react-doctor 0.0.5 → 0.0.7

package/dist/react-doctor-plugin.js

@@ -129,6 +129,37 @@ const NEXTJS_NAVIGATION_FUNCTIONS = new Set([
 const GOOGLE_FONTS_PATTERN = /fonts\.googleapis\.com/;
 const POLYFILL_SCRIPT_PATTERN = /polyfill\.io|polyfill\.min\.js|cdn\.polyfill/;
 const APP_DIRECTORY_PATTERN = /\/app\//;
+const ROUTE_HANDLER_FILE_PATTERN = /\/route\.(tsx?|jsx?)$/;
+const MUTATION_METHOD_NAMES = new Set([
+	"create",
+	"insert",
+	"insertInto",
+	"update",
+	"upsert",
+	"delete",
+	"remove",
+	"destroy",
+	"set",
+	"append"
+]);
+const MUTATING_HTTP_METHODS = new Set([
+	"POST",
+	"PUT",
+	"DELETE",
+	"PATCH"
+]);
+const MUTATING_ROUTE_SEGMENTS = new Set([
+	"logout",
+	"log-out",
+	"signout",
+	"sign-out",
+	"unsubscribe",
+	"delete",
+	"remove",
+	"revoke",
+	"cancel",
+	"deactivate"
+]);
 const EFFECT_HOOK_NAMES = new Set(["useEffect", "useLayoutEffect"]);
 const HOOKS_WITH_DEPS = new Set([
 	"useEffect",
@@ -230,6 +261,40 @@ const createLoopAwareVisitors = (innerVisitors) => {
 	};
 	return visitors;
 };
+const isCookiesOrHeadersCall = (node, methodName) => {
+	if (node.type !== "CallExpression" || node.callee?.type !== "MemberExpression") return false;
+	const { object, property } = node.callee;
+	if (property?.type !== "Identifier" || !MUTATION_METHOD_NAMES.has(property.name)) return false;
+	if (object?.type !== "CallExpression" || object.callee?.type !== "Identifier") return false;
+	return object.callee.name === methodName;
+};
+const isMutatingDbCall = (node) => {
+	if (node.type !== "CallExpression" || node.callee?.type !== "MemberExpression") return false;
+	const { property } = node.callee;
+	return property?.type === "Identifier" && MUTATION_METHOD_NAMES.has(property.name);
+};
+const isMutatingFetchCall = (node) => {
+	if (node.type !== "CallExpression") return false;
+	if (node.callee?.type !== "Identifier" || node.callee.name !== "fetch") return false;
+	const optionsArgument = node.arguments?.[1];
+	if (!optionsArgument || optionsArgument.type !== "ObjectExpression") return false;
+	return optionsArgument.properties?.some((property) => property.type === "Property" && property.key?.type === "Identifier" && property.key.name === "method" && property.value?.type === "Literal" && typeof property.value.value === "string" && MUTATING_HTTP_METHODS.has(property.value.value.toUpperCase()));
+};
+const findSideEffect = (node) => {
+	let sideEffectDescription = null;
+	walkAst(node, (child) => {
+		if (sideEffectDescription) return;
+		if (isCookiesOrHeadersCall(child, "cookies")) sideEffectDescription = `cookies().${child.callee.property.name}()`;
+		else if (isCookiesOrHeadersCall(child, "headers")) sideEffectDescription = `headers().${child.callee.property.name}()`;
+		else if (isMutatingFetchCall(child)) sideEffectDescription = `fetch() with method ${child.arguments[1].properties.find((property) => property.key?.type === "Identifier" && property.key.name === "method").value.value}`;
+		else if (isMutatingDbCall(child)) {
+			const methodName = child.callee.property.name;
+			const objectName = child.callee.object?.type === "Identifier" ? child.callee.object.name : null;
+			sideEffectDescription = objectName ? `${objectName}.${methodName}()` : `.${methodName}()`;
+		}
+	});
+	return sideEffectDescription;
+};
 const extractDestructuredPropNames = (params) => {
 	const propNames = /* @__PURE__ */ new Set();
 	for (const param of params) if (param.type === "ObjectPattern") {
@@ -273,7 +338,9 @@ const noGiantComponent = { create: (context) => {
 const noRenderInRender = { create: (context) => ({ JSXExpressionContainer(node) {
 	const expression = node.expression;
 	if (expression?.type !== "CallExpression") return;
-	const calleeName = expression.callee?.type === "Identifier" ? expression.callee.name : expression.callee?.type === "MemberExpression" && expression.callee.property?.type === "Identifier" ? expression.callee.property.name : null;
+	let calleeName = null;
+	if (expression.callee?.type === "Identifier") calleeName = expression.callee.name;
+	else if (expression.callee?.type === "MemberExpression" && expression.callee.property?.type === "Identifier") calleeName = expression.callee.property.name;
 	if (calleeName && RENDER_FUNCTION_PATTERN.test(calleeName)) context.report({
 		node: expression,
 		message: `Inline render function "${calleeName}()" — extract to a separate component for proper reconciliation`
@@ -382,7 +449,10 @@ const clientPassiveEventListeners = { create: (context) => ({ CallExpression(nod
 //#region src/plugin/rules/correctness.ts
 const extractIndexName = (node) => {
 	if (node.type === "Identifier" && INDEX_PARAMETER_NAMES.has(node.name)) return node.name;
-	if (node.type === "TemplateLiteral" && node.expressions?.some((expression) => expression.type === "Identifier" && INDEX_PARAMETER_NAMES.has(expression.name))) return node.expressions.find((expression) => expression.type === "Identifier" && INDEX_PARAMETER_NAMES.has(expression.name))?.name;
+	if (node.type === "TemplateLiteral") {
+		const indexExpression = node.expressions?.find((expression) => expression.type === "Identifier" && INDEX_PARAMETER_NAMES.has(expression.name));
+		if (indexExpression) return indexExpression.name;
+	}
 	if (node.type === "CallExpression" && node.callee?.type === "MemberExpression" && node.callee.object?.type === "Identifier" && INDEX_PARAMETER_NAMES.has(node.callee.object.name) && node.callee.property?.type === "Identifier" && node.callee.property.name === "toString") return node.callee.object.name;
 	if (node.type === "CallExpression" && node.callee?.type === "Identifier" && node.callee.name === "String" && node.arguments?.[0]?.type === "Identifier" && INDEX_PARAMETER_NAMES.has(node.arguments[0].name)) return node.arguments[0].name;
 	return null;
@@ -600,7 +670,9 @@ const nextjsNoAElement = { create: (context) => ({ JSXOpeningElement(node) {
 	if (node.name?.type !== "JSXIdentifier" || node.name.name !== "a") return;
 	const hrefAttribute = findJsxAttribute(node.attributes ?? [], "href");
 	if (!hrefAttribute?.value) return;
-	const hrefValue = hrefAttribute.value.type === "Literal" ? hrefAttribute.value.value : hrefAttribute.value.type === "JSXExpressionContainer" && hrefAttribute.value.expression?.type === "Literal" ? hrefAttribute.value.expression.value : null;
+	let hrefValue = null;
+	if (hrefAttribute.value.type === "Literal") hrefValue = hrefAttribute.value.value;
+	else if (hrefAttribute.value.type === "JSXExpressionContainer" && hrefAttribute.value.expression?.type === "Literal") hrefValue = hrefAttribute.value.expression.value;
 	if (typeof hrefValue === "string" && hrefValue.startsWith("/")) context.report({
 		node,
 		message: "Use next/link instead of <a> for internal links — enables client-side navigation and prefetching"
@@ -760,6 +832,44 @@ const nextjsNoHeadImport = { create: (context) => ({ ImportDeclaration(node) {
 		message: "next/head is not supported in the App Router — use the Metadata API instead"
 	});
 } }) };
+const extractMutatingRouteSegment = (filename) => {
+	const segments = filename.split("/");
+	for (const segment of segments) {
+		const cleaned = segment.replace(/^\[.*\]$/, "");
+		if (MUTATING_ROUTE_SEGMENTS.has(cleaned)) return cleaned;
+	}
+	return null;
+};
+const getExportedGetHandlerBody = (node) => {
+	if (node.type !== "ExportNamedDeclaration") return null;
+	const declaration = node.declaration;
+	if (!declaration) return null;
+	if (declaration.type === "FunctionDeclaration" && declaration.id?.name === "GET") return declaration.body;
+	if (declaration.type === "VariableDeclaration") {
+		const declarator = declaration.declarations?.[0];
+		if (declarator?.id?.type === "Identifier" && declarator.id.name === "GET" && declarator.init && (declarator.init.type === "ArrowFunctionExpression" || declarator.init.type === "FunctionExpression")) return declarator.init.body;
+	}
+	return null;
+};
+const nextjsNoSideEffectInGetHandler = { create: (context) => ({ ExportNamedDeclaration(node) {
+	const filename = context.getFilename?.() ?? "";
+	if (!ROUTE_HANDLER_FILE_PATTERN.test(filename)) return;
+	const handlerBody = getExportedGetHandlerBody(node);
+	if (!handlerBody) return;
+	const mutatingSegment = extractMutatingRouteSegment(filename);
+	if (mutatingSegment) {
+		context.report({
+			node,
+			message: `GET handler on "/${mutatingSegment}" route — use POST to prevent CSRF and unintended prefetch triggers`
+		});
+		return;
+	}
+	const sideEffect = findSideEffect(handlerBody);
+	if (sideEffect) context.report({
+		node,
+		message: `GET handler has side effects (${sideEffect}) — use POST to prevent CSRF and unintended prefetch triggers`
+	});
+} }) };
 
 //#endregion
 //#region src/plugin/rules/performance.ts
@@ -768,7 +878,9 @@ const noUsememoSimpleExpression = { create: (context) => ({ CallExpression(node)
 	const callback = node.arguments?.[0];
 	if (!callback) return;
 	if (callback.type !== "ArrowFunctionExpression" && callback.type !== "FunctionExpression") return;
-	const returnExpression = callback.body?.type !== "BlockStatement" ? callback.body : callback.body.body?.length === 1 && callback.body.body[0].type === "ReturnStatement" ? callback.body.body[0].argument : null;
+	let returnExpression = null;
+	if (callback.body?.type !== "BlockStatement") returnExpression = callback.body;
+	else if (callback.body.body?.length === 1 && callback.body.body[0].type === "ReturnStatement") returnExpression = callback.body.body[0].argument;
 	if (returnExpression && isSimpleExpression(returnExpression)) context.report({
 		node,
 		message: "useMemo wrapping a trivially cheap expression — memo overhead exceeds the computation"
@@ -781,7 +893,9 @@ const noLayoutPropertyAnimation = { create: (context) => ({ JSXAttribute(node) {
 	if (expression?.type !== "ObjectExpression") return;
 	for (const property of expression.properties ?? []) {
 		if (property.type !== "Property") continue;
-		const propertyName = property.key?.type === "Identifier" ? property.key.name : property.key?.type === "Literal" ? property.key.value : null;
+		let propertyName = null;
+		if (property.key?.type === "Identifier") propertyName = property.key.name;
+		else if (property.key?.type === "Literal") propertyName = property.key.value;
 		if (propertyName && LAYOUT_PROPERTIES.has(propertyName)) context.report({
 			node: property,
 			message: `Animating layout property "${propertyName}" triggers layout recalculation every frame — use transform/scale or the layout prop`
@@ -980,7 +1094,9 @@ const containsAuthCheck = (statements) => {
 	let foundAuthCall = false;
 	for (const statement of statements) walkAst(statement, (child) => {
 		if (foundAuthCall) return;
-		const callNode = child.type === "CallExpression" ? child : child.type === "AwaitExpression" && child.argument?.type === "CallExpression" ? child.argument : null;
+		let callNode = null;
+		if (child.type === "CallExpression") callNode = child;
+		else if (child.type === "AwaitExpression" && child.argument?.type === "CallExpression") callNode = child.argument;
 		if (callNode?.callee?.type === "Identifier" && AUTH_FUNCTION_NAMES.has(callNode.callee.name)) foundAuthCall = true;
 	});
 	return foundAuthCall;
@@ -1218,6 +1334,7 @@ const plugin = {
 		"nextjs-no-css-link": nextjsNoCssLink,
 		"nextjs-no-polyfill-script": nextjsNoPolyfillScript,
 		"nextjs-no-head-import": nextjsNoHeadImport,
+		"nextjs-no-side-effect-in-get-handler": nextjsNoSideEffectInGetHandler,
 		"server-auth-actions": serverAuthActions,
 		"server-after-nonblocking": serverAfterNonblocking,
 		"client-passive-event-listeners": clientPassiveEventListeners,