes #362 [thanks jf] - * Fixed `res.render()` exceptions, now passed to `next()` when no callback is given [thanks guillermo] - * Fixed instanceof `Array` checks, now `Array.isArray()` - * Fixed express(1) expansion of public dirs. Closes #348 - * Fixed middleware precedence. Closes #345 - * Fixed view watcher, now async [thanks aheckmann] - -1.0.0beta / 2010-07-15 -================== - - * Re-write - - much faster - - much lighter - - Check [ExpressJS.com](http://expressjs.com) for migration guide and updated docs - -0.14.0 / 2010-06-15 -================== - - * Utilize relative requires - * Added Static bufferSize option [aheckmann] - * Fixed caching of view and partial subdirectories [aheckmann] - * Fixed mime.type() comments now that ".ext" is not supported - * Updated haml submodule - * Updated class submodule - * Removed bin/express - -0.13.0 / 2010-06-01 -================== - - * Added node v0.1.97 compatibility - * Added support for deleting cookies via Request#cookie('key', null) - * Updated haml submodule - * Fixed not-found page, now using charset utf-8 - * Fixed show-exceptions page, now using charset utf-8 - * Fixed view support due to fs.readFile Buffers - * Changed; mime.type() no longer accepts ".type" due to node extname() changes - -0.12.0 / 2010-05-22 -================== - - * Added node v0.1.96 compatibility - * Added view `helpers` export which act as additional local variables - * Updated haml submodule - * Changed ETag; removed inode, modified time only - * Fixed LF to CRLF for setting multiple cookies - * Fixed cookie compilation; values are now urlencoded - * Fixed cookies parsing; accepts quoted values and url escaped cookies - -0.11.0 / 2010-05-06 -================== - - * Added support for layouts using different engines - - this.render('page.html.haml', { layout: 'super-cool-layout.html.ejs' }) - - this.render('page.html.haml', { layout: 'foo' }) // assumes 'foo.html.haml' - - this.render('page.html.haml', { layout: false }) // no layout - * Updated ext submodule - * Updated haml submodule - * Fixed EJS partial support by passing along the context. Issue #307 - -0.10.1 / 2010-05-03 -================== - - * Fixed binary uploads. - -0.10.0 / 2010-04-30 -================== - - * Added charset support via Request#charset (automatically assigned to 'UTF-8' when respond()'s - encoding is set to 'utf8' or 'utf-8'). - * Added "encoding" option to Request#render(). Closes #299 - * Added "dump exceptions" setting, which is enabled by default. - * Added simple ejs template engine support - * Added error response support for text/plain, application/json. Closes #297 - * Added callback function param to Request#error() - * Added Request#sendHead() - * Added Request#stream() - * Added support for Request#respond(304, null) for empty response bodies - * Added ETag support to Request#sendfile() - * Added options to Request#sendfile(), passed to fs.createReadStream() - * Added filename arg to Request#download() - * Performance enhanced due to pre-reversing plugins so that plugins.reverse() is not called on each request - * Performance enhanced by preventing several calls to toLowerCase() in Router#match() - * Changed; Request#sendfile() now streams - * Changed; Renamed Request#halt() to Request#respond(). Closes #289 - * Changed; Using sys.inspect() instead of JSON.encode() for error output - * Changed; run() returns the http.Server instance. Closes #298 - * Changed; Defaulting Server#host to null (INADDR_ANY) - * Changed; Logger "common" format scale of 0.4f - * Removed Logger "request" format - * Fixed; Catching ENOENT in view caching, preventing error when "views/partials" is not found - * Fixed several issues with http client - * Fixed Logger Content-Length output - * Fixed bug preventing Opera from retaining the generated session id. Closes #292 - -0.9.0 / 2010-04-14 -================== - - * Added DSL level error() route support - * Added DSL level notFound() route support - * Added Request#error() - * Added Request#notFound() - * Added Request#render() callback function. Closes #258 - * Added "max upload size" setting - * Added "magic" variables to collection partials (\_\_index\_\_, \_\_length\_\_, \_\_isFirst\_\_, \_\_isLast\_\_). Closes #254 - * Added [haml.js](http://github.com/visionmedia/haml.js) submodule; removed haml-js - * Added callback function support to Request#halt() as 3rd/4th arg - * Added preprocessing of route param wildcards using param(). Closes #251 - * Added view partial support (with collections etc.) - * Fixed bug preventing falsey params (such as ?page=0). Closes #286 - * Fixed setting of multiple cookies. Closes #199 - * Changed; view naming convention is now NAME.TYPE.ENGINE (for example page.html.haml) - * Changed; session cookie is now httpOnly - * Changed; Request is no longer global - * Changed; Event is no longer global - * Changed; "sys" module is no longer global - * Changed; moved Request#download to Static plugin where it belongs - * Changed; Request instance created before body parsing. Closes #262 - * Changed; Pre-caching views in memory when "cache view contents" is enabled. Closes #253 - * Changed; Pre-caching view partials in memory when "cache view partials" is enabled - * Updated support to node --version 0.1.90 - * Updated dependencies - * Removed set("session cookie") in favour of use(Session, { cookie: { ... }}) - * Removed utils.mixin(); use Object#mergeDeep() - -0.8.0 / 2010-03-19 -================== - - * Added coffeescript example app. Closes #242 - * Changed; cache api now async friendly. Closes #240 - * Removed deprecated 'express/static' support. Use 'express/plugins/static' - -0.7.6 / 2010-03-19 -================== - - * Added Request#isXHR. Closes #229 - * Added `make install` (for the executable) - * Added `express` executable for setting up simple app templates - * Added "GET /public/*" to Static plugin, defaulting to <root>/public - * Added Static plugin - * Fixed; Request#render() only calls cache.get() once - * Fixed; Namespacing View caches with "view:" - * Fixed; Namespacing Static caches with "static:" - * Fixed; Both example apps now use the Static plugin - * Fixed set("views"). Closes #239 - * Fixed missing space for combined log format - * Deprecated Request#sendfile() and 'express/static' - * Removed Server#running - -0.7.5 / 2010-03-16 -================== - - * Added Request#flash() support without args, now returns all flashes - * Updated ext submodule - -0.7.4 / 2010-03-16 -================== - - * Fixed session reaper - * Changed; class.js replacing js-oo Class implementation (quite a bit faster, no browser cruft) - -0.7.3 / 2010-03-16 -================== - - * Added package.json - * Fixed requiring of haml / sass due to kiwi removal - -0.7.2 / 2010-03-16 -================== - - * Fixed GIT submodules (HAH!) - -0.7.1 / 2010-03-16 -================== - - * Changed; Express now using submodules again until a PM is adopted - * Changed; chat example using millisecond conversions from ext - -0.7.0 / 2010-03-15 -================== - - * Added Request#pass() support (finds the next matching route, or the given path) - * Added Logger plugin (default "common" format replaces CommonLogger) - * Removed Profiler plugin - * Removed CommonLogger plugin - -0.6.0 / 2010-03-11 -================== - - * Added seed.yml for kiwi package management support - * Added HTTP client query string support when method is GET. Closes #205 - - * Added support for arbitrary view engines. - For example "foo.engine.html" will now require('engine'), - the exports from this module are cached after the first require(). - - * Added async plugin support - - * Removed usage of RESTful route funcs as http client - get() etc, use http.get() and friends - - * Removed custom exceptions - -0.5.0 / 2010-03-10 -================== - - * Added ext dependency (library of js extensions) - * Removed extname() / basename() utils. Use path module - * Removed toArray() util. Use arguments.values - * Removed escapeRegexp() util. Use RegExp.escape() - * Removed process.mixin() dependency. Use utils.mixin() - * Removed Collection - * Removed ElementCollection - * Shameless self promotion of ebook "Advanced JavaScript" (http://dev-mag.com) ;) - -0.4.0 / 2010-02-11 -================== - - * Added flash() example to sample upload app - * Added high level restful http client module (express/http) - * Changed; RESTful route functions double as HTTP clients. Closes #69 - * Changed; throwing error when routes are added at runtime - * Changed; defaulting render() context to the current Request. Closes #197 - * Updated haml submodule - -0.3.0 / 2010-02-11 -================== - - * Updated haml / sass submodules. Closes #200 - * Added flash message support. Closes #64 - * Added accepts() now allows multiple args. fixes #117 - * Added support for plugins to halt. Closes #189 - * Added alternate layout support. Closes #119 - * Removed Route#run(). Closes #188 - * Fixed broken specs due to use(Cookie) missing - -0.2.1 / 2010-02-05 -================== - - * Added "plot" format option for Profiler (for gnuplot processing) - * Added request number to Profiler plugin - * Fixed binary encoding for multipart file uploads, was previously defaulting to UTF8 - * Fixed issue with routes not firing when not files are present. Closes #184 - * Fixed process.Promise -> events.Promise - -0.2.0 / 2010-02-03 -================== - - * Added parseParam() support for name[] etc. (allows for file inputs with "multiple" attr) Closes #180 - * Added Both Cache and Session option "reapInterval" may be "reapEvery". Closes #174 - * Added expiration support to cache api with reaper. Closes #133 - * Added cache Store.Memory#reap() - * Added Cache; cache api now uses first class Cache instances - * Added abstract session Store. Closes #172 - * Changed; cache Memory.Store#get() utilizing Collection - * Renamed MemoryStore -> Store.Memory - * Fixed use() of the same plugin several time will always use latest options. Closes #176 - -0.1.0 / 2010-02-03 -================== - - * Changed; Hooks (before / after) pass request as arg as well as evaluated in their context - * Updated node support to 0.1.27 Closes #169 - * Updated dirname(__filename) -> __dirname - * Updated libxmljs support to v0.2.0 - * Added session support with memory store / reaping - * Added quick uid() helper - * Added multi-part upload support - * Added Sass.js support / submodule - * Added production env caching view contents and static files - * Added static file caching. Closes #136 - * Added cache plugin with memory stores - * Added support to StaticFile so that it works with non-textual files. - * Removed dirname() helper - * Removed several globals (now their modules must be required) - -0.0.2 / 2010-01-10 -================== - - * Added view benchmarks; currently haml vs ejs - * Added Request#attachment() specs. Closes #116 - * Added use of node's parseQuery() util. Closes #123 - * Added `make init` for submodules - * Updated Haml - * Updated sample chat app to show messages on load - * Updated libxmljs parseString -> parseHtmlString - * Fixed `make init` to work with older versions of git - * Fixed specs can now run independent specs for those who can't build deps. Closes #127 - * Fixed issues introduced by the node url module changes. Closes 126. - * Fixed two assertions failing due to Collection#keys() returning strings - * Fixed faulty Collection#toArray() spec due to keys() returning strings - * Fixed `make test` now builds libxmljs.node before testing - -0.0.1 / 2010-01-03 -================== - - * Initial release diff --git a/backend/node_modules/express/LICENSE b/backend/node_modules/express/LICENSE deleted file mode 100644 index aa927e4..0000000 --- a/backend/node_modules/express/LICENSE +++ /dev/null @@ -1,24 +0,0 @@ -(The MIT License) - -Copyright (c) 2009-2014 TJ Holowaychuk <tj@vision-media.ca> -Copyright (c) 2013-2014 Roman Shtylman <shtylman+expressjs@gmail.com> -Copyright (c) 2014-2015 Douglas Christopher Wilson <doug@somethingdoug.com> - -Permission is hereby granted, free of charge, to any person obtaining -a copy of this software and associated documentation files (the -'Software'), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions: - -The above copyright notice and this permission notice shall be -included in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, -EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY -CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, -TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE -SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/backend/node_modules/express/Readme.md b/backend/node_modules/express/Readme.md deleted file mode 100644 index d0f3cf5..0000000 --- a/backend/node_modules/express/Readme.md +++ /dev/null @@ -1,166 +0,0 @@ -[](http://expressjs.com/) - - Fast, unopinionated, minimalist web framework for [Node.js](http://nodejs.org). - - [![NPM Version][npm-version-image]][npm-url] - [![NPM Install Size][npm-install-size-image]][npm-install-size-url] - [![NPM Downloads][npm-downloads-image]][npm-downloads-url] - -```js -const express = require('express') -const app = express() - -app.get('/', function (req, res) { - res.send('Hello World') -}) - -app.listen(3000) -``` - -## Installation - -This is a [Node.js](https://nodejs.org/en/) module available through the -[npm registry](https://www.npmjs.com/). - -Before installing, [download and install Node.js](https://nodejs.org/en/download/). -Node.js 0.10 or higher is required. - -If this is a brand new project, make sure to create a `package.json` first with -the [`npm init` command](https://docs.npmjs.com/creating-a-package-json-file). - -Installation is done using the -[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally): - -```console -$ npm install express -``` - -Follow [our installing guide](http://expressjs.com/en/starter/installing.html) -for more information. - -## Features - - * Robust routing - * Focus on high performance - * Super-high test coverage - * HTTP helpers (redirection, caching, etc) - * View system supporting 14+ template engines - * Content negotiation - * Executable for generating applications quickly - -## Docs & Community - - * [Website and Documentation](http://expressjs.com/) - [[website repo](https://github.com/expressjs/expressjs.com)] - * [#express](https://web.libera.chat/#express) on [Libera Chat](https://libera.chat) IRC - * [GitHub Organization](https://github.com/expressjs) for Official Middleware & Modules - * Visit the [Wiki](https://github.com/expressjs/express/wiki) - * [Google Group](https://groups.google.com/group/express-js) for discussion - * [Gitter](https://gitter.im/expressjs/express) for support and discussion - -**PROTIP** Be sure to read [Migrating from 3.x to 4.x](https://github.com/expressjs/express/wiki/Migrating-from-3.x-to-4.x) as well as [New features in 4.x](https://github.com/expressjs/express/wiki/New-features-in-4.x). - -## Quick Start - - The quickest way to get started with express is to utilize the executable [`express(1)`](https://github.com/expressjs/generator) to generate an application as shown below: - - Install the executable. The executable's major version will match Express's: - -```console -$ npm install -g express-generator@4 -``` - - Create the app: - -```console -$ express /tmp/foo && cd /tmp/foo -``` - - Install dependencies: - -```console -$ npm install -``` - - Start the server: - -```console -$ npm start -``` - - View the website at: http://localhost:3000 - -## Philosophy - - The Express philosophy is to provide small, robust tooling for HTTP servers, making - it a great solution for single page applications, websites, hybrids, or public - HTTP APIs. - - Express does not force you to use any specific ORM or template engine. With support for over - 14 template engines via [Consolidate.js](https://github.com/tj/consolidate.js), - you can quickly craft your perfect framework. - -## Examples - - To view the examples, clone the Express repo and install the dependencies: - -```console -$ git clone https://github.com/expressjs/express.git --depth 1 -$ cd express -$ npm install -``` - - Then run whichever example you want: - -```console -$ node examples/content-negotiation -``` - -## Contributing - - [![Linux Build][github-actions-ci-image]][github-actions-ci-url] - [![Windows Build][appveyor-image]][appveyor-url] - [![Test Coverage][coveralls-image]][coveralls-url] - -The Express.js project welcomes all constructive contributions. Contributions take many forms, -from code for bug fixes and enhancements, to additions and fixes to documentation, additional -tests, triaging incoming pull requests and issues, and more! - -See the [Contributing Guide](Contributing.md) for more technical details on contributing. - -### Security Issues - -If you discover a security vulnerability in Express, please see [Security Policies and Procedures](Security.md). - -### Running Tests - -To run the test suite, first install the dependencies, then run `npm test`: - -```console -$ npm install -$ npm test -``` - -## People - -The original author of Express is [TJ Holowaychuk](https://github.com/tj) - -The current lead maintainer is [Douglas Christopher Wilson](https://github.com/dougwilson) - -[List of all contributors](https://github.com/expressjs/express/graphs/contributors) - -## License - - [MIT](LICENSE) - -[appveyor-image]: https://badgen.net/appveyor/ci/dougwilson/express/master?label=windows -[appveyor-url]: https://ci.appveyor.com/project/dougwilson/express -[coveralls-image]: https://badgen.net/coveralls/c/github/expressjs/express/master -[coveralls-url]: https://coveralls.io/r/expressjs/express?branch=master -[github-actions-ci-image]: https://badgen.net/github/checks/expressjs/express/master?label=linux -[github-actions-ci-url]: https://github.com/expressjs/express/actions/workflows/ci.yml -[npm-downloads-image]: https://badgen.net/npm/dm/express -[npm-downloads-url]: https://npmcharts.com/compare/express?minimal=true -[npm-install-size-image]: https://badgen.net/packagephobia/install/express -[npm-install-size-url]: https://packagephobia.com/result?p=express -[npm-url]: https://npmjs.org/package/express -[npm-version-image]: https://badgen.net/npm/v/express diff --git a/backend/node_modules/express/index.js b/backend/node_modules/express/index.js deleted file mode 100644 index d219b0c..0000000 --- a/backend/node_modules/express/index.js +++ /dev/null @@ -1,11 +0,0 @@ -/*! - * express - * Copyright(c) 2009-2013 TJ Holowaychuk - * Copyright(c) 2013 Roman Shtylman - * Copyright(c) 2014-2015 Douglas Christopher Wilson - * MIT Licensed - */ - -'use strict'; - -module.exports = require('./lib/express'); diff --git a/backend/node_modules/express/lib/application.js b/backend/node_modules/express/lib/application.js deleted file mode 100644 index ebb30b5..0000000 --- a/backend/node_modules/express/lib/application.js +++ /dev/null @@ -1,661 +0,0 @@ -/*! - * express - * Copyright(c) 2009-2013 TJ Holowaychuk - * Copyright(c) 2013 Roman Shtylman - * Copyright(c) 2014-2015 Douglas Christopher Wilson - * MIT Licensed - */ - -'use strict'; - -/** - * Module dependencies. - * @private - */ - -var finalhandler = require('finalhandler'); -var Router = require('./router'); -var methods = require('methods'); -var middleware = require('./middleware/init'); -var query = require('./middleware/query'); -var debug = require('debug')('express:application'); -var View = require('./view'); -var http = require('http'); -var compileETag = require('./utils').compileETag; -var compileQueryParser = require('./utils').compileQueryParser; -var compileTrust = require('./utils').compileTrust; -var deprecate = require('depd')('express'); -var flatten = require('array-flatten'); -var merge = require('utils-merge'); -var resolve = require('path').resolve; -var setPrototypeOf = require('setprototypeof') - -/** - * Module variables. - * @private - */ - -var hasOwnProperty = Object.prototype.hasOwnProperty -var slice = Array.prototype.slice; - -/** - * Application prototype. - */ - -var app = exports = module.exports = {}; - -/** - * Variable for trust proxy inheritance back-compat - * @private - */ - -var trustProxyDefaultSymbol = '@@symbol:trust_proxy_default'; - -/** - * Initialize the server. - * - * - setup default configuration - * - setup default middleware - * - setup route reflection methods - * - * @private - */ - -app.init = function init() { - this.cache = {}; - this.engines = {}; - this.settings = {}; - - this.defaultConfiguration(); -}; - -/** - * Initialize application configuration. - * @private - */ - -app.defaultConfiguration = function defaultConfiguration() { - var env = process.env.NODE_ENV || 'development'; - - // default settings - this.enable('x-powered-by'); - this.set('etag', 'weak'); - this.set('env', env); - this.set('query parser', 'extended'); - this.set('subdomain offset', 2); - this.set('trust proxy', false); - - // trust proxy inherit back-compat - Object.defineProperty(this.settings, trustProxyDefaultSymbol, { - configurable: true, - value: true - }); - - debug('booting in %s mode', env); - - this.on('mount', function onmount(parent) { - // inherit trust proxy - if (this.settings[trustProxyDefaultSymbol] === true - && typeof parent.settings['trust proxy fn'] === 'function') { - delete this.settings['trust proxy']; - delete this.settings['trust proxy fn']; - } - - // inherit protos - setPrototypeOf(this.request, parent.request) - setPrototypeOf(this.response, parent.response) - setPrototypeOf(this.engines, parent.engines) - setPrototypeOf(this.settings, parent.settings) - }); - - // setup locals - this.locals = Object.create(null); - - // top-most app is mounted at / - this.mountpath = '/'; - - // default locals - this.locals.settings = this.settings; - - // default configuration - this.set('view', View); - this.set('views', resolve('views')); - this.set('jsonp callback name', 'callback'); - - if (env === 'production') { - this.enable('view cache'); - } - - Object.defineProperty(this, 'router', { - get: function() { - throw new Error('\'app.router\' is deprecated!\nPlease see the 3.x to 4.x migration guide for details on how to update your app.'); - } - }); -}; - -/** - * lazily adds the base router if it has not yet been added. - * - * We cannot add the base router in the defaultConfiguration because - * it reads app settings which might be set after that has run. - * - * @private - */ -app.lazyrouter = function lazyrouter() { - if (!this._router) { - this._router = new Router({ - caseSensitive: this.enabled('case sensitive routing'), - strict: this.enabled('strict routing') - }); - - this._router.use(query(this.get('query parser fn'))); - this._router.use(middleware.init(this)); - } -}; - -/** - * Dispatch a req, res pair into the application. Starts pipeline processing. - * - * If no callback is provided, then default error handlers will respond - * in the event of an error bubbling through the stack. - * - * @private - */ - -app.handle = function handle(req, res, callback) { - var router = this._router; - - // final handler - var done = callback || finalhandler(req, res, { - env: this.get('env'), - onerror: logerror.bind(this) - }); - - // no routes - if (!router) { - debug('no routes defined on app'); - done(); - return; - } - - router.handle(req, res, done); -}; - -/** - * Proxy `Router#use()` to add middleware to the app router. - * See Router#use() documentation for details. - * - * If the _fn_ parameter is an express app, then it will be - * mounted at the _route_ specified. - * - * @public - */ - -app.use = function use(fn) { - var offset = 0; - var path = '/'; - - // default path to '/' - // disambiguate app.use([fn]) - if (typeof fn !== 'function') { - var arg = fn; - - while (Array.isArray(arg) && arg.length !== 0) { - arg = arg[0]; - } - - // first arg is the path - if (typeof arg !== 'function') { - offset = 1; - path = fn; - } - } - - var fns = flatten(slice.call(arguments, offset)); - - if (fns.length === 0) { - throw new TypeError('app.use() requires a middleware function') - } - - // setup router - this.lazyrouter(); - var router = this._router; - - fns.forEach(function (fn) { - // non-express app - if (!fn || !fn.handle || !fn.set) { - return router.use(path, fn); - } - - debug('.use app under %s', path); - fn.mountpath = path; - fn.parent = this; - - // restore .app property on req and res - router.use(path, function mounted_app(req, res, next) { - var orig = req.app; - fn.handle(req, res, function (err) { - setPrototypeOf(req, orig.request) - setPrototypeOf(res, orig.response) - next(err); - }); - }); - - // mounted an app - fn.emit('mount', this); - }, this); - - return this; -}; - -/** - * Proxy to the app `Router#route()` - * Returns a new `Route` instance for the _path_. - * - * Routes are isolated middleware stacks for specific paths. - * See the Route api docs for details. - * - * @public - */ - -app.route = function route(path) { - this.lazyrouter(); - return this._router.route(path); -}; - -/** - * Register the given template engine callback `fn` - * as `ext`. - * - * By default will `require()` the engine based on the - * file extension. For example if you try to render - * a "foo.ejs" file Express will invoke the following internally: - * - * app.engine('ejs', require('ejs').__express); - * - * For engines that do not provide `.__express` out of the box, - * or if you wish to "map" a different extension to the template engine - * you may use this method. For example mapping the EJS template engine to - * ".html" files: - * - * app.engine('html', require('ejs').renderFile); - * - * In this case EJS provides a `.renderFile()` method with - * the same signature that Express expects: `(path, options, callback)`, - * though note that it aliases this method as `ejs.__express` internally - * so if you're using ".ejs" extensions you don't need to do anything. - * - * Some template engines do not follow this convention, the - * [Consolidate.js](https://github.com/tj/consolidate.js) - * library was created to map all of node's popular template - * engines to follow this convention, thus allowing them to - * work seamlessly within Express. - * - * @param {String} ext - * @param {Function} fn - * @return {app} for chaining - * @public - */ - -app.engine = function engine(ext, fn) { - if (typeof fn !== 'function') { - throw new Error('callback function required'); - } - - // get file extension - var extension = ext[0] !== '.' - ? '.' + ext - : ext; - - // store engine - this.engines[extension] = fn; - - return this; -}; - -/** - * Proxy to `Router#param()` with one added api feature. The _name_ parameter - * can be an array of names. - * - * See the Router#param() docs for more details. - * - * @param {String|Array} name - * @param {Function} fn - * @return {app} for chaining - * @public - */ - -app.param = function param(name, fn) { - this.lazyrouter(); - - if (Array.isArray(name)) { - for (var i = 0; i < name.length; i++) { - this.param(name[i], fn); - } - - return this; - } - - this._router.param(name, fn); - - return this; -}; - -/** - * Assign `setting` to `val`, or return `setting`'s value. - * - * app.set('foo', 'bar'); - * app.set('foo'); - * // => "bar" - * - * Mounted servers inherit their parent server's settings. - * - * @param {String} setting - * @param {*} [val] - * @return {Server} for chaining - * @public - */ - -app.set = function set(setting, val) { - if (arguments.length === 1) { - // app.get(setting) - var settings = this.settings - - while (settings && settings !== Object.prototype) { - if (hasOwnProperty.call(settings, setting)) { - return settings[setting] - } - - settings = Object.getPrototypeOf(settings) - } - - return undefined - } - - debug('set "%s" to %o', setting, val); - - // set value - this.settings[setting] = val; - - // trigger matched settings - switch (setting) { - case 'etag': - this.set('etag fn', compileETag(val)); - break; - case 'query parser': - this.set('query parser fn', compileQueryParser(val)); - break; - case 'trust proxy': - this.set('trust proxy fn', compileTrust(val)); - - // trust proxy inherit back-compat - Object.defineProperty(this.settings, trustProxyDefaultSymbol, { - configurable: true, - value: false - }); - - break; - } - - return this; -}; - -/** - * Return the app's absolute pathname - * based on the parent(s) that have - * mounted it. - * - * For example if the application was - * mounted as "/admin", which itself - * was mounted as "/blog" then the - * return value would be "/blog/admin". - * - * @return {String} - * @private - */ - -app.path = function path() { - return this.parent - ? this.parent.path() + this.mountpath - : ''; -}; - -/** - * Check if `setting` is enabled (truthy). - * - * app.enabled('foo') - * // => false - * - * app.enable('foo') - * app.enabled('foo') - * // => true - * - * @param {String} setting - * @return {Boolean} - * @public - */ - -app.enabled = function enabled(setting) { - return Boolean(this.set(setting)); -}; - -/** - * Check if `setting` is disabled. - * - * app.disabled('foo') - * // => true - * - * app.enable('foo') - * app.disabled('foo') - * // => false - * - * @param {String} setting - * @return {Boolean} - * @public - */ - -app.disabled = function disabled(setting) { - return !this.set(setting); -}; - -/** - * Enable `setting`. - * - * @param {String} setting - * @return {app} for chaining - * @public - */ - -app.enable = function enable(setting) { - return this.set(setting, true); -}; - -/** - * Disable `setting`. - * - * @param {String} setting - * @return {app} for chaining - * @public - */ - -app.disable = function disable(setting) { - return this.set(setting, false); -}; - -/** - * Delegate `.VERB(...)` calls to `router.VERB(...)`. - */ - -methods.forEach(function(method){ - app[method] = function(path){ - if (method === 'get' && arguments.length === 1) { - // app.get(setting) - return this.set(path); - } - - this.lazyrouter(); - - var route = this._router.route(path); - route[method].apply(route, slice.call(arguments, 1)); - return this; - }; -}); - -/** - * Special-cased "all" method, applying the given route `path`, - * middleware, and callback to _every_ HTTP method. - * - * @param {String} path - * @param {Function} ... - * @return {app} for chaining - * @public - */ - -app.all = function all(path) { - this.lazyrouter(); - - var route = this._router.route(path); - var args = slice.call(arguments, 1); - - for (var i = 0; i < methods.length; i++) { - route[methods[i]].apply(route, args); - } - - return this; -}; - -// del -> delete alias - -app.del = deprecate.function(app.delete, 'app.del: Use app.delete instead'); - -/** - * Render the given view `name` name with `options` - * and a callback accepting an error and the - * rendered template string. - * - * Example: - * - * app.render('email', { name: 'Tobi' }, function(err, html){ - * // ... - * }) - * - * @param {String} name - * @param {Object|Function} options or fn - * @param {Function} callback - * @public - */ - -app.render = function render(name, options, callback) { - var cache = this.cache; - var done = callback; - var engines = this.engines; - var opts = options; - var renderOptions = {}; - var view; - - // support callback function as second arg - if (typeof options === 'function') { - done = options; - opts = {}; - } - - // merge app.locals - merge(renderOptions, this.locals); - - // merge options._locals - if (opts._locals) { - merge(renderOptions, opts._locals); - } - - // merge options - merge(renderOptions, opts); - - // set .cache unless explicitly provided - if (renderOptions.cache == null) { - renderOptions.cache = this.enabled('view cache'); - } - - // primed cache - if (renderOptions.cache) { - view = cache[name]; - } - - // view - if (!view) { - var View = this.get('view'); - - view = new View(name, { - defaultEngine: this.get('view engine'), - root: this.get('views'), - engines: engines - }); - - if (!view.path) { - var dirs = Array.isArray(view.root) && view.root.length > 1 - ? 'directories "' + view.root.slice(0, -1).join('", "') + '" or "' + view.root[view.root.length - 1] + '"' - : 'directory "' + view.root + '"' - var err = new Error('Failed to lookup view "' + name + '" in views ' + dirs); - err.view = view; - return done(err); - } - - // prime the cache - if (renderOptions.cache) { - cache[name] = view; - } - } - - // render - tryRender(view, renderOptions, done); -}; - -/** - * Listen for connections. - * - * A node `http.Server` is returned, with this - * application (which is a `Function`) as its - * callback. If you wish to create both an HTTP - * and HTTPS server you may do so with the "http" - * and "https" modules as shown here: - * - * var http = require('http') - * , https = require('https') - * , express = require('express') - * , app = express(); - * - * http.createServer(app).listen(80); - * https.createServer({ ... }, app).listen(443); - * - * @return {http.Server} - * @public - */ - -app.listen = function listen() { - var server = http.createServer(this); - return server.listen.apply(server, arguments); -}; - -/** - * Log error using console.error. - * - * @param {Error} err - * @private - */ - -function logerror(err) { - /* istanbul ignore next */ - if (this.get('env') !== 'test') console.error(err.stack || err.toString()); -} - -/** - * Try rendering a view. - * @private - */ - -function tryRender(view, options, callback) { - try { - view.render(options, callback); - } catch (err) { - callback(err); - } -} diff --git a/backend/node_modules/express/lib/express.js b/backend/node_modules/express/lib/express.js deleted file mode 100644 index d188a16..0000000 --- a/backend/node_modules/express/lib/express.js +++ /dev/null @@ -1,116 +0,0 @@ -/*! - * express - * Copyright(c) 2009-2013 TJ Holowaychuk - * Copyright(c) 2013 Roman Shtylman - * Copyright(c) 2014-2015 Douglas Christopher Wilson - * MIT Licensed - */ - -'use strict'; - -/** - * Module dependencies. - */ - -var bodyParser = require('body-parser') -var EventEmitter = require('events').EventEmitter; -var mixin = require('merge-descriptors'); -var proto = require('./application'); -var Route = require('./router/route'); -var Router = require('./router'); -var req = require('./request'); -var res = require('./response'); - -/** - * Expose `createApplication()`. - */ - -exports = module.exports = createApplication; - -/** - * Create an express application. - * - * @return {Function} - * @api public - */ - -function createApplication() { - var app = function(req, res, next) { - app.handle(req, res, next); - }; - - mixin(app, EventEmitter.prototype, false); - mixin(app, proto, false); - - // expose the prototype that will get set on requests - app.request = Object.create(req, { - app: { configurable: true, enumerable: true, writable: true, value: app } - }) - - // expose the prototype that will get set on responses - app.response = Object.create(res, { - app: { configurable: true, enumerable: true, writable: true, value: app } - }) - - app.init(); - return app; -} - -/** - * Expose the prototypes. - */ - -exports.application = proto; -exports.request = req; -exports.response = res; - -/** - * Expose constructors. - */ - -exports.Route = Route; -exports.Router = Router; - -/** - * Expose middleware - */ - -exports.json = bodyParser.json -exports.query = require('./middleware/query'); -exports.raw = bodyParser.raw -exports.static = require('serve-static'); -exports.text = bodyParser.text -exports.urlencoded = bodyParser.urlencoded - -/** - * Replace removed middleware with an appropriate error message. - */ - -var removedMiddlewares = [ - 'bodyParser', - 'compress', - 'cookieSession', - 'session', - 'logger', - 'cookieParser', - 'favicon', - 'responseTime', - 'errorHandler', - 'timeout', - 'methodOverride', - 'vhost', - 'csrf', - 'directory', - 'limit', - 'multipart', - 'staticCache' -] - -removedMiddlewares.forEach(function (name) { - Object.defineProperty(exports, name, { - get: function () { - throw new Error('Most middleware (like ' + name + ') is no longer bundled with Express and must be installed separately. Please see https://github.com/senchalabs/connect#middleware.'); - }, - configurable: true - }); -}); diff --git a/backend/node_modules/express/lib/middleware/init.js b/backend/node_modules/express/lib/middleware/init.js deleted file mode 100644 index dfd0427..0000000 --- a/backend/node_modules/express/lib/middleware/init.js +++ /dev/null @@ -1,43 +0,0 @@ -/*! - * express - * Copyright(c) 2009-2013 TJ Holowaychuk - * Copyright(c) 2013 Roman Shtylman - * Copyright(c) 2014-2015 Douglas Christopher Wilson - * MIT Licensed - */ - -'use strict'; - -/** - * Module dependencies. - * @private - */ - -var setPrototypeOf = require('setprototypeof') - -/** - * Initialization middleware, exposing the - * request and response to each other, as well - * as defaulting the X-Powered-By header field. - * - * @param {Function} app - * @return {Function} - * @api private - */ - -exports.init = function(app){ - return function expressInit(req, res, next){ - if (app.enabled('x-powered-by')) res.setHeader('X-Powered-By', 'Express'); - req.res = res; - res.req = req; - req.next = next; - - setPrototypeOf(req, app.request) - setPrototypeOf(res, app.response) - - res.locals = res.locals || Object.create(null); - - next(); - }; -}; - diff --git a/backend/node_modules/express/lib/middleware/query.js b/backend/node_modules/express/lib/middleware/query.js deleted file mode 100644 index 7e91669..0000000 --- a/backend/node_modules/express/lib/middleware/query.js +++ /dev/null @@ -1,47 +0,0 @@ -/*! - * express - * Copyright(c) 2009-2013 TJ Holowaychuk - * Copyright(c) 2013 Roman Shtylman - * Copyright(c) 2014-2015 Douglas Christopher Wilson - * MIT Licensed - */ - -'use strict'; - -/** - * Module dependencies. - */ - -var merge = require('utils-merge') -var parseUrl = require('parseurl'); -var qs = require('qs'); - -/** - * @param {Object} options - * @return {Function} - * @api public - */ - -module.exports = function query(options) { - var opts = merge({}, options) - var queryparse = qs.parse; - - if (typeof options === 'function') { - queryparse = options; - opts = undefined; - } - - if (opts !== undefined && opts.allowPrototypes === undefined) { - // back-compat for qs module - opts.allowPrototypes = true; - } - - return function query(req, res, next){ - if (!req.query) { - var val = parseUrl(req).query; - req.query = queryparse(val, opts); - } - - next(); - }; -}; diff --git a/backend/node_modules/express/lib/request.js b/backend/node_modules/express/lib/request.js deleted file mode 100644 index 3f1eeca..0000000 --- a/backend/node_modules/express/lib/request.js +++ /dev/null @@ -1,525 +0,0 @@ -/*! - * express - * Copyright(c) 2009-2013 TJ Holowaychuk - * Copyright(c) 2013 Roman Shtylman - * Copyright(c) 2014-2015 Douglas Christopher Wilson - * MIT Licensed - */ - -'use strict'; - -/** - * Module dependencies. - * @private - */ - -var accepts = require('accepts'); -var deprecate = require('depd')('express'); -var isIP = require('net').isIP; -var typeis = require('type-is'); -var http = require('http'); -var fresh = require('fresh'); -var parseRange = require('range-parser'); -var parse = require('parseurl'); -var proxyaddr = require('proxy-addr'); - -/** - * Request prototype. - * @public - */ - -var req = Object.create(http.IncomingMessage.prototype) - -/** - * Module exports. - * @public - */ - -module.exports = req - -/** - * Return request header. - * - * The `Referrer` header field is special-cased, - * both `Referrer` and `Referer` are interchangeable. - * - * Examples: - * - * req.get('Content-Type'); - * // => "text/plain" - * - * req.get('content-type'); - * // => "text/plain" - * - * req.get('Something'); - * // => undefined - * - * Aliased as `req.header()`. - * - * @param {String} name - * @return {String} - * @public - */ - -req.get = -req.header = function header(name) { - if (!name) { - throw new TypeError('name argument is required to req.get'); - } - - if (typeof name !== 'string') { - throw new TypeError('name must be a string to req.get'); - } - - var lc = name.toLowerCase(); - - switch (lc) { - case 'referer': - case 'referrer': - return this.headers.referrer - || this.headers.referer; - default: - return this.headers[lc]; - } -}; - -/** - * To do: update docs. - * - * Check if the given `type(s)` is acceptable, returning - * the best match when true, otherwise `undefined`, in which - * case you should respond with 406 "Not Acceptable". - * - * The `type` value may be a single MIME type string - * such as "application/json", an extension name - * such as "json", a comma-delimited list such as "json, html, text/plain", - * an argument list such as `"json", "html", "text/plain"`, - * or an array `["json", "html", "text/plain"]`. When a list - * or array is given, the _best_ match, if any is returned. - * - * Examples: - * - * // Accept: text/html - * req.accepts('html'); - * // => "html" - * - * // Accept: text/*, application/json - * req.accepts('html'); - * // => "html" - * req.accepts('text/html'); - * // => "text/html" - * req.accepts('json, text'); - * // => "json" - * req.accepts('application/json'); - * // => "application/json" - * - * // Accept: text/*, application/json - * req.accepts('image/png'); - * req.accepts('png'); - * // => undefined - * - * // Accept: text/*;q=.5, application/json - * req.accepts(['html', 'json']); - * req.accepts('html', 'json'); - * req.accepts('html, json'); - * // => "json" - * - * @param {String|Array} type(s) - * @return {String|Array|Boolean} - * @public - */ - -req.accepts = function(){ - var accept = accepts(this); - return accept.types.apply(accept, arguments); -}; - -/** - * Check if the given `encoding`s are accepted. - * - * @param {String} ...encoding - * @return {String|Array} - * @public - */ - -req.acceptsEncodings = function(){ - var accept = accepts(this); - return accept.encodings.apply(accept, arguments); -}; - -req.acceptsEncoding = deprecate.function(req.acceptsEncodings, - 'req.acceptsEncoding: Use acceptsEncodings instead'); - -/** - * Check if the given `charset`s are acceptable, - * otherwise you should respond with 406 "Not Acceptable". - * - * @param {String} ...charset - * @return {String|Array} - * @public - */ - -req.acceptsCharsets = function(){ - var accept = accepts(this); - return accept.charsets.apply(accept, arguments); -}; - -req.acceptsCharset = deprecate.function(req.acceptsCharsets, - 'req.acceptsCharset: Use acceptsCharsets instead'); - -/** - * Check if the given `lang`s are acceptable, - * otherwise you should respond with 406 "Not Acceptable". - * - * @param {String} ...lang - * @return {String|Array} - * @public - */ - -req.acceptsLanguages = function(){ - var accept = accepts(this); - return accept.languages.apply(accept, arguments); -}; - -req.acceptsLanguage = deprecate.function(req.acceptsLanguages, - 'req.acceptsLanguage: Use acceptsLanguages instead'); - -/** - * Parse Range header field, capping to the given `size`. - * - * Unspecified ranges such as "0-" require knowledge of your resource length. In - * the case of a byte range this is of course the total number of bytes. If the - * Range header field is not given `undefined` is returned, `-1` when unsatisfiable, - * and `-2` when syntactically invalid. - * - * When ranges are returned, the array has a "type" property which is the type of - * range that is required (most commonly, "bytes"). Each array element is an object - * with a "start" and "end" property for the portion of the range. - * - * The "combine" option can be set to `true` and overlapping & adjacent ranges - * will be combined into a single range. - * - * NOTE: remember that ranges are inclusive, so for example "Range: users=0-3" - * should respond with 4 users when available, not 3. - * - * @param {number} size - * @param {object} [options] - * @param {boolean} [options.combine=false] - * @return {number|array} - * @public - */ - -req.range = function range(size, options) { - var range = this.get('Range'); - if (!range) return; - return parseRange(size, range, options); -}; - -/** - * Return the value of param `name` when present or `defaultValue`. - * - * - Checks route placeholders, ex: _/user/:id_ - * - Checks body params, ex: id=12, {"id":12} - * - Checks query string params, ex: ?id=12 - * - * To utilize request bodies, `req.body` - * should be an object. This can be done by using - * the `bodyParser()` middleware. - * - * @param {String} name - * @param {Mixed} [defaultValue] - * @return {String} - * @public - */ - -req.param = function param(name, defaultValue) { - var params = this.params || {}; - var body = this.body || {}; - var query = this.query || {}; - - var args = arguments.length === 1 - ? 'name' - : 'name, default'; - deprecate('req.param(' + args + '): Use req.params, req.body, or req.query instead'); - - if (null != params[name] && params.hasOwnProperty(name)) return params[name]; - if (null != body[name]) return body[name]; - if (null != query[name]) return query[name]; - - return defaultValue; -}; - -/** - * Check if the incoming request contains the "Content-Type" - * header field, and it contains the given mime `type`. - * - * Examples: - * - * // With Content-Type: text/html; charset=utf-8 - * req.is('html'); - * req.is('text/html'); - * req.is('text/*'); - * // => true - * - * // When Content-Type is application/json - * req.is('json'); - * req.is('application/json'); - * req.is('application/*'); - * // => true - * - * req.is('html'); - * // => false - * - * @param {String|Array} types... - * @return {String|false|null} - * @public - */ - -req.is = function is(types) { - var arr = types; - - // support flattened arguments - if (!Array.isArray(types)) { - arr = new Array(arguments.length); - for (var i = 0; i < arr.length; i++) { - arr[i] = arguments[i]; - } - } - - return typeis(this, arr); -}; - -/** - * Return the protocol string "http" or "https" - * when requested with TLS. When the "trust proxy" - * setting trusts the socket address, the - * "X-Forwarded-Proto" header field will be trusted - * and used if present. - * - * If you're running behind a reverse proxy that - * supplies https for you this may be enabled. - * - * @return {String} - * @public - */ - -defineGetter(req, 'protocol', function protocol(){ - var proto = this.connection.encrypted - ? 'https' - : 'http'; - var trust = this.app.get('trust proxy fn'); - - if (!trust(this.connection.remoteAddress, 0)) { - return proto; - } - - // Note: X-Forwarded-Proto is normally only ever a - // single value, but this is to be safe. - var header = this.get('X-Forwarded-Proto') || proto - var index = header.indexOf(',') - - return index !== -1 - ? header.substring(0, index).trim() - : header.trim() -}); - -/** - * Short-hand for: - * - * req.protocol === 'https' - * - * @return {Boolean} - * @public - */ - -defineGetter(req, 'secure', function secure(){ - return this.protocol === 'https'; -}); - -/** - * Return the remote address from the trusted proxy. - * - * The is the remote address on the socket unless - * "trust proxy" is set. - * - * @return {String} - * @public - */ - -defineGetter(req, 'ip', function ip(){ - var trust = this.app.get('trust proxy fn'); - return proxyaddr(this, trust); -}); - -/** - * When "trust proxy" is set, trusted proxy addresses + client. - * - * For example if the value were "client, proxy1, proxy2" - * you would receive the array `["client", "proxy1", "proxy2"]` - * where "proxy2" is the furthest down-stream and "proxy1" and - * "proxy2" were trusted. - * - * @return {Array} - * @public - */ - -defineGetter(req, 'ips', function ips() { - var trust = this.app.get('trust proxy fn'); - var addrs = proxyaddr.all(this, trust); - - // reverse the order (to farthest -> closest) - // and remove socket address - addrs.reverse().pop() - - return addrs -}); - -/** - * Return subdomains as an array. - * - * Subdomains are the dot-separated parts of the host before the main domain of - * the app. By default, the domain of the app is assumed to be the last two - * parts of the host. This can be changed by setting "subdomain offset". - * - * For example, if the domain is "tobi.ferrets.example.com": - * If "subdomain offset" is not set, req.subdomains is `["ferrets", "tobi"]`. - * If "subdomain offset" is 3, req.subdomains is `["tobi"]`. - * - * @return {Array} - * @public - */ - -defineGetter(req, 'subdomains', function subdomains() { - var hostname = this.hostname; - - if (!hostname) return []; - - var offset = this.app.get('subdomain offset'); - var subdomains = !isIP(hostname) - ? hostname.split('.').reverse() - : [hostname]; - - return subdomains.slice(offset); -}); - -/** - * Short-hand for `url.parse(req.url).pathname`. - * - * @return {String} - * @public - */ - -defineGetter(req, 'path', function path() { - return parse(this).pathname; -}); - -/** - * Parse the "Host" header field to a hostname. - * - * When the "trust proxy" setting trusts the socket - * address, the "X-Forwarded-Host" header field will - * be trusted. - * - * @return {String} - * @public - */ - -defineGetter(req, 'hostname', function hostname(){ - var trust = this.app.get('trust proxy fn'); - var host = this.get('X-Forwarded-Host'); - - if (!host || !trust(this.connection.remoteAddress, 0)) { - host = this.get('Host'); - } else if (host.indexOf(',') !== -1) { - // Note: X-Forwarded-Host is normally only ever a - // single value, but this is to be safe. - host = host.substring(0, host.indexOf(',')).trimRight() - } - - if (!host) return; - - // IPv6 literal support - var offset = host[0] === '[' - ? host.indexOf(']') + 1 - : 0; - var index = host.indexOf(':', offset); - - return index !== -1 - ? host.substring(0, index) - : host; -}); - -// TODO: change req.host to return host in next major - -defineGetter(req, 'host', deprecate.function(function host(){ - return this.hostname; -}, 'req.host: Use req.hostname instead')); - -/** - * Check if the request is fresh, aka - * Last-Modified and/or the ETag - * still match. - * - * @return {Boolean} - * @public - */ - -defineGetter(req, 'fresh', function(){ - var method = this.method; - var res = this.res - var status = res.statusCode - - // GET or HEAD for weak freshness validation only - if ('GET' !== method && 'HEAD' !== method) return false; - - // 2xx or 304 as per rfc2616 14.26 - if ((status >= 200 && status < 300) || 304 === status) { - return fresh(this.headers, { - 'etag': res.get('ETag'), - 'last-modified': res.get('Last-Modified') - }) - } - - return false; -}); - -/** - * Check if the request is stale, aka - * "Last-Modified" and / or the "ETag" for the - * resource has changed. - * - * @return {Boolean} - * @public - */ - -defineGetter(req, 'stale', function stale(){ - return !this.fresh; -}); - -/** - * Check if the request was an _XMLHttpRequest_. - * - * @return {Boolean} - * @public - */ - -defineGetter(req, 'xhr', function xhr(){ - var val = this.get('X-Requested-With') || ''; - return val.toLowerCase() === 'xmlhttprequest'; -}); - -/** - * Helper function for creating a getter on an object. - * - * @param {Object} obj - * @param {String} name - * @param {Function} getter - * @private - */ -function defineGetter(obj, name, getter) { - Object.defineProperty(obj, name, { - configurable: true, - enumerable: true, - get: getter - }); -} diff --git a/backend/node_modules/express/lib/response.js b/backend/node_modules/express/lib/response.js deleted file mode 100644 index dd7b3c8..0000000 --- a/backend/node_modules/express/lib/response.js +++ /dev/null @@ -1,1178 +0,0 @@ -/*! - * express - * Copyright(c) 2009-2013 TJ Holowaychuk - * Copyright(c) 2014-2015 Douglas Christopher Wilson - * MIT Licensed - */ - -'use strict'; - -/** - * Module dependencies. - * @private - */ - -var Buffer = require('safe-buffer').Buffer -var contentDisposition = require('content-disposition'); -var createError = require('http-errors') -var deprecate = require('depd')('express'); -var encodeUrl = require('encodeurl'); -var escapeHtml = require('escape-html'); -var http = require('http'); -var isAbsolute = require('./utils').isAbsolute; -var onFinished = require('on-finished'); -var path = require('path'); -var statuses = require('statuses') -var merge = require('utils-merge'); -var sign = require('cookie-signature').sign; -var normalizeType = require('./utils').normalizeType; -var normalizeTypes = require('./utils').normalizeTypes; -var setCharset = require('./utils').setCharset; -var cookie = require('cookie'); -var send = require('send'); -var extname = path.extname; -var mime = send.mime; -var resolve = path.resolve; -var vary = require('vary'); - -/** - * Response prototype. - * @public - */ - -var res = Object.create(http.ServerResponse.prototype) - -/** - * Module exports. - * @public - */ - -module.exports = res - -/** - * Module variables. - * @private - */ - -var charsetRegExp = /;\s*charset\s*=/; -var schemaAndHostRegExp = /^(?:[a-zA-Z][a-zA-Z0-9+.-]*:)?\/\/[^\\\/\?]+/; - -/** - * Set status `code`. - * - * @param {Number} code - * @return {ServerResponse} - * @public - */ - -res.status = function status(code) { - if ((typeof code === 'string' || Math.floor(code) !== code) && code > 99 && code < 1000) { - deprecate('res.status(' + JSON.stringify(code) + '): use res.status(' + Math.floor(code) + ') instead') - } - this.statusCode = code; - return this; -}; - -/** - * Set Link header field with the given `links`. - * - * Examples: - * - * res.links({ - * next: 'http://api.example.com/users?page=2', - * last: 'http://api.example.com/users?page=5' - * }); - * - * @param {Object} links - * @return {ServerResponse} - * @public - */ - -res.links = function(links){ - var link = this.get('Link') || ''; - if (link) link += ', '; - return this.set('Link', link + Object.keys(links).map(function(rel){ - return '<' + links[rel] + '>; rel="' + rel + '"'; - }).join(', ')); -}; - -/** - * Send a response. - * - * Examples: - * - * res.send(Buffer.from('wahoo')); - * res.send({ some: 'json' }); - * res.send('<p>some html</p>'); - * - * @param {string|number|boolean|object|Buffer} body - * @public - */ - -res.send = function send(body) { - var chunk = body; - var encoding; - var req = this.req; - var type; - - // settings - var app = this.app; - - // allow status / body - if (arguments.length === 2) { - // res.send(body, status) backwards compat - if (typeof arguments[0] !== 'number' && typeof arguments[1] === 'number') { - deprecate('res.send(body, status): Use res.status(status).send(body) instead'); - this.statusCode = arguments[1]; - } else { - deprecate('res.send(status, body): Use res.status(status).send(body) instead'); - this.statusCode = arguments[0]; - chunk = arguments[1]; - } - } - - // disambiguate res.send(status) and res.send(status, num) - if (typeof chunk === 'number' && arguments.length === 1) { - // res.send(status) will set status message as text string - if (!this.get('Content-Type')) { - this.type('txt'); - } - - deprecate('res.send(status): Use res.sendStatus(status) instead'); - this.statusCode = chunk; - chunk = statuses.message[chunk] - } - - switch (typeof chunk) { - // string defaulting to html - case 'string': - if (!this.get('Content-Type')) { - this.type('html'); - } - break; - case 'boolean': - case 'number': - case 'object': - if (chunk === null) { - chunk = ''; - } else if (Buffer.isBuffer(chunk)) { - if (!this.get('Content-Type')) { - this.type('bin'); - } - } else { - return this.json(chunk); - } - break; - } - - // write strings in utf-8 - if (typeof chunk === 'string') { - encoding = 'utf8'; - type = this.get('Content-Type'); - - // reflect this in content-type - if (typeof type === 'string') { - this.set('Content-Type', setCharset(type, 'utf-8')); - } - } - - // determine if ETag should be generated - var etagFn = app.get('etag fn') - var generateETag = !this.get('ETag') && typeof etagFn === 'function' - - // populate Content-Length - var len - if (chunk !== undefined) { - if (Buffer.isBuffer(chunk)) { - // get length of Buffer - len = chunk.length - } else if (!generateETag && chunk.length < 1000) { - // just calculate length when no ETag + small chunk - len = Buffer.byteLength(chunk, encoding) - } else { - // convert chunk to Buffer and calculate - chunk = Buffer.from(chunk, encoding) - encoding = undefined; - len = chunk.length - } - - this.set('Content-Length', len); - } - - // populate ETag - var etag; - if (generateETag && len !== undefined) { - if ((etag = etagFn(chunk, encoding))) { - this.set('ETag', etag); - } - } - - // freshness - if (req.fresh) this.statusCode = 304; - - // strip irrelevant headers - if (204 === this.statusCode || 304 === this.statusCode) { - this.removeHeader('Content-Type'); - this.removeHeader('Content-Length'); - this.removeHeader('Transfer-Encoding'); - chunk = ''; - } - - // alter headers for 205 - if (this.statusCode === 205) { - this.set('Content-Length', '0') - this.removeHeader('Transfer-Encoding') - chunk = '' - } - - if (req.method === 'HEAD') { - // skip body for HEAD - this.end(); - } else { - // respond - this.end(chunk, encoding); - } - - return this; -}; - -/** - * Send JSON response. - * - * Examples: - * - * res.json(null); - * res.json({ user: 'tj' }); - * - * @param {string|number|boolean|object} obj - * @public - */ - -res.json = function json(obj) { - var val = obj; - - // allow status / body - if (arguments.length === 2) { - // res.json(body, status) backwards compat - if (typeof arguments[1] === 'number') { - deprecate('res.json(obj, status): Use res.status(status).json(obj) instead'); - this.statusCode = arguments[1]; - } else { - deprecate('res.json(status, obj): Use res.status(status).json(obj) instead'); - this.statusCode = arguments[0]; - val = arguments[1]; - } - } - - // settings - var app = this.app; - var escape = app.get('json escape') - var replacer = app.get('json replacer'); - var spaces = app.get('json spaces'); - var body = stringify(val, replacer, spaces, escape) - - // content-type - if (!this.get('Content-Type')) { - this.set('Content-Type', 'application/json'); - } - - return this.send(body); -}; - -/** - * Send JSON response with JSONP callback support. - * - * Examples: - * - * res.jsonp(null); - * res.jsonp({ user: 'tj' }); - * - * @param {string|number|boolean|object} obj - * @public - */ - -res.jsonp = function jsonp(obj) { - var val = obj; - - // allow status / body - if (arguments.length === 2) { - // res.jsonp(body, status) backwards compat - if (typeof arguments[1] === 'number') { - deprecate('res.jsonp(obj, status): Use res.status(status).jsonp(obj) instead'); - this.statusCode = arguments[1]; - } else { - deprecate('res.jsonp(status, obj): Use res.status(status).jsonp(obj) instead'); - this.statusCode = arguments[0]; - val = arguments[1]; - } - } - - // settings - var app = this.app; - var escape = app.get('json escape') - var replacer = app.get('json replacer'); - var spaces = app.get('json spaces'); - var body = stringify(val, replacer, spaces, escape) - var callback = this.req.query[app.get('jsonp callback name')]; - - // content-type - if (!this.get('Content-Type')) { - this.set('X-Content-Type-Options', 'nosniff'); - this.set('Content-Type', 'application/json'); - } - - // fixup callback - if (Array.isArray(callback)) { - callback = callback[0]; - } - - // jsonp - if (typeof callback === 'string' && callback.length !== 0) { - this.set('X-Content-Type-Options', 'nosniff'); - this.set('Content-Type', 'text/javascript'); - - // restrict callback charset - callback = callback.replace(/[^\[\]\w$.]/g, ''); - - if (body === undefined) { - // empty argument - body = '' - } else if (typeof body === 'string') { - // replace chars not allowed in JavaScript that are in JSON - body = body - .replace(/\u2028/g, '\\u2028') - .replace(/\u2029/g, '\\u2029') - } - - // the /**/ is a specific security mitigation for "Rosetta Flash JSONP abuse" - // the typeof check is just to reduce client error noise - body = '/**/ typeof ' + callback + ' === \'function\' && ' + callback + '(' + body + ');'; - } - - return this.send(body); -}; - -/** - * Send given HTTP status code. - * - * Sets the response status to `statusCode` and the body of the - * response to the standard description from node's http.STATUS_CODES - * or the statusCode number if no description. - * - * Examples: - * - * res.sendStatus(200); - * - * @param {number} statusCode - * @public - */ - -res.sendStatus = function sendStatus(statusCode) { - var body = statuses.message[statusCode] || String(statusCode) - - this.statusCode = statusCode; - this.type('txt'); - - return this.send(body); -}; - -/** - * Transfer the file at the given `path`. - * - * Automatically sets the _Content-Type_ response header field. - * The callback `callback(err)` is invoked when the transfer is complete - * or when an error occurs. Be sure to check `res.headersSent` - * if you wish to attempt responding, as the header and some data - * may have already been transferred. - * - * Options: - * - * - `maxAge` defaulting to 0 (can be string converted by `ms`) - * - `root` root directory for relative filenames - * - `headers` object of headers to serve with file - * - `dotfiles` serve dotfiles, defaulting to false; can be `"allow"` to send them - * - * Other options are passed along to `send`. - * - * Examples: - * - * The following example illustrates how `res.sendFile()` may - * be used as an alternative for the `static()` middleware for - * dynamic situations. The code backing `res.sendFile()` is actually - * the same code, so HTTP cache support etc is identical. - * - * app.get('/user/:uid/photos/:file', function(req, res){ - * var uid = req.params.uid - * , file = req.params.file; - * - * req.user.mayViewFilesFrom(uid, function(yes){ - * if (yes) { - * res.sendFile('/uploads/' + uid + '/' + file); - * } else { - * res.send(403, 'Sorry! you cant see that.'); - * } - * }); - * }); - * - * @public - */ - -res.sendFile = function sendFile(path, options, callback) { - var done = callback; - var req = this.req; - var res = this; - var next = req.next; - var opts = options || {}; - - if (!path) { - throw new TypeError('path argument is required to res.sendFile'); - } - - if (typeof path !== 'string') { - throw new TypeError('path must be a string to res.sendFile') - } - - // support function as second arg - if (typeof options === 'function') { - done = options; - opts = {}; - } - - if (!opts.root && !isAbsolute(path)) { - throw new TypeError('path must be absolute or specify root to res.sendFile'); - } - - // create file stream - var pathname = encodeURI(path); - var file = send(req, pathname, opts); - - // transfer - sendfile(res, file, opts, function (err) { - if (done) return done(err); - if (err && err.code === 'EISDIR') return next(); - - // next() all but write errors - if (err && err.code !== 'ECONNABORTED' && err.syscall !== 'write') { - next(err); - } - }); -}; - -/** - * Transfer the file at the given `path`. - * - * Automatically sets the _Content-Type_ response header field. - * The callback `callback(err)` is invoked when the transfer is complete - * or when an error occurs. Be sure to check `res.headersSent` - * if you wish to attempt responding, as the header and some data - * may have already been transferred. - * - * Options: - * - * - `maxAge` defaulting to 0 (can be string converted by `ms`) - * - `root` root directory for relative filenames - * - `headers` object of headers to serve with file - * - `dotfiles` serve dotfiles, defaulting to false; can be `"allow"` to send them - * - * Other options are passed along to `send`. - * - * Examples: - * - * The following example illustrates how `res.sendfile()` may - * be used as an alternative for the `static()` middleware for - * dynamic situations. The code backing `res.sendfile()` is actually - * the same code, so HTTP cache support etc is identical. - * - * app.get('/user/:uid/photos/:file', function(req, res){ - * var uid = req.params.uid - * , file = req.params.file; - * - * req.user.mayViewFilesFrom(uid, function(yes){ - * if (yes) { - * res.sendfile('/uploads/' + uid + '/' + file); - * } else { - * res.send(403, 'Sorry! you cant see that.'); - * } - * }); - * }); - * - * @public - */ - -res.sendfile = function (path, options, callback) { - var done = callback; - var req = this.req; - var res = this; - var next = req.next; - var opts = options || {}; - - // support function as second arg - if (typeof options === 'function') { - done = options; - opts = {}; - } - - // create file stream - var file = send(req, path, opts); - - // transfer - sendfile(res, file, opts, function (err) { - if (done) return done(err); - if (err && err.code === 'EISDIR') return next(); - - // next() all but write errors - if (err && err.code !== 'ECONNABORTED' && err.syscall !== 'write') { - next(err); - } - }); -}; - -res.sendfile = deprecate.function(res.sendfile, - 'res.sendfile: Use res.sendFile instead'); - -/** - * Transfer the file at the given `path` as an attachment. - * - * Optionally providing an alternate attachment `filename`, - * and optional callback `callback(err)`. The callback is invoked - * when the data transfer is complete, or when an error has - * occurred. Be sure to check `res.headersSent` if you plan to respond. - * - * Optionally providing an `options` object to use with `res.sendFile()`. - * This function will set the `Content-Disposition` header, overriding - * any `Content-Disposition` header passed as header options in order - * to set the attachment and filename. - * - * This method uses `res.sendFile()`. - * - * @public - */ - -res.download = function download (path, filename, options, callback) { - var done = callback; - var name = filename; - var opts = options || null - - // support function as second or third arg - if (typeof filename === 'function') { - done = filename; - name = null; - opts = null - } else if (typeof options === 'function') { - done = options - opts = null - } - - // support optional filename, where options may be in it's place - if (typeof filename === 'object' && - (typeof options === 'function' || options === undefined)) { - name = null - opts = filename - } - - // set Content-Disposition when file is sent - var headers = { - 'Content-Disposition': contentDisposition(name || path) - }; - - // merge user-provided headers - if (opts && opts.headers) { - var keys = Object.keys(opts.headers) - for (var i = 0; i < keys.length; i++) { - var key = keys[i] - if (key.toLowerCase() !== 'content-disposition') { - headers[key] = opts.headers[key] - } - } - } - - // merge user-provided options - opts = Object.create(opts) - opts.headers = headers - - // Resolve the full path for sendFile - var fullPath = !opts.root - ? resolve(path) - : path - - // send file - return this.sendFile(fullPath, opts, done) -}; - -/** - * Set _Content-Type_ response header with `type` through `mime.lookup()` - * when it does not contain "/", or set the Content-Type to `type` otherwise. - * - * Examples: - * - * res.type('.html'); - * res.type('html'); - * res.type('json'); - * res.type('application/json'); - * res.type('png'); - * - * @param {String} type - * @return {ServerResponse} for chaining - * @public - */ - -res.contentType = -res.type = function contentType(type) { - var ct = type.indexOf('/') === -1 - ? mime.lookup(type) - : type; - - return this.set('Content-Type', ct); -}; - -/** - * Respond to the Acceptable formats using an `obj` - * of mime-type callbacks. - * - * This method uses `req.accepted`, an array of - * acceptable types ordered by their quality values. - * When "Accept" is not present the _first_ callback - * is invoked, otherwise the first match is used. When - * no match is performed the server responds with - * 406 "Not Acceptable". - * - * Content-Type is set for you, however if you choose - * you may alter this within the callback using `res.type()` - * or `res.set('Content-Type', ...)`. - * - * res.format({ - * 'text/plain': function(){ - * res.send('hey'); - * }, - * - * 'text/html': function(){ - * res.send('<p>hey</p>'); - * }, - * - * 'application/json': function () { - * res.send({ message: 'hey' }); - * } - * }); - * - * In addition to canonicalized MIME types you may - * also use extnames mapped to these types: - * - * res.format({ - * text: function(){ - * res.send('hey'); - * }, - * - * html: function(){ - * res.send('<p>hey</p>'); - * }, - * - * json: function(){ - * res.send({ message: 'hey' }); - * } - * }); - * - * By default Express passes an `Error` - * with a `.status` of 406 to `next(err)` - * if a match is not made. If you provide - * a `.default` callback it will be invoked - * instead. - * - * @param {Object} obj - * @return {ServerResponse} for chaining - * @public - */ - -res.format = function(obj){ - var req = this.req; - var next = req.next; - - var keys = Object.keys(obj) - .filter(function (v) { return v !== 'default' }) - - var key = keys.length > 0 - ? req.accepts(keys) - : false; - - this.vary("Accept"); - - if (key) { - this.set('Content-Type', normalizeType(key).value); - obj[key](req, this, next); - } else if (obj.default) { - obj.default(req, this, next) - } else { - next(createError(406, { - types: normalizeTypes(keys).map(function (o) { return o.value }) - })) - } - - return this; -}; - -/** - * Set _Content-Disposition_ header to _attachment_ with optional `filename`. - * - * @param {String} filename - * @return {ServerResponse} - * @public - */ - -res.attachment = function attachment(filename) { - if (filename) { - this.type(extname(filename)); - } - - this.set('Content-Disposition', contentDisposition(filename)); - - return this; -}; - -/** - * Append additional header `field` with value `val`. - * - * Example: - * - * res.append('Link', ['<http://localhost/>', '<http://localhost:3000/>']); - * res.append('Set-Cookie', 'foo=bar; Path=/; HttpOnly'); - * res.append('Warning', '199 Miscellaneous warning'); - * - * @param {String} field - * @param {String|Array} val - * @return {ServerResponse} for chaining - * @public - */ - -res.append = function append(field, val) { - var prev = this.get(field); - var value = val; - - if (prev) { - // concat the new and prev vals - value = Array.isArray(prev) ? prev.concat(val) - : Array.isArray(val) ? [prev].concat(val) - : [prev, val] - } - - return this.set(field, value); -}; - -/** - * Set header `field` to `val`, or pass - * an object of header fields. - * - * Examples: - * - * res.set('Foo', ['bar', 'baz']); - * res.set('Accept', 'application/json'); - * res.set({ Accept: 'text/plain', 'X-API-Key': 'tobi' }); - * - * Aliased as `res.header()`. - * - * @param {String|Object} field - * @param {String|Array} val - * @return {ServerResponse} for chaining - * @public - */ - -res.set = -res.header = function header(field, val) { - if (arguments.length === 2) { - var value = Array.isArray(val) - ? val.map(String) - : String(val); - - // add charset to content-type - if (field.toLowerCase() === 'content-type') { - if (Array.isArray(value)) { - throw new TypeError('Content-Type cannot be set to an Array'); - } - if (!charsetRegExp.test(value)) { - var charset = mime.charsets.lookup(value.split(';')[0]); - if (charset) value += '; charset=' + charset.toLowerCase(); - } - } - - this.setHeader(field, value); - } else { - for (var key in field) { - this.set(key, field[key]); - } - } - return this; -}; - -/** - * Get value for header `field`. - * - * @param {String} field - * @return {String} - * @public - */ - -res.get = function(field){ - return this.getHeader(field); -}; - -/** - * Clear cookie `name`. - * - * @param {String} name - * @param {Object} [options] - * @return {ServerResponse} for chaining - * @public - */ - -res.clearCookie = function clearCookie(name, options) { - var opts = merge({ expires: new Date(1), path: '/' }, options); - - return this.cookie(name, '', opts); -}; - -/** - * Set cookie `name` to `value`, with the given `options`. - * - * Options: - * - * - `maxAge` max-age in milliseconds, converted to `expires` - * - `signed` sign the cookie - * - `path` defaults to "/" - * - * Examples: - * - * // "Remember Me" for 15 minutes - * res.cookie('rememberme', '1', { expires: new Date(Date.now() + 900000), httpOnly: true }); - * - * // same as above - * res.cookie('rememberme', '1', { maxAge: 900000, httpOnly: true }) - * - * @param {String} name - * @param {String|Object} value - * @param {Object} [options] - * @return {ServerResponse} for chaining - * @public - */ - -res.cookie = function (name, value, options) { - var opts = merge({}, options); - var secret = this.req.secret; - var signed = opts.signed; - - if (signed && !secret) { - throw new Error('cookieParser("secret") required for signed cookies'); - } - - var val = typeof value === 'object' - ? 'j:' + JSON.stringify(value) - : String(value); - - if (signed) { - val = 's:' + sign(val, secret); - } - - if (opts.maxAge != null) { - var maxAge = opts.maxAge - 0 - - if (!isNaN(maxAge)) { - opts.expires = new Date(Date.now() + maxAge) - opts.maxAge = Math.floor(maxAge / 1000) - } - } - - if (opts.path == null) { - opts.path = '/'; - } - - this.append('Set-Cookie', cookie.serialize(name, String(val), opts)); - - return this; -}; - -/** - * Set the location header to `url`. - * - * The given `url` can also be "back", which redirects - * to the _Referrer_ or _Referer_ headers or "/". - * - * Examples: - * - * res.location('/foo/bar').; - * res.location('http://example.com'); - * res.location('../login'); - * - * @param {String} url - * @return {ServerResponse} for chaining - * @public - */ - -res.location = function location(url) { - var loc; - - // "back" is an alias for the referrer - if (url === 'back') { - loc = this.req.get('Referrer') || '/'; - } else { - loc = String(url); - } - - var m = schemaAndHostRegExp.exec(loc); - var pos = m ? m[0].length + 1 : 0; - - // Only encode after host to avoid invalid encoding which can introduce - // vulnerabilities (e.g. `\\` to `%5C`). - loc = loc.slice(0, pos) + encodeUrl(loc.slice(pos)); - - return this.set('Location', loc); -}; - -/** - * Redirect to the given `url` with optional response `status` - * defaulting to 302. - * - * The resulting `url` is determined by `res.location()`, so - * it will play nicely with mounted apps, relative paths, - * `"back"` etc. - * - * Examples: - * - * res.redirect('/foo/bar'); - * res.redirect('http://example.com'); - * res.redirect(301, 'http://example.com'); - * res.redirect('../login'); // /blog/post/1 -> /blog/login - * - * @public - */ - -res.redirect = function redirect(url) { - var address = url; - var body; - var status = 302; - - // allow status / url - if (arguments.length === 2) { - if (typeof arguments[0] === 'number') { - status = arguments[0]; - address = arguments[1]; - } else { - deprecate('res.redirect(url, status): Use res.redirect(status, url) instead'); - status = arguments[1]; - } - } - - // Set location header - address = this.location(address).get('Location'); - - // Support text/{plain,html} by default - this.format({ - text: function(){ - body = statuses.message[status] + '. Redirecting to ' + address - }, - - html: function(){ - var u = escapeHtml(address); - body = '<p>' + statuses.message[status] + '. Redirecting to <a href="' + u + '">' + u + '</a></p>' - }, - - default: function(){ - body = ''; - } - }); - - // Respond - this.statusCode = status; - this.set('Content-Length', Buffer.byteLength(body)); - - if (this.req.method === 'HEAD') { - this.end(); - } else { - this.end(body); - } -}; - -/** - * Add `field` to Vary. If already present in the Vary set, then - * this call is simply ignored. - * - * @param {Array|String} field - * @return {ServerResponse} for chaining - * @public - */ - -res.vary = function(field){ - // checks for back-compat - if (!field || (Array.isArray(field) && !field.length)) { - deprecate('res.vary(): Provide a field name'); - return this; - } - - vary(this, field); - - return this; -}; - -/** - * Render `view` with the given `options` and optional callback `fn`. - * When a callback function is given a response will _not_ be made - * automatically, otherwise a response of _200_ and _text/html_ is given. - * - * Options: - * - * - `cache` boolean hinting to the engine it should cache - * - `filename` filename of the view being rendered - * - * @public - */ - -res.render = function render(view, options, callback) { - var app = this.req.app; - var done = callback; - var opts = options || {}; - var req = this.req; - var self = this; - - // support callback function as second arg - if (typeof options === 'function') { - done = options; - opts = {}; - } - - // merge res.locals - opts._locals = self.locals; - - // default callback to respond - done = done || function (err, str) { - if (err) return req.next(err); - self.send(str); - }; - - // render - app.render(view, opts, done); -}; - -// pipe the send file stream -function sendfile(res, file, options, callback) { - var done = false; - var streaming; - - // request aborted - function onaborted() { - if (done) return; - done = true; - - var err = new Error('Request aborted'); - err.code = 'ECONNABORTED'; - callback(err); - } - - // directory - function ondirectory() { - if (done) return; - done = true; - - var err = new Error('EISDIR, read'); - err.code = 'EISDIR'; - callback(err); - } - - // errors - function onerror(err) { - if (done) return; - done = true; - callback(err); - } - - // ended - function onend() { - if (done) return; - done = true; - callback(); - } - - // file - function onfile() { - streaming = false; - } - - // finished - function onfinish(err) { - if (err && err.code === 'ECONNRESET') return onaborted(); - if (err) return onerror(err); - if (done) return; - - setImmediate(function () { - if (streaming !== false && !done) { - onaborted(); - return; - } - - if (done) return; - done = true; - callback(); - }); - } - - // streaming - function onstream() { - streaming = true; - } - - file.on('directory', ondirectory); - file.on('end', onend); - file.on('error', onerror); - file.on('file', onfile); - file.on('stream', onstream); - onFinished(res, onfinish); - - if (options.headers) { - // set headers on successful transfer - file.on('headers', function headers(res) { - var obj = options.headers; - var keys = Object.keys(obj); - - for (var i = 0; i < keys.length; i++) { - var k = keys[i]; - res.setHeader(k, obj[k]); - } - }); - } - - // pipe - file.pipe(res); -} - -/** - * Stringify JSON, like JSON.stringify, but v8 optimized, with the - * ability to escape characters that can trigger HTML sniffing. - * - * @param {*} value - * @param {function} replacer - * @param {number} spaces - * @param {boolean} escape - * @returns {string} - * @private - */ - -function stringify (value, replacer, spaces, escape) { - // v8 checks arguments.length for optimizing simple call - // https://bugs.chromium.org/p/v8/issues/detail?id=4730 - var json = replacer || spaces - ? JSON.stringify(value, replacer, spaces) - : JSON.stringify(value); - - if (escape && typeof json === 'string') { - json = json.replace(/[<>&]/g, function (c) { - switch (c.charCodeAt(0)) { - case 0x3c: - return '\\u003c' - case 0x3e: - return '\\u003e' - case 0x26: - return '\\u0026' - /* istanbul ignore next: unreachable default */ - default: - return c - } - }) - } - - return json -} diff --git a/backend/node_modules/express/lib/router/index.js b/backend/node_modules/express/lib/router/index.js deleted file mode 100644 index abb3a6f..0000000 --- a/backend/node_modules/express/lib/router/index.js +++ /dev/null @@ -1,673 +0,0 @@ -/*! - * express - * Copyright(c) 2009-2013 TJ Holowaychuk - * Copyright(c) 2013 Roman Shtylman - * Copyright(c) 2014-2015 Douglas Christopher Wilson - * MIT Licensed - */ - -'use strict'; - -/** - * Module dependencies. - * @private - */ - -var Route = require('./route'); -var Layer = require('./layer'); -var methods = require('methods'); -var mixin = require('utils-merge'); -var debug = require('debug')('express:router'); -var deprecate = require('depd')('express'); -var flatten = require('array-flatten'); -var parseUrl = require('parseurl'); -var setPrototypeOf = require('setprototypeof') - -/** - * Module variables. - * @private - */ - -var objectRegExp = /^\[object (\S+)\]$/; -var slice = Array.prototype.slice; -var toString = Object.prototype.toString; - -/** - * Initialize a new `Router` with the given `options`. - * - * @param {Object} [options] - * @return {Router} which is a callable function - * @public - */ - -var proto = module.exports = function(options) { - var opts = options || {}; - - function router(req, res, next) { - router.handle(req, res, next); - } - - // mixin Router class functions - setPrototypeOf(router, proto) - - router.params = {}; - router._params = []; - router.caseSensitive = opts.caseSensitive; - router.mergeParams = opts.mergeParams; - router.strict = opts.strict; - router.stack = []; - - return router; -}; - -/** - * Map the given param placeholder `name`(s) to the given callback. - * - * Parameter mapping is used to provide pre-conditions to routes - * which use normalized placeholders. For example a _:user_id_ parameter - * could automatically load a user's information from the database without - * any additional code, - * - * The callback uses the same signature as middleware, the only difference - * being that the value of the placeholder is passed, in this case the _id_ - * of the user. Once the `next()` function is invoked, just like middleware - * it will continue on to execute the route, or subsequent parameter functions. - * - * Just like in middleware, you must either respond to the request or call next - * to avoid stalling the request. - * - * app.param('user_id', function(req, res, next, id){ - * User.find(id, function(err, user){ - * if (err) { - * return next(err); - * } else if (!user) { - * return next(new Error('failed to load user')); - * } - * req.user = user; - * next(); - * }); - * }); - * - * @param {String} name - * @param {Function} fn - * @return {app} for chaining - * @public - */ - -proto.param = function param(name, fn) { - // param logic - if (typeof name === 'function') { - deprecate('router.param(fn): Refactor to use path params'); - this._params.push(name); - return; - } - - // apply param functions - var params = this._params; - var len = params.length; - var ret; - - if (name[0] === ':') { - deprecate('router.param(' + JSON.stringify(name) + ', fn): Use router.param(' + JSON.stringify(name.slice(1)) + ', fn) instead') - name = name.slice(1) - } - - for (var i = 0; i < len; ++i) { - if (ret = params[i](name, fn)) { - fn = ret; - } - } - - // ensure we end up with a - // middleware function - if ('function' !== typeof fn) { - throw new Error('invalid param() call for ' + name + ', got ' + fn); - } - - (this.params[name] = this.params[name] || []).push(fn); - return this; -}; - -/** - * Dispatch a req, res into the router. - * @private - */ - -proto.handle = function handle(req, res, out) { - var self = this; - - debug('dispatching %s %s', req.method, req.url); - - var idx = 0; - var protohost = getProtohost(req.url) || '' - var removed = ''; - var slashAdded = false; - var sync = 0 - var paramcalled = {}; - - // store options for OPTIONS request - // only used if OPTIONS request - var options = []; - - // middleware and routes - var stack = self.stack; - - // manage inter-router variables - var parentParams = req.params; - var parentUrl = req.baseUrl || ''; - var done = restore(out, req, 'baseUrl', 'next', 'params'); - - // setup next layer - req.next = next; - - // for options requests, respond with a default if nothing else responds - if (req.method === 'OPTIONS') { - done = wrap(done, function(old, err) { - if (err || options.length === 0) return old(err); - sendOptionsResponse(res, options, old); - }); - } - - // setup basic req values - req.baseUrl = parentUrl; - req.originalUrl = req.originalUrl || req.url; - - next(); - - function next(err) { - var layerError = err === 'route' - ? null - : err; - - // remove added slash - if (slashAdded) { - req.url = req.url.slice(1) - slashAdded = false; - } - - // restore altered req.url - if (removed.length !== 0) { - req.baseUrl = parentUrl; - req.url = protohost + removed + req.url.slice(protohost.length) - removed = ''; - } - - // signal to exit router - if (layerError === 'router') { - setImmediate(done, null) - return - } - - // no more matching layers - if (idx >= stack.length) { - setImmediate(done, layerError); - return; - } - - // max sync stack - if (++sync > 100) { - return setImmediate(next, err) - } - - // get pathname of request - var path = getPathname(req); - - if (path == null) { - return done(layerError); - } - - // find next matching layer - var layer; - var match; - var route; - - while (match !== true && idx < stack.length) { - layer = stack[idx++]; - match = matchLayer(layer, path); - route = layer.route; - - if (typeof match !== 'boolean') { - // hold on to layerError - layerError = layerError || match; - } - - if (match !== true) { - continue; - } - - if (!route) { - // process non-route handlers normally - continue; - } - - if (layerError) { - // routes do not match with a pending error - match = false; - continue; - } - - var method = req.method; - var has_method = route._handles_method(method); - - // build up automatic options response - if (!has_method && method === 'OPTIONS') { - appendMethods(options, route._options()); - } - - // don't even bother matching route - if (!has_method && method !== 'HEAD') { - match = false; - } - } - - // no match - if (match !== true) { - return done(layerError); - } - - // store route for dispatch on change - if (route) { - req.route = route; - } - - // Capture one-time layer values - req.params = self.mergeParams - ? mergeParams(layer.params, parentParams) - : layer.params; - var layerPath = layer.path; - - // this should be done for the layer - self.process_params(layer, paramcalled, req, res, function (err) { - if (err) { - next(layerError || err) - } else if (route) { - layer.handle_request(req, res, next) - } else { - trim_prefix(layer, layerError, layerPath, path) - } - - sync = 0 - }); - } - - function trim_prefix(layer, layerError, layerPath, path) { - if (layerPath.length !== 0) { - // Validate path is a prefix match - if (layerPath !== path.slice(0, layerPath.length)) { - next(layerError) - return - } - - // Validate path breaks on a path separator - var c = path[layerPath.length] - if (c && c !== '/' && c !== '.') return next(layerError) - - // Trim off the part of the url that matches the route - // middleware (.use stuff) needs to have the path stripped - debug('trim prefix (%s) from url %s', layerPath, req.url); - removed = layerPath; - req.url = protohost + req.url.slice(protohost.length + removed.length) - - // Ensure leading slash - if (!protohost && req.url[0] !== '/') { - req.url = '/' + req.url; - slashAdded = true; - } - - // Setup base URL (no trailing slash) - req.baseUrl = parentUrl + (removed[removed.length - 1] === '/' - ? removed.substring(0, removed.length - 1) - : removed); - } - - debug('%s %s : %s', layer.name, layerPath, req.originalUrl); - - if (layerError) { - layer.handle_error(layerError, req, res, next); - } else { - layer.handle_request(req, res, next); - } - } -}; - -/** - * Process any parameters for the layer. - * @private - */ - -proto.process_params = function process_params(layer, called, req, res, done) { - var params = this.params; - - // captured parameters from the layer, keys and values - var keys = layer.keys; - - // fast track - if (!keys || keys.length === 0) { - return done(); - } - - var i = 0; - var name; - var paramIndex = 0; - var key; - var paramVal; - var paramCallbacks; - var paramCalled; - - // process params in order - // param callbacks can be async - function param(err) { - if (err) { - return done(err); - } - - if (i >= keys.length ) { - return done(); - } - - paramIndex = 0; - key = keys[i++]; - name = key.name; - paramVal = req.params[name]; - paramCallbacks = params[name]; - paramCalled = called[name]; - - if (paramVal === undefined || !paramCallbacks) { - return param(); - } - - // param previously called with same value or error occurred - if (paramCalled && (paramCalled.match === paramVal - || (paramCalled.error && paramCalled.error !== 'route'))) { - // restore value - req.params[name] = paramCalled.value; - - // next param - return param(paramCalled.error); - } - - called[name] = paramCalled = { - error: null, - match: paramVal, - value: paramVal - }; - - paramCallback(); - } - - // single param callbacks - function paramCallback(err) { - var fn = paramCallbacks[paramIndex++]; - - // store updated value - paramCalled.value = req.params[key.name]; - - if (err) { - // store error - paramCalled.error = err; - param(err); - return; - } - - if (!fn) return param(); - - try { - fn(req, res, paramCallback, paramVal, key.name); - } catch (e) { - paramCallback(e); - } - } - - param(); -}; - -/** - * Use the given middleware function, with optional path, defaulting to "/". - * - * Use (like `.all`) will run for any http METHOD, but it will not add - * handlers for those methods so OPTIONS requests will not consider `.use` - * functions even if they could respond. - * - * The other difference is that _route_ path is stripped and not visible - * to the handler function. The main effect of this feature is that mounted - * handlers can operate without any code changes regardless of the "prefix" - * pathname. - * - * @public - */ - -proto.use = function use(fn) { - var offset = 0; - var path = '/'; - - // default path to '/' - // disambiguate router.use([fn]) - if (typeof fn !== 'function') { - var arg = fn; - - while (Array.isArray(arg) && arg.length !== 0) { - arg = arg[0]; - } - - // first arg is the path - if (typeof arg !== 'function') { - offset = 1; - path = fn; - } - } - - var callbacks = flatten(slice.call(arguments, offset)); - - if (callbacks.length === 0) { - throw new TypeError('Router.use() requires a middleware function') - } - - for (var i = 0; i < callbacks.length; i++) { - var fn = callbacks[i]; - - if (typeof fn !== 'function') { - throw new TypeError('Router.use() requires a middleware function but got a ' + gettype(fn)) - } - - // add the middleware - debug('use %o %s', path, fn.name || '<anonymous>') - - var layer = new Layer(path, { - sensitive: this.caseSensitive, - strict: false, - end: false - }, fn); - - layer.route = undefined; - - this.stack.push(layer); - } - - return this; -}; - -/** - * Create a new Route for the given path. - * - * Each route contains a separate middleware stack and VERB handlers. - * - * See the Route api documentation for details on adding handlers - * and middleware to routes. - * - * @param {String} path - * @return {Route} - * @public - */ - -proto.route = function route(path) { - var route = new Route(path); - - var layer = new Layer(path, { - sensitive: this.caseSensitive, - strict: this.strict, - end: true - }, route.dispatch.bind(route)); - - layer.route = route; - - this.stack.push(layer); - return route; -}; - -// create Router#VERB functions -methods.concat('all').forEach(function(method){ - proto[method] = function(path){ - var route = this.route(path) - route[method].apply(route, slice.call(arguments, 1)); - return this; - }; -}); - -// append methods to a list of methods -function appendMethods(list, addition) { - for (var i = 0; i < addition.length; i++) { - var method = addition[i]; - if (list.indexOf(method) === -1) { - list.push(method); - } - } -} - -// get pathname of request -function getPathname(req) { - try { - return parseUrl(req).pathname; - } catch (err) { - return undefined; - } -} - -// Get get protocol + host for a URL -function getProtohost(url) { - if (typeof url !== 'string' || url.length === 0 || url[0] === '/') { - return undefined - } - - var searchIndex = url.indexOf('?') - var pathLength = searchIndex !== -1 - ? searchIndex - : url.length - var fqdnIndex = url.slice(0, pathLength).indexOf('://') - - return fqdnIndex !== -1 - ? url.substring(0, url.indexOf('/', 3 + fqdnIndex)) - : undefined -} - -// get type for error message -function gettype(obj) { - var type = typeof obj; - - if (type !== 'object') { - return type; - } - - // inspect [[Class]] for objects - return toString.call(obj) - .replace(objectRegExp, '$1'); -} - -/** - * Match path to a layer. - * - * @param {Layer} layer - * @param {string} path - * @private - */ - -function matchLayer(layer, path) { - try { - return layer.match(path); - } catch (err) { - return err; - } -} - -// merge params with parent params -function mergeParams(params, parent) { - if (typeof parent !== 'object' || !parent) { - return params; - } - - // make copy of parent for base - var obj = mixin({}, parent); - - // simple non-numeric merging - if (!(0 in params) || !(0 in parent)) { - return mixin(obj, params); - } - - var i = 0; - var o = 0; - - // determine numeric gaps - while (i in params) { - i++; - } - - while (o in parent) { - o++; - } - - // offset numeric indices in params before merge - for (i--; i >= 0; i--) { - params[i + o] = params[i]; - - // create holes for the merge when necessary - if (i < o) { - delete params[i]; - } - } - - return mixin(obj, params); -} - -// restore obj props after function -function restore(fn, obj) { - var props = new Array(arguments.length - 2); - var vals = new Array(arguments.length - 2); - - for (var i = 0; i < props.length; i++) { - props[i] = arguments[i + 2]; - vals[i] = obj[props[i]]; - } - - return function () { - // restore vals - for (var i = 0; i < props.length; i++) { - obj[props[i]] = vals[i]; - } - - return fn.apply(this, arguments); - }; -} - -// send an OPTIONS response -function sendOptionsResponse(res, options, next) { - try { - var body = options.join(','); - res.set('Allow', body); - res.send(body); - } catch (err) { - next(err); - } -} - -// wrap a function -function wrap(old, fn) { - return function proxy() { - var args = new Array(arguments.length + 1); - - args[0] = old; - for (var i = 0, len = arguments.length; i < len; i++) { - args[i + 1] = arguments[i]; - } - - fn.apply(this, args); - }; -} diff --git a/backend/node_modules/express/lib/router/layer.js b/backend/node_modules/express/lib/router/layer.js deleted file mode 100644 index 4dc8e86..0000000 --- a/backend/node_modules/express/lib/router/layer.js +++ /dev/null @@ -1,181 +0,0 @@ -/*! - * express - * Copyright(c) 2009-2013 TJ Holowaychuk - * Copyright(c) 2013 Roman Shtylman - * Copyright(c) 2014-2015 Douglas Christopher Wilson - * MIT Licensed - */ - -'use strict'; - -/** - * Module dependencies. - * @private - */ - -var pathRegexp = require('path-to-regexp'); -var debug = require('debug')('express:router:layer'); - -/** - * Module variables. - * @private - */ - -var hasOwnProperty = Object.prototype.hasOwnProperty; - -/** - * Module exports. - * @public - */ - -module.exports = Layer; - -function Layer(path, options, fn) { - if (!(this instanceof Layer)) { - return new Layer(path, options, fn); - } - - debug('new %o', path) - var opts = options || {}; - - this.handle = fn; - this.name = fn.name || '<anonymous>'; - this.params = undefined; - this.path = undefined; - this.regexp = pathRegexp(path, this.keys = [], opts); - - // set fast path flags - this.regexp.fast_star = path === '*' - this.regexp.fast_slash = path === '/' && opts.end === false -} - -/** - * Handle the error for the layer. - * - * @param {Error} error - * @param {Request} req - * @param {Response} res - * @param {function} next - * @api private - */ - -Layer.prototype.handle_error = function handle_error(error, req, res, next) { - var fn = this.handle; - - if (fn.length !== 4) { - // not a standard error handler - return next(error); - } - - try { - fn(error, req, res, next); - } catch (err) { - next(err); - } -}; - -/** - * Handle the request for the layer. - * - * @param {Request} req - * @param {Response} res - * @param {function} next - * @api private - */ - -Layer.prototype.handle_request = function handle(req, res, next) { - var fn = this.handle; - - if (fn.length > 3) { - // not a standard request handler - return next(); - } - - try { - fn(req, res, next); - } catch (err) { - next(err); - } -}; - -/** - * Check if this route matches `path`, if so - * populate `.params`. - * - * @param {String} path - * @return {Boolean} - * @api private - */ - -Layer.prototype.match = function match(path) { - var match - - if (path != null) { - // fast path non-ending match for / (any path matches) - if (this.regexp.fast_slash) { - this.params = {} - this.path = '' - return true - } - - // fast path for * (everything matched in a param) - if (this.regexp.fast_star) { - this.params = {'0': decode_param(path)} - this.path = path - return true - } - - // match the path - match = this.regexp.exec(path) - } - - if (!match) { - this.params = undefined; - this.path = undefined; - return false; - } - - // store values - this.params = {}; - this.path = match[0] - - var keys = this.keys; - var params = this.params; - - for (var i = 1; i < match.length; i++) { - var key = keys[i - 1]; - var prop = key.name; - var val = decode_param(match[i]) - - if (val !== undefined || !(hasOwnProperty.call(params, prop))) { - params[prop] = val; - } - } - - return true; -}; - -/** - * Decode param value. - * - * @param {string} val - * @return {string} - * @private - */ - -function decode_param(val) { - if (typeof val !== 'string' || val.length === 0) { - return val; - } - - try { - return decodeURIComponent(val); - } catch (err) { - if (err instanceof URIError) { - err.message = 'Failed to decode param \'' + val + '\''; - err.status = err.statusCode = 400; - } - - throw err; - } -} diff --git a/backend/node_modules/express/lib/router/route.js b/backend/node_modules/express/lib/router/route.js deleted file mode 100644 index a65756d..0000000 --- a/backend/node_modules/express/lib/router/route.js +++ /dev/null @@ -1,230 +0,0 @@ -/*! - * express - * Copyright(c) 2009-2013 TJ Holowaychuk - * Copyright(c) 2013 Roman Shtylman - * Copyright(c) 2014-2015 Douglas Christopher Wilson - * MIT Licensed - */ - -'use strict'; - -/** - * Module dependencies. - * @private - */ - -var debug = require('debug')('express:router:route'); -var flatten = require('array-flatten'); -var Layer = require('./layer'); -var methods = require('methods'); - -/** - * Module variables. - * @private - */ - -var slice = Array.prototype.slice; -var toString = Object.prototype.toString; - -/** - * Module exports. - * @public - */ - -module.exports = Route; - -/** - * Initialize `Route` with the given `path`, - * - * @param {String} path - * @public - */ - -function Route(path) { - this.path = path; - this.stack = []; - - debug('new %o', path) - - // route handlers for various http methods - this.methods = {}; -} - -/** - * Determine if the route handles a given method. - * @private - */ - -Route.prototype._handles_method = function _handles_method(method) { - if (this.methods._all) { - return true; - } - - // normalize name - var name = typeof method === 'string' - ? method.toLowerCase() - : method - - if (name === 'head' && !this.methods['head']) { - name = 'get'; - } - - return Boolean(this.methods[name]); -}; - -/** - * @return {Array} supported HTTP methods - * @private - */ - -Route.prototype._options = function _options() { - var methods = Object.keys(this.methods); - - // append automatic head - if (this.methods.get && !this.methods.head) { - methods.push('head'); - } - - for (var i = 0; i < methods.length; i++) { - // make upper case - methods[i] = methods[i].toUpperCase(); - } - - return methods; -}; - -/** - * dispatch req, res into this route - * @private - */ - -Route.prototype.dispatch = function dispatch(req, res, done) { - var idx = 0; - var stack = this.stack; - var sync = 0 - - if (stack.length === 0) { - return done(); - } - var method = typeof req.method === 'string' - ? req.method.toLowerCase() - : req.method - - if (method === 'head' && !this.methods['head']) { - method = 'get'; - } - - req.route = this; - - next(); - - function next(err) { - // signal to exit route - if (err && err === 'route') { - return done(); - } - - // signal to exit router - if (err && err === 'router') { - return done(err) - } - - // max sync stack - if (++sync > 100) { - return setImmediate(next, err) - } - - var layer = stack[idx++] - - // end of layers - if (!layer) { - return done(err) - } - - if (layer.method && layer.method !== method) { - next(err) - } else if (err) { - layer.handle_error(err, req, res, next); - } else { - layer.handle_request(req, res, next); - } - - sync = 0 - } -}; - -/** - * Add a handler for all HTTP verbs to this route. - * - * Behaves just like middleware and can respond or call `next` - * to continue processing. - * - * You can use multiple `.all` call to add multiple handlers. - * - * function check_something(req, res, next){ - * next(); - * }; - * - * function validate_user(req, res, next){ - * next(); - * }; - * - * route - * .all(validate_user) - * .all(check_something) - * .get(function(req, res, next){ - * res.send('hello world'); - * }); - * - * @param {function} handler - * @return {Route} for chaining - * @api public - */ - -Route.prototype.all = function all() { - var handles = flatten(slice.call(arguments)); - - for (var i = 0; i < handles.length; i++) { - var handle = handles[i]; - - if (typeof handle !== 'function') { - var type = toString.call(handle); - var msg = 'Route.all() requires a callback function but got a ' + type - throw new TypeError(msg); - } - - var layer = Layer('/', {}, handle); - layer.method = undefined; - - this.methods._all = true; - this.stack.push(layer); - } - - return this; -}; - -methods.forEach(function(method){ - Route.prototype[method] = function(){ - var handles = flatten(slice.call(arguments)); - - for (var i = 0; i < handles.length; i++) { - var handle = handles[i]; - - if (typeof handle !== 'function') { - var type = toString.call(handle); - var msg = 'Route.' + method + '() requires a callback function but got a ' + type - throw new Error(msg); - } - - debug('%s %o', method, this.path) - - var layer = Layer('/', {}, handle); - layer.method = method; - - this.methods[method] = true; - this.stack.push(layer); - } - - return this; - }; -}); diff --git a/backend/node_modules/express/lib/utils.js b/backend/node_modules/express/lib/utils.js deleted file mode 100644 index 56e12b9..0000000 --- a/backend/node_modules/express/lib/utils.js +++ /dev/null @@ -1,303 +0,0 @@ -/*! - * express - * Copyright(c) 2009-2013 TJ Holowaychuk - * Copyright(c) 2014-2015 Douglas Christopher Wilson - * MIT Licensed - */ - -'use strict'; - -/** - * Module dependencies. - * @api private - */ - -var Buffer = require('safe-buffer').Buffer -var contentDisposition = require('content-disposition'); -var contentType = require('content-type'); -var deprecate = require('depd')('express'); -var flatten = require('array-flatten'); -var mime = require('send').mime; -var etag = require('etag'); -var proxyaddr = require('proxy-addr'); -var qs = require('qs'); -var querystring = require('querystring'); - -/** - * Return strong ETag for `body`. - * - * @param {String|Buffer} body - * @param {String} [encoding] - * @return {String} - * @api private - */ - -exports.etag = createETagGenerator({ weak: false }) - -/** - * Return weak ETag for `body`. - * - * @param {String|Buffer} body - * @param {String} [encoding] - * @return {String} - * @api private - */ - -exports.wetag = createETagGenerator({ weak: true }) - -/** - * Check if `path` looks absolute. - * - * @param {String} path - * @return {Boolean} - * @api private - */ - -exports.isAbsolute = function(path){ - if ('/' === path[0]) return true; - if (':' === path[1] && ('\\' === path[2] || '/' === path[2])) return true; // Windows device path - if ('\\\\' === path.substring(0, 2)) return true; // Microsoft Azure absolute path -}; - -/** - * Flatten the given `arr`. - * - * @param {Array} arr - * @return {Array} - * @api private - */ - -exports.flatten = deprecate.function(flatten, - 'utils.flatten: use array-flatten npm module instead'); - -/** - * Normalize the given `type`, for example "html" becomes "text/html". - * - * @param {String} type - * @return {Object} - * @api private - */ - -exports.normalizeType = function(type){ - return ~type.indexOf('/') - ? acceptParams(type) - : { value: mime.lookup(type), params: {} }; -}; - -/** - * Normalize `types`, for example "html" becomes "text/html". - * - * @param {Array} types - * @return {Array} - * @api private - */ - -exports.normalizeTypes = function(types){ - var ret = []; - - for (var i = 0; i < types.length; ++i) { - ret.push(exports.normalizeType(types[i])); - } - - return ret; -}; - -/** - * Generate Content-Disposition header appropriate for the filename. - * non-ascii filenames are urlencoded and a filename* parameter is added - * - * @param {String} filename - * @return {String} - * @api private - */ - -exports.contentDisposition = deprecate.function(contentDisposition, - 'utils.contentDisposition: use content-disposition npm module instead'); - -/** - * Parse accept params `str` returning an - * object with `.value`, `.quality` and `.params`. - * - * @param {String} str - * @return {Object} - * @api private - */ - -function acceptParams (str) { - var parts = str.split(/ *; */); - var ret = { value: parts[0], quality: 1, params: {} } - - for (var i = 1; i < parts.length; ++i) { - var pms = parts[i].split(/ *= */); - if ('q' === pms[0]) { - ret.quality = parseFloat(pms[1]); - } else { - ret.params[pms[0]] = pms[1]; - } - } - - return ret; -} - -/** - * Compile "etag" value to function. - * - * @param {Boolean|String|Function} val - * @return {Function} - * @api private - */ - -exports.compileETag = function(val) { - var fn; - - if (typeof val === 'function') { - return val; - } - - switch (val) { - case true: - case 'weak': - fn = exports.wetag; - break; - case false: - break; - case 'strong': - fn = exports.etag; - break; - default: - throw new TypeError('unknown value for etag function: ' + val); - } - - return fn; -} - -/** - * Compile "query parser" value to function. - * - * @param {String|Function} val - * @return {Function} - * @api private - */ - -exports.compileQueryParser = function compileQueryParser(val) { - var fn; - - if (typeof val === 'function') { - return val; - } - - switch (val) { - case true: - case 'simple': - fn = querystring.parse; - break; - case false: - fn = newObject; - break; - case 'extended': - fn = parseExtendedQueryString; - break; - default: - throw new TypeError('unknown value for query parser function: ' + val); - } - - return fn; -} - -/** - * Compile "proxy trust" value to function. - * - * @param {Boolean|String|Number|Array|Function} val - * @return {Function} - * @api private - */ - -exports.compileTrust = function(val) { - if (typeof val === 'function') return val; - - if (val === true) { - // Support plain true/false - return function(){ return true }; - } - - if (typeof val === 'number') { - // Support trusting hop count - return function(a, i){ return i < val }; - } - - if (typeof val === 'string') { - // Support comma-separated values - val = val.split(',') - .map(function (v) { return v.trim() }) - } - - return proxyaddr.compile(val || []); -} - -/** - * Set the charset in a given Content-Type string. - * - * @param {String} type - * @param {String} charset - * @return {String} - * @api private - */ - -exports.setCharset = function setCharset(type, charset) { - if (!type || !charset) { - return type; - } - - // parse type - var parsed = contentType.parse(type); - - // set charset - parsed.parameters.charset = charset; - - // format type - return contentType.format(parsed); -}; - -/** - * Create an ETag generator function, generating ETags with - * the given options. - * - * @param {object} options - * @return {function} - * @private - */ - -function createETagGenerator (options) { - return function generateETag (body, encoding) { - var buf = !Buffer.isBuffer(body) - ? Buffer.from(body, encoding) - : body - - return etag(buf, options) - } -} - -/** - * Parse an extended query string with qs. - * - * @param {String} str - * @return {Object} - * @private - */ - -function parseExtendedQueryString(str) { - return qs.parse(str, { - allowPrototypes: true - }); -} - -/** - * Return new empty object. - * - * @return {Object} - * @api private - */ - -function newObject() { - return {}; -} diff --git a/backend/node_modules/express/lib/view.js b/backend/node_modules/express/lib/view.js deleted file mode 100644 index c08ab4d..0000000 --- a/backend/node_modules/express/lib/view.js +++ /dev/null @@ -1,182 +0,0 @@ -/*! - * express - * Copyright(c) 2009-2013 TJ Holowaychuk - * Copyright(c) 2013 Roman Shtylman - * Copyright(c) 2014-2015 Douglas Christopher Wilson - * MIT Licensed - */ - -'use strict'; - -/** - * Module dependencies. - * @private - */ - -var debug = require('debug')('express:view'); -var path = require('path'); -var fs = require('fs'); - -/** - * Module variables. - * @private - */ - -var dirname = path.dirname; -var basename = path.basename; -var extname = path.extname; -var join = path.join; -var resolve = path.resolve; - -/** - * Module exports. - * @public - */ - -module.exports = View; - -/** - * Initialize a new `View` with the given `name`. - * - * Options: - * - * - `defaultEngine` the default template engine name - * - `engines` template engine require() cache - * - `root` root path for view lookup - * - * @param {string} name - * @param {object} options - * @public - */ - -function View(name, options) { - var opts = options || {}; - - this.defaultEngine = opts.defaultEngine; - this.ext = extname(name); - this.name = name; - this.root = opts.root; - - if (!this.ext && !this.defaultEngine) { - throw new Error('No default engine was specified and no extension was provided.'); - } - - var fileName = name; - - if (!this.ext) { - // get extension from default engine name - this.ext = this.defaultEngine[0] !== '.' - ? '.' + this.defaultEngine - : this.defaultEngine; - - fileName += this.ext; - } - - if (!opts.engines[this.ext]) { - // load engine - var mod = this.ext.slice(1) - debug('require "%s"', mod) - - // default engine export - var fn = require(mod).__express - - if (typeof fn !== 'function') { - throw new Error('Module "' + mod + '" does not provide a view engine.') - } - - opts.engines[this.ext] = fn - } - - // store loaded engine - this.engine = opts.engines[this.ext]; - - // lookup path - this.path = this.lookup(fileName); -} - -/** - * Lookup view by the given `name` - * - * @param {string} name - * @private - */ - -View.prototype.lookup = function lookup(name) { - var path; - var roots = [].concat(this.root); - - debug('lookup "%s"', name); - - for (var i = 0; i < roots.length && !path; i++) { - var root = roots[i]; - - // resolve the path - var loc = resolve(root, name); - var dir = dirname(loc); - var file = basename(loc); - - // resolve the file - path = this.resolve(dir, file); - } - - return path; -}; - -/** - * Render with the given options. - * - * @param {object} options - * @param {function} callback - * @private - */ - -View.prototype.render = function render(options, callback) { - debug('render "%s"', this.path); - this.engine(this.path, options, callback); -}; - -/** - * Resolve the file within the given directory. - * - * @param {string} dir - * @param {string} file - * @private - */ - -View.prototype.resolve = function resolve(dir, file) { - var ext = this.ext; - - // <path>.<ext> - var path = join(dir, file); - var stat = tryStat(path); - - if (stat && stat.isFile()) { - return path; - } - - // <path>/index.<ext> - path = join(dir, basename(file, ext), 'index' + ext); - stat = tryStat(path); - - if (stat && stat.isFile()) { - return path; - } -}; - -/** - * Return a stat, maybe. - * - * @param {string} path - * @return {fs.Stats} - * @private - */ - -function tryStat(path) { - debug('stat "%s"', path); - - try { - return fs.statSync(path); - } catch (e) { - return undefined; - } -} diff --git a/backend/node_modules/express/package.json b/backend/node_modules/express/package.json deleted file mode 100644 index f299d88..0000000 --- a/backend/node_modules/express/package.json +++ /dev/null @@ -1,98 +0,0 @@ -{ - "name": "express", - "description": "Fast, unopinionated, minimalist web framework", - "version": "4.19.2", - "author": "TJ Holowaychuk <tj@vision-media.ca>", - "contributors": [ - "Aaron Heckmann <aaron.heckmann+github@gmail.com>", - "Ciaran Jessup <ciaranj@gmail.com>", - "Douglas Christopher Wilson <doug@somethingdoug.com>", - "Guillermo Rauch <rauchg@gmail.com>", - "Jonathan Ong <me@jongleberry.com>", - "Roman Shtylman <shtylman+expressjs@gmail.com>", - "Young Jae Sim <hanul@hanul.me>" - ], - "license": "MIT", - "repository": "expressjs/express", - "homepage": "http://expressjs.com/", - "keywords": [ - "express", - "framework", - "sinatra", - "web", - "http", - "rest", - "restful", - "router", - "app", - "api" - ], - "dependencies": { - "accepts": "~1.3.8", - "array-flatten": "1.1.1", - "body-parser": "1.20.2", - "content-disposition": "0.5.4", - "content-type": "~1.0.4", - "cookie": "0.6.0", - "cookie-signature": "1.0.6", - "debug": "2.6.9", - "depd": "2.0.0", - "encodeurl": "~1.0.2", - "escape-html": "~1.0.3", - "etag": "~1.8.1", - "finalhandler": "1.2.0", - "fresh": "0.5.2", - "http-errors": "2.0.0", - "merge-descriptors": "1.0.1", - "methods": "~1.1.2", - "on-finished": "2.4.1", - "parseurl": "~1.3.3", - "path-to-regexp": "0.1.7", - "proxy-addr": "~2.0.7", - "qs": "6.11.0", - "range-parser": "~1.2.1", - "safe-buffer": "5.2.1", - "send": "0.18.0", - "serve-static": "1.15.0", - "setprototypeof": "1.2.0", - "statuses": "2.0.1", - "type-is": "~1.6.18", - "utils-merge": "1.0.1", - "vary": "~1.1.2" - }, - "devDependencies": { - "after": "0.8.2", - "connect-redis": "3.4.2", - "cookie-parser": "1.4.6", - "cookie-session": "2.0.0", - "ejs": "3.1.9", - "eslint": "8.47.0", - "express-session": "1.17.2", - "hbs": "4.2.0", - "marked": "0.7.0", - "method-override": "3.0.0", - "mocha": "10.2.0", - "morgan": "1.10.0", - "nyc": "15.1.0", - "pbkdf2-password": "1.2.1", - "supertest": "6.3.0", - "vhost": "~3.0.2" - }, - "engines": { - "node": ">= 0.10.0" - }, - "files": [ - "LICENSE", - "History.md", - "Readme.md", - "index.js", - "lib/" - ], - "scripts": { - "lint": "eslint .", - "test": "mocha --require test/support/env --reporter spec --bail --check-leaks test/ test/acceptance/", - "test-ci": "nyc --reporter=lcovonly --reporter=text npm test", - "test-cov": "nyc --reporter=html --reporter=text npm test", - "test-tap": "mocha --require test/support/env --reporter tap --check-leaks test/ test/acceptance/" - } -} |