jamdesk 1.1.76 → 1.1.77

package/vendored/lib/middleware-helpers.ts

@@ -58,8 +58,23 @@ export interface ProjectResolutionResult {
    * (i.e., a user's own domain pointing at our CNAME), vs via the
    * subdomain branch (slug.jamdesk.app). Used by the branded inactive
    * page to show owner-sign-in hints only to real customers.
+   *
+   * Renamed from `customDomain` to disambiguate from the new
+   * `customDomain?: string` mirror below (which carries the public
+   * canonical hostname read from `projectCfg`). The two fields answer
+   * different questions:
+   *   - `viaCustomDomain` = "did this request hit the domain: Redis key?"
+   *   - `customDomain`    = "what is the project's registered public face?"
    */
-  customDomain?: boolean;
+  viaCustomDomain?: boolean;
+  /**
+   * Public canonical hostname for this slug, mirrored from `projectCfg`.
+   * Set only when the project owner has registered + activated a custom
+   * domain. Used by the proxy to override the canonical URL when serving
+   * a hostAtDocs project directly via *.jamdesk.app (avoiding duplicate-
+   * URL indexing — the upstream subdomain is not the public face).
+   */
+  customDomain?: string;
 }
 
 /**
@@ -124,7 +139,11 @@ export async function handleProjectResolution(
       slug,
     });
     const config = await getProjectConfig(slug);
-    return { projectSlug: slug, hostAtDocs: config.hostAtDocs };
+    return {
+      projectSlug: slug,
+      hostAtDocs: config.hostAtDocs,
+      customDomain: config.customDomain,
+    };
   }
 
   log('info', 'Resolving project from hostname', { hostname });
@@ -166,8 +185,18 @@ export async function handleProjectResolution(
         getProjectConfig(projectSlug),
         getProjectInactive(projectSlug),
       ]);
-      log('info', 'Project resolved from subdomain', { hostname, projectSlug, inactive });
-      return { projectSlug, hostAtDocs: config.hostAtDocs, inactive };
+      log('info', 'Project resolved from subdomain', {
+        hostname,
+        projectSlug,
+        inactive,
+        customDomain: config.customDomain,
+      });
+      return {
+        projectSlug,
+        hostAtDocs: config.hostAtDocs,
+        inactive,
+        customDomain: config.customDomain,
+      };
     }
   }
 
@@ -204,7 +233,7 @@ export async function handleProjectResolution(
     hostAtDocs: resolution.hostAtDocs,
     domainStatus: resolution.domainStatus,
     inactive,
-    customDomain: true,
+    viaCustomDomain: true,
   };
 }
 
@@ -596,15 +625,48 @@ const TRUSTED_PROXY_HEADERS = [
   'x-jd-custom-domain',
   'x-jd-project-name',
   'x-jd-project-logo',
+  // Canonical override: middleware writes this when serving *.jamdesk.app
+  // directly for a hostAtDocs project that has a registered custom
+  // domain. The page render path uses it to emit the public-face canonical
+  // instead of the upstream subdomain URL.
+  'x-jd-canonical-host',
+  // Set when *.jamdesk.app serves a hostAtDocs project that has NOT
+  // registered a custom domain yet — page emits robots: noindex so the
+  // upstream URL doesn't compete with the (yet-to-arrive) public face
+  // in search results.
+  'x-jd-noindex',
 ] as const;
 
+/**
+ * Optional extras for `buildProjectHeaders`. All fields are middleware-
+ * authored; the corresponding header is in `TRUSTED_PROXY_HEADERS` so an
+ * inbound spoof is stripped before we set our own value.
+ */
+export interface BuildProjectHeadersOptions {
+  /**
+   * Public-face canonical host. Set when serving *.jamdesk.app directly
+   * for a hostAtDocs project that has a registered custom domain — the
+   * page render path emits this host in <link rel="canonical"> instead
+   * of the upstream subdomain.
+   */
+  canonicalHost?: string;
+  /**
+   * When true, emit `x-jd-noindex: true` so the page emits a robots
+   * noindex tag. Used for *.jamdesk.app subdomains of hostAtDocs
+   * projects without a custom domain yet.
+   */
+  noindex?: boolean;
+}
+
 /**
  * Build response headers with project context.
  *
  * Sets:
- *   - x-project-slug   — resolved project for downstream handlers
- *   - x-host-at-docs   — whether docs are mounted at /docs
- *   - x-jd-language    — locale code if the path starts with one (e.g. /fr/...)
+ *   - x-project-slug       — resolved project for downstream handlers
+ *   - x-host-at-docs       — whether docs are mounted at /docs
+ *   - x-jd-language        — locale code if the path starts with one (e.g. /fr/...)
+ *   - x-jd-canonical-host  — public-face host (opts.canonicalHost)
+ *   - x-jd-noindex         — "true" when opts.noindex is set
  *
  * Strips any client-supplied copies of those headers from the inbound
  * request to prevent header smuggling.
@@ -615,6 +677,7 @@ const TRUSTED_PROXY_HEADERS = [
  * @param pathname - The request pathname (request.nextUrl.pathname or, for
  *   the unlock direct-hit branch, the `from` query param). Used to derive
  *   the active locale so the root layout can emit <html lang>.
+ * @param opts - Optional extras (canonical host override, noindex flag).
  * @returns New headers with project context added
  */
 export function buildProjectHeaders(
@@ -622,6 +685,7 @@ export function buildProjectHeaders(
   existingHeaders: Headers,
   hostAtDocs: boolean,
   pathname: string,
+  opts: BuildProjectHeadersOptions = {},
 ): Headers {
   const newHeaders = new Headers(existingHeaders);
   for (const h of TRUSTED_PROXY_HEADERS) {
@@ -636,6 +700,13 @@ export function buildProjectHeaders(
     newHeaders.set('x-jd-language', language);
   }
 
+  if (opts.canonicalHost) {
+    newHeaders.set('x-jd-canonical-host', opts.canonicalHost);
+  }
+  if (opts.noindex) {
+    newHeaders.set('x-jd-noindex', 'true');
+  }
+
   return newHeaders;
 }
 

package/vendored/lib/page-isr-helpers.ts

@@ -130,15 +130,20 @@ export function parseCacheKey(cacheKey: string): { projectSlug: string; pagePath
 /**
  * Get base URL for SEO metadata in ISR mode.
  *
- * Derives the canonical base URL from request headers.
- * Prefers x-jamdesk-forwarded-host (set by Cloudflare Worker proxy) over the
- * host header, so that canonical URLs point to the user-facing domain
- * (e.g., jamdesk.com) rather than the ISR subdomain (jamdesk-docs.jamdesk.app).
+ * Header priority (highest first):
+ *   1. x-jd-canonical-host  — internal override set by middleware when a
+ *      hostAtDocs project is served directly via *.jamdesk.app and has a
+ *      registered customDomain. Forces the canonical to the public face.
+ *   2. x-jamdesk-forwarded-host — set by the Cloudflare Worker proxy
+ *      (e.g. jamdesk.com → forwarded `jamdesk.com`).
+ *   3. host header — direct request hostname.
+ *   4. Subdomain fallback `<slug>.jamdesk.app` (no headers available).
  *
- * Security: The forwarded host header is validated by middleware
- * (validateForwardedHost in middleware-helpers.ts) before the page component runs.
+ * Both override headers are in TRUSTED_PROXY_HEADERS so a client can't
+ * spoof them.
  *
- * When hostAtDocs=true, includes /docs path prefix to match the actual URL structure.
+ * When hostAtDocs=true, includes /docs path prefix (forwarded-host and
+ * canonical-host paths only; subdomain fallback always serves at root).
  *
  * @param headers - Request headers object
  * @param projectSlug - Project identifier (fallback for subdomain URL)
@@ -146,9 +151,9 @@ export function parseCacheKey(cacheKey: string): { projectSlug: string; pagePath
  * @returns Base URL (e.g., 'https://jamdesk.com/docs' or 'https://acme.jamdesk.app')
  */
 export function getBaseUrl(headers: Headers, projectSlug: string, hostAtDocs = false): string {
-  // Prefer forwarded host (from Cloudflare Worker proxy) for correct canonical URLs
+  const canonicalHost = headers.get('x-jd-canonical-host');
   const forwardedHost = headers.get('x-jamdesk-forwarded-host');
-  const host = forwardedHost || headers.get('host');
+  const host = canonicalHost || forwardedHost || headers.get('host');
 
   if (host) {
     const hostname = host.split(':')[0];

package/vendored/lib/project-resolver.ts

@@ -97,6 +97,17 @@ export async function resolveCustomDomain(hostname: string): Promise<DomainResol
   }
 }
 
+/**
+ * Resolved project configuration mirrored from Redis `projectCfg:<slug>`.
+ *
+ * `customDomain` is set on activation by the domain.ts helper when a custom
+ * domain is TXT-verified. Used by middleware to emit canonical-host headers.
+ */
+export interface ProjectCfg {
+  hostAtDocs: boolean;
+  customDomain?: string;
+}
+
 /**
  * Get project configuration for a subdomain (silent-fallback variant).
  * Used for hostAtDocs setting on *.jamdesk.app domains.
@@ -111,7 +122,7 @@ export async function resolveCustomDomain(hostname: string): Promise<DomainResol
  * would memoize a wrong `false` for the cache TTL, the exact failure
  * mode that produced the jamdesk.com/docs/* 404 incident.
  */
-export async function getProjectConfig(projectSlug: string): Promise<{ hostAtDocs: boolean }> {
+export async function getProjectConfig(projectSlug: string): Promise<ProjectCfg> {
   if (!redis) {
     return { hostAtDocs: false };
   }
@@ -119,8 +130,10 @@ export async function getProjectConfig(projectSlug: string): Promise<{ hostAtDoc
   try {
     const cfgRaw = await redis.get(`projectCfg:${projectSlug}`);
     const cfg = parseRedisConfig(cfgRaw);
-    // Default to false (root path) for subdomains unless explicitly set to true
-    return { hostAtDocs: cfg?.hostAtDocs === true };
+    return {
+      hostAtDocs: cfg?.hostAtDocs === true,
+      customDomain: typeof cfg?.customDomain === 'string' ? cfg.customDomain : undefined,
+    };
   } catch {
     return { hostAtDocs: false };
   }
@@ -136,14 +149,17 @@ export async function getProjectConfig(projectSlug: string): Promise<{ hostAtDoc
  * A missing `projectCfg:<slug>` key is NOT an error — that's the legitimate
  * "project hasn't opted into hostAtDocs" case and is safe to cache.
  */
-export async function getProjectConfigStrict(projectSlug: string): Promise<{ hostAtDocs: boolean }> {
+export async function getProjectConfigStrict(projectSlug: string): Promise<ProjectCfg> {
   if (!redis) {
     return { hostAtDocs: false };
   }
 
   const cfgRaw = await redis.get(`projectCfg:${projectSlug}`);
   const cfg = parseRedisConfig(cfgRaw);
-  return { hostAtDocs: cfg?.hostAtDocs === true };
+  return {
+    hostAtDocs: cfg?.hostAtDocs === true,
+    customDomain: typeof cfg?.customDomain === 'string' ? cfg.customDomain : undefined,
+  };
 }
 
 /**

package/vendored/lib/render-doc-page.tsx

@@ -191,6 +191,13 @@ function resolveSlug(normalizedSlug: string[], config: DocsConfig): string[] {
 export async function buildDocMetadata(input: RenderInput): Promise<Metadata> {
   const { slug: slugInput, projectSlug, hostAtDocs, requestHeaders } = input;
 
+  // Middleware sets `x-jd-noindex: true` when serving a hostAtDocs project
+  // directly via *.jamdesk.app and the project has no registered custom
+  // domain yet. The upstream subdomain shouldn't compete with the (yet-to-
+  // arrive) public face in search results — emit robots noindex so Google
+  // skips it. See proxy.ts → projectHeaderOptsForCanonical for the source.
+  const noindexHeader = requestHeaders?.get('x-jd-noindex') === 'true';
+
   if (isIsrMode()) {
     if (!projectSlug) return { title: 'Not Found' };
     const exists = await projectExists(projectSlug);
@@ -234,11 +241,18 @@ export async function buildDocMetadata(input: RenderInput): Promise<Metadata> {
 
   const markdownHref = `${hostAtDocs ? '/docs/' : '/'}${pagePath}.md`;
 
+  // noindexHeader (middleware) and isRoot override frontmatter robots
+  // (already in seoMetadata) via spread order.
+  const robotsOverride =
+    isRoot || noindexHeader
+      ? { robots: { index: false, follow: true } as const }
+      : {};
+
   return {
     title: titleValue,
     description: data.description || '',
     ...seoMetadata,
-    ...(isRoot && { robots: { index: false, follow: true } }),
+    ...robotsOverride,
     alternates: {
       ...seoMetadata.alternates,
       types: {

package/vendored/workspace-package-lock.json

@@ -2987,9 +2987,9 @@
       "license": "MIT"
     },
     "node_modules/electron-to-chromium": {
-      "version": "1.5.352",
-      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.352.tgz",
-      "integrity": "sha512-9wHk8x6dyuimoe18EdiDPWKExNdxYqo4fn4FwOVVper6RxT3cmpBwBkWWfSOCYJjQdIco/nPhJhNLmn4Ufg1Yg==",
+      "version": "1.5.353",
+      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.353.tgz",
+      "integrity": "sha512-kOrWphBi8TOZyiJZqsgqIle0lw+tzmnQK83pV9dZUd01Nm2POECSyFQMAuarzZdYqQW7FH9RaYOuaRo3h+bQ3w==",
       "license": "ISC"
     },
     "node_modules/enhanced-resolve": {