@sveltejs/kit 1.0.0-next.572 → 1.0.0-next.573

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sveltejs/kit",
-  "version": "1.0.0-next.572",
+  "version": "1.0.0-next.573",
   "repository": {
     "type": "git",
     "url": "https://github.com/sveltejs/kit",
@@ -28,7 +28,7 @@
     "@types/connect": "^3.4.35",
     "@types/marked": "^4.0.7",
     "@types/mime": "^3.0.1",
-    "@types/node": "^16.18.3",
+    "@types/node": "^16.18.6",
     "@types/sade": "^1.7.4",
     "@types/set-cookie-parser": "^2.4.2",
     "marked": "^4.2.3",

package/src/core/prerender/prerender.js

@@ -11,6 +11,11 @@ import { logger } from '../utils.js';
 import { load_config } from '../config/index.js';
 import { get_route_segments } from '../../utils/routing.js';
 import { get_option } from '../../runtime/server/utils.js';
+import {
+	validate_common_exports,
+	validate_page_server_exports,
+	validate_server_exports
+} from '../../utils/exports.js';
 
 const [, , client_out_dir, manifest_path, results_path, verbose, env] = process.argv;
 
@@ -357,34 +362,46 @@ export async function prerender() {
 	}
 
 	for (const route of manifest._.routes) {
-		try {
-			if (route.endpoint) {
-				const mod = await route.endpoint();
-				if (mod.prerender !== undefined) {
-					if (mod.prerender && (mod.POST || mod.PATCH || mod.PUT || mod.DELETE)) {
-						throw new Error(
-							`Cannot prerender a +server file with POST, PATCH, PUT, or DELETE (${route.id})`
-						);
-					}
-
-					prerender_map.set(route.id, mod.prerender);
+		if (route.endpoint) {
+			const mod = await route.endpoint();
+			if (mod.prerender !== undefined) {
+				validate_server_exports(mod, route.id);
+
+				if (mod.prerender && (mod.POST || mod.PATCH || mod.PUT || mod.DELETE)) {
+					throw new Error(
+						`Cannot prerender a +server file with POST, PATCH, PUT, or DELETE (${route.id})`
+					);
 				}
+
+				prerender_map.set(route.id, mod.prerender);
 			}
+		}
+
+		if (route.page) {
+			const nodes = await Promise.all(
+				[...route.page.layouts, route.page.leaf].map((n) => {
+					if (n !== undefined) return manifest._.nodes[n]();
+				})
+			);
+
+			const layouts = nodes.slice(0, -1);
+			const page = nodes.at(-1);
 
-			if (route.page) {
-				const nodes = await Promise.all(
-					[...route.page.layouts, route.page.leaf].map((n) => {
-						if (n !== undefined) return manifest._.nodes[n]();
-					})
-				);
-				const prerender = get_option(nodes, 'prerender') ?? false;
+			for (const layout of layouts) {
+				if (layout) {
+					validate_common_exports(layout.server, route.id);
+					validate_common_exports(layout.shared, route.id);
+				}
+			}
 
-				prerender_map.set(route.id, prerender);
+			if (page) {
+				validate_page_server_exports(page.server, route.id);
+				validate_common_exports(page.shared, route.id);
 			}
-		} catch (e) {
-			// We failed to import the module, which indicates it can't be prerendered
-			// TODO should we catch these? It's almost certainly a bug in the app
-			console.error(e);
+
+			const prerender = get_option(nodes, 'prerender') ?? false;
+
+			prerender_map.set(route.id, prerender);
 		}
 	}
 

package/src/core/sync/create_manifest_data/index.js

@@ -486,10 +486,11 @@ function prevent_conflicts(routes) {
 			const matcher = split[i];
 			const next = split[i + 1];
 
-			permutations = [
-				...permutations.map((x) => x + next),
-				...permutations.map((x) => x + `<${matcher}>${next}`)
-			];
+			permutations = permutations.reduce((a, b) => {
+				a.push(b + next);
+				if (!(matcher === '*' && b.endsWith('//'))) a.push(b + `<${matcher}>${next}`);
+				return a;
+			}, /** @type {string[]} */ ([]));
 		}
 
 		for (const permutation of permutations) {

package/src/core/sync/write_types/index.js

@@ -401,7 +401,7 @@ function process_node(node, outdir, is_page, proxies, all_pages_have_load = true
 						? `./proxy${replace_ext_with_js(basename)}`
 						: path_to_original(outdir, node.server);
 
-					type = `Expand<Kit.AwaitedActions<typeof import('${from}').actions>> | undefined`;
+					type = `Expand<Kit.AwaitedActions<typeof import('${from}').actions>> | null`;
 				}
 			}
 			exports.push(`export type ActionData = ${type};`);

package/src/exports/vite/dev/index.js

@@ -31,6 +31,9 @@ export async function dev(vite, vite_config, svelte_config) {
 	// @ts-expect-error
 	globalThis.__SVELTEKIT_BROWSER__ = false;
 
+	// @ts-expect-error
+	globalThis.__SVELTEKIT_DEV__ = true;
+
 	sync.init(svelte_config, vite_config.mode);
 
 	/** @type {import('types').Respond} */
@@ -102,6 +105,7 @@ export async function dev(vite, vite_config, svelte_config) {
 							module_nodes.push(module_node);
 
 							result.shared = module;
+							result.shared_id = node.shared;
 						}
 
 						if (node.server) {
@@ -163,7 +167,8 @@ export async function dev(vite, vite_config, svelte_config) {
 										const url = path.resolve(cwd, endpoint.file);
 										return await vite.ssrLoadModule(url);
 								  }
-								: null
+								: null,
+							endpoint_id: endpoint?.file
 						};
 					})
 				),

package/src/runtime/client/client.js

@@ -30,6 +30,7 @@ import { stores } from './singletons.js';
 import { unwrap_promises } from '../../utils/promises.js';
 import * as devalue from 'devalue';
 import { INDEX_KEY, PRELOAD_PRIORITIES, SCROLL_KEY } from './constants.js';
+import { validate_common_exports } from '../../utils/exports.js';
 
 const routes = parse(nodes, server_loads, dictionary, matchers);
 
@@ -497,7 +498,7 @@ export function create_client({ target, base }) {
 				route,
 				status,
 				url: new URL(url),
-				form,
+				form: form ?? null,
 				// The whole page store is updated, but this way the object reference stays the same
 				data: data_changed ? data : page.data
 			};
@@ -558,6 +559,10 @@ export function create_client({ target, base }) {
 
 		const node = await loader();
 
+		if (__SVELTEKIT_DEV__) {
+			validate_common_exports(node.shared);
+		}
+
 		if (node.shared?.load) {
 			/** @param {string[]} deps */
 			function depends(...deps) {

package/src/runtime/server/index.js

@@ -17,6 +17,12 @@ import { redirect_json_response, render_data } from './data/index.js';
 import { add_cookies_to_headers, get_cookies } from './cookie.js';
 import { create_fetch } from './fetch.js';
 import { Redirect } from '../control.js';
+import {
+	validate_common_exports,
+	validate_page_server_exports,
+	validate_server_exports
+} from '../../utils/exports.js';
+import { error, json } from '../../exports/index.js';
 
 /* global __SVELTEKIT_ADAPTER_NAME__ */
 
@@ -40,9 +46,11 @@ export async function respond(request, options, state) {
 			is_form_content_type(request);
 
 		if (forbidden) {
-			return new Response(`Cross-site ${request.method} form submissions are forbidden`, {
-				status: 403
-			});
+			const csrf_error = error(403, `Cross-site ${request.method} form submissions are forbidden`);
+			if (request.headers.get('accept') === 'application/json') {
+				return json(csrf_error.body, { status: csrf_error.status });
+			}
+			return new Response(csrf_error.body.message, { status: csrf_error.status });
 		}
 	}
 
@@ -185,10 +193,31 @@ export async function respond(request, options, state) {
 					options.manifest._.nodes[route.page.leaf]()
 				]);
 
+				if (__SVELTEKIT_DEV__) {
+					const layouts = nodes.slice(0, -1);
+					const page = nodes.at(-1);
+
+					for (const layout of layouts) {
+						if (layout) {
+							validate_common_exports(layout.server, /** @type {string} */ (layout.server_id));
+							validate_common_exports(layout.shared, /** @type {string} */ (layout.shared_id));
+						}
+					}
+
+					if (page) {
+						validate_page_server_exports(page.server, /** @type {string} */ (page.server_id));
+						validate_common_exports(page.shared, /** @type {string} */ (page.shared_id));
+					}
+				}
+
 				trailing_slash = get_option(nodes, 'trailingSlash');
 			} else if (route.endpoint) {
 				const node = await route.endpoint();
 				trailing_slash = node.trailingSlash;
+
+				if (__SVELTEKIT_DEV__) {
+					validate_server_exports(node, /** @type {string} */ (route.endpoint_id));
+				}
 			}
 
 			const normalized = normalize_path(url.pathname, trailing_slash ?? 'never');

package/src/runtime/server/page/actions.js

@@ -18,22 +18,31 @@ export function is_action_json_request(event) {
 /**
  * @param {import('types').RequestEvent} event
  * @param {import('types').SSROptions} options
- * @param {import('types').SSRNode['server']} server
+ * @param {import('types').SSRNode['server'] | undefined} server
  */
 export async function handle_action_json_request(event, options, server) {
-	const actions = server.actions;
+	const actions = server?.actions;
 
 	if (!actions) {
-		maybe_throw_migration_error(server);
+		if (server) {
+			maybe_throw_migration_error(server);
+		}
 		// TODO should this be a different error altogether?
-		return new Response('POST method not allowed. No actions exist for this page', {
-			status: 405,
-			headers: {
-				// https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/405
-				// "The server must generate an Allow header field in a 405 status code response"
-				allow: 'GET'
+		const no_actions_error = error(405, 'POST method not allowed. No actions exist for this page');
+		return action_json(
+			{
+				type: 'error',
+				error: await handle_error_and_jsonify(event, options, no_actions_error)
+			},
+			{
+				status: no_actions_error.status,
+				headers: {
+					// https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/405
+					// "The server must generate an Allow header field in a 405 status code response"
+					allow: 'GET'
+				}
 			}
-		});
+		);
 	}
 
 	check_named_default_separate(actions);

package/src/runtime/server/page/index.js

@@ -40,9 +40,7 @@ export async function render_page(event, route, page, options, state, resolve_op
 
 	if (is_action_json_request(event)) {
 		const node = await options.manifest._.nodes[page.leaf]();
-		if (node.server) {
-			return handle_action_json_request(event, options, node.server);
-		}
+		return handle_action_json_request(event, options, node?.server);
 	}
 
 	try {

package/src/utils/exports.js

@@ -0,0 +1,54 @@
+/**
+ * @param {string[]} expected
+ */
+function validator(expected) {
+	const set = new Set(expected);
+
+	/**
+	 * @param {any} module
+	 * @param {string} [route_id]
+	 */
+	function validate(module, route_id) {
+		if (!module) return;
+
+		for (const key in module) {
+			if (key[0] !== '_' && !set.has(key)) {
+				const valid = expected.join(', ');
+				throw new Error(
+					`Invalid export '${key}'${
+						route_id ? ` in ${route_id}` : ''
+					} (valid exports are ${valid}, or anything with a '_' prefix)`
+				);
+			}
+		}
+	}
+
+	return validate;
+}
+
+export const validate_common_exports = validator([
+	'load',
+	'prerender',
+	'csr',
+	'ssr',
+	'trailingSlash'
+]);
+
+export const validate_page_server_exports = validator([
+	'load',
+	'prerender',
+	'csr',
+	'ssr',
+	'actions',
+	'trailingSlash'
+]);
+
+export const validate_server_exports = validator([
+	'GET',
+	'POST',
+	'PATCH',
+	'PUT',
+	'DELETE',
+	'prerender',
+	'trailingSlash'
+]);

package/types/internal.d.ts

@@ -288,6 +288,7 @@ export interface SSRNode {
 
 	// store this in dev so we can print serialization errors
 	server_id?: string;
+	shared_id?: string;
 }
 
 export type SSRNodeLoader = () => Promise<SSRNode>;
@@ -346,6 +347,7 @@ export interface SSRRoute {
 	params: RouteParam[];
 	page: PageNodeIndexes | null;
 	endpoint: (() => Promise<SSREndpoint>) | null;
+	endpoint_id?: string;
 }
 
 export interface SSRState {