vike 0.4.144-commit-d687042 → 0.4.144-commit-756f5d7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/node/plugin/plugins/envVars.js +17 -8
- package/dist/cjs/utils/projectInfo.js +1 -1
- package/dist/esm/node/plugin/plugins/envVars.d.ts +2 -0
- package/dist/esm/node/plugin/plugins/envVars.js +17 -7
- package/dist/esm/utils/projectInfo.d.ts +1 -1
- package/dist/esm/utils/projectInfo.js +1 -1
- package/package.json +1 -1
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.envVarsPlugin = void 0;
|
|
3
|
+
exports.applyEnvVar = exports.envVarsPlugin = void 0;
|
|
4
4
|
const vite_1 = require("vite");
|
|
5
5
|
const utils_js_1 = require("../utils.js");
|
|
6
6
|
function envVarsPlugin() {
|
|
@@ -35,19 +35,19 @@ function envVarsPlugin() {
|
|
|
35
35
|
: [config.envPrefix];
|
|
36
36
|
return !envPrefix.some((prefix) => key.startsWith(prefix));
|
|
37
37
|
})
|
|
38
|
-
.forEach(([
|
|
39
|
-
const varName = `import.meta.env.${key}`;
|
|
38
|
+
.forEach(([envName, envVal]) => {
|
|
40
39
|
// Security check
|
|
41
40
|
{
|
|
41
|
+
const envStatement = getEnvStatement(envName);
|
|
42
42
|
const publicPrefix = 'PUBLIC_ENV__';
|
|
43
|
-
const isPrivate = !
|
|
43
|
+
const isPrivate = !envName.startsWith(publicPrefix);
|
|
44
44
|
if (isPrivate && isClientSide) {
|
|
45
|
-
if (!code.includes(
|
|
45
|
+
if (!code.includes(envStatement))
|
|
46
46
|
return;
|
|
47
47
|
const filePathToShowToUser = (0, utils_js_1.getFilePathRelativeToUserRootDir)(id, config.root);
|
|
48
48
|
const errMsgAddendum = isBuild ? '' : ' (Vike will prevent your app from building for production)';
|
|
49
|
-
const keyPublic = `${publicPrefix}${
|
|
50
|
-
const errMsg = `${
|
|
49
|
+
const keyPublic = `${publicPrefix}${envName}`;
|
|
50
|
+
const errMsg = `${envStatement} is used in client-side file ${filePathToShowToUser} which means that the environment variable ${envName} will be included in client-side bundles and, therefore, ${envName} will be publicly exposed which can be a security leak${errMsgAddendum}. Use ${envStatement} only in server-side files, or rename ${envName} to ${keyPublic}, see https://vike.dev/env`;
|
|
51
51
|
if (isBuild) {
|
|
52
52
|
(0, utils_js_1.assertUsage)(false, errMsg);
|
|
53
53
|
}
|
|
@@ -60,7 +60,7 @@ function envVarsPlugin() {
|
|
|
60
60
|
(0, utils_js_1.assert)(!(isPrivate && isClientSide) || !isBuild);
|
|
61
61
|
}
|
|
62
62
|
// Apply
|
|
63
|
-
code =
|
|
63
|
+
code = applyEnvVar(envName, envVal, code);
|
|
64
64
|
});
|
|
65
65
|
// No need for low-resolution source map since line numbers didn't change. (Does Vite do high-resolution column numbers source mapping?)
|
|
66
66
|
return code;
|
|
@@ -68,6 +68,15 @@ function envVarsPlugin() {
|
|
|
68
68
|
};
|
|
69
69
|
}
|
|
70
70
|
exports.envVarsPlugin = envVarsPlugin;
|
|
71
|
+
function applyEnvVar(envName, envVal, code) {
|
|
72
|
+
const envStatement = getEnvStatement(envName);
|
|
73
|
+
const regex = new RegExp((0, utils_js_1.escapeRegex)(envStatement) + '\\b', 'g');
|
|
74
|
+
return code.replace(regex, JSON.stringify(envVal));
|
|
75
|
+
}
|
|
76
|
+
exports.applyEnvVar = applyEnvVar;
|
|
77
|
+
function getEnvStatement(envName) {
|
|
78
|
+
return `import.meta.env.${envName}`;
|
|
79
|
+
}
|
|
71
80
|
function getIsClientSide(config, options) {
|
|
72
81
|
const isBuild = config.command === 'build';
|
|
73
82
|
if (isBuild) {
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.projectInfo = void 0;
|
|
4
4
|
const assertSingleInstance_js_1 = require("./assertSingleInstance.js");
|
|
5
|
-
const PROJECT_VERSION = '0.4.144-commit-
|
|
5
|
+
const PROJECT_VERSION = '0.4.144-commit-756f5d7';
|
|
6
6
|
const projectInfo = {
|
|
7
7
|
projectName: 'Vike',
|
|
8
8
|
projectVersion: PROJECT_VERSION,
|
|
@@ -1,4 +1,6 @@
|
|
|
1
1
|
export { envVarsPlugin };
|
|
2
|
+
// For ./envVars.spec.ts
|
|
3
|
+
export { applyEnvVar };
|
|
2
4
|
import { loadEnv } from 'vite';
|
|
3
5
|
import { assert, assertPosixPath, assertUsage, assertWarning, escapeRegex, getFilePathRelativeToUserRootDir, lowerFirst } from '../utils.js';
|
|
4
6
|
function envVarsPlugin() {
|
|
@@ -33,19 +35,19 @@ function envVarsPlugin() {
|
|
|
33
35
|
: [config.envPrefix];
|
|
34
36
|
return !envPrefix.some((prefix) => key.startsWith(prefix));
|
|
35
37
|
})
|
|
36
|
-
.forEach(([
|
|
37
|
-
const varName = `import.meta.env.${key}`;
|
|
38
|
+
.forEach(([envName, envVal]) => {
|
|
38
39
|
// Security check
|
|
39
40
|
{
|
|
41
|
+
const envStatement = getEnvStatement(envName);
|
|
40
42
|
const publicPrefix = 'PUBLIC_ENV__';
|
|
41
|
-
const isPrivate = !
|
|
43
|
+
const isPrivate = !envName.startsWith(publicPrefix);
|
|
42
44
|
if (isPrivate && isClientSide) {
|
|
43
|
-
if (!code.includes(
|
|
45
|
+
if (!code.includes(envStatement))
|
|
44
46
|
return;
|
|
45
47
|
const filePathToShowToUser = getFilePathRelativeToUserRootDir(id, config.root);
|
|
46
48
|
const errMsgAddendum = isBuild ? '' : ' (Vike will prevent your app from building for production)';
|
|
47
|
-
const keyPublic = `${publicPrefix}${
|
|
48
|
-
const errMsg = `${
|
|
49
|
+
const keyPublic = `${publicPrefix}${envName}`;
|
|
50
|
+
const errMsg = `${envStatement} is used in client-side file ${filePathToShowToUser} which means that the environment variable ${envName} will be included in client-side bundles and, therefore, ${envName} will be publicly exposed which can be a security leak${errMsgAddendum}. Use ${envStatement} only in server-side files, or rename ${envName} to ${keyPublic}, see https://vike.dev/env`;
|
|
49
51
|
if (isBuild) {
|
|
50
52
|
assertUsage(false, errMsg);
|
|
51
53
|
}
|
|
@@ -58,13 +60,21 @@ function envVarsPlugin() {
|
|
|
58
60
|
assert(!(isPrivate && isClientSide) || !isBuild);
|
|
59
61
|
}
|
|
60
62
|
// Apply
|
|
61
|
-
code =
|
|
63
|
+
code = applyEnvVar(envName, envVal, code);
|
|
62
64
|
});
|
|
63
65
|
// No need for low-resolution source map since line numbers didn't change. (Does Vite do high-resolution column numbers source mapping?)
|
|
64
66
|
return code;
|
|
65
67
|
}
|
|
66
68
|
};
|
|
67
69
|
}
|
|
70
|
+
function applyEnvVar(envName, envVal, code) {
|
|
71
|
+
const envStatement = getEnvStatement(envName);
|
|
72
|
+
const regex = new RegExp(escapeRegex(envStatement) + '\\b', 'g');
|
|
73
|
+
return code.replace(regex, JSON.stringify(envVal));
|
|
74
|
+
}
|
|
75
|
+
function getEnvStatement(envName) {
|
|
76
|
+
return `import.meta.env.${envName}`;
|
|
77
|
+
}
|
|
68
78
|
function getIsClientSide(config, options) {
|
|
69
79
|
const isBuild = config.command === 'build';
|
|
70
80
|
if (isBuild) {
|
|
@@ -5,7 +5,7 @@ type ProjectVersion = typeof projectInfo.projectVersion;
|
|
|
5
5
|
type ProjectTag = `[${PackageName}]` | `[${PackageName}@${ProjectVersion}]`;
|
|
6
6
|
declare const projectInfo: {
|
|
7
7
|
projectName: "Vike";
|
|
8
|
-
projectVersion: "0.4.144-commit-
|
|
8
|
+
projectVersion: "0.4.144-commit-756f5d7";
|
|
9
9
|
npmPackageName: "vike";
|
|
10
10
|
githubRepository: "https://github.com/vikejs/vike";
|
|
11
11
|
};
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
export { projectInfo };
|
|
2
2
|
import { onProjectInfo } from './assertSingleInstance.js';
|
|
3
|
-
const PROJECT_VERSION = '0.4.144-commit-
|
|
3
|
+
const PROJECT_VERSION = '0.4.144-commit-756f5d7';
|
|
4
4
|
const projectInfo = {
|
|
5
5
|
projectName: 'Vike',
|
|
6
6
|
projectVersion: PROJECT_VERSION,
|