@appwarden/middleware 1.0.16

package/chunk-C7APN7T6.js

@@ -0,0 +1,821 @@
+// src/constants.ts
+var LOCKDOWN_TEST_EXPIRY_MS = 5 * 60 * 1e3;
+var removedHeaders = ["X-Powered-By", "Server"];
+var securityHeaders = [
+  ["Strict-Transport-Security", "max-age=31536000; includeSubDomains; preload"],
+  ["X-Frame-Options", "DENY"],
+  ["X-XSS-Protection", "1; mode=block"],
+  ["X-Content-Type-Options", "nosniff"],
+  ["Referrer-Policy", "no-referrer, strict-origin-when-cross-origin"],
+  ["X-DNS-Prefetch-Control", "on"]
+];
+var errors = { badCacheConnection: "BAD_CACHE_CONNECTION" };
+var globalErrors = [errors.badCacheConnection];
+var APPWARDEN_TEST_ROUTE = "_appwarden/test";
+
+// src/schemas/vercel.ts
+import { z as z4 } from "zod";
+
+// src/utils/debug.ts
+var debug = (...msg) => {
+  if (true) {
+    console.log(...msg);
+  }
+};
+
+// src/utils/memory-cache.ts
+var MemoryCache = class {
+  cache = /* @__PURE__ */ new Map();
+  maxSize;
+  constructor(options) {
+    this.maxSize = options.maxSize;
+  }
+  get(key) {
+    let item;
+    if (this.cache.has(key)) {
+      item = this.cache.get(key);
+      this.cache.delete(key);
+      this.cache.set(key, item);
+    }
+    return item;
+  }
+  put(key, value) {
+    if (this.cache.has(key)) {
+      this.cache.delete(key);
+    } else if (this.cache.size >= this.maxSize) {
+      const firstKey = this.cache.keys().next().value;
+      this.cache.delete(firstKey);
+    }
+    this.cache.set(key, value);
+  }
+  getValues() {
+    return this.cache;
+  }
+  // the default value will be expired here
+  static isExpired = (lockValue) => {
+    if (!lockValue) {
+      return true;
+    }
+    return Date.now() > lockValue.lastCheck + 3e4;
+  };
+  static isTestExpired = (lockValue) => {
+    if (!lockValue) {
+      return true;
+    }
+    return Date.now() > lockValue.isLockedTest + LOCKDOWN_TEST_EXPIRY_MS;
+  };
+};
+
+// src/utils/print-message.ts
+var printMessage = (message) => `[@appwarden/middleware] ${message}`;
+
+// src/utils/vercel/delete-edge-value.ts
+var deleteEdgeValue = async ({
+  keyName,
+  provider,
+  connectionString,
+  edgeConfigId,
+  vercelApiToken
+}) => {
+  try {
+    switch (provider) {
+      case "edge-config": {
+        const res = await fetch(
+          `https://api.vercel.com/v1/edge-config/${edgeConfigId}/items`,
+          {
+            method: "PATCH",
+            headers: {
+              Authorization: `Bearer ${vercelApiToken}`,
+              "Content-Type": "application/json"
+            },
+            body: JSON.stringify({
+              items: [
+                {
+                  key: keyName,
+                  operation: "delete"
+                }
+              ]
+            })
+          }
+        );
+        if (res.status !== 200) {
+          let response = void 0;
+          try {
+            response = await res.json();
+          } catch (error) {
+          }
+          throw new Error(
+            `api.vercel.com/v1/edge-config responded with ${res.status} - ${res.statusText}${response?.error?.message ? ` - ${response?.error?.message}` : ""}`
+          );
+        }
+        break;
+      }
+      case "upstash": {
+        const [url, token] = connectionString.split("@");
+        const { Redis } = await import("@upstash/redis");
+        const redis = new Redis({ url, token });
+        await redis.del(keyName);
+        break;
+      }
+      default:
+        throw new Error(`Unsupported provider: ${provider}`);
+    }
+  } catch (e) {
+    const message = "Failed to delete edge value";
+    console.error(
+      printMessage(e instanceof Error ? `${message} - ${e.message}` : message)
+    );
+  }
+};
+
+// src/schemas/cloudflare.ts
+import { z as z2 } from "zod";
+
+// src/schemas/helpers.ts
+import { z } from "zod";
+var BoolOrStringSchema = z.union([z.string(), z.boolean()]).optional();
+var BooleanSchema = BoolOrStringSchema.transform((val) => {
+  if (val === "true" || val === true) {
+    return true;
+  } else if (val === "false" || val === false) {
+    return false;
+  }
+  throw new Error("Invalid value");
+});
+var BaseOutputConfigSchema = z.object({
+  debug: BooleanSchema.default(false),
+  appwardenApiToken: z.string().refine((appwardenApiToken) => !!appwardenApiToken, {
+    message: printMessage(
+      "Please provide a valid `appwardenApiToken`. Learn more at https://appwarden.com/docs/api-tokens."
+    ),
+    path: ["appwardenApiToken"]
+  }),
+  lockPageSlug: z.string()
+});
+var LockValue = z.object({
+  isLocked: z.number(),
+  isLockedTest: z.number(),
+  lastCheck: z.number(),
+  code: z.string()
+});
+
+// src/schemas/cloudflare.ts
+var ConfigOutputSchema = BaseOutputConfigSchema.extend({
+  middleware: z2.object({ before: z2.custom().array().default([]) }).default({})
+});
+var ConfigFnInputSchema = z2.function().args(z2.custom()).returns(
+  ConfigOutputSchema.extend({
+    debug: BoolOrStringSchema
+  })
+);
+var CloudflareConfigFnOutputSchema = z2.function().args(z2.custom()).returns(ConfigOutputSchema);
+
+// src/schemas/nextjs.ts
+import { z as z3 } from "zod";
+var ConfigOutputSchema2 = BaseOutputConfigSchema;
+var NextJsConfigFnOutputSchema = z3.function().args(z3.custom()).returns(ConfigOutputSchema2);
+
+// src/utils/vercel/get-lock-value.ts
+var getLockValue = async (context) => {
+  try {
+    let shouldDeleteEdgeValue = false;
+    let serializedValue, lockValue = {
+      isLocked: 0,
+      isLockedTest: 0,
+      lastCheck: 0,
+      code: ""
+    };
+    switch (context.provider) {
+      case "edge-config": {
+        const { createClient } = await import("@vercel/edge-config");
+        const edgeConfig = createClient(context.connectionString);
+        serializedValue = await edgeConfig.get(
+          context.keyName
+        );
+        break;
+      }
+      case "upstash": {
+        const [url, token] = context.connectionString.split("@");
+        const { Redis } = await import("@upstash/redis");
+        const redis = new Redis({ url, token });
+        const redisValue = await redis.get(context.keyName);
+        serializedValue = redisValue === null ? void 0 : redisValue;
+        break;
+      }
+      default:
+        throw new Error(`Unsupported provider: ${context.provider}`);
+    }
+    if (!serializedValue) {
+      return { lockValue: void 0 };
+    }
+    try {
+      lockValue = LockValue.parse(JSON.parse(serializedValue));
+    } catch (error) {
+      console.error(
+        printMessage(
+          `Failed to parse ${context.keyName} from edge cache - ${error}`
+        )
+      );
+      shouldDeleteEdgeValue = true;
+    }
+    return { lockValue, shouldDeleteEdgeValue };
+  } catch (e) {
+    const message = "Failed to retrieve edge value";
+    console.error(
+      printMessage(e instanceof Error ? `${message} - ${e.message}` : message)
+    );
+    if (e instanceof Error) {
+      if (e.message.includes("Invalid connection string provided")) {
+        throw new Error(errors.badCacheConnection);
+      }
+    }
+    return { lockValue: void 0 };
+  }
+};
+
+// src/utils/vercel/sync-edge-value.ts
+var APIError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "APIError";
+  }
+};
+var syncEdgeValue = async (context) => {
+  debug("syncing with api");
+  try {
+    const response = await fetch(new URL("/v1/status/check", "https://bot-gateway.appwarden.io"), {
+      method: "POST",
+      headers: { "content-type": "application/json" },
+      body: JSON.stringify({
+        service: "vercel",
+        provider: context.provider,
+        fqdn: context.requestUrl.hostname,
+        edgeConfigId: context.edgeConfigId ?? "",
+        vercelApiToken: context.vercelApiToken ?? "",
+        appwardenApiToken: context.appwardenApiToken,
+        connectionString: context.connectionString
+      })
+    });
+    if (response.status !== 200) {
+      throw new Error(`${response.status} ${response.statusText}`);
+    }
+    if (response.headers.get("content-type")?.includes("application/json")) {
+      const result = await response.json();
+      if (result.error) {
+        throw new APIError(result.error.message);
+      }
+    }
+  } catch (e) {
+    const message = "Failed to fetch from check endpoint";
+    console.error(
+      printMessage(
+        e instanceof APIError ? e.message : e instanceof Error ? `${message} - ${e.message}` : message
+      )
+    );
+  }
+};
+
+// src/utils/handle-vercel-request.ts
+var handleVercelRequest = async (context, options) => {
+  let cachedLockValue = context.memoryCache.get(context.keyName);
+  const shouldRecheck = MemoryCache.isExpired(cachedLockValue);
+  if (shouldRecheck) {
+    const { lockValue, shouldDeleteEdgeValue } = await getLockValue(context);
+    if (lockValue) {
+      context.memoryCache.put(context.keyName, lockValue);
+    }
+    if (shouldDeleteEdgeValue) {
+      await deleteEdgeValue(context);
+    }
+    cachedLockValue = lockValue;
+  }
+  if (cachedLockValue?.isLocked || context.requestUrl.pathname === APPWARDEN_TEST_ROUTE && !MemoryCache.isTestExpired(cachedLockValue)) {
+    options.onLocked();
+  }
+  return cachedLockValue;
+};
+
+// src/utils/middleware.ts
+var usePipeline = (...initMiddlewares) => {
+  const stack = [...initMiddlewares];
+  const execute = async (context) => {
+    const runner = async (prevIndex, index) => {
+      if (index === prevIndex) {
+        throw new Error("next() called multiple times");
+      }
+      if (index >= stack.length) {
+        return;
+      }
+      const middleware = stack[index];
+      const next = async () => runner(index, index + 1);
+      await middleware(context, next);
+    };
+    await runner(-1, 0);
+  };
+  return {
+    execute
+  };
+};
+
+// src/utils/render-lock-page.ts
+var renderLockPage = (context) => fetch(new URL(context.lockPageSlug, context.requestUrl.origin), {
+  headers: {
+    // no browser caching, otherwise we need to hard refresh to disable lock screen
+    "Cache-Control": "no-store"
+  }
+});
+
+// src/schemas/vercel.ts
+var MiddlewareSchema = z4.custom(
+  (val) => typeof val === "function"
+);
+var BaseNextJsConfigSchema = z4.object({
+  provider: z4.enum(["upstash", "edge-config"]),
+  lockPageSlug: z4.string(),
+  connectionString: z4.string(),
+  edgeConfigId: z4.string().optional(),
+  vercelApiToken: z4.string().optional(),
+  appwardenApiToken: z4.string()
+});
+var AppwardenConfigSchema = BaseNextJsConfigSchema.refine(
+  (data) => !!data.appwardenApiToken,
+  {
+    message: printMessage(
+      "Please provide a valid `appwardenApiToken`. Learn more at https://appwarden.com/docs/api-tokens."
+    ),
+    path: ["appwardenApiToken"]
+  }
+).refine(
+  (data) => {
+    return data.provider === "upstash" && data.connectionString.includes("upstash.io") || data.provider === "edge-config" && data.connectionString.includes("edge-config.vercel.com");
+  },
+  {
+    message: printMessage(
+      "Invalid connection string for the selected `provider`"
+    ),
+    path: ["connectionString"]
+  }
+).refine(
+  (data) => {
+    return data.provider === "upstash" && data.connectionString.includes("upstash") || data.provider === "edge-config" && data.connectionString.includes("edge-config");
+  },
+  {
+    message: printMessage(
+      "Invalid connection string for the selected `provider`"
+    ),
+    path: ["connectionString"]
+  }
+).refine(
+  (data) => {
+    if (data.provider === "edge-config") {
+      return !!data.vercelApiToken;
+    }
+    return true;
+  },
+  {
+    message: printMessage("Missing vercelApiToken when provider=edge-config"),
+    path: ["vercelApiToken"]
+  }
+).refine(
+  (data) => {
+    if (data.provider === "edge-config") {
+      return !!data.edgeConfigId;
+    }
+    return true;
+  },
+  {
+    message: printMessage(
+      "Missing `edgeConfigId` when `provider=edge-config`"
+    ),
+    path: ["edgeConfigId"]
+  }
+);
+
+// src/middlewares/use-content-security-policy.ts
+import { z as z7 } from "zod";
+
+// src/types/csp.ts
+import { z as z5 } from "zod";
+var stringySchema = z5.union([z5.array(z5.string()), z5.string(), z5.boolean()]);
+var ContentSecurityPolicySchema = z5.object({
+  "default-src": stringySchema.optional(),
+  "script-src": stringySchema.optional(),
+  "style-src": stringySchema.optional(),
+  "img-src": stringySchema.optional(),
+  "connect-src": stringySchema.optional(),
+  "font-src": stringySchema.optional(),
+  "object-src": stringySchema.optional(),
+  "media-src": stringySchema.optional(),
+  "frame-src": stringySchema.optional(),
+  sandbox: stringySchema.optional(),
+  "report-uri": stringySchema.optional(),
+  "child-src": stringySchema.optional(),
+  "form-action": stringySchema.optional(),
+  "frame-ancestors": stringySchema.optional(),
+  "plugin-types": stringySchema.optional(),
+  "base-uri": stringySchema.optional(),
+  "report-to": stringySchema.optional(),
+  "worker-src": stringySchema.optional(),
+  "manifest-src": stringySchema.optional(),
+  "prefetch-src": stringySchema.optional(),
+  "navigate-to": stringySchema.optional(),
+  "require-sri-for": stringySchema.optional(),
+  "block-all-mixed-content": stringySchema.optional(),
+  "upgrade-insecure-requests": stringySchema.optional(),
+  "trusted-types": stringySchema.optional(),
+  "require-trusted-types-for": stringySchema.optional()
+});
+
+// src/types/middleware.ts
+import { z as z6 } from "zod";
+var MiddlewareNextSchema = z6.union([
+  z6.void(),
+  z6.null(),
+  z6.promise(z6.union([z6.void(), z6.null()]))
+]);
+
+// src/middlewares/use-content-security-policy.ts
+var CSPDirectivesSchema = z7.union([
+  z7.string(),
+  ContentSecurityPolicySchema
+]);
+var CSPEnforcedSchema = BoolOrStringSchema;
+var InputConfigSchema = z7.object({
+  directives: CSPDirectivesSchema,
+  enforce: CSPEnforcedSchema
+});
+var OutputSchema = z7.object({
+  directives: z7.union([z7.string(), ContentSecurityPolicySchema]).transform(
+    (val) => typeof val === "string" ? JSON.parse(val) : val
+  ),
+  enforce: z7.boolean().default(false)
+});
+var AppendAttribute = (attribute, nonce) => ({
+  element: function(element) {
+    element.setAttribute(attribute, nonce);
+  }
+});
+var addNonce = (value, cspNonce) => value.replace("{{nonce}}", `'nonce-${cspNonce}'`);
+var makeCSPHeader = (cspNonce, directives, enforce) => {
+  const namesSeen = /* @__PURE__ */ new Set(), result = [];
+  Object.entries(directives).forEach(([originalName, value]) => {
+    const name = originalName.replace(/([a-z])([A-Z])/g, "$1-$2").toLowerCase();
+    if (namesSeen.has(name)) {
+      throw new Error(`${originalName} is specified more than once`);
+    }
+    namesSeen.add(name);
+    if (Array.isArray(value)) {
+      value = addNonce(value.join(" "), cspNonce);
+    } else if (value === true) {
+      value = "";
+    }
+    if (value) {
+      result.push(`${name} ${addNonce(value, cspNonce)}`);
+    } else if (value !== false) {
+      result.push(name);
+    }
+  });
+  return [
+    enforce ? "Content-Security-Policy" : "Content-Security-Policy-Report-Only",
+    result.join("; ")
+  ];
+};
+var useContentSecurityPolicy = (input) => {
+  const parsedInput = OutputSchema.safeParse(input);
+  if (!parsedInput.success) {
+    throw new Error(
+      printMessage(`Input validation failed ${parsedInput.error.message}`)
+    );
+  }
+  const config = parsedInput.data;
+  return async (context, next) => {
+    const { request } = context;
+    const response = await fetch(
+      new Request(request, {
+        ...request,
+        redirect: "follow"
+      })
+    );
+    if (response.status > 300 && response.status < 400 || response.redirected) {
+      context.response = Response.redirect(
+        response.url,
+        response.status === 200 ? 307 : response.status
+      );
+      await next();
+      return;
+    }
+    if (response.headers.has("Content-Type") && !response.headers.get("Content-Type")?.includes("text/html")) {
+      context.response = response;
+      await next();
+      return;
+    }
+    const cspNonce = btoa(crypto.getRandomValues(new Uint32Array(2)).toString());
+    const [cspHeaderName, cspHeaderValue] = makeCSPHeader(
+      cspNonce,
+      config.directives,
+      config.enforce
+    );
+    const nextResponse = new Response(response.body, response);
+    nextResponse.headers.set(cspHeaderName, cspHeaderValue);
+    nextResponse.headers.set("content-type", "text/html; charset=utf-8");
+    removedHeaders.forEach((name) => {
+      nextResponse.headers.delete(name);
+    });
+    securityHeaders.forEach(([name, value]) => {
+      nextResponse.headers.set(name, value);
+    });
+    context.response = new HTMLRewriter().on("style", AppendAttribute("nonce", cspNonce)).on("script", AppendAttribute("nonce", cspNonce)).transform(nextResponse);
+    await next();
+  };
+};
+
+// src/utils/cloudflare/cloudflare-cache.ts
+var store = {
+  json: (context, cacheKey, options) => {
+    const cacheKeyUrl = new URL(cacheKey, context.serviceOrigin);
+    return {
+      getValue: () => getCacheValue(context, cacheKeyUrl),
+      updateValue: (json) => updateCacheValue(
+        context,
+        cacheKeyUrl,
+        json,
+        options?.cacheExpirationSeconds
+      ),
+      deleteValue: () => clearCache(context, cacheKeyUrl)
+    };
+  }
+};
+var getCacheValue = async (context, cacheKey) => {
+  const match = await context.cache.match(cacheKey);
+  if (!match) {
+    debug(`[${cacheKey.pathname}] Cache MISS!`);
+    return void 0;
+  }
+  debug(`[${cacheKey.pathname}] Cache MATCH!`);
+  return match;
+};
+var updateCacheValue = async (context, cacheKey, value, cacheExpirationSeconds) => {
+  debug(
+    "updating cache...",
+    cacheKey.pathname,
+    value,
+    cacheExpirationSeconds ? `expires in ${cacheExpirationSeconds}s` : ""
+  );
+  await context.cache.put(
+    cacheKey,
+    new Response(JSON.stringify(value), {
+      headers: {
+        "content-type": "application/json",
+        ...cacheExpirationSeconds && {
+          "cache-control": `max-age=${cacheExpirationSeconds}`
+        }
+      }
+    })
+  );
+};
+var clearCache = (context, cacheKey) => context.cache.delete(cacheKey);
+
+// src/utils/cloudflare/create-response.ts
+var createResponse = (body, status) => new Response(body, {
+  status
+});
+
+// src/utils/cloudflare/delete-edge-value.ts
+var deleteEdgeValue2 = async (context) => {
+  try {
+    switch (context.provider) {
+      case "cloudflare-cache": {
+        const success = await context.edgeCache.deleteValue();
+        if (!success) {
+          throw new Error();
+        }
+        break;
+      }
+      default:
+        throw new Error(`Unsupported provider: ${context.provider}`);
+    }
+  } catch (e) {
+    const message = "Failed to delete edge value";
+    console.error(
+      printMessage(e instanceof Error ? `${message} - ${e.message}` : message)
+    );
+  }
+};
+
+// src/utils/cloudflare/get-lock-value.ts
+var getLockValue2 = async (context) => {
+  try {
+    let shouldDeleteEdgeValue = false;
+    let cacheResponse, lockValue = {
+      isLockedTest: 0,
+      isLocked: 0,
+      lastCheck: Date.now(),
+      code: ""
+    };
+    switch (context.provider) {
+      case "cloudflare-cache": {
+        cacheResponse = await context.edgeCache.getValue();
+        break;
+      }
+      default:
+        throw new Error(`Unsupported provider: ${context.provider}`);
+    }
+    if (!cacheResponse) {
+      return { lockValue: void 0 };
+    }
+    try {
+      const clonedResponse = cacheResponse?.clone();
+      lockValue = LockValue.parse(
+        clonedResponse ? await clonedResponse.json() : void 0
+      );
+    } catch (error) {
+      console.error(
+        printMessage(
+          `Failed to parse ${context.keyName} from edge cache - ${error}`
+        )
+      );
+      shouldDeleteEdgeValue = true;
+    }
+    return { lockValue, shouldDeleteEdgeValue };
+  } catch (e) {
+    const message = "Failed to retrieve edge value";
+    console.error(
+      printMessage(e instanceof Error ? `${message} - ${e.message}` : message)
+    );
+    return { lockValue: void 0 };
+  }
+};
+
+// src/utils/cloudflare/sync-edge-value.ts
+var APIError2 = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "APIError";
+  }
+};
+var syncEdgeValue2 = async (context) => {
+  debug(`syncing with api ${"https://bot-gateway.appwarden.io"}`);
+  try {
+    const response = await fetch(new URL("/v1/status/check", "https://bot-gateway.appwarden.io"), {
+      method: "POST",
+      headers: { "content-type": "application/json" },
+      body: JSON.stringify({
+        service: "cloudflare",
+        provider: context.provider,
+        fqdn: context.requestUrl.hostname,
+        appwardenApiToken: context.appwardenApiToken
+      })
+    });
+    if (response.status !== 200) {
+      throw new Error(`${response.status} ${response.statusText}`);
+    }
+    if (response.headers.get("content-type")?.includes("application/json")) {
+      const result = await response.json();
+      if (result.error) {
+        throw new APIError2(result.error.message);
+      }
+      if (result.content) {
+        try {
+          const parsedValue = LockValue.omit({ lastCheck: true }).parse(
+            result.content
+          );
+          debug(
+            `syncing with api...DONE ${JSON.stringify(parsedValue, null, 2)}`
+          );
+          await context.edgeCache.updateValue({
+            ...parsedValue,
+            lastCheck: Date.now()
+          });
+        } catch (error) {
+          throw new APIError2(`Failed to parse check endpoint result - ${error}`);
+        }
+      }
+    }
+  } catch (e) {
+    const message = "Failed to fetch from check endpoint";
+    console.error(
+      printMessage(
+        e instanceof APIError2 ? e.message : e instanceof Error ? `${message} - ${e.message}` : message
+      )
+    );
+  }
+};
+
+// src/handlers/maybe-quarantine.ts
+var resolveLockValue = async (context, options) => {
+  const { lockValue, shouldDeleteEdgeValue } = await getLockValue2(context);
+  if (shouldDeleteEdgeValue) {
+    await deleteEdgeValue2(context);
+  }
+  if (lockValue?.isLocked || context.requestUrl.pathname === APPWARDEN_TEST_ROUTE && !MemoryCache.isTestExpired(lockValue)) {
+    await options.onLocked();
+  }
+  return lockValue;
+};
+var maybeQuarantine = async (context, options) => {
+  const cachedLockValue = await resolveLockValue(context, {
+    onLocked: options.onLocked
+  });
+  const shouldRecheck = MemoryCache.isExpired(cachedLockValue);
+  if (shouldRecheck) {
+    if (!cachedLockValue || cachedLockValue.isLocked) {
+      await syncEdgeValue2(context);
+      await resolveLockValue(context, {
+        onLocked: options.onLocked
+      });
+    } else {
+      context.waitUntil(syncEdgeValue2(context));
+    }
+  }
+};
+
+// src/handlers/reset-cache.ts
+var isResetCacheRequest = (request) => request.method === "POST" && new URL(request.url).pathname === "/__appwarden/reset-cache" && request.headers.get("content-type") === "application/json";
+var handleResetCache = async (keyName, provider, edgeCache, request) => {
+  const { lockValue } = await getLockValue2({
+    keyName,
+    provider,
+    edgeCache
+  });
+  try {
+    const body = await request.clone().json();
+    if (body.code === lockValue?.code) {
+      await edgeCache.deleteValue();
+    }
+  } catch (error) {
+  }
+};
+
+// src/middlewares/use-appwarden.ts
+var useAppwarden = (input) => async (context, next) => {
+  const { request, response } = context;
+  try {
+    const requestUrl = new URL(request.url);
+    const provider = "cloudflare-cache";
+    const keyName = "appwarden-lock";
+    const edgeCache = store.json(
+      {
+        serviceOrigin: requestUrl.origin,
+        cache: await caches.open("appwarden:lock")
+      },
+      keyName
+    );
+    if (isResetCacheRequest(request)) {
+      await handleResetCache(keyName, provider, edgeCache, request);
+      await next();
+      return;
+    }
+    const isHTMLRequest = response.headers.get("Content-Type")?.includes("text/html");
+    if (isHTMLRequest) {
+      const context_ = {
+        keyName,
+        request,
+        edgeCache,
+        requestUrl,
+        provider,
+        debug: input.debug,
+        lockPageSlug: input.lockPageSlug,
+        appwardenApiToken: input.appwardenApiToken,
+        waitUntil: (fn) => context.waitUntil(fn)
+      };
+      await maybeQuarantine(context_, {
+        onLocked: async () => {
+          context.response = await renderLockPage(context_);
+        }
+      });
+    }
+  } catch (e) {
+    const message = "Appwarden encountered an unknown error. Please contact Appwarden support at https://appwarden.io/join-community.";
+    console.error(
+      printMessage(
+        e instanceof Error ? `${message} - ${e.message}` : message
+      )
+    );
+  }
+  await next();
+};
+
+export {
+  LOCKDOWN_TEST_EXPIRY_MS,
+  globalErrors,
+  debug,
+  MemoryCache,
+  printMessage,
+  CloudflareConfigFnOutputSchema,
+  NextJsConfigFnOutputSchema,
+  BaseNextJsConfigSchema,
+  AppwardenConfigSchema,
+  syncEdgeValue,
+  handleVercelRequest,
+  usePipeline,
+  renderLockPage,
+  store,
+  createResponse,
+  maybeQuarantine,
+  isResetCacheRequest,
+  handleResetCache,
+  useAppwarden,
+  CSPDirectivesSchema,
+  CSPEnforcedSchema,
+  useContentSecurityPolicy
+};