@fujocoded/astro-smooth-actions 0.0.0

package/README.md

@@ -0,0 +1,299 @@
+# `@fujocoded/astro-smooth-actions`
+
+## What is `@fujocoded/astro-smooth-actions`?
+
+An Astro integration that keeps your form Actions nice and smooth, even when the
+visitor has no client-side JavaScript. You install it, your visitor submits a
+form, and they land back on a clean page. No `Confirm Form Resubmission` prompt
+on refresh, no leftover action query string cluttering the URL, and the action
+result still shows up right where you expect it.
+
+## What's included in `@fujocoded/astro-smooth-actions`?
+
+- `astroSmoothActions()` => the integration you register in `astro.config.mjs`.
+  It routes every form action through a POST/Redirect/GET cycle, so the visitor
+  ends up on a clean page
+- `getActionInput()` => reads back the form fields behind the last action
+  result, so you can show the visitor exactly what they submitted
+
+## Wait…what's wrong with plain forms?
+
+A plain HTML form sends your data straight to the server:
+
+```astro
+<form method="POST" action={actions.subscribe}>...</form>
+```
+
+There, the server runs the action and renders the page in the same response.
+Then it sends your visitor on their way and back to a page that came from a form
+submission.
+
+Now two things can go wrong:
+
+- Refresh, and the browser asks them to `Confirm Form Resubmission` (because
+  reloading re-sends the request and re-runs the action)
+- The address bar still shows the action's query string, so the URL is not clean
+  to bookmark or share, and a refresh can retrigger things like notifications
+
+**The fix is an old web pattern called POST/Redirect/GET.** Instead of a page,
+your server answers the POST with a redirect. The browser follows it with a fresh
+GET, which means the page your visitor sees has no form body behind it. Refresh reloads that page, and the URL stays clean.
+
+One extra problem: the redirect drops the POST body, which means the action
+result would normally disappear right along with it. This is (also) where
+`@fujocoded/astro-smooth-actions` comes in! It will:
+
+1. Save the result and your submitted fields before the redirect
+2. Read them back on the fresh GET
+
+**tl;dr:** write your forms and actions the normal way, and the clean page comes with no
+extra work.
+
+## Setup
+
+1. Install the package:
+
+   ```bash
+   npm install @fujocoded/astro-smooth-actions
+   ```
+
+2. Register the integration:
+
+   ```js
+   // astro.config.mjs
+   import { defineConfig } from "astro/config";
+   import astroSmoothActions from "@fujocoded/astro-smooth-actions";
+
+   export default defineConfig({
+     integrations: [astroSmoothActions()],
+   });
+   ```
+
+3. Make sure session storage is available. The integration stashes each action
+   result in Astro's session between the POST and the redirect, so it needs a
+   [session driver or an adapter](https://docs.astro.build/en/guides/sessions/).
+
+> [!WARNING]
+>
+> Without a session driver or adapter, the integration has nowhere to stash
+> results, so it cannot smooth anything. It logs a warning when Astro starts and
+> your forms fall back to Astro's normal behavior. No crash, but no smoothing.
+> The same fallback covers you while running the live site: if a session write
+> ever fails, your form actions still run instead of failing hard.
+
+## Okay how do I _actually_ do stuff with this?
+
+The [`__examples__/`](./__examples__/) folder has runnable Astro apps you can
+copy from. Each one has an `index` page with success and error messaging, plus a
+`special-cases` page covering `ACTION_INPUT_CONTROL`, comma-separated field
+lists, and `ACTION_INPUT_NONE`:
+
+- [`astro-7`](./__examples__/astro-7/) => the demo on the latest Astro
+- [`astro-6`](./__examples__/astro-6/) and [`astro-5`](./__examples__/astro-5/)
+  => the same demo pinned to those Astro versions
+
+## What happens on each submit
+
+> [!NOTE]
+>
+> This wraps the pattern Astro's own docs describe in ["Advanced: Persist action
+> results with a
+> session"](https://docs.astro.build/en/guides/actions/#advanced-persist-action-results-with-a-session).
+> Astro recommends it for keeping form actions working without client-side
+> JavaScript. This package installs that middleware for you, so you do not copy
+> it into every project.
+
+Once the integration is registered, every form action flows through its
+middleware, which does its work across two sequential requests:
+
+On the form action POST, it:
+
+1. Catches the POST before the page renders
+2. Runs the action on the server
+3. Stores the serialized result in the session, plus the restorable values and
+   hidden-field markers from your form fields
+4. Redirects the browser to a clean page, either the action destination path (on
+   success) or the page the visitor submitted from (on error)
+
+Then, on the redirected GET, it:
+
+1. Hands the stored result to `Astro.getActionResult()`, so it can be returned
+   to you as the action results
+2. Exposes the submitted fields through `getActionInput()`
+3. Clears the stored result and its cookie, so a refresh does not replay the
+   action
+
+At the end of this, the page your visitor sees is a plain page request with no
+submission data, which behaves the way we've all come to love and expect.
+
+> [!NOTE]
+>
+> Each action payload is keyed to a per-session token in a short-lived cookie, so
+> one route or visitor cannot read another's stored result.
+
+## Showing the user what they submitted
+
+In addition to making the submission experience smooth, this integration also
+keeps the raw form fields that produced the last action result.
+`getActionInput()` hands them back so you can repopulate a form after the
+redirect drops the POST body. On a page with more than one form, it also tells
+you which form's submission produced the current result, so you can show the
+error next to the right one:
+
+```astro
+---
+import { actions } from "astro:actions";
+import { getActionInput } from "@fujocoded/astro-smooth-actions";
+
+const result = Astro.getActionResult(actions.deleteEntry);
+const input = await getActionInput({
+  locals: Astro.locals,
+  action: actions.deleteEntry,
+});
+---
+
+{input?.id === entry.id && result?.error && <p>{result.error.message}</p>}
+```
+
+What you get back:
+
+- String fields keep their full submitted value
+- A field name that shows up more than once comes back as a string array, in
+  submission order, so checkbox groups stay intact
+- File inputs come back as `null`, because they cannot be restored from a
+  session store
+- Common sensitive field names come back as `null` by default, including
+  password, passcode, secret, token, API key, PIN, and OTP fields
+- The stored input clears after the redirect target reads it once
+
+## Skipping fields
+
+`@fujocoded/astro-smooth-actions` will round-trip your fields back to you, but
+some of their values (like passwords) should never come back, let alone get
+saved into a session at all.
+
+> [!IMPORTANT]
+>
+> Stored form values are a UX convenience, not a security boundary. Reach for
+> `excludeFields` or `ACTION_INPUT_CONTROL` for any field whose submitted value
+> should never be replayed into HTML. Excluded fields still appear in stored
+> input as `null`, so consumers can distinguish them from fields that were never
+> submitted.
+
+How to exclude fields depends on how you want to exclude them.
+
+### Skipping fields by name
+
+You may hope the middleware could just skip every `<input type="password">`, but
+browsers do not send an input's `type` with the form data. Since there's no way
+to tell a password field from a plain text one, we do so by name. A built-in
+list of sensitive names has its values hidden by default, and you can change
+that list project-wide in the config.
+
+The default list is exported as `DEFAULT_EXCLUDED_FIELDS`. Spread it into your
+own array to keep the built-ins and add a few more:
+
+```js
+// astro.config.mjs
+import { defineConfig } from "astro/config";
+import astroSmoothActions, {
+  DEFAULT_EXCLUDED_FIELDS,
+} from "@fujocoded/astro-smooth-actions";
+
+export default defineConfig({
+  integrations: [
+    astroSmoothActions({
+      input: {
+        excludeFields: [
+          ...DEFAULT_EXCLUDED_FIELDS,
+          "backupEmail",
+          "inviteCode",
+        ],
+      },
+    }),
+  ],
+});
+```
+
+> [!IMPORTANT]
+>
+> Setting `excludeFields` replaces the whole default list, it does not add to it.
+> Keep it to the empty array (`[]`) to include all fields.
+
+Matching is forgiving about formatting: names are compared after lowercasing and
+stripping punctuation, so `backupEmail`, `backup-email`, and `backup_email` all
+count as the same field.
+
+### Skipping individual fields in forms
+
+When a field only needs skipping on one form, add the input control right in the
+markup:
+
+```astro
+---
+import { ACTION_INPUT_CONTROL } from "@fujocoded/astro-smooth-actions";
+---
+
+<form method="POST" action={actions.updateProfile}>
+  <input type="hidden" name={ACTION_INPUT_CONTROL} value="backupEmail" />
+  <input name="displayName" />
+  <input name="backupEmail" />
+  <button>Save</button>
+</form>
+```
+
+You can repeat the control or pass a comma-separated list:
+
+```html
+<input
+  type="hidden"
+  name="astro-smooth-actions:input"
+  value="backupEmail, inviteCode"
+/>
+```
+
+### Skipping a whole form
+
+To skip storage for a whole form, like a login form where nothing should come
+back:
+
+```astro
+---
+import {
+  ACTION_INPUT_CONTROL,
+  ACTION_INPUT_NONE,
+} from "@fujocoded/astro-smooth-actions";
+---
+
+<form method="POST" action={actions.login}>
+  <input type="hidden" name={ACTION_INPUT_CONTROL} value={ACTION_INPUT_NONE} />
+  <input name="email" />
+  <input name="password" type="password" />
+  <button>Log in</button>
+</form>
+```
+
+The exported `ACTION_INPUT_NONE` sentinel disables input storage for the whole
+form. Any other value on the same control is treated as one or more field names
+to omit.
+
+### Skipping a whole action
+
+To disable input storage for a whole action, configure the integration with the
+action name Astro exposes to middleware:
+
+```js
+// astro.config.mjs
+import { defineConfig } from "astro/config";
+import astroSmoothActions from "@fujocoded/astro-smooth-actions";
+
+export default defineConfig({
+  integrations: [
+    astroSmoothActions({
+      input: {
+        excludeActions: ["actions.login"],
+      },
+    }),
+  ],
+});
+```

package/dist/_virtual/rolldown_runtime.js

@@ -0,0 +1,18 @@
+//#region rolldown:runtime
+var __defProp = Object.defineProperty;
+var __export = (all, symbols) => {
+	let target = {};
+	for (var name in all) {
+		__defProp(target, name, {
+			get: all[name],
+			enumerable: true
+		});
+	}
+	if (symbols) {
+		__defProp(target, Symbol.toStringTag, { value: "Module" });
+	}
+	return target;
+};
+
+//#endregion
+export { __export };

package/dist/config.d.ts

@@ -0,0 +1,38 @@
+//#region src/config.d.ts
+type AstroSmoothActionsInputOptions = {
+  /**
+   * Optional. Action names whose submitted fields are never stored, so
+   * `getActionInput()` returns `undefined` for them. When omitted, every
+   * action's input is stored, although individual values may still come back
+   * `null` via `excludeFields`.
+   *
+   * Use the action's path: "login", or "user.login" for an action nested in a
+   * group. "actions.login" works too, but the leading "actions." that Astro
+   * adds is optional.
+   *
+   * To check the correct name, comment the integration out and submit the form.
+   * The browser's address bar will show the name at the end of the url, like
+   * `?_action=actions.login`. (With the integration on, you can look at the
+   * POST request in the Network tab instead)
+   * */
+  excludeActions?: string[];
+  /**
+   * Optional. The full list of field names whose submitted values are never
+   * stored. The field still comes back from `getActionInput()` as `null`, so you
+   * can still tell it apart from a field that was never submitted. When
+   * omitted, the built-in `DEFAULT_EXCLUDED_FIELDS` (password, token, etc.)
+   * is used.
+   *
+   * Setting this replaces the defaults, it does not add to them. To keep them,
+   * spread `DEFAULT_EXCLUDED_FIELDS` into your array. Names are matched after
+   * lowercasing and stripping punctuation, so "backupEmail" and "backup-email"
+   * are the same field.
+   */
+  excludeFields?: string[];
+};
+type AstroSmoothActionsConfig = {
+  input?: AstroSmoothActionsInputOptions;
+};
+declare const DEFAULT_EXCLUDED_FIELDS: readonly ["password", "currentPassword", "newPassword", "confirmPassword", "passcode", "secret", "token", "csrfToken", "apiKey", "pin", "otp"];
+//#endregion
+export { AstroSmoothActionsConfig, AstroSmoothActionsInputOptions, DEFAULT_EXCLUDED_FIELDS };

package/dist/config.js

@@ -0,0 +1,21 @@
+//#region src/config.ts
+const DEFAULT_EXCLUDED_FIELDS = [
+	"password",
+	"currentPassword",
+	"newPassword",
+	"confirmPassword",
+	"passcode",
+	"secret",
+	"token",
+	"csrfToken",
+	"apiKey",
+	"pin",
+	"otp"
+];
+const normalizeConfig = (config = {}) => ({ input: {
+	excludeActions: config.input?.excludeActions ?? [],
+	excludeFields: config.input?.excludeFields ?? [...DEFAULT_EXCLUDED_FIELDS]
+} });
+
+//#endregion
+export { DEFAULT_EXCLUDED_FIELDS, normalizeConfig };

package/dist/controls.d.ts

@@ -0,0 +1,5 @@
+//#region src/controls.d.ts
+declare const ACTION_INPUT_CONTROL = "astro-smooth-actions:input";
+declare const ACTION_INPUT_NONE = "none";
+//#endregion
+export { ACTION_INPUT_CONTROL, ACTION_INPUT_NONE };

package/dist/controls.js

@@ -0,0 +1,6 @@
+//#region src/controls.ts
+const ACTION_INPUT_CONTROL = "astro-smooth-actions:input";
+const ACTION_INPUT_NONE = "none";
+
+//#endregion
+export { ACTION_INPUT_CONTROL, ACTION_INPUT_NONE };

package/dist/index.d.ts

@@ -0,0 +1,36 @@
+import { ActionInput } from "./input.js";
+import { middleware_d_exports } from "./middleware.js";
+import { AstroSmoothActionsConfig, AstroSmoothActionsInputOptions, DEFAULT_EXCLUDED_FIELDS } from "./config.js";
+import { ACTION_INPUT_CONTROL, ACTION_INPUT_NONE } from "./controls.js";
+import { AstroIntegration } from "astro";
+
+//#region src/index.d.ts
+type MiddlewareModule = typeof middleware_d_exports;
+/**
+ * Reads back the raw form fields that produced the latest action result, so you
+ * can show the visitor exactly what they submitted.
+ *
+ * Pass the current page's `locals` and the action you rendered the result for:
+ *
+ * ```ts
+ * const input = await getActionInput({
+ *   locals: Astro.locals,
+ *   action: actions.subscribe,
+ * });
+ * ```
+ *
+ * Returns an object of the stored fields, where each one is either:
+ *
+ * - A string holding the submitted value, for a field submitted once
+ * - An array of strings, in submission order, for a field submitted more than
+ *   once (several inputs sharing a name, or a multi-select)
+ * - `null` for a submitted field whose value was intentionally not stored, such
+ *   as a file input or an excluded field
+ *
+ * Returns `undefined` when the latest result came from a different action, or
+ * when input storage was disabled for the action or form.
+ */
+declare const getActionInput: (...args: Parameters<MiddlewareModule["getActionInput"]>) => Promise<ActionInput | undefined>;
+declare function astroSmoothActions(config?: AstroSmoothActionsConfig): AstroIntegration;
+//#endregion
+export { ACTION_INPUT_CONTROL, ACTION_INPUT_NONE, type AstroSmoothActionsConfig, type AstroSmoothActionsInputOptions, DEFAULT_EXCLUDED_FIELDS, astroSmoothActions as default, getActionInput };

package/dist/index.js

@@ -0,0 +1,70 @@
+import { DEFAULT_EXCLUDED_FIELDS, normalizeConfig } from "./config.js";
+import { ACTION_INPUT_CONTROL, ACTION_INPUT_NONE } from "./controls.js";
+import { readFile } from "node:fs/promises";
+import path from "node:path";
+
+//#region src/index.ts
+const CONFIG_MODULE_ID = "fujocoded:astro-smooth-actions/config";
+const RESOLVED_CONFIG_MODULE_ID = `\0${CONFIG_MODULE_ID}`;
+const createConfigPlugin = (config) => ({
+	name: "fujocoded:astro-smooth-actions-config",
+	resolveId(id) {
+		if (id === CONFIG_MODULE_ID) return RESOLVED_CONFIG_MODULE_ID;
+	},
+	load(id) {
+		if (id === RESOLVED_CONFIG_MODULE_ID) return `export const astroSmoothActionsConfig = ${JSON.stringify(normalizeConfig(config))};`;
+	}
+});
+let middlewareModule = null;
+/**
+* Reads back the raw form fields that produced the latest action result, so you
+* can show the visitor exactly what they submitted.
+*
+* Pass the current page's `locals` and the action you rendered the result for:
+*
+* ```ts
+* const input = await getActionInput({
+*   locals: Astro.locals,
+*   action: actions.subscribe,
+* });
+* ```
+*
+* Returns an object of the stored fields, where each one is either:
+*
+* - A string holding the submitted value, for a field submitted once
+* - An array of strings, in submission order, for a field submitted more than
+*   once (several inputs sharing a name, or a multi-select)
+* - `null` for a submitted field whose value was intentionally not stored, such
+*   as a file input or an excluded field
+*
+* Returns `undefined` when the latest result came from a different action, or
+* when input storage was disabled for the action or form.
+*/
+const getActionInput = async (...args) => {
+	if (!middlewareModule) middlewareModule = await import("./middleware.js");
+	return middlewareModule.getActionInput(...args);
+};
+function astroSmoothActions(config = {}) {
+	return {
+		name: "astro-smooth-actions",
+		hooks: {
+			"astro:config:setup": ({ addMiddleware, updateConfig }) => {
+				updateConfig({ vite: { plugins: [createConfigPlugin(config)] } });
+				addMiddleware({
+					order: "pre",
+					entrypoint: path.join(import.meta.dirname, "./middleware.js")
+				});
+			},
+			"astro:config:done": async ({ config: config$1, injectTypes, logger }) => {
+				if (!config$1.session?.driver && !config$1.adapter) logger.warn("The astro-smooth-actions integration uses Astro's session storage, which needs a session driver or an adapter, and you have neither configured. Your form actions still run, but without the smooth redirect. To turn it on, set one up: https://docs.astro.build/en/guides/sessions/");
+				injectTypes({
+					filename: "types.d.ts",
+					content: await readFile(path.join(import.meta.dirname, "./types.d.ts"), { encoding: "utf-8" })
+				});
+			}
+		}
+	};
+}
+
+//#endregion
+export { ACTION_INPUT_CONTROL, ACTION_INPUT_NONE, DEFAULT_EXCLUDED_FIELDS, astroSmoothActions as default, getActionInput };

package/dist/input.d.ts

@@ -0,0 +1,4 @@
+//#region src/input.d.ts
+type ActionInput = Record<string, string | string[] | null>;
+//#endregion
+export { ActionInput };

package/dist/input.js

@@ -0,0 +1,58 @@
+import { ACTION_INPUT_CONTROL, ACTION_INPUT_NONE } from "./controls.js";
+import { astroSmoothActionsConfig } from "fujocoded:astro-smooth-actions/config";
+
+//#region src/input.ts
+const normalizeFieldName = (fieldName) => fieldName.toLowerCase().replace(/[^a-z0-9]/g, "");
+const isExcludedFieldName = (fieldName) => {
+	const normalized = normalizeFieldName(fieldName);
+	return astroSmoothActionsConfig.input.excludeFields.some((excludedField) => normalized === normalizeFieldName(excludedField));
+};
+const readInputControlValues = (formData) => formData.getAll(ACTION_INPUT_CONTROL).filter((value) => typeof value === "string").map((value) => value.trim()).filter(Boolean);
+const parseOmittedFields = (controlValues) => {
+	const omittedFields = /* @__PURE__ */ new Set();
+	controlValues.forEach((value) => {
+		if (value.toLowerCase() === ACTION_INPUT_NONE) return;
+		value.split(",").map((fieldName) => fieldName.trim()).filter(Boolean).forEach((fieldName) => omittedFields.add(fieldName));
+	});
+	return omittedFields;
+};
+const shouldHideFieldValue = ({ fieldName, omittedFields }) => omittedFields.has(fieldName) || isExcludedFieldName(fieldName);
+const isInputStorageEnabledForForm = (controlValues) => !controlValues.some((value) => value.toLowerCase() === ACTION_INPUT_NONE);
+const stripActionPrefix = (name) => name.replace(/^actions\./, "");
+const isInputStorageEnabledForAction = (actionName) => !astroSmoothActionsConfig.input.excludeActions.map(stripActionPrefix).includes(stripActionPrefix(actionName));
+const readPersistableActionInput = async (request) => {
+	try {
+		const formData = await request.clone().formData();
+		const inputControlValues = readInputControlValues(formData);
+		if (!isInputStorageEnabledForForm(inputControlValues)) return;
+		const omittedFields = parseOmittedFields(inputControlValues);
+		const input = {};
+		formData.forEach((value, key) => {
+			if (key === ACTION_INPUT_CONTROL) return;
+			if (shouldHideFieldValue({
+				fieldName: key,
+				omittedFields
+			})) {
+				input[key] = null;
+				return;
+			}
+			const currentValue = input[key];
+			if (typeof value !== "string") {
+				if (currentValue === void 0) input[key] = null;
+				return;
+			}
+			if (currentValue === void 0 || currentValue === null) {
+				input[key] = value;
+				return;
+			}
+			input[key] = Array.isArray(currentValue) ? [...currentValue, value] : [currentValue, value];
+		});
+		if (Object.keys(input).length === 0) return;
+		return input;
+	} catch {
+		return;
+	}
+};
+
+//#endregion
+export { isInputStorageEnabledForAction, readPersistableActionInput };

package/dist/middleware.d.ts

@@ -0,0 +1,28 @@
+import { ActionInput } from "./input.js";
+import { MiddlewareHandler } from "astro";
+
+//#region src/middleware.d.ts
+declare function getActionInput({
+  locals,
+  action
+}: {
+  locals: App.Locals;
+  action: {
+    queryString?: string;
+  };
+}): ActionInput | undefined;
+/**
+ * Runs the POST/Redirect/GET flow for form actions.
+ *
+ * Three paths through a request:
+ *
+ * - Returning GET (our cookie is set) => restore the stored result and input,
+ *   clear the cookie and session entry, then continue
+ * - Form action POST => run the action, store its result and form fields, then
+ *   redirect to a clean page (the page they came from on error, otherwise the
+ *   current path)
+ * - Anything else => continue untouched
+ */
+declare const onRequest: MiddlewareHandler;
+//#endregion
+export { getActionInput, middleware_d_exports, onRequest };

package/dist/middleware.js

@@ -0,0 +1,134 @@
+import { isInputStorageEnabledForAction, readPersistableActionInput } from "./input.js";
+import { ACTION_QUERY_PARAMS, getActionContext } from "astro:actions";
+
+//#region src/middleware.ts
+const getActionName = (action) => {
+	const queryString = "queryString" in action ? action.queryString : void 0;
+	if (typeof queryString !== "string") return void 0;
+	return new URLSearchParams(queryString.replace(/^\?/, "")).get(ACTION_QUERY_PARAMS.actionName) ?? void 0;
+};
+function getActionInput({ locals, action }) {
+	const lastAction = locals.lastAction;
+	if (!lastAction || lastAction.name !== getActionName(action)) return;
+	return lastAction.input;
+}
+const ACTION_SESSION_COOKIE = "astro-smooth-action-session";
+const ACTION_SESSION_TTL_SECONDS = 60;
+const getSessionKey = (sessionId) => `smooth-actions:${sessionId}`;
+const clearActionSessionCookie = (context) => {
+	context.cookies.delete(ACTION_SESSION_COOKIE, { path: "/" });
+};
+const getSafeRefererPath = (context) => {
+	const referer = context.request.headers.get("Referer");
+	if (!referer) return context.originPathname;
+	try {
+		const refererUrl = new URL(referer);
+		if (refererUrl.origin !== context.url.origin) return context.originPathname;
+		return `${refererUrl.pathname}${refererUrl.search}${refererUrl.hash}`;
+	} catch {
+		return context.originPathname;
+	}
+};
+const isActionSessionEntry = (stored) => {
+	if (!stored || typeof stored !== "object") return false;
+	const candidate = stored;
+	if (typeof candidate.name !== "string") return false;
+	if (candidate.result === void 0) return false;
+	if (candidate.input === void 0) return true;
+	return typeof candidate.input === "object" && candidate.input !== null && !Array.isArray(candidate.input);
+};
+const readStoredAction = async ({ session, sessionId }) => {
+	try {
+		const stored = await session.get(getSessionKey(sessionId));
+		if (isActionSessionEntry(stored)) return stored;
+	} catch {
+		return;
+	}
+};
+const deleteStoredAction = ({ session, sessionId }) => {
+	try {
+		session.delete(getSessionKey(sessionId));
+	} catch {}
+};
+const writeStoredAction = ({ context, actionName, result, input }) => {
+	if (!context.session) return void 0;
+	const newSessionId = crypto.randomUUID();
+	try {
+		context.session.set(getSessionKey(newSessionId), {
+			name: actionName,
+			result,
+			input
+		});
+		context.cookies.set(ACTION_SESSION_COOKIE, newSessionId, {
+			path: "/",
+			httpOnly: true,
+			sameSite: "lax",
+			maxAge: ACTION_SESSION_TTL_SECONDS
+		});
+		return newSessionId;
+	} catch {
+		return;
+	}
+};
+const hasActionHelpers = (actionContext) => typeof actionContext.setActionResult === "function" && typeof actionContext.serializeActionResult === "function";
+const hasActionError = (result) => typeof result === "object" && result !== null && "error" in result;
+/**
+* Runs the POST/Redirect/GET flow for form actions.
+*
+* Three paths through a request:
+*
+* - Returning GET (our cookie is set) => restore the stored result and input,
+*   clear the cookie and session entry, then continue
+* - Form action POST => run the action, store its result and form fields, then
+*   redirect to a clean page (the page they came from on error, otherwise the
+*   current path)
+* - Anything else => continue untouched
+*/
+const onRequest = async (context, next) => {
+	if (context.isPrerendered) return next();
+	const actionContext = getActionContext(context);
+	const { action } = actionContext;
+	const canPersist = hasActionHelpers(actionContext);
+	if (!context.session) {
+		clearActionSessionCookie(context);
+		return next();
+	}
+	const sessionId = context.cookies.get(ACTION_SESSION_COOKIE)?.value;
+	if (sessionId) {
+		const stored = await readStoredAction({
+			session: context.session,
+			sessionId
+		});
+		clearActionSessionCookie(context);
+		deleteStoredAction({
+			session: context.session,
+			sessionId
+		});
+		if (stored && canPersist) {
+			actionContext.setActionResult(stored.name, stored.result);
+			if (stored.input !== void 0) context.locals.lastAction = {
+				name: stored.name,
+				input: stored.input
+			};
+			return next();
+		}
+		return next();
+	}
+	if (action?.calledFrom === "form" && canPersist) {
+		const { serializeActionResult } = actionContext;
+		const input = isInputStorageEnabledForAction(action.name) ? await readPersistableActionInput(context.request) : void 0;
+		const result = await action.handler();
+		const serializedResult = serializeActionResult(result);
+		if (writeStoredAction({
+			context,
+			actionName: action.name,
+			result: serializedResult,
+			input
+		}) === void 0) return next();
+		return context.redirect(hasActionError(result) ? getSafeRefererPath(context) : context.originPathname);
+	}
+	return next();
+};
+
+//#endregion
+export { getActionInput, onRequest };

package/dist/types.d.ts

@@ -0,0 +1,6 @@
+//#region src/types.d.ts
+declare module "astro:actions" {
+  export * from "astro/actions/runtime/server.js";
+}
+//#endregion
+export {};

package/package.json

@@ -0,0 +1,51 @@
+{
+  "name": "@fujocoded/astro-smooth-actions",
+  "version": "0.0.0",
+  "description": "An Astro integration for smooth action handling",
+  "keywords": [
+    "astro-integration",
+    "withastro"
+  ],
+  "license": "MIT",
+  "author": "FujoCoded LLC",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/fujowebdev/fujocoded-plugins.git"
+  },
+  "files": [
+    "dist",
+    "LICENSE",
+    "README.md",
+    "package.json"
+  ],
+  "type": "module",
+  "sideEffects": false,
+  "main": "dist/index.js",
+  "module": "dist/index.js",
+  "exports": {
+    ".": {
+      "import": {
+        "types": "./dist/index.d.ts",
+        "default": "./dist/index.js"
+      }
+    }
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "build": "tsdown",
+    "test": "vitest run",
+    "test:e2e": "playwright test",
+    "typecheck": "tsc --noEmit",
+    "validate": " npx publint"
+  },
+  "devDependencies": {
+    "@playwright/test": "^1.61.0",
+    "@types/node": "^22.19.21",
+    "astro": "^5.0.0",
+    "glob": "^13.0.6",
+    "tsdown": "^0.14.1",
+    "vitest": "^3.2.4"
+  }
+}