netlify-cli 12.7.2 → 12.9.0

package/src/functions-templates/rust/hello-world/Cargo.toml

@@ -6,9 +6,9 @@ version = "0.1.0"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
-aws_lambda_events = "0.7.2"
+aws_lambda_events = "0.7.3"
 http = "0.2.8"
-lambda_runtime = "0.7.1"
+lambda_runtime = "0.7.3"
 log = "0.4.17"
 simple_logger = "1.16.0"
-tokio = "1.22.0"
+tokio = "1.24.1"

package/src/functions-templates/typescript/hello-world/package-lock.json

@@ -26,9 +26,9 @@
       }
     },
     "node_modules/@types/node": {
-      "version": "14.18.34",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-14.18.34.tgz",
-      "integrity": "sha512-hcU9AIQVHmPnmjRK+XUUYlILlr9pQrsqSrwov/JK1pnf3GTQowVBhx54FbvM0AU/VXGH4i3+vgXS5EguR7fysA=="
+      "version": "14.18.36",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-14.18.36.tgz",
+      "integrity": "sha512-FXKWbsJ6a1hIrRxv+FoukuHnGTgEzKYGi7kilfMae96AL9UNkPFNWJEEYWzdRI9ooIkbr4AKldyuSTLql06vLQ=="
     },
     "node_modules/is-promise": {
       "version": "4.0.0",
@@ -36,9 +36,9 @@
       "integrity": "sha512-hvpoI6korhJMnej285dSg6nu1+e6uxs7zG3BYAm5byqDsgJNWwxzM6z6iZiAgQR4TJ30JmBTOwqZUw3WlyH3AQ=="
     },
     "node_modules/typescript": {
-      "version": "4.9.3",
-      "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.9.3.tgz",
-      "integrity": "sha512-CIfGzTelbKNEnLpLdGFgdyKhG23CKdKgQPOBc+OUNrkJ2vr+KSzsSV5kq5iWhEQbok+quxgGzrAtGWCyU7tHnA==",
+      "version": "4.9.4",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.9.4.tgz",
+      "integrity": "sha512-Uz+dTXYzxXXbsFpM86Wh3dKCxrQqUcVMxwU54orwlJjOpO3ao8L7j5lH+dWfTwgCwIuM9GQ2kvVotzYJMXTBZg==",
       "bin": {
         "tsc": "bin/tsc",
         "tsserver": "bin/tsserver"
@@ -58,9 +58,9 @@
       }
     },
     "@types/node": {
-      "version": "14.18.34",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-14.18.34.tgz",
-      "integrity": "sha512-hcU9AIQVHmPnmjRK+XUUYlILlr9pQrsqSrwov/JK1pnf3GTQowVBhx54FbvM0AU/VXGH4i3+vgXS5EguR7fysA=="
+      "version": "14.18.36",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-14.18.36.tgz",
+      "integrity": "sha512-FXKWbsJ6a1hIrRxv+FoukuHnGTgEzKYGi7kilfMae96AL9UNkPFNWJEEYWzdRI9ooIkbr4AKldyuSTLql06vLQ=="
     },
     "is-promise": {
       "version": "4.0.0",
@@ -68,9 +68,9 @@
       "integrity": "sha512-hvpoI6korhJMnej285dSg6nu1+e6uxs7zG3BYAm5byqDsgJNWwxzM6z6iZiAgQR4TJ30JmBTOwqZUw3WlyH3AQ=="
     },
     "typescript": {
-      "version": "4.9.3",
-      "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.9.3.tgz",
-      "integrity": "sha512-CIfGzTelbKNEnLpLdGFgdyKhG23CKdKgQPOBc+OUNrkJ2vr+KSzsSV5kq5iWhEQbok+quxgGzrAtGWCyU7tHnA=="
+      "version": "4.9.4",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.9.4.tgz",
+      "integrity": "sha512-Uz+dTXYzxXXbsFpM86Wh3dKCxrQqUcVMxwU54orwlJjOpO3ao8L7j5lH+dWfTwgCwIuM9GQ2kvVotzYJMXTBZg=="
     }
   }
 }

package/src/lib/edge-functions/headers.mjs

@@ -1,12 +1,12 @@
 const headers = {
   ForwardedHost: 'x-forwarded-host',
-  ForwardedProtocol: 'x-forwarded-proto',
-  Functions: 'x-deno-functions',
+  Functions: 'x-nf-edge-functions',
   Geo: 'x-nf-geo',
-  Passthrough: 'x-deno-pass',
+  Passthrough: 'x-nf-passthrough',
   RequestID: 'X-NF-Request-ID',
   IP: 'x-nf-client-connection-ip',
   Site: 'X-NF-Site-Info',
+  DebugLogging: 'x-nf-debug-logging',
 }
 
 export default headers

package/src/lib/edge-functions/proxy.mjs

@@ -56,19 +56,20 @@ export const createSiteInfoHeader = (siteInfo = {}) => {
 export const initializeProxy = async ({
   config,
   configPath,
+  debug,
   env: configEnv,
   geoCountry,
   geolocationMode,
   getUpdatedConfig,
   inspectSettings,
+  mainPort,
   offline,
+  passthroughPort,
   projectDir,
-  settings,
   siteInfo,
   state,
 }) => {
   const { functions: internalFunctions, importMap, path: internalFunctionsPath } = await getInternalFunctions()
-  const { port: mainPort } = settings
   const userFunctionsPath = config.build.edge_functions
   const isolatePort = await getAvailablePort()
 
@@ -76,7 +77,6 @@ export const initializeProxy = async ({
   // the network if needed. We don't want to wait for that to be completed, or
   // the command will be left hanging.
   const server = prepareServer({
-    certificatePath: settings.https ? settings.https.certFilePath : undefined,
     config,
     configPath,
     directories: [internalFunctionsPath, userFunctionsPath].filter(Boolean),
@@ -131,14 +131,14 @@ export const initializeProxy = async ({
 
     req[headersSymbol] = {
       [headers.Functions]: functionNames.join(','),
-      [headers.ForwardedHost]: `localhost:${mainPort}`,
+      [headers.ForwardedHost]: `localhost:${passthroughPort}`,
       [headers.Passthrough]: 'passthrough',
       [headers.RequestID]: generateUUID(),
       [headers.IP]: LOCAL_HOST,
     }
 
-    if (settings.https) {
-      req[headersSymbol][headers.ForwardedProtocol] = 'https'
+    if (debug) {
+      req[headersSymbol][headers.DebugLogging] = '1'
     }
 
     return `http://${LOCAL_HOST}:${isolatePort}`
@@ -148,7 +148,6 @@ export const initializeProxy = async ({
 export const isEdgeFunctionsRequest = (req) => req[headersSymbol] !== undefined
 
 const prepareServer = async ({
-  certificatePath,
   config,
   configPath,
   directories,
@@ -168,7 +167,6 @@ const prepareServer = async ({
     const distImportMapPath = getPathInProject([DIST_IMPORT_MAP_PATH])
     const runIsolate = await bundler.serve({
       ...getDownloadUpdateFunctions(),
-      certificatePath,
       debug: env.NETLIFY_DENO_DEBUG === 'true',
       distImportMapPath,
       formatExportTypeError: (name) =>

package/src/lib/edge-functions/registry.mjs

@@ -295,7 +295,15 @@ export class EdgeFunctionsRegistry {
       ...route,
       pattern: new RegExp(route.pattern),
     }))
-    const functionNames = routes.filter(({ pattern }) => pattern.test(urlPath)).map((route) => route.function)
+    const functionNames = routes
+      .filter(({ pattern }) => pattern.test(urlPath))
+      .filter(({ function: name }) => {
+        const isExcluded = manifest.function_config[name]?.excluded_patterns.some((pattern) =>
+          new RegExp(pattern).test(urlPath),
+        )
+        return !isExcluded
+      })
+      .map((route) => route.function)
     const orphanedDeclarations = await this.matchURLPathAgainstOrphanedDeclarations(urlPath)
 
     return { functionNames, orphanedDeclarations }

package/src/lib/functions/server.mjs

@@ -168,7 +168,7 @@ export const createHandler = function (options) {
         return
       }
 
-      handleSynchronousFunction(error, result, request, response)
+      handleSynchronousFunction({ error, functionName: func.name, result, request, response })
     }
   }
 }

package/src/lib/functions/synchronous.mjs

@@ -1,7 +1,7 @@
 // @ts-check
 import { Buffer } from 'buffer'
 
-import { NETLIFYDEVERR } from '../../utils/command-helpers.mjs'
+import { chalk, log, NETLIFYDEVERR } from '../../utils/command-helpers.mjs'
 import renderErrorTemplate from '../render-error-template.mjs'
 
 import { detectAwsSdkError } from './utils.mjs'
@@ -16,20 +16,35 @@ const addHeaders = (headers, response) => {
   })
 }
 
-export const handleSynchronousFunction = function (err, result, request, response) {
-  if (err) {
-    return handleErr(err, request, response)
+export const handleSynchronousFunction = function ({
+  error: invocationError,
+  functionName,
+  request,
+  response,
+  result,
+}) {
+  if (invocationError) {
+    return handleErr(invocationError, request, response)
   }
 
   const { error } = validateLambdaResponse(result)
   if (error) {
-    console.log(`${NETLIFYDEVERR} ${error}`)
+    log(`${NETLIFYDEVERR} ${error}`)
     return handleErr(error, request, response)
   }
 
   response.statusCode = result.statusCode
-  addHeaders(result.headers, response)
-  addHeaders(result.multiValueHeaders, response)
+
+  try {
+    addHeaders(result.headers, response)
+    addHeaders(result.multiValueHeaders, response)
+  } catch (headersError) {
+    formatError(headersError)
+
+    log(`${NETLIFYDEVERR} Failed to set header in function ${chalk.yellow(functionName)}: ${headersError.message}`)
+
+    return handleErr(headersError, request, response)
+  }
 
   if (result.body) {
     response.write(result.isBase64Encoded ? Buffer.from(result.body, 'base64') : result.body)
@@ -37,6 +52,12 @@ export const handleSynchronousFunction = function (err, result, request, respons
   response.end()
 }
 
+const formatError = (err) => {
+  err.errorType = err.code
+  err.errorMessage = err.message
+  err.stackTrace = err.trace
+}
+
 const formatLambdaLocalError = (err, acceptsHtml) =>
   acceptsHtml
     ? JSON.stringify({

package/src/utils/get-repo-data.mjs

@@ -44,7 +44,7 @@ const getRepoData = async function ({ remoteName } = {}) {
       Object.keys(gitConfig.remote[remoteName]).length === 0
     ) {
       throw new Error(
-        `The specified remote "${remoteName}" is not defined in Git repo. Please use --gitRemoteName flag to specify a remote.`,
+        `The specified remote "${remoteName}" is not defined in Git repo. Please use --git-remote-name flag to specify a remote.`,
       )
     }
 

package/src/utils/proxy-server.mjs

@@ -39,6 +39,7 @@ export const generateInspectSettings = (edgeInspect, edgeInspectBrk) => {
  * @param {*} params.addonsUrls
  * @param {import('../commands/base-command.mjs').NetlifyOptions["config"]} params.config
  * @param {string} [params.configPath] An override for the Netlify config path
+ * @param {boolean} params.debug
  * @param {import('../commands/base-command.mjs').NetlifyOptions["cachedConfig"]['env']} params.env
  * @param {InspectSettings} params.inspectSettings
  * @param {() => Promise<object>} params.getUpdatedConfig
@@ -55,6 +56,7 @@ export const startProxyServer = async ({
   addonsUrls,
   config,
   configPath,
+  debug,
   env,
   geoCountry,
   geolocationMode,
@@ -70,6 +72,7 @@ export const startProxyServer = async ({
     addonsUrls,
     config,
     configPath: configPath || site.configPath,
+    debug,
     env,
     geolocationMode,
     geoCountry,

package/src/utils/proxy.mjs

@@ -13,6 +13,7 @@ import contentType from 'content-type'
 import cookie from 'cookie'
 import { get } from 'dot-prop'
 import generateETag from 'etag'
+import getAvailablePort from 'get-port'
 import httpProxy from 'http-proxy'
 import { createProxyMiddleware } from 'http-proxy-middleware'
 import jwtDecode from 'jwt-decode'
@@ -32,6 +33,7 @@ import { NETLIFYDEVLOG, NETLIFYDEVWARN } from './command-helpers.mjs'
 import createStreamPromise from './create-stream-promise.mjs'
 import { headersForPath, parseHeaders } from './headers.mjs'
 import { createRewriter, onChanges } from './rules-proxy.mjs'
+import { signRedirect } from './sign-redirect.mjs'
 
 const decompress = util.promisify(zlib.gunzip)
 const shouldGenerateETag = Symbol('Internal: response should generate ETag')
@@ -142,7 +144,7 @@ const alternativePathsFor = function (url) {
   return paths
 }
 
-const serveRedirect = async function ({ match, options, proxy, req, res }) {
+const serveRedirect = async function ({ match, options, proxy, req, res, siteInfo }) {
   if (!match) return proxy.web(req, res, options)
 
   options = options || req.proxyOptions || {}
@@ -154,6 +156,15 @@ const serveRedirect = async function ({ match, options, proxy, req, res }) {
     })
   }
 
+  if (match.signingSecret) {
+    req.headers['x-nf-sign'] = signRedirect({
+      deployContext: 'dev',
+      secret: match.signingSecret,
+      siteID: siteInfo.id,
+      siteURL: siteInfo.url,
+    })
+  }
+
   if (isFunction(options.functionsPort, req.url)) {
     return proxy.web(req, res, { target: options.functionsServer })
   }
@@ -305,7 +316,7 @@ const reqToURL = function (req, pathname) {
 
 const MILLISEC_TO_SEC = 1e3
 
-const initializeProxy = async function ({ configPath, distDir, host, port, projectDir }) {
+const initializeProxy = async function ({ configPath, distDir, host, port, projectDir, siteInfo }) {
   const proxy = httpProxy.createProxyServer({
     selfHandleResponse: true,
     target: {
@@ -369,13 +380,20 @@ const initializeProxy = async function ({ configPath, distDir, host, port, proje
         return proxy.web(req, res, req.proxyOptions)
       }
       if (req.proxyOptions && req.proxyOptions.match) {
-        return serveRedirect({ req, res, proxy: handlers, match: req.proxyOptions.match, options: req.proxyOptions })
+        return serveRedirect({
+          req,
+          res,
+          proxy: handlers,
+          match: req.proxyOptions.match,
+          options: req.proxyOptions,
+          siteInfo,
+        })
       }
     }
 
     if (req.proxyOptions.staticFile && isRedirect({ status: proxyRes.statusCode }) && proxyRes.headers.location) {
       req.url = proxyRes.headers.location
-      return serveRedirect({ req, res, proxy: handlers, match: null, options: req.proxyOptions })
+      return serveRedirect({ req, res, proxy: handlers, match: null, options: req.proxyOptions, siteInfo })
     }
 
     const responseData = []
@@ -471,7 +489,11 @@ const initializeProxy = async function ({ configPath, distDir, host, port, proje
   return handlers
 }
 
-const onRequest = async ({ addonsUrls, edgeFunctionsProxy, functionsServer, proxy, rewriter, settings }, req, res) => {
+const onRequest = async (
+  { addonsUrls, edgeFunctionsProxy, functionsServer, proxy, rewriter, settings, siteInfo },
+  req,
+  res,
+) => {
   req.originalBody = ['GET', 'OPTIONS', 'HEAD'].includes(req.method)
     ? null
     : await createStreamPromise(req, BYTES_LIMIT)
@@ -508,7 +530,7 @@ const onRequest = async ({ addonsUrls, edgeFunctionsProxy, functionsServer, prox
     // We don't want to generate an ETag for 3xx redirects.
     req[shouldGenerateETag] = ({ statusCode }) => statusCode < 300 || statusCode >= 400
 
-    return serveRedirect({ req, res, proxy, match, options })
+    return serveRedirect({ req, res, proxy, match, options, siteInfo })
   }
 
   // The request will be served by the framework server, which means we want to
@@ -533,6 +555,7 @@ export const startProxy = async function ({
   addonsUrls,
   config,
   configPath,
+  debug,
   env,
   geoCountry,
   geolocationMode,
@@ -544,18 +567,21 @@ export const startProxy = async function ({
   siteInfo,
   state,
 }) {
+  const secondaryServerPort = settings.https ? await getAvailablePort() : null
   const functionsServer = settings.functionsPort ? `http://127.0.0.1:${settings.functionsPort}` : null
   const edgeFunctionsProxy = await initializeEdgeFunctionsProxy({
     config,
     configPath,
+    debug,
     env,
     geolocationMode,
     geoCountry,
     getUpdatedConfig,
     inspectSettings,
+    mainPort: settings.port,
     offline,
+    passthroughPort: secondaryServerPort || settings.port,
     projectDir,
-    settings,
     siteInfo,
     state,
   })
@@ -565,6 +591,7 @@ export const startProxy = async function ({
     distDir: settings.dist,
     projectDir,
     configPath,
+    siteInfo,
   })
 
   const rewriter = await createRewriter({
@@ -583,17 +610,34 @@ export const startProxy = async function ({
     addonsUrls,
     functionsServer,
     edgeFunctionsProxy,
+    siteInfo,
   })
-  const server = settings.https
+  const primaryServer = settings.https
     ? https.createServer({ cert: settings.https.cert, key: settings.https.key }, onRequestWithOptions)
     : http.createServer(onRequestWithOptions)
-
-  server.on('upgrade', function onUpgrade(req, socket, head) {
+  const onUpgrade = function onUpgrade(req, socket, head) {
     proxy.ws(req, socket, head)
-  })
+  }
+
+  primaryServer.on('upgrade', onUpgrade)
+  primaryServer.listen({ port: settings.port })
+
+  const eventQueue = [once(primaryServer, 'listening')]
+
+  // If we're running the main server on HTTPS, we need to start a secondary
+  // server on HTTP for receiving passthrough requests from edge functions.
+  // This lets us run the Deno server on HTTP and avoid the complications of
+  // Deno talking to Node on HTTPS with potentially untrusted certificates.
+  if (secondaryServerPort) {
+    const secondaryServer = http.createServer(onRequestWithOptions)
+
+    secondaryServer.on('upgrade', onUpgrade)
+    secondaryServer.listen({ port: secondaryServerPort })
+
+    eventQueue.push(once(secondaryServer, 'listening'))
+  }
 
-  server.listen({ port: settings.port })
-  await once(server, 'listening')
+  await Promise.all(eventQueue)
 
   const scheme = settings.https ? 'https' : 'http'
   return `${scheme}://localhost:${settings.port}`

package/src/utils/redirects.mjs

@@ -36,6 +36,7 @@ const normalizeRedirect = function ({
   conditions: { country, language, role, ...conditions },
   from,
   query,
+  signed,
   ...redirect
 }) {
   return {
@@ -48,5 +49,10 @@ const normalizeRedirect = function ({
       ...(country && { Country: country }),
       ...(language && { Language: language }),
     },
+    ...(signed && {
+      sign: {
+        jwt_secret: signed,
+      },
+    }),
   }
 }

package/src/utils/sign-redirect.mjs

@@ -0,0 +1,16 @@
+import jwt from 'jsonwebtoken'
+
+// https://docs.netlify.com/routing/redirects/rewrites-proxies/#signed-proxy-redirects
+export const signRedirect = ({ deployContext, secret, siteID, siteURL }) => {
+  const claims = {
+    deploy_context: deployContext,
+    netlify_id: siteID,
+    site_url: siteURL,
+  }
+  const options = {
+    expiresIn: '5 minutes',
+    issuer: 'netlify',
+  }
+
+  return jwt.sign(claims, secret, options)
+}