Tarpit Grover / TodoApp

Download as
Browse Code »

Commit d98e7fb1a9732d2f10cc09e6c0d806d37ae84bf5

Authored by Tarpit Grover
1 parent f32b8539
Exists in master

Made Cross Domain Compatible 

Dont even try yogendra. ;)
Showing 22 changed files with 1851 additions and 0 deletions   Show diff stats
node_modules/cors/.npmignore 0 → 100644
  Diff comments   View file @d98e7fb
... ... @@ -0,0 +1,3 @@
  1 +.DS_Store
  2 +node_modules
  3 +npm-debug.log
... ...
node_modules/cors/.travis.yml 0 → 100644
  Diff comments   View file @d98e7fb
... ... @@ -0,0 +1,3 @@
  1 +language: node_js
  2 +node_js:
  3 + - 0.10
... ...
node_modules/cors/CONTRIBUTING.md 0 → 100644
  Diff comments   View file @d98e7fb
... ... @@ -0,0 +1,36 @@
  1 +# contributing to `cors`
  2 +
  3 +CORS is a node.js package for providing a [connect](http://www.senchalabs.org/connect/)/[express](http://expressjs.com/) middleware that can be used to enable [CORS](http://en.wikipedia.org/wiki/Cross-origin_resource_sharing) with various options. Learn more about the project in [the README](README.md).
  4 +
  5 +[![build status](https://secure.travis-ci.org/TroyGoode/node-cors.png)](http://travis-ci.org/TroyGoode/node-cors)
  6 +
  7 +## The CORS Spec
  8 +
  9 +[http://www.w3.org/TR/cors/](http://www.w3.org/TR/cors/)
  10 +
  11 +## Pull Requests Welcome
  12 +
  13 +* Include `'use strict';` in every javascript file.
  14 +* 2 space indentation.
  15 +* Please run the testing steps below before submitting.
  16 +
  17 +## Testing
  18 +
  19 +```bash
  20 +$ npm install
  21 +$ npm test
  22 +$ npm run lint
  23 +```
  24 +
  25 +## Interactive Testing Harness
  26 +
  27 +[http://node-cors-client.herokuapp.com](http://node-cors-client.herokuapp.com)
  28 +
  29 +Related git repositories:
  30 +
  31 +* [https://github.com/TroyGoode/node-cors-server](https://github.com/TroyGoode/node-cors-server)
  32 +* [https://github.com/TroyGoode/node-cors-client](https://github.com/TroyGoode/node-cors-client)
  33 +
  34 +## License
  35 +
  36 +[MIT License](http://www.opensource.org/licenses/mit-license.php)
... ...
node_modules/cors/LICENSE 0 → 100644
  Diff comments   View file @d98e7fb
... ... @@ -0,0 +1,9 @@
  1 +The MIT License (MIT)
  2 +
  3 +Copyright (c) 2013 Troy Goode <troygoode@gmail.com>
  4 +
  5 +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
  6 +
  7 +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
  8 +
  9 +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
... ...
node_modules/cors/README.md 0 → 100644
  Diff comments   View file @d98e7fb
... ... @@ -0,0 +1,191 @@
  1 +# `cors`
  2 +
  3 +CORS is a node.js package for providing a [Connect](http://www.senchalabs.org/connect/)/[Express](http://expressjs.com/) middleware that can be used to enable [CORS](http://en.wikipedia.org/wiki/Cross-origin_resource_sharing) with various options.
  4 +
  5 +**[Follow me (@troygoode) on Twitter!](https://twitter.com/intent/user?screen_name=troygoode)**
  6 +
  7 +[![NPM](https://nodei.co/npm/cors.png?downloads=true&stars=true)](https://nodei.co/npm/cors/)
  8 +
  9 +[![build status](https://secure.travis-ci.org/troygoode/node-cors.png)](http://travis-ci.org/troygoode/node-cors)
  10 +* [Installation](#installation)
  11 +* [Usage](#usage)
  12 + * [Simple Usage](#simple-usage-enable-all-cors-requests)
  13 + * [Enable CORS for a Single Route](#enable-cors-for-a-single-route)
  14 + * [Configuring CORS](#configuring-cors)
  15 + * [Configuring CORS Asynchronously](#configuring-cors-asynchronously)
  16 + * [Enabling CORS Pre-Flight](#enabling-cors-pre-flight)
  17 +* [Configuration Options](#configuration-options)
  18 +* [Demo](#demo)
  19 +* [License](#license)
  20 +* [Author](#author)
  21 +
  22 +## Installation (via [npm](https://npmjs.org/package/cors))
  23 +
  24 +```bash
  25 +$ npm install cors
  26 +```
  27 +
  28 +## Usage
  29 +
  30 +### Simple Usage (Enable *All* CORS Requests)
  31 +
  32 +```javascript
  33 +var express = require('express')
  34 + , cors = require('cors')
  35 + , app = express();
  36 +
  37 +app.use(cors());
  38 +
  39 +app.get('/products/:id', function(req, res, next){
  40 + res.json({msg: 'This is CORS-enabled for all origins!'});
  41 +});
  42 +
  43 +app.listen(80, function(){
  44 + console.log('CORS-enabled web server listening on port 80');
  45 +});
  46 +```
  47 +
  48 +### Enable CORS for a Single Route
  49 +
  50 +```javascript
  51 +var express = require('express')
  52 + , cors = require('cors')
  53 + , app = express();
  54 +
  55 +app.get('/products/:id', cors(), function(req, res, next){
  56 + res.json({msg: 'This is CORS-enabled for all origins!'});
  57 +});
  58 +
  59 +app.listen(80, function(){
  60 + console.log('CORS-enabled web server listening on port 80');
  61 +});
  62 +```
  63 +
  64 +### Configuring CORS
  65 +
  66 +```javascript
  67 +var express = require('express')
  68 + , cors = require('cors')
  69 + , app = express();
  70 +
  71 +var corsOptions = {
  72 + origin: 'http://example.com'
  73 +};
  74 +
  75 +app.get('/products/:id', cors(corsOptions), function(req, res, next){
  76 + res.json({msg: 'This is CORS-enabled for only example.com.'});
  77 +});
  78 +
  79 +app.listen(80, function(){
  80 + console.log('CORS-enabled web server listening on port 80');
  81 +});
  82 +```
  83 +
  84 +### Configuring CORS w/ Dynamic Origin
  85 +
  86 +```javascript
  87 +var express = require('express')
  88 + , cors = require('cors')
  89 + , app = express();
  90 +
  91 +var whitelist = ['http://example1.com', 'http://example2.com'];
  92 +var corsOptions = {
  93 + origin: function(origin, callback){
  94 + var originIsWhitelisted = whitelist.indexOf(origin) !== -1;
  95 + callback(null, originIsWhitelisted);
  96 + }
  97 +};
  98 +
  99 +app.get('/products/:id', cors(corsOptions), function(req, res, next){
  100 + res.json({msg: 'This is CORS-enabled for a whitelisted domain.'});
  101 +});
  102 +
  103 +app.listen(80, function(){
  104 + console.log('CORS-enabled web server listening on port 80');
  105 +});
  106 +```
  107 +
  108 +### Enabling CORS Pre-Flight
  109 +
  110 +Certain CORS requests are considered 'complex' and require an initial
  111 +`OPTIONS` request (called the "pre-flight request"). An example of a
  112 +'complex' CORS request is one that uses an HTTP verb other than
  113 +GET/HEAD/POST (such as DELETE) or that uses custom headers. To enable
  114 +pre-flighting, you must add a new OPTIONS handler for the route you want
  115 +to support:
  116 +
  117 +```javascript
  118 +var express = require('express')
  119 + , cors = require('cors')
  120 + , app = express();
  121 +
  122 +app.options('/products/:id', cors()); // enable pre-flight request for DELETE request
  123 +app.del('/products/:id', cors(), function(req, res, next){
  124 + res.json({msg: 'This is CORS-enabled for all origins!'});
  125 +});
  126 +
  127 +app.listen(80, function(){
  128 + console.log('CORS-enabled web server listening on port 80');
  129 +});
  130 +```
  131 +
  132 +You can also enable pre-flight across-the-board like so:
  133 +
  134 +```
  135 +app.options('*', cors()); // include before other routes
  136 +```
  137 +
  138 +### Configuring CORS Asynchronously
  139 +
  140 +```javascript
  141 +var express = require('express')
  142 + , cors = require('cors')
  143 + , app = express();
  144 +
  145 +var whitelist = ['http://example1.com', 'http://example2.com'];
  146 +var corsOptionsDelegate = function(req, callback){
  147 + var corsOptions;
  148 + if(whitelist.indexOf(req.header('Origin')) !== -1){
  149 + corsOptions = { origin: true }; // reflect (enable) the requested origin in the CORS response
  150 + }else{
  151 + corsOptions = { origin: false }; // disable CORS for this request
  152 + }
  153 + callback(null, corsOptions); // callback expects two parameters: error and options
  154 +};
  155 +
  156 +app.get('/products/:id', cors(corsOptionsDelegate), function(req, res, next){
  157 + res.json({msg: 'This is CORS-enabled for a whitelisted domain.'});
  158 +});
  159 +
  160 +app.listen(80, function(){
  161 + console.log('CORS-enabled web server listening on port 80');
  162 +});
  163 +```
  164 +
  165 +## Configuration Options
  166 +
  167 +* `origin`: Configures the **Access-Control-Allow-Origin** CORS header. Expects a string (ex: "http://example.com"). Set to `true` to reflect the [request origin](http://tools.ietf.org/html/draft-abarth-origin-09), as defined by `req.header('Origin')`. Set to `false` to disable CORS. Can also be set to a function, which takes the request origin as the first parameter and a callback (which expects the signature `err [object], allow [bool]`) as the second.
  168 +* `methods`: Configures the **Access-Control-Allow-Methods** CORS header. Expects a comma-delimited string (ex: 'GET,PUT,POST') or an array (ex: `['GET', 'PUT', 'POST']`).
  169 +* `allowedHeaders`: Configures the **Access-Control-Allow-Headers** CORS header. Expects a comma-delimited string (ex: 'Content-Type,Authorization') or an array (ex: `['Content-Type', 'Authorization]`). If not specified, defaults to reflecting the headers specified in the request's **Access-Control-Request-Headers** header.
  170 +* `exposedHeaders`: Configures the **Access-Control-Expose-Headers** CORS header. Expects a comma-delimited string (ex: 'Content-Range,X-Content-Range') or an array (ex: `['Content-Range', 'X-Content-Range]`). If not specified, no custom headers are exposed.
  171 +* `credentials`: Configures the **Access-Control-Allow-Credentials** CORS header. Set to `true` to pass the header, otherwise it is omitted.
  172 +* `maxAge`: Configures the **Access-Control-Allow-Max-Age** CORS header. Set to an integer to pass the header, otherwise it is omitted.
  173 +
  174 +For details on the effect of each CORS header, [read this article on HTML5 Rocks](http://www.html5rocks.com/en/tutorials/cors/).
  175 +
  176 +## Demo
  177 +
  178 +A demo that illustrates CORS working (and not working) using jQuery is available here: [http://node-cors-client.herokuapp.com/](http://node-cors-client.herokuapp.com/)
  179 +
  180 +Code for that demo can be found here:
  181 +
  182 +* Client: [https://github.com/TroyGoode/node-cors-client](https://github.com/TroyGoode/node-cors-client)
  183 +* Server: [https://github.com/TroyGoode/node-cors-server](https://github.com/TroyGoode/node-cors-server)
  184 +
  185 +## License
  186 +
  187 +[MIT License](http://www.opensource.org/licenses/mit-license.php)
  188 +
  189 +## Author
  190 +
  191 +[Troy Goode](https://github.com/TroyGoode) ([troygoode@gmail.com](mailto:troygoode@gmail.com))
... ...
node_modules/cors/lib/index.js 0 → 100644
  Diff comments   View file @d98e7fb
... ... @@ -0,0 +1,198 @@
  1 +/*jslint indent: 2*/
  2 +/*global require: true, module: true*/
  3 +
  4 +(function () {
  5 +
  6 + 'use strict';
  7 +
  8 + var vary = require('vary'),
  9 + defaults = {
  10 + origin: '*',
  11 + methods: 'GET,HEAD,PUT,PATCH,POST,DELETE'
  12 + };
  13 +
  14 + function configureOrigin(options, req) {
  15 + if (!options.origin) {
  16 + return {
  17 + key: 'Access-Control-Allow-Origin',
  18 + value: '*'
  19 + };
  20 + } else {
  21 + return [
  22 + {
  23 + key: 'Access-Control-Allow-Origin',
  24 + value: options.origin === true ? req.headers.origin : options.origin
  25 + },
  26 + {
  27 + key: 'Vary',
  28 + value: 'Origin'
  29 + }
  30 + ];
  31 + }
  32 + }
  33 +
  34 + function configureMethods(options) {
  35 + var methods = options.methods || defaults.methods;
  36 + if (methods.join) {
  37 + methods = options.methods.join(','); // .methods is an array, so turn it into a string
  38 + }
  39 + return {
  40 + key: 'Access-Control-Allow-Methods',
  41 + value: methods
  42 + };
  43 + }
  44 +
  45 + function configureCredentials(options) {
  46 + if (options.credentials === true) {
  47 + return {
  48 + key: 'Access-Control-Allow-Credentials',
  49 + value: 'true'
  50 + };
  51 + }
  52 + return null;
  53 + }
  54 +
  55 + function configureAllowedHeaders(options, req) {
  56 + var headers = options.allowedHeaders || options.headers;
  57 + if (!headers) {
  58 + headers = req.headers['access-control-request-headers']; // .headers wasn't specified, so reflect the request headers
  59 + } else if (headers.join) {
  60 + headers = headers.join(','); // .headers is an array, so turn it into a string
  61 + }
  62 + if (headers && headers.length) {
  63 + return {
  64 + key: 'Access-Control-Allow-Headers',
  65 + value: headers
  66 + };
  67 + }
  68 + return null;
  69 + }
  70 +
  71 + function configureExposedHeaders(options, req) {
  72 + var headers = options.exposedHeaders;
  73 + if (!headers) {
  74 + return null;
  75 + } else if (headers.join) {
  76 + headers = headers.join(','); // .headers is an array, so turn it into a string
  77 + }
  78 + if (headers && headers.length) {
  79 + return {
  80 + key: 'Access-Control-Expose-Headers',
  81 + value: headers
  82 + };
  83 + }
  84 + return null;
  85 + }
  86 +
  87 + function configureMaxAge(options) {
  88 + var maxAge = options.maxAge && options.maxAge.toString();
  89 + if (maxAge && maxAge.length) {
  90 + return {
  91 + key: 'Access-Control-Max-Age',
  92 + value: maxAge
  93 + };
  94 + }
  95 + return null;
  96 + }
  97 +
  98 + function applyHeaders(headers, res) {
  99 + for (var i = 0, n = headers.length; i < n; i++) {
  100 + var header = headers[i];
  101 + if (header) {
  102 + if (Array.isArray(header)) {
  103 + applyHeaders(header, res);
  104 + } else if (header.key === 'Vary' && header.value) {
  105 + vary(res, header.value);
  106 + } else if (header.value) {
  107 + res.setHeader(header.key, header.value);
  108 + }
  109 + }
  110 + }
  111 + }
  112 +
  113 + function cors(options, req, res, next) {
  114 + var headers = [],
  115 + method = req.method && req.method.toUpperCase && req.method.toUpperCase();
  116 +
  117 + if (method === 'OPTIONS') {
  118 + // preflight
  119 + headers.push(configureOrigin(options, req));
  120 + headers.push(configureCredentials(options, req));
  121 + headers.push(configureMethods(options, req));
  122 + headers.push(configureAllowedHeaders(options, req));
  123 + headers.push(configureMaxAge(options, req));
  124 + applyHeaders(headers, res);
  125 + res.statusCode = 204;
  126 + res.end();
  127 + } else {
  128 + // actual response
  129 + headers.push(configureOrigin(options, req));
  130 + headers.push(configureCredentials(options, req));
  131 + headers.push(configureExposedHeaders(options, req));
  132 + applyHeaders(headers, res);
  133 + next();
  134 + }
  135 + }
  136 +
  137 + function middlewareWrapper(o) {
  138 + // if no options were passed in, use the defaults
  139 + if (!o) {
  140 + o = {};
  141 + }
  142 + if (o.origin === undefined) {
  143 + o.origin = defaults.origin;
  144 + }
  145 + if (o.methods === undefined) {
  146 + o.methods = defaults.methods;
  147 + }
  148 +
  149 + // if options are static (either via defaults or custom options passed in), wrap in a function
  150 + var optionsCallback = null;
  151 + if (typeof o === 'function') {
  152 + optionsCallback = o;
  153 + } else {
  154 + /*jslint unparam: true*/ // `req` is part of the signature, but isn't used for this stub
  155 + optionsCallback = function (req, cb) {
  156 + cb(null, o);
  157 + };
  158 + /*jslint unparam: false*/
  159 + }
  160 +
  161 + return function (req, res, next) {
  162 + optionsCallback(req, function (err, options) {
  163 + if (err) {
  164 + next(err);
  165 + } else {
  166 + var originCallback = null;
  167 + if (options.origin && typeof options.origin === 'function') {
  168 + originCallback = options.origin;
  169 + } else if (options.origin) {
  170 + /*jslint unparam: true*/ // `origin` is part of the signature, but isn't used for this stub
  171 + originCallback = function (origin, cb) {
  172 + cb(null, options.origin);
  173 + };
  174 + /*jslint unparam: false*/
  175 + }
  176 +
  177 + if (originCallback) {
  178 + originCallback(req.headers.origin, function (err, origin) {
  179 + if (err || !origin) {
  180 + next(err);
  181 + } else {
  182 + var corsOptions = Object.create(options);
  183 + corsOptions.origin = origin;
  184 + cors(corsOptions, req, res, next);
  185 + }
  186 + });
  187 + } else {
  188 + next();
  189 + }
  190 + }
  191 + });
  192 + };
  193 + }
  194 +
  195 + // can pass either an options hash, an options delegate, or nothing
  196 + module.exports = middlewareWrapper;
  197 +
  198 +}());
... ...
node_modules/cors/node_modules/vary/.npmignore 0 → 100644
  Diff comments   View file @d98e7fb
... ... @@ -0,0 +1,3 @@
  1 +coverage/
  2 +test/
  3 +.travis.yml
... ...
node_modules/cors/node_modules/vary/History.md 0 → 100644
  Diff comments   View file @d98e7fb
... ... @@ -0,0 +1,16 @@
  1 +1.0.0 / 2014-08-10
  2 +==================
  3 +
  4 + * Accept valid `Vary` header string as `field`
  5 + * Add `vary.append` for low-level string manipulation
  6 + * Move to `jshttp` orgainzation
  7 +
  8 +0.1.0 / 2014-06-05
  9 +==================
  10 +
  11 + * Support array of fields to set
  12 +
  13 +0.0.0 / 2014-06-04
  14 +==================
  15 +
  16 + * Initial release
... ...
node_modules/cors/node_modules/vary/LICENSE 0 → 100644
  Diff comments   View file @d98e7fb
... ... @@ -0,0 +1,22 @@
  1 +(The MIT License)
  2 +
  3 +Copyright (c) 2014 Douglas Christopher Wilson
  4 +
  5 +Permission is hereby granted, free of charge, to any person obtaining
  6 +a copy of this software and associated documentation files (the
  7 +'Software'), to deal in the Software without restriction, including
  8 +without limitation the rights to use, copy, modify, merge, publish,
  9 +distribute, sublicense, and/or sell copies of the Software, and to
  10 +permit persons to whom the Software is furnished to do so, subject to
  11 +the following conditions:
  12 +
  13 +The above copyright notice and this permission notice shall be
  14 +included in all copies or substantial portions of the Software.
  15 +
  16 +THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
  17 +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
  18 +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
  19 +IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
  20 +CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
  21 +TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
  22 +SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
... ...
node_modules/cors/node_modules/vary/README.md 0 → 100644
  Diff comments   View file @d98e7fb
... ... @@ -0,0 +1,59 @@
  1 +# vary
  2 +
  3 +[![NPM Version](http://img.shields.io/npm/v/vary.svg?style=flat)](https://www.npmjs.org/package/vary)
  4 +[![Node.js Version](http://img.shields.io/badge/node.js->=_0.8-blue.svg?style=flat)](http://nodejs.org/download/)
  5 +[![Build Status](http://img.shields.io/travis/jshttp/vary.svg?style=flat)](https://travis-ci.org/jshttp/vary)
  6 +[![Coverage Status](https://img.shields.io/coveralls/jshttp/vary.svg?style=flat)](https://coveralls.io/r/jshttp/vary)
  7 +[![Gittip](http://img.shields.io/gittip/dougwilson.svg?style=flat)](https://www.gittip.com/dougwilson/)
  8 +
  9 +Manipulate the HTTP Vary header
  10 +
  11 +## Install
  12 +
  13 +```sh
  14 +$ npm install vary
  15 +```
  16 +
  17 +## API
  18 +
  19 +```js
  20 +var vary = require('vary')
  21 +```
  22 +
  23 +### vary(res, field)
  24 +
  25 +Adds the given header `field` to the `Vary` response header of `res`.
  26 +This can be a string of a single field, a string of a valid `Vary`
  27 +header, or an array of multiple fields.
  28 +
  29 +This will append the header if not already listed, otherwise leaves
  30 +it listed in the current location.
  31 +
  32 +```js
  33 +// Append "Origin" to the Vary header of the response
  34 +vary(res, 'Origin')
  35 +```
  36 +
  37 +### vary.append(header, field)
  38 +
  39 +Adds the given header `field` to the `Vary` response header string `header`.
  40 +This can be a string of a single field, a string of a valid `Vary` header,
  41 +or an array of multiple fields.
  42 +
  43 +This will append the header if not already listed, otherwise leaves
  44 +it listed in the current location. The new header string is returned.
  45 +
  46 +```js
  47 +// Get header string appending "Origin" to "Accept, User-Agent"
  48 +vary.append('Accept, User-Agent', 'Origin')
  49 +```
  50 +
  51 +## Testing
  52 +
  53 +```sh
  54 +$ npm test
  55 +```
  56 +
  57 +## License
  58 +
  59 +[MIT](LICENSE)
... ...
node_modules/cors/node_modules/vary/index.js 0 → 100644
  Diff comments   View file @d98e7fb
... ... @@ -0,0 +1,112 @@
  1 +/*!
  2 + * vary
  3 + * Copyright(c) 2014 Douglas Christopher Wilson
  4 + * MIT Licensed
  5 + */
  6 +
  7 +/**
  8 + * Module exports.
  9 + */
  10 +
  11 +module.exports = vary;
  12 +module.exports.append = append;
  13 +
  14 +/**
  15 + * Variables.
  16 + */
  17 +
  18 +var separators = /[\(\)<>@,;:\\"\/\[\]\?=\{\}\u0020\u0009]/;
  19 +
  20 +/**
  21 + * Append a field to a vary header.
  22 + *
  23 + * @param {String} header
  24 + * @param {String|Array} field
  25 + * @return {String}
  26 + * @api public
  27 + */
  28 +
  29 +function append(header, field) {
  30 + if (typeof header !== 'string') {
  31 + throw new TypeError('header argument is required');
  32 + }
  33 +
  34 + if (!field) {
  35 + throw new TypeError('field argument is required');
  36 + }
  37 +
  38 + // get fields array
  39 + var fields = !Array.isArray(field)
  40 + ? parse(String(field))
  41 + : field;
  42 +
  43 + // assert on invalid fields
  44 + for (var i = 0; i < fields.length; i++) {
  45 + if (separators.test(fields[i])) {
  46 + throw new TypeError('field argument contains an invalid header');
  47 + }
  48 + }
  49 +
  50 + // existing, unspecified vary
  51 + if (header === '*') {
  52 + return header;
  53 + }
  54 +
  55 + // enumerate current values
  56 + var vals = parse(header.toLowerCase());
  57 +
  58 + // unspecified vary
  59 + if (fields.indexOf('*') !== -1 || vals.indexOf('*') !== -1) {
  60 + return '*';
  61 + }
  62 +
  63 + for (var i = 0; i < fields.length; i++) {
  64 + field = fields[i].toLowerCase();
  65 +
  66 + // append value (case-preserving)
  67 + if (vals.indexOf(field) === -1) {
  68 + vals.push(field);
  69 + header = header
  70 + ? header + ', ' + fields[i]
  71 + : fields[i];
  72 + }
  73 + }
  74 +
  75 + return header;
  76 +}
  77 +
  78 +/**
  79 + * Parse a vary header into an array.
  80 + *
  81 + * @param {String} header
  82 + * @return {Array}
  83 + * @api private
  84 + */
  85 +
  86 +function parse(header) {
  87 + return header.trim().split(/ *, */);
  88 +}
  89 +
  90 +/**
  91 + * Mark that a request is varied on a header field.
  92 + *
  93 + * @param {Object} res
  94 + * @param {String|Array} field
  95 + * @api public
  96 + */
  97 +
  98 +function vary(res, field) {
  99 + if (!res || !res.getHeader || !res.setHeader) {
  100 + // quack quack
  101 + throw new TypeError('res argument is required');
  102 + }
  103 +
  104 + // get existing header
  105 + var val = res.getHeader('Vary') || ''
  106 + var header = Array.isArray(val)
  107 + ? val.join(', ')
  108 + : String(val);
  109 +
  110 + // set new header
  111 + res.setHeader('Vary', append(header, field));
  112 +}
... ...
node_modules/cors/node_modules/vary/package.json 0 → 100644
  Diff comments   View file @d98e7fb
... ... @@ -0,0 +1,70 @@
  1 +{
  2 + "name": "vary",
  3 + "description": "Manipulate the HTTP Vary header",
  4 + "version": "1.0.0",
  5 + "author": {
  6 + "name": "Douglas Christopher Wilson",
  7 + "email": "doug@somethingdoug.com"
  8 + },
  9 + "license": "MIT",
  10 + "keywords": [
  11 + "http",
  12 + "res",
  13 + "vary"
  14 + ],
  15 + "repository": {
  16 + "type": "git",
  17 + "url": "https://github.com/jshttp/vary"
  18 + },
  19 + "devDependencies": {
  20 + "istanbul": "0.3.0",
  21 + "mocha": "~1.21.4",
  22 + "should": "~4.0.4",
  23 + "supertest": "~0.13.0"
  24 + },
  25 + "engines": {
  26 + "node": ">= 0.8.0"
  27 + },
  28 + "scripts": {
  29 + "test": "mocha --reporter spec --bail --check-leaks test/",
  30 + "test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --reporter dot --check-leaks test/",
  31 + "test-travis": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --reporter spec --check-leaks test/"
  32 + },
  33 + "gitHead": "56acecd9fa20888132563b00576625ea02a69a35",
  34 + "bugs": {
  35 + "url": "https://github.com/jshttp/vary/issues"
  36 + },
  37 + "homepage": "https://github.com/jshttp/vary",
  38 + "_id": "vary@1.0.0",
  39 + "_shasum": "c5e76cec20d3820d8f2a96e7bee38731c34da1e7",
  40 + "_from": "vary@^1",
  41 + "_npmVersion": "1.4.21",
  42 + "_npmUser": {
  43 + "name": "dougwilson",
  44 + "email": "doug@somethingdoug.com"
  45 + },
  46 + "maintainers": [
  47 + {
  48 + "name": "dougwilson",
  49 + "email": "doug@somethingdoug.com"
  50 + },
  51 + {
  52 + "name": "jongleberry",
  53 + "email": "jonathanrichardong@gmail.com"
  54 + },
  55 + {
  56 + "name": "fishrock123",
  57 + "email": "fishrock123@rocketmail.com"
  58 + },
  59 + {
  60 + "name": "shtylman",
  61 + "email": "shtylman@gmail.com"
  62 + }
  63 + ],
  64 + "dist": {
  65 + "shasum": "c5e76cec20d3820d8f2a96e7bee38731c34da1e7",
  66 + "tarball": "http://registry.npmjs.org/vary/-/vary-1.0.0.tgz"
  67 + },
  68 + "directories": {},
  69 + "_resolved": "https://registry.npmjs.org/vary/-/vary-1.0.0.tgz"
  70 +}
... ...
node_modules/cors/package.json 0 → 100644
  Diff comments   View file @d98e7fb
... ... @@ -0,0 +1,79 @@
  1 +{
  2 + "name": "cors",
  3 + "version": "2.5.3",
  4 + "author": {
  5 + "name": "Troy Goode",
  6 + "email": "troygoode@gmail.com",
  7 + "url": "https://github.com/troygoode/"
  8 + },
  9 + "description": "middleware for dynamically or statically enabling CORS in express/connect applications",
  10 + "keywords": [
  11 + "cors",
  12 + "express",
  13 + "connect",
  14 + "middleware"
  15 + ],
  16 + "homepage": "https://github.com/troygoode/node-cors/",
  17 + "repository": {
  18 + "type": "git",
  19 + "url": "git://github.com/troygoode/node-cors.git"
  20 + },
  21 + "contributors": [
  22 + {
  23 + "name": "Troy Goode",
  24 + "email": "troygoode@gmail.com",
  25 + "url": "https://github.com/troygoode/"
  26 + }
  27 + ],
  28 + "licenses": [
  29 + {
  30 + "type": "MIT",
  31 + "url": "http://www.opensource.org/licenses/mit-license.php"
  32 + }
  33 + ],
  34 + "bugs": {
  35 + "url": "https://github.com/troygoode/node-cors/issues"
  36 + },
  37 + "main": "./lib/index.js",
  38 + "engines": {
  39 + "node": ">=0.10.0"
  40 + },
  41 + "dependencies": {
  42 + "vary": "^1"
  43 + },
  44 + "devDependencies": {
  45 + "basic-auth-connect": "^1",
  46 + "body-parser": "^1.4.3",
  47 + "express": "^4",
  48 + "lint": "^1.1.2",
  49 + "mocha": "^1.18.2",
  50 + "should": "^3.3.1",
  51 + "supertest": "^0.12"
  52 + },
  53 + "scripts": {
  54 + "test": "./node_modules/mocha/bin/mocha",
  55 + "lint": "./node_modules/lint/bin/node-lint lib test"
  56 + },
  57 + "gitHead": "9959d2e4301bfb76e150c1c65e5ecd28924269fb",
  58 + "_id": "cors@2.5.3",
  59 + "_shasum": "0d70a211ec3b6cc9824e6cdc299c0630ef69c392",
  60 + "_from": "cors@",
  61 + "_npmVersion": "2.1.10",
  62 + "_nodeVersion": "0.10.26",
  63 + "_npmUser": {
  64 + "name": "troygoode",
  65 + "email": "troygoode@gmail.com"
  66 + },
  67 + "maintainers": [
  68 + {
  69 + "name": "troygoode",
  70 + "email": "troygoode@gmail.com"
  71 + }
  72 + ],
  73 + "dist": {
  74 + "shasum": "0d70a211ec3b6cc9824e6cdc299c0630ef69c392",
  75 + "tarball": "http://registry.npmjs.org/cors/-/cors-2.5.3.tgz"
  76 + },
  77 + "directories": {},
  78 + "_resolved": "https://registry.npmjs.org/cors/-/cors-2.5.3.tgz"
  79 +}
... ...
node_modules/cors/test/basic-auth.js 0 → 100644
  Diff comments   View file @d98e7fb
... ... @@ -0,0 +1,44 @@
  1 +/*jslint indent: 2*/
  2 +/*global require: true, module: true, describe: true, it: true, setTimeout: true*/
  3 +
  4 +(function () {
  5 +
  6 + 'use strict';
  7 +
  8 + var should = require('should'),
  9 + express = require('express'),
  10 + supertest = require('supertest'),
  11 + basicAuth = require('basic-auth-connect'),
  12 + cors = require('../lib'),
  13 + app;
  14 +
  15 + /* -------------------------------------------------------------------------- */
  16 +
  17 + app = express();
  18 + app.use(basicAuth('username', 'password'));
  19 + app.use(cors());
  20 + /*jslint unparam: true*/ // `req` is part of the signature, but not used in these routes
  21 + app.post('/', function (req, res) {
  22 + res.send('hello world');
  23 + });
  24 + /*jslint unparam: false*/
  25 +
  26 + /* -------------------------------------------------------------------------- */
  27 +
  28 + describe('basic auth', function () {
  29 + it('POST works', function (done) {
  30 + supertest(app)
  31 + .post('/')
  32 + .auth('username', 'password')
  33 + .expect(200)
  34 + .end(function (err, res) {
  35 + should.not.exist(err);
  36 + res.headers['access-control-allow-origin'].should.eql('*');
  37 + res.text.should.eql('hello world');
  38 + done();
  39 + });
  40 + });
  41 + });
  42 +
  43 +}());
  44 +
... ...
node_modules/cors/test/body-events.js 0 → 100644
  Diff comments   View file @d98e7fb
... ... @@ -0,0 +1,87 @@
  1 +/*jslint indent: 2*/
  2 +/*global require: true, module: true, describe: true, it: true, setTimeout: true*/
  3 +
  4 +(function () {
  5 +
  6 + 'use strict';
  7 +
  8 + var should = require('should'),
  9 + express = require('express'),
  10 + supertest = require('supertest'),
  11 + bodyParser = require('body-parser'),
  12 + cors = require('../lib'),
  13 + dynamicOrigin,
  14 + app1,
  15 + app2,
  16 + text = 'Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed justo turpis, tempor id sem fringilla, cursus tristique purus. Mauris a sollicitudin magna. Etiam dui lacus, vehicula non dictum at, cursus vitae libero. Curabitur lorem nulla, sollicitudin id enim ut, vehicula rhoncus felis. Ut nec iaculis velit. Vivamus at augue nulla. Fusce at molestie arcu. Duis at dui at tellus mattis tincidunt. Vestibulum sit amet dictum metus. Curabitur nec pretium ante. Proin vulputate elit ac lorem gravida, sit amet placerat lorem fringilla. Mauris fermentum, diam et volutpat auctor, ante enim imperdiet purus, sit amet tincidunt ipsum nulla nec est. Fusce id ipsum in sem malesuada laoreet vitae non magna. Praesent commodo turpis in nulla egestas, eu posuere magna venenatis. Integer in aliquam sem. Fusce quis lorem tincidunt eros rutrum lobortis.\n\nNam aliquam cursus ipsum, a hendrerit purus. Cras ultrices viverra nunc ac lacinia. Sed sed diam orci. Vestibulum ut orci a nibh scelerisque pretium. Sed suscipit vestibulum metus, ac ultricies leo sodales a. Aliquam erat volutpat. Vestibulum mauris massa, luctus et libero vel, cursus suscipit nulla. Cras sed erat quis massa fermentum congue. Mauris ultrices sem ligula, id malesuada lectus tincidunt eget. Donec sed nisl elit. Aenean ac lobortis massa. Phasellus felis nisl, dictum a dui volutpat, dictum sagittis diam. Vestibulum lacinia tellus vel commodo consequat.\n\nNulla at varius nibh, non posuere enim. Curabitur urna est, ultrices vel sem nec, consequat molestie nisi. Aliquam sed augue sit amet ante viverra pretium. Cras aliquam turpis vitae eros gravida egestas. Etiam quis dolor non quam suscipit iaculis. Sed euismod est libero, ac ullamcorper elit hendrerit vitae. Vivamus sollicitudin nulla dolor, vitae porta lacus suscipit ac.\n\nSed volutpat, magna in scelerisque dapibus, eros ante volutpat nisi, ac condimentum diam sem sed justo. Aenean justo risus, bibendum vitae blandit ac, mattis quis nunc. Quisque non felis nec justo auctor accumsan non id odio. Mauris vel dui feugiat dolor dapibus convallis in et neque. Phasellus fermentum sollicitudin tortor ac pretium. Proin tristique accumsan nulla eu venenatis. Cras porta lorem ac arcu accumsan pulvinar. Sed dignissim leo augue, a pretium ante viverra id. Phasellus blandit at purus a malesuada. Nam et cursus mauris. Vivamus accumsan augue laoreet lectus lacinia eleifend. Fusce sit amet felis nunc. Pellentesque eu turpis nisl.\n\nPellentesque vitae quam feugiat, volutpat lectus et, faucibus massa. Maecenas consectetur quis nisi eu aliquam. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Etiam laoreet condimentum laoreet. Praesent sit amet massa sit amet dui porta condimentum. Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia Curae; Sed volutpat massa nec risus malesuada hendrerit.';
  17 +
  18 + /* -------------------------------------------------------------------------- */
  19 +
  20 + dynamicOrigin = function (origin, cb) {
  21 + setTimeout(function () {
  22 + cb(null, true);
  23 + }, 200);
  24 + };
  25 +
  26 + /* -------------------------------------------------------------------------- */
  27 +
  28 + app1 = express();
  29 + app1.use(cors({origin: dynamicOrigin}));
  30 + app1.use(bodyParser.json());
  31 + /*jslint unparam: true*/ // `req` is part of the signature, but not used in these routes
  32 + app1.post('/', function (req, res) {
  33 + res.send(req.body);
  34 + });
  35 + /*jslint unparam: false*/
  36 +
  37 + /* -------------------------------------------------------------------------- */
  38 +
  39 + app2 = express();
  40 + app2.use(bodyParser.json());
  41 + app2.use(cors({origin: dynamicOrigin}));
  42 + /*jslint unparam: true*/ // `req` is part of the signature, but not used in these routes
  43 + app2.post('/', function (req, res) {
  44 + res.send(req.body);
  45 + });
  46 + /*jslint unparam: false*/
  47 +
  48 + /* -------------------------------------------------------------------------- */
  49 +
  50 + describe('body-parser-events', function () {
  51 + describe('app1 (cors before bodyparser)', function () {
  52 + it('POST works', function (done) {
  53 + var body = {
  54 + example: text
  55 + };
  56 + supertest(app1)
  57 + .post('/')
  58 + .send(body)
  59 + .expect(200)
  60 + .end(function (err, res) {
  61 + should.not.exist(err);
  62 + res.body.should.eql(body);
  63 + done();
  64 + });
  65 + });
  66 + });
  67 +
  68 + describe('app2 (bodyparser before cors)', function () {
  69 + it('POST works', function (done) {
  70 + var body = {
  71 + example: text
  72 + };
  73 + supertest(app2)
  74 + .post('/')
  75 + .send(body)
  76 + .expect(200)
  77 + .end(function (err, res) {
  78 + should.not.exist(err);
  79 + res.body.should.eql(body);
  80 + done();
  81 + });
  82 + });
  83 + });
  84 + });
  85 +
  86 +}());
  87 +
... ...
node_modules/cors/test/cors.js 0 → 100644
  Diff comments   View file @d98e7fb
... ... @@ -0,0 +1,600 @@
  1 +/*jslint indent: 2*/
  2 +/*global require: true, module: true, describe: true, it: true*/
  3 +
  4 +(function () {
  5 +
  6 + 'use strict';
  7 +
  8 + var should = require('should'),
  9 + cors = require('../lib'),
  10 + fakeRequest = function (headers) {
  11 + return {
  12 + headers: headers || {
  13 + 'origin': 'request.com',
  14 + 'access-control-request-headers': 'requestedHeader1,requestedHeader2'
  15 + },
  16 + pause: function () {
  17 + // do nothing
  18 + return;
  19 + },
  20 + resume: function () {
  21 + // do nothing
  22 + return;
  23 + }
  24 + };
  25 + },
  26 + fakeResponse = function () {
  27 + var headers = {};
  28 + return {
  29 + allHeaders: function () {
  30 + return headers;
  31 + },
  32 + getHeader: function (key) {
  33 + return headers[key];
  34 + },
  35 + setHeader: function (key, value) {
  36 + headers[key] = value;
  37 + return;
  38 + },
  39 + get: function (key) {
  40 + return headers[key];
  41 + }
  42 + };
  43 + };
  44 +
  45 + describe('cors', function () {
  46 + it('passes control to next middleware', function (done) {
  47 + // arrange
  48 + var req, res, next;
  49 + req = fakeRequest();
  50 + res = fakeResponse();
  51 + next = function () {
  52 + done();
  53 + };
  54 +
  55 + // act
  56 + cors()(req, res, next);
  57 + });
  58 +
  59 + it('shortcircuits preflight requests', function (done) {
  60 + // arrange
  61 + var req, res, next;
  62 + req = fakeRequest();
  63 + req.method = 'OPTIONS';
  64 + res = fakeResponse();
  65 + res.end = function () {
  66 + // assert
  67 + res.statusCode.should.equal(204);
  68 + done();
  69 + };
  70 + next = function () {
  71 + // assert
  72 + done('should not be called');
  73 + };
  74 +
  75 + // act
  76 + cors()(req, res, next);
  77 + });
  78 +
  79 + it('normalizes method names', function (done) {
  80 + // arrange
  81 + var req, res, next;
  82 + req = fakeRequest();
  83 + req.method = 'options';
  84 + res = fakeResponse();
  85 + res.end = function () {
  86 + // assert
  87 + res.statusCode.should.equal(204);
  88 + done();
  89 + };
  90 + next = function () {
  91 + // assert
  92 + done('should not be called');
  93 + };
  94 +
  95 + // act
  96 + cors()(req, res, next);
  97 + });
  98 +
  99 + it('no options enables default CORS to all origins', function (done) {
  100 + // arrange
  101 + var req, res, next;
  102 + req = fakeRequest();
  103 + res = fakeResponse();
  104 + next = function () {
  105 + // assert
  106 + res.getHeader('Access-Control-Allow-Origin').should.equal('*');
  107 + should.not.exist(res.getHeader('Access-Control-Allow-Methods'));
  108 + done();
  109 + };
  110 +
  111 + // act
  112 + cors()(req, res, next);
  113 + });
  114 +
  115 + it('OPTION call with no options enables default CORS to all origins and methods', function (done) {
  116 + // arrange
  117 + var req, res, next;
  118 + req = fakeRequest();
  119 + req.method = 'OPTIONS';
  120 + res = fakeResponse();
  121 + res.end = function () {
  122 + // assert
  123 + res.statusCode.should.equal(204);
  124 + done();
  125 + };
  126 + next = function () {
  127 + // assert
  128 + res.getHeader('Access-Control-Allow-Origin').should.equal('*');
  129 + res.getHeader('Access-Control-Allow-Methods').should.equal('GET,PUT,PATCH,POST,DELETE');
  130 + done();
  131 + };
  132 +
  133 + // act
  134 + cors()(req, res, next);
  135 + });
  136 +
  137 + describe('passing static options', function () {
  138 + it('overrides defaults', function (done) {
  139 + // arrange
  140 + var req, res, next, options;
  141 + options = {
  142 + origin: 'example.com',
  143 + methods: ['FOO', 'bar'],
  144 + headers: ['FIZZ', 'buzz'],
  145 + credentials: true,
  146 + maxAge: 123
  147 + };
  148 + req = fakeRequest();
  149 + req.method = 'OPTIONS';
  150 + res = fakeResponse();
  151 + res.end = function () {
  152 + // assert
  153 + res.statusCode.should.equal(204);
  154 + done();
  155 + };
  156 + next = function () {
  157 + // assert
  158 + res.getHeader('Access-Control-Allow-Origin').should.equal('example.com');
  159 + res.getHeader('Access-Control-Allow-Methods').should.equal('FOO,bar');
  160 + res.getHeader('Access-Control-Allow-Headers').should.equal('FIZZ,buzz');
  161 + res.getHeader('Access-Control-Allow-Credentials').should.equal('true');
  162 + res.getHeader('Access-Control-Allow-Max-Age').should.equal('123');
  163 + done();
  164 + };
  165 +
  166 + // act
  167 + cors(options)(req, res, next);
  168 + });
  169 +
  170 + it('origin of false disables cors', function (done) {
  171 + // arrange
  172 + var req, res, next, options;
  173 + options = {
  174 + origin: false,
  175 + methods: ['FOO', 'bar'],
  176 + headers: ['FIZZ', 'buzz'],
  177 + credentials: true,
  178 + maxAge: 123
  179 + };
  180 + req = fakeRequest();
  181 + res = fakeResponse();
  182 + next = function () {
  183 + // assert
  184 + should.not.exist(res.getHeader('Access-Control-Allow-Origin'));
  185 + should.not.exist(res.getHeader('Access-Control-Allow-Methods'));
  186 + should.not.exist(res.getHeader('Access-Control-Allow-Headers'));
  187 + should.not.exist(res.getHeader('Access-Control-Allow-Credentials'));
  188 + should.not.exist(res.getHeader('Access-Control-Allow-Max-Age'));
  189 + done();
  190 + };
  191 +
  192 + // act
  193 + cors(options)(req, res, next);
  194 + });
  195 +
  196 + it('can override origin', function (done) {
  197 + // arrange
  198 + var req, res, next, options;
  199 + options = {
  200 + origin: 'example.com'
  201 + };
  202 + req = fakeRequest();
  203 + res = fakeResponse();
  204 + next = function () {
  205 + // assert
  206 + res.getHeader('Access-Control-Allow-Origin').should.equal('example.com');
  207 + done();
  208 + };
  209 +
  210 + // act
  211 + cors(options)(req, res, next);
  212 + });
  213 +
  214 + it('includes Vary header for specific origins', function (done) {
  215 + // arrange
  216 + var req, res, next, options;
  217 + options = {
  218 + origin: 'example.com'
  219 + };
  220 + req = fakeRequest();
  221 + res = fakeResponse();
  222 + next = function () {
  223 + // assert
  224 + res.getHeader('Vary').should.equal('Origin');
  225 + done();
  226 + };
  227 +
  228 + // act
  229 + cors(options)(req, res, next);
  230 + });
  231 +
  232 + it('appends to an existing Vary header', function (done) {
  233 + // arrange
  234 + var req, res, next, options;
  235 + options = {
  236 + origin: 'example.com'
  237 + };
  238 + req = fakeRequest();
  239 + res = fakeResponse();
  240 + res.setHeader('Vary', 'Foo');
  241 + next = function () {
  242 + // assert
  243 + res.getHeader('Vary').should.equal('Foo, Origin');
  244 + done();
  245 + };
  246 +
  247 + // act
  248 + cors(options)(req, res, next);
  249 + });
  250 +
  251 + it('origin defaults to *', function (done) {
  252 + // arrange
  253 + var req, res, next, options;
  254 + options = {
  255 + };
  256 + req = fakeRequest();
  257 + res = fakeResponse();
  258 + next = function () {
  259 + // assert
  260 + res.getHeader('Access-Control-Allow-Origin').should.equal('*');
  261 + done();
  262 + };
  263 +
  264 + // act
  265 + cors(options)(req, res, next);
  266 + });
  267 +
  268 + it('specifying true for origin reflects requesting origin', function (done) {
  269 + // arrange
  270 + var req, res, next, options;
  271 + options = {
  272 + origin: true
  273 + };
  274 + req = fakeRequest();
  275 + res = fakeResponse();
  276 + next = function () {
  277 + // assert
  278 + res.getHeader('Access-Control-Allow-Origin').should.equal('request.com');
  279 + done();
  280 + };
  281 +
  282 + // act
  283 + cors(options)(req, res, next);
  284 + });
  285 +
  286 + it('should allow origin when callback returns true', function (done) {
  287 + var req, res, next, options;
  288 + options = {
  289 + origin: function (sentOrigin, cb) {
  290 + sentOrigin.should.equal('request.com');
  291 + cb(null, true);
  292 + }
  293 + };
  294 + req = fakeRequest();
  295 + res = fakeResponse();
  296 + next = function () {
  297 + res.getHeader('Access-Control-Allow-Origin').should.equal('request.com');
  298 + done();
  299 + };
  300 +
  301 + cors(options)(req, res, next);
  302 + });
  303 +
  304 + it('should not allow origin when callback returns false', function (done) {
  305 + var req, res, next, options;
  306 + options = {
  307 + origin: function (sentOrigin, cb) {
  308 + sentOrigin.should.equal('request.com');
  309 + cb(null, false);
  310 + }
  311 + };
  312 + req = fakeRequest();
  313 + res = fakeResponse();
  314 + next = function () {
  315 + should.not.exist(res.getHeader('Access-Control-Allow-Origin'));
  316 + should.not.exist(res.getHeader('Access-Control-Allow-Methods'));
  317 + should.not.exist(res.getHeader('Access-Control-Allow-Headers'));
  318 + should.not.exist(res.getHeader('Access-Control-Allow-Credentials'));
  319 + should.not.exist(res.getHeader('Access-Control-Allow-Max-Age'));
  320 + done();
  321 + };
  322 +
  323 + cors(options)(req, res, next);
  324 + });
  325 +
  326 + it('should not override options.origin callback', function (done) {
  327 + var req, res, next, options;
  328 + options = {
  329 + origin: function (sentOrigin, cb) {
  330 + var isValid = sentOrigin === 'request.com';
  331 + cb(null, isValid);
  332 + }
  333 + };
  334 +
  335 + req = fakeRequest();
  336 + res = fakeResponse();
  337 + next = function () {
  338 + res.getHeader('Access-Control-Allow-Origin').should.equal('request.com');
  339 + };
  340 +
  341 + cors(options)(req, res, next);
  342 +
  343 + req = fakeRequest({
  344 + 'origin': 'invalid-request.com'
  345 + });
  346 + res = fakeResponse();
  347 +
  348 + next = function () {
  349 + should.not.exist(res.getHeader('Access-Control-Allow-Origin'));
  350 + should.not.exist(res.getHeader('Access-Control-Allow-Methods'));
  351 + should.not.exist(res.getHeader('Access-Control-Allow-Headers'));
  352 + should.not.exist(res.getHeader('Access-Control-Allow-Credentials'));
  353 + should.not.exist(res.getHeader('Access-Control-Allow-Max-Age'));
  354 + done();
  355 + };
  356 +
  357 + cors(options)(req, res, next);
  358 + });
  359 +
  360 +
  361 + it('can override methods', function (done) {
  362 + // arrange
  363 + var req, res, next, options;
  364 + options = {
  365 + methods: ['method1', 'method2']
  366 + };
  367 + req = fakeRequest();
  368 + req.method = 'OPTIONS';
  369 + res = fakeResponse();
  370 + res.end = function () {
  371 + // assert
  372 + res.statusCode.should.equal(204);
  373 + done();
  374 + };
  375 + next = function () {
  376 + // assert
  377 + res.getHeader('Access-Control-Allow-Methods').should.equal('method1,method2');
  378 + done();
  379 + };
  380 +
  381 + // act
  382 + cors(options)(req, res, next);
  383 + });
  384 +
  385 + it('methods defaults to GET, PUT, PATCH, POST, DELETE', function (done) {
  386 + // arrange
  387 + var req, res, next, options;
  388 + options = {
  389 + };
  390 + req = fakeRequest();
  391 + req.method = 'OPTIONS';
  392 + res = fakeResponse();
  393 + res.end = function () {
  394 + // assert
  395 + res.statusCode.should.equal(204);
  396 + done();
  397 + };
  398 + next = function () {
  399 + // assert
  400 + res.getHeader('Access-Control-Allow-Methods').should.equal('GET,PUT,PATCH,POST,DELETE');
  401 + done();
  402 + };
  403 +
  404 + // act
  405 + cors(options)(req, res, next);
  406 + });
  407 +
  408 + it('can specify allowed headers', function (done) {
  409 + // arrange
  410 + var req, res, options;
  411 + options = {
  412 + allowedHeaders: ['header1', 'header2']
  413 + };
  414 + req = fakeRequest();
  415 + req.method = 'OPTIONS';
  416 + res = fakeResponse();
  417 + res.end = function () {
  418 + // assert
  419 + res.getHeader('Access-Control-Allow-Headers').should.equal('header1,header2');
  420 + done();
  421 + };
  422 +
  423 + // act
  424 + cors(options)(req, res, null);
  425 + });
  426 +
  427 + it('specifying an empty list or string of allowed headers will result in no response header for allowed headers', function (done) {
  428 + // arrange
  429 + var req, res, next, options;
  430 + options = {
  431 + allowedHeaders: []
  432 + };
  433 + req = fakeRequest();
  434 + res = fakeResponse();
  435 + next = function () {
  436 + // assert
  437 + should.not.exist(res.getHeader('Access-Control-Allow-Headers'));
  438 + done();
  439 + };
  440 +
  441 + // act
  442 + cors(options)(req, res, next);
  443 + });
  444 +
  445 + it('if no allowed headers are specified, defaults to requested allowed headers', function (done) {
  446 + // arrange
  447 + var req, res, options;
  448 + options = {
  449 + };
  450 + req = fakeRequest();
  451 + req.method = 'OPTIONS';
  452 + res = fakeResponse();
  453 + res.end = function () {
  454 + // assert
  455 + res.getHeader('Access-Control-Allow-Headers').should.equal('requestedHeader1,requestedHeader2');
  456 + done();
  457 + };
  458 +
  459 + // act
  460 + cors(options)(req, res, null);
  461 + });
  462 +
  463 + it('can specify exposed headers', function (done) {
  464 + // arrange
  465 + var req, res, options, next;
  466 + options = {
  467 + exposedHeaders: ['custom-header1', 'custom-header2']
  468 + };
  469 + req = fakeRequest();
  470 + res = fakeResponse();
  471 + next = function () {
  472 + // assert
  473 + res.getHeader('Access-Control-Expose-Headers').should.equal('custom-header1,custom-header2');
  474 + done();
  475 + };
  476 +
  477 + // act
  478 + cors(options)(req, res, next);
  479 + });
  480 +
  481 + it('includes credentials if explicitly enabled', function (done) {
  482 + // arrange
  483 + var req, res, options;
  484 + options = {
  485 + credentials: true
  486 + };
  487 + req = fakeRequest();
  488 + req.method = 'OPTIONS';
  489 + res = fakeResponse();
  490 + res.end = function () {
  491 + // assert
  492 + res.getHeader('Access-Control-Allow-Credentials').should.equal('true');
  493 + done();
  494 + };
  495 +
  496 + // act
  497 + cors(options)(req, res, null);
  498 + });
  499 +
  500 + it('does not includes credentials unless explicitly enabled', function (done) {
  501 + // arrange
  502 + var req, res, next, options;
  503 + options = {
  504 + };
  505 + req = fakeRequest();
  506 + res = fakeResponse();
  507 + next = function () {
  508 + // assert
  509 + should.not.exist(res.getHeader('Access-Control-Allow-Credentials'));
  510 + done();
  511 + };
  512 +
  513 + // act
  514 + cors(options)(req, res, next);
  515 + });
  516 +
  517 + it('includes maxAge when specified', function (done) {
  518 + // arrange
  519 + var req, res, options;
  520 + options = {
  521 + maxAge: 456
  522 + };
  523 + req = fakeRequest();
  524 + req.method = 'OPTIONS';
  525 + res = fakeResponse();
  526 + res.end = function () {
  527 + // assert
  528 + res.getHeader('Access-Control-Max-Age').should.equal('456');
  529 + done();
  530 + };
  531 +
  532 + // act
  533 + cors(options)(req, res, null);
  534 + });
  535 +
  536 + it('does not includes maxAge unless specified', function (done) {
  537 + // arrange
  538 + var req, res, next, options;
  539 + options = {
  540 + };
  541 + req = fakeRequest();
  542 + res = fakeResponse();
  543 + next = function () {
  544 + // assert
  545 + should.not.exist(res.getHeader('Access-Control-Allow-Max-Age'));
  546 + done();
  547 + };
  548 +
  549 + // act
  550 + cors(options)(req, res, next);
  551 + });
  552 + });
  553 +
  554 + describe('passing a function to build options', function () {
  555 + it('handles options specified via callback', function (done) {
  556 + // arrange
  557 + var req, res, next, delegate;
  558 + /*jslint unparam: true*/ // `req` is part of the signature, but not used in this route
  559 + delegate = function (req, cb) {
  560 + cb(null, {
  561 + origin: 'delegate.com'
  562 + });
  563 + };
  564 + /*jslint unparam: false*/
  565 + req = fakeRequest();
  566 + res = fakeResponse();
  567 + next = function () {
  568 + // assert
  569 + res.getHeader('Access-Control-Allow-Origin').should.equal('delegate.com');
  570 + done();
  571 + };
  572 +
  573 + // act
  574 + cors(delegate)(req, res, next);
  575 + });
  576 +
  577 + it('handles error specified via callback', function (done) {
  578 + // arrange
  579 + var req, res, next, delegate;
  580 + /*jslint unparam: true*/ // `req` is part of the signature, but not used in this route
  581 + delegate = function (req, cb) {
  582 + cb('some error');
  583 + };
  584 + /*jslint unparam: false*/
  585 + req = fakeRequest();
  586 + res = fakeResponse();
  587 + next = function (err) {
  588 + // assert
  589 + err.should.equal('some error');
  590 + done();
  591 + };
  592 +
  593 + // act
  594 + cors(delegate)(req, res, next);
  595 + });
  596 + });
  597 + });
  598 +
  599 +}());
  600 +
... ...
node_modules/cors/test/error-response.js 0 → 100644
  Diff comments   View file @d98e7fb
... ... @@ -0,0 +1,87 @@
  1 +/*jslint indent: 2*/
  2 +/*global require: true, module: true, describe: true, it: true, setTimeout: true*/
  3 +
  4 +(function () {
  5 +
  6 + 'use strict';
  7 +
  8 + var should = require('should'),
  9 + express = require('express'),
  10 + supertest = require('supertest'),
  11 + cors = require('../lib'),
  12 + app;
  13 +
  14 + /* -------------------------------------------------------------------------- */
  15 +
  16 + app = express();
  17 + app.use(cors());
  18 +
  19 + /*jslint unparam: true*/ // `req` is part of the signature, but not used in these routes
  20 + app.post('/five-hundred', function (req, res, next) {
  21 + next(new Error('nope'));
  22 + });
  23 + /*jslint unparam: false*/
  24 +
  25 + /*jslint unparam: true*/ // `req` is part of the signature, but not used in these routes
  26 + app.post('/four-oh-one', function (req, res, next) {
  27 + next(new Error('401'));
  28 + });
  29 + /*jslint unparam: false*/
  30 +
  31 + /*jslint unparam: true*/ // `req` is part of the signature, but not used in these routes
  32 + app.post('/four-oh-four', function (req, res, next) {
  33 + next();
  34 + });
  35 + /*jslint unparam: false*/
  36 +
  37 + /*jslint unparam: true*/ // `req` is part of the signature, but not used in these routes
  38 + app.use(function (err, req, res, next) {
  39 + if (err.message === '401') {
  40 + res.status(401).send('unauthorized');
  41 + } else {
  42 + next(err);
  43 + }
  44 + });
  45 + /*jslint unparam: false*/
  46 +
  47 + /* -------------------------------------------------------------------------- */
  48 +
  49 + describe('error response', function () {
  50 + it('500', function (done) {
  51 + supertest(app)
  52 + .post('/five-hundred')
  53 + .expect(500)
  54 + .end(function (err, res) {
  55 + should.not.exist(err);
  56 + res.headers['access-control-allow-origin'].should.eql('*');
  57 + res.text.should.startWith('Error: nope');
  58 + done();
  59 + });
  60 + });
  61 +
  62 + it('401', function (done) {
  63 + supertest(app)
  64 + .post('/four-oh-one')
  65 + .expect(401)
  66 + .end(function (err, res) {
  67 + should.not.exist(err);
  68 + res.headers['access-control-allow-origin'].should.eql('*');
  69 + res.text.should.eql('unauthorized');
  70 + done();
  71 + });
  72 + });
  73 +
  74 + it('404', function (done) {
  75 + supertest(app)
  76 + .post('/four-oh-four')
  77 + .expect(404)
  78 + .end(function (err, res) {
  79 + should.not.exist(err);
  80 + res.headers['access-control-allow-origin'].should.eql('*');
  81 + done();
  82 + });
  83 + });
  84 + });
  85 +
  86 +}());
  87 +
... ...
node_modules/cors/test/example-app.js 0 → 100644
  Diff comments   View file @d98e7fb
... ... @@ -0,0 +1,104 @@
  1 +/*jslint indent: 2*/
  2 +/*global require: true, module: true, describe: true, it: true*/
  3 +
  4 +(function () {
  5 +
  6 + 'use strict';
  7 +
  8 + var should = require('should'),
  9 + express = require('express'),
  10 + supertest = require('supertest'),
  11 + cors = require('../lib'),
  12 + simpleApp,
  13 + complexApp;
  14 +
  15 + /* -------------------------------------------------------------------------- */
  16 +
  17 + simpleApp = express();
  18 + /*jslint unparam: true*/ // `req` is part of the signature, but not used in these routes
  19 + simpleApp.head('/', cors(), function (req, res) {
  20 + res.status(204).send();
  21 + });
  22 + simpleApp.get('/', cors(), function (req, res) {
  23 + res.send('Hello World (Get)');
  24 + });
  25 + simpleApp.post('/', cors(), function (req, res) {
  26 + res.send('Hello World (Post)');
  27 + });
  28 + /*jslint unparam: false*/
  29 +
  30 + /* -------------------------------------------------------------------------- */
  31 +
  32 + complexApp = express();
  33 + complexApp.options('/', cors());
  34 + /*jslint unparam: true*/ // `req` is part of the signature, but not used in this route
  35 + complexApp.delete('/', cors(), function (req, res) {
  36 + res.send('Hello World (Delete)');
  37 + });
  38 + /*jslint unparam: false*/
  39 +
  40 + /* -------------------------------------------------------------------------- */
  41 +
  42 + describe('example app(s)', function () {
  43 + describe('simple methods', function () {
  44 + it('GET works', function (done) {
  45 + supertest(simpleApp)
  46 + .get('/')
  47 + .expect(200)
  48 + .end(function (err, res) {
  49 + should.not.exist(err);
  50 + res.headers['access-control-allow-origin'].should.eql('*');
  51 + res.text.should.eql('Hello World (Get)');
  52 + done();
  53 + });
  54 + });
  55 + it('HEAD works', function (done) {
  56 + supertest(simpleApp)
  57 + .head('/')
  58 + .expect(204)
  59 + .end(function (err, res) {
  60 + should.not.exist(err);
  61 + res.headers['access-control-allow-origin'].should.eql('*');
  62 + done();
  63 + });
  64 + });
  65 + it('POST works', function (done) {
  66 + supertest(simpleApp)
  67 + .post('/')
  68 + .expect(200)
  69 + .end(function (err, res) {
  70 + should.not.exist(err);
  71 + res.headers['access-control-allow-origin'].should.eql('*');
  72 + res.text.should.eql('Hello World (Post)');
  73 + done();
  74 + });
  75 + });
  76 + });
  77 +
  78 + describe('complex methods', function () {
  79 + it('OPTIONS works', function (done) {
  80 + supertest(complexApp)
  81 + .options('/')
  82 + .expect(204)
  83 + .end(function (err, res) {
  84 + should.not.exist(err);
  85 + res.headers['access-control-allow-origin'].should.eql('*');
  86 + done();
  87 + });
  88 + });
  89 + it('DELETE works', function (done) {
  90 + supertest(complexApp)
  91 + .del('/')
  92 + .expect(200)
  93 + .end(function (err, res) {
  94 + should.not.exist(err);
  95 + res.headers['access-control-allow-origin'].should.eql('*');
  96 + res.text.should.eql('Hello World (Delete)');
  97 + done();
  98 + });
  99 + });
  100 + });
  101 + });
  102 +
  103 +}());
  104 +
... ...
node_modules/cors/test/issue-2.js 0 → 100644
  Diff comments   View file @d98e7fb
... ... @@ -0,0 +1,60 @@
  1 +/*jslint indent: 2*/
  2 +/*global require: true, module: true, describe: true, it: true*/
  3 +
  4 +(function () {
  5 +
  6 + 'use strict';
  7 +
  8 + var should = require('should'),
  9 + express = require('express'),
  10 + supertest = require('supertest'),
  11 + cors = require('../lib'),
  12 + app,
  13 + corsOptions;
  14 +
  15 + /* -------------------------------------------------------------------------- */
  16 +
  17 + app = express();
  18 + corsOptions = {
  19 + origin: true,
  20 + methods: ['POST'],
  21 + credentials: true,
  22 + maxAge: 3600
  23 + };
  24 + app.options('/api/login', cors(corsOptions));
  25 + /*jslint unparam: true*/ // `req` is part of the signature, but not used in this route
  26 + app.post('/api/login', cors(corsOptions), function (req, res) {
  27 + res.send('LOGIN');
  28 + });
  29 + /*jslint unparam: false*/
  30 +
  31 + /* -------------------------------------------------------------------------- */
  32 +
  33 + describe('issue #2', function () {
  34 + it('OPTIONS works', function (done) {
  35 + supertest(app)
  36 + .options('/api/login')
  37 + .expect(204)
  38 + .set('Origin', 'http://example.com')
  39 + .end(function (err, res) {
  40 + should.not.exist(err);
  41 + res.headers['access-control-allow-origin'].should.eql('http://example.com');
  42 + done();
  43 + });
  44 + });
  45 + it('POST works', function (done) {
  46 + supertest(app)
  47 + .post('/api/login')
  48 + .expect(200)
  49 + .set('Origin', 'http://example.com')
  50 + .end(function (err, res) {
  51 + should.not.exist(err);
  52 + res.headers['access-control-allow-origin'].should.eql('http://example.com');
  53 + res.text.should.eql('LOGIN');
  54 + done();
  55 + });
  56 + });
  57 + });
  58 +
  59 +}());
  60 +
... ...
node_modules/cors/test/issue-31.js 0 → 100644
  Diff comments   View file @d98e7fb
... ... @@ -0,0 +1,60 @@
  1 +/*jslint indent: 2*/
  2 +/*global require: true, module: true, describe: true, it: true*/
  3 +
  4 +(function () {
  5 +
  6 + 'use strict';
  7 +
  8 + var should = require('should'),
  9 + express = require('express'),
  10 + supertest = require('supertest'),
  11 + cors = require('../lib'),
  12 + app,
  13 + mainRouter,
  14 + itemsRouter;
  15 +
  16 + /* -------------------------------------------------------------------------- */
  17 +
  18 + itemsRouter = express.Router();
  19 + itemsRouter.get('/', function (req, res) {
  20 + res.send('hello world');
  21 + });
  22 +
  23 + mainRouter = express.Router();
  24 + mainRouter.use('/items', itemsRouter);
  25 +
  26 + app = express();
  27 + app.use(cors());
  28 + app.use(mainRouter);
  29 +
  30 + /* -------------------------------------------------------------------------- */
  31 +
  32 + describe('issue #31', function () {
  33 + it('OPTIONS works', function (done) {
  34 + supertest(app)
  35 + .options('/items')
  36 + .expect(204)
  37 + .set('Origin', 'http://example.com')
  38 + .end(function (err, res) {
  39 + should.not.exist(err);
  40 + res.headers['access-control-allow-origin'].should.eql('*');
  41 + done();
  42 + });
  43 + });
  44 +
  45 + it('GET works', function (done) {
  46 + supertest(app)
  47 + .get('/items')
  48 + .expect(200)
  49 + .set('Origin', 'http://example.com')
  50 + .end(function (err, res) {
  51 + should.not.exist(err);
  52 + res.headers['access-control-allow-origin'].should.eql('*');
  53 + res.text.should.eql('hello world');
  54 + done();
  55 + });
  56 + });
  57 + });
  58 +
  59 +}());
  60 +
... ...
node_modules/cors/test/mocha.opts 0 → 100644
  Diff comments   View file @d98e7fb
... ... @@ -0,0 +1,3 @@
  1 +--ui bdd
  2 +--reporter spec
  3 +--require should
... ...
server.js
  Diff comments   View file @d98e7fb
... ... @@ -2,6 +2,9 @@ var express = require(&#39;express&#39;);
2 2 var app = express();
3 3 var mongoose = require('mongoose');
4 4 var Schema = mongoose.Schema;
  5 +var cors = require('cors');
  6 +
  7 +app.use(cors());
5 8  
6 9 var bodyParser = require('body-parser');
7 10 //var methodOverride = require('method-override');
... ... @@ -62,5 +65,7 @@ app.delete(&#39;/todolist/:id&#39;, function(req, res){
62 65 });
63 66  
64 67  
  68 +
  69 +
65 70 app.listen(8080);
66 71 console.log("Server started on port 8080...");
67 72 \ No newline at end of file
... ...