npm - @dr.pogodin/react-utils - Versions diffs - 1.47.0-alpha.1 → 1.47.0-alpha.11 - Mend

@dr.pogodin/react-utils 1.47.0-alpha.1 → 1.47.0-alpha.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (306) hide show

package/build/production/server/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","names":["require","_nodeHttp","_interopRequireDefault","_nodeHttps","_cloneDeep","_defaults","_isFinite","_isNumber","_isString","_toNumber","_server","_interopRequireWildcard","_renderer","_utils","e","t","WeakMap","r","n","__esModule","o","i","f","__proto__","default","has","get","set","hasOwnProperty","call","Object","defineProperty","getOwnPropertyDescriptor","normalizePort","value","port","toNumber","isFinite","isNumber","launchServer","webpackConfig","options","ops","cloneDeep","process","env","PORT","defaults","httpsRedirect","logger","newDefaultLogger","defaultLogLevel","defaultLoggerLogLevel","expressServer","serverFactory","httpServer","https","createServer","cert","key","http","on","error","syscall","bind","isString","code","exit","undefined","addr","address","info","NODE_ENV","listen","SCRIPT_LOCATIONS","getDefaultCspSettings","errors"],"sources":["../../../src/server/index.ts"],"sourcesContent":["// eslint-disable-next-line import/no-unassigned-import\nimport 'source-map-support/register';\n\nimport http from 'node:http';\nimport https from 'node:https';\n\nimport cloneDeep from 'lodash/cloneDeep';\nimport defaults from 'lodash/defaults';\nimport isFinite from 'lodash/isFinite';\nimport isNumber from 'lodash/isNumber';\nimport isString from 'lodash/isString';\nimport toNumber from 'lodash/toNumber';\n\n// Polyfill required by ReactJS.\n// TODO: Double-check, if it is still required by React v19?\n// eslint-disable-next-line import/no-unassigned-import\nimport 'raf/polyfill';\n\nimport type { Configuration } from 'webpack';\n\nimport serverFactory, {\n type OptionsT as ServerOptionsT,\n type ServerT,\n getDefaultCspSettings,\n} from './server';\n\nimport { SCRIPT_LOCATIONS, newDefaultLogger } from './renderer';\n\nimport { errors } from './utils';\n\nexport type {\n BeforeRenderResT,\n BeforeRenderT,\n ConfigT,\n ServerSsrContext,\n} from './renderer';\n\nexport { errors, getDefaultCspSettings, type ServerT };\n\n/*\n Normalizes a port into a number, string, or false.\n * TODO: Drop this function?\n * @param value Port name or number.\n * @return Port number (Number), name (String), or false.\n /\nfunction normalizePort(value: number \| string) {\n const port = toNumber(value);\n if (isFinite(port)) return port; / port number /\n if (!isNumber(port)) return value; / named pipe /\n return false;\n}\n\ntype OptionsT = ServerOptionsT & {\n https?: {\n cert: string;\n key: string;\n };\n\n // TODO: Should we limit it to number \| string, and throw if it is different value?\n port?: false \| number \| string;\n};\n\n/\n Creates and launches web-server for ReactJS application. Allows zero\n * or detailed configuration, supports server-side rendering,\n * and development tools, including Hot Module Reloading (HMR).\n \n NOTE: Many of options defined below are passed down to the server and\n * renderer factories, and their declared default values are set in those\n * factories, rather than here.\n \n @param {object} webpackConfig Webpack configuration used to build\n * the frontend bundle. In production mode the server will read out of it\n * `context`, `publicPath`, and a few other parameters, necessary to locate\n * and serve the app bundle. In development mode the server will use entire\n * provided config to build the app bundle in memory, and further watch and\n * update it via HMR.\n * @param {object} [options] Additional parameters.\n * @param {Component} [options.Application] The root ReactJS component of\n * the app to use for the server-side rendering. When not provided\n * the server-side rendering is disabled.\n * @param {function} [options.beforeExpressJsError] Asynchronous callback\n * (`(server) => Promise<boolean>`) to be executed just before the default error\n * handler is added to ExpressJS server. If the callback is provided and its\n * result resolves to a truthy value, `react-utils` won't attach the default\n * error handler.\n * @param {function} [options.beforeExpressJsSetup] Asynchronous callback\n * (`(server) => Promise) to be executed right after ExpressJS server creation,\n * before any configuration is performed.\n * @param {BeforeRenderHook} [options.beforeRender] The hook to run just before\n * the server-side rendering. For each incoming request, it will be executed\n * just before the HTML markup is generated at the server. It allows to load\n * and provide the data necessary for server-side rendering, and also to inject\n * additional configuration and scripts into the generated HTML code.\n * @param {boolean} [options.noCsp] Set `true` to disable\n * Content-Security-Policy (CSP) headers altogether.\n * @param {function} [options.cspSettingsHook] A hook allowing\n * to customize [CSP](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP)\n * settings for [helmet](https://github.com/helmetjs/helmet)'s\n * `contentSecurityPolicy` middleware on per-request basis.\n \n If provided it should be a with signature: \\\n * `(defaultSettings: object, req: object)` ⇒ `object` \\\n * which gets the default settings (also used without the hook),\n * and the incoming request object. The hook response will be passed\n * as options to the helmet `contentSecurityPolicy` middleware.\n \n Currently, the default settings is the following object in production\n * environment:\n * ```js\n * {\n * directives: {\n * defaultSrc: [\"'self'\"],\n * baseUri: [\"'self'\"],\n * blockAllMixedContent: [],\n * fontSrc: [\"'self'\", 'https:', 'data:'],\n * frameAncestors: [\"'self'\"],\n * frameSrc: [\"'self'\", 'https://.youtube.com'],\n imgSrc: [\"'self'\", 'data:'],\n * objectSrc: [\"'none'\"],\n * scriptSrc: [\"'self'\", \"'unsafe-eval'\", `'nonce-UNIQUE_NONCE_VALUE'`],\n * scriptSrcAttr: [\"'none'\"],\n * styleSrc: [\"'self'\", 'https:', \"'unsafe-inline'\"],\n * upgradeInsecureRequests: [] // Removed in dev mode.\n * }\n * }\n * ```\n * It matches the default value used by Helmet with a few updates:\n * - YouTube host is whitelisted in the `frameSrc` directive to ensure\n * the {@link YouTubeVideo} component works.\n * - An unique per-request nonce is added to `scriptSrc` directive to\n * whitelist auxiliary scripts injected by react-utils. The actual nonce\n * value can be fetched by host code via `.nonce` field of `req` argument\n * of `.beforeRender` hook.\n * - `upgradeInsecureRequests` directive is removed in development mode,\n * to simplify local testing with http requests.\n * @param {string} [options.defaultLoggerLogLevel='info'] Log level for\n * the default logger, which is created if no `logger` option provided.\n * @param {boolean} [options.devMode] Pass in `true` to start the server in\n * development mode.\n * @param {string} [options.favicon] Path to the favicon to use by the server.\n * By default no favicon is used.\n * @param {object} [options.https] If provided, HTTPS server will be started,\n * instead of HTTP otherwise. The object should provide SSL certificate and key\n * via two string fields: `cert`, and `key`.\n * @param {string} [options.https.cert] SSL Certificate.\n * @param {string} [options.https.key] SSL key.\n * @param {boolean} [options.httpsRedirect=true] Pass in `true` to enable\n * automatic redirection of all incoming HTTP requests to HTTPS.\n \n To smoothly use it at `localhost` you need to run the server in HTTPS mode,\n * and also properly create and install a self-signed SSL sertificate on your\n * system. This article is helpful:\n * [How to get HTTPS working on your local development environment in 5 minutes](https://medium.freecodecamp.org/how-to-get-https-working-on-your-local-development-environment-in-5-minutes-7af615770eec)\n * @param {Logger} [options.logger] The logger to use at server side.\n * By default [`winston`](https://www.npmjs.com/package/winston) logger\n * with console transport is used. The logger you provide, or the default\n * `winston` logger otherwise, will be attached to the created ExpressJS server\n * object.\n * @param {function} [options.onExpressJsSetup] An async callback\n * (`(server) => Promise`) to be triggered when most of the server\n * configuration is completed, just before the server-side renderer,\n * and the default error handler are attached. You can use it to mount\n * custom API routes. The server-side logger can be accessed as `server.logger`.\n * @param {number\|string} [options.port=3000] The port to start the server on.\n * @param {number} [options.staticCacheSize=1.e7] The maximum\n * static cache size in bytes. Defaults to ~10 MB.\n * @param {function} [options.staticCacheController] When given, it activates,\n * and controls the static caching of generated HTML markup. When this function\n * is provided, on each incoming request it is triggered with the request\n * passed in as the argument. To attempt to serve the response from the cache\n * it should return the object with the following fields:\n * - `key: string` – the cache key for the response;\n * - `maxage?: number` – the maximum age of cached result in ms.\n * If undefined - infinite age is assumed.\n * @param {number} [options.maxSsrRounds=10] Maximum number of SSR rounds.\n * @param {number} [options.ssrTimeout=1000] SSR timeout in milliseconds,\n * defaults to 1 second.\n * @return Resolves to an object with created Express and HTTP servers.\n /\nexport default async function launchServer(\n webpackConfig: Configuration,\n options: OptionsT = {},\n): Promise<{\n expressServer: ServerT;\n httpServer: http.Server;\n}> {\n / Options normalization. /\n const ops = cloneDeep(options);\n\n // eslint-disable-next-line @typescript-eslint/prefer-nullish-coalescing\n ops.port = normalizePort(ops.port \|\| process.env.PORT \|\| 3000);\n defaults(ops, { httpsRedirect: true });\n\n // TODO: Need a separate type for normalized options, which guarantees\n // the logger is set!\n ops.logger ??= newDefaultLogger({\n defaultLogLevel: ops.defaultLoggerLogLevel,\n });\n\n / Creates servers, resolves and sets the port. /\n const expressServer = await serverFactory(webpackConfig, ops);\n\n let httpServer: http.Server;\n if (ops.https) {\n httpServer = https.createServer({\n cert: ops.https.cert,\n key: ops.https.key,\n }, expressServer as unknown as () => void);\n } else httpServer = http.createServer(expressServer as unknown as () => void);\n\n / Sets error handler for HTTP(S) server. /\n httpServer.on('error', (error: Error) => {\n if ((error as { syscall?: string }).syscall !== 'listen') throw error;\n const bind = isString(ops.port) ? `Pipe ${ops.port}` : `Port ${ops.port}`;\n\n / Human-readable message for some specific listen errors. /\n switch ((error as { code?: string }).code) {\n case 'EACCES':\n ops.logger!.error(`${bind} requires elevated privileges`);\n return process.exit(1);\n case 'EADDRINUSE':\n ops.logger!.error(`${bind} is already in use`);\n return process.exit(1);\n case undefined:\n default:\n throw error;\n }\n });\n\n / Listening event handler for HTTP(S) server. */\n httpServer.on('listening', () => {\n const addr = httpServer.address()!;\n const bind = isString(addr) ? `pipe ${addr}` : `port ${addr.port}`;\n ops.logger!.info(`Server listening on ${bind} in ${\n process.env.NODE_ENV} mode`);\n });\n\n httpServer.listen(ops.port);\n\n return {\n expressServer,\n httpServer,\n };\n}\n\nlaunchServer.SCRIPT_LOCATIONS = SCRIPT_LOCATIONS;\nlaunchServer.getDefaultCspSettings = getDefaultCspSettings;\nlaunchServer.errors = errors;\n"],"mappings":"mZACAA,OAAA,gCAEA,IAAAC,SAAA,CAAAC,sBAAA,CAAAF,OAAA,eACA,IAAAG,UAAA,CAAAD,sBAAA,CAAAF,OAAA,gBAEA,IAAAI,UAAA,CAAAF,sBAAA,CAAAF,OAAA,sBACA,IAAAK,SAAA,CAAAH,sBAAA,CAAAF,OAAA,qBACA,IAAAM,SAAA,CAAAJ,sBAAA,CAAAF,OAAA,qBACA,IAAAO,SAAA,CAAAL,sBAAA,CAAAF,OAAA,qBACA,IAAAQ,SAAA,CAAAN,sBAAA,CAAAF,OAAA,qBACA,IAAAS,SAAA,CAAAP,sBAAA,CAAAF,OAAA,qBAKAA,OAAA,iBAIA,IAAAU,OAAA,CAAAC,uBAAA,CAAAX,OAAA,cAMA,IAAAY,SAAA,CAAAZ,OAAA,eAEA,IAAAa,MAAA,CAAAb,OAAA,YAAe,SAAAW,wBAAAG,CAAA,CAAAC,CAAA,wBAAAC,OAAA,KAAAC,CAAA,KAAAD,OAAA,CAAAE,CAAA,KAAAF,OAAA,QAAAL,uBAAA,SAAAA,CAAAG,CAAA,CAAAC,CAAA,MAAAA,CAAA,EAAAD,CAAA,EAAAA,CAAA,CAAAK,UAAA,QAAAL,CAAA,KAAAM,CAAA,CAAAC,CAAA,CAAAC,CAAA,EAAAC,SAAA,MAAAC,OAAA,CAAAV,CAAA,YAAAA,CAAA,mBAAAA,CAAA,qBAAAA,CAAA,QAAAQ,CAAA,IAAAF,CAAA,CAAAL,CAAA,CAAAG,CAAA,CAAAD,CAAA,KAAAG,CAAA,CAAAK,GAAA,CAAAX,CAAA,SAAAM,CAAA,CAAAM,GAAA,CAAAZ,CAAA,EAAAM,CAAA,CAAAO,GAAA,CAAAb,CAAA,CAAAQ,CAAA,YAAAP,CAAA,IAAAD,CAAA,aAAAC,CAAA,KAAAa,cAAA,CAAAC,IAAA,CAAAf,CAAA,CAAAC,CAAA,KAAAM,CAAA,EAAAD,CAAA,CAAAU,MAAA,CAAAC,cAAA,GAAAD,MAAA,CAAAE,wBAAA,CAAAlB,CAAA,CAAAC,CAAA,KAAAM,CAAA,CAAAK,GAAA,EAAAL,CAAA,CAAAM,GAAA,EAAAP,CAAA,CAAAE,CAAA,CAAAP,CAAA,CAAAM,CAAA,EAAAC,CAAA,CAAAP,CAAA,EAAAD,CAAA,CAAAC,CAAA,UAAAO,CAAA,GAAAR,CAAA,CAAAC,CAAA,EA5Bf;AAaA;AACA;AACA;AAwBA;AACA;AACA;AACA;AACA;AACA,GACA,QAAS,CAAAkB,aAAaA,CAACC,KAAsB,CAAE,CAC7C,KAAM,CAAAC,IAAI,CAAG,GAAAC,iBAAQ,EAACF,KAAK,CAAC,CAC5B,GAAI,GAAAG,iBAAQ,EAACF,IAAI,CAAC,CAAE,MAAO,CAAAA,IAAI,CAAE,iBACjC,GAAI,CAAC,GAAAG,iBAAQ,EAACH,IAAI,CAAC,CAAE,MAAO,CAAAD,KAAK,CAAE,gBACnC,MAAO,MACT,CAYA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GACe,cAAe,CAAAK,YAAYA,CACxCC,aAA4B,CAC5BC,OAAiB,CAAG,CAAC,CAAC,CAIrB,CACD,4BACA,KAAM,CAAAC,GAAG,CAAG,GAAAC,kBAAS,EAACF,OAAO,CAAC,CAE9B;AACAC,GAAG,CAACP,IAAI,CAAGF,aAAa,CAACS,GAAG,CAACP,IAAI,EAAIS,OAAO,CAACC,GAAG,CAACC,IAAI,EAAI,IAAI,CAAC,CAC9D,GAAAC,iBAAQ,EAACL,GAAG,CAAE,CAAEM,aAAa,CAAE,IAAK,CAAC,CAAC,CAEtC;AACA;AACAN,GAAG,CAACO,MAAM,GAAK,GAAAC,0BAAgB,EAAC,CAC9BC,eAAe,CAAET,GAAG,CAACU,qBACvB,CAAC,CAAC,CAEF,kDACA,KAAM,CAAAC,aAAa,CAAG,KAAM,GAAAC,eAAa,EAACd,aAAa,CAAEE,GAAG,CAAC,CAE7D,GAAI,CAAAa,UAAuB,CAC3B,GAAIb,GAAG,CAACc,KAAK,CAAE,CACbD,UAAU,CAAGC,kBAAK,CAACC,YAAY,CAAC,CAC9BC,IAAI,CAAEhB,GAAG,CAACc,KAAK,CAACE,IAAI,CACpBC,GAAG,CAAEjB,GAAG,CAACc,KAAK,CAACG,GACjB,CAAC,CAAEN,aAAsC,CAC3C,CAAC,IAAM,CAAAE,UAAU,CAAGK,iBAAI,CAACH,YAAY,CAACJ,aAAsC,CAAC,CAE7E,4CACAE,UAAU,CAACM,EAAE,CAAC,OAAO,CAAGC,KAAY,EAAK,CACvC,GAAKA,KAAK,CAA0BC,OAAO,GAAK,QAAQ,CAAE,KAAM,CAAAD,KAAK,CACrE,KAAM,CAAAE,IAAI,CAAG,GAAAC,iBAAQ,EAACvB,GAAG,CAACP,IAAI,CAAC,CAAG,QAAQO,GAAG,CAACP,IAAI,EAAE,CAAG,QAAQO,GAAG,CAACP,IAAI,EAAE,CAEzE,6DACA,OAAS2B,KAAK,CAAuBI,IAAI,EACvC,IAAK,QAAQ,CACXxB,GAAG,CAACO,MAAM,CAAEa,KAAK,CAAC,GAAGE,IAAI,+BAA+B,CAAC,CACzD,MAAO,CAAApB,OAAO,CAACuB,IAAI,CAAC,CAAC,CAAC,CACxB,IAAK,YAAY,CACfzB,GAAG,CAACO,MAAM,CAAEa,KAAK,CAAC,GAAGE,IAAI,oBAAoB,CAAC,CAC9C,MAAO,CAAApB,OAAO,CAACuB,IAAI,CAAC,CAAC,CAAC,CACxB,IAAK,CAAAC,SAAS,CACd,QACE,KAAM,CAAAN,KACV,CACF,CAAC,CAAC,CAEF,iDACAP,UAAU,CAACM,EAAE,CAAC,WAAW,CAAE,IAAM,CAC/B,KAAM,CAAAQ,IAAI,CAAGd,UAAU,CAACe,OAAO,CAAC,CAAE,CAClC,KAAM,CAAAN,IAAI,CAAG,GAAAC,iBAAQ,EAACI,IAAI,CAAC,CAAG,QAAQA,IAAI,EAAE,CAAG,QAAQA,IAAI,CAAClC,IAAI,EAAE,CAClEO,GAAG,CAACO,MAAM,CAAEsB,IAAI,CAAC,uBAAuBP,IAAI,OAC1CpB,OAAO,CAACC,GAAG,CAAC2B,QAAQ,OAAO,CAC/B,CAAC,CAAC,CAEFjB,UAAU,CAACkB,MAAM,CAAC/B,GAAG,CAACP,IAAI,CAAC,CAE3B,MAAO,CACLkB,aAAa,CACbE,UACF,CACF,CAEAhB,YAAY,CAACmC,gBAAgB,CAAGA,0BAAgB,CAChDnC,YAAY,CAACoC,qBAAqB,CAAGA,6BAAqB,CAC1DpC,YAAY,CAACqC,MAAM,CAAGA,aAAM","ignoreList":[]}
1	+ {"version":3,"file":"index.js","names":["http","https","cloneDeep","defaults","serverFactory","getDefaultCspSettings","SCRIPT_LOCATIONS","newDefaultLogger","normalizePort","value","port","parseInt","Number","isFinite","launchServer","webpackConfig","options","ops","process","env","PORT","httpsRedirect","logger","defaultLogLevel","defaultLoggerLogLevel","expressServer","httpServer","createServer","cert","key","on","error","syscall","bind","code","exit","undefined","addr","address","info","NODE_ENV","listen"],"sources":["../../../src/server/index.ts"],"sourcesContent":["// eslint-disable-next-line import/no-unassigned-import\nimport 'source-map-support/register.js';\n\nimport http from 'node:http';\nimport https from 'node:https';\n\nimport { cloneDeep, defaults } from 'lodash-es';\n\n// Polyfill required by ReactJS.\n// TODO: Double-check, if it is still required by React v19?\n// eslint-disable-next-line import/no-unassigned-import\nimport 'raf/polyfill.js';\n\nimport type { Configuration } from 'webpack';\n\nimport serverFactory, {\n type OptionsT as ServerOptionsT,\n type ServerT,\n getDefaultCspSettings,\n} from './server';\n\nimport { SCRIPT_LOCATIONS, newDefaultLogger } from './renderer';\n\nexport * from './utils';\n\nexport type {\n BeforeRenderResT,\n BeforeRenderT,\n ConfigT,\n ServerSsrContext,\n} from './renderer';\n\nexport {\n getDefaultCspSettings,\n SCRIPT_LOCATIONS,\n type ServerT,\n};\n\n/*\n Normalizes a port into a number, string, or false.\n * TODO: Drop this function?\n * @param value Port name or number.\n * @return Port number (Number), name (String).\n /\nfunction normalizePort(value: number \| string) {\n const port = typeof value === 'string' ? parseInt(value) : value;\n if (Number.isFinite(port)) return port; / port number /\n return value; / named pipe /\n}\n\ntype OptionsT = ServerOptionsT & {\n https?: {\n cert: string;\n key: string;\n };\n\n // TODO: Should we limit it to number \| string, and throw if it is different value?\n port?: false \| number \| string;\n};\n\n/\n Creates and launches web-server for ReactJS application. Allows zero\n * or detailed configuration, supports server-side rendering,\n * and development tools, including Hot Module Reloading (HMR).\n \n NOTE: Many of options defined below are passed down to the server and\n * renderer factories, and their declared default values are set in those\n * factories, rather than here.\n \n @param {object} webpackConfig Webpack configuration used to build\n * the frontend bundle. In production mode the server will read out of it\n * `context`, `publicPath`, and a few other parameters, necessary to locate\n * and serve the app bundle. In development mode the server will use entire\n * provided config to build the app bundle in memory, and further watch and\n * update it via HMR.\n * @param {object} [options] Additional parameters.\n * @param {Component} [options.Application] The root ReactJS component of\n * the app to use for the server-side rendering. When not provided\n * the server-side rendering is disabled.\n * @param {function} [options.beforeExpressJsError] Asynchronous callback\n * (`(server) => Promise<boolean>`) to be executed just before the default error\n * handler is added to ExpressJS server. If the callback is provided and its\n * result resolves to a truthy value, `react-utils` won't attach the default\n * error handler.\n * @param {function} [options.beforeExpressJsSetup] Asynchronous callback\n * (`(server) => Promise) to be executed right after ExpressJS server creation,\n * before any configuration is performed.\n * @param {BeforeRenderHook} [options.beforeRender] The hook to run just before\n * the server-side rendering. For each incoming request, it will be executed\n * just before the HTML markup is generated at the server. It allows to load\n * and provide the data necessary for server-side rendering, and also to inject\n * additional configuration and scripts into the generated HTML code.\n * @param {boolean} [options.noCsp] Set `true` to disable\n * Content-Security-Policy (CSP) headers altogether.\n * @param {function} [options.cspSettingsHook] A hook allowing\n * to customize [CSP](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP)\n * settings for [helmet](https://github.com/helmetjs/helmet)'s\n * `contentSecurityPolicy` middleware on per-request basis.\n \n If provided it should be a with signature: \\\n * `(defaultSettings: object, req: object)` ⇒ `object` \\\n * which gets the default settings (also used without the hook),\n * and the incoming request object. The hook response will be passed\n * as options to the helmet `contentSecurityPolicy` middleware.\n \n Currently, the default settings is the following object in production\n * environment:\n * ```js\n * {\n * directives: {\n * defaultSrc: [\"'self'\"],\n * baseUri: [\"'self'\"],\n * blockAllMixedContent: [],\n * fontSrc: [\"'self'\", 'https:', 'data:'],\n * frameAncestors: [\"'self'\"],\n * frameSrc: [\"'self'\", 'https://.youtube.com'],\n imgSrc: [\"'self'\", 'data:'],\n * objectSrc: [\"'none'\"],\n * scriptSrc: [\"'self'\", \"'unsafe-eval'\", `'nonce-UNIQUE_NONCE_VALUE'`],\n * scriptSrcAttr: [\"'none'\"],\n * styleSrc: [\"'self'\", 'https:', \"'unsafe-inline'\"],\n * upgradeInsecureRequests: [] // Removed in dev mode.\n * }\n * }\n * ```\n * It matches the default value used by Helmet with a few updates:\n * - YouTube host is whitelisted in the `frameSrc` directive to ensure\n * the {@link YouTubeVideo} component works.\n * - An unique per-request nonce is added to `scriptSrc` directive to\n * whitelist auxiliary scripts injected by react-utils. The actual nonce\n * value can be fetched by host code via `.nonce` field of `req` argument\n * of `.beforeRender` hook.\n * - `upgradeInsecureRequests` directive is removed in development mode,\n * to simplify local testing with http requests.\n * @param {string} [options.defaultLoggerLogLevel='info'] Log level for\n * the default logger, which is created if no `logger` option provided.\n * @param {boolean} [options.devMode] Pass in `true` to start the server in\n * development mode.\n * @param {string} [options.favicon] Path to the favicon to use by the server.\n * By default no favicon is used.\n * @param {object} [options.https] If provided, HTTPS server will be started,\n * instead of HTTP otherwise. The object should provide SSL certificate and key\n * via two string fields: `cert`, and `key`.\n * @param {string} [options.https.cert] SSL Certificate.\n * @param {string} [options.https.key] SSL key.\n * @param {boolean} [options.httpsRedirect=true] Pass in `true` to enable\n * automatic redirection of all incoming HTTP requests to HTTPS.\n \n To smoothly use it at `localhost` you need to run the server in HTTPS mode,\n * and also properly create and install a self-signed SSL sertificate on your\n * system. This article is helpful:\n * [How to get HTTPS working on your local development environment in 5 minutes](https://medium.freecodecamp.org/how-to-get-https-working-on-your-local-development-environment-in-5-minutes-7af615770eec)\n * @param {Logger} [options.logger] The logger to use at server side.\n * By default [`winston`](https://www.npmjs.com/package/winston) logger\n * with console transport is used. The logger you provide, or the default\n * `winston` logger otherwise, will be attached to the created ExpressJS server\n * object.\n * @param {function} [options.onExpressJsSetup] An async callback\n * (`(server) => Promise`) to be triggered when most of the server\n * configuration is completed, just before the server-side renderer,\n * and the default error handler are attached. You can use it to mount\n * custom API routes. The server-side logger can be accessed as `server.logger`.\n * @param {number\|string} [options.port=3000] The port to start the server on.\n * @param {number} [options.staticCacheSize=1.e7] The maximum\n * static cache size in bytes. Defaults to ~10 MB.\n * @param {function} [options.staticCacheController] When given, it activates,\n * and controls the static caching of generated HTML markup. When this function\n * is provided, on each incoming request it is triggered with the request\n * passed in as the argument. To attempt to serve the response from the cache\n * it should return the object with the following fields:\n * - `key: string` – the cache key for the response;\n * - `maxage?: number` – the maximum age of cached result in ms.\n * If undefined - infinite age is assumed.\n * @param {number} [options.maxSsrRounds=10] Maximum number of SSR rounds.\n * @param {number} [options.ssrTimeout=1000] SSR timeout in milliseconds,\n * defaults to 1 second.\n * @return Resolves to an object with created Express and HTTP servers.\n /\nexport async function launchServer(\n webpackConfig: Configuration,\n options: OptionsT = {},\n): Promise<{\n expressServer: ServerT;\n httpServer: http.Server;\n}> {\n / Options normalization. /\n const ops = cloneDeep(options);\n\n // eslint-disable-next-line @typescript-eslint/prefer-nullish-coalescing\n ops.port = normalizePort(ops.port \|\| process.env.PORT \|\| 3000);\n defaults(ops, { httpsRedirect: true });\n\n // TODO: Need a separate type for normalized options, which guarantees\n // the logger is set!\n ops.logger ??= newDefaultLogger({\n defaultLogLevel: ops.defaultLoggerLogLevel,\n });\n\n / Creates servers, resolves and sets the port. /\n const expressServer = await serverFactory(webpackConfig, ops);\n\n let httpServer: http.Server;\n if (ops.https) {\n httpServer = https.createServer({\n cert: ops.https.cert,\n key: ops.https.key,\n }, expressServer as unknown as () => void);\n } else httpServer = http.createServer(expressServer as unknown as () => void);\n\n / Sets error handler for HTTP(S) server. /\n httpServer.on('error', (error: Error) => {\n if ((error as { syscall?: string }).syscall !== 'listen') throw error;\n const bind = typeof ops.port === 'string' ? `Pipe ${ops.port}` : `Port ${ops.port}`;\n\n / Human-readable message for some specific listen errors. /\n switch ((error as { code?: string }).code) {\n case 'EACCES':\n ops.logger!.error(`${bind} requires elevated privileges`);\n return process.exit(1);\n case 'EADDRINUSE':\n ops.logger!.error(`${bind} is already in use`);\n return process.exit(1);\n case undefined:\n default:\n throw error;\n }\n });\n\n / Listening event handler for HTTP(S) server. */\n httpServer.on('listening', () => {\n const addr = httpServer.address()!;\n const bind = typeof addr === 'string' ? `pipe ${addr}` : `port ${addr.port}`;\n ops.logger!.info(`Server listening on ${bind} in ${\n process.env.NODE_ENV} mode`);\n });\n\n httpServer.listen(ops.port);\n\n return {\n expressServer,\n httpServer,\n };\n}\n"],"mappings":"AAAA;AACA,MAAO,gCAAgC,CAEvC,MAAO,CAAAA,IAAI,KAAM,WAAW,CAC5B,MAAO,CAAAC,KAAK,KAAM,YAAY,CAE9B,OAASC,SAAS,CAAEC,QAAQ,KAAQ,WAAW,CAE/C;AACA;AACA;AACA,MAAO,iBAAiB,OAIjB,CAAAC,aAAa,EAGlBC,qBAAqB,0BAGdC,gBAAgB,CAAEC,gBAAgB,mDAW3C,OACEF,qBAAqB,CACrBC,gBAAgB,EAIlB;AACA;AACA;AACA;AACA;AACA,GACA,QAAS,CAAAE,aAAaA,CAACC,KAAsB,CAAE,CAC7C,KAAM,CAAAC,IAAI,CAAG,MAAO,CAAAD,KAAK,GAAK,QAAQ,CAAGE,QAAQ,CAACF,KAAK,CAAC,CAAGA,KAAK,CAChE,GAAIG,MAAM,CAACC,QAAQ,CAACH,IAAI,CAAC,CAAE,MAAO,CAAAA,IAAI,CAAE,iBACxC,MAAO,CAAAD,KAAK,CAAE,gBAChB,CAYA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GACA,MAAO,eAAe,CAAAK,YAAYA,CAChCC,aAA4B,CAC5BC,OAAiB,CAAG,CAAC,CAAC,CAIrB,CACD,4BACA,KAAM,CAAAC,GAAG,CAAGf,SAAS,CAACc,OAAO,CAAC,CAE9B;AACAC,GAAG,CAACP,IAAI,CAAGF,aAAa,CAACS,GAAG,CAACP,IAAI,EAAIQ,OAAO,CAACC,GAAG,CAACC,IAAI,EAAI,IAAI,CAAC,CAC9DjB,QAAQ,CAACc,GAAG,CAAE,CAAEI,aAAa,CAAE,IAAK,CAAC,CAAC,CAEtC;AACA;AACAJ,GAAG,CAACK,MAAM,GAAKf,gBAAgB,CAAC,CAC9BgB,eAAe,CAAEN,GAAG,CAACO,qBACvB,CAAC,CAAC,CAEF,kDACA,KAAM,CAAAC,aAAa,CAAG,KAAM,CAAArB,aAAa,CAACW,aAAa,CAAEE,GAAG,CAAC,CAE7D,GAAI,CAAAS,UAAuB,CAC3B,GAAIT,GAAG,CAAChB,KAAK,CAAE,CACbyB,UAAU,CAAGzB,KAAK,CAAC0B,YAAY,CAAC,CAC9BC,IAAI,CAAEX,GAAG,CAAChB,KAAK,CAAC2B,IAAI,CACpBC,GAAG,CAAEZ,GAAG,CAAChB,KAAK,CAAC4B,GACjB,CAAC,CAAEJ,aAAsC,CAC3C,CAAC,IAAM,CAAAC,UAAU,CAAG1B,IAAI,CAAC2B,YAAY,CAACF,aAAsC,CAAC,CAE7E,4CACAC,UAAU,CAACI,EAAE,CAAC,OAAO,CAAGC,KAAY,EAAK,CACvC,GAAKA,KAAK,CAA0BC,OAAO,GAAK,QAAQ,CAAE,KAAM,CAAAD,KAAK,CACrE,KAAM,CAAAE,IAAI,CAAG,MAAO,CAAAhB,GAAG,CAACP,IAAI,GAAK,QAAQ,CAAG,QAAQO,GAAG,CAACP,IAAI,EAAE,CAAG,QAAQO,GAAG,CAACP,IAAI,EAAE,CAEnF,6DACA,OAASqB,KAAK,CAAuBG,IAAI,EACvC,IAAK,QAAQ,CACXjB,GAAG,CAACK,MAAM,CAAES,KAAK,CAAC,GAAGE,IAAI,+BAA+B,CAAC,CACzD,MAAO,CAAAf,OAAO,CAACiB,IAAI,CAAC,CAAC,CAAC,CACxB,IAAK,YAAY,CACflB,GAAG,CAACK,MAAM,CAAES,KAAK,CAAC,GAAGE,IAAI,oBAAoB,CAAC,CAC9C,MAAO,CAAAf,OAAO,CAACiB,IAAI,CAAC,CAAC,CAAC,CACxB,IAAK,CAAAC,SAAS,CACd,QACE,KAAM,CAAAL,KACV,CACF,CAAC,CAAC,CAEF,iDACAL,UAAU,CAACI,EAAE,CAAC,WAAW,CAAE,IAAM,CAC/B,KAAM,CAAAO,IAAI,CAAGX,UAAU,CAACY,OAAO,CAAC,CAAE,CAClC,KAAM,CAAAL,IAAI,CAAG,MAAO,CAAAI,IAAI,GAAK,QAAQ,CAAG,QAAQA,IAAI,EAAE,CAAG,QAAQA,IAAI,CAAC3B,IAAI,EAAE,CAC5EO,GAAG,CAACK,MAAM,CAAEiB,IAAI,CAAC,uBAAuBN,IAAI,OAC1Cf,OAAO,CAACC,GAAG,CAACqB,QAAQ,OAAO,CAC/B,CAAC,CAAC,CAEFd,UAAU,CAACe,MAAM,CAACxB,GAAG,CAACP,IAAI,CAAC,CAE3B,MAAO,CACLe,aAAa,CACbC,UACF,CACF","ignoreList":[]}

package/build/production/server/renderer.js CHANGED Viewed

@@ -1,12 +1,14 @@
-"use strict";var _interopRequireDefault=require("@babel/runtime/helpers/interopRequireDefault");Object.defineProperty(exports,"__esModule",{value:true});exports.ServerSsrContext=exports.SCRIPT_LOCATIONS=void 0;exports.default=factory;exports.isBrotliAcceptable=isBrotliAcceptable;exports.newDefaultLogger=newDefaultLogger;var _nodeFs=_interopRequireDefault(require("node:fs"));var _nodePath=_interopRequireDefault(require("node:path"));var _nodeStream=require("node:stream");var _nodeZlib=require("node:zlib");var _winston=_interopRequireDefault(require("winston"));var _reactGlobalState=require("@dr.pogodin/react-global-state");var _jsUtils=require("@dr.pogodin/js-utils");var _clone=_interopRequireDefault(require("lodash/clone"));var _cloneDeep=_interopRequireDefault(require("lodash/cloneDeep"));var _defaults=_interopRequireDefault(require("lodash/defaults"));var _get=_interopRequireDefault(require("lodash/get"));var _isString=_interopRequireDefault(require("lodash/isString"));var _mapValues=_interopRequireDefault(require("lodash/mapValues"));var _omit=_interopRequireDefault(require("lodash/omit"));var _config=_interopRequireDefault(require("config"));var _nodeForge=_interopRequireDefault(require("node-forge"));var _static=require("react-dom/static");var _reactHelmet=require("@dr.pogodin/react-helmet");var _reactRouter=require("react-router");var _serializeJavascript=_interopRequireDefault(require("serialize-javascript"));var _buildInfo=require("../shared/utils/isomorphy/buildInfo");var _Cache=_interopRequireDefault(require("./Cache"));var _jsxRuntime=require("react/jsx-runtime");/**
+import"core-js/modules/es.iterator.constructor.js";import"core-js/modules/es.iterator.for-each.js";import"core-js/modules/es.iterator.map.js";import"core-js/modules/es.set.difference.v2.js";import"core-js/modules/es.set.intersection.v2.js";import"core-js/modules/es.set.is-disjoint-from.v2.js";import"core-js/modules/es.set.is-subset-of.v2.js";import"core-js/modules/es.set.is-superset-of.v2.js";import"core-js/modules/es.set.symmetric-difference.v2.js";import"core-js/modules/es.set.union.v2.js";import"core-js/modules/es.iterator.constructor.js";import"core-js/modules/es.iterator.for-each.js";import"core-js/modules/es.iterator.map.js";import"core-js/modules/es.set.difference.v2.js";import"core-js/modules/es.set.intersection.v2.js";import"core-js/modules/es.set.is-disjoint-from.v2.js";import"core-js/modules/es.set.is-subset-of.v2.js";import"core-js/modules/es.set.is-superset-of.v2.js";import"core-js/modules/es.set.symmetric-difference.v2.js";import"core-js/modules/es.set.union.v2.js";/**
  * ExpressJS middleware for server-side rendering of a ReactJS app.
- */const sanitizedConfig=(0,_omit.default)(_config.default,"SECRET");// Note: These type definitions for logger are copied from Winston logger,
+ */import{Buffer}from"node:buffer";import{createCipheriv,randomBytes}from"node:crypto";import fs from"node:fs";import path from"node:path";import{Writable}from"node:stream";import{brotliCompress,brotliDecompress}from"node:zlib";import winston from"winston";import{GlobalStateProvider,SsrContext}from"@dr.pogodin/react-global-state";import{timer}from"@dr.pogodin/js-utils";import{cloneDeep,defaults,get,mapValues}from"lodash-es";import config from"config";import{prerenderToNodeStream}from"react-dom/static";import{HelmetProvider}from"@dr.pogodin/react-helmet";import{StaticRouter}from"react-router";import serializeJs from"serialize-javascript";import{setBuildInfo}from"../shared/utils/isomorphy/buildInfo.js";import Cache from"./Cache.js";// @ts-expect-error "Property 'SECRET' does not exist on type 'IConfig'."
+// eslint-disable-next-line @typescript-eslint/no-unused-vars
+import{jsx as _jsx}from"react/jsx-runtime";const{SECRET,...sanitizedConfig}=config;// Note: These type definitions for logger are copied from Winston logger,
 // then simplified to make it easier to fit an alternative logger into this
 // interface.
 // eslint-disable-next-line @typescript-eslint/consistent-type-definitions
 // eslint-disable-next-line @typescript-eslint/consistent-type-definitions
 // eslint-disable-next-line @typescript-eslint/consistent-type-definitions
-let SCRIPT_LOCATIONS=exports.SCRIPT_LOCATIONS=/*#__PURE__*/function(SCRIPT_LOCATIONS){SCRIPT_LOCATIONS["BODY_OPEN"]="BODY_OPEN";SCRIPT_LOCATIONS["DEFAULT"]="DEFAULT";SCRIPT_LOCATIONS["HEAD_OPEN"]="HEAD_OPEN";return SCRIPT_LOCATIONS}({});class ServerSsrContext extends _reactGlobalState.SsrContext{chunks=[];status=200;constructor(req,chunkGroups,initialState){super((0,_cloneDeep.default)(initialState)??{});this.chunkGroups=chunkGroups;this.req=req}}/**
+export let SCRIPT_LOCATIONS=/*#__PURE__*/function(SCRIPT_LOCATIONS){SCRIPT_LOCATIONS["BODY_OPEN"]="BODY_OPEN";SCRIPT_LOCATIONS["DEFAULT"]="DEFAULT";SCRIPT_LOCATIONS["HEAD_OPEN"]="HEAD_OPEN";return SCRIPT_LOCATIONS}({});export class ServerSsrContext extends SsrContext{chunks=[];status=200;constructor(req,chunkGroups,initialState){super(cloneDeep(initialState)??{});this.chunkGroups=chunkGroups;this.req=req}}/**
  * Reads build-time information about the app. This information is generated
  * by our standard Webpack config for apps, and it is written into
  * ".build-info" file in the context folder specified in Webpack config.
@@ -14,26 +16,25 @@ let SCRIPT_LOCATIONS=exports.SCRIPT_LOCATIONS=/*#__PURE__*/function(SCRIPT_LOCAT
  * suitable for cryptographical use.
  * @param context Webpack context path used during the build.
  * @return Resolves to the build-time information.
- */exports.ServerSsrContext=ServerSsrContext;function getBuildInfo(context){const url=_nodePath.default.resolve(context,".build-info");return JSON.parse(_nodeFs.default.readFileSync(url,"utf8"))}/**
+ */function getBuildInfo(context){const url=path.resolve(context,".build-info");return JSON.parse(fs.readFileSync(url,"utf8"))}/**
  * Attempts to read from disk the named chunk groups mapping generated
  * by Webpack during the compilation.
  * It will not work for development builds, where these stats should be captured
  * via compilator callback.
  * @param buildDir
  * @return
- */function readChunkGroupsJson(buildDir){const url=_nodePath.default.resolve(buildDir,"__chunk_groups__.json");let res;try{res=JSON.parse(_nodeFs.default.readFileSync(url,"utf8"))}catch{// TODO: Should we message the error here somehow?
+ */function readChunkGroupsJson(buildDir){const url=path.resolve(buildDir,"__chunk_groups__.json");let res;try{res=JSON.parse(fs.readFileSync(url,"utf8"))}catch{// TODO: Should we message the error here somehow?
 res=null}return res}/**
  * Prepares a new Cipher for data encryption.
- * @param key Encryption key (32-bit random key is expected, see
- *  node-forge documentation, in case of doubts).
- * @return Resolves to the object with two fields:
+ * @param key Encryption key (32-bit random, Base64-encoded key is expected).
+ * @return Returns a tuple of:
  *  1. cipher - a new Cipher, ready for encryption;
  *  2. iv - initial vector used by the cipher.
- */async function prepareCipher(key){return new Promise((resolve,reject)=>{_nodeForge.default.random.getBytes(32,(err,iv)=>{if(err)reject(err);else{const cipher=_nodeForge.default.cipher.createCipher("AES-CBC",key);cipher.start({iv});resolve({cipher,iv})}})})}/**
+ */function prepareCipher(key){const iv=randomBytes(16);const cipher=createCipheriv("AES-256-CBC",Buffer.from(key,"base64"),iv);return[cipher,iv]}/**
  * Given an incoming HTTP requests, it deduces whether Brotli-encoded responses
  * are acceptable to the caller.
  * @param req
- */function isBrotliAcceptable(req){const acceptable=req.get("accept-encoding");if(acceptable){const ops=acceptable.split(",");for(const op of ops){const[type,priority]=op.trim().split(";q=");if((type==="*"||type==="br")&&(!priority||parseFloat(priority)>0)){return true}}}return false}/**
+ */export function isBrotliAcceptable(req){const acceptable=req.get("accept-encoding");if(acceptable){const ops=acceptable.split(",");for(const op of ops){const[type,priority]=op.trim().split(";q=");if((type==="*"||type==="br")&&(!priority||parseFloat(priority)>0)){return true}}}return false}/**
  * Given an array of extra script strings / objects, it returns an object with
  * arrays of scripts to inject in different HTML template locations. During
  * the script groupping it also filters out any empty scripts.
@@ -46,12 +47,12 @@ res=null}return res}/**
  *  DEFAULT: string[];
  *  HEAD_OPEN: string[];
  * }}
- */function groupExtraScripts(scripts=[]){const res={[SCRIPT_LOCATIONS.BODY_OPEN]:"",[SCRIPT_LOCATIONS.DEFAULT]:"",[SCRIPT_LOCATIONS.HEAD_OPEN]:""};for(const script of scripts){if((0,_isString.default)(script)){if(script)res[SCRIPT_LOCATIONS.DEFAULT]+=script}else if(script.code){if(script.location in res)res[script.location]+=script.code;else throw Error(`Invalid location "${script.location}"`)}}return res}/**
+ */function groupExtraScripts(scripts=[]){const res={[SCRIPT_LOCATIONS.BODY_OPEN]:"",[SCRIPT_LOCATIONS.DEFAULT]:"",[SCRIPT_LOCATIONS.HEAD_OPEN]:""};for(const script of scripts){if(typeof script==="string"){if(script)res[SCRIPT_LOCATIONS.DEFAULT]+=script}else if(script.code){if(script.location in res)res[script.location]+=script.code;else throw Error(`Invalid location "${script.location}"`)}}return res}/**
  * Creates a new default (Winston) logger.
  * @param {object} [options={}]
  * @param {string} [options.defaultLogLevel='info']
  * @return {object}
- */function newDefaultLogger({defaultLogLevel="info"}={}){const{format,transports}=_winston.default;return _winston.default.createLogger({format:format.combine(format.splat(),format.timestamp(),format.colorize(),format.printf(({level,message,timestamp,stack,...rest})=>{let res=`${level}\t(at ${timestamp}):\t${message}`;if(Object.keys(rest).length){res+=`\n${JSON.stringify(rest,null,2)}`}if(stack)res+=`\n${stack}`;return res})),level:defaultLogLevel,transports:[new transports.Console]})}/**
+ */export function newDefaultLogger({defaultLogLevel="info"}={}){const{format,transports}=winston;return winston.createLogger({format:format.combine(format.splat(),format.timestamp(),format.colorize(),format.printf(({level,message,timestamp,stack,...rest})=>{let res=`${level}\t(at ${timestamp}):\t${message}`;if(Object.keys(rest).length){res+=`\n${JSON.stringify(rest,null,2)}`}if(stack)res+=`\n${stack}`;return res})),level:defaultLogLevel,transports:[new transports.Console]})}/**
  * Creates the middleware.
  * @param webpackConfig
  * @param options Additional options:
@@ -81,25 +82,23 @@ res=null}return res}/**
  * - `maxage?: number` &ndash; the maximum age of cached result in ms.
  *   If undefined - infinite age is assumed.
  * @return Created middleware.
- */function factory(webpackConfig,options){const ops=(0,_defaults.default)((0,_clone.default)(options),{beforeRender:async()=>Promise.resolve({}),maxSsrRounds:10,ssrTimeout:1000,staticCacheSize:1.e7});// Note: in normal use the default logger is created and set in the root
+ */export default function factory(webpackConfig,options){const ops=defaults({...options},{beforeRender:async()=>Promise.resolve({}),maxSsrRounds:10,ssrTimeout:1000,staticCacheSize:1.e7});// Note: in normal use the default logger is created and set in the root
 // server function, and this initialization is for testing uses, where
 // renderer is imported directly.
-ops.logger??=newDefaultLogger({defaultLogLevel:ops.defaultLoggerLogLevel});const buildInfo=ops.buildInfo??getBuildInfo(webpackConfig.context);(0,_buildInfo.setBuildInfo)(buildInfo);// publicPath from webpack.output has a trailing slash at the end.
-const{publicPath,path:outputPath}=webpackConfig.output;const manifestLink=_nodeFs.default.existsSync(`${outputPath}/manifest.json`)?`<link rel="manifest" href="${publicPath}manifest.json">`:"";// eslint-disable-next-line @typescript-eslint/consistent-type-definitions
-const cache=ops.staticCacheController?new _Cache.default(ops.staticCacheSize):null;const CHUNK_GROUPS=readChunkGroupsJson(outputPath);// TODO: Look at it later.
+ops.logger??=newDefaultLogger({defaultLogLevel:ops.defaultLoggerLogLevel});const buildInfo=ops.buildInfo??getBuildInfo(webpackConfig.context);setBuildInfo(buildInfo);// publicPath from webpack.output has a trailing slash at the end.
+const{publicPath,path:outputPath}=webpackConfig.output;const manifestLink=fs.existsSync(`${outputPath}/manifest.json`)?`<link rel="manifest" href="${publicPath}manifest.json">`:"";// eslint-disable-next-line @typescript-eslint/consistent-type-definitions
+const cache=ops.staticCacheController?new Cache(ops.staticCacheSize):null;const CHUNK_GROUPS=readChunkGroupsJson(outputPath);// TODO: Look at it later.
 // eslint-disable-next-line complexity
 return async(req,res,next)=>{try{// Ensures any caches always revalidate HTML markup before reuse.
-res.set("Cache-Control","no-cache");res.cookie("csrfToken",req.csrfToken());let cacheRef;if(cache){cacheRef=ops.staticCacheController(req);if(cacheRef){const data=cache.get(cacheRef);if(data!==null){const{buffer,status}=data;if(ops.noCsp&&isBrotliAcceptable(req)){res.set("Content-Type","text/html");res.set("Content-Encoding","br");if(status!==200)res.status(status);res.send(buffer)}else{await new Promise((done,failed)=>{(0,_nodeZlib.brotliDecompress)(buffer,(error,html)=>{if(error)failed(error);else{let h=html.toString();if(!ops.noCsp){// TODO: Starting from Node v15 we'll be able to use string's
+res.set("Cache-Control","no-cache");res.cookie("csrfToken",req.csrfToken());let cacheRef;if(cache){cacheRef=ops.staticCacheController(req);if(cacheRef){const data=cache.get(cacheRef);if(data!==null){const{buffer,status}=data;if(ops.noCsp&&isBrotliAcceptable(req)){res.set("Content-Type","text/html");res.set("Content-Encoding","br");if(status!==200)res.status(status);res.send(buffer)}else{await new Promise((done,failed)=>{brotliDecompress(buffer,(error,html)=>{if(error)failed(error);else{let h=html.toString();if(!ops.noCsp){// TODO: Starting from Node v15 we'll be able to use string's
 // .replaceAll() method instead relying on reg. expression for
 // global matching.
 const regex=new RegExp(buffer.nonce,"g");// TODO: It should be implemented more careful.
-h=h.replace(regex,req.nonce)}if(status!==200)res.status(status);res.send(h);done()}})})}return}}}const brr=ops.beforeRender(req,sanitizedConfig);const[{configToInject,extraScripts,initialState},{cipher,iv}]=await Promise.all([// NOTE: Written this way to avoid triggering the "await-thenable"
-// ESLint rule.
-brr instanceof Promise?brr:Promise.resolve(brr),prepareCipher(buildInfo.key)]);let helmet;// Gets the mapping between code chunk names and their asset files.
+h=h.replace(regex,req.nonce)}if(status!==200)res.status(status);res.send(h);done()}})})}return}}}const brr=ops.beforeRender(req,sanitizedConfig);const{configToInject,extraScripts,initialState}=await brr;const[cipher,iv]=prepareCipher(buildInfo.key);let helmet;// Gets the mapping between code chunk names and their asset files.
 // These data come from the Webpack compilation, either from the stats
 // attached to the request (in dev mode), or from a file output during
 // the build (in prod mode).
-let chunkGroups;const webpackStats=(0,_get.default)(res.locals,"webpack.devMiddleware.stats");if(webpackStats){chunkGroups=(0,_mapValues.default)(webpackStats.toJson({all:false,chunkGroups:true}).namedChunkGroups,item=>item.assets?.map(({name})=>name)??[])}else if(CHUNK_GROUPS)chunkGroups=CHUNK_GROUPS;else chunkGroups={};/* Optional server-side rendering. */const App=ops.Application;let appHtmlMarkup="";const ssrContext=new ServerSsrContext(req,chunkGroups,initialState);let stream;if(App){const ssrStart=Date.now();// TODO: Somehow, without it TS does not realise that
+let chunkGroups;const webpackStats=get(res.locals,"webpack.devMiddleware.stats");if(webpackStats){chunkGroups=mapValues(webpackStats.toJson({all:false,chunkGroups:true}).namedChunkGroups,item=>item.assets?.map(({name})=>name)??[])}else if(CHUNK_GROUPS)chunkGroups=CHUNK_GROUPS;else chunkGroups={};/* Optional server-side rendering. */const App=ops.Application;let appHtmlMarkup="";const ssrContext=new ServerSsrContext(req,chunkGroups,initialState);let stream;if(App){const ssrStart=Date.now();// TODO: Somehow, without it TS does not realise that
 // App has been checked to exist.
 const App2=App;const renderPass=async()=>new Promise((resolveArg,rejectArg)=>{ssrContext.chunks=[];// NOTE: JS does not have problems if resolve() and reject() methods
 // of a Promise are called multiple times, with different arguments;
@@ -109,14 +108,14 @@ const App2=App;const renderPass=async()=>new Promise((resolveArg,rejectArg)=>{ss
 // if any.
 let error;const resolve=arg=>{if(error!==undefined)throw Error("Internal error");error=null;resolveArg(arg)};const reject=arg=>{if(error!==undefined&&error!==arg){throw Error("Internal error")}error=arg;rejectArg(arg)};// TODO: prerenderToNodeStream has (abort) "signal" option,
 // and we should wire it up to the SSR timeout below.
-const helmetContext={};void(0,_static.prerenderToNodeStream)(/*#__PURE__*/(0,_jsxRuntime.jsx)(_reactGlobalState.GlobalStateProvider,{initialState:ssrContext.state,ssrContext:ssrContext,children:/*#__PURE__*/(0,_jsxRuntime.jsx)(_reactRouter.StaticRouter,{location:req.url,children:/*#__PURE__*/(0,_jsxRuntime.jsx)(_reactHelmet.HelmetProvider,{context:helmetContext,children:/*#__PURE__*/(0,_jsxRuntime.jsx)(App2,{})})})}),{onError:reject}).then(result=>{({helmet}=helmetContext);resolve(result.prelude)}).catch(reject)});let ssrRound=0;let bailed=false;for(;ssrRound<ops.maxSsrRounds;++ssrRound){stream=await renderPass();if(!ssrContext.dirty)break;const timeout=ops.ssrTimeout+ssrStart-Date.now();bailed=timeout<=0||!(await Promise.race([Promise.allSettled(ssrContext.pending),(0,_jsUtils.timer)(timeout).then(()=>false)]));if(bailed)break}let logMsg;if(ssrContext.dirty){// NOTE: In the case of incomplete SSR one more round is necessary
+const helmetContext={};void prerenderToNodeStream(/*#__PURE__*/_jsx(GlobalStateProvider,{initialState:ssrContext.state,ssrContext:ssrContext,children:/*#__PURE__*/_jsx(StaticRouter,{location:req.url,children:/*#__PURE__*/_jsx(HelmetProvider,{context:helmetContext,children:/*#__PURE__*/_jsx(App2,{})})})}),{onError:reject}).then(result=>{({helmet}=helmetContext);resolve(result.prelude)}).catch(reject)});let ssrRound=0;let bailed=false;for(;ssrRound<ops.maxSsrRounds;++ssrRound){stream=await renderPass();if(!ssrContext.dirty)break;const timeout=ops.ssrTimeout+ssrStart-Date.now();bailed=timeout<=0||!(await Promise.race([Promise.allSettled(ssrContext.pending),timer(timeout).then(()=>false)]));if(bailed)break}let logMsg;if(ssrContext.dirty){// NOTE: In the case of incomplete SSR one more round is necessary
 // to ensure the correct hydration when some pending promises have
 // resolved and placed their data into the initial global state.
-stream=await renderPass();logMsg=bailed?`SSR timed out after ${ops.ssrTimeout} second(s)`:`SSR bailed out after ${ops.maxSsrRounds} round(s)`}else logMsg=`SSR completed in ${ssrRound+1} round(s)`;ops.logger.log(ssrContext.dirty?"warn":"info",logMsg);if(ssrContext.redirectTo){res.redirect(ssrContext.status,ssrContext.redirectTo);return}await new Promise(ready=>{stream.pipe(new _nodeStream.Writable({destroy:ready,write:(chunk,_,done)=>{appHtmlMarkup+=chunk.toString();done()}}))})}/* Encrypts data to be injected into HTML.
+stream=await renderPass();logMsg=bailed?`SSR timed out after ${ops.ssrTimeout} second(s)`:`SSR bailed out after ${ops.maxSsrRounds} round(s)`}else logMsg=`SSR completed in ${ssrRound+1} round(s)`;ops.logger.log(ssrContext.dirty?"warn":"info",logMsg);if(ssrContext.redirectTo){res.redirect(ssrContext.status,ssrContext.redirectTo);return}await new Promise(ready=>{stream.pipe(new Writable({destroy:ready,write:(chunk,_,done)=>{appHtmlMarkup+=chunk.toString();done()}}))})}/* Encrypts data to be injected into HTML.
        * Keep in mind, that this encryption is no way secure: as the JS bundle
        * contains decryption key and is able to decode it at the client side.
        * Hovewer, for a number of reasons, encryption of injected data is still
-       * better than injection of a plain text. */const payload=(0,_serializeJavascript.default)({CHUNK_GROUPS:chunkGroups,CONFIG:configToInject??sanitizedConfig,ISTATE:ssrContext.state},{ignoreFunction:true,unsafe:true});cipher.update(_nodeForge.default.util.createBuffer(payload,"utf8"));cipher.finish();const INJ=_nodeForge.default.util.encode64(`${iv}${cipher.output.data}`);const chunkSet=new Set;// TODO: "main" chunk has to be added explicitly,
+       * better than injection of a plain text. */const payload=serializeJs({CHUNK_GROUPS:chunkGroups,CONFIG:configToInject??sanitizedConfig,ISTATE:ssrContext.state},{ignoreFunction:true,unsafe:true});const INJ=Buffer.concat([iv,cipher.update(payload,"utf8"),cipher.final()]).toString("base64");const chunkSet=new Set;// TODO: "main" chunk has to be added explicitly,
 // because unlike all other chunks they are not managed by <CodeSplit>
 // component, thus they are not added to the ssrContext.chunks
 // automatically. Actually, names of these entry chunks should be
@@ -151,7 +150,7 @@ stream=await renderPass();logMsg=bailed?`SSR timed out after ${ops.ssrTimeout} s
           </body>
         </html>`;const status=ssrContext.status||200;if(status!==200)res.status(status);if(cacheRef&&status<500){// Note: waiting for the caching to complete is not strictly necessary,
 // but it greately simplifies testing, and error reporting.
-await new Promise((done,failed)=>{(0,_nodeZlib.brotliCompress)(html,(error,buffer)=>{if(error)failed(error);else{const b=buffer;b.nonce=req.nonce;cache.add({buffer:b,status},cacheRef.key,buffer.length);done()}})})}// Note: as caching code above may throw in some cases, sending response
+await new Promise((done,failed)=>{brotliCompress(html,(error,buffer)=>{if(error)failed(error);else{const b=buffer;b.nonce=req.nonce;cache.add({buffer:b,status},cacheRef.key,buffer.length);done()}})})}// Note: as caching code above may throw in some cases, sending response
 // before it completes will likely hide the error, making it difficult
 // to debug. Thus, at least for now, lets send response after it.
 res.send(html)}catch(error){next(error)}}}

package/build/production/server/renderer.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"renderer.js","names":["_nodeFs","_interopRequireDefault","require","_nodePath","_nodeStream","_nodeZlib","_winston","_reactGlobalState","_jsUtils","_clone","_cloneDeep","_defaults","_get","_isString","_mapValues","_omit","_config","_nodeForge","_static","_reactHelmet","_reactRouter","_serializeJavascript","_buildInfo","_Cache","_jsxRuntime","sanitizedConfig","omit","config","SCRIPT_LOCATIONS","exports","ServerSsrContext","SsrContext","chunks","status","constructor","req","chunkGroups","initialState","cloneDeep","getBuildInfo","context","url","path","resolve","JSON","parse","fs","readFileSync","readChunkGroupsJson","buildDir","res","prepareCipher","key","Promise","reject","forge","random","getBytes","err","iv","cipher","createCipher","start","isBrotliAcceptable","acceptable","get","ops","split","op","type","priority","trim","parseFloat","groupExtraScripts","scripts","BODY_OPEN","DEFAULT","HEAD_OPEN","script","isString","code","location","Error","newDefaultLogger","defaultLogLevel","format","transports","winston","createLogger","combine","splat","timestamp","colorize","printf","level","message","stack","rest","Object","keys","length","stringify","Console","factory","webpackConfig","options","defaults","clone","beforeRender","maxSsrRounds","ssrTimeout","staticCacheSize","logger","defaultLoggerLogLevel","buildInfo","setBuildInfo","publicPath","outputPath","output","manifestLink","existsSync","cache","staticCacheController","Cache","CHUNK_GROUPS","next","set","cookie","csrfToken","cacheRef","data","buffer","noCsp","send","done","failed","brotliDecompress","error","html","h","toString","regex","RegExp","nonce","replace","brr","configToInject","extraScripts","all","helmet","webpackStats","locals","mapValues","toJson","namedChunkGroups","item","assets","map","name","App","Application","appHtmlMarkup","ssrContext","stream","ssrStart","Date","now","App2","renderPass","resolveArg","rejectArg","arg","undefined","helmetContext","prerenderToNodeStream","_jsx","GlobalStateProvider","state","children","StaticRouter","HelmetProvider","onError","then","result","prelude","catch","ssrRound","bailed","dirty","timeout","race","allSettled","pending","timer","logMsg","log","redirectTo","redirect","ready","pipe","Writable","destroy","write","chunk","_","payload","serializeJs","CONFIG","ISTATE","ignoreFunction","unsafe","update","util","createBuffer","finish","INJ","encode64","chunkSet","Set","forEach","asset","add","styleChunkString","scriptChunkString","endsWith","grouppedExtraScripts","faviconLink","favicon","title","meta","link","brotliCompress","b"],"sources":["../../../src/server/renderer.tsx"],"sourcesContent":["/*\n ExpressJS middleware for server-side rendering of a ReactJS app.\n /\n\nimport fs from 'node:fs';\nimport path from 'node:path';\nimport { Writable } from 'node:stream';\nimport { brotliCompress, brotliDecompress } from 'node:zlib';\n\nimport type { Request, RequestHandler } from 'express';\nimport type { ComponentType } from 'react';\nimport type { Configuration, Stats } from 'webpack';\nimport winston from 'winston';\n\nimport { GlobalStateProvider, SsrContext } from '@dr.pogodin/react-global-state';\nimport { timer } from '@dr.pogodin/js-utils';\n\nimport clone from 'lodash/clone';\nimport cloneDeep from 'lodash/cloneDeep';\nimport defaults from 'lodash/defaults';\nimport get from 'lodash/get';\nimport isString from 'lodash/isString';\nimport mapValues from 'lodash/mapValues';\nimport omit from 'lodash/omit';\n\nimport config from 'config';\nimport forge from 'node-forge';\n\nimport { prerenderToNodeStream } from 'react-dom/static';\nimport { type HelmetDataContext, HelmetProvider } from '@dr.pogodin/react-helmet';\nimport { StaticRouter } from 'react-router';\nimport serializeJs from 'serialize-javascript';\nimport { type BuildInfoT, setBuildInfo } from 'utils/isomorphy/buildInfo';\n\nimport type { ChunkGroupsT, SsrContextT } from 'utils/globalState';\n\nimport Cache from './Cache';\n\nconst sanitizedConfig = omit(config, 'SECRET');\n\n// Note: These type definitions for logger are copied from Winston logger,\n// then simplified to make it easier to fit an alternative logger into this\n// interface.\n// eslint-disable-next-line @typescript-eslint/consistent-type-definitions\ninterface LogMethodI {\n // eslint-disable-next-line @typescript-eslint/prefer-function-type\n (level: string, message: string, ...meta: unknown[]): void;\n}\n\n// eslint-disable-next-line @typescript-eslint/consistent-type-definitions\ninterface LeveledLogMethodI {\n // eslint-disable-next-line @typescript-eslint/prefer-function-type\n (message: string, ...meta: unknown[]): void;\n}\n\n// eslint-disable-next-line @typescript-eslint/consistent-type-definitions\nexport interface LoggerI {\n debug: LeveledLogMethodI;\n error: LeveledLogMethodI;\n info: LeveledLogMethodI;\n log: LogMethodI;\n warn: LeveledLogMethodI;\n}\n\nexport enum SCRIPT_LOCATIONS {\n BODY_OPEN = 'BODY_OPEN',\n DEFAULT = 'DEFAULT',\n HEAD_OPEN = 'HEAD_OPEN',\n}\n\nexport class ServerSsrContext<StateT>\n extends SsrContext<StateT>\n implements SsrContextT<StateT> {\n chunkGroups: ChunkGroupsT;\n\n chunks: string[] = [];\n\n redirectTo?: string;\n\n req: Request;\n\n status: number = 200;\n\n constructor(\n req: Request,\n chunkGroups: ChunkGroupsT,\n initialState?: StateT,\n ) {\n super(cloneDeep(initialState) ?? ({} as StateT));\n this.chunkGroups = chunkGroups;\n this.req = req;\n }\n}\n\ntype ScriptT = {\n code: string;\n location: SCRIPT_LOCATIONS;\n};\n\n/\n Reads build-time information about the app. This information is generated\n * by our standard Webpack config for apps, and it is written into\n * \".build-info\" file in the context folder specified in Webpack config.\n * At the moment, that file contains build timestamp and a random 32-bit key,\n * suitable for cryptographical use.\n * @param context Webpack context path used during the build.\n * @return Resolves to the build-time information.\n /\nfunction getBuildInfo(context: string) {\n const url = path.resolve(context, '.build-info');\n return JSON.parse(fs.readFileSync(url, 'utf8')) as BuildInfoT;\n}\n\n/\n Attempts to read from disk the named chunk groups mapping generated\n * by Webpack during the compilation.\n * It will not work for development builds, where these stats should be captured\n * via compilator callback.\n * @param buildDir\n * @return\n /\nfunction readChunkGroupsJson(buildDir: string) {\n const url = path.resolve(buildDir, '__chunk_groups__.json');\n let res;\n try {\n res = JSON.parse(fs.readFileSync(url, 'utf8')) as Record<string, string[]>;\n } catch {\n // TODO: Should we message the error here somehow?\n res = null;\n }\n return res;\n}\n\n/\n Prepares a new Cipher for data encryption.\n * @param key Encryption key (32-bit random key is expected, see\n * node-forge documentation, in case of doubts).\n * @return Resolves to the object with two fields:\n * 1. cipher - a new Cipher, ready for encryption;\n * 2. iv - initial vector used by the cipher.\n /\nasync function prepareCipher(key: string): Promise<{\n cipher: forge.cipher.BlockCipher;\n iv: string;\n}> {\n return new Promise((resolve, reject) => {\n forge.random.getBytes(32, (err, iv) => {\n if (err) reject(err);\n else {\n const cipher = forge.cipher.createCipher('AES-CBC', key);\n cipher.start({ iv });\n resolve({ cipher, iv });\n }\n });\n });\n}\n\n/\n Given an incoming HTTP requests, it deduces whether Brotli-encoded responses\n * are acceptable to the caller.\n * @param req\n /\nexport function isBrotliAcceptable(req: Request): boolean {\n const acceptable = req.get('accept-encoding');\n if (acceptable) {\n const ops = acceptable.split(',');\n for (const op of ops) {\n const [type, priority] = op.trim().split(';q=');\n if ((type === '' \|\| type === 'br')\n && (!priority \|\| parseFloat(priority) > 0)) {\n return true;\n }\n }\n }\n return false;\n}\n\n/*\n Given an array of extra script strings / objects, it returns an object with\n * arrays of scripts to inject in different HTML template locations. During\n * the script groupping it also filters out any empty scripts.\n * @param {({\n * code: string;\n * location: string;\n * }\|string)[]} [scripts=[]]\n * @return {{\n * BODY_OPEN: string[];\n * DEFAULT: string[];\n * HEAD_OPEN: string[];\n * }}\n /\nfunction groupExtraScripts(scripts: Array<string \| ScriptT> = []) {\n const res = {\n [SCRIPT_LOCATIONS.BODY_OPEN]: '',\n [SCRIPT_LOCATIONS.DEFAULT]: '',\n [SCRIPT_LOCATIONS.HEAD_OPEN]: '',\n };\n for (const script of scripts) {\n if (isString(script)) {\n if (script) res[SCRIPT_LOCATIONS.DEFAULT] += script;\n } else if (script.code) {\n if (script.location in res) res[script.location] += script.code;\n else throw Error(`Invalid location \"${script.location}\"`);\n }\n }\n return res;\n}\n\n/\n Creates a new default (Winston) logger.\n * @param {object} [options={}]\n * @param {string} [options.defaultLogLevel='info']\n * @return {object}\n /\nexport function newDefaultLogger({\n defaultLogLevel = 'info',\n} = {}): winston.Logger {\n const { format, transports } = winston;\n return winston.createLogger({\n format: format.combine(\n format.splat(),\n format.timestamp(),\n format.colorize(),\n format.printf(\n ({\n level,\n message,\n timestamp,\n stack,\n ...rest\n }) => {\n let res = `${level}\\t(at ${timestamp as string}):\\t${message as string}`;\n if (Object.keys(rest).length) {\n res += `\\n${JSON.stringify(rest, null, 2)}`;\n }\n if (stack) res += `\\n${stack as string}`;\n return res;\n },\n ),\n ),\n level: defaultLogLevel,\n transports: [new transports.Console()],\n });\n}\n\nexport type ConfigT = {\n [key: string]: ConfigT \| string;\n};\n\nexport type BeforeRenderResT = {\n configToInject?: ConfigT;\n extraScripts?: Array<ScriptT \| string>;\n initialState?: unknown;\n};\n\nexport type BeforeRenderT = (\n req: Request,\n config: ConfigT,\n) => BeforeRenderResT \| Promise<BeforeRenderResT>;\n\ntype CacheRefT = {\n key: string;\n maxage?: number;\n};\n\nexport type OptionsT = {\n Application?: ComponentType;\n beforeRender?: BeforeRenderT;\n buildInfo?: BuildInfoT;\n defaultLoggerLogLevel?: string;\n favicon?: string;\n logger?: LoggerI;\n maxSsrRounds?: number;\n noCsp?: boolean;\n staticCacheSize?: number;\n ssrTimeout?: number;\n staticCacheController?: (req: Request) => CacheRefT \| null \| undefined;\n};\n\n/\n Creates the middleware.\n * @param webpackConfig\n * @param options Additional options:\n * @param [options.Application] The root ReactJS component of\n * the app to use for the server-side rendering. When not provided\n * the server-side rendering is disabled.\n * @param [options.buildInfo] \"Build info\" object to use. If provided,\n * it will be used, instead of trying to load from the filesystem the one\n * generated by the Webpack build. It is intended for test environments,\n * where passing this stuff via file system is no bueno.\n * @param [options.favicon] `true` will include favicon\n * link into the rendered HTML templates.\n * @param [options.noCsp] `true` means that no\n * Content-Security-Policy (CSP) is used by server, thus the renderer\n * may cut a few corners.\n * @param [options.maxSsrRounds=10] Maximum number of SSR rounds.\n * @param [options.ssrTimeout=1000] SSR timeout in milliseconds,\n * defaults to 1 second.\n * @param [options.staticCacheSize=1.e7] The maximum\n * static cache size in bytes. Defaults to ~10 MB.\n * @param [options.staticCacheController] When given, it activates,\n * and controls the static caching of generated HTML markup. When this function\n * is provided, on each incoming request it is triggered with the request\n * passed in as the argument. To attempt to serve the response from the cache\n * it should return the object with the following fields:\n * - `key: string` – the cache key for the response;\n * - `maxage?: number` – the maximum age of cached result in ms.\n * If undefined - infinite age is assumed.\n * @return Created middleware.\n /\nexport default function factory(\n webpackConfig: Configuration,\n options: OptionsT,\n): RequestHandler {\n const ops: OptionsT = defaults(clone(options), {\n beforeRender: async () => Promise.resolve({}),\n maxSsrRounds: 10,\n ssrTimeout: 1000,\n staticCacheSize: 1.e7,\n });\n\n // Note: in normal use the default logger is created and set in the root\n // server function, and this initialization is for testing uses, where\n // renderer is imported directly.\n ops.logger ??= newDefaultLogger({\n defaultLogLevel: ops.defaultLoggerLogLevel,\n });\n\n const buildInfo = ops.buildInfo ?? getBuildInfo(webpackConfig.context!);\n setBuildInfo(buildInfo);\n\n // publicPath from webpack.output has a trailing slash at the end.\n const { publicPath, path: outputPath } = webpackConfig.output!;\n\n const manifestLink = fs.existsSync(`${outputPath}/manifest.json`)\n ? `<link rel=\"manifest\" href=\"${publicPath as string}manifest.json\">` : '';\n\n // eslint-disable-next-line @typescript-eslint/consistent-type-definitions\n interface BufferWithNonce extends ArrayBuffer {\n nonce: string;\n }\n\n const cache = ops.staticCacheController\n ? new Cache<{\n buffer: BufferWithNonce;\n status: number;\n }>(ops.staticCacheSize!)\n : null;\n\n const CHUNK_GROUPS = readChunkGroupsJson(outputPath!);\n\n // TODO: Look at it later.\n // eslint-disable-next-line complexity\n return async (req, res, next) => {\n try {\n // Ensures any caches always revalidate HTML markup before reuse.\n res.set('Cache-Control', 'no-cache');\n\n res.cookie('csrfToken', req.csrfToken());\n\n let cacheRef: CacheRefT \| null \| undefined;\n if (cache) {\n cacheRef = ops.staticCacheController!(req);\n if (cacheRef) {\n const data = cache.get(cacheRef);\n if (data !== null) {\n const { buffer, status } = data;\n if (ops.noCsp && isBrotliAcceptable(req)) {\n res.set('Content-Type', 'text/html');\n res.set('Content-Encoding', 'br');\n if (status !== 200) res.status(status);\n res.send(buffer);\n } else {\n await new Promise<void>((done, failed) => {\n brotliDecompress(buffer, (error, html) => {\n if (error) failed(error);\n else {\n let h = html.toString();\n if (!ops.noCsp) {\n // TODO: Starting from Node v15 we'll be able to use string's\n // .replaceAll() method instead relying on reg. expression for\n // global matching.\n const regex = new RegExp(buffer.nonce, 'g');\n\n // TODO: It should be implemented more careful.\n h = h.replace(regex, (req as unknown as {\n nonce: string;\n }).nonce);\n }\n if (status !== 200) res.status(status);\n res.send(h);\n done();\n }\n });\n });\n }\n return;\n }\n }\n }\n\n const brr = ops.beforeRender!(req, sanitizedConfig as unknown as ConfigT);\n\n const [{\n configToInject,\n extraScripts,\n initialState,\n }, {\n cipher,\n iv,\n }] = await Promise.all([\n // NOTE: Written this way to avoid triggering the \"await-thenable\"\n // ESLint rule.\n brr instanceof Promise ? brr : Promise.resolve(brr),\n\n prepareCipher(buildInfo.key),\n ]);\n\n let helmet: HelmetDataContext['helmet'];\n\n // Gets the mapping between code chunk names and their asset files.\n // These data come from the Webpack compilation, either from the stats\n // attached to the request (in dev mode), or from a file output during\n // the build (in prod mode).\n let chunkGroups: ChunkGroupsT;\n const webpackStats = get(res.locals, 'webpack.devMiddleware.stats') as Stats \| undefined;\n if (webpackStats) {\n chunkGroups = mapValues(\n webpackStats.toJson({\n all: false,\n chunkGroups: true,\n }).namedChunkGroups,\n (item) => item.assets?.map(({ name }: { name: string }) => name)\n ?? [],\n );\n } else if (CHUNK_GROUPS) chunkGroups = CHUNK_GROUPS;\n else chunkGroups = {};\n\n / Optional server-side rendering. /\n const App = ops.Application;\n let appHtmlMarkup: string = '';\n const ssrContext = new ServerSsrContext(req, chunkGroups, initialState);\n let stream: NodeJS.ReadableStream;\n if (App) {\n const ssrStart = Date.now();\n\n // TODO: Somehow, without it TS does not realise that\n // App has been checked to exist.\n const App2 = App;\n\n const renderPass = async () => new Promise<NodeJS.ReadableStream>(\n (resolveArg, rejectArg) => {\n ssrContext.chunks = [];\n\n // NOTE: JS does not have problems if resolve() and reject() methods\n // of a Promise are called multiple times, with different arguments;\n // it only respects the first call, and ignores subsequent ones.\n // We, however, really want to assert that here, to safeguard against\n // any future problems due to unexpected internal changes in React,\n // if any.\n let error: unknown;\n\n const resolve = (arg: NodeJS.ReadableStream) => {\n if (error !== undefined) throw Error('Internal error');\n error = null;\n resolveArg(arg);\n };\n\n const reject = (arg: unknown) => {\n if (error !== undefined && error !== arg) {\n throw Error('Internal error');\n }\n error = arg;\n rejectArg(arg as Error);\n };\n\n // TODO: prerenderToNodeStream has (abort) \"signal\" option,\n // and we should wire it up to the SSR timeout below.\n const helmetContext = {} as HelmetDataContext;\n void prerenderToNodeStream(\n <GlobalStateProvider\n initialState={ssrContext.state}\n ssrContext={ssrContext}\n >\n <StaticRouter location={req.url}>\n <HelmetProvider context={helmetContext}>\n <App2 />\n </HelmetProvider>\n </StaticRouter>\n </GlobalStateProvider>,\n { onError: reject },\n ).then((result) => {\n ({ helmet } = helmetContext);\n resolve(result.prelude);\n }).catch(reject);\n },\n );\n\n let ssrRound = 0;\n let bailed = false;\n for (; ssrRound < ops.maxSsrRounds!; ++ssrRound) {\n stream = await renderPass();\n\n if (!ssrContext.dirty) break;\n\n const timeout = ops.ssrTimeout! + ssrStart - Date.now();\n bailed = timeout <= 0 \|\| !await Promise.race([\n Promise.allSettled(ssrContext.pending),\n timer(timeout).then(() => false),\n ]);\n if (bailed) break;\n }\n\n let logMsg;\n if (ssrContext.dirty) {\n // NOTE: In the case of incomplete SSR one more round is necessary\n // to ensure the correct hydration when some pending promises have\n // resolved and placed their data into the initial global state.\n stream = await renderPass();\n\n logMsg = bailed ? `SSR timed out after ${ops.ssrTimeout} second(s)`\n : `SSR bailed out after ${ops.maxSsrRounds} round(s)`;\n } else logMsg = `SSR completed in ${ssrRound + 1} round(s)`;\n\n ops.logger!.log(ssrContext.dirty ? 'warn' : 'info', logMsg);\n\n if (ssrContext.redirectTo) {\n res.redirect(ssrContext.status, ssrContext.redirectTo);\n return;\n }\n\n await new Promise((ready) => {\n stream!.pipe(new Writable({\n destroy: ready,\n write: (chunk: { toString: () => string }, _, done) => {\n appHtmlMarkup += chunk.toString();\n done();\n },\n }));\n });\n }\n\n / Encrypts data to be injected into HTML.\n * Keep in mind, that this encryption is no way secure: as the JS bundle\n * contains decryption key and is able to decode it at the client side.\n * Hovewer, for a number of reasons, encryption of injected data is still\n * better than injection of a plain text. */\n const payload = serializeJs({\n CHUNK_GROUPS: chunkGroups,\n CONFIG: configToInject ?? sanitizedConfig,\n ISTATE: ssrContext.state,\n }, {\n ignoreFunction: true,\n unsafe: true,\n });\n cipher.update(forge.util.createBuffer(payload, 'utf8'));\n cipher.finish();\n const INJ = forge.util.encode64(`${iv}${cipher.output.data}`);\n\n const chunkSet = new Set<string>();\n\n // TODO: \"main\" chunk has to be added explicitly,\n // because unlike all other chunks they are not managed by <CodeSplit>\n // component, thus they are not added to the ssrContext.chunks\n // automatically. Actually, names of these entry chunks should be\n // read from Wepback config, as the end user may customize them,\n // remove or add other entry points, but it requires additional\n // efforts to figure out how to automatically order them right,\n // thus for now this handles the default config.\n [\n 'main',\n ...ssrContext.chunks,\n ].forEach((chunk) => {\n const assets = chunkGroups[chunk];\n if (assets) assets.forEach((asset) => chunkSet.add(asset));\n });\n\n let styleChunkString = '';\n let scriptChunkString = '';\n chunkSet.forEach((chunk) => {\n if (chunk.endsWith('.css')) {\n styleChunkString += `<link href=\"${publicPath as string}${chunk}\" rel=\"stylesheet\">`;\n } else if (\n chunk.endsWith('.js')\n // In dev mode HMR adds JS updates into asset arrays,\n // and they (updates) should be ignored.\n && !chunk.endsWith('.hot-update.js')\n ) {\n scriptChunkString += `<script src=\"${publicPath as string}${chunk}\" type=\"application/javascript\"></script>`;\n }\n });\n\n const grouppedExtraScripts = groupExtraScripts(extraScripts);\n\n const faviconLink = ops.favicon\n ? '<link rel=\"shortcut icon\" href=\"/favicon.ico\">'\n : '';\n\n const html = `<!DOCTYPE html>\n <html lang=\"en\">\n <head>\n ${grouppedExtraScripts[SCRIPT_LOCATIONS.HEAD_OPEN]}\n ${helmet?.title.toString() ?? ''}\n ${helmet?.meta.toString() ?? ''}\n <meta name=\"theme-color\" content=\"#FFFFFF\">\n ${manifestLink}\n ${helmet?.link.toString() ?? ''}${styleChunkString}\n ${faviconLink}\n <meta charset=\"utf-8\">\n <meta\n content=\"width=device-width,initial-scale=1.0\"\n name=\"viewport\"\n >\n <meta itemprop=\"drpruinj\" content=\"${INJ}\">\n </head>\n <body>\n ${grouppedExtraScripts[SCRIPT_LOCATIONS.BODY_OPEN]}\n <div id=\"react-view\">${appHtmlMarkup}</div>\n ${scriptChunkString}\n ${grouppedExtraScripts[SCRIPT_LOCATIONS.DEFAULT]}\n </body>\n </html>`;\n\n const status = ssrContext.status \|\| 200;\n if (status !== 200) res.status(status);\n\n if (cacheRef && status < 500) {\n // Note: waiting for the caching to complete is not strictly necessary,\n // but it greately simplifies testing, and error reporting.\n await new Promise<void>((done, failed) => {\n brotliCompress(html, (error, buffer) => {\n if (error) failed(error);\n else {\n const b = buffer as unknown as BufferWithNonce;\n b.nonce = (req as unknown as {\n nonce: string;\n }).nonce;\n cache!.add({ buffer: b, status }, cacheRef.key, buffer.length);\n done();\n }\n });\n });\n }\n\n // Note: as caching code above may throw in some cases, sending response\n // before it completes will likely hide the error, making it difficult\n // to debug. Thus, at least for now, lets send response after it.\n res.send(html);\n } catch (error) {\n next(error);\n }\n };\n}\n"],"mappings":"kUAIA,IAAAA,OAAA,CAAAC,sBAAA,CAAAC,OAAA,aACA,IAAAC,SAAA,CAAAF,sBAAA,CAAAC,OAAA,eACA,IAAAE,WAAA,CAAAF,OAAA,gBACA,IAAAG,SAAA,CAAAH,OAAA,cAKA,IAAAI,QAAA,CAAAL,sBAAA,CAAAC,OAAA,aAEA,IAAAK,iBAAA,CAAAL,OAAA,mCACA,IAAAM,QAAA,CAAAN,OAAA,yBAEA,IAAAO,MAAA,CAAAR,sBAAA,CAAAC,OAAA,kBACA,IAAAQ,UAAA,CAAAT,sBAAA,CAAAC,OAAA,sBACA,IAAAS,SAAA,CAAAV,sBAAA,CAAAC,OAAA,qBACA,IAAAU,IAAA,CAAAX,sBAAA,CAAAC,OAAA,gBACA,IAAAW,SAAA,CAAAZ,sBAAA,CAAAC,OAAA,qBACA,IAAAY,UAAA,CAAAb,sBAAA,CAAAC,OAAA,sBACA,IAAAa,KAAA,CAAAd,sBAAA,CAAAC,OAAA,iBAEA,IAAAc,OAAA,CAAAf,sBAAA,CAAAC,OAAA,YACA,IAAAe,UAAA,CAAAhB,sBAAA,CAAAC,OAAA,gBAEA,IAAAgB,OAAA,CAAAhB,OAAA,qBACA,IAAAiB,YAAA,CAAAjB,OAAA,6BACA,IAAAkB,YAAA,CAAAlB,OAAA,iBACA,IAAAmB,oBAAA,CAAApB,sBAAA,CAAAC,OAAA,0BACA,IAAAoB,UAAA,CAAApB,OAAA,wCAIA,IAAAqB,MAAA,CAAAtB,sBAAA,CAAAC,OAAA,aAA4B,IAAAsB,WAAA,CAAAtB,OAAA,sBApC5B;AACA;AACA,GAoCA,KAAM,CAAAuB,eAAe,CAAG,GAAAC,aAAI,EAACC,eAAM,CAAE,QAAQ,CAAC,CAE9C;AACA;AACA;AACA;AAMA;AAMA;AASA,GAAY,CAAAC,gBAAgB,CAAAC,OAAA,CAAAD,gBAAA,uBAAhBA,gBAAgB,EAAhBA,gBAAgB,0BAAhBA,gBAAgB,sBAAhBA,gBAAgB,gCAAhB,CAAAA,gBAAgB,MAMrB,KAAM,CAAAE,gBAAgB,QACnB,CAAAC,4BACuB,CAG/BC,MAAM,CAAa,EAAE,CAMrBC,MAAM,CAAW,GAAG,CAEpBC,WAAWA,CACTC,GAAY,CACZC,WAAyB,CACzBC,YAAqB,CACrB,CACA,KAAK,CAAC,GAAAC,kBAAS,EAACD,YAAY,CAAC,EAAK,CAAC,CAAY,CAAC,CAChD,IAAI,CAACD,WAAW,CAAGA,WAAW,CAC9B,IAAI,CAACD,GAAG,CAAGA,GACb,CACF,CAOA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GARAN,OAAA,CAAAC,gBAAA,CAAAA,gBAAA,CASA,QAAS,CAAAS,YAAYA,CAACC,OAAe,CAAE,CACrC,KAAM,CAAAC,GAAG,CAAGC,iBAAI,CAACC,OAAO,CAACH,OAAO,CAAE,aAAa,CAAC,CAChD,MAAO,CAAAI,IAAI,CAACC,KAAK,CAACC,eAAE,CAACC,YAAY,CAACN,GAAG,CAAE,MAAM,CAAC,CAChD,CAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GACA,QAAS,CAAAO,mBAAmBA,CAACC,QAAgB,CAAE,CAC7C,KAAM,CAAAR,GAAG,CAAGC,iBAAI,CAACC,OAAO,CAACM,QAAQ,CAAE,uBAAuB,CAAC,CAC3D,GAAI,CAAAC,GAAG,CACP,GAAI,CACFA,GAAG,CAAGN,IAAI,CAACC,KAAK,CAACC,eAAE,CAACC,YAAY,CAACN,GAAG,CAAE,MAAM,CAAC,CAC/C,CAAE,KAAM,CACN;AACAS,GAAG,CAAG,IACR,CACA,MAAO,CAAAA,GACT,CAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GACA,cAAe,CAAAC,aAAaA,CAACC,GAAW,CAGrC,CACD,MAAO,IAAI,CAAAC,OAAO,CAAC,CAACV,OAAO,CAAEW,MAAM,GAAK,CACtCC,kBAAK,CAACC,MAAM,CAACC,QAAQ,CAAC,EAAE,CAAE,CAACC,GAAG,CAAEC,EAAE,GAAK,CACrC,GAAID,GAAG,CAAEJ,MAAM,CAACI,GAAG,CAAC,CAAC,IAChB,CACH,KAAM,CAAAE,MAAM,CAAGL,kBAAK,CAACK,MAAM,CAACC,YAAY,CAAC,SAAS,CAAET,GAAG,CAAC,CACxDQ,MAAM,CAACE,KAAK,CAAC,CAAEH,EAAG,CAAC,CAAC,CACpBhB,OAAO,CAAC,CAAEiB,MAAM,CAAED,EAAG,CAAC,CACxB,CACF,CAAC,CACH,CAAC,CACH,CAEA;AACA;AACA;AACA;AACA,GACO,QAAS,CAAAI,kBAAkBA,CAAC5B,GAAY,CAAW,CACxD,KAAM,CAAA6B,UAAU,CAAG7B,GAAG,CAAC8B,GAAG,CAAC,iBAAiB,CAAC,CAC7C,GAAID,UAAU,CAAE,CACd,KAAM,CAAAE,GAAG,CAAGF,UAAU,CAACG,KAAK,CAAC,GAAG,CAAC,CACjC,IAAK,KAAM,CAAAC,EAAE,GAAI,CAAAF,GAAG,CAAE,CACpB,KAAM,CAACG,IAAI,CAAEC,QAAQ,CAAC,CAAGF,EAAE,CAACG,IAAI,CAAC,CAAC,CAACJ,KAAK,CAAC,KAAK,CAAC,CAC/C,GAAI,CAACE,IAAI,GAAK,GAAG,EAAIA,IAAI,GAAK,IAAI,IAC5B,CAACC,QAAQ,EAAIE,UAAU,CAACF,QAAQ,CAAC,CAAG,CAAC,CAAC,CAAE,CAC5C,MAAO,KACT,CACF,CACF,CACA,MAAO,MACT,CAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GACA,QAAS,CAAAG,iBAAiBA,CAACC,OAAgC,CAAG,EAAE,CAAE,CAChE,KAAM,CAAAxB,GAAG,CAAG,CACV,CAACtB,gBAAgB,CAAC+C,SAAS,EAAG,EAAE,CAChC,CAAC/C,gBAAgB,CAACgD,OAAO,EAAG,EAAE,CAC9B,CAAChD,gBAAgB,CAACiD,SAAS,EAAG,EAChC,CAAC,CACD,IAAK,KAAM,CAAAC,MAAM,GAAI,CAAAJ,OAAO,CAAE,CAC5B,GAAI,GAAAK,iBAAQ,EAACD,MAAM,CAAC,CAAE,CACpB,GAAIA,MAAM,CAAE5B,GAAG,CAACtB,gBAAgB,CAACgD,OAAO,CAAC,EAAIE,MAC/C,CAAC,IAAM,IAAIA,MAAM,CAACE,IAAI,CAAE,CACtB,GAAIF,MAAM,CAACG,QAAQ,GAAI,CAAA/B,GAAG,CAAEA,GAAG,CAAC4B,MAAM,CAACG,QAAQ,CAAC,EAAIH,MAAM,CAACE,IAAI,CAAC,IAC3D,MAAM,CAAAE,KAAK,CAAC,qBAAqBJ,MAAM,CAACG,QAAQ,GAAG,CAC1D,CACF,CACA,MAAO,CAAA/B,GACT,CAEA;AACA;AACA;AACA;AACA;AACA,GACO,QAAS,CAAAiC,gBAAgBA,CAAC,CAC/BC,eAAe,CAAG,MACpB,CAAC,CAAG,CAAC,CAAC,CAAkB,CACtB,KAAM,CAAEC,MAAM,CAAEC,UAAW,CAAC,CAAGC,gBAAO,CACtC,MAAO,CAAAA,gBAAO,CAACC,YAAY,CAAC,CAC1BH,MAAM,CAAEA,MAAM,CAACI,OAAO,CACpBJ,MAAM,CAACK,KAAK,CAAC,CAAC,CACdL,MAAM,CAACM,SAAS,CAAC,CAAC,CAClBN,MAAM,CAACO,QAAQ,CAAC,CAAC,CACjBP,MAAM,CAACQ,MAAM,CACX,CAAC,CACCC,KAAK,CACLC,OAAO,CACPJ,SAAS,CACTK,KAAK,CACL,GAAGC,IACL,CAAC,GAAK,CACJ,GAAI,CAAA/C,GAAG,CAAG,GAAG4C,KAAK,SAASH,SAAS,OAAiBI,OAAO,EAAY,CACxE,GAAIG,MAAM,CAACC,IAAI,CAACF,IAAI,CAAC,CAACG,MAAM,CAAE,CAC5BlD,GAAG,EAAI,KAAKN,IAAI,CAACyD,SAAS,CAACJ,IAAI,CAAE,IAAI,CAAE,CAAC,CAAC,EAC3C,CACA,GAAID,KAAK,CAAE9C,GAAG,EAAI,KAAK8C,KAAK,EAAY,CACxC,MAAO,CAAA9C,GACT,CACF,CACF,CAAC,CACD4C,KAAK,CAAEV,eAAe,CACtBE,UAAU,CAAE,CAAC,GAAI,CAAAA,UAAU,CAACgB,OAAS,CACvC,CAAC,CACH,CAoCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GACe,QAAS,CAAAC,OAAOA,CAC7BC,aAA4B,CAC5BC,OAAiB,CACD,CAChB,KAAM,CAAAvC,GAAa,CAAG,GAAAwC,iBAAQ,EAAC,GAAAC,cAAK,EAACF,OAAO,CAAC,CAAE,CAC7CG,YAAY,CAAE,KAAAA,CAAA,GAAYvD,OAAO,CAACV,OAAO,CAAC,CAAC,CAAC,CAAC,CAC7CkE,YAAY,CAAE,EAAE,CAChBC,UAAU,CAAE,IAAI,CAChBC,eAAe,CAAE,IACnB,CAAC,CAAC,CAEF;AACA;AACA;AACA7C,GAAG,CAAC8C,MAAM,GAAK7B,gBAAgB,CAAC,CAC9BC,eAAe,CAAElB,GAAG,CAAC+C,qBACvB,CAAC,CAAC,CAEF,KAAM,CAAAC,SAAS,CAAGhD,GAAG,CAACgD,SAAS,EAAI3E,YAAY,CAACiE,aAAa,CAAChE,OAAQ,CAAC,CACvE,GAAA2E,uBAAY,EAACD,SAAS,CAAC,CAEvB;AACA,KAAM,CAAEE,UAAU,CAAE1E,IAAI,CAAE2E,UAAW,CAAC,CAAGb,aAAa,CAACc,MAAO,CAE9D,KAAM,CAAAC,YAAY,CAAGzE,eAAE,CAAC0E,UAAU,CAAC,GAAGH,UAAU,gBAAgB,CAAC,CAC7D,8BAA8BD,UAAU,iBAA2B,CAAG,EAAE,CAE5E;AAKA,KAAM,CAAAK,KAAK,CAAGvD,GAAG,CAACwD,qBAAqB,CACnC,GAAI,CAAAC,cAAK,CAGRzD,GAAG,CAAC6C,eAAgB,CAAC,CACtB,IAAI,CAER,KAAM,CAAAa,YAAY,CAAG5E,mBAAmB,CAACqE,UAAW,CAAC,CAErD;AACA;AACA,MAAO,OAAOlF,GAAG,CAAEe,GAAG,CAAE2E,IAAI,GAAK,CAC/B,GAAI,CACF;AACA3E,GAAG,CAAC4E,GAAG,CAAC,eAAe,CAAE,UAAU,CAAC,CAEpC5E,GAAG,CAAC6E,MAAM,CAAC,WAAW,CAAE5F,GAAG,CAAC6F,SAAS,CAAC,CAAC,CAAC,CAExC,GAAI,CAAAC,QAAsC,CAC1C,GAAIR,KAAK,CAAE,CACTQ,QAAQ,CAAG/D,GAAG,CAACwD,qBAAqB,CAAEvF,GAAG,CAAC,CAC1C,GAAI8F,QAAQ,CAAE,CACZ,KAAM,CAAAC,IAAI,CAAGT,KAAK,CAACxD,GAAG,CAACgE,QAAQ,CAAC,CAChC,GAAIC,IAAI,GAAK,IAAI,CAAE,CACjB,KAAM,CAAEC,MAAM,CAAElG,MAAO,CAAC,CAAGiG,IAAI,CAC/B,GAAIhE,GAAG,CAACkE,KAAK,EAAIrE,kBAAkB,CAAC5B,GAAG,CAAC,CAAE,CACxCe,GAAG,CAAC4E,GAAG,CAAC,cAAc,CAAE,WAAW,CAAC,CACpC5E,GAAG,CAAC4E,GAAG,CAAC,kBAAkB,CAAE,IAAI,CAAC,CACjC,GAAI7F,MAAM,GAAK,GAAG,CAAEiB,GAAG,CAACjB,MAAM,CAACA,MAAM,CAAC,CACtCiB,GAAG,CAACmF,IAAI,CAACF,MAAM,CACjB,CAAC,IAAM,CACL,KAAM,IAAI,CAAA9E,OAAO,CAAO,CAACiF,IAAI,CAAEC,MAAM,GAAK,CACxC,GAAAC,0BAAgB,EAACL,MAAM,CAAE,CAACM,KAAK,CAAEC,IAAI,GAAK,CACxC,GAAID,KAAK,CAAEF,MAAM,CAACE,KAAK,CAAC,CAAC,IACpB,CACH,GAAI,CAAAE,CAAC,CAAGD,IAAI,CAACE,QAAQ,CAAC,CAAC,CACvB,GAAI,CAAC1E,GAAG,CAACkE,KAAK,CAAE,CACd;AACA;AACA;AACA,KAAM,CAAAS,KAAK,CAAG,GAAI,CAAAC,MAAM,CAACX,MAAM,CAACY,KAAK,CAAE,GAAG,CAAC,CAE3C;AACAJ,CAAC,CAAGA,CAAC,CAACK,OAAO,CAACH,KAAK,CAAG1G,GAAG,CAEtB4G,KAAK,CACV,CACA,GAAI9G,MAAM,GAAK,GAAG,CAAEiB,GAAG,CAACjB,MAAM,CAACA,MAAM,CAAC,CACtCiB,GAAG,CAACmF,IAAI,CAACM,CAAC,CAAC,CACXL,IAAI,CAAC,CACP,CACF,CAAC,CACH,CAAC,CACH,CACA,MACF,CACF,CACF,CAEA,KAAM,CAAAW,GAAG,CAAG/E,GAAG,CAAC0C,YAAY,CAAEzE,GAAG,CAAEV,eAAqC,CAAC,CAEzE,KAAM,CAAC,CACLyH,cAAc,CACdC,YAAY,CACZ9G,YACF,CAAC,CAAE,CACDuB,MAAM,CACND,EACF,CAAC,CAAC,CAAG,KAAM,CAAAN,OAAO,CAAC+F,GAAG,CAAC,CACrB;AACA;AACAH,GAAG,WAAY,CAAA5F,OAAO,CAAG4F,GAAG,CAAG5F,OAAO,CAACV,OAAO,CAACsG,GAAG,CAAC,CAEnD9F,aAAa,CAAC+D,SAAS,CAAC9D,GAAG,CAAC,CAC7B,CAAC,CAEF,GAAI,CAAAiG,MAAmC,CAEvC;AACA;AACA;AACA;AACA,GAAI,CAAAjH,WAAyB,CAC7B,KAAM,CAAAkH,YAAY,CAAG,GAAArF,YAAG,EAACf,GAAG,CAACqG,MAAM,CAAE,6BAA6B,CAAsB,CACxF,GAAID,YAAY,CAAE,CAChBlH,WAAW,CAAG,GAAAoH,kBAAS,EACrBF,YAAY,CAACG,MAAM,CAAC,CAClBL,GAAG,CAAE,KAAK,CACVhH,WAAW,CAAE,IACf,CAAC,CAAC,CAACsH,gBAAgB,CAClBC,IAAI,EAAKA,IAAI,CAACC,MAAM,EAAEC,GAAG,CAAC,CAAC,CAAEC,IAAuB,CAAC,GAAKA,IAAI,CAAC,EAC3D,EACP,CACF,CAAC,IAAM,IAAIlC,YAAY,CAAExF,WAAW,CAAGwF,YAAY,CAAC,IAC/C,CAAAxF,WAAW,CAAG,CAAC,CAAC,CAErB,qCACA,KAAM,CAAA2H,GAAG,CAAG7F,GAAG,CAAC8F,WAAW,CAC3B,GAAI,CAAAC,aAAqB,CAAG,EAAE,CAC9B,KAAM,CAAAC,UAAU,CAAG,GAAI,CAAApI,gBAAgB,CAACK,GAAG,CAAEC,WAAW,CAAEC,YAAY,CAAC,CACvE,GAAI,CAAA8H,MAA6B,CACjC,GAAIJ,GAAG,CAAE,CACP,KAAM,CAAAK,QAAQ,CAAGC,IAAI,CAACC,GAAG,CAAC,CAAC,CAE3B;AACA;AACA,KAAM,CAAAC,IAAI,CAAGR,GAAG,CAEhB,KAAM,CAAAS,UAAU,CAAG,KAAAA,CAAA,GAAY,GAAI,CAAAnH,OAAO,CACxC,CAACoH,UAAU,CAAEC,SAAS,GAAK,CACzBR,UAAU,CAAClI,MAAM,CAAG,EAAE,CAEtB;AACA;AACA;AACA;AACA;AACA;AACA,GAAI,CAAAyG,KAAc,CAElB,KAAM,CAAA9F,OAAO,CAAIgI,GAA0B,EAAK,CAC9C,GAAIlC,KAAK,GAAKmC,SAAS,CAAE,KAAM,CAAA1F,KAAK,CAAC,gBAAgB,CAAC,CACtDuD,KAAK,CAAG,IAAI,CACZgC,UAAU,CAACE,GAAG,CAChB,CAAC,CAED,KAAM,CAAArH,MAAM,CAAIqH,GAAY,EAAK,CAC/B,GAAIlC,KAAK,GAAKmC,SAAS,EAAInC,KAAK,GAAKkC,GAAG,CAAE,CACxC,KAAM,CAAAzF,KAAK,CAAC,gBAAgB,CAC9B,CACAuD,KAAK,CAAGkC,GAAG,CACXD,SAAS,CAACC,GAAY,CACxB,CAAC,CAED;AACA;AACA,KAAM,CAAAE,aAAa,CAAG,CAAC,CAAsB,CAC7C,IAAK,GAAAC,6BAAqB,eACxB,GAAAC,eAAA,EAACC,qCAAmB,EAClB3I,YAAY,CAAE6H,UAAU,CAACe,KAAM,CAC/Bf,UAAU,CAAEA,UAAW,CAAAgB,QAAA,cAEvB,GAAAH,eAAA,EAACI,yBAAY,EAAClG,QAAQ,CAAE9C,GAAG,CAACM,GAAI,CAAAyI,QAAA,cAC9B,GAAAH,eAAA,EAACK,2BAAc,EAAC5I,OAAO,CAAEqI,aAAc,CAAAK,QAAA,cACrC,GAAAH,eAAA,EAACR,IAAI,GAAE,CAAC,CACM,CAAC,CACL,CAAC,CACI,CAAC,CACtB,CAAEc,OAAO,CAAE/H,MAAO,CACpB,CAAC,CAACgI,IAAI,CAAEC,MAAM,EAAK,CACjB,CAAC,CAAElC,MAAO,CAAC,CAAGwB,aAAa,EAC3BlI,OAAO,CAAC4I,MAAM,CAACC,OAAO,CACxB,CAAC,CAAC,CAACC,KAAK,CAACnI,MAAM,CACjB,CACF,CAAC,CAED,GAAI,CAAAoI,QAAQ,CAAG,CAAC,CAChB,GAAI,CAAAC,MAAM,CAAG,KAAK,CAClB,KAAOD,QAAQ,CAAGxH,GAAG,CAAC2C,YAAa,CAAE,EAAE6E,QAAQ,CAAE,CAC/CvB,MAAM,CAAG,KAAM,CAAAK,UAAU,CAAC,CAAC,CAE3B,GAAI,CAACN,UAAU,CAAC0B,KAAK,CAAE,MAEvB,KAAM,CAAAC,OAAO,CAAG3H,GAAG,CAAC4C,UAAU,CAAIsD,QAAQ,CAAGC,IAAI,CAACC,GAAG,CAAC,CAAC,CACvDqB,MAAM,CAAGE,OAAO,EAAI,CAAC,EAAI,EAAC,KAAM,CAAAxI,OAAO,CAACyI,IAAI,CAAC,CAC3CzI,OAAO,CAAC0I,UAAU,CAAC7B,UAAU,CAAC8B,OAAO,CAAC,CACtC,GAAAC,cAAK,EAACJ,OAAO,CAAC,CAACP,IAAI,CAAC,IAAM,KAAK,CAAC,CACjC,CAAC,EACF,GAAIK,MAAM,CAAE,KACd,CAEA,GAAI,CAAAO,MAAM,CACV,GAAIhC,UAAU,CAAC0B,KAAK,CAAE,CACpB;AACA;AACA;AACAzB,MAAM,CAAG,KAAM,CAAAK,UAAU,CAAC,CAAC,CAE3B0B,MAAM,CAAGP,MAAM,CAAG,uBAAuBzH,GAAG,CAAC4C,UAAU,YAAY,CAC/D,wBAAwB5C,GAAG,CAAC2C,YAAY,WAC9C,CAAC,IAAM,CAAAqF,MAAM,CAAG,oBAAoBR,QAAQ,CAAG,CAAC,WAAW,CAE3DxH,GAAG,CAAC8C,MAAM,CAAEmF,GAAG,CAACjC,UAAU,CAAC0B,KAAK,CAAG,MAAM,CAAG,MAAM,CAAEM,MAAM,CAAC,CAE3D,GAAIhC,UAAU,CAACkC,UAAU,CAAE,CACzBlJ,GAAG,CAACmJ,QAAQ,CAACnC,UAAU,CAACjI,MAAM,CAAEiI,UAAU,CAACkC,UAAU,CAAC,CACtD,MACF,CAEA,KAAM,IAAI,CAAA/I,OAAO,CAAEiJ,KAAK,EAAK,CAC3BnC,MAAM,CAAEoC,IAAI,CAAC,GAAI,CAAAC,oBAAQ,CAAC,CACxBC,OAAO,CAAEH,KAAK,CACdI,KAAK,CAAEA,CAACC,KAAiC,CAAEC,CAAC,CAAEtE,IAAI,GAAK,CACrD2B,aAAa,EAAI0C,KAAK,CAAC/D,QAAQ,CAAC,CAAC,CACjCN,IAAI,CAAC,CACP,CACF,CAAC,CAAC,CACJ,CAAC,CACH,CAEA;AACN;AACA;AACA;AACA,kDACM,KAAM,CAAAuE,OAAO,CAAG,GAAAC,4BAAW,EAAC,CAC1BlF,YAAY,CAAExF,WAAW,CACzB2K,MAAM,CAAE7D,cAAc,EAAIzH,eAAe,CACzCuL,MAAM,CAAE9C,UAAU,CAACe,KACrB,CAAC,CAAE,CACDgC,cAAc,CAAE,IAAI,CACpBC,MAAM,CAAE,IACV,CAAC,CAAC,CACFtJ,MAAM,CAACuJ,MAAM,CAAC5J,kBAAK,CAAC6J,IAAI,CAACC,YAAY,CAACR,OAAO,CAAE,MAAM,CAAC,CAAC,CACvDjJ,MAAM,CAAC0J,MAAM,CAAC,CAAC,CACf,KAAM,CAAAC,GAAG,CAAGhK,kBAAK,CAAC6J,IAAI,CAACI,QAAQ,CAAC,GAAG7J,EAAE,GAAGC,MAAM,CAAC0D,MAAM,CAACY,IAAI,EAAE,CAAC,CAE7D,KAAM,CAAAuF,QAAQ,CAAG,GAAI,CAAAC,GAAa,CAElC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,CACE,MAAM,CACN,GAAGxD,UAAU,CAAClI,MAAM,CACrB,CAAC2L,OAAO,CAAEhB,KAAK,EAAK,CACnB,KAAM,CAAA/C,MAAM,CAAGxH,WAAW,CAACuK,KAAK,CAAC,CACjC,GAAI/C,MAAM,CAAEA,MAAM,CAAC+D,OAAO,CAAEC,KAAK,EAAKH,QAAQ,CAACI,GAAG,CAACD,KAAK,CAAC,CAC3D,CAAC,CAAC,CAEF,GAAI,CAAAE,gBAAgB,CAAG,EAAE,CACzB,GAAI,CAAAC,iBAAiB,CAAG,EAAE,CAC1BN,QAAQ,CAACE,OAAO,CAAEhB,KAAK,EAAK,CAC1B,GAAIA,KAAK,CAACqB,QAAQ,CAAC,MAAM,CAAC,CAAE,CAC1BF,gBAAgB,EAAI,eAAe1G,UAAU,GAAauF,KAAK,qBACjE,CAAC,IAAM,IACLA,KAAK,CAACqB,QAAQ,CAAC,KAAK,CACpB;AACA;AAAA,EACG,CAACrB,KAAK,CAACqB,QAAQ,CAAC,gBAAgB,CAAC,CACpC,CACAD,iBAAiB,EAAI,gBAAgB3G,UAAU,GAAauF,KAAK,2CACnE,CACF,CAAC,CAAC,CAEF,KAAM,CAAAsB,oBAAoB,CAAGxJ,iBAAiB,CAAC0E,YAAY,CAAC,CAE5D,KAAM,CAAA+E,WAAW,CAAGhK,GAAG,CAACiK,OAAO,CAC3B,oDAAgD,CAChD,EAAE,CAEN,KAAM,CAAAzF,IAAI,CAAG;AACnB;AACA;AACA,cAAcuF,oBAAoB,CAACrM,gBAAgB,CAACiD,SAAS,CAAC;AAC9D,cAAcwE,MAAM,EAAE+E,KAAK,CAACxF,QAAQ,CAAC,CAAC,EAAI,EAAE;AAC5C,cAAcS,MAAM,EAAEgF,IAAI,CAACzF,QAAQ,CAAC,CAAC,EAAI,EAAE;AAC3C;AACA,cAAcrB,YAAY;AAC1B,cAAc8B,MAAM,EAAEiF,IAAI,CAAC1F,QAAQ,CAAC,CAAC,EAAI,EAAE,GAAGkF,gBAAgB;AAC9D,cAAcI,WAAW;AACzB;AACA;AACA;AACA;AACA;AACA,iDAAiDX,GAAG;AACpD;AACA;AACA,cAAcU,oBAAoB,CAACrM,gBAAgB,CAAC+C,SAAS,CAAC;AAC9D,mCAAmCsF,aAAa;AAChD,cAAc8D,iBAAiB;AAC/B,cAAcE,oBAAoB,CAACrM,gBAAgB,CAACgD,OAAO,CAAC;AAC5D;AACA,gBAAgB,CAEV,KAAM,CAAA3C,MAAM,CAAGiI,UAAU,CAACjI,MAAM,EAAI,GAAG,CACvC,GAAIA,MAAM,GAAK,GAAG,CAAEiB,GAAG,CAACjB,MAAM,CAACA,MAAM,CAAC,CAEtC,GAAIgG,QAAQ,EAAIhG,MAAM,CAAG,GAAG,CAAE,CAC5B;AACA;AACA,KAAM,IAAI,CAAAoB,OAAO,CAAO,CAACiF,IAAI,CAAEC,MAAM,GAAK,CACxC,GAAAgG,wBAAc,EAAC7F,IAAI,CAAE,CAACD,KAAK,CAAEN,MAAM,GAAK,CACtC,GAAIM,KAAK,CAAEF,MAAM,CAACE,KAAK,CAAC,CAAC,IACpB,CACH,KAAM,CAAA+F,CAAC,CAAGrG,MAAoC,CAC9CqG,CAAC,CAACzF,KAAK,CAAI5G,GAAG,CAEX4G,KAAK,CACRtB,KAAK,CAAEoG,GAAG,CAAC,CAAE1F,MAAM,CAAEqG,CAAC,CAAEvM,MAAO,CAAC,CAAEgG,QAAQ,CAAC7E,GAAG,CAAE+E,MAAM,CAAC/B,MAAM,CAAC,CAC9DkC,IAAI,CAAC,CACP,CACF,CAAC,CACH,CAAC,CACH,CAEA;AACA;AACA;AACApF,GAAG,CAACmF,IAAI,CAACK,IAAI,CACf,CAAE,MAAOD,KAAK,CAAE,CACdZ,IAAI,CAACY,KAAK,CACZ,CACF,CACF","ignoreList":[]}
1	+ {"version":3,"file":"renderer.js","names":["Buffer","createCipheriv","randomBytes","fs","path","Writable","brotliCompress","brotliDecompress","winston","GlobalStateProvider","SsrContext","timer","cloneDeep","defaults","get","mapValues","config","prerenderToNodeStream","HelmetProvider","StaticRouter","serializeJs","setBuildInfo","Cache","jsx","_jsx","SECRET","sanitizedConfig","SCRIPT_LOCATIONS","ServerSsrContext","chunks","status","constructor","req","chunkGroups","initialState","getBuildInfo","context","url","resolve","JSON","parse","readFileSync","readChunkGroupsJson","buildDir","res","prepareCipher","key","iv","cipher","from","isBrotliAcceptable","acceptable","ops","split","op","type","priority","trim","parseFloat","groupExtraScripts","scripts","BODY_OPEN","DEFAULT","HEAD_OPEN","script","code","location","Error","newDefaultLogger","defaultLogLevel","format","transports","createLogger","combine","splat","timestamp","colorize","printf","level","message","stack","rest","Object","keys","length","stringify","Console","factory","webpackConfig","options","beforeRender","Promise","maxSsrRounds","ssrTimeout","staticCacheSize","logger","defaultLoggerLogLevel","buildInfo","publicPath","outputPath","output","manifestLink","existsSync","cache","staticCacheController","CHUNK_GROUPS","next","set","cookie","csrfToken","cacheRef","data","buffer","noCsp","send","done","failed","error","html","h","toString","regex","RegExp","nonce","replace","brr","configToInject","extraScripts","helmet","webpackStats","locals","toJson","all","namedChunkGroups","item","assets","map","name","App","Application","appHtmlMarkup","ssrContext","stream","ssrStart","Date","now","App2","renderPass","resolveArg","rejectArg","arg","undefined","reject","helmetContext","state","children","onError","then","result","prelude","catch","ssrRound","bailed","dirty","timeout","race","allSettled","pending","logMsg","log","redirectTo","redirect","ready","pipe","destroy","write","chunk","_","payload","CONFIG","ISTATE","ignoreFunction","unsafe","INJ","concat","update","final","chunkSet","Set","forEach","asset","add","styleChunkString","scriptChunkString","endsWith","grouppedExtraScripts","faviconLink","favicon","title","meta","link","b"],"sources":["../../../src/server/renderer.tsx"],"sourcesContent":["/*\n ExpressJS middleware for server-side rendering of a ReactJS app.\n /\n\nimport { Buffer } from 'node:buffer';\nimport { type Cipheriv, createCipheriv, randomBytes } from 'node:crypto';\nimport fs from 'node:fs';\nimport path from 'node:path';\nimport { Writable } from 'node:stream';\nimport { brotliCompress, brotliDecompress } from 'node:zlib';\n\nimport type { Request, RequestHandler } from 'express';\nimport type { ComponentType } from 'react';\nimport type { Configuration, Stats } from 'webpack';\nimport winston from 'winston';\n\nimport { GlobalStateProvider, SsrContext } from '@dr.pogodin/react-global-state';\nimport { timer } from '@dr.pogodin/js-utils';\n\nimport {\n cloneDeep,\n defaults,\n get,\n mapValues,\n} from 'lodash-es';\n\nimport config from 'config';\n\nimport { prerenderToNodeStream } from 'react-dom/static';\nimport { type HelmetDataContext, HelmetProvider } from '@dr.pogodin/react-helmet';\nimport { StaticRouter } from 'react-router';\nimport serializeJs from 'serialize-javascript';\nimport { type BuildInfoT, setBuildInfo } from 'utils/isomorphy/buildInfo';\n\nimport type { ChunkGroupsT, SsrContextT } from 'utils/globalState';\n\nimport Cache from './Cache';\n\n// @ts-expect-error \"Property 'SECRET' does not exist on type 'IConfig'.\"\n// eslint-disable-next-line @typescript-eslint/no-unused-vars\nconst { SECRET, ...sanitizedConfig } = config;\n\n// Note: These type definitions for logger are copied from Winston logger,\n// then simplified to make it easier to fit an alternative logger into this\n// interface.\n// eslint-disable-next-line @typescript-eslint/consistent-type-definitions\ninterface LogMethodI {\n // eslint-disable-next-line @typescript-eslint/prefer-function-type\n (level: string, message: string, ...meta: unknown[]): void;\n}\n\n// eslint-disable-next-line @typescript-eslint/consistent-type-definitions\ninterface LeveledLogMethodI {\n // eslint-disable-next-line @typescript-eslint/prefer-function-type\n (message: string, ...meta: unknown[]): void;\n}\n\n// eslint-disable-next-line @typescript-eslint/consistent-type-definitions\nexport interface LoggerI {\n debug: LeveledLogMethodI;\n error: LeveledLogMethodI;\n info: LeveledLogMethodI;\n log: LogMethodI;\n warn: LeveledLogMethodI;\n}\n\nexport enum SCRIPT_LOCATIONS {\n BODY_OPEN = 'BODY_OPEN',\n DEFAULT = 'DEFAULT',\n HEAD_OPEN = 'HEAD_OPEN',\n}\n\nexport class ServerSsrContext<StateT>\n extends SsrContext<StateT>\n implements SsrContextT<StateT> {\n chunkGroups: ChunkGroupsT;\n\n chunks: string[] = [];\n\n redirectTo?: string;\n\n req: Request;\n\n status: number = 200;\n\n constructor(\n req: Request,\n chunkGroups: ChunkGroupsT,\n initialState?: StateT,\n ) {\n super(cloneDeep(initialState) ?? ({} as StateT));\n this.chunkGroups = chunkGroups;\n this.req = req;\n }\n}\n\ntype ScriptT = {\n code: string;\n location: SCRIPT_LOCATIONS;\n};\n\n/\n Reads build-time information about the app. This information is generated\n * by our standard Webpack config for apps, and it is written into\n * \".build-info\" file in the context folder specified in Webpack config.\n * At the moment, that file contains build timestamp and a random 32-bit key,\n * suitable for cryptographical use.\n * @param context Webpack context path used during the build.\n * @return Resolves to the build-time information.\n /\nfunction getBuildInfo(context: string) {\n const url = path.resolve(context, '.build-info');\n return JSON.parse(fs.readFileSync(url, 'utf8')) as BuildInfoT;\n}\n\n/\n Attempts to read from disk the named chunk groups mapping generated\n * by Webpack during the compilation.\n * It will not work for development builds, where these stats should be captured\n * via compilator callback.\n * @param buildDir\n * @return\n /\nfunction readChunkGroupsJson(buildDir: string) {\n const url = path.resolve(buildDir, '__chunk_groups__.json');\n let res;\n try {\n res = JSON.parse(fs.readFileSync(url, 'utf8')) as Record<string, string[]>;\n } catch {\n // TODO: Should we message the error here somehow?\n res = null;\n }\n return res;\n}\n\n/\n Prepares a new Cipher for data encryption.\n * @param key Encryption key (32-bit random, Base64-encoded key is expected).\n * @return Returns a tuple of:\n * 1. cipher - a new Cipher, ready for encryption;\n * 2. iv - initial vector used by the cipher.\n /\nfunction prepareCipher(key: string): [cipher: Cipheriv, iv: Buffer] {\n const iv = randomBytes(16);\n const cipher = createCipheriv('AES-256-CBC', Buffer.from(key, 'base64'), iv);\n return [cipher, iv];\n}\n\n/\n Given an incoming HTTP requests, it deduces whether Brotli-encoded responses\n * are acceptable to the caller.\n * @param req\n /\nexport function isBrotliAcceptable(req: Request): boolean {\n const acceptable = req.get('accept-encoding');\n if (acceptable) {\n const ops = acceptable.split(',');\n for (const op of ops) {\n const [type, priority] = op.trim().split(';q=');\n if ((type === '' \|\| type === 'br')\n && (!priority \|\| parseFloat(priority) > 0)) {\n return true;\n }\n }\n }\n return false;\n}\n\n/*\n Given an array of extra script strings / objects, it returns an object with\n * arrays of scripts to inject in different HTML template locations. During\n * the script groupping it also filters out any empty scripts.\n * @param {({\n * code: string;\n * location: string;\n * }\|string)[]} [scripts=[]]\n * @return {{\n * BODY_OPEN: string[];\n * DEFAULT: string[];\n * HEAD_OPEN: string[];\n * }}\n /\nfunction groupExtraScripts(scripts: Array<string \| ScriptT> = []) {\n const res = {\n [SCRIPT_LOCATIONS.BODY_OPEN]: '',\n [SCRIPT_LOCATIONS.DEFAULT]: '',\n [SCRIPT_LOCATIONS.HEAD_OPEN]: '',\n };\n for (const script of scripts) {\n if (typeof script === 'string') {\n if (script) res[SCRIPT_LOCATIONS.DEFAULT] += script;\n } else if (script.code) {\n if (script.location in res) res[script.location] += script.code;\n else throw Error(`Invalid location \"${script.location}\"`);\n }\n }\n return res;\n}\n\n/\n Creates a new default (Winston) logger.\n * @param {object} [options={}]\n * @param {string} [options.defaultLogLevel='info']\n * @return {object}\n /\nexport function newDefaultLogger({\n defaultLogLevel = 'info',\n} = {}): winston.Logger {\n const { format, transports } = winston;\n return winston.createLogger({\n format: format.combine(\n format.splat(),\n format.timestamp(),\n format.colorize(),\n format.printf(\n ({\n level,\n message,\n timestamp,\n stack,\n ...rest\n }) => {\n let res = `${level}\\t(at ${timestamp as string}):\\t${message as string}`;\n if (Object.keys(rest).length) {\n res += `\\n${JSON.stringify(rest, null, 2)}`;\n }\n if (stack) res += `\\n${stack as string}`;\n return res;\n },\n ),\n ),\n level: defaultLogLevel,\n transports: [new transports.Console()],\n });\n}\n\nexport type ConfigT = {\n [key: string]: ConfigT \| string;\n};\n\nexport type BeforeRenderResT = {\n configToInject?: ConfigT;\n extraScripts?: Array<ScriptT \| string>;\n initialState?: unknown;\n};\n\nexport type BeforeRenderT = (\n req: Request,\n config: ConfigT,\n) => BeforeRenderResT \| Promise<BeforeRenderResT>;\n\ntype CacheRefT = {\n key: string;\n maxage?: number;\n};\n\nexport type OptionsT = {\n Application?: ComponentType;\n beforeRender?: BeforeRenderT;\n buildInfo?: BuildInfoT;\n defaultLoggerLogLevel?: string;\n favicon?: string;\n logger?: LoggerI;\n maxSsrRounds?: number;\n noCsp?: boolean;\n staticCacheSize?: number;\n ssrTimeout?: number;\n staticCacheController?: (req: Request) => CacheRefT \| null \| undefined;\n};\n\n/\n Creates the middleware.\n * @param webpackConfig\n * @param options Additional options:\n * @param [options.Application] The root ReactJS component of\n * the app to use for the server-side rendering. When not provided\n * the server-side rendering is disabled.\n * @param [options.buildInfo] \"Build info\" object to use. If provided,\n * it will be used, instead of trying to load from the filesystem the one\n * generated by the Webpack build. It is intended for test environments,\n * where passing this stuff via file system is no bueno.\n * @param [options.favicon] `true` will include favicon\n * link into the rendered HTML templates.\n * @param [options.noCsp] `true` means that no\n * Content-Security-Policy (CSP) is used by server, thus the renderer\n * may cut a few corners.\n * @param [options.maxSsrRounds=10] Maximum number of SSR rounds.\n * @param [options.ssrTimeout=1000] SSR timeout in milliseconds,\n * defaults to 1 second.\n * @param [options.staticCacheSize=1.e7] The maximum\n * static cache size in bytes. Defaults to ~10 MB.\n * @param [options.staticCacheController] When given, it activates,\n * and controls the static caching of generated HTML markup. When this function\n * is provided, on each incoming request it is triggered with the request\n * passed in as the argument. To attempt to serve the response from the cache\n * it should return the object with the following fields:\n * - `key: string` – the cache key for the response;\n * - `maxage?: number` – the maximum age of cached result in ms.\n * If undefined - infinite age is assumed.\n * @return Created middleware.\n /\nexport default function factory(\n webpackConfig: Configuration,\n options: OptionsT,\n): RequestHandler {\n const ops: OptionsT = defaults({ ...options }, {\n beforeRender: async () => Promise.resolve({}),\n maxSsrRounds: 10,\n ssrTimeout: 1000,\n staticCacheSize: 1.e7,\n });\n\n // Note: in normal use the default logger is created and set in the root\n // server function, and this initialization is for testing uses, where\n // renderer is imported directly.\n ops.logger ??= newDefaultLogger({\n defaultLogLevel: ops.defaultLoggerLogLevel,\n });\n\n const buildInfo = ops.buildInfo ?? getBuildInfo(webpackConfig.context!);\n setBuildInfo(buildInfo);\n\n // publicPath from webpack.output has a trailing slash at the end.\n const { publicPath, path: outputPath } = webpackConfig.output!;\n\n const manifestLink = fs.existsSync(`${outputPath}/manifest.json`)\n ? `<link rel=\"manifest\" href=\"${publicPath as string}manifest.json\">` : '';\n\n // eslint-disable-next-line @typescript-eslint/consistent-type-definitions\n interface BufferWithNonce extends ArrayBuffer {\n nonce: string;\n }\n\n const cache = ops.staticCacheController\n ? new Cache<{\n buffer: BufferWithNonce;\n status: number;\n }>(ops.staticCacheSize!)\n : null;\n\n const CHUNK_GROUPS = readChunkGroupsJson(outputPath!);\n\n // TODO: Look at it later.\n // eslint-disable-next-line complexity\n return async (req, res, next) => {\n try {\n // Ensures any caches always revalidate HTML markup before reuse.\n res.set('Cache-Control', 'no-cache');\n\n res.cookie('csrfToken', req.csrfToken());\n\n let cacheRef: CacheRefT \| null \| undefined;\n if (cache) {\n cacheRef = ops.staticCacheController!(req);\n if (cacheRef) {\n const data = cache.get(cacheRef);\n if (data !== null) {\n const { buffer, status } = data;\n if (ops.noCsp && isBrotliAcceptable(req)) {\n res.set('Content-Type', 'text/html');\n res.set('Content-Encoding', 'br');\n if (status !== 200) res.status(status);\n res.send(buffer);\n } else {\n await new Promise<void>((done, failed) => {\n brotliDecompress(buffer, (error, html) => {\n if (error) failed(error);\n else {\n let h = html.toString();\n if (!ops.noCsp) {\n // TODO: Starting from Node v15 we'll be able to use string's\n // .replaceAll() method instead relying on reg. expression for\n // global matching.\n const regex = new RegExp(buffer.nonce, 'g');\n\n // TODO: It should be implemented more careful.\n h = h.replace(regex, (req as unknown as {\n nonce: string;\n }).nonce);\n }\n if (status !== 200) res.status(status);\n res.send(h);\n done();\n }\n });\n });\n }\n return;\n }\n }\n }\n\n const brr = ops.beforeRender!(req, sanitizedConfig as unknown as ConfigT);\n const { configToInject, extraScripts, initialState } = await brr;\n\n const [cipher, iv] = prepareCipher(buildInfo.key);\n\n let helmet: HelmetDataContext['helmet'];\n\n // Gets the mapping between code chunk names and their asset files.\n // These data come from the Webpack compilation, either from the stats\n // attached to the request (in dev mode), or from a file output during\n // the build (in prod mode).\n let chunkGroups: ChunkGroupsT;\n const webpackStats = get(res.locals, 'webpack.devMiddleware.stats') as Stats \| undefined;\n if (webpackStats) {\n chunkGroups = mapValues(\n webpackStats.toJson({\n all: false,\n chunkGroups: true,\n }).namedChunkGroups,\n (item) => item.assets?.map(({ name }: { name: string }) => name)\n ?? [],\n );\n } else if (CHUNK_GROUPS) chunkGroups = CHUNK_GROUPS;\n else chunkGroups = {};\n\n / Optional server-side rendering. /\n const App = ops.Application;\n let appHtmlMarkup: string = '';\n const ssrContext = new ServerSsrContext(req, chunkGroups, initialState);\n let stream: NodeJS.ReadableStream;\n if (App) {\n const ssrStart = Date.now();\n\n // TODO: Somehow, without it TS does not realise that\n // App has been checked to exist.\n const App2 = App;\n\n const renderPass = async () => new Promise<NodeJS.ReadableStream>(\n (resolveArg, rejectArg) => {\n ssrContext.chunks = [];\n\n // NOTE: JS does not have problems if resolve() and reject() methods\n // of a Promise are called multiple times, with different arguments;\n // it only respects the first call, and ignores subsequent ones.\n // We, however, really want to assert that here, to safeguard against\n // any future problems due to unexpected internal changes in React,\n // if any.\n let error: unknown;\n\n const resolve = (arg: NodeJS.ReadableStream) => {\n if (error !== undefined) throw Error('Internal error');\n error = null;\n resolveArg(arg);\n };\n\n const reject = (arg: unknown) => {\n if (error !== undefined && error !== arg) {\n throw Error('Internal error');\n }\n error = arg;\n rejectArg(arg as Error);\n };\n\n // TODO: prerenderToNodeStream has (abort) \"signal\" option,\n // and we should wire it up to the SSR timeout below.\n const helmetContext = {} as HelmetDataContext;\n void prerenderToNodeStream(\n <GlobalStateProvider\n initialState={ssrContext.state}\n ssrContext={ssrContext}\n >\n <StaticRouter location={req.url}>\n <HelmetProvider context={helmetContext}>\n <App2 />\n </HelmetProvider>\n </StaticRouter>\n </GlobalStateProvider>,\n { onError: reject },\n ).then((result) => {\n ({ helmet } = helmetContext);\n resolve(result.prelude);\n }).catch(reject);\n },\n );\n\n let ssrRound = 0;\n let bailed = false;\n for (; ssrRound < ops.maxSsrRounds!; ++ssrRound) {\n stream = await renderPass();\n\n if (!ssrContext.dirty) break;\n\n const timeout = ops.ssrTimeout! + ssrStart - Date.now();\n bailed = timeout <= 0 \|\| !await Promise.race([\n Promise.allSettled(ssrContext.pending),\n timer(timeout).then(() => false),\n ]);\n if (bailed) break;\n }\n\n let logMsg;\n if (ssrContext.dirty) {\n // NOTE: In the case of incomplete SSR one more round is necessary\n // to ensure the correct hydration when some pending promises have\n // resolved and placed their data into the initial global state.\n stream = await renderPass();\n\n logMsg = bailed ? `SSR timed out after ${ops.ssrTimeout} second(s)`\n : `SSR bailed out after ${ops.maxSsrRounds} round(s)`;\n } else logMsg = `SSR completed in ${ssrRound + 1} round(s)`;\n\n ops.logger!.log(ssrContext.dirty ? 'warn' : 'info', logMsg);\n\n if (ssrContext.redirectTo) {\n res.redirect(ssrContext.status, ssrContext.redirectTo);\n return;\n }\n\n await new Promise((ready) => {\n stream!.pipe(new Writable({\n destroy: ready,\n write: (chunk: { toString: () => string }, _, done) => {\n appHtmlMarkup += chunk.toString();\n done();\n },\n }));\n });\n }\n\n / Encrypts data to be injected into HTML.\n * Keep in mind, that this encryption is no way secure: as the JS bundle\n * contains decryption key and is able to decode it at the client side.\n * Hovewer, for a number of reasons, encryption of injected data is still\n * better than injection of a plain text. */\n const payload = serializeJs({\n CHUNK_GROUPS: chunkGroups,\n CONFIG: configToInject ?? sanitizedConfig,\n ISTATE: ssrContext.state,\n }, {\n ignoreFunction: true,\n unsafe: true,\n });\n\n const INJ = Buffer.concat([\n iv,\n cipher.update(payload, 'utf8'),\n cipher.final(),\n ]).toString('base64');\n\n const chunkSet = new Set<string>();\n\n // TODO: \"main\" chunk has to be added explicitly,\n // because unlike all other chunks they are not managed by <CodeSplit>\n // component, thus they are not added to the ssrContext.chunks\n // automatically. Actually, names of these entry chunks should be\n // read from Wepback config, as the end user may customize them,\n // remove or add other entry points, but it requires additional\n // efforts to figure out how to automatically order them right,\n // thus for now this handles the default config.\n [\n 'main',\n ...ssrContext.chunks,\n ].forEach((chunk) => {\n const assets = chunkGroups[chunk];\n if (assets) assets.forEach((asset) => chunkSet.add(asset));\n });\n\n let styleChunkString = '';\n let scriptChunkString = '';\n chunkSet.forEach((chunk) => {\n if (chunk.endsWith('.css')) {\n styleChunkString += `<link href=\"${publicPath as string}${chunk}\" rel=\"stylesheet\">`;\n } else if (\n chunk.endsWith('.js')\n // In dev mode HMR adds JS updates into asset arrays,\n // and they (updates) should be ignored.\n && !chunk.endsWith('.hot-update.js')\n ) {\n scriptChunkString += `<script src=\"${publicPath as string}${chunk}\" type=\"application/javascript\"></script>`;\n }\n });\n\n const grouppedExtraScripts = groupExtraScripts(extraScripts);\n\n const faviconLink = ops.favicon\n ? '<link rel=\"shortcut icon\" href=\"/favicon.ico\">'\n : '';\n\n const html = `<!DOCTYPE html>\n <html lang=\"en\">\n <head>\n ${grouppedExtraScripts[SCRIPT_LOCATIONS.HEAD_OPEN]}\n ${helmet?.title.toString() ?? ''}\n ${helmet?.meta.toString() ?? ''}\n <meta name=\"theme-color\" content=\"#FFFFFF\">\n ${manifestLink}\n ${helmet?.link.toString() ?? ''}${styleChunkString}\n ${faviconLink}\n <meta charset=\"utf-8\">\n <meta\n content=\"width=device-width,initial-scale=1.0\"\n name=\"viewport\"\n >\n <meta itemprop=\"drpruinj\" content=\"${INJ}\">\n </head>\n <body>\n ${grouppedExtraScripts[SCRIPT_LOCATIONS.BODY_OPEN]}\n <div id=\"react-view\">${appHtmlMarkup}</div>\n ${scriptChunkString}\n ${grouppedExtraScripts[SCRIPT_LOCATIONS.DEFAULT]}\n </body>\n </html>`;\n\n const status = ssrContext.status \|\| 200;\n if (status !== 200) res.status(status);\n\n if (cacheRef && status < 500) {\n // Note: waiting for the caching to complete is not strictly necessary,\n // but it greately simplifies testing, and error reporting.\n await new Promise<void>((done, failed) => {\n brotliCompress(html, (error, buffer) => {\n if (error) failed(error);\n else {\n const b = buffer as unknown as BufferWithNonce;\n b.nonce = (req as unknown as {\n nonce: string;\n }).nonce;\n cache!.add({ buffer: b, status }, cacheRef.key, buffer.length);\n done();\n }\n });\n });\n }\n\n // Note: as caching code above may throw in some cases, sending response\n // before it completes will likely hide the error, making it difficult\n // to debug. Thus, at least for now, lets send response after it.\n res.send(html);\n } catch (error) {\n next(error);\n }\n };\n}\n"],"mappings":"k+BAAA;AACA;AACA,GAEA,OAASA,MAAM,KAAQ,aAAa,CACpC,OAAwBC,cAAc,CAAEC,WAAW,KAAQ,aAAa,CACxE,MAAO,CAAAC,EAAE,KAAM,SAAS,CACxB,MAAO,CAAAC,IAAI,KAAM,WAAW,CAC5B,OAASC,QAAQ,KAAQ,aAAa,CACtC,OAASC,cAAc,CAAEC,gBAAgB,KAAQ,WAAW,CAK5D,MAAO,CAAAC,OAAO,KAAM,SAAS,CAE7B,OAASC,mBAAmB,CAAEC,UAAU,KAAQ,gCAAgC,CAChF,OAASC,KAAK,KAAQ,sBAAsB,CAE5C,OACEC,SAAS,CACTC,QAAQ,CACRC,GAAG,CACHC,SAAS,KACJ,WAAW,CAElB,MAAO,CAAAC,MAAM,KAAM,QAAQ,CAE3B,OAASC,qBAAqB,KAAQ,kBAAkB,CACxD,OAAiCC,cAAc,KAAQ,0BAA0B,CACjF,OAASC,YAAY,KAAQ,cAAc,CAC3C,MAAO,CAAAC,WAAW,KAAM,sBAAsB,QACpBC,YAAY,oDAI/B,CAAAC,KAAK,kBAEZ;AACA;AAAA,OAAAC,GAAA,IAAAC,IAAA,yBACA,KAAM,CAAEC,MAAM,CAAE,GAAGC,eAAgB,CAAC,CAAGV,MAAM,CAE7C;AACA;AACA;AACA;AAMA;AAMA;AASA,UAAY,CAAAW,gBAAgB,uBAAhBA,gBAAgB,EAAhBA,gBAAgB,0BAAhBA,gBAAgB,sBAAhBA,gBAAgB,gCAAhB,CAAAA,gBAAgB,MAM5B,MAAO,MAAM,CAAAC,gBAAgB,QACnB,CAAAlB,UACuB,CAG/BmB,MAAM,CAAa,EAAE,CAMrBC,MAAM,CAAW,GAAG,CAEpBC,WAAWA,CACTC,GAAY,CACZC,WAAyB,CACzBC,YAAqB,CACrB,CACA,KAAK,CAACtB,SAAS,CAACsB,YAAY,CAAC,EAAK,CAAC,CAAY,CAAC,CAChD,IAAI,CAACD,WAAW,CAAGA,WAAW,CAC9B,IAAI,CAACD,GAAG,CAAGA,GACb,CACF,CAOA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GACA,QAAS,CAAAG,YAAYA,CAACC,OAAe,CAAE,CACrC,KAAM,CAAAC,GAAG,CAAGjC,IAAI,CAACkC,OAAO,CAACF,OAAO,CAAE,aAAa,CAAC,CAChD,MAAO,CAAAG,IAAI,CAACC,KAAK,CAACrC,EAAE,CAACsC,YAAY,CAACJ,GAAG,CAAE,MAAM,CAAC,CAChD,CAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GACA,QAAS,CAAAK,mBAAmBA,CAACC,QAAgB,CAAE,CAC7C,KAAM,CAAAN,GAAG,CAAGjC,IAAI,CAACkC,OAAO,CAACK,QAAQ,CAAE,uBAAuB,CAAC,CAC3D,GAAI,CAAAC,GAAG,CACP,GAAI,CACFA,GAAG,CAAGL,IAAI,CAACC,KAAK,CAACrC,EAAE,CAACsC,YAAY,CAACJ,GAAG,CAAE,MAAM,CAAC,CAC/C,CAAE,KAAM,CACN;AACAO,GAAG,CAAG,IACR,CACA,MAAO,CAAAA,GACT,CAEA;AACA;AACA;AACA;AACA;AACA;AACA,GACA,QAAS,CAAAC,aAAaA,CAACC,GAAW,CAAkC,CAClE,KAAM,CAAAC,EAAE,CAAG7C,WAAW,CAAC,EAAE,CAAC,CAC1B,KAAM,CAAA8C,MAAM,CAAG/C,cAAc,CAAC,aAAa,CAAED,MAAM,CAACiD,IAAI,CAACH,GAAG,CAAE,QAAQ,CAAC,CAAEC,EAAE,CAAC,CAC5E,MAAO,CAACC,MAAM,CAAED,EAAE,CACpB,CAEA;AACA;AACA;AACA;AACA,GACA,MAAO,SAAS,CAAAG,kBAAkBA,CAAClB,GAAY,CAAW,CACxD,KAAM,CAAAmB,UAAU,CAAGnB,GAAG,CAAClB,GAAG,CAAC,iBAAiB,CAAC,CAC7C,GAAIqC,UAAU,CAAE,CACd,KAAM,CAAAC,GAAG,CAAGD,UAAU,CAACE,KAAK,CAAC,GAAG,CAAC,CACjC,IAAK,KAAM,CAAAC,EAAE,GAAI,CAAAF,GAAG,CAAE,CACpB,KAAM,CAACG,IAAI,CAAEC,QAAQ,CAAC,CAAGF,EAAE,CAACG,IAAI,CAAC,CAAC,CAACJ,KAAK,CAAC,KAAK,CAAC,CAC/C,GAAI,CAACE,IAAI,GAAK,GAAG,EAAIA,IAAI,GAAK,IAAI,IAC5B,CAACC,QAAQ,EAAIE,UAAU,CAACF,QAAQ,CAAC,CAAG,CAAC,CAAC,CAAE,CAC5C,MAAO,KACT,CACF,CACF,CACA,MAAO,MACT,CAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GACA,QAAS,CAAAG,iBAAiBA,CAACC,OAAgC,CAAG,EAAE,CAAE,CAChE,KAAM,CAAAhB,GAAG,CAAG,CACV,CAACjB,gBAAgB,CAACkC,SAAS,EAAG,EAAE,CAChC,CAAClC,gBAAgB,CAACmC,OAAO,EAAG,EAAE,CAC9B,CAACnC,gBAAgB,CAACoC,SAAS,EAAG,EAChC,CAAC,CACD,IAAK,KAAM,CAAAC,MAAM,GAAI,CAAAJ,OAAO,CAAE,CAC5B,GAAI,MAAO,CAAAI,MAAM,GAAK,QAAQ,CAAE,CAC9B,GAAIA,MAAM,CAAEpB,GAAG,CAACjB,gBAAgB,CAACmC,OAAO,CAAC,EAAIE,MAC/C,CAAC,IAAM,IAAIA,MAAM,CAACC,IAAI,CAAE,CACtB,GAAID,MAAM,CAACE,QAAQ,GAAI,CAAAtB,GAAG,CAAEA,GAAG,CAACoB,MAAM,CAACE,QAAQ,CAAC,EAAIF,MAAM,CAACC,IAAI,CAAC,IAC3D,MAAM,CAAAE,KAAK,CAAC,qBAAqBH,MAAM,CAACE,QAAQ,GAAG,CAC1D,CACF,CACA,MAAO,CAAAtB,GACT,CAEA;AACA;AACA;AACA;AACA;AACA,GACA,MAAO,SAAS,CAAAwB,gBAAgBA,CAAC,CAC/BC,eAAe,CAAG,MACpB,CAAC,CAAG,CAAC,CAAC,CAAkB,CACtB,KAAM,CAAEC,MAAM,CAAEC,UAAW,CAAC,CAAG/D,OAAO,CACtC,MAAO,CAAAA,OAAO,CAACgE,YAAY,CAAC,CAC1BF,MAAM,CAAEA,MAAM,CAACG,OAAO,CACpBH,MAAM,CAACI,KAAK,CAAC,CAAC,CACdJ,MAAM,CAACK,SAAS,CAAC,CAAC,CAClBL,MAAM,CAACM,QAAQ,CAAC,CAAC,CACjBN,MAAM,CAACO,MAAM,CACX,CAAC,CACCC,KAAK,CACLC,OAAO,CACPJ,SAAS,CACTK,KAAK,CACL,GAAGC,IACL,CAAC,GAAK,CACJ,GAAI,CAAArC,GAAG,CAAG,GAAGkC,KAAK,SAASH,SAAS,OAAiBI,OAAO,EAAY,CACxE,GAAIG,MAAM,CAACC,IAAI,CAACF,IAAI,CAAC,CAACG,MAAM,CAAE,CAC5BxC,GAAG,EAAI,KAAKL,IAAI,CAAC8C,SAAS,CAACJ,IAAI,CAAE,IAAI,CAAE,CAAC,CAAC,EAC3C,CACA,GAAID,KAAK,CAAEpC,GAAG,EAAI,KAAKoC,KAAK,EAAY,CACxC,MAAO,CAAApC,GACT,CACF,CACF,CAAC,CACDkC,KAAK,CAAET,eAAe,CACtBE,UAAU,CAAE,CAAC,GAAI,CAAAA,UAAU,CAACe,OAAS,CACvC,CAAC,CACH,CAoCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GACA,cAAe,SAAS,CAAAC,OAAOA,CAC7BC,aAA4B,CAC5BC,OAAiB,CACD,CAChB,KAAM,CAAArC,GAAa,CAAGvC,QAAQ,CAAC,CAAE,GAAG4E,OAAQ,CAAC,CAAE,CAC7CC,YAAY,CAAE,KAAAA,CAAA,GAAYC,OAAO,CAACrD,OAAO,CAAC,CAAC,CAAC,CAAC,CAC7CsD,YAAY,CAAE,EAAE,CAChBC,UAAU,CAAE,IAAI,CAChBC,eAAe,CAAE,IACnB,CAAC,CAAC,CAEF;AACA;AACA;AACA1C,GAAG,CAAC2C,MAAM,GAAK3B,gBAAgB,CAAC,CAC9BC,eAAe,CAAEjB,GAAG,CAAC4C,qBACvB,CAAC,CAAC,CAEF,KAAM,CAAAC,SAAS,CAAG7C,GAAG,CAAC6C,SAAS,EAAI9D,YAAY,CAACqD,aAAa,CAACpD,OAAQ,CAAC,CACvEf,YAAY,CAAC4E,SAAS,CAAC,CAEvB;AACA,KAAM,CAAEC,UAAU,CAAE9F,IAAI,CAAE+F,UAAW,CAAC,CAAGX,aAAa,CAACY,MAAO,CAE9D,KAAM,CAAAC,YAAY,CAAGlG,EAAE,CAACmG,UAAU,CAAC,GAAGH,UAAU,gBAAgB,CAAC,CAC7D,8BAA8BD,UAAU,iBAA2B,CAAG,EAAE,CAE5E;AAKA,KAAM,CAAAK,KAAK,CAAGnD,GAAG,CAACoD,qBAAqB,CACnC,GAAI,CAAAlF,KAAK,CAGR8B,GAAG,CAAC0C,eAAgB,CAAC,CACtB,IAAI,CAER,KAAM,CAAAW,YAAY,CAAG/D,mBAAmB,CAACyD,UAAW,CAAC,CAErD;AACA;AACA,MAAO,OAAOnE,GAAG,CAAEY,GAAG,CAAE8D,IAAI,GAAK,CAC/B,GAAI,CACF;AACA9D,GAAG,CAAC+D,GAAG,CAAC,eAAe,CAAE,UAAU,CAAC,CAEpC/D,GAAG,CAACgE,MAAM,CAAC,WAAW,CAAE5E,GAAG,CAAC6E,SAAS,CAAC,CAAC,CAAC,CAExC,GAAI,CAAAC,QAAsC,CAC1C,GAAIP,KAAK,CAAE,CACTO,QAAQ,CAAG1D,GAAG,CAACoD,qBAAqB,CAAExE,GAAG,CAAC,CAC1C,GAAI8E,QAAQ,CAAE,CACZ,KAAM,CAAAC,IAAI,CAAGR,KAAK,CAACzF,GAAG,CAACgG,QAAQ,CAAC,CAChC,GAAIC,IAAI,GAAK,IAAI,CAAE,CACjB,KAAM,CAAEC,MAAM,CAAElF,MAAO,CAAC,CAAGiF,IAAI,CAC/B,GAAI3D,GAAG,CAAC6D,KAAK,EAAI/D,kBAAkB,CAAClB,GAAG,CAAC,CAAE,CACxCY,GAAG,CAAC+D,GAAG,CAAC,cAAc,CAAE,WAAW,CAAC,CACpC/D,GAAG,CAAC+D,GAAG,CAAC,kBAAkB,CAAE,IAAI,CAAC,CACjC,GAAI7E,MAAM,GAAK,GAAG,CAAEc,GAAG,CAACd,MAAM,CAACA,MAAM,CAAC,CACtCc,GAAG,CAACsE,IAAI,CAACF,MAAM,CACjB,CAAC,IAAM,CACL,KAAM,IAAI,CAAArB,OAAO,CAAO,CAACwB,IAAI,CAAEC,MAAM,GAAK,CACxC7G,gBAAgB,CAACyG,MAAM,CAAE,CAACK,KAAK,CAAEC,IAAI,GAAK,CACxC,GAAID,KAAK,CAAED,MAAM,CAACC,KAAK,CAAC,CAAC,IACpB,CACH,GAAI,CAAAE,CAAC,CAAGD,IAAI,CAACE,QAAQ,CAAC,CAAC,CACvB,GAAI,CAACpE,GAAG,CAAC6D,KAAK,CAAE,CACd;AACA;AACA;AACA,KAAM,CAAAQ,KAAK,CAAG,GAAI,CAAAC,MAAM,CAACV,MAAM,CAACW,KAAK,CAAE,GAAG,CAAC,CAE3C;AACAJ,CAAC,CAAGA,CAAC,CAACK,OAAO,CAACH,KAAK,CAAGzF,GAAG,CAEtB2F,KAAK,CACV,CACA,GAAI7F,MAAM,GAAK,GAAG,CAAEc,GAAG,CAACd,MAAM,CAACA,MAAM,CAAC,CACtCc,GAAG,CAACsE,IAAI,CAACK,CAAC,CAAC,CACXJ,IAAI,CAAC,CACP,CACF,CAAC,CACH,CAAC,CACH,CACA,MACF,CACF,CACF,CAEA,KAAM,CAAAU,GAAG,CAAGzE,GAAG,CAACsC,YAAY,CAAE1D,GAAG,CAAEN,eAAqC,CAAC,CACzE,KAAM,CAAEoG,cAAc,CAAEC,YAAY,CAAE7F,YAAa,CAAC,CAAG,KAAM,CAAA2F,GAAG,CAEhE,KAAM,CAAC7E,MAAM,CAAED,EAAE,CAAC,CAAGF,aAAa,CAACoD,SAAS,CAACnD,GAAG,CAAC,CAEjD,GAAI,CAAAkF,MAAmC,CAEvC;AACA;AACA;AACA;AACA,GAAI,CAAA/F,WAAyB,CAC7B,KAAM,CAAAgG,YAAY,CAAGnH,GAAG,CAAC8B,GAAG,CAACsF,MAAM,CAAE,6BAA6B,CAAsB,CACxF,GAAID,YAAY,CAAE,CAChBhG,WAAW,CAAGlB,SAAS,CACrBkH,YAAY,CAACE,MAAM,CAAC,CAClBC,GAAG,CAAE,KAAK,CACVnG,WAAW,CAAE,IACf,CAAC,CAAC,CAACoG,gBAAgB,CAClBC,IAAI,EAAKA,IAAI,CAACC,MAAM,EAAEC,GAAG,CAAC,CAAC,CAAEC,IAAuB,CAAC,GAAKA,IAAI,CAAC,EAC3D,EACP,CACF,CAAC,IAAM,IAAIhC,YAAY,CAAExE,WAAW,CAAGwE,YAAY,CAAC,IAC/C,CAAAxE,WAAW,CAAG,CAAC,CAAC,CAErB,qCACA,KAAM,CAAAyG,GAAG,CAAGtF,GAAG,CAACuF,WAAW,CAC3B,GAAI,CAAAC,aAAqB,CAAG,EAAE,CAC9B,KAAM,CAAAC,UAAU,CAAG,GAAI,CAAAjH,gBAAgB,CAACI,GAAG,CAAEC,WAAW,CAAEC,YAAY,CAAC,CACvE,GAAI,CAAA4G,MAA6B,CACjC,GAAIJ,GAAG,CAAE,CACP,KAAM,CAAAK,QAAQ,CAAGC,IAAI,CAACC,GAAG,CAAC,CAAC,CAE3B;AACA;AACA,KAAM,CAAAC,IAAI,CAAGR,GAAG,CAEhB,KAAM,CAAAS,UAAU,CAAG,KAAAA,CAAA,GAAY,GAAI,CAAAxD,OAAO,CACxC,CAACyD,UAAU,CAAEC,SAAS,GAAK,CACzBR,UAAU,CAAChH,MAAM,CAAG,EAAE,CAEtB;AACA;AACA;AACA;AACA;AACA;AACA,GAAI,CAAAwF,KAAc,CAElB,KAAM,CAAA/E,OAAO,CAAIgH,GAA0B,EAAK,CAC9C,GAAIjC,KAAK,GAAKkC,SAAS,CAAE,KAAM,CAAApF,KAAK,CAAC,gBAAgB,CAAC,CACtDkD,KAAK,CAAG,IAAI,CACZ+B,UAAU,CAACE,GAAG,CAChB,CAAC,CAED,KAAM,CAAAE,MAAM,CAAIF,GAAY,EAAK,CAC/B,GAAIjC,KAAK,GAAKkC,SAAS,EAAIlC,KAAK,GAAKiC,GAAG,CAAE,CACxC,KAAM,CAAAnF,KAAK,CAAC,gBAAgB,CAC9B,CACAkD,KAAK,CAAGiC,GAAG,CACXD,SAAS,CAACC,GAAY,CACxB,CAAC,CAED;AACA;AACA,KAAM,CAAAG,aAAa,CAAG,CAAC,CAAsB,CAC7C,IAAK,CAAAxI,qBAAqB,cACxBO,IAAA,CAACf,mBAAmB,EAClByB,YAAY,CAAE2G,UAAU,CAACa,KAAM,CAC/Bb,UAAU,CAAEA,UAAW,CAAAc,QAAA,cAEvBnI,IAAA,CAACL,YAAY,EAAC+C,QAAQ,CAAElC,GAAG,CAACK,GAAI,CAAAsH,QAAA,cAC9BnI,IAAA,CAACN,cAAc,EAACkB,OAAO,CAAEqH,aAAc,CAAAE,QAAA,cACrCnI,IAAA,CAAC0H,IAAI,GAAE,CAAC,CACM,CAAC,CACL,CAAC,CACI,CAAC,CACtB,CAAEU,OAAO,CAAEJ,MAAO,CACpB,CAAC,CAACK,IAAI,CAAEC,MAAM,EAAK,CACjB,CAAC,CAAE9B,MAAO,CAAC,CAAGyB,aAAa,EAC3BnH,OAAO,CAACwH,MAAM,CAACC,OAAO,CACxB,CAAC,CAAC,CAACC,KAAK,CAACR,MAAM,CACjB,CACF,CAAC,CAED,GAAI,CAAAS,QAAQ,CAAG,CAAC,CAChB,GAAI,CAAAC,MAAM,CAAG,KAAK,CAClB,KAAOD,QAAQ,CAAG7G,GAAG,CAACwC,YAAa,CAAE,EAAEqE,QAAQ,CAAE,CAC/CnB,MAAM,CAAG,KAAM,CAAAK,UAAU,CAAC,CAAC,CAE3B,GAAI,CAACN,UAAU,CAACsB,KAAK,CAAE,MAEvB,KAAM,CAAAC,OAAO,CAAGhH,GAAG,CAACyC,UAAU,CAAIkD,QAAQ,CAAGC,IAAI,CAACC,GAAG,CAAC,CAAC,CACvDiB,MAAM,CAAGE,OAAO,EAAI,CAAC,EAAI,EAAC,KAAM,CAAAzE,OAAO,CAAC0E,IAAI,CAAC,CAC3C1E,OAAO,CAAC2E,UAAU,CAACzB,UAAU,CAAC0B,OAAO,CAAC,CACtC5J,KAAK,CAACyJ,OAAO,CAAC,CAACP,IAAI,CAAC,IAAM,KAAK,CAAC,CACjC,CAAC,EACF,GAAIK,MAAM,CAAE,KACd,CAEA,GAAI,CAAAM,MAAM,CACV,GAAI3B,UAAU,CAACsB,KAAK,CAAE,CACpB;AACA;AACA;AACArB,MAAM,CAAG,KAAM,CAAAK,UAAU,CAAC,CAAC,CAE3BqB,MAAM,CAAGN,MAAM,CAAG,uBAAuB9G,GAAG,CAACyC,UAAU,YAAY,CAC/D,wBAAwBzC,GAAG,CAACwC,YAAY,WAC9C,CAAC,IAAM,CAAA4E,MAAM,CAAG,oBAAoBP,QAAQ,CAAG,CAAC,WAAW,CAE3D7G,GAAG,CAAC2C,MAAM,CAAE0E,GAAG,CAAC5B,UAAU,CAACsB,KAAK,CAAG,MAAM,CAAG,MAAM,CAAEK,MAAM,CAAC,CAE3D,GAAI3B,UAAU,CAAC6B,UAAU,CAAE,CACzB9H,GAAG,CAAC+H,QAAQ,CAAC9B,UAAU,CAAC/G,MAAM,CAAE+G,UAAU,CAAC6B,UAAU,CAAC,CACtD,MACF,CAEA,KAAM,IAAI,CAAA/E,OAAO,CAAEiF,KAAK,EAAK,CAC3B9B,MAAM,CAAE+B,IAAI,CAAC,GAAI,CAAAxK,QAAQ,CAAC,CACxByK,OAAO,CAAEF,KAAK,CACdG,KAAK,CAAEA,CAACC,KAAiC,CAAEC,CAAC,CAAE9D,IAAI,GAAK,CACrDyB,aAAa,EAAIoC,KAAK,CAACxD,QAAQ,CAAC,CAAC,CACjCL,IAAI,CAAC,CACP,CACF,CAAC,CAAC,CACJ,CAAC,CACH,CAEA;AACN;AACA;AACA;AACA,kDACM,KAAM,CAAA+D,OAAO,CAAG9J,WAAW,CAAC,CAC1BqF,YAAY,CAAExE,WAAW,CACzBkJ,MAAM,CAAErD,cAAc,EAAIpG,eAAe,CACzC0J,MAAM,CAAEvC,UAAU,CAACa,KACrB,CAAC,CAAE,CACD2B,cAAc,CAAE,IAAI,CACpBC,MAAM,CAAE,IACV,CAAC,CAAC,CAEF,KAAM,CAAAC,GAAG,CAAGvL,MAAM,CAACwL,MAAM,CAAC,CACxBzI,EAAE,CACFC,MAAM,CAACyI,MAAM,CAACP,OAAO,CAAE,MAAM,CAAC,CAC9BlI,MAAM,CAAC0I,KAAK,CAAC,CAAC,CACf,CAAC,CAAClE,QAAQ,CAAC,QAAQ,CAAC,CAErB,KAAM,CAAAmE,QAAQ,CAAG,GAAI,CAAAC,GAAa,CAElC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,CACE,MAAM,CACN,GAAG/C,UAAU,CAAChH,MAAM,CACrB,CAACgK,OAAO,CAAEb,KAAK,EAAK,CACnB,KAAM,CAAAzC,MAAM,CAAGtG,WAAW,CAAC+I,KAAK,CAAC,CACjC,GAAIzC,MAAM,CAAEA,MAAM,CAACsD,OAAO,CAAEC,KAAK,EAAKH,QAAQ,CAACI,GAAG,CAACD,KAAK,CAAC,CAC3D,CAAC,CAAC,CAEF,GAAI,CAAAE,gBAAgB,CAAG,EAAE,CACzB,GAAI,CAAAC,iBAAiB,CAAG,EAAE,CAC1BN,QAAQ,CAACE,OAAO,CAAEb,KAAK,EAAK,CAC1B,GAAIA,KAAK,CAACkB,QAAQ,CAAC,MAAM,CAAC,CAAE,CAC1BF,gBAAgB,EAAI,eAAe9F,UAAU,GAAa8E,KAAK,qBACjE,CAAC,IAAM,IACLA,KAAK,CAACkB,QAAQ,CAAC,KAAK,CACpB;AACA;AAAA,EACG,CAAClB,KAAK,CAACkB,QAAQ,CAAC,gBAAgB,CAAC,CACpC,CACAD,iBAAiB,EAAI,gBAAgB/F,UAAU,GAAa8E,KAAK,2CACnE,CACF,CAAC,CAAC,CAEF,KAAM,CAAAmB,oBAAoB,CAAGxI,iBAAiB,CAACoE,YAAY,CAAC,CAE5D,KAAM,CAAAqE,WAAW,CAAGhJ,GAAG,CAACiJ,OAAO,CAC3B,oDAAgD,CAChD,EAAE,CAEN,KAAM,CAAA/E,IAAI,CAAG;AACnB;AACA;AACA,cAAc6E,oBAAoB,CAACxK,gBAAgB,CAACoC,SAAS,CAAC;AAC9D,cAAciE,MAAM,EAAEsE,KAAK,CAAC9E,QAAQ,CAAC,CAAC,EAAI,EAAE;AAC5C,cAAcQ,MAAM,EAAEuE,IAAI,CAAC/E,QAAQ,CAAC,CAAC,EAAI,EAAE;AAC3C;AACA,cAAcnB,YAAY;AAC1B,cAAc2B,MAAM,EAAEwE,IAAI,CAAChF,QAAQ,CAAC,CAAC,EAAI,EAAE,GAAGwE,gBAAgB;AAC9D,cAAcI,WAAW;AACzB;AACA;AACA;AACA;AACA;AACA,iDAAiDb,GAAG;AACpD;AACA;AACA,cAAcY,oBAAoB,CAACxK,gBAAgB,CAACkC,SAAS,CAAC;AAC9D,mCAAmC+E,aAAa;AAChD,cAAcqD,iBAAiB;AAC/B,cAAcE,oBAAoB,CAACxK,gBAAgB,CAACmC,OAAO,CAAC;AAC5D;AACA,gBAAgB,CAEV,KAAM,CAAAhC,MAAM,CAAG+G,UAAU,CAAC/G,MAAM,EAAI,GAAG,CACvC,GAAIA,MAAM,GAAK,GAAG,CAAEc,GAAG,CAACd,MAAM,CAACA,MAAM,CAAC,CAEtC,GAAIgF,QAAQ,EAAIhF,MAAM,CAAG,GAAG,CAAE,CAC5B;AACA;AACA,KAAM,IAAI,CAAA6D,OAAO,CAAO,CAACwB,IAAI,CAAEC,MAAM,GAAK,CACxC9G,cAAc,CAACgH,IAAI,CAAE,CAACD,KAAK,CAAEL,MAAM,GAAK,CACtC,GAAIK,KAAK,CAAED,MAAM,CAACC,KAAK,CAAC,CAAC,IACpB,CACH,KAAM,CAAAoF,CAAC,CAAGzF,MAAoC,CAC9CyF,CAAC,CAAC9E,KAAK,CAAI3F,GAAG,CAEX2F,KAAK,CACRpB,KAAK,CAAEwF,GAAG,CAAC,CAAE/E,MAAM,CAAEyF,CAAC,CAAE3K,MAAO,CAAC,CAAEgF,QAAQ,CAAChE,GAAG,CAAEkE,MAAM,CAAC5B,MAAM,CAAC,CAC9D+B,IAAI,CAAC,CACP,CACF,CAAC,CACH,CAAC,CACH,CAEA;AACA;AACA;AACAvE,GAAG,CAACsE,IAAI,CAACI,IAAI,CACf,CAAE,MAAOD,KAAK,CAAE,CACdX,IAAI,CAACW,KAAK,CACZ,CACF,CACF","ignoreList":[]}

package/build/production/server/server.js CHANGED Viewed

@@ -1,10 +1,10 @@
-"use strict";var _interopRequireDefault=require("@babel/runtime/helpers/interopRequireDefault");Object.defineProperty(exports,"__esModule",{value:true});exports.default=factory;exports.getDefaultCspSettings=getDefaultCspSettings;var _nodePath=require("node:path");var _nodeUrl=require("node:url");var _cloneDeep=_interopRequireDefault(require("lodash/cloneDeep"));var _mapValues=_interopRequireDefault(require("lodash/mapValues"));var _pick=_interopRequireDefault(require("lodash/pick"));var _compression=_interopRequireDefault(require("compression"));var _cookieParser=_interopRequireDefault(require("cookie-parser"));var _csurf=_interopRequireDefault(require("@dr.pogodin/csurf"));var _express=_interopRequireDefault(require("express"));var _serveFavicon=_interopRequireDefault(require("serve-favicon"));var _helmet=_interopRequireDefault(require("helmet"));var _morgan=_interopRequireDefault(require("morgan"));var _requestIp=_interopRequireDefault(require("request-ip"));var _uuid=require("uuid");var _renderer=_interopRequireDefault(require("./renderer"));var _errors=require("./utils/errors");/**
+import"core-js/modules/es.array.push.js";import"core-js/modules/es.iterator.constructor.js";import"core-js/modules/es.iterator.filter.js";import"core-js/modules/es.array.push.js";import"core-js/modules/es.iterator.constructor.js";import"core-js/modules/es.iterator.filter.js";/**
  * Creation of standard ExpressJS server for ReactJS apps.
- */// eslint-disable-next-line @typescript-eslint/consistent-type-definitions
+ */import{sep}from"node:path";import{pathToFileURL}from"node:url";import{cloneDeep,mapValues,pick}from"lodash-es";import compression from"compression";import cookieParser from"cookie-parser";import csrf from"@dr.pogodin/csurf";import express from"express";import favicon from"serve-favicon";import helmet from"helmet";import loggerMiddleware from"morgan";import requestIp from"request-ip";import{v4 as uuid}from"uuid";import rendererFactory from"./renderer.js";import{CODES,ERRORS,getErrorForCode,newError}from"./utils/errors.js";// eslint-disable-next-line @typescript-eslint/consistent-type-definitions
 /**
  * Default Content Security Policy settings.
  * @ignore
- */const defaultCspSettings={directives:(0,_mapValues.default)(_helmet.default.contentSecurityPolicy.getDefaultDirectives(),// 'https:' options (automatic re-write of insecure URLs to secure ones)
+ */const defaultCspSettings={directives:mapValues(helmet.contentSecurityPolicy.getDefaultDirectives(),// 'https:' options (automatic re-write of insecure URLs to secure ones)
 // is removed to facilitate local development with HTTP server. In cloud
 // deployments we assume Apache or Nginx server in front of out app takes
 // care about such re-writes.
@@ -27,17 +27,17 @@ delete defaultCspSettings.directives["upgrade-insecure-requests"];/**
  * }} A deep copy of default CSP settings object used by `react-utils`,
  * with the exception of `nonce-xxx` clause in `script-src` directive,
  * which is added dynamically for each request.
- */function getDefaultCspSettings(){return(0,_cloneDeep.default)(defaultCspSettings)}async function factory(webpackConfig,options){const rendererOps=(0,_pick.default)(options,["Application","beforeRender","favicon","logger","maxSsrRounds","noCsp","ssrTimeout","staticCacheController","staticCacheSize"]);const renderer=(0,_renderer.default)(webpackConfig,rendererOps);const{publicPath}=webpackConfig.output;const server=(0,_express.default)();if(options.beforeExpressJsSetup){await options.beforeExpressJsSetup(server)}if(options.logger)server.logger=options.logger;if(options.httpsRedirect){server.use((req,res,next)=>{const schema=req.headers["x-forwarded-proto"];if(schema==="http"){let url=`https://${req.headers.host}`;if(req.originalUrl!=="/")url+=req.originalUrl;res.redirect(url);return}next()})}server.use((0,_compression.default)());server.use((0,_helmet.default)({contentSecurityPolicy:false,crossOriginEmbedderPolicy:false,crossOriginOpenerPolicy:false,crossOriginResourcePolicy:false}));if(!options.noCsp){server.use((req,res,next)=>{const req2=req;req2.nonce=(0,_uuid.v4)();// TODO: This is deprecated, but it is kept for now for backward
+ */export function getDefaultCspSettings(){return cloneDeep(defaultCspSettings)}export default async function factory(webpackConfig,options){const rendererOps=pick(options,["Application","beforeRender","favicon","logger","maxSsrRounds","noCsp","ssrTimeout","staticCacheController","staticCacheSize"]);const renderer=rendererFactory(webpackConfig,rendererOps);const{publicPath}=webpackConfig.output;const server=express();if(options.beforeExpressJsSetup){await options.beforeExpressJsSetup(server)}if(options.logger)server.logger=options.logger;if(options.httpsRedirect){server.use((req,res,next)=>{const schema=req.headers["x-forwarded-proto"];if(schema==="http"){let url=`https://${req.headers.host}`;if(req.originalUrl!=="/")url+=req.originalUrl;res.redirect(url);return}next()})}server.use(compression());server.use(helmet({contentSecurityPolicy:false,crossOriginEmbedderPolicy:false,crossOriginOpenerPolicy:false,crossOriginResourcePolicy:false}));if(!options.noCsp){server.use((req,res,next)=>{const req2=req;req2.nonce=uuid();// TODO: This is deprecated, but it is kept for now for backward
 // compatibility. Should be removed sometime later.
 req2.cspNonce=req2.nonce;// The deep clone is necessary here to ensure that default value can't be
 // mutated during request processing.
-let cspSettings=(0,_cloneDeep.default)(defaultCspSettings);(cspSettings.directives?.["script-src"]).push(`'nonce-${req2.nonce}'`);if(options.cspSettingsHook){cspSettings=options.cspSettingsHook(cspSettings,req)}_helmet.default.contentSecurityPolicy(cspSettings)(req,res,next)})}if(options.favicon){server.use((0,_serveFavicon.default)(options.favicon))}server.use("/robots.txt",(req,res)=>{res.send("User-agent: *\nDisallow:")});server.use(_express.default.json({limit:"300kb"}));server.use(_express.default.urlencoded({extended:false}));server.use((0,_cookieParser.default)(options.cookieSignatureSecret));server.use(_requestIp.default.mw());server.use((0,_csurf.default)({cookie:true}));_morgan.default.token("ip",req=>req.clientIp);const FORMAT=":ip > :status :method :url :response-time ms :res[content-length] :referrer :user-agent";server.use((0,_morgan.default)(FORMAT,{stream:{// TODO: This implies the logger is always set. Is it on a higher level?
+let cspSettings=cloneDeep(defaultCspSettings);(cspSettings.directives?.["script-src"]).push(`'nonce-${req2.nonce}'`);if(options.cspSettingsHook){cspSettings=options.cspSettingsHook(cspSettings,req)}helmet.contentSecurityPolicy(cspSettings)(req,res,next)})}if(options.favicon){server.use(favicon(options.favicon))}server.use("/robots.txt",(req,res)=>{res.send("User-agent: *\nDisallow:")});server.use(express.json({limit:"300kb"}));server.use(express.urlencoded({extended:false}));server.use(cookieParser(options.cookieSignatureSecret));server.use(requestIp.mw());server.use(csrf({cookie:true}));loggerMiddleware.token("ip",req=>req.clientIp);const FORMAT=":ip > :status :method :url :response-time ms :res[content-length] :referrer :user-agent";server.use(loggerMiddleware(FORMAT,{stream:{// TODO: This implies the logger is always set. Is it on a higher level?
 // then mark it as always present.
 write:options.logger.info.bind(options.logger)}}));// Note: no matter the "public path", we want the service worker, if any,
 // to be served from the root, to have all web app pages in its scope.
 // Thus, this setup to serve it. Probably, need some more configuration
 // for special cases, but this will do for now.
-server.get("/__service-worker.js",_express.default.static(webpackConfig.output?.path??"",{setHeaders:res=>res.set("Cache-Control","no-cache")}));/* Setup of Hot Module Reloading for development environment.
+server.get("/__service-worker.js",express.static(webpackConfig.output?.path??"",{setHeaders:res=>res.set("Cache-Control","no-cache")}));/* Setup of Hot Module Reloading for development environment.
    * These dependencies are not used, nor installed for production use,
    * hence we should violate some import-related lint rules. *//* eslint-disable import/no-extraneous-dependencies */if(options.devMode){// This is a workaround for SASS bug:
 // https://github.com/dart-lang/sdk/issues/27979
@@ -45,9 +45,7 @@ server.get("/__service-worker.js",_express.default.static(webpackConfig.output?.
 // (in dev mode), and app modules are imported in some unfortunate ways.
 // TODO: Double-check, what is going on here.
 // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition
-if(!global.location){global.location={href:`${(0,_nodeUrl.pathToFileURL)(process.cwd()).href}${_nodePath.sep}`}}/* eslint-disable @typescript-eslint/no-require-imports */const webpack=require("webpack");// TODO: Figure out the exact type for options, don't wanna waste time on it
-// right now.
-const webpackDevMiddleware=require("webpack-dev-middleware");const webpackHotMiddleware=require("webpack-hot-middleware");const compiler=webpack(webpackConfig);server.use(webpackDevMiddleware(compiler,{publicPath,serverSideRender:true}));server.use(webpackHotMiddleware(compiler))}/* eslint-enable import/no-extraneous-dependencies */server.use(publicPath,_express.default.static(webpackConfig.output.path));if(options.onExpressJsSetup){await options.onExpressJsSetup(server)}server.use(renderer);/* Detects 404 errors, and forwards them to the error handler. */server.use((req,res,next)=>{next((0,_errors.newError)(_errors.ERRORS.NOT_FOUND,_errors.CODES.NOT_FOUND))});let dontAttachDefaultErrorHandler;if(options.beforeExpressJsError){dontAttachDefaultErrorHandler=await options.beforeExpressJsError(server)}/* Error handler. */if(!dontAttachDefaultErrorHandler){// TODO: Do we need this error handler at all? It actually seems to do
+if(!global.location){global.location={href:`${pathToFileURL(process.cwd()).href}${sep}`}}const{default:webpack}=await import(/* webpackChunkName: "server-side-code" */"webpack");const{default:webpackDevMiddleware}=await import(/* webpackChunkName: "server-side-code" */"webpack-dev-middleware");const{default:webpackHotMiddleware}=await import(/* webpackChunkName: "server-side-code" */"webpack-hot-middleware");const compiler=webpack(webpackConfig);if(!compiler)throw Error("Internal error");server.use(webpackDevMiddleware(compiler,{publicPath,serverSideRender:true}));server.use(webpackHotMiddleware(compiler))}/* eslint-enable import/no-extraneous-dependencies */server.use(publicPath,express.static(webpackConfig.output.path));if(options.onExpressJsSetup){await options.onExpressJsSetup(server)}server.use(renderer);/* Detects 404 errors, and forwards them to the error handler. */server.use((req,res,next)=>{next(newError(ERRORS.NOT_FOUND,CODES.NOT_FOUND))});let dontAttachDefaultErrorHandler;if(options.beforeExpressJsError){dontAttachDefaultErrorHandler=await options.beforeExpressJsError(server)}/* Error handler. */if(!dontAttachDefaultErrorHandler){// TODO: Do we need this error handler at all? It actually seems to do
 // what the default ExpressJS error handler does anyway, see:
 // https://expressjs.com/en/guide/error-handling.html
 //
@@ -57,6 +55,6 @@ const webpackDevMiddleware=require("webpack-dev-middleware");const webpackHotMid
 // though.
 server.use((error,req,res,next)=>{// TODO: This is needed to correctly handled any errors thrown after
 // sending initial response to the client.
-if(res.headersSent){next(error);return}const status=error.status??_errors.CODES.INTERNAL_SERVER_ERROR;const serverSide=status>=_errors.CODES.INTERNAL_SERVER_ERROR;// Log server-side errors always, client-side at debug level only.
-options.logger.log(serverSide?"error":"debug",error.toString());let message=error.message||(0,_errors.getErrorForCode)(status);if(serverSide&&process.env.NODE_ENV==="production"){message=_errors.ERRORS.INTERNAL_SERVER_ERROR}res.status(status).send(message)})}return server}
+if(res.headersSent){next(error);return}const status=error.status??CODES.INTERNAL_SERVER_ERROR;const serverSide=status>=CODES.INTERNAL_SERVER_ERROR;// Log server-side errors always, client-side at debug level only.
+options.logger.log(serverSide?"error":"debug",error.toString());let message=error.message||getErrorForCode(status);if(serverSide&&process.env.NODE_ENV==="production"){message=ERRORS.INTERNAL_SERVER_ERROR}res.status(status).send(message)})}return server}
 //# sourceMappingURL=server.js.map