astro 4.8.7 → 4.9.1

package/dist/@types/astro.d.ts

@@ -676,6 +676,47 @@ export interface AstroUserConfig {
      * Using `'attribute'` is useful when you are manipulating the `class` attribute of elements and need to avoid conflicts between your own styling logic and Astro's application of styles.
      */
     scopedStyleStrategy?: 'where' | 'class' | 'attribute';
+    /**
+     * @docs
+     * @name security
+     * @type {boolean}
+     * @default `{}`
+     * @version 4.9.0
+     * @description
+     *
+     * Enables security measures for an Astro website.
+     *
+     * These features only exist for pages rendered on demand (SSR) using `server` mode or pages that opt out of prerendering in `hybrid` mode.
+     *
+     * ```js
+     * // astro.config.mjs
+     * export default defineConfig({
+     *   output: "server",
+     *   security: {
+     *     checkOrigin: true
+     *   }
+     * })
+     * ```
+     */
+    security?: {
+        /**
+         * @docs
+         * @name security.checkOrigin
+         * @kind h4
+         * @type {boolean}
+         * @default 'false'
+         * @version 4.9.0
+         * @description
+         *
+         * When enabled, performs a check that the "origin" header, automatically passed by all modern browsers, matches the URL sent by each `Request`. This is used to provide Cross-Site Request Forgery (CSRF) protection.
+         *
+         * The "origin" check is executed only for pages rendered on demand, and only for the requests `POST`, `PATCH`, `DELETE` and `PUT` with
+         * one of the following `content-type` headers: `'application/x-www-form-urlencoded'`, `'multipart/form-data'`, `'text/plain'`.
+         *
+         * If the "origin" header doesn't match the `pathname` of the request, Astro will return a 403 status code and will not render the page.
+         */
+        checkOrigin?: boolean;
+    };
     /**
      * @docs
      * @name vite
@@ -1820,102 +1861,6 @@ export interface AstroUserConfig {
          * In the event of route collisions, where two routes of equal route priority attempt to build the same URL, Astro will log a warning identifying the conflicting routes.
          */
         globalRoutePriority?: boolean;
-        /**
-         * @docs
-         * @name experimental.i18nDomains
-         * @type {boolean}
-         * @default `false`
-         * @version 4.3.0
-         * @description
-         *
-         * Enables domain support for the [experimental `domains` routing strategy](https://docs.astro.build/en/guides/internationalization/#domains-experimental) which allows you to configure the URL pattern of one or more supported languages to use a custom domain (or sub-domain).
-         *
-         * When a locale is mapped to a domain, a `/[locale]/` path prefix will not be used. However, localized folders within `src/pages/` are still required, including for your configured `defaultLocale`.
-         *
-         * Any other locale not configured will default to a localized path-based URL according to your `prefixDefaultLocale` strategy (e.g. `https://example.com/[locale]/blog`).
-         *
-         * ```js
-         * //astro.config.mjs
-         * export default defineConfig({
-         * 	site: "https://example.com",
-         * 	output: "server", // required, with no prerendered pages
-         * 	adapter: node({
-         * 		mode: 'standalone',
-         * 	}),
-         * 	i18n: {
-         * 		defaultLocale: "en",
-         * 		locales: ["en", "fr", "pt-br", "es"],
-         * 		prefixDefaultLocale: false,
-         * 		domains: {
-         * 			fr: "https://fr.example.com",
-         * 			es: "https://example.es",
-         * 		},
-         * 	},
-         * 	experimental: {
-         * 		i18nDomains: true,
-         * 	},
-         * });
-         * ```
-         *
-         * Both page routes built and URLs returned by the `astro:i18n` helper functions [`getAbsoluteLocaleUrl()`](https://docs.astro.build/en/reference/api-reference/#getabsolutelocaleurl) and [`getAbsoluteLocaleUrlList()`](https://docs.astro.build/en/reference/api-reference/#getabsolutelocaleurllist) will use the options set in `i18n.domains`.
-         *
-         * See the [Internationalization Guide](https://docs.astro.build/en/guides/internationalization/#domains-experimental) for more details, including the limitations of this experimental feature.
-         */
-        i18nDomains?: boolean;
-        /**
-         * @docs
-         * @name experimental.security
-         * @type {boolean}
-         * @default `false`
-         * @version 4.6.0
-         * @description
-         *
-         * Enables CSRF protection for Astro websites.
-         *
-         * The CSRF protection works only for pages rendered on demand (SSR) using `server` or `hybrid` mode. The pages must opt out of prerendering in `hybrid` mode.
-         *
-         * ```js
-         * // astro.config.mjs
-         * export default defineConfig({
-         *   output: "server",
-         *   experimental: {
-         *     security: {
-         *       csrfProtection: {
-         *         origin: true
-         *       }
-         *     }
-         *   }
-         * })
-         * ```
-         */
-        security?: {
-            /**
-             * @name security.csrfProtection
-             * @type {object}
-             * @default '{}'
-             * @version 4.6.0
-             * @description
-             *
-             * Allows you to enable security measures to prevent CSRF attacks: https://owasp.org/www-community/attacks/csrf
-             */
-            csrfProtection?: {
-                /**
-                 * @name security.csrfProtection.origin
-                 * @type {boolean}
-                 * @default 'false'
-                 * @version 4.6.0
-                 * @description
-                 *
-                 * When enabled, performs a check that the "origin" header, automatically passed by all modern browsers, matches the URL sent by each `Request`.
-                 *
-                 * The "origin" check is executed only for pages rendered on demand, and only for the requests `POST, `PATCH`, `DELETE` and `PUT` with
-                 * the following `content-type` header: 'application/x-www-form-urlencoded', 'multipart/form-data', 'text/plain'.
-                 *
-                 * If the "origin" header doesn't match the `pathname` of the request, Astro will return a 403 status code and will not render the page.
-                 */
-                origin?: boolean;
-            };
-        };
         /**
          * @docs
          * @name experimental.rewriting
@@ -2848,6 +2793,8 @@ export interface SSRResult {
     createAstro(Astro: AstroGlobalPartial, props: Record<string, any>, slots: Record<string, any> | null): AstroGlobal;
     resolve: (s: string) => Promise<string>;
     response: AstroGlobal['response'];
+    request: AstroGlobal['request'];
+    actionResult?: ReturnType<AstroGlobal['getActionResult']>;
     renderers: SSRLoadedRenderer[];
     /**
      * Map of directive name (e.g. `load`) to the directive script code

package/dist/actions/runtime/middleware.d.ts

@@ -2,6 +2,7 @@ import type { APIContext } from '../../@types/astro.js';
 export type Locals = {
     _actionsInternal: {
         getActionResult: APIContext['getActionResult'];
+        actionResult?: ReturnType<APIContext['getActionResult']>;
     };
 };
 export declare const onRequest: import("../../@types/astro.js").MiddlewareHandler;

package/dist/actions/runtime/middleware.js

@@ -5,45 +5,47 @@ import { formContentTypes, getAction, hasContentType } from "./utils.js";
 import { callSafely } from "./virtual/shared.js";
 const onRequest = defineMiddleware(async (context, next) => {
   const locals = context.locals;
+  if (locals._actionsInternal) return ApiContextStorage.run(context, () => next());
   if (context.request.method === "GET") {
-    return nextWithLocalsStub(next, locals);
+    return nextWithLocalsStub(next, context);
   }
   if (context.request.method === "POST" && context.request.body === null) {
-    return nextWithStaticStub(next, locals);
+    return nextWithStaticStub(next, context);
   }
-  if (locals._actionsInternal) return next();
   const { request, url } = context;
   const contentType = request.headers.get("Content-Type");
-  if (url.pathname.startsWith("/_actions")) return nextWithLocalsStub(next, locals);
+  if (url.pathname.startsWith("/_actions")) return nextWithLocalsStub(next, context);
   if (!contentType || !hasContentType(contentType, formContentTypes)) {
-    return nextWithLocalsStub(next, locals);
+    return nextWithLocalsStub(next, context);
   }
   const formData = await request.clone().formData();
   const actionPath = formData.get("_astroAction");
-  if (typeof actionPath !== "string") return nextWithLocalsStub(next, locals);
-  const actionPathKeys = actionPath.replace("/_actions/", "").split(".");
-  const action = await getAction(actionPathKeys);
-  if (!action) return nextWithLocalsStub(next, locals);
+  if (typeof actionPath !== "string") return nextWithLocalsStub(next, context);
+  const action = await getAction(actionPath);
+  if (!action) return nextWithLocalsStub(next, context);
   const result = await ApiContextStorage.run(context, () => callSafely(() => action(formData)));
   const actionsInternal = {
     getActionResult: (actionFn) => {
       if (actionFn.toString() !== actionPath) return Promise.resolve(void 0);
       return result;
-    }
+    },
+    actionResult: result
   };
   Object.defineProperty(locals, "_actionsInternal", { writable: false, value: actionsInternal });
-  const response = await next();
-  if (result.error) {
-    return new Response(response.body, {
-      status: result.error.status,
-      statusText: result.error.name,
-      headers: response.headers
-    });
-  }
-  return response;
+  return ApiContextStorage.run(context, async () => {
+    const response = await next();
+    if (result.error) {
+      return new Response(response.body, {
+        status: result.error.status,
+        statusText: result.error.name,
+        headers: response.headers
+      });
+    }
+    return response;
+  });
 });
-function nextWithStaticStub(next, locals) {
-  Object.defineProperty(locals, "_actionsInternal", {
+function nextWithStaticStub(next, context) {
+  Object.defineProperty(context.locals, "_actionsInternal", {
     writable: false,
     value: {
       getActionResult: () => {
@@ -55,16 +57,16 @@ function nextWithStaticStub(next, locals) {
       }
     }
   });
-  return next();
+  return ApiContextStorage.run(context, () => next());
 }
-function nextWithLocalsStub(next, locals) {
-  Object.defineProperty(locals, "_actionsInternal", {
+function nextWithLocalsStub(next, context) {
+  Object.defineProperty(context.locals, "_actionsInternal", {
     writable: false,
     value: {
       getActionResult: () => void 0
     }
   });
-  return next();
+  return ApiContextStorage.run(context, () => next());
 }
 export {
   onRequest

package/dist/actions/runtime/route.js

@@ -3,8 +3,7 @@ import { formContentTypes, getAction, hasContentType } from "./utils.js";
 import { callSafely } from "./virtual/shared.js";
 const POST = async (context) => {
   const { request, url } = context;
-  const actionPathKeys = url.pathname.replace("/_actions/", "").split(".");
-  const action = await getAction(actionPathKeys);
+  const action = await getAction(url.pathname);
   if (!action) {
     return new Response(null, { status: 404 });
   }

package/dist/actions/runtime/utils.d.ts

@@ -1,4 +1,9 @@
 export declare const formContentTypes: string[];
 export declare function hasContentType(contentType: string, expected: string[]): boolean;
 export type MaybePromise<T> = T | Promise<T>;
-export declare function getAction(pathKeys: string[]): Promise<((param: unknown) => MaybePromise<unknown>) | undefined>;
+/**
+ * Get server-side action based on the route path.
+ * Imports from `import.meta.env.ACTIONS_PATH`, which maps to
+ * the user's `src/actions/index.ts` file at build-time.
+ */
+export declare function getAction(path: string): Promise<((param: unknown) => MaybePromise<unknown>) | undefined>;

package/dist/actions/runtime/utils.js

@@ -3,7 +3,8 @@ function hasContentType(contentType, expected) {
   const type = contentType.split(";")[0].toLowerCase();
   return expected.some((t) => type === t);
 }
-async function getAction(pathKeys) {
+async function getAction(path) {
+  const pathKeys = path.replace("/_actions/", "").split(".");
   let { server: actionLookup } = await import(import.meta.env.ACTIONS_PATH);
   for (const key of pathKeys) {
     if (!(key in actionLookup)) {

package/dist/actions/runtime/virtual/server.d.ts

@@ -1,12 +1,14 @@
 import { z } from 'zod';
+import { type ActionAPIContext, getApiContext as _getApiContext } from '../store.js';
 import { type MaybePromise } from '../utils.js';
 import { type ErrorInferenceObject, type SafeResult } from './shared.js';
 export * from './shared.js';
 export { z } from 'zod';
-export { getApiContext } from '../store.js';
+/** @deprecated Access context from the second `handler()` parameter. */
+export declare const getApiContext: typeof _getApiContext;
 export type Accept = 'form' | 'json';
 export type InputSchema<T extends Accept> = T extends 'form' ? z.AnyZodObject | z.ZodType<FormData> : z.ZodType;
-type Handler<TInputSchema, TOutput> = TInputSchema extends z.ZodType ? (input: z.infer<TInputSchema>) => MaybePromise<TOutput> : (input?: any) => MaybePromise<TOutput>;
+type Handler<TInputSchema, TOutput> = TInputSchema extends z.ZodType ? (input: z.infer<TInputSchema>, context: ActionAPIContext) => MaybePromise<TOutput> : (input: any, context: ActionAPIContext) => MaybePromise<TOutput>;
 export type ActionClient<TOutput, TAccept extends Accept, TInputSchema extends InputSchema<TAccept> | undefined> = TInputSchema extends z.ZodType ? ((input: TAccept extends 'form' ? FormData : z.input<TInputSchema>) => Promise<Awaited<TOutput>>) & {
     safe: (input: TAccept extends 'form' ? FormData : z.input<TInputSchema>) => Promise<SafeResult<z.input<TInputSchema> extends ErrorInferenceObject ? z.input<TInputSchema> : ErrorInferenceObject, Awaited<TOutput>>>;
 } : ((input?: any) => Promise<Awaited<TOutput>>) & {

package/dist/actions/runtime/virtual/server.js

@@ -1,6 +1,6 @@
 import { z } from "zod";
-import { getApiContext } from "../store.js";
-import { hasContentType } from "../utils.js";
+import { getApiContext as _getApiContext } from "../store.js";
+import {} from "../utils.js";
 import {
   ActionError,
   ActionInputError,
@@ -8,7 +8,7 @@ import {
 } from "./shared.js";
 export * from "./shared.js";
 import { z as z2 } from "zod";
-import { getApiContext as getApiContext2 } from "../store.js";
+const getApiContext = _getApiContext;
 function defineAction({
   accept,
   input: inputSchema,
@@ -30,30 +30,28 @@ function getFormServerHandler(handler, inputSchema) {
         message: "This action only accepts FormData."
       });
     }
-    if (!(inputSchema instanceof z.ZodObject)) return await handler(unparsedInput);
+    if (!(inputSchema instanceof z.ZodObject)) return await handler(unparsedInput, getApiContext());
     const parsed = await inputSchema.safeParseAsync(formDataToObject(unparsedInput, inputSchema));
     if (!parsed.success) {
       throw new ActionInputError(parsed.error.issues);
     }
-    return await handler(parsed.data);
+    return await handler(parsed.data, getApiContext());
   };
 }
 function getJsonServerHandler(handler, inputSchema) {
   return async (unparsedInput) => {
-    const context = getApiContext();
-    const contentType = context.request.headers.get("content-type");
-    if (!contentType || !hasContentType(contentType, ["application/json"])) {
+    if (unparsedInput instanceof FormData) {
       throw new ActionError({
         code: "UNSUPPORTED_MEDIA_TYPE",
         message: "This action only accepts JSON."
       });
     }
-    if (!inputSchema) return await handler(unparsedInput);
+    if (!inputSchema) return await handler(unparsedInput, getApiContext());
     const parsed = await inputSchema.safeParseAsync(unparsedInput);
     if (!parsed.success) {
       throw new ActionInputError(parsed.error.issues);
     }
-    return await handler(parsed.data);
+    return await handler(parsed.data, getApiContext());
   };
 }
 function formDataToObject(formData, schema) {
@@ -93,6 +91,6 @@ function handleFormDataGet(key, formData, validator, baseValidator) {
 export {
   defineAction,
   formDataToObject,
-  getApiContext2 as getApiContext,
+  getApiContext,
   z2 as z
 };

package/dist/actions/utils.d.ts

@@ -1,2 +1,4 @@
 import type { APIContext } from '../@types/astro.js';
+import type { Locals } from './runtime/middleware.js';
+export declare function hasActionsInternal(locals: APIContext['locals']): locals is Locals;
 export declare function createGetActionResult(locals: APIContext['locals']): APIContext['getActionResult'];

package/dist/actions/utils.js

@@ -14,5 +14,6 @@ function createGetActionResult(locals) {
   };
 }
 export {
-  createGetActionResult
+  createGetActionResult,
+  hasActionsInternal
 };

package/dist/container/index.d.ts

@@ -0,0 +1,162 @@
+import type { AstroRenderer, AstroUserConfig, RouteType } from '../@types/astro.js';
+import type { AstroComponentFactory } from '../runtime/server/index.js';
+/**
+ * Options to be passed when rendering a route
+ */
+export type ContainerRenderOptions = {
+    /**
+     * If your component renders slots, that's where you want to fill the slots.
+     * A single slot should have the `default` field:
+     *
+     * ## Examples
+     *
+     * **Default slot**
+     *
+     * ```js
+     * container.renderToString(Component, { slots: { default: "Some value"}});
+     * ```
+     *
+     * **Named slots**
+     *
+     * ```js
+     * container.renderToString(Component, { slots: { "foo": "Some value", "bar": "Lorem Ipsum" }});
+     * ```
+     */
+    slots?: Record<string, any>;
+    /**
+     * The request is used to understand which path/URL the component is about to render.
+     *
+     * Use this option in case your component or middleware needs to read information like `Astro.url` or `Astro.request`.
+     */
+    request?: Request;
+    /**
+     * Useful for dynamic routes. If your component is something like `src/pages/blog/[id]/[...slug]`, you'll want to provide:
+     * ```js
+     * container.renderToString(Component, { params: ["id", "...slug"] });
+     * ```
+     */
+    params?: Record<string, string | undefined>;
+    /**
+     * Useful if your component needs to access some locals without the use a middleware.
+     * ```js
+     * container.renderToString(Component, { locals: { getSomeValue() {} } });
+     * ```
+     */
+    locals?: App.Locals;
+    /**
+     * Useful in case you're attempting to render an endpoint:
+     * ```js
+     * container.renderToString(Endpoint, { routeType: "endpoint" });
+     * ```
+     */
+    routeType?: RouteType;
+};
+export type AstroContainerUserConfig = Omit<AstroUserConfig, 'integrations' | 'adapter'>;
+/**
+ * Options that are used for the entire lifecycle of the current instance of the container.
+ */
+export type AstroContainerOptions = {
+    /**
+     * @default false
+     *
+     * @description
+     *
+     * Enables streaming during rendering
+     *
+     * ## Example
+     *
+     * ```js
+     * const container = await AstroContainer.create({
+     * 	streaming: true
+     * });
+     * ```
+     */
+    streaming?: boolean;
+    /**
+     * @default []
+     * @description
+     *
+     * List or renderers to use when rendering components. Usually they are entry points
+     *
+     * ## Example
+     *
+     * ```js
+     * const container = await AstroContainer.create({
+     * 	renderers: [{
+     * 	  name: "@astrojs/react"
+     * 	  client: "@astrojs/react/client.js"
+     * 	  server: "@astrojs/react/server.js"
+     * 	}]
+     * });
+     * ```
+     */
+    renderers?: AstroRenderer[];
+    /**
+     * @default {}
+     * @description
+     *
+     * A subset of the astro configuration object.
+     *
+     * ## Example
+     *
+     * ```js
+     * const container = await AstroContainer.create({
+     * 	astroConfig: {
+     * 		trailingSlash: "never"
+     * 	}
+     * });
+     * ```
+     */
+    astroConfig?: AstroContainerUserConfig;
+};
+export declare class experimental_AstroContainer {
+    #private;
+    private constructor();
+    /**
+     * Creates a new instance of a container.
+     *
+     * @param {AstroContainerOptions=} containerOptions
+     */
+    static create(containerOptions?: AstroContainerOptions): Promise<experimental_AstroContainer>;
+    private static createFromManifest;
+    /**
+     * @description
+     * It renders a component and returns the result as a string.
+     *
+     * ## Example
+     *
+     * ```js
+     * import Card from "../src/components/Card.astro";
+     *
+     * const container = await AstroContainer.create();
+     * const result = await container.renderToString(Card);
+     *
+     * console.log(result); // it's a string
+     * ```
+     *
+     *
+     * @param {AstroComponentFactory} component The instance of the component.
+     * @param {ContainerRenderOptions=} options Possible options to pass when rendering the component.
+     */
+    renderToString(component: AstroComponentFactory, options?: ContainerRenderOptions): Promise<string>;
+    /**
+     * @description
+     * It renders a component and returns the `Response` as result of the rendering phase.
+     *
+     * ## Example
+     *
+     * ```js
+     * import Card from "../src/components/Card.astro";
+     *
+     * const container = await AstroContainer.create();
+     * const response = await container.renderToResponse(Card);
+     *
+     * console.log(response.status); // it's a number
+     * ```
+     *
+     *
+     * @param {AstroComponentFactory} component The instance of the component.
+     * @param {ContainerRenderOptions=} options Possible options to pass when rendering the component.
+     */
+    renderToResponse(component: AstroComponentFactory, options?: ContainerRenderOptions): Promise<Response>;
+}