@appwarden/middleware 3.5.1 → 3.7.0

package/README.md

@@ -4,7 +4,7 @@
 [![GitHub](https://img.shields.io/badge/GitHub-appwarden%2Fmiddleware-181717?logo=github&logoColor=white)](https://github.com/appwarden/middleware)
 [![npm version](https://img.shields.io/npm/v/@appwarden/middleware.svg)](https://www.npmjs.com/package/@appwarden/middleware)
 [![npm provenance](https://img.shields.io/badge/npm-provenance-green)](https://docs.npmjs.com/generating-provenance-statements)
-![Test Coverage](https://img.shields.io/badge/coverage-91.55%25-brightgreen)
+![Test Coverage](https://img.shields.io/badge/coverage-91.5%25-brightgreen)
 [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)
 
 ## Core Features
@@ -185,29 +185,31 @@ See the [React Router + Cloudflare guide](https://appwarden.io/docs/guides/react
 ##### TanStack Start on Cloudflare
 
 ```ts
-// src/start.ts
-import { createStart } from "@tanstack/react-start"
+// start.ts
+import { createMiddleware } from "@tanstack/start"
+import { env, waitUntil } from "cloudflare:workers"
 import { createAppwardenMiddleware } from "@appwarden/middleware/cloudflare/tanstack-start"
-import type { TanStackStartCloudflareContext } from "@appwarden/middleware/cloudflare/tanstack-start"
 
-const appwardenMiddleware = createAppwardenMiddleware(
-  (cloudflare: TanStackStartCloudflareContext) => ({
-    lockPageSlug: cloudflare.env.APPWARDEN_LOCK_PAGE_SLUG,
-    appwardenApiToken: cloudflare.env.APPWARDEN_API_TOKEN,
-    debug: cloudflare.env.APPWARDEN_DEBUG === "true",
-    contentSecurityPolicy: {
-      mode: "enforced",
-      directives: {
-        "script-src": ["'self'", "{{nonce}}"],
-        "style-src": ["'self'", "{{nonce}}"],
-      },
+const appwardenMiddleware = createAppwardenMiddleware(({ env }) => ({
+  lockPageSlug: env.APPWARDEN_LOCK_PAGE_SLUG,
+  appwardenApiToken: env.APPWARDEN_API_TOKEN,
+  debug: env.APPWARDEN_DEBUG, // Accepts string or boolean
+  contentSecurityPolicy: {
+    mode: "enforced",
+    directives: {
+      "script-src": ["'self'", "{{nonce}}"],
+      "style-src": ["'self'", "{{nonce}}"],
     },
-  }),
-)
-
-export const start = createStart(() => ({
-  requestMiddleware: [appwardenMiddleware],
+  },
 }))
+
+export default createMiddleware().server(async ({ next, request }) => {
+  return await appwardenMiddleware({
+    request,
+    next,
+    context: { env, waitUntil },
+  })
+})
 ```
 
 See the [TanStack Start + Cloudflare guide](https://appwarden.io/docs/guides/tanstack-start-cloudflare) for more details.

package/{chunk-AXWJZE7U.js → chunk-52NBQDQT.js}

@@ -37,10 +37,7 @@ var useContentSecurityPolicy = (input) => {
       config.directives,
       config.mode
     );
-    context.debug(
-      `Applying CSP in ${config.mode} mode`,
-      `Directives: ${config.directives ? Object.keys(config.directives).join(", ") : "none"}`
-    );
+    context.debug(`Applying CSP in ${config.mode} mode`);
     const nextResponse = new Response(response.body, response);
     nextResponse.headers.set(cspHeaderName, cspHeaderValue);
     nextResponse.headers.set("content-type", "text/html; charset=utf-8");

package/cloudflare/astro.d.ts

@@ -1,5 +1,5 @@
 import { Runtime } from '@astrojs/cloudflare';
-import { APIContext, MiddlewareHandler } from 'astro';
+import { MiddlewareHandler } from 'astro';
 import { U as UseCSPInput } from '../use-content-security-policy-DUYpyUPy.js';
 import 'zod';
 
@@ -30,20 +30,6 @@ interface AstroAppwardenConfig {
  * This allows dynamic configuration based on environment variables.
  */
 type AstroConfigFn = (runtime: AstroCloudflareRuntime) => AstroAppwardenConfig;
-/**
- * Astro middleware context type.
- * Re-exported from Astro's official APIContext type for type compatibility.
- *
- * @deprecated Use `APIContext` from 'astro' directly. This alias is kept for backward compatibility.
- */
-type AstroMiddlewareContext = APIContext;
-/**
- * Astro middleware function signature.
- * This is an alias for Astro's official MiddlewareHandler type for type compatibility.
- *
- * @deprecated Use `MiddlewareHandler` from 'astro' directly. This alias is kept for backward compatibility.
- */
-type AstroMiddlewareFunction = MiddlewareHandler;
 /**
  * Creates an Appwarden middleware function for Astro.
  *
@@ -69,4 +55,4 @@ type AstroMiddlewareFunction = MiddlewareHandler;
  */
 declare function createAppwardenMiddleware(configFn: AstroConfigFn): MiddlewareHandler;
 
-export { type AstroAppwardenConfig, type AstroCloudflareRuntime, type AstroConfigFn, type AstroMiddlewareContext, type AstroMiddlewareFunction, createAppwardenMiddleware };
+export { createAppwardenMiddleware };

package/cloudflare/astro.js

@@ -3,7 +3,7 @@ import {
 } from "../chunk-XFG6SUSV.js";
 import {
   useContentSecurityPolicy
-} from "../chunk-AXWJZE7U.js";
+} from "../chunk-52NBQDQT.js";
 import {
   getNowMs
 } from "../chunk-X7WZVYQS.js";
@@ -102,7 +102,6 @@ function createAppwardenMiddleware(configFn) {
       debugFn("Website is unlocked");
       const response = await next();
       if (config.contentSecurityPolicy && isResponseLike(response)) {
-        debugFn("Applying CSP middleware");
         const cspContext = {
           request,
           response,

package/cloudflare/nextjs.d.ts

@@ -61,4 +61,4 @@ type NextJsMiddlewareFunction = (request: NextRequest, event?: NextFetchEvent) =
  */
 declare function createAppwardenMiddleware(configFn: NextJsCloudflareConfigFn): NextJsMiddlewareFunction;
 
-export { type NextJsCloudflareAppwardenConfig, type NextJsCloudflareConfigFn, type NextJsCloudflareRuntime, type NextJsMiddlewareFunction, createAppwardenMiddleware };
+export { createAppwardenMiddleware };

package/cloudflare/react-router.d.ts

@@ -76,4 +76,4 @@ type ReactRouterMiddlewareFunction = (args: ReactRouterMiddlewareArgs, next: ()
  */
 declare function createAppwardenMiddleware(configFn: ReactRouterConfigFn): ReactRouterMiddlewareFunction;
 
-export { type CloudflareContext, type ReactRouterAppwardenConfig, type ReactRouterConfigFn, type ReactRouterMiddlewareArgs, type ReactRouterMiddlewareFunction, cloudflareContextSymbol, createAppwardenMiddleware };
+export { type CloudflareContext, cloudflareContextSymbol, createAppwardenMiddleware };

package/cloudflare/react-router.js

@@ -3,7 +3,7 @@ import {
 } from "../chunk-XFG6SUSV.js";
 import {
   useContentSecurityPolicy
-} from "../chunk-AXWJZE7U.js";
+} from "../chunk-52NBQDQT.js";
 import {
   getNowMs
 } from "../chunk-X7WZVYQS.js";
@@ -112,7 +112,6 @@ function createAppwardenMiddleware(configFn) {
       debugFn("Website is unlocked");
       const response = await next();
       if (config.contentSecurityPolicy && isResponseLike(response)) {
-        debugFn("Applying CSP middleware");
         const cspContext = {
           request,
           response,

package/cloudflare/tanstack-start.d.ts

@@ -1,34 +1,422 @@
-import { U as UseCSPInput } from '../use-content-security-policy-DUYpyUPy.js';
-import 'zod';
+import { z } from 'zod';
 
 /**
- * Cloudflare context provided by TanStack Start on Cloudflare Workers.
- * This is the shape of the cloudflare context available in middleware.
+ * Zod schema for TanStack Start Cloudflare adapter configuration.
+ * Validates the config object returned by the configFn.
  */
-interface TanStackStartCloudflareContext {
-    env: CloudflareEnv;
-    ctx: ExecutionContext;
-}
-/**
- * Configuration for the Appwarden middleware.
- */
-interface TanStackStartAppwardenConfig {
+declare const TanStackStartCloudflareConfigSchema: z.ZodObject<{
     /** The slug/path of the lock page to redirect to when the site is locked */
-    lockPageSlug: string;
+    lockPageSlug: z.ZodString;
     /** The Appwarden API token for authentication */
-    appwardenApiToken: string;
+    appwardenApiToken: z.ZodEffects<z.ZodString, string, string>;
     /** Optional custom API hostname (defaults to https://api.appwarden.io) */
-    appwardenApiHostname?: string;
+    appwardenApiHostname: z.ZodOptional<z.ZodString>;
     /** Enable debug logging */
-    debug?: boolean;
+    debug: z.ZodDefault<z.ZodEffects<z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodBoolean]>>, boolean, string | boolean | undefined>>;
     /** Optional Content Security Policy configuration */
-    contentSecurityPolicy?: UseCSPInput;
+    contentSecurityPolicy: z.ZodOptional<z.ZodLazy<z.ZodEffects<z.ZodObject<{
+        mode: z.ZodDefault<z.ZodOptional<z.ZodUnion<[z.ZodLiteral<"disabled">, z.ZodLiteral<"report-only">, z.ZodLiteral<"enforced">]>>>;
+        directives: z.ZodEffects<z.ZodEffects<z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodObject<{
+            "default-src": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "script-src": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "style-src": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "img-src": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "connect-src": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "font-src": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "object-src": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "media-src": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "frame-src": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            sandbox: z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "report-uri": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "child-src": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "form-action": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "frame-ancestors": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "plugin-types": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "base-uri": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "report-to": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "worker-src": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "manifest-src": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "prefetch-src": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "navigate-to": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "require-sri-for": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "block-all-mixed-content": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "upgrade-insecure-requests": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "trusted-types": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+            "require-trusted-types-for": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
+        }, "strip", z.ZodTypeAny, {
+            "default-src"?: string | boolean | string[] | undefined;
+            "script-src"?: string | boolean | string[] | undefined;
+            "style-src"?: string | boolean | string[] | undefined;
+            "img-src"?: string | boolean | string[] | undefined;
+            "connect-src"?: string | boolean | string[] | undefined;
+            "font-src"?: string | boolean | string[] | undefined;
+            "object-src"?: string | boolean | string[] | undefined;
+            "media-src"?: string | boolean | string[] | undefined;
+            "frame-src"?: string | boolean | string[] | undefined;
+            sandbox?: string | boolean | string[] | undefined;
+            "report-uri"?: string | boolean | string[] | undefined;
+            "child-src"?: string | boolean | string[] | undefined;
+            "form-action"?: string | boolean | string[] | undefined;
+            "frame-ancestors"?: string | boolean | string[] | undefined;
+            "plugin-types"?: string | boolean | string[] | undefined;
+            "base-uri"?: string | boolean | string[] | undefined;
+            "report-to"?: string | boolean | string[] | undefined;
+            "worker-src"?: string | boolean | string[] | undefined;
+            "manifest-src"?: string | boolean | string[] | undefined;
+            "prefetch-src"?: string | boolean | string[] | undefined;
+            "navigate-to"?: string | boolean | string[] | undefined;
+            "require-sri-for"?: string | boolean | string[] | undefined;
+            "block-all-mixed-content"?: string | boolean | string[] | undefined;
+            "upgrade-insecure-requests"?: string | boolean | string[] | undefined;
+            "trusted-types"?: string | boolean | string[] | undefined;
+            "require-trusted-types-for"?: string | boolean | string[] | undefined;
+        }, {
+            "default-src"?: string | boolean | string[] | undefined;
+            "script-src"?: string | boolean | string[] | undefined;
+            "style-src"?: string | boolean | string[] | undefined;
+            "img-src"?: string | boolean | string[] | undefined;
+            "connect-src"?: string | boolean | string[] | undefined;
+            "font-src"?: string | boolean | string[] | undefined;
+            "object-src"?: string | boolean | string[] | undefined;
+            "media-src"?: string | boolean | string[] | undefined;
+            "frame-src"?: string | boolean | string[] | undefined;
+            sandbox?: string | boolean | string[] | undefined;
+            "report-uri"?: string | boolean | string[] | undefined;
+            "child-src"?: string | boolean | string[] | undefined;
+            "form-action"?: string | boolean | string[] | undefined;
+            "frame-ancestors"?: string | boolean | string[] | undefined;
+            "plugin-types"?: string | boolean | string[] | undefined;
+            "base-uri"?: string | boolean | string[] | undefined;
+            "report-to"?: string | boolean | string[] | undefined;
+            "worker-src"?: string | boolean | string[] | undefined;
+            "manifest-src"?: string | boolean | string[] | undefined;
+            "prefetch-src"?: string | boolean | string[] | undefined;
+            "navigate-to"?: string | boolean | string[] | undefined;
+            "require-sri-for"?: string | boolean | string[] | undefined;
+            "block-all-mixed-content"?: string | boolean | string[] | undefined;
+            "upgrade-insecure-requests"?: string | boolean | string[] | undefined;
+            "trusted-types"?: string | boolean | string[] | undefined;
+            "require-trusted-types-for"?: string | boolean | string[] | undefined;
+        }>]>>, string | {
+            "default-src"?: string | boolean | string[] | undefined;
+            "script-src"?: string | boolean | string[] | undefined;
+            "style-src"?: string | boolean | string[] | undefined;
+            "img-src"?: string | boolean | string[] | undefined;
+            "connect-src"?: string | boolean | string[] | undefined;
+            "font-src"?: string | boolean | string[] | undefined;
+            "object-src"?: string | boolean | string[] | undefined;
+            "media-src"?: string | boolean | string[] | undefined;
+            "frame-src"?: string | boolean | string[] | undefined;
+            sandbox?: string | boolean | string[] | undefined;
+            "report-uri"?: string | boolean | string[] | undefined;
+            "child-src"?: string | boolean | string[] | undefined;
+            "form-action"?: string | boolean | string[] | undefined;
+            "frame-ancestors"?: string | boolean | string[] | undefined;
+            "plugin-types"?: string | boolean | string[] | undefined;
+            "base-uri"?: string | boolean | string[] | undefined;
+            "report-to"?: string | boolean | string[] | undefined;
+            "worker-src"?: string | boolean | string[] | undefined;
+            "manifest-src"?: string | boolean | string[] | undefined;
+            "prefetch-src"?: string | boolean | string[] | undefined;
+            "navigate-to"?: string | boolean | string[] | undefined;
+            "require-sri-for"?: string | boolean | string[] | undefined;
+            "block-all-mixed-content"?: string | boolean | string[] | undefined;
+            "upgrade-insecure-requests"?: string | boolean | string[] | undefined;
+            "trusted-types"?: string | boolean | string[] | undefined;
+            "require-trusted-types-for"?: string | boolean | string[] | undefined;
+        } | undefined, string | {
+            "default-src"?: string | boolean | string[] | undefined;
+            "script-src"?: string | boolean | string[] | undefined;
+            "style-src"?: string | boolean | string[] | undefined;
+            "img-src"?: string | boolean | string[] | undefined;
+            "connect-src"?: string | boolean | string[] | undefined;
+            "font-src"?: string | boolean | string[] | undefined;
+            "object-src"?: string | boolean | string[] | undefined;
+            "media-src"?: string | boolean | string[] | undefined;
+            "frame-src"?: string | boolean | string[] | undefined;
+            sandbox?: string | boolean | string[] | undefined;
+            "report-uri"?: string | boolean | string[] | undefined;
+            "child-src"?: string | boolean | string[] | undefined;
+            "form-action"?: string | boolean | string[] | undefined;
+            "frame-ancestors"?: string | boolean | string[] | undefined;
+            "plugin-types"?: string | boolean | string[] | undefined;
+            "base-uri"?: string | boolean | string[] | undefined;
+            "report-to"?: string | boolean | string[] | undefined;
+            "worker-src"?: string | boolean | string[] | undefined;
+            "manifest-src"?: string | boolean | string[] | undefined;
+            "prefetch-src"?: string | boolean | string[] | undefined;
+            "navigate-to"?: string | boolean | string[] | undefined;
+            "require-sri-for"?: string | boolean | string[] | undefined;
+            "block-all-mixed-content"?: string | boolean | string[] | undefined;
+            "upgrade-insecure-requests"?: string | boolean | string[] | undefined;
+            "trusted-types"?: string | boolean | string[] | undefined;
+            "require-trusted-types-for"?: string | boolean | string[] | undefined;
+        } | undefined>, {
+            "default-src"?: string | boolean | string[] | undefined;
+            "script-src"?: string | boolean | string[] | undefined;
+            "style-src"?: string | boolean | string[] | undefined;
+            "img-src"?: string | boolean | string[] | undefined;
+            "connect-src"?: string | boolean | string[] | undefined;
+            "font-src"?: string | boolean | string[] | undefined;
+            "object-src"?: string | boolean | string[] | undefined;
+            "media-src"?: string | boolean | string[] | undefined;
+            "frame-src"?: string | boolean | string[] | undefined;
+            sandbox?: string | boolean | string[] | undefined;
+            "report-uri"?: string | boolean | string[] | undefined;
+            "child-src"?: string | boolean | string[] | undefined;
+            "form-action"?: string | boolean | string[] | undefined;
+            "frame-ancestors"?: string | boolean | string[] | undefined;
+            "plugin-types"?: string | boolean | string[] | undefined;
+            "base-uri"?: string | boolean | string[] | undefined;
+            "report-to"?: string | boolean | string[] | undefined;
+            "worker-src"?: string | boolean | string[] | undefined;
+            "manifest-src"?: string | boolean | string[] | undefined;
+            "prefetch-src"?: string | boolean | string[] | undefined;
+            "navigate-to"?: string | boolean | string[] | undefined;
+            "require-sri-for"?: string | boolean | string[] | undefined;
+            "block-all-mixed-content"?: string | boolean | string[] | undefined;
+            "upgrade-insecure-requests"?: string | boolean | string[] | undefined;
+            "trusted-types"?: string | boolean | string[] | undefined;
+            "require-trusted-types-for"?: string | boolean | string[] | undefined;
+        } | undefined, string | {
+            "default-src"?: string | boolean | string[] | undefined;
+            "script-src"?: string | boolean | string[] | undefined;
+            "style-src"?: string | boolean | string[] | undefined;
+            "img-src"?: string | boolean | string[] | undefined;
+            "connect-src"?: string | boolean | string[] | undefined;
+            "font-src"?: string | boolean | string[] | undefined;
+            "object-src"?: string | boolean | string[] | undefined;
+            "media-src"?: string | boolean | string[] | undefined;
+            "frame-src"?: string | boolean | string[] | undefined;
+            sandbox?: string | boolean | string[] | undefined;
+            "report-uri"?: string | boolean | string[] | undefined;
+            "child-src"?: string | boolean | string[] | undefined;
+            "form-action"?: string | boolean | string[] | undefined;
+            "frame-ancestors"?: string | boolean | string[] | undefined;
+            "plugin-types"?: string | boolean | string[] | undefined;
+            "base-uri"?: string | boolean | string[] | undefined;
+            "report-to"?: string | boolean | string[] | undefined;
+            "worker-src"?: string | boolean | string[] | undefined;
+            "manifest-src"?: string | boolean | string[] | undefined;
+            "prefetch-src"?: string | boolean | string[] | undefined;
+            "navigate-to"?: string | boolean | string[] | undefined;
+            "require-sri-for"?: string | boolean | string[] | undefined;
+            "block-all-mixed-content"?: string | boolean | string[] | undefined;
+            "upgrade-insecure-requests"?: string | boolean | string[] | undefined;
+            "trusted-types"?: string | boolean | string[] | undefined;
+            "require-trusted-types-for"?: string | boolean | string[] | undefined;
+        } | undefined>;
+    }, "strip", z.ZodTypeAny, {
+        mode: "disabled" | "report-only" | "enforced";
+        directives?: {
+            "default-src"?: string | boolean | string[] | undefined;
+            "script-src"?: string | boolean | string[] | undefined;
+            "style-src"?: string | boolean | string[] | undefined;
+            "img-src"?: string | boolean | string[] | undefined;
+            "connect-src"?: string | boolean | string[] | undefined;
+            "font-src"?: string | boolean | string[] | undefined;
+            "object-src"?: string | boolean | string[] | undefined;
+            "media-src"?: string | boolean | string[] | undefined;
+            "frame-src"?: string | boolean | string[] | undefined;
+            sandbox?: string | boolean | string[] | undefined;
+            "report-uri"?: string | boolean | string[] | undefined;
+            "child-src"?: string | boolean | string[] | undefined;
+            "form-action"?: string | boolean | string[] | undefined;
+            "frame-ancestors"?: string | boolean | string[] | undefined;
+            "plugin-types"?: string | boolean | string[] | undefined;
+            "base-uri"?: string | boolean | string[] | undefined;
+            "report-to"?: string | boolean | string[] | undefined;
+            "worker-src"?: string | boolean | string[] | undefined;
+            "manifest-src"?: string | boolean | string[] | undefined;
+            "prefetch-src"?: string | boolean | string[] | undefined;
+            "navigate-to"?: string | boolean | string[] | undefined;
+            "require-sri-for"?: string | boolean | string[] | undefined;
+            "block-all-mixed-content"?: string | boolean | string[] | undefined;
+            "upgrade-insecure-requests"?: string | boolean | string[] | undefined;
+            "trusted-types"?: string | boolean | string[] | undefined;
+            "require-trusted-types-for"?: string | boolean | string[] | undefined;
+        } | undefined;
+    }, {
+        mode?: "disabled" | "report-only" | "enforced" | undefined;
+        directives?: string | {
+            "default-src"?: string | boolean | string[] | undefined;
+            "script-src"?: string | boolean | string[] | undefined;
+            "style-src"?: string | boolean | string[] | undefined;
+            "img-src"?: string | boolean | string[] | undefined;
+            "connect-src"?: string | boolean | string[] | undefined;
+            "font-src"?: string | boolean | string[] | undefined;
+            "object-src"?: string | boolean | string[] | undefined;
+            "media-src"?: string | boolean | string[] | undefined;
+            "frame-src"?: string | boolean | string[] | undefined;
+            sandbox?: string | boolean | string[] | undefined;
+            "report-uri"?: string | boolean | string[] | undefined;
+            "child-src"?: string | boolean | string[] | undefined;
+            "form-action"?: string | boolean | string[] | undefined;
+            "frame-ancestors"?: string | boolean | string[] | undefined;
+            "plugin-types"?: string | boolean | string[] | undefined;
+            "base-uri"?: string | boolean | string[] | undefined;
+            "report-to"?: string | boolean | string[] | undefined;
+            "worker-src"?: string | boolean | string[] | undefined;
+            "manifest-src"?: string | boolean | string[] | undefined;
+            "prefetch-src"?: string | boolean | string[] | undefined;
+            "navigate-to"?: string | boolean | string[] | undefined;
+            "require-sri-for"?: string | boolean | string[] | undefined;
+            "block-all-mixed-content"?: string | boolean | string[] | undefined;
+            "upgrade-insecure-requests"?: string | boolean | string[] | undefined;
+            "trusted-types"?: string | boolean | string[] | undefined;
+            "require-trusted-types-for"?: string | boolean | string[] | undefined;
+        } | undefined;
+    }>, {
+        mode: "disabled" | "report-only" | "enforced";
+        directives?: {
+            "default-src"?: string | boolean | string[] | undefined;
+            "script-src"?: string | boolean | string[] | undefined;
+            "style-src"?: string | boolean | string[] | undefined;
+            "img-src"?: string | boolean | string[] | undefined;
+            "connect-src"?: string | boolean | string[] | undefined;
+            "font-src"?: string | boolean | string[] | undefined;
+            "object-src"?: string | boolean | string[] | undefined;
+            "media-src"?: string | boolean | string[] | undefined;
+            "frame-src"?: string | boolean | string[] | undefined;
+            sandbox?: string | boolean | string[] | undefined;
+            "report-uri"?: string | boolean | string[] | undefined;
+            "child-src"?: string | boolean | string[] | undefined;
+            "form-action"?: string | boolean | string[] | undefined;
+            "frame-ancestors"?: string | boolean | string[] | undefined;
+            "plugin-types"?: string | boolean | string[] | undefined;
+            "base-uri"?: string | boolean | string[] | undefined;
+            "report-to"?: string | boolean | string[] | undefined;
+            "worker-src"?: string | boolean | string[] | undefined;
+            "manifest-src"?: string | boolean | string[] | undefined;
+            "prefetch-src"?: string | boolean | string[] | undefined;
+            "navigate-to"?: string | boolean | string[] | undefined;
+            "require-sri-for"?: string | boolean | string[] | undefined;
+            "block-all-mixed-content"?: string | boolean | string[] | undefined;
+            "upgrade-insecure-requests"?: string | boolean | string[] | undefined;
+            "trusted-types"?: string | boolean | string[] | undefined;
+            "require-trusted-types-for"?: string | boolean | string[] | undefined;
+        } | undefined;
+    }, {
+        mode?: "disabled" | "report-only" | "enforced" | undefined;
+        directives?: string | {
+            "default-src"?: string | boolean | string[] | undefined;
+            "script-src"?: string | boolean | string[] | undefined;
+            "style-src"?: string | boolean | string[] | undefined;
+            "img-src"?: string | boolean | string[] | undefined;
+            "connect-src"?: string | boolean | string[] | undefined;
+            "font-src"?: string | boolean | string[] | undefined;
+            "object-src"?: string | boolean | string[] | undefined;
+            "media-src"?: string | boolean | string[] | undefined;
+            "frame-src"?: string | boolean | string[] | undefined;
+            sandbox?: string | boolean | string[] | undefined;
+            "report-uri"?: string | boolean | string[] | undefined;
+            "child-src"?: string | boolean | string[] | undefined;
+            "form-action"?: string | boolean | string[] | undefined;
+            "frame-ancestors"?: string | boolean | string[] | undefined;
+            "plugin-types"?: string | boolean | string[] | undefined;
+            "base-uri"?: string | boolean | string[] | undefined;
+            "report-to"?: string | boolean | string[] | undefined;
+            "worker-src"?: string | boolean | string[] | undefined;
+            "manifest-src"?: string | boolean | string[] | undefined;
+            "prefetch-src"?: string | boolean | string[] | undefined;
+            "navigate-to"?: string | boolean | string[] | undefined;
+            "require-sri-for"?: string | boolean | string[] | undefined;
+            "block-all-mixed-content"?: string | boolean | string[] | undefined;
+            "upgrade-insecure-requests"?: string | boolean | string[] | undefined;
+            "trusted-types"?: string | boolean | string[] | undefined;
+            "require-trusted-types-for"?: string | boolean | string[] | undefined;
+        } | undefined;
+    }>>>;
+}, "strip", z.ZodTypeAny, {
+    debug: boolean;
+    lockPageSlug: string;
+    appwardenApiToken: string;
+    contentSecurityPolicy?: {
+        mode: "disabled" | "report-only" | "enforced";
+        directives?: {
+            "default-src"?: string | boolean | string[] | undefined;
+            "script-src"?: string | boolean | string[] | undefined;
+            "style-src"?: string | boolean | string[] | undefined;
+            "img-src"?: string | boolean | string[] | undefined;
+            "connect-src"?: string | boolean | string[] | undefined;
+            "font-src"?: string | boolean | string[] | undefined;
+            "object-src"?: string | boolean | string[] | undefined;
+            "media-src"?: string | boolean | string[] | undefined;
+            "frame-src"?: string | boolean | string[] | undefined;
+            sandbox?: string | boolean | string[] | undefined;
+            "report-uri"?: string | boolean | string[] | undefined;
+            "child-src"?: string | boolean | string[] | undefined;
+            "form-action"?: string | boolean | string[] | undefined;
+            "frame-ancestors"?: string | boolean | string[] | undefined;
+            "plugin-types"?: string | boolean | string[] | undefined;
+            "base-uri"?: string | boolean | string[] | undefined;
+            "report-to"?: string | boolean | string[] | undefined;
+            "worker-src"?: string | boolean | string[] | undefined;
+            "manifest-src"?: string | boolean | string[] | undefined;
+            "prefetch-src"?: string | boolean | string[] | undefined;
+            "navigate-to"?: string | boolean | string[] | undefined;
+            "require-sri-for"?: string | boolean | string[] | undefined;
+            "block-all-mixed-content"?: string | boolean | string[] | undefined;
+            "upgrade-insecure-requests"?: string | boolean | string[] | undefined;
+            "trusted-types"?: string | boolean | string[] | undefined;
+            "require-trusted-types-for"?: string | boolean | string[] | undefined;
+        } | undefined;
+    } | undefined;
+    appwardenApiHostname?: string | undefined;
+}, {
+    lockPageSlug: string;
+    appwardenApiToken: string;
+    debug?: string | boolean | undefined;
+    contentSecurityPolicy?: {
+        mode?: "disabled" | "report-only" | "enforced" | undefined;
+        directives?: string | {
+            "default-src"?: string | boolean | string[] | undefined;
+            "script-src"?: string | boolean | string[] | undefined;
+            "style-src"?: string | boolean | string[] | undefined;
+            "img-src"?: string | boolean | string[] | undefined;
+            "connect-src"?: string | boolean | string[] | undefined;
+            "font-src"?: string | boolean | string[] | undefined;
+            "object-src"?: string | boolean | string[] | undefined;
+            "media-src"?: string | boolean | string[] | undefined;
+            "frame-src"?: string | boolean | string[] | undefined;
+            sandbox?: string | boolean | string[] | undefined;
+            "report-uri"?: string | boolean | string[] | undefined;
+            "child-src"?: string | boolean | string[] | undefined;
+            "form-action"?: string | boolean | string[] | undefined;
+            "frame-ancestors"?: string | boolean | string[] | undefined;
+            "plugin-types"?: string | boolean | string[] | undefined;
+            "base-uri"?: string | boolean | string[] | undefined;
+            "report-to"?: string | boolean | string[] | undefined;
+            "worker-src"?: string | boolean | string[] | undefined;
+            "manifest-src"?: string | boolean | string[] | undefined;
+            "prefetch-src"?: string | boolean | string[] | undefined;
+            "navigate-to"?: string | boolean | string[] | undefined;
+            "require-sri-for"?: string | boolean | string[] | undefined;
+            "block-all-mixed-content"?: string | boolean | string[] | undefined;
+            "upgrade-insecure-requests"?: string | boolean | string[] | undefined;
+            "trusted-types"?: string | boolean | string[] | undefined;
+            "require-trusted-types-for"?: string | boolean | string[] | undefined;
+        } | undefined;
+    } | undefined;
+    appwardenApiHostname?: string | undefined;
+}>;
+type TanStackStartCloudflareConfigInput = z.input<typeof TanStackStartCloudflareConfigSchema>;
+
+/**
+ * Minimal runtime context type for TanStack Start adapter.
+ * Contains only what the adapter and config function need.
+ * Users provide this context by importing env and waitUntil from "cloudflare:workers".
+ */
+interface TanStackStartRuntimeContext {
+    env: CloudflareEnv;
+    waitUntil(promise: Promise<unknown>): void;
 }
 /**
- * Configuration function that receives the Cloudflare context and returns the config.
+ * Configuration function that receives the runtime context and returns the config.
  * This allows dynamic configuration based on environment variables.
+ * Accepts pre-transformation input types (e.g., string | boolean for debug, string | object for CSP directives).
  */
-type TanStackStartConfigFn = (cloudflare: TanStackStartCloudflareContext) => TanStackStartAppwardenConfig;
+type TanStackStartConfigFn = (runtime: TanStackStartRuntimeContext) => TanStackStartCloudflareConfigInput;
 /**
  * The result returned by the `next()` function in TanStack Start request middleware.
  *
@@ -52,17 +440,13 @@ type TanStackStartNextFn = (options?: {
 /**
  * TanStack Start middleware server callback arguments.
  *
- * Mirrors the official TanStack Start `RequestServerOptions` interface, with
- * an additional optional `cloudflare` context property for Cloudflare
- * Workers deployments.
+ * Mirrors the official TanStack Start `RequestServerOptions` interface.
+ * The context should include env and waitUntil from the Cloudflare Workers runtime.
  */
 interface TanStackStartMiddlewareArgs {
     request: Request;
     pathname: string;
-    context: {
-        cloudflare?: TanStackStartCloudflareContext;
-        [key: string]: unknown;
-    };
+    context: TanStackStartRuntimeContext & Record<string, unknown>;
     next: TanStackStartNextFn;
     serverFnMeta?: unknown;
 }
@@ -71,8 +455,11 @@ interface TanStackStartMiddlewareArgs {
  *
  * Mirrors the official TanStack Start `RequestServerFn` type used for
  * request middleware server functions.
+ *
+ * Note: The middleware either returns TanStackStartNextResult or throws a Response (redirect).
+ * Thrown values are not part of the return type.
  */
-type TanStackStartMiddlewareFunction = (args: TanStackStartMiddlewareArgs) => Promise<TanStackStartNextResult | Response>;
+type TanStackStartMiddlewareFunction = (args: TanStackStartMiddlewareArgs) => Promise<TanStackStartNextResult>;
 /**
  *
  * @param configFn - A function that receives the Cloudflare context and returns the config
@@ -80,4 +467,4 @@ type TanStackStartMiddlewareFunction = (args: TanStackStartMiddlewareArgs) => Pr
  */
 declare function createAppwardenMiddleware(configFn: TanStackStartConfigFn): TanStackStartMiddlewareFunction;
 
-export { type TanStackStartAppwardenConfig, type TanStackStartCloudflareContext, type TanStackStartConfigFn, type TanStackStartMiddlewareArgs, type TanStackStartMiddlewareFunction, type TanStackStartNextFn, type TanStackStartNextResult, createAppwardenMiddleware };
+export { createAppwardenMiddleware };

package/cloudflare/tanstack-start.js

@@ -3,7 +3,7 @@ import {
 } from "../chunk-XFG6SUSV.js";
 import {
   useContentSecurityPolicy
-} from "../chunk-AXWJZE7U.js";
+} from "../chunk-52NBQDQT.js";
 import {
   getNowMs
 } from "../chunk-X7WZVYQS.js";
@@ -50,16 +50,21 @@ function createAppwardenMiddleware(configFn) {
     const startTime = getNowMs();
     const { request, next, context } = args;
     try {
-      const cloudflare = context.cloudflare;
-      if (!cloudflare) {
+      if (!context.env || !context.waitUntil) {
         console.error(
           printMessage(
-            "Cloudflare context not found in TanStack Start context. Ensure your Register type includes the cloudflare context, or pass it manually in the middleware wrapper."
+            "Runtime context missing required properties (env, waitUntil). Ensure you pass { env, waitUntil } from cloudflare:workers to the middleware context."
           )
         );
         return next();
       }
-      const config = configFn(cloudflare);
+      const rawConfig = configFn(context);
+      const parseResult = TanStackStartCloudflareConfigSchema.safeParse(rawConfig);
+      if (!parseResult.success) {
+        validateConfig(rawConfig, TanStackStartCloudflareConfigSchema);
+        return next();
+      }
+      const config = parseResult.data;
       const debugFn = debug(config.debug ?? false);
       const requestUrl = new URL(request.url);
       const isHTML = isHTMLRequest(request);
@@ -70,13 +75,6 @@ function createAppwardenMiddleware(configFn) {
       if (!isHTML) {
         return next();
       }
-      const hasError = validateConfig(
-        config,
-        TanStackStartCloudflareConfigSchema
-      );
-      if (hasError) {
-        return next();
-      }
       if (isOnLockPage(config.lockPageSlug, request.url)) {
         debugFn("Already on lock page - skipping");
         return next();
@@ -87,7 +85,7 @@ function createAppwardenMiddleware(configFn) {
         appwardenApiHostname: config.appwardenApiHostname,
         debug: config.debug,
         lockPageSlug: config.lockPageSlug,
-        waitUntil: (fn) => cloudflare.ctx.waitUntil(fn)
+        waitUntil: context.waitUntil
       });
       if (lockStatus.isLocked) {
         const lockPageUrl = buildLockPageUrl(config.lockPageSlug, request.url);
@@ -98,12 +96,11 @@ function createAppwardenMiddleware(configFn) {
       const result = await next();
       const { response } = result;
       if (config.contentSecurityPolicy && isResponseLike(response)) {
-        debugFn("Applying CSP middleware");
         const cspContext = {
           request,
           response,
           hostname: requestUrl.hostname,
-          waitUntil: (fn) => cloudflare.ctx.waitUntil(fn),
+          waitUntil: context.waitUntil,
           debug: debugFn
         };
         await useContentSecurityPolicy(config.contentSecurityPolicy)(

package/cloudflare.js

@@ -1,6 +1,6 @@
 import {
   useContentSecurityPolicy
-} from "./chunk-AXWJZE7U.js";
+} from "./chunk-52NBQDQT.js";
 import {
   checkLockStatus
 } from "./chunk-G5FWKV2Q.js";

package/index.js

@@ -5,7 +5,7 @@ import {
 } from "./chunk-QEFORWCW.js";
 import {
   useContentSecurityPolicy
-} from "./chunk-AXWJZE7U.js";
+} from "./chunk-52NBQDQT.js";
 import {
   APPWARDEN_CACHE_KEY,
   CSPDirectivesSchema,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@appwarden/middleware",
-  "version": "3.5.1",
+  "version": "3.7.0",
   "description": "Instantly shut off access your app deployed on Cloudflare or Vercel",
   "type": "module",
   "license": "MIT",
@@ -116,7 +116,8 @@
       "rollup@>=4.0.0 <4.59.0": ">=4.59.0",
       "h3@<=1.15.4": ">=1.15.5",
       "js-yaml@<3.14.2": ">=3.14.2",
-      "fast-xml-parser@<5.3.8": ">=5.3.8"
+      "fast-xml-parser@<5.3.8": ">=5.3.8",
+      "serialize-javascript@<=7.0.2": ">=7.0.3"
     }
   }
 }

package/vercel.d.ts

@@ -749,4 +749,4 @@ type VercelAppwardenConfig = z.input<typeof AppwardenConfigSchema>;
 type VercelMiddlewareFunction = (request: Request) => Promise<Response>;
 declare function createAppwardenMiddleware(config: VercelAppwardenConfig): VercelMiddlewareFunction;
 
-export { AppwardenConfigSchema, type VercelAppwardenConfig, type VercelMiddlewareFunction, createAppwardenMiddleware };
+export { type VercelMiddlewareFunction, createAppwardenMiddleware };

package/vercel.js

@@ -330,6 +330,5 @@ function createAppwardenMiddleware(config) {
   };
 }
 export {
-  AppwardenConfigSchema,
   createAppwardenMiddleware
 };