vinext 0.0.24 → 0.0.25

package/dist/index.js

@@ -4,6 +4,7 @@ import { appRouter, invalidateAppRouteCache } from "./routing/app-router.js";
 import { createValidFileMatcher } from "./routing/file-matcher.js";
 import { createSSRHandler } from "./server/dev-server.js";
 import { handleApiRoute } from "./server/api-handler.js";
+import { createDirectRunner } from "./server/dev-module-runner.js";
 import { generateRscEntry, generateSsrEntry, generateBrowserEntry, } from "./server/app-dev-server.js";
 import { loadNextConfig, resolveNextConfig, } from "./config/next-config.js";
 import { findMiddlewareFile, isProxyFile, runMiddleware } from "./server/middleware.js";
@@ -16,6 +17,7 @@ import { validateDevRequest } from "./server/dev-origin-check.js";
 import { safeRegExp, isExternalUrl, proxyExternalRequest, parseCookies, matchHeaders, matchRedirect, matchRewrite, } from "./config/config-matchers.js";
 import { scanMetadataFiles } from "./server/metadata-routes.js";
 import { detectPackageManager } from "./utils/project.js";
+import { asyncHooksStubPlugin } from "./plugins/async-hooks-stub.js";
 import tsconfigPaths from "vite-tsconfig-paths";
 import react from "@vitejs/plugin-react";
 import MagicString from "magic-string";
@@ -567,10 +569,35 @@ export default function vinext(options = {}) {
                 contentSecurityPolicy: nextConfig?.images?.contentSecurityPolicy,
             },
         });
+        // Generate instrumentation code if instrumentation.ts exists.
+        // For production (Cloudflare Workers), instrumentation.ts is bundled into the
+        // Worker and register() is called as a top-level await at module evaluation time —
+        // before any request is handled. This mirrors App Router behavior (generateRscEntry)
+        // and matches Next.js semantics: register() runs once on startup in the process
+        // that handles requests.
+        //
+        // The onRequestError handler is stored on globalThis so it is visible across
+        // all code within the Worker (same global scope).
+        const instrumentationImportCode = instrumentationPath
+            ? `import * as _instrumentation from ${JSON.stringify(instrumentationPath.replace(/\\/g, "/"))};`
+            : "";
+        const instrumentationInitCode = instrumentationPath
+            ? `// Run instrumentation register() once at module evaluation time — before any
+// requests are handled. Matches Next.js semantics: register() is called once
+// on startup in the process that handles requests.
+if (typeof _instrumentation.register === "function") {
+  await _instrumentation.register();
+}
+// Store the onRequestError handler on globalThis so it is visible to all
+// code within the Worker (same global scope).
+if (typeof _instrumentation.onRequestError === "function") {
+  globalThis.__VINEXT_onRequestErrorHandler__ = _instrumentation.onRequestError;
+}`
+            : "";
         // Generate middleware code if middleware.ts exists
         const middlewareImportCode = middlewarePath
             ? `import * as middlewareModule from ${JSON.stringify(middlewarePath.replace(/\\/g, "/"))};
-import { NextRequest } from "next/server";`
+import { NextRequest, NextFetchEvent } from "next/server";`
             : "";
         // The matcher config is read from the middleware module at import time.
         // We inline the matching + execution logic so the prod server can call it.
@@ -581,7 +608,7 @@ ${generateNormalizePathCode("es5")}
 ${generateSafeRegExpCode("es5")}
 ${generateMiddlewareMatcherCode("es5")}
 
-export async function runMiddleware(request) {
+export async function runMiddleware(request, ctx) {
   var isProxy = ${middlewarePath ? JSON.stringify(isProxyFile(middlewarePath)) : "false"};
   var middlewareFn = isProxy
     ? (middlewareModule.proxy ?? middlewareModule.default)
@@ -615,12 +642,14 @@ export async function runMiddleware(request) {
     mwRequest = new Request(mwUrl, request);
   }
   var nextRequest = mwRequest instanceof NextRequest ? mwRequest : new NextRequest(mwRequest);
+  var fetchEvent = new NextFetchEvent({ page: normalizedPathname });
   var response;
-  try { response = await middlewareFn(nextRequest); }
+  try { response = await middlewareFn(nextRequest, fetchEvent); }
   catch (e) {
     console.error("[vinext] Middleware error:", e);
     return { continue: false, response: new Response("Internal Server Error", { status: 500 }) };
   }
+  if (ctx && typeof ctx.waitUntil === "function") { ctx.waitUntil(fetchEvent.drainWaitUntil()); } else { fetchEvent.drainWaitUntil(); }
 
   if (!response) return { continue: true };
 
@@ -678,8 +707,11 @@ import { runWithHeadState } from "vinext/head-state";
 import { safeJsonStringify } from "vinext/html";
 import { getSSRFontLinks as _getSSRFontLinks, getSSRFontStyles as _getSSRFontStylesGoogle, getSSRFontPreloads as _getSSRFontPreloadsGoogle } from "next/font/google";
 import { getSSRFontStyles as _getSSRFontStylesLocal, getSSRFontPreloads as _getSSRFontPreloadsLocal } from "next/font/local";
+${instrumentationImportCode}
 ${middlewareImportCode}
 
+${instrumentationInitCode}
+
 // i18n config (embedded at build time)
 const i18nConfig = ${i18nConfigJson};
 
@@ -1677,7 +1709,7 @@ hydrate();
                 // Load next.config.js if present (always from project root, not src/)
                 const phase = env?.command === "build" ? PHASE_PRODUCTION_BUILD : PHASE_DEVELOPMENT_SERVER;
                 const rawConfig = await loadNextConfig(root, phase);
-                nextConfig = await resolveNextConfig(rawConfig);
+                nextConfig = await resolveNextConfig(rawConfig, root);
                 fileMatcher = createValidFileMatcher(nextConfig.pageExtensions);
                 // Merge env from next.config.js with NEXT_PUBLIC_* env vars
                 const defines = getNextPublicEnvDefines();
@@ -1717,6 +1749,7 @@ hydrate();
                 // Build the shim alias map — used by both resolve.alias and resolveId
                 // (resolveId handles .js extension variants for libraries like nuqs)
                 nextShimMap = {
+                    ...nextConfig.aliases,
                     "next/link": path.join(shimsDir, "link"),
                     "next/head": path.join(shimsDir, "head"),
                     "next/router": path.join(shimsDir, "router"),
@@ -1894,12 +1927,21 @@ hydrate();
                             origin: /^https?:\/\/(?:(?:[^:]+\.)?localhost|127\.0\.0\.1|\[::1\])(?::\d+)?$/,
                         },
                     },
-                    // Externalize React packages from SSR transform — they are CJS and
-                    // must be loaded natively by Node, not through Vite's ESM evaluator.
+                    // Configure SSR transform behaviour for Node targets.
+                    // - `external`: React packages are loaded natively by Node (CJS)
+                    //   rather than through Vite's ESM evaluator.
+                    // - `noExternal: true`: force everything else through Vite's
+                    //   transform pipeline so non-JS imports (CSS, images) from
+                    //   node_modules don't hit Node's native ESM loader.
+                    //   Any user-provided `ssr.noExternal` is intentionally superseded
+                    //   by this setting; only `ssr.external` entries escape Vite's transform.
                     // Skip when targeting bundled runtimes (Cloudflare/Nitro bundle everything).
+                    // This also resolves extensionless-import issues in packages like
+                    // `validator` (see #189) by routing them through Vite's resolver.
                     ...(hasCloudflarePlugin || hasNitroPlugin ? {} : {
                         ssr: {
                             external: ["react", "react-dom", "react-dom/server"],
+                            noExternal: true,
                         },
                     }),
                     resolve: {
@@ -1934,6 +1976,17 @@ hydrate();
                     // Inject resolved PostCSS plugins if string names were found
                     ...(postcssOverride ? { css: { postcss: postcssOverride } } : {}),
                 };
+                // Collect user-provided ssr.external so we can propagate it into
+                // both the RSC and SSR environment configs. Vite's `ssr.*` config
+                // only applies to the default `ssr` environment, not custom ones
+                // like `rsc`. Native addon packages (e.g. better-sqlite3) listed
+                // in ssr.external must be externalized from ALL server environments.
+                // Vite's SSROptions.external is `string[] | true`; handle both forms.
+                const userSsrExternal = Array.isArray(config.ssr?.external)
+                    ? config.ssr.external
+                    : config.ssr?.external === true
+                        ? true
+                        : [];
                 // If app/ directory exists, configure RSC environments
                 if (hasAppDir) {
                     // Compute optimizeDeps.entries so Vite discovers server-side
@@ -1956,11 +2009,19 @@ hydrate();
                                     // Note: Do NOT externalize react/react-dom here — they must
                                     // be bundled with the "react-server" condition for RSC.
                                     // Skip when targeting bundled runtimes (Cloudflare/Nitro).
-                                    external: [
+                                    external: userSsrExternal === true ? true : [
                                         "satori",
                                         "@resvg/resvg-js",
                                         "yoga-wasm-web",
+                                        ...userSsrExternal,
                                     ],
+                                    // Force all node_modules through Vite's transform pipeline
+                                    // so non-JS imports (CSS, images) don't hit Node's native
+                                    // ESM loader. Matches Next.js behavior of bundling everything.
+                                    // Packages in `external` above take precedence per Vite rules.
+                                    // When user sets `ssr.external: true`, skip noExternal since
+                                    // everything is already externalized.
+                                    ...(userSsrExternal === true ? {} : { noExternal: true }),
                                 },
                             }),
                             optimizeDeps: {
@@ -1975,6 +2036,17 @@ hydrate();
                             },
                         },
                         ssr: {
+                            ...(hasCloudflarePlugin || hasNitroPlugin ? {} : {
+                                resolve: {
+                                    external: userSsrExternal === true ? true : [...userSsrExternal],
+                                    // Force all node_modules through Vite's transform pipeline
+                                    // so non-JS imports (CSS, images) don't hit Node's native
+                                    // ESM loader. Matches Next.js behavior of bundling everything.
+                                    // When user sets `ssr.external: true`, skip noExternal since
+                                    // everything is already externalized.
+                                    ...(userSsrExternal === true ? {} : { noExternal: true }),
+                                },
+                            }),
                             optimizeDeps: {
                                 exclude: ["vinext"],
                                 entries: appEntries,
@@ -2138,8 +2210,8 @@ hydrate();
                         rewrites: nextConfig?.rewrites,
                         headers: nextConfig?.headers,
                         allowedOrigins: nextConfig?.serverActionsAllowedOrigins,
-                        allowedDevOrigins: nextConfig?.serverActionsAllowedOrigins,
-                    });
+                        allowedDevOrigins: nextConfig?.allowedDevOrigins,
+                    }, instrumentationPath);
                 }
                 if (id === RESOLVED_APP_SSR_ENTRY && hasAppDir) {
                     return generateSsrEntry();
@@ -2149,6 +2221,8 @@ hydrate();
                 }
             },
         },
+        // Stub node:async_hooks in client builds — see src/plugins/async-hooks-stub.ts
+        asyncHooksStubPlugin,
         // Proxy plugin for @mdx-js/rollup. The real MDX plugin is created lazily
         // during vinext:config's config() (when MDX files are detected), but
         // plugins returned from config() hooks run too late in the pipeline —
@@ -2242,6 +2316,32 @@ hydrate();
             configureServer(server) {
                 // Watch pages directory for file additions/removals to invalidate route cache.
                 const pageExtensions = fileMatcher.extensionRegex;
+                // Build a long-lived ModuleRunner for loading all Pages Router modules
+                // (middleware, API routes, SSR page rendering) on every request.
+                //
+                // We must NOT use server.ssrLoadModule() here: when @cloudflare/vite-plugin
+                // is present its environments replace the SSR transport, causing
+                // SSRCompatModuleRunner to crash with:
+                //   TypeError: Cannot read properties of undefined (reading 'outsideEmitter')
+                // on the very first request.
+                //
+                // createDirectRunner() builds a runner on environment.fetchModule() which
+                // is a plain async method — safe with all plugin combinations, including
+                // @cloudflare/vite-plugin.
+                //
+                // The runner is created lazily on first use so that all environments are
+                // fully registered before we inspect them. We prefer "ssr", then any
+                // non-"rsc" environment, then whatever is available.
+                let pagesRunner = null;
+                function getPagesRunner() {
+                    if (!pagesRunner) {
+                        const env = server.environments["ssr"] ??
+                            Object.values(server.environments).find((e) => e !== server.environments["rsc"]) ??
+                            Object.values(server.environments)[0];
+                        pagesRunner = createDirectRunner(env);
+                    }
+                    return pagesRunner;
+                }
                 /**
                  * Invalidate the virtual RSC entry module in Vite's module graph.
                  *
@@ -2291,7 +2391,7 @@ hydrate();
                         "x-forwarded-host": req.headers["x-forwarded-host"],
                         "sec-fetch-site": req.headers["sec-fetch-site"],
                         "sec-fetch-mode": req.headers["sec-fetch-mode"],
-                    }, nextConfig?.serverActionsAllowedOrigins);
+                    }, nextConfig?.allowedDevOrigins);
                     if (blockReason) {
                         console.warn(`[vinext] Blocked dev request: ${blockReason} (${req.url})`);
                         res.writeHead(403, { "Content-Type": "text/plain" });
@@ -2303,11 +2403,28 @@ hydrate();
                 // Return a function to register middleware AFTER Vite's built-in middleware
                 return () => {
                     // Run instrumentation.ts register() if present (once at server startup).
-                    // Must be inside the returned function — ssrLoadModule() requires the
-                    // SSR environment's transport channel, which is not initialized until
-                    // after configureServer() returns. (See issue #167)
-                    if (instrumentationPath) {
-                        runInstrumentation(server, instrumentationPath).catch((err) => {
+                    // Must be inside the returned function so that all environments are
+                    // fully registered before getPagesRunner() inspects them.
+                    //
+                    // App Router: register() is baked into the generated RSC entry as a
+                    // top-level await, so it runs inside the Worker process (or RSC Vite
+                    // environment) — the same process as request handling. Calling
+                    // runInstrumentation() here too would run it a second time in the host
+                    // process, which is wrong when @cloudflare/vite-plugin is present.
+                    //
+                    // Pages Router prod: register() is baked into generateServerEntry() as
+                    // a top-level await, so it runs inside the Worker bundle — the same
+                    // process as request handling. configureServer() is never called during
+                    // a prod build, so there is no double-invocation risk there either.
+                    //
+                    // We pass getPagesRunner() (createDirectRunner) rather than server so
+                    // that this is safe when @cloudflare/vite-plugin is present. That
+                    // plugin replaces the SSR environment's hot channel, causing
+                    // server.ssrLoadModule() to crash with outsideEmitter. The runner
+                    // calls environment.fetchModule() directly and never touches the hot
+                    // channel, making it safe with all Vite plugin combinations.
+                    if (instrumentationPath && !hasAppDir) {
+                        runInstrumentation(getPagesRunner(), instrumentationPath).catch((err) => {
                             console.error("[vinext] Instrumentation error:", err);
                         });
                     }
@@ -2446,7 +2563,7 @@ hydrate();
                                 "x-forwarded-host": req.headers["x-forwarded-host"],
                                 "sec-fetch-site": req.headers["sec-fetch-site"],
                                 "sec-fetch-mode": req.headers["sec-fetch-mode"],
-                            }, nextConfig?.serverActionsAllowedOrigins);
+                            }, nextConfig?.allowedDevOrigins);
                             if (blockReason) {
                                 console.warn(`[vinext] Blocked dev request: ${blockReason} (${url})`);
                                 res.writeHead(403, { "Content-Type": "text/plain" });
@@ -2575,7 +2692,7 @@ hydrate();
                                         .filter(([, v]) => v !== undefined)
                                         .map(([k, v]) => [k, Array.isArray(v) ? v.join(", ") : String(v)])),
                                 });
-                                const result = await runMiddleware(server, middlewarePath, middlewareRequest);
+                                const result = await runMiddleware(getPagesRunner(), middlewarePath, middlewareRequest);
                                 if (!result.continue) {
                                     if (result.redirectUrl) {
                                         const redirectHeaders = { Location: result.redirectUrl };
@@ -2626,11 +2743,41 @@ hydrate();
                                 // Apply middleware rewrite (URL and optional status code)
                                 if (result.rewriteUrl) {
                                     url = result.rewriteUrl;
+                                    // Write the rewritten URL back onto req.url so every subsequent
+                                    // handler in the connect chain sees the correct path. The local
+                                    // `url` variable is only visible within this handler — anything
+                                    // further down the chain (Vite's built-in middleware, the
+                                    // Cloudflare plugin's handler, or any other connect middleware)
+                                    // reads req.url directly. Without this, a middleware rewrite
+                                    // would be invisible to those handlers and the original URL
+                                    // would be dispatched instead.
+                                    req.url = url;
                                 }
                                 if (result.rewriteStatus) {
                                     req.__vinextRewriteStatus = result.rewriteStatus;
                                 }
                             }
+                            // ── Cloudflare Workers dev mode ────────────────────────────
+                            // When @cloudflare/vite-plugin is present, ALL rendering runs
+                            // inside the miniflare Worker subprocess — both App Router (via
+                            // virtual:vinext-rsc-entry) and Pages Router (via
+                            // virtual:vinext-server-entry → renderPage/handleApiRoute).
+                            //
+                            // The Worker entry already handles config redirects, rewrites,
+                            // headers, and all routing internally. Running them here too
+                            // would duplicate that logic and produce incorrect behaviour
+                            // (double redirects, headers set on the wrong object, etc.).
+                            //
+                            // Middleware.ts is the only thing that belongs in the host connect
+                            // handler — it has already run above. Any terminal middleware
+                            // result (redirect, block response) has already been sent.
+                            // Any rewrite has been written back to req.url above so the
+                            // Cloudflare plugin's handler sees the correct path.
+                            //
+                            // Call next() to hand off to the Cloudflare plugin's connect
+                            // handler, which dispatches the request to miniflare.
+                            if (hasCloudflarePlugin)
+                                return next();
                             // Build request context once for has/missing condition checks
                             // across headers, redirects, and rewrites.
                             const reqUrl = new URL(url, `http://${req.headers.host || "localhost"}`);
@@ -3767,6 +3914,8 @@ function applyRewrites(pathname, rewrites, ctx) {
 }
 /**
  * Apply custom header rules from next.config.js.
+ * Middleware headers take precedence: if a header key was already set on the
+ * response (by middleware), the config value is skipped for that key.
  */
 function applyHeaders(pathname, res, headers, ctx) {
     const matched = matchHeaders(pathname, headers, ctx);
@@ -3799,7 +3948,11 @@ function applyHeaders(pathname, res, headers, ctx) {
             }
         }
         else {
-            res.setHeader(header.key, header.value);
+            // Middleware headers take precedence: skip config keys already set by
+            // middleware so middleware always wins over next.config.js headers.
+            if (!res.getHeader(lk)) {
+                res.setHeader(header.key, header.value);
+            }
         }
     }
 }
@@ -3854,4 +4007,5 @@ export { clientManualChunks, clientOutputConfig, clientTreeshakeConfig, computeL
 export { resolvePostcssStringPlugins as _resolvePostcssStringPlugins };
 export { parseStaticObjectLiteral as _parseStaticObjectLiteral };
 export { stripServerExports as _stripServerExports };
+export { asyncHooksStubPlugin as _asyncHooksStubPlugin };
 //# sourceMappingURL=index.js.map