@nuxt/scripts 1.0.0-beta.1 → 1.0.0-beta.13

package/dist/runtime/server/proxy-handler.js

@@ -0,0 +1,264 @@
+import { useRuntimeConfig } from "#imports";
+import { createError, defineEventHandler, getHeaders, getQuery, getRequestIP, getRequestWebStream, readBody, setResponseHeader } from "h3";
+import { useNitroApp } from "nitropack/runtime";
+import {
+  anonymizeIP,
+  mergePrivacy,
+  normalizeLanguage,
+  normalizeUserAgent,
+  resolvePrivacy,
+  SENSITIVE_HEADERS,
+  stripPayloadFingerprinting
+} from "./utils/privacy.js";
+function stripQueryFingerprinting(query, privacy) {
+  const stripped = stripPayloadFingerprinting(query, privacy);
+  const params = new URLSearchParams();
+  for (const [key, value] of Object.entries(stripped)) {
+    if (value !== void 0 && value !== null) {
+      params.set(key, typeof value === "object" ? JSON.stringify(value) : String(value));
+    }
+  }
+  return params.toString();
+}
+export default defineEventHandler(async (event) => {
+  const config = useRuntimeConfig();
+  const nitro = useNitroApp();
+  const proxyConfig = config["nuxt-scripts-proxy"];
+  if (!proxyConfig) {
+    throw createError({
+      statusCode: 500,
+      statusMessage: "First-party proxy not configured"
+    });
+  }
+  const { routes, privacy: globalPrivacy, routePrivacy, debug = import.meta.dev } = proxyConfig;
+  const path = event.path;
+  const log = debug ? (message, ...args) => {
+    console.debug(message, ...args);
+  } : () => {
+  };
+  let targetBase;
+  let matchedPrefix;
+  let matchedRoutePattern;
+  const sortedRoutes = Object.entries(routes).sort((a, b) => b[0].length - a[0].length);
+  for (const [routePattern, target] of sortedRoutes) {
+    const prefix = routePattern.replace(/\/\*\*$/, "");
+    if (path.startsWith(prefix)) {
+      targetBase = target.replace(/\/\*\*$/, "");
+      matchedPrefix = prefix;
+      matchedRoutePattern = routePattern;
+      log("[proxy] Matched:", prefix, "->", targetBase);
+      break;
+    }
+  }
+  if (!targetBase || !matchedPrefix || !matchedRoutePattern) {
+    log("[proxy] No match for path:", path);
+    throw createError({
+      statusCode: 404,
+      statusMessage: "No proxy route matched",
+      message: `No proxy target found for path: ${path}`
+    });
+  }
+  const perScriptInput = routePrivacy[matchedRoutePattern];
+  if (debug && perScriptInput === void 0) {
+    log("[proxy] WARNING: No privacy config for route", matchedRoutePattern, "\u2014 defaulting to full anonymization");
+  }
+  const perScriptResolved = resolvePrivacy(perScriptInput ?? true);
+  const privacy = globalPrivacy !== void 0 ? mergePrivacy(perScriptResolved, globalPrivacy) : perScriptResolved;
+  const anyPrivacy = privacy.ip || privacy.userAgent || privacy.language || privacy.screen || privacy.timezone || privacy.hardware;
+  const originalHeaders = getHeaders(event);
+  const contentType = originalHeaders["content-type"] || "";
+  const compressionParam = new URL(event.path, "http://localhost").searchParams.get("compression");
+  const isBinaryBody = Boolean(
+    originalHeaders["content-encoding"] || contentType.includes("octet-stream") || compressionParam && /gzip|deflate|br|compress|base64/i.test(compressionParam)
+  );
+  let targetPath = path.slice(matchedPrefix.length);
+  if (targetPath && !targetPath.startsWith("/")) {
+    targetPath = `/${targetPath}`;
+  }
+  let targetUrl = targetBase + targetPath;
+  if (anyPrivacy) {
+    const query = getQuery(event);
+    if (Object.keys(query).length > 0) {
+      const strippedQuery = stripQueryFingerprinting(query, privacy);
+      const basePath = targetUrl.split("?")[0] || targetUrl;
+      targetUrl = strippedQuery ? `${basePath}?${strippedQuery}` : basePath;
+    }
+  }
+  const headers = {};
+  for (const [key, value] of Object.entries(originalHeaders)) {
+    if (!value)
+      continue;
+    const lowerKey = key.toLowerCase();
+    if (SENSITIVE_HEADERS.includes(lowerKey))
+      continue;
+    if (lowerKey === "content-length") {
+      if (anyPrivacy && !isBinaryBody)
+        continue;
+      headers[lowerKey] = value;
+      continue;
+    }
+    if (lowerKey === "x-forwarded-for" || lowerKey === "x-real-ip" || lowerKey === "forwarded" || lowerKey === "cf-connecting-ip" || lowerKey === "true-client-ip" || lowerKey === "x-client-ip" || lowerKey === "x-cluster-client-ip") {
+      if (privacy.ip)
+        continue;
+      headers[lowerKey] = value;
+      continue;
+    }
+    if (lowerKey === "user-agent") {
+      headers[key] = privacy.userAgent ? normalizeUserAgent(value) : value;
+      continue;
+    }
+    if (lowerKey === "accept-language") {
+      headers[key] = privacy.language ? normalizeLanguage(value) : value;
+      continue;
+    }
+    if (lowerKey === "sec-ch-ua" || lowerKey === "sec-ch-ua-full-version-list") {
+      headers[lowerKey] = privacy.hardware ? value.replace(/;v="(\d+)\.[^"]*"/g, ';v="$1"') : value;
+      continue;
+    }
+    if (lowerKey === "sec-ch-ua-platform-version" || lowerKey === "sec-ch-ua-arch" || lowerKey === "sec-ch-ua-model" || lowerKey === "sec-ch-ua-bitness") {
+      if (privacy.hardware)
+        continue;
+      headers[lowerKey] = value;
+      continue;
+    }
+    headers[key] = value;
+  }
+  if (!headers["x-forwarded-for"]) {
+    const clientIP = getRequestIP(event, { xForwardedFor: true });
+    if (clientIP) {
+      if (privacy.ip) {
+        headers["x-forwarded-for"] = anonymizeIP(clientIP);
+      } else {
+        headers["x-forwarded-for"] = clientIP;
+      }
+    }
+  } else if (privacy.ip) {
+    headers["x-forwarded-for"] = headers["x-forwarded-for"].split(",").map((ip) => anonymizeIP(ip.trim())).join(", ");
+  }
+  let body;
+  let rawBody;
+  let passthroughBody = false;
+  const method = event.method?.toUpperCase();
+  const originalQuery = getQuery(event);
+  const isWriteMethod = method === "POST" || method === "PUT" || method === "PATCH";
+  if (isWriteMethod) {
+    if (isBinaryBody || !anyPrivacy) {
+      passthroughBody = true;
+    } else {
+      rawBody = await readBody(event);
+      if (rawBody != null) {
+        if (Array.isArray(rawBody)) {
+          body = rawBody.map(
+            (item) => item && typeof item === "object" && !Array.isArray(item) ? stripPayloadFingerprinting(item, privacy) : item
+          );
+        } else if (typeof rawBody === "object") {
+          body = stripPayloadFingerprinting(rawBody, privacy);
+        } else if (typeof rawBody === "string") {
+          if (rawBody.startsWith("{") || rawBody.startsWith("[")) {
+            let parsed = null;
+            try {
+              parsed = JSON.parse(rawBody);
+            } catch {
+            }
+            if (Array.isArray(parsed)) {
+              body = parsed.map(
+                (item) => item && typeof item === "object" && !Array.isArray(item) ? stripPayloadFingerprinting(item, privacy) : item
+              );
+            } else if (parsed && typeof parsed === "object") {
+              body = stripPayloadFingerprinting(parsed, privacy);
+            } else {
+              body = rawBody;
+            }
+          } else if (contentType.includes("application/x-www-form-urlencoded")) {
+            const params = new URLSearchParams(rawBody);
+            const obj = {};
+            params.forEach((value, key) => {
+              obj[key] = value;
+            });
+            const stripped = stripPayloadFingerprinting(obj, privacy);
+            const stringified = {};
+            for (const [k, v] of Object.entries(stripped)) {
+              if (v === void 0 || v === null)
+                continue;
+              stringified[k] = typeof v === "string" ? v : JSON.stringify(v);
+            }
+            body = new URLSearchParams(stringified).toString();
+          } else {
+            body = rawBody;
+          }
+        } else {
+          body = rawBody;
+        }
+      }
+    }
+  }
+  await nitro.hooks.callHook("nuxt-scripts:proxy", {
+    timestamp: Date.now(),
+    path: event.path,
+    targetUrl,
+    method: method || "GET",
+    privacy,
+    passthroughBody,
+    original: {
+      headers: { ...originalHeaders },
+      query: originalQuery,
+      body: passthroughBody ? "<passthrough>" : rawBody ?? null
+    },
+    stripped: {
+      headers,
+      query: anyPrivacy ? stripPayloadFingerprinting(originalQuery, privacy) : originalQuery,
+      body: passthroughBody ? "<passthrough>" : body ?? null
+    }
+  });
+  log("[proxy] Fetching:", targetUrl);
+  const controller = new AbortController();
+  const timeoutId = setTimeout(() => controller.abort(), 15e3);
+  let fetchBody;
+  if (passthroughBody) {
+    fetchBody = getRequestWebStream(event);
+  } else if (body !== void 0) {
+    fetchBody = typeof body === "string" ? body : JSON.stringify(body);
+  }
+  let response;
+  try {
+    response = await fetch(targetUrl, {
+      method: method || "GET",
+      headers,
+      body: fetchBody,
+      credentials: "omit",
+      // Don't send cookies to third parties
+      signal: controller.signal,
+      // @ts-expect-error Node fetch supports duplex for streaming request bodies
+      duplex: passthroughBody ? "half" : void 0
+    });
+  } catch (err) {
+    clearTimeout(timeoutId);
+    log("[proxy] Fetch error:", err instanceof Error ? err.message : err);
+    if (path.includes("/collect") || path.includes("/tr") || path.includes("/events")) {
+      event.node.res.statusCode = 204;
+      return "";
+    }
+    const isTimeout = err instanceof Error && (err.message.includes("aborted") || err.message.includes("timeout"));
+    throw createError({
+      statusCode: isTimeout ? 504 : 502,
+      statusMessage: isTimeout ? "Upstream timeout" : "Bad Gateway",
+      message: "Failed to reach upstream"
+    });
+  }
+  clearTimeout(timeoutId);
+  log("[proxy] Response:", response.status, response.statusText);
+  const skipHeaders = ["set-cookie", "transfer-encoding", "content-encoding", "content-length"];
+  response.headers.forEach((value, key) => {
+    if (!skipHeaders.includes(key.toLowerCase())) {
+      setResponseHeader(event, key, value);
+    }
+  });
+  event.node.res.statusCode = response.status;
+  event.node.res.statusMessage = response.statusText;
+  const responseContentType = response.headers.get("content-type") || "";
+  const isTextContent = responseContentType.includes("text") || responseContentType.includes("javascript") || responseContentType.includes("json");
+  if (isTextContent) {
+    return await response.text();
+  }
+  return Buffer.from(await response.arrayBuffer());
+});

package/dist/runtime/server/utils/privacy.d.ts

@@ -0,0 +1,141 @@
+/**
+ * Granular privacy controls for the first-party proxy.
+ * Each flag controls both headers AND body/query params for its domain.
+ */
+export interface ProxyPrivacy {
+    /** Anonymize IP (headers + body). When false, real IP is forwarded via x-forwarded-for. */
+    ip?: boolean;
+    /** Normalize User-Agent (headers + body) */
+    userAgent?: boolean;
+    /** Normalize Accept-Language (headers + body) */
+    language?: boolean;
+    /** Generalize screen resolution, viewport, hardware concurrency, device memory */
+    screen?: boolean;
+    /** Generalize timezone offset and IANA timezone names */
+    timezone?: boolean;
+    /** Anonymize hardware fingerprints: canvas/webgl/audio, plugins/fonts, browser versions, device info */
+    hardware?: boolean;
+}
+/**
+ * Privacy input: `true` = full anonymize, `false` = passthrough (still strips sensitive headers),
+ * or a `ProxyPrivacy` object for granular control (unset flags default to `false` — opt-in).
+ */
+export type ProxyPrivacyInput = boolean | ProxyPrivacy | null;
+/** Resolved privacy with all flags explicitly set. */
+export type ResolvedProxyPrivacy = Required<ProxyPrivacy>;
+/**
+ * Normalize a privacy input to a fully-resolved object.
+ * Privacy is opt-in: unset object flags default to `false`.
+ * Each script in the registry explicitly sets all flags for its needs.
+ * - `true` → all flags true (full anonymize)
+ * - `false` / `undefined` → all flags false (passthrough)
+ * - `{ ip: true, hardware: true }` → only those active, rest off
+ */
+export declare function resolvePrivacy(input?: ProxyPrivacyInput): ResolvedProxyPrivacy;
+/**
+ * Merge privacy settings: `override` fields take precedence over `base` field-by-field.
+ * When `override` is undefined, returns `base` unchanged.
+ * When `override` is a boolean, it fully replaces `base`.
+ * When `override` is an object, only explicitly-set fields override.
+ */
+export declare function mergePrivacy(base: ResolvedProxyPrivacy, override?: ProxyPrivacyInput): ResolvedProxyPrivacy;
+/**
+ * Headers that reveal user IP address - stripped in proxy mode,
+ * anonymized in anonymize mode.
+ */
+export declare const IP_HEADERS: string[];
+/**
+ * Headers that enable fingerprinting - normalized in anonymize mode.
+ */
+export declare const FINGERPRINT_HEADERS: string[];
+/**
+ * Sensitive headers that should never be forwarded to third parties.
+ */
+export declare const SENSITIVE_HEADERS: string[];
+/**
+ * Payload parameters relevant to privacy.
+ *
+ * Note: userId and userData are intentionally NOT modified by stripPayloadFingerprinting.
+ * Analytics services require user identifiers (cid, uid, fbp, etc.) and user data (ud, email)
+ * to function correctly. These are listed here for documentation and param-detection tests only.
+ * The privacy model anonymizes device/browser fingerprinting while preserving user-level analytics IDs.
+ */
+export declare const STRIP_PARAMS: {
+    ip: string[];
+    userId: string[];
+    userData: string[];
+    screen: string[];
+    hardware: string[];
+    platform: string[];
+    version: string[];
+    browserVersion: string[];
+    browserData: string[];
+    location: string[];
+    canvas: string[];
+    deviceInfo: string[];
+};
+/**
+ * Parameters that should be normalized (not stripped).
+ */
+export declare const NORMALIZE_PARAMS: {
+    language: string[];
+    userAgent: string[];
+};
+/**
+ * Anonymize an IP address by zeroing trailing segments.
+ */
+export declare function anonymizeIP(ip: string): string;
+/**
+ * Normalize User-Agent to browser family and major version only.
+ */
+export declare function normalizeUserAgent(ua: string): string;
+/**
+ * Normalize Accept-Language to primary language tag (preserving country).
+ * "en-US,en;q=0.9,fr;q=0.8" → "en-US"
+ */
+export declare function normalizeLanguage(lang: string): string;
+/**
+ * Generalize screen resolution to 3 coarse device-class buckets (mobile / tablet / desktop).
+ * Handles both combined "WxH" strings and individual dimension values (sh, sw).
+ *
+ * When `dimension` is specified, uses the correct bucket for that axis:
+ *   - 'width': [1920, 768, 360]
+ *   - 'height': [1080, 1024, 640]
+ * Without `dimension`, individual values use width thresholds (backward-compatible).
+ */
+export declare function generalizeScreen(value: unknown, dimension?: 'width' | 'height'): string | number;
+/**
+ * Generalize hardware concurrency / device memory to common bucket.
+ */
+export declare function generalizeHardware(value: unknown): number;
+/**
+ * Generalize a version string to major version, preserving the original format.
+ * "6.17.0" → "6.0.0", "143.0.7499.4" → "143.0.0.0"
+ */
+export declare function generalizeVersion(value: unknown): string;
+/**
+ * Generalize browser version list to major versions, preserving segment count.
+ * Handles Snapchat d_bvs format: [,{"brand":"Chrome","version":"143.0.7499.4"}...]
+ * Handles GA uafvl format: HeadlessChrome;143.0.7499.4|Chromium;143.0.7499.4|...
+ */
+export declare function generalizeBrowserVersions(value: unknown): string;
+/**
+ * Generalize timezone to reduce precision.
+ * IANA names → UTC offset string, numeric offsets → bucketed to 3-hour intervals.
+ */
+export declare function generalizeTimezone(value: unknown): string | number;
+/**
+ * Anonymize a combined device-info string (e.g. X/Twitter `dv` param).
+ * Parses the delimited string and generalizes fingerprinting components
+ * (timezone, language, screen dimensions) while keeping low-entropy values.
+ */
+export declare function anonymizeDeviceInfo(value: string): string;
+/**
+ * Recursively anonymize fingerprinting data in payload.
+ * Fields are generalized or normalized rather than stripped, so endpoints
+ * still receive valid data with reduced fingerprinting precision.
+ *
+ * When `privacy` is provided, only categories with their flag set to `true` are processed.
+ * Default (no arg) = all categories active, so existing callers work unchanged.
+ */
+export declare function stripPayloadFingerprinting(payload: Record<string, unknown>, privacy?: ResolvedProxyPrivacy): Record<string, unknown>;