@sveltejs/kit 1.0.0-next.44 → 1.0.0-next.442

package/src/runtime/server/utils.js

@@ -0,0 +1,116 @@
+import { HttpError } from '../../index/private.js';
+
+/** @param {any} body */
+export function is_pojo(body) {
+	if (typeof body !== 'object') return false;
+
+	if (body) {
+		if (body instanceof Uint8Array) return false;
+		if (body instanceof ReadableStream) return false;
+
+		// if body is a node Readable, throw an error
+		// TODO remove this for 1.0
+		if (body._readableState && typeof body.pipe === 'function') {
+			throw new Error('Node streams are no longer supported — use a ReadableStream instead');
+		}
+	}
+
+	return true;
+}
+
+/**
+ * Serialize an error into a JSON string through `error_to_pojo`.
+ * This is necessary because `JSON.stringify(error) === '{}'`
+ *
+ * @param {Error | HttpError} error
+ * @param {(error: Error) => string | undefined} get_stack
+ */
+export function serialize_error(error, get_stack) {
+	return JSON.stringify(error_to_pojo(error, get_stack));
+}
+
+/**
+ * Transform an error into a POJO, by copying its `name`, `message`
+ * and (in dev) `stack`, plus any custom properties, plus recursively
+ * serialized `cause` properties.
+ * Our own HttpError gets a meta property attached so we can identify it on the client.
+ *
+ * @param {HttpError | Error } error
+ * @param {(error: Error) => string | undefined} get_stack
+ */
+export function error_to_pojo(error, get_stack) {
+	if (error instanceof HttpError) {
+		return /** @type {import('./page/types').SerializedHttpError} */ ({
+			message: error.message,
+			status: error.status,
+			__is_http_error: true // TODO we should probably make this unnecessary
+		});
+	}
+
+	const {
+		name,
+		message,
+		stack,
+		// @ts-expect-error i guess typescript doesn't know about error.cause yet
+		cause,
+		...custom
+	} = error;
+
+	/** @type {Record<string, any>} */
+	const object = { name, message, stack: get_stack(error) };
+
+	if (cause) object.cause = error_to_pojo(cause, get_stack);
+
+	for (const key in custom) {
+		// @ts-expect-error
+		object[key] = custom[key];
+	}
+
+	return object;
+}
+
+// TODO: Remove for 1.0
+/** @param {Record<string, any>} mod */
+export function check_method_names(mod) {
+	['get', 'post', 'put', 'patch', 'del'].forEach((m) => {
+		if (m in mod) {
+			const replacement = m === 'del' ? 'DELETE' : m.toUpperCase();
+			throw Error(
+				`Endpoint method "${m}" has changed to "${replacement}". See https://github.com/sveltejs/kit/discussions/5359 for more information.`
+			);
+		}
+	});
+}
+
+/** @type {import('types').SSRErrorPage} */
+export const GENERIC_ERROR = {
+	id: '__error'
+};
+
+/**
+ * @param {Partial<Record<import('types').HttpMethod, any>>} mod
+ * @param {import('types').HttpMethod} method
+ */
+export function method_not_allowed(mod, method) {
+	return new Response(`${method} method not allowed`, {
+		status: 405,
+		headers: {
+			// https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/405
+			// "The server must generate an Allow header field in a 405 status code response"
+			allow: allowed_methods(mod).join(', ')
+		}
+	});
+}
+
+/** @param {Partial<Record<import('types').HttpMethod, any>>} mod */
+export function allowed_methods(mod) {
+	const allowed = [];
+
+	for (const method in ['GET', 'POST', 'PUT', 'PATCH', 'DELETE']) {
+		if (method in mod) allowed.push(method);
+	}
+
+	if (mod.GET || mod.HEAD) allowed.push('HEAD');
+
+	return allowed;
+}

package/src/utils/array.js

@@ -0,0 +1,9 @@
+/**
+ * Removes nullish values from an array.
+ *
+ * @template T
+ * @param {Array<T>} arr
+ */
+export function compact(arr) {
+	return arr.filter(/** @returns {val is NonNullable<T>} */ (val) => val != null);
+}

package/src/utils/error.js

@@ -0,0 +1,22 @@
+import { HttpError, Redirect } from '../index/private.js';
+
+/**
+ * @param {unknown} err
+ * @return {Error}
+ */
+export function coalesce_to_error(err) {
+	return err instanceof Error ||
+		(err && /** @type {any} */ (err).name && /** @type {any} */ (err).message)
+		? /** @type {Error} */ (err)
+		: new Error(JSON.stringify(err));
+}
+
+/**
+ * This is an identity function that exists to make TypeScript less
+ * paranoid about people throwing things that aren't errors, which
+ * frankly is not something we should care about
+ * @param {unknown} error
+ */
+export function normalize_error(error) {
+	return /** @type {Redirect | HttpError | Error} */ (error);
+}

package/src/utils/escape.js

@@ -0,0 +1,104 @@
+/**
+ * Inside a script element, only `</script` and `<!--` hold special meaning to the HTML parser.
+ *
+ * The first closes the script element, so everything after is treated as raw HTML.
+ * The second disables further parsing until `-->`, so the script element might be unexpectedly
+ * kept open until until an unrelated HTML comment in the page.
+ *
+ * U+2028 LINE SEPARATOR and U+2029 PARAGRAPH SEPARATOR are escaped for the sake of pre-2018
+ * browsers.
+ *
+ * @see tests for unsafe parsing examples.
+ * @see https://html.spec.whatwg.org/multipage/scripting.html#restrictions-for-contents-of-script-elements
+ * @see https://html.spec.whatwg.org/multipage/syntax.html#cdata-rcdata-restrictions
+ * @see https://html.spec.whatwg.org/multipage/parsing.html#script-data-state
+ * @see https://html.spec.whatwg.org/multipage/parsing.html#script-data-double-escaped-state
+ * @see https://github.com/tc39/proposal-json-superset
+ * @type {Record<string, string>}
+ */
+const render_json_payload_script_dict = {
+	'<': '\\u003C',
+	'\u2028': '\\u2028',
+	'\u2029': '\\u2029'
+};
+
+const render_json_payload_script_regex = new RegExp(
+	`[${Object.keys(render_json_payload_script_dict).join('')}]`,
+	'g'
+);
+
+/**
+ * Generates a raw HTML string containing a safe script element carrying JSON data and associated attributes.
+ *
+ * It escapes all the special characters needed to guarantee the element is unbroken, but care must
+ * be taken to ensure it is inserted in the document at an acceptable position for a script element,
+ * and that the resulting string isn't further modified.
+ *
+ * Attribute names must be type-checked so we don't need to escape them.
+ *
+ * @param {import('types').PayloadScriptAttributes} attrs A list of attributes to be added to the element.
+ * @param {any} payload The data to be carried by the element. Must be serializable to JSON.
+ * @returns {string} The raw HTML of a script element carrying the JSON payload.
+ * @example const html = render_json_payload_script({ type: 'data', url: '/data.json' }, { foo: 'bar' });
+ */
+export function render_json_payload_script(attrs, payload) {
+	const safe_payload = JSON.stringify(payload).replace(
+		render_json_payload_script_regex,
+		(match) => render_json_payload_script_dict[match]
+	);
+
+	let safe_attrs = '';
+	for (const [key, value] of Object.entries(attrs)) {
+		if (value === undefined) continue;
+		safe_attrs += ` sveltekit:data-${key}=${escape_html_attr(value)}`;
+	}
+
+	return `<script type="application/json"${safe_attrs}>${safe_payload}</script>`;
+}
+
+/**
+ * When inside a double-quoted attribute value, only `&` and `"` hold special meaning.
+ * @see https://html.spec.whatwg.org/multipage/parsing.html#attribute-value-(double-quoted)-state
+ * @type {Record<string, string>}
+ */
+const escape_html_attr_dict = {
+	'&': '&amp;',
+	'"': '&quot;'
+};
+
+const escape_html_attr_regex = new RegExp(
+	// special characters
+	`[${Object.keys(escape_html_attr_dict).join('')}]|` +
+		// high surrogate without paired low surrogate
+		'[\\ud800-\\udbff](?![\\udc00-\\udfff])|' +
+		// a valid surrogate pair, the only match with 2 code units
+		// we match it so that we can match unpaired low surrogates in the same pass
+		// TODO: use lookbehind assertions once they are widely supported: (?<![\ud800-udbff])[\udc00-\udfff]
+		'[\\ud800-\\udbff][\\udc00-\\udfff]|' +
+		// unpaired low surrogate (see previous match)
+		'[\\udc00-\\udfff]',
+	'g'
+);
+
+/**
+ * Formats a string to be used as an attribute's value in raw HTML.
+ *
+ * It escapes unpaired surrogates (which are allowed in js strings but invalid in HTML), escapes
+ * characters that are special in attributes, and surrounds the whole string in double-quotes.
+ *
+ * @param {string} str
+ * @returns {string} Escaped string surrounded by double-quotes.
+ * @example const html = `<tag data-value=${escape_html_attr('value')}>...</tag>`;
+ */
+export function escape_html_attr(str) {
+	const escaped_str = str.replace(escape_html_attr_regex, (match) => {
+		if (match.length === 2) {
+			// valid surrogate pair
+			return match;
+		}
+
+		return escape_html_attr_dict[match] ?? `&#${match.charCodeAt(0)};`;
+	});
+
+	return `"${escaped_str}"`;
+}

package/src/utils/filesystem.js

@@ -0,0 +1,108 @@
+import fs from 'fs';
+import path from 'path';
+
+/** @param {string} dir */
+export function mkdirp(dir) {
+	try {
+		fs.mkdirSync(dir, { recursive: true });
+	} catch (/** @type {any} */ e) {
+		if (e.code === 'EEXIST') return;
+		throw e;
+	}
+}
+
+/** @param {string} path */
+export function rimraf(path) {
+	fs.rmSync(path, { force: true, recursive: true });
+}
+
+/**
+ * @param {string} source
+ * @param {string} target
+ * @param {{
+ *   filter?: (basename: string) => boolean;
+ *   replace?: Record<string, string>;
+ * }} opts
+ */
+export function copy(source, target, opts = {}) {
+	if (!fs.existsSync(source)) return [];
+
+	/** @type {string[]} */
+	const files = [];
+
+	const prefix = posixify(target) + '/';
+
+	const regex = opts.replace
+		? new RegExp(`\\b(${Object.keys(opts.replace).join('|')})\\b`, 'g')
+		: null;
+
+	/**
+	 * @param {string} from
+	 * @param {string} to
+	 */
+	function go(from, to) {
+		if (opts.filter && !opts.filter(path.basename(from))) return;
+
+		const stats = fs.statSync(from);
+
+		if (stats.isDirectory()) {
+			fs.readdirSync(from).forEach((file) => {
+				go(path.join(from, file), path.join(to, file));
+			});
+		} else {
+			mkdirp(path.dirname(to));
+
+			if (opts.replace) {
+				const data = fs.readFileSync(from, 'utf-8');
+				fs.writeFileSync(
+					to,
+					data.replace(
+						/** @type {RegExp} */ (regex),
+						(_match, key) => /** @type {Record<string, string>} */ (opts.replace)[key]
+					)
+				);
+			} else {
+				fs.copyFileSync(from, to);
+			}
+
+			files.push(to === target ? posixify(path.basename(to)) : posixify(to).replace(prefix, ''));
+		}
+	}
+
+	go(source, target);
+
+	return files;
+}
+
+/**
+ * Get a list of all files in a directory
+ * @param {string} cwd - the directory to walk
+ * @param {boolean} [dirs] - whether to include directories in the result
+ */
+export function walk(cwd, dirs = false) {
+	/** @type {string[]} */
+	const all_files = [];
+
+	/** @param {string} dir */
+	function walk_dir(dir) {
+		const files = fs.readdirSync(path.join(cwd, dir));
+
+		for (const file of files) {
+			const joined = path.join(dir, file);
+			const stats = fs.statSync(path.join(cwd, joined));
+			if (stats.isDirectory()) {
+				if (dirs) all_files.push(joined);
+				walk_dir(joined);
+			} else {
+				all_files.push(joined);
+			}
+		}
+	}
+
+	return walk_dir(''), all_files;
+}
+
+/** @param {string} str */
+export function posixify(str) {
+	return str.replace(/\\/g, '/');
+}

package/src/utils/functions.js

@@ -0,0 +1,16 @@
+/**
+ * @template T
+ * @param {() => T} fn
+ */
+export function once(fn) {
+	let done = false;
+
+	/** @type T */
+	let result;
+
+	return () => {
+		if (done) return result;
+		done = true;
+		return (result = fn());
+	};
+}

package/src/utils/http.js

@@ -0,0 +1,55 @@
+/**
+ * Given an Accept header and a list of possible content types, pick
+ * the most suitable one to respond with
+ * @param {string} accept
+ * @param {string[]} types
+ */
+export function negotiate(accept, types) {
+	/** @type {Array<{ type: string, subtype: string, q: number, i: number }>} */
+	const parts = [];
+
+	accept.split(',').forEach((str, i) => {
+		const match = /([^/]+)\/([^;]+)(?:;q=([0-9.]+))?/.exec(str);
+
+		// no match equals invalid header — ignore
+		if (match) {
+			const [, type, subtype, q = '1'] = match;
+			parts.push({ type, subtype, q: +q, i });
+		}
+	});
+
+	parts.sort((a, b) => {
+		if (a.q !== b.q) {
+			return b.q - a.q;
+		}
+
+		if ((a.subtype === '*') !== (b.subtype === '*')) {
+			return a.subtype === '*' ? 1 : -1;
+		}
+
+		if ((a.type === '*') !== (b.type === '*')) {
+			return a.type === '*' ? 1 : -1;
+		}
+
+		return a.i - b.i;
+	});
+
+	let accepted;
+	let min_priority = Infinity;
+
+	for (const mimetype of types) {
+		const [type, subtype] = mimetype.split('/');
+		const priority = parts.findIndex(
+			(part) =>
+				(part.type === type || part.type === '*') &&
+				(part.subtype === subtype || part.subtype === '*')
+		);
+
+		if (priority !== -1 && priority < min_priority) {
+			accepted = mimetype;
+			min_priority = priority;
+		}
+	}
+
+	return accepted;
+}

package/src/utils/misc.js

@@ -0,0 +1 @@
+export const s = JSON.stringify;

package/src/utils/routing.js

@@ -0,0 +1,146 @@
+const param_pattern = /^(\.\.\.)?(\w+)(?:=(\w+))?$/;
+
+/** @param {string} id */
+export function parse_route_id(id) {
+	/** @type {string[]} */
+	const names = [];
+
+	/** @type {string[]} */
+	const types = [];
+
+	// `/foo` should get an optional trailing slash, `/foo.json` should not
+	// const add_trailing_slash = !/\.[a-z]+$/.test(key);
+	let add_trailing_slash = true;
+
+	if (/\]\[/.test(id)) {
+		throw new Error(`Invalid route ${id} — parameters must be separated`);
+	}
+
+	if (count_occurrences('[', id) !== count_occurrences(']', id)) {
+		throw new Error(`Invalid route ${id} — brackets are unbalanced`);
+	}
+
+	const pattern =
+		id === ''
+			? /^\/$/
+			: new RegExp(
+					`^${id
+						.split(/(?:\/|$)/)
+						.filter(affects_path)
+						.map((segment, i, segments) => {
+							const decoded_segment = decodeURIComponent(segment);
+							// special case — /[...rest]/ could contain zero segments
+							const match = /^\[\.\.\.(\w+)(?:=(\w+))?\]$/.exec(decoded_segment);
+							if (match) {
+								names.push(match[1]);
+								types.push(match[2]);
+								return '(?:/(.*))?';
+							}
+
+							const is_last = i === segments.length - 1;
+
+							return (
+								decoded_segment &&
+								'/' +
+									decoded_segment
+										.split(/\[(.+?)\]/)
+										.map((content, i) => {
+											if (i % 2) {
+												const match = param_pattern.exec(content);
+												if (!match) {
+													throw new Error(
+														`Invalid param: ${content}. Params and matcher names can only have underscores and alphanumeric characters.`
+													);
+												}
+
+												const [, rest, name, type] = match;
+												names.push(name);
+												types.push(type);
+												return rest ? '(.*?)' : '([^/]+?)';
+											}
+
+											if (is_last && content.includes('.')) add_trailing_slash = false;
+
+											return (
+												content // allow users to specify characters on the file system in an encoded manner
+													.normalize()
+													// We use [ and ] to denote parameters, so users must encode these on the file
+													// system to match against them. We don't decode all characters since others
+													// can already be epressed and so that '%' can be easily used directly in filenames
+													.replace(/%5[Bb]/g, '[')
+													.replace(/%5[Dd]/g, ']')
+													// '#', '/', and '?' can only appear in URL path segments in an encoded manner.
+													// They will not be touched by decodeURI so need to be encoded here, so
+													// that we can match against them.
+													// We skip '/' since you can't create a file with it on any OS
+													.replace(/#/g, '%23')
+													.replace(/\?/g, '%3F')
+													// escape characters that have special meaning in regex
+													.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')
+											); // TODO handle encoding
+										})
+										.join('')
+							);
+						})
+						.join('')}${add_trailing_slash ? '/?' : ''}$`
+			  );
+
+	return { pattern, names, types };
+}
+
+/**
+ * Returns `false` for `(group)` segments
+ * @param {string} segment
+ */
+export function affects_path(segment) {
+	return !/^\([^)]+\)$/.test(segment);
+}
+
+/**
+ * Turns a route ID into a path, if possible
+ * @param {string} id
+ */
+export function get_path(id) {
+	if (id.includes('[')) return null;
+	return `/${id.split('/').filter(affects_path).join('/')}`;
+}
+
+/**
+ * @param {RegExpMatchArray} match
+ * @param {string[]} names
+ * @param {string[]} types
+ * @param {Record<string, import('types').ParamMatcher>} matchers
+ */
+export function exec(match, names, types, matchers) {
+	/** @type {Record<string, string>} */
+	const params = {};
+
+	for (let i = 0; i < names.length; i += 1) {
+		const name = names[i];
+		const type = types[i];
+		const value = match[i + 1] || '';
+
+		if (type) {
+			const matcher = matchers[type];
+			if (!matcher) throw new Error(`Missing "${type}" param matcher`); // TODO do this ahead of time?
+
+			if (!matcher(value)) return;
+		}
+
+		params[name] = value;
+	}
+
+	return params;
+}
+
+/**
+ * @param {string} needle
+ * @param {string} haystack
+ */
+function count_occurrences(needle, haystack) {
+	let count = 0;
+	for (let i = 0; i < haystack.length; i += 1) {
+		if (haystack[i] === needle) count += 1;
+	}
+	return count;
+}