vinext 0.0.23 → 0.0.24

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (30) hide show
  1. package/dist/config/config-matchers.d.ts.map +1 -1
  2. package/dist/config/config-matchers.js +13 -3
  3. package/dist/config/config-matchers.js.map +1 -1
  4. package/dist/deploy.d.ts.map +1 -1
  5. package/dist/deploy.js +76 -27
  6. package/dist/deploy.js.map +1 -1
  7. package/dist/index.d.ts +11 -2
  8. package/dist/index.d.ts.map +1 -1
  9. package/dist/index.js +28 -12
  10. package/dist/index.js.map +1 -1
  11. package/dist/server/app-dev-server.d.ts.map +1 -1
  12. package/dist/server/app-dev-server.js +56 -19
  13. package/dist/server/app-dev-server.js.map +1 -1
  14. package/dist/server/prod-server.d.ts +8 -2
  15. package/dist/server/prod-server.d.ts.map +1 -1
  16. package/dist/server/prod-server.js +45 -14
  17. package/dist/server/prod-server.js.map +1 -1
  18. package/dist/server/worker-utils.d.ts +15 -0
  19. package/dist/server/worker-utils.d.ts.map +1 -0
  20. package/dist/server/worker-utils.js +41 -0
  21. package/dist/server/worker-utils.js.map +1 -0
  22. package/dist/shims/headers.d.ts +6 -0
  23. package/dist/shims/headers.d.ts.map +1 -1
  24. package/dist/shims/headers.js +8 -0
  25. package/dist/shims/headers.js.map +1 -1
  26. package/dist/utils/project.d.ts +13 -1
  27. package/dist/utils/project.d.ts.map +1 -1
  28. package/dist/utils/project.js +63 -13
  29. package/dist/utils/project.js.map +1 -1
  30. package/package.json +6 -1
package/dist/config/config-matchers.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"config-matchers.d.ts","sourceRoot":"","sources":["../../src/config/config-matchers.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAc5F;;;;;;;;;GASG;AACH,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAsGpD;AAED;;;;;GAKG;AACH,wBAAgB,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAczE;AAED;;;;;;GAMG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAsDzD;AAED;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,KAAK,EAAE,eAAe,CAAC;IACvB,IAAI,EAAE,MAAM,CAAC;CACd;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,YAAY,EAAE,MAAM,GAAG,IAAI,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAWhF;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,OAAO,GAAG,cAAc,CAQ1E;AAmDD;;;;;;GAMG;AACH,wBAAgB,kBAAkB,CAChC,GAAG,EAAE,YAAY,EAAE,GAAG,SAAS,EAC/B,OAAO,EAAE,YAAY,EAAE,GAAG,SAAS,EACnC,GAAG,EAAE,cAAc,GAClB,OAAO,CAYT;AAsBD;;;;;;;;;;GAUG;AACH,wBAAgB,kBAAkB,CAChC,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,GACd,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,IAAI,CAmG/B;AAED;;;;;;;GAOG;AACH,wBAAgB,aAAa,CAC3B,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,YAAY,EAAE,EACzB,GAAG,EAAE,cAAc,GAClB;IAAE,WAAW,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,OAAO,CAAA;CAAE,GAAG,IAAI,CAuBpD;AAED;;;;;;;GAOG;AACH,wBAAgB,YAAY,CAC1B,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,WAAW,EAAE,EACvB,GAAG,EAAE,cAAc,GAClB,MAAM,GAAG,IAAI,CAuBf;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAWxD;AAED;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAElD;AAED;;;;;;;;GAQG;AACH,wBAAsB,oBAAoB,CACxC,OAAO,EAAE,OAAO,EAChB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,QAAQ,CAAC,CAkFnB;AAED;;;;;;;GAOG;AACH,wBAAgB,YAAY,CAC1B,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,UAAU,EAAE,EACrB,GAAG,EAAE,cAAc,GAClB,KAAK,CAAC;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC,CAevC"}
1
+ {"version":3,"file":"config-matchers.d.ts","sourceRoot":"","sources":["../../src/config/config-matchers.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAc5F;;;;;;;;;GASG;AACH,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAsGpD;AAED;;;;;GAKG;AACH,wBAAgB,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAczE;AAED;;;;;;GAMG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAsDzD;AAED;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,KAAK,EAAE,eAAe,CAAC;IACvB,IAAI,EAAE,MAAM,CAAC;CACd;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,YAAY,EAAE,MAAM,GAAG,IAAI,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAWhF;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,OAAO,GAAG,cAAc,CAQ1E;AAmDD;;;;;;GAMG;AACH,wBAAgB,kBAAkB,CAChC,GAAG,EAAE,YAAY,EAAE,GAAG,SAAS,EAC/B,OAAO,EAAE,YAAY,EAAE,GAAG,SAAS,EACnC,GAAG,EAAE,cAAc,GAClB,OAAO,CAYT;AAsBD;;;;;;;;;;GAUG;AACH,wBAAgB,kBAAkB,CAChC,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,GACd,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,IAAI,CAmG/B;AAED;;;;;;;GAOG;AACH,wBAAgB,aAAa,CAC3B,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,YAAY,EAAE,EACzB,GAAG,EAAE,cAAc,GAClB;IAAE,WAAW,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,OAAO,CAAA;CAAE,GAAG,IAAI,CAuBpD;AAED;;;;;;;GAOG;AACH,wBAAgB,YAAY,CAC1B,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,WAAW,EAAE,EACvB,GAAG,EAAE,cAAc,GAClB,MAAM,GAAG,IAAI,CAuBf;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAWxD;AAED;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAElD;AAED;;;;;;;;GAQG;AACH,wBAAsB,oBAAoB,CACxC,OAAO,EAAE,OAAO,EAChB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,QAAQ,CAAC,CA0FnB;AAED;;;;;;;GAOG;AACH,wBAAgB,YAAY,CAC1B,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,UAAU,EAAE,EACrB,GAAG,EAAE,cAAc,GAClB,KAAK,CAAC;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC,CAevC"}
package/dist/config/config-matchers.js CHANGED
@@ -624,11 +624,21 @@ export async function proxyExternalRequest(request, externalUrl) {
624
624
  }
625
625
  // Build the response to return to the client.
626
626
  // Copy all upstream headers except hop-by-hop headers.
627
+ // Node.js fetch() auto-decompresses responses (gzip, br, etc.), so the body
628
+ // we receive is already plain text. Forwarding the original content-encoding
629
+ // and content-length headers causes the browser to attempt a second
630
+ // decompression on the already-decoded body, resulting in
631
+ // ERR_CONTENT_DECODING_FAILED. Strip both headers on Node.js only.
632
+ // On Workers, fetch() preserves wire encoding, so the headers stay accurate.
633
+ const isNodeRuntime = typeof process !== "undefined" && !!(process.versions?.node);
627
634
  const responseHeaders = new Headers();
628
635
  upstreamResponse.headers.forEach((value, key) => {
629
- if (!HOP_BY_HOP_HEADERS.has(key.toLowerCase())) {
630
- responseHeaders.append(key, value);
631
- }
636
+ const lower = key.toLowerCase();
637
+ if (HOP_BY_HOP_HEADERS.has(lower))
638
+ return;
639
+ if (isNodeRuntime && (lower === "content-encoding" || lower === "content-length"))
640
+ return;
641
+ responseHeaders.append(key, value);
632
642
  });
633
643
  return new Response(upstreamResponse.body, {
634
644
  status: upstreamResponse.status,
package/dist/config/config-matchers.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"config-matchers.js","sourceRoot":"","sources":["../../src/config/config-matchers.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,uEAAuE;AACvE,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC;IACjC,YAAY;IACZ,YAAY;IACZ,oBAAoB;IACpB,qBAAqB;IACrB,IAAI;IACJ,UAAU;IACV,mBAAmB;IACnB,SAAS;CACV,CAAC,CAAC;AAEH;;;;;;;;;GASG;AACH,MAAM,UAAU,WAAW,CAAC,OAAe;IACzC,sEAAsE;IACtE,uBAAuB;IACvB,MAAM,iBAAiB,GAAc,EAAE,CAAC;IACxC,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,IAAI,CAAC,GAAG,CAAC,CAAC;IAEV,OAAO,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;QAC1B,MAAM,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QAEtB,0BAA0B;QAC1B,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC;YAChB,CAAC,IAAI,CAAC,CAAC;YACP,SAAS;QACX,CAAC;QAED,qEAAqE;QACrE,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YACf,CAAC,EAAE,CAAC;YACJ,OAAO,CAAC,GAAG,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;gBAChD,IAAI,OAAO,CAAC,CAAC,CAAC,KAAK,IAAI;oBAAE,CAAC,EAAE,CAAC,CAAC,6BAA6B;gBAC3D,CAAC,EAAE,CAAC;YACN,CAAC;YACD,CAAC,EAAE,CAAC,CAAC,iBAAiB;YACtB,SAAS;QACX,CAAC;QAED,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YACf,KAAK,EAAE,CAAC;YACR,uDAAuD;YACvD,IAAI,iBAAiB,CAAC,MAAM,IAAI,KAAK,EAAE,CAAC;gBACtC,iBAAiB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAChC,CAAC;iBAAM,CAAC;gBACN,iBAAiB,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC;YACnC,CAAC;YACD,CAAC,EAAE,CAAC;YACJ,SAAS;QACX,CAAC;QAED,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YACf,MAAM,aAAa,GAAG,KAAK,GAAG,CAAC,IAAI,iBAAiB,CAAC,KAAK,CAAC,CAAC;YAC5D,IAAI,KAAK,GAAG,CAAC;gBAAE,KAAK,EAAE,CAAC;YAEvB,yDAAyD;YACzD,4EAA4E;YAC5E,uEAAuE;YACvE,yFAAyF;YACzF,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAC5B,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;gBACjD,IAAI,aAAa,EAAE,CAAC;oBAClB,+EAA+E;oBAC/E,OAAO,KAAK,CAAC;gBACf,CAAC;gBACD,kDAAkD;gBAClD,IAAI,KAAK,IAAI,CAAC,IAAI,KAAK,GAAG,iBAAiB,CAAC,MAAM,EAAE,CAAC;oBACnD,iBAAiB,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC;gBAClC,CAAC;YACH,CAAC;YACD,CAAC,EAAE,CAAC;YACJ,SAAS;QACX,CAAC;QAED,qCAAqC;QACrC,mFAAmF;QACnF,4CAA4C;QAC5C,IAAI,EAAE,KAAK,GAAG,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YAC7B,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;gBACd,iBAAiB,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC;YAClC,CAAC;YACD,CAAC,EAAE,CAAC;YACJ,SAAS;QACX,CAAC;QAED,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YACf,qEAAqE;YACrE,MAAM,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACzC,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;gBACjE,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;oBACd,iBAAiB,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC;gBAClC,CAAC;YACH,CAAC;YACD,CAAC,EAAE,CAAC;YACJ,SAAS;QACX,CAAC;QAED,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YACf,iDAAiD;YACjD,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACd,OAAO,CAAC,GAAG,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;gBAAE,CAAC,EAAE,CAAC;YAC3D,IAAI,CAAC,GAAG,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC1D,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;oBACd,iBAAiB,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC;gBAClC,CAAC;gBACD,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBACV,SAAS;YACX,CAAC;QACH,CAAC;QAED,CAAC,EAAE,CAAC;IACN,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,UAAU,CAAC,OAAe,EAAE,KAAc;IACxD,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC;QAC1B,OAAO,CAAC,IAAI,CACV,oEAAoE,OAAO,IAAI;YAC/E,wFAAwF;YACxF,oDAAoD,CACrD,CAAC;QACF,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,CAAC;QACH,OAAO,IAAI,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACpC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,kBAAkB,CAAC,MAAc;IAC/C,6EAA6E;IAC7E,4DAA4D;IAC5D,MAAM,CAAC,GAAG,QAAQ,CAAC;IAEnB,uEAAuE;IACvE,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,gBAAgB,GAAG,MAAM,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC,EAAE,EAAE,KAAK,EAAE,EAAE;QACpE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACnB,OAAO,GAAG,CAAC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,oEAAoE;IACpE,+FAA+F;IAC/F,qEAAqE;IACrE,6EAA6E;IAC7E,mEAAmE;IACnE,wDAAwD;IACxD,+CAA+C;IAC/C,sFAAsF;IACtF,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,MAAM,EAAE,GAAG,IAAI,MAAM,CACnB,GAAG,CAAC,UAAU,CAAC,mCAAmC,EAAE,oDAAoD;IACxG,GAAG,CACJ,CAAC;IACF,IAAI,CAAyB,CAAC;IAC9B,OAAO,CAAC,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAChD,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;YACvB,yCAAyC;YACzC,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;QACxC,CAAC;aAAM,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAChC,wEAAwE;YACxE,MAAM,UAAU,GAAG,gBAAgB,CAAC,KAAK,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC;YACxD,MAAM,eAAe,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;YACzE,IAAI,eAAe,EAAE,CAAC;gBACpB,+DAA+D;gBAC/D,EAAE,CAAC,SAAS,IAAI,eAAe,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;gBAC1C,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;YACtD,CAAC;iBAAM,CAAC;gBACN,4CAA4C;gBAC5C,MAAM,IAAI,OAAO,CAAC;YACpB,CAAC;QACH,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBACb,KAAK,GAAG;oBAAE,MAAM,IAAI,KAAK,CAAC;oBAAC,MAAM;gBACjC,KAAK,GAAG;oBAAE,MAAM,IAAI,KAAK,CAAC;oBAAC,MAAM;gBACjC,KAAK,GAAG;oBAAE,MAAM,IAAI,KAAK,CAAC;oBAAC,MAAM;gBACjC,KAAK,GAAG;oBAAE,MAAM,IAAI,IAAI,CAAC;oBAAC,MAAM;gBAChC;oBAAS,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;oBAAC,MAAM;YACjC,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAaD;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,YAA2B;IACtD,IAAI,CAAC,YAAY;QAAE,OAAO,EAAE,CAAC;IAC7B,MAAM,OAAO,GAA2B,EAAE,CAAC;IAC3C,KAAK,MAAM,IAAI,IAAI,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3C,MAAM,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC7B,IAAI,EAAE,KAAK,CAAC,CAAC;YAAE,SAAS;QACxB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QACrC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACxC,IAAI,GAAG;YAAE,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;IAChC,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,yBAAyB,CAAC,OAAgB;IACxD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACjC,OAAO;QACL,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,OAAO,EAAE,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACpD,KAAK,EAAE,GAAG,CAAC,YAAY;QACvB,IAAI,EAAE,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,GAAG,CAAC,IAAI;KAC9C,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,SAAS,oBAAoB,CAAC,SAAuB,EAAE,GAAmB;IACxE,QAAQ,SAAS,CAAC,IAAI,EAAE,CAAC;QACvB,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YACnD,IAAI,WAAW,KAAK,IAAI;gBAAE,OAAO,KAAK,CAAC;YACvC,IAAI,SAAS,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;gBAClC,MAAM,EAAE,GAAG,UAAU,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;gBACvC,IAAI,EAAE;oBAAE,OAAO,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;gBACpC,OAAO,WAAW,KAAK,SAAS,CAAC,KAAK,CAAC;YACzC,CAAC;YACD,OAAO,IAAI,CAAC,CAAC,kCAAkC;QACjD,CAAC;QACD,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YAC/C,IAAI,WAAW,KAAK,SAAS;gBAAE,OAAO,KAAK,CAAC;YAC5C,IAAI,SAAS,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;gBAClC,MAAM,EAAE,GAAG,UAAU,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;gBACvC,IAAI,EAAE;oBAAE,OAAO,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;gBACpC,OAAO,WAAW,KAAK,SAAS,CAAC,KAAK,CAAC;YACzC,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QACD,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,MAAM,UAAU,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YAChD,IAAI,UAAU,KAAK,IAAI;gBAAE,OAAO,KAAK,CAAC;YACtC,IAAI,SAAS,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;gBAClC,MAAM,EAAE,GAAG,UAAU,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;gBACvC,IAAI,EAAE;oBAAE,OAAO,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;gBACnC,OAAO,UAAU,KAAK,SAAS,CAAC,KAAK,CAAC;YACxC,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QACD,KAAK,MAAM,CAAC,CAAC,CAAC;YACZ,IAAI,SAAS,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;gBAClC,MAAM,EAAE,GAAG,UAAU,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;gBACvC,IAAI,EAAE;oBAAE,OAAO,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;gBACjC,OAAO,GAAG,CAAC,IAAI,KAAK,SAAS,CAAC,KAAK,CAAC;YACtC,CAAC;YACD,OAAO,GAAG,CAAC,IAAI,KAAK,SAAS,CAAC,GAAG,CAAC;QACpC,CAAC;QACD;YACE,OAAO,KAAK,CAAC;IACjB,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,kBAAkB,CAChC,GAA+B,EAC/B,OAAmC,EACnC,GAAmB;IAEnB,IAAI,GAAG,EAAE,CAAC;QACR,KAAK,MAAM,SAAS,IAAI,GAAG,EAAE,CAAC;YAC5B,IAAI,CAAC,oBAAoB,CAAC,SAAS,EAAE,GAAG,CAAC;gBAAE,OAAO,KAAK,CAAC;QAC1D,CAAC;IACH,CAAC;IACD,IAAI,OAAO,EAAE,CAAC;QACZ,KAAK,MAAM,SAAS,IAAI,OAAO,EAAE,CAAC;YAChC,IAAI,oBAAoB,CAAC,SAAS,EAAE,GAAG,CAAC;gBAAE,OAAO,KAAK,CAAC;QACzD,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,SAAS,iBAAiB,CAAC,GAAW,EAAE,EAAU;IAChD,IAAI,GAAG,CAAC,EAAE,CAAC,SAAS,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IAC3C,MAAM,KAAK,GAAG,EAAE,CAAC,SAAS,GAAG,CAAC,CAAC;IAC/B,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,IAAI,CAAC,GAAG,KAAK,CAAC;IACd,OAAO,CAAC,GAAG,GAAG,CAAC,MAAM,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;QACnC,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,GAAG;YAAE,KAAK,EAAE,CAAC;aACvB,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,GAAG;YAAE,KAAK,EAAE,CAAC;QACjC,CAAC,EAAE,CAAC;IACN,CAAC;IACD,IAAI,KAAK,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAC7B,EAAE,CAAC,SAAS,GAAG,CAAC,CAAC;IACjB,OAAO,GAAG,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;AACjC,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,kBAAkB,CAChC,QAAgB,EAChB,OAAe;IAEf,+EAA+E;IAC/E,4EAA4E;IAC5E,6EAA6E;IAC7E,+EAA+E;IAC/E,+EAA+E;IAC/E,oFAAoF;IACpF,6EAA6E;IAC7E,iFAAiF;IACjF,IACE,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC;QACrB,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC;QACtB,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC;QAC/B,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,EACzB,CAAC;QACD,IAAI,CAAC;YACH,iEAAiE;YACjE,MAAM,UAAU,GAAa,EAAE,CAAC;YAChC,wEAAwE;YACxE,qEAAqE;YACrE,sEAAsE;YACtE,oCAAoC;YACpC,IAAI,QAAQ,GAAG,EAAE,CAAC;YAClB,MAAM,OAAO,GAAG,uBAAuB,CAAC,CAAC,yFAAyF;YAClI,IAAI,GAA2B,CAAC;YAChC,OAAO,CAAC,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC9C,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;oBACzB,MAAM,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;oBACpB,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;oBAC9C,yDAAyD;oBACzD,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;wBACjD,MAAM,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;wBAC3B,OAAO,CAAC,SAAS,IAAI,CAAC,CAAC;wBACvB,MAAM,UAAU,GAAG,iBAAiB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;wBACvD,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;wBACtB,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;4BACxB,QAAQ,IAAI,IAAI,UAAU,GAAG,CAAC;wBAChC,CAAC;6BAAM,CAAC;4BACN,QAAQ,IAAI,UAAU,KAAK,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC;wBACnD,CAAC;oBACH,CAAC;yBAAM,CAAC;wBACN,iDAAiD;wBACjD,MAAM,UAAU,GAAG,iBAAiB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;wBACvD,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;wBACtB,QAAQ,IAAI,UAAU,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,UAAU,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;oBAClE,CAAC;gBACH,CAAC;qBAAM,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;oBAC1B,QAAQ,IAAI,KAAK,CAAC;gBACpB,CAAC;qBAAM,CAAC;oBACN,QAAQ,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC;gBACrB,CAAC;YACH,CAAC;YACD,MAAM,EAAE,GAAG,UAAU,CAAC,GAAG,GAAG,QAAQ,GAAG,GAAG,CAAC,CAAC;YAC5C,IAAI,CAAC,EAAE;gBAAE,OAAO,IAAI,CAAC;YACrB,MAAM,KAAK,GAAG,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAChC,IAAI,CAAC,KAAK;gBAAE,OAAO,IAAI,CAAC;YACxB,MAAM,MAAM,GAA2B,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAC3D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3C,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;YAC7C,CAAC;YACD,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,MAAM,CAAC;YACP,yCAAyC;QAC3C,CAAC;IACH,CAAC;IAED,yEAAyE;IACzE,+DAA+D;IAC/D,MAAM,aAAa,GAAG,OAAO,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC;IACzD,IAAI,aAAa,EAAE,CAAC;QAClB,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC;QAC1D,MAAM,SAAS,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;QACnC,MAAM,MAAM,GAAG,aAAa,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC;QAExC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC;QAEjE,MAAM,IAAI,GAAG,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC;QAC9D,IAAI,MAAM,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,KAAK,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC;QACnD,IAAI,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAC5D,2EAA2E;QAC3E,gFAAgF;QAChF,OAAO,EAAE,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,CAAC;IACpC,CAAC;IAED,8DAA8D;IAC9D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACjC,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAEtC,IAAI,KAAK,CAAC,MAAM,KAAK,SAAS,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IAEnD,MAAM,MAAM,GAA2B,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAC3D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAC7B,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;QAC3C,CAAC;aAAM,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC;YACrC,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,aAAa,CAC3B,QAAgB,EAChB,SAAyB,EACzB,GAAmB;IAEnB,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,MAAM,MAAM,GAAG,kBAAkB,CAAC,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC7D,IAAI,MAAM,EAAE,CAAC;YACX,IAAI,QAAQ,CAAC,GAAG,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;gBACrC,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,GAAG,EAAE,QAAQ,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE,CAAC;oBAC7D,SAAS;gBACX,CAAC;YACH,CAAC;YACD,IAAI,IAAI,GAAG,QAAQ,CAAC,WAAW,CAAC;YAChC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;gBAClD,iEAAiE;gBACjE,+EAA+E;gBAC/E,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,GAAG,GAAG,EAAE,KAAK,CAAC,CAAC;gBACvC,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,GAAG,GAAG,EAAE,KAAK,CAAC,CAAC;gBACvC,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,GAAG,EAAE,EAAE,KAAK,CAAC,CAAC;YACxC,CAAC;YACD,0FAA0F;YAC1F,IAAI,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;YACjC,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,CAAC,SAAS,EAAE,CAAC;QAC9D,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,YAAY,CAC1B,QAAgB,EAChB,QAAuB,EACvB,GAAmB;IAEnB,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,kBAAkB,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,IAAI,MAAM,EAAE,CAAC;YACX,IAAI,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;gBACnC,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE,CAAC;oBAC3D,SAAS;gBACX,CAAC;YACH,CAAC;YACD,IAAI,IAAI,GAAG,OAAO,CAAC,WAAW,CAAC;YAC/B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;gBAClD,iEAAiE;gBACjE,+EAA+E;gBAC/E,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,GAAG,GAAG,EAAE,KAAK,CAAC,CAAC;gBACvC,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,GAAG,GAAG,EAAE,KAAK,CAAC,CAAC;gBACvC,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,GAAG,EAAE,EAAE,KAAK,CAAC,CAAC;YACxC,CAAC;YACD,0FAA0F;YAC1F,IAAI,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;YACjC,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,mBAAmB,CAAC,IAAY;IAC9C,uEAAuE;IACvE,IAAI,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9D,OAAO,IAAI,CAAC;IACd,CAAC;IACD,uEAAuE;IACvE,sEAAsE;IACtE,wEAAwE;IACxE,uDAAuD;IACvD,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;IACpC,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,GAAW;IACvC,OAAO,sBAAsB,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;AAClE,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,OAAgB,EAChB,WAAmB;IAEnB,qFAAqF;IACrF,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACzC,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;IAEvC,mEAAmE;IACnE,8EAA8E;IAC9E,yDAAyD;IACzD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,WAAW,CAAC,YAAY,EAAE,CAAC;QACpD,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACrC,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QACzC,CAAC;IACH,CAAC;IAED,+CAA+C;IAC/C,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAC7C,iEAAiE;IACjE,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;IACpC,mEAAmE;IACnE,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IAC7B,yEAAyE;IACzE,oEAAoE;IACpE,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACzB,OAAO,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;IAChC,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IAC5B,OAAO,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC;IACtC,MAAM,YAAY,GAAa,EAAE,CAAC;IAClC,KAAK,MAAM,GAAG,IAAI,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;QACjC,IAAI,GAAG,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;YACpC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IACD,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;QAC/B,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACtB,CAAC;IAED,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAC9B,MAAM,OAAO,GAAG,MAAM,KAAK,KAAK,IAAI,MAAM,KAAK,MAAM,CAAC;IAEtD,MAAM,IAAI,GAAsC;QAC9C,MAAM;QACN,OAAO;QACP,QAAQ,EAAE,QAAQ,EAAE,2DAA2D;KAChF,CAAC;IAEF,IAAI,OAAO,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;QACzB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,0EAA0E;IAC1E,0EAA0E;IAC1E,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,MAAM,CAAC,CAAC;IAC7D,IAAI,gBAA0B,CAAC;IAC/B,IAAI,CAAC;QACH,gBAAgB,GAAG,MAAM,KAAK,CAAC,SAAS,CAAC,IAAI,EAAE,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;IACzF,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,IAAI,CAAC,EAAE,IAAI,KAAK,YAAY,EAAE,CAAC;YAC7B,OAAO,CAAC,KAAK,CAAC,0CAA0C,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;YAC1E,OAAO,IAAI,QAAQ,CAAC,iBAAiB,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QAC1D,CAAC;QACD,OAAO,CAAC,KAAK,CAAC,wCAAwC,EAAE,CAAC,CAAC,CAAC;QAC3D,OAAO,IAAI,QAAQ,CAAC,aAAa,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;IACtD,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,OAAO,CAAC,CAAC;IACxB,CAAC;IAED,8CAA8C;IAC9C,uDAAuD;IACvD,MAAM,eAAe,GAAG,IAAI,OAAO,EAAE,CAAC;IACtC,gBAAgB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;QAC9C,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;YAC/C,eAAe,CAAC,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QACrC,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,IAAI,QAAQ,CAAC,gBAAgB,CAAC,IAAI,EAAE;QACzC,MAAM,EAAE,gBAAgB,CAAC,MAAM;QAC/B,UAAU,EAAE,gBAAgB,CAAC,UAAU;QACvC,OAAO,EAAE,eAAe;KACzB,CAAC,CAAC;AACL,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,YAAY,CAC1B,QAAgB,EAChB,OAAqB,EACrB,GAAmB;IAEnB,MAAM,MAAM,GAA0C,EAAE,CAAC;IACzD,KAAK,MAAM,IAAI,IAAI,OAAO,EAAE,CAAC;QAC3B,MAAM,OAAO,GAAG,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAChD,MAAM,WAAW,GAAG,UAAU,CAAC,GAAG,GAAG,OAAO,GAAG,GAAG,CAAC,CAAC;QACpD,IAAI,WAAW,IAAI,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC9C,IAAI,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;gBAC7B,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE,CAAC;oBACrD,SAAS;gBACX,CAAC;YACH,CAAC;YACD,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC","sourcesContent":["/**\n * Config pattern matching and rule application utilities.\n *\n * Shared between the dev server (index.ts) and the production server\n * (prod-server.ts) so both apply next.config.js rules identically.\n */\n\nimport type { NextRedirect, NextRewrite, NextHeader, HasCondition } from \"./next-config.js\";\n\n/** Hop-by-hop headers that should not be forwarded through a proxy. */\nconst HOP_BY_HOP_HEADERS = new Set([\n \"connection\",\n \"keep-alive\",\n \"proxy-authenticate\",\n \"proxy-authorization\",\n \"te\",\n \"trailers\",\n \"transfer-encoding\",\n \"upgrade\",\n]);\n\n/**\n * Detect regex patterns vulnerable to catastrophic backtracking (ReDoS).\n *\n * Uses a lightweight heuristic: scans the pattern string for nested quantifiers\n * (a quantifier applied to a group that itself contains a quantifier). This\n * catches the most common pathological patterns like `(a+)+`, `(.*)*`,\n * `([^/]+)+`, `(a|a+)+` without needing a full regex parser.\n *\n * Returns true if the pattern appears safe, false if it's potentially dangerous.\n */\nexport function isSafeRegex(pattern: string): boolean {\n // Track parenthesis nesting depth and whether we've seen a quantifier\n // at each depth level.\n const quantifierAtDepth: boolean[] = [];\n let depth = 0;\n let i = 0;\n\n while (i < pattern.length) {\n const ch = pattern[i];\n\n // Skip escaped characters\n if (ch === \"\\\\\") {\n i += 2;\n continue;\n }\n\n // Skip character classes [...] — quantifiers inside them are literal\n if (ch === \"[\") {\n i++;\n while (i < pattern.length && pattern[i] !== \"]\") {\n if (pattern[i] === \"\\\\\") i++; // skip escaped char in class\n i++;\n }\n i++; // skip closing ]\n continue;\n }\n\n if (ch === \"(\") {\n depth++;\n // Initialize: no quantifier seen yet at this new depth\n if (quantifierAtDepth.length <= depth) {\n quantifierAtDepth.push(false);\n } else {\n quantifierAtDepth[depth] = false;\n }\n i++;\n continue;\n }\n\n if (ch === \")\") {\n const hadQuantifier = depth > 0 && quantifierAtDepth[depth];\n if (depth > 0) depth--;\n\n // Look ahead for a quantifier on this group: +, *, {n,m}\n // Note: '?' after ')' means \"zero or one\" which does NOT cause catastrophic\n // backtracking — it only allows 2 paths (match/skip), not exponential.\n // Only unbounded repetition (+, *, {n,}) on a group with inner quantifiers is dangerous.\n const next = pattern[i + 1];\n if (next === \"+\" || next === \"*\" || next === \"{\") {\n if (hadQuantifier) {\n // Nested quantifier detected: quantifier on a group that contains a quantifier\n return false;\n }\n // Mark the enclosing depth as having a quantifier\n if (depth >= 0 && depth < quantifierAtDepth.length) {\n quantifierAtDepth[depth] = true;\n }\n }\n i++;\n continue;\n }\n\n // Detect quantifiers: +, *, ?, {n,m}\n // '?' is a quantifier (optional) unless it follows another quantifier (+, *, ?, })\n // in which case it's a non-greedy modifier.\n if (ch === \"+\" || ch === \"*\") {\n if (depth > 0) {\n quantifierAtDepth[depth] = true;\n }\n i++;\n continue;\n }\n\n if (ch === \"?\") {\n // '?' after +, *, ?, or } is a non-greedy modifier, not a quantifier\n const prev = i > 0 ? pattern[i - 1] : \"\";\n if (prev !== \"+\" && prev !== \"*\" && prev !== \"?\" && prev !== \"}\") {\n if (depth > 0) {\n quantifierAtDepth[depth] = true;\n }\n }\n i++;\n continue;\n }\n\n if (ch === \"{\") {\n // Check if this is a quantifier {n}, {n,}, {n,m}\n let j = i + 1;\n while (j < pattern.length && /[\\d,]/.test(pattern[j])) j++;\n if (j < pattern.length && pattern[j] === \"}\" && j > i + 1) {\n if (depth > 0) {\n quantifierAtDepth[depth] = true;\n }\n i = j + 1;\n continue;\n }\n }\n\n i++;\n }\n\n return true;\n}\n\n/**\n * Compile a regex pattern safely. Returns the compiled RegExp or null if the\n * pattern is invalid or vulnerable to ReDoS.\n *\n * Logs a warning when a pattern is rejected so developers can fix their config.\n */\nexport function safeRegExp(pattern: string, flags?: string): RegExp | null {\n if (!isSafeRegex(pattern)) {\n console.warn(\n `[vinext] Ignoring potentially unsafe regex pattern (ReDoS risk): ${pattern}\\n` +\n ` Patterns with nested quantifiers (e.g. (a+)+) can cause catastrophic backtracking.\\n` +\n ` Simplify the pattern to avoid nested repetition.`,\n );\n return null;\n }\n try {\n return new RegExp(pattern, flags);\n } catch {\n return null;\n }\n}\n\n/**\n * Convert a Next.js header/rewrite/redirect source pattern into a regex string.\n *\n * Regex groups in the source (e.g. `(\\d+)`) are extracted first, the remaining\n * text is escaped/converted in a **single pass** (avoiding chained `.replace()`\n * which CodeQL flags as incomplete sanitization), then groups are restored.\n */\nexport function escapeHeaderSource(source: string): string {\n // Sentinel character for group placeholders. Uses a Unicode private-use-area\n // codepoint that will never appear in real source patterns.\n const S = \"\\uE000\";\n\n // Step 1: extract regex groups and replace with numbered placeholders.\n const groups: string[] = [];\n const withPlaceholders = source.replace(/\\(([^)]+)\\)/g, (_m, inner) => {\n groups.push(inner);\n return `${S}G${groups.length - 1}${S}`;\n });\n\n // Step 2: single-pass conversion of the placeholder-bearing string.\n // Match named params (:[\\w-]+), sentinel group placeholders, metacharacters, and literal text.\n // The regex uses non-overlapping alternatives to avoid backtracking:\n // :[\\w-]+ — named parameter (constraint sentinel is checked procedurally;\n // param names may contain hyphens, e.g. :auth-method)\n // sentinel group — standalone regex group placeholder\n // [.+?*] — single metachar to escape/convert\n // [^.+?*:\\uE000]+ — literal text (excludes all chars that start other alternatives)\n let result = \"\";\n const re = new RegExp(\n `${S}G(\\\\d+)${S}|:[\\\\w-]+|[.+?*]|[^.+?*:\\\\uE000]+`, // lgtm[js/redos] — alternatives are non-overlapping\n \"g\",\n );\n let m: RegExpExecArray | null;\n while ((m = re.exec(withPlaceholders)) !== null) {\n if (m[1] !== undefined) {\n // Standalone regex group — restore as-is\n result += `(${groups[Number(m[1])]})`;\n } else if (m[0].startsWith(\":\")) {\n // Named parameter — check if followed by a constraint group placeholder\n const afterParam = withPlaceholders.slice(re.lastIndex);\n const constraintMatch = afterParam.match(new RegExp(`^${S}G(\\\\d+)${S}`));\n if (constraintMatch) {\n // :param(constraint) — use the constraint as the capture group\n re.lastIndex += constraintMatch[0].length;\n result += `(${groups[Number(constraintMatch[1])]})`;\n } else {\n // Plain named parameter → match one segment\n result += \"[^/]+\";\n }\n } else {\n switch (m[0]) {\n case \".\": result += \"\\\\.\"; break;\n case \"+\": result += \"\\\\+\"; break;\n case \"?\": result += \"\\\\?\"; break;\n case \"*\": result += \".*\"; break;\n default: result += m[0]; break;\n }\n }\n }\n\n return result;\n}\n\n/**\n * Request context needed for evaluating has/missing conditions.\n * Callers extract the relevant parts from the incoming Request.\n */\nexport interface RequestContext {\n headers: Headers;\n cookies: Record<string, string>;\n query: URLSearchParams;\n host: string;\n}\n\n/**\n * Parse a Cookie header string into a key-value record.\n */\nexport function parseCookies(cookieHeader: string | null): Record<string, string> {\n if (!cookieHeader) return {};\n const cookies: Record<string, string> = {};\n for (const part of cookieHeader.split(\";\")) {\n const eq = part.indexOf(\"=\");\n if (eq === -1) continue;\n const key = part.slice(0, eq).trim();\n const value = part.slice(eq + 1).trim();\n if (key) cookies[key] = value;\n }\n return cookies;\n}\n\n/**\n * Build a RequestContext from a Web Request object.\n */\nexport function requestContextFromRequest(request: Request): RequestContext {\n const url = new URL(request.url);\n return {\n headers: request.headers,\n cookies: parseCookies(request.headers.get(\"cookie\")),\n query: url.searchParams,\n host: request.headers.get(\"host\") ?? url.host,\n };\n}\n\n/**\n * Check a single has/missing condition against request context.\n * Returns true if the condition is satisfied.\n */\nfunction checkSingleCondition(condition: HasCondition, ctx: RequestContext): boolean {\n switch (condition.type) {\n case \"header\": {\n const headerValue = ctx.headers.get(condition.key);\n if (headerValue === null) return false;\n if (condition.value !== undefined) {\n const re = safeRegExp(condition.value);\n if (re) return re.test(headerValue);\n return headerValue === condition.value;\n }\n return true; // Key exists, no value constraint\n }\n case \"cookie\": {\n const cookieValue = ctx.cookies[condition.key];\n if (cookieValue === undefined) return false;\n if (condition.value !== undefined) {\n const re = safeRegExp(condition.value);\n if (re) return re.test(cookieValue);\n return cookieValue === condition.value;\n }\n return true;\n }\n case \"query\": {\n const queryValue = ctx.query.get(condition.key);\n if (queryValue === null) return false;\n if (condition.value !== undefined) {\n const re = safeRegExp(condition.value);\n if (re) return re.test(queryValue);\n return queryValue === condition.value;\n }\n return true;\n }\n case \"host\": {\n if (condition.value !== undefined) {\n const re = safeRegExp(condition.value);\n if (re) return re.test(ctx.host);\n return ctx.host === condition.value;\n }\n return ctx.host === condition.key;\n }\n default:\n return false;\n }\n}\n\n/**\n * Check all has/missing conditions for a config rule.\n * Returns true if the rule should be applied (all has conditions pass, all missing conditions pass).\n *\n * - has: every condition must match (the request must have it)\n * - missing: every condition must NOT match (the request must not have it)\n */\nexport function checkHasConditions(\n has: HasCondition[] | undefined,\n missing: HasCondition[] | undefined,\n ctx: RequestContext,\n): boolean {\n if (has) {\n for (const condition of has) {\n if (!checkSingleCondition(condition, ctx)) return false;\n }\n }\n if (missing) {\n for (const condition of missing) {\n if (checkSingleCondition(condition, ctx)) return false;\n }\n }\n return true;\n}\n\n/**\n * If the current position in `str` starts with a parenthesized group, consume\n * it and advance `re.lastIndex` past the closing `)`. Returns the group\n * contents or null if no group is present.\n */\nfunction extractConstraint(str: string, re: RegExp): string | null {\n if (str[re.lastIndex] !== \"(\") return null;\n const start = re.lastIndex + 1;\n let depth = 1;\n let i = start;\n while (i < str.length && depth > 0) {\n if (str[i] === \"(\") depth++;\n else if (str[i] === \")\") depth--;\n i++;\n }\n if (depth !== 0) return null;\n re.lastIndex = i;\n return str.slice(start, i - 1);\n}\n\n/**\n * Match a Next.js config pattern (from redirects/rewrites sources) against a pathname.\n * Returns matched params or null.\n *\n * Supports:\n * :param - matches a single path segment\n * :param* - matches zero or more segments (catch-all)\n * :param+ - matches one or more segments\n * (regex) - inline regex patterns in the source\n * :param(constraint) - named param with inline regex constraint\n */\nexport function matchConfigPattern(\n pathname: string,\n pattern: string,\n): Record<string, string> | null {\n // If the pattern contains regex groups like (\\d+) or (.*), use regex matching.\n // Also enter this branch when a catch-all parameter (:param* or :param+) is\n // followed by a literal suffix (e.g. \"/:path*.md\"). Without this, the suffix\n // pattern falls through to the simple segment matcher which incorrectly treats\n // the whole segment (\":path*.md\") as a named parameter and matches everything.\n // The last condition catches simple params with literal suffixes (e.g. \"/:slug.md\")\n // where the param name is followed by a dot — the simple matcher would treat\n // \"slug.md\" as the param name and match any single segment regardless of suffix.\n if (\n pattern.includes(\"(\") ||\n pattern.includes(\"\\\\\") ||\n /:[\\w-]+[*+][^/]/.test(pattern) ||\n /:[\\w-]+\\./.test(pattern)\n ) {\n try {\n // Param names may contain hyphens (e.g. :auth-method, :sign-in).\n const paramNames: string[] = [];\n // Single-pass conversion with procedural suffix handling. The tokenizer\n // matches only simple, non-overlapping tokens; quantifier/constraint\n // suffixes after :param are consumed procedurally to avoid polynomial\n // backtracking in the regex engine.\n let regexStr = \"\";\n const tokenRe = /:([\\w-]+)|[.]|[^:.]+/g; // lgtm[js/redos] — alternatives are non-overlapping (`:` and `.` excluded from `[^:.]+`)\n let tok: RegExpExecArray | null;\n while ((tok = tokenRe.exec(pattern)) !== null) {\n if (tok[1] !== undefined) {\n const name = tok[1];\n const rest = pattern.slice(tokenRe.lastIndex);\n // Check for quantifier (* or +) with optional constraint\n if (rest.startsWith(\"*\") || rest.startsWith(\"+\")) {\n const quantifier = rest[0];\n tokenRe.lastIndex += 1;\n const constraint = extractConstraint(pattern, tokenRe);\n paramNames.push(name);\n if (constraint !== null) {\n regexStr += `(${constraint})`;\n } else {\n regexStr += quantifier === \"*\" ? \"(.*)\" : \"(.+)\";\n }\n } else {\n // Check for inline constraint without quantifier\n const constraint = extractConstraint(pattern, tokenRe);\n paramNames.push(name);\n regexStr += constraint !== null ? `(${constraint})` : \"([^/]+)\";\n }\n } else if (tok[0] === \".\") {\n regexStr += \"\\\\.\";\n } else {\n regexStr += tok[0];\n }\n }\n const re = safeRegExp(\"^\" + regexStr + \"$\");\n if (!re) return null;\n const match = re.exec(pathname);\n if (!match) return null;\n const params: Record<string, string> = Object.create(null);\n for (let i = 0; i < paramNames.length; i++) {\n params[paramNames[i]] = match[i + 1] ?? \"\";\n }\n return params;\n } catch {\n // Fall through to segment-based matching\n }\n }\n\n // Check for catch-all patterns (:param* or :param+) without regex groups\n // Param names may contain hyphens (e.g. :sign-in*, :sign-up+).\n const catchAllMatch = pattern.match(/:([\\w-]+)(\\*|\\+)$/);\n if (catchAllMatch) {\n const prefix = pattern.slice(0, pattern.lastIndexOf(\":\"));\n const paramName = catchAllMatch[1];\n const isPlus = catchAllMatch[2] === \"+\";\n\n if (!pathname.startsWith(prefix.replace(/\\/$/, \"\"))) return null;\n\n const rest = pathname.slice(prefix.replace(/\\/$/, \"\").length);\n if (isPlus && (!rest || rest === \"/\")) return null;\n let restValue = rest.startsWith(\"/\") ? rest.slice(1) : rest;\n // NOTE: Do NOT decodeURIComponent here. The pathname is already decoded at\n // the request entry point. Decoding again would produce incorrect param values.\n return { [paramName]: restValue };\n }\n\n // Simple segment-based matching for exact patterns and :param\n const parts = pattern.split(\"/\");\n const pathParts = pathname.split(\"/\");\n\n if (parts.length !== pathParts.length) return null;\n\n const params: Record<string, string> = Object.create(null);\n for (let i = 0; i < parts.length; i++) {\n if (parts[i].startsWith(\":\")) {\n params[parts[i].slice(1)] = pathParts[i];\n } else if (parts[i] !== pathParts[i]) {\n return null;\n }\n }\n return params;\n}\n\n/**\n * Apply redirect rules from next.config.js.\n * Returns the redirect info if a redirect was matched, or null.\n *\n * `ctx` provides the request context (cookies, headers, query, host) used\n * to evaluate has/missing conditions. Next.js always has request context\n * when evaluating redirects, so this parameter is required.\n */\nexport function matchRedirect(\n pathname: string,\n redirects: NextRedirect[],\n ctx: RequestContext,\n): { destination: string; permanent: boolean } | null {\n for (const redirect of redirects) {\n const params = matchConfigPattern(pathname, redirect.source);\n if (params) {\n if (redirect.has || redirect.missing) {\n if (!checkHasConditions(redirect.has, redirect.missing, ctx)) {\n continue;\n }\n }\n let dest = redirect.destination;\n for (const [key, value] of Object.entries(params)) {\n // Replace :param*, :param+, and :param forms in the destination.\n // The catch-all suffixes (* and +) must be stripped along with the param name.\n dest = dest.replace(`:${key}*`, value);\n dest = dest.replace(`:${key}+`, value);\n dest = dest.replace(`:${key}`, value);\n }\n // Collapse protocol-relative URLs (e.g. //evil.com from decoded %2F in catch-all params).\n dest = sanitizeDestination(dest);\n return { destination: dest, permanent: redirect.permanent };\n }\n }\n return null;\n}\n\n/**\n * Apply rewrite rules from next.config.js.\n * Returns the rewritten URL or null if no rewrite matched.\n *\n * `ctx` provides the request context (cookies, headers, query, host) used\n * to evaluate has/missing conditions. Next.js always has request context\n * when evaluating rewrites, so this parameter is required.\n */\nexport function matchRewrite(\n pathname: string,\n rewrites: NextRewrite[],\n ctx: RequestContext,\n): string | null {\n for (const rewrite of rewrites) {\n const params = matchConfigPattern(pathname, rewrite.source);\n if (params) {\n if (rewrite.has || rewrite.missing) {\n if (!checkHasConditions(rewrite.has, rewrite.missing, ctx)) {\n continue;\n }\n }\n let dest = rewrite.destination;\n for (const [key, value] of Object.entries(params)) {\n // Replace :param*, :param+, and :param forms in the destination.\n // The catch-all suffixes (* and +) must be stripped along with the param name.\n dest = dest.replace(`:${key}*`, value);\n dest = dest.replace(`:${key}+`, value);\n dest = dest.replace(`:${key}`, value);\n }\n // Collapse protocol-relative URLs (e.g. //evil.com from decoded %2F in catch-all params).\n dest = sanitizeDestination(dest);\n return dest;\n }\n }\n return null;\n}\n\n/**\n * Sanitize a redirect/rewrite destination to collapse protocol-relative URLs.\n *\n * After parameter substitution, a destination like `/:path*` can become\n * `//evil.com` if the catch-all captured a decoded `%2F` (`/evil.com`).\n * Browsers interpret `//evil.com` as a protocol-relative URL, redirecting\n * users off-site.\n *\n * This function collapses any leading double (or more) slashes to a single\n * slash for non-external (relative) destinations.\n */\nexport function sanitizeDestination(dest: string): string {\n // External URLs (http://, https://) are intentional — don't touch them\n if (dest.startsWith(\"http://\") || dest.startsWith(\"https://\")) {\n return dest;\n }\n // Normalize leading backslashes to forward slashes. Browsers interpret\n // backslash as forward slash in URL contexts, so \"\\/evil.com\" becomes\n // \"//evil.com\" (protocol-relative redirect). Replace any mix of leading\n // slashes and backslashes with a single forward slash.\n dest = dest.replace(/^[\\\\/]+/, \"/\");\n return dest;\n}\n\n/**\n * Check if a URL is external (absolute URL or protocol-relative).\n * Detects any URL scheme (http:, https:, data:, javascript:, blob:, etc.)\n * per RFC 3986, plus protocol-relative URLs (//).\n */\nexport function isExternalUrl(url: string): boolean {\n return /^[a-z][a-z0-9+.-]*:/i.test(url) || url.startsWith(\"//\");\n}\n\n/**\n * Proxy an incoming request to an external URL and return the upstream response.\n *\n * Used for external rewrites (e.g. `/ph/:path*` → `https://us.i.posthog.com/:path*`).\n * Next.js handles these as server-side reverse proxies, forwarding the request\n * method, headers, and body to the external destination.\n *\n * Works in all runtimes (Node.js, Cloudflare Workers) via the standard fetch() API.\n */\nexport async function proxyExternalRequest(\n request: Request,\n externalUrl: string,\n): Promise<Response> {\n // Build the full external URL, preserving query parameters from the original request\n const originalUrl = new URL(request.url);\n const targetUrl = new URL(externalUrl);\n\n // If the rewrite destination already has query params, merge them.\n // Destination params take precedence — original request params are only added\n // when the destination doesn't already specify that key.\n for (const [key, value] of originalUrl.searchParams) {\n if (!targetUrl.searchParams.has(key)) {\n targetUrl.searchParams.set(key, value);\n }\n }\n\n // Forward the request with appropriate headers\n const headers = new Headers(request.headers);\n // Set Host to the external target (required for correct routing)\n headers.set(\"host\", targetUrl.host);\n // Remove headers that should not be forwarded to external services\n headers.delete(\"connection\");\n // Strip credentials and internal headers to prevent leaking auth tokens,\n // session cookies, and middleware internals to third-party origins.\n headers.delete(\"cookie\");\n headers.delete(\"authorization\");\n headers.delete(\"x-api-key\");\n headers.delete(\"proxy-authorization\");\n const keysToDelete: string[] = [];\n for (const key of headers.keys()) {\n if (key.startsWith(\"x-middleware-\")) {\n keysToDelete.push(key);\n }\n }\n for (const key of keysToDelete) {\n headers.delete(key);\n }\n\n const method = request.method;\n const hasBody = method !== \"GET\" && method !== \"HEAD\";\n\n const init: RequestInit & { duplex?: string } = {\n method,\n headers,\n redirect: \"manual\", // Don't follow redirects — pass them through to the client\n };\n\n if (hasBody && request.body) {\n init.body = request.body;\n init.duplex = \"half\";\n }\n\n // Enforce a timeout so slow/unresponsive upstreams don't hold connections\n // open indefinitely (DoS amplification risk on Node.js dev/prod servers).\n const controller = new AbortController();\n const timeout = setTimeout(() => controller.abort(), 30_000);\n let upstreamResponse: Response;\n try {\n upstreamResponse = await fetch(targetUrl.href, { ...init, signal: controller.signal });\n } catch (e: any) {\n if (e?.name === \"AbortError\") {\n console.error(\"[vinext] External rewrite proxy timeout:\", targetUrl.href);\n return new Response(\"Gateway Timeout\", { status: 504 });\n }\n console.error(\"[vinext] External rewrite proxy error:\", e);\n return new Response(\"Bad Gateway\", { status: 502 });\n } finally {\n clearTimeout(timeout);\n }\n\n // Build the response to return to the client.\n // Copy all upstream headers except hop-by-hop headers.\n const responseHeaders = new Headers();\n upstreamResponse.headers.forEach((value, key) => {\n if (!HOP_BY_HOP_HEADERS.has(key.toLowerCase())) {\n responseHeaders.append(key, value);\n }\n });\n\n return new Response(upstreamResponse.body, {\n status: upstreamResponse.status,\n statusText: upstreamResponse.statusText,\n headers: responseHeaders,\n });\n}\n\n/**\n * Apply custom header rules from next.config.js.\n * Returns an array of { key, value } pairs to set on the response.\n *\n * `ctx` provides the request context (cookies, headers, query, host) used\n * to evaluate has/missing conditions. Next.js always has request context\n * when evaluating headers, so this parameter is required.\n */\nexport function matchHeaders(\n pathname: string,\n headers: NextHeader[],\n ctx: RequestContext,\n): Array<{ key: string; value: string }> {\n const result: Array<{ key: string; value: string }> = [];\n for (const rule of headers) {\n const escaped = escapeHeaderSource(rule.source);\n const sourceRegex = safeRegExp(\"^\" + escaped + \"$\");\n if (sourceRegex && sourceRegex.test(pathname)) {\n if (rule.has || rule.missing) {\n if (!checkHasConditions(rule.has, rule.missing, ctx)) {\n continue;\n }\n }\n result.push(...rule.headers);\n }\n }\n return result;\n}\n"]}
1
+ {"version":3,"file":"config-matchers.js","sourceRoot":"","sources":["../../src/config/config-matchers.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,uEAAuE;AACvE,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC;IACjC,YAAY;IACZ,YAAY;IACZ,oBAAoB;IACpB,qBAAqB;IACrB,IAAI;IACJ,UAAU;IACV,mBAAmB;IACnB,SAAS;CACV,CAAC,CAAC;AAEH;;;;;;;;;GASG;AACH,MAAM,UAAU,WAAW,CAAC,OAAe;IACzC,sEAAsE;IACtE,uBAAuB;IACvB,MAAM,iBAAiB,GAAc,EAAE,CAAC;IACxC,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,IAAI,CAAC,GAAG,CAAC,CAAC;IAEV,OAAO,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;QAC1B,MAAM,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QAEtB,0BAA0B;QAC1B,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC;YAChB,CAAC,IAAI,CAAC,CAAC;YACP,SAAS;QACX,CAAC;QAED,qEAAqE;QACrE,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YACf,CAAC,EAAE,CAAC;YACJ,OAAO,CAAC,GAAG,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;gBAChD,IAAI,OAAO,CAAC,CAAC,CAAC,KAAK,IAAI;oBAAE,CAAC,EAAE,CAAC,CAAC,6BAA6B;gBAC3D,CAAC,EAAE,CAAC;YACN,CAAC;YACD,CAAC,EAAE,CAAC,CAAC,iBAAiB;YACtB,SAAS;QACX,CAAC;QAED,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YACf,KAAK,EAAE,CAAC;YACR,uDAAuD;YACvD,IAAI,iBAAiB,CAAC,MAAM,IAAI,KAAK,EAAE,CAAC;gBACtC,iBAAiB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAChC,CAAC;iBAAM,CAAC;gBACN,iBAAiB,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC;YACnC,CAAC;YACD,CAAC,EAAE,CAAC;YACJ,SAAS;QACX,CAAC;QAED,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YACf,MAAM,aAAa,GAAG,KAAK,GAAG,CAAC,IAAI,iBAAiB,CAAC,KAAK,CAAC,CAAC;YAC5D,IAAI,KAAK,GAAG,CAAC;gBAAE,KAAK,EAAE,CAAC;YAEvB,yDAAyD;YACzD,4EAA4E;YAC5E,uEAAuE;YACvE,yFAAyF;YACzF,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAC5B,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;gBACjD,IAAI,aAAa,EAAE,CAAC;oBAClB,+EAA+E;oBAC/E,OAAO,KAAK,CAAC;gBACf,CAAC;gBACD,kDAAkD;gBAClD,IAAI,KAAK,IAAI,CAAC,IAAI,KAAK,GAAG,iBAAiB,CAAC,MAAM,EAAE,CAAC;oBACnD,iBAAiB,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC;gBAClC,CAAC;YACH,CAAC;YACD,CAAC,EAAE,CAAC;YACJ,SAAS;QACX,CAAC;QAED,qCAAqC;QACrC,mFAAmF;QACnF,4CAA4C;QAC5C,IAAI,EAAE,KAAK,GAAG,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YAC7B,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;gBACd,iBAAiB,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC;YAClC,CAAC;YACD,CAAC,EAAE,CAAC;YACJ,SAAS;QACX,CAAC;QAED,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YACf,qEAAqE;YACrE,MAAM,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACzC,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;gBACjE,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;oBACd,iBAAiB,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC;gBAClC,CAAC;YACH,CAAC;YACD,CAAC,EAAE,CAAC;YACJ,SAAS;QACX,CAAC;QAED,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YACf,iDAAiD;YACjD,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACd,OAAO,CAAC,GAAG,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;gBAAE,CAAC,EAAE,CAAC;YAC3D,IAAI,CAAC,GAAG,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC1D,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;oBACd,iBAAiB,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC;gBAClC,CAAC;gBACD,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBACV,SAAS;YACX,CAAC;QACH,CAAC;QAED,CAAC,EAAE,CAAC;IACN,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,UAAU,CAAC,OAAe,EAAE,KAAc;IACxD,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC;QAC1B,OAAO,CAAC,IAAI,CACV,oEAAoE,OAAO,IAAI;YAC/E,wFAAwF;YACxF,oDAAoD,CACrD,CAAC;QACF,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,CAAC;QACH,OAAO,IAAI,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACpC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,kBAAkB,CAAC,MAAc;IAC/C,6EAA6E;IAC7E,4DAA4D;IAC5D,MAAM,CAAC,GAAG,QAAQ,CAAC;IAEnB,uEAAuE;IACvE,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,gBAAgB,GAAG,MAAM,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC,EAAE,EAAE,KAAK,EAAE,EAAE;QACpE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACnB,OAAO,GAAG,CAAC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,oEAAoE;IACpE,+FAA+F;IAC/F,qEAAqE;IACrE,6EAA6E;IAC7E,mEAAmE;IACnE,wDAAwD;IACxD,+CAA+C;IAC/C,sFAAsF;IACtF,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,MAAM,EAAE,GAAG,IAAI,MAAM,CACnB,GAAG,CAAC,UAAU,CAAC,mCAAmC,EAAE,oDAAoD;IACxG,GAAG,CACJ,CAAC;IACF,IAAI,CAAyB,CAAC;IAC9B,OAAO,CAAC,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAChD,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;YACvB,yCAAyC;YACzC,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;QACxC,CAAC;aAAM,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAChC,wEAAwE;YACxE,MAAM,UAAU,GAAG,gBAAgB,CAAC,KAAK,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC;YACxD,MAAM,eAAe,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;YACzE,IAAI,eAAe,EAAE,CAAC;gBACpB,+DAA+D;gBAC/D,EAAE,CAAC,SAAS,IAAI,eAAe,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;gBAC1C,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;YACtD,CAAC;iBAAM,CAAC;gBACN,4CAA4C;gBAC5C,MAAM,IAAI,OAAO,CAAC;YACpB,CAAC;QACH,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBACb,KAAK,GAAG;oBAAE,MAAM,IAAI,KAAK,CAAC;oBAAC,MAAM;gBACjC,KAAK,GAAG;oBAAE,MAAM,IAAI,KAAK,CAAC;oBAAC,MAAM;gBACjC,KAAK,GAAG;oBAAE,MAAM,IAAI,KAAK,CAAC;oBAAC,MAAM;gBACjC,KAAK,GAAG;oBAAE,MAAM,IAAI,IAAI,CAAC;oBAAC,MAAM;gBAChC;oBAAS,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;oBAAC,MAAM;YACjC,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAaD;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,YAA2B;IACtD,IAAI,CAAC,YAAY;QAAE,OAAO,EAAE,CAAC;IAC7B,MAAM,OAAO,GAA2B,EAAE,CAAC;IAC3C,KAAK,MAAM,IAAI,IAAI,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3C,MAAM,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC7B,IAAI,EAAE,KAAK,CAAC,CAAC;YAAE,SAAS;QACxB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QACrC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACxC,IAAI,GAAG;YAAE,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;IAChC,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,yBAAyB,CAAC,OAAgB;IACxD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACjC,OAAO;QACL,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,OAAO,EAAE,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACpD,KAAK,EAAE,GAAG,CAAC,YAAY;QACvB,IAAI,EAAE,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,GAAG,CAAC,IAAI;KAC9C,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,SAAS,oBAAoB,CAAC,SAAuB,EAAE,GAAmB;IACxE,QAAQ,SAAS,CAAC,IAAI,EAAE,CAAC;QACvB,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YACnD,IAAI,WAAW,KAAK,IAAI;gBAAE,OAAO,KAAK,CAAC;YACvC,IAAI,SAAS,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;gBAClC,MAAM,EAAE,GAAG,UAAU,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;gBACvC,IAAI,EAAE;oBAAE,OAAO,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;gBACpC,OAAO,WAAW,KAAK,SAAS,CAAC,KAAK,CAAC;YACzC,CAAC;YACD,OAAO,IAAI,CAAC,CAAC,kCAAkC;QACjD,CAAC;QACD,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YAC/C,IAAI,WAAW,KAAK,SAAS;gBAAE,OAAO,KAAK,CAAC;YAC5C,IAAI,SAAS,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;gBAClC,MAAM,EAAE,GAAG,UAAU,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;gBACvC,IAAI,EAAE;oBAAE,OAAO,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;gBACpC,OAAO,WAAW,KAAK,SAAS,CAAC,KAAK,CAAC;YACzC,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QACD,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,MAAM,UAAU,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YAChD,IAAI,UAAU,KAAK,IAAI;gBAAE,OAAO,KAAK,CAAC;YACtC,IAAI,SAAS,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;gBAClC,MAAM,EAAE,GAAG,UAAU,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;gBACvC,IAAI,EAAE;oBAAE,OAAO,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;gBACnC,OAAO,UAAU,KAAK,SAAS,CAAC,KAAK,CAAC;YACxC,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QACD,KAAK,MAAM,CAAC,CAAC,CAAC;YACZ,IAAI,SAAS,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;gBAClC,MAAM,EAAE,GAAG,UAAU,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;gBACvC,IAAI,EAAE;oBAAE,OAAO,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;gBACjC,OAAO,GAAG,CAAC,IAAI,KAAK,SAAS,CAAC,KAAK,CAAC;YACtC,CAAC;YACD,OAAO,GAAG,CAAC,IAAI,KAAK,SAAS,CAAC,GAAG,CAAC;QACpC,CAAC;QACD;YACE,OAAO,KAAK,CAAC;IACjB,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,kBAAkB,CAChC,GAA+B,EAC/B,OAAmC,EACnC,GAAmB;IAEnB,IAAI,GAAG,EAAE,CAAC;QACR,KAAK,MAAM,SAAS,IAAI,GAAG,EAAE,CAAC;YAC5B,IAAI,CAAC,oBAAoB,CAAC,SAAS,EAAE,GAAG,CAAC;gBAAE,OAAO,KAAK,CAAC;QAC1D,CAAC;IACH,CAAC;IACD,IAAI,OAAO,EAAE,CAAC;QACZ,KAAK,MAAM,SAAS,IAAI,OAAO,EAAE,CAAC;YAChC,IAAI,oBAAoB,CAAC,SAAS,EAAE,GAAG,CAAC;gBAAE,OAAO,KAAK,CAAC;QACzD,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,SAAS,iBAAiB,CAAC,GAAW,EAAE,EAAU;IAChD,IAAI,GAAG,CAAC,EAAE,CAAC,SAAS,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IAC3C,MAAM,KAAK,GAAG,EAAE,CAAC,SAAS,GAAG,CAAC,CAAC;IAC/B,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,IAAI,CAAC,GAAG,KAAK,CAAC;IACd,OAAO,CAAC,GAAG,GAAG,CAAC,MAAM,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;QACnC,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,GAAG;YAAE,KAAK,EAAE,CAAC;aACvB,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,GAAG;YAAE,KAAK,EAAE,CAAC;QACjC,CAAC,EAAE,CAAC;IACN,CAAC;IACD,IAAI,KAAK,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAC7B,EAAE,CAAC,SAAS,GAAG,CAAC,CAAC;IACjB,OAAO,GAAG,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;AACjC,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,kBAAkB,CAChC,QAAgB,EAChB,OAAe;IAEf,+EAA+E;IAC/E,4EAA4E;IAC5E,6EAA6E;IAC7E,+EAA+E;IAC/E,+EAA+E;IAC/E,oFAAoF;IACpF,6EAA6E;IAC7E,iFAAiF;IACjF,IACE,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC;QACrB,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC;QACtB,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC;QAC/B,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,EACzB,CAAC;QACD,IAAI,CAAC;YACH,iEAAiE;YACjE,MAAM,UAAU,GAAa,EAAE,CAAC;YAChC,wEAAwE;YACxE,qEAAqE;YACrE,sEAAsE;YACtE,oCAAoC;YACpC,IAAI,QAAQ,GAAG,EAAE,CAAC;YAClB,MAAM,OAAO,GAAG,uBAAuB,CAAC,CAAC,yFAAyF;YAClI,IAAI,GAA2B,CAAC;YAChC,OAAO,CAAC,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC9C,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;oBACzB,MAAM,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;oBACpB,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;oBAC9C,yDAAyD;oBACzD,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;wBACjD,MAAM,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;wBAC3B,OAAO,CAAC,SAAS,IAAI,CAAC,CAAC;wBACvB,MAAM,UAAU,GAAG,iBAAiB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;wBACvD,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;wBACtB,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;4BACxB,QAAQ,IAAI,IAAI,UAAU,GAAG,CAAC;wBAChC,CAAC;6BAAM,CAAC;4BACN,QAAQ,IAAI,UAAU,KAAK,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC;wBACnD,CAAC;oBACH,CAAC;yBAAM,CAAC;wBACN,iDAAiD;wBACjD,MAAM,UAAU,GAAG,iBAAiB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;wBACvD,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;wBACtB,QAAQ,IAAI,UAAU,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,UAAU,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;oBAClE,CAAC;gBACH,CAAC;qBAAM,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;oBAC1B,QAAQ,IAAI,KAAK,CAAC;gBACpB,CAAC;qBAAM,CAAC;oBACN,QAAQ,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC;gBACrB,CAAC;YACH,CAAC;YACD,MAAM,EAAE,GAAG,UAAU,CAAC,GAAG,GAAG,QAAQ,GAAG,GAAG,CAAC,CAAC;YAC5C,IAAI,CAAC,EAAE;gBAAE,OAAO,IAAI,CAAC;YACrB,MAAM,KAAK,GAAG,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAChC,IAAI,CAAC,KAAK;gBAAE,OAAO,IAAI,CAAC;YACxB,MAAM,MAAM,GAA2B,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAC3D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3C,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;YAC7C,CAAC;YACD,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,MAAM,CAAC;YACP,yCAAyC;QAC3C,CAAC;IACH,CAAC;IAED,yEAAyE;IACzE,+DAA+D;IAC/D,MAAM,aAAa,GAAG,OAAO,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC;IACzD,IAAI,aAAa,EAAE,CAAC;QAClB,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC;QAC1D,MAAM,SAAS,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;QACnC,MAAM,MAAM,GAAG,aAAa,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC;QAExC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC;QAEjE,MAAM,IAAI,GAAG,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC;QAC9D,IAAI,MAAM,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,KAAK,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC;QACnD,IAAI,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAC5D,2EAA2E;QAC3E,gFAAgF;QAChF,OAAO,EAAE,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,CAAC;IACpC,CAAC;IAED,8DAA8D;IAC9D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACjC,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAEtC,IAAI,KAAK,CAAC,MAAM,KAAK,SAAS,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IAEnD,MAAM,MAAM,GAA2B,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAC3D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAC7B,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;QAC3C,CAAC;aAAM,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC;YACrC,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,aAAa,CAC3B,QAAgB,EAChB,SAAyB,EACzB,GAAmB;IAEnB,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,MAAM,MAAM,GAAG,kBAAkB,CAAC,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC7D,IAAI,MAAM,EAAE,CAAC;YACX,IAAI,QAAQ,CAAC,GAAG,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;gBACrC,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,GAAG,EAAE,QAAQ,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE,CAAC;oBAC7D,SAAS;gBACX,CAAC;YACH,CAAC;YACD,IAAI,IAAI,GAAG,QAAQ,CAAC,WAAW,CAAC;YAChC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;gBAClD,iEAAiE;gBACjE,+EAA+E;gBAC/E,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,GAAG,GAAG,EAAE,KAAK,CAAC,CAAC;gBACvC,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,GAAG,GAAG,EAAE,KAAK,CAAC,CAAC;gBACvC,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,GAAG,EAAE,EAAE,KAAK,CAAC,CAAC;YACxC,CAAC;YACD,0FAA0F;YAC1F,IAAI,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;YACjC,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,CAAC,SAAS,EAAE,CAAC;QAC9D,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,YAAY,CAC1B,QAAgB,EAChB,QAAuB,EACvB,GAAmB;IAEnB,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,kBAAkB,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,IAAI,MAAM,EAAE,CAAC;YACX,IAAI,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;gBACnC,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE,CAAC;oBAC3D,SAAS;gBACX,CAAC;YACH,CAAC;YACD,IAAI,IAAI,GAAG,OAAO,CAAC,WAAW,CAAC;YAC/B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;gBAClD,iEAAiE;gBACjE,+EAA+E;gBAC/E,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,GAAG,GAAG,EAAE,KAAK,CAAC,CAAC;gBACvC,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,GAAG,GAAG,EAAE,KAAK,CAAC,CAAC;gBACvC,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,GAAG,EAAE,EAAE,KAAK,CAAC,CAAC;YACxC,CAAC;YACD,0FAA0F;YAC1F,IAAI,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;YACjC,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,mBAAmB,CAAC,IAAY;IAC9C,uEAAuE;IACvE,IAAI,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9D,OAAO,IAAI,CAAC;IACd,CAAC;IACD,uEAAuE;IACvE,sEAAsE;IACtE,wEAAwE;IACxE,uDAAuD;IACvD,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;IACpC,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,GAAW;IACvC,OAAO,sBAAsB,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;AAClE,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,OAAgB,EAChB,WAAmB;IAEnB,qFAAqF;IACrF,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACzC,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;IAEvC,mEAAmE;IACnE,8EAA8E;IAC9E,yDAAyD;IACzD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,WAAW,CAAC,YAAY,EAAE,CAAC;QACpD,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACrC,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QACzC,CAAC;IACH,CAAC;IAED,+CAA+C;IAC/C,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAC7C,iEAAiE;IACjE,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;IACpC,mEAAmE;IACnE,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IAC7B,yEAAyE;IACzE,oEAAoE;IACpE,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACzB,OAAO,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;IAChC,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IAC5B,OAAO,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC;IACtC,MAAM,YAAY,GAAa,EAAE,CAAC;IAClC,KAAK,MAAM,GAAG,IAAI,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;QACjC,IAAI,GAAG,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;YACpC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IACD,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;QAC/B,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACtB,CAAC;IAED,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAC9B,MAAM,OAAO,GAAG,MAAM,KAAK,KAAK,IAAI,MAAM,KAAK,MAAM,CAAC;IAEtD,MAAM,IAAI,GAAsC;QAC9C,MAAM;QACN,OAAO;QACP,QAAQ,EAAE,QAAQ,EAAE,2DAA2D;KAChF,CAAC;IAEF,IAAI,OAAO,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;QACzB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,0EAA0E;IAC1E,0EAA0E;IAC1E,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,MAAM,CAAC,CAAC;IAC7D,IAAI,gBAA0B,CAAC;IAC/B,IAAI,CAAC;QACH,gBAAgB,GAAG,MAAM,KAAK,CAAC,SAAS,CAAC,IAAI,EAAE,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;IACzF,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,IAAI,CAAC,EAAE,IAAI,KAAK,YAAY,EAAE,CAAC;YAC7B,OAAO,CAAC,KAAK,CAAC,0CAA0C,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;YAC1E,OAAO,IAAI,QAAQ,CAAC,iBAAiB,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QAC1D,CAAC;QACD,OAAO,CAAC,KAAK,CAAC,wCAAwC,EAAE,CAAC,CAAC,CAAC;QAC3D,OAAO,IAAI,QAAQ,CAAC,aAAa,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;IACtD,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,OAAO,CAAC,CAAC;IACxB,CAAC;IAED,8CAA8C;IAC9C,uDAAuD;IACvD,4EAA4E;IAC5E,6EAA6E;IAC7E,oEAAoE;IACpE,0DAA0D;IAC1D,mEAAmE;IACnE,6EAA6E;IAC7E,MAAM,aAAa,GAAG,OAAO,OAAO,KAAK,WAAW,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IACnF,MAAM,eAAe,GAAG,IAAI,OAAO,EAAE,CAAC;IACtC,gBAAgB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;QAC9C,MAAM,KAAK,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;QAChC,IAAI,kBAAkB,CAAC,GAAG,CAAC,KAAK,CAAC;YAAE,OAAO;QAC1C,IAAI,aAAa,IAAI,CAAC,KAAK,KAAK,kBAAkB,IAAI,KAAK,KAAK,gBAAgB,CAAC;YAAE,OAAO;QAC1F,eAAe,CAAC,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,OAAO,IAAI,QAAQ,CAAC,gBAAgB,CAAC,IAAI,EAAE;QACzC,MAAM,EAAE,gBAAgB,CAAC,MAAM;QAC/B,UAAU,EAAE,gBAAgB,CAAC,UAAU;QACvC,OAAO,EAAE,eAAe;KACzB,CAAC,CAAC;AACL,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,YAAY,CAC1B,QAAgB,EAChB,OAAqB,EACrB,GAAmB;IAEnB,MAAM,MAAM,GAA0C,EAAE,CAAC;IACzD,KAAK,MAAM,IAAI,IAAI,OAAO,EAAE,CAAC;QAC3B,MAAM,OAAO,GAAG,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAChD,MAAM,WAAW,GAAG,UAAU,CAAC,GAAG,GAAG,OAAO,GAAG,GAAG,CAAC,CAAC;QACpD,IAAI,WAAW,IAAI,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC9C,IAAI,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;gBAC7B,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE,CAAC;oBACrD,SAAS;gBACX,CAAC;YACH,CAAC;YACD,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC","sourcesContent":["/**\n * Config pattern matching and rule application utilities.\n *\n * Shared between the dev server (index.ts) and the production server\n * (prod-server.ts) so both apply next.config.js rules identically.\n */\n\nimport type { NextRedirect, NextRewrite, NextHeader, HasCondition } from \"./next-config.js\";\n\n/** Hop-by-hop headers that should not be forwarded through a proxy. */\nconst HOP_BY_HOP_HEADERS = new Set([\n \"connection\",\n \"keep-alive\",\n \"proxy-authenticate\",\n \"proxy-authorization\",\n \"te\",\n \"trailers\",\n \"transfer-encoding\",\n \"upgrade\",\n]);\n\n/**\n * Detect regex patterns vulnerable to catastrophic backtracking (ReDoS).\n *\n * Uses a lightweight heuristic: scans the pattern string for nested quantifiers\n * (a quantifier applied to a group that itself contains a quantifier). This\n * catches the most common pathological patterns like `(a+)+`, `(.*)*`,\n * `([^/]+)+`, `(a|a+)+` without needing a full regex parser.\n *\n * Returns true if the pattern appears safe, false if it's potentially dangerous.\n */\nexport function isSafeRegex(pattern: string): boolean {\n // Track parenthesis nesting depth and whether we've seen a quantifier\n // at each depth level.\n const quantifierAtDepth: boolean[] = [];\n let depth = 0;\n let i = 0;\n\n while (i < pattern.length) {\n const ch = pattern[i];\n\n // Skip escaped characters\n if (ch === \"\\\\\") {\n i += 2;\n continue;\n }\n\n // Skip character classes [...] — quantifiers inside them are literal\n if (ch === \"[\") {\n i++;\n while (i < pattern.length && pattern[i] !== \"]\") {\n if (pattern[i] === \"\\\\\") i++; // skip escaped char in class\n i++;\n }\n i++; // skip closing ]\n continue;\n }\n\n if (ch === \"(\") {\n depth++;\n // Initialize: no quantifier seen yet at this new depth\n if (quantifierAtDepth.length <= depth) {\n quantifierAtDepth.push(false);\n } else {\n quantifierAtDepth[depth] = false;\n }\n i++;\n continue;\n }\n\n if (ch === \")\") {\n const hadQuantifier = depth > 0 && quantifierAtDepth[depth];\n if (depth > 0) depth--;\n\n // Look ahead for a quantifier on this group: +, *, {n,m}\n // Note: '?' after ')' means \"zero or one\" which does NOT cause catastrophic\n // backtracking — it only allows 2 paths (match/skip), not exponential.\n // Only unbounded repetition (+, *, {n,}) on a group with inner quantifiers is dangerous.\n const next = pattern[i + 1];\n if (next === \"+\" || next === \"*\" || next === \"{\") {\n if (hadQuantifier) {\n // Nested quantifier detected: quantifier on a group that contains a quantifier\n return false;\n }\n // Mark the enclosing depth as having a quantifier\n if (depth >= 0 && depth < quantifierAtDepth.length) {\n quantifierAtDepth[depth] = true;\n }\n }\n i++;\n continue;\n }\n\n // Detect quantifiers: +, *, ?, {n,m}\n // '?' is a quantifier (optional) unless it follows another quantifier (+, *, ?, })\n // in which case it's a non-greedy modifier.\n if (ch === \"+\" || ch === \"*\") {\n if (depth > 0) {\n quantifierAtDepth[depth] = true;\n }\n i++;\n continue;\n }\n\n if (ch === \"?\") {\n // '?' after +, *, ?, or } is a non-greedy modifier, not a quantifier\n const prev = i > 0 ? pattern[i - 1] : \"\";\n if (prev !== \"+\" && prev !== \"*\" && prev !== \"?\" && prev !== \"}\") {\n if (depth > 0) {\n quantifierAtDepth[depth] = true;\n }\n }\n i++;\n continue;\n }\n\n if (ch === \"{\") {\n // Check if this is a quantifier {n}, {n,}, {n,m}\n let j = i + 1;\n while (j < pattern.length && /[\\d,]/.test(pattern[j])) j++;\n if (j < pattern.length && pattern[j] === \"}\" && j > i + 1) {\n if (depth > 0) {\n quantifierAtDepth[depth] = true;\n }\n i = j + 1;\n continue;\n }\n }\n\n i++;\n }\n\n return true;\n}\n\n/**\n * Compile a regex pattern safely. Returns the compiled RegExp or null if the\n * pattern is invalid or vulnerable to ReDoS.\n *\n * Logs a warning when a pattern is rejected so developers can fix their config.\n */\nexport function safeRegExp(pattern: string, flags?: string): RegExp | null {\n if (!isSafeRegex(pattern)) {\n console.warn(\n `[vinext] Ignoring potentially unsafe regex pattern (ReDoS risk): ${pattern}\\n` +\n ` Patterns with nested quantifiers (e.g. (a+)+) can cause catastrophic backtracking.\\n` +\n ` Simplify the pattern to avoid nested repetition.`,\n );\n return null;\n }\n try {\n return new RegExp(pattern, flags);\n } catch {\n return null;\n }\n}\n\n/**\n * Convert a Next.js header/rewrite/redirect source pattern into a regex string.\n *\n * Regex groups in the source (e.g. `(\\d+)`) are extracted first, the remaining\n * text is escaped/converted in a **single pass** (avoiding chained `.replace()`\n * which CodeQL flags as incomplete sanitization), then groups are restored.\n */\nexport function escapeHeaderSource(source: string): string {\n // Sentinel character for group placeholders. Uses a Unicode private-use-area\n // codepoint that will never appear in real source patterns.\n const S = \"\\uE000\";\n\n // Step 1: extract regex groups and replace with numbered placeholders.\n const groups: string[] = [];\n const withPlaceholders = source.replace(/\\(([^)]+)\\)/g, (_m, inner) => {\n groups.push(inner);\n return `${S}G${groups.length - 1}${S}`;\n });\n\n // Step 2: single-pass conversion of the placeholder-bearing string.\n // Match named params (:[\\w-]+), sentinel group placeholders, metacharacters, and literal text.\n // The regex uses non-overlapping alternatives to avoid backtracking:\n // :[\\w-]+ — named parameter (constraint sentinel is checked procedurally;\n // param names may contain hyphens, e.g. :auth-method)\n // sentinel group — standalone regex group placeholder\n // [.+?*] — single metachar to escape/convert\n // [^.+?*:\\uE000]+ — literal text (excludes all chars that start other alternatives)\n let result = \"\";\n const re = new RegExp(\n `${S}G(\\\\d+)${S}|:[\\\\w-]+|[.+?*]|[^.+?*:\\\\uE000]+`, // lgtm[js/redos] — alternatives are non-overlapping\n \"g\",\n );\n let m: RegExpExecArray | null;\n while ((m = re.exec(withPlaceholders)) !== null) {\n if (m[1] !== undefined) {\n // Standalone regex group — restore as-is\n result += `(${groups[Number(m[1])]})`;\n } else if (m[0].startsWith(\":\")) {\n // Named parameter — check if followed by a constraint group placeholder\n const afterParam = withPlaceholders.slice(re.lastIndex);\n const constraintMatch = afterParam.match(new RegExp(`^${S}G(\\\\d+)${S}`));\n if (constraintMatch) {\n // :param(constraint) — use the constraint as the capture group\n re.lastIndex += constraintMatch[0].length;\n result += `(${groups[Number(constraintMatch[1])]})`;\n } else {\n // Plain named parameter → match one segment\n result += \"[^/]+\";\n }\n } else {\n switch (m[0]) {\n case \".\": result += \"\\\\.\"; break;\n case \"+\": result += \"\\\\+\"; break;\n case \"?\": result += \"\\\\?\"; break;\n case \"*\": result += \".*\"; break;\n default: result += m[0]; break;\n }\n }\n }\n\n return result;\n}\n\n/**\n * Request context needed for evaluating has/missing conditions.\n * Callers extract the relevant parts from the incoming Request.\n */\nexport interface RequestContext {\n headers: Headers;\n cookies: Record<string, string>;\n query: URLSearchParams;\n host: string;\n}\n\n/**\n * Parse a Cookie header string into a key-value record.\n */\nexport function parseCookies(cookieHeader: string | null): Record<string, string> {\n if (!cookieHeader) return {};\n const cookies: Record<string, string> = {};\n for (const part of cookieHeader.split(\";\")) {\n const eq = part.indexOf(\"=\");\n if (eq === -1) continue;\n const key = part.slice(0, eq).trim();\n const value = part.slice(eq + 1).trim();\n if (key) cookies[key] = value;\n }\n return cookies;\n}\n\n/**\n * Build a RequestContext from a Web Request object.\n */\nexport function requestContextFromRequest(request: Request): RequestContext {\n const url = new URL(request.url);\n return {\n headers: request.headers,\n cookies: parseCookies(request.headers.get(\"cookie\")),\n query: url.searchParams,\n host: request.headers.get(\"host\") ?? url.host,\n };\n}\n\n/**\n * Check a single has/missing condition against request context.\n * Returns true if the condition is satisfied.\n */\nfunction checkSingleCondition(condition: HasCondition, ctx: RequestContext): boolean {\n switch (condition.type) {\n case \"header\": {\n const headerValue = ctx.headers.get(condition.key);\n if (headerValue === null) return false;\n if (condition.value !== undefined) {\n const re = safeRegExp(condition.value);\n if (re) return re.test(headerValue);\n return headerValue === condition.value;\n }\n return true; // Key exists, no value constraint\n }\n case \"cookie\": {\n const cookieValue = ctx.cookies[condition.key];\n if (cookieValue === undefined) return false;\n if (condition.value !== undefined) {\n const re = safeRegExp(condition.value);\n if (re) return re.test(cookieValue);\n return cookieValue === condition.value;\n }\n return true;\n }\n case \"query\": {\n const queryValue = ctx.query.get(condition.key);\n if (queryValue === null) return false;\n if (condition.value !== undefined) {\n const re = safeRegExp(condition.value);\n if (re) return re.test(queryValue);\n return queryValue === condition.value;\n }\n return true;\n }\n case \"host\": {\n if (condition.value !== undefined) {\n const re = safeRegExp(condition.value);\n if (re) return re.test(ctx.host);\n return ctx.host === condition.value;\n }\n return ctx.host === condition.key;\n }\n default:\n return false;\n }\n}\n\n/**\n * Check all has/missing conditions for a config rule.\n * Returns true if the rule should be applied (all has conditions pass, all missing conditions pass).\n *\n * - has: every condition must match (the request must have it)\n * - missing: every condition must NOT match (the request must not have it)\n */\nexport function checkHasConditions(\n has: HasCondition[] | undefined,\n missing: HasCondition[] | undefined,\n ctx: RequestContext,\n): boolean {\n if (has) {\n for (const condition of has) {\n if (!checkSingleCondition(condition, ctx)) return false;\n }\n }\n if (missing) {\n for (const condition of missing) {\n if (checkSingleCondition(condition, ctx)) return false;\n }\n }\n return true;\n}\n\n/**\n * If the current position in `str` starts with a parenthesized group, consume\n * it and advance `re.lastIndex` past the closing `)`. Returns the group\n * contents or null if no group is present.\n */\nfunction extractConstraint(str: string, re: RegExp): string | null {\n if (str[re.lastIndex] !== \"(\") return null;\n const start = re.lastIndex + 1;\n let depth = 1;\n let i = start;\n while (i < str.length && depth > 0) {\n if (str[i] === \"(\") depth++;\n else if (str[i] === \")\") depth--;\n i++;\n }\n if (depth !== 0) return null;\n re.lastIndex = i;\n return str.slice(start, i - 1);\n}\n\n/**\n * Match a Next.js config pattern (from redirects/rewrites sources) against a pathname.\n * Returns matched params or null.\n *\n * Supports:\n * :param - matches a single path segment\n * :param* - matches zero or more segments (catch-all)\n * :param+ - matches one or more segments\n * (regex) - inline regex patterns in the source\n * :param(constraint) - named param with inline regex constraint\n */\nexport function matchConfigPattern(\n pathname: string,\n pattern: string,\n): Record<string, string> | null {\n // If the pattern contains regex groups like (\\d+) or (.*), use regex matching.\n // Also enter this branch when a catch-all parameter (:param* or :param+) is\n // followed by a literal suffix (e.g. \"/:path*.md\"). Without this, the suffix\n // pattern falls through to the simple segment matcher which incorrectly treats\n // the whole segment (\":path*.md\") as a named parameter and matches everything.\n // The last condition catches simple params with literal suffixes (e.g. \"/:slug.md\")\n // where the param name is followed by a dot — the simple matcher would treat\n // \"slug.md\" as the param name and match any single segment regardless of suffix.\n if (\n pattern.includes(\"(\") ||\n pattern.includes(\"\\\\\") ||\n /:[\\w-]+[*+][^/]/.test(pattern) ||\n /:[\\w-]+\\./.test(pattern)\n ) {\n try {\n // Param names may contain hyphens (e.g. :auth-method, :sign-in).\n const paramNames: string[] = [];\n // Single-pass conversion with procedural suffix handling. The tokenizer\n // matches only simple, non-overlapping tokens; quantifier/constraint\n // suffixes after :param are consumed procedurally to avoid polynomial\n // backtracking in the regex engine.\n let regexStr = \"\";\n const tokenRe = /:([\\w-]+)|[.]|[^:.]+/g; // lgtm[js/redos] — alternatives are non-overlapping (`:` and `.` excluded from `[^:.]+`)\n let tok: RegExpExecArray | null;\n while ((tok = tokenRe.exec(pattern)) !== null) {\n if (tok[1] !== undefined) {\n const name = tok[1];\n const rest = pattern.slice(tokenRe.lastIndex);\n // Check for quantifier (* or +) with optional constraint\n if (rest.startsWith(\"*\") || rest.startsWith(\"+\")) {\n const quantifier = rest[0];\n tokenRe.lastIndex += 1;\n const constraint = extractConstraint(pattern, tokenRe);\n paramNames.push(name);\n if (constraint !== null) {\n regexStr += `(${constraint})`;\n } else {\n regexStr += quantifier === \"*\" ? \"(.*)\" : \"(.+)\";\n }\n } else {\n // Check for inline constraint without quantifier\n const constraint = extractConstraint(pattern, tokenRe);\n paramNames.push(name);\n regexStr += constraint !== null ? `(${constraint})` : \"([^/]+)\";\n }\n } else if (tok[0] === \".\") {\n regexStr += \"\\\\.\";\n } else {\n regexStr += tok[0];\n }\n }\n const re = safeRegExp(\"^\" + regexStr + \"$\");\n if (!re) return null;\n const match = re.exec(pathname);\n if (!match) return null;\n const params: Record<string, string> = Object.create(null);\n for (let i = 0; i < paramNames.length; i++) {\n params[paramNames[i]] = match[i + 1] ?? \"\";\n }\n return params;\n } catch {\n // Fall through to segment-based matching\n }\n }\n\n // Check for catch-all patterns (:param* or :param+) without regex groups\n // Param names may contain hyphens (e.g. :sign-in*, :sign-up+).\n const catchAllMatch = pattern.match(/:([\\w-]+)(\\*|\\+)$/);\n if (catchAllMatch) {\n const prefix = pattern.slice(0, pattern.lastIndexOf(\":\"));\n const paramName = catchAllMatch[1];\n const isPlus = catchAllMatch[2] === \"+\";\n\n if (!pathname.startsWith(prefix.replace(/\\/$/, \"\"))) return null;\n\n const rest = pathname.slice(prefix.replace(/\\/$/, \"\").length);\n if (isPlus && (!rest || rest === \"/\")) return null;\n let restValue = rest.startsWith(\"/\") ? rest.slice(1) : rest;\n // NOTE: Do NOT decodeURIComponent here. The pathname is already decoded at\n // the request entry point. Decoding again would produce incorrect param values.\n return { [paramName]: restValue };\n }\n\n // Simple segment-based matching for exact patterns and :param\n const parts = pattern.split(\"/\");\n const pathParts = pathname.split(\"/\");\n\n if (parts.length !== pathParts.length) return null;\n\n const params: Record<string, string> = Object.create(null);\n for (let i = 0; i < parts.length; i++) {\n if (parts[i].startsWith(\":\")) {\n params[parts[i].slice(1)] = pathParts[i];\n } else if (parts[i] !== pathParts[i]) {\n return null;\n }\n }\n return params;\n}\n\n/**\n * Apply redirect rules from next.config.js.\n * Returns the redirect info if a redirect was matched, or null.\n *\n * `ctx` provides the request context (cookies, headers, query, host) used\n * to evaluate has/missing conditions. Next.js always has request context\n * when evaluating redirects, so this parameter is required.\n */\nexport function matchRedirect(\n pathname: string,\n redirects: NextRedirect[],\n ctx: RequestContext,\n): { destination: string; permanent: boolean } | null {\n for (const redirect of redirects) {\n const params = matchConfigPattern(pathname, redirect.source);\n if (params) {\n if (redirect.has || redirect.missing) {\n if (!checkHasConditions(redirect.has, redirect.missing, ctx)) {\n continue;\n }\n }\n let dest = redirect.destination;\n for (const [key, value] of Object.entries(params)) {\n // Replace :param*, :param+, and :param forms in the destination.\n // The catch-all suffixes (* and +) must be stripped along with the param name.\n dest = dest.replace(`:${key}*`, value);\n dest = dest.replace(`:${key}+`, value);\n dest = dest.replace(`:${key}`, value);\n }\n // Collapse protocol-relative URLs (e.g. //evil.com from decoded %2F in catch-all params).\n dest = sanitizeDestination(dest);\n return { destination: dest, permanent: redirect.permanent };\n }\n }\n return null;\n}\n\n/**\n * Apply rewrite rules from next.config.js.\n * Returns the rewritten URL or null if no rewrite matched.\n *\n * `ctx` provides the request context (cookies, headers, query, host) used\n * to evaluate has/missing conditions. Next.js always has request context\n * when evaluating rewrites, so this parameter is required.\n */\nexport function matchRewrite(\n pathname: string,\n rewrites: NextRewrite[],\n ctx: RequestContext,\n): string | null {\n for (const rewrite of rewrites) {\n const params = matchConfigPattern(pathname, rewrite.source);\n if (params) {\n if (rewrite.has || rewrite.missing) {\n if (!checkHasConditions(rewrite.has, rewrite.missing, ctx)) {\n continue;\n }\n }\n let dest = rewrite.destination;\n for (const [key, value] of Object.entries(params)) {\n // Replace :param*, :param+, and :param forms in the destination.\n // The catch-all suffixes (* and +) must be stripped along with the param name.\n dest = dest.replace(`:${key}*`, value);\n dest = dest.replace(`:${key}+`, value);\n dest = dest.replace(`:${key}`, value);\n }\n // Collapse protocol-relative URLs (e.g. //evil.com from decoded %2F in catch-all params).\n dest = sanitizeDestination(dest);\n return dest;\n }\n }\n return null;\n}\n\n/**\n * Sanitize a redirect/rewrite destination to collapse protocol-relative URLs.\n *\n * After parameter substitution, a destination like `/:path*` can become\n * `//evil.com` if the catch-all captured a decoded `%2F` (`/evil.com`).\n * Browsers interpret `//evil.com` as a protocol-relative URL, redirecting\n * users off-site.\n *\n * This function collapses any leading double (or more) slashes to a single\n * slash for non-external (relative) destinations.\n */\nexport function sanitizeDestination(dest: string): string {\n // External URLs (http://, https://) are intentional — don't touch them\n if (dest.startsWith(\"http://\") || dest.startsWith(\"https://\")) {\n return dest;\n }\n // Normalize leading backslashes to forward slashes. Browsers interpret\n // backslash as forward slash in URL contexts, so \"\\/evil.com\" becomes\n // \"//evil.com\" (protocol-relative redirect). Replace any mix of leading\n // slashes and backslashes with a single forward slash.\n dest = dest.replace(/^[\\\\/]+/, \"/\");\n return dest;\n}\n\n/**\n * Check if a URL is external (absolute URL or protocol-relative).\n * Detects any URL scheme (http:, https:, data:, javascript:, blob:, etc.)\n * per RFC 3986, plus protocol-relative URLs (//).\n */\nexport function isExternalUrl(url: string): boolean {\n return /^[a-z][a-z0-9+.-]*:/i.test(url) || url.startsWith(\"//\");\n}\n\n/**\n * Proxy an incoming request to an external URL and return the upstream response.\n *\n * Used for external rewrites (e.g. `/ph/:path*` → `https://us.i.posthog.com/:path*`).\n * Next.js handles these as server-side reverse proxies, forwarding the request\n * method, headers, and body to the external destination.\n *\n * Works in all runtimes (Node.js, Cloudflare Workers) via the standard fetch() API.\n */\nexport async function proxyExternalRequest(\n request: Request,\n externalUrl: string,\n): Promise<Response> {\n // Build the full external URL, preserving query parameters from the original request\n const originalUrl = new URL(request.url);\n const targetUrl = new URL(externalUrl);\n\n // If the rewrite destination already has query params, merge them.\n // Destination params take precedence — original request params are only added\n // when the destination doesn't already specify that key.\n for (const [key, value] of originalUrl.searchParams) {\n if (!targetUrl.searchParams.has(key)) {\n targetUrl.searchParams.set(key, value);\n }\n }\n\n // Forward the request with appropriate headers\n const headers = new Headers(request.headers);\n // Set Host to the external target (required for correct routing)\n headers.set(\"host\", targetUrl.host);\n // Remove headers that should not be forwarded to external services\n headers.delete(\"connection\");\n // Strip credentials and internal headers to prevent leaking auth tokens,\n // session cookies, and middleware internals to third-party origins.\n headers.delete(\"cookie\");\n headers.delete(\"authorization\");\n headers.delete(\"x-api-key\");\n headers.delete(\"proxy-authorization\");\n const keysToDelete: string[] = [];\n for (const key of headers.keys()) {\n if (key.startsWith(\"x-middleware-\")) {\n keysToDelete.push(key);\n }\n }\n for (const key of keysToDelete) {\n headers.delete(key);\n }\n\n const method = request.method;\n const hasBody = method !== \"GET\" && method !== \"HEAD\";\n\n const init: RequestInit & { duplex?: string } = {\n method,\n headers,\n redirect: \"manual\", // Don't follow redirects — pass them through to the client\n };\n\n if (hasBody && request.body) {\n init.body = request.body;\n init.duplex = \"half\";\n }\n\n // Enforce a timeout so slow/unresponsive upstreams don't hold connections\n // open indefinitely (DoS amplification risk on Node.js dev/prod servers).\n const controller = new AbortController();\n const timeout = setTimeout(() => controller.abort(), 30_000);\n let upstreamResponse: Response;\n try {\n upstreamResponse = await fetch(targetUrl.href, { ...init, signal: controller.signal });\n } catch (e: any) {\n if (e?.name === \"AbortError\") {\n console.error(\"[vinext] External rewrite proxy timeout:\", targetUrl.href);\n return new Response(\"Gateway Timeout\", { status: 504 });\n }\n console.error(\"[vinext] External rewrite proxy error:\", e);\n return new Response(\"Bad Gateway\", { status: 502 });\n } finally {\n clearTimeout(timeout);\n }\n\n // Build the response to return to the client.\n // Copy all upstream headers except hop-by-hop headers.\n // Node.js fetch() auto-decompresses responses (gzip, br, etc.), so the body\n // we receive is already plain text. Forwarding the original content-encoding\n // and content-length headers causes the browser to attempt a second\n // decompression on the already-decoded body, resulting in\n // ERR_CONTENT_DECODING_FAILED. Strip both headers on Node.js only.\n // On Workers, fetch() preserves wire encoding, so the headers stay accurate.\n const isNodeRuntime = typeof process !== \"undefined\" && !!(process.versions?.node);\n const responseHeaders = new Headers();\n upstreamResponse.headers.forEach((value, key) => {\n const lower = key.toLowerCase();\n if (HOP_BY_HOP_HEADERS.has(lower)) return;\n if (isNodeRuntime && (lower === \"content-encoding\" || lower === \"content-length\")) return;\n responseHeaders.append(key, value);\n });\n\n return new Response(upstreamResponse.body, {\n status: upstreamResponse.status,\n statusText: upstreamResponse.statusText,\n headers: responseHeaders,\n });\n}\n\n/**\n * Apply custom header rules from next.config.js.\n * Returns an array of { key, value } pairs to set on the response.\n *\n * `ctx` provides the request context (cookies, headers, query, host) used\n * to evaluate has/missing conditions. Next.js always has request context\n * when evaluating headers, so this parameter is required.\n */\nexport function matchHeaders(\n pathname: string,\n headers: NextHeader[],\n ctx: RequestContext,\n): Array<{ key: string; value: string }> {\n const result: Array<{ key: string; value: string }> = [];\n for (const rule of headers) {\n const escaped = escapeHeaderSource(rule.source);\n const sourceRegex = safeRegExp(\"^\" + escaped + \"$\");\n if (sourceRegex && sourceRegex.test(pathname)) {\n if (rule.has || rule.missing) {\n if (!checkHasConditions(rule.has, rule.missing, ctx)) {\n continue;\n }\n }\n result.push(...rule.headers);\n }\n }\n return result;\n}\n"]}
package/dist/deploy.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"deploy.d.ts","sourceRoot":"","sources":["../src/deploy.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAQH,OAAO,EACL,cAAc,IAAI,eAAe,EACjC,gBAAgB,IAAI,iBAAiB,EAEtC,MAAM,oBAAoB,CAAC;AAO5B,MAAM,WAAW,aAAa;IAC5B,6BAA6B;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,0DAA0D;IAC1D,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,+DAA+D;IAC/D,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,yCAAyC;IACzC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,iDAAiD;IACjD,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,gEAAgE;IAChE,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,4DAA4D;IAC5D,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,mEAAmE;IACnE,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,qEAAqE;IACrE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,4DAA4D;IAC5D,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAkBD,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE;;;;;;;;;;;EAc7C;AAID,UAAU,WAAW;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,OAAO,CAAC;IACrB,aAAa,EAAE,OAAO,CAAC;IACvB,aAAa,EAAE,OAAO,CAAC;IACvB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,cAAc,EAAE,OAAO,CAAC;IACxB,mBAAmB,EAAE,OAAO,CAAC;IAC7B,YAAY,EAAE,OAAO,CAAC;IACtB,WAAW,EAAE,OAAO,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,wCAAwC;IACxC,MAAM,EAAE,OAAO,CAAC;IAChB,wCAAwC;IACxC,aAAa,EAAE,OAAO,CAAC;IACvB,4CAA4C;IAC5C,MAAM,EAAE,OAAO,CAAC;IAChB,+BAA+B;IAC/B,WAAW,EAAE,OAAO,CAAC;IACrB,yDAAyD;IACzD,mBAAmB,EAAE,MAAM,EAAE,CAAC;CAC/B;AAID,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,WAAW,CA0GvD;AAwHD,mCAAmC;AACnC,eAAO,MAAM,cAAc,wBAAkB,CAAC;AAE9C,qCAAqC;AACrC,eAAO,MAAM,gBAAgB,0BAAoB,CAAC;AAIlD,sCAAsC;AACtC,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,WAAW,GAAG,MAAM,CAiChE;AAED,8CAA8C;AAC9C,wBAAgB,4BAA4B,IAAI,MAAM,CAoDrD;AAED,gDAAgD;AAChD,wBAAgB,8BAA8B,IAAI,MAAM,CAiSvD;AAED,6CAA6C;AAC7C,wBAAgB,2BAA2B,CAAC,IAAI,CAAC,EAAE,WAAW,GAAG,MAAM,CAgDtE;AAED,+CAA+C;AAC/C,wBAAgB,6BAA6B,CAAC,IAAI,CAAC,EAAE,WAAW,GAAG,MAAM,CAmCxE;AAID,UAAU,UAAU;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAQ9E;AAED,wBAAgB,cAAc,CAC5B,IAAI,EAAE,WAAW;AACjB,+DAA+D;AAC/D,aAAa,GAAE,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,KAAK,OAA6B,GAC1E,UAAU,EAAE,CA6Bd;AAoBD,UAAU,aAAa;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,WAAW,GAAG,aAAa,EAAE,CAkCrE;AAmCD,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,GAAG,EAAE,MAAM,GAAG,SAAS,CAAC;CACzB;AAED,wBAAgB,uBAAuB,CAAC,OAAO,EAAE,IAAI,CAAC,aAAa,EAAE,SAAS,GAAG,KAAK,CAAC,GAAG,kBAAkB,CAO3G;AAwCD,wBAAsB,MAAM,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CAoGlE"}
1
+ {"version":3,"file":"deploy.d.ts","sourceRoot":"","sources":["../src/deploy.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAQH,OAAO,EACL,cAAc,IAAI,eAAe,EACjC,gBAAgB,IAAI,iBAAiB,EAGtC,MAAM,oBAAoB,CAAC;AAO5B,MAAM,WAAW,aAAa;IAC5B,6BAA6B;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,0DAA0D;IAC1D,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,+DAA+D;IAC/D,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,yCAAyC;IACzC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,iDAAiD;IACjD,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,gEAAgE;IAChE,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,4DAA4D;IAC5D,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,mEAAmE;IACnE,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,qEAAqE;IACrE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,4DAA4D;IAC5D,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAkBD,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE;;;;;;;;;;;EAc7C;AAID,UAAU,WAAW;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,OAAO,CAAC;IACrB,aAAa,EAAE,OAAO,CAAC;IACvB,aAAa,EAAE,OAAO,CAAC;IACvB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,cAAc,EAAE,OAAO,CAAC;IACxB,mBAAmB,EAAE,OAAO,CAAC;IAC7B,YAAY,EAAE,OAAO,CAAC;IACtB,WAAW,EAAE,OAAO,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,wCAAwC;IACxC,MAAM,EAAE,OAAO,CAAC;IAChB,wCAAwC;IACxC,aAAa,EAAE,OAAO,CAAC;IACvB,4CAA4C;IAC5C,MAAM,EAAE,OAAO,CAAC;IAChB,+BAA+B;IAC/B,WAAW,EAAE,OAAO,CAAC;IACrB,yDAAyD;IACzD,mBAAmB,EAAE,MAAM,EAAE,CAAC;CAC/B;AAID,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,WAAW,CAsGvD;AAwHD,mCAAmC;AACnC,eAAO,MAAM,cAAc,wBAAkB,CAAC;AAE9C,qCAAqC;AACrC,eAAO,MAAM,gBAAgB,0BAAoB,CAAC;AAIlD,sCAAsC;AACtC,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,WAAW,GAAG,MAAM,CAiChE;AAED,8CAA8C;AAC9C,wBAAgB,4BAA4B,IAAI,MAAM,CAoDrD;AAED,gDAAgD;AAChD,wBAAgB,8BAA8B,IAAI,MAAM,CA6UvD;AAED,6CAA6C;AAC7C,wBAAgB,2BAA2B,CAAC,IAAI,CAAC,EAAE,WAAW,GAAG,MAAM,CAgDtE;AAED,+CAA+C;AAC/C,wBAAgB,6BAA6B,CAAC,IAAI,CAAC,EAAE,WAAW,GAAG,MAAM,CAmCxE;AAID,UAAU,UAAU;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAQ9E;AAED,wBAAgB,cAAc,CAC5B,IAAI,EAAE,WAAW;AACjB,+DAA+D;AAC/D,aAAa,GAAE,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,KAAK,OAA6B,GAC1E,UAAU,EAAE,CA2Bd;AAoBD,UAAU,aAAa;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,WAAW,GAAG,aAAa,EAAE,CAkCrE;AAmCD,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,GAAG,EAAE,MAAM,GAAG,SAAS,CAAC;CACzB;AAED,wBAAgB,uBAAuB,CAAC,OAAO,EAAE,IAAI,CAAC,aAAa,EAAE,SAAS,GAAG,KAAK,CAAC,GAAG,kBAAkB,CAO3G;AA2CD,wBAAsB,MAAM,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CAoGlE"}
package/dist/deploy.js CHANGED
@@ -19,7 +19,7 @@ import { createRequire } from "node:module";
19
19
  import { execFileSync } from "node:child_process";
20
20
  import { parseArgs as nodeParseArgs } from "node:util";
21
21
  import { createBuilder, build } from "vite";
22
- import { ensureESModule as _ensureESModule, renameCJSConfigs as _renameCJSConfigs, detectPackageManager as _detectPackageManager, } from "./utils/project.js";
22
+ import { ensureESModule as _ensureESModule, renameCJSConfigs as _renameCJSConfigs, detectPackageManager as _detectPackageManager, findInNodeModules as _findInNodeModules, } from "./utils/project.js";
23
23
  import { getReactUpgradeDeps } from "./init.js";
24
24
  import { runTPR } from "./cloudflare/tpr.js";
25
25
  import { loadDotenv } from "./config/dotenv.js";
@@ -69,10 +69,12 @@ export function detectProject(root) {
69
69
  fs.existsSync(path.join(root, "wrangler.toml"));
70
70
  const hasWorkerEntry = fs.existsSync(path.join(root, "worker", "index.ts")) ||
71
71
  fs.existsSync(path.join(root, "worker", "index.js"));
72
- // Check node_modules for installed packages
73
- const hasCloudflarePlugin = fs.existsSync(path.join(root, "node_modules", "@cloudflare", "vite-plugin"));
74
- const hasRscPlugin = fs.existsSync(path.join(root, "node_modules", "@vitejs", "plugin-rsc"));
75
- const hasWrangler = fs.existsSync(path.join(root, "node_modules", ".bin", "wrangler"));
72
+ // Check node_modules for installed packages.
73
+ // Walk up ancestor directories so that monorepo-hoisted packages are found
74
+ // even when node_modules lives at the workspace root rather than app root.
75
+ const hasCloudflarePlugin = _findInNodeModules(root, "@cloudflare/vite-plugin") !== null;
76
+ const hasRscPlugin = _findInNodeModules(root, "@vitejs/plugin-rsc") !== null;
77
+ const hasWrangler = _findInNodeModules(root, ".bin/wrangler") !== null;
76
78
  // Derive project name from package.json or directory name
77
79
  let projectName = path.basename(root);
78
80
  const pkgPath = path.join(root, "package.json");
@@ -457,12 +459,16 @@ export default {
457
459
  }
458
460
 
459
461
  // Build request context for has/missing condition matching.
460
- // Created before middleware runs, matching prod-server ordering.
462
+ // headers and redirects run before middleware, so they use this
463
+ // pre-middleware snapshot. beforeFiles, afterFiles, and fallback
464
+ // rewrites run after middleware (App Router order), so they use
465
+ // postMwReqCtx created after x-middleware-request-* headers are
466
+ // unpacked into request.
461
467
  const reqCtx = requestContextFromRequest(request);
462
468
 
463
469
  // ── 3. Run middleware ──────────────────────────────────────────
464
470
  let resolvedUrl = urlWithQuery;
465
- const middlewareHeaders: Record<string, string> = {};
471
+ const middlewareHeaders: Record<string, string | string[]> = {};
466
472
  let middlewareRewriteStatus: number | undefined;
467
473
  if (typeof runMiddleware === "function") {
468
474
  const result = await runMiddleware(request);
@@ -479,10 +485,22 @@ export default {
479
485
  }
480
486
  }
481
487
 
482
- // Collect middleware response headers to merge into final response
488
+ // Collect middleware response headers to merge into final response.
489
+ // Use an array for Set-Cookie to preserve multiple values.
483
490
  if (result.responseHeaders) {
484
491
  for (const [key, value] of result.responseHeaders) {
485
- middlewareHeaders[key] = value;
492
+ if (key === "set-cookie") {
493
+ const existing = middlewareHeaders[key];
494
+ if (Array.isArray(existing)) {
495
+ existing.push(value);
496
+ } else if (existing) {
497
+ middlewareHeaders[key] = [existing as string, value];
498
+ } else {
499
+ middlewareHeaders[key] = [value];
500
+ }
501
+ } else {
502
+ middlewareHeaders[key] = value;
503
+ }
486
504
  }
487
505
  }
488
506
 
@@ -503,7 +521,7 @@ export default {
503
521
  for (const key of Object.keys(middlewareHeaders)) {
504
522
  if (key.startsWith(mwReqPrefix)) {
505
523
  const realName = key.slice(mwReqPrefix.length);
506
- mwReqHeaders[realName] = middlewareHeaders[key];
524
+ mwReqHeaders[realName] = middlewareHeaders[key] as string;
507
525
  delete middlewareHeaders[key];
508
526
  } else if (key.startsWith("x-middleware-")) {
509
527
  delete middlewareHeaders[key];
@@ -523,19 +541,32 @@ export default {
523
541
  });
524
542
  }
525
543
 
544
+ // Rebuild context after middleware has unpacked x-middleware-request-*
545
+ // headers into the cloned request. Used only for afterFiles and fallback
546
+ // rewrites, which run after middleware in the App Router execution order.
547
+ const postMwReqCtx = requestContextFromRequest(request);
548
+
526
549
  let resolvedPathname = resolvedUrl.split("?")[0];
527
550
 
528
551
  // ── 4. Apply custom headers from next.config.js ───────────────
529
552
  // Config headers are additive for multi-value headers (Vary,
530
553
  // Set-Cookie) and override for everything else. Vary values are
531
- // comma-joined per HTTP spec. Set-Cookie values are comma-joined
532
- // here because middlewareHeaders is a flat Record<string, string>;
533
- // mergeHeaders() downstream handles multi-value expansion.
554
+ // comma-joined per HTTP spec. Set-Cookie values are accumulated
555
+ // as arrays (RFC 6265 forbids comma-joining cookies).
534
556
  if (configHeaders.length) {
535
557
  const matched = matchHeaders(resolvedPathname, configHeaders, reqCtx);
536
558
  for (const h of matched) {
537
559
  const lk = h.key.toLowerCase();
538
- if ((lk === "vary" || lk === "set-cookie") && middlewareHeaders[lk]) {
560
+ if (lk === "set-cookie") {
561
+ const existing = middlewareHeaders[lk];
562
+ if (Array.isArray(existing)) {
563
+ existing.push(h.value);
564
+ } else if (existing) {
565
+ middlewareHeaders[lk] = [existing as string, h.value];
566
+ } else {
567
+ middlewareHeaders[lk] = [h.value];
568
+ }
569
+ } else if (lk === "vary" && middlewareHeaders[lk]) {
539
570
  middlewareHeaders[lk] += ", " + h.value;
540
571
  } else {
541
572
  middlewareHeaders[lk] = h.value;
@@ -561,7 +592,7 @@ export default {
561
592
 
562
593
  // ��─ 6. Apply beforeFiles rewrites from next.config.js ─────────
563
594
  if (configRewrites.beforeFiles?.length) {
564
- const rewritten = matchRewrite(resolvedPathname, configRewrites.beforeFiles, reqCtx);
595
+ const rewritten = matchRewrite(resolvedPathname, configRewrites.beforeFiles, postMwReqCtx);
565
596
  if (rewritten) {
566
597
  if (isExternalUrl(rewritten)) {
567
598
  return proxyExternalRequest(request, rewritten);
@@ -581,7 +612,7 @@ export default {
581
612
 
582
613
  // ── 8. Apply afterFiles rewrites from next.config.js ──────────
583
614
  if (configRewrites.afterFiles?.length) {
584
- const rewritten = matchRewrite(resolvedPathname, configRewrites.afterFiles, reqCtx);
615
+ const rewritten = matchRewrite(resolvedPathname, configRewrites.afterFiles, postMwReqCtx);
585
616
  if (rewritten) {
586
617
  if (isExternalUrl(rewritten)) {
587
618
  return proxyExternalRequest(request, rewritten);
@@ -598,7 +629,7 @@ export default {
598
629
 
599
630
  // ── 10. Fallback rewrites (if SSR returned 404) ─────────────
600
631
  if (response && response.status === 404 && configRewrites.fallback?.length) {
601
- const fallbackRewrite = matchRewrite(resolvedPathname, configRewrites.fallback, reqCtx);
632
+ const fallbackRewrite = matchRewrite(resolvedPathname, configRewrites.fallback, postMwReqCtx);
602
633
  if (fallbackRewrite) {
603
634
  if (isExternalUrl(fallbackRewrite)) {
604
635
  return proxyExternalRequest(request, fallbackRewrite);
@@ -622,19 +653,34 @@ export default {
622
653
 
623
654
  /**
624
655
  * Merge middleware/config headers into a response.
625
- * Response headers take precedence over middleware headers, matching
626
- * the behavior in prod-server.ts.
656
+ * Response headers take precedence over middleware headers for all headers
657
+ * except Set-Cookie, which is additive (both middleware and response cookies
658
+ * are preserved). Matches the behavior in prod-server.ts. Uses getSetCookie()
659
+ * to preserve multiple Set-Cookie values.
627
660
  */
628
661
  function mergeHeaders(
629
662
  response: Response,
630
- extraHeaders: Record<string, string>,
663
+ extraHeaders: Record<string, string | string[]>,
631
664
  statusOverride?: number,
632
665
  ): Response {
633
666
  if (!Object.keys(extraHeaders).length && !statusOverride) return response;
634
- // Middleware/config headers go in first (lower precedence), then
635
- // response headers overlay them (higher precedence).
636
- const merged: Record<string, string> = { ...extraHeaders };
637
- response.headers.forEach((v, k) => { merged[k] = v; });
667
+ const merged = new Headers();
668
+ // Middleware/config headers go in first (lower precedence)
669
+ for (const [k, v] of Object.entries(extraHeaders)) {
670
+ if (Array.isArray(v)) {
671
+ for (const item of v) merged.append(k, item);
672
+ } else {
673
+ merged.set(k, v);
674
+ }
675
+ }
676
+ // Response headers overlay them (higher precedence), except Set-Cookie
677
+ // which is additive (both middleware and response cookies should be sent).
678
+ response.headers.forEach((v, k) => {
679
+ if (k === "set-cookie") return;
680
+ merged.set(k, v);
681
+ });
682
+ const responseCookies = response.headers.getSetCookie?.() ?? [];
683
+ for (const cookie of responseCookies) merged.append("set-cookie", cookie);
638
684
  return new Response(response.body, {
639
685
  status: statusOverride ?? response.status,
640
686
  statusText: response.statusText,
@@ -752,8 +798,8 @@ _isResolvable = isPackageResolvable) {
752
798
  }
753
799
  }
754
800
  if (info.hasMDX) {
755
- // Check if @mdx-js/rollup is already installed
756
- const hasMdxRollup = fs.existsSync(path.join(info.root, "node_modules", "@mdx-js", "rollup"));
801
+ // Check if @mdx-js/rollup is already installed (walk up for monorepo hoisting)
802
+ const hasMdxRollup = _findInNodeModules(info.root, "@mdx-js/rollup") !== null;
757
803
  if (!hasMdxRollup) {
758
804
  missing.push({ name: "@mdx-js/rollup", version: "latest" });
759
805
  }
@@ -840,7 +886,10 @@ export function buildWranglerDeployArgs(options) {
840
886
  return { args, env };
841
887
  }
842
888
  function runWranglerDeploy(root, options) {
843
- const wranglerBin = path.join(root, "node_modules", ".bin", "wrangler");
889
+ // Walk up ancestor directories so the binary is found even when node_modules
890
+ // is hoisted to the workspace root in a monorepo.
891
+ const wranglerBin = _findInNodeModules(root, ".bin/wrangler") ??
892
+ path.join(root, "node_modules", ".bin", "wrangler"); // fallback for error message clarity
844
893
  const execOpts = {
845
894
  cwd: root,
846
895
  stdio: "pipe",