walamana/minis-data-old
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added cors

Browse Source 
Signed-off-by: walamana <joniogerg@gmail.com>
This commit is contained in:
walamana
2018-08-23 15:04:49 +02:00
parent 9195e7b9f6
commit 901f838551
168 changed files with 28845 additions and 214 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
node_modules/cors/.eslintrc generated vendored Normal file
View File

@@ -0,0 +1,9 @@
{
"env": {
"node": true
},
"rules": {
"indent": [2, 2],
"quotes": "single"
}
}

4
node_modules/cors/.npmignore generated vendored Normal file
View File

@@ -0,0 +1,4 @@
coverage
node_modules
npm-debug.log
package-lock.json

19
node_modules/cors/.travis.yml generated vendored Normal file
View File

@@ -0,0 +1,19 @@
language: node_js
node_js:
- "0.10"
- "4.8"
- "6.11"
- "8.1"
sudo: false
cache:
directories:
- node_modules
before_install:
# Skip updating shrinkwrap / lock
- "npm config set shrinkwrap false"
# Update Node.js modules
- "test ! -d node_modules || npm prune"
- "test ! -d node_modules || npm rebuild"
after_script:
# Report coverage
- "test -e ./coverage/lcov.info && npm install coveralls@2 && cat ./coverage/lcov.info | coveralls"

33
node_modules/cors/CONTRIBUTING.md generated vendored Normal file
View File

@@ -0,0 +1,33 @@
# contributing to `cors`
CORS is a node.js package for providing a [connect](http://www.senchalabs.org/connect/)/[express](http://expressjs.com/) middleware that can be used to enable [CORS](http://en.wikipedia.org/wiki/Cross-origin_resource_sharing) with various options. Learn more about the project in [the README](README.md).
## The CORS Spec
[http://www.w3.org/TR/cors/](http://www.w3.org/TR/cors/)
## Pull Requests Welcome
* Include `'use strict';` in every javascript file.
* 2 space indentation.
* Please run the testing steps below before submitting.
## Testing
```bash
$ npm install
$ npm test
```
## Interactive Testing Harness
[http://node-cors-client.herokuapp.com](http://node-cors-client.herokuapp.com)
Related git repositories:
* [https://github.com/TroyGoode/node-cors-server](https://github.com/TroyGoode/node-cors-server)
* [https://github.com/TroyGoode/node-cors-client](https://github.com/TroyGoode/node-cors-client)
## License
[MIT License](http://www.opensource.org/licenses/mit-license.php)

53
node_modules/cors/HISTORY.md generated vendored Normal file
View File

@@ -0,0 +1,53 @@
2.8.4 / 2017-07-12
==================
* Work-around Safari bug in default pre-flight response
2.8.3 / 2017-03-29
==================
* Fix error when options delegate missing `methods` option
2.8.2 / 2017-03-28
==================
* Fix error when frozen options are passed
* Send "Vary: Origin" when using regular expressions
* Send "Vary: Access-Control-Request-Headers" when dynamic `allowedHeaders`
2.8.1 / 2016-09-08
==================
This release only changed documentation.
2.8.0 / 2016-08-23
==================
* Add `optionsSucccessCode` option
2.7.2 / 2016-08-23
==================
* Fix error when Node.js running in strict mode
2.7.1 / 2015-05-28
==================
* Move module into expressjs organization
2.7.0 / 2015-05-28
==================
* Allow array of matching condition as `origin` option
* Allow regular expression as `origin` option
2.6.1 / 2015-05-28
==================
* Update `license` in pacakge.json
2.6.0 / 2015-04-27
==================
* Add `preflightContinue` option
* Fix "Vary: Origin" header added for "*"

9
node_modules/cors/LICENSE generated vendored Normal file
View File

@@ -0,0 +1,9 @@
The MIT License (MIT)
Copyright (c) 2013 Troy Goode <troygoode@gmail.com>
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

228
node_modules/cors/README.md generated vendored Normal file
View File

@@ -0,0 +1,228 @@
# cors
[![NPM Version][npm-image]][npm-url]
[![NPM Downloads][downloads-image]][downloads-url]
[![Build Status][travis-image]][travis-url]
[![Test Coverage][coveralls-image]][coveralls-url]
CORS is a node.js package for providing a [Connect](http://www.senchalabs.org/connect/)/[Express](http://expressjs.com/) middleware that can be used to enable [CORS](http://en.wikipedia.org/wiki/Cross-origin_resource_sharing) with various options.
**[Follow me (@troygoode) on Twitter!](https://twitter.com/intent/user?screen_name=troygoode)**
* [Installation](#installation)
* [Usage](#usage)
* [Simple Usage](#simple-usage-enable-all-cors-requests)
* [Enable CORS for a Single Route](#enable-cors-for-a-single-route)
* [Configuring CORS](#configuring-cors)
* [Configuring CORS Asynchronously](#configuring-cors-asynchronously)
* [Enabling CORS Pre-Flight](#enabling-cors-pre-flight)
* [Configuration Options](#configuration-options)
* [Demo](#demo)
* [License](#license)
* [Author](#author)
## Installation
This is a [Node.js](https://nodejs.org/en/) module available through the
[npm registry](https://www.npmjs.com/). Installation is done using the
[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
```sh
$ npm install cors
```
## Usage
### Simple Usage (Enable *All* CORS Requests)
```javascript
var express = require('express')
var cors = require('cors')
var app = express()
app.use(cors())
app.get('/products/:id', function (req, res, next) {
res.json({msg: 'This is CORS-enabled for all origins!'})
})
app.listen(80, function () {
console.log('CORS-enabled web server listening on port 80')
})
```
### Enable CORS for a Single Route
```javascript
var express = require('express')
var cors = require('cors')
var app = express()
app.get('/products/:id', cors(), function (req, res, next) {
res.json({msg: 'This is CORS-enabled for a Single Route'})
})
app.listen(80, function () {
console.log('CORS-enabled web server listening on port 80')
})
```
### Configuring CORS
```javascript
var express = require('express')
var cors = require('cors')
var app = express()
var corsOptions = {
origin: 'http://example.com',
optionsSuccessStatus: 200 // some legacy browsers (IE11, various SmartTVs) choke on 204
}
app.get('/products/:id', cors(corsOptions), function (req, res, next) {
res.json({msg: 'This is CORS-enabled for only example.com.'})
})
app.listen(80, function () {
console.log('CORS-enabled web server listening on port 80')
})
```
### Configuring CORS w/ Dynamic Origin
```javascript
var express = require('express')
var cors = require('cors')
var app = express()
var whitelist = ['http://example1.com', 'http://example2.com']
var corsOptions = {
origin: function (origin, callback) {
if (whitelist.indexOf(origin) !== -1) {
callback(null, true)
} else {
callback(new Error('Not allowed by CORS'))
}
}
}
app.get('/products/:id', cors(corsOptions), function (req, res, next) {
res.json({msg: 'This is CORS-enabled for a whitelisted domain.'})
})
app.listen(80, function () {
console.log('CORS-enabled web server listening on port 80')
})
```
### Enabling CORS Pre-Flight
Certain CORS requests are considered 'complex' and require an initial
`OPTIONS` request (called the "pre-flight request"). An example of a
'complex' CORS request is one that uses an HTTP verb other than
GET/HEAD/POST (such as DELETE) or that uses custom headers. To enable
pre-flighting, you must add a new OPTIONS handler for the route you want
to support:
```javascript
var express = require('express')
var cors = require('cors')
var app = express()
app.options('/products/:id', cors()) // enable pre-flight request for DELETE request
app.del('/products/:id', cors(), function (req, res, next) {
res.json({msg: 'This is CORS-enabled for all origins!'})
})
app.listen(80, function () {
console.log('CORS-enabled web server listening on port 80')
})
```
You can also enable pre-flight across-the-board like so:
```javascript
app.options('*', cors()) // include before other routes
```
### Configuring CORS Asynchronously
```javascript
var express = require('express')
var cors = require('cors')
var app = express()
var whitelist = ['http://example1.com', 'http://example2.com']
var corsOptionsDelegate = function (req, callback) {
var corsOptions;
if (whitelist.indexOf(req.header('Origin')) !== -1) {
corsOptions = { origin: true } // reflect (enable) the requested origin in the CORS response
}else{
corsOptions = { origin: false } // disable CORS for this request
}
callback(null, corsOptions) // callback expects two parameters: error and options
}
app.get('/products/:id', cors(corsOptionsDelegate), function (req, res, next) {
res.json({msg: 'This is CORS-enabled for a whitelisted domain.'})
})
app.listen(80, function () {
console.log('CORS-enabled web server listening on port 80')
})
```
## Configuration Options
* `origin`: Configures the **Access-Control-Allow-Origin** CORS header. Possible values:
- `Boolean` - set `origin` to `true` to reflect the [request origin](http://tools.ietf.org/html/draft-abarth-origin-09), as defined by `req.header('Origin')`, or set it to `false` to disable CORS.
- `String` - set `origin` to a specific origin. For example if you set it to `"http://example.com"` only requests from "http://example.com" will be allowed.
- `RegExp` - set `origin` to a regular expression pattern which will be used to test the request origin. If it's a match, the request origin will be reflected. For example the pattern `/example\.com$/` will reflect any request that is coming from an origin ending with "example.com".
- `Array` - set `origin` to an array of valid origins. Each origin can be a `String` or a `RegExp`. For example `["http://example1.com", /\.example2\.com$/]` will accept any request from "http://example1.com" or from a subdomain of "example2.com".
- `Function` - set `origin` to a function implementing some custom logic. The function takes the request origin as the first parameter and a callback (which expects the signature `err [object], allow [bool]`) as the second.
* `methods`: Configures the **Access-Control-Allow-Methods** CORS header. Expects a comma-delimited string (ex: 'GET,PUT,POST') or an array (ex: `['GET', 'PUT', 'POST']`).
* `allowedHeaders`: Configures the **Access-Control-Allow-Headers** CORS header. Expects a comma-delimited string (ex: 'Content-Type,Authorization') or an array (ex: `['Content-Type', 'Authorization']`). If not specified, defaults to reflecting the headers specified in the request's **Access-Control-Request-Headers** header.
* `exposedHeaders`: Configures the **Access-Control-Expose-Headers** CORS header. Expects a comma-delimited string (ex: 'Content-Range,X-Content-Range') or an array (ex: `['Content-Range', 'X-Content-Range']`). If not specified, no custom headers are exposed.
* `credentials`: Configures the **Access-Control-Allow-Credentials** CORS header. Set to `true` to pass the header, otherwise it is omitted.
* `maxAge`: Configures the **Access-Control-Max-Age** CORS header. Set to an integer to pass the header, otherwise it is omitted.
* `preflightContinue`: Pass the CORS preflight response to the next handler.
* `optionsSuccessStatus`: Provides a status code to use for successful `OPTIONS` requests, since some legacy browsers (IE11, various SmartTVs) choke on `204`.
The default configuration is the equivalent of:
```json
{
"origin": "*",
"methods": "GET,HEAD,PUT,PATCH,POST,DELETE",
"preflightContinue": false,
"optionsSuccessStatus": 204
}
```
For details on the effect of each CORS header, read [this](http://www.html5rocks.com/en/tutorials/cors/) article on HTML5 Rocks.
## Demo
A demo that illustrates CORS working (and not working) using jQuery is available here: [http://node-cors-client.herokuapp.com/](http://node-cors-client.herokuapp.com/)
Code for that demo can be found here:
* Client: [https://github.com/TroyGoode/node-cors-client](https://github.com/TroyGoode/node-cors-client)
* Server: [https://github.com/TroyGoode/node-cors-server](https://github.com/TroyGoode/node-cors-server)
## License
[MIT License](http://www.opensource.org/licenses/mit-license.php)
## Author
[Troy Goode](https://github.com/TroyGoode) ([troygoode@gmail.com](mailto:troygoode@gmail.com))
[coveralls-image]: https://img.shields.io/coveralls/expressjs/cors/master.svg
[coveralls-url]: https://coveralls.io/r/expressjs/cors?branch=master
[downloads-image]: https://img.shields.io/npm/dm/cors.svg
[downloads-url]: https://npmjs.org/package/cors
[npm-image]: https://img.shields.io/npm/v/cors.svg
[npm-url]: https://npmjs.org/package/cors
[travis-image]: https://img.shields.io/travis/expressjs/cors/master.svg
[travis-url]: https://travis-ci.org/expressjs/cors

238
node_modules/cors/lib/index.js generated vendored Normal file
View File

@@ -0,0 +1,238 @@
(function () {
'use strict';
var assign = require('object-assign');
var vary = require('vary');
var defaults = {
origin: '*',
methods: 'GET,HEAD,PUT,PATCH,POST,DELETE',
preflightContinue: false,
optionsSuccessStatus: 204
};
function isString(s) {
return typeof s === 'string' || s instanceof String;
}
function isOriginAllowed(origin, allowedOrigin) {
if (Array.isArray(allowedOrigin)) {
for (var i = 0; i < allowedOrigin.length; ++i) {
if (isOriginAllowed(origin, allowedOrigin[i])) {
return true;
}
}
return false;
} else if (isString(allowedOrigin)) {
return origin === allowedOrigin;
} else if (allowedOrigin instanceof RegExp) {
return allowedOrigin.test(origin);
} else {
return !!allowedOrigin;
}
}
function configureOrigin(options, req) {
var requestOrigin = req.headers.origin,
headers = [],
isAllowed;
if (!options.origin || options.origin === '*') {
// allow any origin
headers.push([{
key: 'Access-Control-Allow-Origin',
value: '*'
}]);
} else if (isString(options.origin)) {
// fixed origin
headers.push([{
key: 'Access-Control-Allow-Origin',
value: options.origin
}]);
headers.push([{
key: 'Vary',
value: 'Origin'
}]);
} else {
isAllowed = isOriginAllowed(requestOrigin, options.origin);
// reflect origin
headers.push([{
key: 'Access-Control-Allow-Origin',
value: isAllowed ? requestOrigin : false
}]);
headers.push([{
key: 'Vary',
value: 'Origin'
}]);
}
return headers;
}
function configureMethods(options) {
var methods = options.methods;
if (methods.join) {
methods = options.methods.join(','); // .methods is an array, so turn it into a string
}
return {
key: 'Access-Control-Allow-Methods',
value: methods
};
}
function configureCredentials(options) {
if (options.credentials === true) {
return {
key: 'Access-Control-Allow-Credentials',
value: 'true'
};
}
return null;
}
function configureAllowedHeaders(options, req) {
var allowedHeaders = options.allowedHeaders || options.headers;
var headers = [];
if (!allowedHeaders) {
allowedHeaders = req.headers['access-control-request-headers']; // .headers wasn't specified, so reflect the request headers
headers.push([{
key: 'Vary',
value: 'Access-Control-Request-Headers'
}]);
} else if (allowedHeaders.join) {
allowedHeaders = allowedHeaders.join(','); // .headers is an array, so turn it into a string
}
if (allowedHeaders && allowedHeaders.length) {
headers.push([{
key: 'Access-Control-Allow-Headers',
value: allowedHeaders
}]);
}
return headers;
}
function configureExposedHeaders(options) {
var headers = options.exposedHeaders;
if (!headers) {
return null;
} else if (headers.join) {
headers = headers.join(','); // .headers is an array, so turn it into a string
}
if (headers && headers.length) {
return {
key: 'Access-Control-Expose-Headers',
value: headers
};
}
return null;
}
function configureMaxAge(options) {
var maxAge = options.maxAge && options.maxAge.toString();
if (maxAge && maxAge.length) {
return {
key: 'Access-Control-Max-Age',
value: maxAge
};
}
return null;
}
function applyHeaders(headers, res) {
for (var i = 0, n = headers.length; i < n; i++) {
var header = headers[i];
if (header) {
if (Array.isArray(header)) {
applyHeaders(header, res);
} else if (header.key === 'Vary' && header.value) {
vary(res, header.value);
} else if (header.value) {
res.setHeader(header.key, header.value);
}
}
}
}
function cors(options, req, res, next) {
var headers = [],
method = req.method && req.method.toUpperCase && req.method.toUpperCase();
if (method === 'OPTIONS') {
// preflight
headers.push(configureOrigin(options, req));
headers.push(configureCredentials(options, req));
headers.push(configureMethods(options, req));
headers.push(configureAllowedHeaders(options, req));
headers.push(configureMaxAge(options, req));
headers.push(configureExposedHeaders(options, req));
applyHeaders(headers, res);
if (options.preflightContinue ) {
next();
} else {
// Safari (and potentially other browsers) need content-length 0,
// for 204 or they just hang waiting for a body
res.statusCode = options.optionsSuccessStatus || defaults.optionsSuccessStatus;
res.setHeader('Content-Length', '0');
res.end();
}
} else {
// actual response
headers.push(configureOrigin(options, req));
headers.push(configureCredentials(options, req));
headers.push(configureExposedHeaders(options, req));
applyHeaders(headers, res);
next();
}
}
function middlewareWrapper(o) {
// if options are static (either via defaults or custom options passed in), wrap in a function
var optionsCallback = null;
if (typeof o === 'function') {
optionsCallback = o;
} else {
optionsCallback = function (req, cb) {
cb(null, o);
};
}
return function corsMiddleware(req, res, next) {
optionsCallback(req, function (err, options) {
if (err) {
next(err);
} else {
var corsOptions = assign({}, defaults, options);
var originCallback = null;
if (corsOptions.origin && typeof corsOptions.origin === 'function') {
originCallback = corsOptions.origin;
} else if (corsOptions.origin) {
originCallback = function (origin, cb) {
cb(null, corsOptions.origin);
};
}
if (originCallback) {
originCallback(req.headers.origin, function (err2, origin) {
if (err2 || !origin) {
next(err2);
} else {
corsOptions.origin = origin;
cors(corsOptions, req, res, next);
}
});
} else {
next();
}
}
});
};
}
// can pass either an options hash, an options delegate, or nothing
module.exports = middlewareWrapper;
}());

73
node_modules/cors/package.json generated vendored Normal file
View File

@@ -0,0 +1,73 @@
{
"_from": "cors",
"_id": "cors@2.8.4",
"_inBundle": false,
"_integrity": "sha1-K9OB8usgECAQXNUOpZ2mMJBpRoY=",
"_location": "/cors",
"_phantomChildren": {},
"_requested": {
"type": "tag",
"registry": true,
"raw": "cors",
"name": "cors",
"escapedName": "cors",
"rawSpec": "",
"saveSpec": null,
"fetchSpec": "latest"
},
"_requiredBy": [
"#USER",
"/"
],
"_resolved": "https://registry.npmjs.org/cors/-/cors-2.8.4.tgz",
"_shasum": "2bd381f2eb201020105cd50ea59da63090694686",
"_spec": "cors",
"_where": "C:\\Users\\jonio\\Documents\\Programmieren\\Miniportal\\Neu\\MiniportalAPI",
"author": {
"name": "Troy Goode",
"email": "troygoode@gmail.com",
"url": "https://github.com/troygoode/"
},
"bugs": {
"url": "https://github.com/expressjs/cors/issues"
},
"bundleDependencies": false,
"dependencies": {
"object-assign": "^4",
"vary": "^1"
},
"deprecated": false,
"description": "Node.js CORS middleware",
"devDependencies": {
"basic-auth-connect": "^1.0.0",
"body-parser": "^1.12.4",
"eslint": "^0.21.2",
"express": "^4.12.4",
"istanbul": "^0.4.5",
"mocha": "3.4.2",
"should": "11.2.1",
"supertest": "3.0.0"
},
"engines": {
"node": ">=0.10.0"
},
"homepage": "https://github.com/expressjs/cors#readme",
"keywords": [
"cors",
"express",
"connect",
"middleware"
],
"license": "MIT",
"main": "./lib/index.js",
"name": "cors",
"repository": {
"type": "git",
"url": "git+https://github.com/expressjs/cors.git"
},
"scripts": {
"lint": "eslint lib test",
"test": "npm run lint && istanbul cover node_modules/mocha/bin/_mocha"
},
"version": "2.8.4"
}

40
node_modules/cors/test/basic-auth.js generated vendored Normal file
View File

@@ -0,0 +1,40 @@
(function () {
/*global describe, it*/
'use strict';
var should = require('should'),
express = require('express'),
supertest = require('supertest'),
basicAuth = require('basic-auth-connect'),
cors = require('../lib');
var app;
/* -------------------------------------------------------------------------- */
app = express();
app.use(basicAuth('username', 'password'));
app.use(cors());
app.post('/', function (req, res) {
res.send('hello world');
});
/* -------------------------------------------------------------------------- */
describe('basic auth', function () {
it('POST works', function (done) {
supertest(app)
.post('/')
.auth('username', 'password')
.expect(200)
.end(function (err, res) {
should.not.exist(err);
res.headers['access-control-allow-origin'].should.eql('*');
res.text.should.eql('hello world');
done();
});
});
});
}());

81
node_modules/cors/test/body-events.js generated vendored Normal file
View File

@@ -0,0 +1,81 @@
(function () {
/*global describe, it*/
'use strict';
var should = require('should'),
express = require('express'),
supertest = require('supertest'),
bodyParser = require('body-parser'),
cors = require('../lib');
var dynamicOrigin,
app1,
app2,
text = 'Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed justo turpis, tempor id sem fringilla, cursus tristique purus. Mauris a sollicitudin magna. Etiam dui lacus, vehicula non dictum at, cursus vitae libero. Curabitur lorem nulla, sollicitudin id enim ut, vehicula rhoncus felis. Ut nec iaculis velit. Vivamus at augue nulla. Fusce at molestie arcu. Duis at dui at tellus mattis tincidunt. Vestibulum sit amet dictum metus. Curabitur nec pretium ante. Proin vulputate elit ac lorem gravida, sit amet placerat lorem fringilla. Mauris fermentum, diam et volutpat auctor, ante enim imperdiet purus, sit amet tincidunt ipsum nulla nec est. Fusce id ipsum in sem malesuada laoreet vitae non magna. Praesent commodo turpis in nulla egestas, eu posuere magna venenatis. Integer in aliquam sem. Fusce quis lorem tincidunt eros rutrum lobortis.\n\nNam aliquam cursus ipsum, a hendrerit purus. Cras ultrices viverra nunc ac lacinia. Sed sed diam orci. Vestibulum ut orci a nibh scelerisque pretium. Sed suscipit vestibulum metus, ac ultricies leo sodales a. Aliquam erat volutpat. Vestibulum mauris massa, luctus et libero vel, cursus suscipit nulla. Cras sed erat quis massa fermentum congue. Mauris ultrices sem ligula, id malesuada lectus tincidunt eget. Donec sed nisl elit. Aenean ac lobortis massa. Phasellus felis nisl, dictum a dui volutpat, dictum sagittis diam. Vestibulum lacinia tellus vel commodo consequat.\n\nNulla at varius nibh, non posuere enim. Curabitur urna est, ultrices vel sem nec, consequat molestie nisi. Aliquam sed augue sit amet ante viverra pretium. Cras aliquam turpis vitae eros gravida egestas. Etiam quis dolor non quam suscipit iaculis. Sed euismod est libero, ac ullamcorper elit hendrerit vitae. Vivamus sollicitudin nulla dolor, vitae porta lacus suscipit ac.\n\nSed volutpat, magna in scelerisque dapibus, eros ante volutpat nisi, ac condimentum diam sem sed justo. Aenean justo risus, bibendum vitae blandit ac, mattis quis nunc. Quisque non felis nec justo auctor accumsan non id odio. Mauris vel dui feugiat dolor dapibus convallis in et neque. Phasellus fermentum sollicitudin tortor ac pretium. Proin tristique accumsan nulla eu venenatis. Cras porta lorem ac arcu accumsan pulvinar. Sed dignissim leo augue, a pretium ante viverra id. Phasellus blandit at purus a malesuada. Nam et cursus mauris. Vivamus accumsan augue laoreet lectus lacinia eleifend. Fusce sit amet felis nunc. Pellentesque eu turpis nisl.\n\nPellentesque vitae quam feugiat, volutpat lectus et, faucibus massa. Maecenas consectetur quis nisi eu aliquam. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Etiam laoreet condimentum laoreet. Praesent sit amet massa sit amet dui porta condimentum. Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia Curae; Sed volutpat massa nec risus malesuada hendrerit.';
/* -------------------------------------------------------------------------- */
dynamicOrigin = function (origin, cb) {
setTimeout(function () {
cb(null, true);
}, 200);
};
/* -------------------------------------------------------------------------- */
app1 = express();
app1.use(cors({origin: dynamicOrigin}));
app1.use(bodyParser.json());
app1.post('/', function (req, res) {
res.send(req.body);
});
/* -------------------------------------------------------------------------- */
app2 = express();
app2.use(bodyParser.json());
app2.use(cors({origin: dynamicOrigin}));
app2.post('/', function (req, res) {
res.send(req.body);
});
/* -------------------------------------------------------------------------- */
describe('body-parser-events', function () {
describe('app1 (cors before bodyparser)', function () {
it('POST works', function (done) {
var body = {
example: text
};
supertest(app1)
.post('/')
.send(body)
.expect(200)
.end(function (err, res) {
should.not.exist(err);
res.body.should.eql(body);
done();
});
});
});
describe('app2 (bodyparser before cors)', function () {
it('POST works', function (done) {
var body = {
example: text
};
supertest(app2)
.post('/')
.send(body)
.expect(200)
.end(function (err, res) {
should.not.exist(err);
res.body.should.eql(body);
done();
});
});
});
});
}());

747
node_modules/cors/test/cors.js generated vendored Normal file
View File

@@ -0,0 +1,747 @@
(function () {
/*global describe, it*/
'use strict';
var should = require('should'),
cors = require('../lib');
var fakeRequest = function (headers) {
return {
headers: headers || {
'origin': 'request.com',
'access-control-request-headers': 'requestedHeader1,requestedHeader2'
},
pause: function () {
// do nothing
return;
},
resume: function () {
// do nothing
return;
}
};
},
fakeResponse = function () {
var headers = {};
return {
allHeaders: function () {
return headers;
},
getHeader: function (key) {
return headers[key];
},
setHeader: function (key, value) {
headers[key] = value;
return;
},
get: function (key) {
return headers[key];
}
};
};
describe('cors', function () {
it('does not alter `options` configuration object', function () {
var options = Object.freeze({
origin: 'custom-origin'
});
(function () {
cors(options);
}).should.not.throw();
});
it('passes control to next middleware', function (done) {
// arrange
var req, res, next;
req = fakeRequest();
res = fakeResponse();
next = function () {
done();
};
// act
cors()(req, res, next);
});
it('shortcircuits preflight requests', function (done) {
// arrange
var req, res, next;
req = fakeRequest();
req.method = 'OPTIONS';
res = fakeResponse();
res.end = function () {
// assert
res.statusCode.should.equal(204);
done();
};
next = function () {
// assert
done('should not be called');
};
// act
cors()(req, res, next);
});
it('can configure preflight success response status code', function (done) {
// arrange
var req, res, next;
req = fakeRequest();
req.method = 'OPTIONS';
res = fakeResponse();
res.end = function () {
// assert
res.statusCode.should.equal(200);
done();
};
next = function () {
// assert
done('should not be called');
};
// act
cors({optionsSuccessStatus: 200})(req, res, next);
});
it('doesn\'t shortcircuit preflight requests with preflightContinue option', function (done) {
// arrange
var req, res, next;
req = fakeRequest();
req.method = 'OPTIONS';
res = fakeResponse();
res.end = function () {
// assert
done('should not be called');
};
next = function () {
// assert
done();
};
// act
cors({preflightContinue: true})(req, res, next);
});
it('normalizes method names', function (done) {
// arrange
var req, res, next;
req = fakeRequest();
req.method = 'options';
res = fakeResponse();
res.end = function () {
// assert
res.statusCode.should.equal(204);
done();
};
next = function () {
// assert
done('should not be called');
};
// act
cors()(req, res, next);
});
it('includes Content-Length response header', function (done) {
// arrange
var req, res, next;
req = fakeRequest();
req.method = 'options';
res = fakeResponse();
res.end = function () {
// assert
res.getHeader('Content-Length').should.equal('0');
done();
};
next = function () {
// assert
done('should not be called');
};
// act
cors()(req, res, next);
});
it('no options enables default CORS to all origins', function (done) {
// arrange
var req, res, next;
req = fakeRequest();
res = fakeResponse();
next = function () {
// assert
res.getHeader('Access-Control-Allow-Origin').should.equal('*');
should.not.exist(res.getHeader('Access-Control-Allow-Methods'));
done();
};
// act
cors()(req, res, next);
});
it('OPTION call with no options enables default CORS to all origins and methods', function (done) {
// arrange
var req, res, next;
req = fakeRequest();
req.method = 'OPTIONS';
res = fakeResponse();
res.end = function () {
// assert
res.statusCode.should.equal(204);
done();
};
next = function () {
// assert
res.getHeader('Access-Control-Allow-Origin').should.equal('*');
res.getHeader('Access-Control-Allow-Methods').should.equal('GET,PUT,PATCH,POST,DELETE');
done();
};
// act
cors()(req, res, next);
});
describe('passing static options', function () {
it('overrides defaults', function (done) {
// arrange
var req, res, next, options;
options = {
origin: 'example.com',
methods: ['FOO', 'bar'],
headers: ['FIZZ', 'buzz'],
credentials: true,
maxAge: 123
};
req = fakeRequest();
req.method = 'OPTIONS';
res = fakeResponse();
res.end = function () {
// assert
res.statusCode.should.equal(204);
done();
};
next = function () {
// assert
res.getHeader('Access-Control-Allow-Origin').should.equal('example.com');
res.getHeader('Access-Control-Allow-Methods').should.equal('FOO,bar');
res.getHeader('Access-Control-Allow-Headers').should.equal('FIZZ,buzz');
res.getHeader('Access-Control-Allow-Credentials').should.equal('true');
res.getHeader('Access-Control-Max-Age').should.equal('123');
done();
};
// act
cors(options)(req, res, next);
});
it('matches request origin against regexp', function(done) {
var req = fakeRequest();
var res = fakeResponse();
var options = { origin: /^(.+\.)?request.com$/ };
cors(options)(req, res, function(err) {
should.not.exist(err);
res.getHeader('Access-Control-Allow-Origin').should.equal(req.headers.origin);
should.exist(res.getHeader('Vary'));
res.getHeader('Vary').should.equal('Origin');
return done();
});
});
it('matches request origin against array of origin checks', function(done) {
var req = fakeRequest();
var res = fakeResponse();
var options = { origin: [ /foo\.com$/, 'request.com' ] };
cors(options)(req, res, function(err) {
should.not.exist(err);
res.getHeader('Access-Control-Allow-Origin').should.equal(req.headers.origin);
should.exist(res.getHeader('Vary'));
res.getHeader('Vary').should.equal('Origin');
return done();
});
});
it('doesn\'t match request origin against array of invalid origin checks', function(done) {
var req = fakeRequest();
var res = fakeResponse();
var options = { origin: [ /foo\.com$/, 'bar.com' ] };
cors(options)(req, res, function(err) {
should.not.exist(err);
should.not.exist(res.getHeader('Access-Control-Allow-Origin'));
should.exist(res.getHeader('Vary'));
res.getHeader('Vary').should.equal('Origin');
return done();
});
});
it('origin of false disables cors', function (done) {
// arrange
var req, res, next, options;
options = {
origin: false,
methods: ['FOO', 'bar'],
headers: ['FIZZ', 'buzz'],
credentials: true,
maxAge: 123
};
req = fakeRequest();
res = fakeResponse();
next = function () {
// assert
should.not.exist(res.getHeader('Access-Control-Allow-Origin'));
should.not.exist(res.getHeader('Access-Control-Allow-Methods'));
should.not.exist(res.getHeader('Access-Control-Allow-Headers'));
should.not.exist(res.getHeader('Access-Control-Allow-Credentials'));
should.not.exist(res.getHeader('Access-Control-Max-Age'));
done();
};
// act
cors(options)(req, res, next);
});
it('can override origin', function (done) {
// arrange
var req, res, next, options;
options = {
origin: 'example.com'
};
req = fakeRequest();
res = fakeResponse();
next = function () {
// assert
res.getHeader('Access-Control-Allow-Origin').should.equal('example.com');
done();
};
// act
cors(options)(req, res, next);
});
it('includes Vary header for specific origins', function (done) {
// arrange
var req, res, next, options;
options = {
origin: 'example.com'
};
req = fakeRequest();
res = fakeResponse();
next = function () {
// assert
should.exist(res.getHeader('Vary'));
res.getHeader('Vary').should.equal('Origin');
done();
};
// act
cors(options)(req, res, next);
});
it('appends to an existing Vary header', function (done) {
// arrange
var req, res, next, options;
options = {
origin: 'example.com'
};
req = fakeRequest();
res = fakeResponse();
res.setHeader('Vary', 'Foo');
next = function () {
// assert
res.getHeader('Vary').should.equal('Foo, Origin');
done();
};
// act
cors(options)(req, res, next);
});
it('origin defaults to *', function (done) {
// arrange
var req, res, next, options;
options = {
};
req = fakeRequest();
res = fakeResponse();
next = function () {
// assert
res.getHeader('Access-Control-Allow-Origin').should.equal('*');
done();
};
// act
cors(options)(req, res, next);
});
it('specifying true for origin reflects requesting origin', function (done) {
// arrange
var req, res, next, options;
options = {
origin: true
};
req = fakeRequest();
res = fakeResponse();
next = function () {
// assert
res.getHeader('Access-Control-Allow-Origin').should.equal('request.com');
done();
};
// act
cors(options)(req, res, next);
});
it('should allow origin when callback returns true', function (done) {
var req, res, next, options;
options = {
origin: function (sentOrigin, cb) {
sentOrigin.should.equal('request.com');
cb(null, true);
}
};
req = fakeRequest();
res = fakeResponse();
next = function () {
res.getHeader('Access-Control-Allow-Origin').should.equal('request.com');
done();
};
cors(options)(req, res, next);
});
it('should not allow origin when callback returns false', function (done) {
var req, res, next, options;
options = {
origin: function (sentOrigin, cb) {
sentOrigin.should.equal('request.com');
cb(null, false);
}
};
req = fakeRequest();
res = fakeResponse();
next = function () {
should.not.exist(res.getHeader('Access-Control-Allow-Origin'));
should.not.exist(res.getHeader('Access-Control-Allow-Methods'));
should.not.exist(res.getHeader('Access-Control-Allow-Headers'));
should.not.exist(res.getHeader('Access-Control-Allow-Credentials'));
should.not.exist(res.getHeader('Access-Control-Max-Age'));
done();
};
cors(options)(req, res, next);
});
it('should not override options.origin callback', function (done) {
var req, res, next, options;
options = {
origin: function (sentOrigin, cb) {
var isValid = sentOrigin === 'request.com';
cb(null, isValid);
}
};
req = fakeRequest();
res = fakeResponse();
next = function () {
res.getHeader('Access-Control-Allow-Origin').should.equal('request.com');
};
cors(options)(req, res, next);
req = fakeRequest({
'origin': 'invalid-request.com'
});
res = fakeResponse();
next = function () {
should.not.exist(res.getHeader('Access-Control-Allow-Origin'));
should.not.exist(res.getHeader('Access-Control-Allow-Methods'));
should.not.exist(res.getHeader('Access-Control-Allow-Headers'));
should.not.exist(res.getHeader('Access-Control-Allow-Credentials'));
should.not.exist(res.getHeader('Access-Control-Max-Age'));
done();
};
cors(options)(req, res, next);
});
it('can override methods', function (done) {
// arrange
var req, res, next, options;
options = {
methods: ['method1', 'method2']
};
req = fakeRequest();
req.method = 'OPTIONS';
res = fakeResponse();
res.end = function () {
// assert
res.statusCode.should.equal(204);
done();
};
next = function () {
// assert
res.getHeader('Access-Control-Allow-Methods').should.equal('method1,method2');
done();
};
// act
cors(options)(req, res, next);
});
it('methods defaults to GET, PUT, PATCH, POST, DELETE', function (done) {
// arrange
var req, res, next, options;
options = {
};
req = fakeRequest();
req.method = 'OPTIONS';
res = fakeResponse();
res.end = function () {
// assert
res.statusCode.should.equal(204);
done();
};
next = function () {
// assert
res.getHeader('Access-Control-Allow-Methods').should.equal('GET,PUT,PATCH,POST,DELETE');
done();
};
// act
cors(options)(req, res, next);
});
it('can specify allowed headers', function (done) {
// arrange
var req, res, options;
options = {
allowedHeaders: ['header1', 'header2']
};
req = fakeRequest();
req.method = 'OPTIONS';
res = fakeResponse();
res.end = function () {
// assert
res.getHeader('Access-Control-Allow-Headers').should.equal('header1,header2');
should.not.exist(res.getHeader('Vary'));
done();
};
// act
cors(options)(req, res, null);
});
it('specifying an empty list or string of allowed headers will result in no response header for allowed headers', function (done) {
// arrange
var req, res, next, options;
options = {
allowedHeaders: []
};
req = fakeRequest();
res = fakeResponse();
next = function () {
// assert
should.not.exist(res.getHeader('Access-Control-Allow-Headers'));
should.not.exist(res.getHeader('Vary'));
done();
};
// act
cors(options)(req, res, next);
});
it('if no allowed headers are specified, defaults to requested allowed headers', function (done) {
// arrange
var req, res, options;
options = {
};
req = fakeRequest();
req.method = 'OPTIONS';
res = fakeResponse();
res.end = function () {
// assert
res.getHeader('Access-Control-Allow-Headers').should.equal('requestedHeader1,requestedHeader2');
should.exist(res.getHeader('Vary'));
res.getHeader('Vary').should.equal('Access-Control-Request-Headers');
done();
};
// act
cors(options)(req, res, null);
});
it('can specify exposed headers', function (done) {
// arrange
var req, res, options, next;
options = {
exposedHeaders: ['custom-header1', 'custom-header2']
};
req = fakeRequest();
res = fakeResponse();
next = function () {
// assert
res.getHeader('Access-Control-Expose-Headers').should.equal('custom-header1,custom-header2');
done();
};
// act
cors(options)(req, res, next);
});
it('specifying an empty list or string of exposed headers will result in no response header for exposed headers', function (done) {
// arrange
var req, res, next, options;
options = {
exposedHeaders: []
};
req = fakeRequest();
res = fakeResponse();
next = function () {
// assert
should.not.exist(res.getHeader('Access-Control-Expose-Headers'));
done();
};
// act
cors(options)(req, res, next);
});
it('includes credentials if explicitly enabled', function (done) {
// arrange
var req, res, options;
options = {
credentials: true
};
req = fakeRequest();
req.method = 'OPTIONS';
res = fakeResponse();
res.end = function () {
// assert
res.getHeader('Access-Control-Allow-Credentials').should.equal('true');
done();
};
// act
cors(options)(req, res, null);
});
it('does not includes credentials unless explicitly enabled', function (done) {
// arrange
var req, res, next, options;
options = {
};
req = fakeRequest();
res = fakeResponse();
next = function () {
// assert
should.not.exist(res.getHeader('Access-Control-Allow-Credentials'));
done();
};
// act
cors(options)(req, res, next);
});
it('includes maxAge when specified', function (done) {
// arrange
var req, res, options;
options = {
maxAge: 456
};
req = fakeRequest();
req.method = 'OPTIONS';
res = fakeResponse();
res.end = function () {
// assert
res.getHeader('Access-Control-Max-Age').should.equal('456');
done();
};
// act
cors(options)(req, res, null);
});
it('does not includes maxAge unless specified', function (done) {
// arrange
var req, res, next, options;
options = {
};
req = fakeRequest();
res = fakeResponse();
next = function () {
// assert
should.not.exist(res.getHeader('Access-Control-Max-Age'));
done();
};
// act
cors(options)(req, res, next);
});
});
describe('passing a function to build options', function () {
it('handles options specified via callback', function (done) {
// arrange
var req, res, next, delegate;
delegate = function (req2, cb) {
cb(null, {
origin: 'delegate.com'
});
};
req = fakeRequest();
res = fakeResponse();
next = function () {
// assert
res.getHeader('Access-Control-Allow-Origin').should.equal('delegate.com');
done();
};
// act
cors(delegate)(req, res, next);
});
it('handles options specified via callback for preflight', function (done) {
// arrange
var req, res, delegate;
delegate = function (req2, cb) {
cb(null, {
origin: 'delegate.com',
maxAge: 1000
});
};
req = fakeRequest();
req.method = 'OPTIONS';
res = fakeResponse();
res.end = function () {
// assert
res.getHeader('Access-Control-Allow-Origin').should.equal('delegate.com');
res.getHeader('Access-Control-Max-Age').should.equal('1000');
done();
};
// act
cors(delegate)(req, res, null);
});
it('handles error specified via callback', function (done) {
// arrange
var req, res, next, delegate;
delegate = function (req2, cb) {
cb('some error');
};
req = fakeRequest();
res = fakeResponse();
next = function (err) {
// assert
err.should.equal('some error');
done();
};
// act
cors(delegate)(req, res, next);
});
});
});
}());

77
node_modules/cors/test/error-response.js generated vendored Normal file
View File

@@ -0,0 +1,77 @@
(function () {
/*global describe, it*/
'use strict';
var should = require('should'),
express = require('express'),
supertest = require('supertest'),
cors = require('../lib');
var app;
/* -------------------------------------------------------------------------- */
app = express();
app.use(cors());
app.post('/five-hundred', function (req, res, next) {
next(new Error('nope'));
});
app.post('/four-oh-one', function (req, res, next) {
next(new Error('401'));
});
app.post('/four-oh-four', function (req, res, next) {
next();
});
app.use(function (err, req, res, next) {
if (err.message === '401') {
res.status(401).send('unauthorized');
} else {
next(err);
}
});
/* -------------------------------------------------------------------------- */
describe('error response', function () {
it('500', function (done) {
supertest(app)
.post('/five-hundred')
.expect(500)
.end(function (err, res) {
should.not.exist(err);
res.headers['access-control-allow-origin'].should.eql('*');
res.text.should.containEql('Error: nope');
done();
});
});
it('401', function (done) {
supertest(app)
.post('/four-oh-one')
.expect(401)
.end(function (err, res) {
should.not.exist(err);
res.headers['access-control-allow-origin'].should.eql('*');
res.text.should.eql('unauthorized');
done();
});
});
it('404', function (done) {
supertest(app)
.post('/four-oh-four')
.expect(404)
.end(function (err, res) {
should.not.exist(err);
res.headers['access-control-allow-origin'].should.eql('*');
done();
});
});
});
}());

98
node_modules/cors/test/example-app.js generated vendored Normal file
View File

@@ -0,0 +1,98 @@
(function () {
/*global describe, it*/
'use strict';
var should = require('should'),
express = require('express'),
supertest = require('supertest'),
cors = require('../lib');
var simpleApp,
complexApp;
/* -------------------------------------------------------------------------- */
simpleApp = express();
simpleApp.head('/', cors(), function (req, res) {
res.status(204).send();
});
simpleApp.get('/', cors(), function (req, res) {
res.send('Hello World (Get)');
});
simpleApp.post('/', cors(), function (req, res) {
res.send('Hello World (Post)');
});
/* -------------------------------------------------------------------------- */
complexApp = express();
complexApp.options('/', cors());
complexApp.delete('/', cors(), function (req, res) {
res.send('Hello World (Delete)');
});
/* -------------------------------------------------------------------------- */
describe('example app(s)', function () {
describe('simple methods', function () {
it('GET works', function (done) {
supertest(simpleApp)
.get('/')
.expect(200)
.end(function (err, res) {
should.not.exist(err);
res.headers['access-control-allow-origin'].should.eql('*');
res.text.should.eql('Hello World (Get)');
done();
});
});
it('HEAD works', function (done) {
supertest(simpleApp)
.head('/')
.expect(204)
.end(function (err, res) {
should.not.exist(err);
res.headers['access-control-allow-origin'].should.eql('*');
done();
});
});
it('POST works', function (done) {
supertest(simpleApp)
.post('/')
.expect(200)
.end(function (err, res) {
should.not.exist(err);
res.headers['access-control-allow-origin'].should.eql('*');
res.text.should.eql('Hello World (Post)');
done();
});
});
});
describe('complex methods', function () {
it('OPTIONS works', function (done) {
supertest(complexApp)
.options('/')
.expect(204)
.end(function (err, res) {
should.not.exist(err);
res.headers['access-control-allow-origin'].should.eql('*');
done();
});
});
it('DELETE works', function (done) {
supertest(complexApp)
.del('/')
.expect(200)
.end(function (err, res) {
should.not.exist(err);
res.headers['access-control-allow-origin'].should.eql('*');
res.text.should.eql('Hello World (Delete)');
done();
});
});
});
});
}());

56
node_modules/cors/test/issue-2.js generated vendored Normal file
View File

@@ -0,0 +1,56 @@
(function () {
/*global describe, it*/
'use strict';
var should = require('should'),
express = require('express'),
supertest = require('supertest'),
cors = require('../lib');
var app,
corsOptions;
/* -------------------------------------------------------------------------- */
app = express();
corsOptions = {
origin: true,
methods: ['POST'],
credentials: true,
maxAge: 3600
};
app.options('/api/login', cors(corsOptions));
app.post('/api/login', cors(corsOptions), function (req, res) {
res.send('LOGIN');
});
/* -------------------------------------------------------------------------- */
describe('issue #2', function () {
it('OPTIONS works', function (done) {
supertest(app)
.options('/api/login')
.expect(204)
.set('Origin', 'http://example.com')
.end(function (err, res) {
should.not.exist(err);
res.headers['access-control-allow-origin'].should.eql('http://example.com');
done();
});
});
it('POST works', function (done) {
supertest(app)
.post('/api/login')
.expect(200)
.set('Origin', 'http://example.com')
.end(function (err, res) {
should.not.exist(err);
res.headers['access-control-allow-origin'].should.eql('http://example.com');
res.text.should.eql('LOGIN');
done();
});
});
});
}());

58
node_modules/cors/test/issue-31.js generated vendored Normal file
View File

@@ -0,0 +1,58 @@
(function () {
/*global describe, it*/
'use strict';
var should = require('should'),
express = require('express'),
supertest = require('supertest'),
cors = require('../lib');
var app,
mainRouter,
itemsRouter;
/* -------------------------------------------------------------------------- */
itemsRouter = new express.Router();
itemsRouter.get('/', function (req, res) {
res.send('hello world');
});
mainRouter = new express.Router();
mainRouter.use('/items', itemsRouter);
app = express();
app.use(cors());
app.use(mainRouter);
/* -------------------------------------------------------------------------- */
describe('issue #31', function () {
it('OPTIONS works', function (done) {
supertest(app)
.options('/items')
.expect(204)
.set('Origin', 'http://example.com')
.end(function (err, res) {
should.not.exist(err);
res.headers['access-control-allow-origin'].should.eql('*');
done();
});
});
it('GET works', function (done) {
supertest(app)
.get('/items')
.expect(200)
.set('Origin', 'http://example.com')
.end(function (err, res) {
should.not.exist(err);
res.headers['access-control-allow-origin'].should.eql('*');
res.text.should.eql('hello world');
done();
});
});
});
}());

4
node_modules/cors/test/mocha.opts generated vendored Normal file
View File

@@ -0,0 +1,4 @@
--ui bdd
--reporter spec
--require should
--require test/support/env

2
node_modules/cors/test/support/env.js generated vendored Normal file
View File

@@ -0,0 +1,2 @@
process.env.NODE_ENV = 'test';