make express.Router() return a Router function instance

Similar to how express() returns an express `app` instance which is also a function, express.Router() returns the Router instance which is also a function and can be easily used via another router or the app. app.use(express.Router());
Merge pull request #1935 from visionmedia/router-params-middleware
2014-02-26 20:22:11 -05:00 · 2014-02-25 12:35:13 -05:00 · 2014-02-23 19:21:13 -05:00 · 2014-02-23 11:31:43 -05:00 · 2014-02-22 09:26:30 -05:00 · 2014-02-22 09:26:30 -05:00
@@ -1,3 +1,3 @@
 language: node_js
 node_js:
-  - 0.6
+  - "0.10"
@@ -1,23 +1,245 @@
+4.0.0 /
+==================

-3.0.3 / 2012-11-13 
+ * remove:
+   - express(1) - moved to [express-generator](https://github.com/expressjs/generator)
+   - `express.createServer()` - it has been deprecated for a long time. Use `express()`
+   - `app.configure` - use logic in your own app code
+   - `app.router` - is removed
+   - `req.accepted*` - use `req.accepts*()` instead
+   - `res.location` - relative URL resolution is removed
+   - all bundled middleware except `static`
+ * change:
+   - `app.route` -> `app.mountpath` when mounting an express app in another express app
+   - `json spaces` no longer enabled by default in development
+   - `req.accepts*` -> `req.accepts*s` - i.e. `req.acceptsEncoding` -> `req.acceptsEncodings`
+   - `req.params` is now an object instead of an array
+   - `res.locals` is no longer a function. It is a plain js object. Treat it as such.
+   - `res.headerSent` -> `res.headersSent` to match node.js ServerResponse object
+ * refactor:
+   - `req.accepts*` with [accepts](https://github.com/expressjs/accepts)
+   - `req.is` with [type-is](https://github.com/expressjs/type-is)
+ * add:
+   - `app.router()` - returns the app Router instance
+   - `app.route()` - Proxy to the app's `Router#route()` method to create a new route
+   - Router & Route - public API
+
+3.4.7 / 2013-12-10
+==================
+
+ * update connect
+
+3.4.6 / 2013-12-01
+==================
+
+ * update connect (raw-body)
+
+3.4.5 / 2013-11-27
+==================
+
+ * update connect
+ * res.location: remove leading ./ #1802 @kapouer
+ * res.redirect: fix `res.redirect('toString') #1829 @michaelficarra
+ * res.send: always send ETag when content-length > 0
+ * router: add Router.all() method
+
+3.4.4 / 2013-10-29
+==================
+
+ * update connect
+ * update supertest
+ * update methods
+ * express(1): replace bodyParser() with urlencoded() and json() #1795 @chirag04
+
+3.4.3 / 2013-10-23
+==================
+
+ * update connect
+
+3.4.2 / 2013-10-18
+==================
+
+ * update connect
+ * downgrade commander
+
+3.4.1 / 2013-10-15
+==================
+
+ * update connect
+ * update commander
+ * jsonp: check if callback is a function
+ * router: wrap encodeURIComponent in a try/catch #1735 (@lxe)
+ * res.format: now includes chraset @1747 (@sorribas)
+ * res.links: allow multiple calls @1746 (@sorribas)
+
+3.4.0 / 2013-09-07
+==================
+
+ * add res.vary(). Closes #1682
+ * update connect
+
+3.3.8 / 2013-09-02
+==================
+
+ * update connect
+
+3.3.7 / 2013-08-28
+==================
+
+ * update connect
+
+3.3.6 / 2013-08-27
+==================
+
+ * Revert "remove charset from json responses. Closes #1631" (causes issues in some clients)
+ * add: req.accepts take an argument list
+
+3.3.4 / 2013-07-08
+==================
+
+ * update send and connect
+
+3.3.3 / 2013-07-04
+==================
+
+ * update connect
+
+3.3.2 / 2013-07-03
+==================
+
+ * update connect
+ * update send
+ * remove .version export
+
+3.3.1 / 2013-06-27
+==================
+
+ * update connect
+
+3.3.0 / 2013-06-26
+==================
+
+ * update connect
+ * add support for multiple X-Forwarded-Proto values. Closes #1646
+ * change: remove charset from json responses. Closes #1631
+ * change: return actual booleans from req.accept* functions
+ * fix jsonp callback array throw
+
+3.2.6 / 2013-06-02
+==================
+
+ * update connect
+
+3.2.5 / 2013-05-21
+==================
+
+ * update connect
+ * update node-cookie
+ * add: throw a meaningful error when there is no default engine
+ * change generation of ETags with res.send() to GET requests only. Closes #1619
+
+3.2.4 / 2013-05-09
+==================
+
+  * fix `req.subdomains` when no Host is present
+  * fix `req.host` when no Host is present, return undefined
+
+3.2.3 / 2013-05-07
+==================
+
+  * update connect / qs
+
+3.2.2 / 2013-05-03
+==================
+
+  * update qs
+
+3.2.1 / 2013-04-29
+==================
+
+  * add app.VERB() paths array deprecation warning
+  * update connect
+  * update qs and remove all ~ semver crap
+  * fix: accept number as value of Signed Cookie
+
+3.2.0 / 2013-04-15
+==================
+
+  * add "view" constructor setting to override view behaviour
+  * add req.acceptsEncoding(name)
+  * add req.acceptedEncodings
+  * revert cookie signature change causing session race conditions
+  * fix sorting of Accept values of the same quality
+
+3.1.2 / 2013-04-12
+==================
+
+  * add support for custom Accept parameters
+  * update cookie-signature
+
+3.1.1 / 2013-04-01
+==================
+
+  * add X-Forwarded-Host support to `req.host`
+  * fix relative redirects
+  * update mkdirp
+  * update buffer-crc32
+  * remove legacy app.configure() method from app template.
+
+3.1.0 / 2013-01-25
+==================
+
+  * add support for leading "." in "view engine" setting
+  * add array support to `res.set()`
+  * add node 0.8.x to travis.yml
+  * add "subdomain offset" setting for tweaking `req.subdomains`
+  * add `res.location(url)` implementing `res.redirect()`-like setting of Location
+  * use app.get() for x-powered-by setting for inheritance
+  * fix colons in passwords for `req.auth`
+
+3.0.6 / 2013-01-04
+==================
+
+  * add http verb methods to Router
+  * update connect
+  * fix mangling of the `res.cookie()` options object
+  * fix jsonp whitespace escape. Closes #1132
+
+3.0.5 / 2012-12-19
+==================
+
+  * add throwing when a non-function is passed to a route
+  * fix: explicitly remove Transfer-Encoding header from 204 and 304 responses
+  * revert "add 'etag' option"
+
+3.0.4 / 2012-12-05
+==================
+
+  * add 'etag' option to disable `res.send()` Etags
+  * add escaping of urls in text/plain in `res.redirect()`
+    for old browsers interpreting as html
+  * change crc32 module for a more liberal license
+  * update connect
+
+3.0.3 / 2012-11-13
 ==================

  * update connect
  * update cookie module
  * fix cookie max-age

-3.0.2 / 2012-11-08 
+3.0.2 / 2012-11-08
 ==================

  * add OPTIONS to cors example. Closes #1398
  * fix route chaining regression. Closes #1397

-3.0.1 / 2012-11-01 
+3.0.1 / 2012-11-01
 ==================

  * update connect

-3.0.0 / 2012-10-23 
+3.0.0 / 2012-10-23
 ==================

  * add `make clean`
@@ -32,7 +254,7 @@
  * fix view-locals example. Closes #1370
  * fix route-separation example

-3.0.0rc5 / 2012-09-18 
+3.0.0rc5 / 2012-09-18
 ==================

  * update connect
@@ -41,7 +263,7 @@
  * add "x-powered-by" setting (`app.disable('x-powered-by')`)
  * add "application/octet-stream" redirect Accept test case. Closes #1317

-3.0.0rc4 / 2012-08-30 
+3.0.0rc4 / 2012-08-30
 ==================

  * add `res.jsonp()`. Closes #1307
@@ -54,14 +276,14 @@
  * fix jsonp callback char restrictions
  * remove old OPTIONS default response

-3.0.0rc3 / 2012-08-13 
+3.0.0rc3 / 2012-08-13
 ==================

  * update connect dep
  * fix signed cookies to work with `connect.cookieParser()` ("s:" prefix was missing) [tnydwrds]
  * fix `res.render()` clobbering of "locals"

-3.0.0rc2 / 2012-08-03 
+3.0.0rc2 / 2012-08-03
 ==================

  * add CORS example
@@ -70,7 +292,7 @@
  * fix: escape `res.redirect()` link
  * fix vhost example

-3.0.0rc1 / 2012-07-24 
+3.0.0rc1 / 2012-07-24
 ==================

  * add more examples to view-locals
@@ -81,12 +303,12 @@
  * fix `express(1)` -h flag, use -H for hogan. Closes #1245
  * fix `res.sendfile()` socket error handling regression

-3.0.0beta7 / 2012-07-16 
+3.0.0beta7 / 2012-07-16
 ==================

  * update connect dep for `send()` root normalization regression

-3.0.0beta6 / 2012-07-13 
+3.0.0beta6 / 2012-07-13
 ==================

  * add `err.view` property for view errors. Closes #1226
@@ -96,7 +318,7 @@
  * change `res.send` to use "response-send" module
  * remove `app.locals.use` and `res.locals.use`, use regular middleware

-3.0.0beta5 / 2012-07-03 
+3.0.0beta5 / 2012-07-03
 ==================

  * add "make check" support
@@ -107,7 +329,7 @@
  * update auth example to utilize cores pbkdf2
  * updated tests to use "supertest"

-3.0.0beta4 / 2012-06-25 
+3.0.0beta4 / 2012-06-25
 ==================

  * Added `req.auth`
@@ -119,7 +341,7 @@
  * Revert "Added + support to the router"
  * Fixed `res.send()` freshness check, respect res.statusCode

-3.0.0beta3 / 2012-06-15 
+3.0.0beta3 / 2012-06-15
 ==================

  * Added hogan `--hjs` to express(1) [nullfirm]
@@ -128,7 +350,7 @@
  * Changed: `res.send()` always checks freshness
  * Fixed: expose connects mime module. Cloases #1165

-3.0.0beta2 / 2012-06-06 
+3.0.0beta2 / 2012-06-06
 ==================

  * Added `+` support to the router
@@ -136,13 +358,13 @@
  * Changed `req.param()` to check route first
  * Update connect dep

-3.0.0beta1 / 2012-06-01 
+3.0.0beta1 / 2012-06-01
 ==================

  * Added `res.format()` callback to override default 406 behaviour
  * Fixed `res.redirect()` 406. Closes #1154

-3.0.0alpha5 / 2012-05-30 
+3.0.0alpha5 / 2012-05-30
 ==================

  * Added `req.ip`
@@ -151,14 +373,14 @@
  * Changed: dont reverse `req.ips`
  * Fixed "trust proxy" setting check for `req.ips`

-3.0.0alpha4 / 2012-05-09 
+3.0.0alpha4 / 2012-05-09
 ==================

  * Added: allow `[]` in jsonp callback. Closes #1128
  * Added `PORT` env var support in generated template. Closes #1118 [benatkin]
  * Updated: connect 2.2.2

-3.0.0alpha3 / 2012-05-04 
+3.0.0alpha3 / 2012-05-04
 ==================

  * Added public `app.routes`. Closes #887
@@ -173,7 +395,7 @@
  * Changed: `make test` now runs unit / acceptance tests
  * Fixed req/res proto inheritance

-3.0.0alpha2 / 2012-04-26 
+3.0.0alpha2 / 2012-04-26
 ==================

  * Added `make benchmark` back
@@ -189,7 +411,7 @@
  * Fixed session example. Closes #1105
  * Fixed generated express dep. Closes #1078

-3.0.0alpha1 / 2012-04-15 
+3.0.0alpha1 / 2012-04-15
 ==================

  * Added `app.locals.use(callback)`
@@ -244,54 +466,54 @@
  * Fixed `res.sendfile()` with non-GET. Closes #723
  * Fixed express(1) public dir for windows. Closes #866

-2.5.9/ 2012-04-02 
+2.5.9/ 2012-04-02
 ==================

  * Added support for PURGE request method [pbuyle]
  * Fixed `express(1)` generated app `app.address()` before `listening` [mmalecki]

-2.5.8 / 2012-02-08 
+2.5.8 / 2012-02-08
 ==================

  * Update mkdirp dep. Closes #991

-2.5.7 / 2012-02-06 
+2.5.7 / 2012-02-06
 ==================

  * Fixed `app.all` duplicate DELETE requests [mscdex]

-2.5.6 / 2012-01-13 
+2.5.6 / 2012-01-13
 ==================

  * Updated hamljs dev dep. Closes #953

-2.5.5 / 2012-01-08 
+2.5.5 / 2012-01-08
 ==================

  * Fixed: set `filename` on cached templates [matthewleon]

-2.5.4 / 2012-01-02 
+2.5.4 / 2012-01-02
 ==================

  * Fixed `express(1)` eol on 0.4.x. Closes #947

-2.5.3 / 2011-12-30 
+2.5.3 / 2011-12-30
 ==================

  * Fixed `req.is()` when a charset is present

-2.5.2 / 2011-12-10 
+2.5.2 / 2011-12-10
 ==================

  * Fixed: express(1) LF -> CRLF for windows

-2.5.1 / 2011-11-17 
+2.5.1 / 2011-11-17
 ==================

  * Changed: updated connect to 1.8.x
  * Removed sass.js support from express(1)

-2.5.0 / 2011-10-24 
+2.5.0 / 2011-10-24
 ==================

  * Added ./routes dir for generated app by default
@@ -300,7 +522,7 @@
  * Removed `make test-cov` since it wont work with node 0.5.x
  * Fixed express(1) public dir for windows. Closes #866

-2.4.7 / 2011-10-05 
+2.4.7 / 2011-10-05
 ==================

  * Added mkdirp to express(1). Closes #795
@@ -311,17 +533,17 @@
  * Fixed `req.flash()`, only escape args
  * Fixed absolute path checking on windows. Closes #829 [reported by andrewpmckenzie]

-2.4.6 / 2011-08-22 
+2.4.6 / 2011-08-22
 ==================

  * Fixed multiple param callback regression. Closes #824 [reported by TroyGoode]

-2.4.5 / 2011-08-19 
+2.4.5 / 2011-08-19
 ==================

  * Added support for routes to handle errors. Closes #809
  * Added `app.routes.all()`. Closes #803
-  * Added "basepath" setting to work in conjunction with reverse proxies etc.   
+  * Added "basepath" setting to work in conjunction with reverse proxies etc.
  * Refactored `Route` to use a single array of callbacks
  * Added support for multiple callbacks for `app.param()`. Closes #801
 Closes #805
@@ -329,25 +551,25 @@ Closes #805
  * Dependency: `qs >= 0.3.1`
  * Fixed `res.redirect()` on windows due to `join()` usage. Closes #808

-2.4.4 / 2011-08-05 
+2.4.4 / 2011-08-05
 ==================

  * Fixed `res.header()` intention of a set, even when `undefined`
  * Fixed `*`, value no longer required
  * Fixed `res.send(204)` support. Closes #771

-2.4.3 / 2011-07-14 
+2.4.3 / 2011-07-14
 ==================

  * Added docs for `status` option special-case. Closes #739
  * Fixed `options.filename`, exposing the view path to template engines

-2.4.2. / 2011-07-06 
+2.4.2. / 2011-07-06
 ==================

  * Revert "removed jsonp stripping" for XSS

-2.4.1 / 2011-07-06 
+2.4.1 / 2011-07-06
 ==================

  * Added `res.json()` JSONP support. Closes #737
@@ -359,14 +581,14 @@ Closes #805
  * Changed; default cookie path to "home" setting. Closes #731
  * Removed _pids/logs_ creation from express(1)

-2.4.0 / 2011-06-28 
+2.4.0 / 2011-06-28
 ==================

  * Added chainable `res.status(code)`
  * Added `res.json()`, an explicit version of `res.send(obj)`
  * Added simple web-service example

-2.3.12 / 2011-06-22 
+2.3.12 / 2011-06-22
 ==================

  * \#express is now on freenode! come join!
@@ -378,7 +600,7 @@ Closes #805
  * Fixed view layout bug. Closes #720
  * Fixed; ignore body on 304. Closes #701

-2.3.11 / 2011-06-04 
+2.3.11 / 2011-06-04
 ==================

  * Added `npm test`
@@ -386,14 +608,14 @@ Closes #805
  * Fixed; `express(1)` adds express as a dep
  * Fixed; prune on `prepublish`

-2.3.10 / 2011-05-27 
+2.3.10 / 2011-05-27
 ==================

  * Added `req.route`, exposing the current route
  * Added _package.json_ generation support to `express(1)`
  * Fixed call to `app.param()` function for optional params. Closes #682

-2.3.9 / 2011-05-25 
+2.3.9 / 2011-05-25
 ==================

  * Fixed bug-ish with `../' in `res.partial()` calls
@@ -412,7 +634,7 @@ Closes #805
  * Removed module.parent check from express(1) generated app. Closes #670
  * Refactored router. Closes #639

-2.3.6 / 2011-05-20 
+2.3.6 / 2011-05-20
 ==================

  * Changed; using devDependencies instead of git submodules
@@ -420,30 +642,30 @@ Closes #805
  * Fixed markdown example
  * Fixed view caching, should not be enabled in development

-2.3.5 / 2011-05-20 
+2.3.5 / 2011-05-20
 ==================

  * Added export `.view` as alias for `.View`

-2.3.4 / 2011-05-08 
+2.3.4 / 2011-05-08
 ==================

  * Added `./examples/say`
  * Fixed `res.sendfile()` bug preventing the transfer of files with spaces

-2.3.3 / 2011-05-03 
+2.3.3 / 2011-05-03
 ==================

  * Added "case sensitive routes" option.
  * Changed; split methods supported per rfc [slaskis]
  * Fixed route-specific middleware when using the same callback function several times

-2.3.2 / 2011-04-27 
+2.3.2 / 2011-04-27
 ==================

  * Fixed view hints

-2.3.1 / 2011-04-26 
+2.3.1 / 2011-04-26
 ==================

  * Added `app.match()` as `app.match.all()`
@@ -453,7 +675,7 @@ Closes #805
  * Fixed template caching collision issue. Closes #644
  * Moved router over from connect and started refactor

-2.3.0 / 2011-04-25 
+2.3.0 / 2011-04-25
 ==================

  * Added options support to `res.clearCookie()`
@@ -462,18 +684,18 @@ Closes #805
  * Changed; auto set Content-Type in res.attachement [Aaron Heckmann]
  * Renamed "cache views" to "view cache". Closes #628
  * Fixed caching of views when using several apps. Closes #637
-  * Fixed gotcha invoking `app.param()` callbacks once per route middleware. 
+  * Fixed gotcha invoking `app.param()` callbacks once per route middleware.
 Closes #638
  * Fixed partial lookup precedence. Closes #631
 Shaw]

-2.2.2 / 2011-04-12 
+2.2.2 / 2011-04-12
 ==================

  * Added second callback support for `res.download()` connection errors
  * Fixed `filename` option passing to template engine

-2.2.1 / 2011-04-04 
+2.2.1 / 2011-04-04
 ==================

  * Added `layout(path)` helper to change the layout within a view. Closes #610
@@ -487,7 +709,7 @@ Shaw]
  * Removed `request` and `response` locals
  * Changed; errorHandler page title is now `Express` instead of `Connect`

-2.2.0 / 2011-03-30 
+2.2.0 / 2011-03-30
 ==================

  * Added `app.lookup.VERB()`, ex `app.lookup.put('/user/:id')`. Closes #606
@@ -495,14 +717,14 @@ Shaw]
  * Added `app.VERB(path)` as alias of `app.lookup.VERB()`.
  * Dependency `connect >= 1.2.0`

-2.1.1 / 2011-03-29 
+2.1.1 / 2011-03-29
 ==================

  * Added; expose `err.view` object when failing to locate a view
  * Fixed `res.partial()` call `next(err)` when no callback is given [reported by aheckmann]
  * Fixed; `res.send(undefined)` responds with 204 [aheckmann]

-2.1.0 / 2011-03-24 
+2.1.0 / 2011-03-24
 ==================

  * Added `<root>/_?<name>` partial lookup support. Closes #447
@@ -513,20 +735,20 @@ Shaw]
  * Fixed stylus example for latest version
  * Fixed; wrap try/catch around `res.render()`

-2.0.0 / 2011-03-17 
+2.0.0 / 2011-03-17
 ==================

  * Fixed up index view path alternative.
  * Changed; `res.locals()` without object returns the locals

-2.0.0rc3 / 2011-03-17 
+2.0.0rc3 / 2011-03-17
 ==================

  * Added `res.locals(obj)` to compliment `res.local(key, val)`
  * Added `res.partial()` callback support
  * Fixed recursive error reporting issue in `res.render()`

-2.0.0rc2 / 2011-03-17 
+2.0.0rc2 / 2011-03-17
 ==================

  * Changed; `partial()` "locals" are now optional
@@ -535,14 +757,14 @@ Shaw]
  * Fixed blog example
  * Fixed `{req,res}.app` reference when mounting [Ben Weaver]

-2.0.0rc / 2011-03-14 
+2.0.0rc / 2011-03-14
 ==================

  * Fixed; expose `HTTPSServer` constructor
  * Fixed express(1) default test charset. Closes #579 [reported by secoif]
  * Fixed; default charset to utf-8 instead of utf8 for lame IE [reported by NickP]

-2.0.0beta3 / 2011-03-09 
+2.0.0beta3 / 2011-03-09
 ==================

  * Added support for `res.contentType()` literal
@@ -560,13 +782,13 @@ Shaw]
  * Fixed; default `res.send()` string charset to utf8
  * Removed `Partial` constructor (not currently used)

-2.0.0beta2 / 2011-03-07 
+2.0.0beta2 / 2011-03-07
 ==================

  * Added res.render() `.locals` support back to aid in migration process
  * Fixed flash example

-2.0.0beta / 2011-03-03 
+2.0.0beta / 2011-03-03
 ==================

  * Added HTTPS support
@@ -599,46 +821,46 @@ Shaw]
  * Fixed; strip unsafe chars from jsonp callbacks
  * Removed "stream threshold" setting

-1.0.8 / 2011-03-01 
+1.0.8 / 2011-03-01
 ==================

  * Allow `req.query` to be pre-defined (via middleware or other parent app)
  * "connect": ">= 0.5.0 < 1.0.0". Closes #547
  * Removed the long deprecated __EXPRESS_ENV__ support

-1.0.7 / 2011-02-07 
+1.0.7 / 2011-02-07
 ==================

  * Fixed `render()` setting inheritance.
    Mounted apps would not inherit "view engine"

-1.0.6 / 2011-02-07 
+1.0.6 / 2011-02-07
 ==================

  * Fixed `view engine` setting bug when period is in dirname

-1.0.5 / 2011-02-05 
+1.0.5 / 2011-02-05
 ==================

  * Added secret to generated app `session()` call

-1.0.4 / 2011-02-05 
+1.0.4 / 2011-02-05
 ==================

  * Added `qs` dependency to _package.json_
  * Fixed namespaced `require()`s for latest connect support

-1.0.3 / 2011-01-13 
+1.0.3 / 2011-01-13
 ==================

  * Remove unsafe characters from JSONP callback names [Ryan Grove]

-1.0.2 / 2011-01-10 
+1.0.2 / 2011-01-10
 ==================

  * Removed nested require, using `connect.router`

-1.0.1 / 2010-12-29 
+1.0.1 / 2010-12-29
 ==================

  * Fixed for middleware stacked via `createServer()`
@@ -646,7 +868,7 @@ Shaw]
    would not have access to Express methods such as `res.send()`
    or props like `req.query` etc.

-1.0.0 / 2010-11-16 
+1.0.0 / 2010-11-16
 ==================

  * Added; deduce partial object names from the last segment.
@@ -660,7 +882,7 @@ Shaw]
  * Added _-s, --session[s]_ flag to express(1) to add session related middleware
  * Added _--template_ flag to express(1) to specify the
    template engine to use.
-  * Added _--css_ flag to express(1) to specify the 
+  * Added _--css_ flag to express(1) to specify the
    stylesheet engine to use (or just plain css by default).
  * Added `app.all()` support [thanks aheckmann]
  * Added partial direct object support.
@@ -673,7 +895,7 @@ Shaw]
  * Fixed partial local inheritance precedence. [reported by Nick Poulden] Closes #454
  * Fixed jsonp support; _text/javascript_ as per mailinglist discussion

-1.0.0rc4 / 2010-10-14 
+1.0.0rc4 / 2010-10-14
 ==================

  * Added _NODE_ENV_ support, _EXPRESS_ENV_ is deprecated and will be removed in 1.0.0
@@ -692,7 +914,7 @@ Shaw]
  * Fixed; exposing _./support_ libs to examples so they can run without installs
  * Fixed mvc example

-1.0.0rc3 / 2010-09-20 
+1.0.0rc3 / 2010-09-20
 ==================

  * Added confirmation for `express(1)` app generation. Closes #391
@@ -715,7 +937,7 @@ Shaw]
  * Fixed bug messing with error handlers when `listenFD()` is called instead of `listen()`. [thanks guillermo]


-1.0.0rc2 / 2010-08-17 
+1.0.0rc2 / 2010-08-17
 ==================

  * Added `app.register()` for template engine mapping. Closes #390
@@ -728,7 +950,7 @@ Shaw]
  * Fixed `res.sendfile()` error handling, defer via `next()`
  * Fixed `res.render()` callback when a layout is used [thanks guillermo]
  * Fixed; `make install` creating ~/.node_libraries when not present
-  * Fixed issue preventing error handlers from being defined anywhere. Closes #387 
+  * Fixed issue preventing error handlers from being defined anywhere. Closes #387

 1.0.0rc / 2010-07-28
 ==================
@@ -746,7 +968,7 @@ Shaw]
  * Fixed "home" setting
  * Fixed middleware/router precedence issue. Closes #366
  * Fixed; _configure()_ callbacks called immediately. Closes #368
-	
+
 1.0.0beta2 / 2010-07-23
 ==================

@@ -881,7 +1103,7 @@ Shaw]
  * Updated dependencies
  * Removed set("session cookie") in favour of use(Session, { cookie: { ... }})
  * Removed utils.mixin(); use Object#mergeDeep()
-  
+
 0.8.0 / 2010-03-19
 ==================

@@ -948,16 +1170,16 @@ Shaw]

  * Added seed.yml for kiwi package management support
  * Added HTTP client query string support when method is GET. Closes #205
-  
+
  * Added support for arbitrary view engines.
    For example "foo.engine.html" will now require('engine'),
    the exports from this module are cached after the first require().
-    
+
  * Added async plugin support
-  
+
  * Removed usage of RESTful route funcs as http client
    get() etc, use http.get() and friends
-  
+
  * Removed custom exceptions

 0.5.0 / 2010-03-10
@@ -1,6 +1,6 @@
 (The MIT License)

-Copyright (c) 2009-2011 TJ Holowaychuk <tj@vision-media.ca>
+Copyright (c) 2009-2013 TJ Holowaychuk <tj@vision-media.ca>

 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the
@@ -1,5 +1,5 @@

-MOCHA_OPTS=
+MOCHA_OPTS= --check-leaks
 REPORTER = dot

 check: test
@@ -9,6 +9,7 @@ test: test-unit test-acceptance
 test-unit:
 	@NODE_ENV=test ./node_modules/.bin/mocha \
 		--reporter $(REPORTER) \
+		--globals setImmediate,clearImmediate \
 		$(MOCHA_OPTS)

 test-acceptance:
@@ -23,11 +24,11 @@ test-cov: lib-cov
 lib-cov:
 	@jscoverage lib lib-cov

-benchmark:
-	@./support/bench
+bench:
+	@$(MAKE) -C benchmarks

 clean:
 	rm -f coverage.html
 	rm -fr lib-cov

-.PHONY: test test-unit test-acceptance benchmark clean
+.PHONY: test test-unit test-acceptance bench clean
@@ -1,6 +1,8 @@
-![express logo](http://f.cl.ly/items/0V2S1n0K1i3y1c122g04/Screen%20Shot%202012-04-11%20at%209.59.42%20AM.png)
+[![express logo](http://f.cl.ly/items/0V2S1n0K1i3y1c122g04/Screen%20Shot%202012-04-11%20at%209.59.42%20AM.png)](http://expressjs.com/)

-  Fast, unopinionated, minimalist web framework for [node](http://nodejs.org). [![Build Status](https://secure.travis-ci.org/visionmedia/express.png)](http://travis-ci.org/visionmedia/express)
+  Fast, unopinionated, minimalist web framework for [node](http://nodejs.org).
+
+  [![Build Status](https://secure.travis-ci.org/visionmedia/express.png)](http://travis-ci.org/visionmedia/express) [![Gittip](http://img.shields.io/gittip/visionmedia.png)](https://www.gittip.com/visionmedia/)

 ```js
 var express = require('express');
@@ -48,112 +50,57 @@ app.listen(3000);

 ## Philosophy

-  The Express philosophy is to provide small, robust tooling for HTTP servers. Making
+  The Express philosophy is to provide small, robust tooling for HTTP servers, making
  it a great solution for single page applications, web sites, hybrids, or public
  HTTP APIs.
-  
-  Built on Connect you can use _only_ what you need, and nothing more, applications
+
+  Built on Connect, you can use _only_ what you need, and nothing more. Applications
  can be as big or as small as you like, even a single file. Express does
  not force you to use any specific ORM or template engine. With support for over
-  14 template engines via [Consolidate.js](http://github.com/visionmedia/consolidate.js)
+  14 template engines via [Consolidate.js](http://github.com/visionmedia/consolidate.js),
  you can quickly craft your perfect framework.

 ## More Information

+  * [Website and Documentation](http://expressjs.com/) stored at [visionmedia/expressjs.com](https://github.com/visionmedia/expressjs.com)
  * Join #express on freenode
  * [Google Group](http://groups.google.com/group/express-js) for discussion
  * Follow [tjholowaychuk](http://twitter.com/tjholowaychuk) on twitter for updates
  * Visit the [Wiki](http://github.com/visionmedia/express/wiki)
-  * [日本語ドキュメンテーション](http://hideyukisaito.com/doc/expressjs/) by [hideyukisaito](https://github.com/hideyukisaito)
-  * [Русскоязычная документация](http://express-js.ru/)
+  * [Русскоязычная документация](http://jsman.ru/express/)
+  * Run express examples [online](https://runnable.com/express)

 ## Viewing Examples

-Clone the Express repo, then install the dev dependencies to install all the example / test suite deps:
+Clone the Express repo, then install the dev dependencies to install all the example / test suite dependencies:

    $ git clone git://github.com/visionmedia/express.git --depth 1
    $ cd express
    $ npm install

-then run whichever tests you want:
+Then run whichever tests you want:

    $ node examples/content-negotiation

+You can also view live examples here:
+
+<a href="https://runnable.com/express" target="_blank"><img src="https://runnable.com/external/styles/assets/runnablebtn.png" style="width:67px;height:25px;"></a>
+
 ## Running Tests

-To run the test suite first invoke the following command within the repo, installing the development dependencies:
+To run the test suite, first invoke the following command within the repo, installing the development dependencies:

    $ npm install

-then run the tests:
+Then run the tests:

    $ make test

 ## Contributors

-```
-project: express
-commits: 3559
-active : 468 days
-files  : 237
-authors: 
- 1891	Tj Holowaychuk          53.1%
- 1285	visionmedia             36.1%
-  182	TJ Holowaychuk          5.1%
-   54	Aaron Heckmann          1.5%
-   34	csausdev                1.0%
-   26	ciaranj                 0.7%
-   21	Robert Sköld            0.6%
-    6	Guillermo Rauch         0.2%
-    3	Dav Glass               0.1%
-    3	Nick Poulden            0.1%
-    2	Randy Merrill           0.1%
-    2	Benny Wong              0.1%
-    2	Hunter Loftis           0.1%
-    2	Jake Gordon             0.1%
-    2	Brian McKinney          0.1%
-    2	Roman Shtylman          0.1%
-    2	Ben Weaver              0.1%
-    2	Dave Hoover             0.1%
-    2	Eivind Fjeldstad        0.1%
-    2	Daniel Shaw             0.1%
-    1	Matt Colyer             0.0%
-    1	Pau Ramon               0.0%
-    1	Pero Pejovic            0.0%
-    1	Peter Rekdal Sunde      0.0%
-    1	Raynos                  0.0%
-    1	Teng Siong Ong          0.0%
-    1	Viktor Kelemen          0.0%
-    1	ctide                   0.0%
-    1	8bitDesigner            0.0%
-    1	isaacs                  0.0%
-    1	mgutz                   0.0%
-    1	pikeas                  0.0%
-    1	shuwatto                0.0%
-    1	tstrimple               0.0%
-    1	ewoudj                  0.0%
-    1	Adam Sanderson          0.0%
-    1	Andrii Kostenko         0.0%
-    1	Andy Hiew               0.0%
-    1	Arpad Borsos            0.0%
-    1	Ashwin Purohit          0.0%
-    1	Benjen                  0.0%
-    1	Darren Torpey           0.0%
-    1	Greg Ritter             0.0%
-    1	Gregory Ritter          0.0%
-    1	James Herdman           0.0%
-    1	Jim Snodgrass           0.0%
-    1	Joe McCann              0.0%
-    1	Jonathan Dumaine        0.0%
-    1	Jonathan Palardy        0.0%
-    1	Jonathan Zacsh          0.0%
-    1	Justin Lilly            0.0%
-    1	Ken Sato                0.0%
-    1	Maciej Małecki          0.0%
-    1	Masahiro Hayashi        0.0%
-```
+  https://github.com/visionmedia/express/graphs/contributors

-## License 
+## License

 (The MIT License)

@@ -0,0 +1,13 @@
+
+all:
+	@./run 1 middleware
+	@./run 5 middleware
+	@./run 10 middleware
+	@./run 15 middleware
+	@./run 20 middleware
+	@./run 30 middleware
+	@./run 50 middleware
+	@./run 100 middleware
+	@echo
+
+.PHONY: all
@@ -0,0 +1,23 @@
+
+var http = require('http');
+var express = require('..');
+var app = express();
+
+// number of middleware
+
+var n = parseInt(process.env.MW || '1', 10);
+console.log('  %s middleware', n);
+
+while (n--) {
+  app.use(function(req, res, next){
+    next();
+  });
+}
+
+var body = new Buffer('Hello World');
+
+app.use(function(req, res, next){
+  res.send(body);
+});
+
+app.listen(3333);
@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+
+echo
+MW=$1 node $2 &
+pid=$!
+
+sleep 2
+
+wrk 'http://localhost:3333/?foo[bar]=baz' \
+  -d 3 \
+  -c 50 \
+  -t 8 \
+  | grep 'Requests/sec' \
+  | awk '{ print "  " $2 }'
+
+kill $pid
@@ -1,422 +0,0 @@
-#!/usr/bin/env node
-
-/**
- * Module dependencies.
- */
-
-var exec = require('child_process').exec
-  , program = require('commander')
-  , mkdirp = require('mkdirp')
-  , pkg = require('../package.json')
-  , version = pkg.version
-  , os = require('os')
-  , fs = require('fs');
-
-// CLI
-
-program
-  .version(version)
-  .option('-s, --sessions', 'add session support')
-  .option('-e, --ejs', 'add ejs engine support (defaults to jade)')
-  .option('-J, --jshtml', 'add jshtml engine support (defaults to jade)')
-  .option('-H, --hogan', 'add hogan.js engine support')
-  .option('-c, --css <engine>', 'add stylesheet <engine> support (less|stylus) (defaults to plain css)')
-  .option('-f, --force', 'force on non-empty directory')
-  .parse(process.argv);
-
-// Path
-
-var path = program.args.shift() || '.';
-
-// end-of-line code
-
-var eol = 'win32' == os.platform() ? '\r\n' : '\n'
-
-// Template engine
-
-program.template = 'jade';
-if (program.ejs) program.template = 'ejs';
-if (program.jshtml) program.template = 'jshtml';
-if (program.hogan) program.template = 'hjs';
-
-/**
- * Routes index template.
- */
-
-var index = [
-    ''
-  , '/*'
-  , ' * GET home page.'
-  , ' */'
-  , ''
-  , 'exports.index = function(req, res){'
-  , '  res.render(\'index\', { title: \'Express\' });'
-  , '};'
-].join(eol);
-
-/**
- * Routes users template.
- */
-
-var users = [
-    ''
-  , '/*'
-  , ' * GET users listing.'
-  , ' */'
-  , ''
-  , 'exports.list = function(req, res){'
-  , '  res.send("respond with a resource");'
-  , '};'
-].join(eol);
-
-/**
- * Jade layout template.
- */
-
-var jadeLayout = [
-    'doctype 5'
-  , 'html'
-  , '  head'
-  , '    title= title'
-  , '    link(rel=\'stylesheet\', href=\'/stylesheets/style.css\')'
-  , '  body'
-  , '    block content'
-].join(eol);
-
-/**
- * Jade index template.
- */
-
-var jadeIndex = [
-    'extends layout'
-  , ''
-  , 'block content'
-  , '  h1= title'
-  , '  p Welcome to #{title}'
-].join(eol);
-
-/**
- * EJS index template.
- */
-
-var ejsIndex = [
-    '<!DOCTYPE html>'
-  , '<html>'
-  , '  <head>'
-  , '    <title><%= title %></title>'
-  , '    <link rel=\'stylesheet\' href=\'/stylesheets/style.css\' />'
-  , '  </head>'
-  , '  <body>'
-  , '    <h1><%= title %></h1>'
-  , '    <p>Welcome to <%= title %></p>'
-  , '  </body>'
-  , '</html>'
-].join(eol);
-
-/**
- * JSHTML layout template.
- */
-
-var jshtmlLayout = [
-    '<!DOCTYPE html>'
-  , '<html>'
-  , '  <head>'
-  , '    <title> @write(title) </title>'
-  , '    <link rel=\'stylesheet\' href=\'/stylesheets/style.css\' />'
-  , '  </head>'
-  , '  <body>'
-  , '    @write(body)'
-  , '  </body>'
-  , '</html>'
-].join(eol);
-
-/**
- * JSHTML index template.
- */
-
-var jshtmlIndex = [
-    '<h1>@write(title)</h1>'
-  , '<p>Welcome to @write(title)</p>'
-].join(eol);
-
-/**
- * Hogan.js index template.
- */
-var hoganIndex = [
-    '<!DOCTYPE html>'
-  , '<html>'
-  , '  <head>'
-  , '    <title>{{ title }}</title>'
-  , '    <link rel=\'stylesheet\' href=\'/stylesheets/style.css\' />'
-  , '  </head>'
-  , '  <body>'
-  , '    <h1>{{ title }}</h1>'
-  , '    <p>Welcome to {{ title }}</p>'
-  , '  </body>'
-  , '</html>'
-].join(eol);
-
-/**
- * Default css template.
- */
-
-var css = [
-    'body {'
-  , '  padding: 50px;'
-  , '  font: 14px "Lucida Grande", Helvetica, Arial, sans-serif;'
-  , '}'
-  , ''
-  , 'a {'
-  , '  color: #00B7FF;'
-  , '}'
-].join(eol);
-
-/**
- * Default less template.
- */
-
-var less = [
-    'body {'
-  , '  padding: 50px;'
-  , '  font: 14px "Lucida Grande", Helvetica, Arial, sans-serif;'
-  , '}'
-  , ''
-  , 'a {'
-  , '  color: #00B7FF;'
-  , '}'
-].join(eol);
-
-/**
- * Default stylus template.
- */
-
-var stylus = [
-    'body'
-  , '  padding: 50px'
-  , '  font: 14px "Lucida Grande", Helvetica, Arial, sans-serif'
-  , 'a'
-  , '  color: #00B7FF'
-].join(eol);
-
-/**
- * App template.
- */
-
-var app = [
-    ''
-  , '/**'
-  , ' * Module dependencies.'
-  , ' */'
-  , ''
-  , 'var express = require(\'express\')'
-  , '  , routes = require(\'./routes\')'
-  , '  , user = require(\'./routes/user\')'
-  , '  , http = require(\'http\')'
-  , '  , path = require(\'path\');'
-  , ''
-  , 'var app = express();'
-  , ''
-  , 'app.configure(function(){'
-  , '  app.set(\'port\', process.env.PORT || 3000);'
-  , '  app.set(\'views\', __dirname + \'/views\');'
-  , '  app.set(\'view engine\', \':TEMPLATE\');'
-  , '  app.use(express.favicon());'
-  , '  app.use(express.logger(\'dev\'));'
-  , '  app.use(express.bodyParser());'
-  , '  app.use(express.methodOverride());{sess}'
-  , '  app.use(app.router);{css}'
-  , '  app.use(express.static(path.join(__dirname, \'public\')));'
-  , '});'
-  , ''
-  , 'app.configure(\'development\', function(){'
-  , '  app.use(express.errorHandler());'
-  , '});'
-  , ''
-  , 'app.get(\'/\', routes.index);'
-  , 'app.get(\'/users\', user.list);'
-  , ''
-  , 'http.createServer(app).listen(app.get(\'port\'), function(){'
-  , '  console.log("Express server listening on port " + app.get(\'port\'));'
-  , '});'
-  , ''
-].join(eol);
-
-// Generate application
-
-(function createApplication(path) {
-  emptyDirectory(path, function(empty){
-    if (empty || program.force) {
-      createApplicationAt(path);
-    } else {
-      program.confirm('destination is not empty, continue? ', function(ok){
-        if (ok) {
-          process.stdin.destroy();
-          createApplicationAt(path);
-        } else {
-          abort('aborting');
-        }
-      });
-    }
-  });
-})(path);
-
-/**
- * Create application at the given directory `path`.
- *
- * @param {String} path
- */
-
-function createApplicationAt(path) {
-  console.log();
-  process.on('exit', function(){
-    console.log();
-    console.log('   install dependencies:');
-    console.log('     $ cd %s && npm install', path);
-    console.log();
-    console.log('   run the app:');
-    console.log('     $ node app');
-    console.log();
-  });
-
-  mkdir(path, function(){
-    mkdir(path + '/public');
-    mkdir(path + '/public/javascripts');
-    mkdir(path + '/public/images');
-    mkdir(path + '/public/stylesheets', function(){
-      switch (program.css) {
-        case 'less':
-          write(path + '/public/stylesheets/style.less', less);
-          break;
-        case 'stylus':
-          write(path + '/public/stylesheets/style.styl', stylus);
-          break;
-        default:
-          write(path + '/public/stylesheets/style.css', css);
-      }
-    });
-
-    mkdir(path + '/routes', function(){
-      write(path + '/routes/index.js', index);
-      write(path + '/routes/user.js', users);
-    });
-
-    mkdir(path + '/views', function(){
-      switch (program.template) {
-        case 'ejs':
-          write(path + '/views/index.ejs', ejsIndex);
-          break;
-        case 'jade':
-          write(path + '/views/layout.jade', jadeLayout);
-          write(path + '/views/index.jade', jadeIndex);
-          break;
-        case 'jshtml':
-          write(path + '/views/layout.jshtml', jshtmlLayout);
-          write(path + '/views/index.jshtml', jshtmlIndex);
-          break;
-        case 'hjs':
-          write(path + '/views/index.hjs', hoganIndex);
-          break;
-
-      }
-    });
-
-    // CSS Engine support
-    switch (program.css) {
-      case 'less':
-        app = app.replace('{css}', eol + '  app.use(require(\'less-middleware\')({ src: __dirname + \'/public\' }));');
-        break;
-      case 'stylus':
-        app = app.replace('{css}', eol + '  app.use(require(\'stylus\').middleware(__dirname + \'/public\'));');
-        break;
-      default:
-        app = app.replace('{css}', '');
-    }
-
-    // Session support
-    app = app.replace('{sess}', program.sessions
-      ? eol + '  app.use(express.cookieParser(\'your secret here\'));' + eol + '  app.use(express.session());'
-      : '');
-
-    // Template support
-    app = app.replace(':TEMPLATE', program.template);
-
-    // package.json
-    var pkg = {
-        name: 'application-name'
-      , version: '0.0.1'
-      , private: true
-      , scripts: { start: 'node app' }
-      , dependencies: {
-        express: version
-      }
-    }
-
-    if (program.template) pkg.dependencies[program.template] = '*';
-
-    // CSS Engine support
-    switch (program.css) {
-      case 'less':
-        pkg.dependencies['less-middleware'] = '*';
-        break;
-      default:
-        if (program.css) {
-          pkg.dependencies[program.css] = '*';
-        }
-    }
-
-    write(path + '/package.json', JSON.stringify(pkg, null, 2));
-    write(path + '/app.js', app);
-  });
-}
-
-/**
- * Check if the given directory `path` is empty.
- *
- * @param {String} path
- * @param {Function} fn
- */
-
-function emptyDirectory(path, fn) {
-  fs.readdir(path, function(err, files){
-    if (err && 'ENOENT' != err.code) throw err;
-    fn(!files || !files.length);
-  });
-}
-
-/**
- * echo str > path.
- *
- * @param {String} path
- * @param {String} str
- */
-
-function write(path, str) {
-  fs.writeFile(path, str);
-  console.log('   \x1b[36mcreate\x1b[0m : ' + path);
-}
-
-/**
- * Mkdir -p.
- *
- * @param {String} path
- * @param {Function} fn
- */
-
-function mkdir(path, fn) {
-  mkdirp(path, 0755, function(err){
-    if (err) throw err;
-    console.log('   \033[36mcreate\033[0m : ' + path);
-    fn && fn();
-  });
-}
-
-/**
- * Exit with the given `str`.
- *
- * @param {String} str
- */
-
-function abort(str) {
-  console.error(str);
-  process.exit(1);
-}
@@ -1,25 +0,0 @@
-
-var http = require('http');
-
-var times = 50;
-
-while (times--) {
-  var req = http.request({
-      port: 3000
-    , method: 'POST'
-    , headers: { 'Content-Type': 'application/x-www-form-urlencoded' }
-  });
-
-  req.on('response', function(res){
-    console.log(res.statusCode);
-  });
-
-  var n = 500000;
-  while (n--) {
-    req.write('foo=bar&bar=baz&');
-  }
-
-  req.write('foo=bar&bar=baz');
-
-  req.end();
-}
@@ -3,7 +3,10 @@
 */

 var express = require('../..')
-  , hash = require('./pass').hash;
+  , hash = require('./pass').hash
+  , bodyParser = require('body-parser')
+  , cookieParser = require('cookie-parser')
+  , session = require('express-session')

 var app = module.exports = express();

@@ -14,9 +17,9 @@ app.set('views', __dirname + '/views');

 // middleware

-app.use(express.bodyParser());
-app.use(express.cookieParser('shhhh, very secret'));
-app.use(express.session());
+app.use(bodyParser());
+app.use(cookieParser('shhhh, very secret'));
+app.use(session());

 // Session-persisted message middleware

@@ -31,7 +31,9 @@ var iterations = 12000;

 exports.hash = function (pwd, salt, fn) {
  if (3 == arguments.length) {
-    crypto.pbkdf2(pwd, salt, iterations, len, fn);
+    crypto.pbkdf2(pwd, salt, iterations, len, function(err, hash){
+      fn(err, hash.toString('base64'));
+    });
  } else {
    fn = salt;
    crypto.randomBytes(len, function(err, salt){
@@ -39,7 +41,7 @@ exports.hash = function (pwd, salt, fn) {
      salt = salt.toString('base64');
      crypto.pbkdf2(pwd, salt, iterations, len, function(err, hash){
        if (err) return fn(err);
-        fn(null, salt, hash);
+        fn(null, salt, hash.toString('base64'));
      });
    });
  }
@@ -1,5 +1,6 @@

 var express = require('../..')
+  , logger = require('morgan')
  , app = express();

 app.set('views', __dirname);
@@ -14,11 +15,11 @@ while (n--) {
  pets.push({ name: 'Jane', age: 6, species: 'ferret' });
 }

-app.use(express.logger('dev'));
+app.use(logger('dev'));

 app.get('/', function(req, res){
  res.render('pets', { pets: pets });
 });

 app.listen(3000);
-console.log('Express listening on port 3000');
+console.log('Express listening on port 3000');
@@ -1,4 +1,4 @@
-style
+style.
  body {
    padding: 50px;
    font: 16px "Helvetica Neue", Helvetica;
@@ -1,8 +1,9 @@
-
 var express = require('../../')
  , app = module.exports = express()
  , users = require('./db');

+// so either you can deal with different types of formatting 
+// for expected response in index.js
 app.get('/', function(req, res){
  res.format({
    html: function(){
@@ -24,10 +25,11 @@ app.get('/', function(req, res){
 });

 // or you could write a tiny middleware like
-// this to abstract make things a bit more declarative:
+// this to add a layer of abstraction
+// and make things a bit more declarative:

-function format(mod) {
-  var obj = require(mod);
+function format(path) {
+  var obj = require(path);
  return function(req, res){
    res.format(obj);
  }
@@ -38,4 +40,4 @@ app.get('/users', format('./users'));
 if (!module.parent) {
  app.listen(3000);
  console.log('listening on port 3000');
-}
+}
@@ -4,17 +4,19 @@
 */

 var express = require('../../');
+var favicon = require('static-favicon');
+var cookie-parser = require('cookie-parser');

 var app = module.exports = express();

 // ignore GET /favicon.ico
-app.use(express.favicon());
+app.use(favicon());

 // pass a secret to cookieParser() for signed cookies
-app.use(express.cookieParser('manny is cool'));
+app.use(cookieParser('manny is cool'));

 // add req.session cookie support
-app.use(express.cookieSession());
+app.use(cookieSession());

 // do something with the session
 app.use(count);
@@ -29,4 +31,4 @@ function count(req, res) {
 if (!module.parent) {
  app.listen(3000);
  console.log('Express server listening on port 3000');
-}
+}
@@ -4,7 +4,11 @@
 */

 var express = require('../../')
-  , app = module.exports = express();
+  , app = module.exports = express()
+  , favicon = require('static-favicon')
+  , logger = require('morgan')
+  , cookieParser = require('cookie-parser')
+  , bodyParser = require('body-parser')


 // add favicon() before logger() so
@@ -12,20 +16,20 @@ var express = require('../../')
 // logged, because this middleware
 // reponds to /favicon.ico and does not
 // call next()
-app.use(express.favicon());
+app.use(favicon());

 // custom log format
 if ('test' != process.env.NODE_ENV)
-  app.use(express.logger(':method :url'));
+  app.use(logger(':method :url'));

 // parses request cookies, populating
 // req.cookies and req.signedCookies
-// when the secret is passed, used 
+// when the secret is passed, used
 // for signing the cookies.
-app.use(express.cookieParser('my secret here'));
+app.use(cookieParser('my secret here'));

 // parses json, x-www-form-urlencoded, and multipart/form-data
-app.use(express.bodyParser());
+app.use(bodyParser());

 app.get('/', function(req, res){
  if (req.cookies.remember) {
@@ -51,4 +55,4 @@ app.post('/', function(req, res){
 if (!module.parent){
  app.listen(3000);
  console.log('Express started on port 3000');
-}
+}
@@ -1,10 +1,11 @@
-
 /**
 * Module dependencies.
 */

 var express = require('../..')
+  , logger = require('morgan')
  , app = express()
+  , bodyParser = require('body-parser')
  , api = express();

 // app middleware
@@ -13,14 +14,15 @@ app.use(express.static(__dirname + '/public'));

 // api middleware

-api.use(express.logger('dev'));
-api.use(express.bodyParser());
+api.use(logger('dev'));
+api.use(bodyParser());

 /**
 * CORS support.
 */

 api.all('*', function(req, res, next){
+  if (!req.get('Origin')) return next();
  // use "*" here to accept any origin
  res.set('Access-Control-Allow-Origin', 'http://localhost:3000');
  res.set('Access-Control-Allow-Methods', 'GET, POST');
@@ -4,6 +4,8 @@

 var express = require('../../')
  , app = module.exports = express()
+  , logger = require('morgan')
+  , favicon = require('static-favicon')
  , silent = 'test' == process.env.NODE_ENV;

 // general config
@@ -21,18 +23,36 @@ if ('production' == app.settings.env) {
  app.disable('verbose errors');
 }

-app.use(express.favicon());
+app.use(favicon());

-silent || app.use(express.logger('dev'));
+silent || app.use(logger('dev'));

-// "app.router" positions our routes 
-// above the middleware defined below,
-// this means that Express will attempt
-// to match & call routes _before_ continuing
-// on, at which point we assume it's a 404 because
-// no route has handled the request.
+// Routes

-app.use(app.router);
+app.get('/', function(req, res){
+  res.render('index.jade');
+});
+
+app.get('/404', function(req, res, next){
+  // trigger a 404 since no other middleware
+  // will match /404 after this one, and we're not
+  // responding here
+  next();
+});
+
+app.get('/403', function(req, res, next){
+  // trigger a 403 error
+  var err = new Error('not allowed!');
+  err.status = 403;
+  next(err);
+});
+
+app.get('/500', function(req, res, next){
+  // trigger a generic (500) error
+  next(new Error('keyboard cat!'));
+});
+
+// Error handlers

 // Since this is the last non-error-handling
 // middleware use()d, we assume 404, as nothing else
@@ -44,7 +64,7 @@ app.use(app.router);

 app.use(function(req, res, next){
  res.status(404);
-  
+
  // respond with html page
  if (req.accepts('html')) {
    res.render('404', { url: req.url });
@@ -81,32 +101,8 @@ app.use(function(err, req, res, next){
  res.render('500', { error: err });
 });

-// Routes
-
-app.get('/', function(req, res){
-  res.render('index.jade');
-});
-
-app.get('/404', function(req, res, next){
-  // trigger a 404 since no other middleware
-  // will match /404 after this one, and we're not
-  // responding here
-  next();
-});
-
-app.get('/403', function(req, res, next){
-  // trigger a 403 error
-  var err = new Error('not allowed!');
-  err.status = 403;
-  next(err);
-});
-
-app.get('/500', function(req, res, next){
-  // trigger a generic (500) error
-  next(new Error('keyboard cat!'));
-});

 if (!module.parent) {
  app.listen(3000);
  silent || console.log('Express started on port 3000');
-}
+}
@@ -4,17 +4,11 @@
 */

 var express = require('../../')
+  , logger = require('morgan')
  , app = module.exports = express()
  , test = app.get('env') == 'test';

-if (!test) app.use(express.logger('dev'));
-app.use(app.router);
-
-// the error handler is strategically
-// placed *below* the app.router; if it
-// were above it would not receive errors
-// from app.get() etc 
-app.use(error);
+if (!test) app.use(logger('dev'));

 // error handling middleware have an arity of 4
 // instead of the typical (req, res, next),
@@ -42,7 +36,12 @@ app.get('/next', function(req, res, next){
  });
 });

+// the error handler is placed after routes
+// if it were above it would not receive errors
+// from app.get() etc
+app.use(error);
+
 if (!module.parent) {
  app.listen(3000);
  console.log('Express started on port 3000');
-}
+}
@@ -1,5 +1,6 @@

 var express = require('../..')
+  , logger = require('morgan')
  , app = express();

 app.set('view engine', 'jade');
@@ -23,7 +24,7 @@ User.prototype.toJSON = function(){
  }
 };

-app.use(express.logger('dev'));
+app.use(logger('dev'));

 // earlier on expose an object
 // that we can tack properties on.
@@ -57,4 +58,4 @@ app.get('/user', function(req, res){
 });

 app.listen(3000);
-console.log('app listening on port 3000');
+console.log('app listening on port 3000');
@@ -1,7 +1,7 @@
 html
  head
    title Express
-    script
+    script.
      // call this whatever you like,
      // or dump them into individual
      // props like "var user ="
@@ -10,5 +10,5 @@ html
    h1 Expose client data
    p The following was exposed to the client:
    pre
-      script
+      script.
        document.write(JSON.stringify(data, null, 2))
@@ -1,5 +1,5 @@
-!!! 5
+doctype html
 html
  include header
  body
-    block content
+    block content
@@ -3,9 +3,9 @@
 * Module dependencies.
 */

-var express = require('../../')
+var express = require('../..')
  , fs = require('fs')
-  , md = require('github-flavored-markdown').parse;
+  , md = require('marked').parse;

 var app = module.exports = express();

@@ -42,4 +42,4 @@ app.get('/fail', function(req, res){
 if (!module.parent) {
  app.listen(3000);
  console.log('Express started on port 3000');
-}
+}
@@ -1,5 +1,8 @@
-
 var express = require('../..');
+var logger = require('morgan');
+var session = require('express-session');
+var cookieParser = require('cookie-parser');
+var bodyParser = require('body-parser');

 var app = module.exports = express();

@@ -26,20 +29,17 @@ app.response.message = function(msg){
 };

 // log
-if (!module.parent) app.use(express.logger('dev'));
+if (!module.parent) app.use(logger('dev'));

 // serve static files
 app.use(express.static(__dirname + '/public'));

 // session support
-app.use(express.cookieParser('some secret here'));
-app.use(express.session());
+app.use(cookieParser('some secret here'));
+app.use(session());

 // parse request bodies (req.body)
-app.use(express.bodyParser());
-
-// support _method (PUT in forms etc)
-app.use(express.methodOverride());
+app.use(bodyParser());

 // expose the "messages" local variable when views are rendered
 app.use(function(req, res, next){
@@ -58,10 +58,10 @@ app.use(function(req, res, next){
   });
  */

+  next();
  // empty or "flush" the messages so they
  // don't build up
  req.session.messages = [];
-  next();
 });

 // load controllers
@@ -90,4 +90,4 @@ app.use(function(req, res, next){
 if (!module.parent) {
  app.listen(3000);
  console.log('\n  listening on port 3000\n');
-}
+}
@@ -5,6 +5,9 @@

 var express = require('../..')
  , app = express()
+  , logger = require('morgan')
+  , cookieParser = require('cookie-parser')
+  , bodyParser = require('body-parser')
  , site = require('./site')
  , post = require('./post')
  , user = require('./user');
@@ -13,10 +16,9 @@ var express = require('../..')

 app.set('view engine', 'jade');
 app.set('views', __dirname + '/views');
-app.use(express.logger('dev'));
-app.use(express.cookieParser());
-app.use(express.bodyParser());
-app.use(express.methodOverride());
+app.use(logger('dev'));
+app.use(cookieParser());
+app.use(bodyParser());
 app.use(express.static(__dirname + '/public'));

 // General
@@ -2,7 +2,7 @@
 html
  head
    title Search example
-    style
+    style.
      body {
        font: 14px "Helvetica Neue", Helvetica;
        padding: 50px;
@@ -7,8 +7,6 @@ var express = require('../..');

 var app = express();

-app.use(express.logger('dev'));
-
 // Required by session() middleware
 // pass the secret for signed cookies
 // (required by session())
@@ -1,9 +1,10 @@

 var express = require('../..');
+var logger = require('morgan');
 var app = express();

 // log requests
-app.use(express.logger('dev'));
+app.use(logger('dev'));

 // express on its own has no notion
 // of a "file". The express.static()
@@ -41,4 +42,4 @@ console.log('listening on port 3000');
 console.log('try:');
 console.log('  GET /hello.txt');
 console.log('  GET /js/app.js');
-console.log('  GET /css/style.css');
+console.log('  GET /css/style.css');
@@ -1,32 +1,30 @@
-
 /**
 * Module dependencies.
 */

 var express = require('../..');
+var logger = require('morgan');

-// Edit /etc/vhosts
+/*
+edit /etc/hosts:

-// First app
+127.0.0.1       foo.example.com
+127.0.0.1       bar.example.com
+127.0.0.1       example.com
+*/

-var one = express();
+// Main server app

-one.use(express.logger());
+var main = express();

-one.get('/', function(req, res){
-  res.send('Hello from app one!')
+main.use(logger('dev'));
+
+main.get('/', function(req, res){
+  res.send('Hello from main app!')
 });

-one.get('/:sub', function(req, res){
-  res.send('requsted ' + req.params.sub);
-});
-
-// App two
-
-var two = express();
-
-two.get('/', function(req, res){
-  res.send('Hello from app two!')
+main.get('/:sub', function(req, res){
+  res.send('requested ' + req.params.sub);
 });

 // Redirect app
@@ -35,16 +33,15 @@ var redirect = express();

 redirect.all('*', function(req, res){
  console.log(req.subdomains);
-  res.redirect('http://localhost:3000/' + req.subdomains[0]);
+  res.redirect('http://example.com:3000/' + req.subdomains[0]);
 });

-// Main app
+// Vhost app

 var app = express();

-app.use(express.vhost('*.localhost', redirect))
-app.use(express.vhost('localhost', one));
-app.use(express.vhost('dev', two));
+app.use(express.vhost('*.example.com', redirect)) // Serves all subdomains via Redirect app
+app.use(express.vhost('example.com', main)); // Serves top level domain via Main server app 

 app.listen(3000);
-console.log('Express app started on port 3000');
+console.log('Express app started on port 3000');
@@ -0,0 +1,52 @@
+
+/**
+ * Module dependencies.
+ */
+
+var http = require('http')
+  , path = require('path')
+  , extname = path.extname
+
+/**
+ * Expose `GithubView`.
+ */
+
+module.exports = GithubView;
+
+/**
+ * Custom view that fetches and renders
+ * remove github templates. You could
+ * render templates from a database etc.
+ */
+
+function GithubView(name, options){
+  this.name = name;
+  options = options || {};
+  this.engine = options.engines[extname(name)];
+  // "root" is the app.set('views') setting, however
+  // in your own implementation you could ignore this
+  this.path = '/' + options.root + '/master/' + name;
+}
+
+/**
+ * Render the view.
+ */
+
+GithubView.prototype.render = function(options, fn){
+  var self = this;
+  var opts = {
+    host: 'rawgithub.com',
+    port: 80,
+    path: this.path,
+    method: 'GET'
+  };
+
+  http.request(opts, function(res) {
+    var buf = '';
+    res.setEncoding('utf8');
+    res.on('data', function(str){ buf += str });
+    res.on('end', function(){
+      self.engine(buf, options, fn);
+    });
+  }).end();
+};
@@ -0,0 +1,47 @@
+
+/**
+ * Module dependencies.
+ */
+
+var express = require('../../')
+  , http = require('http')
+  , GithubView = require('./github-view')
+  , md = require('marked').parse;
+
+var app = module.exports = express();
+
+// register .md as an engine in express view system
+app.engine('md', function(str, options, fn){
+  try {
+    var html = md(str);
+    html = html.replace(/\{([^}]+)\}/g, function(_, name){
+      return options[name] || '';
+    })
+    fn(null, html);
+  } catch(err) {
+    fn(err);
+  }
+})
+
+// pointing to a particular github repo to load files from it
+app.set('views', 'visionmedia/express');
+
+// register a new view constructor
+app.set('view', GithubView);
+
+app.get('/', function(req, res){
+  // rendering a view relative to the repo.
+  // app.locals, res.locals, and locals passed
+  // work like they normally would
+  res.render('examples/markdown/views/index.md', { title: 'Example' });
+})
+
+app.get('/Readme.md', function(req, res){
+  // rendering a view from https://github.com/visionmedia/express/blob/master/Readme.md
+  res.render('Readme.md');
+})
+
+if (!module.parent) {
+  app.listen(3000);
+  console.log('Express started on port 3000');
+}
@@ -1,8 +1,8 @@
-doctype 5
+doctype html
 html
  head
    title= title
-    style
+    style.
      body {
        padding: 50px;
        font: 16px Helvetica, Arial;
@@ -40,29 +40,6 @@ app.use('/api', function(req, res, next){
  next();
 });

-// position our routes above the error handling middleware,
-// and below our API middleware, since we want the API validation
-// to take place BEFORE our routes
-app.use(app.router);
-
-// middleware with an arity of 4 are considered
-// error handling middleware. When you next(err)
-// it will be passed through the defined middleware
-// in order, but ONLY those with an arity of 4, ignoring
-// regular middleware.
-app.use(function(err, req, res, next){
-  // whatever you want here, feel free to populate
-  // properties on `err` to treat it differently in here.
-  res.send(err.status || 500, { error: err.message });
-});
-
-// our custom JSON 404 middleware. Since it's placed last
-// it will be the last middleware called, if all others
-// invoke next() and do not respond.
-app.use(function(req, res){
-  res.send(404, { error: "Lame, can't find that" });
-});
-
 // map of valid api keys, typically mapped to
 // account info with some sort of database like redis.
 // api keys do _not_ serve as authentication, merely to
@@ -104,12 +81,30 @@ app.get('/api/repos', function(req, res, next){
 app.get('/api/user/:name/repos', function(req, res, next){
  var name = req.params.name
    , user = userRepos[name];
-  
+
  if (user) res.send(user);
  else next();
 });

+// middleware with an arity of 4 are considered
+// error handling middleware. When you next(err)
+// it will be passed through the defined middleware
+// in order, but ONLY those with an arity of 4, ignoring
+// regular middleware.
+app.use(function(err, req, res, next){
+  // whatever you want here, feel free to populate
+  // properties on `err` to treat it differently in here.
+  res.send(err.status || 500, { error: err.message });
+});
+
+// our custom JSON 404 middleware. Since it's placed last
+// it will be the last middleware called, if all others
+// invoke next() and do not respond.
+app.use(function(req, res){
+  res.send(404, { error: "Lame, can't find that" });
+});
+
 if (!module.parent) {
  app.listen(3000);
  console.log('Express server listening on port 3000');
-}
+}
@@ -2,17 +2,15 @@
 * Module dependencies.
 */

-var connect = require('connect')
+var mixin = require('utils-merge')
+  , escapeHtml = require('escape-html')
  , Router = require('./router')
  , methods = require('methods')
-  , middleware = require('./middleware')
+  , middleware = require('./middleware/init')
+  , query = require('./middleware/query')
  , debug = require('debug')('express:application')
-  , locals = require('./utils').locals
  , View = require('./view')
-  , utils = connect.utils
-  , path = require('path')
-  , http = require('http')
-  , join = path.join;
+  , http = require('http');

 /**
 * Application prototype.
@@ -34,7 +32,6 @@ app.init = function(){
  this.cache = {};
  this.settings = {};
  this.engines = {};
-  this.viewCallbacks = [];
  this.defaultConfiguration();
 };

@@ -47,52 +44,123 @@ app.init = function(){
 app.defaultConfiguration = function(){
  // default settings
  this.enable('x-powered-by');
-  this.set('env', process.env.NODE_ENV || 'development');
-  debug('booting in %s mode', this.get('env'));
+  this.enable('etag');
+  var env = process.env.NODE_ENV || 'development';
+  this.set('env', env);
+  this.set('subdomain offset', 2);

-  // implicit middleware
-  this.use(connect.query());
-  this.use(middleware.init(this));
+  debug('booting in %s mode', env);

  // inherit protos
  this.on('mount', function(parent){
    this.request.__proto__ = parent.request;
    this.response.__proto__ = parent.response;
    this.engines.__proto__ = parent.engines;
-  });
-
-  // router
-  this._router = new Router(this);
-  this.routes = this._router.map;
-  this.__defineGetter__('router', function(){
-    this._usedRouter = true;
-    this._router.caseSensitive = this.enabled('case sensitive routing');
-    this._router.strict = this.enabled('strict routing');
-    return this._router.middleware;
+    this.settings.__proto__ = parent.settings;
  });

  // setup locals
-  this.locals = locals(this);
+  this.locals = Object.create(null);
+
+  // top-most app is mounted at /
+  this.mountpath = '/';

  // default locals
  this.locals.settings = this.settings;

  // default configuration
+  this.set('view', View);
  this.set('views', process.cwd() + '/views');
  this.set('jsonp callback name', 'callback');

-  this.configure('development', function(){
-    this.set('json spaces', 2);
-  });
-
-  this.configure('production', function(){
+  if (env === 'production') {
    this.enable('view cache');
+  }
+
+  Object.defineProperty(this, 'router', {
+    get: function() {
+      throw new Error('\'app.router\' is deprecated!\nPlease see the 3.x to 4.x migration guide for details on how to update your app.');
+    }
  });
 };

 /**
- * Proxy `connect#use()` to apply settings to
- * mounted applications.
+ * lazily adds the base router if it has not yet been added.
+ *
+ * We cannot add the base router in the defaultConfiguration because
+ * it reads app settings which might be set after that has run.
+ *
+ * @api private
+ */
+app.lazyrouter = function() {
+  if (!this._router) {
+    this._router = new Router({
+      caseSensitive: this.enabled('case sensitive routing'),
+      strict: this.enabled('strict routing')
+    });
+
+    this._router.use(query());
+    this._router.use(middleware.init(this));
+  }
+};
+
+/**
+ * Dispatch a req, res pair into the application. Starts pipeline processing.
+ *
+ * If no _done_ callback is provided, then default error handlers will respond
+ * in the event of an error bubbling through the stack.
+ *
+ * @api private
+ */
+
+app.handle = function(req, res, done) {
+  var env = this.get('env');
+
+  this._router.handle(req, res, function(err) {
+    if (done) {
+      return done(err);
+    }
+
+    // unhandled error
+    if (err) {
+      // default to 500
+      if (res.statusCode < 400) res.statusCode = 500;
+      debug('default %s', res.statusCode);
+
+      // respect err.status
+      if (err.status) res.statusCode = err.status;
+
+      // production gets a basic error message
+      var msg = 'production' == env
+        ? http.STATUS_CODES[res.statusCode]
+        : err.stack || err.toString();
+      msg = escapeHtml(msg);
+
+      // log to stderr in a non-test env
+      if ('test' != env) console.error(err.stack || err.toString());
+      if (res.headersSent) return req.socket.destroy();
+      res.setHeader('Content-Type', 'text/html');
+      res.setHeader('Content-Length', Buffer.byteLength(msg));
+      if ('HEAD' == req.method) return res.end();
+      res.end(msg);
+      return;
+    }
+
+    // 404
+    debug('default 404');
+    res.statusCode = 404;
+    res.setHeader('Content-Type', 'text/html');
+    if ('HEAD' == req.method) return res.end();
+    res.end('Cannot ' + escapeHtml(req.method) + ' ' + escapeHtml(req.originalUrl) + '\n');
+  });
+};
+
+/**
+ * Proxy `Router#use()` to add middleware to the app router.
+ * See Router#use() documentation for details.
+ *
+ * If the _fn_ parameter is an express app, then it will be
+ * mounted at the _route_ specified.
 *
 * @param {String|Function|Server} route
 * @param {Function|Server} fn
@@ -101,21 +169,21 @@ app.defaultConfiguration = function(){
 */

 app.use = function(route, fn){
-  var app;
+  var mount_app;

  // default route to '/'
  if ('string' != typeof route) fn = route, route = '/';

  // express app
-  if (fn.handle && fn.set) app = fn;
+  if (fn.handle && fn.set) mount_app = fn;

  // restore .app property on req and res
-  if (app) {
-    app.route = route;
+  if (mount_app) {
+    debug('.use app under %s', route);
+    mount_app.mountpath = route;
    fn = function(req, res, next) {
      var orig = req.app;
-      app.handle(req, res, function(err){
-        req.app = res.app = orig;
+      mount_app.handle(req, res, function(err) {
        req.__proto__ = orig.request;
        res.__proto__ = orig.response;
        next(err);
@@ -123,17 +191,33 @@ app.use = function(route, fn){
    };
  }

-  connect.proto.use.call(this, route, fn);
+  this.lazyrouter();
+  this._router.use(route, fn);

  // mounted an app
-  if (app) {
-    app.parent = this;
-    app.emit('mount', this);
+  if (mount_app) {
+    mount_app.parent = this;
+    mount_app.emit('mount', this);
  }

  return this;
 };

+/**
+ * Proxy to the app `Router#route()`
+ * Returns a new `Route` instance for the _path_.
+ *
+ * Routes are isolated middleware stacks for specific paths.
+ * See the Route api docs for details.
+ *
+ * @api public
+ */
+
+app.route = function(path){
+  this.lazyrouter();
+  return this._router.route(path);
+};
+
 /**
 * Register the given template engine callback `fn`
 * as `ext`.
@@ -160,7 +244,7 @@ app.use = function(route, fn){
 * [Consolidate.js](https://github.com/visionmedia/consolidate.js)
 * library was created to map all of node's popular template
 * engines to follow this convention, thus allowing them to
- * work seemlessly within Express.
+ * work seamlessly within Express.
 *
 * @param {String} ext
 * @param {Function} fn
@@ -176,30 +260,10 @@ app.engine = function(ext, fn){
 };

 /**
- * Map the given param placeholder `name`(s) to the given callback(s).
+ * Proxy to `Router#param()` with one added api feature. The _name_ parameter
+ * can be an array of names.
 *
- * Parameter mapping is used to provide pre-conditions to routes
- * which use normalized placeholders. For example a _:user_id_ parameter
- * could automatically load a user's information from the database without
- * any additional code,
- *
- * The callback uses the samesignature as middleware, the only differencing
- * being that the value of the placeholder is passed, in this case the _id_
- * of the user. Once the `next()` function is invoked, just like middleware
- * it will continue on to execute the route, or subsequent parameter functions.
- *
- *      app.param('user_id', function(req, res, next, id){
- *        User.find(id, function(err, user){
- *          if (err) {
- *            next(err);
- *          } else if (user) {
- *            req.user = user;
- *            next();
- *          } else {
- *            next(new Error('failed to load user'));
- *          }
- *        });
- *      });
+ * See the Router#param() docs for more details.
 *
 * @param {String|Array} name
 * @param {Function} fn
@@ -208,27 +272,17 @@ app.engine = function(ext, fn){
 */

 app.param = function(name, fn){
-  var self = this
-    , fns = [].slice.call(arguments, 1);
+  var self = this;
+  self.lazyrouter();

-  // array
  if (Array.isArray(name)) {
-    name.forEach(function(name){
-      fns.forEach(function(fn){
-        self.param(name, fn);
-      });
-    });
-  // param logic
-  } else if ('function' == typeof name) {
-    this._router.param(name);
-  // single
-  } else {
-    if (':' == name[0]) name = name.substr(1);
-    fns.forEach(function(fn){
-      self._router.param(name, fn);
+    name.forEach(function(key) {
+      self.param(key, fn);
    });
+    return this;
  }

+  self._router.param(name, fn);
  return this;
 };

@@ -242,18 +296,14 @@ app.param = function(name, fn){
 * Mounted servers inherit their parent server's settings.
 *
 * @param {String} setting
- * @param {String} val
+ * @param {*} [val]
 * @return {Server} for chaining
 * @api public
 */

 app.set = function(setting, val){
  if (1 == arguments.length) {
-    if (this.settings.hasOwnProperty(setting)) {
-      return this.settings[setting];
-    } else if (this.parent) {
-      return this.parent.set(setting);
-    }
+    return this.settings[setting];
  } else {
    this.settings[setting] = val;
    return this;
@@ -276,7 +326,7 @@ app.set = function(setting, val){

 app.path = function(){
  return this.parent
-    ? this.parent.path() + this.route
+    ? this.parent.path() + this.mountpath
    : '';
 };

@@ -343,69 +393,24 @@ app.disable = function(setting){
 };

 /**
- * Configure callback for zero or more envs,
- * when no `env` is specified that callback will
- * be invoked for all environments. Any combination
- * can be used multiple times, in any order desired.
- *
- * Examples:
- *
- *    app.configure(function(){
- *      // executed for all envs
- *    });
- *
- *    app.configure('stage', function(){
- *      // executed staging env
- *    });
- *
- *    app.configure('stage', 'production', function(){
- *      // executed for stage and production
- *    });
- *
- * Note:
- *
- *  These callbacks are invoked immediately, and
- *  are effectively sugar for the following:
- *
- *     var env = process.env.NODE_ENV || 'development';
- *
- *      switch (env) {
- *        case 'development':
- *          ...
- *          break;
- *        case 'stage':
- *          ...
- *          break;
- *        case 'production':
- *          ...
- *          break;
- *      }
- *
- * @param {String} env...
- * @param {Function} fn
- * @return {app} for chaining
- * @api public
- */
-
-app.configure = function(env, fn){
-  var envs = 'all'
-    , args = [].slice.call(arguments);
-  fn = args.pop();
-  if (args.length) envs = args;
-  if ('all' == envs || ~envs.indexOf(this.settings.env)) fn.call(this);
-  return this;
-};
-
-/**
- * Delegate `.VERB(...)` calls to `.route(VERB, ...)`.
+ * Delegate `.VERB(...)` calls to `router.VERB(...)`.
 */

 methods.forEach(function(method){
  app[method] = function(path){
    if ('get' == method && 1 == arguments.length) return this.set(path);
-    var args = [method].concat([].slice.call(arguments));
-    if (!this._usedRouter) this.use(this.router);
-    this._router.route.apply(this._router, args);
+
+    this.lazyrouter();
+
+    // deprecated
+    if (Array.isArray(path)) {
+      console.trace('passing an array to app.VERB() is deprecated and will be removed in 4.0');
+    }
+
+    var route = this._router.route(path);
+    for (var i=1 ; i<arguments.length ; ++i) {
+      route[method](arguments[i]);
+    }
    return this;
  };
 });
@@ -421,10 +426,16 @@ methods.forEach(function(method){
 */

 app.all = function(path){
+  this.lazyrouter();
+
+  var route = this._router.route(path);
  var args = arguments;
  methods.forEach(function(method){
-    app[method].apply(this, args);
-  }, this);
+    for (var i=1 ; i<args.length ; ++i) {
+      route[method](args[i]);
+    }
+  });
+
  return this;
 };

@@ -461,13 +472,13 @@ app.render = function(name, options, fn){
  }

  // merge app.locals
-  utils.merge(opts, this.locals);
+  mixin(opts, this.locals);

  // merge options._locals
-  if (options._locals) utils.merge(opts, options._locals);
+  if (options._locals) mixin(opts, options._locals);

  // merge options
-  utils.merge(opts, options);
+  mixin(opts, options);

  // set .cache unless explicitly provided
  opts.cache = null == opts.cache
@@ -479,14 +490,14 @@ app.render = function(name, options, fn){

  // view
  if (!view) {
-    view = new View(name, {
+    view = new (this.get('view'))(name, {
      defaultEngine: this.get('view engine'),
      root: this.get('views'),
      engines: engines
    });

    if (!view.path) {
-      var err = new Error('Failed to lookup view "' + name + '"');
+      var err = new Error('Failed to lookup view "' + name + '" in views directory "' + view.root + '"');
      err.view = view;
      return fn(err);
    }
@@ -2,13 +2,19 @@
 * Module dependencies.
 */

-var connect = require('connect')
-  , proto = require('./application')
+var EventEmitter = require('events').EventEmitter;
+
+var merge = require('merge-descriptors')
+  , mixin = require('utils-merge')
+
+var proto = require('./application')
  , Route = require('./router/route')
  , Router = require('./router')
  , req = require('./request')
  , res = require('./response')
-  , utils = connect.utils;
+
+// monkey patch ServerResponse methods
+require('./patch')

 /**
 * Expose `createApplication()`.
@@ -16,18 +22,6 @@ var connect = require('connect')

 exports = module.exports = createApplication;

-/**
- * Framework version.
- */
-
-exports.version = '3.0.3';
-
-/**
- * Expose mime.
- */
-
-exports.mime = connect.mime;
-
 /**
 * Create an express application.
 *
@@ -36,41 +30,19 @@ exports.mime = connect.mime;
 */

 function createApplication() {
-  var app = connect();
-  utils.merge(app, proto);
-  app.request = { __proto__: req };
-  app.response = { __proto__: res };
+  var app = function(req, res, next) {
+    app.handle(req, res, next);
+  };
+
+  mixin(app, proto);
+  mixin(app, EventEmitter.prototype);
+
+  app.request = { __proto__: req, app: app };
+  app.response = { __proto__: res, app: app };
  app.init();
  return app;
 }

-/**
- * Expose connect.middleware as express.*
- * for example `express.logger` etc. 
- */
-
-for (var key in connect.middleware) {
-  Object.defineProperty(
-      exports
-    , key
-    , Object.getOwnPropertyDescriptor(connect.middleware, key));
-}
-
-/**
- * Error on createServer().
- */
-
-exports.createServer = function(){
-  console.warn('Warning: express.createServer() is deprecated, express');
-  console.warn('applications no longer inherit from http.Server,');
-  console.warn('please use:');
-  console.warn('');
-  console.warn('  var express = require("express");');
-  console.warn('  var app = express();');
-  console.warn('');
-  return createApplication();
-};
-
 /**
 * Expose the prototypes.
 */
@@ -86,7 +58,8 @@ exports.response = res;
 exports.Route = Route;
 exports.Router = Router;

-// Error handler title
-
-exports.errorHandler.title = 'Express';
+/**
+ * Expose middleware
+ */

+exports.static = require('./middleware/static');
@@ -1,10 +1,3 @@
-
-/**
- * Module dependencies.
- */
-
-var utils = require('./utils');
-
 /**
 * Initialization middleware, exposing the
 * request and response to eachother, as well
@@ -17,8 +10,7 @@ var utils = require('./utils');

 exports.init = function(app){
  return function expressInit(req, res, next){
-    req.app = res.app = app;
-    if (app.settings['x-powered-by']) res.setHeader('X-Powered-By', 'Express');
+    if (app.enabled('x-powered-by')) res.setHeader('X-Powered-By', 'Express');
    req.res = res;
    res.req = req;
    req.next = next;
@@ -26,8 +18,9 @@ exports.init = function(app){
    req.__proto__ = app.request;
    res.__proto__ = app.response;

-    res.locals = res.locals || utils.locals(res);
+    res.locals = res.locals || Object.create(null);

    next();
  }
 };
+
@@ -0,0 +1,35 @@
+var qs = require('qs');
+var parseUrl = require('../utils').parseUrl;
+
+/**
+ * Query:
+ *
+ * Automatically parse the query-string when available,
+ * populating the `req.query` object using
+ * [qs](https://github.com/visionmedia/node-querystring).
+ *
+ * Examples:
+ *
+ *       .use(connect.query())
+ *       .use(function(req, res){
+ *         res.end(JSON.stringify(req.query));
+ *       });
+ *
+ *  The `options` passed are provided to qs.parse function.
+ *
+ * @param {Object} options
+ * @return {Function}
+ * @api public
+ */
+
+module.exports = function query(options){
+  return function query(req, res, next){
+    if (!req.query) {
+      req.query = ~req.url.indexOf('?')
+        ? qs.parse(parseUrl(req).query, options)
+        : {};
+    }
+
+    next();
+  };
+};
@@ -0,0 +1,87 @@
+/*!
+ * Connect - static
+ * Copyright(c) 2010 Sencha Inc.
+ * Copyright(c) 2011 TJ Holowaychuk
+ * MIT Licensed
+ */
+
+/**
+ * Module dependencies.
+ */
+
+var send = require('send')
+  , utils = require('../utils')
+  , parse = utils.parseUrl
+  , url = require('url');
+
+/**
+ * Static:
+ *
+ *   Static file server with the given `root` path.
+ *
+ * Examples:
+ *
+ *     var oneDay = 86400000;
+ *
+ *     connect()
+ *       .use(connect.static(__dirname + '/public'))
+ *
+ *     connect()
+ *       .use(connect.static(__dirname + '/public', { maxAge: oneDay }))
+ *
+ * Options:
+ *
+ *    - `maxAge`     Browser cache maxAge in milliseconds. defaults to 0
+ *    - `hidden`     Allow transfer of hidden files. defaults to false
+ *    - `redirect`   Redirect to trailing "/" when the pathname is a dir. defaults to true
+ *    - `index`      Default file name, defaults to 'index.html'
+ *
+ * @param {String} root
+ * @param {Object} options
+ * @return {Function}
+ * @api public
+ */
+
+exports = module.exports = function(root, options){
+  options = options || {};
+
+  // root required
+  if (!root) throw new Error('static() root path required');
+
+  // default redirect
+  var redirect = false !== options.redirect;
+
+  return function staticMiddleware(req, res, next) {
+    if ('GET' != req.method && 'HEAD' != req.method) return next();
+    var originalUrl = url.parse(req.originalUrl);
+    var path = parse(req).pathname;
+
+    if (path == '/' && originalUrl.pathname[originalUrl.pathname.length - 1] != '/') {
+      return directory();
+    }
+
+    function directory() {
+      if (!redirect) return next();
+      var target;
+      originalUrl.pathname += '/';
+      target = url.format(originalUrl);
+      res.statusCode = 303;
+      res.setHeader('Location', target);
+      res.end('Redirecting to ' + utils.escape(target));
+    }
+
+    function error(err) {
+      if (404 == err.status) return next();
+      next(err);
+    }
+
+    send(req, path)
+      .maxage(options.maxAge || 0)
+      .root(root)
+      .index(options.index || 'index.html')
+      .hidden(options.hidden)
+      .on('error', error)
+      .on('directory', directory)
+      .pipe(res);
+  };
+};
@@ -0,0 +1,54 @@
+/*!
+ * Connect
+ * Copyright(c) 2011 TJ Holowaychuk
+ * MIT Licensed
+ */
+
+/**
+ * Module dependencies.
+ */
+
+var http = require('http');
+var ServerResponse = http.ServerResponse;
+
+// apply only once
+if (ServerResponse.prototype._hasConnectPatch) {
+  return;
+}
+
+// original methods
+var setHeader = ServerResponse.prototype.setHeader;
+var writeHead = ServerResponse.prototype.writeHead;
+
+/**
+ * Set header `field` to `val`, special-casing
+ * the `Set-Cookie` field for multiple support.
+ *
+ * @param {String} field
+ * @param {String} val
+ * @api public
+ */
+
+ServerResponse.prototype.setHeader = function(field, val){
+  var key = field.toLowerCase();
+
+  if ('content-type' == key && this.charset) {
+    val += '; charset=' + this.charset;
+  }
+
+  return setHeader.call(this, field, val);
+};
+
+ServerResponse.prototype.writeHead = function(statusCode, reasonPhrase, headers){
+  if (typeof reasonPhrase === 'object') headers = reasonPhrase;
+  if (typeof headers === 'object') {
+    Object.keys(headers).forEach(function(key){
+      this.setHeader(key, headers[key]);
+    }, this);
+  }
+  if (!this._emittedHeader) this.emit('header');
+  this._emittedHeader = true;
+  return writeHead.call(this, statusCode, reasonPhrase);
+};
+
+ServerResponse.prototype._hasConnectPatch = true;
@@ -3,13 +3,13 @@
 * Module dependencies.
 */

+var accepts = require('accepts');
+var typeis = require('type-is');
 var http = require('http')
  , utils = require('./utils')
-  , connect = require('connect')
  , fresh = require('fresh')
  , parseRange = require('range-parser')
-  , parse = connect.utils.parseUrl
-  , mime = connect.mime;
+  , parse = utils.parseUrl

 /**
 * Request prototype.
@@ -29,21 +29,21 @@ var req = exports = module.exports = {
 *
 *     req.get('Content-Type');
 *     // => "text/plain"
- *     
+ *
 *     req.get('content-type');
 *     // => "text/plain"
- *     
+ *
 *     req.get('Something');
 *     // => undefined
 *
 * Aliased as `req.header()`.
 *
 * @param {String} name
- * @return {String} 
+ * @return {String}
 * @api public
 */

-req.get = 
+req.get =
 req.header = function(name){
  switch (name = name.toLowerCase()) {
    case 'referer':
@@ -56,6 +56,8 @@ req.header = function(name){
 };

 /**
+ * To do: update docs.
+ *
 * Check if the given `type(s)` is acceptable, returning
 * the best match when true, otherwise `undefined`, in which
 * case you should respond with 406 "Not Acceptable".
@@ -63,11 +65,12 @@ req.header = function(name){
 * The `type` value may be a single mime type string
 * such as "application/json", the extension name
 * such as "json", a comma-delimted list such as "json, html, text/plain",
+ * an argument list such as `"json", "html", "text/plain"`,
 * or an array `["json", "html", "text/plain"]`. When a list
 * or array is given the _best_ match, if any is returned.
 *
 * Examples:
- * 
+ *
 *     // Accept: text/html
 *     req.accepts('html');
 *     // => "html"
@@ -89,6 +92,7 @@ req.header = function(name){
 *
 *     // Accept: text/*;q=.5, application/json
 *     req.accepts(['html', 'json']);
+ *     req.accepts('html', 'json');
 *     req.accepts('html, json');
 *     // => "json"
 *
@@ -97,11 +101,28 @@ req.header = function(name){
 * @api public
 */

-req.accepts = function(type){
-  return utils.accepts(type, this.get('Accept'));
+req.accepts = function(){
+  var accept = accepts(this);
+  return accept.types.apply(accept, arguments);
 };

 /**
+ * Check if the given `encoding` is accepted.
+ *
+ * @param {String} encoding
+ * @return {Boolean}
+ * @api public
+ */
+
+req.acceptsEncoding = // backwards compatibility
+req.acceptsEncodings = function(){
+  var accept = accepts(this);
+  return accept.encodings.apply(accept, arguments);
+};
+
+/**
+ * To do: update docs.
+ *
 * Check if the given `charset` is acceptable,
 * otherwise you should respond with 406 "Not Acceptable".
 *
@@ -110,14 +131,15 @@ req.accepts = function(type){
 * @api public
 */

-req.acceptsCharset = function(charset){
-  var accepted = this.acceptedCharsets;
-  return accepted.length
-    ? ~accepted.indexOf(charset)
-    : true;
+req.acceptsCharset = // backwards compatibility
+req.acceptsCharsets = function(){
+  var accept = accepts(this);
+  return accept.charsets.apply(accept, arguments);
 };

 /**
+ * To do: update docs.
+ *
 * Check if the given `lang` is acceptable,
 * otherwise you should respond with 406 "Not Acceptable".
 *
@@ -126,11 +148,10 @@ req.acceptsCharset = function(charset){
 * @api public
 */

-req.acceptsLanguage = function(lang){
-  var accepted = this.acceptedLanguages;
-  return accepted.length
-    ? ~accepted.indexOf(lang)
-    : true;
+req.acceptsLanguage = // backwards compatibility
+req.acceptsLanguages = function(lang){
+  var accept = accepts(this);
+  return accept.languages.apply(accept, arguments);
 };

 /**
@@ -159,80 +180,6 @@ req.range = function(size){
  return parseRange(size, range);
 };

-/**
- * Return an array of Accepted media types
- * ordered from highest quality to lowest.
- *
- * Examples:
- *
- *     [ { value: 'application/json',
- *         quality: 1,
- *         type: 'application',
- *         subtype: 'json' },
- *       { value: 'text/html',
- *         quality: 0.5,
- *         type: 'text',
- *         subtype: 'html' } ]
- *
- * @return {Array}
- * @api public
- */
-
-req.__defineGetter__('accepted', function(){
-  var accept = this.get('Accept');
-  return accept
-    ? utils.parseAccept(accept)
-    : [];
-});
-
-/**
- * Return an array of Accepted languages
- * ordered from highest quality to lowest.
- *
- * Examples:
- *
- *     Accept-Language: en;q=.5, en-us
- *     ['en-us', 'en']
- *
- * @return {Array}
- * @api public
- */
-
-req.__defineGetter__('acceptedLanguages', function(){
-  var accept = this.get('Accept-Language');
-  return accept
-    ? utils
-      .parseQuality(accept)
-      .map(function(obj){
-        return obj.value;
-      })
-    : [];
-});
-
-/**
- * Return an array of Accepted charsets
- * ordered from highest quality to lowest.
- *
- * Examples:
- *
- *     Accept-Charset: iso-8859-5;q=.2, unicode-1-1;q=0.8
- *     ['unicode-1-1', 'iso-8859-5']
- *
- * @return {Array}
- * @api public
- */
-
-req.__defineGetter__('acceptedCharsets', function(){
-  var accept = this.get('Accept-Charset');
-  return accept
-    ? utils
-      .parseQuality(accept)
-      .map(function(obj){
-        return obj.value;
-      })
-    : [];
-});
-
 /**
 * Return the value of param `name` when present or `defaultValue`.
 *
@@ -242,10 +189,10 @@ req.__defineGetter__('acceptedCharsets', function(){
 *
 * To utilize request bodies, `req.body`
 * should be an object. This can be done by using
- * the `connect.bodyParser()` middleware.
+ * the `bodyParser()` middleware.
 *
 * @param {String} name
- * @param {Mixed} defaultValue
+ * @param {Mixed} [defaultValue]
 * @return {String}
 * @api public
 */
@@ -261,7 +208,7 @@ req.param = function(name, defaultValue){
 };

 /**
- * Check if the incoming request contains the "Content-Type" 
+ * Check if the incoming request contains the "Content-Type"
 * header field, and it contains the give mime `type`.
 *
 * Examples:
@@ -271,39 +218,29 @@ req.param = function(name, defaultValue){
 *      req.is('text/html');
 *      req.is('text/*');
 *      // => true
- *     
+ *
 *      // When Content-Type is application/json
 *      req.is('json');
 *      req.is('application/json');
 *      req.is('application/*');
 *      // => true
- *     
+ *
 *      req.is('html');
 *      // => false
- * 
+ *
 * @param {String} type
 * @return {Boolean}
 * @api public
 */

-req.is = function(type){
-  var ct = this.get('Content-Type');
-  if (!ct) return false;
-  ct = ct.split(';')[0];
-  if (!~type.indexOf('/')) type = mime.lookup(type);
-  if (~type.indexOf('*')) {
-    type = type.split('/');
-    ct = ct.split('/');
-    if ('*' == type[0] && type[1] == ct[1]) return true;
-    if ('*' == type[1] && type[0] == ct[0]) return true;
-    return false;
-  }
-  return !! ~ct.indexOf(type);
+req.is = function(types){
+  if (!Array.isArray(types)) types = [].slice.call(arguments);
+  return typeis(this, types);
 };

 /**
 * Return the protocol string "http" or "https"
- * when requested with TLS. When the "trust proxy" 
+ * when requested with TLS. When the "trust proxy"
 * setting is enabled the "X-Forwarded-Proto" header
 * field will be trusted. If you're running behind
 * a reverse proxy that supplies https for you this
@@ -315,11 +252,10 @@ req.is = function(type){

 req.__defineGetter__('protocol', function(){
  var trustProxy = this.app.get('trust proxy');
-  return this.connection.encrypted
-    ? 'https'
-    : trustProxy
-      ? (this.get('X-Forwarded-Proto') || 'http')
-      : 'http';
+  if (this.connection.encrypted) return 'https';
+  if (!trustProxy) return 'http';
+  var proto = this.get('X-Forwarded-Proto') || 'http';
+  return proto.split(/\s*,\s*/)[0];
 });

 /**
@@ -393,25 +329,32 @@ req.__defineGetter__('auth', function(){
  auth = parts[1];

  // credentials
-  auth = new Buffer(auth, 'base64').toString().split(':');
-  return { username: auth[0], password: auth[1] };
+  auth = new Buffer(auth, 'base64').toString().match(/^([^:]*):(.*)$/);
+  if (!auth) return;
+  return { username: auth[1], password: auth[2] };
 });

 /**
 * Return subdomains as an array.
 *
- * For example "tobi.ferrets.example.com"
- * would provide `["ferrets", "tobi"]`.
+ * Subdomains are the dot-separated parts of the host before the main domain of
+ * the app. By default, the domain of the app is assumed to be the last two
+ * parts of the host. This can be changed by setting "subdomain offset".
+ *
+ * For example, if the domain is "tobi.ferrets.example.com":
+ * If "subdomain offset" is not set, req.subdomains is `["ferrets", "tobi"]`.
+ * If "subdomain offset" is 3, req.subdomains is `["tobi"]`.
 *
 * @return {Array}
 * @api public
 */

 req.__defineGetter__('subdomains', function(){
-  return this.get('Host')
+  var offset = this.app.get('subdomain offset');
+  return (this.host || '')
    .split('.')
-    .slice(0, -2)
-    .reverse();
+    .reverse()
+    .slice(offset);
 });

 /**
@@ -433,7 +376,11 @@ req.__defineGetter__('path', function(){
 */

 req.__defineGetter__('host', function(){
-  return this.get('Host').split(':')[0];
+  var trustProxy = this.app.get('trust proxy');
+  var host = trustProxy && this.get('X-Forwarded-Host');
+  host = host || this.get('Host');
+  if (!host) return;
+  return host.split(':')[0];
 });

 /**
@@ -4,8 +4,8 @@

 var http = require('http')
  , path = require('path')
-  , connect = require('connect')
-  , utils = connect.utils
+  , mixin = require('utils-merge')
+  , escapeHtml = require('escape-html')
  , sign = require('cookie-signature').sign
  , normalizeType = require('./utils').normalizeType
  , normalizeTypes = require('./utils').normalizeTypes
@@ -13,10 +13,10 @@ var http = require('http')
  , statusCodes = http.STATUS_CODES
  , cookie = require('cookie')
  , send = require('send')
-  , mime = connect.mime
+  , resolve = require('url').resolve
  , basename = path.basename
  , extname = path.extname
-  , join = path.join;
+  , mime = send.mime

 /**
 * Response prototype.
@@ -55,7 +55,9 @@ res.status = function(code){
 */

 res.links = function(links){
-  return this.set('Link', Object.keys(links).map(function(rel){
+  var link = this.get('Link') || '';
+  if (link) link += ', ';
+  return this.set('Link', link + Object.keys(links).map(function(rel){
    return '<' + links[rel] + '>; rel="' + rel + '"';
  }).join(', '));
 };
@@ -78,9 +80,12 @@ res.links = function(links){
 */

 res.send = function(body){
-  var req = this.req
-    , head = 'HEAD' == req.method
-    , len;
+  var req = this.req;
+  var head = 'HEAD' == req.method;
+  var len;
+
+  // settings
+  var app = this.app;

  // allow status / body
  if (2 == arguments.length) {
@@ -128,7 +133,7 @@ res.send = function(body){

  // ETag support
  // TODO: W/ support
-  if (len > 1024) {
+  if (app.settings.etag && len && 'GET' == req.method) {
    if (!this.get('ETag')) {
      this.set('ETag', etag(body));
    }
@@ -141,6 +146,7 @@ res.send = function(body){
  if (204 == this.statusCode || 304 == this.statusCode) {
    this.removeHeader('Content-Type');
    this.removeHeader('Content-Length');
+    this.removeHeader('Transfer-Encoding');
    body = '';
  }

@@ -186,7 +192,7 @@ res.json = function(obj){
  // content-type
  this.charset = this.charset || 'utf-8';
  this.get('Content-Type') || this.set('Content-Type', 'application/json');
-  
+
  return this.send(body);
 };

@@ -222,18 +228,21 @@ res.jsonp = function(obj){
  var app = this.app;
  var replacer = app.get('json replacer');
  var spaces = app.get('json spaces');
-  var body = JSON.stringify(obj, replacer, spaces);
+  var body = JSON.stringify(obj, replacer, spaces)
+    .replace(/\u2028/g, '\\u2028')
+    .replace(/\u2029/g, '\\u2029');
  var callback = this.req.query[app.get('jsonp callback name')];

  // content-type
  this.charset = this.charset || 'utf-8';
  this.set('Content-Type', 'application/json');
-  
+
  // jsonp
  if (callback) {
+    if (Array.isArray(callback)) callback = callback[0];
    this.set('Content-Type', 'text/javascript');
    var cb = callback.replace(/[^\[\]\w$.]/g, '');
-    body = cb + ' && ' + cb + '(' + body + ');';
+    body = 'typeof ' + cb + ' === \'function\' && ' + cb + '(' + body + ');';
  }

  return this.send(body);
@@ -241,7 +250,7 @@ res.jsonp = function(obj){

 /**
 * Transfer the file at the given `path`.
- * 
+ *
 * Automatically sets the _Content-Type_ response header field.
 * The callback `fn(err)` is invoked when the transfer is complete
 * or when an error occurs. Be sure to check `res.sentHeader`
@@ -263,7 +272,7 @@ res.jsonp = function(obj){
 *     app.get('/user/:uid/photos/:file', function(req, res){
 *       var uid = req.params.uid
 *         , file = req.params.file;
- *     
+ *
 *       req.user.mayViewFilesFrom(uid, function(yes){
 *         if (yes) {
 *           res.sendfile('/uploads/' + uid + '/' + file);
@@ -302,23 +311,23 @@ res.sendfile = function(path, options, fn){

    // clean up
    cleanup();
-    if (!self.headerSent) self.removeHeader('Content-Disposition');
+    if (!self.headersSent) self.removeHeader('Content-Disposition');

    // callback available
    if (fn) return fn(err);

    // list in limbo if there's no callback
-    if (self.headerSent) return;
+    if (self.headersSent) return;

    // delegate
    next(err);
  }

  // streaming
-  function stream() {
+  function stream(stream) {
    if (done) return;
    cleanup();
-    if (fn) self.on('finish', fn);
+    if (fn) stream.on('end', fn);
  }

  // cleanup
@@ -343,7 +352,7 @@ res.sendfile = function(path, options, fn){
 * Optionally providing an alternate attachment `filename`,
 * and optional callback `fn(err)`. The callback is invoked
 * when the data transfer is complete, or when an error has
- * ocurred. Be sure to check `res.headerSent` if you plan to respond.
+ * ocurred. Be sure to check `res.headersSent` if you plan to respond.
 *
 * This method uses `res.sendfile()`.
 *
@@ -408,11 +417,11 @@ res.type = function(type){
 *      'text/plain': function(){
 *        res.send('hey');
 *      },
- *    
+ *
 *      'text/html': function(){
 *        res.send('<p>hey</p>');
 *      },
- *    
+ *
 *      'appliation/json': function(){
 *        res.send({ message: 'hey' });
 *      }
@@ -425,11 +434,11 @@ res.type = function(type){
 *      text: function(){
 *        res.send('hey');
 *      },
- *    
+ *
 *      html: function(){
 *        res.send('<p>hey</p>');
 *      },
- *    
+ *
 *      json: function(){
 *        res.send({ message: 'hey' });
 *      }
@@ -456,17 +465,20 @@ res.format = function(obj){

  var key = req.accepts(keys);

-  this.set('Vary', 'Accept');
+  this.vary("Accept");

  if (key) {
-    this.set('Content-Type', normalizeType(key));
+    var type = normalizeType(key).value;
+    var charset = mime.charsets.lookup(type);
+    if (charset) type += '; charset=' + charset;
+    this.set('Content-Type', type);
    obj[key](req, this, next);
  } else if (fn) {
    fn();
  } else {
    var err = new Error('Not Acceptable');
    err.status = 406;
-    err.types = normalizeTypes(keys);
+    err.types = normalizeTypes(keys).map(function(o){ return o.value });
    next(err);
  }

@@ -495,24 +507,27 @@ res.attachment = function(filename){
 *
 * Examples:
 *
+ *    res.set('Foo', ['bar', 'baz']);
 *    res.set('Accept', 'application/json');
 *    res.set({ Accept: 'text/plain', 'X-API-Key': 'tobi' });
 *
- * Aliased as `res.header()`. 
+ * Aliased as `res.header()`.
 *
- * @param {String|Object} field
+ * @param {String|Object|Array} field
 * @param {String} val
 * @return {ServerResponse} for chaining
 * @api public
 */

-res.set = 
+res.set =
 res.header = function(field, val){
  if (2 == arguments.length) {
-    this.setHeader(field, '' + val);
+    if (Array.isArray(val)) val = val.map(String);
+    else val = String(val);
+    this.setHeader(field, val);
  } else {
    for (var key in field) {
-      this.setHeader(key, '' + field[key]);
+      this.set(key, field[key]);
    }
  }
  return this;
@@ -542,7 +557,7 @@ res.get = function(field){
 res.clearCookie = function(name, options){
  var opts = { expires: new Date(1), path: '/' };
  return this.cookie(name, '', options
-    ? utils.merge(opts, options)
+    ? mixin(opts, options)
    : opts);
 };

@@ -570,16 +585,58 @@ res.clearCookie = function(name, options){
 */

 res.cookie = function(name, val, options){
-  options = options || {};
+  options = mixin({}, options);
  var secret = this.req.secret;
  var signed = options.signed;
-  if (signed && !secret) throw new Error('connect.cookieParser("secret") required for signed cookies');
+  if (signed && !secret) throw new Error('cookieParser("secret") required for signed cookies');
+  if ('number' == typeof val) val = val.toString();
  if ('object' == typeof val) val = 'j:' + JSON.stringify(val);
  if (signed) val = 's:' + sign(val, secret);
-  if ('maxAge' in options) options.expires = new Date(Date.now() + options.maxAge);
+  if ('maxAge' in options) {
+    options.expires = new Date(Date.now() + options.maxAge);
+    options.maxAge /= 1000;
+  }
  if (null == options.path) options.path = '/';
-  options.maxAge /= 1000;
-  this.set('Set-Cookie', cookie.serialize(name, String(val), options));
+  var headerVal = cookie.serialize(name, String(val), options);
+
+  // supports multiple 'res.cookie' calls by getting previous value
+  var prev = this.get('Set-Cookie');
+  if (prev) {
+    if (Array.isArray(prev)) {
+      headerVal = prev.concat(headerVal);
+    } else {
+      headerVal = [prev, headerVal];
+    }
+  }
+  this.set('Set-Cookie', headerVal);
+  return this;
+};
+
+
+/**
+ * Set the location header to `url`.
+ *
+ * The given `url` can also be "back", which redirects
+ * to the _Referrer_ or _Referer_ headers or "/".
+ *
+ * Examples:
+ *
+ *    res.location('/foo/bar').;
+ *    res.location('http://example.com');
+ *    res.location('../login');
+ *
+ * @param {String} url
+ * @api public
+ */
+
+res.location = function(url){
+  var req = this.req;
+
+  // "back" is an alias for the referrer
+  if ('back' == url) url = req.get('Referrer') || '/';
+
+  // Respond
+  this.set('Location', url);
  return this;
 };

@@ -587,9 +644,9 @@ res.cookie = function(name, val, options){
 * Redirect to the given `url` with optional response `status`
 * defaulting to 302.
 *
- * The given `url` can also be the name of a mapped url, for
- * example by default express supports "back" which redirects
- * to the _Referrer_ or _Referer_ headers or "/".
+ * The resulting `url` is determined by `res.location()`, so
+ * it will play nicely with mounted apps, relative paths,
+ * `"back"` etc.
 *
 * Examples:
 *
@@ -599,28 +656,13 @@ res.cookie = function(name, val, options){
 *    res.redirect('http://example.com', 301);
 *    res.redirect('../login'); // /blog/post/1 -> /blog/login
 *
- * Mounting:
- *
- *   When an application is mounted, and `res.redirect()`
- *   is given a path that does _not_ lead with "/". For 
- *   example suppose a "blog" app is mounted at "/blog",
- *   the following redirect would result in "/blog/login":
- *
- *      res.redirect('login');
- *
- *   While the leading slash would result in a redirect to "/login":
- *
- *      res.redirect('/login');
- *
 * @param {String} url
 * @param {Number} code
 * @api public
 */

 res.redirect = function(url){
-  var app = this.app
-    , req = this.req
-    , head = 'HEAD' == req.method
+  var head = 'HEAD' == this.req.method
    , status = 302
    , body;

@@ -634,33 +676,18 @@ res.redirect = function(url){
    }
  }

-  // setup redirect map
-  var map = { back: req.get('Referrer') || '/' };
-
-  // perform redirect
-  url = map[url] || url;
-
-  // relative
-  if (!~url.indexOf('://') && 0 != url.indexOf('//')) {
-    var path = app.path();
-
-    // relative to path
-    if ('.' == url[0]) {
-      url = req.path + '/' + url;
-    // relative to mount-point
-    } else if ('/' != url[0]) {
-      url = path + '/' + url;
-    }
-  }
+  // Set location header
+  this.location(url);
+  url = this.get('Location');

  // Support text/{plain,html} by default
  this.format({
    text: function(){
-      body = statusCodes[status] + '. Redirecting to ' + url;
+      body = statusCodes[status] + '. Redirecting to ' + encodeURI(url);
    },

    html: function(){
-      var u = utils.escape(url);
+      var u = escapeHtml(url);
      body = '<p>' + statusCodes[status] + '. Redirecting to <a href="' + u + '">' + u + '</a></p>';
    },

@@ -671,11 +698,48 @@ res.redirect = function(url){

  // Respond
  this.statusCode = status;
-  this.set('Location', url);
  this.set('Content-Length', Buffer.byteLength(body));
  this.end(head ? null : body);
 };

+/**
+ * Add `field` to Vary. If already present in the Vary set, then
+ * this call is simply ignored.
+ *
+ * @param {Array|String} field
+ * @param {ServerResponse} for chaining
+ * @api public
+ */
+
+res.vary = function(field){
+  var self = this;
+
+  // nothing
+  if (!field) return this;
+
+  // array
+  if (Array.isArray(field)) {
+    field.forEach(function(field){
+      self.vary(field);
+    });
+    return;
+  }
+
+  var vary = this.get('Vary');
+
+  // append
+  if (vary) {
+    vary = vary.split(/ *, */);
+    if (!~vary.indexOf(field)) vary.push(field);
+    this.set('Vary', vary.join(', '));
+    return this;
+  }
+
+  // set
+  this.set('Vary', field);
+  return this;
+};
+
 /**
 * Render `view` with the given `options` and optional callback `fn`.
 * When a callback function is given a response will _not_ be made
@@ -3,46 +3,74 @@
 */

 var Route = require('./route')
+  , Layer = require('./layer')
  , utils = require('../utils')
+  , methods = require('methods')
  , debug = require('debug')('express:router')
-  , parse = require('connect').utils.parseUrl;
-
-/**
- * Expose `Router` constructor.
- */
-
-exports = module.exports = Router;
+  , parseUrl = utils.parseUrl;

 /**
 * Initialize a new `Router` with the given `options`.
- * 
- * @param {Object} options
- * @api private
- */
-
-function Router(options) {
-  options = options || {};
-  var self = this;
-  this.map = {};
-  this.params = {};
-  this._params = [];
-  this.caseSensitive = options.caseSensitive;
-  this.strict = options.strict;
-  this.middleware = function router(req, res, next){
-    self._dispatch(req, res, next);
-  };
-}
-
-/**
- * Register a param callback `fn` for the given `name`.
 *
- * @param {String|Function} name
- * @param {Function} fn
- * @return {Router} for chaining
+ * @param {Object} options
+ * @return {Router} which is an callable function
 * @api public
 */

-Router.prototype.param = function(name, fn){
+var proto = module.exports = function(options) {
+  options = options || {};
+
+  function router(req, res, next) {
+    router.handle(req, res, next);
+  };
+
+  // mixin Router class functions
+  router.__proto__ = proto;
+
+  router.params = {};
+  router._params = [];
+  router.caseSensitive = options.caseSensitive;
+  router.strict = options.strict;
+  router.stack = [];
+
+  return router;
+};
+
+/**
+ * Map the given param placeholder `name`(s) to the given callback.
+ *
+ * Parameter mapping is used to provide pre-conditions to routes
+ * which use normalized placeholders. For example a _:user_id_ parameter
+ * could automatically load a user's information from the database without
+ * any additional code,
+ *
+ * The callback uses the same signature as middleware, the only difference
+ * being that the value of the placeholder is passed, in this case the _id_
+ * of the user. Once the `next()` function is invoked, just like middleware
+ * it will continue on to execute the route, or subsequent parameter functions.
+ *
+ * Just like in middleware, you must either respond to the request or call next
+ * to avoid stalling the request.
+ *
+ *  app.param('user_id', function(req, res, next, id){
+ *    User.find(id, function(err, user){
+ *      if (err) {
+ *        return next(err);
+ *      } else if (!user) {
+ *        return next(new Error('failed to load user'));
+ *      }
+ *      req.user = user;
+ *      next();
+ *    });
+ *  });
+ *
+ * @param {String} name
+ * @param {Function} fn
+ * @return {app} for chaining
+ * @api public
+ */
+
+proto.param = function(name, fn){
  // param logic
  if ('function' == typeof name) {
    this._params.push(name);
@@ -54,6 +82,10 @@ Router.prototype.param = function(name, fn){
    , len = params.length
    , ret;

+  if (name[0] === ':') {
+    name = name.substr(1);
+  }
+
  for (var i = 0; i < len; ++i) {
    if (ret = params[i](name, fn)) {
      fn = ret;
@@ -71,186 +103,298 @@ Router.prototype.param = function(name, fn){
 };

 /**
- * Route dispatcher aka the route "middleware".
+ * Dispatch a req, res into the router.
 *
- * @param {IncomingMessage} req
- * @param {ServerResponse} res
- * @param {Function} next
 * @api private
 */

-Router.prototype._dispatch = function(req, res, next){
-  var params = this.params
-    , self = this;
+proto.handle = function(req, res, done) {
+  var self = this;

-  debug('dispatching %s %s (%s)', req.method, req.url, req.originalUrl);
+  debug('dispatching %s %s', req.method, req.url);

-  // route dispatch
-  (function pass(i, err){
-    var paramCallbacks
-      , paramIndex = 0
-      , paramVal
-      , route
-      , keys
-      , key;
+  var method = req.method.toLowerCase();

-    // match next route
-    function nextRoute(err) {
-      pass(req._route_index + 1, err);
-    }
+  var search = 1 + req.url.indexOf('?');
+  var pathlength = search ? search - 1 : req.url.length;
+  var fqdn = 1 + req.url.substr(0, pathlength).indexOf('://');
+  var protohost = fqdn ? req.url.substr(0, req.url.indexOf('/', 2 + fqdn)) : '';
+  var idx = 0;
+  var removed = '';
+  var slashAdded = false;

-    // match route
-    req.route = route = self.matchRequest(req, i);
+  // store options for OPTIONS request
+  // only used if OPTIONS request
+  var options = [];

-    // no route
-    if (!route) return next(err);
-    debug('matched %s %s', route.method, route.path);
+  // middleware and routes
+  var stack = self.stack;

-    // we have a route
-    // start at param 0
-    req.params = route.params;
-    keys = route.keys;
-    i = 0;
+  // for options requests, respond with a default if nothing else responds
+  if (method === 'options') {
+    var old = done;
+    done = function(err) {
+      if (err || options.length === 0) return old(err);

-    // param callbacks
-    function param(err) {
-      paramIndex = 0;
-      key = keys[i++];
-      paramVal = key && req.params[key.name];
-      paramCallbacks = key && params[key.name];
-
-      try {
-        if ('route' == err) {
-          nextRoute();
-        } else if (err) {
-          i = 0;
-          callbacks(err);
-        } else if (paramCallbacks && undefined !== paramVal) {
-          paramCallback();
-        } else if (key) {
-          param();
-        } else {
-          i = 0;
-          callbacks();
-        }
-      } catch (err) {
-        param(err);
-      }
+      var body = options.join(',');
+      return res.set('Allow', body).send(body);
    };
+  }

-    param(err);
-    
-    // single param callbacks
-    function paramCallback(err) {
-      var fn = paramCallbacks[paramIndex++];
-      if (err || !fn) return param(err);
-      fn(req, res, paramCallback, paramVal, key.name);
+  (function next(err) {
+    if (err === 'route') {
+      err = undefined;
    }

-    // invoke route callbacks
-    function callbacks(err) {
-      var fn = route.callbacks[i++];
-      try {
-        if ('route' == err) {
-          nextRoute();
-        } else if (err && fn) {
-          if (fn.length < 4) return callbacks(err);
-          fn(err, req, res, callbacks);
-        } else if (fn) {
-          if (fn.length < 4) return fn(req, res, callbacks);
-          callbacks();
-        } else {
-          nextRoute(err);
+    var layer = stack[idx++];
+    if (!layer) {
+      return done(err);
+    }
+
+    if (slashAdded) {
+      req.url = req.url.substr(1);
+      slashAdded = false;
+    }
+
+    req.url = protohost + removed + req.url.substr(protohost.length);
+    req.originalUrl = req.originalUrl || req.url;
+    removed = '';
+
+    try {
+      var path = parseUrl(req).pathname;
+      if (undefined == path) path = '/';
+
+      if (!layer.match(path)) return next(err);
+
+      // route object and not middleware
+      var route = layer.route;
+
+      // if final route, then we support options
+      if (route) {
+        // we don't run any routs with error first
+        if (err) {
+          return next(err);
+        }
+
+        req.route = route;
+
+        // we can now dispatch to the route
+        if (method === 'options' && !route.methods['options']) {
+          options.push.apply(options, route._options());
        }
-      } catch (err) {
-        callbacks(err);
      }
+
+      req.params = layer.params;
+
+      // this should be done for the layer
+      return self.process_params(layer, req, res, function(err) {
+        if (err) {
+          return next(err);
+        }
+
+        if (route) {
+          return layer.handle(req, res, next);
+        }
+
+        trim_prefix();
+      });
+
+      return next(err);
+
+      function trim_prefix() {
+        var c = path[layer.path.length];
+        if (c && '/' != c && '.' != c) return next(err);
+
+        // Trim off the part of the url that matches the route
+        // middleware (.use stuff) needs to have the path stripped
+        debug('trim prefix (%s) from url %s', removed, req.url);
+        removed = layer.path;
+        req.url = protohost + req.url.substr(protohost.length + removed.length);
+
+        // Ensure leading slash
+        if (!fqdn && '/' != req.url[0]) {
+          req.url = '/' + req.url;
+          slashAdded = true;
+        }
+
+        debug('%s %s : %s', layer.handle.name || 'anonymous', layer.path, req.originalUrl);
+        var arity = layer.handle.length;
+        if (err) {
+          if (arity === 4) {
+            layer.handle(err, req, res, next);
+          } else {
+            next(err);
+          }
+        } else if (arity < 4) {
+          layer.handle(req, res, next);
+        } else {
+          next(err);
+        }
+      }
+    } catch (err) {
+      next(err);
    }
-  })(0);
+  })();
 };

 /**
- * Attempt to match a route for `req`
- * with optional starting index of `i`
- * defaulting to 0.
+ * Process any parameters for the route.
 *
- * @param {IncomingMessage} req
- * @param {Number} i
- * @return {Route}
 * @api private
 */

-Router.prototype.matchRequest = function(req, i, head){
-  var method = req.method.toLowerCase()
-    , url = parse(req)
-    , path = url.pathname
-    , routes = this.map
-    , i = i || 0
-    , route;
+proto.process_params = function(route, req, res, done) {
+  var self = this;
+  var params = this.params;

-  // HEAD support
-  if (!head && 'head' == method) {
-    route = this.matchRequest(req, i, true);
-    if (route) return route;
-     method = 'get';
+  // captured parameters from the route, keys and values
+  var keys = route.keys || [];
+
+  // fast track
+  if (keys.length === 0) {
+    return done();
  }

-  // routes for this method
-  if (routes = routes[method]) {
+  var i = 0;
+  var paramIndex = 0;
+  var key;
+  var paramVal;
+  var paramCallbacks;

-    // matching routes
-    for (var len = routes.length; i < len; ++i) {
-      route = routes[i];
-      if (route.match(path)) {
-        req._route_index = i;
-        return route;
-      }
+  // process params in order
+  // param callbacks can be async
+  function param(err) {
+    if (err) {
+      return done(err);
    }
+
+    if (i >= keys.length ) {
+      return done();
+    }
+
+    paramIndex = 0;
+    key = keys[i++];
+    paramVal = key && req.params[key.name];
+    paramCallbacks = key && params[key.name];
+
+    try {
+      if (paramCallbacks && undefined !== paramVal) {
+        return paramCallback();
+      } else if (key) {
+        return param();
+      }
+    } catch (err) {
+      done(err);
+    }
+
+    done();
+  };
+
+  // single param callbacks
+  function paramCallback(err) {
+    var fn = paramCallbacks[paramIndex++];
+    if (err || !fn) return param(err);
+    fn(req, res, paramCallback, paramVal, key.name);
  }
+
+  param();
 };

 /**
- * Attempt to match a route for `method`
- * and `url` with optional starting
- * index of `i` defaulting to 0.
+ * Use the given middleware function, with optional path, defaulting to "/".
 *
- * @param {String} method
- * @param {String} url
- * @param {Number} i
- * @return {Route}
- * @api private
+ * Use (like `.all`) will run for any http METHOD, but it will not add
+ * handlers for those methods so OPTIONS requests will not consider `.use`
+ * functions even if they could respond.
+ *
+ * The other difference is that _route_ path is stripped and not visible
+ * to the handler function. The main effect of this feature is that mounted
+ * handlers can operate without any code changes regardless of the "prefix"
+ * pathname.
+ *
+ * @param {String|Function} route
+ * @param {Function} fn
+ * @return {app} for chaining
+ * @api public
 */

-Router.prototype.match = function(method, url, i, head){
-  var req = { method: method, url: url };
-  return  this.matchRequest(req, i, head);
-};
+proto.use = function(route, fn){

-/**
- * Route `method`, `path`, and one or more callbacks.
- *
- * @param {String} method
- * @param {String} path
- * @param {Function} callback...
- * @return {Router} for chaining
- * @api private
- */
+  // default route to '/'
+  if ('string' != typeof route) {
+    fn = route;
+    route = '/';
+  }

-Router.prototype.route = function(method, path, callbacks){
-  var method = method.toLowerCase()
-    , callbacks = utils.flatten([].slice.call(arguments, 2));
+  // strip trailing slash
+  if ('/' == route[route.length - 1]) {
+    route = route.slice(0, -1);
+  }

-  // ensure path was given
-  if (!path) throw new Error('Router#' + method + '() requires a path');
+  var layer = Layer(route, {
+    sensitive: this.caseSensitive,
+    strict: this.strict,
+    end: false
+  }, fn);

-  // create the route
-  debug('defined %s %s', method, path);
-  var route = new Route(method, path, callbacks, {
-      sensitive: this.caseSensitive
-    , strict: this.strict
-  });
+  // add the middleware
+  debug('use %s %s', route || '/', fn.name || 'anonymous');

-  // add it
-  (this.map[method] = this.map[method] || []).push(route);
+  this.stack.push(layer);
  return this;
 };
+
+/**
+ * Create a new Route for the given path.
+ *
+ * Each route contains a separate middleware stack and VERB handlers.
+ *
+ * See the Route api documentation for details on adding handlers
+ * and middleware to routes.
+ *
+ * @param {String} path
+ * @return {Route}
+ * @api public
+ */
+
+proto.route = function(path){
+  var route = new Route(path);
+
+  var layer = Layer(path, {
+    sensitive: this.caseSensitive,
+    strict: this.strict,
+    end: true
+  }, route.dispatch.bind(route));
+
+  layer.route = route;
+
+  this.stack.push(layer);
+  return route;
+};
+
+/**
+ * Special-cased "all" method, applying the given route `path`,
+ * middleware, and callback to _every_ HTTP method.
+ *
+ * @param {String} path
+ * @param {Function} ...
+ * @return {app} for chaining
+ * @api public
+ */
+
+proto.all = function(path, fn) {
+  var route = this.route(path);
+  methods.forEach(function(method){
+    route[method](fn);
+  });
+};
+
+// create Router#VERB functions
+methods.forEach(function(method){
+  proto[method] = function(path, fn){
+    var self = this;
+    self.route(path)[method](fn);
+    return self;
+  };
+});
+
@@ -0,0 +1,61 @@
+var utils = require('../utils')
+  , debug = require('debug')('express:router:layer')
+
+function Layer(path, options, fn) {
+  if (!(this instanceof Layer)) {
+    return new Layer(path, options, fn);
+  }
+
+  debug('new %s', path);
+  options = options || {};
+  this.path = path;
+  this.params = {};
+  this.regexp = utils.pathRegexp(path
+    , this.keys = []
+    , options.sensitive
+    , options.strict
+    , options.end);
+  this.handle = fn;
+}
+
+/**
+ * Check if this route matches `path`, if so
+ * populate `.params`.
+ *
+ * @param {String} path
+ * @return {Boolean}
+ * @api private
+ */
+
+Layer.prototype.match = function(path){
+  var keys = this.keys
+    , params = this.params = {}
+    , m = this.regexp.exec(path)
+    , n = 0;
+
+  if (!m) return false;
+
+  for (var i = 1, len = m.length; i < len; ++i) {
+    var key = keys[i - 1];
+
+    try {
+      var val = 'string' == typeof m[i]
+        ? decodeURIComponent(m[i])
+        : m[i];
+    } catch(e) {
+      var err = new Error("Failed to decode param '" + m[i] + "'");
+      err.status = 400;
+      throw err;
+    }
+
+    if (key) {
+      params[key.name] = val;
+    } else {
+      params[n++] = val;
+    }
+  }
+
+  return true;
+};
+
+module.exports = Layer;
@@ -3,7 +3,8 @@
 * Module dependencies.
 */

-var utils = require('../utils');
+var debug = require('debug')('express:router:route')
+  , methods = require('methods')

 /**
 * Expose `Route`.
@@ -12,61 +13,152 @@ var utils = require('../utils');
 module.exports = Route;

 /**
- * Initialize `Route` with the given HTTP `method`, `path`,
- * and an array of `callbacks` and `options`.
+ * Initialize `Route` with the given `path`,
 *
- * Options:
- *
- *   - `sensitive`    enable case-sensitive routes
- *   - `strict`       enable strict matching for trailing slashes
- *
- * @param {String} method
 * @param {String} path
- * @param {Array} callbacks
- * @param {Object} options.
 * @api private
 */

-function Route(method, path, callbacks, options) {
-  options = options || {};
+function Route(path) {
+  debug('new %s', path);
  this.path = path;
-  this.method = method;
-  this.callbacks = callbacks;
-  this.regexp = utils.pathRegexp(path
-    , this.keys = []
-    , options.sensitive
-    , options.strict);
+  this.stack = undefined;
+
+  // route handlers for various http methods
+  this.methods = {};
 }

 /**
- * Check if this route matches `path`, if so
- * populate `.params`.
- *
- * @param {String} path
- * @return {Boolean}
+ * @return {Array} supported HTTP methods
 * @api private
 */

-Route.prototype.match = function(path){
-  var keys = this.keys
-    , params = this.params = []
-    , m = this.regexp.exec(path);
+Route.prototype._options = function(){
+  return Object.keys(this.methods).map(function(method) {
+    return method.toUpperCase();
+  });
+};

-  if (!m) return false;
+/**
+ * dispatch req, res into this route
+ *
+ * @api private
+ */

-  for (var i = 1, len = m.length; i < len; ++i) {
-    var key = keys[i - 1];
+Route.prototype.dispatch = function(req, res, done){
+  var self = this;
+  var method = req.method.toLowerCase();

-    var val = 'string' == typeof m[i]
-      ? decodeURIComponent(m[i])
-      : m[i];
-
-    if (key) {
-      params[key.name] = val;
-    } else {
-      params.push(val);
-    }
+  if (method === 'head' && !this.methods['head']) {
+    method = 'get';
  }

-  return true;
+  req.route = self;
+
+  // single middleware route case
+  if (typeof this.stack === 'function') {
+    this.stack(req, res, done);
+    return;
+  }
+
+  var stack = self.stack;
+  if (!stack) {
+    return done();
+  }
+
+  var idx = 0;
+  (function next_layer(err) {
+    if (err && err === 'route') {
+      return done();
+    }
+
+    var layer = stack[idx++];
+    if (!layer) {
+      return done(err);
+    }
+
+    if (layer.method && layer.method !== method) {
+      return next_layer(err);
+    }
+
+    var arity = layer.handle.length;
+    if (err) {
+      if (arity < 4) {
+        return next_layer(err);
+      }
+
+      return layer.handle(err, req, res, next_layer);
+    }
+
+    if (arity > 3) {
+      return next_layer();
+    }
+
+    layer.handle(req, res, next_layer);
+  })();
 };
+
+/**
+ * Add a handler for all HTTP verbs to this route.
+ *
+ * Behaves just like middleware and can respond or call `next`
+ * to continue processing.
+ *
+ * You can use multiple `.all` call to add multiple handlers.
+ *
+ *   function check_something(req, res, next){
+ *     next();
+ *   };
+ *
+ *   function validate_user(req, res, next){
+ *     next();
+ *   };
+ *
+ *   route
+ *   .all(validate_user)
+ *   .all(check_something)
+ *   .get(function(req, res, next){
+ *     res.send('hello world');
+ *   });
+ *
+ * @param {function} handler
+ * @return {Route} for chaining
+ * @api public
+ */
+
+Route.prototype.all = function(fn){
+  if (typeof fn !== 'function') {
+    var type = {}.toString.call(fn);
+    var msg = 'Route.use() requires callback functions but got a ' + type;
+    throw new Error(msg);
+  }
+
+  if (!this.stack) {
+    this.stack = fn;
+  }
+  else if (typeof this.stack === 'function') {
+    this.stack = [{ handle: this.stack }, { handle: fn }];
+  }
+  else {
+    this.stack.push({ handle: fn });
+  }
+
+  return this;
+};
+
+methods.forEach(function(method){
+  Route.prototype[method] = function(fn){
+    debug('%s %s', method, this.path);
+
+    if (!this.methods[method]) {
+      this.methods[method] = true;
+    }
+
+    if (!this.stack) {
+      this.stack = [];
+    }
+
+    this.stack.push({ method: method, handle: fn })
+    return this;
+  };
+});
@@ -3,8 +3,15 @@
 * Module dependencies.
 */

-var mime = require('connect').mime
-  , crc = require('crc');
+var mime = require('send').mime;
+var crc32 = require('buffer-crc32');
+var parse = require('url').parse;
+
+/**
+ * toString ref.
+ */
+
+var toString = {}.toString;

 /**
 * Return ETag for `body`.
@@ -15,30 +22,7 @@ var mime = require('connect').mime
 */

 exports.etag = function(body){
-  return '"' + (Buffer.isBuffer(body)
-    ? crc.buffer.crc32(body)
-    : crc.crc32(body)) + '"';
-};
-
-/**
- * Make `locals()` bound to the given `obj`.
- *  
- * This is used for `app.locals` and `res.locals`. 
- *
- * @param {Object} obj
- * @return {Function}
- * @api private
- */
-
-exports.locals = function(obj){
-  obj.viewCallbacks = obj.viewCallbacks || [];
-
-  function locals(obj){
-    for (var key in obj) locals[key] = obj[key];
-    return obj;
-  };
-
-  return locals;
+  return '"' + crc32.signed(body) + '"';
 };

 /**
@@ -52,6 +36,7 @@ exports.locals = function(obj){
 exports.isAbsolute = function(path){
  if ('/' == path[0]) return true;
  if (':' == path[1] && '\\' == path[2]) return true;
+  if ('\\\\' == path.substring(0, 2)) return true; // Microsoft Azure absolute path
 };

 /**
@@ -79,12 +64,14 @@ exports.flatten = function(arr, ret){
 * Normalize the given `type`, for example "html" becomes "text/html".
 *
 * @param {String} type
- * @return {String}
+ * @return {Object}
 * @api private
 */

 exports.normalizeType = function(type){
-  return ~type.indexOf('/') ? type : mime.lookup(type);
+  return ~type.indexOf('/')
+    ? acceptParams(type)
+    : { value: mime.lookup(type), params: {} };
 };

 /**
@@ -99,151 +86,39 @@ exports.normalizeTypes = function(types){
  var ret = [];

  for (var i = 0; i < types.length; ++i) {
-    ret.push(~types[i].indexOf('/')
-      ? types[i]
-      : mime.lookup(types[i]));
+    ret.push(exports.normalizeType(types[i]));
  }

  return ret;
 };

-/**
- * Return the acceptable type in `types`, if any.
- *
- * @param {Array} types
- * @param {String} str
- * @return {String}
- * @api private
- */
-
-exports.acceptsArray = function(types, str){
-  // accept anything when Accept is not present
-  if (!str) return types[0];
-
-  // parse
-  var accepted = exports.parseAccept(str)
-    , normalized = exports.normalizeTypes(types)
-    , len = accepted.length;
-
-  for (var i = 0; i < len; ++i) {
-    for (var j = 0, jlen = types.length; j < jlen; ++j) {
-      if (exports.accept(normalized[j].split('/'), accepted[i])) {
-        return types[j];
-      }
-    }
-  }
-};

 /**
- * Check if `type(s)` are acceptable based on
- * the given `str`.
- *
- * @param {String|Array} type(s)
- * @param {String} str
- * @return {Boolean|String}
- * @api private
- */
-
-exports.accepts = function(type, str){
-  if ('string' == typeof type) type = type.split(/ *, */);
-  return exports.acceptsArray(type, str);
-};
-
-/**
- * Check if `type` array is acceptable for `other`.
- *
- * @param {Array} type
- * @param {Object} other
- * @return {Boolean}
- * @api private
- */
-
-exports.accept = function(type, other){
-  return (type[0] == other.type || '*' == other.type)
-    && (type[1] == other.subtype || '*' == other.subtype);
-};
-
-/**
- * Parse accept `str`, returning
- * an array objects containing
- * `.type` and `.subtype` along
- * with the values provided by
- * `parseQuality()`.
- *
- * @param {Type} name
- * @return {Type}
- * @api private
- */
-
-exports.parseAccept = function(str){
-  return exports
-    .parseQuality(str)
-    .map(function(obj){
-      var parts = obj.value.split('/');
-      obj.type = parts[0];
-      obj.subtype = parts[1];
-      return obj;
-    });
-};
-
-/**
- * Parse quality `str`, returning an
- * array of objects with `.value` and
- * `.quality`.
- *
- * @param {Type} name
- * @return {Type}
- * @api private
- */
-
-exports.parseQuality = function(str){
-  return str
-    .split(/ *, */)
-    .map(quality)
-    .filter(function(obj){
-      return obj.quality;
-    })
-    .sort(function(a, b){
-      return b.quality - a.quality;
-    });
-};
-
-/**
- * Parse quality `str` returning an
- * object with `.value` and `.quality`.
+ * Parse accept params `str` returning an
+ * object with `.value`, `.quality` and `.params`.
+ * also includes `.originalIndex` for stable sorting
 *
 * @param {String} str
 * @return {Object}
 * @api private
 */

-function quality(str) {
-  var parts = str.split(/ *; */)
-    , val = parts[0];
+function acceptParams(str, index) {
+  var parts = str.split(/ *; */);
+  var ret = { value: parts[0], quality: 1, params: {}, originalIndex: index };

-  var q = parts[1]
-    ? parseFloat(parts[1].split(/ *= */)[1])
-    : 1;
+  for (var i = 1; i < parts.length; ++i) {
+    var pms = parts[i].split(/ *= */);
+    if ('q' == pms[0]) {
+      ret.quality = parseFloat(pms[1]);
+    } else {
+      ret.params[pms[0]] = pms[1];
+    }
+  }

-  return { value: val, quality: q };
+  return ret;
 }

-/**
- * Escape special characters in the given string of html.
- *
- * @param  {String} html
- * @return {String}
- * @api private
- */
-
-exports.escape = function(html) {
-  return String(html)
-    .replace(/&/g, '&amp;')
-    .replace(/"/g, '&quot;')
-    .replace(/</g, '&lt;')
-    .replace(/>/g, '&gt;');
-};
-
 /**
 * Normalize the given path string,
 * returning a regular expression.
@@ -257,12 +132,13 @@ exports.escape = function(html) {
 * @param  {Array} keys
 * @param  {Boolean} sensitive
 * @param  {Boolean} strict
+ * @param  {Boolean} end (whether to append $ to regex)
 * @return {RegExp}
 * @api private
 */

-exports.pathRegexp = function(path, keys, sensitive, strict) {
-  if (path instanceof RegExp) return path;
+exports.pathRegexp = function(path, keys, sensitive, strict, end) {
+  if (toString.call(path) == '[object RegExp]') return path;
  if (Array.isArray(path)) path = '(' + path.join('|') + ')';
  path = path
    .concat(strict ? '' : '/?')
@@ -280,5 +156,29 @@ exports.pathRegexp = function(path, keys, sensitive, strict) {
    })
    .replace(/([\/.])/g, '\\$1')
    .replace(/\*/g, '(.*)');
-  return new RegExp('^' + path + '$', sensitive ? '' : 'i');
-}
+  return new RegExp('^' + path + ((end) ? '$' : ''), sensitive ? '' : 'i');
+}
+
+/**
+ * Parse the `req` url with memoization.
+ *
+ * @param {ServerRequest} req
+ * @return {Object}
+ * @api private
+ */
+
+exports.parseUrl = function(req){
+  var parsed = req._parsedUrl;
+  if (parsed && parsed.href == req.url) {
+    return parsed;
+  } else {
+    parsed = parse(req.url);
+
+    if (parsed.auth && !parsed.protocol && ~parsed.href.indexOf('//')) {
+      // This parses pathnames, and a strange pathname like //r@e should work
+      parsed = parse(req.url.replace(/@/g, '%40'));
+    }
+
+    return req._parsedUrl = parsed;
+  }
+};
@@ -8,7 +8,7 @@ var path = require('path')
  , dirname = path.dirname
  , basename = path.basename
  , extname = path.extname
-  , exists = fs.existsSync || path.existsSync 
+  , exists = fs.existsSync || path.existsSync
  , join = path.join;

 /**
@@ -22,9 +22,9 @@ module.exports = View;
 *
 * Options:
 *
- *   - `defaultEngine` the default template engine name 
- *   - `engines` template engine require() cache 
- *   - `root` root path for view lookup 
+ *   - `defaultEngine` the default template engine name
+ *   - `engines` template engine require() cache
+ *   - `root` root path for view lookup
 *
 * @param {String} name
 * @param {Object} options
@@ -38,7 +38,8 @@ function View(name, options) {
  var engines = options.engines;
  this.defaultEngine = options.defaultEngine;
  var ext = this.ext = extname(name);
-  if (!ext) name += (ext = this.ext = '.' + this.defaultEngine);
+  if (!ext && !this.defaultEngine) throw new Error('No default engine was specified and no extension was provided.');
+  if (!ext) name += (ext = this.ext = ('.' != this.defaultEngine[0] ? '.' : '') + this.defaultEngine);
  this.engine = engines[ext] || (engines[ext] = require(ext.slice(1)).__express);
  this.path = this.lookup(name);
 }
@@ -1,37 +1,57 @@
 {
  "name": "express",
  "description": "Sinatra inspired web development framework",
-  "version": "3.0.3",
+  "version": "3.4.7",
  "author": "TJ Holowaychuk <tj@vision-media.ca>",
-  "contributors": [ 
-    { "name": "TJ Holowaychuk", "email": "tj@vision-media.ca" }, 
-    { "name": "Aaron Heckmann", "email": "aaron.heckmann+github@gmail.com" },
-    { "name": "Ciaran Jessup", "email": "ciaranj@gmail.com" },
-    { "name": "Guillermo Rauch", "email": "rauchg@gmail.com" }
+  "contributors": [
+    {
+      "name": "TJ Holowaychuk",
+      "email": "tj@vision-media.ca"
+    },
+    {
+      "name": "Aaron Heckmann",
+      "email": "aaron.heckmann+github@gmail.com"
+    },
+    {
+      "name": "Ciaran Jessup",
+      "email": "ciaranj@gmail.com"
+    },
+    {
+      "name": "Guillermo Rauch",
+      "email": "rauchg@gmail.com"
+    }
  ],
  "dependencies": {
-    "connect": "2.7.0",
-    "commander": "0.6.1",
-    "range-parser": "0.0.4",
-    "mkdirp": "0.3.3",
-    "cookie": "0.0.5",
-    "crc": "0.2.0",
-    "fresh": "0.1.0",
-    "methods": "0.0.1",
-    "send": "0.1.0",
-    "cookie-signature": "0.0.1",
-    "debug": "*"
+    "accepts": "1.0.0",
+    "type-is": "1.0.0",
+    "range-parser": "1.0.0",
+    "cookie": "0.1.0",
+    "buffer-crc32": "0.2.1",
+    "fresh": "0.2.2",
+    "methods": "0.1.0",
+    "send": "0.2.0",
+    "cookie-signature": "1.0.3",
+    "merge-descriptors": "0.0.2",
+    "utils-merge": "1.0.0",
+    "escape-html": "1.0.1",
+    "qs": "0.6.6",
+    "debug": ">= 0.7.3 < 1"
  },
  "devDependencies": {
-    "ejs": "*",
-    "mocha": "*",
-    "jade": "*",
-    "hjs": "*",
-    "stylus": "*",
-    "should": "*",
-    "connect-redis": "*",
-    "github-flavored-markdown": "*",
-    "supertest": "0.0.1"
+    "ejs": "~0.8.4",
+    "mocha": "~1.15.1",
+    "jade": "~0.30.0",
+    "hjs": "~0.0.6",
+    "stylus": "~0.40.0",
+    "should": "~2.1.1",
+    "connect-redis": "~1.4.5",
+    "marked": "0.2.10",
+    "supertest": "~0.8.1",
+    "body-parser": "1.0.0",
+    "cookie-parser": "1.0.1",
+    "static-favicon": "1.0.0",
+    "express-session": "1.0.1",
+    "morgan": "1.0.0"
  },
  "keywords": [
    "express",
@@ -45,12 +65,12 @@
    "api"
  ],
  "repository": "git://github.com/visionmedia/express",
-  "main": "index",
-  "bin": { "express": "./bin/express" },
  "scripts": {
-    "prepublish" : "npm prune",
+    "prepublish": "npm prune",
    "test": "make test"
  },
-  "engines": { "node": "*" }
+  "engines": {
+    "node": ">= 0.8.0"
+  },
+  "license": "MIT"
 }
-
@@ -9,7 +9,6 @@ var app = express()
  , blog = express()
  , admin = express();

-// app.use(express.logger('dev'))
 blog.use('/admin', admin);
 app.use('/blog', blog);
 app.set('views', __dirname + '/views');
@@ -1,32 +0,0 @@
-#!/usr/bin/env bash
-
-NODE_ENV=production node ./support/app &
-pid=$!
-
-bench() {
-  ab -n 5000 -c 50 -k -q http://127.0.0.1:8000$1 \
-    | grep "Requests per" \
-    | cut -d ' ' -f 7 \
-    | xargs echo "$2:"
-}
-
-bench_conditional() {
-  ab -n 5000 -c 50 -H "If-None-Match: $3" -k -q http://127.0.0.1:8000$1 \
-    | grep "Requests per" \
-    | cut -d ' ' -f 7 \
-    | xargs echo "$2:"
-}
-
-sleep .5
-bench / "Hello World"
-bench /blog "Mounted Hello World"
-bench /blog/admin "Mounted 2 Hello World"
-bench /middleware "Middleware"
-bench /match "Router"
-bench /render "Render"
-bench /json "JSON tiny"
-bench /json/15 "JSON small"
-bench /json/50 "JSON medium"
-bench /json/150 "JSON large"
-
-kill -9 $pid
@@ -0,0 +1,144 @@
+
+var express = require('../')
+  , Route = express.Route
+  , methods = require('methods')
+  , assert = require('assert');
+
+describe('Route', function(){
+
+  describe('.all', function(){
+    it('should add handler', function(done){
+      var route = new Route('/foo');
+
+      route.all(function(req, res, next) {
+        assert.equal(req.a, 1);
+        assert.equal(res.b, 2);
+        next();
+      });
+
+      route.dispatch({ a:1, method: 'GET' }, { b:2 }, done);
+    })
+
+    it('should handle VERBS', function(done) {
+      var route = new Route('/foo');
+
+      var count = 0;
+      route.all(function(req, res, next) {
+        count++;
+      });
+
+      methods.forEach(function testMethod(method) {
+        route.dispatch({ method: method }, {});
+      });
+
+      assert.equal(count, methods.length);
+      done();
+    })
+
+    it('should stack', function(done) {
+      var route = new Route('/foo');
+
+      var count = 0;
+      route.all(function(req, res, next) {
+        count++;
+        next();
+      });
+
+      route.all(function(req, res, next) {
+        count++;
+        next();
+      });
+
+      route.dispatch({ method: 'GET' }, {}, function(err) {
+        assert.ifError(err);
+        count++;
+      });
+
+      assert.equal(count, 3);
+      done();
+    })
+  })
+
+  describe('.VERB', function(){
+    it('should support .get', function(done){
+      var route = new Route('');
+
+      var count = 0;
+      route.get(function(req, res, next) {
+        count++;
+      })
+
+      route.dispatch({ method: 'GET' }, {});
+      assert(count);
+      done();
+    })
+
+    it('should limit to just .VERB', function(done){
+      var route = new Route('');
+
+      route.get(function(req, res, next) {
+        assert(false);
+        done();
+      })
+
+      route.post(function(req, res, next) {
+        assert(true);
+      })
+
+      route.dispatch({ method: 'post' }, {});
+      done();
+    })
+
+    it('should allow fallthrough', function(done){
+      var route = new Route('');
+
+      var order = '';
+      route.get(function(req, res, next) {
+        order += 'a';
+        next();
+      })
+
+      route.all(function(req, res, next) {
+        order += 'b';
+        next();
+      });
+
+      route.get(function(req, res, next) {
+        order += 'c';
+      })
+
+      route.dispatch({ method: 'get' }, {});
+      assert.equal(order, 'abc');
+      done();
+    })
+  })
+
+  describe('errors', function(){
+    it('should handle errors via arity 4 functions', function(done){
+      var route = new Route('');
+
+      var order = '';
+      route.all(function(req, res, next){
+        next(new Error('foobar'));
+      });
+
+      route.all(function(req, res, next){
+        order += '0';
+        next();
+      });
+
+      route.all(function(err, req, res, next){
+        order += 'a';
+        next(err);
+      });
+
+      route.all(function(err, req, res, next){
+        assert.equal(err.message, 'foobar');
+        assert.equal(order, 'a');
+        done();
+      });
+
+      route.dispatch({ method: 'get' }, {});
+    })
+  })
+})
@@ -1,79 +1,156 @@

 var express = require('../')
  , Router = express.Router
-  , request = require('./support/http')
+  , methods = require('methods')
  , assert = require('assert');

 describe('Router', function(){
-  var router, app;

-  beforeEach(function(){
-    router = new Router;
-    app = express();
-  })
+  it('should return a function with router methods', function() {
+    var router = Router();
+    assert(typeof router == 'function');

-  describe('.match(method, url, i)', function(){
-    it('should match based on index', function(){
-      router.route('get', '/foo', function(){});
-      router.route('get', '/foob?', function(){});
-      router.route('get', '/bar', function(){});
+    var router = new Router();
+    assert(typeof router == 'function');

-      var method = 'GET';
-      var url = '/foo?bar=baz';
+    assert(typeof router.get == 'function');
+    assert(typeof router.handle == 'function');
+    assert(typeof router.use == 'function');
+  });

-      var route = router.match(method, url, 0);
-      route.constructor.name.should.equal('Route');
-      route.method.should.equal('get');
-      route.path.should.equal('/foo');
+  it('should support .use of other routers', function(done) {
+    var router = Router();
+    var another = Router();

-      var route = router.match(method, url, 1);
-      route.path.should.equal('/foob?');
+    another.get('/bar', function(req, res) {
+      res.done();
+    });
+    router.use('/foo', another);

-      var route = router.match(method, url, 2);
-      assert(!route);
+    router.handle({ url: '/foo/bar', method: 'GET' }, { done: done });
+  });

-      url = '/bar';
-      var route = router.match(method, url);
-      route.path.should.equal('/bar');
-    })
-  })
-  
-  describe('.matchRequest(req, i)', function(){
-    it('should match based on index', function(){
-      router.route('get', '/foo', function(){});
-      router.route('get', '/foob?', function(){});
-      router.route('get', '/bar', function(){});
-      var req = { method: 'GET', url: '/foo?bar=baz' };
-
-      var route = router.matchRequest(req, 0);
-      route.constructor.name.should.equal('Route');
-      route.method.should.equal('get');
-      route.path.should.equal('/foo');
-
-      var route = router.matchRequest(req, 1);
-      req._route_index.should.equal(1);
-      route.path.should.equal('/foob?');
-
-      var route = router.matchRequest(req, 2);
-      assert(!route);
-
-      req.url = '/bar';
-      var route = router.matchRequest(req);
-      route.path.should.equal('/bar');
-    })
-  })
-
-  describe('.middleware', function(){
+  describe('.handle', function(){
    it('should dispatch', function(done){
-      router.route('get', '/foo', function(req, res){
+      var router = new Router();
+
+      router.route('/foo').get(function(req, res){
        res.send('foo');
      });

-      app.use(router.middleware);
-
-      request(app)
-      .get('/foo')
-      .expect('foo', done);
+      var res = {
+        send: function(val) {
+          val.should.equal('foo');
+          done();
+        }
+      }
+      router.handle({ url: '/foo', method: 'GET' }, res);
    })
  })
-})
+
+  describe('.multiple callbacks', function(){
+    it('should throw if a callback is null', function(){
+      assert.throws(function () {
+        var router = new Router();
+        router.route('/foo').all(null);
+      })
+    })
+
+    it('should throw if a callback is undefined', function(){
+      assert.throws(function () {
+        var router = new Router();
+        router.route('/foo').all(undefined);
+      })
+    })
+
+    it('should throw if a callback is not a function', function(){
+      assert.throws(function () {
+        var router = new Router();
+        router.route('/foo').all('not a function');
+      })
+    })
+
+    it('should not throw if all callbacks are functions', function(){
+      var router = new Router();
+      router.route('/foo').all(function(){}).all(function(){});
+    })
+  })
+
+  describe('error', function(){
+    it('should skip non error middleware', function(done){
+      var router = new Router();
+
+      router.get('/foo', function(req, res, next){
+        next(new Error('foo'));
+      });
+
+      router.get('/bar', function(req, res, next){
+        next(new Error('bar'));
+      });
+
+      router.use(function(req, res, next){
+        assert(false);
+      });
+
+      router.use(function(err, req, res, next){
+        assert.equal(err.message, 'foo');
+        done();
+      });
+
+      router.handle({ url: '/foo', method: 'GET' }, {}, done);
+    });
+  })
+
+  describe('.all', function() {
+    it('should support using .all to capture all http verbs', function(done){
+      var router = new Router();
+
+      var count = 0;
+      router.all('/foo', function(){ count++; });
+
+      var url = '/foo?bar=baz';
+
+      methods.forEach(function testMethod(method) {
+        router.handle({ url: url, method: method }, {}, function() {});
+      });
+
+      assert.equal(count, methods.length);
+      done();
+    })
+  })
+
+  describe('.param', function() {
+    it('should call param function when routing VERBS', function(done) {
+      var router = new Router();
+
+      router.param('id', function(req, res, next, id) {
+        assert.equal(id, '123');
+        next();
+      });
+
+      router.get('/foo/:id/bar', function(req, res, next) {
+        assert.equal(req.params.id, '123');
+        next();
+      });
+
+      router.handle({ url: '/foo/123/bar', method: 'get' }, {}, done);
+    });
+
+    it('should call param function when routing middleware', function(done) {
+      var router = new Router();
+
+      router.param('id', function(req, res, next, id) {
+        assert.equal(id, '123');
+        next();
+      });
+
+      router.use('/foo/:id/bar', function(req, res, next) {
+        assert.equal(req.params.id, '123');
+        assert.equal(req.url, '/baz');
+        next();
+      });
+
+      router.handle({ url: '/foo/123/bar/baz', method: 'get' }, {}, done);
+    });
+  });
+})
@@ -18,7 +18,7 @@ describe('auth', function(){
    it('should redirect to /login', function(done){
      request(app)
      .get('/')
-      .end(redirects(/\/login$/, done))
+      .end(redirects(/login$/, done))
    })
  })

@@ -26,7 +26,7 @@ describe('auth', function(){
    it('should redirect to /login', function(done){
      request(app)
      .get('/restricted')
-      .end(redirects(/\/login$/,done))
+      .end(redirects(/login$/,done))
    })
  })

@@ -36,7 +36,7 @@ describe('auth', function(){
      .post('/login')
      .type('urlencoded')
      .send('username=not-tj&password=foobar')
-      .end(redirects(/\/login$/, done))
+      .end(redirects(/login$/, done))
    })
  })
 })
@@ -7,7 +7,7 @@ describe('markdown', function(){
    it('should respond with html', function(done){
      request(app)
        .get('/')
-        .expect(/<h1>Markdown Example<\/h1>/,done)
+        .expect(/<h1[^>]*>Markdown Example<\/h1>/,done)
    })
  })

@@ -61,5 +61,20 @@ describe('app', function(){
        done();
      })
    })
+    
+    it('should work "view engine" with leading "."', function(done){
+      var app = express();
+
+      app.set('views', __dirname + '/fixtures');
+      app.engine('.html', render);
+      app.set('view engine', '.html');
+      app.locals.user = { name: 'tobi' };
+
+      app.render('user', function(err, str){
+        if (err) return done(err);
+        str.should.equal('<p>tobi</p>');
+        done();
+      })
+    })
  })
 })
@@ -25,7 +25,7 @@ describe('app.parent', function(){
  })
 })

-describe('app.route', function(){
+describe('app.mountpath', function(){
  it('should return the mounted path', function(){
    var app = express()
      , blog = express()
@@ -34,9 +34,21 @@ describe('app.route', function(){
    app.use('/blog', blog);
    blog.use('/admin', blogAdmin);

-    app.route.should.equal('/');
-    blog.route.should.equal('/blog');
-    blogAdmin.route.should.equal('/admin');
+    app.mountpath.should.equal('/');
+    blog.mountpath.should.equal('/blog');
+    blogAdmin.mountpath.should.equal('/admin');
+  })
+})
+
+describe('app.router', function(){
+  it('should throw with notice', function(done){
+    var app = express()
+
+    try {
+      app.router;
+    } catch(err) {
+      done();
+    }
  })
 })

@@ -71,4 +83,4 @@ describe('in production', function(){
    app.enabled('view cache').should.be.true;
    process.env.NODE_ENV = 'test';
  })
-})
+})
@@ -7,8 +7,8 @@ describe('app', function(){
    it('should merge locals', function(){
      var app = express();
      Object.keys(app.locals).should.eql(['settings']);
-      app.locals({ user: 'tobi', age: 1 });
-      app.locals({ age: 2 });
+      app.locals.user = 'tobi';
+      app.locals.age = 2;
      Object.keys(app.locals).should.eql(['settings', 'user', 'age']);
      app.locals.user.should.equal('tobi');
      app.locals.age.should.equal(2);
@@ -0,0 +1,61 @@
+
+var express = require('../')
+  , request = require('./support/http');
+
+describe('OPTIONS', function(){
+  it('should default to the routes defined', function(done){
+    var app = express();
+
+    app.del('/', function(){});
+    app.get('/users', function(req, res){});
+    app.put('/users', function(req, res){});
+
+    request(app)
+    .options('/users')
+    .expect('GET,PUT')
+    .expect('Allow', 'GET,PUT', done);
+  })
+
+  it('should not respond if the path is not defined', function(done){
+    var app = express();
+
+    app.get('/users', function(req, res){});
+
+    request(app)
+    .options('/other')
+    .expect(404, done);
+  })
+
+  it('should forward requests down the middleware chain', function(done){
+    var app = express();
+    var router = new express.Router();
+
+    router.get('/users', function(req, res){});
+    app.use(router);
+    app.get('/other', function(req, res){});
+
+    request(app)
+    .options('/other')
+    .expect('GET')
+    .expect('Allow', 'GET', done);
+  })
+})
+
+describe('app.options()', function(){
+  it('should override the default behavior', function(done){
+    var app = express();
+
+    app.options('/users', function(req, res){
+      res.set('Allow', 'GET');
+      res.send('GET');
+    });
+
+    app.get('/users', function(req, res){});
+    app.put('/users', function(req, res){});
+
+    request(app)
+    .options('/users')
+    .expect('GET')
+    .expect('Allow', 'GET', done);
+  })
+})
@@ -8,7 +8,7 @@ describe('app', function(){
      var app = express();

      app.param(function(name, regexp){
-        if (regexp instanceof RegExp) {
+        if (Object.prototype.toString.call(regexp) == '[object RegExp]') { // See #1557
          return function(req, res, next, val){
            var captures;
            if (captures = regexp.exec(String(val))) {
@@ -52,13 +52,13 @@ describe('app', function(){

      app.get('/post/:id', function(req, res){
        var id = req.params.id;
-        id.should.be.a('number');
+        id.should.be.a.Number;
        res.send('' + id);
      });

      app.get('/user/:uid', function(req, res){
        var id = req.params.id;
-        id.should.be.a('number');
+        id.should.be.a.Number;
        res.send('' + id);
      });

@@ -87,7 +87,7 @@ describe('app', function(){

      app.get('/user/:id', function(req, res){
        var id = req.params.id;
-        id.should.be.a('number');
+        id.should.be.a.Number;
        res.send('' + id);
      });

@@ -14,7 +14,7 @@ describe('app', function(){
        done();
      })
    })
-    
+
    it('should support absolute paths with "view engine"', function(done){
      var app = express();

@@ -40,7 +40,7 @@ describe('app', function(){
        done();
      })
    })
-    
+
    it('should support index.<engine>', function(done){
      var app = express();

@@ -59,7 +59,7 @@ describe('app', function(){
        var app = express();
        app.set('views', __dirname + '/fixtures');
        app.render('rawr.jade', function(err){
-          err.message.should.equal('Failed to lookup view "rawr.jade"');
+          err.message.should.equal('Failed to lookup view "rawr.jade" in views directory "' + __dirname + '/fixtures"');
          done();
        });
      })
@@ -109,8 +109,31 @@ describe('app', function(){
        })
      })
    })
+
+    describe('when a "view" constructor is given', function(){
+      it('should create an instance of it', function(done){
+        var app = express();
+
+        function View(name, options){
+          this.name = name;
+          this.path = 'path is required by application.js as a signal of success even though it is not used there.';
+        }
+
+        View.prototype.render = function(options, fn){
+          fn(null, 'abstract engine');
+        };
+
+        app.set('view', View);
+
+        app.render('something', function(err, str){
+          if (err) return done(err);
+          str.should.equal('abstract engine');
+          done();
+        })
+      })
+    })
  })
-  
+
  describe('.render(name, options, fn)', function(){
    it('should render the template', function(done){
      var app = express();
@@ -125,7 +148,7 @@ describe('app', function(){
        done();
      })
    })
-    
+
    it('should expose app.locals', function(done){
      var app = express();

@@ -138,7 +161,7 @@ describe('app', function(){
        done();
      })
    })
-    
+
    it('should give precedence to app.render() locals', function(done){
      var app = express();

@@ -0,0 +1,20 @@
+var express = require('../')
+  , request = require('./support/http')
+
+describe('app.route', function(){
+  it('should return a new route', function(done){
+    var app = express();
+
+    app.route('/foo')
+    .get(function(req, res) {
+      res.send('get');
+    })
+    .post(function(req, res) {
+      res.send('post');
+    });
+
+    request(app)
+    .post('/foo')
+    .expect('post', done);
+  });
+});
@@ -7,6 +7,8 @@ var express = require('../')
 describe('app.router', function(){
  describe('methods supported', function(){
    methods.forEach(function(method){
+      if (method === 'connect') return;
+
      it('should include ' + method.toUpperCase(), function(done){
        if (method == 'delete') method = 'del';
        var app = express();
@@ -27,16 +29,54 @@ describe('app.router', function(){
    });
  })

-  it('should decode params', function(done){
-    var app = express();
+  describe('decode querystring', function(){
+    it('should decode correct params', function(done){
+      var app = express();

-    app.get('/:name', function(req, res, next){
-      res.send(req.params.name);
-    });
+      app.get('/:name', function(req, res, next){
+        res.send(req.params.name);
+      });

-    request(app)
-    .get('/foo%2Fbar')
-    .expect('foo/bar', done);
+      request(app)
+      .get('/foo%2Fbar')
+      .expect('foo/bar', done);
+    })
+
+    it('should not accept params in malformed paths', function(done) {
+      var app = express();
+
+      app.get('/:name', function(req, res, next){
+        res.send(req.params.name);
+      });
+
+      request(app)
+      .get('/%foobar')
+      .expect(400, done);
+    })
+
+    it('should not decode spaces', function(done) {
+      var app = express();
+
+      app.get('/:name', function(req, res, next){
+        res.send(req.params.name);
+      });
+
+      request(app)
+      .get('/foo+bar')
+      .expect('foo+bar', done);
+    })
+
+    it('should work with unicode', function(done) {
+      var app = express();
+
+      app.get('/:name', function(req, res, next){
+        res.send(req.params.name);
+      });
+
+      request(app)
+      .get('/%ce%b1')
+      .expect('\u03b1', done);
+    })
  })

  it('should be .use()able', function(done){
@@ -48,37 +88,7 @@ describe('app.router', function(){
      calls.push('before');
      next();
    });
-    
-    app.use(app.router);

-    app.use(function(req, res, next){
-      calls.push('after');
-      res.end();
-    });
-
-    app.get('/', function(req, res, next){
-      calls.push('GET /')
-      next();
-    });
-
-    request(app)
-    .get('/')
-    .end(function(res){
-      calls.should.eql(['before', 'GET /', 'after'])
-      done();
-    })
-  })
-  
-  it('should be auto .use()d on the first app.VERB() call', function(done){
-    var app = express();
-
-    var calls = [];
-
-    app.use(function(req, res, next){
-      calls.push('before');
-      next();
-    });
-    
    app.get('/', function(req, res, next){
      calls.push('GET /')
      next();
@@ -109,13 +119,13 @@ describe('app.router', function(){
      .get('/user/12?foo=bar')
      .expect('user', done);
    })
-    
+
    it('should populate req.params with the captures', function(done){
      var app = express();

      app.get(/^\/user\/([0-9]+)\/(view|edit)?$/, function(req, res){
-        var id = req.params.shift()
-          , op = req.params.shift();
+        var id = req.params[0]
+          , op = req.params[1];
        res.end(op + 'ing user ' + id);
      });

@@ -124,24 +134,6 @@ describe('app.router', function(){
      .expect('editing user 10', done);
    })
  })
-  
-  describe('when given an array', function(){
-    it('should match all paths in the array', function(done){
-      var app = express();
-      
-      app.get(['/one', '/two'], function(req, res){
-        res.end('works');
-      });
-      
-      request(app)
-      .get('/one')
-      .expect('works', function() {
-        request(app)
-        .get('/two')
-        .expect('works', done);
-      });
-    })
-  })

  describe('case sensitivity', function(){
    it('should be disabled by default', function(done){
@@ -155,7 +147,7 @@ describe('app.router', function(){
      .get('/USER')
      .expect('tj', done);
    })
-    
+
    describe('when "case sensitive routing" is enabled', function(){
      it('should match identical casing', function(done){
        var app = express();
@@ -170,7 +162,7 @@ describe('app.router', function(){
        .get('/uSer')
        .expect('tj', done);
      })
-      
+
      it('should not match otherwise', function(done){
        var app = express();

@@ -199,7 +191,7 @@ describe('app.router', function(){
      .get('/user/')
      .expect('tj', done);
    })
-    
+
    describe('when "strict routing" is enabled', function(){
      it('should match trailing slashes', function(done){
        var app = express();
@@ -214,7 +206,7 @@ describe('app.router', function(){
        .get('/user/')
        .expect('tj', done);
      })
-      
+
      it('should match no slashes', function(done){
        var app = express();

@@ -228,7 +220,7 @@ describe('app.router', function(){
        .get('/user')
        .expect('tj', done);
      })
-      
+
      it('should fail when omitting the trailing slash', function(done){
        var app = express();

@@ -242,7 +234,7 @@ describe('app.router', function(){
        .get('/user')
        .expect(404, done);
      })
-      
+
      it('should fail when adding the trailing slash', function(done){
        var app = express();

@@ -275,7 +267,7 @@ describe('app.router', function(){
      .expect(404, done);
    });
  })
-  
+
  it('should allow literal "."', function(done){
    var app = express();

@@ -303,13 +295,13 @@ describe('app.router', function(){
      .get('/user/tj.json')
      .expect('tj', done);
    })
-    
+
    it('should work with several', function(done){
      var app = express();

      app.get('/api/*.*', function(req, res){
-        var resource = req.params.shift()
-          , format = req.params.shift();
+        var resource = req.params[0]
+          , format = req.params[1];
        res.end(resource + ' as ' + format);
      });

@@ -346,7 +338,7 @@ describe('app.router', function(){
      .get('/api/users/0.json')
      .expect('users/0.json', done);
    })
-    
+
    it('should not be greedy immediately after param', function(done){
      var app = express();

@@ -370,7 +362,7 @@ describe('app.router', function(){
      .get('/user/122/aaa')
      .expect('122', done);
    })
-    
+
    it('should span multiple segments', function(done){
      var app = express();

@@ -382,7 +374,7 @@ describe('app.router', function(){
      .get('/file/javascripts/jquery.js')
      .expect('javascripts/jquery.js', done);
    })
-    
+
    it('should be optional', function(done){
      var app = express();

@@ -394,7 +386,7 @@ describe('app.router', function(){
      .get('/file/')
      .expect('', done);
    })
-    
+
    it('should require a preceeding /', function(done){
      var app = express();

@@ -420,7 +412,7 @@ describe('app.router', function(){
      .get('/user/tj')
      .expect('tj', done);
    })
-    
+
    it('should match a single segment only', function(done){
      var app = express();

@@ -432,7 +424,7 @@ describe('app.router', function(){
      .get('/user/tj/edit')
      .expect(404, done);
    })
-    
+
    it('should allow several capture groups', function(done){
      var app = express();

@@ -459,7 +451,7 @@ describe('app.router', function(){
      .get('/user/tj')
      .expect('viewing tj', done);
    })
-    
+
    it('should populate the capture group', function(done){
      var app = express();

@@ -473,7 +465,7 @@ describe('app.router', function(){
      .expect('editing tj', done);
    })
  })
-  
+
  describe('.:name', function(){
    it('should denote a format', function(done){
      var app = express();
@@ -491,7 +483,7 @@ describe('app.router', function(){
      });
    })
  })
-  
+
  describe('.:name?', function(){
    it('should denote an optional format', function(done){
      var app = express();
@@ -509,7 +501,7 @@ describe('app.router', function(){
      });
    })
  })
-  
+
  describe('when next() is called', function(){
    it('should continue lookup', function(done){
      var app = express()
@@ -528,7 +520,7 @@ describe('app.router', function(){
        calls.push('/foo');
        next();
      });
-      
+
      app.get('/foo', function(req, res, next){
        calls.push('/foo 2');
        res.end('done');
@@ -542,7 +534,7 @@ describe('app.router', function(){
      })
    })
  })
-  
+
  describe('when next(err) is called', function(){
    it('should break out of app.router', function(done){
      var app = express()
@@ -561,7 +553,7 @@ describe('app.router', function(){
        calls.push('/foo');
        next(new Error('fail'));
      });
-      
+
      app.get('/foo', function(req, res, next){
        assert(0);
      });
@@ -1,48 +0,0 @@
-
-var express = require('../')
-  , assert = require('assert')
-  , request = require('./support/http');
-
-describe('app.routes', function(){
-  it('should be initialized', function(){
-    var app = express();
-    app.routes.should.eql({});
-  })
-
-  it('should be populated with routes', function(){
-    var app = express();
-
-    app.get('/', function(req, res){});
-    app.get('/user/:id', function(req, res){});
-
-    var get = app.routes.get;
-    get.should.have.length(2);
-
-    get[0].path.should.equal('/');
-    get[0].method.should.equal('get');
-    get[0].regexp.toString().should.equal('/^\\/\\/?$/i');
-
-    get[1].path.should.equal('/user/:id');
-    get[1].method.should.equal('get');
-  })
-
-  it('should be mutable', function(done){
-    var app = express();
-
-    app.get('/', function(req, res){});
-    app.get('/user/:id', function(req, res){});
-
-    var get = app.routes.get;
-    get.should.have.length(2);
-
-    get[0].path.should.equal('/');
-    get[0].method.should.equal('get');
-    get[0].regexp.toString().should.equal('/^\\/\\/?$/i');
-
-    get.splice(1);
-
-    request(app)
-    .get('/user/12')
-    .expect(404, done);
-  })
-})
@@ -1,96 +0,0 @@
-
-var express = require('../');
-
-describe('config', function(){
-  describe('.configure()', function(){
-    describe('when no env is given', function(){
-      it('should always execute', function(){
-        var app = express();
-        var calls = [];
-
-        app.configure(function(){
-          calls.push('all');
-        });
-
-        app.configure('test', function(){
-          calls.push('test');
-        });
-
-        app.configure('test', function(){
-          calls.push('test 2');
-        });
-
-        calls.should.eql(['all', 'test', 'test 2'])
-      })
-    })
-
-    describe('when an env is given', function(){
-      it('should only execute the matching env', function(){
-        var app = express();
-        var calls = [];
-
-        app.set('env', 'development');
-
-        app.configure('development', function(){
-          calls.push('dev');
-        });
-
-        app.configure('test', function(){
-          calls.push('test');
-        });
-
-        calls.should.eql(['dev']);
-      })
-    })
-    
-    describe('when several envs are given', function(){
-      it('should execute when matching one', function(){
-        var app = express();
-        var calls = [];
-
-        app.set('env', 'development');
-
-        app.configure('development', function(){
-          calls.push('dev');
-        });
-
-        app.configure('test', 'development', function(){
-          calls.push('dev 2');
-        });
-        
-        app.configure('development', 'test', function(){
-          calls.push('dev 3');
-        });
-        
-        app.configure('test', function(){
-          calls.push('dev 3');
-        });
-
-        calls.should.eql(['dev', 'dev 2', 'dev 3']);
-      })
-    })
-
-    it('should execute in order as defined', function(){
-      var app = express();
-      var calls = [];
-
-      app.configure(function(){
-        calls.push('all');
-      });
-      
-      app.configure('test', function(){
-        calls.push('test');
-      });
-
-      app.configure(function(){
-        calls.push('all 2');
-      });
-
-      app.configure('test', function(){
-        calls.push('test 2');
-      });
-
-      calls.should.eql(['all', 'test', 'all 2', 'test 2'])
-    })
-  })
-})
@@ -4,34 +4,20 @@ var express = require('../')
  , assert = require('assert');

 describe('exports', function(){
-  it('should have .version', function(){
-    express.should.have.property('version');
-  })
-  
-  it('should expose connect middleware', function(){
-    express.should.have.property('bodyParser');
-    express.should.have.property('session');
-    express.should.have.property('static');
-  })
-
-  it('should expose .mime', function(){
-    assert(express.mime == require('connect').mime, 'express.mime should be connect.mime');
-  })
-
  it('should expose Router', function(){
-    express.Router.should.be.a('function');
+    express.Router.should.be.a.Function;
  })
-  
+
  it('should expose the application prototype', function(){
-    express.application.set.should.be.a('function');
+    express.application.set.should.be.a.Function;
  })
-  
+
  it('should expose the request prototype', function(){
-    express.request.accepts.should.be.a('function');
+    express.request.accepts.should.be.a.Function;
  })
-  
+
  it('should expose the response prototype', function(){
-    express.response.send.should.be.a('function');
+    express.response.send.should.be.a.Function;
  })

  it('should permit modifying the .application prototype', function(){
@@ -51,7 +37,7 @@ describe('exports', function(){
    .get('/')
    .expect('bar', done);
  })
-  
+
  it('should permit modifying the .response prototype', function(done){
    express.response.foo = function(){ this.send('bar'); };
    var app = express();
@@ -0,0 +1 @@
+p= name
@@ -1,37 +0,0 @@
-
-var express = require('../')
-  , request = require('./support/http');
-
-describe('req', function(){
-  describe('.accepted', function(){
-    it('should return an array of accepted media types', function(done){
-      var app = express();
-
-      app.use(function(req, res){
-        req.accepted[0].value.should.equal('application/json');
-        req.accepted[1].value.should.equal('text/html');
-        res.end();
-      });
-
-      request(app)
-      .get('/')
-      .set('Accept', 'text/html;q=.5, application/json')
-      .expect(200, done);
-    })
-
-    describe('when Accept is not present', function(){
-      it('should default to []', function(done){
-        var app = express();
-
-        app.use(function(req, res){
-          req.accepted.should.have.length(0);
-          res.end();
-        });
-
-        request(app)
-        .get('/')
-        .expect(200, done);
-      })
-    })
-  })
-})
@@ -1,37 +0,0 @@
-
-var express = require('../')
-  , request = require('./support/http');
-
-describe('req', function(){
-  describe('.acceptedCharsets', function(){
-    it('should return an array of accepted charsets', function(done){
-      var app = express();
-
-      app.use(function(req, res){
-        req.acceptedCharsets[0].should.equal('unicode-1-1');
-        req.acceptedCharsets[1].should.equal('iso-8859-5');
-        res.end();
-      });
-
-      request(app)
-      .get('/')
-      .set('Accept-Charset', 'iso-8859-5;q=.2, unicode-1-1;q=0.8')
-      .expect(200, done);
-    })
-
-    describe('when Accept-Charset is not present', function(){
-      it('should default to []', function(done){
-        var app = express();
-
-        app.use(function(req, res){
-          req.acceptedCharsets.should.have.length(0);
-          res.end();
-        });
-
-        request(app)
-        .get('/')
-        .expect(200, done);
-      })
-    })
-  })
-})
@@ -1,37 +0,0 @@
-
-var express = require('../')
-  , request = require('./support/http');
-
-describe('req', function(){
-  describe('.acceptedLanguages', function(){
-    it('should return an array of accepted languages', function(done){
-      var app = express();
-
-      app.use(function(req, res){
-        req.acceptedLanguages[0].should.equal('en-us');
-        req.acceptedLanguages[1].should.equal('en');
-        res.end();
-      });
-
-      request(app)
-      .get('/')
-      .set('Accept-Language', 'en;q=.5, en-us')
-      .expect(200, done);
-    })
-
-    describe('when Accept-Language is not present', function(){
-      it('should default to []', function(done){
-        var app = express();
-
-        app.use(function(req, res){
-          req.acceptedLanguages.should.have.length(0);
-          res.end();
-        });
-
-        request(app)
-        .get('/')
-        .expect(200, done);
-      })
-    })
-  })
-})
@@ -15,7 +15,7 @@ describe('req', function(){
      .get('/')
      .expect('yes', done);
    })
-    
+
    it('should return true when present', function(done){
      var app = express();

@@ -28,7 +28,7 @@ describe('req', function(){
      .set('Accept', 'application/json')
      .expect('yes', done);
    })
-    
+
    it('should return false otherwise', function(done){
      var app = express();

@@ -43,20 +43,20 @@ describe('req', function(){
    })
  })

-  it('should accept a comma-delimited list of types', function(done){
+  it('should accept an argument list of type names', function(done){
    var app = express();

    app.use(function(req, res, next){
-      res.end(req.accepts('json, html'));
+      res.end(req.accepts('json', 'html'));
    });

    request(app)
    .get('/')
-    .set('Accept', 'text/html')
-    .expect('html', done);
+    .set('Accept', 'application/json')
+    .expect('json', done);
  })

-  describe('.accept(types)', function(){
+  describe('.accepts(types)', function(){
    it('should return the first when Accept is not present', function(done){
      var app = express();

@@ -9,7 +9,7 @@ describe('req', function(){
        var app = express();

        app.use(function(req, res, next){
-          res.end(req.acceptsCharset('utf-8') ? 'yes' : 'no');
+          res.end(req.acceptsCharsets('utf-8') ? 'yes' : 'no');
        });

        request(app)
@@ -17,13 +17,13 @@ describe('req', function(){
        .expect('yes', done);
      })
    })
-    
+
    describe('when Accept-Charset is not present', function(){
      it('should return true when present', function(done){
        var app = express();

        app.use(function(req, res, next){
-          res.end(req.acceptsCharset('utf-8') ? 'yes' : 'no');
+          res.end(req.acceptsCharsets('utf-8') ? 'yes' : 'no');
        });

        request(app)
@@ -31,12 +31,12 @@ describe('req', function(){
        .set('Accept-Charset', 'foo, bar, utf-8')
        .expect('yes', done);
      })
-      
+
      it('should return false otherwise', function(done){
        var app = express();

        app.use(function(req, res, next){
-          res.end(req.acceptsCharset('utf-8') ? 'yes' : 'no');
+          res.end(req.acceptsCharsets('utf-8') ? 'yes' : 'no');
        });

        request(app)
@@ -48,6 +48,36 @@ describe('req', function(){
      })
    })

+    describe('when encoded string is malformed', function(){
+      it('should return undefined', function(done){
+        var app = express();
+
+        app.get('/', function(req, res){
+          res.send(req.auth || 'none');
+        });
+
+        request(app)
+        .get('/')
+        .set('Authorization', 'Basic Z21ldGh2aW4=')
+        .expect('none', done)
+      })
+    })
+
+    describe('when password contains a colon', function(){
+      it('should return .username and .password', function(done){
+        var app = express();
+
+        app.get('/', function(req, res){
+          res.send(req.auth || 'none');
+        });
+
+        request(app)
+        .get('/')
+        .set('Authorization', 'Basic dG9iaTpmZXJyZXQ6ZmVycmV0')
+        .expect('{"username":"tobi","password":"ferret:ferret"}', done)
+      })
+    })
+
    it('should return .username and .password', function(done){
      var app = express();

@@ -1,18 +1,34 @@

-var express = require('../');
-
-function req(ret) {
-  return {
-      get: function(){ return ret }
-    , __proto__: express.request
-  };
-}
+var express = require('../')
+  , request = require('./support/http')
+  , assert = require('assert');

 describe('req', function(){
  describe('.host', function(){
-    it('should return hostname', function(){
-      req('example.com:3000').host.should.equal('example.com');
-      req('example.com').host.should.equal('example.com');
+    it('should return the Host when present', function(done){
+      var app = express();
+
+      app.use(function(req, res){
+        res.end(req.host);
+      });
+
+      request(app)
+      .post('/')
+      .set('Host', 'example.com')
+      .expect('example.com', done);
+    })
+
+    it('should return undefined otherwise', function(done){
+      var app = express();
+
+      app.use(function(req, res){
+        req.headers.host = null;
+        res.end(String(req.host));
+      });
+
+      request(app)
+      .post('/')
+      .expect('undefined', done);
    })
  })
 })
@@ -4,8 +4,11 @@ var express = require('../')

 function req(ct) {
  var req = {
-      headers: { 'content-type': ct }
-    , __proto__: express.request
+    headers: {
+      'content-type': ct,
+      'transfer-encoding': 'chunked'
+    },
+    __proto__: express.request
  };

  return req;
@@ -15,7 +18,7 @@ describe('req.is()', function(){
  it('should ignore charset', function(){
    req('application/json; charset=utf-8')
    .is('json')
-    .should.be.true;
+    .should.equal('json');
  })

  describe('when content-type is not present', function(){
@@ -30,7 +33,7 @@ describe('req.is()', function(){
    it('should lookup the mime type', function(){
      req('application/json')
      .is('json')
-      .should.be.true;
+      .should.equal('json');

      req('text/html')
      .is('json')
@@ -42,7 +45,7 @@ describe('req.is()', function(){
    it('should match', function(){
      req('application/json')
      .is('application/json')
-      .should.be.true;
+      .should.equal('application/json');

      req('image/jpeg')
      .is('application/json')
@@ -54,7 +57,7 @@ describe('req.is()', function(){
    it('should match', function(){
      req('application/json')
      .is('*/json')
-      .should.be.true;
+      .should.equal('application/json');

      req('image/jpeg')
      .is('*/json')
@@ -65,7 +68,7 @@ describe('req.is()', function(){
      it('should match', function(){
        req('text/html; charset=utf-8')
        .is('*/html')
-        .should.be.true;
+        .should.equal('text/html');

        req('text/plain; charset=utf-8')
        .is('*/html')
@@ -78,7 +81,7 @@ describe('req.is()', function(){
    it('should match', function(){
      req('image/png')
      .is('image/*')
-      .should.be.true;
+      .should.equal('image/png');

      req('text/html')
      .is('image/*')
@@ -89,7 +92,7 @@ describe('req.is()', function(){
      it('should match', function(){
        req('text/html; charset=utf-8')
        .is('text/*')
-        .should.be.true;
+        .should.equal('text/html');

        req('something/html; charset=utf-8')
        .is('text/*')
@@ -1,6 +1,7 @@

 var express = require('../')
-  , request = require('./support/http');
+  , request = require('./support/http')
+  , bodyParser = require('body-parser')

 describe('req', function(){
  describe('.param(name, default)', function(){
@@ -33,7 +34,7 @@ describe('req', function(){
    it('should check req.body', function(done){
      var app = express();

-      app.use(express.bodyParser());
+      app.use(bodyParser());

      app.use(function(req, res){
        res.end(req.param('name'));
@@ -8,13 +8,11 @@ describe('req', function(){
      var app = express();

      app.get('/user/:id/:op?', function(req, res, next){
-        req.route.method.should.equal('get');
        req.route.path.should.equal('/user/:id/:op?');
        next();
      });
      
      app.get('/user/:id/edit', function(req, res){
-        req.route.method.should.equal('get');
        req.route.path.should.equal('/user/:id/edit');
        res.end();
      });
@@ -0,0 +1,83 @@
+
+var express = require('../')
+  , request = require('./support/http');
+
+describe('req', function(){
+  describe('.secure', function(){
+    describe('when X-Forwarded-Proto is missing', function(){
+      it('should return false when http', function(done){
+        var app = express();
+
+        app.get('/', function(req, res){
+          res.send(req.secure ? 'yes' : 'no');
+        });
+
+        request(app)
+        .get('/')
+        .expect('no', done)
+      })
+    })
+  })
+
+  describe('.secure', function(){
+    describe('when X-Forwarded-Proto is present', function(){
+      it('should return false when http', function(done){
+        var app = express();
+
+        app.get('/', function(req, res){
+          res.send(req.secure ? 'yes' : 'no');
+        });
+
+        request(app)
+        .get('/')
+        .set('X-Forwarded-Proto', 'https')
+        .expect('no', done)
+      })
+
+      it('should return true when "trust proxy" is enabled', function(done){
+        var app = express();
+
+        app.enable('trust proxy');
+
+        app.get('/', function(req, res){
+          res.send(req.secure ? 'yes' : 'no');
+        });
+
+        request(app)
+        .get('/')
+        .set('X-Forwarded-Proto', 'https')
+        .expect('yes', done)
+      })
+
+      it('should return false when initial proxy is http', function(done){
+        var app = express();
+
+        app.enable('trust proxy');
+
+        app.get('/', function(req, res){
+          res.send(req.secure ? 'yes' : 'no');
+        });
+
+        request(app)
+        .get('/')
+        .set('X-Forwarded-Proto', 'http, https')
+        .expect('no', done)
+      })
+
+      it('should return true when initial proxy is https', function(done){
+        var app = express();
+
+        app.enable('trust proxy');
+
+        app.get('/', function(req, res){
+          res.send(req.secure ? 'yes' : 'no');
+        });
+
+        request(app)
+        .get('/')
+        .set('X-Forwarded-Proto', 'https, http')
+        .expect('yes', done)
+      })
+    })
+  })
+})
@@ -1,51 +1,39 @@

 var express = require('../')
-  , request = require('./support/http');
+  , request = require('./support/http')
+  , cookieParser = require('cookie-parser')

 describe('req', function(){
  describe('.signedCookies', function(){
    it('should return a signed JSON cookie', function(done){
-      var app = express()
-        , cookieHeader
-        , val;
+      var app = express();

-      app.use(express.cookieParser('secret'));
+      app.use(cookieParser('secret'));

      app.use(function(req, res){
-        res.send(req.signedCookies);
+        if ('/set' == req.path) {
+          res.cookie('obj', { foo: 'bar' }, { signed: true });
+          res.end();
+        } else {
+          res.send(req.signedCookies);
+        }
      });

-      app.response.req = { secret: 'secret' };
-      app.response.cookie('obj', { foo: 'bar' }, { signed: true });
-      cookieHeader = app.response.get('set-cookie');
-
-      val = JSON.stringify({ obj: { foo: 'bar' } });
      request(app)
-      .get('/')
-      .set('Cookie', cookieHeader)
-      .expect(val, done);
-    })
+      .get('/set')
+      .end(function(err, res){
+        if (err) return done(err);
+        var cookie = res.header['set-cookie'];

-    it('should return a signed cookie', function(done){
-      var app = express()
-        , cookieHeader
-        , val;
-
-      app.use(express.cookieParser('secret'));
-
-      app.use(function(req, res){
-        res.send(req.signedCookies);
+        request(app)
+        .get('/')
+        .set('Cookie', cookie)
+        .end(function(err, res){
+          if (err) return don(err);
+          res.body.should.eql({ obj: { foo: 'bar' } });
+          done();
+        });
      });
-
-      app.response.req = { secret: 'secret' };
-      app.response.cookie('foo', 'bar', { signed: true });
-      cookieHeader = app.response.get('set-cookie');
-
-      val = JSON.stringify({ foo: 'bar' });
-      request(app)
-      .get('/')
-      .set('Cookie', cookieHeader)
-      .expect(val, done);
    })
  })
 })
@@ -15,7 +15,7 @@ describe('req', function(){
        request(app)
        .get('/')
        .set('Host', 'tobi.ferrets.example.com')
-        .expect('["ferrets","tobi"]', done);
+        .expect(["ferrets","tobi"], done);
      })
    })

@@ -30,7 +30,72 @@ describe('req', function(){
        request(app)
        .get('/')
        .set('Host', 'example.com')
-        .expect('[]', done);
+        .expect([], done);
+      })
+    })
+
+    describe('with no host', function(){
+      it('should return an empty array', function(done){
+        var app = express();
+
+        app.use(function(req, res){
+          req.headers.host = null;
+          res.send(req.subdomains);
+        });
+
+        request(app)
+        .get('/')
+        .expect([], done);
+      })
+    })
+
+    describe('when subdomain offset is set', function(){
+      describe('when subdomain offset is zero', function(){
+        it('should return an array with the whole domain', function(done){
+          var app = express();
+          app.set('subdomain offset', 0);
+
+          app.use(function(req, res){
+            res.send(req.subdomains);
+          });
+
+          request(app)
+          .get('/')
+          .set('Host', 'tobi.ferrets.sub.example.com')
+          .expect(["com","example","sub","ferrets","tobi"], done);
+        })
+      })
+
+      describe('when present', function(){
+        it('should return an array', function(done){
+          var app = express();
+          app.set('subdomain offset', 3);
+
+          app.use(function(req, res){
+            res.send(req.subdomains);
+          });
+
+          request(app)
+          .get('/')
+          .set('Host', 'tobi.ferrets.sub.example.com')
+          .expect(["ferrets","tobi"], done);
+        })
+      })
+
+      describe('otherwise', function(){
+        it('should return an empty array', function(done){
+          var app = express();
+          app.set('subdomain offset', 3);
+
+          app.use(function(req, res){
+            res.send(req.subdomains);
+          });
+
+          request(app)
+          .get('/')
+          .set('Host', 'sub.example.com')
+          .expect([], done);
+        })
      })
    })
  })
@@ -1,7 +1,9 @@

 var express = require('../')
  , request = require('./support/http')
-  , cookie = require('cookie');
+  , mixin = require('utils-merge')
+  , cookie = require('cookie')
+  , cookieParser = require('cookie-parser')

 describe('res', function(){
  describe('.cookie(name, object)', function(){
@@ -45,13 +47,14 @@ describe('res', function(){
      app.use(function(req, res){
        res.cookie('name', 'tobi');
        res.cookie('age', 1);
+        res.cookie('gender', '?');
        res.end();
      });

      request(app)
      .get('/')
      .end(function(err, res){
-        var val = ['name=tobi; Path=/', 'age=1; Path=/'];
+        var val = ['name=tobi; Path=/', 'age=1; Path=/', 'gender=%3F; Path=/'];
        res.headers['set-cookie'].should.eql(val);
        done();
      })
@@ -108,13 +111,32 @@ describe('res', function(){
          done();
        })
      })
+
+      it('should not mutate the options object', function(done){
+        var app = express();
+
+        var options = { maxAge: 1000 };
+        var optionsCopy = mixin({}, options);
+
+        app.use(function(req, res){
+          res.cookie('name', 'tobi', options)
+          res.end();
+        });
+
+        request(app)
+        .get('/')
+        .end(function(err, res){
+          options.should.eql(optionsCopy);
+          done();
+        })
+      })
    })

    describe('signed', function(){
      it('should generate a signed JSON cookie', function(done){
        var app = express();

-        app.use(express.cookieParser('foo bar baz'));
+        app.use(cookieParser('foo bar baz'));

        app.use(function(req, res){
          res.cookie('user', { name: 'tobi' }, { signed: true }).end();
@@ -135,7 +157,7 @@ describe('res', function(){
      it('should set a signed cookie', function(done){
        var app = express();

-        app.use(express.cookieParser('foo bar baz'));
+        app.use(cookieParser('foo bar baz'));

        app.use(function(req, res){
          res.cookie('name', 'tobi', { signed: true }).end();
@@ -53,7 +53,7 @@ app3.use(function(req, res, next){
  })
 });

-describe('req', function(){
+describe('res', function(){
  describe('.format(obj)', function(){
    describe('with canonicalized mime types', function(){
      test(app);
@@ -79,24 +79,41 @@ function test(app) {
    request(app)
    .get('/')
    .set('Accept', 'text/html; q=.5, application/json, */*; q=.1')
-    .expect('{"message":"hey"}', done);
+    .expect({"message":"hey"}, done);
  })

  it('should allow wildcard type/subtypes', function(done){
    request(app)
    .get('/')
    .set('Accept', 'text/html; q=.5, application/*, */*; q=.1')
-    .expect('{"message":"hey"}', done);
+    .expect({"message":"hey"}, done);
  })

  it('should default the Content-Type', function(done){
    request(app)
    .get('/')
    .set('Accept', 'text/html; q=.5, text/plain')
-    .expect('Content-Type', 'text/plain')
+    .expect('Content-Type', 'text/plain; charset=UTF-8')
    .expect('hey', done);
  })

+  it('should set the correct  charset for the Content-Type', function() {
+    request(app)
+    .get('/')
+    .set('Accept', 'text/html')
+    .expect('Content-Type', 'text/html; charset=UTF-8');
+
+    request(app)
+    .get('/')
+    .set('Accept', 'text/plain')
+    .expect('Content-Type', 'text/plain; charset=UTF-8');
+
+    request(app)
+    .get('/')
+    .set('Accept', 'application/json')
+    .expect('Content-Type', 'application/json');
+  })
+
  it('should Vary: Accept', function(done){
    request(app)
    .get('/')
@@ -52,7 +52,7 @@ describe('res', function(){
        })
      })
    })
-    
+
    describe('when given an object', function(){
      it('should respond with json', function(done){
        var app = express();
@@ -95,14 +95,7 @@ describe('res', function(){
    })

    describe('"json spaces" setting', function(){
-      it('should default to 2 in development', function(){
-        process.env.NODE_ENV = 'development';
-        var app = express();
-        app.get('json spaces').should.equal(2);
-        process.env.NODE_ENV = 'test';
-      })
-
-      it('should be undefined otherwise', function(){
+      it('should be undefined by default', function(){
        var app = express();
        assert(undefined === app.get('json spaces'));
      })
@@ -125,7 +118,7 @@ describe('res', function(){
      })
    })
  })
-  
+
  describe('.json(status, object)', function(){
    it('should respond with json and set the .statusCode', function(done){
      var app = express();
@@ -16,11 +16,27 @@ describe('res', function(){
      .get('/?callback=something')
      .end(function(err, res){
        res.headers.should.have.property('content-type', 'text/javascript; charset=utf-8');
-        res.text.should.equal('something && something({"count":1});');
+        res.text.should.equal('typeof something === \'function\' && something({"count":1});');
        done();
      })
    })

+    it('should use first callback parameter with jsonp', function(done){
+      var app = express();
+
+      app.use(function(req, res){
+        res.jsonp({ count: 1 });
+      });
+
+      request(app)
+          .get('/?callback=something&callback=somethingelse')
+          .end(function(err, res){
+            res.headers.should.have.property('content-type', 'text/javascript; charset=utf-8');
+            res.text.should.equal('typeof something === \'function\' && something({"count":1});');
+            done();
+          })
+    })
+
    it('should allow renaming callback', function(done){
      var app = express();

@@ -34,10 +50,10 @@ describe('res', function(){
      .get('/?clb=something')
      .end(function(err, res){
        res.headers.should.have.property('content-type', 'text/javascript; charset=utf-8');
-        res.text.should.equal('something && something({"count":1});');
+        res.text.should.equal('typeof something === \'function\' && something({"count":1});');
        done();
      })
-    })      
+    })

    it('should allow []', function(done){
      var app = express();
@@ -50,7 +66,7 @@ describe('res', function(){
      .get('/?callback=callbacks[123]')
      .end(function(err, res){
        res.headers.should.have.property('content-type', 'text/javascript; charset=utf-8');
-        res.text.should.equal('callbacks[123] && callbacks[123]({"count":1});');
+        res.text.should.equal('typeof callbacks[123] === \'function\' && callbacks[123]({"count":1});');
        done();
      })
    })
@@ -66,11 +82,27 @@ describe('res', function(){
      .get('/?callback=foo;bar()')
      .end(function(err, res){
        res.headers.should.have.property('content-type', 'text/javascript; charset=utf-8');
-        res.text.should.equal('foobar && foobar({});');
+        res.text.should.equal('typeof foobar === \'function\' && foobar({});');
        done();
      })
    })

+    it('should escape utf whitespace', function(done){
+      var app = express();
+
+      app.use(function(req, res){
+        res.jsonp({ str: '\u2028 \u2029 woot' });
+      });
+
+      request(app)
+      .get('/?callback=foo')
+      .end(function(err, res){
+        res.headers.should.have.property('content-type', 'text/javascript; charset=utf-8');
+        res.text.should.equal('typeof foo === \'function\' && foo({"str":"\\u2028 \\u2029 woot"});');
+        done();
+      });
+    });
+
    describe('when given primitives', function(){
      it('should respond with json', function(done){
        var app = express();
@@ -106,7 +138,7 @@ describe('res', function(){
        })
      })
    })
-    
+
    describe('when given an object', function(){
      it('should respond with json', function(done){
        var app = express();
@@ -149,14 +181,7 @@ describe('res', function(){
    })

    describe('"json spaces" setting', function(){
-      it('should default to 2 in development', function(){
-        process.env.NODE_ENV = 'development';
-        var app = express();
-        app.get('json spaces').should.equal(2);
-        process.env.NODE_ENV = 'test';
-      })
-
-      it('should be undefined otherwise', function(){
+      it('should be undefined by default', function(){
        var app = express();
        assert(undefined === app.get('json spaces'));
      })
@@ -179,7 +204,7 @@ describe('res', function(){
      })
    })
  })
-  
+
  describe('.json(status, object)', function(){
    it('should respond with json and set the .statusCode', function(done){
      var app = express();
@@ -3,6 +3,11 @@ var express = require('../')
  , res = express.response;

 describe('res', function(){
+
+  beforeEach(function() {
+    res.removeHeader('link');
+  });
+
  describe('.links(obj)', function(){
    it('should set Link header field', function(){
      res.links({
@@ -15,5 +20,22 @@ describe('res', function(){
          '<http://api.example.com/users?page=2>; rel="next", '
        + '<http://api.example.com/users?page=5>; rel="last"');
    })
+
+    it('should set Link header field for multiple calls', function() {
+      res.links({
+        next: 'http://api.example.com/users?page=2',
+        last: 'http://api.example.com/users?page=5'
+      });
+
+      res.links({
+        prev: 'http://api.example.com/users?page=1',
+      });
+
+      res.get('link')
+      .should.equal(
+          '<http://api.example.com/users?page=2>; rel="next", '
+        + '<http://api.example.com/users?page=5>; rel="last", '
+        + '<http://api.example.com/users?page=1>; rel="prev"');
+    })
  })
 })
@@ -3,15 +3,12 @@ var express = require('../')
  , request = require('./support/http');

 describe('res', function(){
-  describe('.locals(obj)', function(){
-    it('should merge locals', function(done){
+  describe('.locals', function(){
+    it('should be empty by default', function(done){
      var app = express();

      app.use(function(req, res){
        Object.keys(res.locals).should.eql([]);
-        res.locals({ user: 'tobi', age: 1 });
-        res.locals.user.should.equal('tobi');
-        res.locals.age.should.equal(1);
        res.end();
      });

@@ -0,0 +1,22 @@
+
+var express = require('../')
+  , request = require('./support/http');
+
+describe('res', function(){
+  describe('.location(url)', function(){
+    it('should set the header', function(done){
+      var app = express();
+
+      app.use(function(req, res){
+        res.location('http://google.com').end();
+      });
+
+      request(app)
+      .get('/')
+      .end(function(err, res){
+        res.headers.should.have.property('location', 'http://google.com');
+        done();
+      })
+    })
+  })
+})
@@ -19,164 +19,6 @@ describe('res', function(){
        done();
      })
    })
-
-    describe('with leading //', function(){
-      it('should pass through scheme-relative urls', function(done){
-        var app = express();
-
-        app.use(function(req, res){
-          res.redirect('//cuteoverload.com');
-        });
-
-        request(app)
-        .get('/')
-        .set('Host', 'example.com')
-        .end(function(err, res){
-          res.headers.should.have.property('location', '//cuteoverload.com');
-          done();
-        })
-      })
-    })
-
-    
-    describe('with leading /', function(){
-      it('should construct scheme-relative urls', function(done){
-        var app = express();
-
-        app.use(function(req, res){
-          res.redirect('/login');
-        });
-
-        request(app)
-        .get('/')
-        .set('Host', 'example.com')
-        .end(function(err, res){
-          res.headers.should.have.property('location', '/login');
-          done();
-        })
-      })
-    })
-
-    describe('with leading ./', function(){
-      it('should construct path-relative urls', function(done){
-        var app = express();
-
-        app.use(function(req, res){
-          res.redirect('./edit');
-        });
-
-        request(app)
-        .get('/post/1')
-        .set('Host', 'example.com')
-        .end(function(err, res){
-          res.headers.should.have.property('location', '/post/1/./edit');
-          done();
-        })
-      })
-    })
-
-    describe('with leading ../', function(){
-      it('should construct path-relative urls', function(done){
-        var app = express();
-
-        app.use(function(req, res){
-          res.redirect('../new');
-        });
-
-        request(app)
-        .get('/post/1')
-        .set('Host', 'example.com')
-        .end(function(err, res){
-          res.headers.should.have.property('location', '/post/1/../new');
-          done();
-        })
-      })
-    })
-    
-    describe('without leading /', function(){
-      it('should construct mount-point relative urls', function(done){
-        var app = express();
-
-        app.use(function(req, res){
-          res.redirect('login');
-        });
-
-        request(app)
-        .get('/')
-        .set('Host', 'example.com')
-        .end(function(err, res){
-          res.headers.should.have.property('location', '/login');
-          done();
-        })
-      })
-    })
-    
-    describe('when mounted', function(){
-      describe('deeply', function(){
-        it('should respect the mount-point', function(done){
-          var app = express()
-            , blog = express()
-            , admin = express();
-
-          admin.use(function(req, res){
-            res.redirect('login');
-          });
-
-          app.use('/blog', blog);
-          blog.use('/admin', admin);
-
-          request(app)
-          .get('/blog/admin')
-          .set('Host', 'example.com')
-          .end(function(err, res){
-            res.headers.should.have.property('location', '/blog/admin/login');
-            done();
-          })
-        })
-      })
-
-      describe('omitting leading /', function(){
-        it('should respect the mount-point', function(done){
-          var app = express()
-            , admin = express();
-
-          admin.use(function(req, res){
-            res.redirect('admin/login');
-          });
-
-          app.use('/blog', admin);
-
-          request(app)
-          .get('/blog')
-          .set('Host', 'example.com')
-          .end(function(err, res){
-            res.headers.should.have.property('location', '/blog/admin/login');
-            done();
-          })
-        })
-      })
-
-      describe('providing leading /', function(){
-        it('should ignore mount-point', function(done){
-          var app = express()
-            , admin = express();
-
-          admin.use(function(req, res){
-            res.redirect('/admin/login');
-          });
-
-          app.use('/blog', admin);
-
-          request(app)
-          .get('/blog')
-          .set('Host', 'example.com')
-          .end(function(err, res){
-            res.headers.should.have.property('location', '/admin/login');
-            done();
-          })
-        })
-      })
-    })
  })

  describe('.redirect(status, url)', function(){
@@ -232,7 +74,7 @@ describe('res', function(){
      })
    })
  })
-  
+
  describe('when accepting html', function(){
    it('should respond with html', function(done){
      var app = express();
@@ -263,12 +105,12 @@ describe('res', function(){
      .set('Host', 'http://example.com')
      .set('Accept', 'text/html')
      .end(function(err, res){
-        res.text.should.equal('<p>Moved Temporarily. Redirecting to <a href="/&lt;lame&gt;">/&lt;lame&gt;</a></p>');
+        res.text.should.equal('<p>Moved Temporarily. Redirecting to <a href="&lt;lame&gt;">&lt;lame&gt;</a></p>');
        done();
      })
    })
  })
-  
+
  describe('when accepting text', function(){
    it('should respond with text', function(done){
      var app = express();
@@ -287,6 +129,23 @@ describe('res', function(){
        done();
      })
    })
+
+    it('should encode the url', function(done){
+      var app = express();
+
+      app.use(function(req, res){
+        res.redirect('http://example.com/?param=<script>alert("hax");</script>');
+      });
+
+      request(app)
+      .get('/')
+      .set('Host', 'http://example.com')
+      .set('Accept', 'text/plain, */*')
+      .end(function(err, res){
+        res.text.should.equal('Moved Temporarily. Redirecting to http://example.com/?param=%3Cscript%3Ealert(%22hax%22);%3C/script%3E');
+        done();
+      })
+    })
  })

  describe('when accepting neither text or html', function(){
@@ -47,6 +47,21 @@ describe('res', function(){
      .get('/')
      .expect('<p>tobi</p>', done);
    })
+
+    it('should expose app.locals with `name` property', function(done){
+      var app = express();
+
+      app.set('views', __dirname + '/fixtures');
+      app.locals.name = 'tobi';
+
+      app.use(function(req, res){
+        res.render('name.jade');
+      });
+
+      request(app)
+      .get('/')
+      .expect('<p>tobi</p>', done);
+    })
  
    it('should support index.<engine>', function(done){
      var app = express();
@@ -1,6 +1,7 @@

 var express = require('../')
-  , request = require('./support/http');
+  , request = require('./support/http')
+  , assert = require('assert');

 describe('res', function(){
  describe('.send(null)', function(){
@@ -13,10 +14,11 @@ describe('res', function(){

      request(app)
      .get('/')
+      .expect('Content-Length', '0')
      .expect('', done);
    })
  })
-  
+
  describe('.send(undefined)', function(){
    it('should set body to ""', function(done){
      var app = express();
@@ -27,7 +29,10 @@ describe('res', function(){

      request(app)
      .get('/')
-      .expect('', done);
+      .expect('', function(req, res){
+        res.header.should.not.have.property('content-length');
+        done();
+      });
    })
  })

@@ -45,7 +50,7 @@ describe('res', function(){
      .expect(201, done);
    })
  })
-  
+
  describe('.send(code, body)', function(){
    it('should set .statusCode and body', function(done){
      var app = express();
@@ -107,7 +112,24 @@ describe('res', function(){
      .expect('ETag', '"-1498647312"')
      .end(done);
    })
-    
+
+    it('should not set ETag for non-GET/HEAD', function(done){
+      var app = express();
+
+      app.use(function(req, res){
+        var str = Array(1024 * 2).join('-');
+        res.send(str);
+      });
+
+      request(app)
+      .post('/')
+      .end(function(err, res){
+        if (err) return done(err);
+        assert(!res.header.etag, 'has an ETag');
+        done();
+      });
+    })
+
    it('should not override Content-Type', function(done){
      var app = express();

@@ -122,7 +144,7 @@ describe('res', function(){
      .expect(200, done);
    })
  })
-  
+
  describe('.send(Buffer)', function(){
    it('should send as octet-stream', function(done){
      var app = express();
@@ -172,7 +194,7 @@ describe('res', function(){
      })
    })
  })
-  
+
  describe('.send(Object)', function(){
    it('should send as application/json', function(done){
      var app = express();
@@ -206,11 +228,11 @@ describe('res', function(){
  })

  describe('when .statusCode is 204', function(){
-    it('should strip Content-* fields & body', function(done){
+    it('should strip Content-* fields, Transfer-Encoding field, and body', function(done){
      var app = express();

      app.use(function(req, res){
-        res.status(204).send('foo');
+        res.status(204).set('Transfer-Encoding', 'chunked').send('foo');
      });

      request(app)
@@ -218,18 +240,19 @@ describe('res', function(){
      .end(function(err, res){
        res.headers.should.not.have.property('content-type');
        res.headers.should.not.have.property('content-length');
+        res.headers.should.not.have.property('transfer-encoding');
        res.text.should.equal('');
        done();
      })
    })
  })
-  
+
  describe('when .statusCode is 304', function(){
-    it('should strip Content-* fields & body', function(done){
+    it('should strip Content-* fields, Transfer-Encoding field, and body', function(done){
      var app = express();

      app.use(function(req, res){
-        res.status(304).send('foo');
+        res.status(304).set('Transfer-Encoding', 'chunked').send('foo');
      });

      request(app)
@@ -237,6 +260,7 @@ describe('res', function(){
      .end(function(err, res){
        res.headers.should.not.have.property('content-type');
        res.headers.should.not.have.property('content-length');
+        res.headers.should.not.have.property('transfer-encoding');
        res.text.should.equal('');
        done();
      })
@@ -298,4 +322,77 @@ describe('res', function(){
    .get('/?callback=foo')
    .expect('{"foo":"bar"}', done);
  })
+
+  describe('"etag" setting', function(){
+    describe('when enabled', function(){
+      it('should send ETag even when content-length < 1024', function(done){
+        var app = express();
+
+        app.use(function(req, res){
+          res.send('kajdslfkasdf');
+        });
+
+        request(app)
+        .get('/')
+        .end(function(err, res){
+          res.headers.should.have.property('etag');
+          done();
+        });
+      })
+
+      it('should send ETag ', function(done){
+        var app = express();
+
+        app.use(function(req, res){
+          var str = Array(1024 * 2).join('-');
+          res.send(str);
+        });
+
+        request(app)
+        .get('/')
+        .end(function(err, res){
+          res.headers.should.have.property('etag', '"-1498647312"');
+          done();
+        });
+      });
+    });
+
+    describe('when disabled', function(){
+      it('should send no ETag', function(done){
+        var app = express();
+
+        app.use(function(req, res){
+          var str = Array(1024 * 2).join('-');
+          res.send(str);
+        });
+
+        app.disable('etag');
+
+        request(app)
+        .get('/')
+        .end(function(err, res){
+          res.headers.should.not.have.property('etag');
+          done();
+        });
+      });
+
+      it('should send ETag when manually set', function(done){
+        var app = express();
+
+        app.disable('etag');
+
+        app.use(function(req, res){
+          res.set('etag', 1);
+          res.send(200);
+        });
+
+        request(app)
+        .get('/')
+        .end(function(err, res){
+          res.headers.should.have.property('etag');
+          done();
+        });
+      });
+    });
+  })
 })
@@ -42,7 +42,7 @@ describe('res', function(){
      app.use(function(req, res){
        res.sendfile('test/fixtures/nope.html', function(err){
          ++calls;
-          assert(!res.headerSent);
+          assert(!res.headersSent);
          res.send(err.message);
        });
      });
@@ -51,7 +51,7 @@ describe('res', function(){
      .get('/')
      .end(function(err, res){
        assert(1 == calls, 'called too many times');
-        res.text.should.equal("ENOENT, stat 'test/fixtures/nope.html'");
+        res.text.should.startWith("ENOENT, stat");
        res.statusCode.should.equal(200);
        done();
      });
@@ -77,7 +77,7 @@ describe('res', function(){

      app.use(function(req, res){
        res.sendfile('test/fixtures/foo/../user.html', function(err){
-          assert(!res.headerSent);
+          assert(!res.headersSent);
          ++calls;
          res.send(err.message);
        });
@@ -95,7 +95,7 @@ describe('res', function(){

      app.use(function(req, res){
        res.sendfile('test/fixtures/user.html', function(err){
-          assert(!res.headerSent);
+          assert(!res.headersSent);
          req.socket.listeners('error').should.have.length(1); // node's original handler
          done();
        });
@@ -127,7 +127,7 @@ describe('res', function(){
        });
      })
    })
-    
+
    describe('with a relative path', function(){
      it('should transfer the file', function(done){
        var app = express();
@@ -144,7 +144,7 @@ describe('res', function(){
          done();
        });
      })
-      
+
      it('should serve relative to "root"', function(done){
        var app = express();

@@ -160,7 +160,7 @@ describe('res', function(){
          done();
        });
      })
-      
+
      it('should consider ../ malicious when "root" is not set', function(done){
        var app = express();

@@ -172,7 +172,7 @@ describe('res', function(){
        .get('/')
        .expect(403, done);
      })
-      
+
      it('should allow ../ when "root" is set', function(done){
        var app = express();

@@ -184,7 +184,7 @@ describe('res', function(){
        .get('/')
        .expect(200, done);
      })
-      
+
      it('should disallow requesting out of "root"', function(done){
        var app = express();

@@ -196,7 +196,7 @@ describe('res', function(){
        .get('/')
        .expect(403, done);
      })
-      
+
      it('should next(404) when not found', function(done){
        var app = express()
          , calls = 0;
@@ -208,7 +208,7 @@ describe('res', function(){
        app.use(function(req, res){
          assert(0, 'this should not be called');
        });
-        
+
        app.use(function(err, req, res, next){
          ++calls;
          next(err);
@@ -24,6 +24,27 @@ describe('res', function(){
      res.get('ETag').should.equal('123');
    })
  })
+
+  describe('.set(field, values)', function(){
+    it('should set multiple response header fields', function(done){
+      var app = express();
+
+      app.use(function(req, res){
+        res.set('Set-Cookie', ["type=ninja", "language=javascript"]);
+        res.send(res.get('Set-Cookie'));
+      });
+
+      request(app)
+      .get('/')
+      .expect('["type=ninja","language=javascript"]', done);
+    })
+
+    it('should coerce to an array of strings', function(){
+      res.headers = {};
+      res.set('ETag', [123, 456]);
+      JSON.stringify(res.get('ETag')).should.equal('["123","456"]');
+    })
+  })
  
  describe('.set(object)', function(){
    it('should set multiple fields', function(done){
@@ -0,0 +1,55 @@
+
+var express = require('../')
+  , should = require('should');
+
+function response() {
+  var res = Object.create(express.response);
+  res._headers = {};
+  return res;
+}
+
+describe('res.vary()', function(){
+  describe('with no arguments', function(){
+    it('should not set Vary', function(){
+      var res = response();
+      res.vary();
+      should.not.exist(res.get('Vary'));
+    })
+  })
+
+  describe('with an empty array', function(){
+    it('should not set Vary', function(){
+      var res = response();
+      res.vary([]);
+      should.not.exist(res.get('Vary'));
+    })
+  })
+
+  describe('with an array', function(){
+    it('should set the values', function(){
+      var res = response();
+      res.vary(['Accept', 'Accept-Language', 'Accept-Encoding']);
+      res.get('Vary').should.equal('Accept, Accept-Language, Accept-Encoding');
+    })
+  })
+
+  describe('with a string', function(){
+    it('should set the value', function(){
+      var res = response();
+      res.vary('Accept');
+      res.get('Vary').should.equal('Accept');
+    })
+  })
+
+  describe('when the value is present', function(){
+    it('should not add it again', function(){
+      var res = response();
+      res.vary('Accept');
+      res.vary('Accept-Encoding');
+      res.vary('Accept-Encoding');
+      res.vary('Accept-Encoding');
+      res.vary('Accept');
+      res.get('Vary').should.equal('Accept, Accept-Encoding');
+    })
+  })
+})
@@ -2,12 +2,32 @@
 var utils = require('../lib/utils')
  , assert = require('assert');

+describe('utils.etag(body)', function(){
+
+  var str = 'Hello CRC';
+  var strUTF8 = '<!DOCTYPE html>\n<html>\n<head>\n</head>\n<body><p>自動販売</p></body></html>';
+
+  it('should support strings', function(){
+    utils.etag(str).should.eql('"-2034458343"');
+  })
+
+  it('should support utf8 strings', function(){
+    utils.etag(strUTF8).should.eql('"1395090196"');
+  })
+
+  it('should support buffer', function(){
+    utils.etag(new Buffer(strUTF8)).should.eql('"1395090196"');
+    utils.etag(new Buffer(str)).should.eql('"-2034458343"');
+  })
+
+})
+
 describe('utils.isAbsolute()', function(){
  it('should support windows', function(){
    assert(utils.isAbsolute('c:\\'));
    assert(!utils.isAbsolute(':\\'));
  })
-  
+
  it('should unices', function(){
    assert(utils.isAbsolute('/foo/bar'));
    assert(!utils.isAbsolute('foo/bar'));
@@ -21,165 +41,3 @@ describe('utils.flatten(arr)', function(){
      .should.eql(['one', 'two', 'three', 'four', 'five']);
  })
 })
-
-describe('utils.escape(html)', function(){
-  it('should escape html entities', function(){
-    utils.escape('<script>foo & "bar"')
-      .should.equal('&lt;script&gt;foo &amp; &quot;bar&quot;')
-  })
-})
-
-describe('utils.parseQuality(str)', function(){
-  it('should default quality to 1', function(){
-    utils.parseQuality('text/html')
-      .should.eql([{ value: 'text/html', quality: 1 }]);
-  })
-  
-  it('should parse qvalues', function(){
-    utils.parseQuality('text/html; q=0.5')
-      .should.eql([{ value: 'text/html', quality: 0.5 }]);
-
-    utils.parseQuality('text/html; q=.2')
-      .should.eql([{ value: 'text/html', quality: 0.2 }]);
-  })
-  
-  it('should work with messed up whitespace', function(){
-    utils.parseQuality('text/html   ;  q =   .2')
-      .should.eql([{ value: 'text/html', quality: 0.2 }]);
-  })
-  
-  it('should work with multiples', function(){
-    var str = 'da, en;q=.5, en-gb;q=.8';
-    var arr = utils.parseQuality(str);
-    arr[0].value.should.equal('da');
-    arr[1].value.should.equal('en-gb');
-    arr[2].value.should.equal('en');
-  })
-  
-  it('should sort by quality', function(){
-    var str = 'text/plain;q=.2, application/json, text/html;q=0.5';
-    var arr = utils.parseQuality(str);
-    arr[0].value.should.equal('application/json');
-    arr[1].value.should.equal('text/html');
-    arr[2].value.should.equal('text/plain');
-  })
-  
-  it('should exclude those with a quality of 0', function(){
-    var str = 'text/plain;q=.2, application/json, text/html;q=0';
-    var arr = utils.parseQuality(str);
-    arr.should.have.length(2);
-  })
-})
-
-describe('utils.parseAccept(str)', function(){
-  it('should provide .type', function(){
-    var arr = utils.parseAccept('text/html');
-    arr[0].type.should.equal('text');
-  })
-  
-  it('should provide .subtype', function(){
-    var arr = utils.parseAccept('text/html');
-    arr[0].subtype.should.equal('html');
-  })
-})
-
-describe('utils.accepts(type, str)', function(){
-  describe('when a string is not given', function(){
-    it('should return the value', function(){
-      utils.accepts('text/html')
-        .should.equal('text/html');
-    })
-  })
-  
-  describe('when a string is empty', function(){
-    it('should return the value', function(){
-      utils.accepts('text/html', '')
-        .should.equal('text/html');
-    })
-  })
-
-  describe('when */* is given', function(){
-    it('should return the value', function(){
-      utils.accepts('text/html', 'text/plain, */*')
-        .should.equal('text/html');
-    })
-  })
-
-  describe('when an array is given', function(){
-    it('should return the best match', function(){
-      utils.accepts(['html', 'json'], 'text/plain, application/json')
-        .should.equal('json');
-
-      utils.accepts(['html', 'application/json'], 'text/plain, application/json')
-        .should.equal('application/json');
-
-      utils.accepts(['text/html', 'application/json'], 'application/json;q=.5, text/html')
-        .should.equal('text/html');
-    })
-  })
-
-  describe('when a comma-delimited list is give', function(){
-    it('should behave like an array', function(){
-      utils.accepts('html, json', 'text/plain, application/json')
-        .should.equal('json');
-
-      utils.accepts('html, application/json', 'text/plain, application/json')
-        .should.equal('application/json');
-
-      utils.accepts('text/html, application/json', 'application/json;q=.5, text/html')
-        .should.equal('text/html');
-    })
-  })
-
-  describe('when accepting type/subtype', function(){
-    it('should return the value when present', function(){
-      utils.accepts('text/html', 'text/plain, text/html')
-        .should.equal('text/html');
-    })
-    
-    it('should return undefined otherwise', function(){
-      assert(null == utils.accepts('text/html', 'text/plain, application/json'));
-    })
-  })
-  
-  describe('when accepting */subtype', function(){
-    it('should return the value when present', function(){
-      utils.accepts('text/html', 'text/*')
-        .should.equal('text/html');
-    })
-    
-    it('should return undefined otherwise', function(){
-      assert(null == utils.accepts('text/html', 'image/*'));
-    })
-  })
-  
-  describe('when accepting type/*', function(){
-    it('should return the value when present', function(){
-      utils.accepts('text/html', '*/html')
-        .should.equal('text/html');
-    })
-    
-    it('should return undefined otherwise', function(){
-      assert(null == utils.accepts('text/html', '*/json'));
-    })
-  })
-  
-  describe('when an extension is given', function(){
-    it('should return the value when present', function(){
-      utils.accepts('html', 'text/html, application/json')
-        .should.equal('html');
-    })
-    
-    it('should return undefined otherwise', function(){
-      assert(null == utils.accepts('html', 'text/plain, application/json'));
-    })
-    
-    it('should support *', function(){
-      utils.accepts('html', 'text/*')
-        .should.equal('html');
-
-      utils.accepts('html', '*/html')
-        .should.equal('html');
-    })
-  })
-})