houdini-react 1.2.10 → 1.2.11

package/build/plugin-esm/index.js

@@ -16360,234 +16360,6 @@ var require_main4 = __commonJS({
   }
 });
 
-// ../../node_modules/.pnpm/cookie@0.4.1/node_modules/cookie/index.js
-var require_cookie = __commonJS({
-  "../../node_modules/.pnpm/cookie@0.4.1/node_modules/cookie/index.js"(exports) {
-    "use strict";
-    exports.parse = parse3;
-    exports.serialize = serialize;
-    var decode = decodeURIComponent;
-    var encode = encodeURIComponent;
-    var pairSplitRegExp = /; */;
-    var fieldContentRegExp = /^[\u0009\u0020-\u007e\u0080-\u00ff]+$/;
-    function parse3(str, options) {
-      if (typeof str !== "string") {
-        throw new TypeError("argument str must be a string");
-      }
-      var obj = {};
-      var opt = options || {};
-      var pairs = str.split(pairSplitRegExp);
-      var dec = opt.decode || decode;
-      for (var i2 = 0; i2 < pairs.length; i2++) {
-        var pair = pairs[i2];
-        var eq_idx = pair.indexOf("=");
-        if (eq_idx < 0) {
-          continue;
-        }
-        var key = pair.substr(0, eq_idx).trim();
-        var val = pair.substr(++eq_idx, pair.length).trim();
-        if ('"' == val[0]) {
-          val = val.slice(1, -1);
-        }
-        if (void 0 == obj[key]) {
-          obj[key] = tryDecode(val, dec);
-        }
-      }
-      return obj;
-    }
-    function serialize(name, val, options) {
-      var opt = options || {};
-      var enc = opt.encode || encode;
-      if (typeof enc !== "function") {
-        throw new TypeError("option encode is invalid");
-      }
-      if (!fieldContentRegExp.test(name)) {
-        throw new TypeError("argument name is invalid");
-      }
-      var value = enc(val);
-      if (value && !fieldContentRegExp.test(value)) {
-        throw new TypeError("argument val is invalid");
-      }
-      var str = name + "=" + value;
-      if (null != opt.maxAge) {
-        var maxAge = opt.maxAge - 0;
-        if (isNaN(maxAge) || !isFinite(maxAge)) {
-          throw new TypeError("option maxAge is invalid");
-        }
-        str += "; Max-Age=" + Math.floor(maxAge);
-      }
-      if (opt.domain) {
-        if (!fieldContentRegExp.test(opt.domain)) {
-          throw new TypeError("option domain is invalid");
-        }
-        str += "; Domain=" + opt.domain;
-      }
-      if (opt.path) {
-        if (!fieldContentRegExp.test(opt.path)) {
-          throw new TypeError("option path is invalid");
-        }
-        str += "; Path=" + opt.path;
-      }
-      if (opt.expires) {
-        if (typeof opt.expires.toUTCString !== "function") {
-          throw new TypeError("option expires is invalid");
-        }
-        str += "; Expires=" + opt.expires.toUTCString();
-      }
-      if (opt.httpOnly) {
-        str += "; HttpOnly";
-      }
-      if (opt.secure) {
-        str += "; Secure";
-      }
-      if (opt.sameSite) {
-        var sameSite = typeof opt.sameSite === "string" ? opt.sameSite.toLowerCase() : opt.sameSite;
-        switch (sameSite) {
-          case true:
-            str += "; SameSite=Strict";
-            break;
-          case "lax":
-            str += "; SameSite=Lax";
-            break;
-          case "strict":
-            str += "; SameSite=Strict";
-            break;
-          case "none":
-            str += "; SameSite=None";
-            break;
-          default:
-            throw new TypeError("option sameSite is invalid");
-        }
-      }
-      return str;
-    }
-    function tryDecode(str, decode2) {
-      try {
-        return decode2(str);
-      } catch (e2) {
-        return str;
-      }
-    }
-  }
-});
-
-// ../../node_modules/.pnpm/cookie-signature@1.0.6/node_modules/cookie-signature/index.js
-var require_cookie_signature = __commonJS({
-  "../../node_modules/.pnpm/cookie-signature@1.0.6/node_modules/cookie-signature/index.js"(exports) {
-    var crypto = __require("crypto");
-    exports.sign = function(val, secret) {
-      if ("string" != typeof val)
-        throw new TypeError("Cookie value must be provided as a string.");
-      if ("string" != typeof secret)
-        throw new TypeError("Secret string must be provided.");
-      return val + "." + crypto.createHmac("sha256", secret).update(val).digest("base64").replace(/\=+$/, "");
-    };
-    exports.unsign = function(val, secret) {
-      if ("string" != typeof val)
-        throw new TypeError("Signed cookie string must be provided.");
-      if ("string" != typeof secret)
-        throw new TypeError("Secret string must be provided.");
-      var str = val.slice(0, val.lastIndexOf(".")), mac = exports.sign(str, secret);
-      return sha1(mac) == sha1(val) ? str : false;
-    };
-    function sha1(str) {
-      return crypto.createHash("sha1").update(str).digest("hex");
-    }
-  }
-});
-
-// ../../node_modules/.pnpm/cookie-parser@1.4.6/node_modules/cookie-parser/index.js
-var require_cookie_parser = __commonJS({
-  "../../node_modules/.pnpm/cookie-parser@1.4.6/node_modules/cookie-parser/index.js"(exports, module) {
-    "use strict";
-    var cookie = require_cookie();
-    var signature = require_cookie_signature();
-    module.exports = cookieParser2;
-    module.exports.JSONCookie = JSONCookie;
-    module.exports.JSONCookies = JSONCookies;
-    module.exports.signedCookie = signedCookie;
-    module.exports.signedCookies = signedCookies;
-    function cookieParser2(secret, options) {
-      var secrets = !secret || Array.isArray(secret) ? secret || [] : [secret];
-      return function cookieParser3(req, res, next) {
-        if (req.cookies) {
-          return next();
-        }
-        var cookies = req.headers.cookie;
-        req.secret = secrets[0];
-        req.cookies = /* @__PURE__ */ Object.create(null);
-        req.signedCookies = /* @__PURE__ */ Object.create(null);
-        if (!cookies) {
-          return next();
-        }
-        req.cookies = cookie.parse(cookies, options);
-        if (secrets.length !== 0) {
-          req.signedCookies = signedCookies(req.cookies, secrets);
-          req.signedCookies = JSONCookies(req.signedCookies);
-        }
-        req.cookies = JSONCookies(req.cookies);
-        next();
-      };
-    }
-    function JSONCookie(str) {
-      if (typeof str !== "string" || str.substr(0, 2) !== "j:") {
-        return void 0;
-      }
-      try {
-        return JSON.parse(str.slice(2));
-      } catch (err) {
-        return void 0;
-      }
-    }
-    function JSONCookies(obj) {
-      var cookies = Object.keys(obj);
-      var key;
-      var val;
-      for (var i2 = 0; i2 < cookies.length; i2++) {
-        key = cookies[i2];
-        val = JSONCookie(obj[key]);
-        if (val) {
-          obj[key] = val;
-        }
-      }
-      return obj;
-    }
-    function signedCookie(str, secret) {
-      if (typeof str !== "string") {
-        return void 0;
-      }
-      if (str.substr(0, 2) !== "s:") {
-        return str;
-      }
-      var secrets = !secret || Array.isArray(secret) ? secret || [] : [secret];
-      for (var i2 = 0; i2 < secrets.length; i2++) {
-        var val = signature.unsign(str.slice(2), secrets[i2]);
-        if (val !== false) {
-          return val;
-        }
-      }
-      return false;
-    }
-    function signedCookies(obj, secret) {
-      var cookies = Object.keys(obj);
-      var dec;
-      var key;
-      var ret = /* @__PURE__ */ Object.create(null);
-      var val;
-      for (var i2 = 0; i2 < cookies.length; i2++) {
-        key = cookies[i2];
-        val = obj[key];
-        dec = signedCookie(val, secret);
-        if (val !== dec) {
-          ret[key] = dec;
-          delete obj[key];
-        }
-      }
-      return ret;
-    }
-  }
-});
-
 // ../houdini/build/lib-esm/index.js
 import { createRequire as conflict_free } from "module";
 import { statSync, createReadStream, promises as fs2 } from "node:fs";
@@ -18044,7 +17816,7 @@ var require_parser = __commonJS2({
     Object.defineProperty(exports, "__esModule", {
       value: true
     });
-    exports.parse = parse5;
+    exports.parse = parse6;
     exports.parseValue = parseValue;
     exports.parseType = parseType;
     exports.Parser = void 0;
@@ -18055,7 +17827,7 @@ var require_parser = __commonJS2({
     var _source = require_source();
     var _directiveLocation = require_directiveLocation();
     var _lexer = require_lexer();
-    function parse5(source, options) {
+    function parse6(source, options) {
       var parser = new Parser(source, options);
       return parser.parseDocument();
     }
@@ -49117,14 +48889,14 @@ var require_lib3 = __commonJS2({
         super.checkParams(node, false, true);
         this.scope.exit();
       }
-      forwardNoArrowParamsConversionAt(node, parse6) {
+      forwardNoArrowParamsConversionAt(node, parse7) {
         let result;
         if (this.state.noArrowParamsConversionAt.indexOf(node.start) !== -1) {
           this.state.noArrowParamsConversionAt.push(this.state.start);
-          result = parse6();
+          result = parse7();
           this.state.noArrowParamsConversionAt.pop();
         } else {
-          result = parse6();
+          result = parse7();
         }
         return result;
       }
@@ -58179,7 +57951,7 @@ var require_lib3 = __commonJS2({
       }
       return pluginMap;
     }
-    function parse5(input, options) {
+    function parse6(input, options) {
       var _options;
       if (((_options = options) == null ? void 0 : _options.sourceType) === "unambiguous") {
         options = Object.assign({}, options);
@@ -58249,7 +58021,7 @@ var require_lib3 = __commonJS2({
       }
       return cls;
     }
-    exports.parse = parse5;
+    exports.parse = parse6;
     exports.parseExpression = parseExpression;
     exports.tokTypes = tokTypes;
   }
@@ -64105,7 +63877,7 @@ var require_esprima2 = __commonJS2({
           var jsx_parser_1 = __webpack_require__(3);
           var parser_1 = __webpack_require__(8);
           var tokenizer_1 = __webpack_require__(15);
-          function parse5(code, options, delegate) {
+          function parse6(code, options, delegate) {
             var commentHandler = null;
             var proxyDelegate = function(node, metadata) {
               if (delegate) {
@@ -64150,17 +63922,17 @@ var require_esprima2 = __commonJS2({
             }
             return ast;
           }
-          exports2.parse = parse5;
+          exports2.parse = parse6;
           function parseModule(code, options, delegate) {
             var parsingOptions = options || {};
             parsingOptions.sourceType = "module";
-            return parse5(code, parsingOptions, delegate);
+            return parse6(code, parsingOptions, delegate);
           }
           exports2.parseModule = parseModule;
           function parseScript(code, options, delegate) {
             var parsingOptions = options || {};
             parsingOptions.sourceType = "script";
-            return parse5(code, parsingOptions, delegate);
+            return parse6(code, parsingOptions, delegate);
           }
           exports2.parseScript = parseScript;
           function tokenize(code, options, delegate) {
@@ -70222,7 +69994,7 @@ var require_esprima3 = __commonJS2({
     Object.defineProperty(exports, "__esModule", { value: true });
     exports.parse = void 0;
     var util_1 = require_util2();
-    function parse5(source, options) {
+    function parse6(source, options) {
       var comments = [];
       var ast = require_esprima2().parse(source, {
         loc: true,
@@ -70240,7 +70012,7 @@ var require_esprima3 = __commonJS2({
       }
       return ast;
     }
-    exports.parse = parse5;
+    exports.parse = parse6;
   }
 });
 var require_options = __commonJS2({
@@ -71352,7 +71124,7 @@ var require_parser2 = __commonJS2({
     var lines_1 = require_lines();
     var comments_1 = require_comments();
     var util = tslib_1.__importStar(require_util2());
-    function parse5(source, options) {
+    function parse6(source, options) {
       options = (0, options_1.normalize)(options);
       var lines = (0, lines_1.fromString)(source, options);
       var sourceWithoutTabs = lines.toString({
@@ -71424,7 +71196,7 @@ var require_parser2 = __commonJS2({
       (0, comments_1.attach)(comments, program.body.length ? file.program : file, lines);
       return new TreeCopier(lines, tokens).copy(file);
     }
-    exports.parse = parse5;
+    exports.parse = parse6;
     var TreeCopier = function TreeCopier2(lines, tokens) {
       assert_1.default.ok(this instanceof TreeCopier2);
       this.lines = lines;
@@ -93459,6 +93231,245 @@ async function extractQueries(source) {
   }
   return props.filter((p) => p !== "children");
 }
+function parse5(str, options) {
+  if (typeof str !== "string") {
+    throw new TypeError("argument str must be a string");
+  }
+  let obj = {};
+  let opt = options || {};
+  let dec = opt.decode || decode;
+  let index = 0;
+  while (index < str.length) {
+    let eqIdx = str.indexOf("=", index);
+    if (eqIdx === -1) {
+      break;
+    }
+    let endIdx = str.indexOf(";", index);
+    if (endIdx === -1) {
+      endIdx = str.length;
+    } else if (endIdx < eqIdx) {
+      index = str.lastIndexOf(";", eqIdx - 1) + 1;
+      continue;
+    }
+    let key = str.slice(index, eqIdx).trim();
+    if (void 0 === obj[key]) {
+      let val = str.slice(eqIdx + 1, endIdx).trim();
+      if (val.charCodeAt(0) === 34) {
+        val = val.slice(1, -1);
+      }
+      obj[key] = tryDecode(val, dec);
+    }
+    index = endIdx + 1;
+  }
+  return obj;
+}
+function decode(str) {
+  return str.indexOf("%") !== -1 ? decodeURIComponent(str) : str;
+}
+function tryDecode(str, decode3) {
+  try {
+    return decode3(str);
+  } catch (e2) {
+    return str;
+  }
+}
+function base64UrlParse(s2) {
+  return new Uint8Array(
+    Array.prototype.map.call(
+      atob(s2.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "")),
+      (c) => c.charCodeAt(0)
+    )
+  );
+}
+function base64UrlStringify(a) {
+  return btoa(String.fromCharCode.apply(0, a)).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
+}
+var algorithms = {
+  ES256: { name: "ECDSA", namedCurve: "P-256", hash: { name: "SHA-256" } },
+  ES384: { name: "ECDSA", namedCurve: "P-384", hash: { name: "SHA-384" } },
+  ES512: { name: "ECDSA", namedCurve: "P-521", hash: { name: "SHA-512" } },
+  HS256: { name: "HMAC", hash: { name: "SHA-256" } },
+  HS384: { name: "HMAC", hash: { name: "SHA-384" } },
+  HS512: { name: "HMAC", hash: { name: "SHA-512" } },
+  RS256: { name: "RSASSA-PKCS1-v1_5", hash: { name: "SHA-256" } },
+  RS384: { name: "RSASSA-PKCS1-v1_5", hash: { name: "SHA-384" } },
+  RS512: { name: "RSASSA-PKCS1-v1_5", hash: { name: "SHA-512" } }
+};
+function _utf8ToUint8Array(str) {
+  return base64UrlParse(btoa(unescape(encodeURIComponent(str))));
+}
+function _str2ab(str) {
+  str = atob(str);
+  const buf = new ArrayBuffer(str.length);
+  const bufView = new Uint8Array(buf);
+  for (let i2 = 0, strLen = str.length; i2 < strLen; i2++) {
+    bufView[i2] = str.charCodeAt(i2);
+  }
+  return buf;
+}
+function _decodePayload(raw) {
+  switch (raw.length % 4) {
+    case 0:
+      break;
+    case 2:
+      raw += "==";
+      break;
+    case 3:
+      raw += "=";
+      break;
+    default:
+      throw new Error("Illegal base64url string!");
+  }
+  try {
+    return JSON.parse(decodeURIComponent(escape(atob(raw))));
+  } catch {
+    return null;
+  }
+}
+async function encode(payload, secret, options = { algorithm: "HS256", header: { typ: "JWT" } }) {
+  if (typeof options === "string")
+    options = { algorithm: options, header: { typ: "JWT" } };
+  options = { algorithm: "HS256", header: { typ: "JWT" }, ...options };
+  if (payload === null || typeof payload !== "object")
+    throw new Error("payload must be an object");
+  if (typeof secret !== "string" && typeof secret !== "object")
+    throw new Error("secret must be a string or a JWK object");
+  if (typeof options.algorithm !== "string")
+    throw new Error("options.algorithm must be a string");
+  const algorithm = algorithms[options.algorithm];
+  if (!algorithm)
+    throw new Error("algorithm not found");
+  if (!payload.iat)
+    payload.iat = Math.floor(Date.now() / 1e3);
+  const payloadAsJSON = JSON.stringify(payload);
+  const partialToken = `${base64UrlStringify(
+    _utf8ToUint8Array(JSON.stringify({ ...options.header, alg: options.algorithm }))
+  )}.${base64UrlStringify(_utf8ToUint8Array(payloadAsJSON))}`;
+  let keyFormat = "raw";
+  let keyData;
+  if (typeof secret === "object") {
+    keyFormat = "jwk";
+    keyData = secret;
+  } else if (typeof secret === "string" && secret.startsWith("-----BEGIN")) {
+    keyFormat = "pkcs8";
+    keyData = _str2ab(
+      secret.replace(/-----BEGIN.*?-----/g, "").replace(/-----END.*?-----/g, "").replace(/\s/g, "")
+    );
+  } else
+    keyData = _utf8ToUint8Array(secret);
+  const key = await crypto.subtle.importKey(keyFormat, keyData, algorithm, false, ["sign"]);
+  const signature = await crypto.subtle.sign(algorithm, key, _utf8ToUint8Array(partialToken));
+  return `${partialToken}.${base64UrlStringify(new Uint8Array(signature))}`;
+}
+async function verify(token, secret, options = { algorithm: "HS256", throwError: false }) {
+  if (typeof options === "string")
+    options = { algorithm: options, throwError: false };
+  options = { algorithm: "HS256", throwError: false, ...options };
+  if (typeof token !== "string")
+    throw new Error("token must be a string");
+  if (typeof secret !== "string" && typeof secret !== "object")
+    throw new Error("secret must be a string or a JWK object");
+  if (typeof options.algorithm !== "string")
+    throw new Error("options.algorithm must be a string");
+  const tokenParts = token.split(".");
+  if (tokenParts.length !== 3)
+    throw new Error("token must consist of 3 parts");
+  const algorithm = algorithms[options.algorithm];
+  if (!algorithm)
+    throw new Error("algorithm not found");
+  const { payload } = decode2(token);
+  if (!payload) {
+    if (options.throwError)
+      throw "PARSE_ERROR";
+    return false;
+  }
+  if (payload.nbf && payload.nbf > Math.floor(Date.now() / 1e3)) {
+    if (options.throwError)
+      throw "NOT_YET_VALID";
+    return false;
+  }
+  if (payload.exp && payload.exp <= Math.floor(Date.now() / 1e3)) {
+    if (options.throwError)
+      throw "EXPIRED";
+    return false;
+  }
+  let keyFormat = "raw";
+  let keyData;
+  if (typeof secret === "object") {
+    keyFormat = "jwk";
+    keyData = secret;
+  } else if (typeof secret === "string" && secret.startsWith("-----BEGIN")) {
+    keyFormat = "spki";
+    keyData = _str2ab(
+      secret.replace(/-----BEGIN.*?-----/g, "").replace(/-----END.*?-----/g, "").replace(/\s/g, "")
+    );
+  } else
+    keyData = _utf8ToUint8Array(secret);
+  const key = await crypto.subtle.importKey(keyFormat, keyData, algorithm, false, ["verify"]);
+  return await crypto.subtle.verify(
+    algorithm,
+    key,
+    base64UrlParse(tokenParts[2]),
+    _utf8ToUint8Array(`${tokenParts[0]}.${tokenParts[1]}`)
+  );
+}
+function decode2(token) {
+  return {
+    header: _decodePayload(
+      token.split(".")[0].replace(/-/g, "+").replace(/_/g, "/")
+    ),
+    payload: _decodePayload(
+      token.split(".")[1].replace(/-/g, "+").replace(/_/g, "/")
+    )
+  };
+}
+async function handle_request(args) {
+  const plugin_config2 = args.config.plugins?.["houdini-react"];
+  if (plugin_config2.auth && "redirect" in plugin_config2.auth && args.url.startsWith(plugin_config2.auth.redirect)) {
+    return await redirect_auth(args);
+  }
+  args.next();
+}
+async function redirect_auth(args) {
+  const { searchParams } = new URL(args.url, `http://${args.get_header("host")}`);
+  const { redirectTo, ...session } = Object.fromEntries(searchParams.entries());
+  await set_session(args, session);
+  if (redirectTo) {
+    return args.redirect(302, redirectTo);
+  }
+  args.next();
+}
+var session_cookie_name = "__houdini__";
+async function set_session(req, value) {
+  const today = new Date();
+  const expires = new Date(today.getTime() + 7 * 24 * 60 * 60 * 1e3);
+  const serialized = await encode(value, req.session_keys[0]);
+  req.set_header(
+    "Set-Cookie",
+    `${session_cookie_name}=${serialized}; Path=/; HttpOnly; Secure; SameSite=Lax; Expires=${expires.toUTCString()} `
+  );
+}
+async function get_session(req, secrets) {
+  const cookies = req.get("cookie");
+  if (!cookies) {
+    return {};
+  }
+  const cookie = parse5(cookies)[session_cookie_name];
+  if (!cookie) {
+    return {};
+  }
+  for (const secret of secrets) {
+    if (!await verify(cookie, secret)) {
+      continue;
+    }
+    const parsed = decode2(cookie);
+    if (!parsed) {
+      return {};
+    }
+    return parsed.payload;
+  }
+  return {};
+}
 
 // src/plugin/index.ts
 import path3 from "node:path";
@@ -93907,12 +93918,12 @@ function parse_page_pattern(id) {
       const result = parts.map((content, i2) => {
         if (i2 % 2) {
           if (content.startsWith("x+")) {
-            return escape(
+            return escape2(
               String.fromCharCode(parseInt(content.slice(2), 16))
             );
           }
           if (content.startsWith("u+")) {
-            return escape(
+            return escape2(
               String.fromCharCode(
                 ...content.slice(2).split("-").map((code) => parseInt(code, 16))
               )
@@ -93934,7 +93945,7 @@ function parse_page_pattern(id) {
           });
           return is_rest ? "(.*?)" : is_optional ? "([^/]*)?" : "([^/]+?)";
         }
-        return escape(content);
+        return escape2(content);
       }).join("");
       return "/" + result;
     }).join("")}/?$`
@@ -93969,7 +93980,7 @@ function exec(match, params) {
     return;
   return result;
 }
-function escape(str) {
+function escape2(str) {
   return str.normalize().replace(/[[\]]/g, "\\$&").replace(/%/g, "%25").replace(/\//g, "%2[Ff]").replace(/\?/g, "%3[Ff]").replace(/#/g, "%23").replace(/[.*+?^${}()|\\]/g, "\\$&");
 }
 
@@ -95551,7 +95562,7 @@ var require_parser4 = __commonJS3({
     Object.defineProperty(exports, "__esModule", {
       value: true
     });
-    exports.parse = parse5;
+    exports.parse = parse6;
     exports.parseValue = parseValue;
     exports.parseType = parseType;
     exports.Parser = void 0;
@@ -95562,7 +95573,7 @@ var require_parser4 = __commonJS3({
     var _source = require_source2();
     var _directiveLocation = require_directiveLocation2();
     var _lexer = require_lexer2();
-    function parse5(source, options) {
+    function parse6(source, options) {
       var parser = new Parser(source, options);
       return parser.parseDocument();
     }
@@ -122263,14 +122274,14 @@ var require_lib32 = __commonJS3({
         super.checkParams(node, false, true);
         this.scope.exit();
       }
-      forwardNoArrowParamsConversionAt(node, parse6) {
+      forwardNoArrowParamsConversionAt(node, parse7) {
         let result;
         if (this.state.noArrowParamsConversionAt.indexOf(node.start) !== -1) {
           this.state.noArrowParamsConversionAt.push(this.state.start);
-          result = parse6();
+          result = parse7();
           this.state.noArrowParamsConversionAt.pop();
         } else {
-          result = parse6();
+          result = parse7();
         }
         return result;
       }
@@ -131325,7 +131336,7 @@ var require_lib32 = __commonJS3({
       }
       return pluginMap;
     }
-    function parse5(input, options) {
+    function parse6(input, options) {
       var _options;
       if (((_options = options) == null ? void 0 : _options.sourceType) === "unambiguous") {
         options = Object.assign({}, options);
@@ -131395,7 +131406,7 @@ var require_lib32 = __commonJS3({
       }
       return cls;
     }
-    exports.parse = parse5;
+    exports.parse = parse6;
     exports.parseExpression = parseExpression;
     exports.tokTypes = tokTypes;
   }
@@ -137251,7 +137262,7 @@ var require_esprima22 = __commonJS3({
           var jsx_parser_1 = __webpack_require__(3);
           var parser_1 = __webpack_require__(8);
           var tokenizer_1 = __webpack_require__(15);
-          function parse5(code, options, delegate) {
+          function parse6(code, options, delegate) {
             var commentHandler = null;
             var proxyDelegate = function(node, metadata) {
               if (delegate) {
@@ -137296,17 +137307,17 @@ var require_esprima22 = __commonJS3({
             }
             return ast;
           }
-          exports2.parse = parse5;
+          exports2.parse = parse6;
           function parseModule(code, options, delegate) {
             var parsingOptions = options || {};
             parsingOptions.sourceType = "module";
-            return parse5(code, parsingOptions, delegate);
+            return parse6(code, parsingOptions, delegate);
           }
           exports2.parseModule = parseModule;
           function parseScript(code, options, delegate) {
             var parsingOptions = options || {};
             parsingOptions.sourceType = "script";
-            return parse5(code, parsingOptions, delegate);
+            return parse6(code, parsingOptions, delegate);
           }
           exports2.parseScript = parseScript;
           function tokenize(code, options, delegate) {
@@ -143368,7 +143379,7 @@ var require_esprima32 = __commonJS3({
     Object.defineProperty(exports, "__esModule", { value: true });
     exports.parse = void 0;
     var util_1 = require_util22();
-    function parse5(source, options) {
+    function parse6(source, options) {
       var comments = [];
       var ast = require_esprima22().parse(source, {
         loc: true,
@@ -143386,7 +143397,7 @@ var require_esprima32 = __commonJS3({
       }
       return ast;
     }
-    exports.parse = parse5;
+    exports.parse = parse6;
   }
 });
 var require_options3 = __commonJS3({
@@ -144498,7 +144509,7 @@ var require_parser22 = __commonJS3({
     var lines_1 = require_lines3();
     var comments_1 = require_comments3();
     var util = tslib_1.__importStar(require_util22());
-    function parse5(source, options) {
+    function parse6(source, options) {
       options = (0, options_1.normalize)(options);
       var lines = (0, lines_1.fromString)(source, options);
       var sourceWithoutTabs = lines.toString({
@@ -144570,7 +144581,7 @@ var require_parser22 = __commonJS3({
       (0, comments_1.attach)(comments, program.body.length ? file.program : file, lines);
       return new TreeCopier(lines, tokens).copy(file);
     }
-    exports.parse = parse5;
+    exports.parse = parse6;
     var TreeCopier = function TreeCopier2(lines, tokens) {
       assert_1.default.ok(this instanceof TreeCopier2);
       this.lines = lines;
@@ -165247,88 +165258,6 @@ function plugin_config(config) {
   return config.pluginConfig("houdini-react");
 }
 
-// src/runtime/server/session.ts
-var import_cookie_parser = __toESM(require_cookie_parser());
-var session_cookie_name = "__houdini__";
-function set_session(res, value) {
-  const today = new Date();
-  const expires = new Date(today.getTime() + 7 * 24 * 60 * 60 * 1e3);
-  const serialized = JSON.stringify(value);
-  res.set_header(
-    "Set-Cookie",
-    `${session_cookie_name}=${serialized}; Path=/; HttpOnly; Secure; SameSite=Lax; Expires=${expires.toUTCString()} `
-  );
-}
-function get_session(req, secrets) {
-  const cookie = req.get("cookie");
-  if (!cookie) {
-    return {};
-  }
-  const parsed = import_cookie_parser.default.signedCookie(cookie, secrets);
-  if (!parsed) {
-    return {};
-  }
-  const houdini_session_cookie = parsed.split(";").map((s2) => s2.trim().split("=")).filter((s2) => s2[0] === session_cookie_name);
-  if (houdini_session_cookie.length === 1) {
-    return JSON.parse(houdini_session_cookie[0][1]);
-  }
-  return {};
-}
-
-// src/runtime/server/index.ts
-function configure_server({ server, config }) {
-  server.use(server_handler({ config }));
-}
-function server_handler({ config }) {
-  const plugin_config2 = plugin_config(config);
-  return (req, res, next) => {
-    if (!req.url) {
-      next();
-      return;
-    }
-    if (plugin_config2.auth && "redirect" in plugin_config2.auth && req.url.startsWith(plugin_config2.auth.redirect)) {
-      return redirect_auth(req, res, next);
-    }
-    next();
-  };
-}
-var redirect_auth = (req, res, next) => {
-  const { searchParams } = new URL(req.url, `http://${req.headers.get("host")}`);
-  const { redirectTo, ...session } = Object.fromEntries(searchParams.entries());
-  set_session(res, session);
-  if (redirectTo) {
-    return res.redirect(redirectTo);
-  }
-  next();
-};
-
-// src/runtime/server/compat.ts
-function dev_server({ server, config }) {
-  return {
-    use(fn) {
-      server.use((req, res, next) => {
-        fn(
-          {
-            url: req.url,
-            headers: new Headers(req.headers)
-          },
-          {
-            ...res,
-            redirect(url, status = 307) {
-              res.statusCode = status;
-              res.setHeader("location", url);
-              res.setHeader("content-length", "0");
-              return res.end();
-            },
-            set_header: res.setHeader.bind(res)
-          },
-          next
-        );
-      });
-    }
-  };
-}
-
 // src/plugin/vite.tsx
 var manifest;
 var vite_default = {
@@ -165448,17 +165377,32 @@ if (window.__houdini__nav_caches__ && window.__houdini__nav_caches__.artifact_ca
     }
   },
   configureServer(server) {
-    const houdini_server = dev_server({
-      server: server.middlewares,
-      config: server.houdiniConfig
-    });
-    configure_server({
-      server: houdini_server,
-      config: server.houdiniConfig
-    });
+    server.middlewares.use(houdini_server(server));
     server.middlewares.use(render_stream(server));
   }
 };
+var houdini_server = (server) => {
+  return async (req, res, next) => {
+    if (!req.url) {
+      return next();
+    }
+    handle_request({
+      config: server.houdiniConfig.configFile,
+      session_keys: plugin_config(server.houdiniConfig).auth?.sessionKeys ?? [],
+      next,
+      url: req.url,
+      ...res,
+      redirect(status = 307, url) {
+        res.statusCode = status;
+        res.setHeader("location", url);
+        res.setHeader("content-length", "0");
+        return res.end();
+      },
+      get_header: res.getHeader.bind(res),
+      set_header: res.setHeader.bind(res)
+    });
+  };
+};
 var render_stream = (server) => async (request, response, next) => {
   if (!request.url) {
     return next();
@@ -165707,12 +165651,6 @@ export {
  * Copyright(c) 2015 Douglas Christopher Wilson
  * MIT Licensed
  */
-/*!
- * cookie-parser
- * Copyright(c) 2014 TJ Holowaychuk
- * Copyright(c) 2015 Douglas Christopher Wilson
- * MIT Licensed
- */
 /*! fetch-blob. MIT License. Jimmy Wärting <https://jimmy.warting.se/opensource> */
 /*! formdata-polyfill. MIT License. Jimmy Wärting <https://jimmy.warting.se/opensource> */
 /*! node-domexception. MIT License. Jimmy Wärting <https://jimmy.warting.se/opensource> */