@appwarden/middleware 3.11.5 → 3.12.0

package/cloudflare/react-router.js

@@ -1,33 +1,34 @@
 import {
+  applyContentSecurityPolicyToResponse,
   isResponseLike
-} from "../chunk-XFG6SUSV.js";
+} from "../chunk-M2YVPCTG.js";
+import "../chunk-ILIYP3TG.js";
 import {
-  useContentSecurityPolicy
-} from "../chunk-WBWF3PPX.js";
-import {
-  getNowMs
-} from "../chunk-X7WZVYQS.js";
+  getNowMs,
+  logElapsed
+} from "../chunk-G6BMPIYD.js";
 import {
   checkLockStatus
-} from "../chunk-QC2ZUZWY.js";
+} from "../chunk-EXGUJ5XK.js";
 import {
   buildLockPageUrl,
+  createHeartbeatConfigError,
   createRedirect,
   debug,
+  handleHeartbeatRequest,
   isHTMLRequest,
-  isOnLockPage
-} from "../chunk-AY4ZKZTF.js";
-import {
-  UseCSPInputSchema
-} from "../chunk-ZTVJBORU.js";
-import {
-  printMessage
-} from "../chunk-R7TXTHSG.js";
+  isHeartbeatRequest,
+  isOnLockPage,
+  printMessage,
+  sanitizeConfigErrors
+} from "../chunk-HTSD4WPC.js";
 import {
   AppwardenApiHostnameSchema,
   AppwardenApiTokenSchema,
-  BooleanSchema
-} from "../chunk-WEM7GS4M.js";
+  BooleanSchema,
+  HEARTBEAT_SERVICES,
+  UseCSPInputSchema
+} from "../chunk-Z7P4QVEY.js";
 
 // src/adapters/react-router-cloudflare.ts
 import { waitUntil } from "cloudflare:workers";
@@ -48,10 +49,63 @@ var ReactRouterCloudflareConfigSchema = z.object({
 });
 
 // src/adapters/react-router-cloudflare.ts
+var createConfigEvaluationHeartbeatResponse = (request) => {
+  return handleHeartbeatRequest(
+    request,
+    HEARTBEAT_SERVICES.CLOUDFLARE_REACT_ROUTER,
+    [
+      createHeartbeatConfigError(
+        ["config"],
+        "custom",
+        "Appwarden config evaluation failed"
+      )
+    ]
+  );
+};
+var handleReactRouterHeartbeatRequest = (request, configFn) => {
+  try {
+    const validationResult = ReactRouterCloudflareConfigSchema.safeParse(configFn());
+    return handleHeartbeatRequest(
+      request,
+      HEARTBEAT_SERVICES.CLOUDFLARE_REACT_ROUTER,
+      validationResult.success ? [] : sanitizeConfigErrors(validationResult.error)
+    );
+  } catch {
+    return createConfigEvaluationHeartbeatResponse(request);
+  }
+};
 function createAppwardenMiddleware(configFn) {
   return async (args, next) => {
     const startTime = getNowMs();
     const { request } = args;
+    let config;
+    let debugFn;
+    const requestUrl = new URL(request.url);
+    const applyCspToResponse = async (response2) => {
+      if (!config.contentSecurityPolicy || !isResponseLike(response2)) {
+        return response2;
+      }
+      try {
+        return await applyContentSecurityPolicyToResponse({
+          request,
+          response: response2,
+          hostname: requestUrl.hostname,
+          waitUntil,
+          debug: debugFn,
+          contentSecurityPolicy: config.contentSecurityPolicy
+        });
+      } catch (error) {
+        console.error(
+          printMessage(
+            `Failed to apply content security policy: ${error instanceof Error ? error.message : String(error)}`
+          )
+        );
+        return response2;
+      }
+    };
+    if (isHeartbeatRequest(request, requestUrl)) {
+      return handleReactRouterHeartbeatRequest(request, configFn);
+    }
     try {
       const configInput = configFn();
       const validationResult = ReactRouterCloudflareConfigSchema.safeParse(configInput);
@@ -63,9 +117,8 @@ function createAppwardenMiddleware(configFn) {
         );
         return next();
       }
-      const config = validationResult.data;
-      const debugFn = debug(config.debug);
-      const requestUrl = new URL(request.url);
+      config = validationResult.data;
+      debugFn = debug(config.debug);
       const isHTML = isHTMLRequest(request);
       debugFn(
         `Appwarden middleware invoked for ${requestUrl.pathname}`,
@@ -75,45 +128,23 @@ function createAppwardenMiddleware(configFn) {
         return next();
       }
       if (isOnLockPage(config.lockPageSlug, request.url)) {
-        debugFn("Already on lock page - skipping");
-        return next();
-      }
-      const result = await checkLockStatus({
-        request,
-        appwardenApiToken: config.appwardenApiToken,
-        appwardenApiHostname: config.appwardenApiHostname,
-        debug: config.debug,
-        lockPageSlug: config.lockPageSlug,
-        waitUntil
-      });
-      if (result.isLocked) {
-        const lockPageUrl = buildLockPageUrl(config.lockPageSlug, request.url);
-        debugFn(`Website is locked - redirecting to ${lockPageUrl.pathname}`);
-        throw createRedirect(lockPageUrl);
-      }
-      debugFn("Website is unlocked");
-      const response = await next();
-      if (config.contentSecurityPolicy && isResponseLike(response)) {
-        const cspContext = {
+        debugFn("Already on lock page - skipping lock status check");
+      } else {
+        const result = await checkLockStatus({
           request,
-          response,
-          hostname: requestUrl.hostname,
-          waitUntil,
-          debug: debugFn
-        };
-        await useContentSecurityPolicy(config.contentSecurityPolicy)(
-          cspContext,
-          async () => {
-          }
-          // no-op next
-        );
-        const elapsed2 = Math.round(getNowMs() - startTime);
-        debugFn(`Middleware executed in ${elapsed2}ms`);
-        return cspContext.response;
+          appwardenApiToken: config.appwardenApiToken,
+          appwardenApiHostname: config.appwardenApiHostname,
+          debug: config.debug,
+          lockPageSlug: config.lockPageSlug,
+          waitUntil
+        });
+        if (result.isLocked) {
+          const lockPageUrl = buildLockPageUrl(config.lockPageSlug, request.url);
+          debugFn(`Website is locked - redirecting to ${lockPageUrl.pathname}`);
+          throw createRedirect(lockPageUrl);
+        }
+        debugFn("Website is unlocked");
       }
-      const elapsed = Math.round(getNowMs() - startTime);
-      debugFn(`Middleware executed in ${elapsed}ms`);
-      return response;
     } catch (error) {
       if (isResponseLike(error)) {
         throw error;
@@ -125,6 +156,10 @@ function createAppwardenMiddleware(configFn) {
       );
       return next();
     }
+    const response = await next();
+    const finalResponse = isResponseLike(response) ? await applyCspToResponse(response) : response;
+    logElapsed(debugFn, startTime);
+    return finalResponse;
   };
 }
 export {

package/cloudflare/tanstack-start.d.ts

@@ -268,8 +268,8 @@ declare const TanStackStartCloudflareConfigSchema: z.ZodObject<{
         };
     }>>>;
 }, "strip", z.ZodTypeAny, {
-    debug: boolean;
     lockPageSlug: string;
+    debug: boolean;
     appwardenApiToken: string;
     contentSecurityPolicy?: {
         mode: "disabled" | "report-only" | "enforced";
@@ -306,7 +306,6 @@ declare const TanStackStartCloudflareConfigSchema: z.ZodObject<{
 }, {
     lockPageSlug: string;
     appwardenApiToken: string;
-    debug?: string | boolean | undefined;
     contentSecurityPolicy?: {
         mode: "disabled" | "report-only" | "enforced";
         directives: string | {
@@ -338,6 +337,7 @@ declare const TanStackStartCloudflareConfigSchema: z.ZodObject<{
             "require-trusted-types-for"?: string | boolean | string[] | undefined;
         };
     } | undefined;
+    debug?: string | boolean | undefined;
     appwardenApiHostname?: string | undefined;
 }>;
 type TanStackStartCloudflareConfig = z.infer<typeof TanStackStartCloudflareConfigSchema>;

package/cloudflare/tanstack-start.js

@@ -1,33 +1,34 @@
 import {
+  applyContentSecurityPolicyToResponse,
   isResponseLike
-} from "../chunk-XFG6SUSV.js";
+} from "../chunk-M2YVPCTG.js";
+import "../chunk-ILIYP3TG.js";
 import {
-  useContentSecurityPolicy
-} from "../chunk-WBWF3PPX.js";
-import {
-  getNowMs
-} from "../chunk-X7WZVYQS.js";
+  getNowMs,
+  logElapsed
+} from "../chunk-G6BMPIYD.js";
 import {
   checkLockStatus
-} from "../chunk-QC2ZUZWY.js";
+} from "../chunk-EXGUJ5XK.js";
 import {
   buildLockPageUrl,
+  createHeartbeatConfigError,
   createRedirect,
   debug,
+  handleHeartbeatRequest,
   isHTMLRequest,
-  isOnLockPage
-} from "../chunk-AY4ZKZTF.js";
-import {
-  UseCSPInputSchema
-} from "../chunk-ZTVJBORU.js";
-import {
-  printMessage
-} from "../chunk-R7TXTHSG.js";
+  isHeartbeatRequest,
+  isOnLockPage,
+  printMessage,
+  sanitizeConfigErrors
+} from "../chunk-HTSD4WPC.js";
 import {
   AppwardenApiHostnameSchema,
   AppwardenApiTokenSchema,
-  BooleanSchema
-} from "../chunk-WEM7GS4M.js";
+  BooleanSchema,
+  HEARTBEAT_SERVICES,
+  UseCSPInputSchema
+} from "../chunk-Z7P4QVEY.js";
 
 // src/adapters/tanstack-start-cloudflare.ts
 import { waitUntil } from "cloudflare:workers";
@@ -48,10 +49,60 @@ var TanStackStartCloudflareConfigSchema = z.object({
 });
 
 // src/adapters/tanstack-start-cloudflare.ts
+var createTanStackHeartbeatResponse = (request, configFn) => {
+  try {
+    const validationResult = TanStackStartCloudflareConfigSchema.safeParse(configFn());
+    return handleHeartbeatRequest(
+      request,
+      HEARTBEAT_SERVICES.CLOUDFLARE_TANSTACK_START,
+      validationResult.success ? [] : sanitizeConfigErrors(validationResult.error)
+    );
+  } catch {
+    return handleHeartbeatRequest(
+      request,
+      HEARTBEAT_SERVICES.CLOUDFLARE_TANSTACK_START,
+      [
+        createHeartbeatConfigError(
+          ["config"],
+          "custom",
+          "Appwarden config evaluation failed"
+        )
+      ]
+    );
+  }
+};
 function createAppwardenMiddleware(configFn) {
   const middleware = async (args) => {
     const startTime = getNowMs();
     const { request, next } = args;
+    let config;
+    let debugFn;
+    const requestUrl = new URL(request.url);
+    const applyCspToResponse = async (response2) => {
+      if (!config.contentSecurityPolicy || !isResponseLike(response2)) {
+        return response2;
+      }
+      try {
+        return await applyContentSecurityPolicyToResponse({
+          request,
+          response: response2,
+          hostname: requestUrl.hostname,
+          waitUntil,
+          debug: debugFn,
+          contentSecurityPolicy: config.contentSecurityPolicy
+        });
+      } catch (error) {
+        console.error(
+          printMessage(
+            `Failed to apply content security policy: ${error instanceof Error ? error.message : String(error)}`
+          )
+        );
+        return response2;
+      }
+    };
+    if (isHeartbeatRequest(request, requestUrl)) {
+      throw createTanStackHeartbeatResponse(request, configFn);
+    }
     try {
       const rawConfig = configFn();
       const validationResult = TanStackStartCloudflareConfigSchema.safeParse(rawConfig);
@@ -63,9 +114,8 @@ function createAppwardenMiddleware(configFn) {
         );
         return next();
       }
-      const config = validationResult.data;
-      const debugFn = debug(config.debug ?? false);
-      const requestUrl = new URL(request.url);
+      config = validationResult.data;
+      debugFn = debug(config.debug ?? false);
       const isHTML = isHTMLRequest(request);
       debugFn(
         `Appwarden middleware invoked for ${requestUrl.pathname}`,
@@ -75,69 +125,27 @@ function createAppwardenMiddleware(configFn) {
         return next();
       }
       if (isOnLockPage(config.lockPageSlug, request.url)) {
-        debugFn("Already on lock page - skipping");
-        return next();
-      }
-      const lockStatus = await checkLockStatus({
-        request,
-        appwardenApiToken: config.appwardenApiToken,
-        appwardenApiHostname: config.appwardenApiHostname,
-        debug: config.debug,
-        lockPageSlug: config.lockPageSlug,
-        waitUntil
-      });
-      if (lockStatus.isLocked) {
-        const lockPageUrl = buildLockPageUrl(config.lockPageSlug, request.url);
-        debugFn(`Website is locked - redirecting to ${lockPageUrl.pathname}`);
-        const redirectResponse = createRedirect(lockPageUrl);
-        if (config.contentSecurityPolicy && isResponseLike(redirectResponse)) {
-          const cspContext = {
-            request,
-            response: redirectResponse,
-            hostname: requestUrl.hostname,
-            waitUntil,
-            debug: debugFn
-          };
-          await useContentSecurityPolicy(config.contentSecurityPolicy)(
-            cspContext,
-            async () => {
-            }
+        debugFn("Already on lock page - skipping lock status check");
+      } else {
+        const lockStatus = await checkLockStatus({
+          request,
+          appwardenApiToken: config.appwardenApiToken,
+          appwardenApiHostname: config.appwardenApiHostname,
+          debug: config.debug,
+          lockPageSlug: config.lockPageSlug,
+          waitUntil
+        });
+        if (lockStatus.isLocked) {
+          const lockPageUrl = buildLockPageUrl(config.lockPageSlug, request.url);
+          debugFn(`Website is locked - redirecting to ${lockPageUrl.pathname}`);
+          const redirectResponse = await applyCspToResponse(
+            createRedirect(lockPageUrl)
           );
-          const elapsed3 = Math.round(getNowMs() - startTime);
-          debugFn(`Middleware executed in ${elapsed3}ms`);
-          throw cspContext.response;
+          logElapsed(debugFn, startTime);
+          throw redirectResponse;
         }
-        const elapsed2 = Math.round(getNowMs() - startTime);
-        debugFn(`Middleware executed in ${elapsed2}ms`);
-        throw redirectResponse;
-      }
-      debugFn("Website is unlocked");
-      const result = await next();
-      const { response } = result;
-      if (config.contentSecurityPolicy && isResponseLike(response)) {
-        const cspContext = {
-          request,
-          response,
-          hostname: requestUrl.hostname,
-          waitUntil,
-          debug: debugFn
-        };
-        await useContentSecurityPolicy(config.contentSecurityPolicy)(
-          cspContext,
-          async () => {
-          }
-          // no-op next
-        );
-        const elapsed2 = Math.round(getNowMs() - startTime);
-        debugFn(`Middleware executed in ${elapsed2}ms`);
-        return {
-          ...result,
-          response: cspContext.response
-        };
+        debugFn("Website is unlocked");
       }
-      const elapsed = Math.round(getNowMs() - startTime);
-      debugFn(`Middleware executed in ${elapsed}ms`);
-      return result;
     } catch (error) {
       if (isResponseLike(error)) {
         throw error;
@@ -149,6 +157,10 @@ function createAppwardenMiddleware(configFn) {
       );
       return next();
     }
+    const result = await next();
+    const response = isResponseLike(result.response) ? await applyCspToResponse(result.response) : result.response;
+    logElapsed(debugFn, startTime);
+    return response === result.response ? result : { ...result, response };
   };
   return middleware;
 }

package/cloudflare.d.ts

@@ -1,4 +1,4 @@
-import { R as RequestContext, U as UseCSPInput, M as Middleware, B as Bindings } from './use-content-security-policy-CvdzUPYF.js';
+import { R as RequestContext, U as UseCSPInput, M as Middleware, B as Bindings } from './use-content-security-policy-Dwdcwp33.js';
 import { z } from 'zod';
 
 declare const ConfigFnInputSchema: z.ZodFunction<z.ZodTuple<[z.ZodType<RequestContext, z.ZodTypeDef, RequestContext>], z.ZodUnknown>, z.ZodLazy<z.ZodEffects<z.ZodObject<{

package/cloudflare.js

@@ -1,26 +1,31 @@
 import {
   UseAppwardenInputSchema,
   lockPageSlugRefinement
-} from "./chunk-5HCAAVK5.js";
+} from "./chunk-6YCNCR22.js";
+import {
+  getErrors
+} from "./chunk-NV7K5PRA.js";
 import {
   useContentSecurityPolicy
-} from "./chunk-WBWF3PPX.js";
+} from "./chunk-ILIYP3TG.js";
 import {
   checkLockStatus
-} from "./chunk-QC2ZUZWY.js";
+} from "./chunk-EXGUJ5XK.js";
 import {
   buildLockPageUrl,
+  createHeartbeatConfigError,
   createRedirect,
   debug,
+  handleHeartbeatRequest,
   isHTMLRequest,
-  isOnLockPage
-} from "./chunk-AY4ZKZTF.js";
-import "./chunk-ZTVJBORU.js";
+  isHeartbeatRequest,
+  isOnLockPage,
+  printMessage,
+  sanitizeConfigErrors
+} from "./chunk-HTSD4WPC.js";
 import {
-  insertErrorLogs,
-  printMessage
-} from "./chunk-R7TXTHSG.js";
-import "./chunk-WEM7GS4M.js";
+  HEARTBEAT_SERVICES
+} from "./chunk-Z7P4QVEY.js";
 
 // src/runners/appwarden-on-cloudflare.ts
 import { ZodError } from "zod";
@@ -51,6 +56,24 @@ var usePipeline = (...initMiddlewares) => {
   };
 };
 
+// src/utils/cloudflare/insert-errors-logs.ts
+var insertErrorLogs = async (context, error) => {
+  const errors = getErrors(error);
+  for (const err of errors) {
+    console.log(printMessage(err));
+  }
+  return new HTMLRewriter().on("body", {
+    element: (elem) => {
+      elem.append(
+        `<script>
+            ${errors.map((err) => `console.error(\`${printMessage(err)}\`)`).join("\n")}
+          </script>`,
+        { html: true }
+      );
+    }
+  }).transform(await fetch(context.request.clone()));
+};
+
 // src/middlewares/use-appwarden.ts
 var useAppwarden = (input) => async (context, next) => {
   const { request } = context;
@@ -108,7 +131,36 @@ var useFetchOrigin = () => async (context, next) => {
 var appwardenOnCloudflare = (inputFn) => async (request, env, ctx) => {
   ctx.passThroughOnException();
   const requestUrl = new URL(request.url);
+  const requestContext = {
+    env,
+    ctx
+  };
   const parsedInput = ConfigFnInputSchema.safeParse(inputFn);
+  if (isHeartbeatRequest(request, requestUrl)) {
+    let configErrors = parsedInput.success ? [] : sanitizeConfigErrors(parsedInput.error);
+    if (parsedInput.success) {
+      try {
+        parsedInput.data(requestContext);
+      } catch (error) {
+        if (error instanceof ZodError) {
+          configErrors = sanitizeConfigErrors(error);
+        } else {
+          configErrors = [
+            createHeartbeatConfigError(
+              ["config"],
+              "custom",
+              "Appwarden config evaluation failed"
+            )
+          ];
+        }
+      }
+    }
+    return handleHeartbeatRequest(
+      request,
+      HEARTBEAT_SERVICES.CLOUDFLARE,
+      configErrors
+    );
+  }
   if (!parsedInput.success) {
     const tempContext = {
       request,
@@ -121,7 +173,24 @@ var appwardenOnCloudflare = (inputFn) => async (request, env, ctx) => {
     };
     return insertErrorLogs(tempContext, parsedInput.error);
   }
-  const input = parsedInput.data({ env, ctx, cf: {} });
+  let input;
+  try {
+    input = parsedInput.data(requestContext);
+  } catch (error) {
+    if (error instanceof ZodError) {
+      const tempContext = {
+        request,
+        hostname: requestUrl.hostname,
+        response: new Response("Unhandled response"),
+        waitUntil: (fn) => ctx.waitUntil(fn),
+        debug: () => {
+        }
+        // no-op debug for error case
+      };
+      return insertErrorLogs(tempContext, error);
+    }
+    throw error;
+  }
   const domainDebug = input.multidomainConfig?.[requestUrl.hostname]?.debug ?? input.debug ?? false;
   const context = {
     request,

package/index.d.ts

@@ -1,4 +1,4 @@
-export { B as Bindings, C as CSPDirectivesSchema, a as CSPModeSchema, M as Middleware } from './use-content-security-policy-CvdzUPYF.js';
+export { B as Bindings, C as CSPDirectivesSchema, a as CSPModeSchema, M as Middleware } from './use-content-security-policy-Dwdcwp33.js';
 import { z } from 'zod';
 
 declare const LOCKDOWN_TEST_EXPIRY_MS: number;

package/index.js

@@ -5,14 +5,13 @@ import {
 } from "./chunk-QEFORWCW.js";
 import {
   UseAppwardenInputSchema
-} from "./chunk-5HCAAVK5.js";
+} from "./chunk-6YCNCR22.js";
 import {
   APPWARDEN_CACHE_KEY,
   CSPDirectivesSchema,
   CSPModeSchema,
   LOCKDOWN_TEST_EXPIRY_MS
-} from "./chunk-ZTVJBORU.js";
-import "./chunk-WEM7GS4M.js";
+} from "./chunk-Z7P4QVEY.js";
 export {
   APPWARDEN_CACHE_KEY,
   CSPDirectivesSchema,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@appwarden/middleware",
-  "version": "3.11.5",
+  "version": "3.12.0",
   "description": "Instantly disable all user interaction with your app deployed on Cloudflare or Vercel",
   "type": "module",
   "license": "MIT",

package/{use-content-security-policy-CvdzUPYF.d.ts → use-content-security-policy-Dwdcwp33.d.ts}

@@ -128,7 +128,6 @@ declare global {
 type RequestContext = {
     env: Bindings;
     ctx: ExecutionContext;
-    cf: unknown;
 };
 
 interface MiddlewareContext {