Various fixes to web and rest

README.md

@@ -1,12 +1,12 @@
 <h1><img src="http://enroute.osgi.org/img/enroute-logo-64.png" witdh=40px style="float:left;margin: 0 1em 1em 0;width:40px">
 OSGi enRoute</h1>
 
-The [OSGi enRoute][enroute] project provides a programming model of OSGi applications. The OSGi specifications provide a powerful and solid platform for component oriented programming but by their nature lack ease of use, especially for newcomers to get started.
+The [OSGi enRoute][enroute] project provides a programming model of OSGi applications using [Bndtools][1]. The OSGi specifications provide a powerful and solid platform for component oriented programming but by their nature lack ease of use, especially for newcomers to get started. Using Bndtools, an Eclipse plugin, and v2Archive OSGi enRoute makes it really easy to get started.
 
 This repository contains bundles providing the API for the OSGi enRoute base profile
 the bundles that had to be developed for OSGi enRoute because such bundles did not exist in any open source project.
 The base profile establishes a runtime that contains a minimal set of services that can be used as a base for applications.
-These bundles implement services defined in the [OSGi enRoute APIs] and/or provide common functions. 
+These bundles implement services defined in the [OSGi enRoute APIs][2] and/or provide common functions. 
 
 ## Contributing
 
@@ -20,4 +20,6 @@ wrong or incomplete.
 The contents of this repository are made available to the public under the terms of the [Apache License, Version 2.0](https://www.apache.org/licenses/LICENSE-2.0).
 Bundles may depend on non Apache Licensed code.
 
-[enroute]: http://enroute.osgi.org
+[enroute]: http://v2archive.enroute.osgi.org
+[1]: http://bndtools.org
+[2]: https://github.com/osgi/v2archive.osgi.enroute/tree/master/osgi.enroute.base.api/src/osgi/enroute

osgi.enroute.base.api/src/osgi/enroute/rest/api/CORS.java

@@ -0,0 +1,121 @@
+package osgi.enroute.rest.api;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+/**
+ * Enable an HTTP method of a REST implementation for cross-scripting. To apply
+ * CORS to a specific REST endpoint, annotate the endpoint method in the REST
+ * implementation with this annotation. To apply CORS to all endpoints in a REST
+ * implementation, annotate the REST class. If both are applied, method
+ * annotations (when existing) take precedence over the class annotation.
+ * Dynamic resolution of the allowed origin, allowed methods, and allowed
+ * headers can be provided by implementing a method within the REST
+ * implementation class. The method has the naming scheme
+ * <code>config ([+ method] + impl) [+cardinality]</code> where
+ * <code>config = allowOrigin | allowMethods | allowHeaders</code>,
+ * <code>method</code> is the HTTP method, <code>impl</code> is the name of the
+ * REST implementation method, <code>cardinality</code> is the number of
+ * arguments (see REST implementation). Use <code>All</code> to match all
+ * methods. The method name is written in camel case. Dynamic value resolution
+ * is attempted at runtime using the following algorithm:
+ * <ol>
+ * <ul>
+ * Look for the most specific method. Example: allowOriginPostUser0()
+ * </ul>
+ * <ul>
+ * Look for the most specific method excluding cardinality. Example:
+ * allowOriginPostUser()
+ * </ul>
+ * <ul>
+ * Look for the most specific method for any HTTP method. Example:
+ * allowOriginAllUser0()
+ * </ul>
+ * <ul>
+ * Look for the most specific method for any HTTP method, excluding cardinality.
+ * Example: allowOriginAllUser()
+ * </ul>
+ * <ul>
+ * Look for the catch-all method. Example: allowOrigin()
+ * </ul>
+ * </ol>
+ * <code>allowOrigin</code> must have the signature
+ * <code>java.util.function.Function<String, Optional<String>> allowOrigin[method][impl][cardinality]()</code>
+ * as specified above. <code>allowMethods</code> must have the signature
+ * <code>java.util.function.Function<String, String> allowMethods[method][impl][cardinality]()</code>
+ * as specified as described above. <code>allowHeaders</code> must have the
+ * signature
+ * <code>BiFunction<String, List<String>, String> allowHeaders[method][impl][cardinality]()</code>
+ * as specified as described above. Example: <code>
+ * java.util.Function<String, Optional<String>> allowOrigin() {
+ *   return origin -> {
+ *     ... // dynamic code here
+ *   };
+ * }
+ * </code>
+ */
+@Retention(RetentionPolicy.RUNTIME)
+@Target({
+		ElementType.TYPE, ElementType.METHOD
+})
+public @interface CORS {
+
+	/**
+	 * The marker value to indicate use of dynamic value resolution.
+	 */
+	public static final String	DYNAMIC	= "DYNAMIC";
+
+	/**
+	 * Accept all origins or headers.
+	 */
+	public static final String	ALL		= "*";
+
+	/**
+	 * The value to use for the Access-Control-Allow-Origin header. Set as
+	 * "DYNAMIC" to use dynamic resolution. For security reasons, by default no
+	 * origins are accepted. To accept an origin this value must be configured.
+	 */
+	String origin() default "";
+
+	/**
+	 * The value to use for the Access-Control-Allow-Methods header. Set as a
+	 * single value "DYNAMIC" to use dynamic resolution. When the value is
+	 * static, the provided allowed methods will be used for all origins. When
+	 * the value "*" is provided, the allowed methods will be the same as those
+	 * provided in the Allow header (i.e. all methods are allowed) for all
+	 * origins. To provide per-origin allowed methods, use dynamic resolution.
+	 * For security purposes, by default no methods are accepted.
+	 */
+	String[] allowMethods() default {};
+
+	/**
+	 * The value to use for the Access-Control-Allow-Headers header. Set as a
+	 * single value "DYNAMIC" to use dynamic resolution.
+	 */
+	String[] allowHeaders() default {
+			"Content-Type"
+	};
+
+	/**
+	 * Determines whether or not the Access-Control-Allow-Credentials header
+	 * gets set. When configured to {@code true}, the CORS header will be set to
+	 * "true". Otherwise, the header is not set.
+	 */
+	boolean allowCredentials() default false;
+
+	/**
+	 * Custom headers to expose to the cross-site requestor. If the list is not
+	 * empty, sets the CORS header Access-Control-Expose-Headers to the values
+	 * provided.
+	 */
+	String[] exposeHeaders() default {
+			"X-Powered-By"
+	};
+
+	/**
+	 * Sets the Access-Control-Max-Age to the value provided.
+	 */
+	int maxAge() default 86400;
+}

osgi.enroute.polymer.app.webresource/1.0.0/pouchdb-find/package.json

@@ -62,7 +62,7 @@
     "mkdirp": "^0.5.0",
     "mocha": "~1.18",
     "phantomjs": "^1.9.7-5",
-    "pouchdb": "^5.2.0",
+    "pouchdb": "~> 6.0.5",
     "query-string": "^2.4.2",
     "request": "^2.36.0",
     "sauce-connect-launcher": "^0.4.2",