vinext 0.0.15 → 0.0.17

package/dist/index.js

@@ -5,12 +5,12 @@ import { createSSRHandler } from "./server/dev-server.js";
 import { handleApiRoute } from "./server/api-handler.js";
 import { generateRscEntry, generateSsrEntry, generateBrowserEntry, } from "./server/app-dev-server.js";
 import { loadNextConfig, resolveNextConfig, } from "./config/next-config.js";
-import { findMiddlewareFile, runMiddleware } from "./server/middleware.js";
+import { findMiddlewareFile, isProxyFile, runMiddleware } from "./server/middleware.js";
 import { generateSafeRegExpCode, generateMiddlewareMatcherCode, generateNormalizePathCode } from "./server/middleware-codegen.js";
 import { normalizePath } from "./server/normalize-path.js";
 import { findInstrumentationFile, runInstrumentation } from "./server/instrumentation.js";
 import { validateDevRequest } from "./server/dev-origin-check.js";
-import { safeRegExp, escapeHeaderSource, isExternalUrl, proxyExternalRequest } from "./config/config-matchers.js";
+import { safeRegExp, isExternalUrl, proxyExternalRequest, parseCookies, matchHeaders, matchRedirect, matchRewrite, } from "./config/config-matchers.js";
 import { scanMetadataFiles } from "./server/metadata-routes.js";
 import tsconfigPaths from "vite-tsconfig-paths";
 import MagicString from "magic-string";
@@ -18,6 +18,7 @@ import path from "node:path";
 import { fileURLToPath, pathToFileURL } from "node:url";
 import { createRequire } from "node:module";
 import fs from "node:fs";
+import commonjs from "vite-plugin-commonjs";
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
 /**
  * Fetch Google Fonts CSS, download .woff2 files, cache locally, and return
@@ -493,6 +494,7 @@ export default function vinext(options = {}) {
     let middlewarePath = null;
     let instrumentationPath = null;
     let hasCloudflarePlugin = false;
+    let hasNitroPlugin = false;
     // Resolve shim paths - works both from source (.ts) and built (.js)
     const shimsDir = path.resolve(__dirname, "shims");
     // Shim alias map — populated in config(), used by resolveId() for .js variants
@@ -568,8 +570,15 @@ ${generateSafeRegExpCode("es5")}
 ${generateMiddlewareMatcherCode("es5")}
 
 export async function runMiddleware(request) {
-  var middlewareFn = middlewareModule.default || middlewareModule.middleware;
-  if (typeof middlewareFn !== "function") return { continue: true };
+  var isProxy = ${middlewarePath ? JSON.stringify(isProxyFile(middlewarePath)) : "false"};
+  var middlewareFn = isProxy
+    ? (middlewareModule.proxy ?? middlewareModule.default)
+    : (middlewareModule.middleware ?? middlewareModule.default);
+  if (typeof middlewareFn !== "function") {
+    var fileType = isProxy ? "Proxy" : "Middleware";
+    var expectedExport = isProxy ? "proxy" : "middleware";
+    throw new Error("The " + fileType + " file must export a function named \`" + expectedExport + "\` or a \`default\` function.");
+  }
 
   var config = middlewareModule.config;
   var matcher = config && config.matcher;
@@ -606,9 +615,13 @@ export async function runMiddleware(request) {
   if (response.headers.get("x-middleware-next") === "1") {
     var rHeaders = new Headers();
     for (var [key, value] of response.headers) {
-      // Strip ALL x-middleware-* headers — they are internal routing signals
-      // and must never reach clients.
-      if (!key.startsWith("x-middleware-")) rHeaders.append(key, value);
+      // Keep x-middleware-request-* headers so the production server can
+      // apply middleware-request header overrides before stripping internals
+      // from the final client response.
+      if (
+        !key.startsWith("x-middleware-") ||
+        key.startsWith("x-middleware-request-")
+      ) rHeaders.append(key, value);
     }
     return { continue: true, responseHeaders: rHeaders };
   }
@@ -621,7 +634,9 @@ export async function runMiddleware(request) {
   var rewriteUrl = response.headers.get("x-middleware-rewrite");
   if (rewriteUrl) {
     var rwHeaders = new Headers();
-    for (var [k, v] of response.headers) { if (!k.startsWith("x-middleware-")) rwHeaders.append(k, v); }
+    for (var [k, v] of response.headers) {
+      if (!k.startsWith("x-middleware-") || k.startsWith("x-middleware-request-")) rwHeaders.append(k, v);
+    }
     var rewritePath;
     try { var parsed = new URL(rewriteUrl, request.url); rewritePath = parsed.pathname + parsed.search; }
     catch { rewritePath = rewriteUrl; }
@@ -1534,6 +1549,9 @@ hydrate();
         // Resolve tsconfig paths/baseUrl aliases so real-world Next.js repos
         // that use @/*, #/*, or baseUrl imports work out of the box.
         tsconfigPaths(),
+        // Transform CJS require()/module.exports to ESM before other plugins
+        // analyze imports (RSC directive scanning, shim resolution, etc.)
+        commonjs(),
         {
             name: "vinext:config",
             enforce: "pre",
@@ -1664,6 +1682,7 @@ hydrate();
                 }
                 flattenPlugins(config.plugins ?? []);
                 hasCloudflarePlugin = pluginsFlat.some((p) => p && typeof p === "object" && typeof p.name === "string" && (p.name === "vite-plugin-cloudflare" || p.name.startsWith("vite-plugin-cloudflare:")));
+                hasNitroPlugin = pluginsFlat.some((p) => p && typeof p === "object" && typeof p.name === "string" && (p.name === "nitro" || p.name.startsWith("nitro:")));
                 // Resolve PostCSS string plugin names that Vite can't handle.
                 // Next.js projects commonly use array-form plugins like
                 // `plugins: ["@tailwindcss/postcss"]` which postcss-load-config
@@ -1715,7 +1734,7 @@ hydrate();
                 // In multi-env builds, manualChunks must only be set per-environment
                 // (on the client env), not globally — otherwise it leaks into RSC/SSR
                 // environments where it can cause asset resolution issues.
-                const isMultiEnv = hasAppDir || hasCloudflarePlugin;
+                const isMultiEnv = hasAppDir || hasCloudflarePlugin || hasNitroPlugin;
                 const viteConfig = {
                     // Disable Vite's default HTML serving - we handle all routing
                     appType: "custom",
@@ -1777,8 +1796,8 @@ hydrate();
                     },
                     // Externalize React packages from SSR transform — they are CJS and
                     // must be loaded natively by Node, not through Vite's ESM evaluator.
-                    // Skip when targeting Cloudflare Workers (they bundle everything).
-                    ...(hasCloudflarePlugin ? {} : {
+                    // Skip when targeting bundled runtimes (Cloudflare/Nitro bundle everything).
+                    ...(hasCloudflarePlugin || hasNitroPlugin ? {} : {
                         ssr: {
                             external: ["react", "react-dom", "react-dom/server"],
                         },
@@ -1829,14 +1848,14 @@ hydrate();
                     ];
                     viteConfig.environments = {
                         rsc: {
-                            ...(hasCloudflarePlugin ? {} : {
+                            ...(hasCloudflarePlugin || hasNitroPlugin ? {} : {
                                 resolve: {
                                     // Externalize native/heavy packages so the RSC environment
                                     // loads them natively via Node rather than through Vite's
                                     // ESM module evaluator (which can't handle native addons).
                                     // Note: Do NOT externalize react/react-dom here — they must
                                     // be bundled with the "react-server" condition for RSC.
-                                    // Skip when targeting Cloudflare Workers.
+                                    // Skip when targeting bundled runtimes (Cloudflare/Nitro).
                                     external: [
                                         "satori",
                                         "@resvg/resvg-js",
@@ -1870,11 +1889,15 @@ hydrate();
                         client: {
                             optimizeDeps: {
                                 exclude: ["vinext"],
-                                // react and react-dom are framework dependencies used for
-                                // hydration. They aren't crawled from app/ source files so
-                                // must be pre-included to prevent late discovery and page
-                                // reloads during development.
-                                include: ["react", "react-dom", "react-dom/client"],
+                                // React packages aren't crawled from app/ source files,
+                                // so must be pre-included to avoid late discovery (#25).
+                                include: [
+                                    "react",
+                                    "react-dom",
+                                    "react-dom/client",
+                                    "react/jsx-runtime",
+                                    "react/jsx-dev-runtime",
+                                ],
                             },
                             build: {
                                 // When targeting Cloudflare Workers, enable manifest generation
@@ -2297,13 +2320,25 @@ hydrate();
                                     req.__vinextRewriteStatus = result.rewriteStatus;
                                 }
                             }
+                            // Build request context once for has/missing condition checks
+                            // across headers, redirects, and rewrites.
+                            const reqUrl = new URL(url, `http://${req.headers.host || "localhost"}`);
+                            const reqCtxHeaders = new Headers(Object.fromEntries(Object.entries(req.headers)
+                                .filter(([, v]) => v !== undefined)
+                                .map(([k, v]) => [k, Array.isArray(v) ? v.join(", ") : String(v)])));
+                            const reqCtx = {
+                                headers: reqCtxHeaders,
+                                cookies: parseCookies(reqCtxHeaders.get("cookie")),
+                                query: reqUrl.searchParams,
+                                host: reqCtxHeaders.get("host") ?? reqUrl.host,
+                            };
                             // Apply custom headers from next.config.js
                             if (nextConfig?.headers.length) {
-                                applyHeaders(pathname, res, nextConfig.headers);
+                                applyHeaders(pathname, res, nextConfig.headers, reqCtx);
                             }
                             // Apply redirects from next.config.js
                             if (nextConfig?.redirects.length) {
-                                const redirected = applyRedirects(pathname, res, nextConfig.redirects);
+                                const redirected = applyRedirects(pathname, res, nextConfig.redirects, reqCtx);
                                 if (redirected)
                                     return;
                             }
@@ -2311,7 +2346,7 @@ hydrate();
                             let resolvedUrl = url;
                             if (nextConfig?.rewrites.beforeFiles.length) {
                                 resolvedUrl =
-                                    applyRewrites(pathname, nextConfig.rewrites.beforeFiles) ??
+                                    applyRewrites(pathname, nextConfig.rewrites.beforeFiles, reqCtx) ??
                                         url;
                             }
                             // External rewrite from beforeFiles — proxy to external URL
@@ -2338,7 +2373,7 @@ hydrate();
                             // *resolved* pathname. Next.js applies these when route matching succeeds
                             // but allows overriding with rewrites.
                             if (nextConfig?.rewrites.afterFiles.length) {
-                                const afterRewrite = applyRewrites(resolvedUrl.split("?")[0], nextConfig.rewrites.afterFiles);
+                                const afterRewrite = applyRewrites(resolvedUrl.split("?")[0], nextConfig.rewrites.afterFiles, reqCtx);
                                 if (afterRewrite)
                                     resolvedUrl = afterRewrite;
                             }
@@ -2357,7 +2392,7 @@ hydrate();
                             }
                             // No route matched — try fallback rewrites
                             if (nextConfig?.rewrites.fallback.length) {
-                                const fallbackRewrite = applyRewrites(resolvedUrl.split("?")[0], nextConfig.rewrites.fallback);
+                                const fallbackRewrite = applyRewrites(resolvedUrl.split("?")[0], nextConfig.rewrites.fallback, reqCtx);
                                 if (fallbackRewrite) {
                                     // External fallback rewrite — proxy to external URL
                                     if (isExternalUrl(fallbackRewrite)) {
@@ -3172,22 +3207,14 @@ function sanitizeDestinationLocal(dest) {
  * Apply redirect rules from next.config.js.
  * Returns true if a redirect was applied.
  */
-function applyRedirects(pathname, res, redirects) {
-    for (const redirect of redirects) {
-        const params = matchConfigPattern(pathname, redirect.source);
-        if (params) {
-            let dest = redirect.destination;
-            for (const [key, value] of Object.entries(params)) {
-                dest = dest.replace(`:${key}*`, value);
-                dest = dest.replace(`:${key}+`, value);
-                dest = dest.replace(`:${key}`, value);
-            }
-            // Sanitize to prevent open redirect via protocol-relative URLs
-            dest = sanitizeDestinationLocal(dest);
-            res.writeHead(redirect.permanent ? 308 : 307, { Location: dest });
-            res.end();
-            return true;
-        }
+function applyRedirects(pathname, res, redirects, ctx) {
+    const result = matchRedirect(pathname, redirects, ctx);
+    if (result) {
+        // Sanitize to prevent open redirect via protocol-relative URLs
+        const dest = sanitizeDestinationLocal(result.destination);
+        res.writeHead(result.permanent ? 308 : 307, { Location: dest });
+        res.end();
+        return true;
     }
     return false;
 }
@@ -3254,35 +3281,21 @@ async function proxyExternalRewriteNode(req, res, externalUrl) {
  * Apply rewrite rules from next.config.js.
  * Returns the rewritten URL or null if no rewrite matched.
  */
-function applyRewrites(pathname, rewrites) {
-    for (const rewrite of rewrites) {
-        const params = matchConfigPattern(pathname, rewrite.source);
-        if (params) {
-            let dest = rewrite.destination;
-            for (const [key, value] of Object.entries(params)) {
-                dest = dest.replace(`:${key}*`, value);
-                dest = dest.replace(`:${key}+`, value);
-                dest = dest.replace(`:${key}`, value);
-            }
-            // Sanitize to prevent open redirect via protocol-relative URLs
-            dest = sanitizeDestinationLocal(dest);
-            return dest;
-        }
+function applyRewrites(pathname, rewrites, ctx) {
+    const dest = matchRewrite(pathname, rewrites, ctx);
+    if (dest) {
+        // Sanitize to prevent open redirect via protocol-relative URLs
+        return sanitizeDestinationLocal(dest);
     }
     return null;
 }
 /**
  * Apply custom header rules from next.config.js.
  */
-function applyHeaders(pathname, res, headers) {
-    for (const rule of headers) {
-        const escaped = escapeHeaderSource(rule.source);
-        const sourceRegex = safeRegExp("^" + escaped + "$");
-        if (sourceRegex && sourceRegex.test(pathname)) {
-            for (const header of rule.headers) {
-                res.setHeader(header.key, header.value);
-            }
-        }
+function applyHeaders(pathname, res, headers, ctx) {
+    const matched = matchHeaders(pathname, headers, ctx);
+    for (const header of matched) {
+        res.setHeader(header.key, header.value);
     }
 }
 /**