method-override - npm Package Compare versions

Comparing version 1.0.2 to 2.0.0

History.md

		@@ -0,1 +1,13 @@
		2.0.0 / 2014-06-01
		==================

		* Default behavior only checks `X-HTTP-Method-Override` header
		* New interface, less magic
		- Can specify what header to look for override in, if wanted
		- Can specify custom function to get method from request
		* Only `POST` requests are examined by default
		* Remove `req.body` support for more standard query param support
		- Use custom `getter` function if `req.body` support is needed
		* Set `Vary` header when using built-in header checking

		1.0.2 / 2014-05-22
		@@ -2,0 +14,0 @@ ==================

131

index.js

		@@ -13,2 +13,4 @@ /*!
		var methods = require('methods');
		var parseurl = require('parseurl');
		var querystring = require('querystring');

		@@ -20,13 +22,32 @@ /**
		*
		* Pass an optional `key` to use when checking for
		* a method override, otherwise defaults to _\_method_.
		* Pass an optional `getter` to use when checking for
		* a method override.
		*
		* A string is converted to a getter that will look for
		* the method in `req.body[getter]` and a function will be
		* called with `req` and expects the method to be returned.
		* If the string starts with `X-` then it will look in
		* `req.headers[getter]` instead.
		*
		* The original method is available via `req.originalMethod`.
		*
		* @param {String} key
		* @return {Function}
		* @param {string\|function} [getter=X-HTTP-Method-Override]
		* @param {object} [options]
		* @return {function}
		* @api public
		*/

		module.exports = function methodOverride(key){
		key = key \|\| '_method';
		module.exports = function methodOverride(getter, options){
		options = options \|\| {}

		// get the getter fn
		var get = typeof getter === 'function'
		? getter
		: createGetter(getter \|\| 'X-HTTP-Method-Override')

		// get allowed request methods to examine
		var methods = options.methods === undefined
		? ['POST']
		: options.methods

		return function methodOverride(req, res, next) {
		@@ -36,31 +57,65 @@ var method

		req.originalMethod = req.originalMethod \|\| req.method;
		req.originalMethod = req.originalMethod \|\| req.method

		// req.body
		if (req.body && typeof req.body === 'object' && key in req.body) {
		method = req.body[key]
		delete req.body[key]
		// validate request is on allowed method
		if (methods && methods.indexOf(req.originalMethod) === -1) {
		return next()
		}

		// check X-HTTP-Method-Override
		val = req.headers['x-http-method-override']
		if (val) {
		// multiple headers get joined with comma by node.js core
		method = val.split(/ , /)
		}
		val = get(req, res)
		method = Array.isArray(val)
		? val[0]
		: val

		if (Array.isArray(method)) {
		method = method[0]
		}

		// replace
		if (supports(method)) {
		if (method !== undefined && supports(method)) {
		req.method = method.toUpperCase()
		}

		next();
		};
		};
		next()
		}
		}

		/**
		* Create a getter for the given string.
		*/

		function createGetter(str) {
		if (str.substr(0, 2).toUpperCase() === 'X-') {
		// header getter
		return createHeaderGetter(str)
		}

		return createQueryGetter(str)
		}

		/**
		* Create a getter for the given query key name.
		*/

		function createQueryGetter(key) {
		return function(req, res) {
		var url = parseurl(req)
		var query = querystring.parse(url.query \|\| '')
		return query[key]
		}
		}

		/**
		* Create a getter for the given header name.
		*/

		function createHeaderGetter(str) {
		var header = str.toLowerCase()

		return function(req, res) {
		// set appropriate Vary header
		vary(res, str)

		// multiple headers get joined with comma by node.js core
		return (req.headers[header] \|\| '').split(/ , /)
		}
		}

		/**
		* Check if node supports `method`.
		@@ -74,1 +129,27 @@ */
		}

		/**
		* Add val to Vary header
		*/

		function vary(res, val) {
		var header = res.getHeader('Vary') \|\| ''
		var headers = Array.isArray(header)
		? header.join(', ')
		: header

		// enumerate current values
		var vals = headers.toLowerCase().split(/ , /)

		if (vals.indexOf(val.toLowerCase()) !== -1) {
		// already set
		return
		}

		// append value (in existing format)
		header = headers
		? headers + ', ' + val
		: val

		res.setHeader('Vary', header)
		}

package.json

		{
		"name": "method-override",
		"description": "Override HTTP verbs",
		"version": "1.0.2",
		"version": "2.0.0",
		"author": {
		@@ -27,8 +27,9 @@ "name": "Jonathan Ong",
		"dependencies": {
		"methods": "1.0.0"
		"methods": "1.0.0",
		"parseurl": "1.0.1"
		},
		"devDependencies": {
		"istanbul": "0.2.10",
		"mocha": "~1.19.0",
		"supertest": "~0.12.1"
		"mocha": "~1.20.0",
		"supertest": "~0.13.0"
		},
		@@ -35,0 +36,0 @@ "engines": {

README.md

		@@ -1,6 +0,8 @@
		# method-override [![Build Status](https://travis-ci.org/expressjs/method-override.svg)](https://travis-ci.org/expressjs/method-override) [![NPM version](https://badge.fury.io/js/method-override.svg)](http://badge.fury.io/js/method-override)
		# method-override

		Lets you use HTTP verbs such as PUT or DELETE in places you normally can't.
		[![NPM version](https://badge.fury.io/js/method-override.svg)](http://badge.fury.io/js/method-override)
		[![Build Status](https://travis-ci.org/expressjs/method-override.svg?branch=master)](https://travis-ci.org/expressjs/method-override)
		[![Coverage Status](https://img.shields.io/coveralls/expressjs/method-override.svg?branch=master)](https://coveralls.io/r/expressjs/method-override)

		Previously `connect.methodOverride()`.
		Lets you use HTTP verbs such as PUT or DELETE in places where the client doesn't support it.

		@@ -19,10 +21,10 @@ ## Install

		### methodOverride(key)
		### methodOverride(getter, options)

		Create a new middleware function to override the `req.method` property with a new
		value. This value will be pulled from the `X-HTTP-Method-Override` header of the
		request. If this header is not present, then this module will look in the `req.body`
		object for a property name given by the `key` argument (and if found, will delete
		the property from `req.body`).
		value. This value will be pulled from the provided `getter`.

		- `getter` - The getter to use to look up the overridden request method for the request. (default: `X-HTTP-Method-Override`)
		- `options.methods` - The allowed methods the original request must be in to check for a method override value. (default: `['POST']`)

		If the found method is supported by node.js core, then `req.method` will be set to
		@@ -32,18 +34,77 @@ this value, as if it has originally been that value. The previous `req.method`

		#### key
		#### getter

		This is the property to look for the overwritten method in the `req.body` object.
		This defaults to `"_method"`.
		This is the method of getting the override value from the request. If a function is provided,
		the `req` is passed as the first argument, the `res as the second argument and the method is
		expected to be returned. If a string is provided, the string is used to look up the method
		with the following rules:

		- If the string starts with `X-`, then it is treated as the name of a header and that header
		is used for the method override. If the request contains the same header multiple times, the
		first occurrence is used.
		- All other strings are treated as a key in the URL query string.

		#### options.methods

		This allows the specification of what methods(s) the request MUST be in in order to check for
		the method override value. This defaults to only `POST` methods, which is the only method the
		override should arrive in. More methods may be specified here, but it may introduce security
		issues and cause weird behavior when requests travel through caches. This value is an array
		of methods in upper-case. `null` can be specified to allow all methods.

		## Examples

		### override using a header

		```js
		var bodyParser = require('body-parser')
		var connect = require('connect')
		var connect = require('connect')
		var methodOverride = require('method-override')

		app.use(bodyParser())
		app.use(methodOverride())
		// override with the X-HTTP-Method-Override header in the request
		app.use(methodOverride('X-HTTP-Method-Override'))
		```

		### override using a query value

		```js
		var connect = require('connect')
		var methodOverride = require('method-override')

		// override with POST having ?_method=DELETE
		app.use(methodOverride('_method'))
		```

		### multiple format support

		```js
		var connect = require('connect')
		var methodOverride = require('method-override')

		// override with different headers; last one takes precedence
		app.use(methodOverride('X-HTTP-Method')) // Microsoft
		app.use(methodOverride('X-HTTP-Method-Override')) // Google/GData
		app.use(methodOverride('X-Method-Override')) // IBM
		```

		### custom logic

		You can implement any kind of custom logic with a function for the `getter`. The following
		implements the logic for looking in `req.body` that was in `method-override` 1:

		```js
		var bodyParser = require('body-parser')
		var connect = require('connect')
		var methodOverride = require('method-override')

		app.use(bodyParser.urlencoded())
		app.use(methodOverride(function(req, res){
		if (req.body && typeof req.body === 'object' && '_method' in req.body) {
		// look in urlencoded POST bodies and delete it
		var method = req.body._method
		delete req.body._method
		return method
		}
		}))
		```

		## License
		@@ -50,0 +111,0 @@

method-override - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics

Dependency changes