@sveltejs/kit 1.0.0-next.468 → 1.0.0-next.470

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sveltejs/kit",
-  "version": "1.0.0-next.468",
+  "version": "1.0.0-next.470",
   "repository": {
     "type": "git",
     "url": "https://github.com/sveltejs/kit",
@@ -10,7 +10,7 @@
   "homepage": "https://kit.svelte.dev",
   "type": "module",
   "dependencies": {
-    "@sveltejs/vite-plugin-svelte": "^1.0.4",
+    "@sveltejs/vite-plugin-svelte": "^1.0.5",
     "cookie": "^0.5.0",
     "devalue": "^3.1.2",
     "kleur": "^4.1.4",
@@ -38,11 +38,11 @@
     "svelte-preprocess": "^4.10.6",
     "typescript": "^4.8.2",
     "uvu": "^0.5.3",
-    "vite": "^3.1.0-beta.2"
+    "vite": "^3.1.0"
   },
   "peerDependencies": {
     "svelte": "^3.44.0",
-    "vite": "^3.1.0-beta.1"
+    "vite": "^3.1.0"
   },
   "bin": {
     "svelte-kit": "svelte-kit.js"

package/src/core/env.js

@@ -24,8 +24,17 @@ export function create_static_module(id, env) {
 	return GENERATED_COMMENT + declarations.join('\n\n');
 }
 
-/** @param {'public' | 'private'} type */
-export function create_dynamic_module(type) {
+/**
+ * @param {'public' | 'private'} type
+ * @param {Record<string, string> | undefined} dev_values If in a development mode, values to pre-populate the module with.
+ */
+export function create_dynamic_module(type, dev_values) {
+	if (dev_values) {
+		const objectKeys = Object.entries(dev_values).map(
+			([k, v]) => `${JSON.stringify(k)}: ${JSON.stringify(v)}`
+		);
+		return `const env = {\n${objectKeys.join(',\n')}\n}\n\nexport { env }`;
+	}
 	return `export { env } from '${runtime_base}/env-${type}.js';`;
 }
 

package/src/core/sync/create_manifest_data/index.js

@@ -103,6 +103,14 @@ function create_routes_and_nodes(cwd, config, fallback) {
 		 * @param {import('types').RouteData | null} parent
 		 */
 		const walk = (depth, id, segment, parent) => {
+			if (/\]\[/.test(id)) {
+				throw new Error(`Invalid route ${id} — parameters must be separated`);
+			}
+
+			if (count_occurrences('[', id) !== count_occurrences(']', id)) {
+				throw new Error(`Invalid route ${id} — brackets are unbalanced`);
+			}
+
 			const { pattern, names, types } = parse_route_id(id);
 
 			const segments = id.split('/');
@@ -450,3 +458,15 @@ function list_files(dir) {
 
 	return files;
 }
+
+/**
+ * @param {string} needle
+ * @param {string} haystack
+ */
+function count_occurrences(needle, haystack) {
+	let count = 0;
+	for (let i = 0; i < haystack.length; i += 1) {
+		if (haystack[i] === needle) count += 1;
+	}
+	return count;
+}

package/src/exports/vite/build/build_server.js

@@ -110,10 +110,16 @@ export class Server {
 
 		if (!this.options.hooks) {
 			const module = await import(${s(hooks)});
+
+			// TODO remove this for 1.0
+			if (module.externalFetch) {
+				throw new Error('externalFetch has been removed — use handleFetch instead. See https://github.com/sveltejs/kit/pull/6565 for details');
+			}
+
 			this.options.hooks = {
 				handle: module.handle || (({ event, resolve }) => resolve(event)),
 				handleError: module.handleError || (({ error }) => console.error(error.stack)),
-				externalFetch: module.externalFetch || fetch
+				handleFetch: module.handleFetch || (({ request, fetch }) => fetch(request))
 			};
 		}
 	}

package/src/exports/vite/build/utils.js

@@ -105,7 +105,8 @@ export function get_default_build_config({ config, input, ssr, outDir }) {
 					format: 'esm',
 					entryFileNames: ssr ? '[name].js' : `${prefix}/[name]-[hash].js`,
 					chunkFileNames: ssr ? 'chunks/[name].js' : `${prefix}/chunks/[name]-[hash].js`,
-					assetFileNames: `${prefix}/assets/[name]-[hash][extname]`
+					assetFileNames: `${prefix}/assets/[name]-[hash][extname]`,
+					hoistTransitiveImports: false
 				},
 				preserveEntrySignatures: 'strict'
 			},
@@ -133,7 +134,8 @@ export function get_default_build_config({ config, input, ssr, outDir }) {
 			rollupOptions: {
 				output: {
 					entryFileNames: `${prefix}/workers/[name]-[hash].js`,
-					chunkFileNames: `${prefix}/workers/chunks/[name]-[hash].js`
+					chunkFileNames: `${prefix}/workers/chunks/[name]-[hash].js`,
+					hoistTransitiveImports: false
 				}
 			}
 		}

package/src/exports/vite/dev/index.js

@@ -11,7 +11,7 @@ import { load_error_page, load_template } from '../../../core/config/index.js';
 import { SVELTE_KIT_ASSETS } from '../../../constants.js';
 import * as sync from '../../../core/sync/sync.js';
 import { get_mime_lookup, runtime_base, runtime_prefix } from '../../../core/utils.js';
-import { get_env, prevent_illegal_vite_imports, resolve_entry } from '../utils.js';
+import { prevent_illegal_vite_imports, resolve_entry } from '../utils.js';
 import { compact } from '../../../utils/array.js';
 
 // Vite doesn't expose this so we just copy the list for now
@@ -269,13 +269,6 @@ export async function dev(vite, vite_config, svelte_config, illegal_imports) {
 		}
 	});
 
-	const { set_private_env } = await vite.ssrLoadModule(`${runtime_base}/env-private.js`);
-	const { set_public_env } = await vite.ssrLoadModule(`${runtime_base}/env-public.js`);
-
-	const env = get_env(svelte_config.kit.env, vite_config.mode);
-	set_private_env(env.private);
-	set_public_env(env.public);
-
 	return () => {
 		const serve_static_middleware = vite.middlewares.stack.find(
 			(middleware) =>
@@ -317,6 +310,14 @@ export async function dev(vite, vite_config, svelte_config, illegal_imports) {
 
 				const handle = user_hooks.handle || (({ event, resolve }) => resolve(event));
 
+				// TODO remove for 1.0
+				// @ts-expect-error
+				if (user_hooks.externalFetch) {
+					throw new Error(
+						'externalFetch has been removed — use handleFetch instead. See https://github.com/sveltejs/kit/pull/6565 for details'
+					);
+				}
+
 				/** @type {import('types').Hooks} */
 				const hooks = {
 					handle,
@@ -331,7 +332,7 @@ export async function dev(vite, vite_config, svelte_config, illegal_imports) {
 								console.error(colors.gray(error.stack));
 							}
 						}),
-					externalFetch: user_hooks.externalFetch || fetch
+					handleFetch: user_hooks.handleFetch || (({ request, fetch }) => fetch(request))
 				};
 
 				if (/** @type {any} */ (hooks).getContext) {
@@ -411,7 +412,7 @@ export async function dev(vite, vite_config, svelte_config, illegal_imports) {
 							base: svelte_config.kit.paths.base,
 							assets
 						},
-						public_env: env.public,
+						public_env: {},
 						read: (file) => fs.readFileSync(path.join(svelte_config.kit.files.assets, file)),
 						root,
 						app_template: ({ head, body, assets, nonce }) => {

package/src/exports/vite/index.js

@@ -299,9 +299,15 @@ function kit() {
 				case '\0$env/static/public':
 					return create_static_module('$env/static/public', env.public);
 				case '\0$env/dynamic/private':
-					return create_dynamic_module('private');
+					return create_dynamic_module(
+						'private',
+						vite_config_env.command === 'serve' ? env.private : undefined
+					);
 				case '\0$env/dynamic/public':
-					return create_dynamic_module('public');
+					return create_dynamic_module(
+						'public',
+						vite_config_env.command === 'serve' ? env.public : undefined
+					);
 			}
 		},
 

package/src/runtime/server/page/fetch.js

@@ -1,7 +1,6 @@
 import * as cookie from 'cookie';
 import * as set_cookie_parser from 'set-cookie-parser';
 import { respond } from '../index.js';
-import { is_root_relative, resolve } from '../../../utils/url.js';
 import { domain_matches, path_matches } from './cookie.js';
 
 /**
@@ -20,185 +19,165 @@ export function create_fetch({ event, options, state, route, prerender_default }
 	const initial_cookies = cookie.parse(event.request.headers.get('cookie') || '');
 
 	/** @type {import('set-cookie-parser').Cookie[]} */
-	const cookies = [];
+	const set_cookies = [];
 
-	/** @type {typeof fetch} */
-	const fetcher = async (resource, opts = {}) => {
-		/** @type {string} */
-		let requested;
-
-		if (typeof resource === 'string' || resource instanceof URL) {
-			requested = resource.toString();
-		} else {
-			requested = resource.url;
-
-			opts = {
-				method: resource.method,
-				headers: resource.headers,
-				body: resource.body,
-				mode: resource.mode,
-				credentials: resource.credentials,
-				cache: resource.cache,
-				redirect: resource.redirect,
-				referrer: resource.referrer,
-				integrity: resource.integrity,
-				...opts
-			};
-		}
+	/**
+	 * @param {URL} url
+	 * @param {string | null} header
+	 */
+	function get_cookie_header(url, header) {
+		/** @type {Record<string, string>} */
+		const new_cookies = {};
 
-		opts.headers = new Headers(opts.headers);
-
-		// merge headers from request
-		for (const [key, value] of event.request.headers) {
-			if (
-				key !== 'authorization' &&
-				key !== 'connection' &&
-				key !== 'content-length' &&
-				key !== 'cookie' &&
-				key !== 'host' &&
-				key !== 'if-none-match' &&
-				!opts.headers.has(key)
-			) {
-				opts.headers.set(key, value);
-			}
+		for (const cookie of set_cookies) {
+			if (!domain_matches(url.hostname, cookie.domain)) continue;
+			if (!path_matches(url.pathname, cookie.path)) continue;
+
+			new_cookies[cookie.name] = cookie.value;
 		}
 
-		const resolved = resolve(event.url.pathname, requested.split('?')[0]).replace(/#.+$/, '');
+		// cookies from explicit `cookie` header take precedence over cookies previously set
+		// during this load with `set-cookie`, which take precedence over the cookies
+		// sent by the user agent
+		const combined_cookies = {
+			...initial_cookies,
+			...new_cookies,
+			...cookie.parse(header ?? '')
+		};
+
+		return Object.entries(combined_cookies)
+			.map(([name, value]) => `${name}=${value}`)
+			.join('; ');
+	}
+
+	/** @type {typeof fetch} */
+	const fetcher = async (info, init) => {
+		const request = normalize_fetch_input(info, init, event.url);
 
-		/** @type {Response} */
-		let response;
+		const request_body = init?.body;
 
 		/** @type {import('types').PrerenderDependency} */
 		let dependency;
 
-		// handle fetch requests for static assets. e.g. prebaked data, etc.
-		// we need to support everything the browser's fetch supports
-		const prefix = options.paths.assets || options.paths.base;
-		const filename = decodeURIComponent(
-			resolved.startsWith(prefix) ? resolved.slice(prefix.length) : resolved
-		).slice(1);
-		const filename_html = `${filename}/index.html`; // path may also match path/index.html
+		const response = await options.hooks.handleFetch({
+			event,
+			request,
+			fetch: async (info, init) => {
+				const request = normalize_fetch_input(info, init, event.url);
 
-		const is_asset = options.manifest.assets.has(filename);
-		const is_asset_html = options.manifest.assets.has(filename_html);
+				const url = new URL(request.url);
 
-		if (is_asset || is_asset_html) {
-			const file = is_asset ? filename : filename_html;
+				if (url.origin !== event.url.origin) {
+					// allow cookie passthrough for "same-origin"
+					// if SvelteKit is serving my.domain.com:
+					// -        domain.com WILL NOT receive cookies
+					// -     my.domain.com WILL receive cookies
+					// -    api.domain.dom WILL NOT receive cookies
+					// - sub.my.domain.com WILL receive cookies
+					// ports do not affect the resolution
+					// leading dot prevents mydomain.com matching domain.com
+					if (
+						`.${url.hostname}`.endsWith(`.${event.url.hostname}`) &&
+						request.credentials !== 'omit'
+					) {
+						const cookie = get_cookie_header(url, request.headers.get('cookie'));
+						if (cookie) request.headers.set('cookie', cookie);
+					}
 
-			if (options.read) {
-				const type = is_asset
-					? options.manifest.mimeTypes[filename.slice(filename.lastIndexOf('.'))]
-					: 'text/html';
+					let response = await fetch(request);
 
-				response = new Response(options.read(file), {
-					headers: type ? { 'content-type': type } : {}
-				});
-			} else {
-				response = await fetch(`${event.url.origin}/${file}`, /** @type {RequestInit} */ (opts));
-			}
-		} else if (is_root_relative(resolved)) {
-			if (opts.credentials !== 'omit') {
-				const authorization = event.request.headers.get('authorization');
+					if (request.mode === 'no-cors') {
+						response = new Response('', {
+							status: response.status,
+							statusText: response.statusText,
+							headers: response.headers
+						});
+					} else {
+						if (url.origin !== event.url.origin) {
+							const acao = response.headers.get('access-control-allow-origin');
+							if (!acao || (acao !== event.url.origin && acao !== '*')) {
+								throw new Error(
+									`CORS error: ${
+										acao ? 'Incorrect' : 'No'
+									} 'Access-Control-Allow-Origin' header is present on the requested resource`
+								);
+							}
+						}
+					}
 
-				// combine cookies from the initiating request with any that were
-				// added via set-cookie
-				const combined_cookies = { ...initial_cookies };
+					return response;
+				}
 
-				for (const cookie of cookies) {
-					if (!domain_matches(event.url.hostname, cookie.domain)) continue;
-					if (!path_matches(resolved, cookie.path)) continue;
+				/** @type {Response} */
+				let response;
 
-					combined_cookies[cookie.name] = cookie.value;
-				}
+				// handle fetch requests for static assets. e.g. prebaked data, etc.
+				// we need to support everything the browser's fetch supports
+				const prefix = options.paths.assets || options.paths.base;
+				const decoded = decodeURIComponent(url.pathname);
+				const filename = (
+					decoded.startsWith(prefix) ? decoded.slice(prefix.length) : decoded
+				).slice(1);
+				const filename_html = `${filename}/index.html`; // path may also match path/index.html
 
-				const cookie = Object.entries(combined_cookies)
-					.map(([name, value]) => `${name}=${value}`)
-					.join('; ');
+				const is_asset = options.manifest.assets.has(filename);
+				const is_asset_html = options.manifest.assets.has(filename_html);
 
-				if (cookie) {
-					opts.headers.set('cookie', cookie);
-				}
+				if (is_asset || is_asset_html) {
+					const file = is_asset ? filename : filename_html;
 
-				if (authorization && !opts.headers.has('authorization')) {
-					opts.headers.set('authorization', authorization);
-				}
-			}
+					if (options.read) {
+						const type = is_asset
+							? options.manifest.mimeTypes[filename.slice(filename.lastIndexOf('.'))]
+							: 'text/html';
 
-			if (opts.body && typeof opts.body !== 'string') {
-				// per https://developer.mozilla.org/en-US/docs/Web/API/Request/Request, this can be a
-				// Blob, BufferSource, FormData, URLSearchParams, USVString, or ReadableStream object.
-				// non-string bodies are irksome to deal with, but luckily aren't particularly useful
-				// in this context anyway, so we take the easy route and ban them
-				throw new Error('Request body must be a string');
-			}
+						return new Response(options.read(file), {
+							headers: type ? { 'content-type': type } : {}
+						});
+					}
 
-			response = await respond(
-				new Request(new URL(requested, event.url).href, { ...opts }),
-				options,
-				{
-					prerender_default,
-					...state,
-					initiator: route
+					return await fetch(request);
 				}
-			);
-
-			if (state.prerendering) {
-				dependency = { response, body: null };
-				state.prerendering.dependencies.set(resolved, dependency);
-			}
-		} else {
-			// external
-			if (resolved.startsWith('//')) {
-				requested = event.url.protocol + requested;
-			}
 
-			const url = new URL(requested);
-
-			// external fetch
-			// allow cookie passthrough for "same-origin"
-			// if SvelteKit is serving my.domain.com:
-			// -        domain.com WILL NOT receive cookies
-			// -     my.domain.com WILL receive cookies
-			// -    api.domain.dom WILL NOT receive cookies
-			// - sub.my.domain.com WILL receive cookies
-			// ports do not affect the resolution
-			// leading dot prevents mydomain.com matching domain.com
-			if (`.${url.hostname}`.endsWith(`.${event.url.hostname}`) && opts.credentials !== 'omit') {
-				const cookie = event.request.headers.get('cookie');
-				if (cookie) opts.headers.set('cookie', cookie);
-			}
+				if (request.credentials !== 'omit') {
+					const cookie = get_cookie_header(url, request.headers.get('cookie'));
+					if (cookie) {
+						request.headers.set('cookie', cookie);
+					}
 
-			// we need to delete the connection header, as explained here:
-			// https://github.com/nodejs/undici/issues/1470#issuecomment-1140798467
-			// TODO this may be a case for being selective about which headers we let through
-			opts.headers.delete('connection');
+					const authorization = event.request.headers.get('authorization');
+					if (authorization && !request.headers.has('authorization')) {
+						request.headers.set('authorization', authorization);
+					}
+				}
 
-			const external_request = new Request(requested, /** @type {RequestInit} */ (opts));
-			response = await options.hooks.externalFetch.call(null, external_request);
+				if (request_body && typeof request_body !== 'string') {
+					// TODO is this still necessary? we just bail out below
+					// per https://developer.mozilla.org/en-US/docs/Web/API/Request/Request, this can be a
+					// Blob, BufferSource, FormData, URLSearchParams, USVString, or ReadableStream object.
+					// non-string bodies are irksome to deal with, but luckily aren't particularly useful
+					// in this context anyway, so we take the easy route and ban them
+					throw new Error('Request body must be a string');
+				}
 
-			if (opts.mode === 'no-cors') {
-				response = new Response('', {
-					status: response.status,
-					statusText: response.statusText,
-					headers: response.headers
+				response = await respond(request, options, {
+					prerender_default,
+					...state,
+					initiator: route
 				});
-			} else {
-				if (url.origin !== event.url.origin) {
-					const acao = response.headers.get('access-control-allow-origin');
-					if (!acao || (acao !== event.url.origin && acao !== '*')) {
-						throw new Error(
-							`CORS error: ${
-								acao ? 'Incorrect' : 'No'
-							} 'Access-Control-Allow-Origin' header is present on the requested resource`
-						);
-					}
+
+				if (state.prerendering) {
+					dependency = { response, body: null };
+					state.prerendering.dependencies.set(url.pathname, dependency);
 				}
+
+				return response;
 			}
-		}
+		});
 
 		const set_cookie = response.headers.get('set-cookie');
 		if (set_cookie) {
-			cookies.push(
+			set_cookies.push(
 				...set_cookie_parser
 					.splitCookiesString(set_cookie)
 					.map((str) => set_cookie_parser.parseString(str))
@@ -220,7 +199,7 @@ export function create_fetch({ event, options, state, route, prerender_default }
 						}
 					}
 
-					if (!opts.body || typeof opts.body === 'string') {
+					if (!body || typeof body === 'string') {
 						const status_number = Number(response.status);
 						if (isNaN(status_number)) {
 							throw new Error(
@@ -231,9 +210,11 @@ export function create_fetch({ event, options, state, route, prerender_default }
 						}
 
 						fetched.push({
-							url: requested,
-							method: opts.method || 'GET',
-							body: opts.body,
+							url: request.url.startsWith(event.url.origin)
+								? request.url.slice(event.url.origin.length)
+								: request.url,
+							method: request.method,
+							body: /** @type {string | undefined} */ (request_body),
 							response: {
 								status: status_number,
 								statusText: response.statusText,
@@ -284,5 +265,18 @@ export function create_fetch({ event, options, state, route, prerender_default }
 		return proxy;
 	};
 
-	return { fetcher, fetched, cookies };
+	return { fetcher, fetched, cookies: set_cookies };
+}
+
+/**
+ * @param {RequestInfo | URL} info
+ * @param {RequestInit | undefined} init
+ * @param {URL} url
+ */
+function normalize_fetch_input(info, init, url) {
+	if (info instanceof Request) {
+		return info;
+	}
+
+	return new Request(typeof info === 'string' ? new URL(info, url) : info, init);
 }

package/src/utils/routing.js

@@ -12,14 +12,6 @@ export function parse_route_id(id) {
 	// const add_trailing_slash = !/\.[a-z]+$/.test(key);
 	let add_trailing_slash = true;
 
-	if (/\]\[/.test(id)) {
-		throw new Error(`Invalid route ${id} — parameters must be separated`);
-	}
-
-	if (count_occurrences('[', id) !== count_occurrences(']', id)) {
-		throw new Error(`Invalid route ${id} — brackets are unbalanced`);
-	}
-
 	const pattern =
 		id === ''
 			? /^\/$/
@@ -123,15 +115,3 @@ export function exec(match, names, types, matchers) {
 
 	return params;
 }
-
-/**
- * @param {string} needle
- * @param {string} haystack
- */
-function count_occurrences(needle, haystack) {
-	let count = 0;
-	for (let i = 0; i < haystack.length; i += 1) {
-		if (haystack[i] === needle) count += 1;
-	}
-	return count;
-}

package/types/index.d.ts

@@ -176,10 +176,6 @@ export interface KitConfig {
 	};
 }
 
-export interface ExternalFetch {
-	(req: Request): Promise<Response>;
-}
-
 export interface Handle {
 	(input: {
 		event: RequestEvent;
@@ -191,6 +187,10 @@ export interface HandleError {
 	(input: { error: Error & { frame?: string }; event: RequestEvent }): void;
 }
 
+export interface HandleFetch {
+	(input: { event: RequestEvent; request: Request; fetch: typeof fetch }): MaybePromise<Response>;
+}
+
 /**
  * The generic form of `PageLoad` and `LayoutLoad`. You should import those from `./$types` (see [generated types](https://kit.svelte.dev/docs/types#generated-types))
  * rather than using `Load` directly.

package/types/internal.d.ts

@@ -3,7 +3,6 @@ import { SvelteComponent } from 'svelte/internal';
 import {
 	Action,
 	Config,
-	ExternalFetch,
 	ServerLoad,
 	Handle,
 	HandleError,
@@ -14,7 +13,8 @@ import {
 	ResolveOptions,
 	Server,
 	ServerInitOptions,
-	SSRManifest
+	SSRManifest,
+	HandleFetch
 } from './index.js';
 import {
 	HttpMethod,
@@ -90,9 +90,9 @@ export type CSRRoute = {
 export type GetParams = (match: RegExpExecArray) => Record<string, string>;
 
 export interface Hooks {
-	externalFetch: ExternalFetch;
 	handle: Handle;
 	handleError: HandleError;
+	handleFetch: HandleFetch;
 }
 
 export interface ImportNode {