@aravindc26/velu 0.13.7 → 0.13.8

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aravindc26/velu",
-  "version": "0.13.7",
+  "version": "0.13.8",
   "description": "A modern documentation site generator powered by Markdown and JSON configuration",
   "type": "module",
   "license": "MIT",

package/src/engine/{middleware.ts → preview-proxy.ts}

@@ -1,9 +1,10 @@
-import { NextRequest, NextResponse } from 'next/server';
+import type { NextRequest } from 'next/server';
+import { NextResponse } from 'next/server';
 import { getPreviewSecret, verifyPreviewToken } from './lib/preview-auth';
 
 /**
- * Next.js middleware that enforces HMAC-signed token authentication for
- * preview page routes.
+ * Next.js proxy (middleware) that enforces HMAC-signed token authentication
+ * for preview page routes.
  *
  * Flow:
  *  1. Requests with `x-preview-secret` header pass through (server-to-server API calls).
@@ -13,7 +14,7 @@ import { getPreviewSecret, verifyPreviewToken } from './lib/preview-auth';
  *  4. If a valid `__velu_preview_{sessionId}` cookie exists: allow.
  *  5. Otherwise: 403.
  */
-export function middleware(request: NextRequest) {
+export function proxy(request: NextRequest) {
   const secret = getPreviewSecret();
 
   // No secret configured — allow everything (dev / local)
@@ -76,16 +77,8 @@ export function middleware(request: NextRequest) {
   return new NextResponse('Forbidden', { status: 403 });
 }
 
-// Use Node.js runtime so we can access the crypto module for HMAC verification
-export const runtime = 'nodejs';
-
 export const config = {
   matcher: [
-    /*
-     * Match all request paths except:
-     * - _next (Next.js internals)
-     * - favicon.ico, robots.txt, sitemap.xml (static meta)
-     */
     '/((?!_next|favicon\\.ico|robots\\.txt|sitemap\\.xml).*)',
   ],
 };