1.x #435

Closed
wants to merge 77 commits into
from
Commits
Jump to file or symbol
Failed to load files and symbols.
+1,708 −874
Split
View
@@ -1,4 +1,81 @@
+1.8.2 / 2011-12-03
+==================
+
+ * Fixed potential security issue, store files in req.files. Closes #431 [reported by dobesv]
+
+1.8.1 / 2011-11-21
+==================
+
+ * Added nesting support for _multipart/form-data_ [jackyz]
+
+1.8.0 / 2011-11-17
+==================
+
+ * Added _multipart/form-data_ support to `bodyParser()` using formidable
+
+1.7.3 / 2011-11-11
+==================
+
+ * Fixed `req.body`, always default to {}
+ * Fixed HEAD support for 404s and 500s
+
+1.7.2 / 2011-10-24
+==================
+
+ * "node": ">= 0.4.1 < 0.7.0"
+ * Added `static()` redirect option. Closes #398
+ * Changed `limit()`: respond with 413 when content-length exceeds the limit
+ * Removed socket error listener in static(). Closes #389
+ * Fixed `staticCache()` Age header field
+ * Fixed race condition causing errors reported in #329.
+
+1.7.1 / 2011-09-12
+==================
+
+ * Added: make `Store` inherit from `EventEmitter`
+ * Added session `Store#load(sess, fn)` to fetch a `Session` instance
+ * Added backpressure support to `staticCache()`
+ * Changed `res.socket.destroy()` to `req.socket.destroy()`
+
+1.7.0 / 2011-08-31
+==================
+
+ * Added `staticCache()` middleware, a memory cache for `static()`
+ * Added public `res.headerSent` checking nodes `res._headerSent` (remove when node adds this)
+ * Changed: ignore error handling middleware when header is sent
+ * Changed: dispatcher errors after header is sent destroy the sock
+
+1.6.4 / 2011-08-26
+==================
+
+ * Revert "Added double-next reporting"
+
+1.6.3 / 2011-08-26
+==================
+
+ * Added double-`next()` reporting
+ * Added `immediate` option to `logger()`. Closes #321
+ * Dependency `qs >= 0.3.1`
+
+1.6.2 / 2011-08-11
+==================
+
+ * Fixed `connect.static()` null byte vulnerability
+ * Fixed `connect.directory()` null byte vulnerability
+ * Changed: 301 redirect in `static()` to postfix "/" on directory. Closes #289
+
+1.6.1 / 2011-08-03
+==================
+
+ * Added: allow retval `== null` from logger callback to ignore line
+ * Added `getOnly` option to `connect.static.send()`
+ * Added response "header" event allowing augmentation
+ * Added `X-CSRF-Token` header field check
+ * Changed dep `qs >= 0.3.0`
+ * Changed: persist csrf token. Closes #322
+ * Changed: sort directory middleware files alphabetically
+
1.6.0 / 2011-07-10
==================
View
@@ -5,12 +5,8 @@ SRC = $(shell find lib -type f -name "*.js")
test:
@NODE_ENV=test ./$(TEST) \
- -I lib \
$(TEST_FLAGS) $(TESTS)
-test-cov:
- @$(MAKE) test TEST_FLAGS="--cov"
-
docs:
@mkdir -p docs
@node support/docs.js $(SRC)
@@ -25,4 +21,4 @@ site: docclean docs
&& cp -fr /tmp/docs/* . \
&& echo "done"
-.PHONY: site docs test test-cov docclean
+.PHONY: site docs test docclean
View
@@ -1,10 +1,41 @@
+
# Connect
Connect is an extensible HTTP server framework for [node](http://nodejs.org), providing high performance "plugins" known as _middleware_.
Connect is bundled with over _14_ commonly used middleware, including
a logger, session support, cookie parser, and [more](http://senchalabs.github.com/connect). Be sure to view the 1.0 [documentation](http://senchalabs.github.com/connect/).
+## Middleware
+
+ - csrf
+ - basicAuth
+ - bodyParser
+ - cookieParser
+ - directory
+ - errorHandler
+ - favicon
+ - limit
+ - logger
+ - methodOverride
+ - query
+ - responsetime
+ - session
+ - static
+ - staticCache
+ - vhost
+
+## Static file serving
+
+ The benchmarks below show the `static()` middleware
+ requests per second vs `static()` with the `staticCache()`
+ cache layer, out performing other popular node modules,
+ while maintaining more features like Range request etc.
+
+ - static(): 2700 rps
+ - node-static: 5300 rps
+ - static() + staticCache(): 7500 rps
+
## Running Tests
first:
@@ -53,10 +84,10 @@ then:
Connect `< 1.x` is compatible with node 0.2.x
- Connect `1.x` is compatible with node 0.4.x
+ Connect `1.x` is compatible with node 0.4.x and 0.6.x
- Connect `2.x` is compatible with node 0.6.x
+ Connect `2.x` (master) will be compatible with node 0.6.x
## CLA
View
@@ -0,0 +1,36 @@
+
+var connect = require('../');
+
+// visit form.html
+
+var app = connect()
+ .use(connect.static(__dirname + '/public'))
+ .use(connect.bodyParser())
+ .use(function(req, res, next){
+ if ('GET' != req.method) return next();
+ res.statusCode = 302;
+ res.setHeader('Location', 'form.html');
+ res.end();
+ })
+ .use(function(req, res){
+ res.setHeader('Content-Type', 'text/html');
+ res.write('<p>thanks ' + req.body.name + '</p>');
+ res.write('<ul>');
+console.error(req.body);
+console.error(req.files);
+ if (Array.isArray(req.files.images)) {
+ req.files.images.forEach(function(image){
+ var kb = image.size / 1024 | 0;
+ res.write('<li>uploaded ' + image.name + ' ' + kb + 'kb</li>');
+ });
+ } else {
+ var image = req.files.images;
+ var kb = image.size / 1024 | 0;
+ res.write('<li>uploaded ' + image.name + ' ' + kb + 'kb</li>');
+ }
+
+ res.end('</ul>');
+ });
+
+app.listen(3000);
+console.log('Server started on port 3000');
@@ -0,0 +1,5 @@
+<form action="/" method="post" enctype="multipart/form-data">
+ <input type="text" name="name" placeholder="Name:" />
+ <input type="file" name="images" multiple="multiple" />
+ <input type="submit" value="Upload" />
+</form>
View
@@ -0,0 +1,81 @@
+
+/*!
+ * Connect - Cache
+ * Copyright(c) 2011 Sencha Inc.
+ * MIT Licensed
+ */
+
+/**
+ * Expose `Cache`.
+ */
+
+module.exports = Cache;
+
+/**
+ * LRU cache store.
+ *
+ * @param {Number} limit
+ * @api private
+ */
+
+function Cache(limit) {
+ this.store = {};
+ this.keys = [];
+ this.limit = limit;
+}
+
+/**
+ * Touch `key`, promoting the object.
+ *
+ * @param {String} key
+ * @param {Number} i
+ * @api private
+ */
+
+Cache.prototype.touch = function(key, i){
+ this.keys.splice(i,1);
+ this.keys.push(key);
+};
+
+/**
+ * Remove `key`.
+ *
+ * @param {String} key
+ * @api private
+ */
+
+Cache.prototype.remove = function(key){
+ delete this.store[key];
+};
+
+/**
+ * Get the object stored for `key`.
+ *
+ * @param {String} key
+ * @return {Array}
+ * @api private
+ */
+
+Cache.prototype.get = function(key){
+ return this.store[key];
+};
+
+/**
+ * Add a cache `key`.
+ *
+ * @param {String} key
+ * @return {Array}
+ * @api private
+ */
+
+Cache.prototype.add = function(key){
+ // initialize store
+ var len = this.keys.push(key);
+
+ // limit reached, invalid LRU
+ if (len > this.limit) this.remove(this.keys.shift());
+
+ var arr = this.store[key] = [];
+ arr.createdAt = new Date;
+ return arr;
+};
View
@@ -26,7 +26,7 @@ exports = module.exports = createServer;
* Framework version.
*/
-exports.version = '1.6.0';
+exports.version = '1.8.2';
/**
* Initialize a new `connect.HTTPServer` with the middleware
View
@@ -145,11 +145,11 @@ Server.prototype.handle = function(req, res, out) {
layer = stack[index++];
// all done
- if (!layer) {
+ if (!layer || res.headerSent) {
// but wait! we have a parent
if (out) return out(err);
- // otherwise send a proper error message to the browser.
+ // error
if (err) {
var msg = 'production' == env
? 'Internal Server Error'
@@ -158,12 +158,17 @@ Server.prototype.handle = function(req, res, out) {
// output to stderr in a non-test env
if ('test' != env) console.error(err.stack || err.toString());
+ // unable to respond
+ if (res.headerSent) return req.socket.destroy();
+
res.statusCode = 500;
res.setHeader('Content-Type', 'text/plain');
+ if ('HEAD' == req.method) return res.end();
res.end(msg);
} else {
res.statusCode = 404;
res.setHeader('Content-Type', 'text/plain');
+ if ('HEAD' == req.method) return res.end();
res.end('Cannot ' + req.method + ' ' + req.url);
}
return;
View
@@ -28,6 +28,7 @@
* - [methodOverride](middleware-methodOverride.html) faux HTTP method support
* - [responseTime](middleware-responseTime.html) calculates response-time and exposes via X-Response-Time
* - [router](middleware-router.html) provides rich Sinatra / Express-like routing
+ * - [staticCache](middleware-staticCache.html) memory cache layer for the static() middleware
* - [static](middleware-static.html) streaming static file server supporting `Range` and more
* - [directory](middleware-directory.html) directory listing middleware
* - [vhost](middleware-vhost.html) virtual host sub-domain mapping middleware
Oops, something went wrong.