method-override
Advanced tools
Comparing version 1.0.2 to 2.0.0
@@ -0,1 +1,13 @@ | ||
2.0.0 / 2014-06-01 | ||
================== | ||
* Default behavior only checks `X-HTTP-Method-Override` header | ||
* New interface, less magic | ||
- Can specify what header to look for override in, if wanted | ||
- Can specify custom function to get method from request | ||
* Only `POST` requests are examined by default | ||
* Remove `req.body` support for more standard query param support | ||
- Use custom `getter` function if `req.body` support is needed | ||
* Set `Vary` header when using built-in header checking | ||
1.0.2 / 2014-05-22 | ||
@@ -2,0 +14,0 @@ ================== |
131
index.js
@@ -13,2 +13,4 @@ /*! | ||
var methods = require('methods'); | ||
var parseurl = require('parseurl'); | ||
var querystring = require('querystring'); | ||
@@ -20,13 +22,32 @@ /** | ||
* | ||
* Pass an optional `key` to use when checking for | ||
* a method override, otherwise defaults to _\_method_. | ||
* Pass an optional `getter` to use when checking for | ||
* a method override. | ||
* | ||
* A string is converted to a getter that will look for | ||
* the method in `req.body[getter]` and a function will be | ||
* called with `req` and expects the method to be returned. | ||
* If the string starts with `X-` then it will look in | ||
* `req.headers[getter]` instead. | ||
* | ||
* The original method is available via `req.originalMethod`. | ||
* | ||
* @param {String} key | ||
* @return {Function} | ||
* @param {string|function} [getter=X-HTTP-Method-Override] | ||
* @param {object} [options] | ||
* @return {function} | ||
* @api public | ||
*/ | ||
module.exports = function methodOverride(key){ | ||
key = key || '_method'; | ||
module.exports = function methodOverride(getter, options){ | ||
options = options || {} | ||
// get the getter fn | ||
var get = typeof getter === 'function' | ||
? getter | ||
: createGetter(getter || 'X-HTTP-Method-Override') | ||
// get allowed request methods to examine | ||
var methods = options.methods === undefined | ||
? ['POST'] | ||
: options.methods | ||
return function methodOverride(req, res, next) { | ||
@@ -36,31 +57,65 @@ var method | ||
req.originalMethod = req.originalMethod || req.method; | ||
req.originalMethod = req.originalMethod || req.method | ||
// req.body | ||
if (req.body && typeof req.body === 'object' && key in req.body) { | ||
method = req.body[key] | ||
delete req.body[key] | ||
// validate request is on allowed method | ||
if (methods && methods.indexOf(req.originalMethod) === -1) { | ||
return next() | ||
} | ||
// check X-HTTP-Method-Override | ||
val = req.headers['x-http-method-override'] | ||
if (val) { | ||
// multiple headers get joined with comma by node.js core | ||
method = val.split(/ *, */) | ||
} | ||
val = get(req, res) | ||
method = Array.isArray(val) | ||
? val[0] | ||
: val | ||
if (Array.isArray(method)) { | ||
method = method[0] | ||
} | ||
// replace | ||
if (supports(method)) { | ||
if (method !== undefined && supports(method)) { | ||
req.method = method.toUpperCase() | ||
} | ||
next(); | ||
}; | ||
}; | ||
next() | ||
} | ||
} | ||
/** | ||
* Create a getter for the given string. | ||
*/ | ||
function createGetter(str) { | ||
if (str.substr(0, 2).toUpperCase() === 'X-') { | ||
// header getter | ||
return createHeaderGetter(str) | ||
} | ||
return createQueryGetter(str) | ||
} | ||
/** | ||
* Create a getter for the given query key name. | ||
*/ | ||
function createQueryGetter(key) { | ||
return function(req, res) { | ||
var url = parseurl(req) | ||
var query = querystring.parse(url.query || '') | ||
return query[key] | ||
} | ||
} | ||
/** | ||
* Create a getter for the given header name. | ||
*/ | ||
function createHeaderGetter(str) { | ||
var header = str.toLowerCase() | ||
return function(req, res) { | ||
// set appropriate Vary header | ||
vary(res, str) | ||
// multiple headers get joined with comma by node.js core | ||
return (req.headers[header] || '').split(/ *, */) | ||
} | ||
} | ||
/** | ||
* Check if node supports `method`. | ||
@@ -74,1 +129,27 @@ */ | ||
} | ||
/** | ||
* Add val to Vary header | ||
*/ | ||
function vary(res, val) { | ||
var header = res.getHeader('Vary') || '' | ||
var headers = Array.isArray(header) | ||
? header.join(', ') | ||
: header | ||
// enumerate current values | ||
var vals = headers.toLowerCase().split(/ *, */) | ||
if (vals.indexOf(val.toLowerCase()) !== -1) { | ||
// already set | ||
return | ||
} | ||
// append value (in existing format) | ||
header = headers | ||
? headers + ', ' + val | ||
: val | ||
res.setHeader('Vary', header) | ||
} |
{ | ||
"name": "method-override", | ||
"description": "Override HTTP verbs", | ||
"version": "1.0.2", | ||
"version": "2.0.0", | ||
"author": { | ||
@@ -27,8 +27,9 @@ "name": "Jonathan Ong", | ||
"dependencies": { | ||
"methods": "1.0.0" | ||
"methods": "1.0.0", | ||
"parseurl": "1.0.1" | ||
}, | ||
"devDependencies": { | ||
"istanbul": "0.2.10", | ||
"mocha": "~1.19.0", | ||
"supertest": "~0.12.1" | ||
"mocha": "~1.20.0", | ||
"supertest": "~0.13.0" | ||
}, | ||
@@ -35,0 +36,0 @@ "engines": { |
@@ -1,6 +0,8 @@ | ||
# method-override [![Build Status](https://travis-ci.org/expressjs/method-override.svg)](https://travis-ci.org/expressjs/method-override) [![NPM version](https://badge.fury.io/js/method-override.svg)](http://badge.fury.io/js/method-override) | ||
# method-override | ||
Lets you use HTTP verbs such as PUT or DELETE in places you normally can't. | ||
[![NPM version](https://badge.fury.io/js/method-override.svg)](http://badge.fury.io/js/method-override) | ||
[![Build Status](https://travis-ci.org/expressjs/method-override.svg?branch=master)](https://travis-ci.org/expressjs/method-override) | ||
[![Coverage Status](https://img.shields.io/coveralls/expressjs/method-override.svg?branch=master)](https://coveralls.io/r/expressjs/method-override) | ||
Previously `connect.methodOverride()`. | ||
Lets you use HTTP verbs such as PUT or DELETE in places where the client doesn't support it. | ||
@@ -19,10 +21,10 @@ ## Install | ||
### methodOverride(key) | ||
### methodOverride(getter, options) | ||
Create a new middleware function to override the `req.method` property with a new | ||
value. This value will be pulled from the `X-HTTP-Method-Override` header of the | ||
request. If this header is not present, then this module will look in the `req.body` | ||
object for a property name given by the `key` argument (and if found, will delete | ||
the property from `req.body`). | ||
value. This value will be pulled from the provided `getter`. | ||
- `getter` - The getter to use to look up the overridden request method for the request. (default: `X-HTTP-Method-Override`) | ||
- `options.methods` - The allowed methods the original request must be in to check for a method override value. (default: `['POST']`) | ||
If the found method is supported by node.js core, then `req.method` will be set to | ||
@@ -32,18 +34,77 @@ this value, as if it has originally been that value. The previous `req.method` | ||
#### key | ||
#### getter | ||
This is the property to look for the overwritten method in the `req.body` object. | ||
This defaults to `"_method"`. | ||
This is the method of getting the override value from the request. If a function is provided, | ||
the `req` is passed as the first argument, the `res as the second argument and the method is | ||
expected to be returned. If a string is provided, the string is used to look up the method | ||
with the following rules: | ||
- If the string starts with `X-`, then it is treated as the name of a header and that header | ||
is used for the method override. If the request contains the same header multiple times, the | ||
first occurrence is used. | ||
- All other strings are treated as a key in the URL query string. | ||
#### options.methods | ||
This allows the specification of what methods(s) the request *MUST* be in in order to check for | ||
the method override value. This defaults to only `POST` methods, which is the only method the | ||
override should arrive in. More methods may be specified here, but it may introduce security | ||
issues and cause weird behavior when requests travel through caches. This value is an array | ||
of methods in upper-case. `null` can be specified to allow all methods. | ||
## Examples | ||
### override using a header | ||
```js | ||
var bodyParser = require('body-parser') | ||
var connect = require('connect') | ||
var connect = require('connect') | ||
var methodOverride = require('method-override') | ||
app.use(bodyParser()) | ||
app.use(methodOverride()) | ||
// override with the X-HTTP-Method-Override header in the request | ||
app.use(methodOverride('X-HTTP-Method-Override')) | ||
``` | ||
### override using a query value | ||
```js | ||
var connect = require('connect') | ||
var methodOverride = require('method-override') | ||
// override with POST having ?_method=DELETE | ||
app.use(methodOverride('_method')) | ||
``` | ||
### multiple format support | ||
```js | ||
var connect = require('connect') | ||
var methodOverride = require('method-override') | ||
// override with different headers; last one takes precedence | ||
app.use(methodOverride('X-HTTP-Method')) // Microsoft | ||
app.use(methodOverride('X-HTTP-Method-Override')) // Google/GData | ||
app.use(methodOverride('X-Method-Override')) // IBM | ||
``` | ||
### custom logic | ||
You can implement any kind of custom logic with a function for the `getter`. The following | ||
implements the logic for looking in `req.body` that was in `method-override` 1: | ||
```js | ||
var bodyParser = require('body-parser') | ||
var connect = require('connect') | ||
var methodOverride = require('method-override') | ||
app.use(bodyParser.urlencoded()) | ||
app.use(methodOverride(function(req, res){ | ||
if (req.body && typeof req.body === 'object' && '_method' in req.body) { | ||
// look in urlencoded POST bodies and delete it | ||
var method = req.body._method | ||
delete req.body._method | ||
return method | ||
} | ||
})) | ||
``` | ||
## License | ||
@@ -50,0 +111,0 @@ |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
10107
122
131
2
+ Addedparseurl@1.0.1
+ Addedparseurl@1.0.1(transitive)