npm - @decocms/start - Versions diffs - 5.4.0 → 5.4.1 - Mend

@decocms/start 5.4.0 → 5.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/package.json +1 -1
package/src/sdk/abTesting.test.ts +231 -0
package/src/sdk/abTesting.ts +58 -5

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@decocms/start",
-  "version": "5.4.0",
+  "version": "5.4.1",
   "type": "module",
   "description": "Deco framework for TanStack Start - CMS bridge, admin protocol, hooks, schema generation",
   "main": "./src/index.ts",

package/src/sdk/abTesting.test.ts ADDED Viewed

@@ -0,0 +1,231 @@
+import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
+import { proxyToFallback, type SiteConfig, type WorkerHandler, withABTesting } from "./abTesting";
+// ---------------------------------------------------------------------------
+// Test helpers
+// ---------------------------------------------------------------------------
+const REAL_HOST = "www.bagaggio.com.br";
+const FALLBACK_HOST = "lojabagaggio.deco.site";
+function makeUrl(path = "/x"): URL {
+  return new URL(`https://${REAL_HOST}${path}`);
+}
+function makeFakeKv(value: SiteConfig | null) {
+  return {
+    get: vi.fn(async () => value),
+  };
+}
+function makeCtx() {
+  return {
+    waitUntil: vi.fn(),
+    passThroughOnException: vi.fn(),
+  };
+}
+// ---------------------------------------------------------------------------
+// proxyToFallback
+// ---------------------------------------------------------------------------
+describe("proxyToFallback", () => {
+  let fetchSpy: ReturnType<typeof vi.fn>;
+  beforeEach(() => {
+    fetchSpy = vi.fn();
+    vi.stubGlobal("fetch", fetchSpy);
+  });
+  afterEach(() => {
+    vi.unstubAllGlobals();
+  });
+  it("always sets redirect:'manual' to avoid replaying streamed bodies on 3xx", async () => {
+    fetchSpy.mockResolvedValue(new Response("ok", { status: 200 }));
+    const request = new Request(`https://${REAL_HOST}/foo`, {
+      method: "POST",
+      body: "payload",
+    });
+    await proxyToFallback(request, makeUrl("/foo"), FALLBACK_HOST);
+    expect(fetchSpy).toHaveBeenCalledTimes(1);
+    const [, init] = fetchSpy.mock.calls[0];
+    expect(init.redirect).toBe("manual");
+  });
+  it("strips hop-by-hop headers + host before forwarding", async () => {
+    fetchSpy.mockResolvedValue(new Response(null, { status: 204 }));
+    const request = new Request(`https://${REAL_HOST}/foo`, {
+      method: "GET",
+      headers: {
+        host: REAL_HOST,
+        connection: "keep-alive",
+        "keep-alive": "timeout=5",
+        "transfer-encoding": "chunked",
+        upgrade: "websocket",
+        "proxy-authorization": "Bearer x",
+        "x-real-ip": "1.2.3.4",
+        cookie: "session=abc",
+      },
+    });
+    await proxyToFallback(request, makeUrl("/foo"), FALLBACK_HOST);
+    const [, init] = fetchSpy.mock.calls[0];
+    const fwd = init.headers as Headers;
+    expect(fwd.get("host")).toBeNull();
+    expect(fwd.get("connection")).toBeNull();
+    expect(fwd.get("keep-alive")).toBeNull();
+    expect(fwd.get("transfer-encoding")).toBeNull();
+    expect(fwd.get("upgrade")).toBeNull();
+    expect(fwd.get("proxy-authorization")).toBeNull();
+    // Non-hop-by-hop headers are preserved.
+    expect(fwd.get("x-real-ip")).toBe("1.2.3.4");
+    expect(fwd.get("cookie")).toBe("session=abc");
+    expect(fwd.get("x-forwarded-host")).toBe(REAL_HOST);
+  });
+  it("forwards a 302 from the upstream without following it, rewriting Location", async () => {
+    fetchSpy.mockResolvedValue(
+      new Response(null, {
+        status: 302,
+        headers: { location: `https://${FALLBACK_HOST}/landing` },
+      }),
+    );
+    const request = new Request(`https://${REAL_HOST}/go`, {
+      method: "POST",
+      body: "irrelevant",
+    });
+    const res = await proxyToFallback(request, makeUrl("/go"), FALLBACK_HOST);
+    expect(res.status).toBe(302);
+    expect(res.headers.get("location")).toBe(`https://${REAL_HOST}/landing`);
+  });
+  it("does NOT consume the response body on 3xx (passes it through as stream)", async () => {
+    // The text-rewrite block must skip non-2xx so streamed/binary 3xx bodies
+    // aren't needlessly drained — that was a latent bug paired with the
+    // redirect:"manual" fix.
+    const upstream = new Response("redirect-body", {
+      status: 301,
+      headers: {
+        "content-type": "text/html",
+        location: `https://${FALLBACK_HOST}/elsewhere`,
+      },
+    });
+    const textSpy = vi.spyOn(upstream, "text");
+    fetchSpy.mockResolvedValue(upstream);
+    const request = new Request(`https://${REAL_HOST}/r`, { method: "GET" });
+    const res = await proxyToFallback(request, makeUrl("/r"), FALLBACK_HOST);
+    expect(textSpy).not.toHaveBeenCalled();
+    expect(res.status).toBe(301);
+    expect(res.headers.get("location")).toBe(`https://${REAL_HOST}/elsewhere`);
+  });
+  it("rewrites the hostname in 2xx text bodies (Fresh partial URLs)", async () => {
+    fetchSpy.mockResolvedValue(
+      new Response(`<a href="https://${FALLBACK_HOST}/produto">veja</a>`, {
+        status: 200,
+        headers: { "content-type": "text/html" },
+      }),
+    );
+    const request = new Request(`https://${REAL_HOST}/p`, { method: "GET" });
+    const res = await proxyToFallback(request, makeUrl("/p"), FALLBACK_HOST);
+    const body = await res.text();
+    expect(body).toBe(`<a href="https://${REAL_HOST}/produto">veja</a>`);
+  });
+  it("does NOT call .text() on 2xx binary responses (image/png passes as stream)", async () => {
+    const binary = new Uint8Array([0x89, 0x50, 0x4e, 0x47, 0x0d, 0x0a, 0x1a]);
+    const upstream = new Response(binary, {
+      status: 200,
+      headers: { "content-type": "image/png" },
+    });
+    const textSpy = vi.spyOn(upstream, "text");
+    fetchSpy.mockResolvedValue(upstream);
+    const request = new Request(`https://${REAL_HOST}/img.png`, {
+      method: "GET",
+    });
+    const res = await proxyToFallback(request, makeUrl("/img.png"), FALLBACK_HOST);
+    expect(textSpy).not.toHaveBeenCalled();
+    expect(res.headers.get("content-type")).toBe("image/png");
+    const bytes = new Uint8Array(await res.arrayBuffer());
+    expect(Array.from(bytes)).toEqual(Array.from(binary));
+  });
+  it("rewrites Set-Cookie Domain from fallback origin to real hostname", async () => {
+    const headers = new Headers({ "content-type": "application/json" });
+    headers.append("set-cookie", `vtex_segment=abc; Domain=.${FALLBACK_HOST}; Path=/`);
+    fetchSpy.mockResolvedValue(new Response("{}", { status: 200, headers }));
+    const request = new Request(`https://${REAL_HOST}/api`, { method: "GET" });
+    const res = await proxyToFallback(request, makeUrl("/api"), FALLBACK_HOST);
+    const cookies = res.headers.getSetCookie?.() ?? [];
+    expect(cookies).toHaveLength(1);
+    expect(cookies[0]).toContain(`Domain=.${REAL_HOST}`);
+    expect(cookies[0]).not.toContain(FALLBACK_HOST);
+  });
+});
+// ---------------------------------------------------------------------------
+// withABTesting — clone defense
+// ---------------------------------------------------------------------------
+describe("withABTesting — outer-catch defense", () => {
+  let fetchSpy: ReturnType<typeof vi.fn>;
+  beforeEach(() => {
+    fetchSpy = vi.fn();
+    vi.stubGlobal("fetch", fetchSpy);
+  });
+  afterEach(() => {
+    vi.unstubAllGlobals();
+  });
+  it("recovers via inner handler with body intact when fallback proxy throws", async () => {
+    // Simulate the legacy bug: the first fetch (fallback proxy) blows up
+    // *after* the body would have been consumed. The outer catch must be
+    // able to read request.body when calling handler.fetch, so withABTesting
+    // tees the request with request.clone() before handing it to the proxy.
+    fetchSpy.mockRejectedValue(new Error("upstream exploded"));
+    const handler: WorkerHandler = {
+      fetch: vi.fn(async (req) => {
+        const body = await req.text();
+        return new Response(`handler saw: ${body}`, { status: 200 });
+      }),
+    };
+    const kv = makeFakeKv({
+      workerName: "test",
+      fallbackOrigin: FALLBACK_HOST,
+      abTest: { ratio: 0 }, // ratio 0 → always fallback bucket
+    });
+    const wrapped = withABTesting(handler, { kvBinding: "KV" });
+    const request = new Request(`https://${REAL_HOST}/recover`, {
+      method: "POST",
+      body: "payload",
+    });
+    const res = await wrapped.fetch(
+      request,
+      { KV: kv } as unknown as Record<string, unknown>,
+      makeCtx(),
+    );
+    expect(res.status).toBe(200);
+    expect(await res.text()).toBe("handler saw: payload");
+    expect(handler.fetch).toHaveBeenCalledTimes(1);
+  });
+});

package/src/sdk/abTesting.ts CHANGED Viewed

@@ -105,6 +105,25 @@ function fnv1a(str: string): number {
 	return Math.abs(hash);
 }
+// ---------------------------------------------------------------------------
+// Header constants
+// ---------------------------------------------------------------------------
+/**
+ * Hop-by-hop headers per RFC 7230 §6.1 — must not be forwarded through
+ * proxies. Plus `host`, which we always rewrite to the target origin.
+ */
+const HOP_BY_HOP_HEADERS = new Set([
+	"connection",
+	"keep-alive",
+	"transfer-encoding",
+	"te",
+	"trailer",
+	"upgrade",
+	"proxy-authorization",
+	"proxy-authenticate",
+]);
 // ---------------------------------------------------------------------------
 // Cookie helpers
 // ---------------------------------------------------------------------------
@@ -216,6 +235,14 @@ export function tagBucket(
  * 2. Set-Cookie Domain → real hostname
  * 3. Body text: fallback hostname → real hostname (for Fresh partial URLs)
  * 4. Location header → real hostname
+ *
+ * **`redirect: "manual"` is critical.** The request body is forwarded as a
+ * stream (`duplex: "half"`) and is consumed by this first fetch. If the
+ * upstream returns a 301/302 and we let CF auto-follow, the runtime would
+ * try to replay the request and throw `Cannot reconstruct a Request with
+ * a used body.` Instead we forward the 3xx response to the client so the
+ * client (browser/curl) follows it on its own. The Location header is
+ * rewritten below so the next hop targets the real hostname.
  */
 export async function proxyToFallback(
 	request: Request,
@@ -225,13 +252,22 @@ export async function proxyToFallback(
 	const target = new URL(url.toString());
 	target.hostname = fallbackOrigin;
-	const headers = new Headers(request.headers);
-	headers.delete("host");
+	// Strip hop-by-hop headers + Host before forwarding. Without this the
+	// upstream may close the connection (Connection: close) or get confused
+	// by Transfer-Encoding/Upgrade meant for the original CF↔client hop.
+	const headers = new Headers();
+	for (const [key, value] of request.headers.entries()) {
+		const lk = key.toLowerCase();
+		if (lk === "host") continue;
+		if (HOP_BY_HOP_HEADERS.has(lk)) continue;
+		headers.set(key, value);
+	}
 	headers.set("x-forwarded-host", url.hostname);
 	const init: RequestInit = {
 		method: request.method,
 		headers,
+		redirect: "manual",
 	};
 	if (request.method !== "GET" && request.method !== "HEAD") {
 		init.body = request.body;
@@ -244,8 +280,17 @@ export async function proxyToFallback(
 	const isText =
 		ct.includes("text/") || ct.includes("json") || ct.includes("javascript");
+	// Only rewrite text bodies on 2xx successful responses. Reading
+	// `response.text()` on a 3xx (forwarded redirect) or binary response
+	// would consume the stream needlessly and could throw on non-text
+	// content. The Location header is rewritten separately further down.
 	let body: BodyInit | null = response.body;
-	if (isText && response.body) {
+	if (
+		isText &&
+		response.body &&
+		response.status >= 200 &&
+		response.status < 300
+	) {
 		const text = await response.text();
 		body = text.replaceAll(fallbackOrigin, url.hostname);
 	}
@@ -338,10 +383,16 @@ export function withABTesting(
 			const ratio = siteConfig.abTest?.ratio ?? 0;
 			const bucket = getStableBucket(request, ratio, url, cookieName);
+			// Tee the request so the outer `catch` below can still pass the
+			// original (with body intact) to `handler.fetch` if proxyToFallback
+			// somehow throws after consuming the body. `Request.clone()` is
+			// safe in CF Workers — it tees the underlying stream.
+			const fallbackRequest = request.clone();
 			try {
 				if (bucket === "fallback") {
 					const response = await proxyToFallback(
-						request,
+						fallbackRequest,
 						url,
 						siteConfig.fallbackOrigin,
 					);
@@ -372,8 +423,10 @@ export function withABTesting(
 						"[A/B] Worker error, circuit breaker → fallback:",
 						err,
 					);
+					// Use the teed clone — handler.fetch above may have already
+					// consumed the original request body before throwing.
 					const response = await proxyToFallback(
-						request,
+						fallbackRequest,
 						url,
 						siteConfig.fallbackOrigin,
 					);