@sveltejs/kit 1.0.0-next.47 → 1.0.0-next.472

package/src/runtime/server/page/fetch.js

@@ -0,0 +1,286 @@
+import * as cookie from 'cookie';
+import * as set_cookie_parser from 'set-cookie-parser';
+import { respond } from '../index.js';
+import { domain_matches, path_matches } from '../cookie.js';
+
+/**
+ * @param {{
+ *   event: import('types').RequestEvent;
+ *   options: import('types').SSROptions;
+ *   state: import('types').SSRState;
+ *   route: import('types').SSRRoute | import('types').SSRErrorPage;
+ *   prerender_default?: import('types').PrerenderOption;
+ *   resolve_opts: import('types').RequiredResolveOptions;
+ * }} opts
+ */
+export function create_fetch({ event, options, state, route, prerender_default, resolve_opts }) {
+	/** @type {import('./types').Fetched[]} */
+	const fetched = [];
+
+	const initial_cookies = cookie.parse(event.request.headers.get('cookie') || '');
+
+	/** @type {import('set-cookie-parser').Cookie[]} */
+	const set_cookies = [];
+
+	/**
+	 * @param {URL} url
+	 * @param {string | null} header
+	 */
+	function get_cookie_header(url, header) {
+		/** @type {Record<string, string>} */
+		const new_cookies = {};
+
+		for (const cookie of set_cookies) {
+			if (!domain_matches(url.hostname, cookie.domain)) continue;
+			if (!path_matches(url.pathname, cookie.path)) continue;
+
+			new_cookies[cookie.name] = cookie.value;
+		}
+
+		// cookies from explicit `cookie` header take precedence over cookies previously set
+		// during this load with `set-cookie`, which take precedence over the cookies
+		// sent by the user agent
+		const combined_cookies = {
+			...initial_cookies,
+			...new_cookies,
+			...cookie.parse(header ?? '')
+		};
+
+		return Object.entries(combined_cookies)
+			.map(([name, value]) => `${name}=${value}`)
+			.join('; ');
+	}
+
+	/** @type {typeof fetch} */
+	const fetcher = async (info, init) => {
+		const request = normalize_fetch_input(info, init, event.url);
+
+		const request_body = init?.body;
+
+		/** @type {import('types').PrerenderDependency} */
+		let dependency;
+
+		const response = await options.hooks.handleFetch({
+			event,
+			request,
+			fetch: async (info, init) => {
+				const request = normalize_fetch_input(info, init, event.url);
+
+				const url = new URL(request.url);
+
+				if (url.origin !== event.url.origin) {
+					// allow cookie passthrough for "same-origin"
+					// if SvelteKit is serving my.domain.com:
+					// -        domain.com WILL NOT receive cookies
+					// -     my.domain.com WILL receive cookies
+					// -    api.domain.dom WILL NOT receive cookies
+					// - sub.my.domain.com WILL receive cookies
+					// ports do not affect the resolution
+					// leading dot prevents mydomain.com matching domain.com
+					if (
+						`.${url.hostname}`.endsWith(`.${event.url.hostname}`) &&
+						request.credentials !== 'omit'
+					) {
+						const cookie = get_cookie_header(url, request.headers.get('cookie'));
+						if (cookie) request.headers.set('cookie', cookie);
+					}
+
+					let response = await fetch(request);
+
+					if (request.mode === 'no-cors') {
+						response = new Response('', {
+							status: response.status,
+							statusText: response.statusText,
+							headers: response.headers
+						});
+					} else {
+						if (url.origin !== event.url.origin) {
+							const acao = response.headers.get('access-control-allow-origin');
+							if (!acao || (acao !== event.url.origin && acao !== '*')) {
+								throw new Error(
+									`CORS error: ${
+										acao ? 'Incorrect' : 'No'
+									} 'Access-Control-Allow-Origin' header is present on the requested resource`
+								);
+							}
+						}
+					}
+
+					return response;
+				}
+
+				/** @type {Response} */
+				let response;
+
+				// handle fetch requests for static assets. e.g. prebaked data, etc.
+				// we need to support everything the browser's fetch supports
+				const prefix = options.paths.assets || options.paths.base;
+				const decoded = decodeURIComponent(url.pathname);
+				const filename = (
+					decoded.startsWith(prefix) ? decoded.slice(prefix.length) : decoded
+				).slice(1);
+				const filename_html = `${filename}/index.html`; // path may also match path/index.html
+
+				const is_asset = options.manifest.assets.has(filename);
+				const is_asset_html = options.manifest.assets.has(filename_html);
+
+				if (is_asset || is_asset_html) {
+					const file = is_asset ? filename : filename_html;
+
+					if (options.read) {
+						const type = is_asset
+							? options.manifest.mimeTypes[filename.slice(filename.lastIndexOf('.'))]
+							: 'text/html';
+
+						return new Response(options.read(file), {
+							headers: type ? { 'content-type': type } : {}
+						});
+					}
+
+					return await fetch(request);
+				}
+
+				if (request.credentials !== 'omit') {
+					const cookie = get_cookie_header(url, request.headers.get('cookie'));
+					if (cookie) {
+						request.headers.set('cookie', cookie);
+					}
+
+					const authorization = event.request.headers.get('authorization');
+					if (authorization && !request.headers.has('authorization')) {
+						request.headers.set('authorization', authorization);
+					}
+				}
+
+				if (request_body && typeof request_body !== 'string') {
+					// TODO is this still necessary? we just bail out below
+					// per https://developer.mozilla.org/en-US/docs/Web/API/Request/Request, this can be a
+					// Blob, BufferSource, FormData, URLSearchParams, USVString, or ReadableStream object.
+					// non-string bodies are irksome to deal with, but luckily aren't particularly useful
+					// in this context anyway, so we take the easy route and ban them
+					throw new Error('Request body must be a string');
+				}
+
+				response = await respond(request, options, {
+					prerender_default,
+					...state,
+					initiator: route
+				});
+
+				if (state.prerendering) {
+					dependency = { response, body: null };
+					state.prerendering.dependencies.set(url.pathname, dependency);
+				}
+
+				return response;
+			}
+		});
+
+		const set_cookie = response.headers.get('set-cookie');
+		if (set_cookie) {
+			set_cookies.push(
+				...set_cookie_parser
+					.splitCookiesString(set_cookie)
+					.map((str) => set_cookie_parser.parseString(str))
+			);
+		}
+
+		const proxy = new Proxy(response, {
+			get(response, key, _receiver) {
+				async function text() {
+					const body = await response.text();
+
+					if (!body || typeof body === 'string') {
+						const status_number = Number(response.status);
+						if (isNaN(status_number)) {
+							throw new Error(
+								`response.status is not a number. value: "${
+									response.status
+								}" type: ${typeof response.status}`
+							);
+						}
+
+						fetched.push({
+							url: request.url.startsWith(event.url.origin)
+								? request.url.slice(event.url.origin.length)
+								: request.url,
+							method: request.method,
+							request_body: /** @type {string | undefined} */ (request_body),
+							response_body: body,
+							response: response
+						});
+
+						// ensure that excluded headers can't be read
+						const get = response.headers.get;
+						response.headers.get = (key) => {
+							const lower = key.toLowerCase();
+							const value = get.call(response.headers, lower);
+							if (value && !lower.startsWith('x-sveltekit-')) {
+								const included = resolve_opts.filterSerializedResponseHeaders(lower, value);
+								if (!included) {
+									throw new Error(
+										`Failed to get response header "${lower}" — it must be included by the \`filterSerializedResponseHeaders\` option: https://kit.svelte.dev/docs/hooks#handle`
+									);
+								}
+							}
+
+							return value;
+						};
+					}
+
+					if (dependency) {
+						dependency.body = body;
+					}
+
+					return body;
+				}
+
+				if (key === 'arrayBuffer') {
+					return async () => {
+						const buffer = await response.arrayBuffer();
+
+						if (dependency) {
+							dependency.body = new Uint8Array(buffer);
+						}
+
+						// TODO should buffer be inlined into the page (albeit base64'd)?
+						// any conditions in which it shouldn't be?
+
+						return buffer;
+					};
+				}
+
+				if (key === 'text') {
+					return text;
+				}
+
+				if (key === 'json') {
+					return async () => {
+						return JSON.parse(await text());
+					};
+				}
+
+				// TODO arrayBuffer?
+
+				return Reflect.get(response, key, response);
+			}
+		});
+
+		return proxy;
+	};
+
+	return { fetcher, fetched, cookies: set_cookies };
+}
+
+/**
+ * @param {RequestInfo | URL} info
+ * @param {RequestInit | undefined} init
+ * @param {URL} url
+ */
+function normalize_fetch_input(info, init, url) {
+	if (info instanceof Request) {
+		return info;
+	}
+
+	return new Request(typeof info === 'string' ? new URL(info, url) : info, init);
+}

package/src/runtime/server/page/index.js

@@ -0,0 +1,308 @@
+import { devalue } from 'devalue';
+import { DATA_SUFFIX } from '../../../constants.js';
+import { compact } from '../../../utils/array.js';
+import { normalize_error } from '../../../utils/error.js';
+import { HttpError, Redirect } from '../../control.js';
+import { get_option, redirect_response, static_error_page } from '../utils.js';
+import {
+	handle_action_json_request,
+	handle_action_request,
+	is_action_json_request,
+	is_action_request
+} from './actions.js';
+import { create_fetch } from './fetch.js';
+import { load_data, load_server_data } from './load_data.js';
+import { render_response } from './render.js';
+import { respond_with_error } from './respond_with_error.js';
+
+/**
+ * @param {import('types').RequestEvent} event
+ * @param {import('types').SSRRoute} route
+ * @param {import('types').PageNodeIndexes} page
+ * @param {import('types').SSROptions} options
+ * @param {import('types').SSRState} state
+ * @param {import('types').RequiredResolveOptions} resolve_opts
+ * @returns {Promise<Response>}
+ */
+export async function render_page(event, route, page, options, state, resolve_opts) {
+	if (state.initiator === route) {
+		// infinite request cycle detected
+		return new Response(`Not found: ${event.url.pathname}`, {
+			status: 404
+		});
+	}
+
+	if (is_action_json_request(event)) {
+		const node = await options.manifest._.nodes[page.leaf]();
+		if (node.server) {
+			return handle_action_json_request(event, options, node.server);
+		}
+	}
+
+	try {
+		const nodes = await Promise.all([
+			// we use == here rather than === because [undefined] serializes as "[null]"
+			...page.layouts.map((n) => (n == undefined ? n : options.manifest._.nodes[n]())),
+			options.manifest._.nodes[page.leaf]()
+		]);
+
+		const leaf_node = /** @type {import('types').SSRNode} */ (nodes.at(-1));
+
+		let status = 200;
+
+		/** @type {import('types').ActionResult | undefined} */
+		let action_result = undefined;
+
+		if (is_action_request(event, leaf_node)) {
+			// for action requests, first call handler in +page.server.js
+			// (this also determines status code)
+			action_result = await handle_action_request(event, leaf_node.server);
+			if (action_result?.type === 'redirect') {
+				return redirect_response(303, action_result.location);
+			}
+			if (action_result?.type === 'error') {
+				const error = action_result.error;
+				status = error instanceof HttpError ? error.status : 500;
+			}
+			if (action_result?.type === 'invalid') {
+				status = action_result.status;
+			}
+		}
+
+		const should_prerender_data = nodes.some((node) => node?.server);
+		const data_pathname = event.url.pathname.replace(/\/$/, '') + DATA_SUFFIX;
+
+		// it's crucial that we do this before returning the non-SSR response, otherwise
+		// SvelteKit will erroneously believe that the path has been prerendered,
+		// causing functions to be omitted from the manifesst generated later
+		const should_prerender = get_option(nodes, 'prerender') ?? false;
+		if (should_prerender) {
+			const mod = leaf_node.server;
+			if (mod && mod.actions) {
+				throw new Error('Cannot prerender pages with actions');
+			}
+		} else if (state.prerendering) {
+			// if the page isn't marked as prerenderable, then bail out at this point
+			return new Response(undefined, {
+				status: 204
+			});
+		}
+
+		const { fetcher, fetched, cookies } = create_fetch({
+			event,
+			options,
+			state,
+			route,
+			prerender_default: should_prerender,
+			resolve_opts
+		});
+
+		if (get_option(nodes, 'ssr') === false) {
+			return await render_response({
+				branch: [],
+				fetched,
+				cookies,
+				page_config: {
+					ssr: false,
+					csr: get_option(nodes, 'csr') ?? true
+				},
+				status,
+				error: null,
+				event,
+				options,
+				state,
+				resolve_opts
+			});
+		}
+
+		/** @type {Array<import('./types.js').Loaded | null>} */
+		let branch = [];
+
+		/** @type {Error | null} */
+		let load_error = null;
+
+		/** @type {Array<Promise<import('types').ServerDataNode | null>>} */
+		const server_promises = nodes.map((node, i) => {
+			if (load_error) {
+				// if an error happens immediately, don't bother with the rest of the nodes
+				throw load_error;
+			}
+
+			return Promise.resolve().then(async () => {
+				try {
+					if (node === leaf_node && action_result?.type === 'error') {
+						// we wait until here to throw the error so that we can use
+						// any nested +error.svelte components that were defined
+						throw action_result.error;
+					}
+
+					return await load_server_data({
+						event,
+						state,
+						node,
+						parent: async () => {
+							/** @type {Record<string, any>} */
+							const data = {};
+							for (let j = 0; j < i; j += 1) {
+								const parent = await server_promises[j];
+								if (parent) Object.assign(data, await parent.data);
+							}
+							return data;
+						}
+					});
+				} catch (e) {
+					load_error = /** @type {Error} */ (e);
+					throw load_error;
+				}
+			});
+		});
+
+		/** @type {Array<Promise<Record<string, any> | null>>} */
+		const load_promises = nodes.map((node, i) => {
+			if (load_error) throw load_error;
+			return Promise.resolve().then(async () => {
+				try {
+					return await load_data({
+						event,
+						fetcher,
+						node,
+						parent: async () => {
+							const data = {};
+							for (let j = 0; j < i; j += 1) {
+								Object.assign(data, await load_promises[j]);
+							}
+							return data;
+						},
+						server_data_promise: server_promises[i],
+						state
+					});
+				} catch (e) {
+					load_error = /** @type {Error} */ (e);
+					throw load_error;
+				}
+			});
+		});
+
+		// if we don't do this, rejections will be unhandled
+		for (const p of server_promises) p.catch(() => {});
+		for (const p of load_promises) p.catch(() => {});
+
+		for (let i = 0; i < nodes.length; i += 1) {
+			const node = nodes[i];
+
+			if (node) {
+				try {
+					const server_data = await server_promises[i];
+					const data = await load_promises[i];
+
+					branch.push({ node, server_data, data });
+				} catch (e) {
+					const error = normalize_error(e);
+
+					if (error instanceof Redirect) {
+						if (state.prerendering && should_prerender_data) {
+							const body = `window.__sveltekit_data = ${JSON.stringify({
+								type: 'redirect',
+								location: error.location
+							})}`;
+
+							state.prerendering.dependencies.set(data_pathname, {
+								response: new Response(body),
+								body
+							});
+						}
+
+						return redirect_response(error.status, error.location);
+					}
+
+					if (!(error instanceof HttpError)) {
+						options.handle_error(/** @type {Error} */ (error), event);
+					}
+
+					const status = error instanceof HttpError ? error.status : 500;
+
+					while (i--) {
+						if (page.errors[i]) {
+							const index = /** @type {number} */ (page.errors[i]);
+							const node = await options.manifest._.nodes[index]();
+
+							let j = i;
+							while (!branch[j]) j -= 1;
+
+							return await render_response({
+								event,
+								options,
+								state,
+								resolve_opts,
+								page_config: { ssr: true, csr: true },
+								status,
+								error,
+								branch: compact(branch.slice(0, j + 1)).concat({
+									node,
+									data: null,
+									server_data: null
+								}),
+								fetched,
+								cookies
+							});
+						}
+					}
+
+					// if we're still here, it means the error happened in the root layout,
+					// which means we have to fall back to error.html
+					return static_error_page(
+						options,
+						status,
+						/** @type {HttpError | Error} */ (error).message
+					);
+				}
+			} else {
+				// push an empty slot so we can rewind past gaps to the
+				// layout that corresponds with an +error.svelte page
+				branch.push(null);
+			}
+		}
+
+		if (state.prerendering && should_prerender_data) {
+			const body = `window.__sveltekit_data = ${devalue({
+				type: 'data',
+				nodes: branch.map((branch_node) => branch_node?.server_data)
+			})}`;
+
+			state.prerendering.dependencies.set(data_pathname, {
+				response: new Response(body),
+				body
+			});
+		}
+
+		return await render_response({
+			event,
+			options,
+			state,
+			resolve_opts,
+			page_config: {
+				csr: get_option(nodes, 'csr') ?? true,
+				ssr: true
+			},
+			status,
+			error: null,
+			branch: compact(branch),
+			action_result,
+			fetched,
+			cookies
+		});
+	} catch (error) {
+		// if we end up here, it means the data loaded successfull
+		// but the page failed to render, or that a prerendering error occurred
+		options.handle_error(/** @type {Error} */ (error), event);
+
+		return await respond_with_error({
+			event,
+			options,
+			state,
+			status: 500,
+			error: /** @type {Error} */ (error),
+			resolve_opts
+		});
+	}
+}

package/src/runtime/server/page/load_data.js

@@ -0,0 +1,124 @@
+import { disable_search, make_trackable } from '../../../utils/url.js';
+
+/**
+ * Calls the user's `load` function.
+ * @param {{
+ *   event: import('types').RequestEvent;
+ *   state: import('types').SSRState;
+ *   node: import('types').SSRNode | undefined;
+ *   parent: () => Promise<Record<string, any>>;
+ * }} opts
+ * @returns {Promise<import('types').ServerDataNode | null>}
+ */
+export async function load_server_data({ event, state, node, parent }) {
+	if (!node?.server) return null;
+
+	const uses = {
+		dependencies: new Set(),
+		params: new Set(),
+		parent: false,
+		url: false
+	};
+
+	const url = make_trackable(event.url, () => {
+		uses.url = true;
+	});
+
+	if (state.prerendering) {
+		disable_search(url);
+	}
+
+	const result = await node.server.load?.call(null, {
+		...event,
+		/** @param {string[]} deps */
+		depends: (...deps) => {
+			for (const dep of deps) {
+				const { href } = new URL(dep, event.url);
+				uses.dependencies.add(href);
+			}
+		},
+		params: new Proxy(event.params, {
+			get: (target, key) => {
+				uses.params.add(key);
+				return target[/** @type {string} */ (key)];
+			}
+		}),
+		parent: async () => {
+			uses.parent = true;
+			return parent();
+		},
+		url
+	});
+
+	const data = result ? await unwrap_promises(result) : null;
+
+	return {
+		type: 'data',
+		data,
+		uses: {
+			dependencies: uses.dependencies.size > 0 ? Array.from(uses.dependencies) : undefined,
+			params: uses.params.size > 0 ? Array.from(uses.params) : undefined,
+			parent: uses.parent ? 1 : undefined,
+			url: uses.url ? 1 : undefined
+		}
+	};
+}
+
+/**
+ * Calls the user's `load` function.
+ * @param {{
+ *   event: import('types').RequestEvent;
+ *   fetcher: typeof fetch;
+ *   node: import('types').SSRNode | undefined;
+ *   parent: () => Promise<Record<string, any>>;
+ *   server_data_promise: Promise<import('types').ServerDataNode | null>;
+ *   state: import('types').SSRState;
+ * }} opts
+ * @returns {Promise<Record<string, any> | null>}
+ */
+export async function load_data({ event, fetcher, node, parent, server_data_promise }) {
+	const server_data_node = await server_data_promise;
+
+	if (!node?.shared?.load) {
+		return server_data_node?.data ?? null;
+	}
+
+	const load_event = {
+		url: event.url,
+		params: event.params,
+		data: server_data_node?.data ?? null,
+		routeId: event.routeId,
+		fetch: fetcher,
+		setHeaders: event.setHeaders,
+		depends: () => {},
+		parent
+	};
+
+	// TODO remove this for 1.0
+	Object.defineProperties(load_event, {
+		session: {
+			get() {
+				throw new Error(
+					'session is no longer available. See https://github.com/sveltejs/kit/discussions/5883'
+				);
+			},
+			enumerable: false
+		}
+	});
+
+	const data = await node.shared.load.call(null, load_event);
+
+	return data ? unwrap_promises(data) : null;
+}
+
+/** @param {Record<string, any>} object */
+async function unwrap_promises(object) {
+	/** @type {Record<string, any>} */
+	const unwrapped = {};
+
+	for (const key in object) {
+		unwrapped[key] = await object[key];
+	}
+
+	return unwrapped;
+}