Release 3.0.5

Merge pull request #1451 from aweeks/fix-304-must-not-contain-body
Explicitly remove Transfer-Encoding header from 204 and 304 responses
2012-12-19 13:46:16 -08:00 · 2012-12-19 13:34:16 -08:00 · 2012-12-19 10:53:17 -08:00 · 2012-12-14 15:06:17 -08:00 · 2012-12-06 15:15:49 -08:00 · 2012-12-05 17:10:59 -08:00
@@ -16,3 +16,4 @@ testing
 .coverage_data
 cover_html
 test.js
+.idea
@@ -1,4 +1,140 @@

+3.0.5 / 2012-12-19 
+==================
+
+  * add throwing when a non-function is passed to a route
+  * fix: explicitly remove Transfer-Encoding header from 204 and 304 responses
+  * revert "add 'etag' option"
+
+3.0.4 / 2012-12-05 
+==================
+
+  * add 'etag' option to disable `res.send()` Etags
+  * add escaping of urls in text/plain in `res.redirect()`
+    for old browsers interpreting as html
+  * change crc32 module for a more liberal license
+  * update connect
+
+3.0.3 / 2012-11-13 
+==================
+
+  * update connect
+  * update cookie module
+  * fix cookie max-age
+
+3.0.2 / 2012-11-08 
+==================
+
+  * add OPTIONS to cors example. Closes #1398
+  * fix route chaining regression. Closes #1397
+
+3.0.1 / 2012-11-01 
+==================
+
+  * update connect
+
+3.0.0 / 2012-10-23 
+==================
+
+  * add `make clean`
+  * add "Basic" check to req.auth
+  * add `req.auth` test coverage
+  * add cb && cb(payload) to `res.jsonp()`. Closes #1374
+  * add backwards compat for `res.redirect()` status. Closes #1336
+  * add support for `res.json()` to retain previously defined Content-Types. Closes #1349
+  * update connect
+  * change `res.redirect()` to utilize a pathname-relative Location again. Closes #1382
+  * remove non-primitive string support for `res.send()`
+  * fix view-locals example. Closes #1370
+  * fix route-separation example
+
+3.0.0rc5 / 2012-09-18 
+==================
+
+  * update connect
+  * add redis search example
+  * add static-files example
+  * add "x-powered-by" setting (`app.disable('x-powered-by')`)
+  * add "application/octet-stream" redirect Accept test case. Closes #1317
+
+3.0.0rc4 / 2012-08-30 
+==================
+
+  * add `res.jsonp()`. Closes #1307
+  * add "verbose errors" option to error-pages example
+  * add another route example to express(1) so people are not so confused
+  * add redis online user activity tracking example
+  * update connect dep
+  * fix etag quoting. Closes #1310
+  * fix error-pages 404 status
+  * fix jsonp callback char restrictions
+  * remove old OPTIONS default response
+
+3.0.0rc3 / 2012-08-13 
+==================
+
+  * update connect dep
+  * fix signed cookies to work with `connect.cookieParser()` ("s:" prefix was missing) [tnydwrds]
+  * fix `res.render()` clobbering of "locals"
+
+3.0.0rc2 / 2012-08-03 
+==================
+
+  * add CORS example
+  * update connect dep
+  * deprecate `.createServer()` & remove old stale examples
+  * fix: escape `res.redirect()` link
+  * fix vhost example
+
+3.0.0rc1 / 2012-07-24 
+==================
+
+  * add more examples to view-locals
+  * add scheme-relative redirects (`res.redirect("//foo.com")`) support
+  * update cookie dep
+  * update connect dep
+  * update send dep
+  * fix `express(1)` -h flag, use -H for hogan. Closes #1245
+  * fix `res.sendfile()` socket error handling regression
+
+3.0.0beta7 / 2012-07-16 
+==================
+
+  * update connect dep for `send()` root normalization regression
+
+3.0.0beta6 / 2012-07-13 
+==================
+
+  * add `err.view` property for view errors. Closes #1226
+  * add "jsonp callback name" setting
+  * add support for "/foo/:bar*" non-greedy matches
+  * change `res.sendfile()` to use `send()` module
+  * change `res.send` to use "response-send" module
+  * remove `app.locals.use` and `res.locals.use`, use regular middleware
+
+3.0.0beta5 / 2012-07-03 
+==================
+
+  * add "make check" support
+  * add route-map example
+  * add `res.json(obj, status)` support back for BC
+  * add "methods" dep, remove internal methods module
+  * update connect dep
+  * update auth example to utilize cores pbkdf2
+  * updated tests to use "supertest"
+
+3.0.0beta4 / 2012-06-25 
+==================
+
+  * Added `req.auth`
+  * Added `req.range(size)`
+  * Added `res.links(obj)`
+  * Added `res.send(body, status)` support back for backwards compat
+  * Added `.default()` support to `res.format()`
+  * Added 2xx / 304 check to `req.fresh`
+  * Revert "Added + support to the router"
+  * Fixed `res.send()` freshness check, respect res.statusCode
+
 3.0.0beta3 / 2012-06-15 
 ==================

@@ -1,24 +1,20 @@

+MOCHA_OPTS=
 REPORTER = dot

-docs: docs/express.md
-
-docs/express.md: docs/application.md docs/request.md docs/response.md
-	cat $^ > $@
-
-docs/%.md: lib/%.js
-	@mkdir -p docs
-	dox --raw < $< | ./support/docs > $@
+check: test

 test: test-unit test-acceptance

 test-unit:
 	@NODE_ENV=test ./node_modules/.bin/mocha \
-		--reporter $(REPORTER)
+		--reporter $(REPORTER) \
+		$(MOCHA_OPTS)

 test-acceptance:
 	@NODE_ENV=test ./node_modules/.bin/mocha \
 		--reporter $(REPORTER) \
+		--bail \
 		test/acceptance/*.js

 test-cov: lib-cov
@@ -27,10 +23,11 @@ test-cov: lib-cov
 lib-cov:
 	@jscoverage lib lib-cov

-docclean:
-	rm -fr docs
-
 benchmark:
 	@./support/bench

-.PHONY: docs docclean test test-unit test-acceptance benchmark
+clean:
+	rm -f coverage.html
+	rm -fr lib-cov
+
+.PHONY: test test-unit test-acceptance benchmark clean
@@ -1,4 +1,3 @@
-
 ![express logo](http://f.cl.ly/items/0V2S1n0K1i3y1c122g04/Screen%20Shot%202012-04-11%20at%209.59.42%20AM.png)

  Fast, unopinionated, minimalist web framework for [node](http://nodejs.org). [![Build Status](https://secure.travis-ci.org/visionmedia/express.png)](http://travis-ci.org/visionmedia/express)
@@ -18,10 +17,6 @@ app.listen(3000);

    $ npm install -g express

- To install the 3.0 alpha:
- 
-    $ npm install -g express@3.0
-
 ## Quick Start

 The quickest way to get started with express is to utilize the executable `express(1)` to generate an application as shown below:
@@ -74,8 +69,9 @@ app.listen(3000);

 ## Viewing Examples

-First install the dev dependencies to install all the example / test suite deps:
+Clone the Express repo, then install the dev dependencies to install all the example / test suite deps:

+    $ git clone git://github.com/visionmedia/express.git --depth 1
    $ cd express
    $ npm install

@@ -107,7 +103,7 @@ authors:
   54	Aaron Heckmann          1.5%
   34	csausdev                1.0%
   26	ciaranj                 0.7%
-   21	Robert Sköld          0.6%
+   21	Robert Sköld            0.6%
    6	Guillermo Rauch         0.2%
    3	Dav Glass               0.1%
    3	Nick Poulden            0.1%
@@ -153,7 +149,7 @@ authors:
    1	Jonathan Zacsh          0.0%
    1	Justin Lilly            0.0%
    1	Ken Sato                0.0%
-    1	Maciej Małecki         0.0%
+    1	Maciej Małecki          0.0%
    1	Masahiro Hayashi        0.0%
 ```

@@ -19,7 +19,7 @@ program
  .option('-s, --sessions', 'add session support')
  .option('-e, --ejs', 'add ejs engine support (defaults to jade)')
  .option('-J, --jshtml', 'add jshtml engine support (defaults to jade)')
-  .option('-h, --hjs', 'add hogan.js engine support')
+  .option('-H, --hogan', 'add hogan.js engine support')
  .option('-c, --css <engine>', 'add stylesheet <engine> support (less|stylus) (defaults to plain css)')
  .option('-f, --force', 'force on non-empty directory')
  .parse(process.argv);
@@ -37,7 +37,7 @@ var eol = 'win32' == os.platform() ? '\r\n' : '\n'
 program.template = 'jade';
 if (program.ejs) program.template = 'ejs';
 if (program.jshtml) program.template = 'jshtml';
-if (program.hjs) program.template = 'hjs';
+if (program.hogan) program.template = 'hjs';

 /**
 * Routes index template.
@@ -54,6 +54,21 @@ var index = [
  , '};'
 ].join(eol);

+/**
+ * Routes users template.
+ */
+
+var users = [
+    ''
+  , '/*'
+  , ' * GET users listing.'
+  , ' */'
+  , ''
+  , 'exports.list = function(req, res){'
+  , '  res.send("respond with a resource");'
+  , '};'
+].join(eol);
+
 /**
 * Jade layout template.
 */
@@ -127,7 +142,7 @@ var jshtmlIndex = [
 /**
 * Hogan.js index template.
 */
-var hjsIndex = [
+var hoganIndex = [
    '<!DOCTYPE html>'
  , '<html>'
  , '  <head>'
@@ -195,7 +210,9 @@ var app = [
  , ''
  , 'var express = require(\'express\')'
  , '  , routes = require(\'./routes\')'
-  , '  , http = require(\'http\');'
+  , '  , user = require(\'./routes/user\')'
+  , '  , http = require(\'http\')'
+  , '  , path = require(\'path\');'
  , ''
  , 'var app = express();'
  , ''
@@ -208,7 +225,7 @@ var app = [
  , '  app.use(express.bodyParser());'
  , '  app.use(express.methodOverride());{sess}'
  , '  app.use(app.router);{css}'
-  , '  app.use(express.static(__dirname + \'/public\'));'
+  , '  app.use(express.static(path.join(__dirname, \'public\')));'
  , '});'
  , ''
  , 'app.configure(\'development\', function(){'
@@ -216,6 +233,7 @@ var app = [
  , '});'
  , ''
  , 'app.get(\'/\', routes.index);'
+  , 'app.get(\'/users\', user.list);'
  , ''
  , 'http.createServer(app).listen(app.get(\'port\'), function(){'
  , '  console.log("Express server listening on port " + app.get(\'port\'));'
@@ -279,6 +297,7 @@ function createApplicationAt(path) {

    mkdir(path + '/routes', function(){
      write(path + '/routes/index.js', index);
+      write(path + '/routes/user.js', users);
    });

    mkdir(path + '/views', function(){
@@ -295,7 +314,7 @@ function createApplicationAt(path) {
          write(path + '/views/index.jshtml', jshtmlIndex);
          break;
        case 'hjs':
-          write(path + '/views/index.hjs', hjsIndex);
+          write(path + '/views/index.hjs', hoganIndex);
          break;

      }
@@ -1,181 +0,0 @@
-
-# app
-
-  Application prototype.
-
-# app.use()
-
-  Proxy `connect#use()` to apply settings to
-  mounted applications.
-
-# app.engine()
-
-  Register the given template engine callback `fn`
-  as `ext`.
-  
-  By default will `require()` the engine based on the
-  file extension. For example if you try to render
-  a "foo.jade" file Express will invoke the following internally:
-  
-      app.engine('jade', require('jade').__express);
-  
-  For engines that do not provide `.__express` out of the box,
-  or if you wish to "map" a different extension to the template engine
-  you may use this method. For example mapping the EJS template engine to
-  ".html" files
-  
-      app.engine('html', require('ejs').renderFile);
-  
-  In this case EJS provides a `.renderFile()` method with
-  the same signature that Express expects: `(path, options, callback)`,
-  though note that it aliases this method as `ejs.__express` internally
-  so if you're using ".ejs" extensions you dont need to do anything.
-  
-  Some template engines do not follow this convention, the
-  [Consolidate.js](https://github.com/visionmedia/consolidate.js)
-  library was created to map all of node's popular template
-  engines to follow this convention, thus allowing them to
-  work seemlessly within Express.
-
-# app.param()
-
-  Map the given param placeholder `name`(s) to the given callback(s).
-  
-  Parameter mapping is used to provide pre-conditions to routes
-  which use normalized placeholders. For example a _:user_id_ parameter
-  could automatically load a user's information from the database without
-  any additional code,
-  
-  The callback uses the samesignature as middleware, the only differencing
-  being that the value of the placeholder is passed, in this case the _id_
-  of the user. Once the `next()` function is invoked, just like middleware
-  it will continue on to execute the route, or subsequent parameter functions.
-  
-       app.param('user_id', function(req, res, next, id){
-         User.find(id, function(err, user){
-           if (err) {
-             next(err);
-           } else if (user) {
-             req.user = user;
-             next();
-           } else {
-             next(new Error('failed to load user'));
-           }
-         });
-       });
-
-# app.set()
-
-  Assign `setting` to `val`, or return `setting`'s value.
-  
-     app.set('foo', 'bar');
-     app.get('foo');
-     // => "bar"
-  
-  Mounted servers inherit their parent server's settings.
-
-# app.enabled()
-
-  Check if `setting` is enabled (truthy).
-  
-     app.enabled('foo')
-     // => false
-  
-     app.enable('foo')
-     app.enabled('foo')
-     // => true
-
-# app.disabled()
-
-  Check if `setting` is disabled.
-  
-     app.disabled('foo')
-     // => true
-  
-     app.enable('foo')
-     app.disabled('foo')
-     // => false
-
-# app.enable()
-
-  Enable `setting`.
-
-# app.disable()
-
-  Disable `setting`.
-
-# app.configure()
-
-  Configure callback for zero or more envs,
-  when no `env` is specified that callback will
-  be invoked for all environments. Any combination
-  can be used multiple times, in any order desired.
-  
-  ## Examples
-  
-     app.configure(function(){
-       // executed for all envs
-     });
-  
-     app.configure('stage', function(){
-       // executed staging env
-     });
-  
-     app.configure('stage', 'production', function(){
-       // executed for stage and production
-     });
-  
-  ## Note
-  
-   These callbacks are invoked immediately, and
-   are effectively sugar for the following.
-  
-      var env = process.env.NODE_ENV || 'development';
-  
-       switch (env) {
-         case 'development':
-           ...
-           break;
-         case 'stage':
-           ...
-           break;
-         case 'production':
-           ...
-           break;
-       }
-
-# app.all()
-
-  Special-cased "all" method, applying the given route `path`,
-  middleware, and callback to _every_ HTTP method.
-
-# app.render()
-
-  Render the given view `name` name with `options`
-  and a callback accepting an error and the
-  rendered template string.
-  
-  ## Example
-  
-     app.render('email', { name: 'Tobi' }, function(err, html){
-       // ...
-     })
-
-# app.listen()
-
-  Listen for connections.
-  
-  A node `http.Server` is returned, with this
-  application (which is a `Function`) as its
-  callback. If you wish to create both an HTTP
-  and HTTPS server you may do so with the "http"
-  and "https" modules as shown here.
-  
-     var http = require('http')
-       , https = require('https')
-       , express = require('express')
-       , app = express();
-  
-     http.createServer(app).listen(80);
-     http.createServer({ ... }, app).listen(443);
-
@@ -1,506 +0,0 @@
-
-# app
-
-  Application prototype.
-
-# app.use()
-
-  Proxy `connect#use()` to apply settings to
-  mounted applications.
-
-# app.engine()
-
-  Register the given template engine callback `fn`
-  as `ext`.
-  
-  By default will `require()` the engine based on the
-  file extension. For example if you try to render
-  a "foo.jade" file Express will invoke the following internally:
-  
-      app.engine('jade', require('jade').__express);
-  
-  For engines that do not provide `.__express` out of the box,
-  or if you wish to "map" a different extension to the template engine
-  you may use this method. For example mapping the EJS template engine to
-  ".html" files
-  
-      app.engine('html', require('ejs').renderFile);
-  
-  In this case EJS provides a `.renderFile()` method with
-  the same signature that Express expects: `(path, options, callback)`,
-  though note that it aliases this method as `ejs.__express` internally
-  so if you're using ".ejs" extensions you dont need to do anything.
-  
-  Some template engines do not follow this convention, the
-  [Consolidate.js](https://github.com/visionmedia/consolidate.js)
-  library was created to map all of node's popular template
-  engines to follow this convention, thus allowing them to
-  work seemlessly within Express.
-
-# app.param()
-
-  Map the given param placeholder `name`(s) to the given callback(s).
-  
-  Parameter mapping is used to provide pre-conditions to routes
-  which use normalized placeholders. For example a _:user_id_ parameter
-  could automatically load a user's information from the database without
-  any additional code,
-  
-  The callback uses the samesignature as middleware, the only differencing
-  being that the value of the placeholder is passed, in this case the _id_
-  of the user. Once the `next()` function is invoked, just like middleware
-  it will continue on to execute the route, or subsequent parameter functions.
-  
-       app.param('user_id', function(req, res, next, id){
-         User.find(id, function(err, user){
-           if (err) {
-             next(err);
-           } else if (user) {
-             req.user = user;
-             next();
-           } else {
-             next(new Error('failed to load user'));
-           }
-         });
-       });
-
-# app.set()
-
-  Assign `setting` to `val`, or return `setting`'s value.
-  
-     app.set('foo', 'bar');
-     app.get('foo');
-     // => "bar"
-  
-  Mounted servers inherit their parent server's settings.
-
-# app.enabled()
-
-  Check if `setting` is enabled (truthy).
-  
-     app.enabled('foo')
-     // => false
-  
-     app.enable('foo')
-     app.enabled('foo')
-     // => true
-
-# app.disabled()
-
-  Check if `setting` is disabled.
-  
-     app.disabled('foo')
-     // => true
-  
-     app.enable('foo')
-     app.disabled('foo')
-     // => false
-
-# app.enable()
-
-  Enable `setting`.
-
-# app.disable()
-
-  Disable `setting`.
-
-# app.configure()
-
-  Configure callback for zero or more envs,
-  when no `env` is specified that callback will
-  be invoked for all environments. Any combination
-  can be used multiple times, in any order desired.
-  
-  ## Examples
-  
-     app.configure(function(){
-       // executed for all envs
-     });
-  
-     app.configure('stage', function(){
-       // executed staging env
-     });
-  
-     app.configure('stage', 'production', function(){
-       // executed for stage and production
-     });
-  
-  ## Note
-  
-   These callbacks are invoked immediately, and
-   are effectively sugar for the following.
-  
-      var env = process.env.NODE_ENV || 'development';
-  
-       switch (env) {
-         case 'development':
-           ...
-           break;
-         case 'stage':
-           ...
-           break;
-         case 'production':
-           ...
-           break;
-       }
-
-# app.all()
-
-  Special-cased "all" method, applying the given route `path`,
-  middleware, and callback to _every_ HTTP method.
-
-# app.render()
-
-  Render the given view `name` name with `options`
-  and a callback accepting an error and the
-  rendered template string.
-  
-  ## Example
-  
-     app.render('email', { name: 'Tobi' }, function(err, html){
-       // ...
-     })
-
-# app.listen()
-
-  Listen for connections.
-  
-  A node `http.Server` is returned, with this
-  application (which is a `Function`) as its
-  callback. If you wish to create both an HTTP
-  and HTTPS server you may do so with the "http"
-  and "https" modules as shown here.
-  
-     var http = require('http')
-       , https = require('https')
-       , express = require('express')
-       , app = express();
-  
-     http.createServer(app).listen(80);
-     http.createServer({ ... }, app).listen(443);
-
-
-# req
-
-  Request prototype.
-
-# req.get
-
-  Return request header.
-  
-  The `Referrer` header field is special-cased,
-  both `Referrer` and `Referer` are interchangeable.
-  
-  ## Examples
-  
-      req.get('Content-Type');
-      // => "text/plain"
-      
-      req.get('content-type');
-      // => "text/plain"
-      
-      req.get('Something');
-      // => undefined
-  
-  Aliased as `req.header()`.
-
-# req.accepts()
-
-  Check if the given `type(s)` is acceptable, returning
-  the best match when true, otherwise `undefined`, in which
-  case you should respond with 406 "Not Acceptable".
-  
-  The `type` value may be a single mime type string
-  such as "application/json", the extension name
-  such as "json", a comma-delimted list such as "json, html, text/plain",
-  or an array `["json", "html", "text/plain"]`. When a list
-  or array is given the _best_ match, if any is returned.
-  
-  ## Examples
-  
-      // Accept: text/html
-      req.accepts('html');
-      // => "html"
-  
-      // Accept: text/*, application/json
-      req.accepts('html');
-      // => "html"
-      req.accepts('text/html');
-      // => "text/html"
-      req.accepts('json, text');
-      // => "json"
-      req.accepts('application/json');
-      // => "application/json"
-  
-      // Accept: text/*, application/json
-      req.accepts('image/png');
-      req.accepts('png');
-      // => undefined
-  
-      // Accept: text/*;q=.5, application/json
-      req.accepts(['html', 'json']);
-      req.accepts('html, json');
-      // => "json"
-
-# req.acceptsCharset()
-
-  Check if the given `charset` is acceptable,
-  otherwise you should respond with 406 "Not Acceptable".
-
-# req.acceptsLanguage()
-
-  Check if the given `lang` is acceptable,
-  otherwise you should respond with 406 "Not Acceptable".
-
-# req.param()
-
-  Return the value of param `name` when present or `defaultValue`.
-  
-   - Checks route placeholders, ex: _/user/:id_
-   - Checks body params, ex: id=12, {"id":12}
-   - Checks query string params, ex: ?id=12
-  
-  To utilize request bodies, `req.body`
-  should be an object. This can be done by using
-  the `connect.bodyParser()` middleware.
-
-# req.is()
-
-  Check if the incoming request contains the "Content-Type" 
-  header field, and it contains the give mime `type`.
-  
-  ## Examples
-  
-       // With Content-Type: text/html; charset=utf-8
-       req.is('html');
-       req.is('text/html');
-       req.is('text/*');
-       // => true
-      
-       // When Content-Type is application/json
-       req.is('json');
-       req.is('application/json');
-       req.is('application/*');
-       // => true
-      
-       req.is('html');
-       // => false
-
-
-# res
-
-  Response prototype.
-
-# res.status()
-
-  Set status `code`.
-
-# res.send()
-
-  Send a response.
-  
-  ## Examples
-  
-      res.send(new Buffer('wahoo'));
-      res.send({ some: 'json' });
-      res.send('<p>some html</p>');
-      res.send(404, 'Sorry, cant find that');
-      res.send(404);
-
-# res.json()
-
-  Send JSON response.
-  
-  ## Examples
-  
-      res.json(null);
-      res.json({ user: 'tj' });
-      res.json(500, 'oh noes!');
-      res.json(404, 'I dont have that');
-
-# res.sendfile()
-
-  Transfer the file at the given `path`.
-  
-  Automatically sets the _Content-Type_ response header field.
-  The callback `fn(err)` is invoked when the transfer is complete
-  or when an error occurs. Be sure to check `res.sentHeader`
-  if you wish to attempt responding, as the header and some data
-  may have already been transferred.
-  
-  ## Options
-  
-    - `maxAge` defaulting to 0
-    - `root`   root directory for relative filenames
-  
-  ## Examples
-  
-   The following example illustrates how `res.sendfile()` may
-   be used as an alternative for the `static()` middleware for
-   dynamic situations. The code backing `res.sendfile()` is actually
-   the same code, so HTTP cache support etc is identical.
-  
-      app.get('/user/:uid/photos/:file', function(req, res){
-        var uid = req.params.uid
-          , file = req.params.file;
-      
-        req.user.mayViewFilesFrom(uid, function(yes){
-          if (yes) {
-            res.sendfile('/uploads/' + uid + '/' + file);
-          } else {
-            res.send(403, 'Sorry! you cant see that.');
-          }
-        });
-      });
-
-# res.download()
-
-  Transfer the file at the given `path` as an attachment.
-  
-  Optionally providing an alternate attachment `filename`,
-  and optional callback `fn(err)`. The callback is invoked
-  when the data transfer is complete, or when an error has
-  ocurred. Be sure to check `res.headerSent` if you plan to respond.
-  
-  This method uses `res.sendfile()`.
-
-# res.format()
-
-  Respond to the Acceptable formats using an `obj`
-  of mime-type callbacks.
-  
-  This method uses `req.accepted`, an array of
-  acceptable types ordered by their quality values.
-  When "Accept" is not present the _first_ callback
-  is invoked, otherwise the first match is used. When
-  no match is performed the server responds with
-  406 "Not Acceptable".
-  
-  Content-Type is set for you, however if you choose
-  you may alter this within the callback using `res.type()`
-  or `res.set('Content-Type', ...)`.
-  
-     res.format({
-       'text/plain': function(){
-         res.send('hey');
-       },
-     
-       'text/html': function(){
-         res.send('<p>hey</p>');
-       },
-     
-       'appliation/json': function(){
-         res.send({ message: 'hey' });
-       }
-     });
-  
-  In addition to canonicalized MIME types you may
-  also use extnames mapped to these types:
-  
-     res.format({
-       text: function(){
-         res.send('hey');
-       },
-     
-       html: function(){
-         res.send('<p>hey</p>');
-       },
-     
-       json: function(){
-         res.send({ message: 'hey' });
-       }
-     });
-  
-  By default Express passes an `Error`
-  with a `.status` of 406 to `next(err)`
-  if a match is not made, however you may
-  provide an optional callback `fn` to
-  be invoked instead.
-
-# res.attachment()
-
-  Set _Content-Disposition_ header to _attachment_ with optional `filename`.
-
-# res.set
-
-  Set header `field` to `val`, or pass
-  an object of header fields.
-  
-  ## Examples
-  
-     res.set('Accept', 'application/json');
-     res.set({ Accept: 'text/plain', 'X-API-Key': 'tobi' });
-  
-  Aliased as `res.header()`.
-
-# res.get()
-
-  Get value for header `field`.
-
-# res.clearCookie()
-
-  Clear cookie `name`.
-
-# res.cookie()
-
-  Set cookie `name` to `val`, with the given `options`.
-  
-  ## Options
-  
-     - `maxAge`   max-age in milliseconds, converted to `expires`
-     - `signed`   sign the cookie
-     - `path`     defaults to "/"
-  
-  ## Examples
-  
-     // "Remember Me" for 15 minutes
-     res.cookie('rememberme', '1', { expires: new Date(Date.now() + 900000), httpOnly: true });
-  
-     // save as above
-     res.cookie('rememberme', '1', { maxAge: 900000, httpOnly: true })
-
-# res.redirect()
-
-  Redirect to the given `url` with optional response `status`
-  defaulting to 302.
-  
-  The given `url` can also be the name of a mapped url, for
-  example by default express supports "back" which redirects
-  to the _Referrer_ or _Referer_ headers or "/".
-  
-  ## Examples
-  
-     res.redirect('/foo/bar');
-     res.redirect('http://example.com');
-     res.redirect(301, 'http://example.com');
-     res.redirect('../login'); // /blog/post/1 -> /blog/login
-  
-  ## Mounting
-  
-    When an application is mounted, and `res.redirect()`
-    is given a path that does _not_ lead with "/". For 
-    example suppose a "blog" app is mounted at "/blog",
-    the following redirect would result in "/blog/login":
-  
-       res.redirect('login');
-  
-    While the leading slash would result in a redirect to "/login":
-  
-       res.redirect('/login');
-
-# res.render()
-
-  Render `view` with the given `options` and optional callback `fn`.
-  When a callback function is given a response will _not_ be made
-  automatically, otherwise a response of _200_ and _text/html_ is given.
-  
-  ## Options
-   
-   - `status`    Response status code (`res.statusCode`)
-   - `charset`   Set the charset (`res.charset`)
-  
-  ## Reserved locals
-  
-   - `cache`     boolean hinting to the engine it should cache
-   - `filename`  filename of the view being rendered
-
@@ -1,107 +0,0 @@
-
-# req
-
-  Request prototype.
-
-# req.get
-
-  Return request header.
-  
-  The `Referrer` header field is special-cased,
-  both `Referrer` and `Referer` are interchangeable.
-  
-  ## Examples
-  
-      req.get('Content-Type');
-      // => "text/plain"
-      
-      req.get('content-type');
-      // => "text/plain"
-      
-      req.get('Something');
-      // => undefined
-  
-  Aliased as `req.header()`.
-
-# req.accepts()
-
-  Check if the given `type(s)` is acceptable, returning
-  the best match when true, otherwise `undefined`, in which
-  case you should respond with 406 "Not Acceptable".
-  
-  The `type` value may be a single mime type string
-  such as "application/json", the extension name
-  such as "json", a comma-delimted list such as "json, html, text/plain",
-  or an array `["json", "html", "text/plain"]`. When a list
-  or array is given the _best_ match, if any is returned.
-  
-  ## Examples
-  
-      // Accept: text/html
-      req.accepts('html');
-      // => "html"
-  
-      // Accept: text/*, application/json
-      req.accepts('html');
-      // => "html"
-      req.accepts('text/html');
-      // => "text/html"
-      req.accepts('json, text');
-      // => "json"
-      req.accepts('application/json');
-      // => "application/json"
-  
-      // Accept: text/*, application/json
-      req.accepts('image/png');
-      req.accepts('png');
-      // => undefined
-  
-      // Accept: text/*;q=.5, application/json
-      req.accepts(['html', 'json']);
-      req.accepts('html, json');
-      // => "json"
-
-# req.acceptsCharset()
-
-  Check if the given `charset` is acceptable,
-  otherwise you should respond with 406 "Not Acceptable".
-
-# req.acceptsLanguage()
-
-  Check if the given `lang` is acceptable,
-  otherwise you should respond with 406 "Not Acceptable".
-
-# req.param()
-
-  Return the value of param `name` when present or `defaultValue`.
-  
-   - Checks route placeholders, ex: _/user/:id_
-   - Checks body params, ex: id=12, {"id":12}
-   - Checks query string params, ex: ?id=12
-  
-  To utilize request bodies, `req.body`
-  should be an object. This can be done by using
-  the `connect.bodyParser()` middleware.
-
-# req.is()
-
-  Check if the incoming request contains the "Content-Type" 
-  header field, and it contains the give mime `type`.
-  
-  ## Examples
-  
-       // With Content-Type: text/html; charset=utf-8
-       req.is('html');
-       req.is('text/html');
-       req.is('text/*');
-       // => true
-      
-       // When Content-Type is application/json
-       req.is('json');
-       req.is('application/json');
-       req.is('application/*');
-       // => true
-      
-       req.is('html');
-       // => false
-
@@ -1,218 +0,0 @@
-
-# res
-
-  Response prototype.
-
-# res.status()
-
-  Set status `code`.
-
-# res.send()
-
-  Send a response.
-  
-  ## Examples
-  
-      res.send(new Buffer('wahoo'));
-      res.send({ some: 'json' });
-      res.send('<p>some html</p>');
-      res.send(404, 'Sorry, cant find that');
-      res.send(404);
-
-# res.json()
-
-  Send JSON response.
-  
-  ## Examples
-  
-      res.json(null);
-      res.json({ user: 'tj' });
-      res.json(500, 'oh noes!');
-      res.json(404, 'I dont have that');
-
-# res.sendfile()
-
-  Transfer the file at the given `path`.
-  
-  Automatically sets the _Content-Type_ response header field.
-  The callback `fn(err)` is invoked when the transfer is complete
-  or when an error occurs. Be sure to check `res.sentHeader`
-  if you wish to attempt responding, as the header and some data
-  may have already been transferred.
-  
-  ## Options
-  
-    - `maxAge` defaulting to 0
-    - `root`   root directory for relative filenames
-  
-  ## Examples
-  
-   The following example illustrates how `res.sendfile()` may
-   be used as an alternative for the `static()` middleware for
-   dynamic situations. The code backing `res.sendfile()` is actually
-   the same code, so HTTP cache support etc is identical.
-  
-      app.get('/user/:uid/photos/:file', function(req, res){
-        var uid = req.params.uid
-          , file = req.params.file;
-      
-        req.user.mayViewFilesFrom(uid, function(yes){
-          if (yes) {
-            res.sendfile('/uploads/' + uid + '/' + file);
-          } else {
-            res.send(403, 'Sorry! you cant see that.');
-          }
-        });
-      });
-
-# res.download()
-
-  Transfer the file at the given `path` as an attachment.
-  
-  Optionally providing an alternate attachment `filename`,
-  and optional callback `fn(err)`. The callback is invoked
-  when the data transfer is complete, or when an error has
-  ocurred. Be sure to check `res.headerSent` if you plan to respond.
-  
-  This method uses `res.sendfile()`.
-
-# res.format()
-
-  Respond to the Acceptable formats using an `obj`
-  of mime-type callbacks.
-  
-  This method uses `req.accepted`, an array of
-  acceptable types ordered by their quality values.
-  When "Accept" is not present the _first_ callback
-  is invoked, otherwise the first match is used. When
-  no match is performed the server responds with
-  406 "Not Acceptable".
-  
-  Content-Type is set for you, however if you choose
-  you may alter this within the callback using `res.type()`
-  or `res.set('Content-Type', ...)`.
-  
-     res.format({
-       'text/plain': function(){
-         res.send('hey');
-       },
-     
-       'text/html': function(){
-         res.send('<p>hey</p>');
-       },
-     
-       'appliation/json': function(){
-         res.send({ message: 'hey' });
-       }
-     });
-  
-  In addition to canonicalized MIME types you may
-  also use extnames mapped to these types:
-  
-     res.format({
-       text: function(){
-         res.send('hey');
-       },
-     
-       html: function(){
-         res.send('<p>hey</p>');
-       },
-     
-       json: function(){
-         res.send({ message: 'hey' });
-       }
-     });
-  
-  By default Express passes an `Error`
-  with a `.status` of 406 to `next(err)`
-  if a match is not made, however you may
-  provide an optional callback `fn` to
-  be invoked instead.
-
-# res.attachment()
-
-  Set _Content-Disposition_ header to _attachment_ with optional `filename`.
-
-# res.set
-
-  Set header `field` to `val`, or pass
-  an object of header fields.
-  
-  ## Examples
-  
-     res.set('Accept', 'application/json');
-     res.set({ Accept: 'text/plain', 'X-API-Key': 'tobi' });
-  
-  Aliased as `res.header()`.
-
-# res.get()
-
-  Get value for header `field`.
-
-# res.clearCookie()
-
-  Clear cookie `name`.
-
-# res.cookie()
-
-  Set cookie `name` to `val`, with the given `options`.
-  
-  ## Options
-  
-     - `maxAge`   max-age in milliseconds, converted to `expires`
-     - `signed`   sign the cookie
-     - `path`     defaults to "/"
-  
-  ## Examples
-  
-     // "Remember Me" for 15 minutes
-     res.cookie('rememberme', '1', { expires: new Date(Date.now() + 900000), httpOnly: true });
-  
-     // save as above
-     res.cookie('rememberme', '1', { maxAge: 900000, httpOnly: true })
-
-# res.redirect()
-
-  Redirect to the given `url` with optional response `status`
-  defaulting to 302.
-  
-  The given `url` can also be the name of a mapped url, for
-  example by default express supports "back" which redirects
-  to the _Referrer_ or _Referer_ headers or "/".
-  
-  ## Examples
-  
-     res.redirect('/foo/bar');
-     res.redirect('http://example.com');
-     res.redirect(301, 'http://example.com');
-     res.redirect('../login'); // /blog/post/1 -> /blog/login
-  
-  ## Mounting
-  
-    When an application is mounted, and `res.redirect()`
-    is given a path that does _not_ lead with "/". For 
-    example suppose a "blog" app is mounted at "/blog",
-    the following redirect would result in "/blog/login":
-  
-       res.redirect('login');
-  
-    While the leading slash would result in a redirect to "/login":
-  
-       res.redirect('/login');
-
-# res.render()
-
-  Render `view` with the given `options` and optional callback `fn`.
-  When a callback function is given a response will _not_ be made
-  automatically, otherwise a response of _200_ and _text/html_ is given.
-  
-  ## Options
-   
-   - `status`    Response status code (`res.statusCode`)
-   - `charset`   Set the charset (`res.charset`)
-  
-  ## Reserved locals
-  
-   - `cache`     boolean hinting to the engine it should cache
-   - `filename`  filename of the view being rendered
-
@@ -1,23 +1,26 @@
-
 /**
 * Module dependencies.
 */

-var express = require('../../lib/express')
-  , crypto = require('crypto');
+var express = require('../..')
+  , hash = require('./pass').hash;

 var app = module.exports = express();

+// config
+
+app.set('view engine', 'ejs');
+app.set('views', __dirname + '/views');
+
+// middleware
+
 app.use(express.bodyParser());
 app.use(express.cookieParser('shhhh, very secret'));
 app.use(express.session());

-app.set('view engine', 'ejs');
-app.set('views', __dirname + '/views');
-
 // Session-persisted message middleware

-app.locals.use(function(req,res){
+app.use(function(req, res, next){
  var err = req.session.error
    , msg = req.session.success;
  delete req.session.error;
@@ -25,28 +28,28 @@ app.locals.use(function(req,res){
  res.locals.message = '';
  if (err) res.locals.message = '<p class="msg error">' + err + '</p>';
  if (msg) res.locals.message = '<p class="msg success">' + msg + '</p>';
-})
+  next();
+});
+
+// dummy database

-// Generate a salt for the user to prevent rainbow table attacks
-// for better security take a look at the bcrypt c++ addon:
-// https://github.com/ncb000gt/node.bcrypt.js
 var users = {
-  tj: {
-      name: 'tj'
-    , salt: 'randomly-generated-salt'
-    , pass: hash('foobar', 'randomly-generated-salt')
-  }
+  tj: { name: 'tj' }
 };

-// Used to generate a hash of the plain-text password + salt
-function hash(msg, key) {
-  return crypto
-    .createHmac('sha256', key)
-    .update(msg)
-    .digest('hex');
-}
+// when you create a user, generate a salt
+// and hash the password ('foobar' is the pass here)
+
+hash('foobar', function(err, salt, hash){
+  if (err) throw err;
+  // store the salt & hash in the "db"
+  users.tj.salt = salt;
+  users.tj.hash = hash;
+});
+

 // Authenticate using our plain-object database of doom!
+
 function authenticate(name, pass, fn) {
  if (!module.parent) console.log('authenticating %s:%s', name, pass);
  var user = users[name];
@@ -55,9 +58,11 @@ function authenticate(name, pass, fn) {
  // apply the same algorithm to the POSTed password, applying
  // the hash against the pass / salt, if there is a match we
  // found the user
-  if (user.pass == hash(pass, user.salt)) return fn(null, user);
-  // Otherwise password is invalid
-  fn(new Error('invalid password'));
+  hash(pass, user.salt, function(err, hash){
+    if (err) return fn(err);
+    if (hash == user.hash) return fn(null, user);
+    fn(new Error('invalid password'));
+  })
 }

 function restrict(req, res, next) {
@@ -74,7 +79,7 @@ app.get('/', function(req, res){
 });

 app.get('/restricted', restrict, function(req, res){
-  res.send('Wahoo! restricted area');
+  res.send('Wahoo! restricted area, click to <a href="/logout">logout</a>');
 });

 app.get('/logout', function(req, res){
@@ -86,11 +91,6 @@ app.get('/logout', function(req, res){
 });

 app.get('/login', function(req, res){
-  if (req.session.user) {
-    req.session.success = 'Authenticated as ' + req.session.user.name
-      + ' click to <a href="/logout">logout</a>. '
-      + ' You may now access <a href="/restricted">/restricted</a>.';
-  }
  res.render('login');
 });

@@ -104,6 +104,9 @@ app.post('/login', function(req, res){
        // in the session store to be retrieved,
        // or in this case the entire user object
        req.session.user = user;
+        req.session.success = 'Authenticated as ' + user.name
+          + ' click to <a href="/logout">logout</a>. '
+          + ' You may now access <a href="/restricted">/restricted</a>.';
        res.redirect('back');
      });
    } else {
@@ -118,4 +121,4 @@ app.post('/login', function(req, res){
 if (!module.parent) {
  app.listen(3000);
  console.log('Express started on port 3000');
-}
+}
@@ -0,0 +1,46 @@
+
+// check out https://github.com/visionmedia/node-pwd
+
+/**
+ * Module dependencies.
+ */
+
+var crypto = require('crypto');
+
+/**
+ * Bytesize.
+ */
+
+var len = 128;
+
+/**
+ * Iterations. ~300ms
+ */
+
+var iterations = 12000;
+
+/**
+ * Hashes a password with optional `salt`, otherwise
+ * generate a salt for `pass` and invoke `fn(err, salt, hash)`.
+ *
+ * @param {String} password to hash
+ * @param {String} optional salt
+ * @param {Function} callback
+ * @api public
+ */
+
+exports.hash = function (pwd, salt, fn) {
+  if (3 == arguments.length) {
+    crypto.pbkdf2(pwd, salt, iterations, len, fn);
+  } else {
+    fn = salt;
+    crypto.randomBytes(len, function(err, salt){
+      if (err) return fn(err);
+      salt = salt.toString('base64');
+      crypto.pbkdf2(pwd, salt, iterations, len, function(err, hash){
+        if (err) return fn(err);
+        fn(null, salt, hash);
+      });
+    });
+  }
+};
@@ -0,0 +1,2 @@
+  </body>
+</html>
@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 <html>
  <head>
-    <title>Authentication Example</title>
+    <title><%= title %></title>
    <style>
      body {
        padding: 50px;
@@ -16,6 +16,3 @@
    </style>
  </head>
  <body>
-    <%- body %>
-  </body>
-</html>
@@ -1,3 +1,7 @@
+
+<% var title = 'Authentication Example' %>
+<% include head %>
+
 <h1>Login</h1>
 <%- message %>
 Try accessing <a href="/restricted">/restricted</a>, then authenticate with "tj" and "foobar".
@@ -13,4 +17,6 @@ Try accessing <a href="/restricted">/restricted</a>, then authenticate with "tj"
  <p>
    <input type="submit" value="Login">
  </p>
-</form>
+</form>
+
+<% include foot %>
@@ -0,0 +1,46 @@
+/**
+ * Module dependencies.
+ */
+
+var express = require('../..')
+  , app = express()
+  , api = express();
+
+// app middleware
+
+app.use(express.static(__dirname + '/public'));
+
+// api middleware
+
+api.use(express.logger('dev'));
+api.use(express.bodyParser());
+
+/**
+ * CORS support.
+ */
+
+api.all('*', function(req, res, next){
+  if (!req.get('Origin')) return next();
+  // use "*" here to accept any origin
+  res.set('Access-Control-Allow-Origin', 'http://localhost:3000');
+  res.set('Access-Control-Allow-Methods', 'GET, POST');
+  res.set('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type');
+  // res.set('Access-Control-Allow-Max-Age', 3600);
+  if ('OPTIONS' == req.method) return res.send(200);
+  next();
+});
+
+/**
+ * POST a user.
+ */
+
+api.post('/user', function(req, res){
+  console.log(req.body);
+  res.send(201);
+});
+
+app.listen(3000);
+api.listen(3001);
+
+console.log('app listening on 3000');
+console.log('api listening on 3001');
@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html>
+  <body>
+    <script>
+      var req = new XMLHttpRequest;
+      req.open('POST', 'http://localhost:3001/user', false);
+      req.setRequestHeader('Content-Type', 'application/json');
+      req.send('{"name":"tobi","species":"ferret"}');
+      console.log(req.responseText);
+    </script>
+  </body>
+</html>
@@ -31,16 +31,20 @@ app.set('view engine', 'html');

 // Dummy users
 var users = [
-    { name: 'tobi', email: 'tobi@learnboost.com' }
-  , { name: 'loki', email: 'loki@learnboost.com' }
-  , { name: 'jane', email: 'jane@learnboost.com' }
+  { name: 'tobi', email: 'tobi@learnboost.com' },
+  { name: 'loki', email: 'loki@learnboost.com' },
+  { name: 'jane', email: 'jane@learnboost.com' }
 ];

 app.get('/', function(req, res){
-  res.render('users', { users: users });
+  res.render('users', {
+    users: users,
+    title: "EJS example",
+    header: "Some users"
+  });
 });

 if (!module.parent) {
  app.listen(3000);
  console.log('Express app started on port 3000');
-}
+}
@@ -0,0 +1,2 @@
+</body>
+</html>
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <title> <%= title %> </title>
+  <style type="text/css">
+    body {
+      padding: 50px;
+      font: 13px Helvetica, Arial, sans-serif;
+    }
+  </style>
+</head>
+<body>
@@ -1,6 +1,10 @@
+<% include header.html %>
+
 <h1>Users</h1>
 <ul id="users">
  <% users.forEach(function(user){ %>
-    <li><%= user.name %> <%= user.email %></li>
+    <li><%= user.name %> &lt;<%= user.email %>&gt;</li>
  <% }) %>
-</ul>
+</ul>
+
+<% include footer.html %>
@@ -1,4 +1,3 @@
-
 /**
 * Module dependencies.
 */
@@ -7,9 +6,21 @@ var express = require('../../')
  , app = module.exports = express()
  , silent = 'test' == process.env.NODE_ENV;

+// general config
 app.set('views', __dirname + '/views');
 app.set('view engine', 'jade');

+// our custom "verbose errors" setting
+// which we can use in the templates
+// via settings['verbose errors']
+app.enable('verbose errors');
+
+// disable them in production
+// use $ NODE_ENV=production node examples/error-pages
+if ('production' == app.settings.env) {
+  app.disable('verbose errors');
+}
+
 app.use(express.favicon());

 silent || app.use(express.logger('dev'));
@@ -32,9 +43,10 @@ app.use(app.router);
 // $ curl http://localhost:3000/notfound -H "Accept: text/plain"

 app.use(function(req, res, next){
+  res.status(404);
+  
  // respond with html page
  if (req.accepts('html')) {
-    res.status(404);
    res.render('404', { url: req.url });
    return;
  }
@@ -76,16 +88,21 @@ app.get('/', function(req, res){
 });

 app.get('/404', function(req, res, next){
+  // trigger a 404 since no other middleware
+  // will match /404 after this one, and we're not
+  // responding here
  next();
 });

 app.get('/403', function(req, res, next){
+  // trigger a 403 error
  var err = new Error('not allowed!');
  err.status = 403;
  next(err);
 });

 app.get('/500', function(req, res, next){
+  // trigger a generic (500) error
  next(new Error('keyboard cat!'));
 });

@@ -7,4 +7,7 @@ extends error

 block content
  h1 Error: #{error.message}
-  pre= error.stack
+  if settings['verbose errors']
+    pre= error.stack
+  else
+    p An error ocurred!
@@ -8,8 +8,8 @@ block content
      | visit 
      a(href="/500") 500
    li
-      | visit
+      | visit 
      a(href="/404") 404
    li
-      | visit
+      | visit 
      a(href='/403') 403
@@ -45,14 +45,6 @@ app.use(function(req, res, next){
  next();
 });

-// if you wanted to _always_ expose
-// the user you might do something like this:
-/*
-app.locals.use(function(req, res){
-  if (req.user) res.locals.expose.user = req.user;
-})
-*/
-
 app.get('/', function(req, res){
  res.redirect('/user');
 });
@@ -9,10 +9,9 @@ var express = require('../../lib/express');

 var pub = __dirname + '/public';

-// Auto-compile sass to css with "compiler"
-// and then serve with connect's staticProvider
+// setup middleware

-var app = express.createServer();
+var app = express();
 app.use(app.router);
 app.use(express.static(pub));
 app.use(express.errorHandler());
@@ -1,3 +1,4 @@
 body {
  padding: 50px 80px;
-  font: 14px "Helvetica Nueue", "Lucida Grande", Arial, sans-serif;}
+  font: 14px "Helvetica Nueue", "Lucida Grande", Arial, sans-serif;
+}
@@ -3,7 +3,7 @@
 * Module dependencies.
 */

-var express = require('../../')
+var express = require('../..')
  , format = require('util').format;

 var app = module.exports = express()
@@ -25,8 +25,24 @@ app.response.message = function(msg){
  return this;
 };

+// log
+if (!module.parent) app.use(express.logger('dev'));
+
+// serve static files
+app.use(express.static(__dirname + '/public'));
+
+// session support
+app.use(express.cookieParser('some secret here'));
+app.use(express.session());
+
+// parse request bodies (req.body)
+app.use(express.bodyParser());
+
+// support _method (PUT in forms etc)
+app.use(express.methodOverride());
+
 // expose the "messages" local variable when views are rendered
-app.locals.use(function(req, res){
+app.use(function(req, res, next){
  var msgs = req.session.messages || [];

  // expose "messages" local variable
@@ -45,24 +61,9 @@ app.locals.use(function(req, res){
  // empty or "flush" the messages so they
  // don't build up
  req.session.messages = [];
+  next();
 });

-// log
-if (!module.parent) app.use(express.logger('dev'));
-
-// serve static files
-app.use(express.static(__dirname + '/public'));
-
-// session support
-app.use(express.cookieParser('some secret here'));
-app.use(express.session());
-
-// parse request bodies (req.body)
-app.use(express.bodyParser());
-
-// support _method (PUT in forms etc)
-app.use(express.methodOverride());
-
 // load controllers
 require('./lib/boot')(app, { verbose: !module.parent });

@@ -37,7 +37,6 @@ module.exports = function(parent, options){
        case 'show':
          method = 'get';
          path = '/' + name + '/:' + name + '_id';
-          app[method](path, obj[key]);
          break;
        case 'list':
          method = 'get';
@@ -0,0 +1,54 @@
+
+// first:
+// $ npm install redis online
+// $ redis-server
+
+/**
+ * Module dependencies.
+ */
+
+var express = require('../..')
+  , online = require('online')
+  , redis = require('redis')
+  , db = redis.createClient();
+
+// online
+
+online = online(db);
+
+// app
+
+var app = express();
+
+// activity tracking, in this case using
+// the UA string, you would use req.user.id etc
+
+app.use(function(req, res, next){
+  // fire-and-forget
+  online.add(req.headers['user-agent']);
+  next();
+});
+
+/**
+ * List helper.
+ */
+
+function list(ids) {
+  return '<ul>' + ids.map(function(id){
+    return '<li>' + id + '</li>';
+  }).join('') + '</ul>';
+}
+
+/**
+ * GET users online.
+ */
+
+app.get('/', function(req, res, next){
+  online.last(5, function(err, ids){
+    if (err) return next(err);
+    res.send('<p>Users online: ' + ids.length + '</p>' + list(ids));
+  });
+});
+
+app.listen(3000);
+console.log('listening on port 3000');
@@ -1,32 +0,0 @@
-
-/**
- * Module dependencies.
- */
-
-var express = require('../../lib/express');
-
-var app = express.createServer();
-
-// Optional since express defaults to CWD/views
-
-app.set('views', __dirname + '/views');
-
-// Set our default template engine to "jade"
-// which prevents the need for extensions
-// (although you can still mix and match)
-app.set('view engine', 'jade');
-
-// Dummy record
-var ninja = {
-  name: 'leonardo',
-  summary: { email: 'hunter.loftis+github@gmail.com', master: 'splinter', description: 'peaceful leader' },
-  weapons: ['katana', 'fists', 'shell'],
-  victims: ['shredder', 'brain', 'beebop', 'rocksteady']
-};
-
-app.get('/', function(req, res){
-  res.render('ninja', { ninja: ninja });
-});
-
-app.listen(3000);
-console.log('Express app started on port 3000');
@@ -1,5 +0,0 @@
-!!!
-html
-  head
-    title Partials Example
-  body!= body
@@ -1 +0,0 @@
-li= value
@@ -1 +0,0 @@
-li.weapon= weapon
@@ -1,22 +0,0 @@
-h1= ninja.name
-
-// file, partial name, and partial object all match ('summary')
-// the partial filename prefix '_' is completely optional.
-
-// In this case we need to specify ninja.summary as the object
-// option, since it is a "plain" object Express cannot otherwise
-// tell if it is intended to be locals, or THE summary object
-#summary!= partial('summary', { object: ninja.summary })
-
-// file, partial name = '_weapon', resolves to 'weapon' object within partial
-#weapons
-  h2 Weapons
-  // the weapon partial is rendered once per item in
-  // the weapons array or "collection"
-  ul!= partial('weapon', ninja.weapons)
-  
-// partial name 'victim' resolves to 'victim.jade'
-// or 'victim/index.jade', providing the "victim" local
-#victims
-  h2 Victims
-  ul!= partial('victim', ninja.victims)
@@ -1,4 +0,0 @@
-h2 Summary
-p= summary.email
-p= summary.description
-p taught by master #{summary.master}
@@ -1,5 +0,0 @@
-// this is insane overkill, I do not recommend
-// doing tiny partials like this as it gets expensive
-// with collections, however this illustrates the new
-// partial lookup mechanism
-!= partial('../../li', { object: victim, as: 'value' })
@@ -1,26 +0,0 @@
-
-/**
- * Module dependencies.
- */
-
-var vm = require('vm')
-  , fs = require('fs');
-
-module.exports = function(app, db){
-  var dir = __dirname + '/routes';
-  // grab a list of our route files
-  fs.readdirSync(dir).forEach(function(file){
-    var str = fs.readFileSync(dir + '/' + file, 'utf8');
-    // inject some pseudo globals by evaluating
-    // the file with vm.runInNewContext()
-    // instead of loading it with require(). require's
-    // internals use similar, so dont be afraid of "boot time".
-    var context = { app: app, db: db };
-    // we have to merge the globals for console, process etc
-    for (var key in global) context[key] = global[key];
-    // note that this is essentially no different than ... just using
-    // global variables, though it's only YOUR code that could influence
-    // them, which is a bonus.
-    vm.runInNewContext(str, context, file);
-  });
-};
@@ -1,20 +0,0 @@
-
-/**
- * Module dependencies.
- */
-
-var express = require('../../lib/express')
-  , app = express()
-  , db = { users: [] };
-
-app.set('views', __dirname + '/views');
-app.set('view engine', 'jade');
-app.use(express.bodyParser());
-
-// pretend db is a database, could be
-// whatever you like
-require('./boot')(app, db);
-
-app.listen(3000);
-console.log('Express app started on port 3000');
-
@@ -1,4 +0,0 @@
-
-app.get('/', function(req, res){
-  res.render('index');
-});
@@ -1,18 +0,0 @@
-
-app.get('/users', function(req, res){
-  res.render('user/list', { users: db.users });
-});
-
-app.get('/user/add', function(req, res){
-  res.render('user/add');
-});
-
-app.post('/user', function(req, res){
-  var user = req.body.user;
-  db.users.push(user);
-  res.redirect('/users');
-});
-
-app.get('/user/:id', function(req, res){
-  res.render('user');
-});
@@ -1,8 +0,0 @@
-
-extends layout
-
-block content
-  h2 Route sharing example
-  ul
-    li: a(href='/user/add') Add user
-    li: a(href='/users') User list
@@ -1,11 +0,0 @@
-doctype html
-html
-  head
-    title Route loading example
-    style
-      body {
-        padding: 50px;
-        font: 14px/1.5 solid helvetica, arial, sans-serif;
-      }
-  body
-    block content
@@ -1,9 +0,0 @@
-
-extends ../layout
-
-block content
-  h2 Add a user
-  form(action='/user', method='post')
-    p: input(type='text', name='user[name]', placeholder='Username')
-    p: input(type='text', name='user[email]', placeholder='Email')
-    p: input(type='submit', value='Add')
@@ -1,10 +0,0 @@
-
-extends ../layout
-
-block content
-  h1= user.name
-  table
-    tbody
-      tr
-        td Email
-        td= user.email
@@ -1,10 +0,0 @@
-
-extends ../layout
-
-block content
-  h1 Users
-  if users.length
-    for user in users
-      include index
-  else
-    p No users, head over to <a href='/user/add'>/user/add</a> to create one.
@@ -0,0 +1,63 @@
+
+var express = require('../../lib/express')
+  , verbose = process.env.NODE_ENV != 'test'
+  , app = module.exports = express();
+
+app.map = function(a, route){
+  route = route || '';
+  for (var key in a) {
+    switch (typeof a[key]) {
+      // { '/path': { ... }}
+      case 'object':
+        app.map(a[key], route + key);
+        break;
+      // get: function(){ ... }
+      case 'function':
+        if (verbose) console.log('%s %s', key, route);
+        app[key](route, a[key]);
+        break;
+    }
+  }
+};
+
+var users = {
+  list: function(req, res){
+    res.send('user list');
+  },
+
+  get: function(req, res){
+    res.send('user ' + req.params.uid);
+  },
+
+  del: function(req, res){
+    res.send('delete users');
+  }
+};
+
+var pets = {
+  list: function(req, res){
+    res.send('user ' + req.params.uid + '\'s pets');
+  },
+
+  del: function(req, res){
+    res.send('delete ' + req.params.uid + '\'s pet ' + req.params.pid);
+  }
+};
+
+app.map({
+  '/users': {
+    get: users.list,
+    del: users.del,
+    '/:uid': {
+      get: users.get,
+      '/pets': {
+        get: pets.list,
+        '/:pid': {
+          del: pets.del
+        }
+      }
+    }
+  }
+});
+
+app.listen(3000);
@@ -4,7 +4,7 @@

 var express = require('../../lib/express');

-var app = express.createServer();
+var app = express();

 // Example requests:
 //     curl http://localhost:3000/user/0
@@ -3,17 +3,19 @@
 * Module dependencies.
 */

-var express = require('../../lib/express')
-  , app = express.createServer()
+var express = require('../..')
+  , app = express()
  , site = require('./site')
  , post = require('./post')
  , user = require('./user');

 // Config

-app.set('view engine', 'ejs');
+app.set('view engine', 'jade');
 app.set('views', __dirname + '/views');
+app.use(express.logger('dev'));
 app.use(express.cookieParser());
+app.use(express.bodyParser());
 app.use(express.methodOverride());
 app.use(express.static(__dirname + '/public'));

@@ -35,4 +37,4 @@ app.put('/user/:id/edit', user.update);
 app.get('/posts', post.list);

 app.listen(3000);
-console.log('Express app started on port 3000');
+console.log('Express app started on port 3000');
@@ -2,9 +2,9 @@
 // Fake posts database

 var posts = [
-    { title: 'Foo', body: 'some foo bar' }
-  , { title: 'Foo bar', body: 'more foo bar' }
-  , { title: 'Foo bar baz', body: 'more foo bar baz' }
+  { title: 'Foo', body: 'some foo bar' },
+  { title: 'Foo bar', body: 'more foo bar' },
+  { title: 'Foo bar baz', body: 'more foo bar baz' }
 ];

 exports.list = function(req, res){
@@ -11,10 +11,10 @@ a.edit {
  opacity: .3;
 }
 a.edit::before {
-  content: '[ ';
+  content: ' [';
 }
 a.edit::after {
-  content: ' ]';
+  content: ']';
 }
 dt {
  font-weight: bold;
@@ -2,8 +2,8 @@
 // Fake user database

 var users = [
-    { name: 'TJ', email: 'tj@vision-media.ca' }
-  , { name: 'Tobi', email: 'tobi@vision-media.ca' }
+  { name: 'TJ', email: 'tj@vision-media.ca' },
+  { name: 'Tobi', email: 'tobi@vision-media.ca' }
 ];

 exports.list = function(req, res){
@@ -22,15 +22,15 @@ exports.load = function(req, res, next){

 exports.view = function(req, res){
  res.render('users/view', {
-      title: 'Viewing user ' + req.user.name
-    , user: req.user
+    title: 'Viewing user ' + req.user.name,
+    user: req.user
  });
 };

 exports.edit = function(req, res){
  res.render('users/edit', {
-      title: 'Editing user ' + req.user.name
-    , user: req.user
+    title: 'Editing user ' + req.user.name,
+    user: req.user
  });
 };

@@ -1,4 +0,0 @@
-<ul>
-  <li>Visit the <a href="/users">users</a> page</li>
-  <li>Visit the <a href="/posts">posts</a> page</li>
-</ul>
@@ -0,0 +1,6 @@
+extends layout
+
+block content
+  ul
+    li Visit the <a href="/users">users</a> page
+    li Visit the <a href="/posts">posts</a> page
@@ -1,9 +0,0 @@
-<html>
-  <head>
-    <title><%= title %></title>
-    <link href="/style.css" rel="stylesheet" />
-  </head>
-  <body>
-    <%- body %>
-  </body>
-</html>
@@ -0,0 +1,6 @@
+html
+  head
+    title= title
+    link(href="/style.css", rel="stylesheet")
+  body
+    block content
@@ -1,7 +0,0 @@
-<h1>Posts</h1>
-<dl id="posts">
-  <% posts.forEach(function(post){ %>
-    <dt><%= post.title %></dt>
-    <dd><%= post.body %></dd>
-  <% }) %>
-</dl>
@@ -0,0 +1,8 @@
+extends ../layout
+
+block content
+  h1 Posts
+  dl#posts
+    for post in posts
+      dt= post.title
+      dd= post.body
@@ -1,9 +0,0 @@
-<h1>Editing <%= user.name %></h1>
-<div id="user">
-  <form method="post">
-    <input type="hidden" value="put" name="_method" />
-    <p>Name: <input type="text" value="<%= user.name %>" name="user[name]"/></p>
-    <p>Email: <input type="text" value="<%= user.email %>" name="user[email]"/></p>
-    <p><input type="submit" value="Save" /></p>
-  </form>
-</div>
@@ -0,0 +1,13 @@
+extends ../layout
+
+block content
+  h1 Editing #{user.name}
+  #user
+    form(method="post")
+      input(type="hidden", value="put", name="_method")
+      p Name: 
+        input(type="text", value= user.name, name="user[name]")
+      p Email: 
+        input(type="text", value= user.email, name="user[email]")
+      p 
+        input(type="submit", value="Save")
@@ -1,9 +0,0 @@
-<h1>Users</h1>
-<ul id="users">
-  <% users.forEach(function(user, id){ %>
-    <li>
-      <a href="/user/<%= id %>"><%= user.name %></a>
-      <a class="edit" href="/user/<%= id %>/edit">edit</a>
-    </li>
-  <% }) %>
-</ul>
@@ -0,0 +1,9 @@
+extends ../layout
+
+block content
+  h1 Users
+  #users
+    for user, i in users
+      li
+        a(href="/user/#{i}")= user.name
+        a.edit(href="/user/#{i}/edit") edit
@@ -1,4 +0,0 @@
-<h1><%= user.name %></h1>
-<div id="user">
-  <p>Email: <%= user.email %></p>
-</div>
@@ -0,0 +1,6 @@
+extends ../layout
+
+block content
+  h1= user.name
+  #user
+    p Email: #{user.email}
@@ -1,44 +0,0 @@
-
-/**
- * Module dependencies.
- */
-
-var express = require('../../')
-  , path = require('path')
-  , exec = require('child_process').exec
-  , fs = require('fs');
-
-/**
- * Error handler.
- */
-
-function errorHandler(voice) {
-  return function(err, req, res, next) {
-    var parts = err.stack.split('\n')[1].split(/[()]/)[1].split(':')
-      , filename = parts.shift()
-      , basename = path.basename(filename)
-      , lineno = parts.shift()
-      , col = parts.shift()
-      , lines = fs.readFileSync(filename, 'utf8').split('\n')
-      , line = lines[lineno - 1].replace(/\./, ' ');
-
-    exec('say -v "' + voice + '" '
-      + err.message
-      + ' on line ' + lineno
-      + ' of ' + basename + '.'
-      + ' The contents of this line is '
-      + ' "' + line + '".');
-
-    res.send(500);
-  }
-}
-
-var app = express.createServer();
-
-app.get('/', function(request, response){
-  if (request.is(foo)) response.end('bar');
-});
-
-app.use(errorHandler('Vicki'));
-
-app.listen(3000);
@@ -0,0 +1,14 @@
+
+var search = document.querySelector('[type=search]');
+var code = document.querySelector('pre');
+
+search.addEventListener('keyup', function(){
+  var xhr = new XMLHttpRequest;
+  xhr.open('GET', '/search/' + search.value, true);
+  xhr.onreadystatechange = function(){
+    if (4 == xhr.readyState) {
+      code.textContent = xhr.responseText;
+    }
+  };
+  xhr.send();
+}, false);
@@ -0,0 +1,61 @@
+
+// first:
+// $ npm install redis
+// $ redis-server
+
+/**
+ * Module dependencies.
+ */
+
+var express = require('../..')
+  , redis = require('redis')
+  , db = redis.createClient();
+
+// npm install redis
+
+var app = express();
+
+app.set('view engine', 'jade');
+app.set('views', __dirname);
+
+// populate search
+
+db.sadd('ferret', 'tobi');
+db.sadd('ferret', 'loki');
+db.sadd('ferret', 'jane');
+db.sadd('cat', 'manny');
+db.sadd('cat', 'luna');
+
+/**
+ * GET the search page.
+ */
+
+app.get('/', function(req, res){
+  res.render('search');
+});
+
+/**
+ * GET search for :query.
+ */
+
+app.get('/search/:query?', function(req, res){
+  var query = req.params.query;
+  db.smembers(query, function(err, vals){
+    if (err) return res.send(500);
+    res.send(vals);
+  });
+});
+
+/**
+ * GET client javascript. Here we use sendfile()
+ * because serving __dirname with the static() middleware
+ * would also mean serving our server "index.js" and the "search.jade"
+ * template.
+ */
+
+app.get('/client.js', function(req, res){
+  res.sendfile(__dirname + '/client.js');
+});
+
+app.listen(3000);
+console.log('app listening on port 3000');
@@ -0,0 +1,15 @@
+!!! 5
+html
+  head
+    title Search example
+    style
+      body {
+        font: 14px "Helvetica Neue", Helvetica;
+        padding: 50px;
+      }
+  body
+    h2 Search
+    p Try searching for "ferret" or "cat".
+    input(type='search')
+    pre
+    script(src='client.js')
@@ -1,4 +1,8 @@

+// first:
+// $ npm install redis
+// $ redis-server
+
 var express = require('../..');

 var app = express();
@@ -25,4 +29,4 @@ app.get('/', function(req, res){
 });

 app.listen(3000);
-console.log('Express app started on port 3000');
+console.log('Express app started on port 3000');
@@ -0,0 +1,44 @@
+
+var express = require('../..');
+var app = express();
+
+// log requests
+app.use(express.logger('dev'));
+
+// express on its own has no notion
+// of a "file". The express.static()
+// middleware checks for a file matching
+// the `req.path` within the directory
+// that you pass it. In this case "GET /js/app.js"
+// will look for "./public/js/app.js".
+
+app.use(express.static(__dirname + '/public'));
+
+// if you wanted to "prefix" you may use
+// the mounting feature of Connect, for example
+// "GET /static/js/app.js" instead of "GET /js/app.js".
+// The mount-path "/static" is simply removed before
+// passing control to the express.static() middleware,
+// thus it serves the file correctly by ignoring "/static"
+app.use('/static', express.static(__dirname + '/public'));
+
+// if for some reason you want to serve files from
+// several directories, you can use express.static()
+// multiple times! Here we're passing "./public/css",
+// this will allow "GET /style.css" instead of "GET /css/style.css":
+app.use(express.static(__dirname + '/public/css'));
+
+// this examples does not have any routes, however
+// you may `app.use(app.router)` before or after these
+// static() middleware. If placed before them your routes
+// will be matched BEFORE file serving takes place. If placed
+// after as shown here then file serving is performed BEFORE
+// any routes are hit:
+app.use(app.router);
+
+app.listen(3000);
+console.log('listening on port 3000');
+console.log('try:');
+console.log('  GET /hello.txt');
+console.log('  GET /js/app.js');
+console.log('  GET /css/style.css');
@@ -0,0 +1,3 @@
+body {
+  
+}
@@ -0,0 +1 @@
+hey
@@ -0,0 +1 @@
+foo
@@ -1,51 +0,0 @@
-
-/**
- * Module dependencies.
- */
-
-var express = require('../../lib/express')
-  , stylus = require('stylus');
-
-var app = express.createServer();
-
-// $ npm install stylus
-
-// completely optional, however
-// the compile function allows you to
-// define additional functions exposed to Stylus,
-// alter settings, etc
-
-function compile(str, path) {
-  return stylus(str)
-    .set('filename', path)
-    .set('compress', true);
-};
-
-// add the stylus middleware, which re-compiles when
-// a stylesheet has changed, compiling FROM src,
-// TO dest. dest is optional, defaulting to src
-
-app.use(stylus.middleware({
-    src: __dirname + '/views'
-  , dest: __dirname + '/public'
-  , compile: compile
-}));
-
-
-// minimal setup both reading and writting to ./public
-// would look like:
-//   app.use(stylus.middleware({ src: __dirname + '/public' }));
-
-// the middleware itself does not serve the static
-// css files, so we need to expose them with staticProvider
-
-app.use(express.static(__dirname + '/public'));
-
-app.set('views', __dirname + '/views');
-
-app.get('/', function(req, res){
-  res.render('index.jade');
-});
-
-app.listen(3000);
-console.log('server listening on port 3000');
@@ -1 +0,0 @@
-*.css
@@ -1,2 +0,0 @@
-h1 Stylus
-p Just an example of using Stylus with Express.
@@ -1,6 +0,0 @@
-html
-  head
-    title Stylus Example
-    link(rel='stylesheet', href='/reset.css')
-    link(rel='stylesheet', href='/main.css')
-  body!= body
@@ -1,8 +0,0 @@
-
-body
-  font 14px helvetica, arial, sans-serif
-  padding 50px
-  h1
-    font-size 50px
-  p
-    margin 15px 0
@@ -3,13 +3,13 @@
 * Module dependencies.
 */

-var express = require('../../lib/express');
+var express = require('../..');

 // Edit /etc/vhosts

 // First app

-var one = express.createServer();
+var one = express();

 one.use(express.logger());

@@ -23,7 +23,7 @@ one.get('/:sub', function(req, res){

 // App two

-var two = express.createServer();
+var two = express();

 two.get('/', function(req, res){
  res.send('Hello from app two!')
@@ -31,7 +31,7 @@ two.get('/', function(req, res){

 // Redirect app

-var redirect = express.createServer();
+var redirect = express();

 redirect.all('*', function(req, res){
  console.log(req.subdomains);
@@ -40,7 +40,7 @@ redirect.all('*', function(req, res){

 // Main app

-var app = express.createServer();
+var app = express();

 app.use(express.vhost('*.localhost', redirect))
 app.use(express.vhost('localhost', one));
@@ -88,7 +88,6 @@ function count2(req, res, next) {
 function users2(req, res, next) {
  User.all(function(err, users){
    if (err) return next(err);
-    // this would not be ideal for *this*
    res.locals.users = users.filter(ferrets);
    next();
  })
@@ -102,32 +101,46 @@ app.get('/middleware-locals', count2, users2, function(req, res, next){
  res.render('user', { title: 'Users' });
 });

+// keep in mind that middleware may be placed anywhere
+// and in various combinations, so if you have locals
+// that you wish to make available to all subsequent
+// middleware/routes you can do something like this:

+/*

-
-// let's assume we wanted to load the users
-// and count for every res.render() call, we
-// could use app.locals.use() for this. These
-// are callbacks which run in parallel ONLY
-// when res.render() is invoked. If no views
-// are rendered, there is no overhead.
-
-// This may be ideal if you want to load auxiliary
-// user information, but only for templates. Note
-// that (req, res) are available to you, so you may
-// access req.session.user etc.
-
-// Keep in mind these execute in *parallel*, so these
-// callbacks should not depend on each other, this
-// also makes them slightly more efficient than
-// using middleware which execute sequentially
-
-app.locals.use(count2);
-app.locals.use(users2);
-
-app.get('/locals', function(req, res){
-  res.render('user', { title: 'Users' });
+app.use(function(req, res, next){
+  res.locals.user = req.user;
+  res.locals.sess = req.session;
+  next();
 });

+*/
+
+// or suppose you have some /admin
+// "global" local variables:
+
+/*
+
+app.use('/api', function(req, res, next){
+  res.locals.user = req.user;
+  res.locals.sess = req.session;
+  next();
+});
+
+*/
+
+// the following is effectively the same,
+// but uses a route instead:
+
+/*
+
+app.all('/api/*', function(req, res, next){
+  res.locals.user = req.user;
+  res.locals.sess = req.session;
+  next();
+});
+
+*/
+
 app.listen(3000);
 console.log('Application listening on port 3000');
@@ -1,21 +1,18 @@
-
 /**
 * Module dependencies.
 */

 var connect = require('connect')
  , Router = require('./router')
-  , methods = Router.methods.concat('del', 'all')
+  , methods = require('methods')
  , middleware = require('./middleware')
  , debug = require('debug')('express:application')
  , locals = require('./utils').locals
  , View = require('./view')
-  , url = require('url')
  , utils = connect.utils
  , path = require('path')
  , http = require('http')
-  , join = path.join
-  , fs = require('fs');
+  , join = path.join;

 /**
 * Application prototype.
@@ -34,7 +31,6 @@ var app = exports = module.exports = {};
 */

 app.init = function(){
-  var self = this;
  this.cache = {};
  this.settings = {};
  this.engines = {};
@@ -49,9 +45,8 @@ app.init = function(){
 */

 app.defaultConfiguration = function(){
-  var self = this;
-
  // default settings
+  this.enable('x-powered-by');
  this.set('env', process.env.NODE_ENV || 'development');
  debug('booting in %s mode', this.get('env'));

@@ -59,12 +54,11 @@ app.defaultConfiguration = function(){
  this.use(connect.query());
  this.use(middleware.init(this));

-  // inherit view callbacks
+  // inherit protos
  this.on('mount', function(parent){
    this.request.__proto__ = parent.request;
    this.response.__proto__ = parent.response;
    this.engines.__proto__ = parent.engines;
-    this.viewCallbacks = parent.viewCallbacks.slice(0);
  });

  // router
@@ -84,7 +78,8 @@ app.defaultConfiguration = function(){
  this.locals.settings = this.settings;

  // default configuration
-  this.enable('jsonp callback');
+  this.set('views', process.cwd() + '/views');
+  this.set('jsonp callback name', 'callback');

  this.configure('development', function(){
    this.set('json spaces', 2);
@@ -106,7 +101,7 @@ app.defaultConfiguration = function(){
 */

 app.use = function(route, fn){
-  var app, home, handle;
+  var app;

  // default route to '/'
  if ('string' != typeof route) fn = route, route = '/';
@@ -407,11 +402,12 @@ app.configure = function(env, fn){

 methods.forEach(function(method){
  app[method] = function(path){
-    if ('get' == method && 1 == arguments.length) return this.set(path); 
+    if ('get' == method && 1 == arguments.length) return this.set(path);
    var args = [method].concat([].slice.call(arguments));
    if (!this._usedRouter) this.use(this.router);
-    return this._router.route.apply(this._router, args);
-  }
+    this._router.route.apply(this._router, args);
+    return this;
+  };
 });

 /**
@@ -427,7 +423,6 @@ methods.forEach(function(method){
 app.all = function(path){
  var args = arguments;
  methods.forEach(function(method){
-    if ('all' == method || 'del' == method) return;
    app[method].apply(this, args);
  }, this);
  return this;
@@ -455,8 +450,7 @@ app.del = app.delete;
 */

 app.render = function(name, options, fn){
-  var self = this
-    , opts = {}
+  var opts = {}
    , cache = this.cache
    , engines = this.engines
    , view;
@@ -469,8 +463,8 @@ app.render = function(name, options, fn){
  // merge app.locals
  utils.merge(opts, this.locals);

-  // merge options.locals
-  if (options.locals) utils.merge(opts, options.locals);
+  // merge options._locals
+  if (options._locals) utils.merge(opts, options._locals);

  // merge options
  utils.merge(opts, options);
@@ -486,13 +480,15 @@ app.render = function(name, options, fn){
  // view
  if (!view) {
    view = new View(name, {
-        defaultEngine: this.get('view engine')
-      , root: this.get('views') || process.cwd() + '/views'
-      , engines: engines
+      defaultEngine: this.get('view engine'),
+      root: this.get('views'),
+      engines: engines
    });

    if (!view.path) {
-      return fn(new Error('Failed to lookup view "' + name + '"'));
+      var err = new Error('Failed to lookup view "' + name + '"');
+      err.view = view;
+      return fn(err);
    }

    // prime the cache
@@ -522,7 +518,7 @@ app.render = function(name, options, fn){
 *      , app = express();
 *
 *    http.createServer(app).listen(80);
- *    http.createServer({ ... }, app).listen(443);
+ *    https.createServer({ ... }, app).listen(443);
 *
 * @return {http.Server}
 * @api public
@@ -1,10 +1,8 @@
-
 /**
 * Module dependencies.
 */

-var http = require('http')
-  , connect = require('connect')
+var connect = require('connect')
  , proto = require('./application')
  , Route = require('./router/route')
  , Router = require('./router')
@@ -22,7 +20,7 @@ exports = module.exports = createApplication;
 * Framework version.
 */

-exports.version = '3.0.0beta3';
+exports.version = '3.0.5';

 /**
 * Expose mime.
@@ -48,7 +46,7 @@ function createApplication() {

 /**
 * Expose connect.middleware as express.*
- * for example `express.logger` etc. 
+ * for example `express.logger` etc.
 */

 for (var key in connect.middleware) {
@@ -59,10 +57,19 @@ for (var key in connect.middleware) {
 }

 /**
- * Backwards compat.
+ * Error on createServer().
 */

-exports.createServer = createApplication;
+exports.createServer = function(){
+  console.warn('Warning: express.createServer() is deprecated, express');
+  console.warn('applications no longer inherit from http.Server,');
+  console.warn('please use:');
+  console.warn('');
+  console.warn('  var express = require("express");');
+  console.warn('  var app = express();');
+  console.warn('');
+  return createApplication();
+};

 /**
 * Expose the prototypes.
@@ -79,12 +86,6 @@ exports.response = res;
 exports.Route = Route;
 exports.Router = Router;

-/**
- * Expose HTTP methods.
- */
-
-exports.methods = require('./router/methods');
-
 // Error handler title

 exports.errorHandler.title = 'Express';
@@ -18,7 +18,7 @@ var utils = require('./utils');
 exports.init = function(app){
  return function expressInit(req, res, next){
    req.app = res.app = app;
-    res.setHeader('X-Powered-By', 'Express');
+    if (app.settings['x-powered-by']) res.setHeader('X-Powered-By', 'Express');
    req.res = res;
    res.req = req;
    req.next = next;
@@ -26,7 +26,7 @@ exports.init = function(app){
    req.__proto__ = app.request;
    res.__proto__ = app.response;

-    res.locals = utils.locals(res);
+    res.locals = res.locals || utils.locals(res);

    next();
  }
@@ -7,6 +7,7 @@ var http = require('http')
  , utils = require('./utils')
  , connect = require('connect')
  , fresh = require('fresh')
+  , parseRange = require('range-parser')
  , parse = connect.utils.parseUrl
  , mime = connect.mime;

@@ -132,6 +133,32 @@ req.acceptsLanguage = function(lang){
    : true;
 };

+/**
+ * Parse Range header field,
+ * capping to the given `size`.
+ *
+ * Unspecified ranges such as "0-" require
+ * knowledge of your resource length. In
+ * the case of a byte range this is of course
+ * the total number of bytes. If the Range
+ * header field is not given `null` is returned,
+ * `-1` when unsatisfiable, `-2` when syntactically invalid.
+ *
+ * NOTE: remember that ranges are inclusive, so
+ * for example "Range: users=0-3" should respond
+ * with 4 users when available, not 3.
+ *
+ * @param {Number} size
+ * @return {Array}
+ * @api public
+ */
+
+req.range = function(size){
+  var range = this.get('Range');
+  if (!range) return;
+  return parseRange(size, range);
+};
+
 /**
 * Return an array of Accepted media types
 * ordered from highest quality to lowest.
@@ -341,6 +368,35 @@ req.__defineGetter__('ips', function(){
    : [];
 });

+/**
+ * Return basic auth credentials.
+ *
+ * Examples:
+ *
+ *    // http://tobi:hello@example.com
+ *    req.auth
+ *    // => { username: 'tobi', password: 'hello' }
+ *
+ * @return {Object} or undefined
+ * @api public
+ */
+
+req.__defineGetter__('auth', function(){
+  // missing
+  var auth = this.get('Authorization');
+  if (!auth) return;
+
+  // malformed
+  var parts = auth.split(' ');
+  if ('basic' != parts[0].toLowerCase()) return;
+  if (!parts[1]) return;
+  auth = parts[1];
+
+  // credentials
+  auth = new Buffer(auth, 'base64').toString().split(':');
+  return { username: auth[0], password: auth[1] };
+});
+
 /**
 * Return subdomains as an array.
 *
@@ -390,7 +446,18 @@ req.__defineGetter__('host', function(){
 */

 req.__defineGetter__('fresh', function(){
-  return fresh(this.headers, this.res._headers);
+  var method = this.method;
+  var s = this.res.statusCode;
+
+  // GET or HEAD for weak freshness validation only
+  if ('GET' != method && 'HEAD' != method) return false;
+
+  // 2xx or 304 as per rfc2616 14.26
+  if ((s >= 200 && s < 300) || 304 == s) {
+    return fresh(this.headers, this.res._headers);
+  }
+
+  return false;
 });

 /**
@@ -1,19 +1,18 @@
-
 /**
 * Module dependencies.
 */

-var fs = require('fs')
-  , http = require('http')
+var http = require('http')
  , path = require('path')
  , connect = require('connect')
  , utils = connect.utils
+  , sign = require('cookie-signature').sign
  , normalizeType = require('./utils').normalizeType
  , normalizeTypes = require('./utils').normalizeTypes
+  , etag = require('./utils').etag
  , statusCodes = http.STATUS_CODES
-  , send = connect.static.send
  , cookie = require('cookie')
-  , crc = require('crc')
+  , send = require('send')
  , mime = connect.mime
  , basename = path.basename
  , extname = path.extname
@@ -40,6 +39,27 @@ res.status = function(code){
  return this;
 };

+/**
+ * Set Link header field with the given `links`.
+ *
+ * Examples:
+ *
+ *    res.links({
+ *      next: 'http://api.example.com/users?page=2',
+ *      last: 'http://api.example.com/users?page=5'
+ *    });
+ *
+ * @param {Object} links
+ * @return {ServerResponse}
+ * @api public
+ */
+
+res.links = function(links){
+  return this.set('Link', Object.keys(links).map(function(rel){
+    return '<' + links[rel] + '>; rel="' + rel + '"';
+  }).join(', '));
+};
+
 /**
 * Send a response.
 *
@@ -64,12 +84,14 @@ res.send = function(body){

  // allow status / body
  if (2 == arguments.length) {
-    this.statusCode = body;
-    body = arguments[1];
+    // res.send(body, status) backwards compat
+    if ('number' != typeof body && 'number' == typeof arguments[1]) {
+      this.statusCode = arguments[1];
+    } else {
+      this.statusCode = body;
+      body = arguments[1];
+    }
  }
-  
-  // convert string objects to primitives
-  if (body instanceof String) body = body.toString();

  switch (typeof body) {
    // response status
@@ -107,9 +129,9 @@ res.send = function(body){
  // ETag support
  // TODO: W/ support
  if (len > 1024) {
-    if (!this.get('ETag')) this.set('ETag', Buffer.isBuffer(body)
-      ? crc.buffer.crc32(body)
-      : crc.crc32(body));
+    if (!this.get('ETag')) {
+      this.set('ETag', etag(body));
+    }
  }

  // freshness
@@ -119,6 +141,7 @@ res.send = function(body){
  if (204 == this.statusCode || 304 == this.statusCode) {
    this.removeHeader('Content-Type');
    this.removeHeader('Content-Length');
+    this.removeHeader('Transfer-Encoding');
    body = '';
  }

@@ -146,23 +169,72 @@ res.send = function(body){
 res.json = function(obj){
  // allow status / body
  if (2 == arguments.length) {
-    this.statusCode = obj;
-    obj = arguments[1];
+    // res.json(body, status) backwards compat
+    if ('number' == typeof arguments[1]) {
+      this.statusCode = arguments[1];
+    } else {
+      this.statusCode = obj;
+      obj = arguments[1];
+    }
  }

-  var app = this.app
-    , jsonp = app.get('jsonp callback')
-    , replacer = app.get('json replacer')
-    , spaces = app.get('json spaces')
-    , body = JSON.stringify(obj, replacer, spaces)
-    , callback = this.req.query.callback;
+  // settings
+  var app = this.app;
+  var replacer = app.get('json replacer');
+  var spaces = app.get('json spaces');
+  var body = JSON.stringify(obj, replacer, spaces);

+  // content-type
+  this.charset = this.charset || 'utf-8';
+  this.get('Content-Type') || this.set('Content-Type', 'application/json');
+  
+  return this.send(body);
+};
+
+/**
+ * Send JSON response with JSONP callback support.
+ *
+ * Examples:
+ *
+ *     res.jsonp(null);
+ *     res.jsonp({ user: 'tj' });
+ *     res.jsonp(500, 'oh noes!');
+ *     res.jsonp(404, 'I dont have that');
+ *
+ * @param {Mixed} obj or status
+ * @param {Mixed} obj
+ * @return {ServerResponse}
+ * @api public
+ */
+
+res.jsonp = function(obj){
+  // allow status / body
+  if (2 == arguments.length) {
+    // res.json(body, status) backwards compat
+    if ('number' == typeof arguments[1]) {
+      this.statusCode = arguments[1];
+    } else {
+      this.statusCode = obj;
+      obj = arguments[1];
+    }
+  }
+
+  // settings
+  var app = this.app;
+  var replacer = app.get('json replacer');
+  var spaces = app.get('json spaces');
+  var body = JSON.stringify(obj, replacer, spaces);
+  var callback = this.req.query[app.get('jsonp callback name')];
+
+  // content-type
  this.charset = this.charset || 'utf-8';
  this.set('Content-Type', 'application/json');
-
-  if (callback && jsonp) {
+  
+  // jsonp
+  if (callback) {
    this.set('Content-Type', 'text/javascript');
-    body = callback.replace(/[^[]\w$.]/g, '') + '(' + body + ');';
+    var cb = callback.replace(/[^\[\]\w$.]/g, '');
+    body = cb + ' && ' + cb + '(' + body + ');';
  }

  return this.send(body);
@@ -212,7 +284,8 @@ res.sendfile = function(path, options, fn){
  var self = this
    , req = self.req
    , next = this.req.next
-    , options = options || {};
+    , options = options || {}
+    , done;

  // support function as second arg
  if ('function' == typeof options) {
@@ -220,30 +293,49 @@ res.sendfile = function(path, options, fn){
    options = {};
  }

-  // callback
-  options.callback = function(err){
-    if (err) {
-      // cast ENOENT
-      if ('ENOENT' == err.code) err = utils.error(404);
+  // socket errors
+  req.socket.on('error', error);

-      // ditch content-disposition to prevent funky responses
-      if (!self.headerSent) self.removeHeader('Content-Disposition');
+  // errors
+  function error(err) {
+    if (done) return;
+    done = true;

-      // woot! callback available
-      if (fn) return fn(err);
+    // clean up
+    cleanup();
+    if (!self.headerSent) self.removeHeader('Content-Disposition');

-      // lost in limbo if there's no callback
-      if (self.headerSent) return;
+    // callback available
+    if (fn) return fn(err);

-      return req.next(err);
-    }
+    // list in limbo if there's no callback
+    if (self.headerSent) return;

-    fn && fn();
-  };
+    // delegate
+    next(err);
+  }
+
+  // streaming
+  function stream() {
+    if (done) return;
+    cleanup();
+    if (fn) self.on('finish', fn);
+  }
+
+  // cleanup
+  function cleanup() {
+    req.socket.removeListener('error', error);
+  }

  // transfer
-  options.path = encodeURIComponent(path);
-  send(this.req, this, next, options);
+  var file = send(req, path);
+  if (options.root) file.root(options.root);
+  file.maxage(options.maxAge || 0);
+  file.on('error', error);
+  file.on('directory', next);
+  file.on('stream', stream);
+  file.pipe(this);
+  this.on('finish', cleanup);
 };

 /**
@@ -346,21 +438,24 @@ res.type = function(type){
 *
 * By default Express passes an `Error`
 * with a `.status` of 406 to `next(err)`
- * if a match is not made, however you may
- * provide an optional callback `fn` to
- * be invoked instead.
+ * if a match is not made. If you provide
+ * a `.default` callback it will be invoked
+ * instead.
 *
 * @param {Object} obj
- * @param {Function} fn
 * @return {ServerResponse} for chaining
 * @api public
 */

-res.format = function(obj, fn){
-  var keys = Object.keys(obj)
-    , req = this.req
-    , next = req.next
-    , key = req.accepts(keys);
+res.format = function(obj){
+  var req = this.req
+    , next = req.next;
+
+  var fn = obj.default;
+  if (fn) delete obj.default;
+  var keys = Object.keys(obj);
+
+  var key = req.accepts(keys);

  this.set('Vary', 'Accept');

@@ -481,9 +576,10 @@ res.cookie = function(name, val, options){
  var signed = options.signed;
  if (signed && !secret) throw new Error('connect.cookieParser("secret") required for signed cookies');
  if ('object' == typeof val) val = 'j:' + JSON.stringify(val);
-  if (signed) val = utils.sign(val, secret);
+  if (signed) val = 's:' + sign(val, secret);
  if ('maxAge' in options) options.expires = new Date(Date.now() + options.maxAge);
  if (null == options.path) options.path = '/';
+  options.maxAge /= 1000;
  this.set('Set-Cookie', cookie.serialize(name, String(val), options));
  return this;
 };
@@ -501,6 +597,7 @@ res.cookie = function(name, val, options){
 *    res.redirect('/foo/bar');
 *    res.redirect('http://example.com');
 *    res.redirect(301, 'http://example.com');
+ *    res.redirect('http://example.com', 301);
 *    res.redirect('../login'); // /blog/post/1 -> /blog/login
 *
 * Mounting:
@@ -530,8 +627,12 @@ res.redirect = function(url){

  // allow status / url
  if (2 == arguments.length) {
-    status = url;
-    url = arguments[1];
+    if ('number' == typeof url) {
+      status = url;
+      url = arguments[1];
+    } else {
+      status = arguments[1];
+    }
  }

  // setup redirect map
@@ -541,34 +642,33 @@ res.redirect = function(url){
  url = map[url] || url;

  // relative
-  if (!~url.indexOf('://')) {
+  if (!~url.indexOf('://') && 0 != url.indexOf('//')) {
    var path = app.path();

    // relative to path
-    if (0 == url.indexOf('./') || 0 == url.indexOf('..')) {
+    if ('.' == url[0]) {
      url = req.path + '/' + url;
    // relative to mount-point
    } else if ('/' != url[0]) {
      url = path + '/' + url;
    }
-
-    // Absolute
-    var host = req.get('Host');
-    url = req.protocol + '://' + host + url;
  }

  // Support text/{plain,html} by default
  this.format({
    text: function(){
-      body = statusCodes[status] + '. Redirecting to ' + url;
+      body = statusCodes[status] + '. Redirecting to ' + encodeURI(url);
    },

    html: function(){
-      body = '<p>' + statusCodes[status] + '. Redirecting to <a href="' + url + '">' + url + '</a></p>';
+      var u = utils.escape(url);
+      body = '<p>' + statusCodes[status] + '. Redirecting to <a href="' + u + '">' + u + '</a></p>';
+    },
+
+    default: function(){
+      body = '';
    }
-  }, function(){
-    body = '';
-  })
+  });

  // Respond
  this.statusCode = status;
@@ -583,11 +683,6 @@ res.redirect = function(url){
 * automatically, otherwise a response of _200_ and _text/html_ is given.
 *
 * Options:
- *  
- *  - `status`    Response status code (`res.statusCode`)
- *  - `charset`   Set the charset (`res.charset`)
- *
- * Reserved locals:
 *
 *  - `cache`     boolean hinting to the engine it should cache
 *  - `filename`  filename of the view being rendered
@@ -609,41 +704,15 @@ res.render = function(view, options, fn){
    fn = options, options = {};
  }

-  function render() {
-    // merge res.locals
-    options.locals = self.locals;
+  // merge res.locals
+  options._locals = self.locals;

-    // default callback to respond
-    fn = fn || function(err, str){
-      if (err) return req.next(err);
-      self.send(str);
-    };
+  // default callback to respond
+  fn = fn || function(err, str){
+    if (err) return req.next(err);
+    self.send(str);
+  };

-    // render
-    app.render(view, options, fn);
-  }
-
-  // invoke view callbacks
-  var callbacks = app.viewCallbacks.concat(self.viewCallbacks)
-    , pending = callbacks.length
-    , len = pending
-    , done;
-
-  if (len) {
-    for (var i = 0; i < len; ++i) {
-      callbacks[i](req, self, function(err){
-        if (done) return;
-
-        if (err) {
-          req.next(err);
-          done = true;
-          return;
-        }
-
-        --pending || render();
-      });
-    }
-  } else {
-    render();
-  }
-};
+  // render
+  app.render(view, options, fn);
+};
@@ -1,4 +1,3 @@
-
 /**
 * Module dependencies.
 */
@@ -14,12 +13,6 @@ var Route = require('./route')

 exports = module.exports = Router;

-/**
- * Expose HTTP methods.
- */
-
-var methods = exports.methods = require('./methods');
-
 /**
 * Initialize a new `Router` with the given `options`.
 * 
@@ -99,8 +92,7 @@ Router.prototype._dispatch = function(req, res, next){
      , paramVal
      , route
      , keys
-      , key
-      , ret;
+      , key;

    // match next route
    function nextRoute(err) {
@@ -108,10 +100,7 @@ Router.prototype._dispatch = function(req, res, next){
    }

    // match route
-    req.route = route = self.match(req, i);
-
-    // implied OPTIONS
-    if (!route && 'OPTIONS' == req.method) return self._options(req, res);
+    req.route = route = self.matchRequest(req, i);

    // no route
    if (!route) return next(err);
@@ -168,7 +157,8 @@ Router.prototype._dispatch = function(req, res, next){
          if (fn.length < 4) return callbacks(err);
          fn(err, req, res, callbacks);
        } else if (fn) {
-          fn(req, res, callbacks);
+          if (fn.length < 4) return fn(req, res, callbacks);
+          callbacks();
        } else {
          nextRoute(err);
        }
@@ -179,41 +169,6 @@ Router.prototype._dispatch = function(req, res, next){
  })(0);
 };

-/**
- * Respond to __OPTIONS__ method.
- *
- * @param {IncomingMessage} req
- * @param {ServerResponse} res
- * @api private
- */
-
-Router.prototype._options = function(req, res){
-  var path = parse(req).pathname
-    , body = this._optionsFor(path).join(',');
-  res.set('Allow', body).send(body);
-};
-
-/**
- * Return an array of HTTP verbs or "options" for `path`.
- *
- * @param {String} path
- * @return {Array}
- * @api private
- */
-
-Router.prototype._optionsFor = function(path){
-  var self = this;
-  return methods.filter(function(method){
-    var routes = self.map[method];
-    if (!routes || 'options' == method) return;
-    for (var i = 0, len = routes.length; i < len; ++i) {
-      if (routes[i].match(path)) return true;
-    }
-  }).map(function(method){
-    return method.toUpperCase();
-  });
-};
-
 /**
 * Attempt to match a route for `req`
 * with optional starting index of `i`
@@ -225,7 +180,7 @@ Router.prototype._optionsFor = function(path){
 * @api private
 */

-Router.prototype.match = function(req, i, head){
+Router.prototype.matchRequest = function(req, i, head){
  var method = req.method.toLowerCase()
    , url = parse(req)
    , path = url.pathname
@@ -235,7 +190,7 @@ Router.prototype.match = function(req, i, head){

  // HEAD support
  if (!head && 'head' == method) {
-    route = this.match(req, i, true);
+    route = this.matchRequest(req, i, true);
    if (route) return route;
     method = 'get';
  }
@@ -254,6 +209,23 @@ Router.prototype.match = function(req, i, head){
  }
 };

+/**
+ * Attempt to match a route for `method`
+ * and `url` with optional starting
+ * index of `i` defaulting to 0.
+ *
+ * @param {String} method
+ * @param {String} url
+ * @param {Number} i
+ * @return {Route}
+ * @api private
+ */
+
+Router.prototype.match = function(method, url, i, head){
+  var req = { method: method, url: url };
+  return  this.matchRequest(req, i, head);
+};
+
 /**
 * Route `method`, `path`, and one or more callbacks.
 *
@@ -271,11 +243,17 @@ Router.prototype.route = function(method, path, callbacks){
  // ensure path was given
  if (!path) throw new Error('Router#' + method + '() requires a path');

+  // ensure all callbacks are functions
+  callbacks.forEach(function(fn){
+    if ('function' == typeof fn) return;
+    throw new Error('Router#' + method + '() requires all callbacks to be functions');
+  });
+
  // create the route
  debug('defined %s %s', method, path);
  var route = new Route(method, path, callbacks, {
-      sensitive: this.caseSensitive
-    , strict: this.strict
+    sensitive: this.caseSensitive,
+    strict: this.strict
  });

  // add it
@@ -1,30 +0,0 @@
-
-/**
- * HTTP methods supported by node.
- */
-
-module.exports = [
-    'get'
-  , 'post'
-  , 'put'
-  , 'head'
-  , 'delete'
-  , 'options'
-  , 'trace'
-  , 'copy'
-  , 'lock'
-  , 'mkcol'
-  , 'move'
-  , 'propfind'
-  , 'proppatch'
-  , 'unlock'
-  , 'report'
-  , 'mkactivity'
-  , 'checkout'
-  , 'merge'
-  , 'm-search'
-  , 'notify'
-  , 'subscribe'
-  , 'unsubscribe'
-  , 'patch'
-];
@@ -3,7 +3,20 @@
 * Module dependencies.
 */

-var mime = require('connect').mime;
+var mime = require('connect').mime
+  , crc32 = require('buffer-crc32');
+
+/**
+ * Return ETag for `body`.
+ *
+ * @param {String|Buffer} body
+ * @return {String}
+ * @api private
+ */
+
+exports.etag = function(body){
+  return '"' + crc32.signed(body) + '"';
+};

 /**
 * Make `locals()` bound to the given `obj`.
@@ -23,18 +36,6 @@ exports.locals = function(obj){
    return obj;
  };

-  locals.use = function(fn){
-    if (3 == fn.length) {
-      obj.viewCallbacks.push(fn);
-    } else {
-      obj.viewCallbacks.push(function(req, res, done){
-        fn(req, res);
-        done();
-      });
-    }
-    return obj;
-  };
-
  return locals;
 };

@@ -264,8 +265,7 @@ exports.pathRegexp = function(path, keys, sensitive, strict) {
  path = path
    .concat(strict ? '' : '/?')
    .replace(/\/\(/g, '(?:/')
-    .replace(/\+/g, '__plus__')
-    .replace(/(\/)?(\.)?:(\w+)(?:(\(.*?\)))?(\?)?/g, function(_, slash, format, key, capture, optional){
+    .replace(/(\/)?(\.)?:(\w+)(?:(\(.*?\)))?(\?)?(\*)?/g, function(_, slash, format, key, capture, optional, star){
      keys.push({ name: key, optional: !! optional });
      slash = slash || '';
      return ''
@@ -273,10 +273,10 @@ exports.pathRegexp = function(path, keys, sensitive, strict) {
        + '(?:'
        + (optional ? slash : '')
        + (format || '') + (capture || (format && '([^/.]+?)' || '([^/]+?)')) + ')'
-        + (optional || '');
+        + (optional || '')
+        + (star ? '(/*)?' : '');
    })
    .replace(/([\/.])/g, '\\$1')
-    .replace(/__plus__/g, '(.+)')
    .replace(/\*/g, '(.*)');
  return new RegExp('^' + path + '$', sensitive ? '' : 'i');
 }
@@ -1,21 +1,25 @@
 {
  "name": "express",
  "description": "Sinatra inspired web development framework",
-  "version": "3.0.0beta3",
+  "version": "3.0.5",
  "author": "TJ Holowaychuk <tj@vision-media.ca>",
-  "contributors": [ 
-    { "name": "TJ Holowaychuk", "email": "tj@vision-media.ca" }, 
+  "contributors": [
+    { "name": "TJ Holowaychuk", "email": "tj@vision-media.ca" },
    { "name": "Aaron Heckmann", "email": "aaron.heckmann+github@gmail.com" },
    { "name": "Ciaran Jessup", "email": "ciaranj@gmail.com" },
    { "name": "Guillermo Rauch", "email": "rauchg@gmail.com" }
  ],
  "dependencies": {
-    "connect": "2.3.3",
+    "connect": "2.7.1",
    "commander": "0.6.1",
-    "mkdirp": "0.3.2",
-    "cookie": "0.0.3",
-    "crc": "0.2.0",
-    "fresh": "0.0.1",
+    "range-parser": "0.0.4",
+    "mkdirp": "0.3.3",
+    "cookie": "0.0.5",
+    "buffer-crc32": "0.1.1",
+    "fresh": "0.1.0",
+    "methods": "0.0.1",
+    "send": "0.1.0",
+    "cookie-signature": "0.0.1",
    "debug": "*"
  },
  "devDependencies": {
@@ -26,10 +30,20 @@
    "stylus": "*",
    "should": "*",
    "connect-redis": "*",
-    "github-flavored-markdown": "*"
+    "github-flavored-markdown": "*",
+    "supertest": "0.0.1"
  },
-  "publishConfig": { "tag": "3.0" },
-  "keywords": ["express", "framework", "sinatra", "web", "rest", "restful", "router"],
+  "keywords": [
+    "express",
+    "framework",
+    "sinatra",
+    "web",
+    "rest",
+    "restful",
+    "router",
+    "app",
+    "api"
+  ],
  "repository": "git://github.com/visionmedia/express",
  "main": "index",
  "bin": { "express": "./bin/express" },
@@ -16,8 +16,6 @@ app.set('views', __dirname + '/views');
 app.set('view engine', 'jade');
 app.locals.self = true;

-var repo = require('../package.json');
-
 app.get('/render', function(req, res){
  res.render('hello');
 });
@@ -65,4 +63,4 @@ app.get('/match', function(req, res){
  res.send('Hello World\n');
 });

-app.listen(8000);
+app.listen(8000);
@@ -12,27 +12,53 @@ describe('Router', function(){
    app = express();
  })

-  describe('.match(req, i)', function(){
+  describe('.match(method, url, i)', function(){
+    it('should match based on index', function(){
+      router.route('get', '/foo', function(){});
+      router.route('get', '/foob?', function(){});
+      router.route('get', '/bar', function(){});
+
+      var method = 'GET';
+      var url = '/foo?bar=baz';
+
+      var route = router.match(method, url, 0);
+      route.constructor.name.should.equal('Route');
+      route.method.should.equal('get');
+      route.path.should.equal('/foo');
+
+      var route = router.match(method, url, 1);
+      route.path.should.equal('/foob?');
+
+      var route = router.match(method, url, 2);
+      assert(!route);
+
+      url = '/bar';
+      var route = router.match(method, url);
+      route.path.should.equal('/bar');
+    })
+  })
+  
+  describe('.matchRequest(req, i)', function(){
    it('should match based on index', function(){
      router.route('get', '/foo', function(){});
      router.route('get', '/foob?', function(){});
      router.route('get', '/bar', function(){});
      var req = { method: 'GET', url: '/foo?bar=baz' };

-      var route = router.match(req, 0);
+      var route = router.matchRequest(req, 0);
      route.constructor.name.should.equal('Route');
      route.method.should.equal('get');
      route.path.should.equal('/foo');

-      var route = router.match(req, 1);
+      var route = router.matchRequest(req, 1);
      req._route_index.should.equal(1);
      route.path.should.equal('/foob?');

-      var route = router.match(req, 2);
+      var route = router.matchRequest(req, 2);
      assert(!route);

      req.url = '/bar';
-      var route = router.match(req);
+      var route = router.matchRequest(req);
      route.path.should.equal('/bar');
    })
  })
@@ -50,4 +76,28 @@ describe('Router', function(){
      .expect('foo', done);
    })
  })
-})
+
+  describe('.multiple callbacks', function(){
+    it('should throw if a callback is null', function(){
+      assert.throws(function () {
+        router.route('get', '/foo', null, function(){});
+      })
+    })
+
+    it('should throw if a callback is undefined', function(){
+      assert.throws(function () {
+        router.route('get', '/foo', undefined, function(){});
+      })
+    })
+
+    it('should throw if a callback is not a function', function(){
+      assert.throws(function () {
+        router.route('get', '/foo', 'not a function', function(){});
+      })
+    })
+
+    it('should not throw if all callbacks are functions', function(){
+      router.route('get', '/foo', function(){}, function(){});
+    })
+  })
+})
@@ -1,8 +1,8 @@
 var app = require('../../examples/auth/app')
  , request = require('../support/http');

-function redirects(to,fn){
-  return function(res){
+function redirects(to, fn){
+  return function(err, res){
    res.statusCode.should.equal(302)
    res.headers.should.have.property('location').match(to);
    fn()
@@ -14,80 +14,29 @@ function getCookie(res) {
 }

 describe('auth', function(){
-  var cookie;
-
  describe('GET /',function(){
    it('should redirect to /login', function(done){
      request(app)
-        .get('/')
-        .end(redirects(/\/login$/,done))
+      .get('/')
+      .end(redirects(/\/login$/, done))
    })
  })

  describe('GET /restricted (w/o cookie)',function(){
    it('should redirect to /login', function(done){
      request(app)
-        .get('/restricted')
-        .end(redirects(/\/login$/,done))
+      .get('/restricted')
+      .end(redirects(/\/login$/,done))
    })
  })

  describe('POST /login', function(){
    it('should fail without proper credentials', function(done){
      request(app)
-        .post('/login')
-        .set('content-type','application/x-www-form-urlencoded')
-        .write('&username=not-tj&password=foobar')
-        .end(redirects(/\/login$/,done))
-    })
-
-    it('should authenticate', function(done){
-      request(app)
-        .post('/login')
-        .set('content-type', 'application/x-www-form-urlencoded')
-        .write('username=tj&password=foobar')
-        .end(function(res){
-          res.statusCode.should.equal(302);
-          cookie = getCookie(res);
-          request(app)
-            .get('/login')
-            .set('Cookie', cookie)
-            .end(function(res){
-              res.body.should.include('Authenticated as tj');
-              done();
-            })
-        })
-    })
-  })
-
-  describe('GET /restricted (w. cookie)',function(){
-    it('should respond with 200', function(done){
-      request(app)
-        .get('/restricted')
-        .set('Cookie', cookie)
-        .expect(200, done);
-    })
-  })
-
-  describe('GET /logout',function(){
-    it('should respond with 302 and clear cookie',function(done){
-      request(app)
-        .get('/logout')
-        .set('Cookie', cookie)
-        .end(function(res){
-          res.statusCode.should.equal(302);
-          res.headers.should.not.have.property('set-cookie')
-          done();
-        })
-    })
-  })
-
-  describe('GET /restricted (w. expired cookie)',function(){
-    it('should respond with 302',function(done){
-      request(app)
-        .get('/restricted')
-        .set('Cookie', cookie)
-        .expect(302, done)
+      .post('/login')
+      .type('urlencoded')
+      .send('username=not-tj&password=foobar')
+      .end(redirects(/\/login$/, done))
    })
  })
 })
@@ -7,20 +7,16 @@ describe('content-negotiation', function(){
    it('should default to text/html', function(done){
      request(app)
      .get('/')
-      .end(function(res){
-        res.body.should.equal('<ul><li>Tobi</li><li>Loki</li><li>Jane</li></ul>');
-        done();
-      })
+      .expect('<ul><li>Tobi</li><li>Loki</li><li>Jane</li></ul>')
+      .end(done);
    })

    it('should accept to text/plain', function(done){
      request(app)
      .get('/')
      .set('Accept', 'text/plain')
-      .end(function(res){
-        res.body.should.equal(' - Tobi\n - Loki\n - Jane\n');
-        done();
-      })
+      .expect(' - Tobi\n - Loki\n - Jane\n')
+      .end(done);
    })
  })
 })
@@ -1,3 +1,4 @@
+
 var app = require('../../examples/cookies/app')
  , request = require('../support/http');

@@ -5,29 +6,29 @@ describe('cookies', function(){
  describe('GET /', function(){
    it('should have a form', function(done){
      request(app)
-        .get('/')
-        .expect(/<form/,done)
+      .get('/')
+      .expect(/<form/, done);
    })
+
    it('should respond with no cookies', function(done){
      request(app)
-        .get('/')
-        .end(function(res){
-          res.headers.should.not.have.property('set-cookie')
-          done()
-        })
+      .get('/')
+      .end(function(err, res){
+        res.headers.should.not.have.property('set-cookie')
+        done()
+      })
    })
  })

  describe('POST /', function(){
    it('should set a cookie', function(done){
      request(app)
-        .post('/')
-        .set('Content-Type','application/x-www-form-urlencoded')
-        .write('remember=1')
-        .end(function(res){
-          res.headers.should.have.property('set-cookie')
-          done()
-        })
+      .post('/')
+      .send({ remember: 1 })
+      .end(function(err, res){
+        res.headers.should.have.property('set-cookie')
+        done()
+      })
    })
  })
 })
@@ -1,3 +1,4 @@
+
 var app = require('../../examples/downloads/app')
  , request = require('../support/http');

@@ -5,28 +6,28 @@ describe('downloads', function(){
  describe('GET /', function(){
    it('should have a link to amazing.txt', function(done){
      request(app)
-        .get('/')
-        .expect(/href="\/files\/amazing.txt"/,done)
+      .get('/')
+      .expect(/href="\/files\/amazing.txt"/, done)
    })
  })

  describe('GET /files/amazing.txt', function(){
    it('should have a download header', function(done){
      request(app)
-        .get('/files/amazing.txt')
-        .end(function(res){
-          res.should.have.property('statusCode',200)
-          res.headers.should.have.property('content-disposition', 'attachment; filename="amazing.txt"')
-          done()
-        })
+      .get('/files/amazing.txt')
+      .end(function(err, res){
+        res.status.should.equal(200);
+        res.headers.should.have.property('content-disposition', 'attachment; filename="amazing.txt"')
+        done()
+      })
    })
  })

  describe('GET /files/missing.txt', function(){
    it('should respond with 404', function(done){
      request(app)
-        .get('/files/missing.txt')
-        .expect(404,done)
+      .get('/files/missing.txt')
+      .expect(404, done)
    })
  })
 })
@@ -7,12 +7,12 @@ describe('ejs', function(){
    it('should respond with html', function(done){
      request(app)
      .get('/')
-      .end(function(res){
+      .end(function(err, res){
        res.should.have.status(200);
        res.should.have.header('Content-Type', 'text/html; charset=utf-8');
-        res.body.should.include('<li>tobi tobi@learnboost.com</li>');
-        res.body.should.include('<li>loki loki@learnboost.com</li>');
-        res.body.should.include('<li>jane jane@learnboost.com</li>');
+        res.text.should.include('<li>tobi &lt;tobi@learnboost.com&gt;</li>');
+        res.text.should.include('<li>loki &lt;loki@learnboost.com&gt;</li>');
+        res.text.should.include('<li>jane &lt;jane@learnboost.com&gt;</li>');
        done();
      });
    })
@@ -37,7 +37,6 @@ describe('error-pages', function(){
    })
  })

-
  describe('Accept: application/json',function(){
    describe('GET /403', function(){
      it('should respond with 403', function(done){
@@ -53,9 +52,8 @@ describe('error-pages', function(){
        request(app)
        .get('/404')
        .set('Accept','application/json')
-        .end(function(res){
-          res.should.have.property('statusCode',200)
-          res.should.have.property('body',JSON.stringify({error:'Not found'}))
+        .end(function(err, res){
+          res.body.should.eql({ error: 'Not found' });
          done()
        })
      })
@@ -65,7 +63,7 @@ describe('error-pages', function(){
      it('should respond with 500', function(done){
        request(app)
        .get('/500')
-        .set('Accept','application/json')
+        .set('Accept', 'application/json')
        .expect(500, done)
      })
    })
@@ -76,22 +74,19 @@ describe('error-pages', function(){
    describe('GET /403', function(){
      it('should respond with 403', function(done){
        request(app)
-          .get('/403')
-          .set('Accept','text/plain')
-          .expect(403, done)
+        .get('/403')
+        .set('Accept','text/plain')
+        .expect(403, done)
      })
    })

    describe('GET /404', function(){
      it('should respond with 404', function(done){
        request(app)
-          .get('/404')
-          .set('Accept','text/plain')
-          .end(function(res){
-            res.should.have.property('statusCode',200)
-            res.should.have.property('body','Not found')
-            done()
-          })
+        .get('/404')
+        .set('Accept', 'text/plain')
+        .expect(404)
+        .expect('Not found', done);
      })
    })

@@ -1,42 +0,0 @@
-
-var app = require('../../examples/multipart/app')
-  , request = require('../support/http')
-  , path = 'test/acceptance/fixtures/grey.png'
-  , fs = require('fs')
-
-var logo = fs.readFileSync(path)
-  , boundary = '------expressmultipart';
-
-describe('multipart', function(){
-  describe('GET /', function(){
-    it('should respond with a form', function(done){
-      request(app)
-        .get('/')
-        .expect(/<form/, done)
-    })
-  })
-
-  describe('POST /', function(){
-    it('should upload logo as multipart', function(done){
-      request(app)
-        .post('/')
-        .set('content-type','multipart/form-data; boundary='+boundary.slice(2))
-        .write(boundary + '\r\n')
-        .write('Content-Disposition: form-data; name="title"\r\n')
-        .write('\r\n')
-        .write('grey\r\n')
-        .write(boundary + '\r\n')
-        .write('Content-Disposition: form-data; name="image"; filename="grey.png"\r\n')
-        .write('Content-Type: image/png\r\n')
-        .write('\r\n')
-        .write(logo+'\r\n')
-        .write(boundary+'--\r\n')
-        .end(function(res){
-          res.body.should.match(/uploaded grey.png/)
-          res.body.should.match(/\(224 Kb\)/)
-          res.body.should.match(/as grey/)
-          done()
-        })
-    })
-  })
-})
@@ -7,7 +7,7 @@ describe('mvc', function(){
    it('should redirect to /users', function(done){
      request(app)
      .get('/')
-      .end(function(res){
+      .end(function(err, res){
        res.should.have.status(302);
        res.headers.location.should.include('/users');
        done();
@@ -19,11 +19,11 @@ describe('mvc', function(){
    it('should display a list of users', function(done){
      request(app)
      .get('/users')
-      .end(function(res){
-        res.body.should.include('<h1>Users</h1>');
-        res.body.should.include('>TJ<');
-        res.body.should.include('>Guillermo<');
-        res.body.should.include('>Nathan<');
+      .end(function(err, res){
+        res.text.should.include('<h1>Users</h1>');
+        res.text.should.include('>TJ<');
+        res.text.should.include('>Guillermo<');
+        res.text.should.include('>Nathan<');
        done();
      })
    })
@@ -34,8 +34,8 @@ describe('mvc', function(){
      it('should display the user', function(done){
        request(app)
        .get('/user/0')
-        .end(function(res){
-          res.body.should.include('<h1>TJ <a href="/user/0/edit">edit');
+        .end(function(err, res){
+          res.text.should.include('<h1>TJ <a href="/user/0/edit">edit');
          done();
        })
      })
@@ -43,10 +43,10 @@ describe('mvc', function(){
      it('should display the users pets', function(done){
        request(app)
        .get('/user/0')
-        .end(function(res){
-          res.body.should.include('/pet/0">Tobi');
-          res.body.should.include('/pet/1">Loki');
-          res.body.should.include('/pet/2">Jane');
+        .end(function(err, res){
+          res.text.should.include('/pet/0">Tobi');
+          res.text.should.include('/pet/1">Loki');
+          res.text.should.include('/pet/2">Jane');
          done();
        })
      })
@@ -65,9 +65,9 @@ describe('mvc', function(){
    it('should display the edit form', function(done){
      request(app)
      .get('/user/1/edit')
-      .end(function(res){
-        res.body.should.include('<h1>Guillermo</h1>');
-        res.body.should.include('value="put"');
+      .end(function(err, res){
+        res.text.should.include('<h1>Guillermo</h1>');
+        res.text.should.include('value="put"');
        done();
      })
    })
@@ -77,13 +77,12 @@ describe('mvc', function(){
    it('should update the user', function(done){
      request(app)
      .put('/user/1')
-      .set('Content-Type', 'application/json')
-      .write('{"user":{"name":"Tobo"}}')
-      .end(function(res){
+      .send({ user: { name: 'Tobo' }})
+      .end(function(err, res){
        request(app)
        .get('/user/1/edit')
-        .end(function(res){
-          res.body.should.include('<h1>Tobo</h1>');
+        .end(function(err, res){
+          res.text.should.include('<h1>Tobo</h1>');
          done();
        })
      })
@@ -37,7 +37,7 @@ describe('resource', function(){
  describe('DELETE /users/1', function(){
    it('should respond with users 1 through 3', function(done){
      request(app)
-        .delete('/users/1')
+        .del('/users/1')
        .expect(/^destroyed/,done)
    })
  })
--- a/Mostrar Mais
+++ b/Mostrar Mais