npm - @dr.pogodin/react-utils - Versions diffs - 1.47.0-alpha.2 → 1.47.0-alpha.4 - Mend

@dr.pogodin/react-utils 1.47.0-alpha.2 → 1.47.0-alpha.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (223) hide show

package/build/types-code/shared/utils/splitComponent.d.ts CHANGED Viewed

@@ -21,6 +21,11 @@ export declare function freeStyleSheets(chunkName: string, chunkGroups: ChunkGro
 type ComponentOrModule<PropsT> = ComponentType<PropsT> | {
     default: ComponentType<PropsT>;
 };
+type GenericComponentPropsT = {
+    children?: ReactNode;
+    ref?: RefObject<unknown>;
+    [propName: string]: unknown;
+};
 /**
  * Given an async component retrieval function `getComponent()` it creates
  * a special "code split" component, which uses <Suspense> to asynchronously
@@ -31,10 +36,7 @@ type ComponentOrModule<PropsT> = ComponentType<PropsT> | {
  * @param {React.Element} [options.placeholder]
  * @return {React.ElementType}
  */
-export default function splitComponent<ComponentPropsT extends {
-    children?: ReactNode;
-    ref?: RefObject<unknown>;
-}>({ chunkName, getComponent, placeholder, }: {
+export default function splitComponent<ComponentPropsT extends GenericComponentPropsT>({ chunkName, getComponent, placeholder, }: {
     chunkName: string;
     getComponent: () => Promise<ComponentOrModule<ComponentPropsT>>;
     placeholder?: ReactNode;

package/build/web/client/getInj.js CHANGED Viewed

@@ -2,46 +2,57 @@
 /* global document */
-// Note: this way, only required part of "node-forge": AES, and some utils,
-// is bundled into client-side code.
-import forge from 'node-forge/lib/forge';
-// eslint-disable-next-line import/no-unassigned-import
-import 'node-forge/lib/aes';
 import { getBuildInfo } from "../shared/utils/isomorphy/buildInfo";
+let inj;
+export default function getInj() {
+  inj ??= (async () => {
+    const metaElement = typeof document === 'undefined' ? null : document.querySelector('meta[itemprop="drpruinj"]');
+    if (metaElement) {
+      metaElement.remove();
-// Safeguard is needed here, because the server-side version of Docusaurus docs
-// is compiled (at least now) with settings suggesting it is a client-side
-// environment, but there is no document.
-let inj = {};
-const metaElement = typeof document === 'undefined' ? null : document.querySelector('meta[itemprop="drpruinj"]');
-if (metaElement) {
-  metaElement.remove();
-  let data = forge.util.decode64(metaElement.content);
-  const {
-    key
-  } = getBuildInfo();
-  const d = forge.cipher.createDecipher('AES-CBC', key);
-  d.start({
-    iv: data.slice(0, key.length)
-  });
-  d.update(forge.util.createBuffer(data.slice(key.length)));
-  d.finish();
-  data = forge.util.decodeUtf8(d.output.data);
+      // NOTE: Since 2025 there is Uint8Array.fromBase64(), which should be
+      // preferred, but it is not supported by older environments yet.
+      const data = atob(metaElement.content);
-  // TODO: Double-check, if there is a safer alternative to parse it?
-  // eslint-disable-next-line no-eval
-  inj = eval(`(${data})`);
-} else if (typeof window !== 'undefined' && window.REACT_UTILS_INJECTION) {
-  inj = window.REACT_UTILS_INJECTION;
-  delete window.REACT_UTILS_INJECTION;
-} else {
-  // Otherwise, a bunch of dependent stuff will easily fail in non-standard
-  // environments, where no client-side initialization is performed. Like tests,
-  // Docusaurus examples, etc.
-  inj = {};
-}
-export default function getInj() {
+      // TODO: Our current handling of this encryption / decryption follows
+      // a legacy approach, and can be enhanced by using Crypto features.
+      // Though, this is not strictly intended to be secure (it is more
+      // to obfurscate injected data, rather than really keeping them
+      // secure), thus it is fine like this for now.
+      const {
+        key
+      } = getBuildInfo();
+      const code = x => x.charCodeAt(0);
+      const dataBuffer = Uint8Array.from(data.slice(16), code);
+      const ivBuffer = Uint8Array.from(data.slice(0, 16), code);
+      const keyBuffer = Uint8Array.from(atob(key), code);
+      const cKey = await window.crypto.subtle.importKey('raw', keyBuffer, {
+        name: 'AES-CBC'
+      }, false, ['decrypt']);
+      const buffer = await window.crypto.subtle.decrypt({
+        iv: ivBuffer,
+        name: 'AES-CBC'
+      }, cKey, dataBuffer);
+      const decoder = new TextDecoder();
+      // eslint-disable-next-line no-eval
+      const res = eval(`(${decoder.decode(buffer)})`);
+      // NOTE: This is important, to be able to return the injection
+      // synchronously once it is initialized.
+      inj = res;
+      return res;
+    } else if (typeof window !== 'undefined' && window.REACT_UTILS_INJECTION) {
+      const res = window.REACT_UTILS_INJECTION;
+      delete window.REACT_UTILS_INJECTION;
+      return res;
+    }
+    // Otherwise, a bunch of dependent stuff will easily fail in non-standard
+    // environments, where no client-side initialization is performed. Like tests,
+    // Docusaurus examples, etc.
+    return {};
+  })();
   return inj;
 }
 //# sourceMappingURL=getInj.js.map

package/build/web/client/getInj.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"getInj.js","names":["~~forge~~","~~getBuildInfo~~","~~inj~~","metaElement","document","querySelector","remove","data","~~util~~","~~decode64~~","~~content~~","~~key~~","d","~~cipher~~","~~createDecipher~~","~~start~~","iv","slice","~~length~~","~~update~~","~~createBuffer~~","~~finish~~","~~decodeUtf8~~","~~output~~","~~eval~~","~~window~~","~~REACT_UTILS_INJECTION~~","~~getInj~~"],"sources":["../../../src/client/getInj.ts"],"sourcesContent":["// Encapsulates retrieval of server-side data injection into HTML template.\n\n/* global document */\n\~~n// Note: this way, only required part of \"node-forge\": AES, and some utils,\n// is bundled into client-side code.\~~nimport ~~forge from 'node-forge/lib/forge';\n\n// eslint-disable-next-line import/no-unassigned-import\nimport 'node-forge/lib/aes';\n\nimport~~ type { InjT } from 'utils/globalState';\n\nimport { getBuildInfo } from 'utils/isomorphy/buildInfo';\n\~~n//~~ ~~Safeguard~~ is ~~needed~~ ~~here,~~ ~~because~~ ~~the server-side version of Docusaurus docs~~\~~n//~~ is ~~compiled~~ (~~at least now~~) ~~with~~ ~~settings~~ ~~suggesting~~ ~~it is a client-side~~\n// ~~environment,~~ ~~but~~ ~~there~~ is ~~no document.\nlet inj: InjT =~~ {~~};\~~n~~\nconst~~ metaElement: HTMLMetaElement \| null = typeof document === 'undefined'\n ? null : document.querySelector('meta[itemprop=\"drpruinj\"]');\n\~~nif~~ (metaElement) {\n metaElement.remove();\n ~~let~~ data = ~~forge.util.decode64~~(metaElement.content);\n\n const { key } = getBuildInfo();\n const d = ~~forge~~.~~cipher~~.~~createDecipher~~(~~'AES-CBC'~~, ~~key~~);\n d.~~start~~(~~{ iv:~~ data.slice(0, ~~key.length~~) });\n d.~~update~~(~~forge.util.createBuffer~~(~~data.slice(~~key~~.length~~)));\n d.~~finish~~();\n\n ~~data~~ = ~~forge~~.~~util~~.~~decodeUtf8~~(~~d.output.data);\n~~\n // ~~TODO~~: ~~Double~~-~~check~~, if ~~there~~ is a ~~safer~~ ~~alternative to parse it?\~~n // eslint-disable-next-line no-eval\n ~~inj~~ = eval(`(${~~data~~})`) as InjT;\n} else if (typeof window !== 'undefined' && window.REACT_UTILS_INJECTION) {\n ~~inj~~ = window.REACT_UTILS_INJECTION;\n delete window.REACT_UTILS_INJECTION;\n} ~~else {~~\n // Otherwise, a bunch of dependent stuff will easily fail in non-standard\n // environments, where no client-side initialization is performed. Like tests,\n // Docusaurus examples, etc.\n ~~inj~~ = {};\n}~~\n\nexport default function getInj~~()~~: InjT {~~\n return inj;\n}\n"],"mappings":"AAAA;;AAEA;;~~AAEA;AACA;AACA~~,~~OAAOA~~,~~KAAK~~,~~MAAM~~,~~sBAAsB;;AAExC~~;~~AACA~~,~~OAAO~~,~~oBAAoB;AAI3B,~~SAASC,~~YAAY;;AAErB;AACA;AACA;AACA~~,~~IAAIC~~,~~GAAS~~,GAAG,CAAC,~~CAAC~~;~~AAElB~~,~~MAAMC~~,WAAmC,GAAG,OAAOC,QAAQ,KAAK,WAAW,GACvE,IAAI,GAAGA,QAAQ,CAACC,aAAa,CAAC,2BAA2B,CAAC;~~AAE9D~~,IAAIF,WAAW,EAAE;~~EACfA~~,WAAW,CAACG,MAAM,CAAC,CAAC;~~EACpB~~,~~IAAIC~~,IAAI,~~GAAGP~~,~~KAAK,CAACQ,~~IAAI,~~CAACC~~,~~QAAQ,CAACN,~~WAAW,~~CAACO~~,OAAO,CAAC;~~EAEnD~~,MAAM;~~IAAEC~~;~~EAAI~~,CAAC,GAAGV,YAAY,CAAC,CAAC;~~EAC9B~~,MAAMW,~~CAAC~~,~~GAAGZ~~,~~KAAK~~,~~CAACa~~,~~MAAM~~,CAACC,~~cAAc~~,CAAC,~~SAAS~~,~~EAAEH~~,~~GAAG~~,CAAC~~;EACrDC~~,CAAC,~~CAACG~~,~~KAAK~~,CAAC;~~IAAEC~~,~~EAAE~~,~~EAAET~~,IAAI,CAACU,KAAK,CAAC,CAAC,~~EAAEN~~,~~GAAG,CAACO,MAAM;~~EAAE,CAAC,CAAC;~~EAC1CN~~,~~CAAC~~,~~CAACO~~,~~MAAM~~,~~CAACnB~~,~~KAAK~~,~~CAACQ~~,IAAI,~~CAACY~~,~~YAAY~~,~~CAACb~~,IAAI,~~CAACU~~,~~KAAK~~,~~CAACN~~,GAAG,~~CAACO~~,MAAM,CAAC,CAAC,CAAC;~~EACzDN~~,~~CAAC~~,~~CAACS~~,MAAM,~~CAAC~~,CAAC;~~EAEVd~~,IAAI,~~GAAGP~~,~~KAAK~~,~~CAACQ~~,IAAI,~~CAACc~~,UAAU,~~CAACV,~~CAAC,~~CAACW~~,~~MAAM~~,~~CAAChB~~,~~IAAI~~,CAAC;;~~EAE3C~~;~~EACA;EACAL~~,GAAG,~~GAAGsB~~,IAAI,CAAC,~~IAAIjB~~,~~IAAI~~,GAAG,CAAS;~~AACjC~~,CAAC,MAAM,IAAI,~~OAAOkB~~,MAAM,KAAK,WAAW,IAAIA,MAAM,~~CAACC~~,qBAAqB,EAAE;~~EACxExB~~,GAAG,~~GAAGuB~~,MAAM,~~CAACC~~,qBAAqB;~~EAClC~~,~~OAAOD~~,MAAM,~~CAACC~~,qBAAqB;~~AACrC~~,~~CAAC~~,~~MAAM~~;~~EACL~~;~~EACA~~;~~EACA~~;~~EACAxB~~,~~GAAG~~,~~GAAG,~~CAAC,CAAC;~~AACV;AAEA~~,~~eAAe~~,~~SAASyB~~,~~MAAMA,CAAA,EAAS~~;~~EACrC~~,~~OAAOzB~~,GAAG;AACZ","ignoreList":[]}
1	+ {"version":3,"file":"getInj.js","names":["getBuildInfo","inj","getInj","metaElement","document","querySelector","remove","data","atob","content","key","code","x","charCodeAt","dataBuffer","Uint8Array","from","slice","ivBuffer","keyBuffer","cKey","window","crypto","subtle","importKey","name","buffer","decrypt","iv","decoder","TextDecoder","res","eval","decode","REACT_UTILS_INJECTION"],"sources":["../../../src/client/getInj.ts"],"sourcesContent":["// Encapsulates retrieval of server-side data injection into HTML template.\n\n/* global document */\n\nimport type { InjT } from 'utils/globalState';\n\nimport { getBuildInfo } from 'utils/isomorphy/buildInfo';\n\nlet inj: InjT \| Promise<InjT> \| undefined;\n\nexport default function getInj(): InjT \| Promise<InjT> {\n inj ??= (async () => {\n const metaElement: HTMLMetaElement \| null = typeof document === 'undefined'\n ? null : document.querySelector('meta[itemprop=\"drpruinj\"]');\n\n if (metaElement) {\n metaElement.remove();\n\n // NOTE: Since 2025 there is Uint8Array.fromBase64(), which should be\n // preferred, but it is not supported by older environments yet.\n const data = atob(metaElement.content);\n\n // TODO: Our current handling of this encryption / decryption follows\n // a legacy approach, and can be enhanced by using Crypto features.\n // Though, this is not strictly intended to be secure (it is more\n // to obfurscate injected data, rather than really keeping them\n // secure), thus it is fine like this for now.\n const { key } = getBuildInfo();\n\n const code = (x: string) => x.charCodeAt(0);\n const dataBuffer = Uint8Array.from(data.slice(16), code);\n const ivBuffer = Uint8Array.from(data.slice(0, 16), code);\n const keyBuffer = Uint8Array.from(atob(key), code);\n\n const cKey = await window.crypto.subtle.importKey(\n 'raw',\n keyBuffer,\n { name: 'AES-CBC' },\n false,\n ['decrypt'],\n );\n\n const buffer = await window.crypto.subtle.decrypt({\n iv: ivBuffer,\n name: 'AES-CBC',\n }, cKey, dataBuffer);\n\n const decoder = new TextDecoder();\n\n // eslint-disable-next-line no-eval\n const res = eval(`(${decoder.decode(buffer)})`) as InjT;\n\n // NOTE: This is important, to be able to return the injection\n // synchronously once it is initialized.\n inj = res;\n\n return res;\n } else if (typeof window !== 'undefined' && window.REACT_UTILS_INJECTION) {\n const res = window.REACT_UTILS_INJECTION;\n delete window.REACT_UTILS_INJECTION;\n return res;\n }\n\n // Otherwise, a bunch of dependent stuff will easily fail in non-standard\n // environments, where no client-side initialization is performed. Like tests,\n // Docusaurus examples, etc.\n return {};\n })();\n\n return inj;\n}\n"],"mappings":"AAAA;;AAEA;;AAIA,SAASA,YAAY;AAErB,IAAIC,GAAqC;AAEzC,eAAe,SAASC,MAAMA,CAAA,EAAyB;EACrDD,GAAG,KAAK,CAAC,YAAY;IACnB,MAAME,WAAmC,GAAG,OAAOC,QAAQ,KAAK,WAAW,GACvE,IAAI,GAAGA,QAAQ,CAACC,aAAa,CAAC,2BAA2B,CAAC;IAE9D,IAAIF,WAAW,EAAE;MACfA,WAAW,CAACG,MAAM,CAAC,CAAC;;MAEpB;MACA;MACA,MAAMC,IAAI,GAAGC,IAAI,CAACL,WAAW,CAACM,OAAO,CAAC;;MAEtC;MACA;MACA;MACA;MACA;MACA,MAAM;QAAEC;MAAI,CAAC,GAAGV,YAAY,CAAC,CAAC;MAE9B,MAAMW,IAAI,GAAIC,CAAS,IAAKA,CAAC,CAACC,UAAU,CAAC,CAAC,CAAC;MAC3C,MAAMC,UAAU,GAAGC,UAAU,CAACC,IAAI,CAACT,IAAI,CAACU,KAAK,CAAC,EAAE,CAAC,EAAEN,IAAI,CAAC;MACxD,MAAMO,QAAQ,GAAGH,UAAU,CAACC,IAAI,CAACT,IAAI,CAACU,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAEN,IAAI,CAAC;MACzD,MAAMQ,SAAS,GAAGJ,UAAU,CAACC,IAAI,CAACR,IAAI,CAACE,GAAG,CAAC,EAAEC,IAAI,CAAC;MAElD,MAAMS,IAAI,GAAG,MAAMC,MAAM,CAACC,MAAM,CAACC,MAAM,CAACC,SAAS,CAC/C,KAAK,EACLL,SAAS,EACT;QAAEM,IAAI,EAAE;MAAU,CAAC,EACnB,KAAK,EACL,CAAC,SAAS,CACZ,CAAC;MAED,MAAMC,MAAM,GAAG,MAAML,MAAM,CAACC,MAAM,CAACC,MAAM,CAACI,OAAO,CAAC;QAChDC,EAAE,EAAEV,QAAQ;QACZO,IAAI,EAAE;MACR,CAAC,EAAEL,IAAI,EAAEN,UAAU,CAAC;MAEpB,MAAMe,OAAO,GAAG,IAAIC,WAAW,CAAC,CAAC;;MAEjC;MACA,MAAMC,GAAG,GAAGC,IAAI,CAAC,IAAIH,OAAO,CAACI,MAAM,CAACP,MAAM,CAAC,GAAG,CAAS;;MAEvD;MACA;MACAzB,GAAG,GAAG8B,GAAG;MAET,OAAOA,GAAG;IACZ,CAAC,MAAM,IAAI,OAAOV,MAAM,KAAK,WAAW,IAAIA,MAAM,CAACa,qBAAqB,EAAE;MACxE,MAAMH,GAAG,GAAGV,MAAM,CAACa,qBAAqB;MACxC,OAAOb,MAAM,CAACa,qBAAqB;MACnC,OAAOH,GAAG;IACZ;;IAEA;IACA;IACA;IACA,OAAO,CAAC,CAAC;EACX,CAAC,EAAE,CAAC;EAEJ,OAAO9B,GAAG;AACZ","ignoreList":[]}

package/build/web/client/index.js CHANGED Viewed

@@ -12,11 +12,12 @@ import { jsx as _jsx } from "react/jsx-runtime";
  * @param Application Root application component
  * @param [options={}] Optional. Additional settings.
  */
-export default function Launch(Application, options = {}) {
+export default async function Launch(Application, options = {}) {
+  const inj = await getInj();
   const container = document.getElementById('react-view');
   if (!container) throw Error('Failed to find container for React app');
   const scene = /*#__PURE__*/_jsx(GlobalStateProvider, {
-    initialState: getInj().ISTATE ?? options.initialState,
+    initialState: inj.ISTATE ?? options.initialState,
     children: /*#__PURE__*/_jsx(BrowserRouter, {
       children: /*#__PURE__*/_jsx(HelmetProvider, {
         children: /*#__PURE__*/_jsx(Application, {})

package/build/web/client/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","names":["createRoot","hydrateRoot","HelmetProvider","BrowserRouter","GlobalStateProvider","getInj","jsx","_jsx","Launch","Application","options","container","document","getElementById","Error","scene","initialState","ISTATE","children","dontHydrate","root","render"],"sources":["../../../src/client/index.tsx"],"sourcesContent":["// Initialization of client-side code.\n/* global document /\n\nimport type { ComponentType } from 'react';\nimport { createRoot, hydrateRoot } from 'react-dom/client';\nimport { HelmetProvider } from '@dr.pogodin/react-helmet';\nimport { BrowserRouter } from 'react-router';\n\nimport { GlobalStateProvider } from '@dr.pogodin/react-global-state';\n\nimport getInj from './getInj';\n\ntype OptionsT = {\n dontHydrate?: boolean;\n initialState?: unknown;\n};\n\n/\n Prepares and launches the app at client side.\n * @param Application Root application component\n * @param [options={}] Optional. Additional settings.\n */\nexport default function Launch(\n Application: ComponentType,\n options: OptionsT = {},\n): void {\n const container = document.getElementById('react-view');\n if (!container) throw Error('Failed to find container for React app');\n const scene = (\n <GlobalStateProvider initialState={~~getInj()~~.ISTATE ?? options.initialState}>\n <BrowserRouter>\n <HelmetProvider>\n <Application />\n </HelmetProvider>\n </BrowserRouter>\n </GlobalStateProvider>\n );\n\n if (options.dontHydrate) {\n const root = createRoot(container);\n root.render(scene);\n } else hydrateRoot(container, scene);\n}\n"],"mappings":"AAAA;AACA;;AAGA,SAASA,UAAU,EAAEC,WAAW,QAAQ,kBAAkB;AAC1D,SAASC,cAAc,QAAQ,0BAA0B;AACzD,SAASC,aAAa,QAAQ,cAAc;AAE5C,SAASC,mBAAmB,QAAQ,gCAAgC;AAEpE,OAAOC,MAAM;AAAiB,SAAAC,GAAA,IAAAC,IAAA;AAO9B;AACA;AACA;AACA;AACA;AACA,eAAe,~~SAASC~~,MAAMA,~~CAC5BC~~,WAA0B,EAC1BC,OAAiB,GAAG,CAAC,CAAC,~~EAChB~~;~~EACN~~,MAAMC,SAAS,GAAGC,QAAQ,CAACC,cAAc,CAAC,YAAY,CAAC;EACvD,IAAI,CAACF,SAAS,EAAE,MAAMG,KAAK,CAAC,wCAAwC,CAAC;EACrE,MAAMC,KAAK,~~gBACTR~~,IAAA,CAACH,mBAAmB;~~IAACY~~,YAAY,~~EAAEX~~,~~MAAM~~,~~CAAC~~,~~CAAC,CAACY,~~MAAM,~~IAAIP~~,OAAO,~~CAACM~~,YAAa;IAAAE,QAAA,~~eACzEX~~,IAAA,CAACJ,aAAa;~~MAAAe~~,QAAA,~~eACZX~~,IAAA,CAACL,cAAc;~~QAAAgB~~,QAAA,~~eACbX~~,IAAA,CAACE,WAAW,IAAE;MAAC,CACD;IAAC,CACJ;EAAC,CACG,CACtB;EAED,IAAIC,OAAO,~~CAACS~~,WAAW,EAAE;IACvB,MAAMC,IAAI,~~GAAGpB~~,UAAU,~~CAACW~~,SAAS,CAAC;IAClCS,IAAI,CAACC,MAAM,CAACN,KAAK,CAAC;EACpB,CAAC,~~MAAMd~~,WAAW,~~CAACU~~,SAAS,EAAEI,KAAK,CAAC;AACtC","ignoreList":[]}
1	+ {"version":3,"file":"index.js","names":["createRoot","hydrateRoot","HelmetProvider","BrowserRouter","GlobalStateProvider","getInj","jsx","_jsx","Launch","Application","options","inj","container","document","getElementById","Error","scene","initialState","ISTATE","children","dontHydrate","root","render"],"sources":["../../../src/client/index.tsx"],"sourcesContent":["// Initialization of client-side code.\n/* global document /\n\nimport type { ComponentType } from 'react';\nimport { createRoot, hydrateRoot } from 'react-dom/client';\nimport { HelmetProvider } from '@dr.pogodin/react-helmet';\nimport { BrowserRouter } from 'react-router';\n\nimport { GlobalStateProvider } from '@dr.pogodin/react-global-state';\n\nimport getInj from './getInj';\n\ntype OptionsT = {\n dontHydrate?: boolean;\n initialState?: unknown;\n};\n\n/\n Prepares and launches the app at client side.\n * @param Application Root application component\n * @param [options={}] Optional. Additional settings.\n */\nexport default async function Launch(\n Application: ComponentType,\n options: OptionsT = {},\n): Promise<void> {\n const inj = await getInj();\n\n const container = document.getElementById('react-view');\n if (!container) throw Error('Failed to find container for React app');\n const scene = (\n <GlobalStateProvider initialState={inj.ISTATE ?? options.initialState}>\n <BrowserRouter>\n <HelmetProvider>\n <Application />\n </HelmetProvider>\n </BrowserRouter>\n </GlobalStateProvider>\n );\n\n if (options.dontHydrate) {\n const root = createRoot(container);\n root.render(scene);\n } else hydrateRoot(container, scene);\n}\n"],"mappings":"AAAA;AACA;;AAGA,SAASA,UAAU,EAAEC,WAAW,QAAQ,kBAAkB;AAC1D,SAASC,cAAc,QAAQ,0BAA0B;AACzD,SAASC,aAAa,QAAQ,cAAc;AAE5C,SAASC,mBAAmB,QAAQ,gCAAgC;AAEpE,OAAOC,MAAM;AAAiB,SAAAC,GAAA,IAAAC,IAAA;AAO9B;AACA;AACA;AACA;AACA;AACA,eAAe,eAAeC,MAAMA,CAClCC,WAA0B,EAC1BC,OAAiB,GAAG,CAAC,CAAC,EACP;EACf,MAAMC,GAAG,GAAG,MAAMN,MAAM,CAAC,CAAC;EAE1B,MAAMO,SAAS,GAAGC,QAAQ,CAACC,cAAc,CAAC,YAAY,CAAC;EACvD,IAAI,CAACF,SAAS,EAAE,MAAMG,KAAK,CAAC,wCAAwC,CAAC;EACrE,MAAMC,KAAK,gBACTT,IAAA,CAACH,mBAAmB;IAACa,YAAY,EAAEN,GAAG,CAACO,MAAM,IAAIR,OAAO,CAACO,YAAa;IAAAE,QAAA,eACpEZ,IAAA,CAACJ,aAAa;MAAAgB,QAAA,eACZZ,IAAA,CAACL,cAAc;QAAAiB,QAAA,eACbZ,IAAA,CAACE,WAAW,IAAE;MAAC,CACD;IAAC,CACJ;EAAC,CACG,CACtB;EAED,IAAIC,OAAO,CAACU,WAAW,EAAE;IACvB,MAAMC,IAAI,GAAGrB,UAAU,CAACY,SAAS,CAAC;IAClCS,IAAI,CAACC,MAAM,CAACN,KAAK,CAAC;EACpB,CAAC,MAAMf,WAAW,CAACW,SAAS,EAAEI,KAAK,CAAC;AACtC","ignoreList":[]}

package/build/web/index.js CHANGED Viewed

@@ -12,12 +12,12 @@ if (global.REACT_UTILS_LIBRARY_LOADED) {
 // TODO: This is a rapid workaround to get rid of __dirname. I guess, later
 // we'll re-implement requireWeak() to accept import.meta.url directly, and
 // this workaround won't be needed.
-let dirname = import.meta.url;
-dirname = dirname.slice(5, dirname.lastIndexOf('/'));
+// eslint-disable-next-line @typescript-eslint/prefer-destructuring
+const dirname = import.meta.dirname;
 const server = webpack.requireWeak('./server', dirname);
 const client = server ? undefined : clientModule;
 export { getGlobalState, GlobalStateProvider, newAsyncDataEnvelope, useAsyncCollection, useAsyncData, useGlobalState, withGlobalStateType } from '@dr.pogodin/react-global-state';
 export * from "./shared/components";
-export { assertEmptyObject, config, Barrier, Cached, Emitter, isomorphy, getSsrContext, Semaphore, splitComponent, themed, ThemeProvider, time, webpack, withRetries } from "./shared/utils";
+export { assertEmptyObject, Barrier, Cached, Emitter, getConfig, isomorphy, getSsrContext, Semaphore, splitComponent, themed, ThemeProvider, time, webpack, withRetries } from "./shared/utils";
 export { client, server };
 //# sourceMappingURL=index.js.map

package/build/web/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","names":["clientModule","webpack","global","REACT_UTILS_LIBRARY_LOADED","Error","dirname","import","meta","~~url","slice","lastIndexOf","~~server","requireWeak","client","undefined","getGlobalState","GlobalStateProvider","newAsyncDataEnvelope","useAsyncCollection","useAsyncData","useGlobalState","withGlobalStateType","assertEmptyObject","~~config","~~Barrier","Cached","Emitter","isomorphy","getSsrContext","Semaphore","splitComponent","themed","ThemeProvider","time","withRetries"],"sources":["../../src/index.ts"],"sourcesContent":["import 'styles/global.scss';\n\nimport clientModule from './client';\nimport { webpack } from './shared/utils';\n\nimport type * as ServerFactoryM from './server';\n\n// It is a safeguard against multiple instances / versions of the library\n// being loaded into environment by mistake (e.g. because of different\n// packages pinning down different exact versions of the lib, thus preventing\n// a proper dedupe and using a single common library version).\nif (global.REACT_UTILS_LIBRARY_LOADED) {\n throw Error('React utils library is already loaded');\n} else global.REACT_UTILS_LIBRARY_LOADED = true;\n\n// TODO: This is a rapid workaround to get rid of __dirname. I guess, later\n// we'll re-implement requireWeak() to accept import.meta.url directly, and\n// this workaround won't be needed.\~~nlet~~ dirname = import.meta.~~url;\ndirname =~~ dirname~~.slice(5, dirname.lastIndexOf('/'))~~;\n\nconst server = webpack.requireWeak<typeof ServerFactoryM>('./server', dirname);\n\nconst client = server ? undefined : clientModule;\n\nexport {\n type AsyncCollectionT,\n type AsyncCollectionLoaderT,\n type AsyncDataEnvelopeT,\n type AsyncDataLoaderT,\n type ForceT,\n type UseAsyncDataOptionsT,\n type UseAsyncDataResT,\n type UseGlobalStateResT,\n type ValueOrInitializerT,\n getGlobalState,\n GlobalStateProvider,\n newAsyncDataEnvelope,\n useAsyncCollection,\n useAsyncData,\n useGlobalState,\n withGlobalStateType,\n} from '@dr.pogodin/react-global-state';\n\nexport * from 'components';\n\nexport {\n type BeforeRenderResT,\n type BeforeRenderT,\n type ConfigT,\n type ServerSsrContext,\n type ServerT,\n} from './server';\n\nexport {\n assertEmptyObject,\n ~~config,\n~~ Barrier,\n Cached,\n Emitter,\n isomorphy,\n getSsrContext,\n type Listener,\n type ObjectKey,\n Semaphore,\n splitComponent,\n type Theme,\n themed,\n ThemeProvider,\n time,\n webpack,\n withRetries,\n} from 'utils';\n\nexport { client, server };\n"],"mappings":"AAAA;AAEA,OAAOA,YAAY;AACnB,SAASC,OAAO;AAIhB;AACA;AACA;AACA;AACA,IAAIC,MAAM,CAACC,0BAA0B,EAAE;EACrC,MAAMC,KAAK,CAAC,uCAAuC,CAAC;AACtD,CAAC,MAAMF,MAAM,CAACC,0BAA0B,GAAG,IAAI;;AAE/C;AACA;AACA;AACA,~~IAAIE~~,OAAO,GAAGC,MAAM,CAACC,IAAI,~~CAACC~~,~~GAAG;AAC7BH,~~OAAO~~,GAAGA,OAAO,CAACI,KAAK,CAAC,CAAC,EAAEJ,OAAO,CAACK,WAAW,CAAC,GAAG,CAAC,CAAC~~;~~AAEpD~~,~~MAAMC~~,MAAM,~~GAAGV~~,OAAO,~~CAACW~~,WAAW,CAAwB,UAAU,~~EAAEP~~,OAAO,CAAC;AAE9E,~~MAAMQ~~,MAAM,GAAGF,MAAM,GAAGG,SAAS,~~GAAGd~~,YAAY;AAEhD,~~SAUEe~~,cAAc,EACdC,mBAAmB,EACnBC,oBAAoB,EACpBC,kBAAkB,EAClBC,YAAY,EACZC,cAAc,EACdC,mBAAmB,QACd,gCAAgC;AAEvC;AAUA,SACEC,iBAAiB,EACjBC,~~MAAM,EACNC,~~OAAO,EACPC,MAAM,EACNC,OAAO,EACPC,SAAS,EACTC,aAAa,EAGbC,SAAS,EACTC,cAAc,EAEdC,MAAM,EACNC,aAAa,EACbC,IAAI,~~EACJhC~~,OAAO,~~EACPiC~~,WAAW;AAGb,SAASrB,MAAM,EAAEF,MAAM","ignoreList":[]}
1	+ {"version":3,"file":"index.js","names":["clientModule","webpack","global","REACT_UTILS_LIBRARY_LOADED","Error","dirname","import","meta","server","requireWeak","client","undefined","getGlobalState","GlobalStateProvider","newAsyncDataEnvelope","useAsyncCollection","useAsyncData","useGlobalState","withGlobalStateType","assertEmptyObject","Barrier","Cached","Emitter","getConfig","isomorphy","getSsrContext","Semaphore","splitComponent","themed","ThemeProvider","time","withRetries"],"sources":["../../src/index.ts"],"sourcesContent":["import 'styles/global.scss';\n\nimport clientModule from './client';\nimport { webpack } from './shared/utils';\n\nimport type * as ServerFactoryM from './server';\n\n// It is a safeguard against multiple instances / versions of the library\n// being loaded into environment by mistake (e.g. because of different\n// packages pinning down different exact versions of the lib, thus preventing\n// a proper dedupe and using a single common library version).\nif (global.REACT_UTILS_LIBRARY_LOADED) {\n throw Error('React utils library is already loaded');\n} else global.REACT_UTILS_LIBRARY_LOADED = true;\n\n// TODO: This is a rapid workaround to get rid of __dirname. I guess, later\n// we'll re-implement requireWeak() to accept import.meta.url directly, and\n// this workaround won't be needed.\n// eslint-disable-next-line @typescript-eslint/prefer-destructuring\nconst dirname = import.meta.dirname;\n\nconst server = webpack.requireWeak<typeof ServerFactoryM>('./server', dirname);\n\nconst client = server ? undefined : clientModule;\n\nexport {\n type AsyncCollectionT,\n type AsyncCollectionLoaderT,\n type AsyncDataEnvelopeT,\n type AsyncDataLoaderT,\n type ForceT,\n type UseAsyncDataOptionsT,\n type UseAsyncDataResT,\n type UseGlobalStateResT,\n type ValueOrInitializerT,\n getGlobalState,\n GlobalStateProvider,\n newAsyncDataEnvelope,\n useAsyncCollection,\n useAsyncData,\n useGlobalState,\n withGlobalStateType,\n} from '@dr.pogodin/react-global-state';\n\nexport * from 'components';\n\nexport {\n type BeforeRenderResT,\n type BeforeRenderT,\n type ConfigT,\n type ServerSsrContext,\n type ServerT,\n} from './server';\n\nexport {\n assertEmptyObject,\n Barrier,\n Cached,\n Emitter,\n getConfig,\n isomorphy,\n getSsrContext,\n type Listener,\n type ObjectKey,\n Semaphore,\n splitComponent,\n type Theme,\n themed,\n ThemeProvider,\n time,\n webpack,\n withRetries,\n} from 'utils';\n\nexport { client, server };\n"],"mappings":"AAAA;AAEA,OAAOA,YAAY;AACnB,SAASC,OAAO;AAIhB;AACA;AACA;AACA;AACA,IAAIC,MAAM,CAACC,0BAA0B,EAAE;EACrC,MAAMC,KAAK,CAAC,uCAAuC,CAAC;AACtD,CAAC,MAAMF,MAAM,CAACC,0BAA0B,GAAG,IAAI;;AAE/C;AACA;AACA;AACA;AACA,MAAME,OAAO,GAAGC,MAAM,CAACC,IAAI,CAACF,OAAO;AAEnC,MAAMG,MAAM,GAAGP,OAAO,CAACQ,WAAW,CAAwB,UAAU,EAAEJ,OAAO,CAAC;AAE9E,MAAMK,MAAM,GAAGF,MAAM,GAAGG,SAAS,GAAGX,YAAY;AAEhD,SAUEY,cAAc,EACdC,mBAAmB,EACnBC,oBAAoB,EACpBC,kBAAkB,EAClBC,YAAY,EACZC,cAAc,EACdC,mBAAmB,QACd,gCAAgC;AAEvC;AAUA,SACEC,iBAAiB,EACjBC,OAAO,EACPC,MAAM,EACNC,OAAO,EACPC,SAAS,EACTC,SAAS,EACTC,aAAa,EAGbC,SAAS,EACTC,cAAc,EAEdC,MAAM,EACNC,aAAa,EACbC,IAAI,EACJ7B,OAAO,EACP8B,WAAW;AAGb,SAASrB,MAAM,EAAEF,MAAM","ignoreList":[]}

package/build/web/server/index.js CHANGED Viewed

@@ -1,18 +1,13 @@
 // eslint-disable-next-line import/no-unassigned-import
-import 'source-map-support/register';
+import 'source-map-support/register.js';
 import http from 'node:http';
 import https from 'node:https';
-import cloneDeep from 'lodash/cloneDeep';
-import defaults from 'lodash/defaults';
-import isFinite from 'lodash/isFinite';
-import isNumber from 'lodash/isNumber';
-import isString from 'lodash/isString';
-import toNumber from 'lodash/toNumber';
+import { cloneDeep, defaults } from 'lodash-es';
 // Polyfill required by ReactJS.
 // TODO: Double-check, if it is still required by React v19?
 // eslint-disable-next-line import/no-unassigned-import
-import 'raf/polyfill';
+import 'raf/polyfill.js';
 import serverFactory, { getDefaultCspSettings } from "./server";
 import { SCRIPT_LOCATIONS, newDefaultLogger } from "./renderer";
 import { errors } from "./utils";
@@ -22,13 +17,12 @@ export { errors, getDefaultCspSettings };
  * Normalizes a port into a number, string, or false.
  * TODO: Drop this function?
  * @param value Port name or number.
- * @return Port number (Number), name (String), or false.
+ * @return Port number (Number), name (String).
  */
 function normalizePort(value) {
-  const port = toNumber(value);
-  if (isFinite(port)) return port; /* port number */
-  if (!isNumber(port)) return value; /* named pipe */
-  return false;
+  const port = typeof value === 'string' ? parseInt(value) : value;
+  if (Number.isFinite(port)) return port; /* port number */
+  return value; /* named pipe */
 }
 /**
  * Creates and launches web-server for ReactJS application. Allows zero
@@ -177,7 +171,7 @@ export default async function launchServer(webpackConfig, options = {}) {
   /* Sets error handler for HTTP(S) server. */
   httpServer.on('error', error => {
     if (error.syscall !== 'listen') throw error;
-    const bind = isString(ops.port) ? `Pipe ${ops.port}` : `Port ${ops.port}`;
+    const bind = typeof ops.port === 'string' ? `Pipe ${ops.port}` : `Port ${ops.port}`;
     /* Human-readable message for some specific listen errors. */
     switch (error.code) {
@@ -196,7 +190,7 @@ export default async function launchServer(webpackConfig, options = {}) {
   /* Listening event handler for HTTP(S) server. */
   httpServer.on('listening', () => {
     const addr = httpServer.address();
-    const bind = isString(addr) ? `pipe ${addr}` : `port ${addr.port}`;
+    const bind = typeof addr === 'string' ? `pipe ${addr}` : `port ${addr.port}`;
     ops.logger.info(`Server listening on ${bind} in ${process.env.NODE_ENV} mode`);
   });
   httpServer.listen(ops.port);

package/build/web/server/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","names":["http","https","cloneDeep","defaults","isFinite","isNumber","isString","toNumber","serverFactory","getDefaultCspSettings","SCRIPT_LOCATIONS","newDefaultLogger","errors","normalizePort","value","port","launchServer","webpackConfig","options","ops","process","env","PORT","httpsRedirect","logger","defaultLogLevel","defaultLoggerLogLevel","expressServer","httpServer","createServer","cert","key","on","error","syscall","bind","code","exit","undefined","addr","address","info","NODE_ENV","listen"],"sources":["../../../src/server/index.ts"],"sourcesContent":["// eslint-disable-next-line import/no-unassigned-import\nimport 'source-map-support/register';\n\nimport http from 'node:http';\nimport https from 'node:https';\n\nimport cloneDeep from 'lodash/cloneDeep';\nimport defaults from 'lodash/defaults';\nimport isFinite from 'lodash/isFinite';\nimport isNumber from 'lodash/isNumber';\nimport isString from 'lodash/isString';\nimport toNumber from 'lodash/toNumber';\n\n// Polyfill required by ReactJS.\n// TODO: Double-check, if it is still required by React v19?\n// eslint-disable-next-line import/no-unassigned-import\nimport 'raf/polyfill';\n\nimport type { Configuration } from 'webpack';\n\nimport serverFactory, {\n type OptionsT as ServerOptionsT,\n type ServerT,\n getDefaultCspSettings,\n} from './server';\n\nimport { SCRIPT_LOCATIONS, newDefaultLogger } from './renderer';\n\nimport { errors } from './utils';\n\nexport type {\n BeforeRenderResT,\n BeforeRenderT,\n ConfigT,\n ServerSsrContext,\n} from './renderer';\n\nexport { errors, getDefaultCspSettings, type ServerT };\n\n/*\n Normalizes a port into a number, string, or false.\n * TODO: Drop this function?\n * @param value Port name or number.\n * @return Port number (Number), name (String), or false.\n /\nfunction normalizePort(value: number \| string) {\n const port = toNumber(value);\n if (isFinite(port)) return port; / port number /\n if (!isNumber(port)) return value; / named pipe /\n return false;\n}\n\ntype OptionsT = ServerOptionsT & {\n https?: {\n cert: string;\n key: string;\n };\n\n // TODO: Should we limit it to number \| string, and throw if it is different value?\n port?: false \| number \| string;\n};\n\n/\n Creates and launches web-server for ReactJS application. Allows zero\n * or detailed configuration, supports server-side rendering,\n * and development tools, including Hot Module Reloading (HMR).\n \n NOTE: Many of options defined below are passed down to the server and\n * renderer factories, and their declared default values are set in those\n * factories, rather than here.\n \n @param {object} webpackConfig Webpack configuration used to build\n * the frontend bundle. In production mode the server will read out of it\n * `context`, `publicPath`, and a few other parameters, necessary to locate\n * and serve the app bundle. In development mode the server will use entire\n * provided config to build the app bundle in memory, and further watch and\n * update it via HMR.\n * @param {object} [options] Additional parameters.\n * @param {Component} [options.Application] The root ReactJS component of\n * the app to use for the server-side rendering. When not provided\n * the server-side rendering is disabled.\n * @param {function} [options.beforeExpressJsError] Asynchronous callback\n * (`(server) => Promise<boolean>`) to be executed just before the default error\n * handler is added to ExpressJS server. If the callback is provided and its\n * result resolves to a truthy value, `react-utils` won't attach the default\n * error handler.\n * @param {function} [options.beforeExpressJsSetup] Asynchronous callback\n * (`(server) => Promise) to be executed right after ExpressJS server creation,\n * before any configuration is performed.\n * @param {BeforeRenderHook} [options.beforeRender] The hook to run just before\n * the server-side rendering. For each incoming request, it will be executed\n * just before the HTML markup is generated at the server. It allows to load\n * and provide the data necessary for server-side rendering, and also to inject\n * additional configuration and scripts into the generated HTML code.\n * @param {boolean} [options.noCsp] Set `true` to disable\n * Content-Security-Policy (CSP) headers altogether.\n * @param {function} [options.cspSettingsHook] A hook allowing\n * to customize [CSP](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP)\n * settings for [helmet](https://github.com/helmetjs/helmet)'s\n * `contentSecurityPolicy` middleware on per-request basis.\n \n If provided it should be a with signature: \\\n * `(defaultSettings: object, req: object)` ⇒ `object` \\\n * which gets the default settings (also used without the hook),\n * and the incoming request object. The hook response will be passed\n * as options to the helmet `contentSecurityPolicy` middleware.\n \n Currently, the default settings is the following object in production\n * environment:\n * ```js\n * {\n * directives: {\n * defaultSrc: [\"'self'\"],\n * baseUri: [\"'self'\"],\n * blockAllMixedContent: [],\n * fontSrc: [\"'self'\", 'https:', 'data:'],\n * frameAncestors: [\"'self'\"],\n * frameSrc: [\"'self'\", 'https://.youtube.com'],\n imgSrc: [\"'self'\", 'data:'],\n * objectSrc: [\"'none'\"],\n * scriptSrc: [\"'self'\", \"'unsafe-eval'\", `'nonce-UNIQUE_NONCE_VALUE'`],\n * scriptSrcAttr: [\"'none'\"],\n * styleSrc: [\"'self'\", 'https:', \"'unsafe-inline'\"],\n * upgradeInsecureRequests: [] // Removed in dev mode.\n * }\n * }\n * ```\n * It matches the default value used by Helmet with a few updates:\n * - YouTube host is whitelisted in the `frameSrc` directive to ensure\n * the {@link YouTubeVideo} component works.\n * - An unique per-request nonce is added to `scriptSrc` directive to\n * whitelist auxiliary scripts injected by react-utils. The actual nonce\n * value can be fetched by host code via `.nonce` field of `req` argument\n * of `.beforeRender` hook.\n * - `upgradeInsecureRequests` directive is removed in development mode,\n * to simplify local testing with http requests.\n * @param {string} [options.defaultLoggerLogLevel='info'] Log level for\n * the default logger, which is created if no `logger` option provided.\n * @param {boolean} [options.devMode] Pass in `true` to start the server in\n * development mode.\n * @param {string} [options.favicon] Path to the favicon to use by the server.\n * By default no favicon is used.\n * @param {object} [options.https] If provided, HTTPS server will be started,\n * instead of HTTP otherwise. The object should provide SSL certificate and key\n * via two string fields: `cert`, and `key`.\n * @param {string} [options.https.cert] SSL Certificate.\n * @param {string} [options.https.key] SSL key.\n * @param {boolean} [options.httpsRedirect=true] Pass in `true` to enable\n * automatic redirection of all incoming HTTP requests to HTTPS.\n \n To smoothly use it at `localhost` you need to run the server in HTTPS mode,\n * and also properly create and install a self-signed SSL sertificate on your\n * system. This article is helpful:\n * [How to get HTTPS working on your local development environment in 5 minutes](https://medium.freecodecamp.org/how-to-get-https-working-on-your-local-development-environment-in-5-minutes-7af615770eec)\n * @param {Logger} [options.logger] The logger to use at server side.\n * By default [`winston`](https://www.npmjs.com/package/winston) logger\n * with console transport is used. The logger you provide, or the default\n * `winston` logger otherwise, will be attached to the created ExpressJS server\n * object.\n * @param {function} [options.onExpressJsSetup] An async callback\n * (`(server) => Promise`) to be triggered when most of the server\n * configuration is completed, just before the server-side renderer,\n * and the default error handler are attached. You can use it to mount\n * custom API routes. The server-side logger can be accessed as `server.logger`.\n * @param {number\|string} [options.port=3000] The port to start the server on.\n * @param {number} [options.staticCacheSize=1.e7] The maximum\n * static cache size in bytes. Defaults to ~10 MB.\n * @param {function} [options.staticCacheController] When given, it activates,\n * and controls the static caching of generated HTML markup. When this function\n * is provided, on each incoming request it is triggered with the request\n * passed in as the argument. To attempt to serve the response from the cache\n * it should return the object with the following fields:\n * - `key: string` – the cache key for the response;\n * - `maxage?: number` – the maximum age of cached result in ms.\n * If undefined - infinite age is assumed.\n * @param {number} [options.maxSsrRounds=10] Maximum number of SSR rounds.\n * @param {number} [options.ssrTimeout=1000] SSR timeout in milliseconds,\n * defaults to 1 second.\n * @return Resolves to an object with created Express and HTTP servers.\n /\nexport default async function launchServer(\n webpackConfig: Configuration,\n options: OptionsT = {},\n): Promise<{\n expressServer: ServerT;\n httpServer: http.Server;\n}> {\n / Options normalization. /\n const ops = cloneDeep(options);\n\n // eslint-disable-next-line @typescript-eslint/prefer-nullish-coalescing\n ops.port = normalizePort(ops.port \|\| process.env.PORT \|\| 3000);\n defaults(ops, { httpsRedirect: true });\n\n // TODO: Need a separate type for normalized options, which guarantees\n // the logger is set!\n ops.logger ??= newDefaultLogger({\n defaultLogLevel: ops.defaultLoggerLogLevel,\n });\n\n / Creates servers, resolves and sets the port. /\n const expressServer = await serverFactory(webpackConfig, ops);\n\n let httpServer: http.Server;\n if (ops.https) {\n httpServer = https.createServer({\n cert: ops.https.cert,\n key: ops.https.key,\n }, expressServer as unknown as () => void);\n } else httpServer = http.createServer(expressServer as unknown as () => void);\n\n / Sets error handler for HTTP(S) server. /\n httpServer.on('error', (error: Error) => {\n if ((error as { syscall?: string }).syscall !== 'listen') throw error;\n const bind = isString(ops.port) ? `Pipe ${ops.port}` : `Port ${ops.port}`;\n\n / Human-readable message for some specific listen errors. /\n switch ((error as { code?: string }).code) {\n case 'EACCES':\n ops.logger!.error(`${bind} requires elevated privileges`);\n return process.exit(1);\n case 'EADDRINUSE':\n ops.logger!.error(`${bind} is already in use`);\n return process.exit(1);\n case undefined:\n default:\n throw error;\n }\n });\n\n / Listening event handler for HTTP(S) server. */\n httpServer.on('listening', () => {\n const addr = httpServer.address()!;\n const bind = isString(addr) ? `pipe ${addr}` : `port ${addr.port}`;\n ops.logger!.info(`Server listening on ${bind} in ${\n process.env.NODE_ENV} mode`);\n });\n\n httpServer.listen(ops.port);\n\n return {\n expressServer,\n httpServer,\n };\n}\n\nlaunchServer.SCRIPT_LOCATIONS = SCRIPT_LOCATIONS;\nlaunchServer.getDefaultCspSettings = getDefaultCspSettings;\nlaunchServer.errors = errors;\n"],"mappings":"AAAA;AACA,OAAO,6BAA6B;AAEpC,OAAOA,IAAI,MAAM,WAAW;AAC5B,OAAOC,KAAK,MAAM,YAAY;AAE9B,OAAOC,SAAS,MAAM,kBAAkB;AACxC,OAAOC,QAAQ,MAAM,iBAAiB;AACtC,OAAOC,QAAQ,MAAM,iBAAiB;AACtC,OAAOC,QAAQ,MAAM,iBAAiB;AACtC,OAAOC,QAAQ,MAAM,iBAAiB;AACtC,OAAOC,QAAQ,MAAM,iBAAiB;;AAEtC;AACA;AACA;AACA,OAAO,cAAc;AAIrB,OAAOC,aAAa,IAGlBC,qBAAqB;AAGvB,SAASC,gBAAgB,EAAEC,gBAAgB;AAE3C,SAASC,MAAM;AASf,SAASA,MAAM,EAAEH,qBAAqB;;AAEtC;AACA;AACA;AACA;AACA;AACA;AACA,SAASI,aAAaA,CAACC,KAAsB,EAAE;EAC7C,MAAMC,IAAI,GAAGR,QAAQ,CAACO,KAAK,CAAC;EAC5B,IAAIV,QAAQ,CAACW,IAAI,CAAC,EAAE,OAAOA,IAAI,CAAC,CAAC;EACjC,IAAI,CAACV,QAAQ,CAACU,IAAI,CAAC,EAAE,OAAOD,KAAK,CAAC,CAAC;EACnC,OAAO,KAAK;AACd;AAYA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAe,eAAeE,YAAYA,CACxCC,aAA4B,EAC5BC,OAAiB,GAAG,CAAC,CAAC,EAIrB;EACD;EACA,MAAMC,GAAG,GAAGjB,SAAS,CAACgB,OAAO,CAAC;;EAE9B;EACAC,GAAG,CAACJ,IAAI,GAAGF,aAAa,CAACM,GAAG,CAACJ,IAAI,IAAIK,OAAO,CAACC,GAAG,CAACC,IAAI,IAAI,IAAI,CAAC;EAC9DnB,QAAQ,CAACgB,GAAG,EAAE;IAAEI,aAAa,EAAE;EAAK,CAAC,CAAC;;EAEtC;EACA;EACAJ,GAAG,CAACK,MAAM,KAAKb,gBAAgB,CAAC;IAC9Bc,eAAe,EAAEN,GAAG,CAACO;EACvB,CAAC,CAAC;;EAEF;EACA,MAAMC,aAAa,GAAG,MAAMnB,aAAa,CAACS,aAAa,EAAEE,GAAG,CAAC;EAE7D,IAAIS,UAAuB;EAC3B,IAAIT,GAAG,CAAClB,KAAK,EAAE;IACb2B,UAAU,GAAG3B,KAAK,CAAC4B,YAAY,CAAC;MAC9BC,IAAI,EAAEX,GAAG,CAAClB,KAAK,CAAC6B,IAAI;MACpBC,GAAG,EAAEZ,GAAG,CAAClB,KAAK,CAAC8B;IACjB,CAAC,EAAEJ,aAAsC,CAAC;EAC5C,CAAC,MAAMC,UAAU,GAAG5B,IAAI,CAAC6B,YAAY,CAACF,aAAsC,CAAC;;EAE7E;EACAC,UAAU,CAACI,EAAE,CAAC,OAAO,EAAGC,KAAY,IAAK;IACvC,IAAKA,KAAK,CAA0BC,OAAO,KAAK,QAAQ,EAAE,MAAMD,KAAK;IACrE,MAAME,IAAI,GAAG7B,QAAQ,CAACa,GAAG,CAACJ,IAAI,CAAC,GAAG,QAAQI,GAAG,CAACJ,IAAI,EAAE,GAAG,QAAQI,GAAG,CAACJ,IAAI,EAAE;;IAEzE;IACA,QAASkB,KAAK,CAAuBG,IAAI;MACvC,KAAK,QAAQ;QACXjB,GAAG,CAACK,MAAM,CAAES,KAAK,CAAC,GAAGE,IAAI,+BAA+B,CAAC;QACzD,OAAOf,OAAO,CAACiB,IAAI,CAAC,CAAC,CAAC;MACxB,KAAK,YAAY;QACflB,GAAG,CAACK,MAAM,CAAES,KAAK,CAAC,GAAGE,IAAI,oBAAoB,CAAC;QAC9C,OAAOf,OAAO,CAACiB,IAAI,CAAC,CAAC,CAAC;MACxB,KAAKC,SAAS;MACd;QACE,MAAML,KAAK;IACf;EACF,CAAC,CAAC;;EAEF;EACAL,UAAU,CAACI,EAAE,CAAC,WAAW,EAAE,MAAM;IAC/B,MAAMO,IAAI,GAAGX,UAAU,CAACY,OAAO,CAAC,CAAE;IAClC,MAAML,IAAI,GAAG7B,QAAQ,CAACiC,IAAI,CAAC,GAAG,QAAQA,IAAI,EAAE,GAAG,QAAQA,IAAI,CAACxB,IAAI,EAAE;IAClEI,GAAG,CAACK,MAAM,CAAEiB,IAAI,CAAC,uBAAuBN,IAAI,OAC1Cf,OAAO,CAACC,GAAG,CAACqB,QAAQ,OAAO,CAAC;EAChC,CAAC,CAAC;EAEFd,UAAU,CAACe,MAAM,CAACxB,GAAG,CAACJ,IAAI,CAAC;EAE3B,OAAO;IACLY,aAAa;IACbC;EACF,CAAC;AACH;AAEAZ,YAAY,CAACN,gBAAgB,GAAGA,gBAAgB;AAChDM,YAAY,CAACP,qBAAqB,GAAGA,qBAAqB;AAC1DO,YAAY,CAACJ,MAAM,GAAGA,MAAM","ignoreList":[]}
1	+ {"version":3,"file":"index.js","names":["http","https","cloneDeep","defaults","serverFactory","getDefaultCspSettings","SCRIPT_LOCATIONS","newDefaultLogger","errors","normalizePort","value","port","parseInt","Number","isFinite","launchServer","webpackConfig","options","ops","process","env","PORT","httpsRedirect","logger","defaultLogLevel","defaultLoggerLogLevel","expressServer","httpServer","createServer","cert","key","on","error","syscall","bind","code","exit","undefined","addr","address","info","NODE_ENV","listen"],"sources":["../../../src/server/index.ts"],"sourcesContent":["// eslint-disable-next-line import/no-unassigned-import\nimport 'source-map-support/register.js';\n\nimport http from 'node:http';\nimport https from 'node:https';\n\nimport { cloneDeep, defaults } from 'lodash-es';\n\n// Polyfill required by ReactJS.\n// TODO: Double-check, if it is still required by React v19?\n// eslint-disable-next-line import/no-unassigned-import\nimport 'raf/polyfill.js';\n\nimport type { Configuration } from 'webpack';\n\nimport serverFactory, {\n type OptionsT as ServerOptionsT,\n type ServerT,\n getDefaultCspSettings,\n} from './server';\n\nimport { SCRIPT_LOCATIONS, newDefaultLogger } from './renderer';\n\nimport { errors } from './utils';\n\nexport type {\n BeforeRenderResT,\n BeforeRenderT,\n ConfigT,\n ServerSsrContext,\n} from './renderer';\n\nexport { errors, getDefaultCspSettings, type ServerT };\n\n/*\n Normalizes a port into a number, string, or false.\n * TODO: Drop this function?\n * @param value Port name or number.\n * @return Port number (Number), name (String).\n /\nfunction normalizePort(value: number \| string) {\n const port = typeof value === 'string' ? parseInt(value) : value;\n if (Number.isFinite(port)) return port; / port number /\n return value; / named pipe /\n}\n\ntype OptionsT = ServerOptionsT & {\n https?: {\n cert: string;\n key: string;\n };\n\n // TODO: Should we limit it to number \| string, and throw if it is different value?\n port?: false \| number \| string;\n};\n\n/\n Creates and launches web-server for ReactJS application. Allows zero\n * or detailed configuration, supports server-side rendering,\n * and development tools, including Hot Module Reloading (HMR).\n \n NOTE: Many of options defined below are passed down to the server and\n * renderer factories, and their declared default values are set in those\n * factories, rather than here.\n \n @param {object} webpackConfig Webpack configuration used to build\n * the frontend bundle. In production mode the server will read out of it\n * `context`, `publicPath`, and a few other parameters, necessary to locate\n * and serve the app bundle. In development mode the server will use entire\n * provided config to build the app bundle in memory, and further watch and\n * update it via HMR.\n * @param {object} [options] Additional parameters.\n * @param {Component} [options.Application] The root ReactJS component of\n * the app to use for the server-side rendering. When not provided\n * the server-side rendering is disabled.\n * @param {function} [options.beforeExpressJsError] Asynchronous callback\n * (`(server) => Promise<boolean>`) to be executed just before the default error\n * handler is added to ExpressJS server. If the callback is provided and its\n * result resolves to a truthy value, `react-utils` won't attach the default\n * error handler.\n * @param {function} [options.beforeExpressJsSetup] Asynchronous callback\n * (`(server) => Promise) to be executed right after ExpressJS server creation,\n * before any configuration is performed.\n * @param {BeforeRenderHook} [options.beforeRender] The hook to run just before\n * the server-side rendering. For each incoming request, it will be executed\n * just before the HTML markup is generated at the server. It allows to load\n * and provide the data necessary for server-side rendering, and also to inject\n * additional configuration and scripts into the generated HTML code.\n * @param {boolean} [options.noCsp] Set `true` to disable\n * Content-Security-Policy (CSP) headers altogether.\n * @param {function} [options.cspSettingsHook] A hook allowing\n * to customize [CSP](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP)\n * settings for [helmet](https://github.com/helmetjs/helmet)'s\n * `contentSecurityPolicy` middleware on per-request basis.\n \n If provided it should be a with signature: \\\n * `(defaultSettings: object, req: object)` ⇒ `object` \\\n * which gets the default settings (also used without the hook),\n * and the incoming request object. The hook response will be passed\n * as options to the helmet `contentSecurityPolicy` middleware.\n \n Currently, the default settings is the following object in production\n * environment:\n * ```js\n * {\n * directives: {\n * defaultSrc: [\"'self'\"],\n * baseUri: [\"'self'\"],\n * blockAllMixedContent: [],\n * fontSrc: [\"'self'\", 'https:', 'data:'],\n * frameAncestors: [\"'self'\"],\n * frameSrc: [\"'self'\", 'https://.youtube.com'],\n imgSrc: [\"'self'\", 'data:'],\n * objectSrc: [\"'none'\"],\n * scriptSrc: [\"'self'\", \"'unsafe-eval'\", `'nonce-UNIQUE_NONCE_VALUE'`],\n * scriptSrcAttr: [\"'none'\"],\n * styleSrc: [\"'self'\", 'https:', \"'unsafe-inline'\"],\n * upgradeInsecureRequests: [] // Removed in dev mode.\n * }\n * }\n * ```\n * It matches the default value used by Helmet with a few updates:\n * - YouTube host is whitelisted in the `frameSrc` directive to ensure\n * the {@link YouTubeVideo} component works.\n * - An unique per-request nonce is added to `scriptSrc` directive to\n * whitelist auxiliary scripts injected by react-utils. The actual nonce\n * value can be fetched by host code via `.nonce` field of `req` argument\n * of `.beforeRender` hook.\n * - `upgradeInsecureRequests` directive is removed in development mode,\n * to simplify local testing with http requests.\n * @param {string} [options.defaultLoggerLogLevel='info'] Log level for\n * the default logger, which is created if no `logger` option provided.\n * @param {boolean} [options.devMode] Pass in `true` to start the server in\n * development mode.\n * @param {string} [options.favicon] Path to the favicon to use by the server.\n * By default no favicon is used.\n * @param {object} [options.https] If provided, HTTPS server will be started,\n * instead of HTTP otherwise. The object should provide SSL certificate and key\n * via two string fields: `cert`, and `key`.\n * @param {string} [options.https.cert] SSL Certificate.\n * @param {string} [options.https.key] SSL key.\n * @param {boolean} [options.httpsRedirect=true] Pass in `true` to enable\n * automatic redirection of all incoming HTTP requests to HTTPS.\n \n To smoothly use it at `localhost` you need to run the server in HTTPS mode,\n * and also properly create and install a self-signed SSL sertificate on your\n * system. This article is helpful:\n * [How to get HTTPS working on your local development environment in 5 minutes](https://medium.freecodecamp.org/how-to-get-https-working-on-your-local-development-environment-in-5-minutes-7af615770eec)\n * @param {Logger} [options.logger] The logger to use at server side.\n * By default [`winston`](https://www.npmjs.com/package/winston) logger\n * with console transport is used. The logger you provide, or the default\n * `winston` logger otherwise, will be attached to the created ExpressJS server\n * object.\n * @param {function} [options.onExpressJsSetup] An async callback\n * (`(server) => Promise`) to be triggered when most of the server\n * configuration is completed, just before the server-side renderer,\n * and the default error handler are attached. You can use it to mount\n * custom API routes. The server-side logger can be accessed as `server.logger`.\n * @param {number\|string} [options.port=3000] The port to start the server on.\n * @param {number} [options.staticCacheSize=1.e7] The maximum\n * static cache size in bytes. Defaults to ~10 MB.\n * @param {function} [options.staticCacheController] When given, it activates,\n * and controls the static caching of generated HTML markup. When this function\n * is provided, on each incoming request it is triggered with the request\n * passed in as the argument. To attempt to serve the response from the cache\n * it should return the object with the following fields:\n * - `key: string` – the cache key for the response;\n * - `maxage?: number` – the maximum age of cached result in ms.\n * If undefined - infinite age is assumed.\n * @param {number} [options.maxSsrRounds=10] Maximum number of SSR rounds.\n * @param {number} [options.ssrTimeout=1000] SSR timeout in milliseconds,\n * defaults to 1 second.\n * @return Resolves to an object with created Express and HTTP servers.\n /\nexport default async function launchServer(\n webpackConfig: Configuration,\n options: OptionsT = {},\n): Promise<{\n expressServer: ServerT;\n httpServer: http.Server;\n}> {\n / Options normalization. /\n const ops = cloneDeep(options);\n\n // eslint-disable-next-line @typescript-eslint/prefer-nullish-coalescing\n ops.port = normalizePort(ops.port \|\| process.env.PORT \|\| 3000);\n defaults(ops, { httpsRedirect: true });\n\n // TODO: Need a separate type for normalized options, which guarantees\n // the logger is set!\n ops.logger ??= newDefaultLogger({\n defaultLogLevel: ops.defaultLoggerLogLevel,\n });\n\n / Creates servers, resolves and sets the port. /\n const expressServer = await serverFactory(webpackConfig, ops);\n\n let httpServer: http.Server;\n if (ops.https) {\n httpServer = https.createServer({\n cert: ops.https.cert,\n key: ops.https.key,\n }, expressServer as unknown as () => void);\n } else httpServer = http.createServer(expressServer as unknown as () => void);\n\n / Sets error handler for HTTP(S) server. /\n httpServer.on('error', (error: Error) => {\n if ((error as { syscall?: string }).syscall !== 'listen') throw error;\n const bind = typeof ops.port === 'string' ? `Pipe ${ops.port}` : `Port ${ops.port}`;\n\n / Human-readable message for some specific listen errors. /\n switch ((error as { code?: string }).code) {\n case 'EACCES':\n ops.logger!.error(`${bind} requires elevated privileges`);\n return process.exit(1);\n case 'EADDRINUSE':\n ops.logger!.error(`${bind} is already in use`);\n return process.exit(1);\n case undefined:\n default:\n throw error;\n }\n });\n\n / Listening event handler for HTTP(S) server. */\n httpServer.on('listening', () => {\n const addr = httpServer.address()!;\n const bind = typeof addr === 'string' ? `pipe ${addr}` : `port ${addr.port}`;\n ops.logger!.info(`Server listening on ${bind} in ${\n process.env.NODE_ENV} mode`);\n });\n\n httpServer.listen(ops.port);\n\n return {\n expressServer,\n httpServer,\n };\n}\n\nlaunchServer.SCRIPT_LOCATIONS = SCRIPT_LOCATIONS;\nlaunchServer.getDefaultCspSettings = getDefaultCspSettings;\nlaunchServer.errors = errors;\n"],"mappings":"AAAA;AACA,OAAO,gCAAgC;AAEvC,OAAOA,IAAI,MAAM,WAAW;AAC5B,OAAOC,KAAK,MAAM,YAAY;AAE9B,SAASC,SAAS,EAAEC,QAAQ,QAAQ,WAAW;;AAE/C;AACA;AACA;AACA,OAAO,iBAAiB;AAIxB,OAAOC,aAAa,IAGlBC,qBAAqB;AAGvB,SAASC,gBAAgB,EAAEC,gBAAgB;AAE3C,SAASC,MAAM;AASf,SAASA,MAAM,EAAEH,qBAAqB;;AAEtC;AACA;AACA;AACA;AACA;AACA;AACA,SAASI,aAAaA,CAACC,KAAsB,EAAE;EAC7C,MAAMC,IAAI,GAAG,OAAOD,KAAK,KAAK,QAAQ,GAAGE,QAAQ,CAACF,KAAK,CAAC,GAAGA,KAAK;EAChE,IAAIG,MAAM,CAACC,QAAQ,CAACH,IAAI,CAAC,EAAE,OAAOA,IAAI,CAAC,CAAC;EACxC,OAAOD,KAAK,CAAC,CAAC;AAChB;AAYA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAe,eAAeK,YAAYA,CACxCC,aAA4B,EAC5BC,OAAiB,GAAG,CAAC,CAAC,EAIrB;EACD;EACA,MAAMC,GAAG,GAAGhB,SAAS,CAACe,OAAO,CAAC;;EAE9B;EACAC,GAAG,CAACP,IAAI,GAAGF,aAAa,CAACS,GAAG,CAACP,IAAI,IAAIQ,OAAO,CAACC,GAAG,CAACC,IAAI,IAAI,IAAI,CAAC;EAC9DlB,QAAQ,CAACe,GAAG,EAAE;IAAEI,aAAa,EAAE;EAAK,CAAC,CAAC;;EAEtC;EACA;EACAJ,GAAG,CAACK,MAAM,KAAKhB,gBAAgB,CAAC;IAC9BiB,eAAe,EAAEN,GAAG,CAACO;EACvB,CAAC,CAAC;;EAEF;EACA,MAAMC,aAAa,GAAG,MAAMtB,aAAa,CAACY,aAAa,EAAEE,GAAG,CAAC;EAE7D,IAAIS,UAAuB;EAC3B,IAAIT,GAAG,CAACjB,KAAK,EAAE;IACb0B,UAAU,GAAG1B,KAAK,CAAC2B,YAAY,CAAC;MAC9BC,IAAI,EAAEX,GAAG,CAACjB,KAAK,CAAC4B,IAAI;MACpBC,GAAG,EAAEZ,GAAG,CAACjB,KAAK,CAAC6B;IACjB,CAAC,EAAEJ,aAAsC,CAAC;EAC5C,CAAC,MAAMC,UAAU,GAAG3B,IAAI,CAAC4B,YAAY,CAACF,aAAsC,CAAC;;EAE7E;EACAC,UAAU,CAACI,EAAE,CAAC,OAAO,EAAGC,KAAY,IAAK;IACvC,IAAKA,KAAK,CAA0BC,OAAO,KAAK,QAAQ,EAAE,MAAMD,KAAK;IACrE,MAAME,IAAI,GAAG,OAAOhB,GAAG,CAACP,IAAI,KAAK,QAAQ,GAAG,QAAQO,GAAG,CAACP,IAAI,EAAE,GAAG,QAAQO,GAAG,CAACP,IAAI,EAAE;;IAEnF;IACA,QAASqB,KAAK,CAAuBG,IAAI;MACvC,KAAK,QAAQ;QACXjB,GAAG,CAACK,MAAM,CAAES,KAAK,CAAC,GAAGE,IAAI,+BAA+B,CAAC;QACzD,OAAOf,OAAO,CAACiB,IAAI,CAAC,CAAC,CAAC;MACxB,KAAK,YAAY;QACflB,GAAG,CAACK,MAAM,CAAES,KAAK,CAAC,GAAGE,IAAI,oBAAoB,CAAC;QAC9C,OAAOf,OAAO,CAACiB,IAAI,CAAC,CAAC,CAAC;MACxB,KAAKC,SAAS;MACd;QACE,MAAML,KAAK;IACf;EACF,CAAC,CAAC;;EAEF;EACAL,UAAU,CAACI,EAAE,CAAC,WAAW,EAAE,MAAM;IAC/B,MAAMO,IAAI,GAAGX,UAAU,CAACY,OAAO,CAAC,CAAE;IAClC,MAAML,IAAI,GAAG,OAAOI,IAAI,KAAK,QAAQ,GAAG,QAAQA,IAAI,EAAE,GAAG,QAAQA,IAAI,CAAC3B,IAAI,EAAE;IAC5EO,GAAG,CAACK,MAAM,CAAEiB,IAAI,CAAC,uBAAuBN,IAAI,OAC1Cf,OAAO,CAACC,GAAG,CAACqB,QAAQ,OAAO,CAAC;EAChC,CAAC,CAAC;EAEFd,UAAU,CAACe,MAAM,CAACxB,GAAG,CAACP,IAAI,CAAC;EAE3B,OAAO;IACLe,aAAa;IACbC;EACF,CAAC;AACH;AAEAZ,YAAY,CAACT,gBAAgB,GAAGA,gBAAgB;AAChDS,YAAY,CAACV,qBAAqB,GAAGA,qBAAqB;AAC1DU,YAAY,CAACP,MAAM,GAAGA,MAAM","ignoreList":[]}

package/build/web/server/renderer.js CHANGED Viewed

@@ -2,6 +2,8 @@
  * ExpressJS middleware for server-side rendering of a ReactJS app.
  */
+import { Buffer } from 'node:buffer';
+import { createCipheriv, randomBytes } from 'node:crypto';
 import fs from 'node:fs';
 import path from 'node:path';
 import { Writable } from 'node:stream';
@@ -9,23 +11,22 @@ import { brotliCompress, brotliDecompress } from 'node:zlib';
 import winston from 'winston';
 import { GlobalStateProvider, SsrContext } from '@dr.pogodin/react-global-state';
 import { timer } from '@dr.pogodin/js-utils';
-import clone from 'lodash/clone';
-import cloneDeep from 'lodash/cloneDeep';
-import defaults from 'lodash/defaults';
-import get from 'lodash/get';
-import isString from 'lodash/isString';
-import mapValues from 'lodash/mapValues';
-import omit from 'lodash/omit';
+import { cloneDeep, defaults, get, mapValues } from 'lodash-es';
 import config from 'config';
-import forge from 'node-forge';
 import { prerenderToNodeStream } from 'react-dom/static';
 import { HelmetProvider } from '@dr.pogodin/react-helmet';
 import { StaticRouter } from 'react-router';
 import serializeJs from 'serialize-javascript';
 import { setBuildInfo } from "../shared/utils/isomorphy/buildInfo";
 import Cache from "./Cache";
+// @ts-expect-error "Property 'SECRET' does not exist on type 'IConfig'."
+// eslint-disable-next-line @typescript-eslint/no-unused-vars
 import { jsx as _jsx } from "react/jsx-runtime";
-const sanitizedConfig = omit(config, 'SECRET');
+const {
+  SECRET,
+  ...sanitizedConfig
+} = config;
 // Note: These type definitions for logger are copied from Winston logger,
 // then simplified to make it easier to fit an alternative logger into this
@@ -87,27 +88,15 @@ function readChunkGroupsJson(buildDir) {
 /**
  * Prepares a new Cipher for data encryption.
- * @param key Encryption key (32-bit random key is expected, see
- *  node-forge documentation, in case of doubts).
- * @return Resolves to the object with two fields:
+ * @param key Encryption key (32-bit random, Base64-encoded key is expected).
+ * @return Returns a tuple of:
  *  1. cipher - a new Cipher, ready for encryption;
  *  2. iv - initial vector used by the cipher.
  */
-async function prepareCipher(key) {
-  return new Promise((resolve, reject) => {
-    forge.random.getBytes(32, (err, iv) => {
-      if (err) reject(err);else {
-        const cipher = forge.cipher.createCipher('AES-CBC', key);
-        cipher.start({
-          iv
-        });
-        resolve({
-          cipher,
-          iv
-        });
-      }
-    });
-  });
+function prepareCipher(key) {
+  const iv = randomBytes(16);
+  const cipher = createCipheriv('AES-256-CBC', Buffer.from(key, 'base64'), iv);
+  return [cipher, iv];
 }
 /**
@@ -150,7 +139,7 @@ function groupExtraScripts(scripts = []) {
     [SCRIPT_LOCATIONS.HEAD_OPEN]: ''
   };
   for (const script of scripts) {
-    if (isString(script)) {
+    if (typeof script === 'string') {
       if (script) res[SCRIPT_LOCATIONS.DEFAULT] += script;
     } else if (script.code) {
       if (script.location in res) res[script.location] += script.code;else throw Error(`Invalid location "${script.location}"`);
@@ -223,7 +212,9 @@ export function newDefaultLogger({
  * @return Created middleware.
  */
 export default function factory(webpackConfig, options) {
-  const ops = defaults(clone(options), {
+  const ops = defaults({
+    ...options
+  }, {
     beforeRender: async () => Promise.resolve({}),
     maxSsrRounds: 10,
     ssrTimeout: 1000,
@@ -299,17 +290,12 @@ export default function factory(webpackConfig, options) {
         }
       }
       const brr = ops.beforeRender(req, sanitizedConfig);
-      const [{
+      const {
         configToInject,
         extraScripts,
         initialState
-      }, {
-        cipher,
-        iv
-      }] = await Promise.all([
-      // NOTE: Written this way to avoid triggering the "await-thenable"
-      // ESLint rule.
-      brr instanceof Promise ? brr : Promise.resolve(brr), prepareCipher(buildInfo.key)]);
+      } = await brr;
+      const [cipher, iv] = prepareCipher(buildInfo.key);
       let helmet;
       // Gets the mapping between code chunk names and their asset files.
@@ -429,9 +415,7 @@ export default function factory(webpackConfig, options) {
         ignoreFunction: true,
         unsafe: true
       });
-      cipher.update(forge.util.createBuffer(payload, 'utf8'));
-      cipher.finish();
-      const INJ = forge.util.encode64(`${iv}${cipher.output.data}`);
+      const INJ = Buffer.concat([iv, cipher.update(payload, 'utf8'), cipher.final()]).toString('base64');
       const chunkSet = new Set();
       // TODO: "main" chunk has to be added explicitly,