@rangojs/router 0.0.0-experimental.18 → 0.0.0-experimental.19

package/src/rsc/handler.ts

@@ -38,6 +38,8 @@ import {
   createReverseFunction,
   stripInternalParams,
 } from "../router/handler-context.js";
+import { getRouterContext } from "../router/router-context.js";
+import { resolveSink, safeEmit } from "../router/telemetry.js";
 import { contextSet } from "../context-var.js";
 import {
   hasCachedManifest,
@@ -50,9 +52,20 @@ import {
 import type { HandlerContext } from "./handler-context.js";
 import { buildRouterTrieFromUrlpatterns } from "./manifest-init.js";
 import { handleProgressiveEnhancement } from "./progressive-enhancement.js";
-import { handleServerAction } from "./server-action.js";
+import {
+  executeServerAction,
+  revalidateAfterAction,
+  type ActionContinuation,
+} from "./server-action.js";
 import { handleLoaderFetch } from "./loader-fetch.js";
+import { checkRequestOrigin, type OriginCheckPhase } from "./origin-guard.js";
 import { handleRscRendering } from "./rsc-rendering.js";
+import {
+  withTimeout,
+  RouterTimeoutError,
+  createDefaultTimeoutResponse,
+  type TimeoutPhase,
+} from "../router/timeout.js";
 
 /**
  * Create an RSC request handler.
@@ -109,13 +122,11 @@ export function createRSCHandler<
     options.loadSSRModule ??
     (() => import.meta.viteRsc.loadModule("ssr", "index"));
 
-  // Track errors already reported to onError to prevent double-reporting
-  // when errors are caught by a phase-specific handler and re-thrown.
-  const reportedErrors = new WeakSet<object>();
-
   /**
-   * Wrapper for invokeOnError that binds the router's onError callback.
-   * Uses the shared utility from router/error-handling.ts for consistent behavior.
+   * Per-request error reporter that deduplicates via the ALS request context.
+   *
+   * Uses the same _reportedErrors WeakSet as the router layer so errors
+   * that propagate across layers are only reported once per request.
    */
   function callOnError(
     error: unknown,
@@ -123,6 +134,7 @@ export function createRSCHandler<
     context: Parameters<typeof invokeOnError<TEnv>>[3],
   ): void {
     if (error != null && typeof error === "object") {
+      const reportedErrors = requireRequestContext()._reportedErrors;
       if (reportedErrors.has(error)) return;
       reportedErrors.add(error);
     }
@@ -139,6 +151,72 @@ export function createRSCHandler<
     return routeMap;
   }
 
+  /**
+   * Handle a timeout by reporting the error, emitting telemetry,
+   * and returning either the custom onTimeout response or a default 504.
+   */
+  async function handleTimeoutResponse(
+    request: Request,
+    env: TEnv,
+    url: URL,
+    phase: TimeoutPhase,
+    durationMs: number,
+    routeKey?: string,
+    actionId?: string,
+  ): Promise<Response> {
+    const timeoutError = new RouterTimeoutError(phase, durationMs);
+
+    callOnError(timeoutError, phase === "action" ? "action" : "handler", {
+      request,
+      url,
+      env,
+      routeKey,
+      actionId,
+      handledByBoundary: false,
+      metadata: { timeout: true, phase, durationMs },
+    });
+
+    try {
+      const routerCtx = getRouterContext();
+      if (routerCtx?.telemetry) {
+        safeEmit(resolveSink(routerCtx.telemetry), {
+          type: "request.timeout" as const,
+          timestamp: performance.now(),
+          requestId: routerCtx.requestId,
+          phase,
+          pathname: url.pathname,
+          routeKey,
+          actionId,
+          durationMs,
+          customHandler: !!router.onTimeout,
+        });
+      }
+    } catch {
+      // Router context may not be available
+    }
+
+    if (router.onTimeout) {
+      try {
+        return await router.onTimeout({
+          phase,
+          request,
+          url,
+          env,
+          routeKey,
+          actionId,
+          durationMs,
+        });
+      } catch (e) {
+        if (process.env.NODE_ENV !== "production") {
+          console.error("[RSC] onTimeout callback error:", e);
+        }
+        return createDefaultTimeoutResponse(phase);
+      }
+    }
+
+    return createDefaultTimeoutResponse(phase);
+  }
+
   /**
    * Build a 200 Flight response that carries a redirect URL and optional state.
    * Used when a partial/action request results in a redirect -- fetch
@@ -163,7 +241,8 @@ export function createRSCHandler<
     });
   }
 
-  // Bundle shared dependencies for extracted handler functions
+  // Bundle shared dependencies for extracted handler functions.
+  // callOnError reads from ALS so it's inherently per-request scoped.
   const handlerCtx: HandlerContext<TEnv> = {
     router,
     version,
@@ -177,6 +256,11 @@ export function createRSCHandler<
     callOnError,
     getRequiredRouteMap,
     createRedirectFlightResponse,
+    resolveStreamMode: async (request, env, url) => {
+      const resolver = router.ssr?.resolveStreaming;
+      if (!resolver) return "stream";
+      return resolver({ request, env, url });
+    },
   };
 
   return async function handler(
@@ -283,9 +367,6 @@ export function createRSCHandler<
     }
     const manifestCacheDur = performance.now() - manifestCacheStart;
 
-    // Note: Route map for useHref() is loaded lazily via getGlobalRouteMap()
-    // This allows it to include all routes from lazy includes after manifest loading
-
     // Create unified request context with all methods
     // Includes: stub response, handle store, loader memoization, use(), cookies, headers, cache store
     // params starts empty, populated after route matching via setRequestContextParams
@@ -296,9 +377,23 @@ export function createRSCHandler<
       url,
       variables,
       cacheStore,
+      cacheProfiles: router.cacheProfiles,
       executionContext: executionCtx,
       themeConfig: router.themeConfig,
     });
+    // Wire background error reporting so "use cache" and other subsystems
+    // can surface non-fatal errors through the router's onError callback.
+    requestContext._reportBackgroundError = (
+      error: unknown,
+      category: string,
+    ) => {
+      callOnError(error, "cache", {
+        request,
+        url,
+        metadata: { category },
+      });
+    };
+
     const ctxCreateDur = performance.now() - ctxCreateStart;
 
     // Accumulate handler-level timing for Server-Timing header
@@ -337,7 +432,10 @@ export function createRSCHandler<
           createReverseFunction(getRequiredRouteMap()),
         );
 
-        if (url.searchParams.has("_rsc_partial")) {
+        if (
+          url.searchParams.has("_rsc_partial") ||
+          url.searchParams.has("_rsc_action")
+        ) {
           const intercepted = interceptRedirectForPartial(
             mwResponse,
             createRedirectFlightResponse,
@@ -360,7 +458,6 @@ export function createRSCHandler<
     variables: Record<string, any>,
     nonce: string | undefined,
   ): Promise<Response> {
-    // First, check for route-level middleware
     const previewStart = performance.now();
     const preview = await router.previewMatch(request, { env });
     const previewDur = performance.now() - previewStart;
@@ -368,18 +465,209 @@ export function createRSCHandler<
     handlerTiming.push(`handler-preview-match;dur=${previewDur.toFixed(2)}`);
     // Response route short-circuit: skip entire RSC pipeline
     if (preview?.responseType && preview.handler) {
-      return handleResponseRoute(
-        handlerCtx,
-        preview as ResponseRouteMatch,
+      const responseOutcome = await withTimeout(
+        handleResponseRoute(
+          handlerCtx,
+          preview as ResponseRouteMatch,
+          request,
+          env,
+          url,
+          variables,
+        ),
+        router.timeouts.renderStartMs,
+        "render-start",
+      );
+      if (responseOutcome.timedOut) {
+        return handleTimeoutResponse(
+          request,
+          env,
+          url,
+          "render-start",
+          responseOutcome.durationMs,
+          preview?.routeKey,
+        );
+      }
+      return responseOutcome.result;
+    }
+
+    const routeReverse = createReverseFunction(getRequiredRouteMap());
+
+    const isAction =
+      request.headers.has("rsc-action") || url.searchParams.has("_rsc_action");
+    const isLoaderFetch = url.searchParams.has("_rsc_loader");
+    const actionId =
+      request.headers.get("rsc-action") || url.searchParams.get("_rsc_action");
+
+    // Origin guard: reject cross-origin actions, loader fetches, and
+    // PE form submissions before any execution. Regular page navigations
+    // (GET without _rsc_loader/_rsc_action) are not affected.
+    const originPhase: OriginCheckPhase | null = isAction
+      ? "action"
+      : isLoaderFetch
+        ? "loader"
+        : request.method === "POST"
+          ? "pe-form"
+          : null;
+    if (originPhase) {
+      const originResult = await checkRequestOrigin(
         request,
+        url,
+        router.originCheck,
         env,
+        router.id,
+        originPhase,
+      );
+      if (originResult) {
+        const originError = new Error(
+          `Origin check rejected: ${request.headers.get("origin") ?? "none"} vs ${request.headers.get("host") ?? "none"}`,
+        );
+        originError.name = "OriginCheckError";
+
+        callOnError(originError, "origin", {
+          request,
+          url,
+          env,
+          handledByBoundary: false,
+          metadata: {
+            phase: originPhase,
+            origin: request.headers.get("origin"),
+            host: request.headers.get("host"),
+          },
+        });
+
+        try {
+          const routerCtx = getRouterContext();
+          if (routerCtx?.telemetry) {
+            safeEmit(resolveSink(routerCtx.telemetry), {
+              type: "request.origin-rejected" as const,
+              timestamp: performance.now(),
+              requestId: routerCtx.requestId,
+              method: request.method,
+              pathname: url.pathname,
+              phase: originPhase,
+              origin: request.headers.get("origin"),
+              host: request.headers.get("host"),
+            });
+          }
+        } catch {
+          // Router context may not be available
+        }
+
+        return originResult;
+      }
+    }
+
+    // Get handle store from request context
+    const handleStore = requireRequestContext()._handleStore;
+
+    // Wire up error reporting for late streaming-handle failures
+    // (LateHandlePushError: handle pushed after stream completion).
+    // Without this, these errors are only caught by React's error boundary
+    // and never reach the router's onError callback or telemetry.
+    handleStore.onError = (error: Error) => {
+      const reqCtx = requireRequestContext();
+      callOnError(error, "handler", {
+        request,
         url,
+        routeKey: reqCtx._routeName,
+        params: reqCtx.params as Record<string, string>,
+        handledByBoundary: true,
+      });
+      try {
+        const routerCtx = getRouterContext();
+        if (routerCtx?.telemetry) {
+          safeEmit(resolveSink(routerCtx.telemetry), {
+            type: "handler.error" as const,
+            timestamp: performance.now(),
+            requestId: routerCtx.requestId,
+            error,
+            handledByBoundary: true,
+            pathname: url.pathname,
+            routeKey: reqCtx._routeName,
+            params: reqCtx.params as Record<string, string>,
+          });
+        }
+      } catch {
+        // Router context may not be available (e.g. prerender path)
+      }
+    };
+
+    // Set route params early so all execution paths can access ctx.params.
+    if (preview?.params) {
+      setRequestContextParams(preview.params, preview.routeKey);
+    }
+
+    // Progressive enhancement runs before the normal action/render paths.
+    // Route middleware wraps the PE re-render so handlers see the same
+    // context variables regardless of JS/no-JS transport.
+    const progressiveResult = await handleProgressiveEnhancement(
+      handlerCtx,
+      request,
+      env,
+      url,
+      isAction,
+      handleStore,
+      nonce,
+      {
+        routeMiddleware: preview?.routeMiddleware,
         variables,
-      );
+        routeReverse,
+      },
+    );
+    if (progressiveResult) {
+      return progressiveResult;
+    }
+
+    // --- Action execution: runs BEFORE route middleware ---
+    // Route middleware wraps rendering only. For actions, the action runs
+    // first in the global middleware context, then route middleware wraps
+    // the revalidation pass (identical to a normal render).
+    let actionContinuation: ActionContinuation | undefined;
+    if (isAction && actionId) {
+      try {
+        const actionOutcome = await withTimeout(
+          executeServerAction(
+            handlerCtx,
+            request,
+            env,
+            url,
+            actionId,
+            handleStore,
+          ),
+          router.timeouts.actionMs,
+          "action",
+        );
+        if (actionOutcome.timedOut) {
+          return handleTimeoutResponse(
+            request,
+            env,
+            url,
+            "action",
+            actionOutcome.durationMs,
+            preview?.routeKey,
+            actionId,
+          );
+        }
+        const result = actionOutcome.result;
+        // Response means redirect or error boundary — done.
+        if (result instanceof Response) return result;
+        actionContinuation = result;
+      } catch (error) {
+        callOnError(error, "action", {
+          request,
+          url,
+          env,
+          actionId,
+          handledByBoundary: false,
+        });
+        console.error(`[RSC] Action error:`, error);
+        throw error;
+      }
     }
 
-    // Wrap RSC handler to append Vary: Accept on content-negotiated routes
-    const rscHandler = async () => {
+    // --- Rendering (action revalidation or navigation) ---
+    // Route middleware wraps this — same code path for both cases.
+    const renderHandler = async () => {
       const response = await coreRequestHandlerInner(
         request,
         env,
@@ -388,6 +676,8 @@ export function createRSCHandler<
         nonce,
         preview?.params,
         preview?.routeKey,
+        handleStore,
+        actionContinuation,
       );
       if (preview?.negotiated) {
         response.headers.append("Vary", "Accept");
@@ -395,32 +685,58 @@ export function createRSCHandler<
       return response;
     };
 
-    if (preview?.routeMiddleware && preview.routeMiddleware.length > 0) {
-      const mwResponse = await executeMiddleware(
-        buildRouteMiddlewareEntries<TEnv>(preview.routeMiddleware),
-        request,
-        env,
-        variables,
-        rscHandler,
-        createReverseFunction(getRequiredRouteMap()),
-      );
-
-      if (url.searchParams.has("_rsc_partial")) {
-        const intercepted = interceptRedirectForPartial(
-          mwResponse,
-          createRedirectFlightResponse,
+    // Wrap the render path (with or without route middleware) in a
+    // renderStartMs timeout so slow renders are caught before output.
+    const executeRender = async (): Promise<Response> => {
+      if (preview?.routeMiddleware && preview.routeMiddleware.length > 0) {
+        const mwResponse = await executeMiddleware(
+          buildRouteMiddlewareEntries<TEnv>(preview.routeMiddleware),
+          request,
+          env,
+          variables,
+          renderHandler,
+          routeReverse,
         );
-        if (intercepted) return intercepted;
+
+        if (
+          url.searchParams.has("_rsc_partial") ||
+          url.searchParams.has("_rsc_action")
+        ) {
+          const intercepted = interceptRedirectForPartial(
+            mwResponse,
+            createRedirectFlightResponse,
+          );
+          if (intercepted) return intercepted;
+        }
+
+        return finalizeResponse(mwResponse);
       }
 
-      return finalizeResponse(mwResponse);
-    }
+      // No route middleware, proceed directly
+      return renderHandler();
+    };
 
-    // No route middleware, proceed directly
-    return rscHandler();
+    const renderOutcome = await withTimeout(
+      executeRender(),
+      router.timeouts.renderStartMs,
+      "render-start",
+    );
+    if (renderOutcome.timedOut) {
+      return handleTimeoutResponse(
+        request,
+        env,
+        url,
+        "render-start",
+        renderOutcome.durationMs,
+        preview?.routeKey,
+      );
+    }
+    return renderOutcome.result;
   }
 
-  // Inner request handler (actual RSC logic, wrapped by route middleware if any)
+  // Inner request handler: rendering logic wrapped by route middleware.
+  // Handles action revalidation (when actionContinuation is present),
+  // loader fetches, and regular RSC rendering.
   async function coreRequestHandlerInner(
     request: Request,
     env: TEnv,
@@ -429,12 +745,12 @@ export function createRSCHandler<
     nonce: string | undefined,
     routeParams?: Record<string, string>,
     routeKey?: string,
+    handleStore?: ReturnType<typeof requireRequestContext>["_handleStore"],
+    actionContinuation?: ActionContinuation,
   ): Promise<Response> {
     const isPartial = url.searchParams.has("_rsc_partial");
     const isAction =
       request.headers.has("rsc-action") || url.searchParams.has("_rsc_action");
-    const actionId =
-      request.headers.get("rsc-action") || url.searchParams.get("_rsc_action");
 
     // Version mismatch detection - client may have stale code after HMR/deployment
     // If versions don't match, tell the client to reload
@@ -500,57 +816,27 @@ export function createRSCHandler<
       );
     }
 
-    // Get handle store from request context (created at start of request)
-    const handleStore = requireRequestContext()._handleStore;
+    const store = handleStore ?? requireRequestContext()._handleStore;
 
     try {
-      // Set route params early so all execution paths (progressive enhancement,
-      // server actions, loader fetches) can access ctx.params via getRequestContext().
-      // Previously this was only done for JS actions, leaving PE actions with empty params.
+      // Route params were already set in coreRequestHandler, but set again
+      // for callers that enter coreRequestHandlerInner directly.
       if (routeParams) {
         setRequestContextParams(routeParams, routeKey);
       }
 
       // ============================================================================
-      // PROGRESSIVE ENHANCEMENT: No-JS Form Submissions
-      // ============================================================================
-      const progressiveResult = await handleProgressiveEnhancement(
-        handlerCtx,
-        request,
-        env,
-        url,
-        isAction,
-        handleStore,
-        nonce,
-      );
-      if (progressiveResult) {
-        return progressiveResult;
-      }
-
-      // ============================================================================
-      // SERVER ACTION EXECUTION (JavaScript-enabled client)
+      // ACTION REVALIDATION (action already executed, revalidate segments)
       // ============================================================================
-      if (isAction && actionId) {
-        try {
-          return await handleServerAction(
-            handlerCtx,
-            request,
-            env,
-            url,
-            actionId,
-            handleStore,
-          );
-        } catch (error) {
-          callOnError(error, "action", {
-            request,
-            url,
-            env,
-            actionId,
-            handledByBoundary: false,
-          });
-          console.error(`[RSC] Action error:`, error);
-          throw error;
-        }
+      if (actionContinuation) {
+        return await revalidateAfterAction(
+          handlerCtx,
+          request,
+          env,
+          url,
+          store,
+          actionContinuation,
+        );
       }
 
       // ============================================================================
@@ -578,7 +864,7 @@ export function createRSCHandler<
         env,
         url,
         isPartial,
-        handleStore,
+        store,
         nonce,
       );
     } catch (error) {
@@ -652,7 +938,7 @@ export function createRSCHandler<
             diff: [],
             isPartial: false,
             rootLayout: router.rootLayout,
-            handles: handleStore.stream(),
+            handles: store.stream(),
             version,
             themeConfig: router.themeConfig,
             warmupEnabled: router.warmupEnabled,
@@ -679,8 +965,14 @@ export function createRSCHandler<
         }
 
         // Delegate to SSR for HTML response
-        const ssrModule = await loadSSRModule();
-        const htmlStream = await ssrModule.renderHTML(rscStream, { nonce });
+        const [ssrModule, streamMode] = await Promise.all([
+          loadSSRModule(),
+          handlerCtx.resolveStreamMode(request, env, url),
+        ]);
+        const htmlStream = await ssrModule.renderHTML(rscStream, {
+          nonce,
+          streamMode,
+        });
 
         return createResponseWithMergedHeaders(htmlStream, {
           status: 404,

package/src/rsc/helpers.ts

@@ -39,7 +39,9 @@ export function createResponseWithMergedHeaders(
     return new Response(body, init);
   }
 
-  // Merge headers from stub response into the new response
+  // Merge headers from stub response into the new response.
+  // Delete Set-Cookie from the stub after consuming so that downstream
+  // merge points (e.g. executeMiddleware) do not duplicate them.
   const mergedHeaders = new Headers(init.headers);
   ctx.res.headers.forEach((value, name) => {
     if (name.toLowerCase() === "set-cookie") {
@@ -49,6 +51,7 @@ export function createResponseWithMergedHeaders(
       mergedHeaders.set(name, value);
     }
   });
+  ctx.res.headers.delete("set-cookie");
 
   // Use ctx.res.status if it was set (e.g., 404 for notFound, 500 for error)
   // Otherwise use the status from init
@@ -86,6 +89,26 @@ export function createSimpleRedirectResponse(redirectUrl: string): Response {
   });
 }
 
+/**
+ * Carry over headers from a source redirect Response to a wrapper Response.
+ * Skips Location and X-RSC-Redirect (intentionally replaced by the wrapper)
+ * and appends Set-Cookie to avoid clobbering multiple cookie headers.
+ */
+export function carryOverRedirectHeaders(
+  source: Response,
+  target: Response,
+): void {
+  source.headers.forEach((value, name) => {
+    const lower = name.toLowerCase();
+    if (lower === "location" || lower === "x-rsc-redirect") return;
+    if (lower === "set-cookie") {
+      target.headers.append(name, value);
+    } else if (!target.headers.has(name)) {
+      target.headers.set(name, value);
+    }
+  });
+}
+
 /**
  * If a response is a 3xx redirect during a partial (client-side) request,
  * intercept it and return a Flight-compatible redirect instead.
@@ -114,21 +137,7 @@ export function interceptRedirectForPartial(
     intercepted = createSimpleRedirectResponse(redirectUrl);
   }
 
-  // Carry over headers from the original redirect response that are not
-  // already on the intercepted response. This preserves cookies and custom
-  // headers set by middleware before the redirect.
-  response.headers.forEach((value, name) => {
-    // Skip redirect-specific and already-handled headers.
-    // X-RSC-Redirect from the original 3xx carries "soft" which would
-    // collide with the intercepted response's redirect URL or Flight payload.
-    const lower = name.toLowerCase();
-    if (lower === "location" || lower === "x-rsc-redirect") return;
-    if (name.toLowerCase() === "set-cookie") {
-      intercepted.headers.append(name, value);
-    } else if (!intercepted.headers.has(name)) {
-      intercepted.headers.set(name, value);
-    }
-  });
+  carryOverRedirectHeaders(response, intercepted);
 
   return intercepted;
 }