@appwarden/middleware 3.6.0 → 3.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/README.md +21 -19
  2. package/{chunk-AXWJZE7U.js → chunk-52NBQDQT.js} +1 -4
  3. package/cloudflare/astro.js +1 -2
  4. package/cloudflare/react-router.js +1 -2
  5. package/cloudflare/tanstack-start.d.ts +415 -28
  6. package/cloudflare/tanstack-start.js +12 -15
  7. package/cloudflare.js +1 -1
  8. package/index.js +1 -1
  9. package/package.json +3 -2
package/README.md CHANGED
@@ -185,29 +185,31 @@ See the [React Router + Cloudflare guide](https://appwarden.io/docs/guides/react
185
185
  ##### TanStack Start on Cloudflare
186
186
 
187
187
  ```ts
188
- // src/start.ts
189
- import { createStart } from "@tanstack/react-start"
188
+ // start.ts
189
+ import { createMiddleware } from "@tanstack/start"
190
+ import { env, waitUntil } from "cloudflare:workers"
190
191
  import { createAppwardenMiddleware } from "@appwarden/middleware/cloudflare/tanstack-start"
191
- import type { TanStackStartCloudflareContext } from "@appwarden/middleware/cloudflare/tanstack-start"
192
192
 
193
- const appwardenMiddleware = createAppwardenMiddleware(
194
- (cloudflare: TanStackStartCloudflareContext) => ({
195
- lockPageSlug: cloudflare.env.APPWARDEN_LOCK_PAGE_SLUG,
196
- appwardenApiToken: cloudflare.env.APPWARDEN_API_TOKEN,
197
- debug: cloudflare.env.APPWARDEN_DEBUG === "true",
198
- contentSecurityPolicy: {
199
- mode: "enforced",
200
- directives: {
201
- "script-src": ["'self'", "{{nonce}}"],
202
- "style-src": ["'self'", "{{nonce}}"],
203
- },
193
+ const appwardenMiddleware = createAppwardenMiddleware(({ env }) => ({
194
+ lockPageSlug: env.APPWARDEN_LOCK_PAGE_SLUG,
195
+ appwardenApiToken: env.APPWARDEN_API_TOKEN,
196
+ debug: env.APPWARDEN_DEBUG, // Accepts string or boolean
197
+ contentSecurityPolicy: {
198
+ mode: "enforced",
199
+ directives: {
200
+ "script-src": ["'self'", "{{nonce}}"],
201
+ "style-src": ["'self'", "{{nonce}}"],
204
202
  },
205
- }),
206
- )
207
-
208
- export const start = createStart(() => ({
209
- requestMiddleware: [appwardenMiddleware],
203
+ },
210
204
  }))
205
+
206
+ export default createMiddleware().server(async ({ next, request }) => {
207
+ return await appwardenMiddleware({
208
+ request,
209
+ next,
210
+ context: { env, waitUntil },
211
+ })
212
+ })
211
213
  ```
212
214
 
213
215
  See the [TanStack Start + Cloudflare guide](https://appwarden.io/docs/guides/tanstack-start-cloudflare) for more details.
package/{chunk-AXWJZE7U.js → chunk-52NBQDQT.js} RENAMED
@@ -37,10 +37,7 @@ var useContentSecurityPolicy = (input) => {
37
37
  config.directives,
38
38
  config.mode
39
39
  );
40
- context.debug(
41
- `Applying CSP in ${config.mode} mode`,
42
- `Directives: ${config.directives ? Object.keys(config.directives).join(", ") : "none"}`
43
- );
40
+ context.debug(`Applying CSP in ${config.mode} mode`);
44
41
  const nextResponse = new Response(response.body, response);
45
42
  nextResponse.headers.set(cspHeaderName, cspHeaderValue);
46
43
  nextResponse.headers.set("content-type", "text/html; charset=utf-8");
package/cloudflare/astro.js CHANGED
@@ -3,7 +3,7 @@ import {
3
3
  } from "../chunk-XFG6SUSV.js";
4
4
  import {
5
5
  useContentSecurityPolicy
6
- } from "../chunk-AXWJZE7U.js";
6
+ } from "../chunk-52NBQDQT.js";
7
7
  import {
8
8
  getNowMs
9
9
  } from "../chunk-X7WZVYQS.js";
@@ -102,7 +102,6 @@ function createAppwardenMiddleware(configFn) {
102
102
  debugFn("Website is unlocked");
103
103
  const response = await next();
104
104
  if (config.contentSecurityPolicy && isResponseLike(response)) {
105
- debugFn("Applying CSP middleware");
106
105
  const cspContext = {
107
106
  request,
108
107
  response,
package/cloudflare/react-router.js CHANGED
@@ -3,7 +3,7 @@ import {
3
3
  } from "../chunk-XFG6SUSV.js";
4
4
  import {
5
5
  useContentSecurityPolicy
6
- } from "../chunk-AXWJZE7U.js";
6
+ } from "../chunk-52NBQDQT.js";
7
7
  import {
8
8
  getNowMs
9
9
  } from "../chunk-X7WZVYQS.js";
@@ -112,7 +112,6 @@ function createAppwardenMiddleware(configFn) {
112
112
  debugFn("Website is unlocked");
113
113
  const response = await next();
114
114
  if (config.contentSecurityPolicy && isResponseLike(response)) {
115
- debugFn("Applying CSP middleware");
116
115
  const cspContext = {
117
116
  request,
118
117
  response,
package/cloudflare/tanstack-start.d.ts CHANGED
@@ -1,34 +1,422 @@
1
- import { U as UseCSPInput } from '../use-content-security-policy-DUYpyUPy.js';
2
- import 'zod';
1
+ import { z } from 'zod';
3
2
 
4
3
  /**
5
- * Cloudflare context provided by TanStack Start on Cloudflare Workers.
6
- * This is the shape of the cloudflare context available in middleware.
4
+ * Zod schema for TanStack Start Cloudflare adapter configuration.
5
+ * Validates the config object returned by the configFn.
7
6
  */
8
- interface TanStackStartCloudflareContext {
9
- env: CloudflareEnv;
10
- ctx: ExecutionContext;
11
- }
12
- /**
13
- * Configuration for the Appwarden middleware.
14
- */
15
- interface TanStackStartAppwardenConfig {
7
+ declare const TanStackStartCloudflareConfigSchema: z.ZodObject<{
16
8
  /** The slug/path of the lock page to redirect to when the site is locked */
17
- lockPageSlug: string;
9
+ lockPageSlug: z.ZodString;
18
10
  /** The Appwarden API token for authentication */
19
- appwardenApiToken: string;
11
+ appwardenApiToken: z.ZodEffects<z.ZodString, string, string>;
20
12
  /** Optional custom API hostname (defaults to https://api.appwarden.io) */
21
- appwardenApiHostname?: string;
13
+ appwardenApiHostname: z.ZodOptional<z.ZodString>;
22
14
  /** Enable debug logging */
23
- debug?: boolean;
15
+ debug: z.ZodDefault<z.ZodEffects<z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodBoolean]>>, boolean, string | boolean | undefined>>;
24
16
  /** Optional Content Security Policy configuration */
25
- contentSecurityPolicy?: UseCSPInput;
17
+ contentSecurityPolicy: z.ZodOptional<z.ZodLazy<z.ZodEffects<z.ZodObject<{
18
+ mode: z.ZodDefault<z.ZodOptional<z.ZodUnion<[z.ZodLiteral<"disabled">, z.ZodLiteral<"report-only">, z.ZodLiteral<"enforced">]>>>;
19
+ directives: z.ZodEffects<z.ZodEffects<z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodObject<{
20
+ "default-src": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
21
+ "script-src": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
22
+ "style-src": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
23
+ "img-src": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
24
+ "connect-src": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
25
+ "font-src": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
26
+ "object-src": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
27
+ "media-src": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
28
+ "frame-src": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
29
+ sandbox: z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
30
+ "report-uri": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
31
+ "child-src": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
32
+ "form-action": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
33
+ "frame-ancestors": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
34
+ "plugin-types": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
35
+ "base-uri": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
36
+ "report-to": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
37
+ "worker-src": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
38
+ "manifest-src": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
39
+ "prefetch-src": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
40
+ "navigate-to": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
41
+ "require-sri-for": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
42
+ "block-all-mixed-content": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
43
+ "upgrade-insecure-requests": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
44
+ "trusted-types": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
45
+ "require-trusted-types-for": z.ZodOptional<z.ZodUnion<[z.ZodArray<z.ZodString, "many">, z.ZodString, z.ZodBoolean]>>;
46
+ }, "strip", z.ZodTypeAny, {
47
+ "default-src"?: string | boolean | string[] | undefined;
48
+ "script-src"?: string | boolean | string[] | undefined;
49
+ "style-src"?: string | boolean | string[] | undefined;
50
+ "img-src"?: string | boolean | string[] | undefined;
51
+ "connect-src"?: string | boolean | string[] | undefined;
52
+ "font-src"?: string | boolean | string[] | undefined;
53
+ "object-src"?: string | boolean | string[] | undefined;
54
+ "media-src"?: string | boolean | string[] | undefined;
55
+ "frame-src"?: string | boolean | string[] | undefined;
56
+ sandbox?: string | boolean | string[] | undefined;
57
+ "report-uri"?: string | boolean | string[] | undefined;
58
+ "child-src"?: string | boolean | string[] | undefined;
59
+ "form-action"?: string | boolean | string[] | undefined;
60
+ "frame-ancestors"?: string | boolean | string[] | undefined;
61
+ "plugin-types"?: string | boolean | string[] | undefined;
62
+ "base-uri"?: string | boolean | string[] | undefined;
63
+ "report-to"?: string | boolean | string[] | undefined;
64
+ "worker-src"?: string | boolean | string[] | undefined;
65
+ "manifest-src"?: string | boolean | string[] | undefined;
66
+ "prefetch-src"?: string | boolean | string[] | undefined;
67
+ "navigate-to"?: string | boolean | string[] | undefined;
68
+ "require-sri-for"?: string | boolean | string[] | undefined;
69
+ "block-all-mixed-content"?: string | boolean | string[] | undefined;
70
+ "upgrade-insecure-requests"?: string | boolean | string[] | undefined;
71
+ "trusted-types"?: string | boolean | string[] | undefined;
72
+ "require-trusted-types-for"?: string | boolean | string[] | undefined;
73
+ }, {
74
+ "default-src"?: string | boolean | string[] | undefined;
75
+ "script-src"?: string | boolean | string[] | undefined;
76
+ "style-src"?: string | boolean | string[] | undefined;
77
+ "img-src"?: string | boolean | string[] | undefined;
78
+ "connect-src"?: string | boolean | string[] | undefined;
79
+ "font-src"?: string | boolean | string[] | undefined;
80
+ "object-src"?: string | boolean | string[] | undefined;
81
+ "media-src"?: string | boolean | string[] | undefined;
82
+ "frame-src"?: string | boolean | string[] | undefined;
83
+ sandbox?: string | boolean | string[] | undefined;
84
+ "report-uri"?: string | boolean | string[] | undefined;
85
+ "child-src"?: string | boolean | string[] | undefined;
86
+ "form-action"?: string | boolean | string[] | undefined;
87
+ "frame-ancestors"?: string | boolean | string[] | undefined;
88
+ "plugin-types"?: string | boolean | string[] | undefined;
89
+ "base-uri"?: string | boolean | string[] | undefined;
90
+ "report-to"?: string | boolean | string[] | undefined;
91
+ "worker-src"?: string | boolean | string[] | undefined;
92
+ "manifest-src"?: string | boolean | string[] | undefined;
93
+ "prefetch-src"?: string | boolean | string[] | undefined;
94
+ "navigate-to"?: string | boolean | string[] | undefined;
95
+ "require-sri-for"?: string | boolean | string[] | undefined;
96
+ "block-all-mixed-content"?: string | boolean | string[] | undefined;
97
+ "upgrade-insecure-requests"?: string | boolean | string[] | undefined;
98
+ "trusted-types"?: string | boolean | string[] | undefined;
99
+ "require-trusted-types-for"?: string | boolean | string[] | undefined;
100
+ }>]>>, string | {
101
+ "default-src"?: string | boolean | string[] | undefined;
102
+ "script-src"?: string | boolean | string[] | undefined;
103
+ "style-src"?: string | boolean | string[] | undefined;
104
+ "img-src"?: string | boolean | string[] | undefined;
105
+ "connect-src"?: string | boolean | string[] | undefined;
106
+ "font-src"?: string | boolean | string[] | undefined;
107
+ "object-src"?: string | boolean | string[] | undefined;
108
+ "media-src"?: string | boolean | string[] | undefined;
109
+ "frame-src"?: string | boolean | string[] | undefined;
110
+ sandbox?: string | boolean | string[] | undefined;
111
+ "report-uri"?: string | boolean | string[] | undefined;
112
+ "child-src"?: string | boolean | string[] | undefined;
113
+ "form-action"?: string | boolean | string[] | undefined;
114
+ "frame-ancestors"?: string | boolean | string[] | undefined;
115
+ "plugin-types"?: string | boolean | string[] | undefined;
116
+ "base-uri"?: string | boolean | string[] | undefined;
117
+ "report-to"?: string | boolean | string[] | undefined;
118
+ "worker-src"?: string | boolean | string[] | undefined;
119
+ "manifest-src"?: string | boolean | string[] | undefined;
120
+ "prefetch-src"?: string | boolean | string[] | undefined;
121
+ "navigate-to"?: string | boolean | string[] | undefined;
122
+ "require-sri-for"?: string | boolean | string[] | undefined;
123
+ "block-all-mixed-content"?: string | boolean | string[] | undefined;
124
+ "upgrade-insecure-requests"?: string | boolean | string[] | undefined;
125
+ "trusted-types"?: string | boolean | string[] | undefined;
126
+ "require-trusted-types-for"?: string | boolean | string[] | undefined;
127
+ } | undefined, string | {
128
+ "default-src"?: string | boolean | string[] | undefined;
129
+ "script-src"?: string | boolean | string[] | undefined;
130
+ "style-src"?: string | boolean | string[] | undefined;
131
+ "img-src"?: string | boolean | string[] | undefined;
132
+ "connect-src"?: string | boolean | string[] | undefined;
133
+ "font-src"?: string | boolean | string[] | undefined;
134
+ "object-src"?: string | boolean | string[] | undefined;
135
+ "media-src"?: string | boolean | string[] | undefined;
136
+ "frame-src"?: string | boolean | string[] | undefined;
137
+ sandbox?: string | boolean | string[] | undefined;
138
+ "report-uri"?: string | boolean | string[] | undefined;
139
+ "child-src"?: string | boolean | string[] | undefined;
140
+ "form-action"?: string | boolean | string[] | undefined;
141
+ "frame-ancestors"?: string | boolean | string[] | undefined;
142
+ "plugin-types"?: string | boolean | string[] | undefined;
143
+ "base-uri"?: string | boolean | string[] | undefined;
144
+ "report-to"?: string | boolean | string[] | undefined;
145
+ "worker-src"?: string | boolean | string[] | undefined;
146
+ "manifest-src"?: string | boolean | string[] | undefined;
147
+ "prefetch-src"?: string | boolean | string[] | undefined;
148
+ "navigate-to"?: string | boolean | string[] | undefined;
149
+ "require-sri-for"?: string | boolean | string[] | undefined;
150
+ "block-all-mixed-content"?: string | boolean | string[] | undefined;
151
+ "upgrade-insecure-requests"?: string | boolean | string[] | undefined;
152
+ "trusted-types"?: string | boolean | string[] | undefined;
153
+ "require-trusted-types-for"?: string | boolean | string[] | undefined;
154
+ } | undefined>, {
155
+ "default-src"?: string | boolean | string[] | undefined;
156
+ "script-src"?: string | boolean | string[] | undefined;
157
+ "style-src"?: string | boolean | string[] | undefined;
158
+ "img-src"?: string | boolean | string[] | undefined;
159
+ "connect-src"?: string | boolean | string[] | undefined;
160
+ "font-src"?: string | boolean | string[] | undefined;
161
+ "object-src"?: string | boolean | string[] | undefined;
162
+ "media-src"?: string | boolean | string[] | undefined;
163
+ "frame-src"?: string | boolean | string[] | undefined;
164
+ sandbox?: string | boolean | string[] | undefined;
165
+ "report-uri"?: string | boolean | string[] | undefined;
166
+ "child-src"?: string | boolean | string[] | undefined;
167
+ "form-action"?: string | boolean | string[] | undefined;
168
+ "frame-ancestors"?: string | boolean | string[] | undefined;
169
+ "plugin-types"?: string | boolean | string[] | undefined;
170
+ "base-uri"?: string | boolean | string[] | undefined;
171
+ "report-to"?: string | boolean | string[] | undefined;
172
+ "worker-src"?: string | boolean | string[] | undefined;
173
+ "manifest-src"?: string | boolean | string[] | undefined;
174
+ "prefetch-src"?: string | boolean | string[] | undefined;
175
+ "navigate-to"?: string | boolean | string[] | undefined;
176
+ "require-sri-for"?: string | boolean | string[] | undefined;
177
+ "block-all-mixed-content"?: string | boolean | string[] | undefined;
178
+ "upgrade-insecure-requests"?: string | boolean | string[] | undefined;
179
+ "trusted-types"?: string | boolean | string[] | undefined;
180
+ "require-trusted-types-for"?: string | boolean | string[] | undefined;
181
+ } | undefined, string | {
182
+ "default-src"?: string | boolean | string[] | undefined;
183
+ "script-src"?: string | boolean | string[] | undefined;
184
+ "style-src"?: string | boolean | string[] | undefined;
185
+ "img-src"?: string | boolean | string[] | undefined;
186
+ "connect-src"?: string | boolean | string[] | undefined;
187
+ "font-src"?: string | boolean | string[] | undefined;
188
+ "object-src"?: string | boolean | string[] | undefined;
189
+ "media-src"?: string | boolean | string[] | undefined;
190
+ "frame-src"?: string | boolean | string[] | undefined;
191
+ sandbox?: string | boolean | string[] | undefined;
192
+ "report-uri"?: string | boolean | string[] | undefined;
193
+ "child-src"?: string | boolean | string[] | undefined;
194
+ "form-action"?: string | boolean | string[] | undefined;
195
+ "frame-ancestors"?: string | boolean | string[] | undefined;
196
+ "plugin-types"?: string | boolean | string[] | undefined;
197
+ "base-uri"?: string | boolean | string[] | undefined;
198
+ "report-to"?: string | boolean | string[] | undefined;
199
+ "worker-src"?: string | boolean | string[] | undefined;
200
+ "manifest-src"?: string | boolean | string[] | undefined;
201
+ "prefetch-src"?: string | boolean | string[] | undefined;
202
+ "navigate-to"?: string | boolean | string[] | undefined;
203
+ "require-sri-for"?: string | boolean | string[] | undefined;
204
+ "block-all-mixed-content"?: string | boolean | string[] | undefined;
205
+ "upgrade-insecure-requests"?: string | boolean | string[] | undefined;
206
+ "trusted-types"?: string | boolean | string[] | undefined;
207
+ "require-trusted-types-for"?: string | boolean | string[] | undefined;
208
+ } | undefined>;
209
+ }, "strip", z.ZodTypeAny, {
210
+ mode: "disabled" | "report-only" | "enforced";
211
+ directives?: {
212
+ "default-src"?: string | boolean | string[] | undefined;
213
+ "script-src"?: string | boolean | string[] | undefined;
214
+ "style-src"?: string | boolean | string[] | undefined;
215
+ "img-src"?: string | boolean | string[] | undefined;
216
+ "connect-src"?: string | boolean | string[] | undefined;
217
+ "font-src"?: string | boolean | string[] | undefined;
218
+ "object-src"?: string | boolean | string[] | undefined;
219
+ "media-src"?: string | boolean | string[] | undefined;
220
+ "frame-src"?: string | boolean | string[] | undefined;
221
+ sandbox?: string | boolean | string[] | undefined;
222
+ "report-uri"?: string | boolean | string[] | undefined;
223
+ "child-src"?: string | boolean | string[] | undefined;
224
+ "form-action"?: string | boolean | string[] | undefined;
225
+ "frame-ancestors"?: string | boolean | string[] | undefined;
226
+ "plugin-types"?: string | boolean | string[] | undefined;
227
+ "base-uri"?: string | boolean | string[] | undefined;
228
+ "report-to"?: string | boolean | string[] | undefined;
229
+ "worker-src"?: string | boolean | string[] | undefined;
230
+ "manifest-src"?: string | boolean | string[] | undefined;
231
+ "prefetch-src"?: string | boolean | string[] | undefined;
232
+ "navigate-to"?: string | boolean | string[] | undefined;
233
+ "require-sri-for"?: string | boolean | string[] | undefined;
234
+ "block-all-mixed-content"?: string | boolean | string[] | undefined;
235
+ "upgrade-insecure-requests"?: string | boolean | string[] | undefined;
236
+ "trusted-types"?: string | boolean | string[] | undefined;
237
+ "require-trusted-types-for"?: string | boolean | string[] | undefined;
238
+ } | undefined;
239
+ }, {
240
+ mode?: "disabled" | "report-only" | "enforced" | undefined;
241
+ directives?: string | {
242
+ "default-src"?: string | boolean | string[] | undefined;
243
+ "script-src"?: string | boolean | string[] | undefined;
244
+ "style-src"?: string | boolean | string[] | undefined;
245
+ "img-src"?: string | boolean | string[] | undefined;
246
+ "connect-src"?: string | boolean | string[] | undefined;
247
+ "font-src"?: string | boolean | string[] | undefined;
248
+ "object-src"?: string | boolean | string[] | undefined;
249
+ "media-src"?: string | boolean | string[] | undefined;
250
+ "frame-src"?: string | boolean | string[] | undefined;
251
+ sandbox?: string | boolean | string[] | undefined;
252
+ "report-uri"?: string | boolean | string[] | undefined;
253
+ "child-src"?: string | boolean | string[] | undefined;
254
+ "form-action"?: string | boolean | string[] | undefined;
255
+ "frame-ancestors"?: string | boolean | string[] | undefined;
256
+ "plugin-types"?: string | boolean | string[] | undefined;
257
+ "base-uri"?: string | boolean | string[] | undefined;
258
+ "report-to"?: string | boolean | string[] | undefined;
259
+ "worker-src"?: string | boolean | string[] | undefined;
260
+ "manifest-src"?: string | boolean | string[] | undefined;
261
+ "prefetch-src"?: string | boolean | string[] | undefined;
262
+ "navigate-to"?: string | boolean | string[] | undefined;
263
+ "require-sri-for"?: string | boolean | string[] | undefined;
264
+ "block-all-mixed-content"?: string | boolean | string[] | undefined;
265
+ "upgrade-insecure-requests"?: string | boolean | string[] | undefined;
266
+ "trusted-types"?: string | boolean | string[] | undefined;
267
+ "require-trusted-types-for"?: string | boolean | string[] | undefined;
268
+ } | undefined;
269
+ }>, {
270
+ mode: "disabled" | "report-only" | "enforced";
271
+ directives?: {
272
+ "default-src"?: string | boolean | string[] | undefined;
273
+ "script-src"?: string | boolean | string[] | undefined;
274
+ "style-src"?: string | boolean | string[] | undefined;
275
+ "img-src"?: string | boolean | string[] | undefined;
276
+ "connect-src"?: string | boolean | string[] | undefined;
277
+ "font-src"?: string | boolean | string[] | undefined;
278
+ "object-src"?: string | boolean | string[] | undefined;
279
+ "media-src"?: string | boolean | string[] | undefined;
280
+ "frame-src"?: string | boolean | string[] | undefined;
281
+ sandbox?: string | boolean | string[] | undefined;
282
+ "report-uri"?: string | boolean | string[] | undefined;
283
+ "child-src"?: string | boolean | string[] | undefined;
284
+ "form-action"?: string | boolean | string[] | undefined;
285
+ "frame-ancestors"?: string | boolean | string[] | undefined;
286
+ "plugin-types"?: string | boolean | string[] | undefined;
287
+ "base-uri"?: string | boolean | string[] | undefined;
288
+ "report-to"?: string | boolean | string[] | undefined;
289
+ "worker-src"?: string | boolean | string[] | undefined;
290
+ "manifest-src"?: string | boolean | string[] | undefined;
291
+ "prefetch-src"?: string | boolean | string[] | undefined;
292
+ "navigate-to"?: string | boolean | string[] | undefined;
293
+ "require-sri-for"?: string | boolean | string[] | undefined;
294
+ "block-all-mixed-content"?: string | boolean | string[] | undefined;
295
+ "upgrade-insecure-requests"?: string | boolean | string[] | undefined;
296
+ "trusted-types"?: string | boolean | string[] | undefined;
297
+ "require-trusted-types-for"?: string | boolean | string[] | undefined;
298
+ } | undefined;
299
+ }, {
300
+ mode?: "disabled" | "report-only" | "enforced" | undefined;
301
+ directives?: string | {
302
+ "default-src"?: string | boolean | string[] | undefined;
303
+ "script-src"?: string | boolean | string[] | undefined;
304
+ "style-src"?: string | boolean | string[] | undefined;
305
+ "img-src"?: string | boolean | string[] | undefined;
306
+ "connect-src"?: string | boolean | string[] | undefined;
307
+ "font-src"?: string | boolean | string[] | undefined;
308
+ "object-src"?: string | boolean | string[] | undefined;
309
+ "media-src"?: string | boolean | string[] | undefined;
310
+ "frame-src"?: string | boolean | string[] | undefined;
311
+ sandbox?: string | boolean | string[] | undefined;
312
+ "report-uri"?: string | boolean | string[] | undefined;
313
+ "child-src"?: string | boolean | string[] | undefined;
314
+ "form-action"?: string | boolean | string[] | undefined;
315
+ "frame-ancestors"?: string | boolean | string[] | undefined;
316
+ "plugin-types"?: string | boolean | string[] | undefined;
317
+ "base-uri"?: string | boolean | string[] | undefined;
318
+ "report-to"?: string | boolean | string[] | undefined;
319
+ "worker-src"?: string | boolean | string[] | undefined;
320
+ "manifest-src"?: string | boolean | string[] | undefined;
321
+ "prefetch-src"?: string | boolean | string[] | undefined;
322
+ "navigate-to"?: string | boolean | string[] | undefined;
323
+ "require-sri-for"?: string | boolean | string[] | undefined;
324
+ "block-all-mixed-content"?: string | boolean | string[] | undefined;
325
+ "upgrade-insecure-requests"?: string | boolean | string[] | undefined;
326
+ "trusted-types"?: string | boolean | string[] | undefined;
327
+ "require-trusted-types-for"?: string | boolean | string[] | undefined;
328
+ } | undefined;
329
+ }>>>;
330
+ }, "strip", z.ZodTypeAny, {
331
+ debug: boolean;
332
+ lockPageSlug: string;
333
+ appwardenApiToken: string;
334
+ contentSecurityPolicy?: {
335
+ mode: "disabled" | "report-only" | "enforced";
336
+ directives?: {
337
+ "default-src"?: string | boolean | string[] | undefined;
338
+ "script-src"?: string | boolean | string[] | undefined;
339
+ "style-src"?: string | boolean | string[] | undefined;
340
+ "img-src"?: string | boolean | string[] | undefined;
341
+ "connect-src"?: string | boolean | string[] | undefined;
342
+ "font-src"?: string | boolean | string[] | undefined;
343
+ "object-src"?: string | boolean | string[] | undefined;
344
+ "media-src"?: string | boolean | string[] | undefined;
345
+ "frame-src"?: string | boolean | string[] | undefined;
346
+ sandbox?: string | boolean | string[] | undefined;
347
+ "report-uri"?: string | boolean | string[] | undefined;
348
+ "child-src"?: string | boolean | string[] | undefined;
349
+ "form-action"?: string | boolean | string[] | undefined;
350
+ "frame-ancestors"?: string | boolean | string[] | undefined;
351
+ "plugin-types"?: string | boolean | string[] | undefined;
352
+ "base-uri"?: string | boolean | string[] | undefined;
353
+ "report-to"?: string | boolean | string[] | undefined;
354
+ "worker-src"?: string | boolean | string[] | undefined;
355
+ "manifest-src"?: string | boolean | string[] | undefined;
356
+ "prefetch-src"?: string | boolean | string[] | undefined;
357
+ "navigate-to"?: string | boolean | string[] | undefined;
358
+ "require-sri-for"?: string | boolean | string[] | undefined;
359
+ "block-all-mixed-content"?: string | boolean | string[] | undefined;
360
+ "upgrade-insecure-requests"?: string | boolean | string[] | undefined;
361
+ "trusted-types"?: string | boolean | string[] | undefined;
362
+ "require-trusted-types-for"?: string | boolean | string[] | undefined;
363
+ } | undefined;
364
+ } | undefined;
365
+ appwardenApiHostname?: string | undefined;
366
+ }, {
367
+ lockPageSlug: string;
368
+ appwardenApiToken: string;
369
+ debug?: string | boolean | undefined;
370
+ contentSecurityPolicy?: {
371
+ mode?: "disabled" | "report-only" | "enforced" | undefined;
372
+ directives?: string | {
373
+ "default-src"?: string | boolean | string[] | undefined;
374
+ "script-src"?: string | boolean | string[] | undefined;
375
+ "style-src"?: string | boolean | string[] | undefined;
376
+ "img-src"?: string | boolean | string[] | undefined;
377
+ "connect-src"?: string | boolean | string[] | undefined;
378
+ "font-src"?: string | boolean | string[] | undefined;
379
+ "object-src"?: string | boolean | string[] | undefined;
380
+ "media-src"?: string | boolean | string[] | undefined;
381
+ "frame-src"?: string | boolean | string[] | undefined;
382
+ sandbox?: string | boolean | string[] | undefined;
383
+ "report-uri"?: string | boolean | string[] | undefined;
384
+ "child-src"?: string | boolean | string[] | undefined;
385
+ "form-action"?: string | boolean | string[] | undefined;
386
+ "frame-ancestors"?: string | boolean | string[] | undefined;
387
+ "plugin-types"?: string | boolean | string[] | undefined;
388
+ "base-uri"?: string | boolean | string[] | undefined;
389
+ "report-to"?: string | boolean | string[] | undefined;
390
+ "worker-src"?: string | boolean | string[] | undefined;
391
+ "manifest-src"?: string | boolean | string[] | undefined;
392
+ "prefetch-src"?: string | boolean | string[] | undefined;
393
+ "navigate-to"?: string | boolean | string[] | undefined;
394
+ "require-sri-for"?: string | boolean | string[] | undefined;
395
+ "block-all-mixed-content"?: string | boolean | string[] | undefined;
396
+ "upgrade-insecure-requests"?: string | boolean | string[] | undefined;
397
+ "trusted-types"?: string | boolean | string[] | undefined;
398
+ "require-trusted-types-for"?: string | boolean | string[] | undefined;
399
+ } | undefined;
400
+ } | undefined;
401
+ appwardenApiHostname?: string | undefined;
402
+ }>;
403
+ type TanStackStartCloudflareConfigInput = z.input<typeof TanStackStartCloudflareConfigSchema>;
404
+
405
+ /**
406
+ * Minimal runtime context type for TanStack Start adapter.
407
+ * Contains only what the adapter and config function need.
408
+ * Users provide this context by importing env and waitUntil from "cloudflare:workers".
409
+ */
410
+ interface TanStackStartRuntimeContext {
411
+ env: CloudflareEnv;
412
+ waitUntil(promise: Promise<unknown>): void;
26
413
  }
27
414
  /**
28
- * Configuration function that receives the Cloudflare context and returns the config.
415
+ * Configuration function that receives the runtime context and returns the config.
29
416
  * This allows dynamic configuration based on environment variables.
417
+ * Accepts pre-transformation input types (e.g., string | boolean for debug, string | object for CSP directives).
30
418
  */
31
- type TanStackStartConfigFn = (cloudflare: TanStackStartCloudflareContext) => TanStackStartAppwardenConfig;
419
+ type TanStackStartConfigFn = (runtime: TanStackStartRuntimeContext) => TanStackStartCloudflareConfigInput;
32
420
  /**
33
421
  * The result returned by the `next()` function in TanStack Start request middleware.
34
422
  *
@@ -52,17 +440,13 @@ type TanStackStartNextFn = (options?: {
52
440
  /**
53
441
  * TanStack Start middleware server callback arguments.
54
442
  *
55
- * Mirrors the official TanStack Start `RequestServerOptions` interface, with
56
- * an additional optional `cloudflare` context property for Cloudflare
57
- * Workers deployments.
443
+ * Mirrors the official TanStack Start `RequestServerOptions` interface.
444
+ * The context should include env and waitUntil from the Cloudflare Workers runtime.
58
445
  */
59
446
  interface TanStackStartMiddlewareArgs {
60
447
  request: Request;
61
448
  pathname: string;
62
- context: {
63
- cloudflare?: TanStackStartCloudflareContext;
64
- [key: string]: unknown;
65
- };
449
+ context: TanStackStartRuntimeContext & Record<string, unknown>;
66
450
  next: TanStackStartNextFn;
67
451
  serverFnMeta?: unknown;
68
452
  }
@@ -71,8 +455,11 @@ interface TanStackStartMiddlewareArgs {
71
455
  *
72
456
  * Mirrors the official TanStack Start `RequestServerFn` type used for
73
457
  * request middleware server functions.
458
+ *
459
+ * Note: The middleware either returns TanStackStartNextResult or throws a Response (redirect).
460
+ * Thrown values are not part of the return type.
74
461
  */
75
- type TanStackStartMiddlewareFunction = (args: TanStackStartMiddlewareArgs) => Promise<TanStackStartNextResult | Response>;
462
+ type TanStackStartMiddlewareFunction = (args: TanStackStartMiddlewareArgs) => Promise<TanStackStartNextResult>;
76
463
  /**
77
464
  *
78
465
  * @param configFn - A function that receives the Cloudflare context and returns the config
@@ -80,4 +467,4 @@ type TanStackStartMiddlewareFunction = (args: TanStackStartMiddlewareArgs) => Pr
80
467
  */
81
468
  declare function createAppwardenMiddleware(configFn: TanStackStartConfigFn): TanStackStartMiddlewareFunction;
82
469
 
83
- export { type TanStackStartCloudflareContext, createAppwardenMiddleware };
470
+ export { createAppwardenMiddleware };
package/cloudflare/tanstack-start.js CHANGED
@@ -3,7 +3,7 @@ import {
3
3
  } from "../chunk-XFG6SUSV.js";
4
4
  import {
5
5
  useContentSecurityPolicy
6
- } from "../chunk-AXWJZE7U.js";
6
+ } from "../chunk-52NBQDQT.js";
7
7
  import {
8
8
  getNowMs
9
9
  } from "../chunk-X7WZVYQS.js";
@@ -50,16 +50,21 @@ function createAppwardenMiddleware(configFn) {
50
50
  const startTime = getNowMs();
51
51
  const { request, next, context } = args;
52
52
  try {
53
- const cloudflare = context.cloudflare;
54
- if (!cloudflare) {
53
+ if (!context.env || !context.waitUntil) {
55
54
  console.error(
56
55
  printMessage(
57
- "Cloudflare context not found in TanStack Start context. Ensure your Register type includes the cloudflare context, or pass it manually in the middleware wrapper."
56
+ "Runtime context missing required properties (env, waitUntil). Ensure you pass { env, waitUntil } from cloudflare:workers to the middleware context."
58
57
  )
59
58
  );
60
59
  return next();
61
60
  }
62
- const config = configFn(cloudflare);
61
+ const rawConfig = configFn(context);
62
+ const parseResult = TanStackStartCloudflareConfigSchema.safeParse(rawConfig);
63
+ if (!parseResult.success) {
64
+ validateConfig(rawConfig, TanStackStartCloudflareConfigSchema);
65
+ return next();
66
+ }
67
+ const config = parseResult.data;
63
68
  const debugFn = debug(config.debug ?? false);
64
69
  const requestUrl = new URL(request.url);
65
70
  const isHTML = isHTMLRequest(request);
@@ -70,13 +75,6 @@ function createAppwardenMiddleware(configFn) {
70
75
  if (!isHTML) {
71
76
  return next();
72
77
  }
73
- const hasError = validateConfig(
74
- config,
75
- TanStackStartCloudflareConfigSchema
76
- );
77
- if (hasError) {
78
- return next();
79
- }
80
78
  if (isOnLockPage(config.lockPageSlug, request.url)) {
81
79
  debugFn("Already on lock page - skipping");
82
80
  return next();
@@ -87,7 +85,7 @@ function createAppwardenMiddleware(configFn) {
87
85
  appwardenApiHostname: config.appwardenApiHostname,
88
86
  debug: config.debug,
89
87
  lockPageSlug: config.lockPageSlug,
90
- waitUntil: (fn) => cloudflare.ctx.waitUntil(fn)
88
+ waitUntil: context.waitUntil
91
89
  });
92
90
  if (lockStatus.isLocked) {
93
91
  const lockPageUrl = buildLockPageUrl(config.lockPageSlug, request.url);
@@ -98,12 +96,11 @@ function createAppwardenMiddleware(configFn) {
98
96
  const result = await next();
99
97
  const { response } = result;
100
98
  if (config.contentSecurityPolicy && isResponseLike(response)) {
101
- debugFn("Applying CSP middleware");
102
99
  const cspContext = {
103
100
  request,
104
101
  response,
105
102
  hostname: requestUrl.hostname,
106
- waitUntil: (fn) => cloudflare.ctx.waitUntil(fn),
103
+ waitUntil: context.waitUntil,
107
104
  debug: debugFn
108
105
  };
109
106
  await useContentSecurityPolicy(config.contentSecurityPolicy)(
package/cloudflare.js CHANGED
@@ -1,6 +1,6 @@
1
1
  import {
2
2
  useContentSecurityPolicy
3
- } from "./chunk-AXWJZE7U.js";
3
+ } from "./chunk-52NBQDQT.js";
4
4
  import {
5
5
  checkLockStatus
6
6
  } from "./chunk-G5FWKV2Q.js";
package/index.js CHANGED
@@ -5,7 +5,7 @@ import {
5
5
  } from "./chunk-QEFORWCW.js";
6
6
  import {
7
7
  useContentSecurityPolicy
8
- } from "./chunk-AXWJZE7U.js";
8
+ } from "./chunk-52NBQDQT.js";
9
9
  import {
10
10
  APPWARDEN_CACHE_KEY,
11
11
  CSPDirectivesSchema,
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@appwarden/middleware",
3
- "version": "3.6.0",
3
+ "version": "3.7.0",
4
4
  "description": "Instantly shut off access your app deployed on Cloudflare or Vercel",
5
5
  "type": "module",
6
6
  "license": "MIT",
@@ -116,7 +116,8 @@
116
116
  "rollup@>=4.0.0 <4.59.0": ">=4.59.0",
117
117
  "h3@<=1.15.4": ">=1.15.5",
118
118
  "js-yaml@<3.14.2": ">=3.14.2",
119
- "fast-xml-parser@<5.3.8": ">=5.3.8"
119
+ "fast-xml-parser@<5.3.8": ">=5.3.8",
120
+ "serialize-javascript@<=7.0.2": ">=7.0.3"
120
121
  }
121
122
  }
122
123
  }